You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@milagro.apache.org by br...@apache.org on 2019/01/15 15:19:06 UTC
[01/51] [partial] incubator-milagro-crypto git commit: update code
Repository: incubator-milagro-crypto
Updated Branches:
refs/heads/master 70e3a3a36 -> 1add75606
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/cpp/ff.cpp
----------------------------------------------------------------------
diff --git a/version3/cpp/ff.cpp b/version3/cpp/ff.cpp
deleted file mode 100644
index ff6f192..0000000
--- a/version3/cpp/ff.cpp
+++ /dev/null
@@ -1,1181 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL basic functions for Large Finite Field support */
-
-#include "ff_WWW.h"
-
-using namespace XXX;
-
-namespace WWW {
- static void FF_dsucopy(BIG x[],BIG y[],int);
- static void FF_dscopy(BIG x[],BIG y[],int);
- static void FF_sducopy(BIG x[],BIG y[],int);
- static void FF_shrw(BIG a[],int);
- static void FF_shlw(BIG a[],int);
- static void FF_radd(BIG z[],int,BIG x[],int,BIG y[],int,int);
- static void FF_rinc(BIG z[],int,BIG y[],int,int);
- static void FF_rdec(BIG z[],int,BIG y[],int,int);
- static void FF_rnorm(BIG z[],int,int);
- static void FF_cswap(BIG a[],BIG b[],int,int);
- static void FF_karmul(BIG z[],int,BIG x[],int,BIG y[],int,BIG t[],int,int);
- static void FF_karsqr(BIG z[],int,BIG x[],int,BIG t[],int,int);
- static void FF_karmul_lower(BIG z[],int,BIG x[],int,BIG y[],int,BIG t[],int,int);
- static void FF_karmul_upper(BIG z[],BIG x[],BIG y[],BIG t[],int);
- static void FF_lmul(BIG z[],BIG x[],BIG y[],int);
- static void FF_reduce(BIG r[],BIG T[],BIG N[],BIG ND[],int);
- static void FF_nres(BIG a[],BIG m[],int);
- static void FF_redc(BIG a[],BIG m[],BIG ND[],int);
- static void FF_invmod2m(BIG U[],BIG a[],int);
- static void FF_modmul(BIG z[],BIG x[],BIG y[],BIG p[],BIG ND[],int);
- static void FF_modsqr(BIG z[],BIG x[],BIG p[],BIG ND[],int);
-}
-
-/* Arazi and Qi inversion mod 256 */
-static int invmod256(int a)
-{
- int U,t1,t2,b,c;
- t1=0;
- c=(a>>1)&1;
- t1+=c;
- t1&=1;
- t1=2-t1;
- t1<<=1;
- U=t1+1;
-
-// i=2
- b=a&3;
- t1=U*b;
- t1>>=2;
- c=(a>>2)&3;
- t2=(U*c)&3;
- t1+=t2;
- t1*=U;
- t1&=3;
- t1=4-t1;
- t1<<=2;
- U+=t1;
-
-// i=4
- b=a&15;
- t1=U*b;
- t1>>=4;
- c=(a>>4)&15;
- t2=(U*c)&15;
- t1+=t2;
- t1*=U;
- t1&=15;
- t1=16-t1;
- t1<<=4;
- U+=t1;
-
- return U;
-}
-
-/* a=1/a mod 2^BIGBITS_XXX. This is very fast! */
-void XXX::BIG_invmod2m(BIG a)
-{
- int i;
- BIG U,t1,b,c;
- BIG_zero(U);
- BIG_inc(U,invmod256(BIG_lastbits(a,8)));
- for (i=8; i<BIGBITS_XXX; i<<=1)
- {
- BIG_norm(U);
- BIG_copy(b,a);
- BIG_mod2m(b,i); // bottom i bits of a
-
- BIG_smul(t1,U,b);
- BIG_shr(t1,i); // top i bits of U*b
-
- BIG_copy(c,a);
- BIG_shr(c,i);
- BIG_mod2m(c,i); // top i bits of a
-
- BIG_smul(b,U,c);
- BIG_mod2m(b,i); // bottom i bits of U*c
-
- BIG_add(t1,t1,b);
- BIG_norm(t1);
- BIG_smul(b,t1,U);
- BIG_copy(t1,b); // (t1+b)*U
- BIG_mod2m(t1,i); // bottom i bits of (t1+b)*U
-
- BIG_one(b);
- BIG_shl(b,i);
- BIG_sub(t1,b,t1);
- BIG_norm(t1);
-
- BIG_shl(t1,i);
-
- BIG_add(U,U,t1);
- }
- BIG_copy(a,U);
- BIG_norm(a);
- BIG_mod2m(a,BIGBITS_XXX);
-}
-
-/*
-void FF_rcopy(BIG x[],const BIG y[],int n)
-{
- int i;
- for (i=0;i<n;i++)
- BIG_rcopy(x[i],y[i]);
-}
-*/
-
-/* x=y */
-void WWW::FF_copy(BIG x[],BIG y[],int n)
-{
- int i;
- for (i=0; i<n; i++)
- BIG_copy(x[i],y[i]);
-}
-
-/* x=y<<n */
-static void WWW::FF_dsucopy(BIG x[],BIG y[],int n)
-{
- int i;
- for (i=0; i<n; i++)
- {
- BIG_copy(x[n+i],y[i]);
- BIG_zero(x[i]);
- }
-}
-
-/* x=y */
-static void WWW::FF_dscopy(BIG x[],BIG y[],int n)
-{
- int i;
- for (i=0; i<n; i++)
- {
- BIG_copy(x[i],y[i]);
- BIG_zero(x[n+i]);
- }
-}
-
-/* x=y>>n */
-static void WWW::FF_sducopy(BIG x[],BIG y[],int n)
-{
- int i;
- for (i=0; i<n; i++)
- BIG_copy(x[i],y[n+i]);
-}
-
-/* set to zero */
-void WWW::FF_zero(BIG x[],int n)
-{
- int i;
- for (i=0; i<n; i++)
- BIG_zero(x[i]);
-}
-
-/* test equals 0 */
-int WWW::FF_iszilch(BIG x[],int n)
-{
- int i;
- for (i=0; i<n; i++)
- if (!BIG_iszilch(x[i])) return 0;
- return 1;
-}
-
-/* shift right by BIGBITS_XXX-bit words */
-static void WWW::FF_shrw(BIG a[],int n)
-{
- int i;
- for (i=0; i<n; i++)
- {
- BIG_copy(a[i],a[i+n]);
- BIG_zero(a[i+n]);
- }
-}
-
-/* shift left by BIGBITS_XXX-bit words */
-static void WWW::FF_shlw(BIG a[],int n)
-{
- int i;
- for (i=0; i<n; i++)
- {
- BIG_copy(a[i+n],a[i]);
- BIG_zero(a[i]);
- }
-}
-
-/* extract last bit */
-int WWW::FF_parity(BIG x[])
-{
- return BIG_parity(x[0]);
-}
-
-/* extract last m bits */
-int WWW::FF_lastbits(BIG x[],int m)
-{
- return BIG_lastbits(x[0],m);
-}
-
-/* x=1 */
-void WWW::FF_one(BIG x[],int n)
-{
- int i;
- BIG_one(x[0]);
- for (i=1; i<n; i++)
- BIG_zero(x[i]);
-}
-
-/* x=m, where m is 32-bit int */
-void WWW::FF_init(BIG x[],sign32 m,int n)
-{
- int i;
- BIG_zero(x[0]);
-#if CHUNK<64
- x[0][0]=(chunk)(m&BMASK_XXX);
- x[0][1]=(chunk)(m>>BASEBITS_XXX);
-#else
- x[0][0]=(chunk)m;
-#endif
- for (i=1; i<n; i++)
- BIG_zero(x[i]);
-}
-
-/* compare x and y - must be normalised */
-int WWW::FF_comp(BIG x[],BIG y[],int n)
-{
- int i,j;
- for (i=n-1; i>=0; i--)
- {
- j=BIG_comp(x[i],y[i]);
- if (j!=0) return j;
- }
- return 0;
-}
-
-/* recursive add */
-static void WWW::FF_radd(BIG z[],int zp,BIG x[],int xp,BIG y[],int yp,int n)
-{
- int i;
- for (i=0; i<n; i++)
- BIG_add(z[zp+i],x[xp+i],y[yp+i]);
-}
-
-/* recursive inc */
-static void WWW::FF_rinc(BIG z[],int zp,BIG y[],int yp,int n)
-{
- int i;
- for (i=0; i<n; i++)
- BIG_add(z[zp+i],z[zp+i],y[yp+i]);
-}
-
-/* recursive sub */
-/*
-static void FF_rsub(BIG z[],int zp,BIG x[],int xp,BIG y[],int yp,int n)
-{
- int i;
- for (i=0;i<n;i++)
- BIG_sub(z[zp+i],x[xp+i],y[yp+i]);
-}
-*/
-
-/* recursive dec */
-static void WWW::FF_rdec(BIG z[],int zp,BIG y[],int yp,int n)
-{
- int i;
- for (i=0; i<n; i++)
- BIG_sub(z[zp+i],z[zp+i],y[yp+i]);
-}
-
-/* simple add */
-void WWW::FF_add(BIG z[],BIG x[],BIG y[],int n)
-{
- int i;
- for (i=0; i<n; i++)
- BIG_add(z[i],x[i],y[i]);
-}
-
-/* simple sub */
-void WWW::FF_sub(BIG z[],BIG x[],BIG y[],int n)
-{
- int i;
- for (i=0; i<n; i++)
- BIG_sub(z[i],x[i],y[i]);
-}
-
-/* increment/decrement by a small integer */
-void WWW::FF_inc(BIG x[],int m,int n)
-{
- BIG_inc(x[0],m);
- FF_norm(x,n);
-}
-
-void WWW::FF_dec(BIG x[],int m,int n)
-{
- BIG_dec(x[0],m);
- FF_norm(x,n);
-}
-
-/* normalise - but hold any overflow in top part unless n<0 */
-static void WWW::FF_rnorm(BIG z[],int zp,int n)
-{
- int i,trunc=0;
- chunk carry;
- if (n<0)
- {
- /* -v n signals to do truncation */
- n=-n;
- trunc=1;
- }
- for (i=0; i<n-1; i++)
- {
- carry=BIG_norm(z[zp+i]);
-
- z[zp+i][NLEN_XXX-1]^=carry<<P_TBITS_WWW; /* remove it */
- z[zp+i+1][0]+=carry;
- }
- carry=BIG_norm(z[zp+n-1]);
- if (trunc) z[zp+n-1][NLEN_XXX-1]^=carry<<P_TBITS_WWW;
-}
-
-void WWW::FF_norm(BIG z[],int n)
-{
- FF_rnorm(z,0,n);
-}
-
-/* shift left by one bit */
-void WWW::FF_shl(BIG x[],int n)
-{
- int i;
- int carry,delay_carry=0;
- for (i=0; i<n-1; i++)
- {
- carry=BIG_fshl(x[i],1);
- x[i][0]|=delay_carry;
- x[i][NLEN_XXX-1]^=(chunk)carry<<P_TBITS_WWW;
- delay_carry=carry;
- }
- BIG_fshl(x[n-1],1);
- x[n-1][0]|=delay_carry;
-}
-
-/* shift right by one bit */
-void WWW::FF_shr(BIG x[],int n)
-{
- int i;
- int carry;
- for (i=n-1; i>0; i--)
- {
- carry=BIG_fshr(x[i],1);
- x[i-1][NLEN_XXX-1]|=(chunk)carry<<P_TBITS_WWW;
- }
- BIG_fshr(x[0],1);
-}
-
-void WWW::FF_output(BIG x[],int n)
-{
- int i;
- FF_norm(x,n);
- for (i=n-1; i>=0; i--)
- {
- BIG_output(x[i]);
- printf(" ");
- }
-}
-
-void WWW::FF_rawoutput(BIG x[],int n)
-{
- int i;
- for (i=n-1; i>=0; i--)
- {
- BIG_rawoutput(x[i]);
- printf(" ");
- }
-}
-
-/* Convert FFs to/from octet strings */
-void WWW::FF_toOctet(octet *w,BIG x[],int n)
-{
- int i;
- w->len=n*MODBYTES_XXX;
- for (i=0; i<n; i++)
- {
- BIG_toBytes(&(w->val[(n-i-1)*MODBYTES_XXX]),x[i]);
- }
-}
-
-void WWW::FF_fromOctet(BIG x[],octet *w,int n)
-{
- int i;
- for (i=0; i<n; i++)
- {
- BIG_fromBytes(x[i],&(w->val[(n-i-1)*MODBYTES_XXX]));
- }
-}
-
-/* in-place swapping using xor - side channel resistant */
-static void WWW::FF_cswap(BIG a[],BIG b[],int d,int n)
-{
- int i;
- for (i=0; i<n; i++)
- BIG_cswap(a[i],b[i],d);
- return;
-}
-
-/* z=x*y, t is workspace */
-static void WWW::FF_karmul(BIG z[],int zp,BIG x[],int xp,BIG y[],int yp,BIG t[],int tp,int n)
-{
- int nd2;
- if (n==1)
- {
- BIG_norm(x[xp]);
- BIG_norm(y[yp]);
- BIG_mul(t[tp],x[xp],y[yp]);
- BIG_split(z[zp+1],z[zp],t[tp],BIGBITS_XXX);
- return;
- }
-
- nd2=n/2;
- FF_radd(z,zp,x,xp,x,xp+nd2,nd2);
- FF_rnorm(z,zp,nd2); /* needs this if recursion level too deep */
-
- FF_radd(z,zp+nd2,y,yp,y,yp+nd2,nd2);
- FF_rnorm(z,zp+nd2,nd2);
- FF_karmul(t,tp,z,zp,z,zp+nd2,t,tp+n,nd2);
- FF_karmul(z,zp,x,xp,y,yp,t,tp+n,nd2);
- FF_karmul(z,zp+n,x,xp+nd2,y,yp+nd2,t,tp+n,nd2);
- FF_rdec(t,tp,z,zp,n);
- FF_rdec(t,tp,z,zp+n,n);
- FF_rinc(z,zp+nd2,t,tp,n);
- FF_rnorm(z,zp,2*n);
-}
-
-static void WWW::FF_karsqr(BIG z[],int zp,BIG x[],int xp,BIG t[],int tp,int n)
-{
- int nd2;
- if (n==1)
- {
- BIG_norm(x[xp]);
- BIG_sqr(t[tp],x[xp]);
- BIG_split(z[zp+1],z[zp],t[tp],BIGBITS_XXX);
- return;
- }
- nd2=n/2;
- FF_karsqr(z,zp,x,xp,t,tp+n,nd2);
- FF_karsqr(z,zp+n,x,xp+nd2,t,tp+n,nd2);
- FF_karmul(t,tp,x,xp,x,xp+nd2,t,tp+n,nd2);
- FF_rinc(z,zp+nd2,t,tp,n);
- FF_rinc(z,zp+nd2,t,tp,n);
-
- FF_rnorm(z,zp+nd2,n); /* was FF_rnorm(z,zp,2*n) */
-}
-
-static void WWW::FF_karmul_lower(BIG z[],int zp,BIG x[],int xp,BIG y[],int yp,BIG t[],int tp,int n)
-{
- /* Calculates Least Significant bottom half of x*y */
- int nd2;
- if (n==1)
- {
- /* only calculate bottom half of product */
- BIG_norm(x[xp]);
- BIG_norm(y[yp]);
- BIG_smul(z[zp],x[xp],y[yp]);
- return;
- }
- nd2=n/2;
- FF_karmul(z,zp,x,xp,y,yp,t,tp+n,nd2);
- FF_karmul_lower(t,tp,x,xp+nd2,y,yp,t,tp+n,nd2);
- FF_rinc(z,zp+nd2,t,tp,nd2);
- FF_karmul_lower(t,tp,x,xp,y,yp+nd2,t,tp+n,nd2);
- FF_rinc(z,zp+nd2,t,tp,nd2);
- FF_rnorm(z,zp+nd2,-nd2); /* truncate it */
-}
-
-static void WWW::FF_karmul_upper(BIG z[],BIG x[],BIG y[],BIG t[],int n)
-{
- /* Calculates Most Significant upper half of x*y, given lower part */
- int nd2;
-
- nd2=n/2;
- FF_radd(z,n,x,0,x,nd2,nd2);
- FF_radd(z,n+nd2,y,0,y,nd2,nd2);
- FF_rnorm(z,n,nd2);
- FF_rnorm(z,n+nd2,nd2);
-
- FF_karmul(t,0,z,n+nd2,z,n,t,n,nd2); /* t = (a0+a1)(b0+b1) */
- FF_karmul(z,n,x,nd2,y,nd2,t,n,nd2); /* z[n]= a1*b1 */
- /* z[0-nd2]=l(a0b0) z[nd2-n]= h(a0b0)+l(t)-l(a0b0)-l(a1b1) */
- FF_rdec(t,0,z,n,n); /* t=t-a1b1 */
- FF_rinc(z,nd2,z,0,nd2); /* z[nd2-n]+=l(a0b0) = h(a0b0)+l(t)-l(a1b1) */
- FF_rdec(z,nd2,t,0,nd2); /* z[nd2-n]=h(a0b0)+l(t)-l(a1b1)-l(t-a1b1)=h(a0b0) */
- FF_rnorm(z,0,-n); /* a0b0 now in z - truncate it */
- FF_rdec(t,0,z,0,n); /* (a0+a1)(b0+b1) - a0b0 */
- FF_rinc(z,nd2,t,0,n);
-
- FF_rnorm(z,nd2,n);
-}
-
-/* z=x*y */
-void WWW::FF_mul(BIG z[],BIG x[],BIG y[],int n)
-{
-#ifndef C99
- BIG t[2*FFLEN_WWW];
-#else
- BIG t[2*n];
-#endif
-// FF_norm(x,n); /* change here */
-// FF_norm(y,n); /* change here */
- FF_karmul(z,0,x,0,y,0,t,0,n);
-}
-
-/* return low part of product */
-static void WWW::FF_lmul(BIG z[],BIG x[],BIG y[],int n)
-{
-#ifndef C99
- BIG t[2*FFLEN_WWW];
-#else
- BIG t[2*n];
-#endif
-// FF_norm(x,n); /* change here */
-// FF_norm(y,n); /* change here */
- FF_karmul_lower(z,0,x,0,y,0,t,0,n);
-}
-
-/* Set b=b mod c */
-void WWW::FF_mod(BIG b[],BIG c[],int n)
-{
- int k=0;
-
- FF_norm(b,n);
- if (FF_comp(b,c,n)<0)
- return;
- do
- {
- FF_shl(c,n);
- k++;
- }
- while (FF_comp(b,c,n)>=0);
-
- while (k>0)
- {
- FF_shr(c,n);
- if (FF_comp(b,c,n)>=0)
- {
- FF_sub(b,b,c,n);
- FF_norm(b,n);
- }
- k--;
- }
-}
-
-/* z=x^2 */
-void WWW::FF_sqr(BIG z[],BIG x[],int n)
-{
-#ifndef C99
- BIG t[2*FFLEN_WWW];
-#else
- BIG t[2*n];
-#endif
-// FF_norm(x,n); /* change here */
- FF_karsqr(z,0,x,0,t,0,n);
-}
-
-/* r=t mod modulus, N is modulus, ND is Montgomery Constant */
-static void WWW::FF_reduce(BIG r[],BIG T[],BIG N[],BIG ND[],int n)
-{
- /* fast karatsuba Montgomery reduction */
-#ifndef C99
- BIG t[2*FFLEN_WWW];
- BIG m[FFLEN_WWW];
-#else
- BIG t[2*n];
- BIG m[n];
-#endif
- WWW::FF_sducopy(r,T,n); /* keep top half of T */
- //FF_norm(T,n); /* change here */
- FF_karmul_lower(m,0,T,0,ND,0,t,0,n); /* m=T.(1/N) mod R */
-
- //FF_norm(N,n); /* change here */
- FF_karmul_upper(T,N,m,t,n); /* T=mN */
- FF_sducopy(m,T,n);
-
- FF_add(r,r,N,n);
- FF_sub(r,r,m,n);
- FF_norm(r,n);
-}
-
-
-/* Set r=a mod b */
-/* a is of length - 2*n */
-/* r,b is of length - n */
-void WWW::FF_dmod(BIG r[],BIG a[],BIG b[],int n)
-{
- int k;
-#ifndef C99
- BIG m[2*FFLEN_WWW];
- BIG x[2*FFLEN_WWW];
-#else
- BIG m[2*n];
- BIG x[2*n];
-#endif
- FF_copy(x,a,2*n);
- FF_norm(x,2*n);
- FF_dsucopy(m,b,n);
- k=BIGBITS_XXX*n;
-
- while (FF_comp(x,m,2*n)>=0)
- {
- FF_sub(x,x,m,2*n);
- FF_norm(x,2*n);
- }
-
- while (k>0)
- {
- FF_shr(m,2*n);
-
- if (FF_comp(x,m,2*n)>=0)
- {
- FF_sub(x,x,m,2*n);
- FF_norm(x,2*n);
- }
-
- k--;
- }
- FF_copy(r,x,n);
- FF_mod(r,b,n);
-}
-
-/* Set r=1/a mod p. Binary method - a<p on entry */
-
-void WWW::FF_invmodp(BIG r[],BIG a[],BIG p[],int n)
-{
-#ifndef C99
- BIG u[FFLEN_WWW],v[FFLEN_WWW],x1[FFLEN_WWW],x2[FFLEN_WWW],t[FFLEN_WWW],one[FFLEN_WWW];
-#else
- BIG u[n],v[n],x1[n],x2[n],t[n],one[n];
-#endif
- FF_copy(u,a,n);
- FF_copy(v,p,n);
- FF_one(one,n);
- FF_copy(x1,one,n);
- FF_zero(x2,n);
-
-// reduce n in here as well!
- while (FF_comp(u,one,n)!=0 && FF_comp(v,one,n)!=0)
- {
- while (FF_parity(u)==0)
- {
- FF_shr(u,n);
- if (FF_parity(x1)!=0)
- {
- FF_add(x1,p,x1,n);
- FF_norm(x1,n);
- }
- FF_shr(x1,n);
- }
- while (FF_parity(v)==0)
- {
- FF_shr(v,n);
- if (FF_parity(x2)!=0)
- {
- FF_add(x2,p,x2,n);
- FF_norm(x2,n);
- }
- FF_shr(x2,n);
- }
- if (FF_comp(u,v,n)>=0)
- {
-
- FF_sub(u,u,v,n);
- FF_norm(u,n);
- if (FF_comp(x1,x2,n)>=0) FF_sub(x1,x1,x2,n);
- else
- {
- FF_sub(t,p,x2,n);
- FF_add(x1,x1,t,n);
- }
- FF_norm(x1,n);
- }
- else
- {
- FF_sub(v,v,u,n);
- FF_norm(v,n);
- if (FF_comp(x2,x1,n)>=0) FF_sub(x2,x2,x1,n);
- else
- {
- FF_sub(t,p,x1,n);
- FF_add(x2,x2,t,n);
- }
- FF_norm(x2,n);
- }
- }
- if (FF_comp(u,one,n)==0)
- FF_copy(r,x1,n);
- else
- FF_copy(r,x2,n);
-}
-
-/* nesidue mod m */
-static void WWW::FF_nres(BIG a[],BIG m[],int n)
-{
-#ifndef C99
- BIG d[2*FFLEN_WWW];
-#else
- BIG d[2*n];
-#endif
- if (n==1)
- {
- BIG_dscopy(d[0],a[0]);
- BIG_dshl(d[0],NLEN_XXX*BASEBITS_XXX);
- BIG_dmod(a[0],d[0],m[0]);
- }
- else
- {
- FF_dsucopy(d,a,n);
- FF_dmod(a,d,m,n);
- }
-}
-
-static void WWW::FF_redc(BIG a[],BIG m[],BIG ND[],int n)
-{
-#ifndef C99
- BIG d[2*FFLEN_WWW];
-#else
- BIG d[2*n];
-#endif
- if (n==1)
- {
- BIG_dzero(d[0]);
- BIG_dscopy(d[0],a[0]);
- BIG_monty(a[0],m[0],((chunk)1<<BASEBITS_XXX)-ND[0][0],d[0]);
- }
- else
- {
- FF_mod(a,m,n);
- FF_dscopy(d,a,n);
- FF_reduce(a,d,m,ND,n);
- FF_mod(a,m,n);
- }
-}
-
-/* U=1/a mod 2^m - Arazi & Qi */
-static void WWW::FF_invmod2m(BIG U[],BIG a[],int n)
-{
- int i;
-#ifndef C99
- BIG t1[FFLEN_WWW],b[FFLEN_WWW],c[FFLEN_WWW];
-#else
- BIG t1[2*n],b[n],c[n];
-#endif
-
- FF_zero(U,n);
- FF_zero(b,n);
- FF_zero(c,n);
- FF_zero(t1,2*n);
-
- BIG_copy(U[0],a[0]);
- BIG_invmod2m(U[0]);
- for (i=1; i<n; i<<=1)
- {
- FF_copy(b,a,i);
- FF_mul(t1,U,b,i);
- FF_shrw(t1,i); // top half to bottom half, top half=0
-
- FF_copy(c,a,2*i);
- FF_shrw(c,i); // top half of c
- FF_lmul(b,U,c,i); // should set top half of b=0
- FF_add(t1,t1,b,i);
- FF_norm(t1,2*i);
- FF_lmul(b,t1,U,i);
- FF_copy(t1,b,i);
- FF_one(b,i);
- FF_shlw(b,i);
- FF_sub(t1,b,t1,2*i);
- FF_norm(t1,2*i);
- FF_shlw(t1,i);
- FF_add(U,U,t1,2*i);
- }
-
- FF_norm(U,n);
-}
-
-void WWW::FF_random(BIG x[],csprng *rng,int n)
-{
- int i;
- for (i=0; i<n; i++)
- {
- BIG_random(x[i],rng);
- }
- /* make sure top bit is 1 */
- while (BIG_nbits(x[n-1])<MODBYTES_XXX*8) BIG_random(x[n-1],rng);
-}
-
-/* generate random x mod p */
-void WWW::FF_randomnum(BIG x[],BIG p[],csprng *rng,int n)
-{
- int i;
-#ifndef C99
- BIG d[2*FFLEN_WWW];
-#else
- BIG d[2*n];
-#endif
- for (i=0; i<2*n; i++)
- {
- BIG_random(d[i],rng);
- }
- FF_dmod(x,d,p,n);
-}
-
-static void WWW::FF_modmul(BIG z[],BIG x[],BIG y[],BIG p[],BIG ND[],int n)
-{
-#ifndef C99
- BIG d[2*FFLEN_WWW];
-#else
- BIG d[2*n];
-#endif
- chunk ex=P_EXCESS_WWW(x[n-1]);
- chunk ey=P_EXCESS_WWW(y[n-1]);
-#ifdef dchunk
- if ((dchunk)(ex+1)*(ey+1)>(dchunk)P_FEXCESS_WWW)
-#else
- if ((ex+1)>P_FEXCESS_WWW/(ey+1))
-#endif
- {
-#ifdef DEBUG_REDUCE
- printf("Product too large - reducing it %d %d\n",ex,ey);
-#endif
- FF_mod(x,p,n);
- }
-
- if (n==1)
- {
- BIG_mul(d[0],x[0],y[0]);
- BIG_monty(z[0],p[0],((chunk)1<<BASEBITS_XXX)-ND[0][0],d[0]);
- }
- else
- {
- FF_mul(d,x,y,n);
- FF_reduce(z,d,p,ND,n);
- }
-}
-
-static void WWW::FF_modsqr(BIG z[],BIG x[],BIG p[],BIG ND[],int n)
-{
-#ifndef C99
- BIG d[2*FFLEN_WWW];
-#else
- BIG d[2*n];
-#endif
- chunk ex=P_EXCESS_WWW(x[n-1]);
-#ifdef dchunk
- if ((dchunk)(ex+1)*(ex+1)>(dchunk)P_FEXCESS_WWW)
-#else
- if ((ex+1)>P_FEXCESS_WWW/(ex+1))
-#endif
- {
-#ifdef DEBUG_REDUCE
- printf("Product too large - reducing it %d\n",ex);
-#endif
- FF_mod(x,p,n);
- }
- if (n==1)
- {
- BIG_sqr(d[0],x[0]);
- BIG_monty(z[0],p[0],((chunk)1<<BASEBITS_XXX)-ND[0][0],d[0]);
- }
- else
- {
- FF_sqr(d,x,n);
- FF_reduce(z,d,p,ND,n);
- }
-}
-
-/* r=x^e mod p using side-channel resistant Montgomery Ladder, for large e */
-void WWW::FF_skpow(BIG r[],BIG x[],BIG e[],BIG p[],int n)
-{
- int i,b;
-#ifndef C99
- BIG R0[FFLEN_WWW],R1[FFLEN_WWW],ND[FFLEN_WWW];
-#else
- BIG R0[n],R1[n],ND[n];
-#endif
- FF_invmod2m(ND,p,n);
-
- FF_one(R0,n);
- FF_copy(R1,x,n);
- FF_nres(R0,p,n);
- FF_nres(R1,p,n);
-
- for (i=8*MODBYTES_XXX*n-1; i>=0; i--)
- {
- b=BIG_bit(e[i/BIGBITS_XXX],i%BIGBITS_XXX);
- FF_modmul(r,R0,R1,p,ND,n);
-
- FF_cswap(R0,R1,b,n);
- FF_modsqr(R0,R0,p,ND,n);
-
- FF_copy(R1,r,n);
- FF_cswap(R0,R1,b,n);
- }
- FF_copy(r,R0,n);
- FF_redc(r,p,ND,n);
-}
-
-/* r=x^e mod p using side-channel resistant Montgomery Ladder, for short e */
-void WWW::FF_skspow(BIG r[],BIG x[],BIG e,BIG p[],int n)
-{
- int i,b;
-#ifndef C99
- BIG R0[FFLEN_WWW],R1[FFLEN_WWW],ND[FFLEN_WWW];
-#else
- BIG R0[n],R1[n],ND[n];
-#endif
- FF_invmod2m(ND,p,n);
- FF_one(R0,n);
- FF_copy(R1,x,n);
- FF_nres(R0,p,n);
- FF_nres(R1,p,n);
- for (i=8*MODBYTES_XXX-1; i>=0; i--)
- {
- b=BIG_bit(e,i);
- FF_modmul(r,R0,R1,p,ND,n);
- FF_cswap(R0,R1,b,n);
- FF_modsqr(R0,R0,p,ND,n);
- FF_copy(R1,r,n);
- FF_cswap(R0,R1,b,n);
- }
- FF_copy(r,R0,n);
- FF_redc(r,p,ND,n);
-}
-
-/* raise to an integer power - right-to-left method */
-void WWW::FF_power(BIG r[],BIG x[],int e,BIG p[],int n)
-{
- int f=1;
-#ifndef C99
- BIG w[FFLEN_WWW],ND[FFLEN_WWW];
-#else
- BIG w[n],ND[n];
-#endif
- FF_invmod2m(ND,p,n);
-
- FF_copy(w,x,n);
- FF_nres(w,p,n);
-
- if (e==2)
- {
- FF_modsqr(r,w,p,ND,n);
- }
- else for (;;)
- {
- if (e%2==1)
- {
- if (f) FF_copy(r,w,n);
- else FF_modmul(r,r,w,p,ND,n);
- f=0;
- }
- e>>=1;
- if (e==0) break;
- FF_modsqr(w,w,p,ND,n);
- }
-
- FF_redc(r,p,ND,n);
-}
-
-/* r=x^e mod p, faster but not side channel resistant */
-void WWW::FF_pow(BIG r[],BIG x[],BIG e[],BIG p[],int n)
-{
- int i,b;
-#ifndef C99
- BIG w[FFLEN_WWW],ND[FFLEN_WWW];
-#else
- BIG w[n],ND[n];
-#endif
- FF_invmod2m(ND,p,n);
-
- FF_copy(w,x,n);
- FF_one(r,n);
- FF_nres(r,p,n);
- FF_nres(w,p,n);
-
- for (i=8*MODBYTES_XXX*n-1; i>=0; i--)
- {
- FF_modsqr(r,r,p,ND,n);
- b=BIG_bit(e[i/BIGBITS_XXX],i%BIGBITS_XXX);
- if (b==1) FF_modmul(r,r,w,p,ND,n);
- }
- FF_redc(r,p,ND,n);
-}
-
-/* double exponentiation r=x^e.y^f mod p */
-void WWW::FF_pow2(BIG r[],BIG x[],BIG e,BIG y[],BIG f,BIG p[],int n)
-{
- int i,eb,fb;
-#ifndef C99
- BIG xn[FFLEN_WWW],yn[FFLEN_WWW],xy[FFLEN_WWW],ND[FFLEN_WWW];
-#else
- BIG xn[n],yn[n],xy[n],ND[n];
-#endif
-
- FF_invmod2m(ND,p,n);
-
- FF_copy(xn,x,n);
- FF_copy(yn,y,n);
- FF_nres(xn,p,n);
- FF_nres(yn,p,n);
- FF_modmul(xy,xn,yn,p,ND,n);
- FF_one(r,n);
- FF_nres(r,p,n);
-
- for (i=8*MODBYTES_XXX-1; i>=0; i--)
- {
- eb=BIG_bit(e,i);
- fb=BIG_bit(f,i);
- FF_modsqr(r,r,p,ND,n);
- if (eb==1)
- {
- if (fb==1) FF_modmul(r,r,xy,p,ND,n);
- else FF_modmul(r,r,xn,p,ND,n);
- }
- else
- {
- if (fb==1) FF_modmul(r,r,yn,p,ND,n);
- }
- }
- FF_redc(r,p,ND,n);
-}
-
-static sign32 igcd(sign32 x,sign32 y)
-{
- /* integer GCD, returns GCD of x and y */
- sign32 r;
- if (y==0) return x;
- while ((r=x%y)!=0)
- x=y,y=r;
- return y;
-}
-
-/* quick and dirty check for common factor with s */
-int WWW::FF_cfactor(BIG w[],sign32 s,int n)
-{
- int r;
- sign32 g;
-#ifndef C99
- BIG x[FFLEN_WWW],y[FFLEN_WWW];
-#else
- BIG x[n],y[n];
-#endif
- FF_init(y,s,n);
- FF_copy(x,w,n);
- FF_norm(x,n);
-
-// if (FF_parity(x)==0) return 1;
- do
- {
- FF_sub(x,x,y,n);
- FF_norm(x,n);
- while (!FF_iszilch(x,n) && FF_parity(x)==0) FF_shr(x,n);
- }
- while (FF_comp(x,y,n)>0);
-#if CHUNK<32
- g=x[0][0]+((sign32)(x[0][1])<<BASEBITS_XXX);
-#else
- g=(sign32)x[0][0];
-#endif
- r=igcd(s,g);
- if (r>1) return 1;
- return 0;
-}
-
-/* Miller-Rabin test for primality. Slow. */
-int WWW::FF_prime(BIG p[],csprng *rng,int n)
-{
- int i,j,loop,s=0;
-#ifndef C99
- BIG d[FFLEN_WWW],x[FFLEN_WWW],unity[FFLEN_WWW],nm1[FFLEN_WWW];
-#else
- BIG d[n],x[n],unity[n],nm1[n];
-#endif
- sign32 sf=4849845;/* 3*5*.. *19 */
-
- FF_norm(p,n);
-
- if (FF_cfactor(p,sf,n)) return 0;
-
- FF_one(unity,n);
- FF_sub(nm1,p,unity,n);
- FF_norm(nm1,n);
- FF_copy(d,nm1,n);
- while (FF_parity(d)==0)
- {
- FF_shr(d,n);
- s++;
- }
- if (s==0) return 0;
-
- for (i=0; i<10; i++)
- {
- FF_randomnum(x,p,rng,n);
- FF_pow(x,x,d,p,n);
- if (FF_comp(x,unity,n)==0 || FF_comp(x,nm1,n)==0) continue;
- loop=0;
- for (j=1; j<s; j++)
- {
- FF_power(x,x,2,p,n);
- if (FF_comp(x,unity,n)==0) return 0;
- if (FF_comp(x,nm1,n)==0 )
- {
- loop=1;
- break;
- }
- }
- if (loop) continue;
- return 0;
- }
-
- return 1;
-}
-
-/*
-BIG P[4]= {{0x1670957,0x1568CD3C,0x2595E5,0xEED4F38,0x1FC9A971,0x14EF7E62,0xA503883,0x9E1E05E,0xBF59E3},{0x1844C908,0x1B44A798,0x3A0B1E7,0xD1B5B4E,0x1836046F,0x87E94F9,0x1D34C537,0xF7183B0,0x46D07},{0x17813331,0x19E28A90,0x1473A4D6,0x1CACD01F,0x1EEA8838,0xAF2AE29,0x1F85292A,0x1632585E,0xD945E5},{0x919F5EF,0x1567B39F,0x19F6AD11,0x16CE47CF,0x9B36EB1,0x35B7D3,0x483B28C,0xCBEFA27,0xB5FC21}};
-
-int main()
-{
- int i;
- BIG p[4],e[4],x[4],r[4];
- csprng rng;
- char raw[100];
- for (i=0;i<100;i++) raw[i]=i;
- RAND_seed(&rng,100,raw);
-
-
- FF_init(x,3,4);
-
- FF_copy(p,P,4);
- FF_copy(e,p,4);
- FF_dec(e,1,4);
- FF_norm(e,4);
-
-
-
- printf("p= ");FF_output(p,4); printf("\n");
- if (FF_prime(p,&rng,4)) printf("p is a prime\n");
- printf("e= ");FF_output(e,4); printf("\n");
-
- FF_skpow(r,x,e,p,4);
- printf("r= ");FF_output(r,4); printf("\n");
-}
-
-*/
[16/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/ecp4.c
----------------------------------------------------------------------
diff --git a/version3/c/ecp4.c b/version3/c/ecp4.c
deleted file mode 100644
index 1208812..0000000
--- a/version3/c/ecp4.c
+++ /dev/null
@@ -1,1068 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL Weierstrass elliptic curve functions over FP2 */
-
-#include "ecp4_ZZZ.h"
-
-int ECP4_ZZZ_isinf(ECP4_ZZZ *P)
-{
-// if (P->inf) return 1;
- return (FP4_YYY_iszilch(&(P->x)) & FP4_YYY_iszilch(&(P->z)));
-}
-
-/* Set P=Q */
-void ECP4_ZZZ_copy(ECP4_ZZZ *P,ECP4_ZZZ *Q)
-{
-// P->inf=Q->inf;
- FP4_YYY_copy(&(P->x),&(Q->x));
- FP4_YYY_copy(&(P->y),&(Q->y));
- FP4_YYY_copy(&(P->z),&(Q->z));
-}
-
-/* set P to Infinity */
-void ECP4_ZZZ_inf(ECP4_ZZZ *P)
-{
-// P->inf=1;
- FP4_YYY_zero(&(P->x));
- FP4_YYY_one(&(P->y));
- FP4_YYY_zero(&(P->z));
-}
-
-/* Conditional move Q to P dependant on d */
-static void ECP4_ZZZ_cmove(ECP4_ZZZ *P,ECP4_ZZZ *Q,int d)
-{
- FP4_YYY_cmove(&(P->x),&(Q->x),d);
- FP4_YYY_cmove(&(P->y),&(Q->y),d);
- FP4_YYY_cmove(&(P->z),&(Q->z),d);
-// d=~(d-1);
-// P->inf^=(P->inf^Q->inf)&d;
-}
-
-/* return 1 if b==c, no branching */
-static int teq(sign32 b,sign32 c)
-{
- sign32 x=b^c;
- x-=1; // if x=0, x now -1
- return (int)((x>>31)&1);
-}
-
-/* Constant time select from pre-computed table */
-static void ECP4_ZZZ_select(ECP4_ZZZ *P,ECP4_ZZZ W[],sign32 b)
-{
- ECP4_ZZZ MP;
- sign32 m=b>>31;
- sign32 babs=(b^m)-m;
-
- babs=(babs-1)/2;
-
- ECP4_ZZZ_cmove(P,&W[0],teq(babs,0)); // conditional move
- ECP4_ZZZ_cmove(P,&W[1],teq(babs,1));
- ECP4_ZZZ_cmove(P,&W[2],teq(babs,2));
- ECP4_ZZZ_cmove(P,&W[3],teq(babs,3));
- ECP4_ZZZ_cmove(P,&W[4],teq(babs,4));
- ECP4_ZZZ_cmove(P,&W[5],teq(babs,5));
- ECP4_ZZZ_cmove(P,&W[6],teq(babs,6));
- ECP4_ZZZ_cmove(P,&W[7],teq(babs,7));
-
- ECP4_ZZZ_copy(&MP,P);
- ECP4_ZZZ_neg(&MP); // minus P
- ECP4_ZZZ_cmove(P,&MP,(int)(m&1));
-}
-
-/* Make P affine (so z=1) */
-void ECP4_ZZZ_affine(ECP4_ZZZ *P)
-{
- FP4_YYY one,iz;
- if (ECP4_ZZZ_isinf(P)) return;
-
- FP4_YYY_one(&one);
- if (FP4_YYY_isunity(&(P->z)))
- {
- FP4_YYY_reduce(&(P->x));
- FP4_YYY_reduce(&(P->y));
- return;
- }
-
- FP4_YYY_inv(&iz,&(P->z));
- FP4_YYY_mul(&(P->x),&(P->x),&iz);
- FP4_YYY_mul(&(P->y),&(P->y),&iz);
-
- FP4_YYY_reduce(&(P->x));
- FP4_YYY_reduce(&(P->y));
- FP4_YYY_copy(&(P->z),&one);
-}
-
-/* return 1 if P==Q, else 0 */
-/* SU= 312 */
-int ECP4_ZZZ_equals(ECP4_ZZZ *P,ECP4_ZZZ *Q)
-{
- FP4_YYY a,b;
-// if (ECP4_ZZZ_isinf(P) && ECP4_ZZZ_isinf(Q)) return 1;
-// if (ECP4_ZZZ_isinf(P) || ECP4_ZZZ_isinf(Q)) return 0;
-
- FP4_YYY_mul(&a,&(P->x),&(Q->z));
- FP4_YYY_mul(&b,&(Q->x),&(P->z));
- if (!FP4_YYY_equals(&a,&b)) return 0;
-
- FP4_YYY_mul(&a,&(P->y),&(Q->z));
- FP4_YYY_mul(&b,&(Q->y),&(P->z));
- if (!FP4_YYY_equals(&a,&b)) return 0;
- return 1;
-
-}
-
-/* extract x, y from point P */
-int ECP4_ZZZ_get(FP4_YYY *x,FP4_YYY *y,ECP4_ZZZ *P)
-{
- ECP4_ZZZ W;
- ECP4_ZZZ_copy(&W,P);
- ECP4_ZZZ_affine(&W);
- if (ECP4_ZZZ_isinf(&W)) return -1;
- //ECP4_ZZZ_affine(P);
- FP4_YYY_copy(y,&(W.y));
- FP4_YYY_copy(x,&(W.x));
- return 0;
-}
-
-/* Output point P */
-void ECP4_ZZZ_output(ECP4_ZZZ *P)
-{
- FP4_YYY x,y;
- if (ECP4_ZZZ_isinf(P))
- {
- printf("Infinity\n");
- return;
- }
- ECP4_ZZZ_get(&x,&y,P);
- printf("(");
- FP4_YYY_output(&x);
- printf(",");
- FP4_YYY_output(&y);
- printf(")\n");
-}
-
-/* Convert Q to octet string */
-void ECP4_ZZZ_toOctet(octet *W,ECP4_ZZZ *Q)
-{
- BIG_XXX b;
- FP4_YYY qx,qy;
- FP2_YYY pa,pb;
-
- ECP4_ZZZ_get(&qx,&qy,Q);
-
- FP2_YYY_copy(&pa,&(qx.a));
- FP2_YYY_copy(&pb,&(qx.b));
-
- FP_YYY_redc(b,&(pa.a));
- BIG_XXX_toBytes(&(W->val[0]),b);
- FP_YYY_redc(b,&(pa.b));
- BIG_XXX_toBytes(&(W->val[MODBYTES_XXX]),b);
- FP_YYY_redc(b,&(pb.a));
- BIG_XXX_toBytes(&(W->val[2*MODBYTES_XXX]),b);
- FP_YYY_redc(b,&(pb.b));
- BIG_XXX_toBytes(&(W->val[3*MODBYTES_XXX]),b);
-
- FP2_YYY_copy(&pa,&(qy.a));
- FP2_YYY_copy(&pb,&(qy.b));
-
- FP_YYY_redc(b,&(pa.a));
- BIG_XXX_toBytes(&(W->val[4*MODBYTES_XXX]),b);
- FP_YYY_redc(b,&(pa.b));
- BIG_XXX_toBytes(&(W->val[5*MODBYTES_XXX]),b);
- FP_YYY_redc(b,&(pb.a));
- BIG_XXX_toBytes(&(W->val[6*MODBYTES_XXX]),b);
- FP_YYY_redc(b,&(pb.b));
- BIG_XXX_toBytes(&(W->val[7*MODBYTES_XXX]),b);
-
- W->len=8*MODBYTES_XXX;
-}
-
-/* restore Q from octet string */
-int ECP4_ZZZ_fromOctet(ECP4_ZZZ *Q,octet *W)
-{
- BIG_XXX b;
- FP4_YYY qx,qy;
- FP2_YYY pa,pb;
-
- BIG_XXX_fromBytes(b,&(W->val[0]));
- FP_YYY_nres(&(pa.a),b);
- BIG_XXX_fromBytes(b,&(W->val[MODBYTES_XXX]));
- FP_YYY_nres(&(pa.b),b);
- BIG_XXX_fromBytes(b,&(W->val[2*MODBYTES_XXX]));
- FP_YYY_nres(&(pb.a),b);
- BIG_XXX_fromBytes(b,&(W->val[3*MODBYTES_XXX]));
- FP_YYY_nres(&(pb.b),b);
-
- FP2_YYY_copy(&(qx.a),&pa);
- FP2_YYY_copy(&(qx.b),&pb);
-
- BIG_XXX_fromBytes(b,&(W->val[4*MODBYTES_XXX]));
- FP_YYY_nres(&(pa.a),b);
- BIG_XXX_fromBytes(b,&(W->val[5*MODBYTES_XXX]));
- FP_YYY_nres(&(pa.b),b);
- BIG_XXX_fromBytes(b,&(W->val[6*MODBYTES_XXX]));
- FP_YYY_nres(&(pb.a),b);
- BIG_XXX_fromBytes(b,&(W->val[7*MODBYTES_XXX]));
- FP_YYY_nres(&(pb.b),b);
-
- FP2_YYY_copy(&(qy.a),&pa);
- FP2_YYY_copy(&(qy.b),&pb);
-
-
- if (ECP4_ZZZ_set(Q,&qx,&qy)) return 1;
- return 0;
-}
-
-/* Calculate RHS of twisted curve equation x^3+B/i or x^3+Bi*/
-void ECP4_ZZZ_rhs(FP4_YYY *rhs,FP4_YYY *x)
-{
- /* calculate RHS of elliptic curve equation */
- FP4_YYY t;
- FP2_YYY t2;
- BIG_XXX b;
- FP4_YYY_sqr(&t,x);
-
- FP4_YYY_mul(rhs,&t,x);
-
- /* Assuming CURVE_A=0 */
-
- BIG_XXX_rcopy(b,CURVE_B_ZZZ);
-
- FP2_YYY_from_BIG(&t2,b);
- FP4_YYY_from_FP2(&t,&t2);
-
-#if SEXTIC_TWIST_ZZZ == D_TYPE
- FP4_YYY_div_i(&t); /* IMPORTANT - here we use the correct SEXTIC twist of the curve */
-#endif
-
-#if SEXTIC_TWIST_ZZZ == M_TYPE
- FP4_YYY_times_i(&t); /* IMPORTANT - here we use the correct SEXTIC twist of the curve */
-#endif
-
- FP4_YYY_add(rhs,&t,rhs);
- FP4_YYY_reduce(rhs);
-}
-
-/* Set P=(x,y). Return 1 if (x,y) is on the curve, else return 0*/
-/* SU= 232 */
-int ECP4_ZZZ_set(ECP4_ZZZ *P,FP4_YYY *x,FP4_YYY *y)
-{
- FP4_YYY rhs,y2;
-
- FP4_YYY_sqr(&y2,y);
- ECP4_ZZZ_rhs(&rhs,x);
-
-//cout << "y2= ";
-//FP4_YYY_output(&y2);
-//cout << endl;
-//cout << "rhs= ";
-//FP4_YYY_output(&rhs);
-//cout << endl;
-
- if (!FP4_YYY_equals(&y2,&rhs))
- {
- ECP4_ZZZ_inf(P);
- // P->inf=1;
- return 0;
- }
-
- // P->inf=0;
- FP4_YYY_copy(&(P->x),x);
- FP4_YYY_copy(&(P->y),y);
-
- FP4_YYY_one(&(P->z));
- return 1;
-}
-
-/* Set P=(x,y). Return 1 if (x,.) is on the curve, else return 0 */
-/* SU= 232 */
-int ECP4_ZZZ_setx(ECP4_ZZZ *P,FP4_YYY *x)
-{
- FP4_YYY y;
- ECP4_ZZZ_rhs(&y,x);
-
- if (!FP4_YYY_sqrt(&y,&y))
- {
- ECP4_ZZZ_inf(P);
- return 0;
- }
-
- // P->inf=0;
- FP4_YYY_copy(&(P->x),x);
- FP4_YYY_copy(&(P->y),&y);
-
- FP4_YYY_one(&(P->z));
- return 1;
-}
-
-/* Set P=-P */
-/* SU= 8 */
-void ECP4_ZZZ_neg(ECP4_ZZZ *P)
-{
-// if (ECP4_ZZZ_isinf(P)) return;
- FP4_YYY_norm(&(P->y));
- FP4_YYY_neg(&(P->y),&(P->y));
- FP4_YYY_norm(&(P->y));
-}
-
-
-/* R+=R */
-/* return -1 for Infinity, 0 for addition, 1 for doubling */
-int ECP4_ZZZ_dbl(ECP4_ZZZ *P)
-{
- FP4_YYY t0,t1,t2,t3,iy,x3,y3;
-// if (P->inf) return -1;
-
- FP4_YYY_copy(&iy,&(P->y)); //FP4_YYY iy=new FP4_YYY(y);
-#if SEXTIC_TWIST_ZZZ==D_TYPE
- FP4_YYY_times_i(&iy); //iy.mul_ip();
- //FP4_YYY_norm(&iy); //iy.norm();
-#endif
-
- FP4_YYY_sqr(&t0,&(P->y)); //t0.sqr();
-#if SEXTIC_TWIST_ZZZ==D_TYPE
- FP4_YYY_times_i(&t0); //t0.mul_ip();
-#endif
-
- FP4_YYY_mul(&t1,&iy,&(P->z)); //t1.mul(z);
- FP4_YYY_sqr(&t2,&(P->z)); //t2.sqr();
-
- FP4_YYY_add(&(P->z),&t0,&t0); //z.add(t0);
- FP4_YYY_norm(&(P->z)); //z.norm();
- FP4_YYY_add(&(P->z),&(P->z),&(P->z)); //z.add(z);
- FP4_YYY_add(&(P->z),&(P->z),&(P->z)); //z.add(z);
- FP4_YYY_norm(&(P->z)); //z.norm();
-
- FP4_YYY_imul(&t2,&t2,3*CURVE_B_I_ZZZ); //t2.imul(3*ROM.CURVE_B_I);
-#if SEXTIC_TWIST_ZZZ==M_TYPE
- FP4_YYY_times_i(&t2);
- //FP4_YYY_norm(&t2);
-#endif
-
- FP4_YYY_mul(&x3,&t2,&(P->z)); //x3.mul(z);
-
- FP4_YYY_add(&y3,&t0,&t2); //y3.add(t2);
- FP4_YYY_norm(&y3); //y3.norm();
- FP4_YYY_mul(&(P->z),&(P->z),&t1); //z.mul(t1);
-
- FP4_YYY_add(&t1,&t2,&t2); //t1.add(t2);
- FP4_YYY_add(&t2,&t2,&t1); //t2.add(t1);
- FP4_YYY_norm(&t2); //t2.norm();
- FP4_YYY_sub(&t0,&t0,&t2); //t0.sub(t2);
- FP4_YYY_norm(&t0); //t0.norm(); //y^2-9bz^2
- FP4_YYY_mul(&y3,&y3,&t0); //y3.mul(t0);
- FP4_YYY_add(&(P->y),&y3,&x3); //y3.add(x3); //(y^2+3z*2)(y^2-9z^2)+3b.z^2.8y^2
-
- FP4_YYY_mul(&t1,&(P->x),&iy); //t1.mul(iy); //
-
- FP4_YYY_norm(&t0); //x.norm();
- FP4_YYY_mul(&(P->x),&t0,&t1); //x.mul(t1);
- FP4_YYY_add(&(P->x),&(P->x),&(P->x)); //x.add(x); //(y^2-9bz^2)xy2
-
- FP4_YYY_norm(&(P->x)); //x.norm();
-
- FP4_YYY_norm(&(P->y)); //y.norm();
-
- return 1;
-}
-
-/* Set P+=Q */
-
-int ECP4_ZZZ_add(ECP4_ZZZ *P,ECP4_ZZZ *Q)
-{
- FP4_YYY t0,t1,t2,t3,t4,x3,y3,z3;
- int b3=3*CURVE_B_I_ZZZ;
-/* if (Q->inf) return 0;
- if (P->inf)
- {
- ECP4_ZZZ_copy(P,Q);
- return 0;
- }
-*/
- FP4_YYY_mul(&t0,&(P->x),&(Q->x)); //t0.mul(Q.x); // x.Q.x
- FP4_YYY_mul(&t1,&(P->y),&(Q->y)); //t1.mul(Q.y); // y.Q.y
-
- FP4_YYY_mul(&t2,&(P->z),&(Q->z)); //t2.mul(Q.z);
- FP4_YYY_add(&t3,&(P->x),&(P->y)); //t3.add(y);
- FP4_YYY_norm(&t3); //t3.norm(); //t3=X1+Y1
- FP4_YYY_add(&t4,&(Q->x),&(Q->y)); //t4.add(Q.y);
- FP4_YYY_norm(&t4); //t4.norm(); //t4=X2+Y2
- FP4_YYY_mul(&t3,&t3,&t4); //t3.mul(t4); //t3=(X1+Y1)(X2+Y2)
- FP4_YYY_add(&t4,&t0,&t1); //t4.add(t1); //t4=X1.X2+Y1.Y2
-
- FP4_YYY_sub(&t3,&t3,&t4); //t3.sub(t4);
- FP4_YYY_norm(&t3); //t3.norm();
-#if SEXTIC_TWIST_ZZZ==D_TYPE
- FP4_YYY_times_i(&t3); //t3.mul_ip();
- //FP4_YYY_norm(&t3); //t3.norm(); //t3=(X1+Y1)(X2+Y2)-(X1.X2+Y1.Y2) = X1.Y2+X2.Y1
-#endif
-
- FP4_YYY_add(&t4,&(P->y),&(P->z)); //t4.add(z);
- FP4_YYY_norm(&t4); //t4.norm(); //t4=Y1+Z1
-
- FP4_YYY_add(&x3,&(Q->y),&(Q->z)); //x3.add(Q.z);
- FP4_YYY_norm(&x3); //x3.norm(); //x3=Y2+Z2
-
- FP4_YYY_mul(&t4,&t4,&x3); //t4.mul(x3); //t4=(Y1+Z1)(Y2+Z2)
-
- FP4_YYY_add(&x3,&t1,&t2); //x3.add(t2); //X3=Y1.Y2+Z1.Z2
-
- FP4_YYY_sub(&t4,&t4,&x3); //t4.sub(x3);
- FP4_YYY_norm(&t4); //t4.norm();
-#if SEXTIC_TWIST_ZZZ==D_TYPE
- FP4_YYY_times_i(&t4); //t4.mul_ip();
- //FP4_YYY_norm(&t4); //t4.norm(); //t4=(Y1+Z1)(Y2+Z2) - (Y1.Y2+Z1.Z2) = Y1.Z2+Y2.Z1
-#endif
-
- FP4_YYY_add(&x3,&(P->x),&(P->z)); //x3.add(z);
- FP4_YYY_norm(&x3); //x3.norm(); // x3=X1+Z1
-
- FP4_YYY_add(&y3,&(Q->x),&(Q->z)); //y3.add(Q.z);
- FP4_YYY_norm(&y3); //y3.norm(); // y3=X2+Z2
- FP4_YYY_mul(&x3,&x3,&y3); //x3.mul(y3); // x3=(X1+Z1)(X2+Z2)
-
- FP4_YYY_add(&y3,&t0,&t2); //y3.add(t2); // y3=X1.X2+Z1+Z2
- FP4_YYY_sub(&y3,&x3,&y3); //y3.rsub(x3);
- FP4_YYY_norm(&y3); //y3.norm(); // y3=(X1+Z1)(X2+Z2) - (X1.X2+Z1.Z2) = X1.Z2+X2.Z1
-#if SEXTIC_TWIST_ZZZ==D_TYPE
- FP4_YYY_times_i(&t0); //t0.mul_ip();
- //FP4_YYY_norm(&t0); //t0.norm(); // x.Q.x
- FP4_YYY_times_i(&t1); //t1.mul_ip();
- //FP4_YYY_norm(&t1); //t1.norm(); // y.Q.y
-#endif
-
- FP4_YYY_add(&x3,&t0,&t0); //x3.add(t0);
- FP4_YYY_add(&t0,&t0,&x3); //t0.add(x3);
- FP4_YYY_norm(&t0); //t0.norm();
- FP4_YYY_imul(&t2,&t2,b3); //t2.imul(b);
-#if SEXTIC_TWIST_ZZZ==M_TYPE
- FP4_YYY_times_i(&t2);
-#endif
-
- FP4_YYY_add(&z3,&t1,&t2); //z3.add(t2);
- FP4_YYY_norm(&z3); //z3.norm();
- FP4_YYY_sub(&t1,&t1,&t2); //t1.sub(t2);
- FP4_YYY_norm(&t1); //t1.norm();
- FP4_YYY_imul(&y3,&y3,b3); //y3.imul(b);
-#if SEXTIC_TWIST_ZZZ==M_TYPE
- FP4_YYY_times_i(&y3);
- //FP4_YYY_norm(&y3);
-#endif
-
- FP4_YYY_mul(&x3,&y3,&t4); //x3.mul(t4);
-
- FP4_YYY_mul(&t2,&t3,&t1); //t2.mul(t1);
- FP4_YYY_sub(&(P->x),&t2,&x3); //x3.rsub(t2);
- FP4_YYY_mul(&y3,&y3,&t0); //y3.mul(t0);
- FP4_YYY_mul(&t1,&t1,&z3); //t1.mul(z3);
- FP4_YYY_add(&(P->y),&y3,&t1); //y3.add(t1);
- FP4_YYY_mul(&t0,&t0,&t3); //t0.mul(t3);
- FP4_YYY_mul(&z3,&z3,&t4); //z3.mul(t4);
- FP4_YYY_add(&(P->z),&z3,&t0); //z3.add(t0);
-
-
- FP4_YYY_norm(&(P->x)); //x.norm();
- FP4_YYY_norm(&(P->y)); //y.norm();
- FP4_YYY_norm(&(P->z)); //z.norm();
-
- return 0;
-}
-
-/* Set P-=Q */
-/* SU= 16 */
-void ECP4_ZZZ_sub(ECP4_ZZZ *P,ECP4_ZZZ *Q)
-{
- ECP4_ZZZ NQ;
- ECP4_ZZZ_copy(&NQ,Q);
- ECP4_ZZZ_neg(&NQ);
- //ECP4_ZZZ_neg(Q);
- ECP4_ZZZ_add(P,&NQ);
- //ECP4_ZZZ_neg(Q);
-}
-
-
-void ECP4_ZZZ_reduce(ECP4_ZZZ *P)
-{
- FP4_YYY_reduce(&(P->x));
- FP4_YYY_reduce(&(P->y));
- FP4_YYY_reduce(&(P->z));
-}
-
-/* P*=e */
-/* SU= 280 */
-void ECP4_ZZZ_mul(ECP4_ZZZ *P,BIG_XXX e)
-{
- /* fixed size windows */
- int i,nb,s,ns;
- BIG_XXX mt,t;
- ECP4_ZZZ Q,W[8],C;
- sign8 w[1+(NLEN_XXX*BASEBITS_XXX+3)/4];
-
- if (ECP4_ZZZ_isinf(P)) return;
- //ECP4_ZZZ_affine(P);
-
- /* precompute table */
-
- ECP4_ZZZ_copy(&Q,P);
- ECP4_ZZZ_dbl(&Q);
- ECP4_ZZZ_copy(&W[0],P);
-
- for (i=1; i<8; i++)
- {
- ECP4_ZZZ_copy(&W[i],&W[i-1]);
- ECP4_ZZZ_add(&W[i],&Q);
- }
-
- /* make exponent odd - add 2P if even, P if odd */
- BIG_XXX_copy(t,e);
- s=BIG_XXX_parity(t);
- BIG_XXX_inc(t,1);
- BIG_XXX_norm(t);
- ns=BIG_XXX_parity(t);
- BIG_XXX_copy(mt,t);
- BIG_XXX_inc(mt,1);
- BIG_XXX_norm(mt);
- BIG_XXX_cmove(t,mt,s);
- ECP4_ZZZ_cmove(&Q,P,ns);
- ECP4_ZZZ_copy(&C,&Q);
-
- nb=1+(BIG_XXX_nbits(t)+3)/4;
-
- /* convert exponent to signed 4-bit window */
- for (i=0; i<nb; i++)
- {
- w[i]=BIG_XXX_lastbits(t,5)-16;
- BIG_XXX_dec(t,w[i]);
- BIG_XXX_norm(t);
- BIG_XXX_fshr(t,4);
- }
- w[nb]=BIG_XXX_lastbits(t,5);
-
- ECP4_ZZZ_copy(P,&W[(w[nb]-1)/2]);
- for (i=nb-1; i>=0; i--)
- {
- ECP4_ZZZ_select(&Q,W,w[i]);
- ECP4_ZZZ_dbl(P);
- ECP4_ZZZ_dbl(P);
- ECP4_ZZZ_dbl(P);
- ECP4_ZZZ_dbl(P);
- ECP4_ZZZ_add(P,&Q);
- }
- ECP4_ZZZ_sub(P,&C); /* apply correction */
- ECP4_ZZZ_affine(P);
-}
-
-// calculate frobenius constants
-void ECP4_ZZZ_frob_constants(FP2_YYY F[3])
-{
- FP_YYY fx,fy;
- FP2_YYY X;
-
- FP_YYY_rcopy(&fx,Fra_YYY);
- FP_YYY_rcopy(&fy,Frb_YYY);
- FP2_YYY_from_FPs(&X,&fx,&fy);
-
- FP2_YYY_sqr(&F[0],&X); // FF=F^2=(1+i)^(p-7)/6
- FP2_YYY_copy(&F[2],&F[0]);
- FP2_YYY_mul_ip(&F[2]); // W=(1+i)^6/6.(1+i)^(p-7)/6 = (1+i)^(p-1)/6
- FP2_YYY_norm(&F[2]);
- FP2_YYY_sqr(&F[1],&F[2]);
- FP2_YYY_mul(&F[2],&F[2],&F[1]); // W=(1+i)^(p-1)/2
-
- FP2_YYY_copy(&F[1],&X);
-
-#if SEXTIC_TWIST_ZZZ == M_TYPE
- FP2_YYY_mul_ip(&F[1]); // (1+i)^12/12.(1+i)^(p-7)/12 = (1+i)^(p+5)/12
- FP2_YYY_inv(&F[1],&F[1]); // (1+i)^-(p+5)/12
- FP2_YYY_sqr(&F[0],&F[1]); // (1+i)^-(p+5)/6
-#endif
-
- FP2_YYY_mul_ip(&F[0]); // FF=(1+i)^(p-7)/6.(1+i) = (1+i)^(p-1)/6 // (1+i)^6/6.(1+i)^-(p+5)/6 = (1+i)^-(p-1)/6
- FP2_YYY_norm(&F[0]);
- FP2_YYY_mul(&F[1],&F[1],&F[0]); // FFF = (1+i)^(p-7)/12 . (1+i)^(p-1)/6 = (1+i)^(p-3)/4 // (1+i)^-(p+5)/12 . (1+i)^-(p-1)/6 = (1+i)^-(p+1)/4
-
-}
-
-/* Calculates q^n.P using Frobenius constants */
-void ECP4_ZZZ_frob(ECP4_ZZZ *P,FP2_YYY F[3],int n)
-{
- int i;
- FP4_YYY X,Y,Z;
-// if (P->inf) return;
-
- //ECP4_get(&X,&Y,P); // F=(1+i)^(p-7)/12
-
- FP4_YYY_copy(&X,&(P->x));
- FP4_YYY_copy(&Y,&(P->y));
- FP4_YYY_copy(&Z,&(P->z));
-
- for (i=0;i<n;i++)
- {
- FP4_YYY_frob(&X,&F[2]); // X^p
- FP4_YYY_pmul(&X,&X,&F[0]); // X^p.(1+i)^(p-1)/6 // X^p.(1+i)^-(p-1)/6
-
- FP4_YYY_frob(&Y,&F[2]); // Y^p
- FP4_YYY_pmul(&Y,&Y,&F[1]);
- FP4_YYY_times_i(&Y); // Y.p.(1+i)^(p-3)/4.(1+i)^(2/4) = Y^p.(1+i)^(p-1)/4 // (1+i)^-(p+1)/4 .(1+i)^2/4 = Y^p.(1+i)^-(p-1)/4
-
- FP4_YYY_frob(&Z,&F[2]);
- }
-
- FP4_YYY_copy(&(P->x),&X);
- FP4_YYY_copy(&(P->y),&Y);
- FP4_YYY_copy(&(P->z),&Z);
-}
-
-/* Side channel attack secure */
-// Bos & Costello https://eprint.iacr.org/2013/458.pdf
-// Faz-Hernandez & Longa & Sanchez https://eprint.iacr.org/2013/158.pdf
-
-void ECP4_ZZZ_mul8(ECP4_ZZZ *P,ECP4_ZZZ Q[8],BIG_XXX u[8])
-{
- int i,j,k,nb,pb1,pb2,bt;
- ECP4_ZZZ T1[8],T2[8],W;
- BIG_XXX mt,t[8];
- sign8 w1[NLEN_XXX*BASEBITS_XXX+1];
- sign8 s1[NLEN_XXX*BASEBITS_XXX+1];
- sign8 w2[NLEN_XXX*BASEBITS_XXX+1];
- sign8 s2[NLEN_XXX*BASEBITS_XXX+1];
- FP2_YYY X[3];
-
- ECP4_ZZZ_frob_constants(X);
-
- for (i=0; i<8; i++)
- {
- //ECP4_ZZZ_affine(&Q[i]);
- BIG_XXX_copy(t[i],u[i]);
- }
-
-// Precomputed table
- ECP4_ZZZ_copy(&T1[0],&Q[0]); // Q[0]
- ECP4_ZZZ_copy(&T1[1],&T1[0]);
- ECP4_ZZZ_add(&T1[1],&Q[1]); // Q[0]+Q[1]
- ECP4_ZZZ_copy(&T1[2],&T1[0]);
- ECP4_ZZZ_add(&T1[2],&Q[2]); // Q[0]+Q[2]
- ECP4_ZZZ_copy(&T1[3],&T1[1]);
- ECP4_ZZZ_add(&T1[3],&Q[2]); // Q[0]+Q[1]+Q[2]
- ECP4_ZZZ_copy(&T1[4],&T1[0]);
- ECP4_ZZZ_add(&T1[4],&Q[3]); // Q[0]+Q[3]
- ECP4_ZZZ_copy(&T1[5],&T1[1]);
- ECP4_ZZZ_add(&T1[5],&Q[3]); // Q[0]+Q[1]+Q[3]
- ECP4_ZZZ_copy(&T1[6],&T1[2]);
- ECP4_ZZZ_add(&T1[6],&Q[3]); // Q[0]+Q[2]+Q[3]
- ECP4_ZZZ_copy(&T1[7],&T1[3]);
- ECP4_ZZZ_add(&T1[7],&Q[3]); // Q[0]+Q[1]+Q[2]+Q[3]
-
-// Use Frobenius
-
- for (i=0;i<8;i++)
- {
- ECP4_ZZZ_copy(&T2[i],&T1[i]);
- ECP4_ZZZ_frob(&T2[i],X,4);
- }
-
-// Make them odd
- pb1=1-BIG_XXX_parity(t[0]);
- BIG_XXX_inc(t[0],pb1);
- BIG_XXX_norm(t[0]);
-
- pb2=1-BIG_XXX_parity(t[4]);
- BIG_XXX_inc(t[4],pb2);
- BIG_XXX_norm(t[4]);
-
-// Number of bits
- BIG_XXX_zero(mt);
- for (i=0; i<8; i++)
- {
- BIG_XXX_or(mt,mt,t[i]);
- }
- nb=1+BIG_XXX_nbits(mt);
-
-// Sign pivot
- s1[nb-1]=1;
- s2[nb-1]=1;
- for (i=0;i<nb-1;i++)
- {
- BIG_XXX_fshr(t[0],1);
- s1[i]=2*BIG_XXX_parity(t[0])-1;
- BIG_XXX_fshr(t[4],1);
- s2[i]=2*BIG_XXX_parity(t[4])-1;
- }
-
-
-// Recoded exponents
- for (i=0; i<nb; i++)
- {
- w1[i]=0;
- k=1;
- for (j=1; j<4; j++)
- {
- bt=s1[i]*BIG_XXX_parity(t[j]);
- BIG_XXX_fshr(t[j],1);
-
- BIG_XXX_dec(t[j],(bt>>1));
- BIG_XXX_norm(t[j]);
- w1[i]+=bt*k;
- k*=2;
- }
-
- w2[i]=0;
- k=1;
- for (j=5; j<8; j++)
- {
- bt=s2[i]*BIG_XXX_parity(t[j]);
- BIG_XXX_fshr(t[j],1);
-
- BIG_XXX_dec(t[j],(bt>>1));
- BIG_XXX_norm(t[j]);
- w2[i]+=bt*k;
- k*=2;
- }
- }
-
-// Main loop
- ECP4_ZZZ_select(P,T1,2*w1[nb-1]+1);
- ECP4_ZZZ_select(&W,T2,2*w2[nb-1]+1);
- ECP4_ZZZ_add(P,&W);
- for (i=nb-2; i>=0; i--)
- {
- ECP4_ZZZ_dbl(P);
- ECP4_ZZZ_select(&W,T1,2*w1[i]+s1[i]);
- ECP4_ZZZ_add(P,&W);
- ECP4_ZZZ_select(&W,T2,2*w2[i]+s2[i]);
- ECP4_ZZZ_add(P,&W);
- }
-
-// apply corrections
- ECP4_ZZZ_copy(&W,P);
- ECP4_ZZZ_sub(&W,&Q[0]);
- ECP4_ZZZ_cmove(P,&W,pb1);
- ECP4_ZZZ_copy(&W,P);
- ECP4_ZZZ_sub(&W,&Q[4]);
- ECP4_ZZZ_cmove(P,&W,pb2);
-
- ECP4_ZZZ_affine(P);
-}
-/*
-void ECP4_ZZZ_mul8(ECP4_ZZZ *P,ECP4_ZZZ Q[8],BIG_XXX u[8])
-{
- int i,j,a[4],nb,pb;
- ECP4_ZZZ W[8],Z[8],T,C;
- BIG_XXX mt,t[8];
- sign8 w[NLEN_XXX*BASEBITS_XXX+1];
- sign8 z[NLEN_XXX*BASEBITS_XXX+1];
- FP fx,fy;
- FP2_YYY X;
-
- FP_YYY_rcopy(&fx,Fra);
- FP_YYY_rcopy(&fy,Frb);
- FP2_YYY_from_FPs(&X,&fx,&fy);
-
- for (i=0; i<8; i++)
- BIG_XXX_copy(t[i],u[i]);
-
- // precompute tables
-
-// 12 add/subs
-
- ECP4_ZZZ_copy(&W[0],&Q[0]);
- ECP4_ZZZ_sub(&W[0],&Q[1]); // P-Q
- ECP4_ZZZ_copy(&W[1],&W[0]);
- ECP4_ZZZ_copy(&W[2],&W[0]);
- ECP4_ZZZ_copy(&W[3],&W[0]);
- ECP4_ZZZ_copy(&W[4],&Q[0]);
- ECP4_ZZZ_add(&W[4],&Q[1]); // P+Q
- ECP4_ZZZ_copy(&W[5],&W[4]);
- ECP4_ZZZ_copy(&W[6],&W[4]);
- ECP4_ZZZ_copy(&W[7],&W[4]);
-
- ECP4_ZZZ_copy(&T,&Q[2]);
- ECP4_ZZZ_sub(&T,&Q[3]); // R-S
- ECP4_ZZZ_sub(&W[1],&T);
- ECP4_ZZZ_add(&W[2],&T);
- ECP4_ZZZ_sub(&W[5],&T);
- ECP4_ZZZ_add(&W[6],&T);
- ECP4_ZZZ_copy(&T,&Q[2]);
- ECP4_ZZZ_add(&T,&Q[3]); // R+S
- ECP4_ZZZ_sub(&W[0],&T);
- ECP4_ZZZ_add(&W[3],&T);
- ECP4_ZZZ_sub(&W[4],&T);
- ECP4_ZZZ_add(&W[7],&T);
-
-
-// Use Frobenius
-
- for (i=0;i<8;i++)
- {
- ECP4_ZZZ_copy(&Z[i],&W[i]);
- ECP4_ZZZ_frob(&Z[i],&X,4);
- }
-
- // if multiplier is even add 1 to multiplier, and add P to correction
- ECP4_ZZZ_inf(&C);
-
- BIG_XXX_zero(mt);
- for (i=0; i<8; i++)
- {
- pb=BIG_XXX_parity(t[i]);
- BIG_XXX_inc(t[i],1-pb);
- BIG_XXX_norm(t[i]);
- ECP4_ZZZ_copy(&T,&C);
- ECP4_ZZZ_add(&T,&Q[i]);
- ECP4_ZZZ_cmove(&C,&T,1-pb);
-
-
- BIG_XXX_add(mt,mt,t[i]);
- BIG_XXX_norm(mt);
- }
-
- nb=1+BIG_XXX_nbits(mt);
-
- // convert exponents to signed 1-bit windows
- for (j=0; j<nb; j++)
- {
- for (i=0; i<4; i++)
- {
- a[i]=BIG_XXX_lastbits(t[i],2)-2;
- BIG_XXX_dec(t[i],a[i]);
- BIG_XXX_norm(t[i]);
- BIG_XXX_fshr(t[i],1);
- }
- w[j]=8*a[0]+4*a[1]+2*a[2]+a[3];
- }
- w[nb]=8*BIG_XXX_lastbits(t[0],2)+4*BIG_XXX_lastbits(t[1],2)+2*BIG_XXX_lastbits(t[2],2)+BIG_XXX_lastbits(t[3],2);
-
-
- for (j=0; j<nb; j++)
- {
- for (i=0; i<4; i++)
- {
- a[i]=BIG_XXX_lastbits(t[i+4],2)-2;
- BIG_XXX_dec(t[i+4],a[i]);
- BIG_XXX_norm(t[i+4]);
- BIG_XXX_fshr(t[i+4],1);
- }
- z[j]=8*a[0]+4*a[1]+2*a[2]+a[3];
- }
- z[nb]=8*BIG_XXX_lastbits(t[4],2)+4*BIG_XXX_lastbits(t[5],2)+2*BIG_XXX_lastbits(t[6],2)+BIG_XXX_lastbits(t[7],2);
-
-
- ECP4_ZZZ_copy(P,&W[(w[nb]-1)/2]);
- ECP4_ZZZ_add(P,&Z[(z[nb]-1)/2]);
- for (i=nb-1; i>=0; i--)
- {
- ECP4_ZZZ_dbl(P);
- ECP4_ZZZ_select(&T,W,w[i]);
- ECP4_ZZZ_add(P,&T);
- ECP4_ZZZ_select(&T,Z,z[i]);
- ECP4_ZZZ_add(P,&T);
- }
- ECP4_ZZZ_sub(P,&C); // apply correction
- ECP4_ZZZ_reduce(P);
-}
-*/
-/* Map to hash value to point on G2 from random BIG_XXX */
-
-void ECP4_ZZZ_mapit(ECP4_ZZZ *Q,octet *W)
-{
- BIG_XXX q,one,x,hv;
- FP2_YYY X[3],T;
- FP4_YYY X4,Y4;
-
- ECP4_ZZZ xQ, x2Q, x3Q, x4Q;
-
- BIG_XXX_fromBytes(hv,W->val);
- BIG_XXX_rcopy(q,Modulus_YYY);
- BIG_XXX_one(one);
- BIG_XXX_mod(hv,q);
-
- for (;;)
- {
- FP2_YYY_from_BIGs(&T,one,hv); /*******/
- FP4_YYY_from_FP2(&X4,&T);
- if (ECP4_ZZZ_setx(Q,&X4)) break;
- BIG_XXX_inc(hv,1);
- }
-
- ECP4_ZZZ_frob_constants(X);
-
- BIG_XXX_rcopy(x,CURVE_Bnx_ZZZ);
-
- // Efficient hash maps to G2 on BLS24 curves - Budroni, Pintore
- // Q -> x4Q -x3Q -Q + F(x3Q-x2Q) + F(F(x2Q-xQ)) + F(F(F(xQ-Q))) +F(F(F(F(2Q))))
-
- ECP4_ZZZ_copy(&xQ,Q);
- ECP4_ZZZ_mul(&xQ,x);
- ECP4_ZZZ_copy(&x2Q,&xQ);
- ECP4_ZZZ_mul(&x2Q,x);
- ECP4_ZZZ_copy(&x3Q,&x2Q);
- ECP4_ZZZ_mul(&x3Q,x);
- ECP4_ZZZ_copy(&x4Q,&x3Q);
- ECP4_ZZZ_mul(&x4Q,x);
-
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- ECP4_ZZZ_neg(&xQ);
- ECP4_ZZZ_neg(&x3Q);
-#endif
-
- ECP4_ZZZ_sub(&x4Q,&x3Q);
- ECP4_ZZZ_sub(&x4Q,Q);
-
- ECP4_ZZZ_sub(&x3Q,&x2Q);
- ECP4_ZZZ_frob(&x3Q,X,1);
-
- ECP4_ZZZ_sub(&x2Q,&xQ);
- ECP4_ZZZ_frob(&x2Q,X,2);
-
- ECP4_ZZZ_sub(&xQ,Q);
- ECP4_ZZZ_frob(&xQ,X,3);
-
- ECP4_ZZZ_dbl(Q);
- ECP4_ZZZ_frob(Q,X,4);
-
- ECP4_ZZZ_add(Q,&x4Q);
- ECP4_ZZZ_add(Q,&x3Q);
- ECP4_ZZZ_add(Q,&x2Q);
- ECP4_ZZZ_add(Q,&xQ);
-
- ECP4_ZZZ_affine(Q);
-
-}
-
-// ECP$ Get Group Generator
-
-void ECP4_ZZZ_generator(ECP4_ZZZ *G)
-{
- BIG_XXX a,b;
- FP2_YYY Aa,Bb;
- FP4_YYY X,Y;
-
- BIG_XXX_rcopy(a,CURVE_Pxaa_ZZZ);
- BIG_XXX_rcopy(b,CURVE_Pxab_ZZZ);
- FP2_YYY_from_BIGs(&Aa,a,b);
-
- BIG_XXX_rcopy(a,CURVE_Pxba_ZZZ);
- BIG_XXX_rcopy(b,CURVE_Pxbb_ZZZ);
- FP2_YYY_from_BIGs(&Bb,a,b);
-
- FP4_YYY_from_FP2s(&X,&Aa,&Bb);
-
- BIG_XXX_rcopy(a,CURVE_Pyaa_ZZZ);
- BIG_XXX_rcopy(b,CURVE_Pyab_ZZZ);
- FP2_YYY_from_BIGs(&Aa,a,b);
-
- BIG_XXX_rcopy(a,CURVE_Pyba_ZZZ);
- BIG_XXX_rcopy(b,CURVE_Pybb_ZZZ);
- FP2_YYY_from_BIGs(&Bb,a,b);
-
- FP4_YYY_from_FP2s(&Y,&Aa,&Bb);
-
- ECP4_ZZZ_set(G,&X,&Y);
-}
-
-
-// g++ -O2 ecp4_BLS24.cpp fp4_BLS24.cpp fp2_BLS24.cpp fp_BLS24.cpp big_XXX.cpp rand.cpp hash.cpp rom_field_BLS24.cpp rom_curve_BLS24.cpp oct.cpp -o ecp4_BLS24.exe
-/*
-int main()
-{
- int i;
- ECP4 G,P;
- FP2 Aa,Bb,f;
- FP4 X,Y;
- BIG a,b,r,p;
- char w[100];
- octet W= {0,sizeof(w),w};
-
- ECP4_ggg(&G);
-
- BIG_rcopy(a,Fra);
- BIG_rcopy(b,Frb);
- FP2_from_BIGs(&f,a,b);
-
-
- if (G.inf) cout << "Failed to set - point not on curve" << endl;
- else cout << "set success" << endl;
-
- ECP4_output(&G);
- ECP4_copy(&P,&G);
-
- //ECP4_reduce(&G);
- //ECP4_reduce(&P);
-
- BIG_rcopy(r,CURVE_Order);
- BIG_rcopy(p,Modulus);
-
- BIG_output(r);
- cout << endl;
-
- ECP4_mul(&G,r);
- ECP4_output(&G);
- cout << endl;
-
- ECP4_copy(&G,&P);
-
- cout << "pG = ";
- ECP4_mul(&G,p);
- ECP4_output(&G);
- cout << endl;
-
- cout << "G^p= ";
- ECP4_frob(&P,&f,1);
- ECP4_output(&P);
- cout << endl;
-
-
- for (i=0;i<MODBYTES_XXX;i++)
- {
- W.val[i]=i+11;
- }
- W.len=MODBYTES_XXX;
-
- printf("W= ");
- OCT_output(&W);
- printf("\n");
-
- ECP4_mapit(&P,&W);
-
- cout << "Hash to P= ";
- ECP4_output(&P);
- cout << endl;
-
- ECP4_mul(&P,r);
-
- cout << "rP= ";
- ECP4_output(&P);
- cout << endl;
-
-
-
-// ECP4_dbl(&G);
-// ECP4_output(&G);
-// ECP4_reduce(&G);
-// cout << endl;
-// ECP4_add(&G,&P);
-// ECP4_output(&G);
-// cout << endl;
-
-
- return 0;
-}
-*/
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/ecp4.h
----------------------------------------------------------------------
diff --git a/version3/c/ecp4.h b/version3/c/ecp4.h
deleted file mode 100644
index 8e022c9..0000000
--- a/version3/c/ecp4.h
+++ /dev/null
@@ -1,232 +0,0 @@
-#ifndef ECP4_ZZZ_H
-#define ECP4_ZZZ_H
-
-#include "fp4_YYY.h"
-#include "config_curve_ZZZ.h"
-
-
-/**
- @brief ECP4 Structure - Elliptic Curve Point over quadratic extension field
-*/
-
-typedef struct
-{
- // int inf; /**< Infinity Flag */
- FP4_YYY x; /**< x-coordinate of point */
- FP4_YYY y; /**< y-coordinate of point */
- FP4_YYY z;
-} ECP4_ZZZ;
-
-
-/* Curve Params - see rom.c */
-extern const int CURVE_A_ZZZ; /**< Elliptic curve A parameter */
-extern const int CURVE_B_I_ZZZ; /**< Elliptic curve B parameter */
-extern const BIG_XXX CURVE_B_ZZZ; /**< Elliptic curve B parameter */
-extern const BIG_XXX CURVE_Order_ZZZ; /**< Elliptic curve group order */
-extern const BIG_XXX CURVE_Cof_ZZZ; /**< Elliptic curve cofactor */
-extern const BIG_XXX CURVE_Bnx_ZZZ; /**< Elliptic curve parameter */
-
-extern const BIG_XXX Fra_YYY; /**< real part of curve Frobenius Constant */
-extern const BIG_XXX Frb_YYY; /**< imaginary part of curve Frobenius Constant */
-
-/* Generator point on G1 */
-extern const BIG_XXX CURVE_Gx_ZZZ; /**< x-coordinate of generator point in group G1 */
-extern const BIG_XXX CURVE_Gy_ZZZ; /**< y-coordinate of generator point in group G1 */
-
-/* For Pairings only */
-
-/* Generator point on G2 */
-extern const BIG_XXX CURVE_Pxaa_ZZZ; /**< real part of x-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pxab_ZZZ; /**< imaginary part of x-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pxba_ZZZ; /**< real part of x-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pxbb_ZZZ; /**< imaginary part of x-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pyaa_ZZZ; /**< real part of y-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pyab_ZZZ; /**< imaginary part of y-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pyba_ZZZ; /**< real part of y-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pybb_ZZZ; /**< imaginary part of y-coordinate of generator point in group G2 */
-
-/* ECP4 E(FP4) prototypes */
-/** @brief Tests for ECP4 point equal to infinity
- *
- @param P ECP4 point to be tested
- @return 1 if infinity, else returns 0
- */
-extern int ECP4_ZZZ_isinf(ECP4_ZZZ *P);
-/** @brief Copy ECP4 point to another ECP4 point
- *
- @param P ECP4 instance, on exit = Q
- @param Q ECP4 instance to be copied
- */
-extern void ECP4_ZZZ_copy(ECP4_ZZZ *P,ECP4_ZZZ *Q);
-/** @brief Set ECP4 to point-at-infinity
- *
- @param P ECP4 instance to be set to infinity
- */
-extern void ECP4_ZZZ_inf(ECP4_ZZZ *P);
-/** @brief Tests for equality of two ECP4s
- *
- @param P ECP4 instance to be compared
- @param Q ECP4 instance to be compared
- @return 1 if P=Q, else returns 0
- */
-extern int ECP4_ZZZ_equals(ECP4_ZZZ *P,ECP4_ZZZ *Q);
-
-/** @brief Converts an ECP4 point from Projective (x,y,z) coordinates to affine (x,y) coordinates
- *
- @param P ECP4 instance to be converted to affine form
- */
-extern void ECP4_ZZZ_affine(ECP4_ZZZ *P);
-
-/** @brief Extract x and y coordinates of an ECP4 point P
- *
- If x=y, returns only x
- @param x FP4 on exit = x coordinate of point
- @param y FP4 on exit = y coordinate of point (unless x=y)
- @param P ECP4 instance (x,y)
- @return -1 if P is point-at-infinity, else 0
- */
-extern int ECP4_ZZZ_get(FP4_YYY *x,FP4_YYY *y,ECP4_ZZZ *P);
-/** @brief Formats and outputs an ECP4 point to the console, converted to affine coordinates
- *
- @param P ECP4 instance to be printed
- */
-extern void ECP4_ZZZ_output(ECP4_ZZZ *P);
-
-/** @brief Formats and outputs an ECP4 point to an octet string
- *
- The octet string is created in the form x|y.
- Convert the real and imaginary parts of the x and y coordinates to big-endian base 256 form.
- @param S output octet string
- @param P ECP4 instance to be converted to an octet string
- */
-extern void ECP4_ZZZ_toOctet(octet *S,ECP4_ZZZ *P);
-/** @brief Creates an ECP4 point from an octet string
- *
- The octet string is in the form x|y
- The real and imaginary parts of the x and y coordinates are in big-endian base 256 form.
- @param P ECP4 instance to be created from the octet string
- @param S input octet string
- return 1 if octet string corresponds to a point on the curve, else 0
- */
-extern int ECP4_ZZZ_fromOctet(ECP4_ZZZ *P,octet *S);
-/** @brief Calculate Right Hand Side of curve equation y^2=f(x)
- *
- Function f(x)=x^3+Ax+B
- Used internally.
- @param r FP4 value of f(x)
- @param x FP4 instance
- */
-extern void ECP4_ZZZ_rhs(FP4_YYY *r,FP4_YYY *x);
-/** @brief Set ECP4 to point(x,y) given x and y
- *
- Point P set to infinity if no such point on the curve.
- @param P ECP4 instance to be set (x,y)
- @param x FP4 x coordinate of point
- @param y FP4 y coordinate of point
- @return 1 if point exists, else 0
- */
-extern int ECP4_ZZZ_set(ECP4_ZZZ *P,FP4_YYY *x,FP4_YYY *y);
-/** @brief Set ECP to point(x,[y]) given x
- *
- Point P set to infinity if no such point on the curve. Otherwise y coordinate is calculated from x.
- @param P ECP instance to be set (x,[y])
- @param x BIG x coordinate of point
- @return 1 if point exists, else 0
- */
-extern int ECP4_ZZZ_setx(ECP4_ZZZ *P,FP4_YYY *x);
-/** @brief Negation of an ECP4 point
- *
- @param P ECP4 instance, on exit = -P
- */
-extern void ECP4_ZZZ_neg(ECP4_ZZZ *P);
-
-/** @brief Reduction of an ECP4 point
- *
- @param P ECP4 instance, on exit (x,y) are reduced wrt the modulus
- */
-extern void ECP4_ZZZ_reduce(ECP4_ZZZ *P);
-
-
-/** @brief Doubles an ECP4 instance P and returns slope
- *
- @param P ECP4 instance, on exit =2*P
- @param lam FP4 instance, slope of line
- */
-//extern int ECP4_ZZZ_sdbl(ECP4_ZZZ *P,FP4_YYY *lam);
-/** @brief Adds ECP4 instance Q to ECP4 instance P and returns slope
- *
- @param P ECP4 instance, on exit =P+Q
- @param Q ECP4 instance to be added to P
- @param lam FP4 instance, slope of line
- */
-//extern int ECP4_ZZZ_sadd(ECP4_ZZZ *P,ECP4_ZZZ *Q,FP4_YYY *lam);
-
-
-/** @brief Doubles an ECP4 instance P
- *
- @param P ECP4 instance, on exit =2*P
- */
-extern int ECP4_ZZZ_dbl(ECP4_ZZZ *P);
-/** @brief Adds ECP4 instance Q to ECP4 instance P
- *
- @param P ECP4 instance, on exit =P+Q
- @param Q ECP4 instance to be added to P
- */
-extern int ECP4_ZZZ_add(ECP4_ZZZ *P,ECP4_ZZZ *Q);
-/** @brief Subtracts ECP instance Q from ECP4 instance P
- *
- @param P ECP4 instance, on exit =P-Q
- @param Q ECP4 instance to be subtracted from P
- */
-extern void ECP4_ZZZ_sub(ECP4_ZZZ *P,ECP4_ZZZ *Q);
-/** @brief Multiplies an ECP4 instance P by a BIG, side-channel resistant
- *
- Uses fixed sized windows.
- @param P ECP4 instance, on exit =b*P
- @param b BIG number multiplier
-
- */
-extern void ECP4_ZZZ_mul(ECP4_ZZZ *P,BIG_XXX b);
-
-/** @brief Calculates required Frobenius constants
- *
- Calculate Frobenius constants
- @param F array of FP2 precalculated constants
-
- */
-extern void ECP4_ZZZ_frob_constants(FP2_YYY F[3]);
-
-/** @brief Multiplies an ECP4 instance P by the internal modulus p^n, using precalculated Frobenius constants
- *
- Fast point multiplication using Frobenius
- @param P ECP4 instance, on exit = p^n*P
- @param F array of FP2 precalculated Frobenius constant
- @param n power of prime
-
- */
-extern void ECP4_ZZZ_frob(ECP4_ZZZ *P,FP2_YYY F[3],int n);
-
-/** @brief Calculates P=Sigma b[i]*Q[i] for i=0 to 7
- *
- @param P ECP4 instance, on exit = Sigma b[i]*Q[i] for i=0 to 7
- @param Q ECP4 array of 4 points
- @param b BIG array of 4 multipliers
- */
-extern void ECP4_ZZZ_mul8(ECP4_ZZZ *P,ECP4_ZZZ *Q,BIG_XXX *b);
-
-
-/** @brief Maps random BIG to curve point of correct order
- *
- @param P ECP4 instance of correct order
- @param W OCTET byte array to be mapped
- */
-extern void ECP4_ZZZ_mapit(ECP4_ZZZ *P,octet *w);
-
-/** @brief Get Group Generator from ROM
- *
- @param G ECP4 instance
- */
-extern void ECP4_ZZZ_generator(ECP4_ZZZ *G);
-
-
-#endif
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/ecp8.c
----------------------------------------------------------------------
diff --git a/version3/c/ecp8.c b/version3/c/ecp8.c
deleted file mode 100644
index cb80fcf..0000000
--- a/version3/c/ecp8.c
+++ /dev/null
@@ -1,1311 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL Weierstrass elliptic curve functions over FP2 */
-
-//#include <iostream>
-#include "ecp8_ZZZ.h"
-
-
-int ECP8_ZZZ_isinf(ECP8_ZZZ *P)
-{
-// if (P->inf) return 1;
- return (FP8_YYY_iszilch(&(P->x)) & FP8_YYY_iszilch(&(P->z)));
-}
-
-/* Set P=Q */
-void ECP8_ZZZ_copy(ECP8_ZZZ *P,ECP8_ZZZ *Q)
-{
-// P->inf=Q->inf;
- FP8_YYY_copy(&(P->x),&(Q->x));
- FP8_YYY_copy(&(P->y),&(Q->y));
- FP8_YYY_copy(&(P->z),&(Q->z));
-}
-
-/* set P to Infinity */
-void ECP8_ZZZ_inf(ECP8_ZZZ *P)
-{
-// P->inf=1;
- FP8_YYY_zero(&(P->x));
- FP8_YYY_one(&(P->y));
- FP8_YYY_zero(&(P->z));
-}
-
-/* Conditional move Q to P dependant on d */
-static void ECP8_ZZZ_cmove(ECP8_ZZZ *P,ECP8_ZZZ *Q,int d)
-{
- FP8_YYY_cmove(&(P->x),&(Q->x),d);
- FP8_YYY_cmove(&(P->y),&(Q->y),d);
- FP8_YYY_cmove(&(P->z),&(Q->z),d);
-// d=~(d-1);
-// P->inf^=(P->inf^Q->inf)&d;
-}
-
-/* return 1 if b==c, no branching */
-static int teq(sign32 b,sign32 c)
-{
- sign32 x=b^c;
- x-=1; // if x=0, x now -1
- return (int)((x>>31)&1);
-}
-
-/* Constant time select from pre-computed table */
-static void ECP8_ZZZ_select(ECP8_ZZZ *P,ECP8_ZZZ W[],sign32 b)
-{
- ECP8_ZZZ MP;
- sign32 m=b>>31;
- sign32 babs=(b^m)-m;
-
- babs=(babs-1)/2;
-
- ECP8_ZZZ_cmove(P,&W[0],teq(babs,0)); // conditional move
- ECP8_ZZZ_cmove(P,&W[1],teq(babs,1));
- ECP8_ZZZ_cmove(P,&W[2],teq(babs,2));
- ECP8_ZZZ_cmove(P,&W[3],teq(babs,3));
- ECP8_ZZZ_cmove(P,&W[4],teq(babs,4));
- ECP8_ZZZ_cmove(P,&W[5],teq(babs,5));
- ECP8_ZZZ_cmove(P,&W[6],teq(babs,6));
- ECP8_ZZZ_cmove(P,&W[7],teq(babs,7));
-
- ECP8_ZZZ_copy(&MP,P);
- ECP8_ZZZ_neg(&MP); // minus P
- ECP8_ZZZ_cmove(P,&MP,(int)(m&1));
-}
-
-/* Make P affine (so z=1) */
-void ECP8_ZZZ_affine(ECP8_ZZZ *P)
-{
- FP8_YYY one,iz;
- if (ECP8_ZZZ_isinf(P)) return;
-
- FP8_YYY_one(&one);
- if (FP8_YYY_isunity(&(P->z)))
- {
- FP8_YYY_reduce(&(P->x));
- FP8_YYY_reduce(&(P->y));
- return;
- }
-
- FP8_YYY_inv(&iz,&(P->z));
- FP8_YYY_mul(&(P->x),&(P->x),&iz);
- FP8_YYY_mul(&(P->y),&(P->y),&iz);
-
- FP8_YYY_reduce(&(P->x));
- FP8_YYY_reduce(&(P->y));
- FP8_YYY_copy(&(P->z),&one);
-}
-
-/* return 1 if P==Q, else 0 */
-/* SU= 312 */
-int ECP8_ZZZ_equals(ECP8_ZZZ *P,ECP8_ZZZ *Q)
-{
- FP8_YYY a,b;
-// if (ECP8_ZZZ_isinf(P) && ECP8_ZZZ_isinf(Q)) return 1;
-// if (ECP8_ZZZ_isinf(P) || ECP8_ZZZ_isinf(Q)) return 0;
-
- FP8_YYY_mul(&a,&(P->x),&(Q->z));
- FP8_YYY_mul(&b,&(Q->x),&(P->z));
- if (!FP8_YYY_equals(&a,&b)) return 0;
-
- FP8_YYY_mul(&a,&(P->y),&(Q->z));
- FP8_YYY_mul(&b,&(Q->y),&(P->z));
- if (!FP8_YYY_equals(&a,&b)) return 0;
- return 1;
-}
-
-/* extract x, y from point P */
-int ECP8_ZZZ_get(FP8_YYY *x,FP8_YYY *y,ECP8_ZZZ *P)
-{
- ECP8_ZZZ W;
- ECP8_ZZZ_copy(&W,P);
- ECP8_ZZZ_affine(&W);
- if (ECP8_ZZZ_isinf(&W)) return -1;
- //ECP8_ZZZ_affine(P);
- FP8_YYY_copy(y,&(W.y));
- FP8_YYY_copy(x,&(W.x));
- return 0;
-}
-
-/* Output point P */
-void ECP8_ZZZ_output(ECP8_ZZZ *P)
-{
- FP8_YYY x,y;
- if (ECP8_ZZZ_isinf(P))
- {
- printf("Infinity\n");
- return;
- }
- ECP8_ZZZ_get(&x,&y,P);
- printf("(");
- FP8_YYY_output(&x);
- printf(",");
- FP8_YYY_output(&y);
- printf(")\n");
-}
-
-/* Convert Q to octet string */
-void ECP8_ZZZ_toOctet(octet *W,ECP8_ZZZ *Q)
-{
- BIG_XXX b;
- FP8_YYY qx,qy;
- FP4_YYY qa,qb;
- FP2_YYY pa,pb;
-
- ECP8_ZZZ_get(&qx,&qy,Q);
-
- FP4_YYY_copy(&qa,&(qx.a));
- FP4_YYY_copy(&qb,&(qx.b));
-
- FP2_YYY_copy(&pa,&(qa.a));
- FP2_YYY_copy(&pb,&(qa.b));
-
- FP_YYY_redc(b,&(pa.a));
- BIG_XXX_toBytes(&(W->val[0]),b);
- FP_YYY_redc(b,&(pa.b));
- BIG_XXX_toBytes(&(W->val[MODBYTES_XXX]),b);
- FP_YYY_redc(b,&(pb.a));
- BIG_XXX_toBytes(&(W->val[2*MODBYTES_XXX]),b);
- FP_YYY_redc(b,&(pb.b));
- BIG_XXX_toBytes(&(W->val[3*MODBYTES_XXX]),b);
-
- FP2_YYY_copy(&pa,&(qb.a));
- FP2_YYY_copy(&pb,&(qb.b));
-
- FP_YYY_redc(b,&(pa.a));
- BIG_XXX_toBytes(&(W->val[4*MODBYTES_XXX]),b);
- FP_YYY_redc(b,&(pa.b));
- BIG_XXX_toBytes(&(W->val[5*MODBYTES_XXX]),b);
- FP_YYY_redc(b,&(pb.a));
- BIG_XXX_toBytes(&(W->val[6*MODBYTES_XXX]),b);
- FP_YYY_redc(b,&(pb.b));
- BIG_XXX_toBytes(&(W->val[7*MODBYTES_XXX]),b);
-
-
- FP4_YYY_copy(&qa,&(qy.a));
- FP4_YYY_copy(&qb,&(qy.b));
-
- FP2_YYY_copy(&pa,&(qa.a));
- FP2_YYY_copy(&pb,&(qa.b));
-
- FP_YYY_redc(b,&(pa.a));
- BIG_XXX_toBytes(&(W->val[8*MODBYTES_XXX]),b);
- FP_YYY_redc(b,&(pa.b));
- BIG_XXX_toBytes(&(W->val[9*MODBYTES_XXX]),b);
- FP_YYY_redc(b,&(pb.a));
- BIG_XXX_toBytes(&(W->val[10*MODBYTES_XXX]),b);
- FP_YYY_redc(b,&(pb.b));
- BIG_XXX_toBytes(&(W->val[11*MODBYTES_XXX]),b);
-
- FP2_YYY_copy(&pa,&(qb.a));
- FP2_YYY_copy(&pb,&(qb.b));
-
- FP_YYY_redc(b,&(pa.a));
- BIG_XXX_toBytes(&(W->val[12*MODBYTES_XXX]),b);
- FP_YYY_redc(b,&(pa.b));
- BIG_XXX_toBytes(&(W->val[13*MODBYTES_XXX]),b);
- FP_YYY_redc(b,&(pb.a));
- BIG_XXX_toBytes(&(W->val[14*MODBYTES_XXX]),b);
- FP_YYY_redc(b,&(pb.b));
- BIG_XXX_toBytes(&(W->val[15*MODBYTES_XXX]),b);
-
-
- W->len=16*MODBYTES_XXX;
-}
-
-/* restore Q from octet string */
-int ECP8_ZZZ_fromOctet(ECP8_ZZZ *Q,octet *W)
-{
- BIG_XXX b;
- FP8_YYY qx,qy;
- FP4_YYY qa,qb;
- FP2_YYY pa,pb;
-
- BIG_XXX_fromBytes(b,&(W->val[0]));
- FP_YYY_nres(&(pa.a),b);
- BIG_XXX_fromBytes(b,&(W->val[MODBYTES_XXX]));
- FP_YYY_nres(&(pa.b),b);
- BIG_XXX_fromBytes(b,&(W->val[2*MODBYTES_XXX]));
- FP_YYY_nres(&(pb.a),b);
- BIG_XXX_fromBytes(b,&(W->val[3*MODBYTES_XXX]));
- FP_YYY_nres(&(pb.b),b);
-
- FP2_YYY_copy(&(qa.a),&pa);
- FP2_YYY_copy(&(qa.b),&pb);
-
- BIG_XXX_fromBytes(b,&(W->val[4*MODBYTES_XXX]));
- FP_YYY_nres(&(pa.a),b);
- BIG_XXX_fromBytes(b,&(W->val[5*MODBYTES_XXX]));
- FP_YYY_nres(&(pa.b),b);
- BIG_XXX_fromBytes(b,&(W->val[6*MODBYTES_XXX]));
- FP_YYY_nres(&(pb.a),b);
- BIG_XXX_fromBytes(b,&(W->val[7*MODBYTES_XXX]));
- FP_YYY_nres(&(pb.b),b);
-
- FP2_YYY_copy(&(qb.a),&pa);
- FP2_YYY_copy(&(qb.b),&pb);
-
- FP4_YYY_copy(&(qx.a),&qa);
- FP4_YYY_copy(&(qx.b),&qb);
-
-
- BIG_XXX_fromBytes(b,&(W->val[8*MODBYTES_XXX]));
- FP_YYY_nres(&(pa.a),b);
- BIG_XXX_fromBytes(b,&(W->val[9*MODBYTES_XXX]));
- FP_YYY_nres(&(pa.b),b);
- BIG_XXX_fromBytes(b,&(W->val[10*MODBYTES_XXX]));
- FP_YYY_nres(&(pb.a),b);
- BIG_XXX_fromBytes(b,&(W->val[11*MODBYTES_XXX]));
- FP_YYY_nres(&(pb.b),b);
-
- FP2_YYY_copy(&(qa.a),&pa);
- FP2_YYY_copy(&(qa.b),&pb);
-
- BIG_XXX_fromBytes(b,&(W->val[12*MODBYTES_XXX]));
- FP_YYY_nres(&(pa.a),b);
- BIG_XXX_fromBytes(b,&(W->val[13*MODBYTES_XXX]));
- FP_YYY_nres(&(pa.b),b);
- BIG_XXX_fromBytes(b,&(W->val[14*MODBYTES_XXX]));
- FP_YYY_nres(&(pb.a),b);
- BIG_XXX_fromBytes(b,&(W->val[15*MODBYTES_XXX]));
- FP_YYY_nres(&(pb.b),b);
-
- FP2_YYY_copy(&(qb.a),&pa);
- FP2_YYY_copy(&(qb.b),&pb);
-
- FP4_YYY_copy(&(qy.a),&qa);
- FP4_YYY_copy(&(qy.b),&qb);
-
-
- if (ECP8_ZZZ_set(Q,&qx,&qy)) return 1;
- return 0;
-}
-
-/* Calculate RHS of twisted curve equation x^3+B/i or x^3+Bi*/
-void ECP8_ZZZ_rhs(FP8_YYY *rhs,FP8_YYY *x)
-{
- /* calculate RHS of elliptic curve equation */
- FP8_YYY t;
- FP4_YYY t4;
- FP2_YYY t2;
- BIG_XXX b;
- FP8_YYY_sqr(&t,x);
-
- FP8_YYY_mul(rhs,&t,x);
-
- /* Assuming CURVE_A=0 */
-
- BIG_XXX_rcopy(b,CURVE_B_ZZZ);
-
- FP2_YYY_from_BIG(&t2,b);
- FP4_YYY_from_FP2(&t4,&t2);
- FP8_YYY_from_FP4(&t,&t4);
-
-#if SEXTIC_TWIST_ZZZ == D_TYPE
- FP8_YYY_div_i(&t); /* IMPORTANT - here we use the correct SEXTIC twist of the curve */
-#endif
-
-#if SEXTIC_TWIST_ZZZ == M_TYPE
- FP8_YYY_times_i(&t); /* IMPORTANT - here we use the correct SEXTIC twist of the curve */
-#endif
-
- FP8_YYY_add(rhs,&t,rhs);
- FP8_YYY_reduce(rhs);
-}
-
-/* Set P=(x,y). Return 1 if (x,y) is on the curve, else return 0*/
-/* SU= 232 */
-int ECP8_ZZZ_set(ECP8_ZZZ *P,FP8_YYY *x,FP8_YYY *y)
-{
- FP8_YYY rhs,y2;
-
- FP8_YYY_sqr(&y2,y);
- ECP8_ZZZ_rhs(&rhs,x);
-
- if (!FP8_YYY_equals(&y2,&rhs))
- {
- ECP8_ZZZ_inf(P);
- // P->inf=1;
- return 0;
- }
-
- // P->inf=0;
- FP8_YYY_copy(&(P->x),x);
- FP8_YYY_copy(&(P->y),y);
-
- FP8_YYY_one(&(P->z));
- return 1;
-}
-
-/* Set P=(x,y). Return 1 if (x,.) is on the curve, else return 0 */
-/* SU= 232 */
-int ECP8_ZZZ_setx(ECP8_ZZZ *P,FP8_YYY *x)
-{
- FP8_YYY y;
- ECP8_ZZZ_rhs(&y,x);
-
- if (!FP8_YYY_sqrt(&y,&y))
- {
- ECP8_ZZZ_inf(P);
- return 0;
- }
-
- // P->inf=0;
- FP8_YYY_copy(&(P->x),x);
- FP8_YYY_copy(&(P->y),&y);
- FP8_YYY_one(&(P->z));
- return 1;
-}
-
-/* Set P=-P */
-/* SU= 8 */
-void ECP8_ZZZ_neg(ECP8_ZZZ *P)
-{
-// if (ECP8_ZZZ_isinf(P)) return;
- FP8_YYY_norm(&(P->y));
- FP8_YYY_neg(&(P->y),&(P->y));
- FP8_YYY_norm(&(P->y));
-}
-
-
-
-/* R+=R */
-/* return -1 for Infinity, 0 for addition, 1 for doubling */
-int ECP8_ZZZ_dbl(ECP8_ZZZ *P)
-{
- FP8_YYY t0,t1,t2,t3,iy,x3,y3;
- // if (P->inf) return -1;
-
- FP8_YYY_copy(&iy,&(P->y)); //FP8_YYY iy=new FP8_YYY(y);
-#if SEXTIC_TWIST_ZZZ==D_TYPE
- FP8_YYY_times_i(&iy); //iy.mul_ip();
- //FP8_YYY_norm(&iy); //iy.norm();
-#endif
-
- FP8_YYY_sqr(&t0,&(P->y)); //t0.sqr();
-#if SEXTIC_TWIST_ZZZ==D_TYPE
- FP8_YYY_times_i(&t0); //t0.mul_ip();
-#endif
-
- FP8_YYY_mul(&t1,&iy,&(P->z)); //t1.mul(z);
- FP8_YYY_sqr(&t2,&(P->z)); //t2.sqr();
-
- FP8_YYY_add(&(P->z),&t0,&t0); //z.add(t0);
- FP8_YYY_norm(&(P->z)); //z.norm();
- FP8_YYY_add(&(P->z),&(P->z),&(P->z)); //z.add(z);
- FP8_YYY_add(&(P->z),&(P->z),&(P->z)); //z.add(z);
- FP8_YYY_norm(&(P->z)); //z.norm();
-
- FP8_YYY_imul(&t2,&t2,3*CURVE_B_I_ZZZ); //t2.imul(3*ROM.CURVE_B_I);
-#if SEXTIC_TWIST_ZZZ==M_TYPE
- FP8_YYY_times_i(&t2);
- //FP8_YYY_norm(&t2);
-#endif
-
- FP8_YYY_mul(&x3,&t2,&(P->z)); //x3.mul(z);
-
- FP8_YYY_add(&y3,&t0,&t2); //y3.add(t2);
- FP8_YYY_norm(&y3); //y3.norm();
- FP8_YYY_mul(&(P->z),&(P->z),&t1); //z.mul(t1);
-
- FP8_YYY_add(&t1,&t2,&t2); //t1.add(t2);
- FP8_YYY_add(&t2,&t2,&t1); //t2.add(t1);
- FP8_YYY_norm(&t2); //t2.norm();
- FP8_YYY_sub(&t0,&t0,&t2); //t0.sub(t2);
- FP8_YYY_norm(&t0); //t0.norm(); //y^2-9bz^2
- FP8_YYY_mul(&y3,&y3,&t0); //y3.mul(t0);
- FP8_YYY_add(&(P->y),&y3,&x3); //y3.add(x3); //(y^2+3z*2)(y^2-9z^2)+3b.z^2.8y^2
-
- FP8_YYY_mul(&t1,&(P->x),&iy); //t1.mul(iy); //
-
- FP8_YYY_norm(&t0); //x.norm();
- FP8_YYY_mul(&(P->x),&t0,&t1); //x.mul(t1);
- FP8_YYY_add(&(P->x),&(P->x),&(P->x)); //x.add(x); //(y^2-9bz^2)xy2
-
- FP8_YYY_norm(&(P->x)); //x.norm();
-
- FP8_YYY_norm(&(P->y)); //y.norm();
-
- return 1;
-}
-
-/* Set P+=Q */
-
-int ECP8_ZZZ_add(ECP8_ZZZ *P,ECP8_ZZZ *Q)
-{
- FP8_YYY t0,t1,t2,t3,t4,x3,y3,z3;
- int b3=3*CURVE_B_I_ZZZ;
-/* if (Q->inf) return 0;
- if (P->inf)
- {
- ECP8_ZZZ_copy(P,Q);
- return 0;
- }
-*/
- FP8_YYY_mul(&t0,&(P->x),&(Q->x)); //t0.mul(Q.x); // x.Q.x
- FP8_YYY_mul(&t1,&(P->y),&(Q->y)); //t1.mul(Q.y); // y.Q.y
-
- FP8_YYY_mul(&t2,&(P->z),&(Q->z)); //t2.mul(Q.z);
- FP8_YYY_add(&t3,&(P->x),&(P->y)); //t3.add(y);
- FP8_YYY_norm(&t3); //t3.norm(); //t3=X1+Y1
- FP8_YYY_add(&t4,&(Q->x),&(Q->y)); //t4.add(Q.y);
- FP8_YYY_norm(&t4); //t4.norm(); //t4=X2+Y2
- FP8_YYY_mul(&t3,&t3,&t4); //t3.mul(t4); //t3=(X1+Y1)(X2+Y2)
- FP8_YYY_add(&t4,&t0,&t1); //t4.add(t1); //t4=X1.X2+Y1.Y2
-
- FP8_YYY_sub(&t3,&t3,&t4); //t3.sub(t4);
- FP8_YYY_norm(&t3); //t3.norm();
-#if SEXTIC_TWIST_ZZZ==D_TYPE
- FP8_YYY_times_i(&t3); //t3.mul_ip();
- //FP8_YYY_norm(&t3); //t3.norm(); //t3=(X1+Y1)(X2+Y2)-(X1.X2+Y1.Y2) = X1.Y2+X2.Y1
-#endif
-
- FP8_YYY_add(&t4,&(P->y),&(P->z)); //t4.add(z);
- FP8_YYY_norm(&t4); //t4.norm(); //t4=Y1+Z1
-
- FP8_YYY_add(&x3,&(Q->y),&(Q->z)); //x3.add(Q.z);
- FP8_YYY_norm(&x3); //x3.norm(); //x3=Y2+Z2
-
- FP8_YYY_mul(&t4,&t4,&x3); //t4.mul(x3); //t4=(Y1+Z1)(Y2+Z2)
-
- FP8_YYY_add(&x3,&t1,&t2); //x3.add(t2); //X3=Y1.Y2+Z1.Z2
-
- FP8_YYY_sub(&t4,&t4,&x3); //t4.sub(x3);
- FP8_YYY_norm(&t4); //t4.norm();
-#if SEXTIC_TWIST_ZZZ==D_TYPE
- FP8_YYY_times_i(&t4); //t4.mul_ip();
- //FP8_YYY_norm(&t4); //t4.norm(); //t4=(Y1+Z1)(Y2+Z2) - (Y1.Y2+Z1.Z2) = Y1.Z2+Y2.Z1
-#endif
-
- FP8_YYY_add(&x3,&(P->x),&(P->z)); //x3.add(z);
- FP8_YYY_norm(&x3); //x3.norm(); // x3=X1+Z1
-
- FP8_YYY_add(&y3,&(Q->x),&(Q->z)); //y3.add(Q.z);
- FP8_YYY_norm(&y3); //y3.norm(); // y3=X2+Z2
- FP8_YYY_mul(&x3,&x3,&y3); //x3.mul(y3); // x3=(X1+Z1)(X2+Z2)
-
- FP8_YYY_add(&y3,&t0,&t2); //y3.add(t2); // y3=X1.X2+Z1+Z2
- FP8_YYY_sub(&y3,&x3,&y3); //y3.rsub(x3);
- FP8_YYY_norm(&y3); //y3.norm(); // y3=(X1+Z1)(X2+Z2) - (X1.X2+Z1.Z2) = X1.Z2+X2.Z1
-#if SEXTIC_TWIST_ZZZ==D_TYPE
- FP8_YYY_times_i(&t0); //t0.mul_ip();
- //FP8_YYY_norm(&t0); //t0.norm(); // x.Q.x
- FP8_YYY_times_i(&t1); //t1.mul_ip();
- //FP8_YYY_norm(&t1); //t1.norm(); // y.Q.y
-#endif
-
- FP8_YYY_add(&x3,&t0,&t0); //x3.add(t0);
- FP8_YYY_add(&t0,&t0,&x3); //t0.add(x3);
- FP8_YYY_norm(&t0); //t0.norm();
- FP8_YYY_imul(&t2,&t2,b3); //t2.imul(b);
-#if SEXTIC_TWIST_ZZZ==M_TYPE
- FP8_YYY_times_i(&t2);
-#endif
-
- FP8_YYY_add(&z3,&t1,&t2); //z3.add(t2);
- FP8_YYY_norm(&z3); //z3.norm();
- FP8_YYY_sub(&t1,&t1,&t2); //t1.sub(t2);
- FP8_YYY_norm(&t1); //t1.norm();
- FP8_YYY_imul(&y3,&y3,b3); //y3.imul(b);
-#if SEXTIC_TWIST_ZZZ==M_TYPE
- FP8_YYY_times_i(&y3);
- //FP8_YYY_norm(&y3);
-#endif
-
- FP8_YYY_mul(&x3,&y3,&t4); //x3.mul(t4);
-
- FP8_YYY_mul(&t2,&t3,&t1); //t2.mul(t1);
- FP8_YYY_sub(&(P->x),&t2,&x3); //x3.rsub(t2);
- FP8_YYY_mul(&y3,&y3,&t0); //y3.mul(t0);
- FP8_YYY_mul(&t1,&t1,&z3); //t1.mul(z3);
- FP8_YYY_add(&(P->y),&y3,&t1); //y3.add(t1);
- FP8_YYY_mul(&t0,&t0,&t3); //t0.mul(t3);
- FP8_YYY_mul(&z3,&z3,&t4); //z3.mul(t4);
- FP8_YYY_add(&(P->z),&z3,&t0); //z3.add(t0);
-
-
- FP8_YYY_norm(&(P->x)); //x.norm();
- FP8_YYY_norm(&(P->y)); //y.norm();
- FP8_YYY_norm(&(P->z)); //z.norm();
-
- return 0;
-}
-
-/* Set P-=Q */
-/* SU= 16 */
-void ECP8_ZZZ_sub(ECP8_ZZZ *P,ECP8_ZZZ *Q)
-{
- ECP8_ZZZ NQ;
- ECP8_ZZZ_copy(&NQ,Q);
- ECP8_ZZZ_neg(&NQ);
- //ECP8_ZZZ_neg(Q);
- ECP8_ZZZ_add(P,&NQ);
- //ECP8_ZZZ_neg(Q);
-}
-
-
-void ECP8_ZZZ_reduce(ECP8_ZZZ *P)
-{
- FP8_YYY_reduce(&(P->x));
- FP8_YYY_reduce(&(P->y));
- FP8_YYY_reduce(&(P->z));
-}
-
-/* P*=e */
-/* SU= 280 */
-void ECP8_ZZZ_mul(ECP8_ZZZ *P,BIG_XXX e)
-{
- /* fixed size windows */
- int i,nb,s,ns;
- BIG_XXX mt,t;
- ECP8_ZZZ Q,W[8],C;
- sign8 w[1+(NLEN_XXX*BASEBITS_XXX+3)/4];
-
- if (ECP8_ZZZ_isinf(P)) return;
- //ECP8_ZZZ_affine(P);
- /* precompute table */
-
- ECP8_ZZZ_copy(&Q,P);
- ECP8_ZZZ_dbl(&Q);
- ECP8_ZZZ_copy(&W[0],P);
-
- for (i=1; i<8; i++)
- {
- ECP8_ZZZ_copy(&W[i],&W[i-1]);
- ECP8_ZZZ_add(&W[i],&Q);
- }
-
- /* make exponent odd - add 2P if even, P if odd */
- BIG_XXX_copy(t,e);
- s=BIG_XXX_parity(t);
- BIG_XXX_inc(t,1);
- BIG_XXX_norm(t);
- ns=BIG_XXX_parity(t);
- BIG_XXX_copy(mt,t);
- BIG_XXX_inc(mt,1);
- BIG_XXX_norm(mt);
- BIG_XXX_cmove(t,mt,s);
- ECP8_ZZZ_cmove(&Q,P,ns);
- ECP8_ZZZ_copy(&C,&Q);
-
- nb=1+(BIG_XXX_nbits(t)+3)/4;
-
- /* convert exponent to signed 4-bit window */
- for (i=0; i<nb; i++)
- {
- w[i]=BIG_XXX_lastbits(t,5)-16;
- BIG_XXX_dec(t,w[i]);
- BIG_XXX_norm(t);
- BIG_XXX_fshr(t,4);
- }
- w[nb]=BIG_XXX_lastbits(t,5);
-
- ECP8_ZZZ_copy(P,&W[(w[nb]-1)/2]);
- for (i=nb-1; i>=0; i--)
- {
- ECP8_ZZZ_select(&Q,W,w[i]);
- ECP8_ZZZ_dbl(P);
- ECP8_ZZZ_dbl(P);
- ECP8_ZZZ_dbl(P);
- ECP8_ZZZ_dbl(P);
- ECP8_ZZZ_add(P,&Q);
- }
- ECP8_ZZZ_sub(P,&C); /* apply correction */
- ECP8_ZZZ_affine(P);
-}
-
-void ECP8_ZZZ_frob_constants(FP2_YYY F[3])
-{
- FP_YYY fx,fy;
- FP2_YYY X;
-
- FP_YYY_rcopy(&fx,Fra_YYY);
- FP_YYY_rcopy(&fy,Frb_YYY);
- FP2_YYY_from_FPs(&X,&fx,&fy);
-
-
- FP2_YYY_sqr(&F[0],&X); // FF=F^2=(1+i)^(p-19)/12
- FP2_YYY_copy(&F[2],&F[0]);
- FP2_YYY_mul_ip(&F[2]); // W=(1+i)^12/12.(1+i)^(p-19)/12 = (1+i)^(p-7)/12
- FP2_YYY_norm(&F[2]);
- FP2_YYY_sqr(&F[1],&F[2]);
- FP2_YYY_mul(&F[2],&F[2],&F[1]); // W=(1+i)^(p-7)/4
-
- FP2_YYY_mul_ip(&F[2]); // W=(1+i)^4/4.W=(1+i)^(p-7)/4 = (1+i)^(p-3)/4
- FP2_YYY_norm(&F[2]);
-
- FP2_YYY_copy(&F[1],&X);
-
-#if SEXTIC_TWIST_ZZZ == M_TYPE
- FP2_YYY_mul_ip(&F[1]); // (1+i)^24/24.(1+i)^(p-19)/24 = (1+i)^(p+5)/24
- FP2_YYY_inv(&F[1],&F[1]); // (1+i)^-(p+5)/24
- FP2_YYY_sqr(&F[0],&F[1]); // (1+i)^-(p+5)/12
-#endif
-
-
- FP2_YYY_mul_ip(&F[0]); // FF=(1+i)^(p-19)/12.(1+i)^12/12 = (1+i)^(p-7)/12 // FF=(1+i)^12/12.(1+i)^-(p+5)/12 = (1+i)^-(p-7)/12
- FP2_YYY_norm(&F[0]);
-
- FP2_YYY_mul(&F[1],&F[1],&F[0]); // (1+i)^(p-7)/12 . (1+i)^(p-19)/24 = (1+i)^(p-11)/8 // (1+i)^-(p-7)/12 . (1+i)^-(p+5)/24 = (1+i)^-(p-3)/8
-
-}
-
-/* Calculates q^n.P using Frobenius constant X */
-void ECP8_ZZZ_frob(ECP8_ZZZ *P,FP2_YYY F[3],int n)
-{
- int i;
- FP8_YYY X,Y,Z;
-
-// if (P->inf) return;
-
- //ECP8_get(&X,&Y,P); // F=(1+i)^(p-19)/24
-
- FP8_YYY_copy(&X,&(P->x));
- FP8_YYY_copy(&Y,&(P->y));
- FP8_YYY_copy(&Z,&(P->z));
-
- for (i=0;i<n;i++)
- {
- FP8_YYY_frob(&X,&F[2]); // X^p
- FP8_YYY_qmul(&X,&X,&F[0]);
-#if SEXTIC_TWIST_ZZZ == M_TYPE
- FP8_YYY_div_i2(&X); // X^p.(1+i)^-(p-1)/12
-#endif
-#if SEXTIC_TWIST_ZZZ == D_TYPE
- FP8_YYY_times_i2(&X); // X^p.(1+i)^(p-1)/12
-#endif
-
- FP8_YYY_frob(&Y,&F[2]); // Y^p
- FP8_YYY_qmul(&Y,&Y,&F[1]);
-#if SEXTIC_TWIST_ZZZ == M_TYPE
- FP8_YYY_div_i(&Y); // Y^p.(1+i)^-(p-1)/8
-#endif
-#if SEXTIC_TWIST_ZZZ == D_TYPE
- FP8_YYY_times_i2(&Y); FP8_YYY_times_i2(&Y); FP8_YYY_times_i(&Y); // Y^p.(1+i)^(p-1)/8
-#endif
- FP8_YYY_frob(&Z,&F[2]);
- }
-
- FP8_YYY_copy(&(P->x),&X);
- FP8_YYY_copy(&(P->y),&Y);
- FP8_YYY_copy(&(P->z),&Z);
-}
-
-/* Side channel attack secure */
-// Bos & Costello https://eprint.iacr.org/2013/458.pdf
-// Faz-Hernandez & Longa & Sanchez https://eprint.iacr.org/2013/158.pdf
-
-void ECP8_ZZZ_mul16(ECP8_ZZZ *P,ECP8_ZZZ Q[16],BIG_XXX u[16])
-{
- int i,j,k,nb,pb1,pb2,pb3,pb4,bt;
- ECP8_ZZZ T1[8],T2[8],T3[8],T4[8],W;
- BIG_XXX mt,t[16];
- sign8 w1[NLEN_XXX*BASEBITS_XXX+1];
- sign8 s1[NLEN_XXX*BASEBITS_XXX+1];
- sign8 w2[NLEN_XXX*BASEBITS_XXX+1];
- sign8 s2[NLEN_XXX*BASEBITS_XXX+1];
- sign8 w3[NLEN_XXX*BASEBITS_XXX+1];
- sign8 s3[NLEN_XXX*BASEBITS_XXX+1];
- sign8 w4[NLEN_XXX*BASEBITS_XXX+1];
- sign8 s4[NLEN_XXX*BASEBITS_XXX+1];
-
- FP2_YYY X[3];
- ECP8_ZZZ_frob_constants(X);
-
- for (i=0; i<16; i++)
- {
- //ECP8_ZZZ_affine(&Q[i]);
- BIG_XXX_copy(t[i],u[i]);
- }
-// Precomputed table
- ECP8_ZZZ_copy(&T1[0],&Q[0]); // Q[0]
- ECP8_ZZZ_copy(&T1[1],&T1[0]);
- ECP8_ZZZ_add(&T1[1],&Q[1]); // Q[0]+Q[1]
- ECP8_ZZZ_copy(&T1[2],&T1[0]);
- ECP8_ZZZ_add(&T1[2],&Q[2]); // Q[0]+Q[2]
- ECP8_ZZZ_copy(&T1[3],&T1[1]);
- ECP8_ZZZ_add(&T1[3],&Q[2]); // Q[0]+Q[1]+Q[2]
- ECP8_ZZZ_copy(&T1[4],&T1[0]);
- ECP8_ZZZ_add(&T1[4],&Q[3]); // Q[0]+Q[3]
- ECP8_ZZZ_copy(&T1[5],&T1[1]);
- ECP8_ZZZ_add(&T1[5],&Q[3]); // Q[0]+Q[1]+Q[3]
- ECP8_ZZZ_copy(&T1[6],&T1[2]);
- ECP8_ZZZ_add(&T1[6],&Q[3]); // Q[0]+Q[2]+Q[3]
- ECP8_ZZZ_copy(&T1[7],&T1[3]);
- ECP8_ZZZ_add(&T1[7],&Q[3]); // Q[0]+Q[1]+Q[2]+Q[3]
-
-// Use Frobenius
-
- for (i=0;i<8;i++)
- {
- ECP8_ZZZ_copy(&T2[i],&T1[i]);
- ECP8_ZZZ_frob(&T2[i],X,4);
-
- ECP8_ZZZ_copy(&T3[i],&T2[i]);
- ECP8_ZZZ_frob(&T3[i],X,4);
-
- ECP8_ZZZ_copy(&T4[i],&T3[i]);
- ECP8_ZZZ_frob(&T4[i],X,4);
- }
-
-// Make them odd
- pb1=1-BIG_XXX_parity(t[0]);
- BIG_XXX_inc(t[0],pb1);
- BIG_XXX_norm(t[0]);
-
- pb2=1-BIG_XXX_parity(t[4]);
- BIG_XXX_inc(t[4],pb2);
- BIG_XXX_norm(t[4]);
-
- pb3=1-BIG_XXX_parity(t[8]);
- BIG_XXX_inc(t[8],pb3);
- BIG_XXX_norm(t[8]);
-
- pb4=1-BIG_XXX_parity(t[12]);
- BIG_XXX_inc(t[12],pb4);
- BIG_XXX_norm(t[12]);
-
-// Number of bits
- BIG_XXX_zero(mt);
- for (i=0; i<16; i++)
- {
- BIG_XXX_or(mt,mt,t[i]);
- }
- nb=1+BIG_XXX_nbits(mt);
-
-// Sign pivot
- s1[nb-1]=1;
- s2[nb-1]=1;
- s3[nb-1]=1;
- s4[nb-1]=1;
- for (i=0;i<nb-1;i++)
- {
- BIG_XXX_fshr(t[0],1);
- s1[i]=2*BIG_XXX_parity(t[0])-1;
- BIG_XXX_fshr(t[4],1);
- s2[i]=2*BIG_XXX_parity(t[4])-1;
- BIG_XXX_fshr(t[8],1);
- s3[i]=2*BIG_XXX_parity(t[8])-1;
- BIG_XXX_fshr(t[12],1);
- s4[i]=2*BIG_XXX_parity(t[12])-1;
- }
-
-
-// Recoded exponents
- for (i=0; i<nb; i++)
- {
- w1[i]=0;
- k=1;
- for (j=1; j<4; j++)
- {
- bt=s1[i]*BIG_XXX_parity(t[j]);
- BIG_XXX_fshr(t[j],1);
-
- BIG_XXX_dec(t[j],(bt>>1));
- BIG_XXX_norm(t[j]);
- w1[i]+=bt*k;
- k*=2;
- }
-
- w2[i]=0;
- k=1;
- for (j=5; j<8; j++)
- {
- bt=s2[i]*BIG_XXX_parity(t[j]);
- BIG_XXX_fshr(t[j],1);
-
- BIG_XXX_dec(t[j],(bt>>1));
- BIG_XXX_norm(t[j]);
- w2[i]+=bt*k;
- k*=2;
- }
-
- w3[i]=0;
- k=1;
- for (j=9; j<12; j++)
- {
- bt=s3[i]*BIG_XXX_parity(t[j]);
- BIG_XXX_fshr(t[j],1);
-
- BIG_XXX_dec(t[j],(bt>>1));
- BIG_XXX_norm(t[j]);
- w3[i]+=bt*k;
- k*=2;
- }
-
- w4[i]=0;
- k=1;
- for (j=13; j<16; j++)
- {
- bt=s4[i]*BIG_XXX_parity(t[j]);
- BIG_XXX_fshr(t[j],1);
-
- BIG_XXX_dec(t[j],(bt>>1));
- BIG_XXX_norm(t[j]);
- w4[i]+=bt*k;
- k*=2;
- }
- }
-
-// Main loop
- ECP8_ZZZ_select(P,T1,2*w1[nb-1]+1);
- ECP8_ZZZ_select(&W,T2,2*w2[nb-1]+1);
- ECP8_ZZZ_add(P,&W);
- ECP8_ZZZ_select(&W,T3,2*w3[nb-1]+1);
- ECP8_ZZZ_add(P,&W);
- ECP8_ZZZ_select(&W,T4,2*w4[nb-1]+1);
- ECP8_ZZZ_add(P,&W);
-
- for (i=nb-2; i>=0; i--)
- {
- ECP8_ZZZ_dbl(P);
- ECP8_ZZZ_select(&W,T1,2*w1[i]+s1[i]);
- ECP8_ZZZ_add(P,&W);
- ECP8_ZZZ_select(&W,T2,2*w2[i]+s2[i]);
- ECP8_ZZZ_add(P,&W);
- ECP8_ZZZ_select(&W,T3,2*w3[i]+s3[i]);
- ECP8_ZZZ_add(P,&W);
- ECP8_ZZZ_select(&W,T4,2*w4[i]+s4[i]);
- ECP8_ZZZ_add(P,&W);
- }
-
-// apply corrections
- ECP8_ZZZ_copy(&W,P);
- ECP8_ZZZ_sub(&W,&Q[0]);
- ECP8_ZZZ_cmove(P,&W,pb1);
- ECP8_ZZZ_copy(&W,P);
- ECP8_ZZZ_sub(&W,&Q[4]);
- ECP8_ZZZ_cmove(P,&W,pb2);
-
- ECP8_ZZZ_copy(&W,P);
- ECP8_ZZZ_sub(&W,&Q[8]);
- ECP8_ZZZ_cmove(P,&W,pb3);
- ECP8_ZZZ_copy(&W,P);
- ECP8_ZZZ_sub(&W,&Q[12]);
- ECP8_ZZZ_cmove(P,&W,pb4);
- ECP8_ZZZ_affine(P);
-}
-
-/*
-void ECP8_ZZZ_mul16(ECP8_ZZZ *P,ECP8_ZZZ Q[16],BIG_XXX u[16])
-{
- int i,j,a[4],nb,pb;
- ECP8_ZZZ W[8],Z[8],WW[8],ZZ[8],T,C;
- BIG_XXX mt,t[16];
- sign8 w[NLEN_XXX*BASEBITS_XXX+1];
- sign8 z[NLEN_XXX*BASEBITS_XXX+1];
- sign8 ww[NLEN_XXX*BASEBITS_XXX+1];
- sign8 zz[NLEN_XXX*BASEBITS_XXX+1];
-
- FP_YYY fx,fy;
- FP2_YYY X;
-
- FP_YYY_rcopy(&fx,Fra_YYY);
- FP_YYY_rcopy(&fy,Frb_YYY);
- FP2_YYY_from_FPs(&X,&fx,&fy);
-
-
- for (i=0; i<16; i++)
- BIG_XXX_copy(t[i],u[i]);
-
- // precompute tables
-
-// 12 add/subs
-
- ECP8_ZZZ_copy(&W[0],&Q[0]);
- ECP8_ZZZ_sub(&W[0],&Q[1]); // P-Q
- ECP8_ZZZ_copy(&W[1],&W[0]);
- ECP8_ZZZ_copy(&W[2],&W[0]);
- ECP8_ZZZ_copy(&W[3],&W[0]);
- ECP8_ZZZ_copy(&W[4],&Q[0]);
- ECP8_ZZZ_add(&W[4],&Q[1]); // P+Q
- ECP8_ZZZ_copy(&W[5],&W[4]);
- ECP8_ZZZ_copy(&W[6],&W[4]);
- ECP8_ZZZ_copy(&W[7],&W[4]);
-
- ECP8_ZZZ_copy(&T,&Q[2]);
- ECP8_ZZZ_sub(&T,&Q[3]); // R-S
- ECP8_ZZZ_sub(&W[1],&T);
- ECP8_ZZZ_add(&W[2],&T);
- ECP8_ZZZ_sub(&W[5],&T);
- ECP8_ZZZ_add(&W[6],&T);
- ECP8_ZZZ_copy(&T,&Q[2]);
- ECP8_ZZZ_add(&T,&Q[3]); // R+S
- ECP8_ZZZ_sub(&W[0],&T);
- ECP8_ZZZ_add(&W[3],&T);
- ECP8_ZZZ_sub(&W[4],&T);
- ECP8_ZZZ_add(&W[7],&T);
-
-
-// Use Frobenius
-
- for (i=0;i<8;i++)
- {
- ECP8_ZZZ_copy(&Z[i],&W[i]);
- ECP8_ZZZ_frob(&Z[i],&X,4);
- }
-
- for (i=0;i<8;i++)
- {
- ECP8_ZZZ_copy(&WW[i],&Z[i]);
- ECP8_ZZZ_frob(&WW[i],&X,4);
- }
-
- for (i=0;i<8;i++)
- {
- ECP8_ZZZ_copy(&ZZ[i],&WW[i]);
- ECP8_ZZZ_frob(&ZZ[i],&X,4);
- }
-
- // if multiplier is even add 1 to multiplier, and add P to correction
- ECP8_ZZZ_inf(&C);
-
- BIG_XXX_zero(mt);
- for (i=0; i<16; i++)
- {
- pb=BIG_XXX_parity(t[i]);
- BIG_XXX_inc(t[i],1-pb);
- BIG_XXX_norm(t[i]);
- ECP8_ZZZ_copy(&T,&C);
- ECP8_ZZZ_add(&T,&Q[i]);
- ECP8_ZZZ_cmove(&C,&T,1-pb);
-
-
- BIG_XXX_add(mt,mt,t[i]);
- BIG_XXX_norm(mt);
- }
-
- nb=1+BIG_XXX_nbits(mt);
-
- // convert exponents to signed 1-bit windows
- for (j=0; j<nb; j++)
- {
- for (i=0; i<4; i++)
- {
- a[i]=BIG_XXX_lastbits(t[i],2)-2;
- BIG_XXX_dec(t[i],a[i]);
- BIG_XXX_norm(t[i]);
- BIG_XXX_fshr(t[i],1);
- }
- w[j]=8*a[0]+4*a[1]+2*a[2]+a[3];
- }
- w[nb]=8*BIG_XXX_lastbits(t[0],2)+4*BIG_XXX_lastbits(t[1],2)+2*BIG_XXX_lastbits(t[2],2)+BIG_XXX_lastbits(t[3],2);
-
-
- for (j=0; j<nb; j++)
- {
- for (i=0; i<4; i++)
- {
- a[i]=BIG_XXX_lastbits(t[i+4],2)-2;
- BIG_XXX_dec(t[i+4],a[i]);
- BIG_XXX_norm(t[i+4]);
- BIG_XXX_fshr(t[i+4],1);
- }
- z[j]=8*a[0]+4*a[1]+2*a[2]+a[3];
- }
- z[nb]=8*BIG_XXX_lastbits(t[4],2)+4*BIG_XXX_lastbits(t[5],2)+2*BIG_XXX_lastbits(t[6],2)+BIG_XXX_lastbits(t[7],2);
-
-
- for (j=0; j<nb; j++)
- {
- for (i=0; i<4; i++)
- {
- a[i]=BIG_XXX_lastbits(t[i+8],2)-2;
- BIG_XXX_dec(t[i+8],a[i]);
- BIG_XXX_norm(t[i+8]);
- BIG_XXX_fshr(t[i+8],1);
- }
- ww[j]=8*a[0]+4*a[1]+2*a[2]+a[3];
- }
- ww[nb]=8*BIG_XXX_lastbits(t[8],2)+4*BIG_XXX_lastbits(t[9],2)+2*BIG_XXX_lastbits(t[10],2)+BIG_XXX_lastbits(t[11],2);
-
- for (j=0; j<nb; j++)
- {
- for (i=0; i<4; i++)
- {
- a[i]=BIG_XXX_lastbits(t[i+12],2)-2;
- BIG_XXX_dec(t[i+12],a[i]);
- BIG_XXX_norm(t[i+12]);
- BIG_XXX_fshr(t[i+12],1);
- }
- zz[j]=8*a[0]+4*a[1]+2*a[2]+a[3];
- }
- zz[nb]=8*BIG_XXX_lastbits(t[12],2)+4*BIG_XXX_lastbits(t[13],2)+2*BIG_XXX_lastbits(t[14],2)+BIG_XXX_lastbits(t[15],2);
-
- ECP8_ZZZ_copy(P,&W[(w[nb]-1)/2]);
- ECP8_ZZZ_add(P,&Z[(z[nb]-1)/2]);
- ECP8_ZZZ_add(P,&WW[(ww[nb]-1)/2]);
- ECP8_ZZZ_add(P,&ZZ[(zz[nb]-1)/2]);
- for (i=nb-1; i>=0; i--)
- {
- ECP8_ZZZ_dbl(P);
- ECP8_ZZZ_select(&T,W,w[i]);
- ECP8_ZZZ_add(P,&T);
- ECP8_ZZZ_select(&T,Z,z[i]);
- ECP8_ZZZ_add(P,&T);
- ECP8_ZZZ_select(&T,WW,ww[i]);
- ECP8_ZZZ_add(P,&T);
- ECP8_ZZZ_select(&T,ZZ,zz[i]);
- ECP8_ZZZ_add(P,&T);
-
- }
- ECP8_ZZZ_sub(P,&C); // apply correction
- ECP8_ZZZ_reduce(P);
-}
-*/
-/* Map to hash value to point on G2 from random BIG_XXX */
-
-void ECP8_ZZZ_mapit(ECP8_ZZZ *Q,octet *W)
-{
- BIG_XXX q,one,x,hv;
- FP_YYY Fx,Fy;
- FP2_YYY T,X[3];
- FP4_YYY X4;
- FP8_YYY X8;
-
- ECP8_ZZZ xQ, x2Q, x3Q, x4Q , x5Q, x6Q, x7Q, x8Q;
-
- BIG_XXX_fromBytes(hv,W->val);
- BIG_XXX_rcopy(q,Modulus_YYY);
- BIG_XXX_one(one);
- BIG_XXX_mod(hv,q);
-
- for (;;)
- {
- FP2_YYY_from_BIGs(&T,one,hv); /*******/
- FP4_YYY_from_FP2(&X4,&T);
- FP8_YYY_from_FP4(&X8,&X4);
- if (ECP8_ZZZ_setx(Q,&X8)) break;
- BIG_XXX_inc(hv,1);
- }
-
- ECP8_ZZZ_frob_constants(X);
-
- BIG_XXX_rcopy(x,CURVE_Bnx_ZZZ);
-
- // Efficient hash maps to G2 on BLS48 curves - Budroni, Pintore
- // Q -> x8Q -x7Q -Q + F(x7Q-x6Q) + F(F(x6Q-x5Q)) +F(F(F(x5Q-x4Q))) +F(F(F(F(x4Q-x3Q)))) + F(F(F(F(F(x3Q-x2Q))))) + F(F(F(F(F(F(x2Q-xQ)))))) + F(F(F(F(F(F(F(xQ-Q))))))) +F(F(F(F(F(F(F(F(2Q))))))))
-
- ECP8_ZZZ_copy(&xQ,Q);
- ECP8_ZZZ_mul(&xQ,x);
- ECP8_ZZZ_copy(&x2Q,&xQ);
- ECP8_ZZZ_mul(&x2Q,x);
- ECP8_ZZZ_copy(&x3Q,&x2Q);
- ECP8_ZZZ_mul(&x3Q,x);
- ECP8_ZZZ_copy(&x4Q,&x3Q);
-
- ECP8_ZZZ_mul(&x4Q,x);
- ECP8_ZZZ_copy(&x5Q,&x4Q);
- ECP8_ZZZ_mul(&x5Q,x);
- ECP8_ZZZ_copy(&x6Q,&x5Q);
- ECP8_ZZZ_mul(&x6Q,x);
- ECP8_ZZZ_copy(&x7Q,&x6Q);
- ECP8_ZZZ_mul(&x7Q,x);
- ECP8_ZZZ_copy(&x8Q,&x7Q);
- ECP8_ZZZ_mul(&x8Q,x);
-
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- ECP8_ZZZ_neg(&xQ);
- ECP8_ZZZ_neg(&x3Q);
- ECP8_ZZZ_neg(&x5Q);
- ECP8_ZZZ_neg(&x7Q);
-#endif
-
- ECP8_ZZZ_sub(&x8Q,&x7Q);
- ECP8_ZZZ_sub(&x8Q,Q);
-
- ECP8_ZZZ_sub(&x7Q,&x6Q);
- ECP8_ZZZ_frob(&x7Q,X,1);
-
- ECP8_ZZZ_sub(&x6Q,&x5Q);
- ECP8_ZZZ_frob(&x6Q,X,2);
-
- ECP8_ZZZ_sub(&x5Q,&x4Q);
- ECP8_ZZZ_frob(&x5Q,X,3);
-
- ECP8_ZZZ_sub(&x4Q,&x3Q);
- ECP8_ZZZ_frob(&x4Q,X,4);
-
- ECP8_ZZZ_sub(&x3Q,&x2Q);
- ECP8_ZZZ_frob(&x3Q,X,5);
-
- ECP8_ZZZ_sub(&x2Q,&xQ);
- ECP8_ZZZ_frob(&x2Q,X,6);
-
- ECP8_ZZZ_sub(&xQ,Q);
- ECP8_ZZZ_frob(&xQ,X,7);
-
- ECP8_ZZZ_dbl(Q);
- ECP8_ZZZ_frob(Q,X,8);
-
-
- ECP8_ZZZ_add(Q,&x8Q);
- ECP8_ZZZ_add(Q,&x7Q);
- ECP8_ZZZ_add(Q,&x6Q);
- ECP8_ZZZ_add(Q,&x5Q);
-
- ECP8_ZZZ_add(Q,&x4Q);
- ECP8_ZZZ_add(Q,&x3Q);
- ECP8_ZZZ_add(Q,&x2Q);
- ECP8_ZZZ_add(Q,&xQ);
-
- ECP8_ZZZ_affine(Q);
-
-}
-
-// ECP$ Get Group Generator
-
-void ECP8_ZZZ_generator(ECP8_ZZZ *G)
-{
- BIG_XXX a,b;
- FP2_YYY Aa,Bb;
- FP4_YYY A,B;
- FP8_YYY X,Y;
-
- BIG_XXX_rcopy(a,CURVE_Pxaaa_ZZZ);
- BIG_XXX_rcopy(b,CURVE_Pxaab_ZZZ);
- FP2_YYY_from_BIGs(&Aa,a,b);
-
- BIG_XXX_rcopy(a,CURVE_Pxaba_ZZZ);
- BIG_XXX_rcopy(b,CURVE_Pxabb_ZZZ);
- FP2_YYY_from_BIGs(&Bb,a,b);
-
- FP4_YYY_from_FP2s(&A,&Aa,&Bb);
-
- BIG_XXX_rcopy(a,CURVE_Pxbaa_ZZZ);
- BIG_XXX_rcopy(b,CURVE_Pxbab_ZZZ);
- FP2_YYY_from_BIGs(&Aa,a,b);
-
- BIG_XXX_rcopy(a,CURVE_Pxbba_ZZZ);
- BIG_XXX_rcopy(b,CURVE_Pxbbb_ZZZ);
- FP2_YYY_from_BIGs(&Bb,a,b);
-
- FP4_YYY_from_FP2s(&B,&Aa,&Bb);
-
- FP8_YYY_from_FP4s(&X,&A,&B);
-
- BIG_XXX_rcopy(a,CURVE_Pyaaa_ZZZ);
- BIG_XXX_rcopy(b,CURVE_Pyaab_ZZZ);
- FP2_YYY_from_BIGs(&Aa,a,b);
-
- BIG_XXX_rcopy(a,CURVE_Pyaba_ZZZ);
- BIG_XXX_rcopy(b,CURVE_Pyabb_ZZZ);
- FP2_YYY_from_BIGs(&Bb,a,b);
-
- FP4_YYY_from_FP2s(&A,&Aa,&Bb);
-
- BIG_XXX_rcopy(a,CURVE_Pybaa_ZZZ);
- BIG_XXX_rcopy(b,CURVE_Pybab_ZZZ);
- FP2_YYY_from_BIGs(&Aa,a,b);
-
- BIG_XXX_rcopy(a,CURVE_Pybba_ZZZ);
- BIG_XXX_rcopy(b,CURVE_Pybbb_ZZZ);
- FP2_YYY_from_BIGs(&Bb,a,b);
-
- FP4_YYY_from_FP2s(&B,&Aa,&Bb);
-
- FP8_YYY_from_FP4s(&Y,&A,&B);
-
- ECP8_ZZZ_set(G,&X,&Y);
-}
-
-
-// g++ -O2 ecp8_BLS48.cpp fp8_BLS48.cpp fp4_BLS48.cpp fp2_BLS48.cpp fp_BLS48.cpp big_B560_29.cpp rand.cpp hash.cpp rom_field_BLS48.cpp rom_curve_BLS48.cpp oct.cpp -o ecp8_BLS48.exe
-/*
-int main()
-{
- int i;
- ECP8 G,P;
- FP2 Aa,Bb,f;
- FP8_YYY X,Y;
- BIG a,b,r,p;
- char w[100];
- octet W= {0,sizeof(w),w};
-
- ECP8_generator(&G);
-
- BIG_rcopy(a,Fra_YYY);
- BIG_rcopy(b,Frb_YYY);
- FP2_from_BIGs(&f,a,b);
-
- if (G.inf) cout << "Failed to set - point not on curve" << endl;
- else cout << "set success" << endl;
-
- ECP8_output(&G);
- ECP8_copy(&P,&G);
-
- BIG_rcopy(r,CURVE_Order);
- BIG_rcopy(p,Modulus);
-
- BIG_output(r);
- cout << endl;
-
- ECP8_mul(&G,r);
- ECP8_output(&G);
- cout << endl;
-
- ECP8_copy(&G,&P);
-
- cout << "pG = ";
- ECP8_mul(&G,p);
- ECP8_output(&G);
- cout << endl;
-
- cout << "G^p= ";
- ECP8_frob(&P,&f,1);
- ECP8_output(&P);
- cout << endl;
-
-
- for (i=0;i<MODBYTES_XXX;i++)
- {
- W.val[i]=i+11;
- }
- W.len=MODBYTES_XXX;
-
- printf("W= ");
- OCT_output(&W);
- printf("\n");
-
- ECP8_mapit(&P,&W);
-
- cout << "Hash to P= ";
- ECP8_output(&P);
- cout << endl;
-
- ECP8_mul(&P,r);
-
- cout << "rP= ";
- ECP8_output(&P);
- cout << endl;
-
-
-
-// ECP8_dbl(&G);
-// ECP8_output(&G);
-// ECP8_reduce(&G);
-// cout << endl;
-// ECP8_add(&G,&P);
-// ECP8_output(&G);
-// cout << endl;
-
-
- return 0;
-}
-*/
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/ecp8.h
----------------------------------------------------------------------
diff --git a/version3/c/ecp8.h b/version3/c/ecp8.h
deleted file mode 100644
index 13aff45..0000000
--- a/version3/c/ecp8.h
+++ /dev/null
@@ -1,246 +0,0 @@
-#ifndef ECP8_ZZZ_H
-#define ECP8_ZZZ_H
-
-#include "fp8_YYY.h"
-#include "config_curve_ZZZ.h"
-
-
-extern const BIG_XXX Fra_YYY; /**< real part of BN curve Frobenius Constant */
-extern const BIG_XXX Frb_YYY; /**< imaginary part of BN curve Frobenius Constant */
-
-
-/**
- @brief ECP8 Structure - Elliptic Curve Point over quadratic extension field
-*/
-
-typedef struct
-{
-// int inf; /**< Infinity Flag */
- FP8_YYY x; /**< x-coordinate of point */
- FP8_YYY y; /**< y-coordinate of point */
- FP8_YYY z; /**< z-coordinate of point */
-} ECP8_ZZZ;
-
-
-/* Curve Params - see rom.c */
-extern const int CURVE_A_ZZZ; /**< Elliptic curve A parameter */
-extern const int CURVE_B_I_ZZZ; /**< Elliptic curve B parameter */
-extern const BIG_XXX CURVE_B_ZZZ; /**< Elliptic curve B parameter */
-extern const BIG_XXX CURVE_Order_ZZZ; /**< Elliptic curve group order */
-extern const BIG_XXX CURVE_Cof_ZZZ; /**< Elliptic curve cofactor */
-extern const BIG_XXX CURVE_Bnx_ZZZ; /**< Elliptic curve parameter */
-
-
-/* Generator point on G1 */
-extern const BIG_XXX CURVE_Gx; /**< x-coordinate of generator point in group G1 */
-extern const BIG_XXX CURVE_Gy; /**< y-coordinate of generator point in group G1 */
-
-/* For Pairings only */
-
-/* Generator point on G2 */
-extern const BIG_XXX CURVE_Pxaaa_ZZZ; /**< real part of x-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pxaab_ZZZ; /**< imaginary part of x-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pxaba_ZZZ; /**< real part of x-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pxabb_ZZZ; /**< imaginary part of x-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pxbaa_ZZZ; /**< real part of x-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pxbab_ZZZ; /**< imaginary part of x-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pxbba_ZZZ; /**< real part of x-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pxbbb_ZZZ; /**< imaginary part of x-coordinate of generator point in group G2 */
-
-extern const BIG_XXX CURVE_Pyaaa_ZZZ; /**< real part of y-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pyaab_ZZZ; /**< imaginary part of y-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pyaba_ZZZ; /**< real part of y-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pyabb_ZZZ; /**< imaginary part of y-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pybaa_ZZZ; /**< real part of y-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pybab_ZZZ; /**< imaginary part of y-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pybba_ZZZ; /**< real part of y-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pybbb_ZZZ; /**< imaginary part of y-coordinate of generator point in group G2 */
-
-
-/* ECP8 E(FP8) prototypes */
-/** @brief Tests for ECP8 point equal to infinity
- *
- @param P ECP8 point to be tested
- @return 1 if infinity, else returns 0
- */
-extern int ECP8_ZZZ_isinf(ECP8_ZZZ *P);
-/** @brief Copy ECP8 point to another ECP8 point
- *
- @param P ECP8 instance, on exit = Q
- @param Q ECP8 instance to be copied
- */
-extern void ECP8_ZZZ_copy(ECP8_ZZZ *P,ECP8_ZZZ *Q);
-/** @brief Set ECP8 to point-at-infinity
- *
- @param P ECP8 instance to be set to infinity
- */
-extern void ECP8_ZZZ_inf(ECP8_ZZZ *P);
-/** @brief Tests for equality of two ECP8s
- *
- @param P ECP8 instance to be compared
- @param Q ECP8 instance to be compared
- @return 1 if P=Q, else returns 0
- */
-extern int ECP8_ZZZ_equals(ECP8_ZZZ *P,ECP8_ZZZ *Q);
-
-
-/** @brief Converts an ECP8 point from Projective (x,y,z) coordinates to affine (x,y) coordinates
- *
- @param P ECP8 instance to be converted to affine form
- */
-extern void ECP8_ZZZ_affine(ECP8_ZZZ *P);
-
-
-/** @brief Extract x and y coordinates of an ECP8 point P
- *
- If x=y, returns only x
- @param x FP8 on exit = x coordinate of point
- @param y FP8 on exit = y coordinate of point (unless x=y)
- @param P ECP8 instance (x,y)
- @return -1 if P is point-at-infinity, else 0
- */
-extern int ECP8_ZZZ_get(FP8_YYY *x,FP8_YYY *y,ECP8_ZZZ *P);
-/** @brief Formats and outputs an ECP8 point to the console, converted to affine coordinates
- *
- @param P ECP8 instance to be printed
- */
-extern void ECP8_ZZZ_output(ECP8_ZZZ *P);
-
-/** @brief Formats and outputs an ECP8 point to an octet string
- *
- The octet string is created in the form x|y.
- Convert the real and imaginary parts of the x and y coordinates to big-endian base 256 form.
- @param S output octet string
- @param P ECP8 instance to be converted to an octet string
- */
-extern void ECP8_ZZZ_toOctet(octet *S,ECP8_ZZZ *P);
-/** @brief Creates an ECP8 point from an octet string
- *
- The octet string is in the form x|y
- The real and imaginary parts of the x and y coordinates are in big-endian base 256 form.
- @param P ECP8 instance to be created from the octet string
- @param S input octet string
- return 1 if octet string corresponds to a point on the curve, else 0
- */
-extern int ECP8_ZZZ_fromOctet(ECP8_ZZZ *P,octet *S);
-/** @brief Calculate Right Hand Side of curve equation y^2=f(x)
- *
- Function f(x)=x^3+Ax+B
- Used internally.
- @param r FP8 value of f(x)
- @param x FP8 instance
- */
-extern void ECP8_ZZZ_rhs(FP8_YYY *r,FP8_YYY *x);
-/** @brief Set ECP8 to point(x,y) given x and y
- *
- Point P set to infinity if no such point on the curve.
- @param P ECP8 instance to be set (x,y)
- @param x FP8 x coordinate of point
- @param y FP8 y coordinate of point
- @return 1 if point exists, else 0
- */
-extern int ECP8_ZZZ_set(ECP8_ZZZ *P,FP8_YYY *x,FP8_YYY *y);
-/** @brief Set ECP to point(x,[y]) given x
- *
- Point P set to infinity if no such point on the curve. Otherwise y coordinate is calculated from x.
- @param P ECP instance to be set (x,[y])
- @param x BIG x coordinate of point
- @return 1 if point exists, else 0
- */
-extern int ECP8_ZZZ_setx(ECP8_ZZZ *P,FP8_YYY *x);
-/** @brief Negation of an ECP8 point
- *
- @param P ECP8 instance, on exit = -P
- */
-extern void ECP8_ZZZ_neg(ECP8_ZZZ *P);
-
-/** @brief Reduction of an ECP8 point
- *
- @param P ECP8 instance, on exit (x,y) are reduced wrt the modulus
- */
-extern void ECP8_ZZZ_reduce(ECP8_ZZZ *P);
-
-
-/** @brief Doubles an ECP8 instance P and returns slope
- *
- @param P ECP8 instance, on exit =2*P
- @param lam FP8 instance, slope of line
- */
-//extern int ECP8_ZZZ_sdbl(ECP8_ZZZ *P,FP8_YYY *lam);
-/** @brief Adds ECP8 instance Q to ECP8 instance P and returns slope
- *
- @param P ECP8 instance, on exit =P+Q
- @param Q ECP8 instance to be added to P
- @param lam FP8 instance, slope of line
- */
-//extern int ECP8_ZZZ_sadd(ECP8_ZZZ *P,ECP8_ZZZ *Q,FP8_YYY *lam);
-
-
-/** @brief Doubles an ECP8 instance P
- *
- @param P ECP8 instance, on exit =2*P
- */
-extern int ECP8_ZZZ_dbl(ECP8_ZZZ *P);
-/** @brief Adds ECP8 instance Q to ECP8 instance P
- *
- @param P ECP8 instance, on exit =P+Q
- @param Q ECP8 instance to be added to P
- */
-extern int ECP8_ZZZ_add(ECP8_ZZZ *P,ECP8_ZZZ *Q);
-/** @brief Subtracts ECP instance Q from ECP8 instance P
- *
- @param P ECP8 instance, on exit =P-Q
- @param Q ECP8 instance to be subtracted from P
- */
-extern void ECP8_ZZZ_sub(ECP8_ZZZ *P,ECP8_ZZZ *Q);
-/** @brief Multiplies an ECP8 instance P by a BIG, side-channel resistant
- *
- Uses fixed sized windows.
- @param P ECP8 instance, on exit =b*P
- @param b BIG number multiplier
-
- */
-extern void ECP8_ZZZ_mul(ECP8_ZZZ *P,BIG_XXX b);
-
-/** @brief Calculates required Frobenius constants
- *
- Calculate Frobenius constants
- @param F array of FP2 precalculated constants
-
- */
-extern void ECP8_ZZZ_frob_constants(FP2_YYY F[3]);
-
-/** @brief Multiplies an ECP8 instance P by the internal modulus p^n, using precalculated Frobenius constants
- *
- Fast point multiplication using Frobenius
- @param P ECP8 instance, on exit = p^n*P
- @param F array of FP2 precalculated Frobenius constant
- @param n power of prime
-
- */
-extern void ECP8_ZZZ_frob(ECP8_ZZZ *P,FP2_YYY F[3],int n);
-
-/** @brief Calculates P=Sigma b[i]*Q[i] for i=0 to 7
- *
- @param P ECP8 instance, on exit = Sigma b[i]*Q[i] for i=0 to 7
- @param Q ECP8 array of 4 points
- @param b BIG array of 4 multipliers
- */
-extern void ECP8_ZZZ_mul16(ECP8_ZZZ *P,ECP8_ZZZ *Q,BIG_XXX *b);
-
-
-/** @brief Maps random BIG to curve point of correct order
- *
- @param P ECP8 instance of correct order
- @param W OCTET byte array to be mapped
- */
-extern void ECP8_ZZZ_mapit(ECP8_ZZZ *P,octet *w);
-
-/** @brief Get Group Generator from ROM
- *
- @param G ECP8 instance
- */
-extern void ECP8_ZZZ_generator(ECP8_ZZZ *G);
-
-
-#endif
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/faster.c
----------------------------------------------------------------------
diff --git a/version3/c/faster.c b/version3/c/faster.c
deleted file mode 100644
index 6d8bbf5..0000000
--- a/version3/c/faster.c
+++ /dev/null
@@ -1,97 +0,0 @@
-
-#include <stdio.h>
-#include "big_XXX.h"
-
-#ifdef COMBA
-
-int main()
-{
- int i,j,k,N;
-
- N=NLEN_XXX;
-
-
- printf("Insert this code in BIG_XXX_mul() in file big_XXX.c between #define UNWOUND and #else \n\n");
-
- for (i=0;i<N;i++)
- printf("\td[%d]=(dchunk)a[%d]*b[%d];\n",i,i,i);
-
- printf("\n\ts=d[0];\n\tt = s; c[0]=(chunk)t&BMASK_XXX; co=t>>BASEBITS_XXX;\n");
-
- for (k=1;k<N;k++)
- {
- printf("\ts+=d[%d]; t=co+s ",k);
- for (i=k;i>=1+k/2;i--)
- printf("+(dchunk)(a[%d]-a[%d])*(b[%d]-b[%d])",i,k-i,k-i,i);
- printf("; c[%d]=(chunk)t&BMASK_XXX; co=t>>BASEBITS_XXX; \n",k);
- }
- printf("\n");
- for (k=N;k<2*N-1;k++)
- {
- printf("\ts-=d[%d]; t=co+s ",k-N);
- for (i=N-1;i>=1+k/2;i--)
- printf("+(dchunk)(a[%d]-a[%d])*(b[%d]-b[%d])",i,k-i,k-i,i);
- printf("; c[%d]=(chunk)t&BMASK_XXX; co=t>>BASEBITS_XXX; \n",k);
- }
- printf("\tc[%d]=(chunk)co;\n",2*N-1);
-
-
-
- printf("\nInsert this code in BIG_XXX_sqr() in file big_XXX.c between #define UNWOUND and #else \n\n");
-
- printf("\n\tt=(dchunk)a[0]*a[0]; c[0]=(chunk)t&BMASK_XXX; co=t>>BASEBITS_XXX;\n");
-
- for (k=1;k<N;k++)
- {
- printf("\tt= ",k);
- for (i=k;i>=1+k/2;i--)
- printf("+(dchunk)a[%d]*a[%d]",i,k-i);
- printf("; t+=t; t+=co;");
- if (k%2==0) printf(" t+=(dchunk)a[%d]*a[%d];",k/2,k/2);
- printf(" c[%d]=(chunk)t&BMASK_XXX; co=t>>BASEBITS_XXX; \n", k);
- }
- printf("\n");
-
- for (k=N;k<2*N-2;k++)
- {
- printf("\tt= ",k-N);
- for (i=N-1;i>=1+k/2;i--)
- printf("+(dchunk)a[%d]*a[%d]",i,k-i);
- printf("; t+=t; t+=co;");
- if (k%2==0) printf(" t+=(dchunk)a[%d]*a[%d];",k/2,k/2);
- printf(" c[%d]=(chunk)t&BMASK_XXX; co=t>>BASEBITS_XXX; \n", k);
- }
- printf("\tt=co; t+=(dchunk)a[%d]*a[%d]; c[%d]=(chunk)t&BMASK_XXX; co=t>>BASEBITS_XXX; \n ",N-1,N-1,2*N-2);
-
- printf("\tc[%d]=(chunk)co;\n",2*N-1);
-
-
-
-
- printf("\nInsert this code in BIG_XXX_monty() in file big_XXX.c between #define UNWOUND and #else \n\n");
-
- printf("\tt=d[0]; v[0]=((chunk)t*MC)&BMASK_XXX; t+=(dchunk)v[0]*md[0]; s=0; c=(t>>BASEBITS_XXX);\n\n");
-
- for (k=1;k<N;k++)
- {
- printf("\tt=d[%d]+c+s+(dchunk)v[0]*md[%d]",k,k);
- for (i=k-1;i>k/2;i--) printf("+(dchunk)(v[%d]-v[%d])*(md[%d]-md[%d])",k-i,i,i,k-i);
- printf("; v[%d]=((chunk)t*MC)&BMASK_XXX; t+=(dchunk)v[%d]*md[0]; ",k,k);
- printf(" dd[%d]=(dchunk)v[%d]*md[%d]; s+=dd[%d]; c=(t>>BASEBITS_XXX); \n",k,k,k,k);
- }
- printf("\n");
- for (k=N;k<2*N-1;k++)
- {
- printf("\tt=d[%d]+c+s",k);
- for (i=N-1;i>=1+k/2;i--) printf("+(dchunk)(v[%d]-v[%d])*(md[%d]-md[%d])",k-i,i,i,k-i);
- printf("; a[%d]=(chunk)t&BMASK_XXX; s-=dd[%d]; c=(t>>BASEBITS_XXX); \n",k-N,k-N+1);
- }
- printf("\ta[%d]=d[%d]+(chunk)c&BMASK_XXX;\n",N-1,2*N-1);
-
-
-
-}
-
-#endif
-
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/faster.txt
----------------------------------------------------------------------
diff --git a/version3/c/faster.txt b/version3/c/faster.txt
deleted file mode 100644
index c6e948c..0000000
--- a/version3/c/faster.txt
+++ /dev/null
@@ -1,29 +0,0 @@
-We assume than optimizing compilers will unwind loops at every opportunity.
-
-But sometimes they don't. So time-critical code will run faster if we step
-in and unwind complex loops for the compiler.
-
-Once the architecture and ECC/RSA support is decided upon choose
-which BIG numbers need to be optimized. So for example for a 32-bit build and
-if using 256 bit BIGs and a base of 2^29, replace XXX with 256_29 inside
-faster.c
-
-Then compile and execute the program faster.c like this (using MinGW
-port of GCC as an example), in the same directory as arch.h and big_256_29.h
-
-gcc -O2 -std=c99 faster.c -o faster.exe
-faster > t.txt
-
-Now extract the code fragments from t.txt and insert them where indicated
-into big_256_29.c (look for UNWOUND)
-
-Finally make sure that
-
-#define UNWOUND
-
-appears somewhere in big_256_29.h
-
-Finally compile and replace the big_256_29 module in the library, and maybe
-get a 30% speed-up! If there is no significant improvement, don't use this
-method!
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/fastest.c
----------------------------------------------------------------------
diff --git a/version3/c/fastest.c b/version3/c/fastest.c
deleted file mode 100644
index 6a6f7c7..0000000
--- a/version3/c/fastest.c
+++ /dev/null
@@ -1,59 +0,0 @@
-
-#include <stdio.h>
-#include "fp_YYY.h"
-
-#ifdef COMBA
-
-int main()
-{
- int i,j,k,N;
-
- N=NLEN_XXX;
-
- printf("Insert this code in file fp_YYY.c\n\n");
-
- printf("void FP_YYY_modmul(BIG_XXX r,BIG_XXX a,BIG_XXX b)\n");
-
- printf("{\n");
- printf("\tdchunk t,c,s;\n");
- printf("\tdchunk d[%d],dd[%d];\n",N,N);
- printf("\tchunk v[%d],md[%d];\n",N,N);
- printf("\tchunk MC=MConst_YYY;\n");
-
- printf("\tBIG_XXX_rcopy(md,Modulus_YYY);\n");
-
- for (i=0;i<N;i++)
- printf("\td[%d]=(dchunk)a[%d]*b[%d];\n",i,i,i);
-
- printf("\n\ts=d[0]; t=s; v[0]=((chunk)t*MC)&BMASK_XXX; t+=(dchunk)v[0]*md[0]; c=(t>>BASEBITS_XXX);\n\n");
-
- for (k=1;k<N;k++)
- {
- printf("\ts+=d[%d]; t=s ",k);
- for (i=k;i>=1+k/2;i--)
- printf("+(dchunk)(a[%d]-a[%d])*(b[%d]-b[%d])",i,k-i,k-i,i);
- printf("; t+=c+(dchunk)v[0]*md[%d]",k,k);
- for (i=k-1;i>k/2;i--) printf("+(dchunk)(v[%d]-v[%d])*(md[%d]-md[%d])",k-i,i,i,k-i);
- printf("; v[%d]=((chunk)t*MC)&BMASK_XXX; t+=(dchunk)v[%d]*md[0]; ",k,k);
- printf(" dd[%d]=(dchunk)v[%d]*md[%d]; s+=dd[%d]; c=(t>>BASEBITS_XXX); \n",k,k,k,k);
- }
- printf("\n");
- for (k=N;k<2*N-1;k++)
- {
- printf("\ts-=d[%d]; t=s ",k-N);
- for (i=N-1;i>=1+k/2;i--)
- printf("+(dchunk)(a[%d]-a[%d])*(b[%d]-b[%d])",i,k-i,k-i,i);
- printf("; t+=c",k);
- for (i=N-1;i>=1+k/2;i--) printf("+(dchunk)(v[%d]-v[%d])*(md[%d]-md[%d])",k-i,i,i,k-i);
- printf("; r[%d]=(chunk)t&BMASK_XXX; s-=dd[%d]; c=(t>>BASEBITS_XXX); \n",k-N,k-N+1);
- }
-
- printf("\tr[%d]=(chunk)c&BMASK_XXX;\n",N-1);
-
- printf("}\n");
-
-}
-
-#endif
-
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/fastest.txt
----------------------------------------------------------------------
diff --git a/version3/c/fastest.txt b/version3/c/fastest.txt
deleted file mode 100644
index cc7ced4..0000000
--- a/version3/c/fastest.txt
+++ /dev/null
@@ -1,28 +0,0 @@
-When using Montgomery reduction, some advantage comes from "fusing" the
-multiplication with the modular reduction and unrolling the loops.
-
-For a 32-bit build and if for example using 256 bit BIGs and a base of 2^28
-with the NIST256 curve, replace XXX with 256_28 and YYY with NIST256 in
-fastest.c
-
-
-Then compile and execute the program fastest.c like this (using MinGW
-port of GCC as an example), in the same directory as arch.h and fp_NIST256.h
-
-gcc -O2 -std=c99 fastest.c -o fastest.exe
-fastest > t.txt
-
-Now extract the code fragment from t.txt and insert it where indicated
-into fp_NIST256.c (look for FUSED_MODMUL)
-
-Finally make sure that
-
-#define FUSED_MODMUL
-
-appears somewhere in fp_NIST256.h
-
-Finally compile and replace the fp_YYY module in the library, and maybe
-get a 30% speed-up! If there is no significant improvement, don't use this
-method!
-
-NOTE: This method is experimental. It might impact on numerical stability.
[32/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/AES.js
----------------------------------------------------------------------
diff --git a/version22/js/AES.js b/version22/js/AES.js
deleted file mode 100644
index 140e9c3..0000000
--- a/version22/js/AES.js
+++ /dev/null
@@ -1,634 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-var AES = function() {
- this.Nk=0;
- this.Nr=0;
- this.mode=0;
- this.fkey=[];
- this.rkey=[];
- this.f=[];
-};
-
-AES.prototype={
-/* reset cipher */
- reset:function(m,iv)
- { /* reset mode, or reset iv */
- var i;
- this.mode=m;
- for (i=0;i<16;i++)
- this.f[i]=0;
- if (this.mode!=ROM.ECB && iv!==null)
- for (i=0;i<16;i++)
- this.f[i]=iv[i];
- },
-
- getreg:function()
- {
- var ir=[];
- for (var i=0;i<16;i++) ir[i]=this.f[i];
- return ir;
- },
-
- increment:function()
- {
- for (var i=0;i<16;i++)
- {
- this.f[i]++;
- if ((this.f[i]&0xff)!=0) break;
- }
- },
-
-/* Initialise cipher */
- init: function(m,nk,key,iv)
- { /* Key=16 bytes */
- /* Key Scheduler. Create expanded encryption key */
- var i,j,k,N,nr;
- var CipherKey= [];
- var b=[];
- nk/=4;
-
- if (nk!=4 && nk!=6 && nk!=8) return false;
-
- nr=6+nk;
-
- this.Nk=nk; this.Nr=nr;
-
-
- this.reset(m,iv);
- N=4*(nr+1);
-
- for (i=j=0;i<nk;i++,j+=4)
- {
- for (k=0;k<4;k++) b[k]=key[j+k];
- CipherKey[i]=AES.pack(b);
- }
- for (i=0;i<nk;i++) this.fkey[i]=CipherKey[i];
- for (j=nk,k=0;j<N;j+=nk,k++)
- {
- this.fkey[j]=this.fkey[j-nk]^AES.SubByte(AES.ROTL24(this.fkey[j-1]))^(AES.rco[k])&0xff;
- for (i=1;i<nk && (i+j)<N;i++)
- this.fkey[i+j]=this.fkey[i+j-nk]^this.fkey[i+j-1];
- }
-
- /* now for the expanded decrypt key in reverse order */
-
- for (j=0;j<4;j++) this.rkey[j+N-4]=this.fkey[j];
- for (i=4;i<N-4;i+=4)
- {
- k=N-4-i;
- for (j=0;j<4;j++) this.rkey[k+j]=AES.InvMixCol(this.fkey[i+j]);
- }
- for (j=N-4;j<N;j++) this.rkey[j-N+4]=this.fkey[j];
- },
-
-/* Encrypt a single block */
- ecb_encrypt: function(buff)
- {
- var i,j,k;
- var t;
- var b=[];
- var p=[];
- var q=[];
-
- for (i=j=0;i<4;i++,j+=4)
- {
- for (k=0;k<4;k++) b[k]=buff[j+k];
- p[i]=AES.pack(b);
- p[i]^=this.fkey[i];
- }
-
- k=4;
-
-/* State alternates between p and q */
- for (i=1;i<this.Nr;i++)
- {
- q[0]=this.fkey[k]^AES.ftable[p[0]&0xff]^
- AES.ROTL8(AES.ftable[(p[1]>>>8)&0xff])^
- AES.ROTL16(AES.ftable[(p[2]>>>16)&0xff])^
- AES.ROTL24(AES.ftable[(p[3]>>>24)&0xff]);
- q[1]=this.fkey[k+1]^AES.ftable[p[1]&0xff]^
- AES.ROTL8(AES.ftable[(p[2]>>>8)&0xff])^
- AES.ROTL16(AES.ftable[(p[3]>>>16)&0xff])^
- AES.ROTL24(AES.ftable[(p[0]>>>24)&0xff]);
- q[2]=this.fkey[k+2]^AES.ftable[p[2]&0xff]^
- AES.ROTL8(AES.ftable[(p[3]>>>8)&0xff])^
- AES.ROTL16(AES.ftable[(p[0]>>>16)&0xff])^
- AES.ROTL24(AES.ftable[(p[1]>>>24)&0xff]);
- q[3]=this.fkey[k+3]^AES.ftable[p[3]&0xff]^
- AES.ROTL8(AES.ftable[(p[0]>>>8)&0xff])^
- AES.ROTL16(AES.ftable[(p[1]>>>16)&0xff])^
- AES.ROTL24(AES.ftable[(p[2]>>>24)&0xff]);
-
- k+=4;
- for (j=0;j<4;j++)
- {
- t=p[j]; p[j]=q[j]; q[j]=t;
- }
- }
-
-/* Last Round */
-
- q[0]=this.fkey[k]^(AES.fbsub[p[0]&0xff]&0xff)^
- AES.ROTL8(AES.fbsub[(p[1]>>>8)&0xff]&0xff)^
- AES.ROTL16(AES.fbsub[(p[2]>>>16)&0xff]&0xff)^
- AES.ROTL24(AES.fbsub[(p[3]>>>24)&0xff]&0xff);
-
- q[1]=this.fkey[k+1]^(AES.fbsub[p[1]&0xff]&0xff)^
- AES.ROTL8(AES.fbsub[(p[2]>>>8)&0xff]&0xff)^
- AES.ROTL16(AES.fbsub[(p[3]>>>16)&0xff]&0xff)^
- AES.ROTL24(AES.fbsub[(p[0]>>>24)&0xff]&0xff);
-
- q[2]=this.fkey[k+2]^(AES.fbsub[p[2]&0xff]&0xff)^
- AES.ROTL8(AES.fbsub[(p[3]>>>8)&0xff]&0xff)^
- AES.ROTL16(AES.fbsub[(p[0]>>>16)&0xff]&0xff)^
- AES.ROTL24(AES.fbsub[(p[1]>>>24)&0xff]&0xff);
-
- q[3]=this.fkey[k+3]^(AES.fbsub[(p[3])&0xff]&0xff)^
- AES.ROTL8(AES.fbsub[(p[0]>>>8)&0xff]&0xff)^
- AES.ROTL16(AES.fbsub[(p[1]>>>16)&0xff]&0xff)^
- AES.ROTL24(AES.fbsub[(p[2]>>>24)&0xff]&0xff);
-
- for (i=j=0;i<4;i++,j+=4)
- {
- b=AES.unpack(q[i]);
- for (k=0;k<4;k++) buff[j+k]=b[k];
- }
- },
-
-/* Decrypt a single block */
- ecb_decrypt: function(buff)
- {
- var i,j,k;
- var t;
- var b=[];
- var p=[];
- var q=[];
-
- for (i=j=0;i<4;i++,j+=4)
- {
- for (k=0;k<4;k++) b[k]=buff[j+k];
- p[i]=AES.pack(b);
- p[i]^=this.rkey[i];
- }
-
- k=4;
-
-/* State alternates between p and q */
- for (i=1;i<this.Nr;i++)
- {
- q[0]=this.rkey[k]^AES.rtable[p[0]&0xff]^
- AES.ROTL8(AES.rtable[(p[3]>>>8)&0xff])^
- AES.ROTL16(AES.rtable[(p[2]>>>16)&0xff])^
- AES.ROTL24(AES.rtable[(p[1]>>>24)&0xff]);
- q[1]=this.rkey[k+1]^AES.rtable[p[1]&0xff]^
- AES.ROTL8(AES.rtable[(p[0]>>>8)&0xff])^
- AES.ROTL16(AES.rtable[(p[3]>>>16)&0xff])^
- AES.ROTL24(AES.rtable[(p[2]>>>24)&0xff]);
- q[2]=this.rkey[k+2]^AES.rtable[p[2]&0xff]^
- AES.ROTL8(AES.rtable[(p[1]>>>8)&0xff])^
- AES.ROTL16(AES.rtable[(p[0]>>>16)&0xff])^
- AES.ROTL24(AES.rtable[(p[3]>>>24)&0xff]);
- q[3]=this.rkey[k+3]^AES.rtable[p[3]&0xff]^
- AES.ROTL8(AES.rtable[(p[2]>>>8)&0xff])^
- AES.ROTL16(AES.rtable[(p[1]>>>16)&0xff])^
- AES.ROTL24(AES.rtable[(p[0]>>>24)&0xff]);
-
- k+=4;
- for (j=0;j<4;j++)
- {
- t=p[j]; p[j]=q[j]; q[j]=t;
- }
- }
-
-/* Last Round */
-
- q[0]=this.rkey[k]^(AES.rbsub[p[0]&0xff]&0xff)^
- AES.ROTL8(AES.rbsub[(p[3]>>>8)&0xff]&0xff)^
- AES.ROTL16(AES.rbsub[(p[2]>>>16)&0xff]&0xff)^
- AES.ROTL24(AES.rbsub[(p[1]>>>24)&0xff]&0xff);
- q[1]=this.rkey[k+1]^(AES.rbsub[p[1]&0xff]&0xff)^
- AES.ROTL8(AES.rbsub[(p[0]>>>8)&0xff]&0xff)^
- AES.ROTL16(AES.rbsub[(p[3]>>>16)&0xff]&0xff)^
- AES.ROTL24(AES.rbsub[(p[2]>>>24)&0xff]&0xff);
- q[2]=this.rkey[k+2]^(AES.rbsub[p[2]&0xff]&0xff)^
- AES.ROTL8(AES.rbsub[(p[1]>>>8)&0xff]&0xff)^
- AES.ROTL16(AES.rbsub[(p[0]>>>16)&0xff]&0xff)^
- AES.ROTL24(AES.rbsub[(p[3]>>>24)&0xff]&0xff);
- q[3]=this.rkey[k+3]^(AES.rbsub[p[3]&0xff]&0xff)^
- AES.ROTL8(AES.rbsub[(p[2]>>>8)&0xff]&0xff)^
- AES.ROTL16(AES.rbsub[(p[1]>>>16)&0xff]&0xff)^
- AES.ROTL24(AES.rbsub[(p[0]>>>24)&0xff]&0xff);
-
- for (i=j=0;i<4;i++,j+=4)
- {
- b=AES.unpack(q[i]);
- for (k=0;k<4;k++) buff[j+k]=b[k];
- }
-
- },
-
-/* Encrypt using selected mode of operation */
- encrypt: function(buff)
- {
- var j,bytes;
- var st=[];
- var fell_off;
-
-// Supported Modes of Operation
-
- fell_off=0;
-
- switch (this.mode)
- {
- case ROM.ECB:
- this.ecb_encrypt(buff);
- return 0;
- case ROM.CBC:
- for (j=0;j<16;j++) buff[j]^=this.f[j];
- this.ecb_encrypt(buff);
- for (j=0;j<16;j++) this.f[j]=buff[j];
- return 0;
-
- case ROM.CFB1:
- case ROM.CFB2:
- case ROM.CFB4:
- bytes=this.mode-ROM.CFB1+1;
- for (j=0;j<bytes;j++) fell_off=(fell_off<<8)|this.f[j];
- for (j=0;j<16;j++) st[j]=this.f[j];
- for (j=bytes;j<16;j++) this.f[j-bytes]=this.f[j];
- this.ecb_encrypt(st);
- for (j=0;j<bytes;j++)
- {
- buff[j]^=st[j];
- this.f[16-bytes+j]=buff[j];
- }
- return fell_off;
-
- case ROM.OFB1:
- case ROM.OFB2:
- case ROM.OFB4:
- case ROM.OFB8:
- case ROM.OFB16:
-
- bytes=this.mode-ROM.OFB1+1;
- this.ecb_encrypt(this.f);
- for (j=0;j<bytes;j++) buff[j]^=this.f[j];
- return 0;
-
- case ROM.CTR1:
- case ROM.CTR2:
- case ROM.CTR4:
- case ROM.CTR8:
- case ROM.CTR16:
-
- bytes=this.mode-ROM.CTR1+1;
- for (j=0;j<16;j++) st[j]=this.f[j];
- this.ecb_encrypt(st);
- for (j=0;j<bytes;j++) buff[j]^=st[j];
- this.increment();
-
- default:
- return 0;
- }
- },
-
-/* Decrypt using selected mode of operation */
- decrypt: function(buff)
- {
- var j,bytes;
- var st=[];
- var fell_off;
-
- // Supported modes of operation
- fell_off=0;
- switch (this.mode)
- {
- case ROM.ECB:
- this.ecb_decrypt(buff);
- return 0;
- case ROM.CBC:
- for (j=0;j<16;j++)
- {
- st[j]=this.f[j];
- this.f[j]=buff[j];
- }
- this.ecb_decrypt(buff);
- for (j=0;j<16;j++)
- {
- buff[j]^=st[j];
- st[j]=0;
- }
- return 0;
- case ROM.CFB1:
- case ROM.CFB2:
- case ROM.CFB4:
- bytes=this.mode-ROM.CFB1+1;
- for (j=0;j<bytes;j++) fell_off=(fell_off<<8)|this.f[j];
- for (j=0;j<16;j++) st[j]=this.f[j];
- for (j=bytes;j<16;j++) this.f[j-bytes]=this.f[j];
- this.ecb_encrypt(st);
- for (j=0;j<bytes;j++)
- {
- this.f[16-bytes+j]=buff[j];
- buff[j]^=st[j];
- }
- return fell_off;
- case ROM.OFB1:
- case ROM.OFB2:
- case ROM.OFB4:
- case ROM.OFB8:
- case ROM.OFB16:
- bytes=this.mode-ROM.OFB1+1;
- this.ecb_encrypt(this.f);
- for (j=0;j<bytes;j++) buff[j]^=this.f[j];
- return 0;
-
- case ROM.CTR1:
- case ROM.CTR2:
- case ROM.CTR4:
- case ROM.CTR8:
- case ROM.CTR16:
- bytes=this.mode-ROM.CTR1+1;
- for (j=0;j<16;j++) st[j]=this.f[j];
- this.ecb_encrypt(st);
- for (j=0;j<bytes;j++) buff[j]^=st[j];
- this.increment();
- default:
- return 0;
- }
- },
-
-/* Clean up and delete left-overs */
- end: function()
- { // clean up
- var i;
- for (i=0;i<4*(this.Nr+1);i++)
- this.fkey[i]=this.rkey[i]=0;
- for (i=0;i<16;i++)
- this.f[i]=0;
- }
-
-};
-
-/* static functions */
-
-AES.ROTL8=function(x)
-{
- return (((x)<<8)|((x)>>>24));
-};
-
-AES.ROTL16=function(x)
-{
- return (((x)<<16)|((x)>>>16));
-};
-
-AES.ROTL24=function(x)
-{
- return (((x)<<24)|((x)>>>8));
-};
-
-AES.pack= function(b)
-{ /* pack 4 bytes into a 32-bit Word */
- return (((b[3])&0xff)<<24)|((b[2]&0xff)<<16)|((b[1]&0xff)<<8)|(b[0]&0xff);
-};
-
-AES.unpack=function(a)
-{ /* unpack bytes from a word */
- var b=[];
- b[0]=(a&0xff);
- b[1]=((a>>>8)&0xff);
- b[2]=((a>>>16)&0xff);
- b[3]=((a>>>24)&0xff);
- return b;
-};
-
-AES.bmul=function(x,y)
-{ /* x.y= AntiLog(Log(x) + Log(y)) */
-
- var ix=(x&0xff);
- var iy=(y&0xff);
- var lx=(AES.ltab[ix])&0xff;
- var ly=(AES.ltab[iy])&0xff;
- if (x!==0 && y!==0) return AES.ptab[(lx+ly)%255];
- else return 0;
-};
-
-// if (x && y)
-
-AES.SubByte=function(a)
-{
- var b=AES.unpack(a);
- b[0]=AES.fbsub[b[0]&0xff];
- b[1]=AES.fbsub[b[1]&0xff];
- b[2]=AES.fbsub[b[2]&0xff];
- b[3]=AES.fbsub[b[3]&0xff];
- return AES.pack(b);
-};
-
-AES.product=function(x,y)
-{ /* dot product of two 4-byte arrays */
- var xb=AES.unpack(x);
- var yb=AES.unpack(y);
- return (AES.bmul(xb[0],yb[0])^AES.bmul(xb[1],yb[1])^AES.bmul(xb[2],yb[2])^AES.bmul(xb[3],yb[3]))&0xff;
-};
-
-AES.InvMixCol=function(x)
-{ /* matrix Multiplication */
- var y,m;
- var b=[];
- m=AES.pack(AES.InCo);
- b[3]=AES.product(m,x);
- m=AES.ROTL24(m);
- b[2]=AES.product(m,x);
- m=AES.ROTL24(m);
- b[1]=AES.product(m,x);
- m=AES.ROTL24(m);
- b[0]=AES.product(m,x);
- y=AES.pack(b);
- return y;
-};
-
-AES.InCo=[0xB,0xD,0x9,0xE]; /* Inverse Coefficients */
-AES.rco=[1,2,4,8,16,32,64,128,27,54,108,216,171,77,154,47];
-
-AES.ptab=[
- 1,3,5,15,17,51,85,255,26,46,114,150,161,248,19,53,
- 95,225,56,72,216,115,149,164,247,2,6,10,30,34,102,170,
- 229,52,92,228,55,89,235,38,106,190,217,112,144,171,230,49,
- 83,245,4,12,20,60,68,204,79,209,104,184,211,110,178,205,
- 76,212,103,169,224,59,77,215,98,166,241,8,24,40,120,136,
- 131,158,185,208,107,189,220,127,129,152,179,206,73,219,118,154,
- 181,196,87,249,16,48,80,240,11,29,39,105,187,214,97,163,
- 254,25,43,125,135,146,173,236,47,113,147,174,233,32,96,160,
- 251,22,58,78,210,109,183,194,93,231,50,86,250,21,63,65,
- 195,94,226,61,71,201,64,192,91,237,44,116,156,191,218,117,
- 159,186,213,100,172,239,42,126,130,157,188,223,122,142,137,128,
- 155,182,193,88,232,35,101,175,234,37,111,177,200,67,197,84,
- 252,31,33,99,165,244,7,9,27,45,119,153,176,203,70,202,
- 69,207,74,222,121,139,134,145,168,227,62,66,198,81,243,14,
- 18,54,90,238,41,123,141,140,143,138,133,148,167,242,13,23,
- 57,75,221,124,132,151,162,253,28,36,108,180,199,82,246,1
- ];
-AES.ltab=[
- 0,255,25,1,50,2,26,198,75,199,27,104,51,238,223,3,
- 100,4,224,14,52,141,129,239,76,113,8,200,248,105,28,193,
- 125,194,29,181,249,185,39,106,77,228,166,114,154,201,9,120,
- 101,47,138,5,33,15,225,36,18,240,130,69,53,147,218,142,
- 150,143,219,189,54,208,206,148,19,92,210,241,64,70,131,56,
- 102,221,253,48,191,6,139,98,179,37,226,152,34,136,145,16,
- 126,110,72,195,163,182,30,66,58,107,40,84,250,133,61,186,
- 43,121,10,21,155,159,94,202,78,212,172,229,243,115,167,87,
- 175,88,168,80,244,234,214,116,79,174,233,213,231,230,173,232,
- 44,215,117,122,235,22,11,245,89,203,95,176,156,169,81,160,
- 127,12,246,111,23,196,73,236,216,67,31,45,164,118,123,183,
- 204,187,62,90,251,96,177,134,59,82,161,108,170,85,41,157,
- 151,178,135,144,97,190,220,252,188,149,207,205,55,63,91,209,
- 83,57,132,60,65,162,109,71,20,42,158,93,86,242,211,171,
- 68,17,146,217,35,32,46,137,180,124,184,38,119,153,227,165,
- 103,74,237,222,197,49,254,24,13,99,140,128,192,247,112,7
- ];
-AES.fbsub=[
- 99,124,119,123,242,107,111,197,48,1,103,43,254,215,171,118,
- 202,130,201,125,250,89,71,240,173,212,162,175,156,164,114,192,
- 183,253,147,38,54,63,247,204,52,165,229,241,113,216,49,21,
- 4,199,35,195,24,150,5,154,7,18,128,226,235,39,178,117,
- 9,131,44,26,27,110,90,160,82,59,214,179,41,227,47,132,
- 83,209,0,237,32,252,177,91,106,203,190,57,74,76,88,207,
- 208,239,170,251,67,77,51,133,69,249,2,127,80,60,159,168,
- 81,163,64,143,146,157,56,245,188,182,218,33,16,255,243,210,
- 205,12,19,236,95,151,68,23,196,167,126,61,100,93,25,115,
- 96,129,79,220,34,42,144,136,70,238,184,20,222,94,11,219,
- 224,50,58,10,73,6,36,92,194,211,172,98,145,149,228,121,
- 231,200,55,109,141,213,78,169,108,86,244,234,101,122,174,8,
- 186,120,37,46,28,166,180,198,232,221,116,31,75,189,139,138,
- 112,62,181,102,72,3,246,14,97,53,87,185,134,193,29,158,
- 225,248,152,17,105,217,142,148,155,30,135,233,206,85,40,223,
- 140,161,137,13,191,230,66,104,65,153,45,15,176,84,187,22
- ];
-AES.rbsub=[
- 82,9,106,213,48,54,165,56,191,64,163,158,129,243,215,251,
- 124,227,57,130,155,47,255,135,52,142,67,68,196,222,233,203,
- 84,123,148,50,166,194,35,61,238,76,149,11,66,250,195,78,
- 8,46,161,102,40,217,36,178,118,91,162,73,109,139,209,37,
- 114,248,246,100,134,104,152,22,212,164,92,204,93,101,182,146,
- 108,112,72,80,253,237,185,218,94,21,70,87,167,141,157,132,
- 144,216,171,0,140,188,211,10,247,228,88,5,184,179,69,6,
- 208,44,30,143,202,63,15,2,193,175,189,3,1,19,138,107,
- 58,145,17,65,79,103,220,234,151,242,207,206,240,180,230,115,
- 150,172,116,34,231,173,53,133,226,249,55,232,28,117,223,110,
- 71,241,26,113,29,41,197,137,111,183,98,14,170,24,190,27,
- 252,86,62,75,198,210,121,32,154,219,192,254,120,205,90,244,
- 31,221,168,51,136,7,199,49,177,18,16,89,39,128,236,95,
- 96,81,127,169,25,181,74,13,45,229,122,159,147,201,156,239,
- 160,224,59,77,174,42,245,176,200,235,187,60,131,83,153,97,
- 23,43,4,126,186,119,214,38,225,105,20,99,85,33,12,125
- ];
-AES.ftable=[
- 0xa56363c6,0x847c7cf8,0x997777ee,0x8d7b7bf6,0xdf2f2ff,0xbd6b6bd6,
- 0xb16f6fde,0x54c5c591,0x50303060,0x3010102,0xa96767ce,0x7d2b2b56,
- 0x19fefee7,0x62d7d7b5,0xe6abab4d,0x9a7676ec,0x45caca8f,0x9d82821f,
- 0x40c9c989,0x877d7dfa,0x15fafaef,0xeb5959b2,0xc947478e,0xbf0f0fb,
- 0xecadad41,0x67d4d4b3,0xfda2a25f,0xeaafaf45,0xbf9c9c23,0xf7a4a453,
- 0x967272e4,0x5bc0c09b,0xc2b7b775,0x1cfdfde1,0xae93933d,0x6a26264c,
- 0x5a36366c,0x413f3f7e,0x2f7f7f5,0x4fcccc83,0x5c343468,0xf4a5a551,
- 0x34e5e5d1,0x8f1f1f9,0x937171e2,0x73d8d8ab,0x53313162,0x3f15152a,
- 0xc040408,0x52c7c795,0x65232346,0x5ec3c39d,0x28181830,0xa1969637,
- 0xf05050a,0xb59a9a2f,0x907070e,0x36121224,0x9b80801b,0x3de2e2df,
- 0x26ebebcd,0x6927274e,0xcdb2b27f,0x9f7575ea,0x1b090912,0x9e83831d,
- 0x742c2c58,0x2e1a1a34,0x2d1b1b36,0xb26e6edc,0xee5a5ab4,0xfba0a05b,
- 0xf65252a4,0x4d3b3b76,0x61d6d6b7,0xceb3b37d,0x7b292952,0x3ee3e3dd,
- 0x712f2f5e,0x97848413,0xf55353a6,0x68d1d1b9,0x0,0x2cededc1,
- 0x60202040,0x1ffcfce3,0xc8b1b179,0xed5b5bb6,0xbe6a6ad4,0x46cbcb8d,
- 0xd9bebe67,0x4b393972,0xde4a4a94,0xd44c4c98,0xe85858b0,0x4acfcf85,
- 0x6bd0d0bb,0x2aefefc5,0xe5aaaa4f,0x16fbfbed,0xc5434386,0xd74d4d9a,
- 0x55333366,0x94858511,0xcf45458a,0x10f9f9e9,0x6020204,0x817f7ffe,
- 0xf05050a0,0x443c3c78,0xba9f9f25,0xe3a8a84b,0xf35151a2,0xfea3a35d,
- 0xc0404080,0x8a8f8f05,0xad92923f,0xbc9d9d21,0x48383870,0x4f5f5f1,
- 0xdfbcbc63,0xc1b6b677,0x75dadaaf,0x63212142,0x30101020,0x1affffe5,
- 0xef3f3fd,0x6dd2d2bf,0x4ccdcd81,0x140c0c18,0x35131326,0x2fececc3,
- 0xe15f5fbe,0xa2979735,0xcc444488,0x3917172e,0x57c4c493,0xf2a7a755,
- 0x827e7efc,0x473d3d7a,0xac6464c8,0xe75d5dba,0x2b191932,0x957373e6,
- 0xa06060c0,0x98818119,0xd14f4f9e,0x7fdcdca3,0x66222244,0x7e2a2a54,
- 0xab90903b,0x8388880b,0xca46468c,0x29eeeec7,0xd3b8b86b,0x3c141428,
- 0x79dedea7,0xe25e5ebc,0x1d0b0b16,0x76dbdbad,0x3be0e0db,0x56323264,
- 0x4e3a3a74,0x1e0a0a14,0xdb494992,0xa06060c,0x6c242448,0xe45c5cb8,
- 0x5dc2c29f,0x6ed3d3bd,0xefacac43,0xa66262c4,0xa8919139,0xa4959531,
- 0x37e4e4d3,0x8b7979f2,0x32e7e7d5,0x43c8c88b,0x5937376e,0xb76d6dda,
- 0x8c8d8d01,0x64d5d5b1,0xd24e4e9c,0xe0a9a949,0xb46c6cd8,0xfa5656ac,
- 0x7f4f4f3,0x25eaeacf,0xaf6565ca,0x8e7a7af4,0xe9aeae47,0x18080810,
- 0xd5baba6f,0x887878f0,0x6f25254a,0x722e2e5c,0x241c1c38,0xf1a6a657,
- 0xc7b4b473,0x51c6c697,0x23e8e8cb,0x7cdddda1,0x9c7474e8,0x211f1f3e,
- 0xdd4b4b96,0xdcbdbd61,0x868b8b0d,0x858a8a0f,0x907070e0,0x423e3e7c,
- 0xc4b5b571,0xaa6666cc,0xd8484890,0x5030306,0x1f6f6f7,0x120e0e1c,
- 0xa36161c2,0x5f35356a,0xf95757ae,0xd0b9b969,0x91868617,0x58c1c199,
- 0x271d1d3a,0xb99e9e27,0x38e1e1d9,0x13f8f8eb,0xb398982b,0x33111122,
- 0xbb6969d2,0x70d9d9a9,0x898e8e07,0xa7949433,0xb69b9b2d,0x221e1e3c,
- 0x92878715,0x20e9e9c9,0x49cece87,0xff5555aa,0x78282850,0x7adfdfa5,
- 0x8f8c8c03,0xf8a1a159,0x80898909,0x170d0d1a,0xdabfbf65,0x31e6e6d7,
- 0xc6424284,0xb86868d0,0xc3414182,0xb0999929,0x772d2d5a,0x110f0f1e,
- 0xcbb0b07b,0xfc5454a8,0xd6bbbb6d,0x3a16162c
- ];
-AES.rtable=[
- 0x50a7f451,0x5365417e,0xc3a4171a,0x965e273a,0xcb6bab3b,0xf1459d1f,
- 0xab58faac,0x9303e34b,0x55fa3020,0xf66d76ad,0x9176cc88,0x254c02f5,
- 0xfcd7e54f,0xd7cb2ac5,0x80443526,0x8fa362b5,0x495ab1de,0x671bba25,
- 0x980eea45,0xe1c0fe5d,0x2752fc3,0x12f04c81,0xa397468d,0xc6f9d36b,
- 0xe75f8f03,0x959c9215,0xeb7a6dbf,0xda595295,0x2d83bed4,0xd3217458,
- 0x2969e049,0x44c8c98e,0x6a89c275,0x78798ef4,0x6b3e5899,0xdd71b927,
- 0xb64fe1be,0x17ad88f0,0x66ac20c9,0xb43ace7d,0x184adf63,0x82311ae5,
- 0x60335197,0x457f5362,0xe07764b1,0x84ae6bbb,0x1ca081fe,0x942b08f9,
- 0x58684870,0x19fd458f,0x876cde94,0xb7f87b52,0x23d373ab,0xe2024b72,
- 0x578f1fe3,0x2aab5566,0x728ebb2,0x3c2b52f,0x9a7bc586,0xa50837d3,
- 0xf2872830,0xb2a5bf23,0xba6a0302,0x5c8216ed,0x2b1ccf8a,0x92b479a7,
- 0xf0f207f3,0xa1e2694e,0xcdf4da65,0xd5be0506,0x1f6234d1,0x8afea6c4,
- 0x9d532e34,0xa055f3a2,0x32e18a05,0x75ebf6a4,0x39ec830b,0xaaef6040,
- 0x69f715e,0x51106ebd,0xf98a213e,0x3d06dd96,0xae053edd,0x46bde64d,
- 0xb58d5491,0x55dc471,0x6fd40604,0xff155060,0x24fb9819,0x97e9bdd6,
- 0xcc434089,0x779ed967,0xbd42e8b0,0x888b8907,0x385b19e7,0xdbeec879,
- 0x470a7ca1,0xe90f427c,0xc91e84f8,0x0,0x83868009,0x48ed2b32,
- 0xac70111e,0x4e725a6c,0xfbff0efd,0x5638850f,0x1ed5ae3d,0x27392d36,
- 0x64d90f0a,0x21a65c68,0xd1545b9b,0x3a2e3624,0xb1670a0c,0xfe75793,
- 0xd296eeb4,0x9e919b1b,0x4fc5c080,0xa220dc61,0x694b775a,0x161a121c,
- 0xaba93e2,0xe52aa0c0,0x43e0223c,0x1d171b12,0xb0d090e,0xadc78bf2,
- 0xb9a8b62d,0xc8a91e14,0x8519f157,0x4c0775af,0xbbdd99ee,0xfd607fa3,
- 0x9f2601f7,0xbcf5725c,0xc53b6644,0x347efb5b,0x7629438b,0xdcc623cb,
- 0x68fcedb6,0x63f1e4b8,0xcadc31d7,0x10856342,0x40229713,0x2011c684,
- 0x7d244a85,0xf83dbbd2,0x1132f9ae,0x6da129c7,0x4b2f9e1d,0xf330b2dc,
- 0xec52860d,0xd0e3c177,0x6c16b32b,0x99b970a9,0xfa489411,0x2264e947,
- 0xc48cfca8,0x1a3ff0a0,0xd82c7d56,0xef903322,0xc74e4987,0xc1d138d9,
- 0xfea2ca8c,0x360bd498,0xcf81f5a6,0x28de7aa5,0x268eb7da,0xa4bfad3f,
- 0xe49d3a2c,0xd927850,0x9bcc5f6a,0x62467e54,0xc2138df6,0xe8b8d890,
- 0x5ef7392e,0xf5afc382,0xbe805d9f,0x7c93d069,0xa92dd56f,0xb31225cf,
- 0x3b99acc8,0xa77d1810,0x6e639ce8,0x7bbb3bdb,0x97826cd,0xf418596e,
- 0x1b79aec,0xa89a4f83,0x656e95e6,0x7ee6ffaa,0x8cfbc21,0xe6e815ef,
- 0xd99be7ba,0xce366f4a,0xd4099fea,0xd67cb029,0xafb2a431,0x31233f2a,
- 0x3094a5c6,0xc066a235,0x37bc4e74,0xa6ca82fc,0xb0d090e0,0x15d8a733,
- 0x4a9804f1,0xf7daec41,0xe50cd7f,0x2ff69117,0x8dd64d76,0x4db0ef43,
- 0x544daacc,0xdf0496e4,0xe3b5d19e,0x1b886a4c,0xb81f2cc1,0x7f516546,
- 0x4ea5e9d,0x5d358c01,0x737487fa,0x2e410bfb,0x5a1d67b3,0x52d2db92,
- 0x335610e9,0x1347d66d,0x8c61d79a,0x7a0ca137,0x8e14f859,0x893c13eb,
- 0xee27a9ce,0x35c961b7,0xede51ce1,0x3cb1477a,0x59dfd29c,0x3f73f255,
- 0x79ce1418,0xbf37c773,0xeacdf753,0x5baafd5f,0x146f3ddf,0x86db4478,
- 0x81f3afca,0x3ec468b9,0x2c342438,0x5f40a3c2,0x72c31d16,0xc25e2bc,
- 0x8b493c28,0x41950dff,0x7101a839,0xdeb30c08,0x9ce4b4d8,0x90c15664,
- 0x6184cb7b,0x70b632d5,0x745c6c48,0x4257b8d0
- ];
-
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/BIG.js
----------------------------------------------------------------------
diff --git a/version22/js/BIG.js b/version22/js/BIG.js
deleted file mode 100644
index 11a7fa1..0000000
--- a/version22/js/BIG.js
+++ /dev/null
@@ -1,1037 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/* AMCL BIG number class */
-
-/* General purpose Constructor */
-var BIG = function(x) {
- this.w=new Array(ROM.NLEN);
- switch (typeof(x))
- {
- case "object":
- this.copy(x);
- break;
- case "number":
- this.zero();
- this.w[0]=x;
- break;
- default:
- this.zero();
- }
-};
-
-BIG.prototype={
-/* set to zero */
- zero: function()
- {
- for (var i=0;i<ROM.NLEN;i++) this.w[i]=0;
- return this;
- },
-/* set to one */
- one: function()
- {
- this.w[0]=1;
- for (var i=1;i<ROM.NLEN;i++) this.w[i]=0;
- return this;
- },
-
- get: function(i)
- {
- return this.w[i];
- },
-
- set: function(i,x)
- {
- this.w[i]=x;
- },
-/* test for zero */
- iszilch: function()
- {
- for (var i=0;i<ROM.NLEN;i++)
- if (this.w[i]!==0) return false;
- return true;
- },
-/* test for unity */
- isunity: function()
- {
- for (var i=1;i<ROM.NLEN;i++)
- if (this.w[i]!==0) return false;
- if (this.w[0]!=1) return false;
- return true;
- },
-
-/* Conditional swap of two bigs depending on d using XOR - no branches */
- cswap: function(b,d)
- {
- var i;
- var t,c=d;
- c=~(c-1);
-
- for (i=0;i<ROM.NLEN;i++)
- {
- t=c&(this.w[i]^b.w[i]);
- this.w[i]^=t;
- b.w[i]^=t;
- }
- },
-
-/* Conditional move of big depending on d using XOR - no branches */
- cmove: function(b,d)
- {
- var i;
- var c=d;
- c=~(c-1);
-
- for (i=0;i<ROM.NLEN;i++)
- {
- this.w[i]^=(this.w[i]^b.w[i])&c;
- }
- },
-
-/* copy from another BIG */
- copy: function(y)
- {
- for (var i=0;i<ROM.NLEN;i++)
- this.w[i]=y.w[i];
- return this;
- },
-/* copy from bottom half of DBIG */
- hcopy: function(y)
- {
- for (var i=0;i<ROM.NLEN;i++)
- this.w[i]=y.w[i];
- return this;
- },
-/* copy from ROM */
- rcopy: function(y)
- {
- for (var i=0;i<ROM.NLEN;i++)
- this.w[i]=y[i];
- return this;
- },
-
- xortop: function(x)
- {
- this.w[ROM.NLEN-1]^=x;
- },
-
- ortop: function(x)
- {
- this.w[ROM.NLEN-1]|=x;
- },
-
-/* normalise BIG - force all digits < 2^BASEBITS */
- norm: function()
- {
- var d,carry=0;
- for (var i=0;i<ROM.NLEN-1;i++)
- {
- d=this.w[i]+carry;
- this.w[i]=d&ROM.BMASK;
- carry=d>>ROM.BASEBITS;
- }
- this.w[ROM.NLEN-1]=(this.w[ROM.NLEN-1]+carry);
-
- return (this.w[ROM.NLEN-1]>>((8*ROM.MODBYTES)%ROM.BASEBITS));
-
- },
-/* quick shift right by less than a word */
- fshr: function(k)
- {
- var r=this.w[0]&((1<<k)-1); /* shifted out part */
- for (var i=0;i<ROM.NLEN-1;i++)
- this.w[i]=(this.w[i]>>k)|((this.w[i+1]<<(ROM.BASEBITS-k))&ROM.BMASK);
- this.w[ROM.NLEN-1]=this.w[ROM.NLEN-1]>>k;
- return r;
- },
-/* General shift right by k bits */
- shr: function(k)
- {
- var n=k%ROM.BASEBITS;
- var m=Math.floor(k/ROM.BASEBITS);
- for (var i=0;i<ROM.NLEN-m-1;i++)
- this.w[i]=(this.w[m+i]>>n)|((this.w[m+i+1]<<(ROM.BASEBITS-n))&ROM.BMASK);
- this.w[ROM.NLEN-m-1]=this.w[ROM.NLEN-1]>>n;
- for (i=ROM.NLEN-m;i<ROM.NLEN;i++) this.w[i]=0;
- return this;
- },
-/* quick shift left by less than a word */
- fshl: function(k)
- {
- this.w[ROM.NLEN-1]=((this.w[ROM.NLEN-1]<<k))|(this.w[ROM.NLEN-2]>>(ROM.BASEBITS-k));
- for (var i=ROM.NLEN-2;i>0;i--)
- this.w[i]=((this.w[i]<<k)&ROM.BMASK)|(this.w[i-1]>>(ROM.BASEBITS-k));
- this.w[0]=(this.w[0]<<k)&ROM.BMASK;
-
- return (this.w[ROM.NLEN-1]>>((8*ROM.MODBYTES)%ROM.BASEBITS)); /* return excess - only used in FF.java */
- },
-/* General shift left by k bits */
- shl: function(k)
- {
- var i,n=k%ROM.BASEBITS;
- var m=Math.floor(k/ROM.BASEBITS);
-
- this.w[ROM.NLEN-1]=(this.w[ROM.NLEN-1-m]<<n);
- if (ROM.NLEN>m+2) this.w[ROM.NLEN-1]|=(this.w[ROM.NLEN-m-2]>>(ROM.BASEBITS-n));
- for (i=ROM.NLEN-2;i>m;i--)
- this.w[i]=((this.w[i-m]<<n)&ROM.BMASK)|(this.w[i-m-1]>>(ROM.BASEBITS-n));
- this.w[m]=(this.w[0]<<n)&ROM.BMASK;
- for (i=0;i<m;i++) this.w[i]=0;
- return this;
- },
-/* return length in bits */
- nbits: function()
- {
- var bts,k=ROM.NLEN-1;
- var c;
- this.norm();
- while (k>=0 && this.w[k]===0) k--;
- if (k<0) return 0;
- bts=ROM.BASEBITS*k;
- c=this.w[k];
- while (c!==0) {c=Math.floor(c/2); bts++;}
- return bts;
- },
-/* convert this to string */
- toString: function()
- {
- var b;
- var s="";
- var len=this.nbits();
- if (len%4===0) len=Math.floor(len/4);
- else {len=Math.floor(len/4); len++;}
- if (len<ROM.MODBYTES*2) len=ROM.MODBYTES*2;
- for (var i=len-1;i>=0;i--)
- {
- b=new BIG(0);
- b.copy(this);
- b.shr(i*4);
- s+=(b.w[0]&15).toString(16);
- }
- return s;
- },
-/* this+=y */
- add: function(y)
- {
- for (var i=0;i<ROM.NLEN;i++) this.w[i]+=y.w[i];
- return this;
- },
-/* return this+x */
- plus: function(x)
- {
- var s=new BIG(0);
- for (var i=0;i<ROM.NLEN;i++)
- s.w[i]=this.w[i]+x.w[i];
- return s;
- },
-/* this+=i, where i is int */
- inc: function(i)
- {
- this.norm();
- this.w[0]+=i;
- return this;
- },
-/* this-=y */
- sub: function(y)
- {
- for (var i=0;i<ROM.NLEN;i++) this.w[i]-=y.w[i];
- return this;
- },
-
-/* reverse subtract this=x-this */
- rsub: function(x)
- {
- for (var i=0;i<ROM.NLEN;i++)
- this.w[i]=x.w[i]-this.w[i];
- return this;
- },
-/* this-=i, where i is int */
- dec: function(i)
- {
- this.norm();
- this.w[0]-=i;
- return this;
- },
-/* return this-x */
- minus: function(x) {
- var d=new BIG(0);
- for (var i=0;i<ROM.NLEN;i++)
- d.w[i]=this.w[i]-x.w[i];
- return d;
- },
-/* multiply by small integer */
- imul: function(c)
- {
- for (var i=0;i<ROM.NLEN;i++) this.w[i]*=c;
- return this;
- },
-/* convert this BIG to byte array */
- tobytearray: function(b,n)
- {
- this.norm();
- var c=new BIG(0);
- c.copy(this);
-
- for (var i=ROM.MODBYTES-1;i>=0;i--)
- {
- b[i+n]=c.w[0]&0xff;
- c.fshr(8);
- }
- return this;
- },
-/* convert this to byte array */
- toBytes: function(b)
- {
- this.tobytearray(b,0);
- },
-
-/* set this[i]+=x*y+c, and return high part */
- muladd: function(x,y,c,i)
- {
- var prod=x*y+c+this.w[i];
- this.w[i]=prod&ROM.BMASK;
- return ((prod-this.w[i])*ROM.MODINV);
- },
-/* multiply by larger int */
- pmul: function(c)
- {
- var ak,carry=0;
- this.norm();
- for (var i=0;i<ROM.NLEN;i++)
- {
- ak=this.w[i];
- this.w[i]=0;
- carry=this.muladd(ak,c,carry,i);
- }
- return carry;
- },
-/* multiply by still larger int - results requires a DBIG */
- pxmul: function(c)
- {
- var m=new DBIG(0);
- var carry=0;
- for (var j=0;j<ROM.NLEN;j++)
- carry=m.muladd(this.w[j],c,carry,j);
- m.w[ROM.NLEN]=carry;
- return m;
- },
-/* divide by 3 */
- div3: function()
- {
- var ak,base,carry=0;
- this.norm();
- base=(1<<ROM.BASEBITS);
- for (var i=ROM.NLEN-1;i>=0;i--)
- {
- ak=(carry*base+this.w[i]);
- this.w[i]=Math.floor(ak/3);
- carry=ak%3;
- }
- return carry;
- },
-
-/* set x = x mod 2^m */
- mod2m: function(m)
- {
- var i,wd,bt;
- var msk;
- wd=Math.floor(m/ROM.BASEBITS);
- bt=m%ROM.BASEBITS;
- msk=(1<<bt)-1;
- this.w[wd]&=msk;
- for (i=wd+1;i<ROM.NLEN;i++) this.w[i]=0;
- },
-
-/* a=1/a mod 2^256. This is very fast! */
- invmod2m: function()
- {
- var U=new BIG(0);
- var b=new BIG(0);
- var c=new BIG(0);
-
- U.inc(BIG.invmod256(this.lastbits(8)));
-
- for (var i=8;i<ROM.BIGBITS;i<<=1)
- {
- b.copy(this); b.mod2m(i);
- var t1=BIG.smul(U,b); t1.shr(i);
- c.copy(this); c.shr(i); c.mod2m(i);
-
- var t2=BIG.smul(U,c); t2.mod2m(i);
- t1.add(t2);
- b=BIG.smul(t1,U); t1.copy(b);
- t1.mod2m(i);
-
- t2.one(); t2.shl(i); t1.rsub(t2); t1.norm();
- t1.shl(i);
- U.add(t1);
- }
- U.mod2m(ROM.BIGBITS);
- this.copy(U);
- this.norm();
- },
-
-/* reduce this mod m */
- mod: function(m)
- {
- var k=0;
- var r=new BIG(0);
-
- this.norm();
- if (BIG.comp(this,m)<0) return;
- do
- {
- m.fshl(1);
- k++;
- } while (BIG.comp(this,m)>=0);
-
- while (k>0)
- {
- m.fshr(1);
-
- r.copy(this);
- r.sub(m);
- r.norm();
- this.cmove(r,(1-((r.w[ROM.NLEN-1]>>(ROM.CHUNK-1))&1)));
-
-/*
- if (BIG.comp(this,m)>=0)
- {
- this.sub(m);
- this.norm();
- } */
- k--;
- }
- },
-/* this/=m */
- div: function(m)
- {
- var k=0;
- var d=0;
- this.norm();
- var e=new BIG(1);
- var b=new BIG(0);
- var r=new BIG(0);
- b.copy(this);
- this.zero();
-
- while (BIG.comp(b,m)>=0)
- {
- e.fshl(1);
- m.fshl(1);
- k++;
- }
-
- while (k>0)
- {
- m.fshr(1);
- e.fshr(1);
-
- r.copy(b);
- r.sub(m);
- r.norm();
- d=(1-((r.w[ROM.NLEN-1]>>(ROM.CHUNK-1))&1));
- b.cmove(r,d);
- r.copy(this);
- r.add(e);
- r.norm();
- this.cmove(r,d);
-
-/*
- if (BIG.comp(b,m)>=0)
- {
- this.add(e);
- this.norm();
- b.sub(m);
- b.norm();
- } */
-
-
- k--;
- }
- },
-/* return parity of this */
- parity: function()
- {
- return this.w[0]%2;
- },
-/* return n-th bit of this */
- bit: function(n)
- {
- if ((this.w[Math.floor(n/ROM.BASEBITS)]&(1<<(n%ROM.BASEBITS)))>0) return 1;
- else return 0;
- },
-/* return last n bits of this */
- lastbits: function(n)
- {
- var msk=(1<<n)-1;
- this.norm();
- return (this.w[0])&msk;
- },
-/* Jacobi Symbol (this/p). Returns 0, 1 or -1 */
- jacobi: function(p)
- {
- var n8,k,m=0;
- var t=new BIG(0);
- var x=new BIG(0);
- var n=new BIG(0);
- var zilch=new BIG(0);
- var one=new BIG(1);
- if (p.parity()===0 || BIG.comp(this,zilch)===0 || BIG.comp(p,one)<=0) return 0;
- this.norm();
- x.copy(this);
- n.copy(p);
- x.mod(p);
-
- while (BIG.comp(n,one)>0)
- {
- if (BIG.comp(x,zilch)===0) return 0;
- n8=n.lastbits(3);
- k=0;
- while (x.parity()===0)
- {
- k++;
- x.shr(1);
- }
- if (k%2==1) m+=(n8*n8-1)/8;
- m+=(n8-1)*(x.lastbits(2)-1)/4;
- t.copy(n);
- t.mod(x);
- n.copy(x);
- x.copy(t);
- m%=2;
-
- }
- if (m===0) return 1;
- else return -1;
- },
-/* this=1/this mod p. Binary method */
- invmodp: function(p)
- {
- this.mod(p);
- var u=new BIG(0);
- u.copy(this);
- var v=new BIG(0);
- v.copy(p);
- var x1=new BIG(1);
- var x2=new BIG(0);
- var t=new BIG(0);
- var one=new BIG(1);
-
- while (BIG.comp(u,one)!==0 && BIG.comp(v,one)!==0)
- {
- while (u.parity()===0)
- {
- u.shr(1);
- if (x1.parity()!==0)
- {
- x1.add(p);
- x1.norm();
- }
- x1.shr(1);
- }
- while (v.parity()===0)
- {
- v.shr(1);
- if (x2.parity()!==0)
- {
- x2.add(p);
- x2.norm();
- }
- x2.shr(1);
- }
- if (BIG.comp(u,v)>=0)
- {
- u.sub(v);
- u.norm();
- if (BIG.comp(x1,x2)>=0) x1.sub(x2);
- else
- {
- t.copy(p);
- t.sub(x2);
- x1.add(t);
- }
- x1.norm();
- }
- else
- {
- v.sub(u);
- v.norm();
- if (BIG.comp(x2,x1)>=0) x2.sub(x1);
- else
- {
- t.copy(p);
- t.sub(x1);
- x2.add(t);
- }
- x2.norm();
- }
- }
- if (BIG.comp(u,one)===0) this.copy(x1);
- else this.copy(x2);
- },
-/* return this^e mod m */
- powmod:function(e,m)
- {
- var bt;
- this.norm();
- e.norm();
- var a=new BIG(1);
- var z=new BIG(0);
- z.copy(e);
- var s=new BIG(0);
- s.copy(this);
- var i=0;
- while (true)
- {
- i++;
- bt=z.parity();
- z.fshr(1);
- if (bt==1) a=BIG.modmul(a,s,m);
-//ROM.debug=false;
- if (z.iszilch()) break;
- s=BIG.modsqr(s,m);
- }
- return a;
- }
-
-};
-/* convert from byte array to BIG */
-BIG.frombytearray=function(b,n)
-{
- var m=new BIG(0);
-
- for (var i=0;i<ROM.MODBYTES;i++)
- {
- m.fshl(8); m.w[0]+=b[i+n]&0xff;
- //m.inc(b[i]&0xff);
- }
- return m;
-};
-
-BIG.fromBytes=function(b)
-{
- return BIG.frombytearray(b,0);
-};
-
-/* return a*b where product fits a BIG */
-BIG.smul=function(a,b)
-{
- var carry;
- var c=new BIG(0);
- for (var i=0;i<ROM.NLEN;i++)
- {
- carry=0;
- for (var j=0;j<ROM.NLEN;j++)
- if (i+j<ROM.NLEN) carry=c.muladd(a.w[i],b.w[j],carry,i+j);
- }
- return c;
-};
-/* Compare a and b, return 0 if a==b, -1 if a<b, +1 if a>b. Inputs must be normalised */
-BIG.comp=function(a,b)
-{
- for (var i=ROM.NLEN-1;i>=0;i--)
- {
- if (a.w[i]==b.w[i]) continue;
- if (a.w[i]>b.w[i]) return 1;
- else return -1;
- }
- return 0;
-};
-
-/* get 8*MODBYTES size random number */
-BIG.random=function(rng)
-{
- var m=new BIG(0);
- var i,b,j=0,r=0;
-
-/* generate random BIG */
- for (i=0;i<8*ROM.MODBYTES;i++)
- {
- if (j===0) r=rng.getByte();
- else r>>=1;
-
- b=r&1;
- m.shl(1); m.w[0]+=b;// m.inc(b);
- j++; j&=7;
- }
- return m;
-};
-
-/* Create random BIG in portable way, one bit at a time */
-BIG.randomnum=function(q,rng)
-{
- var d=new DBIG(0);
- var i,b,j=0,r=0;
- for (i=0;i<2*ROM.MODBITS;i++)
- {
- if (j===0) r=rng.getByte();
- else r>>=1;
-
- b=r&1;
- d.shl(1); d.w[0]+=b;
- j++; j&=7;
- }
-
- var m=d.mod(q);
-
- return m;
-};
-
-/* return NAF value as +/- 1, 3 or 5. x and x3 should be normed.
-nbs is number of bits processed, and nzs is number of trailing 0s detected */
-/*
-BIG.nafbits=function(x,x3,i)
-{
- var n=[];
- var nb=x3.bit(i)-x.bit(i);
- var j;
- n[1]=1;
- n[0]=0;
- if (nb===0) {n[0]=0; return n;}
- if (i===0) {n[0]=nb; return n;}
- if (nb>0) n[0]=1;
- else n[0]=(-1);
-
- for (j=i-1;j>0;j--)
- {
- n[1]++;
- n[0]*=2;
- nb=x3.bit(j)-x.bit(j);
- if (nb>0) n[0]+=1;
- if (nb<0) n[0]-=1;
- if (n[0]>5 || n[0]<-5) break;
- }
-
- if (n[0]%2!==0 && j!==0)
- { // backtrack
- if (nb>0) n[0]=(n[0]-1)/2;
- if (nb<0) n[0]=(n[0]+1)/2;
- n[1]--;
- }
- while (n[0]%2===0)
- { // remove trailing zeros
- n[0]/=2;
- n[2]++;
- n[1]--;
- }
- return n;
-};
-*/
-/* return a*b as DBIG */
-BIG.mul=function(a,b)
-{
- var n,c=new DBIG(0);
-// a.norm();
-// b.norm();
-
- var d=[];
- var s,t;
-
- for (var i=0;i<ROM.NLEN;i++)
- d[i]=a.w[i]*b.w[i];
-
- s=d[0];
- t=s; c.w[0]=t;
-
- for (var k=1;k<ROM.NLEN;k++)
- {
- s+=d[k]; t=s; for (i=k;i>=1+Math.floor(k/2);i--) t+=(a.w[i]-a.w[k-i])*(b.w[k-i]-b.w[i]); c.w[k]=t;
- }
- for (var k=ROM.NLEN;k<2*ROM.NLEN-1;k++)
- {
- s-=d[k-ROM.NLEN]; t=s; for (i=ROM.NLEN-1;i>=1+Math.floor(k/2);i--) t+=(a.w[i]-a.w[k-i])*(b.w[k-i]-b.w[i]); c.w[k]=t;
- }
-
- var co=0;
- for (var i=0;i<ROM.DNLEN-1;i++)
- {
- n=c.w[i]+co;
- c.w[i]=n&ROM.BMASK;
- co=(n-c.w[i])*ROM.MODINV;
- }
- c.w[ROM.DNLEN-1]=co;
-
-
-/*
- for (var j=0;j<ROM.NLEN;j++)
- {
- t=0; for (var i=0;i<=j;i++) t+=a.w[j-i]*b.w[i];
- c.w[j]=t;
- }
- for (var j=ROM.NLEN;j<ROM.DNLEN-2;j++)
- {
- t=0; for (var i=j-ROM.NLEN+1;i<ROM.NLEN;i++) t+=a.w[j-i]*b.w[i];
- c.w[j]=t;
- }
- t=a.w[ROM.NLEN-1]*b.w[ROM.NLEN-1];
- c.w[ROM.DNLEN-2]=t;
- var co=0;
- for (var i=0;i<ROM.DNLEN-1;i++)
- {
- n=c.w[i]+co;
- c.w[i]=n&ROM.BMASK;
- co=(n-c.w[i])*ROM.MODINV;
- }
- c.w[ROM.DNLEN-1]=co;
-*/
- return c;
-};
-
-/* return a^2 as DBIG */
-BIG.sqr=function(a)
-{
- var n,c=new DBIG(0);
-// a.norm();
-
- c.w[0]=a.w[0]*a.w[0];
- t=a.w[1]*a.w[0]; t+=t; c.w[1]=t;
-
- var last=ROM.NLEN-ROM.NLEN%2;
- for (j=2;j<last;j+=2)
- {
- t=a.w[j]*a.w[0]; for (var i=1;i<(j+1)>>1;i++) t+=a.w[j-i]*a.w[i]; t+=t; t+=a.w[j>>1]*a.w[j>>1];
- c.w[j]=t;
- t=a.w[j+1]*a.w[0]; for (var i=1;i<(j+2)>>1;i++) t+=a.w[j+1-i]*a.w[i]; t+=t;
- c.w[j+1]=t;
- }
- j=last;
- if (ROM.NLEN%2==1)
- {
- t=a.w[j]*a.w[0]; for (var i=1;i<(j+1)>>1;i++) t+=a.w[j-i]*a.w[i]; t+=t; t+=a.w[j>>1]*a.w[j>>1];
- c.w[j]=t; j++;
- t=a.w[ROM.NLEN-1]*a.w[j-ROM.NLEN+1]; for (var i=j-ROM.NLEN+2;i<(j+1)>>1;i++) t+=a.w[j-i]*a.w[i]; t+=t;
- c.w[j]=t; j++;
- }
-
-// j=ROM.NLEN;
-// t=a.w[ROM.NLEN-1]*a.w[j-ROM.NLEN+1]; for (var i=j-ROM.NLEN+2;i<(j+1)>>1;i++) t+=a.w[j-i]*a.w[i]; t+=t;
-// c.w[j]=t;
-
-
- for (;j<ROM.DNLEN-2;j+=2)
- {
- t=a.w[ROM.NLEN-1]*a.w[j-ROM.NLEN+1]; for (var i=j-ROM.NLEN+2;i<(j+1)>>1;i++) t+=a.w[j-i]*a.w[i]; t+=t; t+=a.w[j>>1]*a.w[j>>1];
- c.w[j]=t;
- t=a.w[ROM.NLEN-1]*a.w[j-ROM.NLEN+2]; for (var i=j-ROM.NLEN+3;i<(j+2)>>1;i++) t+=a.w[j+1-i]*a.w[i]; t+=t;
- c.w[j+1]=t;
- }
-
- t=a.w[ROM.NLEN-1]*a.w[ROM.NLEN-1];
- c.w[ROM.DNLEN-2]=t;
-
- var co=0;
- for (var i=0;i<ROM.DNLEN-1;i++)
- {
- n=c.w[i]+co;
- c.w[i]=n&ROM.BMASK;
- co=(n-c.w[i])*ROM.MODINV;
- }
- c.w[ROM.DNLEN-1]=co;
- return c;
-};
-
-/* reduce a DBIG to a BIG using a "special" modulus */
-BIG.mod=function(d)
-{
- var i,j,b=new BIG(0);
- if (ROM.MODTYPE==ROM.PSEUDO_MERSENNE)
- {
- var v,tw;
- var t=d.split(ROM.MODBITS);
- b.hcopy(d);
-
- if (ROM.MConst!=1)
- v=t.pmul(ROM.MConst);
- else v=0;
- tw=t.w[ROM.NLEN-1];
- t.w[ROM.NLEN-1]&=ROM.TMASK;
- t.inc(ROM.MConst*((tw>>ROM.TBITS)+(v<<(ROM.BASEBITS-ROM.TBITS))));
- b.add(t);
- }
-
- if (ROM.MODTYPE==ROM.MONTGOMERY_FRIENDLY)
- {
- for (i=0;i<ROM.NLEN;i++)
- d.w[ROM.NLEN+i]+=d.muladd(d.w[i],ROM.MConst-1,d.w[i],ROM.NLEN+i-1);
- for (i=0;i<ROM.NLEN;i++)
- b.w[i]=d.w[ROM.NLEN+i];
- }
-
- if (ROM.MODTYPE==ROM.GENERALISED_MERSENNE)
- { // GoldiLocks Only
- var t=d.split(ROM.MODBITS);
- b.hcopy(d);
- b.add(t);
- var dd=new DBIG(0);
- dd.hcopy(t);
- dd.shl(ROM.MODBITS/2);
-
- var tt=dd.split(ROM.MODBITS);
- var lo=new BIG();
- lo.hcopy(dd);
-
- b.add(tt);
- b.add(lo);
- //b.norm();
- tt.shl(ROM.MODBITS/2);
- b.add(tt);
-
- var carry=b.w[ROM.NLEN-1]>>ROM.TBITS;
- b.w[ROM.NLEN-1]&=ROM.TMASK;
- b.w[0]+=carry;
-
- b.w[Math.floor(224/ROM.BASEBITS)]+=carry<<(224%ROM.BASEBITS);
- }
-
- if (ROM.MODTYPE==ROM.NOT_SPECIAL)
- {
-
- var m=new BIG(0);
- var v=[];
- var dd=[];
- var s,c,t;
-
- m.rcopy(ROM.Modulus);
-
-
- t=d.w[0]; v[0]=((t&ROM.BMASK)*ROM.MConst)&ROM.BMASK; t+=v[0]*m.w[0];
- c=d.w[1]+(t*ROM.MODINV); s=0;
-
- for (var k=1;k<ROM.NLEN;k++)
- {
- t=c+s+v[0]*m.w[k];
- for (i=k-1;i>Math.floor(k/2);i--) t+=(v[k-i]-v[i])*(m.w[i]-m.w[k-i]);
- v[k]=((t&ROM.BMASK)*ROM.MConst)&ROM.BMASK; t+=v[k]*m.w[0];
- c=(t*ROM.MODINV)+d.w[k+1];
-
- dd[k]=v[k]*m.w[k]; s+=dd[k];
- }
- for (var k=ROM.NLEN;k<2*ROM.NLEN-1;k++)
- {
- t=c+s;
- for (i=ROM.NLEN-1;i>=1+Math.floor(k/2);i--) t+=(v[k-i]-v[i])*(m.w[i]-m.w[k-i]);
- b.w[k-ROM.NLEN]=t&ROM.BMASK;
- c=((t-b.w[k-ROM.NLEN])*ROM.MODINV)+d.w[k+1];
-
- s-=dd[k-ROM.NLEN+1];
- }
- b.w[ROM.NLEN-1]=c&ROM.BMASK;
-
-
-/*
- var md=new BIG(0);
- md.rcopy(ROM.Modulus);
- var sum;
-
- sum=d.w[0];
- for (j=0;j<ROM.NLEN;j++)
- {
- for (i=0;i<j;i++) sum+=d.w[i]*md.w[j-i];
- d.w[j]=((sum&ROM.BMASK)*ROM.MConst)&ROM.BMASK; sum+=d.w[j]*md.w[0];
- sum=d.w[j+1]+(sum*ROM.MODINV);
- }
-
-
- for (j=ROM.NLEN;j<ROM.DNLEN-2;j++)
- {
- for (i=j-ROM.NLEN+1;i<ROM.NLEN;i++) sum+=d.w[i]*md.w[j-i];
- d.w[j]=sum&ROM.BMASK;
- sum=d.w[j+1]+((sum-d.w[j])*ROM.MODINV);
- }
-
- sum+=d.w[ROM.NLEN-1]*md.w[ROM.NLEN-1];
- d.w[ROM.DNLEN-2]=sum&ROM.BMASK;
- sum=d.w[ROM.DNLEN-1]+((sum-d.w[ROM.DNLEN-2])*ROM.MODINV);
- d.w[ROM.DNLEN-1]=sum&ROM.BMASK;
- for (i=0;i<ROM.NLEN;i++)
- b.w[i]=d.w[ROM.NLEN+i];
-*/
- }
- b.norm();
- return b;
-};
-
-/* return a*b mod m */
-BIG.modmul=function(a,b,m)
-{
- a.mod(m);
- b.mod(m);
- var d=BIG.mul(a,b);
- return d.mod(m);
-};
-
-/* return a^2 mod m */
-BIG.modsqr=function(a,m)
-{
- a.mod(m);
- var d=BIG.sqr(a);
- return d.mod(m);
-};
-
-/* return -a mod m */
-BIG.modneg=function(a,m)
-{
- a.mod(m);
- return m.minus(a);
-};
-
-/* calculate Field Excess */
-BIG.EXCESS=function(a)
-{
- return ((a.w[ROM.NLEN-1]&ROM.OMASK)>>(ROM.MODBITS%ROM.BASEBITS));
-};
-
-/* Arazi and Qi inversion mod 256 */
-BIG.invmod256=function(a)
-{
- var U,t1,t2,b,c;
- t1=0;
- c=(a>>1)&1;
- t1+=c;
- t1&=1;
- t1=2-t1;
- t1<<=1;
- U=t1+1;
-
-// i=2
- b=a&3;
- t1=U*b; t1>>=2;
- c=(a>>2)&3;
- t2=(U*c)&3;
- t1+=t2;
- t1*=U; t1&=3;
- t1=4-t1;
- t1<<=2;
- U+=t1;
-
-// i=4
- b=a&15;
- t1=U*b; t1>>=4;
- c=(a>>4)&15;
- t2=(U*c)&15;
- t1+=t2;
- t1*=U; t1&=15;
- t1=16-t1;
- t1<<=4;
- U+=t1;
-
- return U;
-};
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/BenchtestEC.html
----------------------------------------------------------------------
diff --git a/version22/js/BenchtestEC.html b/version22/js/BenchtestEC.html
deleted file mode 100644
index 49ca241..0000000
--- a/version22/js/BenchtestEC.html
+++ /dev/null
@@ -1,162 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<head>
-<title>JavaScript Elliptic Curve Benchtest</title>
-</head>
-<body>
-<h1>JavaScript Benchmark ECC and RSA</h1>
-<script type="text/javascript" src="DBIG.js"></script>
-<script type="text/javascript" src="BIG.js"></script>
-<script type="text/javascript" src="FP.js"></script>
-<script type="text/javascript" src="ROM.js"></script>
-<script type="text/javascript" src="FF.js"></script>
-<script type="text/javascript" src="ECP.js"></script>
-<script type="text/javascript" src="RSA.js"></script>
-<script type="text/javascript" src="HASH256.js"></script>
-<script type="text/javascript" src="RAND.js"></script>
-<script>
-/* test driver and function exerciser ECC functions */
- var i,j;
- var result;
- var MIN_ITERS=10;
- var MIN_TIME=10;
- var pub=new rsa_public_key(ROM.FFLEN);
- var priv=new rsa_private_key(ROM.HFLEN);
- var fail=false;
-
- var RAW=[];
- var M=[];
- var C=[];
- var P=[];
-
- var rng=new RAND();
-
- rng.clean();
- for (i=0;i<100;i++) RAW[i]=i;
-
- rng.seed(100,RAW);
-
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- {
- window.document.write("Weierstrass parameterization "+ "<br>");
- }
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- window.document.write("Edwards parameterization"+ "<br>");
- }
- if (ROM.CURVETYPE==ROM.MONTGOMERY)
- {
- window.document.write("Montgomery parameterization"+ "<br>");
- }
-
- if (ROM.MODTYPE==ROM.PSEUDO_MERSENNE)
- {
- window.document.write("Pseudo-Mersenne Modulus"+ "<br>");
- }
- if (ROM.MODTYPE==ROM.MONTGOMERY_FRIENDLY)
- {
- window.document.write("Montgomery friendly Modulus"+ "<br>");
- }
- if (ROM.MODTYPE==ROM.GENERALISED_MERSENNE)
- {
- window.document.write("Generalised-Mersenne Modulus"+ "<br>");
- }
- if (ROM.MODTYPE==ROM.NOT_SPECIAL)
- {
- window.document.write("Not special Modulus"+ "<br>");
- }
-
- window.document.write("Modulus size "+ROM.MODBITS+ " bits"+ "<br>");
- window.document.write(ROM.CHUNK + " bit build"+ "<br>");
- var r,gx,gy,s;
- var G,WP;
- var res=0;
-
- G=new ECP(0);
-
- gx=new BIG(0); gx.rcopy(ROM.CURVE_Gx);
-
- if (ROM.CURVETYPE!=ROM.MOMTGOMERY)
- {
- gy=new BIG(0); gy.rcopy(ROM.CURVE_Gy);
- G.setxy(gx,gy);
- }
- else G.setx(gx);
-
- r=new BIG(0); r.rcopy(ROM.CURVE_Order);
- s=BIG.randomnum(r,rng);
-
- WP=G.mul(r);
- if (!WP.is_infinity())
- {
- alert("FAILURE - rG!=O");
- fail=true;
- }
- var elapsed;
- var start = performance.now();
- iterations=0;
- do {
- WP=G.mul(s);
- iterations++;
- elapsed=(performance.now()-start);
- } while (elapsed<MIN_TIME*1000 || iterations<MIN_ITERS);
- dur=elapsed/iterations;
- window.document.write("EC mul - " + iterations + " iterations ");
- window.document.write(dur.toFixed(2) + " ms per iteration"+ "<br>");
-
- window.document.write("Generating " +ROM.FFLEN*ROM.BIGBITS + " - bit RSA public/private key pair"+ "<br>");
-
- MIN_ITERS=1;
- start = performance.now();
- iterations=0;
- do {
- RSA.KEY_PAIR(rng,65537,priv,pub);
- iterations++;
- elapsed=(performance.now()-start);
- } while (elapsed<MIN_TIME*1000 || iterations<MIN_ITERS);
- dur=elapsed/iterations;
- window.document.write("RSA gen - " + iterations + " iteration ");
- window.document.write(dur.toFixed(2) + " ms per iteration"+ "<br>");
-
- MIN_ITERS=10;
-
- for (i=0;i<RSA.RFS;i++) M[i]=(i%128);
-
- start = performance.now();
- iterations=0;
- do {
- RSA.ENCRYPT(pub,M,C);
- iterations++;
- elapsed=(performance.now()-start);
- } while (elapsed<MIN_TIME*1000 || iterations<MIN_ITERS);
- dur=elapsed/iterations;
- window.document.write("RSA enc - " + iterations + " iterations ");
- window.document.write(dur.toFixed(2) + " ms per iteration"+ "<br>");
-
- start = performance.now();
- iterations=0;
- do {
- RSA.DECRYPT(priv,C,P);
- iterations++;
- elapsed=(performance.now()-start);
- } while (elapsed<MIN_TIME*1000 || iterations<MIN_ITERS);
- dur=elapsed/iterations;
- window.document.write("RSA dec - " + iterations + " iterations ");
- window.document.write(dur.toFixed(2) + " ms per iteration"+ "<br>");
-
- var cmp=true;
- for (i=0;i<RSA.RFS;i++)
- {
- if (P[i]!=M[i]) cmp=false;
- }
-
- if (!cmp)
- {
- alert("FAILURE - RSA decryption");
- fail=true;
- }
- if (!fail) window.document.write("All tests pass"+ "<br>");
-
-</script>
-</body>
-</html>
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/BenchtestPAIR.html
----------------------------------------------------------------------
diff --git a/version22/js/BenchtestPAIR.html b/version22/js/BenchtestPAIR.html
deleted file mode 100644
index b6a9bb5..0000000
--- a/version22/js/BenchtestPAIR.html
+++ /dev/null
@@ -1,226 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<head>
-<title>JavaScript PAIRing Benchtest</title>
-</head>
-<body>
-<h1>JavaScript Benchmark Pairings</h1>
-<script type="text/javascript" src="DBIG.js"></script>
-<script type="text/javascript" src="BIG.js"></script>
-<script type="text/javascript" src="FP.js"></script>
-<script type="text/javascript" src="ROM.js"></script>
-<script type="text/javascript" src="UInt64.js"></script>
-<script type="text/javascript" src="HASH256.js"></script>
-<script type="text/javascript" src="HASH384.js"></script>
-<script type="text/javascript" src="HASH512.js"></script>
-<script type="text/javascript" src="RAND.js"></script>
-<script type="text/javascript" src="AES.js"></script>
-<script type="text/javascript" src="GCM.js"></script>
-<script type="text/javascript" src="ECP.js"></script>
-<script type="text/javascript" src="FP2.js"></script>
-<script type="text/javascript" src="ECP2.js"></script>
-<script type="text/javascript" src="FP4.js"></script>
-<script type="text/javascript" src="FP12.js"></script>
-<script type="text/javascript" src="PAIR.js"></script>
-
-<script>
-/* test driver and function exerciser for PAIRING Functions */
-
- var i;
- var result;
- var MIN_ITERS=1;
- var MIN_TIME=10;
- var RAW=[];
- var fail=false;
- var G=new ECP(0);
- var Q=new ECP2(0);
-
- var rng=new RAND();
- rng.clean();
-
- for (i=0;i<100;i++) RAW[i]=i+1;
- rng.seed(100,RAW);
-
- if (ROM.CURVE_PAIRING_TYPE==ROM.BN_CURVE)
- {
- window.document.write("BN Pairing-Friendly Curve"+ "<br>");
- }
- if (ROM.CURVE_PAIRING_TYPE==ROM.BLS_CURVE)
- {
- window.document.write("BLS Pairing-Friendly Curve"+ "<br>");
- }
-
- window.document.write("Modulus size " + ROM.MODBITS + " bits"+ "<br>");
- window.document.write(ROM.CHUNK + " bit build"+ "<br>");
-
- var gx=new BIG(0); gx.rcopy(ROM.CURVE_Gx);
- var gy=new BIG(0); gy.rcopy(ROM.CURVE_Gy);
- G.setxy(gx,gy);
-
- r=new BIG(0); r.rcopy(ROM.CURVE_Order);
- s=BIG.randomnum(r,rng);
-
- var P=PAIR.G1mul(G,r);
-
- if (!P.is_infinity())
- {
- alert("FAILURE - rP!=O");
- fail=true;
- }
-
- var elapsed;
- var start = performance.now();
- iterations=0;
- do {
- P=PAIR.G1mul(G,s);
- iterations++;
- elapsed=(performance.now()-start);
- } while (elapsed<MIN_TIME*1000 || iterations<MIN_ITERS);
- dur=elapsed/iterations;
- window.document.write("G1 mul - " + iterations + " iterations ");
- window.document.write(dur.toFixed(2) + " ms per iteration"+ "<br>");
-
- var A=new BIG(0);
- var B=new BIG(0);
- A.rcopy(ROM.CURVE_Pxa); B.rcopy(ROM.CURVE_Pxb);
- var QX=new FP2(0); QX.bset(A,B);
- A.rcopy(ROM.CURVE_Pya); B.rcopy(ROM.CURVE_Pyb);
- var QY=new FP2(0); QY.bset(A,B);
- Q.setxy(QX,QY);
-
- W=PAIR.G2mul(Q,r);
-
- if (!W.is_infinity())
- {
- alert("FAILURE - rQ!=O");
- fail=true;
- }
-
- start = performance.now();
- iterations=0;
- do {
- W=PAIR.G2mul(Q,s);
- iterations++;
- elapsed=(performance.now()-start);
- } while (elapsed<MIN_TIME*1000 || iterations<MIN_ITERS);
- dur=elapsed/iterations;
- window.document.write("G2 mul - " + iterations + " iteration ");
- window.document.write(dur.toFixed(2) + " ms per iteration"+ "<br>");
-
- var w=PAIR.ate(Q,P);
- w=PAIR.fexp(w);
-
- var g=PAIR.GTpow(w,r);
-
- if (!g.isunity())
- {
- alert("FAILURE - g^r!=1");
- fail=true;
- }
-
- start = performance.now();
- iterations=0;
- do {
- g=PAIR.GTpow(w,s);
- iterations++;
- elapsed=(performance.now()-start);
- } while (elapsed<MIN_TIME*1000 || iterations<MIN_ITERS);
- dur=elapsed/iterations;
- window.document.write("GT pow - " + iterations + " iteration ");
- window.document.write(dur.toFixed(2) + " ms per iteration"+ "<br>");
-
- var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra);
- var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb);
- var f=new FP2(fa,fb); //f.bset(fa,fb);
-
- q=new BIG(0); q.rcopy(ROM.Modulus);
-
- var m=new BIG(q);
- m.mod(r);
-
- var a=new BIG(s);
- a.mod(m);
-
- var b=new BIG(s);
- b.div(m);
-
- g.copy(w);
- var c=g.trace();
-
- g.frob(f);
- var cp=g.trace();
-
- w.conj();
- g.mul(w);
- var cpm1=g.trace();
- g.mul(w);
- var cpm2=g.trace();
-
- var cr;
- start = performance.now();
- iterations=0;
- do {
- cr=c.xtr_pow2(cp,cpm1,cpm2,a,b);
- iterations++;
- elapsed=(performance.now()-start);
- } while (elapsed<MIN_TIME*1000 || iterations<MIN_ITERS);
- dur=elapsed/iterations;
- window.document.write("GT pow (compressed) - " + iterations + " iteration ");
- window.document.write(dur.toFixed(2) + " ms per iteration"+ "<br>");
-
- start = performance.now();
- iterations=0;
- do {
- w=PAIR.ate(Q,P);
- iterations++;
- elapsed=(performance.now()-start);
- } while (elapsed<MIN_TIME*1000 || iterations<MIN_ITERS);
- dur=elapsed/iterations;
- window.document.write("PAIRing ATE - " + iterations + " iteration ");
- window.document.write(dur.toFixed(2) + " ms per iteration"+ "<br>");
-
- start = performance.now();
- iterations=0;
- do {
- g=PAIR.fexp(w);
- iterations++;
- elapsed=(performance.now()-start);
- } while (elapsed<MIN_TIME*1000 || iterations<MIN_ITERS);
- dur=elapsed/iterations;
- window.document.write("PAIRing FEXP - " + iterations + " iteration ");
- window.document.write(dur.toFixed(2) + " ms per iteration"+ "<br>");
-
- P.copy(G);
- Q.copy(W);
-
- P=PAIR.G1mul(P,s);
- g=PAIR.ate(Q,P);
- g=PAIR.fexp(g);
-
- P.copy(G);
- Q=PAIR.G2mul(Q,s);
- w=PAIR.ate(Q,P);
- w=PAIR.fexp(w);
-
- if (!g.equals(w))
- {
- alert("FAILURE - e(sQ,p)!=e(Q,sP)");
- fail=true;
- }
-
- Q.copy(W);
- g=PAIR.ate(Q,P);
- g=PAIR.fexp(g);
- g=PAIR.GTpow(g,s);
-
- if (!g.equals(w))
- {
- alert("FAILURE - e(sQ,p)!=e(Q,P)^s");
- fail=true;
- }
-
- if (!fail) window.document.write("All tests pass"+ "<br>");
-
-</script>
-</body>
-</html>
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/DBIG.js
----------------------------------------------------------------------
diff --git a/version22/js/DBIG.js b/version22/js/DBIG.js
deleted file mode 100644
index 38ff462..0000000
--- a/version22/js/DBIG.js
+++ /dev/null
@@ -1,284 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/* AMCL double length DBIG number class */
-
-/* constructor */
-var DBIG = function(x) {
- this.w=[];
- this.zero();
- this.w[0]=x;
-};
-
-DBIG.prototype={
-
-/* set this=0 */
- zero: function()
- {
- for (var i=0;i<ROM.DNLEN;i++) this.w[i]=0;
- return this;
- },
-
-/* set this=b */
- copy: function(b)
- {
- for (var i=0;i<ROM.DNLEN;i++) this.w[i]=b.w[i];
- return this;
- },
-
-
-/* copy from BIG */
- hcopy: function(b)
- {
- var i;
- for (i=0;i<ROM.NLEN;i++) this.w[i]=b.w[i];
- for (i=ROM.NLEN;i<ROM.DNLEN;i++) this.w[i]=0;
- return this;
- },
-
-/* normalise this */
- norm: function()
- {
- var d,carry=0;
- for (var i=0;i<ROM.DNLEN-1;i++)
- {
- d=this.w[i]+carry;
- this.w[i]=d&ROM.BMASK;
- carry=d>>ROM.BASEBITS;
- }
- this.w[ROM.DNLEN-1]=(this.w[ROM.DNLEN-1]+carry);
- return this;
- },
-
-/* set this[i]+=x*y+c, and return high part */
- muladd: function(x,y,c,i)
- {
- var prod=x*y+c+this.w[i];
- this.w[i]=prod&ROM.BMASK;
- return ((prod-this.w[i])*ROM.MODINV);
- },
-
-/* shift this right by k bits */
- shr: function(k)
- {
- var i,n=k%ROM.BASEBITS;
- var m=Math.floor(k/ROM.BASEBITS);
- for (i=0;i<ROM.DNLEN-m-1;i++)
- this.w[i]=(this.w[m+i]>>n)|((this.w[m+i+1]<<(ROM.BASEBITS-n))&ROM.BMASK);
- this.w[ROM.DNLEN-m-1]=this.w[ROM.DNLEN-1]>>n;
- for (i=ROM.DNLEN-m;i<ROM.DNLEN;i++) this.w[i]=0;
- return this;
- },
-
-/* shift this left by k bits */
- shl: function(k)
- {
- var i,n=k%ROM.BASEBITS;
- var m=Math.floor(k/ROM.BASEBITS);
-
- this.w[ROM.DNLEN-1]=((this.w[ROM.DNLEN-1-m]<<n))|(this.w[ROM.DNLEN-m-2]>>(ROM.BASEBITS-n));
- for (i=ROM.DNLEN-2;i>m;i--)
- this.w[i]=((this.w[i-m]<<n)&ROM.BMASK)|(this.w[i-m-1]>>(ROM.BASEBITS-n));
- this.w[m]=(this.w[0]<<n)&ROM.BMASK;
- for (i=0;i<m;i++) this.w[i]=0;
- return this;
- },
-
-/* Conditional move of big depending on d using XOR - no branches */
- cmove: function(b,d)
- {
- var i;
- var c=d;
- c=~(c-1);
-
- for (i=0;i<ROM.DNLEN;i++)
- {
- this.w[i]^=(this.w[i]^b.w[i])&c;
- }
- },
-
-
-/* this+=x */
- add: function(x)
- {
- for (var i=0;i<ROM.DNLEN;i++)
- this.w[i]+=x.w[i];
- },
-
-/* this-=x */
- sub: function(x)
- {
- for (var i=0;i<ROM.DNLEN;i++)
- this.w[i]-=x.w[i];
- },
-
-/* return number of bits in this */
- nbits: function()
- {
- var bts,k=ROM.DNLEN-1;
- var c;
- this.norm();
- while (k>=0 && this.w[k]===0) k--;
- if (k<0) return 0;
- bts=ROM.BASEBITS*k;
- c=this.w[k];
- while (c!==0) {c=Math.floor(c/2); bts++;}
- return bts;
- },
-
-/* convert this to string */
- toString: function()
- {
-
- var b;
- var s="";
- var len=this.nbits();
- if (len%4===0) len=Math.floor(len/4);
- else {len=Math.floor(len/4); len++;}
-
- for (var i=len-1;i>=0;i--)
- {
- b=new DBIG(0);
- b.copy(this);
- b.shr(i*4);
- s+=(b.w[0]&15).toString(16);
- }
- return s;
- },
-
-/* reduces this DBIG mod a BIG, and returns the BIG */
- mod: function(c)
- {
- var k=0;
- this.norm();
- var m=new DBIG(0);
- var dr=new DBIG(0);
- m.hcopy(c);
- var r=new BIG(0);
- r.hcopy(this);
-
- if (DBIG.comp(this,m)<0) return r;
-
- do
- {
- m.shl(1);
- k++;
- }
- while (DBIG.comp(this,m)>=0);
-
- while (k>0)
- {
- m.shr(1);
-
- dr.copy(this);
- dr.sub(m);
- dr.norm();
- this.cmove(dr,(1-((dr.w[ROM.DNLEN-1]>>(ROM.CHUNK-1))&1)));
-
-/*
- if (DBIG.comp(this,m)>=0)
- {
- this.sub(m);
- this.norm();
- } */
- k--;
- }
-
- r.hcopy(this);
- return r;
- },
-
-/* this/=c */
- div: function(c)
- {
- var d=0;
- var k=0;
- var m=new DBIG(0); m.hcopy(c);
- var dr=new DBIG(0);
- var r=new BIG(0);
- var a=new BIG(0);
- var e=new BIG(1);
- this.norm();
-
- while (DBIG.comp(this,m)>=0)
- {
- e.fshl(1);
- m.shl(1);
- k++;
- }
-
- while (k>0)
- {
- m.shr(1);
- e.shr(1);
-
- dr.copy(this);
- dr.sub(m);
- dr.norm();
- d=(1-((dr.w[ROM.DNLEN-1]>>(ROM.CHUNK-1))&1));
- this.cmove(dr,d);
- r.copy(a);
- r.add(e);
- r.norm();
- a.cmove(r,d);
-/*
- if (DBIG.comp(this,m)>0)
- {
- a.add(e);
- a.norm();
- this.sub(m);
- this.norm();
- } */
- k--;
- }
- return a;
- },
-
-/* split this DBIG at position n, return higher half, keep lower half */
- split: function(n)
- {
- var t=new BIG(0);
- var nw,m=n%ROM.BASEBITS;
- var carry=this.w[ROM.DNLEN-1]<<(ROM.BASEBITS-m);
-
-
- for (var i=ROM.DNLEN-2;i>=ROM.NLEN-1;i--)
- {
- nw=(this.w[i]>>m)|carry;
- carry=(this.w[i]<<(ROM.BASEBITS-m))&ROM.BMASK;
- t.w[i-ROM.NLEN+1]=nw;
- }
- this.w[ROM.NLEN-1]&=((1<<m)-1);
-
- return t;
- }
-
-};
-
-/* Compare a and b, return 0 if a==b, -1 if a<b, +1 if a>b. Inputs must be normalised */
-DBIG.comp=function(a,b)
-{
- for (var i=ROM.DNLEN-1;i>=0;i--)
- {
- if (a.w[i]==b.w[i]) continue;
- if (a.w[i]>b.w[i]) return 1;
- else return -1;
- }
- return 0;
-};
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/ECDH.js
----------------------------------------------------------------------
diff --git a/version22/js/ECDH.js b/version22/js/ECDH.js
deleted file mode 100644
index 326d90d..0000000
--- a/version22/js/ECDH.js
+++ /dev/null
@@ -1,585 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-var ECDH = {
-
- INVALID_PUBLIC_KEY:-2,
- ERROR:-3,
- INVALID:-4,
- EFS:ROM.MODBYTES,
- EGS:ROM.MODBYTES,
- EAS:16,
- EBS:16,
- SHA256:32,
- SHA384:48,
- SHA512:64,
-
- HASH_TYPE:64,
-
- /* Convert Integer to n-byte array */
- inttobytes: function(n,len)
- {
- var i;
- var b=[];
-
- for (i=0;i<len;i++) b[i]=0;
- i=len;
- while (n>0 && i>0)
- {
- i--;
- b[i]=(n&0xff);
- n=Math.floor(n/256);
- }
- return b;
- },
-
- bytestostring: function(b)
- {
- var s="";
- var len=b.length;
- var ch;
-
- for (var i=0;i<len;i++)
- {
- ch=b[i];
- s+=((ch>>>4)&15).toString(16);
- s+=(ch&15).toString(16);
-
- }
- return s;
- },
-
- stringtobytes: function(s)
- {
- var b=[];
- for (var i=0;i<s.length;i++)
- b.push(s.charCodeAt(i));
- return b;
- },
-
- hashit: function(sha,A,n,B,pad)
- {
- var R=[];
- if (sha==this.SHA256)
- {
- var H=new HASH256();
- H.process_array(A); if (n>0) H.process_num(n);
- if (B!=null) H.process_array(B);
- R=H.hash();
- }
- if (sha==this.SHA384)
- {
- H=new HASH384();
- H.process_array(A); if (n>0) H.process_num(n);
- if (B!=null) H.process_array(B);
- R=H.hash();
- }
- if (sha==this.SHA512)
- {
- H=new HASH512();
- H.process_array(A); if (n>0) H.process_num(n);
- if (B!=null) H.process_array(B);
- R=H.hash();
- }
- if (R.length==0) return null;
-
- if (pad==0) return R;
- var W=[];
- if (pad<=sha)
- {
- for (var i=0;i<pad;i++) W[i]=R[i];
- }
- else
- {
- for (var i=0;i<sha;i++) W[i]=R[i];
- for (var i=sha;i<pad;i++) W[i]=0;
- }
- return W;
- },
-
- KDF1: function(sha,Z,olen)
- {
-/* NOTE: the parameter olen is the length of the output K in bytes */
- var i,hlen=sha;
- var K=[];
-
- var B=[];
- var counter,cthreshold,k=0;
-
- for (i=0;i<K.length;i++) K[i]=0; // redundant?
-
- cthreshold=Math.floor(olen/hlen); if (olen%hlen!==0) cthreshold++;
-
- for (counter=0;counter<cthreshold;counter++)
- {
- B=this.hashit(sha,Z,counter,null,0);
- if (k+hlen>olen) for (i=0;i<olen%hlen;i++) K[k++]=B[i];
- else for (i=0;i<hlen;i++) K[k++]=B[i];
- }
- return K;
- },
-
- KDF2: function(sha,Z,P,olen)
- {
-/* NOTE: the parameter olen is the length of the output k in bytes */
- var i,hlen=sha;
- var K=[];
-
- var B=[];
- var counter,cthreshold,k=0;
-
- for (i=0;i<K.length;i++) K[i]=0; // redundant?
-
- cthreshold=Math.floor(olen/hlen); if (olen%hlen!==0) cthreshold++;
-
- for (counter=1;counter<=cthreshold;counter++)
- {
- B=this.hashit(sha,Z,counter,P,0);
- if (k+hlen>olen) for (i=0;i<olen%hlen;i++) K[k++]=B[i];
- else for (i=0;i<hlen;i++) K[k++]=B[i];
- }
- return K;
- },
-
-/* Password based Key Derivation Function */
-/* Input password p, salt s, and repeat count */
-/* Output key of length olen */
-
- PBKDF2: function(sha,Pass,Salt,rep,olen)
- {
- var i,j,k,d,opt;
- d=Math.floor(olen/sha); if (olen%sha!==0) d++;
- var F=new Array(sha);
- var U=[];
- var S=[];
-
- var K=[];
- opt=0;
-
- for (i=1;i<=d;i++)
- {
- for (j=0;j<Salt.length;j++) S[j]=Salt[j];
- var N=this.inttobytes(i,4);
- for (j=0;j<4;j++) S[Salt.length+j]=N[j];
- this.HMAC(sha,S,Pass,F);
- for (j=0;j<sha;j++) U[j]=F[j];
- for (j=2;j<=rep;j++)
- {
- this.HMAC(sha,U,Pass,U);
- for (k=0;k<sha;k++) F[k]^=U[k];
- }
- for (j=0;j<sha;j++) K[opt++]=F[j];
- }
- var key=[];
- for (i=0;i<olen;i++) key[i]=K[i];
- return key;
- },
-
- HMAC: function(sha,M,K,tag)
- {
- /* Input is from an octet m *
- * olen is requested output length in bytes. k is the key *
- * The output is the calculated tag */
- var i,b;
- var B=[];
- b=64;
- if (sha>32) b=128;
- var K0=new Array(b);
- var olen=tag.length;
-
- //b=K0.length;
- if (olen<4 ) return 0;
-
- for (i=0;i<b;i++) K0[i]=0;
-
- if (K.length > b)
- {
- B=this.hashit(sha,K,0,null,0);
- for (i=0;i<sha;i++) K0[i]=B[i];
- }
- else
- for (i=0;i<K.length;i++) K0[i]=K[i];
-
- for (i=0;i<b;i++) K0[i]^=0x36;
- B=this.hashit(sha,K0,0,M,0);
-
- for (i=0;i<b;i++) K0[i]^=0x6a;
- B=this.hashit(sha,K0,0,B,olen);
-
- for (i=0;i<olen;i++) tag[i]=B[i];
-
- return 1;
- },
-
-/* AES encryption/decryption */
-
- AES_CBC_IV0_ENCRYPT: function(K,M)
- { /* AES CBC encryption, with Null IV and key K */
- /* Input is from an octet string M, output is to an octet string C */
- /* Input is padded as necessary to make up a full final block */
- var a=new AES();
- var fin;
- var i,j,ipt,opt;
- var buff=[];
- /*var clen=16+(Math.floor(M.length/16))*16;*/
-
- var C=[];
- var padlen;
-
- a.init(ROM.CBC,K.length,K,null);
-
- ipt=opt=0;
- fin=false;
- for(;;)
- {
- for (i=0;i<16;i++)
- {
- if (ipt<M.length) buff[i]=M[ipt++];
- else {fin=true; break;}
- }
- if (fin) break;
- a.encrypt(buff);
- for (i=0;i<16;i++)
- C[opt++]=buff[i];
- }
-
-/* last block, filled up to i-th index */
-
- padlen=16-i;
- for (j=i;j<16;j++) buff[j]=padlen;
- a.encrypt(buff);
- for (i=0;i<16;i++)
- C[opt++]=buff[i];
- a.end();
- return C;
- },
-
- AES_CBC_IV0_DECRYPT: function(K,C)
- { /* padding is removed */
- var a=new AES();
- var i,ipt,opt,ch;
- var buff=[];
- var MM=[];
- var fin,bad;
- var padlen;
- ipt=opt=0;
-
- a.init(ROM.CBC,K.length,K,null);
-
- if (C.length===0) return [];
- ch=C[ipt++];
-
- fin=false;
-
- for(;;)
- {
- for (i=0;i<16;i++)
- {
- buff[i]=ch;
- if (ipt>=C.length) {fin=true; break;}
- else ch=C[ipt++];
- }
- a.decrypt(buff);
- if (fin) break;
- for (i=0;i<16;i++)
- MM[opt++]=buff[i];
- }
-
- a.end();
- bad=false;
- padlen=buff[15];
- if (i!=15 || padlen<1 || padlen>16) bad=true;
- if (padlen>=2 && padlen<=16)
- for (i=16-padlen;i<16;i++) if (buff[i]!=padlen) bad=true;
-
- if (!bad) for (i=0;i<16-padlen;i++)
- MM[opt++]=buff[i];
-
- var M=[];
- if (bad) return M;
-
- for (i=0;i<opt;i++) M[i]=MM[i];
- return M;
- },
-
- KEY_PAIR_GENERATE: function(RNG,S,W)
- {
- var r,gx,gy,s;
- var G,WP;
- var res=0;
-// var T=[];
- G=new ECP(0);
-
- gx=new BIG(0); gx.rcopy(ROM.CURVE_Gx);
-
- if (ROM.CURVETYPE!=ROM.MONTGOMERY)
- {
- gy=new BIG(0); gy.rcopy(ROM.CURVE_Gy);
- G.setxy(gx,gy);
- }
- else G.setx(gx);
-
- r=new BIG(0); r.rcopy(ROM.CURVE_Order);
-
- if (RNG===null)
- {
- s=BIG.fromBytes(S);
- s.mod(r);
- }
- else
- {
- s=BIG.randomnum(r,RNG);
-
- // s.toBytes(T);
- // for (var i=0;i<this.EGS;i++) S[i]=T[i];
- }
- if (ROM.AES_S>0)
- {
- s.mod2m(2*ROM.AES_S);
- }
- s.toBytes(S);
-
- WP=G.mul(s);
- WP.toBytes(W);
-
- return res;
- },
-
- PUBLIC_KEY_VALIDATE: function(full,W)
- {
- var r;
- var WP=ECP.fromBytes(W);
- var res=0;
-
- r=new BIG(0); r.rcopy(ROM.CURVE_Order);
-
- if (WP.is_infinity()) res=this.INVALID_PUBLIC_KEY;
-
- if (res===0 && full)
- {
- WP=WP.mul(r);
- if (!WP.is_infinity()) res=this.INVALID_PUBLIC_KEY;
- }
- return res;
- },
-
- ECPSVDP_DH: function(S,WD,Z)
- {
- var r,s;
- var W;
- var res=0;
- var T=[];
-
- s=BIG.fromBytes(S);
-
- W=ECP.fromBytes(WD);
- if (W.is_infinity()) res=this.ERROR;
-
- if (res===0)
- {
- r=new BIG(0); r.rcopy(ROM.CURVE_Order);
- s.mod(r);
- W=W.mul(s);
- if (W.is_infinity()) res=this.ERROR;
- else
- {
- W.getX().toBytes(T);
- for (var i=0;i<this.EFS;i++) Z[i]=T[i];
- }
- }
- return res;
- },
-
- ECPSP_DSA: function(sha,RNG,S,F,C,D)
- {
- var T=[];
- var i,gx,gy,r,s,f,c,d,u,vx,w;
- var G,V;
-
- var B=this.hashit(sha,F,0,null,ROM.MODBYTES);
-
- gx=new BIG(0); gx.rcopy(ROM.CURVE_Gx);
- gy=new BIG(0); gy.rcopy(ROM.CURVE_Gy);
-
- G=new ECP(0);
- G.setxy(gx,gy);
- r=new BIG(0); r.rcopy(ROM.CURVE_Order);
-
- s=BIG.fromBytes(S);
- f=BIG.fromBytes(B);
-
- c=new BIG(0);
- d=new BIG(0);
- V=new ECP();
-
- do {
- u=BIG.randomnum(r,RNG);
- w=BIG.randomnum(r,RNG);
- if (ROM.AES_S>0)
- {
- u.mod2m(2*ROM.AES_S);
- }
- V.copy(G);
- V=V.mul(u);
- vx=V.getX();
- c.copy(vx);
- c.mod(r);
- if (c.iszilch()) continue;
- u=BIG.modmul(u,w,r);
- u.invmodp(r);
- d=BIG.modmul(s,c,r);
- d.add(f);
- d=BIG.modmul(d,w,r);
- d=BIG.modmul(u,d,r);
- } while (d.iszilch());
-
- c.toBytes(T);
- for (i=0;i<this.EFS;i++) C[i]=T[i];
- d.toBytes(T);
- for (i=0;i<this.EFS;i++) D[i]=T[i];
- return 0;
- },
-
- ECPVP_DSA: function(sha,W,F,C,D)
- {
- var B=[];
- var r,gx,gy,f,c,d,h2;
- var res=0;
- var G,WP,P;
-
- B=this.hashit(sha,F,0,null,ROM.MODBYTES);
-
- gx=new BIG(0); gx.rcopy(ROM.CURVE_Gx);
- gy=new BIG(0); gy.rcopy(ROM.CURVE_Gy);
-
- G=new ECP(0);
- G.setxy(gx,gy);
- r=new BIG(0); r.rcopy(ROM.CURVE_Order);
-
- c=BIG.fromBytes(C);
- d=BIG.fromBytes(D);
- f=BIG.fromBytes(B);
-
- if (c.iszilch() || BIG.comp(c,r)>=0 || d.iszilch() || BIG.comp(d,r)>=0)
- res=this.INVALID;
-
- if (res===0)
- {
- d.invmodp(r);
- f=BIG.modmul(f,d,r);
- h2=BIG.modmul(c,d,r);
-
- WP=ECP.fromBytes(W);
- if (WP.is_infinity()) res=this.ERROR;
- else
- {
- P=new ECP();
- P.copy(WP);
- P=P.mul2(h2,G,f);
- if (P.is_infinity()) res=this.INVALID;
- else
- {
- d=P.getX();
- d.mod(r);
- if (BIG.comp(d,c)!==0) res=this.INVALID;
- }
- }
- }
-
- return res;
- },
-
- ECIES_ENCRYPT: function(sha,P1,P2,RNG,W,M,V,T)
- {
- var i;
-
- var Z=[];
- var VZ=[];
- var K1=[];
- var K2=[];
- var U=[];
- var C=[];
-
- if (this.KEY_PAIR_GENERATE(RNG,U,V)!==0) return C;
- if (this.ECPSVDP_DH(U,W,Z)!==0) return C;
-
- for (i=0;i<2*this.EFS+1;i++) VZ[i]=V[i];
- for (i=0;i<this.EFS;i++) VZ[2*this.EFS+1+i]=Z[i];
-
-
- var K=this.KDF2(sha,VZ,P1,EFS);
-
- for (i=0;i<this.EAS;i++) {K1[i]=K[i]; K2[i]=K[this.EAS+i];}
-
- C=this.AES_CBC_IV0_ENCRYPT(K1,M);
-
- var L2=this.inttobytes(P2.length,8);
-
- var AC=[];
- for (i=0;i<C.length;i++) AC[i]=C[i];
- for (i=0;i<P2.length;i++) AC[C.length+i]=P2[i];
- for (i=0;i<8;i++) AC[C.length+P2.length+i]=L2[i];
-
- this.HMAC(sha,AC,K2,T);
-
- return C;
- },
-
- ECIES_DECRYPT: function(sha,P1,P2,V,C,T,U)
- {
-
- var i;
-
- var Z=[];
- var VZ=[];
- var K1=[];
- var K2=[];
- var TAG=new Array(T.length);
- var M=[];
-
- if (this.ECPSVDP_DH(U,V,Z)!==0) return M;
-
- for (i=0;i<2*this.EFS+1;i++) VZ[i]=V[i];
- for (i=0;i<this.EFS;i++) VZ[2*this.EFS+1+i]=Z[i];
-
- var K=this.KDF2(sha,VZ,P1,this.EFS);
-
- for (i=0;i<this.EAS;i++) {K1[i]=K[i]; K2[i]=K[this.EAS+i];}
-
- M=this.AES_CBC_IV0_DECRYPT(K1,C);
-
- if (M.length===0) return M;
-
- var L2=this.inttobytes(P2.length,8);
-
- var AC=[];
-
- for (i=0;i<C.length;i++) AC[i]=C[i];
- for (i=0;i<P2.length;i++) AC[C.length+i]=P2[i];
- for (i=0;i<8;i++) AC[C.length+P2.length+i]=L2[i];
-
- this.HMAC(sha,AC,K2,TAG);
-
- var same=true;
- for (i=0;i<T.length;i++) if (T[i]!=TAG[i]) same=false;
- if (!same) return [];
-
- return M;
- }
-};
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/ECP.js
----------------------------------------------------------------------
diff --git a/version22/js/ECP.js b/version22/js/ECP.js
deleted file mode 100644
index ade058b..0000000
--- a/version22/js/ECP.js
+++ /dev/null
@@ -1,903 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/* Elliptic Curve Point class */
-
-/* Constructor */
-var ECP = function()
-{
- this.x=new FP(0);
- this.y=new FP(1);
- this.z=new FP(1);
- this.INF=true;
-};
-
-ECP.prototype={
-/* test this=O point-at-infinity */
- is_infinity: function()
- {
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- this.x.reduce(); this.y.reduce(); this.z.reduce();
- return (this.x.iszilch() && this.y.equals(this.z));
- }
- else return this.INF;
- },
-
-
-/* conditional swap of this and Q dependant on d */
- cswap: function(Q,d)
- {
- this.x.cswap(Q.x,d);
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) this.y.cswap(Q.y,d);
- this.z.cswap(Q.z,d);
- if (ROM.CURVETYPE!=ROM.EDWARDS)
- {
- var bd=(d!==0)?true:false;
- bd=bd&(this.INF^Q.INF);
- this.INF^=bd;
- Q.INF^=bd;
- }
- },
-
-/* conditional move of Q to P dependant on d */
- cmove: function(Q,d)
- {
- this.x.cmove(Q.x,d);
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) this.y.cmove(Q.y,d);
- this.z.cmove(Q.z,d);
- if (ROM.CURVETYPE!=ROM.EDWARDS)
- {
- var bd=(d!==0)?true:false;
- this.INF^=(this.INF^Q.INF)&bd;
- }
- },
-
-/* Constant time select from pre-computed table */
- select: function(W,b)
- {
- var MP=new ECP();
- var m=b>>31;
- var babs=(b^m)-m;
-
- babs=(babs-1)/2;
-
- this.cmove(W[0],ECP.teq(babs,0)); // conditional move
- this.cmove(W[1],ECP.teq(babs,1));
- this.cmove(W[2],ECP.teq(babs,2));
- this.cmove(W[3],ECP.teq(babs,3));
- this.cmove(W[4],ECP.teq(babs,4));
- this.cmove(W[5],ECP.teq(babs,5));
- this.cmove(W[6],ECP.teq(babs,6));
- this.cmove(W[7],ECP.teq(babs,7));
-
- MP.copy(this);
- MP.neg();
- this.cmove(MP,(m&1));
- },
-
-/* Test P == Q */
-
- equals: function(Q)
- {
- if (this.is_infinity() && Q.is_infinity()) return true;
- if (this.is_infinity() || Q.is_infinity()) return false;
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- {
- var zs2=new FP(0); zs2.copy(this.z); zs2.sqr();
- var zo2=new FP(0); zo2.copy(Q.z); zo2.sqr();
- var zs3=new FP(0); zs3.copy(zs2); zs3.mul(this.z);
- var zo3=new FP(0); zo3.copy(zo2); zo3.mul(Q.z);
- zs2.mul(Q.x);
- zo2.mul(this.x);
- if (!zs2.equals(zo2)) return false;
- zs3.mul(Q.y);
- zo3.mul(this.y);
- if (!zs3.equals(zo3)) return false;
- }
- else
- {
- var a=new FP(0);
- var b=new FP(0);
- a.copy(this.x); a.mul(Q.z); a.reduce();
- b.copy(Q.x); b.mul(this.z); b.reduce();
- if (!a.equals(b)) return false;
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- a.copy(this.y); a.mul(Q.z); a.reduce();
- b.copy(Q.y); b.mul(this.z); b.reduce();
- if (!a.equals(b)) return false;
- }
- }
- return true;
- },
-/* copy this=P */
- copy: function(P)
- {
- this.x.copy(P.x);
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) this.y.copy(P.y);
- this.z.copy(P.z);
- this.INF=P.INF;
- },
-/* this=-this */
- neg: function()
- {
- if (this.is_infinity()) return;
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- {
- this.y.neg(); this.y.norm();
- }
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- this.x.neg(); this.x.norm();
- }
- return;
- },
-/* set this=O */
- inf: function()
- {
- this.INF=true;
- this.x.zero();
- this.y=new FP(1);
- this.z=new FP(1);
- },
-/* set this=(x,y) where x and y are BIGs */
- setxy: function(ix,iy)
- {
-
- this.x=new FP(0); this.x.bcopy(ix);
- var bx=this.x.redc();
-
- this.y=new FP(0); this.y.bcopy(iy);
- this.z=new FP(1);
- var rhs=ECP.RHS(this.x);
-
- if (ROM.CURVETYPE==ROM.MONTGOMERY)
- {
- if (rhs.jacobi()==1) this.INF=false;
- else this.inf();
- }
- else
- {
- var y2=new FP(0); y2.copy(this.y);
- y2.sqr();
- if (y2.equals(rhs)) this.INF=false;
- else this.inf();
-
- }
- },
-/* set this=x, where x is BIG, y is derived from sign s */
- setxi: function(ix,s)
- {
- this.x=new FP(0); this.x.bcopy(ix);
- var rhs=ECP.RHS(this.x);
- this.z=new FP(1);
- if (rhs.jacobi()==1)
- {
- var ny=rhs.sqrt();
- if (ny.redc().parity()!=s) ny.neg();
- this.y=ny;
- this.INF=false;
- }
- else this.inf();
- },
-/* set this=x, y calcuated from curve equation */
- setx: function(ix)
- {
- this.x=new FP(0); this.x.bcopy(ix);
- var rhs=ECP.RHS(this.x);
- this.z=new FP(1);
- if (rhs.jacobi()==1)
- {
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) this.y=rhs.sqrt();
- this.INF=false;
- }
- else this.INF=true;
- },
-/* set this to affine - from (x,y,z) to (x,y) */
- affine: function()
- {
- if (this.is_infinity()) return;
- var one=new FP(1);
- if (this.z.equals(one)) return;
- this.z.inverse();
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- {
- var z2=new FP(0); z2.copy(this.z);
- z2.sqr();
- this.x.mul(z2); this.x.reduce();
- this.y.mul(z2);
- this.y.mul(this.z); this.y.reduce();
- this.z=one;
- }
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- this.x.mul(this.z); this.x.reduce();
- this.y.mul(this.z); this.y.reduce();
- this.z=one;
- }
- if (ROM.CURVETYPE==ROM.MONTGOMERY)
- {
- this.x.mul(this.z); this.x.reduce();
- this.z=one;
- }
- },
-/* extract x as BIG */
- getX: function()
- {
- this.affine();
- return this.x.redc();
- },
-/* extract y as BIG */
- getY: function()
- {
- this.affine();
- return this.y.redc();
- },
-
-/* get sign of Y */
- getS: function()
- {
- this.affine();
- var y=this.getY();
- return y.parity();
- },
-/* extract x as FP */
- getx: function()
- {
- return this.x;
- },
-/* extract y as FP */
- gety: function()
- {
- return this.y;
- },
-/* extract z as FP */
- getz: function()
- {
- return this.z;
- },
-/* convert to byte array */
- toBytes: function(b)
- {
- var i,t=[];
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) b[0]=0x04;
- else b[0]=0x02;
-
- this.affine();
- this.x.redc().toBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) b[i+1]=t[i];
- if (ROM.CURVETYPE!=ROM.MONTGOMERY)
- {
- this.y.redc().toBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) b[i+ROM.MODBYTES+1]=t[i];
- }
- },
-/* convert to hex string */
- toString: function()
- {
- if (this.is_infinity()) return "infinity";
- this.affine();
- if (ROM.CURVETYPE==ROM.MONTGOMERY) return "("+this.x.redc().toString()+")";
- else return "("+this.x.redc().toString()+","+this.y.redc().toString()+")";
- },
-
-/* this+=this */
- dbl: function()
- {
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- {
- if (this.INF) return;
- if (this.y.iszilch())
- {
- this.inf();
- return;
- }
-
- var w1=new FP(0); w1.copy(this.x);
- var w6=new FP(0); w6.copy(this.z);
- var w2=new FP(0);
- var w3=new FP(0); w3.copy(this.x);
- var w8=new FP(0); w8.copy(this.x);
-
- if (ROM.CURVE_A==-3)
- {
- w6.sqr();
- w1.copy(w6);
- w1.neg();
- w3.add(w1);
- w8.add(w6);
- w3.mul(w8);
- w8.copy(w3);
- w8.imul(3);
- }
- else
- {
- w1.sqr();
- w8.copy(w1);
- w8.imul(3);
- }
-
- w2.copy(this.y); w2.sqr();
- w3.copy(this.x); w3.mul(w2);
- w3.imul(4);
- w1.copy(w3); w1.neg();
-
- this.x.copy(w8); this.x.sqr();
- this.x.add(w1);
- this.x.add(w1);
- this.x.norm();
-
- this.z.mul(this.y);
- this.z.add(this.z);
-
- w2.add(w2);
- w2.sqr();
- w2.add(w2);
- w3.sub(this.x);
- this.y.copy(w8); this.y.mul(w3);
- this.y.sub(w2);
- this.y.norm();
- this.z.norm();
- }
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- var C=new FP(0); C.copy(this.x);
- var D=new FP(0); D.copy(this.y);
- var H=new FP(0); H.copy(this.z);
- var J=new FP(0);
-
- this.x.mul(this.y); this.x.add(this.x);
- C.sqr();
- D.sqr();
- if (ROM.CURVE_A==-1) C.neg();
- this.y.copy(C); this.y.add(D);
- H.sqr(); H.add(H);
- this.z.copy(this.y);
- J.copy(this.y); J.sub(H);
- this.x.mul(J);
- C.sub(D);
- this.y.mul(C);
- this.z.mul(J);
-
- this.x.norm();
- this.y.norm();
- this.z.norm();
- }
- if (ROM.CURVETYPE==ROM.MONTGOMERY)
- {
- var A=new FP(0); A.copy(this.x);
- var B=new FP(0); B.copy(this.x);
- var AA=new FP(0);
- var BB=new FP(0);
- var C=new FP(0);
-
- if (this.INF) return;
-
- A.add(this.z);
- AA.copy(A); AA.sqr();
- B.sub(this.z);
- BB.copy(B); BB.sqr();
- C.copy(AA); C.sub(BB);
-
- this.x.copy(AA); this.x.mul(BB);
-
- A.copy(C); A.imul((ROM.CURVE_A+2)>>2);
-
- BB.add(A);
- this.z.copy(BB); this.z.mul(C);
- this.x.norm();
- this.z.norm();
- }
- return;
- },
-
-/* this+=Q */
- add: function(Q)
- {
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- {
- if (this.INF)
- {
- this.copy(Q);
- return;
- }
- if (Q.INF) return;
-
- var aff=false;
- var one=new FP(1);
- if (Q.z.equals(one)) aff=true;
-
- var A,C;
- var B=new FP(this.z);
- var D=new FP(this.z);
- if (!aff)
- {
- A=new FP(Q.z);
- C=new FP(Q.z);
-
- A.sqr(); B.sqr();
- C.mul(A); D.mul(B);
-
- A.mul(this.x);
- C.mul(this.y);
- }
- else
- {
- A=new FP(this.x);
- C=new FP(this.y);
-
- B.sqr();
- D.mul(B);
- }
-
- B.mul(Q.x); B.sub(A);
- D.mul(Q.y); D.sub(C);
-
- if (B.iszilch())
- {
- if (D.iszilch())
- {
- this.dbl();
- return;
- }
- else
- {
- this.INF=true;
- return;
- }
- }
-
- if (!aff) this.z.mul(Q.z);
- this.z.mul(B);
-
- var e=new FP(B); e.sqr();
- B.mul(e);
- A.mul(e);
-
- e.copy(A);
- e.add(A); e.add(B);
- this.x.copy(D); this.x.sqr(); this.x.sub(e);
-
- A.sub(this.x);
- this.y.copy(A); this.y.mul(D);
- C.mul(B); this.y.sub(C);
-
- this.x.norm();
- this.y.norm();
- this.z.norm();
-
- }
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- var b=new FP(0); b.rcopy(ROM.CURVE_B);
- var A=new FP(0); A.copy(this.z);
- var B=new FP(0);
- var C=new FP(0); C.copy(this.x);
- var D=new FP(0); D.copy(this.y);
- var E=new FP(0);
- var F=new FP(0);
- var G=new FP(0);
-
- A.mul(Q.z);
- B.copy(A); B.sqr();
- C.mul(Q.x);
- D.mul(Q.y);
-
- E.copy(C); E.mul(D); E.mul(b);
- F.copy(B); F.sub(E);
- G.copy(B); G.add(E);
-
- if (ROM.CURVE_A==1)
- {
- E.copy(D); E.sub(C);
- }
- C.add(D);
-
- B.copy(this.x); B.add(this.y);
- D.copy(Q.x); D.add(Q.y);
- B.mul(D);
- B.sub(C);
- B.mul(F);
- this.x.copy(A); this.x.mul(B);
-
- if (ROM.CURVE_A==1)
- {
- C.copy(E); C.mul(G);
- }
- if (ROM.CURVE_A==-1)
- {
- C.mul(G);
- }
- this.y.copy(A); this.y.mul(C);
- this.z.copy(F); this.z.mul(G);
- this.x.norm(); this.y.norm(); this.z.norm();
- }
- return;
- },
-
-/* Differential Add for Montgomery curves. this+=Q where W is this-Q and is affine. */
- dadd: function(Q,W)
- {
- var A=new FP(0); A.copy(this.x);
- var B=new FP(0); B.copy(this.x);
- var C=new FP(0); C.copy(Q.x);
- var D=new FP(0); D.copy(Q.x);
- var DA=new FP(0);
- var CB=new FP(0);
-
- A.add(this.z);
- B.sub(this.z);
-
- C.add(Q.z);
- D.sub(Q.z);
-
- DA.copy(D); DA.mul(A);
- CB.copy(C); CB.mul(B);
-
- A.copy(DA); A.add(CB); A.sqr();
- B.copy(DA); B.sub(CB); B.sqr();
-
- this.x.copy(A);
- this.z.copy(W.x); this.z.mul(B);
-
- if (this.z.iszilch()) this.inf();
- else this.INF=false;
-
- this.x.norm();
- },
-
-/* this-=Q */
- sub: function(Q) {
- Q.neg();
- this.add(Q);
- Q.neg();
- },
-
-/* constant time multiply by small integer of length bts - use ladder */
- pinmul: function(e,bts) {
- if (ROM.CURVETYPE==ROM.MONTGOMERY)
- return this.mul(new BIG(e));
- else
- {
- var nb,i,b;
- var P=new ECP();
- var R0=new ECP();
- var R1=new ECP(); R1.copy(this);
-
- for (i=bts-1;i>=0;i--)
- {
- b=(e>>i)&1;
- P.copy(R1);
- P.add(R0);
- R0.cswap(R1,b);
- R1.copy(P);
- R0.dbl();
- R0.cswap(R1,b);
- }
- P.copy(R0);
- P.affine();
- return P;
- }
- },
-
-/* return e.this - SPA immune, using Ladder */
-
- mul: function(e)
- {
- if (e.iszilch() || this.is_infinity()) return new ECP();
- var P=new ECP();
- if (ROM.CURVETYPE==ROM.MONTGOMERY)
- { /* use ladder */
- var nb,i,b;
- var D=new ECP();
- var R0=new ECP(); R0.copy(this);
- var R1=new ECP(); R1.copy(this);
- R1.dbl();
- D.copy(this); D.affine();
- nb=e.nbits();
- for (i=nb-2;i>=0;i--)
- {
- b=e.bit(i);
- P.copy(R1);
- P.dadd(R0,D);
-
- R0.cswap(R1,b);
- R1.copy(P);
- R0.dbl();
- R0.cswap(R1,b);
- }
- P.copy(R0);
- }
- else
- {
-// fixed size windows
- var i,b,nb,m,s,ns;
- var mt=new BIG();
- var t=new BIG();
- var Q=new ECP();
- var C=new ECP();
- var W=[];
- var w=[];
-
- this.affine();
-
-// precompute table
- Q.copy(this);
- Q.dbl();
- W[0]=new ECP();
- W[0].copy(this);
-
- for (i=1;i<8;i++)
- {
- W[i]=new ECP();
- W[i].copy(W[i-1]);
- W[i].add(Q);
- }
-
-// convert the table to affine
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- ECP.multiaffine(8,W);
-
-// make exponent odd - add 2P if even, P if odd
- t.copy(e);
- s=t.parity();
- t.inc(1); t.norm(); ns=t.parity(); mt.copy(t); mt.inc(1); mt.norm();
- t.cmove(mt,s);
- Q.cmove(this,ns);
- C.copy(Q);
-
- nb=1+Math.floor((t.nbits()+3)/4);
-
-// convert exponent to signed 4-bit window
- for (i=0;i<nb;i++)
- {
- w[i]=(t.lastbits(5)-16);
- t.dec(w[i]); t.norm();
- t.fshr(4);
- }
- w[nb]=t.lastbits(5);
-
- P.copy(W[Math.floor((w[nb]-1)/2)]);
- for (i=nb-1;i>=0;i--)
- {
- Q.select(W,w[i]);
- P.dbl();
- P.dbl();
- P.dbl();
- P.dbl();
- P.add(Q);
- }
- P.sub(C);
- }
- P.affine();
- return P;
- },
-
-/* Return e.this+f.Q */
-
- mul2: function(e,Q,f) {
- var te=new BIG();
- var tf=new BIG();
- var mt=new BIG();
- var S=new ECP();
- var T=new ECP();
- var C=new ECP();
- var W=[];
- var w=[];
- var i,s,ns,nb;
- var a,b;
-
- this.affine();
- Q.affine();
-
- te.copy(e);
- tf.copy(f);
-
-// precompute table
- W[1]=new ECP(); W[1].copy(this); W[1].sub(Q);
- W[2]=new ECP(); W[2].copy(this); W[2].add(Q);
- S.copy(Q); S.dbl();
- W[0]=new ECP(); W[0].copy(W[1]); W[0].sub(S);
- W[3]=new ECP(); W[3].copy(W[2]); W[3].add(S);
- T.copy(this); T.dbl();
- W[5]=new ECP(); W[5].copy(W[1]); W[5].add(T);
- W[6]=new ECP(); W[6].copy(W[2]); W[6].add(T);
- W[4]=new ECP(); W[4].copy(W[5]); W[4].sub(S);
- W[7]=new ECP(); W[7].copy(W[6]); W[7].add(S);
-
-// convert the table to affine
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- ECP.multiaffine(8,W);
-
-// if multiplier is odd, add 2, else add 1 to multiplier, and add 2P or P to correction
-
- s=te.parity();
- te.inc(1); te.norm(); ns=te.parity(); mt.copy(te); mt.inc(1); mt.norm();
- te.cmove(mt,s);
- T.cmove(this,ns);
- C.copy(T);
-
- s=tf.parity();
- tf.inc(1); tf.norm(); ns=tf.parity(); mt.copy(tf); mt.inc(1); mt.norm();
- tf.cmove(mt,s);
- S.cmove(Q,ns);
- C.add(S);
-
- mt.copy(te); mt.add(tf); mt.norm();
- nb=1+Math.floor((mt.nbits()+1)/2);
-
-// convert exponent to signed 2-bit window
- for (i=0;i<nb;i++)
- {
- a=(te.lastbits(3)-4);
- te.dec(a); te.norm();
- te.fshr(2);
- b=(tf.lastbits(3)-4);
- tf.dec(b); tf.norm();
- tf.fshr(2);
- w[i]=(4*a+b);
- }
- w[nb]=(4*te.lastbits(3)+tf.lastbits(3));
- S.copy(W[Math.floor((w[nb]-1)/2)]);
-
- for (i=nb-1;i>=0;i--)
- {
- T.select(W,w[i]);
- S.dbl();
- S.dbl();
- S.add(T);
- }
- S.sub(C); /* apply correction */
- S.affine();
- return S;
- }
-
-};
-
-ECP.multiaffine=function(m,P)
-{
- var i;
- var t1=new FP(0);
- var t2=new FP(0);
- var work=[];
-
- for (i=0;i<m;i++)
- work[i]=new FP(0);
-
- work[0].one();
- work[1].copy(P[0].z);
-
- for (i=2;i<m;i++)
- {
- work[i].copy(work[i-1]);
- work[i].mul(P[i-1].z);
- }
-
- t1.copy(work[m-1]);
- t1.mul(P[m-1].z);
- t1.inverse();
- t2.copy(P[m-1].z);
- work[m-1].mul(t1);
-
- for (i=m-2;;i--)
- {
- if (i==0)
- {
- work[0].copy(t1);
- work[0].mul(t2);
- break;
- }
- work[i].mul(t2);
- work[i].mul(t1);
- t2.mul(P[i].z);
- }
-/* now work[] contains inverses of all Z coordinates */
-
- for (i=0;i<m;i++)
- {
- P[i].z.one();
- t1.copy(work[i]);
- t1.sqr();
- P[i].x.mul(t1);
- t1.mul(work[i]);
- P[i].y.mul(t1);
- }
-};
-
-/* return 1 if b==c, no branching */
-ECP.teq=function(b,c)
-{
- var x=b^c;
- x-=1; // if x=0, x now -1
- return ((x>>31)&1);
-};
-
-/* convert from byte array to ECP */
-ECP.fromBytes= function(b)
-{
- var i,t=[];
- var P=new ECP();
- var p=new BIG(0); p.rcopy(ROM.Modulus);
-
- for (i=0;i<ROM.MODBYTES;i++) t[i]=b[i+1];
- var px=BIG.fromBytes(t);
- if (BIG.comp(px,p)>=0) return P;
-
- if (b[0]==0x04)
- {
- for (i=0;i<ROM.MODBYTES;i++) t[i]=b[i+ROM.MODBYTES+1];
- var py=BIG.fromBytes(t);
- if (BIG.comp(py,p)>=0) return P;
- P.setxy(px,py);
- return P;
- }
- else
- {
- P.setx(px);
- return P;
- }
-};
-
-/* Calculate RHS of curve equation */
-ECP.RHS= function(x)
-{
- x.norm();
- var r=new FP(0); r.copy(x);
- r.sqr();
-
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- { // x^3+Ax+B
- var b=new FP(0); b.rcopy(ROM.CURVE_B);
- r.mul(x);
- if (ROM.CURVE_A==-3)
- {
- var cx=new FP(0); cx.copy(x);
- cx.imul(3);
- cx.neg(); cx.norm();
- r.add(cx);
- }
- r.add(b);
- }
- if (ROM.CURVETYPE==ROM.EDWARDS)
- { // (Ax^2-1)/(Bx^2-1)
- var b=new FP(0); b.rcopy(ROM.CURVE_B);
-
- var one=new FP(1);
- b.mul(r);
- b.sub(one);
- if (ROM.CURVE_A==-1) r.neg();
- r.sub(one);
-
- b.inverse();
-
- r.mul(b);
- }
- if (ROM.CURVETYPE==ROM.MONTGOMERY)
- { // x^3+Ax^2+x
- var x3=new FP(0);
- x3.copy(r);
- x3.mul(x);
- r.imul(ROM.CURVE_A);
- r.add(x3);
- r.add(x);
- }
- r.reduce();
- return r;
-};
[45/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/mpin.c
----------------------------------------------------------------------
diff --git a/version22/c/mpin.c b/version22/c/mpin.c
deleted file mode 100644
index 5086ad5..0000000
--- a/version22/c/mpin.c
+++ /dev/null
@@ -1,1212 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* MPIN Functions */
-
-/* Version 3.0 - supports Time Permits */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "mpin.h"
-
-#define ROUNDUP(a,b) ((a)-1)/(b)+1
-
-/* Special mpin hashing */
-static void mpin_hash(int sha,FP4 *f, ECP *P,octet *w)
-{
- int i;
- BIG x,y;
- char h[64];
- hash256 sha256;
- hash512 sha512;
- char t[6*MODBYTES]; // to hold 6 BIGs
- int hlen=sha;
- BIG_copy(x,f->a.a);
- FP_redc(x);
- BIG_toBytes(&t[0],x);
- BIG_copy(x,f->a.b);
- FP_redc(x);
- BIG_toBytes(&t[MODBYTES],x);
- BIG_copy(x,f->b.a);
- FP_redc(x);
- BIG_toBytes(&t[2*MODBYTES],x);
- BIG_copy(x,f->b.b);
- FP_redc(x);
- BIG_toBytes(&t[3*MODBYTES],x);
- ECP_get(x,y,P);
- BIG_toBytes(&t[4*MODBYTES],x);
- BIG_toBytes(&t[5*MODBYTES],y);
-
- OCT_empty(w);
- switch (sha)
- {
- case SHA256:
- HASH256_init(&sha256);
- for (i=0; i<6*MODBYTES; i++) HASH256_process(&sha256,t[i]);
- HASH256_hash(&sha256,h);
- break;
- case SHA384:
- HASH384_init(&sha512);
- for (i=0; i<6*MODBYTES; i++) HASH384_process(&sha512,t[i]);
- HASH384_hash(&sha512,h);
- break;
- case SHA512:
- HASH512_init(&sha512);
- for (i=0; i<6*MODBYTES; i++) HASH512_process(&sha512,t[i]);
- HASH512_hash(&sha512,h);
- break;
- }
-
- OCT_jbytes(w,h,PAS);
- for (i=0; i<hlen; i++) h[i]=0;
-}
-
-/* these next two functions help to implement elligator squared - http://eprint.iacr.org/2014/043 */
-/* maps a random u to a point on the curve */
-static void map(ECP *P,BIG u,int cb)
-{
- BIG x,q;
-
- BIG_rcopy(q,Modulus);
- BIG_copy(x,u);
- BIG_mod(x,q);
-
- while (!ECP_setx(P,x,cb))
- BIG_inc(x,1);
-}
-
-/* returns u derived from P. Random value in range 1 to return value should then be added to u */
-static int unmap(BIG u,int *cb,ECP *P)
-{
- int s,r=0;
- BIG x;
-
- s=ECP_get(x,x,P);
- BIG_copy(u,x);
- do
- {
- BIG_dec(u,1);
- r++;
- }
- while (!ECP_setx(P,u,s));
- ECP_setx(P,x,s);
-
- *cb=s;
-
- return r;
-}
-
-/* map octet string containing hash to point on curve of correct order */
-static void mapit(octet *h,ECP *P)
-{
- BIG q,x,c;
- BIG_fromBytes(x,h->val);
- BIG_rcopy(q,Modulus);
- BIG_mod(x,q);
-
- while (!ECP_setx(P,x,0))
- BIG_inc(x,1);
-
- BIG_rcopy(c,CURVE_Cof);
- ECP_mul(P,c);
-}
-
-/* needed for SOK */
-/* static void mapit2(octet *h,ECP2 *Q) */
-/* { */
-/* BIG q,one,Fx,Fy,x,hv; */
-/* FP2 X; */
-/* ECP2 T,K; */
-/* BIG_fromBytes(hv,h->val); */
-/* BIG_rcopy(q,Modulus); */
-/* BIG_one(one); */
-/* BIG_mod(hv,q); */
-
-/* for (;;) */
-/* { */
-/* FP2_from_BIGs(&X,one,hv); */
-/* if (ECP2_setx(Q,&X)) break; */
-/* BIG_inc(hv,1); */
-/* } */
-
-/* /\* Fast Hashing to G2 - Fuentes-Castaneda, Knapp and Rodriguez-Henriquez *\/ */
-/* BIG_rcopy(Fx,CURVE_Fra); */
-/* BIG_rcopy(Fy,CURVE_Frb); */
-/* FP2_from_BIGs(&X,Fx,Fy); */
-/* BIG_rcopy(x,CURVE_Bnx); */
-
-/* ECP2_copy(&T,Q); */
-/* ECP2_mul(&T,x); */
-/* ECP2_neg(&T); /\* our x is negative *\/ */
-/* ECP2_copy(&K,&T); */
-/* ECP2_dbl(&K); */
-/* ECP2_add(&K,&T); */
-/* ECP2_affine(&K); */
-
-/* ECP2_frob(&K,&X); */
-/* ECP2_frob(Q,&X); ECP2_frob(Q,&X); ECP2_frob(Q,&X); */
-/* ECP2_add(Q,&T); */
-/* ECP2_add(Q,&K); */
-/* ECP2_frob(&T,&X); ECP2_frob(&T,&X); */
-/* ECP2_add(Q,&T); */
-/* ECP2_affine(Q); */
-/* } */
-
-
-
-/* general purpose hash function w=hash(p|n|x|y) */
-static void hashit(int sha,int n,octet *x,octet *w)
-{
- int i,c[4],hlen;
- hash256 sha256;
- hash512 sha512;
- char hh[64];
-
- switch (sha)
- {
- case SHA256:
- HASH256_init(&sha256);
- break;
- case SHA384:
- HASH384_init(&sha512);
- break;
- case SHA512:
- HASH512_init(&sha512);
- break;
- }
-
- hlen=sha;
-
- if (n>0)
- {
- c[0]=(n>>24)&0xff;
- c[1]=(n>>16)&0xff;
- c[2]=(n>>8)&0xff;
- c[3]=(n)&0xff;
- for (i=0; i<4; i++)
- {
- switch(sha)
- {
- case SHA256:
- HASH256_process(&sha256,c[i]);
- break;
- case SHA384:
- HASH384_process(&sha512,c[i]);
- break;
- case SHA512:
- HASH512_process(&sha512,c[i]);
- break;
- }
- }
- }
- if (x!=NULL) for (i=0; i<x->len; i++)
- {
- switch(sha)
- {
- case SHA256:
- HASH256_process(&sha256,x->val[i]);
- break;
- case SHA384:
- HASH384_process(&sha512,x->val[i]);
- break;
- case SHA512:
- HASH512_process(&sha512,x->val[i]);
- break;
- }
- }
-
- for (i=0; i<hlen; i++) hh[i]=0;
- switch (sha)
- {
- case SHA256:
- HASH256_hash(&sha256,hh);
- break;
- case SHA384:
- HASH384_hash(&sha512,hh);
- break;
- case SHA512:
- HASH512_hash(&sha512,hh);
- break;
- }
-
- OCT_empty(w);
-
- if (hlen>=MODBYTES)
- OCT_jbytes(w,hh,MODBYTES);
- else
- {
- OCT_jbytes(w,hh,hlen);
- OCT_jbyte(w,0,MODBYTES-hlen);
- }
-}
-
-unsign32 MPIN_today(void)
-{
- /* return time in slots since epoch */
- unsign32 ti=(unsign32)time(NULL);
- return (uint32_t)(ti/(60*TIME_SLOT_MINUTES));
-}
-
-/* Hash the M-Pin transcript - new */
-
-void MPIN_HASH_ALL(int sha,octet *HID,octet *xID,octet *xCID,octet *SEC,octet *Y,octet *R,octet *W,octet *H)
-{
- char t[10*MODBYTES+4];
- octet T= {0,sizeof(t),t};
-
- OCT_joctet(&T,HID);
- if (xCID!=NULL) OCT_joctet(&T,xCID);
- else OCT_joctet(&T,xID);
- OCT_joctet(&T,SEC);
- OCT_joctet(&T,Y);
- OCT_joctet(&T,R);
- OCT_joctet(&T,W);
-
- hashit(sha,0,&T,H);
-}
-
-void MPIN_HASH_ID(int sha,octet *ID,octet *HID)
-{
- hashit(sha,0,ID,HID);
-}
-
-/* these next two functions implement elligator squared - http://eprint.iacr.org/2014/043 */
-/* Elliptic curve point E in format (0x04,x,y} is converted to form {0x0-,u,v} */
-/* Note that u and v are indistinguisible from random strings */
-int MPIN_ENCODING(csprng *RNG,octet *E)
-{
- int rn,m,su,sv,res=0;
-
- BIG q,u,v;
- ECP P,W;
-
- if (!ECP_fromOctet(&P,E)) res=MPIN_INVALID_POINT;
-
- if (res==0)
- {
- BIG_rcopy(q,Modulus);
-
- BIG_randomnum(u,q,RNG);
-
- su=RAND_byte(RNG);
- if (su<0) su=-su;
- su%=2;
- map(&W,u,su);
- ECP_sub(&P,&W);
-
- rn=unmap(v,&sv,&P);
- m=RAND_byte(RNG);
- if (m<0) m=-m;
- m%=rn;
- BIG_inc(v,m+1);
- E->val[0]=su+2*sv;
- BIG_toBytes(&(E->val[1]),u);
- BIG_toBytes(&(E->val[PFS+1]),v);
- }
-
- return res;
-}
-
-int MPIN_DECODING(octet *D)
-{
- int su,sv;
- BIG u,v;
- ECP P,W;
- int res=0;
-
- if ((D->val[0]&0x04)!=0) res=MPIN_INVALID_POINT;
- if (res==0)
- {
-
- BIG_fromBytes(u,&(D->val[1]));
- BIG_fromBytes(v,&(D->val[PFS+1]));
-
- su=D->val[0]&1;
- sv=(D->val[0]>>1)&1;
-
- map(&W,u,su);
- map(&P,v,sv);
-
- ECP_add(&P,&W);
- ECP_toOctet(D,&P);
- }
- return res;
-}
-
-/* R=R1+R2 in group G1 */
-int MPIN_RECOMBINE_G1(octet *R1,octet *R2,octet *R)
-{
- ECP P,T;
- int res=0;
- if (res==0)
- {
- if (!ECP_fromOctet(&P,R1)) res=MPIN_INVALID_POINT;
- if (!ECP_fromOctet(&T,R2)) res=MPIN_INVALID_POINT;
- }
- if (res==0)
- {
- ECP_add(&P,&T);
- ECP_toOctet(R,&P);
- }
- return res;
-}
-
-/* W=W1+W2 in group G2 */
-int MPIN_RECOMBINE_G2(octet *W1,octet *W2,octet *W)
-{
- ECP2 Q,T;
- int res=0;
- if (!ECP2_fromOctet(&Q,W1)) res=MPIN_INVALID_POINT;
- if (!ECP2_fromOctet(&T,W2)) res=MPIN_INVALID_POINT;
- if (res==0)
- {
- ECP2_add(&Q,&T);
- ECP2_toOctet(W,&Q);
- }
- return res;
-}
-
-/* create random secret S */
-int MPIN_RANDOM_GENERATE(csprng *RNG,octet* S)
-{
- BIG r,s;
-
- BIG_rcopy(r,CURVE_Order);
- BIG_randomnum(s,r,RNG);
-#ifdef AES_S
- BIG_mod2m(s,2*AES_S);
-#endif
- BIG_toBytes(S->val,s);
- S->len=MODBYTES;
- return 0;
-}
-
-/* Extract PIN from TOKEN for identity CID */
-int MPIN_EXTRACT_PIN(int sha,octet *CID,int pin,octet *TOKEN)
-{
- ECP P,R;
- int res=0;
- char h[MODBYTES];
- octet H= {0,sizeof(h),h};
-
- if (!ECP_fromOctet(&P,TOKEN)) res=MPIN_INVALID_POINT;
- if (res==0)
- {
- hashit(sha,-1,CID,&H);
- mapit(&H,&R);
-
- pin%=MAXPIN;
-
- ECP_pinmul(&R,pin,PBLEN);
- ECP_sub(&P,&R);
-
- ECP_toOctet(TOKEN,&P);
- }
- return res;
-}
-
-/* Implement step 2 on client side of MPin protocol - SEC=-(x+y)*SEC */
-int MPIN_CLIENT_2(octet *X,octet *Y,octet *SEC)
-{
- BIG px,py,r;
- ECP P;
- int res=0;
- BIG_rcopy(r,CURVE_Order);
- if (!ECP_fromOctet(&P,SEC)) res=MPIN_INVALID_POINT;
- if (res==0)
- {
- BIG_fromBytes(px,X->val);
- BIG_fromBytes(py,Y->val);
- BIG_add(px,px,py);
- BIG_mod(px,r);
- // BIG_sub(px,r,px);
- PAIR_G1mul(&P,px);
- ECP_neg(&P);
- ECP_toOctet(SEC,&P);
- }
- return res;
-}
-
-/*
- W=x*H(G);
- if RNG == NULL then X is passed in
- if RNG != NULL the X is passed out
- if type=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve
-*/
-
-int MPIN_GET_G1_MULTIPLE(csprng *RNG,int type,octet *X,octet *G,octet *W)
-{
- ECP P;
- BIG r,x;
- int res=0;
- if (RNG!=NULL)
- {
- BIG_rcopy(r,CURVE_Order);
- BIG_randomnum(x,r,RNG);
-#ifdef AES_S
- BIG_mod2m(x,2*AES_S);
-#endif
- X->len=MODBYTES;
- BIG_toBytes(X->val,x);
- }
- else
- BIG_fromBytes(x,X->val);
-
- if (type==0)
- {
- if (!ECP_fromOctet(&P,G)) res=MPIN_INVALID_POINT;
- }
- else mapit(G,&P);
-
- if (res==0)
- {
- PAIR_G1mul(&P,x);
- ECP_toOctet(W,&P);
- }
- return res;
-}
-
-/*
- if RNG == NULL then X is passed in
- if RNG != NULL the X is passed out
- W=x*G where G is point on the curve
- if type==1 W=(x^-1)G
-*/
-
-int MPIN_GET_G2_MULTIPLE(csprng *RNG,int type,octet *X,octet *G,octet *W)
-{
- ECP2 P;
- BIG r,x;
- int res=0;
- BIG_rcopy(r,CURVE_Order);
- if (RNG!=NULL)
- {
- BIG_randomnum(x,r,RNG);
-#ifdef AES_S
- BIG_mod2m(x,2*AES_S);
-#endif
- X->len=MODBYTES;
- BIG_toBytes(X->val,x);
- }
- else
- {
- BIG_fromBytes(x,X->val);
- if (type==1) BIG_invmodp(x,x,r);
- }
-
- if (!ECP2_fromOctet(&P,G)) res=MPIN_INVALID_POINT;
-
- if (res==0)
- {
- PAIR_G2mul(&P,x);
- ECP2_toOctet(W,&P);
- }
- return res;
-}
-
-
-
-/* Client secret CST=s*H(CID) where CID is client ID and s is master secret */
-/* CID is hashed externally */
-int MPIN_GET_CLIENT_SECRET(octet *S,octet *CID,octet *CST)
-{
- return MPIN_GET_G1_MULTIPLE(NULL,1,S,CID,CST);
-}
-
-/* Implement step 1 on client side of MPin protocol */
-int MPIN_CLIENT_1(int sha,int date,octet *CLIENT_ID,csprng *RNG,octet *X,int pin,octet *TOKEN,octet *SEC,octet *xID,octet *xCID,octet *PERMIT)
-{
- BIG r,x;
- ECP P,T,W;
- int res=0;
- char h[MODBYTES];
- octet H= {0,sizeof(h),h};
-
- BIG_rcopy(r,CURVE_Order);
- if (RNG!=NULL)
- {
- BIG_randomnum(x,r,RNG);
-#ifdef AES_S
- BIG_mod2m(x,2*AES_S);
-#endif
- X->len=MODBYTES;
- BIG_toBytes(X->val,x);
- }
- else
- BIG_fromBytes(x,X->val);
-
- hashit(sha,-1,CLIENT_ID,&H);
- mapit(&H,&P);
-
- if (!ECP_fromOctet(&T,TOKEN)) res=MPIN_INVALID_POINT;
-
- if (res==0)
- {
- pin%=MAXPIN;
-
- ECP_copy(&W,&P); // W=H(ID)
- ECP_pinmul(&W,pin,PBLEN); // W=alpha.H(ID)
- ECP_add(&T,&W); // T=Token+alpha.H(ID) = s.H(ID)
-
- if (date)
- {
- if (PERMIT!=NULL)
- {
- if (!ECP_fromOctet(&W,PERMIT)) res=MPIN_INVALID_POINT;
- ECP_add(&T,&W); // SEC=s.H(ID)+s.H(T|ID)
- }
- hashit(sha,date,&H,&H);
- mapit(&H,&W);
- if (xID!=NULL)
- {
- PAIR_G1mul(&P,x); // P=x.H(ID)
- ECP_toOctet(xID,&P); // xID
- PAIR_G1mul(&W,x); // W=x.H(T|ID)
- ECP_add(&P,&W);
- }
- else
- {
- ECP_add(&P,&W);
- PAIR_G1mul(&P,x);
- }
- if (xCID!=NULL) ECP_toOctet(xCID,&P); // U
- }
- else
- {
- if (xID!=NULL)
- {
- PAIR_G1mul(&P,x); // P=x.H(ID)
- ECP_toOctet(xID,&P); // xID
- }
- }
- }
-
- if (res==0)
- ECP_toOctet(SEC,&T); // V
-
- return res;
-}
-
-/* Extract Server Secret SST=S*Q where Q is fixed generator in G2 and S is master secret */
-int MPIN_GET_SERVER_SECRET(octet *S,octet *SST)
-{
- BIG r,s;
- FP2 qx,qy;
- ECP2 Q;
- int res=0;
-
- BIG_rcopy(r,CURVE_Order);
- BIG_rcopy(qx.a,CURVE_Pxa);
- FP_nres(qx.a);
- BIG_rcopy(qx.b,CURVE_Pxb);
- FP_nres(qx.b);
- BIG_rcopy(qy.a,CURVE_Pya);
- FP_nres(qy.a);
- BIG_rcopy(qy.b,CURVE_Pyb);
- FP_nres(qy.b);
- ECP2_set(&Q,&qx,&qy);
-
- if (res==0)
- {
- BIG_fromBytes(s,S->val);
- PAIR_G2mul(&Q,s);
- ECP2_toOctet(SST,&Q);
- }
-
- return res;
-}
-
-
-/* Time Permit CTT=s*H(date|H(CID)) where s is master secret */
-int MPIN_GET_CLIENT_PERMIT(int sha,int date,octet *S,octet *CID,octet *CTT)
-{
- BIG s;
- ECP P;
- char h[MODBYTES];
- octet H= {0,sizeof(h),h};
-
- hashit(sha,date,CID,&H);
-
- mapit(&H,&P);
- BIG_fromBytes(s,S->val);
- PAIR_G1mul(&P,s);
-
- ECP_toOctet(CTT,&P);
- return 0;
-}
-
-// if date=0 only use HID, set HCID=NULL
-// if date and PE, use HID and HCID
-
-/* Outputs H(CID) and H(CID)+H(T|H(CID)) for time permits. If no time permits set HTID=NULL */
-void MPIN_SERVER_1(int sha,int date,octet *CID,octet *HID,octet *HTID)
-{
- char h[MODBYTES];
- octet H= {0,sizeof(h),h};
- ECP P,R;
-
-#ifdef USE_ANONYMOUS
- mapit(CID,&P);
-#else
- hashit(sha,-1,CID,&H);
- mapit(&H,&P);
-#endif
-
- ECP_toOctet(HID,&P); // new
-
- if (date)
- {
- // if (HID!=NULL) ECP_toOctet(HID,&P);
-#ifdef USE_ANONYMOUS
- hashit(sha,date,CID,&H);
-#else
- hashit(sha,date,&H,&H);
-#endif
- mapit(&H,&R);
- ECP_add(&P,&R);
- ECP_toOctet(HTID,&P);
- }
- //else ECP_toOctet(HID,&P);
-
-}
-
-/* Implement M-Pin on server side */
-int MPIN_SERVER_2(int date,octet *HID,octet *HTID,octet *Y,octet *SST,octet *xID,octet *xCID,octet *mSEC,octet *E,octet *F)
-{
- BIG px,py,y;
- FP2 qx,qy;
- FP12 g;
- ECP2 Q,sQ;
- ECP P,R;
- int res=0;
-
- BIG_rcopy(qx.a,CURVE_Pxa);
- FP_nres(qx.a);
- BIG_rcopy(qx.b,CURVE_Pxb);
- FP_nres(qx.b);
- BIG_rcopy(qy.a,CURVE_Pya);
- FP_nres(qy.a);
- BIG_rcopy(qy.b,CURVE_Pyb);
- FP_nres(qy.b);
-
- if (!ECP2_set(&Q,&qx,&qy)) res=MPIN_INVALID_POINT;
-
- if (res==0)
- {
- if (!ECP2_fromOctet(&sQ,SST)) res=MPIN_INVALID_POINT;
- }
-
- if (res==0)
- {
- if (date)
- {
- BIG_fromBytes(px,&(xCID->val[1]));
- BIG_fromBytes(py,&(xCID->val[PFS+1]));
- }
- else
- {
- BIG_fromBytes(px,&(xID->val[1]));
- BIG_fromBytes(py,&(xID->val[PFS+1]));
- }
- if (!ECP_set(&R,px,py)) res=MPIN_INVALID_POINT; // x(A+AT)
- }
- if (res==0)
- {
- BIG_fromBytes(y,Y->val);
- if (date)
- {
- if (!ECP_fromOctet(&P,HTID)) res=MPIN_INVALID_POINT;
- }
- else
- {
- if (!ECP_fromOctet(&P,HID)) res=MPIN_INVALID_POINT;
- }
- }
- if (res==0)
- {
- PAIR_G1mul(&P,y); // y(A+AT)
- ECP_add(&P,&R); // x(A+AT)+y(A+T)
- if (!ECP_fromOctet(&R,mSEC)) res=MPIN_INVALID_POINT; // V
- }
- if (res==0)
- {
- PAIR_double_ate(&g,&Q,&R,&sQ,&P);
- PAIR_fexp(&g);
-
- if (!FP12_isunity(&g))
- {
- if (HID!=NULL && xID!=NULL && E!=NULL && F !=NULL)
- {
- /* xID is set to NULL if there is no way to calculate PIN error */
- FP12_toOctet(E,&g);
-
- /* Note error is in the PIN, not in the time permit! Hence the need to exclude Time Permit from this check */
-
- if (date)
- {
- if (!ECP_fromOctet(&P,HID)) res=MPIN_INVALID_POINT;
- if (!ECP_fromOctet(&R,xID)) res=MPIN_INVALID_POINT; // U
-
- if (res==0)
- {
- PAIR_G1mul(&P,y); // yA
- ECP_add(&P,&R); // yA+xA
- }
- }
- if (res==0)
- {
- PAIR_ate(&g,&Q,&P);
- PAIR_fexp(&g);
- FP12_toOctet(F,&g);
- }
- }
- res=MPIN_BAD_PIN;
- }
- }
-
- return res;
-}
-
-#if MAXPIN==10000
-#define MR_TS 10 /* 2^10/10 approx = sqrt(MAXPIN) */
-#define TRAP 200 /* 2*sqrt(MAXPIN) */
-#endif
-
-#if MAXPIN==1000000
-#define MR_TS 14
-#define TRAP 2000
-#endif
-
-/* Pollards kangaroos used to return PIN error */
-int MPIN_KANGAROO(octet *E,octet *F)
-{
- int i,j,m,s,dn,dm,steps;
- int distance[MR_TS];
- FP12 ge,gf,t,table[MR_TS];
- int res=0;
- // BIG w;
-
- FP12_fromOctet(&ge,E);
- FP12_fromOctet(&gf,F);
-
- FP12_copy(&t,&gf);
-
- for (s=1,m=0; m<MR_TS; m++)
- {
- distance[m]=s;
- FP12_copy(&table[m],&t);
- s*=2;
- FP12_usqr(&t,&t);
- FP12_reduce(&t);
- }
-
- FP12_one(&t);
-
- for (dn=0,j=0; j<TRAP; j++)
- {
-
- //BIG_copy(w,t.a.a.a);
- //FP_redc(w);
- //i=BIG_lastbits(w,20)%MR_TS;
-
- i=t.a.a.a[0]%MR_TS;
-
- FP12_mul(&t,&table[i]);
- FP12_reduce(&t);
- dn+=distance[i];
- }
-
- FP12_conj(&gf,&t);
- steps=0;
- dm=0;
- while (dm-dn<MAXPIN)
- {
- steps++;
- if (steps>4*TRAP) break;
-
- //BIG_copy(w,ge.a.a.a);
- //FP_redc(w);
- //i=BIG_lastbits(w,20)%MR_TS;
-
- i=ge.a.a.a[0]%MR_TS;
-
- FP12_mul(&ge,&table[i]);
- FP12_reduce(&ge);
- dm+=distance[i];
- if (FP12_equals(&ge,&t))
- {
- res=dm-dn;
- break;
- }
- if (FP12_equals(&ge,&gf))
- {
- res=dn-dm;
- break;
- }
- }
- if (steps>4*TRAP || dm-dn>=MAXPIN)
- {
- res=0; /* Trap Failed - probable invalid token */
- }
-
- return res;
-}
-
-/* Functions to support M-Pin Full */
-
-int MPIN_PRECOMPUTE(octet *TOKEN,octet *CID,octet *CP,octet *G1,octet *G2)
-{
- ECP P,T;
- ECP2 Q;
- FP2 qx,qy;
- FP12 g;
- int res=0;
-
- if (!ECP_fromOctet(&T,TOKEN)) res=MPIN_INVALID_POINT;
-
- if (res==0)
- {
- mapit(CID,&P);
- if (CP!=NULL)
- {
- if (!ECP2_fromOctet(&Q,CP)) res=MPIN_INVALID_POINT;
- }
- else
- {
- BIG_rcopy(qx.a,CURVE_Pxa);
- FP_nres(qx.a);
- BIG_rcopy(qx.b,CURVE_Pxb);
- FP_nres(qx.b);
- BIG_rcopy(qy.a,CURVE_Pya);
- FP_nres(qy.a);
- BIG_rcopy(qy.b,CURVE_Pyb);
- FP_nres(qy.b);
- if (!ECP2_set(&Q,&qx,&qy)) res=MPIN_INVALID_POINT;
- }
- }
- if (res==0)
- {
- PAIR_ate(&g,&Q,&T);
- PAIR_fexp(&g);
-
- FP12_toOctet(G1,&g);
- if (G2!=NULL)
- {
- PAIR_ate(&g,&Q,&P);
- PAIR_fexp(&g);
- FP12_toOctet(G2,&g);
- }
- }
- return res;
-}
-
-/* calculate common key on client side */
-/* wCID = w.(A+AT) */
-int MPIN_CLIENT_KEY(int sha,octet *G1,octet *G2,int pin,octet *R,octet *X,octet *H,octet *wCID,octet *CK)
-{
- FP12 g1,g2;
- FP4 c,cp,cpm1,cpm2;
- FP2 f;
- ECP W;
- int res=0;
- BIG r,z,x,q,m,a,b,h;
-
- FP12_fromOctet(&g1,G1);
- FP12_fromOctet(&g2,G2);
- BIG_fromBytes(z,R->val);
- BIG_fromBytes(x,X->val);
- BIG_fromBytes(h,H->val);
-
- if (!ECP_fromOctet(&W,wCID)) res=MPIN_INVALID_POINT;
-
- if (res==0)
- {
- BIG_rcopy(r,CURVE_Order);
- BIG_add(z,z,h); // new
- BIG_mod(z,r);
-
- PAIR_G1mul(&W,x);
-
- BIG_rcopy(a,CURVE_Fra);
- BIG_rcopy(b,CURVE_Frb);
- FP2_from_BIGs(&f,a,b);
-
- BIG_rcopy(q,Modulus);
- BIG_copy(m,q);
- BIG_mod(m,r);
-
- BIG_copy(a,z);
- BIG_mod(a,m);
-
- BIG_copy(b,z);
- BIG_sdiv(b,m);
-
- FP12_pinpow(&g2,pin,PBLEN);
- FP12_mul(&g1,&g2);
-
- FP12_trace(&c,&g1);
-
- FP12_copy(&g2,&g1);
- FP12_frob(&g2,&f);
- FP12_trace(&cp,&g2);
-
- FP12_conj(&g1,&g1);
- FP12_mul(&g2,&g1);
- FP12_trace(&cpm1,&g2);
- FP12_mul(&g2,&g1);
- FP12_trace(&cpm2,&g2);
-
- FP4_xtr_pow2(&c,&cp,&c,&cpm1,&cpm2,a,b);
- mpin_hash(sha,&c,&W,CK);
-
- }
- return res;
-}
-
-/* calculate common key on server side */
-/* Z=r.A - no time permits involved */
-
-int MPIN_SERVER_KEY(int sha,octet *Z,octet *SST,octet *W,octet *H,octet *HID,octet *xID,octet *xCID,octet *SK)
-{
- int res=0;
- FP12 g;
- FP4 c;
- ECP R,U,A;
- ECP2 sQ;
- BIG w,h;
-
- if (!ECP2_fromOctet(&sQ,SST)) res=MPIN_INVALID_POINT;
- if (!ECP_fromOctet(&R,Z)) res=MPIN_INVALID_POINT;
-
-
- if (!ECP_fromOctet(&A,HID)) res=MPIN_INVALID_POINT;
-
- // new
- if (xCID!=NULL)
- {
- if (!ECP_fromOctet(&U,xCID)) res=MPIN_INVALID_POINT;
- }
- else
- {
- if (!ECP_fromOctet(&U,xID)) res=MPIN_INVALID_POINT;
- }
- BIG_fromBytes(w,W->val);
- BIG_fromBytes(h,H->val);
-
-
- PAIR_ate(&g,&sQ,&A);
- PAIR_fexp(&g);
-
- if (res==0)
- {
- PAIR_G1mul(&A,h);
- ECP_add(&R,&A); // new
- PAIR_ate(&g,&sQ,&R);
- PAIR_fexp(&g);
- PAIR_G1mul(&U,w);
- FP12_trace(&c,&g);
- mpin_hash(sha,&c,&U,SK);
- }
- return res;
-}
-
-unsign32 MPIN_GET_TIME(void)
-{
- return (unsign32)time(NULL);
-}
-
-/* Generate Y = H(TimeValue, xCID/xID) */
-void MPIN_GET_Y(int sha,int TimeValue,octet *xCID,octet *Y)
-{
- BIG q,y;
- char h[MODBYTES];
- octet H= {0,sizeof(h),h};
-
- hashit(sha,TimeValue,xCID,&H);
- BIG_fromBytes(y,H.val);
- BIG_rcopy(q,CURVE_Order);
- BIG_mod(y,q);
- BIG_toBytes(Y->val,y);
- Y->len=PGS;
-}
-
-/* One pass MPIN Client */
-int MPIN_CLIENT(int sha,int date,octet *ID,csprng *RNG,octet *X,int pin,octet *TOKEN,octet *V,octet *U,octet *UT,octet *TP,octet *MESSAGE,int TimeValue,octet *Y)
-{
- int rtn=0;
- char m[M_SIZE];
- octet M= {0,sizeof(m),m};
-
- octet *pID;
- if (date == 0)
- pID = U;
- else
- pID = UT;
-
- rtn = MPIN_CLIENT_1(sha,date,ID,RNG,X,pin,TOKEN,V,U,UT,TP);
- if (rtn != 0)
- return rtn;
-
- OCT_joctet(&M,pID);
- if (MESSAGE!=NULL)
- {
- OCT_joctet(&M,MESSAGE);
- }
-
- MPIN_GET_Y(sha,TimeValue,&M,Y);
-
- rtn = MPIN_CLIENT_2(X,Y,V);
- if (rtn != 0)
- return rtn;
-
- return 0;
-}
-
-/* One pass MPIN Server */
-int MPIN_SERVER(int sha,int date,octet *HID,octet *HTID,octet *Y,octet *sQ,octet *U,octet *UT,octet *V,octet *E,octet *F,octet *ID,octet *MESSAGE,int TimeValue)
-{
- int rtn=0;
- char m[M_SIZE];
- octet M= {0,sizeof(m),m};
-
- octet *pU;
- if (date == 0)
- pU = U;
- else
- pU = UT;
-
- MPIN_SERVER_1(sha,date,ID,HID,HTID);
-
- OCT_joctet(&M,pU);
- if (MESSAGE!=NULL)
- {
- OCT_joctet(&M,MESSAGE);
- }
-
- MPIN_GET_Y(sha,TimeValue,&M,Y);
-
- rtn = MPIN_SERVER_2(date,HID,HTID,Y,sQ,U,UT,V,E,F);
- if (rtn != 0)
- return rtn;
-
- return 0;
-}
-
-/* AES-GCM Encryption of octets, K is key, H is header,
- P is plaintext, C is ciphertext, T is authentication tag */
-void MPIN_AES_GCM_ENCRYPT(octet *K,octet *IV,octet *H,octet *P,octet *C,octet *T)
-{
- gcm g;
- GCM_init(&g,K->len,K->val,IV->len,IV->val);
- GCM_add_header(&g,H->val,H->len);
- GCM_add_plain(&g,C->val,P->val,P->len);
- C->len=P->len;
- GCM_finish(&g,T->val);
- T->len=16;
-}
-
-/* AES-GCM Decryption of octets, K is key, H is header,
- P is plaintext, C is ciphertext, T is authentication tag */
-void MPIN_AES_GCM_DECRYPT(octet *K,octet *IV,octet *H,octet *C,octet *P,octet *T)
-{
- gcm g;
- GCM_init(&g,K->len,K->val,IV->len,IV->val);
- GCM_add_header(&g,H->val,H->len);
- GCM_add_cipher(&g,P->val,C->val,C->len);
- P->len=C->len;
- GCM_finish(&g,T->val);
- T->len=16;
-}
-
-/* Return the Field size */
-int MPIN_FS()
-{
- return PFS;
-}
-
-/* Return the Group size */
-int MPIN_GS()
-{
- return PGS;
-}
-
-/*
-int MPIN_TEST_PAIRING(octet *CID,octet *R)
-{
- BIG b,px;
- FP2 qx,qy;
- FP12 g;
- ECP2 Q;
- ECP P;
- int res=0;
-
- hashit(-1,CID,&P);
- BIG_rcopy(qx.a,CURVE_Pxa); FP_nres(qx.a);
- BIG_rcopy(qx.b,CURVE_Pxb); FP_nres(qx.b);
- BIG_rcopy(qy.a,CURVE_Pya); FP_nres(qy.a);
- BIG_rcopy(qy.b,CURVE_Pyb); FP_nres(qy.b);
-
- if (!ECP2_set(&Q,&qx,&qy)) res=MPIN_INVALID_POINT;
-
- if (res==0)
- {
- PAIR_ate(&g,&Q,&P);
- PAIR_fexp(&g);
- FP12_trace(&(g.a),&g);
-
- BIG_copy(b,g.a.a.a); FP_redc(b); printf("trace pairing= "); BIG_output(b); printf("\n");
- BIG_copy(b,g.a.a.b); FP_redc(b); printf("trace pairing= "); BIG_output(b); printf("\n");
- BIG_copy(b,g.a.b.a); FP_redc(b); printf("trace pairing= "); BIG_output(b); printf("\n");
- BIG_copy(b,g.a.b.b); FP_redc(b); printf("trace pairing= "); BIG_output(b); printf("\n");
-
- }
-
- return res;
-}
-*/
-
-/*
-int main()
-{
- ECP2 X;
- FP2 x,y,rhs;
- BIG r;
- char hcid[HASH_BYTES],client_id[100];
- octet HCID={0,sizeof(hcid),hcid};
- octet CLIENT_ID={0,sizeof(client_id),client_id};
-
- OCT_jstring(&CLIENT_ID,"testUser@certivox.com");
- MPIN_HASH_ID(&CLIENT_ID,&HCID);
-
- printf("Client ID= "); OCT_output_string(&CLIENT_ID); printf("\n");
-
- mapit2(&HCID,&X);
-
- ECP2_output(&X);
-
- BIG_rcopy(r,CURVE_Order);
-
- ECP2_mul(&X,r);
-
- ECP2_output(&X);
-
-}
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/mpin.h
----------------------------------------------------------------------
diff --git a/version22/c/mpin.h b/version22/c/mpin.h
deleted file mode 100644
index 9627eb8..0000000
--- a/version22/c/mpin.h
+++ /dev/null
@@ -1,408 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/**
- * @file mpin.h
- * @author Mike Scott and Kealan McCusker
- * @date 2nd June 2015
- * @brief M-Pin Header file
- *
- * Allows some user configuration
- * defines structures
- * declares functions
- *
- */
-
-#ifndef MPIN_H
-#define MPIN_H
-
-#include "amcl.h"
-
-/* Field size is assumed to be greater than or equal to group size */
-
-#define PGS MODBYTES /**< MPIN Group Size */
-#define PFS MODBYTES /**< MPIN Field Size */
-#define PAS 16 /**< MPIN Symmetric Key Size */
-
-#define MPIN_OK 0 /**< Function completed without error */
-#define MPIN_INVALID_POINT -14 /**< Point is NOT on the curve */
-#define MPIN_BAD_PIN -19 /**< Bad PIN number entered */
-
-
-/* Configure your PIN here */
-
-#ifdef CMAKE
-#define MAXPIN @AMCL_MAXPIN@ /**< max PIN */
-#define PBLEN @AMCL_PBLEN@ /**< max length of PIN in bits */
-#else
-#define MAXPIN 10000 /**< max PIN */
-#define PBLEN 14 /**< max length of PIN in bits */
-#endif
-
-#define TIME_SLOT_MINUTES 1440 /**< Time Slot = 1 day */
-#define HASH_TYPE_MPIN SHA256 /**< Choose Hash function */
-
-#define MESSAGE_SIZE 256 /**< Signature message size */
-#define M_SIZE (MESSAGE_SIZE+2*PFS+1) /**< Signature message size and G1 size */
-
-/* MPIN support functions */
-
-/* MPIN primitives */
-
-/** @brief Hash an M-Pin Identity to an octet string
- *
- @param h is the hash type
- @param ID an octet containing the identity
- @param HID an octet containing the hashed identity
- */
-void MPIN_HASH_ID(int h,octet *ID,octet *HID);
-/** @brief Get epoch time as unsigned integer
- *
- @return current epoch time in seconds
- */
-unsign32 MPIN_GET_TIME(void);
-/** @brief Generate Y=H(s,O), where s is epoch time, O is an octet, and H(.) is a hash function
- *
- @param h is the hash type
- @param t is epoch time in seconds
- @param O is an input octet
- @param Y is the output octet
- */
-void MPIN_GET_Y(int h,int t,octet *O,octet *Y);
-/** @brief Extract a PIN number from a client secret
- *
- @param h is the hash type
- @param ID is the input client identity
- @param pin is an input PIN number
- @param CS is the client secret from which the PIN is to be extracted
- @return 0 or an error code
- */
-int MPIN_EXTRACT_PIN(int h,octet *ID,int pin,octet *CS);
-/** @brief Perform client side of the one-pass version of the M-Pin protocol
- *
- If Time Permits are disabled, set d = 0, and UT is not generated and can be set to NULL.
- If Time Permits are enabled, and PIN error detection is OFF, U is not generated and can be set to NULL.
- If Time Permits are enabled, and PIN error detection is ON, U and UT are both generated.
- @param h is the hash type
- @param d is input date, in days since the epoch. Set to 0 if Time permits disabled
- @param ID is the input client identity
- @param R is a pointer to a cryptographically secure random number generator
- @param x an output internally randomly generated if R!=NULL, otherwise must be provided as an input
- @param pin is the input PIN number
- @param T is the input M-Pin token (the client secret with PIN portion removed)
- @param V is output = -(x+y)(CS+TP), where CS is the reconstructed client secret, and TP is the time permit
- @param U is output = x.H(ID)
- @param UT is output = x.(H(ID)+H(d|H(ID)))
- @param TP is the input time permit
- @param MESSAGE is the message to be signed
- @param t is input epoch time in seconds - a timestamp
- @param y is output H(t|U) or H(t|UT) if Time Permits enabled
- @return 0 or an error code
- */
-int MPIN_CLIENT(int h,int d,octet *ID,csprng *R,octet *x,int pin,octet *T,octet *V,octet *U,octet *UT,octet *TP, octet* MESSAGE, int t, octet *y);
-/** @brief Perform first pass of the client side of the 3-pass version of the M-Pin protocol
- *
- If Time Permits are disabled, set d = 0, and UT is not generated and can be set to NULL.
- If Time Permits are enabled, and PIN error detection is OFF, U is not generated and can be set to NULL.
- If Time Permits are enabled, and PIN error detection is ON, U and UT are both generated.
- @param h is the hash type
- @param d is input date, in days since the epoch. Set to 0 if Time permits disabled
- @param ID is the input client identity
- @param R is a pointer to a cryptographically secure random number generator
- @param x an output internally randomly generated if R!=NULL, otherwise must be provided as an input
- @param pin is the input PIN number
- @param T is the input M-Pin token (the client secret with PIN portion removed)
- @param S is output = CS+TP, where CS=is the reconstructed client secret, and TP is the time permit
- @param U is output = x.H(ID)
- @param UT is output = x.(H(ID)+H(d|H(ID)))
- @param TP is the input time permit
- @return 0 or an error code
- */
-int MPIN_CLIENT_1(int h,int d,octet *ID,csprng *R,octet *x,int pin,octet *T,octet *S,octet *U,octet *UT,octet *TP);
-/** @brief Generate a random group element
- *
- @param R is a pointer to a cryptographically secure random number generator
- @param S is the output random octet
- @return 0 or an error code
- */
-int MPIN_RANDOM_GENERATE(csprng *R,octet *S);
-/** @brief Perform second pass of the client side of the 3-pass version of the M-Pin protocol
- *
- @param x an input, a locally generated random number
- @param y an input random challenge from the server
- @param V on output = -(x+y).V
- @return 0 or an error code
- */
-int MPIN_CLIENT_2(octet *x,octet *y,octet *V);
-/** @brief Perform server side of the one-pass version of the M-Pin protocol
- *
- If Time Permits are disabled, set d = 0, and UT and HTID are not generated and can be set to NULL.
- If Time Permits are enabled, and PIN error detection is OFF, U and HID are not needed and can be set to NULL.
- If Time Permits are enabled, and PIN error detection is ON, U, UT, HID and HTID are all required.
- @param h is the hash type
- @param d is input date, in days since the epoch. Set to 0 if Time permits disabled
- @param HID is output H(ID), a hash of the client ID
- @param HTID is output H(ID)+H(d|H(ID))
- @param y is output H(t|U) or H(t|UT) if Time Permits enabled
- @param SS is the input server secret
- @param U is input from the client = x.H(ID)
- @param UT is input from the client= x.(H(ID)+H(d|H(ID)))
- @param V is an input from the client
- @param E is an output to help the Kangaroos to find the PIN error, or NULL if not required
- @param F is an output to help the Kangaroos to find the PIN error, or NULL if not required
- @param ID is the input claimed client identity
- @param MESSAGE is the message to be signed
- @param t is input epoch time in seconds - a timestamp
- @return 0 or an error code
- */
-int MPIN_SERVER(int h,int d,octet *HID,octet *HTID,octet *y,octet *SS,octet *U,octet *UT,octet *V,octet *E,octet *F,octet *ID,octet *MESSAGE, int t);
-/** @brief Perform first pass of the server side of the 3-pass version of the M-Pin protocol
- *
- @param h is the hash type
- @param d is input date, in days since the epoch. Set to 0 if Time permits disabled
- @param ID is the input claimed client identity
- @param HID is output H(ID), a hash of the client ID
- @param HTID is output H(ID)+H(d|H(ID))
- @return 0 or an error code
- */
-void MPIN_SERVER_1(int h,int d,octet *ID,octet *HID,octet *HTID);
-/** @brief Perform third pass on the server side of the 3-pass version of the M-Pin protocol
- *
- If Time Permits are disabled, set d = 0, and UT and HTID are not needed and can be set to NULL.
- If Time Permits are enabled, and PIN error detection is OFF, U and HID are not needed and can be set to NULL.
- If Time Permits are enabled, and PIN error detection is ON, U, UT, HID and HTID are all required.
- @param d is input date, in days since the epoch. Set to 0 if Time permits disabled
- @param HID is input H(ID), a hash of the client ID
- @param HTID is input H(ID)+H(d|H(ID))
- @param y is the input server's randomly generated challenge
- @param SS is the input server secret
- @param U is input from the client = x.H(ID)
- @param UT is input from the client= x.(H(ID)+H(d|H(ID)))
- @param V is an input from the client
- @param E is an output to help the Kangaroos to find the PIN error, or NULL if not required
- @param F is an output to help the Kangaroos to find the PIN error, or NULL if not required
- @return 0 or an error code
- */
-int MPIN_SERVER_2(int d,octet *HID,octet *HTID,octet *y,octet *SS,octet *U,octet *UT,octet *V,octet *E,octet *F);
-/** @brief Add two members from the group G1
- *
- @param Q1 an input member of G1
- @param Q2 an input member of G1
- @param Q an output member of G1 = Q1+Q2
- @return 0 or an error code
- */
-int MPIN_RECOMBINE_G1(octet *Q1,octet *Q2,octet *Q);
-/** @brief Add two members from the group G2
- *
- @param P1 an input member of G2
- @param P2 an input member of G2
- @param P an output member of G2 = P1+P2
- @return 0 or an error code
- */
-int MPIN_RECOMBINE_G2(octet *P1,octet *P2,octet *P);
-/** @brief Use Kangaroos to find PIN error
- *
- @param E a member of the group GT
- @param F a member of the group GT = E^e
- @return 0 if Kangaroos failed, or the PIN error e
- */
-int MPIN_KANGAROO(octet *E,octet *F);
-/** @brief Encoding of a Time Permit to make it indistinguishable from a random string
- *
- @param R is a pointer to a cryptographically secure random number generator
- @param TP is the input time permit, obfuscated on output
- @return 0 or an error code
- */
-int MPIN_ENCODING(csprng *R,octet *TP);
-/** @brief Encoding of an obfuscated Time Permit
- *
- @param TP is the input obfuscated time permit, restored on output
- @return 0 or an error code
- */
-int MPIN_DECODING(octet *TP);
-/** @brief Supply today's date as days from the epoch
- *
- @return today's date, as number of days elapsed since the epoch
- */
-unsign32 MPIN_today(void);
-
-/** @brief Find a random multiple of a point in G1
- *
- @param R is a pointer to a cryptographically secure random number generator
- @param type determines type of action to be taken
- @param x an output internally randomly generated if R!=NULL, otherwise must be provided as an input
- @param G if type=0 a point in G1, else an octet to be mapped to G1
- @param W the output =x.G or x.M(G), where M(.) is a mapping
- @return 0 or an error code
- */
-int MPIN_GET_G1_MULTIPLE(csprng *R,int type,octet *x,octet *G,octet *W);
-/** @brief Find a random multiple of a point in G1
- *
- @param R is a pointer to a cryptographically secure random number generator
- @param type determines type of action to betaken
- @param x an output internally randomly generated if R!=NULL, otherwise must be provided as an input
- @param G a point in G2
- @param W the output =x.G or (1/x).G
- @return 0 or an error code
- */
-int MPIN_GET_G2_MULTIPLE(csprng *R,int type,octet *x,octet *G,octet *W);
-/** @brief Hash the session transcript
- @param h is the hash type
- @param I is the hashed input client ID = H(ID)
- @param U is the client output = x.H(ID)
- @param CU is the client output = x.(H(ID)+H(T|H(ID)))
- @param Y is the server challenge
- @param V is the client part response
- @param R is the client part response
- @param W is the server part response
- @param H the output is the hash of all of the above that apply
-*/
-void MPIN_HASH_ALL(int h,octet *I,octet *U,octet *CU,octet *Y,octet *V,octet *R,octet *W,octet *H);
-/** @brief Create a client secret in G1 from a master secret and the client ID
- *
- @param S is an input master secret
- @param ID is the input client identity
- @param CS is the full client secret = s.H(ID)
- @return 0 or an error code
- */
-int MPIN_GET_CLIENT_SECRET(octet *S,octet *ID,octet *CS);
-/** @brief Create a Time Permit in G1 from a master secret and the client ID
- *
- @param h is the hash type
- @param d is input date, in days since the epoch.
- @param S is an input master secret
- @param ID is the input client identity
- @param TP is a Time Permit for the given date = s.H(d|H(ID))
- @return 0 or an error code
- */
-int MPIN_GET_CLIENT_PERMIT(int h,int d,octet *S,octet *ID,octet *TP);
-/** @brief Create a server secret in G2 from a master secret
- *
- @param S is an input master secret
- @param SS is the server secret = s.Q where Q is a fixed generator of G2
- @return 0 or an error code
- */
-int MPIN_GET_SERVER_SECRET(octet *S,octet *SS);
-/* int MPIN_TEST_PAIRING(octet *,octet *); */
-
-/* For M-Pin Full */
-/** @brief Precompute values for use by the client side of M-Pin Full
- *
- @param T is the input M-Pin token (the client secret with PIN portion removed)
- @param ID is the input client identity
- @param CP is Public Key (or NULL)
- @param g1 precomputed output
- @param g2 precomputed output
- @return 0 or an error code
- */
-int MPIN_PRECOMPUTE(octet *T,octet *ID,octet *CP,octet *g1,octet *g2);
-/** @brief Calculate Key on Server side for M-Pin Full
- *
- Uses UT internally for the key calculation, unless not available in which case U is used
- @param h is the hash type
- @param Z is the input Client-side Diffie-Hellman component
- @param SS is the input server secret
- @param w is an input random number generated by the server
- @param p is an input, hash of the protocol transcript
- @param I is the hashed input client ID = H(ID)
- @param U is input from the client = x.H(ID)
- @param UT is input from the client= x.(H(ID)+H(d|H(ID)))
- @param K is the output calculated shared key
- @return 0 or an error code
- */
-int MPIN_SERVER_KEY(int h,octet *Z,octet *SS,octet *w,octet *p,octet *I,octet *U,octet *UT,octet *K);
-/** @brief Calculate Key on Client side for M-Pin Full
- *
- @param h is the hash type
- @param g1 precomputed input
- @param g2 precomputed input
- @param pin is the input PIN number
- @param r is an input, a locally generated random number
- @param x is an input, a locally generated random number
- @param p is an input, hash of the protocol transcript
- @param T is the input Server-side Diffie-Hellman component
- @param K is the output calculated shared key
- @return 0 or an error code
- */
-int MPIN_CLIENT_KEY(int h,octet *g1,octet *g2,int pin,octet *r,octet *x,octet *p,octet *T,octet *K);
-
-/** @brief AES-GCM Encryption
- *
- @param K AES key
- @param IV Initialization vector
- @param H Header
- @param P Plaintext
- @param C Ciphertext
- @param T Checksum
- */
-void MPIN_AES_GCM_ENCRYPT(octet *K,octet *IV,octet *H,octet *P,octet *C,octet *T);
-
-/** @brief AES-GCM Decryption
- *
- @param K AES key
- @param IV Initialization vector
- @param H Header
- @param P Plaintext
- @param C Ciphertext
- @param T Checksum
- */
-void MPIN_AES_GCM_DECRYPT(octet *K,octet *IV,octet *H,octet *C,octet *P,octet *T);
-
-/**
- * @brief Return the field size
- *
- * Return the field size.
- *
- * @return Field size
- */
-int MPIN_FS();
-
-/**
- * @brief Return the group size
- *
- * Return the group size.
- *
- * @return Group size
- */
-int MPIN_GS();
-
-/** @brief HMAC of message M using key K to create tag of length len in octet tag
- *
- IEEE-1363 MAC1 function. Uses SHA256 internally.
- @param M input message octet
- @param K input encryption key
- @param len is output desired length of HMAC tag
- @param tag is the output HMAC
- @return 0 for bad parameters, else 1
- */
-//int HMAC(octet *M,octet *K,int len,octet *tag);
-
-/** @brief Password Based Key Derivation Function - generates key K from password, salt and repeat counter
- *
- PBKDF2 Password Based Key Derivation Function. Uses SHA256 internally.
- @param P input password
- @param S input salt
- @param rep Number of times to be iterated.
- @param len is output desired length of key
- @param K is the derived key
- */
-//void PBKDF2(octet *P,octet *S,int rep,int len,octet *K);
-
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/oct.c
----------------------------------------------------------------------
diff --git a/version22/c/oct.c b/version22/c/oct.c
deleted file mode 100644
index 8d5bdb2..0000000
--- a/version22/c/oct.c
+++ /dev/null
@@ -1,428 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/*** Basic Octet string maintainance routines ***/
-/* SU=m, m is Stack Usage */
-
-#include <string.h>
-#include "amcl.h"
-
-/* Output an octet string (Debug Only) */
-
-/* SU= 16 */
-/* output octet */
-void OCT_output(octet *w)
-{
- int i;
- unsigned char ch;
- for (i=0; i<w->len; i++)
- {
- ch=w->val[i];
- printf("%02x",ch);
- }
- printf("\n");
-}
-
-/* SU= 16 */
-void OCT_output_string(octet *w)
-{
- int i;
- unsigned char ch;
- for (i=0; i<w->len; i++)
- {
- ch=w->val[i];
- printf("%c",ch);
- }
- /* printf("\n"); */
-}
-
-/* Convert C string to octet format - truncates if no room */
-void OCT_jstring(octet *y,char *s)
-{
- int i,j;
- i=y->len;
- j=0;
- while (s[j]!=0 && i<y->max)
- {
- y->val[i]=s[j];
- y->len++;
- i++;
- j++;
- }
-}
-
-/* compare 2 octet strings.
- * If x==y return TRUE, else return FALSE */
-/* SU= 8 */
-int OCT_comp(octet *x,octet *y)
-{
- int i;
- if (x->len>y->len) return 0;
- if (x->len<y->len) return 0;
- for (i=0; i<x->len; i++)
- {
- if (x->val[i]!=y->val[i]) return 0;
- }
- return 1;
-}
-
-/* check are first n bytes the same */
-
-int OCT_ncomp(octet *x,octet *y,int n)
-{
- int i;
- if (n>y->len || n>x->len) return 0;
- for (i=0; i<n; i++)
- {
- if (x->val[i]!=y->val[i]) return 0;
- }
- return 1;
-}
-
-/* Shift octet to the left by n bytes. Leftmost bytes disappear */
-void OCT_shl(octet *x,int n)
-{
- int i;
- if (n>=x->len)
- {
- x->len=0;
- return;
- }
- x->len-=n;
- for (i=0; i<x->len; i++)
- x->val[i]=x->val[i+n];
-}
-
-/* Append binary string to octet - truncates if no room */
-/* SU= 12 */
-void OCT_jbytes(octet *y,char *b,int len)
-{
- int i,j;
- i=y->len;
- for (j=0; j<len && i<y->max; j++)
- {
- y->val[i]=b[j];
- y->len++;
- i++;
- }
-}
-
-/* Concatenates two octet strings */
-/* SU= 8 */
-void OCT_joctet(octet *y,octet *x)
-{
- /* y=y || x */
- int i,j;
- if (x==NULL) return;
-
- for (i=0; i<x->len; i++)
- {
- j=y->len+i;
- if (j>=y->max)
- {
- y->len=y->max;
- return;
- }
- y->val[j]=x->val[i];
- }
- y->len+=x->len;
-}
-
-/* Append byte to octet rep times */
-/* SU= 8 */
-void OCT_jbyte(octet *y,int ch,int rep)
-{
- int i,j;
- i=y->len;
- for (j=0; j<rep && i<y->max; j++)
- {
- y->val[i]=ch;
- y->len++;
- i++;
- }
-}
-
-/* XOR common bytes of x with y */
-/* SU= 8 */
-void OCT_xor(octet *y,octet *x)
-{
- /* xor first x->len bytes of y */
-
- int i;
- for (i=0; i<x->len && i<y->len; i++)
- {
- y->val[i]^=x->val[i];
- }
-}
-
-/* clear an octet */
-void OCT_empty(octet *w)
-{
- w->len=0;
-}
-
-/* Kill an octet string - Zeroise it for security */
-void OCT_clear(octet *w)
-{
- int i;
- for (i=0; i<w->max; i++) w->val[i]=0;
- w->len=0;
-}
-
-/* appends int x of length len bytes to OCTET string */
-/* SU= 8 */
-void OCT_jint(octet *y,int x,int len)
-{
- int i,n;
- n=y->len+len;
- if (n>y->max || len<=0) return;
- for (i=y->len; i<n; i++) y->val[i]=0;
- y->len=n;
-
- i=y->len;
- while (x>0 && i>0)
- {
- i--;
- y->val[i]=x%256;
- x/=256;
- }
-}
-
-/* Pad an octet to a given length */
-/* SU= 8 */
-int OCT_pad(octet *w,int n)
-{
- int i,d;
- if (w->len>n || n>w->max) return 0;
- if (n==w->len) return 1;
- d=n-w->len;
- for (i=n-1; i>=d; i--)
- w->val[i]=w->val[i-d];
- for (i=d-1; i>=0; i--)
- w->val[i]=0;
- w->len=n;
- return 1;
-}
-
-
-/* Convert an octet string to base64 string */
-/* SU= 56 */
-void OCT_tobase64(char *b,octet *w)
-{
- int i,j,k,rem,last;
- int c,ch[4];
- unsigned char ptr[3];
- rem=w->len%3;
- j=k=0;
- last=4;
- while (j<w->len)
- {
- for (i=0; i<3; i++)
- {
- if (j<w->len) ptr[i]=w->val[j++];
- else
- {
- ptr[i]=0;
- last--;
- }
- }
- ch[0]=(ptr[0]>>2)&0x3f;
- ch[1]=((ptr[0]<<4)|(ptr[1]>>4))&0x3f;
- ch[2]=((ptr[1]<<2)|(ptr[2]>>6))&0x3f;
- ch[3]=ptr[2]&0x3f;
- for (i=0; i<last; i++)
- {
- c=ch[i];
- if (c<26) c+=65;
- if (c>=26 && c<52) c+=71;
- if (c>=52 && c<62) c-=4;
- if (c==62) c='+';
- if (c==63) c='/';
- b[k++]=c;
- }
- }
- if (rem>0) for (i=rem; i<3; i++) b[k++]='=';
- b[k]='\0'; /* dangerous! */
-}
-
-/* SU= 56 */
-void OCT_frombase64(octet *w,char *b)
-{
- int i,j,k,pads,len=(int)strlen(b);
- int c,ch[4],ptr[3];
- /* int lead=1; */
- j=k=0;
- while (j<len && k<w->max)
- {
- pads=0;
- for (i=0; i<4; i++)
- {
- c=80+b[j++];
- if (c<=112) continue; /* ignore white space */
- if (c>144 && c<171) c-=145;
- if (c>176 && c<203) c-=151;
- if (c>127 && c<138) c-=76;
- if (c==123) c=62;
- if (c==127) c=63;
- if (c==141)
- {
- pads++; /* ignore pads '=' */
- continue;
- }
- ch[i]=c;
- }
- ptr[0]=(ch[0]<<2)|(ch[1]>>4);
- ptr[1]=(ch[1]<<4)|(ch[2]>>2);
- ptr[2]=(ch[2]<<6)|ch[3];
- for (i=0; i<3-pads && k<w->max; i++)
- {
- /* don't put in leading zeros */
- /* if (lead && ptr[i]==0) continue; */
- w->val[k++]=ptr[i];
- /* lead=0; */
- }
-
- }
- w->len=k;
-}
-
-/* copy an octet string - truncates if no room */
-/* SU= 16 */
-void OCT_copy(octet *y,octet *x)
-{
- int i;
- OCT_clear(y);
- y->len=x->len;
- if (y->len>y->max) y->len=y->max;
-
- for (i=0; i<y->len; i++)
- y->val[i]=x->val[i];
-}
-
-/* XOR m with all of x */
-void OCT_xorbyte(octet *x,int m)
-{
- int i;
- for (i=0; i<x->len; i++) x->val[i]^=m;
-}
-
-/* truncates x to n bytes and places the rest in y (if y is not NULL) */
-/* SU= 8 */
-void OCT_chop(octet *x,octet *y,int n)
-{
- int i;
- if (n>=x->len)
- {
- if (y!=NULL) y->len=0;
- return;
- }
- if (y!=NULL) y->len=x->len-n;
- x->len=n;
-
- if (y!=NULL)
- {
- for (i=0; i<y->len && i<y->max; i++) y->val[i]=x->val[i+n];
- }
-}
-
-/* set x to len random bytes */
-void OCT_rand(octet *x,csprng *RNG,int len)
-{
- int i;
- if (len>x->max) len=x->max;
- x->len=len;
-
- for (i=0; i<len; i++) x->val[i]=RAND_byte(RNG);
-}
-
-/* Convert an octet to a hex string */
-void OCT_toHex(octet *src,char *dst)
-{
- int i;
- unsigned char ch;
- for (i=0; i<src->len; i++)
- {
- ch=src->val[i];
- sprintf(&dst[i*2],"%02x", ch);
- }
-}
-
-static int char2int(char input)
-{
- if(input >= '0' && input <= '9')
- return input - '0';
- if(input >= 'A' && input <= 'F')
- return input - 'A' + 10;
- if(input >= 'a' && input <= 'f')
- return input - 'a' + 10;
- return 0;
-}
-
-/* Convert from a hex string */
-void OCT_fromHex(octet *dst,char *src)
-{
- int i=0;
- int j=0;
- OCT_clear(dst);
-
- while(src[j]!=0)
- {
- dst->val[i++] = char2int(src[j])*16 + char2int(src[j+1]);
- j += 2;
- }
- dst->len=i;
-}
-
-
-/* Convert an octet to a string */
-void OCT_toStr(octet *src,char *dst)
-{
- int i;
- unsigned char ch;
- for (i=0; i<src->len; i++)
- {
- ch=src->val[i];
- sprintf(&dst[i],"%c", ch);
- }
-}
-
-/* Test program
-#include <stdio.h>
-#include "amcl.h"
-
-char test[]="abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
-
-int main()
-{
- char gm[100],gn[100],t[100];
- octet m={0,sizeof(gm),gm};
- octet n={0,sizeof(gn),gn};
-
- OCT_jbytes(&m,test,strlen(test));
- OCT_output(&m);
-
- OCT_tobase64(t,&m);
- printf(t); printf("\n");
-
- OCT_frombase64(&n,t);
- OCT_output(&n);
-
- return 0;
-}
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/pair.c
----------------------------------------------------------------------
diff --git a/version22/c/pair.c b/version22/c/pair.c
deleted file mode 100644
index 5b4e987..0000000
--- a/version22/c/pair.c
+++ /dev/null
@@ -1,828 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL BN Curve pairing functions */
-
-//#define HAS_MAIN
-
-#include "amcl.h"
-
-/* Line function */
-static void PAIR_line(FP12 *v,ECP2 *A,ECP2 *B,BIG Qx,BIG Qy)
-{
- ECP2 P;
- FP2 Z3,X,Y,ZZ,T,NY;
- FP4 a,b,c;
- int D;
- ECP2_copy(&P,A);
- if (A==B)
- D=ECP2_dbl(A); // check these return numbers...
- else
- D=ECP2_add(A,B);
- if (D<0)
- {
- /* Infinity */
- FP12_one(v);
- return;
- }
-
- FP2_copy(&Z3,&(A->z));
- FP4_zero(&c);
- FP2_sqr(&ZZ,&(P.z)); /* ZZ=Z^2 */
- if (D==0)
- {
- /* addition */
- ECP2_get(&X,&Y,B);
- FP2_mul(&T,&(P.z),&Y); /* T=Z*Y2 */
-
- FP2_mul(&ZZ,&ZZ,&T);
-
- FP2_neg(&NY,&(P.y));
- FP2_add(&ZZ,&ZZ,&NY); /* ZZ=Z^3*Y2-Y (slope numerator) */
- FP2_pmul(&Z3,&Z3,Qy); /* Z3*Qy */
- FP2_mul(&T,&T,&(P.x));
- FP2_mul(&X,&X,&NY);
- FP2_add(&T,&T,&X); /* Z*Y2*X-X2*Y */
- FP4_from_FP2s(&a,&Z3,&T); /* a=[Z3*Qy,Z*Y2*X-X2*Y] */
- FP2_neg(&ZZ,&ZZ);
- FP2_pmul(&ZZ,&ZZ,Qx);
- FP4_from_FP2(&b,&ZZ); /* b=-slope*Qx */
- }
- else
- {
- /* doubling */
- FP2_sqr(&T,&(P.x));
- FP2_imul(&T,&T,3); /* T=3X^2 (slope numerator) */
- FP2_sqr(&Y,&(P.y));
-
- FP2_add(&Y,&Y,&Y); /* Y=2Y^2 */
- FP2_mul(&Z3,&Z3,&ZZ); /* Z3=Z3*ZZ */
- FP2_pmul(&Z3,&Z3,Qy); /* Z3=Z3*ZZ*Qy */
-
- FP2_mul(&X,&(P.x),&T);
- FP2_sub(&X,&X,&Y); /* X=X*slope-2Y^2 */
- FP4_from_FP2s(&a,&Z3,&X); /* a=[Z3*ZZ*Qy , X*slope-2Y^2] */
- FP2_neg(&T,&T);
- FP2_mul(&ZZ,&ZZ,&T);
- FP2_pmul(&ZZ,&ZZ,Qx);
- FP4_from_FP2(&b,&ZZ); /* b=-slope*ZZ*Qx */
- }
-
- FP12_from_FP4s(v,&a,&b,&c);
-}
-
-/* Optimal R-ate pairing r=e(P,Q) */
-void PAIR_ate(FP12 *r,ECP2 *P,ECP *Q)
-{
- FP2 X;
- BIG x,n,Qx,Qy;
- int i,nb;
- ECP2 A;
- FP12 lv;
-#if CHOICE<BLS_CURVES
- ECP2 KA;
-#endif
-
- BIG_rcopy(Qx,CURVE_Fra);
- BIG_rcopy(Qy,CURVE_Frb);
- FP2_from_BIGs(&X,Qx,Qy);
-
- BIG_rcopy(x,CURVE_Bnx);
-
-#if CHOICE<BLS_CURVES
- BIG_pmul(n,x,6);
- BIG_dec(n,2);
-#else
- BIG_copy(n,x);
-#endif
-
- BIG_norm(n);
-
- ECP2_affine(P);
- ECP_affine(Q);
-
- BIG_copy(Qx,Q->x);
- BIG_copy(Qy,Q->y);
-
- ECP2_copy(&A,P);
- FP12_one(r);
- nb=BIG_nbits(n);
-
- /* Main Miller Loop */
- for (i=nb-2; i>=1; i--)
- {
- PAIR_line(&lv,&A,&A,Qx,Qy);
- FP12_smul(r,&lv);
- if (BIG_bit(n,i))
- {
-
- PAIR_line(&lv,&A,P,Qx,Qy);
- FP12_smul(r,&lv);
- }
- FP12_sqr(r,r);
- }
-
- PAIR_line(&lv,&A,&A,Qx,Qy);
- FP12_smul(r,&lv);
-
- if (BIG_parity(n))
- {
- PAIR_line(&lv,&A,P,Qx,Qy);
- FP12_smul(r,&lv);
- }
-
- /* R-ate fixup required for BN curves */
-#if CHOICE<BLS_CURVES
- ECP2_copy(&KA,P);
- ECP2_frob(&KA,&X);
-
- ECP2_neg(&A);
- FP12_conj(r,r);
-
- PAIR_line(&lv,&A,&KA,Qx,Qy);
- FP12_smul(r,&lv);
- ECP2_frob(&KA,&X);
- ECP2_neg(&KA);
- PAIR_line(&lv,&A,&KA,Qx,Qy);
- FP12_smul(r,&lv);
-#endif
-}
-
-/* Optimal R-ate double pairing e(P,Q).e(R,S) */
-void PAIR_double_ate(FP12 *r,ECP2 *P,ECP *Q,ECP2 *R,ECP *S)
-{
- FP2 X;
- BIG x,n,Qx,Qy,Sx,Sy;
- int i,nb;
- ECP2 A,B;
- FP12 lv;
-#if CHOICE<BLS_CURVES
- ECP2 K;
-#endif
- BIG_rcopy(Qx,CURVE_Fra);
- BIG_rcopy(Qy,CURVE_Frb);
- FP2_from_BIGs(&X,Qx,Qy);
-
- BIG_rcopy(x,CURVE_Bnx);
-
-#if CHOICE<BLS_CURVES
- BIG_pmul(n,x,6);
- BIG_dec(n,2);
-#else
- BIG_copy(n,x);
-#endif
-
- BIG_norm(n);
-
- ECP2_affine(P);
- ECP_affine(Q);
-
- ECP2_affine(R);
- ECP_affine(S);
-
- BIG_copy(Qx,Q->x);
- BIG_copy(Qy,Q->y);
-
- BIG_copy(Sx,S->x);
- BIG_copy(Sy,S->y);
-
- ECP2_copy(&A,P);
- ECP2_copy(&B,R);
- FP12_one(r);
- nb=BIG_nbits(n);
-
- /* Main Miller Loop */
- for (i=nb-2; i>=1; i--)
- {
- PAIR_line(&lv,&A,&A,Qx,Qy);
- FP12_smul(r,&lv);
- PAIR_line(&lv,&B,&B,Sx,Sy);
- FP12_smul(r,&lv);
-
- if (BIG_bit(n,i))
- {
- PAIR_line(&lv,&A,P,Qx,Qy);
- FP12_smul(r,&lv);
-
- PAIR_line(&lv,&B,R,Sx,Sy);
- FP12_smul(r,&lv);
- }
- FP12_sqr(r,r);
- }
-
- PAIR_line(&lv,&A,&A,Qx,Qy);
- FP12_smul(r,&lv);
-
- PAIR_line(&lv,&B,&B,Sx,Sy);
- FP12_smul(r,&lv);
-
- if (BIG_parity(n))
- {
- PAIR_line(&lv,&A,P,Qx,Qy);
- FP12_smul(r,&lv);
-
- PAIR_line(&lv,&B,R,Sx,Sy);
- FP12_smul(r,&lv);
- }
-
- /* R-ate fixup required for BN curves */
-#if CHOICE<BLS_CURVES
- FP12_conj(r,r);
-
- ECP2_copy(&K,P);
- ECP2_frob(&K,&X);
- ECP2_neg(&A);
- PAIR_line(&lv,&A,&K,Qx,Qy);
- FP12_smul(r,&lv);
- ECP2_frob(&K,&X);
- ECP2_neg(&K);
- PAIR_line(&lv,&A,&K,Qx,Qy);
- FP12_smul(r,&lv);
-
- ECP2_copy(&K,R);
- ECP2_frob(&K,&X);
- ECP2_neg(&B);
- PAIR_line(&lv,&B,&K,Sx,Sy);
- FP12_smul(r,&lv);
- ECP2_frob(&K,&X);
- ECP2_neg(&K);
- PAIR_line(&lv,&B,&K,Sx,Sy);
- FP12_smul(r,&lv);
-#endif
-}
-
-/* final exponentiation - keep separate for multi-pairings and to avoid thrashing stack */
-void PAIR_fexp(FP12 *r)
-{
- FP2 X;
- BIG x,a,b;
- FP12 t0,y0,y1,y2,y3;
-
- BIG_rcopy(x,CURVE_Bnx);
- BIG_rcopy(a,CURVE_Fra);
- BIG_rcopy(b,CURVE_Frb);
- FP2_from_BIGs(&X,a,b);
-
- /* Easy part of final exp */
-
- FP12_inv(&t0,r);
- FP12_conj(r,r);
-
- FP12_mul(r,&t0);
- FP12_copy(&t0,r);
-
- FP12_frob(r,&X);
- FP12_frob(r,&X);
- FP12_mul(r,&t0);
-
- /* Hard part of final exp - see Duquesne & Ghamman eprint 2015/192.pdf */
-#if CHOICE<BLS_CURVES
- FP12_pow(&t0,r,x); // t0=f^-u
- FP12_usqr(&y3,&t0); // y3=t0^2
- FP12_copy(&y0,&t0);
- FP12_mul(&y0,&y3); // y0=t0*y3
- FP12_copy(&y2,&y3);
- FP12_frob(&y2,&X); // y2=y3^p
- FP12_mul(&y2,&y3); //y2=y2*y3
- FP12_usqr(&y2,&y2); //y2=y2^2
- FP12_mul(&y2,&y3); // y2=y2*y3
-
- FP12_pow(&t0,&y0,x); //t0=y0^-u
- FP12_conj(&y0,r); //y0=~r
- FP12_copy(&y1,&t0);
- FP12_frob(&y1,&X);
- FP12_frob(&y1,&X); //y1=t0^p^2
- FP12_mul(&y1,&y0); // y1=y0*y1
- FP12_conj(&t0,&t0); // t0=~t0
- FP12_copy(&y3,&t0);
- FP12_frob(&y3,&X); //y3=t0^p
- FP12_mul(&y3,&t0); // y3=t0*y3
- FP12_usqr(&t0,&t0); // t0=t0^2
- FP12_mul(&y1,&t0); // y1=t0*y1
-
- FP12_pow(&t0,&y3,x); // t0=y3^-u
- FP12_usqr(&t0,&t0); //t0=t0^2
- FP12_conj(&t0,&t0); //t0=~t0
- FP12_mul(&y3,&t0); // y3=t0*y3
-
- FP12_frob(r,&X);
- FP12_copy(&y0,r);
- FP12_frob(r,&X);
- FP12_mul(&y0,r);
- FP12_frob(r,&X);
- FP12_mul(&y0,r);
-
- FP12_usqr(r,&y3); //r=y3^2
- FP12_mul(r,&y2); //r=y2*r
- FP12_copy(&y3,r);
- FP12_mul(&y3,&y0); // y3=r*y0
- FP12_mul(r,&y1); // r=r*y1
- FP12_usqr(r,r); // r=r^2
- FP12_mul(r,&y3); // r=r*y3
- FP12_reduce(r);
-#else
-// Ghamman & Fouotsa Method
-
- FP12_usqr(&y0,r);
- FP12_pow(&y1,&y0,x);
- BIG_fshr(x,1);
- FP12_pow(&y2,&y1,x);
- BIG_fshl(x,1); // x must be even
- FP12_conj(&y3,r);
- FP12_mul(&y1,&y3);
-
- FP12_conj(&y1,&y1);
- FP12_mul(&y1,&y2);
-
- FP12_pow(&y2,&y1,x);
-
- FP12_pow(&y3,&y2,x);
- FP12_conj(&y1,&y1);
- FP12_mul(&y3,&y1);
-
- FP12_conj(&y1,&y1);
- FP12_frob(&y1,&X);
- FP12_frob(&y1,&X);
- FP12_frob(&y1,&X);
- FP12_frob(&y2,&X);
- FP12_frob(&y2,&X);
- FP12_mul(&y1,&y2);
-
- FP12_pow(&y2,&y3,x);
- FP12_mul(&y2,&y0);
- FP12_mul(&y2,r);
-
- FP12_mul(&y1,&y2);
- FP12_copy(&y2,&y3);
- FP12_frob(&y2,&X);
- FP12_mul(&y1,&y2);
- FP12_copy(r,&y1);
- FP12_reduce(r);
-
-// Aranha et al method as described by Ghamman & Fouotsa
- /*
- FP12_usqr(&y0,r); // t0=f^2
- FP12_conj(&y3,&y0); // t0=f^-2
- FP12_pow(&t0,r,x); // t5=f^u
- FP12_usqr(&y1,&t0); // t1=t5^2
- FP12_mul(&y3,&t0); // t3=t0*t5
-
- FP12_pow(&y0,&y3,x);
-
- FP12_pow(&y2,&y0,x);
-
- FP12_pow(&y4,&y2,x);
-
- FP12_mul(&y4,&y1);
- FP12_pow(&y1,&y4,x);
- FP12_conj(&y3,&y3);
- FP12_mul(&y1,&y3);
- FP12_mul(&y1,r);
-
- FP12_conj(&y3,r);
- FP12_mul(&y0,r);
- FP12_frob(&y0,&X); FP12_frob(&y0,&X); FP12_frob(&y0,&X);
-
- FP12_mul(&y4,&y3);
- FP12_frob(&y4,&X);
-
- FP12_mul(&t0,&y2);
- FP12_frob(&t0,&X); FP12_frob(&t0,&X);
-
- FP12_mul(&t0,&y0);
- FP12_mul(&t0,&y4);
- FP12_mul(&t0,&y1);
- FP12_copy(r,&t0);
- FP12_reduce(r);*/
-
-//-----------------------------------
- /*
- FP12_copy(&y0,r); // y0=r;
- FP12_copy(&y1,r); // y1=r;
- FP12_copy(&t0,r); FP12_frob(&t0,&X); // t0=Frobenius(r,X,1);
- FP12_conj(&y3,&t0); FP12_mul(&y1,&y3); // y1*=inverse(t0);
- FP12_frob(&t0,&X); FP12_frob(&t0,&X); // t0=Frobenius(t0,X,2);
- FP12_mul(&y1,&t0); // y1*=t0;
-
- FP12_pow(r,r,x); // r=pow(r,x);
- FP12_conj(&y3,r); FP12_mul(&y1,&y3); // y1*=inverse(r);
- FP12_copy(&t0,r); FP12_frob(&t0,&X); // t0=Frobenius(r,X,1);
- FP12_mul(&y0,&t0); // y0*=t0;
- FP12_frob(&t0,&X); // t0=Frobenius(t0,X,1);
- FP12_mul(&y1,&t0); // y1*=t0;
- FP12_frob(&t0,&X); // t0=Frobenius(t0,X,1);
- FP12_conj(&y3,&t0); FP12_mul(&y0,&y3); // y0*=inverse(t0);
-
- FP12_pow(r,r,x); // r=pow(r,x);
- FP12_mul(&y0,r); // y0*=r;
- FP12_copy(&t0,r); FP12_frob(&t0,&X); FP12_frob(&t0,&X); // t0=Frobenius(r,X,2);
- FP12_conj(&y3,&t0); FP12_mul(&y0,&y3); // y0*=inverse(t0);
- FP12_frob(&t0,&X); // t0=Frobenius(t0,X,1);
- FP12_mul(&y1,&t0); // y1*=t0;
-
- FP12_pow(r,r,x); // r=pow(r,x); // r^x3
- FP12_copy(&t0,r); FP12_frob(&t0,&X); // t0=Frobenius(r,X,1);
- FP12_conj(&y3,&t0); FP12_mul(&y0,&y3); // y0*=inverse(t0);
- FP12_frob(&t0,&X); // t0=Frobenius(t0,X,1);
- FP12_mul(&y1,&t0); // y1*=t0;
-
- FP12_pow(r,r,x); // r=pow(r,x); // r^x4
- FP12_conj(&y3,r); FP12_mul(&y0,&y3); // y0*=inverse(r);
- FP12_copy(&t0,r); FP12_frob(&t0,&X); // t0=Frobenius(r,X,1);
- FP12_mul(&y1,&t0); //y1*=t0;
-
- FP12_pow(r,r,x); // r=pow(r,x); // r^x5
- FP12_mul(&y1,r); // y1*=r;
-
- FP12_usqr(&y0,&y0); // r=y0*y0*y1;
- FP12_mul(&y0,&y1);
- FP12_copy(r,&y0);
- FP12_reduce(r); */
-#endif
-}
-
-#ifdef USE_GLV
-/* GLV method */
-static void glv(BIG u[2],BIG e)
-{
-#if CHOICE<BLS_CURVES
- int i,j;
- BIG v[2],t,q;
- DBIG d;
- BIG_rcopy(q,CURVE_Order);
- for (i=0; i<2; i++)
- {
- BIG_rcopy(t,CURVE_W[i]);
-//BIG_norm(t); BIG_norm(e);
- BIG_mul(d,t,e);
- BIG_ddiv(v[i],d,q);
- BIG_zero(u[i]);
- }
- BIG_copy(u[0],e);
- for (i=0; i<2; i++)
- for (j=0; j<2; j++)
- {
- BIG_rcopy(t,CURVE_SB[j][i]);
- BIG_modmul(t,v[j],t,q);
- BIG_add(u[i],u[i],q);
- BIG_sub(u[i],u[i],t);
- BIG_mod(u[i],q);
- }
-
-#else
-// -(x^2).P = (Beta.x,y)
-
- BIG x,x2,q;
- BIG_rcopy(x,CURVE_Bnx);
- BIG_smul(x2,x,x);
- BIG_copy(u[0],e);
- BIG_mod(u[0],x2);
- BIG_copy(u[1],e);
- BIG_sdiv(u[1],x2);
-
- BIG_rcopy(q,CURVE_Order);
- BIG_sub(u[1],q,u[1]);
-
-#endif
-
- return;
-}
-#endif // USE_GLV
-
-/* Galbraith & Scott Method */
-static void gs(BIG u[4],BIG e)
-{
- int i;
-#if CHOICE<BLS_CURVES
- int j;
- BIG v[4],t,q;
- DBIG d;
- BIG_rcopy(q,CURVE_Order);
- for (i=0; i<4; i++)
- {
- BIG_rcopy(t,CURVE_WB[i]);
-//BIG_norm(t); BIG_norm(e);
- BIG_mul(d,t,e);
- BIG_ddiv(v[i],d,q);
- BIG_zero(u[i]);
- }
-
- BIG_copy(u[0],e);
- for (i=0; i<4; i++)
- for (j=0; j<4; j++)
- {
- BIG_rcopy(t,CURVE_BB[j][i]);
- BIG_modmul(t,v[j],t,q);
- BIG_add(u[i],u[i],q);
- BIG_sub(u[i],u[i],t);
- BIG_mod(u[i],q);
- }
-
-#else
-
- BIG x,w;
- BIG_rcopy(x,CURVE_Bnx);
- BIG_copy(w,e);
-
- for (i=0; i<4; i++)
- {
- BIG_copy(u[i],w);
- BIG_mod(u[i],x);
- BIG_sdiv(w,x);
- }
-
-#endif
- return;
-}
-
-/* Multiply P by e in group G1 */
-void PAIR_G1mul(ECP *P,BIG e)
-{
-#ifdef USE_GLV /* Note this method is patented */
- int np,nn;
- ECP Q;
- BIG cru,t,q;
- BIG u[2];
-
- BIG_rcopy(q,CURVE_Order);
- glv(u,e);
-
- ECP_affine(P);
- ECP_copy(&Q,P);
- BIG_rcopy(cru,CURVE_Cru);
- FP_nres(cru);
- FP_mul(Q.x,Q.x,cru);
-
- /* note that -a.B = a.(-B). Use a or -a depending on which is smaller */
-
- np=BIG_nbits(u[0]);
- BIG_modneg(t,u[0],q);
- nn=BIG_nbits(t);
- if (nn<np)
- {
- BIG_copy(u[0],t);
- ECP_neg(P);
- }
-
- np=BIG_nbits(u[1]);
- BIG_modneg(t,u[1],q);
- nn=BIG_nbits(t);
- if (nn<np)
- {
- BIG_copy(u[1],t);
- ECP_neg(&Q);
- }
-
- ECP_mul2(P,&Q,u[0],u[1]);
-
-#else
- ECP_mul(P,e);
-#endif
-}
-
-/* Multiply P by e in group G2 */
-void PAIR_G2mul(ECP2 *P,BIG e)
-{
-#ifdef USE_GS_G2 /* Well I didn't patent it :) */
- int i,np,nn;
- ECP2 Q[4];
- FP2 X;
- BIG x,y;
- BIG u[4];
-
- BIG_rcopy(x,CURVE_Fra);
- BIG_rcopy(y,CURVE_Frb);
- FP2_from_BIGs(&X,x,y);
-
- BIG_rcopy(y,CURVE_Order);
- gs(u,e);
-
-
- ECP2_affine(P);
-
- ECP2_copy(&Q[0],P);
- for (i=1; i<4; i++)
- {
- ECP2_copy(&Q[i],&Q[i-1]);
- ECP2_frob(&Q[i],&X);
- }
-
- for (i=0; i<4; i++)
- {
- np=BIG_nbits(u[i]);
- BIG_modneg(x,u[i],y);
- nn=BIG_nbits(x);
- if (nn<np)
- {
- BIG_copy(u[i],x);
- ECP2_neg(&Q[i]);
- }
- }
-
- ECP2_mul4(P,Q,u);
-
-#else
- ECP2_mul(P,e);
-#endif
-}
-
-/* f=f^e */
-void PAIR_GTpow(FP12 *f,BIG e)
-{
-#ifdef USE_GS_GT /* Note that this option requires a lot of RAM! Maybe better to use compressed XTR method, see fp4.c */
- int i,np,nn;
- FP12 g[4];
- FP2 X;
- BIG t,q,x,y;
- BIG u[4];
-
- BIG_rcopy(x,CURVE_Fra);
- BIG_rcopy(y,CURVE_Frb);
- FP2_from_BIGs(&X,x,y);
-
- BIG_rcopy(q,CURVE_Order);
- gs(u,e);
-
- FP12_copy(&g[0],f);
- for (i=1; i<4; i++)
- {
- FP12_copy(&g[i],&g[i-1]);
- FP12_frob(&g[i],&X);
- }
-
- for (i=0; i<4; i++)
- {
- np=BIG_nbits(u[i]);
- BIG_modneg(t,u[i],q);
- nn=BIG_nbits(t);
- if (nn<np)
- {
- BIG_copy(u[i],t);
- FP12_conj(&g[i],&g[i]);
- }
- }
- FP12_pow4(f,g,u);
-
-#else
- FP12_pow(f,f,e);
-#endif
-}
-
-/* test group membership test - no longer needed */
-/* with GT-Strong curve, now only check that m!=1, conj(m)*m==1, and m.m^{p^4}=m^{p^2} */
-
-/*
-int PAIR_GTmember(FP12 *m)
-{
- BIG a,b;
- FP2 X;
- FP12 r,w;
- if (FP12_isunity(m)) return 0;
- FP12_conj(&r,m);
- FP12_mul(&r,m);
- if (!FP12_isunity(&r)) return 0;
-
- BIG_rcopy(a,CURVE_Fra);
- BIG_rcopy(b,CURVE_Frb);
- FP2_from_BIGs(&X,a,b);
-
-
- FP12_copy(&r,m); FP12_frob(&r,&X); FP12_frob(&r,&X);
- FP12_copy(&w,&r); FP12_frob(&w,&X); FP12_frob(&w,&X);
- FP12_mul(&w,m);
-
-
-#ifndef GT_STRONG
- if (!FP12_equals(&w,&r)) return 0;
-
- BIG_rcopy(a,CURVE_Bnx);
-
- FP12_copy(&r,m); FP12_pow(&w,&r,a); FP12_pow(&w,&w,a);
- FP12_sqr(&r,&w); FP12_mul(&r,&w); FP12_sqr(&r,&r);
-
- FP12_copy(&w,m); FP12_frob(&w,&X);
- #endif
-
- return FP12_equals(&w,&r);
-}
-
-*/
-
-
-#ifdef HAS_MAIN
-/*
-#if CHOICE==BN254_T
-
-const BIG TEST_Gx={0x18AFF11A,0xF2EF406,0xAF68220,0x171F2E27,0x6BA0959,0x124C50E0,0x450BE27,0x7003EA8,0x8A914};
-const BIG TEST_Gy={0x6E010F4,0xA71D07E,0x7ECADA8,0x8260E8E,0x1F79C328,0x17A09412,0xBFAE690,0x1C57CBD1,0x17DF54};
-
-const BIG TEST_Pxa={0x1047D566,0xD83CD71,0x10322E9D,0x991FA93,0xA282C48,0x18AEBEC8,0xCB05850,0x13B4F669,0x21794A};
-const BIG TEST_Pxb={0x1E305936,0x16885BF1,0x327060,0xE26F794,0x1547D870,0x1963E5B2,0x1BEBB96C,0x988A33C,0x1A9B47};
-const BIG TEST_Pya={0x20FF876,0x4427E67,0x18732211,0xE88E45E,0x174D1A7E,0x17D877ED,0x343AB37,0x97EB453,0xB00D5};
-const BIG TEST_Pyb={0x1D746B7B,0x732F4C2,0x122A49B0,0x16267985,0x235DF56,0x10B1E4D,0x14D8F210,0x17A05C3E,0x5ECF8};
-
-#endif
-
-#if CHOICE==BN254_T2
-
-const BIG TEST_Gx={0x15488765,0x46790D7,0xD9900A,0x1DFB43F,0x9F2D307,0xC4724E8,0x5678E51,0x15C3E3A7,0x1BEC8E};
-const BIG TEST_Gy={0x3D3273C,0x1AFA5FF,0x1880A139,0xACD34DF,0x17493067,0x10FA4103,0x1D4C9766,0x1A73F3DB,0x2D148};
-
-const BIG TEST_Pxa={0xF8DC275,0xAC27FA,0x11815151,0x152691C8,0x5CDEBF1,0x7D5A965,0x1BF70CE3,0x679A1C8,0xD62CF};
-const BIG TEST_Pxb={0x1D17D7A8,0x6B28DF4,0x174A0389,0xFE67E5F,0x1FA97A3C,0x7F5F473,0xFFB5146,0x4BC19A5,0x227010};
-const BIG TEST_Pya={0x16CC1F90,0x5284627,0x171B91AB,0x11F843B9,0x1D468755,0x67E279C,0x19FE0EF8,0x1A0CAA6B,0x1CC6CB};
-const BIG TEST_Pyb={0x1FF0CF2A,0xBC83255,0x6DD6EE8,0xB8B752F,0x13E484EC,0x1809BE81,0x1A648AA1,0x8CEF3F3,0x86EE};
-
-
-#endif
-
-#if CHOICE==BN254
-
-const BIG TEST_Gx={0x14BEC4670E4EB7,0xEA2973860F6861,0x35C14B2FC3C28F,0x4402A0B63B9473,0x2074A81D};
-const BIG TEST_Gy={0xC284846631CBEB,0x34A6E8D871B3B,0x89FB94A82B2006,0x87B20038771FC,0x6A41108};
-
-const BIG TEST_Pxa={0xE4A00F52183C77,0x554E02DF4F8354,0xB65EB5CF1C2F89,0x8B71A87BFCFC9,0x49EEDB1};
-const BIG TEST_Pxb={0xCFB8FA9AA8845D,0x8A9CC76D966697,0x185BA05BF5EC08,0x76140E87D97226,0x1FB93AB6};
-const BIG TEST_Pya={0x3644CC1EDF208A,0xA637FB3FF8E257,0x4453DA2BB9E686,0xD14AD3CDF6A1FE,0xCD04A1E};
-const BIG TEST_Pyb={0x71BD7630A43C14,0x1CAA9F14EA264E,0x3C3C2DFC765DEF,0xCF59D1A1A7D6EE,0x11FF7795};
-
-
-#endif
-*/
-int main()
-{
- int i;
- char byt[32];
- csprng rng;
- BIG xa,xb,ya,yb,w,a,b,t1,q,u[2],v[4],m,r;
- ECP2 P,G;
- ECP Q,R;
- FP12 g,gp;
- FP4 t,c,cp,cpm1,cpm2;
- FP2 x,y,X;
-
-
- BIG_rcopy(a,CURVE_Fra);
- BIG_rcopy(b,CURVE_Frb);
- FP2_from_BIGs(&X,a,b);
-
- BIG_rcopy(xa,CURVE_Gx);
- BIG_rcopy(ya,CURVE_Gy);
-
- ECP_set(&Q,xa,ya);
- if (Q.inf) printf("Failed to set - point not on curve\n");
- else printf("G1 set success\n");
-
- printf("Q= ");
- ECP_output(&Q);
- printf("\n");
-
-// BIG_rcopy(r,CURVE_Order); BIG_dec(r,7); BIG_norm(r);
- BIG_rcopy(xa,CURVE_Pxa);
- BIG_rcopy(xb,CURVE_Pxb);
- BIG_rcopy(ya,CURVE_Pya);
- BIG_rcopy(yb,CURVE_Pyb);
-
- FP2_from_BIGs(&x,xa,xb);
- FP2_from_BIGs(&y,ya,yb);
-
- ECP2_set(&P,&x,&y);
- if (P.inf) printf("Failed to set - point not on curve\n");
- else printf("G2 set success\n");
-
- printf("P= ");
- ECP2_output(&P);
- printf("\n");
-
- for (i=0; i<1000; i++ )
- {
-
- PAIR_ate(&g,&P,&Q);
- PAIR_fexp(&g);
-
-// PAIR_GTpow(&g,xa);
-
- }
- printf("g= ");
- FP12_output(&g);
- printf("\n");
-
-}
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/rand.c
----------------------------------------------------------------------
diff --git a/version22/c/rand.c b/version22/c/rand.c
deleted file mode 100644
index 4a2cd0a..0000000
--- a/version22/c/rand.c
+++ /dev/null
@@ -1,172 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/*
- * Cryptographic strong random number generator
- *
- * Unguessable seed -> SHA -> PRNG internal state -> SHA -> random numbers
- * Slow - but secure
- *
- * See ftp://ftp.rsasecurity.com/pub/pdfs/bull-1.pdf for a justification
- */
-/* SU=m, m is Stack Usage */
-
-#include "amcl.h"
-
-/* SU= 20 */
-static unsign32 sbrand(csprng *rng)
-{
- /* Marsaglia & Zaman random number generator */
- int i,k;
- unsign32 pdiff,t;
- rng->rndptr++;
- if (rng->rndptr<NK) return rng->ira[rng->rndptr];
- rng->rndptr=0;
- for (i=0,k=NK-NJ; i<NK; i++,k++)
- {
- /* calculate next NK values */
- if (k==NK) k=0;
- t=rng->ira[k];
- pdiff=t - rng->ira[i] - rng->borrow;
-
- if (pdiff<t) rng->borrow=0;
- if (pdiff>t) rng->borrow=1;
- rng->ira[i]=pdiff;
- }
- return rng->ira[0];
-}
-
-/* SU= 20 */
-static void sirand(csprng* rng,unsign32 seed)
-{
- /* initialise random number system */
- /* modified so that a subsequent call "stirs" in another seed value */
- /* in this way as many seed bits as desired may be used */
- int i,in;
- unsign32 t,m=1;
- rng->borrow=0L;
- rng->rndptr=0;
- rng->ira[0]^=seed;
- for (i=1; i<NK; i++)
- {
- /* fill initialisation vector */
- in=(NV*i)%NK;
- rng->ira[in]^=m; /* note XOR */
- t=m;
- m=seed-m;
- seed=t;
- }
- for (i=0; i<10000; i++) sbrand(rng ); /* "warm-up" & stir the generator */
-}
-
-/* SU= 312 */
-static void fill_pool(csprng *rng)
-{
- /* hash down output of RNG to re-fill the pool */
- int i;
- hash256 sh;
- HASH256_init(&sh);
- for (i=0; i<128; i++) HASH256_process(&sh,sbrand(rng));
- HASH256_hash(&sh,rng->pool);
- rng->pool_ptr=0;
-}
-
-static unsign32 pack(const uchar *b)
-{
- /* pack bytes into a 32-bit Word */
- return ((unsign32)b[3]<<24)|((unsign32)b[2]<<16)|((unsign32)b[1]<<8)|(unsign32)b[0];
-}
-
-/* SU= 360 */
-/* Initialize RNG with some real entropy from some external source */
-void RAND_seed(csprng *rng,int rawlen,char *raw)
-{
- /* initialise from at least 128 byte string of raw *
- * random (keyboard?) input, and 32-bit time-of-day */
- int i;
- char digest[32];
- uchar b[4];
- hash256 sh;
- rng->pool_ptr=0;
- for (i=0; i<NK; i++) rng->ira[i]=0;
- if (rawlen>0)
- {
- HASH256_init(&sh);
- for (i=0; i<rawlen; i++)
- HASH256_process(&sh,raw[i]);
- HASH256_hash(&sh,digest);
-
- /* initialise PRNG from distilled randomness */
-
- for (i=0; i<8; i++)
- {
- b[0]=digest[4*i];
- b[1]=digest[4*i+1];
- b[2]=digest[4*i+2];
- b[3]=digest[4*i+3];
- // printf("%08x\n",pack(b));
- sirand(rng,pack(b));
- }
- }
- fill_pool(rng);
-}
-
-/* Terminate and clean up */
-void RAND_clean(csprng *rng)
-{
- /* kill internal state */
- int i;
- rng->pool_ptr=rng->rndptr=0;
- for (i=0; i<32; i++) rng->pool[i]=0;
- for (i=0; i<NK; i++) rng->ira[i]=0;
- rng->borrow=0;
-}
-
-/* get random byte */
-/* SU= 8 */
-int RAND_byte(csprng *rng)
-{
- int r;
- r=rng->pool[rng->pool_ptr++];
- if (rng->pool_ptr>=32) fill_pool(rng);
- return (r&0xff);
-}
-
-/* test main program */
-/*
-#include <stdio.h>
-#include <string.h>
-
-void main()
-{
- int i;
- char raw[256];
- csprng rng;
-
- RAND_clean(&rng);
-
-
- for (i=0;i<256;i++) raw[i]=(char)i;
- RAND_seed(&rng,256,raw);
-
- for (i=0;i<1000;i++)
- printf("%02x ",(unsigned char)RAND_byte(&rng));
-}
-
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/randapi.c
----------------------------------------------------------------------
diff --git a/version22/c/randapi.c b/version22/c/randapi.c
deleted file mode 100644
index 9b32efb..0000000
--- a/version22/c/randapi.c
+++ /dev/null
@@ -1,15 +0,0 @@
-#include "randapi.h"
-
-/* Initialise a Cryptographically Strong Random Number Generator from
- an octet of raw random data */
-
-void CREATE_CSPRNG(csprng *RNG,octet *RAW)
-{
- RAND_seed(RNG,RAW->len,RAW->val);
-}
-
-void KILL_CSPRNG(csprng *RNG)
-{
- RAND_clean(RNG);
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/randapi.h
----------------------------------------------------------------------
diff --git a/version22/c/randapi.h b/version22/c/randapi.h
deleted file mode 100644
index 631499d..0000000
--- a/version22/c/randapi.h
+++ /dev/null
@@ -1,20 +0,0 @@
-#ifndef RANDOM_H
-#define RANDOM_H
-
-#include "amcl.h"
-
-/** @brief Initialise a random number generator
- *
- @param R is a pointer to a cryptographically secure random number generator
- @param S is an input truly random seed value
- */
-extern void CREATE_CSPRNG(csprng *R,octet *S);
-/** @brief Kill a random number generator
- *
- Deletes all internal state
- @param R is a pointer to a cryptographically secure random number generator
- */
-extern void KILL_CSPRNG(csprng *R);
-
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/readme.txt
----------------------------------------------------------------------
diff --git a/version22/c/readme.txt b/version22/c/readme.txt
deleted file mode 100644
index 278770a..0000000
--- a/version22/c/readme.txt
+++ /dev/null
@@ -1,77 +0,0 @@
-AMCL is very simple to build.
-
-The examples here are for GCC under Linux and Windows (using MINGW).
-
-First indicate your computer/compiler architecture by setting the wordlength
-in arch.h
-
-Next - decide what you want to do. Edit amcl.h - note there is only
-one area where USER CONFIGURABLE input is requested.
-
-Here choose your curve.
-
-Once this is done, build the library, and compile and link your program
-with an API file and the ROM file rom.c that contains curve constants.
-
-Three example API files are provided, mpin.c which supports our M-Pin
-(tm) protocol, ecdh.c which supports standard elliptic
-curve key exchange, digital signature and public key crypto, and rsa.c
-which supports the RSA method. The first
-can be tested using the testmpin.c driver programs, the second can
-be tested using testecdh.c, and the third can be tested using
-testrsa.c
-
-In the ROM file you must provide the curve constants. Several examples
-are provided there, and if you are willing to use one of these, simply
-select your curve of CHOICE in amcl.h
-
-Example (1), in amcl.h choose
-
-#define CHOICE BN254
-
-and
-
-#define CURVETYPE WEIERSTRASS
-
-Under windows run the batch file build_pair.bat to build the amcl.a library
-and the testmpin.exe applications.
-
-For linux execute "bash build_pair"
-
-Example (2), in amcl.h choose
-
-#define CHOICE C25519
-
-and
-
-#define CURVETYPE EDWARDS
-
-to select the Edwards curve ed25519.
-
-Under Windows run the batch file build_ec.bat to build the amcl.a library and
-the testecdh.exe application.
-
-For Linux execute "bash build_ec"
-
-
-To help generate the ROM constants for your own curve some MIRACL helper
-programs are included. The programs bngen.cpp and blsgen.cpp generate ROM
-data for a BN and BLS pairing friendly curves, and the program ecgen.cpp
-generates ROM data for regular EC curves.
-
-The MIRACL based program check.cpp helps choose the best number base for
-big number representation, given the word-length and the size of the modulus.
-
-The program bigtobig.cpp converts a big number to the AMCL
-BIG format.
-
-
-For quick jumpstart:-
-
-(Linux)
-bash build_pair
-./testmpin
-
-(Windows + MingW)
-build_pair
-testmpin
[47/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/ecp.c
----------------------------------------------------------------------
diff --git a/version22/c/ecp.c b/version22/c/ecp.c
deleted file mode 100644
index a6dcfad..0000000
--- a/version22/c/ecp.c
+++ /dev/null
@@ -1,1176 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL Elliptic Curve Functions */
-/* SU=m, SU is Stack Usage (Weierstrass Curves) */
-
-//#define HAS_MAIN
-
-#include "amcl.h"
-
-/* test for P=O point-at-infinity */
-int ECP_isinf(ECP *P)
-{
-#if CURVETYPE==EDWARDS
- FP_reduce(P->x);
- FP_reduce(P->y);
- FP_reduce(P->z);
- return (BIG_iszilch(P->x) && BIG_comp(P->y,P->z)==0);
-#else
- return P->inf;
-#endif
-}
-
-/* Conditional swap of P and Q dependant on d */
-static void ECP_cswap(ECP *P,ECP *Q,int d)
-{
- BIG_cswap(P->x,Q->x,d);
-#if CURVETYPE!=MONTGOMERY
- BIG_cswap(P->y,Q->y,d);
-#endif
- BIG_cswap(P->z,Q->z,d);
-#if CURVETYPE!=EDWARDS
- d=~(d-1);
- d=d&(P->inf^Q->inf);
- P->inf^=d;
- Q->inf^=d;
-#endif
-}
-
-#if CURVETYPE!=MONTGOMERY
-/* Conditional move Q to P dependant on d */
-static void ECP_cmove(ECP *P,ECP *Q,int d)
-{
- BIG_cmove(P->x,Q->x,d);
-#if CURVETYPE!=MONTGOMERY
- BIG_cmove(P->y,Q->y,d);
-#endif
- BIG_cmove(P->z,Q->z,d);
-#if CURVETYPE!=EDWARDS
- d=~(d-1);
- P->inf^=(P->inf^Q->inf)&d;
-#endif
-}
-
-/* return 1 if b==c, no branching */
-static int teq(sign32 b,sign32 c)
-{
- sign32 x=b^c;
- x-=1; // if x=0, x now -1
- return (int)((x>>31)&1);
-}
-#endif // CURVETYPE!=MONTGOMERY
-
-#if CURVETYPE!=MONTGOMERY
-/* Constant time select from pre-computed table */
-static void ECP_select(ECP *P,ECP W[],sign32 b)
-{
- ECP MP;
- sign32 m=b>>31;
- sign32 babs=(b^m)-m;
-
- babs=(babs-1)/2;
-
- ECP_cmove(P,&W[0],teq(babs,0)); // conditional move
- ECP_cmove(P,&W[1],teq(babs,1));
- ECP_cmove(P,&W[2],teq(babs,2));
- ECP_cmove(P,&W[3],teq(babs,3));
- ECP_cmove(P,&W[4],teq(babs,4));
- ECP_cmove(P,&W[5],teq(babs,5));
- ECP_cmove(P,&W[6],teq(babs,6));
- ECP_cmove(P,&W[7],teq(babs,7));
-
- ECP_copy(&MP,P);
- ECP_neg(&MP); // minus P
- ECP_cmove(P,&MP,(int)(m&1));
-}
-#endif
-
-/* Test P == Q */
-/* SU=168 */
-int ECP_equals(ECP *P,ECP *Q)
-{
-#if CURVETYPE==WEIERSTRASS
- BIG pz2,qz2,a,b;
- if (ECP_isinf(P) && ECP_isinf(Q)) return 1;
- if (ECP_isinf(P) || ECP_isinf(Q)) return 0;
-
- FP_sqr(pz2,P->z);
- FP_sqr(qz2,Q->z);
-
- FP_mul(a,P->x,qz2);
- FP_mul(b,Q->x,pz2);
- FP_reduce(a);
- FP_reduce(b);
- if (BIG_comp(a,b)!=0) return 0;
-
- FP_mul(a,P->y,qz2);
- FP_mul(a,a,Q->z);
- FP_mul(b,Q->y,pz2);
- FP_mul(b,b,P->z);
- FP_reduce(a);
- FP_reduce(b);
- if (BIG_comp(a,b)!=0) return 0;
- return 1;
-#else
- BIG a,b;
- if (ECP_isinf(P) && ECP_isinf(Q)) return 1;
- if (ECP_isinf(P) || ECP_isinf(Q)) return 0;
-
- FP_mul(a,P->x,Q->z);
- FP_mul(b,Q->x,P->z);
- FP_reduce(a);
- FP_reduce(b);
- if (BIG_comp(a,b)!=0) return 0;
-
-#if CURVETYPE==EDWARDS
- FP_mul(a,P->y,Q->z);
- FP_mul(b,Q->y,P->z);
- FP_reduce(a);
- FP_reduce(b);
- if (BIG_comp(a,b)!=0) return 0;
-#endif
-
- return 1;
-#endif
-}
-
-/* Set P=Q */
-/* SU=16 */
-void ECP_copy(ECP *P,ECP *Q)
-{
-#if CURVETYPE!=EDWARDS
- P->inf=Q->inf;
-#endif
- BIG_copy(P->x,Q->x);
-#if CURVETYPE!=MONTGOMERY
- BIG_copy(P->y,Q->y);
-#endif
- BIG_copy(P->z,Q->z);
-}
-
-/* Set P=-Q */
-#if CURVETYPE!=MONTGOMERY
-/* SU=8 */
-void ECP_neg(ECP *P)
-{
- if (ECP_isinf(P)) return;
-#if CURVETYPE==WEIERSTRASS
- FP_neg(P->y,P->y);
- BIG_norm(P->y);
-#else
- FP_neg(P->x,P->x);
- BIG_norm(P->x);
-#endif
-
-}
-#endif
-
-/* Set P=O */
-void ECP_inf(ECP *P)
-{
-#if CURVETYPE==EDWARDS
- BIG_zero(P->x);
- FP_one(P->y);
- FP_one(P->z);
-#else
- P->inf=1;
-#endif
-}
-
-/* Calculate right Hand Side of curve equation y^2=RHS */
-/* SU=56 */
-void ECP_rhs(BIG v,BIG x)
-{
-#if CURVETYPE==WEIERSTRASS
- /* x^3+Ax+B */
- BIG t;
- FP_sqr(t,x);
- FP_mul(t,t,x);
-
- if (CURVE_A==-3)
- {
- FP_neg(v,x);
- BIG_norm(v);
- BIG_imul(v,v,-CURVE_A);
- BIG_norm(v);
- FP_add(v,t,v);
- }
- else BIG_copy(v,t);
-
- BIG_rcopy(t,CURVE_B);
- FP_nres(t);
- FP_add(v,t,v);
- FP_reduce(v);
-#endif
-
-#if CURVETYPE==EDWARDS
- /* (Ax^2-1)/(Bx^2-1) */
- BIG t,m,one;
- BIG_rcopy(m,Modulus);
- FP_sqr(v,x);
- FP_one(one);
- BIG_rcopy(t,CURVE_B);
- FP_nres(t);
- FP_mul(t,v,t);
- FP_sub(t,t,one);
- if (CURVE_A==1) FP_sub(v,v,one);
-
- if (CURVE_A==-1)
- {
- FP_add(v,v,one);
- FP_neg(v,v);
- }
- FP_redc(v);
- FP_redc(t);
- BIG_moddiv(v,v,t,m);
- FP_nres(v);
-#endif
-
-#if CURVETYPE==MONTGOMERY
- /* x^3+Ax^2+x */
- BIG x2,x3;
- FP_sqr(x2,x);
- FP_mul(x3,x2,x);
- BIG_copy(v,x);
- FP_imul(x2,x2,CURVE_A);
- FP_add(v,v,x2);
- FP_add(v,v,x3);
- FP_reduce(v);
-#endif
-}
-
-/* Set P=(x,y) */
-
-#if CURVETYPE==MONTGOMERY
-
-/* Set P=(x,{y}) */
-
-int ECP_set(ECP *P,BIG x)
-{
- BIG m,rhs;
- BIG_rcopy(m,Modulus);
- BIG_copy(rhs,x);
- FP_nres(rhs);
- ECP_rhs(rhs,rhs);
- FP_redc(rhs);
-
- if (BIG_jacobi(rhs,m)!=1)
- {
- ECP_inf(P);
- return 0;
- }
- P->inf=0;
- BIG_copy(P->x,x);
- FP_nres(P->x);
- FP_one(P->z);
- return 1;
-}
-
-/* Extract x coordinate as BIG */
-int ECP_get(BIG x,ECP *P)
-{
- if (ECP_isinf(P)) return -1;
- ECP_affine(P);
- BIG_copy(x,P->x);
- FP_redc(x);
- return 0;
-}
-
-
-#else
-/* Extract (x,y) and return sign of y. If x and y are the same return only x */
-/* SU=16 */
-int ECP_get(BIG x,BIG y,ECP *P)
-{
- int s;
-#if CURVETYPE!=EDWARDS
- if (ECP_isinf(P)) return -1;
-#endif
- ECP_affine(P);
-
- BIG_copy(y,P->y);
- FP_redc(y);
-
- s=BIG_parity(y);
-
- BIG_copy(x,P->x);
- FP_redc(x);
-
- return s;
-}
-
-/* Set P=(x,{y}) */
-/* SU=96 */
-int ECP_set(ECP *P,BIG x,BIG y)
-{
- BIG rhs,y2;
- BIG_copy(y2,y);
-
- FP_nres(y2);
- FP_sqr(y2,y2);
- FP_reduce(y2);
-
-
-
- BIG_copy(rhs,x);
- FP_nres(rhs);
-
- ECP_rhs(rhs,rhs);
-
- if (BIG_comp(y2,rhs)!=0)
- {
- ECP_inf(P);
- return 0;
- }
-#if CURVETYPE==WEIERSTRASS
- P->inf=0;
-#endif
- BIG_copy(P->x,x);
- FP_nres(P->x);
- BIG_copy(P->y,y);
- FP_nres(P->y);
- FP_one(P->z);
- return 1;
-}
-
-/* Set P=(x,y), where y is calculated from x with sign s */
-/* SU=136 */
-int ECP_setx(ECP *P,BIG x,int s)
-{
- BIG t,rhs,m;
- BIG_rcopy(m,Modulus);
-
- BIG_copy(rhs,x);
- FP_nres(rhs);
- ECP_rhs(rhs,rhs);
- BIG_copy(t,rhs);
- FP_redc(t);
- if (BIG_jacobi(t,m)!=1)
- {
- ECP_inf(P);
- return 0;
- }
-#if CURVETYPE==WEIERSTRASS
- P->inf=0;
-#endif
- BIG_copy(P->x,x);
- FP_nres(P->x);
-
- FP_sqrt(P->y,rhs);
- BIG_copy(rhs,P->y);
- FP_redc(rhs);
- if (BIG_parity(rhs)!=s)
- FP_neg(P->y,P->y);
- FP_reduce(P->y);
- FP_one(P->z);
- return 1;
-}
-
-#endif
-
-/* Convert P to Affine, from (x,y,z) to (x,y) */
-/* SU=160 */
-void ECP_affine(ECP *P)
-{
- BIG one,iz,m;
-#if CURVETYPE==WEIERSTRASS
- BIG izn;
- if (ECP_isinf(P)) return;
- FP_one(one);
- if (BIG_comp(P->z,one)==0) return;
- BIG_rcopy(m,Modulus);
-
- FP_redc(P->z);
- BIG_invmodp(iz,P->z,m);
- FP_nres(iz);
-
- FP_sqr(izn,iz);
- FP_mul(P->x,P->x,izn);
- FP_mul(izn,izn,iz);
- FP_mul(P->y,P->y,izn);
- FP_reduce(P->y);
-
-#endif
-#if CURVETYPE==EDWARDS
- FP_one(one);
- if (BIG_comp(P->z,one)==0) return;
- BIG_rcopy(m,Modulus);
-
- FP_redc(P->z);
- BIG_invmodp(iz,P->z,m);
- FP_nres(iz);
-
- FP_mul(P->x,P->x,iz);
- FP_mul(P->y,P->y,iz);
- FP_reduce(P->y);
-
-#endif
-#if CURVETYPE==MONTGOMERY
- if (ECP_isinf(P)) return;
- FP_one(one);
- if (BIG_comp(P->z,one)==0) return;
-
- BIG_rcopy(m,Modulus);
-
- FP_redc(P->z);
- BIG_invmodp(iz,P->z,m);
- FP_nres(iz);
-
- FP_mul(P->x,P->x,iz);
-
-#endif
- FP_reduce(P->x);
- BIG_copy(P->z,one);
-}
-
-/* SU=120 */
-void ECP_outputxyz(ECP *P)
-{
- BIG x,z;
- if (ECP_isinf(P))
- {
- printf("Infinity\n");
- return;
- }
- BIG_copy(x,P->x);
- FP_reduce(x);
- FP_redc(x);
- BIG_copy(z,P->z);
- FP_reduce(z);
- FP_redc(z);
-
-#if CURVETYPE!=MONTGOMERY
- BIG y;
- BIG_copy(y,P->y);
- FP_reduce(y);
- FP_redc(y);
- printf("(");
- BIG_output(x);
- printf(",");
- BIG_output(y);
- printf(",");
- BIG_output(z);
- printf(")\n");
-
-#else
- printf("(");
- BIG_output(x);
- printf(",");
- BIG_output(z);
- printf(")\n");
-#endif
-}
-
-/* SU=16 */
-/* Output point P */
-void ECP_output(ECP *P)
-{
- if (ECP_isinf(P))
- {
- printf("Infinity\n");
- return;
- }
- ECP_affine(P);
-#if CURVETYPE!=MONTGOMERY
- FP_redc(P->x);
- FP_redc(P->y);
- printf("(");
- BIG_output(P->x);
- printf(",");
- BIG_output(P->y);
- printf(")\n");
- FP_nres(P->x);
- FP_nres(P->y);
-#else
- FP_redc(P->x);
- printf("(");
- BIG_output(P->x);
- printf(")\n");
- FP_nres(P->x);
-#endif
-}
-
-
-/* SU=88 */
-/* Convert P to octet string */
-void ECP_toOctet(octet *W,ECP *P)
-{
-#if CURVETYPE==MONTGOMERY
- BIG x;
- ECP_get(x,P);
- W->len=MODBYTES+1;
- W->val[0]=6;
- BIG_toBytes(&(W->val[1]),x);
-#else
- BIG x,y;
- ECP_get(x,y,P);
- W->len=2*MODBYTES+1;
- W->val[0]=4;
- BIG_toBytes(&(W->val[1]),x);
- BIG_toBytes(&(W->val[MODBYTES+1]),y);
-#endif
-}
-
-/* SU=88 */
-/* Restore P from octet string */
-int ECP_fromOctet(ECP *P,octet *W)
-{
-#if CURVETYPE==MONTGOMERY
- BIG x;
- BIG_fromBytes(x,&(W->val[1]));
- if (ECP_set(P,x)) return 1;
- return 0;
-#else
- BIG x,y;
- BIG_fromBytes(x,&(W->val[1]));
- BIG_fromBytes(y,&(W->val[MODBYTES+1]));
- if (ECP_set(P,x,y)) return 1;
- return 0;
-#endif
-}
-
-
-/* Set P=2P */
-/* SU=272 */
-void ECP_dbl(ECP *P)
-{
-#if CURVETYPE==WEIERSTRASS
- BIG one;
- BIG w1,w7,w8,w2,w3,w6;
- if (ECP_isinf(P)) return;
-
- if (BIG_iszilch(P->y))
- {
- P->inf=1;
- return;
- }
- FP_one(one);
- BIG_zero(w6);
-
- if (CURVE_A==-3)
- {
- if (BIG_comp(P->z,one)==0) BIG_copy(w6,one);
- else FP_sqr(w6,P->z);
- FP_neg(w1,w6);
- FP_add(w3,P->x,w1);
- FP_add(w8,P->x,w6);
- FP_mul(w3,w3,w8);
- BIG_imul(w8,w3,3);
- }
- else
- {
- /* assuming A=0 */
- FP_sqr(w1,P->x);
- BIG_imul(w8,w1,3);
- }
-
- FP_sqr(w2,P->y);
- FP_mul(w3,P->x,w2);
-
- BIG_imul(w3,w3,4);
- FP_neg(w1,w3);
-
- BIG_norm(w1);
-
- FP_sqr(P->x,w8);
- FP_add(P->x,P->x,w1);
- FP_add(P->x,P->x,w1);
-
- BIG_norm(P->x);
-
- if (BIG_comp(P->z,one)==0) BIG_copy(P->z,P->y);
- else FP_mul(P->z,P->z,P->y);
- FP_add(P->z,P->z,P->z);
-
-
- FP_add(w7,w2,w2);
- FP_sqr(w2,w7);
-
- FP_add(w2,w2,w2);
- FP_sub(w3,w3,P->x);
- FP_mul(P->y,w8,w3);
-
- FP_sub(P->y,P->y,w2);
-
- BIG_norm(P->y);
- BIG_norm(P->z);
-
-#endif
-
-#if CURVETYPE==EDWARDS
- /* Not using square for multiplication swap, as (1) it needs more adds, and (2) it triggers more reductions */
- BIG B,C,D,E,F,H,J;
-
- FP_mul(B,P->x,P->y);
- FP_add(B,B,B);
- FP_sqr(C,P->x);
- FP_sqr(D,P->y);
- if (CURVE_A==1) BIG_copy(E,C);
- if (CURVE_A==-1) FP_neg(E,C);
- FP_add(F,E,D);
-
- BIG_norm(F);
-
- FP_sqr(H,P->z);
- FP_add(H,H,H);
- FP_sub(J,F,H);
- FP_mul(P->x,B,J);
- FP_sub(E,E,D);
- FP_mul(P->y,F,E);
- FP_mul(P->z,F,J);
-
- BIG_norm(P->x);
- BIG_norm(P->y);
- BIG_norm(P->z);
-
-#endif
-
-#if CURVETYPE==MONTGOMERY
- BIG A,B,AA,BB,C;
- if (ECP_isinf(P)) return;
-
- FP_add(A,P->x,P->z);
- FP_sqr(AA,A);
- FP_sub(B,P->x,P->z);
- FP_sqr(BB,B);
- FP_sub(C,AA,BB);
-
- FP_mul(P->x,AA,BB);
- FP_imul(A,C,(CURVE_A+2)/4);
- FP_add(BB,BB,A);
- FP_mul(P->z,BB,C);
-
- BIG_norm(P->x);
- BIG_norm(P->z);
-#endif
-}
-
-#if CURVETYPE==MONTGOMERY
-
-/* Set P+=Q. W is difference between P and Q and is affine */
-void ECP_add(ECP *P,ECP *Q,ECP *W)
-{
- BIG A,B,C,D,DA,CB;
-
- FP_add(A,P->x,P->z);
- FP_sub(B,P->x,P->z);
-
- FP_add(C,Q->x,Q->z);
- FP_sub(D,Q->x,Q->z);
-
- FP_mul(DA,D,A);
- FP_mul(CB,C,B);
-
- FP_add(A,DA,CB);
- FP_sqr(A,A);
- FP_sub(B,DA,CB);
- FP_sqr(B,B);
-
- BIG_copy(P->x,A);
- FP_mul(P->z,W->x,B);
-
- FP_reduce(P->z);
- if (BIG_iszilch(P->z)) P->inf=1;
- else P->inf=0;
-
- BIG_norm(P->x);
-}
-
-
-#else
-
-/* Set P+=Q */
-/* SU=248 */
-void ECP_add(ECP *P,ECP *Q)
-{
-#if CURVETYPE==WEIERSTRASS
- int aff;
- BIG one,B,D,E,C,A;
- if (ECP_isinf(Q)) return;
- if (ECP_isinf(P))
- {
- ECP_copy(P,Q);
- return;
- }
-
- FP_one(one);
- aff=1;
- if (BIG_comp(Q->z,one)!=0) aff=0;
-
- if (!aff)
- {
- FP_sqr(A,Q->z);
- FP_mul(C,A,Q->z);
-
- FP_sqr(B,P->z);
- FP_mul(D,B,P->z);
-
- FP_mul(A,P->x,A);
- FP_mul(C,P->y,C);
- }
- else
- {
- BIG_copy(A,P->x);
- BIG_copy(C,P->y);
-
- FP_sqr(B,P->z);
- FP_mul(D,B,P->z);
- }
-
- FP_mul(B,Q->x,B);
- FP_sub(B,B,A); /* B=Qx.z^2-x.Qz^2 */
- FP_mul(D,Q->y,D);
- FP_sub(D,D,C); /* D=Qy.z^3-y.Qz^3 */
-
- FP_reduce(B);
- if (BIG_iszilch(B))
- {
- FP_reduce(D);
- if (BIG_iszilch(D))
- {
- ECP_dbl(P);
- return;
- }
- else
- {
- ECP_inf(P);
- return;
- }
- }
- if (!aff) FP_mul(P->z,P->z,Q->z);
- FP_mul(P->z,P->z,B);
-
- FP_sqr(E,B);
- FP_mul(B,B,E);
- FP_mul(A,A,E);
-
- FP_add(E,A,A);
- FP_add(E,E,B);
-
- FP_sqr(P->x,D);
- FP_sub(P->x,P->x,E);
-
- FP_sub(A,A,P->x);
- FP_mul(P->y,A,D);
- FP_mul(C,C,B);
- FP_sub(P->y,P->y,C);
-
- BIG_norm(P->x);
- BIG_norm(P->y);
- BIG_norm(P->z);
-
-#else
- BIG b,A,B,C,D,E,F,G;
-
- BIG_rcopy(b,CURVE_B);
- FP_nres(b);
- FP_mul(A,P->z,Q->z);
-
- FP_sqr(B,A);
- FP_mul(C,P->x,Q->x);
- FP_mul(D,P->y,Q->y);
- FP_mul(E,C,D);
- FP_mul(E,E,b);
-
- FP_sub(F,B,E);
- FP_add(G,B,E);
-
- if (CURVE_A==1) FP_sub(E,D,C);
- FP_add(C,C,D);
-
- FP_add(B,P->x,P->y);
- FP_add(D,Q->x,Q->y);
- FP_mul(B,B,D);
- FP_sub(B,B,C);
- FP_mul(B,B,F);
- FP_mul(P->x,A,B);
-
-
- if (CURVE_A==1) FP_mul(C,E,G);
- if (CURVE_A==-1)FP_mul(C,C,G);
-
- FP_mul(P->y,A,C);
- FP_mul(P->z,F,G);
-
- BIG_norm(P->x);
- BIG_norm(P->y);
- BIG_norm(P->z);
-
-#endif
-}
-
-/* Set P-=Q */
-/* SU=16 */
-void ECP_sub(ECP *P,ECP *Q)
-{
- ECP_neg(Q);
- ECP_add(P,Q);
- ECP_neg(Q);
-}
-
-#endif
-
-
-#if CURVETYPE==WEIERSTRASS
-/* normalises array of points. Assumes P[0] is normalised already */
-
-static void ECP_multiaffine(int m,ECP P[],BIG work[])
-{
- int i;
- BIG t1,t2;
-
- FP_one(work[0]);
- BIG_copy(work[1],P[0].z);
- for (i=2; i<m; i++)
- FP_mul(work[i],work[i-1],P[i-1].z);
-
- FP_mul(t1,work[m-1],P[m-1].z);
- FP_inv(t1,t1);
-
- BIG_copy(t2,P[m-1].z);
- FP_mul(work[m-1],work[m-1],t1);
-
- for (i=m-2;; i--)
- {
- if (i==0)
- {
- FP_mul(work[0],t1,t2);
- break;
- }
- FP_mul(work[i],work[i],t2);
- FP_mul(work[i],work[i],t1);
- FP_mul(t2,P[i].z,t2);
- }
- /* now work[] contains inverses of all Z coordinates */
-
- for (i=0; i<m; i++)
- {
- FP_one(P[i].z);
- FP_sqr(t1,work[i]);
- FP_mul(P[i].x,P[i].x,t1);
- FP_mul(t1,work[i],t1);
- FP_mul(P[i].y,P[i].y,t1);
- }
-}
-
-#endif
-
-#if CURVETYPE!=MONTGOMERY
-/* constant time multiply by small integer of length bts - use ladder */
-void ECP_pinmul(ECP *P,int e,int bts)
-{
- int i,b;
- ECP R0,R1;
-
- ECP_affine(P);
- ECP_inf(&R0);
- ECP_copy(&R1,P);
-
- for (i=bts-1; i>=0; i--)
- {
- b=(e>>i)&1;
- ECP_copy(P,&R1);
- ECP_add(P,&R0);
- ECP_cswap(&R0,&R1,b);
- ECP_copy(&R1,P);
- ECP_dbl(&R0);
- ECP_cswap(&R0,&R1,b);
- }
- ECP_copy(P,&R0);
- ECP_affine(P);
-}
-#endif
-
-/* Set P=r*P */
-/* SU=424 */
-void ECP_mul(ECP *P,BIG e)
-{
-#if CURVETYPE==MONTGOMERY
- /* Montgomery ladder */
- int nb,i,b;
- ECP R0,R1,D;
- if (ECP_isinf(P)) return;
- if (BIG_iszilch(e))
- {
- ECP_inf(P);
- return;
- }
- ECP_affine(P);
-
- ECP_copy(&R0,P);
- ECP_copy(&R1,P);
- ECP_dbl(&R1);
- ECP_copy(&D,P);
-
- nb=BIG_nbits(e);
- for (i=nb-2; i>=0; i--)
- {
- b=BIG_bit(e,i);
- ECP_copy(P,&R1);
- ECP_add(P,&R0,&D);
- ECP_cswap(&R0,&R1,b);
- ECP_copy(&R1,P);
- ECP_dbl(&R0);
- ECP_cswap(&R0,&R1,b);
- }
- ECP_copy(P,&R0);
-
-#else
- /* fixed size windows */
- int i,nb,s,ns;
- BIG mt,t;
- ECP Q,W[8],C;
- sign8 w[1+(NLEN*BASEBITS+3)/4];
-#if CURVETYPE==WEIERSTRASS
- BIG work[8];
-#endif
- if (ECP_isinf(P)) return;
- if (BIG_iszilch(e))
- {
- ECP_inf(P);
- return;
- }
-
- ECP_affine(P);
-
- /* precompute table */
-
- ECP_copy(&Q,P);
- ECP_dbl(&Q);
-
-//printf("Q= ");ECP_output(&Q); printf("\n");
-
- ECP_copy(&W[0],P);
-
- for (i=1; i<8; i++)
- {
- ECP_copy(&W[i],&W[i-1]);
- ECP_add(&W[i],&Q);
- }
-
-//printf("W[1]= ");ECP_output(&W[1]); printf("\n");
-
- /* convert the table to affine */
-#if CURVETYPE==WEIERSTRASS
- ECP_multiaffine(8,W,work);
-#endif
-
- /* make exponent odd - add 2P if even, P if odd */
- BIG_copy(t,e);
- s=BIG_parity(t);
- BIG_inc(t,1);
- BIG_norm(t);
- ns=BIG_parity(t);
- BIG_copy(mt,t);
- BIG_inc(mt,1);
- BIG_norm(mt);
- BIG_cmove(t,mt,s);
- ECP_cmove(&Q,P,ns);
- ECP_copy(&C,&Q);
-
- nb=1+(BIG_nbits(t)+3)/4;
-
- /* convert exponent to signed 4-bit window */
- for (i=0; i<nb; i++)
- {
- w[i]=BIG_lastbits(t,5)-16;
- BIG_dec(t,w[i]);
- BIG_norm(t);
- BIG_fshr(t,4);
- }
- w[nb]=BIG_lastbits(t,5);
-
- ECP_copy(P,&W[(w[nb]-1)/2]);
- for (i=nb-1; i>=0; i--)
- {
- ECP_select(&Q,W,w[i]);
- ECP_dbl(P);
- ECP_dbl(P);
- ECP_dbl(P);
- ECP_dbl(P);
- ECP_add(P,&Q);
- }
- ECP_sub(P,&C); /* apply correction */
-#endif
- ECP_affine(P);
-}
-
-#if CURVETYPE!=MONTGOMERY
-/* Set P=eP+fQ double multiplication */
-/* constant time - as useful for GLV method in pairings */
-/* SU=456 */
-
-void ECP_mul2(ECP *P,ECP *Q,BIG e,BIG f)
-{
- BIG te,tf,mt;
- ECP S,T,W[8],C;
- sign8 w[1+(NLEN*BASEBITS+1)/2];
- int i,a,b,s,ns,nb;
-#if CURVETYPE==WEIERSTRASS
- BIG work[8];
-#endif
-
- ECP_affine(P);
- ECP_affine(Q);
-
- BIG_copy(te,e);
- BIG_copy(tf,f);
-
- /* precompute table */
- ECP_copy(&W[1],P);
- ECP_sub(&W[1],Q); /* P+Q */
- ECP_copy(&W[2],P);
- ECP_add(&W[2],Q); /* P-Q */
- ECP_copy(&S,Q);
- ECP_dbl(&S); /* S=2Q */
- ECP_copy(&W[0],&W[1]);
- ECP_sub(&W[0],&S);
- ECP_copy(&W[3],&W[2]);
- ECP_add(&W[3],&S);
- ECP_copy(&T,P);
- ECP_dbl(&T); /* T=2P */
- ECP_copy(&W[5],&W[1]);
- ECP_add(&W[5],&T);
- ECP_copy(&W[6],&W[2]);
- ECP_add(&W[6],&T);
- ECP_copy(&W[4],&W[5]);
- ECP_sub(&W[4],&S);
- ECP_copy(&W[7],&W[6]);
- ECP_add(&W[7],&S);
-
-#if CURVETYPE==WEIERSTRASS
- ECP_multiaffine(8,W,work);
-#endif
-
- /* if multiplier is odd, add 2, else add 1 to multiplier, and add 2P or P to correction */
-
- s=BIG_parity(te);
- BIG_inc(te,1);
- BIG_norm(te);
- ns=BIG_parity(te);
- BIG_copy(mt,te);
- BIG_inc(mt,1);
- BIG_norm(mt);
- BIG_cmove(te,mt,s);
- ECP_cmove(&T,P,ns);
- ECP_copy(&C,&T);
-
- s=BIG_parity(tf);
- BIG_inc(tf,1);
- BIG_norm(tf);
- ns=BIG_parity(tf);
- BIG_copy(mt,tf);
- BIG_inc(mt,1);
- BIG_norm(mt);
- BIG_cmove(tf,mt,s);
- ECP_cmove(&S,Q,ns);
- ECP_add(&C,&S);
-
- BIG_add(mt,te,tf);
- BIG_norm(mt);
- nb=1+(BIG_nbits(mt)+1)/2;
-
- /* convert exponent to signed 2-bit window */
- for (i=0; i<nb; i++)
- {
- a=BIG_lastbits(te,3)-4;
- BIG_dec(te,a);
- BIG_norm(te);
- BIG_fshr(te,2);
- b=BIG_lastbits(tf,3)-4;
- BIG_dec(tf,b);
- BIG_norm(tf);
- BIG_fshr(tf,2);
- w[i]=4*a+b;
- }
- w[nb]=(4*BIG_lastbits(te,3)+BIG_lastbits(tf,3));
-
- ECP_copy(P,&W[(w[nb]-1)/2]);
- for (i=nb-1; i>=0; i--)
- {
- ECP_select(&T,W,w[i]);
- ECP_dbl(P);
- ECP_dbl(P);
- ECP_add(P,&T);
- }
- ECP_sub(P,&C); /* apply correction */
- ECP_affine(P);
-}
-
-#endif
-
-
-#ifdef HAS_MAIN
-
-int main()
-{
- int i;
- ECP G,P;
- csprng RNG;
- BIG r,s,x,y,b,m,w,q;
- BIG_rcopy(x,CURVE_Gx);
-#if CURVETYPE!=MONTGOMERY
- BIG_rcopy(y,CURVE_Gy);
-#endif
- BIG_rcopy(m,Modulus);
-
- printf("x= ");
- BIG_output(x);
- printf("\n");
-#if CURVETYPE!=MONTGOMERY
- printf("y= ");
- BIG_output(y);
- printf("\n");
-#endif
- RNG_seed(&RNG,3,"abc");
-
-#if CURVETYPE!=MONTGOMERY
- ECP_set(&G,x,y);
-#else
- ECP_set(&G,x);
-#endif
- if (ECP_isinf(&G)) printf("Failed to set - point not on curve\n");
- else printf("set success\n");
-
- ECP_output(&G);
-
- BIG_rcopy(r,CURVE_Order); //BIG_dec(r,7);
- printf("r= ");
- BIG_output(r);
- printf("\n");
-
- ECP_copy(&P,&G);
-
- ECP_mul(&P,r);
-
- ECP_output(&P);
-//exit(0);
- BIG_randomnum(w,&RNG);
- BIG_mod(w,r);
-
- ECP_copy(&P,&G);
- ECP_mul(&P,w);
-
- ECP_output(&P);
-
- return 0;
-}
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/ecp2.c
----------------------------------------------------------------------
diff --git a/version22/c/ecp2.c b/version22/c/ecp2.c
deleted file mode 100644
index 4808569..0000000
--- a/version22/c/ecp2.c
+++ /dev/null
@@ -1,696 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL Weierstrass elliptic curve functions over FP2 */
-/* SU=m, m is Stack Usage */
-
-#include "amcl.h"
-
-int ECP2_isinf(ECP2 *P)
-{
- return P->inf;
-}
-
-/* Set P=Q */
-/* SU= 16 */
-void ECP2_copy(ECP2 *P,ECP2 *Q)
-{
- P->inf=Q->inf;
- FP2_copy(&(P->x),&(Q->x));
- FP2_copy(&(P->y),&(Q->y));
- FP2_copy(&(P->z),&(Q->z));
-}
-
-/* set P to Infinity */
-/* SU= 8 */
-void ECP2_inf(ECP2 *P)
-{
- P->inf=1;
- FP2_zero(&(P->x));
- FP2_zero(&(P->y));
- FP2_zero(&(P->z));
-}
-
-/* Conditional move Q to P dependant on d */
-static void ECP2_cmove(ECP2 *P,ECP2 *Q,int d)
-{
- FP2_cmove(&(P->x),&(Q->x),d);
- FP2_cmove(&(P->y),&(Q->y),d);
- FP2_cmove(&(P->z),&(Q->z),d);
- d=~(d-1);
- P->inf^=(P->inf^Q->inf)&d;
-}
-
-/* return 1 if b==c, no branching */
-static int teq(sign32 b,sign32 c)
-{
- sign32 x=b^c;
- x-=1; // if x=0, x now -1
- return (int)((x>>31)&1);
-}
-
-/* Constant time select from pre-computed table */
-static void ECP2_select(ECP2 *P,ECP2 W[],sign32 b)
-{
- ECP2 MP;
- sign32 m=b>>31;
- sign32 babs=(b^m)-m;
-
- babs=(babs-1)/2;
-
- ECP2_cmove(P,&W[0],teq(babs,0)); // conditional move
- ECP2_cmove(P,&W[1],teq(babs,1));
- ECP2_cmove(P,&W[2],teq(babs,2));
- ECP2_cmove(P,&W[3],teq(babs,3));
- ECP2_cmove(P,&W[4],teq(babs,4));
- ECP2_cmove(P,&W[5],teq(babs,5));
- ECP2_cmove(P,&W[6],teq(babs,6));
- ECP2_cmove(P,&W[7],teq(babs,7));
-
- ECP2_copy(&MP,P);
- ECP2_neg(&MP); // minus P
- ECP2_cmove(P,&MP,(int)(m&1));
-}
-
-/* return 1 if P==Q, else 0 */
-/* SU= 312 */
-int ECP2_equals(ECP2 *P,ECP2 *Q)
-{
- FP2 pz2,qz2,a,b;
- if (P->inf && Q->inf) return 1;
- if (P->inf || Q->inf) return 0;
-
- FP2_sqr(&pz2,&(P->z));
- FP2_sqr(&qz2,&(Q->z));
-
- FP2_mul(&a,&(P->x),&qz2);
- FP2_mul(&b,&(Q->x),&pz2);
- if (!FP2_equals(&a,&b)) return 0;
-
- FP2_mul(&a,&(P->y),&qz2);
- FP2_mul(&a,&a,&(Q->z));
- FP2_mul(&b,&(Q->y),&pz2);
- FP2_mul(&b,&b,&(P->z));
- if (!FP2_equals(&a,&b)) return 0;
- return 1;
-}
-
-/* Make P affine (so z=1) */
-/* SU= 232 */
-void ECP2_affine(ECP2 *P)
-{
- FP2 one,iz,izn;
- if (P->inf) return;
-
- FP2_one(&one);
- if (FP2_isunity(&(P->z)))
- {
- FP2_reduce(&(P->x));
- FP2_reduce(&(P->y));
- return;
- }
-
- FP2_inv(&iz,&(P->z));
- FP2_sqr(&izn,&iz);
- FP2_mul(&(P->x),&(P->x),&izn);
- FP2_mul(&izn,&izn,&iz);
- FP2_mul(&(P->y),&(P->y),&izn);
-
- FP2_reduce(&(P->x));
- FP2_reduce(&(P->y));
- FP2_copy(&(P->z),&one);
-}
-
-/* extract x, y from point P */
-/* SU= 16 */
-int ECP2_get(FP2 *x,FP2 *y,ECP2 *P)
-{
- if (P->inf) return -1;
- ECP2_affine(P);
- FP2_copy(y,&(P->y));
- FP2_copy(x,&(P->x));
- return 0;
-}
-
-/* SU= 152 */
-/* Output point P */
-void ECP2_output(ECP2 *P)
-{
- FP2 x,y;
- if (P->inf)
- {
- printf("Infinity\n");
- return;
- }
- ECP2_get(&x,&y,P);
- printf("(");
- FP2_output(&x);
- printf(",");
- FP2_output(&y);
- printf(")\n");
-}
-
-/* SU= 232 */
-void ECP2_outputxyz(ECP2 *P)
-{
- ECP2 Q;
- if (P->inf)
- {
- printf("Infinity\n");
- return;
- }
- ECP2_copy(&Q,P);
- printf("(");
- FP2_output(&(Q.x));
- printf(",");
- FP2_output(&(Q.y));
- printf(",");
- FP2_output(&(Q.z));
- printf(")\n");
-}
-
-/* SU= 168 */
-/* Convert Q to octet string */
-void ECP2_toOctet(octet *W,ECP2 *Q)
-{
- FP2 qx,qy;
- ECP2_get(&qx,&qy,Q);
- FP_redc(qx.a);
- FP_redc(qx.b);
- FP_redc(qy.a);
- FP_redc(qy.b);
- W->len=4*MODBYTES;
-
- BIG_toBytes(&(W->val[0]),qx.a);
- BIG_toBytes(&(W->val[MODBYTES]),qx.b);
- BIG_toBytes(&(W->val[2*MODBYTES]),qy.a);
- BIG_toBytes(&(W->val[3*MODBYTES]),qy.b);
-}
-
-/* SU= 176 */
-/* restore Q from octet string */
-int ECP2_fromOctet(ECP2 *Q,octet *W)
-{
- FP2 qx,qy;
- BIG_fromBytes(qx.a,&(W->val[0]));
- BIG_fromBytes(qx.b,&(W->val[MODBYTES]));
- BIG_fromBytes(qy.a,&(W->val[2*MODBYTES]));
- BIG_fromBytes(qy.b,&(W->val[3*MODBYTES]));
- FP_nres(qx.a);
- FP_nres(qx.b);
- FP_nres(qy.a);
- FP_nres(qy.b);
-
- if (ECP2_set(Q,&qx,&qy)) return 1;
- return 0;
-}
-
-/* SU= 128 */
-/* Calculate RHS of twisted curve equation x^3+B/i */
-void ECP2_rhs(FP2 *rhs,FP2 *x)
-{
- /* calculate RHS of elliptic curve equation */
- FP2 t;
- BIG b;
- FP2_sqr(&t,x);
-
- FP2_mul(rhs,&t,x);
-
- /* Assuming CURVE_A=0 */
-
- BIG_rcopy(b,CURVE_B);
-
- FP2_from_BIG(&t,b);
-
- FP2_div_ip(&t); /* IMPORTANT - here we use the SEXTIC twist of the curve */
-
- FP2_add(rhs,&t,rhs);
- FP2_reduce(rhs);
-}
-
-
-/* Set P=(x,y). Return 1 if (x,y) is on the curve, else return 0*/
-/* SU= 232 */
-int ECP2_set(ECP2 *P,FP2 *x,FP2 *y)
-{
- FP2 one,rhs,y2;
- FP2_copy(&y2,y);
-
- FP2_sqr(&y2,&y2);
- ECP2_rhs(&rhs,x);
-
- if (!FP2_equals(&y2,&rhs))
- {
-
- P->inf=1;
- return 0;
- }
-
- P->inf=0;
- FP2_copy(&(P->x),x);
- FP2_copy(&(P->y),y);
-
- FP2_one(&one);
- FP2_copy(&(P->z),&one);
- return 1;
-}
-
-/* Set P=(x,y). Return 1 if (x,.) is on the curve, else return 0 */
-/* SU= 232 */
-int ECP2_setx(ECP2 *P,FP2 *x)
-{
- FP2 y;
- ECP2_rhs(&y,x);
-
- if (!FP2_sqrt(&y,&y))
- {
- P->inf=1;
- return 0;
- }
-
- P->inf=0;
- FP2_copy(&(P->x),x);
- FP2_copy(&(P->y),&y);
- FP2_one(&(P->z));
- return 1;
-}
-
-/* Set P=-P */
-/* SU= 8 */
-void ECP2_neg(ECP2 *P)
-{
- FP2_neg(&(P->y),&(P->y));
- FP2_norm(&(P->y));
-}
-
-/* R+=R */
-/* return -1 for Infinity, 0 for addition, 1 for doubling */
-/* SU= 448 */
-int ECP2_dbl(ECP2 *P)
-{
- FP2 w1,w7,w8,w2,w3;
- if (P->inf) return -1;
-
- if (FP2_iszilch(&(P->y)))
- {
- P->inf=1;
- return -1;
- }
-
- /* Assuming A=0 */
- FP2_sqr(&w1,&(P->x));
- FP2_imul(&w8,&w1,3);
-
- FP2_sqr(&w2,&(P->y));
- FP2_mul(&w3,&(P->x),&w2);
- FP2_imul(&w3,&w3,4);
-
- FP2_neg(&w1,&w3);
-
- FP2_norm(&w1);
-
- FP2_sqr(&(P->x),&w8);
- FP2_add(&(P->x),&(P->x),&w1);
- FP2_add(&(P->x),&(P->x),&w1);
-
- FP2_norm(&(P->x));
-
- if (FP2_isunity(&(P->z))) FP2_copy(&(P->z),&(P->y));
- else FP2_mul(&(P->z),&(P->z),&(P->y));
- FP2_add(&(P->z),&(P->z),&(P->z));
-
- FP2_add(&w7,&w2,&w2);
- FP2_sqr(&w2,&w7);
-
- FP2_add(&w2,&w2,&w2);
- FP2_sub(&w3,&w3,&(P->x));
- FP2_mul(&(P->y),&w8,&w3);
- FP2_sub(&(P->y),&(P->y),&w2);
-
-
- FP2_norm(&(P->y));
- FP2_norm(&(P->z));
-
- return 1;
-}
-
-/* Set P+=Q */
-/* SU= 400 */
-int ECP2_add(ECP2 *P,ECP2 *Q)
-{
- int aff;
- FP2 B,D,E,C,A;
- if (Q->inf) return 0;
- if (P->inf)
- {
- ECP2_copy(P,Q);
- return 0;
- }
-
- aff=1;
- if (!FP2_isunity(&(Q->z))) aff=0;
-
- if (!aff)
- {
- FP2_sqr(&A,&(Q->z));
- FP2_mul(&C,&A,&(Q->z));
-
- FP2_sqr(&B,&(P->z));
- FP2_mul(&D,&B,&(P->z));
-
- FP2_mul(&A,&(P->x),&A);
- FP2_mul(&C,&(P->y),&C);
- }
- else
- {
- FP2_copy(&A,&(P->x));
- FP2_copy(&C,&(P->y));
-
- FP2_sqr(&B,&(P->z));
- FP2_mul(&D,&B,&(P->z));
- }
-
- FP2_mul(&B,&(Q->x),&B);
- FP2_sub(&B,&B,&A); /* B=Qx.z^2-x.Qz^2 */
- FP2_mul(&D,&(Q->y),&D);
- FP2_sub(&D,&D,&C); /* D=Qy.z^3-y.Qz^3 */
-
- if (FP2_iszilch(&B))
- {
- if (FP2_iszilch(&D))
- {
- ECP2_dbl(P);
- return 1;
- }
- else
- {
- ECP2_inf(P);
- return -1;
- }
- }
- if (!aff) FP2_mul(&(P->z),&(P->z),&(Q->z));
- FP2_mul(&(P->z),&(P->z),&B);
-
- FP2_sqr(&E,&B);
- FP2_mul(&B,&B,&E);
- FP2_mul(&A,&A,&E);
-
- FP2_add(&E,&A,&A);
- FP2_add(&E,&E,&B);
-
- FP2_sqr(&(P->x),&D);
- FP2_sub(&(P->x),&(P->x),&E);
-
- FP2_sub(&A,&A,&(P->x));
- FP2_mul(&(P->y),&A,&D);
- FP2_mul(&C,&C,&B);
- FP2_sub(&(P->y),&(P->y),&C);
-
- FP2_norm(&(P->x));
- FP2_norm(&(P->y));
- FP2_norm(&(P->z));
-
- return 0;
-}
-
-/* Set P-=Q */
-/* SU= 16 */
-void ECP2_sub(ECP2 *P,ECP2 *Q)
-{
- ECP2_neg(Q);
- ECP2_add(P,Q);
- ECP2_neg(Q);
-}
-
-/* normalises m-array of ECP2 points. Requires work vector of m FP2s */
-/* SU= 200 */
-static void ECP2_multiaffine(int m,ECP2 *P,FP2 *work)
-{
- int i;
- FP2 t1,t2;
-
- FP2_one(&work[0]);
- FP2_copy(&work[1],&(P[0].z));
- for (i=2; i<m; i++)
- FP2_mul(&work[i],&work[i-1],&(P[i-1].z));
- FP2_mul(&t1,&work[m-1],&(P[m-1].z));
-
- FP2_inv(&t1,&t1);
-
- FP2_copy(&t2,&(P[m-1].z));
- FP2_mul(&work[m-1],&work[m-1],&t1);
-
- for (i=m-2;; i--)
- {
- if (i==0)
- {
- FP2_mul(&work[0],&t1,&t2);
- break;
- }
- FP2_mul(&work[i],&work[i],&t2);
- FP2_mul(&work[i],&work[i],&t1);
- FP2_mul(&t2,&(P[i].z),&t2);
- }
- /* now work[] contains inverses of all Z coordinates */
-
- for (i=0; i<m; i++)
- {
- FP2_one(&(P[i].z));
- FP2_sqr(&t1,&work[i]);
- FP2_mul(&(P[i].x),&(P[i].x),&t1);
- FP2_mul(&t1,&work[i],&t1);
- FP2_mul(&(P[i].y),&(P[i].y),&t1);
- }
-}
-
-/* P*=e */
-/* SU= 280 */
-void ECP2_mul(ECP2 *P,BIG e)
-{
- /* fixed size windows */
- int i,nb,s,ns;
- BIG mt,t;
- ECP2 Q,W[8],C;
- sign8 w[1+(NLEN*BASEBITS+3)/4];
- FP2 work[8];
-
- if (ECP2_isinf(P)) return;
- ECP2_affine(P);
-
-
- /* precompute table */
-
- ECP2_copy(&Q,P);
- ECP2_dbl(&Q);
- ECP2_copy(&W[0],P);
-
- for (i=1; i<8; i++)
- {
- ECP2_copy(&W[i],&W[i-1]);
- ECP2_add(&W[i],&Q);
- }
-
- /* convert the table to affine */
-
- ECP2_multiaffine(8,W,work);
-
- /* make exponent odd - add 2P if even, P if odd */
- BIG_copy(t,e);
- s=BIG_parity(t);
- BIG_inc(t,1);
- BIG_norm(t);
- ns=BIG_parity(t);
- BIG_copy(mt,t);
- BIG_inc(mt,1);
- BIG_norm(mt);
- BIG_cmove(t,mt,s);
- ECP2_cmove(&Q,P,ns);
- ECP2_copy(&C,&Q);
-
- nb=1+(BIG_nbits(t)+3)/4;
-
- /* convert exponent to signed 4-bit window */
- for (i=0; i<nb; i++)
- {
- w[i]=BIG_lastbits(t,5)-16;
- BIG_dec(t,w[i]);
- BIG_norm(t);
- BIG_fshr(t,4);
- }
- w[nb]=BIG_lastbits(t,5);
-
- ECP2_copy(P,&W[(w[nb]-1)/2]);
- for (i=nb-1; i>=0; i--)
- {
- ECP2_select(&Q,W,w[i]);
- ECP2_dbl(P);
- ECP2_dbl(P);
- ECP2_dbl(P);
- ECP2_dbl(P);
- ECP2_add(P,&Q);
- }
- ECP2_sub(P,&C); /* apply correction */
- ECP2_affine(P);
-}
-
-/* Calculates q.P using Frobenius constant X */
-/* SU= 96 */
-void ECP2_frob(ECP2 *P,FP2 *X)
-{
- FP2 X2;
- if (P->inf) return;
- FP2_sqr(&X2,X);
- FP2_conj(&(P->x),&(P->x));
- FP2_conj(&(P->y),&(P->y));
- FP2_conj(&(P->z),&(P->z));
- FP2_reduce(&(P->z));
-
- FP2_mul(&(P->x),&X2,&(P->x));
- FP2_mul(&(P->y),&X2,&(P->y));
- FP2_mul(&(P->y),X,&(P->y));
-}
-
-void ECP2_mul4(ECP2 *P,ECP2 Q[4],BIG u[4])
-{
- int i,j,a[4],nb;
- ECP2 W[8],T,C;
- BIG mt,t[4];
- FP2 work[8];
- sign8 w[NLEN*BASEBITS+1];
-
- for (i=0; i<4; i++)
- {
- BIG_copy(t[i],u[i]);
- ECP2_affine(&Q[i]);
- }
-
- /* precompute table */
-
- ECP2_copy(&W[0],&Q[0]);
- ECP2_sub(&W[0],&Q[1]); /* P-Q */
- ECP2_copy(&W[1],&W[0]);
- ECP2_copy(&W[2],&W[0]);
- ECP2_copy(&W[3],&W[0]);
- ECP2_copy(&W[4],&Q[0]);
- ECP2_add(&W[4],&Q[1]); /* P+Q */
- ECP2_copy(&W[5],&W[4]);
- ECP2_copy(&W[6],&W[4]);
- ECP2_copy(&W[7],&W[4]);
-
- ECP2_copy(&T,&Q[2]);
- ECP2_sub(&T,&Q[3]); /* R-S */
- ECP2_sub(&W[1],&T);
- ECP2_add(&W[2],&T);
- ECP2_sub(&W[5],&T);
- ECP2_add(&W[6],&T);
- ECP2_copy(&T,&Q[2]);
- ECP2_add(&T,&Q[3]); /* R+S */
- ECP2_sub(&W[0],&T);
- ECP2_add(&W[3],&T);
- ECP2_sub(&W[4],&T);
- ECP2_add(&W[7],&T);
-
- ECP2_multiaffine(8,W,work);
-
- /* if multiplier is even add 1 to multiplier, and add P to correction */
- ECP2_inf(&C);
-
- BIG_zero(mt);
- for (i=0; i<4; i++)
- {
- if (BIG_parity(t[i])==0)
- {
- BIG_inc(t[i],1);
- BIG_norm(t[i]);
- ECP2_add(&C,&Q[i]);
- }
- BIG_add(mt,mt,t[i]);
- BIG_norm(mt);
- }
-
- nb=1+BIG_nbits(mt);
-
- /* convert exponent to signed 1-bit window */
- for (j=0; j<nb; j++)
- {
- for (i=0; i<4; i++)
- {
- a[i]=BIG_lastbits(t[i],2)-2;
- BIG_dec(t[i],a[i]);
- BIG_norm(t[i]);
- BIG_fshr(t[i],1);
- }
- w[j]=8*a[0]+4*a[1]+2*a[2]+a[3];
- }
- w[nb]=8*BIG_lastbits(t[0],2)+4*BIG_lastbits(t[1],2)+2*BIG_lastbits(t[2],2)+BIG_lastbits(t[3],2);
-
- ECP2_copy(P,&W[(w[nb]-1)/2]);
- for (i=nb-1; i>=0; i--)
- {
- ECP2_select(&T,W,w[i]);
- ECP2_dbl(P);
- ECP2_add(P,&T);
- }
- ECP2_sub(P,&C); /* apply correction */
-
- ECP2_affine(P);
-}
-
-/*
-
-int main()
-{
- int i;
- ECP2 G,P;
- ECP2 *W;
- FP2 x,y,w,z,f;
- BIG r,xa,xb,ya,yb;
-
- BIG_rcopy(xa,CURVE_Pxa);
- BIG_rcopy(xb,CURVE_Pxb);
- BIG_rcopy(ya,CURVE_Pya);
- BIG_rcopy(yb,CURVE_Pyb);
-
- FP2_from_BIGs(&x,xa,xb);
- FP2_from_BIGs(&y,ya,yb);
- ECP2_set(&G,&x,&y);
- if (G.inf) printf("Failed to set - point not on curve\n");
- else printf("set success\n");
-
- ECP2_output(&G);
-
-// BIG_copy(r,CURVE_Order);
- BIG_rcopy(r,Modulus);
-
- ECP2_copy(&P,&G);
-
- ECP2_mul(&P,r);
-
- ECP2_output(&P);
-
- FP2_gfc(&f,12);
-
- ECP2_frob(&G,&f);
-
- ECP2_output(&G);
-
- return 0;
-}
-
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/faster.c
----------------------------------------------------------------------
diff --git a/version22/c/faster.c b/version22/c/faster.c
deleted file mode 100644
index 7786880..0000000
--- a/version22/c/faster.c
+++ /dev/null
@@ -1,98 +0,0 @@
-
-#include <stdio.h>
-#include "amcl.h"
-
-#ifdef COMBA
-
-int main()
-{
- int i,j,k,N;
-
- N=NLEN;
-
-
- printf("Insert this code in BIG_mul() in file big.c between #define UNWOUND and #else \n\n");
-
- for (i=0;i<N;i++)
- printf("\td[%d]=(dchunk)a[%d]*b[%d];\n",i,i,i);
-
- printf("\n\ts=d[0];\n\tt = s; c[0]=(chunk)t&BMASK; co=t>>BASEBITS;\n");
-
- for (k=1;k<N;k++)
- {
- printf("\ts+=d[%d]; t=co+s ",k);
- for (i=k;i>=1+k/2;i--)
- printf("+(dchunk)(a[%d]-a[%d])*(b[%d]-b[%d])",i,k-i,k-i,i);
- printf("; c[%d]=(chunk)t&BMASK; co=t>>BASEBITS; \n",k);
- }
- printf("\n");
- for (k=N;k<2*N-1;k++)
- {
- printf("\ts-=d[%d]; t=co+s ",k-N);
- for (i=N-1;i>=1+k/2;i--)
- printf("+(dchunk)(a[%d]-a[%d])*(b[%d]-b[%d])",i,k-i,k-i,i);
- printf("; c[%d]=(chunk)t&BMASK; co=t>>BASEBITS; \n",k);
- }
- printf("\tc[%d]=(chunk)co;\n",2*N-1);
-
-
-
- printf("\nInsert this code in BIG_sqr() in file big.c between #define UNWOUND and #else \n\n");
-
- printf("\n\tt=(dchunk)a[0]*a[0]; c[0]=(chunk)t&BMASK; co=t>>BASEBITS;\n");
-
- for (k=1;k<N;k++)
- {
- printf("\tt= ",k);
- for (i=k;i>=1+k/2;i--)
- printf("+(dchunk)a[%d]*a[%d]",i,k-i);
- printf("; t+=t; t+=co;");
- if (k%2==0) printf(" t+=(dchunk)a[%d]*a[%d];",k/2,k/2);
- printf(" c[%d]=(chunk)t&BMASK; co=t>>BASEBITS; \n", k);
- }
- printf("\n");
-
- for (k=N;k<2*N-2;k++)
- {
- printf("\tt= ",k-N);
- for (i=N-1;i>=1+k/2;i--)
- printf("+(dchunk)a[%d]*a[%d]",i,k-i);
- printf("; t+=t; t+=co;");
- if (k%2==0) printf(" t+=(dchunk)a[%d]*a[%d];",k/2,k/2);
- printf(" c[%d]=(chunk)t&BMASK; co=t>>BASEBITS; \n", k);
- }
- printf("\tt=co; t+=(dchunk)a[%d]*a[%d]; c[%d]=(chunk)t&BMASK; co=t>>BASEBITS; \n ",N-1,N-1,2*N-2);
-
- printf("\tc[%d]=(chunk)co;\n",2*N-1);
-
-
-#if MODTYPE == NOT_SPECIAL
-
- printf("\nInsert this code in BIG_monty() in file big.c between #define UNWOUND and #else \n\n");
-
- printf("\tt=d[0]; v[0]=((chunk)t*MC)&BMASK; t+=(dchunk)v[0]*md[0]; s=0; c=(t>>BASEBITS);\n\n");
-
- for (k=1;k<N;k++)
- {
- printf("\tt=d[%d]+c+s+(dchunk)v[0]*md[%d]",k,k);
- for (i=k-1;i>k/2;i--) printf("+(dchunk)(v[%d]-v[%d])*(md[%d]-md[%d])",k-i,i,i,k-i);
- printf("; v[%d]=((chunk)t*MC)&BMASK; t+=(dchunk)v[%d]*md[0]; ",k,k);
- printf(" dd[%d]=(dchunk)v[%d]*md[%d]; s+=dd[%d]; c=(t>>BASEBITS); \n",k,k,k,k);
- }
- printf("\n");
- for (k=N;k<2*N-1;k++)
- {
- printf("\tt=d[%d]+c+s",k);
- for (i=N-1;i>=1+k/2;i--) printf("+(dchunk)(v[%d]-v[%d])*(md[%d]-md[%d])",k-i,i,i,k-i);
- printf("; a[%d]=(chunk)t&BMASK; s-=dd[%d]; c=(t>>BASEBITS); \n",k-N,k-N+1);
- }
- printf("\ta[%d]=d[%d]+(chunk)c&BMASK;\n",N-1,2*N-1);
-
-
-#endif
-
-}
-
-#endif
-
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/faster.txt
----------------------------------------------------------------------
diff --git a/version22/c/faster.txt b/version22/c/faster.txt
deleted file mode 100644
index 6995eab..0000000
--- a/version22/c/faster.txt
+++ /dev/null
@@ -1,25 +0,0 @@
-We assume than optimizing compilers will unwind loops at every opportunity.
-
-But sometimes they don't. So time-critical code will run faster if we step
-in and unwind complex loops for the compiler.
-
-Once the architecture and ECC/RSA support is decided upon (that is amcl.h
-and arch.h are settled), then compile and execute the program faster.c like
-this (using MinGW port of GCC as an example), in the same directory as
-arch.h and amcl.h
-
-gcc -O2 -std=c99 faster.c -o faster.exe
-faster > t.txt
-
-Now extract the code fragments from t.txt and insert them where indicated
-into big.c
-
-Finally make sure that
-
-#define UNWOUND
-
-appears somewhere in amcl.h
-
-Finally build the library as normal, and maybe get a 50% speed-up!
-If there is no significant improvement, don't use this method!
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/ff.c
----------------------------------------------------------------------
diff --git a/version22/c/ff.c b/version22/c/ff.c
deleted file mode 100644
index 3ae7029..0000000
--- a/version22/c/ff.c
+++ /dev/null
@@ -1,1150 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL basic functions for Large Finite Field support */
-
-#include "amcl.h"
-
-/* Arazi and Qi inversion mod 256 */
-static int invmod256(int a)
-{
- int U,t1,t2,b,c;
- t1=0;
- c=(a>>1)&1;
- t1+=c;
- t1&=1;
- t1=2-t1;
- t1<<=1;
- U=t1+1;
-
-// i=2
- b=a&3;
- t1=U*b;
- t1>>=2;
- c=(a>>2)&3;
- t2=(U*c)&3;
- t1+=t2;
- t1*=U;
- t1&=3;
- t1=4-t1;
- t1<<=2;
- U+=t1;
-
-// i=4
- b=a&15;
- t1=U*b;
- t1>>=4;
- c=(a>>4)&15;
- t2=(U*c)&15;
- t1+=t2;
- t1*=U;
- t1&=15;
- t1=16-t1;
- t1<<=4;
- U+=t1;
-
- return U;
-}
-
-/* a=1/a mod 2^BIGBITS. This is very fast! */
-void BIG_invmod2m(BIG a)
-{
- int i;
- BIG U,t1,b,c;
- BIG_zero(U);
- BIG_inc(U,invmod256(BIG_lastbits(a,8)));
- for (i=8; i<BIGBITS; i<<=1)
- {
- BIG_copy(b,a);
- BIG_mod2m(b,i); // bottom i bits of a
-
- BIG_smul(t1,U,b);
- BIG_shr(t1,i); // top i bits of U*b
-
- BIG_copy(c,a);
- BIG_shr(c,i);
- BIG_mod2m(c,i); // top i bits of a
-
- BIG_smul(b,U,c);
- BIG_mod2m(b,i); // bottom i bits of U*c
-
- BIG_add(t1,t1,b);
- BIG_smul(b,t1,U);
- BIG_copy(t1,b); // (t1+b)*U
- BIG_mod2m(t1,i); // bottom i bits of (t1+b)*U
-
- BIG_one(b);
- BIG_shl(b,i);
- BIG_sub(t1,b,t1);
- BIG_norm(t1);
-
- BIG_shl(t1,i);
-
- BIG_add(U,U,t1);
- }
- BIG_copy(a,U);
- BIG_norm(a);
- BIG_mod2m(a,BIGBITS);
-}
-
-/*
-void FF_rcopy(BIG x[],const BIG y[],int n)
-{
- int i;
- for (i=0;i<n;i++)
- BIG_rcopy(x[i],y[i]);
-}
-*/
-
-/* x=y */
-void FF_copy(BIG x[],BIG y[],int n)
-{
- int i;
- for (i=0; i<n; i++)
- BIG_copy(x[i],y[i]);
-}
-
-/* x=y<<n */
-static void FF_dsucopy(BIG x[],BIG y[],int n)
-{
- int i;
- for (i=0; i<n; i++)
- {
- BIG_copy(x[n+i],y[i]);
- BIG_zero(x[i]);
- }
-}
-
-/* x=y */
-static void FF_dscopy(BIG x[],BIG y[],int n)
-{
- int i;
- for (i=0; i<n; i++)
- {
- BIG_copy(x[i],y[i]);
- BIG_zero(x[n+i]);
- }
-}
-
-/* x=y>>n */
-static void FF_sducopy(BIG x[],BIG y[],int n)
-{
- int i;
- for (i=0; i<n; i++)
- BIG_copy(x[i],y[n+i]);
-}
-
-/* set to zero */
-void FF_zero(BIG x[],int n)
-{
- int i;
- for (i=0; i<n; i++)
- BIG_zero(x[i]);
-}
-
-/* test equals 0 */
-int FF_iszilch(BIG x[],int n)
-{
- int i;
- for (i=0; i<n; i++)
- if (!BIG_iszilch(x[i])) return 0;
- return 1;
-}
-
-/* shift right by BIGBITS-bit words */
-static void FF_shrw(BIG a[],int n)
-{
- int i;
- for (i=0; i<n; i++)
- {
- BIG_copy(a[i],a[i+n]);
- BIG_zero(a[i+n]);
- }
-}
-
-/* shift left by BIGBITS-bit words */
-static void FF_shlw(BIG a[],int n)
-{
- int i;
- for (i=0; i<n; i++)
- {
- BIG_copy(a[i+n],a[i]);
- BIG_zero(a[i]);
- }
-}
-
-/* extract last bit */
-int FF_parity(BIG x[])
-{
- return BIG_parity(x[0]);
-}
-
-/* extract last m bits */
-int FF_lastbits(BIG x[],int m)
-{
- return BIG_lastbits(x[0],m);
-}
-
-/* x=1 */
-void FF_one(BIG x[],int n)
-{
- int i;
- BIG_one(x[0]);
- for (i=1; i<n; i++)
- BIG_zero(x[i]);
-}
-
-/* x=m, where m is 32-bit int */
-void FF_init(BIG x[],sign32 m,int n)
-{
- int i;
- BIG_zero(x[0]);
-#if CHUNK<64
- x[0][0]=(chunk)(m&BMASK);
- x[0][1]=(chunk)(m>>BASEBITS);
-#else
- x[0][0]=(chunk)m;
-#endif
- for (i=1; i<n; i++)
- BIG_zero(x[i]);
-}
-
-/* compare x and y - must be normalised */
-int FF_comp(BIG x[],BIG y[],int n)
-{
- int i,j;
- for (i=n-1; i>=0; i--)
- {
- j=BIG_comp(x[i],y[i]);
- if (j!=0) return j;
- }
- return 0;
-}
-
-/* recursive add */
-static void FF_radd(BIG z[],int zp,BIG x[],int xp,BIG y[],int yp,int n)
-{
- int i;
- for (i=0; i<n; i++)
- BIG_add(z[zp+i],x[xp+i],y[yp+i]);
-}
-
-/* recursive inc */
-static void FF_rinc(BIG z[],int zp,BIG y[],int yp,int n)
-{
- int i;
- for (i=0; i<n; i++)
- BIG_add(z[zp+i],z[zp+i],y[yp+i]);
-}
-
-/* recursive sub */
-/*
-static void FF_rsub(BIG z[],int zp,BIG x[],int xp,BIG y[],int yp,int n)
-{
- int i;
- for (i=0;i<n;i++)
- BIG_sub(z[zp+i],x[xp+i],y[yp+i]);
-}
-*/
-
-/* recursive dec */
-static void FF_rdec(BIG z[],int zp,BIG y[],int yp,int n)
-{
- int i;
- for (i=0; i<n; i++)
- BIG_sub(z[zp+i],z[zp+i],y[yp+i]);
-}
-
-/* simple add */
-void FF_add(BIG z[],BIG x[],BIG y[],int n)
-{
- int i;
- for (i=0; i<n; i++)
- BIG_add(z[i],x[i],y[i]);
-}
-
-/* simple sub */
-void FF_sub(BIG z[],BIG x[],BIG y[],int n)
-{
- int i;
- for (i=0; i<n; i++)
- BIG_sub(z[i],x[i],y[i]);
-}
-
-/* increment/decrement by a small integer */
-void FF_inc(BIG x[],int m,int n)
-{
- BIG_inc(x[0],m);
- FF_norm(x,n);
-}
-
-void FF_dec(BIG x[],int m,int n)
-{
- BIG_dec(x[0],m);
- FF_norm(x,n);
-}
-
-/* normalise - but hold any overflow in top part unless n<0 */
-static void FF_rnorm(BIG z[],int zp,int n)
-{
- int i,trunc=0;
- chunk carry;
- if (n<0)
- {
- /* -v n signals to do truncation */
- n=-n;
- trunc=1;
- }
- for (i=0; i<n-1; i++)
- {
- carry=BIG_norm(z[zp+i]);
-
- z[zp+i][NLEN-1]^=carry<<P_TBITS; /* remove it */
- z[zp+i+1][0]+=carry;
- }
- carry=BIG_norm(z[zp+n-1]);
- if (trunc) z[zp+n-1][NLEN-1]^=carry<<P_TBITS;
-}
-
-void FF_norm(BIG z[],int n)
-{
- FF_rnorm(z,0,n);
-}
-
-/* shift left by one bit */
-void FF_shl(BIG x[],int n)
-{
- int i;
- int carry,delay_carry=0;
- for (i=0; i<n-1; i++)
- {
- carry=BIG_fshl(x[i],1);
- x[i][0]|=delay_carry;
- x[i][NLEN-1]^=(chunk)carry<<P_TBITS;
- delay_carry=carry;
- }
- BIG_fshl(x[n-1],1);
- x[n-1][0]|=delay_carry;
-}
-
-/* shift right by one bit */
-void FF_shr(BIG x[],int n)
-{
- int i;
- int carry;
- for (i=n-1; i>0; i--)
- {
- carry=BIG_fshr(x[i],1);
- x[i-1][NLEN-1]|=(chunk)carry<<P_TBITS;
- }
- BIG_fshr(x[0],1);
-}
-
-void FF_output(BIG x[],int n)
-{
- int i;
- FF_norm(x,n);
- for (i=n-1; i>=0; i--)
- {
- BIG_output(x[i]);
- printf(" ");
- }
-}
-
-void FF_rawoutput(BIG x[],int n)
-{
- int i;
- for (i=n-1; i>=0; i--)
- {
- BIG_rawoutput(x[i]);
- printf(" ");
- }
-}
-
-/* Convert FFs to/from octet strings */
-void FF_toOctet(octet *w,BIG x[],int n)
-{
- int i;
- w->len=n*MODBYTES;
- for (i=0; i<n; i++)
- {
- BIG_toBytes(&(w->val[(n-i-1)*MODBYTES]),x[i]);
- }
-}
-
-void FF_fromOctet(BIG x[],octet *w,int n)
-{
- int i;
- for (i=0; i<n; i++)
- {
- BIG_fromBytes(x[i],&(w->val[(n-i-1)*MODBYTES]));
- }
-}
-
-/* in-place swapping using xor - side channel resistant */
-static void FF_cswap(BIG a[],BIG b[],int d,int n)
-{
- int i;
- for (i=0; i<n; i++)
- BIG_cswap(a[i],b[i],d);
- return;
-}
-
-/* z=x*y, t is workspace */
-static void FF_karmul(BIG z[],int zp,BIG x[],int xp,BIG y[],int yp,BIG t[],int tp,int n)
-{
- int nd2;
- if (n==1)
- {
- BIG_mul(t[tp],x[xp],y[yp]);
- BIG_split(z[zp+1],z[zp],t[tp],BIGBITS);
- return;
- }
-
- nd2=n/2;
- FF_radd(z,zp,x,xp,x,xp+nd2,nd2);
- FF_rnorm(z,zp,nd2); /* needs this if recursion level too deep */
-
- FF_radd(z,zp+nd2,y,yp,y,yp+nd2,nd2);
- FF_rnorm(z,zp+nd2,nd2);
- FF_karmul(t,tp,z,zp,z,zp+nd2,t,tp+n,nd2);
- FF_karmul(z,zp,x,xp,y,yp,t,tp+n,nd2);
- FF_karmul(z,zp+n,x,xp+nd2,y,yp+nd2,t,tp+n,nd2);
- FF_rdec(t,tp,z,zp,n);
- FF_rdec(t,tp,z,zp+n,n);
- FF_rinc(z,zp+nd2,t,tp,n);
- FF_rnorm(z,zp,2*n);
-}
-
-static void FF_karsqr(BIG z[],int zp,BIG x[],int xp,BIG t[],int tp,int n)
-{
- int nd2;
- if (n==1)
- {
- BIG_sqr(t[tp],x[xp]);
- BIG_split(z[zp+1],z[zp],t[tp],BIGBITS);
- return;
- }
- nd2=n/2;
- FF_karsqr(z,zp,x,xp,t,tp+n,nd2);
- FF_karsqr(z,zp+n,x,xp+nd2,t,tp+n,nd2);
- FF_karmul(t,tp,x,xp,x,xp+nd2,t,tp+n,nd2);
- FF_rinc(z,zp+nd2,t,tp,n);
- FF_rinc(z,zp+nd2,t,tp,n);
-
- FF_rnorm(z,zp+nd2,n); /* was FF_rnorm(z,zp,2*n) */
-}
-
-static void FF_karmul_lower(BIG z[],int zp,BIG x[],int xp,BIG y[],int yp,BIG t[],int tp,int n)
-{
- /* Calculates Least Significant bottom half of x*y */
- int nd2;
- if (n==1)
- {
- /* only calculate bottom half of product */
- BIG_smul(z[zp],x[xp],y[yp]);
- return;
- }
- nd2=n/2;
- FF_karmul(z,zp,x,xp,y,yp,t,tp+n,nd2);
- FF_karmul_lower(t,tp,x,xp+nd2,y,yp,t,tp+n,nd2);
- FF_rinc(z,zp+nd2,t,tp,nd2);
- FF_karmul_lower(t,tp,x,xp,y,yp+nd2,t,tp+n,nd2);
- FF_rinc(z,zp+nd2,t,tp,nd2);
- FF_rnorm(z,zp+nd2,-nd2); /* truncate it */
-}
-
-static void FF_karmul_upper(BIG z[],BIG x[],BIG y[],BIG t[],int n)
-{
- /* Calculates Most Significant upper half of x*y, given lower part */
- int nd2;
-
- nd2=n/2;
- FF_radd(z,n,x,0,x,nd2,nd2);
- FF_radd(z,n+nd2,y,0,y,nd2,nd2);
- FF_rnorm(z,n,nd2);
- FF_rnorm(z,n+nd2,nd2);
-
- FF_karmul(t,0,z,n+nd2,z,n,t,n,nd2); /* t = (a0+a1)(b0+b1) */
- FF_karmul(z,n,x,nd2,y,nd2,t,n,nd2); /* z[n]= a1*b1 */
- /* z[0-nd2]=l(a0b0) z[nd2-n]= h(a0b0)+l(t)-l(a0b0)-l(a1b1) */
- FF_rdec(t,0,z,n,n); /* t=t-a1b1 */
- FF_rinc(z,nd2,z,0,nd2); /* z[nd2-n]+=l(a0b0) = h(a0b0)+l(t)-l(a1b1) */
- FF_rdec(z,nd2,t,0,nd2); /* z[nd2-n]=h(a0b0)+l(t)-l(a1b1)-l(t-a1b1)=h(a0b0) */
- FF_rnorm(z,0,-n); /* a0b0 now in z - truncate it */
- FF_rdec(t,0,z,0,n); /* (a0+a1)(b0+b1) - a0b0 */
- FF_rinc(z,nd2,t,0,n);
-
- FF_rnorm(z,nd2,n);
-}
-
-/* z=x*y */
-void FF_mul(BIG z[],BIG x[],BIG y[],int n)
-{
-#ifndef C99
- BIG t[2*FFLEN];
-#else
- BIG t[2*n];
-#endif
-// FF_norm(x,n); /* change here */
-// FF_norm(y,n); /* change here */
- FF_karmul(z,0,x,0,y,0,t,0,n);
-}
-
-/* return low part of product */
-static void FF_lmul(BIG z[],BIG x[],BIG y[],int n)
-{
-#ifndef C99
- BIG t[2*FFLEN];
-#else
- BIG t[2*n];
-#endif
-// FF_norm(x,n); /* change here */
-// FF_norm(y,n); /* change here */
- FF_karmul_lower(z,0,x,0,y,0,t,0,n);
-}
-
-/* Set b=b mod c */
-void FF_mod(BIG b[],BIG c[],int n)
-{
- int k=0;
-
- FF_norm(b,n);
- if (FF_comp(b,c,n)<0)
- return;
- do
- {
- FF_shl(c,n);
- k++;
- }
- while (FF_comp(b,c,n)>=0);
-
- while (k>0)
- {
- FF_shr(c,n);
- if (FF_comp(b,c,n)>=0)
- {
- FF_sub(b,b,c,n);
- FF_norm(b,n);
- }
- k--;
- }
-}
-
-/* z=x^2 */
-void FF_sqr(BIG z[],BIG x[],int n)
-{
-#ifndef C99
- BIG t[2*FFLEN];
-#else
- BIG t[2*n];
-#endif
-// FF_norm(x,n); /* change here */
- FF_karsqr(z,0,x,0,t,0,n);
-}
-
-/* r=t mod modulus, N is modulus, ND is Montgomery Constant */
-static void FF_reduce(BIG r[],BIG T[],BIG N[],BIG ND[],int n)
-{
- /* fast karatsuba Montgomery reduction */
-#ifndef C99
- BIG t[2*FFLEN];
- BIG m[FFLEN];
-#else
- BIG t[2*n];
- BIG m[n];
-#endif
- FF_sducopy(r,T,n); /* keep top half of T */
- //FF_norm(T,n); /* change here */
- FF_karmul_lower(m,0,T,0,ND,0,t,0,n); /* m=T.(1/N) mod R */
-
- //FF_norm(N,n); /* change here */
- FF_karmul_upper(T,N,m,t,n); /* T=mN */
- FF_sducopy(m,T,n);
-
- FF_add(r,r,N,n);
- FF_sub(r,r,m,n);
- FF_norm(r,n);
-}
-
-
-/* Set r=a mod b */
-/* a is of length - 2*n */
-/* r,b is of length - n */
-void FF_dmod(BIG r[],BIG a[],BIG b[],int n)
-{
- int k;
-#ifndef C99
- BIG m[2*FFLEN];
- BIG x[2*FFLEN];
-#else
- BIG m[2*n];
- BIG x[2*n];
-#endif
- FF_copy(x,a,2*n);
- FF_norm(x,2*n);
- FF_dsucopy(m,b,n);
- k=BIGBITS*n;
-
- while (FF_comp(x,m,2*n)>=0)
- {
- FF_sub(x,x,m,2*n);
- FF_norm(x,2*n);
- }
-
- while (k>0)
- {
- FF_shr(m,2*n);
-
- if (FF_comp(x,m,2*n)>=0)
- {
- FF_sub(x,x,m,2*n);
- FF_norm(x,2*n);
- }
-
- k--;
- }
- FF_copy(r,x,n);
- FF_mod(r,b,n);
-}
-
-/* Set r=1/a mod p. Binary method - a<p on entry */
-
-void FF_invmodp(BIG r[],BIG a[],BIG p[],int n)
-{
-#ifndef C99
- BIG u[FFLEN],v[FFLEN],x1[FFLEN],x2[FFLEN],t[FFLEN],one[FFLEN];
-#else
- BIG u[n],v[n],x1[n],x2[n],t[n],one[n];
-#endif
- FF_copy(u,a,n);
- FF_copy(v,p,n);
- FF_one(one,n);
- FF_copy(x1,one,n);
- FF_zero(x2,n);
-
-// reduce n in here as well!
- while (FF_comp(u,one,n)!=0 && FF_comp(v,one,n)!=0)
- {
- while (FF_parity(u)==0)
- {
- FF_shr(u,n);
- if (FF_parity(x1)!=0)
- {
- FF_add(x1,p,x1,n);
- FF_norm(x1,n);
- }
- FF_shr(x1,n);
- }
- while (FF_parity(v)==0)
- {
- FF_shr(v,n);
- if (FF_parity(x2)!=0)
- {
- FF_add(x2,p,x2,n);
- FF_norm(x2,n);
- }
- FF_shr(x2,n);
- }
- if (FF_comp(u,v,n)>=0)
- {
-
- FF_sub(u,u,v,n);
- FF_norm(u,n);
- if (FF_comp(x1,x2,n)>=0) FF_sub(x1,x1,x2,n);
- else
- {
- FF_sub(t,p,x2,n);
- FF_add(x1,x1,t,n);
- }
- FF_norm(x1,n);
- }
- else
- {
- FF_sub(v,v,u,n);
- FF_norm(v,n);
- if (FF_comp(x2,x1,n)>=0) FF_sub(x2,x2,x1,n);
- else
- {
- FF_sub(t,p,x1,n);
- FF_add(x2,x2,t,n);
- }
- FF_norm(x2,n);
- }
- }
- if (FF_comp(u,one,n)==0)
- FF_copy(r,x1,n);
- else
- FF_copy(r,x2,n);
-}
-
-/* nesidue mod m */
-static void FF_nres(BIG a[],BIG m[],int n)
-{
-#ifndef C99
- BIG d[2*FFLEN];
-#else
- BIG d[2*n];
-#endif
-
- if (n==1)
- {
- BIG_dscopy(d[0],a[0]);
- BIG_dshl(d[0],NLEN*BASEBITS);
- BIG_dmod(a[0],d[0],m[0]);
- }
- else
- {
- FF_dsucopy(d,a,n);
- FF_dmod(a,d,m,n);
- }
-}
-
-static void FF_redc(BIG a[],BIG m[],BIG ND[],int n)
-{
-#ifndef C99
- BIG d[2*FFLEN];
-#else
- BIG d[2*n];
-#endif
- if (n==1)
- {
- BIG_dzero(d[0]);
- BIG_dscopy(d[0],a[0]);
- BIG_monty(a[0],m[0],((chunk)1<<BASEBITS)-ND[0][0],d[0]);
- }
- else
- {
- FF_mod(a,m,n);
- FF_dscopy(d,a,n);
- FF_reduce(a,d,m,ND,n);
- FF_mod(a,m,n);
- }
-}
-
-/* U=1/a mod 2^m - Arazi & Qi */
-static void FF_invmod2m(BIG U[],BIG a[],int n)
-{
- int i;
-#ifndef C99
- BIG t1[FFLEN],b[FFLEN],c[FFLEN];
-#else
- BIG t1[2*n],b[n],c[n];
-#endif
-
- FF_zero(U,n);
- FF_zero(b,n);
- FF_zero(c,n);
- FF_zero(t1,2*n);
-
- BIG_copy(U[0],a[0]);
- BIG_invmod2m(U[0]);
- for (i=1; i<n; i<<=1)
- {
- FF_copy(b,a,i);
- FF_mul(t1,U,b,i);
- FF_shrw(t1,i); // top half to bottom half, top half=0
-
- FF_copy(c,a,2*i);
- FF_shrw(c,i); // top half of c
- FF_lmul(b,U,c,i); // should set top half of b=0
- FF_add(t1,t1,b,i);
- FF_norm(t1,2*i);
- FF_lmul(b,t1,U,i);
- FF_copy(t1,b,i);
- FF_one(b,i);
- FF_shlw(b,i);
- FF_sub(t1,b,t1,2*i);
- FF_norm(t1,2*i);
- FF_shlw(t1,i);
- FF_add(U,U,t1,2*i);
- }
-
- FF_norm(U,n);
-}
-
-void FF_random(BIG x[],csprng *rng,int n)
-{
- int i;
- for (i=0; i<n; i++)
- {
- BIG_random(x[i],rng);
- }
- /* make sure top bit is 1 */
- while (BIG_nbits(x[n-1])<MODBYTES*8) BIG_random(x[n-1],rng);
-}
-
-/* generate random x mod p */
-void FF_randomnum(BIG x[],BIG p[],csprng *rng,int n)
-{
- int i;
-#ifndef C99
- BIG d[2*FFLEN];
-#else
- BIG d[2*n];
-#endif
- for (i=0; i<2*n; i++)
- {
- BIG_random(d[i],rng);
- }
- FF_dmod(x,d,p,n);
-}
-
-static void FF_modmul(BIG z[],BIG x[],BIG y[],BIG p[],BIG ND[],int n)
-{
-#ifndef C99
- BIG d[2*FFLEN];
-#else
- BIG d[2*n];
-#endif
- chunk ex=P_EXCESS(x[n-1]);
- chunk ey=P_EXCESS(y[n-1]);
-#ifdef dchunk
- if ((dchunk)(ex+1)*(ey+1)>(dchunk)P_FEXCESS)
-#else
- if ((ex+1)>P_FEXCESS/(ey+1))
-#endif
- {
-#ifdef DEBUG_REDUCE
- printf("Product too large - reducing it %d %d\n",ex,ey);
-#endif
- FF_mod(x,p,n);
- }
-
- if (n==1)
- {
- BIG_mul(d[0],x[0],y[0]);
- BIG_monty(z[0],p[0],((chunk)1<<BASEBITS)-ND[0][0],d[0]);
- }
- else
- {
- FF_mul(d,x,y,n);
- FF_reduce(z,d,p,ND,n);
- }
-}
-
-static void FF_modsqr(BIG z[],BIG x[],BIG p[],BIG ND[],int n)
-{
-#ifndef C99
- BIG d[2*FFLEN];
-#else
- BIG d[2*n];
-#endif
- chunk ex=P_EXCESS(x[n-1]);
-#ifdef dchunk
- if ((dchunk)(ex+1)*(ex+1)>(dchunk)P_FEXCESS)
-#else
- if ((ex+1)>P_FEXCESS/(ex+1))
-#endif
- {
-#ifdef DEBUG_REDUCE
- printf("Product too large - reducing it %d\n",ex);
-#endif
- FF_mod(x,p,n);
- }
-
- if (n==1)
- {
- BIG_sqr(d[0],x[0]);
- BIG_monty(z[0],p[0],((chunk)1<<BASEBITS)-ND[0][0],d[0]);
- }
- else
- {
- FF_sqr(d,x,n);
- FF_reduce(z,d,p,ND,n);
- }
-}
-
-/* r=x^e mod p using side-channel resistant Montgomery Ladder, for large e */
-void FF_skpow(BIG r[],BIG x[],BIG e[],BIG p[],int n)
-{
- int i,b;
-#ifndef C99
- BIG R0[FFLEN],R1[FFLEN],ND[FFLEN];
-#else
- BIG R0[n],R1[n],ND[n];
-#endif
- FF_invmod2m(ND,p,n);
-
- FF_one(R0,n);
- FF_copy(R1,x,n);
- FF_nres(R0,p,n);
- FF_nres(R1,p,n);
-
- for (i=8*MODBYTES*n-1; i>=0; i--)
- {
- b=BIG_bit(e[i/BIGBITS],i%BIGBITS);
- FF_modmul(r,R0,R1,p,ND,n);
-
- FF_cswap(R0,R1,b,n);
- FF_modsqr(R0,R0,p,ND,n);
-
- FF_copy(R1,r,n);
- FF_cswap(R0,R1,b,n);
- }
- FF_copy(r,R0,n);
- FF_redc(r,p,ND,n);
-}
-
-/* r=x^e mod p using side-channel resistant Montgomery Ladder, for short e */
-void FF_skspow(BIG r[],BIG x[],BIG e,BIG p[],int n)
-{
- int i,b;
-#ifndef C99
- BIG R0[FFLEN],R1[FFLEN],ND[FFLEN];
-#else
- BIG R0[n],R1[n],ND[n];
-#endif
- FF_invmod2m(ND,p,n);
- FF_one(R0,n);
- FF_copy(R1,x,n);
- FF_nres(R0,p,n);
- FF_nres(R1,p,n);
- for (i=8*MODBYTES-1; i>=0; i--)
- {
- b=BIG_bit(e,i);
- FF_modmul(r,R0,R1,p,ND,n);
- FF_cswap(R0,R1,b,n);
- FF_modsqr(R0,R0,p,ND,n);
- FF_copy(R1,r,n);
- FF_cswap(R0,R1,b,n);
- }
- FF_copy(r,R0,n);
- FF_redc(r,p,ND,n);
-}
-
-/* raise to an integer power - right-to-left method */
-void FF_power(BIG r[],BIG x[],int e,BIG p[],int n)
-{
- int f=1;
-#ifndef C99
- BIG w[FFLEN],ND[FFLEN];
-#else
- BIG w[n],ND[n];
-#endif
- FF_invmod2m(ND,p,n);
-
- FF_copy(w,x,n);
- FF_nres(w,p,n);
-
- if (e==2)
- {
- FF_modsqr(r,w,p,ND,n);
- }
- else for (;;)
- {
- if (e%2==1)
- {
- if (f) FF_copy(r,w,n);
- else FF_modmul(r,r,w,p,ND,n);
- f=0;
- }
- e>>=1;
- if (e==0) break;
- FF_modsqr(w,w,p,ND,n);
- }
-
- FF_redc(r,p,ND,n);
-}
-
-/* r=x^e mod p, faster but not side channel resistant */
-void FF_pow(BIG r[],BIG x[],BIG e[],BIG p[],int n)
-{
- int i,b;
-#ifndef C99
- BIG w[FFLEN],ND[FFLEN];
-#else
- BIG w[n],ND[n];
-#endif
- FF_invmod2m(ND,p,n);
-
- FF_copy(w,x,n);
- FF_one(r,n);
- FF_nres(r,p,n);
- FF_nres(w,p,n);
-
- for (i=8*MODBYTES*n-1; i>=0; i--)
- {
- FF_modsqr(r,r,p,ND,n);
- b=BIG_bit(e[i/BIGBITS],i%BIGBITS);
- if (b==1) FF_modmul(r,r,w,p,ND,n);
- }
- FF_redc(r,p,ND,n);
-}
-
-/* double exponentiation r=x^e.y^f mod p */
-void FF_pow2(BIG r[],BIG x[],BIG e,BIG y[],BIG f,BIG p[],int n)
-{
- int i,eb,fb;
-#ifndef C99
- BIG xn[FFLEN],yn[FFLEN],xy[FFLEN],ND[FFLEN];
-#else
- BIG xn[n],yn[n],xy[n],ND[n];
-#endif
-
- FF_invmod2m(ND,p,n);
-
- FF_copy(xn,x,n);
- FF_copy(yn,y,n);
- FF_nres(xn,p,n);
- FF_nres(yn,p,n);
- FF_modmul(xy,xn,yn,p,ND,n);
- FF_one(r,n);
- FF_nres(r,p,n);
-
- for (i=8*MODBYTES-1; i>=0; i--)
- {
- eb=BIG_bit(e,i);
- fb=BIG_bit(f,i);
- FF_modsqr(r,r,p,ND,n);
- if (eb==1)
- {
- if (fb==1) FF_modmul(r,r,xy,p,ND,n);
- else FF_modmul(r,r,xn,p,ND,n);
- }
- else
- {
- if (fb==1) FF_modmul(r,r,yn,p,ND,n);
- }
- }
- FF_redc(r,p,ND,n);
-}
-
-static sign32 igcd(sign32 x,sign32 y)
-{
- /* integer GCD, returns GCD of x and y */
- sign32 r;
- if (y==0) return x;
- while ((r=x%y)!=0)
- x=y,y=r;
- return y;
-}
-
-/* quick and dirty check for common factor with s */
-int FF_cfactor(BIG w[],sign32 s,int n)
-{
- int r;
- sign32 g;
-#ifndef C99
- BIG x[FFLEN],y[FFLEN];
-#else
- BIG x[n],y[n];
-#endif
- FF_init(y,s,n);
- FF_copy(x,w,n);
- FF_norm(x,n);
-
-// if (FF_parity(x)==0) return 1;
- do
- {
- FF_sub(x,x,y,n);
- FF_norm(x,n);
- while (!FF_iszilch(x,n) && FF_parity(x)==0) FF_shr(x,n);
- }
- while (FF_comp(x,y,n)>0);
-#if CHUNK<32
- g=x[0][0]+((sign32)(x[0][1])<<BASEBITS);
-#else
- g=(sign32)x[0][0];
-#endif
- r=igcd(s,g);
- if (r>1) return 1;
- return 0;
-}
-
-/* Miller-Rabin test for primality. Slow. */
-int FF_prime(BIG p[],csprng *rng,int n)
-{
- int i,j,loop,s=0;
-#ifndef C99
- BIG d[FFLEN],x[FFLEN],unity[FFLEN],nm1[FFLEN];
-#else
- BIG d[n],x[n],unity[n],nm1[n];
-#endif
- sign32 sf=4849845;/* 3*5*.. *19 */
-
- FF_norm(p,n);
-
- if (FF_cfactor(p,sf,n)) return 0;
-
- FF_one(unity,n);
- FF_sub(nm1,p,unity,n);
- FF_norm(nm1,n);
- FF_copy(d,nm1,n);
- while (FF_parity(d)==0)
- {
- FF_shr(d,n);
- s++;
- }
- if (s==0) return 0;
-
- for (i=0; i<10; i++)
- {
- FF_randomnum(x,p,rng,n);
- FF_pow(x,x,d,p,n);
- if (FF_comp(x,unity,n)==0 || FF_comp(x,nm1,n)==0) continue;
- loop=0;
- for (j=1; j<s; j++)
- {
- FF_power(x,x,2,p,n);
- if (FF_comp(x,unity,n)==0) return 0;
- if (FF_comp(x,nm1,n)==0 )
- {
- loop=1;
- break;
- }
- }
- if (loop) continue;
- return 0;
- }
-
- return 1;
-}
-
-/*
-BIG P[4]= {{0x1670957,0x1568CD3C,0x2595E5,0xEED4F38,0x1FC9A971,0x14EF7E62,0xA503883,0x9E1E05E,0xBF59E3},{0x1844C908,0x1B44A798,0x3A0B1E7,0xD1B5B4E,0x1836046F,0x87E94F9,0x1D34C537,0xF7183B0,0x46D07},{0x17813331,0x19E28A90,0x1473A4D6,0x1CACD01F,0x1EEA8838,0xAF2AE29,0x1F85292A,0x1632585E,0xD945E5},{0x919F5EF,0x1567B39F,0x19F6AD11,0x16CE47CF,0x9B36EB1,0x35B7D3,0x483B28C,0xCBEFA27,0xB5FC21}};
-
-int main()
-{
- int i;
- BIG p[4],e[4],x[4],r[4];
- csprng rng;
- char raw[100];
- for (i=0;i<100;i++) raw[i]=i;
- RAND_seed(&rng,100,raw);
-
-
- FF_init(x,3,4);
-
- FF_copy(p,P,4);
- FF_copy(e,p,4);
- FF_dec(e,1,4);
- FF_norm(e,4);
-
-
-
- printf("p= ");FF_output(p,4); printf("\n");
- if (FF_prime(p,&rng,4)) printf("p is a prime\n");
- printf("e= ");FF_output(e,4); printf("\n");
-
- FF_skpow(r,x,e,p,4);
- printf("r= ");FF_output(r,4); printf("\n");
-}
-
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/fp.c
----------------------------------------------------------------------
diff --git a/version22/c/fp.c b/version22/c/fp.c
deleted file mode 100644
index 5d48f1c..0000000
--- a/version22/c/fp.c
+++ /dev/null
@@ -1,608 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL mod p functions */
-/* Small Finite Field arithmetic */
-/* SU=m, SU is Stack Usage (NOT_SPECIAL Modulus) */
-
-#include "amcl.h"
-
-/* Fast Modular Reduction Methods */
-
-/* r=d mod m */
-/* d MUST be normalised */
-/* Products must be less than pR in all cases !!! */
-/* So when multiplying two numbers, their product *must* be less than MODBITS+BASEBITS*NLEN */
-/* Results *may* be one bit bigger than MODBITS */
-
-#if MODTYPE == PSEUDO_MERSENNE
-/* r=d mod m */
-
-/* Converts from BIG integer to n-residue form mod Modulus */
-void FP_nres(BIG a)
-{
- BIG tmp;
- BIG_rcopy(tmp,a);
-}
-
-/* Converts from n-residue form back to BIG integer form */
-void FP_redc(BIG a)
-{
- BIG tmp;
- BIG_rcopy(tmp,a);
-}
-
-/* reduce a DBIG to a BIG exploiting the special form of the modulus */
-void FP_mod(BIG r,DBIG d)
-{
- BIG t,b;
- chunk v,tw;
- BIG_split(t,b,d,MODBITS);
-
- /* Note that all of the excess gets pushed into t. So if squaring a value with a 4-bit excess, this results in
- t getting all 8 bits of the excess product! So products must be less than pR which is Montgomery compatible */
-
- if (MConst < NEXCESS)
- {
- BIG_imul(t,t,MConst);
-
- BIG_norm(t);
- tw=t[NLEN-1];
- t[NLEN-1]&=TMASK;
- t[0]+=MConst*((tw>>TBITS));
- }
- else
- {
- v=BIG_pmul(t,t,MConst);
- tw=t[NLEN-1];
- t[NLEN-1]&=TMASK;
-#if CHUNK == 16
- t[1]+=muladd(MConst,((tw>>TBITS)+(v<<(BASEBITS-TBITS))),0,&t[0]);
-#else
- t[0]+=MConst*((tw>>TBITS)+(v<<(BASEBITS-TBITS)));
-#endif
- }
- BIG_add(r,t,b);
- BIG_norm(r);
-}
-#endif
-
-/* This only applies to Curve C448, so specialised (for now) */
-#if MODTYPE == GENERALISED_MERSENNE
-
-/* Converts from BIG integer to n-residue form mod Modulus */
-void FP_nres(BIG a)
-{
- BIG tmp;
- BIG_rcopy(tmp,a);
-}
-
-/* Converts from n-residue form back to BIG integer form */
-void FP_redc(BIG a)
-{
- BIG tmp;
- BIG_rcopy(tmp,a);
-}
-
-/* reduce a DBIG to a BIG exploiting the special form of the modulus */
-void FP_mod(BIG r,DBIG d)
-{
- BIG t,b;
- chunk carry;
- BIG_split(t,b,d,MBITS);
-
- BIG_add(r,t,b);
-
- BIG_dscopy(d,t);
- BIG_dshl(d,MBITS/2);
-
- BIG_split(t,b,d,MBITS);
-
- BIG_add(r,r,t);
- BIG_add(r,r,b);
- BIG_norm(r);
- BIG_shl(t,MBITS/2);
-
- BIG_add(r,r,t);
-
- carry=r[NLEN-1]>>TBITS;
-
- r[NLEN-1]&=TMASK;
- r[0]+=carry;
-
- r[224/BASEBITS]+=carry<<(224%BASEBITS); /* need to check that this falls mid-word */
- BIG_norm(r);
-
-}
-
-#endif
-
-#if MODTYPE == MONTGOMERY_FRIENDLY
-
-/* convert to Montgomery n-residue form */
-void FP_nres(BIG a)
-{
- DBIG d;
- BIG m;
- BIG_rcopy(m,Modulus);
- BIG_dscopy(d,a);
- BIG_dshl(d,NLEN*BASEBITS);
- BIG_dmod(a,d,m);
-}
-
-/* convert back to regular form */
-void FP_redc(BIG a)
-{
- DBIG d;
- BIG_dzero(d);
- BIG_dscopy(d,a);
- FP_mod(a,d);
-}
-
-/* fast modular reduction from DBIG to BIG exploiting special form of the modulus */
-void FP_mod(BIG a,DBIG d)
-{
- int i;
-
- for (i=0; i<NLEN; i++)
- d[NLEN+i]+=muladd(d[i],MConst-1,d[i],&d[NLEN+i-1]);
-
- BIG_sducopy(a,d);
- BIG_norm(a);
-}
-
-#endif
-
-#if MODTYPE == NOT_SPECIAL
-
-/* convert BIG a to Montgomery n-residue form */
-/* SU= 120 */
-void FP_nres(BIG a)
-{
- DBIG d;
- BIG m;
- BIG_rcopy(m,Modulus);
- BIG_dscopy(d,a);
- BIG_dshl(d,NLEN*BASEBITS);
- BIG_dmod(a,d,m);
-}
-
-/* SU= 80 */
-/* convert back to regular form */
-void FP_redc(BIG a)
-{
- DBIG d;
- BIG_dzero(d);
- BIG_dscopy(d,a);
- FP_mod(a,d);
-}
-
-/* reduce a DBIG to a BIG using Montgomery's no trial division method */
-/* d is expected to be dnormed before entry */
-/* SU= 112 */
-void FP_mod(BIG a,DBIG d)
-{
- BIG mdls;
- BIG_rcopy(mdls,Modulus);
- BIG_monty(a,mdls,MConst,d);
-}
-
-#endif
-
-/* test x==0 ? */
-/* SU= 48 */
-int FP_iszilch(BIG x)
-{
- BIG m;
- BIG_rcopy(m,Modulus);
- BIG_mod(x,m);
- return BIG_iszilch(x);
-}
-
-/* output FP */
-/* SU= 48 */
-void FP_output(BIG r)
-{
- BIG c;
- BIG_copy(c,r);
- FP_redc(c);
- BIG_output(c);
-}
-
-void FP_rawoutput(BIG r)
-{
- BIG_rawoutput(r);
-}
-
-#ifdef GET_STATS
-int tsqr=0,rsqr=0,tmul=0,rmul=0;
-int tadd=0,radd=0,tneg=0,rneg=0;
-int tdadd=0,rdadd=0,tdneg=0,rdneg=0;
-#endif
-
-/* r=a*b mod Modulus */
-/* product must be less that p.R - and we need to know this in advance! */
-/* SU= 88 */
-void FP_mul(BIG r,BIG a,BIG b)
-{
- DBIG d;
- chunk ea,eb;
- BIG_norm(a);
- BIG_norm(b);
- ea=EXCESS(a);
- eb=EXCESS(b);
-
-#ifdef dchunk
- if ((dchunk)(ea+1)*(eb+1)>(dchunk)FEXCESS)
-#else
- if ((ea+1)>FEXCESS/(eb+1))
-#endif
- {
-#ifdef DEBUG_REDUCE
- printf("Product too large - reducing it %d %d %d\n",ea,eb,FEXCESS);
-#endif
- FP_reduce(a); /* it is sufficient to fully reduce just one of them < p */
-#ifdef GET_STATS
- rmul++;
- }
-
- tmul++;
-#else
- }
-#endif
-
- BIG_mul(d,a,b);
- FP_mod(r,d);
-}
-
-/* multiplication by an integer, r=a*c */
-/* SU= 136 */
-void FP_imul(BIG r,BIG a,int c)
-{
- DBIG d;
- BIG m;
- int s=0;
- chunk afx;
- BIG_norm(a);
- if (c<0)
- {
- c=-c;
- s=1;
- }
- afx=(EXCESS(a)+1)*(c+1)+1;
- if (c<NEXCESS && afx<FEXCESS)
- BIG_imul(r,a,c);
- else
- {
- if (afx<FEXCESS)
- {
- BIG_pmul(r,a,c);
- }
- else
- {
- BIG_rcopy(m,Modulus);
- BIG_pxmul(d,a,c);
- BIG_dmod(r,d,m);
- }
- }
- if (s) FP_neg(r,r);
- BIG_norm(r);
-}
-
-/* Set r=a^2 mod m */
-/* SU= 88 */
-void FP_sqr(BIG r,BIG a)
-{
- DBIG d;
- chunk ea;
- BIG_norm(a);
- ea=EXCESS(a);
-#ifdef dchunk
- if ((dchunk)(ea+1)*(ea+1)>(dchunk)FEXCESS)
-#else
- if ((ea+1)>FEXCESS/(ea+1))
-#endif
- {
-#ifdef DEBUG_REDUCE
- printf("Product too large - reducing it %d\n",ea);
-#endif
- FP_reduce(a);
-#ifdef GET_STATS
- rsqr++;
- }
- tsqr++;
-#else
- }
-#endif
-
- BIG_sqr(d,a);
- FP_mod(r,d);
-}
-
-/* SU= 16 */
-/* Set r=a+b */
-void FP_add(BIG r,BIG a,BIG b)
-{
- BIG_add(r,a,b);
- if (EXCESS(r)+2>=FEXCESS) /* +2 because a and b not normalised */
- {
-#ifdef DEBUG_REDUCE
- printf("Sum too large - reducing it %d\n",EXCESS(r));
-#endif
- FP_reduce(r);
-#ifdef GET_STATS
- radd++;
- }
- tadd++;
-#else
- }
-#endif
-}
-
-/* Set r=a-b mod m */
-/* SU= 56 */
-void FP_sub(BIG r,BIG a,BIG b)
-{
- BIG n;
- FP_neg(n,b);
- FP_add(r,a,n);
-}
-
-/* SU= 48 */
-/* Fully reduce a mod Modulus */
-void FP_reduce(BIG a)
-{
- BIG m;
- BIG_rcopy(m,Modulus);
- BIG_mod(a,m);
-}
-
-// https://graphics.stanford.edu/~seander/bithacks.html
-// constant time log to base 2 (or number of bits in)
-
-static int logb2(unsign32 v)
-{
- int r;
- v |= v >> 1;
- v |= v >> 2;
- v |= v >> 4;
- v |= v >> 8;
- v |= v >> 16;
-
- v = v - ((v >> 1) & 0x55555555);
- v = (v & 0x33333333) + ((v >> 2) & 0x33333333);
- r = (((v + (v >> 4)) & 0xF0F0F0F) * 0x1010101) >> 24;
- return r+1;
-}
-
-/* Set r=-a mod Modulus */
-/* SU= 64 */
-void FP_neg(BIG r,BIG a)
-{
- int sb;
-// chunk ov;
- BIG m;
-
- BIG_rcopy(m,Modulus);
- BIG_norm(a);
-
- sb=logb2((unsign32)EXCESS(a));
- /*
- ov=EXCESS(a);
- sb=1;
- while(ov!=0)
- {
- sb++; // only unpredictable branch
- ov>>=1;
- }
- */
- BIG_fshl(m,sb);
- BIG_sub(r,m,a);
-
- if (EXCESS(r)>=FEXCESS)
- {
-#ifdef DEBUG_REDUCE
- printf("Negation too large - reducing it %d\n",EXCESS(r));
-#endif
- FP_reduce(r);
-#ifdef GET_STATS
- rneg++;
- }
- tneg++;
-#else
- }
-#endif
-
-}
-
-/* Set r=a/2. */
-/* SU= 56 */
-void FP_div2(BIG r,BIG a)
-{
- BIG m;
- BIG_rcopy(m,Modulus);
- BIG_norm(a);
- if (BIG_parity(a)==0)
- {
- BIG_copy(r,a);
- BIG_fshr(r,1);
- }
- else
- {
- BIG_add(r,a,m);
- BIG_norm(r);
- BIG_fshr(r,1);
- }
-}
-
-/* set w=1/x */
-void FP_inv(BIG w,BIG x)
-{
- BIG m;
- BIG_rcopy(m,Modulus);
- BIG_copy(w,x);
- FP_redc(w);
-
- BIG_invmodp(w,w,m);
- FP_nres(w);
-}
-
-/* SU=8 */
-/* set n=1 */
-void FP_one(BIG n)
-{
- BIG_one(n);
- FP_nres(n);
-}
-
-/* Set r=a^b mod Modulus */
-/* SU= 136 */
-void FP_pow(BIG r,BIG a,BIG b)
-{
- BIG w,z,zilch;
- int bt;
- BIG_zero(zilch);
-
- BIG_norm(b);
- BIG_copy(z,b);
- BIG_copy(w,a);
- FP_one(r);
- while(1)
- {
- bt=BIG_parity(z);
- BIG_fshr(z,1);
- if (bt) FP_mul(r,r,w);
- if (BIG_comp(z,zilch)==0) break;
- FP_sqr(w,w);
- }
- FP_reduce(r);
-}
-
-/* is r a QR? */
-int FP_qr(BIG r)
-{
- int j;
- BIG m;
- BIG_rcopy(m,Modulus);
- FP_redc(r);
- j=BIG_jacobi(r,m);
- FP_nres(r);
- if (j==1) return 1;
- return 0;
-
-}
-
-/* Set a=sqrt(b) mod Modulus */
-/* SU= 160 */
-void FP_sqrt(BIG r,BIG a)
-{
- BIG v,i,b;
- BIG m;
- BIG_rcopy(m,Modulus);
- BIG_mod(a,m);
- BIG_copy(b,m);
- if (MOD8==5)
- {
- BIG_dec(b,5);
- BIG_norm(b);
- BIG_fshr(b,3); /* (p-5)/8 */
- BIG_copy(i,a);
- BIG_fshl(i,1);
- FP_pow(v,i,b);
- FP_mul(i,i,v);
- FP_mul(i,i,v);
- BIG_dec(i,1);
- FP_mul(r,a,v);
- FP_mul(r,r,i);
- BIG_mod(r,m);
- }
- if (MOD8==3 || MOD8==7)
- {
- BIG_inc(b,1);
- BIG_norm(b);
- BIG_fshr(b,2); /* (p+1)/4 */
- FP_pow(r,a,b);
- }
-}
-
-/*
-int main()
-{
-
- BIG r;
-
- FP_one(r);
- FP_sqr(r,r);
-
- BIG_output(r);
-
- int i,carry;
- DBIG c={0,0,0,0,0,0,0,0};
- BIG a={1,2,3,4};
- BIG b={3,4,5,6};
- BIG r={11,12,13,14};
- BIG s={23,24,25,15};
- BIG w;
-
-// printf("NEXCESS= %d\n",NEXCESS);
-// printf("MConst= %d\n",MConst);
-
- BIG_copy(b,Modulus);
- BIG_dec(b,1);
- BIG_norm(b);
-
- BIG_randomnum(r); BIG_norm(r); BIG_mod(r,Modulus);
-// BIG_randomnum(s); norm(s); BIG_mod(s,Modulus);
-
-// BIG_output(r);
-// BIG_output(s);
-
- BIG_output(r);
- FP_nres(r);
- BIG_output(r);
- BIG_copy(a,r);
- FP_redc(r);
- BIG_output(r);
- BIG_dscopy(c,a);
- FP_mod(r,c);
- BIG_output(r);
-
-
-// exit(0);
-
-// copy(r,a);
- printf("r= "); BIG_output(r);
- BIG_modsqr(r,r,Modulus);
- printf("r^2= "); BIG_output(r);
-
- FP_nres(r);
- FP_sqrt(r,r);
- FP_redc(r);
- printf("r= "); BIG_output(r);
- BIG_modsqr(r,r,Modulus);
- printf("r^2= "); BIG_output(r);
-
-
-// for (i=0;i<100000;i++) FP_sqr(r,r);
-// for (i=0;i<100000;i++)
- FP_sqrt(r,r);
-
- BIG_output(r);
-}
-*/
[29/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/RSA.js
----------------------------------------------------------------------
diff --git a/version22/js/RSA.js b/version22/js/RSA.js
deleted file mode 100644
index ff27ac6..0000000
--- a/version22/js/RSA.js
+++ /dev/null
@@ -1,392 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/* RSA API Functions */
-
-var rsa_private_key=function(n)
-{
- this.p=new FF(n);
- this.q=new FF(n);
- this.dp=new FF(n);
- this.dq=new FF(n);
- this.c=new FF(n);
-};
-
-var rsa_public_key=function(m)
-{
- this.e=0;
- this.n=new FF(m);
-};
-
-RSA= {
- RFS: ROM.MODBYTES*ROM.FFLEN,
- SHA256 : 32,
- SHA384 : 48,
- SHA512 : 64,
-
- HASH_TYPE:32,
-
-/* SHAXXX identifier strings */
- SHA256ID : [0x30,0x31,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0x04,0x20],
- SHA384ID : [0x30,0x41,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,0x05,0x00,0x04,0x30],
- SHA512ID : [0x30,0x51,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00,0x04,0x40],
-
- bytestohex: function(b)
- {
- var s="";
- var len=b.length;
- var ch;
-
- for (var i=0;i<len;i++)
- {
- ch=b[i];
- s+=((ch>>>4)&15).toString(16);
- s+=(ch&15).toString(16);
-
- }
- return s;
- },
-
- bytestostring: function(b)
- {
- var s="";
- for (var i=0;i<b.length;i++)
- {
- s+=String.fromCharCode(b[i]);
- }
- return s;
- },
-
- stringtobytes: function(s)
- {
- var b=[];
- for (var i=0;i<s.length;i++)
- b.push(s.charCodeAt(i));
- return b;
- },
-
- hashit: function(sha,A,n)
- {
- var R=[];
- if (sha==this.SHA256)
- {
- var H=new HASH256();
- if (A!=null) H.process_array(A);
- if (n>=0) H.process_num(n);
- R=H.hash();
- }
- if (sha==this.SHA384)
- {
- H=new HASH384();
- if (A!=null) H.process_array(A);
- if (n>=0) H.process_num(n);
- R=H.hash();
- }
- if (sha==this.SHA512)
- {
- H=new HASH512();
- if (A!=null) H.process_array(A);
- if (n>=0) H.process_num(n);
- R=H.hash();
- }
- return R;
- },
-
- KEY_PAIR: function(rng,e,PRIV,PUB)
- { /* IEEE1363 A16.11/A16.12 more or less */
-
- // var m,r,bytes,hbytes,words,err,res=0;
- var n=PUB.n.length>>1;
- var t = new FF(n);
- var p1=new FF(n);
- var q1=new FF(n);
-
- for (;;)
- {
-
- PRIV.p.random(rng);
- while (PRIV.p.lastbits(2)!=3) PRIV.p.inc(1);
- while (!FF.prime(PRIV.p,rng)) PRIV.p.inc(4);
-
- p1.copy(PRIV.p);
- p1.dec(1);
-
- if (p1.cfactor(e)) continue;
- break;
- }
-
- for (;;)
- {
- PRIV.q.random(rng);
- while (PRIV.q.lastbits(2)!=3) PRIV.q.inc(1);
- while (!FF.prime(PRIV.q,rng)) PRIV.q.inc(4);
-
- q1.copy(PRIV.q);
- q1.dec(1);
-
- if (q1.cfactor(e)) continue;
- break;
- }
-
- PUB.n=FF.mul(PRIV.p,PRIV.q);
- PUB.e=e;
-
- t.copy(p1);
- t.shr();
- PRIV.dp.set(e);
- PRIV.dp.invmodp(t);
- if (PRIV.dp.parity()===0) PRIV.dp.add(t);
- PRIV.dp.norm();
-
- t.copy(q1);
- t.shr();
- PRIV.dq.set(e);
- PRIV.dq.invmodp(t);
- if (PRIV.dq.parity()===0) PRIV.dq.add(t);
- PRIV.dq.norm();
-
- PRIV.c.copy(PRIV.p);
- PRIV.c.invmodp(PRIV.q);
-
- return;
- },
-
-/* Mask Generation Function */
- MGF1: function(sha,Z,olen,K)
- {
- var i,hlen=sha;
- var B=[];
-
- var counter,cthreshold,k=0;
- for (i=0;i<K.length;i++) K[i]=0;
-
- cthreshold=Math.floor(olen/hlen); if (olen%hlen!==0) cthreshold++;
- for (counter=0;counter<cthreshold;counter++)
- {
- B=this.hashit(sha,Z,counter);
- if (k+hlen>olen) for (i=0;i<olen%hlen;i++) K[k++]=B[i];
- else for (i=0;i<hlen;i++) K[k++]=B[i];
- }
- },
-
- PKCS15: function(sha,m,w)
- {
- var olen=ROM.FF_BITS/8;
- var i,hlen=sha;
- var idlen=19;
-
- if (olen<idlen+hlen+10) return false;
- var H=this.hashit(sha,m,-1);
-
- for (i=0;i<w.length;i++) w[i]=0;
- i=0;
- w[i++]=0;
- w[i++]=1;
- for (var j=0;j<olen-idlen-hlen-3;j++)
- w[i++]=0xff;
- w[i++]=0;
-
-
- if (hlen==this.SHA256) for (var j=0;j<idlen;j++) w[i++]=this.SHA256ID[j];
- if (hlen==this.SHA384) for (var j=0;j<idlen;j++) w[i++]=this.SHA384ID[j];
- if (hlen==this.SHA512) for (var j=0;j<idlen;j++) w[i++]=this.SHA512ID[j];
-
- for (var j=0;j<hlen;j++)
- w[i++]=H[j];
-
- return true;
- },
-
- /* OAEP Message Encoding for Encryption */
- OAEP_ENCODE: function(sha,m,rng,p)
- {
- var i,slen,olen=RSA.RFS-1;
- var mlen=m.length;
- var hlen,seedlen;
- var f=[];
-
- hlen=sha;
- var SEED=[];
- seedlen=hlen;
-
- if (mlen>olen-hlen-seedlen-1) return null;
-
- var DBMASK=[];
-
- var h=this.hashit(sha,p,-1);
- for (i=0;i<hlen;i++) f[i]=h[i];
-
- slen=olen-mlen-hlen-seedlen-1;
-
- for (i=0;i<slen;i++) f[hlen+i]=0;
- f[hlen+slen]=1;
- for (i=0;i<mlen;i++) f[hlen+slen+1+i]=m[i];
-
- for (i=0;i<seedlen;i++) SEED[i]=rng.getByte();
- this.MGF1(sha,SEED,olen-seedlen,DBMASK);
-
- for (i=0;i<olen-seedlen;i++) DBMASK[i]^=f[i];
- this.MGF1(sha,DBMASK,seedlen,f);
-
- for (i=0;i<seedlen;i++) f[i]^=SEED[i];
-
- for (i=0;i<olen-seedlen;i++) f[i+seedlen]=DBMASK[i];
-
- /* pad to length RFS */
- var d=1;
- for (i=RSA.RFS-1;i>=d;i--)
- f[i]=f[i-d];
- for (i=d-1;i>=0;i--)
- f[i]=0;
-
- return f;
- },
-
- /* OAEP Message Decoding for Decryption */
- OAEP_DECODE: function(sha,p,f)
- {
- var x,t;
- var comp;
- var i,k,olen=RSA.RFS-1;
- var hlen,seedlen;
-
- hlen=sha;
- var SEED=[];
- seedlen=hlen;
- var CHASH=[];
- seedlen=hlen=sha;
-
- if (olen<seedlen+hlen+1) return null;
-
- var DBMASK=[];
- for (i=0;i<olen-seedlen;i++) DBMASK[i]=0;
-
- if (f.length<RSA.RFS)
- {
- var d=RSA.RFS-f.length;
- for (i=RFS-1;i>=d;i--)
- f[i]=f[i-d];
- for (i=d-1;i>=0;i--)
- f[i]=0;
-
- }
-
- var h=this.hashit(sha,p,-1);
- for (i=0;i<hlen;i++) CHASH[i]=h[i];
-
- x=f[0];
-
- for (i=seedlen;i<olen;i++)
- DBMASK[i-seedlen]=f[i+1];
-
- this.MGF1(sha,DBMASK,seedlen,SEED);
- for (i=0;i<seedlen;i++) SEED[i]^=f[i+1];
- this.MGF1(sha,SEED,olen-seedlen,f);
- for (i=0;i<olen-seedlen;i++) DBMASK[i]^=f[i];
-
- comp=true;
- for (i=0;i<hlen;i++)
- {
- if (CHASH[i]!=DBMASK[i]) comp=false;
- }
-
- for (i=0;i<olen-seedlen-hlen;i++)
- DBMASK[i]=DBMASK[i+hlen];
-
- for (i=0;i<hlen;i++)
- SEED[i]=CHASH[i]=0;
-
- for (k=0;;k++)
- {
- if (k>=olen-seedlen-hlen) return null;
- if (DBMASK[k]!==0) break;
- }
-
- t=DBMASK[k];
-
- if (!comp || x!==0 || t!=0x01)
- {
- for (i=0;i<olen-seedlen;i++) DBMASK[i]=0;
- return null;
- }
-
- var r=[];
-
- for (i=0;i<olen-seedlen-hlen-k-1;i++)
- r[i]=DBMASK[i+k+1];
-
- for (i=0;i<olen-seedlen;i++) DBMASK[i]=0;
-
- return r;
- },
-
- /* destroy the Private Key structure */
- PRIVATE_KEY_KILL: function(PRIV)
- {
- PRIV.p.zero();
- PRIV.q.zero();
- PRIV.dp.zero();
- PRIV.dq.zero();
- PRIV.c.zero();
- },
-
- /* RSA encryption with the public key */
- ENCRYPT: function(PUB,F,G)
- {
- var n=PUB.n.getlen();
- var f=new FF(n);
-
- FF.fromBytes(f,F);
-
- f.power(PUB.e,PUB.n);
-
- f.toBytes(G);
- },
-
- /* RSA decryption with the private key */
- DECRYPT: function(PRIV,G,F)
- {
- var n=PRIV.p.getlen();
- var g=new FF(2*n);
-
- FF.fromBytes(g,G);
- var jp=g.dmod(PRIV.p);
- var jq=g.dmod(PRIV.q);
-
- jp.skpow(PRIV.dp,PRIV.p);
- jq.skpow(PRIV.dq,PRIV.q);
-
- g.zero();
- g.dscopy(jp);
- jp.mod(PRIV.q);
- if (FF.comp(jp,jq)>0) jq.add(PRIV.q);
- jq.sub(jp);
- jq.norm();
-
- var t=FF.mul(PRIV.c,jq);
- jq=t.dmod(PRIV.q);
-
- t=FF.mul(jq,PRIV.p);
- g.add(t);
- g.norm();
-
- g.toBytes(F);
- }
-
-};
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/TestECDH.html
----------------------------------------------------------------------
diff --git a/version22/js/TestECDH.html b/version22/js/TestECDH.html
deleted file mode 100644
index 1ddf0c2..0000000
--- a/version22/js/TestECDH.html
+++ /dev/null
@@ -1,143 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<head>
-<title>JavaScript Test ECC</title>
-</head>
-<body>
-<h1>JavaScript Test ECC Example</h1>
-<script type="text/javascript" src="DBIG.js"></script>
-<script type="text/javascript" src="BIG.js"></script>
-<script type="text/javascript" src="FP.js"></script>
-<script type="text/javascript" src="ROM.js"></script>
-<script type="text/javascript" src="UInt64.js"></script>
-<script type="text/javascript" src="HASH256.js"></script>
-<script type="text/javascript" src="HASH384.js"></script>
-<script type="text/javascript" src="HASH512.js"></script>
-<script type="text/javascript" src="RAND.js"></script>
-<script type="text/javascript" src="AES.js"></script>
-<script type="text/javascript" src="GCM.js"></script>
-<script type="text/javascript" src="ECP.js"></script>
-<script type="text/javascript" src="ECDH.js"></script>
-
-<script>
-/* test driver and function exerciser for ECDH/ECIES/ECDSA API Functions */
- var i,j=0,res;
- var result;
- var pp="M0ng00se";
-
- var EGS=ECDH.EGS;
- var EFS=ECDH.EFS;
- var EAS=16;
- var sha=ECDH.HASH_TYPE;
-
- var S1=[];
- var W0=[];
- var W1=[];
- var Z0=[];
- var Z1=[];
- var RAW=[];
- var SALT=[];
- var P1=[];
- var P2=[];
- var V=[];
- var M=[];
- var T=new Array(12); // must specify required length
- var CS=[];
- var DS=[];
-
- var rng=new RAND();
-
- rng.clean();
- for (i=0;i<100;i++) RAW[i]=i;
-
- rng.seed(100,RAW);
-//for (j=0;j<100;j++)
-//{
-
- for (i=0;i<8;i++) SALT[i]=(i+1); // set Salt
-
- window.document.write("Alice's Passphrase= " + pp + "<br>");
-
- var PW=ECDH.stringtobytes(pp);
-/* private key S0 of size EGS bytes derived from Password and Salt */
- var S0=ECDH.PBKDF2(sha,PW,SALT,1000,EGS);
-
- window.document.write("Alice's private key= 0x"+ECDH.bytestostring(S0)+ "<br>");
-/* Generate Key pair S/W */
- ECDH.KEY_PAIR_GENERATE(null,S0,W0);
-
- window.document.write("Alice's public key= 0x"+ECDH.bytestostring(W0)+ "<br>");
-
- res=ECDH.PUBLIC_KEY_VALIDATE(true,W0);
- if (res!=0)
- alert("ECP Public Key is invalid!");
-/* Random private key for other party */
- ECDH.KEY_PAIR_GENERATE(rng,S1,W1);
-
- window.document.write("Servers private key= 0x"+ECDH.bytestostring(S1)+ "<br>");
- window.document.write("Servers public key= 0x"+ECDH.bytestostring(W1)+ "<br>");
-
- res=ECDH.PUBLIC_KEY_VALIDATE(true,W1);
- if (res!=0)
- alert("ECP Public Key is invalid!");
-
-
-/* Calculate common key using DH - IEEE 1363 method */
-
- ECDH.ECPSVDP_DH(S0,W1,Z0);
- ECDH.ECPSVDP_DH(S1,W0,Z1);
-
- var same=true;
- for (i=0;i<ECDH.EFS;i++)
- if (Z0[i]!=Z1[i]) same=false;
-
- if (!same)
- alert("*** ECPSVDP-DH Failed");
-
- var KEY=ECDH.KDF2(sha,Z0,null,ECDH.EAS);
-
- window.document.write("Alice's DH Key= 0x"+ECDH.bytestostring(KEY)+ "<br>");
- window.document.write("Servers DH Key= 0x"+ECDH.bytestostring(KEY)+ "<br>");
-
- if (ROM.CURVETYPE!=ROM.MONTGOMERY)
- {
- window.document.write("Testing ECIES"+ "<br>");
-
- P1[0]=0x0; P1[1]=0x1; P1[2]=0x2;
- P2[0]=0x0; P2[1]=0x1; P2[2]=0x2; P2[3]=0x3;
-
- for (i=0;i<=16;i++) M[i]=i;
-
- var C=ECDH.ECIES_ENCRYPT(sha,P1,P2,rng,W1,M,V,T);
-
- window.document.write("Ciphertext= "+ "<br>");
- window.document.write("V= 0x"+ECDH.bytestostring(V)+ "<br>");
- window.document.write("C= 0x"+ECDH.bytestostring(C)+ "<br>");
- window.document.write("T= 0x"+ECDH.bytestostring(T)+ "<br>");
-
-
- M=ECDH.ECIES_DECRYPT(sha,P1,P2,V,C,T,S1);
- if (M.length==0)
- alert("*** ECIES Decryption Failed ");
- else window.document.write("Decryption succeeded"+ "<br>");
-
- window.document.write("Message is 0x"+ECDH.bytestostring(M)+ "<br>");
-
- window.document.write("Testing ECDSA"+ "<br>");
-
- if (ECDH.ECPSP_DSA(sha,rng,S0,M,CS,DS)!=0)
- alert("***ECDSA Signature Failed");
-
- window.document.write("Signature= "+ "<br>");
- window.document.write("C= 0x"+ECDH.bytestostring(CS)+ "<br>");
- window.document.write("D= 0x"+ECDH.bytestostring(DS)+ "<br>");
-
- if (ECDH.ECPVP_DSA(sha,W0,M,CS,DS)!=0)
- alert("***ECDSA Verification Failed");
- else window.document.write("ECDSA Signature/Verification succeeded "+ "<br>");
- }
-//}
-//window.document.write("Test Completed Successfully"+ "<br>");
-</script>
-</body>
-</html>
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/TestMPIN.html
----------------------------------------------------------------------
diff --git a/version22/js/TestMPIN.html b/version22/js/TestMPIN.html
deleted file mode 100644
index 0cb6f67..0000000
--- a/version22/js/TestMPIN.html
+++ /dev/null
@@ -1,330 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<head>
-<title>JavaScript Test MPIN</title>
-</head>
-<body>
-<h1>JavaScript Test MPIN Example</h1>
-<script type="text/javascript" src="DBIG.js"></script>
-<script type="text/javascript" src="BIG.js"></script>
-<script type="text/javascript" src="FP.js"></script>
-<script type="text/javascript" src="ROM.js"></script>
-<script type="text/javascript" src="UInt64.js"></script>
-<script type="text/javascript" src="HASH256.js"></script>
-<script type="text/javascript" src="HASH384.js"></script>
-<script type="text/javascript" src="HASH512.js"></script>
-<script type="text/javascript" src="RAND.js"></script>
-<script type="text/javascript" src="AES.js"></script>
-<script type="text/javascript" src="GCM.js"></script>
-<script type="text/javascript" src="ECP.js"></script>
-<script type="text/javascript" src="FP2.js"></script>
-<script type="text/javascript" src="ECP2.js"></script>
-<script type="text/javascript" src="FP4.js"></script>
-<script type="text/javascript" src="FP12.js"></script>
-<script type="text/javascript" src="PAIR.js"></script>
-<script type="text/javascript" src="MPIN.js"></script>
-
-<script>
-/* test driver and function exerciser for MPIN API Functions */
-
- var i,res;
- var result;
-
- var EGS=MPIN.EGS;
- var EFS=MPIN.EFS;
- var EAS=16;
-
- var sha=MPIN.HASH_TYPE;
-
- var rng=new RAND();
- rng.clean();
-
- var RAW=[];
- for (i=0;i<100;i++) RAW[i]=i+1;
- rng.seed(100,RAW);
-
- var G1S=2*EFS+1; /* Group 1 Size */
- var G2S=4*EFS; /* Group 2 Size */
-
- var S=[];
- var SST=[];
- var TOKEN = [];
- var PERMIT = [];
- var SEC = [];
- var xID = [];
- var xCID = [];
- var X= [];
- var Y= [];
- var E=[];
- var F=[];
- var HCID=[];
- var HID=[];
- var HTID=[];
-
- var G1=[];
- var G2=[];
- var R=[];
- var Z=[];
- var W=[];
- var T=[];
- var CK=[];
- var SK=[];
-
- var HSID=[];
-
-/* Set configuration */
- var PERMITS=true;
- var PINERROR=true;
- var FULL=true;
- var ONE_PASS=false;
- var TIME_FUNCTIONS=false;
- var total_time=0;
- var nIter=100
-/*
- var PR=[];
- pin=parseInt(prompt("Enter PIN= "));
- window.document.write("Test Pairing" + "<br>");
- for (i=0;i<100;i++)
- MPIN.TEST_PAIR(PR);
- window.document.write("Pairing= "+MPIN.bytestostring(PR) + "<br>");
-
- pin=parseInt(prompt("Enter PIN= "));
-*/
-
-/* Trusted Authority set-up */
- MPIN.RANDOM_GENERATE(rng,S);
- window.document.write("Master Secret s: 0x"+MPIN.bytestostring(S) + "<br>");
-
- /* Create Client Identity */
- var IDstr = "testUser@miracl.com";
- var CLIENT_ID = MPIN.stringtobytes(IDstr);
- HCID=MPIN.HASH_ID(sha,CLIENT_ID); /* Either Client or TA calculates Hash(ID) - you decide! */
-
- window.document.write("Client ID= "+MPIN.bytestostring(CLIENT_ID) + "<br>");
-
-/* Client and Server are issued secrets by DTA */
- MPIN.GET_SERVER_SECRET(S,SST);
- window.document.write("Server Secret SS: 0x"+MPIN.bytestostring(SST) + "<br>");
-
- MPIN.GET_CLIENT_SECRET(S,HCID,TOKEN);
- window.document.write("Client Secret CS: 0x"+MPIN.bytestostring(TOKEN) + "<br>");
-
-/* Client extracts PIN from secret to create Token */
- var pin=1234;
- window.document.write("Client extracts PIN= "+pin + "<br>");
- var rtn=MPIN.EXTRACT_PIN(sha,CLIENT_ID,pin,TOKEN);
- if (rtn != 0)
- window.document.write("Failed to extract PIN " + "<br>");
-
- window.document.write("Client Token TK: 0x"+MPIN.bytestostring(TOKEN) + "<br>");
-
- if (FULL)
- {
- MPIN.PRECOMPUTE(TOKEN,HCID,G1,G2);
- }
-
- var date;
- if (PERMITS)
- {
- date=MPIN.today();
-/* Client gets "Time Token" permit from DTA */
- MPIN.GET_CLIENT_PERMIT(sha,date,S,HCID,PERMIT);
- window.document.write("Time Permit TP: 0x"+MPIN.bytestostring(PERMIT) + "<br>");
-
-/* This encoding makes Time permit look random - Elligator squared */
- MPIN.ENCODING(rng,PERMIT);
- window.document.write("Encoded Time Permit TP: 0x"+MPIN.bytestostring(PERMIT) + "<br>");
- MPIN.DECODING(PERMIT);
- window.document.write("Decoded Time Permit TP: 0x"+MPIN.bytestostring(PERMIT) + "<br>");
- }
- else date=0;
-
-
- pin=parseInt(prompt("Enter PIN= "));
-
-/* Set date=0 and PERMIT=null if time permits not in use
-
-Client First pass: Inputs CLIENT_ID, optional RNG, pin, TOKEN and PERMIT. Output xID = x.H(CLIENT_ID) and re-combined secret SEC
-If PERMITS are is use, then date!=0 and PERMIT is added to secret and xCID = x.(H(CLIENT_ID)+H_T(date|H(CLIENT_ID)))
-Random value x is supplied externally if RNG=null, otherwise generated and passed out by RNG
-
-If Time Permits OFF set xCID = null, HTID=null and use xID and HID only
-If Time permits are ON, AND pin error detection is required then all of xID, xCID, HID and HTID are required
-If Time permits are ON, AND pin error detection is NOT required, set xID=null, HID=null and use xCID and HTID only.
-
-
-*/
- var pxID=xID;
- var pxCID=xCID;
- var pHID=HID;
- var pHTID=HTID;
- var pE=E;
- var pF=F;
- var pPERMIT=PERMIT;
- var prHID;
-
- if (date!=0)
- {
- prHID=pHTID;
- if (!PINERROR)
- {
- pxID=null;
- // pHID=null;
- }
- }
- else
- {
- prHID=pHID;
- pPERMIT=null;
- pxCID=null;
- pHTID=null;
- }
- if (!PINERROR)
- {
- pE=null;
- pF=null;
- }
-
- if (ONE_PASS)
- {
- window.document.write("MPIN Single Pass " + "<br>");
- timeValue = MPIN.GET_TIME();
- window.document.write("Epoch " + timeValue + "<br>");
- if (TIME_FUNCTIONS)
- {
- var start = new Date().getTime();
- for (i = 0; i < nIter; ++i) {
- rtn=MPIN.CLIENT(sha,date,CLIENT_ID,rng,X,pin,TOKEN,SEC,pxID,pxCID,pPERMIT,timeValue,Y);
- }
- var end = new Date().getTime();
- var t1 = end - start;
- total_time = total_time + t1;
- var iter_time = t1 / nIter;
- var iter_per_sec = nIter / (t1 / 1000);
- window.document.write("MPIN.CLIENT: time " + t1 + "ms iteration time " + iter_time + "ms iterations per second " + iter_per_sec + "<br>");
- }
- else
- {
- rtn=MPIN.CLIENT(sha,date,CLIENT_ID,rng,X,pin,TOKEN,SEC,pxID,pxCID,pPERMIT,timeValue,Y);
- }
- if (rtn != 0)
- window.document.write("FAILURE: CLIENT rtn: " + rtn + "<br>");
-
- if (FULL)
- {
- if (TIME_FUNCTIONS)
- {
- var start = new Date().getTime();
- for (i = 0; i < nIter; ++i) {
- HCID=MPIN.HASH_ID(sha,CLIENT_ID);
- MPIN.GET_G1_MULTIPLE(rng,1,R,HCID,Z);
- }
- var end = new Date().getTime();
- var t2 = end - start;
- total_time = total_time + t2;
- var iter_time = t2 / nIter;
- var iter_per_sec = nIter / (t2 / 1000);
- window.document.write("MPIN.GET_G1_MULTIPLE: time " + t2 + "ms iteration time " + iter_time + "ms iterations per second " + iter_per_sec + "<br>");
- }
- else
- {
- HCID=MPIN.HASH_ID(sha,CLIENT_ID);
- MPIN.GET_G1_MULTIPLE(rng,1,R,HCID,Z); /* Also Send Z=r.ID to Server, remember random r */
- }
- }
-
- rtn=MPIN.SERVER(sha,date,pHID,pHTID,Y,SST,pxID,pxCID,SEC,pE,pF,CLIENT_ID,timeValue);
- if (rtn != 0)
- window.document.write("FAILURE: SERVER rtn: " + rtn+ "<br>");
-
- if (FULL)
- {
- HSID=MPIN.HASH_ID(sha,CLIENT_ID);
- MPIN.GET_G1_MULTIPLE(rng,0,W,prHID,T); /* Also send T=w.ID to client, remember random w */
- }
- }
- else
- {
- window.document.write("MPIN Multi Pass " + "<br>");
- rtn=MPIN.CLIENT_1(sha,date,CLIENT_ID,rng,X,pin,TOKEN,SEC,pxID,pxCID,pPERMIT);
- if (rtn != 0)
- window.document.write("FAILURE: CLIENT_1 rtn: " + rtn + "<br>");
-
- if (FULL)
- {
- HCID=MPIN.HASH_ID(sha,CLIENT_ID);
- MPIN.GET_G1_MULTIPLE(rng,1,R,HCID,Z); /* Also Send Z=r.ID to Server, remember random r */
- }
-
- /* Server calculates H(ID) and H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. */
- MPIN.SERVER_1(sha,date,CLIENT_ID,pHID,pHTID);
-
- /* Server generates Random number Y and sends it to Client */
- MPIN.RANDOM_GENERATE(rng,Y);
-
- if (FULL)
- {
- HSID=MPIN.HASH_ID(sha,CLIENT_ID);
- MPIN.GET_G1_MULTIPLE(rng,0,W,prHID,T); /* Also send T=w.ID to client, remember random w */
- }
-
- /* Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC */
- rtn=MPIN.CLIENT_2(X,Y,SEC);
- if (rtn != 0)
- window.document.write("FAILURE: CLIENT_2 rtn: " + rtn + "<br>");
- /* Server Second pass. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error. */
- /* If PIN error not required, set E and F = NULL */
- rtn=MPIN.SERVER_2(date,pHID,pHTID,Y,SST,pxID,pxCID,SEC,pE,pF);
-
- if (rtn != 0)
- window.document.write("FAILURE: SERVER_1 rtn: " + rtn+ "<br>");
-
- }
-
-
- if (rtn == this.MPIN.BAD_PIN)
- {
- window.document.write("Server says - Bad Pin. I don't know you. Feck off." + "<br>");
- if (PINERROR)
- {
- var err=MPIN.KANGAROO(E,F);
- if (err!=0) window.document.write("(Client PIN is out by "+err + ")<br>");
- }
- }
- else
- {
- window.document.write("Server says - PIN is good! You really are "+IDstr + "<br>");
- if (FULL)
- {
- if (TIME_FUNCTIONS)
- {
- var start = new Date().getTime();
- for (i = 0; i < nIter; ++i) {
- MPIN.CLIENT_KEY(sha,G1,G2,pin,R,X,T,CK);
- }
- var end = new Date().getTime();
- var t3 = end - start;
- total_time = total_time + t3;
- var iter_time = t3 / nIter;
- var iter_per_sec = nIter / (t3 / 1000);
- window.document.write("MPIN.CLIENT_KEY: time " + t1 + "ms iteration time " + iter_time + "ms iterations per second " + iter_per_sec + "<br>");
- }
- else
- {
- H=MPIN.HASH_ALL(sha,HCID,pxID,pxCID,SEC,Y,Z,T);
- MPIN.CLIENT_KEY(sha,G1,G2,pin,R,X,H,T,CK);
- }
- window.document.write("Client Key = 0x"+MPIN.bytestostring(CK) + "<br>");
- H=MPIN.HASH_ALL(sha,HSID,pxID,pxCID,SEC,Y,Z,T);
- MPIN.SERVER_KEY(sha,Z,SST,W,H,pHID,pxID,pxCID,SK);
- window.document.write("Server Key = 0x"+MPIN.bytestostring(SK) + "<br>");
- }
- }
- // var iter_time = total_time / nIter;
- // var iter_per_sec = nIter / (total_time / 1000);
- // window.document.write("CLIENT: total time " + total_time + "ms iteration time " + iter_time + "ms iterations per second " + iter_per_sec + "<br>");
-
-
-</script>
-</body>
-</html>
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/TestRSA.html
----------------------------------------------------------------------
diff --git a/version22/js/TestRSA.html b/version22/js/TestRSA.html
deleted file mode 100644
index ba650ca..0000000
--- a/version22/js/TestRSA.html
+++ /dev/null
@@ -1,115 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<head>
-<title>JavaScript Test RSA</title>
-</head>
-<body>
-<h1>JavaScript Test RSA Example</h1>
-<script type="text/javascript" src="ROM.js"></script>
-<script type="text/javascript" src="DBIG.js"></script>
-<script type="text/javascript" src="BIG.js"></script>
-<script type="text/javascript" src="UInt64.js"></script>
-<script type="text/javascript" src="HASH256.js"></script>
-<script type="text/javascript" src="HASH384.js"></script>
-<script type="text/javascript" src="HASH512.js"></script>
-<script type="text/javascript" src="RAND.js"></script>
-<script type="text/javascript" src="FF.js"></script>
-<script type="text/javascript" src="RSA.js"></script>
-
-
-<script>
-/* test driver and function exerciser for RSA API Functions */
-
- var i,j=0,res;
- var result;
-
- var RFS=RSA.RFS;
- var sha=RSA.HASH_TYPE;
-
- var message="Hello World\n";
-
- var pub=new rsa_public_key(ROM.FFLEN);
- var priv=new rsa_private_key(ROM.HFLEN);
-
- var ML=[];
- var C=[];
- var S=[];
- var RAW=[];
-
- var rng=new RAND();
- rng.clean();
-
- for (i=0;i<100;i++) RAW[i]=i;
- rng.seed(100,RAW);
-
- var start,end,time;
- start=new Date().getTime();
- window.document.write("Generating public/private key pair (slow!) <br>");
- RSA.KEY_PAIR(rng,65537,priv,pub);
- end=new Date().getTime();
- time=end-start;
- window.document.write("Time in ms= "+time+"<br>");
-
- var M=RSA.stringtobytes(message);
- window.document.write("Encrypting test string <br>");
-
- var E=RSA.OAEP_ENCODE(sha,M,rng,null); /* OAEP encode message m to e */
- window.document.write("Encoding= 0x" + RSA.bytestohex(E) + "<br>");
-
- window.document.write("Public key= 0x"+pub.n.toString() + "<br>");
-
- start=new Date().getTime();
- RSA.ENCRYPT(pub,E,C); /* encrypt encoded message */
- end=new Date().getTime();
- time=end-start;
- window.document.write("Time in ms= "+time+"<br>");
-
- window.document.write("Ciphertext= 0x" + RSA.bytestohex(C) + "<br>");
-
- window.document.write("Decrypting test string <br>");
- start=new Date().getTime();
- RSA.DECRYPT(priv,C,ML);
- end=new Date().getTime();
- time=end-start;
- window.document.write("Time in ms= "+time+"<br>");
-
- var cmp=true;
- if (E.length!=ML.length) cmp=false;
- else
- {
- for (var j=0;j<E.length;j++)
- if (E[j]!=ML[j]) cmp=false;
- }
- if (cmp) window.document.write("Decryption is OK <br>");
- else window.document.write("Decryption Failed <br>");
-
- var MS=RSA.OAEP_DECODE(sha,null,ML); /* OAEP decode message */
- window.document.write("Decoding= 0x" + RSA.bytestohex(MS) + "<br>");
-
- window.document.write("message= "+RSA.bytestostring(MS) + "<br>");
-
-
- window.document.write("Signing message <br>");
- RSA.PKCS15(sha,M,C);
-
- RSA.DECRYPT(priv,C,S); /* create signature in S */
-
- window.document.write("Signature= 0x" + RSA.bytestohex(S) + "<br>");
-
- RSA.ENCRYPT(pub,S,ML);
-
- cmp=true;
- if (C.length!=ML.length) cmp=false;
- else
- {
- for (var j=0;j<C.length;j++)
- if (C[j]!=ML[j]) cmp=false;
- }
- if (cmp) window.document.write("Signature is valid <br>");
- else window.document.write("Signature is INVALID <br>");
-
- RSA.PRIVATE_KEY_KILL(priv);
-
-</script>
-</body>
-</html>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/UInt64.js
----------------------------------------------------------------------
diff --git a/version22/js/UInt64.js b/version22/js/UInt64.js
deleted file mode 100644
index 2d93b9c..0000000
--- a/version22/js/UInt64.js
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/* rudimentary unsigned 64-bit type for SHA384 and SHA512 */
-
-var UInt64 = function(top,bot) {
- this.top=top;
- this.bot=bot;
-};
-
-UInt64.prototype={
- add: function(y)
- {
- var t=(this.bot>>>0)+(y.bot>>>0);
- var low=t >>> 0;
- var high=(this.top>>>0)+(y.top>>>0);
-
- this.bot=low;
- if (low!=t)
- this.top=(high+1)>>>0;
- else
- this.top=high;
-
- return this;
- },
- copy: function()
- {
- var r=new UInt64(this.top,this.bot);
- return r;
- },
- shlb: function()
- {
- var t=this.bot>>>24;
- this.top=t+(this.top<<8);
- this.bot<<=8;
- return this;
- }
-};
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/readme.txt
----------------------------------------------------------------------
diff --git a/version22/js/readme.txt b/version22/js/readme.txt
deleted file mode 100644
index e040021..0000000
--- a/version22/js/readme.txt
+++ /dev/null
@@ -1,41 +0,0 @@
-AMCL is very simple to build for JavaScript.
-
-First - decide the modulus type and curve type you want to use. Edit ROM.js
-where indicated. You might want to use one of the curves whose details are
-already in there.
-
-Three example API files are provided, MPIN.js which
-supports our M-Pin (tm) protocol, ECDH.js which supports elliptic
-curve key exchange, digital signature and public key crypto, and RSA.js
-which supports RSA encryption. The first can be tested using the
-TestMPIN.html driver programs, the second can be tested using TestECDH.html,
-and the third using TestRSA.html
-
-In the ROM.js file you must provide the curve constants. Several examples
-are provided there, if you are willing to use one of these.
-
-To help generate the ROM constants for your own curve some MIRACL helper
-programs are included. The programs bngen.cpp and blsgen.cpp generate ROM
-data for a BN and BLS pairing friendly curves, and the program ecgen.cpp
-generates ROM data for regular EC curves.
-
-The MIRACL based program check.cpp helps choose the best number base for
-big number representation, given the word-length and the size of the modulus.
-
-The program bigtobig.cpp converts a big number to the AMCL
-BIG format.
-
-
-For quick jumpstart:-
-
-Run Chrome browser and navigate to TestECDH.html
-
-or TestMPIN.html
-
-or BenchtestEC.html
-
-or BenchtestPAIR.html
-
-You might need to wait a couple of minutes for the output to appear.
-
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/.gitignore
----------------------------------------------------------------------
diff --git a/version22/rust/.gitignore b/version22/rust/.gitignore
deleted file mode 100644
index fc8bcce..0000000
--- a/version22/rust/.gitignore
+++ /dev/null
@@ -1,5 +0,0 @@
-cargo-registry
-target
-Cargo.lock
-.idea
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/Cargo.toml
----------------------------------------------------------------------
diff --git a/version22/rust/Cargo.toml b/version22/rust/Cargo.toml
deleted file mode 100644
index 2e83270..0000000
--- a/version22/rust/Cargo.toml
+++ /dev/null
@@ -1,24 +0,0 @@
-[package]
-name = "amcl"
-version = "0.1.2"
-authors = [
- "Vyacheslav Gudkov <vy...@dsr-company.com>",
- "Evgeniy Razinkov <ev...@dsr-company.com.ru>"
- ]
-
-description = "The Apache Milagro Cryptographic Library(version 2.2)"
-license = "Apache-2.0"
-repository = "https://github.com/MRJCrunch/amcl"
-[lib]
-name = "amcl"
-path = "src/lib.rs"
-
-[features]
-default = ["BLS383"]
-Ed25519 = []
-GOLDILOCKS = []
-BN254 = []
-BLS383 = []
-BLS455 = []
-
-[dependencies]
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/readme.txt
----------------------------------------------------------------------
diff --git a/version22/rust/readme.txt b/version22/rust/readme.txt
deleted file mode 100644
index 128f665..0000000
--- a/version22/rust/readme.txt
+++ /dev/null
@@ -1,56 +0,0 @@
-AMCL is very simple to build for Rust.
-
-This version supports both 32-bit and 64-bit builds.
-If your processor and operating system are both 64-bit, a 64-bit build
-will probably be best. Otherwise use a 32-bit build.
-
-First - decide the modulus and curve type you want to use. Edit rom32.rs
-or rom64.rs where indicated. You will probably want to use one of the curves
-whose details are already in there. You might want to "raid" the rom
-file from the C version of the library for more curves.
-
-Three example API files are provided, mpin.rs which
-supports our M-Pin (tm) protocol, ecdh.rs which supports elliptic
-curve key exchange, digital signature and public key crypto, and rsa.rs
-which supports the RSA method. The first can be tested using the
-TestMPIN.rs driver program, the second can be tested using TestECDH.rs,
-and the third with TestRSA.rs
-
-
-In the rom32.rs/rom64.rs file you must provide the curve constants. Several
-examples are provided there, if you are willing to use one of these.
-
-To help generate the ROM constants for your own curve some MIRACL helper
-programs are included. The programs bngen.cpp and blsgen.cpp generate ROM
-data for a BN and BLS pairing friendly curves, and the program ecgen.cpp
-generates ROM data for regular EC curves.
-
-The MIRACL based program check.cpp helps choose the best number base for
-big number representation, given the word-length and the size of the modulus.
-
-The program bigtobig.cpp converts a big number to the AMCL
-BIG format.
-
-For a quick jumpstart:-
-
-Copy rom32.rs to rom.rs for a 32-bit build
-
-rustc --cfg D32 -O -A dead_code TestMPIN.rs
-
-or
-
-rustc --cfg D32 -O -A dead_code TestECDH.rs
-
-or
-
-rustc --cfg D32 -O -A dead_code TestRSA.rs
-
-also
-
-rustc --cfg D32 -O -A dead_code BenchtestEC.rs
-
-rustc --cfg D32 -O -A dead_code BenchtestPAIR.rs
-
-
-For a 64-bit build copy rom64.rs to rom.rs, and use instead the
-flag --cfg D64
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/src/aes.rs
----------------------------------------------------------------------
diff --git a/version22/rust/src/aes.rs b/version22/rust/src/aes.rs
deleted file mode 100644
index 5298837..0000000
--- a/version22/rust/src/aes.rs
+++ /dev/null
@@ -1,628 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-pub const ECB: usize=0;
-pub const CBC: usize=1;
-pub const CFB1: usize=2;
-pub const CFB2: usize=3;
-pub const CFB4: usize=5;
-pub const OFB1: usize=14;
-pub const OFB2: usize=15;
-pub const OFB4: usize=17;
-pub const OFB8:usize=21;
-pub const OFB16: usize=29;
-pub const CTR1: usize=30;
-pub const CTR2: usize=31;
-pub const CTR4: usize=33;
-pub const CTR8: usize=37;
-pub const CTR16: usize=45;
-
-const INCO : [u8;4] = [0xB,0xD,0x9,0xE]; /* Inverse Coefficients */
-
-const PTAB : [u8;256] = [
- 1, 3, 5, 15, 17, 51, 85, 255, 26, 46, 114, 150, 161, 248, 19, 53,
- 95, 225, 56, 72, 216, 115, 149, 164, 247, 2, 6, 10, 30, 34, 102, 170,
- 229, 52, 92, 228, 55, 89, 235, 38, 106, 190, 217, 112, 144, 171, 230, 49,
- 83, 245, 4, 12, 20, 60, 68, 204, 79, 209, 104, 184, 211, 110, 178, 205,
- 76, 212, 103, 169, 224, 59, 77, 215, 98, 166, 241, 8, 24, 40, 120, 136,
- 131, 158, 185, 208, 107, 189, 220, 127, 129, 152, 179, 206, 73, 219, 118, 154,
- 181, 196, 87, 249, 16, 48, 80, 240, 11, 29, 39, 105, 187, 214, 97, 163,
- 254, 25, 43, 125, 135, 146, 173, 236, 47, 113, 147, 174, 233, 32, 96, 160,
- 251, 22, 58, 78, 210, 109, 183, 194, 93, 231, 50, 86, 250, 21, 63, 65,
- 195, 94, 226, 61, 71, 201, 64, 192, 91, 237, 44, 116, 156, 191, 218, 117,
- 159, 186, 213, 100, 172, 239, 42, 126, 130, 157, 188, 223, 122, 142, 137, 128,
- 155, 182, 193, 88, 232, 35, 101, 175, 234, 37, 111, 177, 200, 67, 197, 84,
- 252, 31, 33, 99, 165, 244, 7, 9, 27, 45, 119, 153, 176, 203, 70, 202,
- 69, 207, 74, 222, 121, 139, 134, 145, 168, 227, 62, 66, 198, 81, 243, 14,
- 18, 54, 90, 238, 41, 123, 141, 140, 143, 138, 133, 148, 167, 242, 13, 23,
- 57, 75, 221, 124, 132, 151, 162, 253, 28, 36, 108, 180, 199, 82, 246, 1];
-
-const LTAB : [u8;256] = [
- 0, 255, 25, 1, 50, 2, 26, 198, 75, 199, 27, 104, 51, 238, 223, 3,
- 100, 4, 224, 14, 52, 141, 129, 239, 76, 113, 8, 200, 248, 105, 28, 193,
- 125, 194, 29, 181, 249, 185, 39, 106, 77, 228, 166, 114, 154, 201, 9, 120,
- 101, 47, 138, 5, 33, 15, 225, 36, 18, 240, 130, 69, 53, 147, 218, 142,
- 150, 143, 219, 189, 54, 208, 206, 148, 19, 92, 210, 241, 64, 70, 131, 56,
- 102, 221, 253, 48, 191, 6, 139, 98, 179, 37, 226, 152, 34, 136, 145, 16,
- 126, 110, 72, 195, 163, 182, 30, 66, 58, 107, 40, 84, 250, 133, 61, 186,
- 43, 121, 10, 21, 155, 159, 94, 202, 78, 212, 172, 229, 243, 115, 167, 87,
- 175, 88, 168, 80, 244, 234, 214, 116, 79, 174, 233, 213, 231, 230, 173, 232,
- 44, 215, 117, 122, 235, 22, 11, 245, 89, 203, 95, 176, 156, 169, 81, 160,
- 127, 12, 246, 111, 23, 196, 73, 236, 216, 67, 31, 45, 164, 118, 123, 183,
- 204, 187, 62, 90, 251, 96, 177, 134, 59, 82, 161, 108, 170, 85, 41, 157,
- 151, 178, 135, 144, 97, 190, 220, 252, 188, 149, 207, 205, 55, 63, 91, 209,
- 83, 57, 132, 60, 65, 162, 109, 71, 20, 42, 158, 93, 86, 242, 211, 171,
- 68, 17, 146, 217, 35, 32, 46, 137, 180, 124, 184, 38, 119, 153, 227, 165,
- 103, 74, 237, 222, 197, 49, 254, 24, 13, 99, 140, 128, 192, 247, 112, 7];
-
-
-const FBSUB : [u8;256] = [
- 99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 171, 118,
- 202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 156, 164, 114, 192,
- 183, 253, 147, 38, 54, 63, 247, 204, 52, 165, 229, 241, 113, 216, 49, 21,
- 4, 199, 35, 195, 24, 150, 5, 154, 7, 18, 128, 226, 235, 39, 178, 117,
- 9, 131, 44, 26, 27, 110, 90, 160, 82, 59, 214, 179, 41, 227, 47, 132,
- 83, 209, 0, 237, 32, 252, 177, 91, 106, 203, 190, 57, 74, 76, 88, 207,
- 208, 239, 170, 251, 67, 77, 51, 133, 69, 249, 2, 127, 80, 60, 159, 168,
- 81, 163, 64, 143, 146, 157, 56, 245, 188, 182, 218, 33, 16, 255, 243, 210,
- 205, 12, 19, 236, 95, 151, 68, 23, 196, 167, 126, 61, 100, 93, 25, 115,
- 96, 129, 79, 220, 34, 42, 144, 136, 70, 238, 184, 20, 222, 94, 11, 219,
- 224, 50, 58, 10, 73, 6, 36, 92, 194, 211, 172, 98, 145, 149, 228, 121,
- 231, 200, 55, 109, 141, 213, 78, 169, 108, 86, 244, 234, 101, 122, 174, 8,
- 186, 120, 37, 46, 28, 166, 180, 198, 232, 221, 116, 31, 75, 189, 139, 138,
- 112, 62, 181, 102, 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158,
- 225, 248, 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223,
- 140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 187, 22];
-
-const RBSUB : [u8;256] = [
- 82, 9, 106, 213, 48, 54, 165, 56, 191, 64, 163, 158, 129, 243, 215, 251,
- 124, 227, 57, 130, 155, 47, 255, 135, 52, 142, 67, 68, 196, 222, 233, 203,
- 84, 123, 148, 50, 166, 194, 35, 61, 238, 76, 149, 11, 66, 250, 195, 78,
- 8, 46, 161, 102, 40, 217, 36, 178, 118, 91, 162, 73, 109, 139, 209, 37,
- 114, 248, 246, 100, 134, 104, 152, 22, 212, 164, 92, 204, 93, 101, 182, 146,
- 108, 112, 72, 80, 253, 237, 185, 218, 94, 21, 70, 87, 167, 141, 157, 132,
- 144, 216, 171, 0, 140, 188, 211, 10, 247, 228, 88, 5, 184, 179, 69, 6,
- 208, 44, 30, 143, 202, 63, 15, 2, 193, 175, 189, 3, 1, 19, 138, 107,
- 58, 145, 17, 65, 79, 103, 220, 234, 151, 242, 207, 206, 240, 180, 230, 115,
- 150, 172, 116, 34, 231, 173, 53, 133, 226, 249, 55, 232, 28, 117, 223, 110,
- 71, 241, 26, 113, 29, 41, 197, 137, 111, 183, 98, 14, 170, 24, 190, 27,
- 252, 86, 62, 75, 198, 210, 121, 32, 154, 219, 192, 254, 120, 205, 90, 244,
- 31, 221, 168, 51, 136, 7, 199, 49, 177, 18, 16, 89, 39, 128, 236, 95,
- 96, 81, 127, 169, 25, 181, 74, 13, 45, 229, 122, 159, 147, 201, 156, 239,
- 160, 224, 59, 77, 174, 42, 245, 176, 200, 235, 187, 60, 131, 83, 153, 97,
- 23, 43, 4, 126, 186, 119, 214, 38, 225, 105, 20, 99, 85, 33, 12, 125];
-
-const RCO : [u8;16] = [1,2,4,8,16,32,64,128,27,54,108,216,171,77,154,47];
-
-const FTABLE : [u32;256] = [
- 0xa56363c6,0x847c7cf8,0x997777ee,0x8d7b7bf6,0xdf2f2ff,0xbd6b6bd6,
- 0xb16f6fde,0x54c5c591,0x50303060,0x3010102,0xa96767ce,0x7d2b2b56,
- 0x19fefee7,0x62d7d7b5,0xe6abab4d,0x9a7676ec,0x45caca8f,0x9d82821f,
- 0x40c9c989,0x877d7dfa,0x15fafaef,0xeb5959b2,0xc947478e,0xbf0f0fb,
- 0xecadad41,0x67d4d4b3,0xfda2a25f,0xeaafaf45,0xbf9c9c23,0xf7a4a453,
- 0x967272e4,0x5bc0c09b,0xc2b7b775,0x1cfdfde1,0xae93933d,0x6a26264c,
- 0x5a36366c,0x413f3f7e,0x2f7f7f5,0x4fcccc83,0x5c343468,0xf4a5a551,
- 0x34e5e5d1,0x8f1f1f9,0x937171e2,0x73d8d8ab,0x53313162,0x3f15152a,
- 0xc040408,0x52c7c795,0x65232346,0x5ec3c39d,0x28181830,0xa1969637,
- 0xf05050a,0xb59a9a2f,0x907070e,0x36121224,0x9b80801b,0x3de2e2df,
- 0x26ebebcd,0x6927274e,0xcdb2b27f,0x9f7575ea,0x1b090912,0x9e83831d,
- 0x742c2c58,0x2e1a1a34,0x2d1b1b36,0xb26e6edc,0xee5a5ab4,0xfba0a05b,
- 0xf65252a4,0x4d3b3b76,0x61d6d6b7,0xceb3b37d,0x7b292952,0x3ee3e3dd,
- 0x712f2f5e,0x97848413,0xf55353a6,0x68d1d1b9,0x0,0x2cededc1,
- 0x60202040,0x1ffcfce3,0xc8b1b179,0xed5b5bb6,0xbe6a6ad4,0x46cbcb8d,
- 0xd9bebe67,0x4b393972,0xde4a4a94,0xd44c4c98,0xe85858b0,0x4acfcf85,
- 0x6bd0d0bb,0x2aefefc5,0xe5aaaa4f,0x16fbfbed,0xc5434386,0xd74d4d9a,
- 0x55333366,0x94858511,0xcf45458a,0x10f9f9e9,0x6020204,0x817f7ffe,
- 0xf05050a0,0x443c3c78,0xba9f9f25,0xe3a8a84b,0xf35151a2,0xfea3a35d,
- 0xc0404080,0x8a8f8f05,0xad92923f,0xbc9d9d21,0x48383870,0x4f5f5f1,
- 0xdfbcbc63,0xc1b6b677,0x75dadaaf,0x63212142,0x30101020,0x1affffe5,
- 0xef3f3fd,0x6dd2d2bf,0x4ccdcd81,0x140c0c18,0x35131326,0x2fececc3,
- 0xe15f5fbe,0xa2979735,0xcc444488,0x3917172e,0x57c4c493,0xf2a7a755,
- 0x827e7efc,0x473d3d7a,0xac6464c8,0xe75d5dba,0x2b191932,0x957373e6,
- 0xa06060c0,0x98818119,0xd14f4f9e,0x7fdcdca3,0x66222244,0x7e2a2a54,
- 0xab90903b,0x8388880b,0xca46468c,0x29eeeec7,0xd3b8b86b,0x3c141428,
- 0x79dedea7,0xe25e5ebc,0x1d0b0b16,0x76dbdbad,0x3be0e0db,0x56323264,
- 0x4e3a3a74,0x1e0a0a14,0xdb494992,0xa06060c,0x6c242448,0xe45c5cb8,
- 0x5dc2c29f,0x6ed3d3bd,0xefacac43,0xa66262c4,0xa8919139,0xa4959531,
- 0x37e4e4d3,0x8b7979f2,0x32e7e7d5,0x43c8c88b,0x5937376e,0xb76d6dda,
- 0x8c8d8d01,0x64d5d5b1,0xd24e4e9c,0xe0a9a949,0xb46c6cd8,0xfa5656ac,
- 0x7f4f4f3,0x25eaeacf,0xaf6565ca,0x8e7a7af4,0xe9aeae47,0x18080810,
- 0xd5baba6f,0x887878f0,0x6f25254a,0x722e2e5c,0x241c1c38,0xf1a6a657,
- 0xc7b4b473,0x51c6c697,0x23e8e8cb,0x7cdddda1,0x9c7474e8,0x211f1f3e,
- 0xdd4b4b96,0xdcbdbd61,0x868b8b0d,0x858a8a0f,0x907070e0,0x423e3e7c,
- 0xc4b5b571,0xaa6666cc,0xd8484890,0x5030306,0x1f6f6f7,0x120e0e1c,
- 0xa36161c2,0x5f35356a,0xf95757ae,0xd0b9b969,0x91868617,0x58c1c199,
- 0x271d1d3a,0xb99e9e27,0x38e1e1d9,0x13f8f8eb,0xb398982b,0x33111122,
- 0xbb6969d2,0x70d9d9a9,0x898e8e07,0xa7949433,0xb69b9b2d,0x221e1e3c,
- 0x92878715,0x20e9e9c9,0x49cece87,0xff5555aa,0x78282850,0x7adfdfa5,
- 0x8f8c8c03,0xf8a1a159,0x80898909,0x170d0d1a,0xdabfbf65,0x31e6e6d7,
- 0xc6424284,0xb86868d0,0xc3414182,0xb0999929,0x772d2d5a,0x110f0f1e,
- 0xcbb0b07b,0xfc5454a8,0xd6bbbb6d,0x3a16162c];
-
-const RTABLE : [u32;256] = [
- 0x50a7f451,0x5365417e,0xc3a4171a,0x965e273a,0xcb6bab3b,0xf1459d1f,
- 0xab58faac,0x9303e34b,0x55fa3020,0xf66d76ad,0x9176cc88,0x254c02f5,
- 0xfcd7e54f,0xd7cb2ac5,0x80443526,0x8fa362b5,0x495ab1de,0x671bba25,
- 0x980eea45,0xe1c0fe5d,0x2752fc3,0x12f04c81,0xa397468d,0xc6f9d36b,
- 0xe75f8f03,0x959c9215,0xeb7a6dbf,0xda595295,0x2d83bed4,0xd3217458,
- 0x2969e049,0x44c8c98e,0x6a89c275,0x78798ef4,0x6b3e5899,0xdd71b927,
- 0xb64fe1be,0x17ad88f0,0x66ac20c9,0xb43ace7d,0x184adf63,0x82311ae5,
- 0x60335197,0x457f5362,0xe07764b1,0x84ae6bbb,0x1ca081fe,0x942b08f9,
- 0x58684870,0x19fd458f,0x876cde94,0xb7f87b52,0x23d373ab,0xe2024b72,
- 0x578f1fe3,0x2aab5566,0x728ebb2,0x3c2b52f,0x9a7bc586,0xa50837d3,
- 0xf2872830,0xb2a5bf23,0xba6a0302,0x5c8216ed,0x2b1ccf8a,0x92b479a7,
- 0xf0f207f3,0xa1e2694e,0xcdf4da65,0xd5be0506,0x1f6234d1,0x8afea6c4,
- 0x9d532e34,0xa055f3a2,0x32e18a05,0x75ebf6a4,0x39ec830b,0xaaef6040,
- 0x69f715e,0x51106ebd,0xf98a213e,0x3d06dd96,0xae053edd,0x46bde64d,
- 0xb58d5491,0x55dc471,0x6fd40604,0xff155060,0x24fb9819,0x97e9bdd6,
- 0xcc434089,0x779ed967,0xbd42e8b0,0x888b8907,0x385b19e7,0xdbeec879,
- 0x470a7ca1,0xe90f427c,0xc91e84f8,0x0,0x83868009,0x48ed2b32,
- 0xac70111e,0x4e725a6c,0xfbff0efd,0x5638850f,0x1ed5ae3d,0x27392d36,
- 0x64d90f0a,0x21a65c68,0xd1545b9b,0x3a2e3624,0xb1670a0c,0xfe75793,
- 0xd296eeb4,0x9e919b1b,0x4fc5c080,0xa220dc61,0x694b775a,0x161a121c,
- 0xaba93e2,0xe52aa0c0,0x43e0223c,0x1d171b12,0xb0d090e,0xadc78bf2,
- 0xb9a8b62d,0xc8a91e14,0x8519f157,0x4c0775af,0xbbdd99ee,0xfd607fa3,
- 0x9f2601f7,0xbcf5725c,0xc53b6644,0x347efb5b,0x7629438b,0xdcc623cb,
- 0x68fcedb6,0x63f1e4b8,0xcadc31d7,0x10856342,0x40229713,0x2011c684,
- 0x7d244a85,0xf83dbbd2,0x1132f9ae,0x6da129c7,0x4b2f9e1d,0xf330b2dc,
- 0xec52860d,0xd0e3c177,0x6c16b32b,0x99b970a9,0xfa489411,0x2264e947,
- 0xc48cfca8,0x1a3ff0a0,0xd82c7d56,0xef903322,0xc74e4987,0xc1d138d9,
- 0xfea2ca8c,0x360bd498,0xcf81f5a6,0x28de7aa5,0x268eb7da,0xa4bfad3f,
- 0xe49d3a2c,0xd927850,0x9bcc5f6a,0x62467e54,0xc2138df6,0xe8b8d890,
- 0x5ef7392e,0xf5afc382,0xbe805d9f,0x7c93d069,0xa92dd56f,0xb31225cf,
- 0x3b99acc8,0xa77d1810,0x6e639ce8,0x7bbb3bdb,0x97826cd,0xf418596e,
- 0x1b79aec,0xa89a4f83,0x656e95e6,0x7ee6ffaa,0x8cfbc21,0xe6e815ef,
- 0xd99be7ba,0xce366f4a,0xd4099fea,0xd67cb029,0xafb2a431,0x31233f2a,
- 0x3094a5c6,0xc066a235,0x37bc4e74,0xa6ca82fc,0xb0d090e0,0x15d8a733,
- 0x4a9804f1,0xf7daec41,0xe50cd7f,0x2ff69117,0x8dd64d76,0x4db0ef43,
- 0x544daacc,0xdf0496e4,0xe3b5d19e,0x1b886a4c,0xb81f2cc1,0x7f516546,
- 0x4ea5e9d,0x5d358c01,0x737487fa,0x2e410bfb,0x5a1d67b3,0x52d2db92,
- 0x335610e9,0x1347d66d,0x8c61d79a,0x7a0ca137,0x8e14f859,0x893c13eb,
- 0xee27a9ce,0x35c961b7,0xede51ce1,0x3cb1477a,0x59dfd29c,0x3f73f255,
- 0x79ce1418,0xbf37c773,0xeacdf753,0x5baafd5f,0x146f3ddf,0x86db4478,
- 0x81f3afca,0x3ec468b9,0x2c342438,0x5f40a3c2,0x72c31d16,0xc25e2bc,
- 0x8b493c28,0x41950dff,0x7101a839,0xdeb30c08,0x9ce4b4d8,0x90c15664,
- 0x6184cb7b,0x70b632d5,0x745c6c48,0x4257b8d0];
-
-
-pub struct AES {
- nk: usize,
- nr: usize,
- mode: usize,
- fkey: [u32;60],
- rkey: [u32;60],
- pub f: [u8;16]
-}
-
-impl AES {
-
- fn rotl8(x: u32) -> u32 {
- return ((x)<<8)|((x)>>24);
- }
-
- fn rotl16(x: u32) -> u32 {
- return ((x)<<16)|((x)>>16);
- }
-
- fn rotl24(x: u32) -> u32 {
- return ((x)<<24)|((x)>>8);
- }
-
- fn pack(b: [u8;4]) -> u32 { /* pack bytes into a 32-bit Word */
- return ((((b[3])&0xff) as u32)<<24)|((((b[2])&0xff) as u32)<<16)|((((b[1])&0xff) as u32)<<8)|(((b[0])&0xff) as u32);
- }
-
- fn unpack(a: u32) -> [u8;4] { /* unpack bytes from a word */
- let b:[u8;4]=[(a&0xff) as u8,((a>>8)&0xff) as u8,((a>>16)&0xff) as u8,((a>>24)&0xff) as u8];
- return b;
- }
-
- fn bmul(x: u8,y: u8) -> u8 { /* x.y= AntiLog(Log(x) + Log(y)) */
- let ix=(x as usize)&0xff;
- let iy=(y as usize)&0xff;
- let lx=(LTAB[ix] as usize)&0xff;
- let ly=(LTAB[iy] as usize)&0xff;
-
- if x != 0 && y != 0 {
- return PTAB[(lx+ly)%255];
- } else {return 0}
- }
-
- fn subbyte(a: u32) -> u32 {
- let mut b=AES::unpack(a);
- b[0]=FBSUB[b[0] as usize];
- b[1]=FBSUB[b[1] as usize];
- b[2]=FBSUB[b[2] as usize];
- b[3]=FBSUB[b[3] as usize];
- return AES::pack(b);
- }
-
- fn product(x: u32,y: u32) -> u8 { /* dot product of two 4-byte arrays */
- let xb=AES::unpack(x);
- let yb=AES::unpack(y);
-
- return AES::bmul(xb[0],yb[0])^AES::bmul(xb[1],yb[1])^AES::bmul(xb[2],yb[2])^AES::bmul(xb[3],yb[3]);
- }
-
- fn invmixcol(x: u32) -> u32 { /* matrix Multiplication */
- let mut b:[u8;4]=[0;4];
- let mut m=AES::pack(INCO);
- b[3]=AES::product(m,x);
- m=AES::rotl24(m);
- b[2]=AES::product(m,x);
- m=AES::rotl24(m);
- b[1]=AES::product(m,x);
- m=AES::rotl24(m);
- b[0]=AES::product(m,x);
- let y=AES::pack(b);
- return y;
- }
-
- fn increment(f: &mut [u8;16]) {
- for i in 0..16 {
- f[i]+=1;
- if f[i]!=0 {break}
- }
- }
-
- pub fn new() -> AES {
- AES {
- nk:0,
- nr:0,
- mode:0,
- fkey:[0;60],
- rkey:[0;60],
- f:[0;16]
-
- }
- }
-
-/* reset cipher */
- pub fn reset(&mut self,m: usize,iv: Option<[u8;16]>) { /* reset mode, or reset iv */
- self.mode=m;
- for i in 0..16 {self.f[i]=0}
- if self.mode != ECB
- {
- if let Some(x) = iv {
- for i in 0..16 {self.f[i]=x[i]}
- }
- }
- }
-
- pub fn init(&mut self,m: usize,nkey: usize,key: &[u8],iv: Option<[u8;16]>) -> bool {
-/* Key Scheduler. Create expanded encryption key */
- let mut cipherkey:[u32;8]=[0;8];
- let mut b:[u8;4]=[0;4];
- let nk=nkey/4;
- if nk!=4 && nk!=6 && nk!=8 {return false}
- let nr=6+nk;
- self.nk=nk;
- self.nr=nr;
- self.reset(m,iv);
- let n=4*(nr+1);
-
- let mut j=0;
- for i in 0..nk {
- for k in 0..4 {b[k]=key[j+k]}
- cipherkey[i]=AES::pack(b);
- j+=4;
- }
-
- for i in 0..nk {self.fkey[i]=cipherkey[i]}
- j=nk;
- let mut k=0;
- while j<n {
- self.fkey[j]=self.fkey[j-nk]^AES::subbyte(AES::rotl24(self.fkey[j-1]))^(RCO[k] as u32);
- for i in 1..nk {
- if (i+j) >= n {break}
- self.fkey[i+j]=self.fkey[i+j-nk]^self.fkey[i+j-1];
- }
- j+=nk;
- k+=1;
- }
-
- /* now for the expanded decrypt key in reverse order */
-
- for j in 0..4 {self.rkey[j+n-4]=self.fkey[j]}
- let mut i=4;
- while i<n-4 {
- let k=n-4-i;
- for j in 0..4 {self.rkey[k+j]=AES::invmixcol(self.fkey[i+j])}
- i+=4;
- }
- for j in n-4..n {self.rkey[j-n+4]=self.fkey[j]}
- return true;
- }
-
- pub fn getreg(&mut self) -> [u8;16] {
- let mut ir:[u8;16]=[0;16];
- for i in 0..16 {ir[i]=self.f[i]}
- return ir;
- }
-
- /* Encrypt a single block */
- pub fn ecb_encrypt(&mut self,buff: &mut [u8;16]) {
- let mut b:[u8;4]=[0;4];
- let mut p:[u32;4]=[0;4];
- let mut q:[u32;4]=[0;4];
-
- let mut j=0;
- for i in 0..4 {
- for k in 0..4 {b[k]=buff[j+k]}
- p[i]=AES::pack(b);
- p[i]^=self.fkey[i];
- j+=4;
- }
-
- let mut k=4;
-
- /* State alternates between p and q */
- for _ in 1..self.nr {
- q[0]=self.fkey[k]^FTABLE[(p[0]&0xff) as usize]^AES::rotl8(FTABLE[((p[1]>>8)&0xff) as usize])^AES::rotl16(FTABLE[((p[2]>>16)&0xff) as usize])^AES::rotl24(FTABLE[((p[3]>>24)&0xff) as usize]);
-
- q[1]=self.fkey[k+1]^FTABLE[(p[1]&0xff) as usize]^AES::rotl8(FTABLE[((p[2]>>8)&0xff) as usize])^AES::rotl16(FTABLE[((p[3]>>16)&0xff) as usize])^AES::rotl24(FTABLE[((p[0]>>24)&0xff) as usize]);
-
- q[2]=self.fkey[k+2]^FTABLE[(p[2]&0xff) as usize]^AES::rotl8(FTABLE[((p[3]>>8)&0xff) as usize])^AES::rotl16(FTABLE[((p[0]>>16)&0xff) as usize])^AES::rotl24(FTABLE[((p[1]>>24)&0xff) as usize]);
-
- q[3]=self.fkey[k+3]^FTABLE[(p[3]&0xff) as usize]^AES::rotl8(FTABLE[((p[0]>>8)&0xff) as usize])^AES::rotl16(FTABLE[((p[1]>>16)&0xff) as usize])^AES::rotl24(FTABLE[((p[2]>>24)&0xff) as usize]);
-
- k+=4;
- for j in 0..4 {
- let t=p[j]; p[j]=q[j]; q[j]=t;
- }
- }
-
- /* Last Round */
-
- q[0]=self.fkey[k]^(FBSUB[(p[0]&0xff) as usize] as u32)^AES::rotl8((FBSUB[((p[1]>>8)&0xff) as usize]) as u32)^AES::rotl16((FBSUB[((p[2]>>16)&0xff) as usize]) as u32)^AES::rotl24((FBSUB[((p[3]>>24)&0xff) as usize]) as u32);
-
- q[1]=self.fkey[k+1]^(FBSUB[(p[1]&0xff) as usize] as u32)^AES::rotl8((FBSUB[((p[2]>>8)&0xff) as usize]) as u32)^AES::rotl16((FBSUB[((p[3]>>16)&0xff) as usize]) as u32)^AES::rotl24((FBSUB[((p[0]>>24)&0xff) as usize]) as u32);
-
- q[2]=self.fkey[k+2]^(FBSUB[(p[2]&0xff) as usize] as u32)^AES::rotl8((FBSUB[((p[3]>>8)&0xff) as usize]) as u32)^AES::rotl16((FBSUB[((p[0]>>16)&0xff) as usize]) as u32)^AES::rotl24((FBSUB[((p[1]>>24)&0xff) as usize]) as u32);
-
- q[3]=self.fkey[k+3]^(FBSUB[(p[3]&0xff) as usize] as u32)^AES::rotl8((FBSUB[((p[0]>>8)&0xff) as usize]) as u32)^AES::rotl16((FBSUB[((p[1]>>16)&0xff) as usize]) as u32)^AES::rotl24((FBSUB[((p[2]>>24)&0xff) as usize]) as u32);
-
- j=0;
- for i in 0..4 {
- b=AES::unpack(q[i]);
- for k in 0..4 {buff[j+k]=b[k]}
- j+=4;
- }
- }
-
- /* Decrypt a single block */
- pub fn ecb_decrypt(&mut self,buff: &mut [u8;16]) {
- let mut b:[u8;4]=[0;4];
- let mut p:[u32;4]=[0;4];
- let mut q:[u32;4]=[0;4];
-
- let mut j=0;
- for i in 0..4 {
- for k in 0..4 {b[k]=buff[j+k]}
- p[i]=AES::pack(b);
- p[i]^=self.rkey[i];
- j+=4;
- }
-
- let mut k=4;
-
- /* State alternates between p and q */
- for _ in 1..self.nr {
-
- q[0]=self.rkey[k]^RTABLE[(p[0]&0xff) as usize]^AES::rotl8(RTABLE[((p[3]>>8)&0xff) as usize])^AES::rotl16(RTABLE[((p[2]>>16)&0xff) as usize])^AES::rotl24(RTABLE[((p[1]>>24)&0xff) as usize]);
-
- q[1]=self.rkey[k+1]^RTABLE[(p[1]&0xff) as usize]^AES::rotl8(RTABLE[((p[0]>>8)&0xff) as usize])^AES::rotl16(RTABLE[((p[3]>>16)&0xff) as usize])^AES::rotl24(RTABLE[((p[2]>>24)&0xff) as usize]);
-
-
- q[2]=self.rkey[k+2]^RTABLE[(p[2]&0xff) as usize]^AES::rotl8(RTABLE[((p[1]>>8)&0xff) as usize])^AES::rotl16(RTABLE[((p[0]>>16)&0xff) as usize])^AES::rotl24(RTABLE[((p[3]>>24)&0xff) as usize]);
-
- q[3]=self.rkey[k+3]^RTABLE[(p[3]&0xff) as usize]^AES::rotl8(RTABLE[((p[2]>>8)&0xff) as usize])^AES::rotl16(RTABLE[((p[1]>>16)&0xff) as usize])^AES::rotl24(RTABLE[((p[0]>>24)&0xff) as usize]);
-
-
- k+=4;
- for j in 0..4 {
- let t=p[j]; p[j]=q[j]; q[j]=t;
- }
- }
-
- /* Last Round */
-
- q[0]=self.rkey[k]^(RBSUB[(p[0]&0xff) as usize] as u32)^AES::rotl8((RBSUB[((p[3]>>8)&0xff) as usize]) as u32)^AES::rotl16((RBSUB[((p[2]>>16)&0xff) as usize]) as u32)^AES::rotl24((RBSUB[((p[1]>>24)&0xff) as usize]) as u32);
-
- q[1]=self.rkey[k+1]^(RBSUB[(p[1]&0xff) as usize] as u32)^AES::rotl8((RBSUB[((p[0]>>8)&0xff) as usize]) as u32)^AES::rotl16((RBSUB[((p[3]>>16)&0xff) as usize]) as u32)^AES::rotl24((RBSUB[((p[2]>>24)&0xff) as usize]) as u32);
-
-
- q[2]=self.rkey[k+2]^(RBSUB[(p[2]&0xff) as usize] as u32)^AES::rotl8((RBSUB[((p[1]>>8)&0xff) as usize]) as u32)^AES::rotl16((RBSUB[((p[0]>>16)&0xff) as usize]) as u32)^AES::rotl24((RBSUB[((p[3]>>24)&0xff) as usize]) as u32);
-
- q[3]=self.rkey[k+3]^(RBSUB[((p[3])&0xff) as usize] as u32)^AES::rotl8((RBSUB[((p[2]>>8)&0xff) as usize]) as u32)^AES::rotl16((RBSUB[((p[1]>>16)&0xff) as usize]) as u32)^AES::rotl24((RBSUB[((p[0]>>24)&0xff) as usize]) as u32);
-
- j=0;
- for i in 0..4 {
- b=AES::unpack(q[i]);
- for k in 0..4 {buff[j+k]=b[k]}
- j+=4;
- }
- }
-
-/* Encrypt using selected mode of operation */
- pub fn encrypt(&mut self,buff: &mut [u8;16]) -> u32 {
- let mut st:[u8;16]=[0;16];
-
- // Supported Modes of Operation
-
- let mut fell_off: u32=0;
-
- match self.mode {
- ECB => {
- self.ecb_encrypt(buff);
- return 0;
- },
- CBC => {
- for j in 0..16 {buff[j]^=self.f[j]}
- self.ecb_encrypt(buff);
- for j in 0..16 {self.f[j]=buff[j]}
- return 0;
- },
-
- CFB1 | CFB2 | CFB4 => {
- let bytes=self.mode-CFB1+1;
- for j in 0..bytes {fell_off=(fell_off<<8)|(self.f[j] as u32)}
- for j in 0..16 {st[j]=self.f[j]}
- for j in bytes..16 {self.f[j-bytes]=self.f[j]}
- self.ecb_encrypt(&mut st);
- for j in 0..bytes {
- buff[j]^=st[j];
- self.f[16-bytes+j]=buff[j];
- }
- return fell_off;
- },
-
- OFB1 | OFB2 | OFB4 | OFB8 | OFB16 => {
- let bytes=self.mode-OFB1+1;
- for j in 0..16 {st[j]=self.f[j]}
- self.ecb_encrypt(&mut st);
- for j in 0..bytes {buff[j]^=st[j]}
- for j in 0..16 {self.f[j]=st[j]}
-
- //self.ecb_encrypt(&mut (self.f));
- //for j in 0..bytes {buff[j]^=self.f[j]}
- return 0;
- },
-
- CTR1 | CTR2 | CTR4 | CTR8 | CTR16 => {
- let bytes=self.mode-CTR1+1;
- for j in 0..16 {st[j]=self.f[j]}
- self.ecb_encrypt(&mut st);
- for j in 0..bytes {buff[j]^=st[j]}
- AES::increment(&mut (self.f));
- return 0;
- },
-
- _ => {
- return 0;
- }
- }
- }
-
- /* Decrypt using selected mode of operation */
- pub fn decrypt(&mut self,buff: &mut [u8;16]) -> u32 {
-
- let mut st:[u8;16]=[0;16];
-
- // Supported Modes of Operation
-
- let mut fell_off: u32=0;
-
- match self.mode {
- ECB => {
- self.ecb_decrypt(buff);
- return 0;
- },
- CBC => {
- for j in 0..16 {
- st[j]=self.f[j];
- self.f[j]=buff[j];
- }
- self.ecb_decrypt(buff);
- for j in 0..16 {
- buff[j]^=st[j];
- st[j]=0;
- }
- return 0;
- },
- CFB1 | CFB2 | CFB4 => {
- let bytes=self.mode-CFB1+1;
- for j in 0..bytes {fell_off=(fell_off<<8)|(self.f[j] as u32)}
- for j in 0..16 {st[j]=self.f[j]}
- for j in bytes..16 {self.f[j-bytes]=self.f[j]}
- self.ecb_encrypt(&mut st);
- for j in 0..bytes {
- self.f[16-bytes+j]=buff[j];
- buff[j]^=st[j];
- }
- return fell_off;
- },
- OFB1 | OFB2 | OFB4 | OFB8 | OFB16 => {
- let bytes=self.mode-OFB1+1;
- for j in 0..16 {st[j]=self.f[j]}
- self.ecb_encrypt(&mut st);
- for j in 0..bytes {buff[j]^=st[j]}
- for j in 0..16 {self.f[j]=st[j]}
- // self.ecb_encrypt(A.f[:]);
- // for j in 0..bytes {buff[j]^=self.f[j]}
- return 0;
- },
-
- CTR1 | CTR2 | CTR4 | CTR8 | CTR16 => {
- let bytes=self.mode-CTR1+1;
- for j in 0..16 {st[j]=self.f[j]}
- self.ecb_encrypt(&mut st);
- for j in 0..bytes {buff[j]^=st[j]}
- AES::increment(&mut (self.f));
- return 0;
- },
-
- _ => {
- return 0;
- }
- }
- }
-
-/* Clean up and delete left-overs */
- pub fn end(&mut self) { // clean up
- for i in 0..4*(self.nr+1) {self.fkey[i]=0; self.rkey[i]=0}
- for i in 0..16 {self.f[i]=0}
- }
-}
-
-/*
-fn main()
-{
- let mut key:[u8;32]=[0;32];
- let mut block:[u8;16]=[0;16];
- let mut iv: [u8;16] = [0;16];
-
- for i in 0..32 {key[i]=0}
- key[0]=1;
- for i in 0..16 {iv[i]=i as u8}
- for i in 0..16 {block[i]=i as u8}
-
- let mut aes=AES::new();
- aes.init(CTR16,32,&key,Some(iv));
-
- println!("Plain= ");
- for i in 0..16 {print!("{:02x} ",block[i])}
- println!("");
-
- aes.encrypt(&mut block);
-
- println!("Encrypt= ");
- for i in 0..16 {print!("{:02x} ",block[i])}
- println!("");
-
- aes.reset(CTR16,Some(iv));
- aes.decrypt(&mut block);
-
- println!("Decrypt= ");
- for i in 0..16 {print!("{:02x} ",block[i])}
- println!("");
-
- aes.end();
-}
-*/
[23/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/swift/ecdh.swift
----------------------------------------------------------------------
diff --git a/version22/swift/ecdh.swift b/version22/swift/ecdh.swift
deleted file mode 100644
index fd1d863..0000000
--- a/version22/swift/ecdh.swift
+++ /dev/null
@@ -1,587 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-//
-// ecdh.swift
-//
-// Created by Michael Scott on 30/06/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-import Foundation
-import Darwin
-
-/* Elliptic Curve API high-level functions */
-
-final public class ECDH
-{
- static let INVALID_PUBLIC_KEY:Int = -2
- static let ERROR:Int = -3
- static let INVALID:Int = -4
- static public let EFS=Int(ROM.MODBYTES);
- static public let EGS=Int(ROM.MODBYTES);
- static public let EAS=16;
- static public let EBS=16;
- static public let SHA256=32
- static public let SHA384=48
- static public let SHA512=64
-
- static public let HASH_TYPE=SHA512
-
- /* Convert Integer to n-byte array */
- private static func inttoBytes(_ n: Int,_ len:Int) -> [UInt8]
- {
- var b=[UInt8](repeating: 0,count: len)
- var nn=n
-
- var i=len;
- while (nn>0 && i>0)
- {
- i -= 1;
- b[i]=UInt8(nn&0xff);
- nn /= 256;
- }
- return b;
- }
-
- private static func hashit(_ sha: Int,_ A:[UInt8],_ n: Int32,_ B:[UInt8]?,_ pad:Int) -> [UInt8]
- {
- var R=[UInt8]()
- if sha==SHA256
- {
- let H=HASH256()
- H.process_array(A); if n>0 {H.process_num(n)}
- if B != nil {H.process_array(B!)}
- R=H.hash()
- }
- if sha==SHA384
- {
- let H=HASH384()
- H.process_array(A); if n>0 {H.process_num(n)}
- if B != nil {H.process_array(B!)}
- R=H.hash()
- }
- if sha==SHA512
- {
- let H=HASH512()
- H.process_array(A); if n>0 {H.process_num(n)}
- if B != nil {H.process_array(B!)}
- R=H.hash()
- }
- if R.isEmpty || pad==0 {return R}
- var W=[UInt8](repeating: 0,count: pad)
- if pad<=sha
- {
- for i in 0 ..< pad {W[i]=R[i]}
- }
- else
- {
- for i in 0 ..< sha {W[i]=R[i]}
- }
- return W
- }
-
- /* Key Derivation Functions */
- /* Input octet Z */
- /* Output key of length olen */
- static public func KDF1(_ sha: Int,_ Z: [UInt8],_ olen:Int) -> [UInt8]
- {
- /* NOTE: the parameter olen is the length of the output K in bytes */
- let hlen=sha
- var K=[UInt8](repeating: 0,count: olen)
- var k=0;
-
- var cthreshold=olen/hlen; if (olen%hlen) != 0 {cthreshold += 1}
-
- for counter in 0 ..< cthreshold
- {
- let B=hashit(sha,Z,Int32(counter),nil,0)
- if k+hlen>olen {for i in 0 ..< olen%hlen {K[k]=B[i]; k+=1}}
- else {for i in 0 ..< hlen {K[k]=B[i]; k+=1}}
- }
- return K;
- }
-
- static public func KDF2(_ sha:Int,_ Z:[UInt8],_ P:[UInt8]?,_ olen:Int) -> [UInt8]
- {
- /* NOTE: the parameter olen is the length of the output k in bytes */
- let hlen=sha
- var K=[UInt8](repeating: 0,count: olen)
- var k=0;
-
- var cthreshold=olen/hlen; if (olen%hlen) != 0 {cthreshold += 1}
-
- for counter in 1...cthreshold
- {
- let B=hashit(sha,Z,Int32(counter),P,0)
- if k+hlen>olen {for i in 0 ..< olen%hlen {K[k]=B[i]; k+=1}}
- else {for i in 0 ..< hlen {K[k]=B[i]; k+=1}}
- }
- return K;
- }
-
- /* Password based Key Derivation Function */
- /* Input password p, salt s, and repeat count */
- /* Output key of length olen */
- static public func PBKDF2(_ sha:Int,_ Pass:[UInt8],_ Salt:[UInt8],_ rep:Int,_ olen:Int) -> [UInt8]
- {
- var d=olen/sha;
- if (olen%sha) != 0 {d+=1}
- var F=[UInt8](repeating: 0,count: sha)
- var U=[UInt8](repeating: 0,count: sha)
- var S=[UInt8](repeating: 0,count: Salt.count+4)
-
- var K=[UInt8](repeating: 0,count: d*sha)
-
- var opt=0;
-
- for i in 1...d
- {
- for j in 0 ..< Salt.count {S[j]=Salt[j]}
- var N=ECDH.inttoBytes(i,4);
- for j in 0 ..< 4 {S[Salt.count+j]=N[j]}
-
- printBinary(Pass);
-
- ECDH.HMAC(sha,S,Pass,&F);
-
- for j in 0 ..< sha {U[j]=F[j]}
- for _ in 2...rep
- {
- ECDH.HMAC(sha,U,Pass,&U);
- for k in 0 ..< sha {F[k]^=U[k]}
- }
- for j in 0 ..< sha {K[opt]=F[j]; opt+=1}
- }
- var key=[UInt8](repeating: 0,count: olen)
- for i in 0 ..< olen {key[i]=K[i]}
- return key;
- }
-
- /* Calculate HMAC of m using key k. HMAC is tag of length olen */
- static public func HMAC(_ sha:Int,_ M:[UInt8],_ K:[UInt8],_ tag:inout [UInt8]) -> Int
- {
- /* Input is from an octet m *
- * olen is requested output length in bytes. k is the key *
- * The output is the calculated tag */
- var b=64
- if sha>32 {b=128}
-
- var K0=[UInt8](repeating: 0,count: b)
- let olen=tag.count;
- var B=[UInt8]();
-
- if olen<4 /*|| olen>HASH.len*/ {return 0}
-
- if (K.count > b)
- {
- //H.process_array(K); var B=H.hash();
- B=hashit(sha,K,0,nil,0)
- for i in 0 ..< sha {K0[i]=B[i]}
- }
- else
- {
- for i in 0 ..< K.count {K0[i]=K[i]}
- }
- for i in 0 ..< b {K0[i]^=0x36}
-
- // printBinary(K0)
-
- B=hashit(sha,K0,0,M,0)
-
- // printBinary(B);
-
- for i in 0 ..< b {K0[i]^=0x6a}
- B=hashit(sha,K0,0,B,olen)
-
- for i in 0 ..< olen {tag[i]=B[i]}
-
- return 1;
- }
- /* AES encryption/decryption. Encrypt byte array M using key K and returns ciphertext */
- static public func AES_CBC_IV0_ENCRYPT(_ K:[UInt8],_ M:[UInt8]) -> [UInt8]
- { /* AES CBC encryption, with Null IV and key K */
- /* Input is from an octet string M, output is to an octet string C */
- /* Input is padded as necessary to make up a full final block */
- let a=AES();
- var buff=[UInt8](repeating: 0,count: 16)
- let clen=16+(M.count/16)*16;
-
- var C=[UInt8](repeating: 0,count: clen)
-
- a.init_it(AES.CBC,K,nil)
-
- var ipt=0; var opt=0;
- var fin=false;
- var i:Int=0
- while true
- {
- i=0
- while i<16
- {
- if (ipt<M.count) {buff[i]=M[ipt]; ipt+=1}
- else {fin=true; break;}
- i+=1
- }
- if fin {break}
- a.encrypt(&buff);
- for j in 0 ..< 16
- {C[opt]=buff[j]; opt+=1}
- }
-
- /* last block, filled up to i-th index */
-
- let padlen=16-i;
- for j in i ..< 16 {buff[j]=UInt8(padlen&0xff)}
-
- a.encrypt(&buff);
-
- for j in 0 ..< 16
- {C[opt]=buff[j]; opt+=1}
- a.end();
- return C;
- }
-
- /* returns plaintext if all consistent, else returns null string */
- static public func AES_CBC_IV0_DECRYPT(_ K:[UInt8],_ C:[UInt8]) -> [UInt8]
- { /* padding is removed */
- let a=AES();
-
- var buff=[UInt8](repeating: 0,count: 16)
- var MM=[UInt8](repeating: 0,count: C.count)
-
- var ipt=0; var opt=0;
-
- a.init_it(AES.CBC,K,nil);
-
- if C.count==0 {return [UInt8]()}
- var ch=C[ipt]; ipt+=1
-
- var fin=false;
- var i:Int=0
- while true
- {
- i=0
- while i<16
- {
- buff[i]=ch;
- if ipt>=C.count {fin=true; break;}
- else {ch=C[ipt]; ipt+=1}
- i+=1
- }
- a.decrypt(&buff);
- if fin {break}
- for j in 0 ..< 16
- {MM[opt]=buff[j]; opt+=1}
- }
-
- a.end();
- var bad=false;
- let padlen:Int=Int(buff[15]);
- if i != 15 || padlen<1 || padlen>16 {bad=true}
- if padlen>=2 && padlen<=16
- {
- for j in 16-padlen ..< 16 {if buff[j] != buff[15] {bad=true}}
- }
- if !bad
- {
- for j in 0 ..< 16-padlen
- {MM[opt]=buff[j]; opt+=1}
- }
-
- if bad {return [UInt8]()}
-
- var M=[UInt8](repeating: 0,count: opt)
- for j in 0 ..< opt {M[j]=MM[j]}
-
- return M;
- }
-
- /* Calculate a public/private EC GF(p) key pair W,S where W=S.G mod EC(p),
- * where S is the secret key and W is the public key
- * and G is fixed generator.
- * If RNG is NULL then the private key is provided externally in S
- * otherwise it is generated randomly internally */
- static public func KEY_PAIR_GENERATE(_ RNG:RAND?,_ S:inout [UInt8],_ W:inout [UInt8]) -> Int
- {
- let res=0;
- // var T=[UInt8](count:ECDH.EFS,repeatedValue:0)
- let gx=BIG(ROM.CURVE_Gx);
- var s:BIG
- var G:ECP
- if ROM.CURVETYPE != ROM.MONTGOMERY
- {
- let gy=BIG(ROM.CURVE_Gy)
- G=ECP(gx,gy)
- }
- else
- {G=ECP(gx)}
-
- let r=BIG(ROM.CURVE_Order)
-
- if (RNG==nil)
- {
- s=BIG.fromBytes(S)
- s.mod(r)
- }
- else
- {
- s=BIG.randomnum(r,RNG!)
-
- // s.toBytes(&T)
- // for i in 0 ..< EGS {S[i]=T[i]}
- }
-
- if (ROM.AES_S>0)
- {
- s.mod2m(2*ROM.AES_S)
- }
- s.toBytes(&S)
-
- let WP=G.mul(s)
- WP.toBytes(&W)
-
- return res;
- }
-
- /* validate public key. Set full=true for fuller check */
- static public func PUBLIC_KEY_VALIDATE(_ full:Bool,_ W:[UInt8]) -> Int
- {
- var WP=ECP.fromBytes(W);
- var res=0;
-
- let r=BIG(ROM.CURVE_Order)
-
- if WP.is_infinity() {res=INVALID_PUBLIC_KEY}
-
- if res==0 && full
- {
- WP=WP.mul(r)
- if !WP.is_infinity() {res=INVALID_PUBLIC_KEY}
- }
- return res;
- }
- /* IEEE-1363 Diffie-Hellman online calculation Z=S.WD */
- static public func ECPSVDP_DH(_ S:[UInt8],_ WD:[UInt8],_ Z:inout [UInt8]) -> Int
- {
- var res=0
- var T=[UInt8](repeating: 0,count: ECDH.EFS)
-
- let s=BIG.fromBytes(S)
-
- var W=ECP.fromBytes(WD)
- if W.is_infinity() {res=ECDH.ERROR}
-
- if (res==0)
- {
- let r=BIG(ROM.CURVE_Order)
- s.mod(r)
-
- W=W.mul(s);
- if W.is_infinity() {res=ERROR}
- else
- {
- W.getX().toBytes(&T);
- for i in 0 ..< ECDH.EFS {Z[i]=T[i]}
- }
- }
- return res;
- }
- /* IEEE ECDSA Signature, C and D are signature on F using private key S */
- static public func ECPSP_DSA(_ sha:Int,_ RNG:RAND,_ S:[UInt8],_ F:[UInt8],_ C:inout [UInt8],_ D:inout [UInt8]) -> Int
- {
- var T=[UInt8](repeating: 0,count: ECDH.EFS)
- let B=hashit(sha,F,0,nil,Int(ROM.MODBYTES))
-
- let gx=BIG(ROM.CURVE_Gx)
- let gy=BIG(ROM.CURVE_Gy)
-
- let G=ECP(gx,gy)
- let r=BIG(ROM.CURVE_Order)
-
- let s=BIG.fromBytes(S)
- let f=BIG.fromBytes(B)
-
- let c=BIG(0)
- let d=BIG(0)
- var V=ECP()
-
- repeat {
- let u=BIG.randomnum(r,RNG);
- let w=BIG.randomnum(r,RNG);
- if ROM.AES_S>0
- {
- u.mod2m(2*ROM.AES_S)
- }
- V.copy(G)
- V=V.mul(u)
- let vx=V.getX()
- c.copy(vx)
- c.mod(r)
- if c.iszilch() {continue}
- u.copy(BIG.modmul(u,w,r))
- u.invmodp(r)
- d.copy(BIG.modmul(s,c,r))
- d.add(f)
- d.copy(BIG.modmul(d,w,r))
- d.copy(BIG.modmul(u,d,r))
- } while d.iszilch()
-
- c.toBytes(&T)
- for i in 0 ..< ECDH.EFS {C[i]=T[i]}
- d.toBytes(&T)
- for i in 0 ..< ECDH.EFS {D[i]=T[i]}
- return 0;
- }
-
- /* IEEE1363 ECDSA Signature Verification. Signature C and D on F is verified using public key W */
- static public func ECPVP_DSA(_ sha:Int,_ W:[UInt8],_ F:[UInt8],_ C:[UInt8],_ D:[UInt8]) -> Int
- {
- var res=0
- let B=hashit(sha,F,0,nil,Int(ROM.MODBYTES))
-
- let gx=BIG(ROM.CURVE_Gx)
- let gy=BIG(ROM.CURVE_Gy)
-
- let G=ECP(gx,gy)
- let r=BIG(ROM.CURVE_Order)
-
- let c=BIG.fromBytes(C)
- var d=BIG.fromBytes(D)
- let f=BIG.fromBytes(B)
-
- if c.iszilch() || BIG.comp(c,r)>=0 || d.iszilch() || BIG.comp(d,r)>=0
- {res=ECDH.INVALID}
-
- if res==0
- {
- d.invmodp(r);
- f.copy(BIG.modmul(f,d,r))
- let h2=BIG.modmul(c,d,r)
-
- let WP=ECP.fromBytes(W)
- if WP.is_infinity() {res=ECDH.ERROR}
- else
- {
- var P=ECP();
- P.copy(WP);
- P=P.mul2(h2,G,f);
- if P.is_infinity() {res=INVALID}
- else
- {
- d=P.getX();
- d.mod(r);
- if (BIG.comp(d,c) != 0) {res=ECDH.INVALID}
- }
- }
- }
-
- return res;
- }
-
- /* IEEE1363 ECIES encryption. Encryption of plaintext M uses public key W and produces ciphertext V,C,T */
- static public func ECIES_ENCRYPT(_ sha:Int,_ P1:[UInt8],_ P2:[UInt8],_ RNG:RAND,_ W:[UInt8],_ M:[UInt8],_ V:inout [UInt8],_ T:inout [UInt8]) -> [UInt8]
- {
- var Z=[UInt8](repeating: 0,count: ECDH.EFS)
- var VZ=[UInt8](repeating: 0,count: 3*ECDH.EFS+1)
- var K1=[UInt8](repeating: 0,count: ECDH.EAS)
- var K2=[UInt8](repeating: 0,count: ECDH.EAS)
- var U=[UInt8](repeating: 0,count: ECDH.EGS)
-
- if ECDH.KEY_PAIR_GENERATE(RNG,&U,&V) != 0 {return [UInt8]()}
- if ECDH.ECPSVDP_DH(U,W,&Z) != 0 {return [UInt8]()}
-
- for i in 0 ..< 2*ECDH.EFS+1 {VZ[i]=V[i]}
- for i in 0 ..< ECDH.EFS {VZ[2*ECDH.EFS+1+i]=Z[i]}
-
-
- var K=KDF2(sha,VZ,P1,ECDH.EFS)
-
- for i in 0 ..< ECDH.EAS {K1[i]=K[i]; K2[i]=K[EAS+i];}
-
- var C=AES_CBC_IV0_ENCRYPT(K1,M)
-
- var L2=inttoBytes(P2.count,8)
-
- var AC=[UInt8](repeating: 0,count: C.count+P2.count+8)
-
- for i in 0 ..< C.count {AC[i]=C[i]}
- for i in 0 ..< P2.count {AC[C.count+i]=P2[i]}
- for i in 0 ..< 8 {AC[C.count+P2.count+i]=L2[i]}
-
- ECDH.HMAC(sha,AC,K2,&T)
-
- return C
- }
-
- /* IEEE1363 ECIES decryption. Decryption of ciphertext V,C,T using private key U outputs plaintext M */
- static public func ECIES_DECRYPT(_ sha:Int,_ P1:[UInt8],_ P2:[UInt8],_ V:[UInt8],_ C:[UInt8],_ T:[UInt8],_ U:[UInt8]) -> [UInt8]
- {
- var Z=[UInt8](repeating: 0,count: ECDH.EFS)
- var VZ=[UInt8](repeating: 0,count: 3*ECDH.EFS+1)
- var K1=[UInt8](repeating: 0,count: ECDH.EAS)
- var K2=[UInt8](repeating: 0,count: ECDH.EAS)
-
- var TAG=[UInt8](repeating: 0,count: T.count)
-
- if ECPSVDP_DH(U,V,&Z) != 0 {return [UInt8]()}
-
- for i in 0 ..< 2*ECDH.EFS+1 {VZ[i]=V[i]}
- for i in 0 ..< ECDH.EFS {VZ[2*EFS+1+i]=Z[i]}
-
- var K=KDF2(sha,VZ,P1,ECDH.EFS)
-
- for i in 0 ..< ECDH.EAS {K1[i]=K[i]; K2[i]=K[ECDH.EAS+i]}
-
- let M=ECDH.AES_CBC_IV0_DECRYPT(K1,C)
-
- if M.count==0 {return M}
-
- var L2=inttoBytes(P2.count,8)
-
- var AC=[UInt8](repeating: 0,count: C.count+P2.count+8)
-
- for i in 0 ..< C.count {AC[i]=C[i]}
- for i in 0 ..< P2.count {AC[C.count+i]=P2[i]}
- for i in 0 ..< 8 {AC[C.count+P2.count+i]=L2[i]}
-
- ECDH.HMAC(sha,AC,K2,&TAG)
-
- var same=true
- for i in 0 ..< T.count
- {
- if T[i] != TAG[i] {same=false}
- }
- if !same {return [UInt8]()}
-
- return M;
-
- }
-
- static public func printBinary(_ array: [UInt8])
- {
- for i in 0 ..< array.count
- {
- let h=String(array[i],radix:16);
- print("\(h)", terminator: "")
- }
- print("");
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/swift/ecp.swift
----------------------------------------------------------------------
diff --git a/version22/swift/ecp.swift b/version22/swift/ecp.swift
deleted file mode 100644
index d4e5c37..0000000
--- a/version22/swift/ecp.swift
+++ /dev/null
@@ -1,923 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-//
-// ecp.swift
-//
-// Created by Michael Scott on 30/06/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-final class ECP {
- private var x:FP
- private var y:FP
- private var z:FP
- private var INF:Bool
-
- /* Constructor - set to O */
- init()
- {
- x=FP(0)
- y=FP(0)
- z=FP(1)
- INF=true
- }
-
- /* test for O point-at-infinity */
- func is_infinity() -> Bool
- {
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- x.reduce(); y.reduce(); z.reduce()
- return x.iszilch() && y.equals(z)
- }
- else {return INF}
- }
-
- /* Conditional swap of P and Q dependant on d */
- private func cswap(_ Q: ECP,_ d:Int)
- {
- x.cswap(Q.x,d);
- if ROM.CURVETYPE != ROM.MONTGOMERY {y.cswap(Q.y,d)}
- z.cswap(Q.z,d);
- if (ROM.CURVETYPE != ROM.EDWARDS)
- {
- var bd:Bool
- if d==0 {bd=false}
- else {bd=true}
- bd=bd && (INF != Q.INF)
- INF = (INF != bd)
- Q.INF = (Q.INF != bd)
- }
- }
-
- /* Conditional move of Q to P dependant on d */
- private func cmove(_ Q: ECP,_ d:Int)
- {
- x.cmove(Q.x,d);
- if ROM.CURVETYPE != ROM.MONTGOMERY {y.cmove(Q.y,d)}
- z.cmove(Q.z,d);
- if (ROM.CURVETYPE != ROM.EDWARDS)
- {
- var bd:Bool
- if d==0 {bd=false}
- else {bd=true}
- INF = (INF != Q.INF) && bd;
- }
- }
-
- /* return 1 if b==c, no branching */
- private static func teq(_ b: Int32,_ c:Int32) -> Int
- {
- var x=b^c
- x-=1 // if x=0, x now -1
- return Int((x>>31)&1)
- }
-
- /* self=P */
- func copy(_ P: ECP)
- {
- x.copy(P.x)
- if ROM.CURVETYPE != ROM.MONTGOMERY {y.copy(P.y)}
- z.copy(P.z)
- INF=P.INF
- }
- /* self=-self */
- func neg() {
- if is_infinity() {return}
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- {
- y.neg(); y.norm();
- }
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- x.neg(); x.norm();
- }
- return;
- }
-
- /* Constant time select from pre-computed table */
- private func select(_ W:[ECP],_ b:Int32)
- {
- let MP=ECP()
- let m=b>>31
- var babs=(b^m)-m
-
- babs=(babs-1)/2
-
- cmove(W[0],ECP.teq(babs,0)); // conditional move
- cmove(W[1],ECP.teq(babs,1))
- cmove(W[2],ECP.teq(babs,2))
- cmove(W[3],ECP.teq(babs,3))
- cmove(W[4],ECP.teq(babs,4))
- cmove(W[5],ECP.teq(babs,5))
- cmove(W[6],ECP.teq(babs,6))
- cmove(W[7],ECP.teq(babs,7))
-
- MP.copy(self)
- MP.neg()
- cmove(MP,Int(m&1))
- }
-
- /* Test P == Q */
- func equals(_ Q: ECP) -> Bool
- {
- if (is_infinity() && Q.is_infinity()) {return true}
- if (is_infinity() || Q.is_infinity()) {return false}
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- {
- let zs2=FP(z); zs2.sqr()
- let zo2=FP(Q.z); zo2.sqr()
- let zs3=FP(zs2); zs3.mul(z)
- let zo3=FP(zo2); zo3.mul(Q.z)
- zs2.mul(Q.x)
- zo2.mul(x)
- if !zs2.equals(zo2) {return false}
- zs3.mul(Q.y)
- zo3.mul(y)
- if !zs3.equals(zo3) {return false}
- }
- else
- {
- let a=FP(0)
- let b=FP(0)
- a.copy(x); a.mul(Q.z); a.reduce()
- b.copy(Q.x); b.mul(z); b.reduce()
- if !a.equals(b) {return false}
- if ROM.CURVETYPE==ROM.EDWARDS
- {
- a.copy(y); a.mul(Q.z); a.reduce()
- b.copy(Q.y); b.mul(z); b.reduce()
- if !a.equals(b) {return false}
- }
- }
- return true
- }
-
-/* set self=O */
- func inf()
- {
- INF=true;
- x.zero()
- y.one()
- z.one()
- }
-
- /* Calculate RHS of curve equation */
- static func RHS(_ x: FP) -> FP
- {
- x.norm();
- let r=FP(x);
- r.sqr();
-
- if ROM.CURVETYPE==ROM.WEIERSTRASS
- { // x^3+Ax+B
- let b=FP(BIG(ROM.CURVE_B))
- r.mul(x)
- if (ROM.CURVE_A == -3)
- {
- let cx=FP(x)
- cx.imul(3)
- cx.neg(); cx.norm()
- r.add(cx)
- }
- r.add(b);
- }
- if (ROM.CURVETYPE==ROM.EDWARDS)
- { // (Ax^2-1)/(Bx^2-1)
- let b=FP(BIG(ROM.CURVE_B))
-
- let one=FP(1);
- b.mul(r);
- b.sub(one);
- if ROM.CURVE_A == -1 {r.neg()}
- r.sub(one)
- b.inverse()
- r.mul(b);
- }
- if ROM.CURVETYPE==ROM.MONTGOMERY
- { // x^3+Ax^2+x
- let x3=FP(0)
- x3.copy(r);
- x3.mul(x);
- r.imul(ROM.CURVE_A);
- r.add(x3);
- r.add(x);
- }
- r.reduce();
- return r;
- }
-
- /* set (x,y) from two BIGs */
- init(_ ix: BIG,_ iy: BIG)
- {
- x=FP(ix)
- y=FP(iy)
- z=FP(1)
- INF=true
- let rhs=ECP.RHS(x);
-
- if ROM.CURVETYPE==ROM.MONTGOMERY
- {
- if rhs.jacobi()==1 {INF=false}
- else {inf()}
- }
- else
- {
- let y2=FP(y)
- y2.sqr()
- if y2.equals(rhs) {INF=false}
- else {inf()}
- }
- }
-
- /* set (x,y) from BIG and a bit */
- init(_ ix: BIG,_ s:Int)
- {
- x=FP(ix)
- let rhs=ECP.RHS(x)
- y=FP(0)
- z=FP(1)
- INF=true
- if rhs.jacobi()==1
- {
- let ny=rhs.sqrt()
- if (ny.redc().parity() != s) {ny.neg()}
- y.copy(ny)
- INF=false;
- }
- else {inf()}
- }
-
- /* set from x - calculate y from curve equation */
- init(_ ix:BIG)
- {
- x=FP(ix)
- let rhs=ECP.RHS(x)
- y=FP(0)
- z=FP(1)
- if rhs.jacobi()==1
- {
- if ROM.CURVETYPE != ROM.MONTGOMERY {y.copy(rhs.sqrt())}
- INF=false;
- }
- else {INF=true}
- }
-
- /* set to affine - from (x,y,z) to (x,y) */
- func affine()
- {
- if is_infinity() {return}
- let one=FP(1)
- if (z.equals(one)) {return}
- z.inverse()
- if ROM.CURVETYPE==ROM.WEIERSTRASS
- {
- let z2=FP(z)
- z2.sqr()
- x.mul(z2); x.reduce()
- y.mul(z2)
- y.mul(z); y.reduce()
- }
- if ROM.CURVETYPE==ROM.EDWARDS
- {
- x.mul(z); x.reduce()
- y.mul(z); y.reduce()
- }
- if ROM.CURVETYPE==ROM.MONTGOMERY
- {
- x.mul(z); x.reduce()
-
- }
- z.copy(one)
- }
- /* extract x as a BIG */
- func getX() -> BIG
- {
- affine()
- return x.redc()
- }
- /* extract y as a BIG */
- func getY() -> BIG
- {
- affine();
- return y.redc();
- }
-
- /* get sign of Y */
- func getS() -> Int
- {
- affine()
- let y=getY()
- return y.parity()
- }
- /* extract x as an FP */
- func getx() -> FP
- {
- return x;
- }
- /* extract y as an FP */
- func gety() -> FP
- {
- return y;
- }
- /* extract z as an FP */
- func getz() -> FP
- {
- return z;
- }
- /* convert to byte array */
- func toBytes(_ b:inout [UInt8])
- {
- let RM=Int(ROM.MODBYTES)
- var t=[UInt8](repeating: 0,count: RM)
- if ROM.CURVETYPE != ROM.MONTGOMERY {b[0]=0x04}
- else {b[0]=0x02}
-
- affine()
- x.redc().toBytes(&t)
- for i in 0 ..< RM {b[i+1]=t[i]}
- if ROM.CURVETYPE != ROM.MONTGOMERY
- {
- y.redc().toBytes(&t);
- for i in 0 ..< RM {b[i+RM+1]=t[i]}
- }
- }
- /* convert from byte array to point */
- static func fromBytes(_ b: [UInt8]) -> ECP
- {
- let RM=Int(ROM.MODBYTES)
- var t=[UInt8](repeating: 0,count: RM)
- let p=BIG(ROM.Modulus);
-
- for i in 0 ..< RM {t[i]=b[i+1]}
- let px=BIG.fromBytes(t)
- if BIG.comp(px,p)>=0 {return ECP()}
-
- if (b[0]==0x04)
- {
- for i in 0 ..< RM {t[i]=b[i+RM+1]}
- let py=BIG.fromBytes(t)
- if BIG.comp(py,p)>=0 {return ECP()}
- return ECP(px,py)
- }
- else {return ECP(px)}
- }
- /* convert to hex string */
- func toString() -> String
- {
- if is_infinity() {return "infinity"}
- affine();
- if ROM.CURVETYPE==ROM.MONTGOMERY {return "("+x.redc().toString()+")"}
- else {return "("+x.redc().toString()+","+y.redc().toString()+")"}
- }
-
- /* self*=2 */
- func dbl()
- {
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- {
- if INF {return}
- if y.iszilch()
- {
- inf()
- return
- }
-
- let w1=FP(x)
- let w6=FP(z)
- let w2=FP(0)
- let w3=FP(x)
- let w8=FP(x)
-
- if (ROM.CURVE_A == -3)
- {
- w6.sqr()
- w1.copy(w6)
- w1.neg()
- w3.add(w1)
- w8.add(w6)
- w3.mul(w8)
- w8.copy(w3)
- w8.imul(3)
- }
- else
- {
- w1.sqr()
- w8.copy(w1)
- w8.imul(3)
- }
-
- w2.copy(y); w2.sqr()
- w3.copy(x); w3.mul(w2)
- w3.imul(4)
- w1.copy(w3); w1.neg()
- w1.norm()
-
- x.copy(w8); x.sqr()
- x.add(w1)
- x.add(w1)
- x.norm()
-
- z.mul(y)
- z.add(z)
-
- w2.add(w2)
- w2.sqr()
- w2.add(w2)
- w3.sub(x)
- y.copy(w8); y.mul(w3)
- //w2.norm();
- y.sub(w2)
- y.norm()
- z.norm()
- }
- if ROM.CURVETYPE==ROM.EDWARDS
- {
- let C=FP(x)
- let D=FP(y)
- let H=FP(z)
- let J=FP(0)
-
- x.mul(y); x.add(x)
- C.sqr()
- D.sqr()
- if ROM.CURVE_A == -1 {C.neg()}
- y.copy(C); y.add(D)
- y.norm()
- H.sqr(); H.add(H)
- z.copy(y)
- J.copy(y); J.sub(H)
- x.mul(J)
- C.sub(D)
- y.mul(C)
- z.mul(J)
-
- x.norm();
- y.norm();
- z.norm();
- }
- if ROM.CURVETYPE==ROM.MONTGOMERY
- {
- let A=FP(x)
- let B=FP(x);
- let AA=FP(0);
- let BB=FP(0);
- let C=FP(0);
-
- if INF {return}
-
- A.add(z)
- AA.copy(A); AA.sqr()
- B.sub(z)
- BB.copy(B); BB.sqr()
- C.copy(AA); C.sub(BB)
- //C.norm();
-
- x.copy(AA); x.mul(BB)
-
- A.copy(C); A.imul((ROM.CURVE_A+2)/4)
-
- BB.add(A)
- z.copy(BB); z.mul(C)
- x.norm()
- z.norm()
- }
- return
- }
-
- /* self+=Q */
- func add(_ Q:ECP)
- {
- if ROM.CURVETYPE==ROM.WEIERSTRASS
- {
- if (INF)
- {
- copy(Q)
- return
- }
- if Q.INF {return}
-
- var aff=false;
-
- let one=FP(1);
- if Q.z.equals(one) {aff=true}
-
- var A:FP
- var C:FP
- let B=FP(z)
- let D=FP(z)
- if (!aff)
- {
- A=FP(Q.z)
- C=FP(Q.z)
-
- A.sqr(); B.sqr()
- C.mul(A); D.mul(B)
-
- A.mul(x)
- C.mul(y)
- }
- else
- {
- A=FP(x)
- C=FP(y)
-
- B.sqr()
- D.mul(B)
- }
-
- B.mul(Q.x); B.sub(A)
- D.mul(Q.y); D.sub(C)
-
- if B.iszilch()
- {
- if (D.iszilch())
- {
- dbl()
- return
- }
- else
- {
- INF=true
- return
- }
- }
-
- if !aff {z.mul(Q.z)}
- z.mul(B);
-
- let e=FP(B); e.sqr()
- B.mul(e)
- A.mul(e)
-
- e.copy(A)
- e.add(A); e.add(B)
- x.copy(D); x.sqr(); x.sub(e)
-
- A.sub(x)
- y.copy(A); y.mul(D)
- C.mul(B); y.sub(C)
-
- x.norm()
- y.norm()
- z.norm()
- }
- if ROM.CURVETYPE==ROM.EDWARDS
- {
- let b=FP(BIG(ROM.CURVE_B))
- let A=FP(z)
- let B=FP(0)
- let C=FP(x)
- let D=FP(y)
- let E=FP(0)
- let F=FP(0)
- let G=FP(0)
-
- A.mul(Q.z)
- B.copy(A); B.sqr()
- C.mul(Q.x)
- D.mul(Q.y)
-
- E.copy(C); E.mul(D); E.mul(b)
- F.copy(B); F.sub(E)
- G.copy(B); G.add(E)
-
- if ROM.CURVE_A==1
- {
- E.copy(D); E.sub(C)
- }
- C.add(D)
-
- B.copy(x); B.add(y)
- D.copy(Q.x); D.add(Q.y)
- B.mul(D)
- B.sub(C)
- B.mul(F)
- x.copy(A); x.mul(B)
-
- if ROM.CURVE_A==1
- {
- C.copy(E); C.mul(G)
- }
- if ROM.CURVE_A == -1
- {
- C.mul(G)
- }
- y.copy(A); y.mul(C)
- z.copy(F); z.mul(G)
- x.norm(); y.norm(); z.norm()
- }
- return;
- }
-
- /* Differential Add for Montgomery curves. self+=Q where W is self-Q and is affine. */
- func dadd(_ Q:ECP,_ W:ECP)
- {
- let A=FP(x)
- let B=FP(x)
- let C=FP(Q.x)
- let D=FP(Q.x)
- let DA=FP(0)
- let CB=FP(0)
-
- A.add(z)
- B.sub(z)
-
- C.add(Q.z)
- D.sub(Q.z)
-
- DA.copy(D); DA.mul(A)
- CB.copy(C); CB.mul(B)
-
- A.copy(DA); A.add(CB); A.sqr()
- B.copy(DA); B.sub(CB); B.sqr()
-
- x.copy(A)
- z.copy(W.x); z.mul(B)
-
- if z.iszilch() {inf()}
- else {INF=false}
-
- x.norm()
- }
- /* this-=Q */
- func sub(_ Q:ECP)
- {
- Q.neg()
- add(Q)
- Q.neg()
- }
- static func multiaffine(_ m: Int,_ P:[ECP])
- {
- let t1=FP(0)
- let t2=FP(0)
-
- var work=[FP]()
-
- for _ in 0 ..< m
- {work.append(FP(0))}
-
- work[0].one()
- work[1].copy(P[0].z)
-
- for i in 2 ..< m
- {
- work[i].copy(work[i-1])
- work[i].mul(P[i-1].z)
- }
-
- t1.copy(work[m-1]);
- t1.mul(P[m-1].z);
- t1.inverse();
- t2.copy(P[m-1].z);
- work[m-1].mul(t1);
- var i=m-2;
- while (true)
- {
- if i==0
- {
- work[0].copy(t1)
- work[0].mul(t2)
- break
- }
- work[i].mul(t2);
- work[i].mul(t1);
- t2.mul(P[i].z);
- i=i-1;
- }
- /* now work[] contains inverses of all Z coordinates */
-
- for i in 0 ..< m
- {
- P[i].z.one();
- t1.copy(work[i]);
- t1.sqr();
- P[i].x.mul(t1);
- t1.mul(work[i]);
- P[i].y.mul(t1);
- }
- }
- /* constant time multiply by small integer of length bts - use ladder */
- func pinmul(_ e:Int32,_ bts:Int32) -> ECP
- {
- if ROM.CURVETYPE==ROM.MONTGOMERY
- {return self.mul(BIG(Int(e)))}
- else
- {
- let P=ECP()
- let R0=ECP()
- let R1=ECP(); R1.copy(self)
-
- for i in (0...bts-1).reversed()
- {
- let b=Int(e>>i)&1;
- P.copy(R1);
- P.add(R0);
- R0.cswap(R1,b);
- R1.copy(P);
- R0.dbl();
- R0.cswap(R1,b);
- }
- P.copy(R0);
- P.affine();
- return P;
- }
- }
-
- /* return e.self */
-
- func mul(_ e:BIG) -> ECP
- {
- if (e.iszilch() || is_infinity()) {return ECP()}
-
- let P=ECP()
- if ROM.CURVETYPE==ROM.MONTGOMERY
- {
- /* use Ladder */
- let D=ECP()
- let R0=ECP(); R0.copy(self)
- let R1=ECP(); R1.copy(self)
- R1.dbl();
- D.copy(self); D.affine();
- let nb=e.nbits();
-
- for i in (0...nb-2).reversed()
- {
- let b=e.bit(UInt(i))
- //print("\(b)")
- P.copy(R1)
- P.dadd(R0,D)
- R0.cswap(R1,b)
- R1.copy(P)
- R0.dbl()
- R0.cswap(R1,b)
- }
- P.copy(R0)
- }
- else
- {
- // fixed size windows
- let mt=BIG()
- let t=BIG()
- let Q=ECP()
- let C=ECP()
- var W=[ECP]()
- let n=1+(ROM.NLEN*Int(ROM.BASEBITS)+3)/4
- var w=[Int8](repeating: 0,count: n)
-
- affine();
-
- // precompute table
- Q.copy(self)
- Q.dbl()
- W.append(ECP())
-
- W[0].copy(self)
-
- for i in 1 ..< 8
- {
- W.append(ECP())
- W[i].copy(W[i-1])
- W[i].add(Q)
- }
-
- // convert the table to affine
- if ROM.CURVETYPE==ROM.WEIERSTRASS
- {ECP.multiaffine(8,W)}
-
- // make exponent odd - add 2P if even, P if odd
- t.copy(e);
- let s=t.parity();
- t.inc(1); t.norm(); let ns=t.parity();
- mt.copy(t); mt.inc(1); mt.norm();
- t.cmove(mt,s);
- Q.cmove(self,ns);
- C.copy(Q);
-
- let nb=1+(t.nbits()+3)/4;
-
- // convert exponent to signed 4-bit window
- for i in 0 ..< nb
- {
- w[i]=Int8(t.lastbits(5)-16);
- t.dec(Int(w[i]));
- t.norm();
- t.fshr(4);
- }
- w[nb]=Int8(t.lastbits(5))
-
- P.copy(W[Int((w[nb])-1)/2]);
- for i in (0...nb-1).reversed()
- {
- Q.select(W,Int32(w[i]));
- P.dbl();
- P.dbl();
- P.dbl();
- P.dbl();
- P.add(Q);
- }
- P.sub(C); /* apply correction */
- }
- P.affine();
- return P;
- }
-
- /* Return e.this+f.Q */
-
- func mul2(_ e:BIG,_ Q:ECP,_ f:BIG) -> ECP
- {
- let te=BIG()
- let tf=BIG()
- let mt=BIG()
- let S=ECP()
- let T=ECP()
- let C=ECP()
- var W=[ECP]()
- let n=1+(ROM.NLEN*Int(ROM.BASEBITS)+1)/2
- var w=[Int8](repeating: 0,count: n);
-
- affine();
- Q.affine();
-
- te.copy(e);
- tf.copy(f);
-
- // precompute table
- for _ in 0 ..< 8 {W.append(ECP())}
- W[1].copy(self); W[1].sub(Q)
- W[2].copy(self); W[2].add(Q)
- S.copy(Q); S.dbl();
- W[0].copy(W[1]); W[0].sub(S)
- W[3].copy(W[2]); W[3].add(S)
- T.copy(self); T.dbl()
- W[5].copy(W[1]); W[5].add(T)
- W[6].copy(W[2]); W[6].add(T)
- W[4].copy(W[5]); W[4].sub(S)
- W[7].copy(W[6]); W[7].add(S)
-
- // convert the table to affine
- if ROM.CURVETYPE==ROM.WEIERSTRASS
- {ECP.multiaffine(8,W)}
-
- // if multiplier is odd, add 2, else add 1 to multiplier, and add 2P or P to correction
-
- var s=te.parity()
- te.inc(1); te.norm(); var ns=te.parity(); mt.copy(te); mt.inc(1); mt.norm()
- te.cmove(mt,s)
- T.cmove(self,ns)
- C.copy(T)
-
- s=tf.parity()
- tf.inc(1); tf.norm(); ns=tf.parity(); mt.copy(tf); mt.inc(1); mt.norm()
- tf.cmove(mt,s)
- S.cmove(Q,ns)
- C.add(S)
-
- mt.copy(te); mt.add(tf); mt.norm()
- let nb=1+(mt.nbits()+1)/2
-
- // convert exponent to signed 2-bit window
- for i in 0 ..< nb
- {
- let a=(te.lastbits(3)-4);
- te.dec(a); te.norm();
- te.fshr(2);
- let b=(tf.lastbits(3)-4);
- tf.dec(b); tf.norm();
- tf.fshr(2);
- w[i]=Int8(4*a+b);
- }
- w[nb]=Int8(4*te.lastbits(3)+tf.lastbits(3));
- S.copy(W[Int(w[nb]-1)/2]);
- for i in (0...nb-1).reversed()
- {
- T.select(W,Int32(w[i]));
- S.dbl();
- S.dbl();
- S.add(T);
- }
- S.sub(C); /* apply correction */
- S.affine();
- return S;
- }
-
-
-
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/swift/ecp2.swift
----------------------------------------------------------------------
diff --git a/version22/swift/ecp2.swift b/version22/swift/ecp2.swift
deleted file mode 100644
index e1288d6..0000000
--- a/version22/swift/ecp2.swift
+++ /dev/null
@@ -1,618 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-//
-// ecp2.swift
-//
-// Created by Michael Scott on 07/07/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-/* AMCL Weierstrass elliptic curve functions over FP2 */
-
-final class ECP2 {
- private var x:FP2
- private var y:FP2
- private var z:FP2
- private var INF:Bool
-
- /* Constructor - set self=O */
- init()
- {
- INF=true
- x=FP2(0)
- y=FP2(1)
- z=FP2(1)
- }
- /* Test self=O? */
- func is_infinity() -> Bool
- {
- return INF
- }
- /* copy self=P */
- func copy(_ P:ECP2)
- {
- x.copy(P.x)
- y.copy(P.y)
- z.copy(P.z)
- INF=P.INF
- }
- /* set self=O */
- func inf() {
- INF=true
- x.zero()
- y.zero()
- z.zero()
- }
- /* Conditional move of Q to P dependant on d */
- func cmove(_ Q:ECP2,_ d:Int)
- {
- x.cmove(Q.x,d);
- y.cmove(Q.y,d);
- z.cmove(Q.z,d);
-
- var bd:Bool
- if d==0 {bd=false}
- else {bd=true}
- INF = (INF != ((INF != Q.INF) && bd))
- }
-
- /* return 1 if b==c, no branching */
- private static func teq(_ b:Int32,_ c:Int32) -> Int
- {
- var x=b^c
- x-=1 // if x=0, x now -1
- return Int((x>>31)&1)
- }
- /* Constant time select from pre-computed table */
- func select(_ W:[ECP2],_ b:Int32)
- {
- let MP=ECP2()
- let m=b>>31
- var babs=(b^m)-m
-
- babs=(babs-1)/2
-
- cmove(W[0],ECP2.teq(babs,0)) // conditional move
- cmove(W[1],ECP2.teq(babs,1))
- cmove(W[2],ECP2.teq(babs,2))
- cmove(W[3],ECP2.teq(babs,3))
- cmove(W[4],ECP2.teq(babs,4))
- cmove(W[5],ECP2.teq(babs,5))
- cmove(W[6],ECP2.teq(babs,6))
- cmove(W[7],ECP2.teq(babs,7))
-
- MP.copy(self)
- MP.neg()
- cmove(MP,Int(m&1))
- }
-
- /* Test if P == Q */
- func equals(_ Q:ECP2) -> Bool
- {
- if is_infinity() && Q.is_infinity() {return true}
- if is_infinity() || Q.is_infinity() {return false}
-
- let zs2=FP2(z); zs2.sqr()
- let zo2=FP2(Q.z); zo2.sqr()
- let zs3=FP2(zs2); zs3.mul(z)
- let zo3=FP2(zo2); zo3.mul(Q.z)
- zs2.mul(Q.x)
- zo2.mul(x)
- if !zs2.equals(zo2) {return false}
- zs3.mul(Q.y)
- zo3.mul(y)
- if !zs3.equals(zo3) {return false}
-
- return true;
- }
- /* set self=-self */
- func neg()
- {
- if is_infinity() {return}
- y.neg(); y.norm()
- return
- }
- /* set to Affine - (x,y,z) to (x,y) */
- func affine() {
- if is_infinity() {return}
- let one=FP2(1)
- if z.equals(one) {return}
- z.inverse()
-
- let z2=FP2(z)
- z2.sqr()
- x.mul(z2); x.reduce()
- y.mul(z2)
- y.mul(z); y.reduce()
- z.copy(one)
- }
- /* extract affine x as FP2 */
- func getX() -> FP2
- {
- affine()
- return x
- }
- /* extract affine y as FP2 */
- func getY() -> FP2
- {
- affine()
- return y
- }
- /* extract projective x */
- func getx() -> FP2
- {
- return x
- }
- /* extract projective y */
- func gety() -> FP2
- {
- return y
- }
- /* extract projective z */
- func getz() -> FP2
- {
- return z
- }
- /* convert to byte array */
- func toBytes(_ b:inout [UInt8])
- {
- let RM=Int(ROM.MODBYTES)
- var t=[UInt8](repeating: 0,count: RM)
-
- affine();
- x.getA().toBytes(&t)
- for i in 0 ..< RM
- {b[i]=t[i]}
- x.getB().toBytes(&t);
- for i in 0 ..< RM
- {b[i+RM]=t[i]}
-
- y.getA().toBytes(&t);
- for i in 0 ..< RM
- {b[i+2*RM]=t[i]}
- y.getB().toBytes(&t);
- for i in 0 ..< RM
- {b[i+3*RM]=t[i]}
- }
- /* convert from byte array to point */
- static func fromBytes(_ b:[UInt8]) -> ECP2
- {
- let RM=Int(ROM.MODBYTES)
- var t=[UInt8](repeating: 0,count: RM)
-
-
- for i in 0 ..< RM {t[i]=b[i]}
- var ra=BIG.fromBytes(t);
- for i in 0 ..< RM {t[i]=b[i+RM]}
- var rb=BIG.fromBytes(t);
- let rx=FP2(ra,rb)
-
- for i in 0 ..< RM {t[i]=b[i+2*RM]}
- ra=BIG.fromBytes(t)
- for i in 0 ..< RM {t[i]=b[i+3*RM]}
- rb=BIG.fromBytes(t)
- let ry=FP2(ra,rb)
-
- return ECP2(rx,ry)
- }
-/* convert self to hex string */
- func toString() -> String
- {
- if is_infinity() {return "infinity"}
- affine()
- return "("+x.toString()+","+y.toString()+")"
- }
-
-/* Calculate RHS of twisted curve equation x^3+B/i */
- static func RHS(_ x:FP2) -> FP2
- {
- x.norm()
- let r=FP2(x)
- r.sqr()
- let b=FP2(BIG(ROM.CURVE_B))
- b.div_ip();
- r.mul(x);
- r.add(b);
-
- r.reduce();
- return r;
- }
-/* construct self from (x,y) - but set to O if not on curve */
- init(_ ix:FP2,_ iy:FP2)
- {
- x=FP2(ix)
- y=FP2(iy)
- z=FP2(1)
- let rhs=ECP2.RHS(x)
- let y2=FP2(y)
- y2.sqr()
- if y2.equals(rhs) {INF=false}
- else {x.zero(); INF=true}
- }
- /* construct this from x - but set to O if not on curve */
- init(_ ix:FP2)
- {
- x=FP2(ix)
- y=FP2(1)
- z=FP2(1)
- let rhs=ECP2.RHS(x)
- if rhs.sqrt()
- {
- y.copy(rhs);
- INF=false;
- }
- else {x.zero(); INF=true;}
- }
-
- /* this+=this */
- func dbl() -> Int
- {
- if (INF) {return -1}
- if y.iszilch()
- {
- inf();
- return -1;
- }
-
- let w1=FP2(x)
- let w2=FP2(0)
- let w3=FP2(x)
- let w8=FP2(x)
-
- w1.sqr()
- w8.copy(w1)
- w8.imul(3)
-
- w2.copy(y); w2.sqr()
- w3.copy(x); w3.mul(w2)
- w3.imul(4)
- w1.copy(w3); w1.neg()
- w1.norm()
-
- x.copy(w8); x.sqr()
- x.add(w1)
- x.add(w1)
- x.norm()
-
- z.mul(y)
- z.add(z)
-
- w2.add(w2)
- w2.sqr()
- w2.add(w2)
- w3.sub(x)
- y.copy(w8); y.mul(w3)
- w2.norm()
- y.sub(w2)
- y.norm()
- z.norm()
-
- return 1
- }
-/* this+=Q - return 0 for add, 1 for double, -1 for O */
- func add(_ Q:ECP2) -> Int
- {
- if INF
- {
- copy(Q)
- return -1
- }
- if Q.INF {return -1}
-
- var aff=false
-
- if Q.z.isunity() {aff=true}
-
- var A:FP2
- var C:FP2
- let B=FP2(z)
- let D=FP2(z)
- if (!aff)
- {
- A=FP2(Q.z)
- C=FP2(Q.z)
-
- A.sqr(); B.sqr()
- C.mul(A); D.mul(B)
-
- A.mul(x)
- C.mul(y)
- }
- else
- {
- A=FP2(x)
- C=FP2(y)
-
- B.sqr()
- D.mul(B)
- }
-
- B.mul(Q.x); B.sub(A)
- D.mul(Q.y); D.sub(C)
-
- if B.iszilch()
- {
- if D.iszilch()
- {
- dbl()
- return 1
- }
- else
- {
- INF=true
- return -1
- }
- }
-
- if !aff {z.mul(Q.z)}
- z.mul(B)
-
- let e=FP2(B); e.sqr()
- B.mul(e)
- A.mul(e)
-
- e.copy(A)
- e.add(A); e.add(B)
- x.copy(D); x.sqr(); x.sub(e)
-
- A.sub(x)
- y.copy(A); y.mul(D)
- C.mul(B); y.sub(C)
-
- x.norm()
- y.norm()
- z.norm()
-
- return 0
- }
-
- /* set self-=Q */
- func sub(_ Q:ECP2) -> Int
- {
- Q.neg()
- let D=add(Q)
- Q.neg()
- return D
- }
-/* set self*=q, where q is Modulus, using Frobenius */
- func frob(_ X:FP2)
- {
- if INF {return}
- let X2=FP2(X)
- X2.sqr()
- x.conj()
- y.conj()
- z.conj()
- z.reduce()
- x.mul(X2)
- y.mul(X2)
- y.mul(X)
- }
- /* normalises m-array of ECP2 points. Requires work vector of m FP2s */
-
- private static func multiaffine(_ m:Int,_ P:[ECP2])
- {
- let t1=FP2(0)
- let t2=FP2(0)
-
- var work=[FP2]()
- for _ in 0 ..< m
- {work.append(FP2(0))}
-
- work[0].one()
- work[1].copy(P[0].z)
-
- for i in 2 ..< m
- {
- work[i].copy(work[i-1])
- work[i].mul(P[i-1].z)
- }
-
- t1.copy(work[m-1]); t1.mul(P[m-1].z)
-
- t1.inverse()
-
- t2.copy(P[m-1].z)
- work[m-1].mul(t1)
-
- var i=m-2
- while true
- {
- if (i==0)
- {
- work[0].copy(t1)
- work[0].mul(t2)
- break;
- }
- work[i].mul(t2)
- work[i].mul(t1)
- t2.mul(P[i].z)
- i-=1
- }
- /* now work[] contains inverses of all Z coordinates */
-
- for i in 0 ..< m
- {
- P[i].z.one()
- t1.copy(work[i]); t1.sqr()
- P[i].x.mul(t1)
- t1.mul(work[i])
- P[i].y.mul(t1)
- }
- }
-
- /* P*=e */
- func mul(_ e:BIG) -> ECP2
- {
- /* fixed size windows */
- let mt=BIG()
- let t=BIG()
- let P=ECP2()
- let Q=ECP2()
- let C=ECP2()
-
- var W=[ECP2]();
- for _ in 0 ..< 8 {W.append(ECP2())}
-
- var w=[Int8](repeating: 0,count: 1+(ROM.NLEN*Int(ROM.BASEBITS)+3)/4)
-
- if is_infinity() {return ECP2()}
-
- affine()
-
- /* precompute table */
- Q.copy(self)
- Q.dbl()
- W[0].copy(self)
-
- for i in 1 ..< 8
- {
- W[i].copy(W[i-1])
- W[i].add(Q)
- }
-
- /* convert the table to affine */
-
- ECP2.multiaffine(8,W);
-
- /* make exponent odd - add 2P if even, P if odd */
- t.copy(e)
- let s=t.parity()
- t.inc(1); t.norm(); let ns=t.parity(); mt.copy(t); mt.inc(1); mt.norm()
- t.cmove(mt,s)
- Q.cmove(self,ns)
- C.copy(Q)
-
- let nb=1+(t.nbits()+3)/4
- /* convert exponent to signed 4-bit window */
- for i in 0 ..< nb
- {
- w[i]=Int8(t.lastbits(5)-16)
- t.dec(Int(w[i])); t.norm()
- t.fshr(4)
- }
- w[nb]=Int8(t.lastbits(5))
-
- P.copy(W[Int(w[nb]-1)/2])
- for i in (0...nb-1).reversed()
- //for var i=nb-1;i>=0;i--
- {
- Q.select(W,Int32(w[i]))
- P.dbl()
- P.dbl()
- P.dbl()
- P.dbl()
- P.add(Q)
- }
- P.sub(C);
- P.affine()
- return P;
- }
-
- /* P=u0.Q0+u1*Q1+u2*Q2+u3*Q3 */
- static func mul4(_ Q:[ECP2],_ u:[BIG]) -> ECP2
- {
- var a=[Int32](repeating: 0,count: 4)
- let T=ECP2()
- let C=ECP2()
- let P=ECP2()
-
- var W=[ECP2]();
- for _ in 0 ..< 8 {W.append(ECP2())}
-
- let mt=BIG()
- var t=[BIG]()
-
- var w=[Int8](repeating: 0,count: ROM.NLEN*Int(ROM.BASEBITS)+1)
-
- for i in 0 ..< 4
- {
- t.append(BIG(u[i]))
- Q[i].affine()
- }
-
- /* precompute table */
-
- W[0].copy(Q[0]); W[0].sub(Q[1])
- W[1].copy(W[0])
- W[2].copy(W[0])
- W[3].copy(W[0])
- W[4].copy(Q[0]); W[4].add(Q[1])
- W[5].copy(W[4])
- W[6].copy(W[4])
- W[7].copy(W[4])
- T.copy(Q[2]); T.sub(Q[3])
- W[1].sub(T)
- W[2].add(T)
- W[5].sub(T)
- W[6].add(T)
- T.copy(Q[2]); T.add(Q[3])
- W[0].sub(T)
- W[3].add(T)
- W[4].sub(T)
- W[7].add(T)
-
- ECP2.multiaffine(8,W);
-
- /* if multiplier is even add 1 to multiplier, and add P to correction */
- mt.zero(); C.inf()
- for i in 0 ..< 4
- {
- if (t[i].parity()==0)
- {
- t[i].inc(1); t[i].norm()
- C.add(Q[i])
- }
- mt.add(t[i]); mt.norm()
- }
-
- let nb=1+mt.nbits();
-
- /* convert exponent to signed 1-bit window */
- for j in 0 ..< nb
- {
- for i in 0 ..< 4 {
- a[i]=Int32(t[i].lastbits(2)-2)
-
- t[i].dec(Int(a[i]))
- t[i].norm()
- t[i].fshr(1)
- }
- w[j]=Int8(8*a[0]+4*a[1]+2*a[2]+a[3])
- }
- w[nb]=Int8(8*t[0].lastbits(2)+4*t[1].lastbits(2))
- w[nb]+=Int8(2*t[2].lastbits(2)+t[3].lastbits(2))
-
- P.copy(W[Int(w[nb]-1)/2])
- for i in (0...nb-1).reversed()
- //for var i=nb-1;i>=0;i--
- {
- T.select(W,Int32(w[i]))
- P.dbl()
- P.add(T)
- }
- P.sub(C) /* apply correction */
-
- P.affine()
- return P
- }
-
-
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/swift/ff.swift
----------------------------------------------------------------------
diff --git a/version22/swift/ff.swift b/version22/swift/ff.swift
deleted file mode 100644
index ab87c91..0000000
--- a/version22/swift/ff.swift
+++ /dev/null
@@ -1,927 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-//
-// ff.swift
-//
-// Created by Michael Scott on 24/06/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-/* Large Finite Field arithmetic */
-/* AMCL mod p functions */
-
-final class FF {
- var v = [BIG]()
- var length:Int=1
-
- /* func P_EXCESS() -> Int32
- {
- return ((v[length-1].w[ROM.NLEN-1]&FF.P_OMASK)>>FF.P_TBITS)
- } */
- /* Constructors */
- init(_ n: Int)
- {
- for _ in 0 ..< n
- {
- v.append(BIG(0));
- }
- length=n;
- }
-
- init(_ x: [[Chunk]],n: Int)
- {
- for i in 0 ..< n
- {
- v.append(BIG(x[i]))
- }
- length=n;
- }
-
- func getlen() -> Int
- {
- return length;
- }
-
- /* set to zero */
- func zero()
- {
- for i in 0 ..< length
- {
- v[i].zero();
- }
- }
-
- /* set to integer */
- func set(_ m: Int)
- {
- zero();
- v[0].set(0,Chunk(m));
- }
-
- /* copy from FF b */
- func copy(_ b: FF)
- {
- for i in 0 ..< length
- {
- v[i].copy(b.v[i]);
- }
- }
-
- /* x=y<<n */
- func dsucopy(_ b: FF)
- {
- for i in 0 ..< b.length
- {
- v[b.length+i].copy(b.v[i]);
- v[i].zero();
- }
- }
- /* x=y */
- func dscopy(_ b: FF)
- {
- for i in 0 ..< b.length
- {
- v[i].copy(b.v[i]);
- v[b.length+i].zero();
- }
- }
- /* x=y>>n */
- func sducopy(_ b: FF)
- {
- for i in 0 ..< length
- {
- v[i].copy(b.v[length+i]);
- }
- }
- func one()
- {
- v[0].one();
- for i in 1 ..< length
- {
- v[i].zero();
- }
- }
- /* test equals 0 */
- func iszilch() -> Bool
- {
- for i in 0 ..< length
- {
- if (!v[i].iszilch()) {return false}
- }
- return true;
- }
- /* shift right by BIGBITS-bit words */
- func shrw(_ n: Int)
- {
- for i in 0 ..< n
- {
- v[i].copy(v[i+n]);
- v[i+n].zero();
- }
- }
-
- /* shift left by BIGBITS-bit words */
- func shlw(_ n: Int)
- {
- for i in 0 ..< n
- {
- v[n+i].copy(v[i]);
- v[i].zero();
- }
- }
-
- /* extract last bit */
- func parity() -> Int
- {
- return v[0].parity()
- }
-
- func lastbits(_ m: Int) ->Int
- {
- return v[0].lastbits(UInt(m));
- }
-
- /* compare x and y - must be normalised, and of same length */
- static func comp(_ a: FF,_ b:FF) -> Int
- {
- for i in (0...a.length-1).reversed()
- // for var i=a.length-1;i>=0;i--
- {
- let j=BIG.comp(a.v[i],b.v[i])
- if j != 0 {return j}
- }
- return 0;
- }
- /* recursive add */
- func radd(_ vp: Int,_ x:FF,_ xp:Int,_ y:FF,_ yp:Int,_ n: Int)
- {
- for i in 0 ..< n
- {
- v[vp+i].copy(x.v[xp+i])
- v[vp+i].add(y.v[yp+i])
- }
- }
- /* recursive inc */
- func rinc(_ vp: Int,_ y: FF,_ yp: Int,_ n:Int)
- {
- for i in 0 ..< n
- {
- v[vp+i].add(y.v[yp+i])
- }
- }
- /* recursive add */
- func rsub(_ vp: Int,_ x:FF,_ xp:Int,_ y:FF,_ yp:Int,_ n: Int)
- {
- for i in 0 ..< n
- {
- v[vp+i].copy(x.v[xp+i])
- v[vp+i].sub(y.v[yp+i])
- }
- }
- /* recursive inc */
- func rdec(_ vp: Int,_ y: FF,_ yp: Int,_ n:Int)
- {
- for i in 0 ..< n
- {
- v[vp+i].sub(y.v[yp+i])
- }
- }
- /* simple add */
- func add(_ b: FF)
- {
- for i in 0 ..< length
- {v[i].add(b.v[i])}
- }
-
- /* simple sub */
- func sub(_ b: FF)
- {
- for i in 0 ..< length
- {v[i].sub(b.v[i])}
- }
- /* reverse sub */
- func revsub(_ b: FF)
- {
- for i in 0 ..< length
- {v[i].rsub(b.v[i])}
- }
- /* normalise - but hold any overflow in top part unless n<0 */
- private func rnorm(_ vp: Int,_ n: Int)
- {
- var trunc=false;
- var nn=n
-
- if (nn<0)
- { /* -v n signals to do truncation */
- nn = -nn
- trunc=true;
- }
- for i in 0 ..< nn-1
- {
- let carry=v[vp+i].norm();
- v[vp+i].xortop(carry<<Chunk(ROM.P_TBITS))
- v[vp+i+1].w[0]+=carry; //inc(carry)
- }
- let carry=v[vp+nn-1].norm();
- if (trunc)
- {v[vp+nn-1].xortop(carry<<Chunk(ROM.P_TBITS))}
- }
-
- func norm()
- {
- rnorm(0,length)
- }
-
- /* increment/decrement by a small integer */
- func inc(_ m: Int)
- {
- v[0].inc(m);
- norm();
- }
-
- func dec(_ m: Int)
- {
- v[0].dec(m);
- norm();
- }
-
- /* shift left by one bit */
- func shl()
- {
- var delay_carry=0;
- for i in 0 ..< length-1
- {
- let carry=v[i].fshl(1)
- v[i].inc(delay_carry);
- v[i].xortop(Chunk(carry)<<Chunk(ROM.P_TBITS));
- delay_carry=carry;
- }
- v[length-1].fshl(1)
- v[length-1].inc(delay_carry)
- }
-
- /* shift right by one bit */
- func shr()
- {
- for i in (1...length-1).reversed()
- {
- let carry=v[i].fshr(1);
- v[i-1].ortop(Chunk(carry)<<Chunk(ROM.P_TBITS));
- }
- v[0].fshr(1);
- }
-
- /* Convert to Hex String */
- func toString() -> String
- {
- norm();
- var s="";
- for i in (0...length-1).reversed()
- {
- s+=v[i].toString();
- }
- return s;
- }
-
- /* Convert FFs to/from byte arrays */
- func toBytes(_ b: inout [UInt8])
- {
- for i in 0 ..< length
- {
- v[i].tobytearray(&b,(length-i-1)*Int(ROM.MODBYTES))
- }
- }
- static func fromBytes(_ x: FF,_ b:[UInt8])
- {
- for i in 0 ..< x.length
- {
- x.v[i]=BIG.frombytearray(b,(x.length-i-1)*Int(ROM.MODBYTES))
- }
- }
-
- /* in-place swapping using xor - side channel resistant - lengths must be the same */
- private static func cswap(_ a: FF,_ b:FF,_ d:Int)
- {
- for i in 0 ..< a.length
- {
- a.v[i].cswap(b.v[i],d)
- }
- }
- /* z=x*y, t is workspace */
- private func karmul(_ vp: Int,_ x: FF,_ xp: Int,_ y:FF,_ yp: Int,_ t:FF,_ tp:Int,_ n:Int)
- {
- if (n==1)
- {
- let d=BIG.mul(x.v[xp],y.v[yp])
- v[vp+1]=d.split(8*ROM.MODBYTES)
- v[vp].copy(d)
- return
- }
- let nd2=n/2
- radd(vp,x,xp,x,xp+nd2,nd2)
- rnorm(vp,nd2)
- radd(vp+nd2,y,yp,y,yp+nd2,nd2)
- rnorm(vp+nd2,nd2)
-
- t.karmul(tp,self,vp,self,vp+nd2,t,tp+n,nd2)
- karmul(vp,x,xp,y,yp,t,tp+n,nd2)
- karmul(vp+n,x,xp+nd2,y,yp+nd2,t,tp+n,nd2)
- t.rdec(tp,self,vp,n)
- t.rdec(tp,self,vp+n,n)
- rinc(vp+nd2,t,tp,n)
- rnorm(vp,2*n)
- }
-
- private func karsqr(_ vp: Int,_ x: FF,_ xp:Int,_ t:FF,_ tp:Int,_ n:Int)
- {
- if (n==1)
- {
- let d=BIG.sqr(x.v[xp])
- v[vp+1].copy(d.split(8*ROM.MODBYTES))
- v[vp].copy(d);
- return;
- }
-
- let nd2=n/2
- karsqr(vp,x,xp,t,tp+n,nd2)
- karsqr(vp+n,x,xp+nd2,t,tp+n,nd2)
- t.karmul(tp,x,xp,x,xp+nd2,t,tp+n,nd2)
- rinc(vp+nd2,t,tp,n)
- rinc(vp+nd2,t,tp,n)
- rnorm(vp+nd2,n)
- }
- private func karmul_lower(_ vp:Int,_ x:FF,_ xp:Int,_ y:FF,_ yp:Int,_ t:FF,_ tp:Int,_ n: Int)
- { /* Calculates Least Significant bottom half of x*y */
- if (n==1)
- { /* only calculate bottom half of product */
- v[vp].copy(BIG.smul(x.v[xp],y.v[yp]))
- return
- }
- let nd2=n/2
-
- karmul(vp,x,xp,y,yp,t,tp+n,nd2)
- t.karmul_lower(tp,x,xp+nd2,y,yp,t,tp+n,nd2);
- rinc(vp+nd2,t,tp,nd2);
- t.karmul_lower(tp,x,xp,y,yp+nd2,t,tp+n,nd2);
- rinc(vp+nd2,t,tp,nd2);
- rnorm(vp+nd2,-nd2); /* truncate it */
- }
-
- private func karmul_upper(_ x: FF,_ y:FF,_ t:FF,_ n:Int)
- { /* Calculates Most Significant upper half of x*y, given lower part */
- let nd2=n/2;
- radd(n,x,0,x,nd2,nd2);
- radd(n+nd2,y,0,y,nd2,nd2);
- rnorm(n,nd2);
- rnorm(n+nd2,nd2);
-
- t.karmul(0,self,n+nd2,self,n,t,n,nd2); /* t = (a0+a1)(b0+b1) */
- karmul(n,x,nd2,y,nd2,t,n,nd2); /* z[n]= a1*b1 */
- /* z[0-nd2]=l(a0b0) z[nd2-n]= h(a0b0)+l(t)-l(a0b0)-l(a1b1) */
- t.rdec(0,self,n,n); /* t=t-a1b1 */
- rinc(nd2,self,0,nd2); /* z[nd2-n]+=l(a0b0) = h(a0b0)+l(t)-l(a1b1) */
- rdec(nd2,t,0,nd2); /* z[nd2-n]=h(a0b0)+l(t)-l(a1b1)-l(t-a1b1)=h(a0b0) */
- rnorm(0,-n); /* a0b0 now in z - truncate it */
- t.rdec(0,self,0,n); /* (a0+a1)(b0+b1) - a0b0 */
- rinc(nd2,t,0,n);
-
- rnorm(nd2,n);
- }
- /* z=x*y. Assumes x and y are of same length. */
- static func mul(_ x: FF,_ y:FF) -> FF
- {
- let n=x.length
- let z=FF(2*n)
- let t=FF(2*n)
- z.karmul(0,x,0,y,0,t,0,n)
- return z
- }
-
- /* z=x^2 */
- static func sqr(_ x: FF) -> FF
- {
- let n=x.length
- let z=FF(2*n)
- let t=FF(2*n)
- z.karsqr(0,x,0,t,0,n)
- return z
- }
- /* return low part of product self*y */
- func lmul(_ y: FF)
- {
- let n=length;
- let t=FF(2*n);
- let x=FF(n); x.copy(self);
- karmul_lower(0,x,0,y,0,t,0,n);
- }
-
- /* Set b=b mod c */
- func mod(_ c: FF)
- {
- var k=0
-
- norm()
- if (FF.comp(self,c)<0)
- {return}
- repeat
- {
- c.shl()
- k+=1
- } while (FF.comp(self,c)>=0)
-
- while (k>0)
- {
- c.shr();
- if (FF.comp(self,c)>=0)
- {
- sub(c)
- norm()
- }
- k-=1
- }
- }
-
- /* return This mod modulus, N is modulus, ND is Montgomery Constant */
- func reduce(_ N: FF,_ ND:FF) -> FF
- { /* fast karatsuba Montgomery reduction */
- let n=N.length
- let t=FF(2*n)
- let r=FF(n)
- let m=FF(n)
-
- r.sducopy(self)
- m.karmul_lower(0,self,0,ND,0,t,0,n)
- karmul_upper(N,m,t,n)
- m.sducopy(self)
-
- r.add(N);
- r.sub(m);
- r.norm();
-
- return r;
- }
- /* Set r=this mod b */
- /* this is of length - 2*n */
- /* r,b is of length - n */
- func dmod(_ b: FF) -> FF
- {
- let n=b.length
- let m=FF(2*n)
- let x=FF(2*n)
- let r=FF(n)
-
- x.copy(self)
- x.norm()
- m.dsucopy(b)
- var k=Int(ROM.BIGBITS)*n
-
- while (FF.comp(x,m)>=0)
- {
- x.sub(m);
- x.norm();
- }
-
- while (k>0)
- {
- m.shr()
-
- if (FF.comp(x,m)>=0)
- {
- x.sub(m);
- x.norm();
- }
- k -= 1;
- }
-
- r.copy(x);
- r.mod(b);
- return r;
- }
- /* Set return=1/this mod p. Binary method - a<p on entry */
-
- func invmodp(_ p: FF)
- {
- let n=p.length;
-
- let u=FF(n)
- let v=FF(n)
- let x1=FF(n)
- let x2=FF(n)
- let t=FF(n)
- let one=FF(n)
-
- one.one()
- u.copy(self)
- v.copy(p)
- x1.copy(one)
- x2.zero()
-
- // reduce n in here as well!
- while (FF.comp(u,one) != 0 && FF.comp(v,one) != 0)
- {
- while (u.parity()==0)
- {
- u.shr()
- if (x1.parity() != 0)
- {
- x1.add(p)
- x1.norm()
- }
- x1.shr()
- }
- while (v.parity()==0)
- {
- v.shr()
- if (x2.parity() != 0)
- {
- x2.add(p)
- x2.norm()
- }
- x2.shr();
- }
- if (FF.comp(u,v)>=0)
- {
- u.sub(v)
- u.norm()
- if (FF.comp(x1,x2)>=0) {x1.sub(x2)}
- else
- {
- t.copy(p)
- t.sub(x2)
- x1.add(t)
- }
- x1.norm()
- }
- else
- {
- v.sub(u)
- v.norm()
- if (FF.comp(x2,x1)>=0) {x2.sub(x1)}
- else
- {
- t.copy(p)
- t.sub(x1)
- x2.add(t)
- }
- x2.norm()
- }
- }
- if FF.comp(u,one)==0
- {copy(x1)}
- else
- {copy(x2)}
- }
-
- /* nresidue mod m */
- func nres(_ m: FF)
- {
- let n=m.length
- let d=FF(2*n)
- d.dsucopy(self)
- copy(d.dmod(m))
- }
-
- func redc(_ m: FF,_ ND:FF)
- {
- let n=m.length
- let d=FF(2*n)
- mod(m)
- d.dscopy(self)
- copy(d.reduce(m,ND))
- mod(m)
- }
- private func mod2m(_ m: Int)
- {
- for i in m ..< length
- {v[i].zero()}
- }
- /* U=1/a mod 2^m - Arazi & Qi */
- private func invmod2m() -> FF
- {
- let n=length;
-
- let b=FF(n);
- let c=FF(n);
- let U=FF(n);
-
- U.zero();
- U.v[0].copy(v[0]);
- U.v[0].invmod2m();
-
- var i=1
- //for var i=1;i<n;i<<=1
- while (i<n)
- {
- b.copy(self); b.mod2m(i);
- let t=FF.mul(U,b); t.shrw(i); b.copy(t);
- c.copy(self); c.shrw(i); c.mod2m(i);
- c.lmul(U); c.mod2m(i);
-
- b.add(c); b.norm();
- b.lmul(U); b.mod2m(i);
-
- c.one(); c.shlw(i); b.revsub(c); b.norm();
- b.shlw(i);
- U.add(b);
- i<<=1
- }
- U.norm();
- return U;
- }
-
- func random(_ rng: RAND)
- {
- let n=length;
- for i in 0 ..< n
- {
- v[i].copy(BIG.random(rng));
- }
- /* make sure top bit is 1 */
- while (v[n-1].nbits()<Int(ROM.MODBYTES)*8) {v[n-1].copy(BIG.random(rng))}
- }
- /* generate random x */
- func randomnum(_ p: FF,_ rng: RAND)
- {
- let n=length;
- let d=FF(2*n);
-
- for i in 0 ..< 2*n
- {
- d.v[i].copy(BIG.random(rng));
- }
- copy(d.dmod(p));
- }
- /* this*=y mod p */
- func modmul(_ y: FF,_ p:FF,_ nd: FF)
- {
- if BIG.ff_pexceed(v[length-1],y.v[y.length-1]) {mod(p)}
- // let ex=P_EXCESS();
- //let ey=y.P_EXCESS();
- // if ((ex+1)>=(FF.P_FEXCESS-1)/(ey+1)) {mod(p)}
- let d=FF.mul(self,y);
- copy(d.reduce(p,nd));
- }
-
- /* this*=y mod p */
- func modsqr(_ p: FF,_ nd:FF)
- {
- if BIG.ff_sexceed(v[length-1]) {mod(p)}
- // let ex=P_EXCESS();
- // if ((ex+1)>=(FF.P_FEXCESS-1)/(ex+1)) {mod(p)}
- let d=FF.sqr(self);
- copy(d.reduce(p,nd));
- }
-
- /* self=self^e mod p using side-channel resistant Montgomery Ladder, for large e */
- func skpow(_ e: FF,_ p:FF)
- {
- let n=p.length
- let R0=FF(n)
- let R1=FF(n)
- let ND=p.invmod2m()
-
- mod(p)
- R0.one()
- R1.copy(self)
- R0.nres(p)
- R1.nres(p)
-
- for i in (0...8*Int(ROM.MODBYTES)*n-1).reversed()
- {
- let b=Int(e.v[i/Int(ROM.BIGBITS)].bit(UInt(i%Int(ROM.BIGBITS))))
- copy(R0)
- modmul(R1,p,ND)
-
- FF.cswap(R0,R1,b)
- R0.modsqr(p,ND)
-
- R1.copy(self)
- FF.cswap(R0,R1,b)
-
- }
-
- copy(R0)
- redc(p,ND)
- }
-
- /* this =this^e mod p using side-channel resistant Montgomery Ladder, for short e */
- func skpow(_ e: BIG,_ p:FF)
- {
- let n=p.length
- let R0=FF(n)
- let R1=FF(n)
- let ND=p.invmod2m()
-
- mod(p)
- R0.one()
- R1.copy(self)
- R0.nres(p)
- R1.nres(p)
-
- for i in (0...8*Int(ROM.MODBYTES)-1).reversed()
- {
- let b=(e.bit(UInt(i)))
- copy(R0)
- modmul(R1,p,ND)
-
- FF.cswap(R0,R1,b)
- R0.modsqr(p,ND)
-
- R1.copy(self)
- FF.cswap(R0,R1,b)
- }
- copy(R0)
- redc(p,ND)
- }
-
- /* raise to an integer power - right-to-left method */
- func power(_ e:Int,_ p:FF)
- {
- let n=p.length
- var f=true
- let w=FF(n)
- let ND=p.invmod2m()
- var ee=e;
-
- w.copy(self)
- w.nres(p)
-
- if (ee==2)
- {
- copy(w)
- modsqr(p,ND)
- }
- else
- {
- while true
- {
- if (ee%2==1)
- {
- if (f) {copy(w)}
- else {modmul(w,p,ND)}
- f=false;
- }
- ee>>=1;
- if (ee==0) {break}
- w.modsqr(p,ND)
- }
- }
- redc(p,ND)
- }
-
- /* this=this^e mod p, faster but not side channel resistant */
- func pow(_ e: FF,_ p:FF)
- {
- let n=p.length
- let w=FF(n)
- let ND=p.invmod2m()
-
- w.copy(self);
- one();
- nres(p);
- w.nres(p);
- for i in (0...8*Int(ROM.MODBYTES)*n-1).reversed()
- // for var i=8*Int(ROM.MODBYTES)*n-1;i>=0;i--
- {
- modsqr(p,ND)
- let b=e.v[i/Int(ROM.BIGBITS)].bit(UInt(i%Int(ROM.BIGBITS)))
- if (b==1) {modmul(w,p,ND)}
- }
- redc(p,ND);
- }
- /* double exponentiation r=x^e.y^f mod p */
- func pow2(_ e: BIG,_ y:FF,_ f:BIG,_ p:FF)
- {
- let n=p.length
- let xn=FF(n)
- let yn=FF(n)
- let xy=FF(n)
- let ND=p.invmod2m()
-
- xn.copy(self)
- yn.copy(y)
- xn.nres(p)
- yn.nres(p)
- xy.copy(xn); xy.modmul(yn,p,ND)
- one()
- nres(p)
-
- for i in (0...8*Int(ROM.MODBYTES)-1).reversed()
- // for var i=8*Int(ROM.MODBYTES)-1;i>=0;i--
- {
- let eb=e.bit(UInt(i))
- let fb=f.bit(UInt(i))
- modsqr(p,ND)
- if (eb==1)
- {
- if (fb==1) {modmul(xy,p,ND)}
- else {modmul(xn,p,ND)}
- }
- else
- {
- if (fb==1) {modmul(yn,p,ND)}
- }
- }
- redc(p,ND)
- }
- static func igcd(_ x:Int,_ y:Int) -> Int
- { /* integer GCD, returns GCD of x and y */
- var xx=x;
- var yy=y;
- if (yy==0) {return xx}
- while true
- {
- let r=xx%yy; if r==0 {break}
- xx=yy; yy=r;
- }
- return yy;
- }
-
- /* quick and dirty check for common factor with n */
- func cfactor(_ s: Int) -> Bool
- {
- let n=length;
- let x=FF(n);
- let y=FF(n);
- y.set(s);
-
- x.copy(self);
- x.norm();
-
- repeat
- {
- x.sub(y);
- x.norm();
- while ( (!x.iszilch()) && x.parity()==0) {x.shr()}
- } while (FF.comp(x,y)>0);
- let g=x.v[0].get(0);
- let r=FF.igcd(s,Int(g));
-
- if (r>1) {return true}
- return false;
- }
-
- /* Miller-Rabin test for primality. Slow. */
- static func prime(_ p: FF,_ rng:RAND) -> Bool
- {
- var s=0
- let n=p.length
- var loop:Bool
-
- let d=FF(n)
- let x=FF(n)
- let unity=FF(n)
- let nm1=FF(n)
-
- let sf:Int=4849845; /* 3*5*.. *19 */
- p.norm();
- if (p.cfactor(sf)) {return false}
- unity.one();
- nm1.copy(p);
- nm1.sub(unity);
- nm1.norm();
- d.copy(nm1);
-
- while (d.parity()==0)
- {
- d.shr();
- s += 1;
- }
-
- if (s==0) {return false}
- for _ in 0 ..< 10
- {
- x.randomnum(p,rng)
- x.pow(d,p)
- if (FF.comp(x,unity)==0 || FF.comp(x,nm1)==0) {continue}
- loop=false
- for _ in 1 ..< s
- {
- x.power(2,p);
- if (FF.comp(x,unity)==0) {return false}
- if (FF.comp(x,nm1)==0) {loop=true; break;}
- }
- if (loop) {continue}
- return false;
- }
- return true;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/swift/fp.swift
----------------------------------------------------------------------
diff --git a/version22/swift/fp.swift b/version22/swift/fp.swift
deleted file mode 100644
index b4c0ba0..0000000
--- a/version22/swift/fp.swift
+++ /dev/null
@@ -1,309 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-//
-// fp.swift
-//
-// Created by Michael Scott on 20/06/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-// Small Finite Field arithmetic
-// AMCL mod p functions
-//
-
-final class FP {
- var x:BIG
- static let p=BIG(ROM.Modulus)
-/* convert to Montgomery n-residue form */
- func nres()
- {
- if ROM.MODTYPE != ROM.PSEUDO_MERSENNE && ROM.MODTYPE != ROM.GENERALISED_MERSENNE
- {
- let d=DBIG(x)
- d.shl(UInt(ROM.NLEN)*ROM.BASEBITS)
- x.copy(d.mod(FP.p))
- }
- }
-/* convert back to regular form */
- func redc() -> BIG
- {
- if ROM.MODTYPE != ROM.PSEUDO_MERSENNE && ROM.MODTYPE != ROM.GENERALISED_MERSENNE
- {
- let d=DBIG(x)
- return BIG.mod(d)
- }
- else
- {
- let r=BIG(x)
- return r;
- }
- }
-
- init()
- {
- x=BIG(0)
- }
- init(_ a: Int)
- {
- x=BIG(a)
- nres()
- }
- init(_ a: BIG)
- {
- x=BIG(a)
- nres()
- }
- init(_ a: FP)
- {
- x=BIG(a.x)
- }
- /* convert to string */
- func toString() -> String
- {
- let s=redc().toString();
- return s;
- }
-
- func toRawString() -> String
- {
- let s=x.toRawString();
- return s;
- }
-/* reduce this mod Modulus */
- func reduce()
- {
- x.mod(FP.p)
- }
-
-/* test this=0? */
- func iszilch() -> Bool
- {
- reduce();
- return x.iszilch()
- }
-
-/* copy from FP b */
- func copy(_ b: FP)
- {
- x.copy(b.x);
- }
-
-/* set this=0 */
- func zero()
- {
- x.zero();
- }
-
-/* set this=1 */
- func one()
- {
- x.one(); nres()
- }
-
-/* normalise this */
- func norm()
- {
- x.norm();
- }
-/* swap FPs depending on d */
- func cswap(_ b: FP,_ d: Int)
- {
- x.cswap(b.x,d)
- }
-
-/* copy FPs depending on d */
- func cmove(_ b: FP,_ d:Int)
- {
- x.cmove(b.x,d);
- }
-/* this*=b mod Modulus */
- func mul(_ b: FP)
- {
- norm()
- b.norm()
- let ea=BIG.EXCESS(x)
- let eb=BIG.EXCESS(b.x)
-
- if Int64(ea+1)*Int64(eb+1)>Int64(ROM.FEXCESS) {reduce()}
- /*if (ea+1)>=(ROM.FEXCESS-1)/(eb+1) {reduce()}*/
-
- let d=BIG.mul(x,b.x)
- x.copy(BIG.mod(d))
- }
- static func logb2(_ w: UInt32) -> Int
- {
- var v = w
- v |= (v >> 1)
- v |= (v >> 2)
- v |= (v >> 4)
- v |= (v >> 8)
- v |= (v >> 16)
-
- v = v - ((v >> 1) & 0x55555555)
- v = (v & 0x33333333) + ((v >> 2) & 0x33333333)
- let r = Int(( ((v + (v >> 4)) & 0xF0F0F0F) &* 0x1010101) >> 24)
- return (r+1)
- }
- /* this = -this mod Modulus */
- func neg()
- {
- let m=BIG(FP.p);
-
- norm();
- let sb=FP.logb2(UInt32(BIG.EXCESS(x)))
- // var ov=BIG.EXCESS(x);
- // var sb=1; while(ov != 0) {sb += 1;ov>>=1}
-
- m.fshl(sb)
- x.rsub(m)
-
- if BIG.EXCESS(x)>=ROM.FEXCESS {reduce()}
- }
- /* this*=c mod Modulus, where c is a small int */
- func imul(_ c: Int)
- {
- var cc=c
- norm();
- var s=false
- if (cc<0)
- {
- cc = -cc
- s=true
- }
- let afx=(BIG.EXCESS(x)+1)*(cc+1)+1;
- if cc<ROM.NEXCESS && afx<ROM.FEXCESS
- {
- x.imul(cc);
- }
- else
- {
- if afx<ROM.FEXCESS {x.pmul(cc)}
- else
- {
- let d=x.pxmul(cc);
- x.copy(d.mod(FP.p));
- }
- }
- if s {neg()}
- norm();
- }
-
-/* this*=this mod Modulus */
- func sqr()
- {
- norm()
- let ea=BIG.EXCESS(x);
-
- if Int64(ea+1)*Int64(ea+1)>Int64(ROM.FEXCESS) {reduce()}
- /*if (ea+1)>=(ROM.FEXCESS-1)/(ea+1) {reduce()}*/
-
- let d=BIG.sqr(x);
- x.copy(BIG.mod(d));
- }
-
- /* this+=b */
- func add(_ b: FP)
- {
- x.add(b.x);
- if BIG.EXCESS(x)+2>=ROM.FEXCESS {reduce()}
- }
-/* this-=b */
- func sub(_ b: FP)
- {
- let n=FP(b)
- n.neg()
- self.add(n)
- }
-/* this/=2 mod Modulus */
- func div2()
- {
- x.norm()
- if (x.parity()==0)
- {x.fshr(1)}
- else
- {
- x.add(FP.p)
- x.norm()
- x.fshr(1)
- }
- }
-/* this=1/this mod Modulus */
- func inverse()
- {
- let r=redc()
- r.invmodp(FP.p)
- x.copy(r)
- nres()
- }
-
-/* return TRUE if this==a */
- func equals(_ a: FP) -> Bool
- {
- a.reduce()
- reduce()
- if (BIG.comp(a.x,x)==0) {return true}
- return false;
- }
-/* return this^e mod Modulus */
- func pow(_ e: BIG) -> FP
- {
- let r=FP(1)
- e.norm()
- x.norm()
- let m=FP(self)
- while (true)
- {
- let bt=e.parity()
- e.fshr(1)
- if bt==1 {r.mul(m)}
- if e.iszilch() {break}
- m.sqr();
- }
- r.x.mod(FP.p);
- return r;
- }
-/* return sqrt(this) mod Modulus */
- func sqrt() -> FP
- {
- reduce();
- let b=BIG(FP.p)
- if (ROM.MOD8==5)
- {
- b.dec(5); b.norm(); b.shr(3)
- let i=FP(self); i.x.shl(1)
- let v=i.pow(b)
- i.mul(v); i.mul(v)
- i.x.dec(1)
- let r=FP(self)
- r.mul(v); r.mul(i)
- r.reduce()
- return r
- }
- else
- {
- b.inc(1); b.norm(); b.shr(2)
- return pow(b)
- }
- }
-/* return jacobi symbol (this/Modulus) */
- func jacobi() -> Int
- {
- let w=redc()
- return w.jacobi(FP.p)
- }
-
-}
[17/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/ecp.c
----------------------------------------------------------------------
diff --git a/version3/c/ecp.c b/version3/c/ecp.c
deleted file mode 100644
index 39d5c0a..0000000
--- a/version3/c/ecp.c
+++ /dev/null
@@ -1,1468 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL Elliptic Curve Functions */
-/* SU=m, SU is Stack Usage (Weierstrass Curves) */
-
-//#define HAS_MAIN
-
-#include "ecp_ZZZ.h"
-
-/* test for P=O point-at-infinity */
-int ECP_ZZZ_isinf(ECP_ZZZ *P)
-{
-// if (P->inf) return 1;
-// FP_YYY_reduce(&(P->x));
-// FP_YYY_reduce(&(P->z));
-#if CURVETYPE_ZZZ==EDWARDS
-// FP_YYY_reduce(&(P->y));
- return (FP_YYY_iszilch(&(P->x)) && FP_YYY_equals(&(P->y),&(P->z)));
-#endif
-#if CURVETYPE_ZZZ==WEIERSTRASS
-// FP_YYY_reduce(&(P->y));
- return (FP_YYY_iszilch(&(P->x)) && FP_YYY_iszilch(&(P->z)));
-#endif
-#if CURVETYPE_ZZZ==MONTGOMERY
- return FP_YYY_iszilch(&(P->z));
-#endif
-// return P->inf;
-
-}
-
-/* Conditional swap of P and Q dependant on d */
-static void ECP_ZZZ_cswap(ECP_ZZZ *P,ECP_ZZZ *Q,int d)
-{
- FP_YYY_cswap(&(P->x),&(Q->x),d);
-#if CURVETYPE_ZZZ!=MONTGOMERY
- FP_YYY_cswap(&(P->y),&(Q->y),d);
-#endif
- FP_YYY_cswap(&(P->z),&(Q->z),d);
-/*
- d=~(d-1);
- d=d&(P->inf^Q->inf);
- P->inf^=d;
- Q->inf^=d;
-*/
-}
-
-#if CURVETYPE_ZZZ!=MONTGOMERY
-/* Conditional move Q to P dependant on d */
-static void ECP_ZZZ_cmove(ECP_ZZZ *P,ECP_ZZZ *Q,int d)
-{
- FP_YYY_cmove(&(P->x),&(Q->x),d);
-#if CURVETYPE_ZZZ!=MONTGOMERY
- FP_YYY_cmove(&(P->y),&(Q->y),d);
-#endif
- FP_YYY_cmove(&(P->z),&(Q->z),d);
-/*
- d=~(d-1);
- P->inf^=(P->inf^Q->inf)&d;
-*/
-}
-
-/* return 1 if b==c, no branching */
-static int teq(sign32 b,sign32 c)
-{
- sign32 x=b^c;
- x-=1; // if x=0, x now -1
- return (int)((x>>31)&1);
-}
-#endif // CURVETYPE_ZZZ!=MONTGOMERY
-
-#if CURVETYPE_ZZZ!=MONTGOMERY
-/* Constant time select from pre-computed table */
-static void ECP_ZZZ_select(ECP_ZZZ *P,ECP_ZZZ W[],sign32 b)
-{
- ECP_ZZZ MP;
- sign32 m=b>>31;
- sign32 babs=(b^m)-m;
-
- babs=(babs-1)/2;
-
- ECP_ZZZ_cmove(P,&W[0],teq(babs,0)); // conditional move
- ECP_ZZZ_cmove(P,&W[1],teq(babs,1));
- ECP_ZZZ_cmove(P,&W[2],teq(babs,2));
- ECP_ZZZ_cmove(P,&W[3],teq(babs,3));
- ECP_ZZZ_cmove(P,&W[4],teq(babs,4));
- ECP_ZZZ_cmove(P,&W[5],teq(babs,5));
- ECP_ZZZ_cmove(P,&W[6],teq(babs,6));
- ECP_ZZZ_cmove(P,&W[7],teq(babs,7));
-
- ECP_ZZZ_copy(&MP,P);
- ECP_ZZZ_neg(&MP); // minus P
- ECP_ZZZ_cmove(P,&MP,(int)(m&1));
-}
-#endif
-
-/* Test P == Q */
-/* SU=168 */
-int ECP_ZZZ_equals(ECP_ZZZ *P,ECP_ZZZ *Q)
-{
- FP_YYY a,b;
-// if (ECP_ZZZ_isinf(P) && ECP_ZZZ_isinf(Q)) return 1;
-// if (ECP_ZZZ_isinf(P) || ECP_ZZZ_isinf(Q)) return 0;
-
-
- FP_YYY_mul(&a,&(P->x),&(Q->z));
- FP_YYY_mul(&b,&(Q->x),&(P->z));
- if (!FP_YYY_equals(&a,&b)) return 0;
-
-#if CURVETYPE_ZZZ!=MONTGOMERY
- FP_YYY_mul(&a,&(P->y),&(Q->z));
- FP_YYY_mul(&b,&(Q->y),&(P->z));
- if (!FP_YYY_equals(&a,&b)) return 0;
-#endif
-
- return 1;
-
-}
-
-/* Set P=Q */
-/* SU=16 */
-void ECP_ZZZ_copy(ECP_ZZZ *P,ECP_ZZZ *Q)
-{
-// P->inf=Q->inf;
- FP_YYY_copy(&(P->x),&(Q->x));
-#if CURVETYPE_ZZZ!=MONTGOMERY
- FP_YYY_copy(&(P->y),&(Q->y));
-#endif
- FP_YYY_copy(&(P->z),&(Q->z));
-}
-
-/* Set P=-Q */
-#if CURVETYPE_ZZZ!=MONTGOMERY
-/* SU=8 */
-void ECP_ZZZ_neg(ECP_ZZZ *P)
-{
-// if (ECP_ZZZ_isinf(P)) return;
-#if CURVETYPE_ZZZ==WEIERSTRASS
- FP_YYY_neg(&(P->y),&(P->y));
- FP_YYY_norm(&(P->y));
-#else
- FP_YYY_neg(&(P->x),&(P->x));
- FP_YYY_norm(&(P->x));
-#endif
-
-}
-#endif
-
-/* Set P=O */
-void ECP_ZZZ_inf(ECP_ZZZ *P)
-{
- FP_YYY_zero(&(P->x));
-#if CURVETYPE_ZZZ!=MONTGOMERY
- FP_YYY_one(&(P->y));
-#endif
-#if CURVETYPE_ZZZ!=EDWARDS
- FP_YYY_zero(&(P->z));
-#else
- FP_YYY_one(&(P->z));
-#endif
-// P->inf=1;
-}
-
-/* Calculate right Hand Side of curve equation y^2=RHS */
-/* SU=56 */
-void ECP_ZZZ_rhs(FP_YYY *v,FP_YYY *x)
-{
-#if CURVETYPE_ZZZ==WEIERSTRASS
- /* x^3+Ax+B */
- FP_YYY t;
- FP_YYY_sqr(&t,x);
- FP_YYY_mul(&t,&t,x);
-
- if (CURVE_A_ZZZ==-3)
- {
- FP_YYY_neg(v,x);
- FP_YYY_norm(v);
- FP_YYY_imul(v,v,-CURVE_A_ZZZ);
- FP_YYY_norm(v);
- FP_YYY_add(v,&t,v);
- }
- else FP_YYY_copy(v,&t);
-
- FP_YYY_rcopy(&t,CURVE_B_ZZZ);
-
- FP_YYY_add(v,&t,v);
- FP_YYY_reduce(v);
-#endif
-
-#if CURVETYPE_ZZZ==EDWARDS
- /* (Ax^2-1)/(Bx^2-1) */
- FP_YYY t,one;
- FP_YYY_sqr(v,x);
- FP_YYY_one(&one);
- FP_YYY_rcopy(&t,CURVE_B_ZZZ);
-
- FP_YYY_mul(&t,v,&t);
- FP_YYY_sub(&t,&t,&one);
- FP_YYY_norm(&t);
- if (CURVE_A_ZZZ==1) FP_YYY_sub(v,v,&one);
-
- if (CURVE_A_ZZZ==-1)
- {
- FP_YYY_add(v,v,&one);
- FP_YYY_norm(v);
- FP_YYY_neg(v,v);
- }
- FP_YYY_norm(v);
- FP_YYY_inv(&t,&t);
- FP_YYY_mul(v,v,&t);
- FP_YYY_reduce(v);
-#endif
-
-#if CURVETYPE_ZZZ==MONTGOMERY
- /* x^3+Ax^2+x */
- FP_YYY x2,x3;
- FP_YYY_sqr(&x2,x);
- FP_YYY_mul(&x3,&x2,x);
- FP_YYY_copy(v,x);
- FP_YYY_imul(&x2,&x2,CURVE_A_ZZZ);
- FP_YYY_add(v,v,&x2);
- FP_YYY_add(v,v,&x3);
- FP_YYY_reduce(v);
-#endif
-}
-
-/* Set P=(x,y) */
-
-#if CURVETYPE_ZZZ==MONTGOMERY
-
-/* Set P=(x,{y}) */
-
-int ECP_ZZZ_set(ECP_ZZZ *P,BIG_XXX x)
-{
- BIG_XXX m,b;
- FP_YYY rhs;
- BIG_XXX_rcopy(m,Modulus_YYY);
-
- FP_YYY_nres(&rhs,x);
-
- ECP_ZZZ_rhs(&rhs,&rhs);
- FP_YYY_redc(b,&rhs);
-
- if (BIG_XXX_jacobi(b,m)!=1)
- {
- ECP_ZZZ_inf(P);
- return 0;
- }
- // P->inf=0;
- FP_YYY_nres(&(P->x),x);
- FP_YYY_one(&(P->z));
- return 1;
-}
-
-/* Extract x coordinate as BIG */
-int ECP_ZZZ_get(BIG_XXX x,ECP_ZZZ *P)
-{
- ECP_ZZZ W;
- ECP_ZZZ_copy(&W,P);
- ECP_ZZZ_affine(&W);
- if (ECP_ZZZ_isinf(&W)) return -1;
- //ECP_ZZZ_affine(P);
- FP_YYY_redc(x,&(Wx));
- return 0;
-}
-
-
-#else
-/* Extract (x,y) and return sign of y. If x and y are the same return only x */
-/* SU=16 */
-int ECP_ZZZ_get(BIG_XXX x,BIG_XXX y,ECP_ZZZ *P)
-{
- ECP_ZZZ W;
- int s;
- ECP_ZZZ_copy(&W,P);
- ECP_ZZZ_affine(&W);
-
- if (ECP_ZZZ_isinf(&W)) return -1;
-
- //ECP_ZZZ_affine(P);
-
- FP_YYY_redc(y,&(W.y));
- s=BIG_XXX_parity(y);
-
- FP_YYY_redc(x,&(W.x));
-
- return s;
-}
-
-/* Set P=(x,{y}) */
-/* SU=96 */
-int ECP_ZZZ_set(ECP_ZZZ *P,BIG_XXX x,BIG_XXX y)
-{
- FP_YYY rhs,y2;
-
- FP_YYY_nres(&y2,y);
- FP_YYY_sqr(&y2,&y2);
- FP_YYY_reduce(&y2);
-
- FP_YYY_nres(&rhs,x);
- ECP_ZZZ_rhs(&rhs,&rhs);
-
- if (!FP_YYY_equals(&y2,&rhs))
- {
- ECP_ZZZ_inf(P);
- return 0;
- }
-
- // P->inf=0;
-
- FP_YYY_nres(&(P->x),x);
- FP_YYY_nres(&(P->y),y);
- FP_YYY_one(&(P->z));
- return 1;
-}
-
-/* Set P=(x,y), where y is calculated from x with sign s */
-/* SU=136 */
-int ECP_ZZZ_setx(ECP_ZZZ *P,BIG_XXX x,int s)
-{
- FP_YYY rhs;
- BIG_XXX t,m;
- BIG_XXX_rcopy(m,Modulus_YYY);
-
- FP_YYY_nres(&rhs,x);
-
- ECP_ZZZ_rhs(&rhs,&rhs);
-
- FP_YYY_redc(t,&rhs);
- if (BIG_XXX_jacobi(t,m)!=1)
- {
- ECP_ZZZ_inf(P);
- return 0;
- }
-
- // P->inf=0;
-
- FP_YYY_nres(&(P->x),x);
- FP_YYY_sqrt(&(P->y),&rhs);
-
-//printf("SR= "); FP_YYY_output(&(P->y)); printf("\n");
-
- FP_YYY_redc(t,&(P->y));
-
-//printf("t= "); BIG_XXX_output(t); printf("\n");
-
- if (BIG_XXX_parity(t)!=s)
- FP_YYY_neg(&(P->y),&(P->y));
- FP_YYY_reduce(&(P->y));
- FP_YYY_one(&(P->z));
- return 1;
-}
-
-#endif
-
-void ECP_ZZZ_cfp(ECP_ZZZ *P)
-{ /* multiply point by curves cofactor */
- BIG_XXX c;
- int cf=CURVE_Cof_I_ZZZ;
- if (cf==1) return;
- if (cf==4)
- {
- ECP_ZZZ_dbl(P);
- ECP_ZZZ_dbl(P);
- //ECP_ZZZ_affine(P);
- return;
- }
- if (cf==8)
- {
- ECP_ZZZ_dbl(P);
- ECP_ZZZ_dbl(P);
- ECP_ZZZ_dbl(P);
- //ECP_ZZZ_affine(P);
- return;
- }
- BIG_XXX_rcopy(c,CURVE_Cof_ZZZ);
- ECP_ZZZ_mul(P,c);
- return;
-}
-
-/* map BIG to point on curve of correct order */
-/* The BIG should be the output of some hash function */
-
-void ECP_ZZZ_mapit(ECP_ZZZ *P,octet *W)
-{
- BIG_XXX q,x;
- BIG_XXX_fromBytes(x,W->val);
- BIG_XXX_rcopy(q,Modulus_YYY);
- BIG_XXX_mod(x,q);
-
- for (;;)
- {
- for (;;)
- {
-#if CURVETYPE_ZZZ!=MONTGOMERY
- ECP_ZZZ_setx(P,x,0);
-#else
- ECP_ZZZ_set(P,x);
-#endif
- BIG_XXX_inc(x,1); BIG_XXX_norm(x);
- if (!ECP_ZZZ_isinf(P)) break;
- }
- ECP_ZZZ_cfp(P);
- if (!ECP_ZZZ_isinf(P)) break;
- }
-}
-
-/* Convert P to Affine, from (x,y,z) to (x,y) */
-/* SU=160 */
-void ECP_ZZZ_affine(ECP_ZZZ *P)
-{
- FP_YYY one,iz;
- BIG_XXX b;
- if (ECP_ZZZ_isinf(P)) return;
- FP_YYY_one(&one);
- if (FP_YYY_equals(&(P->z),&one)) return;
-
- FP_YYY_inv(&iz,&(P->z));
- FP_YYY_mul(&(P->x),&(P->x),&iz);
-
-#if CURVETYPE_ZZZ==EDWARDS || CURVETYPE_ZZZ==WEIERSTRASS
-
- FP_YYY_mul(&(P->y),&(P->y),&iz);
- FP_YYY_reduce(&(P->y));
-
-#endif
-
- FP_YYY_reduce(&(P->x));
- FP_YYY_copy(&(P->z),&one);
-}
-
-/* SU=120 */
-void ECP_ZZZ_outputxyz(ECP_ZZZ *P)
-{
- BIG_XXX x,z;
- if (ECP_ZZZ_isinf(P))
- {
- printf("Infinity\n");
- return;
- }
- FP_YYY_reduce(&(P->x));
- FP_YYY_redc(x,&(P->x));
- FP_YYY_reduce(&(P->z));
- FP_YYY_redc(z,&(P->z));
-
-#if CURVETYPE_ZZZ!=MONTGOMERY
- BIG_XXX y;
- FP_YYY_reduce(&(P->y));
- FP_YYY_redc(y,&(P->y));
- printf("(");
- BIG_XXX_output(x);
- printf(",");
- BIG_XXX_output(y);
- printf(",");
- BIG_XXX_output(z);
- printf(")\n");
-
-#else
- printf("(");
- BIG_XXX_output(x);
- printf(",");
- BIG_XXX_output(z);
- printf(")\n");
-#endif
-}
-
-/* SU=16 */
-/* Output point P */
-void ECP_ZZZ_output(ECP_ZZZ *P)
-{
- BIG_XXX x;
- if (ECP_ZZZ_isinf(P))
- {
- printf("Infinity\n");
- return;
- }
- ECP_ZZZ_affine(P);
-#if CURVETYPE_ZZZ!=MONTGOMERY
- BIG_XXX y;
- FP_YYY_redc(x,&(P->x));
- FP_YYY_redc(y,&(P->y));
- printf("(");
- BIG_XXX_output(x);
- printf(",");
- BIG_XXX_output(y);
- printf(")\n");
-#else
- FP_YYY_redc(x,&(P->x));
- printf("(");
- BIG_XXX_output(x);
- printf(")\n");
-#endif
-}
-
-/* SU=16 */
-/* Output point P */
-void ECP_ZZZ_rawoutput(ECP_ZZZ *P)
-{
- BIG_XXX x,z;
-// if (ECP_ZZZ_isinf(P))
-// {
-// printf("Infinity\n");
-// return;
-// }
-// ECP_ZZZ_affine(P);
-#if CURVETYPE_ZZZ!=MONTGOMERY
- BIG_XXX y;
- FP_YYY_redc(x,&(P->x));
- FP_YYY_redc(y,&(P->y));
- FP_YYY_redc(z,&(P->z));
- printf("(");
- BIG_XXX_output(x);
- printf(",");
- BIG_XXX_output(y);
- printf(",");
- BIG_XXX_output(z);
- printf(")\n");
-#else
- FP_YYY_redc(x,&(P->x));
- FP_YYY_redc(z,&(P->z));
- printf("(");
- BIG_XXX_output(x);
- printf(",");
- BIG_XXX_output(z);
- printf(")\n");
-#endif
-}
-
-/* SU=88 */
-/* Convert P to octet string */
-void ECP_ZZZ_toOctet(octet *W,ECP_ZZZ *P,bool compress)
-{
-#if CURVETYPE_ZZZ==MONTGOMERY
- BIG_XXX x;
- ECP_ZZZ_get(x,P);
- W->len=MODBYTES_XXX+1;
- W->val[0]=6;
- BIG_XXX_toBytes(&(W->val[1]),x);
-#else
- BIG_XXX x,y;
- ECP_ZZZ_get(x,y,P);
- if (compress)
- {
- W->val[0]=0x02;
- if (BIG_XXX_parity(y)==1) W->val[0]=0x03;
- W->len=MODBYTES_XXX+1;
- BIG_XXX_toBytes(&(W->val[1]),x);
- }
- else
- {
- W->val[0]=4;
- W->len=2*MODBYTES_XXX+1;
- BIG_XXX_toBytes(&(W->val[1]),x);
- BIG_XXX_toBytes(&(W->val[MODBYTES_XXX+1]),y);
- }
-#endif
-}
-
-/* SU=88 */
-/* Restore P from octet string */
-int ECP_ZZZ_fromOctet(ECP_ZZZ *P,octet *W)
-{
-#if CURVETYPE_ZZZ==MONTGOMERY
- BIG_XXX x;
- BIG_XXX_fromBytes(x,&(W->val[1]));
- if (ECP_ZZZ_set(P,x)) return 1;
- return 0;
-#else
- BIG_XXX x,y;
- int typ=W->val[0];
- BIG_XXX_fromBytes(x,&(W->val[1]));
- if (typ==0x04)
- {
- BIG_XXX_fromBytes(y,&(W->val[MODBYTES_XXX+1]));
- if (ECP_ZZZ_set(P,x,y)) return 1;
- }
- if (typ==0x02 || typ==0x03)
- {
- if (ECP_ZZZ_setx(P,x,typ&1)) return 1;
- }
- return 0;
-#endif
-}
-
-
-/* Set P=2P */
-/* SU=272 */
-void ECP_ZZZ_dbl(ECP_ZZZ *P)
-{
-#if CURVETYPE_ZZZ==WEIERSTRASS
- FP_YYY t0,t1,t2,t3,x3,y3,z3,b;
-
- // if (ECP_ZZZ_isinf(P)) return;
-
- if (CURVE_A_ZZZ==0)
- {
- //FP_YYY_copy(&t0,&(P->y)); //FP t0=new FP(y);
- FP_YYY_sqr(&t0,&(P->y)); //t0.sqr();
- //FP_YYY_copy(&t1,&(P->y)); //FP t1=new FP(y);
- FP_YYY_mul(&t1,&(P->y),&(P->z)); //t1.mul(z);
-
- //FP_YYY_copy(&t2,&(P->z)); //FP t2=new FP(z);
- FP_YYY_sqr(&t2,&(P->z)); //t2.sqr();
-
- //FP_YYY_copy(&(P->z),&t0); //z.copy(t0);
- FP_YYY_add(&(P->z),&t0,&t0); //z.add(t0);
- FP_YYY_norm(&(P->z)); //z.norm();
- FP_YYY_add(&(P->z),&(P->z),&(P->z)); //z.add(z);
- FP_YYY_add(&(P->z),&(P->z),&(P->z)); //z.add(z);
- FP_YYY_norm(&(P->z)); //z.norm();
-
- FP_YYY_imul(&t2,&t2,3*CURVE_B_I_ZZZ); //t2.imul(3*ROM.CURVE_B_I);
- //FP_YYY_copy(&x3,&t2); //FP x3=new FP(t2);
- FP_YYY_mul(&x3,&t2,&(P->z)); //x3.mul(z);
-
- //FP_YYY_copy(&y3,&t0); //FP y3=new FP(t0);
- FP_YYY_add(&y3,&t0,&t2); //y3.add(t2);
- FP_YYY_norm(&y3); //y3.norm();
- FP_YYY_mul(&(P->z),&(P->z),&t1); //z.mul(t1);
-
- //FP_YYY_copy(&t1,&t2); //t1.copy(t2);
- FP_YYY_add(&t1,&t2,&t2); //t1.add(t2);
- FP_YYY_add(&t2,&t2,&t1); //t2.add(t1);
- FP_YYY_sub(&t0,&t0,&t2); //t0.sub(t2);
- FP_YYY_norm(&t0); //t0.norm();
- FP_YYY_mul(&y3,&y3,&t0); //y3.mul(t0);
- FP_YYY_add(&y3,&y3,&x3); //y3.add(x3);
- //FP_YYY_copy(&t1,&(P->x)); //t1.copy(x); *** optimization possible
- FP_YYY_mul(&t1,&(P->x),&(P->y)); //t1.mul(y);
- //FP_YYY_copy(&(P->x),&t0); //x.copy(t0);
- FP_YYY_norm(&t0); //x.norm();
- FP_YYY_mul(&(P->x),&t0,&t1); //x.mul(t1);
- FP_YYY_add(&(P->x),&(P->x),&(P->x)); //x.add(x);
- FP_YYY_norm(&(P->x)); //x.norm();
- FP_YYY_copy(&(P->y),&y3); //y.copy(y3);
- FP_YYY_norm(&(P->y)); //y.norm();
- }
- else // its -3
- {
- //FP_YYY_copy(&t0,&(P->x)); //FP t0=new FP(x);
- //FP_YYY_copy(&t1,&(P->y)); //FP t1=new FP(y);
- //FP_YYY_copy(&t2,&(P->z)); //FP t2=new FP(z);
- //FP_YYY_copy(&t3,&(P->x)); //FP t3=new FP(x);
- //FP_YYY_copy(&z3,&(P->z)); //FP z3=new FP(z);
-
- if (CURVE_B_I_ZZZ==0) //if (ROM.CURVE_B_I==0)
- FP_YYY_rcopy(&b,CURVE_B_ZZZ); //b.copy(new FP(new BIG(ROM.CURVE_B)));
-
- FP_YYY_sqr(&t0,&(P->x)); //t0.sqr(); //1 x^2
- FP_YYY_sqr(&t1,&(P->y)); //t1.sqr(); //2 y^2
- FP_YYY_sqr(&t2,&(P->z)); //t2.sqr(); //3
-
- FP_YYY_mul(&t3,&(P->x),&(P->y)); //t3.mul(y); //4
- FP_YYY_add(&t3,&t3,&t3); //t3.add(t3);
- FP_YYY_norm(&t3); //t3.norm();//5
-
- FP_YYY_mul(&z3,&(P->z),&(P->x)); //z3.mul(x); //6
- FP_YYY_add(&z3,&z3,&z3); //z3.add(z3);
- FP_YYY_norm(&z3); //z3.norm();//7
- //FP_YYY_copy(&y3,&t2); //y3.copy(t2);
-
- if (CURVE_B_I_ZZZ==0) //if (ROM.CURVE_B_I==0)
- FP_YYY_mul(&y3,&t2,&b); //y3.mul(b); //8
- else
- FP_YYY_imul(&y3,&t2,CURVE_B_I_ZZZ); //y3.imul(ROM.CURVE_B_I);
-
- FP_YYY_sub(&y3,&y3,&z3); //y3.sub(z3); //y3.norm(); //9 ***
- //FP_YYY_copy(&x3,&y3); //x3.copy(y3);
- FP_YYY_add(&x3,&y3,&y3); //x3.add(y3);
- FP_YYY_norm(&x3); //x3.norm();//10
-
- FP_YYY_add(&y3,&y3,&x3); //y3.add(x3); //y3.norm();//11
- //FP_YYY_copy(&x3,&t1); //x3.copy(t1);
- FP_YYY_sub(&x3,&t1,&y3); //x3.sub(y3);
- FP_YYY_norm(&x3); //x3.norm();//12
- FP_YYY_add(&y3,&y3,&t1); //y3.add(t1);
- FP_YYY_norm(&y3); //y3.norm();//13
- FP_YYY_mul(&y3,&y3,&x3); //y3.mul(x3); //14
- FP_YYY_mul(&x3,&x3,&t3); //x3.mul(t3); //15
- //FP_YYY_copy(&t3,&t2); //t3.copy(t2);
- FP_YYY_add(&t3,&t2,&t2); //t3.add(t2); //16
- FP_YYY_add(&t2,&t2,&t3); //t2.add(t3); //17
-
- if (CURVE_B_I_ZZZ==0) //if (ROM.CURVE_B_I==0)
- FP_YYY_mul(&z3,&z3,&b); //z3.mul(b); //18
- else
- FP_YYY_imul(&z3,&z3,CURVE_B_I_ZZZ); //z3.imul(ROM.CURVE_B_I);
-
- FP_YYY_sub(&z3,&z3,&t2); //z3.sub(t2); //z3.norm();//19
- FP_YYY_sub(&z3,&z3,&t0); //z3.sub(t0);
- FP_YYY_norm(&z3); //z3.norm();//20 ***
- //FP_YYY_copy(&t3,&z3); //t3.copy(z3);
- FP_YYY_add(&t3,&z3,&z3); //t3.add(z3); //t3.norm();//21
-
- FP_YYY_add(&z3,&z3,&t3); //z3.add(t3);
- FP_YYY_norm(&z3); //z3.norm(); //22
- //FP_YYY_copy(&t3,&t0); //t3.copy(t0);
- FP_YYY_add(&t3,&t0,&t0); //t3.add(t0); //t3.norm(); //23
- FP_YYY_add(&t0,&t0,&t3); //t0.add(t3); //t0.norm();//24
- FP_YYY_sub(&t0,&t0,&t2); //t0.sub(t2);
- FP_YYY_norm(&t0); //t0.norm();//25
-
- FP_YYY_mul(&t0,&t0,&z3); //t0.mul(z3);//26
- FP_YYY_add(&y3,&y3,&t0); //y3.add(t0); //y3.norm();//27
- //FP_YYY_copy(&t0,&(P->y)); //t0.copy(y);
- FP_YYY_mul(&t0,&(P->y),&(P->z)); //t0.mul(z);//28
- FP_YYY_add(&t0,&t0,&t0); //t0.add(t0);
- FP_YYY_norm(&t0); //t0.norm(); //29
- FP_YYY_mul(&z3,&z3,&t0); //z3.mul(t0);//30
- FP_YYY_sub(&(P->x),&x3,&z3); //x3.sub(z3); //x3.norm();//31
- FP_YYY_add(&t0,&t0,&t0); //t0.add(t0);
- FP_YYY_norm(&t0); //t0.norm();//32
- FP_YYY_add(&t1,&t1,&t1); //t1.add(t1);
- FP_YYY_norm(&t1); //t1.norm();//33
- //FP_YYY_copy(&z3,&t0); //z3.copy(t0);
- FP_YYY_mul(&(P->z),&t0,&t1); //z3.mul(t1);//34
-
- //FP_YYY_copy(&(P->x),&x3); //x.copy(x3);
- FP_YYY_norm(&(P->x)); //x.norm();
- FP_YYY_copy(&(P->y),&y3); //y.copy(y3);
- FP_YYY_norm(&(P->y)); //y.norm();
- //FP_YYY_copy(&(P->z),&z3); //z.copy(z3);
- FP_YYY_norm(&(P->z)); //z.norm();
- }
-#endif
-
-#if CURVETYPE_ZZZ==EDWARDS
- /* Not using square for multiplication swap, as (1) it needs more adds, and (2) it triggers more reductions */
-
- FP_YYY C,D,H,J;
-
-// if (ECP_ZZZ_isinf(P)) return;
-
- //FP_YYY_copy(&C,&(P->x)); //FP C=new FP(x);
- FP_YYY_sqr(&C,&(P->x)); //C.sqr();
- //FP_YYY_copy(&D,&(P->y)); //FP D=new FP(y);
- //FP_YYY_copy(&H,&(P->z)); //FP H=new FP(z);
-
- FP_YYY_mul(&(P->x),&(P->x),&(P->y)); //x.mul(y);
- FP_YYY_add(&(P->x),&(P->x),&(P->x)); //x.add(x);
- FP_YYY_norm(&(P->x)); //x.norm();
-
- FP_YYY_sqr(&D,&(P->y)); //D.sqr();
-
- if (CURVE_A_ZZZ==-1) //if (ROM.CURVE_A==-1)
- FP_YYY_neg(&C,&C); // C.neg();
-
- //FP_YYY_copy(&(P->y),&C); //y.copy(C);
- FP_YYY_add(&(P->y),&C,&D); //y.add(D);
- FP_YYY_norm(&(P->y)); //y.norm();
- FP_YYY_sqr(&H,&(P->z)); //H.sqr();
- FP_YYY_add(&H,&H,&H); //H.add(H);
-
-
- //FP_YYY_copy(&(P->z),&(P->y)); //z.copy(y);
- //FP_YYY_copy(&J,&(P->y)); //J.copy(y);
-
- FP_YYY_sub(&J,&(P->y),&H); //J.sub(H);
- FP_YYY_norm(&J); //J.norm();
-
- FP_YYY_mul(&(P->x),&(P->x),&J); //x.mul(J);
- FP_YYY_sub(&C,&C,&D); //C.sub(D);
- FP_YYY_norm(&C); //C.norm();
- FP_YYY_mul(&(P->z),&(P->y),&J); //z.mul(J);
- FP_YYY_mul(&(P->y),&(P->y),&C); //y.mul(C);
-
-
-#endif
-
-#if CURVETYPE_ZZZ==MONTGOMERY
- FP_YYY A,B,AA,BB,C;
-
-// if (ECP_ZZZ_isinf(P)) return;
-
- //FP_YYY_copy(&A,&(P->x)); //FP A=new FP(x);
- //FP_YYY_copy(&B,&(P->x)); //FP B=new FP(x);
-
- FP_YYY_add(&A,&(P->x),&(P->z)); //A.add(z);
- FP_YYY_norm(&A); //A.norm();
- //FP_YYY_copy(&AA,&A); //AA.copy(A);
- FP_YYY_sqr(&AA,&A); //AA.sqr();
- FP_YYY_sub(&B,&(P->x),&(P->z)); //B.sub(z);
- FP_YYY_norm(&B); //B.norm();
- //FP_YYY_copy(&BB,&B); //BB.copy(B);
- FP_YYY_sqr(&BB,&B); //BB.sqr();
- //FP_YYY_copy(&C,&AA); //C.copy(AA);
- FP_YYY_sub(&C,&AA,&BB); //C.sub(BB);
- FP_YYY_norm(&C); //C.norm();
- //FP_YYY_copy(&(P->x),&AA); //x.copy(AA);
- FP_YYY_mul(&(P->x),&AA,&BB); //x.mul(BB);
-
- //FP_YYY_copy(&A,&C); //A.copy(C);
- FP_YYY_imul(&A,&C,(CURVE_A_ZZZ+2)/4); //A.imul((ROM.CURVE_A+2)/4);
-
- FP_YYY_add(&BB,&BB,&A); //BB.add(A);
- FP_YYY_norm(&BB); //BB.norm();
- //FP_YYY_copy(&(P->z),&BB); //z.copy(BB);
- FP_YYY_mul(&(P->z),&BB,&C); //z.mul(C);
-
-#endif
-}
-
-#if CURVETYPE_ZZZ==MONTGOMERY
-
-/* Set P+=Q. W is difference between P and Q and is affine */
-void ECP_ZZZ_add(ECP_ZZZ *P,ECP_ZZZ *Q,ECP_ZZZ *W)
-{
- FP_YYY A,B,C,D,DA,CB;
-
- //FP_YYY_copy(&A,&(P->x)); //FP A=new FP(x);
- //FP_YYY_copy(&B,&(P->x)); //FP B=new FP(x);
- //FP_YYY_copy(&C,&(Q->x)); //FP C=new FP(Q.x);
- //FP_YYY_copy(&D,&(Q->x)); //FP D=new FP(Q.x);
-
- FP_YYY_add(&A,&(P->x),&(P->z)); //A.add(z);
- FP_YYY_sub(&B,&(P->x),&(P->z)); //B.sub(z);
-
- FP_YYY_add(&C,&(Q->x),&(Q->z)); //C.add(Q.z);
-
- FP_YYY_sub(&D,&(Q->x),&(Q->z)); //D.sub(Q.z);
- FP_YYY_norm(&A); //A.norm();
-
- FP_YYY_norm(&D); //D.norm();
- //FP_YYY_copy(&DA,&D); //DA.copy(D);
- FP_YYY_mul(&DA,&D,&A); //DA.mul(A);
-
-
-
- FP_YYY_norm(&C); //C.norm();
- FP_YYY_norm(&B); //B.norm();
- //FP_YYY_copy(&CB,&C); //CB.copy(C);
- FP_YYY_mul(&CB,&C,&B); //CB.mul(B);
-
- //FP_YYY_copy(&A,&DA); //A.copy(DA);
- FP_YYY_add(&A,&DA,&CB); //A.add(CB);
- FP_YYY_norm(&A); //A.norm();
- FP_YYY_sqr(&(P->x),&A); //A.sqr();
- //FP_YYY_copy(&B,&DA); //B.copy(DA);
- FP_YYY_sub(&B,&DA,&CB); //B.sub(CB);
- FP_YYY_norm(&B); //B.norm();
- FP_YYY_sqr(&B,&B); //B.sqr();
-
- //FP_YYY_copy(&(P->x),&A); //x.copy(A);
- //FP_YYY_copy(&(P->z),&(W->x));//z.copy(W.x);
- FP_YYY_mul(&(P->z),&(W->x),&B); //z.mul(B);
-
-}
-
-#else
-
-/* Set P+=Q */
-/* SU=248 */
-void ECP_ZZZ_add(ECP_ZZZ *P,ECP_ZZZ *Q)
-{
-#if CURVETYPE_ZZZ==WEIERSTRASS
-
- int b3;
- FP_YYY t0,t1,t2,t3,t4,x3,y3,z3,b;
-/*
- if (ECP_ZZZ_isinf(Q)) return;
- if (ECP_ZZZ_isinf(P))
- {
- ECP_ZZZ_copy(P,Q);
- return;
- }
-*/
- if (CURVE_A_ZZZ==0)
- {
- b3=3*CURVE_B_I_ZZZ; //int b=3*ROM.CURVE_B_I;
- //FP_YYY_copy(&t0,&(P->x)); //FP t0=new FP(x);
- FP_YYY_mul(&t0,&(P->x),&(Q->x)); //t0.mul(Q.x);
- //FP_YYY_copy(&t1,&(P->y)); //FP t1=new FP(y);
- FP_YYY_mul(&t1,&(P->y),&(Q->y)); //t1.mul(Q.y);
- //FP_YYY_copy(&t2,&(P->z)); //FP t2=new FP(z);
- FP_YYY_mul(&t2,&(P->z),&(Q->z)); //t2.mul(Q.z);
- //FP_YYY_copy(&t3,&(P->x)); //FP t3=new FP(x);
- FP_YYY_add(&t3,&(P->x),&(P->y)); //t3.add(y);
- FP_YYY_norm(&t3); //t3.norm();
- //FP_YYY_copy(&t4,&(Q->x)); //FP t4=new FP(Q.x);
- FP_YYY_add(&t4,&(Q->x),&(Q->y)); //t4.add(Q.y);
- FP_YYY_norm(&t4); //t4.norm();
- FP_YYY_mul(&t3,&t3,&t4); //t3.mul(t4);
- //FP_YYY_copy(&t4,&t0); //t4.copy(t0);
- FP_YYY_add(&t4,&t0,&t1); //t4.add(t1);
-
- FP_YYY_sub(&t3,&t3,&t4); //t3.sub(t4);
- FP_YYY_norm(&t3); //t3.norm();
- //FP_YYY_copy(&t4,&(P->y)); //t4.copy(y);
- FP_YYY_add(&t4,&(P->y),&(P->z)); //t4.add(z);
- FP_YYY_norm(&t4); //t4.norm();
- //FP_YYY_copy(&x3,&(Q->y)); //FP x3=new FP(Q.y);
- FP_YYY_add(&x3,&(Q->y),&(Q->z)); //x3.add(Q.z);
- FP_YYY_norm(&x3); //x3.norm();
-
- FP_YYY_mul(&t4,&t4,&x3); //t4.mul(x3);
- //FP_YYY_copy(&x3,&t1); //x3.copy(t1);
- FP_YYY_add(&x3,&t1,&t2); //x3.add(t2);
-
- FP_YYY_sub(&t4,&t4,&x3); //t4.sub(x3);
- FP_YYY_norm(&t4); //t4.norm();
- //FP_YYY_copy(&x3,&(P->x)); //x3.copy(x);
- FP_YYY_add(&x3,&(P->x),&(P->z)); //x3.add(z);
- FP_YYY_norm(&x3); //x3.norm();
- //FP_YYY_copy(&y3,&(Q->x)); //FP y3=new FP(Q.x);
- FP_YYY_add(&y3,&(Q->x),&(Q->z)); //y3.add(Q.z);
- FP_YYY_norm(&y3); //y3.norm();
- FP_YYY_mul(&x3,&x3,&y3); //x3.mul(y3);
- //FP_YYY_copy(&y3,&t0); //y3.copy(t0);
- FP_YYY_add(&y3,&t0,&t2); //y3.add(t2);
- FP_YYY_sub(&y3,&x3,&y3); //y3.rsub(x3);
- FP_YYY_norm(&y3); //y3.norm();
- //FP_YYY_copy(&x3,&t0); //x3.copy(t0);
- FP_YYY_add(&x3,&t0,&t0); //x3.add(t0);
- FP_YYY_add(&t0,&t0,&x3); //t0.add(x3);
- FP_YYY_norm(&t0); //t0.norm();
- FP_YYY_imul(&t2,&t2,b3); //t2.imul(b);
-
- //FP_YYY_copy(&z3,&t1); //FP z3=new FP(t1);
- FP_YYY_add(&z3,&t1,&t2); //z3.add(t2);
- FP_YYY_norm(&z3); //z3.norm();
- FP_YYY_sub(&t1,&t1,&t2); //t1.sub(t2);
- FP_YYY_norm(&t1); //t1.norm();
- FP_YYY_imul(&y3,&y3,b3); //y3.imul(b);
-
- //FP_YYY_copy(&x3,&y3); //x3.copy(y3);
- FP_YYY_mul(&x3,&y3,&t4); //x3.mul(t4);
- //FP_YYY_copy(&t2,&t3); //t2.copy(t3);
- FP_YYY_mul(&t2,&t3,&t1); //t2.mul(t1);
- FP_YYY_sub(&(P->x),&t2,&x3); //x3.rsub(t2);
- FP_YYY_mul(&y3,&y3,&t0); //y3.mul(t0);
- FP_YYY_mul(&t1,&t1,&z3); //t1.mul(z3);
- FP_YYY_add(&(P->y),&y3,&t1); //y3.add(t1);
- FP_YYY_mul(&t0,&t0,&t3); //t0.mul(t3);
- FP_YYY_mul(&z3,&z3,&t4); //z3.mul(t4);
- FP_YYY_add(&(P->z),&z3,&t0); //z3.add(t0);
-
- //FP_YYY_copy(&(P->x),&x3); //x.copy(x3);
- FP_YYY_norm(&(P->x)); //x.norm();
- //FP_YYY_copy(&(P->y),&y3); //y.copy(y3);
- FP_YYY_norm(&(P->y)); //y.norm();
- //FP_YYY_copy(&(P->z),&z3); //z.copy(z3);
- FP_YYY_norm(&(P->z)); //z.norm();
- }
- else
- {
- //FP_YYY_copy(&t0,&(P->x)); //FP t0=new FP(x);
- //FP_YYY_copy(&t1,&(P->y)); //FP t1=new FP(y);
- //FP_YYY_copy(&t2,&(P->z)); //FP t2=new FP(z);
- //FP_YYY_copy(&t3,&(P->x)); //FP t3=new FP(x);
- //FP_YYY_copy(&t4,&(Q->x)); //FP t4=new FP(Q.x);
-
- //FP_YYY_copy(&y3,&(Q->x)); //FP y3=new FP(Q.x);
- //FP_YYY_copy(&x3,&(Q->y)); //FP x3=new FP(Q.y);
-
- if (CURVE_B_I_ZZZ==0) //if (ROM.CURVE_B_I==0)
- FP_YYY_rcopy(&b,CURVE_B_ZZZ); //b.copy(new FP(new BIG(ROM.CURVE_B)));
-
- FP_YYY_mul(&t0,&(P->x),&(Q->x)); //t0.mul(Q.x); //1
- FP_YYY_mul(&t1,&(P->y),&(Q->y)); //t1.mul(Q.y); //2
- FP_YYY_mul(&t2,&(P->z),&(Q->z)); //t2.mul(Q.z); //3
-
- FP_YYY_add(&t3,&(P->x),&(P->y)); //t3.add(y);
- FP_YYY_norm(&t3); //t3.norm(); //4
- FP_YYY_add(&t4,&(Q->x),&(Q->y)); //t4.add(Q.y);
- FP_YYY_norm(&t4); //t4.norm();//5
- FP_YYY_mul(&t3,&t3,&t4); //t3.mul(t4);//6
- //FP_YYY_copy(&t4,&t0); //t4.copy(t0);
- FP_YYY_add(&t4,&t0,&t1); //t4.add(t1); //t4.norm(); //7
- FP_YYY_sub(&t3,&t3,&t4); //t3.sub(t4);
- FP_YYY_norm(&t3); //t3.norm(); //8
- //FP_YYY_copy(&t4,&(P->y)); //t4.copy(y);
- FP_YYY_add(&t4,&(P->y),&(P->z)); //t4.add(z);
- FP_YYY_norm(&t4); //t4.norm();//9
- FP_YYY_add(&x3,&(Q->y),&(Q->z)); //x3.add(Q.z);
- FP_YYY_norm(&x3); //x3.norm();//10
- FP_YYY_mul(&t4,&t4,&x3); //t4.mul(x3); //11
- //FP_YYY_copy(&x3,&t1); //x3.copy(t1);
- FP_YYY_add(&x3,&t1,&t2); //x3.add(t2); //x3.norm();//12
-
- FP_YYY_sub(&t4,&t4,&x3); //t4.sub(x3);
- FP_YYY_norm(&t4); //t4.norm();//13
- //FP_YYY_copy(&x3,&(P->x)); //x3.copy(x);
- FP_YYY_add(&x3,&(P->x),&(P->z)); //x3.add(z);
- FP_YYY_norm(&x3); //x3.norm(); //14
- FP_YYY_add(&y3,&(Q->x),&(Q->z)); //y3.add(Q.z);
- FP_YYY_norm(&y3); //y3.norm();//15
-
- FP_YYY_mul(&x3,&x3,&y3); //x3.mul(y3); //16
- //FP_YYY_copy(&y3,&t0); //y3.copy(t0);
- FP_YYY_add(&y3,&t0,&t2); //y3.add(t2); //y3.norm();//17
-
- FP_YYY_sub(&y3,&x3,&y3); //y3.rsub(x3);
- FP_YYY_norm(&y3); //y3.norm(); //18
- //FP_YYY_copy(&z3,&t2); //z3.copy(t2);
-
- if (CURVE_B_I_ZZZ==0) //if (ROM.CURVE_B_I==0)
- FP_YYY_mul(&z3,&t2,&b); //z3.mul(b); //18
- else
- FP_YYY_imul(&z3,&t2,CURVE_B_I_ZZZ); //z3.imul(ROM.CURVE_B_I);
-
- //FP_YYY_copy(&x3,&y3); //x3.copy(y3);
- FP_YYY_sub(&x3,&y3,&z3); //x3.sub(z3);
- FP_YYY_norm(&x3); //x3.norm(); //20
- //FP_YYY_copy(&z3,&x3); //z3.copy(x3);
- FP_YYY_add(&z3,&x3,&x3); //z3.add(x3); //z3.norm(); //21
-
- FP_YYY_add(&x3,&x3,&z3); //x3.add(z3); //x3.norm(); //22
- //FP_YYY_copy(&z3,&t1); //z3.copy(t1);
- FP_YYY_sub(&z3,&t1,&x3); //z3.sub(x3);
- FP_YYY_norm(&z3); //z3.norm(); //23
- FP_YYY_add(&x3,&x3,&t1); //x3.add(t1);
- FP_YYY_norm(&x3); //x3.norm(); //24
-
- if (CURVE_B_I_ZZZ==0) //if (ROM.CURVE_B_I==0)
- FP_YYY_mul(&y3,&y3,&b); //y3.mul(b); //18
- else
- FP_YYY_imul(&y3,&y3,CURVE_B_I_ZZZ); //y3.imul(ROM.CURVE_B_I);
-
- //FP_YYY_copy(&t1,&t2); //t1.copy(t2);
- FP_YYY_add(&t1,&t2,&t2); //t1.add(t2); //t1.norm();//26
- FP_YYY_add(&t2,&t2,&t1); //t2.add(t1); //t2.norm();//27
-
- FP_YYY_sub(&y3,&y3,&t2); //y3.sub(t2); //y3.norm(); //28
-
- FP_YYY_sub(&y3,&y3,&t0); //y3.sub(t0);
- FP_YYY_norm(&y3); //y3.norm(); //29
- //FP_YYY_copy(&t1,&y3); //t1.copy(y3);
- FP_YYY_add(&t1,&y3,&y3); //t1.add(y3); //t1.norm();//30
- FP_YYY_add(&y3,&y3,&t1); //y3.add(t1);
- FP_YYY_norm(&y3); //y3.norm(); //31
-
- //FP_YYY_copy(&t1,&t0); //t1.copy(t0);
- FP_YYY_add(&t1,&t0,&t0); //t1.add(t0); //t1.norm(); //32
- FP_YYY_add(&t0,&t0,&t1); //t0.add(t1); //t0.norm();//33
- FP_YYY_sub(&t0,&t0,&t2); //t0.sub(t2);
- FP_YYY_norm(&t0); //t0.norm();//34
- //FP_YYY_copy(&t1,&t4); //t1.copy(t4);
- FP_YYY_mul(&t1,&t4,&y3); //t1.mul(y3);//35
- //FP_YYY_copy(&t2,&t0); //t2.copy(t0);
- FP_YYY_mul(&t2,&t0,&y3); //t2.mul(y3);//36
- //FP_YYY_copy(&y3,&x3); //y3.copy(x3);
- FP_YYY_mul(&y3,&x3,&z3); //y3.mul(z3);//37
- FP_YYY_add(&(P->y),&y3,&t2); //y3.add(t2); //y3.norm();//38
- FP_YYY_mul(&x3,&x3,&t3); //x3.mul(t3);//39
- FP_YYY_sub(&(P->x),&x3,&t1); //x3.sub(t1);//40
- FP_YYY_mul(&z3,&z3,&t4); //z3.mul(t4);//41
- //FP_YYY_copy(&t1,&t3); //t1.copy(t3);
- FP_YYY_mul(&t1,&t3,&t0); //t1.mul(t0);//42
- FP_YYY_add(&(P->z),&z3,&t1); //z3.add(t1);
- //FP_YYY_copy(&(P->x),&x3); //x.copy(x3);
- FP_YYY_norm(&(P->x)); //x.norm();
- //FP_YYY_copy(&(P->y),&y3); //y.copy(y3);
- FP_YYY_norm(&(P->y)); //y.norm();
- //FP_YYY_copy(&(P->z),&z3); //z.copy(z3);
- FP_YYY_norm(&(P->z)); //z.norm();
- }
-
-#else
- FP_YYY A,B,C,D,E,F,G,b;
-
-/*
- if (ECP_ZZZ_isinf(Q)) return;
- if (ECP_ZZZ_isinf(P))
- {
- ECP_ZZZ_copy(P,Q);
- return;
- }
-*/
-
- //FP_YYY_copy(&A,&(P->z)); //FP A=new FP(z);
- //FP_YYY_copy(&C,&(P->x)); //FP C=new FP(x);
- //FP_YYY_copy(&D,&(P->y)); //FP D=new FP(y);
-
- FP_YYY_mul(&A,&(P->z),&(Q->z)); //A.mul(Q.z);
- //FP_YYY_copy(&B,&A); //B.copy(A);
- FP_YYY_sqr(&B,&A); //B.sqr();
- FP_YYY_mul(&C,&(P->x),&(Q->x)); //C.mul(Q.x);
- FP_YYY_mul(&D,&(P->y),&(Q->y)); //D.mul(Q.y);
-
- //FP_YYY_copy(&E,&C); //E.copy(C);
- FP_YYY_mul(&E,&C,&D); //E.mul(D);
-
- if (CURVE_B_I_ZZZ==0) //if (ROM.CURVE_B_I==0)
- {
- FP_YYY_rcopy(&b,CURVE_B_ZZZ); //FP b=new FP(new BIG(ROM.CURVE_B));
- FP_YYY_mul(&E,&E,&b); //E.mul(b);
- }
- else
- FP_YYY_imul(&E,&E,CURVE_B_I_ZZZ); //E.imul(ROM.CURVE_B_I);
-
- //FP_YYY_copy(&F,&B); //F.copy(B);
- FP_YYY_sub(&F,&B,&E); //F.sub(E);
- //FP_YYY_copy(&G,&B); //G.copy(B);
- FP_YYY_add(&G,&B,&E); //G.add(E);
-
- if (CURVE_A_ZZZ==1) //if (ROM.CURVE_A==1)
- {
- //FP_YYY_copy(&E,&D); //E.copy(D);
- FP_YYY_sub(&E,&D,&C); //E.sub(C);
- }
- FP_YYY_add(&C,&C,&D); //C.add(D);
-
- //FP_YYY_copy(&B,&(P->x)); //B.copy(x);
- FP_YYY_add(&B,&(P->x),&(P->y)); //B.add(y);
- //FP_YYY_copy(&D,&(Q->x)); //D.copy(Q.x);
- FP_YYY_add(&D,&(Q->x),&(Q->y)); //D.add(Q.y);
- FP_YYY_norm(&B); //B.norm();
- FP_YYY_norm(&D); //D.norm();
- FP_YYY_mul(&B,&B,&D); //B.mul(D);
- FP_YYY_sub(&B,&B,&C); //B.sub(C);
- FP_YYY_norm(&B); //B.norm();
- FP_YYY_norm(&F); //F.norm();
- FP_YYY_mul(&B,&B,&F); //B.mul(F);
- //FP_YYY_copy(&(P->x),&A); //x.copy(A);
- FP_YYY_mul(&(P->x),&A,&B); //x.mul(B);
- FP_YYY_norm(&G); //G.norm();
-
- if (CURVE_A_ZZZ==1) //if (ROM.CURVE_A==1)
- {
- FP_YYY_norm(&E); //E.norm();
- //FP_YYY_copy(&C,&E); //C.copy(E);
- FP_YYY_mul(&C,&E,&G); //C.mul(G);
- }
- if (CURVE_A_ZZZ==-1) //if (ROM.CURVE_A==-1)
- {
- FP_YYY_norm(&C); //C.norm();
- FP_YYY_mul(&C,&C,&G); //C.mul(G);
- }
- //FP_YYY_copy(&(P->y),&A); //y.copy(A);
- FP_YYY_mul(&(P->y),&A,&C); //y.mul(C);
-
- //FP_YYY_copy(&(P->z),&F); //z.copy(F);
- FP_YYY_mul(&(P->z),&F,&G); //z.mul(G);
-
-#endif
-}
-
-/* Set P-=Q */
-/* SU=16 */
-void ECP_ZZZ_sub(ECP_ZZZ *P,ECP_ZZZ *Q)
-{
- ECP_ZZZ NQ;
- ECP_ZZZ_copy(&NQ,Q);
- ECP_ZZZ_neg(&NQ);
- //ECP_ZZZ_neg(Q);
- ECP_ZZZ_add(P,&NQ);
- //ECP_ZZZ_neg(Q);
-}
-
-#endif
-
-#if CURVETYPE_ZZZ!=MONTGOMERY
-/* constant time multiply by small integer of length bts - use ladder */
-void ECP_ZZZ_pinmul(ECP_ZZZ *P,int e,int bts)
-{
- int i,b;
- ECP_ZZZ R0,R1;
-
- ECP_ZZZ_affine(P);
- ECP_ZZZ_inf(&R0);
- ECP_ZZZ_copy(&R1,P);
-
- for (i=bts-1; i>=0; i--)
- {
- b=(e>>i)&1;
- ECP_ZZZ_copy(P,&R1);
- ECP_ZZZ_add(P,&R0);
- ECP_ZZZ_cswap(&R0,&R1,b);
- ECP_ZZZ_copy(&R1,P);
- ECP_ZZZ_dbl(&R0);
- ECP_ZZZ_cswap(&R0,&R1,b);
- }
- ECP_ZZZ_copy(P,&R0);
- ECP_ZZZ_affine(P);
-}
-#endif
-
-/* Set P=r*P */
-/* SU=424 */
-void ECP_ZZZ_mul(ECP_ZZZ *P,BIG_XXX e)
-{
-#if CURVETYPE_ZZZ==MONTGOMERY
- /* Montgomery ladder */
- int nb,i,b;
- ECP_ZZZ R0,R1,D;
- if (ECP_ZZZ_isinf(P)) return;
- if (BIG_XXX_iszilch(e))
- {
- ECP_ZZZ_inf(P);
- return;
- }
- //ECP_ZZZ_affine(P);
-
- ECP_ZZZ_copy(&R0,P);
- ECP_ZZZ_copy(&R1,P);
- ECP_ZZZ_dbl(&R1);
-
- ECP_ZZZ_copy(&D,P);
- ECP_ZZZ_affine(&D);
-
- nb=BIG_XXX_nbits(e);
- for (i=nb-2; i>=0; i--)
- {
- b=BIG_XXX_bit(e,i);
- ECP_ZZZ_copy(P,&R1);
- ECP_ZZZ_add(P,&R0,&D);
- ECP_ZZZ_cswap(&R0,&R1,b);
- ECP_ZZZ_copy(&R1,P);
- ECP_ZZZ_dbl(&R0);
-
- ECP_ZZZ_cswap(&R0,&R1,b);
- }
-
- ECP_ZZZ_copy(P,&R0);
-
-#else
- /* fixed size windows */
- int i,nb,s,ns;
- BIG_XXX mt,t;
- ECP_ZZZ Q,W[8],C;
- sign8 w[1+(NLEN_XXX*BASEBITS_XXX+3)/4];
-
- if (ECP_ZZZ_isinf(P)) return;
- if (BIG_XXX_iszilch(e))
- {
- ECP_ZZZ_inf(P);
- return;
- }
-
- ECP_ZZZ_affine(P);
-
- /* precompute table */
-
- ECP_ZZZ_copy(&Q,P);
- ECP_ZZZ_dbl(&Q);
-
- ECP_ZZZ_copy(&W[0],P);
-
- for (i=1; i<8; i++)
- {
- ECP_ZZZ_copy(&W[i],&W[i-1]);
- ECP_ZZZ_add(&W[i],&Q);
- }
-
-//printf("W[1]= ");ECP_output(&W[1]); printf("\n");
-
- /* make exponent odd - add 2P if even, P if odd */
- BIG_XXX_copy(t,e);
- s=BIG_XXX_parity(t);
- BIG_XXX_inc(t,1);
- BIG_XXX_norm(t);
- ns=BIG_XXX_parity(t);
- BIG_XXX_copy(mt,t);
- BIG_XXX_inc(mt,1);
- BIG_XXX_norm(mt);
- BIG_XXX_cmove(t,mt,s);
- ECP_ZZZ_cmove(&Q,P,ns);
- ECP_ZZZ_copy(&C,&Q);
-
- nb=1+(BIG_XXX_nbits(t)+3)/4;
-
- /* convert exponent to signed 4-bit window */
- for (i=0; i<nb; i++)
- {
- w[i]=BIG_XXX_lastbits(t,5)-16;
- BIG_XXX_dec(t,w[i]);
- BIG_XXX_norm(t);
- BIG_XXX_fshr(t,4);
- }
- w[nb]=BIG_XXX_lastbits(t,5);
-
- ECP_ZZZ_copy(P,&W[(w[nb]-1)/2]);
- for (i=nb-1; i>=0; i--)
- {
- ECP_ZZZ_select(&Q,W,w[i]);
- ECP_ZZZ_dbl(P);
- ECP_ZZZ_dbl(P);
- ECP_ZZZ_dbl(P);
- ECP_ZZZ_dbl(P);
- ECP_ZZZ_add(P,&Q);
- }
- ECP_ZZZ_sub(P,&C); /* apply correction */
-#endif
- ECP_ZZZ_affine(P);
-}
-
-#if CURVETYPE_ZZZ!=MONTGOMERY
-/* Set P=eP+fQ double multiplication */
-/* constant time - as useful for GLV method in pairings */
-/* SU=456 */
-
-void ECP_ZZZ_mul2(ECP_ZZZ *P,ECP_ZZZ *Q,BIG_XXX e,BIG_XXX f)
-{
- BIG_XXX te,tf,mt;
- ECP_ZZZ S,T,W[8],C;
- sign8 w[1+(NLEN_XXX*BASEBITS_XXX+1)/2];
- int i,a,b,s,ns,nb;
-
- //ECP_ZZZ_affine(P);
- //ECP_ZZZ_affine(Q);
-
- BIG_XXX_copy(te,e);
- BIG_XXX_copy(tf,f);
-
- /* precompute table */
- ECP_ZZZ_copy(&W[1],P);
- ECP_ZZZ_sub(&W[1],Q); /* P+Q */
- ECP_ZZZ_copy(&W[2],P);
- ECP_ZZZ_add(&W[2],Q); /* P-Q */
- ECP_ZZZ_copy(&S,Q);
- ECP_ZZZ_dbl(&S); /* S=2Q */
- ECP_ZZZ_copy(&W[0],&W[1]);
- ECP_ZZZ_sub(&W[0],&S);
- ECP_ZZZ_copy(&W[3],&W[2]);
- ECP_ZZZ_add(&W[3],&S);
- ECP_ZZZ_copy(&T,P);
- ECP_ZZZ_dbl(&T); /* T=2P */
- ECP_ZZZ_copy(&W[5],&W[1]);
- ECP_ZZZ_add(&W[5],&T);
- ECP_ZZZ_copy(&W[6],&W[2]);
- ECP_ZZZ_add(&W[6],&T);
- ECP_ZZZ_copy(&W[4],&W[5]);
- ECP_ZZZ_sub(&W[4],&S);
- ECP_ZZZ_copy(&W[7],&W[6]);
- ECP_ZZZ_add(&W[7],&S);
-
- /* if multiplier is odd, add 2, else add 1 to multiplier, and add 2P or P to correction */
-
- s=BIG_XXX_parity(te);
- BIG_XXX_inc(te,1);
- BIG_XXX_norm(te);
- ns=BIG_XXX_parity(te);
- BIG_XXX_copy(mt,te);
- BIG_XXX_inc(mt,1);
- BIG_XXX_norm(mt);
- BIG_XXX_cmove(te,mt,s);
- ECP_ZZZ_cmove(&T,P,ns);
- ECP_ZZZ_copy(&C,&T);
-
- s=BIG_XXX_parity(tf);
- BIG_XXX_inc(tf,1);
- BIG_XXX_norm(tf);
- ns=BIG_XXX_parity(tf);
- BIG_XXX_copy(mt,tf);
- BIG_XXX_inc(mt,1);
- BIG_XXX_norm(mt);
- BIG_XXX_cmove(tf,mt,s);
- ECP_ZZZ_cmove(&S,Q,ns);
- ECP_ZZZ_add(&C,&S);
-
- BIG_XXX_add(mt,te,tf);
- BIG_XXX_norm(mt);
- nb=1+(BIG_XXX_nbits(mt)+1)/2;
-
- /* convert exponent to signed 2-bit window */
- for (i=0; i<nb; i++)
- {
- a=BIG_XXX_lastbits(te,3)-4;
- BIG_XXX_dec(te,a);
- BIG_XXX_norm(te);
- BIG_XXX_fshr(te,2);
- b=BIG_XXX_lastbits(tf,3)-4;
- BIG_XXX_dec(tf,b);
- BIG_XXX_norm(tf);
- BIG_XXX_fshr(tf,2);
- w[i]=4*a+b;
- }
- w[nb]=(4*BIG_XXX_lastbits(te,3)+BIG_XXX_lastbits(tf,3));
-
- ECP_ZZZ_copy(P,&W[(w[nb]-1)/2]);
- for (i=nb-1; i>=0; i--)
- {
- ECP_ZZZ_select(&T,W,w[i]);
- ECP_ZZZ_dbl(P);
- ECP_ZZZ_dbl(P);
- ECP_ZZZ_add(P,&T);
- }
- ECP_ZZZ_sub(P,&C); /* apply correction */
- ECP_ZZZ_affine(P);
-}
-
-#endif
-
-void ECP_ZZZ_generator(ECP_ZZZ *G)
-{
- BIG_XXX x,y;
- BIG_XXX_rcopy(x,CURVE_Gx_ZZZ);
-#if CURVETYPE_ZZZ!=MONTGOMERY
- BIG_XXX_rcopy(y,CURVE_Gy_ZZZ);
- ECP_ZZZ_set(G,x,y);
-#else
- ECP_ZZZ_set(G,x);
-#endif
-}
-
-#ifdef HAS_MAIN
-
-int main()
-{
- int i;
- ECP_ZZZ G,P;
- csprng RNG;
- BIG_XXX r,s,x,y,b,m,w,q;
- BIG_XXX_rcopy(x,CURVE_Gx);
-#if CURVETYPE_ZZZ!=MONTGOMERY
- BIG_XXX_rcopy(y,CURVE_Gy);
-#endif
- BIG_XXX_rcopy(m,Modulus_YYY);
-
- printf("x= ");
- BIG_XXX_output(x);
- printf("\n");
-#if CURVETYPE_ZZZ!=MONTGOMERY
- printf("y= ");
- BIG_XXX_output(y);
- printf("\n");
-#endif
- RNG_seed(&RNG,3,"abc");
-
-#if CURVETYPE_ZZZ!=MONTGOMERY
- ECP_ZZZ_set(&G,x,y);
-#else
- ECP_ZZZ_set(&G,x);
-#endif
- if (ECP_ZZZ_isinf(&G)) printf("Failed to set - point not on curve\n");
- else printf("set success\n");
-
- ECP_ZZZ_output(&G);
-
- BIG_XXX_rcopy(r,CURVE_Order); //BIG_dec(r,7);
- printf("r= ");
- BIG_XXX_output(r);
- printf("\n");
-
- ECP_ZZZ_copy(&P,&G);
-
- ECP_ZZZ_mul(&P,r);
-
- ECP_ZZZ_output(&P);
-//exit(0);
- BIG_XXX_randomnum(w,&RNG);
- BIG_XXX_mod(w,r);
-
- ECP_ZZZ_copy(&P,&G);
- ECP_ZZZ_mul(&P,w);
-
- ECP_ZZZ_output(&P);
-
- return 0;
-}
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/ecp.h
----------------------------------------------------------------------
diff --git a/version3/c/ecp.h b/version3/c/ecp.h
deleted file mode 100644
index 01dac7c..0000000
--- a/version3/c/ecp.h
+++ /dev/null
@@ -1,314 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/**
- * @file ecp.h
- * @author Mike Scott
- * @brief ECP Header File
- *
- */
-
-#ifndef ECP_ZZZ_H
-#define ECP_ZZZ_H
-
-#include "fp_YYY.h"
-#include "config_curve_ZZZ.h"
-
-/* Curve Params - see rom_zzz.c */
-extern const int CURVE_A_ZZZ; /**< Elliptic curve A parameter */
-extern const int CURVE_Cof_I_ZZZ; /**< Elliptic curve cofactor */
-extern const int CURVE_B_I_ZZZ; /**< Elliptic curve B_i parameter */
-extern const BIG_XXX CURVE_B_ZZZ; /**< Elliptic curve B parameter */
-extern const BIG_XXX CURVE_Order_ZZZ; /**< Elliptic curve group order */
-extern const BIG_XXX CURVE_Cof_ZZZ; /**< Elliptic curve cofactor */
-
-/* Generator point on G1 */
-extern const BIG_XXX CURVE_Gx_ZZZ; /**< x-coordinate of generator point in group G1 */
-extern const BIG_XXX CURVE_Gy_ZZZ; /**< y-coordinate of generator point in group G1 */
-
-
-/* For Pairings only */
-
-/* Generator point on G2 */
-extern const BIG_XXX CURVE_Pxa_ZZZ; /**< real part of x-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pxb_ZZZ; /**< imaginary part of x-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pya_ZZZ; /**< real part of y-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pyb_ZZZ; /**< imaginary part of y-coordinate of generator point in group G2 */
-
-
-/*** needed for BLS24 curves ***/
-
-extern const BIG_XXX CURVE_Pxaa_ZZZ; /**< real part of x-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pxab_ZZZ; /**< imaginary part of x-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pxba_ZZZ; /**< real part of x-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pxbb_ZZZ; /**< imaginary part of x-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pyaa_ZZZ; /**< real part of y-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pyab_ZZZ; /**< imaginary part of y-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pyba_ZZZ; /**< real part of y-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pybb_ZZZ; /**< imaginary part of y-coordinate of generator point in group G2 */
-
-/*** needed for BLS48 curves ***/
-
-extern const BIG_XXX CURVE_Pxaaa_ZZZ; /**< real part of x-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pxaab_ZZZ; /**< imaginary part of x-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pxaba_ZZZ; /**< real part of x-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pxabb_ZZZ; /**< imaginary part of x-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pxbaa_ZZZ; /**< real part of x-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pxbab_ZZZ; /**< imaginary part of x-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pxbba_ZZZ; /**< real part of x-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pxbbb_ZZZ; /**< imaginary part of x-coordinate of generator point in group G2 */
-
-extern const BIG_XXX CURVE_Pyaaa_ZZZ; /**< real part of y-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pyaab_ZZZ; /**< imaginary part of y-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pyaba_ZZZ; /**< real part of y-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pyabb_ZZZ; /**< imaginary part of y-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pybaa_ZZZ; /**< real part of y-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pybab_ZZZ; /**< imaginary part of y-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pybba_ZZZ; /**< real part of y-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pybbb_ZZZ; /**< imaginary part of y-coordinate of generator point in group G2 */
-
-
-extern const BIG_XXX CURVE_Bnx_ZZZ; /**< BN curve x parameter */
-
-extern const BIG_XXX CURVE_Cru_ZZZ; /**< BN curve Cube Root of Unity */
-
-extern const BIG_XXX Fra_YYY; /**< real part of BN curve Frobenius Constant */
-extern const BIG_XXX Frb_YYY; /**< imaginary part of BN curve Frobenius Constant */
-
-
-extern const BIG_XXX CURVE_W_ZZZ[2]; /**< BN curve constant for GLV decomposition */
-extern const BIG_XXX CURVE_SB_ZZZ[2][2]; /**< BN curve constant for GLV decomposition */
-extern const BIG_XXX CURVE_WB_ZZZ[4]; /**< BN curve constant for GS decomposition */
-extern const BIG_XXX CURVE_BB_ZZZ[4][4]; /**< BN curve constant for GS decomposition */
-
-
-/**
- @brief ECP structure - Elliptic Curve Point over base field
-*/
-
-typedef struct
-{
-// int inf; /**< Infinity Flag - not needed for Edwards representation */
-
- FP_YYY x; /**< x-coordinate of point */
-#if CURVETYPE_ZZZ!=MONTGOMERY
- FP_YYY y; /**< y-coordinate of point. Not needed for Montgomery representation */
-#endif
- FP_YYY z;/**< z-coordinate of point */
-} ECP_ZZZ;
-
-
-/* ECP E(Fp) prototypes */
-/** @brief Tests for ECP point equal to infinity
- *
- @param P ECP point to be tested
- @return 1 if infinity, else returns 0
- */
-extern int ECP_ZZZ_isinf(ECP_ZZZ *P);
-/** @brief Tests for equality of two ECPs
- *
- @param P ECP instance to be compared
- @param Q ECP instance to be compared
- @return 1 if P=Q, else returns 0
- */
-extern int ECP_ZZZ_equals(ECP_ZZZ *P,ECP_ZZZ *Q);
-/** @brief Copy ECP point to another ECP point
- *
- @param P ECP instance, on exit = Q
- @param Q ECP instance to be copied
- */
-extern void ECP_ZZZ_copy(ECP_ZZZ *P,ECP_ZZZ *Q);
-/** @brief Negation of an ECP point
- *
- @param P ECP instance, on exit = -P
- */
-extern void ECP_ZZZ_neg(ECP_ZZZ *P);
-/** @brief Set ECP to point-at-infinity
- *
- @param P ECP instance to be set to infinity
- */
-extern void ECP_ZZZ_inf(ECP_ZZZ *P);
-/** @brief Calculate Right Hand Side of curve equation y^2=f(x)
- *
- Function f(x) depends on form of elliptic curve, Weierstrass, Edwards or Montgomery.
- Used internally.
- @param r BIG n-residue value of f(x)
- @param x BIG n-residue x
- */
-extern void ECP_ZZZ_rhs(FP_YYY *r,FP_YYY *x);
-
-#if CURVETYPE_ZZZ==MONTGOMERY
-/** @brief Set ECP to point(x,[y]) given x
- *
- Point P set to infinity if no such point on the curve. Note that y coordinate is not needed.
- @param P ECP instance to be set (x,[y])
- @param x BIG x coordinate of point
- @return 1 if point exists, else 0
- */
-extern int ECP_ZZZ_set(ECP_ZZZ *P,BIG_XXX x);
-/** @brief Extract x coordinate of an ECP point P
- *
- @param x BIG on exit = x coordinate of point
- @param P ECP instance (x,[y])
- @return -1 if P is point-at-infinity, else 0
- */
-extern int ECP_ZZZ_get(BIG_XXX x,ECP_ZZZ *P);
-/** @brief Adds ECP instance Q to ECP instance P, given difference D=P-Q
- *
- Differential addition of points on a Montgomery curve
- @param P ECP instance, on exit =P+Q
- @param Q ECP instance to be added to P
- @param D Difference between P and Q
- */
-extern void ECP_ZZZ_add(ECP_ZZZ *P,ECP_ZZZ *Q,ECP_ZZZ *D);
-#else
-/** @brief Set ECP to point(x,y) given x and y
- *
- Point P set to infinity if no such point on the curve.
- @param P ECP instance to be set (x,y)
- @param x BIG x coordinate of point
- @param y BIG y coordinate of point
- @return 1 if point exists, else 0
- */
-extern int ECP_ZZZ_set(ECP_ZZZ *P,BIG_XXX x,BIG_XXX y);
-/** @brief Extract x and y coordinates of an ECP point P
- *
- If x=y, returns only x
- @param x BIG on exit = x coordinate of point
- @param y BIG on exit = y coordinate of point (unless x=y)
- @param P ECP instance (x,y)
- @return sign of y, or -1 if P is point-at-infinity
- */
-extern int ECP_ZZZ_get(BIG_XXX x,BIG_XXX y,ECP_ZZZ *P);
-/** @brief Adds ECP instance Q to ECP instance P
- *
- @param P ECP instance, on exit =P+Q
- @param Q ECP instance to be added to P
- */
-extern void ECP_ZZZ_add(ECP_ZZZ *P,ECP_ZZZ *Q);
-/** @brief Subtracts ECP instance Q from ECP instance P
- *
- @param P ECP instance, on exit =P-Q
- @param Q ECP instance to be subtracted from P
- */
-extern void ECP_ZZZ_sub(ECP_ZZZ *P,ECP_ZZZ *Q);
-/** @brief Set ECP to point(x,y) given just x and sign of y
- *
- Point P set to infinity if no such point on the curve. If x is on the curve then y is calculated from the curve equation.
- The correct y value (plus or minus) is selected given its sign s.
- @param P ECP instance to be set (x,[y])
- @param x BIG x coordinate of point
- @param s an integer representing the "sign" of y, in fact its least significant bit.
- */
-extern int ECP_ZZZ_setx(ECP_ZZZ *P,BIG_XXX x,int s);
-
-#endif
-
-/** @brief Multiplies Point by curve co-factor
- *
- @param Q ECP instance
- */
-extern void ECP_ZZZ_cfp(ECP_ZZZ *Q);
-
-/** @brief Maps random BIG to curve point of correct order
- *
- @param Q ECP instance of correct order
- @param w OCTET byte array to be mapped
- */
-extern void ECP_ZZZ_mapit(ECP_ZZZ *Q,octet *w);
-
-/** @brief Converts an ECP point from Projective (x,y,z) coordinates to affine (x,y) coordinates
- *
- @param P ECP instance to be converted to affine form
- */
-extern void ECP_ZZZ_affine(ECP_ZZZ *P);
-/** @brief Formats and outputs an ECP point to the console, in projective coordinates
- *
- @param P ECP instance to be printed
- */
-extern void ECP_ZZZ_outputxyz(ECP_ZZZ *P);
-/** @brief Formats and outputs an ECP point to the console, converted to affine coordinates
- *
- @param P ECP instance to be printed
- */
-extern void ECP_ZZZ_output(ECP_ZZZ * P);
-
-/** @brief Formats and outputs an ECP point to the console
- *
- @param P ECP instance to be printed
- */
-extern void ECP_ZZZ_rawoutput(ECP_ZZZ * P);
-
-/** @brief Formats and outputs an ECP point to an octet string
- The octet string is normally in the standard form 0x04|x|y
- Here x (and y) are the x and y coordinates in left justified big-endian base 256 form.
- For Montgomery curve it is 0x06|x
- If c is true, only the x coordinate is provided as in 0x2|x if y is even, or 0x3|x if y is odd
- @param c compression required, true or false
- @param S output octet string
- @param P ECP instance to be converted to an octet string
- */
-extern void ECP_ZZZ_toOctet(octet *S,ECP_ZZZ *P,bool c);
-/** @brief Creates an ECP point from an octet string
- *
- The octet string is normally in the standard form 0x04|x|y
- Here x (and y) are the x and y coordinates in left justified big-endian base 256 form.
- For Montgomery curve it is 0x06|x
- If in compressed form only the x coordinate is provided as in 0x2|x if y is even, or 0x3|x if y is odd
- @param P ECP instance to be created from the octet string
- @param S input octet string
- return 1 if octet string corresponds to a point on the curve, else 0
- */
-extern int ECP_ZZZ_fromOctet(ECP_ZZZ *P,octet *S);
-/** @brief Doubles an ECP instance P
- *
- @param P ECP instance, on exit =2*P
- */
-extern void ECP_ZZZ_dbl(ECP_ZZZ *P);
-/** @brief Multiplies an ECP instance P by a small integer, side-channel resistant
- *
- @param P ECP instance, on exit =i*P
- @param i small integer multiplier
- @param b maximum number of bits in multiplier
- */
-extern void ECP_ZZZ_pinmul(ECP_ZZZ *P,int i,int b);
-/** @brief Multiplies an ECP instance P by a BIG, side-channel resistant
- *
- Uses Montgomery ladder for Montgomery curves, otherwise fixed sized windows.
- @param P ECP instance, on exit =b*P
- @param b BIG number multiplier
-
- */
-extern void ECP_ZZZ_mul(ECP_ZZZ *P,BIG_XXX b);
-/** @brief Calculates double multiplication P=e*P+f*Q, side-channel resistant
- *
- @param P ECP instance, on exit =e*P+f*Q
- @param Q ECP instance
- @param e BIG number multiplier
- @param f BIG number multiplier
- */
-extern void ECP_ZZZ_mul2(ECP_ZZZ *P,ECP_ZZZ *Q,BIG_XXX e,BIG_XXX f);
-/** @brief Get Group Generator from ROM
- *
- @param G ECP instance
- */
-extern void ECP_ZZZ_generator(ECP_ZZZ *G);
-
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/ecp2.c
----------------------------------------------------------------------
diff --git a/version3/c/ecp2.c b/version3/c/ecp2.c
deleted file mode 100644
index e17b37d..0000000
--- a/version3/c/ecp2.c
+++ /dev/null
@@ -1,912 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL Weierstrass elliptic curve functions over FP2 */
-/* SU=m, m is Stack Usage */
-
-#include "ecp2_ZZZ.h"
-
-int ECP2_ZZZ_isinf(ECP2_ZZZ *P)
-{
-// if (P->inf) return 1;
- return (FP2_YYY_iszilch(&(P->x)) & FP2_YYY_iszilch(&(P->z)));
-}
-
-/* Set P=Q */
-/* SU= 16 */
-void ECP2_ZZZ_copy(ECP2_ZZZ *P,ECP2_ZZZ *Q)
-{
-// P->inf=Q->inf;
- FP2_YYY_copy(&(P->x),&(Q->x));
- FP2_YYY_copy(&(P->y),&(Q->y));
- FP2_YYY_copy(&(P->z),&(Q->z));
-}
-
-/* set P to Infinity */
-/* SU= 8 */
-void ECP2_ZZZ_inf(ECP2_ZZZ *P)
-{
-// P->inf=1;
- FP2_YYY_zero(&(P->x));
- FP2_YYY_one(&(P->y));
- FP2_YYY_zero(&(P->z));
-}
-
-/* Conditional move Q to P dependant on d */
-static void ECP2_ZZZ_cmove(ECP2_ZZZ *P,ECP2_ZZZ *Q,int d)
-{
- FP2_YYY_cmove(&(P->x),&(Q->x),d);
- FP2_YYY_cmove(&(P->y),&(Q->y),d);
- FP2_YYY_cmove(&(P->z),&(Q->z),d);
-// d=~(d-1);
-// P->inf^=(P->inf^Q->inf)&d;
-}
-
-/* return 1 if b==c, no branching */
-static int teq(sign32 b,sign32 c)
-{
- sign32 x=b^c;
- x-=1; // if x=0, x now -1
- return (int)((x>>31)&1);
-}
-
-/* Constant time select from pre-computed table */
-static void ECP2_ZZZ_select(ECP2_ZZZ *P,ECP2_ZZZ W[],sign32 b)
-{
- ECP2_ZZZ MP;
- sign32 m=b>>31;
- sign32 babs=(b^m)-m;
-
- babs=(babs-1)/2;
-
- ECP2_ZZZ_cmove(P,&W[0],teq(babs,0)); // conditional move
- ECP2_ZZZ_cmove(P,&W[1],teq(babs,1));
- ECP2_ZZZ_cmove(P,&W[2],teq(babs,2));
- ECP2_ZZZ_cmove(P,&W[3],teq(babs,3));
- ECP2_ZZZ_cmove(P,&W[4],teq(babs,4));
- ECP2_ZZZ_cmove(P,&W[5],teq(babs,5));
- ECP2_ZZZ_cmove(P,&W[6],teq(babs,6));
- ECP2_ZZZ_cmove(P,&W[7],teq(babs,7));
-
- ECP2_ZZZ_copy(&MP,P);
- ECP2_ZZZ_neg(&MP); // minus P
- ECP2_ZZZ_cmove(P,&MP,(int)(m&1));
-}
-
-/* return 1 if P==Q, else 0 */
-/* SU= 312 */
-int ECP2_ZZZ_equals(ECP2_ZZZ *P,ECP2_ZZZ *Q)
-{
- FP2_YYY a,b;
-// if (ECP2_ZZZ_isinf(P) && ECP2_ZZZ_isinf(Q)) return 1;
-// if (ECP2_ZZZ_isinf(P) || ECP2_ZZZ_isinf(Q)) return 0;
-
- FP2_YYY_mul(&a,&(P->x),&(Q->z));
- FP2_YYY_mul(&b,&(Q->x),&(P->z));
- if (!FP2_YYY_equals(&a,&b)) return 0;
-
- FP2_YYY_mul(&a,&(P->y),&(Q->z));
- FP2_YYY_mul(&b,&(Q->y),&(P->z));
- if (!FP2_YYY_equals(&a,&b)) return 0;
- return 1;
-}
-
-/* Make P affine (so z=1) */
-/* SU= 232 */
-void ECP2_ZZZ_affine(ECP2_ZZZ *P)
-{
- FP2_YYY one,iz;
- if (ECP2_ZZZ_isinf(P)) return;
-
- FP2_YYY_one(&one);
- if (FP2_YYY_isunity(&(P->z)))
- {
- FP2_YYY_reduce(&(P->x));
- FP2_YYY_reduce(&(P->y));
- return;
- }
-
- FP2_YYY_inv(&iz,&(P->z));
- FP2_YYY_mul(&(P->x),&(P->x),&iz);
- FP2_YYY_mul(&(P->y),&(P->y),&iz);
-
- FP2_YYY_reduce(&(P->x));
- FP2_YYY_reduce(&(P->y));
- FP2_YYY_copy(&(P->z),&one);
-}
-
-/* extract x, y from point P */
-/* SU= 16 */
-int ECP2_ZZZ_get(FP2_YYY *x,FP2_YYY *y,ECP2_ZZZ *P)
-{
- ECP2_ZZZ W;
- ECP2_ZZZ_copy(&W,P);
- ECP2_ZZZ_affine(&W);
- if (ECP2_ZZZ_isinf(&W)) return -1;
- //ECP2_ZZZ_affine(P);
- FP2_YYY_copy(y,&(W.y));
- FP2_YYY_copy(x,&(W.x));
- return 0;
-}
-
-/* SU= 152 */
-/* Output point P */
-void ECP2_ZZZ_output(ECP2_ZZZ *P)
-{
- FP2_YYY x,y;
- if (ECP2_ZZZ_isinf(P))
- {
- printf("Infinity\n");
- return;
- }
- ECP2_ZZZ_get(&x,&y,P);
- printf("(");
- FP2_YYY_output(&x);
- printf(",");
- FP2_YYY_output(&y);
- printf(")\n");
-}
-
-/* SU= 232 */
-void ECP2_ZZZ_outputxyz(ECP2_ZZZ *P)
-{
- ECP2_ZZZ Q;
- if (ECP2_ZZZ_isinf(P))
- {
- printf("Infinity\n");
- return;
- }
- ECP2_ZZZ_copy(&Q,P);
- printf("(");
- FP2_YYY_output(&(Q.x));
- printf(",");
- FP2_YYY_output(&(Q.y));
- printf(",");
- FP2_YYY_output(&(Q.z));
- printf(")\n");
-}
-
-/* SU= 168 */
-/* Convert Q to octet string */
-void ECP2_ZZZ_toOctet(octet *W,ECP2_ZZZ *Q)
-{
- BIG_XXX b;
- FP2_YYY qx,qy;
- ECP2_ZZZ_get(&qx,&qy,Q);
-
- FP_YYY_redc(b,&(qx.a));
- BIG_XXX_toBytes(&(W->val[0]),b);
- FP_YYY_redc(b,&(qx.b));
- BIG_XXX_toBytes(&(W->val[MODBYTES_XXX]),b);
- FP_YYY_redc(b,&(qy.a));
- BIG_XXX_toBytes(&(W->val[2*MODBYTES_XXX]),b);
- FP_YYY_redc(b,&(qy.b));
- BIG_XXX_toBytes(&(W->val[3*MODBYTES_XXX]),b);
-
- W->len=4*MODBYTES_XXX;
-
-}
-
-/* SU= 176 */
-/* restore Q from octet string */
-int ECP2_ZZZ_fromOctet(ECP2_ZZZ *Q,octet *W)
-{
- BIG_XXX b;
- FP2_YYY qx,qy;
- BIG_XXX_fromBytes(b,&(W->val[0]));
- FP_YYY_nres(&(qx.a),b);
- BIG_XXX_fromBytes(b,&(W->val[MODBYTES_XXX]));
- FP_YYY_nres(&(qx.b),b);
- BIG_XXX_fromBytes(b,&(W->val[2*MODBYTES_XXX]));
- FP_YYY_nres(&(qy.a),b);
- BIG_XXX_fromBytes(b,&(W->val[3*MODBYTES_XXX]));
- FP_YYY_nres(&(qy.b),b);
-
- if (ECP2_ZZZ_set(Q,&qx,&qy)) return 1;
- return 0;
-}
-
-/* SU= 128 */
-/* Calculate RHS of twisted curve equation x^3+B/i or x^3+Bi*/
-void ECP2_ZZZ_rhs(FP2_YYY *rhs,FP2_YYY *x)
-{
- /* calculate RHS of elliptic curve equation */
- FP2_YYY t;
- BIG_XXX b;
- FP2_YYY_sqr(&t,x);
-
- FP2_YYY_mul(rhs,&t,x);
-
- /* Assuming CURVE_A=0 */
-
- BIG_XXX_rcopy(b,CURVE_B_ZZZ);
-
- FP2_YYY_from_BIG(&t,b);
-
-#if SEXTIC_TWIST_ZZZ == D_TYPE
- FP2_YYY_div_ip(&t); /* IMPORTANT - here we use the correct SEXTIC twist of the curve */
-#endif
-
-#if SEXTIC_TWIST_ZZZ == M_TYPE
- FP2_YYY_norm(&t);
- FP2_YYY_mul_ip(&t); /* IMPORTANT - here we use the correct SEXTIC twist of the curve */
- FP2_YYY_norm(&t);
-
-#endif
-
-
- FP2_YYY_add(rhs,&t,rhs);
- FP2_YYY_reduce(rhs);
-}
-
-
-/* Set P=(x,y). Return 1 if (x,y) is on the curve, else return 0*/
-/* SU= 232 */
-int ECP2_ZZZ_set(ECP2_ZZZ *P,FP2_YYY *x,FP2_YYY *y)
-{
- FP2_YYY rhs,y2;
-
- FP2_YYY_sqr(&y2,y);
- ECP2_ZZZ_rhs(&rhs,x);
-
- if (!FP2_YYY_equals(&y2,&rhs))
- {
- ECP2_ZZZ_inf(P);
- // P->inf=1;
- return 0;
- }
-
- // P->inf=0;
- FP2_YYY_copy(&(P->x),x);
- FP2_YYY_copy(&(P->y),y);
-
- FP2_YYY_one(&(P->z));
- return 1;
-}
-
-/* Set P=(x,y). Return 1 if (x,.) is on the curve, else return 0 */
-/* SU= 232 */
-int ECP2_ZZZ_setx(ECP2_ZZZ *P,FP2_YYY *x)
-{
- FP2_YYY y;
- ECP2_ZZZ_rhs(&y,x);
-
- if (!FP2_YYY_sqrt(&y,&y))
- {
- ECP2_ZZZ_inf(P);
- return 0;
- }
-
- // P->inf=0;
- FP2_YYY_copy(&(P->x),x);
- FP2_YYY_copy(&(P->y),&y);
- FP2_YYY_one(&(P->z));
- return 1;
-}
-
-/* Set P=-P */
-/* SU= 8 */
-void ECP2_ZZZ_neg(ECP2_ZZZ *P)
-{
-// if (ECP2_ZZZ_isinf(P)) return;
- FP2_YYY_norm(&(P->y));
- FP2_YYY_neg(&(P->y),&(P->y));
- FP2_YYY_norm(&(P->y));
-}
-
-/* R+=R */
-/* return -1 for Infinity, 0 for addition, 1 for doubling */
-/* SU= 448 */
-int ECP2_ZZZ_dbl(ECP2_ZZZ *P)
-{
- FP2_YYY t0,t1,t2,iy,x3,y3;
-// if (P->inf) return -1;
-
- FP2_YYY_copy(&iy,&(P->y)); //FP2 iy=new FP2(y);
-#if SEXTIC_TWIST_ZZZ==D_TYPE
- FP2_YYY_mul_ip(&iy); //iy.mul_ip();
- FP2_YYY_norm(&iy); //iy.norm();
-#endif
- //FP2_YYY_copy(&t0,&(P->y)); //FP2 t0=new FP2(y); //***** Change
- FP2_YYY_sqr(&t0,&(P->y)); //t0.sqr();
-#if SEXTIC_TWIST_ZZZ==D_TYPE
- FP2_YYY_mul_ip(&t0); //t0.mul_ip();
-#endif
- //FP2_YYY_copy(&t1,&iy); //FP2 t1=new FP2(iy);
- FP2_YYY_mul(&t1,&iy,&(P->z)); //t1.mul(z);
- //FP2_YYY_copy(&t2,&(P->z)); //FP2 t2=new FP2(z);
- FP2_YYY_sqr(&t2,&(P->z)); //t2.sqr();
-
- //FP2_YYY_copy(&(P->z),&t0); //z.copy(t0);
- FP2_YYY_add(&(P->z),&t0,&t0); //z.add(t0);
- FP2_YYY_norm(&(P->z)); //z.norm();
- FP2_YYY_add(&(P->z),&(P->z),&(P->z)); //z.add(z);
- FP2_YYY_add(&(P->z),&(P->z),&(P->z)); //z.add(z);
- FP2_YYY_norm(&(P->z)); //z.norm();
-
- FP2_YYY_imul(&t2,&t2,3*CURVE_B_I_ZZZ); //t2.imul(3*ROM.CURVE_B_I);
-#if SEXTIC_TWIST_ZZZ==M_TYPE
- FP2_YYY_mul_ip(&t2);
- FP2_YYY_norm(&t2);
-#endif
-
- //FP2_YYY_copy(&x3,&t2); //FP2 x3=new FP2(t2);
- FP2_YYY_mul(&x3,&t2,&(P->z)); //x3.mul(z);
-
- //FP2_YYY_copy(&y3,&t0); //FP2 y3=new FP2(t0);
-
- FP2_YYY_add(&y3,&t0,&t2); //y3.add(t2);
- FP2_YYY_norm(&y3); //y3.norm();
- FP2_YYY_mul(&(P->z),&(P->z),&t1); //z.mul(t1);
-
- //FP2_YYY_copy(&t1,&t2); //t1.copy(t2);
- FP2_YYY_add(&t1,&t2,&t2); //t1.add(t2);
- FP2_YYY_add(&t2,&t2,&t1); //t2.add(t1);
- FP2_YYY_norm(&t2); //t2.norm();
- FP2_YYY_sub(&t0,&t0,&t2); //t0.sub(t2);
- FP2_YYY_norm(&t0); //t0.norm(); //y^2-9bz^2
- FP2_YYY_mul(&y3,&y3,&t0); //y3.mul(t0);
- FP2_YYY_add(&(P->y),&y3,&x3); //y3.add(x3); //(y^2+3z*2)(y^2-9z^2)+3b.z^2.8y^2
- //FP2_YYY_copy(&t1,&(P->x)); //t1.copy(x);
- FP2_YYY_mul(&t1,&(P->x),&iy); //t1.mul(iy); //
- //FP2_YYY_copy(&(P->x),&t0); //x.copy(t0);
- FP2_YYY_norm(&t0); //x.norm();
- FP2_YYY_mul(&(P->x),&t0,&t1); //x.mul(t1);
- FP2_YYY_add(&(P->x),&(P->x),&(P->x)); //x.add(x); //(y^2-9bz^2)xy2
-
- FP2_YYY_norm(&(P->x)); //x.norm();
- //FP2_YYY_copy(&(P->y),&y3); //y.copy(y3);
- FP2_YYY_norm(&(P->y)); //y.norm();
-
- return 1;
-}
-
-/* Set P+=Q */
-/* SU= 400 */
-int ECP2_ZZZ_add(ECP2_ZZZ *P,ECP2_ZZZ *Q)
-{
- FP2_YYY t0,t1,t2,t3,t4,x3,y3,z3;
- int b3=3*CURVE_B_I_ZZZ;
-/* if (Q->inf) return 0;
- if (P->inf)
- {
- ECP2_ZZZ_copy(P,Q);
- return 0;
- }
-*/
- //FP2_YYY_copy(&t0,&(P->x)); //FP2 t0=new FP2(x);
- FP2_YYY_mul(&t0,&(P->x),&(Q->x)); //t0.mul(Q.x); // x.Q.x
- //FP2_YYY_copy(&t1,&(P->y)); //FP2 t1=new FP2(y);
- FP2_YYY_mul(&t1,&(P->y),&(Q->y)); //t1.mul(Q.y); // y.Q.y
-
- //FP2_YYY_copy(&t2,&(P->z)); //FP2 t2=new FP2(z);
- FP2_YYY_mul(&t2,&(P->z),&(Q->z)); //t2.mul(Q.z);
- //FP2_YYY_copy(&t3,&(P->x)); //FP2 t3=new FP2(x);
- FP2_YYY_add(&t3,&(P->x),&(P->y)); //t3.add(y);
- FP2_YYY_norm(&t3); //t3.norm(); //t3=X1+Y1
- //FP2_YYY_copy(&t4,&(Q->x)); //FP2 t4=new FP2(Q.x);
- FP2_YYY_add(&t4,&(Q->x),&(Q->y)); //t4.add(Q.y);
- FP2_YYY_norm(&t4); //t4.norm(); //t4=X2+Y2
- FP2_YYY_mul(&t3,&t3,&t4); //t3.mul(t4); //t3=(X1+Y1)(X2+Y2)
- //FP2_YYY_copy(&t4,&t0); //t4.copy(t0);
- FP2_YYY_add(&t4,&t0,&t1); //t4.add(t1); //t4=X1.X2+Y1.Y2
-
- FP2_YYY_sub(&t3,&t3,&t4); //t3.sub(t4);
- FP2_YYY_norm(&t3); //t3.norm();
-#if SEXTIC_TWIST_ZZZ==D_TYPE
- FP2_YYY_mul_ip(&t3); //t3.mul_ip();
- FP2_YYY_norm(&t3); //t3.norm(); //t3=(X1+Y1)(X2+Y2)-(X1.X2+Y1.Y2) = X1.Y2+X2.Y1
-#endif
- //FP2_YYY_copy(&t4,&(P->y)); //t4.copy(y);
- FP2_YYY_add(&t4,&(P->y),&(P->z)); //t4.add(z);
- FP2_YYY_norm(&t4); //t4.norm(); //t4=Y1+Z1
- //FP2_YYY_copy(&x3,&(Q->y)); //FP2 x3=new FP2(Q.y);
- FP2_YYY_add(&x3,&(Q->y),&(Q->z)); //x3.add(Q.z);
- FP2_YYY_norm(&x3); //x3.norm(); //x3=Y2+Z2
-
- FP2_YYY_mul(&t4,&t4,&x3); //t4.mul(x3); //t4=(Y1+Z1)(Y2+Z2)
- //FP2_YYY_copy(&x3,&t1); //x3.copy(t1); //
- FP2_YYY_add(&x3,&t1,&t2); //x3.add(t2); //X3=Y1.Y2+Z1.Z2
-
- FP2_YYY_sub(&t4,&t4,&x3); //t4.sub(x3);
- FP2_YYY_norm(&t4); //t4.norm();
-#if SEXTIC_TWIST_ZZZ==D_TYPE
- FP2_YYY_mul_ip(&t4); //t4.mul_ip();
- FP2_YYY_norm(&t4); //t4.norm(); //t4=(Y1+Z1)(Y2+Z2) - (Y1.Y2+Z1.Z2) = Y1.Z2+Y2.Z1
-#endif
- //FP2_YYY_copy(&x3,&(P->x)); //x3.copy(x);
- FP2_YYY_add(&x3,&(P->x),&(P->z)); //x3.add(z);
- FP2_YYY_norm(&x3); //x3.norm(); // x3=X1+Z1
- //FP2_YYY_copy(&y3,&(Q->x)); //FP2 y3=new FP2(Q.x);
- FP2_YYY_add(&y3,&(Q->x),&(Q->z)); //y3.add(Q.z);
- FP2_YYY_norm(&y3); //y3.norm(); // y3=X2+Z2
- FP2_YYY_mul(&x3,&x3,&y3); //x3.mul(y3); // x3=(X1+Z1)(X2+Z2)
- //FP2_YYY_copy(&y3,&t0); //y3.copy(t0);
- FP2_YYY_add(&y3,&t0,&t2); //y3.add(t2); // y3=X1.X2+Z1+Z2
- FP2_YYY_sub(&y3,&x3,&y3); //y3.rsub(x3);
- FP2_YYY_norm(&y3); //y3.norm(); // y3=(X1+Z1)(X2+Z2) - (X1.X2+Z1.Z2) = X1.Z2+X2.Z1
-#if SEXTIC_TWIST_ZZZ==D_TYPE
- FP2_YYY_mul_ip(&t0); //t0.mul_ip();
- FP2_YYY_norm(&t0); //t0.norm(); // x.Q.x
- FP2_YYY_mul_ip(&t1); //t1.mul_ip();
- FP2_YYY_norm(&t1); //t1.norm(); // y.Q.y
-#endif
- //FP2_YYY_copy(&x3,&t0); //x3.copy(t0);
- FP2_YYY_add(&x3,&t0,&t0); //x3.add(t0);
- FP2_YYY_add(&t0,&t0,&x3); //t0.add(x3);
- FP2_YYY_norm(&t0); //t0.norm();
- FP2_YYY_imul(&t2,&t2,b3); //t2.imul(b);
-#if SEXTIC_TWIST_ZZZ==M_TYPE
- FP2_YYY_mul_ip(&t2);
- FP2_YYY_norm(&t2);
-#endif
- //FP2_YYY_copy(&z3,&t1); //FP2 z3=new FP2(t1);
- FP2_YYY_add(&z3,&t1,&t2); //z3.add(t2);
- FP2_YYY_norm(&z3); //z3.norm();
- FP2_YYY_sub(&t1,&t1,&t2); //t1.sub(t2);
- FP2_YYY_norm(&t1); //t1.norm();
- FP2_YYY_imul(&y3,&y3,b3); //y3.imul(b);
-#if SEXTIC_TWIST_ZZZ==M_TYPE
- FP2_YYY_mul_ip(&y3);
- FP2_YYY_norm(&y3);
-#endif
- //FP2_YYY_copy(&x3,&y3); //x3.copy(y3);
- FP2_YYY_mul(&x3,&y3,&t4); //x3.mul(t4);
- //FP2_YYY_copy(&t2,&t3); //t2.copy(t3);
- FP2_YYY_mul(&t2,&t3,&t1); //t2.mul(t1);
- FP2_YYY_sub(&(P->x),&t2,&x3); //x3.rsub(t2);
- FP2_YYY_mul(&y3,&y3,&t0); //y3.mul(t0);
- FP2_YYY_mul(&t1,&t1,&z3); //t1.mul(z3);
- FP2_YYY_add(&(P->y),&y3,&t1); //y3.add(t1);
- FP2_YYY_mul(&t0,&t0,&t3); //t0.mul(t3);
- FP2_YYY_mul(&z3,&z3,&t4); //z3.mul(t4);
- FP2_YYY_add(&(P->z),&z3,&t0); //z3.add(t0);
-
- //FP2_YYY_copy(&(P->x),&x3); //x.copy(x3);
- FP2_YYY_norm(&(P->x)); //x.norm();
- //FP2_YYY_copy(&(P->y),&y3); //y.copy(y3);
- FP2_YYY_norm(&(P->y)); //y.norm();
- //FP2_YYY_copy(&(P->z),&z3); //z.copy(z3);
- FP2_YYY_norm(&(P->z)); //z.norm();
-
- return 0;
-}
-
-/* Set P-=Q */
-/* SU= 16 */
-void ECP2_ZZZ_sub(ECP2_ZZZ *P,ECP2_ZZZ *Q)
-{
- ECP2_ZZZ NQ;
- ECP2_ZZZ_copy(&NQ,Q);
- ECP2_ZZZ_neg(&NQ);
- //ECP2_ZZZ_neg(Q);
- ECP2_ZZZ_add(P,&NQ);
- //ECP2_ZZZ_neg(Q);
-}
-
-/* P*=e */
-/* SU= 280 */
-void ECP2_ZZZ_mul(ECP2_ZZZ *P,BIG_XXX e)
-{
- /* fixed size windows */
- int i,nb,s,ns;
- BIG_XXX mt,t;
- ECP2_ZZZ Q,W[8],C;
- sign8 w[1+(NLEN_XXX*BASEBITS_XXX+3)/4];
-
- if (ECP2_ZZZ_isinf(P)) return;
- //ECP2_ZZZ_affine(P);
-
-
- /* precompute table */
-
- ECP2_ZZZ_copy(&Q,P);
- ECP2_ZZZ_dbl(&Q);
- ECP2_ZZZ_copy(&W[0],P);
-
- for (i=1; i<8; i++)
- {
- ECP2_ZZZ_copy(&W[i],&W[i-1]);
- ECP2_ZZZ_add(&W[i],&Q);
- }
-
- /* make exponent odd - add 2P if even, P if odd */
- BIG_XXX_copy(t,e);
- s=BIG_XXX_parity(t);
- BIG_XXX_inc(t,1);
- BIG_XXX_norm(t);
- ns=BIG_XXX_parity(t);
- BIG_XXX_copy(mt,t);
- BIG_XXX_inc(mt,1);
- BIG_XXX_norm(mt);
- BIG_XXX_cmove(t,mt,s);
- ECP2_ZZZ_cmove(&Q,P,ns);
- ECP2_ZZZ_copy(&C,&Q);
-
- nb=1+(BIG_XXX_nbits(t)+3)/4;
-
- /* convert exponent to signed 4-bit window */
- for (i=0; i<nb; i++)
- {
- w[i]=BIG_XXX_lastbits(t,5)-16;
- BIG_XXX_dec(t,w[i]);
- BIG_XXX_norm(t);
- BIG_XXX_fshr(t,4);
- }
- w[nb]=BIG_XXX_lastbits(t,5);
-
- ECP2_ZZZ_copy(P,&W[(w[nb]-1)/2]);
- for (i=nb-1; i>=0; i--)
- {
- ECP2_ZZZ_select(&Q,W,w[i]);
- ECP2_ZZZ_dbl(P);
- ECP2_ZZZ_dbl(P);
- ECP2_ZZZ_dbl(P);
- ECP2_ZZZ_dbl(P);
- ECP2_ZZZ_add(P,&Q);
- }
- ECP2_ZZZ_sub(P,&C); /* apply correction */
- ECP2_ZZZ_affine(P);
-}
-
-/* Calculates q.P using Frobenius constant X */
-/* SU= 96 */
-void ECP2_ZZZ_frob(ECP2_ZZZ *P,FP2_YYY *X)
-{
- FP2_YYY X2;
-// if (P->inf) return;
-//printf("X= "); FP2_YYY_output(X); printf("\n");
- FP2_YYY_sqr(&X2,X);
-//printf("X2= "); FP2_YYY_output(&X2); printf("\n");
- FP2_YYY_conj(&(P->x),&(P->x));
- FP2_YYY_conj(&(P->y),&(P->y));
- FP2_YYY_conj(&(P->z),&(P->z));
- FP2_YYY_reduce(&(P->z));
-
- FP2_YYY_mul(&(P->x),&X2,&(P->x));
- FP2_YYY_mul(&(P->y),&X2,&(P->y));
- FP2_YYY_mul(&(P->y),X,&(P->y));
-
-
-//printf("Px= "); FP2_YYY_output(&(P->x)); printf("\n");
-//printf("Py= "); FP2_YYY_output(&(P->y)); printf("\n");
-//printf("Pz= "); FP2_YYY_output(&(P->z)); printf("\n");
-}
-
-
-// Bos & Costello https://eprint.iacr.org/2013/458.pdf
-// Faz-Hernandez & Longa & Sanchez https://eprint.iacr.org/2013/158.pdf
-// Side channel attack secure
-
-void ECP2_ZZZ_mul4(ECP2_ZZZ *P,ECP2_ZZZ Q[4],BIG_XXX u[4])
-{
- int i,j,k,nb,pb,bt;
- ECP2_ZZZ T[8],W;
- BIG_XXX t[4],mt;
- sign8 w[NLEN_XXX*BASEBITS_XXX+1];
- sign8 s[NLEN_XXX*BASEBITS_XXX+1];
-
- for (i=0; i<4; i++)
- {
- BIG_XXX_copy(t[i],u[i]);
- //ECP2_ZZZ_affine(&Q[i]);
- }
-
-// Precomputed table
- ECP2_ZZZ_copy(&T[0],&Q[0]); // Q[0]
- ECP2_ZZZ_copy(&T[1],&T[0]);
- ECP2_ZZZ_add(&T[1],&Q[1]); // Q[0]+Q[1]
- ECP2_ZZZ_copy(&T[2],&T[0]);
- ECP2_ZZZ_add(&T[2],&Q[2]); // Q[0]+Q[2]
- ECP2_ZZZ_copy(&T[3],&T[1]);
- ECP2_ZZZ_add(&T[3],&Q[2]); // Q[0]+Q[1]+Q[2]
- ECP2_ZZZ_copy(&T[4],&T[0]);
- ECP2_ZZZ_add(&T[4],&Q[3]); // Q[0]+Q[3]
- ECP2_ZZZ_copy(&T[5],&T[1]);
- ECP2_ZZZ_add(&T[5],&Q[3]); // Q[0]+Q[1]+Q[3]
- ECP2_ZZZ_copy(&T[6],&T[2]);
- ECP2_ZZZ_add(&T[6],&Q[3]); // Q[0]+Q[2]+Q[3]
- ECP2_ZZZ_copy(&T[7],&T[3]);
- ECP2_ZZZ_add(&T[7],&Q[3]); // Q[0]+Q[1]+Q[2]+Q[3]
-
-// Make it odd
- pb=1-BIG_XXX_parity(t[0]);
- BIG_XXX_inc(t[0],pb);
- BIG_XXX_norm(t[0]);
-
-// Number of bits
- BIG_XXX_zero(mt);
- for (i=0; i<4; i++)
- {
- BIG_XXX_or(mt,mt,t[i]);
- }
- nb=1+BIG_XXX_nbits(mt);
-
-// Sign pivot
- s[nb-1]=1;
- for (i=0;i<nb-1;i++)
- {
- BIG_XXX_fshr(t[0],1);
- s[i]=2*BIG_XXX_parity(t[0])-1;
- }
-
-// Recoded exponent
- for (i=0; i<nb; i++)
- {
- w[i]=0;
- k=1;
- for (j=1; j<4; j++)
- {
- bt=s[i]*BIG_XXX_parity(t[j]);
- BIG_XXX_fshr(t[j],1);
-
- BIG_XXX_dec(t[j],(bt>>1));
- BIG_XXX_norm(t[j]);
- w[i]+=bt*k;
- k*=2;
- }
- }
-
-// Main loop
- ECP2_ZZZ_select(P,T,2*w[nb-1]+1);
- for (i=nb-2; i>=0; i--)
- {
- ECP2_ZZZ_select(&W,T,2*w[i]+s[i]);
- ECP2_ZZZ_dbl(P);
- ECP2_ZZZ_add(P,&W);
- }
-
-// apply correction
- ECP2_ZZZ_copy(&W,P);
- ECP2_ZZZ_sub(&W,&Q[0]);
- ECP2_ZZZ_cmove(P,&W,pb);
-
- ECP2_ZZZ_affine(P);
-}
-
-
-/*
-void ECP2_ZZZ_mul4(ECP2_ZZZ *P,ECP2_ZZZ Q[4],BIG_XXX u[4])
-{
- int i,j,a[4],nb;
- ECP2_ZZZ W[8],T,C;
- BIG_XXX mt,t[4];
- sign8 w[NLEN_XXX*BASEBITS_XXX+1];
-
- for (i=0; i<4; i++)
- {
- BIG_XXX_copy(t[i],u[i]);
- ECP2_ZZZ_affine(&Q[i]);
- }
-
- // precompute table
-
- ECP2_ZZZ_copy(&W[0],&Q[0]);
- ECP2_ZZZ_sub(&W[0],&Q[1]); // P-Q
- ECP2_ZZZ_copy(&W[1],&W[0]);
- ECP2_ZZZ_copy(&W[2],&W[0]);
- ECP2_ZZZ_copy(&W[3],&W[0]);
- ECP2_ZZZ_copy(&W[4],&Q[0]);
- ECP2_ZZZ_add(&W[4],&Q[1]); // P+Q
- ECP2_ZZZ_copy(&W[5],&W[4]);
- ECP2_ZZZ_copy(&W[6],&W[4]);
- ECP2_ZZZ_copy(&W[7],&W[4]);
-
- ECP2_ZZZ_copy(&T,&Q[2]);
- ECP2_ZZZ_sub(&T,&Q[3]); // R-S
- ECP2_ZZZ_sub(&W[1],&T);
- ECP2_ZZZ_add(&W[2],&T);
- ECP2_ZZZ_sub(&W[5],&T);
- ECP2_ZZZ_add(&W[6],&T);
- ECP2_ZZZ_copy(&T,&Q[2]);
- ECP2_ZZZ_add(&T,&Q[3]); // R+S
- ECP2_ZZZ_sub(&W[0],&T);
- ECP2_ZZZ_add(&W[3],&T);
- ECP2_ZZZ_sub(&W[4],&T);
- ECP2_ZZZ_add(&W[7],&T);
-
- // if multiplier is even add 1 to multiplier, and add P to correction
- ECP2_ZZZ_inf(&C);
-
- BIG_XXX_zero(mt);
- for (i=0; i<4; i++)
- {
- if (BIG_XXX_parity(t[i])==0)
- {
- BIG_XXX_inc(t[i],1);
- BIG_XXX_norm(t[i]);
- ECP2_ZZZ_add(&C,&Q[i]);
- }
- BIG_XXX_add(mt,mt,t[i]);
- BIG_XXX_norm(mt);
- }
-
- nb=1+BIG_XXX_nbits(mt);
-
- // convert exponent to signed 1-bit window
- for (j=0; j<nb; j++)
- {
- for (i=0; i<4; i++)
- {
- a[i]=BIG_XXX_lastbits(t[i],2)-2;
- BIG_XXX_dec(t[i],a[i]);
- BIG_XXX_norm(t[i]);
- BIG_XXX_fshr(t[i],1);
- }
- w[j]=8*a[0]+4*a[1]+2*a[2]+a[3];
- }
- w[nb]=8*BIG_XXX_lastbits(t[0],2)+4*BIG_XXX_lastbits(t[1],2)+2*BIG_XXX_lastbits(t[2],2)+BIG_XXX_lastbits(t[3],2);
-
- ECP2_ZZZ_copy(P,&W[(w[nb]-1)/2]);
- for (i=nb-1; i>=0; i--)
- {
- ECP2_ZZZ_select(&T,W,w[i]);
- ECP2_ZZZ_dbl(P);
- ECP2_ZZZ_add(P,&T);
- }
- ECP2_ZZZ_sub(P,&C); // apply correction
-
- ECP2_ZZZ_affine(P);
-}
-*/
-
-/* Map to hash value to point on G2 from random BIG */
-void ECP2_ZZZ_mapit(ECP2_ZZZ *Q,octet *W)
-{
- BIG_XXX q,one,Fx,Fy,x,hv;
- FP2_YYY X;
-#if (PAIRING_FRIENDLY_ZZZ == BN)
- ECP2_ZZZ T,K;
-#elif (PAIRING_FRIENDLY_ZZZ == BLS)
- ECP2_ZZZ xQ, x2Q;
-#endif
- BIG_XXX_fromBytes(hv,W->val);
- BIG_XXX_rcopy(q,Modulus_ZZZ);
- BIG_XXX_one(one);
- BIG_XXX_mod(hv,q);
-
- for (;;)
- {
- FP2_YYY_from_BIGs(&X,one,hv);
- if (ECP2_ZZZ_setx(Q,&X)) break;
- BIG_XXX_inc(hv,1);
- }
-
- BIG_XXX_rcopy(Fx,Fra_YYY);
- BIG_XXX_rcopy(Fy,Frb_YYY);
- FP2_YYY_from_BIGs(&X,Fx,Fy);
-
-#if SEXTIC_TWIST_ZZZ==M_TYPE
- FP2_YYY_inv(&X,&X);
- FP2_YYY_norm(&X);
-#endif
-
- BIG_XXX_rcopy(x,CURVE_Bnx_ZZZ);
-
-#if (PAIRING_FRIENDLY_ZZZ == BN)
-
- /* Faster Hashing to G2 - Fuentes-Castaneda, Knapp and Rodriguez-Henriquez */
- /* Q -> xQ + F(3xQ) + F(F(xQ)) + F(F(F(Q))). */
- ECP2_ZZZ_copy(&T,Q);
- ECP2_ZZZ_mul(&T,x);
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- ECP2_ZZZ_neg(&T); // our x is negative
-#endif
- ECP2_ZZZ_copy(&K,&T);
- ECP2_ZZZ_dbl(&K);
- ECP2_ZZZ_add(&K,&T);
- //ECP2_ZZZ_affine(&K);
-
- ECP2_ZZZ_frob(&K,&X);
- ECP2_ZZZ_frob(Q,&X);
- ECP2_ZZZ_frob(Q,&X);
- ECP2_ZZZ_frob(Q,&X);
- ECP2_ZZZ_add(Q,&T);
- ECP2_ZZZ_add(Q,&K);
- ECP2_ZZZ_frob(&T,&X);
- ECP2_ZZZ_frob(&T,&X);
- ECP2_ZZZ_add(Q,&T);
- ECP2_ZZZ_affine(Q);
-
-#elif (PAIRING_FRIENDLY_ZZZ == BLS)
-
- /* Efficient hash maps to G2 on BLS curves - Budroni, Pintore */
- /* Q -> x2Q -xQ -Q +F(xQ -Q) +F(F(2Q)) */
-
- ECP2_ZZZ_copy(&xQ,Q);
- ECP2_ZZZ_mul(&xQ,x);
-
- ECP2_ZZZ_copy(&x2Q,&xQ);
- ECP2_ZZZ_mul(&x2Q,x);
-
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- ECP2_ZZZ_neg(&xQ);
-#endif
-
- ECP2_ZZZ_sub(&x2Q,&xQ);
- ECP2_ZZZ_sub(&x2Q,Q);
-
- ECP2_ZZZ_sub(&xQ,Q);
- ECP2_ZZZ_frob(&xQ,&X);
-
- ECP2_ZZZ_dbl(Q);
- ECP2_ZZZ_frob(Q,&X);
- ECP2_ZZZ_frob(Q,&X);
-
- ECP2_ZZZ_add(Q,&x2Q);
- ECP2_ZZZ_add(Q,&xQ);
-
- ECP2_ZZZ_affine(Q);
-
-#endif
-}
-
-void ECP2_ZZZ_generator(ECP2_ZZZ *G)
-{
- FP2_YYY wx,wy;
-
- FP_YYY_rcopy(&(wx.a),CURVE_Pxa_ZZZ);
- FP_YYY_rcopy(&(wx.b),CURVE_Pxb_ZZZ);
- FP_YYY_rcopy(&(wy.a),CURVE_Pya_ZZZ);
- FP_YYY_rcopy(&(wy.b),CURVE_Pyb_ZZZ);
- ECP2_ZZZ_set(G,&wx,&wy);
-}
-
-/*
-
-int main()
-{
- int i;
- ECP2_ZZZ G,P;
- ECP2_ZZZ *W;
- FP2_YYY x,y,w,z,f;
- BIG_XXX r,xa,xb,ya,yb;
-
- BIG_XXX_rcopy(xa,CURVE_Pxa_ZZZ);
- BIG_XXX_rcopy(xb,CURVE_Pxb_ZZZ);
- BIG_XXX_rcopy(ya,CURVE_Pya_ZZZ);
- BIG_XXX_rcopy(yb,CURVE_Pyb_ZZZ);
-
- FP2_YYY_from_BIGs(&x,xa,xb);
- FP2_YYY_from_BIGs(&y,ya,yb);
- ECP2_ZZZ_set(&G,&x,&y);
- if (G.inf) printf("Failed to set - point not on curve\n");
- else printf("set success\n");
-
- ECP2_ZZZ_output(&G);
-
-// BIG_XXX_copy(r,CURVE_Order_ZZZ);
- BIG_XXX_rcopy(r,Modulus_YYY);
-
- ECP2_ZZZ_copy(&P,&G);
-
- ECP2_ZZZ_mul(&P,r);
-
- ECP2_ZZZ_output(&P);
-
- FP2_YYY_gfc(&f,12);
-
- ECP2_ZZZ_frob(&G,&f);
-
- ECP2_ZZZ_output(&G);
-
- return 0;
-}
-
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/ecp2.h
----------------------------------------------------------------------
diff --git a/version3/c/ecp2.h b/version3/c/ecp2.h
deleted file mode 100644
index 32c0420..0000000
--- a/version3/c/ecp2.h
+++ /dev/null
@@ -1,220 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/**
- * @file ecp2.h
- * @author Mike Scott
- * @brief ECP2 Header File
- *
- */
-
-#ifndef ECP2_ZZZ_H
-#define ECP2_ZZZ_H
-
-#include "fp2_YYY.h"
-#include "config_curve_ZZZ.h"
-
-/**
- @brief ECP2 Structure - Elliptic Curve Point over quadratic extension field
-*/
-
-typedef struct
-{
-// int inf; /**< Infinity Flag */
- FP2_YYY x; /**< x-coordinate of point */
- FP2_YYY y; /**< y-coordinate of point */
- FP2_YYY z; /**< z-coordinate of point */
-} ECP2_ZZZ;
-
-
-/* Curve Params - see rom_zzz.c */
-extern const int CURVE_A_ZZZ; /**< Elliptic curve A parameter */
-extern const int CURVE_B_I_ZZZ; /**< Elliptic curve B parameter */
-extern const BIG_XXX CURVE_B_ZZZ; /**< Elliptic curve B parameter */
-extern const BIG_XXX CURVE_Order_ZZZ; /**< Elliptic curve group order */
-extern const BIG_XXX CURVE_Cof_ZZZ; /**< Elliptic curve cofactor */
-extern const BIG_XXX CURVE_Bnx_ZZZ; /**< Elliptic curve parameter */
-
-extern const BIG_XXX Fra_YYY; /**< real part of BN curve Frobenius Constant */
-extern const BIG_XXX Frb_YYY; /**< imaginary part of BN curve Frobenius Constant */
-
-
-/* Generator point on G1 */
-extern const BIG_XXX CURVE_Gx_ZZZ; /**< x-coordinate of generator point in group G1 */
-extern const BIG_XXX CURVE_Gy_ZZZ; /**< y-coordinate of generator point in group G1 */
-
-/* For Pairings only */
-
-/* Generator point on G2 */
-extern const BIG_XXX CURVE_Pxa_ZZZ; /**< real part of x-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pxb_ZZZ; /**< imaginary part of x-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pya_ZZZ; /**< real part of y-coordinate of generator point in group G2 */
-extern const BIG_XXX CURVE_Pyb_ZZZ; /**< imaginary part of y-coordinate of generator point in group G2 */
-
-/* ECP2 E(Fp2) prototypes */
-/** @brief Tests for ECP2 point equal to infinity
- *
- @param P ECP2 point to be tested
- @return 1 if infinity, else returns 0
- */
-extern int ECP2_ZZZ_isinf(ECP2_ZZZ *P);
-/** @brief Copy ECP2 point to another ECP2 point
- *
- @param P ECP2 instance, on exit = Q
- @param Q ECP2 instance to be copied
- */
-extern void ECP2_ZZZ_copy(ECP2_ZZZ *P,ECP2_ZZZ *Q);
-/** @brief Set ECP2 to point-at-infinity
- *
- @param P ECP2 instance to be set to infinity
- */
-extern void ECP2_ZZZ_inf(ECP2_ZZZ *P);
-/** @brief Tests for equality of two ECP2s
- *
- @param P ECP2 instance to be compared
- @param Q ECP2 instance to be compared
- @return 1 if P=Q, else returns 0
- */
-extern int ECP2_ZZZ_equals(ECP2_ZZZ *P,ECP2_ZZZ *Q);
-/** @brief Converts an ECP2 point from Projective (x,y,z) coordinates to affine (x,y) coordinates
- *
- @param P ECP2 instance to be converted to affine form
- */
-extern void ECP2_ZZZ_affine(ECP2_ZZZ *P);
-/** @brief Extract x and y coordinates of an ECP2 point P
- *
- If x=y, returns only x
- @param x FP2 on exit = x coordinate of point
- @param y FP2 on exit = y coordinate of point (unless x=y)
- @param P ECP2 instance (x,y)
- @return -1 if P is point-at-infinity, else 0
- */
-extern int ECP2_ZZZ_get(FP2_YYY *x,FP2_YYY *y,ECP2_ZZZ *P);
-/** @brief Formats and outputs an ECP2 point to the console, converted to affine coordinates
- *
- @param P ECP2 instance to be printed
- */
-extern void ECP2_ZZZ_output(ECP2_ZZZ *P);
-/** @brief Formats and outputs an ECP2 point to the console, in projective coordinates
- *
- @param P ECP2 instance to be printed
- */
-extern void ECP2_ZZZ_outputxyz(ECP2_ZZZ *P);
-/** @brief Formats and outputs an ECP2 point to an octet string
- *
- The octet string is created in the form x|y.
- Convert the real and imaginary parts of the x and y coordinates to big-endian base 256 form.
- @param S output octet string
- @param P ECP2 instance to be converted to an octet string
- */
-extern void ECP2_ZZZ_toOctet(octet *S,ECP2_ZZZ *P);
-/** @brief Creates an ECP2 point from an octet string
- *
- The octet string is in the form x|y
- The real and imaginary parts of the x and y coordinates are in big-endian base 256 form.
- @param P ECP2 instance to be created from the octet string
- @param S input octet string
- return 1 if octet string corresponds to a point on the curve, else 0
- */
-extern int ECP2_ZZZ_fromOctet(ECP2_ZZZ *P,octet *S);
-/** @brief Calculate Right Hand Side of curve equation y^2=f(x)
- *
- Function f(x)=x^3+Ax+B
- Used internally.
- @param r FP2 value of f(x)
- @param x FP2 instance
- */
-extern void ECP2_ZZZ_rhs(FP2_YYY *r,FP2_YYY *x);
-/** @brief Set ECP2 to point(x,y) given x and y
- *
- Point P set to infinity if no such point on the curve.
- @param P ECP2 instance to be set (x,y)
- @param x FP2 x coordinate of point
- @param y FP2 y coordinate of point
- @return 1 if point exists, else 0
- */
-extern int ECP2_ZZZ_set(ECP2_ZZZ *P,FP2_YYY *x,FP2_YYY *y);
-/** @brief Set ECP to point(x,[y]) given x
- *
- Point P set to infinity if no such point on the curve. Otherwise y coordinate is calculated from x.
- @param P ECP instance to be set (x,[y])
- @param x BIG x coordinate of point
- @return 1 if point exists, else 0
- */
-extern int ECP2_ZZZ_setx(ECP2_ZZZ *P,FP2_YYY *x);
-/** @brief Negation of an ECP2 point
- *
- @param P ECP2 instance, on exit = -P
- */
-extern void ECP2_ZZZ_neg(ECP2_ZZZ *P);
-/** @brief Doubles an ECP2 instance P
- *
- @param P ECP2 instance, on exit =2*P
- */
-extern int ECP2_ZZZ_dbl(ECP2_ZZZ *P);
-/** @brief Adds ECP2 instance Q to ECP2 instance P
- *
- @param P ECP2 instance, on exit =P+Q
- @param Q ECP2 instance to be added to P
- */
-extern int ECP2_ZZZ_add(ECP2_ZZZ *P,ECP2_ZZZ *Q);
-/** @brief Subtracts ECP instance Q from ECP2 instance P
- *
- @param P ECP2 instance, on exit =P-Q
- @param Q ECP2 instance to be subtracted from P
- */
-extern void ECP2_ZZZ_sub(ECP2_ZZZ *P,ECP2_ZZZ *Q);
-/** @brief Multiplies an ECP2 instance P by a BIG, side-channel resistant
- *
- Uses fixed sized windows.
- @param P ECP2 instance, on exit =b*P
- @param b BIG number multiplier
-
- */
-extern void ECP2_ZZZ_mul(ECP2_ZZZ *P,BIG_XXX b);
-/** @brief Multiplies an ECP2 instance P by the internal modulus p, using precalculated Frobenius constant f
- *
- Fast point multiplication using Frobenius
- @param P ECP2 instance, on exit = p*P
- @param f FP2 precalculated Frobenius constant
-
- */
-extern void ECP2_ZZZ_frob(ECP2_ZZZ *P,FP2_YYY *f);
-/** @brief Calculates P=b[0]*Q[0]+b[1]*Q[1]+b[2]*Q[2]+b[3]*Q[3]
- *
- @param P ECP2 instance, on exit = b[0]*Q[0]+b[1]*Q[1]+b[2]*Q[2]+b[3]*Q[3]
- @param Q ECP2 array of 4 points
- @param b BIG array of 4 multipliers
- */
-extern void ECP2_ZZZ_mul4(ECP2_ZZZ *P,ECP2_ZZZ *Q,BIG_XXX *b);
-
-/** @brief Maps random BIG to curve point of correct order
- *
- @param P ECP2 instance of correct order
- @param w OCTET byte array to be mapped
- */
-extern void ECP2_ZZZ_mapit(ECP2_ZZZ *P,octet *w);
-
-/** @brief Get Group Generator from ROM
- *
- @param G ECP2 instance
- */
-extern void ECP2_ZZZ_generator(ECP2_ZZZ *G);
-
-#endif
[44/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/rom.c
----------------------------------------------------------------------
diff --git a/version22/c/rom.c b/version22/c/rom.c
deleted file mode 100644
index 9fada44..0000000
--- a/version22/c/rom.c
+++ /dev/null
@@ -1,1206 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL - ROM file */
-
-#include "amcl.h"
-
-/* Field and Curve Details */
-
-#if CHOICE==BN254
-
-/* Nogami's fast curve */
-
-const int CURVE_A=0;
-#if CHUNK==16
-
-const chunk MConst=0x15E5;
-const BIG Modulus= {0x13,0x0,0x0,0x0,0x1A70,0x9,0x0,0x0,0x100,0x309,0x2,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A};
-const BIG CURVE_Order= {0xD,0x0,0x0,0x0,0xA10,0x8,0x0,0x0,0x1F80,0x1FFC,0x1,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A};
-const BIG CURVE_Cof= {0x1};
-const BIG CURVE_B= {0x2};
-const BIG CURVE_Bnx= {0x1,0x0,0x0,0x0,0x408};
-const BIG CURVE_Cru= {0x7,0x0,0x0,0x0,0xCD8,0x3,0x0,0x0,0x900,0x1248,0x0,0x0,0x400,0x19B1,0x126};
-const BIG CURVE_Fra= {0xDE9,0x1953,0x101B,0x1BCD,0xE17,0x1BE1,0x14FD,0x1249,0x974,0x1C28,0x54F,0x108D,0x150A,0x4CD,0x12D9,0xF91,0x12E,0x10C9,0xDDD,0x36};
-const BIG CURVE_Frb= {0x122A,0x6AC,0xFE4,0x432,0xC58,0x428,0xB02,0xDB6,0x178B,0x6E0,0x1AB2,0xF72,0x2F5,0x1559,0x140F,0x106E,0x1ED1,0x1348,0x1AFB,0x13};
-//const BIG CURVE_Pxa={0xCB4,0xFE8,0x1E4D,0x1658,0x2BA,0x2BE,0x13F3,0x33C,0x5E3,0x182D,0x1D8E,0xDBE,0x124F,0xFDB,0x8CD,0x14FD,0x155E,0x6A7,0x16C1,0x12};
-//const BIG CURVE_Pxb={0x455,0x4B1,0x1E4,0xFA,0x38A,0x152F,0x149E,0x17C7,0xD86,0x1CEB,0x11FC,0xAE,0x189E,0x15F,0x1275,0x8F6,0x83,0x53E,0x1536,0xB};
-//const BIG CURVE_Pya={0x46C,0x1045,0x1A1E,0x1B9C,0x1F9A,0xC8,0x629,0x61D,0x82B,0xB48,0xC7C,0xF09,0x4C3,0x168E,0x1E85,0x627,0x5E5,0x15F9,0xFCA,0x15};
-//const BIG CURVE_Pyb={0x6EC,0xF98,0x1501,0x1F11,0xE6D,0x9D0,0xB74,0xED,0x482,0x12E0,0x75A,0xF03,0x11E4,0x313,0x16CE,0x1B57,0x679,0x143F,0x1DA6,0x30};
-const BIG CURVE_Pxa= {0x1B2B,0x1F,0x932,0x1C84,0x191E,0x1F86,0x262,0x1769,0x48B,0x1523,0x1B6D,0x18C3,0x7E8,0x6C6,0x1FAE,0x16C5,0x119E,0x5DA,0x684,0xC};
-const BIG CURVE_Pxb= {0xCF3,0x1EAA,0x1079,0x1869,0x10D8,0x25B,0x18DE,0xD75,0xD74,0x18FA,0xA96,0x1305,0x18C5,0x553,0xCC4,0xF06,0x1A73,0x17CD,0x5AA,0xA};
-const BIG CURVE_Pya= {0xB9A,0xE69,0x1E24,0x1C0,0x119F,0x4DE,0x16F8,0x1CD7,0x1D0A,0x194D,0x88,0x1319,0x966,0x870,0xE6A,0x1268,0xBAF,0x1D03,0x625,0x4};
-const BIG CURVE_Pyb= {0xE9B,0x19D6,0x1B1A,0x1A35,0x18A2,0x4AB,0x1CE7,0x1FFA,0x1006,0x1D84,0x34D,0xBE7,0x56F,0x16A2,0x1A3D,0x2A4,0x1C8B,0x1873,0xECA,0x1D};
-const BIG CURVE_Gx= {0x12,0x0,0x0,0x0,0x1A70,0x9,0x0,0x0,0x100,0x309,0x2,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A};
-const BIG CURVE_Gy= {0x1};
-const BIG CURVE_W[2]= {{0x3,0x0,0x0,0x0,0x40,0x1,0x0,0x0,0x180,0x30C},{0x1,0x0,0x0,0x0,0x810}};
-const BIG CURVE_SB[2][2]= {{{0x4,0x0,0x0,0x0,0x850,0x1,0x0,0x0,0x180,0x30C},{0x1,0x0,0x0,0x0,0x810}},{{0x1,0x0,0x0,0x0,0x810},{0xA,0x0,0x0,0x0,0x9D0,0x7,0x0,0x0,0x1E00,0x1CF0,0x1,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A}}};
-const BIG CURVE_WB[4]= {{0x0,0x0,0x0,0x0,0x408,0x0,0x0,0x0,0x80,0x104},{0x5,0x0,0x0,0x0,0x14A8,0x2,0x0,0x0,0x700,0xE38,0x0,0x0,0x1800,0x1120,0xC4},{0x3,0x0,0x0,0x0,0xC58,0x1,0x0,0x0,0x380,0x71C,0x0,0x0,0xC00,0x890,0x62},{0x1,0x0,0x0,0x0,0xC18,0x0,0x0,0x0,0x80,0x104}};
-const BIG CURVE_BB[4][4]= {{{0xD,0x0,0x0,0x0,0x608,0x8,0x0,0x0,0x1F80,0x1FFC,0x1,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A},{0xC,0x0,0x0,0x0,0x608,0x8,0x0,0x0,0x1F80,0x1FFC,0x1,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A},{0xC,0x0,0x0,0x0,0x608,0x8,0x0,0x0,0x1F80,0x1FFC,0x1,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A},{0x2,0x0,0x0,0x0,0x810}},{{0x1,0x0,0x0,0x0,0x810},{0xC,0x0,0x0,0x0,0x608,0x8,0x0,0x0,0x1F80,0x1FFC,0x1,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A},{0xD,0x0,0x0,0x0,0x608,0x8,0x0,0x0,0x1F80,0x1FFC,0x1,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A},{0xC,0x0,0x0,0x0,0x608,0x8,0x0,0x0,0x1F80,0x1FFC,0x1,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A}},{{0x2,0x0,0x0,0x0,0x810},{0x1,0x0,0x0,0x0,0x810},{0x1,0x0,0x0,0x0,0x810},{0x1,0x0,0x0,0x0,0x810}},{{0x2,0x0,0x0,0x0,0x408},{0x2,0x0,0x0,0x0,0x1020},{0xA,0x0,0x0,0x0,0x200,0x8,0x0,0x0,0x1F80,0x1FFC,0x1,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A},{0x2,0x0,0x0,0x0,0x408}}};
-#endif
-
-#if CHUNK==32
-
-const chunk MConst=0x179435E5;
-const BIG Modulus= {0x13,0x18000000,0x4E9,0x2000000,0x8612,0x6C00000,0x6E8D1,0x10480000,0x252364};
-const BIG CURVE_Order= {0xD,0x8000000,0x428,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364};
-const BIG CURVE_Cof= {0x1};
-const BIG CURVE_B= {0x2};
-const BIG CURVE_Bnx= {0x1,0x4000000,0x10};
-const BIG CURVE_Cru= {0x7,0xC000000,0x1B3,0x12000000,0x2490,0x11200000,0x126CD};
-const BIG CURVE_Fra= {0xF2A6DE9,0xBEF3603,0xFDDF0B8,0x12E9249A,0x953F850,0xDA85423,0x1232D926,0x32425CF,0x1B3776};
-const BIG CURVE_Frb= {0x10D5922A,0xC10C9FC,0x10221431,0xF16DB65,0x16AC8DC1,0x1917ABDC,0xDD40FAA,0xD23DA30,0x9EBEE};
-//const BIG CURVE_Pxa={0x15FD0CB4,0x1D5963C9,0x1F315F0A,0xBC633C9,0x1763B05A,0x1B927B6F,0x1FA8CD7E,0x1A9EABD4,0x95B04};
-//const BIG CURVE_Pxb={0x10962455,0x503E83C,0x9EA978E,0x1B0D7C7A,0x147F39D6,0x1FC4F02B,0x1ED2750A,0x14F81068,0x5D4D8};
-//const BIG CURVE_Pya={0x1A08A46C,0xD6E7343,0x290647E,0x105661D3,0xB1F1690,0xE261BC2,0x4FE85B4,0x17E4BCA6,0xABF2A};
-//const BIG CURVE_Pyb={0x5F306EC,0x16FC46A0,0x1744E839,0x9040ED5,0x19D6A5C0,0x138F23C0,0xAF6CE18,0x10FCCF3B,0x18769A};
-const BIG CURVE_Pxa= {0x803FB2B,0xF721126,0x62FC364,0x9177691,0x1EDB6A46,0x63F4630,0x18BFAE36,0x176A33D6,0x61A10};
-const BIG CURVE_Pxb= {0x7D54CF3,0xC61A60F,0xDE12DC3,0x1AE8D75C,0xAA5B1F4,0x13C62CC1,0xCCC42A,0x1F374E6F,0x516AA};
-const BIG CURVE_Pya= {0x11CD2B9A,0xF8703C4,0xF826F46,0x1A15CD7B,0x822329B,0x104B34C6,0xD0E6A43,0x140D75F2,0x21897};
-const BIG CURVE_Pyb= {0xB3ACE9B,0x1168D763,0xE7255E2,0xDFFAE,0x18D37B09,0x22B7AF9,0x149A3DB5,0x1CF9162,0xEBB2B};
-const BIG CURVE_Gx= {0x12,0x18000000,0x4E9,0x2000000,0x8612,0x6C00000,0x6E8D1,0x10480000,0x252364};
-const BIG CURVE_Gy= {0x1};
-const BIG CURVE_W[2]= {{0x3,0x0,0x81,0x3000000,0x618},{0x1,0x8000000,0x20}};
-const BIG CURVE_SB[2][2]= {{{0x4,0x8000000,0xA1,0x3000000,0x618},{0x1,0x8000000,0x20}},{{0x1,0x8000000,0x20},{0xA,0x8000000,0x3A7,0x1C000000,0x79E1,0x6C00000,0x6E8D1,0x10480000,0x252364}}};
-const BIG CURVE_WB[4]= {{0x0,0x4000000,0x10,0x1000000,0x208},{0x5,0x14000000,0x152,0xE000000,0x1C70,0xC00000,0xC489},{0x3,0xC000000,0xB1,0x7000000,0xE38,0x10600000,0x6244},{0x1,0xC000000,0x30,0x1000000,0x208}};
-const BIG CURVE_BB[4][4]= {{{0xD,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364},{0xC,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364},{0xC,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364},{0x2,0x8000000,0x20}},{{0x1,0x8000000,0x20},{0xC,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364},{0xD,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364},{0xC,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364}},{{0x2,0x8000000,0x20},{0x1,0x8000000,0x20},{0x1,0x8000000,0x20},{0x1,0x8000000,0x20}},{{0x2,0x4000000,0x10},{0x2,0x10000000,0x40},{0xA,0x0,0x408,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364},{0x2,0x4000000,0x10}}};
-#endif
-
-#if CHUNK==64
-
-const chunk MConst=0x435E50D79435E5;
-const BIG Modulus= {0x13,0x13A7,0x80000000086121,0x40000001BA344D,0x25236482};
-const BIG CURVE_Order= {0xD,0x800000000010A1,0x8000000007FF9F,0x40000001BA344D,0x25236482};
-const BIG CURVE_Cof= {0x1};
-const BIG CURVE_B= {0x2};
-const BIG CURVE_Bnx= {0x80000000000001,0x40};
-const BIG CURVE_Cru= {0x80000000000007,0x6CD,0x40000000024909,0x49B362};
-const BIG CURVE_Fra= {0x7DE6C06F2A6DE9,0x74924D3F77C2E1,0x50A846953F8509,0x212E7C8CB6499B,0x1B377619};
-const BIG CURVE_Frb= {0x82193F90D5922A,0x8B6DB2C08850C5,0x2F57B96AC8DC17,0x1ED1837503EAB2,0x9EBEE69};
-//const BIG CURVE_Pxa={0xAB2C7935FD0CB4,0xE319E4FCC57C2B,0x24F6DF763B05A5,0xF55EA7EA335FB7,0x95B04D4};
-//const BIG CURVE_Pxb={0xA07D0790962455,0x86BE3D27AA5E38,0x89E05747F39D6D,0xC08347B49D42BF,0x5D4D8A7};
-//const BIG CURVE_Pya={0xADCE687A08A46C,0x2B30E98A4191F9,0x4C3784B1F16908,0x25E5313FA16D1C,0xABF2ABF};
-//const BIG CURVE_Pyb={0xDF88D405F306EC,0x82076ADD13A0E6,0x1E47819D6A5C04,0xE679DABDB38627,0x18769A87};
-const BIG CURVE_Pxa= {0xEE4224C803FB2B,0x8BBB4898BF0D91,0x7E8C61EDB6A464,0x519EB62FEB8D8C,0x61A10BB};
-const BIG CURVE_Pxb= {0x8C34C1E7D54CF3,0x746BAE3784B70D,0x8C5982AA5B1F4D,0xBA737833310AA7,0x516AAF9};
-const BIG CURVE_Pya= {0xF0E07891CD2B9A,0xAE6BDBE09BD19,0x96698C822329BD,0x6BAF93439A90E0,0x21897A0};
-const BIG CURVE_Pyb= {0x2D1AEC6B3ACE9B,0x6FFD739C9578A,0x56F5F38D37B090,0x7C8B15268F6D44,0xEBB2B0E};
-
-const BIG CURVE_Gx= {0x12,0x13A7,0x80000000086121,0x40000001BA344D,0x25236482};
-const BIG CURVE_Gy= {0x1};
-const BIG CURVE_W[2]= {{0x3,0x80000000000204,0x6181},{0x1,0x81}};
-const BIG CURVE_SB[2][2]= {{{0x4,0x80000000000285,0x6181},{0x1,0x81}},{{0x1,0x81},{0xA,0xE9D,0x80000000079E1E,0x40000001BA344D,0x25236482}}};
-const BIG CURVE_WB[4]= {{0x80000000000000,0x80000000000040,0x2080},{0x80000000000005,0x54A,0x8000000001C707,0x312241},{0x80000000000003,0x800000000002C5,0xC000000000E383,0x189120},{0x80000000000001,0x800000000000C1,0x2080}};
-const BIG CURVE_BB[4][4]= {{{0x8000000000000D,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x8000000000000C,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x8000000000000C,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x2,0x81}},{{0x1,0x81},{0x8000000000000C,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x8000000000000D,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x8000000000000C,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482}},{{0x2,0x81},{0x1,0x81},{0x1,0x81},{0x1,0x81}},{{0x80000000000002,0x40},{0x2,0x102},{0xA,0x80000000001020,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x80000000000002,0x40}}};
-#endif
-
-#endif
-
-#if CHOICE==BN254_T
-
-/* GT-Strong BN curve */
-
-const int CURVE_A=0;
-#if CHUNK==16
-
-const chunk MConst=0x4E5;
-const BIG Modulus= {0x713,0x15A5,0x1FBB,0x1B77,0xBE9,0x125D,0x13D1,0xAC2,0xA55,0x374,0x157C,0xDF1,0x1369,0x5D5,0x1BE8,0x29,0x517,0x6DB,0x48,0x48};
-const BIG CURVE_Order= {0x10D,0x981,0x1FA3,0xAEE,0x3A7,0x59B,0xACB,0x692,0x8D4,0x74,0x157C,0xDF1,0x1369,0x5D5,0x1BE8,0x29,0x517,0x6DB,0x48,0x48};
-const BIG CURVE_Cof= {0x1};
-const BIG CURVE_B= {0x2};
-const BIG CURVE_Bnx= {0x81,0x2,0x1800,0x100,0x400};
-const BIG CURVE_Cru= {0xD87,0x1A7E,0x156A,0x16A7,0x1ADE,0x188F,0xAEA,0x14BE,0xC82,0xBB2,0x132,0xA2A,0x1476,0xD8,0x120};
-const BIG CURVE_Fra= {0x22,0xE40,0x13AB,0xBA2,0x159F,0x671,0x1BEB,0x9A,0xC49,0xDF3,0xC84,0x142,0x1F19,0x1284,0x53D,0x1887,0x9BB,0x1496,0xA28,0x26};
-const BIG CURVE_Frb= {0x6F1,0x765,0xC10,0xFD5,0x164A,0xBEB,0x17E6,0xA27,0x1E0C,0x1580,0x8F7,0xCAF,0x1450,0x1350,0x16AA,0x7A2,0x1B5B,0x1244,0x161F,0x21};
-const BIG CURVE_Pxa= {0x5BB,0x473,0x188A,0x130F,0x1BE8,0x1189,0x12A9,0x15A3,0xC00,0x1BE6,0x1522,0x82,0x1325,0x2A,0x1AF3,0x673,0x4C1,0x1E68,0x120F,0x28};
-const BIG CURVE_Pxb= {0x2C0,0x6DF,0x202,0xF11,0x13A6,0x1A42,0x78,0x1C3F,0x157F,0xBDC,0x146D,0x634,0x10A6,0x1FE2,0xB68,0x1860,0x184E,0x1599,0x1FD1,0x10};
-const BIG CURVE_Pya= {0xA1D,0x106,0x11F8,0x58,0x16C2,0xCF9,0x1A0E,0x2CF,0xCB4,0x164A,0x7DC,0xA87,0x1C6E,0x1634,0x1D28,0x17A,0x102B,0x14E0,0x1A30,0x29};
-const BIG CURVE_Pyb= {0x8F2,0xB31,0x1F1C,0x1086,0x6BD,0x1BEE,0x1EF2,0x1C2C,0xA27,0xE8,0x1C9A,0x18EA,0xA82,0x160C,0x7B7,0x97A,0x245,0x1523,0xBF8,0x2F};
-const BIG CURVE_Gx= {0x712,0x15A5,0x1FBB,0x1B77,0xBE9,0x125D,0x13D1,0xAC2,0xA55,0x374,0x157C,0xDF1,0x1369,0x5D5,0x1BE8,0x29,0x517,0x6DB,0x48,0x48};
-const BIG CURVE_Gy= {0x1};
-const BIG CURVE_W[2]= {{0x403,0xC1C,0x18,0xC86,0x1842,0xCC1,0x906,0x430,0x181,0x300},{0x101,0x4,0x1000,0x201,0x800}};
-const BIG CURVE_SB[2][2]= {{{0x504,0xC20,0x1018,0xE87,0x42,0xCC2,0x906,0x430,0x181,0x300},{0x101,0x4,0x1000,0x201,0x800}},{{0x101,0x4,0x1000,0x201,0x800},{0x1D0A,0x1D64,0x1F8A,0x1E68,0xB64,0x18D9,0x1C4,0x262,0x753,0x1D74,0x157B,0xDF1,0x1369,0x5D5,0x1BE8,0x29,0x517,0x6DB,0x48,0x48}}};
-const BIG CURVE_WB[4]= {{0x80,0x406,0x1808,0x280,0xC16,0x440,0x302,0xC10,0x80,0x100},{0xA85,0x462,0x102,0xA72,0x36B,0xE36,0xD4B,0x5F4,0x1EAD,0x1476,0x1621,0x6C6,0xDA4,0x90,0xC0},{0x583,0x232,0xC81,0x15B9,0x3B5,0x171B,0x6A5,0x12FA,0xF56,0x1A3B,0xB10,0x363,0x6D2,0x48,0x60},{0x181,0x40A,0x808,0x482,0x1416,0x440,0x302,0xC10,0x80,0x100}};
-const BIG CURVE_BB[4][4]= {{{0x8D,0x97F,0x7A3,0x9EE,0x1FA7,0x59A,0xACB,0x692,0x8D4,0x74,0x157C,0xDF1,0x1369,0x5D5,0x1BE8,0x29,0x517,0x6DB,0x48,0x48},{0x8C,0x97F,0x7A3,0x9EE,0x1FA7,0x59A,0xACB,0x692,0x8D4,0x74,0x157C,0xDF1,0x1369,0x5D5,0x1BE8,0x29,0x517,0x6DB,0x48,0x48},{0x8C,0x97F,0x7A3,0x9EE,0x1FA7,0x59A,0xACB,0x692,0x8D4,0x74,0x157C,0xDF1,0x1369,0x5D5,0x1BE8,0x29,0x517,0x6DB,0x48,0x48},{0x102,0x4,0x1000,0x201,0x800}},{{0x101,0x4,0x1000,0x201,0x800},{0x8C,0x97F,0x7A3,0x9EE,0x1FA7,0x59A,0xACB,0x692,0x8D4,0x74,0x157C,0xDF1,0x1369,0x5D5,0x1BE8,0x29,0x517,0x6DB,0x48,0x48},{0x8D,0x97F,0x7A3,0x9EE,0x1FA7,0x59A,0xACB,0x692,0x8D4,0x74,0x157C,0xDF1,0x1369,0x5D5,0x1BE8,0x29,0x517,0x6DB,0x48,0x48},{0x8C,0x97F,0x7A3,0x9EE,0x1FA7,0x59A,0xACB,0x692,0x8D4,0x74,0x157C,0xDF1,0x1369,0x5D5,0x1BE8,0x29,0x517,0x6DB,0x48,0x48}},{{0x102,0x4,0x1000,0x201,0x800},{0x101,0x4,0x1000,0x201,0x800},{0x101,0x4,0x1000,0x201,0x800},{0x101,0x4,0x1000,0x201,0x800}},{{0x82,0x2,0x1800,0x100,0x400},{0x202,0x8,0x0,0x403,
0x1000},{0xA,0x97D,0xFA3,0x8ED,0x1BA7,0x59A,0xACB,0x692,0x8D4,0x74,0x157C,0xDF1,0x1369,0x5D5,0x1BE8,0x29,0x517,0x6DB,0x48,0x48},{0x82,0x2,0x1800,0x100,0x400}}};
-#endif
-
-#if CHUNK==32
-
-const chunk MConst=0x1914C4E5;
-const BIG Modulus= {0xEB4A713,0x14EDDFF7,0x1D192EAF,0x14AAAC29,0xD5F06E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120};
-const BIG CURVE_Order= {0xD30210D,0x13ABBBF4,0xCB2CD8E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120};
-const BIG CURVE_Cof= {0x1};
-const BIG CURVE_B= {0x2};
-const BIG CURVE_Bnx= {0x4081,0x40300,0x10};
-const BIG CURVE_Cru= {0xB4FCD87,0xF5A9EAD,0xEAC47EB,0x19054BE5,0x104C9764,0x18A3B28A,0x12006};
-const BIG CURVE_Fra= {0xDC80022,0xFAE8A75,0x1EB338D6,0x189209AD,0x13211BE6,0x4F8C850,0x10E53D94,0x12593778,0x1328A2};
-const BIG CURVE_Frb= {0xECA6F1,0x53F5582,0x1E65F5D9,0x1C18A27B,0x1A3DEB01,0x10A2832B,0x1456AA9A,0x9136B67,0x10D87E};
-const BIG CURVE_Pxa= {0x88E65BB,0x144C3F11,0xA98C4EF,0x18015A39,0x1548B7CC,0xA992820,0xE7AF301,0x19A09826,0x14483F};
-const BIG CURVE_Pxb= {0x8DBE2C0,0x133C4440,0x78D214E,0xAFFC3F0,0x51B57B9,0x285318D,0xC0B68FF,0x166709D8,0x87F46};
-const BIG CURVE_Pya= {0x20CA1D,0x101623F,0xE67CDB,0x19682CFD,0x19F72C94,0x14E372A1,0xF5D28B1,0x13820561,0x14E8C2};
-const BIG CURVE_Pyb= {0x116628F2,0x1EC21BE3,0xF2DF71A,0x144FC2CF,0x172681D0,0xC54163A,0xF47B7B0,0x148C48A9,0x17AFE2};
-const BIG CURVE_Gx= {0xEB4A712,0x14EDDFF7,0x1D192EAF,0x14AAAC29,0xD5F06E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120};
-const BIG CURVE_Gy= {0x1};
-const BIG CURVE_W[2]= {{0x1838403,0x1321803,0x106660E1,0x3024304,0x600},{0x8101,0x80600,0x20}};
-const BIG CURVE_SB[2][2]= {{{0x1840504,0x13A1E03,0x10666101,0x3024304,0x600},{0x8101,0x80600,0x20}},{{0x8101,0x80600,0x20},{0xBAC9D0A,0x1279A3F1,0x1C4C6CAD,0xEA62620,0xD5EFAE8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120}}};
-const BIG CURVE_WB[4]= {{0x80C080,0xB0A0301,0x10222030,0x100C101,0x200},{0x88C4A85,0x15A9C820,0x14B71B0D,0x1D5A5F46,0x158868ED,0x106D21B1,0xC004},{0x4464583,0x1AD6E590,0xA5B8D8E,0x1EAD2FA3,0x1AC43476,0x83690D8,0x6002},{0x814181,0xB120901,0x10222050,0x100C101,0x200}};
-const BIG CURVE_BB[4][4]= {{{0xD2FE08D,0x13A7B8F4,0xCB2CD7E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120},{0xD2FE08C,0x13A7B8F4,0xCB2CD7E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120},{0xD2FE08C,0x13A7B8F4,0xCB2CD7E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120},{0x8102,0x80600,0x20}},{{0x8101,0x80600,0x20},{0xD2FE08C,0x13A7B8F4,0xCB2CD7E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120},{0xD2FE08D,0x13A7B8F4,0xCB2CD7E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120},{0xD2FE08C,0x13A7B8F4,0xCB2CD7E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120}},{{0x8102,0x80600,0x20},{0x8101,0x80600,0x20},{0x8101,0x80600,0x20},{0x8101,0x80600,0x20}},{{0x4082,0x40300,0x10},{0x10202,0x100C00,0x40},{0xD2FA00A,0x13A3B5F4,0xCB2CD6E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120},{0x4082,0x40300,0x10}}};
-#endif
-
-#if CHUNK==64
-
-const chunk MConst=0xC5A872D914C4E5;
-const BIG Modulus= {0x9DBBFEEEB4A713,0x555614F464BABE,0x3696F8D5F06E8A,0x6517014EFA0BAB,0x240120DB};
-const BIG CURVE_Order= {0x75777E8D30210D,0xD43492B2CB363A,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB};
-const BIG CURVE_Cof= {0x1};
-const BIG CURVE_B= {0x2};
-const BIG CURVE_Bnx= {0x806000004081,0x40};
-const BIG CURVE_Cru= {0xEB53D5AB4FCD87,0x82A5F2BAB11FAD,0x47651504C9764C,0x4801B1};
-const BIG CURVE_Fra= {0xF5D14EADC80022,0x4904D6FACCE359,0xF190A13211BE6C,0xC9BBC4394F6509,0x1328A292};
-const BIG CURVE_Frb= {0xA7EAB040ECA6F1,0xC513DF997D764,0x450657A3DEB01E,0x9B5B3D15AAA6A1,0x10D87E48};
-const BIG CURVE_Pxa= {0x8987E2288E65BB,0xAD1CAA6313BE,0x325041548B7CCC,0x4C1339EBCC055,0x14483FCD};
-const BIG CURVE_Pxb= {0x67888808DBE2C0,0x7FE1F81E34853A,0xA631A51B57B95,0x384EC302DA3FC5,0x87F46B3};
-const BIG CURVE_Pya= {0x202C47E020CA1D,0xB4167E8399F36C,0xC6E5439F72C94C,0x102B0BD74A2C69,0x14E8C29C};
-const BIG CURVE_Pyb= {0xD8437C716628F2,0x27E167BCB7DC6B,0xA82C7572681D0A,0x62454BD1EDEC18,0x17AFE2A4};
-const BIG CURVE_Gx= {0x9DBBFEEEB4A712,0x555614F464BABE,0x3696F8D5F06E8A,0x6517014EFA0BAB,0x240120DB};
-const BIG CURVE_Gy= {0x1};
-const BIG CURVE_W[2]= {{0x26430061838403,0x81218241998384,0x6001},{0x100C000008101,0x80}};
-const BIG CURVE_SB[2][2]= {{{0x2743C061840504,0x81218241998404,0x6001},{0x100C000008101,0x80}},{{0x100C000008101,0x80},{0x4F347E2BAC9D0A,0x5313107131B2B6,0x3696F8D5EFAE87,0x6517014EFA0BAB,0x240120DB}}};
-const BIG CURVE_WB[4]= {{0x6140602080C080,0x806080C08880C1,0x2000},{0xB53904088C4A85,0xAD2FA352DC6C36,0xDA436358868EDE,0x300120},{0x5ADCB204464583,0x5697D1A96E363B,0x6D21B1AC43476F,0x180090},{0x62412020814181,0x806080C0888141,0x2000}};
-const BIG CURVE_BB[4][4]= {{{0x74F71E8D2FE08D,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x74F71E8D2FE08C,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x74F71E8D2FE08C,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x100C000008102,0x80}},{{0x100C000008101,0x80},{0x74F71E8D2FE08C,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x74F71E8D2FE08D,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x74F71E8D2FE08C,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB}},{{0x100C000008102,0x80},{0x100C000008101,0x80},{0x100C000008101,0x80},{0x100C000008101,0x80}},{{0x806000004082,0x40},{0x2018000010202,0x100},{0x7476BE8D2FA00A,0xD43492B2CB35BA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x806000004082,0x40}}};
-#endif
-
-#endif
-
-#if CHOICE==BN254_T2
-
-const int CURVE_A=0;
-#if CHUNK==16
-
-const chunk MConst=0x1CDD;
-const BIG Modulus= {0x48B,0x305,0xAED,0x5B8,0x1E8B,0xB28,0x3C3,0x1C85,0xF93,0x40E,0x1400,0x1713,0xF3,0x710,0x16DD,0xB55,0x10F,0x412,0x1,0x48};
-const BIG CURVE_Order= {0xBF5,0xD51,0x944,0x16E3,0x1D7F,0x1C19,0x1EDC,0x1C24,0xF8D,0x10E,0x1400,0x1713,0xF3,0x710,0x16DD,0xB55,0x10F,0x412,0x1,0x48};
-const BIG CURVE_Cof= {0x1};
-const BIG CURVE_B= {0x2};
-const BIG CURVE_Bnx= {0x205,0x304,0x40,0x4,0x400};
-const BIG CURVE_Cru= {0x1D33,0x335,0x1112,0x4E,0xFB5,0x387,0x59,0xEE6,0x155B,0x11B3,0x1B3C,0x2F7,0xC36,0x3,0x120};
-const BIG CURVE_Fra= {0x1062,0x1D77,0x125C,0x4D1,0x92B,0x1E72,0xF0E,0x1366,0x1CC6,0xADD,0x1FC6,0x1F46,0x1F67,0x520,0x1AF4,0x1956,0x9E8,0x1C69,0x1382,0x24};
-const BIG CURVE_Frb= {0x1429,0x58D,0x1890,0xE6,0x1560,0xCB6,0x14B4,0x91E,0x12CD,0x1930,0x1439,0x17CC,0x18B,0x1EF,0x1BE9,0x11FE,0x1726,0x7A8,0xC7E,0x23};
-const BIG CURVE_Pxa= {0x3C8,0x1A05,0xE67,0x1924,0x4AC,0x8BC,0x598,0x149D,0x15CD,0x359,0x185C,0xAD2,0x17B0,0x1CEB,0x609,0x18C6,0x1693,0x1E7C,0x1F05,0x2D};
-const BIG CURVE_Pxb= {0x1540,0x2A4,0x2B6,0xAF5,0x105,0x883,0x1BD9,0xF7C,0x1B6F,0x8BE,0xA57,0x120F,0x565,0xC4,0x272,0xEB2,0x1D59,0x805,0xD6D,0x3D};
-const BIG CURVE_Pya= {0x513,0x110,0x1145,0x17D9,0x1147,0x19BD,0x1839,0xF10,0x44A,0x934,0xD7C,0x1072,0x51B,0x6FD,0xA75,0x455,0x1614,0x4C3,0x3B9,0x3D};
-const BIG CURVE_Pyb= {0x78E,0x1BE7,0x3D5,0x1265,0x1FB,0x12BC,0x9BE,0x8DC,0x1EB7,0x713,0x7EE,0x1B78,0xA93,0xEBB,0xE8A,0x77B,0x1AE3,0x66D,0x13BD,0x47};
-const BIG CURVE_Gx= {0x48A,0x305,0xAED,0x5B8,0x1E8B,0xB28,0x3C3,0x1C85,0xF93,0x40E,0x1400,0x1713,0xF3,0x710,0x16DD,0xB55,0x10F,0x412,0x1,0x48};
-const BIG CURVE_Gy= {0x1};
-const BIG CURVE_W[2]= {{0x1083,0x9A3,0xA8,0xEC5,0x110B,0xF0E,0x4E6,0x60,0x6,0x300},{0x409,0x608,0x80,0x8,0x800}};
-const BIG CURVE_SB[2][2]= {{{0x148C,0xFAB,0x128,0xECD,0x190B,0xF0E,0x4E6,0x60,0x6,0x300},{0x409,0x608,0x80,0x8,0x800}},{{0x409,0x608,0x80,0x8,0x800},{0x1B72,0x3AD,0x89C,0x81E,0xC74,0xD0B,0x19F6,0x1BC4,0xF87,0x1E0E,0x13FF,0x1713,0xF3,0x710,0x16DD,0xB55,0x10F,0x412,0x1,0x48}}};
-const BIG CURVE_WB[4]= {{0x224,0x1385,0x1522,0x4E5,0x1459,0x504,0x1A2,0x20,0x2,0x100},{0xF19,0x187,0xB3C,0x14AE,0x1D5,0x1B9,0x18D5,0xA2E,0x396,0xDCD,0x1228,0x1FA,0x824,0x2,0xC0},{0x188F,0x245,0x5BE,0x1A59,0x12EA,0x10DC,0xC6A,0x517,0x11CB,0x6E6,0x914,0xFD,0x412,0x1,0x60},{0x62D,0x198D,0x15A2,0x4ED,0x1C59,0x504,0x1A2,0x20,0x2,0x100}};
-const BIG CURVE_BB[4][4]= {{{0x9F1,0xA4D,0x904,0x16DF,0x197F,0x1C19,0x1EDC,0x1C24,0xF8D,0x10E,0x1400,0x1713,0xF3,0x710,0x16DD,0xB55,0x10F,0x412,0x1,0x48},{0x9F0,0xA4D,0x904,0x16DF,0x197F,0x1C19,0x1EDC,0x1C24,0xF8D,0x10E,0x1400,0x1713,0xF3,0x710,0x16DD,0xB55,0x10F,0x412,0x1,0x48},{0x9F0,0xA4D,0x904,0x16DF,0x197F,0x1C19,0x1EDC,0x1C24,0xF8D,0x10E,0x1400,0x1713,0xF3,0x710,0x16DD,0xB55,0x10F,0x412,0x1,0x48},{0x40A,0x608,0x80,0x8,0x800}},{{0x409,0x608,0x80,0x8,0x800},{0x9F0,0xA4D,0x904,0x16DF,0x197F,0x1C19,0x1EDC,0x1C24,0xF8D,0x10E,0x1400,0x1713,0xF3,0x710,0x16DD,0xB55,0x10F,0x412,0x1,0x48},{0x9F1,0xA4D,0x904,0x16DF,0x197F,0x1C19,0x1EDC,0x1C24,0xF8D,0x10E,0x1400,0x1713,0xF3,0x710,0x16DD,0xB55,0x10F,0x412,0x1,0x48},{0x9F0,0xA4D,0x904,0x16DF,0x197F,0x1C19,0x1EDC,0x1C24,0xF8D,0x10E,0x1400,0x1713,0xF3,0x710,0x16DD,0xB55,0x10F,0x412,0x1,0x48}},{{0x40A,0x608,0x80,0x8,0x800},{0x409,0x608,0x80,0x8,0x800},{0x409,0x608,0x80,0x8,0x800},{0x409,0x608,0x80,0x8,0x800}},{{0x206,0x304,0x40,0x4,0x400},{0x8
12,0xC10,0x100,0x10,0x1000},{0x7EA,0x749,0x8C4,0x16DB,0x157F,0x1C19,0x1EDC,0x1C24,0xF8D,0x10E,0x1400,0x1713,0xF3,0x710,0x16DD,0xB55,0x10F,0x412,0x1,0x48},{0x206,0x304,0x40,0x4,0x400}}};
-#endif
-
-#if CHUNK==32
-
-const chunk MConst=0x6505CDD;
-const BIG Modulus= {0x1460A48B,0x596E15D,0x1C35947A,0x1F27C851,0x1D00081C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004};
-const BIG CURVE_Order= {0x11AA2BF5,0x1FDB8D28,0xDCE0CF5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004};
-const BIG CURVE_Cof= {0x1};
-const BIG CURVE_B= {0x2};
-const BIG CURVE_Bnx= {0x608205,0x1008,0x10};
-const BIG CURVE_Cru= {0x866BD33,0x1A813A22,0x591C3BE,0xAB6EE60,0x1ECF2367,0x361B0BD,0x12000};
-const BIG CURVE_Fra= {0x13AEF062,0x1593464B,0x10EF3924,0x198D3667,0x17F195BB,0xFB3FD1,0xADAF429,0x11A53D19,0x124E0B};
-const BIG CURVE_Frb= {0xB1B429,0x10039B12,0xB465B55,0x59A91EA,0x50E7261,0xF0C5DF3,0x1FDBE90F,0x1EA2E4D1,0x11B1F8};
-const BIG CURVE_Pxa= {0x1F40A3C8,0x166491CC,0x19845E12,0xB9B49D2,0x161706B3,0xBBD82B4,0x18C609E7,0x19F2D278,0x16FC17};
-const BIG CURVE_Pxb= {0x18549540,0x2ABD456,0x1D944184,0x16DEF7CD,0x1A95D17D,0x42B2C83,0x16427206,0x17AB2E,0x1EB5B5};
-const BIG CURVE_Pya= {0x14220513,0x3DF6628,0x39CDEC5,0x894F10C,0x135F1268,0x1D28DC1C,0xAAA7537,0x130EC284,0x1E8EE4};
-const BIG CURVE_Pyb= {0x177CE78E,0x1DC9947A,0x1BE95E07,0x1D6E8DC4,0x1FB8E27,0x1B549EDE,0xF6E8A75,0x19B75C67,0x23CEF4};
-const BIG CURVE_Gx= {0x1460A48A,0x596E15D,0x1C35947A,0x1F27C851,0x1D00081C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004};
-const BIG CURVE_Gy= {0x1};
-const BIG CURVE_W[2]= {{0x1347083,0x5BB1415,0xE678744,0xC0602,0x600},{0xC10409,0x2010,0x20}};
-const BIG CURVE_SB[2][2]= {{{0x1F5748C,0x5BB3425,0xE678764,0xC0602,0x600},{0xC10409,0x2010,0x20}},{{0xC10409,0x2010,0x20},{0x1075BB72,0x1A207913,0x1F6685B1,0x1F0FBC4C,0x1CFFFC1C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004}}};
-const BIG CURVE_WB[4]= {{0xA70A224,0xC9396A4,0x1A228251,0x40200,0x200},{0x1030EF19,0xAD2B967,0xD50DC87,0x72CA2EC,0x148A1B9A,0x241207E,0xC000},{0x1848B88F,0x156964B7,0x6A86E4B,0x3965176,0xA450DCD,0x120903F,0x6000},{0xB31A62D,0xC93B6B4,0x1A228271,0x40200,0x200}};
-const BIG CURVE_BB[4][4]= {{{0x1149A9F1,0x1FDB7D20,0xDCE0CE5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004},{0x1149A9F0,0x1FDB7D20,0xDCE0CE5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004},{0x1149A9F0,0x1FDB7D20,0xDCE0CE5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004},{0xC1040A,0x2010,0x20}},{{0xC10409,0x2010,0x20},{0x1149A9F0,0x1FDB7D20,0xDCE0CE5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004},{0x1149A9F1,0x1FDB7D20,0xDCE0CE5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004},{0x1149A9F0,0x1FDB7D20,0xDCE0CE5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004}},{{0xC1040A,0x2010,0x20},{0xC10409,0x2010,0x20},{0xC10409,0x2010,0x20},{0xC10409,0x2010,0x20}},{{0x608206,0x1008,0x10},{0x1820812,0x4020,0x40},{0x10E927EA,0x1FDB6D18,0xDCE0CD5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004},{0x608206,0x1008,0x10}}};
-#endif
-
-#if CHUNK==64
-
-const chunk MConst=0xFE6A47A6505CDD;
-const BIG Modulus= {0xB2DC2BB460A48B,0x93E428F0D651E8,0xF3B89D00081CF,0x410F5AADB74E20,0x24000482};
-const BIG CURVE_Order= {0xFB71A511AA2BF5,0x8DE127B73833D7,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482};
-const BIG CURVE_Cof= {0x1};
-const BIG CURVE_B= {0x2};
-const BIG CURVE_Bnx= {0x20100608205,0x40};
-const BIG CURVE_Cru= {0x5027444866BD33,0x5B773016470EFB,0xC3617BECF23675,0x480006};
-const BIG CURVE_Fra= {0xB268C973AEF062,0xC69B33C3BCE492,0xF67FA37F195BBC,0x29E8CAB6BD0A41,0x124E0B8D};
-const BIG CURVE_Frb= {0x736240B1B429,0xCD48F52D196D56,0x18BBE650E72612,0x17268FF6FA43DE,0x11B1F8F5};
-const BIG CURVE_Pxa= {0xCC92399F40A3C8,0xCDA4E96611784A,0x7B056961706B35,0x9693C6318279D7,0x16FC17CF};
-const BIG CURVE_Pxb= {0x557A8AD8549540,0x6F7BE6F6510610,0x565907A95D17DB,0xBD5975909C8188,0x1EB5B500};
-const BIG CURVE_Pya= {0x7BECC514220513,0x4A78860E737B14,0x51B83935F12684,0x761422AA9D4DFA,0x1E8EE498};
-const BIG CURVE_Pyb= {0xB9328F577CE78E,0xB746E26FA5781F,0xA93DBC1FB8E27E,0xBAE33BDBA29D76,0x23CEF4CD};
-const BIG CURVE_Gx= {0xB2DC2BB460A48A,0x93E428F0D651E8,0xF3B89D00081CF,0x410F5AADB74E20,0x24000482};
-const BIG CURVE_Gy= {0x1};
-const BIG CURVE_W[2]= {{0xB76282A1347083,0x60301399E1D10,0x6000},{0x40200C10409,0x80}};
-const BIG CURVE_SB[2][2]= {{{0xB76684A1F5748C,0x60301399E1D90,0x6000},{0x40200C10409,0x80}},{{0x40200C10409,0x80},{0x440F227075BB72,0x87DE267D9A16C7,0xF3B89CFFFC1CF,0x410F5AADB74E20,0x24000482}}};
-const BIG CURVE_WB[4]= {{0x9272D48A70A224,0x20100688A0945,0x2000},{0x5A572CF030EF19,0x9651763543721D,0x8240FD48A1B9A3,0x300004},{0xAD2C96F848B88F,0xCB28BB1AA1B92E,0x41207EA450DCD1,0x180002},{0x9276D68B31A62D,0x20100688A09C5,0x2000}};
-const BIG CURVE_BB[4][4]= {{{0xFB6FA41149A9F1,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0xFB6FA41149A9F0,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0xFB6FA41149A9F0,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0x40200C1040A,0x80}},{{0x40200C10409,0x80},{0xFB6FA41149A9F0,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0xFB6FA41149A9F1,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0xFB6FA41149A9F0,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482}},{{0x40200C1040A,0x80},{0x40200C10409,0x80},{0x40200C10409,0x80},{0x40200C10409,0x80}},{{0x20100608206,0x40},{0x80401820812,0x100},{0xFB6DA310E927EA,0x8DE127B7383357,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0x20100608206,0x40}}};
-#endif
-
-
-#endif
-
-#if CHOICE==BN254_CX
-
-/* CertiVox BN Curve */
-
-const int CURVE_A=0;
-#if CHUNK==16
-
-const chunk MConst=0x1E85;
-const BIG Modulus= {0x15B3,0xDA,0x1BD7,0xC47,0x1BE6,0x1F70,0x24,0x1DC3,0x1FD6,0x1921,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48};
-const BIG CURVE_Order= {0x1F6D,0x1758,0x98D,0x381,0xBE1,0x367,0x1324,0x1DC1,0x1FD6,0x1621,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48};
-const BIG CURVE_Cof= {0x1};
-const BIG CURVE_B= {0x2};
-const BIG CURVE_Bnx= {0x12B1,0x1E00,0x0,0x0,0x400};
-const BIG CURVE_Cru= {0x1C97,0x11A,0x5E5,0x126,0x31E,0x3AB,0x7BE,0xC8E,0x1DDF,0x205,0xFC5,0x1950,0x0,0x0,0x120};
-const BIG CURVE_Fra= {0xEA3,0xE40,0xCD5,0x1210,0x15BD,0x1C10,0x5CF,0x4DE,0x773,0x343,0x626,0x194E,0x18AA,0x10C5,0x12BF,0x2C,0x63A,0x17D,0x1642,0x26};
-const BIG CURVE_Frb= {0x710,0x129A,0xF01,0x1A37,0x628,0x360,0x1A55,0x18E4,0x1863,0x15DE,0x138E,0x1B78,0x1D9C,0xE29,0x403,0x515,0x236,0x1E83,0x9BD,0x21};
-const BIG CURVE_Pxa= {0xC74,0x697,0x1BB9,0xA39,0xC08,0x1393,0xF8,0x17F4,0x1C85,0x1C83,0x12EE,0xB86,0x100F,0x592,0x18D6,0x164A,0x1053,0x963,0x1A0B,0x32};
-const BIG CURVE_Pxb= {0xFE1,0x114E,0x2CB,0xB1D,0x147A,0x187,0x827,0x1618,0x1B97,0x1FC0,0x5D0,0x11D3,0x137A,0x8E4,0xA80,0x1EC9,0x1E19,0xF61,0x19AE,0x28};
-const BIG CURVE_Pya= {0x9F,0x185F,0x1AF3,0x17F9,0x10CF,0xD9,0x11FB,0x7B0,0x1B3,0xB1B,0x1882,0x1B5D,0x157,0xF11,0x1760,0x571,0x1233,0xECB,0x1E7B,0x14};
-const BIG CURVE_Pyb= {0xE9D,0x4C7,0x8A2,0x96,0x1ED9,0x16F5,0x74B,0x14AD,0x64E,0xE14,0xD18,0x1B1A,0x512,0x372,0xD7,0x1812,0xCC4,0x1CF,0x583,0xC};
-const BIG CURVE_Gx= {0x15B2,0xDA,0x1BD7,0xC47,0x1BE6,0x1F70,0x24,0x1DC3,0x1FD6,0x1921,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48};
-const BIG CURVE_Gy= {0x1};
-const BIG CURVE_W[2]= {{0xB83,0x117F,0x1245,0x8C6,0x5,0x1C09,0xD00,0x1,0x0,0x300},{0x561,0x1C01,0x1,0x0,0x800}};
-const BIG CURVE_SB[2][2]= {{{0x10E4,0xD80,0x1247,0x8C6,0x805,0x1C09,0xD00,0x1,0x0,0x300},{0x561,0x1C01,0x1,0x0,0x800}},{{0x561,0x1C01,0x1,0x0,0x800},{0x13EA,0x5D9,0x1748,0x1ABA,0xBDB,0x75E,0x623,0x1DC0,0x1FD6,0x1321,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48}}};
-const BIG CURVE_WB[4]= {{0x4B0,0x13D4,0x615,0x1842,0x401,0x958,0xF00,0x0,0x0,0x100},{0x475,0x1110,0x56F,0x1BF3,0x36C,0x1FCD,0x329,0x1DB5,0x1E94,0xE03,0xA83,0x10E0,0x0,0x0,0xC0},{0xB93,0x788,0x12B8,0xDF9,0x13B6,0x1FE6,0x1194,0xEDA,0x1F4A,0x1701,0x541,0x870,0x0,0x0,0x60},{0xA11,0xFD5,0x617,0x1842,0xC01,0x958,0xF00,0x0,0x0,0x100}};
-const BIG CURVE_BB[4][4]= {{{0xCBD,0x1958,0x98C,0x381,0x7E1,0x367,0x1324,0x1DC1,0x1FD6,0x1621,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48},{0xCBC,0x1958,0x98C,0x381,0x7E1,0x367,0x1324,0x1DC1,0x1FD6,0x1621,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48},{0xCBC,0x1958,0x98C,0x381,0x7E1,0x367,0x1324,0x1DC1,0x1FD6,0x1621,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48},{0x562,0x1C01,0x1,0x0,0x800}},{{0x561,0x1C01,0x1,0x0,0x800},{0xCBC,0x1958,0x98C,0x381,0x7E1,0x367,0x1324,0x1DC1,0x1FD6,0x1621,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48},{0xCBD,0x1958,0x98C,0x381,0x7E1,0x367,0x1324,0x1DC1,0x1FD6,0x1621,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48},{0xCBC,0x1958,0x98C,0x381,0x7E1,0x367,0x1324,0x1DC1,0x1FD6,0x1621,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48}},{{0x562,0x1C01,0x1,0x0,0x800},{0x561,0x1C01,0x1,0x0,0x800},{0x561,0x1C01,0x1,0x0,0x800},{0x561,0x1C01,0x1,0x0,0x800}},{{0x12B2,0x1E00,0x0,0x0,0x40
0},{0xAC2,0x1802,0x3,0x0,0x1000},{0x1A0A,0x1B57,0x98B,0x381,0x3E1,0x367,0x1324,0x1DC1,0x1FD6,0x1621,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48},{0x12B2,0x1E00,0x0,0x0,0x400}}};
-#endif
-
-#if CHUNK==32
-
-const chunk MConst=0x19789E85;
-const BIG Modulus= {0x1C1B55B3,0x13311F7A,0x24FB86F,0x1FADDC30,0x166D3243,0xFB23D31,0x836C2F7,0x10E05,0x240000};
-const BIG CURVE_Order= {0x16EB1F6D,0x108E0531,0x1241B3AF,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000};
-const BIG CURVE_Cof= {0x1};
-const BIG CURVE_B= {0x2};
-const BIG CURVE_Bnx= {0x3C012B1,0x0,0x10};
-const BIG CURVE_Cru= {0x14235C97,0xF0498BC,0x1BE1D58C,0x1BBEC8E3,0x3F1440B,0x654,0x12000};
-const BIG CURVE_Fra= {0x15C80EA3,0x1EC8419A,0x1CFE0856,0xEE64DE2,0x11898686,0x5C55653,0x592BF86,0x5F4C740,0x135908};
-const BIG CURVE_Frb= {0x6534710,0x1468DDE0,0x551B018,0x10C78E4D,0x4E3ABBD,0x9ECE6DE,0x2A40371,0x1A0C46C5,0x10A6F7};
-const BIG CURVE_Pxa= {0x4D2EC74,0x428E777,0xF89C9B0,0x190B7F40,0x14BBB907,0x12807AE1,0x958D62C,0x58E0A76,0x19682D};
-const BIG CURVE_Pxb= {0xE29CFE1,0x1D2C7459,0x270C3D1,0x172F6184,0x19743F81,0x49BD474,0x192A8047,0x1D87C33E,0x1466B9};
-const BIG CURVE_Pya= {0xF0BE09F,0x7DFE75E,0x1FB06CC3,0x3667B08,0xE209636,0x110ABED7,0xE376078,0x1B2E4665,0xA79ED};
-const BIG CURVE_Pyb= {0x898EE9D,0xC825914,0x14BB7AFB,0xC9D4AD3,0x13461C28,0x122896C6,0x240D71B,0x73D9898,0x6160C};
-const BIG CURVE_Gx= {0x1C1B55B2,0x13311F7A,0x24FB86F,0x1FADDC30,0x166D3243,0xFB23D31,0x836C2F7,0x10E05,0x240000};
-const BIG CURVE_Gy= {0x1};
-const BIG CURVE_W[2]= {{0x162FEB83,0x2A31A48,0x100E0480,0x16,0x600},{0x7802561,0x0,0x20}};
-const BIG CURVE_SB[2][2]= {{{0x1DB010E4,0x2A31A48,0x100E04A0,0x16,0x600},{0x7802561,0x0,0x20}},{{0x7802561,0x0,0x20},{0xBB33EA,0xDEAEAE9,0x233AF2F,0x1FADDC03,0x166D2643,0xFB23D31,0x836C2F7,0x10E05,0x240000}}};
-const BIG CURVE_WB[4]= {{0x167A84B0,0xE108C2,0x1004AC10,0x7,0x200},{0x1E220475,0x166FCCAD,0x129FE68D,0x1D29DB51,0x2A0DC07,0x438,0xC000},{0xF10B93,0x1B37E657,0x194FF34E,0x1E94EDA8,0x1506E03,0x21C,0x6000},{0x1DFAAA11,0xE108C2,0x1004AC30,0x7,0x200}};
-const BIG CURVE_BB[4][4]= {{{0x132B0CBD,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000},{0x132B0CBC,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000},{0x132B0CBC,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000},{0x7802562,0x0,0x20}},{{0x7802561,0x0,0x20},{0x132B0CBC,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000},{0x132B0CBD,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000},{0x132B0CBC,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000}},{{0x7802562,0x0,0x20},{0x7802561,0x0,0x20},{0x7802561,0x0,0x20},{0x7802561,0x0,0x20}},{{0x3C012B2,0x0,0x10},{0xF004AC2,0x0,0x40},{0xF6AFA0A,0x108E0531,0x1241B38F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000},{0x3C012B2,0x0,0x10}}};
-#endif
-
-#if CHUNK==64
-
-const chunk MConst=0x4E205BF9789E85;
-const BIG Modulus= {0x6623EF5C1B55B3,0xD6EE18093EE1BE,0x647A6366D3243F,0x8702A0DB0BDDF,0x24000000};
-const BIG CURVE_Order= {0x11C0A636EB1F6D,0xD6EE0CC906CEBE,0x647A6366D2C43F,0x8702A0DB0BDDF,0x24000000};
-const BIG CURVE_Cof= {0x1};
-const BIG CURVE_B= {0x2};
-const BIG CURVE_Bnx= {0x3C012B1,0x40};
-const BIG CURVE_Cru= {0xE0931794235C97,0xDF6471EF875631,0xCA83F1440BD,0x480000};
-const BIG CURVE_Fra= {0xD9083355C80EA3,0x7326F173F8215B,0x8AACA718986867,0xA63A0164AFE18B,0x1359082F};
-const BIG CURVE_Frb= {0x8D1BBC06534710,0x63C7269546C062,0xD9CDBC4E3ABBD8,0x623628A900DC53,0x10A6F7D0};
-const BIG CURVE_Pxa= {0x851CEEE4D2EC74,0x85BFA03E2726C0,0xF5C34BBB907C,0x7053B256358B25,0x19682D2C};
-const BIG CURVE_Pxb= {0xA58E8B2E29CFE1,0x97B0C209C30F47,0x37A8E99743F81B,0x3E19F64AA011C9,0x1466B9EC};
-const BIG CURVE_Pya= {0xFBFCEBCF0BE09F,0xB33D847EC1B30C,0x157DAEE2096361,0x72332B8DD81E22,0xA79EDD9};
-const BIG CURVE_Pyb= {0x904B228898EE9D,0x4EA569D2EDEBED,0x512D8D3461C286,0xECC4C09035C6E4,0x6160C39};
-const BIG CURVE_Gx= {0x6623EF5C1B55B2,0xD6EE18093EE1BE,0x647A6366D3243F,0x8702A0DB0BDDF,0x24000000};
-const BIG CURVE_Gy= {0x1};
-const BIG CURVE_W[2]= {{0x546349162FEB83,0xB40381200,0x6000},{0x7802561,0x80}};
-const BIG CURVE_SB[2][2]= {{{0x5463491DB010E4,0xB40381280,0x6000},{0x7802561,0x80}},{{0x7802561,0x80},{0xBD5D5D20BB33EA,0xD6EE0188CEBCBD,0x647A6366D2643F,0x8702A0DB0BDDF,0x24000000}}};
-const BIG CURVE_WB[4]= {{0x1C2118567A84B0,0x3C012B040,0x2000},{0xCDF995BE220475,0x94EDA8CA7F9A36,0x8702A0DC07E,0x300000},{0x66FCCAE0F10B93,0x4A76D4653FCD3B,0x4381506E03F,0x180000},{0x1C21185DFAAA11,0x3C012B0C0,0x2000}};
-const BIG CURVE_BB[4][4]= {{{0x11C0A6332B0CBD,0xD6EE0CC906CE7E,0x647A6366D2C43F,0x8702A0DB0BDDF,0x24000000},{0x11C0A6332B0CBC,0xD6EE0CC906CE7E,0x647A6366D2C43F,0x8702A0DB0BDDF,0x24000000},{0x11C0A6332B0CBC,0xD6EE0CC906CE7E,0x647A6366D2C43F,0x8702A0DB0BDDF,0x24000000},{0x7802562,0x80}},{{0x7802561,0x80},{0x11C0A6332B0CBC,0xD6EE0CC906CE7E,0x647A6366D2C43F,0x8702A0DB0BDDF,0x24000000},{0x11C0A6332B0CBD,0xD6EE0CC906CE7E,0x647A6366D2C43F,0x8702A0DB0BDDF,0x24000000},{0x11C0A6332B0CBC,0xD6EE0CC906CE7E,0x647A6366D2C43F,0x8702A0DB0BDDF,0x24000000}},{{0x7802562,0x80},{0x7802561,0x80},{0x7802561,0x80},{0x7802561,0x80}},{{0x3C012B2,0x40},{0xF004AC2,0x100},{0x11C0A62F6AFA0A,0xD6EE0CC906CE3E,0x647A6366D2C43F,0x8702A0DB0BDDF,0x24000000},{0x3C012B2,0x40}}};
-#endif
-
-#endif
-
-#if CHOICE==NIST256
-
-/* Standard NIST-256 Curve */
-
-const int CURVE_A= -3;
-const chunk MConst=1;
-
-#if CHUNK==16
-
-const BIG Modulus= {0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1F,0x0,0x0,0x0,0x0,0x0,0x0,0x400,0x0,0x0,0x1FF8,0x1FFF,0x1FF};
-const BIG CURVE_B= {0x4B,0x1E93,0xF89,0x1C78,0x3BC,0x187B,0x114E,0x1619,0x1D06,0x328,0x1AF,0xD31,0x1557,0x15DE,0x1ECF,0x127C,0xA3A,0xEC5,0x118D,0xB5};
-const BIG CURVE_Order= {0x551,0x319,0x10BF,0x1395,0xF3B,0xF42,0x1C5E,0x15B4,0x6FA,0x1DE7,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x3FF,0x0,0x0,0x1FF8,0x1FFF,0x1FF};
-const BIG CURVE_Gx= {0x296,0x4C6,0x1176,0x272,0xF4A,0x19D0,0x17AC,0x1025,0x37D,0x13B8,0x103C,0x748,0xE56,0x1E73,0x1FE2,0x848,0x12C,0xF97,0x5F4,0xD6};
-const BIG CURVE_Gy= {0x11F5,0x1DFA,0x1A0D,0xC80,0xCBB,0xF67,0xCC5,0xAED,0xE33,0x115E,0x785,0x181F,0x14A7,0x13F5,0xE3B,0xFF3,0x1E1A,0x1717,0x18D0,0x9F};
-
-#endif
-
-#if CHUNK==32
-
-const BIG Modulus= {0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FF,0x0,0x0,0x40000,0x1FE00000,0xFFFFFF};
-const BIG CURVE_B= {0x7D2604B,0x1E71E1F1,0x14EC3D8E,0x1A0D6198,0x86BC651,0x1EAABB4C,0xF9ECFAE,0x1B154752,0x5AC635};
-const BIG CURVE_Order= {0x1C632551,0x1DCE5617,0x5E7A13C,0xDF55B4E,0x1FFFFBCE,0x1FFFFFFF,0x3FFFF,0x1FE00000,0xFFFFFF};
-const BIG CURVE_Gx= {0x1898C296,0x509CA2E,0x1ACCE83D,0x6FB025B,0x40F2770,0x1372B1D2,0x91FE2F3,0x1E5C2588,0x6B17D1};
-const BIG CURVE_Gy= {0x17BF51F5,0x1DB20341,0xC57B3B2,0x1C66AED6,0x19E162BC,0x15A53E07,0x1E6E3B9F,0x1C5FC34F,0x4FE342};
-
-#endif
-
-#if CHUNK==64
-
-const BIG Modulus= {0xFFFFFFFFFFFFFF,0xFFFFFFFFFF,0x0,0x1000000,0xFFFFFFFF};
-const BIG CURVE_B= {0xCE3C3E27D2604B,0x6B0CC53B0F63B,0x55769886BC651D,0xAA3A93E7B3EBBD,0x5AC635D8};
-const BIG CURVE_Order= {0xB9CAC2FC632551,0xFAADA7179E84F3,0xFFFFFFFFFFBCE6,0xFFFFFF,0xFFFFFFFF};
-const BIG CURVE_Gx= {0xA13945D898C296,0x7D812DEB33A0F4,0xE563A440F27703,0xE12C4247F8BCE6,0x6B17D1F2};
-const BIG CURVE_Gy= {0xB6406837BF51F5,0x33576B315ECECB,0x4A7C0F9E162BCE,0xFE1A7F9B8EE7EB,0x4FE342E2};
-
-#endif
-
-#endif
-
-#if CHOICE==MF254
-
-/* Montgomery-Friendly NUMS curves http://eprint.iacr.org/2014/130 */
-
-/* p=k.2^n-1 where n is multiple of BASEBITS - but k can be adjusted. */
-/* Here p=2^240(2^14-127)-1 = 2^232(2^22-256.127)-1 where 8*29=232 and (2^22-256.127)=0x3F8100 */
-/* or = 2^224(2^30-65536.127)-1 where 4*56=224 and (2^30-65536.127) = 0x3F810000 */
-
-#if CHUNK==32
-
-const BIG Modulus= {0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3F80FF};
-const chunk MConst=0x3F8100;
-
-#if CURVETYPE==WEIERSTRASS
-const int CURVE_A= -3;
-const BIG CURVE_Order= {0xF8DF83F,0x1D20CE25,0x8DD701B,0x317D41B,0x1FFFFEB8,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3F80FF};
-const BIG CURVE_B= {0x1FFFD08D,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3F80FF};
-const BIG CURVE_Gx= {0x2};
-const BIG CURVE_Gy= {0x190D4EBC,0xB2EF9BF,0x14464C6B,0xE71C7F0,0x18AEBDFB,0xD3ADEBB,0x18052B85,0x1A6765CA,0x140E3F};
-#endif
-
-#if CURVETYPE==EDWARDS
-const int CURVE_A= -1;
-const BIG CURVE_Order= {0x46E98C7,0x179E9FF6,0x158BEC3A,0xA60D917,0x1FFFFEB9,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFE03F};
-const BIG CURVE_B= {0x367B};
-const BIG CURVE_Gx= {0x1};
-const BIG CURVE_Gy= {0xF2701E5,0x29687ED,0xC84861F,0x535081C,0x3F4E363,0x6A811B,0xCD65474,0x121AD498,0x19F0E6};
-#endif
-
-#if CURVETYPE==MONTGOMERY
-
-const int CURVE_A=-55790;
-const BIG CURVE_Order= {0x46E98C7,0x179E9FF6,0x158BEC3A,0xA60D917,0x1FFFFEB9,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFE03F};
-const BIG CURVE_Gx= {0x3};
-
-#endif
-
-#endif
-
-#if CHUNK==64
-
-const BIG Modulus= {0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0x3F80FFFF};
-const chunk MConst=0x3F810000;
-
-
-#if CURVETYPE==WEIERSTRASS
-const int CURVE_A= -3;
-const BIG CURVE_Order= {0xA419C4AF8DF83F,0x8BEA0DA375C06F,0xFFFFFFFFFFEB81,0xFFFFFFFFFFFFFF,0x3F80FFFF};
-const BIG CURVE_B= {0xFFFFFFFFFFD08D,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0x3F80FFFF};
-const BIG CURVE_Gx= {0x2};
-const BIG CURVE_Gy= {0x65DF37F90D4EBC,0x38E3F8511931AD,0x75BD778AEBDFB7,0x3B2E56014AE15A,0x140E3FD3};
-#endif
-
-#if CURVETYPE==EDWARDS
-const int CURVE_A= -1;
-const BIG CURVE_Order= {0xF3D3FEC46E98C7,0x306C8BD62FB0EA,0xFFFFFFFFFFEB95,0xFFFFFFFFFFFFFF,0xFE03FFF};
-const BIG CURVE_B= {0x367B};
-const BIG CURVE_Gx= {0x1};
-const BIG CURVE_Gy= {0x52D0FDAF2701E5,0x9A840E3212187C,0xD502363F4E3632,0xD6A4C335951D00,0x19F0E690};
-#endif
-
-#if CURVETYPE==MONTGOMERY
-const int CURVE_A=-55790;
-const BIG CURVE_Order= {0xF3D3FEC46E98C7,0x306C8BD62FB0EA,0xFFFFFFFFFFEB95,0xFFFFFFFFFFFFFF,0xFE03FFF};
-const BIG CURVE_Gx= {0x3};
-#endif
-
-#endif
-
-#endif
-
-
-
-
-#if CHOICE==MF256
-
-/* Montgomery-Friendly NUMS curves http://eprint.iacr.org/2014/130 */
-
-#if CHUNK==32
-
-const BIG Modulus= {0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFFA7FF};
-const chunk MConst=0xFFA800;
-
-#if CURVETYPE==WEIERSTRASS
-const int CURVE_A= -3;
-const BIG CURVE_Order= {0x79857EB,0x8862F0D,0x1941D2E7,0x2EA27CD,0x1FFFFFC5,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFFA7FF};
-const BIG CURVE_B= {0x14E6A};
-const BIG CURVE_Gx= {0x1};
-const BIG CURVE_Gy= {0xB724D2A,0x3CAA61,0x5371984,0x128FD71B,0x1AE28956,0x1D13091E,0x339EEAE,0x10F7C301,0x20887C};
-#endif
-
-#if CURVETYPE==EDWARDS
-const int CURVE_A= -1;
-const BIG CURVE_Order= {0x18EC7BAB,0x16C976F6,0x19CCF259,0x9775F70,0x1FFFFB15,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3FE9FF};
-const BIG CURVE_B= {0x350A};
-const BIG CURVE_Gx= {0x1};
-const BIG CURVE_Gy= {0x12F3C908,0xF553917,0x1FA9A35F,0xBCC91B,0x1AACA0C,0x1779ED96,0x156BABAF,0x1F1F1989,0xDAD8D4};
-#endif
-
-#if CURVETYPE==MONTGOMERY
-
-const int CURVE_A=-54314;
-const BIG CURVE_Order= {0x18EC7BAB,0x16C976F6,0x19CCF259,0x9775F70,0x1FFFFB15,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3FE9FF};
-const BIG CURVE_Gx= {0x8};
-
-#endif
-
-#endif
-
-#if CHUNK==64
-
-const BIG Modulus= {0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFA7FFFF};
-const chunk MConst=0xFFA80000;
-
-
-#if CURVETYPE==WEIERSTRASS
-const int CURVE_A= -3;
-const BIG CURVE_Order= {0x10C5E1A79857EB,0x7513E6E5074B9D,0xFFFFFFFFFFFC51,0xFFFFFFFFFFFFFF,0xFFA7FFFF};
-const BIG CURVE_B= {0x14E6A};
-const BIG CURVE_Gx= {0x1};
-const BIG CURVE_Gy= {0x7954C2B724D2A,0x47EB8D94DC6610,0x26123DAE289569,0xBE1808CE7BABBA,0x20887C87};
-#endif
-
-#if CURVETYPE==EDWARDS
-const int CURVE_A= -1;
-const BIG CURVE_Order= {0xD92EDED8EC7BAB,0xBBAFB86733C966,0xFFFFFFFFFFB154,0xFFFFFFFFFFFFFF,0x3FE9FFFF};
-const BIG CURVE_B= {0x350A};
-const BIG CURVE_Gx= {0x1};
-const BIG CURVE_Gy= {0xEAA722F2F3C908,0x5E648DFEA68D7D,0xF3DB2C1AACA0C0,0xF8CC4D5AEAEBEE,0xDAD8D4F8};
-#endif
-
-#if CURVETYPE==MONTGOMERY
-const int CURVE_A=-54314;
-const BIG CURVE_Order= {0xD92EDED8EC7BAB,0xBBAFB86733C966,0xFFFFFFFFFFB154,0xFFFFFFFFFFFFFF,0x3FE9FFFF};
-const BIG CURVE_Gx= {0x8};
-#endif
-
-#endif
-
-#endif
-
-
-
-
-#if CHOICE==MS255
-/* Pseudo-Mersenne NUMS curves http://eprint.iacr.org/2014/130 */
-
-#if CHUNK==16
-const BIG Modulus= {0x1D03,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0xFF};
-const chunk MConst=0x2FD;
-
-#if CURVETYPE==WEIERSTRASS
-const int CURVE_A=-3;
-const BIG CURVE_Order= {0xAEB,0x2CA,0x60F,0x1F59,0x1AB8,0x19EF,0xB4A,0x507,0xA38,0x1C32,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0xFF};
-const BIG CURVE_B= {0xB46,0x1FFD,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0xFF};
-const BIG CURVE_Gx= {0x1};
-const BIG CURVE_Gy= {0x4BA,0xE5A,0x19DA,0x7FE,0x1173,0x1306,0x17F6,0x119B,0x16C7,0x1BED,0x1F45,0x5FE,0x1F9B,0xF5F,0xE48,0xF06,0xDBA,0x1607,0x1E9A,0xDE};
-#endif
-
-#if CURVETYPE==EDWARDS
-const int CURVE_A=-1;
-const BIG CURVE_Order= {0xB75,0x1B7,0x1B41,0x13A3,0xAC4,0x197,0x169A,0x10BD,0x11A7,0x1EE7,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x3F};
-const BIG CURVE_B= {0xA97,0x7};
-const BIG CURVE_Gx= {0x4};
-const BIG CURVE_Gy= {0x16A0,0x439,0x16F4,0x144A,0x1BA2,0xD22,0x1511,0x115D,0x114B,0xA94,0x11F9,0x1C18,0xDD8,0x12A6,0x17B0,0x16A8,0xA7B,0x29A,0x12DE,0x4D};
-#endif
-
-#endif
-
-#if CHUNK==32
-const BIG Modulus= {0x1FFFFD03,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFFF};
-const chunk MConst=0x2FD;
-
-#if CURVETYPE==WEIERSTRASS
-const int CURVE_A=-3;
-const BIG CURVE_Order= {0x1C594AEB,0x1C7D64C1,0x14ACF7EA,0x14705075,0x1FFFF864,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFFF};
-const BIG CURVE_B= {0x1FFFAB46,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFFF};
-const BIG CURVE_Gx= {0x1};
-const BIG CURVE_Gy= {0x9CB44BA,0x199FFB3B,0x1F698345,0xD8F19BB,0x17D177DB,0x1FFCD97F,0xCE487A,0x181DB74F,0x6F7A6A};
-#endif
-
-#if CURVETYPE==EDWARDS
-const int CURVE_A=-1;
-const BIG CURVE_Order= {0x436EB75,0x24E8F68,0x9A0CBAB,0x34F0BDB,0x1FFFFDCF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFF};
-const BIG CURVE_B= {0xEA97};
-const BIG CURVE_Gx= {0x4};
-const BIG CURVE_Gy= {0x108736A0,0x11512ADE,0x1116916E,0x29715DA,0x47E5529,0x66EC706,0x1517B095,0xA694F76,0x26CB78};
-#endif
-
-#if CURVETYPE==MONTGOMERY
-const int CURVE_A=-240222;
-const BIG CURVE_Order= {0x436EB75,0x24E8F68,0x9A0CBAB,0x34F0BDB,0x1FFFFDCF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFF};
-const BIG CURVE_Gx= {0x4};
-#endif
-
-
-#endif
-
-#if CHUNK==64
-const BIG Modulus= {0xFFFFFFFFFFFD03,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0x7FFFFFFF};
-const chunk MConst=0x2FD;
-
-#if CURVETYPE==WEIERSTRASS
-const int CURVE_A=-3;
-const BIG CURVE_Order= {0x8FAC983C594AEB,0x38283AD2B3DFAB,0xFFFFFFFFFF864A,0xFFFFFFFFFFFFFF,0x7FFFFFFF};
-const BIG CURVE_B= {0xFFFFFFFFFFAB46,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0x7FFFFFFF};
-const BIG CURVE_Gx= {0x1};
-const BIG CURVE_Gy= {0x33FF6769CB44BA,0xC78CDDFDA60D17,0xF9B2FF7D177DB6,0xEDBA7833921EBF,0x6F7A6AC0};
-#endif
-
-#if CURVETYPE==EDWARDS
-const int CURVE_A=-1;
-const BIG CURVE_Order= {0x49D1ED0436EB75,0xA785EDA6832EAC,0xFFFFFFFFFFDCF1,0xFFFFFFFFFFFFFF,0x1FFFFFFF};
-const BIG CURVE_B= {0xEA97};
-const BIG CURVE_Gx= {0x4};
-const BIG CURVE_Gy= {0x2A255BD08736A0,0x4B8AED445A45BA,0xDD8E0C47E55291,0x4A7BB545EC254C,0x26CB7853};
-#endif
-
-#if CURVETYPE==MONTGOMERY
-const int CURVE_A=-240222;
-const BIG CURVE_Order= {0x49D1ED0436EB75,0xA785EDA6832EAC,0xFFFFFFFFFFDCF1,0xFFFFFFFFFFFFFF,0x1FFFFFFF};
-const BIG CURVE_Gx= {0x4};
-#endif
-
-#endif
-
-#endif
-
-
-
-#if CHOICE==MS256
-/* Pseudo-Mersenne NUMS curves http://eprint.iacr.org/2014/130 */
-
-#if CHUNK==16
-const BIG Modulus= {0x1F43,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FF};
-const chunk MConst=0xBD;
-
-#if CURVETYPE==WEIERSTRASS
-const int CURVE_A=-3;
-const BIG CURVE_Order= {0x825,0x1A8D,0xA51,0x1640,0x20A,0xE30,0x899,0xEBD,0x1C82,0x1F21,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FF};
-const BIG CURVE_B= {0x1581,0x12};
-const BIG CURVE_Gx= {0x1};
-const BIG CURVE_Gy= {0xC77,0x15AB,0x1B0,0x8C6,0x10BF,0x760,0x1625,0x126E,0xC2F,0x1E81,0x175A,0x1DDD,0x16CC,0x164,0x1FF2,0xCDA,0x1E4,0x29E,0x1BC6,0xD2};
-#endif
-
-#if CURVETYPE==EDWARDS
-const int CURVE_A=-1;
-const BIG CURVE_Order= {0x14AD,0x915,0x1BC4,0x109C,0xE5B,0x1E32,0x29A,0xB5A,0xAA5,0x1DF3,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x7F};
-const BIG CURVE_B= {0x1BEE,0x1};
-const BIG CURVE_Gx= {0xd};
-const BIG CURVE_Gy= {0xDBA,0x18E5,0xD4C,0x1EDF,0x1707,0x181F,0x934,0xC70,0xA6D,0x1DF1,0x11AF,0x1F40,0xB39,0x998,0xE8F,0xEDB,0xA12,0xF1,0x2AD,0xFA};
-#endif
-
-#endif
-
-#if CHUNK==32
-const BIG Modulus= {0x1FFFFF43,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFFFFFF};
-const chunk MConst=0xBD;
-
-#if CURVETYPE==WEIERSTRASS
-const int CURVE_A=-3;
-const BIG CURVE_Order= {0x751A825,0x559014A,0x9971808,0x1904EBD4,0x1FFFFE43,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFFFFFF};
-const BIG CURVE_B= {0x25581};
-const BIG CURVE_Gx= {0x1};
-const BIG CURVE_Gy= {0x2B56C77,0x1FA31836,0x253B042,0x185F26EB,0xDD6BD02,0x4B66777,0x1B5FF20B,0xA783C8C,0x696F18};
-#endif
-
-#if CURVETYPE==EDWARDS
-const int CURVE_A=-1;
-const BIG CURVE_Order= {0x1122B4AD,0xDC27378,0x9AF1939,0x154AB5A1,0x1FFFFBE6,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3FFFFF};
-const BIG CURVE_B= {0x3BEE};
-const BIG CURVE_Gx= {0xd};
-const BIG CURVE_Gy= {0x131CADBA,0x3FB7DA9,0x134C0FDC,0x14DAC704,0x46BFBE2,0x1859CFD0,0x1B6E8F4C,0x3C5424E,0x7D0AB4};
-#endif
-
-#if CURVETYPE==MONTGOMERY
-const int CURVE_A=-61370;
-const BIG CURVE_Order= {0x1122B4AD,0xDC27378,0x9AF1939,0x154AB5A1,0x1FFFFBE6,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3FFFFF};
-const BIG CURVE_Gx= {0xb};
-#endif
-
-
-#endif
-
-#if CHUNK==64
-const BIG Modulus= {0xFFFFFFFFFFFF43,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFF};
-const chunk MConst=0xBD;
-
-#if CURVETYPE==WEIERSTRASS
-const int CURVE_A=-3;
-const BIG CURVE_Order= {0xAB20294751A825,0x8275EA265C6020,0xFFFFFFFFFFE43C,0xFFFFFFFFFFFFFF,0xFFFFFFFF};
-const BIG CURVE_B= {0x25581};
-const BIG CURVE_Gx= {0x1};
-const BIG CURVE_Gy= {0xF46306C2B56C77,0x2F9375894EC10B,0x6CCEEEDD6BD02C,0xC1E466D7FC82C9,0x696F1853};
-#endif
-
-#if CURVETYPE==EDWARDS
-const int CURVE_A=-1;
-const BIG CURVE_Order= {0xB84E6F1122B4AD,0xA55AD0A6BC64E5,0xFFFFFFFFFFBE6A,0xFFFFFFFFFFFFFF,0x3FFFFFFF};
-const BIG CURVE_B= {0x3BEE};
-const BIG CURVE_Gx= {0xd};
-const BIG CURVE_Gy= {0x7F6FB5331CADBA,0x6D63824D303F70,0xB39FA046BFBE2A,0x2A1276DBA3D330,0x7D0AB41E};
-#endif
-
-#if CURVETYPE==MONTGOMERY
-const int CURVE_A=-61370;
-const BIG CURVE_Order= {0xB84E6F1122B4AD,0xA55AD0A6BC64E5,0xFFFFFFFFFFBE6A,0xFFFFFFFFFFFFFF,0x3FFFFFFF};
-const BIG CURVE_Gx= {0xb};
-#endif
-
-#endif
-
-#endif
-
-
-
-
-#if CHOICE==C25519
-
-/* Modulus p = 2^MODBITS-MConst*/
-/* Three Curves for the price of one..*/
-
-#if CHUNK==16
-
-const chunk MConst=19;
-const BIG Modulus= {0x1FED,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0xFF};
-
-#if CURVETYPE==WEIERSTRASS
-/* Curve I generated myself */
-const int CURVE_A=-3;
-const BIG CURVE_B= {0x28};
-const BIG CURVE_Order= {0xCA1,0x1945,0x1865,0x19C8,0x16D1,0x11B9,0xD0E,0x1C96,0x1E0F,0x2EA,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x100};
-const BIG CURVE_Gx= {0x61F,0x6C1,0x1DD,0xEA7,0x4C4,0x124C,0x1BE3,0x1560,0x74E,0x7CD,0x6F4,0x14B,0x13DE,0x133A,0xFB4,0x106,0x15F,0x909,0x18FD,0xCF};
-const BIG CURVE_Gy= {0xF38,0xEF7,0x11F8,0xC65,0x1574,0x10E3,0x4,0x12E7,0xB2B,0xA6,0x17A8,0x1C8B,0x1CD4,0xFA,0x1D79,0xBB2,0x1E68,0x1640,0x1A15,0x6};
-
-#endif
-
-#if CURVETYPE==EDWARDS
-/* Ed25519 Curve */
-const int CURVE_A=-1;
-const BIG CURVE_B= {0x18A3,0x1ACB,0x1284,0x169B,0x175E,0xC55,0x507,0x9A8,0x100A,0x3,0x1A26,0xEF3,0x797,0x3A0,0xE33,0x1FCE,0xB6F,0x771,0xDB,0xA4};
-const BIG CURVE_Order= {0x13ED,0x7AE,0x697,0x4C6,0x581,0xE6B,0xBDE,0x1BD4,0x1EF9,0xA6,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x20};
-const BIG CURVE_Gx= {0x151A,0x192E,0x1823,0xC5A,0xC95,0x13D9,0x1496,0xC12,0xCC7,0x349,0x1717,0x1BAD,0x31F,0x1271,0x1B02,0xA7F,0xD6E,0x169E,0x1A4D,0x42};
-const BIG CURVE_Gy= {0x658,0x1333,0x1999,0xCCC,0x666,0x1333,0x1999,0xCCC,0x666,0x1333,0x1999,0xCCC,0x666,0x1333,0x1999,0xCCC,0x666,0x1333,0x1999,0xCC};
-
-#endif
-
-/*
-#if CURVETYPE==MONTGOMERY
-const int CURVE_A=486662; // Not Working as A too big for 16-bit int
-const BIG CURVE_Order={0x13ED,0x7AE,0x697,0x4C6,0x581,0xE6B,0xBDE,0x1BD4,0x1EF9,0xA6,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x20};
-const BIG CURVE_Gx={0x9};
-#endif
-*/
-
-#endif
-
-
-#if CHUNK==32
-
-const chunk MConst=19;
-const BIG Modulus= {0x1FFFFFED,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFFF};
-
-#if CURVETYPE==WEIERSTRASS
-const int CURVE_A=-3;
-const BIG CURVE_B= {0x28};
-const BIG CURVE_Order= {0x1728ACA1,0x8E7230C,0x10E8DCDB,0x1C1FC966,0x5D5,0x0,0x0,0x0,0x800000};
-const BIG CURVE_Gx= {0x14D8261F,0x23A9C3B,0x1E392613,0xE9D560D,0x19BD0F9A,0x1A9EF052,0xCFB499,0x4242BE1,0x67E3F5};
-const BIG CURVE_Gy= {0x1DEEF38,0x1A31963F,0x4871D5,0x16572E70,0x1DEA014C,0x1AE6A722,0x165D7907,0x1903CD0B,0x36856};
-
-#endif
-
-#if CURVETYPE==EDWARDS
-const int CURVE_A=-1;
-const BIG CURVE_B= {0x135978A3,0xF5A6E50,0x10762ADD,0x149A82,0x1E898007,0x3CBBBC,0x19CE331D,0x1DC56DFF,0x52036C};
-const BIG CURVE_Order= {0x1CF5D3ED,0x9318D2,0x1DE73596,0x1DF3BD45,0x14D,0x0,0x0,0x0,0x100000};
-const BIG CURVE_Gx= {0xF25D51A,0xAB16B04,0x969ECB2,0x198EC12A,0xDC5C692,0x1118FEEB,0xFFB0293,0x1A79ADCA,0x216936};
-const BIG CURVE_Gy= {0x6666658,0x13333333,0x19999999,0xCCCCCCC,0x6666666,0x13333333,0x19999999,0xCCCCCCC,0x666666};
-
-#endif
-
-#if CURVETYPE==MONTGOMERY
-
-const int CURVE_A=486662;
-const BIG CURVE_Order= {0x1CF5D3ED,0x9318D2,0x1DE73596,0x1DF3BD45,0x14D,0x0,0x0,0x0,0x100000};
-const BIG CURVE_Gx= {0x9};
-
-#endif
-
-#endif
-
-#if CHUNK==64
-
-const chunk MConst=19;
-const BIG Modulus= {0xFFFFFFFFFFFFED,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0x7FFFFFFF};
-
-#if CURVETYPE==WEIERSTRASS
-const int CURVE_A=-3;
-const BIG CURVE_B= {0x28};
-const BIG CURVE_Order= {0x1CE4619728ACA1,0xFE4B343A3736D,0x5D5E,0x0,0x80000000};
-const BIG CURVE_Gx= {0x47538774D8261F,0x4EAB06F8E4984C,0x3DE0A59BD0F9A7,0x215F0833ED2675,0x67E3F521};
-const BIG CURVE_Gy= {0x4632C7E1DEEF38,0x2B97380121C757,0xCD4E45DEA014CB,0x1E685D975E41F5,0x36856C8};
-
-#endif
-
-#if CURVETYPE==EDWARDS
-const int CURVE_A=-1;
-const BIG CURVE_B= {0xEB4DCA135978A3,0xA4D4141D8AB75,0x797779E8980070,0x2B6FFE738CC740,0x52036CEE};
-const BIG CURVE_Order= {0x12631A5CF5D3ED,0xF9DEA2F79CD658,0x14DE,0x0,0x10000000};
-const BIG CURVE_Gx= {0x562D608F25D51A,0xC7609525A7B2C9,0x31FDD6DC5C692C,0xCD6E53FEC0A4E2,0x216936D3};
-const BIG CURVE_Gy= {0x66666666666658,0x66666666666666,0x66666666666666,0x66666666666666,0x66666666};
-
-#endif
-
-#if CURVETYPE==MONTGOMERY
-
-const int CURVE_A=486662;
-const BIG CURVE_Order= {0x12631A5CF5D3ED,0xF9DEA2F79CD658,0x14DE,0x0,0x10000000};
-const BIG CURVE_Gx= {0x9};
-
-#endif
-
-#endif
-
-#endif
-
-
-#if CHOICE==BRAINPOOL
-
-const int CURVE_A=-3;
-#if CHUNK==16
-
-const BIG Modulus= {0x1377,0x1B72,0x747,0x690,0x201,0x1014,0x1498,0x47A,0x1BF6,0x1371,0x35C,0x1B07,0x909,0x1305,0x10F9,0x1537,0x1EE,0x1EDD,0x1ED5,0x153};
-const chunk MConst=0x9B9;
-const BIG CURVE_Order= {0x16A7,0x1A42,0xA5,0x1C1D,0x1901,0x137B,0x1586,0x1476,0x197A,0xC61,0x35C,0x1B07,0x909,0x1305,0x10F9,0x1537,0x1EE,0x1EDD,0x1ED5,0x153};
-const BIG CURVE_B= {0xB04,0x1749,0x7F,0xB02,0x16AE,0x492,0x1CBD,0x1895,0x13EB,0x1DFC,0x1DAD,0x1A16,0x1733,0x1353,0x13F9,0x9D4,0x10D8,0xE21,0xB18,0xCC};
-const BIG CURVE_Gx= {0x5F4,0x1098,0x158B,0x322,0x179A,0x1E15,0xABE,0x188F,0x142,0xD7D,0x1852,0x14CA,0x1B23,0x1109,0x1DCC,0x1CF6,0x1CF,0x19E6,0x1A3A,0x147};
-const BIG CURVE_Gy= {0x9BE,0x192E,0x1CD6,0x17D1,0x1DA,0x1380,0x740,0x1BC7,0x1CB6,0x134D,0x105F,0xC88,0xE14,0x1D91,0x15FD,0x18AD,0x1439,0x411,0x65B,0x5B};
-#endif
-
-#if CHUNK==32
-
-const BIG Modulus= {0x1F6E5377,0x9A40E8,0x9880A08,0x17EC47AA,0x18D726E3,0x5484EC1,0x6F0F998,0x1B743DD5,0xA9FB57};
-const chunk MConst=0xEFD89B9;
-const BIG CURVE_Order= {0x174856A7,0xF07414,0x1869BDE4,0x12F5476A,0x18D718C3,0x5484EC1,0x6F0F998,0x1B743DD5,0xA9FB57};
-const BIG CURVE_B= {0x1EE92B04,0x172C080F,0xBD2495A,0x7D7895E,0x176B7BF9,0x13B99E85,0x1A93F99A,0x18861B09,0x662C61};
-const BIG CURVE_Gx= {0xE1305F4,0xD0C8AB1,0xBEF0ADE,0x28588F5,0x16149AFA,0x9D91D32,0x1EDDCC88,0x79839FC,0xA3E8EB};
-const BIG CURVE_Gy= {0x1B25C9BE,0xD5F479A,0x1409C007,0x196DBC73,0x417E69B,0x1170A322,0x15B5FDEC,0x10468738,0x2D996C};
-#endif
-
-#if CHUNK==64
-
-const BIG Modulus= {0x13481D1F6E5377,0xF623D526202820,0x909D838D726E3B,0xA1EEA9BC3E660A,0xA9FB57DB};
-const chunk MConst=0xA75590CEFD89B9;
-const BIG CURVE_Order= {0x1E0E82974856A7,0x7AA3B561A6F790,0x909D838D718C39,0xA1EEA9BC3E660A,0xA9FB57DB};
-const BIG CURVE_B= {0xE58101FEE92B04,0xEBC4AF2F49256A,0x733D0B76B7BF93,0x30D84EA4FE66A7,0x662C61C4};
-const BIG CURVE_Gx= {0xA191562E1305F4,0x42C47AAFBC2B79,0xB23A656149AFA1,0xC1CFE7B7732213,0xA3E8EB3C};
-const BIG CURVE_Gy= {0xABE8F35B25C9BE,0xB6DE39D027001D,0xE14644417E69BC,0x3439C56D7F7B22,0x2D996C82};
-#endif
-
-#endif
-
-
-#if CHOICE==ANSSI
-
-const int CURVE_A=-3;
-#if CHUNK==16
-
-const BIG Modulus= {0x1C03,0x374,0x14F6,0x19E6,0x1E8F,0x536,0xF23,0x1795,0x1AD,0x19CB,0x10D6,0x1C84,0x1E8C,0x936,0x1C40,0x1AB1,0xB3A,0x1C60,0x1F45,0x1E3};
-const chunk MConst=0x1155;
-const BIG CURVE_Order= {0x15E1,0x16B2,0x1671,0x1BA8,0x1FF,0x1FCA,0x34A,0x1C28,0x1C67,0x1A9E,0x10D6,0x1C84,0x1E8C,0x936,0x1C40,0x1AB1,0xB3A,0x1C60,0x1F45,0x1E3};
-const BIG CURVE_B= {0x173F,0x1BDD,0x59E,0xBDB,0x307,0x10C0,0x12C6,0x135C,0xC0C,0x1EFF,0x1003,0x1489,0x754,0x55D,0x35,0x1526,0x1428,0x1E52,0xD4F,0x1DC};
-const BIG CURVE_Gx= {0x1CFF,0xC7A,0xB76,0x12F4,0x164C,0x1B80,0x1E62,0x1B95,0x7D2,0xC61,0x8E5,0x13A8,0x1474,0xC1E,0xCC4,0x73D,0x16C1,0x61A,0xCF5,0x16D};
-const BIG CURVE_Gy= {0xCFB,0x31,0x555,0x2B4,0x1831,0x4F0,0x393,0xFD,0x1C3,0x138,0x1BE3,0x7D9,0x1F0F,0x938,0x47E,0x92,0x8B2,0x7BE,0x10B8,0xC2};
-#endif
-
-#if CHUNK==32
-
-const BIG Modulus= {0x186E9C03,0x7E79A9E,0x12329B7A,0x35B7957,0x435B396,0x16F46721,0x163C4049,0x1181675A,0xF1FD17};
-const chunk MConst=0x164E1155;
-const BIG CURVE_Order= {0x6D655E1,0x1FEEA2CE,0x14AFE507,0x18CFC281,0x435B53D,0x16F46721,0x163C4049,0x1181675A,0xF1FD17};
-const BIG CURVE_B= {0x1B7BB73F,0x3AF6CB3,0xC68600C,0x181935C9,0xC00FDFE,0x1D3AA522,0x4C0352A,0x194A8515,0xEE353F};
-const BIG CURVE_Gx= {0x198F5CFF,0x64BD16E,0x62DC059,0xFA5B95F,0x23958C2,0x1EA3A4EA,0x7ACC460,0x186AD827,0xB6B3D4};
-const BIG CURVE_Gy= {0x14062CFB,0x188AD0AA,0x19327860,0x3860FD1,0xEF8C270,0x18F879F6,0x12447E49,0x1EF91640,0x6142E0};
-#endif
-
-#if CHUNK==64
-
-const BIG Modulus= {0xFCF353D86E9C03,0xADBCABC8CA6DE8,0xE8CE42435B3961,0xB3AD58F10126D,0xF1FD178C};
-const chunk MConst=0x97483A164E1155;
-const BIG CURVE_Order= {0xFDD459C6D655E1,0x67E140D2BF941F,0xE8CE42435B53DC,0xB3AD58F10126D,0xF1FD178C};
-const BIG CURVE_B= {0x75ED967B7BB73F,0xC9AE4B1A18030,0x754A44C00FDFEC,0x5428A9300D4ABA,0xEE353FCA};
-const BIG CURVE_Gx= {0xC97A2DD98F5CFF,0xD2DCAF98B70164,0x4749D423958C27,0x56C139EB31183D,0xB6B3D4C3};
-const BIG CURVE_Gy= {0x115A1554062CFB,0xC307E8E4C9E183,0xF0F3ECEF8C2701,0xC8B204911F9271,0x6142E0F7};
-#endif
-
-#endif
-
-
-#if CHOICE==HIFIVE
-
-const int CURVE_A=1;
-#if CHUNK==32
-const BIG Modulus= {0x1FFFFFFD,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFF};
-const chunk MConst=0x3;
-const BIG CURVE_Order= {0x1E9FA805,0x197CACB9,0x1E4EEA9E,0x17AD70F,0x1FA9850C,0x38A0A,0x0,0x0,0x0,0x0,0x0,0x4000};
-const BIG CURVE_B= {0x2B67};
-const BIG CURVE_Gx= {0xC};
-const BIG CURVE_Gy= {0x5FE8632,0x15F63428,0xD976C4,0x1AACA194,0x35B6DB5,0x8E3F7A,0x52D1B0E,0xF0A7A36,0x1C161D00,0x8170C70,0x1185AD59,0x181B};
-#endif
-
-#if CHUNK==64
-const BIG Modulus= {0xFFFFFFFFFFFFFFD,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFF};
-const chunk MConst=0x3;
-const BIG CURVE_Order= {0xB2F95973E9FA805,0xC0BD6B87F93BAA7,0x71415FA9850,0x0,0x0,0x200000000};
-const BIG CURVE_B= {0x2B67};
-const BIG CURVE_Gx= {0xC};
-const BIG CURVE_Gy= {0x2BEC68505FE8632,0x5D5650CA0365DB1,0x3811C7EF435B6DB,0x7853D1B14B46C,0x56502E18E1C161D,0xC0DC616B};
-#endif
-#endif
-
-
-#if CHOICE==GOLDILOCKS
-
-const int CURVE_A=1;
-#if CHUNK==32
-
-const BIG Modulus= {0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FDFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFF};
-const chunk MConst=0x1;
-const BIG CURVE_Order= {0xB5844F3,0x1BC61495,0x1163D548,0x1984E51B,0x3690216,0xDA4D76B,0xFA7113B,0x1FEF9944,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FF};
-const BIG CURVE_B= {0x1FFF6756,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FDFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFF};
-const BIG CURVE_Gx= {0x15555555,0xAAAAAAA,0x15555555,0xAAAAAAA,0x15555555,0xAAAAAAA,0x15555555,0x152AAAAA,0xAAAAAAA,0x15555555,0xAAAAAAA,0x15555555,0xAAAAAAA,0x15555555,0xAAAAAAA,0x1555};
-const BIG CURVE_Gy= {0xA9386ED,0x1757DE6F,0x13681AF6,0x19657DA3,0x3098BBB,0x12C19D15,0x12E03595,0xE515B18,0x17B7E36D,0x1AC426E,0xDBB5E8,0x10D8560,0x159D6205,0xB8246D9,0x17A58D2B,0x15C0};
-#endif
-
-#if CHUNK==64
-
-const BIG Modulus= {0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFEFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFF};
-const chunk MConst=0x1;
-const BIG CURVE_Order= {0x378C292AB5844F3,0x6CC2728DC58F552,0xEDB49AED6369021,0xFFFF7CCA23E9C44,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0x3FFFFFF};
-const BIG CURVE_B= {0xFFFFFFFFFFF6756,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFEFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFF};
-const BIG CURVE_Gx= {0x555555555555555,0x555555555555555,0x555555555555555,0xAAA955555555555,0xAAAAAAAAAAAAAAA,0xAAAAAAAAAAAAAAA,0xAAAAAAAAAAAAAAA,0xAAAAAAA};
-const BIG CURVE_Gy= {0xAEAFBCDEA9386ED,0xBCB2BED1CDA06BD,0x565833A2A3098BB,0x6D728AD8C4B80D6,0x7A035884DD7B7E3,0x205086C2B0036ED,0x34AD7048DB359D6,0xAE05E96};
-#endif
-#endif
-
-#if CHOICE==NIST384
-
-const int CURVE_A=-3;
-#if CHUNK==32
-
-const BIG Modulus= {0xFFFFFFF,0xF,0x0,0xFFFF000,0xFFEFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFF};
-const chunk MConst=0x1;
-const BIG CURVE_Order= {0xCC52973,0xEC196AC,0xA77AEC,0xDB248B,0xDDF581A,0x81F4372,0xFC7634D,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFF};
-const BIG CURVE_B= {0x3EC2AEF,0x85C8EDD,0xED19D2A,0x398D8A2,0x75AC656,0x8F50138,0x2031408,0xFE81411,0x81D9C6E,0xF82D191,0xE056BE3,0xE7E4988,0xFA7E23E,0xB3312};
-const BIG CURVE_Gx= {0x2760AB7,0x545E387,0x5296C3A,0xF25DBF5,0xA385502,0xE082542,0x859F741,0x8BA79B9,0xE1D3B62,0x20AD746,0x1C71EF3,0x5378EB,0xA22BE8B,0xAA87C};
-const BIG CURVE_Gy= {0xEA0E5F,0x431D7C9,0xE819D7A,0xB1CE1D7,0x8C00A60,0x13B5F0B,0xCE9DA31,0x289A147,0x8F41DBD,0x92DC29F,0xE98BF92,0x2C6F5D9,0xE4A9626,0x3617D};
-#endif
-
-#if CHUNK==64
-
-const BIG Modulus= {0xFFFFFFFF,0xFFFF0000000000,0xFFFFFFFFFEFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFF};
-const chunk MConst=0x100000001;
-const BIG CURVE_Order= {0xEC196ACCC52973,0xDB248B0A77AEC,0x81F4372DDF581A,0xFFFFFFFFC7634D,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFF};
-const BIG CURVE_B= {0x85C8EDD3EC2AEF,0x398D8A2ED19D2A,0x8F5013875AC656,0xFE814112031408,0xF82D19181D9C6E,0xE7E4988E056BE3,0xB3312FA7E23E};
-const BIG CURVE_Gx= {0x545E3872760AB7,0xF25DBF55296C3A,0xE082542A385502,0x8BA79B9859F741,0x20AD746E1D3B62,0x5378EB1C71EF3,0xAA87CA22BE8B};
-const BIG CURVE_Gy= {0x431D7C90EA0E5F,0xB1CE1D7E819D7A,0x13B5F0B8C00A60,0x289A147CE9DA31,0x92DC29F8F41DBD,0x2C6F5D9E98BF92,0x3617DE4A9626};
-#endif
-#endif
-
-#if CHOICE==C41417
-
-const int CURVE_A=1;
-#if CHUNK==32
-
-const BIG Modulus= {0x1FFFFFEF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFF};
-const chunk MConst=0x11;
-const BIG CURVE_Order= {0x106AF79,0x18738D2F,0x18F3C606,0x1806715A,0x22B36F1,0xA67B830,0xCF32490,0x1FFFFFFD,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1F};
-const BIG CURVE_B= {0xE21};
-const BIG CURVE_Gx= {0x13CBC595,0x7E9C097,0x14DF1931,0x14E7F550,0x1A111301,0x15A6B6B5,0xD526292,0x18FEAFFE,0x1F44C03E,0x1E6A31B4,0x70C9B97,0x43180C6,0x1443300,0x19A4828A,0x68};
-const BIG CURVE_Gy= {0x22};
-#endif
-
-#if CHUNK==64
-const BIG Modulus= {0xFFFFFFFFFFFFFEF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0x3FFFFFFFFFFFFF};
-const chunk MConst=0x11;
-const BIG CURVE_Order= {0xB0E71A5E106AF79,0x1C0338AD63CF181,0x414CF706022B36F,0xFFFFFFFFEB3CC92,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0x7FFFFFFFFFFFF};
-const BIG CURVE_B= {0xE21};
-const BIG CURVE_Gx= {0x4FD3812F3CBC595,0x1A73FAA8537C64C,0x4AB4D6D6BA11130,0x3EC7F57FF35498A,0xE5FCD46369F44C0,0x300218C0631C326,0x1A334905141443};
-const BIG CURVE_Gy= {0x22};
-#endif
-#endif
-
-
-#if CHOICE==NIST521
-
-const int CURVE_A=-3;
-#if CHUNK==32
-
-const BIG Modulus= {0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0x1FFFF};
-const chunk MConst=0x1;
-const BIG CURVE_Order= {0x1386409,0x6FB71E9,0xC47AEBB,0xC9B8899,0x5D03BB5,0x48F709A,0xB7FCC01,0xBF2F966,0x1868783,0xFFFFFA5,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0x1FFFF};
-const BIG CURVE_B= {0xB503F00,0x451FD46,0xC34F1EF,0xDF883D2,0xF073573,0xBD3BB1B,0xB1652C0,0xEC7E937,0x6193951,0xF109E15,0x489918E,0x15F3B8B,0x25B99B3,0xEEA2DA7,0xB68540,0x929A21A,0xE1C9A1F,0x3EB9618,0x5195};
-const BIG CURVE_Gx= {0x2E5BD66,0x7E7E31C,0xA429BF9,0xB3C1856,0x8DE3348,0x27A2FFA,0x8FE1DC1,0xEFE7592,0x14B5E77,0x4D3DBAA,0x8AF606B,0xB521F82,0x139053F,0x429C648,0x62395B4,0x9E3ECB6,0x404E9CD,0x8E06B70,0xC685};
-const BIG CURVE_Gy= {0xFD16650,0xBE94769,0x2C24088,0x7086A27,0x761353C,0x13FAD0,0xC550B9,0x5EF4264,0x7EE7299,0x3E662C9,0xFBD1727,0x446817A,0x449579B,0xD998F54,0x42C7D1B,0x5C8A5FB,0xA3BC004,0x296A789,0x11839};
-#endif
-
-#if CHUNK==64
-
-const BIG Modulus= {0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0x1FFFFFFFFFF};
-const chunk MConst=0x1;
-const BIG CURVE_Order= {0xB6FB71E91386409,0xB5C9B8899C47AEB,0xC0148F709A5D03B,0x8783BF2F966B7FC,0xFFFFFFFFFFA5186,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0x1FFFFFFFFFF};
-const BIG CURVE_B= {0xF451FD46B503F00,0x73DF883D2C34F1E,0x2C0BD3BB1BF0735,0x3951EC7E937B165,0x9918EF109E15619,0x5B99B315F3B8B48,0xB68540EEA2DA72,0x8E1C9A1F929A21A,0x51953EB961};
-const BIG CURVE_Gx= {0x97E7E31C2E5BD66,0x48B3C1856A429BF,0xDC127A2FFA8DE33,0x5E77EFE75928FE1,0xF606B4D3DBAA14B,0x39053FB521F828A,0x62395B4429C6481,0x404E9CD9E3ECB6,0xC6858E06B7};
-const BIG CURVE_Gy= {0x8BE94769FD16650,0x3C7086A272C2408,0xB9013FAD076135,0x72995EF42640C55,0xD17273E662C97EE,0x49579B446817AFB,0x42C7D1BD998F544,0x9A3BC0045C8A5FB,0x11839296A78};
-#endif
-#endif
-
-#if CHOICE==BN646
-
-const int CURVE_A=0;
-
-#if CHUNK==32
-
-const chunk MConst=0x15F615E5;
-const BIG Modulus= {0x404E013,0x1203604,0x4E0000,0x80A2084,0x2,0xC90420,0x4051078,0x3600001,0xA20660,0x36,0x5100900,0x10288468,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90};
-const BIG CURVE_Order= {0x1E04200D,0x1203603,0x420000,0x80A207E,0x2,0xC303F0,0x4051075,0x3600001,0xA20630,0x36,0x5100900,0x1028845C,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90};
-const BIG CURVE_Cof= {0x1};
-const BIG CURVE_B= {0x2};
-const BIG CURVE_Bnx= {0x1001,0x0,0x10000,0x0,0x0,0x8000};
-const BIG CURVE_Cru= {0x401B007,0x901,0x1B0000,0x1B024,0x0,0x288120,0xD812,0x900000,0x1B0120,0x0,0xD80000,0x6C048,0x0,0x6C0000,0x0,0x0,0x120000};
-const BIG CURVE_Fra= {0x4929A14,0x3B756CA,0x4337DD0,0xFC1417C,0x193166BB,0x1DC54515,0x1C0DF653,0x19BF8961,0x155980E,0x1983CB14,0x4D76309,0x1DEAB1A4,0xF9C3CF5,0x128FEC2D,0x867E339,0xDA0548A,0x1A480AF,0xA3CBCD2,0x116DA6E0,0x2A546E9,0x789577C,0x1F9459D2,0x27};
-const BIG CURVE_Frb= {0x1F7245FF,0x1D68DF39,0x1C1A822F,0x1848DF07,0x6CE9946,0x303BF0A,0x7F71A24,0x9A0769F,0x1F4C6E51,0x67C3521,0x38A5F6,0x123DD2C4,0x1063C317,0xFF825D2,0x17981E76,0x125FAB75,0x1EC78CD0,0x15C34375,0xE92591F,0x1D5ABD96,0x1876A883,0x6BA62D,0x68};
-const BIG CURVE_Pxa= {0x1CCC5E10,0x119F939,0xC6C7FE9,0x81022FF,0x6486AA6,0x1CBC560B,0x1F707429,0xC82F7B9,0x1A7F5CDA,0x14C0EB47,0x11412373,0x13DAF21E,0x126BE416,0x166744A7,0x506E81,0x1048FFA3,0x13A6B0C9,0x1A90979A,0xE78C338,0x1722C561,0xBFFF9A1,0xC1AF83C,0x3F};
-const BIG CURVE_Pxb= {0x67F4BC0,0x1BFC3C9,0x1E9DC3B6,0x87E2B03,0xB820274,0x1DD03B1E,0x517C463,0x1EFCBBC9,0x19F786A8,0x5572E90,0xD0BA5E0,0x16E8A40A,0x1013CF3B,0x11A7F82B,0x1C27B302,0x15E7CD12,0xB79A6DF,0x1EC6895B,0x5775A7E,0xBB28D24,0x416A171,0x127D284E,0x5D};
-const BIG CURVE_Pya= {0xC3FB414,0x2B868EE,0xD858793,0x157FCFE,0x16C849AD,0x1D17B0A4,0x1353CFEA,0x940A061,0x1CEF834E,0x7BE766A,0x4584C1C,0xE2397E9,0x418E9D4,0x8F53B8,0x53B37E0,0x11CA29D9,0xE425654,0x9EFF9AF,0x18CF27A1,0x17755A26,0x3F5481A,0x6C531BC,0x1E};
-const BIG CURVE_Pyb= {0x133908AD,0x17F1F1ED,0x14196532,0x19A85214,0x173EC3F7,0x1021EC2C,0xD798A3E,0x18F4C857,0x82EE2FA,0x11B5296D,0x1831D9C6,0x4463DB5,0x11B4812C,0xF93B884,0xC72653,0xEC6F6ED,0x916CFFF,0x1E81ED0A,0x1103518E,0x1E478B01,0x6B01074,0xC46CCAA,0x48};
-const BIG CURVE_Gx= {0x404E012,0x1203604,0x4E0000,0x80A2084,0x2,0xC90420,0x4051078,0x3600001,0xA20660,0x36,0x5100900,0x10288468,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90};
-const BIG CURVE_Gy= {0x1};
-const BIG CURVE_W[2]= {{0x6008003,0x0,0x80000,0x6,0x0,0x40030,0x3,0x0,0x30,0x0,0x0,0xC},{0x2001,0x0,0x20000,0x0,0x0,0x10000}};
-const BIG CURVE_SB[2][2]= {{{0x600A004,0x0,0xA0000,0x6,0x0,0x50030,0x3,0x0,0x30,0x0,0x0,0xC},{0x2001,0x0,0x20000,0x0,0x0,0x10000}},{{0x2001,0x0,0x20000,0x0,0x0,0x10000},{0x1803A00A,0x1203603,0x3A0000,0x80A2078,0x2,0xBF03C0,0x4051072,0x3600001,0xA20600,0x36,0x5100900,0x10288450,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90}}};
-const BIG CURVE_WB[4]= {{0x2001000,0x0,0x10000,0x2,0x0,0x8010,0x1,0x0,0x10,0x0,0x0,0x4},{0x1C015005,0x600,0x150000,0x1201C,0x0,0x1C80E0,0x900E,0x600000,0x1200E0,0x0,0x900000,0x48038,0x0,0x480000,0x0,0x0,0xC0000},{0xE00B003,0x300,0xB0000,0x900E,0x0,0xE8070,0x4807,0x300000,0x90070,0x0,0x480000,0x2401C,0x0,0x240000,0x0,0x0,0x60000},{0x2003001,0x0,0x30000,0x2,0x0,0x18010,0x1,0x0,0x10,0x0,0x0,0x4}};
-const BIG CURVE_BB[4][4]= {{{0x1E04100D,0x1203603,0x410000,0x80A207E,0x2,0xC283F0,0x4051075,0x3600001,0xA20630,0x36,0x5100900,0x1028845C,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90},{0x1E04100C,0x1203603,0x410000,0x80A207E,0x2,0xC283F0,0x4051075,0x3600001,0xA20630,0x36,0x5100900,0x1028845C,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90},{0x1E04100C,0x1203603,0x410000,0x80A207E,0x2,0xC283F0,0x4051075,0x3600001,0xA20630,0x36,0x5100900,0x1028845C,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90},{0x2002,0x0,0x20000,0x0,0x0,0x10000}},{{0x2001,0x0,0x20000,0x0,0x0,0x10000},{0x1E04100C,0x1203603,0x410000,0x80A207E,0x2,0xC283F0,0x4051075,0x3600001,0xA20630,0x36,0x5100900,0x1028845C,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90},{0x1E04100D,0x1203603,0x410000,0x80A207E,0x2,0xC283F0,0x4051075,0x3600001,0xA20630,0x36,0x5100900,0x1028845C,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90},{0x1E04100C,0x1203603,0x410000,0x80A20
7E,0x2,0xC283F0,0x4051075,0x3600001,0xA20630,0x36,0x5100900,0x1028845C,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90}},{{0x2002,0x0,0x20000,0x0,0x0,0x10000},{0x2001,0x0,0x20000,0x0,0x0,0x10000},{0x2001,0x0,0x20000,0x0,0x0,0x10000},{0x2001,0x0,0x20000,0x0,0x0,0x10000}},{{0x1002,0x0,0x10000,0x0,0x0,0x8000},{0x4002,0x0,0x40000,0x0,0x0,0x20000},{0x1E04000A,0x1203603,0x400000,0x80A207E,0x2,0xC203F0,0x4051075,0x3600001,0xA20630,0x36,0x5100900,0x1028845C,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90},{0x1002,0x0,0x10000,0x0,0x0,0x8000}}};
-#endif
-
-#if CHUNK==64
-
-const chunk MConst=0xCE50F5CF5F615E5;
-const BIG Modulus= {0x2406C08404E013,0x240510420138000,0xE01920840000000,0x601B00000901441,0x400000006C0A206,0xD814423414402,0x6C051024000000,0xD8000000000000,0x9006C,0x240000,0x240000000000};
-const BIG CURVE_Order= {0x2406C07E04200D,0x2405103F0108000,0xD418607E0000000,0x301B00000901441,0x400000006C0A206,0xD814422E14402,0x6C051024000000,0xD8000000000000,0x9006C,0x240000,0x240000000000};
-const BIG CURVE_Cof= {0x1};
-const BIG CURVE_B= {0x2};
-const BIG CURVE_Bnx= {0x1001,0x4000,0x10000000000};
-const BIG CURVE_Cru= {0x1202401B007,0xD812006C000,0x480510240000000,0x200480000000360,0x1B01,0x3602403600,0xD800000000,0x0,0x12};
-const BIG CURVE_Fra= {0x76EAD944929A14,0xB7E0A0BE10CDF74,0x4FB8A8A2B93166B,0xECDFC4B0F037D9,0xC27307962815598,0xCF5EF558D2135D8,0x8CE651FD85AF9C3,0x80AF6D02A45219F,0x69B8147979A41A4,0x9577C152A374C5B,0x9FF28B3A478};
-const BIG CURVE_Frb= {0xFAD1BE73F7245FF,0x6C246F83F06A08B,0x906077E146CE994,0x514D03B4F9FDC68,0x7D8CF86A43F4C6E,0x31791EE96200E29,0x79D9FF04BA5063C,0x8CD092FD5BADE60,0x9647EB8686EBEC7,0x6A883EAD5ECB3A4,0x1A00D74C5B87};
-const BIG CURVE_Pxa= {0x4233F273CCC5E10,0x6408117FB1B1FFA,0xA7978AC166486AA,0xDA6417BDCFDC1D0,0xDCE981D68FA7F5C,0x4169ED790F45048,0xBA06CCE894F26BE,0xB0C98247FD18141,0x30CE35212F353A6,0xFF9A1B9162B0B9E,0xFD835F078BF};
-const BIG CURVE_Pxb= {0x837F879267F4BC0,0x443F1581FA770ED,0x8FBA0763CB82027,0xA8F7E5DE4945F11,0x780AAE5D219F786,0xF3BB745205342E9,0xCC0A34FF057013C,0xA6DFAF3E689709E,0xD69FBD8D12B6B79,0x6A1715D9469215D,0x1764FA509C41};
-const BIG CURVE_Pya= {0xC570D1DCC3FB414,0xD0ABFE7F36161E4,0xABA2F61496C849A,0x4E4A05030CD4F3F,0x70F7CECD5CEF83,0x9D4711CBF491613,0xDF8011EA770418E,0x56548E514EC94EC,0xC9E853DFF35EE42,0x5481ABBAAD13633,0x78D8A63783F};
-const BIG CURVE_Pyb= {0xAFE3E3DB33908AD,0x7CD4290A506594C,0xFA043D85973EC3F,0xFAC7A642BB5E628,0x71A36A52DA82EE2,0x12C2231EDAE0C76,0x994DF2771091B48,0xCFFF7637B76831C,0xD463BD03DA14916,0x1074F23C580C40,0x12188D99546B};
-const BIG CURVE_Gx= {0x2406C08404E012,0x240510420138000,0xE01920840000000,0x601B00000901441,0x400000006C0A206,0xD814423414402,0x6C051024000000,0xD8000000000000,0x9006C,0x240000,0x240000000000};
-const BIG CURVE_Gy= {0x1};
-const BIG CURVE_W[2]= {{0x6008003,0x30020000,0xC0080060000000,0x300000000000000,0x0,0x600000},{0x2001,0x8000,0x20000000000}};
-const BIG CURVE_SB[2][2]= {{{0x600A004,0x30028000,0xC00A0060000000,0x300000000000000,0x0,0x600000},{0x2001,0x8000,0x20000000000}},{{0x2001,0x8000,0x20000000000},{0x2406C07803A00A,0x2405103C00E8000,0xC817E0780000000,0x1B00000901441,0x400000006C0A206,0xD814422814402,0x6C051024000000,0xD8000000000000,0x9006C,0x240000,0x240000000000}}};
-const BIG CURVE_WB[4]= {{0x2001000,0x10004000,0x40010020000000,0x100000000000000,0x0,0x200000},{0xC01C015005,0x900E0054000,0x3803901C0000000,0xE00300000000240,0x1200,0x2401C02400,0x9000000000,0x0,0xC},{0x600E00B003,0x4807002C000,0x1C01D00E0000000,0x700180000000120,0x900,0x1200E01200,0x4800000000,0x0,0x6},{0x2003001,0x1000C000,0x40030020000000,0x100000000000000,0x0,0x200000}};
-const BIG CURVE_BB[4][4]= {{{0x2406C07E04100D,0x2405103F0104000,0xD418507E0000000,0x301B00000901441,0x400000006C0A206,0xD814422E14402,0x6C051024000000,0xD8000000000000,0x9006C,0x240000,0x240000000000},{0x2406C07E04100C,0x2405103F0104000,0xD418507E0000000,0x301B00000901441,0x400000006C0A206,0xD814422E14402,0x6C051024000000,0xD8000000000000,0x9006C,0x240000,0x240000000000},{0x2406C07E04100C,0x2405103F0104000,0xD418507E0000000,0x301B00000901441,0x400000006C0A206,0xD814422E14402,0x6C051024000000,0xD8000000000000,0x9006C,0x240000,0x240000000000},{0x2002,0x8000,0x20000000000}},{{0x2001,0x8000,0x20000000000},{0x2406C07E04100C,0x2405103F0104000,0xD418507E0000000,0x301B00000901441,0x400000006C0A206,0xD814422E14402,0x6C051024000000,0xD8000000000000,0x9006C,0x240000,0x240000000000},{0x2406C07E04100D,0x2405103F0104000,0xD418507E0000000,0x301B00000901441,0x400000006C0A206,0xD814422E14402,0x6C051024000000,0xD8000000000000,0x9006C,0x240000,0x240000000000},{0x2406C07E04100C,0x2405103F0104000,0xD418
507E0000000,0x301B00000901441,0x400000006C0A206,0xD814422E14402,0x6C051024000000,0xD8000000000000,0x9006C,0x240000,0x240000000000}},{{0x2002,0x8000,0x20000000000},{0x2001,0x8000,0x20000000000},{0x2001,0x8000,0x20000000000},{0x2001,0x8000,0x20000000000}},{{0x1002,0x4000,0x10000000000},{0x4002,0x10000,0x40000000000},{0x2406C07E04000A,0x2405103F0100000,0xD418407E0000000,0x301B00000901441,0x400000006C0A206,0xD814422E14402,0x6C051024000000,0xD8000000000000,0x9006C,0x240000,0x240000000000},{0x1002,0x4000,0x10000000000}}};
-#endif
-
-#endif
-
-#if CHOICE==BN454
-
-const int CURVE_A=0;
-
-#if CHUNK==32
-
-const chunk MConst=0x179435E5;
-const BIG Modulus= {0x13,0x270,0x2100,0x1C00D89C,0x25084,0xA284,0x24720,0x10803AA1,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000};
-const BIG CURVE_Order= {0xD,0x210,0x1F80,0x400D884,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000};
-const BIG CURVE_Cof= {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG CURVE_B= {0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG CURVE_Gx= {0x12,0x270,0x2100,0x1C00D89C,0x25084,0xA284,0x24720,0x10803AA1,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000};
-const BIG CURVE_Gy= {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-
-const BIG CURVE_Bnx= {0x1,0x8,0x0,0x2000002,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG CURVE_Cru= {0x7,0xD8,0x900,0x16002436,0x481,0x1B24,0x168,0x48006C9,0x1600006C,0x10000091,0xD80000D,0x240000,0x0,0x0,0x0,0x0};
-const BIG CURVE_Fra= {0x1573B0EC,0x1816E4FE,0xA42E6E0,0x15DDCD87,0x2B17EC7,0x35B9A50,0x15AA1F74,0x1B7B2AC5,0x1CB5A200,0x9937657,0x17389A4A,0x738BADB,0xD92B321,0x3F5F0E6,0x1B1C9E9A,0x25CF3};
-const BIG CURVE_Frb= {0xA8C4F27,0x7E91D71,0x15BD3A1F,0x6230B14,0x1D50D1BD,0x1CA50833,0xA5827AB,0x15050FDB,0x74B3887,0x166C9A92,0x19C78A3C,0x199F4886,0x1B6D4F39,0x80A0F61,0x7236169,0x2230C};
-const BIG CURVE_Pxa= {0xF02B14,0x1DD1DD61,0x330AEC7,0x178617DE,0x1CEFFF36,0x116D35AF,0x1F879FBF,0x105DBF83,0x8345436,0x13664BCA,0x12EE86B5,0x776BB31,0x14AAFE16,0x41B3478,0x13E03554,0x2807A};
-const BIG CURVE_Pxb= {0x45BF266,0xE036876,0x8F0DBA,0xCB5976F,0x10DBC523,0x1723123C,0xBDDA7F4,0x10077CDE,0x11971DE0,0x14F1554A,0x195995EE,0x82E6FD7,0x40D5258,0x1400A58F,0x15A7850B,0x2B2A5};
-const BIG CURVE_Pya= {0x1E1B15C7,0x9CD5B5D,0x1571B2D2,0x1E4C048A,0x1474FB5D,0x18E2328C,0x11775519,0x144EF51F,0xF2FAABA,0x438F741,0x1930EAC0,0x144DC38,0x1287A0FE,0x36D8962,0x10011EAF,0x3ACF4};
-const BIG CURVE_Pyb= {0x571D60,0x8737DB,0xC4A363B,0x124E308F,0x13A65C7E,0x1387693A,0x10CDDA2F,0x184C096E,0x385175,0x5A34088,0xF17A93C,0x1E194915,0x1903ED91,0x4D6FA9F,0x8D8210B,0x12EDC};
-const BIG CURVE_W[2]= {{0x3,0x40,0x180,0x10000010,0xC0,0x6,0x10000018,0xC00001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
-const BIG CURVE_SB[2][2]= {{{0x4,0x50,0x180,0x14000014,0xC0,0x6,0x10000018,0xC00001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0xA,0x1D0,0x1E00,0x1400D874,0x24F03,0xA278,0x246F0,0xF003A9E,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000}}};
-const BIG CURVE_WB[4]= {{0x0,0x8,0x80,0x2000002,0x40,0x2,0x10000008,0x400000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x5,0xA8,0x700,0xA00182A,0x381,0x121C,0x100,0x3800487,0x4000048,0x61,0x9000009,0x180000,0x0,0x0,0x0,0x0},{0x3,0x58,0x380,0x16000C16,0x1C0,0x90E,0x10000080,0x1C00243,0x12000024,0x10000030,0x4800004,0xC0000,0x0,0x0,0x0,0x0},{0x1,0x18,0x80,0x6000006,0x40,0x2,0x10000008,0x400000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
-const BIG CURVE_BB[4][4]= {{{0xD,0x208,0x1F80,0x200D882,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000},{0xC,0x208,0x1F80,0x200D882,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000},{0xC,0x208,0x1F80,0x200D882,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000},{0x2,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0xC,0x208,0x1F80,0x200D882,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000},{0xD,0x208,0x1F80,0x200D882,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000},{0xC,0x208,0x1F80,0x200D882,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,
0x2400003,0x48000}},{{0x2,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x2,0x8,0x0,0x2000002,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x2,0x20,0x0,0x8000008,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0xA,0x200,0x1F80,0xD880,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000},{0x2,0x8,0x0,0x2000002,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}};
-
-#endif
-
-#if CHUNK==64
-
-const chunk MConst=0xF33C46ED79435E5L;
-const BIG Modulus= {0x4E00000013L,0x4E006C4E0000840L,0x800014508002508L,0x888401D5080091CL,0x21C00021D4400DAL,0x25B06C01B144009L,0xD80000909000L,0x240000900L};
-const BIG CURVE_Order= {0x420000000DL,0x42006C4200007E0L,0x2000144FC0024FCL,0x887E01D4FC0091CL,0x21C00021D4400DAL,0x25B06C01B144009L,0xD80000909000L,0x240000900L};
-const BIG CURVE_Cof= {0x1L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
-const BIG CURVE_B= {0x2L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
-const BIG CURVE_Gx= {0x4E00000012L,0x4E006C4E0000840L,0x800014508002508L,0x888401D5080091CL,0x21C00021D4400DAL,0x25B06C01B144009L,0xD80000909000L,0x240000900L};
-const BIG CURVE_Gy= {0x1L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
-
-const BIG CURVE_Bnx= {0x100000001L,0x10000010000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
-const BIG CURVE_Cru= {0x1B00000007L,0x1B00121B0000240L,0xA00003648000048L,0x6C2400364800005L,0x36000012360000L,0x12000036000L,0x0L,0x0L};
-const BIG CURVE_Fra= {0x302DC9FD573B0ECL,0x7AEEE6C3A90B9B8L,0xD06B734A02B17ECL,0xDBD9562D6A87DL,0x929326ECAFCB5A2L,0x32139C5D6DDCE26L,0x7A687EBE1CCD92BL,0x12E79EC72L};
-const BIG CURVE_Frb= {0xCFD23AE2A8C4F27L,0xD311858A56F4E87L,0xAF94A1067D50D1BL,0x87A8287EDA9609EL,0x8F2CD9352474B38L,0xF39CCFA443671E2L,0x85A50141EC3B6D4L,0x111861C8DL};
-const BIG CURVE_Pxa= {0xFBA3BAC20F02B14L,0x6BC30BEF0CC2BB1L,0xFE2DA6B5FCEFFF3L,0x3682EDFC1FE1E7EL,0xAD66CC979483454L,0xE163BB5D98CBBA1L,0xD55083668F14AAFL,0x1403D4F80L};
-const BIG CURVE_Pxb= {0x9C06D0EC45BF266L,0x365ACBB7823C36EL,0xD2E4624790DBC52L,0xE0803BE6F2F769FL,0x7BA9E2AA951971DL,0x25841737EBE5665L,0x142E8014B1E40D5L,0x15952D69EL};
-const BIG CURVE_Pya= {0x939AB6BBE1B15C7L,0xDF26024555C6CB4L,0x671C46519474FB5L,0xBAA277A8FC5DD54L,0xB00871EE82F2FAAL,0xFE0A26E1C64C3AL,0x7ABC6DB12C5287AL,0x1D67A4004L};
-const BIG CURVE_Pyb= {0xC10E6FB60571D60L,0xE9271847B128D8EL,0xBE70ED2753A65C7L,0x75C2604B7433768L,0x4F0B46811003851L,0xD91F0CA48ABC5EAL,0x842C9ADF53F903EL,0x976E2360L};
-const BIG CURVE_W[2]= {{0x800000003L,0x80000080000060L,0x60000000C00000CL,0x600000C00000L,0x0L,0x0L,0x0L,0x0L},{0x200000001L,0x20000020000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}};
-const BIG CURVE_SB[2][2]= {{{0xA00000004L,0xA00000A0000060L,0x60000000C00000CL,0x600000C00000L,0x0L,0x0L,0x0L,0x0L},{0x200000001L,0x20000020000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x200000001L,0x20000020000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x3A0000000AL,0x3A006C3A0000780L,0xC000144F00024F0L,0x887801D4F00091BL,0x21C00021D4400DAL,0x25B06C01B144009L,0xD80000909000L,0x240000900L}}};
-const BIG CURVE_WB[4]= {{0x100000000L,0x10000010000020L,0x200000004000004L,0x200000400000L,0x0L,0x0L,0x0L,0x0L},{0x1500000005L,0x15000C1500001C0L,0x2438000038L,0x481C00243800004L,0x2400000C240000L,0xC000024000L,0x0L,0x0L},{0xB00000003L,0xB00060B00000E0L,0x121C00001CL,0x240E00121C00002L,0x12000006120000L,0x6000012000L,0x0L,0x0L},{0x300000001L,0x30000030000020L,0x200000004000004L,0x200000400000L,0x0L,0x0L,0x0L,0x0L}};
-const BIG CURVE_BB[4][4]= {{{0x410000000DL,0x41006C4100007E0L,0x2000144FC0024FCL,0x887E01D4FC0091CL,0x21C00021D4400DAL,0x25B06C01B144009L,0xD80000909000L,0x240000900L},{0x410000000CL,0x41006C4100007E0L,0x2000144FC0024FCL,0x887E01D4FC0091CL,0x21C00021D4400DAL,0x25B06C01B144009L,0xD80000909000L,0x240000900L},{0x410000000CL,0x41006C4100007E0L,0x2000144FC0024FCL,0x887E01D4FC0091CL,0x21C00021D4400DAL,0x25B06C01B144009L,0xD80000909000L,0x240000900L},{0x200000002L,0x20000020000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x200000001L,0x20000020000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x410000000CL,0x41006C4100007E0L,0x2000144FC0024FCL,0x887E01D4FC0091CL,0x21C00021D4400DAL,0x25B06C01B144009L,0xD80000909000L,0x240000900L},{0x410000000DL,0x41006C4100007E0L,0x2000144FC0024FCL,0x887E01D4FC0091CL,0x21C00021D4400DAL,0x25B06C01B144009L,0xD80000909000L,0x240000900L},{0x410000000CL,0x41006C4100007E0L,0x2000144FC0024FCL,0x887E01D4FC0091CL,0x21C00021D4400DAL,0x25B06C01B144009L,0xD80000909000L,0x240000900L}},
{{0x200000002L,0x20000020000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x200000001L,0x20000020000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x200000001L,0x20000020000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x200000001L,0x20000020000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x100000002L,0x10000010000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x400000002L,0x40000040000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x400000000AL,0x40006C4000007E0L,0x2000144FC0024FCL,0x887E01D4FC0091CL,0x21C00021D4400DAL,0x25B06C01B144009L,0xD80000909000L,0x240000900L},{0x100000002L,0x10000010000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}}};
-
-
-#endif
-
-#endif
-
-
-#if CHOICE==BLS455
-
-const int CURVE_A=0;
-
-#if CHUNK==32
-
-const chunk MConst=0x1F4017FD;
-const BIG Modulus= {0x2AB,0x1500000C,0xAAA55AA,0xB12AAD6,0x6D1BA6C,0xCCA5674,0x12E2CF6E,0xA9F9662,0x34BD939,0x12D8EAB1,0xFD9978E,0x9240600,0xE0F95B,0xAAB9550,0x55555E5,0xAAAAB};
-const BIG CURVE_Order= {0x1FC00001,0x3FFF,0x10000070,0x1400000,0x1D100,0xF0003A8,0x13C0009,0x1E200,0x180002E0,0x400001,0x4000,0x0,0x0,0x0,0x0,0x0};
-const BIG CURVE_Cof= {0xABFFAAB,0x14AABFFD,0xD52AADA,0x1562AAAB,0x15556AAA,0x2A,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG CURVE_B= {0xA,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG CURVE_Gx= {0x1DFCEDD1,0x16A62EEF,0xE80D3ED,0xB8DE876,0x179C7253,0x182DAB52,0x46CC85F,0x1E571D9C,0x1E8392B1,0x1A155867,0x19E6527C,0x23DC64E,0xABEDA59,0xF20662B,0x17CECC01,0x310A};
-const BIG CURVE_Gy= {0x6619B9B,0x27EBCD,0x1BE80A19,0x13B014BA,0x191A4936,0x13911916,0x107A5A3B,0x1DCB0863,0x1F5FB1,0xDE44A9C,0x18E23B2A,0x1FA81FD3,0xB0D6DFA,0xC2FE1EF,0xDDFA7E2,0x3351B};
-
-const BIG CURVE_Bnx= {0x800,0x1000004,0x40000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG CURVE_Cru= {0xAA9,0x9017FE0,0x128DD8AA,0x1F4A321E,0x148FEC90,0x195CDEEA,0xE961AA2,0x168D3B66,0xAFD99D7,0xB989AA6,0x1F9A5724,0x91A05FF,0xE0EF5B,0xAAB9548,0x55555E5,0xAAAAB};
-const BIG CURVE_Fra= {0xA2EBF21,0x4E67DEE,0xCDE6590,0xE5EA94E,0x15454985,0x140CFC43,0x7E14D1C,0x1778395A,0x1944F022,0x166BEA1A,0xC3DEEA0,0x9F031A0,0x16A7459,0x1F1D6E00,0x125CFB72,0x72FD4};
-const BIG CURVE_Frb= {0x15D1438A,0x1019821D,0x1DCBF01A,0x1CB40187,0x118C70E6,0x18BD5A30,0xB018251,0x13275D08,0xA06E916,0x1C6D0096,0x39BA8ED,0x1F33D460,0x1F768501,0xB8E274F,0x12F85A72,0x37AD6};
-const BIG CURVE_Pxa= {0x10C1F542,0x23AF907,0x159F840,0xBAC0E1F,0x133D7766,0x1C034C5D,0x14C5C875,0x1ED0BDA2,0x16A49C71,0x1E9FF62D,0x14F3ACC0,0x1E0C9FEA,0xC4638DE,0x74D18DA,0xBEA0030,0x5D962};
-const BIG CURVE_Pxb= {0x749F03D,0xC843773,0xB17BCBA,0x1134AB4B,0x8EA016E,0x1A0D766C,0x58F819E,0x48A1FCC,0xE296F62,0x83370E4,0xC9BA1D5,0x1E43290E,0xEE59A80,0x1FDD85F5,0x1F3819B6,0x1D9F};
-const BIG CURVE_Pya= {0x181A77F4,0x191AD22,0x1E9F842A,0x1E1E6CF6,0xD55B9D9,0x1D062533,0x15BB1323,0x7ECBC1,0x1A9EC2EF,0x1EE14CE0,0x1E96B271,0xA794439,0x1C544324,0xE6AD5DC,0x16429B0F,0x448E3};
-const BIG CURVE_Pyb= {0x1E1FDBA2,0x1A09DB6C,0xF680D5B,0xFCC6122,0xC488E2A,0x1E489ECD,0x1005617E,0x1CF9EC36,0x1C89ED72,0x16C00D90,0x1563E595,0x1243DDC0,0x8698F9E,0x1BD81E7E,0xF2A0F4A,0x66A0};
-
-#endif
-
-#if CHUNK==64
-
-cons
<TRUNCATED>
[19/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/benchtest_all.c
----------------------------------------------------------------------
diff --git a/version3/c/benchtest_all.c b/version3/c/benchtest_all.c
deleted file mode 100644
index 0acc6dd..0000000
--- a/version3/c/benchtest_all.c
+++ /dev/null
@@ -1,1019 +0,0 @@
-/* Test and benchmark elliptic curve and RSA functions
- First build amcl.a from build_ec batch file
- gcc -O3 benchtest_ec.c amcl.a -o benchtest_ec.exe
-*/
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-
-#include "rsa_2048.h"
-#include "ecp_ED25519.h"
-#include "pair_BN254.h"
-
-
-#if CHUNK==32 || CHUNK==64
-#include "ecp_NIST256.h"
-#include "ecp_GOLDILOCKS.h"
-#include "pair_BLS383.h"
-#include "pair192_BLS24.h"
-#include "pair256_BLS48.h"
-#endif
-
-#define MIN_TIME 10.0
-#define MIN_ITERS 10
-
-#if CHUNK==16
-
-#define BIG_ED BIG_256_13
-#define BIG_ED_rcopy BIG_256_13_rcopy
-#define BIG_ED_randomnum BIG_256_13_randomnum
-
-#define BIG_BN BIG_256_13
-#define BIG_BN_rcopy BIG_256_13_rcopy
-#define BIG_BN_randomnum BIG_256_13_randomnum
-
-#endif
-
-#if CHUNK==32
-
-#define BIG_ED BIG_256_29
-#define BIG_ED_rcopy BIG_256_29_rcopy
-#define BIG_ED_randomnum BIG_256_29_randomnum
-
-#define BIG_NT BIG_256_28
-#define BIG_NT_rcopy BIG_256_28_rcopy
-#define BIG_NT_randomnum BIG_256_28_randomnum
-
-#define BIG_GL BIG_448_29
-#define BIG_GL_rcopy BIG_448_29_rcopy
-#define BIG_GL_randomnum BIG_448_29_randomnum
-
-#define BIG_BN BIG_256_28
-#define BIG_BN_rcopy BIG_256_28_rcopy
-#define BIG_BN_randomnum BIG_256_28_randomnum
-
-#define BIG_BLS12 BIG_384_29
-#define BIG_BLS12_rcopy BIG_384_29_rcopy
-#define BIG_BLS12_randomnum BIG_384_29_randomnum
-
-#define BIG_BLS24 BIG_480_29
-#define BIG_BLS24_rcopy BIG_480_29_rcopy
-#define BIG_BLS24_randomnum BIG_480_29_randomnum
-
-#define BIG_BLS48 BIG_560_29
-#define BIG_BLS48_rcopy BIG_560_29_rcopy
-#define BIG_BLS48_randomnum BIG_560_29_randomnum
-
-#endif
-
-#if CHUNK==64
-
-#define BIG_ED BIG_256_56
-#define BIG_ED_rcopy BIG_256_56_rcopy
-#define BIG_ED_randomnum BIG_256_56_randomnum
-
-#define BIG_NT BIG_256_56
-#define BIG_NT_rcopy BIG_256_56_rcopy
-#define BIG_NT_randomnum BIG_256_56_randomnum
-
-#define BIG_GL BIG_448_58
-#define BIG_GL_rcopy BIG_448_58_rcopy
-#define BIG_GL_randomnum BIG_448_58_randomnum
-
-#define BIG_BN BIG_256_56
-#define BIG_BN_rcopy BIG_256_56_rcopy
-#define BIG_BN_randomnum BIG_256_56_randomnum
-
-#define BIG_BLS12 BIG_384_58
-#define BIG_BLS12_rcopy BIG_384_58_rcopy
-#define BIG_BLS12_randomnum BIG_384_58_randomnum
-
-#define BIG_BLS24 BIG_480_56
-#define BIG_BLS24_rcopy BIG_480_56_rcopy
-#define BIG_BLS24_randomnum BIG_480_56_randomnum
-
-#define BIG_BLS48 BIG_560_58
-#define BIG_BLS48_rcopy BIG_560_58_rcopy
-#define BIG_BLS48_randomnum BIG_560_58_randomnum
-
-#endif
-
-int ED_25519(csprng *RNG)
-{
- int i,iterations;
- clock_t start;
- double elapsed;
- ECP_ED25519 EP,EG;
- BIG_ED s,r,x,y;
- printf("Testing/Timing ED25519 ECC\n");
-
-#if CURVETYPE_ED25519==WEIERSTRASS
- printf("Weierstrass parameterization\n");
-#endif
-#if CURVETYPE_ED25519==EDWARDS
- printf("Edwards parameterization\n");
-#endif
-#if CURVETYPE_ED25519==MONTGOMERY
- printf("Montgomery parameterization\n");
-#endif
-
-#if CHUNK==16
- printf("16-bit Build\n");
-#endif
-#if CHUNK==32
- printf("32-bit Build\n");
-#endif
-#if CHUNK==64
- printf("64-bit Build\n");
-#endif
-
- ECP_ED25519_generator(&EG);
-
- BIG_ED_rcopy(r,CURVE_Order_ED25519);
- BIG_ED_randomnum(s,r,RNG);
- ECP_ED25519_copy(&EP,&EG);
- ECP_ED25519_mul(&EP,r);
-
- if (!ECP_ED25519_isinf(&EP))
- {
- printf("FAILURE - rG!=O\n");
- return 0;
- }
-
- iterations=0;
- start=clock();
- do {
- ECP_ED25519_copy(&EP,&EG);
- ECP_ED25519_mul(&EP,s);
-
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("EC mul - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- return 0;
-}
-
-#if CHUNK==32 || CHUNK==64
-
-int NIST_256(csprng *RNG)
-{
- int i,iterations;
- clock_t start;
- double elapsed;
- ECP_NIST256 EP,EG;
- BIG_NT s,r,x,y;
- printf("Testing/Timing NIST256 ECC\n");
-
-#if CURVETYPE_NIST256==WEIERSTRASS
- printf("Weierstrass parameterization\n");
-#endif
-#if CURVETYPE_NIST256==EDWARDS
- printf("Edwards parameterization\n");
-#endif
-#if CURVETYPE_NIST256==MONTGOMERY
- printf("Montgomery parameterization\n");
-#endif
-
-#if CHUNK==16
- printf("16-bit Build\n");
-#endif
-#if CHUNK==32
- printf("32-bit Build\n");
-#endif
-#if CHUNK==64
- printf("64-bit Build\n");
-#endif
-
- ECP_NIST256_generator(&EG);
-
- BIG_NT_rcopy(r,CURVE_Order_NIST256);
- BIG_NT_randomnum(s,r,RNG);
- ECP_NIST256_copy(&EP,&EG);
- ECP_NIST256_mul(&EP,r);
-
- if (!ECP_NIST256_isinf(&EP))
- {
- printf("FAILURE - rG!=O\n");
- return 0;
- }
-
- iterations=0;
- start=clock();
- do {
- ECP_NIST256_copy(&EP,&EG);
- ECP_NIST256_mul(&EP,s);
-
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("EC mul - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- return 0;
-}
-
-int GOLD_LOCKS(csprng *RNG)
-{
- int i,iterations;
- clock_t start;
- double elapsed;
- ECP_GOLDILOCKS EP,EG;
- BIG_GL s,r,x,y;
- printf("Testing/Timing GOLDILOCKS ECC\n");
-
-#if CURVETYPE_GOLDILOCKS==WEIERSTRASS
- printf("Weierstrass parameterization\n");
-#endif
-#if CURVETYPE_GOLDILOCKS==EDWARDS
- printf("Edwards parameterization\n");
-#endif
-#if CURVETYPE_GOLDILOCKS==MONTGOMERY
- printf("Montgomery parameterization\n");
-#endif
-
-#if CHUNK==16
- printf("16-bit Build\n");
-#endif
-#if CHUNK==32
- printf("32-bit Build\n");
-#endif
-#if CHUNK==64
- printf("64-bit Build\n");
-#endif
-
- ECP_GOLDILOCKS_generator(&EG);
-
- BIG_GL_rcopy(r,CURVE_Order_GOLDILOCKS);
- BIG_GL_randomnum(s,r,RNG);
- ECP_GOLDILOCKS_copy(&EP,&EG);
- ECP_GOLDILOCKS_mul(&EP,r);
-
- if (!ECP_GOLDILOCKS_isinf(&EP))
- {
- printf("FAILURE - rG!=O\n");
- return 0;
- }
-
- iterations=0;
- start=clock();
- do {
- ECP_GOLDILOCKS_copy(&EP,&EG);
- ECP_GOLDILOCKS_mul(&EP,s);
-
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("EC mul - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- return 0;
-}
-#endif
-
-int BN_254(csprng *RNG)
-{
- int i,iterations;
- clock_t start;
- double elapsed;
-
- ECP_BN254 P,G;
- ECP2_BN254 Q,W;
- FP12_BN254 g,w;
- FP4_BN254 cm;
-
- BIG_BN s,r,x,y;
- printf("\nTesting/Timing BN254 Pairings\n");
-
- ECP_BN254_generator(&G);
-
-
- BIG_BN_rcopy(r,CURVE_Order_BN254);
- BIG_BN_randomnum(s,r,RNG);
- ECP_BN254_copy(&P,&G);
- PAIR_BN254_G1mul(&P,r);
-
- if (!ECP_BN254_isinf(&P))
- {
- printf("FAILURE - rG!=O\n");
- return 0;
- }
-
- iterations=0;
- start=clock();
- do {
- ECP_BN254_copy(&P,&G);
- PAIR_BN254_G1mul(&P,s);
-
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("G1 mul - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- ECP2_BN254_generator(&W);
-
- ECP2_BN254_copy(&Q,&W);
- ECP2_BN254_mul(&Q,r);
-
- if (!ECP2_BN254_isinf(&Q))
- {
- printf("FAILURE - rQ!=O\n");
- return 0;
- }
-
- iterations=0;
- start=clock();
- do {
- ECP2_BN254_copy(&Q,&W);
- PAIR_BN254_G2mul(&Q,s);
-
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("G2 mul - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- PAIR_BN254_ate(&w,&Q,&P);
- PAIR_BN254_fexp(&w);
-
- FP12_BN254_copy(&g,&w);
-
- PAIR_BN254_GTpow(&g,r);
-
- if (!FP12_BN254_isunity(&g))
- {
- printf("FAILURE - g^r!=1\n");
- return 0;
- }
-
- iterations=0;
- start=clock();
- do {
- FP12_BN254_copy(&g,&w);
- PAIR_BN254_GTpow(&g,s);
-
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("GT pow - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- FP12_BN254_copy(&g,&w);
-
- iterations=0;
- start=clock();
- do {
- FP12_BN254_compow(&cm,&g,s,r);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("GT pow (compressed) - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- iterations=0;
- start=clock();
- do {
- PAIR_BN254_ate(&w,&Q,&P);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("PAIRing ATE - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- iterations=0;
- start=clock();
- do {
- FP12_BN254_copy(&g,&w);
- PAIR_BN254_fexp(&g);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("PAIRing FEXP - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- ECP_BN254_copy(&P,&G);
- ECP2_BN254_copy(&Q,&W);
-
- PAIR_BN254_G1mul(&P,s);
- PAIR_BN254_ate(&g,&Q,&P);
- PAIR_BN254_fexp(&g);
-
- ECP_BN254_copy(&P,&G);
-
- PAIR_BN254_G2mul(&Q,s);
- PAIR_BN254_ate(&w,&Q,&P);
- PAIR_BN254_fexp(&w);
-
- if (!FP12_BN254_equals(&g,&w))
- {
- printf("FAILURE - e(sQ,p)!=e(Q,sP) \n");
- return 0;
- }
-
- ECP2_BN254_copy(&Q,&W);
- PAIR_BN254_ate(&g,&Q,&P);
- PAIR_BN254_fexp(&g);
-
- PAIR_BN254_GTpow(&g,s);
-
- if (!FP12_BN254_equals(&g,&w))
- {
- printf("FAILURE - e(sQ,p)!=e(Q,P)^s \n");
- return 0;
- }
- return 0;
-}
-
-#if CHUNK==32 || CHUNK==64
-
-int BLS_383(csprng *RNG)
-{
- int i,iterations;
- clock_t start;
- double elapsed;
-
- ECP_BLS383 P,G;
- ECP2_BLS383 Q,W;
- FP12_BLS383 g,w;
- FP4_BLS383 cm;
-
- BIG_BLS12 s,r,x,y;
- printf("\nTesting/Timing BLS383 Pairings\n");
-
- ECP_BLS383_generator(&G);
-
-
- BIG_BLS12_rcopy(r,CURVE_Order_BLS383);
- BIG_BLS12_randomnum(s,r,RNG);
- ECP_BLS383_copy(&P,&G);
- PAIR_BLS383_G1mul(&P,r);
-
- if (!ECP_BLS383_isinf(&P))
- {
- printf("FAILURE - rG!=O\n");
- return 0;
- }
-
- iterations=0;
- start=clock();
- do {
- ECP_BLS383_copy(&P,&G);
- PAIR_BLS383_G1mul(&P,s);
-
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("G1 mul - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- ECP2_BLS383_generator(&W);
-
- ECP2_BLS383_copy(&Q,&W);
- ECP2_BLS383_mul(&Q,r);
-
- if (!ECP2_BLS383_isinf(&Q))
- {
- printf("FAILURE - rQ!=O\n");
- return 0;
- }
-
- iterations=0;
- start=clock();
- do {
- ECP2_BLS383_copy(&Q,&W);
- PAIR_BLS383_G2mul(&Q,s);
-
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("G2 mul - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- PAIR_BLS383_ate(&w,&Q,&P);
- PAIR_BLS383_fexp(&w);
-
- FP12_BLS383_copy(&g,&w);
-
- PAIR_BLS383_GTpow(&g,r);
-
- if (!FP12_BLS383_isunity(&g))
- {
- printf("FAILURE - g^r!=1\n");
- return 0;
- }
-
- iterations=0;
- start=clock();
- do {
- FP12_BLS383_copy(&g,&w);
- PAIR_BLS383_GTpow(&g,s);
-
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("GT pow - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- FP12_BLS383_copy(&g,&w);
-
- iterations=0;
- start=clock();
- do {
- FP12_BLS383_compow(&cm,&g,s,r);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("GT pow (compressed) - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- iterations=0;
- start=clock();
- do {
- PAIR_BLS383_ate(&w,&Q,&P);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("PAIRing ATE - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- iterations=0;
- start=clock();
- do {
- FP12_BLS383_copy(&g,&w);
- PAIR_BLS383_fexp(&g);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("PAIRing FEXP - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- ECP_BLS383_copy(&P,&G);
- ECP2_BLS383_copy(&Q,&W);
-
- PAIR_BLS383_G1mul(&P,s);
- PAIR_BLS383_ate(&g,&Q,&P);
- PAIR_BLS383_fexp(&g);
-
- ECP_BLS383_copy(&P,&G);
-
- PAIR_BLS383_G2mul(&Q,s);
- PAIR_BLS383_ate(&w,&Q,&P);
- PAIR_BLS383_fexp(&w);
-
- if (!FP12_BLS383_equals(&g,&w))
- {
- printf("FAILURE - e(sQ,p)!=e(Q,sP) \n");
- return 0;
- }
-
- ECP2_BLS383_copy(&Q,&W);
- PAIR_BLS383_ate(&g,&Q,&P);
- PAIR_BLS383_fexp(&g);
-
- PAIR_BLS383_GTpow(&g,s);
-
- if (!FP12_BLS383_equals(&g,&w))
- {
- printf("FAILURE - e(sQ,p)!=e(Q,P)^s \n");
- return 0;
- }
- return 0;
-}
-
-int BLS_24(csprng *RNG)
-{
- int i,iterations;
- clock_t start;
- double elapsed;
-
- ECP_BLS24 P,G;
- ECP4_BLS24 Q,W;
- FP24_BLS24 g,w;
- FP8_BLS24 cm;
-
- BIG_BLS24 s,r,x,y;
- printf("\nTesting/Timing BLS24 Pairings\n");
-
- ECP_BLS24_generator(&G);
-
-
- BIG_BLS24_rcopy(r,CURVE_Order_BLS24);
- BIG_BLS24_randomnum(s,r,RNG);
- ECP_BLS24_copy(&P,&G);
- PAIR_BLS24_G1mul(&P,r);
-
- if (!ECP_BLS24_isinf(&P))
- {
- printf("FAILURE - rG!=O\n");
- return 0;
- }
-
- iterations=0;
- start=clock();
- do {
- ECP_BLS24_copy(&P,&G);
- PAIR_BLS24_G1mul(&P,s);
-
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("G1 mul - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- ECP4_BLS24_generator(&W);
-
- ECP4_BLS24_copy(&Q,&W);
- ECP4_BLS24_mul(&Q,r);
-
- if (!ECP4_BLS24_isinf(&Q))
- {
- printf("FAILURE - rQ!=O\n");
- return 0;
- }
-
- iterations=0;
- start=clock();
- do {
- ECP4_BLS24_copy(&Q,&W);
- PAIR_BLS24_G2mul(&Q,s);
-
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("G2 mul - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- PAIR_BLS24_ate(&w,&Q,&P);
- PAIR_BLS24_fexp(&w);
-
- FP24_BLS24_copy(&g,&w);
-
- PAIR_BLS24_GTpow(&g,r);
-
- if (!FP24_BLS24_isunity(&g))
- {
- printf("FAILURE - g^r!=1\n");
- return 0;
- }
-
- iterations=0;
- start=clock();
- do {
- FP24_BLS24_copy(&g,&w);
- PAIR_BLS24_GTpow(&g,s);
-
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("GT pow - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- FP24_BLS24_copy(&g,&w);
-
- iterations=0;
- start=clock();
- do {
- FP24_BLS24_compow(&cm,&g,s,r);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("GT pow (compressed) - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- iterations=0;
- start=clock();
- do {
- PAIR_BLS24_ate(&w,&Q,&P);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("PAIRing ATE - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- iterations=0;
- start=clock();
- do {
- FP24_BLS24_copy(&g,&w);
- PAIR_BLS24_fexp(&g);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("PAIRing FEXP - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- ECP_BLS24_copy(&P,&G);
- ECP4_BLS24_copy(&Q,&W);
-
- PAIR_BLS24_G1mul(&P,s);
- PAIR_BLS24_ate(&g,&Q,&P);
- PAIR_BLS24_fexp(&g);
-
- ECP_BLS24_copy(&P,&G);
-
- PAIR_BLS24_G2mul(&Q,s);
- PAIR_BLS24_ate(&w,&Q,&P);
- PAIR_BLS24_fexp(&w);
-
- if (!FP24_BLS24_equals(&g,&w))
- {
- printf("FAILURE - e(sQ,p)!=e(Q,sP) \n");
- return 0;
- }
-
- ECP4_BLS24_copy(&Q,&W);
- PAIR_BLS24_ate(&g,&Q,&P);
- PAIR_BLS24_fexp(&g);
-
- PAIR_BLS24_GTpow(&g,s);
-
- if (!FP24_BLS24_equals(&g,&w))
- {
- printf("FAILURE - e(sQ,p)!=e(Q,P)^s \n");
- return 0;
- }
- return 0;
-}
-
-
-int BLS_48(csprng *RNG)
-{
- int i,iterations;
- clock_t start;
- double elapsed;
-
- ECP_BLS48 P,G;
- ECP8_BLS48 Q,W;
- FP48_BLS48 g,w;
- FP16_BLS48 cm;
-
- BIG_BLS48 s,r,x,y;
- printf("\nTesting/Timing BLS48 Pairings\n");
-
- ECP_BLS48_generator(&G);
-
-
- BIG_BLS48_rcopy(r,CURVE_Order_BLS48);
- BIG_BLS48_randomnum(s,r,RNG);
- ECP_BLS48_copy(&P,&G);
- PAIR_BLS48_G1mul(&P,r);
-
- if (!ECP_BLS48_isinf(&P))
- {
- printf("FAILURE - rG!=O\n");
- return 0;
- }
-
- iterations=0;
- start=clock();
- do {
- ECP_BLS48_copy(&P,&G);
- PAIR_BLS48_G1mul(&P,s);
-
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("G1 mul - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- ECP8_BLS48_generator(&W);
-
- ECP8_BLS48_copy(&Q,&W);
- ECP8_BLS48_mul(&Q,r);
-
- if (!ECP8_BLS48_isinf(&Q))
- {
- printf("FAILURE - rQ!=O\n");
- return 0;
- }
-
- iterations=0;
- start=clock();
- do {
- ECP8_BLS48_copy(&Q,&W);
- PAIR_BLS48_G2mul(&Q,s);
-
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("G2 mul - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- PAIR_BLS48_ate(&w,&Q,&P);
- PAIR_BLS48_fexp(&w);
-
- FP48_BLS48_copy(&g,&w);
-
- PAIR_BLS48_GTpow(&g,r);
-
- if (!FP48_BLS48_isunity(&g))
- {
- printf("FAILURE - g^r!=1\n");
- return 0;
- }
-
- iterations=0;
- start=clock();
- do {
- FP48_BLS48_copy(&g,&w);
- PAIR_BLS48_GTpow(&g,s);
-
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("GT pow - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- FP48_BLS48_copy(&g,&w);
-
- iterations=0;
- start=clock();
- do {
- FP48_BLS48_compow(&cm,&g,s,r);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("GT pow (compressed) - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- iterations=0;
- start=clock();
- do {
- PAIR_BLS48_ate(&w,&Q,&P);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("PAIRing ATE - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- iterations=0;
- start=clock();
- do {
- FP48_BLS48_copy(&g,&w);
- PAIR_BLS48_fexp(&g);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("PAIRing FEXP - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- ECP_BLS48_copy(&P,&G);
- ECP8_BLS48_copy(&Q,&W);
-
- PAIR_BLS48_G1mul(&P,s);
- PAIR_BLS48_ate(&g,&Q,&P);
- PAIR_BLS48_fexp(&g);
-
- ECP_BLS48_copy(&P,&G);
-
- PAIR_BLS48_G2mul(&Q,s);
- PAIR_BLS48_ate(&w,&Q,&P);
- PAIR_BLS48_fexp(&w);
-
- if (!FP48_BLS48_equals(&g,&w))
- {
- printf("FAILURE - e(sQ,p)!=e(Q,sP) \n");
- return 0;
- }
-
- ECP8_BLS48_copy(&Q,&W);
- PAIR_BLS48_ate(&g,&Q,&P);
- PAIR_BLS48_fexp(&g);
-
- PAIR_BLS48_GTpow(&g,s);
-
- if (!FP48_BLS48_equals(&g,&w))
- {
- printf("FAILURE - e(sQ,p)!=e(Q,P)^s \n");
- return 0;
- }
- return 0;
-}
-#endif
-
-int RSA_2048(csprng *RNG)
-{
- rsa_public_key_2048 pub;
- rsa_private_key_2048 priv;
-
- int i,iterations;
- clock_t start;
- double elapsed;
-
- char m[RFS_2048],d[RFS_2048],c[RFS_2048];
- octet M= {0,sizeof(m),m};
- octet D= {0,sizeof(d),d};
- octet C= {0,sizeof(c),c};
-
- printf("\nTesting/Timing 2048-bit RSA\n");
-
- printf("Generating 2048-bit RSA public/private key pair\n");
-
- iterations=0;
- start=clock();
- do {
- RSA_2048_KEY_PAIR(RNG,65537,&priv,&pub,NULL,NULL);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("RSA gen - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- M.len=RFS_2048;
- for (i=0;i<RFS_2048;i++) M.val[i]=i%128;
-
- iterations=0;
- start=clock();
- do {
- RSA_2048_ENCRYPT(&pub,&M,&C);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("RSA enc - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- iterations=0;
- start=clock();
- do {
- RSA_2048_DECRYPT(&priv,&C,&D);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("RSA dec - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- for (i=0;i<RFS_2048;i++)
- {
- if (M.val[i]!=D.val[i])
- {
- printf("FAILURE - RSA decryption\n");
- return 0;
- }
- }
-
- printf("All tests pass\n");
-
- return 0;
-}
-
-int main()
-{
- csprng RNG;
- int i;
- char pr[10];
- unsigned long ran;
-
- time((time_t *)&ran);
- pr[0]=ran;
- pr[1]=ran>>8;
- pr[2]=ran>>16;
- pr[3]=ran>>24;
- for (i=4;i<10;i++) pr[i]=i;
- RAND_seed(&RNG,10,pr);
-
- ED_25519(&RNG);
-#if CHUNK==32 || CHUNK==64
- NIST_256(&RNG);
- GOLD_LOCKS(&RNG);
-#endif
- BN_254(&RNG);
-#if CHUNK==32 || CHUNK==64
- BLS_383(&RNG);
- BLS_24(&RNG);
- BLS_48(&RNG);
-#endif
- RSA_2048(&RNG);
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/big.c
----------------------------------------------------------------------
diff --git a/version3/c/big.c b/version3/c/big.c
deleted file mode 100644
index 6845c6b..0000000
--- a/version3/c/big.c
+++ /dev/null
@@ -1,1535 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/* AMCL basic functions for BIG type */
-/* SU=m, SU is Stack Usage */
-
-#include "big_XXX.h"
-
-/* test a=0? */
-int BIG_XXX_iszilch(BIG_XXX a)
-{
- int i;
- for (i=0; i<NLEN_XXX; i++)
- if (a[i]!=0) return 0;
- return 1;
-}
-
-/* test a=1? */
-int BIG_XXX_isunity(BIG_XXX a)
-{
- int i;
- for(i=1; i<NLEN_XXX; i++)
- if (a[i]!=0) return 0;
- if (a[0]!=1) return 0;
- return 1;
-}
-
-/* test a=0? */
-int BIG_XXX_diszilch(DBIG_XXX a)
-{
- int i;
- for (i=0; i<DNLEN_XXX; i++)
- if (a[i]!=0) return 0;
- return 1;
-}
-
-/* SU= 56 */
-/* output a */
-void BIG_XXX_output(BIG_XXX a)
-{
- BIG_XXX b;
- int i,len;
- len=BIG_XXX_nbits(a);
- if (len%4==0) len/=4;
- else
- {
- len/=4;
- len++;
- }
- if (len<MODBYTES_XXX*2) len=MODBYTES_XXX*2;
-
- for (i=len-1; i>=0; i--)
- {
- BIG_XXX_copy(b,a);
- BIG_XXX_shr(b,i*4);
- printf("%01x",(unsigned int) b[0]&15);
- }
-}
-
-/* SU= 16 */
-void BIG_XXX_rawoutput(BIG_XXX a)
-{
- int i;
- printf("(");
- for (i=0; i<NLEN_XXX-1; i++)
-#if CHUNK==64
- printf("%"PRIxMAX",",(uintmax_t) a[i]);
- printf("%"PRIxMAX")",(uintmax_t) a[NLEN_XXX-1]);
-#else
- printf("%x,",(unsigned int) a[i]);
- printf("%x)",(unsigned int) a[NLEN_XXX-1]);
-#endif
-}
-
-/* Swap a and b if d=1 */
-void BIG_XXX_cswap(BIG_XXX a,BIG_XXX b,int d)
-{
- int i;
- chunk t,c=d;
- c=~(c-1);
-#ifdef DEBUG_NORM
- for (i=0; i<NLEN_XXX+2; i++)
-#else
- for (i=0; i<NLEN_XXX; i++)
-#endif
- {
- t=c&(a[i]^b[i]);
- a[i]^=t;
- b[i]^=t;
- }
-}
-
-/* Move b to a if d=1 */
-void BIG_XXX_cmove(BIG_XXX f,BIG_XXX g,int d)
-{
- int i;
- chunk b=(chunk)-d;
-#ifdef DEBUG_NORM
- for (i=0; i<NLEN_XXX+2; i++)
-#else
- for (i=0; i<NLEN_XXX; i++)
-#endif
- {
- f[i]^=(f[i]^g[i])&b;
- }
-}
-
-/* Move g to f if d=1 */
-void BIG_XXX_dcmove(DBIG_XXX f,DBIG_XXX g,int d)
-{
- int i;
- chunk b=(chunk)-d;
-#ifdef DEBUG_NORM
- for (i=0; i<DNLEN_XXX+2; i++)
-#else
- for (i=0; i<DNLEN_XXX; i++)
-#endif
- {
- f[i]^=(f[i]^g[i])&b;
- }
-}
-
-/* convert BIG to/from bytes */
-/* SU= 64 */
-void BIG_XXX_toBytes(char *b,BIG_XXX a)
-{
- int i;
- BIG_XXX c;
- BIG_XXX_copy(c,a);
- BIG_XXX_norm(c);
- for (i=MODBYTES_XXX-1; i>=0; i--)
- {
- b[i]=c[0]&0xff;
- BIG_XXX_fshr(c,8);
- }
-}
-
-/* SU= 16 */
-void BIG_XXX_fromBytes(BIG_XXX a,char *b)
-{
- int i;
- BIG_XXX_zero(a);
- for (i=0; i<MODBYTES_XXX; i++)
- {
- BIG_XXX_fshl(a,8);
- a[0]+=(int)(unsigned char)b[i];
- //BIG_XXX_inc(a,(int)(unsigned char)b[i]); BIG_XXX_norm(a);
- }
-#ifdef DEBUG_NORM
- a[MPV_XXX]=1;
- a[MNV_XXX]=0;
-#endif
-}
-
-void BIG_XXX_fromBytesLen(BIG_XXX a,char *b,int s)
-{
- int i,len=s;
- BIG_XXX_zero(a);
-
- if (len>MODBYTES_XXX) len=MODBYTES_XXX;
- for (i=0; i<len; i++)
- {
- BIG_XXX_fshl(a,8);
- a[0]+=(int)(unsigned char)b[i];
- }
-#ifdef DEBUG_NORM
- a[MPV_XXX]=1;
- a[MNV_XXX]=0;
-#endif
-}
-
-
-
-/* SU= 88 */
-void BIG_XXX_doutput(DBIG_XXX a)
-{
- DBIG_XXX b;
- int i,len;
- BIG_XXX_dnorm(a);
- len=BIG_XXX_dnbits(a);
- if (len%4==0) len/=4;
- else
- {
- len/=4;
- len++;
- }
-
- for (i=len-1; i>=0; i--)
- {
- BIG_XXX_dcopy(b,a);
- BIG_XXX_dshr(b,i*4);
- printf("%01x",(unsigned int) b[0]&15);
- }
-}
-
-
-void BIG_XXX_drawoutput(DBIG_XXX a)
-{
- int i;
- printf("(");
- for (i=0; i<DNLEN_XXX-1; i++)
-#if CHUNK==64
- printf("%"PRIxMAX",",(uintmax_t) a[i]);
- printf("%"PRIxMAX")",(uintmax_t) a[DNLEN_XXX-1]);
-#else
- printf("%x,",(unsigned int) a[i]);
- printf("%x)",(unsigned int) a[DNLEN_XXX-1]);
-#endif
-}
-
-/* Copy b=a */
-void BIG_XXX_copy(BIG_XXX b,BIG_XXX a)
-{
- int i;
- for (i=0; i<NLEN_XXX; i++)
- b[i]=a[i];
-#ifdef DEBUG_NORM
- b[MPV_XXX]=a[MPV_XXX];
- b[MNV_XXX]=a[MNV_XXX];
-#endif
-}
-
-/* Copy from ROM b=a */
-void BIG_XXX_rcopy(BIG_XXX b,const BIG_XXX a)
-{
- int i;
- for (i=0; i<NLEN_XXX; i++)
- b[i]=a[i];
-#ifdef DEBUG_NORM
- b[MPV_XXX]=1;
- b[MNV_XXX]=0;
-#endif
-}
-
-/* double length DBIG copy b=a */
-void BIG_XXX_dcopy(DBIG_XXX b,DBIG_XXX a)
-{
- int i;
- for (i=0; i<DNLEN_XXX; i++)
- b[i]=a[i];
-#ifdef DEBUG_NORM
- b[DMPV_XXX]=a[DMPV_XXX];
- b[DMNV_XXX]=a[DMNV_XXX];
-#endif
-}
-
-/* Copy BIG to bottom half of DBIG */
-void BIG_XXX_dscopy(DBIG_XXX b,BIG_XXX a)
-{
- int i;
- for (i=0; i<NLEN_XXX-1; i++)
- b[i]=a[i];
-
- b[NLEN_XXX-1]=a[NLEN_XXX-1]&BMASK_XXX; /* top word normalized */
- b[NLEN_XXX]=a[NLEN_XXX-1]>>BASEBITS_XXX;
-
- for (i=NLEN_XXX+1; i<DNLEN_XXX; i++) b[i]=0;
-#ifdef DEBUG_NORM
- b[DMPV_XXX]=a[MPV_XXX];
- b[DMNV_XXX]=a[MNV_XXX];
-#endif
-}
-
-/* Copy BIG to top half of DBIG */
-void BIG_XXX_dsucopy(DBIG_XXX b,BIG_XXX a)
-{
- int i;
- for (i=0; i<NLEN_XXX; i++)
- b[i]=0;
- for (i=NLEN_XXX; i<DNLEN_XXX; i++)
- b[i]=a[i-NLEN_XXX];
-#ifdef DEBUG_NORM
- b[DMPV_XXX]=a[MPV_XXX];
- b[DMNV_XXX]=a[MNV_XXX];
-#endif
-}
-
-/* Copy bottom half of DBIG to BIG */
-void BIG_XXX_sdcopy(BIG_XXX b,DBIG_XXX a)
-{
- int i;
- for (i=0; i<NLEN_XXX; i++)
- b[i]=a[i];
-#ifdef DEBUG_NORM
- b[MPV_XXX]=a[DMPV_XXX];
- b[MNV_XXX]=a[DMNV_XXX];
-#endif
-}
-
-/* Copy top half of DBIG to BIG */
-void BIG_XXX_sducopy(BIG_XXX b,DBIG_XXX a)
-{
- int i;
- for (i=0; i<NLEN_XXX; i++)
- b[i]=a[i+NLEN_XXX];
-#ifdef DEBUG_NORM
- b[MPV_XXX]=a[DMPV_XXX];
- b[MNV_XXX]=a[DMNV_XXX];
-
-#endif
-}
-
-/* Set a=0 */
-void BIG_XXX_zero(BIG_XXX a)
-{
- int i;
- for (i=0; i<NLEN_XXX; i++)
- a[i]=0;
-#ifdef DEBUG_NORM
- a[MPV_XXX]=a[MNV_XXX]=0;
-#endif
-}
-
-void BIG_XXX_dzero(DBIG_XXX a)
-{
- int i;
- for (i=0; i<DNLEN_XXX; i++)
- a[i]=0;
-#ifdef DEBUG_NORM
- a[DMPV_XXX]=a[DMNV_XXX]=0;
-#endif
-}
-
-/* set a=1 */
-void BIG_XXX_one(BIG_XXX a)
-{
- int i;
- a[0]=1;
- for (i=1; i<NLEN_XXX; i++)
- a[i]=0;
-#ifdef DEBUG_NORM
- a[MPV_XXX]=1;
- a[MNV_XXX]=0;
-#endif
-}
-
-
-
-/* Set c=a+b */
-/* SU= 8 */
-void BIG_XXX_add(BIG_XXX c,BIG_XXX a,BIG_XXX b)
-{
- int i;
- for (i=0; i<NLEN_XXX; i++)
- c[i]=a[i]+b[i];
-#ifdef DEBUG_NORM
- c[MPV_XXX]=a[MPV_XXX]+b[MPV_XXX];
- c[MNV_XXX]=a[MNV_XXX]+b[MNV_XXX];
- if (c[MPV_XXX]>NEXCESS_XXX) printf("add problem - positive digit overflow %d\n",c[MPV_XXX]);
- if (c[MNV_XXX]>NEXCESS_XXX) printf("add problem - negative digit overflow %d\n",c[MNV_XXX]);
-
-#endif
-}
-
-/* Set c=a or b */
-void BIG_XXX_or(BIG_XXX c,BIG_XXX a,BIG_XXX b)
-{
- int i;
- BIG_XXX_norm(a);
- BIG_XXX_norm(b);
- for (i=0; i<NLEN_XXX; i++)
- c[i]=a[i]|b[i];
-#ifdef DEBUG_NORM
- c[MPV_XXX]=1;
- c[MNV_XXX]=0;
-#endif
-}
-
-
-/* Set c=c+d */
-void BIG_XXX_inc(BIG_XXX c,int d)
-{
- BIG_XXX_norm(c);
- c[0]+=(chunk)d;
-#ifdef DEBUG_NORM
- c[MPV_XXX]+=1;
-#endif
-}
-
-/* Set c=a-b */
-/* SU= 8 */
-void BIG_XXX_sub(BIG_XXX c,BIG_XXX a,BIG_XXX b)
-{
- int i;
- for (i=0; i<NLEN_XXX; i++)
- c[i]=a[i]-b[i];
-#ifdef DEBUG_NORM
- c[MPV_XXX]=a[MPV_XXX]+b[MNV_XXX];
- c[MNV_XXX]=a[MNV_XXX]+b[MPV_XXX];
- if (c[MPV_XXX]>NEXCESS_XXX) printf("sub problem - positive digit overflow %d\n",c[MPV_XXX]);
- if (c[MNV_XXX]>NEXCESS_XXX) printf("sub problem - negative digit overflow %d\n",c[MNV_XXX]);
-
-#endif
-}
-
-/* SU= 8 */
-
-void BIG_XXX_dsub(DBIG_XXX c,DBIG_XXX a,DBIG_XXX b)
-{
- int i;
- for (i=0; i<DNLEN_XXX; i++)
- c[i]=a[i]-b[i];
-#ifdef DEBUG_NORM
- c[DMPV_XXX]=a[DMPV_XXX]+b[DMNV_XXX];
- c[DMNV_XXX]=a[DMNV_XXX]+b[DMPV_XXX];
- if (c[DMPV_XXX]>NEXCESS_XXX) printf("double sub problem - positive digit overflow %d\n",c[DMPV_XXX]);
- if (c[DMNV_XXX]>NEXCESS_XXX) printf("double sub problem - negative digit overflow %d\n",c[DMNV_XXX]);
-#endif
-}
-
-void BIG_XXX_dadd(DBIG_XXX c,DBIG_XXX a,DBIG_XXX b)
-{
- int i;
- for (i=0; i<DNLEN_XXX; i++)
- c[i]=a[i]+b[i];
-#ifdef DEBUG_NORM
- c[DMPV_XXX]=a[DMPV_XXX]+b[DMNV_XXX];
- c[DMNV_XXX]=a[DMNV_XXX]+b[DMPV_XXX];
- if (c[DMPV_XXX]>NEXCESS_XXX) printf("double add problem - positive digit overflow %d\n",c[DMPV_XXX]);
- if (c[DMNV_XXX]>NEXCESS_XXX) printf("double add problem - negative digit overflow %d\n",c[DMNV_XXX]);
-#endif
-}
-
-/* Set c=c-1 */
-void BIG_XXX_dec(BIG_XXX c,int d)
-{
- BIG_XXX_norm(c);
- c[0]-=(chunk)d;
-#ifdef DEBUG_NORM
- c[MNV_XXX]+=1;
-#endif
-}
-
-/* multiplication r=a*c by c<=NEXCESS_XXX */
-void BIG_XXX_imul(BIG_XXX r,BIG_XXX a,int c)
-{
- int i;
- for (i=0; i<NLEN_XXX; i++) r[i]=a[i]*c;
-#ifdef DEBUG_NORM
- r[MPV_XXX]=a[MPV_XXX]*c;
- r[MNV_XXX]=a[MNV_XXX]*c;
- if (r[MPV_XXX]>NEXCESS_XXX) printf("int mul problem - positive digit overflow %d\n",r[MPV_XXX]);
- if (r[MNV_XXX]>NEXCESS_XXX) printf("int mul problem - negative digit overflow %d\n",r[MNV_XXX]);
-
-#endif
-}
-
-/* multiplication r=a*c by larger integer - c<=FEXCESS */
-/* SU= 24 */
-chunk BIG_XXX_pmul(BIG_XXX r,BIG_XXX a,int c)
-{
- int i;
- chunk ak,carry=0;
-// BIG_XXX_norm(a);
- for (i=0; i<NLEN_XXX; i++)
- {
- ak=a[i];
- r[i]=0;
- carry=muladd_XXX(ak,(chunk)c,carry,&r[i]);
- }
-#ifdef DEBUG_NORM
- r[MPV_XXX]=1;
- r[MNV_XXX]=0;
-#endif
- return carry;
-}
-
-/* r/=3 */
-/* SU= 16 */
-int BIG_XXX_div3(BIG_XXX r)
-{
- int i;
- chunk ak,base,carry=0;
- BIG_XXX_norm(r);
- base=((chunk)1<<BASEBITS_XXX);
- for (i=NLEN_XXX-1; i>=0; i--)
- {
- ak=(carry*base+r[i]);
- r[i]=ak/3;
- carry=ak%3;
- }
- return (int)carry;
-}
-
-/* multiplication c=a*b by even larger integer b>FEXCESS, resulting in DBIG */
-/* SU= 24 */
-void BIG_XXX_pxmul(DBIG_XXX c,BIG_XXX a,int b)
-{
- int j;
- chunk carry;
- BIG_XXX_dzero(c);
- carry=0;
- for (j=0; j<NLEN_XXX; j++)
- carry=muladd_XXX(a[j],(chunk)b,carry,&c[j]);
- c[NLEN_XXX]=carry;
-#ifdef DEBUG_NORM
- c[DMPV_XXX]=1;
- c[DMNV_XXX]=0;
-#endif
-}
-
-/* .. if you know the result will fit in a BIG, c must be distinct from a and b */
-/* SU= 40 */
-void BIG_XXX_smul(BIG_XXX c,BIG_XXX a,BIG_XXX b)
-{
- int i,j;
- chunk carry;
-// BIG_XXX_norm(a);
-// BIG_XXX_norm(b);
-
- BIG_XXX_zero(c);
- for (i=0; i<NLEN_XXX; i++)
- {
- carry=0;
- for (j=0; j<NLEN_XXX; j++)
- {
- if (i+j<NLEN_XXX)
- carry=muladd_XXX(a[i],b[j],carry,&c[i+j]);
- }
- }
-#ifdef DEBUG_NORM
- c[MPV_XXX]=1;
- c[MNV_XXX]=0;
-#endif
-
-}
-
-/* Set c=a*b */
-/* SU= 72 */
-void BIG_XXX_mul(DBIG_XXX c,BIG_XXX a,BIG_XXX b)
-{
- int i;
-#ifdef dchunk
- dchunk t,co;
- dchunk s;
- dchunk d[NLEN_XXX];
- int k;
-#endif
-
-#ifdef DEBUG_NORM
- if ((a[MPV_XXX]!=1 && a[MPV_XXX]!=0) || a[MNV_XXX]!=0) printf("First input to mul not normed\n");
- if ((b[MPV_XXX]!=1 && b[MPV_XXX]!=0) || b[MNV_XXX]!=0) printf("Second input to mul not normed\n");
-#endif
-
- /* Faster to Combafy it.. Let the compiler unroll the loops! */
-
-#ifdef COMBA
-
- /* faster psuedo-Karatsuba method */
-#ifdef UNWOUND
-
- /* Insert output of faster.c here */
-
-#else
- for (i=0; i<NLEN_XXX; i++)
- d[i]=(dchunk)a[i]*b[i];
-
- s=d[0];
- t=s;
- c[0]=(chunk)t&BMASK_XXX;
- co=t>>BASEBITS_XXX;
-
- for (k=1; k<NLEN_XXX; k++)
- {
- s+=d[k];
- t=co+s;
- for (i=k; i>=1+k/2; i--) t+=(dchunk)(a[i]-a[k-i])*(b[k-i]-b[i]);
- c[k]=(chunk)t&BMASK_XXX;
- co=t>>BASEBITS_XXX;
- }
- for (k=NLEN_XXX; k<2*NLEN_XXX-1; k++)
- {
- s-=d[k-NLEN_XXX];
- t=co+s;
- for (i=NLEN_XXX-1; i>=1+k/2; i--) t+=(dchunk)(a[i]-a[k-i])*(b[k-i]-b[i]);
- c[k]=(chunk)t&BMASK_XXX;
- co=t>>BASEBITS_XXX;
- }
- c[2*NLEN_XXX-1]=(chunk)co;
-
-#endif
-
-#else
- int j;
- chunk carry;
- BIG_XXX_dzero(c);
- for (i=0; i<NLEN_XXX; i++)
- {
- carry=0;
- for (j=0; j<NLEN_XXX; j++)
- carry=muladd_XXX(a[i],b[j],carry,&c[i+j]);
-
- c[NLEN_XXX+i]=carry;
- }
-
-#endif
-
-#ifdef DEBUG_NORM
- c[DMPV_XXX]=1;
- c[DMNV_XXX]=0;
-#endif
-}
-
-/* Set c=a*a */
-/* SU= 80 */
-void BIG_XXX_sqr(DBIG_XXX c,BIG_XXX a)
-{
- int i,j;
-#ifdef dchunk
- dchunk t,co;
-#endif
-
-#ifdef DEBUG_NORM
- if ((a[MPV_XXX]!=1 && a[MPV_XXX]!=0) || a[MNV_XXX]!=0) printf("Input to sqr not normed\n");
-#endif
- /* Note 2*a[i] in loop below and extra addition */
-
-#ifdef COMBA
-
-#ifdef UNWOUND
-
- /* Insert output of faster.c here */
-
-#else
-
-
- t=(dchunk)a[0]*a[0];
- c[0]=(chunk)t&BMASK_XXX;
- co=t>>BASEBITS_XXX;
-
- for (j=1; j<NLEN_XXX-1; )
- {
- t=(dchunk)a[j]*a[0];
- for (i=1; i<(j+1)/2; i++)
- {
- t+=(dchunk)a[j-i]*a[i];
- }
- t+=t;
- t+=co;
- c[j]=(chunk)t&BMASK_XXX;
- co=t>>BASEBITS_XXX;
- j++;
- t=(dchunk)a[j]*a[0];
- for (i=1; i<(j+1)/2; i++)
- {
- t+=(dchunk)a[j-i]*a[i];
- }
- t+=t;
- t+=co;
- t+=(dchunk)a[j/2]*a[j/2];
- c[j]=(chunk)t&BMASK_XXX;
- co=t>>BASEBITS_XXX;
- j++;
- }
-
- for (j=NLEN_XXX-1+NLEN_XXX%2; j<DNLEN_XXX-3; )
- {
- t=(dchunk)a[NLEN_XXX-1]*a[j-NLEN_XXX+1];
- for (i=j-NLEN_XXX+2; i<(j+1)/2; i++)
- {
- t+=(dchunk)a[j-i]*a[i];
- }
- t+=t;
- t+=co;
- c[j]=(chunk)t&BMASK_XXX;
- co=t>>BASEBITS_XXX;
- j++;
- t=(dchunk)a[NLEN_XXX-1]*a[j-NLEN_XXX+1];
- for (i=j-NLEN_XXX+2; i<(j+1)/2; i++)
- {
- t+=(dchunk)a[j-i]*a[i];
- }
- t+=t;
- t+=co;
- t+=(dchunk)a[j/2]*a[j/2];
- c[j]=(chunk)t&BMASK_XXX;
- co=t>>BASEBITS_XXX;
- j++;
- }
-
- t=(dchunk)a[NLEN_XXX-2]*a[NLEN_XXX-1];
- t+=t;
- t+=co;
- c[DNLEN_XXX-3]=(chunk)t&BMASK_XXX;
- co=t>>BASEBITS_XXX;
-
- t=(dchunk)a[NLEN_XXX-1]*a[NLEN_XXX-1]+co;
- c[DNLEN_XXX-2]=(chunk)t&BMASK_XXX;
- co=t>>BASEBITS_XXX;
- c[DNLEN_XXX-1]=(chunk)co;
-
-
-#endif
-
-#else
- chunk carry;
- BIG_XXX_dzero(c);
- for (i=0; i<NLEN_XXX; i++)
- {
- carry=0;
- for (j=i+1; j<NLEN_XXX; j++)
- carry=muladd_XXX(a[i],a[j],carry,&c[i+j]);
- c[NLEN_XXX+i]=carry;
- }
-
- for (i=0; i<DNLEN_XXX; i++) c[i]*=2;
-
- for (i=0; i<NLEN_XXX; i++)
- c[2*i+1]+=muladd_XXX(a[i],a[i],0,&c[2*i]);
-
- BIG_XXX_dnorm(c);
-#endif
-
-
-#ifdef DEBUG_NORM
- c[DMPV_XXX]=1;
- c[DMNV_XXX]=0;
-#endif
-
-}
-
-/* Montgomery reduction */
-void BIG_XXX_monty(BIG_XXX a,BIG_XXX md,chunk MC,DBIG_XXX d)
-{
- int i,k;
-
-#ifdef dchunk
- dchunk t,c,s;
- dchunk dd[NLEN_XXX];
- chunk v[NLEN_XXX];
-#endif
-
-#ifdef COMBA
-
-#ifdef UNWOUND
-
- /* Insert output of faster.c here */
-
-#else
-
- t=d[0];
- v[0]=((chunk)t*MC)&BMASK_XXX;
- t+=(dchunk)v[0]*md[0];
- c=(t>>BASEBITS_XXX)+d[1];
- s=0;
-
- for (k=1; k<NLEN_XXX; k++)
- {
- t=c+s+(dchunk)v[0]*md[k];
- for (i=k-1; i>k/2; i--) t+=(dchunk)(v[k-i]-v[i])*(md[i]-md[k-i]);
- v[k]=((chunk)t*MC)&BMASK_XXX;
- t+=(dchunk)v[k]*md[0];
- c=(t>>BASEBITS_XXX)+d[k+1];
- dd[k]=(dchunk)v[k]*md[k];
- s+=dd[k];
- }
- for (k=NLEN_XXX; k<2*NLEN_XXX-1; k++)
- {
- t=c+s;
- for (i=NLEN_XXX-1; i>=1+k/2; i--) t+=(dchunk)(v[k-i]-v[i])*(md[i]-md[k-i]);
- a[k-NLEN_XXX]=(chunk)t&BMASK_XXX;
- c=(t>>BASEBITS_XXX)+d[k+1];
- s-=dd[k-NLEN_XXX+1];
- }
- a[NLEN_XXX-1]=(chunk)c&BMASK_XXX;
-
-#endif
-
-
-
-#else
- int j;
- chunk m,carry;
- for (i=0; i<NLEN_XXX; i++)
- {
- if (MC==-1) m=(-d[i])&BMASK_XXX;
- else
- {
- if (MC==1) m=d[i];
- else m=(MC*d[i])&BMASK_XXX;
- }
- carry=0;
- for (j=0; j<NLEN_XXX; j++)
- carry=muladd_XXX(m,md[j],carry,&d[i+j]);
- d[NLEN_XXX+i]+=carry;
- }
- BIG_XXX_sducopy(a,d);
- BIG_XXX_norm(a);
-
-#endif
-
-#ifdef DEBUG_NORM
- a[MPV_XXX]=1;
- a[MNV_XXX]=0;
-#endif
-}
-
-/* General shift left of a by n bits */
-/* a MUST be normalised */
-/* SU= 32 */
-void BIG_XXX_shl(BIG_XXX a,int k)
-{
- int i;
- int n=k%BASEBITS_XXX;
- int m=k/BASEBITS_XXX;
-
- a[NLEN_XXX-1]=((a[NLEN_XXX-1-m]<<n));
- if (NLEN_XXX>=m+2) a[NLEN_XXX-1]|=(a[NLEN_XXX-m-2]>>(BASEBITS_XXX-n));
-
- for (i=NLEN_XXX-2; i>m; i--)
- a[i]=((a[i-m]<<n)&BMASK_XXX)|(a[i-m-1]>>(BASEBITS_XXX-n));
- a[m]=(a[0]<<n)&BMASK_XXX;
- for (i=0; i<m; i++) a[i]=0;
-
-}
-
-/* Fast shift left of a by n bits, where n less than a word, Return excess (but store it as well) */
-/* a MUST be normalised */
-/* SU= 16 */
-int BIG_XXX_fshl(BIG_XXX a,int n)
-{
- int i;
-
- a[NLEN_XXX-1]=((a[NLEN_XXX-1]<<n))|(a[NLEN_XXX-2]>>(BASEBITS_XXX-n)); /* top word not masked */
- for (i=NLEN_XXX-2; i>0; i--)
- a[i]=((a[i]<<n)&BMASK_XXX)|(a[i-1]>>(BASEBITS_XXX-n));
- a[0]=(a[0]<<n)&BMASK_XXX;
-
- return (int)(a[NLEN_XXX-1]>>((8*MODBYTES_XXX)%BASEBITS_XXX)); /* return excess - only used in ff.c */
-}
-
-/* double length left shift of a by k bits - k can be > BASEBITS , a MUST be normalised */
-/* SU= 32 */
-void BIG_XXX_dshl(DBIG_XXX a,int k)
-{
- int i;
- int n=k%BASEBITS_XXX;
- int m=k/BASEBITS_XXX;
-
- a[DNLEN_XXX-1]=((a[DNLEN_XXX-1-m]<<n))|(a[DNLEN_XXX-m-2]>>(BASEBITS_XXX-n));
-
- for (i=DNLEN_XXX-2; i>m; i--)
- a[i]=((a[i-m]<<n)&BMASK_XXX)|(a[i-m-1]>>(BASEBITS_XXX-n));
- a[m]=(a[0]<<n)&BMASK_XXX;
- for (i=0; i<m; i++) a[i]=0;
-
-}
-
-/* General shift right of a by k bits */
-/* a MUST be normalised */
-/* SU= 32 */
-void BIG_XXX_shr(BIG_XXX a,int k)
-{
- int i;
- int n=k%BASEBITS_XXX;
- int m=k/BASEBITS_XXX;
- for (i=0; i<NLEN_XXX-m-1; i++)
- a[i]=(a[m+i]>>n)|((a[m+i+1]<<(BASEBITS_XXX-n))&BMASK_XXX);
- if (NLEN_XXX>m) a[NLEN_XXX-m-1]=a[NLEN_XXX-1]>>n;
- for (i=NLEN_XXX-m; i<NLEN_XXX; i++) a[i]=0;
-
-}
-
-/* Fast combined shift, subtract and norm. Return sign of result */
-int BIG_XXX_ssn(BIG_XXX r,BIG_XXX a,BIG_XXX m)
-{
- int i,n=NLEN_XXX-1;
- chunk carry;
- m[0]=(m[0]>>1)|((m[1]<<(BASEBITS_XXX-1))&BMASK_XXX);
- r[0]=a[0]-m[0];
- carry=r[0]>>BASEBITS_XXX;
- r[0]&=BMASK_XXX;
-
- for (i=1;i<n;i++)
- {
- m[i]=(m[i]>>1)|((m[i+1]<<(BASEBITS_XXX-1))&BMASK_XXX);
- r[i]=a[i]-m[i]+carry;
- carry=r[i]>>BASEBITS_XXX;
- r[i]&=BMASK_XXX;
- }
-
- m[n]>>=1;
- r[n]=a[n]-m[n]+carry;
-#ifdef DEBUG_NORM
- r[MPV_XXX]=1;
- r[MNV_XXX]=0;
-#endif
- return ((r[n]>>(CHUNK-1))&1);
-}
-
-/* Faster shift right of a by k bits. Return shifted out part */
-/* a MUST be normalised */
-/* SU= 16 */
-int BIG_XXX_fshr(BIG_XXX a,int k)
-{
- int i;
- chunk r=a[0]&(((chunk)1<<k)-1); /* shifted out part */
- for (i=0; i<NLEN_XXX-1; i++)
- a[i]=(a[i]>>k)|((a[i+1]<<(BASEBITS_XXX-k))&BMASK_XXX);
- a[NLEN_XXX-1]=a[NLEN_XXX-1]>>k;
- return (int)r;
-}
-
-/* double length right shift of a by k bits - can be > BASEBITS */
-/* SU= 32 */
-void BIG_XXX_dshr(DBIG_XXX a,int k)
-{
- int i;
- int n=k%BASEBITS_XXX;
- int m=k/BASEBITS_XXX;
- for (i=0; i<DNLEN_XXX-m-1; i++)
- a[i]=(a[m+i]>>n)|((a[m+i+1]<<(BASEBITS_XXX-n))&BMASK_XXX);
- a[DNLEN_XXX-m-1]=a[DNLEN_XXX-1]>>n;
- for (i=DNLEN_XXX-m; i<DNLEN_XXX; i++ ) a[i]=0;
-}
-
-/* Split DBIG d into two BIGs t|b. Split happens at n bits, where n falls into NLEN word */
-/* d MUST be normalised */
-/* SU= 24 */
-chunk BIG_XXX_split(BIG_XXX t,BIG_XXX b,DBIG_XXX d,int n)
-{
- int i;
- chunk nw,carry=0;
- int m=n%BASEBITS_XXX;
-// BIG_dnorm(d);
-
- if (m==0)
- {
- for (i=0; i<NLEN_XXX; i++) b[i]=d[i];
- if (t!=b)
- {
- for (i=NLEN_XXX; i<2*NLEN_XXX; i++) t[i-NLEN_XXX]=d[i];
- carry=t[NLEN_XXX-1]>>BASEBITS_XXX;
- t[NLEN_XXX-1]=t[NLEN_XXX-1]&BMASK_XXX; /* top word normalized */
- }
- return carry;
- }
-
- for (i=0; i<NLEN_XXX-1; i++) b[i]=d[i];
-
- b[NLEN_XXX-1]=d[NLEN_XXX-1]&(((chunk)1<<m)-1);
-
- if (t!=b)
- {
- carry=(d[DNLEN_XXX-1]<<(BASEBITS_XXX-m));
- for (i=DNLEN_XXX-2; i>=NLEN_XXX-1; i--)
- {
- nw=(d[i]>>m)|carry;
- carry=(d[i]<<(BASEBITS_XXX-m))&BMASK_XXX;
- t[i-NLEN_XXX+1]=nw;
- }
- }
-#ifdef DEBUG_NORM
- t[MPV_XXX]=1;
- t[MNV_XXX]=0;
- b[MPV_XXX]=1;
- b[MNV_XXX]=0;
-#endif
- return carry;
-}
-
-/* you gotta keep the sign of carry! Look - no branching! */
-/* Note that sign bit is needed to disambiguate between +ve and -ve values */
-/* normalise BIG - force all digits < 2^BASEBITS */
-chunk BIG_XXX_norm(BIG_XXX a)
-{
- int i;
- chunk d,carry=0;
- for (i=0; i<NLEN_XXX-1; i++)
- {
- d=a[i]+carry;
- a[i]=d&BMASK_XXX;
- carry=d>>BASEBITS_XXX;
- }
- a[NLEN_XXX-1]=(a[NLEN_XXX-1]+carry);
-
-#ifdef DEBUG_NORM
- a[MPV_XXX]=1;
- a[MNV_XXX]=0;
-#endif
- return (a[NLEN_XXX-1]>>((8*MODBYTES_XXX)%BASEBITS_XXX)); /* only used in ff.c */
-}
-
-void BIG_XXX_dnorm(DBIG_XXX a)
-{
- int i;
- chunk d,carry=0;
- for (i=0; i<DNLEN_XXX-1; i++)
- {
- d=a[i]+carry;
- a[i]=d&BMASK_XXX;
- carry=d>>BASEBITS_XXX;
- }
- a[DNLEN_XXX-1]=(a[DNLEN_XXX-1]+carry);
-#ifdef DEBUG_NORM
- a[DMPV_XXX]=1;
- a[DMNV_XXX]=0;
-#endif
-}
-
-/* Compare a and b. Return 1 for a>b, -1 for a<b, 0 for a==b */
-/* a and b MUST be normalised before call */
-int BIG_XXX_comp(BIG_XXX a,BIG_XXX b)
-{
- int i;
- for (i=NLEN_XXX-1; i>=0; i--)
- {
- if (a[i]==b[i]) continue;
- if (a[i]>b[i]) return 1;
- else return -1;
- }
- return 0;
-}
-
-int BIG_XXX_dcomp(DBIG_XXX a,DBIG_XXX b)
-{
- int i;
- for (i=DNLEN_XXX-1; i>=0; i--)
- {
- if (a[i]==b[i]) continue;
- if (a[i]>b[i]) return 1;
- else return -1;
- }
- return 0;
-}
-
-/* return number of bits in a */
-/* SU= 8 */
-int BIG_XXX_nbits(BIG_XXX a)
-{
- int bts,k=NLEN_XXX-1;
- BIG_XXX t;
- chunk c;
- BIG_XXX_copy(t,a);
- BIG_XXX_norm(t);
- while (k>=0 && t[k]==0) k--;
- if (k<0) return 0;
- bts=BASEBITS_XXX*k;
- c=t[k];
- while (c!=0)
- {
- c/=2;
- bts++;
- }
- return bts;
-}
-
-/* SU= 8, Calculate number of bits in a DBIG - output normalised */
-int BIG_XXX_dnbits(DBIG_XXX a)
-{
- int bts,k=DNLEN_XXX-1;
- DBIG_XXX t;
- chunk c;
- BIG_XXX_dcopy(t,a);
- BIG_XXX_dnorm(t);
- while (k>=0 && t[k]==0) k--;
- if (k<0) return 0;
- bts=BASEBITS_XXX*k;
- c=t[k];
- while (c!=0)
- {
- c/=2;
- bts++;
- }
- return bts;
-}
-
-
-/* Set b=b mod c */
-/* SU= 16 */
-void BIG_XXX_mod(BIG_XXX b,BIG_XXX c1)
-{
- int k=0;
- BIG_XXX r; /**/
- BIG_XXX c;
- BIG_XXX_copy(c,c1);
-
- BIG_XXX_norm(b);
- if (BIG_XXX_comp(b,c)<0)
- return;
- do
- {
- BIG_XXX_fshl(c,1);
- k++;
- }
- while (BIG_XXX_comp(b,c)>=0);
-
- while (k>0)
- {
- BIG_XXX_fshr(c,1);
-
-// constant time...
- BIG_XXX_sub(r,b,c);
- BIG_XXX_norm(r);
- BIG_XXX_cmove(b,r,1-((r[NLEN_XXX-1]>>(CHUNK-1))&1));
- k--;
- }
-}
-
-/* Set a=b mod c, b is destroyed. Slow but rarely used. */
-/* SU= 96 */
-void BIG_XXX_dmod(BIG_XXX a,DBIG_XXX b,BIG_XXX c)
-{
- int k=0;
- DBIG_XXX m,r;
- BIG_XXX_dnorm(b);
- BIG_XXX_dscopy(m,c);
-
- if (BIG_XXX_dcomp(b,m)<0)
- {
- BIG_XXX_sdcopy(a,b);
- return;
- }
-
- do
- {
- BIG_XXX_dshl(m,1);
- k++;
- }
- while (BIG_XXX_dcomp(b,m)>=0);
-
- while (k>0)
- {
- BIG_XXX_dshr(m,1);
-// constant time...
- BIG_XXX_dsub(r,b,m);
- BIG_XXX_dnorm(r);
- BIG_XXX_dcmove(b,r,1-((r[DNLEN_XXX-1]>>(CHUNK-1))&1));
-
- k--;
- }
- BIG_XXX_sdcopy(a,b);
-}
-
-/* Set a=b/c, b is destroyed. Slow but rarely used. */
-/* SU= 136 */
-
-void BIG_XXX_ddiv(BIG_XXX a,DBIG_XXX b,BIG_XXX c)
-{
- int d,k=0;
- DBIG_XXX m,dr;
- BIG_XXX e,r;
- BIG_XXX_dnorm(b);
- BIG_XXX_dscopy(m,c);
-
- BIG_XXX_zero(a);
- BIG_XXX_zero(e);
- BIG_XXX_inc(e,1);
-
- while (BIG_XXX_dcomp(b,m)>=0)
- {
- BIG_XXX_fshl(e,1);
- BIG_XXX_dshl(m,1);
- k++;
- }
-
- while (k>0)
- {
- BIG_XXX_dshr(m,1);
- BIG_XXX_fshr(e,1);
-
- BIG_XXX_dsub(dr,b,m);
- BIG_XXX_dnorm(dr);
- d=1-((dr[DNLEN_XXX-1]>>(CHUNK-1))&1);
- BIG_XXX_dcmove(b,dr,d);
-
- BIG_XXX_add(r,a,e);
- BIG_XXX_norm(r);
- BIG_XXX_cmove(a,r,d);
-
- k--;
- }
-}
-
-/* SU= 136 */
-
-void BIG_XXX_sdiv(BIG_XXX a,BIG_XXX c)
-{
- int d,k=0;
- BIG_XXX m,e,b,r;
- BIG_XXX_norm(a);
- BIG_XXX_copy(b,a);
- BIG_XXX_copy(m,c);
-
- BIG_XXX_zero(a);
- BIG_XXX_zero(e);
- BIG_XXX_inc(e,1);
-
- while (BIG_XXX_comp(b,m)>=0)
- {
- BIG_XXX_fshl(e,1);
- BIG_XXX_fshl(m,1);
- k++;
- }
-
- while (k>0)
- {
- BIG_XXX_fshr(m,1);
- BIG_XXX_fshr(e,1);
-
- BIG_XXX_sub(r,b,m);
- BIG_XXX_norm(r);
- d=1-((r[NLEN_XXX-1]>>(CHUNK-1))&1);
- BIG_XXX_cmove(b,r,d);
-
- BIG_XXX_add(r,a,e);
- BIG_XXX_norm(r);
- BIG_XXX_cmove(a,r,d);
- k--;
- }
-}
-
-/* return LSB of a */
-int BIG_XXX_parity(BIG_XXX a)
-{
- return a[0]%2;
-}
-
-/* return n-th bit of a */
-/* SU= 16 */
-int BIG_XXX_bit(BIG_XXX a,int n)
-{
- if (a[n/BASEBITS_XXX]&((chunk)1<<(n%BASEBITS_XXX))) return 1;
- else return 0;
-}
-
-/* return NAF value as +/- 1, 3 or 5. x and x3 should be normed.
-nbs is number of bits processed, and nzs is number of trailing 0s detected */
-/* SU= 32 */
-/*
-int BIG_nafbits(BIG x,BIG x3,int i,int *nbs,int *nzs)
-{
- int j,r,nb;
-
- nb=BIG_bit(x3,i)-BIG_bit(x,i);
- *nbs=1;
- *nzs=0;
- if (nb==0) return 0;
- if (i==0) return nb;
-
- if (nb>0) r=1;
- else r=(-1);
-
- for (j=i-1;j>0;j--)
- {
- (*nbs)++;
- r*=2;
- nb=BIG_bit(x3,j)-BIG_bit(x,j);
- if (nb>0) r+=1;
- if (nb<0) r-=1;
- if (abs(r)>5) break;
- }
-
- if (r%2!=0 && j!=0)
- { // backtrack
- if (nb>0) r=(r-1)/2;
- if (nb<0) r=(r+1)/2;
- (*nbs)--;
- }
-
- while (r%2==0)
- { // remove trailing zeros
- r/=2;
- (*nzs)++;
- (*nbs)--;
- }
- return r;
-}
-*/
-
-/* return last n bits of a, where n is small < BASEBITS */
-/* SU= 16 */
-int BIG_XXX_lastbits(BIG_XXX a,int n)
-{
- int msk=(1<<n)-1;
- BIG_XXX_norm(a);
- return ((int)a[0])&msk;
-}
-
-/* get 8*MODBYTES size random number */
-void BIG_XXX_random(BIG_XXX m,csprng *rng)
-{
- int i,b,j=0,r=0;
- int len=8*MODBYTES_XXX;
-
- BIG_XXX_zero(m);
- /* generate random BIG */
- for (i=0; i<len; i++)
- {
- if (j==0) r=RAND_byte(rng);
- else r>>=1;
- b=r&1;
- BIG_XXX_shl(m,1);
- m[0]+=b;
- j++;
- j&=7;
- }
-
-#ifdef DEBUG_NORM
- m[MPV_XXX]=1;
- m[MNV_XXX]=0;
-#endif
-}
-
-/* get random BIG from rng, modulo q. Done one bit at a time, so its portable */
-
-void BIG_XXX_randomnum(BIG_XXX m,BIG_XXX q,csprng *rng)
-{
- int i,b,j=0,r=0;
- DBIG_XXX d;
- BIG_XXX_dzero(d);
- /* generate random DBIG */
- for (i=0; i<2*BIG_XXX_nbits(q); i++)
- {
- if (j==0) r=RAND_byte(rng);
- else r>>=1;
- b=r&1;
- BIG_XXX_dshl(d,1);
- d[0]+=b;
- j++;
- j&=7;
- }
- /* reduce modulo a BIG. Removes bias */
- BIG_XXX_dmod(m,d,q);
-#ifdef DEBUG_NORM
- m[MPV_XXX]=1;
- m[MNV_XXX]=0;
-#endif
-}
-
-/* Set r=a*b mod m */
-/* SU= 96 */
-void BIG_XXX_modmul(BIG_XXX r,BIG_XXX a1,BIG_XXX b1,BIG_XXX m)
-{
- DBIG_XXX d;
- BIG_XXX a,b;
- BIG_XXX_copy(a,a1);
- BIG_XXX_copy(b,b1);
- BIG_XXX_mod(a,m);
- BIG_XXX_mod(b,m);
-
- BIG_XXX_mul(d,a,b);
- BIG_XXX_dmod(r,d,m);
-}
-
-/* Set a=a*a mod m */
-/* SU= 88 */
-void BIG_XXX_modsqr(BIG_XXX r,BIG_XXX a1,BIG_XXX m)
-{
- DBIG_XXX d;
- BIG_XXX a;
- BIG_XXX_copy(a,a1);
- BIG_XXX_mod(a,m);
- BIG_XXX_sqr(d,a);
- BIG_XXX_dmod(r,d,m);
-}
-
-/* Set r=-a mod m */
-/* SU= 16 */
-void BIG_XXX_modneg(BIG_XXX r,BIG_XXX a1,BIG_XXX m)
-{
- BIG_XXX a;
- BIG_XXX_copy(a,a1);
- BIG_XXX_mod(a,m);
- BIG_XXX_sub(r,m,a);
-// BIG_XXX_mod(r,m);
-}
-
-/* Set a=a/b mod m */
-/* SU= 136 */
-void BIG_XXX_moddiv(BIG_XXX r,BIG_XXX a1,BIG_XXX b1,BIG_XXX m)
-{
- DBIG_XXX d;
- BIG_XXX z;
- BIG_XXX a,b;
- BIG_XXX_copy(a,a1);
- BIG_XXX_copy(b,b1);
-
- BIG_XXX_mod(a,m);
- BIG_XXX_invmodp(z,b,m);
-
- BIG_XXX_mul(d,a,z);
- BIG_XXX_dmod(r,d,m);
-}
-
-/* Get jacobi Symbol (a/p). Returns 0, 1 or -1 */
-/* SU= 216 */
-int BIG_XXX_jacobi(BIG_XXX a,BIG_XXX p)
-{
- int n8,k,m=0;
- BIG_XXX t,x,n,zilch,one;
- BIG_XXX_one(one);
- BIG_XXX_zero(zilch);
- if (BIG_XXX_parity(p)==0 || BIG_XXX_comp(a,zilch)==0 || BIG_XXX_comp(p,one)<=0) return 0;
- BIG_XXX_norm(a);
- BIG_XXX_copy(x,a);
- BIG_XXX_copy(n,p);
- BIG_XXX_mod(x,p);
-
- while (BIG_XXX_comp(n,one)>0)
- {
- if (BIG_XXX_comp(x,zilch)==0) return 0;
- n8=BIG_XXX_lastbits(n,3);
- k=0;
- while (BIG_XXX_parity(x)==0)
- {
- k++;
- BIG_XXX_shr(x,1);
- }
- if (k%2==1) m+=(n8*n8-1)/8;
- m+=(n8-1)*(BIG_XXX_lastbits(x,2)-1)/4;
- BIG_XXX_copy(t,n);
-
- BIG_XXX_mod(t,x);
- BIG_XXX_copy(n,x);
- BIG_XXX_copy(x,t);
- m%=2;
-
- }
- if (m==0) return 1;
- else return -1;
-}
-
-/* Set r=1/a mod p. Binary method */
-/* SU= 240 */
-void BIG_XXX_invmodp(BIG_XXX r,BIG_XXX a,BIG_XXX p)
-{
- BIG_XXX u,v,x1,x2,t,one;
- BIG_XXX_mod(a,p);
- BIG_XXX_copy(u,a);
- BIG_XXX_copy(v,p);
- BIG_XXX_one(one);
- BIG_XXX_copy(x1,one);
- BIG_XXX_zero(x2);
-
- while (BIG_XXX_comp(u,one)!=0 && BIG_XXX_comp(v,one)!=0)
- {
- while (BIG_XXX_parity(u)==0)
- {
- BIG_XXX_fshr(u,1);
- if (BIG_XXX_parity(x1)!=0)
- {
- BIG_XXX_add(x1,p,x1);
- BIG_XXX_norm(x1);
- }
- BIG_XXX_fshr(x1,1);
- }
- while (BIG_XXX_parity(v)==0)
- {
- BIG_XXX_fshr(v,1);
- if (BIG_XXX_parity(x2)!=0)
- {
- BIG_XXX_add(x2,p,x2);
- BIG_XXX_norm(x2);
- }
- BIG_XXX_fshr(x2,1);
- }
- if (BIG_XXX_comp(u,v)>=0)
- {
- BIG_XXX_sub(u,u,v);
- BIG_XXX_norm(u);
- if (BIG_XXX_comp(x1,x2)>=0) BIG_XXX_sub(x1,x1,x2);
- else
- {
- BIG_XXX_sub(t,p,x2);
- BIG_XXX_add(x1,x1,t);
- }
- BIG_XXX_norm(x1);
- }
- else
- {
- BIG_XXX_sub(v,v,u);
- BIG_XXX_norm(v);
- if (BIG_XXX_comp(x2,x1)>=0) BIG_XXX_sub(x2,x2,x1);
- else
- {
- BIG_XXX_sub(t,p,x1);
- BIG_XXX_add(x2,x2,t);
- }
- BIG_XXX_norm(x2);
- }
- }
- if (BIG_XXX_comp(u,one)==0)
- BIG_XXX_copy(r,x1);
- else
- BIG_XXX_copy(r,x2);
-}
-
-/* set x = x mod 2^m */
-void BIG_XXX_mod2m(BIG_XXX x,int m)
-{
- int i,wd,bt;
- chunk msk;
- BIG_XXX_norm(x);
-// if (m>=MODBITS) return;
- wd=m/BASEBITS_XXX;
- bt=m%BASEBITS_XXX;
- msk=((chunk)1<<bt)-1;
- x[wd]&=msk;
- for (i=wd+1; i<NLEN_XXX; i++) x[i]=0;
-}
-
-// new
-/* Convert to DBIG number from byte array of given length */
-void BIG_XXX_dfromBytesLen(DBIG_XXX a,char *b,int s)
-{
- int i,len=s;
- BIG_XXX_dzero(a);
-
- for (i=0; i<len; i++)
- {
- BIG_XXX_dshl(a,8);
- a[0]+=(int)(unsigned char)b[i];
- }
-#ifdef DEBUG_NORM
- a[DMPV_XXX]=1;
- a[DMNV_XXX]=0;
-#endif
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/big.h
----------------------------------------------------------------------
diff --git a/version3/c/big.h b/version3/c/big.h
deleted file mode 100644
index 36b0c7c..0000000
--- a/version3/c/big.h
+++ /dev/null
@@ -1,610 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/**
- * @file big.h
- * @author Mike Scott
- * @brief BIG Header File
- *
- */
-
-#ifndef BIG_XXX_H
-#define BIG_XXX_H
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <inttypes.h>
-#include "arch.h"
-#include "amcl.h"
-#include "config_big_XXX.h"
-
-//#define UNWOUND
-
-#define BIGBITS_XXX (8*MODBYTES_XXX) /**< Length in bits */
-#define NLEN_XXX (1+((8*MODBYTES_XXX-1)/BASEBITS_XXX)) /**< length in bytes */
-#define DNLEN_XXX 2*NLEN_XXX /**< Double length in bytes */
-#define BMASK_XXX (((chunk)1<<BASEBITS_XXX)-1) /**< Mask = 2^BASEBITS-1 */
-#define NEXCESS_XXX (1<<(CHUNK-BASEBITS_XXX-1)) /**< 2^(CHUNK-BASEBITS-1) - digit cannot be multiplied by more than this before normalisation */
-
-#define HBITS_XXX (BASEBITS_XXX/2) /**< Number of bits in number base divided by 2 */
-#define HMASK_XXX (((chunk)1<<HBITS_XXX)-1) /**< Mask = 2^HBITS-1 */
-
-//#define DEBUG_NORM
-
-#ifdef DEBUG_NORM /* Add an extra location to track chunk extension */
-#define MPV_XXX NLEN_XXX
-#define MNV_XXX (NLEN_XXX+1)
-typedef chunk BIG_XXX[NLEN_XXX+2]; /**< Define type BIG as array of chunks */
-#define DMPV_XXX DNLEN_XXX
-#define DMNV_XXX (DNLEN_XXX+1)
-typedef chunk DBIG_XXX[DNLEN_XXX+2]; /**< Define type DBIG as array of chunks */
-#else
-typedef chunk BIG_XXX[NLEN_XXX]; /**< Define type BIG as array of chunks */
-typedef chunk DBIG_XXX[DNLEN_XXX]; /**< Define type DBIG as array of chunks */
-#endif
-
-/* BIG number prototypes */
-
-/** @brief Tests for BIG equal to zero
- *
- @param x a BIG number
- @return 1 if zero, else returns 0
- */
-extern int BIG_XXX_iszilch(BIG_XXX x);
-/** @brief Tests for BIG equal to one
- *
- @param x a BIG number
- @return 1 if one, else returns 0
- */
-extern int BIG_XXX_isunity(BIG_XXX x);
-/** @brief Tests for DBIG equal to zero
- *
- @param x a DBIG number
- @return 1 if zero, else returns 0
- */
-extern int BIG_XXX_diszilch(DBIG_XXX x);
-/** @brief Outputs a BIG number to the console
- *
- @param x a BIG number
- */
-extern void BIG_XXX_output(BIG_XXX x);
-/** @brief Outputs a BIG number to the console in raw form (for debugging)
- *
- @param x a BIG number
- */
-extern void BIG_XXX_rawoutput(BIG_XXX x);
-/** @brief Conditional constant time swap of two BIG numbers
- *
- Conditionally swaps parameters in constant time (without branching)
- @param x a BIG number
- @param y another BIG number
- @param s swap takes place if not equal to 0
- */
-extern void BIG_XXX_cswap(BIG_XXX x,BIG_XXX y,int s);
-/** @brief Conditional copy of BIG number
- *
- Conditionally copies second parameter to the first (without branching)
- @param x a BIG number
- @param y another BIG number
- @param s copy takes place if not equal to 0
- */
-extern void BIG_XXX_cmove(BIG_XXX x,BIG_XXX y,int s);
-/** @brief Conditional copy of DBIG number
- *
- Conditionally copies second parameter to the first (without branching)
- @param x a DBIG number
- @param y another DBIG number
- @param s copy takes place if not equal to 0
- */
-extern void BIG_XXX_dcmove(BIG_XXX x,BIG_XXX y,int s);
-/** @brief Convert from BIG number to byte array
- *
- @param a byte array
- @param x BIG number
- */
-extern void BIG_XXX_toBytes(char *a,BIG_XXX x);
-/** @brief Convert to BIG number from byte array
- *
- @param x BIG number
- @param a byte array
- */
-extern void BIG_XXX_fromBytes(BIG_XXX x,char *a);
-/** @brief Convert to BIG number from byte array of given length
- *
- @param x BIG number
- @param a byte array
- @param s byte array length
- */
-extern void BIG_XXX_fromBytesLen(BIG_XXX x,char *a,int s);
-/**@brief Convert to DBIG number from byte array of given length
- *
- @param x DBIG number
- @param a byte array
- @param s byte array length
- */
-extern void BIG_XXX_dfromBytesLen(DBIG_XXX x,char *a,int s);
-/** @brief Outputs a DBIG number to the console
- *
- @param x a DBIG number
- */
-extern void BIG_XXX_doutput(DBIG_XXX x);
-
-/** @brief Outputs a DBIG number to the console
- *
- @param x a DBIG number
- */
-extern void BIG_XXX_drawoutput(DBIG_XXX x);
-
-/** @brief Copy BIG from Read-Only Memory to a BIG
- *
- @param x BIG number
- @param y BIG number in ROM
- */
-extern void BIG_XXX_rcopy(BIG_XXX x,const BIG_XXX y);
-/** @brief Copy BIG to another BIG
- *
- @param x BIG number
- @param y BIG number to be copied
- */
-extern void BIG_XXX_copy(BIG_XXX x,BIG_XXX y);
-/** @brief Copy DBIG to another DBIG
- *
- @param x DBIG number
- @param y DBIG number to be copied
- */
-extern void BIG_XXX_dcopy(DBIG_XXX x,DBIG_XXX y);
-/** @brief Copy BIG to upper half of DBIG
- *
- @param x DBIG number
- @param y BIG number to be copied
- */
-extern void BIG_XXX_dsucopy(DBIG_XXX x,BIG_XXX y);
-/** @brief Copy BIG to lower half of DBIG
- *
- @param x DBIG number
- @param y BIG number to be copied
- */
-extern void BIG_XXX_dscopy(DBIG_XXX x,BIG_XXX y);
-/** @brief Copy lower half of DBIG to a BIG
- *
- @param x BIG number
- @param y DBIG number to be copied
- */
-extern void BIG_XXX_sdcopy(BIG_XXX x,DBIG_XXX y);
-/** @brief Copy upper half of DBIG to a BIG
- *
- @param x BIG number
- @param y DBIG number to be copied
- */
-extern void BIG_XXX_sducopy(BIG_XXX x,DBIG_XXX y);
-/** @brief Set BIG to zero
- *
- @param x BIG number to be set to zero
- */
-extern void BIG_XXX_zero(BIG_XXX x);
-/** @brief Set DBIG to zero
- *
- @param x DBIG number to be set to zero
- */
-extern void BIG_XXX_dzero(DBIG_XXX x);
-/** @brief Set BIG to one (unity)
- *
- @param x BIG number to be set to one.
- */
-extern void BIG_XXX_one(BIG_XXX x);
-/** @brief Set BIG to inverse mod 2^256
- *
- @param x BIG number to be inverted
- */
-extern void BIG_XXX_invmod2m(BIG_XXX x);
-/** @brief Set BIG to sum of two BIGs - output not normalised
- *
- @param x BIG number, sum of other two
- @param y BIG number
- @param z BIG number
- */
-extern void BIG_XXX_add(BIG_XXX x,BIG_XXX y,BIG_XXX z);
-
-/** @brief Set BIG to logical or of two BIGs - output normalised
- *
- @param x BIG number, or of other two
- @param y BIG number
- @param z BIG number
- */
-extern void BIG_XXX_or(BIG_XXX x,BIG_XXX y,BIG_XXX z);
-
-/** @brief Increment BIG by a small integer - output not normalised
- *
- @param x BIG number to be incremented
- @param i integer
- */
-extern void BIG_XXX_inc(BIG_XXX x,int i);
-/** @brief Set BIG to difference of two BIGs
- *
- @param x BIG number, difference of other two - output not normalised
- @param y BIG number
- @param z BIG number
- */
-extern void BIG_XXX_sub(BIG_XXX x,BIG_XXX y,BIG_XXX z);
-/** @brief Decrement BIG by a small integer - output not normalised
- *
- @param x BIG number to be decremented
- @param i integer
- */
-extern void BIG_XXX_dec(BIG_XXX x,int i);
-/** @brief Set DBIG to sum of two DBIGs
- *
- @param x DBIG number, sum of other two - output not normalised
- @param y DBIG number
- @param z DBIG number
- */
-extern void BIG_XXX_dadd(DBIG_XXX x,DBIG_XXX y,DBIG_XXX z);
-/** @brief Set DBIG to difference of two DBIGs
- *
- @param x DBIG number, difference of other two - output not normalised
- @param y DBIG number
- @param z DBIG number
- */
-extern void BIG_XXX_dsub(DBIG_XXX x,DBIG_XXX y,DBIG_XXX z);
-/** @brief Multiply BIG by a small integer - output not normalised
- *
- @param x BIG number, product of other two
- @param y BIG number
- @param i small integer
- */
-extern void BIG_XXX_imul(BIG_XXX x,BIG_XXX y,int i);
-/** @brief Multiply BIG by not-so-small small integer - output normalised
- *
- @param x BIG number, product of other two
- @param y BIG number
- @param i small integer
- @return Overflowing bits
- */
-extern chunk BIG_XXX_pmul(BIG_XXX x,BIG_XXX y,int i);
-/** @brief Divide BIG by 3 - output normalised
- *
- @param x BIG number
- @return Remainder
- */
-extern int BIG_XXX_div3(BIG_XXX x);
-/** @brief Multiply BIG by even bigger small integer resulting in a DBIG - output normalised
- *
- @param x DBIG number, product of other two
- @param y BIG number
- @param i small integer
- */
-extern void BIG_XXX_pxmul(DBIG_XXX x,BIG_XXX y,int i);
-/** @brief Multiply BIG by another BIG resulting in DBIG - inputs normalised and output normalised
- *
- @param x DBIG number, product of other two
- @param y BIG number
- @param z BIG number
- */
-extern void BIG_XXX_mul(DBIG_XXX x,BIG_XXX y,BIG_XXX z);
-/** @brief Multiply BIG by another BIG resulting in another BIG - inputs normalised and output normalised
- *
- Note that the product must fit into a BIG, and x must be distinct from y and z
- @param x BIG number, product of other two
- @param y BIG number
- @param z BIG number
- */
-extern void BIG_XXX_smul(BIG_XXX x,BIG_XXX y,BIG_XXX z);
-/** @brief Square BIG resulting in a DBIG - input normalised and output normalised
- *
- @param x DBIG number, square of a BIG
- @param y BIG number to be squared
- */
-extern void BIG_XXX_sqr(DBIG_XXX x,BIG_XXX y);
-
-/** @brief Montgomery reduction of a DBIG to a BIG - input normalised and output normalised
- *
- @param a BIG number, reduction of a BIG
- @param md BIG number, the modulus
- @param MC the Montgomery Constant
- @param d DBIG number to be reduced
- */
-extern void BIG_XXX_monty(BIG_XXX a,BIG_XXX md,chunk MC,DBIG_XXX d);
-
-/** @brief Shifts a BIG left by any number of bits - input must be normalised, output normalised
- *
- @param x BIG number to be shifted
- @param s Number of bits to shift
- */
-extern void BIG_XXX_shl(BIG_XXX x,int s);
-/** @brief Fast shifts a BIG left by a small number of bits - input must be normalised, output will be normalised
- *
- The number of bits to be shifted must be less than BASEBITS
- @param x BIG number to be shifted
- @param s Number of bits to shift
- @return Overflow bits
- */
-extern int BIG_XXX_fshl(BIG_XXX x,int s);
-/** @brief Shifts a DBIG left by any number of bits - input must be normalised, output normalised
- *
- @param x DBIG number to be shifted
- @param s Number of bits to shift
- */
-extern void BIG_XXX_dshl(DBIG_XXX x,int s);
-/** @brief Shifts a BIG right by any number of bits - input must be normalised, output normalised
- *
- @param x BIG number to be shifted
- @param s Number of bits to shift
- */
-extern void BIG_XXX_shr(BIG_XXX x,int s);
-
-/** @brief Fast time-critical combined shift by 1 bit, subtract and normalise
- *
- @param r BIG number normalised output
- @param a BIG number to be subtracted from
- @param m BIG number to be shifted and subtracted
- @return sign of r
- */
-extern int BIG_XXX_ssn(BIG_XXX r,BIG_XXX a, BIG_XXX m);
-
-/** @brief Fast shifts a BIG right by a small number of bits - input must be normalised, output will be normalised
- *
- The number of bits to be shifted must be less than BASEBITS
- @param x BIG number to be shifted
- @param s Number of bits to shift
- @return Shifted out bits
- */
-extern int BIG_XXX_fshr(BIG_XXX x,int s);
-/** @brief Shifts a DBIG right by any number of bits - input must be normalised, output normalised
- *
- @param x DBIG number to be shifted
- @param s Number of bits to shift
- */
-extern void BIG_XXX_dshr(DBIG_XXX x,int s);
-/** @brief Splits a DBIG into two BIGs - input must be normalised, outputs normalised
- *
- Internal function. The value of s must be approximately in the middle of the DBIG.
- Typically used to extract z mod 2^MODBITS and z/2^MODBITS
- @param x BIG number, top half of z
- @param y BIG number, bottom half of z
- @param z DBIG number to be split in two.
- @param s Bit position at which to split
- @return carry-out from top half
- */
-extern chunk BIG_XXX_split(BIG_XXX x,BIG_XXX y,DBIG_XXX z,int s);
-/** @brief Normalizes a BIG number - output normalised
- *
- All digits of the input BIG are reduced mod 2^BASEBITS
- @param x BIG number to be normalised
- */
-extern chunk BIG_XXX_norm(BIG_XXX x);
-/** @brief Normalizes a DBIG number - output normalised
- *
- All digits of the input DBIG are reduced mod 2^BASEBITS
- @param x DBIG number to be normalised
- */
-extern void BIG_XXX_dnorm(DBIG_XXX x);
-/** @brief Compares two BIG numbers. Inputs must be normalised externally
- *
- @param x first BIG number to be compared
- @param y second BIG number to be compared
- @return -1 is x<y, 0 if x=y, 1 if x>y
- */
-extern int BIG_XXX_comp(BIG_XXX x,BIG_XXX y);
-/** @brief Compares two DBIG numbers. Inputs must be normalised externally
- *
- @param x first DBIG number to be compared
- @param y second DBIG number to be compared
- @return -1 is x<y, 0 if x=y, 1 if x>y
- */
-extern int BIG_XXX_dcomp(DBIG_XXX x,DBIG_XXX y);
-/** @brief Calculate number of bits in a BIG - output normalised
- *
- @param x BIG number
- @return Number of bits in x
- */
-extern int BIG_XXX_nbits(BIG_XXX x);
-/** @brief Calculate number of bits in a DBIG - output normalised
- *
- @param x DBIG number
- @return Number of bits in x
- */
-extern int BIG_XXX_dnbits(DBIG_XXX x);
-/** @brief Reduce x mod n - input and output normalised
- *
- Slow but rarely used
- @param x BIG number to be reduced mod n
- @param n The modulus
- */
-extern void BIG_XXX_mod(BIG_XXX x,BIG_XXX n);
-/** @brief Divide x by n - output normalised
- *
- Slow but rarely used
- @param x BIG number to be divided by n
- @param n The Divisor
- */
-extern void BIG_XXX_sdiv(BIG_XXX x,BIG_XXX n);
-/** @brief x=y mod n - output normalised
- *
- Slow but rarely used. y is destroyed.
- @param x BIG number, on exit = y mod n
- @param y DBIG number
- @param n Modulus
- */
-extern void BIG_XXX_dmod(BIG_XXX x,DBIG_XXX y,BIG_XXX n);
-/** @brief x=y/n - output normalised
- *
- Slow but rarely used. y is destroyed.
- @param x BIG number, on exit = y/n
- @param y DBIG number
- @param n Modulus
- */
-extern void BIG_XXX_ddiv(BIG_XXX x,DBIG_XXX y,BIG_XXX n);
-/** @brief return parity of BIG, that is the least significant bit
- *
- @param x BIG number
- @return 0 or 1
- */
-extern int BIG_XXX_parity(BIG_XXX x);
-/** @brief return i-th of BIG
- *
- @param x BIG number
- @param i the bit of x to be returned
- @return 0 or 1
- */
-extern int BIG_XXX_bit(BIG_XXX x,int i);
-/** @brief return least significant bits of a BIG
- *
- @param x BIG number
- @param n number of bits to return. Assumed to be less than BASEBITS.
- @return least significant n bits as an integer
- */
-extern int BIG_XXX_lastbits(BIG_XXX x,int n);
-/** @brief Create a random BIG from a random number generator
- *
- Assumes that the random number generator has been suitably initialised
- @param x BIG number, on exit a random number
- @param r A pointer to a Cryptographically Secure Random Number Generator
- */
-extern void BIG_XXX_random(BIG_XXX x,csprng *r);
-/** @brief Create an unbiased random BIG from a random number generator, reduced with respect to a modulus
- *
- Assumes that the random number generator has been suitably initialised
- @param x BIG number, on exit a random number
- @param n The modulus
- @param r A pointer to a Cryptographically Secure Random Number Generator
- */
-extern void BIG_XXX_randomnum(BIG_XXX x,BIG_XXX n,csprng *r);
-/** brief return NAF (Non-Adjacent-Form) value as +/- 1, 3 or 5, inputs must be normalised
- *
- Given x and 3*x extracts NAF value from given bit position, and returns number of bits processed, and number of trailing zeros detected if any
- param x BIG number
- param x3 BIG number, three times x
- param i bit position
- param nbs pointer to integer returning number of bits processed
- param nzs pointer to integer returning number of trailing 0s
- return + or - 1, 3 or 5
-*/
-
-/** @brief Calculate x=y*z mod n
- *
- Slow method for modular multiplication
- @param x BIG number, on exit = y*z mod n
- @param y BIG number
- @param z BIG number
- @param n The BIG Modulus
- */
-extern void BIG_XXX_modmul(BIG_XXX x,BIG_XXX y,BIG_XXX z,BIG_XXX n);
-/** @brief Calculate x=y/z mod n
- *
- Slow method for modular division
- @param x BIG number, on exit = y/z mod n
- @param y BIG number
- @param z BIG number
- @param n The BIG Modulus
- */
-extern void BIG_XXX_moddiv(BIG_XXX x,BIG_XXX y,BIG_XXX z,BIG_XXX n);
-/** @brief Calculate x=y^2 mod n
- *
- Slow method for modular squaring
- @param x BIG number, on exit = y^2 mod n
- @param y BIG number
- @param n The BIG Modulus
- */
-extern void BIG_XXX_modsqr(BIG_XXX x,BIG_XXX y,BIG_XXX n);
-/** @brief Calculate x=-y mod n
- *
- Modular negation
- @param x BIG number, on exit = -y mod n
- @param y BIG number
- @param n The BIG Modulus
- */
-extern void BIG_XXX_modneg(BIG_XXX x,BIG_XXX y,BIG_XXX n);
-/** @brief Calculate jacobi Symbol (x/y)
- *
- @param x BIG number
- @param y BIG number
- @return Jacobi symbol, -1,0 or 1
- */
-extern int BIG_XXX_jacobi(BIG_XXX x,BIG_XXX y);
-/** @brief Calculate x=1/y mod n
- *
- Modular Inversion - This is slow. Uses binary method.
- @param x BIG number, on exit = 1/y mod n
- @param y BIG number
- @param n The BIG Modulus
- */
-extern void BIG_XXX_invmodp(BIG_XXX x,BIG_XXX y,BIG_XXX n);
-/** @brief Calculate x=x mod 2^m
- *
- Truncation
- @param x BIG number, on reduced mod 2^m
- @param m new truncated size
-*/
-extern void BIG_XXX_mod2m(BIG_XXX x,int m);
-
-/** @brief Calculates a*b+c+*d
- *
- Calculate partial product of a.b, add in carry c, and add total to d
- @param x multiplier
- @param y multiplicand
- @param c carry
- @param r pointer to accumulated bottom half of result
- @return top half of result
- */
-
-#ifdef dchunk
-
-/* Method required to calculate x*y+c+r, bottom half in r, top half returned */
-static inline chunk muladd_XXX(chunk x,chunk y,chunk c,chunk *r)
-{
- dchunk prod=(dchunk)x*y+c+*r;
- *r=(chunk)prod&BMASK_XXX;
- return (chunk)(prod>>BASEBITS_XXX);
-}
-
-#else
-
-/* No integer type available that can store double the wordlength */
-/* accumulate partial products */
-
-static inline chunk muladd_XXX(chunk x,chunk y,chunk c,chunk *r)
-{
- chunk x0,x1,y0,y1;
- chunk bot,top,mid,carry;
- x0=x&HMASK_XXX;
- x1=(x>>HBITS_XXX);
- y0=y&HMASK_XXX;
- y1=(y>>HBITS_XXX);
- bot=x0*y0;
- top=x1*y1;
- mid=x0*y1+x1*y0;
- x0=mid&HMASK_XXX;
- x1=(mid>>HBITS_XXX);
- bot+=x0<<HBITS_XXX;
- bot+=*r;
- bot+=c;
-
- top+=x1;
- carry=bot>>BASEBITS_XXX;
- bot&=BMASK_XXX;
- top+=carry;
-
- *r=bot;
- return top;
-}
-
-#endif
-
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/config16.py
----------------------------------------------------------------------
diff --git a/version3/c/config16.py b/version3/c/config16.py
deleted file mode 100644
index 6ad7270..0000000
--- a/version3/c/config16.py
+++ /dev/null
@@ -1,367 +0,0 @@
-import os
-import sys
-
-deltext=""
-if sys.platform.startswith("linux") :
- deltext="rm"
- copytext="cp"
-if sys.platform.startswith("darwin") :
- deltext="rm"
- copytext="cp"
-if sys.platform.startswith("win") :
- deltext="del"
- copytext="copy"
-
-def replace(namefile,oldtext,newtext):
- f = open(namefile,'r')
- filedata = f.read()
- f.close()
-
- newdata = filedata.replace(oldtext,newtext)
-
- f = open(namefile,'w')
- f.write(newdata)
- f.close()
-
-
-def rsaset(tb,tff,nb,base,ml) :
- bd=tb+"_"+base
- fnameh="config_big_"+bd+".h"
- os.system(copytext+" config_big.h "+fnameh)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"@NB@",nb)
- replace(fnameh,"@BASE@",base)
-
- fnameh="config_ff_"+tff+".h"
- os.system(copytext+" config_ff.h "+fnameh)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"WWW",tff)
- replace(fnameh,"@ML@",ml);
-
- fnamec="big_"+bd+".c"
- fnameh="big_"+bd+".h"
-
- os.system(copytext+" big.c "+fnamec)
- os.system(copytext+" big.h "+fnameh)
-
- replace(fnamec,"XXX",bd)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- fnamec="ff_"+tff+".c"
- fnameh="ff_"+tff+".h"
-
- os.system(copytext+" ff.c "+fnamec)
- os.system(copytext+" ff.h "+fnameh)
-
- replace(fnamec,"WWW",tff)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"WWW",tff)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- fnamec="rsa_"+tff+".c"
- fnameh="rsa_"+tff+".h"
-
- os.system(copytext+" rsa.c "+fnamec)
- os.system(copytext+" rsa.h "+fnameh)
-
- replace(fnamec,"WWW",tff)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"WWW",tff)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
-def curveset(tb,tf,tc,nb,base,nbt,m8,mt,ct,pf,stw,sx,cs) :
- bd=tb+"_"+base
- fnameh="config_big_"+bd+".h"
- os.system(copytext+" config_big.h "+fnameh)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"@NB@",nb)
- replace(fnameh,"@BASE@",base)
-
- fnameh="config_field_"+tf+".h"
- os.system(copytext+" config_field.h "+fnameh)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"@NBT@",nbt)
- replace(fnameh,"@M8@",m8)
- replace(fnameh,"@MT@",mt)
-
- ib=int(base)
- inb=int(nb)
- inbt=int(nbt)
- sh=ib*(1+((8*inb-1)//ib))-inbt
- if sh > 6 :
- sh=6
- replace(fnameh,"@SH@",str(sh))
-
- fnameh="config_curve_"+tc+".h"
- os.system(copytext+" config_curve.h "+fnameh)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"@CT@",ct)
- replace(fnameh,"@PF@",pf)
-
- replace(fnameh,"@ST@",stw)
- replace(fnameh,"@SX@",sx)
- replace(fnameh,"@CS@",cs)
-
- fnamec="big_"+bd+".c"
- fnameh="big_"+bd+".h"
-
- os.system(copytext+" big.c "+fnamec)
- os.system(copytext+" big.h "+fnameh)
-
- replace(fnamec,"XXX",bd)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- fnamec="fp_"+tf+".c"
- fnameh="fp_"+tf+".h"
-
- os.system(copytext+" fp.c "+fnamec)
- os.system(copytext+" fp.h "+fnameh)
-
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- os.system("gcc -O3 -std=c99 -c rom_field_"+tf+".c");
-
- fnamec="ecp_"+tc+".c"
- fnameh="ecp_"+tc+".h"
-
- os.system(copytext+" ecp.c "+fnamec)
- os.system(copytext+" ecp.h "+fnameh)
-
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- fnamec="ecdh_"+tc+".c"
- fnameh="ecdh_"+tc+".h"
-
- os.system(copytext+" ecdh.c "+fnamec)
- os.system(copytext+" ecdh.h "+fnameh)
-
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- os.system("gcc -O3 -std=c99 -c rom_curve_"+tc+".c");
-
- if pf != "NOT" :
- fnamec="fp2_"+tf+".c"
- fnameh="fp2_"+tf+".h"
-
- os.system(copytext+" fp2.c "+fnamec)
- os.system(copytext+" fp2.h "+fnameh)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- fnamec="fp4_"+tf+".c"
- fnameh="fp4_"+tf+".h"
-
- os.system(copytext+" fp4.c "+fnamec)
- os.system(copytext+" fp4.h "+fnameh)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnamec,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- fnamec="fp12_"+tf+".c"
- fnameh="fp12_"+tf+".h"
-
- os.system(copytext+" fp12.c "+fnamec)
- os.system(copytext+" fp12.h "+fnameh)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- fnamec="ecp2_"+tc+".c"
- fnameh="ecp2_"+tc+".h"
-
- os.system(copytext+" ecp2.c "+fnamec)
- os.system(copytext+" ecp2.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- fnamec="pair_"+tc+".c"
- fnameh="pair_"+tc+".h"
-
- os.system(copytext+" pair.c "+fnamec)
- os.system(copytext+" pair.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- fnamec="mpin_"+tc+".c"
- fnameh="mpin_"+tc+".h"
-
- os.system(copytext+" mpin.c "+fnamec)
- os.system(copytext+" mpin.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
-replace("arch.h","@WL@","16")
-print("Elliptic Curves")
-print("1. ED25519")
-print("2. NUMS256E")
-
-print("Pairing-Friendly Elliptic Curves")
-print("3. BN254")
-print("4. BN254CX")
-
-print("RSA")
-print("5. RSA2048")
-
-
-selection=[]
-ptr=0
-max=6
-
-curve_selected=False
-pfcurve_selected=False
-rsa_selected=False
-
-while ptr<max:
- x=int(input("Choose a Scheme to support - 0 to finish: "))
- if x == 0:
- break
-# print("Choice= ",x)
- already=False
- for i in range(0,ptr):
- if x==selection[i]:
- already=True
- break
- if already:
- continue
-
- selection.append(x)
- ptr=ptr+1
-
-# curveset(big,field,curve,big_length_bytes,bits_in_base,modulus_bits,modulus_mod_8,modulus_type,curve_type,pairing_friendly,sextic twist,sign of x)
-# for each curve give names for big, field and curve. In many cases the latter two will be the same.
-# Typically "big" is the size in bits, always a multiple of 8, "field" describes the modulus, and "curve" is the common name for the elliptic curve
-# big_length_bytes is "big" divided by 8
-# Next give the number base used for 16 bit architectures, as n where the base is 2^n (note that these must be fixed for the same "big" name, if is ever re-used for another curve)
-# modulus_bits is the bit length of the modulus, typically the same or slightly smaller than "big"
-# modulus_mod_8 is the remainder when the modulus is divided by 8
-# modulus_type is NOT_SPECIAL, or PSEUDO_MERSENNE, or MONTGOMERY_Friendly, or GENERALISED_MERSENNE (supported for GOLDILOCKS only)
-# curve_type is WEIERSTRASS, EDWARDS or MONTGOMERY
-# pairing_friendly is BN, BLS or NOT (if not pairing friendly)
-# if pairing friendly. M or D type twist, and sign of the family parameter x
-
- if x==1:
- curveset("256","25519","ED25519","32","13","255","5","PSEUDO_MERSENNE","EDWARDS","NOT","","","128")
- curve_selected=True
- if x==2:
- curveset("256","256PME","NUMS256E","32","13","256","3","PSEUDO_MERSENNE","EDWARDS","NOT","","","128")
- curve_selected=True
-
-
- if x==3:
- curveset("256","BN254","BN254","32","13","254","3","NOT_SPECIAL","WEIERSTRASS","BN","D_TYPE","NEGATIVEX","128")
- pfcurve_selected=True
- if x==4:
- curveset("256","BN254CX","BN254CX","32","13","254","3","NOT_SPECIAL","WEIERSTRASS","BN","D_TYPE","NEGATIVEX","128")
- pfcurve_selected=True
-
-# rsaset(big,ring,big_length_bytes,bits_in_base,multiplier)
-# for each choice give distinct names for "big" and "ring".
-# Typically "big" is the length in bits of the underlying big number type
-# "ring" is the RSA modulus size = "big" times 2^m
-# big_length_bytes is "big" divided by 8
-# Next give the number base used for 16 bit architecture, as n where the base is 2^n
-# multiplier is 2^m (see above)
-
-# There are choices here, different ways of getting the same result, but some faster than others
- if x==5:
- #256 is slower but may allow reuse of 256-bit BIGs used for elliptic curve
- #512 is faster.. but best is 1024
- rsaset("256","2048","32","13","8")
- rsa_selected=True
-
-
-os.system(deltext+" big.*")
-os.system(deltext+" fp.*")
-os.system(deltext+" ecp.*")
-os.system(deltext+" ecdh.*")
-os.system(deltext+" ff.*")
-os.system(deltext+" rsa.*")
-os.system(deltext+" config_big.h")
-os.system(deltext+" config_field.h")
-os.system(deltext+" config_curve.h")
-os.system(deltext+" config_ff.h")
-os.system(deltext+" fp2.*")
-os.system(deltext+" fp4.*")
-os.system(deltext+" fp12.*")
-os.system(deltext+" ecp2.*")
-os.system(deltext+" pair.*")
-os.system(deltext+" mpin.*")
-
-# create library
-os.system("gcc -O3 -std=c99 -c randapi.c")
-if curve_selected :
- os.system("gcc -O3 -std=c99 -c ecdh_support.c")
-if rsa_selected :
- os.system("gcc -O3 -std=c99 -c rsa_support.c")
-if pfcurve_selected :
- os.system("gcc -O3 -std=c99 -c pbc_support.c")
-
-os.system("gcc -O3 -std=c99 -c hash.c")
-os.system("gcc -O3 -std=c99 -c rand.c")
-os.system("gcc -O3 -std=c99 -c oct.c")
-os.system("gcc -O3 -std=c99 -c aes.c")
-os.system("gcc -O3 -std=c99 -c gcm.c")
-os.system("gcc -O3 -std=c99 -c newhope.c")
-
-if sys.platform.startswith("win") :
- os.system("for %i in (*.o) do @echo %~nxi >> f.list")
- os.system("ar rc amcl.a @f.list")
- os.system(deltext+" f.list")
-
-else :
- os.system("ar rc amcl.a *.o")
-
-os.system(deltext+" *.o")
-
-
-#print("Your section was ");
-#for i in range(0,ptr):
-# print (selection[i])
-
[21/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/swift/pair.swift
----------------------------------------------------------------------
diff --git a/version22/swift/pair.swift b/version22/swift/pair.swift
deleted file mode 100644
index 93d2c20..0000000
--- a/version22/swift/pair.swift
+++ /dev/null
@@ -1,592 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-//
-// pair.swift
-//
-// Created by Michael Scott on 07/07/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-/* AMCL BN Curve Pairing functions */
-
-final class PAIR {
-
- // Line function
- static func line(_ A:ECP2,_ B:ECP2,_ Qx:FP,_ Qy:FP) -> FP12
- {
- let P=ECP2()
- var a:FP4
- var b:FP4
- var c:FP4
- P.copy(A);
- let ZZ=FP2(P.getz())
- ZZ.sqr();
- var D:Int
- if A===B {D=A.dbl()} // Check this return value in ecp2.c
- else {D=A.add(B)}
- if (D<0) {return FP12(1)}
- let Z3=FP2(A.getz())
- c=FP4(0)
- if D==0
- { /* Addition */
- let X=FP2(B.getx())
- let Y=FP2(B.gety())
- let T=FP2(P.getz())
- T.mul(Y)
- ZZ.mul(T)
-
- let NY=FP2(P.gety()); NY.neg()
- ZZ.add(NY)
- Z3.pmul(Qy)
- T.mul(P.getx())
- X.mul(NY)
- T.add(X)
- a=FP4(Z3,T)
- ZZ.neg()
- ZZ.pmul(Qx)
- b=FP4(ZZ)
- }
- else
- { // Doubling
- let X=FP2(P.getx())
- let Y=FP2(P.gety())
- let T=FP2(P.getx())
- T.sqr()
- T.imul(3)
-
- Y.sqr()
- Y.add(Y)
- Z3.mul(ZZ)
- Z3.pmul(Qy)
-
- X.mul(T)
- X.sub(Y)
- a=FP4(Z3,X)
- T.neg()
- ZZ.mul(T)
- ZZ.pmul(Qx)
- b=FP4(ZZ)
- }
- return FP12(a,b,c)
- }
- // Optimal R-ate pairing
- static func ate(_ P:ECP2,_ Q:ECP) -> FP12
- {
- let f=FP2(BIG(ROM.CURVE_Fra),BIG(ROM.CURVE_Frb))
- let x=BIG(ROM.CURVE_Bnx)
- let n=BIG(x)
- let K=ECP2()
-
- var lv:FP12
-
- if ROM.CURVE_PAIRING_TYPE == ROM.BN_CURVE {
- n.pmul(6); n.dec(2)
- } else {n.copy(x)}
-
- n.norm()
- P.affine()
- Q.affine()
- let Qx=FP(Q.getx())
- let Qy=FP(Q.gety())
-
- let A=ECP2()
- let r=FP12(1)
-
- A.copy(P)
- let nb=n.nbits()
-
- for i in (1...nb-2).reversed()
- //for var i=nb-2;i>=1;i--
- {
- lv=line(A,A,Qx,Qy)
- r.smul(lv)
-
- if (n.bit(UInt(i))==1)
- {
- lv=line(A,P,Qx,Qy)
- r.smul(lv)
- }
- r.sqr()
- }
-
- lv=line(A,A,Qx,Qy)
- r.smul(lv)
- if n.parity()==1 {
- lv=line(A,P,Qx,Qy)
- r.smul(lv)
- }
-
- // R-ate fixup required for BN curves
-
- if ROM.CURVE_PAIRING_TYPE == ROM.BN_CURVE {
- r.conj()
- K.copy(P)
- K.frob(f)
- A.neg()
- lv=line(A,K,Qx,Qy)
- r.smul(lv)
- K.frob(f)
- K.neg()
- lv=line(A,K,Qx,Qy)
- r.smul(lv)
- }
- return r
- }
- // Optimal R-ate double pairing e(P,Q).e(R,S)
- static func ate2(_ P:ECP2,_ Q:ECP,_ R:ECP2,_ S:ECP) -> FP12
- {
- let f=FP2(BIG(ROM.CURVE_Fra),BIG(ROM.CURVE_Frb))
- let x=BIG(ROM.CURVE_Bnx)
- let n=BIG(x)
- let K=ECP2()
- var lv:FP12
-
- if ROM.CURVE_PAIRING_TYPE == ROM.BN_CURVE {
- n.pmul(6); n.dec(2)
- } else {n.copy(x)}
-
- n.norm()
- P.affine()
- Q.affine()
- R.affine()
- S.affine()
-
- let Qx=FP(Q.getx())
- let Qy=FP(Q.gety())
- let Sx=FP(S.getx())
- let Sy=FP(S.gety())
-
- let A=ECP2()
- let B=ECP2()
- let r=FP12(1)
-
- A.copy(P)
- B.copy(R)
- let nb=n.nbits()
-
- for i in (1...nb-2).reversed()
- //for var i=nb-2;i>=1;i--
- {
- lv=line(A,A,Qx,Qy)
- r.smul(lv)
- lv=line(B,B,Sx,Sy)
- r.smul(lv)
- if n.bit(UInt(i))==1
- {
- lv=line(A,P,Qx,Qy)
- r.smul(lv)
- lv=line(B,R,Sx,Sy)
- r.smul(lv)
- }
- r.sqr()
- }
-
- lv=line(A,A,Qx,Qy)
- r.smul(lv)
- lv=line(B,B,Sx,Sy)
- r.smul(lv)
- if n.parity()==1 {
- lv=line(A,P,Qx,Qy)
- r.smul(lv)
- lv=line(B,R,Sx,Sy)
- r.smul(lv)
- }
-
- // R-ate fixup required for BN curves
-
- if ROM.CURVE_PAIRING_TYPE == ROM.BN_CURVE {
- r.conj()
-
- K.copy(P)
- K.frob(f)
- A.neg()
- lv=line(A,K,Qx,Qy)
- r.smul(lv)
- K.frob(f)
- K.neg()
- lv=line(A,K,Qx,Qy)
- r.smul(lv)
-
- K.copy(R)
- K.frob(f)
- B.neg()
- lv=line(B,K,Sx,Sy)
- r.smul(lv)
- K.frob(f)
- K.neg()
- lv=line(B,K,Sx,Sy)
- r.smul(lv)
- }
- return r
- }
-
- // final exponentiation - keep separate for multi-pairings and to avoid thrashing stack
- static func fexp(_ m:FP12) -> FP12
- {
- let f=FP2(BIG(ROM.CURVE_Fra),BIG(ROM.CURVE_Frb));
- let x=BIG(ROM.CURVE_Bnx)
- let r=FP12(m)
-
- // Easy part of final exp
- var lv=FP12(r)
- lv.inverse()
- r.conj()
-
- r.mul(lv)
- lv.copy(r)
- r.frob(f)
- r.frob(f)
- r.mul(lv)
-
- // Hard part of final exp
- if ROM.CURVE_PAIRING_TYPE == ROM.BN_CURVE {
- lv.copy(r)
- lv.frob(f)
- let x0=FP12(lv)
- x0.frob(f)
- lv.mul(r)
- x0.mul(lv)
- x0.frob(f)
- let x1=FP12(r)
- x1.conj()
- let x4=r.pow(x)
-
- let x3=FP12(x4)
- x3.frob(f)
-
- let x2=x4.pow(x)
-
- let x5=FP12(x2); x5.conj()
- lv=x2.pow(x)
-
- x2.frob(f)
- r.copy(x2); r.conj()
-
- x4.mul(r)
- x2.frob(f)
-
- r.copy(lv)
- r.frob(f)
- lv.mul(r)
-
- lv.usqr()
- lv.mul(x4)
- lv.mul(x5)
- r.copy(x3)
- r.mul(x5)
- r.mul(lv)
- lv.mul(x2)
- r.usqr()
- r.mul(lv)
- r.usqr()
- lv.copy(r)
- lv.mul(x1)
- r.mul(x0)
- lv.usqr()
- r.mul(lv)
- r.reduce()
- } else {
- let x0=FP12(r)
- let x1=FP12(r)
- lv.copy(r); lv.frob(f)
- let x3=FP12(lv); x3.conj(); x1.mul(x3)
- lv.frob(f); lv.frob(f)
- x1.mul(lv)
-
- r.copy(r.pow(x)) //r=r.pow(x);
- x3.copy(r); x3.conj(); x1.mul(x3)
- lv.copy(r); lv.frob(f)
- x0.mul(lv)
- lv.frob(f)
- x1.mul(lv)
- lv.frob(f)
- x3.copy(lv); x3.conj(); x0.mul(x3)
-
- r.copy(r.pow(x))
- x0.mul(r)
- lv.copy(r); lv.frob(f); lv.frob(f)
- x3.copy(lv); x3.conj(); x0.mul(x3)
- lv.frob(f)
- x1.mul(lv)
-
- r.copy(r.pow(x))
- lv.copy(r); lv.frob(f)
- x3.copy(lv); x3.conj(); x0.mul(x3)
- lv.frob(f)
- x1.mul(lv)
-
- r.copy(r.pow(x))
- x3.copy(r); x3.conj(); x0.mul(x3)
- lv.copy(r); lv.frob(f)
- x1.mul(lv)
-
- r.copy(r.pow(x))
- x1.mul(r)
-
- x0.usqr()
- x0.mul(x1)
- r.copy(x0)
- r.reduce()
- }
- return r
- }
-
- // GLV method
- static func glv(_ e:BIG) -> [BIG]
- {
- var u=[BIG]();
- if ROM.CURVE_PAIRING_TYPE == ROM.BN_CURVE {
- let t=BIG(0)
- let q=BIG(ROM.CURVE_Order)
- var v=[BIG]();
- for _ in 0 ..< 2
- {
- u.append(BIG(0))
- v.append(BIG(0))
- }
-
- for i in 0 ..< 2
- {
- t.copy(BIG(ROM.CURVE_W[i]))
- let d=BIG.mul(t,e)
- v[i].copy(d.div(q))
- }
- u[0].copy(e);
- for i in 0 ..< 2
- {
- for j in 0 ..< 2
- {
- t.copy(BIG(ROM.CURVE_SB[j][i]))
- t.copy(BIG.modmul(v[j],t,q))
- u[i].add(q)
- u[i].sub(t)
- u[i].mod(q)
- }
- }
- } else { // -(x^2).P = (Beta.x,y)
- let q=BIG(ROM.CURVE_Order)
- let x=BIG(ROM.CURVE_Bnx)
- let x2=BIG.smul(x,x)
- u.append(BIG(e))
- u[0].mod(x2)
- u.append(BIG(e))
- u[1].div(x2)
- u[1].rsub(q)
-
- }
- return u
- }
- // Galbraith & Scott Method
- static func gs(_ e:BIG) -> [BIG]
- {
- var u=[BIG]();
- if ROM.CURVE_PAIRING_TYPE == ROM.BN_CURVE {
- let t=BIG(0)
- let q=BIG(ROM.CURVE_Order)
- var v=[BIG]();
- for _ in 0 ..< 4
- {
- u.append(BIG(0))
- v.append(BIG(0))
- }
-
- for i in 0 ..< 4
- {
- t.copy(BIG(ROM.CURVE_WB[i]))
- let d=BIG.mul(t,e)
- v[i].copy(d.div(q))
- }
- u[0].copy(e);
- for i in 0 ..< 4
- {
- for j in 0 ..< 4
- {
- t.copy(BIG(ROM.CURVE_BB[j][i]))
- t.copy(BIG.modmul(v[j],t,q))
- u[i].add(q)
- u[i].sub(t)
- u[i].mod(q)
- }
- }
- } else {
- let x=BIG(ROM.CURVE_Bnx)
- var w=BIG(e)
- for i in 0 ..< 4
- {
- u.append(BIG(w))
- u[i].mod(x)
- w.div(x)
- }
- }
- return u
- }
-
- // Multiply P by e in group G1
- static func G1mul(_ P:ECP,_ e:BIG) -> ECP
- {
- var R:ECP
- if (ROM.USE_GLV)
- {
- P.affine()
- R=ECP()
- R.copy(P)
- let Q=ECP()
- Q.copy(P)
- let q=BIG(ROM.CURVE_Order)
- let cru=FP(BIG(ROM.CURVE_Cru))
- let t=BIG(0)
- var u=PAIR.glv(e)
- Q.getx().mul(cru);
-
- var np=u[0].nbits()
- t.copy(BIG.modneg(u[0],q))
- var nn=t.nbits()
- if (nn<np)
- {
- u[0].copy(t)
- R.neg()
- }
-
- np=u[1].nbits()
- t.copy(BIG.modneg(u[1],q))
- nn=t.nbits()
- if (nn<np)
- {
- u[1].copy(t)
- Q.neg()
- }
-
- R=R.mul2(u[0],Q,u[1])
- }
- else
- {
- R=P.mul(e)
- }
- return R
- }
-
- // Multiply P by e in group G2
- static func G2mul(_ P:ECP2,_ e:BIG) -> ECP2
- {
- var R:ECP2
- if (ROM.USE_GS_G2)
- {
- var Q=[ECP2]()
- let f=FP2(BIG(ROM.CURVE_Fra),BIG(ROM.CURVE_Frb));
- let q=BIG(ROM.CURVE_Order);
- var u=PAIR.gs(e);
-
- let t=BIG(0);
- P.affine()
- Q.append(ECP2())
- Q[0].copy(P);
- for i in 1 ..< 4
- {
- Q.append(ECP2()); Q[i].copy(Q[i-1]);
- Q[i].frob(f);
- }
- for i in 0 ..< 4
- {
- let np=u[i].nbits();
- t.copy(BIG.modneg(u[i],q));
- let nn=t.nbits();
- if (nn<np)
- {
- u[i].copy(t);
- Q[i].neg();
- }
- }
-
- R=ECP2.mul4(Q,u);
- }
- else
- {
- R=P.mul(e);
- }
- return R;
- }
- // f=f^e
- // Note that this method requires a lot of RAM! Better to use compressed XTR method, see FP4.java
- static func GTpow(_ d:FP12,_ e:BIG) -> FP12
- {
- var r:FP12
- if (ROM.USE_GS_GT)
- {
- var g=[FP12]()
- let f=FP2(BIG(ROM.CURVE_Fra),BIG(ROM.CURVE_Frb))
- let q=BIG(ROM.CURVE_Order)
- let t=BIG(0)
-
- var u=gs(e)
- g.append(FP12(0))
- g[0].copy(d);
- for i in 1 ..< 4
- {
- g.append(FP12(0)); g[i].copy(g[i-1])
- g[i].frob(f)
- }
- for i in 0 ..< 4
- {
- let np=u[i].nbits()
- t.copy(BIG.modneg(u[i],q))
- let nn=t.nbits()
- if (nn<np)
- {
- u[i].copy(t)
- g[i].conj()
- }
- }
- r=FP12.pow4(g,u)
- }
- else
- {
- r=d.pow(e)
- }
- return r
- }
- // test group membership - no longer needed
- // with GT-Strong curve, now only check that m!=1, conj(m)*m==1, and m.m^{p^4}=m^{p^2}
-/*
- static func GTmember(m:FP12) -> Bool
- {
- if m.isunity() {return false}
- let r=FP12(m)
- r.conj()
- r.mul(m)
- if !r.isunity() {return false}
-
- let f=FP2(BIG(ROM.CURVE_Fra),BIG(ROM.CURVE_Frb))
-
- r.copy(m); r.frob(f); r.frob(f)
- var w=FP12(r); w.frob(f); w.frob(f)
- w.mul(m)
- if !ROM.GT_STRONG
- {
- if !w.equals(r) {return false}
- let x=BIG(ROM.CURVE_Bnx)
- r.copy(m); w=r.pow(x); w=w.pow(x)
- r.copy(w); r.sqr(); r.mul(w); r.sqr()
- w.copy(m); w.frob(f)
- }
- return w.equals(r)
- }
-*/
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/swift/rand.swift
----------------------------------------------------------------------
diff --git a/version22/swift/rand.swift b/version22/swift/rand.swift
deleted file mode 100644
index 429a0eb..0000000
--- a/version22/swift/rand.swift
+++ /dev/null
@@ -1,131 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-//
-// rand.swift
-//
-// Created by Michael Scott on 17/06/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-// Cryptographic strong random number generator
-
-/* Marsaglia & Zaman Random number generator constants */
-final public class RAND {
- private static let NK:Int=21
- private static let NJ:Int=6
- private static let NV:Int=8
- private var ira=[UInt32](repeating: 0,count: NK)
- private var rndptr:Int=0
- private var borrow:UInt32=0
- private var pool_ptr:Int=0
- private var pool=[UInt8](repeating: 0,count: 32)
-
- public func clean()
- {
- pool_ptr=0
- rndptr=0
- for i in 0 ..< 32 {pool[i]=0}
- for i in 0 ..< RAND.NK {ira[i]=0}
- borrow=0;
- }
-
- public init() {clean()}
-
- private func sbrand() -> UInt32
- { /* Marsaglia & Zaman random number generator */
- rndptr+=1;
- if rndptr<RAND.NK {return ira[rndptr]}
- rndptr=0;
- var k=RAND.NK-RAND.NJ
- for i in 0 ..< RAND.NK
- {
- if k==RAND.NK {k=0}
- let t=ira[k];
- let pdiff=t &- ira[i] &- borrow
- if pdiff<t {borrow=0}
- if pdiff>t {borrow=1}
- ira[i]=pdiff
- k += 1;
- }
- return ira[0]
- }
-
- func sirand(_ seed: UInt32)
- {
- var m:UInt32=1
- var s:UInt32=seed
- borrow=0;
- rndptr=0
- ira[0]^=s
- for i in 1 ..< RAND.NK
- { /* fill initialisation vector */
- let ipn=(RAND.NV*i)%RAND.NK
- ira[ipn]^=m
- let t=m
- m=s &- m
- s=t
- }
- for _ in 0 ..< 10000 {sbrand()}
- }
-
- private func fill_pool()
- {
- let sh=HASH256()
- for _ in 0 ..< 128 {sh.process(UInt8(sbrand()&0xff))}
- pool=sh.hash()
- pool_ptr=0
- }
-
- private func pack(_ b: [UInt8]) -> UInt32
- {
- return (UInt32(b[3])<<24)|(UInt32(b[2])<<16)|(UInt32(b[1])<<8)|(UInt32(b[0]))
- }
-
-/* Initialize RNG with some real entropy from some external source */
- public func seed(_ rawlen: Int,_ raw: [UInt8])
- { /* initialise from at least 128 byte string of raw random entropy */
- var digest=[UInt8]()
- var b=[UInt8](repeating: 0, count: 4)
- let sh=HASH256()
- pool_ptr=0
- for i in 0 ..< RAND.NK {ira[i]=0}
- if rawlen>0
- {
- for i in 0 ..< rawlen {sh.process(raw[i])}
- digest=sh.hash()
-
- for i in 0 ..< 8
- {
- b[0]=digest[4*i]; b[1]=digest[4*i+1]; b[2]=digest[4*i+2]; b[3]=digest[4*i+3]
- sirand(pack(b))
- }
-
- }
- fill_pool()
- }
-
- public func getByte() -> UInt8
- {
- let r=pool[pool_ptr]; pool_ptr+=1
- if pool_ptr>=32 {fill_pool()}
- return r
- }
-
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/swift/readme.txt
----------------------------------------------------------------------
diff --git a/version22/swift/readme.txt b/version22/swift/readme.txt
deleted file mode 100644
index 02d78b2..0000000
--- a/version22/swift/readme.txt
+++ /dev/null
@@ -1,135 +0,0 @@
-AMCL is very simple to build for Swift.
-
-
-This version supports both 32-bit and 64-bit builds.
-If your processor and
-operating system are both 64-bit, a 64-bit build
-will probably be best.
-Otherwise use a 32-bit build.
-
-
-First - decide the modulus and curve type you want to use. Edit rom32.swift
-
-or rom64.swift where indicated. You will probably want to use one of the
-curves
-whose details are already in there. You might want to "raid" the
-rom
-file from the C version of the library for more curves.
-
-Three example API files are provided, mpin.swift which
-supports our M-Pin (tm) protocol, ecdh.swift which supports elliptic
-curve key exchange, digital signature and public key crypto, and rsa.swift
-which supports the RSA method. The first can be tested using the
-TestMPIN.swift driver programs, the second can be tested using TestECDH.swift,
-
-and the third with TestRSA.swift
-
-In the rom32.swift/rom64.swift file you must provide the curve constants.
-
-Several examples are provided there, if you are willing to use one of these.
-
-To help generate the ROM constants for your own curve some MIRACL helper
-programs are included. The programs bngen.cpp and blsgen.cpp generate ROM
-data for a BN and BLS pairing friendly curves, and the program ecgen.cpp
-generates ROM data for regular EC curves.
-
-The MIRACL based program check.cpp helps choose the best number base for
-big number representation, given the word-length and the size of the modulus.
-
-The program bigtobig.cpp converts a big number to the AMCL
-BIG format.
-
-For a quick jumpstart:-
-
-
-Copy rom32.swift to rom.swift for a 32-bit build.
-
-
-
-If using Xcode, load all of the swift files into a project. In "Build
-Options",
-under "Swift Compiler - Custom Flags", set the compilation
-condition D32. Then
-build the project.
-
-
-
-For a 64-bit build copy rom64.swift instead, and set D64 in Xcode.
-
-Then build
-and run the program main.swift
-
-
-
-
-Alternatively from a terminal window in a /lib directory create a dynamic
-
-library using the command
-
-swiftc -DD32 big.swift rom.swift dbig.swift rand.swift hash256.swift hash384.swift hash512.swift fp.swift fp2.swift ecp.swift ecp2.swift aes.swift gcm.swift fp4.swift fp12.swift ff.swift pair.swift rsa.swift ecdh.swift mpin.swift -O -Ounchecked -whole-module-optimization -emit-library -emit-module -module-name amcl
-
-This creates the files
-
-libamcl.dylib
-amcl.swiftmodule
-
-Copy these to a project directory, which contains only the files
-
-TestECDH.swift
-TestRSA.swift
-TestMPIN.swift
-
-
-Edit these files to uncomment the line
-
-
-
-import amcl
-
-
-
-at the start of the program, and
-
-
-
-TestXXXX()
-
-
-
-at the end of the program
-
-
-Finally create and run the projects by issuing the commands
-
-swift -lamcl -I. TestMPIN.swift
-swift -lamcl -I. TestECDH.swift
-swift -lamcl -I. TestRSA.swift
-
-
-
-
-Note that classes and methods that need to be exposed to consuming programs,
-should be made "public" when and if needed. Here we have done this as needed
-just for these example programs.
-
-------------------------------------------------
-
-An alternative method to build applications is to use the swiftc compiler
-directly. For example:-
-
-Edit main.swift to just include a call to BenchtestPAIR()
-
-Copy rom32.swift to rom.swift
-
-Compile directly using swiftc
-
-swiftc -DD32 -O -Ounchecked -whole-module-optimization main.swift BenchtestPAIR.swift pair.swift fp12.swift fp4.swift fp2.swift fp.swift big.swift dbig.swift ecp.swift ecp2.swift hash256.swift hash384.swift hash512.swift aes.swift rand.swift rom.swift -o main
-
-Run the BenchtestPAIR() program by
-
-./main
-
-For the files needed to build other applications, see go/readme.txt
-
-Change "32" to "64" for a 64-bit build
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/swift/rom32.swift
----------------------------------------------------------------------
diff --git a/version22/swift/rom32.swift b/version22/swift/rom32.swift
deleted file mode 100644
index 9ac5f11..0000000
--- a/version22/swift/rom32.swift
+++ /dev/null
@@ -1,645 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-//
-// rom.swift
-//
-// Created by Michael Scott on 12/06/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-typealias Chunk = Int32
-typealias DChunk = Int64
-
-final public class ROM{
-
- static let CHUNK:Int=32
-
- /* Don't Modify from here... */
- static let NOT_SPECIAL=0
- static let PSEUDO_MERSENNE=1
- static let MONTGOMERY_FRIENDLY=2
- static let GENERALISED_MERSENNE=3
- static let WEIERSTRASS=0
- static let EDWARDS=1
- static let MONTGOMERY=2
- static let BN_CURVE=0
- static let BLS_CURVE=1
-
- /* ...to here */
-
-/*** Enter Some Field details here ***/
-// BN254 Curve
-// static let MODBITS:UInt = 254 /* Number of bits in Modulus */
-// static let MOD8:UInt = 3 /* Modulus mod 8 */
-// static let BASEBITS:UInt=29
-// static let AES_S:UInt=0
-
-// BN454 Curve
-// static let MODBITS:UInt = 454 /* Number of bits in Modulus */
-// static let MOD8:UInt = 3 /* Modulus mod 8 */
-// static let BASEBITS:UInt=29
-// static let AES_S:UInt=128
-
-// BLS383 Curve
- static let MODBITS:UInt = 383
- static let MOD8:UInt = 3
- static let BASEBITS:UInt = 28
- static let AES_S:UInt = 0
-
-// BLS455 Curve
-// static let MODBITS:UInt = 455 /* Number of bits in Modulus */
-// static let MOD8:UInt = 3 /* Modulus mod 8 */
-// static let BASEBITS:UInt=29
-// static let AES_S:UInt=128
-
-// HIFIVE Curve
-// static let MODBITS:UInt = 336
-// static let MOD8:UInt = 5
-// static let BASEBITS:UInt = 29
-// static let AES_S:UInt=128
-
-// GOLDILOCKS
-// static let MODBITS:UInt=448
-// static let MOD8:UInt=7
-// static let BASEBITS:UInt=29
-// static let AES_S:UInt=0
-
-// NIST384
-// static let MODBITS:UInt=384
-// static let MOD8:UInt=7
-// static let BASEBITS:UInt=29
-// static let AES_S:UInt=0
-
-// C41417
-// static let MODBITS:UInt=414
-// static let MOD8:UInt=7
-// static let BASEBITS:UInt=29
-// static let AES_S:UInt=0
-
-// NIST521
-// static let MODBITS:UInt=521
-// static let MOD8:UInt=7
-// static let BASEBITS:UInt=28
-// static let AES_S:UInt=0
-
-// BN646
-// static let MODBITS:UInt=646
-// static let MOD8:UInt=3
-// static let BASEBITS:UInt=29
-// static let AES_S:UInt=192
-
-// Curve 25519
-// static let MODBITS:UInt=255
-// static let MOD8:UInt=5
-// static let BASEBITS:UInt=29
-// static let AES_S:UInt=0
-
-// NIST256 or Brainpool
-// static let MODBITS:UInt=256
-// static let MOD8:UInt=7
-// static let BASEBITS:UInt=29
-// static let AES_S:UInt=0
-
-// MF254
-// static let MODBITS:UInt=254
-// static let MOD8:UInt=7
-// static let BASEBITS:UInt=29
-// static let AES_S:UInt=0
-
-// MS255
-// static let MODBITS:UInt = 255
-// static let MOD8:UInt = 3
-// static let BASEBITS:UInt=29
-// static let AES_S:UInt=0
-
-// MF256
-// static let MODBITS:UInt = 256
-// static let MOD8:UInt = 7
-// static let BASEBITS:UInt=29
-// static let AES_S:UInt=0
-
-// MS256
-// static let MODBITS:UInt = 256
-// static let MOD8:UInt = 3
-// static let BASEBITS:UInt=29
-// static let AES_S:UInt=0
-
-// ANSSI
-// static let MODBITS:UInt = 256
-// static let MOD8:UInt = 3
-// static let BASEBITS:UInt=29
-// static let AES_S:UInt=0
-
- static let FFLEN:UInt=4
-
-/* Don't Modify from here... */
- static let NLEN:Int=Int(1+((MODBITS-1)/BASEBITS))
- static let DNLEN:Int=2*NLEN
- static let BMASK:Chunk=((1<<Chunk(BASEBITS))-1)
- static let MODBYTES:UInt=(1+(MODBITS-1)/8)
- static let NEXCESS:Int = (1<<(CHUNK-Int(BASEBITS)-1))
- static let FEXCESS:Chunk = (1<<Chunk(BASEBITS*UInt(NLEN)-MODBITS));
- static let OMASK:Chunk=Chunk(-1)<<Chunk(MODBITS%BASEBITS)
- static let TBITS:UInt=MODBITS%BASEBITS; // Number of active bits in top word
- static let TMASK:Chunk=(1<<Chunk(TBITS))-1
- static let BIGBITS:UInt = (MODBYTES*8)
- static let HBITS = (BASEBITS/2)
- static let HMASK:Chunk = ((1<<Chunk(HBITS))-1)
-
-
- /* Finite field support - for RSA, DH etc. */
- static let FF_BITS:UInt=(BIGBITS*FFLEN) /* Finite Field Size in bits - must be BIGBITS.2^n */
- static let HFLEN=(FFLEN/2); /* Useful for half-size RSA private key operations */
-
- static let P_MBITS:UInt=ROM.MODBYTES*8
- static let P_OMASK:Chunk=Chunk(-1)<<Chunk(P_MBITS%BASEBITS)
- static let P_FEXCESS:Chunk=(1<<Chunk(BASEBITS*UInt(NLEN)-P_MBITS))
- static let P_TBITS=(P_MBITS%ROM.BASEBITS)
-
-/* ...to here */
-
-// START SPECIFY FIELD DETAILS HERE
-//*********************************************************************************
-// Curve25519 Modulus
-// static let MODTYPE=PSEUDO_MERSENNE
-// static let Modulus:[Chunk]=[0x1FFFFFED,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFFF]
-// static let MConst:Chunk=19
-
-// NIST-256 Modulus
-// static let MODTYPE=NOT_SPECIAL
-// static let Modulus:[Chunk]=[0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FF,0x0,0x0,0x40000,0x1FE00000,0xFFFFFF]
-// static let MConst:Chunk=1
-
-// MF254 Modulus
-// static let MODTYPE=MONTGOMERY_FRIENDLY
-// static let Modulus:[Chunk]=[0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3F80FF]
-// static let MConst:Chunk=0x3F8100
-// MS255 Modulus
-// static let MODTYPE = PSEUDO_MERSENNE
-// static let Modulus:[Chunk]=[0x1FFFFD03,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFFF]
-// static let MConst:Chunk=0x2FD
-// MF256 Modulus
-// static let MODTYPE = MONTGOMERY_FRIENDLY
-// static let Modulus:[Chunk]=[0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFFA7FF]
-// static let MConst:Chunk=0xFFA800
-// MS256 Modulus
-// static let MODTYPE = PSEUDO_MERSENNE
-// static let Modulus:[Chunk]=[0x1FFFFF43,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFFFFFF]
-// static let MConst:Chunk = 0xBD
-// Brainpool Modulus
-// static let MODTYPE = NOT_SPECIAL
-// static let Modulus:[Chunk]=[0x1F6E5377,0x9A40E8,0x9880A08,0x17EC47AA,0x18D726E3,0x5484EC1,0x6F0F998,0x1B743DD5,0xA9FB57]
-// static let MConst:Chunk = 0xEFD89B9
-// ANSSI Modulus
-// static let MODTYPE = NOT_SPECIAL
-// static let Modulus:[Chunk]=[0x186E9C03,0x7E79A9E,0x12329B7A,0x35B7957,0x435B396,0x16F46721,0x163C4049,0x1181675A,0xF1FD17]
-// static let MConst:Chunk = 0x164E1155
-
-// HIFIVE Curve Modulus
-// static let MODTYPE = PSEUDO_MERSENNE
-// static let Modulus:[Chunk]=[0x1FFFFFFD,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFF]
-// static let MConst:Chunk = 0x3
-
-// GOLDILOCKS Curve Modulus
-// static let MODTYPE = GENERALISED_MERSENNE
-// static let Modulus:[Chunk]=[0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FDFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFF]
-// static let MConst:Chunk = 0x1
-
-// NIST384 Curve Modulus
-// static let MODTYPE = NOT_SPECIAL
-// static let Modulus:[Chunk]=[0x1FFFFFFF,0x7,0x0,0x1FFFFE00,0x1FFFEFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7F]
-// static let MConst:Chunk = 0x1
-
-// C41417 Curve Modulus
-// static let MODTYPE = PSEUDO_MERSENNE
-// static let Modulus:[Chunk]=[0x1FFFFFEF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFF]
-// static let MConst:Chunk = 0x11
-
-// NIST521 Curve Modulus
-// static let MODTYPE = PSEUDO_MERSENNE
-// static let Modulus:[Chunk]=[0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0x1FFFF]
-// static let MConst:Chunk = 0x1
-
-// BN646 Curve Modulus
-// static let MODTYPE = NOT_SPECIAL
-// static let Modulus:[Chunk]=[0x404E013,0x1203604,0x4E0000,0x80A2084,0x2,0xC90420,0x4051078,0x3600001,0xA20660,0x36,0x5100900,0x10288468,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90]
-// static let MConst:Chunk = 0x15F615E5
-
-// BNCX Curve Modulus
-// static let MODTYPE = NOT_SPECIAL
-// static let Modulus:[Chunk]=[0x1C1B55B3,0x13311F7A,0x24FB86F,0x1FADDC30,0x166D3243,0xFB23D31,0x836C2F7,0x10E05,0x240000]
-// static let MConst:Chunk=0x19789E85
-
-// BN254 Curve Modulus
-// static let MODTYPE = NOT_SPECIAL
-// static let Modulus:[Chunk] = [0x13,0x18000000,0x4E9,0x2000000,0x8612,0x6C00000,0x6E8D1,0x10480000,0x252364]
-// static let MConst:Chunk=0x179435E5
-
-// BLS383 Curve
- static let MODTYPE = NOT_SPECIAL;
- static let Modulus:[Chunk] = [0xAAD556B,0xACAAB52,0x5F75D7A,0x1BB0147,0xD5D7520,0xCF73083,0xF99EB16,0x531820,0xA68EA32,0x2C01355,0x552A785,0x5C6105C,0x80A9F7,0x7AC52];
- static let MConst:Chunk=0x123D0BD;
-
-
-// BN454 Curve Modulus
-// static let MODTYPE = NOT_SPECIAL
-// static let Modulus:[Chunk] = [0x13,0x270,0x2100,0x1C00D89C,0x25084,0xA284,0x24720,0x10803AA1,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000]
-// static let MConst:Chunk=0x179435E5
-
-// BLS455 Curve Modulus
- // static let MODTYPE = NOT_SPECIAL
- // static let Modulus:[Chunk] = [0x2AB,0x1500000C,0xAAA55AA,0xB12AAD6,0x6D1BA6C,0xCCA5674,0x12E2CF6E,0xA9F9662,0x34BD939,0x12D8EAB1,0xFD9978E,0x9240600,0xE0F95B,0xAAB9550,0x55555E5,0xAAAAB]
-// static let MConst:Chunk=0x1F4017FD
-
- // START SPECIFY CURVE DETAILS HERE
- //*********************************************************************************
- // Original Curve25519
- // static let CURVETYPE=MONTGOMERY
- // static let CURVE_A:Int = 486662
- // static let CURVE_B:[Chunk]=[0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0] // not used
- // static let CURVE_Order:[Chunk]=[0x1CF5D3ED,0x9318D2,0x1DE73596,0x1DF3BD45,0x14D,0x0,0x0,0x0,0x100000]
- // static let CURVE_Gx:[Chunk]=[0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- // static let CURVE_Gy:[Chunk]=[0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0] // not used
-// Ed25519 Curve
-// static let CURVETYPE=EDWARDS
-// static let CURVE_A:Int = -1
-// static let CURVE_B:[Chunk]=[0x135978A3,0xF5A6E50,0x10762ADD,0x149A82,0x1E898007,0x3CBBBC,0x19CE331D,0x1DC56DFF,0x52036C]
-// static let CURVE_Order:[Chunk]=[0x1CF5D3ED,0x9318D2,0x1DE73596,0x1DF3BD45,0x14D,0x0,0x0,0x0,0x100000]
-// static let CURVE_Gx:[Chunk]=[0xF25D51A,0xAB16B04,0x969ECB2,0x198EC12A,0xDC5C692,0x1118FEEB,0xFFB0293,0x1A79ADCA,0x216936]
-// static let CURVE_Gy:[Chunk]=[0x6666658,0x13333333,0x19999999,0xCCCCCCC,0x6666666,0x13333333,0x19999999,0xCCCCCCC,0x666666]
-
-// HIFIVE Curve
-// static let CURVETYPE=EDWARDS
-// static let CURVE_A:Int = 1
-// static let CURVE_Order:[Chunk]=[0x1E9FA805,0x197CACB9,0x1E4EEA9E,0x17AD70F,0x1FA9850C,0x38A0A,0x0,0x0,0x0,0x0,0x0,0x4000]
-// static let CURVE_B:[Chunk] = [0x2B67,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
-// static let CURVE_Gx:[Chunk] = [0xC,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
-// static let CURVE_Gy:[Chunk] = [0x5FE8632,0x15F63428,0xD976C4,0x1AACA194,0x35B6DB5,0x8E3F7A,0x52D1B0E,0xF0A7A36,0x1C161D00,0x8170C70,0x1185AD59,0x181B]
-
-// GOLDILOCKS Curve
-// static let CURVETYPE=EDWARDS
-// static let CURVE_A:Int = 1
-// static let CURVE_Order:[Chunk]=[0xB5844F3,0x1BC61495,0x1163D548,0x1984E51B,0x3690216,0xDA4D76B,0xFA7113B,0x1FEF9944,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FF]
-// static let CURVE_B:[Chunk] = [0x1FFF6756,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FDFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFF]
-// static let CURVE_Gx:[Chunk] = [0x15555555,0xAAAAAAA,0x15555555,0xAAAAAAA,0x15555555,0xAAAAAAA,0x15555555,0x152AAAAA,0xAAAAAAA,0x15555555,0xAAAAAAA,0x15555555,0xAAAAAAA,0x15555555,0xAAAAAAA,0x1555]
-// static let CURVE_Gy:[Chunk] = [0xA9386ED,0x1757DE6F,0x13681AF6,0x19657DA3,0x3098BBB,0x12C19D15,0x12E03595,0xE515B18,0x17B7E36D,0x1AC426E,0xDBB5E8,0x10D8560,0x159D6205,0xB8246D9,0x17A58D2B,0x15C0]
-
-// NIST384 Curve
-// static let CURVETYPE=WEIERSTRASS
-// static let CURVE_A:Int = -3
-// static let CURVE_Order:[Chunk]=[0xCC52973,0x760CB56,0xC29DEBB,0x141B6491,0x12DDF581,0x6C0FA1B,0x1FFF1D8D,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7F]
-// static let CURVE_B:[Chunk] = [0x13EC2AEF,0x142E476E,0xBB4674A,0xC731B14,0x1875AC65,0x447A809,0x4480C50,0xDDFD028,0x19181D9C,0x1F1FC168,0x623815A,0x47DCFC9,0x1312FA7E,0x59]
-// static let CURVE_Gx:[Chunk] = [0x12760AB7,0x12A2F1C3,0x154A5B0E,0x5E4BB7E,0x2A38550,0xF0412A,0xE6167DD,0xC5174F3,0x146E1D3B,0x1799056B,0x3AC71C7,0x1D160A6F,0x87CA22B,0x55]
-// static let CURVE_Gy:[Chunk] = [0x10EA0E5F,0x1218EBE4,0x1FA0675E,0x1639C3A,0xB8C00A6,0x1889DAF8,0x11F3A768,0x17A51342,0x9F8F41D,0x1C9496E1,0x1767A62F,0xC4C58DE,0x17DE4A9,0x1B]
-
-// C41417 Curve
-// static let CURVETYPE=EDWARDS
-// static let CURVE_A:Int = 1
-// static let CURVE_Order:[Chunk]=[0x106AF79,0x18738D2F,0x18F3C606,0x1806715A,0x22B36F1,0xA67B830,0xCF32490,0x1FFFFFFD,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1F]
-// static let CURVE_B:[Chunk] = [0xE21,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
-// static let CURVE_Gx:[Chunk] = [0x13CBC595,0x7E9C097,0x14DF1931,0x14E7F550,0x1A111301,0x15A6B6B5,0xD526292,0x18FEAFFE,0x1F44C03E,0x1E6A31B4,0x70C9B97,0x43180C6,0x1443300,0x19A4828A,0x68]
-// static let CURVE_Gy:[Chunk] = [0x22,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
-
-// NIST521 Curve
-// static let CURVETYPE=WEIERSTRASS
-// static let CURVE_A:Int = -3
-// static let CURVE_Order:[Chunk]=[0x1386409,0x6FB71E9,0xC47AEBB,0xC9B8899,0x5D03BB5,0x48F709A,0xB7FCC01,0xBF2F966,0x1868783,0xFFFFFA5,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0x1FFFF]
-// static let CURVE_B:[Chunk] = [0xB503F00,0x451FD46,0xC34F1EF,0xDF883D2,0xF073573,0xBD3BB1B,0xB1652C0,0xEC7E937,0x6193951,0xF109E15,0x489918E,0x15F3B8B,0x25B99B3,0xEEA2DA7,0xB68540,0x929A21A,0xE1C9A1F,0x3EB9618,0x5195]
-// static let CURVE_Gx:[Chunk] = [0x2E5BD66,0x7E7E31C,0xA429BF9,0xB3C1856,0x8DE3348,0x27A2FFA,0x8FE1DC1,0xEFE7592,0x14B5E77,0x4D3DBAA,0x8AF606B,0xB521F82,0x139053F,0x429C648,0x62395B4,0x9E3ECB6,0x404E9CD,0x8E06B70,0xC685]
-// static let CURVE_Gy:[Chunk] = [0xFD16650,0xBE94769,0x2C24088,0x7086A27,0x761353C,0x13FAD0,0xC550B9,0x5EF4264,0x7EE7299,0x3E662C9,0xFBD1727,0x446817A,0x449579B,0xD998F54,0x42C7D1B,0x5C8A5FB,0xA3BC004,0x296A789,0x11839]
-
-// NIST-256 Curve
- // static let CURVETYPE=WEIERSTRASS
- // static let CURVE_A:Int = -3;
- // static let CURVE_B:[Chunk]=[0x7D2604B,0x1E71E1F1,0x14EC3D8E,0x1A0D6198,0x86BC651,0x1EAABB4C,0xF9ECFAE,0x1B154752,0x5AC635]
- // static let CURVE_Order:[Chunk]=[0x1C632551,0x1DCE5617,0x5E7A13C,0xDF55B4E,0x1FFFFBCE,0x1FFFFFFF,0x3FFFF,0x1FE00000,0xFFFFFF]
- // static let CURVE_Gx:[Chunk]=[0x1898C296,0x509CA2E,0x1ACCE83D,0x6FB025B,0x40F2770,0x1372B1D2,0x91FE2F3,0x1E5C2588,0x6B17D1]
- // static let CURVE_Gy:[Chunk]=[0x17BF51F5,0x1DB20341,0xC57B3B2,0x1C66AED6,0x19E162BC,0x15A53E07,0x1E6E3B9F,0x1C5FC34F,0x4FE342]
-
- // MF254 Modulus, Weierstrass Curve w-254-mont
- // static let CURVETYPE=WEIERSTRASS
- // static let CURVE_A:Int = -3
- // static let CURVE_B:[Chunk]=[0x1FFFD08D,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3F80FF]
- // static let CURVE_Order:[Chunk]=[0xF8DF83F,0x1D20CE25,0x8DD701B,0x317D41B,0x1FFFFEB8,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3F80FF]
- // static let CURVE_Gx:[Chunk]=[0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- // static let CURVE_Gy:[Chunk]=[0x190D4EBC,0xB2EF9BF,0x14464C6B,0xE71C7F0,0x18AEBDFB,0xD3ADEBB,0x18052B85,0x1A6765CA,0x140E3F]
-
- // MF254 Modulus, Edwards Curve ed-254-mont
- // static let CURVETYPE = EDWARDS
- // static let CURVE_A:Int = -1
- // static let CURVE_B:[Chunk]=[0x367B,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- // static let CURVE_Order:[Chunk]=[0x46E98C7,0x179E9FF6,0x158BEC3A,0xA60D917,0x1FFFFEB9,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFE03F]
- // static let CURVE_Gx:[Chunk]=[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- // static let CURVE_Gy:[Chunk]=[0xF2701E5,0x29687ED,0xC84861F,0x535081C,0x3F4E363,0x6A811B,0xCD65474,0x121AD498,0x19F0E6]
-
- // MF254 Modulus, Montgomery Curve
- //static let CURVETYPE = MONTGOMERY
- //static let CURVE_A:Int = -55790;
- //static let CURVE_B:[Chunk]=[0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0] // not used
- //static let CURVE_Order:[Chunk]=[0x46E98C7,0x179E9FF6,0x158BEC3A,0xA60D917,0x1FFFFEB9,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFE03F]
- //static let CURVE_Gx:[Chunk]=[0x3,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- //static let CURVE_Gy:[Chunk]=[0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0] // not used
-
- // MS255 Modulus, Weierstrass Curve
- //static let CURVETYPE = WEIERSTRASS
- //static let CURVE_A:Int = -3
- //static let CURVE_B:[Chunk]=[0x1FFFAB46,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFFF]
- //static let CURVE_Order:[Chunk]=[0x1C594AEB,0x1C7D64C1,0x14ACF7EA,0x14705075,0x1FFFF864,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFFF]
- //static let CURVE_Gx:[Chunk]=[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- //static let CURVE_Gy:[Chunk]=[0x9CB44BA,0x199FFB3B,0x1F698345,0xD8F19BB,0x17D177DB,0x1FFCD97F,0xCE487A,0x181DB74F,0x6F7A6A]
-
- // MS255 Modulus, Edwards Curve
- //static let CURVETYPE = EDWARDS
- //static let CURVE_A:Int = -1
- //static let CURVE_B:[Chunk]=[0xEA97,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- //static let CURVE_Order:[Chunk]=[0x436EB75,0x24E8F68,0x9A0CBAB,0x34F0BDB,0x1FFFFDCF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFF]
- //static let CURVE_Gx:[Chunk]=[0x4,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- //static let CURVE_Gy:[Chunk]=[0x108736A0,0x11512ADE,0x1116916E,0x29715DA,0x47E5529,0x66EC706,0x1517B095,0xA694F76,0x26CB78]
-
- // MS255 Modulus, Montgomery Curve
- //static let CURVETYPE=MONTGOMERY
- //static let CURVE_A:Int = -240222
- //static let CURVE_B:[Chunk]=[0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0] // not used
- //static let CURVE_Order:[Chunk]=[0x436EB75,0x24E8F68,0x9A0CBAB,0x34F0BDB,0x1FFFFDCF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFF]
- //static let CURVE_Gx:[Chunk]=[0x4,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- //static let CURVE_Gy:[Chunk]=[0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0] // not used
-
- // MF256 Modulus, Weierstrass Curve
- //static let CURVETYPE = WEIERSTRASS
- //static let CURVE_A:Int = -3;
- //static let CURVE_B:[Chunk]=[0x14E6A,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- //static let CURVE_Order:[Chunk]=[0x79857EB,0x8862F0D,0x1941D2E7,0x2EA27CD,0x1FFFFFC5,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFFA7FF]
- //static let CURVE_Gx:[Chunk]=[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- //static let CURVE_Gy:[Chunk]=[0xB724D2A,0x3CAA61,0x5371984,0x128FD71B,0x1AE28956,0x1D13091E,0x339EEAE,0x10F7C301,0x20887C]
-
- // MF256, Edwards Curve
- //static let CURVETYPE = EDWARDS
- //static let CURVE_A:Int = -1
- //static let CURVE_B:[Chunk]=[0x350A,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- //static let CURVE_Order:[Chunk]=[0x18EC7BAB,0x16C976F6,0x19CCF259,0x9775F70,0x1FFFFB15,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3FE9FF]
- //static let CURVE_Gx:[Chunk]=[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- //static let CURVE_Gy:[Chunk]=[0x12F3C908,0xF553917,0x1FA9A35F,0xBCC91B,0x1AACA0C,0x1779ED96,0x156BABAF,0x1F1F1989,0xDAD8D4]
-
- // MF256 Modulus, Montgomery Curve
- //static let CURVETYPE = MONTGOMERY
- //static let CURVE_A:Int = -54314
- //static let CURVE_B:[Chunk]=[0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0] // not used
- //static let CURVE_Order:[Chunk]=[0x18EC7BAB,0x16C976F6,0x19CCF259,0x9775F70,0x1FFFFB15,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3FE9FF]
- //static let CURVE_Gx:[Chunk]=[0x8,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- //static let CURVE_Gy:[Chunk]=[0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0] // not used
-
- // MS256, Weierstrass Curve
- //static let CURVETYPE = WEIERSTRASS
- //static let CURVE_A:Int = -3
- //static let CURVE_B:[Chunk]=[0x25581,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- //static let CURVE_Order:[Chunk]=[0x751A825,0x559014A,0x9971808,0x1904EBD4,0x1FFFFE43,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFFFFFF]
- //static let CURVE_Gx:[Chunk]=[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- //static let CURVE_Gy:[Chunk]=[0x2B56C77,0x1FA31836,0x253B042,0x185F26EB,0xDD6BD02,0x4B66777,0x1B5FF20B,0xA783C8C,0x696F18]
-
- // MS256, Edwards Curve
- //static let CURVETYPE = EDWARDS
- //static let CURVE_A:Int = -1;
- //static let CURVE_B:[Chunk]=[0x3BEE,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- //static let CURVE_Order:[Chunk]=[0x1122B4AD,0xDC27378,0x9AF1939,0x154AB5A1,0x1FFFFBE6,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3FFFFF]
- //static let CURVE_Gx:[Chunk]=[0xD,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- //static let CURVE_Gy:[Chunk]=[0x131CADBA,0x3FB7DA9,0x134C0FDC,0x14DAC704,0x46BFBE2,0x1859CFD0,0x1B6E8F4C,0x3C5424E,0x7D0AB4]
-
- // MS256 Modulus, Montgomery Curve
- //static let CURVETYPE = MONTGOMERY
- //static let CURVE_A:Int = -61370
- //static let CURVE_B:[Chunk]=[0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0] // not used
- //static let CURVE_Order:[Chunk]=[0x1122B4AD,0xDC27378,0x9AF1939,0x154AB5A1,0x1FFFFBE6,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3FFFFF]
- //static let CURVE_Gx:[Chunk]=[0xb,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- //static let CURVE_Gy:[Chunk]=[0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0] // not used
-
- // Brainpool
- //static let CURVETYPE = WEIERSTRASS
- //static let CURVE_A:Int = -3
- //static let CURVE_B:[Chunk]=[0x1EE92B04,0x172C080F,0xBD2495A,0x7D7895E,0x176B7BF9,0x13B99E85,0x1A93F99A,0x18861B09,0x662C61]
- //static let CURVE_Order:[Chunk]=[0x174856A7,0xF07414,0x1869BDE4,0x12F5476A,0x18D718C3,0x5484EC1,0x6F0F998,0x1B743DD5,0xA9FB57]
- //static let CURVE_Gx:[Chunk]=[0xE1305F4,0xD0C8AB1,0xBEF0ADE,0x28588F5,0x16149AFA,0x9D91D32,0x1EDDCC88,0x79839FC,0xA3E8EB]
- //static let CURVE_Gy:[Chunk]=[0x1B25C9BE,0xD5F479A,0x1409C007,0x196DBC73,0x417E69B,0x1170A322,0x15B5FDEC,0x10468738,0x2D996C]
-
- // ANSSI
- //static let CURVETYPE = WEIERSTRASS
- //static let CURVE_A:Int = -3;
- //static let CURVE_B:[Chunk]=[0x1B7BB73F,0x3AF6CB3,0xC68600C,0x181935C9,0xC00FDFE,0x1D3AA522,0x4C0352A,0x194A8515,0xEE353F]
- //static let CURVE_Order:[Chunk]=[0x6D655E1,0x1FEEA2CE,0x14AFE507,0x18CFC281,0x435B53D,0x16F46721,0x163C4049,0x1181675A,0xF1FD17]
- //static let CURVE_Gx:[Chunk]=[0x198F5CFF,0x64BD16E,0x62DC059,0xFA5B95F,0x23958C2,0x1EA3A4EA,0x7ACC460,0x186AD827,0xB6B3D4]
- //static let CURVE_Gy:[Chunk]=[0x14062CFB,0x188AD0AA,0x19327860,0x3860FD1,0xEF8C270,0x18F879F6,0x12447E49,0x1EF91640,0x6142E0]
-
-
- // BN254 Curve
-/*
- static let CURVETYPE = WEIERSTRASS
- static let CURVE_PAIRING_TYPE = BN_CURVE
- static let CURVE_A:Int = 0
- static let CURVE_B:[Chunk]=[0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- static let CURVE_Cof:[Chunk]=[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- static let CURVE_Order:[Chunk]=[0xD,0x8000000,0x428,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364]
- static let CURVE_Bnx:[Chunk]=[0x1,0x4000000,0x10,0x0,0x0,0x0,0x0,0x0,0x0]
- static let CURVE_Cru:[Chunk]=[0x7,0xC000000,0x1B3,0x12000000,0x2490,0x11200000,0x126CD,0x0,0x0]
- static let CURVE_Fra:[Chunk]=[0xF2A6DE9,0xBEF3603,0xFDDF0B8,0x12E9249A,0x953F850,0xDA85423,0x1232D926,0x32425CF,0x1B3776]
- static let CURVE_Frb:[Chunk]=[0x10D5922A,0xC10C9FC,0x10221431,0xF16DB65,0x16AC8DC1,0x1917ABDC,0xDD40FAA,0xD23DA30,0x9EBEE]
- static let CURVE_Pxa:[Chunk]=[0x803FB2B,0xF721126,0x62FC364,0x9177691,0x1EDB6A46,0x63F4630,0x18BFAE36,0x176A33D6,0x61A10]
- static let CURVE_Pxb:[Chunk]=[0x7D54CF3,0xC61A60F,0xDE12DC3,0x1AE8D75C,0xAA5B1F4,0x13C62CC1,0xCCC42A,0x1F374E6F,0x516AA]
- static let CURVE_Pya:[Chunk]=[0x11CD2B9A,0xF8703C4,0xF826F46,0x1A15CD7B,0x822329B,0x104B34C6,0xD0E6A43,0x140D75F2,0x21897]
- static let CURVE_Pyb:[Chunk]=[0xB3ACE9B,0x1168D763,0xE7255E2,0xDFFAE,0x18D37B09,0x22B7AF9,0x149A3DB5,0x1CF9162,0xEBB2B]
- static let CURVE_Gx:[Chunk]=[0x12,0x18000000,0x4E9,0x2000000,0x8612,0x6C00000,0x6E8D1,0x10480000,0x252364]
- static let CURVE_Gy:[Chunk]=[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- static let CURVE_W:[[Chunk]]=[[0x3,0x0,0x81,0x3000000,0x618,0x0,0x0,0x0,0x0],[0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0]]
- static let CURVE_SB:[[[Chunk]]]=[[[0x4,0x8000000,0xA1,0x3000000,0x618,0x0,0x0,0x0,0x0],[0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0],[0xA,0x8000000,0x3A7,0x1C000000,0x79E1,0x6C00000,0x6E8D1,0x10480000,0x252364]]]
- static let CURVE_WB:[[Chunk]]=[[0x0,0x4000000,0x10,0x1000000,0x208,0x0,0x0,0x0,0x0],[0x5,0x14000000,0x152,0xE000000,0x1C70,0xC00000,0xC489,0x0,0x0],[0x3,0xC000000,0xB1,0x7000000,0xE38,0x10600000,0x6244,0x0,0x0],[0x1,0xC000000,0x30,0x1000000,0x208,0x0,0x0,0x0,0x0]]
- static let CURVE_BB:[[[Chunk]]]=[[[0xD,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364],[0xC,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364],[0xC,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364],[0x2,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0],[0xC,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364],[0xD,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364],[0xC,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364]],[[0x2,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x2,0x4000000,0x10,0x0,0x0,0x0,0x0,0x0,0x0],[0x2,0x10000000,0x40,0x0,0x0,0x0,0x0,0x0,0x0],[0xA,0x0,0x408,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364],[0x2,0x4000000,0x10,0x0,0x0,0x0,0x0,0x0,0x0]]]
-
- static let USE_GLV = true
- static let USE_GS_G2 = true
- static let USE_GS_GT = true
- static let GT_STRONG = false
-*/
-
- // BLS383 Curve
-
- static let CURVETYPE = WEIERSTRASS;
- static let CURVE_PAIRING_TYPE = BLS_CURVE;
- static let CURVE_A:Int = 0;
-
- static let CURVE_Order:[Chunk]=[0xFFF001,0xFFF8000,0xFE7800,0xBFDE007,0xC5EDF1C,0x3000049,0x910007A,0xC40007F,0x641004C,0x14,0x0,0x0,0x0,0x0];
- static let CURVE_B:[Chunk]=[0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0];
- static let CURVE_Cof:[Chunk]=[0x52B,0x2A00,0xAAB2CA0,0x5560AAA,0x6055,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0];
- static let CURVE_Gx:[Chunk]=[0xD10786B,0xD59B348,0x3F54AD0,0x3477C0E,0x4578B9B,0xBF25B73,0x7BB6F65,0x4F6AC00,0xFF57E9C,0xEFD5830,0xFB6EC02,0xADB9F88,0xEE4BC98,0xB08C];
- static let CURVE_Gy:[Chunk]=[0xD145DDB,0x5DA023,0x5FEF7CC,0x13F518C,0x2B2A66F,0x56EC346,0xC7A925F,0x96F3019,0x981223E,0x9061047,0x8F5BE59,0x4810AD,0x9337671,0x1F390];
-
- static let CURVE_Bnx:[Chunk]=[0x40,0x100,0x110,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0];
- static let CURVE_Cru:[Chunk]=[0xDA155A9,0xA3AAC4E,0x61E5E3D,0xDF2FE87,0xE632625,0xBCDFAAD,0xD3035A6,0x5123128,0xBEAD683,0xDBF3A2B,0x424190,0x5C5FAB2,0x80A9F7,0x7AC52];
- static let CURVE_Fra:[Chunk]=[0x2B4508B,0x2BA59A9,0x6EEF343,0x63DB7A0,0x1DFBC74,0x40341CB,0x32D55D3,0x1639E9D,0x5CC36D4,0xB19B3F0,0xD86AB98,0xF323EE4,0xB198672,0x5A5F];
- static let CURVE_Frb:[Chunk]=[0x7F904E0,0x81051A9,0xF086A37,0xB7D49A6,0xB7DB8AB,0x8F3EEB8,0xC6C9543,0xEEF7983,0x49CB35D,0x7A65F65,0x7CBFBEC,0x693D177,0x5672384,0x751F2];
- static let CURVE_Pxa:[Chunk]=[0xBAC9472,0x6059885,0xE2DC36D,0x7C4D31D,0x8C88A7,0xBDC90C3,0x1C688FC,0x29F0197,0xC43F167,0x3693539,0x61EB8BF,0xD81E5A5,0x22B56BF,0x4D507];
- static let CURVE_Pxb:[Chunk]=[0x272AB23,0x9B4BD7A,0xF44DCE8,0x7AF19D4,0x3206A34,0x3F6F7B9,0x2A819FB,0x571DD3E,0x635D7EE,0x3A2BA3B,0xC1A126,0xAC28C78,0x17C3E5B,0xEE36];
- static let CURVE_Pya:[Chunk]=[0x77BD4FD,0x81D2309,0xDFDFC6,0xB66072,0xC89A0C,0x41FC959,0x878287A,0x2E1FBCF,0x14EEE65,0x11C230,0x6BB325E,0x2887881,0x859A05C,0x8F40];
- static let CURVE_Pyb:[Chunk]=[0x52C4CE6,0xA5E20A2,0xAFF40C8,0x5907A74,0x2448EF3,0x41760A4,0xFDA199,0xFFEF82B,0x8D4EA49,0xA0F29A1,0x6E4997B,0xAC7F7B8,0xBA88C12,0x1DCAB];
-
- static let CURVE_W:[[Chunk]]=[[],[]];
- static let CURVE_SB:[[[Chunk]]]=[[[],[]],[[],[]]];
- static let CURVE_WB:[[Chunk]]=[[],[],[],[]];
- static let CURVE_BB:[[[Chunk]]]=[[[],[],[],[]],[[],[],[],[]],[[],[],[],[]],[[],[],[],[]]];
-
- static let USE_GLV = true
- static let USE_GS_G2 = true
- static let USE_GS_GT = true
- static let GT_STRONG = false
-
- // BN454 Curve
-/*
- static let CURVETYPE = WEIERSTRASS
- static let CURVE_PAIRING_TYPE = BN_CURVE
- static let CURVE_A:Int = 0
-
- static let CURVE_Order:[Chunk]=[0xD,0x210,0x1F80,0x400D884,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000]
- static let CURVE_B:[Chunk]=[0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- static let CURVE_Cof:[Chunk]=[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- static let CURVE_Gx:[Chunk]=[0x12,0x270,0x2100,0x1C00D89C,0x25084,0xA284,0x24720,0x10803AA1,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000]
- static let CURVE_Gy:[Chunk]=[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
-
- static let CURVE_Bnx:[Chunk]=[0x1,0x8,0x0,0x2000002,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- static let CURVE_Cru:[Chunk]=[0x7,0xD8,0x900,0x16002436,0x481,0x1B24,0x168,0x48006C9,0x1600006C,0x10000091,0xD80000D,0x240000,0x0,0x0,0x0,0x0]
- static let CURVE_Fra:[Chunk]=[0x1573B0EC,0x1816E4FE,0xA42E6E0,0x15DDCD87,0x2B17EC7,0x35B9A50,0x15AA1F74,0x1B7B2AC5,0x1CB5A200,0x9937657,0x17389A4A,0x738BADB,0xD92B321,0x3F5F0E6,0x1B1C9E9A,0x25CF3]
- static let CURVE_Frb:[Chunk]=[0xA8C4F27,0x7E91D71,0x15BD3A1F,0x6230B14,0x1D50D1BD,0x1CA50833,0xA5827AB,0x15050FDB,0x74B3887,0x166C9A92,0x19C78A3C,0x199F4886,0x1B6D4F39,0x80A0F61,0x7236169,0x2230C]
- static let CURVE_Pxa:[Chunk]=[0xF02B14,0x1DD1DD61,0x330AEC7,0x178617DE,0x1CEFFF36,0x116D35AF,0x1F879FBF,0x105DBF83,0x8345436,0x13664BCA,0x12EE86B5,0x776BB31,0x14AAFE16,0x41B3478,0x13E03554,0x2807A]
- static let CURVE_Pxb:[Chunk]=[0x45BF266,0xE036876,0x8F0DBA,0xCB5976F,0x10DBC523,0x1723123C,0xBDDA7F4,0x10077CDE,0x11971DE0,0x14F1554A,0x195995EE,0x82E6FD7,0x40D5258,0x1400A58F,0x15A7850B,0x2B2A5]
- static let CURVE_Pya:[Chunk]=[0x1E1B15C7,0x9CD5B5D,0x1571B2D2,0x1E4C048A,0x1474FB5D,0x18E2328C,0x11775519,0x144EF51F,0xF2FAABA,0x438F741,0x1930EAC0,0x144DC38,0x1287A0FE,0x36D8962,0x10011EAF,0x3ACF4]
- static let CURVE_Pyb:[Chunk]=[0x571D60,0x8737DB,0xC4A363B,0x124E308F,0x13A65C7E,0x1387693A,0x10CDDA2F,0x184C096E,0x385175,0x5A34088,0xF17A93C,0x1E194915,0x1903ED91,0x4D6FA9F,0x8D8210B,0x12EDC]
- static let CURVE_W:[[Chunk]]=[[0x3,0x40,0x180,0x10000010,0xC0,0x6,0x10000018,0xC00001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]]
- static let CURVE_SB:[[[Chunk]]]=[[[0x4,0x50,0x180,0x14000014,0xC0,0x6,0x10000018,0xC00001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0xA,0x1D0,0x1E00,0x1400D874,0x24F03,0xA278,0x246F0,0xF003A9E,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000]]]
- static let CURVE_WB:[[Chunk]]=[[0x0,0x8,0x80,0x2000002,0x40,0x2,0x10000008,0x400000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x5,0xA8,0x700,0xA00182A,0x381,0x121C,0x100,0x3800487,0x4000048,0x61,0x9000009,0x180000,0x0,0x0,0x0,0x0],[0x3,0x58,0x380,0x16000C16,0x1C0,0x90E,0x10000080,0x1C00243,0x12000024,0x10000030,0x4800004,0xC0000,0x0,0x0,0x0,0x0],[0x1,0x18,0x80,0x6000006,0x40,0x2,0x10000008,0x400000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]]
- static let CURVE_BB:[[[Chunk]]]=[[[0xD,0x208,0x1F80,0x200D882,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000],[0xC,0x208,0x1F80,0x200D882,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000],[0xC,0x208,0x1F80,0x200D882,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000],[0x2,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0xC,0x208,0x1F80,0x200D882,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000],[0xD,0x208,0x1F80,0x200D882,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000],[0xC,0x208,0x1F80,0x200D882,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,
0xC000048,0x2400003,0x48000]],[[0x2,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x2,0x8,0x0,0x2000002,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x2,0x20,0x0,0x8000008,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0xA,0x200,0x1F80,0xD880,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000],[0x2,0x8,0x0,0x2000002,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]]]
-
- static let USE_GLV = true
- static let USE_GS_G2 = true
- static let USE_GS_GT = true
- static let GT_STRONG = false
-*/
- // BLS455 Curve
-/*
- static let CURVETYPE = WEIERSTRASS
- static let CURVE_PAIRING_TYPE = BLS_CURVE
- static let CURVE_A:Int = 0
-
- static let CURVE_Order:[Chunk]=[0x1FC00001,0x3FFF,0x10000070,0x1400000,0x1D100,0xF0003A8,0x13C0009,0x1E200,0x180002E0,0x400001,0x4000,0x0,0x0,0x0,0x0,0x0]
- static let CURVE_B:[Chunk]=[0xA,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- static let CURVE_Cof:[Chunk]=[0xABFFAAB,0x14AABFFD,0xD52AADA,0x1562AAAB,0x15556AAA,0x2A,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- static let CURVE_Gx:[Chunk]=[0x1DFCEDD1,0x16A62EEF,0xE80D3ED,0xB8DE876,0x179C7253,0x182DAB52,0x46CC85F,0x1E571D9C,0x1E8392B1,0x1A155867,0x19E6527C,0x23DC64E,0xABEDA59,0xF20662B,0x17CECC01,0x310A]
- static let CURVE_Gy:[Chunk]=[0x6619B9B,0x27EBCD,0x1BE80A19,0x13B014BA,0x191A4936,0x13911916,0x107A5A3B,0x1DCB0863,0x1F5FB1,0xDE44A9C,0x18E23B2A,0x1FA81FD3,0xB0D6DFA,0xC2FE1EF,0xDDFA7E2,0x3351B]
-
- static let CURVE_Bnx:[Chunk]=[0x800,0x1000004,0x40000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- static let CURVE_Cru:[Chunk]=[0xAA9,0x9017FE0,0x128DD8AA,0x1F4A321E,0x148FEC90,0x195CDEEA,0xE961AA2,0x168D3B66,0xAFD99D7,0xB989AA6,0x1F9A5724,0x91A05FF,0xE0EF5B,0xAAB9548,0x55555E5,0xAAAAB]
- static let CURVE_Fra:[Chunk]=[0xA2EBF21,0x4E67DEE,0xCDE6590,0xE5EA94E,0x15454985,0x140CFC43,0x7E14D1C,0x1778395A,0x1944F022,0x166BEA1A,0xC3DEEA0,0x9F031A0,0x16A7459,0x1F1D6E00,0x125CFB72,0x72FD4]
- static let CURVE_Frb:[Chunk]=[0x15D1438A,0x1019821D,0x1DCBF01A,0x1CB40187,0x118C70E6,0x18BD5A30,0xB018251,0x13275D08,0xA06E916,0x1C6D0096,0x39BA8ED,0x1F33D460,0x1F768501,0xB8E274F,0x12F85A72,0x37AD6]
- static let CURVE_Pxa:[Chunk]=[0x10C1F542,0x23AF907,0x159F840,0xBAC0E1F,0x133D7766,0x1C034C5D,0x14C5C875,0x1ED0BDA2,0x16A49C71,0x1E9FF62D,0x14F3ACC0,0x1E0C9FEA,0xC4638DE,0x74D18DA,0xBEA0030,0x5D962]
- static let CURVE_Pxb:[Chunk]=[0x749F03D,0xC843773,0xB17BCBA,0x1134AB4B,0x8EA016E,0x1A0D766C,0x58F819E,0x48A1FCC,0xE296F62,0x83370E4,0xC9BA1D5,0x1E43290E,0xEE59A80,0x1FDD85F5,0x1F3819B6,0x1D9F]
- static let CURVE_Pya:[Chunk]=[0x181A77F4,0x191AD22,0x1E9F842A,0x1E1E6CF6,0xD55B9D9,0x1D062533,0x15BB1323,0x7ECBC1,0x1A9EC2EF,0x1EE14CE0,0x1E96B271,0xA794439,0x1C544324,0xE6AD5DC,0x16429B0F,0x448E3]
- static let CURVE_Pyb:[Chunk]=[0x1E1FDBA2,0x1A09DB6C,0xF680D5B,0xFCC6122,0xC488E2A,0x1E489ECD,0x1005617E,0x1CF9EC36,0x1C89ED72,0x16C00D90,0x1563E595,0x1243DDC0,0x8698F9E,0x1BD81E7E,0xF2A0F4A,0x66A0]
-
-// Not used
-// static let CURVE_W:[[Chunk]]=[[0x3,0x40,0x180,0x10000010,0xC0,0x6,0x10000018,0xC00001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]]
-// static let CURVE_SB:[[[Chunk]]]=[[[0x4,0x50,0x180,0x14000014,0xC0,0x6,0x10000018,0xC00001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0xA,0x1D0,0x1E00,0x1400D874,0x24F03,0xA278,0x246F0,0xF003A9E,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000]]]
-// static let CURVE_WB:[[Chunk]]=[[0x0,0x8,0x80,0x2000002,0x40,0x2,0x10000008,0x400000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x5,0xA8,0x700,0xA00182A,0x381,0x121C,0x100,0x3800487,0x4000048,0x61,0x9000009,0x180000,0x0,0x0,0x0,0x0],[0x3,0x58,0x380,0x16000C16,0x1C0,0x90E,0x10000080,0x1C00243,0x12000024,0x10000030,0x4800004,0xC0000,0x0,0x0,0x0,0x0],[0x1,0x18,0x80,0x6000006,0x40,0x2,0x10000008,0x400000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]]
-// static let CURVE_BB:[[[Chunk]]]=[[[0xD,0x208,0x1F80,0x200D882,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000],[0xC,0x208,0x1F80,0x200D882,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000],[0xC,0x208,0x1F80,0x200D882,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000],[0x2,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0xC,0x208,0x1F80,0x200D882,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000],[0xD,0x208,0x1F80,0x200D882,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000],[0xC,0x208,0x1F80,0x200D882,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025
B,0xC000048,0x2400003,0x48000]],[[0x2,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x2,0x8,0x0,0x2000002,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x2,0x20,0x0,0x8000008,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0xA,0x200,0x1F80,0xD880,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000],[0x2,0x8,0x0,0x2000002,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]]]
-
- static let CURVE_W:[[Chunk]]=[[],[]]
- static let CURVE_SB:[[[Chunk]]]=[[[],[]],[[],[]]]
- static let CURVE_WB:[[Chunk]]=[[],[],[],[]]
- static let CURVE_BB:[[[Chunk]]]=[[[],[],[],[]],[[],[],[],[]],[[],[],[],[]],[[],[],[],[]]]
-
-
- static let USE_GLV = true
- static let USE_GS_G2 = true
- static let USE_GS_GT = true
- static let GT_STRONG = false
-*/
- // BNCX Curve
- /*
- static let CURVETYPE = WEIERSTRASS
- static let CURVE_PAIRING_TYPE = BN_CURVE
- static let CURVE_A:Int = 0
- static let CURVE_B:[Chunk]=[0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- static let CURVE_Cof:[Chunk]=[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- static let CURVE_Order:[Chunk]=[0x16EB1F6D,0x108E0531,0x1241B3AF,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000]
- static let CURVE_Bnx:[Chunk]=[0x3C012B1,0x0,0x10,0x0,0x0,0x0,0x0,0x0,0x0]
- static let CURVE_Cru:[Chunk]=[0x14235C97,0xF0498BC,0x1BE1D58C,0x1BBEC8E3,0x3F1440B,0x654,0x12000,0x0,0x0]
- static let CURVE_Fra:[Chunk]=[0x15C80EA3,0x1EC8419A,0x1CFE0856,0xEE64DE2,0x11898686,0x5C55653,0x592BF86,0x5F4C740,0x135908]
- static let CURVE_Frb:[Chunk]=[0x6534710,0x1468DDE0,0x551B018,0x10C78E4D,0x4E3ABBD,0x9ECE6DE,0x2A40371,0x1A0C46C5,0x10A6F7]
- static let CURVE_Pxa:[Chunk]=[0x4D2EC74,0x428E777,0xF89C9B0,0x190B7F40,0x14BBB907,0x12807AE1,0x958D62C,0x58E0A76,0x19682D]
- static let CURVE_Pxb:[Chunk]=[0xE29CFE1,0x1D2C7459,0x270C3D1,0x172F6184,0x19743F81,0x49BD474,0x192A8047,0x1D87C33E,0x1466B9]
- static let CURVE_Pya:[Chunk]=[0xF0BE09F,0x7DFE75E,0x1FB06CC3,0x3667B08,0xE209636,0x110ABED7,0xE376078,0x1B2E4665,0xA79ED]
- static let CURVE_Pyb:[Chunk]=[0x898EE9D,0xC825914,0x14BB7AFB,0xC9D4AD3,0x13461C28,0x122896C6,0x240D71B,0x73D9898,0x6160C]
- static let CURVE_Gx:[Chunk]=[0x1C1B55B2,0x13311F7A,0x24FB86F,0x1FADDC30,0x166D3243,0xFB23D31,0x836C2F7,0x10E05,0x240000]
- static let CURVE_Gy:[Chunk]=[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- static let CURVE_W:[[Chunk]]=[[0x162FEB83,0x2A31A48,0x100E0480,0x16,0x600,0x0,0x0,0x0,0x0],[0x7802561,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0]]
-
-
- static let CURVE_SB:[[[Chunk]]]=[[[0x1DB010E4,0x2A31A48,0x100E04A0,0x16,0x600,0x0,0x0,0x0,0x0],[0x7802561,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x7802561,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0],[0xBB33EA,0xDEAEAE9,0x233AF2F,0x1FADDC03,0x166D2643,0xFB23D31,0x836C2F7,0x10E05,0x240000]]]
-
- static let CURVE_WB:[[Chunk]]=[[0x167A84B0,0xE108C2,0x1004AC10,0x7,0x200,0x0,0x0,0x0,0x0],[0x1E220475,0x166FCCAD,0x129FE68D,0x1D29DB51,0x2A0DC07,0x438,0xC000,0x0,0x0],[0xF10B93,0x1B37E657,0x194FF34E,0x1E94EDA8,0x1506E03,0x21C,0x6000,0x0,0x0],[0x1DFAAA11,0xE108C2,0x1004AC30,0x7,0x200,0x0,0x0,0x0,0x0]]
-
- static let CURVE_BB:[[[Chunk]]]=[[[0x132B0CBD,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000],[0x132B0CBC,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000],[0x132B0CBC,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000],[0x7802562,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x7802561,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0],[0x132B0CBC,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000],[0x132B0CBD,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000],[0x132B0CBC,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000]],[[0x7802562,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0],[0x7802561,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0],[0x7802561,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0],[0x7802561,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x3C012B2,0x0,0x10,0x0,0x0,0x0,0x0,0x0,0x0],[0xF004AC2,0x0,0x40,0x0,0x0,0x0,0x0,0x0,0x0],[0xF6AFA0A,0x108E0531,0x1241B
38F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000],[0x3C012B2,0x0,0x10,0x0,0x0,0x0,0x0,0x0,0x0]]]
-
- static let USE_GLV = true
- static let USE_GS_G2 = true
- static let USE_GS_GT = true
- static let GT_STRONG = true
-*/
-
-// BN646 Curve
-/*
- static let CURVETYPE=WEIERSTRASS
- static let CURVE_PAIRING_TYPE = BN_CURVE
- static let CURVE_A:Int = 0
- static let CURVE_Order:[Chunk]=[0x1E04200D,0x1203603,0x420000,0x80A207E,0x2,0xC303F0,0x4051075,0x3600001,0xA20630,0x36,0x5100900,0x1028845C,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90]
- static let CURVE_B:[Chunk] = [0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- static let CURVE_Cof:[Chunk] = [0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- static let CURVE_Gx:[Chunk] = [0x404E012,0x1203604,0x4E0000,0x80A2084,0x2,0xC90420,0x4051078,0x3600001,0xA20660,0x36,0x5100900,0x10288468,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90]
- static let CURVE_Gy:[Chunk] = [0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
-
- static let CURVE_Bnx:[Chunk]=[0x1001,0x0,0x10000,0x0,0x0,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- static let CURVE_Cru:[Chunk]=[0x401B007,0x901,0x1B0000,0x1B024,0x0,0x288120,0xD812,0x900000,0x1B0120,0x0,0xD80000,0x6C048,0x0,0x6C0000,0x0,0x0,0x120000,0x0,0x0,0x0,0x0,0x0,0x0]
- static let CURVE_Fra:[Chunk]=[0x4929A14,0x3B756CA,0x4337DD0,0xFC1417C,0x193166BB,0x1DC54515,0x1C0DF653,0x19BF8961,0x155980E,0x1983CB14,0x4D76309,0x1DEAB1A4,0xF9C3CF5,0x128FEC2D,0x867E339,0xDA0548A,0x1A480AF,0xA3CBCD2,0x116DA6E0,0x2A546E9,0x789577C,0x1F9459D2,0x27]
- static let CURVE_Frb:[Chunk]=[0x1F7245FF,0x1D68DF39,0x1C1A822F,0x1848DF07,0x6CE9946,0x303BF0A,0x7F71A24,0x9A0769F,0x1F4C6E51,0x67C3521,0x38A5F6,0x123DD2C4,0x1063C317,0xFF825D2,0x17981E76,0x125FAB75,0x1EC78CD0,0x15C34375,0xE92591F,0x1D5ABD96,0x1876A883,0x6BA62D,0x68]
- static let CURVE_Pxa:[Chunk]=[0x1CCC5E10,0x119F939,0xC6C7FE9,0x81022FF,0x6486AA6,0x1CBC560B,0x1F707429,0xC82F7B9,0x1A7F5CDA,0x14C0EB47,0x11412373,0x13DAF21E,0x126BE416,0x166744A7,0x506E81,0x1048FFA3,0x13A6B0C9,0x1A90979A,0xE78C338,0x1722C561,0xBFFF9A1,0xC1AF83C,0x3F]
- static let CURVE_Pxb:[Chunk]=[0x67F4BC0,0x1BFC3C9,0x1E9DC3B6,0x87E2B03,0xB820274,0x1DD03B1E,0x517C463,0x1EFCBBC9,0x19F786A8,0x5572E90,0xD0BA5E0,0x16E8A40A,0x1013CF3B,0x11A7F82B,0x1C27B302,0x15E7CD12,0xB79A6DF,0x1EC6895B,0x5775A7E,0xBB28D24,0x416A171,0x127D284E,0x5D]
- static let CURVE_Pya:[Chunk]=[0xC3FB414,0x2B868EE,0xD858793,0x157FCFE,0x16C849AD,0x1D17B0A4,0x1353CFEA,0x940A061,0x1CEF834E,0x7BE766A,0x4584C1C,0xE2397E9,0x418E9D4,0x8F53B8,0x53B37E0,0x11CA29D9,0xE425654,0x9EFF9AF,0x18CF27A1,0x17755A26,0x3F5481A,0x6C531BC,0x1E]
- static let CURVE_Pyb:[Chunk]=[0x133908AD,0x17F1F1ED,0x14196532,0x19A85214,0x173EC3F7,0x1021EC2C,0xD798A3E,0x18F4C857,0x82EE2FA,0x11B5296D,0x1831D9C6,0x4463DB5,0x11B4812C,0xF93B884,0xC72653,0xEC6F6ED,0x916CFFF,0x1E81ED0A,0x1103518E,0x1E478B01,0x6B01074,0xC46CCAA,0x48]
-
- static let CURVE_W:[[Chunk]]=[[0x6008003,0x0,0x80000,0x6,0x0,0x40030,0x3,0x0,0x30,0x0,0x0,0xC,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x2001,0x0,0x20000,0x0,0x0,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]]
-
- static let CURVE_SB:[[[Chunk]]]=[[[0x600A004,0x0,0xA0000,0x6,0x0,0x50030,0x3,0x0,0x30,0x0,0x0,0xC,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x2001,0x0,0x20000,0x0,0x0,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x2001,0x0,0x20000,0x0,0x0,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1803A00A,0x1203603,0x3A0000,0x80A2078,0x2,0xBF03C0,0x4051072,0x3600001,0xA20600,0x36,0x5100900,0x10288450,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90]]]
-
- static let CURVE_WB:[[Chunk]]=[[0x2001000,0x0,0x10000,0x2,0x0,0x8010,0x1,0x0,0x10,0x0,0x0,0x4,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1C015005,0x600,0x150000,0x1201C,0x0,0x1C80E0,0x900E,0x600000,0x1200E0,0x0,0x900000,0x48038,0x0,0x480000,0x0,0x0,0xC0000,0x0,0x0,0x0,0x0,0x0,0x0],[0xE00B003,0x300,0xB0000,0x900E,0x0,0xE8070,0x4807,0x300000,0x90070,0x0,0x480000,0x2401C,0x0,0x240000,0x0,0x0,0x60000,0x0,0x0,0x0,0x0,0x0,0x0],[0x2003001,0x0,0x30000,0x2,0x0,0x18010,0x1,0x0,0x10,0x0,0x0,0x4,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]]
-
- static let CURVE_BB:[[[Chunk]]]=[[[0x1E04100D,0x1203603,0x410000,0x80A207E,0x2,0xC283F0,0x4051075,0x3600001,0xA20630,0x36,0x5100900,0x1028845C,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90],[0x1E04100C,0x1203603,0x410000,0x80A207E,0x2,0xC283F0,0x4051075,0x3600001,0xA20630,0x36,0x5100900,0x1028845C,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90],[0x1E04100C,0x1203603,0x410000,0x80A207E,0x2,0xC283F0,0x4051075,0x3600001,0xA20630,0x36,0x5100900,0x1028845C,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90],[0x2002,0x0,0x20000,0x0,0x0,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x2001,0x0,0x20000,0x0,0x0,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1E04100C,0x1203603,0x410000,0x80A207E,0x2,0xC283F0,0x4051075,0x3600001,0xA20630,0x36,0x5100900,0x1028845C,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90],[0x1E04100D,0x1203603,0x410000,0x80A207E,0x2,0xC283F0,0x4051075
,0x3600001,0xA20630,0x36,0x5100900,0x1028845C,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90],[0x1E04100C,0x1203603,0x410000,0x80A207E,0x2,0xC283F0,0x4051075,0x3600001,0xA20630,0x36,0x5100900,0x1028845C,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90]],[[0x2002,0x0,0x20000,0x0,0x0,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x2001,0x0,0x20000,0x0,0x0,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x2001,0x0,0x20000,0x0,0x0,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x2001,0x0,0x20000,0x0,0x0,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x1002,0x0,0x10000,0x0,0x0,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x4002,0x0,0x40000,0x0,0x0,0x20000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1E04000A,0x1203603,0x400000,0x80A207E,0x2,0xC203F0,0x4051075,0x3600001,0xA20630,0x
36,0x5100900,0x1028845C,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90],[0x1002,0x0,0x10000,0x0,0x0,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]]]
-
-
- static let USE_GLV = true
- static let USE_GS_G2 = true
- static let USE_GS_GT = true
- static let GT_STRONG = false
-*/
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/swift/rom64.swift
----------------------------------------------------------------------
diff --git a/version22/swift/rom64.swift b/version22/swift/rom64.swift
deleted file mode 100644
index cc48b20..0000000
--- a/version22/swift/rom64.swift
+++ /dev/null
@@ -1,258 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-//
-// rom.swift
-//
-// Created by Michael Scott on 12/06/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-typealias Chunk = Int64
-
-final public class ROM{
-
- static let CHUNK:Int=64
-
- /* Don't Modify from here... */
- static let NOT_SPECIAL=0
- static let PSEUDO_MERSENNE=1
- static let MONTGOMERY_FRIENDLY=2
- static let GENERALISED_MERSENNE=3
- static let WEIERSTRASS=0
- static let EDWARDS=1
- static let MONTGOMERY=2
- static let BN_CURVE=0
- static let BLS_CURVE=1
-
- /* ...to here */
-
-/*** Enter Some Field details here ***/
-
-// Curve 25519
-// static let MODBITS:UInt=255
-// static let MOD8:UInt=5
-// static let BASEBITS:UInt=56
-// static let AES_S:UInt=0
-
-// GOLDILOCKS
-// static let MODBITS:UInt=448
-// static let MOD8:UInt=7
-// static let BASEBITS:UInt=60
-// static let AES_S:UInt=0
-
-
-
-// BN254 Curve
-// static let MODBITS:UInt=254
-// static let MOD8:UInt=3
-// static let BASEBITS:UInt=56
-// static let AES_S:UInt=0
-
-// BLS383 Curve
-static let MODBITS:UInt=383
-static let MOD8:UInt=3
-static let BASEBITS:UInt=56
-static let AES_S:UInt=0
-
-
-// BLS455 Curve
-// static let MODBITS:UInt=455
-// static let MOD8:UInt=3
-// static let BASEBITS:UInt=60
-// static let AES_S:UInt=128
-
-
- static let FFLEN:UInt=4
-
-/* Don't Modify from here... */
- static let NLEN:Int=Int(1+((MODBITS-1)/BASEBITS))
- static let DNLEN:Int=2*NLEN
- static let BMASK:Chunk=((1<<Chunk(BASEBITS))-1)
- static let MODBYTES:UInt=(1+(MODBITS-1)/8)
- static let NEXCESS:Int = (1<<(CHUNK-Int(BASEBITS)-1))
- static let FEXCESS:Chunk = (1<<Chunk(BASEBITS*UInt(NLEN)-MODBITS));
- static let OMASK:Chunk=Chunk(-1)<<Chunk(MODBITS%BASEBITS)
- static let TBITS:UInt=MODBITS%BASEBITS; // Number of active bits in top word
- static let TMASK:Chunk=(1<<Chunk(TBITS))-1
- static let BIGBITS:UInt = (MODBYTES*8)
- static let HBITS = (BASEBITS/2)
- static let HMASK:Chunk = ((1<<Chunk(HBITS))-1)
-
-
- /* Finite field support - for RSA, DH etc. */
- static let FF_BITS:UInt=(BIGBITS*FFLEN) /* Finite Field Size in bits - must be BIGBITS.2^n */
- static let HFLEN=(FFLEN/2); /* Useful for half-size RSA private key operations */
-
- static let P_MBITS:UInt=ROM.MODBYTES*8
- static let P_OMASK:Chunk=Chunk(-1)<<Chunk(P_MBITS%BASEBITS)
- static let P_FEXCESS:Chunk=(1<<Chunk(BASEBITS*UInt(NLEN)-P_MBITS))
- static let P_TBITS=(P_MBITS%ROM.BASEBITS)
-
-/* ...to here */
-
-// START SPECIFY FIELD DETAILS HERE
-//*********************************************************************************
-// Curve25519 Modulus
-// static let MODTYPE=PSEUDO_MERSENNE
-// static let Modulus:[Chunk]=[0xFFFFFFFFFFFFED,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0x7FFFFFFF]
-// static let MConst:Chunk=19
-
-//GOLDILOCKS
-//static let MODTYPE=GENERALISED_MERSENNE
-//static let Modulus:[Chunk]=[0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFEFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFF]
-//static let MConst:Chunk= 0x1
-
-// BN254 Curve Modulus
-//static let MODTYPE=NOT_SPECIAL
-//static let Modulus:[Chunk]=[0x13,0x13A7,0x80000000086121,0x40000001BA344D,0x25236482]
-//static let MConst:Chunk=0x435E50D79435E5
-
-// BLS383 Curve
-static let MODTYPE=NOT_SPECIAL
-static let Modulus:[Chunk]=[0xACAAB52AAD556B,0x1BB01475F75D7A,0xCF73083D5D7520,0x531820F99EB16,0x2C01355A68EA32,0x5C6105C552A785,0x7AC52080A9F7]
-static let MConst:Chunk=0xA59AB3B123D0BD
-
-
-// BLS455 Curve
-//static let MODTYPE=NOT_SPECIAL
-//static let Modulus:[Chunk]=[0xAA00001800002AB,0xC589556B2AA956A,0xB9994ACE86D1BA6,0x3954FCB314B8B3D,0xE3A5B1D56234BD9,0x95B49203003F665,0x57955572AA00E0F,0x555559555]
-//static let MConst:Chunk=0xB3EF8137F4017FD
-
-
-
-// START SPECIFY CURVE DETAILS HERE
-//*********************************************************************************
-
-// Ed25519 Curve
-// static let CURVETYPE=EDWARDS
-// static let CURVE_A:Int = -1
-// static let CURVE_B:[Chunk]=[0xEB4DCA135978A3,0xA4D4141D8AB75,0x797779E8980070,0x2B6FFE738CC740,0x52036CEE]
-// static let CURVE_Order:[Chunk]=[0x12631A5CF5D3ED,0xF9DEA2F79CD658,0x14DE,0x0,0x10000000]
-// static let CURVE_Gx:[Chunk]=[0x562D608F25D51A,0xC7609525A7B2C9,0x31FDD6DC5C692C,0xCD6E53FEC0A4E2,0x216936D3]
-// static let CURVE_Gy:[Chunk]=[0x66666666666658,0x66666666666666,0x66666666666666,0x66666666666666,0x66666666]
-
-
-
-// GOLDILOCKS
-// static let CURVETYPE= EDWARDS
-// static let CURVE_A:Int = 1;
-// static let CURVE_B:[Chunk]=[0xFFFFFFFFFFF6756,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFEFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFF];
-// static let CURVE_Order:[Chunk]=[0x378C292AB5844F3,0x6CC2728DC58F552,0xEDB49AED6369021,0xFFFF7CCA23E9C44,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0x3FFFFFF];
-// static let CURVE_Gx:[Chunk]=[0x555555555555555,0x555555555555555,0x555555555555555,0xAAA955555555555,0xAAAAAAAAAAAAAAA,0xAAAAAAAAAAAAAAA,0xAAAAAAAAAAAAAAA,0xAAAAAAA];
-// static let CURVE_Gy:[Chunk]=[0xAEAFBCDEA9386ED,0xBCB2BED1CDA06BD,0x565833A2A3098BB,0x6D728AD8C4B80D6,0x7A035884DD7B7E3,0x205086C2B0036ED,0x34AD7048DB359D6,0xAE05E96];
-
-
-// BN254 Curve
-/*
- static let CURVETYPE= WEIERSTRASS;
- static let CURVE_PAIRING_TYPE = BN_CURVE;
- static let CURVE_A:Int = 0;
- static let CURVE_B:[Chunk]=[0x2,0x0,0x0,0x0,0x0];
- static let CURVE_Order:[Chunk]=[0xD,0x800000000010A1,0x8000000007FF9F,0x40000001BA344D,0x25236482];
- static let CURVE_Gx:[Chunk]=[0x12,0x13A7,0x80000000086121,0x40000001BA344D,0x25236482];
- static let CURVE_Gy:[Chunk]=[0x1,0x0,0x0,0x0,0x0];
-
- static let CURVE_Fra:[Chunk]=[0x7DE6C06F2A6DE9,0x74924D3F77C2E1,0x50A846953F8509,0x212E7C8CB6499B,0x1B377619];
- static let CURVE_Frb:[Chunk]=[0x82193F90D5922A,0x8B6DB2C08850C5,0x2F57B96AC8DC17,0x1ED1837503EAB2,0x9EBEE69];
- static let CURVE_Pxa:[Chunk]=[0xEE4224C803FB2B,0x8BBB4898BF0D91,0x7E8C61EDB6A464,0x519EB62FEB8D8C,0x61A10BB];
- static let CURVE_Pxb:[Chunk]=[0x8C34C1E7D54CF3,0x746BAE3784B70D,0x8C5982AA5B1F4D,0xBA737833310AA7,0x516AAF9];
- static let CURVE_Pya:[Chunk]=[0xF0E07891CD2B9A,0xAE6BDBE09BD19,0x96698C822329BD,0x6BAF93439A90E0,0x21897A0];
- static let CURVE_Pyb:[Chunk]=[0x2D1AEC6B3ACE9B,0x6FFD739C9578A,0x56F5F38D37B090,0x7C8B15268F6D44,0xEBB2B0E];
- static let CURVE_Bnx:[Chunk]=[0x80000000000001,0x40,0x0,0x0,0x0];
- static let CURVE_Cof:[Chunk]=[0x1,0x0,0x0,0x0,0x0];
- static let CURVE_Cru:[Chunk]=[0x80000000000007,0x6CD,0x40000000024909,0x49B362,0x0];
- static let CURVE_W:[[Chunk]]=[[0x3,0x80000000000204,0x6181,0x0,0x0],[0x1,0x81,0x0,0x0,0x0]];
- static let CURVE_SB:[[[Chunk]]]=[[[0x4,0x80000000000285,0x6181,0x0,0x0],[0x1,0x81,0x0,0x0,0x0]],[[0x1,0x81,0x0,0x0,0x0],[0xA,0xE9D,0x80000000079E1E,0x40000001BA344D,0x25236482]]];
- static let CURVE_WB:[[Chunk]]=[[0x80000000000000,0x80000000000040,0x2080,0x0,0x0],[0x80000000000005,0x54A,0x8000000001C707,0x312241,0x0],[0x80000000000003,0x800000000002C5,0xC000000000E383,0x189120,0x0],[0x80000000000001,0x800000000000C1,0x2080,0x0,0x0]];
- static let CURVE_BB:[[[Chunk]]]=[[[0x8000000000000D,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482],[0x8000000000000C,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482],[0x8000000000000C,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482],[0x2,0x81,0x0,0x0,0x0]],[[0x1,0x81,0x0,0x0,0x0],[0x8000000000000C,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482],[0x8000000000000D,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482],[0x8000000000000C,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482]],[[0x2,0x81,0x0,0x0,0x0],[0x1,0x81,0x0,0x0,0x0],[0x1,0x81,0x0,0x0,0x0],[0x1,0x81,0x0,0x0,0x0]],[[0x80000000000002,0x40,0x0,0x0,0x0],[0x2,0x102,0x0,0x0,0x0],[0xA,0x80000000001020,0x8000000007FF9F,0x40000001BA344D,0x25236482],[0x80000000000002,0x40,0x0,0x0,0x0]]];
-
- static let USE_GLV = true
- static let USE_GS_G2 = true
- static let USE_GS_GT = true
- static let GT_STRONG = false
- */
-
- // BLS383 Curve
-
- static let CURVETYPE = WEIERSTRASS;
- static let CURVE_PAIRING_TYPE = BLS_CURVE;
- static let CURVE_A:Int = 0;
-
- static let CURVE_Order:[Chunk]=[0xFFF80000FFF001,0xBFDE0070FE7800,0x3000049C5EDF1C,0xC40007F910007A,0x14641004C,0x0,0x0];
- static let CURVE_B:[Chunk]=[0x9,0x0,0x0,0x0,0x0,0x0,0x0];
- static let CURVE_Cof:[Chunk]=[0x2A00000052B,0x5560AAAAAB2CA0,0x6055,0x0,0x0,0x0,0x0];
- static let CURVE_Gx:[Chunk]=[0xD59B348D10786B,0x3477C0E3F54AD0,0xBF25B734578B9B,0x4F6AC007BB6F65,0xEFD5830FF57E9C,0xADB9F88FB6EC02,0xB08CEE4BC98];
- static let CURVE_Gy:[Chunk]=[0x5DA023D145DDB,0x13F518C5FEF7CC,0x56EC3462B2A66F,0x96F3019C7A925F,0x9061047981223E,0x4810AD8F5BE59,0x1F3909337671];
-
- static let CURVE_Bnx:[Chunk]=[0x1000000040,0x110,0x0,0x0,0x0,0x0,0x0];
- static let CURVE_Cru:[Chunk]=[0xA3AAC4EDA155A9,0xDF2FE8761E5E3D,0xBCDFAADE632625,0x5123128D3035A6,0xDBF3A2BBEAD683,0x5C5FAB20424190,0x7AC52080A9F7];
- static let CURVE_Fra:[Chunk]=[0x2BA59A92B4508B,0x63DB7A06EEF343,0x40341CB1DFBC74,0x1639E9D32D55D3,0xB19B3F05CC36D4,0xF323EE4D86AB98,0x5A5FB198672];
- static let CURVE_Frb:[Chunk]=[0x81051A97F904E0,0xB7D49A6F086A37,0x8F3EEB8B7DB8AB,0xEEF7983C6C9543,0x7A65F6549CB35D,0x693D1777CBFBEC,0x751F25672384];
- static let CURVE_Pxa:[Chunk]=[0x6059885BAC9472,0x7C4D31DE2DC36D,0xBDC90C308C88A7,0x29F01971C688FC,0x3693539C43F167,0xD81E5A561EB8BF,0x4D50722B56BF];
- static let CURVE_Pxb:[Chunk]=[0x9B4BD7A272AB23,0x7AF19D4F44DCE8,0x3F6F7B93206A34,0x571DD3E2A819FB,0x3A2BA3B635D7EE,0xAC28C780C1A126,0xEE3617C3E5B];
- static let CURVE_Pya:[Chunk]=[0x81D230977BD4FD,0xB660720DFDFC6,0x41FC9590C89A0C,0x2E1FBCF878287A,0x11C23014EEE65,0x28878816BB325E,0x8F40859A05C];
- static let CURVE_Pyb:[Chunk]=[0xA5E20A252C4CE6,0x5907A74AFF40C8,0x41760A42448EF3,0xFFEF82B0FDA199,0xA0F29A18D4EA49,0xAC7F7B86E4997B,0x1DCABBA88C12];
-
- static let CURVE_W:[[Chunk]]=[[],[]];
- static let CURVE_SB:[[[Chunk]]]=[[[],[]],[[],[]]];
- static let CURVE_WB:[[Chunk]]=[[],[],[],[]];
- static let CURVE_BB:[[[Chunk]]]=[[[],[],[],[]],[[],[],[],[]],[[],[],[],[]],[[],[],[],[]]];
-
-
- static let USE_GLV = true
- static let USE_GS_G2 = true
- static let USE_GS_GT = true
- static let GT_STRONG = false
-
-
- // BLS455 Curve
- /*
- static let CURVETYPE= WEIERSTRASS;
- static let CURVE_PAIRING_TYPE = BLS_CURVE;
- static let CURVE_A:Int =0;
-
- static let CURVE_Order:[Chunk]=[0x7FFFFC00001,0xA00000400001C,0x25E000750001D10,0xE0000F10004F000,0x80000380002,0x10,0x0,0x0];
- static let CURVE_B:[Chunk]=[0xA,0x0,0x0,0x0,0x0,0x0,0x0,0x0];
- static let CURVE_Cof:[Chunk]=[0xA9557FFAABFFAAB,0xAAB15555B54AAB6,0x555556AA,0x0,0x0,0x0,0x0,0x0];
- static let CURVE_Gx:[Chunk]=[0x6D4C5DDFDFCEDD1,0x35C6F43B3A034FB,0x7F05B56A579C725,0xB1F2B8ECE11B321,0x9F342AB0CFE8392,0xA5911EE32767994,0x3005E40CC56ABED,0x18855F3B];
- static let CURVE_Gy:[Chunk]=[0x404FD79A6619B9B,0x69D80A5D6FA0286,0xEE722322D91A493,0xB1EE58431C1E968,0xCA9BC8953801F5F,0xDFAFD40FE9E388E,0x9F8985FC3DEB0D6,0x19A8DB77E];
-
- static let CURVE_Bnx:[Chunk]=[0x20000080000800,0x10000,0x0,0x0,0x0,0x0,0x0,0x0];
- static let CURVE_Cru:[Chunk]=[0x9202FFC00000AA9,0xFA5190F4A3762A,0x8B2B9BDD548FEC9,0xD7B469DB33A586A,0xC91731354CAFD99,0xF5B48D02FFFE695,0x57955572A900E0E,0x555559555];
- static let CURVE_Fra:[Chunk]=[0x9CCFBDCA2EBF21,0x572F54A73379964,0x72819F887545498,0x22BBC1CAD1F8534,0xA82CD7D435944F0,0x4594F818D030F7B,0xEDCBE3ADC0016A7,0x397EA4973];
- static let CURVE_Frb:[Chunk]=[0xA033043B5D1438A,0x6E5A00C3F72FC06,0x4717AB46118C70E,0x16993AE842C0609,0x3B78DA012CA06E9,0x501F99EA300E6EA,0x69C971C4E9FF768,0x1BD6B4BE1];
- static let CURVE_Pxa:[Chunk]=[0x475F20F0C1F542,0x65D6070F8567E10,0xD780698BB33D776,0x71F685ED1531721,0x303D3FEC5B6A49C,0x8DEF064FF553CEB,0xC0E9A31B4C463,0x2ECB12FA8];
- static let CURVE_Pxb:[Chunk]=[0x99086EE6749F03D,0xE89A55A5AC5EF2E,0x7B41AECD88EA016,0x622450FE6163E06,0x755066E1C8E296F,0xA80F219487326E8,0x66DBFBB0BEAEE59,0xECFFCE0];
- static let CURVE_Pya:[Chunk]=[0x83235A4581A77F4,0x9F0F367B7A7E10A,0x8FA0C4A66D55B9D,0xEF03F65E0D6EC4C,0x9C7DC299C1A9EC2,0x32453CA21CFA5AC,0x6C3DCD5ABB9C544,0x22471D90A];
- static let CURVE_Pyb:[Chunk]=[0xF413B6D9E1FDBA2,0xA7E630913DA0356,0xFBC913D9AC488E2,0x72E7CF61B401585,0x656D801B21C89ED,0xF9E921EEE0558F9,0x3D2B7B03CFC8698,0x33503CA8];
-
- static let CURVE_W:[[Chunk]]=[[],[]];
- static let CURVE_SB:[[[Chunk]]]=[[[],[]],[[],[]]];
- static let CURVE_WB:[[Chunk]]=[[],[],[],[]];
- static let CURVE_BB:[[[Chunk]]]=[[[],[],[],[]],[[],[],[],[]],[[],[],[],[]],[[],[],[],[]]];
-
-
- static let USE_GLV = true
- static let USE_GS_G2 = true
- static let USE_GS_GT = true
- static let GT_STRONG = false
- */
-}
-
[27/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/src/ecp2.rs
----------------------------------------------------------------------
diff --git a/version22/rust/src/ecp2.rs b/version22/rust/src/ecp2.rs
deleted file mode 100644
index cee55a6..0000000
--- a/version22/rust/src/ecp2.rs
+++ /dev/null
@@ -1,677 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-use std::fmt;
-use std::str::SplitWhitespace;
-
-#[derive(Copy, Clone)]
-pub struct ECP2 {
- x:FP2,
- y:FP2,
- z:FP2,
- inf: bool
-}
-
-
-use rom;
-use rom::BIG_HEX_STRING_LEN;
-//mod fp2;
-use fp2::FP2;
-//mod fp;
-//use fp::FP;
-//mod big;
-use big::BIG;
-//mod dbig;
-//use dbig::DBIG;
-//mod rand;
-//mod hash256;
-//mod rom;
-
-impl fmt::Display for ECP2 {
- fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
- write!(f, "ECP2: [ {}, {}, {}, {} ]", self.inf, self.x, self.y, self.z)
- }
-}
-
-impl fmt::Debug for ECP2 {
- fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
- write!(f, "ECP2: [ {}, {}, {}, {} ]", self.inf, self.x, self.y, self.z)
- }
-}
-
-impl PartialEq for ECP2 {
- fn eq(&self, other: &ECP2) -> bool {
- return (self.inf == other.inf) &&
- (self.x == other.x) &&
- (self.y == other.y) &&
- (self.z == other.z);
- }
-}
-
-#[allow(non_snake_case)]
-impl ECP2 {
-
- pub fn new() -> ECP2 {
- ECP2 {
- x: FP2::new(),
- y: FP2::new(),
- z: FP2::new(),
- inf: true
- }
- }
-#[allow(non_snake_case)]
-/* construct this from (x,y) - but set to O if not on curve */
- pub fn new_fp2s(ix:&FP2,iy:&FP2) -> ECP2 {
- let mut E=ECP2::new();
- E.x.copy(&ix);
- E.y.copy(&iy);
- E.z.one();
-
- let mut rhs=ECP2::rhs(&mut E.x);
- let mut y2=FP2::new_copy(&E.y);
- y2.sqr();
- if y2.equals(&mut rhs) {
- E.inf=false;
- } else {E.x.zero();E.inf=true}
- return E;
-}
-
-/* construct this from x - but set to O if not on curve */
- pub fn new_fp2(ix:&FP2) -> ECP2 {
- let mut E=ECP2::new();
- E.x.copy(&ix);
- E.y.one();
- E.z.one();
-
- let mut rhs=ECP2::rhs(&mut E.x);
- if rhs.sqrt() {
- E.y.copy(&rhs);
- E.inf=false;
- } else {E.x.zero();E.inf=true}
- return E;
- }
-
-/* Test this=O? */
- pub fn is_infinity(&mut self) -> bool {
- return self.inf;
- }
-
-/* copy self=P */
- pub fn copy(&mut self,P: &ECP2) {
- self.x.copy(&P.x);
- self.y.copy(&P.y);
- self.z.copy(&P.z);
- self.inf=P.inf;
- }
-
-/* set self=O */
- pub fn inf(&mut self) {
- self.inf=true;
- self.x.zero();
- self.y.zero();
- self.z.zero();
- }
-
-/* set self=-self */
- pub fn neg(&mut self) {
- if self.is_infinity() {return}
- self.y.neg(); self.y.reduce();
- }
-
-/* Conditional move of Q to self dependant on d */
- pub fn cmove(&mut self,Q: &ECP2,d: isize) {
- self.x.cmove(&Q.x,d);
- self.y.cmove(&Q.y,d);
- self.z.cmove(&Q.z,d);
-
- let bd:bool;
- if d==0 {bd=false}
- else {bd=true}
-
- self.inf=self.inf!=(self.inf!=Q.inf)&&bd;
- }
-
-/* return 1 if b==c, no branching */
- fn teq(b: i32,c: i32) -> isize {
- let mut x=b^c;
- x-=1; // if x=0, x now -1
- return ((x>>31)&1) as isize;
- }
-
-/* Constant time select from pre-computed table */
- pub fn selector(&mut self,W: &[ECP2],b: i32) {
- let mut MP=ECP2::new();
- let m=b>>31;
- let mut babs=(b^m)-m;
-
- babs=(babs-1)/2;
-
- self.cmove(&W[0],ECP2::teq(babs,0)); // conditional move
- self.cmove(&W[1],ECP2::teq(babs,1));
- self.cmove(&W[2],ECP2::teq(babs,2));
- self.cmove(&W[3],ECP2::teq(babs,3));
- self.cmove(&W[4],ECP2::teq(babs,4));
- self.cmove(&W[5],ECP2::teq(babs,5));
- self.cmove(&W[6],ECP2::teq(babs,6));
- self.cmove(&W[7],ECP2::teq(babs,7));
-
- MP.copy(self);
- MP.neg();
- self.cmove(&MP,(m&1) as isize);
- }
-
-/* Test if P == Q */
- pub fn equals(&mut self,Q :&mut ECP2) -> bool {
- if self.is_infinity() && Q.is_infinity() {return true}
- if self.is_infinity() || Q.is_infinity() {return false}
-
- let mut zs2=FP2::new_copy(&self.z); zs2.sqr();
- let mut zo2=FP2::new_copy(&Q.z); zo2.sqr();
- let mut zs3=FP2::new_copy(&zs2); zs3.mul(&mut self.z);
- let mut zo3=FP2::new_copy(&zo2); zo3.mul(&mut Q.z);
- zs2.mul(&mut Q.x);
- zo2.mul(&mut self.x);
- if !zs2.equals(&mut zo2) {return false}
- zs3.mul(&mut Q.y);
- zo3.mul(&mut self.y);
- if !zs3.equals(&mut zo3) {return false}
-
- return true;
- }
-
-/* set to Affine - (x,y,z) to (x,y) */
- pub fn affine(&mut self) {
- if self.is_infinity() {return}
- let mut one=FP2::new_int(1);
- if self.z.equals(&mut one) {return}
- self.z.inverse();
-
- let mut z2=FP2::new_copy(&self.z);
- z2.sqr();
- self.x.mul(&mut z2); self.x.reduce();
- self.y.mul(&mut z2);
- self.y.mul(&mut self.z); self.y.reduce();
- self.z.copy(&one);
- }
-
-/* extract affine x as FP2 */
- pub fn getx(&mut self) -> FP2 {
- self.affine();
- return FP2::new_copy(&self.x);
- }
-
-/* extract affine y as FP2 */
- pub fn gety(&mut self) -> FP2 {
- self.affine();
- return FP2::new_copy(&self.y);
- }
-
-/* extract projective x */
- pub fn getpx(&mut self) -> FP2 {
- return FP2::new_copy(&self.x);
- }
-/* extract projective y */
- pub fn getpy(&mut self) -> FP2 {
- return FP2::new_copy(&self.y);
- }
-/* extract projective z */
- pub fn getpz(&mut self) -> FP2 {
- return FP2::new_copy(&self.z);
- }
-
-/* convert to byte array */
- pub fn tobytes(&mut self,b: &mut [u8]) {
- let mut t:[u8;rom::MODBYTES as usize]=[0;rom::MODBYTES as usize];
- let mb=rom::MODBYTES as usize;
-
- self.affine();
- self.x.geta().tobytes(&mut t);
- for i in 0..mb { b[i]=t[i]}
- self.x.getb().tobytes(&mut t);
- for i in 0..mb { b[i+mb]=t[i]}
-
- self.y.geta().tobytes(&mut t);
- for i in 0..mb {b[i+2*mb]=t[i]}
- self.y.getb().tobytes(&mut t);
- for i in 0..mb {b[i+3*mb]=t[i]}
- }
-
-/* convert from byte array to point */
- pub fn frombytes(b: &[u8]) -> ECP2 {
- let mut t:[u8;rom::MODBYTES as usize]=[0;rom::MODBYTES as usize];
- let mb=rom::MODBYTES as usize;
-
- for i in 0..mb {t[i]=b[i]}
- let mut ra=BIG::frombytes(&t);
- for i in 0..mb {t[i]=b[i+mb]}
- let mut rb=BIG::frombytes(&t);
- let rx=FP2::new_bigs(&ra,&rb);
-
- for i in 0..mb {t[i]=b[i+2*mb]}
- ra.copy(&BIG::frombytes(&t));
- for i in 0..mb {t[i]=b[i+3*mb]}
- rb.copy(&BIG::frombytes(&t));
- let ry=FP2::new_bigs(&ra,&rb);
-
- return ECP2::new_fp2s(&rx,&ry);
- }
-
-/* convert this to hex string */
- pub fn tostring(&mut self) -> String {
- if self.is_infinity() {return String::from("infinity")}
- self.affine();
- return format!("({},{})",self.x.tostring(),self.y.tostring());
-}
-
- pub fn to_hex(&self) -> String {
- let mut ret: String = String::with_capacity(7 * BIG_HEX_STRING_LEN);
- ret.push_str(&format!("{} {} {} {}", self.inf, self.x.to_hex(), self.y.to_hex(), self.z.to_hex()));
- return ret;
- }
-
- pub fn from_hex_iter(iter: &mut SplitWhitespace) -> ECP2 {
- let mut ret:ECP2 = ECP2::new();
- if let Some(x) = iter.next() {
- ret.inf = x == "true";
- ret.x = FP2::from_hex_iter(iter);
- ret.y = FP2::from_hex_iter(iter);
- ret.z = FP2::from_hex_iter(iter);
- }
- return ret;
- }
-
- pub fn from_hex(val: String) -> ECP2 {
- let mut iter = val.split_whitespace();
- return ECP2::from_hex_iter(&mut iter);
- }
-
-/* Calculate RHS of twisted curve equation x^3+B/i */
- pub fn rhs(x:&mut FP2) -> FP2 {
- x.norm();
- let mut r=FP2::new_copy(x);
- r.sqr();
- let mut b=FP2::new_big(&BIG::new_ints(&rom::CURVE_B));
- b.div_ip();
- r.mul(x);
- r.add(&b);
-
- r.reduce();
- return r;
- }
-
-/* self+=self */
- pub fn dbl(&mut self) -> isize {
- if self.inf {return -1}
- if self.y.iszilch() {
- self.inf();
- return -1
- }
-
- let mut w1=FP2::new_copy(&self.x);
- let mut w2=FP2::new();
- let mut w3=FP2::new_copy(&self.x);
- let mut w8=FP2::new_copy(&self.x);
-
- w1.sqr();
- w8.copy(&w1);
- w8.imul(3);
-
- w2.copy(&self.y); w2.sqr();
- w3.copy(&self.x); w3.mul(&mut w2);
- w3.imul(4);
- w1.copy(&w3); w1.neg();
- w1.norm();
-
- self.x.copy(&w8); self.x.sqr();
- self.x.add(&w1);
- self.x.add(&w1);
- self.x.norm();
-
- self.z.mul(&mut self.y);
- self.z.dbl();
-
- w2.dbl();
- w2.sqr();
- w2.dbl();
- w3.sub(&self.x);
- self.y.copy(&w8); self.y.mul(&mut w3);
- w2.norm();
- self.y.sub(&w2);
-
- self.y.norm();
- self.z.norm();
-
- return 1;
- }
-
-/* self+=Q - return 0 for add, 1 for double, -1 for O */
- pub fn add(&mut self,Q:&mut ECP2) -> isize {
- if self.inf {
- self.copy(Q);
- return -1;
- }
- if Q.inf {return -1}
-
- let mut aff=false;
-
- if Q.z.isunity() {aff=true}
-
- let mut a=FP2::new();
- let mut c=FP2::new();
- let mut b=FP2::new_copy(&self.z);
- let mut d=FP2::new_copy(&self.z);
-
- if !aff {
- a.copy(&Q.z);
- c.copy(&Q.z);
-
- a.sqr(); b.sqr();
- c.mul(&mut a); d.mul(&mut b);
-
- a.mul(&mut self.x);
- c.mul(&mut self.y);
- } else {
- a.copy(&self.x);
- c.copy(&self.y);
-
- b.sqr();
- d.mul(&mut b);
- }
-
- b.mul(&mut Q.x); b.sub(&a);
- d.mul(&mut Q.y); d.sub(&c);
-
- if b.iszilch() {
- if d.iszilch() {
- self.dbl();
- return 1;
- } else {
- self.inf=true;
- return -1;
- }
- }
-
- if !aff {self.z.mul(&mut Q.z)}
- self.z.mul(&mut b);
-
- let mut e=FP2::new_copy(&b); e.sqr();
- b.mul(&mut e);
- a.mul(&mut e);
-
- e.copy(&a);
- e.add(&a); e.add(&b);
- self.x.copy(&d); self.x.sqr(); self.x.sub(&e);
-
- a.sub(&self.x);
- self.y.copy(&a); self.y.mul(&mut d);
- c.mul(&mut b); self.y.sub(&c);
-
- self.x.norm();
- self.y.norm();
- self.z.norm();
-
- return 0;
- }
-
-/* set this-=Q */
- pub fn sub(&mut self,Q :&mut ECP2) -> isize {
- Q.neg();
- let d=self.add(Q);
- Q.neg();
- return d;
- }
-
-/* set this*=q, where q is Modulus, using Frobenius */
- pub fn frob(&mut self,x:&mut FP2) {
- if self.inf {return}
- let mut x2=FP2::new_copy(x);
- x2.sqr();
- self.x.conj();
- self.y.conj();
- self.z.conj();
- self.z.reduce();
- self.x.mul(&mut x2);
- self.y.mul(&mut x2);
- self.y.mul(x);
- }
-
-/* normalises m-array of ECP2 points. Requires work vector of m FP2s */
-
- pub fn multiaffine(P: &mut [ECP2]) {
- let mut t1=FP2::new();
- let mut t2=FP2::new();
-
- let mut work:[FP2;8]=[FP2::new(),FP2::new(),FP2::new(),FP2::new(),FP2::new(),FP2::new(),FP2::new(),FP2::new()];
- let m=8;
-
- work[0].one();
- work[1].copy(&P[0].z);
-
- for i in 2..m {
- t1.copy(&work[i-1]);
- work[i].copy(&t1);
- work[i].mul(&mut P[i-1].z)
- }
-
- t1.copy(&work[m-1]);
- t1.mul(&mut P[m-1].z);
- t1.inverse();
- t2.copy(&P[m-1].z);
- work[m-1].mul(&mut t1);
-
- let mut i=m-2;
-
- loop {
- if i==0 {
- work[0].copy(&t1);
- work[0].mul(&mut t2);
- break;
- }
- work[i].mul(&mut t2);
- work[i].mul(&mut t1);
- t2.mul(&mut P[i].z);
- i-=1;
- }
-/* now work[] contains inverses of all Z coordinates */
-
- for i in 0..m {
- P[i].z.one();
- t1.copy(&work[i]); t1.sqr();
- P[i].x.mul(&mut t1);
- t1.mul(&mut work[i]);
- P[i].y.mul(&mut t1);
- }
- }
-
-/* self*=e */
- pub fn mul(&mut self,e: &BIG) -> ECP2 {
-/* fixed size windows */
- let mut mt=BIG::new();
- let mut t=BIG::new();
- let mut P=ECP2::new();
- let mut Q=ECP2::new();
- let mut C=ECP2::new();
-
- if self.is_infinity() {return P}
-
- let mut W:[ECP2;8]=[ECP2::new(),ECP2::new(),ECP2::new(),ECP2::new(),ECP2::new(),ECP2::new(),ECP2::new(),ECP2::new()];
-
- const CT:usize=1+(rom::NLEN*(rom::BASEBITS as usize)+3)/4;
- let mut w:[i8;CT]=[0;CT];
-
- self.affine();
-
-/* precompute table */
- Q.copy(&self);
- Q.dbl();
-
- W[0].copy(&self);
-
- for i in 1..8 {
- C.copy(&W[i-1]);
- W[i].copy(&C);
- W[i].add(&mut Q);
- }
-
-/* convert the table to affine */
-
- ECP2::multiaffine(&mut W);
-
-/* make exponent odd - add 2P if even, P if odd */
- t.copy(&e);
- let s=t.parity();
- t.inc(1); t.norm(); let ns=t.parity(); mt.copy(&t); mt.inc(1); mt.norm();
- t.cmove(&mt,s);
- Q.cmove(&self,ns);
- C.copy(&Q);
-
- let nb=1+(t.nbits()+3)/4;
-
-/* convert exponent to signed 4-bit window */
- for i in 0..nb {
- w[i]=(t.lastbits(5)-16) as i8;
- t.dec(w[i] as isize); t.norm();
- t.fshr(4);
- }
- w[nb]=(t.lastbits(5)) as i8;
-
- P.copy(&W[((w[nb] as usize) -1)/2]);
- for i in (0..nb).rev() {
- Q.selector(&W,w[i] as i32);
- P.dbl();
- P.dbl();
- P.dbl();
- P.dbl();
- P.add(&mut Q);
- }
- P.sub(&mut C);
- P.affine();
- return P;
- }
-
-/* P=u0.Q0+u1*Q1+u2*Q2+u3*Q3 */
- pub fn mul4(Q: &mut [ECP2],u: &[BIG]) -> ECP2 {
- let mut a:[i8;4]=[0;4];
- let mut T=ECP2::new();
- let mut C=ECP2::new();
- let mut P=ECP2::new();
-
- let mut W:[ECP2;8]=[ECP2::new(),ECP2::new(),ECP2::new(),ECP2::new(),ECP2::new(),ECP2::new(),ECP2::new(),ECP2::new()];
-
- let mut mt=BIG::new();
-
- let mut t:[BIG;4]=[BIG::new_copy(&u[0]),BIG::new_copy(&u[1]),BIG::new_copy(&u[2]),BIG::new_copy(&u[3])];
-
- const CT:usize=1+rom::NLEN*(rom::BASEBITS as usize);
- let mut w:[i8;CT]=[0;CT];
-
- for i in 0..4 {
- Q[i].affine();
- }
-
-/* precompute table */
-
- W[0].copy(&Q[0]); W[0].sub(&mut Q[1]);
- C.copy(&W[0]); W[1].copy(&C);
- W[2].copy(&C);
- W[3].copy(&C);
- W[4].copy(&Q[0]); W[4].add(&mut Q[1]);
- C.copy(&W[4]); W[5].copy(&C);
- W[6].copy(&C);
- W[7].copy(&C);
-
- T.copy(&Q[2]); T.sub(&mut Q[3]);
- W[1].sub(&mut T);
- W[2].add(&mut T);
- W[5].sub(&mut T);
- W[6].add(&mut T);
- T.copy(&Q[2]); T.add(&mut Q[3]);
- W[0].sub(&mut T);
- W[3].add(&mut T);
- W[4].sub(&mut T);
- W[7].add(&mut T);
-
- ECP2::multiaffine(&mut W);
-
-/* if multiplier is even add 1 to multiplier, and add P to correction */
- mt.zero(); C.inf();
- for i in 0..4 {
- if t[i].parity()==0 {
- t[i].inc(1); t[i].norm();
- C.add(&mut Q[i]);
- }
- mt.add(&t[i]); mt.norm();
- }
-
- let nb=1+mt.nbits();
-
-/* convert exponent to signed 1-bit window */
- for j in 0..nb {
- for i in 0..4 {
- a[i]=(t[i].lastbits(2)-2) as i8;
- t[i].dec(a[i] as isize); t[i].norm();
- t[i].fshr(1);
- }
- w[j]=8*a[0]+4*a[1]+2*a[2]+a[3];
- }
- w[nb]=(8*t[0].lastbits(2)+4*t[1].lastbits(2)+2*t[2].lastbits(2)+t[3].lastbits(2)) as i8;
-
- P.copy(&W[((w[nb] as usize)-1)/2]);
- for i in (0..nb).rev() {
- T.selector(&W,w[i] as i32);
- P.dbl();
- P.add(&mut T);
- }
- P.sub(&mut C); /* apply correction */
-
- P.affine();
- return P;
- }
-
-}
-/*
-fn main()
-{
- let mut r=BIG::new_ints(&rom::MODULUS);
-
- let pxa=BIG::new_ints(&rom::CURVE_PXA);
- let pxb=BIG::new_ints(&rom::CURVE_PXB);
- let pya=BIG::new_ints(&rom::CURVE_PYA);
- let pyb=BIG::new_ints(&rom::CURVE_PYB);
-
- let fra=BIG::new_ints(&rom::CURVE_FRA);
- let frb=BIG::new_ints(&rom::CURVE_FRB);
-
- let mut f=FP2::new_bigs(&fra,&frb);
-
- let px=FP2::new_bigs(&pxa,&pxb);
- let py=FP2::new_bigs(&pya,&pyb);
-
- let mut P=ECP2::new_fp2s(&px,&py);
-
- println!("P= {}",P.tostring());
-
- P=P.mul(&mut r);
- println!("P= {}",P.tostring());
-
- let mut Q=ECP2::new_fp2s(&px,&py);
- Q.frob(&mut f);
- println!("Q= {}",Q.tostring());
-}
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/src/ff.rs
----------------------------------------------------------------------
diff --git a/version22/rust/src/ff.rs b/version22/rust/src/ff.rs
deleted file mode 100644
index d59525f..0000000
--- a/version22/rust/src/ff.rs
+++ /dev/null
@@ -1,944 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-if debug {println!("sf2= {}",self.tostring())}
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-//#[derive(Copy, Clone)]
-pub struct FF {
- v:Vec<BIG>,
- length:usize
-}
-
-//mod big;
-use big::BIG;
-//mod dbig;
-//use dbig::DBIG;
-//mod rom;
-use rom;
-use rom::Chunk;
-//mod rand;
-use rand::RAND;
-//mod hash256;
-//use std::process;
-
-
-//static mut debug:bool=false;
-
-impl FF {
-
-/* Constructors */
- pub fn new_int(n:usize) -> FF {
- let mut f=FF{v:Vec::new(),length:0};
- for _ in 0..n {
- f.v.push(BIG::new());
- }
- f.length=n;
- return f;
- }
-/*
- pub fn new_ints(x: &[&[i32];rom::NLEN],n: usize) -> FF {
- let mut f=FF{v:Vec::new(),length:0};
- for i in 0..n {
- f.v.push(BIG::new_ints(x[i]));
- }
- f.length=n;
- return f;
- }
-*/
- pub fn zero(&mut self) {
- for i in 0..self.length {
- self.v[i].zero();
- }
- }
-
- pub fn getlen(&self) -> usize {
- return self.length;
- }
-
-/* set to integer */
- pub fn set(&mut self,m:isize) {
- self.zero();
- self.v[0].set(0,m as Chunk);
- }
-
-/* copy from FF b */
- pub fn copy(&mut self,b: &FF) {
- for i in 0..self.length {
- self.v[i].copy(&b.v[i]);
- }
- }
-
-/* x=y<<n */
- pub fn dsucopy(&mut self,b: &FF) {
- for i in 0..b.length {
- self.v[b.length+i].copy(&b.v[i]);
- self.v[i].zero();
- }
- }
-
-/* x=y */
- pub fn dscopy(&mut self,b: &FF) {
- for i in 0..b.length {
- self.v[i].copy(&b.v[i]);
- self.v[b.length+i].zero();
- }
- }
-
-/* x=y>>n */
- pub fn sducopy(&mut self,b: &FF) {
- for i in 0..self.length {
- self.v[i].copy(&b.v[self.length+i]);
- }
- }
-
- pub fn one(&mut self) {
- self.v[0].one();
- for i in 1..self.length {
- self.v[i].zero();
- }
- }
-
-/* test equals 0 */
- pub fn iszilch(&mut self) -> bool {
- for i in 0..self.length {
- if !self.v[i].iszilch() {return false}
- }
- return true;
- }
-
-/* shift right by BIGBITS-bit words */
- pub fn shrw(&mut self,n: usize) {
- let mut t= BIG::new();
- for i in 0..n {
- t.copy(&self.v[i+n]);
- self.v[i].copy(&t);
- self.v[i+n].zero();
- }
- }
-
-/* shift left by BIGBITS-bit words */
- pub fn shlw(&mut self,n: usize) {
- let mut t= BIG::new();
- for i in 0..n {
- t.copy(&self.v[i]);
- self.v[n+i].copy(&t);
- self.v[i].zero();
- }
- }
-
-/* extract last bit */
- pub fn parity(&self) -> isize {
- return self.v[0].parity();
- }
-
- pub fn lastbits(&mut self,m: usize) -> isize {
- return self.v[0].lastbits(m);
- }
-
-/* compare x and y - must be normalised, and of same length */
- pub fn comp(a: &FF,b: &FF) -> isize {
- let mut i=a.length-1;
-
- loop {
- let j=BIG::comp(&a.v[i],&b.v[i]);
- if j!=0 {return j}
- if i==0 {break;}
- i-=1;
- }
- return 0;
- }
-
-/* recursive add */
- pub fn radd(&mut self,vp: usize,x: &FF,xp: usize,y: &FF,yp: usize,n: usize) {
- for i in 0..n {
- self.v[vp+i].copy(&x.v[xp+i]);
- self.v[vp+i].add(&y.v[yp+i]);
- }
- }
-
-/* recursive inc */
- pub fn rinc(&mut self,vp: usize,y: &FF,yp: usize,n: usize) {
- for i in 0..n {
- self.v[vp+i].add(&y.v[yp+i]);
- }
- }
-
- pub fn rsinc(&mut self,n: usize) {
- let mut t=BIG::new();
- for i in 0..n {
- t.copy(&self.v[i]);
- self.v[n+i].add(&t);
- }
- }
-
-/* recursive sub */
- pub fn rsub(&mut self,vp: usize,x: &FF,xp: usize,y: &FF,yp: usize,n: usize) {
- for i in 0..n {
- self.v[vp+i].copy(&x.v[xp+i]);
- self.v[vp+i].sub(&y.v[yp+i]);
- }
- }
-
-/* recursive dec */
- pub fn rdec(&mut self,vp: usize,y: &FF,yp: usize,n: usize) {
- for i in 0..n {
- self.v[vp+i].sub(&y.v[yp+i]);
- }
- }
-
-/* simple add */
- pub fn add(&mut self,b: &FF) {
- for i in 0..self.length {
- self.v[i].add(&b.v[i]);
- }
- }
-
-/* simple sub */
- pub fn sub(&mut self,b: &FF) {
- for i in 0..self.length {
- self.v[i].sub(&b.v[i]);
- }
- }
-
-/* reverse sub */
- pub fn revsub(&mut self,b: &FF) {
- for i in 0..self.length {
- self.v[i].rsub(&b.v[i]);
- }
- }
-
-/* normalise - but hold any overflow in top part unless n<0 */
- pub fn rnorm(&mut self,vp: usize,n: isize) {
- let mut trunc=false;
- let mut carry:Chunk;
- let mut nn:usize=n as usize;
- if n<0 { /* -v n signals to do truncation */
- nn=(-n) as usize;
- trunc=true;
- }
- for i in 0..nn-1 {
- carry=self.v[vp+i].norm();
- self.v[vp+i].xortop(carry<<rom::P_TBITS);
- self.v[vp+i+1].w[0]+=carry; //incl(carry);
- }
- carry=self.v[vp+nn-1].norm();
- if trunc {
- self.v[vp+nn-1].xortop(carry<<rom::P_TBITS);
- }
- }
-
- pub fn norm(&mut self) {
- let n:isize=self.length as isize;
- self.rnorm(0,n);
- }
-
-/* increment/decrement by a small integer */
- pub fn inc(&mut self,m: isize) {
- self.v[0].inc(m);
- self.norm();
- }
-
- pub fn dec(&mut self,m: isize) {
- self.v[0].dec(m);
- self.norm();
- }
-
-/* shift left by one bit */
- pub fn shl(&mut self) {
- let mut delay_carry:isize=0;
- for i in 0..self.length-1 {
- let carry=self.v[i].fshl(1);
- self.v[i].inc(delay_carry);
- self.v[i].xortop((carry as Chunk)<<rom::P_TBITS);
- delay_carry=carry;
- }
- self.v[self.length-1].fshl(1);
- self.v[self.length-1].inc(delay_carry);
- }
-
-/* shift right by one bit */
-
- pub fn shr(&mut self) {
- let mut i=self.length-1;
- while i>0 {
- let carry=self.v[i].fshr(1);
- self.v[i-1].xortop((carry as Chunk)<<rom::P_TBITS);
- i-=1;
- }
- self.v[0].fshr(1);
- }
-
-/* Convert to Hex String */
- pub fn tostring(&mut self) -> String {
- self.norm();
- let mut s = String::new();
- let mut i:usize=self.length-1;
- loop {
- s=s+self.v[i].tostring().as_ref();
- if i==0 {break}
- i-=1;
- }
- return s;
- }
-
-/* Convert to Hex String
- pub fn tostr(&mut self,n:usize) -> String {
- let mut t=FF::new_int(n);
- for i in 0..n {
- t.v[i].copy(&self.v[i]);
- }
- t.norm();
- let mut s = String::new();
- let mut i:usize=t.length-1;
- loop {
- s=s+t.v[i].tostring().as_ref();
- if i==0 {break}
- i-=1;
- }
- return s;
- }*/
-
-/* Convert FFs to/from byte arrays */
- pub fn tobytes(&mut self,b: &mut [u8]) {
- for i in 0..self.length {
- self.v[i].tobytearray(b,(self.length-i-1)*(rom::MODBYTES as usize))
- }
- }
-
- pub fn frombytes(x: &mut FF,b: &[u8]) {
- for i in 0..x.length {
- x.v[i]=BIG::frombytearray(b,(x.length-i-1)*(rom::MODBYTES as usize))
- }
- }
-
-/* in-place swapping using xor - side channel resistant - lengths must be the same */
- pub fn cswap(a: &mut FF,b: &mut FF,d: isize) {
- for i in 0..a.length {
- a.v[i].cswap(&mut b.v[i],d);
- }
- }
-
-/* z=x*y, t is workspace */
- fn karmul(&mut self,vp: usize,x: &FF,xp: usize,y: &FF,yp: usize,t: *mut FF,tp: usize,n: usize) {
- if n==1 {
- let mut d=BIG::mul(&x.v[xp],&y.v[yp]);
- self.v[vp+1]=d.split(8*rom::MODBYTES);
- self.v[vp].dcopy(&d);
- return;
- }
- let nd2=n/2;
- self.radd(vp,x,xp,x,xp+nd2,nd2);
- self.rnorm(vp,nd2 as isize); /* Important - required for 32-bit build */
- self.radd(vp+nd2,y,yp,y,yp+nd2,nd2);
- self.rnorm(vp+nd2,nd2 as isize); /* Important - required for 32-bit build */
- unsafe{
- (*t).karmul(tp,self,vp,self,vp+nd2,t,tp+n,nd2);
- }
- self.karmul(vp,x,xp,y,yp,t,tp+n,nd2);
- self.karmul(vp+n,x,xp+nd2,y,yp+nd2,t,tp+n,nd2);
- unsafe {
- (*t).rdec(tp,self,vp,n);
- (*t).rdec(tp,self,vp+n,n);
- self.rinc(vp+nd2,&(*t),tp,n);
- }
- self.rnorm(vp,(2*n) as isize);
- }
-
- fn karsqr(&mut self,vp: usize,x: &FF,xp: usize,t: *mut FF,tp: usize,n: usize) {
- if n==1 {
- let mut d=BIG::sqr(&x.v[xp]);
- self.v[vp+1].copy(&d.split(8*rom::MODBYTES));
- self.v[vp].dcopy(&d);
- return;
- }
-
- let nd2=n/2;
- self.karsqr(vp,x,xp,t,tp+n,nd2);
- self.karsqr(vp+n,x,xp+nd2,t,tp+n,nd2);
- unsafe {
- (*t).karmul(tp,x,xp,x,xp+nd2,t,tp+n,nd2);
- self.rinc(vp+nd2,&(*t),tp,n);
- self.rinc(vp+nd2,&(*t),tp,n);
- }
- self.rnorm(vp+nd2,n as isize);
- }
-
-/* Calculates Least Significant bottom half of x*y */
- fn karmul_lower(&mut self,vp: usize,x: &FF,xp: usize,y: &FF,yp: usize,t: *mut FF,tp: usize,n: usize) {
- if n==1 { /* only calculate bottom half of product */
- self.v[vp].copy(&BIG::smul(&x.v[xp],&y.v[yp]));
- return;
- }
- let nd2=n/2;
-
- self.karmul(vp,x,xp,y,yp,t,tp+n,nd2);
- unsafe {
- (*t).karmul_lower(tp,x,xp+nd2,y,yp,t,tp+n,nd2);
- self.rinc(vp+nd2,&(*t),tp,nd2);
- (*t).karmul_lower(tp,x,xp,y,yp+nd2,t,tp+n,nd2);
- self.rinc(vp+nd2,&(*t),tp,nd2);
- }
- let sn:isize=nd2 as isize;
- self.rnorm(vp+nd2,-sn); /* truncate it */
- }
-
-/* Calculates Most Significant upper half of x*y, given lower part */
- fn karmul_upper(&mut self,x: &FF,y: &FF,t: *mut FF,n: usize) {
- let nd2=n/2;
- self.radd(n,x,0,x,nd2,nd2);
- self.radd(n+nd2,y,0,y,nd2,nd2);
- self.rnorm(n,nd2 as isize);
- self.rnorm(n+nd2,nd2 as isize);
-
- unsafe {
- (*t).karmul(0,self,n+nd2,self,n,t,n,nd2); /* t = (a0+a1)(b0+b1) */
-
- }
- self.karmul(n,x,nd2,y,nd2,t,n,nd2); /* z[n]= a1*b1 */
- /* z[0-nd2]=l(a0b0) z[nd2-n]= h(a0b0)+l(t)-l(a0b0)-l(a1b1) */
- unsafe {
- (*t).rdec(0,self,n,n); /* t=t-a1b1 */
- self.rsinc(nd2); /* z[nd2-n]+=l(a0b0) = h(a0b0)+l(t)-l(a1b1) */
- self.rdec(nd2,&(*t),0,nd2); /* z[nd2-n]=h(a0b0)+l(t)-l(a1b1)-l(t-a1b1)=h(a0b0) */
- }
-
- let sn:isize=n as isize;
- self.rnorm(0,-sn); /* a0b0 now in z - truncate it */
- unsafe {
- (*t).rdec(0,self,0,n); /* (a0+a1)(b0+b1) - a0b0 */
- self.rinc(nd2,&(*t),0,n);
- }
- self.rnorm(nd2,sn);
- }
-
-/* z=x*y. Assumes x and y are of same length. */
- pub fn mul(x: &FF,y: &FF) -> FF {
- let n=x.length;
- let mut z=FF::new_int(2*n);
- let mut t=FF::new_int(2*n);
- // x.norm(); y.norm();
- z.karmul(0,&x,0,&y,0,&mut t,0,n);
- return z;
- }
-
-/* return low part of product this*y */
- pub fn lmul(&mut self,y: &FF) {
- let n=self.length;
- let mut t=FF::new_int(2*n);
- let mut x=FF::new_int(n); x.copy(&self);
- // x.norm(); y.norm();
- self.karmul_lower(0,&x,0,&y,0,&mut t,0,n);
- }
-
-/* Set b=b mod c */
- pub fn rmod(&mut self,m: &FF) {
- let mut k=1;
- let n=m.length;
- let mut c=FF::new_int(n); c.copy(m);
-
- self.norm();
- if FF::comp(&self,&c)<0 {return}
-
- c.shl();
- while FF::comp(&self,&c)>=0 {
- c.shl();
- k+=1;
- }
-
- while k>0 {
- c.shr();
- if FF::comp(&self,&c)>=0 {
- self.sub(&c);
- self.norm();
- }
- k-=1;
- }
- }
-
-/* z=x^2 */
- pub fn sqr(x: &FF) -> FF {
- let n=x.length;
- let mut z=FF::new_int(2*n);
- let mut t=FF::new_int(2*n);
- // x.norm();
- z.karsqr(0,&x,0,&mut t,0,n);
- return z;
- }
-
-/* return This mod modulus, ms is modulus, md is Montgomery Constant */
- pub fn reduce(&mut self,ms: &FF,md: &FF) -> FF { /* fast karatsuba Montgomery reduction */
- let n=ms.length;
- let mut t=FF::new_int(2*n);
- let mut r=FF::new_int(n);
- let mut m=FF::new_int(n);
-
- r.sducopy(&self);
- m.karmul_lower(0,&self,0,&md,0,&mut t,0,n);
- self.karmul_upper(&ms,&m,&mut t,n);
-
- m.sducopy(self);
- r.add(&ms);
- r.sub(&m);
- r.norm();
-
- return r;
- }
-
-/* Set r=this mod b */
-/* this is of length - 2*n */
-/* r,b is of length - n */
- pub fn dmod(&mut self,b: &FF) -> FF {
- let n=b.length;
- let mut m=FF::new_int(2*n);
- let mut x=FF::new_int(2*n);
- let mut r=FF::new_int(n);
-
- x.copy(&self);
- x.norm();
- m.dsucopy(&b); let mut k=rom::BIGBITS*n;
-
- while FF::comp(&x,&m)>=0 {
- x.sub(&m);
- x.norm();
- }
-
- while k>0 {
- m.shr();
-
- if FF::comp(&x,&m)>=0 {
- x.sub(&m);
- x.norm();
- }
- k-=1;
- }
-
- r.copy(&x);
- r.rmod(b);
- return r;
- }
-
-/* Set return=1/this mod p. Binary method - a<p on entry */
-
- pub fn invmodp(&mut self,p: &FF) {
- let n=p.length;
-
- let mut u=FF::new_int(n);
- let mut v=FF::new_int(n);
- let mut x1=FF::new_int(n);
- let mut x2=FF::new_int(n);
- let mut t=FF::new_int(n);
- let mut one=FF::new_int(n);
-
- one.one();
- u.copy(&self);
- v.copy(&p);
- x1.copy(&one);
- x2.zero();
-
- // reduce n in here as well!
- while FF::comp(&u,&one)!=0 && FF::comp(&v,&one)!=0 {
- while u.parity()==0 {
- u.shr();
- if x1.parity()!=0 {
- x1.add(&p);
- x1.norm();
- }
- x1.shr();
- }
- while v.parity()==0 {
- v.shr();
- if x2.parity()!=0 {
- x2.add(&p);
- x2.norm();
- }
- x2.shr();
- }
- if FF::comp(&u,&v)>=0 {
- u.sub(&v);
- u.norm();
- if FF::comp(&x1,&x2)>=0 {
- x1.sub(&x2);
- } else {
- t.copy(&p);
- t.sub(&x2);
- x1.add(&t);
- }
- x1.norm();
- } else {
- v.sub(&u);
- v.norm();
- if FF::comp(&x2,&x1)>=0 {
- x2.sub(&x1);
- } else {
- t.copy(&p);
- t.sub(&x1);
- x2.add(&t);
- }
- x2.norm();
- }
- }
- if FF::comp(&u,&one)==0 {
- self.copy(&x1);
- } else {
- self.copy(&x2);
- }
- }
-
-/* nresidue mod m */
- pub fn nres(&mut self,m: &FF) {
- let n=m.length;
- let mut d=FF::new_int(2*n);
- d.dsucopy(&self);
- self.copy(&d.dmod(m));
- }
-
- pub fn redc(&mut self,m: &FF,md: &FF) {
- let n=m.length;
- let mut d=FF::new_int(2*n);
- self.rmod(m);
- d.dscopy(&self);
- self.copy(&d.reduce(&m,&md));
- self.rmod(m);
- }
-
- pub fn mod2m(&mut self,m: usize) {
- for i in m..self.length {
- self.v[i].zero()
- }
- }
-
-/* U=1/a mod 2^m - Arazi & Qi */
- pub fn invmod2m(&self) -> FF {
- let n=self.length;
-
- let mut b=FF::new_int(n);
- let mut c=FF::new_int(n);
- let mut u=FF::new_int(n);
-
- u.zero();
- u.v[0].copy(&self.v[0]);
- u.v[0].invmod2m();
-
- let mut i=1;
- while i<n {
- b.copy(&self); b.mod2m(i);
- let mut t=FF::mul(&u,&b); t.shrw(i); b.copy(&t);
- c.copy(&self); c.shrw(i); c.mod2m(i);
- c.lmul(&u); c.mod2m(i);
-
- b.add(&c); b.norm();
- b.lmul(&u); b.mod2m(i);
-
- c.one(); c.shlw(i); b.revsub(&c); b.norm();
- b.shlw(i);
- u.add(&b);
- i<<=1;
- }
- u.norm();
- return u;
- }
-
- pub fn random(&mut self,rng: &mut RAND) {
- let n=self.length;
- for i in 0..n {
- self.v[i].copy(&BIG::random(rng))
- }
- /* make sure top bit is 1 */
- while self.v[n-1].nbits()<(rom::MODBYTES as usize)*8 {
- self.v[n-1].copy(&BIG::random(rng));
- }
- }
-
-/* generate random x less than p */
- pub fn randomnum(&mut self,p: &FF,rng: &mut RAND) {
- let n=self.length;
- let mut d=FF::new_int(2*n);
-
- for i in 0..2*n {
- d.v[i].copy(&BIG::random(rng));
- }
- self.copy(&d.dmod(p));
- }
-
-/* this*=y mod p */
- pub fn modmul(&mut self,y: &FF,p: &FF,nd: &FF) {
- if BIG::ff_pexceed(&self.v[self.length-1],&y.v[y.length-1]) {
- self.rmod(p)
- }
- let mut d=FF::mul(&self,y);
- self.copy(&d.reduce(p,nd));
- }
-
-/* this*=y mod p */
- pub fn modsqr(&mut self,p: &FF,nd: &FF) {
- if BIG::ff_sexceed(&self.v[self.length-1]) {
- self.rmod(p);
- }
- let mut d=FF::sqr(&self);
- d.norm();
- self.copy(&d.reduce(p,nd));
- }
-
-/* this=this^e mod p using side-channel resistant Montgomery Ladder, for large e */
- pub fn skpow(&mut self,e: &FF,p: &FF) {
- let n=p.length;
- let mut r0=FF::new_int(n);
- let mut r1=FF::new_int(n);
- let nd=p.invmod2m();
-
- self.rmod(p);
- r0.one();
- r1.copy(&self);
- r0.nres(p);
- r1.nres(p);
-
- let mut i=8*(rom::MODBYTES as usize)*n-1;
- loop {
- let b=(e.v[i/(rom::BIGBITS as usize)]).bit(i%(rom::BIGBITS as usize)) as isize;
- self.copy(&r0);
- self.modmul(&r1,p,&nd);
-
- FF::cswap(&mut r0,&mut r1,b);
- r0.modsqr(p,&nd);
-
- r1.copy(&self);
- FF::cswap(&mut r0,&mut r1,b);
- if i==0 {break}
- i-=1;
- }
- self.copy(&r0);
- self.redc(p,&nd);
- }
-
-/* this =this^e mod p using side-channel resistant Montgomery Ladder, for short e */
- pub fn skpows(&mut self,e: &BIG,p: &FF) {
- let n=p.length;
- let mut r0=FF::new_int(n);
- let mut r1=FF::new_int(n);
- let nd=p.invmod2m();
-
- self.rmod(p);
- r0.one();
- r1.copy(&self);
- r0.nres(p);
- r1.nres(p);
-
- let mut i=8*(rom::MODBYTES as usize)-1;
- loop {
- let b=e.bit(i);
- self.copy(&r0);
- self.modmul(&r1,p,&nd);
-
- FF::cswap(&mut r0,&mut r1,b);
- r0.modsqr(p,&nd);
-
- r1.copy(&self);
- FF::cswap(&mut r0,&mut r1,b);
- if i==0 {break}
- i-=1;
- }
- self.copy(&r0);
- self.redc(p,&nd);
- }
-
-
-
-
-/* raise to an integer power - right-to-left method */
- pub fn power(&mut self,e: isize,p: &FF) {
- let n=p.length;
- let mut w=FF::new_int(n);
- let nd=p.invmod2m();
- let mut f=true;
- let mut ee=e;
-
- w.copy(&self);
- w.nres(p);
-
- if ee==2 {
- self.copy(&w);
- self.modsqr(p,&nd);
- } else {
- loop {
- if ee%2==1 {
- if f {
- self.copy(&w);
- } else {self.modmul(&w,p,&nd)}
- f=false;
- }
- ee>>=1;
- if ee==0 {break}
- w.modsqr(p,&nd);
- }
- }
-
- self.redc(p,&nd);
- }
-
-/* this=this^e mod p, faster but not side channel resistant */
- pub fn pow(&mut self,e: &FF,p: &FF) {
- let n=p.length;
- let mut w=FF::new_int(n);
- let nd=p.invmod2m();
-
- w.copy(&self);
- self.one();
- self.nres(p);
- w.nres(p);
- let mut i=8*(rom::MODBYTES as usize)*n-1;
- loop {
- self.modsqr(p,&nd);
- let b=(e.v[i/(rom::BIGBITS as usize)]).bit(i%(rom::BIGBITS as usize)) as isize;
- if b==1 {self.modmul(&w,p,&nd)}
- if i==0 {break}
- i-=1;
- }
- self.redc(p,&nd);
- }
-
-/* double exponentiation r=x^e.y^f mod p */
- pub fn pow2(&mut self,e: &BIG,y: &FF,f: &BIG,p: &FF) {
- let n=p.length;
- let mut xn=FF::new_int(n);
- let mut yn=FF::new_int(n);
- let mut xy=FF::new_int(n);
- let nd=p.invmod2m();
-
- xn.copy(&self);
- yn.copy(y);
- xn.nres(p);
- yn.nres(p);
- xy.copy(&xn); xy.modmul(&yn,p,&nd);
- self.one();
- self.nres(p);
-
- let mut i=8*(rom::MODBYTES as usize)-1;
- loop {
- let eb=e.bit(i);
- let fb=f.bit(i);
- self.modsqr(p,&nd);
- if eb==1 {
- if fb==1 {
- self.modmul(&xy,p,&nd);
- } else {self.modmul(&xn,p,&nd)}
- } else {
- if fb==1 {self.modmul(&yn,p,&nd)}
- }
- if i==0 {break}
- i-=1;
- }
- self.redc(p,&nd);
- }
-
- pub fn igcd(x: isize,y: isize) -> isize { /* integer GCD, returns GCD of x and y */
-
- if y==0 {return x}
- let mut xx=x;
- let mut yy=y;
- loop {
- let r=xx%yy;
- if r==0 {break}
- xx=yy;yy=r;
- }
- return yy;
- }
-
-/* quick and dirty check for common factor with n */
- pub fn cfactor(&self,s: isize) -> bool {
- let n=self.length;
-
- let mut x=FF::new_int(n);
- let mut y=FF::new_int(n);
-
- y.set(s);
- x.copy(&self);
- x.norm();
-
- x.sub(&y);
- x.norm();
-
- while !x.iszilch() && x.parity()==0 {x.shr()}
-
- while FF::comp(&x,&y)>0 {
- x.sub(&y);
- x.norm();
- while !x.iszilch() && x.parity()==0 {x.shr()}
- }
-
- let g=x.v[0].get(0) as isize;
- let r=FF::igcd(s,g);
- if r>1 {return true}
- return false
- }
-
-/* Miller-Rabin test for primality. Slow. */
- pub fn prime(pp: &FF,rng: &mut RAND) -> bool {
- let mut s=0;
- let n=pp.length;
- let mut d=FF::new_int(n);
- let mut x=FF::new_int(n);
- let mut unity=FF::new_int(n);
- let mut nm1=FF::new_int(n);
- let mut p=FF::new_int(n); p.copy(pp);
-
- let sf=4849845; /* 3*5*.. *19 */
- p.norm();
-
- if p.cfactor(sf) {return false}
- unity.one();
- nm1.copy(&p);
- nm1.sub(&unity);
- nm1.norm();
- d.copy(&nm1);
-
- while d.parity()==0 {
- d.shr();
- s+=1;
- }
- if s==0 {return false}
- for _ in 0..10 {
- x.randomnum(&p,rng);
-
- x.pow(&d,&p);
-
- if FF::comp(&x,&unity)==0 || FF::comp(&x,&nm1)==0 {continue}
- let mut looper=false;
- for _ in 1..s {
- x.power(2,&p);
- if FF::comp(&x,&unity)==0 {return false}
- if FF::comp(&x,&nm1)==0 {looper=true; break}
- }
- if looper {continue}
- return false;
- }
-
- return true;
- }
-
-}
-/*
-fn main()
-{
- let mut x=FF::new_int(4);
- let mut y=FF::new_int(4);
-
- x.one(); y.one();
- let mut z=FF::mul(&mut x,&mut y);
-
- println!("z= {}",z.tostring());
-}
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/src/fp.rs
----------------------------------------------------------------------
diff --git a/version22/rust/src/fp.rs b/version22/rust/src/fp.rs
deleted file mode 100644
index 39104bd..0000000
--- a/version22/rust/src/fp.rs
+++ /dev/null
@@ -1,354 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-use std::fmt;
-use std::str::SplitWhitespace;
-
-#[derive(Copy, Clone)]
-pub struct FP {
- x:BIG
-}
-
-use big::BIG;
-use dbig::DBIG;
-use rom;
-use rom::{Chunk, BIG_HEX_STRING_LEN};
-
-impl fmt::Display for FP {
- fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
- write!(f, "FP: [ {} ]", self.x)
- }
-}
-
-impl fmt::Debug for FP {
- fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
- write!(f, "FP: [ {} ]", self.x)
- }
-}
-
-impl PartialEq for FP {
- fn eq(&self, other: &FP) -> bool {
- return self.x == other.x;
- }
-}
-
-impl FP {
-
-/* Constructors */
- pub fn new() -> FP {
- FP {
- x: BIG::new()
- }
- }
-
- pub fn new_int(a:isize) -> FP {
- let mut f=FP::new();
- f.x.inc(a);
- f.nres();
- return f;
- }
-
- pub fn new_copy(y:&FP) -> FP {
- let mut f=FP::new();
- f.x.copy(&(y.x));
- return f;
- }
-
- pub fn new_big(y:&BIG) -> FP {
- let mut f=FP::new();
- f.x.copy(y);
- f.nres();
- return f;
- }
-
- pub fn nres(&mut self) {
- if rom::MODTYPE != rom::PSEUDO_MERSENNE && rom::MODTYPE != rom::GENERALISED_MERSENNE {
- let p = BIG::new_ints(&rom::MODULUS);
- let mut d=DBIG::new_scopy(&(self.x));
- d.shl(rom::NLEN*(rom::BASEBITS as usize));
- self.x.copy(&d.dmod(&p));
- }
- }
-
-/* convert back to regular form */
- pub fn redc(&mut self) -> BIG {
- if rom::MODTYPE != rom::PSEUDO_MERSENNE && rom::MODTYPE != rom::GENERALISED_MERSENNE {
- let mut d=DBIG::new_scopy(&(self.x));
- return BIG::modulo(&mut d);
- } else {
- let r=BIG::new_copy(&(self.x));
- return r;
- }
- }
-
- /* convert to string */
- pub fn tostring(&mut self) -> String {
- let s=self.redc().tostring();
- return s;
- }
-
- pub fn to_hex(&self) -> String {
- let mut ret: String = String::with_capacity(2 * BIG_HEX_STRING_LEN);
- ret.push_str(&format!("{}", self.x.to_hex()));
- return ret;
- }
-
- pub fn from_hex_iter(iter: &mut SplitWhitespace) -> FP {
- FP {
- x: BIG::from_hex_iter(iter)
- }
- }
-
- pub fn from_hex(val: String) -> FP {
- let mut iter = val.split_whitespace();
- return FP::from_hex_iter(&mut iter);
- }
-
-/* reduce this mod Modulus */
- pub fn reduce(&mut self) {
- let p = BIG::new_ints(&rom::MODULUS);
- self.x.rmod(&p)
- }
-
-/* test this=0? */
- pub fn iszilch(&mut self) -> bool {
- self.reduce();
- return self.x.iszilch();
- }
-
-/* copy from FP b */
- pub fn copy(&mut self,b: &FP) {
- self.x.copy(&(b.x));
- }
-
-/* copy from BIG b */
- pub fn bcopy(&mut self,b: &BIG) {
- self.x.copy(&b);
- self.nres();
- }
-
-/* set this=0 */
- pub fn zero(&mut self) {
- self.x.zero();
- }
-
-/* set this=1 */
- pub fn one(&mut self) {
- self.x.one(); self.nres()
- }
-
-/* normalise this */
- pub fn norm(&mut self) {
- self.x.norm();
- }
-/* swap FPs depending on d */
- pub fn cswap(&mut self,b: &mut FP,d: isize) {
- self.x.cswap(&mut (b.x),d);
- }
-
-/* copy FPs depending on d */
- pub fn cmove(&mut self,b: &FP,d: isize) {
- self.x.cmove(&(b.x),d);
- }
-
-/* this*=b mod Modulus */
- pub fn mul(&mut self,b: &mut FP)
- {
- self.norm();
- b.norm();
- if BIG::pexceed(&(self.x),&(b.x)) {self.reduce()}
-
- let mut d=BIG::mul(&(self.x),&(b.x));
- self.x.copy(&BIG::modulo(&mut d))
- }
-
- fn logb2(w: u32) -> usize {
- let mut v=w;
- v |= v >> 1;
- v |= v >> 2;
- v |= v >> 4;
- v |= v >> 8;
- v |= v >> 16;
-
- v = v - ((v >> 1) & 0x55555555);
- v = (v & 0x33333333) + ((v >> 2) & 0x33333333);
- let r= (( ((v + (v >> 4)) & 0xF0F0F0F).wrapping_mul(0x1010101)) >> 24) as usize;
- return r+1;
- }
-
-/* this = -this mod Modulus */
- pub fn neg(&mut self) {
- let mut p = BIG::new_ints(&rom::MODULUS);
-
- self.norm();
-
- let sb=FP::logb2(BIG::excess(&(self.x)) as u32);
-
- // let mut ov=BIG::excess(&(self.x));
- // let mut sb=1; while ov != 0 {sb += 1;ov>>=1}
-
- p.fshl(sb);
- self.x.rsub(&p);
-
- if BIG::excess(&(self.x))>=rom::FEXCESS {self.reduce()}
- }
-
- /* this*=c mod Modulus, where c is a small int */
- pub fn imul(&mut self,c: isize) {
- let mut cc=c;
- self.norm();
- let mut s=false;
- if cc<0 {
- cc = -cc;
- s=true;
- }
- let afx=(BIG::excess(&(self.x))+1)*((cc as Chunk)+1)+1;
- if cc<rom::NEXCESS && afx<rom::FEXCESS {
- self.x.imul(cc);
- } else {
- if afx<rom::FEXCESS {
- self.x.pmul(cc);
- } else {
- let p = BIG::new_ints(&rom::MODULUS);
- let mut d=self.x.pxmul(cc);
- self.x.copy(&d.dmod(&p));
- }
- }
- if s {self.neg()}
- self.norm();
- }
-
-/* self*=self mod Modulus */
- pub fn sqr(&mut self) {
- self.norm();
- if BIG::sexceed(&(self.x)) {self.reduce()}
-
- let mut d=BIG::sqr(&(self.x));
- self.x.copy(&BIG::modulo(&mut d))
- }
-
-/* self+=b */
- pub fn add(&mut self,b: &FP) {
- self.x.add(&(b.x));
- if BIG::excess(&(self.x))+2>=rom::FEXCESS {self.reduce()}
- }
-
-/* self+=self */
- pub fn dbl(&mut self) {
- self.x.dbl();
- if BIG::excess(&(self.x))+2>=rom::FEXCESS {self.reduce()}
- }
-
-/* self-=b */
- pub fn sub(&mut self,b: &FP)
- {
- let mut n=FP::new_copy(b);
- n.neg();
- self.add(&n);
- }
-
-/* self/=2 mod Modulus */
- pub fn div2(&mut self) {
- self.x.norm();
- if self.x.parity()==0 {
- self.x.fshr(1);
- } else {
- let p = BIG::new_ints(&rom::MODULUS);
- self.x.add(&p);
- self.x.norm();
- self.x.fshr(1);
- }
- }
-/* self=1/self mod Modulus */
- pub fn inverse(&mut self) {
- let mut p = BIG::new_ints(&rom::MODULUS);
- let mut r=self.redc();
- r.invmodp(&mut p);
- self.x.copy(&r);
- self.nres();
- }
-
-/* return TRUE if self==a */
- pub fn equals(&mut self,a: &mut FP) -> bool {
- a.reduce();
- self.reduce();
- if BIG::comp(&(a.x),(&self.x))==0 {return true}
- return false;
- }
-
-/* return self^e mod Modulus */
- pub fn pow(&mut self,e: &mut BIG) -> FP {
- let p = BIG::new_ints(&rom::MODULUS);
- let mut r=FP::new_int(1);
- e.norm();
- self.x.norm();
- let mut m=FP::new_copy(self);
- loop {
- let bt=e.parity();
- e.fshr(1);
- if bt==1 {r.mul(&mut m)}
- if e.iszilch() {break}
- m.sqr();
- }
- r.x.rmod(&p);
- return r;
- }
-
-/* return sqrt(this) mod Modulus */
- pub fn sqrt(&mut self) -> FP {
- self.reduce();
- let mut p = BIG::new_ints(&rom::MODULUS);
- if rom::MOD8==5 {
- p.dec(5); p.norm(); p.shr(3);
- let mut i=FP::new_copy(self); i.x.shl(1);
- let mut v=i.pow(&mut p);
- i.mul(&mut v); i.mul(&mut v);
- i.x.dec(1);
- let mut r=FP::new_copy(self);
- r.mul(&mut v); r.mul(&mut i);
- r.reduce();
- return r;
- }
- else
- {
- p.inc(1); p.norm(); p.shr(2);
- return self.pow(&mut p);
- }
- }
-/* return jacobi symbol (this/Modulus) */
- pub fn jacobi(&mut self) -> isize
- {
- let mut p = BIG::new_ints(&rom::MODULUS);
- let mut w=self.redc();
- return w.jacobi(&mut p);
- }
-
-}
-/*
-fn main() {
- let p = BIG::new_ints(&rom::MODULUS);
- let mut e = BIG::new_copy(&p);
- e.dec(1);
-
- let mut x = FP::new_int(3);
- let mut s=x.pow(&mut e);
-
- println!("s= {}",s.tostring());
-}
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/src/fp12.rs
----------------------------------------------------------------------
diff --git a/version22/rust/src/fp12.rs b/version22/rust/src/fp12.rs
deleted file mode 100644
index 4610e67..0000000
--- a/version22/rust/src/fp12.rs
+++ /dev/null
@@ -1,628 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-use std::fmt;
-use std::str::SplitWhitespace;
-
-#[derive(Copy, Clone)]
-pub struct FP12 {
- a:FP4,
- b:FP4,
- c:FP4
-}
-
-use rom::BIG_HEX_STRING_LEN;
-
-//mod fp;
-//use fp::FP;
-//mod fp2;
-use fp2::FP2;
-//mod fp4;
-use fp4::FP4;
-//mod big;
-use big::BIG;
-//mod dbig;
-//use dbig::DBIG;
-//mod rand;
-//mod hash256;
-//mod rom;
-use rom;
-
-impl PartialEq for FP12 {
- fn eq(&self, other: &FP12) -> bool {
- return (self.a == other.a) &&
- (self.b == other.b) &&
- (self.c == other.c);
- }
-}
-
-impl fmt::Display for FP12 {
- fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
- write!(f, "FP12: [ {}, {}, {} ]", self.a, self.b, self.c)
- }
-}
-
-impl fmt::Debug for FP12 {
- fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
- write!(f, "FP12: [ {}, {}, {} ]", self.a, self.b, self.c)
- }
-}
-
-impl FP12 {
-
- pub fn new() -> FP12 {
- FP12 {
- a: FP4::new(),
- b: FP4::new(),
- c: FP4::new()
- }
- }
-
- pub fn new_int(a: isize) -> FP12 {
- let mut f=FP12::new();
- f.a.copy(&FP4::new_int(a));
- f.b.zero();
- f.c.zero();
- return f;
- }
-
- pub fn new_copy(x: &FP12) -> FP12 {
- let mut f=FP12::new();
- f.a.copy(&x.a);
- f.b.copy(&x.b);
- f.c.copy(&x.c);
- return f;
- }
-
- pub fn new_fp4s(d: &FP4,e: &FP4,f: &FP4) -> FP12 {
- let mut g=FP12::new();
- g.a.copy(d);
- g.b.copy(e);
- g.c.copy(f);
- return g;
- }
-
- pub fn new_fp4(d: &FP4) -> FP12 {
- let mut g=FP12::new();
- g.a.copy(d);
- g.b.zero();
- g.c.zero();
- return g;
- }
-
-/* reduce components mod Modulus */
- pub fn reduce(&mut self) {
- self.a.reduce();
- self.b.reduce();
- self.c.reduce();
- }
-
-/* normalise components of w */
- pub fn norm(&mut self) {
- self.a.norm();
- self.b.norm();
- self.c.norm();
- }
-
-/* test self=0 ? */
- pub fn iszilch(&mut self) -> bool {
- self.reduce();
- return self.a.iszilch() && self.b.iszilch() && self.c.iszilch();
- }
-
-/* test self=1 ? */
- pub fn isunity(&mut self) -> bool {
- let mut one=FP4::new_int(1);
- return self.a.equals(&mut one) && self.b.iszilch() && self.c.iszilch();
- }
-
-/* test self=x */
- pub fn equals(&mut self,x:&mut FP12) -> bool {
- return self.a.equals(&mut x.a) && self.b.equals(&mut x.b) && self.c.equals(&mut x.c);
- }
-
- pub fn geta(&mut self) -> FP4 {
- let f=FP4::new_copy(&self.a);
- return f;
- }
-
- pub fn getb(&mut self) -> FP4 {
- let f=FP4::new_copy(&self.b);
- return f;
- }
-
- pub fn getc(&mut self) -> FP4 {
- let f=FP4::new_copy(&self.c);
- return f;
- }
-
-/* copy self=x */
- pub fn copy(&mut self,x :&FP12) {
- self.a.copy(&x.a);
- self.b.copy(&x.b);
- self.c.copy(&x.c);
- }
-
-/* set self=1 */
- pub fn one(&mut self) {
- self.a.one();
- self.b.zero();
- self.c.zero();
- }
-
-/* this=conj(this) */
- pub fn conj(&mut self) {
- self.a.conj();
- self.b.nconj();
- self.c.conj();
- }
-
-/* Granger-Scott Unitary Squaring */
- pub fn usqr(&mut self) {
- let mut a=FP4::new_copy(&self.a);
- let mut b=FP4::new_copy(&self.c);
- let mut c=FP4::new_copy(&self.b);
- let mut d=FP4::new();
-
- self.a.sqr();
- d.copy(&self.a); d.add(&self.a);
- self.a.add(&d);
-
- self.a.norm();
- a.nconj();
-
- a.dbl();
- self.a.add(&a);
- b.sqr();
- b.times_i();
-
- d.copy(&b); d.add(&b);
- b.add(&d);
- b.norm();
-
- c.sqr();
- d.copy(&c); d.add(&c);
- c.add(&d);
- c.norm();
-
- self.b.conj();
- self.b.dbl();
- self.c.nconj();
-
- self.c.dbl();
- self.b.add(&b);
- self.c.add(&c);
- self.reduce();
-
- }
-
-/* Chung-Hasan SQR2 method from http://cacr.uwaterloo.ca/techreports/2006/cacr2006-24.pdf */
- pub fn sqr(&mut self) {
- let mut a=FP4::new_copy(&self.a);
- let mut b=FP4::new_copy(&self.b);
- let mut c=FP4::new_copy(&self.c);
- let mut d=FP4::new_copy(&self.a);
-
- a.sqr();
- b.mul(&mut self.c);
- b.dbl();
- c.sqr();
- d.mul(&mut self.b);
- d.dbl();
-
- self.c.add(&self.a);
- self.c.add(&self.b);
- self.c.sqr();
-
- self.a.copy(&a);
- a.add(&b);
- a.norm();
- a.add(&c);
- a.add(&d);
- a.norm();
-
- a.neg();
- b.times_i();
- c.times_i();
-
- self.a.add(&b);
-
- self.b.copy(&c); self.b.add(&d);
- self.c.add(&a);
- self.norm();
- }
-
-
-/* FP12 full multiplication self=self*y */
- pub fn mul(&mut self,y: &mut FP12) {
- let mut z0=FP4::new_copy(&self.a);
- let mut z1=FP4::new();
- let mut z2=FP4::new_copy(&mut self.b);
- let mut z3=FP4::new();
- let mut t0=FP4::new_copy(&self.a);
- let mut t1=FP4::new_copy(&y.a);
-
- z0.mul(&mut y.a);
- z2.mul(&mut y.b);
-
- t0.add(&self.b);
- t1.add(&y.b);
-
- z1.copy(&t0); z1.mul(&mut t1);
- t0.copy(&self.b); t0.add(&self.c);
-
- t1.copy(&y.b); t1.add(&y.c);
- z3.copy(&t0); z3.mul(&mut t1);
-
- t0.copy(&z0); t0.neg();
- t1.copy(&z2); t1.neg();
-
- z1.add(&t0);
- z1.norm();
- self.b.copy(&z1); self.b.add(&t1);
-
- z3.add(&t1);
- z2.add(&t0);
-
- t0.copy(&self.a); t0.add(&self.c);
- t1.copy(&y.a); t1.add(&y.c);
- t0.mul(&mut t1);
- z2.add(&t0);
-
- t0.copy(&self.c); t0.mul(&mut y.c);
- t1.copy(&t0); t1.neg();
-
- z2.norm();
- z3.norm();
- self.b.norm();
-
- self.c.copy(&z2); self.c.add(&t1);
- z3.add(&t1);
- t0.times_i();
- self.b.add(&t0);
-
- z3.times_i();
- self.a.copy(&z0); self.a.add(&z3);
- self.norm();
- }
-
-/* Special case of multiplication arises from special form of ATE pairing line function */
- pub fn smul(&mut self,y: &mut FP12) {
- let mut z0=FP4::new_copy(&self.a);
- let mut z2=FP4::new_copy(&self.b);
- let mut z3=FP4::new_copy(&self.b);
- let mut t0=FP4::new();
- let mut t1=FP4::new_copy(&y.a);
-
- z0.mul(&mut y.a);
- z2.pmul(&mut y.b.real());
- self.b.add(&self.a);
- t1.padd(&y.b.real());
-
- self.b.mul(&mut t1);
- z3.add(&self.c);
- z3.pmul(&mut y.b.real());
-
- t0.copy(&z0); t0.neg();
- t1.copy(&z2); t1.neg();
-
- self.b.add(&t0);
- self.b.norm();
-
- self.b.add(&t1);
- z3.add(&t1);
- z2.add(&t0);
-
- t0.copy(&self.a); t0.add(&self.c);
- t0.mul(&mut y.a);
- self.c.copy(&z2); self.c.add(&t0);
-
- z3.times_i();
- self.a.copy(&z0); self.a.add(&z3);
-
- self.norm();
- }
-
-/* self=1/self */
- pub fn inverse(&mut self) {
- let mut f0=FP4::new_copy(&self.a);
- let mut f1=FP4::new_copy(&self.b);
- let mut f2=FP4::new_copy(&self.a);
- let mut f3=FP4::new();
-
- self.norm();
- f0.sqr();
- f1.mul(&mut self.c);
- f1.times_i();
- f0.sub(&f1);
-
- f1.copy(&self.c); f1.sqr();
- f1.times_i();
- f2.mul(&mut self.b);
- f1.sub(&f2);
-
- f2.copy(&self.b); f2.sqr();
- f3.copy(&self.a); f3.mul(&mut self.c);
- f2.sub(&f3);
-
- f3.copy(&self.b); f3.mul(&mut f2);
- f3.times_i();
- self.a.mul(&mut f0);
- f3.add(&self.a);
- self.c.mul(&mut f1);
- self.c.times_i();
-
- f3.add(&self.c);
- f3.inverse();
- self.a.copy(&f0); self.a.mul(&mut f3);
- self.b.copy(&f1); self.b.mul(&mut f3);
- self.c.copy(&f2); self.c.mul(&mut f3);
- }
-
-/* self=self^p using Frobenius */
- pub fn frob(&mut self,f: &mut FP2) {
- let mut f2=FP2::new_copy(f);
- let mut f3=FP2::new_copy(f);
-
- f2.sqr();
- f3.mul(&mut f2);
-
- self.a.frob(&mut f3);
- self.b.frob(&mut f3);
- self.c.frob(&mut f3);
-
- self.b.pmul(f);
- self.c.pmul(&mut f2);
- }
-
-/* trace function */
- pub fn trace(&mut self) -> FP4 {
- let mut t=FP4::new();
- t.copy(&self.a);
- t.imul(3);
- t.reduce();
- return t;
- }
-
-/* convert from byte array to FP12 */
- pub fn frombytes(w: &[u8]) -> FP12 {
- let mut t:[u8;rom::MODBYTES as usize]=[0;rom::MODBYTES as usize];
- let mb=rom::MODBYTES as usize;
-
- for i in 0..mb {t[i]=w[i]}
- let mut a=BIG::frombytes(&t);
- for i in 0..mb {t[i]=w[i+mb]}
- let mut b=BIG::frombytes(&t);
- let mut c=FP2::new_bigs(&a,&b);
-
- for i in 0..mb {t[i]=w[i+2*mb]}
- a=BIG::frombytes(&t);
- for i in 0..mb {t[i]=w[i+3*mb]}
- b=BIG::frombytes(&t);
- let mut d=FP2::new_bigs(&a,&b);
-
- let e=FP4::new_fp2s(&c,&d);
-
-
- for i in 0..mb {t[i]=w[i+4*mb]}
- a=BIG::frombytes(&t);
- for i in 0..mb {t[i]=w[i+5*mb]}
- b=BIG::frombytes(&t);
- c=FP2::new_bigs(&a,&b);
-
- for i in 0..mb {t[i]=w[i+6*mb]}
- a=BIG::frombytes(&t);
- for i in 0..mb {t[i]=w[i+7*mb]}
- b=BIG::frombytes(&t);
- d=FP2::new_bigs(&a,&b);
-
- let f=FP4::new_fp2s(&c,&d);
-
-
- for i in 0..mb {t[i]=w[i+8*mb]}
- a=BIG::frombytes(&t);
- for i in 0..mb {t[i]=w[i+9*mb]}
- b=BIG::frombytes(&t);
-
- c=FP2::new_bigs(&a,&b);
-
- for i in 0..mb {t[i]=w[i+10*mb]}
- a=BIG::frombytes(&t);
- for i in 0..mb {t[i]=w[i+11*mb]}
- b=BIG::frombytes(&t);
- d=FP2::new_bigs(&a,&b);
-
- let g=FP4::new_fp2s(&c,&d);
-
- return FP12::new_fp4s(&e,&f,&g);
- }
-
-/* convert this to byte array */
- pub fn tobytes(&mut self,w: &mut [u8]) {
- let mut t:[u8;rom::MODBYTES as usize]=[0;rom::MODBYTES as usize];
- let mb=rom::MODBYTES as usize;
-
- self.a.geta().geta().tobytes(&mut t);
- for i in 0..mb {w[i]=t[i]}
- self.a.geta().getb().tobytes(&mut t);
- for i in 0..mb {w[i+mb]=t[i]}
- self.a.getb().geta().tobytes(&mut t);
- for i in 0..mb {w[i+2*mb]=t[i]}
- self.a.getb().getb().tobytes(&mut t);
- for i in 0..mb {w[i+3*mb]=t[i]}
-
- self.b.geta().geta().tobytes(&mut t);
- for i in 0..mb {w[i+4*mb]=t[i]}
- self.b.geta().getb().tobytes(&mut t);
- for i in 0..mb {w[i+5*mb]=t[i]}
- self.b.getb().geta().tobytes(&mut t);
- for i in 0..mb {w[i+6*mb]=t[i]}
- self.b.getb().getb().tobytes(&mut t);
- for i in 0..mb {w[i+7*mb]=t[i]}
-
- self.c.geta().geta().tobytes(&mut t);
- for i in 0..mb {w[i+8*mb]=t[i]}
- self.c.geta().getb().tobytes(&mut t);
- for i in 0..mb {w[i+9*mb]=t[i]}
- self.c.getb().geta().tobytes(&mut t);
- for i in 0..mb {w[i+10*mb]=t[i]}
- self.c.getb().getb().tobytes(&mut t);
- for i in 0..mb {w[i+11*mb]=t[i]}
- }
-
-/* output to hex string */
- pub fn tostring(&mut self) -> String {
- return format!("[{},{},{}]",self.a.tostring(),self.b.tostring(),self.c.tostring());
- }
-
- pub fn to_hex(&self) -> String {
- let mut ret: String = String::with_capacity(12 * BIG_HEX_STRING_LEN);
- ret.push_str(&format!("{} {} {}", self.a.to_hex(), self.b.to_hex(), self.c.to_hex()));
- return ret;
- }
-
- pub fn from_hex_iter(iter: &mut SplitWhitespace) -> FP12 {
- let mut ret:FP12 = FP12::new();
- ret.a = FP4::from_hex_iter(iter);
- ret.b = FP4::from_hex_iter(iter);
- ret.c = FP4::from_hex_iter(iter);
- return ret;
- }
-
- pub fn from_hex(val: String) -> FP12 {
- let mut iter = val.split_whitespace();
- return FP12::from_hex_iter(&mut iter);
- }
-
-/* self=self^e */
- pub fn pow(&mut self,e: &mut BIG) -> FP12 {
- self.norm();
- e.norm();
- let mut w=FP12::new_copy(self);
- let mut z=BIG::new_copy(&e);
- let mut r=FP12::new_int(1);
- loop {
- let bt=z.parity();
- z.fshr(1);
- if bt==1 {r.mul(&mut w)};
- if z.iszilch() {break}
- w.usqr();
- }
- r.reduce();
- return r;
- }
-
-/* constant time powering by small integer of max length bts */
- pub fn pinpow(&mut self,e: i32,bts: i32) {
- let mut r:[FP12;2]=[FP12::new_int(1),FP12::new_copy(self)];
- let mut t=FP12::new();
-
- for i in (0..bts).rev() {
- let b:usize=((e>>i)&1) as usize;
- t.copy(&r[b]);
- r[1-b].mul(&mut t);
- r[b].usqr();
- }
- self.copy(&r[0]);
- }
-
-/* p=q0^u0.q1^u1.q2^u2.q3^u3 */
-/* Timing attack secure, but not cache attack secure */
-
- pub fn pow4(q:&mut [FP12],u:&[BIG]) -> FP12 {
- let mut a:[i8;4]=[0;4];
- let mut s:[FP12;2]=[FP12::new(),FP12::new()];
- let mut g:[FP12;8]=[FP12::new(),FP12::new(),FP12::new(),FP12::new(),FP12::new(),FP12::new(),FP12::new(),FP12::new()];
-
- let mut c=FP12::new_int(1);
- let mut p=FP12::new();
- const CT:usize=1+rom::NLEN*(rom::BASEBITS as usize);
- let mut w:[i8;CT]=[0;CT];
-
- let mut mt=BIG::new();
- let mut t:[BIG;4]=[BIG::new_copy(&u[0]),BIG::new_copy(&u[1]),BIG::new_copy(&u[2]),BIG::new_copy(&u[3])];
-
- g[0].copy(&q[0]); s[0].copy(&q[1]); s[0].conj(); g[0].mul(&mut s[0]);
- p.copy(&g[0]);
- g[1].copy(&p);
- g[2].copy(&p);
- g[3].copy(&p);
- g[4].copy(&q[0]); g[4].mul(&mut q[1]);
- p.copy(&g[4]);
- g[5].copy(&p);
- g[6].copy(&p);
- g[7].copy(&p);
-
-
- s[1].copy(&q[2]); s[0].copy(&q[3]); s[0].conj(); p.copy(&s[0]); s[1].mul(&mut p);
- p.copy(&s[1]); s[0].copy(&p); s[0].conj(); g[1].mul(&mut s[0]);
- g[2].mul(&mut s[1]);
- g[5].mul(&mut s[0]);
- g[6].mul(&mut s[1]);
- s[1].copy(&q[2]); s[1].mul(&mut q[3]);
- p.copy(&s[1]); s[0].copy(&p); s[0].conj(); g[0].mul(&mut s[0]);
- g[3].mul(&mut s[1]);
- g[4].mul(&mut s[0]);
- g[7].mul(&mut s[1]);
-
-/* if power is even add 1 to power, and add q to correction */
-
- for i in 0..4 {
- if t[i].parity()==0 {
- t[i].inc(1); t[i].norm();
- c.mul(&mut q[i]);
- }
- mt.add(&t[i]); mt.norm();
- }
- c.conj();
- let nb=1+mt.nbits();
-
-/* convert exponent to signed 1-bit window */
- for j in 0..nb {
- for i in 0..4 {
- a[i]=(t[i].lastbits(2)-2) as i8;
- t[i].dec(a[i] as isize); t[i].norm();
- t[i].fshr(1);
- }
- w[j]=8*a[0]+4*a[1]+2*a[2]+a[3];
- }
- w[nb]=(8*t[0].lastbits(2)+4*t[1].lastbits(2)+2*t[2].lastbits(2)+t[3].lastbits(2)) as i8;
- p.copy(&g[((w[nb] as usize)-1)/2]);
-
- for i in (0..nb).rev() {
- let m=w[i]>>7;
- let mut j=((w[i]^m)-m) as usize; /* j=abs(w[i]) */
- j=(j-1)/2;
- s[0].copy(&g[j]); s[1].copy(&g[j]); s[1].conj();
- p.usqr();
- p.mul(&mut s[(m&1) as usize]);
- }
- p.mul(&mut c); /* apply correction */
- p.reduce();
- return p;
- }
-
-
-}
-/*
-fn main()
-{
- let mut w=FP12::new();
-}
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/src/fp2.rs
----------------------------------------------------------------------
diff --git a/version22/rust/src/fp2.rs b/version22/rust/src/fp2.rs
deleted file mode 100644
index 7ad62cc..0000000
--- a/version22/rust/src/fp2.rs
+++ /dev/null
@@ -1,366 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-use std::fmt;
-use std::str::SplitWhitespace;
-
-#[derive(Copy, Clone)]
-pub struct FP2 {
- a:FP,
- b:FP,
-}
-
-use rom::BIG_HEX_STRING_LEN;
-//mod fp;
-use fp::FP;
-//mod big;
-use big::BIG;
-//mod dbig;
-//use dbig::DBIG;
-//mod rand;
-//mod hash256;
-//mod rom;
-//use rom;
-
-impl fmt::Display for FP2 {
- fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
- write!(f, "FP2: [ {}, {} ]", self.a, self.b)
- }
-}
-
-impl fmt::Debug for FP2 {
- fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
- write!(f, "FP2: [ {}, {} ]", self.a, self.b)
- }
-}
-
-impl PartialEq for FP2 {
- fn eq(&self, other: &FP2) -> bool {
- return (self.a == other.a) &&
- (self.b == other.b);
- }
-}
-
-impl FP2 {
-
- pub fn new() -> FP2 {
- FP2 {
- a: FP::new(),
- b: FP::new(),
- }
- }
-
- pub fn new_int(a: isize) -> FP2 {
- let mut f=FP2::new();
- f.a.copy(&FP::new_int(a));
- f.b.zero();
- return f;
- }
-
- pub fn new_copy(x: &FP2) -> FP2 {
- let mut f=FP2::new();
- f.a.copy(&x.a);
- f.b.copy(&x.b);
- return f
- }
-
- pub fn new_fps(c: &FP,d: &FP) -> FP2 {
- let mut f=FP2::new();
- f.a.copy(c);
- f.b.copy(d);
- return f;
- }
-
- pub fn new_bigs(c: &BIG,d: &BIG) -> FP2 {
- let mut f=FP2::new();
- f.a.copy(&FP::new_big(c));
- f.b.copy(&FP::new_big(d));
- return f;
- }
-
- pub fn new_fp(c: &FP) -> FP2 {
- let mut f=FP2::new();
- f.a.copy(c);
- f.b.zero();
- return f;
- }
-
- pub fn new_big(c: &BIG) -> FP2 {
- let mut f=FP2::new();
- f.a.copy(&FP::new_big(c));
- f.b.zero();
- return f;
- }
-
-/* reduce components mod Modulus */
- pub fn reduce(&mut self) {
- self.a.reduce();
- self.b.reduce();
- }
-
-/* normalise components of w */
- pub fn norm(&mut self) {
- self.a.norm();
- self.b.norm();
- }
-
-/* test self=0 ? */
- pub fn iszilch(&mut self) -> bool {
- self.reduce();
- return self.a.iszilch() && self.b.iszilch();
- }
-
- pub fn cmove(&mut self,g:&FP2,d: isize) {
- self.a.cmove(&g.a,d);
- self.b.cmove(&g.b,d);
- }
-
-/* test self=1 ? */
- pub fn isunity(&mut self) -> bool {
- let mut one=FP::new_int(1);
- return self.a.equals(&mut one) && self.b.iszilch();
- }
-
-/* test self=x */
- pub fn equals(&mut self,x:&mut FP2) -> bool {
- return self.a.equals(&mut x.a) && self.b.equals(&mut x.b);
- }
-
-/* extract a */
- pub fn geta(&mut self) -> BIG {
- return self.a.redc();
- }
-
-/* extract b */
- pub fn getb(&mut self) -> BIG {
- return self.b.redc();
- }
-
-/* copy self=x */
- pub fn copy(&mut self,x :&FP2) {
- self.a.copy(&x.a);
- self.b.copy(&x.b);
- }
-
-/* set self=0 */
- pub fn zero(&mut self) {
- self.a.zero();
- self.b.zero();
- }
-
-/* set self=1 */
- pub fn one(&mut self) {
- self.a.one();
- self.b.zero();
- }
-
-/* negate self mod Modulus */
- pub fn neg(&mut self) {
- self.norm();
- let mut m=FP::new_copy(&self.a);
- let mut t=FP::new();
-
- m.add(&self.b);
- m.neg();
- m.norm();
- t.copy(&m); t.add(&self.b);
- self.b.copy(&m);
- self.b.add(&self.a);
- self.a.copy(&t);
- }
-
-/* set to a-ib */
- pub fn conj(&mut self) {
- self.b.neg();
- }
-
-/* self+=a */
- pub fn add(&mut self,x:&FP2) {
- self.a.add(&x.a);
- self.b.add(&x.b);
- }
-
- pub fn dbl(&mut self) {
- self.a.dbl();
- self.b.dbl();
- }
-
-/* self-=a */
- pub fn sub(&mut self,x:&FP2) {
- let mut m=FP2::new_copy(x);
- m.neg();
- self.add(&m);
- }
-
-/* self*=s, where s is an FP */
- pub fn pmul(&mut self,s:&mut FP) {
- self.a.mul(s);
- self.b.mul(s);
- }
-
-/* self*=i, where i is an int */
- pub fn imul(&mut self,c: isize) {
- self.a.imul(c);
- self.b.imul(c);
- }
-
-/* self*=self */
- pub fn sqr(&mut self) {
- self.norm();
- let mut w1=FP::new_copy(&self.a);
- let mut w3=FP::new_copy(&self.a);
- let mut mb=FP::new_copy(&self.b);
-
- w3.mul(&mut self.b);
- w1.add(&self.b);
- mb.neg();
- self.a.add(&mb);
- self.a.mul(&mut w1);
- self.b.copy(&w3); self.b.add(&w3);
-
- self.norm();
- }
-
-/* this*=y */
- pub fn mul(&mut self,y :&mut FP2) {
- self.norm(); /* This is needed here as {a,b} is not normed before additions */
-
- let mut w1=FP::new_copy(&self.a);
- let mut w2=FP::new_copy(&self.b);
- let mut w5=FP::new_copy(&self.a);
- let mut mw=FP::new();
-
- w1.mul(&mut y.a); // w1=a*y.a - this norms w1 and y.a, NOT a
- w2.mul(&mut y.b); // w2=b*y.b - this norms w2 and y.b, NOT b
- w5.add(&self.b); // w5=a+b
- self.b.copy(&y.a); self.b.add(&y.b); // b=y.a+y.b
-
- self.b.mul(&mut w5);
- mw.copy(&w1); mw.add(&w2); mw.neg();
-
- self.b.add(&mw); mw.add(&w1);
- self.a.copy(&w1); self.a.add(&mw);
-
- self.norm();
- }
-
-/* sqrt(a+ib) = sqrt(a+sqrt(a*a-n*b*b)/2)+ib/(2*sqrt(a+sqrt(a*a-n*b*b)/2)) */
-/* returns true if this is QR */
- pub fn sqrt(&mut self) -> bool {
- if self.iszilch() {return true}
- let mut w1=FP::new_copy(&self.b);
- let mut w2=FP::new_copy(&self.a);
- w1.sqr(); w2.sqr(); w1.add(&w2);
- if w1.jacobi()!=1 { self.zero(); return false }
- w2.copy(&w1.sqrt()); w1.copy(&w2);
- w2.copy(&self.a); w2.add(&w1); w2.div2();
- if w2.jacobi()!=1 {
- w2.copy(&self.a); w2.sub(&w1); w2.div2();
- if w2.jacobi()!=1 { self.zero(); return false }
- }
- w1.copy(&w2.sqrt());
- self.a.copy(&w1);
- w1.dbl();
- w1.inverse();
- self.b.mul(&mut w1);
- return true;
- }
-
-/* output to hex string */
- pub fn tostring(&mut self) -> String {
- return format!("[{},{}]",self.a.tostring(),self.b.tostring());
- }
-
- pub fn to_hex(&self) -> String {
- let mut ret: String = String::with_capacity(2 * BIG_HEX_STRING_LEN);
- ret.push_str(&format!("{} {}", self.a.to_hex(), self.b.to_hex()));
- return ret;
- }
-
- pub fn from_hex_iter(iter: &mut SplitWhitespace) -> FP2 {
- let mut ret:FP2 = FP2::new();
- ret.a = FP::from_hex_iter(iter);
- ret.b = FP::from_hex_iter(iter);
- return ret;
- }
-
- pub fn from_hex(val: String) -> FP2 {
- let mut iter = val.split_whitespace();
- return FP2::from_hex_iter(&mut iter);
- }
-
-/* self=1/self */
- pub fn inverse(&mut self) {
- self.norm();
- let mut w1=FP::new_copy(&self.a);
- let mut w2=FP::new_copy(&self.b);
-
- w1.sqr();
- w2.sqr();
- w1.add(&w2);
- w1.inverse();
- self.a.mul(&mut w1);
- w1.neg();
- self.b.mul(&mut w1);
- }
-
-/* self/=2 */
- pub fn div2(&mut self) {
- self.a.div2();
- self.b.div2();
- }
-
-/* self*=sqrt(-1) */
- pub fn times_i(&mut self) {
- // a.norm();
- let z=FP::new_copy(&self.a);
- self.a.copy(&self.b); self.a.neg();
- self.b.copy(&z);
- }
-
-/* w*=(1+sqrt(-1)) */
-/* where X*2-(1+sqrt(-1)) is irreducible for FP4, assumes p=3 mod 8 */
- pub fn mul_ip(&mut self) {
- self.norm();
- let t=FP2::new_copy(self);
- let z=FP::new_copy(&self.a);
- self.a.copy(&self.b);
- self.a.neg();
- self.b.copy(&z);
- self.add(&t);
- self.norm();
- }
-
-/* w/=(1+sqrt(-1)) */
- pub fn div_ip(&mut self) {
- let mut t=FP2::new();
- self.norm();
- t.a.copy(&self.a); t.a.add(&self.b);
- t.b.copy(&self.b); t.b.sub(&self.a);
- self.copy(&t);
- self.div2();
- }
-
-}
-/*
-fn main()
-{
- let mut x=FP2::new();
-}
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/src/fp4.rs
----------------------------------------------------------------------
diff --git a/version22/rust/src/fp4.rs b/version22/rust/src/fp4.rs
deleted file mode 100644
index ea2806d..0000000
--- a/version22/rust/src/fp4.rs
+++ /dev/null
@@ -1,563 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-use std::fmt;
-use std::str::SplitWhitespace;
-
-#[derive(Copy, Clone)]
-pub struct FP4 {
- a:FP2,
- b:FP2,
-}
-
-use rom::BIG_HEX_STRING_LEN;
-//mod fp;
-//use fp::FP;
-//mod fp2;
-use fp2::FP2;
-//mod big;
-use big::BIG;
-//mod dbig;
-//use dbig::DBIG;
-//mod rand;
-//mod hash256;
-//mod rom;
-//use rom;
-
-impl PartialEq for FP4 {
- fn eq(&self, other: &FP4) -> bool {
- return (self.a == other.a) &&
- (self.b == other.b);
- }
-}
-
-impl fmt::Display for FP4 {
- fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
- write!(f, "FP4: [ {}, {} ]", self.a, self.b)
- }
-}
-
-impl fmt::Debug for FP4 {
- fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
- write!(f, "FP4: [ {}, {} ]", self.a, self.b)
- }
-}
-
-impl FP4 {
-
- pub fn new() -> FP4 {
- FP4 {
- a: FP2::new(),
- b: FP2::new(),
- }
- }
-
- pub fn new_int(a: isize) -> FP4 {
- let mut f=FP4::new();
- f.a.copy(&FP2::new_int(a));
- f.b.zero();
- return f;
- }
-
- pub fn new_copy(x: &FP4) -> FP4 {
- let mut f=FP4::new();
- f.a.copy(&x.a);
- f.b.copy(&x.b);
- return f;
- }
-
- pub fn new_fp2s(c: &FP2,d: &FP2) -> FP4 {
- let mut f=FP4::new();
- f.a.copy(c);
- f.b.copy(d);
- return f;
- }
-
- pub fn new_fp2(c: &FP2) -> FP4 {
- let mut f=FP4::new();
- f.a.copy(c);
- f.b.zero();
- return f;
- }
-
-/* reduce components mod Modulus */
- pub fn reduce(&mut self) {
- self.a.reduce();
- self.b.reduce();
- }
-
-/* normalise components of w */
- pub fn norm(&mut self) {
- self.a.norm();
- self.b.norm();
- }
-
-/* test self=0 ? */
- pub fn iszilch(&mut self) -> bool {
- self.reduce();
- return self.a.iszilch() && self.b.iszilch();
- }
-
-/* test self=1 ? */
- pub fn isunity(&mut self) -> bool {
- let mut one=FP2::new_int(1);
- return self.a.equals(&mut one) && self.b.iszilch();
- }
-
-/* test is w real? That is in a+ib test b is zero */
- pub fn isreal(&mut self) -> bool {
- return self.b.iszilch();
- }
-/* extract real part a */
- pub fn real(&mut self) -> FP2 {
- let f=FP2::new_copy(&self.a);
- return f;
- }
-
- pub fn geta(&mut self) -> FP2 {
- let f=FP2::new_copy(&self.a);
- return f;
- }
-/* extract imaginary part b */
- pub fn getb(&mut self) -> FP2 {
- let f=FP2::new_copy(&self.b);
- return f;
- }
-
-/* test self=x */
- pub fn equals(&mut self,x:&mut FP4) -> bool {
- return self.a.equals(&mut x.a) && self.b.equals(&mut x.b);
- }
-/* copy self=x */
- pub fn copy(&mut self,x :&FP4) {
- self.a.copy(&x.a);
- self.b.copy(&x.b);
- }
-
-/* set self=0 */
- pub fn zero(&mut self) {
- self.a.zero();
- self.b.zero();
- }
-
-/* set self=1 */
- pub fn one(&mut self) {
- self.a.one();
- self.b.zero();
- }
-
-/* negate self mod Modulus */
- pub fn neg(&mut self) {
- self.norm();
- let mut m=FP2::new_copy(&self.a);
- let mut t=FP2::new();
-
- m.add(&self.b);
- m.neg();
- m.norm();
- t.copy(&m); t.add(&self.b);
- self.b.copy(&m);
- self.b.add(&self.a);
- self.a.copy(&t);
- }
-
-/* set to a-ib */
- pub fn conj(&mut self) {
- self.b.neg();
- self.b.norm();
- }
-
-/* self=-conjugate(self) */
- pub fn nconj(&mut self) {
- self.a.neg(); self.a.norm();
- }
-
-/* self+=a */
- pub fn add(&mut self,x:&FP4) {
- self.a.add(&x.a);
- self.b.add(&x.b);
- }
-
- pub fn padd(&mut self,x:&FP2) {
- self.a.add(x);
- }
-
- pub fn dbl(&mut self) {
- self.a.dbl();
- self.b.dbl();
- }
-
-/* self-=a */
- pub fn sub(&mut self,x:&FP4) {
- let mut m=FP4::new_copy(x);
- m.neg();
- self.add(&m);
- }
-
-/* self*=s, where s is an FP */
- pub fn pmul(&mut self,s:&mut FP2) {
- self.a.mul(s);
- self.b.mul(s);
- }
-
-/* self*=i, where i is an int */
- pub fn imul(&mut self,c: isize) {
- self.a.imul(c);
- self.b.imul(c);
- }
-
-/* self*=self */
- pub fn sqr(&mut self) {
- self.norm();
-
- let mut t1=FP2::new_copy(&self.a);
- let mut t2=FP2::new_copy(&self.b);
- let mut t3=FP2::new_copy(&self.a);
-
-
- t3.mul(&mut self.b);
- t1.add(&self.b);
- t2.mul_ip();
-
- t2.add(&mut self.a);
- self.a.copy(&t1);
-
- self.a.mul(&mut t2);
-
- t2.copy(&t3);
- t2.mul_ip();
- t2.add(&mut t3);
- t2.neg();
- self.a.add(&t2);
-
- t3.dbl();
- self.b.copy(&t3);
-
- self.norm();
- }
-
-/* self*=y */
- pub fn mul(&mut self,y :&mut FP4) {
- self.norm();
-
- let mut t1=FP2::new_copy(&self.a);
- let mut t2=FP2::new_copy(&self.b);
- let mut t3=FP2::new();
- let mut t4=FP2::new_copy(&self.b);
-
- t1.mul(&mut y.a);
- t2.mul(&mut y.b);
- t3.copy(&y.b);
- t3.add(&y.a);
- t4.add(&self.a);
-
- t4.mul(&mut t3);
- t4.sub(&t1);
- t4.norm();
-
- self.b.copy(&t4);
- self.b.sub(&t2);
- t2.mul_ip();
- self.a.copy(&t2);
- self.a.add(&t1);
-
- self.norm();
- }
-
-/* output to hex string */
- pub fn tostring(&mut self) -> String {
- return format!("[{},{}]",self.a.tostring(),self.b.tostring());
- }
-
- pub fn to_hex(&self) -> String {
- let mut ret: String = String::with_capacity(4 * BIG_HEX_STRING_LEN);
- ret.push_str(&format!("{} {}", self.a.to_hex(), self.b.to_hex()));
- return ret;
- }
-
- pub fn from_hex_iter(iter: &mut SplitWhitespace) -> FP4 {
- let mut ret:FP4 = FP4::new();
- ret.a = FP2::from_hex_iter(iter);
- ret.b = FP2::from_hex_iter(iter);
- return ret;
- }
-
- pub fn from_hex(val: String) -> FP4 {
- let mut iter = val.split_whitespace();
- return FP4::from_hex_iter(&mut iter);
- }
-
-/* self=1/self */
- pub fn inverse(&mut self) {
- self.norm();
-
- let mut t1=FP2::new_copy(&self.a);
- let mut t2=FP2::new_copy(&self.b);
-
- t1.sqr();
- t2.sqr();
- t2.mul_ip();
- t1.sub(&t2);
- t1.inverse();
- self.a.mul(&mut t1);
- t1.neg();
- self.b.mul(&mut t1);
- }
-
-/* self*=i where i = sqrt(-1+sqrt(-1)) */
- pub fn times_i(&mut self) {
- self.norm();
- let mut s=FP2::new_copy(&self.b);
- let mut t=FP2::new_copy(&self.b);
- s.times_i();
- t.add(&s);
- t.norm();
- self.b.copy(&self.a);
- self.a.copy(&t);
- }
-
-/* self=self^p using Frobenius */
- pub fn frob(&mut self,f: &mut FP2) {
- self.a.conj();
- self.b.conj();
- self.b.mul(f);
- }
-
-/* self=self^e */
- pub fn pow(&mut self,e: &mut BIG) -> FP4 {
- self.norm();
- e.norm();
- let mut w=FP4::new_copy(self);
- let mut z=BIG::new_copy(&e);
- let mut r=FP4::new_int(1);
- loop {
- let bt=z.parity();
- z.fshr(1);
- if bt==1 {r.mul(&mut w)};
- if z.iszilch() {break}
- w.sqr();
- }
- r.reduce();
- return r;
- }
-
-/* XTR xtr_a function */
- pub fn xtr_a(&mut self,w:&FP4,y:&FP4,z:&FP4) {
- let mut r=FP4::new_copy(w);
- let mut t=FP4::new_copy(w);
- r.sub(y);
- r.pmul(&mut self.a);
- t.add(y);
- t.pmul(&mut self.b);
- t.times_i();
-
- self.copy(&r);
- self.add(&t);
- self.add(z);
-
- self.norm();
- }
-
-/* XTR xtr_d function */
- pub fn xtr_d(&mut self) {
- let mut w=FP4::new_copy(self);
- self.sqr(); w.conj();
- w.dbl();
- self.sub(&w);
- self.reduce();
- }
-
-/* r=x^n using XTR method on traces of FP12s */
- pub fn xtr_pow(&mut self,n: &mut BIG) -> FP4 {
- let mut a=FP4::new_int(3);
- let mut b=FP4::new_copy(self);
- let mut c=FP4::new_copy(&b);
- c.xtr_d();
- let mut t=FP4::new();
- let mut r=FP4::new();
-
- n.norm();
- let par=n.parity();
- let mut v=BIG::new_copy(n); v.fshr(1);
- if par==0 {v.dec(1); v.norm(); }
-
- let nb=v.nbits();
- for i in (0..nb).rev() {
- if v.bit(i)!=1 {
- t.copy(&b);
- self.conj();
- c.conj();
- b.xtr_a(&a,self,&c);
- self.conj();
- c.copy(&t);
- c.xtr_d();
- a.xtr_d();
- } else {
- t.copy(&a); t.conj();
- a.copy(&b);
- a.xtr_d();
- b.xtr_a(&c,self,&t);
- c.xtr_d();
- }
- }
- if par==0 {
- r.copy(&c)
- } else {r.copy(&b)}
- r.reduce();
- return r;
- }
-
-/* r=ck^a.cl^n using XTR double exponentiation method on traces of FP12s. See Stam thesis. */
- pub fn xtr_pow2(&mut self,ck: &FP4,ckml: &FP4,ckm2l: &FP4,a: &mut BIG,b: &mut BIG) -> FP4 {
- a.norm(); b.norm();
- let mut e=BIG::new_copy(a);
- let mut d=BIG::new_copy(b);
- let mut w=BIG::new();
-
- let mut cu=FP4::new_copy(ck); // can probably be passed in w/o copying
- let mut cv=FP4::new_copy(self);
- let mut cumv=FP4::new_copy(ckml);
- let mut cum2v=FP4::new_copy(ckm2l);
- let mut r=FP4::new();
- let mut t=FP4::new();
-
- let mut f2:usize=0;
- while d.parity()==0 && e.parity()==0 {
- d.fshr(1);
- e.fshr(1);
- f2+=1;
- }
-
- while BIG::comp(&d,&e)!=0 {
- if BIG::comp(&d,&e)>0 {
- w.copy(&e); w.imul(4); w.norm();
- if BIG::comp(&d,&w)<=0 {
- w.copy(&d); d.copy(&e);
- e.rsub(&w); e.norm();
-
- t.copy(&cv);
- t.xtr_a(&cu,&cumv,&cum2v);
- cum2v.copy(&cumv);
- cum2v.conj();
- cumv.copy(&cv);
- cv.copy(&cu);
- cu.copy(&t);
- } else {
- if d.parity()==0 {
- d.fshr(1);
- r.copy(&cum2v); r.conj();
- t.copy(&cumv);
- t.xtr_a(&cu,&cv,&r);
- cum2v.copy(&cumv);
- cum2v.xtr_d();
- cumv.copy(&t);
- cu.xtr_d();
- } else {
- if e.parity()==1 {
- d.sub(&e); d.norm();
- d.fshr(1);
- t.copy(&cv);
- t.xtr_a(&cu,&cumv,&cum2v);
- cu.xtr_d();
- cum2v.copy(&cv);
- cum2v.xtr_d();
- cum2v.conj();
- cv.copy(&t);
- } else {
- w.copy(&d);
- d.copy(&e); d.fshr(1);
- e.copy(&w);
- t.copy(&cumv);
- t.xtr_d();
- cumv.copy(&cum2v); cumv.conj();
- cum2v.copy(&t); cum2v.conj();
- t.copy(&cv);
- t.xtr_d();
- cv.copy(&cu);
- cu.copy(&t);
- }
- }
- }
- }
- if BIG::comp(&d,&e)<0 {
- w.copy(&d); w.imul(4); w.norm();
- if BIG::comp(&e,&w)<=0 {
- e.sub(&d); e.norm();
- t.copy(&cv);
- t.xtr_a(&cu,&cumv,&cum2v);
- cum2v.copy(&cumv);
- cumv.copy(&cu);
- cu.copy(&t);
- } else {
- if e.parity()==0 {
- w.copy(&d);
- d.copy(&e); d.fshr(1);
- e.copy(&w);
- t.copy(&cumv);
- t.xtr_d();
- cumv.copy(&cum2v); cumv.conj();
- cum2v.copy(&t); cum2v.conj();
- t.copy(&cv);
- t.xtr_d();
- cv.copy(&cu);
- cu.copy(&t);
- } else {
- if d.parity()==1 {
- w.copy(&e);
- e.copy(&d);
- w.sub(&d); w.norm();
- d.copy(&w); d.fshr(1);
- t.copy(&cv);
- t.xtr_a(&cu,&cumv,&cum2v);
- cumv.conj();
- cum2v.copy(&cu);
- cum2v.xtr_d();
- cum2v.conj();
- cu.copy(&cv);
- cu.xtr_d();
- cv.copy(&t);
- } else {
- d.fshr(1);
- r.copy(&cum2v); r.conj();
- t.copy(&cumv);
- t.xtr_a(&cu,&cv,&r);
- cum2v.copy(&cumv);
- cum2v.xtr_d();
- cumv.copy(&t);
- cu.xtr_d();
- }
- }
- }
- }
- }
- r.copy(&cv);
- r.xtr_a(&cu,&cumv,&cum2v);
- for _ in 0..f2 {r.xtr_d()}
- r=r.xtr_pow(&mut d);
- return r;
- }
-
-
-}
-/*
-fn main()
-{
- let mut w=FP4::new();
-}
-*/
[20/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/swift/rsa.swift
----------------------------------------------------------------------
diff --git a/version22/swift/rsa.swift b/version22/swift/rsa.swift
deleted file mode 100644
index fd3fa84..0000000
--- a/version22/swift/rsa.swift
+++ /dev/null
@@ -1,400 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-//
-// rsa.swift
-//
-// Created by Michael Scott on 25/06/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-import Foundation
-
-/* RSA API high-level functions */
-
-final public class rsa_private_key {
- var p:FF
- var q:FF
- var dp:FF
- var dq:FF
- var c:FF
-
- public init(_ n: Int)
- {
- p=FF(n);
- q=FF(n);
- dp=FF(n);
- dq=FF(n);
- c=FF(n);
- }
-}
-
-final public class rsa_public_key
-{
- var e:Int
- var n:FF
-
- public init(_ m:Int)
- {
- e=0;
- n=FF(m);
- }
-}
-
-final public class RSA {
-
- static public let RFS=Int(ROM.MODBYTES*ROM.FFLEN)
- static public let SHA256=32
- static public let SHA384=48
- static public let SHA512=64
-
- static public let HASH_TYPE=SHA384
-
- /* Hash number (optional) and string to array size of Bigs */
-
- static private func hashit(_ sha:Int,_ A: [UInt8]?,_ n: Int32) -> [UInt8]
- {
- if sha==RSA.SHA256
- {
- let H=HASH256()
- if A != nil {H.process_array(A!)}
- if n >= 0 {H.process_num(n)}
- let R=H.hash()
- return R
- }
- if sha==RSA.SHA384
- {
- let H=HASH384()
- if A != nil {H.process_array(A!)}
- if n >= 0 {H.process_num(n)}
- let R=H.hash()
- return R
- }
- if sha==RSA.SHA512
- {
- let H=HASH512()
- if A != nil {H.process_array(A!)}
- if n >= 0 {H.process_num(n)}
- let R=H.hash()
- return R
- }
- return [UInt8]()
- }
-
- /* generate an RSA key pair */
-
- static public func KEY_PAIR(_ rng: RAND,_ e:Int,_ PRIV:rsa_private_key,_ PUB:rsa_public_key)
- { /* IEEE1363 A16.11/A16.12 more or less */
-
- let n=PUB.n.getlen()/2;
- let t = FF(n);
- let p1=FF(n);
- let q1=FF(n);
-
- while true
- {
-
- PRIV.p.random(rng);
- while PRIV.p.lastbits(2) != 3 {PRIV.p.inc(1)}
- while !FF.prime(PRIV.p,rng) {PRIV.p.inc(4)}
-
- p1.copy(PRIV.p);
- p1.dec(1);
-
- if p1.cfactor(e) {continue}
- break;
- }
-
- while true
- {
- PRIV.q.random(rng);
- while PRIV.q.lastbits(2) != 3 {PRIV.q.inc(1)}
- while !FF.prime(PRIV.q,rng) {PRIV.q.inc(4)}
-
- q1.copy(PRIV.q);
- q1.dec(1);
-
- if q1.cfactor(e) {continue}
-
- break;
- }
-
- PUB.n=FF.mul(PRIV.p,PRIV.q);
- PUB.e=e;
-
- t.copy(p1);
- t.shr();
- PRIV.dp.set(e);
- PRIV.dp.invmodp(t);
- if (PRIV.dp.parity()==0) {PRIV.dp.add(t)}
- PRIV.dp.norm();
-
- t.copy(q1);
- t.shr();
- PRIV.dq.set(e);
- PRIV.dq.invmodp(t);
- if (PRIV.dq.parity()==0) {PRIV.dq.add(t)}
- PRIV.dq.norm();
-
- PRIV.c.copy(PRIV.p);
- PRIV.c.invmodp(PRIV.q);
-
- return;
- }
- /* Mask Generation Function */
-
- static func MGF1(_ sha: Int,_ Z: [UInt8],_ olen:Int,_ K:inout [UInt8])
- {
- let hlen=sha
-
- var k=0;
- for i in 0 ..< K.count {K[i]=0}
-
- var cthreshold=Int32(olen/hlen); if (olen%hlen != 0) {cthreshold += 1}
- for counter:Int32 in 0 ..< cthreshold
- {
- var B=RSA.hashit(sha,Z,counter)
- if (k+hlen>olen) {for i in 0 ..< olen%hlen {K[k]=B[i]; k+=1}}
- else {for i in 0 ..< hlen {K[k]=B[i]; k+=1}}
- }
- }
-
- static public func printBinary(_ array: [UInt8])
- {
- for i in 0 ..< array.count
- {
- let h=String(array[i],radix:16)
- print("\(h)", terminator: "")
- }
- print("");
- }
-
- static let SHA256ID:[UInt8]=[0x30,0x31,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0x04,0x20]
- static let SHA384ID:[UInt8]=[0x30,0x41,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,0x05,0x00,0x04,0x30]
- static let SHA512ID:[UInt8]=[0x30,0x51,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00,0x04,0x40]
-
- /* PKCS 1.5 padding of a message to be signed */
- static public func PKCS15(_ sha:Int,_ m:[UInt8],_ w:inout [UInt8])->Bool
- {
- let hlen=sha
- let olen=Int(ROM.FF_BITS/8)
- let idlen=19;
-
- if olen<idlen+hlen+10 {return false}
- let H=hashit(sha,m,-1)
- for i in 0 ..< w.count {w[i]=0}
-
- w[0]=0
- w[1]=1
- var i=2
- var j=0
-
- while j<olen-idlen-hlen-3
- {
- w[i]=0xff
- i+=1; j+=1
- }
- w[i]=0; i+=1;
-
- if hlen==RSA.SHA256
- {
- for j in 0 ..< idlen {w[i]=SHA256ID[j]; i+=1}
- }
- if hlen==RSA.SHA384
- {
- for j in 0 ..< idlen {w[i]=SHA384ID[j]; i+=1}
- }
- if hlen==RSA.SHA512
- {
- for j in 0 ..< idlen {w[i]=SHA512ID[j]; i+=1}
- }
-
- for j in 0 ..< hlen {w[i]=H[j];i+=1}
-
- return true
- }
-
-
- /* OAEP Message Encoding for Encryption */
- static public func OAEP_ENCODE(_ sha:Int,_ m:[UInt8],_ rng:RAND,_ p:[UInt8]?) -> [UInt8]
- {
- let olen=RFS-1;
- let mlen=m.count;
- var f=[UInt8](repeating: 0,count: RSA.RFS)
-
- let hlen=sha;
- var SEED=[UInt8](repeating: 0,count: hlen)
- let seedlen=hlen;
- if (mlen>olen-hlen-seedlen-1) {return [UInt8]()}
-
- var DBMASK=[UInt8](repeating: 0,count: olen-seedlen)
-
- var h=hashit(sha,p,-1)
- for i in 0 ..< hlen {f[i]=h[i]}
-
- let slen=olen-mlen-hlen-seedlen-1;
-
- for i in 0 ..< slen {f[hlen+i]=0}
- f[hlen+slen]=1;
- for i in 0 ..< mlen {f[hlen+slen+1+i]=m[i]}
-
- for i in 0 ..< seedlen {SEED[i]=rng.getByte()}
- RSA.MGF1(sha,SEED,olen-seedlen,&DBMASK)
-
- for i in 0 ..< olen-seedlen {DBMASK[i]^=f[i]}
- RSA.MGF1(sha,DBMASK,seedlen,&f)
-
- for i in 0 ..< seedlen {f[i]^=SEED[i]}
-
- for i in 0 ..< olen-seedlen {f[i+seedlen]=DBMASK[i]}
-
- /* pad to length RFS */
- let d:Int=1;
- for i in (d...RFS-1).reversed()
- {f[i]=f[i-d]}
- for i in 0...d-1
- {f[i]=0}
-
- return f;
- }
-
- /* OAEP Message Decoding for Decryption */
- static public func OAEP_DECODE(_ sha: Int,_ p: [UInt8]?,_ f:inout [UInt8]) -> [UInt8]
- {
- let olen=RFS-1
- var k:Int
- let hlen=sha
- var SEED=[UInt8](repeating: 0,count: hlen)
- let seedlen=hlen
- var CHASH=[UInt8](repeating: 0,count: hlen)
-
- if olen<seedlen+hlen+1 {return [UInt8()]}
- var DBMASK=[UInt8](repeating: 0,count: olen-seedlen)
- for i in 0 ..< olen-seedlen {DBMASK[i]=0}
-
- if (f.count<RFS)
- {
- let d=RFS-f.count;
- for i in (d...RFS-1).reversed()
- {f[i]=f[i-d]}
- for i in 0...d-1
- {f[i]=0}
-
- }
-
- var h=hashit(sha,p,-1)
- for i in 0 ..< hlen {CHASH[i]=h[i]}
-
- let x=f[0];
-
- for i in seedlen ..< olen
- {DBMASK[i-seedlen]=f[i+1]}
-
- RSA.MGF1(sha,DBMASK,seedlen,&SEED);
- for i in 0 ..< seedlen {SEED[i]^=f[i+1]}
- RSA.MGF1(sha,SEED,olen-seedlen,&f);
- for i in 0 ..< olen-seedlen {DBMASK[i]^=f[i]}
-
- var comp=true;
- for i in 0 ..< hlen
- {
- if (CHASH[i] != DBMASK[i]) {comp=false}
- }
-
- for i in 0 ..< olen-seedlen-hlen
- {DBMASK[i]=DBMASK[i+hlen]}
-
- for i in 0 ..< hlen
- {SEED[i]=0;CHASH[i]=0;}
-
- k=0
- while (true)
- {
- if (k>=olen-seedlen-hlen) {return [UInt8]()}
- if (DBMASK[k] != 0) {break}
- k+=1
- }
-
- let t=DBMASK[k];
- if (!comp || x != 0 || t != 0x01)
- {
- for i in 0 ..< olen-seedlen {DBMASK[i]=0}
- return [UInt8]()
- }
-
- var r=[UInt8](repeating: 0,count: olen-seedlen-hlen-k-1)
-
- for i in 0 ..< olen-seedlen-hlen-k-1
- {r[i]=DBMASK[i+k+1]}
-
- for i in 0 ..< olen-seedlen {DBMASK[i]=0}
-
- return r;
- }
- /* destroy the Private Key structure */
- static public func PRIVATE_KEY_KILL(_ PRIV: rsa_private_key)
- {
- PRIV.p.zero();
- PRIV.q.zero();
- PRIV.dp.zero();
- PRIV.dq.zero();
- PRIV.c.zero();
- }
- /* RSA encryption with the public key */
- static public func ENCRYPT(_ PUB: rsa_public_key,_ F:[UInt8],_ G:inout [UInt8])
- {
- let n=PUB.n.getlen()
- let f=FF(n)
-
- FF.fromBytes(f,F)
- f.power(PUB.e,PUB.n)
- f.toBytes(&G)
- }
- /* RSA decryption with the private key */
- static public func DECRYPT(_ PRIV: rsa_private_key,_ G:[UInt8],_ F:inout [UInt8])
- {
- let n=PRIV.p.getlen()
- let g=FF(2*n)
-
- FF.fromBytes(g,G)
- let jp=g.dmod(PRIV.p)
- var jq=g.dmod(PRIV.q)
-
- jp.skpow(PRIV.dp,PRIV.p)
- jq.skpow(PRIV.dq,PRIV.q)
-
- g.zero()
- g.dscopy(jp)
- jp.mod(PRIV.q)
- if (FF.comp(jp,jq)>0) {jq.add(PRIV.q)}
- jq.sub(jp)
- jq.norm()
-
- var t=FF.mul(PRIV.c,jq)
- jq=t.dmod(PRIV.q)
-
- t=FF.mul(jq,PRIV.p)
- g.add(t);
- g.norm();
-
- g.toBytes(&F);
- }
-
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/amcl3.pdf
----------------------------------------------------------------------
diff --git a/version3/amcl3.pdf b/version3/amcl3.pdf
deleted file mode 100644
index de1249d..0000000
Binary files a/version3/amcl3.pdf and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/bestpair.cpp
----------------------------------------------------------------------
diff --git a/version3/bestpair.cpp b/version3/bestpair.cpp
deleted file mode 100644
index f3e47bd..0000000
--- a/version3/bestpair.cpp
+++ /dev/null
@@ -1,623 +0,0 @@
-//
-// Program to generate "best" BN, BLS12, BLS24 and BLS48 curves (with modulus p=3 mod 8)
-//
-// g++ -O2 bestpair.cpp zzn8.cpp zzn4.cpp zzn2.cpp zzn.cpp ecn8.cpp ecn4.cpp ecn2.cpp ecn.cpp big.cpp miracl.a -o bestpair.exe
-//
-// Further tests may be needed to ensure full satisfaction (e.g. twist security, even x, etc.)
-//
-// Note that finding curves that are both GT and G2 Strong, can take a while
-//
-// Suggestions:-
-// For AES-128 security: bestpair BLS12 64 3
-// For AES-192 security: bestpair BLS24 48 4
-// FOr AES-256 security: bestpair BLS48 32 4
-
-// Some possible rational points on y^2=x^3+b (x^3+b is a perfect square)
-// b=1, x=0, -1 or 2
-// b=2, x=-1
-// b=3, x=1
-// b=4, x=0
-// b=5, x=-1
-// b=8, x=-2, 1, 2
-// b=9, x=0, 3, 6, 40
-// b=10, x=-1
-// b=12, x=-2, 13
-
-// b=-1, x=1
-// b=-2, x=3;
-// b=-4, x=2, 5
-// b=-7, x=2, 32
-// b=-8, x=2
-// b=-11, x=3, 15
-
-// of course these points need to be checked for correct order...
-
-#include <iostream>
-#include "big.h"
-#include "ecn.h"
-#include "ecn2.h"
-#include "ecn4.h"
-#include "ecn8.h"
-
-#define BN 0
-#define BLS12 1
-#define BLS24 2
-#define BLS48 3
-
-using namespace std;
-
-Miracl precision=500;
-
-// Number of ways of selecting k items from n
-Big combo(int n,int k)
-{ // calculate n C k
- int i;
- Big c,d;
-
- d=1;
- for (i=2;i<=k;i++)
- d*=i;
-
- c=1;
- for (i=n;i>n-k;i--)
- c*=i;
-
- c/=d;
- return c;
-}
-
-// Number of candidates to be searched.
-Big count(int b,int h)
-{
- Big c=combo(b-h+1,h-1)+combo(b-h+1,h-2);
- c*=pow((Big)2,h);
- return c;
-}
-
-// Move to next NAF pattern
-int iterate(int *x,int n)
-{
- int i,j,k,gotone=0;
- for (i=0;i<n-1;i++)
- {
- if (x[i]==1 && x[i+2]==0)
- {
- gotone=1;
- x[i+1]=1;
- x[i]=0;
- if (x[0]==1) break;
- for (k=1;;k++)
- if (x[k]!=0) break;
- for (j=0;j<i-k;j+=2)
- {
- x[j]=x[j+k];
- x[j+k]=0;
- }
- break;
- }
-
- }
- return gotone;
-}
-
-int main(int argc, char *argv[])
-{
- int HW,BITS,S,type,xm8,xm3,xm24,percent,pc;
- Big cnt,odds,total;
- int i,j,k,m,jj,bt,hw,twist,pb,nb,b,cb[40],ip;
- int xb[256];
- BOOL G2,GT,gotH,gotB,gotT,progress;
- Big msb,c,r,m1,n,p,q,t,x,y,w,X,Y,cof,cof2,coft,tau[9];
- Big PP,TT,FF;
- Big xp[10];
- int pw[10];
- miracl *mip=&precision;
- ECn P;
-
- argc--; argv++;
-
- if (argc<2)
- {
- cout << "Missing arguments" << endl;
- cout << "Program to find best pairing-friendly curves" << endl;
- cout << "bestpair type bits Hamming-weight" << endl;
- cout << "where type is the curve (BN, BLS12, BLS24, BLS48)" << endl;
- cout << "where bits is number of bits in curve x parameter (>30 and <200)" << endl;
- cout << "and hamming-weight is the number of non-zero bits (>1 and <10)" << endl;
- cout << "e.g. bestpair BLS12 77 3" << endl;
- cout << "Use flag /GT for GT-Strong curves" << endl;
- cout << "Use flag /G2 for G2-Strong curves" << endl;
- cout << "Use flag /P to show progress" << endl;
-
- exit(0);
- }
-
- ip=0; HW=0; BITS=0;
- G2=GT=gotB=gotH=gotT=progress=FALSE;
-
- while (ip<argc)
- {
- if (!gotT && strcmp(argv[ip],"BN")==0)
- {
- ip++;
- gotT=TRUE;
- type=BN;
- }
- if (!gotT && strcmp(argv[ip],"BLS12")==0)
- {
- ip++;
- gotT=TRUE;
- type=BLS12;
- }
- if (!gotT && strcmp(argv[ip],"BLS24")==0)
- {
- ip++;
- gotT=TRUE;
- type=BLS24;
- }
- if (!gotT && strcmp(argv[ip],"BLS48")==0)
- {
- ip++;
- gotT=TRUE;
- type=BLS48;
- }
- if (!G2 && strcmp(argv[ip],"/G2")==0)
- {
- ip++;
- G2=TRUE;
- continue;
- }
- if (!GT && strcmp(argv[ip],"/GT")==0)
- {
- ip++;
- GT=TRUE;
- continue;
- }
- if (!progress && strcmp(argv[ip],"/P")==0)
- {
- ip++;
- progress=TRUE;
- continue;
- }
- if (!gotB)
- {
- BITS=atoi(argv[ip++]);
- gotB=TRUE;
- continue;
- }
-
- if (!gotH)
- {
- HW=atoi(argv[ip++]);
- gotH=TRUE;
- continue;
- }
-
- cout << "Error in command line" << endl;
- return 0;
-
- }
- if (!gotH || !gotB || !gotT || HW>9 || HW<2 || BITS>=200 || BITS<30)
- {
- cout << "Error in command line" << endl;
- return 0;
- }
-
- hw=HW-1;
- msb=pow((Big)2,BITS);
-
- for (i=0;i<=BITS;i++)
- xb[i]=0;
-
- for (i=0;i<hw;i++)
- xb[2*i]=1;
-
- S=0;
-
- total=count(BITS,HW);
- cout << "search " << total << " candidates" << endl;
-
-// very approximate estimate of odds of success. Assumes primes are not correlated (but they are!)
- if (type==BN)
- {
- odds = (7*(4*BITS+5)/10)*(7*(4*BITS+5)/10);
- if (G2)
- odds*=(7*(4*BITS+5)/10);
- if (GT)
- odds*=(7*(12*BITS+16)/10);
- }
- if (type==BLS12)
- {
- odds = ((7*4*BITS)/10)*((7*6*BITS)/10);
- if (G2)
- odds*=(7*(8*BITS)/10);
- if (GT)
- odds*=(7*(20*BITS)/10);
- }
- if (type==BLS24)
- {
- odds = ((7*8*BITS)/10)*((7*10*BITS)/10);
- if (G2)
- odds*=(7*(32*BITS)/10);
- if (GT)
- odds*=(7*(72*BITS)/10);
- }
- if (type==BLS48)
- {
- odds = ((7*16*BITS)/10)*((7*18*BITS)/10);
- if (G2)
- odds*=(7*(128*BITS)/10);
- if (GT)
- odds*=(7*(272*BITS)/10);
- }
-
- odds/=8; // frig factor
- cout << "one in " << odds << " expected to be OK" << endl;
-
-// gprime(1000);
- percent=-1;
- cnt=0;
- for (;;)
- {
- if (cnt>0 && !iterate(xb,BITS)) break;
- for (i=j=0;i<BITS;i++)
- { // assign values to set bits
- if (xb[i]==1)
- {
- xp[j]=pow((Big)2,i);
- pw[j]=i;
- j++;
- }
- }
- xp[j]=msb;
- pw[j]=BITS;
- j++;
-
- // iterate through all combinations of + and - terms
- for (i=0;i<(1<<j);i++)
- {
- cnt+=1;
- if (progress)
- {
- pc=toint((100*cnt)/total);
-
- if (percent<pc)
- {
- percent=pc;
- cout << pc << "\%" << endl;
- }
- }
- x=0;
- bt=1;
- //cout << "x= ";
- for (k=0;k<j;k++)
- {
- if ((bt&i)!=0) {x+=xp[k]; /*cout << "+2^" << pw[k];*/}
- else {x-=xp[k]; /*cout << "-2^" << pw[k];*/}
- bt<<=1;
- }
-
- if (type==BLS12)
- {
- xm24=x%24;
- if (x<0) xm24+=24;
- xm24%=24;
- xm3=xm24%3;
- if (xm3!=1) continue; // quick exit for p%3=0
- xm8=xm24%8;
- if (xm8!=0 && xm8!=7) continue; // quick exit for p=3 mod 8 condition
-
- q=pow(x,4)-x*x+1;
- p=q*(((x-1)*(x-1))/3)+x;
-
- t=x+1;
- n=p+1-t;
-
- }
- if (type==BLS24)
- {
- xm24=x%24;
- if (x<0) xm24+=24;
- xm24%=24;
- xm3=xm24%3;
- if (xm3!=1) continue; // quick exit for p%3=0
- xm8=xm24%8;
- if (xm8!=0 && xm8!=7) continue; // quick exit for p=3 mod 8 condition
-
- q=pow(x,8)-pow(x,4)+1;
- p=q*(((x-1)*(x-1))/3)+x;
-
- t=x+1;
- n=p+1-t;
-
- }
-
- if (type==BLS48)
- {
- xm24=x%24;
- if (x<0) xm24+=24;
- xm24%=24;
- xm3=xm24%3;
- if (xm3!=1) continue; // quick exit for p%3=0
- xm8=xm24%8;
- if (xm8!=0 && xm8!=7) continue; // quick exit for p=3 mod 8 condition
-
- q=pow(x,16)-pow(x,8)+1;
- p=q*(((x-1)*(x-1))/3)+x;
-
- t=x+1;
- n=p+1-t;
-
- }
-
- if (type==BN)
- {
- xm8=x%8;
- if (x<0) xm8+=8;
- xm8%=8;
- if (xm8!=3 && xm8!=7) continue; // quick exit for p=3 mod 8 condition
-
- p=36*pow(x,4)+36*pow(x,3)+24*x*x+6*x+1;
- t=6*x*x+1;
- n=p+1-t;
- q=n;
- }
-
- if (p%8!=3) continue; // restriction here could be eased
-
- if (small_factors(q)) continue;
- if (small_factors(p)) continue;
-
- cof=n/q;
-
- if (type==BLS24)
- {
- coft=(pow(p,8)-pow(p,4)+1)/q;
- }
-
- if (type==BLS48)
- {
- coft=(pow(p,16)-pow(p,8)+1)/q;
- }
-
- if (type==BLS12 || type==BN)
- {
- coft=(pow(p,4)-p*p+1)/q;
- }
-
- if (GT)
- {
- if (small_factors(coft)) continue;
- }
-
- if (type==BLS12)
- {
- TT=t*t-2*p;
- PP=p*p;
- FF=t*(2*x*x*x-2*x*x-x+1)/3;
- m1=PP+1-(-3*FF+TT)/2;
- }
-
- if (type==BLS24)
- {
- TT=t*t*t*t-4*p*t*t+2*p*p;
- PP=pow(p,4);
- FF=sqrt((4*PP-TT*TT)/3);
- m1=PP+1-(3*FF+TT)/2;
- }
- if (type==BLS48)
- {
- tau[0]=2; // count points on twist over extension p^8
- tau[1]=t;
- for (jj=1;jj<8;jj++ ) tau[jj+1]=t*tau[jj]-p*tau[jj-1];
-
- TT=tau[8];
-
- PP=pow(p,8);
- FF=sqrt((4*PP-TT*TT)/3);
- m1=PP+1-(3*FF+TT)/2; //?
- }
- if (type==BN)
- {
- TT=t*t-2*p;
- PP=p*p;
- FF=sqrt((4*PP-TT*TT)/3);
- m1=PP+1-(3*FF+TT)/2;
- }
- cof2=m1/q;
-
- if (G2)
- {
- if (small_factors(cof2)) continue;
- }
-
- if (!prime(q)) continue;
- if (!prime(p)) continue;
- modulo(p);
-
- ZZn2 xi;
-
- xi.set(1,1); // for p=3 mod 8
-
-// make sure its irreducible
- if (pow(xi,(p*p-1)/2)==1)
- continue;
-
- if (pow(xi,(p*p-1)/3)==1)
- continue; // make sure that x^6-c is irreducible
-
- if (G2)
- {
- if (!prime(cof2)) continue;
- }
-
- if (GT)
- {
- if (!prime(coft)) continue;
- }
-
-
-// we have a solution
-// Find curve b parameter - uses first positive one found (but collect some other possibilities)
- pb=0;
- b=0;
- m=0;
- while (pb<=20 || b==0)
- {
- pb+=1;
- ecurve(0,pb,p,MR_AFFINE);
- while (!P.set(rand(p))) ;
- P*=cof;
- if ((q*P).iszero())
- {
- if (b==0) b=pb;
- else cb[m++]=pb;
- }
-
- }
- nb=0;
- while (nb>=-20)
- {
- nb-=1;
- ecurve(0,nb,p,MR_AFFINE);
- while (!P.set(rand(p))) ;
- P*=cof;
- if ((q*P).iszero())
- cb[m++]=nb;
- }
-
- ecurve(0,b,p,MR_AFFINE);
-// find number of points on sextic twist..
- twist=MR_SEXTIC_D;
- mip->TWIST=MR_SEXTIC_D;
-
- if (type==BLS12 || type==BN)
- {
- ECn2 Q;
- ZZn2 rr;
-
- do
- {
- rr=randn2();
- } while (!Q.set(rr));
-
- Q*=cof2;
- if (!(n*Q).iszero())
- {
- twist=MR_SEXTIC_M;
- mip->TWIST=MR_SEXTIC_M;
- do
- {
- rr=randn2();
- } while (!Q.set(rr));
-
- Q*=cof2;
- if (!(n*Q).iszero())
- {
- cout << "Never Happens" << endl;
- continue;
- }
- }
- }
- if (type==BLS24)
- {
- ECn4 Q;
- ZZn4 rr;
- do
- {
- rr=randn4();
- } while (!Q.set(rr));
-
- Q*=cof2;
- if (!(n*Q).iszero())
- {
- twist=MR_SEXTIC_M;
- mip->TWIST=MR_SEXTIC_M;
- do
- {
- rr=randn4();
- } while (!Q.set(rr));
-
- Q*=cof2;
- if (!(n*Q).iszero())
- {
- cout << "Never Happens" << endl;
- continue;
- }
- }
- }
- if (type==BLS48)
- {
- ECn8 Q;
- ZZn8 rr;
- do
- {
- rr=randn8();
- } while (!Q.set(rr));
-
- Q*=cof2;
- if (!(n*Q).iszero())
- {
- twist=MR_SEXTIC_M;
- mip->TWIST=MR_SEXTIC_M;
- do
- {
- rr=randn8();
- } while (!Q.set(rr));
-
- Q*=cof2;
- if (!(n*Q).iszero())
- {
- cout << "Never Happens" << endl;
- continue;
- }
- }
- }
- S++;
- cout << endl;
- cout << "Solution " << S << endl;
- x=0;
- bt=1;
- mip->IOBASE=16;
-
- cout << "x= ";
- for (k=0;k<j;k++)
- {
- if ((bt&i)!=0) {x+=xp[k]; cout << "+2^" << pw[k];}
- else {x-=xp[k]; cout << "-2^" << pw[k];}
- bt<<=1;
- }
- cout << " = " << x << endl;
- cout << "Curve is y^2=x^3+" << b;
- if (m>0)
- {
- cout << " (or) ";
- for (jj=0;jj<m;jj++)
- cout << cb[jj] << " ";
- }
- else cout << endl;
- cout << "\np= " << p << " (" << bits(p) << " bits)";
- if (twist==MR_SEXTIC_D) cout << " D-Type" << endl;
- if (twist==MR_SEXTIC_M) cout << " M-Type" << endl;
- if (progress) cout << endl;
- mip->IOBASE=10;
- // cout << "twist= " << p+1+t << endl;
- }
- }
-
- cout << endl;
- cout << cnt << " candidates searched" << endl;
-
- if (S==0)
- {
- cout << "No solutions found" << endl;
- return 0;
- }
- if (S==1)
- {
- cout << "One solution found" << endl;
- return 0;
- }
- cout << S << " solutions found" << endl;
- return 0;
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/bigtobig.cpp
----------------------------------------------------------------------
diff --git a/version3/bigtobig.cpp b/version3/bigtobig.cpp
deleted file mode 100644
index fbc89ea..0000000
--- a/version3/bigtobig.cpp
+++ /dev/null
@@ -1,292 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-//
-// Program to convert from Big to AMCL BIG format
-// cl /O2 bigtobig.cpp big.cpp miracl.lib
-// g++ -O2 bigtobig.cpp big.cpp miracl.a -o bigtobig
-//
-//
-
-#include <iostream>
-#include "zzn.h"
-
-using namespace std;
-
-Miracl precision=100;
-
-// Code to parse formula in command line
-// This code isn't mine, but its public domain
-// Shamefully I forget the source
-//
-// NOTE: It may be necessary on some platforms to change the operators * and #
-//
-
-#if defined(unix)
-#define TIMES '.'
-#define RAISE '^'
-#else
-#define TIMES '*'
-#define RAISE '#'
-#endif
-
-Big tt;
-static char *ss;
-
-void eval_power (Big& oldn,Big& n,char op)
-{
- if (op) n=pow(oldn,toint(n)); // power(oldn,size(n),n,n);
-}
-
-void eval_product (Big& oldn,Big& n,char op)
-{
- switch (op)
- {
- case TIMES:
- n*=oldn;
- break;
- case '/':
- n=oldn/n;
- break;
- case '%':
- n=oldn%n;
- }
-}
-
-void eval_sum (Big& oldn,Big& n,char op)
-{
- switch (op)
- {
- case '+':
- n+=oldn;
- break;
- case '-':
- n=oldn-n;
- }
-}
-
-void eval (void)
-{
- Big oldn[3];
- Big n;
- int i;
- char oldop[3];
- char op;
- char minus;
- for (i=0;i<3;i++)
- {
- oldop[i]=0;
- }
-LOOP:
- while (*ss==' ')
- ss++;
- if (*ss=='-') /* Unary minus */
- {
- ss++;
- minus=1;
- }
- else
- minus=0;
- while (*ss==' ')
- ss++;
- if (*ss=='(' || *ss=='[' || *ss=='{') /* Number is subexpression */
- {
- ss++;
- eval ();
- n=tt;
- }
- else /* Number is decimal value */
- {
- for (i=0;ss[i]>='0' && ss[i]<='9';i++)
- ;
- if (!i) /* No digits found */
- {
- cout << "Error - invalid number" << endl;
- exit (20);
- }
- op=ss[i];
- ss[i]=0;
- n=atoi(ss);
- ss+=i;
- *ss=op;
- }
- if (minus) n=-n;
- do
- op=*ss++;
- while (op==' ');
- if (op==0 || op==')' || op==']' || op=='}')
- {
- eval_power (oldn[2],n,oldop[2]);
- eval_product (oldn[1],n,oldop[1]);
- eval_sum (oldn[0],n,oldop[0]);
- tt=n;
- return;
- }
- else
- {
- if (op==RAISE)
- {
- eval_power (oldn[2],n,oldop[2]);
- oldn[2]=n;
- oldop[2]=RAISE;
- }
- else
- {
- if (op==TIMES || op=='/' || op=='%')
- {
- eval_power (oldn[2],n,oldop[2]);
- oldop[2]=0;
- eval_product (oldn[1],n,oldop[1]);
- oldn[1]=n;
- oldop[1]=op;
- }
- else
- {
- if (op=='+' || op=='-')
- {
- eval_power (oldn[2],n,oldop[2]);
- oldop[2]=0;
- eval_product (oldn[1],n,oldop[1]);
- oldop[1]=0;
- eval_sum (oldn[0],n,oldop[0]);
- oldn[0]=n;
- oldop[0]=op;
- }
- else /* Error - invalid operator */
- {
- cout << "Error - invalid operator" << endl;
- exit (20);
- }
- }
- }
- }
- goto LOOP;
-}
-
-void output(int w,Big t,Big m)
-{
- Big y=t;
-
- for (int i=0;i<w;i++)
- {
- cout << "0x" << y%m ;
- if (i<w-1) cout << ",";
- y/=m;
- }
- cout << endl;
-}
-
-int main(int argc, char **argv)
-{
- int i,ip,chunk,basebits;
- Big n,m;
- BOOL gotP,gotA,gotB;
- int Base;
- miracl *mip=&precision;
- argv++; argc--;
- if (argc<1)
- {
- cout << "Program converts from Big to BIG" << endl;
- cout << "bigtobig <big number> <chunk>> <basebits>" << endl;
- cout << "OR" << endl;
- cout << "bigtobig <formula for big number> <chunk>> <basebits>" << endl;
-#if defined(unix)
- cout << "e.g. bigtobig -f 2^255-19 32 29" << endl;
-#else
- cout << "e.g. bigtobig -f 2#255-19 32 29" << endl;
-#endif
- cout << "To input Big number in Hex, precede with -h" << endl;
- return 0;
- }
-
- ip=0;
- gprime(1000);
- gotP=gotA=gotB=FALSE;
- n=0;
- Base=10;
- while (ip<argc)
- {
- if (!gotP && strcmp(argv[ip],"-f")==0)
- {
- ip++;
- if (!gotP && ip<argc)
- {
-
- ss=argv[ip++];
- tt=0;
- eval();
- n=tt;
- gotP=TRUE;
- continue;
- }
- else
- {
- cout << "Error in command line" << endl;
- return 0;
- }
- }
-
-
- if (strcmp(argv[ip],"-h")==0)
- {
- ip++;
- Base=16;
- continue;
- }
-
- if (!gotP)
- {
- mip->IOBASE=Base;
- n=argv[ip++];
- mip->IOBASE=10;
- gotP=TRUE;
- continue;
- }
- if (!gotA)
- {
- mip->IOBASE=Base;
- chunk=atoi(argv[ip++]);
- gotA=TRUE;
- continue;
- }
- if (!gotB)
- {
- mip->IOBASE=Base;
- basebits=atoi(argv[ip++]);
- gotB=TRUE;
- continue;
- }
- cout << "Error in command line" << endl;
- return 0;
- }
- if (!gotP || !gotA || !gotB)
- {
- cout << "Error in command line" << endl;
- return 0;
- }
-
- mip->IOBASE=16;
-
- m=pow((Big)2,basebits);
-
- output(1+bits(n)/basebits,n,m);
-
- return 0;
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/aes.c
----------------------------------------------------------------------
diff --git a/version3/c/aes.c b/version3/c/aes.c
deleted file mode 100644
index 656a031..0000000
--- a/version3/c/aes.c
+++ /dev/null
@@ -1,704 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-
-/*
- * Implementation of the NIST Advanced Ecryption Standard
- *
- * SU=m, SU is Stack Usage
- */
-
-#include <stdlib.h>
-#include "arch.h"
-#include "amcl.h"
-
-/* this is fixed */
-#define NB 4
-
-/* Rotates 32-bit word left by 1, 2 or 3 byte */
-
-#define ROTL8(x) (((x)<<8)|((x)>>24))
-#define ROTL16(x) (((x)<<16)|((x)>>16))
-#define ROTL24(x) (((x)<<24)|((x)>>8))
-
-static const uchar InCo[4]= {0xB,0xD,0x9,0xE}; /* Inverse Coefficients */
-
-static const uchar ptab[]=
-{
- 1,3,5,15,17,51,85,255,26,46,114,150,161,248,19,53,
- 95,225,56,72,216,115,149,164,247,2,6,10,30,34,102,170,
- 229,52,92,228,55,89,235,38,106,190,217,112,144,171,230,49,
- 83,245,4,12,20,60,68,204,79,209,104,184,211,110,178,205,
- 76,212,103,169,224,59,77,215,98,166,241,8,24,40,120,136,
- 131,158,185,208,107,189,220,127,129,152,179,206,73,219,118,154,
- 181,196,87,249,16,48,80,240,11,29,39,105,187,214,97,163,
- 254,25,43,125,135,146,173,236,47,113,147,174,233,32,96,160,
- 251,22,58,78,210,109,183,194,93,231,50,86,250,21,63,65,
- 195,94,226,61,71,201,64,192,91,237,44,116,156,191,218,117,
- 159,186,213,100,172,239,42,126,130,157,188,223,122,142,137,128,
- 155,182,193,88,232,35,101,175,234,37,111,177,200,67,197,84,
- 252,31,33,99,165,244,7,9,27,45,119,153,176,203,70,202,
- 69,207,74,222,121,139,134,145,168,227,62,66,198,81,243,14,
- 18,54,90,238,41,123,141,140,143,138,133,148,167,242,13,23,
- 57,75,221,124,132,151,162,253,28,36,108,180,199,82,246,1
-};
-
-static const uchar ltab[]=
-{
- 0,255,25,1,50,2,26,198,75,199,27,104,51,238,223,3,
- 100,4,224,14,52,141,129,239,76,113,8,200,248,105,28,193,
- 125,194,29,181,249,185,39,106,77,228,166,114,154,201,9,120,
- 101,47,138,5,33,15,225,36,18,240,130,69,53,147,218,142,
- 150,143,219,189,54,208,206,148,19,92,210,241,64,70,131,56,
- 102,221,253,48,191,6,139,98,179,37,226,152,34,136,145,16,
- 126,110,72,195,163,182,30,66,58,107,40,84,250,133,61,186,
- 43,121,10,21,155,159,94,202,78,212,172,229,243,115,167,87,
- 175,88,168,80,244,234,214,116,79,174,233,213,231,230,173,232,
- 44,215,117,122,235,22,11,245,89,203,95,176,156,169,81,160,
- 127,12,246,111,23,196,73,236,216,67,31,45,164,118,123,183,
- 204,187,62,90,251,96,177,134,59,82,161,108,170,85,41,157,
- 151,178,135,144,97,190,220,252,188,149,207,205,55,63,91,209,
- 83,57,132,60,65,162,109,71,20,42,158,93,86,242,211,171,
- 68,17,146,217,35,32,46,137,180,124,184,38,119,153,227,165,
- 103,74,237,222,197,49,254,24,13,99,140,128,192,247,112,7
-};
-
-static const uchar fbsub[]=
-{
- 99,124,119,123,242,107,111,197,48,1,103,43,254,215,171,118,
- 202,130,201,125,250,89,71,240,173,212,162,175,156,164,114,192,
- 183,253,147,38,54,63,247,204,52,165,229,241,113,216,49,21,
- 4,199,35,195,24,150,5,154,7,18,128,226,235,39,178,117,
- 9,131,44,26,27,110,90,160,82,59,214,179,41,227,47,132,
- 83,209,0,237,32,252,177,91,106,203,190,57,74,76,88,207,
- 208,239,170,251,67,77,51,133,69,249,2,127,80,60,159,168,
- 81,163,64,143,146,157,56,245,188,182,218,33,16,255,243,210,
- 205,12,19,236,95,151,68,23,196,167,126,61,100,93,25,115,
- 96,129,79,220,34,42,144,136,70,238,184,20,222,94,11,219,
- 224,50,58,10,73,6,36,92,194,211,172,98,145,149,228,121,
- 231,200,55,109,141,213,78,169,108,86,244,234,101,122,174,8,
- 186,120,37,46,28,166,180,198,232,221,116,31,75,189,139,138,
- 112,62,181,102,72,3,246,14,97,53,87,185,134,193,29,158,
- 225,248,152,17,105,217,142,148,155,30,135,233,206,85,40,223,
- 140,161,137,13,191,230,66,104,65,153,45,15,176,84,187,22
-};
-
-static const uchar rbsub[]=
-{
- 82,9,106,213,48,54,165,56,191,64,163,158,129,243,215,251,
- 124,227,57,130,155,47,255,135,52,142,67,68,196,222,233,203,
- 84,123,148,50,166,194,35,61,238,76,149,11,66,250,195,78,
- 8,46,161,102,40,217,36,178,118,91,162,73,109,139,209,37,
- 114,248,246,100,134,104,152,22,212,164,92,204,93,101,182,146,
- 108,112,72,80,253,237,185,218,94,21,70,87,167,141,157,132,
- 144,216,171,0,140,188,211,10,247,228,88,5,184,179,69,6,
- 208,44,30,143,202,63,15,2,193,175,189,3,1,19,138,107,
- 58,145,17,65,79,103,220,234,151,242,207,206,240,180,230,115,
- 150,172,116,34,231,173,53,133,226,249,55,232,28,117,223,110,
- 71,241,26,113,29,41,197,137,111,183,98,14,170,24,190,27,
- 252,86,62,75,198,210,121,32,154,219,192,254,120,205,90,244,
- 31,221,168,51,136,7,199,49,177,18,16,89,39,128,236,95,
- 96,81,127,169,25,181,74,13,45,229,122,159,147,201,156,239,
- 160,224,59,77,174,42,245,176,200,235,187,60,131,83,153,97,
- 23,43,4,126,186,119,214,38,225,105,20,99,85,33,12,125
-};
-
-static const unsign32 rco[]=
-{1,2,4,8,16,32,64,128,27,54,108,216,171,77,154,47};
-
-static const unsign32 ftable[]=
-{
- 0xa56363c6,0x847c7cf8,0x997777ee,0x8d7b7bf6,0xdf2f2ff,0xbd6b6bd6,
- 0xb16f6fde,0x54c5c591,0x50303060,0x3010102,0xa96767ce,0x7d2b2b56,
- 0x19fefee7,0x62d7d7b5,0xe6abab4d,0x9a7676ec,0x45caca8f,0x9d82821f,
- 0x40c9c989,0x877d7dfa,0x15fafaef,0xeb5959b2,0xc947478e,0xbf0f0fb,
- 0xecadad41,0x67d4d4b3,0xfda2a25f,0xeaafaf45,0xbf9c9c23,0xf7a4a453,
- 0x967272e4,0x5bc0c09b,0xc2b7b775,0x1cfdfde1,0xae93933d,0x6a26264c,
- 0x5a36366c,0x413f3f7e,0x2f7f7f5,0x4fcccc83,0x5c343468,0xf4a5a551,
- 0x34e5e5d1,0x8f1f1f9,0x937171e2,0x73d8d8ab,0x53313162,0x3f15152a,
- 0xc040408,0x52c7c795,0x65232346,0x5ec3c39d,0x28181830,0xa1969637,
- 0xf05050a,0xb59a9a2f,0x907070e,0x36121224,0x9b80801b,0x3de2e2df,
- 0x26ebebcd,0x6927274e,0xcdb2b27f,0x9f7575ea,0x1b090912,0x9e83831d,
- 0x742c2c58,0x2e1a1a34,0x2d1b1b36,0xb26e6edc,0xee5a5ab4,0xfba0a05b,
- 0xf65252a4,0x4d3b3b76,0x61d6d6b7,0xceb3b37d,0x7b292952,0x3ee3e3dd,
- 0x712f2f5e,0x97848413,0xf55353a6,0x68d1d1b9,0x0,0x2cededc1,
- 0x60202040,0x1ffcfce3,0xc8b1b179,0xed5b5bb6,0xbe6a6ad4,0x46cbcb8d,
- 0xd9bebe67,0x4b393972,0xde4a4a94,0xd44c4c98,0xe85858b0,0x4acfcf85,
- 0x6bd0d0bb,0x2aefefc5,0xe5aaaa4f,0x16fbfbed,0xc5434386,0xd74d4d9a,
- 0x55333366,0x94858511,0xcf45458a,0x10f9f9e9,0x6020204,0x817f7ffe,
- 0xf05050a0,0x443c3c78,0xba9f9f25,0xe3a8a84b,0xf35151a2,0xfea3a35d,
- 0xc0404080,0x8a8f8f05,0xad92923f,0xbc9d9d21,0x48383870,0x4f5f5f1,
- 0xdfbcbc63,0xc1b6b677,0x75dadaaf,0x63212142,0x30101020,0x1affffe5,
- 0xef3f3fd,0x6dd2d2bf,0x4ccdcd81,0x140c0c18,0x35131326,0x2fececc3,
- 0xe15f5fbe,0xa2979735,0xcc444488,0x3917172e,0x57c4c493,0xf2a7a755,
- 0x827e7efc,0x473d3d7a,0xac6464c8,0xe75d5dba,0x2b191932,0x957373e6,
- 0xa06060c0,0x98818119,0xd14f4f9e,0x7fdcdca3,0x66222244,0x7e2a2a54,
- 0xab90903b,0x8388880b,0xca46468c,0x29eeeec7,0xd3b8b86b,0x3c141428,
- 0x79dedea7,0xe25e5ebc,0x1d0b0b16,0x76dbdbad,0x3be0e0db,0x56323264,
- 0x4e3a3a74,0x1e0a0a14,0xdb494992,0xa06060c,0x6c242448,0xe45c5cb8,
- 0x5dc2c29f,0x6ed3d3bd,0xefacac43,0xa66262c4,0xa8919139,0xa4959531,
- 0x37e4e4d3,0x8b7979f2,0x32e7e7d5,0x43c8c88b,0x5937376e,0xb76d6dda,
- 0x8c8d8d01,0x64d5d5b1,0xd24e4e9c,0xe0a9a949,0xb46c6cd8,0xfa5656ac,
- 0x7f4f4f3,0x25eaeacf,0xaf6565ca,0x8e7a7af4,0xe9aeae47,0x18080810,
- 0xd5baba6f,0x887878f0,0x6f25254a,0x722e2e5c,0x241c1c38,0xf1a6a657,
- 0xc7b4b473,0x51c6c697,0x23e8e8cb,0x7cdddda1,0x9c7474e8,0x211f1f3e,
- 0xdd4b4b96,0xdcbdbd61,0x868b8b0d,0x858a8a0f,0x907070e0,0x423e3e7c,
- 0xc4b5b571,0xaa6666cc,0xd8484890,0x5030306,0x1f6f6f7,0x120e0e1c,
- 0xa36161c2,0x5f35356a,0xf95757ae,0xd0b9b969,0x91868617,0x58c1c199,
- 0x271d1d3a,0xb99e9e27,0x38e1e1d9,0x13f8f8eb,0xb398982b,0x33111122,
- 0xbb6969d2,0x70d9d9a9,0x898e8e07,0xa7949433,0xb69b9b2d,0x221e1e3c,
- 0x92878715,0x20e9e9c9,0x49cece87,0xff5555aa,0x78282850,0x7adfdfa5,
- 0x8f8c8c03,0xf8a1a159,0x80898909,0x170d0d1a,0xdabfbf65,0x31e6e6d7,
- 0xc6424284,0xb86868d0,0xc3414182,0xb0999929,0x772d2d5a,0x110f0f1e,
- 0xcbb0b07b,0xfc5454a8,0xd6bbbb6d,0x3a16162c
-};
-
-static const unsign32 rtable[]=
-{
- 0x50a7f451,0x5365417e,0xc3a4171a,0x965e273a,0xcb6bab3b,0xf1459d1f,
- 0xab58faac,0x9303e34b,0x55fa3020,0xf66d76ad,0x9176cc88,0x254c02f5,
- 0xfcd7e54f,0xd7cb2ac5,0x80443526,0x8fa362b5,0x495ab1de,0x671bba25,
- 0x980eea45,0xe1c0fe5d,0x2752fc3,0x12f04c81,0xa397468d,0xc6f9d36b,
- 0xe75f8f03,0x959c9215,0xeb7a6dbf,0xda595295,0x2d83bed4,0xd3217458,
- 0x2969e049,0x44c8c98e,0x6a89c275,0x78798ef4,0x6b3e5899,0xdd71b927,
- 0xb64fe1be,0x17ad88f0,0x66ac20c9,0xb43ace7d,0x184adf63,0x82311ae5,
- 0x60335197,0x457f5362,0xe07764b1,0x84ae6bbb,0x1ca081fe,0x942b08f9,
- 0x58684870,0x19fd458f,0x876cde94,0xb7f87b52,0x23d373ab,0xe2024b72,
- 0x578f1fe3,0x2aab5566,0x728ebb2,0x3c2b52f,0x9a7bc586,0xa50837d3,
- 0xf2872830,0xb2a5bf23,0xba6a0302,0x5c8216ed,0x2b1ccf8a,0x92b479a7,
- 0xf0f207f3,0xa1e2694e,0xcdf4da65,0xd5be0506,0x1f6234d1,0x8afea6c4,
- 0x9d532e34,0xa055f3a2,0x32e18a05,0x75ebf6a4,0x39ec830b,0xaaef6040,
- 0x69f715e,0x51106ebd,0xf98a213e,0x3d06dd96,0xae053edd,0x46bde64d,
- 0xb58d5491,0x55dc471,0x6fd40604,0xff155060,0x24fb9819,0x97e9bdd6,
- 0xcc434089,0x779ed967,0xbd42e8b0,0x888b8907,0x385b19e7,0xdbeec879,
- 0x470a7ca1,0xe90f427c,0xc91e84f8,0x0,0x83868009,0x48ed2b32,
- 0xac70111e,0x4e725a6c,0xfbff0efd,0x5638850f,0x1ed5ae3d,0x27392d36,
- 0x64d90f0a,0x21a65c68,0xd1545b9b,0x3a2e3624,0xb1670a0c,0xfe75793,
- 0xd296eeb4,0x9e919b1b,0x4fc5c080,0xa220dc61,0x694b775a,0x161a121c,
- 0xaba93e2,0xe52aa0c0,0x43e0223c,0x1d171b12,0xb0d090e,0xadc78bf2,
- 0xb9a8b62d,0xc8a91e14,0x8519f157,0x4c0775af,0xbbdd99ee,0xfd607fa3,
- 0x9f2601f7,0xbcf5725c,0xc53b6644,0x347efb5b,0x7629438b,0xdcc623cb,
- 0x68fcedb6,0x63f1e4b8,0xcadc31d7,0x10856342,0x40229713,0x2011c684,
- 0x7d244a85,0xf83dbbd2,0x1132f9ae,0x6da129c7,0x4b2f9e1d,0xf330b2dc,
- 0xec52860d,0xd0e3c177,0x6c16b32b,0x99b970a9,0xfa489411,0x2264e947,
- 0xc48cfca8,0x1a3ff0a0,0xd82c7d56,0xef903322,0xc74e4987,0xc1d138d9,
- 0xfea2ca8c,0x360bd498,0xcf81f5a6,0x28de7aa5,0x268eb7da,0xa4bfad3f,
- 0xe49d3a2c,0xd927850,0x9bcc5f6a,0x62467e54,0xc2138df6,0xe8b8d890,
- 0x5ef7392e,0xf5afc382,0xbe805d9f,0x7c93d069,0xa92dd56f,0xb31225cf,
- 0x3b99acc8,0xa77d1810,0x6e639ce8,0x7bbb3bdb,0x97826cd,0xf418596e,
- 0x1b79aec,0xa89a4f83,0x656e95e6,0x7ee6ffaa,0x8cfbc21,0xe6e815ef,
- 0xd99be7ba,0xce366f4a,0xd4099fea,0xd67cb029,0xafb2a431,0x31233f2a,
- 0x3094a5c6,0xc066a235,0x37bc4e74,0xa6ca82fc,0xb0d090e0,0x15d8a733,
- 0x4a9804f1,0xf7daec41,0xe50cd7f,0x2ff69117,0x8dd64d76,0x4db0ef43,
- 0x544daacc,0xdf0496e4,0xe3b5d19e,0x1b886a4c,0xb81f2cc1,0x7f516546,
- 0x4ea5e9d,0x5d358c01,0x737487fa,0x2e410bfb,0x5a1d67b3,0x52d2db92,
- 0x335610e9,0x1347d66d,0x8c61d79a,0x7a0ca137,0x8e14f859,0x893c13eb,
- 0xee27a9ce,0x35c961b7,0xede51ce1,0x3cb1477a,0x59dfd29c,0x3f73f255,
- 0x79ce1418,0xbf37c773,0xeacdf753,0x5baafd5f,0x146f3ddf,0x86db4478,
- 0x81f3afca,0x3ec468b9,0x2c342438,0x5f40a3c2,0x72c31d16,0xc25e2bc,
- 0x8b493c28,0x41950dff,0x7101a839,0xdeb30c08,0x9ce4b4d8,0x90c15664,
- 0x6184cb7b,0x70b632d5,0x745c6c48,0x4257b8d0
-};
-
-#define MR_TOBYTE(x) ((uchar)((x)))
-
-static unsign32 pack(const uchar *b)
-{
- /* pack bytes into a 32-bit Word */
- return ((unsign32)b[3]<<24)|((unsign32)b[2]<<16)|((unsign32)b[1]<<8)|(unsign32)b[0];
-}
-
-static void unpack(unsign32 a,uchar *b)
-{
- /* unpack bytes from a word */
- b[0]=MR_TOBYTE(a);
- b[1]=MR_TOBYTE(a>>8);
- b[2]=MR_TOBYTE(a>>16);
- b[3]=MR_TOBYTE(a>>24);
-}
-
-/* SU= 8 */
-static uchar bmul(uchar x,uchar y)
-{
- /* x.y= AntiLog(Log(x) + Log(y)) */
- if (x && y) return ptab[(ltab[x]+ltab[y])%255];
- else return 0;
-}
-
-static unsign32 SubByte(unsign32 a)
-{
- uchar b[4];
- unpack(a,b);
- b[0]=fbsub[b[0]];
- b[1]=fbsub[b[1]];
- b[2]=fbsub[b[2]];
- b[3]=fbsub[b[3]];
- return pack(b);
-}
-
-/* SU= 16 */
-static uchar product(unsign32 x,unsign32 y)
-{
- /* dot product of two 4-byte arrays */
- uchar xb[4],yb[4];
- unpack(x,xb);
- unpack(y,yb);
- return bmul(xb[0],yb[0])^bmul(xb[1],yb[1])^bmul(xb[2],yb[2])^bmul(xb[3],yb[3]);
-}
-
-static unsign32 InvMixCol(unsign32 x)
-{
- /* matrix Multiplication */
- unsign32 y,m;
- uchar b[4];
-
- m=pack(InCo);
- b[3]=product(m,x);
- m=ROTL24(m);
- b[2]=product(m,x);
- m=ROTL24(m);
- b[1]=product(m,x);
- m=ROTL24(m);
- b[0]=product(m,x);
- y=pack(b);
- return y;
-}
-
-/* SU= 8 */
-/* reset cipher */
-void AES_reset(amcl_aes *a,int mode,char *iv)
-{
- /* reset mode, or reset iv */
- int i;
- a->mode=mode;
- for (i=0; i<4*NB; i++)
- a->f[i]=0;
- if (mode!=ECB && iv!=NULL)
- {
- for (i=0; i<4*NB; i++)
- a->f[i]=iv[i];
- }
-}
-
-void AES_getreg(amcl_aes *a,char *ir)
-{
- int i;
- for (i=0; i<4*NB; i++) ir[i]=a->f[i];
-}
-
-/* SU= 72 */
-/* Initialise cipher */
-int AES_init(amcl_aes* a,int mode,int nk,char *key,char *iv)
-{
- /* Key length Nk=16, 24 or 32 bytes */
- /* Key Scheduler. Create expanded encryption key */
- int i,j,k,N,nr;
- unsign32 CipherKey[8];
-
- nk/=4;
-
- if (nk!=4 && nk!=6 && nk!=8) return 0;
-
- nr=6+nk;
-
- a->Nk=nk;
- a->Nr=nr;
-
- AES_reset(a,mode,iv);
-
- N=NB*(nr+1);
-
- for (i=j=0; i<nk; i++,j+=4)
- {
- CipherKey[i]=pack((uchar *)&key[j]);
- }
- for (i=0; i<nk; i++) a->fkey[i]=CipherKey[i];
- for (j=nk,k=0; j<N; j+=nk,k++)
- {
- a->fkey[j]=a->fkey[j-nk]^SubByte(ROTL24(a->fkey[j-1]))^rco[k];
- if (nk<=6)
- {
- for (i=1; i<nk && (i+j)<N; i++)
- a->fkey[i+j]=a->fkey[i+j-nk]^a->fkey[i+j-1];
- }
- else
- {
- for (i=1; i<4 && (i+j)<N; i++)
- a->fkey[i+j]=a->fkey[i+j-nk]^a->fkey[i+j-1];
- if ((j+4)<N) a->fkey[j+4]=a->fkey[j+4-nk]^SubByte(a->fkey[j+3]);
- for (i=5; i<nk && (i+j)<N; i++)
- a->fkey[i+j]=a->fkey[i+j-nk]^a->fkey[i+j-1];
- }
-
- }
- /* now for the expanded decrypt key in reverse order */
-
- for (j=0; j<NB; j++) a->rkey[j+N-NB]=a->fkey[j];
- for (i=NB; i<N-NB; i+=NB)
- {
- k=N-NB-i;
- for (j=0; j<NB; j++) a->rkey[k+j]=InvMixCol(a->fkey[i+j]);
- }
- for (j=N-NB; j<N; j++) a->rkey[j-N+NB]=a->fkey[j];
- return 1;
-}
-
-/* SU= 80 */
-/* Encrypt a single block */
-void AES_ecb_encrypt(amcl_aes *a,uchar *buff)
-{
- int i,j,k;
- unsign32 p[4],q[4],*x,*y,*t;
-
- for (i=j=0; i<NB; i++,j+=4)
- {
- p[i]=pack((uchar *)&buff[j]);
- p[i]^=a->fkey[i];
- }
-
- k=NB;
- x=p;
- y=q;
-
- /* State alternates between x and y */
- for (i=1; i<a->Nr; i++)
- {
-
- y[0]=a->fkey[k]^ftable[MR_TOBYTE(x[0])]^
- ROTL8(ftable[MR_TOBYTE(x[1]>>8)])^
- ROTL16(ftable[MR_TOBYTE(x[2]>>16)])^
- ROTL24(ftable[x[3]>>24]);
- y[1]=a->fkey[k+1]^ftable[MR_TOBYTE(x[1])]^
- ROTL8(ftable[MR_TOBYTE(x[2]>>8)])^
- ROTL16(ftable[MR_TOBYTE(x[3]>>16)])^
- ROTL24(ftable[x[0]>>24]);
- y[2]=a->fkey[k+2]^ftable[MR_TOBYTE(x[2])]^
- ROTL8(ftable[MR_TOBYTE(x[3]>>8)])^
- ROTL16(ftable[MR_TOBYTE(x[0]>>16)])^
- ROTL24(ftable[x[1]>>24]);
- y[3]=a->fkey[k+3]^ftable[MR_TOBYTE(x[3])]^
- ROTL8(ftable[MR_TOBYTE(x[0]>>8)])^
- ROTL16(ftable[MR_TOBYTE(x[1]>>16)])^
- ROTL24(ftable[x[2]>>24]);
-
- k+=4;
- t=x;
- x=y;
- y=t; /* swap pointers */
- }
-
- /* Last Round */
-
- y[0]=a->fkey[k]^(unsign32)fbsub[MR_TOBYTE(x[0])]^
- ROTL8((unsign32)fbsub[MR_TOBYTE(x[1]>>8)])^
- ROTL16((unsign32)fbsub[MR_TOBYTE(x[2]>>16)])^
- ROTL24((unsign32)fbsub[x[3]>>24]);
- y[1]=a->fkey[k+1]^(unsign32)fbsub[MR_TOBYTE(x[1])]^
- ROTL8((unsign32)fbsub[MR_TOBYTE(x[2]>>8)])^
- ROTL16((unsign32)fbsub[MR_TOBYTE(x[3]>>16)])^
- ROTL24((unsign32)fbsub[x[0]>>24]);
- y[2]=a->fkey[k+2]^(unsign32)fbsub[MR_TOBYTE(x[2])]^
- ROTL8((unsign32)fbsub[MR_TOBYTE(x[3]>>8)])^
- ROTL16((unsign32)fbsub[MR_TOBYTE(x[0]>>16)])^
- ROTL24((unsign32)fbsub[x[1]>>24]);
- y[3]=a->fkey[k+3]^(unsign32)fbsub[MR_TOBYTE(x[3])]^
- ROTL8((unsign32)fbsub[MR_TOBYTE(x[0]>>8)])^
- ROTL16((unsign32)fbsub[MR_TOBYTE(x[1]>>16)])^
- ROTL24((unsign32)fbsub[x[2]>>24]);
-
- for (i=j=0; i<NB; i++,j+=4)
- {
- unpack(y[i],(uchar *)&buff[j]);
- x[i]=y[i]=0; /* clean up stack */
- }
-}
-
-/* SU= 80 */
-/* Decrypt a single block */
-void AES_ecb_decrypt(amcl_aes *a,uchar *buff)
-{
- int i,j,k;
- unsign32 p[4],q[4],*x,*y,*t;
-
- for (i=j=0; i<NB; i++,j+=4)
- {
- p[i]=pack((uchar *)&buff[j]);
- p[i]^=a->rkey[i];
- }
-
- k=NB;
- x=p;
- y=q;
-
- /* State alternates between x and y */
- for (i=1; i<a->Nr; i++)
- {
- /* Nr is number of rounds. May be odd. */
-
- y[0]=a->rkey[k]^rtable[MR_TOBYTE(x[0])]^
- ROTL8(rtable[MR_TOBYTE(x[3]>>8)])^
- ROTL16(rtable[MR_TOBYTE(x[2]>>16)])^
- ROTL24(rtable[x[1]>>24]);
- y[1]=a->rkey[k+1]^rtable[MR_TOBYTE(x[1])]^
- ROTL8(rtable[MR_TOBYTE(x[0]>>8)])^
- ROTL16(rtable[MR_TOBYTE(x[3]>>16)])^
- ROTL24(rtable[x[2]>>24]);
- y[2]=a->rkey[k+2]^rtable[MR_TOBYTE(x[2])]^
- ROTL8(rtable[MR_TOBYTE(x[1]>>8)])^
- ROTL16(rtable[MR_TOBYTE(x[0]>>16)])^
- ROTL24(rtable[x[3]>>24]);
- y[3]=a->rkey[k+3]^rtable[MR_TOBYTE(x[3])]^
- ROTL8(rtable[MR_TOBYTE(x[2]>>8)])^
- ROTL16(rtable[MR_TOBYTE(x[1]>>16)])^
- ROTL24(rtable[x[0]>>24]);
-
- k+=4;
- t=x;
- x=y;
- y=t; /* swap pointers */
- }
-
-
- /* Last Round */
- y[0]=a->rkey[k]^(unsign32)rbsub[MR_TOBYTE(x[0])]^
- ROTL8((unsign32)rbsub[MR_TOBYTE(x[3]>>8)])^
- ROTL16((unsign32)rbsub[MR_TOBYTE(x[2]>>16)])^
- ROTL24((unsign32)rbsub[x[1]>>24]);
- y[1]=a->rkey[k+1]^(unsign32)rbsub[MR_TOBYTE(x[1])]^
- ROTL8((unsign32)rbsub[MR_TOBYTE(x[0]>>8)])^
- ROTL16((unsign32)rbsub[MR_TOBYTE(x[3]>>16)])^
- ROTL24((unsign32)rbsub[x[2]>>24]);
- y[2]=a->rkey[k+2]^(unsign32)rbsub[MR_TOBYTE(x[2])]^
- ROTL8((unsign32)rbsub[MR_TOBYTE(x[1]>>8)])^
- ROTL16((unsign32)rbsub[MR_TOBYTE(x[0]>>16)])^
- ROTL24((unsign32)rbsub[x[3]>>24]);
- y[3]=a->rkey[k+3]^(unsign32)rbsub[MR_TOBYTE(x[3])]^
- ROTL8((unsign32)rbsub[MR_TOBYTE(x[2]>>8)])^
- ROTL16((unsign32)rbsub[MR_TOBYTE(x[1]>>16)])^
- ROTL24((unsign32)rbsub[x[0]>>24]);
-
- for (i=j=0; i<NB; i++,j+=4)
- {
- unpack(y[i],(uchar *)&buff[j]);
- x[i]=y[i]=0; /* clean up stack */
- }
-
-}
-
-/* simple default increment function */
-static void increment(char *f)
-{
- int i;
- for (i=0; i<16; i++)
- {
- f[i]++;
- if (f[i]!=0) break;
- }
-}
-
-/* SU= 40 */
-/* Encrypt using selected mode of operation */
-unsign32 AES_encrypt(amcl_aes* a,char *buff)
-{
- int j,bytes;
- char st[16];
- unsign32 fell_off;
-
- /* Supported Modes of Operation */
-
- fell_off=0;
- switch (a->mode)
- {
- case ECB:
- AES_ecb_encrypt(a,(uchar *)buff);
- return 0;
- case CBC:
- for (j=0; j<4*NB; j++) buff[j]^=a->f[j];
- AES_ecb_encrypt(a,(uchar *)buff);
- for (j=0; j<4*NB; j++) a->f[j]=buff[j];
- return 0;
-
- case CFB1:
- case CFB2:
- case CFB4:
- bytes=a->mode-CFB1+1;
- for (j=0; j<bytes; j++) fell_off=(fell_off<<8)|a->f[j];
- for (j=0; j<4*NB; j++) st[j]=a->f[j];
- for (j=bytes; j<4*NB; j++) a->f[j-bytes]=a->f[j];
- AES_ecb_encrypt(a,(uchar *)st);
- for (j=0; j<bytes; j++)
- {
- buff[j]^=st[j];
- a->f[16-bytes+j]=buff[j];
- }
- return fell_off;
-
- case OFB1:
- case OFB2:
- case OFB4:
- case OFB8:
- case OFB16:
-
- bytes=a->mode-OFB1+1;
- AES_ecb_encrypt(a,(uchar *)(a->f));
- for (j=0; j<bytes; j++) buff[j]^=a->f[j];
- return 0;
-
- case CTR1:
- case CTR2:
- case CTR4:
- case CTR8:
- case CTR16:
-
- bytes=a->mode-CTR1+1;
- for (j=0; j<4*NB; j++) st[j]=a->f[j];
- AES_ecb_encrypt(a,(uchar *)st);
- for (j=0; j<bytes; j++) buff[j]^=st[j];
- increment(a->f);
- return 0;
-
- default:
- return 0;
- }
-}
-
-/* SU= 40 */
-/* Decrypt using selected mode of operation */
-unsign32 AES_decrypt(amcl_aes *a,char *buff)
-{
- int j,bytes;
- char st[16];
- unsign32 fell_off;
-
- /* Supported modes of operation */
- fell_off=0;
- switch (a->mode)
- {
- case ECB:
- AES_ecb_decrypt(a,(uchar *)buff);
- return 0;
- case CBC:
- for (j=0; j<4*NB; j++)
- {
- st[j]=a->f[j];
- a->f[j]=buff[j];
- }
- AES_ecb_decrypt(a,(uchar *)buff);
- for (j=0; j<4*NB; j++)
- {
- buff[j]^=st[j];
- st[j]=0;
- }
- return 0;
- case CFB1:
- case CFB2:
- case CFB4:
- bytes=a->mode-CFB1+1;
- for (j=0; j<bytes; j++) fell_off=(fell_off<<8)|a->f[j];
- for (j=0; j<4*NB; j++) st[j]=a->f[j];
- for (j=bytes; j<4*NB; j++) a->f[j-bytes]=a->f[j];
- AES_ecb_encrypt(a,(uchar *)st);
- for (j=0; j<bytes; j++)
- {
- a->f[16-bytes+j]=buff[j];
- buff[j]^=st[j];
- }
- return fell_off;
- case OFB1:
- case OFB2:
- case OFB4:
- case OFB8:
- case OFB16:
- bytes=a->mode-OFB1+1;
- AES_ecb_encrypt(a,(uchar *)(a->f));
- for (j=0; j<bytes; j++) buff[j]^=a->f[j];
- return 0;
-
- case CTR1:
- case CTR2:
- case CTR4:
- case CTR8:
- case CTR16:
-
- bytes=a->mode-CTR1+1;
- for (j=0; j<4*NB; j++) st[j]=a->f[j];
- AES_ecb_encrypt(a,(uchar *)st);
- for (j=0; j<bytes; j++) buff[j]^=st[j];
- increment(a->f);
- return 0;
-
- default:
- return 0;
- }
-}
-
-/* Clean up and delete left-overs */
-void AES_end(amcl_aes *a)
-{
- /* clean up */
- int i;
- for (i=0; i<NB*(a->Nr+1); i++)
- a->fkey[i]=a->rkey[i]=0;
- for (i=0; i<4*NB; i++)
- a->f[i]=0;
-}
-
-
-/*
-#include <stdio.h>
-
-#define KK 32
-
-int main()
-{
- int i;
- amcl_aes a;
- unsign32 t;
- uchar x,y;
-
- char key[KK];
- char block[16];
- char iv[16];
- for (i=0;i<KK;i++) key[i]=5;
- key[0]=1;
- for (i=0;i<16;i++) iv[i]=i;
- for (i=0;i<16;i++) block[i]=i;
-
- AES_init(&a,CTR16,KK,key,iv);
-
- printf("Plain= ");
- for (i=0;i<16;i++) printf("%02x",block[i]);
- printf("\n");
- AES_encrypt(&a,block);
- printf("Encrypt= ");
- for (i=0;i<16;i++) printf("%02x",(uchar)block[i]);
- printf("\n");
- AES_reset(&a,CTR16,iv);
- AES_decrypt(&a,block);
- printf("Decrypt= ");
- for (i=0;i<16;i++) printf("%02x",(uchar)block[i]);
- printf("\n");
-
- AES_end(&a);
-
- return 0;
-}
-
-*/
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/amcl.h
----------------------------------------------------------------------
diff --git a/version3/c/amcl.h b/version3/c/amcl.h
deleted file mode 100644
index 2558911..0000000
--- a/version3/c/amcl.h
+++ /dev/null
@@ -1,590 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-
-#ifndef AMCL_H
-#define AMCL_H
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdbool.h>
-#include <inttypes.h>
-#include "arch.h"
-
-#ifdef CMAKE
-#define AMCL_VERSION_MAJOR @AMCL_VERSION_MAJOR@ /**< Major version of the library */
-#define AMCL_VERSION_MINOR @AMCL_VERSION_MINOR@ /**< Minor version of the library */
-#define AMCL_VERSION_PATCH @AMCL_VERSION_PATCH@ /**< Patch version of the library */
-#define OS "@OS@" /**< Build OS */
-#endif
-
-/* modulus types */
-
-#define NOT_SPECIAL 0 /**< Modulus of no exploitable form */
-#define PSEUDO_MERSENNE 1 /**< Pseudo-mersenne modulus of form $2^n-c$ */
-#define MONTGOMERY_FRIENDLY 3 /**< Montgomery Friendly modulus of form $2^a(2^b-c)-1$ */
-#define GENERALISED_MERSENNE 2 /**< Generalised-mersenne modulus of form $2^n-2^m-1$, GOLDILOCKS only */
-
-
-/* Curve types */
-
-#define WEIERSTRASS 0 /**< Short Weierstrass form curve */
-#define EDWARDS 1 /**< Edwards or Twisted Edwards curve */
-#define MONTGOMERY 2 /**< Montgomery form curve */
-
-/* Pairing-Friendly types */
-
-#define NOT 0
-#define BN 1
-#define BLS 2
-
-#define D_TYPE 0
-#define M_TYPE 1
-
-/**
- * @brief SHA256 hash function instance */
-typedef struct
-{
- unsign32 length[2]; /**< 64-bit input length */
- unsign32 h[8]; /**< Internal state */
- unsign32 w[80]; /**< Internal state */
- int hlen; /**< Hash length in bytes */
-} hash256;
-
-/**
- * @brief SHA384-512 hash function instance */
-typedef struct
-{
- unsign64 length[2]; /**< 64-bit input length */
- unsign64 h[8]; /**< Internal state */
- unsign64 w[80]; /**< Internal state */
- int hlen; /**< Hash length in bytes */
-} hash512;
-
-/**
- * @brief SHA384 hash function instance */
-typedef hash512 hash384;
-
-/**
- * @brief SHA3 hash function instance */
-typedef struct
-{
- unsign64 length; /**< 64-bit input length */
- unsign64 S[5][5]; /**< Internal state */
- int rate; /**< TODO */
- int len; /**< Hash length in bytes */
-} sha3;
-
-#define SHA256 32 /**< SHA-256 hashing */
-#define SHA384 48 /**< SHA-384 hashing */
-#define SHA512 64 /**< SHA-512 hashing */
-
-#define SHA3_HASH224 28 /**< SHA3 224 bit hash */
-#define SHA3_HASH256 32 /**< SHA3 256 bit hash */
-#define SHA3_HASH384 48 /**< SHA3 384 bit hash */
-#define SHA3_HASH512 64 /**< SHA3 512 bit hash */
-
-#define SHAKE128 16 /**< SHAKE128 hash */
-#define SHAKE256 32 /**< SHAKE256 hash */
-
-
-/* NewHope parameters */
-
-//q= 12289
-
-#define RLWE_PRIME 0x3001 // q in Hex
-#define RLWE_LGN 10 // Degree n=2^LGN
-#define RLWE_ND 0xF7002FFF // 1/(R-q) mod R
-#define RLWE_ONE 0x2AC8 // R mod q
-#define RLWE_R2MODP 0x1620 // R^2 mod q
-
-/* Symmetric Encryption AES structure */
-
-#define ECB 0 /**< Electronic Code Book */
-#define CBC 1 /**< Cipher Block Chaining */
-#define CFB1 2 /**< Cipher Feedback - 1 byte */
-#define CFB2 3 /**< Cipher Feedback - 2 bytes */
-#define CFB4 5 /**< Cipher Feedback - 4 bytes */
-#define OFB1 14 /**< Output Feedback - 1 byte */
-#define OFB2 15 /**< Output Feedback - 2 bytes */
-#define OFB4 17 /**< Output Feedback - 4 bytes */
-#define OFB8 21 /**< Output Feedback - 8 bytes */
-#define OFB16 29 /**< Output Feedback - 16 bytes */
-#define CTR1 30 /**< Counter Mode - 1 byte */
-#define CTR2 31 /**< Counter Mode - 2 bytes */
-#define CTR4 33 /**< Counter Mode - 4 bytes */
-#define CTR8 37 /**< Counter Mode - 8 bytes */
-#define CTR16 45 /**< Counter Mode - 16 bytes */
-
-#define uchar unsigned char /**< Unsigned char */
-
-/**
- @brief AES instance
-*/
-
-
-typedef struct
-{
- int Nk; /**< AES Key Length */
- int Nr; /**< AES Number of rounds */
- int mode; /**< AES mode of operation */
- unsign32 fkey[60]; /**< subkeys for encrypton */
- unsign32 rkey[60]; /**< subkeys for decrypton */
- char f[16]; /**< buffer for chaining vector */
-} amcl_aes;
-
-/* AES-GCM suppport. */
-
-#define GCM_ACCEPTING_HEADER 0 /**< GCM status */
-#define GCM_ACCEPTING_CIPHER 1 /**< GCM status */
-#define GCM_NOT_ACCEPTING_MORE 2 /**< GCM status */
-#define GCM_FINISHED 3 /**< GCM status */
-#define GCM_ENCRYPTING 0 /**< GCM mode */
-#define GCM_DECRYPTING 1 /**< GCM mode */
-
-
-/**
- @brief GCM mode instance, using AES internally
-*/
-
-typedef struct
-{
- unsign32 table[128][4]; /**< 2k byte table */
- uchar stateX[16]; /**< GCM Internal State */
- uchar Y_0[16]; /**< GCM Internal State */
- unsign32 lenA[2]; /**< GCM 64-bit length of header */
- unsign32 lenC[2]; /**< GCM 64-bit length of ciphertext */
- int status; /**< GCM Status */
- amcl_aes a; /**< Internal Instance of AMCL_AES cipher */
-} gcm;
-
-/* Marsaglia & Zaman Random number generator constants */
-
-#define NK 21 /**< PRNG constant */
-#define NJ 6 /**< PRNG constant */
-#define NV 8 /**< PRNG constant */
-
-
-/**
- @brief Cryptographically secure pseudo-random number generator instance
-*/
-
-typedef struct
-{
- unsign32 ira[NK]; /**< random number array */
- int rndptr; /**< pointer into array */
- unsign32 borrow; /**< borrow as a result of subtraction */
- int pool_ptr; /**< pointer into random pool */
- char pool[32]; /**< random pool */
-} csprng;
-
-
-/**
- @brief Portable representation of a big positive number
-*/
-
-typedef struct
-{
- int len; /**< length in bytes */
- int max; /**< max length allowed - enforce truncation */
- char *val; /**< byte array */
-} octet;
-
-
-/* Octet string handlers */
-/** @brief Formats and outputs an octet to the console in hex
- *
- @param O Octet to be output
- */
-extern void OCT_output(octet *O);
-/** @brief Formats and outputs an octet to the console as a character string
- *
- @param O Octet to be output
- */
-extern void OCT_output_string(octet *O);
-/** @brief Wipe clean an octet
- *
- @param O Octet to be cleaned
- */
-extern void OCT_clear(octet *O);
-/** @brief Compare two octets
- *
- @param O first Octet to be compared
- @param P second Octet to be compared
- @return 1 if equal, else 0
- */
-extern int OCT_comp(octet *O,octet *P);
-/** @brief Compare first n bytes of two octets
- *
- @param O first Octet to be compared
- @param P second Octet to be compared
- @param n number of bytes to compare
- @return 1 if equal, else 0
- */
-extern int OCT_ncomp(octet *O,octet *P,int n);
-/** @brief Join from a C string to end of an octet
- *
- Truncates if there is no room
- @param O Octet to be written to
- @param s zero terminated string to be joined to octet
- */
-extern void OCT_jstring(octet *O,char *s);
-/** @brief Join bytes to end of an octet
- *
- Truncates if there is no room
- @param O Octet to be written to
- @param s bytes to be joined to end of octet
- @param n number of bytes to join
- */
-extern void OCT_jbytes(octet *O,char *s,int n);
-/** @brief Join single byte to end of an octet, repeated n times
- *
- Truncates if there is no room
- @param O Octet to be written to
- @param b byte to be joined to end of octet
- @param n number of times b is to be joined
- */
-extern void OCT_jbyte(octet *O,int b,int n);
-/** @brief Join one octet to the end of another
- *
- Truncates if there is no room
- @param O Octet to be written to
- @param P Octet to be joined to the end of O
- */
-extern void OCT_joctet(octet *O,octet *P);
-/** @brief XOR common bytes of a pair of Octets
- *
- @param O Octet - on exit = O xor P
- @param P Octet to be xored into O
- */
-extern void OCT_xor(octet *O,octet *P);
-/** @brief reset Octet to zero length
- *
- @param O Octet to be emptied
- */
-extern void OCT_empty(octet *O);
-/** @brief Pad out an Octet to the given length
- *
- Padding is done by inserting leading zeros, so abcd becomes 00abcd
- @param O Octet to be padded
- @param n new length of Octet
- */
-extern int OCT_pad(octet *O,int n);
-/** @brief Convert an Octet to printable base64 number
- *
- @param b zero terminated byte array to take base64 conversion
- @param O Octet to be converted
- */
-extern void OCT_tobase64(char *b,octet *O);
-/** @brief Populate an Octet from base64 number
- *
- @param O Octet to be populated
- @param b zero terminated base64 string
-
- */
-extern void OCT_frombase64(octet *O,char *b);
-/** @brief Copy one Octet into another
- *
- @param O Octet to be copied to
- @param P Octet to be copied from
-
- */
-extern void OCT_copy(octet *O,octet *P);
-/** @brief XOR every byte of an octet with input m
- *
- @param O Octet
- @param m byte to be XORed with every byte of O
-
- */
-extern void OCT_xorbyte(octet *O,int m);
-/** @brief Chops Octet into two, leaving first n bytes in O, moving the rest to P
- *
- @param O Octet to be chopped
- @param P new Octet to be created
- @param n number of bytes to chop off O
-
- */
-extern void OCT_chop(octet *O,octet *P,int n);
-/** @brief Join n bytes of integer m to end of Octet O (big endian)
- *
- Typically n is 4 for a 32-bit integer
- @param O Octet to be appended to
- @param m integer to be appended to O
- @param n number of bytes in m
-
- */
-extern void OCT_jint(octet *O,int m,int n);
-/** @brief Create an Octet from bytes taken from a random number generator
- *
- Truncates if there is no room
- @param O Octet to be populated
- @param R an instance of a Cryptographically Secure Random Number Generator
- @param n number of bytes to extracted from R
-
- */
-extern void OCT_rand(octet *O,csprng *R,int n);
-/** @brief Shifts Octet left by n bytes
- *
- Leftmost bytes disappear
- @param O Octet to be shifted
- @param n number of bytes to shift
-
- */
-extern void OCT_shl(octet *O,int n);
-/** @brief Convert a hex number to an Octet
- *
- @param dst Octet
- @param src Hex string to be converted
- */
-extern void OCT_fromHex(octet *dst,char *src);
-/** @brief Convert an Octet to printable hex number
- *
- @param dst hex value
- @param src Octet to be converted
- */
-extern void OCT_toHex(octet *src,char *dst);
-/** @brief Convert an Octet to string
- *
- @param dst string value
- @param src Octet to be converted
- */
-extern void OCT_toStr(octet *src,char *dst);
-
-
-
-/* Hash function */
-/** @brief Initialise an instance of SHA256
- *
- @param H an instance SHA256
- */
-extern void HASH256_init(hash256 *H);
-/** @brief Add a byte to the hash
- *
- @param H an instance SHA256
- @param b byte to be included in hash
- */
-extern void HASH256_process(hash256 *H,int b);
-/** @brief Generate 32-byte hash
- *
- @param H an instance SHA256
- @param h is the output 32-byte hash
- */
-extern void HASH256_hash(hash256 *H,char *h);
-
-
-/** @brief Initialise an instance of SHA384
- *
- @param H an instance SHA384
- */
-extern void HASH384_init(hash384 *H);
-/** @brief Add a byte to the hash
- *
- @param H an instance SHA384
- @param b byte to be included in hash
- */
-extern void HASH384_process(hash384 *H,int b);
-/** @brief Generate 48-byte hash
- *
- @param H an instance SHA384
- @param h is the output 48-byte hash
- */
-extern void HASH384_hash(hash384 *H,char *h);
-
-
-/** @brief Initialise an instance of SHA512
- *
- @param H an instance SHA512
- */
-extern void HASH512_init(hash512 *H);
-/** @brief Add a byte to the hash
- *
- @param H an instance SHA512
- @param b byte to be included in hash
- */
-extern void HASH512_process(hash512 *H,int b);
-/** @brief Generate 64-byte hash
- *
- @param H an instance SHA512
- @param h is the output 64-byte hash
- */
-extern void HASH512_hash(hash512 *H,char *h);
-
-
-/** @brief Initialise an instance of SHA3
- *
- @param H an instance SHA3
- @param t the instance type
- */
-extern void SHA3_init(sha3 *H,int t);
-/** @brief process a byte for SHA3
- *
- @param H an instance SHA3
- @param b a byte of date to be processed
- */
-extern void SHA3_process(sha3 *H,int b);
-/** @brief create fixed length hash output of SHA3
- *
- @param H an instance SHA3
- @param h a byte array to take hash
- */
-extern void SHA3_hash(sha3 *H,char *h);
-/** @brief create variable length hash output of SHA3
- *
- @param H an instance SHA3
- @param h a byte array to take hash
- @param len is the length of the hash
- */
-extern void SHA3_shake(sha3 *H,char *h,int len);
-/** @brief generate further hash output of SHA3
- *
- @param H an instance SHA3
- @param h a byte array to take hash
- @param len is the length of the hash
- */
-extern void SHA3_squeeze(sha3 *H,char *h,int len);
-
-
-
-/* AES functions */
-/** @brief Reset AES mode or IV
- *
- @param A an instance of the AMCL_AES
- @param m is the new active mode of operation (ECB, CBC, OFB, CFB etc)
- @param iv the new Initialisation Vector
- */
-extern void AES_reset(amcl_aes *A,int m,char *iv);
-/** @brief Extract chaining vector from AMCL_AES instance
- *
- @param A an instance of the AMCL_AES
- @param f the extracted chaining vector
- */
-extern void AES_getreg(amcl_aes *A,char * f);
-/** @brief Initialise an instance of AMCL_AES and its mode of operation
- *
- @param A an instance AMCL_AES
- @param m is the active mode of operation (ECB, CBC, OFB, CFB etc)
- @param n is the key length in bytes, 16, 24 or 32
- @param k the AES key as an array of 16 bytes
- @param iv the Initialisation Vector
- @return 0 for invalid n
- */
-extern int AES_init(amcl_aes *A,int m,int n,char *k,char *iv);
-/** @brief Encrypt a single 16 byte block in ECB mode
- *
- @param A an instance of the AMCL_AES
- @param b is an array of 16 plaintext bytes, on exit becomes ciphertext
- */
-extern void AES_ecb_encrypt(amcl_aes *A,uchar * b);
-/** @brief Decrypt a single 16 byte block in ECB mode
- *
- @param A an instance of the AMCL_AES
- @param b is an array of 16 cipherext bytes, on exit becomes plaintext
- */
-extern void AES_ecb_decrypt(amcl_aes *A,uchar * b);
-/** @brief Encrypt a single 16 byte block in active mode
- *
- @param A an instance of the AMCL_AES
- @param b is an array of 16 plaintext bytes, on exit becomes ciphertext
- @return 0, or overflow bytes from CFB mode
- */
-extern unsign32 AES_encrypt(amcl_aes *A,char *b );
-/** @brief Decrypt a single 16 byte block in active mode
- *
- @param A an instance of the AMCL_AES
- @param b is an array of 16 ciphertext bytes, on exit becomes plaintext
- @return 0, or overflow bytes from CFB mode
- */
-extern unsign32 AES_decrypt(amcl_aes *A,char *b);
-/** @brief Clean up after application of AES
- *
- @param A an instance of the AMCL_AES
- */
-extern void AES_end(amcl_aes *A);
-
-
-/* AES-GCM functions */
-/** @brief Initialise an instance of AES-GCM mode
- *
- @param G an instance AES-GCM
- @param nk is the key length in bytes, 16, 24 or 32
- @param k the AES key as an array of 16 bytes
- @param n the number of bytes in the Initialisation Vector (IV)
- @param iv the IV
- */
-extern void GCM_init(gcm *G,int nk,char *k,int n,char *iv);
-/** @brief Add header (material to be authenticated but not encrypted)
- *
- Note that this function can be called any number of times with n a multiple of 16, and then one last time with any value for n
- @param G an instance AES-GCM
- @param b is the header material to be added
- @param n the number of bytes in the header
- */
-extern int GCM_add_header(gcm *G,char *b,int n);
-/** @brief Add plaintext and extract ciphertext
- *
- Note that this function can be called any number of times with n a multiple of 16, and then one last time with any value for n
- @param G an instance AES-GCM
- @param c is the ciphertext generated
- @param p is the plaintext material to be added
- @param n the number of bytes in the plaintext
- */
-extern int GCM_add_plain(gcm *G,char *c,char *p,int n);
-/** @brief Add ciphertext and extract plaintext
- *
- Note that this function can be called any number of times with n a multiple of 16, and then one last time with any value for n
- @param G an instance AES-GCM
- @param p is the plaintext generated
- @param c is the ciphertext material to be added
- @param n the number of bytes in the ciphertext
- */
-extern int GCM_add_cipher(gcm *G,char *p,char *c,int n);
-/** @brief Finish off and extract authentication tag (HMAC)
- *
- @param G is an active instance AES-GCM
- @param t is the output 16 byte authentication tag
- */
-extern void GCM_finish(gcm *G,char *t);
-
-
-
-/* random numbers */
-/** @brief Seed a random number generator from an array of bytes
- *
- The provided seed should be truly random
- @param R an instance of a Cryptographically Secure Random Number Generator
- @param n the number of seed bytes provided
- @param b an array of seed bytes
-
- */
-extern void RAND_seed(csprng *R,int n,char *b);
-/** @brief Delete all internal state of a random number generator
- *
- @param R an instance of a Cryptographically Secure Random Number Generator
- */
-extern void RAND_clean(csprng *R);
-/** @brief Return a random byte from a random number generator
- *
- @param R an instance of a Cryptographically Secure Random Number Generator
- @return a random byte
- */
-extern int RAND_byte(csprng *R);
-
-
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/arch.h
----------------------------------------------------------------------
diff --git a/version3/c/arch.h b/version3/c/arch.h
deleted file mode 100644
index 1de0332..0000000
--- a/version3/c/arch.h
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/* Architecture definition header file */
-
-/**
- * @file arch.h
- * @author Mike Scott
- * @date 23rd February 2016
- * @brief Architecture Header File
- *
- * Specify Processor Architecture
- *
- */
-
-/* NOTE: There is only one user configurable section in this header - see below */
-
-#ifndef ARCH_H
-#define ARCH_H
-
-
-
-
-/*** START OF USER CONFIGURABLE SECTION - set architecture ***/
-
-#ifdef CMAKE
-#define CHUNK @AMCL_CHUNK@ /**< size of chunk in bits = wordlength of computer = 16, 32 or 64. Note not all curve options are supported on 16-bit processors - see rom.c */
-#else
-#define CHUNK @WL@ /**< size of chunk in bits = wordlength of computer = 16, 32 or 64. Note not all curve options are supported on 16-bit processors - see rom.c */
-#endif
-
-/*** END OF USER CONFIGURABLE SECTION ***/
-
-/* Create Integer types */
-/* Support for C99? Note for GCC need to explicitly include -std=c99 in command line */
-
-#if __STDC_VERSION__ >= 199901L
-/* C99 code */
-#define C99
-#else
-/* Not C99 code */
-#endif
-
-#ifndef C99 /* You are on your own! These are for Microsoft C */
-#define byte unsigned char /**< 8-bit unsigned integer */
-#define sign32 __int32 /**< 32-bit signed integer */
-#define sign8 signed char /**< 8-bit signed integer */
-#define sign16 short int /**< 16-bit signed integer */
-#define sign64 long long /**< 64-bit signed integer */
-#define unsign32 unsigned __int32 /**< 32-bit unsigned integer */
-#define unsign64 unsigned long long /**< 64-bit unsigned integer */
-#else
-#include <stdint.h>
-#define byte uint8_t /**< 8-bit unsigned integer */
-#define sign8 int8_t /**< 8-bit signed integer */
-#define sign16 int16_t /**< 16-bit signed integer */
-#define sign32 int32_t /**< 32-bit signed integer */
-#define sign64 int64_t /**< 64-bit signed integer */
-#define unsign32 uint32_t /**< 32-bit unsigned integer */
-#define unsign64 uint64_t /**< 64-bit unsigned integer */
-#endif
-
-#define uchar unsigned char /**< Unsigned char */
-
-/* Don't mess with anything below this line unless you know what you are doing */
-/* This next is probably OK, but may need changing for non-C99-standard environments */
-
-/* This next is probably OK, but may need changing for non-C99-standard environments */
-
-#if CHUNK==16
-#ifndef C99
-#define chunk __int16 /**< C type corresponding to word length */
-#define dchunk __int32 /**< Always define double length chunk type if available */
-#else
-#define chunk int16_t /**< C type corresponding to word length */
-#define dchunk int32_t /**< Always define double length chunk type if available */
-#endif
-#endif
-
-#if CHUNK == 32
-#ifndef C99
-#define chunk __int32 /**< C type corresponding to word length */
-#define dchunk __int64 /**< Always define double length chunk type if available */
-#else
-#define chunk int32_t /**< C type corresponding to word length */
-#define dchunk int64_t /**< Always define double length chunk type if available */
-#endif
-#endif
-
-#if CHUNK == 64
-
-#ifndef C99
-#define chunk __int64 /**< C type corresponding to word length */
-/**< Note - no 128-bit type available */
-#else
-#define chunk int64_t /**< C type corresponding to word length */
-#ifdef __GNUC__
-#define dchunk __int128 /**< Always define double length chunk type if available - GCC supports 128 bit type ??? */
-#endif
-
-#ifdef __clang__
-#define dchunk __int128
-#endif
-
-#endif
-#endif
-
-#ifdef dchunk
-#define COMBA /**< Use COMBA method for faster muls, sqrs and reductions */
-#endif
-
-
-#endif
[49/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/amcl.h
----------------------------------------------------------------------
diff --git a/version22/c/amcl.h b/version22/c/amcl.h
deleted file mode 100644
index 26a74c3..0000000
--- a/version22/c/amcl.h
+++ /dev/null
@@ -1,2935 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/* AMCL header file */
-/* Designed for AES-128/192/256 security, 254-521 bit elliptic curves and BN curves for pairings */
-/* Each "limb" of a big number occupies at most (n-3) bits of an n-bit computer word. The most significant word must have at least 4 extra unused bits */
-
-/**
- * @file amcl.h
- * @author Mike Scott and Kealan McCusker
- * @date 19th May 2015
- * @brief Main Header File
- *
- * Allows some user configuration
- * defines structures
- * declares functions
- *
- */
-
-/* NOTE: There is only one user configurable section in this header - see below */
-
-#ifndef AMCL_H
-#define AMCL_H
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <inttypes.h>
-#include "arch.h"
-
-#ifdef CMAKE
-#define AMCL_VERSION_MAJOR @AMCL_VERSION_MAJOR@ /**< Major version of the library */
-#define AMCL_VERSION_MINOR @AMCL_VERSION_MINOR@ /**< Minor version of the library */
-#define AMCL_VERSION_PATCH @AMCL_VERSION_PATCH@ /**< Patch version of the library */
-#define OS "@OS@" /**< Operative system */
-#cmakedefine USE_PATENTS /**< Use Patents */
-#cmakedefine USE_ANONYMOUS /**< Use Anonymous Configuration in MPin */
-#endif
-
-/* Curve types */
-
-#define WEIERSTRASS 0 /**< Short Weierstrass form curve */
-#define EDWARDS 1 /**< Edwards or Twisted Edwards curve */
-#define MONTGOMERY 2 /**< Montgomery form curve */
-
-/* Elliptic curves are defined over prime fields */
-/* Here are some popular EC prime fields for which we have prepared standard curves. Feel free to specify your own. */
-
-#define NIST256 0 /**< For the NIST 256-bit standard curve - WEIERSTRASS only */
-#define C25519 1 /**< Bernstein's Modulus 2^255-19 - EDWARDS or MONTGOMERY only */
-#define BRAINPOOL 2 /**< For Brainpool 256-bit curve - WEIERSTRASS only */
-#define ANSSI 3 /**< For French 256-bit standard curve - WEIERSTRASS only */
-#define MF254 4 /**< For NUMS curves from Bos et al - 254-bit Montgomery friendly modulus - WEIERSTRASS or EDWARDS or MONTGOMERY */
-#define MS255 5 /**< For NUMS curve - 255-bit pseudo-mersenne modulus - WEIERSTRASS or EDWARDS or MONTGOMERY */
-#define MF256 6 /**< For NUMS curve - 256-bit Montgomery friendly modulus - WEIERSTRASS or EDWARDS or MONTGOMERY */
-#define MS256 7 /**< For NUMS curve - 256-bit pseudo-merseene modulus - WEIERSTRASS or EDWARDS or MONTGOMERY */
-#define HIFIVE 8 /**< My 336-bit pseudo-mersenne modulus - EDWARDS only */
-#define GOLDILOCKS 9 /**< Goldilocks generalized-mersenne modulus - EDWARDS only */
-#define NIST384 10 /**< For the NIST 384-bit standard curve - WEIERSTRASS only */
-#define C41417 11 /**< Bernstein et al Curve41417 2^414-17 - EDWARDS only */
-#define NIST521 12 /**< For the NIST 521-bit standard curve - WEIERSTRASS only */
-
-/* BN Curves */
-#define BN_CURVES 100 /**< Barreto-Naehrig curves */
-#define BN454 100 /**< New AES-128 security BN curve - Modulus built from -0x10000010000000000000100000001 - WEIERSTRASS only */
-#define BN646 101 /**< AES-192 security BN curve - Modulus built from t=-0x10000000000000000000004000000000000001001 - WEIERSTRASS only */
-
-/* A few 254-bit alternative BN curves */
-#define BN254 102 /**< Standard Nogami BN curve - fastest. Modulus built from t=-0x4080000000000001 - WEIERSTRASS only */
-
-/* GT_STRONG curves */
-#define BN254_CX 103 /**< Our CertiVox BN curve. Modulus built from t=-0x4000000003C012B1 - WEIERSTRASS only */
-#define BN254_T 104 /**< GT_Strong BN curve. Modulus built from t=-0x4000806000004081 - WEIERSTRASS only */
-#define BN254_T2 105 /**< G2 and GT-Strong BN curve. Modulus built from t=-0x4000020100608205 - WEIERSTRASS only */
-
-/* BLS-12 Curves */
-#define BLS_CURVES 200 /**< Barreto-Lynn-Scott curves */
-#define BLS455 200 /**< New AES-128 security BLS curve - Modulus built from -0x10002000002000010007 - WEIERSTRASS only */
-#define BLS383 201 /**< New AES-128 security BLS curve - Modulus built from -0x1101000000040110 - WEIERSTRASS only */
-
-
-/*** START OF USER CONFIGURABLE SECTION - set architecture and choose modulus and curve ***/
-
-#ifdef CMAKE
-#define CHOICE @AMCL_CHOICE@ /**< Current choice of Field */
-#else
-#define CHOICE BN254_CX /**< Current choice of Field */
-#endif
-
-/* For some moduli only one parameterisation of curve may supported. For others there is a choice of WEIERSTRASS, EDWARDS or MONTGOMERY curves. See above. */
-#ifdef CMAKE
-#define CURVETYPE @AMCL_CURVETYPE@ /**< Note that not all curve types are supported - see above */
-#else
-#define CURVETYPE WEIERSTRASS /**< Note that not all curve types are supported - see above */
-#endif
-
-
-/* Actual curve parameters associated with these choices can be found in rom.c */
-
-/* These next options only apply for pairings */
-#ifdef USE_PATENTS
-#define USE_GLV /**< Note this method is patented (GLV), so maybe you want to comment this out */
-#define USE_GS_G2 /**< Well we didn't patent it :) But may be covered by GLV patent :( */
-#endif
-#define USE_GS_GT /**< Not patented, so probably safe to always use this */
-
-/* Finite field support - for RSA, DH etc. */
-#ifdef CMAKE
-#define FFLEN @AMCL_FFLEN@ /**< 2^n multiplier of BIGBITS to specify supported Finite Field size, e.g 2048=256*2^3 where BIGBITS=256 */
-#else
-#define FFLEN 8 /**< 2^n multiplier of BIGBITS to specify supported Finite Field size, e.g 2048=256*2^3 where BIGBITS=256 */
-#endif
-
-
-
-/* For debugging Only.*/
-#ifdef CMAKE
-#cmakedefine DEBUG_REDUCE /**< Print debug message for field reduction */
-#cmakedefine DEBUG_NORM /**< Detect digit overflow */
-#cmakedefine GET_STATS /**< Debug statistics - use with debugger */
-#else
-//#define DEBUG_REDUCE
-//#define DEBUG_NORM
-//#define GET_STATS
-#endif
-
-
-// #define UNWOUND
-
-/*** END OF USER CONFIGURABLE SECTION ***/
-
-
-
-
-
-
-
-
-#define NLEN (1+((MBITS-1)/BASEBITS)) /**< Number of words in BIG. */
-#define MODBYTES (1+(MBITS-1)/8) /**< Number of bytes in Modulus */
-#define BIGBITS (MODBYTES*8) /**< Number of bits representable in a BIG */
-#define FF_BITS (BIGBITS*FFLEN) /**< Finite Field Size in bits - must be BIGBITS.2^n */
-
-/* modulus types */
-
-#define NOT_SPECIAL 0 /**< Modulus of no exploitable form */
-#define PSEUDO_MERSENNE 1 /**< Pseudo-mersenne modulus of form $2^n-c$ */
-#define MONTGOMERY_FRIENDLY 3 /**< Montgomery Friendly modulus of form $2^a(2^b-c)-1$ */
-#define GENERALISED_MERSENNE 2 /**< Generalised-mersenne modulus of form $2^n-2^m-1$, GOLDILOCKS only */
-
-/* Built-in curves defined here */
-/* MIRACL check.cpp utility used to determine optimal choice for BASEBITS */
-
-/* Define AES_S if the desired AES-equivalent security is significantly less than the group order */
-
-
-#if CHOICE==NIST256
-#define MBITS 256 /**< Number of bits in Modulus */
-#define MOD8 7 /**< Modulus mod 8 */
-#define MODTYPE NOT_SPECIAL /**< Modulus type */
-#if CURVETYPE!=WEIERSTRASS
-#error Not supported
-#else
-#if CHUNK==16
-#define BASEBITS 13 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#if CHUNK == 32
-#define BASEBITS 29 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#if CHUNK == 64
-#define BASEBITS 56 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#endif
-#endif
-
-#if CHOICE==C25519
-#define MBITS 255 /**< Number of bits in Modulus */
-#define MOD8 5 /**< Modulus mod 8 */
-#define MODTYPE PSEUDO_MERSENNE /**< Modulus type */
-#if CURVETYPE==WEIERSTRASS
-#error Not supported
-#else
-#if CHUNK==16
-#if CURVETYPE==MONTGOMERY
-#error Not supported
-#else
-#define BASEBITS 13 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#endif
-#if CHUNK == 32
-#define BASEBITS 29 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#if CHUNK == 64
-#define BASEBITS 56 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#endif
-#endif
-
-#if CHOICE==BRAINPOOL
-#define MBITS 256 /**< Number of bits in Modulus */
-#define MOD8 7 /**< Modulus mod 8 */
-#define MODTYPE NOT_SPECIAL /**< Modulus type */
-#if CURVETYPE!=WEIERSTRASS
-#error Not supported
-#else
-#if CHUNK==16
-#define BASEBITS 13 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#if CHUNK == 32
-#define BASEBITS 29 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#if CHUNK == 64
-#define BASEBITS 56 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#endif
-#endif
-
-#if CHOICE==ANSSI
-#define MBITS 256 /**< Number of bits in Modulus */
-#define MOD8 3 /**< Modulus mod 8 */
-#define MODTYPE NOT_SPECIAL /**< Modulus type */
-#if CURVETYPE!=WEIERSTRASS
-#error Not supported
-#else
-#if CHUNK==16
-#define BASEBITS 13 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#if CHUNK == 32
-#define BASEBITS 29 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#if CHUNK == 64
-#define BASEBITS 56 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#endif
-#endif
-
-/**< NUMS curve from Bos et al. paper */
-
-#if CHOICE==MF254
-#define MBITS 254 /**< Number of bits in Modulus */
-#define MOD8 7 /**< Modulus mod 8 */
-#define MODTYPE MONTGOMERY_FRIENDLY /**< Modulus type */
-#if CHUNK==16
-#error Not Supported
-#endif
-#if CHUNK == 32
-#define BASEBITS 29 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#if CHUNK == 64
-#define BASEBITS 56 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#endif
-
-#if CHOICE==MF256
-#define MBITS 256 /**< Number of bits in Modulus */
-#define MOD8 7 /**< Modulus mod 8 */
-#define MODTYPE MONTGOMERY_FRIENDLY /**< Modulus type */
-#if CHUNK==16
-#error Not Supported
-#endif
-#if CHUNK == 32
-#define BASEBITS 29 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#if CHUNK == 64
-#define BASEBITS 56 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#endif
-
-#if CHOICE==MS255
-#define MBITS 255 /**< Number of bits in Modulus */
-#define MOD8 3 /**< Modulus mod 8 */
-#define MODTYPE PSEUDO_MERSENNE /**< Modulus type */
-#if CHUNK==16
-#define BASEBITS 13 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#if CHUNK == 32
-#define BASEBITS 29 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#if CHUNK == 64
-#define BASEBITS 56 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#endif
-
-#if CHOICE==MS256
-#define MBITS 256 /**< Number of bits in Modulus */
-#define MOD8 3 /**< Modulus mod 8 */
-#define MODTYPE PSEUDO_MERSENNE /**< Modulus type */
-#if CHUNK==16
-#define BASEBITS 13 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#if CHUNK == 32
-#define BASEBITS 29 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#if CHUNK == 64
-#define BASEBITS 56 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#endif
-
-#if CHOICE==HIFIVE
-#define MBITS 336 /**< Number of bits in Modulus */
-#define MOD8 5 /**< Modulus mod 8 */
-#define MODTYPE PSEUDO_MERSENNE /**< Modulus type */
-#define AES_S 128 /**< Desired AES equivalent strength */
-#if CURVETYPE!=EDWARDS
-#error Not supported
-#else
-#if CHUNK==16
-#error Not Supported
-#endif
-#if CHUNK == 32
-#define BASEBITS 29 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#if CHUNK == 64
-#define BASEBITS 60 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#endif
-#endif
-
-#if CHOICE==GOLDILOCKS
-#define MBITS 448 /**< Number of bits in Modulus */
-#define MOD8 7 /**< Modulus mod 8 */
-#define MODTYPE GENERALISED_MERSENNE /**< Modulus type */
-#if CURVETYPE!=EDWARDS
-#error Not supported
-#else
-#if CHUNK==16
-#error Not Supported
-#endif
-#if CHUNK == 32
-#define BASEBITS 29 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#if CHUNK == 64
-#define BASEBITS 60 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#endif
-#endif
-
-#if CHOICE==NIST384
-#define MBITS 384 /**< Number of bits in Modulus */
-#define MOD8 7 /**< Modulus mod 8 */
-#define MODTYPE NOT_SPECIAL /**< Modulus type */
-#if CURVETYPE!=WEIERSTRASS
-#error Not supported
-#else
-#if CHUNK==16
-#error Not supported
-#endif
-#if CHUNK == 32
-#define BASEBITS 28 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#if CHUNK == 64
-#define BASEBITS 56 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#endif
-#endif
-
-#if CHOICE==C41417
-#define MBITS 414 /**< Number of bits in Modulus */
-#define MOD8 7 /**< Modulus mod 8 */
-#define MODTYPE PSEUDO_MERSENNE /**< Modulus type */
-#if CURVETYPE!=EDWARDS
-#error Not supported
-#else
-#if CHUNK==16
-#error Not supported
-#endif
-#if CHUNK == 32
-#define BASEBITS 29 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#if CHUNK == 64
-#define BASEBITS 60 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#endif
-#endif
-
-#if CHOICE==NIST521
-#define MBITS 521 /**< Number of bits in Modulus */
-#define MOD8 7 /**< Modulus mod 8 */
-#define MODTYPE PSEUDO_MERSENNE /**< Modulus type */
-#if CURVETYPE!=WEIERSTRASS
-#error Not supported
-#else
-#if CHUNK==16
-#error Not supported
-#endif
-#if CHUNK == 32
-#define BASEBITS 28 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#if CHUNK == 64
-#define BASEBITS 60 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#endif
-#endif
-
-/* New BN curve to be used for AES-128 security as response to new DL developments - see Kim & Barbulescu ePrint Archive: Report 2015/1027 */
-
-#if CHOICE==BN454
-#define MBITS 454 /**< Number of bits in Modulus */
-#define MOD8 3 /**< Modulus mod 8 */
-#define MODTYPE NOT_SPECIAL /**< Modulus type */
-#define AES_S 128 /**< Desired AES equivalent strength */
-#if CURVETYPE!=WEIERSTRASS
-#error Not supported
-#else
-#if CHUNK==16
-#error Not supported
-#endif
-#if CHUNK == 32
-#define BASEBITS 29 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#if CHUNK == 64
-#define BASEBITS 60 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#endif
-#endif
-
-/* New BLS curve to be used for AES-128 security as response to new DL developments - see Kim & Barbulescu ePrint Archive: Report 2015/1027 */
-
-#if CHOICE==BLS455
-#define MBITS 455 /**< Number of bits in Modulus */
-#define MOD8 3 /**< Modulus mod 8 */
-#define MODTYPE NOT_SPECIAL /**< Modulus type */
-#define AES_S 128 /**< Desired AES equivalent strength */
-#if CURVETYPE!=WEIERSTRASS
-#error Not supported
-#else
-#if CHUNK==16
-#error Not supported
-#endif
-#if CHUNK == 32
-#define BASEBITS 29 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#if CHUNK == 64
-#define BASEBITS 60 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#endif
-#endif
-
-
-#if CHOICE==BLS383
-#define MBITS 383 /**< Number of bits in Modulus */
-#define MOD8 3 /**< Modulus mod 8 */
-#define MODTYPE NOT_SPECIAL /**< Modulus type */
-#if CURVETYPE!=WEIERSTRASS
-#error Not supported
-#else
-#if CHUNK==16
-#error Not supported
-#endif
-#if CHUNK == 32
-#define BASEBITS 28 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#if CHUNK == 64
-#define BASEBITS 56 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#endif
-#endif
-
-#if CHOICE==BN646
-#define MBITS 646 /**< Number of bits in Modulus */
-#define MOD8 3 /**< Modulus mod 8 */
-#define MODTYPE NOT_SPECIAL /**< Modulus type */
-#define AES_S 192 /**< Desired AES equivalent strength */
-#if CURVETYPE!=WEIERSTRASS
-#error Not supported
-#else
-#if CHUNK==16
-#error Not supported
-#endif
-#if CHUNK == 32
-#define BASEBITS 29 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#if CHUNK == 64
-#define BASEBITS 60 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#endif
-#endif
-
-#if CHOICE<BLS_CURVES
-
-#if CHOICE>=BN254 /* Its a BN curve */
-#define MBITS 254 /**< Number of bits in Modulus */
-#define MOD8 3 /**< Modulus mod 8 */
-#define MODTYPE NOT_SPECIAL /**< Modulus type */
-#if CURVETYPE!=WEIERSTRASS
-#error Not supported
-#else
-#if CHUNK==16
-#define BASEBITS 13 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#if CHUNK == 32
-#define BASEBITS 29 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#if CHUNK == 64
-#define BASEBITS 56 /**< Numbers represented to base 2*BASEBITS */
-#endif
-#endif
-#endif
-
-
-#if CHOICE>BN254
-#define GT_STRONG /**< Using a GT-Strong 254-bit BN curve */
-#endif
-#endif
-
-
-/* Don't mess with anything below this line */
-
-#ifdef GET_STATS
-extern int tsqr,rsqr,tmul,rmul;
-extern int tadd,radd,tneg,rneg;
-extern int tdadd,rdadd,tdneg,rdneg;
-#endif
-
-#define DCHUNK 2*CHUNK /**< Number of bits in double-length type */
-#define DNLEN 2*NLEN /**< double length required for products of BIGs */
-#define HFLEN (FFLEN/2) /**< Useful for half-size RSA private key operations */
-
-#define CHUNK_BITS 8*sizeof(chunk) /**< Number of bits in a chunk */
-
-#ifdef DEBUG_NORM /* Add an extra location to track chunk extension */
-typedef chunk BIG[NLEN+1]; /**< Define type BIG as array of chunks */
-typedef chunk DBIG[DNLEN+1]; /**< Define type DBIG as array of chunks */
-#else
-typedef chunk BIG[NLEN]; /**< Define type BIG as array of chunks */
-typedef chunk DBIG[DNLEN]; /**< Define type DBIG as array of chunks */
-#endif
-
-#define HBITS (BASEBITS/2) /**< Number of bits in number base divided by 2 */
-#define HBITS1 ((BASEBITS+1)/2) /**< Number of bits in number base plus 1 divided by 2 */
-#define HDIFF (HBITS1-HBITS) /**< Will be either 0 or 1, depending if number of bits in number base is even or odd */
-
-#define BMASK (((chunk)1<<BASEBITS)-1) /**< Mask = 2^BASEBITS-1 */
-#define HMASK (((chunk)1<<HBITS)-1) /**< Mask = 2^HBITS-1 */
-#define HMASK1 (((chunk)1<<HBITS1)-1) /**< Mask = 2^HBITS1-1 */
-
-#define MODBITS MBITS /**< Number of bits in Modulus for selected curve */
-#define TBITS (MBITS%BASEBITS) /**< Number of active bits in top word */
-#define TMASK (((chunk)1<<TBITS)-1) /**< Mask for active bits in top word */
-#define NEXCESS (1<<(CHUNK-BASEBITS-1)) /**< 2^(CHUNK-BASEBITS-1) - digit cannot be multiplied by more than this before normalisation */
-#define FEXCESS ((chunk)1<<(BASEBITS*NLEN-MBITS)) /**< 2^(BASEBITS*NLEN-MODBITS) - normalised BIG can be multiplied by more than this before reduction */
-#define OMASK (-((chunk)(1)<<TBITS)) /**< for masking out overflow bits */
-
-/* catch field excesses */
-#define EXCESS(a) ((a[NLEN-1]&OMASK)>>(TBITS)) /**< Field Excess */
-
-
-#define P_MBITS (MODBYTES*8)
-#define P_TBITS (P_MBITS%BASEBITS)
-#define P_EXCESS(a) ((a[NLEN-1])>>(P_TBITS))
-#define P_FEXCESS ((chunk)1<<(BASEBITS*NLEN-P_MBITS))
-
-
-
-/* Field Params - see rom.c */
-extern const BIG Modulus; /**< Actual Modulus set in rom.c */
-extern const chunk MConst; /**< Montgomery only - 1/p mod 2^BASEBITS */
-
-/* Curve Params - see rom.c */
-extern const int CURVE_A; /**< Elliptic curve A parameter */
-extern const BIG CURVE_B; /**< Elliptic curve B parameter */
-extern const BIG CURVE_Order; /**< Elliptic curve group order */
-extern const BIG CURVE_Cof; /**< Elliptic curve cofactor */
-
-/* Generator point on G1 */
-extern const BIG CURVE_Gx; /**< x-coordinate of generator point in group G1 */
-extern const BIG CURVE_Gy; /**< y-coordinate of generator point in group G1 */
-
-/* For Pairings only */
-
-/* Generator point on G2 */
-extern const BIG CURVE_Pxa; /**< real part of x-coordinate of generator point in group G2 */
-extern const BIG CURVE_Pxb; /**< imaginary part of x-coordinate of generator point in group G2 */
-extern const BIG CURVE_Pya; /**< real part of y-coordinate of generator point in group G2 */
-extern const BIG CURVE_Pyb; /**< imaginary part of y-coordinate of generator point in group G2 */
-
-extern const BIG CURVE_Bnx; /**< BN curve x parameter */
-
-extern const BIG CURVE_Cru; /**< BN curve Cube Root of Unity */
-
-extern const BIG CURVE_Fra; /**< real part of BN curve Frobenius Constant */
-extern const BIG CURVE_Frb; /**< imaginary part of BN curve Frobenius Constant */
-
-
-extern const BIG CURVE_W[2]; /**< BN curve constant for GLV decomposition */
-extern const BIG CURVE_SB[2][2]; /**< BN curve constant for GLV decomposition */
-extern const BIG CURVE_WB[4]; /**< BN curve constant for GS decomposition */
-extern const BIG CURVE_BB[4][4]; /**< BN curve constant for GS decomposition */
-
-/* Structures */
-
-/**
- @brief ECP structure - Elliptic Curve Point over base field
-*/
-
-typedef struct
-{
-#if CURVETYPE!=EDWARDS
- int inf; /**< Infinity Flag - not needed for Edwards representation */
-#endif
- BIG x; /**< x-coordinate of point */
-#if CURVETYPE!=MONTGOMERY
- BIG y; /**< y-coordinate of point. Not needed for Montgomery representation */
-#endif
- BIG z;/**< z-coordinate of point */
-} ECP;
-
-/**
- @brief FP2 Structure - quadratic extension field
-*/
-
-typedef struct
-{
- BIG a; /**< real part of FP2 */
- BIG b; /**< imaginary part of FP2 */
-} FP2;
-
-/**
- @brief FP4 Structure - towered over two FP2
-*/
-
-typedef struct
-{
- FP2 a; /**< real part of FP4 */
- FP2 b; /**< imaginary part of FP4 */
-} FP4;
-
-/**
- @brief FP12 Structure - towered over three FP4
-*/
-
-typedef struct
-{
- FP4 a; /**< first part of FP12 */
- FP4 b; /**< second part of FP12 */
- FP4 c; /**< third part of FP12 */
-} FP12;
-
-/**
- @brief ECP2 Structure - Elliptic Curve Point over quadratic extension field
-*/
-
-typedef struct
-{
- int inf; /**< Infinity Flag */
- FP2 x; /**< x-coordinate of point */
- FP2 y; /**< y-coordinate of point */
- FP2 z; /**< z-coordinate of point */
-} ECP2;
-
-/**
- * @brief SHA256 hash function instance */
-typedef struct
-{
- unsign32 length[2]; /**< 64-bit input length */
- unsign32 h[8]; /**< Internal state */
- unsign32 w[80]; /**< Internal state */
- int hlen; /**< Hash length in bytes */
-} hash256;
-
-/**
- * @brief SHA384-512 hash function instance */
-typedef struct
-{
- unsign64 length[2]; /**< 64-bit input length */
- unsign64 h[8]; /**< Internal state */
- unsign64 w[80]; /**< Internal state */
- int hlen; /**< Hash length in bytes */
-} hash512;
-
-/**
- * @brief SHA384 hash function instance */
-typedef hash512 hash384;
-
-#define SHA256 32 /**< SHA-256 hashing */
-#define SHA384 48 /**< SHA-384 hashing */
-#define SHA512 64 /**< SHA-512 hashing */
-
-/* Symmetric Encryption AES structure */
-
-#define ECB 0 /**< Electronic Code Book */
-#define CBC 1 /**< Cipher Block Chaining */
-#define CFB1 2 /**< Cipher Feedback - 1 byte */
-#define CFB2 3 /**< Cipher Feedback - 2 bytes */
-#define CFB4 5 /**< Cipher Feedback - 4 bytes */
-#define OFB1 14 /**< Output Feedback - 1 byte */
-#define OFB2 15 /**< Output Feedback - 2 bytes */
-#define OFB4 17 /**< Output Feedback - 4 bytes */
-#define OFB8 21 /**< Output Feedback - 8 bytes */
-#define OFB16 29 /**< Output Feedback - 16 bytes */
-#define CTR1 30 /**< Counter Mode - 1 byte */
-#define CTR2 31 /**< Counter Mode - 2 bytes */
-#define CTR4 33 /**< Counter Mode - 4 bytes */
-#define CTR8 37 /**< Counter Mode - 8 bytes */
-#define CTR16 45 /**< Counter Mode - 16 bytes */
-
-#define uchar unsigned char /**< Unsigned char */
-
-/**
- @brief AES instance
-*/
-
-
-typedef struct
-{
- int Nk; /**< AES Key Length */
- int Nr; /**< AES Number of rounds */
- int mode; /**< AES mode of operation */
- unsign32 fkey[60]; /**< subkeys for encrypton */
- unsign32 rkey[60]; /**< subkeys for decrypton */
- char f[16]; /**< buffer for chaining vector */
-} amcl_aes;
-
-/* AES-GCM suppport. */
-
-#define GCM_ACCEPTING_HEADER 0 /**< GCM status */
-#define GCM_ACCEPTING_CIPHER 1 /**< GCM status */
-#define GCM_NOT_ACCEPTING_MORE 2 /**< GCM status */
-#define GCM_FINISHED 3 /**< GCM status */
-#define GCM_ENCRYPTING 0 /**< GCM mode */
-#define GCM_DECRYPTING 1 /**< GCM mode */
-
-
-/**
- @brief GCM mode instance, using AES internally
-*/
-
-typedef struct
-{
- unsign32 table[128][4]; /**< 2k byte table */
- uchar stateX[16]; /**< GCM Internal State */
- uchar Y_0[16]; /**< GCM Internal State */
- unsign32 lenA[2]; /**< GCM 64-bit length of header */
- unsign32 lenC[2]; /**< GCM 64-bit length of ciphertext */
- int status; /**< GCM Status */
- amcl_aes a; /**< Internal Instance of AMCL_AES cipher */
-} gcm;
-
-/* Marsaglia & Zaman Random number generator constants */
-
-#define NK 21 /**< PRNG constant */
-#define NJ 6 /**< PRNG constant */
-#define NV 8 /**< PRNG constant */
-
-
-/**
- @brief Cryptographically secure pseudo-random number generator instance
-*/
-
-typedef struct
-{
- unsign32 ira[NK]; /**< random number array */
- int rndptr; /**< pointer into array */
- unsign32 borrow; /**< borrow as a result of subtraction */
- int pool_ptr; /**< pointer into random pool */
- char pool[32]; /**< random pool */
-} csprng;
-
-
-/**
- @brief Portable representation of a big positive number
-*/
-
-typedef struct
-{
- int len; /**< length in bytes */
- int max; /**< max length allowed - enforce truncation */
- char *val; /**< byte array */
-} octet;
-
-/**
- @brief Integer Factorisation Public Key
-*/
-
-typedef struct
-{
- sign32 e; /**< RSA exponent (typically 65537) */
- BIG n[FFLEN]; /**< An array of BIGs to store public key */
-} rsa_public_key;
-
-/**
- @brief Integer Factorisation Private Key
-*/
-
-typedef struct
-{
- BIG p[FFLEN/2]; /**< secret prime p */
- BIG q[FFLEN/2]; /**< secret prime q */
- BIG dp[FFLEN/2]; /**< decrypting exponent mod (p-1) */
- BIG dq[FFLEN/2]; /**< decrypting exponent mod (q-1) */
- BIG c[FFLEN/2]; /**< 1/p mod q */
-} rsa_private_key;
-
-/*
-
-Note that a normalised BIG consists of digits mod 2^BASEBITS
-However BIG digits may be "extended" up to 2^(WORDLENGTH-1).
-
-BIGs in extended form may need to be normalised before certain
-operations.
-
-A BIG may be "reduced" to be less that the Modulus, or it
-may be "unreduced" and allowed to grow greater than the
-Modulus.
-
-Normalisation is quite fast. Reduction involves conditional branches,
-which can be regarded as significant "speed bumps". We try to
-delay reductions as much as possible. Reductions may also involve
-side channel leakage, so delaying and batching them
-hopefully disguises internal operations.
-
-*/
-
-/* BIG number prototypes */
-
-/** @brief Calculates a*b+c+*d
- *
- Calculate partial product of a.b, add in carry c, and add total to d
- @param a multiplier
- @param b multiplicand
- @param c carry
- @param d pointer to accumulated bottom half of result
- @return top half of result
- */
-extern chunk muladd(chunk a,chunk b,chunk c,chunk *d);
-/** @brief Tests for BIG equal to zero
- *
- @param x a BIG number
- @return 1 if zero, else returns 0
- */
-extern int BIG_iszilch(BIG x);
-/** @brief Tests for DBIG equal to zero
- *
- @param x a DBIG number
- @return 1 if zero, else returns 0
- */
-extern int BIG_diszilch(DBIG x);
-/** @brief Outputs a BIG number to the console
- *
- @param x a BIG number
- */
-extern void BIG_output(BIG x);
-/** @brief Outputs a BIG number to the console in raw form (for debugging)
- *
- @param x a BIG number
- */
-extern void BIG_rawoutput(BIG x);
-/** @brief Conditional constant time swap of two BIG numbers
- *
- Conditionally swaps parameters in constant time (without branching)
- @param x a BIG number
- @param y another BIG number
- @param s swap takes place if not equal to 0
- */
-extern void BIG_cswap(BIG x,BIG y,int s);
-/** @brief Conditional copy of BIG number
- *
- Conditionally copies second parameter to the first (without branching)
- @param x a BIG number
- @param y another BIG number
- @param s copy takes place if not equal to 0
- */
-extern void BIG_cmove(BIG x,BIG y,int s);
-/** @brief Conditional copy of DBIG number
- *
- Conditionally copies second parameter to the first (without branching)
- @param x a DBIG number
- @param y another DBIG number
- @param s copy takes place if not equal to 0
- */
-extern void BIG_dcmove(BIG x,BIG y,int s);
-/** @brief Convert from BIG number to byte array
- *
- @param a byte array
- @param x BIG number
- */
-extern void BIG_toBytes(char *a,BIG x);
-/** @brief Convert to BIG number from byte array
- *
- @param x BIG number
- @param a byte array
- */
-extern void BIG_fromBytes(BIG x,char *a);
-/** @brief Convert to BIG number from byte array of given length
- *
- @param x BIG number
- @param a byte array
- @param s byte array length
- */
-extern void BIG_fromBytesLen(BIG x,char *a,int s);
-/**@brief Convert to DBIG number from byte array of given length
- *
- @param x DBIG number
- @param a byte array
- @param s byte array length
- */
-extern void BIG_dfromBytesLen(DBIG x,char *a,int s);
-/** @brief Outputs a DBIG number to the console
- *
- @param x a DBIG number
- */
-extern void BIG_doutput(DBIG x);
-/** @brief Copy BIG from Read-Only Memory to a BIG
- *
- @param x BIG number
- @param y BIG number in ROM
- */
-extern void BIG_rcopy(BIG x,const BIG y);
-/** @brief Copy BIG to another BIG
- *
- @param x BIG number
- @param y BIG number to be copied
- */
-extern void BIG_copy(BIG x,BIG y);
-/** @brief Copy DBIG to another DBIG
- *
- @param x DBIG number
- @param y DBIG number to be copied
- */
-extern void BIG_dcopy(DBIG x,DBIG y);
-/** @brief Copy BIG to upper half of DBIG
- *
- @param x DBIG number
- @param y BIG number to be copied
- */
-extern void BIG_dsucopy(DBIG x,BIG y);
-/** @brief Copy BIG to lower half of DBIG
- *
- @param x DBIG number
- @param y BIG number to be copied
- */
-extern void BIG_dscopy(DBIG x,BIG y);
-/** @brief Copy lower half of DBIG to a BIG
- *
- @param x BIG number
- @param y DBIG number to be copied
- */
-extern void BIG_sdcopy(BIG x,DBIG y);
-/** @brief Copy upper half of DBIG to a BIG
- *
- @param x BIG number
- @param y DBIG number to be copied
- */
-extern void BIG_sducopy(BIG x,DBIG y);
-/** @brief Set BIG to zero
- *
- @param x BIG number to be set to zero
- */
-extern void BIG_zero(BIG x);
-/** @brief Set DBIG to zero
- *
- @param x DBIG number to be set to zero
- */
-extern void BIG_dzero(DBIG x);
-/** @brief Set BIG to one (unity)
- *
- @param x BIG number to be set to one.
- */
-extern void BIG_one(BIG x);
-/** @brief Set BIG to inverse mod 2^256
- *
- @param x BIG number to be inverted
- */
-extern void BIG_invmod2m(BIG x);
-/** @brief Set BIG to sum of two BIGs - output not normalised
- *
- @param x BIG number, sum of other two
- @param y BIG number
- @param z BIG number
- */
-extern void BIG_add(BIG x,BIG y,BIG z);
-/** @brief Increment BIG by a small integer - output not normalised
- *
- @param x BIG number to be incremented
- @param i integer
- */
-extern void BIG_inc(BIG x,int i);
-/** @brief Set BIG to difference of two BIGs
- *
- @param x BIG number, difference of other two - output not normalised
- @param y BIG number
- @param z BIG number
- */
-extern void BIG_sub(BIG x,BIG y,BIG z);
-/** @brief Decrement BIG by a small integer - output not normalised
- *
- @param x BIG number to be decremented
- @param i integer
- */
-extern void BIG_dec(BIG x,int i);
-/** @brief Set DBIG to difference of two DBIGs
- *
- @param x DBIG number, difference of other two - output not normalised
- @param y DBIG number
- @param z DBIG number
- */
-extern void BIG_dsub(DBIG x,DBIG y,DBIG z);
-/** @brief Multiply BIG by a small integer - output not normalised
- *
- @param x BIG number, product of other two
- @param y BIG number
- @param i small integer
- */
-extern void BIG_imul(BIG x,BIG y,int i);
-/** @brief Multiply BIG by not-so-small small integer - output normalised
- *
- @param x BIG number, product of other two
- @param y BIG number
- @param i small integer
- @return Overflowing bits
- */
-extern chunk BIG_pmul(BIG x,BIG y,int i);
-/** @brief Divide BIG by 3 - output normalised
- *
- @param x BIG number
- @return Remainder
- */
-extern int BIG_div3(BIG x);
-/** @brief Multiply BIG by even bigger small integer resulting in a DBIG - output normalised
- *
- @param x DBIG number, product of other two
- @param y BIG number
- @param i small integer
- */
-extern void BIG_pxmul(DBIG x,BIG y,int i);
-/** @brief Multiply BIG by another BIG resulting in DBIG - inputs normalised and output normalised
- *
- @param x DBIG number, product of other two
- @param y BIG number
- @param z BIG number
- */
-extern void BIG_mul(DBIG x,BIG y,BIG z);
-/** @brief Multiply BIG by another BIG resulting in another BIG - inputs normalised and output normalised
- *
- Note that the product must fit into a BIG, and x must be distinct from y and z
- @param x BIG number, product of other two
- @param y BIG number
- @param z BIG number
- */
-extern void BIG_smul(BIG x,BIG y,BIG z);
-/** @brief Square BIG resulting in a DBIG - input normalised and output normalised
- *
- @param x DBIG number, square of a BIG
- @param y BIG number to be squared
- */
-extern void BIG_sqr(DBIG x,BIG y);
-
-/** @brief Montgomery reduction of a DBIG to a BIG - input normalised and output normalised
- *
- @param a BIG number, reduction of a BIG
- @param md BIG number, the modulus
- @param MC the Montgomery Constant
- @param d DBIG number to be reduced
- */
-extern void BIG_monty(BIG a,BIG md,chunk MC,DBIG d);
-
-/** @brief Shifts a BIG left by any number of bits - input must be normalised, output normalised
- *
- @param x BIG number to be shifted
- @param s Number of bits to shift
- */
-extern void BIG_shl(BIG x,int s);
-/** @brief Fast shifts a BIG left by a small number of bits - input must be normalised, output will be normalised
- *
- The number of bits to be shifted must be less than BASEBITS
- @param x BIG number to be shifted
- @param s Number of bits to shift
- @return Overflow bits
- */
-extern int BIG_fshl(BIG x,int s);
-/** @brief Shifts a DBIG left by any number of bits - input must be normalised, output normalised
- *
- @param x DBIG number to be shifted
- @param s Number of bits to shift
- */
-extern void BIG_dshl(DBIG x,int s);
-/** @brief Shifts a BIG right by any number of bits - input must be normalised, output normalised
- *
- @param x BIG number to be shifted
- @param s Number of bits to shift
- */
-extern void BIG_shr(BIG x,int s);
-/** @brief Fast shifts a BIG right by a small number of bits - input must be normalised, output will be normalised
- *
- The number of bits to be shifted must be less than BASEBITS
- @param x BIG number to be shifted
- @param s Number of bits to shift
- @return Shifted out bits
- */
-extern int BIG_fshr(BIG x,int s);
-/** @brief Shifts a DBIG right by any number of bits - input must be normalised, output normalised
- *
- @param x DBIG number to be shifted
- @param s Number of bits to shift
- */
-extern void BIG_dshr(DBIG x,int s);
-/** @brief Splits a DBIG into two BIGs - input must be normalised, outputs normalised
- *
- Internal function. The value of s must be approximately in the middle of the DBIG.
- Typically used to extract z mod 2^MODBITS and z/2^MODBITS
- @param x BIG number, top half of z
- @param y BIG number, bottom half of z
- @param z DBIG number to be split in two.
- @param s Bit position at which to split
- @return carry-out from top half
- */
-extern chunk BIG_split(BIG x,BIG y,DBIG z,int s);
-/** @brief Normalizes a BIG number - output normalised
- *
- All digits of the input BIG are reduced mod 2^BASEBITS
- @param x BIG number to be normalised
- */
-extern chunk BIG_norm(BIG x);
-/** @brief Normalizes a DBIG number - output normalised
- *
- All digits of the input DBIG are reduced mod 2^BASEBITS
- @param x DBIG number to be normalised
- */
-extern void BIG_dnorm(DBIG x);
-/** @brief Compares two BIG numbers. Inputs must be normalised externally
- *
- @param x first BIG number to be compared
- @param y second BIG number to be compared
- @return -1 is x<y, 0 if x=y, 1 if x>y
- */
-extern int BIG_comp(BIG x,BIG y);
-/** @brief Compares two DBIG numbers. Inputs must be normalised externally
- *
- @param x first DBIG number to be compared
- @param y second DBIG number to be compared
- @return -1 is x<y, 0 if x=y, 1 if x>y
- */
-extern int BIG_dcomp(DBIG x,DBIG y);
-/** @brief Calculate number of bits in a BIG - output normalised
- *
- @param x BIG number
- @return Number of bits in x
- */
-extern int BIG_nbits(BIG x);
-/** @brief Calculate number of bits in a DBIG - output normalised
- *
- @param x DBIG number
- @return Number of bits in x
- */
-extern int BIG_dnbits(DBIG x);
-/** @brief Reduce x mod n - input and output normalised
- *
- Slow but rarely used
- @param x BIG number to be reduced mod n
- @param n The modulus
- */
-extern void BIG_mod(BIG x,BIG n);
-/** @brief Divide x by n - output normalised
- *
- Slow but rarely used
- @param x BIG number to be divided by n
- @param n The Divisor
- */
-extern void BIG_sdiv(BIG x,BIG n);
-/** @brief x=y mod n - output normalised
- *
- Slow but rarely used. y is destroyed.
- @param x BIG number, on exit = y mod n
- @param y DBIG number
- @param n Modulus
- */
-extern void BIG_dmod(BIG x,DBIG y,BIG n);
-/** @brief x=y/n - output normalised
- *
- Slow but rarely used. y is destroyed.
- @param x BIG number, on exit = y/n
- @param y DBIG number
- @param n Modulus
- */
-extern void BIG_ddiv(BIG x,DBIG y,BIG n);
-/** @brief return parity of BIG, that is the least significant bit
- *
- @param x BIG number
- @return 0 or 1
- */
-extern int BIG_parity(BIG x);
-/** @brief return i-th of BIG
- *
- @param x BIG number
- @param i the bit of x to be returned
- @return 0 or 1
- */
-extern int BIG_bit(BIG x,int i);
-/** @brief return least significant bits of a BIG
- *
- @param x BIG number
- @param n number of bits to return. Assumed to be less than BASEBITS.
- @return least significant n bits as an integer
- */
-extern int BIG_lastbits(BIG x,int n);
-/** @brief Create a random BIG from a random number generator
- *
- Assumes that the random number generator has been suitably initialised
- @param x BIG number, on exit a random number
- @param r A pointer to a Cryptographically Secure Random Number Generator
- */
-extern void BIG_random(BIG x,csprng *r);
-/** @brief Create an unbiased random BIG from a random number generator, reduced with respect to a modulus
- *
- Assumes that the random number generator has been suitably initialised
- @param x BIG number, on exit a random number
- @param n The modulus
- @param r A pointer to a Cryptographically Secure Random Number Generator
- */
-extern void BIG_randomnum(BIG x,BIG n,csprng *r);
-/** brief return NAF (Non-Adjacent-Form) value as +/- 1, 3 or 5, inputs must be normalised
- *
- Given x and 3*x extracts NAF value from given bit position, and returns number of bits processed, and number of trailing zeros detected if any
- param x BIG number
- param x3 BIG number, three times x
- param i bit position
- param nbs pointer to integer returning number of bits processed
- param nzs pointer to integer returning number of trailing 0s
- return + or - 1, 3 or 5
-*/
-//extern int BIG_nafbits(BIG x,BIG x3,int i,int *nbs,int *nzs);
-
-/** @brief Calculate x=y*z mod n
- *
- Slow method for modular multiplication
- @param x BIG number, on exit = y*z mod n
- @param y BIG number
- @param z BIG number
- @param n The BIG Modulus
- */
-extern void BIG_modmul(BIG x,BIG y,BIG z,BIG n);
-/** @brief Calculate x=y/z mod n
- *
- Slow method for modular division
- @param x BIG number, on exit = y/z mod n
- @param y BIG number
- @param z BIG number
- @param n The BIG Modulus
- */
-extern void BIG_moddiv(BIG x,BIG y,BIG z,BIG n);
-/** @brief Calculate x=y^2 mod n
- *
- Slow method for modular squaring
- @param x BIG number, on exit = y^2 mod n
- @param y BIG number
- @param n The BIG Modulus
- */
-extern void BIG_modsqr(BIG x,BIG y,BIG n);
-/** @brief Calculate x=-y mod n
- *
- Modular negation
- @param x BIG number, on exit = -y mod n
- @param y BIG number
- @param n The BIG Modulus
- */
-extern void BIG_modneg(BIG x,BIG y,BIG n);
-/** @brief Calculate jacobi Symbol (x/y)
- *
- @param x BIG number
- @param y BIG number
- @return Jacobi symbol, -1,0 or 1
- */
-extern int BIG_jacobi(BIG x,BIG y);
-/** @brief Calculate x=1/y mod n
- *
- Modular Inversion - This is slow. Uses binary method.
- @param x BIG number, on exit = 1/y mod n
- @param y BIG number
- @param n The BIG Modulus
- */
-extern void BIG_invmodp(BIG x,BIG y,BIG n);
-/** @brief Calculate x=x mod 2^m
- *
- Truncation
- @param x BIG number, on reduced mod 2^m
- @param m new truncated size
-*/
-extern void BIG_mod2m(BIG x,int m);
-
-
-
-/* FP prototypes */
-
-/** @brief Tests for BIG equal to zero mod Modulus
- *
- @param x BIG number to be tested
- @return 1 if zero, else returns 0
- */
-extern int FP_iszilch(BIG x);
-/** @brief Converts from BIG integer to n-residue form mod Modulus
- *
- @param x BIG number to be converted
- */
-extern void FP_nres(BIG x);
-/** @brief Converts from n-residue form back to BIG integer form
- *
- @param x BIG number to be converted
- */
-extern void FP_redc(BIG x);
-/** @brief Sets BIG to representation of unity in n-residue form
- *
- @param x BIG number to be set equal to unity.
- */
-extern void FP_one(BIG x);
-/** @brief Reduces DBIG to BIG exploiting special form of the modulus
- *
- This function comes in different flavours depending on the form of Modulus that is currently in use.
- @param r BIG number, on exit = d mod Modulus
- @param d DBIG number to be reduced
- */
-extern void FP_mod(BIG r,DBIG d);
-/** @brief Fast Modular multiplication of two BIGs in n-residue form, mod Modulus
- *
- Uses appropriate fast modular reduction method
- @param x BIG number, on exit the modular product = y*z mod Modulus
- @param y BIG number, the multiplicand
- @param z BIG number, the multiplier
- */
-extern void FP_mul(BIG x,BIG y,BIG z);
-/** @brief Fast Modular multiplication of a BIG in n-residue form, by a small integer, mod Modulus
- *
- @param x BIG number, on exit the modular product = y*i mod Modulus
- @param y BIG number, the multiplicand
- @param i a small number, the multiplier
- */
-extern void FP_imul(BIG x,BIG y,int i);
-/** @brief Fast Modular squaring of a BIG in n-residue form, mod Modulus
- *
- Uses appropriate fast modular reduction method
- @param x BIG number, on exit the modular product = y^2 mod Modulus
- @param y BIG number, the number to be squared
-
- */
-extern void FP_sqr(BIG x,BIG y);
-/** @brief Modular addition of two BIGs in n-residue form, mod Modulus
- *
- @param x BIG number, on exit the modular sum = y+z mod Modulus
- @param y BIG number
- @param z BIG number
- */
-extern void FP_add(BIG x,BIG y,BIG z);
-/** @brief Modular subtraction of two BIGs in n-residue form, mod Modulus
- *
- @param x BIG number, on exit the modular difference = y-z mod Modulus
- @param y BIG number
- @param z BIG number
- */
-extern void FP_sub(BIG x,BIG y,BIG z);
-/** @brief Modular division by 2 of a BIG in n-residue form, mod Modulus
- *
- @param x BIG number, on exit =y/2 mod Modulus
- @param y BIG number
- */
-extern void FP_div2(BIG x,BIG y);
-/** @brief Fast Modular exponentiation of a BIG in n-residue form, to the power of a BIG, mod Modulus
- *
- @param x BIG number, on exit = y^z mod Modulus
- @param y BIG number
- @param z Big number exponent
- */
-extern void FP_pow(BIG x,BIG y,BIG z);
-/** @brief Fast Modular square root of a BIG in n-residue form, mod Modulus
- *
- @param x BIG number, on exit = sqrt(y) mod Modulus
- @param y BIG number, the number whose square root is calculated
-
- */
-extern void FP_sqrt(BIG x,BIG y);
-/** @brief Modular negation of a BIG in n-residue form, mod Modulus
- *
- @param x BIG number, on exit = -y mod Modulus
- @param y BIG number
- */
-extern void FP_neg(BIG x,BIG y);
-/** @brief Outputs a BIG number that is in n-residue form to the console
- *
- Converts from n-residue form before output
- @param x a BIG number
- */
-extern void FP_output(BIG x);
-/** @brief Outputs a BIG number that is in n-residue form to the console, in raw form
- *
- Converts from n-residue form before output
- @param x a BIG number
- */
-extern void FP_rawoutput(BIG x);
-/** @brief Reduces possibly unreduced BIG mod Modulus
- *
- @param x BIG number, on exit reduced mod Modulus
- */
-extern void FP_reduce(BIG x);
-/** @brief Tests for BIG a quadratic residue mod Modulus
- *
- @param x BIG number to be tested
- @return 1 if quadratic residue, else returns 0 if quadratic non-residue
- */
-extern int FP_qr(BIG x);
-/** @brief Modular inverse of a BIG in n-residue form, mod Modulus
- *
- @param x BIG number, on exit = 1/y mod Modulus
- @param y BIG number
- */
-extern void FP_inv(BIG x,BIG y);
-
-
-/* FP2 prototypes */
-
-/** @brief Tests for FP2 equal to zero
- *
- @param x FP2 number to be tested
- @return 1 if zero, else returns 0
- */
-extern int FP2_iszilch(FP2 *x);
-/** @brief Conditional copy of FP2 number
- *
- Conditionally copies second parameter to the first (without branching)
- @param x FP2 instance, set to y if s!=0
- @param y another FP2 instance
- @param s copy only takes place if not equal to 0
- */
-extern void FP2_cmove(FP2 *x,FP2 *y,int s);
-/** @brief Tests for FP2 equal to one
- *
- @param x FP2 instance to be tested
- @return 1 if x=1, else returns 0
- */
-extern int FP2_isunity(FP2 *x);
-/** @brief Tests for equality of two FP2s
- *
- @param x FP2 instance to be compared
- @param y FP2 instance to be compared
- @return 1 if x=y, else returns 0
- */
-extern int FP2_equals(FP2 *x,FP2 *y);
-/** @brief Initialise FP2 from two BIGs in n-residue form
- *
- @param x FP2 instance to be initialised
- @param a BIG to form real part of FP2
- @param b BIG to form imaginary part of FP2
- */
-extern void FP2_from_FPs(FP2 *x,BIG a,BIG b);
-/** @brief Initialise FP2 from two BIG integers
- *
- @param x FP2 instance to be initialised
- @param a BIG to form real part of FP2
- @param b BIG to form imaginary part of FP2
- */
-extern void FP2_from_BIGs(FP2 *x,BIG a,BIG b);
-/** @brief Initialise FP2 from single BIG in n-residue form
- *
- Imaginary part is set to zero
- @param x FP2 instance to be initialised
- @param a BIG to form real part of FP2
- */
-extern void FP2_from_FP(FP2 *x,BIG a);
-/** @brief Initialise FP2 from single BIG
- *
- Imaginary part is set to zero
- @param x FP2 instance to be initialised
- @param a BIG to form real part of FP2
- */
-extern void FP2_from_BIG(FP2 *x,BIG a);
-/** @brief Copy FP2 to another FP2
- *
- @param x FP2 instance, on exit = y
- @param y FP2 instance to be copied
- */
-extern void FP2_copy(FP2 *x,FP2 *y);
-/** @brief Set FP2 to zero
- *
- @param x FP2 instance to be set to zero
- */
-extern void FP2_zero(FP2 *x);
-/** @brief Set FP2 to unity
- *
- @param x FP2 instance to be set to one
- */
-extern void FP2_one(FP2 *x);
-/** @brief Negation of FP2
- *
- @param x FP2 instance, on exit = -y
- @param y FP2 instance
- */
-extern void FP2_neg(FP2 *x,FP2 *y);
-/** @brief Conjugation of FP2
- *
- If y=(a,b) on exit x=(a,-b)
- @param x FP2 instance, on exit = conj(y)
- @param y FP2 instance
- */
-extern void FP2_conj(FP2 *x,FP2 *y);
-/** @brief addition of two FP2s
- *
- @param x FP2 instance, on exit = y+z
- @param y FP2 instance
- @param z FP2 instance
- */
-extern void FP2_add(FP2 *x,FP2 *y,FP2 *z);
-/** @brief subtraction of two FP2s
- *
- @param x FP2 instance, on exit = y-z
- @param y FP2 instance
- @param z FP2 instance
- */
-extern void FP2_sub(FP2 *x,FP2 *y,FP2 *z);
-/** @brief Multiplication of an FP2 by an n-residue
- *
- @param x FP2 instance, on exit = y*b
- @param y FP2 instance
- @param b BIG n-residue
- */
-extern void FP2_pmul(FP2 *x,FP2 *y,BIG b);
-/** @brief Multiplication of an FP2 by a small integer
- *
- @param x FP2 instance, on exit = y*i
- @param y FP2 instance
- @param i an integer
- */
-extern void FP2_imul(FP2 *x,FP2 *y,int i);
-/** @brief Squaring an FP2
- *
- @param x FP2 instance, on exit = y^2
- @param y FP2 instance
- */
-extern void FP2_sqr(FP2 *x,FP2 *y);
-/** @brief Multiplication of two FP2s
- *
- @param x FP2 instance, on exit = y*z
- @param y FP2 instance
- @param z FP2 instance
- */
-extern void FP2_mul(FP2 *x,FP2 *y,FP2 *z);
-/** @brief Formats and outputs an FP2 to the console
- *
- @param x FP2 instance
- */
-extern void FP2_output(FP2 *x);
-/** @brief Formats and outputs an FP2 to the console in raw form (for debugging)
- *
- @param x FP2 instance
- */
-extern void FP2_rawoutput(FP2 *x);
-/** @brief Inverting an FP2
- *
- @param x FP2 instance, on exit = 1/y
- @param y FP2 instance
- */
-extern void FP2_inv(FP2 *x,FP2 *y);
-/** @brief Divide an FP2 by 2
- *
- @param x FP2 instance, on exit = y/2
- @param y FP2 instance
- */
-extern void FP2_div2(FP2 *x,FP2 *y);
-/** @brief Multiply an FP2 by (1+sqrt(-1))
- *
- Note that (1+sqrt(-1)) is irreducible for FP4
- @param x FP2 instance, on exit = x*(1+sqrt(-1))
- */
-extern void FP2_mul_ip(FP2 *x);
-/** @brief Divide an FP2 by (1+sqrt(-1))
- *
- Note that (1+sqrt(-1)) is irreducible for FP4
- @param x FP2 instance, on exit = x/(1+sqrt(-1))
- */
-extern void FP2_div_ip(FP2 *x);
-/** @brief Normalises the components of an FP2
- *
- @param x FP2 instance to be normalised
- */
-extern void FP2_norm(FP2 *x);
-/** @brief Reduces all components of possibly unreduced FP2 mod Modulus
- *
- @param x FP2 instance, on exit reduced mod Modulus
- */
-extern void FP2_reduce(FP2 *x);
-/** @brief Raises an FP2 to the power of a BIG
- *
- @param x FP2 instance, on exit = y^b
- @param y FP2 instance
- @param b BIG number
- */
-extern void FP2_pow(FP2 *x,FP2 *y,BIG b);
-/** @brief Square root of an FP2
- *
- @param x FP2 instance, on exit = sqrt(y)
- @param y FP2 instance
- */
-extern int FP2_sqrt(FP2 *x,FP2 *y);
-
-
-
-/* ECP E(Fp) prototypes */
-/** @brief Tests for ECP point equal to infinity
- *
- @param P ECP point to be tested
- @return 1 if infinity, else returns 0
- */
-extern int ECP_isinf(ECP *P);
-/** @brief Tests for equality of two ECPs
- *
- @param P ECP instance to be compared
- @param Q ECP instance to be compared
- @return 1 if P=Q, else returns 0
- */
-extern int ECP_equals(ECP *P,ECP *Q);
-/** @brief Copy ECP point to another ECP point
- *
- @param P ECP instance, on exit = Q
- @param Q ECP instance to be copied
- */
-extern void ECP_copy(ECP *P,ECP *Q);
-/** @brief Negation of an ECP point
- *
- @param P ECP instance, on exit = -P
- */
-extern void ECP_neg(ECP *P);
-/** @brief Set ECP to point-at-infinity
- *
- @param P ECP instance to be set to infinity
- */
-extern void ECP_inf(ECP *P);
-/** @brief Calculate Right Hand Side of curve equation y^2=f(x)
- *
- Function f(x) depends on form of elliptic curve, Weierstrass, Edwards or Montgomery.
- Used internally.
- @param r BIG n-residue value of f(x)
- @param x BIG n-residue x
- */
-extern void ECP_rhs(BIG r,BIG x);
-/** @brief Set ECP to point(x,y) given just x and sign of y
- *
- Point P set to infinity if no such point on the curve. If x is on the curve then y is calculated from the curve equation.
- The correct y value (plus or minus) is selected given its sign s.
- @param P ECP instance to be set (x,[y])
- @param x BIG x coordinate of point
- @param s an integer representing the "sign" of y, in fact its least significant bit.
- */
-extern int ECP_setx(ECP *P,BIG x,int s);
-
-#if CURVETYPE==MONTGOMERY
-/** @brief Set ECP to point(x,[y]) given x
- *
- Point P set to infinity if no such point on the curve. Note that y coordinate is not needed.
- @param P ECP instance to be set (x,[y])
- @param x BIG x coordinate of point
- @return 1 if point exists, else 0
- */
-extern int ECP_set(ECP *P,BIG x);
-/** @brief Extract x coordinate of an ECP point P
- *
- @param x BIG on exit = x coordinate of point
- @param P ECP instance (x,[y])
- @return -1 if P is point-at-infinity, else 0
- */
-extern int ECP_get(BIG x,ECP *P);
-/** @brief Adds ECP instance Q to ECP instance P, given difference D=P-Q
- *
- Differential addition of points on a Montgomery curve
- @param P ECP instance, on exit =P+Q
- @param Q ECP instance to be added to P
- @param D Difference between P and Q
- */
-extern void ECP_add(ECP *P,ECP *Q,ECP *D);
-#else
-/** @brief Set ECP to point(x,y) given x and y
- *
- Point P set to infinity if no such point on the curve.
- @param P ECP instance to be set (x,y)
- @param x BIG x coordinate of point
- @param y BIG y coordinate of point
- @return 1 if point exists, else 0
- */
-extern int ECP_set(ECP *P,BIG x,BIG y);
-/** @brief Extract x and y coordinates of an ECP point P
- *
- If x=y, returns only x
- @param x BIG on exit = x coordinate of point
- @param y BIG on exit = y coordinate of point (unless x=y)
- @param P ECP instance (x,y)
- @return sign of y, or -1 if P is point-at-infinity
- */
-extern int ECP_get(BIG x,BIG y,ECP *P);
-/** @brief Adds ECP instance Q to ECP instance P
- *
- @param P ECP instance, on exit =P+Q
- @param Q ECP instance to be added to P
- */
-extern void ECP_add(ECP *P,ECP *Q);
-/** @brief Subtracts ECP instance Q from ECP instance P
- *
- @param P ECP instance, on exit =P-Q
- @param Q ECP instance to be subtracted from P
- */
-extern void ECP_sub(ECP *P,ECP *Q);
-#endif
-/** @brief Converts an ECP point from Projective (x,y,z) coordinates to affine (x,y) coordinates
- *
- @param P ECP instance to be converted to affine form
- */
-extern void ECP_affine(ECP *P);
-/** @brief Formats and outputs an ECP point to the console, in projective coordinates
- *
- @param P ECP instance to be printed
- */
-extern void ECP_outputxyz(ECP *P);
-/** @brief Formats and outputs an ECP point to the console, converted to affine coordinates
- *
- @param P ECP instance to be printed
- */
-extern void ECP_output(ECP * P);
-/** @brief Formats and outputs an ECP point to an octet string
- *
- The octet string is created in the standard form 04|x|y, except for Montgomery curve in which case it is 06|x
- Here x (and y) are the x and y coordinates in big-endian base 256 form.
- @param S output octet string
- @param P ECP instance to be converted to an octet string
- */
-extern void ECP_toOctet(octet *S,ECP *P);
-/** @brief Creates an ECP point from an octet string
- *
- The octet string is in the standard form 0x04|x|y, except for Montgomery curve in which case it is 0x06|x
- Here x (and y) are the x and y coordinates in left justified big-endian base 256 form.
- @param P ECP instance to be created from the octet string
- @param S input octet string
- return 1 if octet string corresponds to a point on the curve, else 0
- */
-extern int ECP_fromOctet(ECP *P,octet *S);
-/** @brief Doubles an ECP instance P
- *
- @param P ECP instance, on exit =2*P
- */
-extern void ECP_dbl(ECP *P);
-/** @brief Multiplies an ECP instance P by a small integer, side-channel resistant
- *
- @param P ECP instance, on exit =i*P
- @param i small integer multiplier
- @param b maximum number of bits in multiplier
- */
-extern void ECP_pinmul(ECP *P,int i,int b);
-/** @brief Multiplies an ECP instance P by a BIG, side-channel resistant
- *
- Uses Montgomery ladder for Montgomery curves, otherwise fixed sized windows.
- @param P ECP instance, on exit =b*P
- @param b BIG number multiplier
-
- */
-extern void ECP_mul(ECP *P,BIG b);
-/** @brief Calculates double multiplication P=e*P+f*Q, side-channel resistant
- *
- @param P ECP instance, on exit =e*P+f*Q
- @param Q ECP instance
- @param e BIG number multiplier
- @param f BIG number multiplier
- */
-extern void ECP_mul2(ECP *P,ECP *Q,BIG e,BIG f);
-
-
-
-/* ECP2 E(Fp2) prototypes */
-/** @brief Tests for ECP2 point equal to infinity
- *
- @param P ECP2 point to be tested
- @return 1 if infinity, else returns 0
- */
-extern int ECP2_isinf(ECP2 *P);
-/** @brief Copy ECP2 point to another ECP2 point
- *
- @param P ECP2 instance, on exit = Q
- @param Q ECP2 instance to be copied
- */
-extern void ECP2_copy(ECP2 *P,ECP2 *Q);
-/** @brief Set ECP2 to point-at-infinity
- *
- @param P ECP2 instance to be set to infinity
- */
-extern void ECP2_inf(ECP2 *P);
-/** @brief Tests for equality of two ECP2s
- *
- @param P ECP2 instance to be compared
- @param Q ECP2 instance to be compared
- @return 1 if P=Q, else returns 0
- */
-extern int ECP2_equals(ECP2 *P,ECP2 *Q);
-/** @brief Converts an ECP2 point from Projective (x,y,z) coordinates to affine (x,y) coordinates
- *
- @param P ECP2 instance to be converted to affine form
- */
-extern void ECP2_affine(ECP2 *P);
-/** @brief Extract x and y coordinates of an ECP2 point P
- *
- If x=y, returns only x
- @param x FP2 on exit = x coordinate of point
- @param y FP2 on exit = y coordinate of point (unless x=y)
- @param P ECP2 instance (x,y)
- @return -1 if P is point-at-infinity, else 0
- */
-extern int ECP2_get(FP2 *x,FP2 *y,ECP2 *P);
-/** @brief Formats and outputs an ECP2 point to the console, converted to affine coordinates
- *
- @param P ECP2 instance to be printed
- */
-extern void ECP2_output(ECP2 *P);
-/** @brief Formats and outputs an ECP2 point to the console, in projective coordinates
- *
- @param P ECP2 instance to be printed
- */
-extern void ECP2_outputxyz(ECP2 *P);
-/** @brief Formats and outputs an ECP2 point to an octet string
- *
- The octet string is created in the form x|y.
- Convert the real and imaginary parts of the x and y coordinates to big-endian base 256 form.
- @param S output octet string
- @param P ECP2 instance to be converted to an octet string
- */
-extern void ECP2_toOctet(octet *S,ECP2 *P);
-/** @brief Creates an ECP2 point from an octet string
- *
- The octet string is in the form x|y
- The real and imaginary parts of the x and y coordinates are in big-endian base 256 form.
- @param P ECP2 instance to be created from the octet string
- @param S input octet string
- return 1 if octet string corresponds to a point on the curve, else 0
- */
-extern int ECP2_fromOctet(ECP2 *P,octet *S);
-/** @brief Calculate Right Hand Side of curve equation y^2=f(x)
- *
- Function f(x)=x^3+Ax+B
- Used internally.
- @param r FP2 value of f(x)
- @param x FP2 instance
- */
-extern void ECP2_rhs(FP2 *r,FP2 *x);
-/** @brief Set ECP2 to point(x,y) given x and y
- *
- Point P set to infinity if no such point on the curve.
- @param P ECP2 instance to be set (x,y)
- @param x FP2 x coordinate of point
- @param y FP2 y coordinate of point
- @return 1 if point exists, else 0
- */
-extern int ECP2_set(ECP2 *P,FP2 *x,FP2 *y);
-/** @brief Set ECP to point(x,[y]) given x
- *
- Point P set to infinity if no such point on the curve. Otherwise y coordinate is calculated from x.
- @param P ECP instance to be set (x,[y])
- @param x BIG x coordinate of point
- @return 1 if point exists, else 0
- */
-extern int ECP2_setx(ECP2 *P,FP2 *x);
-/** @brief Negation of an ECP2 point
- *
- @param P ECP2 instance, on exit = -P
- */
-extern void ECP2_neg(ECP2 *P);
-/** @brief Doubles an ECP2 instance P
- *
- @param P ECP2 instance, on exit =2*P
- */
-extern int ECP2_dbl(ECP2 *P);
-/** @brief Adds ECP2 instance Q to ECP2 instance P
- *
- @param P ECP2 instance, on exit =P+Q
- @param Q ECP2 instance to be added to P
- */
-extern int ECP2_add(ECP2 *P,ECP2 *Q);
-/** @brief Subtracts ECP instance Q from ECP2 instance P
- *
- @param P ECP2 instance, on exit =P-Q
- @param Q ECP2 instance to be subtracted from P
- */
-extern void ECP2_sub(ECP2 *P,ECP2 *Q);
-/** @brief Multiplies an ECP2 instance P by a BIG, side-channel resistant
- *
- Uses fixed sized windows.
- @param P ECP2 instance, on exit =b*P
- @param b BIG number multiplier
-
- */
-extern void ECP2_mul(ECP2 *P,BIG b);
-/** @brief Multiplies an ECP2 instance P by the internal modulus p, using precalculated Frobenius constant f
- *
- Fast point multiplication using Frobenius
- @param P ECP2 instance, on exit = p*P
- @param f FP2 precalculated Frobenius constant
-
- */
-extern void ECP2_frob(ECP2 *P,FP2 *f);
-/** @brief Calculates P=b[0]*Q[0]+b[1]*Q[1]+b[2]*Q[2]+b[3]*Q[3]
- *
- @param P ECP2 instance, on exit = b[0]*Q[0]+b[1]*Q[1]+b[2]*Q[2]+b[3]*Q[3]
- @param Q ECP2 array of 4 points
- @param b BIG array of 4 multipliers
- */
-extern void ECP2_mul4(ECP2 *P,ECP2 *Q,BIG *b);
-
-
-
-/* FP4 prototypes */
-/** @brief Tests for FP4 equal to zero
- *
- @param x FP4 number to be tested
- @return 1 if zero, else returns 0
- */
-extern int FP4_iszilch(FP4 *x);
-/** @brief Tests for FP4 equal to unity
- *
- @param x FP4 number to be tested
- @return 1 if unity, else returns 0
- */
-extern int FP4_isunity(FP4 *x);
-/** @brief Tests for equality of two FP4s
- *
- @param x FP4 instance to be compared
- @param y FP4 instance to be compared
- @return 1 if x=y, else returns 0
- */
-extern int FP4_equals(FP4 *x,FP4 *y);
-/** @brief Tests for FP4 having only a real part and no imaginary part
- *
- @param x FP4 number to be tested
- @return 1 if real, else returns 0
- */
-extern int FP4_isreal(FP4 *x);
-/** @brief Initialise FP4 from two FP2s
- *
- @param x FP4 instance to be initialised
- @param a FP2 to form real part of FP4
- @param b FP2 to form imaginary part of FP4
- */
-extern void FP4_from_FP2s(FP4 *x,FP2 *a,FP2 *b);
-/** @brief Initialise FP4 from single FP2
- *
- Imaginary part is set to zero
- @param x FP4 instance to be initialised
- @param a FP2 to form real part of FP4
- */
-extern void FP4_from_FP2(FP4 *x,FP2 *a);
-/** @brief Copy FP4 to another FP4
- *
- @param x FP4 instance, on exit = y
- @param y FP4 instance to be copied
- */
-extern void FP4_copy(FP4 *x,FP4 *y);
-/** @brief Set FP4 to zero
- *
- @param x FP4 instance to be set to zero
- */
-extern void FP4_zero(FP4 *x);
-/** @brief Set FP4 to unity
- *
- @param x FP4 instance to be set to one
- */
-extern void FP4_one(FP4 *x);
-/** @brief Negation of FP4
- *
- @param x FP4 instance, on exit = -y
- @param y FP4 instance
- */
-extern void FP4_neg(FP4 *x,FP4 *y);
-/** @brief Conjugation of FP4
- *
- If y=(a,b) on exit x=(a,-b)
- @param x FP4 instance, on exit = conj(y)
- @param y FP4 instance
- */
-extern void FP4_conj(FP4 *x,FP4 *y);
-/** @brief Negative conjugation of FP4
- *
- If y=(a,b) on exit x=(-a,b)
- @param x FP4 instance, on exit = -conj(y)
- @param y FP4 instance
- */
-extern void FP4_nconj(FP4 *x,FP4 *y);
-/** @brief addition of two FP4s
- *
- @param x FP4 instance, on exit = y+z
- @param y FP4 instance
- @param z FP4 instance
- */
-extern void FP4_add(FP4 *x,FP4 *y,FP4 *z);
-/** @brief subtraction of two FP4s
- *
- @param x FP4 instance, on exit = y-z
- @param y FP4 instance
- @param z FP4 instance
- */
-extern void FP4_sub(FP4 *x,FP4 *y,FP4 *z);
-/** @brief Multiplication of an FP4 by an FP2
- *
- @param x FP4 instance, on exit = y*a
- @param y FP4 instance
- @param a FP2 multiplier
- */
-extern void FP4_pmul(FP4 *x,FP4 *y,FP2 *a);
-/** @brief Multiplication of an FP4 by a small integer
- *
- @param x FP4 instance, on exit = y*i
- @param y FP4 instance
- @param i an integer
- */
-extern void FP4_imul(FP4 *x,FP4 *y,int i);
-/** @brief Squaring an FP4
- *
- @param x FP4 instance, on exit = y^2
- @param y FP4 instance
- */
-extern void FP4_sqr(FP4 *x,FP4 *y);
-/** @brief Multiplication of two FP4s
- *
- @param x FP4 instance, on exit = y*z
- @param y FP4 instance
- @param z FP4 instance
- */
-extern void FP4_mul(FP4 *x,FP4 *y,FP4 *z);
-/** @brief Inverting an FP4
- *
- @param x FP4 instance, on exit = 1/y
- @param y FP4 instance
- */
-extern void FP4_inv(FP4 *x,FP4 *y);
-/** @brief Formats and outputs an FP4 to the console
- *
- @param x FP4 instance to be printed
- */
-extern void FP4_output(FP4 *x);
-/** @brief Formats and outputs an FP4 to the console in raw form (for debugging)
- *
- @param x FP4 instance to be printed
- */
-extern void FP4_rawoutput(FP4 *x);
-/** @brief multiplies an FP4 instance by irreducible polynomial sqrt(1+sqrt(-1))
- *
- @param x FP4 instance, on exit = sqrt(1+sqrt(-1)*x
- */
-extern void FP4_times_i(FP4 *x);
-/** @brief Normalises the components of an FP4
- *
- @param x FP4 instance to be normalised
- */
-extern void FP4_norm(FP4 *x);
-/** @brief Reduces all components of possibly unreduced FP4 mod Modulus
- *
- @param x FP4 instance, on exit reduced mod Modulus
- */
-extern void FP4_reduce(FP4 *x);
-/** @brief Raises an FP4 to the power of a BIG
- *
- @param x FP4 instance, on exit = y^b
- @param y FP4 instance
- @param b BIG number
- */
-extern void FP4_pow(FP4 *x,FP4 *y,BIG b);
-/** @brief Raises an FP4 to the power of the internal modulus p, using the Frobenius
- *
- @param x FP4 instance, on exit = x^p
- @param f FP2 precalculated Frobenius constant
- */
-extern void FP4_frob(FP4 *x,FP2 *f);
-/** @brief Calculates the XTR addition function r=w*x-conj(x)*y+z
- *
- @param r FP4 instance, on exit = w*x-conj(x)*y+z
- @param w FP4 instance
- @param x FP4 instance
- @param y FP4 instance
- @param z FP4 instance
- */
-extern void FP4_xtr_A(FP4 *r,FP4 *w,FP4 *x,FP4 *y,FP4 *z);
-/** @brief Calculates the XTR doubling function r=x^2-2*conj(x)
- *
- @param r FP4 instance, on exit = x^2-2*conj(x)
- @param x FP4 instance
- */
-extern void FP4_xtr_D(FP4 *r,FP4 *x);
-/** @brief Calculates FP4 trace of an FP12 raised to the power of a BIG number
- *
- XTR single exponentiation
- @param r FP4 instance, on exit = trace(w^b)
- @param x FP4 instance, trace of an FP12 w
- @param b BIG number
- */
-extern void FP4_xtr_pow(FP4 *r,FP4 *x,BIG b);
-/** @brief Calculates FP4 trace of c^a.d^b, where c and d are derived from FP4 traces of FP12s
- *
- XTR double exponentiation
- Assumes c=tr(x^m), d=tr(x^n), e=tr(x^(m-n)), f=tr(x^(m-2n))
- @param r FP4 instance, on exit = trace(c^a.d^b)
- @param c FP4 instance, trace of an FP12
- @param d FP4 instance, trace of an FP12
- @param e FP4 instance, trace of an FP12
- @param f FP4 instance, trace of an FP12
- @param a BIG number
- @param b BIG number
- */
-extern void FP4_xtr_pow2(FP4 *r,FP4 *c,FP4 *d,FP4 *e,FP4 *f,BIG a,BIG b);
-
-
-
-/* FP12 prototypes */
-/** @brief Tests for FP12 equal to zero
- *
- @param x FP12 number to be tested
- @return 1 if zero, else returns 0
- */
-extern int FP12_iszilch(FP12 *x);
-/** @brief Tests for FP12 equal to unity
- *
- @param x FP12 number to be tested
- @return 1 if unity, else returns 0
- */
-extern int FP12_isunity(FP12 *x);
-/** @brief Copy FP12 to another FP12
- *
- @param x FP12 instance, on exit = y
- @param y FP12 instance to be copied
- */
-extern void FP12_copy(FP12 *x,FP12 *y);
-/** @brief Set FP12 to unity
- *
- @param x FP12 instance to be set to one
- */
-extern void FP12_one(FP12 *x);
-/** @brief Tests for equality of two FP12s
- *
- @param x FP12 instance to be compared
- @param y FP12 instance to be compared
- @return 1 if x=y, else returns 0
- */
-extern int FP12_equals(FP12 *x,FP12 *y);
-/** @brief Conjugation of FP12
- *
- If y=(a,b,c) (where a,b,c are its three FP4 components) on exit x=(conj(a),-conj(b),conj(c))
- @param x FP12 instance, on exit = conj(y)
- @param y FP12 instance
- */
-extern void FP12_conj(FP12 *x,FP12 *y);
-/** @brief Initialise FP12 from single FP4
- *
- Sets first FP4 component of an FP12, other components set to zero
- @param x FP12 instance to be initialised
- @param a FP4 to form first part of FP4
- */
-extern void FP12_from_FP4(FP12 *x,FP4 *a);
-/** @brief Initialise FP12 from three FP4s
- *
- @param x FP12 instance to be initialised
- @param a FP4 to form first part of FP12
- @param b FP4 to form second part of FP12
- @param c FP4 to form third part of FP12
- */
-extern void FP12_from_FP4s(FP12 *x,FP4 *a,FP4* b,FP4 *c);
-/** @brief Fast Squaring of an FP12 in "unitary" form
- *
- @param x FP12 instance, on exit = y^2
- @param y FP4 instance, must be unitary
- */
-extern void FP12_usqr(FP12 *x,FP12 *y);
-/** @brief Squaring an FP12
- *
- @param x FP12 instance, on exit = y^2
- @param y FP12 instance
- */
-extern void FP12_sqr(FP12 *x,FP12 *y);
-/** @brief Fast multiplication of an FP12 by an FP12 that arises from an ATE pairing line function
- *
- Here the multiplier has a special form that can be exploited
- @param x FP12 instance, on exit = x*y
- @param y FP12 instance, of special form
- */
-extern void FP12_smul(FP12 *x,FP12 *y);
-/** @brief Multiplication of two FP12s
- *
- @param x FP12 instance, on exit = x*y
- @param y FP12 instance, the multiplier
- */
-extern void FP12_mul(FP12 *x,FP12 *y);
-/** @brief Inverting an FP12
- *
- @param x FP12 instance, on exit = 1/y
- @param y FP12 instance
- */
-extern void FP12_inv(FP12 *x,FP12 *y);
-/** @brief Raises an FP12 to the power of a BIG
- *
- @param r FP12 instance, on exit = y^b
- @param x FP12 instance
- @param b BIG number
- */
-extern void FP12_pow(FP12 *r,FP12 *x,BIG b);
-/** @brief Raises an FP12 instance x to a small integer power, side-channel resistant
- *
- @param x ECP instance, on exit = x^i
- @param i small integer exponent
- @param b maximum number of bits in exponent
- */
-extern void FP12_pinpow(FP12 *x,int i,int b);
-/** @brief Calculate x[0]^b[0].x[1]^b[1].x[2]^b[2].x[3]^b[3], side-channel resistant
- *
- @param r ECP instance, on exit = x[0]^b[0].x[1]^b[1].x[2]^b[2].x[3]^b[3]
- @param x FP12 array with 4 FP12s
- @param b BIG array of 4 exponents
- */
-extern void FP12_pow4(FP12 *r,FP12 *x,BIG *b);
-/** @brief Raises an FP12 to the power of the internal modulus p, using the Frobenius
- *
- @param x FP12 instance, on exit = x^p
- @param f FP2 precalculated Frobenius constant
- */
-extern void FP12_frob(FP12 *x,FP2 *f);
-/** @brief Reduces all components of possibly unreduced FP12 mod Modulus
- *
- @param x FP12 instance, on exit reduced mod Modulus
- */
-extern void FP12_reduce(FP12 *x);
-/** @brief Normalises the components of an FP12
- *
- @param x FP12 instance to be normalised
- */
-extern void FP12_norm(FP12 *x);
-/** @brief Formats and outputs an FP12 to the console
- *
- @param x FP12 instance to be printed
- */
-extern void FP12_output(FP12 *x);
-/** @brief Formats and outputs an FP12 instance to an octet string
- *
- Serializes the components of an FP12 to big-endian base 256 form.
- @param S output octet string
- @param x FP12 instance to be converted to an octet string
- */
-extern void FP12_toOctet(octet *S,FP12 *x);
-/** @brief Creates an FP12 instance from an octet string
- *
- De-serializes the components of an FP12 to create an FP12 from big-endian base 256 components.
- @param x FP12 instance to be created from an octet string
- @param S input octet string
-
- */
-extern void FP12_fromOctet(FP12 *x,octet *S);
-/** @brief Calculate the trace of an FP12
- *
- @param t FP4 trace of x, on exit = tr(x)
- @param x FP12 instance
-
- */
-extern void FP12_trace(FP4 *t,FP12 *x);
-
-
-
-/* Pairing function prototypes */
-/** @brief Calculate Miller loop for Optimal ATE pairing e(P,Q)
- *
- @param r FP12 result of the pairing calculation e(P,Q)
- @param P ECP2 instance, an element of G2
- @param Q ECP instance, an element of G1
-
- */
-extern void PAIR_ate(FP12 *r,ECP2 *P,ECP *Q);
-/** @brief Calculate Miller loop for Optimal ATE double-pairing e(P,Q).e(R,S)
- *
- Faster than calculating two separate pairings
- @param r FP12 result of the pairing calculation e(P,Q).e(R,S), an element of GT
- @param P ECP2 instance, an element of G2
- @param Q ECP instance, an element of G1
- @param R ECP2 instance, an element of G2
- @param S ECP instance, an element of G1
- */
-extern void PAIR_double_ate(FP12 *r,ECP2 *P,ECP *Q,ECP2 *R,ECP *S);
-/** @brief Final exponentiation of pairing, converts output of Miller loop to element in GT
- *
- Here p is the internal modulus, and r is the group order
- @param x FP12, on exit = x^((p^12-1)/r)
- */
-extern void PAIR_fexp(FP12 *x);
-/** @brief Fast point multiplication of a member of the group G1 by a BIG number
- *
- May exploit endomorphism for speed.
- @param Q ECP member of G1.
- @param b BIG multiplier
-
- */
-extern void PAIR_G1mul(ECP *Q,BIG b);
-/** @brief Fast point multiplication of a member of the group G2 by a BIG number
- *
- May exploit endomorphism for speed.
- @param P ECP2 member of G1.
- @param b BIG multiplier
-
- */
-extern void PAIR_G2mul(ECP2 *P,BIG b);
-/** @brief Fast raising of a member of GT to a BIG power
- *
- May exploit endomorphism for speed.
- @param x FP12 member of GT.
- @param b BIG exponent
-
- */
-extern void PAIR_GTpow(FP12 *x,BIG b);
-/** @brief Tests FP12 for membership of GT
- *
- @param x FP12 instance
- @return 1 if x is in GT, else return 0
-
- */
-extern int PAIR_GTmember(FP12 *x);
-
-
-
-/* Finite Field Prototypes */
-/** @brief Copy one FF element of given length to another
- *
- @param x FF instance to be copied to, on exit = y
- @param y FF instance to be copied from
- @param n size of FF in BIGs
-
- */
-extern void FF_copy(BIG *x,BIG *y,int n);
-/** @brief Initialize an FF element of given length from a 32-bit integer m
- *
- @param x FF instance to be copied to, on exit = m
- @param m integer
- @param n size of FF in BIGs
- */
-extern void FF_init(BIG *x,sign32 m,int n);
-/** @brief Set FF element of given size to zero
- *
- @param x FF instance to be set to zero
- @param n size of FF in BIGs
- */
-extern void FF_zero(BIG *x,int n);
-/** @brief Tests for FF element equal to zero
- *
- @param x FF number to be tested
- @param n size of FF in BIGs
- @return 1 if zero, else returns 0
- */
-extern int FF_iszilch(BIG *x,int n);
-/** @brief return parity of an FF, that is the least significant bit
- *
- @param x FF number
- @return 0 or 1
- */
-extern int FF_parity(BIG *x);
-/** @brief return least significant m bits of an FF
- *
- @param x FF number
- @param m number of bits to return. Assumed to be less than BASEBITS.
- @return least significant n bits as an integer
- */
-extern int FF_lastbits(BIG *x,int m);
-/** @brief Set FF element of given size to unity
- *
- @param x FF instance to be set to unity
- @param n size of FF in BIGs
- */
-extern void FF_one(BIG *x,int n);
-/** @brief Compares two FF numbers. Inputs must be normalised externally
- *
- @param x first FF number to be compared
- @param y second FF number to be compared
- @param n size of FF in BIGs
- @return -1 is x<y, 0 if x=y, 1 if x>y
- */
-extern int FF_comp(BIG *x,BIG *y,int n);
-/** @brief addition of two FFs
- *
- @param x FF instance, on exit = y+z
- @param y FF instance
- @param z FF instance
- @param n size of FF in BIGs
- */
-extern void FF_add(BIG *x,BIG *y,BIG *z,int n);
-/** @brief subtraction of two FFs
- *
- @param x FF instance, on exit = y-z
- @param y FF instance
- @param z FF instance
- @param n size of FF in BIGs
- */
-extern void FF_sub(BIG *x,BIG *y,BIG *z,int n);
-/** @brief increment an FF by an integer,and normalise
- *
- @param x FF instance, on exit = x+m
- @param m an integer to be added to x
- @param n size of FF in BIGs
- */
-extern void FF_inc(BIG *x,int m,int n);
-/** @brief Decrement an FF by an integer,and normalise
- *
- @param x FF instance, on exit = x-m
- @param m an integer to be subtracted from x
- @param n size of FF in BIGs
- */
-extern void FF_dec(BIG *x,int m,int n);
-/** @brief Normalises the components of an FF
- *
- @param x FF instance to be normalised
- @param n size of FF in BIGs
- */
-extern void FF_norm(BIG *x,int n);
-/** @brief Shift left an FF by 1 bit
- *
- @param x FF instance to be shifted left
- @param n size of FF in BIGs
- */
-extern void FF_shl(BIG *x,int n);
-/** @brief Shift right an FF by 1 bit
- *
- @param x FF instance to be shifted right
- @param n size of FF in BIGs
- */
-extern void FF_shr(BIG *x,int n);
-/** @brief Formats and outputs an FF to the console
- *
- @param x FF instance to be printed
- @param n size of FF in BIGs
- */
-extern void FF_output(BIG *x,int n);
-/** @brief Formats and outputs an FF to the console, in raw form
- *
- @param x FF instance to be printed
- @param n size of FF in BIGs
- */
-extern void FF_rawoutput(BIG *x,int n);
-/** @brief Formats and outputs an FF instance to an octet string
- *
- Converts an FF to big-endian base 256 form.
- @param S output octet string
- @param x FF instance to be converted to an octet string
- @param n size of FF in BIGs
- */
-extern void FF_toOctet(octet *S,BIG *x,int n);
-/** @brief Populates an FF instance from an octet string
- *
- Creates FF from big-endian base 256 form.
- @param x FF instance to be created from an octet string
- @param S input octet string
- @param n size of FF in BIGs
- */
-extern void FF_fromOctet(BIG *x,octet *S,int n);
-/** @brief Multiplication of two FFs
- *
- Uses Karatsuba method internally
- @param x FF instance, on exit = y*z
- @param y FF instance
- @param z FF instance
- @param n size of FF in BIGs
- */
-extern void FF_mul(BIG *x,BIG *y,BIG *z,int n);
-/** @brief Reduce FF mod a modulus
- *
- This is slow
- @param x FF instance to be reduced mod m - on exit = x mod m
- @param m FF modulus
- @param n size of FF in BIGs
- */
-extern void FF_mod(BIG *x,BIG *m,int n);
-/** @brief Square an FF
- *
- Uses Karatsuba method internally
- @param x FF instance, on exit = y^2
- @param y FF instance to be squared
- @param n size of FF in BIGs
- */
-extern void FF_sqr(BIG *x,BIG *y,int n);
-/** @brief Reduces a double-length FF with respect to a given modulus
- *
- This is slow
- @param x FF instance, on exit = y mod z
- @param y FF instance, of double length 2*n
- @param z FF modulus
- @param n size of FF in BIGs
- */
-extern void FF_dmod(BIG *x,BIG *y,BIG *z,int n);
-/** @brief Invert an FF mod a prime modulus
- *
- @param x FF instance, on exit = 1/y mod z
- @param y FF instance
- @param z FF prime modulus
- @param n size of FF in BIGs
- */
-extern void FF_invmodp(BIG *x,BIG *y,BIG *z,int n);
-/** @brief Create an FF from a random number generator
- *
- @param x FF instance, on exit x is a random number of length n BIGs with most significant bit a 1
- @param R an instance of a Cryptographically Secure Random Number Generator
- @param n size of FF in BIGs
- */
-extern void FF_random(BIG *x,csprng *R,int n);
-/** @brief Create a random FF less than a given modulus from a random number generator
- *
- @param x FF instance, on exit x is a random number < y
- @param y FF instance, the modulus
- @param R an instance of a Cryptographically Secure Random Number Generator
- @param n size of FF in BIGs
- */
-extern void FF_randomnum(BIG *x,BIG *y,csprng *R,int n);
-/** @brief Calculate r=x^e mod m, side channel resistant
- *
- @param r FF instance, on exit = x^e mod p
- @param x FF instance
- @param e FF exponent
- @param m FF modulus
- @param n size of FF in BIGs
- */
-extern void FF_skpow(BIG *r,BIG *x,BIG * e,BIG *m,int n);
-/** @brief Calculate r=x^e mod m, side channel resistant
- *
- For short BIG exponent
- @param r FF instance, on exit = x^e mod p
- @param x FF instance
- @param e BIG exponent
- @param m FF modulus
- @param n size of FF in BIGs
- */
-extern void FF_skspow(BIG *r,BIG *x,BIG e,BIG *m,int n);
-/** @brief Calculate r=x^e mod m
- *
- For very short integer exponent
- @param r FF instance, on exit = x^e mod p
- @param x FF instance
- @param e integer exponent
- @param m FF modulus
- @param n size of FF in BIGs
- */
-extern void FF_power(BIG *r,BIG *x,int e,BIG *m,int n);
-/** @brief Calculate r=x^e mod m
- *
- @param r FF instance, on exit = x^e mod p
- @param x FF instance
- @param e FF exponent
- @param m FF modulus
- @param n size of FF in BIGs
- */
-extern void FF_pow(BIG *r,BIG *x,BIG *e,BIG *m,int n);
-/** @brief Test if an FF has factor in common with integer s
- *
- @param x FF instance to be tested
- @param s the supplied integer
- @param n size of FF in BIGs
- @return 1 if gcd(x,s)!=1, else return 0
- */
-extern int FF_cfactor(BIG *x,sign32 s,int n);
-/** @brief Test if an FF is prime
- *
- Uses Miller-Rabin Method
- @param x FF instance to be tested
- @param R an instance of a Cryptographically Secure Random Number Generator
- @param n size of FF in BIGs
- @return 1 if x is (almost certainly) prime, else return 0
- */
-extern int FF_prime(BIG *x,csprng *R,int n);
-/** @brief Calculate r=x^e.y^f mod m
- *
- @param r FF instance, on exit = x^e.y^f mod p
- @param x FF instance
- @param e BIG exponent
- @param y FF instance
- @param f BIG exponent
- @param m FF modulus
- @param n size of FF in BIGs
- */
-extern void FF_pow2(BIG *r,BIG *x,BIG e,BIG *y,BIG f,BIG *m,int n);
-
-
-/* Octet string handlers */
-/** @brief Formats and outputs an octet to the console in hex
- *
- @param O Octet to be output
- */
-extern void OCT_output(octet *O);
-/** @brief Formats and outputs an octet to the console as a character string
- *
- @param O Octet to be output
- */
-extern void OCT_output_string(octet *O);
-/** @brief Wipe clean an octet
- *
- @param O Octet to be cleaned
- */
-extern void OCT_clear(octet *O);
-/** @brief Compare two octets
- *
- @param O first Octet to be compared
- @param P second Octet to be compared
- @return 1 if equal, else 0
- */
-extern int OCT_comp(octet *O,octet *P);
-/** @brief Compare first n bytes of two octets
- *
- @param O first Octet to be compared
- @param P second Octet to be compared
- @param n number of bytes to compare
- @return 1 if equal, else 0
- */
-extern int OCT_ncomp(octet *O,octet *P,int n);
-/** @brief Join from a C string to end of an octet
- *
- Truncates if there is no room
- @param O Octet to be written to
- @param s zero terminated string to be joined to octet
- */
-extern void OCT_jstring(octet *O,char *s);
-/** @brief Join bytes to end of an octet
- *
- Truncates if there is no room
- @param O Octet to be written to
- @param s bytes to be joined to end of octet
- @param n number of bytes to join
- */
-extern void OCT_jbytes(octet *O,char *s,int n);
-/** @brief Join single byte to end of an octet, repeated n times
- *
- Truncates if there is no room
- @param O Octet to be written to
- @param b byte to be joined to end of octet
- @param n number of times b is to be joined
- */
-extern void OCT_jbyte(octet *O,int b,int n);
-/** @brief Join one octet to the end of another
- *
- Truncates if there is no room
- @param O Octet to be written to
- @param P Octet to be joined to the end of O
- */
-extern void OCT_joctet(octet *O,octet *P);
-/** @brief XOR common bytes of a pair of Octets
- *
- @param O Octet - on exit = O xor P
- @param P Octet to be xored into O
- */
-extern void OCT_xor(octet *O,octet *P);
-/** @brief reset Octet to zero length
- *
- @param O Octet to be emptied
- */
-extern void OCT_empty(octet *O);
-/** @brief Pad out an Octet to the given length
- *
- Padding is done by inserting leading zeros, so abcd becomes 00abcd
- @param O Octet to be padded
- @param n new length of Octet
- */
-extern int OCT_pad(octet *O,int n);
-/** @brief Convert an Octet to printable base64 number
- *
- @param b zero terminated byte array to take base64 conversion
- @param O Octet to be converted
- */
-extern void OCT_tobase64(char *b,octet *O);
-/** @brief Populate an Octet from base64 number
- *
- @param O Octet to be populated
- @param b zero terminated base64 string
-
- */
-extern void OCT_frombase64(octet *O,char *b);
-/** @brief Copy one Octet into another
- *
- @param O Octet to be copied to
- @param P Octet to be copied from
-
- */
-extern void OCT_copy(octet *O,octet *P);
-/** @brief XOR every byte of an octet with input m
- *
- @param O Octet
- @param m byte to be XORed with every byte of O
-
- */
-extern void OCT_xorbyte(octet *O,int m);
-/** @brief Chops Octet into two, leaving first n bytes in O, moving the rest to P
- *
- @param O Octet to be chopped
- @param P new Octet to be created
- @param n number of bytes to chop off O
-
- */
-extern void OCT_chop(octet *O,octet *P,int n);
-/** @brief Join n bytes of integer m to end of Octet O (big endian)
- *
- Typically n is 4 for a 32-bit integer
- @param O Octet to be appended to
- @param m integer to be appended to O
- @param n number of bytes in m
-
- */
-extern void OCT_jint(octet *O,int m,int n);
-/** @brief Create an Octet from bytes taken from a random number generator
- *
- Truncates if there is no room
- @param O Octet to be populated
- @param R an instance of a Cryptographically Secure Random Number Generator
- @param n number of bytes to extracted from R
-
- */
-extern void OCT_rand(octet *O,csprng *R,int n);
-/** @brief Shifts Octet left by n bytes
- *
- Leftmost bytes disappear
- @param O Octet to be shifted
- @param n number of bytes to shift
-
- */
-extern void OCT_shl(octet *O,int n);
-/** @brief Convert a hex number to an Octet
- *
- @param dst Octet
- @param src Hex string to be converted
- */
-extern void OCT_fromHex(octet *dst,char *src);
-/** @brief Convert an Octet to printable hex number
- *
- @param dst hex value
- @param src Octet to be converted
- */
-extern void OCT_toHex(octet *src,char *dst);
-/** @brief Convert an Octet to string
- *
- @param dst string value
- @param src Octet to be converted
- */
-extern void OCT_toStr(octet *src,char *dst);
-
-
-
-/* Hash function */
-/** @brief Initialise an instance of SHA256
- *
- @param H an instance SHA256
- */
-extern void HASH256_init(hash256 *H);
-/** @brief Add a byte to the hash
- *
- @param H an instance SHA256
- @param b byte to be included in hash
- */
-extern void HASH256_process(hash256 *H,int b);
-/** @brief Generate 32-byte hash
- *
- @param H an instance SHA256
- @param h is the output 32-byte hash
- */
-extern void HASH256_hash(hash256 *H,char *h);
-
-
-/** @brief Initialise an instance of SHA384
- *
- @param H an instance SHA384
- */
-extern void HASH384_init(hash384 *H);
-/** @brief Add a byte to the hash
- *
- @param H an instance SHA384
- @param b byte to be included in hash
- */
-extern void HASH384_process(hash384 *H,int b);
-/** @brief Generate 48-byte hash
- *
- @param H an instance SHA384
- @param h is the output 48-byte hash
- */
-extern void HASH384_hash(hash384 *H,char *h);
-
-
-/** @brief Initialise an instance of SHA512
- *
- @param H an instance SHA512
- */
-extern void HASH512_init(hash512 *H);
-/** @brief Add a byte to the hash
- *
- @param H an instance SHA512
- @param b byte to be included in hash
- */
-extern void HASH512_process(hash512 *H,int b);
-/** @brief Generate 64-byte hash
- *
- @param H an instance SHA512
- @param h is the output 64-byte hash
- */
-extern void HASH512_hash(hash512 *H,char *h);
-
-
-/* AES functions */
-/** @brief Reset AES mode or IV
- *
- @param A an instance of the AMCL_AES
- @param m is the new active mode of operation (ECB, CBC, OFB, CFB etc)
- @param iv the new Initialisation Vector
- */
-extern void AES_reset(amcl_aes *A,int m,char *iv);
-/** @brief Extract chaining vector from AMCL_AES instance
- *
- @param A an instance of the AMCL_AES
- @param f the extracted chaining vector
- */
-extern void AES_getreg(amcl_aes *A,char * f);
-/** @brief Initialise an instance of AMCL_AES and its mode of operation
- *
- @param A an instance AMCL_AES
- @param m is the active mode of operation (ECB, CBC, OFB, CFB etc)
- @param n is the key length in bytes, 16, 24 or 32
- @param k the AES key as an array of 16 bytes
- @param iv the Initialisation Vector
- @return 0 for invalid n
- */
-extern int AES_init(amcl_aes *A,int m,int n,char *k,char *iv);
-/** @brief Encrypt a single 16 byte block in ECB mode
- *
- @param A an instance of the AMCL_AES
- @param b is an array of 16 plaintext bytes, on exit becomes ciphertext
- */
-extern void AES_ecb_encrypt(amcl_aes *A,uchar * b);
-/** @brief Decrypt a single 16 byte block in ECB mode
- *
- @param A an instance of the AMCL_AES
- @param b is an array of 16 cipherext bytes, on exit becomes plaintext
- */
-extern void AES_ecb_decrypt(amcl_aes *A,uchar * b);
-/** @brief Encrypt a single 16 byte block in active mode
- *
- @param A an instance of the AMCL_AES
- @param b is an array o
<TRUNCATED>
[25/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/src/rom32.rs
----------------------------------------------------------------------
diff --git a/version22/rust/src/rom32.rs b/version22/rust/src/rom32.rs
deleted file mode 100644
index 72f5e00..0000000
--- a/version22/rust/src/rom32.rs
+++ /dev/null
@@ -1,349 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-pub type Chunk=i32;
-pub type DChunk=i64;
-pub const CHUNK:usize=32;
-
-pub const NOT_SPECIAL:usize =0;
-pub const PSEUDO_MERSENNE:usize=1;
-pub const MONTGOMERY_FRIENDLY:usize=2;
-pub const GENERALISED_MERSENNE:usize=3;
-pub const WEIERSTRASS:usize=0;
-pub const EDWARDS:usize=1;
-pub const MONTGOMERY:usize=2;
-pub const BN_CURVE: usize=0;
-pub const BLS_CURVE: usize=1;
-
-
-// Curve 25519
-#[cfg(feature = "Ed25519")]
-pub const MODBITS: usize = 255;
-#[cfg(feature = "Ed25519")]
-pub const MOD8: usize = 5;
-#[cfg(feature = "Ed25519")]
-pub const BASEBITS: usize = 29;
-#[cfg(feature = "Ed25519")]
-pub const AES_S: usize=0;
-
-// GOLDILOCKS
-#[cfg(feature = "GOLDILOCKS")]
-pub const MODBITS: usize=448;
-#[cfg(feature = "GOLDILOCKS")]
-pub const MOD8: usize=7;
-#[cfg(feature = "GOLDILOCKS")]
-pub const BASEBITS: usize=29;
-#[cfg(feature = "GOLDILOCKS")]
-pub const AES_S: usize= 0;
-
-
-// BN254 Curve
-#[cfg(feature = "BN254")]
-pub const MODBITS:usize = 254; /* Number of bits in Modulus */
-#[cfg(feature = "BN254")]
-pub const MOD8:usize = 3; /* Modulus mod 8 */
-#[cfg(feature = "BN254")]
-pub const BASEBITS:usize = 29;
-#[cfg(feature = "BN254")]
-pub const AES_S:usize=0;
-
-// BLS383 Curve
-#[cfg(feature = "BLS383")]
-pub const MODBITS:usize = 383; /* Number of bits in Modulus */
-#[cfg(feature = "BLS383")]
-pub const MOD8: usize = 3; /* Modulus mod 8 */
-#[cfg(feature = "BLS383")]
-pub const BASEBITS:usize = 28;
-#[cfg(feature = "BLS383")]
-pub const AES_S: usize= 0;
-
-// BLS455 Curve
-#[cfg(feature = "BLS455")]
-pub const MODBITS:usize = 455; /* Number of bits in Modulus */
-#[cfg(feature = "BLS455")]
-pub const MOD8: usize = 3; /* Modulus mod 8 */
-#[cfg(feature = "BLS455")]
-pub const BASEBITS:usize = 29;
-#[cfg(feature = "BLS455")]
-pub const AES_S: usize= 128;
-
-//---------------
-
-/* RSA/DH modulus length as multiple of BIGBITS */
-pub const FFLEN:usize=4;
-
-pub const NLEN: usize = (1+((MODBITS-1)/BASEBITS));
-pub const BIG_HEX_STRING_LEN:usize = NLEN * 16 + NLEN - 1;
-pub const DNLEN: usize = 2*NLEN;
-pub const BMASK: Chunk= ((1<<BASEBITS)-1);
-pub const MODBYTES: usize = 1+(MODBITS-1)/8;
-pub const NEXCESS:isize = (1<<((CHUNK)-BASEBITS-1));
-pub const FEXCESS:Chunk = ((1 as Chunk)<<(BASEBITS*(NLEN)-MODBITS));
-pub const OMASK:Chunk = (-1)<<(MODBITS%BASEBITS);
-pub const TBITS:usize=MODBITS%BASEBITS; // Number of active bits in top word
-pub const TMASK:Chunk=(1<<TBITS)-1;
-pub const BIGBITS:usize = (MODBYTES*8);
-pub const HBITS: usize=(BASEBITS/2);
-pub const HMASK: Chunk= ((1<<HBITS)-1);
-
-/* Finite field support - for RSA, DH etc. */
-pub const FF_BITS:usize=(BIGBITS*FFLEN); /* Finite Field Size in bits - must be 256.2^n */
-pub const HFLEN:usize=(FFLEN/2); /* Useful for half-size RSA private key operations */
-
-pub const P_MBITS:usize=(MODBYTES as usize)*8;
-pub const P_MB: usize=(P_MBITS%BASEBITS);
-pub const P_OMASK:Chunk=((-1)<<(P_MBITS%BASEBITS));
-pub const P_FEXCESS: Chunk=(1<<(BASEBITS*NLEN-P_MBITS));
-pub const P_TBITS: usize=(P_MBITS%BASEBITS);
-
-
-// Curve25519 Modulus
-#[cfg(feature = "Ed25519")]
-pub const MODTYPE:usize=PSEUDO_MERSENNE;
-#[cfg(feature = "Ed25519")]
-pub const MODULUS:[Chunk;NLEN]=[0x1FFFFFED,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFFF];
-#[cfg(feature = "Ed25519")]
-pub const MCONST:Chunk=19;
-
-//GOLDILOCKS
-#[cfg(feature = "GOLDILOCKS")]
-pub const MODTYPE: usize=GENERALISED_MERSENNE;
-#[cfg(feature = "GOLDILOCKS")]
-pub const MODULUS:[Chunk;NLEN]=[0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FDFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFF];
-#[cfg(feature = "GOLDILOCKS")]
-pub const MCONST: Chunk=0x1;
-
-
-// BN254 Curve Modulus
-#[cfg(feature = "BN254")]
-pub const MODTYPE:usize = NOT_SPECIAL;
-#[cfg(feature = "BN254")]
-pub const MODULUS:[Chunk;NLEN] = [0x13,0x18000000,0x4E9,0x2000000,0x8612,0x6C00000,0x6E8D1,0x10480000,0x252364];
-#[cfg(feature = "BN254")]
-pub const MCONST:Chunk=0x179435E5;
-
-// BLS383 Curve
-#[cfg(feature = "BLS383")]
-pub const MODTYPE:usize = NOT_SPECIAL;
-#[cfg(feature = "BLS383")]
-pub const MODULUS:[Chunk;NLEN] = [0xAAD556B,0xACAAB52,0x5F75D7A,0x1BB0147,0xD5D7520,0xCF73083,0xF99EB16,0x531820,0xA68EA32,0x2C01355,0x552A785,0x5C6105C,0x80A9F7,0x7AC52];
-#[cfg(feature = "BLS383")]
-pub const MCONST:Chunk=0x123D0BD;
-
-// BLS455 Curve
-#[cfg(feature = "BLS455")]
-pub const MODTYPE:usize = NOT_SPECIAL;
-#[cfg(feature = "BLS455")]
-pub const MODULUS:[Chunk;NLEN] = [0x2AB,0x1500000C,0xAAA55AA,0xB12AAD6,0x6D1BA6C,0xCCA5674,0x12E2CF6E,0xA9F9662,0x34BD939,0x12D8EAB1,0xFD9978E,0x9240600,0xE0F95B,0xAAB9550,0x55555E5,0xAAAAB];
-#[cfg(feature = "BLS455")]
-pub const MCONST:Chunk=0x1F4017FD;
-
-
-// Ed25519 Curve
-#[cfg(feature = "Ed25519")]
-pub const CURVETYPE:usize=EDWARDS;
-#[cfg(feature = "Ed25519")]
-pub const CURVE_A:isize = -1;
-#[cfg(feature = "Ed25519")]
-pub const CURVE_B:[Chunk;NLEN]=[0x135978A3,0xF5A6E50,0x10762ADD,0x149A82,0x1E898007,0x3CBBBC,0x19CE331D,0x1DC56DFF,0x52036C];
-#[cfg(feature = "Ed25519")]
-pub const CURVE_ORDER:[Chunk;NLEN]=[0x1CF5D3ED,0x9318D2,0x1DE73596,0x1DF3BD45,0x14D,0x0,0x0,0x0,0x100000];
-#[cfg(feature = "Ed25519")]
-pub const CURVE_GX:[Chunk;NLEN]=[0xF25D51A,0xAB16B04,0x969ECB2,0x198EC12A,0xDC5C692,0x1118FEEB,0xFFB0293,0x1A79ADCA,0x216936];
-#[cfg(feature = "Ed25519")]
-pub const CURVE_GY:[Chunk;NLEN]=[0x6666658,0x13333333,0x19999999,0xCCCCCCC,0x6666666,0x13333333,0x19999999,0xCCCCCCC,0x666666];
-
-// GOLDILOCKS
-#[cfg(feature = "GOLDILOCKS")]
-pub const CURVETYPE: usize=EDWARDS;
-#[cfg(feature = "GOLDILOCKS")]
-pub const CURVE_A: isize=1;
-#[cfg(feature = "GOLDILOCKS")]
-pub const CURVE_ORDER:[Chunk;NLEN]=[0xB5844F3,0x1BC61495,0x1163D548,0x1984E51B,0x3690216,0xDA4D76B,0xFA7113B,0x1FEF9944,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FF];
-#[cfg(feature = "GOLDILOCKS")]
-pub const CURVE_B:[Chunk;NLEN]=[0x1FFF6756,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FDFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFF];
-#[cfg(feature = "GOLDILOCKS")]
-pub const CURVE_GX:[Chunk;NLEN]=[0x15555555,0xAAAAAAA,0x15555555,0xAAAAAAA,0x15555555,0xAAAAAAA,0x15555555,0x152AAAAA,0xAAAAAAA,0x15555555,0xAAAAAAA,0x15555555,0xAAAAAAA,0x15555555,0xAAAAAAA,0x1555];
-#[cfg(feature = "GOLDILOCKS")]
-pub const CURVE_GY:[Chunk;NLEN]=[0xA9386ED,0x1757DE6F,0x13681AF6,0x19657DA3,0x3098BBB,0x12C19D15,0x12E03595,0xE515B18,0x17B7E36D,0x1AC426E,0xDBB5E8,0x10D8560,0x159D6205,0xB8246D9,0x17A58D2B,0x15C0];
-
-// BN254 Curve
-#[cfg(feature = "BN254")]
-pub const CURVETYPE:usize = WEIERSTRASS;
-#[cfg(feature = "BN254")]
-pub const CURVE_PAIRING_TYPE:usize = BN_CURVE;
-#[cfg(feature = "BN254")]
-pub const CURVE_A:isize = 0;
-#[cfg(feature = "BN254")]
-pub const CURVE_B:[Chunk;NLEN]=[0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0];
-#[cfg(feature = "BN254")]
-pub const CURVE_ORDER:[Chunk;NLEN]=[0xD,0x8000000,0x428,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364];
-#[cfg(feature = "BN254")]
-pub const CURVE_GX:[Chunk;NLEN]=[0x12,0x18000000,0x4E9,0x2000000,0x8612,0x6C00000,0x6E8D1,0x10480000,0x252364];
-#[cfg(feature = "BN254")]
-pub const CURVE_GY:[Chunk;NLEN]=[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0];
-
-#[cfg(feature = "BN254")]
-pub const CURVE_FRA:[Chunk;NLEN]=[0xF2A6DE9,0xBEF3603,0xFDDF0B8,0x12E9249A,0x953F850,0xDA85423,0x1232D926,0x32425CF,0x1B3776];
-#[cfg(feature = "BN254")]
-pub const CURVE_FRB:[Chunk;NLEN]=[0x10D5922A,0xC10C9FC,0x10221431,0xF16DB65,0x16AC8DC1,0x1917ABDC,0xDD40FAA,0xD23DA30,0x9EBEE];
-#[cfg(feature = "BN254")]
-pub const CURVE_PXA:[Chunk;NLEN]=[0x803FB2B,0xF721126,0x62FC364,0x9177691,0x1EDB6A46,0x63F4630,0x18BFAE36,0x176A33D6,0x61A10];
-#[cfg(feature = "BN254")]
-pub const CURVE_PXB:[Chunk;NLEN]=[0x7D54CF3,0xC61A60F,0xDE12DC3,0x1AE8D75C,0xAA5B1F4,0x13C62CC1,0xCCC42A,0x1F374E6F,0x516AA];
-#[cfg(feature = "BN254")]
-pub const CURVE_PYA:[Chunk;NLEN]=[0x11CD2B9A,0xF8703C4,0xF826F46,0x1A15CD7B,0x822329B,0x104B34C6,0xD0E6A43,0x140D75F2,0x21897];
-#[cfg(feature = "BN254")]
-pub const CURVE_PYB:[Chunk;NLEN]=[0xB3ACE9B,0x1168D763,0xE7255E2,0xDFFAE,0x18D37B09,0x22B7AF9,0x149A3DB5,0x1CF9162,0xEBB2B];
-#[cfg(feature = "BN254")]
-pub const CURVE_BNX:[Chunk;NLEN]=[0x1,0x4000000,0x10,0x0,0x0,0x0,0x0,0x0,0x0];
-#[cfg(feature = "BN254")]
-pub const CURVE_COF:[Chunk;NLEN]=[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0];
-#[cfg(feature = "BN254")]
-pub const CURVE_CRU:[Chunk;NLEN]=[0x7,0xC000000,0x1B3,0x12000000,0x2490,0x11200000,0x126CD,0x0,0x0];
-#[cfg(feature = "BN254")]
-pub const CURVE_W:[[Chunk;NLEN];2]=[[0x3,0x0,0x81,0x3000000,0x618,0x0,0x0,0x0,0x0],[0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0]];
-#[cfg(feature = "BN254")]
-pub const CURVE_SB:[[[Chunk;NLEN];2];2]=[[[0x4,0x8000000,0xA1,0x3000000,0x618,0x0,0x0,0x0,0x0],[0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0],[0xA,0x8000000,0x3A7,0x1C000000,0x79E1,0x6C00000,0x6E8D1,0x10480000,0x252364]]];
-#[cfg(feature = "BN254")]
-pub const CURVE_WB:[[Chunk;NLEN];4]=[[0x0,0x4000000,0x10,0x1000000,0x208,0x0,0x0,0x0,0x0],[0x5,0x14000000,0x152,0xE000000,0x1C70,0xC00000,0xC489,0x0,0x0],[0x3,0xC000000,0xB1,0x7000000,0xE38,0x10600000,0x6244,0x0,0x0],[0x1,0xC000000,0x30,0x1000000,0x208,0x0,0x0,0x0,0x0]];
-#[cfg(feature = "BN254")]
-pub const CURVE_BB:[[[Chunk;NLEN];4];4]=[[[0xD,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364],[0xC,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364],[0xC,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364],[0x2,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0],[0xC,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364],[0xD,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364],[0xC,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364]],[[0x2,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x2,0x4000000,0x10,0x0,0x0,0x0,0x0,0x0,0x0],[0x2,0x10000000,0x40,0x0,0x0,0x0,0x0,0x0,0x0],[0xA,0x0,0x408,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364],[0x2,0x4000000,0x10,0x0,0x0,0x0,0x0,0x0,0x0]]];
-
-#[cfg(feature = "BN254")]
-pub const USE_GLV:bool = true;
-#[cfg(feature = "BN254")]
-pub const USE_GS_G2:bool = true;
-#[cfg(feature = "BN254")]
-pub const USE_GS_GT:bool = true;
-#[cfg(feature = "BN254")]
-pub const GT_STRONG:bool = false;
-
-
-
-// BLS383 Curve
-#[cfg(feature = "BLS383")]
-pub const CURVETYPE:usize = WEIERSTRASS;
-#[cfg(feature = "BLS383")]
-pub const CURVE_PAIRING_TYPE:usize = BLS_CURVE;
-#[cfg(feature = "BLS383")]
-pub const CURVE_A:isize = 0;
-
-#[cfg(feature = "BLS383")]
-pub const CURVE_ORDER:[Chunk;NLEN]=[0xFFF001,0xFFF8000,0xFE7800,0xBFDE007,0xC5EDF1C,0x3000049,0x910007A,0xC40007F,0x641004C,0x14,0x0,0x0,0x0,0x0];
-#[cfg(feature = "BLS383")]
-pub const CURVE_B:[Chunk;NLEN]=[0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0];
-#[cfg(feature = "BLS383")]
-pub const CURVE_COF:[Chunk;NLEN]=[0x52B,0x2A00,0xAAB2CA0,0x5560AAA,0x6055,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0];
-#[cfg(feature = "BLS383")]
-pub const CURVE_GX:[Chunk;NLEN]=[0xD10786B,0xD59B348,0x3F54AD0,0x3477C0E,0x4578B9B,0xBF25B73,0x7BB6F65,0x4F6AC00,0xFF57E9C,0xEFD5830,0xFB6EC02,0xADB9F88,0xEE4BC98,0xB08C];
-#[cfg(feature = "BLS383")]
-pub const CURVE_GY:[Chunk;NLEN]=[0xD145DDB,0x5DA023,0x5FEF7CC,0x13F518C,0x2B2A66F,0x56EC346,0xC7A925F,0x96F3019,0x981223E,0x9061047,0x8F5BE59,0x4810AD,0x9337671,0x1F390];
-
-#[cfg(feature = "BLS383")]
-pub const CURVE_BNX:[Chunk;NLEN]=[0x40,0x100,0x110,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0];
-#[cfg(feature = "BLS383")]
-pub const CURVE_CRU:[Chunk;NLEN]=[0xDA155A9,0xA3AAC4E,0x61E5E3D,0xDF2FE87,0xE632625,0xBCDFAAD,0xD3035A6,0x5123128,0xBEAD683,0xDBF3A2B,0x424190,0x5C5FAB2,0x80A9F7,0x7AC52];
-#[cfg(feature = "BLS383")]
-pub const CURVE_FRA:[Chunk;NLEN]=[0x2B4508B,0x2BA59A9,0x6EEF343,0x63DB7A0,0x1DFBC74,0x40341CB,0x32D55D3,0x1639E9D,0x5CC36D4,0xB19B3F0,0xD86AB98,0xF323EE4,0xB198672,0x5A5F];
-#[cfg(feature = "BLS383")]
-pub const CURVE_FRB:[Chunk;NLEN]=[0x7F904E0,0x81051A9,0xF086A37,0xB7D49A6,0xB7DB8AB,0x8F3EEB8,0xC6C9543,0xEEF7983,0x49CB35D,0x7A65F65,0x7CBFBEC,0x693D177,0x5672384,0x751F2];
-#[cfg(feature = "BLS383")]
-pub const CURVE_PXA:[Chunk;NLEN]=[0xBAC9472,0x6059885,0xE2DC36D,0x7C4D31D,0x8C88A7,0xBDC90C3,0x1C688FC,0x29F0197,0xC43F167,0x3693539,0x61EB8BF,0xD81E5A5,0x22B56BF,0x4D507];
-#[cfg(feature = "BLS383")]
-pub const CURVE_PXB:[Chunk;NLEN]=[0x272AB23,0x9B4BD7A,0xF44DCE8,0x7AF19D4,0x3206A34,0x3F6F7B9,0x2A819FB,0x571DD3E,0x635D7EE,0x3A2BA3B,0xC1A126,0xAC28C78,0x17C3E5B,0xEE36];
-#[cfg(feature = "BLS383")]
-pub const CURVE_PYA:[Chunk;NLEN]=[0x77BD4FD,0x81D2309,0xDFDFC6,0xB66072,0xC89A0C,0x41FC959,0x878287A,0x2E1FBCF,0x14EEE65,0x11C230,0x6BB325E,0x2887881,0x859A05C,0x8F40];
-#[cfg(feature = "BLS383")]
-pub const CURVE_PYB:[Chunk;NLEN]=[0x52C4CE6,0xA5E20A2,0xAFF40C8,0x5907A74,0x2448EF3,0x41760A4,0xFDA199,0xFFEF82B,0x8D4EA49,0xA0F29A1,0x6E4997B,0xAC7F7B8,0xBA88C12,0x1DCAB];
-
-#[cfg(feature = "BLS383")]
-pub const CURVE_W:[[Chunk;0];2]=[[],[]];
-#[cfg(feature = "BLS383")]
-pub const CURVE_SB:[[[Chunk;0];2];2]=[[[],[]],[[],[]]];
-#[cfg(feature = "BLS383")]
-pub const CURVE_WB:[[Chunk;0];4]=[[],[],[],[]];
-#[cfg(feature = "BLS383")]
-pub const CURVE_BB:[[[Chunk;0];4];4]=[[[],[],[],[]],[[],[],[],[]],[[],[],[],[]],[[],[],[],[]]];
-
-
-#[cfg(feature = "BLS383")]
-pub const USE_GLV:bool = true;
-#[cfg(feature = "BLS383")]
-pub const USE_GS_G2:bool = true;
-#[cfg(feature = "BLS383")]
-pub const USE_GS_GT:bool = true;
-#[cfg(feature = "BLS383")]
-pub const GT_STRONG:bool = false;
-
-// BLS455 Curve
-#[cfg(feature = "BLS455")]
-pub const CURVETYPE:usize = WEIERSTRASS;
-#[cfg(feature = "BLS455")]
-pub const CURVE_PAIRING_TYPE:usize = BLS_CURVE;
-#[cfg(feature = "BLS455")]
-pub const CURVE_A:isize = 0;
-
-#[cfg(feature = "BLS455")]
-pub const CURVE_ORDER:[Chunk;NLEN]=[0x1FC00001,0x3FFF,0x10000070,0x1400000,0x1D100,0xF0003A8,0x13C0009,0x1E200,0x180002E0,0x400001,0x4000,0x0,0x0,0x0,0x0,0x0];
-#[cfg(feature = "BLS455")]
-pub const CURVE_B:[Chunk;NLEN]=[0xA,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0];
-#[cfg(feature = "BLS455")]
-pub const CURVE_COF:[Chunk;NLEN]=[0xABFFAAB,0x14AABFFD,0xD52AADA,0x1562AAAB,0x15556AAA,0x2A,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0];
-#[cfg(feature = "BLS455")]
-pub const CURVE_GX:[Chunk;NLEN]=[0x1DFCEDD1,0x16A62EEF,0xE80D3ED,0xB8DE876,0x179C7253,0x182DAB52,0x46CC85F,0x1E571D9C,0x1E8392B1,0x1A155867,0x19E6527C,0x23DC64E,0xABEDA59,0xF20662B,0x17CECC01,0x310A];
-#[cfg(feature = "BLS455")]
-pub const CURVE_GY:[Chunk;NLEN]=[0x6619B9B,0x27EBCD,0x1BE80A19,0x13B014BA,0x191A4936,0x13911916,0x107A5A3B,0x1DCB0863,0x1F5FB1,0xDE44A9C,0x18E23B2A,0x1FA81FD3,0xB0D6DFA,0xC2FE1EF,0xDDFA7E2,0x3351B];
-
-#[cfg(feature = "BLS455")]
-pub const CURVE_BNX:[Chunk;NLEN]=[0x800,0x1000004,0x40000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0];
-#[cfg(feature = "BLS455")]
-pub const CURVE_CRU:[Chunk;NLEN]=[0xAA9,0x9017FE0,0x128DD8AA,0x1F4A321E,0x148FEC90,0x195CDEEA,0xE961AA2,0x168D3B66,0xAFD99D7,0xB989AA6,0x1F9A5724,0x91A05FF,0xE0EF5B,0xAAB9548,0x55555E5,0xAAAAB];
-#[cfg(feature = "BLS455")]
-pub const CURVE_FRA:[Chunk;NLEN]=[0xA2EBF21,0x4E67DEE,0xCDE6590,0xE5EA94E,0x15454985,0x140CFC43,0x7E14D1C,0x1778395A,0x1944F022,0x166BEA1A,0xC3DEEA0,0x9F031A0,0x16A7459,0x1F1D6E00,0x125CFB72,0x72FD4];
-#[cfg(feature = "BLS455")]
-pub const CURVE_FRB:[Chunk;NLEN]=[0x15D1438A,0x1019821D,0x1DCBF01A,0x1CB40187,0x118C70E6,0x18BD5A30,0xB018251,0x13275D08,0xA06E916,0x1C6D0096,0x39BA8ED,0x1F33D460,0x1F768501,0xB8E274F,0x12F85A72,0x37AD6];
-#[cfg(feature = "BLS455")]
-pub const CURVE_PXA:[Chunk;NLEN]=[0x10C1F542,0x23AF907,0x159F840,0xBAC0E1F,0x133D7766,0x1C034C5D,0x14C5C875,0x1ED0BDA2,0x16A49C71,0x1E9FF62D,0x14F3ACC0,0x1E0C9FEA,0xC4638DE,0x74D18DA,0xBEA0030,0x5D962];
-#[cfg(feature = "BLS455")]
-pub const CURVE_PXB:[Chunk;NLEN]=[0x749F03D,0xC843773,0xB17BCBA,0x1134AB4B,0x8EA016E,0x1A0D766C,0x58F819E,0x48A1FCC,0xE296F62,0x83370E4,0xC9BA1D5,0x1E43290E,0xEE59A80,0x1FDD85F5,0x1F3819B6,0x1D9F];
-#[cfg(feature = "BLS455")]
-pub const CURVE_PYA:[Chunk;NLEN]=[0x181A77F4,0x191AD22,0x1E9F842A,0x1E1E6CF6,0xD55B9D9,0x1D062533,0x15BB1323,0x7ECBC1,0x1A9EC2EF,0x1EE14CE0,0x1E96B271,0xA794439,0x1C544324,0xE6AD5DC,0x16429B0F,0x448E3];
-#[cfg(feature = "BLS455")]
-pub const CURVE_PYB:[Chunk;NLEN]=[0x1E1FDBA2,0x1A09DB6C,0xF680D5B,0xFCC6122,0xC488E2A,0x1E489ECD,0x1005617E,0x1CF9EC36,0x1C89ED72,0x16C00D90,0x1563E595,0x1243DDC0,0x8698F9E,0x1BD81E7E,0xF2A0F4A,0x66A0];
-
-#[cfg(feature = "BLS455")]
-pub const CURVE_W:[[Chunk;0];2]=[[],[]];
-#[cfg(feature = "BLS455")]
-pub const CURVE_SB:[[[Chunk;0];2];2]=[[[],[]],[[],[]]];
-#[cfg(feature = "BLS455")]
-pub const CURVE_WB:[[Chunk;0];4]=[[],[],[],[]];
-#[cfg(feature = "BLS455")]
-pub const CURVE_BB:[[[Chunk;0];4];4]=[[[],[],[],[]],[[],[],[],[]],[[],[],[],[]],[[],[],[],[]]];
-
-
-#[cfg(feature = "BLS455")]
-pub const USE_GLV:bool = true;
-#[cfg(feature = "BLS455")]
-pub const USE_GS_G2:bool = true;
-#[cfg(feature = "BLS455")]
-pub const USE_GS_GT:bool = true;
-#[cfg(feature = "BLS455")]
-pub const GT_STRONG:bool = false;
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/src/rom64.rs
----------------------------------------------------------------------
diff --git a/version22/rust/src/rom64.rs b/version22/rust/src/rom64.rs
deleted file mode 100644
index fc900ab..0000000
--- a/version22/rust/src/rom64.rs
+++ /dev/null
@@ -1,348 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-pub type Chunk=i64;
-//pub type DChunk=i128;
-pub const CHUNK:usize=64;
-
-pub const NOT_SPECIAL:usize =0;
-pub const PSEUDO_MERSENNE:usize=1;
-pub const MONTGOMERY_FRIENDLY:usize=2;
-pub const GENERALISED_MERSENNE:usize=3;
-pub const WEIERSTRASS:usize=0;
-pub const EDWARDS:usize=1;
-pub const MONTGOMERY:usize=2;
-pub const BN_CURVE: usize=0;
-pub const BLS_CURVE: usize=1;
-
-
-// Curve 25519
-#[cfg(feature = "Ed25519")]
-pub const MODBITS: usize = 255;
-#[cfg(feature = "Ed25519")]
-pub const MOD8: usize = 5;
-#[cfg(feature = "Ed25519")]
-pub const BASEBITS: usize = 56;
-#[cfg(feature = "Ed25519")]
-pub const AES_S: usize=0;
-
-// GOLDILOCKS
-#[cfg(feature = "GOLDILOCKS")]
-pub const MODBITS: usize=448;
-#[cfg(feature = "GOLDILOCKS")]
-pub const MOD8: usize=7;
-#[cfg(feature = "GOLDILOCKS")]
-pub const BASEBITS: usize=60;
-#[cfg(feature = "GOLDILOCKS")]
-pub const AES_S: usize= 0;
-
-
-// BN254 Curve
-#[cfg(feature = "BN254")]
-pub const MODBITS:usize = 254; /* Number of bits in Modulus */
-#[cfg(feature = "BN254")]
-pub const MOD8:usize = 3; /* Modulus mod 8 */
-#[cfg(feature = "BN254")]
-pub const BASEBITS:usize = 56;
-#[cfg(feature = "BN254")]
-pub const AES_S:usize=0;
-
-// BLS383 Curve
-#[cfg(feature = "BLS383")]
-pub const MODBITS:usize = 383; /* Number of bits in Modulus */
-#[cfg(feature = "BLS383")]
-pub const MOD8: usize = 3; /* Modulus mod 8 */
-#[cfg(feature = "BLS383")]
-pub const BASEBITS:usize = 56;
-#[cfg(feature = "BLS383")]
-pub const AES_S: usize= 0;
-
-// BLS455 Curve
-#[cfg(feature = "BLS455")]
-pub const MODBITS:usize = 455; /* Number of bits in Modulus */
-#[cfg(feature = "BLS455")]
-pub const MOD8: usize = 3; /* Modulus mod 8 */
-#[cfg(feature = "BLS455")]
-pub const BASEBITS:usize = 60;
-#[cfg(feature = "BLS455")]
-pub const AES_S: usize= 128;
-
-//---------------
-
-/* RSA/DH modulus length as multiple of BIGBITS */
-pub const FFLEN:usize=8;
-
-pub const NLEN: usize = (1+((MODBITS-1)/BASEBITS));
-pub const BIG_HEX_STRING_LEN:usize = NLEN * 16 + NLEN - 1;
-pub const DNLEN: usize = 2*NLEN;
-pub const BMASK: Chunk= ((1<<BASEBITS)-1);
-pub const MODBYTES: usize = 1+(MODBITS-1)/8;
-pub const NEXCESS:isize = (1<<((CHUNK)-BASEBITS-1));
-pub const FEXCESS:Chunk = ((1 as Chunk)<<(BASEBITS*(NLEN)-MODBITS));
-pub const OMASK:Chunk = (-1)<<(MODBITS%BASEBITS);
-pub const TBITS:usize=MODBITS%BASEBITS; // Number of active bits in top word
-pub const TMASK:Chunk=(1<<TBITS)-1;
-pub const BIGBITS:usize = (MODBYTES*8);
-pub const HBITS: usize=(BASEBITS/2);
-pub const HMASK: Chunk= ((1<<HBITS)-1);
-
-/* Finite field support - for RSA, DH etc. */
-pub const FF_BITS:usize=(BIGBITS*FFLEN); /* Finite Field Size in bits - must be 256.2^n */
-pub const HFLEN:usize=(FFLEN/2); /* Useful for half-size RSA private key operations */
-
-pub const P_MBITS:usize=(MODBYTES as usize)*8;
-pub const P_MB: usize=(P_MBITS%BASEBITS);
-pub const P_OMASK:Chunk=((-1)<<(P_MBITS%BASEBITS));
-pub const P_FEXCESS: Chunk=(1<<(BASEBITS*NLEN-P_MBITS));
-pub const P_TBITS: usize=(P_MBITS%BASEBITS);
-
-
-// Curve25519 Modulus
-#[cfg(feature = "Ed25519")]
-pub const MODTYPE:usize=PSEUDO_MERSENNE;
-#[cfg(feature = "Ed25519")]
-pub const MODULUS:[Chunk;NLEN]=[0xFFFFFFFFFFFFED,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0x7FFFFFFF];
-#[cfg(feature = "Ed25519")]
-pub const MCONST:Chunk=19;
-
-//GOLDILOCKS
-#[cfg(feature = "GOLDILOCKS")]
-pub const MODTYPE: usize=GENERALISED_MERSENNE;
-#[cfg(feature = "GOLDILOCKS")]
-pub const MODULUS: [Chunk;NLEN]= [0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFEFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFF];
-#[cfg(feature = "GOLDILOCKS")]
-pub const MCONST: Chunk=0x1;
-
-// BN254 Curve Modulus
-#[cfg(feature = "BN254")]
-pub const MODTYPE:usize = NOT_SPECIAL;
-#[cfg(feature = "BN254")]
-pub const MODULUS:[Chunk;NLEN] = [0x13,0x13A7,0x80000000086121,0x40000001BA344D,0x25236482];
-#[cfg(feature = "BN254")]
-pub const MCONST:Chunk=0x435E50D79435E5;
-
-// BLS383 Curve
-#[cfg(feature = "BLS383")]
-pub const MODTYPE:usize = NOT_SPECIAL;
-#[cfg(feature = "BLS383")]
-pub const MODULUS:[Chunk;NLEN] = [0xACAAB52AAD556B,0x1BB01475F75D7A,0xCF73083D5D7520,0x531820F99EB16,0x2C01355A68EA32,0x5C6105C552A785,0x7AC52080A9F7];
-#[cfg(feature = "BLS383")]
-pub const MCONST:Chunk=0xA59AB3B123D0BD;
-
-
-// BLS455 Curve
-#[cfg(feature = "BLS455")]
-pub const MODTYPE:usize = NOT_SPECIAL;
-#[cfg(feature = "BLS455")]
-pub const MODULUS:[Chunk;NLEN] = [0xAA00001800002AB,0xC589556B2AA956A,0xB9994ACE86D1BA6,0x3954FCB314B8B3D,0xE3A5B1D56234BD9,0x95B49203003F665,0x57955572AA00E0F,0x555559555];
-#[cfg(feature = "BLS455")]
-pub const MCONST:Chunk=0xB3EF8137F4017FD;
-
-
-// Ed25519 Curve
-#[cfg(feature = "Ed25519")]
-pub const CURVETYPE:usize=EDWARDS;
-#[cfg(feature = "Ed25519")]
-pub const CURVE_A:isize = -1;
-#[cfg(feature = "Ed25519")]
-pub const CURVE_B:[Chunk;NLEN]=[0xEB4DCA135978A3,0xA4D4141D8AB75,0x797779E8980070,0x2B6FFE738CC740,0x52036CEE];
-#[cfg(feature = "Ed25519")]
-pub const CURVE_ORDER:[Chunk;NLEN]=[0x12631A5CF5D3ED,0xF9DEA2F79CD658,0x14DE,0x0,0x10000000];
-#[cfg(feature = "Ed25519")]
-pub const CURVE_GX:[Chunk;NLEN]=[0x562D608F25D51A,0xC7609525A7B2C9,0x31FDD6DC5C692C,0xCD6E53FEC0A4E2,0x216936D3];
-#[cfg(feature = "Ed25519")]
-pub const CURVE_GY:[Chunk;NLEN]=[0x66666666666658,0x66666666666666,0x66666666666666,0x66666666666666,0x66666666];
-
-// GOLDILOCKS
-#[cfg(feature = "GOLDILOCKS")]
-pub const CURVETYPE: usize= EDWARDS;
-#[cfg(feature = "GOLDILOCKS")]
-pub const CURVE_A: isize = 1;
-#[cfg(feature = "GOLDILOCKS")]
-pub const CURVE_B: [Chunk;NLEN]=[0xFFFFFFFFFFF6756,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFEFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFF];
-#[cfg(feature = "GOLDILOCKS")]
-pub const CURVE_ORDER: [Chunk;NLEN]=[0x378C292AB5844F3,0x6CC2728DC58F552,0xEDB49AED6369021,0xFFFF7CCA23E9C44,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0x3FFFFFF];
-#[cfg(feature = "GOLDILOCKS")]
-pub const CURVE_GX: [Chunk;NLEN]=[0x555555555555555,0x555555555555555,0x555555555555555,0xAAA955555555555,0xAAAAAAAAAAAAAAA,0xAAAAAAAAAAAAAAA,0xAAAAAAAAAAAAAAA,0xAAAAAAA];
-#[cfg(feature = "GOLDILOCKS")]
-pub const CURVE_GY: [Chunk;NLEN]=[0xAEAFBCDEA9386ED,0xBCB2BED1CDA06BD,0x565833A2A3098BB,0x6D728AD8C4B80D6,0x7A035884DD7B7E3,0x205086C2B0036ED,0x34AD7048DB359D6,0xAE05E96];
-
-
-// BN254 Curve
-#[cfg(feature = "BN254")]
-pub const CURVETYPE:usize = WEIERSTRASS;
-#[cfg(feature = "BN254")]
-pub const CURVE_PAIRING_TYPE:usize = BN_CURVE;
-#[cfg(feature = "BN254")]
-pub const CURVE_A:isize = 0;
-#[cfg(feature = "BN254")]
-pub const CURVE_B:[Chunk;NLEN]=[0x2,0x0,0x0,0x0,0x0];
-#[cfg(feature = "BN254")]
-pub const CURVE_ORDER:[Chunk;NLEN]=[0xD,0x800000000010A1,0x8000000007FF9F,0x40000001BA344D,0x25236482];
-#[cfg(feature = "BN254")]
-pub const CURVE_GX:[Chunk;NLEN]=[0x12,0x13A7,0x80000000086121,0x40000001BA344D,0x25236482];
-#[cfg(feature = "BN254")]
-pub const CURVE_GY:[Chunk;NLEN]=[0x1,0x0,0x0,0x0,0x0];
-
-#[cfg(feature = "BN254")]
-pub const CURVE_FRA:[Chunk;NLEN]=[0x7DE6C06F2A6DE9,0x74924D3F77C2E1,0x50A846953F8509,0x212E7C8CB6499B,0x1B377619];
-#[cfg(feature = "BN254")]
-pub const CURVE_FRB:[Chunk;NLEN]=[0x82193F90D5922A,0x8B6DB2C08850C5,0x2F57B96AC8DC17,0x1ED1837503EAB2,0x9EBEE69];
-#[cfg(feature = "BN254")]
-pub const CURVE_PXA:[Chunk;NLEN]=[0xEE4224C803FB2B,0x8BBB4898BF0D91,0x7E8C61EDB6A464,0x519EB62FEB8D8C,0x61A10BB];
-#[cfg(feature = "BN254")]
-pub const CURVE_PXB:[Chunk;NLEN]=[0x8C34C1E7D54CF3,0x746BAE3784B70D,0x8C5982AA5B1F4D,0xBA737833310AA7,0x516AAF9];
-#[cfg(feature = "BN254")]
-pub const CURVE_PYA:[Chunk;NLEN]=[0xF0E07891CD2B9A,0xAE6BDBE09BD19,0x96698C822329BD,0x6BAF93439A90E0,0x21897A0];
-#[cfg(feature = "BN254")]
-pub const CURVE_PYB:[Chunk;NLEN]=[0x2D1AEC6B3ACE9B,0x6FFD739C9578A,0x56F5F38D37B090,0x7C8B15268F6D44,0xEBB2B0E];
-#[cfg(feature = "BN254")]
-pub const CURVE_BNX:[Chunk;NLEN]=[0x80000000000001,0x40,0x0,0x0,0x0];
-#[cfg(feature = "BN254")]
-pub const CURVE_COF:[Chunk;NLEN]=[0x1,0x0,0x0,0x0,0x0];
-#[cfg(feature = "BN254")]
-pub const CURVE_CRU:[Chunk;NLEN]=[0x80000000000007,0x6CD,0x40000000024909,0x49B362,0x0];
-#[cfg(feature = "BN254")]
-pub const CURVE_W:[[Chunk;NLEN];2]=[[0x3,0x80000000000204,0x6181,0x0,0x0],[0x1,0x81,0x0,0x0,0x0]];
-#[cfg(feature = "BN254")]
-pub const CURVE_SB:[[[Chunk;NLEN];2];2]=[[[0x4,0x80000000000285,0x6181,0x0,0x0],[0x1,0x81,0x0,0x0,0x0]],[[0x1,0x81,0x0,0x0,0x0],[0xA,0xE9D,0x80000000079E1E,0x40000001BA344D,0x25236482]]];
-#[cfg(feature = "BN254")]
-pub const CURVE_WB:[[Chunk;NLEN];4]=[[0x80000000000000,0x80000000000040,0x2080,0x0,0x0],[0x80000000000005,0x54A,0x8000000001C707,0x312241,0x0],[0x80000000000003,0x800000000002C5,0xC000000000E383,0x189120,0x0],[0x80000000000001,0x800000000000C1,0x2080,0x0,0x0]];
-#[cfg(feature = "BN254")]
-pub const CURVE_BB:[[[Chunk;NLEN];4];4]=[[[0x8000000000000D,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482],[0x8000000000000C,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482],[0x8000000000000C,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482],[0x2,0x81,0x0,0x0,0x0]],[[0x1,0x81,0x0,0x0,0x0],[0x8000000000000C,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482],[0x8000000000000D,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482],[0x8000000000000C,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482]],[[0x2,0x81,0x0,0x0,0x0],[0x1,0x81,0x0,0x0,0x0],[0x1,0x81,0x0,0x0,0x0],[0x1,0x81,0x0,0x0,0x0]],[[0x80000000000002,0x40,0x0,0x0,0x0],[0x2,0x102,0x0,0x0,0x0],[0xA,0x80000000001020,0x8000000007FF9F,0x40000001BA344D,0x25236482],[0x80000000000002,0x40,0x0,0x0,0x0]]];
-
-#[cfg(feature = "BN254")]
-pub const USE_GLV:bool = true;
-#[cfg(feature = "BN254")]
-pub const USE_GS_G2:bool = true;
-#[cfg(feature = "BN254")]
-pub const USE_GS_GT:bool = true;
-#[cfg(feature = "BN254")]
-pub const GT_STRONG:bool = false;
-
-// BLS383 Curve
-#[cfg(feature = "BLS383")]
-pub const CURVETYPE:usize = WEIERSTRASS;
-#[cfg(feature = "BLS383")]
-pub const CURVE_PAIRING_TYPE:usize = BLS_CURVE;
-#[cfg(feature = "BLS383")]
-pub const CURVE_A:isize = 0;
-
-#[cfg(feature = "BLS383")]
-pub const CURVE_ORDER:[Chunk;NLEN]=[0xFFF80000FFF001,0xBFDE0070FE7800,0x3000049C5EDF1C,0xC40007F910007A,0x14641004C,0x0,0x0];
-#[cfg(feature = "BLS383")]
-pub const CURVE_B:[Chunk;NLEN]=[0x9,0x0,0x0,0x0,0x0,0x0,0x0];
-#[cfg(feature = "BLS383")]
-pub const CURVE_COF:[Chunk;NLEN]=[0x2A00000052B,0x5560AAAAAB2CA0,0x6055,0x0,0x0,0x0,0x0];
-#[cfg(feature = "BLS383")]
-pub const CURVE_GX:[Chunk;NLEN]=[0xD59B348D10786B,0x3477C0E3F54AD0,0xBF25B734578B9B,0x4F6AC007BB6F65,0xEFD5830FF57E9C,0xADB9F88FB6EC02,0xB08CEE4BC98];
-#[cfg(feature = "BLS383")]
-pub const CURVE_GY:[Chunk;NLEN]=[0x5DA023D145DDB,0x13F518C5FEF7CC,0x56EC3462B2A66F,0x96F3019C7A925F,0x9061047981223E,0x4810AD8F5BE59,0x1F3909337671];
-
-#[cfg(feature = "BLS383")]
-pub const CURVE_BNX:[Chunk;NLEN]=[0x1000000040,0x110,0x0,0x0,0x0,0x0,0x0];
-#[cfg(feature = "BLS383")]
-pub const CURVE_CRU:[Chunk;NLEN]=[0xA3AAC4EDA155A9,0xDF2FE8761E5E3D,0xBCDFAADE632625,0x5123128D3035A6,0xDBF3A2BBEAD683,0x5C5FAB20424190,0x7AC52080A9F7];
-#[cfg(feature = "BLS383")]
-pub const CURVE_FRA:[Chunk;NLEN]=[0x2BA59A92B4508B,0x63DB7A06EEF343,0x40341CB1DFBC74,0x1639E9D32D55D3,0xB19B3F05CC36D4,0xF323EE4D86AB98,0x5A5FB198672];
-#[cfg(feature = "BLS383")]
-pub const CURVE_FRB:[Chunk;NLEN]=[0x81051A97F904E0,0xB7D49A6F086A37,0x8F3EEB8B7DB8AB,0xEEF7983C6C9543,0x7A65F6549CB35D,0x693D1777CBFBEC,0x751F25672384];
-#[cfg(feature = "BLS383")]
-pub const CURVE_PXA:[Chunk;NLEN]=[0x6059885BAC9472,0x7C4D31DE2DC36D,0xBDC90C308C88A7,0x29F01971C688FC,0x3693539C43F167,0xD81E5A561EB8BF,0x4D50722B56BF];
-#[cfg(feature = "BLS383")]
-pub const CURVE_PXB:[Chunk;NLEN]=[0x9B4BD7A272AB23,0x7AF19D4F44DCE8,0x3F6F7B93206A34,0x571DD3E2A819FB,0x3A2BA3B635D7EE,0xAC28C780C1A126,0xEE3617C3E5B];
-#[cfg(feature = "BLS383")]
-pub const CURVE_PYA:[Chunk;NLEN]=[0x81D230977BD4FD,0xB660720DFDFC6,0x41FC9590C89A0C,0x2E1FBCF878287A,0x11C23014EEE65,0x28878816BB325E,0x8F40859A05C];
-#[cfg(feature = "BLS383")]
-pub const CURVE_PYB:[Chunk;NLEN]=[0xA5E20A252C4CE6,0x5907A74AFF40C8,0x41760A42448EF3,0xFFEF82B0FDA199,0xA0F29A18D4EA49,0xAC7F7B86E4997B,0x1DCABBA88C12];
-
-#[cfg(feature = "BLS383")]
-pub const CURVE_W:[[Chunk;0];2]=[[],[]];
-#[cfg(feature = "BLS383")]
-pub const CURVE_SB:[[[Chunk;0];2];2]=[[[],[]],[[],[]]];
-#[cfg(feature = "BLS383")]
-pub const CURVE_WB:[[Chunk;0];4]=[[],[],[],[]];
-#[cfg(feature = "BLS383")]
-pub const CURVE_BB:[[[Chunk;0];4];4]=[[[],[],[],[]],[[],[],[],[]],[[],[],[],[]],[[],[],[],[]]];
-
-
-#[cfg(feature = "BLS383")]
-pub const USE_GLV:bool = true;
-#[cfg(feature = "BLS383")]
-pub const USE_GS_G2:bool = true;
-#[cfg(feature = "BLS383")]
-pub const USE_GS_GT:bool = true;
-#[cfg(feature = "BLS383")]
-pub const GT_STRONG:bool = false;
-
-
-// BLS455 Curve
-#[cfg(feature = "BLS455")]
-pub const CURVETYPE:usize = WEIERSTRASS;
-#[cfg(feature = "BLS455")]
-pub const CURVE_PAIRING_TYPE:usize = BLS_CURVE;
-#[cfg(feature = "BLS455")]
-pub const CURVE_A:isize = 0;
-
-#[cfg(feature = "BLS455")]
-pub const CURVE_ORDER:[Chunk;NLEN]=[0x7FFFFC00001,0xA00000400001C,0x25E000750001D10,0xE0000F10004F000,0x80000380002,0x10,0x0,0x0];
-#[cfg(feature = "BLS455")]
-pub const CURVE_B:[Chunk;NLEN]=[0xA,0x0,0x0,0x0,0x0,0x0,0x0,0x0];
-#[cfg(feature = "BLS455")]
-pub const CURVE_COF:[Chunk;NLEN]=[0xA9557FFAABFFAAB,0xAAB15555B54AAB6,0x555556AA,0x0,0x0,0x0,0x0,0x0];
-#[cfg(feature = "BLS455")]
-pub const CURVE_GX:[Chunk;NLEN]=[0x6D4C5DDFDFCEDD1,0x35C6F43B3A034FB,0x7F05B56A579C725,0xB1F2B8ECE11B321,0x9F342AB0CFE8392,0xA5911EE32767994,0x3005E40CC56ABED,0x18855F3B];
-#[cfg(feature = "BLS455")]
-pub const CURVE_GY:[Chunk;NLEN]=[0x404FD79A6619B9B,0x69D80A5D6FA0286,0xEE722322D91A493,0xB1EE58431C1E968,0xCA9BC8953801F5F,0xDFAFD40FE9E388E,0x9F8985FC3DEB0D6,0x19A8DB77E];
-
-#[cfg(feature = "BLS455")]
-pub const CURVE_BNX:[Chunk;NLEN]=[0x20000080000800,0x10000,0x0,0x0,0x0,0x0,0x0,0x0];
-#[cfg(feature = "BLS455")]
-pub const CURVE_CRU:[Chunk;NLEN]=[0x9202FFC00000AA9,0xFA5190F4A3762A,0x8B2B9BDD548FEC9,0xD7B469DB33A586A,0xC91731354CAFD99,0xF5B48D02FFFE695,0x57955572A900E0E,0x555559555];
-#[cfg(feature = "BLS455")]
-pub const CURVE_FRA:[Chunk;NLEN]=[0x9CCFBDCA2EBF21,0x572F54A73379964,0x72819F887545498,0x22BBC1CAD1F8534,0xA82CD7D435944F0,0x4594F818D030F7B,0xEDCBE3ADC0016A7,0x397EA4973];
-#[cfg(feature = "BLS455")]
-pub const CURVE_FRB:[Chunk;NLEN]=[0xA033043B5D1438A,0x6E5A00C3F72FC06,0x4717AB46118C70E,0x16993AE842C0609,0x3B78DA012CA06E9,0x501F99EA300E6EA,0x69C971C4E9FF768,0x1BD6B4BE1];
-#[cfg(feature = "BLS455")]
-pub const CURVE_PXA:[Chunk;NLEN]=[0x475F20F0C1F542,0x65D6070F8567E10,0xD780698BB33D776,0x71F685ED1531721,0x303D3FEC5B6A49C,0x8DEF064FF553CEB,0xC0E9A31B4C463,0x2ECB12FA8];
-#[cfg(feature = "BLS455")]
-pub const CURVE_PXB:[Chunk;NLEN]=[0x99086EE6749F03D,0xE89A55A5AC5EF2E,0x7B41AECD88EA016,0x622450FE6163E06,0x755066E1C8E296F,0xA80F219487326E8,0x66DBFBB0BEAEE59,0xECFFCE0];
-#[cfg(feature = "BLS455")]
-pub const CURVE_PYA:[Chunk;NLEN]=[0x83235A4581A77F4,0x9F0F367B7A7E10A,0x8FA0C4A66D55B9D,0xEF03F65E0D6EC4C,0x9C7DC299C1A9EC2,0x32453CA21CFA5AC,0x6C3DCD5ABB9C544,0x22471D90A];
-#[cfg(feature = "BLS455")]
-pub const CURVE_PYB:[Chunk;NLEN]=[0xF413B6D9E1FDBA2,0xA7E630913DA0356,0xFBC913D9AC488E2,0x72E7CF61B401585,0x656D801B21C89ED,0xF9E921EEE0558F9,0x3D2B7B03CFC8698,0x33503CA8];
-
-#[cfg(feature = "BLS455")]
-pub const CURVE_W:[[Chunk;0];2]=[[],[]];
-#[cfg(feature = "BLS455")]
-pub const CURVE_SB:[[[Chunk;0];2];2]=[[[],[]],[[],[]]];
-#[cfg(feature = "BLS455")]
-pub const CURVE_WB:[[Chunk;0];4]=[[],[],[],[]];
-#[cfg(feature = "BLS455")]
-pub const CURVE_BB:[[[Chunk;0];4];4]=[[[],[],[],[]],[[],[],[],[]],[[],[],[],[]],[[],[],[],[]]];
-
-
-#[cfg(feature = "BLS455")]
-pub const USE_GLV:bool = true;
-#[cfg(feature = "BLS455")]
-pub const USE_GS_G2:bool = true;
-#[cfg(feature = "BLS455")]
-pub const USE_GS_GT:bool = true;
-#[cfg(feature = "BLS455")]
-pub const GT_STRONG:bool = false;
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/src/rsa.rs
----------------------------------------------------------------------
diff --git a/version22/rust/src/rsa.rs b/version22/rust/src/rsa.rs
deleted file mode 100644
index 4915816..0000000
--- a/version22/rust/src/rsa.rs
+++ /dev/null
@@ -1,372 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-//mod big;
-//use big::BIG;
-//mod dbig;
-//use dbig::DBIG;
-//mod ff;
-use ff::FF;
-//mod big;
-//mod dbig;
-//mod rom;
-use rom;
-//mod rand;
-use rand::RAND;
-//mod hash256;
-use hash256::HASH256;
-//mod hash384;
-use hash384::HASH384;
-//mod hash512;
-use hash512::HASH512;
-
-pub const RFS:usize =(rom::MODBYTES as usize)*rom::FFLEN;
-pub const SHA256:usize=32;
-pub const SHA384:usize=48;
-pub const SHA512:usize=64;
-
-pub const HASH_TYPE:usize=SHA256;
-
-pub struct RsaPrivateKey {
- p:FF,
- q:FF,
- dp:FF,
- dq:FF,
- c:FF
-}
-
-pub struct RsaPublicKey {
- e: isize,
- n: FF
-}
-
-pub fn new_private_key(n: usize) -> RsaPrivateKey {
- RsaPrivateKey {p:FF::new_int(n),q:FF::new_int(n),dp:FF::new_int(n),dq:FF::new_int(n),c:FF::new_int(n)}
-}
-
-pub fn new_public_key(m: usize) -> RsaPublicKey {
- RsaPublicKey {e:0,n:FF::new_int(m)}
-}
-
-fn hashit(sha: usize,a: Option<&[u8]>,n: isize,w: &mut [u8]) {
- if sha==SHA256 {
- let mut h=HASH256::new();
- if let Some(x)=a {
- h.process_array(x);
- }
- if n>=0 {h.process_num(n as i32)}
- let hs=h.hash();
- for i in 0..sha {w[i]=hs[i]}
- }
- if sha==SHA384 {
- let mut h=HASH384::new();
- if let Some(x)=a {
- h.process_array(x);
- }
- if n>=0 {h.process_num(n as i32)}
- let hs=h.hash();
- for i in 0..sha {w[i]=hs[i]}
- }
- if sha==SHA512 {
- let mut h=HASH512::new();
- if let Some(x)=a {
- h.process_array(x);
- }
- if n>=0 {h.process_num(n as i32)}
- let hs=h.hash();
- for i in 0..sha {w[i]=hs[i]}
- }
-}
-
-pub fn key_pair(rng: &mut RAND,e: isize,prv: &mut RsaPrivateKey,pbc: &mut RsaPublicKey) { /* IEEE1363 A16.11/A16.12 more or less */
- let n=pbc.n.getlen()/2;
- let mut t=FF::new_int(n);
- let mut p1=FF::new_int(n);
- let mut q1=FF::new_int(n);
-
- loop {
- prv.p.random(rng);
- while prv.p.lastbits(2)!=3 {prv.p.inc(1)}
- while !FF::prime(&prv.p,rng) {
- prv.p.inc(4);
- }
-
- p1.copy(&prv.p);
- p1.dec(1);
-
- if p1.cfactor(e) {continue}
- break;
- }
-
- loop {
- prv.q.random(rng);
- while prv.q.lastbits(2)!=3 {prv.q.inc(1)}
- while !FF::prime(&prv.q,rng) {
- prv.q.inc(4);
- }
-
- q1.copy(&prv.q);
- q1.dec(1);
-
- if q1.cfactor(e) {continue}
-
- break;
- }
-
- pbc.n=FF::mul(&prv.p,&prv.q);
- pbc.e=e;
-
- t.copy(&p1);
- t.shr();
- prv.dp.set(e);
- prv.dp.invmodp(&t);
- if prv.dp.parity()==0 {prv.dp.add(&t)}
- prv.dp.norm();
-
- t.copy(&q1);
- t.shr();
- prv.dq.set(e);
- prv.dq.invmodp(&t);
- if prv.dq.parity()==0 {prv.dq.add(&t)}
- prv.dq.norm();
-
- prv.c.copy(&prv.p);
- prv.c.invmodp(&prv.q);
-}
-
-/* Mask Generation Function */
-
-pub fn mgf1(sha: usize,z: &[u8],olen: usize,k: &mut [u8]) {
- let hlen=sha;
-
- let mut j=0;
- for i in 0..k.len() {k[i]=0}
-
- let mut cthreshold=olen/hlen;
- if olen%hlen!=0 {cthreshold+=1}
- for counter in 0..cthreshold {
- let mut b:[u8;64]=[0;64];
- hashit(sha,Some(z),counter as isize,&mut b);
-
- if j+hlen>olen {
- for i in 0..(olen%hlen) {k[j]=b[i]; j+=1}
- } else {
- for i in 0..hlen {k[j]=b[i]; j+=1}
- }
- }
-}
-
-/* SHAXXX identifier strings */
-const SHA256ID:[u8;19]= [0x30,0x31,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0x04,0x20];
-const SHA384ID:[u8;19]= [0x30,0x41,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,0x05,0x00,0x04,0x30];
-const SHA512ID:[u8;19]= [0x30,0x51,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00,0x04,0x40];
-
-pub fn pkcs15(sha: usize,m: &[u8],w: &mut [u8]) -> bool {
- let olen=rom::FF_BITS/8;
- let hlen=sha;
- let idlen=19;
- let mut b:[u8;64]=[0;64]; /* Not good */
-
- if olen<idlen+hlen+10 {return false}
- hashit(sha,Some(m),-1,&mut b);
-
- for i in 0..w.len() {w[i]=0}
- let mut i=0;
- w[i]=0; i+=1;
- w[i]=1; i+=1;
- for _ in 0..olen-idlen-hlen-3 {w[i]=0xff; i+=1}
- w[i]=0; i+=1;
-
- if hlen==SHA256 {
- for j in 0..idlen {w[i]=SHA256ID[j]; i+=1}
- }
- if hlen==SHA384 {
- for j in 0..idlen {w[i]=SHA384ID[j]; i+=1}
- }
- if hlen==SHA512 {
- for j in 0..idlen {w[i]=SHA512ID[j]; i+=1}
- }
- for j in 0..hlen {w[i]=b[j]; i+=1}
-
- return true;
-}
-
-/* OAEP Message Encoding for Encryption */
-pub fn oaep_encode(sha: usize,m: &[u8],rng: &mut RAND,p: Option<&[u8]>,f: &mut [u8]) -> bool {
- let olen=RFS-1;
- let mlen=m.len();
-
- let hlen=sha;
-
- let mut seed:[u8;64]=[0;64];
-
- let seedlen=hlen;
- if mlen>olen-hlen-seedlen-1 {return false}
-
- let mut dbmask:[u8;RFS]=[0;RFS];
-
- hashit(sha,p,-1,f);
- let slen=olen-mlen-hlen-seedlen-1;
-
- for i in 0..slen {f[hlen+i]=0}
- f[hlen+slen]=1;
- for i in 0..mlen {f[hlen+slen+1+i]=m[i]}
-
- for i in 0..seedlen {seed[i]=rng.getbyte()}
-
- mgf1(sha,&seed,olen-seedlen,&mut dbmask);
-
- for i in 0..olen-seedlen {dbmask[i]^=f[i]}
-
- mgf1(sha,&dbmask[0..olen-seedlen],seedlen,f);
-
- for i in 0..seedlen {f[i]^=seed[i]}
-
- for i in 0..olen-seedlen {f[i+seedlen]=dbmask[i]}
-
- /* pad to length RFS */
- let d=1;
- for i in (d..RFS).rev() {
- f[i]=f[i-d];
- }
- for i in (0..d).rev() {
- f[i]=0;
- }
- return true;
-}
-
-/* OAEP Message Decoding for Decryption */
-pub fn oaep_decode(sha: usize,p: Option<&[u8]>,f: &mut [u8]) -> usize {
- let olen=RFS-1;
-
- let hlen=sha;
- let mut seed:[u8;64]=[0;64];
- let seedlen=hlen;
- let mut chash:[u8;64]=[0;64];
-
- if olen<seedlen+hlen+1 {return 0}
- let mut dbmask:[u8;RFS]=[0;RFS];
- //for i in 0..olen-seedlen {dbmask[i]=0}
-
- if f.len()<RFS {
- let d=RFS-f.len();
- for i in (d..RFS).rev() {
- f[i]=f[i-d];
- }
- for i in (0..d).rev() {
- f[i]=0;
- }
- }
-
- hashit(sha,p,-1,&mut chash);
-
- let x=f[0];
-
- for i in seedlen..olen {
- dbmask[i-seedlen]=f[i+1];
- }
-
- mgf1(sha,&dbmask[0..olen-seedlen],seedlen,&mut seed);
- for i in 0..seedlen {seed[i]^=f[i+1]}
- mgf1(sha,&seed,olen-seedlen,f);
- for i in 0..olen-seedlen {dbmask[i]^=f[i]}
-
- let mut comp=true;
- for i in 0..hlen {
- if chash[i]!=dbmask[i] {comp=false}
- }
-
- for i in 0..olen-seedlen-hlen {
- dbmask[i]=dbmask[i+hlen]
- }
-
- for i in 0..hlen {
- seed[i]=0; chash[i]=0
- }
-
- let mut k=0;
- loop {
- if k>=olen-seedlen-hlen {return 0}
- if dbmask[k]!=0 {break}
- k+=1;
- }
-
- let t=dbmask[k];
- if !comp || x!=0 || t!=0x01 {
- for i in 0..olen-seedlen {dbmask[i]=0}
- return 0;
- }
-
- for i in 0..olen-seedlen-hlen-k-1 {
- f[i]=dbmask[i+k+1];
- }
-
- for i in 0..olen-seedlen {dbmask[i]=0}
-
- return olen-seedlen-hlen-k-1;
-}
-
-/* destroy the Private Key structure */
-pub fn private_key_kill(prv: &mut RsaPrivateKey) {
- prv.p.zero();
- prv.q.zero();
- prv.dp.zero();
- prv.dq.zero();
- prv.c.zero();
-}
-
-/* RSA encryption with the public key */
-pub fn encrypt(pbc: &RsaPublicKey,f: &[u8],g: &mut [u8]) {
- let m=pbc.n.getlen();
- let mut r=FF::new_int(m);
-
- FF::frombytes(&mut r,f);
- r.power(pbc.e,&pbc.n);
- r.tobytes(g);
-}
-
-/* RSA decryption with the private key */
-pub fn decrypt(prv: &RsaPrivateKey,g: &[u8],f: &mut [u8]) {
- let n=prv.p.getlen();
- let mut r=FF::new_int(2*n);
-
- FF::frombytes(&mut r,g);
- let mut jp=r.dmod(&prv.p);
- let mut jq=r.dmod(&prv.q);
-
- jp.skpow(&prv.dp,&prv.p);
- jq.skpow(&prv.dq,&prv.q);
-
- r.zero();
- r.dscopy(&jp);
- jp.rmod(&prv.q);
- if FF::comp(&jp,&jq)>0 {jq.add(&prv.q)}
- jq.sub(&jp);
- jq.norm();
-
- let mut t=FF::mul(&prv.c,&jq);
- jq=t.dmod(&prv.q);
-
- t=FF::mul(&jq,&prv.p);
- r.add(&t);
- r.norm();
-
- r.tobytes(f);
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/tests/benchtest_ec.rs
----------------------------------------------------------------------
diff --git a/version22/rust/tests/benchtest_ec.rs b/version22/rust/tests/benchtest_ec.rs
deleted file mode 100644
index eee1ced..0000000
--- a/version22/rust/tests/benchtest_ec.rs
+++ /dev/null
@@ -1,185 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-extern crate amcl;
-
-use amcl::ecdh;
-use amcl::ecp;
-use amcl::ecp2;
-use amcl::fp;
-use amcl::fp2;
-use amcl::fp4;
-use amcl::fp12;
-use amcl::big;
-use amcl::dbig;
-use amcl::rand;
-use amcl::hash256;
-use amcl::hash384;
-use amcl::hash512;
-use amcl::aes;
-use amcl::rom;
-use amcl::ff;
-use amcl::rsa;
-
-use rand::RAND;
-use ecp::ECP;
-use big::BIG;
-
-use std::time::Instant;
-
-const MIN_ITERS:isize=10;
-const MIN_TIME: isize=10;
-
-#[allow(non_snake_case)]
-#[test]
-fn benchtest_ec()
-{
- let mut raw:[u8;100]=[0;100];
- let mut fail=false;
- let mut pbc=rsa::new_public_key(rom::FFLEN);
- let mut prv=rsa::new_private_key(rom::HFLEN);
- let mut c: [u8;rsa::RFS]=[0;rsa::RFS];
- let mut m: [u8;rsa::RFS]=[0;rsa::RFS];
- let mut p: [u8;rsa::RFS]=[0;rsa::RFS];
-
- let mut rng=RAND::new();
- rng.clean();
- for i in 0..100 {raw[i]=i as u8}
-
- rng.seed(100,&raw);
-
- if rom::CURVETYPE==rom::WEIERSTRASS {
- println!("Weierstrass parameterization");
- }
- if rom::CURVETYPE==rom::EDWARDS {
- println!("Edwards parameterization");
- }
- if rom::CURVETYPE==rom::MONTGOMERY {
- println!("Montgomery parameterization");
- }
-
- if rom::MODTYPE==rom::PSEUDO_MERSENNE {
- println!("Pseudo-Mersenne Modulus");
- }
- if rom::MODTYPE==rom::MONTGOMERY_FRIENDLY {
- println!("Montgomery friendly Modulus");
- }
- if rom::MODTYPE==rom::GENERALISED_MERSENNE {
- println!("Generalised-Mersenne Modulus");
- }
- if rom::MODTYPE==rom::NOT_SPECIAL {
- println!("Not special Modulus");
- }
-
- println!("Modulus size {:} bits",rom::MODBITS);
- println!("{:} bit build",rom::CHUNK);
-
- let mut G:ECP;
-
- let gx=BIG::new_ints(&rom::CURVE_GX);
-
- if rom::CURVETYPE!=rom::MONTGOMERY {
- let gy=BIG::new_ints(&rom::CURVE_GY);
- G=ECP::new_bigs(&gx,&gy);
- } else {
- G=ECP::new_big(&gx);
- }
-
- let mut r=BIG::new_ints(&rom::CURVE_ORDER);
- let mut s=BIG::randomnum(&r,&mut rng);
-
- let mut P=G.mul(&mut r);
- if !P.is_infinity() {
- println!("FAILURE - rG!=O");
- fail=true;
- }
-
- let start = Instant::now();
- let mut iterations=0;
- let mut dur=0 as u64;
- while dur<(MIN_TIME as u64)*1000 || iterations<MIN_ITERS {
- P=G.mul(&mut s);
- iterations+=1;
- let elapsed=start.elapsed();
- dur=(elapsed.as_secs() * 1_000) + (elapsed.subsec_nanos() / 1_000_000) as u64;
- }
- let duration=(dur as f64)/(iterations as f64);
- print!("EC mul - {:} iterations ",iterations);
- println!(" {:0.2} ms per iteration",duration);
-
- println!("Generating {:}-bit RSA public/private key pair",rom::FFLEN*rom::BIGBITS);
-
-
- let start = Instant::now();
- let mut iterations=0;
- let mut dur=0 as u64;
- while dur<(MIN_TIME as u64)*1000 || iterations<MIN_ITERS {
- rsa::key_pair(&mut rng,65537,&mut prv,&mut pbc);
- iterations+=1;
- let elapsed=start.elapsed();
- dur=(elapsed.as_secs() * 1_000) + (elapsed.subsec_nanos() / 1_000_000) as u64;
- }
- let duration=(dur as f64)/(iterations as f64);
- print!("RSA gen - {:} iterations ",iterations);
- println!(" {:0.2} ms per iteration",duration);
-
- for i in 0..rsa::RFS {m[i]=(i%128) as u8;}
-
- let start = Instant::now();
- let mut iterations=0;
- let mut dur=0 as u64;
- while dur<(MIN_TIME as u64)*1000 || iterations<MIN_ITERS {
- rsa::encrypt(&pbc,&m,&mut c);
- iterations+=1;
- let elapsed=start.elapsed();
- dur=(elapsed.as_secs() * 1_000) + (elapsed.subsec_nanos() / 1_000_000) as u64;
- }
- let duration=(dur as f64)/(iterations as f64);
- print!("RSA enc - {:} iterations ",iterations);
- println!(" {:0.2} ms per iteration",duration);
-
- let start = Instant::now();
- let mut iterations=0;
- let mut dur=0 as u64;
- while dur<(MIN_TIME as u64)*1000 || iterations<MIN_ITERS {
- rsa::decrypt(&prv,&c,&mut p);
- iterations+=1;
- let elapsed=start.elapsed();
- dur=(elapsed.as_secs() * 1_000) + (elapsed.subsec_nanos() / 1_000_000) as u64;
- }
- let duration=(dur as f64)/(iterations as f64);
- print!("RSA dec - {:} iterations ",iterations);
- println!(" {:0.2} ms per iteration",duration);
-
- let mut cmp=true;
- for i in 0..rsa::RFS {
- if p[i]!=m[i] {cmp=false;}
- }
-
- if !cmp {
- println!("FAILURE - RSA decryption");
- fail=true;
- }
-
- if !fail {
- println!("All tests pass");
- }
-
- assert!(!fail)
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/tests/benchtest_pair.rs
----------------------------------------------------------------------
diff --git a/version22/rust/tests/benchtest_pair.rs b/version22/rust/tests/benchtest_pair.rs
deleted file mode 100644
index 67a9035..0000000
--- a/version22/rust/tests/benchtest_pair.rs
+++ /dev/null
@@ -1,245 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-extern crate amcl;
-
-use amcl::mpin;
-use amcl::ecp;
-use amcl::ecp2;
-use amcl::fp;
-use amcl::fp2;
-use amcl::fp4;
-use amcl::fp12;
-use amcl::pair;
-use amcl::big;
-use amcl::dbig;
-use amcl::rand;
-use amcl::hash256;
-use amcl::hash384;
-use amcl::hash512;
-use amcl::aes;
-use amcl::rom;
-
-use rand::RAND;
-use ecp::ECP;
-use big::BIG;
-use ecp2::ECP2;
-use fp2::FP2;
-
-use std::time::Instant;
-
-const MIN_ITERS:isize=10;
-const MIN_TIME: isize=10;
-
-#[allow(non_snake_case)]
-#[test]
-fn benchtest_pair()
-{
- let mut raw:[u8;100]=[0;100];
- let mut fail=false;
-
- let mut rng=RAND::new();
- rng.clean();
- for i in 0..100 {raw[i]=i as u8}
-
- rng.seed(100,&raw);
-
- if rom::CURVE_PAIRING_TYPE==rom::BN_CURVE {
- println!("BN Pairing-Friendly Curve");
- }
- if rom::CURVE_PAIRING_TYPE==rom::BLS_CURVE {
- println!("BLS Pairing-Friendly Curve");
- }
-
- println!("Modulus size {:} bits",rom::MODBITS);
- println!("{:} bit build",rom::CHUNK);
-
- let mut G:ECP;
-
- let gx=BIG::new_ints(&rom::CURVE_GX);
-
- let gy=BIG::new_ints(&rom::CURVE_GY);
- G=ECP::new_bigs(&gx,&gy);
-
- let mut r=BIG::new_ints(&rom::CURVE_ORDER);
- let mut s=BIG::randomnum(&r,&mut rng);
-
- let mut P=pair::g1mul(&mut G,&mut r);
-
- if !P.is_infinity() {
- println!("FAILURE - rP!=O");
- fail=true;
- }
-
- let start = Instant::now();
- let mut iterations=0;
- let mut dur=0 as u64;
- while dur<(MIN_TIME as u64)*1000 || iterations<MIN_ITERS {
- P=pair::g1mul(&mut G,&mut s);
- iterations+=1;
- let elapsed=start.elapsed();
- dur=(elapsed.as_secs() * 1_000) + (elapsed.subsec_nanos() / 1_000_000) as u64;
- }
- let duration=(dur as f64)/(iterations as f64);
- print!("G1 mul - {:} iterations ",iterations);
- println!(" {:0.2} ms per iteration",duration);
-
- let mut Q=ECP2::new_fp2s(&FP2::new_bigs(&BIG::new_ints(&rom::CURVE_PXA),&BIG::new_ints(&rom::CURVE_PXB)),&FP2::new_bigs(&BIG::new_ints(&rom::CURVE_PYA),&BIG::new_ints(&rom::CURVE_PYB)));
-
- let mut W=pair::g2mul(&mut Q,&mut r);
-
- if !W.is_infinity() {
- println!("FAILURE - rQ!=O");
- fail=true;
- }
-
- let start = Instant::now();
- let mut iterations=0;
- let mut dur=0 as u64;
- while dur<(MIN_TIME as u64)*1000 || iterations<MIN_ITERS {
- W=pair::g2mul(&mut Q,&mut s);
- iterations+=1;
- let elapsed=start.elapsed();
- dur=(elapsed.as_secs() * 1_000) + (elapsed.subsec_nanos() / 1_000_000) as u64;
- }
- let duration=(dur as f64)/(iterations as f64);
- print!("G2 mul - {:} iterations ",iterations);
- println!(" {:0.2} ms per iteration",duration);
-
- let mut w=pair::ate(&mut Q,&mut P);
- w=pair::fexp(&w);
-
- let mut g=pair::gtpow(&mut w,&mut r);
-
- if !g.isunity() {
- println!("FAILURE - g^r!=1");
- return;
- }
-
- let start = Instant::now();
- let mut iterations=0;
- let mut dur=0 as u64;
- while dur<(MIN_TIME as u64)*1000 || iterations<MIN_ITERS {
- g=pair::gtpow(&mut w,&mut s);
- iterations+=1;
- let elapsed=start.elapsed();
- dur=(elapsed.as_secs() * 1_000) + (elapsed.subsec_nanos() / 1_000_000) as u64;
- }
- let duration=(dur as f64)/(iterations as f64);
- print!("GT pow - {:} iterations ",iterations);
- println!(" {:0.2} ms per iteration",duration);
-
-
- let mut f = FP2::new_bigs(&BIG::new_ints(&rom::CURVE_FRA),&BIG::new_ints(&rom::CURVE_FRB));
- let q=BIG::new_ints(&rom::MODULUS);
-
- let mut m=BIG::new_copy(&q);
- m.rmod(&mut r);
-
- let mut a=BIG::new_copy(&s);
- a.rmod(&mut m);
-
- let mut b=BIG::new_copy(&s);
- b.div(&mut m);
-
- g.copy(&w);
- let mut c=g.trace();
-
- g.frob(&mut f);
- let cp=g.trace();
-
- w.conj();
- g.mul(&mut w);
- let cpm1=g.trace();
- g.mul(&mut w);
- let cpm2=g.trace();
-
- let start = Instant::now();
- let mut iterations=0;
- let mut dur=0 as u64;
- while dur<(MIN_TIME as u64)*1000 || iterations<MIN_ITERS {
- c=c.xtr_pow2(&cp,&cpm1,&cpm2,&mut a,&mut b);
- iterations+=1;
- let elapsed=start.elapsed();
- dur=(elapsed.as_secs() * 1_000) + (elapsed.subsec_nanos() / 1_000_000) as u64;
- }
- let duration=(dur as f64)/(iterations as f64);
- print!("GT pow (compressed) - {:} iterations ",iterations);
- println!(" {:0.2} ms per iteration",duration);
-
- let start = Instant::now();
- let mut iterations=0;
- let mut dur=0 as u64;
- while dur<(MIN_TIME as u64)*1000 || iterations<MIN_ITERS {
- w=pair::ate(&mut Q,&mut P);
- iterations+=1;
- let elapsed=start.elapsed();
- dur=(elapsed.as_secs() * 1_000) + (elapsed.subsec_nanos() / 1_000_000) as u64;
- }
- let duration=(dur as f64)/(iterations as f64);
- print!("PAIRing ATE - {:} iterations ",iterations);
- println!(" {:0.2} ms per iteration",duration);
-
-
- let start = Instant::now();
- let mut iterations=0;
- let mut dur=0 as u64;
- while dur<(MIN_TIME as u64)*1000 || iterations<MIN_ITERS {
- g=pair::fexp(&w);
- iterations+=1;
- let elapsed=start.elapsed();
- dur=(elapsed.as_secs() * 1_000) + (elapsed.subsec_nanos() / 1_000_000) as u64;
- }
- let duration=(dur as f64)/(iterations as f64);
- print!("PAIRing FEXP - {:} iterations ",iterations);
- println!(" {:0.2} ms per iteration",duration);
-
- P.copy(&G);
- Q.copy(&W);
-
- P=pair::g1mul(&mut P,&mut s);
- g=pair::ate(&mut Q,&mut P);
- g=pair::fexp(&g);
-
- P.copy(&G);
- Q=pair::g2mul(&mut Q,&mut s);
- w=pair::ate(&mut Q,&mut P);
- w=pair::fexp(&w);
-
- if !g.equals(&mut w) {
- println!("FAILURE - e(sQ,p)!=e(Q,sP) ");
- fail=true;
- }
-
- Q.copy(&W);
- g=pair::ate(&mut Q,&mut P);
- g=pair::fexp(&g);
- g=pair::gtpow(&mut g,&mut s);
-
- if !g.equals(&mut w) {
- println!("FAILURE - e(sQ,p)!=e(Q,P)^s ");
- fail=true;
- }
-
- if !fail {
- println!("All tests pass");
- }
-
- assert!(!fail)
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/tests/test_ecdh.rs
----------------------------------------------------------------------
diff --git a/version22/rust/tests/test_ecdh.rs b/version22/rust/tests/test_ecdh.rs
deleted file mode 100644
index 4623d17..0000000
--- a/version22/rust/tests/test_ecdh.rs
+++ /dev/null
@@ -1,180 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-extern crate amcl;
-
-use amcl::ecdh;
-use amcl::ecp;
-use amcl::ecp2;
-use amcl::fp;
-use amcl::fp2;
-use amcl::fp4;
-use amcl::fp12;
-use amcl::big;
-use amcl::dbig;
-use amcl::rand;
-use amcl::hash256;
-use amcl::hash384;
-use amcl::hash512;
-use amcl::aes;
-use amcl::rom;
-use rand::RAND;
-
-pub fn printbinary(array: &[u8]) {
- for i in 0..array.len() {
- print!("{:02X}", array[i])
- }
- println!("")
-}
-
-#[test]
-fn test_ecdh()
-{
- let pw="M0ng00se";
- let pp:&[u8] = b"M0ng00se";
- let sha=ecdh::HASH_TYPE;
- let mut salt:[u8;8]=[0;8];
- let mut raw:[u8;100]=[0;100];
- let mut s1:[u8;ecdh::EGS]=[0;ecdh::EGS];
- let mut w0:[u8;2*ecdh::EFS+1]=[0;2*ecdh::EFS+1];
- let mut w1:[u8;2*ecdh::EFS+1]=[0;2*ecdh::EFS+1];
- let mut z0:[u8;ecdh::EFS]=[0;ecdh::EFS];
- let mut z1:[u8;ecdh::EFS]=[0;ecdh::EFS];
- let mut key:[u8;ecdh::EAS]=[0;ecdh::EAS];
- let mut cs: [u8;ecdh::EGS]=[0;ecdh::EGS];
- let mut ds: [u8;ecdh::EGS]=[0;ecdh::EGS];
- let mut m: Vec<u8> = vec![0;32]; // array that could be of any length. So use heap.
- let mut p1: [u8;3]=[0;3];
- let mut p2: [u8;4]=[0;4];
- let mut v: [u8;2*ecdh::EFS+1]=[0;2*ecdh::EFS+1];
- let mut t: [u8;12]=[0;12];
-
- let mut rng=RAND::new();
- rng.clean();
- for i in 0..100 {raw[i]=i as u8}
-
- rng.seed(100,&raw);
-
- for i in 0..8 {salt[i]=(i+1) as u8} // set Salt
-
- println!("Alice's Passphrase= {}",pw);
-
- let mut s0:[u8;ecdh::EFS]=[0;ecdh::EGS];
- ecdh::pbkdf2(sha,pp,&salt,1000,ecdh::EGS,&mut s0);
-
- print!("Alice's private key= 0x");
- printbinary(&s0);
-
-/* Generate Key pair S/W */
- ecdh::key_pair_generate(None,&mut s0,&mut w0);
-
- print!("Alice's public key= 0x");
- printbinary(&w0);
-
- let mut res=ecdh::public_key_validate(true,&w0);
- if res!=0 {
- println!("ECP Public Key is invalid!");
- return;
- }
-
-/* Random private key for other party */
- ecdh::key_pair_generate(Some(&mut rng),&mut s1,&mut w1);
-
- print!("Servers private key= 0x");
- printbinary(&s1);
-
- print!("Servers public key= 0x");
- printbinary(&w1);
-
-
- res=ecdh::public_key_validate(true,&w1);
- if res!=0 {
- println!("ECP Public Key is invalid!");
- return;
- }
-/* Calculate common key using DH - IEEE 1363 method */
-
- ecdh::ecpsvdp_dh(&s0,&w1,&mut z0);
- ecdh::ecpsvdp_dh(&s1,&w0,&mut z1);
-
- let mut same=true;
- for i in 0..ecdh::EFS {
- if z0[i]!=z1[i] {same=false}
- }
-
- if !same {
- println!("*** ECPSVDP-DH Failed");
- return;
- }
-
- ecdh::kdf2(sha,&z0,None,ecdh::EAS,&mut key);
-
- print!("Alice's DH Key= 0x"); printbinary(&key);
- print!("Servers DH Key= 0x"); printbinary(&key);
-
- if rom::CURVETYPE!=rom::MONTGOMERY {
-
- for i in 0..17 {m[i]=i as u8}
-
- println!("Testing ECIES");
-
- p1[0]=0x0; p1[1]=0x1; p1[2]=0x2;
- p2[0]=0x0; p2[1]=0x1; p2[2]=0x2; p2[3]=0x3;
-
- let cc=ecdh::ecies_encrypt(sha,&p1,&p2,&mut rng,&w1,&m[0..17],&mut v,&mut t);
-
- if let Some(mut c)=cc {
- println!("Ciphertext= ");
- print!("V= 0x"); printbinary(&v);
- print!("C= 0x"); printbinary(&c);
- print!("T= 0x"); printbinary(&t);
-
-
- let mm=ecdh::ecies_decrypt(sha,&p1,&p2,&v,&mut c,&t,&s1);
- if let Some(rm)=mm {
- println!("Decryption succeeded");
- println!("Message is 0x"); printbinary(&rm);
- }
- else {
- println!("*** ECIES Decryption Failed");
- return;
- }
- }
- else {
- println!("*** ECIES Encryption Failed");
- return;
- }
-
- println!("Testing ECDSA");
-
- if ecdh::ecpsp_dsa(sha,&mut rng,&s0,&m[0..17],&mut cs,&mut ds)!=0 {
- println!("***ECDSA Signature Failed");
- return;
- }
- println!("Signature= ");
- print!("C= 0x"); printbinary(&cs);
- print!("D= 0x"); printbinary(&ds);
-
- if ecdh::ecpvp_dsa(sha,&w0,&m[0..17],&cs,&ds)!=0 {
- println!("***ECDSA Verification Failed");
- return;
- } else {println!("ECDSA Signature/Verification succeeded ")}
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/tests/test_mpin.rs
----------------------------------------------------------------------
diff --git a/version22/rust/tests/test_mpin.rs b/version22/rust/tests/test_mpin.rs
deleted file mode 100644
index 8900254..0000000
--- a/version22/rust/tests/test_mpin.rs
+++ /dev/null
@@ -1,217 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-use std::io;
-
-extern crate amcl;
-
-use amcl::mpin;
-use amcl::ecp;
-use amcl::ecp2;
-use amcl::fp;
-use amcl::fp2;
-use amcl::fp4;
-use amcl::fp12;
-use amcl::pair;
-use amcl::big;
-use amcl::dbig;
-use amcl::rand;
-use amcl::hash256;
-use amcl::hash384;
-use amcl::hash512;
-use amcl::aes;
-use amcl::rom;
-
-use rand::RAND;
-
-pub fn printbinary(array: &[u8]) {
- for i in 0..array.len() {
- print!("{:02X}", array[i])
- }
- println!("")
-}
-
-#[test]
-fn test_mpin()
-{
- let mut raw:[u8;100]=[0;100];
- let mut s:[u8;mpin::EGS]=[0;mpin::EGS];
- const RM:usize=rom::MODBYTES as usize;
- let mut hcid:[u8;RM]=[0;RM];
- let mut hsid:[u8;RM]=[0;RM];
-
- const G1S:usize=2*mpin::EFS+1; /* Group 1 Size */
- const G2S:usize=4*mpin::EFS; /* Group 2 Size */
- const EAS:usize=16;
-
- let mut sst:[u8;G2S]=[0;G2S];
- let mut token: [u8;G1S]=[0;G1S];
- let mut permit:[u8;G1S]=[0;G1S];
- let mut g1: [u8;12*mpin::EFS]=[0;12*mpin::EFS];
- let mut g2: [u8;12*mpin::EFS]=[0;12*mpin::EFS];
- let mut xid: [u8;G1S]=[0;G1S];
- let mut xcid: [u8;G1S]=[0;G1S];
- let mut x: [u8;mpin::EGS]=[0;mpin::EGS];
- let mut y: [u8;mpin::EGS]=[0;mpin::EGS];
- let mut sec: [u8;G1S]=[0;G1S];
- let mut r: [u8;mpin::EGS]=[0;mpin::EGS];
- let mut z: [u8;G1S]=[0;G1S];
- let mut hid: [u8;G1S]=[0;G1S];
- let mut htid: [u8;G1S]=[0;G1S];
- let mut rhid: [u8;G1S]=[0;G1S];
- let mut w: [u8;mpin::EGS]=[0;mpin::EGS];
- let mut t: [u8;G1S]=[0;G1S];
- let mut e: [u8;12*mpin::EFS]=[0;12*mpin::EFS];
- let mut f: [u8;12*mpin::EFS]=[0;12*mpin::EFS];
- let mut h: [u8;RM]=[0;RM];
- let mut ck: [u8;EAS]=[0;EAS];
- let mut sk: [u8;EAS]=[0;EAS];
-
-
- let sha=mpin::HASH_TYPE;
- let mut rng=RAND::new();
- rng.clean();
- for i in 0..100 {raw[i]=(i+1) as u8}
-
- rng.seed(100,&raw);
-
-/* Trusted Authority set-up */
-
- mpin::random_generate(&mut rng,&mut s);
- print!("Master Secret s: 0x"); printbinary(&s);
-
-/* Create Client Identity */
- let name= "testUser@miracl.com";
- let client_id=name.as_bytes();
-
- print!("Client ID= "); printbinary(&client_id);
-
-
- mpin::hash_id(sha,&client_id,&mut hcid); /* Either Client or TA calculates Hash(ID) - you decide! */
-
-/* Client and Server are issued secrets by DTA */
- mpin::get_server_secret(&s,&mut sst);
- print!("Server Secret SS: 0x"); printbinary(&sst);
-
- mpin::get_client_secret(&mut s,&hcid,&mut token);
- print!("Client Secret CS: 0x"); printbinary(&token);
-
-/* Client extracts PIN from secret to create Token */
- let pin:i32=1234;
- println!("Client extracts PIN= {}",pin);
- let mut rtn=mpin::extract_pin(sha,&client_id,pin,&mut token);
- if rtn != 0 {
- println!("FAILURE: EXTRACT_PIN rtn: {}",rtn);
- }
-
- print!("Client Token TK: 0x"); printbinary(&token);
-
- if mpin::FULL {
- mpin::precompute(&token,&hcid,&mut g1,&mut g2);
- }
-
- let mut date=0;
- if mpin::PERMITS {
- date=mpin::today();
-/* Client gets "Time Token" permit from DTA */
- mpin::get_client_permit(sha,date,&s,&hcid,&mut permit);
- print!("Time Permit TP: 0x"); printbinary(&permit);
-
-/* This encoding makes Time permit look random - Elligator squared */
- mpin::encoding(&mut rng,&mut permit);
- print!("Encoded Time Permit TP: 0x"); printbinary(&permit);
- mpin::decoding(&mut permit);
- print!("Decoded Time Permit TP: 0x"); printbinary(&permit);
- }
-
- print!("\nPIN= "); let _ =io::Write::flush(&mut io::stdout());
- let mut input_text = String::new();
- let _ = io::stdin().read_line(&mut input_text);
-
- let pin=input_text.trim().parse::<usize>().unwrap();
-
- println!("MPIN Multi Pass");
-/* Send U=x.ID to server, and recreate secret from token and pin */
- rtn=mpin::client_1(sha,date,&client_id,Some(&mut rng),&mut x,pin,&token,&mut sec,Some(&mut xid[..]),Some(&mut xcid[..]),Some(&permit[..]));
- if rtn != 0 {
- println!("FAILURE: CLIENT_1 rtn: {}",rtn);
- }
-
- if mpin::FULL {
- mpin::hash_id(sha,&client_id,&mut hcid);
- mpin::get_g1_multiple(Some(&mut rng),1,&mut r,&hcid,&mut z); /* Also Send Z=r.ID to Server, remember random r */
- }
-
-/* Server calculates H(ID) and H(T|H(ID)) (if time mpin::PERMITS enabled), and maps them to points on the curve HID and HTID resp. */
-
- mpin::server_1(sha,date,&client_id,&mut hid,Some(&mut htid[..]));
-
-
- if date!=0 {rhid.clone_from_slice(&htid[..]);}
- else {rhid.clone_from_slice(&hid[..]);}
-
-/* Server generates Random number Y and sends it to Client */
- mpin::random_generate(&mut rng,&mut y);
-
- if mpin::FULL {
- mpin::hash_id(sha,&client_id,&mut hsid);
- mpin::get_g1_multiple(Some(&mut rng),0,&mut w,&rhid,&mut t); /* Also send T=w.ID to client, remember random w */
- }
-
-/* Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC */
- rtn=mpin::client_2(&x,&y,&mut sec);
- if rtn != 0 {
- println!("FAILURE: CLIENT_2 rtn: {}",rtn);
- }
-
-/* Server Second pass. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error. */
-/* If PIN error not required, set E and F = null */
-
- if !mpin::PINERROR {
- rtn=mpin::server_2(date,&hid,Some(&htid[..]),&y,&sst,Some(&xid[..]),Some(&xcid[..]),&sec,None,None);
- } else {
- rtn=mpin::server_2(date,&hid,Some(&htid[..]),&y,&sst,Some(&xid[..]),Some(&xcid[..]),&sec,Some(&mut e),Some(&mut f));
- }
-
- if rtn == mpin::BAD_PIN {
- println!("Server says - Bad Pin. I don't know you. Feck off.");
- if mpin::PINERROR {
- let err=mpin::kangaroo(&e,&f);
- if err!=0 {println!("(Client PIN is out by {})",err)}
- }
- return;
- } else {
- println!("Server says - PIN is good! You really are {}",name);
- }
-
- if mpin::FULL {
-
- let mut pxcid=None;
- if mpin::PERMITS {pxcid=Some(&xcid[..])};
-
- mpin::hash_all(sha,&hcid,&xid,pxcid,&sec,&y,&z,&t,&mut h);
- mpin::client_key(sha,&g1,&g2,pin,&r,&x,&h,&t,&mut ck);
- print!("Client Key = 0x"); printbinary(&ck);
-
- mpin::hash_all(sha,&hsid,&xid,pxcid,&sec,&y,&z,&t,&mut h);
- mpin::server_key(sha,&z,&sst,&w,&h,&hid,&xid,pxcid,&mut sk);
- print!("Server Key = 0x"); printbinary(&sk);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/tests/test_rsa.rs
----------------------------------------------------------------------
diff --git a/version22/rust/tests/test_rsa.rs b/version22/rust/tests/test_rsa.rs
deleted file mode 100644
index dd63b67..0000000
--- a/version22/rust/tests/test_rsa.rs
+++ /dev/null
@@ -1,109 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-extern crate amcl;
-
-use amcl::ff;
-use amcl::big;
-use amcl::dbig;
-use amcl::rom;
-use amcl::rand;
-use amcl::hash256;
-use amcl::hash384;
-use amcl::hash512;
-use amcl::rsa;
-
-use rand::RAND;
-
-pub fn printbinary(array: &[u8]) {
- for i in 0..array.len() {
- print!("{:02X}", array[i]);
- }
- println!("");
-}
-
-use std::str;
-//use std::process;
-
-#[test]
-fn test_rsa()
-{
- let sha=rsa::HASH_TYPE;
- let message:&[u8] = b"Hello World\n";
-
- let mut pbc=rsa::new_public_key(rom::FFLEN);
- let mut prv=rsa::new_private_key(rom::HFLEN);
-
- let mut ml:[u8;rsa::RFS]=[0;rsa::RFS];
- let mut ms:[u8;rsa::RFS]=[0;rsa::RFS];
- let mut c: [u8;rsa::RFS]=[0;rsa::RFS];
- let mut s: [u8;rsa::RFS]=[0;rsa::RFS];
- let mut e: [u8;rsa::RFS]=[0;rsa::RFS];
-
- let mut raw:[u8;100]=[0;100];
-
- let mut rng=RAND::new();
-
- rng.clean();
- for i in 0..100 {raw[i]=i as u8}
-
- rng.seed(100,&raw);
-
- println!("Generating public/private key pair");
- rsa::key_pair(&mut rng,65537,&mut prv,&mut pbc);
-
- println!("Encrypting test string\n");
- rsa::oaep_encode(sha,&message,&mut rng,None,&mut e); /* OAEP encode message M to E */
-
- rsa::encrypt(&pbc,&e,&mut c); /* encrypt encoded message */
- print!("Ciphertext= 0x"); printbinary(&c);
-
- println!("Decrypting test string");
- rsa::decrypt(&prv,&c,&mut ml);
- let mlen=rsa::oaep_decode(sha,None,&mut ml); /* OAEP decode message */
-
- let mess=str::from_utf8(&ml[0..mlen]).unwrap();
- print!("{}",&mess);
-
- println!("Signing message");
- rsa::pkcs15(sha,message,&mut c);
-
- rsa::decrypt(&prv,&c,&mut s); /* create signature in S */
-
- print!("Signature= 0x"); printbinary(&s);
-
- rsa::encrypt(&pbc,&s,&mut ms);
-
- let mut cmp=true;
- if c.len()!=ms.len() {
- cmp=false;
- } else {
- for j in 0..c.len() {
- if c[j]!=ms[j] {cmp=false}
- }
- }
- if cmp {
- println!("Signature is valid");
- } else {
- println!("Signature is INVALID");
- }
-
- rsa::private_key_kill(&mut prv);
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/swift/BenchtestEC.swift
----------------------------------------------------------------------
diff --git a/version22/swift/BenchtestEC.swift b/version22/swift/BenchtestEC.swift
deleted file mode 100644
index 126873c..0000000
--- a/version22/swift/BenchtestEC.swift
+++ /dev/null
@@ -1,161 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
- */
-
-//
-// TestECDH.swift
-//
-// Created by Michael Scott on 02/07/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-import Foundation
-//import amcl // comment out for Xcode
-
-public func BenchtestEC()
-{
- let pub=rsa_public_key(Int(ROM.FFLEN))
- let priv=rsa_private_key(Int(ROM.HFLEN))
- var C=[UInt8](repeating: 0,count: RSA.RFS)
- var P=[UInt8](repeating: 0,count: RSA.RFS)
- var M=[UInt8](repeating: 0,count: RSA.RFS)
- let MIN_TIME=10.0
- let MIN_ITERS=10
-
- var fail=false;
- var RAW=[UInt8](repeating: 0,count: 100)
-
- let rng=RAND()
- rng.clean();
- for i in 0 ..< 100 {RAW[i]=UInt8(i&0xff)}
-
- rng.seed(100,RAW)
-
- if ROM.CURVETYPE==ROM.WEIERSTRASS {
- print("Weierstrass parameterisation")
- }
- if ROM.CURVETYPE==ROM.EDWARDS {
- print("Edwards parameterisation")
- }
- if ROM.CURVETYPE==ROM.MONTGOMERY {
- print("Montgomery representation")
- }
- if ROM.MODTYPE==ROM.PSEUDO_MERSENNE {
- print("Pseudo-Mersenne Modulus")
- }
- if ROM.MODTYPE==ROM.MONTGOMERY_FRIENDLY {
- print("Montgomery Friendly Modulus")
- }
- if ROM.MODTYPE==ROM.GENERALISED_MERSENNE {
- print("Generalised-Mersenne Modulus")
- }
- if ROM.MODTYPE==ROM.NOT_SPECIAL {
- print("Not special Modulus")
- }
- print("Modulus size \(ROM.MODBITS) bits")
- print("\(ROM.CHUNK) bit build")
-
- let gx=BIG(ROM.CURVE_Gx);
- var s:BIG
- var G:ECP
- if ROM.CURVETYPE != ROM.MONTGOMERY
- {
- let gy=BIG(ROM.CURVE_Gy)
- G=ECP(gx,gy)
- }
- else
- {G=ECP(gx)}
-
- let r=BIG(ROM.CURVE_Order)
- s=BIG.randomnum(r,rng)
-
- var W=G.mul(r)
- if !W.is_infinity() {
- print("FAILURE - rG!=O")
- fail=true;
- }
-
- var start=Date()
- var iterations=0
- var elapsed=0.0
- while elapsed<MIN_TIME || iterations<MIN_ITERS {
- W=G.mul(s)
- iterations+=1
- elapsed = -start.timeIntervalSinceNow
- }
- elapsed=1000.0*elapsed/Double(iterations)
- print(String(format: "EC mul - %d iterations",iterations),terminator: "");
- print(String(format: " %.2f ms per iteration",elapsed))
-
- print("Generating \(ROM.FFLEN*ROM.BIGBITS) RSA public/private key pair")
-
- start=Date()
- iterations=0
- elapsed=0.0
- while elapsed<MIN_TIME || iterations<MIN_ITERS {
- RSA.KEY_PAIR(rng,65537,priv,pub)
- iterations+=1
- elapsed = -start.timeIntervalSinceNow
- }
- elapsed=1000.0*elapsed/Double(iterations)
- print(String(format: "RSA gen - %d iterations",iterations),terminator: "");
- print(String(format: " %.2f ms per iteration",elapsed))
-
- for i in 0..<RSA.RFS {M[i]=UInt8(i%128)}
-
- start=Date()
- iterations=0
- elapsed=0.0
- while elapsed<MIN_TIME || iterations<MIN_ITERS {
- RSA.ENCRYPT(pub,M,&C)
- iterations+=1
- elapsed = -start.timeIntervalSinceNow
- }
- elapsed=1000.0*elapsed/Double(iterations)
- print(String(format: "RSA enc - %d iterations",iterations),terminator: "");
- print(String(format: " %.2f ms per iteration",elapsed))
-
- start=Date()
- iterations=0
- elapsed=0.0
- while elapsed<MIN_TIME || iterations<MIN_ITERS {
- RSA.DECRYPT(priv,C,&P)
- iterations+=1
- elapsed = -start.timeIntervalSinceNow
- }
- elapsed=1000.0*elapsed/Double(iterations)
- print(String(format: "RSA dec - %d iterations",iterations),terminator: "");
- print(String(format: " %.2f ms per iteration",elapsed))
-
- var cmp=true
- for i in 0..<RSA.RFS {
- if P[i] != M[i] {cmp=false}
- }
-
- if !cmp {
- print("FAILURE - RSA decryption")
- fail=true;
- }
-
- if !fail {
- print("All tests pass")
- }
-}
-
-//BenchtestEC()
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/swift/BenchtestPAIR.swift
----------------------------------------------------------------------
diff --git a/version22/swift/BenchtestPAIR.swift b/version22/swift/BenchtestPAIR.swift
deleted file mode 100644
index 6b60f21..0000000
--- a/version22/swift/BenchtestPAIR.swift
+++ /dev/null
@@ -1,206 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
- */
-
-//
-// TestMPIN.swift
-//
-// Created by Michael Scott on 08/07/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-import Foundation
-//import amcl // comment out for Xcode
-
-public func BenchtestPAIR()
-{
- let MIN_TIME=10.0
- let MIN_ITERS=10
-
- let rng=RAND()
- var fail=false;
-
- var RAW=[UInt8](repeating: 0,count: 100)
-
- for i in 0 ..< 100 {RAW[i]=UInt8((i+1)&0xff)}
- rng.seed(100,RAW)
-
- if ROM.CURVE_PAIRING_TYPE==ROM.BN_CURVE {
- print("BN Pairing-Friendly Curve")
- }
- if ROM.CURVE_PAIRING_TYPE==ROM.BLS_CURVE {
- print("BLS Pairing-Friendly Curve")
- }
- print("Modulus size \(ROM.MODBITS) bits")
- print("\(ROM.CHUNK) bit build")
-
- let gx=BIG(ROM.CURVE_Gx);
-
- let gy=BIG(ROM.CURVE_Gy)
- let G=ECP(gx,gy)
-
- let r=BIG(ROM.CURVE_Order)
- let s=BIG.randomnum(r,rng)
-
- var P=PAIR.G1mul(G,r);
-
- if !P.is_infinity() {
- print("FAILURE - rP!=O")
- fail=true
- }
-
- var start=Date()
- var iterations=0
- var elapsed=0.0
- while elapsed<MIN_TIME || iterations<MIN_ITERS {
- P=PAIR.G1mul(G,s)
- iterations+=1
- elapsed = -start.timeIntervalSinceNow
- }
- elapsed=1000.0*elapsed/Double(iterations)
- print(String(format: "G1 mul - %d iterations",iterations),terminator: "");
- print(String(format: " %.2f ms per iteration",elapsed))
-
- var Q=ECP2(FP2(BIG(ROM.CURVE_Pxa),BIG(ROM.CURVE_Pxb)),FP2(BIG(ROM.CURVE_Pya),BIG(ROM.CURVE_Pyb)))
-
- var W=PAIR.G2mul(Q,r)
-
- if !W.is_infinity() {
- print("FAILURE - rQ!=O")
- fail=true
- }
-
- start=Date()
- iterations=0
- elapsed=0.0
- while elapsed<MIN_TIME || iterations<MIN_ITERS {
- W=PAIR.G2mul(Q,s)
- iterations+=1
- elapsed = -start.timeIntervalSinceNow
- }
- elapsed=1000.0*elapsed/Double(iterations)
- print(String(format: "G2 mul - %d iterations",iterations),terminator: "");
- print(String(format: " %.2f ms per iteration",elapsed))
-
- var w=PAIR.ate(Q,P)
- w=PAIR.fexp(w)
-
- var g=PAIR.GTpow(w,r)
-
- if !g.isunity() {
- print("FAILURE - g^r!=1")
- fail=true
- }
-
- start=Date()
- iterations=0
- elapsed=0.0
- while elapsed<MIN_TIME || iterations<MIN_ITERS {
- g=PAIR.GTpow(w,s)
- iterations+=1
- elapsed = -start.timeIntervalSinceNow
- }
- elapsed=1000.0*elapsed/Double(iterations)
- print(String(format: "GT pow - %d iterations",iterations),terminator: "");
- print(String(format: " %.2f ms per iteration",elapsed))
-
- let f=FP2(BIG(ROM.CURVE_Fra),BIG(ROM.CURVE_Frb))
- let q=BIG(ROM.Modulus)
-
- var m=BIG(q)
- m.mod(r)
-
- let a=BIG(s)
- a.mod(m)
-
- let b=BIG(s)
- b.div(m)
-
- g.copy(w)
- var c=g.trace()
-
- g.frob(f)
- let cp=g.trace()
-
- w.conj()
- g.mul(w);
- let cpm1=g.trace()
-
- g.mul(w)
- let cpm2=g.trace()
-
- start=Date()
- iterations=0
- elapsed=0.0
- while elapsed<MIN_TIME || iterations<MIN_ITERS {
- c=c.xtr_pow2(cp,cpm1,cpm2,a,b)
- iterations+=1
- elapsed = -start.timeIntervalSinceNow
- }
- elapsed=1000.0*elapsed/Double(iterations)
- print(String(format: "GT pow (compressed) - %d iterations",iterations),terminator: "");
- print(String(format: " %.2f ms per iteration",elapsed))
-
- start=Date()
- iterations=0
- elapsed=0.0
- while elapsed<MIN_TIME || iterations<MIN_ITERS {
- w=PAIR.ate(Q,P)
- iterations+=1
- elapsed = -start.timeIntervalSinceNow
- }
- elapsed=1000.0*elapsed/Double(iterations)
- print(String(format: "PAIRing ATE - %d iterations",iterations),terminator: "");
- print(String(format: " %.2f ms per iteration",elapsed))
-
- start=Date()
- iterations=0
- elapsed=0.0
- while elapsed<MIN_TIME || iterations<MIN_ITERS {
- g=PAIR.fexp(w)
- iterations+=1
- elapsed = -start.timeIntervalSinceNow
- }
- elapsed=1000.0*elapsed/Double(iterations)
- print(String(format: "PAIRing FEXP - %d iterations",iterations),terminator: "");
- print(String(format: " %.2f ms per iteration",elapsed))
-
- P.copy(G)
- Q.copy(W)
-
- P=PAIR.G1mul(P,s)
- g=PAIR.ate(Q,P)
- g=PAIR.fexp(g)
-
- P.copy(G)
- Q=PAIR.G2mul(Q,s)
- w=PAIR.ate(Q,P)
- w=PAIR.fexp(w)
-
- if !g.equals(w) {
- print("FAILURE - e(sQ,P)!=e(Q,sP)")
- fail=true
- }
-
- if !fail {
- print("All tests pass")
- }
-}
-
-//BenchtestPAIR()
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/swift/TestECDH.swift
----------------------------------------------------------------------
diff --git a/version22/swift/TestECDH.swift b/version22/swift/TestECDH.swift
deleted file mode 100644
index 3302d75..0000000
--- a/version22/swift/TestECDH.swift
+++ /dev/null
@@ -1,167 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-//
-// TestECDH.swift
-//
-// Created by Michael Scott on 02/07/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-import Foundation
-//import amcl // comment out for Xcode
-
-public func TestECDH()
-{
- let pp=String("M0ng00se");
-
- let EGS=ECDH.EGS
- let EFS=ECDH.EFS
- let EAS=16
- let sha=ECDH.HASH_TYPE
-
- var S1=[UInt8](repeating: 0,count: EGS)
- var W0=[UInt8](repeating: 0,count: 2*EFS+1)
- var W1=[UInt8](repeating: 0,count: 2*EFS+1)
- var Z0=[UInt8](repeating: 0,count: EFS)
- var Z1=[UInt8](repeating: 0,count: EFS)
- var RAW=[UInt8](repeating: 0,count: 100)
- var SALT=[UInt8](repeating: 0,count: 8)
- var P1=[UInt8](repeating: 0,count: 3)
- var P2=[UInt8](repeating: 0,count: 4)
- var V=[UInt8](repeating: 0,count: 2*EFS+1)
- var M=[UInt8](repeating: 0,count: 17)
- var T=[UInt8](repeating: 0,count: 12)
- var CS=[UInt8](repeating: 0,count: EGS)
- var DS=[UInt8](repeating: 0,count: EGS)
-
- let rng=RAND()
-
- rng.clean();
- for i in 0 ..< 100 {RAW[i]=UInt8(i&0xff)}
-
- rng.seed(100,RAW)
-
-
- for i in 0 ..< 8 {SALT[i]=UInt8(i+1)} // set Salt
-
- print("Alice's Passphrase= " + pp!)
- let PW=[UInt8]( (!pp).utf8)
-
- /* private key S0 of size EGS bytes derived from Password and Salt */
-
- var S0=ECDH.PBKDF2(sha,PW,SALT,1000,EGS)
- print("Alice's private key= 0x",terminator: ""); ECDH.printBinary(S0)
-
- /* Generate Key pair S/W */
- ECDH.KEY_PAIR_GENERATE(nil,&S0,&W0);
-
- print("Alice's public key= 0x",terminator: ""); ECDH.printBinary(W0)
-
- var res=ECDH.PUBLIC_KEY_VALIDATE(true,W0);
-
- if res != 0
- {
- print("ECP Public Key is invalid!");
- return;
- }
-
- /* Random private key for other party */
- ECDH.KEY_PAIR_GENERATE(rng,&S1,&W1)
-
- print("Servers private key= 0x",terminator: ""); ECDH.printBinary(S1)
-
- print("Servers public key= 0x",terminator: ""); ECDH.printBinary(W1);
-
- res=ECDH.PUBLIC_KEY_VALIDATE(true,W1)
- if res != 0
- {
- print("ECP Public Key is invalid!")
- return
- }
-
- /* Calculate common key using DH - IEEE 1363 method */
-
- ECDH.ECPSVDP_DH(S0,W1,&Z0)
- ECDH.ECPSVDP_DH(S1,W0,&Z1)
-
- var same=true
- for i in 0 ..< EFS
- {
- if Z0[i] != Z1[i] {same=false}
- }
-
- if (!same)
- {
- print("*** ECPSVDP-DH Failed")
- return
- }
-
- let KEY=ECDH.KDF2(sha,Z0,nil,EAS)
-
- print("Alice's DH Key= 0x",terminator: ""); ECDH.printBinary(KEY)
- print("Servers DH Key= 0x",terminator: ""); ECDH.printBinary(KEY)
-
- if ROM.CURVETYPE != ROM.MONTGOMERY
- {
- print("Testing ECIES")
-
- P1[0]=0x0; P1[1]=0x1; P1[2]=0x2
- P2[0]=0x0; P2[1]=0x1; P2[2]=0x2; P2[3]=0x3
-
- for i in 0...16 {M[i]=UInt8(i&0xff)}
-
- let C=ECDH.ECIES_ENCRYPT(sha,P1,P2,rng,W1,M,&V,&T)
-
- print("Ciphertext= ")
- print("V= 0x",terminator: ""); ECDH.printBinary(V)
- print("C= 0x",terminator: ""); ECDH.printBinary(C)
- print("T= 0x",terminator: ""); ECDH.printBinary(T)
-
- M=ECDH.ECIES_DECRYPT(sha,P1,P2,V,C,T,S1)
- if M.count==0
- {
- print("*** ECIES Decryption Failed\n")
- return
- }
- else {print("Decryption succeeded")}
-
- print("Message is 0x"); ECDH.printBinary(M)
-
- print("Testing ECDSA")
-
- if ECDH.ECPSP_DSA(sha,rng,S0,M,&CS,&DS) != 0
- {
- print("***ECDSA Signature Failed")
- return
- }
- print("Signature= ")
- print("C= 0x",terminator: ""); ECDH.printBinary(CS)
- print("D= 0x",terminator: ""); ECDH.printBinary(DS)
-
- if ECDH.ECPVP_DSA(sha,W0,M,CS,DS) != 0
- {
- print("***ECDSA Verification Failed")
- return
- }
- else {print("ECDSA Signature/Verification succeeded ")}
- }
-}
-
-//TestECDH() // comment out for Xcode
[12/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/fp8.h
----------------------------------------------------------------------
diff --git a/version3/c/fp8.h b/version3/c/fp8.h
deleted file mode 100644
index 82b543d..0000000
--- a/version3/c/fp8.h
+++ /dev/null
@@ -1,294 +0,0 @@
-#ifndef FP8_YYY_H
-#define FP8_YYY_H
-
-#include "fp4_YYY.h"
-#include "config_curve_ZZZ.h"
-
-
-/**
- @brief FP8 Structure - towered over two FP4
-*/
-
-typedef struct
-{
- FP4_YYY a; /**< real part of FP8 */
- FP4_YYY b; /**< imaginary part of FP8 */
-} FP8_YYY;
-
-
-/* FP8 prototypes */
-/** @brief Tests for FP8 equal to zero
- *
- @param x FP8 number to be tested
- @return 1 if zero, else returns 0
- */
-extern int FP8_YYY_iszilch(FP8_YYY *x);
-/** @brief Tests for FP8 equal to unity
- *
- @param x FP8 number to be tested
- @return 1 if unity, else returns 0
- */
-extern int FP8_YYY_isunity(FP8_YYY *x);
-/** @brief Tests for equality of two FP8s
- *
- @param x FP8 instance to be compared
- @param y FP8 instance to be compared
- @return 1 if x=y, else returns 0
- */
-extern int FP8_YYY_equals(FP8_YYY *x,FP8_YYY *y);
-/** @brief Tests for FP8 having only a real part and no imaginary part
- *
- @param x FP8 number to be tested
- @return 1 if real, else returns 0
- */
-extern int FP8_YYY_isreal(FP8_YYY *x);
-/** @brief Initialise FP8 from two FP4s
- *
- @param x FP8 instance to be initialised
- @param a FP4 to form real part of FP8
- @param b FP4 to form imaginary part of FP8
- */
-extern void FP8_YYY_from_FP4s(FP8_YYY *x,FP4_YYY *a,FP4_YYY *b);
-/** @brief Initialise FP8 from single FP4
- *
- Imaginary part is set to zero
- @param x FP8 instance to be initialised
- @param a FP4 to form real part of FP8
- */
-extern void FP8_YYY_from_FP4(FP8_YYY *x,FP4_YYY *a);
-
-/** @brief Initialise FP8 from single FP4
- *
- real part is set to zero
- @param x FP8 instance to be initialised
- @param a FP4 to form imaginary part of FP8
- */
-extern void FP8_YYY_from_FP4H(FP8_YYY *x,FP4_YYY *a);
-
-
-/** @brief Copy FP8 to another FP8
- *
- @param x FP8 instance, on exit = y
- @param y FP8 instance to be copied
- */
-extern void FP8_YYY_copy(FP8_YYY *x,FP8_YYY *y);
-/** @brief Set FP8 to zero
- *
- @param x FP8 instance to be set to zero
- */
-extern void FP8_YYY_zero(FP8_YYY *x);
-/** @brief Set FP8 to unity
- *
- @param x FP8 instance to be set to one
- */
-extern void FP8_YYY_one(FP8_YYY *x);
-/** @brief Negation of FP8
- *
- @param x FP8 instance, on exit = -y
- @param y FP8 instance
- */
-extern void FP8_YYY_neg(FP8_YYY *x,FP8_YYY *y);
-/** @brief Conjugation of FP8
- *
- If y=(a,b) on exit x=(a,-b)
- @param x FP8 instance, on exit = conj(y)
- @param y FP8 instance
- */
-extern void FP8_YYY_conj(FP8_YYY *x,FP8_YYY *y);
-/** @brief Negative conjugation of FP8
- *
- If y=(a,b) on exit x=(-a,b)
- @param x FP8 instance, on exit = -conj(y)
- @param y FP8 instance
- */
-extern void FP8_YYY_nconj(FP8_YYY *x,FP8_YYY *y);
-/** @brief addition of two FP8s
- *
- @param x FP8 instance, on exit = y+z
- @param y FP8 instance
- @param z FP8 instance
- */
-extern void FP8_YYY_add(FP8_YYY *x,FP8_YYY *y,FP8_YYY *z);
-/** @brief subtraction of two FP8s
- *
- @param x FP8 instance, on exit = y-z
- @param y FP8 instance
- @param z FP8 instance
- */
-extern void FP8_YYY_sub(FP8_YYY *x,FP8_YYY *y,FP8_YYY *z);
-/** @brief Multiplication of an FP8 by an FP4
- *
- @param x FP8 instance, on exit = y*a
- @param y FP8 instance
- @param a FP4 multiplier
- */
-extern void FP8_YYY_pmul(FP8_YYY *x,FP8_YYY *y,FP4_YYY *a);
-
-/** @brief Multiplication of an FP8 by an FP2
- *
- @param x FP8 instance, on exit = y*a
- @param y FP8 instance
- @param a FP2 multiplier
- */
-extern void FP8_YYY_qmul(FP8_YYY *x,FP8_YYY *y,FP2_YYY *a);
-
-/** @brief Multiplication of an FP8 by an FP
- *
- @param x FP8 instance, on exit = y*a
- @param y FP8 instance
- @param a FP multiplier
- */
-extern void FP8_YYY_tmul(FP8_YYY *x,FP8_YYY *y,FP_YYY *a);
-
-/** @brief Multiplication of an FP8 by a small integer
- *
- @param x FP8 instance, on exit = y*i
- @param y FP8 instance
- @param i an integer
- */
-extern void FP8_YYY_imul(FP8_YYY *x,FP8_YYY *y,int i);
-/** @brief Squaring an FP8
- *
- @param x FP8 instance, on exit = y^2
- @param y FP8 instance
- */
-extern void FP8_YYY_sqr(FP8_YYY *x,FP8_YYY *y);
-/** @brief Multiplication of two FP8s
- *
- @param x FP8 instance, on exit = y*z
- @param y FP8 instance
- @param z FP8 instance
- */
-extern void FP8_YYY_mul(FP8_YYY *x,FP8_YYY *y,FP8_YYY *z);
-/** @brief Inverting an FP8
- *
- @param x FP8 instance, on exit = 1/y
- @param y FP8 instance
- */
-extern void FP8_YYY_inv(FP8_YYY *x,FP8_YYY *y);
-/** @brief Formats and outputs an FP8 to the console
- *
- @param x FP8 instance to be printed
- */
-extern void FP8_YYY_output(FP8_YYY *x);
-/** @brief Formats and outputs an FP8 to the console in raw form (for debugging)
- *
- @param x FP8 instance to be printed
- */
-extern void FP8_YYY_rawoutput(FP8_YYY *x);
-/** @brief multiplies an FP8 instance by irreducible polynomial sqrt(1+sqrt(-1))
- *
- @param x FP8 instance, on exit = sqrt(1+sqrt(-1)*x
- */
-extern void FP8_YYY_times_i(FP8_YYY *x);
-/** @brief multiplies an FP8 instance by irreducible polynomial (1+sqrt(-1))
- *
- @param x FP8 instance, on exit = (1+sqrt(-1)*x
- */
-extern void FP8_YYY_times_i2(FP8_YYY *x);
-
-/** @brief Normalises the components of an FP8
- *
- @param x FP8 instance to be normalised
- */
-extern void FP8_YYY_norm(FP8_YYY *x);
-/** @brief Reduces all components of possibly unreduced FP8 mod Modulus
- *
- @param x FP8 instance, on exit reduced mod Modulus
- */
-extern void FP8_YYY_reduce(FP8_YYY *x);
-/** @brief Raises an FP8 to the power of a BIG
- *
- @param x FP8 instance, on exit = y^b
- @param y FP8 instance
- @param b BIG number
- */
-extern void FP8_YYY_pow(FP8_YYY *x,FP8_YYY *y,BIG_XXX b);
-/** @brief Raises an FP8 to the power of the internal modulus p, using the Frobenius
- *
- @param x FP8 instance, on exit = x^p
- @param f FP2 precalculated Frobenius constant
- */
-extern void FP8_YYY_frob(FP8_YYY *x,FP2_YYY *f);
-/** @brief Calculates the XTR addition function r=w*x-conj(x)*y+z
- *
- @param r FP8 instance, on exit = w*x-conj(x)*y+z
- @param w FP8 instance
- @param x FP8 instance
- @param y FP8 instance
- @param z FP8 instance
- */
-extern void FP8_YYY_xtr_A(FP8_YYY *r,FP8_YYY *w,FP8_YYY *x,FP8_YYY *y,FP8_YYY *z);
-/** @brief Calculates the XTR doubling function r=x^2-2*conj(x)
- *
- @param r FP8 instance, on exit = x^2-2*conj(x)
- @param x FP8 instance
- */
-extern void FP8_YYY_xtr_D(FP8_YYY *r,FP8_YYY *x);
-/** @brief Calculates FP8 trace of an FP12 raised to the power of a BIG number
- *
- XTR single exponentiation
- @param r FP8 instance, on exit = trace(w^b)
- @param x FP8 instance, trace of an FP12 w
- @param b BIG number
- */
-extern void FP8_YYY_xtr_pow(FP8_YYY *r,FP8_YYY *x,BIG_XXX b);
-/** @brief Calculates FP8 trace of c^a.d^b, where c and d are derived from FP8 traces of FP12s
- *
- XTR double exponentiation
- Assumes c=tr(x^m), d=tr(x^n), e=tr(x^(m-n)), f=tr(x^(m-2n))
- @param r FP8 instance, on exit = trace(c^a.d^b)
- @param c FP8 instance, trace of an FP12
- @param d FP8 instance, trace of an FP12
- @param e FP8 instance, trace of an FP12
- @param f FP8 instance, trace of an FP12
- @param a BIG number
- @param b BIG number
- */
-extern void FP8_YYY_xtr_pow2(FP8_YYY *r,FP8_YYY *c,FP8_YYY *d,FP8_YYY *e,FP8_YYY *f,BIG_XXX a,BIG_XXX b);
-
-
-/** @brief Calculate square root of an FP8
- *
- Square root
- @param r FP8 instance, on exit = sqrt(x)
- @param x FP8 instance
- @return 1 x is a QR, otherwise 0
- */
-extern int FP8_YYY_sqrt(FP8_YYY *r,FP8_YYY *x);
-
-
-/** @brief Conditional copy of FP8 number
- *
- Conditionally copies second parameter to the first (without branching)
- @param x FP8 instance, set to y if s!=0
- @param y another FP8 instance
- @param s copy only takes place if not equal to 0
- */
-extern void FP8_YYY_cmove(FP8_YYY *x,FP8_YYY *y,int s);
-
-
-/** @brief Divide FP8 number by QNR
- *
- Divide FP8 by the QNR
- @param x FP8 instance
- */
-extern void FP8_YYY_div_i(FP8_YYY *x);
-
-/** @brief Divide FP8 number by QNR twice
- *
- Divide FP8 by the QNR twice
- @param x FP8 instance
- */
-extern void FP8_YYY_div_i2(FP8_YYY *x);
-
-/** @brief Divide FP8 number by QNR/2
- *
- Divide FP8 by the QNR/2
- @param x FP8 instance
- */
-extern void FP8_YYY_div_2i(FP8_YYY *x);
-
-
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/gcm.c
----------------------------------------------------------------------
diff --git a/version3/c/gcm.c b/version3/c/gcm.c
deleted file mode 100644
index 3bd9b8d..0000000
--- a/version3/c/gcm.c
+++ /dev/null
@@ -1,411 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/*
- * Implementation of the AES-GCM Encryption/Authentication
- *
- * Some restrictions..
- * 1. Only for use with AES
- * 2. Returned tag is always 128-bits. Truncate at your own risk.
- * 3. The order of function calls must follow some rules
- *
- * Typical sequence of calls..
- * 1. call GCM_init
- * 2. call GCM_add_header any number of times, as long as length of header is multiple of 16 bytes (block size)
- * 3. call GCM_add_header one last time with any length of header
- * 4. call GCM_add_cipher any number of times, as long as length of cipher/plaintext is multiple of 16 bytes
- * 5. call GCM_add_cipher one last time with any length of cipher/plaintext
- * 6. call GCM_finish to extract the tag.
- *
- * See http://www.mindspring.com/~dmcgrew/gcm-nist-6.pdf
- */
-/* SU=m, m is Stack Usage */
-
-#include <stdlib.h>
-#include <string.h>
-#include "arch.h"
-#include "amcl.h"
-
-#define NB 4
-#define MR_TOBYTE(x) ((uchar)((x)))
-
-static unsign32 pack(const uchar *b)
-{
- /* pack bytes into a 32-bit Word */
- return ((unsign32)b[0]<<24)|((unsign32)b[1]<<16)|((unsign32)b[2]<<8)|(unsign32)b[3];
-}
-
-static void unpack(unsign32 a,uchar *b)
-{
- /* unpack bytes from a word */
- b[3]=MR_TOBYTE(a);
- b[2]=MR_TOBYTE(a>>8);
- b[1]=MR_TOBYTE(a>>16);
- b[0]=MR_TOBYTE(a>>24);
-}
-
-static void precompute(gcm *g,uchar *H)
-{
- /* precompute small 2k bytes gf2m table of x^n.H */
- int i,j;
- unsign32 *last,*next,b;
-
- for (i=j=0; i<NB; i++,j+=4) g->table[0][i]=pack((uchar *)&H[j]);
-
- for (i=1; i<128; i++)
- {
- next=g->table[i];
- last=g->table[i-1];
- b=0;
- for (j=0; j<NB; j++)
- {
- next[j]=b|(last[j])>>1;
- b=last[j]<<31;
- }
- if (b) next[0]^=0xE1000000; /* irreducible polynomial */
- }
-}
-
-/* SU= 32 */
-static void gf2mul(gcm *g)
-{
- /* gf2m mul - Z=H*X mod 2^128 */
- int i,j,m,k;
- unsign32 P[4];
- unsign32 b;
-
- P[0]=P[1]=P[2]=P[3]=0;
- j=8;
- m=0;
- for (i=0; i<128; i++)
- {
- b=(unsign32)(g->stateX[m]>>(--j))&1;
- b=~b+1;
- for (k=0; k<NB; k++) P[k]^=(g->table[i][k]&b);
- if (j==0)
- {
- j=8;
- m++;
- if (m==16) break;
- }
- }
- for (i=j=0; i<NB; i++,j+=4) unpack(P[i],(uchar *)&g->stateX[j]);
-}
-
-/* SU= 32 */
-static void GCM_wrap(gcm *g)
-{
- /* Finish off GHASH */
- int i,j;
- unsign32 F[4];
- uchar L[16];
-
- /* convert lengths from bytes to bits */
- F[0]=(g->lenA[0]<<3)|(g->lenA[1]&0xE0000000)>>29;
- F[1]=g->lenA[1]<<3;
- F[2]=(g->lenC[0]<<3)|(g->lenC[1]&0xE0000000)>>29;
- F[3]=g->lenC[1]<<3;
- for (i=j=0; i<NB; i++,j+=4) unpack(F[i],(uchar *)&L[j]);
-
- for (i=0; i<16; i++) g->stateX[i]^=L[i];
- gf2mul(g);
-}
-
-static int GCM_ghash(gcm *g,char *plain,int len)
-{
- int i,j=0;
- if (g->status==GCM_ACCEPTING_HEADER) g->status=GCM_ACCEPTING_CIPHER;
- if (g->status!=GCM_ACCEPTING_CIPHER) return 0;
-
- while (j<len)
- {
- for (i=0; i<16 && j<len; i++)
- {
- g->stateX[i]^=plain[j++];
- g->lenC[1]++;
- if (g->lenC[1]==0) g->lenC[0]++;
- }
- gf2mul(g);
- }
- if (len%16!=0) g->status=GCM_NOT_ACCEPTING_MORE;
- return 1;
-}
-
-/* SU= 48 */
-/* Initialize GCM mode */
-void GCM_init(gcm* g,int nk,char *key,int niv,char *iv)
-{
- /* iv size niv is usually 12 bytes (96 bits). AES key size nk can be 16,24 or 32 bytes */
- int i;
- uchar H[16];
- for (i=0; i<16; i++)
- {
- H[i]=0;
- g->stateX[i]=0;
- }
-
- AES_init(&(g->a),ECB,nk,key,iv);
- AES_ecb_encrypt(&(g->a),H); /* E(K,0) */
- precompute(g,H);
-
- g->lenA[0]=g->lenC[0]=g->lenA[1]=g->lenC[1]=0;
- if (niv==12)
- {
- for (i=0; i<12; i++) g->a.f[i]=iv[i];
- unpack((unsign32)1,(uchar *)&(g->a.f[12])); /* initialise IV */
- for (i=0; i<16; i++) g->Y_0[i]=g->a.f[i];
- }
- else
- {
- g->status=GCM_ACCEPTING_CIPHER;
- GCM_ghash(g,iv,niv); /* GHASH(H,0,IV) */
- GCM_wrap(g);
- for (i=0; i<16; i++)
- {
- g->a.f[i]=g->stateX[i];
- g->Y_0[i]=g->a.f[i];
- g->stateX[i]=0;
- }
- g->lenA[0]=g->lenC[0]=g->lenA[1]=g->lenC[1]=0;
- }
- g->status=GCM_ACCEPTING_HEADER;
-}
-
-/* SU= 24 */
-/* Add Header data - included but not encrypted */
-int GCM_add_header(gcm* g,char *header,int len)
-{
- /* Add some header. Won't be encrypted, but will be authenticated. len is length of header */
- int i,j=0;
- if (g->status!=GCM_ACCEPTING_HEADER) return 0;
-
- while (j<len)
- {
- for (i=0; i<16 && j<len; i++)
- {
- g->stateX[i]^=header[j++];
- g->lenA[1]++;
- if (g->lenA[1]==0) g->lenA[0]++;
- }
- gf2mul(g);
- }
- if (len%16!=0) g->status=GCM_ACCEPTING_CIPHER;
- return 1;
-}
-
-/* SU= 48 */
-/* Add Plaintext - included and encrypted */
-int GCM_add_plain(gcm *g,char *cipher,char *plain,int len)
-{
- /* Add plaintext to extract ciphertext, len is length of plaintext. */
- int i,j=0;
- unsign32 counter;
- uchar B[16];
- if (g->status==GCM_ACCEPTING_HEADER) g->status=GCM_ACCEPTING_CIPHER;
- if (g->status!=GCM_ACCEPTING_CIPHER) return 0;
-
- while (j<len)
- {
- counter=pack((uchar *)&(g->a.f[12]));
- counter++;
- unpack(counter,(uchar *)&(g->a.f[12])); /* increment counter */
- for (i=0; i<16; i++) B[i]=g->a.f[i];
- AES_ecb_encrypt(&(g->a),B); /* encrypt it */
-
- for (i=0; i<16 && j<len; i++)
- {
- cipher[j]=plain[j]^B[i];
- g->stateX[i]^=cipher[j++];
- g->lenC[1]++;
- if (g->lenC[1]==0) g->lenC[0]++;
- }
- gf2mul(g);
- }
- if (len%16!=0) g->status=GCM_NOT_ACCEPTING_MORE;
- return 1;
-}
-
-/* SU= 48 */
-/* Add Ciphertext - decrypts to plaintext */
-int GCM_add_cipher(gcm *g,char *plain,char *cipher,int len)
-{
- /* Add ciphertext to extract plaintext, len is length of ciphertext. */
- int i,j=0;
- unsign32 counter;
- char oc;
- uchar B[16];
- if (g->status==GCM_ACCEPTING_HEADER) g->status=GCM_ACCEPTING_CIPHER;
- if (g->status!=GCM_ACCEPTING_CIPHER) return 0;
-
- while (j<len)
- {
- counter=pack((uchar *)&(g->a.f[12]));
- counter++;
- unpack(counter,(uchar *)&(g->a.f[12])); /* increment counter */
- for (i=0; i<16; i++) B[i]=g->a.f[i];
- AES_ecb_encrypt(&(g->a),B); /* encrypt it */
- for (i=0; i<16 && j<len; i++)
- {
- oc=cipher[j];
- plain[j]=cipher[j]^B[i];
- g->stateX[i]^=oc;
- j++;
- g->lenC[1]++;
- if (g->lenC[1]==0) g->lenC[0]++;
- }
- gf2mul(g);
- }
- if (len%16!=0) g->status=GCM_NOT_ACCEPTING_MORE;
- return 1;
-}
-
-/* SU= 16 */
-/* Finish and extract Tag */
-void GCM_finish(gcm *g,char *tag)
-{
- /* Finish off GHASH and extract tag (MAC) */
- int i;
-
- GCM_wrap(g);
-
- /* extract tag */
- if (tag!=NULL)
- {
- AES_ecb_encrypt(&(g->a),g->Y_0); /* E(K,Y0) */
- for (i=0; i<16; i++) g->Y_0[i]^=g->stateX[i];
- for (i=0; i<16; i++)
- {
- tag[i]=g->Y_0[i];
- g->Y_0[i]=g->stateX[i]=0;
- }
- }
- g->status=GCM_FINISHED;
- AES_end(&(g->a));
-}
-
-
-// Compile with
-// gcc -O2 gcm.c aes.c -o gcm.exe
-/* SU= 16
-*/
-
-/* static void hex2bytes(char *hex,char *bin) */
-/* { */
-/* int i; */
-/* char v; */
-/* int len=strlen(hex); */
-/* for (i = 0; i < len/2; i++) { */
-/* char c = hex[2*i]; */
-/* if (c >= '0' && c <= '9') { */
-/* v = c - '0'; */
-/* } else if (c >= 'A' && c <= 'F') { */
-/* v = c - 'A' + 10; */
-/* } else if (c >= 'a' && c <= 'f') { */
-/* v = c - 'a' + 10; */
-/* } else { */
-/* v = 0; */
-/* } */
-/* v <<= 4; */
-/* c = hex[2*i + 1]; */
-/* if (c >= '0' && c <= '9') { */
-/* v += c - '0'; */
-/* } else if (c >= 'A' && c <= 'F') { */
-/* v += c - 'A' + 10; */
-/* } else if (c >= 'a' && c <= 'f') { */
-/* v += c - 'a' + 10; */
-/* } else { */
-/* v = 0; */
-/* } */
-/* bin[i] = v; */
-/* } */
-/* } */
-
-/*
-int main()
-{
- int i;
-
-// char* KT="feffe9928665731c6d6a8f9467308308";
-// char* MT="d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39";
-// char* HT="feedfacedeadbeeffeedfacedeadbeefabaddad2";
-// char* NT="cafebabefacedbaddecaf888";
-// Tag should be 5bc94fbc3221a5db94fae95ae7121a47
-// char* NT="9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b";
-// Tag should be 619cc5aefffe0bfa462af43c1699d050
-
- char* KT="6dfb5dc68af6ae2f3242e9184f100918";
- char* MT="47809d16c2c6ec685962c90e53fe1bba";
- char* HT="dd0fa6e494031139d71ee45f00d56fa4";
- char* NT="37d36f5c54d53479d4745dd1";
-
-
- int len=strlen(MT)/2;
- int lenH=strlen(HT)/2;
- int lenK=strlen(KT)/2;
- int lenIV=strlen(NT)/2;
-
- char T[16]; // Tag
- char K[16]; // AES Key
- char H[64]; // Header - to be included in Authentication, but not encrypted
- char N[100]; // IV - Initialisation vector
- char M[100]; // Plaintext to be encrypted/authenticated
- char C[100]; // Ciphertext
- char P[100]; // Recovered Plaintext
-
- gcm g;
-
- hex2bytes(MT, M);
- hex2bytes(HT, H);
- hex2bytes(NT, N);
- hex2bytes(KT, K);
-
- printf("lenK= %d\n",lenK);
-
- printf("Plaintext=\n");
- for (i=0;i<len;i++) printf("%02x",(unsigned char)M[i]);
- printf("\n");
-
- GCM_init(&g,16,K,lenIV,N);
- GCM_add_header(&g,H,lenH);
- GCM_add_plain(&g,C,M,len);
- GCM_finish(&g,T);
-
- printf("Ciphertext=\n");
- for (i=0;i<len;i++) printf("%02x",(unsigned char)C[i]);
- printf("\n");
-
- printf("Tag=\n");
- for (i=0;i<16;i++) printf("%02x",(unsigned char)T[i]);
- printf("\n");
-
- GCM_init(&g,16,K,lenIV,N);
- GCM_add_header(&g,H,lenH);
- GCM_add_cipher(&g,P,C,len);
- GCM_finish(&g,T);
-
- printf("Plaintext=\n");
- for (i=0;i<len;i++) printf("%02x",(unsigned char)P[i]);
- printf("\n");
-
- printf("Tag=\n");
- for (i=0;i<16;i++) printf("%02x",(unsigned char)T[i]);
- printf("\n");
-}
-
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/hash.c
----------------------------------------------------------------------
diff --git a/version3/c/hash.c b/version3/c/hash.c
deleted file mode 100644
index b56123e..0000000
--- a/version3/c/hash.c
+++ /dev/null
@@ -1,607 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/*
- * Implementation of the Secure Hashing Algorithm (SHA-256/384/512 and SHA3)
- *
- * Generates a message digest. It should be impossible to come
- * come up with two messages that hash to the same value ("collision free").
- *
- * For use with byte-oriented messages only. Could/Should be speeded
- * up by unwinding loops in HASH_transform(), and assembly patches.
- */
-
-#include "arch.h"
-#include "amcl.h"
-
-
-#define H0_256 0x6A09E667L
-#define H1_256 0xBB67AE85L
-#define H2_256 0x3C6EF372L
-#define H3_256 0xA54FF53AL
-#define H4_256 0x510E527FL
-#define H5_256 0x9B05688CL
-#define H6_256 0x1F83D9ABL
-#define H7_256 0x5BE0CD19L
-
-static const unsign32 K_256[64]=
-{
- 0x428a2f98L,0x71374491L,0xb5c0fbcfL,0xe9b5dba5L,0x3956c25bL,0x59f111f1L,0x923f82a4L,0xab1c5ed5L,
- 0xd807aa98L,0x12835b01L,0x243185beL,0x550c7dc3L,0x72be5d74L,0x80deb1feL,0x9bdc06a7L,0xc19bf174L,
- 0xe49b69c1L,0xefbe4786L,0x0fc19dc6L,0x240ca1ccL,0x2de92c6fL,0x4a7484aaL,0x5cb0a9dcL,0x76f988daL,
- 0x983e5152L,0xa831c66dL,0xb00327c8L,0xbf597fc7L,0xc6e00bf3L,0xd5a79147L,0x06ca6351L,0x14292967L,
- 0x27b70a85L,0x2e1b2138L,0x4d2c6dfcL,0x53380d13L,0x650a7354L,0x766a0abbL,0x81c2c92eL,0x92722c85L,
- 0xa2bfe8a1L,0xa81a664bL,0xc24b8b70L,0xc76c51a3L,0xd192e819L,0xd6990624L,0xf40e3585L,0x106aa070L,
- 0x19a4c116L,0x1e376c08L,0x2748774cL,0x34b0bcb5L,0x391c0cb3L,0x4ed8aa4aL,0x5b9cca4fL,0x682e6ff3L,
- 0x748f82eeL,0x78a5636fL,0x84c87814L,0x8cc70208L,0x90befffaL,0xa4506cebL,0xbef9a3f7L,0xc67178f2L
-};
-
-#define PAD 0x80
-#define ZERO 0
-
-/* functions */
-
-#define S(m,n,x) (((x)>>n) | ((x)<<(m-n)))
-#define R(n,x) ((x)>>n)
-
-#define Ch(x,y,z) ((x&y)^(~(x)&z))
-#define Maj(x,y,z) ((x&y)^(x&z)^(y&z))
-#define Sig0_256(x) (S(32,2,x)^S(32,13,x)^S(32,22,x))
-#define Sig1_256(x) (S(32,6,x)^S(32,11,x)^S(32,25,x))
-#define theta0_256(x) (S(32,7,x)^S(32,18,x)^R(3,x))
-#define theta1_256(x) (S(32,17,x)^S(32,19,x)^R(10,x))
-
-#define Sig0_512(x) (S(64,28,x)^S(64,34,x)^S(64,39,x))
-#define Sig1_512(x) (S(64,14,x)^S(64,18,x)^S(64,41,x))
-#define theta0_512(x) (S(64,1,x)^S(64,8,x)^R(7,x))
-#define theta1_512(x) (S(64,19,x)^S(64,61,x)^R(6,x))
-
-
-/* SU= 72 */
-static void HASH256_transform(hash256 *sh)
-{
- /* basic transformation step */
- unsign32 a,b,c,d,e,f,g,h,t1,t2;
- int j;
- for (j=16; j<64; j++)
- sh->w[j]=theta1_256(sh->w[j-2])+sh->w[j-7]+theta0_256(sh->w[j-15])+sh->w[j-16];
-
- a=sh->h[0];
- b=sh->h[1];
- c=sh->h[2];
- d=sh->h[3];
- e=sh->h[4];
- f=sh->h[5];
- g=sh->h[6];
- h=sh->h[7];
-
- for (j=0; j<64; j++)
- {
- /* 64 times - mush it up */
- t1=h+Sig1_256(e)+Ch(e,f,g)+K_256[j]+sh->w[j];
- t2=Sig0_256(a)+Maj(a,b,c);
- h=g;
- g=f;
- f=e;
- e=d+t1;
- d=c;
- c=b;
- b=a;
- a=t1+t2;
- }
-
- sh->h[0]+=a;
- sh->h[1]+=b;
- sh->h[2]+=c;
- sh->h[3]+=d;
- sh->h[4]+=e;
- sh->h[5]+=f;
- sh->h[6]+=g;
- sh->h[7]+=h;
-}
-
-/* Initialise Hash function */
-void HASH256_init(hash256 *sh)
-{
- /* re-initialise */
- int i;
- for (i=0; i<64; i++) sh->w[i]=0L;
- sh->length[0]=sh->length[1]=0L;
- sh->h[0]=H0_256;
- sh->h[1]=H1_256;
- sh->h[2]=H2_256;
- sh->h[3]=H3_256;
- sh->h[4]=H4_256;
- sh->h[5]=H5_256;
- sh->h[6]=H6_256;
- sh->h[7]=H7_256;
-
- sh->hlen=32;
-}
-
-/* process a single byte */
-void HASH256_process(hash256 *sh,int byt)
-{
- /* process the next message byte */
- int cnt;
-//printf("byte= %x\n",byt);
- cnt=(int)((sh->length[0]/32)%16);
-
- sh->w[cnt]<<=8;
- sh->w[cnt]|=(unsign32)(byt&0xFF);
-
- sh->length[0]+=8;
- if (sh->length[0]==0L)
- {
- sh->length[1]++;
- sh->length[0]=0L;
- }
- if ((sh->length[0]%512)==0) HASH256_transform(sh);
-}
-
-/* SU= 24 */
-/* Generate 32-byte Hash */
-void HASH256_hash(hash256 *sh,char *digest)
-{
- /* pad message and finish - supply digest */
- int i;
- unsign32 len0,len1;
- len0=sh->length[0];
- len1=sh->length[1];
- HASH256_process(sh,PAD);
- while ((sh->length[0]%512)!=448) HASH256_process(sh,ZERO);
- sh->w[14]=len1;
- sh->w[15]=len0;
- HASH256_transform(sh);
- for (i=0; i<sh->hlen; i++)
- {
- /* convert to bytes */
- digest[i]=(char)((sh->h[i/4]>>(8*(3-i%4))) & 0xffL);
- }
- HASH256_init(sh);
-}
-
-
-#define H0_512 0x6a09e667f3bcc908
-#define H1_512 0xbb67ae8584caa73b
-#define H2_512 0x3c6ef372fe94f82b
-#define H3_512 0xa54ff53a5f1d36f1
-#define H4_512 0x510e527fade682d1
-#define H5_512 0x9b05688c2b3e6c1f
-#define H6_512 0x1f83d9abfb41bd6b
-#define H7_512 0x5be0cd19137e2179
-
-#define H8_512 0xcbbb9d5dc1059ed8
-#define H9_512 0x629a292a367cd507
-#define HA_512 0x9159015a3070dd17
-#define HB_512 0x152fecd8f70e5939
-#define HC_512 0x67332667ffc00b31
-#define HD_512 0x8eb44a8768581511
-#define HE_512 0xdb0c2e0d64f98fa7
-#define HF_512 0x47b5481dbefa4fa4
-
-/* */
-
-static const unsign64 K_512[80]=
-{
- 0x428a2f98d728ae22,0x7137449123ef65cd,0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc,
- 0x3956c25bf348b538,0x59f111f1b605d019,0x923f82a4af194f9b,0xab1c5ed5da6d8118,
- 0xd807aa98a3030242,0x12835b0145706fbe,0x243185be4ee4b28c,0x550c7dc3d5ffb4e2,
- 0x72be5d74f27b896f,0x80deb1fe3b1696b1,0x9bdc06a725c71235,0xc19bf174cf692694,
- 0xe49b69c19ef14ad2,0xefbe4786384f25e3,0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65,
- 0x2de92c6f592b0275,0x4a7484aa6ea6e483,0x5cb0a9dcbd41fbd4,0x76f988da831153b5,
- 0x983e5152ee66dfab,0xa831c66d2db43210,0xb00327c898fb213f,0xbf597fc7beef0ee4,
- 0xc6e00bf33da88fc2,0xd5a79147930aa725,0x06ca6351e003826f,0x142929670a0e6e70,
- 0x27b70a8546d22ffc,0x2e1b21385c26c926,0x4d2c6dfc5ac42aed,0x53380d139d95b3df,
- 0x650a73548baf63de,0x766a0abb3c77b2a8,0x81c2c92e47edaee6,0x92722c851482353b,
- 0xa2bfe8a14cf10364,0xa81a664bbc423001,0xc24b8b70d0f89791,0xc76c51a30654be30,
- 0xd192e819d6ef5218,0xd69906245565a910,0xf40e35855771202a,0x106aa07032bbd1b8,
- 0x19a4c116b8d2d0c8,0x1e376c085141ab53,0x2748774cdf8eeb99,0x34b0bcb5e19b48a8,
- 0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb,0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3,
- 0x748f82ee5defb2fc,0x78a5636f43172f60,0x84c87814a1f0ab72,0x8cc702081a6439ec,
- 0x90befffa23631e28,0xa4506cebde82bde9,0xbef9a3f7b2c67915,0xc67178f2e372532b,
- 0xca273eceea26619c,0xd186b8c721c0c207,0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178,
- 0x06f067aa72176fba,0x0a637dc5a2c898a6,0x113f9804bef90dae,0x1b710b35131c471b,
- 0x28db77f523047d84,0x32caab7b40c72493,0x3c9ebe0a15c9bebc,0x431d67c49c100d4c,
- 0x4cc5d4becb3e42b6,0x597f299cfc657e2a,0x5fcb6fab3ad6faec,0x6c44198c4a475817
-};
-
-
-static void HASH512_transform(hash512 *sh)
-{
- /* basic transformation step */
- unsign64 a,b,c,d,e,f,g,h,t1,t2;
- int j;
- for (j=16; j<80; j++)
- sh->w[j]=theta1_512(sh->w[j-2])+sh->w[j-7]+theta0_512(sh->w[j-15])+sh->w[j-16];
-
- a=sh->h[0];
- b=sh->h[1];
- c=sh->h[2];
- d=sh->h[3];
- e=sh->h[4];
- f=sh->h[5];
- g=sh->h[6];
- h=sh->h[7];
-
- for (j=0; j<80; j++)
- {
- /* 80 times - mush it up */
- t1=h+Sig1_512(e)+Ch(e,f,g)+K_512[j]+sh->w[j];
- t2=Sig0_512(a)+Maj(a,b,c);
- h=g;
- g=f;
- f=e;
- e=d+t1;
- d=c;
- c=b;
- b=a;
- a=t1+t2;
- }
- sh->h[0]+=a;
- sh->h[1]+=b;
- sh->h[2]+=c;
- sh->h[3]+=d;
- sh->h[4]+=e;
- sh->h[5]+=f;
- sh->h[6]+=g;
- sh->h[7]+=h;
-}
-
-void HASH384_init(hash384 *sh)
-{
- /* re-initialise */
- int i;
- for (i=0; i<80; i++) sh->w[i]=0;
- sh->length[0]=sh->length[1]=0;
- sh->h[0]=H8_512;
- sh->h[1]=H9_512;
- sh->h[2]=HA_512;
- sh->h[3]=HB_512;
- sh->h[4]=HC_512;
- sh->h[5]=HD_512;
- sh->h[6]=HE_512;
- sh->h[7]=HF_512;
-
- sh->hlen=48;
-
-}
-
-void HASH384_process(hash384 *sh,int byt)
-{
- /* process the next message byte */
- HASH512_process(sh,byt);
-}
-
-void HASH384_hash(hash384 *sh,char *hash)
-{
- /* pad message and finish - supply digest */
- HASH512_hash(sh,hash);
-}
-
-void HASH512_init(hash512 *sh)
-{
- /* re-initialise */
- int i;
-
- for (i=0; i<80; i++) sh->w[i]=0;
- sh->length[0]=sh->length[1]=0;
- sh->h[0]=H0_512;
- sh->h[1]=H1_512;
- sh->h[2]=H2_512;
- sh->h[3]=H3_512;
- sh->h[4]=H4_512;
- sh->h[5]=H5_512;
- sh->h[6]=H6_512;
- sh->h[7]=H7_512;
-
- sh->hlen=64;
-}
-
-void HASH512_process(hash512 *sh,int byt)
-{
- /* process the next message byte */
- int cnt;
-
- cnt=(int)((sh->length[0]/64)%16);
-
- sh->w[cnt]<<=8;
- sh->w[cnt]|=(unsign64)(byt&0xFF);
-
- sh->length[0]+=8;
- if (sh->length[0]==0L)
- {
- sh->length[1]++;
- sh->length[0]=0L;
- }
- if ((sh->length[0]%1024)==0) HASH512_transform(sh);
-}
-
-void HASH512_hash(hash512 *sh,char *hash)
-{
- /* pad message and finish - supply digest */
- int i;
- unsign64 len0,len1;
- len0=sh->length[0];
- len1=sh->length[1];
- HASH512_process(sh,PAD);
- while ((sh->length[0]%1024)!=896) HASH512_process(sh,ZERO);
- sh->w[14]=len1;
- sh->w[15]=len0;
- HASH512_transform(sh);
- for (i=0; i<sh->hlen; i++)
- {
- /* convert to bytes */
- hash[i]=(char)((sh->h[i/8]>>(8*(7-i%8))) & 0xffL);
- }
- HASH512_init(sh);
-}
-
-
-
-/* SHA3 */
-
-#define SHA3_ROUNDS 24
-#define rotl(x,n) (((x)<<n) | ((x)>>(64-n)))
-
-/* round constants */
-
-static const unsign64 RC[24]=
-{
- 0x0000000000000001UL,0x0000000000008082UL,0x800000000000808AUL,0x8000000080008000UL,
- 0x000000000000808BUL,0x0000000080000001UL,0x8000000080008081UL,0x8000000000008009UL,
- 0x000000000000008AUL,0x0000000000000088UL,0x0000000080008009UL,0x000000008000000AUL,
- 0x000000008000808BUL,0x800000000000008BUL,0x8000000000008089UL,0x8000000000008003UL,
- 0x8000000000008002UL,0x8000000000000080UL,0x000000000000800AUL,0x800000008000000AUL,
- 0x8000000080008081UL,0x8000000000008080UL,0x0000000080000001UL,0x8000000080008008UL
-};
-
-/* permutation */
-
-static void SHA3_transform(sha3 *sh)
-{
- int i,j,k;
- unsign64 C[5],D[5],B[5][5];
-
- for (k=0; k<SHA3_ROUNDS; k++)
- {
- C[0]=sh->S[0][0]^sh->S[0][1]^sh->S[0][2]^sh->S[0][3]^sh->S[0][4];
- C[1]=sh->S[1][0]^sh->S[1][1]^sh->S[1][2]^sh->S[1][3]^sh->S[1][4];
- C[2]=sh->S[2][0]^sh->S[2][1]^sh->S[2][2]^sh->S[2][3]^sh->S[2][4];
- C[3]=sh->S[3][0]^sh->S[3][1]^sh->S[3][2]^sh->S[3][3]^sh->S[3][4];
- C[4]=sh->S[4][0]^sh->S[4][1]^sh->S[4][2]^sh->S[4][3]^sh->S[4][4];
-
- D[0]=C[4]^rotl(C[1],1);
- D[1]=C[0]^rotl(C[2],1);
- D[2]=C[1]^rotl(C[3],1);
- D[3]=C[2]^rotl(C[4],1);
- D[4]=C[3]^rotl(C[0],1);
-
- for (i=0; i<5; i++)
- for (j=0; j<5; j++)
- sh->S[i][j]^=D[i]; /* let the compiler unroll it! */
-
- B[0][0]=sh->S[0][0];
- B[1][3]=rotl(sh->S[0][1],36);
- B[2][1]=rotl(sh->S[0][2],3);
- B[3][4]=rotl(sh->S[0][3],41);
- B[4][2]=rotl(sh->S[0][4],18);
-
- B[0][2]=rotl(sh->S[1][0],1);
- B[1][0]=rotl(sh->S[1][1],44);
- B[2][3]=rotl(sh->S[1][2],10);
- B[3][1]=rotl(sh->S[1][3],45);
- B[4][4]=rotl(sh->S[1][4],2);
-
- B[0][4]=rotl(sh->S[2][0],62);
- B[1][2]=rotl(sh->S[2][1],6);
- B[2][0]=rotl(sh->S[2][2],43);
- B[3][3]=rotl(sh->S[2][3],15);
- B[4][1]=rotl(sh->S[2][4],61);
-
- B[0][1]=rotl(sh->S[3][0],28);
- B[1][4]=rotl(sh->S[3][1],55);
- B[2][2]=rotl(sh->S[3][2],25);
- B[3][0]=rotl(sh->S[3][3],21);
- B[4][3]=rotl(sh->S[3][4],56);
-
- B[0][3]=rotl(sh->S[4][0],27);
- B[1][1]=rotl(sh->S[4][1],20);
- B[2][4]=rotl(sh->S[4][2],39);
- B[3][2]=rotl(sh->S[4][3],8);
- B[4][0]=rotl(sh->S[4][4],14);
-
- for (i=0; i<5; i++)
- for (j=0; j<5; j++)
- sh->S[i][j]=B[i][j]^(~B[(i+1)%5][j]&B[(i+2)%5][j]);
-
- sh->S[0][0]^=RC[k];
- }
-}
-
-/* Re-Initialize. olen is output length in bytes -
- should be 28, 32, 48 or 64 (224, 256, 384, 512 bits resp.) */
-
-void SHA3_init(sha3 *sh,int olen)
-{
- int i,j;
- for (i=0; i<5; i++)
- for (j=0; j<5; j++)
- sh->S[i][j]=0; /* 5x5x8 bytes = 200 bytes of state */
- sh->length=0;
- sh->len=olen;
- sh->rate=200-2*olen; /* number of bytes consumed in one gulp. Note that some bytes in the
- state ("capacity") are not touched. Gulps are smaller for larger digests.
- Important that olen<rate */
-}
-
-/* process a single byte */
-void SHA3_process(sha3 *sh,int byt)
-{
- int cnt=(int)(sh->length%sh->rate);
- int i,j,b=cnt%8;
- cnt/=8;
- i=cnt%5;
- j=cnt/5; /* process by columns! */
- sh->S[i][j]^=((unsign64)byt<<(8*b));
- sh->length++;
- if (sh->length%sh->rate==0) SHA3_transform(sh);
-}
-
-/* squeeze the sponge */
-void SHA3_squeeze(sha3 *sh,char *buff,int len)
-{
- int done,i,j,k,m=0;
- unsign64 el;
- /* extract by columns */
- done=0;
- for (;;)
- {
- for (j=0; j<5; j++)
- {
- for (i=0; i<5; i++)
- {
- el=sh->S[i][j];
- for (k=0; k<8; k++)
- {
- buff[m++]=(el&0xff);
- if (m>=len || m%sh->rate==0)
- {
- done=1;
- break;
- }
- el>>=8;
- }
- if (done) break;
- }
- if (done) break;
- }
- if (m>=len) break;
- done=0;
- SHA3_transform(sh);
- }
-}
-
-void SHA3_hash(sha3 *sh,char *hash)
-{
- /* generate a SHA3 hash of appropriate size */
- int q=sh->rate-(sh->length%sh->rate);
- if (q==1) SHA3_process(sh,0x86);
- else
- {
- SHA3_process(sh,0x06); /* 0x06 for SHA-3 */
- while ((int)sh->length%sh->rate!=sh->rate-1) SHA3_process(sh,0x00);
- SHA3_process(sh,0x80); /* this will force a final transform */
- }
- SHA3_squeeze(sh,hash,sh->len);
-}
-
-void SHA3_shake(sha3 *sh,char *buff,int len)
-{
- /* SHAKE out a buffer of variable length len */
- int q=sh->rate-(sh->length%sh->rate);
- if (q==1) SHA3_process(sh,0x9f);
- else
- {
- SHA3_process(sh,0x1f); // 0x06 for SHA-3 !!!!
- while ((int) sh->length%sh->rate!=sh->rate-1) SHA3_process(sh,0x00);
- SHA3_process(sh,0x80); /* this will force a final transform */
- }
- SHA3_squeeze(sh,buff,len);
-}
-
-
-/* test program: should produce digest
-
-160 bit
-
-84983e44 1c3bd26e baae4aa1 f95129e5 e54670f1
-
-256 bit
-
-248d6a61 d20638b8 e5c02693 0c3e6039 a33ce459 64ff2167 f6ecedd4 19db06c1
-
-512 bit
-
-8e959b75dae313da 8cf4f72814fc143f 8f7779c6eb9f7fa1 7299aeadb6889018
-501d289e4900f7e4 331b99dec4b5433a c7d329eeb6dd2654 5e96e55b874be909
-
-384 bit
-
-09330c33f71147e8 3d192fc782cd1b47 53111b173b3b05d2 2fa08086e3b0f712
-fcc7c71a557e2db9 66c3e9fa91746039
-*/
-/*
-#include <stdio.h>
-
-char test160[]="abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
-char test256[]="abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
-char test512[]="abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
-
-int main()
-{
- char digest[100];
- int i;
-
- hash256 sh256;
- hash384 sh384;
- hash512 sh512;
- sha3 SHA3;
-
- HASH256_init(&sh256);
- for (i=0;test256[i]!=0;i++) HASH256_process(&sh256,test256[i]);
- HASH256_hash(&sh256,digest);
- for (i=0;i<32;i++) printf("%02x",(unsigned char)digest[i]);
- printf("\n");
-
- HASH384_init(&sh384);
- for (i=0;test512[i]!=0;i++) HASH384_process(&sh384,test512[i]);
- HASH384_hash(&sh384,digest);
- for (i=0;i<48;i++) printf("%02x",(unsigned char)digest[i]);
- printf("\n");
-
- HASH512_init(&sh512);
- for (i=0;test512[i]!=0;i++) HASH512_process(&sh512,test512[i]);
- HASH512_hash(&sh512,digest);
- for (i=0;i<64;i++) printf("%02x",(unsigned char)digest[i]);
- printf("\n");
-
- SHA3_init(&SHA3,SHA3_HASH256);
- for (i=0;test512[i]!=0;i++) SHA3_process(&SHA3,test512[i]);
- SHA3_hash(&sh512,digest);
- for (i=0;i<32;i++) printf("%02x",(unsigned char)digest[i]);
- printf("\n");
-
- SHA3_init(&SHA3,SHA3_HASH512);
- for (i=0;test512[i]!=0;i++) SHA3_process(&SHA3,test512[i]);
- SHA3_hash(&sh512,digest);
- for (i=0;i<64;i++) printf("%02x",(unsigned char)digest[i]);
- printf("\n");
-
- SHA3_init(&SHA3,SHAKE256);
- for (i=0;test512[i]!=0;i++) SHA3_process(&SHA3,test512[i]);
- SHA3_shake(&sh512,digest,72);
- for (i=0;i<72;i++) printf("%02x",(unsigned char)digest[i]);
- printf("\n");
-
-
- return 0;
-}
-
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/mpin.c
----------------------------------------------------------------------
diff --git a/version3/c/mpin.c b/version3/c/mpin.c
deleted file mode 100644
index cb6c04f..0000000
--- a/version3/c/mpin.c
+++ /dev/null
@@ -1,995 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* MPIN Functions */
-
-/* Version 3.0 - supports Time Permits */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "mpin_ZZZ.h"
-
-#define ROUNDUP(a,b) ((a)-1)/(b)+1
-
-/* Special mpin hashing */
-static void mpin_hash(int sha,FP4_YYY *f, ECP_ZZZ *P,octet *w)
-{
- int i;
- BIG_XXX x,y;
- char h[64];
- hash256 sha256;
- hash512 sha512;
- char t[6*MODBYTES_XXX]; // to hold 6 BIGs
- int hlen=sha;
-
-
- FP_YYY_redc(x,&(f->a.a));
- BIG_XXX_toBytes(&t[0],x);
- FP_YYY_redc(x,&(f->a.b));
- BIG_XXX_toBytes(&t[MODBYTES_XXX],x);
- FP_YYY_redc(x,&(f->b.a));
- BIG_XXX_toBytes(&t[2*MODBYTES_XXX],x);
- FP_YYY_redc(x,&(f->b.b));
- BIG_XXX_toBytes(&t[3*MODBYTES_XXX],x);
- ECP_ZZZ_get(x,y,P);
- BIG_XXX_toBytes(&t[4*MODBYTES_XXX],x);
- BIG_XXX_toBytes(&t[5*MODBYTES_XXX],y);
-
- OCT_empty(w);
- switch (sha)
- {
- case SHA256:
- HASH256_init(&sha256);
- for (i=0; i<6*MODBYTES_XXX; i++) HASH256_process(&sha256,t[i]);
- HASH256_hash(&sha256,h);
- break;
- case SHA384:
- HASH384_init(&sha512);
- for (i=0; i<6*MODBYTES_XXX; i++) HASH384_process(&sha512,t[i]);
- HASH384_hash(&sha512,h);
- break;
- case SHA512:
- HASH512_init(&sha512);
- for (i=0; i<6*MODBYTES_XXX; i++) HASH512_process(&sha512,t[i]);
- HASH512_hash(&sha512,h);
- break;
- }
-
- OCT_jbytes(w,h,AESKEY_ZZZ);
- for (i=0; i<hlen; i++) h[i]=0;
-}
-
-/* these next two functions help to implement elligator squared - http://eprint.iacr.org/2014/043 */
-/* maps a random u to a point on the curve */
-static void map(ECP_ZZZ *P,BIG_XXX u,int cb)
-{
- BIG_XXX x,q;
-
- BIG_XXX_rcopy(q,Modulus_YYY);
- BIG_XXX_copy(x,u);
- BIG_XXX_mod(x,q);
-
- while (!ECP_ZZZ_setx(P,x,cb))
- {
- BIG_XXX_inc(x,1);
- BIG_XXX_norm(x);
- }
-}
-
-/* returns u derived from P. Random value in range 1 to return value should then be added to u */
-static int unmap(BIG_XXX u,int *cb,ECP_ZZZ *P)
-{
- int s,r=0;
- BIG_XXX x;
-
- s=ECP_ZZZ_get(x,x,P);
- BIG_XXX_copy(u,x);
- do
- {
- BIG_XXX_dec(u,1);
- BIG_XXX_norm(u);
- r++;
- }
- while (!ECP_ZZZ_setx(P,u,s));
- ECP_ZZZ_setx(P,x,s);
-
- *cb=s;
-
- return r;
-}
-
-/* these next two functions implement elligator squared - http://eprint.iacr.org/2014/043 */
-/* Elliptic curve point E in format (0x04,x,y} is converted to form {0x0-,u,v} */
-/* Note that u and v are indistinguisible from random strings */
-int MPIN_ZZZ_ENCODING(csprng *RNG,octet *E)
-{
- int rn,m,su,sv,res=0;
-
- BIG_XXX q,u,v;
- ECP_ZZZ P,W;
-
- if (!ECP_ZZZ_fromOctet(&P,E)) res=MPIN_INVALID_POINT;
- if (res==0)
- {
- BIG_XXX_rcopy(q,Modulus_YYY);
-
- BIG_XXX_randomnum(u,q,RNG);
-
- su=RAND_byte(RNG);
- if (su<0) su=-su;
- su%=2;
- map(&W,u,su);
- ECP_ZZZ_sub(&P,&W); //ECP_ZZZ_affine(&P);
-
- rn=unmap(v,&sv,&P);
- m=RAND_byte(RNG);
- if (m<0) m=-m;
- m%=rn;
- BIG_XXX_inc(v,m+1);
- E->val[0]=su+2*sv;
- BIG_XXX_toBytes(&(E->val[1]),u);
- BIG_XXX_toBytes(&(E->val[PFS_ZZZ+1]),v);
- }
- return res;
-}
-
-int MPIN_ZZZ_DECODING(octet *D)
-{
- int su,sv;
- BIG_XXX u,v;
- ECP_ZZZ P,W;
- int res=0;
-
- if ((D->val[0]&0x04)!=0) res=MPIN_INVALID_POINT;
- if (res==0)
- {
-
- BIG_XXX_fromBytes(u,&(D->val[1]));
- BIG_XXX_fromBytes(v,&(D->val[PFS_ZZZ+1]));
-
- su=D->val[0]&1;
- sv=(D->val[0]>>1)&1;
- map(&W,u,su);
- map(&P,v,sv);
- ECP_ZZZ_add(&P,&W); //ECP_ZZZ_affine(&P);
- ECP_ZZZ_toOctet(D,&P,false);
- }
-
- return res;
-}
-
-/* R=R1+R2 in group G1 */
-int MPIN_ZZZ_RECOMBINE_G1(octet *R1,octet *R2,octet *R)
-{
- ECP_ZZZ P,T;
- int res=0;
- if (res==0)
- {
- if (!ECP_ZZZ_fromOctet(&P,R1)) res=MPIN_INVALID_POINT;
- if (!ECP_ZZZ_fromOctet(&T,R2)) res=MPIN_INVALID_POINT;
- }
- if (res==0)
- {
- ECP_ZZZ_add(&P,&T); //ECP_ZZZ_affine(&P);
- ECP_ZZZ_toOctet(R,&P,false);
- }
- return res;
-}
-
-/* W=W1+W2 in group G2 */
-int MPIN_ZZZ_RECOMBINE_G2(octet *W1,octet *W2,octet *W)
-{
- ECP2_ZZZ Q,T;
- int res=0;
- if (!ECP2_ZZZ_fromOctet(&Q,W1)) res=MPIN_INVALID_POINT;
- if (!ECP2_ZZZ_fromOctet(&T,W2)) res=MPIN_INVALID_POINT;
- if (res==0)
- {
- ECP2_ZZZ_add(&Q,&T); //ECP2_ZZZ_affine(&Q);
- ECP2_ZZZ_toOctet(W,&Q);
- }
- return res;
-}
-
-/* create random secret S */
-int MPIN_ZZZ_RANDOM_GENERATE(csprng *RNG,octet* S)
-{
- BIG_XXX r,s;
-
- BIG_XXX_rcopy(r,CURVE_Order_ZZZ);
- BIG_XXX_randomnum(s,r,RNG);
-#ifdef AES_S
- BIG_XXX_mod2m(s,2*AES_S);
-#endif
- BIG_XXX_toBytes(S->val,s);
- S->len=MODBYTES_XXX;
- return 0;
-}
-
-/* Extract PIN from TOKEN for identity CID */
-int MPIN_ZZZ_EXTRACT_PIN(int sha,octet *CID,int pin,octet *TOKEN)
-{
- pin%=MAXPIN;
- return MPIN_ZZZ_EXTRACT_FACTOR(sha,CID,pin,PBLEN,TOKEN);
-}
-
-/* Extract a factor < 32 bits for identity CID */
-int MPIN_ZZZ_EXTRACT_FACTOR(int sha,octet *CID,int factor,int facbits,octet *TOKEN)
-{
- ECP_ZZZ P,R;
- int res=0;
- char h[MODBYTES_XXX];
- octet H= {0,sizeof(h),h};
-
- if (!ECP_ZZZ_fromOctet(&P,TOKEN)) res=MPIN_INVALID_POINT;
- if (res==0)
- {
- mhashit(sha,-1,CID,&H);
- ECP_ZZZ_mapit(&R,&H);
-
- ECP_ZZZ_pinmul(&R,factor,facbits);
- ECP_ZZZ_sub(&P,&R); //ECP_ZZZ_affine(&P);
-
- ECP_ZZZ_toOctet(TOKEN,&P,false);
- }
- return res;
-}
-
-/* Extract a factor < 32 bits for identity CID */
-int MPIN_ZZZ_RESTORE_FACTOR(int sha,octet *CID,int factor,int facbits,octet *TOKEN)
-{
- ECP_ZZZ P,R;
- int res=0;
- char h[MODBYTES_XXX];
- octet H= {0,sizeof(h),h};
-
- if (!ECP_ZZZ_fromOctet(&P,TOKEN)) res=MPIN_INVALID_POINT;
- if (res==0)
- {
- mhashit(sha,-1,CID,&H);
- ECP_ZZZ_mapit(&R,&H);
-
- ECP_ZZZ_pinmul(&R,factor,facbits);
- ECP_ZZZ_add(&P,&R); //ECP_ZZZ_affine(&P);
-
- ECP_ZZZ_toOctet(TOKEN,&P,false);
- }
- return res;
-}
-
-/* Implement step 2 on client side of MPin protocol - SEC=-(x+y)*SEC */
-int MPIN_ZZZ_CLIENT_2(octet *X,octet *Y,octet *SEC)
-{
- BIG_XXX px,py,r;
- ECP_ZZZ P;
- int res=0;
- BIG_XXX_rcopy(r,CURVE_Order_ZZZ);
- if (!ECP_ZZZ_fromOctet(&P,SEC)) res=MPIN_INVALID_POINT;
- if (res==0)
- {
- BIG_XXX_fromBytes(px,X->val);
- BIG_XXX_fromBytes(py,Y->val);
- BIG_XXX_add(px,px,py);
- BIG_XXX_mod(px,r);
- // BIG_XXX_sub(px,r,px);
- PAIR_ZZZ_G1mul(&P,px);
- ECP_ZZZ_neg(&P);
- ECP_ZZZ_toOctet(SEC,&P,false);
- }
- return res;
-}
-
-/*
- W=x*H(G);
- if RNG == NULL then X is passed in
- if RNG != NULL the X is passed out
- if type=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve
-*/
-
-int MPIN_ZZZ_GET_G1_MULTIPLE(csprng *RNG,int type,octet *X,octet *G,octet *W)
-{
- ECP_ZZZ P;
- BIG_XXX r,x;
- int res=0;
- if (RNG!=NULL)
- {
- BIG_XXX_rcopy(r,CURVE_Order_ZZZ);
- BIG_XXX_randomnum(x,r,RNG);
-#ifdef AES_S
- BIG_XXX_mod2m(x,2*AES_S);
-#endif
- X->len=MODBYTES_XXX;
- BIG_XXX_toBytes(X->val,x);
- }
- else
- BIG_XXX_fromBytes(x,X->val);
-
- if (type==0)
- {
- if (!ECP_ZZZ_fromOctet(&P,G)) res=MPIN_INVALID_POINT;
- }
- else
- {
- ECP_ZZZ_mapit(&P,G);
- }
-
- if (res==0)
- {
- PAIR_ZZZ_G1mul(&P,x);
- ECP_ZZZ_toOctet(W,&P,false);
- }
- return res;
-}
-
-/*
- if RNG == NULL then X is passed in
- if RNG != NULL the X is passed out
- W=x*G where G is point on the curve
- if type==1 W=(x^-1)G
-*/
-
-int MPIN_ZZZ_GET_G2_MULTIPLE(csprng *RNG,int type,octet *X,octet *G,octet *W)
-{
- ECP2_ZZZ P;
- BIG_XXX r,x;
- int res=0;
- BIG_XXX_rcopy(r,CURVE_Order_ZZZ);
- if (RNG!=NULL)
- {
- BIG_XXX_randomnum(x,r,RNG);
-#ifdef AES_S
- BIG_XXX_mod2m(x,2*AES_S);
-#endif
- X->len=MODBYTES_XXX;
- BIG_XXX_toBytes(X->val,x);
- }
- else
- {
- BIG_XXX_fromBytes(x,X->val);
- if (type==1) BIG_XXX_invmodp(x,x,r);
- }
-
- if (!ECP2_ZZZ_fromOctet(&P,G)) res=MPIN_INVALID_POINT;
-
- if (res==0)
- {
- PAIR_ZZZ_G2mul(&P,x);
- ECP2_ZZZ_toOctet(W,&P);
- }
- return res;
-}
-
-
-
-/* Client secret CST=s*H(CID) where CID is client ID and s is master secret */
-/* CID is hashed externally */
-int MPIN_ZZZ_GET_CLIENT_SECRET(octet *S,octet *CID,octet *CST)
-{
- return MPIN_ZZZ_GET_G1_MULTIPLE(NULL,1,S,CID,CST);
-}
-
-/* Implement step 1 on client side of MPin protocol */
-int MPIN_ZZZ_CLIENT_1(int sha,int date,octet *CLIENT_ID,csprng *RNG,octet *X,int pin,octet *TOKEN,octet *SEC,octet *xID,octet *xCID,octet *PERMIT)
-{
- BIG_XXX r,x;
- ECP_ZZZ P,T,W;
- int res=0;
- char h[MODBYTES_XXX];
- octet H= {0,sizeof(h),h};
-
- BIG_XXX_rcopy(r,CURVE_Order_ZZZ);
- if (RNG!=NULL)
- {
- BIG_XXX_randomnum(x,r,RNG);
-#ifdef AES_S
- BIG_XXX_mod2m(x,2*AES_S);
-#endif
- X->len=MODBYTES_XXX;
- BIG_XXX_toBytes(X->val,x);
- }
- else
- BIG_XXX_fromBytes(x,X->val);
-
- mhashit(sha,-1,CLIENT_ID,&H);
-
- ECP_ZZZ_mapit(&P,&H);
-
- if (!ECP_ZZZ_fromOctet(&T,TOKEN)) res=MPIN_INVALID_POINT;
-
- if (res==0)
- {
- pin%=MAXPIN;
-
- ECP_ZZZ_copy(&W,&P); // W=H(ID)
- ECP_ZZZ_pinmul(&W,pin,PBLEN); // W=alpha.H(ID)
- ECP_ZZZ_add(&T,&W); // T=Token+alpha.H(ID) = s.H(ID)
-
- if (date)
- {
- if (PERMIT!=NULL)
- {
- if (!ECP_ZZZ_fromOctet(&W,PERMIT)) res=MPIN_INVALID_POINT;
- ECP_ZZZ_add(&T,&W); // SEC=s.H(ID)+s.H(T|ID)
- }
- mhashit(sha,date,&H,&H);
-
- ECP_ZZZ_mapit(&W,&H);
- if (xID!=NULL)
- {
- PAIR_ZZZ_G1mul(&P,x); // P=x.H(ID)
- ECP_ZZZ_toOctet(xID,&P,false); // xID
- PAIR_ZZZ_G1mul(&W,x); // W=x.H(T|ID)
- ECP_ZZZ_add(&P,&W); //ECP_ZZZ_affine(&P);
- }
- else
- {
- ECP_ZZZ_add(&P,&W); //ECP_ZZZ_affine(&P);
- PAIR_ZZZ_G1mul(&P,x);
- }
- if (xCID!=NULL) ECP_ZZZ_toOctet(xCID,&P,false); // U
- }
- else
- {
- if (xID!=NULL)
- {
- PAIR_ZZZ_G1mul(&P,x); // P=x.H(ID)
- ECP_ZZZ_toOctet(xID,&P,false); // xID
- }
- }
- }
-
- if (res==0)
- {
- //ECP_ZZZ_affine(&T);
- ECP_ZZZ_toOctet(SEC,&T,false); // V
- }
- return res;
-}
-
-/* Extract Server Secret SST=S*Q where Q is fixed generator in G2 and S is master secret */
-int MPIN_ZZZ_GET_SERVER_SECRET(octet *S,octet *SST)
-{
- BIG_XXX r,s;
- ECP2_ZZZ Q;
- int res=0;
-
- BIG_XXX_rcopy(r,CURVE_Order_ZZZ);
-
- ECP2_ZZZ_generator(&Q);
-
- if (res==0)
- {
-
- BIG_XXX_fromBytes(s,S->val);
- PAIR_ZZZ_G2mul(&Q,s);
- ECP2_ZZZ_toOctet(SST,&Q);
- }
-
- return res;
-}
-
-
-/* Time Permit CTT=s*H(date|H(CID)) where s is master secret */
-int MPIN_ZZZ_GET_CLIENT_PERMIT(int sha,int date,octet *S,octet *CID,octet *CTT)
-{
- BIG_XXX s;
- ECP_ZZZ P;
- char h[MODBYTES_XXX];
- octet H= {0,sizeof(h),h};
-
- mhashit(sha,date,CID,&H);
-
- ECP_ZZZ_mapit(&P,&H);
-
-//printf("P= "); ECP_ZZZ_output(&P); printf("\n");
-//exit(0);
-
- BIG_XXX_fromBytes(s,S->val);
-
-
-
-//printf("s= "); BIG_XXX_output(s); printf("\n");
- PAIR_ZZZ_G1mul(&P,s);
-//printf("OP= "); ECP_ZZZ_output(&P); printf("\n");
-//
- ECP_ZZZ_toOctet(CTT,&P,false);
- return 0;
-}
-
-// if date=0 only use HID, set HCID=NULL
-// if date and PE, use HID and HCID
-
-/* Outputs H(CID) and H(CID)+H(T|H(CID)) for time permits. If no time permits set HTID=NULL */
-void MPIN_ZZZ_SERVER_1(int sha,int date,octet *CID,octet *HID,octet *HTID)
-{
- char h[MODBYTES_XXX];
- octet H= {0,sizeof(h),h};
- ECP_ZZZ P,R;
-
-#ifdef USE_ANONYMOUS
- ECP_ZZZ_mapit(&P,CID);
-#else
- mhashit(sha,-1,CID,&H);
- ECP_ZZZ_mapit(&P,&H);
-#endif
-
- ECP_ZZZ_toOctet(HID,&P,false); // new
-
- if (date)
- {
- // if (HID!=NULL) ECP_ZZZ_toOctet(HID,&P,false);
-#ifdef USE_ANONYMOUS
- mhashit(sha,date,CID,&H);
-#else
- mhashit(sha,date,&H,&H);
-#endif
- ECP_ZZZ_mapit(&R,&H);
- ECP_ZZZ_add(&P,&R); //ECP_ZZZ_affine(&P);
- ECP_ZZZ_toOctet(HTID,&P,false);
- }
- //else ECP_ZZZ_toOctet(HID,&P,false);
-
-}
-
-/* Implement M-Pin on server side */
-int MPIN_ZZZ_SERVER_2(int date,octet *HID,octet *HTID,octet *Y,octet *SST,octet *xID,octet *xCID,octet *mSEC,octet *E,octet *F,octet *Pa)
-{
- BIG_XXX px,py,y;
- FP12_YYY g;
- ECP2_ZZZ Q,sQ;
- ECP_ZZZ P,R;
- int res=0;
-
- ECP2_ZZZ_generator(&Q);
-
- // key-escrow less scheme: use Pa instead of Q in pairing computation
- // Q left for backward compatiblity
- if (Pa!=NULL)
- {
- if (!ECP2_ZZZ_fromOctet(&Q, Pa)) res=MPIN_INVALID_POINT;
- }
-
- if (res==0)
- {
- if (!ECP2_ZZZ_fromOctet(&sQ,SST)) res=MPIN_INVALID_POINT;
- }
-
- if (res==0)
- {
- if (date)
- {
- //BIG_XXX_fromBytes(px,&(xCID->val[1]));
- //BIG_XXX_fromBytes(py,&(xCID->val[PFS_ZZZ+1]));
- if (!ECP_ZZZ_fromOctet(&R,xCID)) res=MPIN_INVALID_POINT;
- }
- else
- {
- //BIG_XXX_fromBytes(px,&(xID->val[1]));
- //BIG_XXX_fromBytes(py,&(xID->val[PFS_ZZZ+1]));
- if (!ECP_ZZZ_fromOctet(&R,xID)) res=MPIN_INVALID_POINT;
- }
- //if (!ECP_ZZZ_set(&R,px,py)) res=MPIN_INVALID_POINT; // x(A+AT)
- }
- if (res==0)
- {
- BIG_XXX_fromBytes(y,Y->val);
- if (date)
- {
- if (!ECP_ZZZ_fromOctet(&P,HTID)) res=MPIN_INVALID_POINT;
- }
- else
- {
- if (!ECP_ZZZ_fromOctet(&P,HID)) res=MPIN_INVALID_POINT;
- }
- }
- if (res==0)
- {
- PAIR_ZZZ_G1mul(&P,y); // y(A+AT)
- ECP_ZZZ_add(&P,&R); // x(A+AT)+y(A+T)
- //ECP_ZZZ_affine(&P);
- if (!ECP_ZZZ_fromOctet(&R,mSEC)) res=MPIN_INVALID_POINT; // V
- }
- if (res==0)
- {
-
- PAIR_ZZZ_double_ate(&g,&Q,&R,&sQ,&P);
- PAIR_ZZZ_fexp(&g);
-
- if (!FP12_YYY_isunity(&g))
- {
- if (HID!=NULL && xID!=NULL && E!=NULL && F !=NULL)
- {
- /* xID is set to NULL if there is no way to calculate PIN error */
- FP12_YYY_toOctet(E,&g);
-
- /* Note error is in the PIN, not in the time permit! Hence the need to exclude Time Permit from this check */
-
- if (date)
- {
- if (!ECP_ZZZ_fromOctet(&P,HID)) res=MPIN_INVALID_POINT;
- if (!ECP_ZZZ_fromOctet(&R,xID)) res=MPIN_INVALID_POINT; // U
-
- if (res==0)
- {
- PAIR_ZZZ_G1mul(&P,y); // yA
- ECP_ZZZ_add(&P,&R); // yA+xA
- //ECP_ZZZ_affine(&P);
- }
- }
- if (res==0)
- {
- PAIR_ZZZ_ate(&g,&Q,&P);
- PAIR_ZZZ_fexp(&g);
- FP12_YYY_toOctet(F,&g);
- }
- }
- res=MPIN_BAD_PIN;
- }
- }
-
- return res;
-}
-
-#if MAXPIN==10000
-#define MR_TS 10 /* 2^10/10 approx = sqrt(MAXPIN) */
-#define TRAP 200 /* 2*sqrt(MAXPIN) */
-#endif
-
-#if MAXPIN==1000000
-#define MR_TS 14
-#define TRAP 2000
-#endif
-
-/* Pollards kangaroos used to return PIN error */
-int MPIN_ZZZ_KANGAROO(octet *E,octet *F)
-{
- int i,j,m,s,dn,dm,steps;
- int distance[MR_TS];
- FP12_YYY ge,gf,t,table[MR_TS];
- int res=0;
- // BIG_XXX w;
-
- FP12_YYY_fromOctet(&ge,E);
- FP12_YYY_fromOctet(&gf,F);
-
- FP12_YYY_copy(&t,&gf);
-
- for (s=1,m=0; m<MR_TS; m++)
- {
- distance[m]=s;
- FP12_YYY_copy(&table[m],&t);
- s*=2;
- FP12_YYY_usqr(&t,&t);
- FP12_YYY_reduce(&t);
- }
-
- FP12_YYY_one(&t);
-
- for (dn=0,j=0; j<TRAP; j++)
- {
-
- //BIG_XXX_copy(w,t.a.a.a);
- //FP_YYY_redc(w);
- //i=BIG_XXX_lastbits(w,20)%MR_TS;
-
- i=t.a.a.a.g[0]%MR_TS;
-
- FP12_YYY_mul(&t,&table[i]);
- FP12_YYY_reduce(&t);
- dn+=distance[i];
- }
-
- FP12_YYY_conj(&gf,&t);
- steps=0;
- dm=0;
- while (dm-dn<MAXPIN)
- {
- steps++;
- if (steps>4*TRAP) break;
-
- //BIG_XXX_copy(w,ge.a.a.a);
- //FP_YYY_redc(w);
- //i=BIG_XXX_lastbits(w,20)%MR_TS;
-
- i=ge.a.a.a.g[0]%MR_TS;
-
- FP12_YYY_mul(&ge,&table[i]);
- FP12_YYY_reduce(&ge);
- dm+=distance[i];
- if (FP12_YYY_equals(&ge,&t))
- {
- res=dm-dn;
- break;
- }
- if (FP12_YYY_equals(&ge,&gf))
- {
- res=dn-dm;
- break;
- }
- }
- if (steps>4*TRAP || dm-dn>=MAXPIN)
- {
- res=0; /* Trap Failed - probable invalid token */
- }
-
- return res;
-}
-
-/* Functions to support M-Pin Full */
-
-int MPIN_ZZZ_PRECOMPUTE(octet *TOKEN,octet *CID,octet *CP,octet *G1,octet *G2)
-{
- ECP_ZZZ P,T;
- ECP2_ZZZ Q;
- FP12_YYY g;
- int res=0;
-
- if (!ECP_ZZZ_fromOctet(&T,TOKEN)) res=MPIN_INVALID_POINT;
-
- if (res==0)
- {
- ECP_ZZZ_mapit(&P,CID);
- if (CP!=NULL)
- {
- if (!ECP2_ZZZ_fromOctet(&Q,CP)) res=MPIN_INVALID_POINT;
- }
- else
- {
- ECP2_ZZZ_generator(&Q);
- }
- }
- if (res==0)
- {
- PAIR_ZZZ_ate(&g,&Q,&T);
- PAIR_ZZZ_fexp(&g);
-
- FP12_YYY_toOctet(G1,&g);
- if (G2!=NULL)
- {
- PAIR_ZZZ_ate(&g,&Q,&P);
- PAIR_ZZZ_fexp(&g);
- FP12_YYY_toOctet(G2,&g);
- }
- }
- return res;
-}
-
-/* calculate common key on client side */
-/* wCID = w.(A+AT) */
-int MPIN_ZZZ_CLIENT_KEY(int sha,octet *G1,octet *G2,int pin,octet *R,octet *X,octet *H,octet *wCID,octet *CK)
-{
- FP12_YYY g1,g2;
- FP4_YYY c;//,cp,cpm1,cpm2;
-// FP2_YYY f;
- ECP_ZZZ W;
- int res=0;
- BIG_XXX r,z,x,h;//q,m,a,b;
-
- FP12_YYY_fromOctet(&g1,G1);
- FP12_YYY_fromOctet(&g2,G2);
- BIG_XXX_fromBytes(z,R->val);
- BIG_XXX_fromBytes(x,X->val);
- BIG_XXX_fromBytes(h,H->val);
-
- if (!ECP_ZZZ_fromOctet(&W,wCID)) res=MPIN_INVALID_POINT;
-
- if (res==0)
- {
- BIG_XXX_rcopy(r,CURVE_Order_ZZZ);
- BIG_XXX_add(z,z,h); // new
- BIG_XXX_mod(z,r);
-
- FP12_YYY_pinpow(&g2,pin,PBLEN);
- FP12_YYY_mul(&g1,&g2);
-
- PAIR_ZZZ_G1mul(&W,x);
-
- FP12_YYY_compow(&c,&g1,z,r);
-
- /* BIG_XXX_rcopy(a,Fra_YYY);
- BIG_XXX_rcopy(b,Frb_YYY);
- FP2_YYY_from_BIGs(&f,a,b);
-
- BIG_XXX_rcopy(q,Modulus_YYY);
- BIG_XXX_copy(m,q);
- BIG_XXX_mod(m,r);
-
- BIG_XXX_copy(a,z);
- BIG_XXX_mod(a,m);
-
- BIG_XXX_copy(b,z);
- BIG_XXX_sdiv(b,m);
-
-
- FP12_YYY_trace(&c,&g1);
-
- FP12_YYY_copy(&g2,&g1);
- FP12_YYY_frob(&g2,&f);
- FP12_YYY_trace(&cp,&g2);
-
- FP12_YYY_conj(&g1,&g1);
- FP12_YYY_mul(&g2,&g1);
- FP12_YYY_trace(&cpm1,&g2);
- FP12_YYY_mul(&g2,&g1);
- FP12_YYY_trace(&cpm2,&g2);
-
- FP4_YYY_xtr_pow2(&c,&cp,&c,&cpm1,&cpm2,a,b);
- */
- mpin_hash(sha,&c,&W,CK);
-
- }
- return res;
-}
-
-/* calculate common key on server side */
-/* Z=r.A - no time permits involved */
-
-int MPIN_ZZZ_SERVER_KEY(int sha,octet *Z,octet *SST,octet *W,octet *H,octet *HID,octet *xID,octet *xCID,octet *SK)
-{
- int res=0;
- FP12_YYY g;
- FP4_YYY c;
- ECP_ZZZ R,U,A;
- ECP2_ZZZ sQ;
- BIG_XXX w,h;
-
- if (!ECP2_ZZZ_fromOctet(&sQ,SST)) res=MPIN_INVALID_POINT;
- if (!ECP_ZZZ_fromOctet(&R,Z)) res=MPIN_INVALID_POINT;
-
-
- if (!ECP_ZZZ_fromOctet(&A,HID)) res=MPIN_INVALID_POINT;
-
- // new
- if (xCID!=NULL)
- {
- if (!ECP_ZZZ_fromOctet(&U,xCID)) res=MPIN_INVALID_POINT;
- }
- else
- {
- if (!ECP_ZZZ_fromOctet(&U,xID)) res=MPIN_INVALID_POINT;
- }
- BIG_XXX_fromBytes(w,W->val);
- BIG_XXX_fromBytes(h,H->val);
-
-
- PAIR_ZZZ_ate(&g,&sQ,&A);
- PAIR_ZZZ_fexp(&g);
-
- if (res==0)
- {
- PAIR_ZZZ_G1mul(&A,h);
- ECP_ZZZ_add(&R,&A); // new
- //ECP_ZZZ_affine(&R);
- PAIR_ZZZ_ate(&g,&sQ,&R);
- PAIR_ZZZ_fexp(&g);
- PAIR_ZZZ_G1mul(&U,w);
- FP12_YYY_trace(&c,&g);
- mpin_hash(sha,&c,&U,SK);
- }
- return res;
-}
-
-/* Generate Y = H(TimeValue, xCID/xID) */
-void MPIN_ZZZ_GET_Y(int sha,int TimeValue,octet *xCID,octet *Y)
-{
- BIG_XXX q,y;
- char h[MODBYTES_XXX];
- octet H= {0,sizeof(h),h};
-
- mhashit(sha,TimeValue,xCID,&H);
- BIG_XXX_fromBytes(y,H.val);
- BIG_XXX_rcopy(q,CURVE_Order_ZZZ);
- BIG_XXX_mod(y,q);
- BIG_XXX_toBytes(Y->val,y);
- Y->len=PGS_ZZZ;
-}
-
-/* One pass MPIN Client */
-int MPIN_ZZZ_CLIENT(int sha,int date,octet *ID,csprng *RNG,octet *X,int pin,octet *TOKEN,octet *V,octet *U,octet *UT,octet *TP,octet *MESSAGE,int TimeValue,octet *Y)
-{
- int rtn=0;
- char m[M_SIZE_ZZZ];
- octet M= {0,sizeof(m),m};
-
- octet *pID;
- if (date == 0)
- pID = U;
- else
- pID = UT;
-
- rtn = MPIN_ZZZ_CLIENT_1(sha,date,ID,RNG,X,pin,TOKEN,V,U,UT,TP);
- if (rtn != 0)
- return rtn;
-
- OCT_joctet(&M,pID);
- if (MESSAGE!=NULL)
- {
- OCT_joctet(&M,MESSAGE);
- }
-
- MPIN_ZZZ_GET_Y(sha,TimeValue,&M,Y);
-
- rtn = MPIN_ZZZ_CLIENT_2(X,Y,V);
- if (rtn != 0)
- return rtn;
-
- return 0;
-}
-
-/* One pass MPIN Server */
-int MPIN_ZZZ_SERVER(int sha,int date,octet *HID,octet *HTID,octet *Y,octet *sQ,octet *U,octet *UT,octet *V,octet *E,octet *F,octet *ID,octet *MESSAGE,int TimeValue, octet *Pa)
-{
- int rtn=0;
- char m[M_SIZE_ZZZ];
- octet M= {0,sizeof(m),m};
-
- octet *pU;
- if (date == 0)
- pU = U;
- else
- pU = UT;
-
- MPIN_ZZZ_SERVER_1(sha,date,ID,HID,HTID);
-
- OCT_joctet(&M,pU);
- if (MESSAGE!=NULL)
- {
- OCT_joctet(&M,MESSAGE);
- }
-
- MPIN_ZZZ_GET_Y(sha,TimeValue,&M,Y);
-
- rtn = MPIN_ZZZ_SERVER_2(date,HID,HTID,Y,sQ,U,UT,V,E,F,Pa);
- if (rtn != 0)
- return rtn;
-
- return 0;
-}
-
-int MPIN_ZZZ_GET_DVS_KEYPAIR(csprng *R,octet *Z,octet *Pa)
-{
- BIG_XXX z,r;
- ECP2_ZZZ Q;
- int res=0;
-
- BIG_XXX_rcopy(r,CURVE_Order_ZZZ);
-
- if (R!=NULL)
- {
- BIG_XXX_randomnum(z,r,R);
- Z->len=MODBYTES_XXX;
- BIG_XXX_toBytes(Z->val,z);
- }
- else
- BIG_XXX_fromBytes(z,Z->val);
-
- BIG_XXX_invmodp(z,z,r);
-
- ECP2_ZZZ_generator(&Q);
-
- if (res==0)
- {
- PAIR_ZZZ_G2mul(&Q,z);
- ECP2_ZZZ_toOctet(Pa,&Q);
- }
-
- return res;
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/mpin.h
----------------------------------------------------------------------
diff --git a/version3/c/mpin.h b/version3/c/mpin.h
deleted file mode 100644
index 98c853c..0000000
--- a/version3/c/mpin.h
+++ /dev/null
@@ -1,345 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/**
- * @file mpin.h
- * @author Mike Scott
- * @brief M-Pin Header file
- *
- *
- */
-
-#ifndef MPIN_ZZZ_H
-#define MPIN_ZZZ_H
-
-#include "pair_ZZZ.h"
-#include "pbc_support.h"
-
-/* Field size is assumed to be greater than or equal to group size */
-
-#define PGS_ZZZ MODBYTES_XXX /**< MPIN Group Size */
-#define PFS_ZZZ MODBYTES_XXX /**< MPIN Field Size */
-//#define PAS_ZZZ 16 /**< MPIN Symmetric Key Size */
-
-#define MPIN_OK 0 /**< Function completed without error */
-#define MPIN_INVALID_POINT -14 /**< Point is NOT on the curve */
-#define MPIN_BAD_PIN -19 /**< Bad PIN number entered */
-
-#define MPIN_PAS 16 /**< MPIN Symmetric Key Size */
-#define MAXPIN 10000 /**< max PIN */
-#define PBLEN 14 /**< max length of PIN in bits */
-
-//#define HASH_TYPE_MPIN_ZZZ SHA256 /**< Choose Hash function */
-
-#define MESSAGE_SIZE 256 /**< Signature message size */
-#define M_SIZE_ZZZ (MESSAGE_SIZE+2*PFS_ZZZ+1) /**< Signature message size and G1 size */
-
-/* MPIN support functions */
-
-/* MPIN primitives */
-
-
-/** @brief Generate Y=H(s,O), where s is epoch time, O is an octet, and H(.) is a hash function
- *
- @param h is the hash type
- @param t is epoch time in seconds
- @param O is an input octet
- @param Y is the output octet
-*/
-void MPIN_ZZZ_GET_Y(int h,int t,octet *O,octet *Y);
-
-/** @brief Extract a PIN number from a client secret
- *
- @param h is the hash type
- @param ID is the input client identity
- @param factor is an input factor
- @param facbits is the number of bits in the factor
- @param CS is the client secret from which the factor is to be extracted
- @return 0 or an error code
- */
-int MPIN_ZZZ_EXTRACT_FACTOR(int h,octet *ID,int factor,int facbits,octet *CS);
-
-/** @brief Extract a PIN number from a client secret
- *
- @param h is the hash type
- @param ID is the input client identity
- @param factor is an input factor
- @param facbits is the number of bits in the factor
- @param CS is the client secret to which the factor is to be added
- @return 0 or an error code
- */
-int MPIN_ZZZ_RESTORE_FACTOR(int h,octet *ID,int factor,int facbits,octet *CS);
-
-
-/** @brief Extract a PIN number from a client secret
- *
- @param h is the hash type
- @param ID is the input client identity
- @param pin is an input PIN number
- @param CS is the client secret from which the PIN is to be extracted
- @return 0 or an error code
- */
-int MPIN_ZZZ_EXTRACT_PIN(int h,octet *ID,int pin,octet *CS);
-
-
-
-/** @brief Perform client side of the one-pass version of the M-Pin protocol
- *
- If Time Permits are disabled, set d = 0, and UT is not generated and can be set to NULL.
- If Time Permits are enabled, and PIN error detection is OFF, U is not generated and can be set to NULL.
- If Time Permits are enabled, and PIN error detection is ON, U and UT are both generated.
- @param h is the hash type
- @param d is input date, in days since the epoch. Set to 0 if Time permits disabled
- @param ID is the input client identity
- @param R is a pointer to a cryptographically secure random number generator
- @param x an output internally randomly generated if R!=NULL, otherwise must be provided as an input
- @param pin is the input PIN number
- @param T is the input M-Pin token (the client secret with PIN portion removed)
- @param V is output = -(x+y)(CS+TP), where CS is the reconstructed client secret, and TP is the time permit
- @param U is output = x.H(ID)
- @param UT is output = x.(H(ID)+H(d|H(ID)))
- @param TP is the input time permit
- @param MESSAGE is the message to be signed
- @param t is input epoch time in seconds - a timestamp
- @param y is output H(t|U) or H(t|UT) if Time Permits enabled
- @return 0 or an error code
- */
-int MPIN_ZZZ_CLIENT(int h,int d,octet *ID,csprng *R,octet *x,int pin,octet *T,octet *V,octet *U,octet *UT,octet *TP, octet* MESSAGE, int t, octet *y);
-/** @brief Perform first pass of the client side of the 3-pass version of the M-Pin protocol
- *
- If Time Permits are disabled, set d = 0, and UT is not generated and can be set to NULL.
- If Time Permits are enabled, and PIN error detection is OFF, U is not generated and can be set to NULL.
- If Time Permits are enabled, and PIN error detection is ON, U and UT are both generated.
- @param h is the hash type
- @param d is input date, in days since the epoch. Set to 0 if Time permits disabled
- @param ID is the input client identity
- @param R is a pointer to a cryptographically secure random number generator
- @param x an output internally randomly generated if R!=NULL, otherwise must be provided as an input
- @param pin is the input PIN number
- @param T is the input M-Pin token (the client secret with PIN portion removed)
- @param S is output = CS+TP, where CS=is the reconstructed client secret, and TP is the time permit
- @param U is output = x.H(ID)
- @param UT is output = x.(H(ID)+H(d|H(ID)))
- @param TP is the input time permit
- @return 0 or an error code
- */
-int MPIN_ZZZ_CLIENT_1(int h,int d,octet *ID,csprng *R,octet *x,int pin,octet *T,octet *S,octet *U,octet *UT,octet *TP);
-/** @brief Generate a random group element
- *
- @param R is a pointer to a cryptographically secure random number generator
- @param S is the output random octet
- @return 0 or an error code
- */
-int MPIN_ZZZ_RANDOM_GENERATE(csprng *R,octet *S);
-/** @brief Perform second pass of the client side of the 3-pass version of the M-Pin protocol
- *
- @param x an input, a locally generated random number
- @param y an input random challenge from the server
- @param V on output = -(x+y).V
- @return 0 or an error code
- */
-int MPIN_ZZZ_CLIENT_2(octet *x,octet *y,octet *V);
-/** @brief Perform server side of the one-pass version of the M-Pin protocol
- *
- If Time Permits are disabled, set d = 0, and UT and HTID are not generated and can be set to NULL.
- If Time Permits are enabled, and PIN error detection is OFF, U and HID are not needed and can be set to NULL.
- If Time Permits are enabled, and PIN error detection is ON, U, UT, HID and HTID are all required.
- @param h is the hash type
- @param d is input date, in days since the epoch. Set to 0 if Time permits disabled
- @param HID is output H(ID), a hash of the client ID
- @param HTID is output H(ID)+H(d|H(ID))
- @param y is output H(t|U) or H(t|UT) if Time Permits enabled
- @param SS is the input server secret
- @param U is input from the client = x.H(ID)
- @param UT is input from the client= x.(H(ID)+H(d|H(ID)))
- @param V is an input from the client
- @param E is an output to help the Kangaroos to find the PIN error, or NULL if not required
- @param F is an output to help the Kangaroos to find the PIN error, or NULL if not required
- @param ID is the input claimed client identity
- @param MESSAGE is the message to be signed
- @param t is input epoch time in seconds - a timestamp
- @param Pa is input from the client z.Q or NULL if the key-escrow less scheme is not used
- @return 0 or an error code
- */
-int MPIN_ZZZ_SERVER(int h,int d,octet *HID,octet *HTID,octet *y,octet *SS,octet *U,octet *UT,octet *V,octet *E,octet *F,octet *ID,octet *MESSAGE, int t, octet *Pa);
-/** @brief Perform first pass of the server side of the 3-pass version of the M-Pin protocol
- *
- @param h is the hash type
- @param d is input date, in days since the epoch. Set to 0 if Time permits disabled
- @param ID is the input claimed client identity
- @param HID is output H(ID), a hash of the client ID
- @param HTID is output H(ID)+H(d|H(ID))
- @return 0 or an error code
- */
-void MPIN_ZZZ_SERVER_1(int h,int d,octet *ID,octet *HID,octet *HTID);
-/** @brief Perform third pass on the server side of the 3-pass version of the M-Pin protocol
- *
- If Time Permits are disabled, set d = 0, and UT and HTID are not needed and can be set to NULL.
- If Time Permits are enabled, and PIN error detection is OFF, U and HID are not needed and can be set to NULL.
- If Time Permits are enabled, and PIN error detection is ON, U, UT, HID and HTID are all required.
- @param d is input date, in days since the epoch. Set to 0 if Time permits disabled
- @param HID is input H(ID), a hash of the client ID
- @param HTID is input H(ID)+H(d|H(ID))
- @param y is the input server's randomly generated challenge
- @param SS is the input server secret
- @param U is input from the client = x.H(ID)
- @param UT is input from the client= x.(H(ID)+H(d|H(ID)))
- @param V is an input from the client
- @param E is an output to help the Kangaroos to find the PIN error, or NULL if not required
- @param F is an output to help the Kangaroos to find the PIN error, or NULL if not required
- @param Pa is the input public key from the client, z.Q or NULL if the client uses regular mpin
- @return 0 or an error code
- */
-int MPIN_ZZZ_SERVER_2(int d,octet *HID,octet *HTID,octet *y,octet *SS,octet *U,octet *UT,octet *V,octet *E,octet *F,octet *Pa);
-/** @brief Add two members from the group G1
- *
- @param Q1 an input member of G1
- @param Q2 an input member of G1
- @param Q an output member of G1 = Q1+Q2
- @return 0 or an error code
- */
-int MPIN_ZZZ_RECOMBINE_G1(octet *Q1,octet *Q2,octet *Q);
-/** @brief Add two members from the group G2
- *
- @param P1 an input member of G2
- @param P2 an input member of G2
- @param P an output member of G2 = P1+P2
- @return 0 or an error code
- */
-int MPIN_ZZZ_RECOMBINE_G2(octet *P1,octet *P2,octet *P);
-/** @brief Use Kangaroos to find PIN error
- *
- @param E a member of the group GT
- @param F a member of the group GT = E^e
- @return 0 if Kangaroos failed, or the PIN error e
- */
-int MPIN_ZZZ_KANGAROO(octet *E,octet *F);
-/** @brief Encoding of a Time Permit to make it indistinguishable from a random string
- *
- @param R is a pointer to a cryptographically secure random number generator
- @param TP is the input time permit, obfuscated on output
- @return 0 or an error code
- */
-int MPIN_ZZZ_ENCODING(csprng *R,octet *TP);
-/** @brief Encoding of an obfuscated Time Permit
- *
- @param TP is the input obfuscated time permit, restored on output
- @return 0 or an error code
- */
-int MPIN_ZZZ_DECODING(octet *TP);
-
-/** @brief Find a random multiple of a point in G1
- *
- @param R is a pointer to a cryptographically secure random number generator
- @param type determines type of action to be taken
- @param x an output internally randomly generated if R!=NULL, otherwise must be provided as an input
- @param G if type=0 a point in G1, else an octet to be mapped to G1
- @param W the output =x.G or x.M(G), where M(.) is a mapping
- @return 0 or an error code
- */
-int MPIN_ZZZ_GET_G1_MULTIPLE(csprng *R,int type,octet *x,octet *G,octet *W);
-/** @brief Find a random multiple of a point in G1
- *
- @param R is a pointer to a cryptographically secure random number generator
- @param type determines type of action to betaken
- @param x an output internally randomly generated if R!=NULL, otherwise must be provided as an input
- @param G a point in G2
- @param W the output =x.G or (1/x).G
- @return 0 or an error code
- */
-int MPIN_ZZZ_GET_G2_MULTIPLE(csprng *R,int type,octet *x,octet *G,octet *W);
-
-/** @brief Create a client secret in G1 from a master secret and the client ID
- *
- @param S is an input master secret
- @param ID is the input client identity
- @param CS is the full client secret = s.H(ID)
- @return 0 or an error code
- */
-int MPIN_ZZZ_GET_CLIENT_SECRET(octet *S,octet *ID,octet *CS);
-/** @brief Create a Time Permit in G1 from a master secret and the client ID
- *
- @param h is the hash type
- @param d is input date, in days since the epoch.
- @param S is an input master secret
- @param ID is the input client identity
- @param TP is a Time Permit for the given date = s.H(d|H(ID))
- @return 0 or an error code
- */
-int MPIN_ZZZ_GET_CLIENT_PERMIT(int h,int d,octet *S,octet *ID,octet *TP);
-/** @brief Create a server secret in G2 from a master secret
- *
- @param S is an input master secret
- @param SS is the server secret = s.Q where Q is a fixed generator of G2
- @return 0 or an error code
- */
-int MPIN_ZZZ_GET_SERVER_SECRET(octet *S,octet *SS);
-/* int MPIN_TEST_PAIRING(octet *,octet *); */
-
-/* For M-Pin Full */
-/** @brief Precompute values for use by the client side of M-Pin Full
- *
- @param T is the input M-Pin token (the client secret with PIN portion removed)
- @param ID is the input client identity
- @param CP is Public Key (or NULL)
- @param g1 precomputed output
- @param g2 precomputed output
- @return 0 or an error code
- */
-int MPIN_ZZZ_PRECOMPUTE(octet *T,octet *ID,octet *CP,octet *g1,octet *g2);
-/** @brief Calculate Key on Server side for M-Pin Full
- *
- Uses UT internally for the key calculation, unless not available in which case U is used
- @param h is the hash type
- @param Z is the input Client-side Diffie-Hellman component
- @param SS is the input server secret
- @param w is an input random number generated by the server
- @param p is an input, hash of the protocol transcript
- @param I is the hashed input client ID = H(ID)
- @param U is input from the client = x.H(ID)
- @param UT is input from the client= x.(H(ID)+H(d|H(ID)))
- @param K is the output calculated shared key
- @return 0 or an error code
- */
-int MPIN_ZZZ_SERVER_KEY(int h,octet *Z,octet *SS,octet *w,octet *p,octet *I,octet *U,octet *UT,octet *K);
-/** @brief Calculate Key on Client side for M-Pin Full
- *
- @param h is the hash type
- @param g1 precomputed input
- @param g2 precomputed input
- @param pin is the input PIN number
- @param r is an input, a locally generated random number
- @param x is an input, a locally generated random number
- @param p is an input, hash of the protocol transcript
- @param T is the input Server-side Diffie-Hellman component
- @param K is the output calculated shared key
- @return 0 or an error code
- */
-int MPIN_ZZZ_CLIENT_KEY(int h,octet *g1,octet *g2,int pin,octet *r,octet *x,octet *p,octet *T,octet *K);
-
-/** @brief Generates a random public key for the client z.Q
- *
- @param R is a pointer to a cryptographically secure random number generator
- @param Z an output internally randomly generated if R!=NULL, otherwise it must be provided as an input
- @param Pa the output public key for the client
- */
-int MPIN_ZZZ_GET_DVS_KEYPAIR(csprng *R,octet *Z,octet *Pa);
-
-#endif
-
[15/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/ff.c
----------------------------------------------------------------------
diff --git a/version3/c/ff.c b/version3/c/ff.c
deleted file mode 100644
index fd64dd9..0000000
--- a/version3/c/ff.c
+++ /dev/null
@@ -1,1155 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL basic functions for Large Finite Field support */
-
-#include "ff_WWW.h"
-
-/* Arazi and Qi inversion mod 256 */
-static int invmod256(int a)
-{
- int U,t1,t2,b,c;
- t1=0;
- c=(a>>1)&1;
- t1+=c;
- t1&=1;
- t1=2-t1;
- t1<<=1;
- U=t1+1;
-
-// i=2
- b=a&3;
- t1=U*b;
- t1>>=2;
- c=(a>>2)&3;
- t2=(U*c)&3;
- t1+=t2;
- t1*=U;
- t1&=3;
- t1=4-t1;
- t1<<=2;
- U+=t1;
-
-// i=4
- b=a&15;
- t1=U*b;
- t1>>=4;
- c=(a>>4)&15;
- t2=(U*c)&15;
- t1+=t2;
- t1*=U;
- t1&=15;
- t1=16-t1;
- t1<<=4;
- U+=t1;
-
- return U;
-}
-
-/* a=1/a mod 2^BIGBITS. This is very fast! */
-void BIG_XXX_invmod2m(BIG_XXX a)
-{
- int i;
- BIG_XXX U,t1,b,c;
- BIG_XXX_zero(U);
- BIG_XXX_inc(U,invmod256(BIG_XXX_lastbits(a,8)));
- for (i=8; i<BIGBITS_XXX; i<<=1)
- {
- BIG_XXX_norm(U);
- BIG_XXX_copy(b,a);
- BIG_XXX_mod2m(b,i); // bottom i bits of a
-
- BIG_XXX_smul(t1,U,b);
- BIG_XXX_shr(t1,i); // top i bits of U*b
-
- BIG_XXX_copy(c,a);
- BIG_XXX_shr(c,i);
- BIG_XXX_mod2m(c,i); // top i bits of a
-
- BIG_XXX_smul(b,U,c);
- BIG_XXX_mod2m(b,i); // bottom i bits of U*c
-
- BIG_XXX_add(t1,t1,b);
- BIG_XXX_norm(t1);
- BIG_XXX_smul(b,t1,U);
- BIG_XXX_copy(t1,b); // (t1+b)*U
- BIG_XXX_mod2m(t1,i); // bottom i bits of (t1+b)*U
-
- BIG_XXX_one(b);
- BIG_XXX_shl(b,i);
- BIG_XXX_sub(t1,b,t1);
- BIG_XXX_norm(t1);
-
- BIG_XXX_shl(t1,i);
-
- BIG_XXX_add(U,U,t1);
- }
- BIG_XXX_copy(a,U);
- BIG_XXX_norm(a);
- BIG_XXX_mod2m(a,BIGBITS_XXX);
-}
-
-/*
-void FF_rcopy(BIG x[],const BIG y[],int n)
-{
- int i;
- for (i=0;i<n;i++)
- BIG_rcopy(x[i],y[i]);
-}
-*/
-
-/* x=y */
-void FF_WWW_copy(BIG_XXX x[],BIG_XXX y[],int n)
-{
- int i;
- for (i=0; i<n; i++)
- BIG_XXX_copy(x[i],y[i]);
-}
-
-/* x=y<<n */
-static void FF_WWW_dsucopy(BIG_XXX x[],BIG_XXX y[],int n)
-{
- int i;
- for (i=0; i<n; i++)
- {
- BIG_XXX_copy(x[n+i],y[i]);
- BIG_XXX_zero(x[i]);
- }
-}
-
-/* x=y */
-static void FF_WWW_dscopy(BIG_XXX x[],BIG_XXX y[],int n)
-{
- int i;
- for (i=0; i<n; i++)
- {
- BIG_XXX_copy(x[i],y[i]);
- BIG_XXX_zero(x[n+i]);
- }
-}
-
-/* x=y>>n */
-static void FF_WWW_sducopy(BIG_XXX x[],BIG_XXX y[],int n)
-{
- int i;
- for (i=0; i<n; i++)
- BIG_XXX_copy(x[i],y[n+i]);
-}
-
-/* set to zero */
-void FF_WWW_zero(BIG_XXX x[],int n)
-{
- int i;
- for (i=0; i<n; i++)
- BIG_XXX_zero(x[i]);
-}
-
-/* test equals 0 */
-int FF_WWW_iszilch(BIG_XXX x[],int n)
-{
- int i;
- for (i=0; i<n; i++)
- if (!BIG_XXX_iszilch(x[i])) return 0;
- return 1;
-}
-
-/* shift right by BIGBITS-bit words */
-static void FF_WWW_shrw(BIG_XXX a[],int n)
-{
- int i;
- for (i=0; i<n; i++)
- {
- BIG_XXX_copy(a[i],a[i+n]);
- BIG_XXX_zero(a[i+n]);
- }
-}
-
-/* shift left by BIGBITS-bit words */
-static void FF_WWW_shlw(BIG_XXX a[],int n)
-{
- int i;
- for (i=0; i<n; i++)
- {
- BIG_XXX_copy(a[i+n],a[i]);
- BIG_XXX_zero(a[i]);
- }
-}
-
-/* extract last bit */
-int FF_WWW_parity(BIG_XXX x[])
-{
- return BIG_XXX_parity(x[0]);
-}
-
-/* extract last m bits */
-int FF_WWW_lastbits(BIG_XXX x[],int m)
-{
- return BIG_XXX_lastbits(x[0],m);
-}
-
-/* x=1 */
-void FF_WWW_one(BIG_XXX x[],int n)
-{
- int i;
- BIG_XXX_one(x[0]);
- for (i=1; i<n; i++)
- BIG_XXX_zero(x[i]);
-}
-
-/* x=m, where m is 32-bit int */
-void FF_WWW_init(BIG_XXX x[],sign32 m,int n)
-{
- int i;
- BIG_XXX_zero(x[0]);
-#if CHUNK<64
- x[0][0]=(chunk)(m&BMASK_XXX);
- x[0][1]=(chunk)(m>>BASEBITS_XXX);
-#else
- x[0][0]=(chunk)m;
-#endif
- for (i=1; i<n; i++)
- BIG_XXX_zero(x[i]);
-}
-
-/* compare x and y - must be normalised */
-int FF_WWW_comp(BIG_XXX x[],BIG_XXX y[],int n)
-{
- int i,j;
- for (i=n-1; i>=0; i--)
- {
- j=BIG_XXX_comp(x[i],y[i]);
- if (j!=0) return j;
- }
- return 0;
-}
-
-/* recursive add */
-static void FF_WWW_radd(BIG_XXX z[],int zp,BIG_XXX x[],int xp,BIG_XXX y[],int yp,int n)
-{
- int i;
- for (i=0; i<n; i++)
- BIG_XXX_add(z[zp+i],x[xp+i],y[yp+i]);
-}
-
-/* recursive inc */
-static void FF_WWW_rinc(BIG_XXX z[],int zp,BIG_XXX y[],int yp,int n)
-{
- int i;
- for (i=0; i<n; i++)
- BIG_XXX_add(z[zp+i],z[zp+i],y[yp+i]);
-}
-
-/* recursive sub */
-/*
-static void FF_rsub(BIG z[],int zp,BIG x[],int xp,BIG y[],int yp,int n)
-{
- int i;
- for (i=0;i<n;i++)
- BIG_sub(z[zp+i],x[xp+i],y[yp+i]);
-}
-*/
-
-/* recursive dec */
-static void FF_WWW_rdec(BIG_XXX z[],int zp,BIG_XXX y[],int yp,int n)
-{
- int i;
- for (i=0; i<n; i++)
- BIG_XXX_sub(z[zp+i],z[zp+i],y[yp+i]);
-}
-
-/* simple add */
-void FF_WWW_add(BIG_XXX z[],BIG_XXX x[],BIG_XXX y[],int n)
-{
- int i;
- for (i=0; i<n; i++)
- BIG_XXX_add(z[i],x[i],y[i]);
-}
-
-/* simple sub */
-void FF_WWW_sub(BIG_XXX z[],BIG_XXX x[],BIG_XXX y[],int n)
-{
- int i;
- for (i=0; i<n; i++)
- BIG_XXX_sub(z[i],x[i],y[i]);
-}
-
-/* increment/decrement by a small integer */
-void FF_WWW_inc(BIG_XXX x[],int m,int n)
-{
- BIG_XXX_inc(x[0],m);
- FF_WWW_norm(x,n);
-}
-
-void FF_WWW_dec(BIG_XXX x[],int m,int n)
-{
- BIG_XXX_dec(x[0],m);
- FF_WWW_norm(x,n);
-}
-
-/* normalise - but hold any overflow in top part unless n<0 */
-static void FF_WWW_rnorm(BIG_XXX z[],int zp,int n)
-{
- int i,trunc=0;
- chunk carry;
- if (n<0)
- {
- /* -v n signals to do truncation */
- n=-n;
- trunc=1;
- }
- for (i=0; i<n-1; i++)
- {
- carry=BIG_XXX_norm(z[zp+i]);
-
- z[zp+i][NLEN_XXX-1]^=carry<<P_TBITS_WWW; /* remove it */
- z[zp+i+1][0]+=carry;
- }
- carry=BIG_XXX_norm(z[zp+n-1]);
- if (trunc) z[zp+n-1][NLEN_XXX-1]^=carry<<P_TBITS_WWW;
-}
-
-void FF_WWW_norm(BIG_XXX z[],int n)
-{
- FF_WWW_rnorm(z,0,n);
-}
-
-/* shift left by one bit */
-void FF_WWW_shl(BIG_XXX x[],int n)
-{
- int i;
- int carry,delay_carry=0;
- for (i=0; i<n-1; i++)
- {
- carry=BIG_XXX_fshl(x[i],1);
- x[i][0]|=delay_carry;
- x[i][NLEN_XXX-1]^=(chunk)carry<<P_TBITS_WWW;
- delay_carry=carry;
- }
- BIG_XXX_fshl(x[n-1],1);
- x[n-1][0]|=delay_carry;
-}
-
-/* shift right by one bit */
-void FF_WWW_shr(BIG_XXX x[],int n)
-{
- int i;
- int carry;
- for (i=n-1; i>0; i--)
- {
- carry=BIG_XXX_fshr(x[i],1);
- x[i-1][NLEN_XXX-1]|=(chunk)carry<<P_TBITS_WWW;
- }
- BIG_XXX_fshr(x[0],1);
-}
-
-void FF_WWW_output(BIG_XXX x[],int n)
-{
- int i;
- FF_WWW_norm(x,n);
- for (i=n-1; i>=0; i--)
- {
- BIG_XXX_output(x[i]);
- printf(" ");
- }
-}
-
-void FF_WWW_rawoutput(BIG_XXX x[],int n)
-{
- int i;
- for (i=n-1; i>=0; i--)
- {
- BIG_XXX_rawoutput(x[i]);
- printf(" ");
- }
-}
-
-/* Convert FFs to/from octet strings */
-void FF_WWW_toOctet(octet *w,BIG_XXX x[],int n)
-{
- int i;
- w->len=n*MODBYTES_XXX;
- for (i=0; i<n; i++)
- {
- BIG_XXX_toBytes(&(w->val[(n-i-1)*MODBYTES_XXX]),x[i]);
- }
-}
-
-void FF_WWW_fromOctet(BIG_XXX x[],octet *w,int n)
-{
- int i;
- for (i=0; i<n; i++)
- {
- BIG_XXX_fromBytes(x[i],&(w->val[(n-i-1)*MODBYTES_XXX]));
- }
-}
-
-/* in-place swapping using xor - side channel resistant */
-static void FF_WWW_cswap(BIG_XXX a[],BIG_XXX b[],int d,int n)
-{
- int i;
- for (i=0; i<n; i++)
- BIG_XXX_cswap(a[i],b[i],d);
- return;
-}
-
-/* z=x*y, t is workspace */
-static void FF_WWW_karmul(BIG_XXX z[],int zp,BIG_XXX x[],int xp,BIG_XXX y[],int yp,BIG_XXX t[],int tp,int n)
-{
- int nd2;
- if (n==1)
- {
- BIG_XXX_norm(x[xp]);
- BIG_XXX_norm(y[yp]);
- BIG_XXX_mul(t[tp],x[xp],y[yp]);
- BIG_XXX_split(z[zp+1],z[zp],t[tp],BIGBITS_XXX);
- return;
- }
-
- nd2=n/2;
- FF_WWW_radd(z,zp,x,xp,x,xp+nd2,nd2);
- FF_WWW_rnorm(z,zp,nd2); /* needs this if recursion level too deep */
-
- FF_WWW_radd(z,zp+nd2,y,yp,y,yp+nd2,nd2);
- FF_WWW_rnorm(z,zp+nd2,nd2);
- FF_WWW_karmul(t,tp,z,zp,z,zp+nd2,t,tp+n,nd2);
- FF_WWW_karmul(z,zp,x,xp,y,yp,t,tp+n,nd2);
- FF_WWW_karmul(z,zp+n,x,xp+nd2,y,yp+nd2,t,tp+n,nd2);
- FF_WWW_rdec(t,tp,z,zp,n);
- FF_WWW_rdec(t,tp,z,zp+n,n);
- FF_WWW_rinc(z,zp+nd2,t,tp,n);
- FF_WWW_rnorm(z,zp,2*n);
-}
-
-static void FF_WWW_karsqr(BIG_XXX z[],int zp,BIG_XXX x[],int xp,BIG_XXX t[],int tp,int n)
-{
- int nd2;
- if (n==1)
- {
- BIG_XXX_norm(x[xp]);
- BIG_XXX_sqr(t[tp],x[xp]);
- BIG_XXX_split(z[zp+1],z[zp],t[tp],BIGBITS_XXX);
- return;
- }
- nd2=n/2;
- FF_WWW_karsqr(z,zp,x,xp,t,tp+n,nd2);
- FF_WWW_karsqr(z,zp+n,x,xp+nd2,t,tp+n,nd2);
- FF_WWW_karmul(t,tp,x,xp,x,xp+nd2,t,tp+n,nd2);
- FF_WWW_rinc(z,zp+nd2,t,tp,n);
- FF_WWW_rinc(z,zp+nd2,t,tp,n);
-
- FF_WWW_rnorm(z,zp+nd2,n); /* was FF_rnorm(z,zp,2*n) */
-}
-
-static void FF_WWW_karmul_lower(BIG_XXX z[],int zp,BIG_XXX x[],int xp,BIG_XXX y[],int yp,BIG_XXX t[],int tp,int n)
-{
- /* Calculates Least Significant bottom half of x*y */
- int nd2;
- if (n==1)
- {
- /* only calculate bottom half of product */
- BIG_XXX_norm(x[xp]);
- BIG_XXX_norm(y[yp]);
- BIG_XXX_smul(z[zp],x[xp],y[yp]);
- return;
- }
- nd2=n/2;
- FF_WWW_karmul(z,zp,x,xp,y,yp,t,tp+n,nd2);
- FF_WWW_karmul_lower(t,tp,x,xp+nd2,y,yp,t,tp+n,nd2);
- FF_WWW_rinc(z,zp+nd2,t,tp,nd2);
- FF_WWW_karmul_lower(t,tp,x,xp,y,yp+nd2,t,tp+n,nd2);
- FF_WWW_rinc(z,zp+nd2,t,tp,nd2);
- FF_WWW_rnorm(z,zp+nd2,-nd2); /* truncate it */
-}
-
-static void FF_WWW_karmul_upper(BIG_XXX z[],BIG_XXX x[],BIG_XXX y[],BIG_XXX t[],int n)
-{
- /* Calculates Most Significant upper half of x*y, given lower part */
- int nd2;
-
- nd2=n/2;
- FF_WWW_radd(z,n,x,0,x,nd2,nd2);
- FF_WWW_radd(z,n+nd2,y,0,y,nd2,nd2);
- FF_WWW_rnorm(z,n,nd2);
- FF_WWW_rnorm(z,n+nd2,nd2);
-
- FF_WWW_karmul(t,0,z,n+nd2,z,n,t,n,nd2); /* t = (a0+a1)(b0+b1) */
- FF_WWW_karmul(z,n,x,nd2,y,nd2,t,n,nd2); /* z[n]= a1*b1 */
- /* z[0-nd2]=l(a0b0) z[nd2-n]= h(a0b0)+l(t)-l(a0b0)-l(a1b1) */
- FF_WWW_rdec(t,0,z,n,n); /* t=t-a1b1 */
- FF_WWW_rinc(z,nd2,z,0,nd2); /* z[nd2-n]+=l(a0b0) = h(a0b0)+l(t)-l(a1b1) */
- FF_WWW_rdec(z,nd2,t,0,nd2); /* z[nd2-n]=h(a0b0)+l(t)-l(a1b1)-l(t-a1b1)=h(a0b0) */
- FF_WWW_rnorm(z,0,-n); /* a0b0 now in z - truncate it */
- FF_WWW_rdec(t,0,z,0,n); /* (a0+a1)(b0+b1) - a0b0 */
- FF_WWW_rinc(z,nd2,t,0,n);
-
- FF_WWW_rnorm(z,nd2,n);
-}
-
-/* z=x*y */
-void FF_WWW_mul(BIG_XXX z[],BIG_XXX x[],BIG_XXX y[],int n)
-{
-#ifndef C99
- BIG_XXX t[2*FFLEN_WWW];
-#else
- BIG_XXX t[2*n];
-#endif
-// FF_norm(x,n); /* change here */
-// FF_norm(y,n); /* change here */
- FF_WWW_karmul(z,0,x,0,y,0,t,0,n);
-}
-
-/* return low part of product */
-static void FF_WWW_lmul(BIG_XXX z[],BIG_XXX x[],BIG_XXX y[],int n)
-{
-#ifndef C99
- BIG_XXX t[2*FFLEN_WWW];
-#else
- BIG_XXX t[2*n];
-#endif
-// FF_norm(x,n); /* change here */
-// FF_norm(y,n); /* change here */
- FF_WWW_karmul_lower(z,0,x,0,y,0,t,0,n);
-}
-
-/* Set b=b mod c */
-void FF_WWW_mod(BIG_XXX b[],BIG_XXX c[],int n)
-{
- int k=0;
-
- FF_WWW_norm(b,n);
- if (FF_WWW_comp(b,c,n)<0)
- return;
- do
- {
- FF_WWW_shl(c,n);
- k++;
- }
- while (FF_WWW_comp(b,c,n)>=0);
-
- while (k>0)
- {
- FF_WWW_shr(c,n);
- if (FF_WWW_comp(b,c,n)>=0)
- {
- FF_WWW_sub(b,b,c,n);
- FF_WWW_norm(b,n);
- }
- k--;
- }
-}
-
-/* z=x^2 */
-void FF_WWW_sqr(BIG_XXX z[],BIG_XXX x[],int n)
-{
-#ifndef C99
- BIG_XXX t[2*FFLEN_WWW];
-#else
- BIG_XXX t[2*n];
-#endif
-// FF_norm(x,n); /* change here */
- FF_WWW_karsqr(z,0,x,0,t,0,n);
-}
-
-/* r=t mod modulus, N is modulus, ND is Montgomery Constant */
-static void FF_WWW_reduce(BIG_XXX r[],BIG_XXX T[],BIG_XXX N[],BIG_XXX ND[],int n)
-{
- /* fast karatsuba Montgomery reduction */
-#ifndef C99
- BIG_XXX t[2*FFLEN_WWW];
- BIG_XXX m[FFLEN_WWW];
-#else
- BIG_XXX t[2*n];
- BIG_XXX m[n];
-#endif
- FF_WWW_sducopy(r,T,n); /* keep top half of T */
- //FF_norm(T,n); /* change here */
- FF_WWW_karmul_lower(m,0,T,0,ND,0,t,0,n); /* m=T.(1/N) mod R */
-
- //FF_norm(N,n); /* change here */
- FF_WWW_karmul_upper(T,N,m,t,n); /* T=mN */
- FF_WWW_sducopy(m,T,n);
-
- FF_WWW_add(r,r,N,n);
- FF_WWW_sub(r,r,m,n);
- FF_WWW_norm(r,n);
-}
-
-
-/* Set r=a mod b */
-/* a is of length - 2*n */
-/* r,b is of length - n */
-void FF_WWW_dmod(BIG_XXX r[],BIG_XXX a[],BIG_XXX b[],int n)
-{
- int k;
-#ifndef C99
- BIG_XXX m[2*FFLEN_WWW];
- BIG_XXX x[2*FFLEN_WWW];
-#else
- BIG_XXX m[2*n];
- BIG_XXX x[2*n];
-#endif
- FF_WWW_copy(x,a,2*n);
- FF_WWW_norm(x,2*n);
- FF_WWW_dsucopy(m,b,n);
- k=BIGBITS_XXX*n;
-
- while (FF_WWW_comp(x,m,2*n)>=0)
- {
- FF_WWW_sub(x,x,m,2*n);
- FF_WWW_norm(x,2*n);
- }
-
- while (k>0)
- {
- FF_WWW_shr(m,2*n);
-
- if (FF_WWW_comp(x,m,2*n)>=0)
- {
- FF_WWW_sub(x,x,m,2*n);
- FF_WWW_norm(x,2*n);
- }
-
- k--;
- }
- FF_WWW_copy(r,x,n);
- FF_WWW_mod(r,b,n);
-}
-
-/* Set r=1/a mod p. Binary method - a<p on entry */
-
-void FF_WWW_invmodp(BIG_XXX r[],BIG_XXX a[],BIG_XXX p[],int n)
-{
-#ifndef C99
- BIG_XXX u[FFLEN_WWW],v[FFLEN_WWW],x1[FFLEN_WWW],x2[FFLEN_WWW],t[FFLEN_WWW],one[FFLEN_WWW];
-#else
- BIG_XXX u[n],v[n],x1[n],x2[n],t[n],one[n];
-#endif
- FF_WWW_copy(u,a,n);
- FF_WWW_copy(v,p,n);
- FF_WWW_one(one,n);
- FF_WWW_copy(x1,one,n);
- FF_WWW_zero(x2,n);
-
-// reduce n in here as well!
- while (FF_WWW_comp(u,one,n)!=0 && FF_WWW_comp(v,one,n)!=0)
- {
- while (FF_WWW_parity(u)==0)
- {
- FF_WWW_shr(u,n);
- if (FF_WWW_parity(x1)!=0)
- {
- FF_WWW_add(x1,p,x1,n);
- FF_WWW_norm(x1,n);
- }
- FF_WWW_shr(x1,n);
- }
- while (FF_WWW_parity(v)==0)
- {
- FF_WWW_shr(v,n);
- if (FF_WWW_parity(x2)!=0)
- {
- FF_WWW_add(x2,p,x2,n);
- FF_WWW_norm(x2,n);
- }
- FF_WWW_shr(x2,n);
- }
- if (FF_WWW_comp(u,v,n)>=0)
- {
-
- FF_WWW_sub(u,u,v,n);
- FF_WWW_norm(u,n);
- if (FF_WWW_comp(x1,x2,n)>=0) FF_WWW_sub(x1,x1,x2,n);
- else
- {
- FF_WWW_sub(t,p,x2,n);
- FF_WWW_add(x1,x1,t,n);
- }
- FF_WWW_norm(x1,n);
- }
- else
- {
- FF_WWW_sub(v,v,u,n);
- FF_WWW_norm(v,n);
- if (FF_WWW_comp(x2,x1,n)>=0) FF_WWW_sub(x2,x2,x1,n);
- else
- {
- FF_WWW_sub(t,p,x1,n);
- FF_WWW_add(x2,x2,t,n);
- }
- FF_WWW_norm(x2,n);
- }
- }
- if (FF_WWW_comp(u,one,n)==0)
- FF_WWW_copy(r,x1,n);
- else
- FF_WWW_copy(r,x2,n);
-}
-
-/* nesidue mod m */
-static void FF_WWW_nres(BIG_XXX a[],BIG_XXX m[],int n)
-{
-#ifndef C99
- BIG_XXX d[2*FFLEN_WWW];
-#else
- BIG_XXX d[2*n];
-#endif
- if (n==1)
- {
- BIG_XXX_dscopy(d[0],a[0]);
- BIG_XXX_dshl(d[0],NLEN_XXX*BASEBITS_XXX);
- BIG_XXX_dmod(a[0],d[0],m[0]);
- }
- else
- {
- FF_WWW_dsucopy(d,a,n);
- FF_WWW_dmod(a,d,m,n);
- }
-}
-
-static void FF_WWW_redc(BIG_XXX a[],BIG_XXX m[],BIG_XXX ND[],int n)
-{
-#ifndef C99
- BIG_XXX d[2*FFLEN_WWW];
-#else
- BIG_XXX d[2*n];
-#endif
- if (n==1)
- {
- BIG_XXX_dzero(d[0]);
- BIG_XXX_dscopy(d[0],a[0]);
- BIG_XXX_monty(a[0],m[0],((chunk)1<<BASEBITS_XXX)-ND[0][0],d[0]);
- }
- else
- {
- FF_WWW_mod(a,m,n);
- FF_WWW_dscopy(d,a,n);
- FF_WWW_reduce(a,d,m,ND,n);
- FF_WWW_mod(a,m,n);
- }
-}
-
-/* U=1/a mod 2^m - Arazi & Qi */
-static void FF_WWW_invmod2m(BIG_XXX U[],BIG_XXX a[],int n)
-{
- int i;
-#ifndef C99
- BIG_XXX t1[FFLEN_WWW],b[FFLEN_WWW],c[FFLEN_WWW];
-#else
- BIG_XXX t1[2*n],b[n],c[n];
-#endif
-
- FF_WWW_zero(U,n);
- FF_WWW_zero(b,n);
- FF_WWW_zero(c,n);
- FF_WWW_zero(t1,2*n);
-
- BIG_XXX_copy(U[0],a[0]);
- BIG_XXX_invmod2m(U[0]);
- for (i=1; i<n; i<<=1)
- {
- FF_WWW_copy(b,a,i);
- FF_WWW_mul(t1,U,b,i);
- FF_WWW_shrw(t1,i); // top half to bottom half, top half=0
-
- FF_WWW_copy(c,a,2*i);
- FF_WWW_shrw(c,i); // top half of c
- FF_WWW_lmul(b,U,c,i); // should set top half of b=0
- FF_WWW_add(t1,t1,b,i);
- FF_WWW_norm(t1,2*i);
- FF_WWW_lmul(b,t1,U,i);
- FF_WWW_copy(t1,b,i);
- FF_WWW_one(b,i);
- FF_WWW_shlw(b,i);
- FF_WWW_sub(t1,b,t1,2*i);
- FF_WWW_norm(t1,2*i);
- FF_WWW_shlw(t1,i);
- FF_WWW_add(U,U,t1,2*i);
- }
-
- FF_WWW_norm(U,n);
-}
-
-void FF_WWW_random(BIG_XXX x[],csprng *rng,int n)
-{
- int i;
- for (i=0; i<n; i++)
- {
- BIG_XXX_random(x[i],rng);
- }
- /* make sure top bit is 1 */
- while (BIG_XXX_nbits(x[n-1])<MODBYTES_XXX*8) BIG_XXX_random(x[n-1],rng);
-}
-
-/* generate random x mod p */
-void FF_WWW_randomnum(BIG_XXX x[],BIG_XXX p[],csprng *rng,int n)
-{
- int i;
-#ifndef C99
- BIG_XXX d[2*FFLEN_WWW];
-#else
- BIG_XXX d[2*n];
-#endif
- for (i=0; i<2*n; i++)
- {
- BIG_XXX_random(d[i],rng);
- }
- FF_WWW_dmod(x,d,p,n);
-}
-
-static void FF_WWW_modmul(BIG_XXX z[],BIG_XXX x[],BIG_XXX y[],BIG_XXX p[],BIG_XXX ND[],int n)
-{
-#ifndef C99
- BIG_XXX d[2*FFLEN_WWW];
-#else
- BIG_XXX d[2*n];
-#endif
- chunk ex=P_EXCESS_WWW(x[n-1]);
- chunk ey=P_EXCESS_WWW(y[n-1]);
-#ifdef dchunk
- if ((dchunk)(ex+1)*(ey+1)>(dchunk)P_FEXCESS_WWW)
-#else
- if ((ex+1)>P_FEXCESS_WWW/(ey+1))
-#endif
- {
-#ifdef DEBUG_REDUCE
- printf("Product too large - reducing it %d %d\n",ex,ey);
-#endif
- FF_WWW_mod(x,p,n);
- }
-
- if (n==1)
- {
- BIG_XXX_mul(d[0],x[0],y[0]);
- BIG_XXX_monty(z[0],p[0],((chunk)1<<BASEBITS_XXX)-ND[0][0],d[0]);
- }
- else
- {
- FF_WWW_mul(d,x,y,n);
- FF_WWW_reduce(z,d,p,ND,n);
- }
-}
-
-static void FF_WWW_modsqr(BIG_XXX z[],BIG_XXX x[],BIG_XXX p[],BIG_XXX ND[],int n)
-{
-#ifndef C99
- BIG_XXX d[2*FFLEN_WWW];
-#else
- BIG_XXX d[2*n];
-#endif
- chunk ex=P_EXCESS_WWW(x[n-1]);
-#ifdef dchunk
- if ((dchunk)(ex+1)*(ex+1)>(dchunk)P_FEXCESS_WWW)
-#else
- if ((ex+1)>P_FEXCESS_WWW/(ex+1))
-#endif
- {
-#ifdef DEBUG_REDUCE
- printf("Product too large - reducing it %d\n",ex);
-#endif
- FF_WWW_mod(x,p,n);
- }
- if (n==1)
- {
- BIG_XXX_sqr(d[0],x[0]);
- BIG_XXX_monty(z[0],p[0],((chunk)1<<BASEBITS_XXX)-ND[0][0],d[0]);
- }
- else
- {
- FF_WWW_sqr(d,x,n);
- FF_WWW_reduce(z,d,p,ND,n);
- }
-}
-
-/* r=x^e mod p using side-channel resistant Montgomery Ladder, for large e */
-void FF_WWW_skpow(BIG_XXX r[],BIG_XXX x[],BIG_XXX e[],BIG_XXX p[],int n)
-{
- int i,b;
-#ifndef C99
- BIG_XXX R0[FFLEN_WWW],R1[FFLEN_WWW],ND[FFLEN_WWW];
-#else
- BIG_XXX R0[n],R1[n],ND[n];
-#endif
- FF_WWW_invmod2m(ND,p,n);
-
- FF_WWW_one(R0,n);
- FF_WWW_copy(R1,x,n);
- FF_WWW_nres(R0,p,n);
- FF_WWW_nres(R1,p,n);
-
- for (i=8*MODBYTES_XXX*n-1; i>=0; i--)
- {
- b=BIG_XXX_bit(e[i/BIGBITS_XXX],i%BIGBITS_XXX);
- FF_WWW_modmul(r,R0,R1,p,ND,n);
-
- FF_WWW_cswap(R0,R1,b,n);
- FF_WWW_modsqr(R0,R0,p,ND,n);
-
- FF_WWW_copy(R1,r,n);
- FF_WWW_cswap(R0,R1,b,n);
- }
- FF_WWW_copy(r,R0,n);
- FF_WWW_redc(r,p,ND,n);
-}
-
-/* r=x^e mod p using side-channel resistant Montgomery Ladder, for short e */
-void FF_WWW_skspow(BIG_XXX r[],BIG_XXX x[],BIG_XXX e,BIG_XXX p[],int n)
-{
- int i,b;
-#ifndef C99
- BIG_XXX R0[FFLEN_WWW],R1[FFLEN_WWW],ND[FFLEN_WWW];
-#else
- BIG_XXX R0[n],R1[n],ND[n];
-#endif
- FF_WWW_invmod2m(ND,p,n);
- FF_WWW_one(R0,n);
- FF_WWW_copy(R1,x,n);
- FF_WWW_nres(R0,p,n);
- FF_WWW_nres(R1,p,n);
- for (i=8*MODBYTES_XXX-1; i>=0; i--)
- {
- b=BIG_XXX_bit(e,i);
- FF_WWW_modmul(r,R0,R1,p,ND,n);
- FF_WWW_cswap(R0,R1,b,n);
- FF_WWW_modsqr(R0,R0,p,ND,n);
- FF_WWW_copy(R1,r,n);
- FF_WWW_cswap(R0,R1,b,n);
- }
- FF_WWW_copy(r,R0,n);
- FF_WWW_redc(r,p,ND,n);
-}
-
-/* raise to an integer power - right-to-left method */
-void FF_WWW_power(BIG_XXX r[],BIG_XXX x[],int e,BIG_XXX p[],int n)
-{
- int f=1;
-#ifndef C99
- BIG_XXX w[FFLEN_WWW],ND[FFLEN_WWW];
-#else
- BIG_XXX w[n],ND[n];
-#endif
- FF_WWW_invmod2m(ND,p,n);
-
- FF_WWW_copy(w,x,n);
- FF_WWW_nres(w,p,n);
-
- if (e==2)
- {
- FF_WWW_modsqr(r,w,p,ND,n);
- }
- else for (;;)
- {
- if (e%2==1)
- {
- if (f) FF_WWW_copy(r,w,n);
- else FF_WWW_modmul(r,r,w,p,ND,n);
- f=0;
- }
- e>>=1;
- if (e==0) break;
- FF_WWW_modsqr(w,w,p,ND,n);
- }
-
- FF_WWW_redc(r,p,ND,n);
-}
-
-/* r=x^e mod p, faster but not side channel resistant */
-void FF_WWW_pow(BIG_XXX r[],BIG_XXX x[],BIG_XXX e[],BIG_XXX p[],int n)
-{
- int i,b;
-#ifndef C99
- BIG_XXX w[FFLEN_WWW],ND[FFLEN_WWW];
-#else
- BIG_XXX w[n],ND[n];
-#endif
- FF_WWW_invmod2m(ND,p,n);
-
- FF_WWW_copy(w,x,n);
- FF_WWW_one(r,n);
- FF_WWW_nres(r,p,n);
- FF_WWW_nres(w,p,n);
-
- for (i=8*MODBYTES_XXX*n-1; i>=0; i--)
- {
- FF_WWW_modsqr(r,r,p,ND,n);
- b=BIG_XXX_bit(e[i/BIGBITS_XXX],i%BIGBITS_XXX);
- if (b==1) FF_WWW_modmul(r,r,w,p,ND,n);
- }
- FF_WWW_redc(r,p,ND,n);
-}
-
-/* double exponentiation r=x^e.y^f mod p */
-void FF_WWW_pow2(BIG_XXX r[],BIG_XXX x[],BIG_XXX e,BIG_XXX y[],BIG_XXX f,BIG_XXX p[],int n)
-{
- int i,eb,fb;
-#ifndef C99
- BIG_XXX xn[FFLEN_WWW],yn[FFLEN_WWW],xy[FFLEN_WWW],ND[FFLEN_WWW];
-#else
- BIG_XXX xn[n],yn[n],xy[n],ND[n];
-#endif
-
- FF_WWW_invmod2m(ND,p,n);
-
- FF_WWW_copy(xn,x,n);
- FF_WWW_copy(yn,y,n);
- FF_WWW_nres(xn,p,n);
- FF_WWW_nres(yn,p,n);
- FF_WWW_modmul(xy,xn,yn,p,ND,n);
- FF_WWW_one(r,n);
- FF_WWW_nres(r,p,n);
-
- for (i=8*MODBYTES_XXX-1; i>=0; i--)
- {
- eb=BIG_XXX_bit(e,i);
- fb=BIG_XXX_bit(f,i);
- FF_WWW_modsqr(r,r,p,ND,n);
- if (eb==1)
- {
- if (fb==1) FF_WWW_modmul(r,r,xy,p,ND,n);
- else FF_WWW_modmul(r,r,xn,p,ND,n);
- }
- else
- {
- if (fb==1) FF_WWW_modmul(r,r,yn,p,ND,n);
- }
- }
- FF_WWW_redc(r,p,ND,n);
-}
-
-static sign32 igcd(sign32 x,sign32 y)
-{
- /* integer GCD, returns GCD of x and y */
- sign32 r;
- if (y==0) return x;
- while ((r=x%y)!=0)
- x=y,y=r;
- return y;
-}
-
-/* quick and dirty check for common factor with s */
-int FF_WWW_cfactor(BIG_XXX w[],sign32 s,int n)
-{
- int r;
- sign32 g;
-#ifndef C99
- BIG_XXX x[FFLEN_WWW],y[FFLEN_WWW];
-#else
- BIG_XXX x[n],y[n];
-#endif
- FF_WWW_init(y,s,n);
- FF_WWW_copy(x,w,n);
- FF_WWW_norm(x,n);
-
-// if (FF_parity(x)==0) return 1;
- do
- {
- FF_WWW_sub(x,x,y,n);
- FF_WWW_norm(x,n);
- while (!FF_WWW_iszilch(x,n) && FF_WWW_parity(x)==0) FF_WWW_shr(x,n);
- }
- while (FF_WWW_comp(x,y,n)>0);
-#if CHUNK<32
- g=x[0][0]+((sign32)(x[0][1])<<BASEBITS_XXX);
-#else
- g=(sign32)x[0][0];
-#endif
- r=igcd(s,g);
- if (r>1) return 1;
- return 0;
-}
-
-/* Miller-Rabin test for primality. Slow. */
-int FF_WWW_prime(BIG_XXX p[],csprng *rng,int n)
-{
- int i,j,loop,s=0;
-#ifndef C99
- BIG_XXX d[FFLEN_WWW],x[FFLEN_WWW],unity[FFLEN_WWW],nm1[FFLEN_WWW];
-#else
- BIG_XXX d[n],x[n],unity[n],nm1[n];
-#endif
- sign32 sf=4849845;/* 3*5*.. *19 */
-
- FF_WWW_norm(p,n);
-
- if (FF_WWW_cfactor(p,sf,n)) return 0;
-
- FF_WWW_one(unity,n);
- FF_WWW_sub(nm1,p,unity,n);
- FF_WWW_norm(nm1,n);
- FF_WWW_copy(d,nm1,n);
- while (FF_WWW_parity(d)==0)
- {
- FF_WWW_shr(d,n);
- s++;
- }
- if (s==0) return 0;
-
- for (i=0; i<10; i++)
- {
- FF_WWW_randomnum(x,p,rng,n);
- FF_WWW_pow(x,x,d,p,n);
- if (FF_WWW_comp(x,unity,n)==0 || FF_WWW_comp(x,nm1,n)==0) continue;
- loop=0;
- for (j=1; j<s; j++)
- {
- FF_WWW_power(x,x,2,p,n);
- if (FF_WWW_comp(x,unity,n)==0) return 0;
- if (FF_WWW_comp(x,nm1,n)==0 )
- {
- loop=1;
- break;
- }
- }
- if (loop) continue;
- return 0;
- }
-
- return 1;
-}
-
-/*
-BIG P[4]= {{0x1670957,0x1568CD3C,0x2595E5,0xEED4F38,0x1FC9A971,0x14EF7E62,0xA503883,0x9E1E05E,0xBF59E3},{0x1844C908,0x1B44A798,0x3A0B1E7,0xD1B5B4E,0x1836046F,0x87E94F9,0x1D34C537,0xF7183B0,0x46D07},{0x17813331,0x19E28A90,0x1473A4D6,0x1CACD01F,0x1EEA8838,0xAF2AE29,0x1F85292A,0x1632585E,0xD945E5},{0x919F5EF,0x1567B39F,0x19F6AD11,0x16CE47CF,0x9B36EB1,0x35B7D3,0x483B28C,0xCBEFA27,0xB5FC21}};
-
-int main()
-{
- int i;
- BIG p[4],e[4],x[4],r[4];
- csprng rng;
- char raw[100];
- for (i=0;i<100;i++) raw[i]=i;
- RAND_seed(&rng,100,raw);
-
-
- FF_init(x,3,4);
-
- FF_copy(p,P,4);
- FF_copy(e,p,4);
- FF_dec(e,1,4);
- FF_norm(e,4);
-
-
-
- printf("p= ");FF_output(p,4); printf("\n");
- if (FF_prime(p,&rng,4)) printf("p is a prime\n");
- printf("e= ");FF_output(e,4); printf("\n");
-
- FF_skpow(r,x,e,p,4);
- printf("r= ");FF_output(r,4); printf("\n");
-}
-
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/ff.h
----------------------------------------------------------------------
diff --git a/version3/c/ff.h b/version3/c/ff.h
deleted file mode 100644
index a50e653..0000000
--- a/version3/c/ff.h
+++ /dev/null
@@ -1,296 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/**
- * @file ff.h
- * @author Mike Scott
- * @brief FF Header File
- *
- */
-
-#ifndef FF_WWW_H
-#define FF_WWW_H
-
-#include "big_XXX.h"
-#include "config_ff_WWW.h"
-
-#define HFLEN_WWW (FFLEN_WWW/2) /**< Useful for half-size RSA private key operations */
-#define P_MBITS_WWW (MODBYTES_XXX*8) /**< Number of bits in modulus */
-#define P_TBITS_WWW (P_MBITS_WWW%BASEBITS_XXX) /**< TODO */
-#define P_EXCESS_WWW(a) (((a[NLEN_XXX-1])>>(P_TBITS_WWW))+1) /**< TODO */
-#define P_FEXCESS_WWW ((chunk)1<<(BASEBITS_XXX*NLEN_XXX-P_MBITS_WWW-1)) /**< TODO */
-
-
-/* Finite Field Prototypes */
-/** @brief Copy one FF element of given length to another
- *
- @param x FF instance to be copied to, on exit = y
- @param y FF instance to be copied from
- @param n size of FF in BIGs
-
- */
-extern void FF_WWW_copy(BIG_XXX *x,BIG_XXX *y,int n);
-/** @brief Initialize an FF element of given length from a 32-bit integer m
- *
- @param x FF instance to be copied to, on exit = m
- @param m integer
- @param n size of FF in BIGs
- */
-extern void FF_WWW_init(BIG_XXX *x,sign32 m,int n);
-/** @brief Set FF element of given size to zero
- *
- @param x FF instance to be set to zero
- @param n size of FF in BIGs
- */
-extern void FF_WWW_zero(BIG_XXX *x,int n);
-/** @brief Tests for FF element equal to zero
- *
- @param x FF number to be tested
- @param n size of FF in BIGs
- @return 1 if zero, else returns 0
- */
-extern int FF_WWW_iszilch(BIG_XXX *x,int n);
-/** @brief return parity of an FF, that is the least significant bit
- *
- @param x FF number
- @return 0 or 1
- */
-extern int FF_WWW_parity(BIG_XXX *x);
-/** @brief return least significant m bits of an FF
- *
- @param x FF number
- @param m number of bits to return. Assumed to be less than BASEBITS.
- @return least significant n bits as an integer
- */
-extern int FF_WWW_lastbits(BIG_XXX *x,int m);
-/** @brief Set FF element of given size to unity
- *
- @param x FF instance to be set to unity
- @param n size of FF in BIGs
- */
-extern void FF_WWW_one(BIG_XXX *x,int n);
-/** @brief Compares two FF numbers. Inputs must be normalised externally
- *
- @param x first FF number to be compared
- @param y second FF number to be compared
- @param n size of FF in BIGs
- @return -1 is x<y, 0 if x=y, 1 if x>y
- */
-extern int FF_WWW_comp(BIG_XXX *x,BIG_XXX *y,int n);
-/** @brief addition of two FFs
- *
- @param x FF instance, on exit = y+z
- @param y FF instance
- @param z FF instance
- @param n size of FF in BIGs
- */
-extern void FF_WWW_add(BIG_XXX *x,BIG_XXX *y,BIG_XXX *z,int n);
-/** @brief subtraction of two FFs
- *
- @param x FF instance, on exit = y-z
- @param y FF instance
- @param z FF instance
- @param n size of FF in BIGs
- */
-extern void FF_WWW_sub(BIG_XXX *x,BIG_XXX *y,BIG_XXX *z,int n);
-/** @brief increment an FF by an integer,and normalise
- *
- @param x FF instance, on exit = x+m
- @param m an integer to be added to x
- @param n size of FF in BIGs
- */
-extern void FF_WWW_inc(BIG_XXX *x,int m,int n);
-/** @brief Decrement an FF by an integer,and normalise
- *
- @param x FF instance, on exit = x-m
- @param m an integer to be subtracted from x
- @param n size of FF in BIGs
- */
-extern void FF_WWW_dec(BIG_XXX *x,int m,int n);
-/** @brief Normalises the components of an FF
- *
- @param x FF instance to be normalised
- @param n size of FF in BIGs
- */
-extern void FF_WWW_norm(BIG_XXX *x,int n);
-/** @brief Shift left an FF by 1 bit
- *
- @param x FF instance to be shifted left
- @param n size of FF in BIGs
- */
-extern void FF_WWW_shl(BIG_XXX *x,int n);
-/** @brief Shift right an FF by 1 bit
- *
- @param x FF instance to be shifted right
- @param n size of FF in BIGs
- */
-extern void FF_WWW_shr(BIG_XXX *x,int n);
-/** @brief Formats and outputs an FF to the console
- *
- @param x FF instance to be printed
- @param n size of FF in BIGs
- */
-extern void FF_WWW_output(BIG_XXX *x,int n);
-/** @brief Formats and outputs an FF to the console, in raw form
- *
- @param x FF instance to be printed
- @param n size of FF in BIGs
- */
-extern void FF_WWW_rawoutput(BIG_XXX *x,int n);
-/** @brief Formats and outputs an FF instance to an octet string
- *
- Converts an FF to big-endian base 256 form.
- @param S output octet string
- @param x FF instance to be converted to an octet string
- @param n size of FF in BIGs
- */
-extern void FF_WWW_toOctet(octet *S,BIG_XXX *x,int n);
-/** @brief Populates an FF instance from an octet string
- *
- Creates FF from big-endian base 256 form.
- @param x FF instance to be created from an octet string
- @param S input octet string
- @param n size of FF in BIGs
- */
-extern void FF_WWW_fromOctet(BIG_XXX *x,octet *S,int n);
-/** @brief Multiplication of two FFs
- *
- Uses Karatsuba method internally
- @param x FF instance, on exit = y*z
- @param y FF instance
- @param z FF instance
- @param n size of FF in BIGs
- */
-extern void FF_WWW_mul(BIG_XXX *x,BIG_XXX *y,BIG_XXX *z,int n);
-/** @brief Reduce FF mod a modulus
- *
- This is slow
- @param x FF instance to be reduced mod m - on exit = x mod m
- @param m FF modulus
- @param n size of FF in BIGs
- */
-extern void FF_WWW_mod(BIG_XXX *x,BIG_XXX *m,int n);
-/** @brief Square an FF
- *
- Uses Karatsuba method internally
- @param x FF instance, on exit = y^2
- @param y FF instance to be squared
- @param n size of FF in BIGs
- */
-extern void FF_WWW_sqr(BIG_XXX *x,BIG_XXX *y,int n);
-/** @brief Reduces a double-length FF with respect to a given modulus
- *
- This is slow
- @param x FF instance, on exit = y mod z
- @param y FF instance, of double length 2*n
- @param z FF modulus
- @param n size of FF in BIGs
- */
-extern void FF_WWW_dmod(BIG_XXX *x,BIG_XXX *y,BIG_XXX *z,int n);
-/** @brief Invert an FF mod a prime modulus
- *
- @param x FF instance, on exit = 1/y mod z
- @param y FF instance
- @param z FF prime modulus
- @param n size of FF in BIGs
- */
-extern void FF_WWW_invmodp(BIG_XXX *x,BIG_XXX *y,BIG_XXX *z,int n);
-/** @brief Create an FF from a random number generator
- *
- @param x FF instance, on exit x is a random number of length n BIGs with most significant bit a 1
- @param R an instance of a Cryptographically Secure Random Number Generator
- @param n size of FF in BIGs
- */
-extern void FF_WWW_random(BIG_XXX *x,csprng *R,int n);
-/** @brief Create a random FF less than a given modulus from a random number generator
- *
- @param x FF instance, on exit x is a random number < y
- @param y FF instance, the modulus
- @param R an instance of a Cryptographically Secure Random Number Generator
- @param n size of FF in BIGs
- */
-extern void FF_WWW_randomnum(BIG_XXX *x,BIG_XXX *y,csprng *R,int n);
-/** @brief Calculate r=x^e mod m, side channel resistant
- *
- @param r FF instance, on exit = x^e mod p
- @param x FF instance
- @param e FF exponent
- @param m FF modulus
- @param n size of FF in BIGs
- */
-extern void FF_WWW_skpow(BIG_XXX *r,BIG_XXX *x,BIG_XXX * e,BIG_XXX *m,int n);
-/** @brief Calculate r=x^e mod m, side channel resistant
- *
- For short BIG exponent
- @param r FF instance, on exit = x^e mod p
- @param x FF instance
- @param e BIG exponent
- @param m FF modulus
- @param n size of FF in BIGs
- */
-extern void FF_WWW_skspow(BIG_XXX *r,BIG_XXX *x,BIG_XXX e,BIG_XXX *m,int n);
-/** @brief Calculate r=x^e mod m
- *
- For very short integer exponent
- @param r FF instance, on exit = x^e mod p
- @param x FF instance
- @param e integer exponent
- @param m FF modulus
- @param n size of FF in BIGs
- */
-extern void FF_WWW_power(BIG_XXX *r,BIG_XXX *x,int e,BIG_XXX *m,int n);
-/** @brief Calculate r=x^e mod m
- *
- @param r FF instance, on exit = x^e mod p
- @param x FF instance
- @param e FF exponent
- @param m FF modulus
- @param n size of FF in BIGs
- */
-extern void FF_WWW_pow(BIG_XXX *r,BIG_XXX *x,BIG_XXX *e,BIG_XXX *m,int n);
-/** @brief Test if an FF has factor in common with integer s
- *
- @param x FF instance to be tested
- @param s the supplied integer
- @param n size of FF in BIGs
- @return 1 if gcd(x,s)!=1, else return 0
- */
-extern int FF_WWW_cfactor(BIG_XXX *x,sign32 s,int n);
-/** @brief Test if an FF is prime
- *
- Uses Miller-Rabin Method
- @param x FF instance to be tested
- @param R an instance of a Cryptographically Secure Random Number Generator
- @param n size of FF in BIGs
- @return 1 if x is (almost certainly) prime, else return 0
- */
-extern int FF_WWW_prime(BIG_XXX *x,csprng *R,int n);
-/** @brief Calculate r=x^e.y^f mod m
- *
- @param r FF instance, on exit = x^e.y^f mod p
- @param x FF instance
- @param e BIG exponent
- @param y FF instance
- @param f BIG exponent
- @param m FF modulus
- @param n size of FF in BIGs
- */
-extern void FF_WWW_pow2(BIG_XXX *r,BIG_XXX *x,BIG_XXX e,BIG_XXX *y,BIG_XXX f,BIG_XXX *m,int n);
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/fp.c
----------------------------------------------------------------------
diff --git a/version3/c/fp.c b/version3/c/fp.c
deleted file mode 100644
index 0b60382..0000000
--- a/version3/c/fp.c
+++ /dev/null
@@ -1,878 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL mod p functions */
-/* Small Finite Field arithmetic */
-/* SU=m, SU is Stack Usage (NOT_SPECIAL Modulus) */
-
-#include "fp_YYY.h"
-
-/* Fast Modular Reduction Methods */
-
-/* r=d mod m */
-/* d MUST be normalised */
-/* Products must be less than pR in all cases !!! */
-/* So when multiplying two numbers, their product *must* be less than MODBITS+BASEBITS*NLEN */
-/* Results *may* be one bit bigger than MODBITS */
-
-#if MODTYPE_YYY == PSEUDO_MERSENNE
-/* r=d mod m */
-
-/* Converts from BIG integer to residue form mod Modulus */
-void FP_YYY_nres(FP_YYY *y,BIG_XXX x)
-{
- BIG_XXX_copy(y->g,x);
- y->XES=1;
-}
-
-/* Converts from residue form back to BIG integer form */
-void FP_YYY_redc(BIG_XXX x,FP_YYY *y)
-{
- BIG_XXX_copy(x,y->g);
-}
-
-/* reduce a DBIG to a BIG exploiting the special form of the modulus */
-void FP_YYY_mod(BIG_XXX r,DBIG_XXX d)
-{
- BIG_XXX t,b;
- chunk v,tw;
- BIG_XXX_split(t,b,d,MODBITS_YYY);
-
- /* Note that all of the excess gets pushed into t. So if squaring a value with a 4-bit excess, this results in
- t getting all 8 bits of the excess product! So products must be less than pR which is Montgomery compatible */
-
- if (MConst_YYY < NEXCESS_XXX)
- {
- BIG_XXX_imul(t,t,MConst_YYY);
- BIG_XXX_norm(t);
- BIG_XXX_add(r,t,b);
- BIG_XXX_norm(r);
- tw=r[NLEN_XXX-1];
- r[NLEN_XXX-1]&=TMASK_YYY;
- r[0]+=MConst_YYY*((tw>>TBITS_YYY));
- }
- else
- {
- v=BIG_XXX_pmul(t,t,MConst_YYY);
- BIG_XXX_add(r,t,b);
- BIG_XXX_norm(r);
- tw=r[NLEN_XXX-1];
- r[NLEN_XXX-1]&=TMASK_YYY;
-#if CHUNK == 16
- r[1]+=muladd_XXX(MConst_YYY,((tw>>TBITS_YYY)+(v<<(BASEBITS_XXX-TBITS_YYY))),0,&r[0]);
-#else
- r[0]+=MConst_YYY*((tw>>TBITS_YYY)+(v<<(BASEBITS_XXX-TBITS_YYY)));
-#endif
- }
- BIG_XXX_norm(r);
-}
-#endif
-
-/* This only applies to Curve C448, so specialised (for now) */
-#if MODTYPE_YYY == GENERALISED_MERSENNE
-
-void FP_YYY_nres(FP_YYY *y,BIG_XXX x)
-{
- BIG_XXX_copy(y->g,x);
- y->XES=1;
-}
-
-/* Converts from residue form back to BIG integer form */
-void FP_YYY_redc(BIG_XXX x,FP_YYY *y)
-{
- BIG_XXX_copy(x,y->g);
-}
-
-/* reduce a DBIG to a BIG exploiting the special form of the modulus */
-void FP_YYY_mod(BIG_XXX r,DBIG_XXX d)
-{
- BIG_XXX t,b;
- chunk carry;
- BIG_XXX_split(t,b,d,MBITS_YYY);
-
- BIG_XXX_add(r,t,b);
-
- BIG_XXX_dscopy(d,t);
- BIG_XXX_dshl(d,MBITS_YYY/2);
-
- BIG_XXX_split(t,b,d,MBITS_YYY);
-
- BIG_XXX_add(r,r,t);
- BIG_XXX_add(r,r,b);
- BIG_XXX_norm(r);
- BIG_XXX_shl(t,MBITS_YYY/2);
-
- BIG_XXX_add(r,r,t);
-
- carry=r[NLEN_XXX-1]>>TBITS_YYY;
-
- r[NLEN_XXX-1]&=TMASK_YYY;
- r[0]+=carry;
-
- r[224/BASEBITS_XXX]+=carry<<(224%BASEBITS_XXX); /* need to check that this falls mid-word */
- BIG_XXX_norm(r);
-}
-
-#endif
-
-#if MODTYPE_YYY == MONTGOMERY_FRIENDLY
-
-/* convert to Montgomery n-residue form */
-void FP_YYY_nres(FP_YYY *y,BIG_XXX x)
-{
- DBIG_XXX d;
- BIG_XXX r;
- BIG_XXX_rcopy(r,R2modp_YYY);
- BIG_XXX_mul(d,x,r);
- FP_YYY_mod(y->g,d);
- y->XES=2;
-}
-
-/* convert back to regular form */
-void FP_YYY_redc(BIG_XXX x,FP_YYY *y)
-{
- DBIG_XXX d;
- BIG_XXX_dzero(d);
- BIG_XXX_dscopy(d,y->g);
- FP_YYY_mod(x,d);
-}
-
-/* fast modular reduction from DBIG to BIG exploiting special form of the modulus */
-void FP_YYY_mod(BIG_XXX a,DBIG_XXX d)
-{
- int i;
-
- for (i=0; i<NLEN_XXX; i++)
- d[NLEN_XXX+i]+=muladd_XXX(d[i],MConst_YYY-1,d[i],&d[NLEN_XXX+i-1]);
-
- BIG_XXX_sducopy(a,d);
- BIG_XXX_norm(a);
-}
-
-#endif
-
-#if MODTYPE_YYY == NOT_SPECIAL
-
-/* convert to Montgomery n-residue form */
-void FP_YYY_nres(FP_YYY *y,BIG_XXX x)
-{
- DBIG_XXX d;
- BIG_XXX r;
- BIG_XXX_rcopy(r,R2modp_YYY);
- BIG_XXX_mul(d,x,r);
- FP_YYY_mod(y->g,d);
- y->XES=2;
-}
-
-/* convert back to regular form */
-void FP_YYY_redc(BIG_XXX x,FP_YYY *y)
-{
- DBIG_XXX d;
- BIG_XXX_dzero(d);
- BIG_XXX_dscopy(d,y->g);
- FP_YYY_mod(x,d);
-}
-
-
-/* reduce a DBIG to a BIG using Montgomery's no trial division method */
-/* d is expected to be dnormed before entry */
-/* SU= 112 */
-void FP_YYY_mod(BIG_XXX a,DBIG_XXX d)
-{
- BIG_XXX mdls;
- BIG_XXX_rcopy(mdls,Modulus_YYY);
- BIG_XXX_monty(a,mdls,MConst_YYY,d);
-}
-
-#endif
-
-/* test x==0 ? */
-/* SU= 48 */
-int FP_YYY_iszilch(FP_YYY *x)
-{
- BIG_XXX m,t;
- BIG_XXX_rcopy(m,Modulus_YYY);
- BIG_XXX_copy(t,x->g);
- BIG_XXX_mod(t,m);
- return BIG_XXX_iszilch(t);
-}
-
-void FP_YYY_copy(FP_YYY *y,FP_YYY *x)
-{
- BIG_XXX_copy(y->g,x->g);
- y->XES=x->XES;
-}
-
-void FP_YYY_rcopy(FP_YYY *y, const BIG_XXX c)
-{
- BIG_XXX b;
- BIG_XXX_rcopy(b,c);
- FP_YYY_nres(y,b);
-}
-
-/* Swap a and b if d=1 */
-void FP_YYY_cswap(FP_YYY *a,FP_YYY *b,int d)
-{
- sign32 t,c=d;
- BIG_XXX_cswap(a->g,b->g,d);
-
- c=~(c-1);
- t=c&((a->XES)^(b->XES));
- a->XES^=t;
- b->XES^=t;
-
-}
-
-/* Move b to a if d=1 */
-void FP_YYY_cmove(FP_YYY *a,FP_YYY *b,int d)
-{
- sign32 c=-d;
-
- BIG_XXX_cmove(a->g,b->g,d);
- a->XES^=(a->XES^b->XES)&c;
-}
-
-void FP_YYY_zero(FP_YYY *x)
-{
- BIG_XXX_zero(x->g);
- x->XES=1;
-}
-
-int FP_YYY_equals(FP_YYY *x,FP_YYY *y)
-{
- FP_YYY xg,yg;
- FP_YYY_copy(&xg,x);
- FP_YYY_copy(&yg,y);
- FP_YYY_reduce(&xg);
- FP_YYY_reduce(&yg);
- if (BIG_XXX_comp(xg.g,yg.g)==0) return 1;
- return 0;
-}
-
-/* output FP */
-/* SU= 48 */
-void FP_YYY_output(FP_YYY *r)
-{
- BIG_XXX c;
- FP_YYY_redc(c,r);
- BIG_XXX_output(c);
-}
-
-void FP_YYY_rawoutput(FP_YYY *r)
-{
- BIG_XXX_rawoutput(r->g);
-}
-
-#ifdef GET_STATS
-int tsqr=0,rsqr=0,tmul=0,rmul=0;
-int tadd=0,radd=0,tneg=0,rneg=0;
-int tdadd=0,rdadd=0,tdneg=0,rdneg=0;
-#endif
-
-#ifdef FUSED_MODMUL
-
-/* Insert fastest code here */
-
-#endif
-
-/* r=a*b mod Modulus */
-/* product must be less that p.R - and we need to know this in advance! */
-/* SU= 88 */
-void FP_YYY_mul(FP_YYY *r,FP_YYY *a,FP_YYY *b)
-{
- DBIG_XXX d;
-// chunk ea,eb;
-// BIG_XXX_norm(a);
-// BIG_XXX_norm(b);
-// ea=EXCESS_YYY(a->g);
-// eb=EXCESS_YYY(b->g);
-
-
- if ((sign64)a->XES*b->XES>(sign64)FEXCESS_YYY)
- {
-#ifdef DEBUG_REDUCE
- printf("Product too large - reducing it\n");
-#endif
- FP_YYY_reduce(a); /* it is sufficient to fully reduce just one of them < p */
- }
-
-#ifdef FUSED_MODMUL
- FP_YYY_modmul(r->g,a->g,b->g);
-#else
- BIG_XXX_mul(d,a->g,b->g);
- FP_YYY_mod(r->g,d);
-#endif
- r->XES=2;
-}
-
-
-/* multiplication by an integer, r=a*c */
-/* SU= 136 */
-void FP_YYY_imul(FP_YYY *r,FP_YYY *a,int c)
-{
- int s=0;
-
- if (c<0)
- {
- c=-c;
- s=1;
- }
-
-#if MODTYPE_YYY==PSEUDO_MERSENNE || MODTYPE_YYY==GENERALISED_MERSENNE
- DBIG_XXX d;
- BIG_XXX_pxmul(d,a->g,c);
- FP_YYY_mod(r->g,d);
- r->XES=2;
-
-#else
- //Montgomery
- BIG_XXX k;
- FP_YYY f;
- if (a->XES*c<=FEXCESS_YYY)
- {
- BIG_XXX_pmul(r->g,a->g,c);
- r->XES=a->XES*c; // careful here - XES jumps!
- }
- else
- {
- // don't want to do this - only a problem for Montgomery modulus and larger constants
- BIG_XXX_zero(k);
- BIG_XXX_inc(k,c);
- BIG_XXX_norm(k);
- FP_YYY_nres(&f,k);
- FP_YYY_mul(r,a,&f);
- }
-#endif
- /*
- if (c<=NEXCESS_XXX && a->XES*c <= FEXCESS_YYY)
- {
- BIG_XXX_imul(r->g,a->g,c);
- r->XES=a->XES*c;
- FP_YYY_norm(r);
- }
- else
- {
- BIG_XXX_pxmul(d,a->g,c);
-
- BIG_XXX_rcopy(m,Modulus_YYY);
- BIG_XXX_dmod(r->g,d,m);
- //FP_YYY_mod(r->g,d); /// BIG problem here! Too slow for PM, How to do fast for Monty?
- r->XES=2;
- }
- */
- if (s)
- {
- FP_YYY_neg(r,r);
- FP_YYY_norm(r);
- }
-}
-
-/* Set r=a^2 mod m */
-/* SU= 88 */
-void FP_YYY_sqr(FP_YYY *r,FP_YYY *a)
-{
- DBIG_XXX d;
-// chunk ea;
-// BIG_XXX_norm(a);
-// ea=EXCESS_YYY(a->g);
-
-
- if ((sign64)a->XES*a->XES>(sign64)FEXCESS_YYY)
- {
-#ifdef DEBUG_REDUCE
- printf("Product too large - reducing it\n");
-#endif
- FP_YYY_reduce(a);
- }
-
- BIG_XXX_sqr(d,a->g);
- FP_YYY_mod(r->g,d);
- r->XES=2;
-}
-
-/* SU= 16 */
-/* Set r=a+b */
-void FP_YYY_add(FP_YYY *r,FP_YYY *a,FP_YYY *b)
-{
- BIG_XXX_add(r->g,a->g,b->g);
- r->XES=a->XES+b->XES;
- if (r->XES>FEXCESS_YYY)
- {
-#ifdef DEBUG_REDUCE
- printf("Sum too large - reducing it \n");
-#endif
- FP_YYY_reduce(r);
- }
-}
-
-/* Set r=a-b mod m */
-/* SU= 56 */
-void FP_YYY_sub(FP_YYY *r,FP_YYY *a,FP_YYY *b)
-{
- FP_YYY n;
-// BIG_XXX_norm(b);
- FP_YYY_neg(&n,b);
-// BIG_XXX_norm(n);
- FP_YYY_add(r,a,&n);
-}
-
-// https://graphics.stanford.edu/~seander/bithacks.html
-// constant time log to base 2 (or number of bits in)
-
-static int logb2(unsign32 v)
-{
- int r;
- v |= v >> 1;
- v |= v >> 2;
- v |= v >> 4;
- v |= v >> 8;
- v |= v >> 16;
-
- v = v - ((v >> 1) & 0x55555555);
- v = (v & 0x33333333) + ((v >> 2) & 0x33333333);
- r = (((v + (v >> 4)) & 0xF0F0F0F) * 0x1010101) >> 24;
- return r;
-}
-
-// find appoximation to quotient of a/m
-// Out by at most 2.
-// Note that MAXXES is bounded to be 2-bits less than half a word
-static int quo(BIG_XXX n,BIG_XXX m)
-{
- int sh;
- chunk num,den;
- int hb=CHUNK/2;
- if (TBITS_YYY<hb)
- {
- sh=hb-TBITS_YYY;
- num=(n[NLEN_XXX-1]<<sh)|(n[NLEN_XXX-2]>>(BASEBITS_XXX-sh));
- den=(m[NLEN_XXX-1]<<sh)|(m[NLEN_XXX-2]>>(BASEBITS_XXX-sh));
- }
- else
- {
- num=n[NLEN_XXX-1];
- den=m[NLEN_XXX-1];
- }
- return (int)(num/(den+1));
-}
-
-/* SU= 48 */
-/* Fully reduce a mod Modulus */
-void FP_YYY_reduce(FP_YYY *a)
-{
- BIG_XXX m,r;
- int sr,sb,q;
- chunk carry;
-
- BIG_XXX_rcopy(m,Modulus_YYY);
-
- BIG_XXX_norm(a->g);
-
- if (a->XES>16)
- {
- q=quo(a->g,m);
- carry=BIG_XXX_pmul(r,m,q);
- r[NLEN_XXX-1]+=(carry<<BASEBITS_XXX); // correction - put any carry out back in again
- BIG_XXX_sub(a->g,a->g,r);
- BIG_XXX_norm(a->g);
- sb=2;
- }
- else sb=logb2(a->XES-1); // sb does not depend on the actual data
-
- BIG_XXX_fshl(m,sb);
-
- while (sb>0)
- {
-// constant time...
- sr=BIG_XXX_ssn(r,a->g,m); // optimized combined shift, subtract and norm
- BIG_XXX_cmove(a->g,r,1-sr);
- sb--;
- }
-
- //BIG_XXX_mod(a->g,m);
- a->XES=1;
-}
-
-void FP_YYY_norm(FP_YYY *x)
-{
- BIG_XXX_norm(x->g);
-}
-
-/* Set r=-a mod Modulus */
-/* SU= 64 */
-void FP_YYY_neg(FP_YYY *r,FP_YYY *a)
-{
- int sb;
- BIG_XXX m;
-
- BIG_XXX_rcopy(m,Modulus_YYY);
-
- sb=logb2(a->XES-1);
- BIG_XXX_fshl(m,sb);
- BIG_XXX_sub(r->g,m,a->g);
- r->XES=((sign32)1<<sb)+1;
-
- if (r->XES>FEXCESS_YYY)
- {
-#ifdef DEBUG_REDUCE
- printf("Negation too large - reducing it \n");
-#endif
- FP_YYY_reduce(r);
- }
-
-}
-
-/* Set r=a/2. */
-/* SU= 56 */
-void FP_YYY_div2(FP_YYY *r,FP_YYY *a)
-{
- BIG_XXX m;
- BIG_XXX_rcopy(m,Modulus_YYY);
- FP_YYY_copy(r,a);
-// BIG_XXX_norm(a);
- if (BIG_XXX_parity(a->g)==0)
- {
-
- BIG_XXX_fshr(r->g,1);
- }
- else
- {
- BIG_XXX_add(r->g,r->g,m);
- BIG_XXX_norm(r->g);
- BIG_XXX_fshr(r->g,1);
- }
-}
-
-#if MODTYPE_YYY == PSEUDO_MERSENNE
-
-// See eprint paper "On inversion modulo pseudo-Mersenne primes"
-// If p=3 mod 4 r= x^{(p-3)/4}, if p=5 mod 8 r=x^{(p-5)/8}
-
-static void FP_YYY_fpow(FP_YYY *r,FP_YYY *x)
-{
- int i,j,k,bw,w,c,nw,lo,m,n;
- FP_YYY xp[11],t,key;
- const int ac[]={1,2,3,6,12,15,30,60,120,240,255};
-// phase 1
- FP_YYY_copy(&xp[0],x); // 1
- FP_YYY_sqr(&xp[1],x); // 2
- FP_YYY_mul(&xp[2],&xp[1],x); //3
- FP_YYY_sqr(&xp[3],&xp[2]); // 6
- FP_YYY_sqr(&xp[4],&xp[3]); // 12
- FP_YYY_mul(&xp[5],&xp[4],&xp[2]); // 15
- FP_YYY_sqr(&xp[6],&xp[5]); // 30
- FP_YYY_sqr(&xp[7],&xp[6]); // 60
- FP_YYY_sqr(&xp[8],&xp[7]); // 120
- FP_YYY_sqr(&xp[9],&xp[8]); // 240
- FP_YYY_mul(&xp[10],&xp[9],&xp[5]); // 255
-
- if (MOD8_YYY==5)
- {
- n=MODBITS_YYY-3;
- c=(MConst_YYY+5)/8;
- } else {
- n=MODBITS_YYY-2;
- c=(MConst_YYY+3)/4;
- }
-
- bw=0; w=1; while (w<c) {w*=2; bw+=1;}
- k=w-c;
-
- if (k!=0)
- {
- i=10; while (ac[i]>k) i--;
- FP_YYY_copy(&key,&xp[i]);
- k-=ac[i];
- }
- while (k!=0)
- {
- i--;
- if (ac[i]>k) continue;
- FP_YYY_mul(&key,&key,&xp[i]);
- k-=ac[i];
- }
-
-// phase 2
- FP_YYY_copy(&xp[1],&xp[2]);
- FP_YYY_copy(&xp[2],&xp[5]);
- FP_YYY_copy(&xp[3],&xp[10]);
-
- j=3; m=8;
- nw=n-bw;
- while (2*m<nw)
- {
- FP_YYY_copy(&t,&xp[j++]);
- for (i=0;i<m;i++)
- FP_YYY_sqr(&t,&t);
- FP_YYY_mul(&xp[j],&xp[j-1],&t);
- m*=2;
- }
-
- lo=nw-m;
- FP_YYY_copy(r,&xp[j]);
-
- while (lo!=0)
- {
- m/=2; j--;
- if (lo<m) continue;
- lo-=m;
- FP_YYY_copy(&t,r);
- for (i=0;i<m;i++)
- FP_YYY_sqr(&t,&t);
- FP_YYY_mul(r,&t,&xp[j]);
- }
-// phase 3
-
- for (i=0;i<bw;i++ )
- FP_YYY_sqr(r,r);
-
- if (w-c!=0)
- FP_YYY_mul(r,r,&key);
-}
-
-void FP_YYY_inv(FP_YYY *r,FP_YYY *x)
-{
- FP_YYY y,t;
- FP_YYY_fpow(&y,x);
- if (MOD8_YYY==5)
- { // r=x^3.y^8
- FP_YYY_sqr(&t,x);
- FP_YYY_mul(&t,&t,x);
- FP_YYY_sqr(&y,&y);
- FP_YYY_sqr(&y,&y);
- FP_YYY_sqr(&y,&y);
- FP_YYY_mul(r,&t,&y);
- } else {
- FP_YYY_sqr(&y,&y);
- FP_YYY_sqr(&y,&y);
- FP_YYY_mul(r,&y,x);
- }
-}
-
-#else
-
-void FP_YYY_pow(FP_YYY *r,FP_YYY *a,BIG_XXX b)
-{
- sign8 w[1+(NLEN_XXX*BASEBITS_XXX+3)/4];
- FP_YYY tb[16];
- BIG_XXX t;
- int i,nb;
-
- FP_YYY_norm(a);
- BIG_XXX_norm(b);
- BIG_XXX_copy(t,b);
- nb=1+(BIG_XXX_nbits(t)+3)/4;
- /* convert exponent to 4-bit window */
- for (i=0; i<nb; i++)
- {
- w[i]=BIG_XXX_lastbits(t,4);
- BIG_XXX_dec(t,w[i]);
- BIG_XXX_norm(t);
- BIG_XXX_fshr(t,4);
- }
-
- FP_YYY_one(&tb[0]);
- FP_YYY_copy(&tb[1],a);
- for (i=2;i<16;i++)
- FP_YYY_mul(&tb[i],&tb[i-1],a);
-
- FP_YYY_copy(r,&tb[w[nb-1]]);
- for (i=nb-2; i>=0; i--)
- {
- FP_YYY_sqr(r,r);
- FP_YYY_sqr(r,r);
- FP_YYY_sqr(r,r);
- FP_YYY_sqr(r,r);
- FP_YYY_mul(r,r,&tb[w[i]]);
- }
- FP_YYY_reduce(r);
-}
-
-/* set w=1/x */
-void FP_YYY_inv(FP_YYY *w,FP_YYY *x)
-{
-
- BIG_XXX m2;
- BIG_XXX_rcopy(m2,Modulus_YYY);
- BIG_XXX_dec(m2,2);
- BIG_XXX_norm(m2);
- FP_YYY_pow(w,x,m2);
-}
-#endif
-
-/* SU=8 */
-/* set n=1 */
-void FP_YYY_one(FP_YYY *n)
-{
- BIG_XXX b;
- BIG_XXX_one(b);
- FP_YYY_nres(n,b);
-}
-
-/* Set r=a^b mod Modulus */
-/* SU= 136 */
-/*
-void FP_YYY_pow(FP_YYY *r,FP_YYY *a,BIG_XXX b)
-{
- BIG_XXX z,zilch;
- FP_YYY w;
- int bt;
- BIG_XXX_zero(zilch);
-
- BIG_XXX_norm(b);
- BIG_XXX_copy(z,b);
- FP_YYY_copy(&w,a);
- FP_YYY_one(r);
- while(1)
- {
- bt=BIG_XXX_parity(z);
- BIG_XXX_fshr(z,1);
- if (bt) FP_YYY_mul(r,r,&w);
- if (BIG_XXX_comp(z,zilch)==0) break;
- FP_YYY_sqr(&w,&w);
- }
- FP_YYY_reduce(r);
-}
-*/
-
-
-
-/* is r a QR? */
-int FP_YYY_qr(FP_YYY *r)
-{
- int j;
- BIG_XXX m;
- BIG_XXX b;
- BIG_XXX_rcopy(m,Modulus_YYY);
- FP_YYY_redc(b,r);
- j=BIG_XXX_jacobi(b,m);
- FP_YYY_nres(r,b);
- if (j==1) return 1;
- return 0;
-
-}
-
-/* Set a=sqrt(b) mod Modulus */
-/* SU= 160 */
-void FP_YYY_sqrt(FP_YYY *r,FP_YYY *a)
-{
- FP_YYY v,i;
- BIG_XXX b;
- BIG_XXX m;
- BIG_XXX_rcopy(m,Modulus_YYY);
- BIG_XXX_mod(a->g,m);
- BIG_XXX_copy(b,m);
- if (MOD8_YYY==5)
- {
- FP_YYY_copy(&i,a); // i=x
- BIG_XXX_fshl(i.g,1); // i=2x
-#if MODTYPE_YYY == PSEUDO_MERSENNE
- FP_YYY_fpow(&v,&i);
-#else
- BIG_XXX_dec(b,5);
- BIG_XXX_norm(b);
- BIG_XXX_fshr(b,3); // (p-5)/8
- FP_YYY_pow(&v,&i,b); // v=(2x)^(p-5)/8
-#endif
- FP_YYY_mul(&i,&i,&v); // i=(2x)^(p+3)/8
- FP_YYY_mul(&i,&i,&v); // i=(2x)^(p-1)/4
- BIG_XXX_dec(i.g,1); // i=(2x)^(p-1)/4 - 1
- FP_YYY_mul(r,a,&v);
- FP_YYY_mul(r,r,&i);
- FP_YYY_reduce(r);
- }
- if (MOD8_YYY==3 || MOD8_YYY==7)
- {
-#if MODTYPE_YYY == PSEUDO_MERSENNE
- FP_YYY_fpow(r,a);
- FP_YYY_mul(r,r,a);
-#else
- BIG_XXX_inc(b,1);
- BIG_XXX_norm(b);
- BIG_XXX_fshr(b,2); /* (p+1)/4 */
- FP_YYY_pow(r,a,b);
-#endif
- }
-}
-
-/*
-int main()
-{
-
- BIG_XXX r;
-
- FP_YYY_one(r);
- FP_YYY_sqr(r,r);
-
- BIG_XXX_output(r);
-
- int i,carry;
- DBIG_XXX c={0,0,0,0,0,0,0,0};
- BIG_XXX a={1,2,3,4};
- BIG_XXX b={3,4,5,6};
- BIG_XXX r={11,12,13,14};
- BIG_XXX s={23,24,25,15};
- BIG_XXX w;
-
-// printf("NEXCESS_XXX= %d\n",NEXCESS_XXX);
-// printf("MConst_YYY= %d\n",MConst_YYY);
-
- BIG_XXX_copy(b,Modulus_YYY);
- BIG_XXX_dec(b,1);
- BIG_XXX_norm(b);
-
- BIG_XXX_randomnum(r); BIG_XXX_norm(r); BIG_XXX_mod(r,Modulus_YYY);
-// BIG_XXX_randomnum(s); norm(s); BIG_XXX_mod(s,Modulus_YYY);
-
-// BIG_XXX_output(r);
-// BIG_XXX_output(s);
-
- BIG_XXX_output(r);
- FP_YYY_nres(r);
- BIG_XXX_output(r);
- BIG_XXX_copy(a,r);
- FP_YYY_redc(r);
- BIG_XXX_output(r);
- BIG_XXX_dscopy(c,a);
- FP_YYY_mod(r,c);
- BIG_XXX_output(r);
-
-
-// exit(0);
-
-// copy(r,a);
- printf("r= "); BIG_XXX_output(r);
- BIG_XXX_modsqr(r,r,Modulus_YYY);
- printf("r^2= "); BIG_XXX_output(r);
-
- FP_YYY_nres(r);
- FP_YYY_sqrt(r,r);
- FP_YYY_redc(r);
- printf("r= "); BIG_XXX_output(r);
- BIG_XXX_modsqr(r,r,Modulus_YYY);
- printf("r^2= "); BIG_XXX_output(r);
-
-
-// for (i=0;i<100000;i++) FP_YYY_sqr(r,r);
-// for (i=0;i<100000;i++)
- FP_YYY_sqrt(r,r);
-
- BIG_XXX_output(r);
-}
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/fp.h
----------------------------------------------------------------------
diff --git a/version3/c/fp.h b/version3/c/fp.h
deleted file mode 100644
index a7883f2..0000000
--- a/version3/c/fp.h
+++ /dev/null
@@ -1,245 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/**
- * @file fp.h
- * @author Mike Scott
- * @brief FP Header File
- *
- */
-
-#ifndef FP_YYY_H
-#define FP_YYY_H
-
-#include "big_XXX.h"
-#include "config_field_YYY.h"
-
-
-/**
- @brief FP Structure - quadratic extension field
-*/
-
-typedef struct
-{
- BIG_XXX g; /**< Big representation of field element */
- sign32 XES; /**< Excess */
-} FP_YYY;
-
-
-/* Field Params - see rom.c */
-extern const BIG_XXX Modulus_YYY; /**< Actual Modulus set in romf_yyy.c */
-extern const BIG_XXX R2modp_YYY; /**< Montgomery constant */
-extern const chunk MConst_YYY; /**< Constant associated with Modulus - for Montgomery = 1/p mod 2^BASEBITS */
-
-
-#define MODBITS_YYY MBITS_YYY /**< Number of bits in Modulus for selected curve */
-#define TBITS_YYY (MBITS_YYY%BASEBITS_XXX) /**< Number of active bits in top word */
-#define TMASK_YYY (((chunk)1<<TBITS_YYY)-1) /**< Mask for active bits in top word */
-#define FEXCESS_YYY (((sign32)1<<MAXXES_YYY)-1) /**< 2^(BASEBITS*NLEN-MODBITS)-1 - normalised BIG can be multiplied by less than this before reduction */
-#define OMASK_YYY (-((chunk)(1)<<TBITS_YYY)) /**< for masking out overflow bits */
-
-//#define FUSED_MODMUL
-//#define DEBUG_REDUCE
-
-/* FP prototypes */
-
-/** @brief Tests for FP equal to zero mod Modulus
- *
- @param x BIG number to be tested
- @return 1 if zero, else returns 0
- */
-extern int FP_YYY_iszilch(FP_YYY *x);
-
-
-/** @brief Set FP to zero
- *
- @param x FP number to be set to 0
- */
-extern void FP_YYY_zero(FP_YYY *x);
-
-/** @brief Copy an FP
- *
- @param y FP number to be copied to
- @param x FP to be copied from
- */
-extern void FP_YYY_copy(FP_YYY *y,FP_YYY *x);
-
-/** @brief Copy from ROM to an FP
- *
- @param y FP number to be copied to
- @param x BIG to be copied from ROM
- */
-extern void FP_YYY_rcopy(FP_YYY *y,const BIG_XXX x);
-
-
-/** @brief Compares two FPs
- *
- @param x FP number
- @param y FP number
- @return 1 if equal, else returns 0
- */
-extern int FP_YYY_equals(FP_YYY *x,FP_YYY *y);
-
-
-/** @brief Conditional constant time swap of two FP numbers
- *
- Conditionally swaps parameters in constant time (without branching)
- @param x an FP number
- @param y another FP number
- @param s swap takes place if not equal to 0
- */
-extern void FP_YYY_cswap(FP_YYY *x,FP_YYY *y,int s);
-/** @brief Conditional copy of FP number
- *
- Conditionally copies second parameter to the first (without branching)
- @param x an FP number
- @param y another FP number
- @param s copy takes place if not equal to 0
- */
-extern void FP_YYY_cmove(FP_YYY *x,FP_YYY *y,int s);
-/** @brief Converts from BIG integer to residue form mod Modulus
- *
- @param x BIG number to be converted
- @param y FP result
- */
-extern void FP_YYY_nres(FP_YYY *y,BIG_XXX x);
-/** @brief Converts from residue form back to BIG integer form
- *
- @param y FP number to be converted to BIG
- @param x BIG result
- */
-extern void FP_YYY_redc(BIG_XXX x,FP_YYY *y);
-/** @brief Sets FP to representation of unity in residue form
- *
- @param x FP number to be set equal to unity.
- */
-extern void FP_YYY_one(FP_YYY *x);
-/** @brief Reduces DBIG to BIG exploiting special form of the modulus
- *
- This function comes in different flavours depending on the form of Modulus that is currently in use.
- @param r BIG number, on exit = d mod Modulus
- @param d DBIG number to be reduced
- */
-extern void FP_YYY_mod(BIG_XXX r,DBIG_XXX d);
-
-#ifdef FUSED_MODMUL
-extern void FP_YYY_modmul(BIG_XXX,BIG_XXX,BIG_XXX);
-#endif
-
-/** @brief Fast Modular multiplication of two FPs, mod Modulus
- *
- Uses appropriate fast modular reduction method
- @param x FP number, on exit the modular product = y*z mod Modulus
- @param y FP number, the multiplicand
- @param z FP number, the multiplier
- */
-extern void FP_YYY_mul(FP_YYY *x,FP_YYY *y,FP_YYY *z);
-/** @brief Fast Modular multiplication of an FP, by a small integer, mod Modulus
- *
- @param x FP number, on exit the modular product = y*i mod Modulus
- @param y FP number, the multiplicand
- @param i a small number, the multiplier
- */
-extern void FP_YYY_imul(FP_YYY *x,FP_YYY *y,int i);
-/** @brief Fast Modular squaring of an FP, mod Modulus
- *
- Uses appropriate fast modular reduction method
- @param x FP number, on exit the modular product = y^2 mod Modulus
- @param y FP number, the number to be squared
-
- */
-extern void FP_YYY_sqr(FP_YYY *x,FP_YYY *y);
-/** @brief Modular addition of two FPs, mod Modulus
- *
- @param x FP number, on exit the modular sum = y+z mod Modulus
- @param y FP number
- @param z FP number
- */
-extern void FP_YYY_add(FP_YYY *x,FP_YYY *y,FP_YYY *z);
-/** @brief Modular subtraction of two FPs, mod Modulus
- *
- @param x FP number, on exit the modular difference = y-z mod Modulus
- @param y FP number
- @param z FP number
- */
-extern void FP_YYY_sub(FP_YYY *x,FP_YYY *y,FP_YYY *z);
-/** @brief Modular division by 2 of an FP, mod Modulus
- *
- @param x FP number, on exit =y/2 mod Modulus
- @param y FP number
- */
-extern void FP_YYY_div2(FP_YYY *x,FP_YYY *y);
-/** @brief Fast Modular exponentiation of an FP, to the power of a BIG, mod Modulus
- *
- @param x FP number, on exit = y^z mod Modulus
- @param y FP number
- @param z BIG number exponent
- */
-extern void FP_YYY_pow(FP_YYY *x,FP_YYY *y,BIG_XXX z);
-/** @brief Fast Modular square root of a an FP, mod Modulus
- *
- @param x FP number, on exit = sqrt(y) mod Modulus
- @param y FP number, the number whose square root is calculated
-
- */
-extern void FP_YYY_sqrt(FP_YYY *x,FP_YYY *y);
-/** @brief Modular negation of a an FP, mod Modulus
- *
- @param x FP number, on exit = -y mod Modulus
- @param y FP number
- */
-extern void FP_YYY_neg(FP_YYY *x,FP_YYY *y);
-/** @brief Outputs an FP number to the console
- *
- Converts from residue form before output
- @param x an FP number
- */
-extern void FP_YYY_output(FP_YYY *x);
-/** @brief Outputs an FP number to the console, in raw form
- *
- @param x a BIG number
- */
-extern void FP_YYY_rawoutput(FP_YYY *x);
-/** @brief Reduces possibly unreduced FP mod Modulus
- *
- @param x FP number, on exit reduced mod Modulus
- */
-extern void FP_YYY_reduce(FP_YYY *x);
-/** @brief normalizes FP
- *
- @param x FP number, on exit normalized
- */
-extern void FP_YYY_norm(FP_YYY *x);
-/** @brief Tests for FP a quadratic residue mod Modulus
- *
- @param x FP number to be tested
- @return 1 if quadratic residue, else returns 0 if quadratic non-residue
- */
-extern int FP_YYY_qr(FP_YYY *x);
-/** @brief Modular inverse of a an FP, mod Modulus
- *
- @param x FP number, on exit = 1/y mod Modulus
- @param y FP number
- */
-extern void FP_YYY_inv(FP_YYY *x,FP_YYY *y);
-
-
-
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/fp12.c
----------------------------------------------------------------------
diff --git a/version3/c/fp12.c b/version3/c/fp12.c
deleted file mode 100644
index 860fc12..0000000
--- a/version3/c/fp12.c
+++ /dev/null
@@ -1,984 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL Fp^12 functions */
-/* SU=m, m is Stack Usage (no lazy )*/
-/* FP12 elements are of the form a+i.b+i^2.c */
-
-#include "fp12_YYY.h"
-
-/* return 1 if b==c, no branching */
-static int teq(sign32 b,sign32 c)
-{
- sign32 x=b^c;
- x-=1; // if x=0, x now -1
- return (int)((x>>31)&1);
-}
-
-
-/* Constant time select from pre-computed table */
-static void FP12_YYY_select(FP12_YYY *f,FP12_YYY g[],sign32 b)
-{
- FP12_YYY invf;
- sign32 m=b>>31;
- sign32 babs=(b^m)-m;
-
- babs=(babs-1)/2;
-
- FP12_YYY_cmove(f,&g[0],teq(babs,0)); // conditional move
- FP12_YYY_cmove(f,&g[1],teq(babs,1));
- FP12_YYY_cmove(f,&g[2],teq(babs,2));
- FP12_YYY_cmove(f,&g[3],teq(babs,3));
- FP12_YYY_cmove(f,&g[4],teq(babs,4));
- FP12_YYY_cmove(f,&g[5],teq(babs,5));
- FP12_YYY_cmove(f,&g[6],teq(babs,6));
- FP12_YYY_cmove(f,&g[7],teq(babs,7));
-
- FP12_YYY_copy(&invf,f);
- FP12_YYY_conj(&invf,&invf); // 1/f
- FP12_YYY_cmove(f,&invf,(int)(m&1));
-}
-
-
-
-/* test x==0 ? */
-/* SU= 8 */
-int FP12_YYY_iszilch(FP12_YYY *x)
-{
- if (FP4_YYY_iszilch(&(x->a)) && FP4_YYY_iszilch(&(x->b)) && FP4_YYY_iszilch(&(x->c))) return 1;
- return 0;
-}
-
-/* test x==1 ? */
-/* SU= 8 */
-int FP12_YYY_isunity(FP12_YYY *x)
-{
- if (FP4_YYY_isunity(&(x->a)) && FP4_YYY_iszilch(&(x->b)) && FP4_YYY_iszilch(&(x->c))) return 1;
- return 0;
-}
-
-/* FP12 copy w=x */
-/* SU= 16 */
-void FP12_YYY_copy(FP12_YYY *w,FP12_YYY *x)
-{
- if (x==w) return;
- FP4_YYY_copy(&(w->a),&(x->a));
- FP4_YYY_copy(&(w->b),&(x->b));
- FP4_YYY_copy(&(w->c),&(x->c));
-}
-
-/* FP12 w=1 */
-/* SU= 8 */
-void FP12_YYY_one(FP12_YYY *w)
-{
- FP4_YYY_one(&(w->a));
- FP4_YYY_zero(&(w->b));
- FP4_YYY_zero(&(w->c));
-}
-
-/* return 1 if x==y, else 0 */
-/* SU= 16 */
-int FP12_YYY_equals(FP12_YYY *x,FP12_YYY *y)
-{
- if (FP4_YYY_equals(&(x->a),&(y->a)) && FP4_YYY_equals(&(x->b),&(y->b)) && FP4_YYY_equals(&(x->b),&(y->b)))
- return 1;
- return 0;
-}
-
-/* Set w=conj(x) */
-/* SU= 8 */
-void FP12_YYY_conj(FP12_YYY *w,FP12_YYY *x)
-{
- FP12_YYY_copy(w,x);
- FP4_YYY_conj(&(w->a),&(w->a));
- FP4_YYY_nconj(&(w->b),&(w->b));
- FP4_YYY_conj(&(w->c),&(w->c));
-}
-
-/* Create FP12 from FP4 */
-/* SU= 8 */
-void FP12_YYY_from_FP4(FP12_YYY *w,FP4_YYY *a)
-{
- FP4_YYY_copy(&(w->a),a);
- FP4_YYY_zero(&(w->b));
- FP4_YYY_zero(&(w->c));
-}
-
-/* Create FP12 from 3 FP4's */
-/* SU= 16 */
-void FP12_YYY_from_FP4s(FP12_YYY *w,FP4_YYY *a,FP4_YYY *b,FP4_YYY *c)
-{
- FP4_YYY_copy(&(w->a),a);
- FP4_YYY_copy(&(w->b),b);
- FP4_YYY_copy(&(w->c),c);
-}
-
-/* Granger-Scott Unitary Squaring. This does not benefit from lazy reduction */
-/* SU= 600 */
-void FP12_YYY_usqr(FP12_YYY *w,FP12_YYY *x)
-{
- FP4_YYY A,B,C,D;
-
- FP4_YYY_copy(&A,&(x->a));
-
- FP4_YYY_sqr(&(w->a),&(x->a));
- FP4_YYY_add(&D,&(w->a),&(w->a));
- FP4_YYY_add(&(w->a),&D,&(w->a));
-
- FP4_YYY_norm(&(w->a));
- FP4_YYY_nconj(&A,&A);
-
- FP4_YYY_add(&A,&A,&A);
- FP4_YYY_add(&(w->a),&(w->a),&A);
- FP4_YYY_sqr(&B,&(x->c));
- FP4_YYY_times_i(&B);
-
- FP4_YYY_add(&D,&B,&B);
- FP4_YYY_add(&B,&B,&D);
- FP4_YYY_norm(&B);
-
- FP4_YYY_sqr(&C,&(x->b));
-
- FP4_YYY_add(&D,&C,&C);
- FP4_YYY_add(&C,&C,&D);
-
- FP4_YYY_norm(&C);
- FP4_YYY_conj(&(w->b),&(x->b));
- FP4_YYY_add(&(w->b),&(w->b),&(w->b));
- FP4_YYY_nconj(&(w->c),&(x->c));
-
- FP4_YYY_add(&(w->c),&(w->c),&(w->c));
- FP4_YYY_add(&(w->b),&B,&(w->b));
- FP4_YYY_add(&(w->c),&C,&(w->c));
-
- FP12_YYY_reduce(w); /* reduce here as in pow function repeated squarings would trigger multiple reductions */
-}
-
-/* FP12 squaring w=x^2 */
-/* SU= 600 */
-void FP12_YYY_sqr(FP12_YYY *w,FP12_YYY *x)
-{
- /* Use Chung-Hasan SQR2 method from http://cacr.uwaterloo.ca/techreports/2006/cacr2006-24.pdf */
-
- FP4_YYY A,B,C,D;
-
- FP4_YYY_sqr(&A,&(x->a));
- FP4_YYY_mul(&B,&(x->b),&(x->c));
- FP4_YYY_add(&B,&B,&B);
- FP4_YYY_norm(&B);
- FP4_YYY_sqr(&C,&(x->c));
-
- FP4_YYY_mul(&D,&(x->a),&(x->b));
- FP4_YYY_add(&D,&D,&D);
- FP4_YYY_add(&(w->c),&(x->a),&(x->c));
- FP4_YYY_add(&(w->c),&(x->b),&(w->c));
- FP4_YYY_norm(&(w->c));
-
- FP4_YYY_sqr(&(w->c),&(w->c));
-
- FP4_YYY_copy(&(w->a),&A);
- FP4_YYY_add(&A,&A,&B);
-
- FP4_YYY_norm(&A);
-
- FP4_YYY_add(&A,&A,&C);
- FP4_YYY_add(&A,&A,&D);
-
- FP4_YYY_norm(&A);
- FP4_YYY_neg(&A,&A);
- FP4_YYY_times_i(&B);
- FP4_YYY_times_i(&C);
-
- FP4_YYY_add(&(w->a),&(w->a),&B);
- FP4_YYY_add(&(w->b),&C,&D);
- FP4_YYY_add(&(w->c),&(w->c),&A);
-
- FP12_YYY_norm(w);
-}
-
-/* FP12 full multiplication w=w*y */
-
-
-/* SU= 896 */
-/* FP12 full multiplication w=w*y */
-void FP12_YYY_mul(FP12_YYY *w,FP12_YYY *y)
-{
- FP4_YYY z0,z1,z2,z3,t0,t1;
-
- FP4_YYY_mul(&z0,&(w->a),&(y->a));
- FP4_YYY_mul(&z2,&(w->b),&(y->b)); //
-
- FP4_YYY_add(&t0,&(w->a),&(w->b));
- FP4_YYY_add(&t1,&(y->a),&(y->b)); //
-
- FP4_YYY_norm(&t0);
- FP4_YYY_norm(&t1);
-
- FP4_YYY_mul(&z1,&t0,&t1);
- FP4_YYY_add(&t0,&(w->b),&(w->c));
- FP4_YYY_add(&t1,&(y->b),&(y->c)); //
-
- FP4_YYY_norm(&t0);
- FP4_YYY_norm(&t1);
-
- FP4_YYY_mul(&z3,&t0,&t1);
-
- FP4_YYY_neg(&t0,&z0);
- FP4_YYY_neg(&t1,&z2);
-
- FP4_YYY_add(&z1,&z1,&t0); // z1=z1-z0
-// FP4_YYY_norm(&z1);
- FP4_YYY_add(&(w->b),&z1,&t1);
-// z1=z1-z2
- FP4_YYY_add(&z3,&z3,&t1); // z3=z3-z2
- FP4_YYY_add(&z2,&z2,&t0); // z2=z2-z0
-
- FP4_YYY_add(&t0,&(w->a),&(w->c));
- FP4_YYY_add(&t1,&(y->a),&(y->c));
-
- FP4_YYY_norm(&t0);
- FP4_YYY_norm(&t1);
-
- FP4_YYY_mul(&t0,&t1,&t0);
- FP4_YYY_add(&z2,&z2,&t0);
-
- FP4_YYY_mul(&t0,&(w->c),&(y->c));
- FP4_YYY_neg(&t1,&t0);
-
- FP4_YYY_add(&(w->c),&z2,&t1);
- FP4_YYY_add(&z3,&z3,&t1);
- FP4_YYY_times_i(&t0);
- FP4_YYY_add(&(w->b),&(w->b),&t0);
- FP4_YYY_norm(&z3);
- FP4_YYY_times_i(&z3);
- FP4_YYY_add(&(w->a),&z0,&z3);
-
- FP12_YYY_norm(w);
-}
-
-/* FP12 multiplication w=w*y */
-/* SU= 744 */
-/* catering for special case that arises from special form of ATE pairing line function */
-void FP12_YYY_smul(FP12_YYY *w,FP12_YYY *y,int type)
-{
- FP4_YYY z0,z1,z2,z3,t0,t1;
-
- if (type==D_TYPE)
- {
- // y->c is 0
-
- FP4_YYY_copy(&z3,&(w->b));
- FP4_YYY_mul(&z0,&(w->a),&(y->a));
-
- FP4_YYY_pmul(&z2,&(w->b),&(y->b).a);
- FP4_YYY_add(&(w->b),&(w->a),&(w->b));
- FP4_YYY_copy(&t1,&(y->a));
- FP2_YYY_add(&t1.a,&t1.a,&(y->b).a);
-
- FP4_YYY_norm(&t1);
- FP4_YYY_norm(&(w->b));
-
- FP4_YYY_mul(&(w->b),&(w->b),&t1);
- FP4_YYY_add(&z3,&z3,&(w->c));
- FP4_YYY_norm(&z3);
- FP4_YYY_pmul(&z3,&z3,&(y->b).a);
- FP4_YYY_neg(&t0,&z0);
- FP4_YYY_neg(&t1,&z2);
-
- FP4_YYY_add(&(w->b),&(w->b),&t0); // z1=z1-z0
-// FP4_YYY_norm(&(w->b));
- FP4_YYY_add(&(w->b),&(w->b),&t1); // z1=z1-z2
-
- FP4_YYY_add(&z3,&z3,&t1); // z3=z3-z2
- FP4_YYY_add(&z2,&z2,&t0); // z2=z2-z0
-
- FP4_YYY_add(&t0,&(w->a),&(w->c));
-
- FP4_YYY_norm(&t0);
- FP4_YYY_norm(&z3);
-
- FP4_YYY_mul(&t0,&(y->a),&t0);
- FP4_YYY_add(&(w->c),&z2,&t0);
-
- FP4_YYY_times_i(&z3);
- FP4_YYY_add(&(w->a),&z0,&z3);
- }
-
- if (type==M_TYPE)
- {
- // y->b is zero
- FP4_YYY_mul(&z0,&(w->a),&(y->a));
- FP4_YYY_add(&t0,&(w->a),&(w->b));
- FP4_YYY_norm(&t0);
-
- FP4_YYY_mul(&z1,&t0,&(y->a));
- FP4_YYY_add(&t0,&(w->b),&(w->c));
- FP4_YYY_norm(&t0);
-
- FP4_YYY_pmul(&z3,&t0,&(y->c).b);
- FP4_YYY_times_i(&z3);
-
- FP4_YYY_neg(&t0,&z0);
- FP4_YYY_add(&z1,&z1,&t0); // z1=z1-z0
-
- FP4_YYY_copy(&(w->b),&z1);
-
- FP4_YYY_copy(&z2,&t0);
-
- FP4_YYY_add(&t0,&(w->a),&(w->c));
- FP4_YYY_add(&t1,&(y->a),&(y->c));
-
- FP4_YYY_norm(&t0);
- FP4_YYY_norm(&t1);
-
- FP4_YYY_mul(&t0,&t1,&t0);
- FP4_YYY_add(&z2,&z2,&t0);
-
- FP4_YYY_pmul(&t0,&(w->c),&(y->c).b);
- FP4_YYY_times_i(&t0);
- FP4_YYY_neg(&t1,&t0);
- FP4_YYY_times_i(&t0);
-
- FP4_YYY_add(&(w->c),&z2,&t1);
- FP4_YYY_add(&z3,&z3,&t1);
-
- FP4_YYY_add(&(w->b),&(w->b),&t0);
- FP4_YYY_norm(&z3);
- FP4_YYY_times_i(&z3);
- FP4_YYY_add(&(w->a),&z0,&z3);
- }
- FP12_YYY_norm(w);
-}
-
-/* Set w=1/x */
-/* SU= 600 */
-void FP12_YYY_inv(FP12_YYY *w,FP12_YYY *x)
-{
- FP4_YYY f0,f1,f2,f3;
-// FP12_YYY_norm(x);
-
- FP4_YYY_sqr(&f0,&(x->a));
- FP4_YYY_mul(&f1,&(x->b),&(x->c));
- FP4_YYY_times_i(&f1);
- FP4_YYY_sub(&f0,&f0,&f1); /* y.a */
- FP4_YYY_norm(&f0);
-
- FP4_YYY_sqr(&f1,&(x->c));
- FP4_YYY_times_i(&f1);
- FP4_YYY_mul(&f2,&(x->a),&(x->b));
- FP4_YYY_sub(&f1,&f1,&f2); /* y.b */
- FP4_YYY_norm(&f1);
-
- FP4_YYY_sqr(&f2,&(x->b));
- FP4_YYY_mul(&f3,&(x->a),&(x->c));
- FP4_YYY_sub(&f2,&f2,&f3); /* y.c */
- FP4_YYY_norm(&f2);
-
- FP4_YYY_mul(&f3,&(x->b),&f2);
- FP4_YYY_times_i(&f3);
- FP4_YYY_mul(&(w->a),&f0,&(x->a));
- FP4_YYY_add(&f3,&(w->a),&f3);
- FP4_YYY_mul(&(w->c),&f1,&(x->c));
- FP4_YYY_times_i(&(w->c));
-
- FP4_YYY_add(&f3,&(w->c),&f3);
- FP4_YYY_norm(&f3);
-
- FP4_YYY_inv(&f3,&f3);
-
- FP4_YYY_mul(&(w->a),&f0,&f3);
- FP4_YYY_mul(&(w->b),&f1,&f3);
- FP4_YYY_mul(&(w->c),&f2,&f3);
-
-}
-
-/* constant time powering by small integer of max length bts */
-
-void FP12_YYY_pinpow(FP12_YYY *r,int e,int bts)
-{
- int i,b;
- FP12_YYY R[2];
-
- FP12_YYY_one(&R[0]);
- FP12_YYY_copy(&R[1],r);
-
- for (i=bts-1; i>=0; i--)
- {
- b=(e>>i)&1;
- FP12_YYY_mul(&R[1-b],&R[b]);
- FP12_YYY_usqr(&R[b],&R[b]);
- }
- FP12_YYY_copy(r,&R[0]);
-}
-
-/* Compressed powering of unitary elements y=x^(e mod r) */
-
-void FP12_YYY_compow(FP4_YYY *c,FP12_YYY *x,BIG_XXX e,BIG_XXX r)
-{
- FP12_YYY g1,g2;
- FP4_YYY cp,cpm1,cpm2;
- FP2_YYY f;
- BIG_XXX q,a,b,m;
-
- BIG_XXX_rcopy(a,Fra_YYY);
- BIG_XXX_rcopy(b,Frb_YYY);
- FP2_YYY_from_BIGs(&f,a,b);
-
- BIG_XXX_rcopy(q,Modulus_YYY);
-
- FP12_YYY_copy(&g1,x);
- FP12_YYY_copy(&g2,x);
-
- BIG_XXX_copy(m,q);
- BIG_XXX_mod(m,r);
-
- BIG_XXX_copy(a,e);
- BIG_XXX_mod(a,m);
-
- BIG_XXX_copy(b,e);
- BIG_XXX_sdiv(b,m);
-
- FP12_YYY_trace(c,&g1);
-
- if (BIG_XXX_iszilch(b))
- {
- FP4_YYY_xtr_pow(c,c,e);
- return;
- }
-
-
- FP12_YYY_frob(&g2,&f);
- FP12_YYY_trace(&cp,&g2);
-
- FP12_YYY_conj(&g1,&g1);
- FP12_YYY_mul(&g2,&g1);
- FP12_YYY_trace(&cpm1,&g2);
- FP12_YYY_mul(&g2,&g1);
- FP12_YYY_trace(&cpm2,&g2);
-
- FP4_YYY_xtr_pow2(c,&cp,c,&cpm1,&cpm2,a,b);
-
-}
-
-
-/* SU= 528 */
-/* set r=a^b */
-/* Note this is simple square and multiply, so not side-channel safe */
-
-void FP12_YYY_pow(FP12_YYY *r,FP12_YYY *a,BIG_XXX b)
-{
- FP12_YYY w,sf;
- BIG_XXX b1,b3;
- int i,nb,bt;
- BIG_XXX_copy(b1,b);
- BIG_XXX_norm(b1);
- BIG_XXX_pmul(b3,b1,3);
- BIG_XXX_norm(b3);
-
- FP12_YYY_copy(&sf,a);
- FP12_YYY_norm(&sf);
- FP12_YYY_copy(&w,&sf);
-
-
- nb=BIG_XXX_nbits(b3);
- for (i=nb-2; i>=1; i--)
- {
- FP12_YYY_usqr(&w,&w);
- bt=BIG_XXX_bit(b3,i)-BIG_XXX_bit(b1,i);
- if (bt==1)
- FP12_YYY_mul(&w,&sf);
- if (bt==-1)
- {
- FP12_YYY_conj(&sf,&sf);
- FP12_YYY_mul(&w,&sf);
- FP12_YYY_conj(&sf,&sf);
- }
- }
-
- FP12_YYY_copy(r,&w);
- FP12_YYY_reduce(r);
-
- /*
- while(1)
- {
- bt=BIG_XXX_parity(z);
- BIG_XXX_shr(z,1);
- if (bt)
- FP12_YYY_mul(r,&w);
- if (BIG_XXX_comp(z,zilch)==0) break;
- FP12_YYY_usqr(&w,&w);
- }
-
- FP12_YYY_reduce(r); */
-}
-
-/* p=q0^u0.q1^u1.q2^u2.q3^u3 */
-/* Side channel attack secure */
-// Bos & Costello https://eprint.iacr.org/2013/458.pdf
-// Faz-Hernandez & Longa & Sanchez https://eprint.iacr.org/2013/158.pdf
-
-void FP12_YYY_pow4(FP12_YYY *p,FP12_YYY *q,BIG_XXX u[4])
-{
- int i,j,k,nb,pb,bt;
- FP12_YYY g[8],r;
- BIG_XXX t[4],mt;
- sign8 w[NLEN_XXX*BASEBITS_XXX+1];
- sign8 s[NLEN_XXX*BASEBITS_XXX+1];
-
- for (i=0; i<4; i++)
- BIG_XXX_copy(t[i],u[i]);
-
-
-// Precomputed table
- FP12_YYY_copy(&g[0],&q[0]); // q[0]
- FP12_YYY_copy(&g[1],&g[0]);
- FP12_YYY_mul(&g[1],&q[1]); // q[0].q[1]
- FP12_YYY_copy(&g[2],&g[0]);
- FP12_YYY_mul(&g[2],&q[2]); // q[0].q[2]
- FP12_YYY_copy(&g[3],&g[1]);
- FP12_YYY_mul(&g[3],&q[2]); // q[0].q[1].q[2]
- FP12_YYY_copy(&g[4],&g[0]);
- FP12_YYY_mul(&g[4],&q[3]); // q[0].q[3]
- FP12_YYY_copy(&g[5],&g[1]);
- FP12_YYY_mul(&g[5],&q[3]); // q[0].q[1].q[3]
- FP12_YYY_copy(&g[6],&g[2]);
- FP12_YYY_mul(&g[6],&q[3]); // q[0].q[2].q[3]
- FP12_YYY_copy(&g[7],&g[3]);
- FP12_YYY_mul(&g[7],&q[3]); // q[0].q[1].q[2].q[3]
-
-// Make it odd
- pb=1-BIG_XXX_parity(t[0]);
- BIG_XXX_inc(t[0],pb);
- BIG_XXX_norm(t[0]);
-
-// Number of bits
- BIG_XXX_zero(mt);
- for (i=0; i<4; i++)
- {
- BIG_XXX_or(mt,mt,t[i]);
- }
- nb=1+BIG_XXX_nbits(mt);
-
-// Sign pivot
- s[nb-1]=1;
- for (i=0;i<nb-1;i++)
- {
- BIG_XXX_fshr(t[0],1);
- s[i]=2*BIG_XXX_parity(t[0])-1;
- }
-
-// Recoded exponent
- for (i=0; i<nb; i++)
- {
- w[i]=0;
- k=1;
- for (j=1; j<4; j++)
- {
- bt=s[i]*BIG_XXX_parity(t[j]);
- BIG_XXX_fshr(t[j],1);
-
- BIG_XXX_dec(t[j],(bt>>1));
- BIG_XXX_norm(t[j]);
- w[i]+=bt*k;
- k*=2;
- }
- }
-
-// Main loop
- FP12_YYY_select(p,g,2*w[nb-1]+1);
- for (i=nb-2; i>=0; i--)
- {
- FP12_YYY_select(&r,g,2*w[i]+s[i]);
- FP12_YYY_usqr(p,p);
- FP12_YYY_mul(p,&r);
- }
-// apply correction
- FP12_YYY_conj(&r,&q[0]);
- FP12_YYY_mul(&r,p);
- FP12_YYY_cmove(p,&r,pb);
-
- FP12_YYY_reduce(p);
-}
-
-/* p=q0^u0.q1^u1.q2^u2.q3^u3 */
-/* Timing attack secure, but not cache attack secure */
-/*
-void FP12_YYY_pow4(FP12_YYY *p,FP12_YYY *q,BIG_XXX u[4])
-{
- int i,j,a[4],nb,m;
- FP12_YYY g[8],c,s[2];
- BIG_XXX t[4],mt;
- sign8 w[NLEN_XXX*BASEBITS_XXX+1];
-
- for (i=0; i<4; i++)
- BIG_XXX_copy(t[i],u[i]);
-
- FP12_YYY_copy(&g[0],&q[0]);
- FP12_YYY_conj(&s[0],&q[1]);
- FP12_YYY_mul(&g[0],&s[0]); // P/Q
- FP12_YYY_copy(&g[1],&g[0]);
- FP12_YYY_copy(&g[2],&g[0]);
- FP12_YYY_copy(&g[3],&g[0]);
- FP12_YYY_copy(&g[4],&q[0]);
- FP12_YYY_mul(&g[4],&q[1]); // P*Q
- FP12_YYY_copy(&g[5],&g[4]);
- FP12_YYY_copy(&g[6],&g[4]);
- FP12_YYY_copy(&g[7],&g[4]);
-
- FP12_YYY_copy(&s[1],&q[2]);
- FP12_YYY_conj(&s[0],&q[3]);
- FP12_YYY_mul(&s[1],&s[0]); // R/S
- FP12_YYY_conj(&s[0],&s[1]);
- FP12_YYY_mul(&g[1],&s[0]);
- FP12_YYY_mul(&g[2],&s[1]);
- FP12_YYY_mul(&g[5],&s[0]);
- FP12_YYY_mul(&g[6],&s[1]);
- FP12_YYY_copy(&s[1],&q[2]);
- FP12_YYY_mul(&s[1],&q[3]); // R*S
- FP12_YYY_conj(&s[0],&s[1]);
- FP12_YYY_mul(&g[0],&s[0]);
- FP12_YYY_mul(&g[3],&s[1]);
- FP12_YYY_mul(&g[4],&s[0]);
- FP12_YYY_mul(&g[7],&s[1]);
-
- // if power is even add 1 to power, and add q to correction
- FP12_YYY_one(&c);
-
- BIG_XXX_zero(mt);
- for (i=0; i<4; i++)
- {
- if (BIG_XXX_parity(t[i])==0)
- {
- BIG_XXX_inc(t[i],1);
- BIG_XXX_norm(t[i]);
- FP12_YYY_mul(&c,&q[i]);
- }
- BIG_XXX_add(mt,mt,t[i]);
- BIG_XXX_norm(mt);
- }
-
- FP12_YYY_conj(&c,&c);
- nb=1+BIG_XXX_nbits(mt);
-
- // convert exponent to signed 1-bit window
- for (j=0; j<nb; j++)
- {
- for (i=0; i<4; i++)
- {
- a[i]=BIG_XXX_lastbits(t[i],2)-2;
- BIG_XXX_dec(t[i],a[i]);
- BIG_XXX_norm(t[i]);
- BIG_XXX_fshr(t[i],1);
- }
- w[j]=8*a[0]+4*a[1]+2*a[2]+a[3];
- }
- w[nb]=8*BIG_XXX_lastbits(t[0],2)+4*BIG_XXX_lastbits(t[1],2)+2*BIG_XXX_lastbits(t[2],2)+BIG_XXX_lastbits(t[3],2);
- FP12_YYY_copy(p,&g[(w[nb]-1)/2]);
-
- for (i=nb-1; i>=0; i--)
- {
- m=w[i]>>7;
- j=(w[i]^m)-m; // j=abs(w[i])
- j=(j-1)/2;
- FP12_YYY_copy(&s[0],&g[j]);
- FP12_YYY_conj(&s[1],&g[j]);
- FP12_YYY_usqr(p,p);
- FP12_YYY_mul(p,&s[m&1]);
- }
- FP12_YYY_mul(p,&c); // apply correction
- FP12_YYY_reduce(p);
-}
-*/
-/* Set w=w^p using Frobenius */
-/* SU= 160 */
-void FP12_YYY_frob(FP12_YYY *w,FP2_YYY *f)
-{
- FP2_YYY f2,f3;
- FP2_YYY_sqr(&f2,f); /* f2=f^2 */
- FP2_YYY_mul(&f3,&f2,f); /* f3=f^3 */
-
- FP4_YYY_frob(&(w->a),&f3);
- FP4_YYY_frob(&(w->b),&f3);
- FP4_YYY_frob(&(w->c),&f3);
-
- FP4_YYY_pmul(&(w->b),&(w->b),f);
- FP4_YYY_pmul(&(w->c),&(w->c),&f2);
-}
-
-/* SU= 8 */
-/* normalise all components of w */
-void FP12_YYY_norm(FP12_YYY *w)
-{
- FP4_YYY_norm(&(w->a));
- FP4_YYY_norm(&(w->b));
- FP4_YYY_norm(&(w->c));
-}
-
-/* SU= 8 */
-/* reduce all components of w */
-void FP12_YYY_reduce(FP12_YYY *w)
-{
- FP4_YYY_reduce(&(w->a));
- FP4_YYY_reduce(&(w->b));
- FP4_YYY_reduce(&(w->c));
-}
-
-/* trace function w=trace(x) */
-/* SU= 8 */
-void FP12_YYY_trace(FP4_YYY *w,FP12_YYY *x)
-{
- FP4_YYY_imul(w,&(x->a),3);
- FP4_YYY_reduce(w);
-}
-
-/* SU= 8 */
-/* Output w in hex */
-void FP12_YYY_output(FP12_YYY *w)
-{
- printf("[");
- FP4_YYY_output(&(w->a));
- printf(",");
- FP4_YYY_output(&(w->b));
- printf(",");
- FP4_YYY_output(&(w->c));
- printf("]");
-}
-
-/* SU= 64 */
-/* Convert g to octet string w */
-void FP12_YYY_toOctet(octet *W,FP12_YYY *g)
-{
- BIG_XXX a;
- W->len=12*MODBYTES_XXX;
-
- FP_YYY_redc(a,&(g->a.a.a));
- BIG_XXX_toBytes(&(W->val[0]),a);
- FP_YYY_redc(a,&(g->a.a.b));
- BIG_XXX_toBytes(&(W->val[MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->a.b.a));
- BIG_XXX_toBytes(&(W->val[2*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->a.b.b));
- BIG_XXX_toBytes(&(W->val[3*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->b.a.a));
- BIG_XXX_toBytes(&(W->val[4*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->b.a.b));
- BIG_XXX_toBytes(&(W->val[5*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->b.b.a));
- BIG_XXX_toBytes(&(W->val[6*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->b.b.b));
- BIG_XXX_toBytes(&(W->val[7*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->c.a.a));
- BIG_XXX_toBytes(&(W->val[8*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->c.a.b));
- BIG_XXX_toBytes(&(W->val[9*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->c.b.a));
- BIG_XXX_toBytes(&(W->val[10*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->c.b.b));
- BIG_XXX_toBytes(&(W->val[11*MODBYTES_XXX]),a);
-}
-
-/* SU= 24 */
-/* Restore g from octet string w */
-void FP12_YYY_fromOctet(FP12_YYY *g,octet *W)
-{
- BIG_XXX b;
- BIG_XXX_fromBytes(b,&W->val[0]);
- FP_YYY_nres(&(g->a.a.a),b);
- BIG_XXX_fromBytes(b,&W->val[MODBYTES_XXX]);
- FP_YYY_nres(&(g->a.a.b),b);
- BIG_XXX_fromBytes(b,&W->val[2*MODBYTES_XXX]);
- FP_YYY_nres(&(g->a.b.a),b);
- BIG_XXX_fromBytes(b,&W->val[3*MODBYTES_XXX]);
- FP_YYY_nres(&(g->a.b.b),b);
- BIG_XXX_fromBytes(b,&W->val[4*MODBYTES_XXX]);
- FP_YYY_nres(&(g->b.a.a),b);
- BIG_XXX_fromBytes(b,&W->val[5*MODBYTES_XXX]);
- FP_YYY_nres(&(g->b.a.b),b);
- BIG_XXX_fromBytes(b,&W->val[6*MODBYTES_XXX]);
- FP_YYY_nres(&(g->b.b.a),b);
- BIG_XXX_fromBytes(b,&W->val[7*MODBYTES_XXX]);
- FP_YYY_nres(&(g->b.b.b),b);
- BIG_XXX_fromBytes(b,&W->val[8*MODBYTES_XXX]);
- FP_YYY_nres(&(g->c.a.a),b);
- BIG_XXX_fromBytes(b,&W->val[9*MODBYTES_XXX]);
- FP_YYY_nres(&(g->c.a.b),b);
- BIG_XXX_fromBytes(b,&W->val[10*MODBYTES_XXX]);
- FP_YYY_nres(&(g->c.b.a),b);
- BIG_XXX_fromBytes(b,&W->val[11*MODBYTES_XXX]);
- FP_YYY_nres(&(g->c.b.b),b);
-}
-
-/* Move b to a if d=1 */
-void FP12_YYY_cmove(FP12_YYY *f,FP12_YYY *g,int d)
-{
- FP4_YYY_cmove(&(f->a),&(g->a),d);
- FP4_YYY_cmove(&(f->b),&(g->b),d);
- FP4_YYY_cmove(&(f->c),&(g->c),d);
-}
-
-
-/*
-int main(){
- FP2_YYY f,w0,w1;
- FP4_YYY t0,t1,t2;
- FP12_YYY w,t,lv;
- BIG_XXX a,b;
- BIG_XXX p;
-
- //Test w^(P^4) = w mod p^2
-// BIG_XXX_randomnum(a);
-// BIG_XXX_randomnum(b);
-// BIG_XXX_mod(a,Modulus); BIG_XXX_mod(b,Modulus);
- BIG_XXX_zero(a); BIG_XXX_zero(b); BIG_XXX_inc(a,1); BIG_XXX_inc(b,2); FP_YYY_nres(a); FP_YYY_nres(b);
- FP2_YYY_from_zps(&w0,a,b);
-
-// BIG_XXX_randomnum(a); BIG_XXX_randomnum(b);
-// BIG_XXX_mod(a,Modulus); BIG_XXX_mod(b,Modulus);
- BIG_XXX_zero(a); BIG_XXX_zero(b); BIG_XXX_inc(a,3); BIG_XXX_inc(b,4); FP_YYY_nres(a); FP_YYY_nres(b);
- FP2_YYY_from_zps(&w1,a,b);
-
- FP4_YYY_from_FP2s(&t0,&w0,&w1);
- FP4_YYY_reduce(&t0);
-
-// BIG_XXX_randomnum(a);
-// BIG_XXX_randomnum(b);
-// BIG_XXX_mod(a,Modulus); BIG_XXX_mod(b,Modulus);
- BIG_XXX_zero(a); BIG_XXX_zero(b); BIG_XXX_inc(a,5); BIG_XXX_inc(b,6); FP_YYY_nres(a); FP_YYY_nres(b);
- FP2_YYY_from_zps(&w0,a,b);
-
-// BIG_XXX_randomnum(a); BIG_XXX_randomnum(b);
-// BIG_XXX_mod(a,Modulus); BIG_XXX_mod(b,Modulus);
-
- BIG_XXX_zero(a); BIG_XXX_zero(b); BIG_XXX_inc(a,7); BIG_XXX_inc(b,8); FP_YYY_nres(a); FP_YYY_nres(b);
- FP2_YYY_from_zps(&w1,a,b);
-
- FP4_YYY_from_FP2s(&t1,&w0,&w1);
- FP4_YYY_reduce(&t1);
-
-// BIG_XXX_randomnum(a);
-// BIG_XXX_randomnum(b);
-// BIG_XXX_mod(a,Modulus); BIG_XXX_mod(b,Modulus);
- BIG_XXX_zero(a); BIG_XXX_zero(b); BIG_XXX_inc(a,9); BIG_XXX_inc(b,10); FP_YYY_nres(a); FP_YYY_nres(b);
- FP2_YYY_from_zps(&w0,a,b);
-
-// BIG_XXX_randomnum(a); BIG_XXX_randomnum(b);
-// BIG_XXX_mod(a,Modulus); BIG_XXX_mod(b,Modulus);
- BIG_XXX_zero(a); BIG_XXX_zero(b); BIG_XXX_inc(a,11); BIG_XXX_inc(b,12); FP_YYY_nres(a); FP_YYY_nres(b);
- FP2_YYY_from_zps(&w1,a,b);
-
- FP4_YYY_from_FP2s(&t2,&w0,&w1);
- FP4_YYY_reduce(&t2);
-
- FP12_YYY_from_FP4s(&w,&t0,&t1,&t2);
-
- FP12_YYY_copy(&t,&w);
-
- printf("w= ");
- FP12_YYY_output(&w);
- printf("\n");
-
- BIG_XXX_rcopy(p,Modulus);
- //BIG_XXX_zero(p); BIG_XXX_inc(p,7);
-
- FP12_YYY_pow(&w,&w,p);
-
- printf("w^p= ");
- FP12_YYY_output(&w);
- printf("\n");
-
- FP2_YYY_gfc(&f,12);
- FP12_YYY_frob(&t,&f);
- printf("w^p= ");
- FP12_YYY_output(&t);
- printf("\n");
-
-//exit(0);
-
- FP12_YYY_pow(&w,&w,p);
- //printf("w^p^2= ");
- //FP12_YYY_output(&w);
- //printf("\n");
- FP12_YYY_pow(&w,&w,p);
- //printf("w^p^3= ");
- //FP12_YYY_output(&w);
- //printf("\n");
- FP12_YYY_pow(&w,&w,p);
- FP12_YYY_pow(&w,&w,p);
- FP12_YYY_pow(&w,&w,p);
- printf("w^p^6= ");
- FP12_YYY_output(&w);
- printf("\n");
- FP12_YYY_pow(&w,&w,p);
- FP12_YYY_pow(&w,&w,p);
- printf("w^p^8= ");
- FP12_YYY_output(&w);
- printf("\n");
- FP12_YYY_pow(&w,&w,p);
- FP12_YYY_pow(&w,&w,p);
- FP12_YYY_pow(&w,&w,p);
- printf("w^p^11= ");
- FP12_YYY_output(&w);
- printf("\n");
-
- // BIG_XXX_zero(p); BIG_XXX_inc(p,7); BIG_XXX_norm(p);
- FP12_YYY_pow(&w,&w,p);
-
- printf("w^p12= ");
- FP12_YYY_output(&w);
- printf("\n");
-//exit(0);
-
- FP12_YYY_inv(&t,&w);
- printf("1/w mod p^4 = ");
- FP12_YYY_output(&t);
- printf("\n");
-
- FP12_YYY_inv(&w,&t);
- printf("1/(1/w) mod p^4 = ");
- FP12_YYY_output(&w);
- printf("\n");
-
-
-
- FP12_YYY_inv(&lv,&w);
-//printf("w= "); FP12_YYY_output(&w); printf("\n");
- FP12_YYY_conj(&w,&w);
-//printf("w= "); FP12_YYY_output(&w); printf("\n");
-//exit(0);
- FP12_YYY_mul(&w,&w,&lv);
-//printf("w= "); FP12_YYY_output(&w); printf("\n");
- FP12_YYY_copy(&lv,&w);
- FP12_YYY_frob(&w,&f);
- FP12_YYY_frob(&w,&f);
- FP12_YYY_mul(&w,&w,&lv);
-
-//printf("w= "); FP12_YYY_output(&w); printf("\n");
-//exit(0);
-
-w.unitary=0;
-FP12_YYY_conj(&lv,&w);
- printf("rx= "); FP12_YYY_output(&lv); printf("\n");
-FP12_YYY_inv(&lv,&w);
- printf("ry= "); FP12_YYY_output(&lv); printf("\n");
-
-
- return 0;
-}
-
-*/
[26/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/src/gcm.rs
----------------------------------------------------------------------
diff --git a/version22/rust/src/gcm.rs b/version22/rust/src/gcm.rs
deleted file mode 100644
index 32e2749..0000000
--- a/version22/rust/src/gcm.rs
+++ /dev/null
@@ -1,356 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-const GCM_NB:usize=4;
-const GCM_ACCEPTING_HEADER:usize=0;
-const GCM_ACCEPTING_CIPHER:usize=1;
-const GCM_NOT_ACCEPTING_MORE:usize=2;
-const GCM_FINISHED:usize=3;
-const GCM_ENCRYPTING:usize=0;
-const GCM_DECRYPTING:usize=1;
-
-use aes;
-use aes::AES;
-
-pub struct GCM {
- table: [[u32;4];128],
- statex: [u8;16],
- y_0: [u8;16],
-// counter: usize,
- lena:[u32;2],
- lenc:[u32;2],
- status:usize,
- a:AES
-}
-
-impl GCM {
-
- fn pack(b: [u8;4]) -> u32 { /* pack bytes into a 32-bit Word */
- return ((((b[0])&0xff) as u32)<<24)|((((b[1])&0xff) as u32)<<16)|((((b[2])&0xff) as u32)<<8)|(((b[3])&0xff) as u32);
- }
-
- fn unpack(a: u32) -> [u8;4] { /* unpack bytes from a word */
- let b:[u8;4]=[((a>>24)&0xff) as u8,((a>>16)&0xff) as u8,((a>>8)&0xff) as u8,(a&0xff) as u8];
- return b;
- }
-
- fn precompute(&mut self,h: &[u8]) {
- let mut b:[u8;4]=[0;4];
- let mut j=0;
- for i in 0..GCM_NB {
- b[0]=h[j]; b[1]=h[j+1]; b[2]=h[j+2]; b[3]=h[j+3];
- self.table[0][i]=GCM::pack(b);
- j+=4;
- }
- for i in 1..128 {
- let mut c:u32=0;
- for j in 0..GCM_NB {self.table[i][j]=c|(self.table[i-1][j])>>1; c=self.table[i-1][j]<<31;}
- if c != 0 {self.table[i][0]^=0xE1000000} /* irreducible polynomial */
- }
- }
-
- fn gf2mul(&mut self) { /* gf2m mul - Z=H*X mod 2^128 */
- let mut p:[u32;4]=[0;4];
-
- for i in 0..4 {p[i]=0}
- let mut j:usize=8;
- let mut m=0;
- for i in 0..128 {
- j-=1;
- let mut c=((self.statex[m]>>j)&1) as u32; c= (!c) +1;
- for k in 0..GCM_NB {p[k]^=self.table[i][k]&c}
- if j==0 {
- j=8; m+=1;
- if m==16 {break}
- }
- }
- j=0;
- for i in 0..GCM_NB {
- let b=GCM::unpack(p[i]);
- self.statex[j]=b[0]; self.statex[j+1]=b[1]; self.statex[j+2]=b[2]; self.statex[j+3]=b[3];
- j+=4;
- }
- }
-
- fn wrap(&mut self) { /* Finish off GHASH */
- let mut f:[u32;4]=[0;4];
- let mut el:[u8;16]=[0;16];
-
- /* convert lengths from bytes to bits */
- f[0]=(self.lena[0]<<3)|(self.lena[1]&0xE0000000)>>29;
- f[1]=self.lena[1]<<3;
- f[2]=(self.lenc[0]<<3)|(self.lenc[1]&0xE0000000)>>29;
- f[3]=self.lenc[1]<<3;
- let mut j=0;
- for i in 0..GCM_NB {
- let b=GCM::unpack(f[i]);
- el[j]=b[0]; el[j+1]=b[1]; el[j+2]=b[2]; el[j+3]=b[3];
- j+=4;
- }
- for i in 0..16 {self.statex[i]^=el[i]}
- self.gf2mul();
- }
-
- fn ghash(&mut self,plain: &[u8],len: usize) -> bool {
- if self.status==GCM_ACCEPTING_HEADER {self.status=GCM_ACCEPTING_CIPHER}
- if self.status != GCM_ACCEPTING_CIPHER {return false}
-
- let mut j=0;
- while j<len {
- for i in 0..16 {
- if j>=len {break}
- self.statex[i]^=plain[j]; j+=1;
- self.lenc[1]+=1; if self.lenc[1]==0 {self.lenc[0]+=1}
- }
- self.gf2mul();
- }
- if len%16 != 0 {self.status=GCM_NOT_ACCEPTING_MORE}
- return true;
- }
-
- /* Initialize GCM mode */
- pub fn init(&mut self,nk: usize,key: &[u8],niv: usize,iv: &[u8]) { /* iv size niv is usually 12 bytes (96 bits). AES key size nk can be 16,24 or 32 bytes */
- let mut h:[u8;16]=[0;16];
-
- for i in 0..16 {h[i]=0; self.statex[i]=0}
-
- self.a=AES::new();
-
- self.a.init(aes::ECB,nk,key,None);
- self.a.ecb_encrypt(&mut h); /* E(K,0) */
- self.precompute(&h);
-
- self.lena[0]=0;self.lenc[0]=0;self.lena[1]=0;self.lenc[1]=0;
- if niv==12 {
- for i in 0..12 {self.a.f[i]=iv[i]}
- let b=GCM::unpack(1);
- self.a.f[12]=b[0]; self.a.f[13]=b[1]; self.a.f[14]=b[2]; self.a.f[15]=b[3]; /* initialise IV */
- for i in 0..16 {self.y_0[i]=self.a.f[i]}
- } else {
- self.status=GCM_ACCEPTING_CIPHER;
- self.ghash(iv,niv); /* GHASH(H,0,IV) */
- self.wrap();
- for i in 0..16 {self.a.f[i]=self.statex[i];self.y_0[i]=self.a.f[i];self.statex[i]=0}
- self.lena[0]=0;self.lenc[0]=0;self.lena[1]=0;self.lenc[1]=0;
- }
- self.status=GCM_ACCEPTING_HEADER;
- }
-
- pub fn new() -> GCM {
- GCM {
- table:[[0;4];128],
- statex:[0;16],
- y_0:[0;16],
- //counter:0,
- lena:[0;2],
- lenc:[0;2],
- status:0,
- a:AES::new()
- }
- }
-
-/* Add Header data - included but not encrypted */
- pub fn add_header(&mut self,header: &[u8],len: usize) -> bool { /* Add some header. Won't be encrypted, but will be authenticated. len is length of header */
- if self.status != GCM_ACCEPTING_HEADER {return false}
- let mut j=0;
- while j<len {
- for i in 0..16 {
- if j>=len {break}
- self.statex[i]^=header[j]; j+=1;
- self.lena[1]+=1; if self.lena[1]==0 {self.lena[0]+=1}
- }
- self.gf2mul();
- }
- if len%16 != 0 {self.status=GCM_ACCEPTING_CIPHER}
- return true;
- }
-
-/* Add Plaintext - included and encrypted */
- pub fn add_plain(&mut self,cipher: &mut [u8],plain: &[u8],len: usize) -> bool {
- let mut cb:[u8;16]=[0;16];
- let mut b:[u8;4]=[0;4];
-
- let mut counter: u32;
- if self.status == GCM_ACCEPTING_HEADER {self.status=GCM_ACCEPTING_CIPHER}
- if self.status != GCM_ACCEPTING_CIPHER {return false}
-
- let mut j=0;
- while j<len {
- b[0]=self.a.f[12]; b[1]=self.a.f[13]; b[2]=self.a.f[14]; b[3]=self.a.f[15];
- counter=GCM::pack(b);
- counter+=1;
- b=GCM::unpack(counter);
- self.a.f[12]=b[0]; self.a.f[13]=b[1]; self.a.f[14]=b[2]; self.a.f[15]=b[3]; /* increment counter */
- for i in 0..16 {cb[i]=self.a.f[i]}
- self.a.ecb_encrypt(&mut cb); /* encrypt it */
-
- for i in 0..16 {
- if j>=len {break}
- cipher[j]=plain[j]^cb[i];
- self.statex[i]^=cipher[j]; j+=1;
- self.lenc[1]+=1; if self.lenc[1]==0 {self.lenc[0]+=1}
- }
- self.gf2mul()
- }
- if len%16 != 0 {self.status=GCM_NOT_ACCEPTING_MORE}
- return true;
- }
-
-/* Add Ciphertext - decrypts to plaintext */
- pub fn add_cipher(&mut self,plain: &mut [u8],cipher: &[u8],len: usize) -> bool {
- let mut cb:[u8;16]=[0;16];
- let mut b:[u8;4]=[0;4];
-
- let mut counter: u32;
-
- if self.status==GCM_ACCEPTING_HEADER {self.status=GCM_ACCEPTING_CIPHER}
- if self.status != GCM_ACCEPTING_CIPHER {return false}
-
- let mut j=0;
- while j<len {
- b[0]=self.a.f[12]; b[1]=self.a.f[13]; b[2]=self.a.f[14]; b[3]=self.a.f[15];
- counter=GCM::pack(b);
- counter+=1;
- b=GCM::unpack(counter);
- self.a.f[12]=b[0]; self.a.f[13]=b[1]; self.a.f[14]=b[2]; self.a.f[15]=b[3]; /* increment counter */
- for i in 0..16 {cb[i]=self.a.f[i]}
- self.a.ecb_encrypt(&mut cb); /* encrypt it */
- for i in 0..16 {
- if j>=len {break}
- let oc=cipher[j];
- plain[j]=cipher[j]^cb[i];
- self.statex[i]^=oc; j+=1;
- self.lenc[1]+=1; if self.lenc[1]==0 {self.lenc[0]+=1}
- }
- self.gf2mul()
- }
- if len%16 != 0 {self.status=GCM_NOT_ACCEPTING_MORE}
- return true;
- }
-
-/* Finish and extract Tag */
- pub fn finish(&mut self,extract: bool) -> [u8;16] { /* Finish off GHASH and extract tag (MAC) */
- let mut tag:[u8;16]=[0;16];
-
- self.wrap();
- /* extract tag */
- if extract {
- self.a.ecb_encrypt(&mut (self.y_0)); /* E(K,Y0) */
- for i in 0..16 {self.y_0[i]^=self.statex[i]}
- for i in 0..16 {tag[i]=self.y_0[i];self.y_0[i]=0;self.statex[i]=0}
- }
- self.status=GCM_FINISHED;
- self.a.end();
- return tag;
- }
-
- pub fn hex2bytes(hex: &[u8],bin: &mut [u8]) {
- let len=hex.len();
-
- for i in 0..len/2 {
- let mut v:u8;
- let mut c = hex[2*i];
- if c >= b'0' && c <= b'9' {
- v = c - b'0';
- } else if c >= b'A' && c <= b'F' {
- v = c - b'A' + 10;
- } else if c >= b'a' && c <= b'f' {
- v = c - b'a' + 10;
- } else {
- v = 0;
- }
- v <<= 4;
- c = hex[2*i + 1];
- if c >= b'0' && c <= b'9' {
- v += c - b'0';
- } else if c >= b'A' && c <= b'F' {
- v += c - b'A' + 10;
- } else if c >= b'a' && c <= b'f' {
- v += c - b'a' + 10;
- } else {
- v = 0;
- }
- bin[i] = v;
- }
- }
-
-}
-/*
-fn main()
-{
- let kt=b"feffe9928665731c6d6a8f9467308308";
- let mt=b"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39";
- let ht=b"feedfacedeadbeeffeedfacedeadbeefabaddad2";
- let nt=b"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b";
-// Tag should be 619cc5aefffe0bfa462af43c1699d050
-
- let mut gcm=GCM::new();
-
- let len=mt.len()/2;
- let lenh=ht.len()/2;
- let lenk=kt.len()/2;
- let leniv=nt.len()/2;
-
- //let mut t:[u8;16]=[0;16]; // Tag
- let mut k:[u8;16]=[0;16]; // AES Key
- let mut h:[u8;64]=[0;64]; // Header - to be included in Authentication, but not encrypted
- let mut n:[u8;100]=[0;100]; // IV - Initialisation vector
- let mut m:[u8;100]=[0;100]; // Plaintext to be encrypted/authenticated
- let mut c:[u8;100]=[0;100]; // Ciphertext
- let mut p:[u8;100]=[0;100]; // Recovered Plaintext
-
- GCM::hex2bytes(mt,&mut m);
- GCM::hex2bytes(ht,&mut h);
- GCM::hex2bytes(kt,&mut k);
- GCM::hex2bytes(nt,&mut n);
-
- println!("Plaintext=");
- for i in 0..len {print!("{:02x}",m[i])}
- println!("");
-
- gcm.init(lenk,&k,leniv,&n);
-
- gcm.add_header(&h,lenh);
- gcm.add_plain(&mut c,&m,len);
- let mut t=gcm.finish(true);
-
- println!("Ciphertext=");
- for i in 0..len {print!("{:02x}",c[i])}
- println!("");
-
- println!("Tag=");
- for i in 0..16 {print!("{:02x}",t[i])}
- println!("");
-
- gcm.init(lenk,&k,leniv,&n);
-
- gcm.add_header(&h,lenh);
- gcm.add_cipher(&mut p,&c,len);
- t=gcm.finish(true);
-
- println!("Plaintext=");
- for i in 0..len {print!("{:02x}",p[i])}
- println!("");
-
- println!("Tag=");
- for i in 0..16 {print!("{:02x}",t[i])}
- println!("");
-
-}
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/src/hash256.rs
----------------------------------------------------------------------
diff --git a/version22/rust/src/hash256.rs b/version22/rust/src/hash256.rs
deleted file mode 100644
index e2aca06..0000000
--- a/version22/rust/src/hash256.rs
+++ /dev/null
@@ -1,182 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-const HASH256_H0: u32=0x6A09E667;
-const HASH256_H1: u32=0xBB67AE85;
-const HASH256_H2: u32=0x3C6EF372;
-const HASH256_H3: u32=0xA54FF53A;
-const HASH256_H4: u32=0x510E527F;
-const HASH256_H5: u32=0x9B05688C;
-const HASH256_H6: u32=0x1F83D9AB;
-const HASH256_H7: u32=0x5BE0CD19;
-
-const HASH256_K : [u32;64]=[
- 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5,0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5,
- 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3,0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174,
- 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc,0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da,
- 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7,0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967,
- 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13,0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85,
- 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3,0xd192e819,0xd6990624,0xf40e3585,0x106aa070,
- 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5,0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3,
- 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208,0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2];
-
-
-pub struct HASH256 {
- length: [u32;2],
- h: [u32;8],
- w: [u32;64]
-}
-
-impl HASH256 {
- fn s(n: u32,x: u32) -> u32 {
- return ((x)>>n) | ((x)<<(32-n));
- }
- fn r(n: u32,x: u32) -> u32 {
- return (x)>>n;
- }
-
- fn ch(x: u32,y: u32,z: u32) -> u32 {
- return (x&y)^(!(x)&z);
- }
-
- fn maj(x: u32,y: u32,z: u32) -> u32 {
- return (x&y)^(x&z)^(y&z);
- }
- fn sig0(x: u32) -> u32 {
- return HASH256::s(2,x)^HASH256::s(13,x)^HASH256::s(22,x);
- }
-
- fn sig1(x: u32) -> u32 {
- return HASH256::s(6,x)^HASH256::s(11,x)^HASH256::s(25,x);
- }
-
- fn theta0(x: u32) -> u32 {
- return HASH256::s(7,x)^HASH256::s(18,x)^HASH256::r(3,x);
- }
-
- fn theta1(x: u32) -> u32 {
- return HASH256::s(17,x)^HASH256::s(19,x)^HASH256::r(10,x);
- }
-
- fn transform(&mut self) { /* basic transformation step */
- for j in 16..64 {
- self.w[j]=HASH256::theta1(self.w[j-2]).wrapping_add(self.w[j-7]).wrapping_add(HASH256::theta0(self.w[j-15])).wrapping_add(self.w[j-16]);
- }
- let mut a=self.h[0]; let mut b=self.h[1]; let mut c=self.h[2]; let mut d=self.h[3];
- let mut e=self.h[4]; let mut f=self.h[5]; let mut g=self.h[6]; let mut hh=self.h[7];
- for j in 0..64 { /* 64 times - mush it up */
- let t1=hh.wrapping_add(HASH256::sig1(e)).wrapping_add(HASH256::ch(e,f,g)).wrapping_add(HASH256_K[j]).wrapping_add(self.w[j]);
- let t2=HASH256::sig0(a).wrapping_add(HASH256::maj(a,b,c));
- hh=g; g=f; f=e;
- e=d.wrapping_add(t1);
- d=c;
- c=b;
- b=a;
- a=t1.wrapping_add(t2);
- }
- self.h[0] = self.h[0].wrapping_add(a);
- self.h[1] = self.h[1].wrapping_add(b);
- self.h[2] = self.h[2].wrapping_add(c);
- self.h[3] = self.h[3].wrapping_add(d);
- self.h[4] = self.h[4].wrapping_add(e);
- self.h[5] = self.h[5].wrapping_add(f);
- self.h[6] = self.h[6].wrapping_add(g);
- self.h[7] = self.h[7].wrapping_add(hh);
- }
-
-/* Initialise Hash function */
- pub fn init(&mut self) { /* initialise */
- for i in 0..64 {self.w[i]=0}
- self.length[0]=0; self.length[1]=0;
- self.h[0]=HASH256_H0;
- self.h[1]=HASH256_H1;
- self.h[2]=HASH256_H2;
- self.h[3]=HASH256_H3;
- self.h[4]=HASH256_H4;
- self.h[5]=HASH256_H5;
- self.h[6]=HASH256_H6;
- self.h[7]=HASH256_H7;
- }
-
- pub fn new() -> HASH256 {
- let mut nh=HASH256 {
- length: [0;2],
- h: [0;8],
- w: [0;64]
- };
- nh.init();
- return nh;
- }
-
-/* process a single byte */
- pub fn process(&mut self,byt: u8) { /* process the next message byte */
- let cnt=((self.length[0]/32)%16) as usize;
- self.w[cnt]<<=8;
- self.w[cnt]|=(byt&0xFF) as u32;
- self.length[0]+=8;
- if self.length[0]==0 {self.length[1]+=1; self.length[0]=0}
- if (self.length[0]%512)==0 {self.transform()}
- }
-
-/* process an array of bytes */
- pub fn process_array(&mut self,b: &[u8]) {
- for i in 0..b.len() {self.process((b[i]))}
- }
-
-/* process a 32-bit integer */
- pub fn process_num(&mut self,n: i32) {
- self.process(((n>>24)&0xff) as u8);
- self.process(((n>>16)&0xff) as u8);
- self.process(((n>>8)&0xff) as u8);
- self.process((n&0xff) as u8);
- }
-
-/* Generate 32-byte Hash */
- pub fn hash(&mut self) -> [u8;32] { /* pad message and finish - supply digest */
- let mut digest:[u8;32]=[0;32];
- let len0=self.length[0];
- let len1=self.length[1];
- self.process(0x80);
- while (self.length[0]%512)!=448 {self.process(0)}
- self.w[14]=len1;
- self.w[15]=len0;
- self.transform();
- for i in 0..32 { /* convert to bytes */
- digest[i]=((self.h[i/4]>>(8*(3-i%4))) & 0xff) as u8;
- }
- self.init();
- return digest;
- }
-}
-
-//248d6a61 d20638b8 e5c02693 0c3e6039 a33ce459 64ff2167 f6ecedd4 19db06c1
-/*
-fn main() {
- let s = String::from("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq");
- let test = s.into_bytes();
- let mut sh=HASH256::new();
-
- for i in 0..test.len(){
- sh.process(test[i]);
- }
-
- let digest=sh.hash();
- for i in 0..32 {print!("{:02x}",digest[i])}
-}
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/src/hash384.rs
----------------------------------------------------------------------
diff --git a/version22/rust/src/hash384.rs b/version22/rust/src/hash384.rs
deleted file mode 100644
index 2c8fc6f..0000000
--- a/version22/rust/src/hash384.rs
+++ /dev/null
@@ -1,188 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-const HASH384_H0: u64=0xcbbb9d5dc1059ed8;
-const HASH384_H1: u64=0x629a292a367cd507;
-const HASH384_H2: u64=0x9159015a3070dd17;
-const HASH384_H3: u64=0x152fecd8f70e5939;
-const HASH384_H4: u64=0x67332667ffc00b31;
-const HASH384_H5: u64=0x8eb44a8768581511;
-const HASH384_H6: u64=0xdb0c2e0d64f98fa7;
-const HASH384_H7: u64=0x47b5481dbefa4fa4;
-
-const HASH384_K : [u64;80]=[
- 0x428a2f98d728ae22,0x7137449123ef65cd,0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc,
- 0x3956c25bf348b538,0x59f111f1b605d019,0x923f82a4af194f9b,0xab1c5ed5da6d8118,
- 0xd807aa98a3030242,0x12835b0145706fbe,0x243185be4ee4b28c,0x550c7dc3d5ffb4e2,
- 0x72be5d74f27b896f,0x80deb1fe3b1696b1,0x9bdc06a725c71235,0xc19bf174cf692694,
- 0xe49b69c19ef14ad2,0xefbe4786384f25e3,0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65,
- 0x2de92c6f592b0275,0x4a7484aa6ea6e483,0x5cb0a9dcbd41fbd4,0x76f988da831153b5,
- 0x983e5152ee66dfab,0xa831c66d2db43210,0xb00327c898fb213f,0xbf597fc7beef0ee4,
- 0xc6e00bf33da88fc2,0xd5a79147930aa725,0x06ca6351e003826f,0x142929670a0e6e70,
- 0x27b70a8546d22ffc,0x2e1b21385c26c926,0x4d2c6dfc5ac42aed,0x53380d139d95b3df,
- 0x650a73548baf63de,0x766a0abb3c77b2a8,0x81c2c92e47edaee6,0x92722c851482353b,
- 0xa2bfe8a14cf10364,0xa81a664bbc423001,0xc24b8b70d0f89791,0xc76c51a30654be30,
- 0xd192e819d6ef5218,0xd69906245565a910,0xf40e35855771202a,0x106aa07032bbd1b8,
- 0x19a4c116b8d2d0c8,0x1e376c085141ab53,0x2748774cdf8eeb99,0x34b0bcb5e19b48a8,
- 0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb,0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3,
- 0x748f82ee5defb2fc,0x78a5636f43172f60,0x84c87814a1f0ab72,0x8cc702081a6439ec,
- 0x90befffa23631e28,0xa4506cebde82bde9,0xbef9a3f7b2c67915,0xc67178f2e372532b,
- 0xca273eceea26619c,0xd186b8c721c0c207,0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178,
- 0x06f067aa72176fba,0x0a637dc5a2c898a6,0x113f9804bef90dae,0x1b710b35131c471b,
- 0x28db77f523047d84,0x32caab7b40c72493,0x3c9ebe0a15c9bebc,0x431d67c49c100d4c,
- 0x4cc5d4becb3e42b6,0x597f299cfc657e2a,0x5fcb6fab3ad6faec,0x6c44198c4a475817];
-
-
-pub struct HASH384 {
- length: [u64;2],
- h: [u64;8],
- w: [u64;80]
-}
-
-impl HASH384 {
- fn s(n: u64,x: u64) -> u64 {
- return ((x)>>n) | ((x)<<(64-n));
- }
- fn r(n: u64,x: u64) -> u64 {
- return (x)>>n;
- }
-
- fn ch(x: u64,y: u64,z: u64) -> u64 {
- return (x&y)^(!(x)&z);
- }
-
- fn maj(x: u64,y: u64,z: u64) -> u64 {
- return (x&y)^(x&z)^(y&z);
- }
-
- fn sig0(x: u64) -> u64 {
- return HASH384::s(28,x)^HASH384::s(34,x)^HASH384::s(39,x);
- }
-
- fn sig1(x: u64) -> u64 {
- return HASH384::s(14,x)^HASH384::s(18,x)^HASH384::s(41,x);
- }
-
- fn theta0(x: u64) -> u64 {
- return HASH384::s(1,x)^HASH384::s(8,x)^HASH384::r(7,x);
- }
-
- fn theta1(x: u64) -> u64 {
- return HASH384::s(19,x)^HASH384::s(61,x)^HASH384::r(6,x);
- }
-
- fn transform(&mut self) { /* basic transformation step */
- for j in 16..80 {
- self.w[j]=HASH384::theta1(self.w[j-2])+self.w[j-7]+HASH384::theta0(self.w[j-15])+self.w[j-16];
- }
- let mut a=self.h[0]; let mut b=self.h[1]; let mut c=self.h[2]; let mut d=self.h[3];
- let mut e=self.h[4]; let mut f=self.h[5]; let mut g=self.h[6]; let mut hh=self.h[7];
- for j in 0..80 { /* 64 times - mush it up */
- let t1=hh+HASH384::sig1(e)+HASH384::ch(e,f,g)+HASH384_K[j]+self.w[j];
- let t2=HASH384::sig0(a)+HASH384::maj(a,b,c);
- hh=g; g=f; f=e;
- e=d+t1;
- d=c;
- c=b;
- b=a;
- a=t1+t2 ;
- }
- self.h[0]+=a; self.h[1]+=b; self.h[2]+=c; self.h[3]+=d;
- self.h[4]+=e; self.h[5]+=f; self.h[6]+=g; self.h[7]+=hh;
- }
-
-/* Initialise Hash function */
- pub fn init(&mut self) { /* initialise */
- for i in 0..64 {self.w[i]=0}
- self.length[0]=0; self.length[1]=0;
- self.h[0]=HASH384_H0;
- self.h[1]=HASH384_H1;
- self.h[2]=HASH384_H2;
- self.h[3]=HASH384_H3;
- self.h[4]=HASH384_H4;
- self.h[5]=HASH384_H5;
- self.h[6]=HASH384_H6;
- self.h[7]=HASH384_H7;
- }
-
- pub fn new() -> HASH384 {
- let mut nh=HASH384 {
- length: [0;2],
- h: [0;8],
- w: [0;80]
- };
- nh.init();
- return nh;
- }
-
-/* process a single byte */
- pub fn process(&mut self,byt: u8) { /* process the next message byte */
- let cnt=((self.length[0]/64)%16) as usize;
- self.w[cnt]<<=8;
- self.w[cnt]|=(byt&0xFF) as u64;
- self.length[0]+=8;
- if self.length[0]==0 {self.length[1]+=1; self.length[0]=0}
- if (self.length[0]%1024)==0 {self.transform()}
- }
-
-/* process an array of bytes */
- pub fn process_array(&mut self,b: &[u8]) {
- for i in 0..b.len() {self.process((b[i]))}
- }
-
-/* process a 32-bit integer */
- pub fn process_num(&mut self,n: i32) {
- self.process(((n>>24)&0xff) as u8);
- self.process(((n>>16)&0xff) as u8);
- self.process(((n>>8)&0xff) as u8);
- self.process((n&0xff) as u8);
- }
-
-/* Generate 32-byte Hash */
- pub fn hash(&mut self) -> [u8;48] { /* pad message and finish - supply digest */
- let mut digest:[u8;48]=[0;48];
- let len0=self.length[0];
- let len1=self.length[1];
- self.process(0x80);
- while (self.length[0]%1024)!=896 {self.process(0)}
- self.w[14]=len1;
- self.w[15]=len0;
- self.transform();
- for i in 0..48 { /* convert to bytes */
- digest[i]=((self.h[i/8]>>(8*(7-i%8))) & 0xff) as u8;
- }
- self.init();
- return digest;
- }
-}
-
-//09330c33f71147e8 3d192fc782cd1b47 53111b173b3b05d2 2fa08086e3b0f712 fcc7c71a557e2db9 66c3e9fa91746039
-/*
-fn main() {
- let s = String::from("abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu");
- let test = s.into_bytes();
- let mut sh=HASH384::new();
-
- for i in 0..test.len(){
- sh.process(test[i]);
- }
-
- let digest=sh.hash();
- for i in 0..48 {print!("{:02x}",digest[i])}
-} */
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/src/hash512.rs
----------------------------------------------------------------------
diff --git a/version22/rust/src/hash512.rs b/version22/rust/src/hash512.rs
deleted file mode 100644
index a345781..0000000
--- a/version22/rust/src/hash512.rs
+++ /dev/null
@@ -1,189 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-
-const HASH512_H0: u64=0x6a09e667f3bcc908;
-const HASH512_H1: u64=0xbb67ae8584caa73b;
-const HASH512_H2: u64=0x3c6ef372fe94f82b;
-const HASH512_H3: u64=0xa54ff53a5f1d36f1;
-const HASH512_H4: u64=0x510e527fade682d1;
-const HASH512_H5: u64=0x9b05688c2b3e6c1f;
-const HASH512_H6: u64=0x1f83d9abfb41bd6b;
-const HASH512_H7: u64=0x5be0cd19137e2179;
-
-const HASH512_K : [u64;80]=[
- 0x428a2f98d728ae22,0x7137449123ef65cd,0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc,
- 0x3956c25bf348b538,0x59f111f1b605d019,0x923f82a4af194f9b,0xab1c5ed5da6d8118,
- 0xd807aa98a3030242,0x12835b0145706fbe,0x243185be4ee4b28c,0x550c7dc3d5ffb4e2,
- 0x72be5d74f27b896f,0x80deb1fe3b1696b1,0x9bdc06a725c71235,0xc19bf174cf692694,
- 0xe49b69c19ef14ad2,0xefbe4786384f25e3,0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65,
- 0x2de92c6f592b0275,0x4a7484aa6ea6e483,0x5cb0a9dcbd41fbd4,0x76f988da831153b5,
- 0x983e5152ee66dfab,0xa831c66d2db43210,0xb00327c898fb213f,0xbf597fc7beef0ee4,
- 0xc6e00bf33da88fc2,0xd5a79147930aa725,0x06ca6351e003826f,0x142929670a0e6e70,
- 0x27b70a8546d22ffc,0x2e1b21385c26c926,0x4d2c6dfc5ac42aed,0x53380d139d95b3df,
- 0x650a73548baf63de,0x766a0abb3c77b2a8,0x81c2c92e47edaee6,0x92722c851482353b,
- 0xa2bfe8a14cf10364,0xa81a664bbc423001,0xc24b8b70d0f89791,0xc76c51a30654be30,
- 0xd192e819d6ef5218,0xd69906245565a910,0xf40e35855771202a,0x106aa07032bbd1b8,
- 0x19a4c116b8d2d0c8,0x1e376c085141ab53,0x2748774cdf8eeb99,0x34b0bcb5e19b48a8,
- 0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb,0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3,
- 0x748f82ee5defb2fc,0x78a5636f43172f60,0x84c87814a1f0ab72,0x8cc702081a6439ec,
- 0x90befffa23631e28,0xa4506cebde82bde9,0xbef9a3f7b2c67915,0xc67178f2e372532b,
- 0xca273eceea26619c,0xd186b8c721c0c207,0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178,
- 0x06f067aa72176fba,0x0a637dc5a2c898a6,0x113f9804bef90dae,0x1b710b35131c471b,
- 0x28db77f523047d84,0x32caab7b40c72493,0x3c9ebe0a15c9bebc,0x431d67c49c100d4c,
- 0x4cc5d4becb3e42b6,0x597f299cfc657e2a,0x5fcb6fab3ad6faec,0x6c44198c4a475817];
-
-
-pub struct HASH512 {
- length: [u64;2],
- h: [u64;8],
- w: [u64;80]
-}
-
-impl HASH512 {
- fn s(n: u64,x: u64) -> u64 {
- return ((x)>>n) | ((x)<<(64-n));
- }
- fn r(n: u64,x: u64) -> u64 {
- return (x)>>n;
- }
-
- fn ch(x: u64,y: u64,z: u64) -> u64 {
- return (x&y)^(!(x)&z);
- }
-
- fn maj(x: u64,y: u64,z: u64) -> u64 {
- return (x&y)^(x&z)^(y&z);
- }
-
- fn sig0(x: u64) -> u64 {
- return HASH512::s(28,x)^HASH512::s(34,x)^HASH512::s(39,x);
- }
-
- fn sig1(x: u64) -> u64 {
- return HASH512::s(14,x)^HASH512::s(18,x)^HASH512::s(41,x);
- }
-
- fn theta0(x: u64) -> u64 {
- return HASH512::s(1,x)^HASH512::s(8,x)^HASH512::r(7,x);
- }
-
- fn theta1(x: u64) -> u64 {
- return HASH512::s(19,x)^HASH512::s(61,x)^HASH512::r(6,x);
- }
-
- fn transform(&mut self) { /* basic transformation step */
- for j in 16..80 {
- self.w[j]=HASH512::theta1(self.w[j-2])+self.w[j-7]+HASH512::theta0(self.w[j-15])+self.w[j-16];
- }
- let mut a=self.h[0]; let mut b=self.h[1]; let mut c=self.h[2]; let mut d=self.h[3];
- let mut e=self.h[4]; let mut f=self.h[5]; let mut g=self.h[6]; let mut hh=self.h[7];
- for j in 0..80 { /* 64 times - mush it up */
- let t1=hh+HASH512::sig1(e)+HASH512::ch(e,f,g)+HASH512_K[j]+self.w[j];
- let t2=HASH512::sig0(a)+HASH512::maj(a,b,c);
- hh=g; g=f; f=e;
- e=d+t1;
- d=c;
- c=b;
- b=a;
- a=t1+t2 ;
- }
- self.h[0]+=a; self.h[1]+=b; self.h[2]+=c; self.h[3]+=d;
- self.h[4]+=e; self.h[5]+=f; self.h[6]+=g; self.h[7]+=hh;
- }
-
-/* Initialise Hash function */
- pub fn init(&mut self) { /* initialise */
- for i in 0..64 {self.w[i]=0}
- self.length[0]=0; self.length[1]=0;
- self.h[0]=HASH512_H0;
- self.h[1]=HASH512_H1;
- self.h[2]=HASH512_H2;
- self.h[3]=HASH512_H3;
- self.h[4]=HASH512_H4;
- self.h[5]=HASH512_H5;
- self.h[6]=HASH512_H6;
- self.h[7]=HASH512_H7;
- }
-
- pub fn new() -> HASH512 {
- let mut nh=HASH512 {
- length: [0;2],
- h: [0;8],
- w: [0;80]
- };
- nh.init();
- return nh;
- }
-
-/* process a single byte */
- pub fn process(&mut self,byt: u8) { /* process the next message byte */
- let cnt=((self.length[0]/64)%16) as usize;
- self.w[cnt]<<=8;
- self.w[cnt]|=(byt&0xFF) as u64;
- self.length[0]+=8;
- if self.length[0]==0 {self.length[1]+=1; self.length[0]=0}
- if (self.length[0]%1024)==0 {self.transform()}
- }
-
-/* process an array of bytes */
- pub fn process_array(&mut self,b: &[u8]) {
- for i in 0..b.len() {self.process((b[i]))}
- }
-
-/* process a 32-bit integer */
- pub fn process_num(&mut self,n: i32) {
- self.process(((n>>24)&0xff) as u8);
- self.process(((n>>16)&0xff) as u8);
- self.process(((n>>8)&0xff) as u8);
- self.process((n&0xff) as u8);
- }
-
-/* Generate 32-byte Hash */
- pub fn hash(&mut self) -> [u8;64] { /* pad message and finish - supply digest */
- let mut digest:[u8;64]=[0;64];
- let len0=self.length[0];
- let len1=self.length[1];
- self.process(0x80);
- while (self.length[0]%1024)!=896 {self.process(0)}
- self.w[14]=len1;
- self.w[15]=len0;
- self.transform();
- for i in 0..64 { /* convert to bytes */
- digest[i]=((self.h[i/8]>>(8*(7-i%8))) & 0xff) as u8;
- }
- self.init();
- return digest;
- }
-}
-
-//8e959b75dae313da 8cf4f72814fc143f 8f7779c6eb9f7fa1 7299aeadb6889018 501d289e4900f7e4 331b99dec4b5433a c7d329eeb6dd2654 5e96e55b874be909
-/*
-fn main() {
- let s = String::from("abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu");
- let test = s.into_bytes();
- let mut sh=HASH512::new();
-
- for i in 0..test.len(){
- sh.process(test[i]);
- }
-
- let digest=sh.hash();
- for i in 0..64 {print!("{:02x}",digest[i])}
-} */
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/src/lib.rs
----------------------------------------------------------------------
diff --git a/version22/rust/src/lib.rs b/version22/rust/src/lib.rs
deleted file mode 100644
index db9c412..0000000
--- a/version22/rust/src/lib.rs
+++ /dev/null
@@ -1,36 +0,0 @@
-#![allow(dead_code)]
-#![allow(unused_variables)]
-
-pub mod aes;
-pub mod big;
-pub mod dbig;
-pub mod ecdh;
-pub mod ecp;
-pub mod ecp2;
-pub mod ff;
-pub mod fp;
-pub mod fp2;
-pub mod fp4;
-pub mod fp12;
-pub mod pair;
-pub mod mpin;
-pub mod rand;
-pub mod hash256;
-pub mod hash384;
-pub mod hash512;
-pub mod rsa;
-
-#[cfg(target_pointer_width = "32")]
-#[path = "rom32.rs"]
-pub mod rom;
-
-#[cfg(target_pointer_width = "64")]
-#[path = "rom64.rs"]
-pub mod rom;
-
-#[cfg(test)]
-mod tests {
- #[test]
- fn it_works() {
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/src/mpin.rs
----------------------------------------------------------------------
diff --git a/version22/rust/src/mpin.rs b/version22/rust/src/mpin.rs
deleted file mode 100644
index 8644d1a..0000000
--- a/version22/rust/src/mpin.rs
+++ /dev/null
@@ -1,768 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-use std::time::{SystemTime};
-use std::time::UNIX_EPOCH;
-
-use ecp::ECP;
-use fp2::FP2;
-use ecp2::ECP2;
-use fp4::FP4;
-use fp12::FP12;
-use big::BIG;
-use rand::RAND;
-use hash256::HASH256;
-use hash384::HASH384;
-use hash512::HASH512;
-use pair;
-use rom;
-
-/* MPIN API Functions */
-
-/* Configure mode of operation */
-
-pub const PERMITS:bool=true;
-pub const PINERROR:bool=true;
-pub const FULL: bool=true;
-pub const SINGLE_PASS:bool=false;
-
-pub const EFS: usize=rom::MODBYTES as usize;
-pub const EGS: usize=rom::MODBYTES as usize;
-pub const PAS: usize=16;
-pub const BAD_PARAMS: isize=-11;
-pub const INVALID_POINT: isize=-14;
-pub const WRONG_ORDER: isize=-18;
-pub const BAD_PIN: isize=-19;
-pub const SHA256: usize=32;
-pub const SHA384: usize=48;
-pub const SHA512: usize=64;
-
-/* Configure your PIN here */
-
-pub const MAXPIN: i32=10000; /* PIN less than this */
-pub const PBLEN: i32=14; /* Number of bits in PIN */
-pub const TS: usize=10; /* 10 for 4 digit PIN, 14 for 6-digit PIN - 2^TS/TS approx = sqrt(MAXPIN) */
-pub const TRAP:usize=200; /* 200 for 4 digit PIN, 2000 for 6-digit PIN - approx 2*sqrt(MAXPIN) */
-
-pub const HASH_TYPE: usize=SHA256;
-
-#[allow(non_snake_case)]
-fn hash(sha: usize,c: &mut FP4,U: &mut ECP,r: &mut [u8]) -> bool {
- let mut w:[u8;EFS]=[0;EFS];
- let mut t:[u8;6*EFS]=[0;6*EFS];
-
- c.geta().geta().tobytes(&mut w); for i in 0..EFS {t[i]=w[i]}
- c.geta().getb().tobytes(&mut w); for i in EFS..2*EFS {t[i]=w[i-EFS]}
- c.getb().geta().tobytes(&mut w); for i in 2*EFS..3*EFS {t[i]=w[i-2*EFS]}
- c.getb().getb().tobytes(&mut w); for i in 3*EFS..4*EFS {t[i]=w[i-3*EFS]}
-
- U.getx().tobytes(&mut w); for i in 4*EFS..5*EFS {t[i]=w[i-4*EFS]}
- U.gety().tobytes(&mut w); for i in 5*EFS..6*EFS {t[i]=w[i-5*EFS]}
-
- if sha==SHA256 {
- let mut h=HASH256::new();
- h.process_array(&t);
- let sh=h.hash();
- for i in 0..PAS {r[i]=sh[i]}
- return true;
- }
- if sha==SHA384 {
- let mut h=HASH384::new();
- h.process_array(&t);
- let sh=h.hash();
- for i in 0..PAS {r[i]=sh[i]}
- return true;
- }
- if sha==SHA512 {
- let mut h=HASH512::new();
- h.process_array(&t);
- let sh=h.hash();
- for i in 0..PAS {r[i]=sh[i]}
- return true;
- }
- return false;
-
-}
-
-/* Hash number (optional) and string to point on curve */
-
-fn hashit(sha: usize,n: usize,id: &[u8],w: &mut [u8]) -> bool {
- let mut r:[u8;64]=[0;64];
- let mut didit=false;
- if sha==SHA256 {
- let mut h=HASH256::new();
- if n>0 {h.process_num(n as i32)}
- h.process_array(id);
- let hs=h.hash();
- for i in 0..sha {r[i]=hs[i];}
- didit=true;
- }
- if sha==SHA384 {
- let mut h=HASH384::new();
- if n>0 {h.process_num(n as i32)}
- h.process_array(id);
- let hs=h.hash();
- for i in 0..sha {r[i]=hs[i];}
- didit=true;
- }
- if sha==SHA512 {
- let mut h=HASH512::new();
- if n>0 {h.process_num(n as i32)}
- h.process_array(id);
- let hs=h.hash();
- for i in 0..sha {r[i]=hs[i];}
- didit=true;
- }
- if !didit {return false}
-
- let rm=rom::MODBYTES as usize;
-
- if sha>rm {
- for i in 0..rm {w[i]=r[i]}
- } else {
- for i in 0..sha {w[i]=r[i]}
- for i in sha..rm {w[i]=0}
- }
-
- return true;
-}
-
-#[allow(non_snake_case)]
-fn mapit(h: &[u8]) -> ECP {
- let mut q=BIG::new_ints(&rom::MODULUS);
- let mut x=BIG::frombytes(h);
- x.rmod(&mut q);
- let mut P:ECP;
-
- loop {
- P=ECP::new_bigint(&x,0);
- if !P.is_infinity() {break}
- x.inc(1); x.norm();
- }
- if rom::CURVE_PAIRING_TYPE!=rom::BN_CURVE {
- let mut c=BIG::new_ints(&rom::CURVE_COF);
- P=P.mul(&mut c);
- }
- return P;
-}
-
-/* return time in slots since epoch */
-pub fn today() -> usize {
- return (SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs()/(60*1440)) as usize;
-}
-
-/* these next two functions help to implement elligator squared - http://eprint.iacr.org/2014/043 */
-/* maps a random u to a point on the curve */
-#[allow(non_snake_case)]
-fn emap(u: &BIG,cb: isize) -> ECP {
- let mut P:ECP;
- let mut x=BIG::new_copy(u);
- let mut p=BIG::new_ints(&rom::MODULUS);
- x.rmod(&mut p);
- loop {
- P=ECP::new_bigint(&x,cb);
- if !P.is_infinity() {break}
- x.inc(1); x.norm();
- }
- return P;
-}
-
-/* returns u derived from P. Random value in range 1 to return value should then be added to u */
-#[allow(non_snake_case)]
-fn unmap(u: &mut BIG,P: &mut ECP) -> isize {
- let s=P.gets();
- let mut R:ECP;
- let mut r=0;
- let x=P.getx();
- u.copy(&x);
- loop {
- u.dec(1); u.norm();
- r+=1;
- R=ECP::new_bigint(u,s);
- if !R.is_infinity() {break}
- }
- return r as isize;
-}
-
-pub fn hash_id(sha: usize,id: &[u8],w: &mut [u8]) -> bool {
- return hashit(sha,0,id,w);
-}
-
-/* these next two functions implement elligator squared - http://eprint.iacr.org/2014/043 */
-/* Elliptic curve point E in format (0x04,x,y} is converted to form {0x0-,u,v} */
-/* Note that u and v are indistinguisible from random strings */
-#[allow(non_snake_case)]
-pub fn encoding(rng: &mut RAND,e: &mut [u8]) ->isize {
- let mut t:[u8;EFS]=[0;EFS];
-
- for i in 0..EFS {t[i]=e[i+1]}
- let mut u=BIG::frombytes(&t);
- for i in 0..EFS {t[i]=e[i+EFS+1]}
- let mut v=BIG::frombytes(&t);
-
- let mut P=ECP::new_bigs(&u,&v);
- if P.is_infinity() {return INVALID_POINT}
-
- let p=BIG::new_ints(&rom::MODULUS);
- u=BIG::randomnum(&p,rng);
-
- let mut su=rng.getbyte() as isize; /*if (su<0) su=-su;*/ su%=2;
-
- let mut W=emap(&mut u,su);
- P.sub(&mut W);
- let sv=P.gets();
- let rn=unmap(&mut v,&mut P);
- let mut m=rng.getbyte() as isize; /*if (m<0) m=-m;*/ m%=rn;
- v.inc(m+1);
- e[0]=(su+2*sv) as u8;
- u.tobytes(&mut t);
- for i in 0..EFS {e[i+1]=t[i]}
- v.tobytes(&mut t);
- for i in 0..EFS {e[i+EFS+1]=t[i]}
-
- return 0;
-}
-
-#[allow(non_snake_case)]
-pub fn decoding(d: &mut [u8]) -> isize {
- let mut t:[u8;EFS]=[0;EFS];
-
- if (d[0]&0x04)!=0 {return INVALID_POINT}
-
- for i in 0..EFS {t[i]=d[i+1]}
- let mut u=BIG::frombytes(&t);
- for i in 0..EFS {t[i]=d[i+EFS+1]}
- let mut v=BIG::frombytes(&t);
-
- let su=(d[0]&1) as isize;
- let sv=((d[0]>>1)&1) as isize;
- let mut W=emap(&mut u,su);
- let mut P=emap(&mut v,sv);
- P.add(&mut W);
- u=P.getx();
- v=P.gety();
- d[0]=0x04;
- u.tobytes(&mut t);
- for i in 0..EFS {d[i+1]=t[i]}
- v.tobytes(&mut t);
- for i in 0..EFS {d[i+EFS+1]=t[i]}
-
- return 0;
-}
-
-/* R=R1+R2 in group G1 */
-#[allow(non_snake_case)]
-pub fn recombine_g1(r1: &[u8],r2: &[u8],r: &mut [u8]) -> isize {
- let mut P=ECP::frombytes(&r1);
- let mut Q=ECP::frombytes(&r2);
-
- if P.is_infinity() || Q.is_infinity() {return INVALID_POINT}
-
- P.add(&mut Q);
-
- P.tobytes(r);
- return 0;
-}
-
-/* W=W1+W2 in group G2 */
-#[allow(non_snake_case)]
-pub fn recombine_g2(w1: &[u8],w2: &[u8],w: &mut [u8]) -> isize {
- let mut P=ECP2::frombytes(&w1);
- let mut Q=ECP2::frombytes(&w2);
-
- if P.is_infinity() || Q.is_infinity() {return INVALID_POINT}
-
- P.add(&mut Q);
-
- P.tobytes(w);
- return 0;
-}
-
-/* create random secret S */
-pub fn random_generate(rng: &mut RAND,s: &mut [u8]) -> isize {
- let r=BIG::new_ints(&rom::CURVE_ORDER);
- let mut sc=BIG::randomnum(&r,rng);
- if rom::AES_S>0 {
- sc.mod2m(2*rom::AES_S);
- }
- sc.tobytes(s);
- return 0;
-}
-
-/* Extract Server Secret SST=S*Q where Q is fixed generator in G2 and S is master secret */
-#[allow(non_snake_case)]
-pub fn get_server_secret(s: &[u8],sst: &mut [u8]) -> isize {
-
- let mut Q=ECP2::new_fp2s(&FP2::new_bigs(&BIG::new_ints(&rom::CURVE_PXA),&BIG::new_ints(&rom::CURVE_PXB)),&FP2::new_bigs(&BIG::new_ints(&rom::CURVE_PYA),&BIG::new_ints(&rom::CURVE_PYB)));
-
- let mut sc=BIG::frombytes(s);
- Q=pair::g2mul(&mut Q,&mut sc);
- Q.tobytes(sst);
- return 0;
-}
-
-/*
- W=x*H(G);
- if RNG == NULL then X is passed in
- if RNG != NULL the X is passed out
- if type=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve
-*/
-#[allow(non_snake_case)]
-pub fn get_g1_multiple(rng: Option<&mut RAND>,typ: usize,x: &mut [u8],g: &[u8],w: &mut [u8]) -> isize {
- let mut sx:BIG;
- let r=BIG::new_ints(&rom::CURVE_ORDER);
-
- if let Some(mut rd)=rng
- {
- sx=BIG::randomnum(&r,rd);
- if rom::AES_S>0 {
- sx.mod2m(2*rom::AES_S);
- }
- sx.tobytes(x);
- } else {
- sx=BIG::frombytes(x);
- }
- let mut P:ECP;
-
- if typ==0 {
- P=ECP::frombytes(g);
- if P.is_infinity() {return INVALID_POINT}
- } else {
- P=mapit(g)
- }
-
-
-
- pair::g1mul(&mut P,&mut sx).tobytes(w);
- return 0;
-}
-
-
-/* Client secret CST=S*H(CID) where CID is client ID and S is master secret */
-/* CID is hashed externally */
-pub fn get_client_secret(s: &mut [u8],cid: &[u8],cst: &mut [u8]) -> isize {
- return get_g1_multiple(None,1,s,cid,cst);
-}
-
-/* Extract PIN from TOKEN for identity CID */
-#[allow(non_snake_case)]
-pub fn extract_pin(sha: usize,cid: &[u8],pin: i32,token: &mut [u8]) -> isize {
- let mut P=ECP::frombytes(&token);
- const RM:usize=rom::MODBYTES as usize;
- let mut h:[u8;RM]=[0;RM];
- if P.is_infinity() {return INVALID_POINT}
- hashit(sha,0,cid,&mut h);
- let mut R=mapit(&h);
-
- R=R.pinmul(pin%MAXPIN,PBLEN);
- P.sub(&mut R);
-
- P.tobytes(token);
-
- return 0;
-}
-
-/* Functions to support M-Pin Full */
-#[allow(non_snake_case)]
-pub fn precompute(token: &[u8],cid: &[u8],g1: &mut [u8],g2: &mut [u8]) -> isize {
- let mut T=ECP::frombytes(&token);
- if T.is_infinity() {return INVALID_POINT}
-
- let mut P=mapit(&cid);
-
- let mut Q=ECP2::new_fp2s(&FP2::new_bigs(&BIG::new_ints(&rom::CURVE_PXA),&BIG::new_ints(&rom::CURVE_PXB)),&FP2::new_bigs(&BIG::new_ints(&rom::CURVE_PYA),&BIG::new_ints(&rom::CURVE_PYB)));
-
- let mut g=pair::ate(&mut Q,&mut T);
- g=pair::fexp(&g);
- g.tobytes(g1);
-
- g=pair::ate(&mut Q,&mut P);
- g=pair::fexp(&g);
- g.tobytes(g2);
-
- return 0;
-}
-
-/* Time Permit CTT=S*(date|H(CID)) where S is master secret */
-#[allow(non_snake_case)]
-pub fn get_client_permit(sha: usize,date: usize,s: &[u8],cid: &[u8],ctt: &mut [u8]) ->isize {
- const RM:usize=rom::MODBYTES as usize;
- let mut h:[u8;RM]=[0;RM];
- hashit(sha,date,cid,&mut h);
- let mut P=mapit(&h);
-
- let mut sc=BIG::frombytes(s);
- pair::g1mul(&mut P,&mut sc).tobytes(ctt);
- return 0;
-}
-
-/* Implement step 1 on client side of MPin protocol */
-#[allow(non_snake_case)]
-pub fn client_1(sha: usize,date: usize,client_id: &[u8],rng: Option<&mut RAND>,x: &mut [u8],pin: usize,token: &[u8],sec: &mut [u8],xid: Option<&mut [u8]>,xcid: Option<&mut [u8]>,permit: Option<&[u8]>) ->isize {
- let r=BIG::new_ints(&rom::CURVE_ORDER);
-
- let mut sx:BIG;
-
- if let Some(mut rd)=rng
- {
- sx=BIG::randomnum(&r,rd);
- if rom::AES_S>0 {
- sx.mod2m(2*rom::AES_S);
- }
- sx.tobytes(x);
- } else {
- sx=BIG::frombytes(x);
- }
-
- const RM:usize=rom::MODBYTES as usize;
- let mut h:[u8;RM]=[0;RM];
-
- hashit(sha,0,&client_id,&mut h);
- let mut P=mapit(&h);
-
- let mut T=ECP::frombytes(&token);
- if T.is_infinity() {return INVALID_POINT}
-
- let mut W=P.pinmul((pin as i32)%MAXPIN,PBLEN);
- T.add(&mut W);
- if date!=0 {
- if let Some(rpermit)=permit {W=ECP::frombytes(&rpermit);}
- if W.is_infinity() {return INVALID_POINT}
- T.add(&mut W);
- let mut h2:[u8;RM]=[0;RM];
- hashit(sha,date,&h,&mut h2);
- W=mapit(&h2);
- if let Some(mut rxid)=xid {
- P=pair::g1mul(&mut P,&mut sx);
- P.tobytes(&mut rxid);
- W=pair::g1mul(&mut W,&mut sx);
- P.add(&mut W);
- } else {
- P.add(&mut W);
- P=pair::g1mul(&mut P,&mut sx);
- }
- if let Some(mut rxcid)=xcid {P.tobytes(&mut rxcid)}
- } else {
- if let Some(mut rxid)=xid {
- P=pair::g1mul(&mut P,&mut sx);
- P.tobytes(&mut rxid);
- }
- }
-
- T.tobytes(sec);
- return 0;
-}
-
-/* Outputs H(CID) and H(T|H(CID)) for time permits. If no time permits set HID=HTID */
-#[allow(non_snake_case)]
-pub fn server_1(sha: usize,date: usize,cid: &[u8],hid: &mut [u8],htid: Option<&mut [u8]>) {
- const RM:usize=rom::MODBYTES as usize;
- let mut h:[u8;RM]=[0;RM];
-
- hashit(sha,0,cid,&mut h);
-
- let mut P=mapit(&h);
-
- P.tobytes(hid);
- if date!=0 {
- let mut h2:[u8;RM]=[0;RM];
- hashit(sha,date,&h,&mut h2);
- let mut R=mapit(&h2);
- P.add(&mut R);
- if let Some(rhtid)=htid {P.tobytes(rhtid);}
- }
-}
-
-/* Implement step 2 on client side of MPin protocol */
-#[allow(non_snake_case)]
-pub fn client_2(x: &[u8],y: &[u8],sec: &mut [u8]) -> isize {
- let mut r=BIG::new_ints(&rom::CURVE_ORDER);
- let mut P=ECP::frombytes(sec);
- if P.is_infinity() {return INVALID_POINT}
-
- let mut px=BIG::frombytes(x);
- let py=BIG::frombytes(y);
- px.add(&py);
- px.rmod(&mut r);
- //px.rsub(r)
-
- P=pair::g1mul(&mut P,&mut px);
- P.neg();
- P.tobytes(sec);
-
- return 0;
-}
-
-/* return time since epoch */
-pub fn get_time() -> usize {
- return (SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs()) as usize;
-}
-
-/* Generate Y = H(epoch, xCID/xID) */
-pub fn get_y(sha: usize,timevalue: usize,xcid: &[u8],y: &mut [u8]) {
- const RM:usize=rom::MODBYTES as usize;
- let mut h:[u8;RM]=[0;RM];
-
- hashit(sha,timevalue,xcid,&mut h);
-
- let mut sy= BIG::frombytes(&h);
- let mut q=BIG::new_ints(&rom::CURVE_ORDER);
- sy.rmod(&mut q);
- if rom::AES_S>0 {
- sy.mod2m(2*rom::AES_S);
- }
- sy.tobytes(y);
-}
-
-/* Implement step 2 of MPin protocol on server side */
-#[allow(non_snake_case)]
-pub fn server_2(date: usize,hid: &[u8],htid: Option<&[u8]>,y: &[u8],sst: &[u8],xid: Option<&[u8]>,xcid: Option<&[u8]>,msec: &[u8],e: Option<&mut [u8]>,f: Option<&mut [u8]>) -> isize {
-// q:=NewBIGints(Modulus)
- let mut Q=ECP2::new_fp2s(&FP2::new_bigs(&BIG::new_ints(&rom::CURVE_PXA),&BIG::new_ints(&rom::CURVE_PXB)),&FP2::new_bigs(&BIG::new_ints(&rom::CURVE_PYA),&BIG::new_ints(&rom::CURVE_PYB)));
-
- let mut sQ=ECP2::frombytes(&sst);
- if sQ.is_infinity() {return INVALID_POINT}
-
- let mut R:ECP;
- if date!=0 {
- if let Some(rxcid)=xcid {R=ECP::frombytes(&rxcid);}
- else {return BAD_PARAMS}
- } else {
- if let Some(rxid)=xid {R=ECP::frombytes(&rxid)}
- else {return BAD_PARAMS}
- }
- if R.is_infinity() {return INVALID_POINT}
-
- let mut sy=BIG::frombytes(&y);
- let mut P:ECP;
- if date!=0 {
- if let Some(rhtid)=htid {P=ECP::frombytes(&rhtid)}
- else {return BAD_PARAMS}
- } else {
- P=ECP::frombytes(&hid);
- }
-
- if P.is_infinity() {return INVALID_POINT}
-
- P=pair::g1mul(&mut P,&mut sy);
- P.add(&mut R);
- R=ECP::frombytes(&msec);
- if R.is_infinity() {return INVALID_POINT}
-
- let mut g:FP12;
-// FP12 g1=new FP12(0);
-
- g=pair::ate2(&mut Q,&mut R,&mut sQ,&mut P);
- g=pair::fexp(&g);
-
- if !g.isunity() {
-
- if let Some(rxid)=xid {
- if let Some(re)=e {
- if let Some(rf)=f {
-
- g.tobytes(re);
- if date!=0 {
- P=ECP::frombytes(&hid);
- if P.is_infinity() {return INVALID_POINT}
- R=ECP::frombytes(&rxid);
- if R.is_infinity() {return INVALID_POINT}
- P=pair::g1mul(&mut P,&mut sy);
- P.add(&mut R);
- }
- g=pair::ate(&mut Q,&mut P);
- g=pair::fexp(&g);
- g.tobytes(rf);
-
- }
- }
- }
-
- return BAD_PIN;
- }
-
- return 0;
-}
-
-/* Pollards kangaroos used to return PIN error */
-pub fn kangaroo(e: &[u8],f: &[u8]) -> isize {
- let mut ge=FP12::frombytes(e);
- let mut gf=FP12::frombytes(f);
- let mut distance: [isize;TS]=[0;TS];
- let mut t=FP12::new_copy(&gf);
-
- let mut table: [FP12;TS]=[FP12::new();TS];
- let mut s:isize=1;
- for m in 0..TS {
- distance[m]=s;
- table[m]=FP12::new_copy(&t);
- s*=2;
- t.usqr();
- }
- t.one();
- let mut dn:isize=0;
- let mut i:usize;
- for _ in 0..TRAP {
- i=(t.geta().geta().geta().lastbits(20)%(TS as isize)) as usize;
- t.mul(&mut table[i]);
- dn+=distance[i];
- }
- gf.copy(&t); gf.conj();
- let mut steps:usize=0; let mut dm:isize=0;
- let mut res:isize=0;
- while dm-dn<MAXPIN as isize {
- steps+=1;
- if steps>4*TRAP {break}
- i=(ge.geta().geta().geta().lastbits(20)%(TS as isize)) as usize;
- ge.mul(&mut table[i]);
- dm+=distance[i];
- if ge.equals(&mut t) {
- res=dm-dn;
- break;
- }
- if ge.equals(&mut gf) {
- res=dn-dm;
- break;
- }
-
- }
- if steps>4*TRAP || dm-dn>=MAXPIN as isize {res=0 } // Trap Failed - probable invalid token
- return res;
-}
-
-/* Hash the M-Pin transcript - new */
-
-pub fn hash_all(sha: usize,hid: &[u8],xid: &[u8],xcid: Option<&[u8]>,sec: &[u8],y: &[u8],r: &[u8],w: &[u8],h: &mut[u8]) -> bool {
- let mut tlen:usize=0;
- const RM:usize=rom::MODBYTES as usize;
- let mut t: [u8;10*RM+4]=[0;10*RM+4];
-
- for i in 0 .. hid.len() {t[i]=hid[i]}
- tlen+=hid.len();
-
- if let Some(rxcid)=xcid {
- for i in 0..rxcid.len() {t[i+tlen]=rxcid[i]}
- tlen+=rxcid.len();
- } else {
- for i in 0..xid.len() {t[i+tlen]=xid[i]}
- tlen+=xid.len();
- }
-
- for i in 0..sec.len() {t[i+tlen]=sec[i]}
- tlen+=sec.len();
- for i in 0..y.len() {t[i+tlen]=y[i]}
- tlen+=y.len();
- for i in 0..r.len() {t[i+tlen]=r[i]}
- tlen+=r.len();
- for i in 0..w.len() {t[i+tlen]=w[i]}
- tlen+=w.len();
- if tlen!=10*RM+4 {return false}
-
- return hashit(sha,0,&t,h);
-}
-
-/* calculate common key on client side */
-/* wCID = w.(A+AT) */
-#[allow(non_snake_case)]
-pub fn client_key(sha: usize,g1: &[u8],g2: &[u8],pin: usize,r: &[u8],x: &[u8],h: &[u8],wcid: &[u8],ck: &mut [u8]) -> isize {
-
- let mut g1=FP12::frombytes(&g1);
- let mut g2=FP12::frombytes(&g2);
- let mut z=BIG::frombytes(&r);
- let mut x=BIG::frombytes(&x);
- let h=BIG::frombytes(&h);
-
- let mut W=ECP::frombytes(&wcid);
- if W.is_infinity() {return INVALID_POINT}
-
- W=pair::g1mul(&mut W,&mut x);
-
- let mut f=FP2::new_bigs(&BIG::new_ints(&rom::CURVE_FRA),&BIG::new_ints(&rom::CURVE_FRB));
- let mut r=BIG::new_ints(&rom::CURVE_ORDER);
- let q=BIG::new_ints(&rom::MODULUS);
-
- z.add(&h); //new
- z.rmod(&mut r);
-
- let mut m=BIG::new_copy(&q);
- m.rmod(&mut r);
-
- let mut a=BIG::new_copy(&z);
- a.rmod(&mut m);
-
- let mut b=BIG::new_copy(&z);
- b.div(&mut m);
-
- g2.pinpow(pin as i32,PBLEN);
- g1.mul(&mut g2);
-
- let mut c=g1.trace();
- g2.copy(&g1);
- g2.frob(&mut f);
- let cp=g2.trace();
- g1.conj();
- g2.mul(&mut g1);
- let cpm1=g2.trace();
- g2.mul(&mut g1);
- let cpm2=g2.trace();
-
- c=c.xtr_pow2(&cp,&cpm1,&cpm2,&mut a,&mut b);
-
- hash(sha,&mut c,&mut W,ck);
-
- return 0
-}
-
-/* calculate common key on server side */
-/* Z=r.A - no time permits involved */
-#[allow(non_snake_case)]
-pub fn server_key(sha: usize,z: &[u8],sst: &[u8],w: &[u8],h: &[u8],hid: &[u8],xid: &[u8],xcid: Option<&[u8]>,sk: &mut [u8]) -> isize {
- let mut sQ=ECP2::frombytes(&sst);
- if sQ.is_infinity() {return INVALID_POINT}
- let mut R=ECP::frombytes(&z);
- if R.is_infinity() {return INVALID_POINT}
- let mut A=ECP::frombytes(&hid);
- if A.is_infinity() {return INVALID_POINT}
-
- let mut U=ECP::new();
- if let Some(rxcid)=xcid {
- U.copy(&ECP::frombytes(&rxcid));
- } else {
- U.copy(&ECP::frombytes(&xid));
- }
-
- if U.is_infinity() {return INVALID_POINT}
-
- let mut w=BIG::frombytes(&w);
- let mut h=BIG::frombytes(&h);
- A=pair::g1mul(&mut A,&mut h); // new
- R.add(&mut A);
-
- U=pair::g1mul(&mut U,&mut w);
- let mut g=pair::ate(&mut sQ,&mut R);
- g=pair::fexp(&g);
-
- let mut c=g.trace();
-
- hash(sha,&mut c,&mut U,sk);
-
- return 0
-}
-
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/src/pair.rs
----------------------------------------------------------------------
diff --git a/version22/rust/src/pair.rs b/version22/rust/src/pair.rs
deleted file mode 100644
index 9e162db..0000000
--- a/version22/rust/src/pair.rs
+++ /dev/null
@@ -1,674 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-//mod fp;
-use fp::FP;
-//mod ecp;
-use ecp::ECP;
-//mod fp2;
-use fp2::FP2;
-//mod ecp2;
-use ecp2::ECP2;
-//mod fp4;
-use fp4::FP4;
-//mod fp12;
-use fp12::FP12;
-//mod big;
-use big::BIG;
-//mod dbig;
-use dbig::DBIG;
-//mod rand;
-//mod hash256;
-//mod rom;
-use rom;
-
-#[allow(non_snake_case)]
-
-fn linedbl(A: &mut ECP2,qx: &mut FP,qy: &mut FP) -> FP12 {
- let mut P=ECP2::new();
-
- P.copy(A);
- let mut zz=FP2::new_copy(&P.getpz());
- zz.sqr();
- let d=A.dbl();
-
- if d<0 {return FP12::new_int(1)}
-
- let mut z3=FP2::new_copy(&A.getpz());
- let mut a=FP4::new();
- let mut b=FP4::new();
- let c=FP4::new();
-
- let mut x=FP2::new_copy(&P.getpx());
- let mut y=FP2::new_copy(&P.getpy());
- let mut t=FP2::new_copy(&P.getpx());
- t.sqr();
- t.imul(3);
-
- y.sqr();
- y.dbl();
- z3.mul(&mut zz);
- z3.pmul(qy);
-
- x.mul(&mut t);
- x.sub(&y);
- a.copy(&FP4::new_fp2s(&z3,&x));
- t.neg();
- zz.mul(&mut t);
- zz.pmul(qx);
- b.copy(&FP4::new_fp2(&zz));
-
- return FP12::new_fp4s(&a,&b,&c);
-}
-
-#[allow(non_snake_case)]
-fn lineadd(A: &mut ECP2,B: &mut ECP2,qx: &mut FP,qy: &mut FP) -> FP12 {
-
- let mut P=ECP2::new();
-
- P.copy(A);
- let mut zz=FP2::new_copy(&P.getpz());
- zz.sqr();
-
- let d=A.add(B);
- if d<0 {return FP12::new_int(1)}
-
- let mut z3=FP2::new_copy(&A.getpz());
- let mut a=FP4::new();
- let mut b=FP4::new();
- let c=FP4::new();
-
- if d==0 { /* Addition */
- let mut x=FP2::new_copy(&B.getpx());
- let mut y=FP2::new_copy(&B.getpy());
- let mut t=FP2::new_copy(&P.getpz());
- t.mul(&mut y);
- zz.mul(&mut t);
-
- let mut ny=FP2::new_copy(&P.getpy()); ny.neg();
- zz.add(&ny);
- z3.pmul(qy);
- t.mul(&mut P.getpx());
- x.mul(&mut ny);
- t.add(&x);
- a.copy(&FP4::new_fp2s(&z3,&t));
- zz.neg();
- zz.pmul(qx);
- b.copy(&FP4::new_fp2(&zz));
- } else { /* Doubling */
- let mut x=FP2::new_copy(&P.getpx());
- let mut y=FP2::new_copy(&P.getpy());
- let mut t=FP2::new_copy(&P.getpx());
- t.sqr();
- t.imul(3);
-
- y.sqr();
- y.dbl();
- z3.mul(&mut zz);
- z3.pmul(qy);
-
- x.mul(&mut t);
- x.sub(&y);
- a.copy(&FP4::new_fp2s(&z3,&x));
- t.neg();
- zz.mul(&mut t);
- zz.pmul(qx);
- b.copy(&FP4::new_fp2(&zz));
- }
- return FP12::new_fp4s(&a,&b,&c);
-}
-
-#[allow(non_snake_case)]
-/* Optimal R-ate pairing */
-pub fn ate(P: & mut ECP2,Q: &mut ECP) -> FP12 {
- let mut f = FP2::new_bigs(&BIG::new_ints(&rom::CURVE_FRA),&BIG::new_ints(&rom::CURVE_FRB));
- let x = BIG::new_ints(&rom::CURVE_BNX);
- let mut n = BIG::new_copy(&x);
- let mut K = ECP2::new();
-
-
- if rom::CURVE_PAIRING_TYPE == rom::BN_CURVE {
- n.pmul(6); n.dec(2);
- } else {n.copy(&x)}
-
- n.norm();
- P.affine();
- Q.affine();
- let mut qx=FP::new_copy(&Q.getpx());
- let mut qy=FP::new_copy(&Q.getpy());
-
- let mut A=ECP2::new();
- let mut r=FP12::new_int(1);
-
- A.copy(&P);
- let nb=n.nbits();
-
- for i in (1..nb-1).rev() {
- let mut lv=linedbl(&mut A,&mut qx,&mut qy);
- r.smul(&mut lv);
- if n.bit(i)==1 {
-
- lv=lineadd(&mut A,P,&mut qx,&mut qy);
-
- r.smul(&mut lv);
- }
- r.sqr();
- }
-
- let mut lv=linedbl(&mut A,&mut qx,&mut qy);
- r.smul(&mut lv);
-
- if n.parity()==1 {
- lv=lineadd(&mut A,P,&mut qx,&mut qy);
- r.smul(&mut lv);
- }
-
-/* R-ate fixup required for BN curves */
-
- if rom::CURVE_PAIRING_TYPE == rom::BN_CURVE {
- r.conj();
- K.copy(&P);
- K.frob(&mut f);
- A.neg();
- lv=lineadd(&mut A,&mut K,&mut qx,&mut qy);
- r.smul(&mut lv);
- K.frob(&mut f);
- K.neg();
- lv=lineadd(&mut A,&mut K,&mut qx,&mut qy);
- r.smul(&mut lv);
- }
-
- return r;
-}
-
-#[allow(non_snake_case)]
-/* Optimal R-ate double pairing e(P,Q).e(R,S) */
-pub fn ate2(P: &mut ECP2,Q: &mut ECP,R: &mut ECP2,S: &mut ECP) -> FP12 {
- let mut f = FP2::new_bigs(&BIG::new_ints(&rom::CURVE_FRA),&BIG::new_ints(&rom::CURVE_FRB));
- let x = BIG::new_ints(&rom::CURVE_BNX);
- let mut n = BIG::new_copy(&x);
- let mut K = ECP2::new();
-
-
- if rom::CURVE_PAIRING_TYPE == rom::BN_CURVE {
- n.pmul(6); n.dec(2);
- } else {n.copy(&x)}
-
- n.norm();
- P.affine();
- Q.affine();
- R.affine();
- S.affine();
-
- let mut qx=FP::new_copy(&Q.getpx());
- let mut qy=FP::new_copy(&Q.getpy());
-
- let mut sx=FP::new_copy(&S.getpx());
- let mut sy=FP::new_copy(&S.getpy());
-
- let mut A=ECP2::new();
- let mut B=ECP2::new();
- let mut r=FP12::new_int(1);
-
- A.copy(&P);
- B.copy(&R);
- let nb=n.nbits();
-
- for i in (1..nb-1).rev() {
- let mut lv=linedbl(&mut A,&mut qx,&mut qy);
- r.smul(&mut lv);
- lv=linedbl(&mut B,&mut sx,&mut sy);
- r.smul(&mut lv);
-
- if n.bit(i)==1 {
- lv=lineadd(&mut A,P,&mut qx,&mut qy);
- r.smul(&mut lv);
- lv=lineadd(&mut B,R,&mut sx,&mut sy);
- r.smul(&mut lv);
- }
- r.sqr();
- }
-
- let mut lv=linedbl(&mut A,&mut qx,&mut qy);
- r.smul(&mut lv);
- lv=linedbl(&mut B,&mut sx,&mut sy);
- r.smul(&mut lv);
- if n.parity()==1 {
- lv=lineadd(&mut A,P,&mut qx,&mut qy);
- r.smul(&mut lv);
- lv=lineadd(&mut B,R,&mut sx,&mut sy);
- r.smul(&mut lv);
- }
-
-/* R-ate fixup */
- if rom::CURVE_PAIRING_TYPE == rom::BN_CURVE {
- r.conj();
- K.copy(&P);
- K.frob(&mut f);
- A.neg();
- lv=lineadd(&mut A,&mut K,&mut qx,&mut qy);
- r.smul(&mut lv);
- K.frob(&mut f);
- K.neg();
- lv=lineadd(&mut A,&mut K,&mut qx,&mut qy);
- r.smul(&mut lv);
-
- K.copy(&R);
- K.frob(&mut f);
- B.neg();
- lv=lineadd(&mut B,&mut K,&mut sx,&mut sy);
- r.smul(&mut lv);
- K.frob(&mut f);
- K.neg();
- lv=lineadd(&mut B,&mut K,&mut sx,&mut sy);
- r.smul(&mut lv);
- }
-
- return r;
-}
-
-/* final exponentiation - keep separate for multi-pairings and to avoid thrashing stack */
-pub fn fexp(m: &FP12) -> FP12 {
- let mut f = FP2::new_bigs(&BIG::new_ints(&rom::CURVE_FRA),&BIG::new_ints(&rom::CURVE_FRB));
- let mut x = BIG::new_ints(&rom::CURVE_BNX);
- let mut r=FP12::new_copy(m);
-
-/* Easy part of final exp */
- let mut lv=FP12::new_copy(&r);
- lv.inverse();
- r.conj();
-
- r.mul(&mut lv);
- lv.copy(&r);
- r.frob(&mut f);
- r.frob(&mut f);
- r.mul(&mut lv);
-/* Hard part of final exp */
- if rom::CURVE_PAIRING_TYPE == rom::BN_CURVE {
- lv.copy(&r);
- lv.frob(&mut f);
- let mut x0=FP12::new_copy(&lv);
- x0.frob(&mut f);
- lv.mul(&mut r);
- x0.mul(&mut lv);
- x0.frob(&mut f);
- let mut x1=FP12::new_copy(&r);
- x1.conj();
- let mut x4=r.pow(&mut x);
-
- let mut x3=FP12::new_copy(&x4);
- x3.frob(&mut f);
-
- let mut x2=x4.pow(&mut x);
-
- let mut x5=FP12::new_copy(&x2); x5.conj();
- lv=x2.pow(&mut x);
-
- x2.frob(&mut f);
- r.copy(&x2); r.conj();
-
- x4.mul(&mut r);
- x2.frob(&mut f);
-
- r.copy(&lv);
- r.frob(&mut f);
- lv.mul(&mut r);
-
- lv.usqr();
- lv.mul(&mut x4);
- lv.mul(&mut x5);
- r.copy(&x3);
- r.mul(&mut x5);
- r.mul(&mut lv);
- lv.mul(&mut x2);
- r.usqr();
- r.mul(&mut lv);
- r.usqr();
- lv.copy(&r);
- lv.mul(&mut x1);
- r.mul(&mut x0);
- lv.usqr();
- r.mul(&mut lv);
- r.reduce();
- } else {
-
-// Ghamman & Fouotsa Method
-
- let mut y0=FP12::new_copy(&r); y0.usqr();
- let mut y1=y0.pow(&mut x);
- x.fshr(1); let mut y2=y1.pow(&mut x); x.fshl(1);
- let mut y3=FP12::new_copy(&r); y3.conj();
- y1.mul(&mut y3);
-
- y1.conj();
- y1.mul(&mut y2);
-
- y2=y1.pow(&mut x);
-
- y3=y2.pow(&mut x);
- y1.conj();
- y3.mul(&mut y1);
-
- y1.conj();
- y1.frob(&mut f); y1.frob(&mut f); y1.frob(&mut f);
- y2.frob(&mut f); y2.frob(&mut f);
- y1.mul(&mut y2);
-
- y2=y3.pow(&mut x);
- y2.mul(&mut y0);
- y2.mul(&mut r);
-
- y1.mul(&mut y2);
- y2.copy(&y3); y2.frob(&mut f);
- y1.mul(&mut y2);
- r.copy(&y1);
- r.reduce();
-
-
-/*
- let mut x0=FP12::new_copy(&r);
- let mut x1=FP12::new_copy(&r);
- lv.copy(&r); lv.frob(&mut f);
- let mut x3=FP12::new_copy(&lv); x3.conj(); x1.mul(&mut x3);
- lv.frob(&mut f); lv.frob(&mut f);
- x1.mul(&mut lv);
-
- r=r.pow(&mut x); //r=r.pow(x);
- x3.copy(&r); x3.conj(); x1.mul(&mut x3);
- lv.copy(&r); lv.frob(&mut f);
- x0.mul(&mut lv);
- lv.frob(&mut f);
- x1.mul(&mut lv);
- lv.frob(&mut f);
- x3.copy(&lv); x3.conj(); x0.mul(&mut x3);
-
- r=r.pow(&mut x);
- x0.mul(&mut r);
- lv.copy(&r); lv.frob(&mut f); lv.frob(&mut f);
- x3.copy(&lv); x3.conj(); x0.mul(&mut x3);
- lv.frob(&mut f);
- x1.mul(&mut lv);
-
- r=r.pow(&mut x);
- lv.copy(&r); lv.frob(&mut f);
- x3.copy(&lv); x3.conj(); x0.mul(&mut x3);
- lv.frob(&mut f);
- x1.mul(&mut lv);
-
- r=r.pow(&mut x);
- x3.copy(&r); x3.conj(); x0.mul(&mut x3);
- lv.copy(&r); lv.frob(&mut f);
- x1.mul(&mut lv);
-
- r=r.pow(&mut x);
- x1.mul(&mut r);
-
- x0.usqr();
- x0.mul(&mut x1);
- r.copy(&x0);
- r.reduce(); */
- }
- return r;
-}
-
-#[allow(non_snake_case)]
-/* GLV method */
-fn glv(e: &mut BIG) -> [BIG;2] {
- let mut u:[BIG;2]=[BIG::new(),BIG::new()];
- if rom::CURVE_PAIRING_TYPE == rom::BN_CURVE {
- let mut t=BIG::new();
- let q=BIG::new_ints(&rom::CURVE_ORDER);
- let mut v:[BIG;2]=[BIG::new(),BIG::new()];
-
- for i in 0..2 {
- t.copy(&BIG::new_ints(&rom::CURVE_W[i])); // why not just t=new BIG(ROM.CURVE_W[i]);
- let mut d:DBIG = BIG::mul(&mut t,e);
- v[i].copy(&d.div(&q));
- }
- u[0].copy(&e);
- for i in 0..2 {
- for j in 0..2 {
- t=BIG::new_ints(&rom::CURVE_SB[j][i]);
- t=BIG::modmul(&mut v[j],&mut t,&q);
- u[i].add(&q);
- u[i].sub(&t);
- u[i].rmod(&q);
- }
- }
- } else {
- let q=BIG::new_ints(&rom::CURVE_ORDER);
- let x=BIG::new_ints(&rom::CURVE_BNX);
- let x2=BIG::smul(&x,&x);
- u[0].copy(&e);
- u[0].rmod(&x2);
- u[1].copy(&e);
- u[1].div(&x2);
- u[1].rsub(&q);
- }
- return u;
-}
-
-#[allow(non_snake_case)]
-/* Galbraith & Scott Method */
-pub fn gs(e: &mut BIG) -> [BIG;4] {
- let mut u:[BIG;4]=[BIG::new(),BIG::new(),BIG::new(),BIG::new()];
- if rom::CURVE_PAIRING_TYPE == rom::BN_CURVE {
- let mut t=BIG::new();
- let q=BIG::new_ints(&rom::CURVE_ORDER);
-
- let mut v:[BIG;4]=[BIG::new(),BIG::new(),BIG::new(),BIG::new()];
- for i in 0..4 {
- t.copy(&BIG::new_ints(&rom::CURVE_WB[i]));
- let mut d:DBIG=BIG::mul(&mut t,e);
- v[i].copy(&d.div(&q));
- }
- u[0].copy(&e);
- for i in 0..4 {
- for j in 0..4 {
- t=BIG::new_ints(&rom::CURVE_BB[j][i]);
- t=BIG::modmul(&mut v[j],&mut t,&q);
- u[i].add(&q);
- u[i].sub(&t);
- u[i].rmod(&q);
- }
- }
- } else {
- let x=BIG::new_ints(&rom::CURVE_BNX);
- let mut w=BIG::new_copy(&e);
- for i in 0..4 {
- u[i].copy(&w);
- u[i].rmod(&x);
- w.div(&x);
- }
- }
- return u;
-}
-
-#[allow(non_snake_case)]
-/* Multiply P by e in group G1 */
-pub fn g1mul(P: &mut ECP,e: &mut BIG) -> ECP {
- let mut R=ECP::new();
- if rom::USE_GLV {
- P.affine();
- R.copy(P);
- let mut Q=ECP::new();
- Q.copy(P);
- let q=BIG::new_ints(&rom::CURVE_ORDER);
- let mut cru=FP::new_big(&BIG::new_ints(&rom::CURVE_CRU));
- let mut u=glv(e);
- Q.mulx(&mut cru);
-
- let mut np=u[0].nbits();
- let mut t:BIG=BIG::modneg(&mut u[0],&q);
- let mut nn=t.nbits();
- if nn<np {
- u[0].copy(&t);
- R.neg();
- }
-
- np=u[1].nbits();
- t=BIG::modneg(&mut u[1],&q);
- nn=t.nbits();
- if nn<np {
- u[1].copy(&t);
- Q.neg();
- }
-
- R=R.mul2(&u[0],&mut Q,&u[1]);
-
- } else {
- R=P.mul(e);
- }
- return R;
-}
-
-#[allow(non_snake_case)]
-/* Multiply P by e in group G2 */
-pub fn g2mul(P: &mut ECP2,e: &mut BIG) -> ECP2 {
- let mut R=ECP2::new();
- if rom::USE_GS_G2 {
- let mut Q:[ECP2;4]=[ECP2::new(),ECP2::new(),ECP2::new(),ECP2::new()];
- let mut f = FP2::new_bigs(&BIG::new_ints(&rom::CURVE_FRA),&BIG::new_ints(&rom::CURVE_FRB));
- let q=BIG::new_ints(&rom::CURVE_ORDER);
- let mut u=gs(e);
- let mut T=ECP2::new();
-
- let mut t=BIG::new();
- P.affine();
- Q[0].copy(&P);
- for i in 1..4 {
- T.copy(&Q[i-1]);
- Q[i].copy(&T);
- Q[i].frob(&mut f);
- }
- for i in 0..4 {
- let np=u[i].nbits();
- t.copy(&BIG::modneg(&mut u[i],&q));
- let nn=t.nbits();
- if nn<np {
- u[i].copy(&t);
- Q[i].neg();
- }
- }
-
- R.copy(&ECP2::mul4(&mut Q,&u));
-
- } else {
- R.copy(&P.mul(e));
- }
- return R;
-}
-
-/* f=f^e */
-/* Note that this method requires a lot of RAM! Better to use compressed XTR method, see FP4.java */
-pub fn gtpow(d: &mut FP12,e: &mut BIG) -> FP12 {
- let mut r=FP12::new();
- if rom::USE_GS_GT {
- let mut g:[FP12;4]=[FP12::new(),FP12::new(),FP12::new(),FP12::new()];
- let mut f = FP2::new_bigs(&BIG::new_ints(&rom::CURVE_FRA),&BIG::new_ints(&rom::CURVE_FRB));
- let q=BIG::new_ints(&rom::CURVE_ORDER);
- let mut t=BIG::new();
- let mut u=gs(e);
- let mut w=FP12::new();
-
- g[0].copy(&d);
- for i in 1..4 {
- w.copy(&g[i-1]);
- g[i].copy(&w);
- g[i].frob(&mut f);
- }
- for i in 0..4 {
- let np=u[i].nbits();
- t.copy(&BIG::modneg(&mut u[i],&q));
- let nn=t.nbits();
- if nn<np {
- u[i].copy(&t);
- g[i].conj();
- }
- }
- r.copy(&FP12::pow4(&mut g,&u));
- } else {
- r.copy(&d.pow(e));
- }
- return r;
-}
-
-/*
-#[allow(non_snake_case)]
-fn main()
-{
- let mut Q=ECP::new_bigs(&BIG::new_ints(&rom::CURVE_GX),&BIG::new_ints(&rom::CURVE_GY));
- let mut P=ECP2::new_fp2s(&FP2::new_bigs(&BIG::new_ints(&rom::CURVE_PXA),&BIG::new_ints(&rom::CURVE_PXB)),&FP2::new_bigs(&BIG::new_ints(&rom::CURVE_PYA),&BIG::new_ints(&rom::CURVE_PYB)));
-
- let mut r=BIG::new_ints(&rom::CURVE_ORDER);
-
- println!("P= {}",P.tostring());
- println!("Q= {}",Q.tostring());
-
- //m:=NewBIGint(17)
-
- let mut e=ate(&mut P,&mut Q);
- println!("\ne= {}",e.tostring());
-
- e=fexp(&e);
-
- for i in 1..10 {
- e=ate(&mut P,&mut Q);
- e=fexp(&e);
- }
-
-
- // e=GTpow(e,m);
-
- println!("\ne= {}",e.tostring());
-
-
- fmt.Printf("\n");
- GLV:=glv(r)
-
- fmt.Printf("GLV[0]= "+GLV[0].toString())
- fmt.Printf("\n")
-
- fmt.Printf("GLV[0]= "+GLV[1].toString())
- fmt.Printf("\n")
-
- G:=NewECP(); G.copy(Q)
- R:=NewECP2(); R.copy(P)
-
-
- e=ate(R,Q)
- e=fexp(e)
-
- e=GTpow(e,xa)
- fmt.Printf("\ne= "+e.toString());
- fmt.Printf("\n")
-
- R=G2mul(R,xa)
- e=ate(R,G)
- e=fexp(e)
-
- fmt.Printf("\ne= "+e.toString())
- fmt.Printf("\n")
-
- G=G1mul(G,xa)
- e=ate(P,G)
- e=fexp(e)
- fmt.Printf("\ne= "+e.toString())
- fmt.Printf("\n")
-}*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/src/rand.rs
----------------------------------------------------------------------
diff --git a/version22/rust/src/rand.rs b/version22/rust/src/rand.rs
deleted file mode 100644
index 5cf79ac..0000000
--- a/version22/rust/src/rand.rs
+++ /dev/null
@@ -1,147 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-//mod hash256;
-
-use hash256::HASH256;
-
-const RAND_NK: usize=21;
-const RAND_NJ: usize=6;
-const RAND_NV: usize=8;
-
-pub struct RAND {
- ira: [u32;RAND_NK], /* random number... */
- rndptr: usize,
- borrow: u32,
- pool_ptr: usize,
- pool: [u8;32]
-}
-
-impl RAND {
-
- pub fn new() -> RAND {
- RAND {
- ira: [0;RAND_NK],
- rndptr:0,
- borrow: 0,
- pool_ptr:0,
- pool:[0;32]
- }
- }
-
- pub fn clean(&mut self) {
- self.pool_ptr=0; self.rndptr=0;
- for i in 0..32 {self.pool[i]=0}
- for i in 0..RAND_NK {self.ira[i]=0}
- self.borrow=0;
- }
-
- fn sbrand(&mut self) -> u32 { /* Marsaglia & Zaman random number generator */
- self.rndptr+=1;
- if self.rndptr<RAND_NK {return self.ira[self.rndptr]}
- self.rndptr=0;
- let mut k=RAND_NK-RAND_NJ;
- for i in 0..RAND_NK { /* calculate next NK values */
- if k==RAND_NK {k=0}
- let t=self.ira[k];
- let pdiff=t.wrapping_sub(self.ira[i]).wrapping_sub(self.borrow);
- if pdiff<t {self.borrow=0}
- if pdiff>t {self.borrow=1}
- self.ira[i]=pdiff;
- k+=1;
- }
- return self.ira[0];
- }
-
- fn sirand(&mut self,seed: u32) {
- let mut m: u32=1;
- let mut sd=seed;
- self.borrow=0;
- self.rndptr=0;
- self.ira[0]^=sd;
- for i in 1..RAND_NK { /* fill initialisation vector */
- let inn=(RAND_NV*i)%RAND_NK;
- self.ira[inn]^=m; /* note XOR */
- let t=m;
- m=sd.wrapping_sub(m);
- sd=t;
- }
- for _ in 0..10000 {self.sbrand();} /* "warm-up" & stir the generator */
- }
-
- fn fill_pool(&mut self) {
- let mut sh=HASH256::new();
- for _ in 0..128 {sh.process((self.sbrand()&0xff) as u8)}
- let w=sh.hash();
- for i in 0..32 {self.pool[i]=w[i]}
- self.pool_ptr=0;
- }
-
- fn pack(b: [u8;4]) -> u32 { /* pack 4 bytes into a 32-bit Word */
- return ((((b[3] as u32))&0xff)<<24)|(((b[2] as u32)&0xff)<<16)|(((b[1] as u32)&0xff)<<8)|((b[0] as u32)&0xff);
- }
-
-/* Initialize RNG with some real entropy from some external source */
- pub fn seed(&mut self,rawlen: usize,raw: &[u8]) { /* initialise from at least 128 byte string of raw random entropy */
- let mut b: [u8;4]=[0;4];
- let mut sh=HASH256::new();
- self.pool_ptr=0;
-
- for i in 0..RAND_NK {self.ira[i]=0}
- if rawlen>0 {
- for i in 0..rawlen {
- sh.process(raw[i]);
- }
- let digest=sh.hash();
-
-/* initialise PRNG from distilled randomness */
-
- for i in 0..8 {
- b[0]=digest[4*i]; b[1]=digest[4*i+1]; b[2]=digest[4*i+2]; b[3]=digest[4*i+3];
- self.sirand(RAND::pack(b));
- }
- }
- self.fill_pool();
- }
-
-/* get random byte */
- pub fn getbyte(&mut self) -> u8 {
- let r=self.pool[self.pool_ptr];
- self.pool_ptr+=1;
- if self.pool_ptr>=32 {self.fill_pool()}
- return (r&0xff) as u8;
- }
-}
-
-/* test main program */
-/*
-fn main() {
- let mut raw : [u8;100]=[0;100];
- let mut rng=RAND::new();
-
- rng.clean();
- for i in 0..100 {raw[i]=i as u8}
-
- rng.seed(100,&raw);
-
- for _ in 0..1000 {
- print!("{:03} ",rng.getbyte());
- }
-}
-*/
[04/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/cpp/big.h
----------------------------------------------------------------------
diff --git a/version3/cpp/big.h b/version3/cpp/big.h
deleted file mode 100644
index 1f4f451..0000000
--- a/version3/cpp/big.h
+++ /dev/null
@@ -1,595 +0,0 @@
-#ifndef BIG_XXX_H
-#define BIG_XXX_H
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <inttypes.h>
-#include "arch.h"
-#include "amcl.h"
-#include "config_big_XXX.h"
-
-using namespace amcl;
-
-
-//#define UNWOUND
-
-#define BIGBITS_XXX (8*MODBYTES_XXX)
-#define NLEN_XXX (1+((8*MODBYTES_XXX-1)/BASEBITS_XXX))
-#define DNLEN_XXX 2*NLEN_XXX
-#define BMASK_XXX (((chunk)1<<BASEBITS_XXX)-1) /**< Mask = 2^BASEBITS-1 */
-#define NEXCESS_XXX (1<<(CHUNK-BASEBITS_XXX-1)) /**< 2^(CHUNK-BASEBITS-1) - digit cannot be multiplied by more than this before normalisation */
-
-#define HBITS_XXX (BASEBITS_XXX/2) /**< Number of bits in number base divided by 2 */
-#define HMASK_XXX (((chunk)1<<HBITS_XXX)-1) /**< Mask = 2^HBITS-1 */
-
-//#define DEBUG_NORM
-
-#ifdef DEBUG_NORM /* Add an extra location to track chunk extension */
-#define MPV_XXX NLEN_XXX
-#define MNV_XXX (NLEN_XXX+1)
-#define DMPV_XXX DNLEN_XXX
-#define DMNV_XXX (DNLEN_XXX+1)
-
-#endif
-
-namespace XXX {
-
-#ifdef DEBUG_NORM
-typedef chunk BIG[NLEN_XXX+2]; /**< Define type BIG as array of chunks */
-typedef chunk DBIG[DNLEN_XXX+2]; /**< Define type DBIG as array of chunks */
-#else
-typedef chunk BIG[NLEN_XXX]; /**< Define type BIG as array of chunks */
-typedef chunk DBIG[DNLEN_XXX]; /**< Define type DBIG as array of chunks */
-#endif
-
-/* BIG number prototypes */
-
-/** @brief Tests for BIG equal to zero
- *
- @param x a BIG number
- @return 1 if zero, else returns 0
- */
-extern int BIG_iszilch(BIG x);
-/** @brief Tests for BIG equal to one
- *
- @param x a BIG number
- @return 1 if one, else returns 0
- */
-extern int BIG_isunity(BIG x);
-/** @brief Tests for DBIG equal to zero
- *
- @param x a DBIG number
- @return 1 if zero, else returns 0
- */
-extern int BIG_diszilch(DBIG x);
-/** @brief Outputs a BIG number to the console
- *
- @param x a BIG number
- */
-extern void BIG_output(BIG x);
-/** @brief Outputs a BIG number to the console in raw form (for debugging)
- *
- @param x a BIG number
- */
-extern void BIG_rawoutput(BIG x);
-/** @brief Conditional constant time swap of two BIG numbers
- *
- Conditionally swaps parameters in constant time (without branching)
- @param x a BIG number
- @param y another BIG number
- @param s swap takes place if not equal to 0
- */
-extern void BIG_cswap(BIG x,BIG y,int s);
-/** @brief Conditional copy of BIG number
- *
- Conditionally copies second parameter to the first (without branching)
- @param x a BIG number
- @param y another BIG number
- @param s copy takes place if not equal to 0
- */
-extern void BIG_cmove(BIG x,BIG y,int s);
-/** @brief Conditional copy of DBIG number
- *
- Conditionally copies second parameter to the first (without branching)
- @param x a DBIG number
- @param y another DBIG number
- @param s copy takes place if not equal to 0
- */
-extern void BIG_dcmove(BIG x,BIG y,int s);
-/** @brief Convert from BIG number to byte array
- *
- @param a byte array
- @param x BIG number
- */
-extern void BIG_toBytes(char *a,BIG x);
-/** @brief Convert to BIG number from byte array
- *
- @param x BIG number
- @param a byte array
- */
-extern void BIG_fromBytes(BIG x,char *a);
-/** @brief Convert to BIG number from byte array of given length
- *
- @param x BIG number
- @param a byte array
- @param s byte array length
- */
-extern void BIG_fromBytesLen(BIG x,char *a,int s);
-/**@brief Convert to DBIG number from byte array of given length
- *
- @param x DBIG number
- @param a byte array
- @param s byte array length
- */
-extern void BIG_dfromBytesLen(DBIG x,char *a,int s);
-/** @brief Outputs a DBIG number to the console
- *
- @param x a DBIG number
- */
-extern void BIG_doutput(DBIG x);
-
-/** @brief Outputs a DBIG number to the console
- *
- @param x a DBIG number
- */
-extern void BIG_drawoutput(DBIG x);
-
-/** @brief Copy BIG from Read-Only Memory to a BIG
- *
- @param x BIG number
- @param y BIG number in ROM
- */
-extern void BIG_rcopy(BIG x,const BIG y);
-/** @brief Copy BIG to another BIG
- *
- @param x BIG number
- @param y BIG number to be copied
- */
-extern void BIG_copy(BIG x,BIG y);
-/** @brief Copy DBIG to another DBIG
- *
- @param x DBIG number
- @param y DBIG number to be copied
- */
-extern void BIG_dcopy(DBIG x,DBIG y);
-/** @brief Copy BIG to upper half of DBIG
- *
- @param x DBIG number
- @param y BIG number to be copied
- */
-extern void BIG_dsucopy(DBIG x,BIG y);
-/** @brief Copy BIG to lower half of DBIG
- *
- @param x DBIG number
- @param y BIG number to be copied
- */
-extern void BIG_dscopy(DBIG x,BIG y);
-/** @brief Copy lower half of DBIG to a BIG
- *
- @param x BIG number
- @param y DBIG number to be copied
- */
-extern void BIG_sdcopy(BIG x,DBIG y);
-/** @brief Copy upper half of DBIG to a BIG
- *
- @param x BIG number
- @param y DBIG number to be copied
- */
-extern void BIG_sducopy(BIG x,DBIG y);
-/** @brief Set BIG to zero
- *
- @param x BIG number to be set to zero
- */
-extern void BIG_zero(BIG x);
-/** @brief Set DBIG to zero
- *
- @param x DBIG number to be set to zero
- */
-extern void BIG_dzero(DBIG x);
-/** @brief Set BIG to one (unity)
- *
- @param x BIG number to be set to one.
- */
-extern void BIG_one(BIG x);
-/** @brief Set BIG to inverse mod 2^256
- *
- @param x BIG number to be inverted
- */
-extern void BIG_invmod2m(BIG x);
-/** @brief Set BIG to sum of two BIGs - output not normalised
- *
- @param x BIG number, sum of other two
- @param y BIG number
- @param z BIG number
- */
-extern void BIG_add(BIG x,BIG y,BIG z);
-
-/** @brief Set BIG to logical or of two BIGs - output normalised
- *
- @param x BIG number, or of other two
- @param y BIG number
- @param z BIG number
- */
-extern void BIG_or(BIG x,BIG y,BIG z);
-
-/** @brief Increment BIG by a small integer - output not normalised
- *
- @param x BIG number to be incremented
- @param i integer
- */
-extern void BIG_inc(BIG x,int i);
-/** @brief Set BIG to difference of two BIGs
- *
- @param x BIG number, difference of other two - output not normalised
- @param y BIG number
- @param z BIG number
- */
-extern void BIG_sub(BIG x,BIG y,BIG z);
-/** @brief Decrement BIG by a small integer - output not normalised
- *
- @param x BIG number to be decremented
- @param i integer
- */
-extern void BIG_dec(BIG x,int i);
-/** @brief Set DBIG to sum of two DBIGs
- *
- @param x DBIG number, sum of other two - output not normalised
- @param y DBIG number
- @param z DBIG number
- */
-extern void BIG_dadd(DBIG x,DBIG y,DBIG z);
-/** @brief Set DBIG to difference of two DBIGs
- *
- @param x DBIG number, difference of other two - output not normalised
- @param y DBIG number
- @param z DBIG number
- */
-extern void BIG_dsub(DBIG x,DBIG y,DBIG z);
-/** @brief Multiply BIG by a small integer - output not normalised
- *
- @param x BIG number, product of other two
- @param y BIG number
- @param i small integer
- */
-extern void BIG_imul(BIG x,BIG y,int i);
-/** @brief Multiply BIG by not-so-small small integer - output normalised
- *
- @param x BIG number, product of other two
- @param y BIG number
- @param i small integer
- @return Overflowing bits
- */
-extern chunk BIG_pmul(BIG x,BIG y,int i);
-/** @brief Divide BIG by 3 - output normalised
- *
- @param x BIG number
- @return Remainder
- */
-extern int BIG_div3(BIG x);
-/** @brief Multiply BIG by even bigger small integer resulting in a DBIG - output normalised
- *
- @param x DBIG number, product of other two
- @param y BIG number
- @param i small integer
- */
-extern void BIG_pxmul(DBIG x,BIG y,int i);
-/** @brief Multiply BIG by another BIG resulting in DBIG - inputs normalised and output normalised
- *
- @param x DBIG number, product of other two
- @param y BIG number
- @param z BIG number
- */
-extern void BIG_mul(DBIG x,BIG y,BIG z);
-/** @brief Multiply BIG by another BIG resulting in another BIG - inputs normalised and output normalised
- *
- Note that the product must fit into a BIG, and x must be distinct from y and z
- @param x BIG number, product of other two
- @param y BIG number
- @param z BIG number
- */
-extern void BIG_smul(BIG x,BIG y,BIG z);
-/** @brief Square BIG resulting in a DBIG - input normalised and output normalised
- *
- @param x DBIG number, square of a BIG
- @param y BIG number to be squared
- */
-extern void BIG_sqr(DBIG x,BIG y);
-
-/** @brief Montgomery reduction of a DBIG to a BIG - input normalised and output normalised
- *
- @param a BIG number, reduction of a BIG
- @param md BIG number, the modulus
- @param MC the Montgomery Constant
- @param d DBIG number to be reduced
- */
-extern void BIG_monty(BIG a,BIG md,chunk MC,DBIG d);
-
-/** @brief Shifts a BIG left by any number of bits - input must be normalised, output normalised
- *
- @param x BIG number to be shifted
- @param s Number of bits to shift
- */
-extern void BIG_shl(BIG x,int s);
-/** @brief Fast shifts a BIG left by a small number of bits - input must be normalised, output will be normalised
- *
- The number of bits to be shifted must be less than BASEBITS
- @param x BIG number to be shifted
- @param s Number of bits to shift
- @return Overflow bits
- */
-extern int BIG_fshl(BIG x,int s);
-/** @brief Shifts a DBIG left by any number of bits - input must be normalised, output normalised
- *
- @param x DBIG number to be shifted
- @param s Number of bits to shift
- */
-extern void BIG_dshl(DBIG x,int s);
-/** @brief Shifts a BIG right by any number of bits - input must be normalised, output normalised
- *
- @param x BIG number to be shifted
- @param s Number of bits to shift
- */
-extern void BIG_shr(BIG x,int s);
-
-
-/** @brief Fast time-critical combined shift by 1 bit, subtract and normalise
- *
- @param r BIG number normalised output
- @param a BIG number to be subtracted from
- @param m BIG number to be shifted and subtracted
- @return sign of r
- */
-extern int BIG_ssn(BIG r,BIG a, BIG m);
-
-/** @brief Fast shifts a BIG right by a small number of bits - input must be normalised, output will be normalised
- *
- The number of bits to be shifted must be less than BASEBITS
- @param x BIG number to be shifted
- @param s Number of bits to shift
- @return Shifted out bits
- */
-extern int BIG_fshr(BIG x,int s);
-/** @brief Shifts a DBIG right by any number of bits - input must be normalised, output normalised
- *
- @param x DBIG number to be shifted
- @param s Number of bits to shift
- */
-extern void BIG_dshr(DBIG x,int s);
-/** @brief Splits a DBIG into two BIGs - input must be normalised, outputs normalised
- *
- Internal function. The value of s must be approximately in the middle of the DBIG.
- Typically used to extract z mod 2^MODBITS and z/2^MODBITS
- @param x BIG number, top half of z
- @param y BIG number, bottom half of z
- @param z DBIG number to be split in two.
- @param s Bit position at which to split
- @return carry-out from top half
- */
-extern chunk BIG_split(BIG x,BIG y,DBIG z,int s);
-/** @brief Normalizes a BIG number - output normalised
- *
- All digits of the input BIG are reduced mod 2^BASEBITS
- @param x BIG number to be normalised
- */
-extern chunk BIG_norm(BIG x);
-/** @brief Normalizes a DBIG number - output normalised
- *
- All digits of the input DBIG are reduced mod 2^BASEBITS
- @param x DBIG number to be normalised
- */
-extern void BIG_dnorm(DBIG x);
-/** @brief Compares two BIG numbers. Inputs must be normalised externally
- *
- @param x first BIG number to be compared
- @param y second BIG number to be compared
- @return -1 is x<y, 0 if x=y, 1 if x>y
- */
-extern int BIG_comp(BIG x,BIG y);
-/** @brief Compares two DBIG numbers. Inputs must be normalised externally
- *
- @param x first DBIG number to be compared
- @param y second DBIG number to be compared
- @return -1 is x<y, 0 if x=y, 1 if x>y
- */
-extern int BIG_dcomp(DBIG x,DBIG y);
-/** @brief Calculate number of bits in a BIG - output normalised
- *
- @param x BIG number
- @return Number of bits in x
- */
-extern int BIG_nbits(BIG x);
-/** @brief Calculate number of bits in a DBIG - output normalised
- *
- @param x DBIG number
- @return Number of bits in x
- */
-extern int BIG_dnbits(DBIG x);
-/** @brief Reduce x mod n - input and output normalised
- *
- Slow but rarely used
- @param x BIG number to be reduced mod n
- @param n The modulus
- */
-extern void BIG_mod(BIG x,BIG n);
-/** @brief Divide x by n - output normalised
- *
- Slow but rarely used
- @param x BIG number to be divided by n
- @param n The Divisor
- */
-extern void BIG_sdiv(BIG x,BIG n);
-/** @brief x=y mod n - output normalised
- *
- Slow but rarely used. y is destroyed.
- @param x BIG number, on exit = y mod n
- @param y DBIG number
- @param n Modulus
- */
-extern void BIG_dmod(BIG x,DBIG y,BIG n);
-/** @brief x=y/n - output normalised
- *
- Slow but rarely used. y is destroyed.
- @param x BIG number, on exit = y/n
- @param y DBIG number
- @param n Modulus
- */
-extern void BIG_ddiv(BIG x,DBIG y,BIG n);
-/** @brief return parity of BIG, that is the least significant bit
- *
- @param x BIG number
- @return 0 or 1
- */
-extern int BIG_parity(BIG x);
-/** @brief return i-th of BIG
- *
- @param x BIG number
- @param i the bit of x to be returned
- @return 0 or 1
- */
-extern int BIG_bit(BIG x,int i);
-/** @brief return least significant bits of a BIG
- *
- @param x BIG number
- @param n number of bits to return. Assumed to be less than BASEBITS.
- @return least significant n bits as an integer
- */
-extern int BIG_lastbits(BIG x,int n);
-/** @brief Create a random BIG from a random number generator
- *
- Assumes that the random number generator has been suitably initialised
- @param x BIG number, on exit a random number
- @param r A pointer to a Cryptographically Secure Random Number Generator
- */
-extern void BIG_random(BIG x,csprng *r);
-/** @brief Create an unbiased random BIG from a random number generator, reduced with respect to a modulus
- *
- Assumes that the random number generator has been suitably initialised
- @param x BIG number, on exit a random number
- @param n The modulus
- @param r A pointer to a Cryptographically Secure Random Number Generator
- */
-extern void BIG_randomnum(BIG x,BIG n,csprng *r);
-/** brief return NAF (Non-Adjacent-Form) value as +/- 1, 3 or 5, inputs must be normalised
- *
- Given x and 3*x extracts NAF value from given bit position, and returns number of bits processed, and number of trailing zeros detected if any
- param x BIG number
- param x3 BIG number, three times x
- param i bit position
- param nbs pointer to integer returning number of bits processed
- param nzs pointer to integer returning number of trailing 0s
- return + or - 1, 3 or 5
-*/
-
-/** @brief Calculate x=y*z mod n
- *
- Slow method for modular multiplication
- @param x BIG number, on exit = y*z mod n
- @param y BIG number
- @param z BIG number
- @param n The BIG Modulus
- */
-extern void BIG_modmul(BIG x,BIG y,BIG z,BIG n);
-/** @brief Calculate x=y/z mod n
- *
- Slow method for modular division
- @param x BIG number, on exit = y/z mod n
- @param y BIG number
- @param z BIG number
- @param n The BIG Modulus
- */
-extern void BIG_moddiv(BIG x,BIG y,BIG z,BIG n);
-/** @brief Calculate x=y^2 mod n
- *
- Slow method for modular squaring
- @param x BIG number, on exit = y^2 mod n
- @param y BIG number
- @param n The BIG Modulus
- */
-extern void BIG_modsqr(BIG x,BIG y,BIG n);
-/** @brief Calculate x=-y mod n
- *
- Modular negation
- @param x BIG number, on exit = -y mod n
- @param y BIG number
- @param n The BIG Modulus
- */
-extern void BIG_modneg(BIG x,BIG y,BIG n);
-/** @brief Calculate jacobi Symbol (x/y)
- *
- @param x BIG number
- @param y BIG number
- @return Jacobi symbol, -1,0 or 1
- */
-extern int BIG_jacobi(BIG x,BIG y);
-/** @brief Calculate x=1/y mod n
- *
- Modular Inversion - This is slow. Uses binary method.
- @param x BIG number, on exit = 1/y mod n
- @param y BIG number
- @param n The BIG Modulus
- */
-extern void BIG_invmodp(BIG x,BIG y,BIG n);
-/** @brief Calculate x=x mod 2^m
- *
- Truncation
- @param x BIG number, on reduced mod 2^m
- @param m new truncated size
-*/
-extern void BIG_mod2m(BIG x,int m);
-
-/** @brief Calculates a*b+c+*d
- *
- Calculate partial product of a.b, add in carry c, and add total to d
- @param a multiplier
- @param b multiplicand
- @param c carry
- @param d pointer to accumulated bottom half of result
- @return top half of result
- */
-
-#ifdef dchunk
-
-/* Method required to calculate x*y+c+r, bottom half in r, top half returned */
-inline chunk muladd(chunk x,chunk y,chunk c,chunk *r)
-{
- dchunk prod=(dchunk)x*y+c+*r;
- *r=(chunk)prod&BMASK_XXX;
- return (chunk)(prod>>BASEBITS_XXX);
-}
-
-#else
-
-/* No integer type available that can store double the wordlength */
-/* accumulate partial products */
-
-inline chunk muladd(chunk x,chunk y,chunk c,chunk *r)
-{
- chunk x0,x1,y0,y1;
- chunk bot,top,mid,carry;
- x0=x&HMASK;
- x1=(x>>HBITS_XXX);
- y0=y&HMASK_XXX;
- y1=(y>>HBITS_XXX);
- bot=x0*y0;
- top=x1*y1;
- mid=x0*y1+x1*y0;
- x0=mid&HMASK_XXX;
- x1=(mid>>HBITS_XXX);
- bot+=x0<<HBITS_XXX;
- bot+=*r;
- bot+=c;
-
- top+=x1;
- carry=bot>>BASEBITS_XXX;
- bot&=BMASK_XXX;
- top+=carry;
-
- *r=bot;
- return top;
-}
-
-#endif
-
-}
-
-#endif
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/cpp/config16.py
----------------------------------------------------------------------
diff --git a/version3/cpp/config16.py b/version3/cpp/config16.py
deleted file mode 100644
index d22a76a..0000000
--- a/version3/cpp/config16.py
+++ /dev/null
@@ -1,370 +0,0 @@
-import os
-import sys
-
-deltext=""
-if sys.platform.startswith("linux") :
- deltext="rm"
- copytext="cp"
-if sys.platform.startswith("darwin") :
- deltext="rm"
- copytext="cp"
-if sys.platform.startswith("win") :
- deltext="del"
- copytext="copy"
-
-def replace(namefile,oldtext,newtext):
- f = open(namefile,'r')
- filedata = f.read()
- f.close()
-
- newdata = filedata.replace(oldtext,newtext)
-
- f = open(namefile,'w')
- f.write(newdata)
- f.close()
-
-
-def rsaset(tb,tff,nb,base,ml) :
- bd="B"+tb+"_"+base
- fnameh="config_big_"+bd+".h"
- os.system(copytext+" config_big.h "+fnameh)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"@NB@",nb)
- replace(fnameh,"@BASE@",base)
-
- fnameh="config_ff_"+tff+".h"
- os.system(copytext+" config_ff.h "+fnameh)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"WWW",tff)
- replace(fnameh,"@ML@",ml)
-
- fnamec="big_"+bd+".cpp"
- fnameh="big_"+bd+".h"
-
- os.system(copytext+" big.cpp "+fnamec)
- os.system(copytext+" big.h "+fnameh)
-
- replace(fnamec,"XXX",bd)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- fnamec="ff_"+tff+".cpp"
- fnameh="ff_"+tff+".h"
-
- os.system(copytext+" ff.cpp "+fnamec)
- os.system(copytext+" ff.h "+fnameh)
-
- replace(fnamec,"WWW",tff)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"WWW",tff)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- fnamec="rsa_"+tff+".cpp"
- fnameh="rsa_"+tff+".h"
-
- os.system(copytext+" rsa.cpp "+fnamec)
- os.system(copytext+" rsa.h "+fnameh)
-
- replace(fnamec,"WWW",tff)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"WWW",tff)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
-def curveset(tb,tf,tc,nb,base,nbt,m8,mt,ct,pf,stw,sx,cs) :
- bd="B"+tb+"_"+base
- fnameh="config_big_"+bd+".h"
- os.system(copytext+" config_big.h "+fnameh)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"@NB@",nb)
- replace(fnameh,"@BASE@",base)
-
- fnameh="config_field_"+tf+".h"
- os.system(copytext+" config_field.h "+fnameh)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"@NBT@",nbt)
- replace(fnameh,"@M8@",m8)
- replace(fnameh,"@MT@",mt)
-
- ib=int(base)
- inb=int(nb)
- inbt=int(nbt)
- sh=ib*(1+((8*inb-1)//ib))-inbt
-
- if sh > 6 :
- sh=6
- replace(fnameh,"@SH@",str(sh))
-
- fnameh="config_curve_"+tc+".h"
- os.system(copytext+" config_curve.h "+fnameh)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"@CT@",ct)
- replace(fnameh,"@PF@",pf)
-
- replace(fnameh,"@ST@",stw)
- replace(fnameh,"@SX@",sx)
- replace(fnameh,"@CS@",cs)
-
-
- fnamec="big_"+bd+".cpp"
- fnameh="big_"+bd+".h"
-
- os.system(copytext+" big.cpp "+fnamec)
- os.system(copytext+" big.h "+fnameh)
-
- replace(fnamec,"XXX",bd)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- fnamec="fp_"+tf+".cpp"
- fnameh="fp_"+tf+".h"
-
- os.system(copytext+" fp.cpp "+fnamec)
- os.system(copytext+" fp.h "+fnameh)
-
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- os.system("g++ -O3 -c rom_field_"+tf+".cpp")
-
- fnamec="ecp_"+tc+".cpp"
- fnameh="ecp_"+tc+".h"
-
- os.system(copytext+" ecp.cpp "+fnamec)
- os.system(copytext+" ecp.h "+fnameh)
-
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- fnamec="ecdh_"+tc+".cpp"
- fnameh="ecdh_"+tc+".h"
-
- os.system(copytext+" ecdh.cpp "+fnamec)
- os.system(copytext+" ecdh.h "+fnameh)
-
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- os.system("g++ -O3 -c rom_curve_"+tc+".cpp")
-
- if pf != "NOT" :
- fnamec="fp2_"+tf+".cpp"
- fnameh="fp2_"+tf+".h"
-
- os.system(copytext+" fp2.cpp "+fnamec)
- os.system(copytext+" fp2.h "+fnameh)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- fnamec="fp4_"+tf+".cpp"
- fnameh="fp4_"+tf+".h"
-
- os.system(copytext+" fp4.cpp "+fnamec)
- os.system(copytext+" fp4.h "+fnameh)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnamec,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- os.system("g++ -O3 -c "+fnamec)
-
- fnamec="fp12_"+tf+".cpp"
- fnameh="fp12_"+tf+".h"
-
- os.system(copytext+" fp12.cpp "+fnamec)
- os.system(copytext+" fp12.h "+fnameh)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- fnamec="ecp2_"+tc+".cpp"
- fnameh="ecp2_"+tc+".h"
-
- os.system(copytext+" ecp2.cpp "+fnamec)
- os.system(copytext+" ecp2.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- fnamec="pair_"+tc+".cpp"
- fnameh="pair_"+tc+".h"
-
- os.system(copytext+" pair.cpp "+fnamec)
- os.system(copytext+" pair.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- fnamec="mpin_"+tc+".cpp"
- fnameh="mpin_"+tc+".h"
-
- os.system(copytext+" mpin.cpp "+fnamec)
- os.system(copytext+" mpin.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
-replace("arch.h","@WL@","16")
-print("Elliptic Curves")
-print("1. ED25519")
-print("2. NUMS256E")
-
-print("Pairing-Friendly Elliptic Curves")
-print("3. BN254")
-print("4. BN254CX")
-
-print("RSA")
-print("5. RSA2048")
-
-
-selection=[]
-ptr=0
-max=6
-
-curve_selected=False
-pfcurve_selected=False
-rsa_selected=False
-
-while ptr<max:
- x=int(input("Choose a Scheme to support - 0 to finish: "))
- if x == 0:
- break
-# print("Choice= ",x)
- already=False
- for i in range(0,ptr):
- if x==selection[i]:
- already=True
- break
- if already:
- continue
-
- selection.append(x)
- ptr=ptr+1
-
-# curveset(big,field,curve,big_length_bytes,bits_in_base,modulus_bits,modulus_mod_8,modulus_type,curve_type,pairing_friendly)
-# for each curve give names for big, field and curve. In many cases the latter two will be the same.
-# Typically "big" is the size in bits, always a multiple of 8, "field" describes the modulus, and "curve" is the common name for the elliptic curve
-# big_length_bytes is "big" divided by 8
-# Next give the number base used for 16 bit architectures, as n where the base is 2^n (note that these must be fixed for the same "big" name, if is ever re-used for another curve)
-# modulus_bits is the bit length of the modulus, typically the same or slightly smaller than "big"
-# modulus_mod_8 is the remainder when the modulus is divided by 8
-# modulus_type is NOT_SPECIAL, or PSEUDO_MERSENNE, or MONTGOMERY_Friendly, or GENERALISED_MERSENNE (supported for GOLDILOCKS only)
-# curve_type is WEIERSTRASS, EDWARDS or MONTGOMERY
-# pairing_friendly is BN, BLS or NOT (if not pairing friendly)
-# if pairing friendly. M or D type twist, and sign of the family parameter x
-
-
- if x==1:
- curveset("256","F25519","ED25519","32","13","255","5","PSEUDO_MERSENNE","EDWARDS","NOT","","","128")
- curve_selected=True
- if x==2:
- curveset("256","F256PME","NUMS256E","32","13","256","3","PSEUDO_MERSENNE","EDWARDS","NOT","","","128")
- curve_selected=True
-
-
- if x==3:
- curveset("256","BN254","BN254","32","13","254","3","NOT_SPECIAL","WEIERSTRASS","BN","D_TYPE","NEGATIVEX","128")
- pfcurve_selected=True
- if x==4:
- curveset("256","BN254CX","BN254CX","32","13","254","3","NOT_SPECIAL","WEIERSTRASS","BN","D_TYPE","NEGATIVEX","128")
- pfcurve_selected=True
-
-# rsaset(big,ring,big_length_bytes,bits_in_base,multiplier)
-# for each choice give distinct names for "big" and "ring".
-# Typically "big" is the length in bits of the underlying big number type
-# "ring" is the RSA modulus size = "big" times 2^m
-# big_length_bytes is "big" divided by 8
-# Next give the number base used for 16 bit architectures, as n where the base is 2^n
-# multiplier is 2^m (see above)
-
-# There are choices here, different ways of getting the same result, but some faster than others
- if x==5:
- #256 is slower but may allow reuse of 256-bit BIGs used for elliptic curve
- #512 is faster.. but best is 1024
- rsaset("256","RSA2048","32","13","8")
- rsa_selected=True
-
-
-os.system(deltext+" big.*")
-os.system(deltext+" fp.*")
-os.system(deltext+" ecp.*")
-os.system(deltext+" ecdh.*")
-os.system(deltext+" ff.*")
-os.system(deltext+" rsa.*")
-os.system(deltext+" config_big.h")
-os.system(deltext+" config_field.h")
-os.system(deltext+" config_curve.h")
-os.system(deltext+" config_ff.h")
-os.system(deltext+" fp2.*")
-os.system(deltext+" fp4.*")
-os.system(deltext+" fp12.*")
-os.system(deltext+" ecp2.*")
-os.system(deltext+" pair.*")
-os.system(deltext+" mpin.*")
-
-# create library
-os.system("g++ -O3 -c randapi.cpp")
-if curve_selected :
- os.system("g++ -O3 -c ecdh_support.cpp")
-if rsa_selected :
- os.system("g++ -O3 -c rsa_support.cpp")
-if pfcurve_selected :
- os.system("g++ -O3 -c pbc_support.cpp")
-
-os.system("g++ -O3 -c hash.cpp")
-os.system("g++ -O3 -c rand.cpp")
-os.system("g++ -O3 -c oct.cpp")
-os.system("g++ -O3 -c aes.cpp")
-os.system("g++ -O3 -c gcm.cpp")
-os.system("g++ -O3 -c newhope.cpp")
-
-if sys.platform.startswith("win") :
- os.system("for %i in (*.o) do @echo %~nxi >> f.list")
- os.system("ar rc amcl.a @f.list")
- os.system(deltext+" f.list")
-
-else :
- os.system("ar rc amcl.a *.o")
-
-os.system(deltext+" *.o")
-
-
-#print("Your section was ")
-#for i in range(0,ptr):
-# print (selection[i])
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/cpp/config32.py
----------------------------------------------------------------------
diff --git a/version3/cpp/config32.py b/version3/cpp/config32.py
deleted file mode 100644
index b2ab9b0..0000000
--- a/version3/cpp/config32.py
+++ /dev/null
@@ -1,641 +0,0 @@
-import os
-import sys
-
-deltext=""
-if sys.platform.startswith("linux") :
- deltext="rm"
- copytext="cp"
-if sys.platform.startswith("darwin") :
- deltext="rm"
- copytext="cp"
-if sys.platform.startswith("win") :
- deltext="del"
- copytext="copy"
-
-def replace(namefile,oldtext,newtext):
- f = open(namefile,'r')
- filedata = f.read()
- f.close()
-
- newdata = filedata.replace(oldtext,newtext)
-
- f = open(namefile,'w')
- f.write(newdata)
- f.close()
-
-
-def rsaset(tb,tff,nb,base,ml) :
- bd="B"+tb+"_"+base
- fnameh="config_big_"+bd+".h"
- os.system(copytext+" config_big.h "+fnameh)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"@NB@",nb)
- replace(fnameh,"@BASE@",base)
-
- fnameh="config_ff_"+tff+".h"
- os.system(copytext+" config_ff.h "+fnameh)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"WWW",tff)
- replace(fnameh,"@ML@",ml)
-
- fnamec="big_"+bd+".cpp"
- fnameh="big_"+bd+".h"
-
- os.system(copytext+" big.cpp "+fnamec)
- os.system(copytext+" big.h "+fnameh)
-
- replace(fnamec,"XXX",bd)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- fnamec="ff_"+tff+".cpp"
- fnameh="ff_"+tff+".h"
-
- os.system(copytext+" ff.cpp "+fnamec)
- os.system(copytext+" ff.h "+fnameh)
-
- replace(fnamec,"WWW",tff)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"WWW",tff)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- fnamec="rsa_"+tff+".cpp"
- fnameh="rsa_"+tff+".h"
-
- os.system(copytext+" rsa.cpp "+fnamec)
- os.system(copytext+" rsa.h "+fnameh)
-
- replace(fnamec,"WWW",tff)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"WWW",tff)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
-def curveset(tb,tf,tc,nb,base,nbt,m8,mt,ct,pf,stw,sx,cs) :
- bd="B"+tb+"_"+base
- fnameh="config_big_"+bd+".h"
- os.system(copytext+" config_big.h "+fnameh)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"@NB@",nb)
- replace(fnameh,"@BASE@",base)
-
- fnameh="config_field_"+tf+".h"
- os.system(copytext+" config_field.h "+fnameh)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"@NBT@",nbt)
- replace(fnameh,"@M8@",m8)
- replace(fnameh,"@MT@",mt)
-
- ib=int(base)
- inb=int(nb)
- inbt=int(nbt)
- sh=ib*(1+((8*inb-1)//ib))-inbt
-
- if sh > 14 :
- sh=14
- replace(fnameh,"@SH@",str(sh))
-
- fnameh="config_curve_"+tc+".h"
- os.system(copytext+" config_curve.h "+fnameh)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"@CT@",ct)
- replace(fnameh,"@PF@",pf)
-
- replace(fnameh,"@ST@",stw)
- replace(fnameh,"@SX@",sx)
- replace(fnameh,"@CS@",cs)
-
- fnamec="big_"+bd+".cpp"
- fnameh="big_"+bd+".h"
-
- os.system(copytext+" big.cpp "+fnamec)
- os.system(copytext+" big.h "+fnameh)
-
- replace(fnamec,"XXX",bd)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- fnamec="fp_"+tf+".cpp"
- fnameh="fp_"+tf+".h"
-
- os.system(copytext+" fp.cpp "+fnamec)
- os.system(copytext+" fp.h "+fnameh)
-
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- os.system("g++ -O3 -c rom_field_"+tf+".cpp")
-
- fnamec="ecp_"+tc+".cpp"
- fnameh="ecp_"+tc+".h"
-
- os.system(copytext+" ecp.cpp "+fnamec)
- os.system(copytext+" ecp.h "+fnameh)
-
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- fnamec="ecdh_"+tc+".cpp"
- fnameh="ecdh_"+tc+".h"
-
- os.system(copytext+" ecdh.cpp "+fnamec)
- os.system(copytext+" ecdh.h "+fnameh)
-
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- os.system("g++ -O3 -c rom_curve_"+tc+".cpp")
-
- if pf != "NOT" :
- fnamec="fp2_"+tf+".cpp"
- fnameh="fp2_"+tf+".h"
-
- os.system(copytext+" fp2.cpp "+fnamec)
- os.system(copytext+" fp2.h "+fnameh)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- fnamec="fp4_"+tf+".cpp"
- fnameh="fp4_"+tf+".h"
-
- os.system(copytext+" fp4.cpp "+fnamec)
- os.system(copytext+" fp4.h "+fnameh)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnamec,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- os.system("g++ -O3 -c "+fnamec)
-
- if cs == "128" :
- fnamec="fp12_"+tf+".cpp"
- fnameh="fp12_"+tf+".h"
-
- os.system(copytext+" fp12.cpp "+fnamec)
- os.system(copytext+" fp12.h "+fnameh)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- fnamec="ecp2_"+tc+".cpp"
- fnameh="ecp2_"+tc+".h"
-
- os.system(copytext+" ecp2.cpp "+fnamec)
- os.system(copytext+" ecp2.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- fnamec="pair_"+tc+".cpp"
- fnameh="pair_"+tc+".h"
-
- os.system(copytext+" pair.cpp "+fnamec)
- os.system(copytext+" pair.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- fnamec="mpin_"+tc+".cpp"
- fnameh="mpin_"+tc+".h"
-
- os.system(copytext+" mpin.cpp "+fnamec)
- os.system(copytext+" mpin.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- if cs == "192" :
- fnamec="fp8_"+tf+".cpp"
- fnameh="fp8_"+tf+".h"
-
- os.system(copytext+" fp8.cpp "+fnamec)
- os.system(copytext+" fp8.h "+fnameh)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnamec,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- os.system("g++ -O3 -c "+fnamec)
-
-
- fnamec="fp24_"+tf+".cpp"
- fnameh="fp24_"+tf+".h"
-
- os.system(copytext+" fp24.cpp "+fnamec)
- os.system(copytext+" fp24.h "+fnameh)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- fnamec="ecp4_"+tc+".cpp"
- fnameh="ecp4_"+tc+".h"
-
- os.system(copytext+" ecp4.cpp "+fnamec)
- os.system(copytext+" ecp4.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- fnamec="pair192_"+tc+".cpp"
- fnameh="pair192_"+tc+".h"
-
- os.system(copytext+" pair192.cpp "+fnamec)
- os.system(copytext+" pair192.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- fnamec="mpin192_"+tc+".cpp"
- fnameh="mpin192_"+tc+".h"
-
- os.system(copytext+" mpin192.cpp "+fnamec)
- os.system(copytext+" mpin192.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- if cs == "256" :
-
- fnamec="fp8_"+tf+".cpp"
- fnameh="fp8_"+tf+".h"
-
- os.system(copytext+" fp8.cpp "+fnamec)
- os.system(copytext+" fp8.h "+fnameh)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnamec,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- os.system("g++ -O3 -c "+fnamec)
-
-
- fnamec="ecp8_"+tc+".cpp"
- fnameh="ecp8_"+tc+".h"
-
- os.system(copytext+" ecp8.cpp "+fnamec)
- os.system(copytext+" ecp8.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
-
- fnamec="fp16_"+tf+".cpp"
- fnameh="fp16_"+tf+".h"
-
- os.system(copytext+" fp16.cpp "+fnamec)
- os.system(copytext+" fp16.h "+fnameh)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnamec,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- os.system("g++ -O3 -c "+fnamec)
-
-
- fnamec="fp48_"+tf+".cpp"
- fnameh="fp48_"+tf+".h"
-
- os.system(copytext+" fp48.cpp "+fnamec)
- os.system(copytext+" fp48.h "+fnameh)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
-
- fnamec="pair256_"+tc+".cpp"
- fnameh="pair256_"+tc+".h"
-
- os.system(copytext+" pair256.cpp "+fnamec)
- os.system(copytext+" pair256.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- fnamec="mpin256_"+tc+".cpp"
- fnameh="mpin256_"+tc+".h"
-
- os.system(copytext+" mpin256.cpp "+fnamec)
- os.system(copytext+" mpin256.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
-replace("arch.h","@WL@","32")
-print("Elliptic Curves")
-print("1. ED25519")
-print("2. C25519")
-print("3. NIST256")
-print("4. BRAINPOOL")
-print("5. ANSSI")
-print("6. HIFIVE")
-print("7. GOLDILOCKS")
-print("8. NIST384")
-print("9. C41417")
-print("10. NIST521\n")
-print("11. NUMS256W")
-print("12. NUMS256E")
-print("13. NUMS384W")
-print("14. NUMS384E")
-print("15. NUMS512W")
-print("16. NUMS512E")
-print("17. SECP256K1\n")
-
-print("Pairing-Friendly Elliptic Curves")
-print("18. BN254")
-print("19. BN254CX")
-print("20. BLS383")
-print("21. BLS381")
-print("22. FP256BN")
-print("23. FP512BN")
-print("24. BLS461\n")
-print("25. BLS24")
-print("26. BLS48\n")
-
-print("RSA")
-print("27. RSA2048")
-print("28. RSA3072")
-print("29. RSA4096")
-
-selection=[]
-ptr=0
-max=30
-
-
-curve_selected=False
-pfcurve_selected=False
-rsa_selected=False
-
-while ptr<max:
- x=int(input("Choose a Scheme to support - 0 to finish: "))
- if x == 0:
- break
-# print("Choice= ",x)
- already=False
- for i in range(0,ptr):
- if x==selection[i]:
- already=True
- break
- if already:
- continue
-
- selection.append(x)
- ptr=ptr+1
-
-# curveset(big,field,curve,big_length_bytes,bits_in_base,modulus_bits,modulus_mod_8,modulus_type,curve_type,pairing_friendly,sextic twist,sign of x,curve security)
-# for each curve give names for big, field and curve. In many cases the latter two will be the same.
-# Typically "big" is the size in bits, always a multiple of 8, "field" describes the modulus, and "curve" is the common name for the elliptic curve
-# big_length_bytes is "big" divided by 8
-# Next give the number base used for 32 bit architecture, as n where the base is 2^n (note that these must be fixed for the same "big" name, if is ever re-used for another curve)
-# modulus_bits is the bit length of the modulus, typically the same or slightly smaller than "big"
-# modulus_mod_8 is the remainder when the modulus is divided by 8
-# modulus_type is NOT_SPECIAL, or PSEUDO_MERSENNE, or MONTGOMERY_Friendly, or GENERALISED_MERSENNE (supported for GOLDILOCKS only)
-# curve_type is WEIERSTRASS, EDWARDS or MONTGOMERY
-# pairing_friendly is BN, BLS or NOT (if not pairing friendly)
-# if pairing friendly. M or D type twist, and sign of the family parameter x
-# curve security is AES equiavlent, rounded up.
-
- if x==1:
- curveset("256","F25519","ED25519","32","29","255","5","PSEUDO_MERSENNE","EDWARDS","NOT","","","128")
- curve_selected=True
- if x==2:
- curveset("256","F25519","C25519","32","29","255","5","PSEUDO_MERSENNE","MONTGOMERY","NOT","","","128")
- curve_selected=True
- if x==3:
- curveset("256","NIST256","NIST256","32","28","256","7","NOT_SPECIAL","WEIERSTRASS","NOT","","","128")
- curve_selected=True
- if x==4:
- curveset("256","BRAINPOOL","BRAINPOOL","32","28","256","7","NOT_SPECIAL","WEIERSTRASS","NOT","","","128")
- curve_selected=True
- if x==5:
- curveset("256","ANSSI","ANSSI","32","28","256","7","NOT_SPECIAL","WEIERSTRASS","NOT","","","128")
- curve_selected=True
-
- if x==6:
- curveset("336","HIFIVE","HIFIVE","42","29","336","5","PSEUDO_MERSENNE","EDWARDS","NOT","","","192")
- curve_selected=True
- if x==7:
- curveset("448","GOLDILOCKS","GOLDILOCKS","56","29","448","7","GENERALISED_MERSENNE","EDWARDS","NOT","","","256")
- curve_selected=True
- if x==8:
- curveset("384","NIST384","NIST384","48","29","384","7","NOT_SPECIAL","WEIERSTRASS","NOT","","","192")
- curve_selected=True
- if x==9:
- curveset("416","C41417","C41417","52","29","414","7","PSEUDO_MERSENNE","EDWARDS","NOT","","","256")
- curve_selected=True
- if x==10:
- curveset("528","NIST521","NIST521","66","28","521","7","PSEUDO_MERSENNE","WEIERSTRASS","NOT","","","256")
- curve_selected=True
-
- if x==11:
- curveset("256","F256PMW","NUMS256W","32","28","256","3","PSEUDO_MERSENNE","WEIERSTRASS","NOT","","","128")
- curve_selected=True
- if x==12:
- curveset("256","F256PME","NUMS256E","32","29","256","3","PSEUDO_MERSENNE","EDWARDS","NOT","","","128")
- curve_selected=True
- if x==13:
- curveset("384","F384PM","NUMS384W","48","29","384","3","PSEUDO_MERSENNE","WEIERSTRASS","NOT","","","192")
- curve_selected=True
- if x==14:
- curveset("384","F384PM","NUMS384E","48","29","384","3","PSEUDO_MERSENNE","EDWARDS","NOT","","","192")
- curve_selected=True
- if x==15:
- curveset("512","F512PM","NUMS512W","64","29","512","7","PSEUDO_MERSENNE","WEIERSTRASS","NOT","","","256")
- curve_selected=True
- if x==16:
- curveset("512","F512PM","NUMS512E","64","29","512","7","PSEUDO_MERSENNE","EDWARDS","NOT","","","256")
- curve_selected=True
-
- if x==17:
- curveset("256","SECP256K1","SECP256K1","32","28","256","7","NOT_SPECIAL","WEIERSTRASS","NOT","","","128")
- curve_selected=True
-
- if x==18:
- curveset("256","BN254","BN254","32","28","254","3","NOT_SPECIAL","WEIERSTRASS","BN","D_TYPE","NEGATIVEX","128")
- pfcurve_selected=True
- if x==19:
- curveset("256","BN254CX","BN254CX","32","28","254","3","NOT_SPECIAL","WEIERSTRASS","BN","D_TYPE","NEGATIVEX","128")
- pfcurve_selected=True
- if x==20:
- curveset("384","BLS383","BLS383","48","29","383","3","NOT_SPECIAL","WEIERSTRASS","BLS","M_TYPE","POSITIVEX","128")
- pfcurve_selected=True
-
- if x==21:
- curveset("384","BLS381","BLS381","48","29","381","3","NOT_SPECIAL","WEIERSTRASS","BLS","M_TYPE","NEGATIVEX","128")
- pfcurve_selected=True
-
-
- if x==22:
- curveset("256","FP256BN","FP256BN","32","28","256","3","NOT_SPECIAL","WEIERSTRASS","BN","M_TYPE","NEGATIVEX","128")
- pfcurve_selected=True
- if x==23:
- curveset("512","FP512BN","FP512BN","64","29","512","3","NOT_SPECIAL","WEIERSTRASS","BN","M_TYPE","POSITIVEX","128")
- pfcurve_selected=True
-# https://eprint.iacr.org/2017/334.pdf
- if x==24:
- curveset("464","BLS461","BLS461","58","28","461","3","NOT_SPECIAL","WEIERSTRASS","BLS","M_TYPE","NEGATIVEX","128")
- pfcurve_selected=True
-
- if x==25:
- curveset("480","BLS24","BLS24","60","29","479","3","NOT_SPECIAL","WEIERSTRASS","BLS","M_TYPE","POSITIVEX","192")
- pfcurve_selected=True
-
-
- if x==26:
- curveset("560","BLS48","BLS48","70","29","556","3","NOT_SPECIAL","WEIERSTRASS","BLS","M_TYPE","POSITIVEX","256")
- pfcurve_selected=True
-
-
-# rsaset(big,ring,big_length_bytes,bit_bits_in_base,multiplier)
-# for each choice give distinct names for "big" and "ring".
-# Typically "big" is the length in bits of the underlying big number type
-# "ring" is the RSA modulus size = "big" times 2^m
-# big_length_bytes is "big" divided by 8
-# Next give the number base used for 32 bit architectures, as n where the base is 2^n
-# multiplier is 2^m (see above)
-
-# There are choices here, different ways of getting the same result, but some faster than others
- if x==27:
- #256 is slower but may allow reuse of 256-bit BIGs used for elliptic curve
- #512 is faster.. but best is 1024
- rsaset("1024","RSA2048","128","28","2")
- #rsaset("512","RSA2048","64","29","4")
- #rsaset("256","RSA2048","32","29","8")
- rsa_selected=True
- if x==28:
- rsaset("384","RSA3072","48","28","8")
- rsa_selected=True
- if x==29:
- #rsaset("256","RSA4096","32","29","16")
- rsaset("512","RSA4096","64","29","8")
- rsa_selected=True
-
-
-os.system(deltext+" big.*")
-os.system(deltext+" fp.*")
-os.system(deltext+" ecp.*")
-os.system(deltext+" ecdh.*")
-os.system(deltext+" ff.*")
-os.system(deltext+" rsa.*")
-os.system(deltext+" config_big.h")
-os.system(deltext+" config_field.h")
-os.system(deltext+" config_curve.h")
-os.system(deltext+" config_ff.h")
-os.system(deltext+" fp2.*")
-os.system(deltext+" fp4.*")
-os.system(deltext+" fp8.*")
-os.system(deltext+" fp16.*")
-
-os.system(deltext+" fp12.*")
-os.system(deltext+" fp24.*")
-os.system(deltext+" fp48.*")
-
-os.system(deltext+" ecp2.*")
-os.system(deltext+" ecp4.*")
-os.system(deltext+" ecp8.*")
-
-os.system(deltext+" pair.*")
-os.system(deltext+" mpin.*")
-
-os.system(deltext+" pair192.*")
-os.system(deltext+" mpin192.*")
-
-os.system(deltext+" pair256.*")
-os.system(deltext+" mpin256.*")
-
-# create library
-os.system("g++ -O3 -c randapi.cpp")
-if curve_selected :
- os.system("g++ -O3 -c ecdh_support.cpp")
-if rsa_selected :
- os.system("g++ -O3 -c rsa_support.cpp")
-if pfcurve_selected :
- os.system("g++ -O3 -c pbc_support.cpp")
-
-os.system("g++ -O3 -c hash.cpp")
-os.system("g++ -O3 -c rand.cpp")
-os.system("g++ -O3 -c oct.cpp")
-os.system("g++ -O3 -c aes.cpp")
-os.system("g++ -O3 -c gcm.cpp")
-os.system("g++ -O3 -c newhope.cpp")
-
-if sys.platform.startswith("win") :
- os.system("for %i in (*.o) do @echo %~nxi >> f.list")
- os.system("ar rc amcl.a @f.list")
- os.system(deltext+" f.list")
-
-else :
- os.system("ar rc amcl.a *.o")
-
-os.system(deltext+" *.o")
-
-
-#print("Your section was ")
-#for i in range(0,ptr):
-# print (selection[i])
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/cpp/config64.py
----------------------------------------------------------------------
diff --git a/version3/cpp/config64.py b/version3/cpp/config64.py
deleted file mode 100644
index faa6a90..0000000
--- a/version3/cpp/config64.py
+++ /dev/null
@@ -1,641 +0,0 @@
-import os
-import sys
-
-deltext=""
-if sys.platform.startswith("linux") :
- deltext="rm"
- copytext="cp"
-if sys.platform.startswith("darwin") :
- deltext="rm"
- copytext="cp"
-if sys.platform.startswith("win") :
- deltext="del"
- copytext="copy"
-
-def replace(namefile,oldtext,newtext):
- f = open(namefile,'r')
- filedata = f.read()
- f.close()
-
- newdata = filedata.replace(oldtext,newtext)
-
- f = open(namefile,'w')
- f.write(newdata)
- f.close()
-
-
-def rsaset(tb,tff,nb,base,ml) :
- bd="B"+tb+"_"+base
- fnameh="config_big_"+bd+".h"
- os.system(copytext+" config_big.h "+fnameh)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"@NB@",nb)
- replace(fnameh,"@BASE@",base)
-
- fnameh="config_ff_"+tff+".h"
- os.system(copytext+" config_ff.h "+fnameh)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"WWW",tff)
- replace(fnameh,"@ML@",ml)
-
- fnamec="big_"+bd+".cpp"
- fnameh="big_"+bd+".h"
-
- os.system(copytext+" big.cpp "+fnamec)
- os.system(copytext+" big.h "+fnameh)
-
- replace(fnamec,"XXX",bd)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- fnamec="ff_"+tff+".cpp"
- fnameh="ff_"+tff+".h"
-
- os.system(copytext+" ff.cpp "+fnamec)
- os.system(copytext+" ff.h "+fnameh)
-
- replace(fnamec,"WWW",tff)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"WWW",tff)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- fnamec="rsa_"+tff+".cpp"
- fnameh="rsa_"+tff+".h"
-
- os.system(copytext+" rsa.cpp "+fnamec)
- os.system(copytext+" rsa.h "+fnameh)
-
- replace(fnamec,"WWW",tff)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"WWW",tff)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
-def curveset(tb,tf,tc,nb,base,nbt,m8,mt,ct,pf,stw,sx,cs) :
- bd="B"+tb+"_"+base
- fnameh="config_big_"+bd+".h"
- os.system(copytext+" config_big.h "+fnameh)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"@NB@",nb)
- replace(fnameh,"@BASE@",base)
-
- fnameh="config_field_"+tf+".h"
- os.system(copytext+" config_field.h "+fnameh)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"@NBT@",nbt)
- replace(fnameh,"@M8@",m8)
- replace(fnameh,"@MT@",mt)
-
- ib=int(base)
- inb=int(nb)
- inbt=int(nbt)
- sh=ib*(1+((8*inb-1)//ib))-inbt
-
- if sh > 30 :
- sh=30
- replace(fnameh,"@SH@",str(sh))
-
- fnameh="config_curve_"+tc+".h"
- os.system(copytext+" config_curve.h "+fnameh)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"@CT@",ct)
- replace(fnameh,"@PF@",pf)
-
- replace(fnameh,"@ST@",stw)
- replace(fnameh,"@SX@",sx)
- replace(fnameh,"@CS@",cs)
-
-
- fnamec="big_"+bd+".cpp"
- fnameh="big_"+bd+".h"
-
- os.system(copytext+" big.cpp "+fnamec)
- os.system(copytext+" big.h "+fnameh)
-
- replace(fnamec,"XXX",bd)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- fnamec="fp_"+tf+".cpp"
- fnameh="fp_"+tf+".h"
-
- os.system(copytext+" fp.cpp "+fnamec)
- os.system(copytext+" fp.h "+fnameh)
-
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- os.system("g++ -O3 -c rom_field_"+tf+".cpp")
-
- fnamec="ecp_"+tc+".cpp"
- fnameh="ecp_"+tc+".h"
-
- os.system(copytext+" ecp.cpp "+fnamec)
- os.system(copytext+" ecp.h "+fnameh)
-
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- fnamec="ecdh_"+tc+".cpp"
- fnameh="ecdh_"+tc+".h"
-
- os.system(copytext+" ecdh.cpp "+fnamec)
- os.system(copytext+" ecdh.h "+fnameh)
-
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- os.system("g++ -O3 -c rom_curve_"+tc+".cpp")
-
- if pf != "NOT" :
- fnamec="fp2_"+tf+".cpp"
- fnameh="fp2_"+tf+".h"
-
- os.system(copytext+" fp2.cpp "+fnamec)
- os.system(copytext+" fp2.h "+fnameh)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- fnamec="fp4_"+tf+".cpp"
- fnameh="fp4_"+tf+".h"
-
- os.system(copytext+" fp4.cpp "+fnamec)
- os.system(copytext+" fp4.h "+fnameh)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnamec,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- os.system("g++ -O3 -c "+fnamec)
-
- if cs == "128" :
- fnamec="fp12_"+tf+".cpp"
- fnameh="fp12_"+tf+".h"
-
- os.system(copytext+" fp12.cpp "+fnamec)
- os.system(copytext+" fp12.h "+fnameh)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- fnamec="ecp2_"+tc+".cpp"
- fnameh="ecp2_"+tc+".h"
-
- os.system(copytext+" ecp2.cpp "+fnamec)
- os.system(copytext+" ecp2.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- fnamec="pair_"+tc+".cpp"
- fnameh="pair_"+tc+".h"
-
- os.system(copytext+" pair.cpp "+fnamec)
- os.system(copytext+" pair.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- fnamec="mpin_"+tc+".cpp"
- fnameh="mpin_"+tc+".h"
-
- os.system(copytext+" mpin.cpp "+fnamec)
- os.system(copytext+" mpin.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- if cs == "192" :
- fnamec="fp8_"+tf+".cpp"
- fnameh="fp8_"+tf+".h"
-
- os.system(copytext+" fp8.cpp "+fnamec)
- os.system(copytext+" fp8.h "+fnameh)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnamec,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- os.system("g++ -O3 -c "+fnamec)
-
-
- fnamec="fp24_"+tf+".cpp"
- fnameh="fp24_"+tf+".h"
-
- os.system(copytext+" fp24.cpp "+fnamec)
- os.system(copytext+" fp24.h "+fnameh)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- fnamec="ecp4_"+tc+".cpp"
- fnameh="ecp4_"+tc+".h"
-
- os.system(copytext+" ecp4.cpp "+fnamec)
- os.system(copytext+" ecp4.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- fnamec="pair192_"+tc+".cpp"
- fnameh="pair192_"+tc+".h"
-
- os.system(copytext+" pair192.cpp "+fnamec)
- os.system(copytext+" pair192.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- fnamec="mpin192_"+tc+".cpp"
- fnameh="mpin192_"+tc+".h"
-
- os.system(copytext+" mpin192.cpp "+fnamec)
- os.system(copytext+" mpin192.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- if cs == "256" :
-
- fnamec="fp8_"+tf+".cpp"
- fnameh="fp8_"+tf+".h"
-
- os.system(copytext+" fp8.cpp "+fnamec)
- os.system(copytext+" fp8.h "+fnameh)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnamec,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- os.system("g++ -O3 -c "+fnamec)
-
-
- fnamec="ecp8_"+tc+".cpp"
- fnameh="ecp8_"+tc+".h"
-
- os.system(copytext+" ecp8.cpp "+fnamec)
- os.system(copytext+" ecp8.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
-
- fnamec="fp16_"+tf+".cpp"
- fnameh="fp16_"+tf+".h"
-
- os.system(copytext+" fp16.cpp "+fnamec)
- os.system(copytext+" fp16.h "+fnameh)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnamec,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- os.system("g++ -O3 -c "+fnamec)
-
-
- fnamec="fp48_"+tf+".cpp"
- fnameh="fp48_"+tf+".h"
-
- os.system(copytext+" fp48.cpp "+fnamec)
- os.system(copytext+" fp48.h "+fnameh)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
-
- fnamec="pair256_"+tc+".cpp"
- fnameh="pair256_"+tc+".h"
-
- os.system(copytext+" pair256.cpp "+fnamec)
- os.system(copytext+" pair256.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
- fnamec="mpin256_"+tc+".cpp"
- fnameh="mpin256_"+tc+".h"
-
- os.system(copytext+" mpin256.cpp "+fnamec)
- os.system(copytext+" mpin256.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("g++ -O3 -c "+fnamec)
-
-replace("arch.h","@WL@","64")
-print("Elliptic Curves")
-print("1. ED25519")
-print("2. C25519")
-print("3. NIST256")
-print("4. BRAINPOOL")
-print("5. ANSSI")
-print("6. HIFIVE")
-print("7. GOLDILOCKS")
-print("8. NIST384")
-print("9. C41417")
-print("10. NIST521\n")
-print("11. NUMS256W")
-print("12. NUMS256E")
-print("13. NUMS384W")
-print("14. NUMS384E")
-print("15. NUMS512W")
-print("16. NUMS512E")
-print("17. SECP256K1\n")
-
-print("Pairing-Friendly Elliptic Curves")
-print("18. BN254")
-print("19. BN254CX")
-print("20. BLS383")
-print("21. BLS381")
-print("22. FP256BN")
-print("23. FP512BN")
-print("24. BLS461\n")
-print("25. BLS24")
-print("26. BLS48\n")
-
-print("RSA")
-print("27. RSA2048")
-print("28. RSA3072")
-print("29. RSA4096")
-
-selection=[]
-ptr=0
-max=30
-
-curve_selected=False
-pfcurve_selected=False
-rsa_selected=False
-
-while ptr<max:
- x=int(input("Choose a Scheme to support - 0 to finish: "))
- if x == 0:
- break
-# print("Choice= ",x)
- already=False
- for i in range(0,ptr):
- if x==selection[i]:
- already=True
- break
- if already:
- continue
-
- selection.append(x)
- ptr=ptr+1
-
-# curveset(big,field,curve,big_length_bytes,bits_in_base,modulus_bits,modulus_mod_8,modulus_type,curve_type,pairing_friendly,sextic twist,sign of x,curve security)
-# for each curve give names for big, field and curve. In many cases the latter two will be the same.
-# Typically "big" is the size in bits, always a multiple of 8, "field" describes the modulus, and "curve" is the common name for the elliptic curve
-# big_length_bytes is "big" divided by 8
-# Next give the number base used for 64 bit architectures, as n where the base is 2^n (note that these must be fixed for the same "big" name, if is ever re-used for another curve)
-# modulus_bits is the bit length of the modulus, typically the same or slightly smaller than "big"
-# modulus_mod_8 is the remainder when the modulus is divided by 8
-# modulus_type is NOT_SPECIAL, or PSEUDO_MERSENNE, or MONTGOMERY_Friendly, or GENERALISED_MERSENNE (supported for GOLDILOCKS only)
-# curve_type is WEIERSTRASS, EDWARDS or MONTGOMERY
-# pairing_friendly is BN, BLS or NOT (if not pairing friendly)
-# if pairing friendly. M or D type twist, and sign of the family parameter x
-# curve security is AES equiavlent, rounded up.
-
-
- if x==1:
- curveset("256","F25519","ED25519","32","56","255","5","PSEUDO_MERSENNE","EDWARDS","NOT","","","128")
- curve_selected=True
- if x==2:
- curveset("256","F25519","C25519","32","56","255","5","PSEUDO_MERSENNE","MONTGOMERY","NOT","","","128")
- curve_selected=True
- if x==3:
- curveset("256","NIST256","NIST256","32","56","256","7","NOT_SPECIAL","WEIERSTRASS","NOT","","","128")
- curve_selected=True
- if x==4:
- curveset("256","BRAINPOOL","BRAINPOOL","32","56","256","7","NOT_SPECIAL","WEIERSTRASS","NOT","","","128")
- curve_selected=True
- if x==5:
- curveset("256","ANSSI","ANSSI","32","56","256","7","NOT_SPECIAL","WEIERSTRASS","NOT","","","128")
- curve_selected=True
-
- if x==6:
- curveset("336","HIFIVE","HIFIVE","42","60","336","5","PSEUDO_MERSENNE","EDWARDS","NOT","","","192")
- curve_selected=True
- if x==7:
- curveset("448","GOLDILOCKS","GOLDILOCKS","56","58","448","7","GENERALISED_MERSENNE","EDWARDS","NOT","","","256")
- curve_selected=True
- if x==8:
- curveset("384","NIST384","NIST384","48","56","384","7","NOT_SPECIAL","WEIERSTRASS","NOT","","","192")
- curve_selected=True
- if x==9:
- curveset("416","C41417","C41417","52","60","414","7","PSEUDO_MERSENNE","EDWARDS","NOT","","","256")
- curve_selected=True
- if x==10:
- curveset("528","NIST521","NIST521","66","60","521","7","PSEUDO_MERSENNE","WEIERSTRASS","NOT","","","256")
- curve_selected=True
-
- if x==11:
- curveset("256","F256PMW","NUMS256W","32","56","256","3","PSEUDO_MERSENNE","WEIERSTRASS","NOT","","","128")
- curve_selected=True
- if x==12:
- curveset("256","F256PME","NUMS256E","32","56","256","3","PSEUDO_MERSENNE","EDWARDS","NOT","","","128")
- curve_selected=True
- if x==13:
- curveset("384","F384PM","NUMS384W","48","56","384","3","PSEUDO_MERSENNE","WEIERSTRASS","NOT","","","192")
- curve_selected=True
- if x==14:
- curveset("384","F384PM","NUMS384E","48","56","384","3","PSEUDO_MERSENNE","EDWARDS","NOT","","","192")
- curve_selected=True
- if x==15:
- curveset("512","F512PM","NUMS512W","64","56","512","7","PSEUDO_MERSENNE","WEIERSTRASS","NOT","","","256")
- curve_selected=True
- if x==16:
- curveset("512","F512PM","NUMS512E","64","56","512","7","PSEUDO_MERSENNE","EDWARDS","NOT","","","256")
- curve_selected=True
-
- if x==17:
- curveset("256","SECP256K1","SECP256K1","32","56","256","7","NOT_SPECIAL","WEIERSTRASS","NOT","","","128")
- curve_selected=True
-
- if x==18:
- curveset("256","BN254","BN254","32","56","254","3","NOT_SPECIAL","WEIERSTRASS","BN","D_TYPE","NEGATIVEX","128")
- pfcurve_selected=True
- if x==19:
- curveset("256","BN254CX","BN254CX","32","56","254","3","NOT_SPECIAL","WEIERSTRASS","BN","D_TYPE","NEGATIVEX","128")
- pfcurve_selected=True
- if x==20:
- curveset("384","BLS383","BLS383","48","58","383","3","NOT_SPECIAL","WEIERSTRASS","BLS","M_TYPE","POSITIVEX","128")
- pfcurve_selected=True
-
- if x==21:
- curveset("384","BLS381","BLS381","48","58","381","3","NOT_SPECIAL","WEIERSTRASS","BLS","M_TYPE","NEGATIVEX","128")
- pfcurve_selected=True
-
- if x==22:
- curveset("256","FP256BN","FP256BN","32","56","256","3","NOT_SPECIAL","WEIERSTRASS","BN","M_TYPE","NEGATIVEX","128")
- pfcurve_selected=True
- if x==23:
- curveset("512","FP512BN","FP512BN","64","60","512","3","NOT_SPECIAL","WEIERSTRASS","BN","M_TYPE","POSITIVEX","128")
- pfcurve_selected=True
-# https://eprint.iacr.org/2017/334.pdf
- if x==24:
- curveset("464","BLS461","BLS461","58","60","461","3","NOT_SPECIAL","WEIERSTRASS","BLS","M_TYPE","NEGATIVEX","128")
- pfcurve_selected=True
-
- if x==25:
- curveset("480","BLS24","BLS24","60","56","479","3","NOT_SPECIAL","WEIERSTRASS","BLS","M_TYPE","POSITIVEX","192")
- pfcurve_selected=True
-
- if x==26:
- curveset("560","BLS48","BLS48","70","58","556","3","NOT_SPECIAL","WEIERSTRASS","BLS","M_TYPE","POSITIVEX","256")
- pfcurve_selected=True
-
-
-# rsaset(big,ring,big_length_bytes,bits_in_base,multiplier)
-# for each choice give distinct names for "big" and "ring".
-# Typically "big" is the length in bits of the underlying big number type
-# "ring" is the RSA modulus size = "big" times 2^m
-# big_length_bytes is "big" divided by 8
-# Next give the number base used for 64 bit architectures, as n where the base is 2^n
-# multiplier is 2^m (see above)
-
-# There are choices here, different ways of getting the same result, but some faster than others
- if x==27:
- #256 is slower but may allow reuse of 256-bit BIGs used for elliptic curve
- #512 is faster.. but best is 1024
- rsaset("1024","RSA2048","128","58","2")
- #rsaset("512","RSA2048","64","60","4")
- #rsaset("256","RSA2048","32","56","8")
- rsa_selected=True
- if x==28:
- rsaset("384","RSA3072","48","56","8")
- rsa_selected=True
- if x==29:
- #rsaset("256","RSA4096","32","56","16")
- rsaset("512","RSA4096","64","60","8")
- rsa_selected=True
-
-
-os.system(deltext+" big.*")
-os.system(deltext+" fp.*")
-os.system(deltext+" ecp.*")
-os.system(deltext+" ecdh.*")
-os.system(deltext+" ff.*")
-os.system(deltext+" rsa.*")
-os.system(deltext+" config_big.h")
-os.system(deltext+" config_field.h")
-os.system(deltext+" config_curve.h")
-os.system(deltext+" config_ff.h")
-os.system(deltext+" fp2.*")
-os.system(deltext+" fp4.*")
-os.system(deltext+" fp8.*")
-os.system(deltext+" fp16.*")
-
-os.system(deltext+" fp12.*")
-os.system(deltext+" fp24.*")
-os.system(deltext+" fp48.*")
-
-os.system(deltext+" ecp2.*")
-os.system(deltext+" ecp4.*")
-os.system(deltext+" ecp8.*")
-
-os.system(deltext+" pair.*")
-os.system(deltext+" mpin.*")
-
-os.system(deltext+" pair192.*")
-os.system(deltext+" mpin192.*")
-
-os.system(deltext+" pair256.*")
-os.system(deltext+" mpin256.*")
-
-
-# create library
-os.system("g++ -O3 -c randapi.cpp")
-if curve_selected :
- os.system("g++ -O3 -c ecdh_support.cpp")
-if rsa_selected :
- os.system("g++ -O3 -c rsa_support.cpp")
-if pfcurve_selected :
- os.system("g++ -O3 -c pbc_support.cpp")
-
-os.system("g++ -O3 -c hash.cpp")
-os.system("g++ -O3 -c rand.cpp")
-os.system("g++ -O3 -c oct.cpp")
-os.system("g++ -O3 -c aes.cpp")
-os.system("g++ -O3 -c gcm.cpp")
-os.system("g++ -O3 -c newhope.cpp")
-
-if sys.platform.startswith("win") :
- os.system("for %i in (*.o) do @echo %~nxi >> f.list")
- os.system("ar rc amcl.a @f.list")
- os.system(deltext+" f.list")
-
-else :
- os.system("ar rc amcl.a *.o")
-
-os.system(deltext+" *.o")
-
-
-#print("Your section was ")
-#for i in range(0,ptr):
-# print (selection[i])
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/cpp/config_big.h
----------------------------------------------------------------------
diff --git a/version3/cpp/config_big.h b/version3/cpp/config_big.h
deleted file mode 100644
index 6d12010..0000000
--- a/version3/cpp/config_big.h
+++ /dev/null
@@ -1,12 +0,0 @@
-#ifndef CONFIG_BIG_XXX_H
-#define CONFIG_BIG_XXX_H
-
-#include"amcl.h"
-
-// BIG stuff
-
-#define MODBYTES_XXX @NB@
-#define BASEBITS_XXX @BASE@
-
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/cpp/config_curve.h
----------------------------------------------------------------------
diff --git a/version3/cpp/config_curve.h b/version3/cpp/config_curve.h
deleted file mode 100644
index 4f905d5..0000000
--- a/version3/cpp/config_curve.h
+++ /dev/null
@@ -1,47 +0,0 @@
-#ifndef CONFIG_CURVE_ZZZ_H
-#define CONFIG_CURVE_ZZZ_H
-
-#include"amcl.h"
-#include"config_field_YYY.h"
-
-// ECP stuff
-
-#define CURVETYPE_ZZZ @CT@
-#define PAIRING_FRIENDLY_ZZZ @PF@
-#define CURVE_SECURITY_ZZZ @CS@
-
-#if PAIRING_FRIENDLY_ZZZ != NOT
-#define USE_GLV_ZZZ /**< Note this method is patented (GLV), so maybe you want to comment this out */
-#define USE_GS_G2_ZZZ /**< Well we didn't patent it :) But may be covered by GLV patent :( */
-#define USE_GS_GT_ZZZ /**< Not patented, so probably safe to always use this */
-
-#define POSITIVEX 0
-#define NEGATIVEX 1
-
-#define SEXTIC_TWIST_ZZZ @ST@
-#define SIGN_OF_X_ZZZ @SX@
-
-#endif
-
-
-#if CURVE_SECURITY_ZZZ == 128
-#define AESKEY_ZZZ 16 /**< Symmetric Key size - 128 bits */
-#define HASH_TYPE_ZZZ SHA256 /**< Hash type */
-#endif
-
-#if CURVE_SECURITY_ZZZ == 192
-#define AESKEY_ZZZ 24 /**< Symmetric Key size - 192 bits */
-#define HASH_TYPE_ZZZ SHA384 /**< Hash type */
-#endif
-
-#if CURVE_SECURITY_ZZZ == 256
-#define AESKEY_ZZZ 32 /**< Symmetric Key size - 256 bits */
-#define HASH_TYPE_ZZZ SHA512 /**< Hash type */
-#endif
-
-
-
-namespace ZZZ_BIG=XXX;
-namespace ZZZ_FP=YYY;
-
-#endif
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/cpp/config_ff.h
----------------------------------------------------------------------
diff --git a/version3/cpp/config_ff.h b/version3/cpp/config_ff.h
deleted file mode 100644
index 33cb95a..0000000
--- a/version3/cpp/config_ff.h
+++ /dev/null
@@ -1,13 +0,0 @@
-#ifndef CONFIG_RSA_WWW_H
-#define CONFIG_RSA_WWW_H
-
-#include "amcl.h"
-#include "config_big_XXX.h"
-
-// FF stuff
-
-#define FFLEN_WWW @ML@ /**< 2^n multiplier of BIGBITS to specify supported Finite Field size, e.g 2048=256*2^3 where BIGBITS=256 */
-
-namespace WWW_BIG=XXX;
-
-#endif
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/cpp/config_field.h
----------------------------------------------------------------------
diff --git a/version3/cpp/config_field.h b/version3/cpp/config_field.h
deleted file mode 100644
index ab86941..0000000
--- a/version3/cpp/config_field.h
+++ /dev/null
@@ -1,15 +0,0 @@
-#ifndef CONFIG_FIELD_YYY_H
-#define CONFIG_FIELD_YYY_H
-
-#include"amcl.h"
-#include "config_big_XXX.h"
-
-// FP stuff
-
-#define MBITS_YYY @NBT@
-#define MOD8_YYY @M8@
-#define MODTYPE_YYY @MT@
-#define MAXXES_YYY @SH@
-
-
-#endif
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/cpp/ecdh.cpp
----------------------------------------------------------------------
diff --git a/version3/cpp/ecdh.cpp b/version3/cpp/ecdh.cpp
deleted file mode 100644
index d088b4d..0000000
--- a/version3/cpp/ecdh.cpp
+++ /dev/null
@@ -1,435 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* ECDH/ECIES/ECDSA Functions - see main program below */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <time.h>
-
-#include "ecdh_ZZZ.h"
-
-using namespace XXX;
-using namespace YYY;
-
-/* Calculate a public/private EC GF(p) key pair. W=S.G mod EC(p),
- * where S is the secret key and W is the public key
- * and G is fixed generator.
- * If RNG is NULL then the private key is provided externally in S
- * otherwise it is generated randomly internally */
-int ZZZ::ECP_KEY_PAIR_GENERATE(csprng *RNG,octet* S,octet *W)
-{
- BIG r,gx,gy,s;
- ECP G;
- int res=0;
-
- ECP_generator(&G);
-
- BIG_rcopy(r,CURVE_Order);
- if (RNG!=NULL)
- {
- BIG_randomnum(s,r,RNG);
- }
- else
- {
- BIG_fromBytes(s,S->val);
- BIG_mod(s,r);
- }
-
-#ifdef AES_S
- BIG_mod2m(s,2*AES_S);
-// BIG_toBytes(S->val,s);
-#endif
-
- S->len=EGS_ZZZ;
- BIG_toBytes(S->val,s);
-
-
- ECP_mul(&G,s);
-
- ECP_toOctet(W,&G,false); // To use point compression on public keys, change to true
-
-/*
-
-#if CURVETYPE_ZZZ!=MONTGOMERY
- ECP_get(gx,gy,&G);
-#else
- ECP_get(gx,&G);
-
-#endif
-
-
-
-#if CURVETYPE_ZZZ!=MONTGOMERY
- W->len=2*EFS_ZZZ+1;
- W->val[0]=4;
- BIG_toBytes(&(W->val[1]),gx);
- BIG_toBytes(&(W->val[EFS_ZZZ+1]),gy);
-#else
- W->len=EFS_ZZZ+1;
- W->val[0]=2;
- BIG_toBytes(&(W->val[1]),gx);
-#endif
-*/
-
- return res;
-}
-
-/* Validate public key */
-int ZZZ::ECP_PUBLIC_KEY_VALIDATE(octet *W)
-{
- BIG q,r,wx,k;
- ECP WP;
- int valid,nb;
- int res=0;
-
- BIG_rcopy(q,Modulus);
- BIG_rcopy(r,CURVE_Order);
-
- valid=ECP_fromOctet(&WP,W);
- if (!valid) res=ECDH_INVALID_PUBLIC_KEY;
-
-/*
- BIG_fromBytes(wx,&(W->val[1]));
- if (BIG_comp(wx,q)>=0) res=ECDH_INVALID_PUBLIC_KEY;
-#if CURVETYPE_ZZZ!=MONTGOMERY
- BIG wy;
- BIG_fromBytes(wy,&(W->val[EFS_ZZZ+1]));
- if (BIG_comp(wy,q)>=0) res=ECDH_INVALID_PUBLIC_KEY;
-#endif
-*/
- if (res==0)
- {
-
-//#if CURVETYPE_ZZZ!=MONTGOMERY
-// valid=ECP_set(&WP,wx,wy);
-//#else
-// valid=ECP_set(&WP,wx);
-//#endif
-// if (!valid || ECP_isinf(&WP)) res=ECDH_INVALID_PUBLIC_KEY;
-// if (res==0 )
-// {/* Check point is not in wrong group */
- nb=BIG_nbits(q);
- BIG_one(k);
- BIG_shl(k,(nb+4)/2);
- BIG_add(k,q,k);
- BIG_sdiv(k,r); /* get co-factor */
-
- while (BIG_parity(k)==0)
- {
- ECP_dbl(&WP);
- BIG_fshr(k,1);
- }
-
- if (!BIG_isunity(k)) ECP_mul(&WP,k);
- if (ECP_isinf(&WP)) res=ECDH_INVALID_PUBLIC_KEY;
-// }
- }
-
- return res;
-}
-
-/* IEEE-1363 Diffie-Hellman online calculation Z=S.WD */
-int ZZZ::ECP_SVDP_DH(octet *S,octet *WD,octet *Z)
-{
- BIG r,s,wx;
- int valid;
- ECP W;
- int res=0;
-
- BIG_fromBytes(s,S->val);
-
- valid=ECP_fromOctet(&W,WD);
-/*
- BIG_fromBytes(wx,&(WD->val[1]));
-#if CURVETYPE_ZZZ!=MONTGOMERY
- BIG wy;
- BIG_fromBytes(wy,&(WD->val[EFS_ZZZ+1]));
- valid=ECP_set(&W,wx,wy);
-#else
- valid=ECP_set(&W,wx);
-#endif
-*/
- if (!valid) res=ECDH_ERROR;
- if (res==0)
- {
- BIG_rcopy(r,CURVE_Order);
- BIG_mod(s,r);
-
- ECP_mul(&W,s);
- if (ECP_isinf(&W)) res=ECDH_ERROR;
- else
- {
-#if CURVETYPE_ZZZ!=MONTGOMERY
- ECP_get(wx,wx,&W);
-#else
- ECP_get(wx,&W);
-#endif
- Z->len=MODBYTES_XXX;
- BIG_toBytes(Z->val,wx);
- }
- }
- return res;
-}
-
-#if CURVETYPE_ZZZ!=MONTGOMERY
-
-/* IEEE ECDSA Signature, C and D are signature on F using private key S */
-int ZZZ::ECP_SP_DSA(int sha,csprng *RNG,octet *K,octet *S,octet *F,octet *C,octet *D)
-{
- char h[128];
- octet H= {0,sizeof(h),h};
-
- BIG r,s,f,c,d,u,vx,w;
- ECP G,V;
-
- ehashit(sha,F,-1,NULL,&H,sha);
-
- ECP_generator(&G);
-
- BIG_rcopy(r,CURVE_Order);
-
- BIG_fromBytes(s,S->val);
-
- int hlen=H.len;
- if (H.len>MODBYTES_XXX) hlen=MODBYTES_XXX;
- BIG_fromBytesLen(f,H.val,hlen);
-
-
- if (RNG!=NULL)
- {
-
- do
- {
-
- BIG_randomnum(u,r,RNG);
- BIG_randomnum(w,r,RNG); /* side channel masking */
-
-#ifdef AES_S
- BIG_mod2m(u,2*AES_S);
-#endif
- ECP_copy(&V,&G);
- ECP_mul(&V,u);
-
- ECP_get(vx,vx,&V);
-
- BIG_copy(c,vx);
- BIG_mod(c,r);
- if (BIG_iszilch(c)) continue;
-
- BIG_modmul(u,u,w,r);
-
-
- BIG_invmodp(u,u,r);
- BIG_modmul(d,s,c,r);
-
- BIG_add(d,f,d);
-
- BIG_modmul(d,d,w,r);
-
- BIG_modmul(d,u,d,r);
-
- }
- while (BIG_iszilch(d));
- }
- else
- {
- BIG_fromBytes(u,K->val);
- BIG_mod(u,r);
-
-#ifdef AES_S
- BIG_mod2m(u,2*AES_S);
-#endif
- ECP_copy(&V,&G);
- ECP_mul(&V,u);
-
- ECP_get(vx,vx,&V);
-
- BIG_copy(c,vx);
- BIG_mod(c,r);
- if (BIG_iszilch(c)) return ECDH_ERROR;
-
- BIG_invmodp(u,u,r);
- BIG_modmul(d,s,c,r);
-
- BIG_add(d,f,d);
-
- BIG_modmul(d,u,d,r);
- if (BIG_iszilch(d)) return ECDH_ERROR;
-
- }
-
- C->len=D->len=EGS_ZZZ;
-
- BIG_toBytes(C->val,c);
- BIG_toBytes(D->val,d);
-
- return 0;
-}
-
-/* IEEE1363 ECDSA Signature Verification. Signature C and D on F is verified using public key W */
-int ZZZ::ECP_VP_DSA(int sha,octet *W,octet *F, octet *C,octet *D)
-{
- char h[128];
- octet H= {0,sizeof(h),h};
-
- BIG r,wx,wy,f,c,d,h2;
- int res=0;
- ECP G,WP;
- int valid;
-
- ehashit(sha,F,-1,NULL,&H,sha);
-
- ECP_generator(&G);
-
- BIG_rcopy(r,CURVE_Order);
-
- OCT_shl(C,C->len-MODBYTES_XXX);
- OCT_shl(D,D->len-MODBYTES_XXX);
-
- BIG_fromBytes(c,C->val);
- BIG_fromBytes(d,D->val);
-
- int hlen=H.len;
- if (hlen>MODBYTES_XXX) hlen=MODBYTES_XXX;
-
- BIG_fromBytesLen(f,H.val,hlen);
-
- //BIG_fromBytes(f,H.val);
-
- if (BIG_iszilch(c) || BIG_comp(c,r)>=0 || BIG_iszilch(d) || BIG_comp(d,r)>=0)
- res=ECDH_INVALID;
-
- if (res==0)
- {
- BIG_invmodp(d,d,r);
- BIG_modmul(f,f,d,r);
- BIG_modmul(h2,c,d,r);
-
- valid=ECP_fromOctet(&WP,W);
-/*
- BIG_fromBytes(wx,&(W->val[1]));
- BIG_fromBytes(wy,&(W->val[EFS_ZZZ+1]));
-
- valid=ECP_set(&WP,wx,wy);
-*/
- if (!valid) res=ECDH_ERROR;
- else
- {
- ECP_mul2(&WP,&G,h2,f);
-
- if (ECP_isinf(&WP)) res=ECDH_INVALID;
- else
- {
- ECP_get(d,d,&WP);
- BIG_mod(d,r);
- if (BIG_comp(d,c)!=0) res=ECDH_INVALID;
- }
- }
- }
-
- return res;
-}
-
-/* IEEE1363 ECIES encryption. Encryption of plaintext M uses public key W and produces ciphertext V,C,T */
-void ZZZ::ECP_ECIES_ENCRYPT(int sha,octet *P1,octet *P2,csprng *RNG,octet *W,octet *M,int tlen,octet *V,octet *C,octet *T)
-{
-
- int i,len;
- char z[EFS_ZZZ],vz[3*EFS_ZZZ+1],k[2*AESKEY_ZZZ],k1[AESKEY_ZZZ],k2[AESKEY_ZZZ],l2[8],u[EFS_ZZZ];
- octet Z= {0,sizeof(z),z};
- octet VZ= {0,sizeof(vz),vz};
- octet K= {0,sizeof(k),k};
- octet K1= {0,sizeof(k1),k1};
- octet K2= {0,sizeof(k2),k2};
- octet L2= {0,sizeof(l2),l2};
- octet U= {0,sizeof(u),u};
-
- if (ECP_KEY_PAIR_GENERATE(RNG,&U,V)!=0) return;
- if (ECP_SVDP_DH(&U,W,&Z)!=0) return;
-
- OCT_copy(&VZ,V);
- OCT_joctet(&VZ,&Z);
-
- KDF2(sha,&VZ,P1,2*AESKEY_ZZZ,&K);
-
- K1.len=K2.len=AESKEY_ZZZ;
- for (i=0; i<AESKEY_ZZZ; i++)
- {
- K1.val[i]=K.val[i];
- K2.val[i]=K.val[AESKEY_ZZZ+i];
- }
-
- AES_CBC_IV0_ENCRYPT(&K1,M,C);
-
- OCT_jint(&L2,P2->len,8);
-
- len=C->len;
- OCT_joctet(C,P2);
- OCT_joctet(C,&L2);
- HMAC(sha,C,&K2,tlen,T);
- C->len=len;
-}
-
-/* IEEE1363 ECIES decryption. Decryption of ciphertext V,C,T using private key U outputs plaintext M */
-int ZZZ::ECP_ECIES_DECRYPT(int sha,octet *P1,octet *P2,octet *V,octet *C,octet *T,octet *U,octet *M)
-{
-
- int i,len;
- char z[EFS_ZZZ],vz[3*EFS_ZZZ+1],k[2*AESKEY_ZZZ],k1[AESKEY_ZZZ],k2[AESKEY_ZZZ],l2[8],tag[32];
- octet Z= {0,sizeof(z),z};
- octet VZ= {0,sizeof(vz),vz};
- octet K= {0,sizeof(k),k};
- octet K1= {0,sizeof(k1),k1};
- octet K2= {0,sizeof(k2),k2};
- octet L2= {0,sizeof(l2),l2};
- octet TAG= {0,sizeof(tag),tag};
-
- if (ECP_SVDP_DH(U,V,&Z)!=0) return 0;
-
- OCT_copy(&VZ,V);
- OCT_joctet(&VZ,&Z);
-
- KDF2(sha,&VZ,P1,2*AESKEY_ZZZ,&K);
-
- K1.len=K2.len=AESKEY_ZZZ;
- for (i=0; i<AESKEY_ZZZ; i++)
- {
- K1.val[i]=K.val[i];
- K2.val[i]=K.val[AESKEY_ZZZ+i];
- }
-
- if (!AES_CBC_IV0_DECRYPT(&K1,C,M)) return 0;
-
- OCT_jint(&L2,P2->len,8);
-
- len=C->len;
- OCT_joctet(C,P2);
- OCT_joctet(C,&L2);
- HMAC(sha,C,&K2,T->len,&TAG);
- C->len=len;
-
- if (!OCT_ncomp(T,&TAG,T->len)) return 0;
-
- return 1;
-
-}
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/cpp/ecdh.h
----------------------------------------------------------------------
diff --git a/version3/cpp/ecdh.h b/version3/cpp/ecdh.h
deleted file mode 100644
index f1f1873..0000000
--- a/version3/cpp/ecdh.h
+++ /dev/null
@@ -1,154 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/**
- * @file ecdh.h
- * @author Mike Scott and Kealan McCusker
- * @date 2nd June 2015
- * @brief ECDH Header file for implementation of standard EC protocols
- *
- * declares functions
- *
- */
-
-#ifndef ECDH_ZZZ_H
-#define ECDH_ZZZ_H
-
-#include "ecp_ZZZ.h"
-#include "ecdh_support.h"
-
-using namespace amcl;
-
-
-/*** START OF USER CONFIGURABLE SECTION - ***/
-
-/*** START OF USER CONFIGURABLE SECTION - ***/
-
-
-/*** END OF USER CONFIGURABLE SECTION ***/
-
-#define EGS_ZZZ MODBYTES_XXX /**< ECC Group Size in bytes */
-#define EFS_ZZZ MODBYTES_XXX /**< ECC Field Size in bytes */
-
-#define ECDH_OK 0 /**< Function completed without error */
-/*#define ECDH_DOMAIN_ERROR -1*/
-#define ECDH_INVALID_PUBLIC_KEY -2 /**< Public Key is Invalid */
-#define ECDH_ERROR -3 /**< ECDH Internal Error */
-#define ECDH_INVALID -4 /**< ECDH Internal Error */
-/*#define ECDH_DOMAIN_NOT_FOUND -5
-#define ECDH_OUT_OF_MEMORY -6
-#define ECDH_DIV_BY_ZERO -7
-#define ECDH_BAD_ASSUMPTION -8*/
-
-
-namespace ZZZ {
-
-/* ECDH primitives */
-/** @brief Generate an ECC public/private key pair
- *
- @param R is a pointer to a cryptographically secure random number generator
- @param s the private key, an output internally randomly generated if R!=NULL, otherwise must be provided as an input
- @param W the output public key, which is s.G, where G is a fixed generator
- @return 0 or an error code
- */
-extern int ECP_KEY_PAIR_GENERATE(csprng *R,octet *s,octet *W);
-/** @brief Validate an ECC public key
- *
- @param W the input public key to be validated
- @return 0 if public key is OK, or an error code
- */
-extern int ECP_PUBLIC_KEY_VALIDATE(octet *W);
-
-/* ECDH primitives */
-
-/** @brief Generate Diffie-Hellman shared key
- *
- IEEE-1363 Diffie-Hellman shared secret calculation
- @param s is the input private key,
- @param W the input public key of the other party
- @param K the output shared key, in fact the x-coordinate of s.W
- @return 0 or an error code
- */
-extern int ECP_SVDP_DH(octet *s,octet *W,octet *K);
-/*extern int ECPSVDP_DHC(octet *,octet *,int,octet *);*/
-
-/*#if CURVETYPE!=MONTGOMERY */
-/* ECIES functions */
-/*#if CURVETYPE!=MONTGOMERY */
-/* ECIES functions */
-/** @brief ECIES Encryption
- *
- IEEE-1363 ECIES Encryption
- @param h is the hash type
- @param P1 input Key Derivation parameters
- @param P2 input Encoding parameters
- @param R is a pointer to a cryptographically secure random number generator
- @param W the input public key of the recieving party
- @param M is the plaintext message to be encrypted
- @param len the length of the HMAC tag
- @param V component of the output ciphertext
- @param C the output ciphertext
- @param T the output HMAC tag, part of the ciphertext
- */
-extern void ECP_ECIES_ENCRYPT(int h,octet *P1,octet *P2,csprng *R,octet *W,octet *M,int len,octet *V,octet *C,octet *T);
-/** @brief ECIES Decryption
- *
- IEEE-1363 ECIES Decryption
- @param h is the hash type
- @param P1 input Key Derivation parameters
- @param P2 input Encoding parameters
- @param V component of the input ciphertext
- @param C the input ciphertext
- @param T the input HMAC tag, part of the ciphertext
- @param U the input private key for decryption
- @param M the output plaintext message
- @return 1 if successful, else 0
- */
-extern int ECP_ECIES_DECRYPT(int h,octet *P1,octet *P2,octet *V,octet *C,octet *T,octet *U,octet *M);
-
-/* ECDSA functions */
-/** @brief ECDSA Signature
- *
- IEEE-1363 ECDSA Signature
- @param h is the hash type
- @param R is a pointer to a cryptographically secure random number generator
- @param k Ephemeral key. This value is used when R=NULL
- @param s the input private signing key
- @param M the input message to be signed
- @param c component of the output signature
- @param d component of the output signature
-
- */
-extern int ECP_SP_DSA(int h,csprng *R,octet *k,octet *s,octet *M,octet *c,octet *d);
-/** @brief ECDSA Signature Verification
- *
- IEEE-1363 ECDSA Signature Verification
- @param h is the hash type
- @param W the input public key
- @param M the input message
- @param c component of the input signature
- @param d component of the input signature
- @return 0 or an error code
- */
-extern int ECP_VP_DSA(int h,octet *W,octet *M,octet *c,octet *d);
-/*#endif*/
-}
-
-#endif
-
[39/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/go/ROM32.go
----------------------------------------------------------------------
diff --git a/version22/go/ROM32.go b/version22/go/ROM32.go
deleted file mode 100644
index 9bf8ed1..0000000
--- a/version22/go/ROM32.go
+++ /dev/null
@@ -1,825 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Fixed Data in ROM - Field and Curve parameters */
-
-package main
-
-type Chunk int32
-type DChunk int64
-
-/* First the 32/64-bit dependent BIG code */
-/* Note that because of the lack of a 128-bit integer, 32 and 64-bit code needs to be done differently */
-
-func pexceed(a *BIG,b *BIG) bool {
- ea:=EXCESS(a)
- eb:=EXCESS(b)
- if DChunk(ea+1)*DChunk(eb+1)>DChunk(FEXCESS) {return true}
- return false
-}
-
-func sexceed(a *BIG) bool {
- ea:=EXCESS(a)
- if DChunk(ea+1)*DChunk(ea+1)>DChunk(FEXCESS) {return true}
- return false
-}
-
-func ff_pexceed(a *BIG,b *BIG) bool {
- ea:=FF_EXCESS(a)
- eb:=FF_EXCESS(b)
- if DChunk(ea+1)*DChunk(eb+1)>DChunk(P_FEXCESS) {return true}
- return false
-}
-
-func ff_sexceed(a *BIG) bool {
- ea:=FF_EXCESS(a)
- if DChunk(ea+1)*DChunk(ea+1)>DChunk(P_FEXCESS) {return true}
- return false
-}
-
-/* return a*b as DBIG */
-func mul(a *BIG,b *BIG) *DBIG {
- c:=NewDBIG()
- var d [NLEN]DChunk
-
- for i:=0;i<NLEN;i++ {
- d[i]=DChunk(a.w[i])*DChunk(b.w[i])
- }
- s:=d[0]
- t:=s; c.w[0]=Chunk(t)&BMASK; co:=t>>BASEBITS
-
- for k:=1;k<NLEN;k++ {
- s+=d[k]; t=co+s; for i:=k;i>=1+k/2;i-- {t+=DChunk(a.w[i]-a.w[k-i])*DChunk(b.w[k-i]-b.w[i])}; c.w[k]=Chunk(t)&BMASK; co=t>>BASEBITS
- }
-
- for k:=NLEN;k<2*NLEN-1;k++ {
- s-=d[k-NLEN]; t=co+s; for i:=NLEN-1;i>=1+k/2;i-- {t+=DChunk(a.w[i]-a.w[k-i])*DChunk(b.w[k-i]-b.w[i])}; c.w[k]=Chunk(t)&BMASK; co=t>>BASEBITS
- }
- c.w[2*NLEN-1]=Chunk(co)
-
- return c
-}
-
-/* return a^2 as DBIG */
-func sqr(a *BIG) *DBIG {
- var j int
- c:=NewDBIG()
-
- t:=DChunk(a.w[0])*DChunk(a.w[0])
- c.w[0]=Chunk(t)&BMASK; co:=t>>BASEBITS;
-
- t=DChunk(a.w[1])*DChunk(a.w[0]); t+=t; t+=co
- c.w[1]=Chunk(t)&BMASK; co=t>>BASEBITS
-
- last:=NLEN-(NLEN%2)
- for j=2;j<last;j+=2 {
- t=DChunk(a.w[j])*DChunk(a.w[0]); for i:=1;i<(j+1)/2;i++ {t+=DChunk(a.w[j-i])*DChunk(a.w[i])}; t+=t; t+=co; t+=DChunk(a.w[j/2])*DChunk(a.w[j/2])
- c.w[j]=Chunk(t)&BMASK; co=t>>BASEBITS
- t=DChunk(a.w[j+1])*DChunk(a.w[0]); for i:=1;i<(j+2)/2;i++ {t+=DChunk(a.w[j+1-i])*DChunk(a.w[i])}; t+=t; t+=co
- c.w[j+1]=Chunk(t)&BMASK; co=t>>BASEBITS
- }
- j=last;
- if (NLEN%2)==1 {
- t=DChunk(a.w[j])*DChunk(a.w[0]); for i:=1;i<(j+1)/2;i++ {t+=DChunk(a.w[j-i])*DChunk(a.w[i])}; t+=t; t+=co; t+=DChunk(a.w[j/2])*DChunk(a.w[j/2])
- c.w[j]=Chunk(t)&BMASK; co=t>>BASEBITS; j+=1
- t=DChunk(a.w[NLEN-1])*DChunk(a.w[j-NLEN+1]); for i:=j-NLEN+2;i<(j+1)/2;i++ {t+=DChunk(a.w[j-i])*DChunk(a.w[i])}; t+=t; t+=co
- c.w[j]=Chunk(t)&BMASK; co=t>>BASEBITS; j+=1
- }
- for ;j<DNLEN-2;j+=2 {
- t=DChunk(a.w[NLEN-1])*DChunk(a.w[j-NLEN+1]); for i:=j-NLEN+2;i<(j+1)/2;i++ {t+=DChunk(a.w[j-i])*DChunk(a.w[i])}; t+=t; t+=co; t+=DChunk(a.w[j/2])*DChunk(a.w[j/2])
- c.w[j]=Chunk(t)&BMASK; co=t>>BASEBITS
- t=DChunk(a.w[NLEN-1])*DChunk(a.w[j-NLEN+2]); for i:=j-NLEN+3;i<(j+2)/2;i++ {t+=DChunk(a.w[j+1-i])*DChunk(a.w[i])}; t+=t; t+=co
- c.w[j+1]=Chunk(t)&BMASK; co=t>>BASEBITS
- }
-
- t=DChunk(a.w[NLEN-1])*DChunk(a.w[NLEN-1])+co
- c.w[DNLEN-2]=Chunk(t)&BMASK; co=t>>BASEBITS
- c.w[DNLEN-1]=Chunk(co)
-
- return c
-}
-
-func monty(m* BIG, mc Chunk,d* DBIG) *BIG {
- var dd [NLEN]DChunk
-
- var v [NLEN]Chunk
- b:=NewBIG()
-
- t:=DChunk(d.w[0]); v[0]=(Chunk(t)*mc)&BMASK; t+=DChunk(v[0])*DChunk(m.w[0]); c:=(t>>BASEBITS)+DChunk(d.w[1]); s:=DChunk(0)
-
- for k:=1;k<NLEN;k++ {
- t=c+s+DChunk(v[0])*DChunk(m.w[k])
- for i:=k-1;i>k/2;i-- {t+=DChunk(v[k-i]-v[i])*DChunk(m.w[i]-m.w[k-i])}
- v[k]=(Chunk(t)*mc)&BMASK; t+=DChunk(v[k])*DChunk(m.w[0]); c=(t>>BASEBITS)+DChunk(d.w[k+1])
- dd[k]=DChunk(v[k])*DChunk(m.w[k]); s+=dd[k]
- }
- for k:=NLEN;k<2*NLEN-1;k++ {
- t=c+s;
- for i:=NLEN-1;i>=1+k/2;i-- {t+=DChunk(v[k-i]-v[i])*DChunk(m.w[i]-m.w[k-i])}
- b.w[k-NLEN]=Chunk(t)&BMASK; c=(t>>BASEBITS)+DChunk(d.w[k+1]); s-=dd[k-NLEN+1]
- }
- b.w[NLEN-1]=Chunk(c)&BMASK;
- b.norm()
- return b
-}
-
-
-/* set this[i]+=x*y+c, and return high part */
-func muladd(a Chunk,b Chunk,c Chunk,r Chunk) (Chunk,Chunk) {
- var prod=DChunk(a)*DChunk(b)+DChunk(c)+DChunk(r);
- bot:=Chunk(prod)&BMASK;
- top:=Chunk(prod>>BASEBITS);
- return top,bot
-}
-
-
-/********************************************/
-
-/* Set Curve */
-/* Don't Modify from here... */
-
-const CHUNK int=32 /* Set word size */
-
-const NOT_SPECIAL int=0
-const PSEUDO_MERSENNE int=1
-const MONTGOMERY_FRIENDLY int=2
-const GENERALISED_MERSENNE int=3
-const WEIERSTRASS int=0
-const EDWARDS int=1
-const MONTGOMERY int=2
-const BN_CURVE int=0
-const BLS_CURVE int=1
-
-/* ...to here */
-
-
-/*** Enter Some Field details here ***/
-// Curve 25519
-// const MODBITS uint=255
-// const MOD8 uint=5
-// const BASEBITS uint=29
-// const AES_S uint= 0
-
-// NIST256 or Brainpool
-// const MODBITS uint=256
-// const MOD8 uint=7
-// const BASEBITS uint=29
-// const AES_S uint= 0
-
-// MF254
-// const MODBITS uint=254
-// const MOD8 uint=7
-// const BASEBITS uint=29
-// const AES_S uint= 0
-
-// MS255
-// const MODBITS uint= 255
-// const MOD8 uint= 3
-// const BASEBITS uint=29
-// const AES_S uint= 0
-
-// MF256
-// const MODBITS uint=256
-// const MOD8 uint=7
-// const BASEBITS uint=29
-// const AES_S uint= 0
-
-// MS256
-// const MODBITS uint= 256
-// const MOD8 uint= 3
-// const BASEBITS uint=29
-// const AES_S uint= 0
-
-// ANSSI
-// const MODBITS uint= 256
-// const MOD8 uint= 3
-// const BASEBITS uint=29
-// const AES_S uint= 0
-
-// BN254 Curve
-// const MODBITS uint=254 /* Number of bits in Modulus */
-// const MOD8 uint=3 /* Modulus mod 8 */
-// const BASEBITS uint=29
-// const AES_S uint= 0
-
-// BN454 Curve
-//const MODBITS uint=454 /* Number of bits in Modulus */
-//const MOD8 uint=3 /* Modulus mod 8 */
-//const BASEBITS uint=29
-//const AES_S uint= 128
-
-// BLS383 Curve
-const MODBITS uint=383 /* Number of bits in Modulus */
-const MOD8 uint=3 /* Modulus mod 8 */
-const BASEBITS uint=28
-const AES_S uint= 0
-
-// BLS455 Curve
-//const MODBITS uint=455 /* Number of bits in Modulus */
-//const MOD8 uint=3 /* Modulus mod 8 */
-//const BASEBITS uint=29
-//const AES_S uint= 128
-
-// HIFIVE Curve
-// const MODBITS uint=336
-// const MOD8 uint=5
-// const BASEBITS uint=29
-// const AES_S uint= 128
-
-// GOLDILOCKS
-// const MODBITS uint=448
-// const MOD8 uint=7
-// const BASEBITS uint=29
-// const AES_S uint= 0
-
-// NIST384
-// const MODBITS uint=384
-// const MOD8 uint=7
-// const BASEBITS uint=29
-// const AES_S uint= 0
-
-// C41417
-// const MODBITS uint=414
-// const MOD8 uint=7
-// const BASEBITS uint=29
-// const AES_S uint= 0
-
-// NIST521
-// const MODBITS uint=521
-// const MOD8 uint=7
-// const BASEBITS uint=28
-// const AES_S uint= 0
-
-// BN646 Curve
-// const MODBITS uint=646
-// const MOD8 uint=3
-// const BASEBITS uint=29
-// const AES_S uint= 192
-
-/* RSA/DH modulus length as multiple of BIGBITS */
-const FFLEN int=4
-
-/* Don't Modify from here... */
-const NLEN int=int((1+((MODBITS-1)/BASEBITS)))
-const DNLEN int=2*NLEN
-const BMASK Chunk= ((Chunk(1)<<BASEBITS)-1)
-const MODBYTES uint=(1+(MODBITS-1)/8)
-const HBITS uint=(BASEBITS/2)
-const HMASK Chunk= ((Chunk(1)<<HBITS)-1)
-const NEXCESS int=(1<<(uint(CHUNK)-BASEBITS-1));
-const FEXCESS Chunk=(Chunk(1)<<(BASEBITS*uint(NLEN)-MODBITS))
-const OMASK Chunk= ((Chunk(-1))<<(MODBITS%BASEBITS))
-const TBITS uint=MODBITS%BASEBITS // Number of active bits in top word
-const TMASK Chunk=(Chunk(1)<<TBITS)-1
-const BIGBITS int=int(MODBYTES*8)
-
-/* Finite field support - for RSA, DH etc. */
-const FF_BITS int=(BIGBITS*FFLEN) /* Finite Field Size in bits - must be 256.2^n */
-const HFLEN int=(FFLEN/2) /* Useful for half-size RSA private key operations */
-
-const P_MBITS uint=MODBYTES*8
-const P_MB uint=(P_MBITS%BASEBITS)
-const P_OMASK Chunk=(Chunk(-1)<<(P_MBITS%BASEBITS))
-const P_FEXCESS Chunk=(Chunk(1)<<(BASEBITS*uint(NLEN)-P_MBITS))
-const P_TBITS uint=(P_MBITS%BASEBITS)
-
-/* ...to here */
-
-
-// START SPECIFY FIELD DETAILS HERE
-//*********************************************************************************
-// Curve25519 Modulus
-// const MODTYPE int=PSEUDO_MERSENNE
-// var Modulus = [...]Chunk {0x1FFFFFED,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFFF}
-// const MConst Chunk=0x13
-
-// NIST-256 Curve
-// const MODTYPE int=NOT_SPECIAL
-// var Modulus = [...]Chunk {0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FF,0x0,0x0,0x40000,0x1FE00000,0xFFFFFF}
-// const MConst Chunk=0x1
-
-// MF254 Modulus
-// const MODTYPE int=MONTGOMERY_FRIENDLY
-// var Modulus= [...]Chunk {0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3F80FF}
-// const MConst Chunk=0x3F8100
-
-// MS255 Modulus
-// const MODTYPE int= 1
-// var Modulus= [...]Chunk {0x1FFFFD03,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFFF}
-// const MConst Chunk=0x2FD
-
-// MF256 Modulus
-// const MODTYPE int= 2
-// var Modulus= [...]Chunk {0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFFA7FF}
-// const MConst Chunk=0xFFA800
-
-// MS256 Modulus
-// const MODTYPE int= 1
-// var Modulus= [...]Chunk {0x1FFFFF43,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFFFFFF}
-// const MConst Chunk=0xBD
-
-// Brainpool
-// const MODTYPE int= NOT_SPECIAL
-// var Modulus= [...]Chunk {0x1F6E5377,0x9A40E8,0x9880A08,0x17EC47AA,0x18D726E3,0x5484EC1,0x6F0F998,0x1B743DD5,0xA9FB57}
-// const MConst Chunk =0xEFD89B9
-
-// ANSSI
-//const MODTYPE int= 0
-// var Modulus= [...]Chunk {0x186E9C03,0x7E79A9E,0x12329B7A,0x35B7957,0x435B396,0x16F46721,0x163C4049,0x1181675A,0xF1FD17}
-// const MConst Chunk=0x164E1155
-
-// BNCX Curve Modulus
-//const MODTYPE int=NOT_SPECIAL
-//var Modulus= [...]Chunk {0x1C1B55B3,0x13311F7A,0x24FB86F,0x1FADDC30,0x166D3243,0xFB23D31,0x836C2F7,0x10E05,0x240000}
-//const MConst Chunk=0x19789E85
-
-// HIFIVE Curve
-// const MODTYPE int=PSEUDO_MERSENNE
-// var Modulus= [...]Chunk {0x1FFFFFFD,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFF}
-// const MConst Chunk=0x3
-
-//GOLDILOCKS
-// const MODTYPE int=GENERALISED_MERSENNE
-// var Modulus= [...]Chunk {0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FDFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFF}
-// const MConst Chunk=0x1
-
-// NIST384 Curve Modulus
-// const MODTYPE int=NOT_SPECIAL
-// var Modulus= [...]Chunk {0x1FFFFFFF,0x7,0x0,0x1FFFFE00,0x1FFFEFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7F}
-// const MConst Chunk=0x1
-
-// C41417 Curve Modulus
-// const MODTYPE int=PSEUDO_MERSENNE
-// var Modulus= [...]Chunk {0x1FFFFFEF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFF}
-// const MConst Chunk=0x11
-
-// NIST521
-// const MODTYPE int=PSEUDO_MERSENNE
-// var Modulus= [...]Chunk {0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0x1FFFF}
-// const MConst Chunk=0x1
-
-// BN646
-// const MODTYPE int=NOT_SPECIAL
-// var Modulus= [...]Chunk {0x404E013,0x1203604,0x4E0000,0x80A2084,0x2,0xC90420,0x4051078,0x3600001,0xA20660,0x36,0x5100900,0x10288468,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90}
-// const MConst Chunk=0x15F615E5
-
-
-// BN254 Curve
-// const MODTYPE int=NOT_SPECIAL
-// var Modulus= [...]Chunk {0x13,0x18000000,0x4E9,0x2000000,0x8612,0x6C00000,0x6E8D1,0x10480000,0x252364}
-// const MConst Chunk=0x179435E5
-
-// BN454 Curve
-// const MODTYPE int=NOT_SPECIAL
-// var Modulus= [...]Chunk {0x13,0x270,0x2100,0x1C00D89C,0x25084,0xA284,0x24720,0x10803AA1,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000}
-// const MConst Chunk=0x179435E5
-
-// BLS383 Curve
- const MODTYPE int=NOT_SPECIAL
- var Modulus= [...]Chunk {0xAAD556B,0xACAAB52,0x5F75D7A,0x1BB0147,0xD5D7520,0xCF73083,0xF99EB16,0x531820,0xA68EA32,0x2C01355,0x552A785,0x5C6105C,0x80A9F7,0x7AC52}
- const MConst Chunk=0x123D0BD
-
-
-// BLS455 Curve
-// const MODTYPE int=NOT_SPECIAL
-// var Modulus= [...]Chunk {0x2AB,0x1500000C,0xAAA55AA,0xB12AAD6,0x6D1BA6C,0xCCA5674,0x12E2CF6E,0xA9F9662,0x34BD939,0x12D8EAB1,0xFD9978E,0x9240600,0xE0F95B,0xAAB9550,0x55555E5,0xAAAAB}
-// const MConst Chunk=0x1F4017FD
-
-
-// BNT Curve
-// const MODTYPE int=NOT_SPECIAL
-// var Modulus= [...]Chunk {0xEB4A713,0x14EDDFF7,0x1D192EAF,0x14AAAC29,0xD5F06E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120}
-// const MConst Chunk=0x1914C4E5
-
-// BNT2 Curve
-// const MODTYPE int=NOT_SPECIAL
-// var Modulus= [...]Chunk {0x1460A48B,0x596E15D,0x1C35947A,0x1F27C851,0x1D00081C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004}
-// const MConst Chunk=0x6505CDD
-
-// START SPECIFY CURVE DETAILS HERE
-//*********************************************************************************
-
-// Ed25519 Curve
-// const CURVETYPE int=EDWARDS
-// const CURVE_A int = -1
-// var CURVE_B = [...]Chunk {0x135978A3,0xF5A6E50,0x10762ADD,0x149A82,0x1E898007,0x3CBBBC,0x19CE331D,0x1DC56DFF,0x52036C}
-// var CURVE_Order = [...]Chunk {0x1CF5D3ED,0x9318D2,0x1DE73596,0x1DF3BD45,0x14D,0x0,0x0,0x0,0x100000}
-// var CURVE_Gx = [...]Chunk {0xF25D51A,0xAB16B04,0x969ECB2,0x198EC12A,0xDC5C692,0x1118FEEB,0xFFB0293,0x1A79ADCA,0x216936}
-// var CURVE_Gy = [...]Chunk {0x6666658,0x13333333,0x19999999,0xCCCCCCC,0x6666666,0x13333333,0x19999999,0xCCCCCCC,0x666666}
-
-// NIST-256 Curve
-// const CURVETYPE int=WEIERSTRASS
-// const CURVE_A int = -3
-// var CURVE_B = [...]Chunk {0x7D2604B,0x1E71E1F1,0x14EC3D8E,0x1A0D6198,0x86BC651,0x1EAABB4C,0xF9ECFAE,0x1B154752,0x5AC635};
-// var CURVE_Order = [...]Chunk {0x1C632551,0x1DCE5617,0x5E7A13C,0xDF55B4E,0x1FFFFBCE,0x1FFFFFFF,0x3FFFF,0x1FE00000,0xFFFFFF};
-// var CURVE_Gx = [...]Chunk {0x1898C296,0x509CA2E,0x1ACCE83D,0x6FB025B,0x40F2770,0x1372B1D2,0x91FE2F3,0x1E5C2588,0x6B17D1};
-// var CURVE_Gy = [...]Chunk {0x17BF51F5,0x1DB20341,0xC57B3B2,0x1C66AED6,0x19E162BC,0x15A53E07,0x1E6E3B9F,0x1C5FC34F,0x4FE342};
-
-
-// MF254 Modulus, Weierstrass Curve w-254-mont
-// const CURVETYPE int=WEIERSTRASS
-// const CURVE_A int = -3
-// var CURVE_B = [...]Chunk {0x1FFFD08D,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3F80FF}
-// var CURVE_Order = [...]Chunk {0xF8DF83F,0x1D20CE25,0x8DD701B,0x317D41B,0x1FFFFEB8,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3F80FF}
-// var CURVE_Gx = [...]Chunk {0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}
-// var CURVE_Gy = [...]Chunk {0x190D4EBC,0xB2EF9BF,0x14464C6B,0xE71C7F0,0x18AEBDFB,0xD3ADEBB,0x18052B85,0x1A6765CA,0x140E3F}
-
-
-// MF254 Modulus, Edwards Curve ed-254-mont
-// const CURVETYPE int= EDWARDS
-// const CURVE_A int= -1
-// var CURVE_B = [...]Chunk {0x367B,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}
-// var CURVE_Order=[...]Chunk {0x46E98C7,0x179E9FF6,0x158BEC3A,0xA60D917,0x1FFFFEB9,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFE03F}
-// var CURVE_Gx =[...]Chunk {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}
-// var CURVE_Gy =[...]Chunk {0xF2701E5,0x29687ED,0xC84861F,0x535081C,0x3F4E363,0x6A811B,0xCD65474,0x121AD498,0x19F0E6}
-
-// MF254 Modulus, Montgomery Curve
-// const CURVETYPE int=MONTGOMERY
-// const CURVE_A int= -55790;
-// var CURVE_B = [...]Chunk {0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0} // not used
-// var CURVE_Order=[...]Chunk {0x46E98C7,0x179E9FF6,0x158BEC3A,0xA60D917,0x1FFFFEB9,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFE03F}
-// var CURVE_Gx =[...]Chunk {0x3,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}
-// var CURVE_Gy =[...]Chunk {0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0} // not used
-
-// MS255 Modulus, Weierstrass Curve
-// const CURVETYPE int= WEIERSTRASS;
-// const CURVE_A int= -3;
-// var CURVE_B = [...]Chunk {0x1FFFAB46,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFFF}
-// var CURVE_Order=[...]Chunk {0x1C594AEB,0x1C7D64C1,0x14ACF7EA,0x14705075,0x1FFFF864,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFFF}
-// var CURVE_Gx =[...]Chunk {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}
-// var CURVE_Gy =[...]Chunk {0x9CB44BA,0x199FFB3B,0x1F698345,0xD8F19BB,0x17D177DB,0x1FFCD97F,0xCE487A,0x181DB74F,0x6F7A6A}
-
-
-// MS255 Modulus, Edwards Curve
-// const CURVETYPE int= EDWARDS
-// const CURVE_A int= -1
-// var CURVE_B = [...]Chunk {0xEA97,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}
-// var CURVE_Order=[...]Chunk {0x436EB75,0x24E8F68,0x9A0CBAB,0x34F0BDB,0x1FFFFDCF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFF}
-// var CURVE_Gx =[...]Chunk {0x4,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}
-// var CURVE_Gy =[...]Chunk {0x108736A0,0x11512ADE,0x1116916E,0x29715DA,0x47E5529,0x66EC706,0x1517B095,0xA694F76,0x26CB78}
-
-
-// MS255 Modulus, Montgomery Curve
-// const CURVETYPE int=MONTGOMERY
-// const CURVE_A int=-240222
-// var CURVE_B = [...]Chunk {0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0} // not used
-// var CURVE_Order=[...]Chunk {0x436EB75,0x24E8F68,0x9A0CBAB,0x34F0BDB,0x1FFFFDCF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFF}
-// var CURVE_Gx =[...]Chunk {0x4,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}
-// var CURVE_Gy =[...]Chunk {0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0} // not used
-
-
-// MF256 Modulus, Weierstrass Curve
-// const CURVETYPE int= WEIERSTRASS;
-// const CURVE_A int= -3;
-// var CURVE_B = [...]Chunk {0x14E6A,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-// var CURVE_Order=[...]Chunk {0x79857EB,0x8862F0D,0x1941D2E7,0x2EA27CD,0x1FFFFFC5,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFFA7FF};
-// var CURVE_Gx =[...]Chunk {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-// var CURVE_Gy =[...]Chunk {0xB724D2A,0x3CAA61,0x5371984,0x128FD71B,0x1AE28956,0x1D13091E,0x339EEAE,0x10F7C301,0x20887C};
-
-// MF256, Edwards Curve
-// const CURVETYPE int= EDWARDS;
-// const CURVE_A int= -1;
-// var CURVE_B = [...]Chunk {0x350A,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-// var CURVE_Order=[...]Chunk {0x18EC7BAB,0x16C976F6,0x19CCF259,0x9775F70,0x1FFFFB15,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3FE9FF};
-// var CURVE_Gx =[...]Chunk {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-// var CURVE_Gy =[...]Chunk {0x12F3C908,0xF553917,0x1FA9A35F,0xBCC91B,0x1AACA0C,0x1779ED96,0x156BABAF,0x1F1F1989,0xDAD8D4};
-
-// MF256 Modulus, Montgomery Curve
-// const CURVETYPE int=MONTGOMERY;
-// const CURVE_A int=-54314;
-// var CURVE_B = [...]Chunk {0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; // not used
-// var CURVE_Order=[...]Chunk {0x18EC7BAB,0x16C976F6,0x19CCF259,0x9775F70,0x1FFFFB15,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3FE9FF};
-// var CURVE_Gx =[...]Chunk {0x8,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-// var CURVE_Gy =[...]Chunk {0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; // not used
-
-// Brainpool
-// const CURVETYPE int= WEIERSTRASS;
-// const CURVE_A int= -3;
-// var CURVE_B = [...]Chunk {0x1EE92B04,0x172C080F,0xBD2495A,0x7D7895E,0x176B7BF9,0x13B99E85,0x1A93F99A,0x18861B09,0x662C61};
-// var CURVE_Order=[...]Chunk {0x174856A7,0xF07414,0x1869BDE4,0x12F5476A,0x18D718C3,0x5484EC1,0x6F0F998,0x1B743DD5,0xA9FB57};
-// var CURVE_Gx =[...]Chunk {0xE1305F4,0xD0C8AB1,0xBEF0ADE,0x28588F5,0x16149AFA,0x9D91D32,0x1EDDCC88,0x79839FC,0xA3E8EB};
-// var CURVE_Gy =[...]Chunk {0x1B25C9BE,0xD5F479A,0x1409C007,0x196DBC73,0x417E69B,0x1170A322,0x15B5FDEC,0x10468738,0x2D996C};
-
-// ANSSI
-// const CURVETYPE int= WEIERSTRASS;
-// const CURVE_A int= -3;
-// var CURVE_B = [...]Chunk {0x1B7BB73F,0x3AF6CB3,0xC68600C,0x181935C9,0xC00FDFE,0x1D3AA522,0x4C0352A,0x194A8515,0xEE353F};
-// var CURVE_Order=[...]Chunk {0x6D655E1,0x1FEEA2CE,0x14AFE507,0x18CFC281,0x435B53D,0x16F46721,0x163C4049,0x1181675A,0xF1FD17};
-// var CURVE_Gx =[...]Chunk {0x198F5CFF,0x64BD16E,0x62DC059,0xFA5B95F,0x23958C2,0x1EA3A4EA,0x7ACC460,0x186AD827,0xB6B3D4};
-// var CURVE_Gy =[...]Chunk {0x14062CFB,0x188AD0AA,0x19327860,0x3860FD1,0xEF8C270,0x18F879F6,0x12447E49,0x1EF91640,0x6142E0};
-
-// HIFIVE
-// const CURVETYPE int=EDWARDS;
-// const CURVE_A int=1;
-// var CURVE_Order=[...]Chunk {0x1E9FA805,0x197CACB9,0x1E4EEA9E,0x17AD70F,0x1FA9850C,0x38A0A,0x0,0x0,0x0,0x0,0x0,0x4000};
-// var CURVE_B = [...]Chunk {0x2B67,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-// var CURVE_Gx =[...]Chunk {0xC,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-// var CURVE_Gy =[...]Chunk {0x5FE8632,0x15F63428,0xD976C4,0x1AACA194,0x35B6DB5,0x8E3F7A,0x52D1B0E,0xF0A7A36,0x1C161D00,0x8170C70,0x1185AD59,0x181B};
-
-// GOLDILOCKS
-// const CURVETYPE int=EDWARDS;
-// const CURVE_A int=1;
-// var CURVE_Order=[...]Chunk {0xB5844F3,0x1BC61495,0x1163D548,0x1984E51B,0x3690216,0xDA4D76B,0xFA7113B,0x1FEF9944,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FF};
-// var CURVE_B = [...]Chunk {0x1FFF6756,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FDFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFF};
-// var CURVE_Gx =[...]Chunk {0x15555555,0xAAAAAAA,0x15555555,0xAAAAAAA,0x15555555,0xAAAAAAA,0x15555555,0x152AAAAA,0xAAAAAAA,0x15555555,0xAAAAAAA,0x15555555,0xAAAAAAA,0x15555555,0xAAAAAAA,0x1555};
-// var CURVE_Gy =[...]Chunk {0xA9386ED,0x1757DE6F,0x13681AF6,0x19657DA3,0x3098BBB,0x12C19D15,0x12E03595,0xE515B18,0x17B7E36D,0x1AC426E,0xDBB5E8,0x10D8560,0x159D6205,0xB8246D9,0x17A58D2B,0x15C0};
-
-// NIST384
-// const CURVETYPE int=WEIERSTRASS;
-// const CURVE_A int=-3;
-// var CURVE_Order=[...]Chunk {0xCC52973,0x760CB56,0xC29DEBB,0x141B6491,0x12DDF581,0x6C0FA1B,0x1FFF1D8D,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7F};
-// var CURVE_B = [...]Chunk {0x13EC2AEF,0x142E476E,0xBB4674A,0xC731B14,0x1875AC65,0x447A809,0x4480C50,0xDDFD028,0x19181D9C,0x1F1FC168,0x623815A,0x47DCFC9,0x1312FA7E,0x59};
-// var CURVE_Gx =[...]Chunk {0x12760AB7,0x12A2F1C3,0x154A5B0E,0x5E4BB7E,0x2A38550,0xF0412A,0xE6167DD,0xC5174F3,0x146E1D3B,0x1799056B,0x3AC71C7,0x1D160A6F,0x87CA22B,0x55};
-// var CURVE_Gy =[...]Chunk {0x10EA0E5F,0x1218EBE4,0x1FA0675E,0x1639C3A,0xB8C00A6,0x1889DAF8,0x11F3A768,0x17A51342,0x9F8F41D,0x1C9496E1,0x1767A62F,0xC4C58DE,0x17DE4A9,0x1B};
-
-// C41417
-// const CURVETYPE int=EDWARDS;
-// const CURVE_A int=1;
-// var CURVE_Order=[...]Chunk {0x106AF79,0x18738D2F,0x18F3C606,0x1806715A,0x22B36F1,0xA67B830,0xCF32490,0x1FFFFFFD,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1F};
-// var CURVE_B = [...]Chunk {0xE21,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-// var CURVE_Gx =[...]Chunk {0x13CBC595,0x7E9C097,0x14DF1931,0x14E7F550,0x1A111301,0x15A6B6B5,0xD526292,0x18FEAFFE,0x1F44C03E,0x1E6A31B4,0x70C9B97,0x43180C6,0x1443300,0x19A4828A,0x68};
-// var CURVE_Gy =[...]Chunk {0x22,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-
-// NIST521
-// const CURVETYPE int=WEIERSTRASS;
-// const CURVE_A int=-3;
-// var CURVE_Order=[...]Chunk {0x1386409,0x6FB71E9,0xC47AEBB,0xC9B8899,0x5D03BB5,0x48F709A,0xB7FCC01,0xBF2F966,0x1868783,0xFFFFFA5,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0x1FFFF};
-// var CURVE_B = [...]Chunk {0xB503F00,0x451FD46,0xC34F1EF,0xDF883D2,0xF073573,0xBD3BB1B,0xB1652C0,0xEC7E937,0x6193951,0xF109E15,0x489918E,0x15F3B8B,0x25B99B3,0xEEA2DA7,0xB68540,0x929A21A,0xE1C9A1F,0x3EB9618,0x5195};
-// var CURVE_Gx =[...]Chunk {0x2E5BD66,0x7E7E31C,0xA429BF9,0xB3C1856,0x8DE3348,0x27A2FFA,0x8FE1DC1,0xEFE7592,0x14B5E77,0x4D3DBAA,0x8AF606B,0xB521F82,0x139053F,0x429C648,0x62395B4,0x9E3ECB6,0x404E9CD,0x8E06B70,0xC685};
-// var CURVE_Gy =[...]Chunk {0xFD16650,0xBE94769,0x2C24088,0x7086A27,0x761353C,0x13FAD0,0xC550B9,0x5EF4264,0x7EE7299,0x3E662C9,0xFBD1727,0x446817A,0x449579B,0xD998F54,0x42C7D1B,0x5C8A5FB,0xA3BC004,0x296A789,0x11839};
-
-//BN646 Curve
-/*
- const CURVETYPE int=WEIERSTRASS;
- const CURVE_PAIRING_TYPE int=BN_CURVE;
- const CURVE_A int= 0;
- var CURVE_Order=[...]Chunk {0x1E04200D,0x1203603,0x420000,0x80A207E,0x2,0xC303F0,0x4051075,0x3600001,0xA20630,0x36,0x5100900,0x1028845C,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90};
- var CURVE_B = [...]Chunk {0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
- var CURVE_Cof = [...]Chunk {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-
- var CURVE_Gx =[...]Chunk {0x404E012,0x1203604,0x4E0000,0x80A2084,0x2,0xC90420,0x4051078,0x3600001,0xA20660,0x36,0x5100900,0x10288468,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90};
- var CURVE_Gy =[...]Chunk {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-
- var CURVE_Bnx=[...]Chunk {0x1001,0x0,0x10000,0x0,0x0,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
- var CURVE_Cru=[...]Chunk {0x401B007,0x901,0x1B0000,0x1B024,0x0,0x288120,0xD812,0x900000,0x1B0120,0x0,0xD80000,0x6C048,0x0,0x6C0000,0x0,0x0,0x120000,0x0,0x0,0x0,0x0,0x0,0x0};
- var CURVE_Fra=[...]Chunk {0x4929A14,0x3B756CA,0x4337DD0,0xFC1417C,0x193166BB,0x1DC54515,0x1C0DF653,0x19BF8961,0x155980E,0x1983CB14,0x4D76309,0x1DEAB1A4,0xF9C3CF5,0x128FEC2D,0x867E339,0xDA0548A,0x1A480AF,0xA3CBCD2,0x116DA6E0,0x2A546E9,0x789577C,0x1F9459D2,0x27};
- var CURVE_Frb=[...]Chunk {0x1F7245FF,0x1D68DF39,0x1C1A822F,0x1848DF07,0x6CE9946,0x303BF0A,0x7F71A24,0x9A0769F,0x1F4C6E51,0x67C3521,0x38A5F6,0x123DD2C4,0x1063C317,0xFF825D2,0x17981E76,0x125FAB75,0x1EC78CD0,0x15C34375,0xE92591F,0x1D5ABD96,0x1876A883,0x6BA62D,0x68};
- var CURVE_Pxa=[...]Chunk {0x1CCC5E10,0x119F939,0xC6C7FE9,0x81022FF,0x6486AA6,0x1CBC560B,0x1F707429,0xC82F7B9,0x1A7F5CDA,0x14C0EB47,0x11412373,0x13DAF21E,0x126BE416,0x166744A7,0x506E81,0x1048FFA3,0x13A6B0C9,0x1A90979A,0xE78C338,0x1722C561,0xBFFF9A1,0xC1AF83C,0x3F};
- var CURVE_Pxb=[...]Chunk {0x67F4BC0,0x1BFC3C9,0x1E9DC3B6,0x87E2B03,0xB820274,0x1DD03B1E,0x517C463,0x1EFCBBC9,0x19F786A8,0x5572E90,0xD0BA5E0,0x16E8A40A,0x1013CF3B,0x11A7F82B,0x1C27B302,0x15E7CD12,0xB79A6DF,0x1EC6895B,0x5775A7E,0xBB28D24,0x416A171,0x127D284E,0x5D};
- var CURVE_Pya=[...]Chunk {0xC3FB414,0x2B868EE,0xD858793,0x157FCFE,0x16C849AD,0x1D17B0A4,0x1353CFEA,0x940A061,0x1CEF834E,0x7BE766A,0x4584C1C,0xE2397E9,0x418E9D4,0x8F53B8,0x53B37E0,0x11CA29D9,0xE425654,0x9EFF9AF,0x18CF27A1,0x17755A26,0x3F5481A,0x6C531BC,0x1E};
- var CURVE_Pyb=[...]Chunk {0x133908AD,0x17F1F1ED,0x14196532,0x19A85214,0x173EC3F7,0x1021EC2C,0xD798A3E,0x18F4C857,0x82EE2FA,0x11B5296D,0x1831D9C6,0x4463DB5,0x11B4812C,0xF93B884,0xC72653,0xEC6F6ED,0x916CFFF,0x1E81ED0A,0x1103518E,0x1E478B01,0x6B01074,0xC46CCAA,0x48};
- var CURVE_W=[2][23]Chunk {{0x6008003,0x0,0x80000,0x6,0x0,0x40030,0x3,0x0,0x30,0x0,0x0,0xC,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x2001,0x0,0x20000,0x0,0x0,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
- var CURVE_SB=[2][2][23]Chunk {{{0x600A004,0x0,0xA0000,0x6,0x0,0x50030,0x3,0x0,0x30,0x0,0x0,0xC,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x2001,0x0,0x20000,0x0,0x0,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x2001,0x0,0x20000,0x0,0x0,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x1803A00A,0x1203603,0x3A0000,0x80A2078,0x2,0xBF03C0,0x4051072,0x3600001,0xA20600,0x36,0x5100900,0x10288450,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90}}};
- var CURVE_WB=[4][23]Chunk {{0x2001000,0x0,0x10000,0x2,0x0,0x8010,0x1,0x0,0x10,0x0,0x0,0x4,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x1C015005,0x600,0x150000,0x1201C,0x0,0x1C80E0,0x900E,0x600000,0x1200E0,0x0,0x900000,0x48038,0x0,0x480000,0x0,0x0,0xC0000,0x0,0x0,0x0,0x0,0x0,0x0},{0xE00B003,0x300,0xB0000,0x900E,0x0,0xE8070,0x4807,0x300000,0x90070,0x0,0x480000,0x2401C,0x0,0x240000,0x0,0x0,0x60000,0x0,0x0,0x0,0x0,0x0,0x0},{0x2003001,0x0,0x30000,0x2,0x0,0x18010,0x1,0x0,0x10,0x0,0x0,0x4,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
- var CURVE_BB=[4][4][23]Chunk {{{0x1E04100D,0x1203603,0x410000,0x80A207E,0x2,0xC283F0,0x4051075,0x3600001,0xA20630,0x36,0x5100900,0x1028845C,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90},{0x1E04100C,0x1203603,0x410000,0x80A207E,0x2,0xC283F0,0x4051075,0x3600001,0xA20630,0x36,0x5100900,0x1028845C,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90},{0x1E04100C,0x1203603,0x410000,0x80A207E,0x2,0xC283F0,0x4051075,0x3600001,0xA20630,0x36,0x5100900,0x1028845C,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90},{0x2002,0x0,0x20000,0x0,0x0,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x2001,0x0,0x20000,0x0,0x0,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x1E04100C,0x1203603,0x410000,0x80A207E,0x2,0xC283F0,0x4051075,0x3600001,0xA20630,0x36,0x5100900,0x1028845C,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90},{0x1E04100D,0x1203603,0x410000,0x80A207E,0x2,0xC283F0,0x4051075,0x3
600001,0xA20630,0x36,0x5100900,0x1028845C,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90},{0x1E04100C,0x1203603,0x410000,0x80A207E,0x2,0xC283F0,0x4051075,0x3600001,0xA20630,0x36,0x5100900,0x1028845C,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90}},{{0x2002,0x0,0x20000,0x0,0x0,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x2001,0x0,0x20000,0x0,0x0,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x2001,0x0,0x20000,0x0,0x0,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x2001,0x0,0x20000,0x0,0x0,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x1002,0x0,0x10000,0x0,0x0,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x4002,0x0,0x40000,0x0,0x0,0x20000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x1E04000A,0x1203603,0x400000,0x80A207E,0x2,0xC203F0,0x4051075,0x3600001,0xA20630,0x36,0
x5100900,0x1028845C,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90},{0x1002,0x0,0x10000,0x0,0x0,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}};
-
-const USE_GLV bool=true
-const USE_GS_G2 bool=true
-const USE_GS_GT bool=true
-const GT_STRONG bool=true
-
-*/
-// BNCX Curve
-/*
- const CURVETYPE int=WEIERSTRASS;
- const CURVE_PAIRING_TYPE int=BN_CURVE;
- const CURVE_A int= 0;
- var CURVE_B = [...]Chunk {0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
- var CURVE_Cof = [...]Chunk {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-
- var CURVE_Order=[...]Chunk {0x16EB1F6D,0x108E0531,0x1241B3AF,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000};
- var CURVE_Bnx=[...]Chunk {0x3C012B1,0x0,0x10,0x0,0x0,0x0,0x0,0x0,0x0};
- var CURVE_Cru=[...]Chunk {0x14235C97,0xF0498BC,0x1BE1D58C,0x1BBEC8E3,0x3F1440B,0x654,0x12000,0x0,0x0};
- var CURVE_Fra=[...]Chunk {0x15C80EA3,0x1EC8419A,0x1CFE0856,0xEE64DE2,0x11898686,0x5C55653,0x592BF86,0x5F4C740,0x135908};
- var CURVE_Frb=[...]Chunk {0x6534710,0x1468DDE0,0x551B018,0x10C78E4D,0x4E3ABBD,0x9ECE6DE,0x2A40371,0x1A0C46C5,0x10A6F7};
- var CURVE_Pxa=[...]Chunk {0x4D2EC74,0x428E777,0xF89C9B0,0x190B7F40,0x14BBB907,0x12807AE1,0x958D62C,0x58E0A76,0x19682D};
- var CURVE_Pxb=[...]Chunk {0xE29CFE1,0x1D2C7459,0x270C3D1,0x172F6184,0x19743F81,0x49BD474,0x192A8047,0x1D87C33E,0x1466B9};
- var CURVE_Pya=[...]Chunk {0xF0BE09F,0x7DFE75E,0x1FB06CC3,0x3667B08,0xE209636,0x110ABED7,0xE376078,0x1B2E4665,0xA79ED};
- var CURVE_Pyb=[...]Chunk {0x898EE9D,0xC825914,0x14BB7AFB,0xC9D4AD3,0x13461C28,0x122896C6,0x240D71B,0x73D9898,0x6160C};
- var CURVE_Gx =[...]Chunk {0x1C1B55B2,0x13311F7A,0x24FB86F,0x1FADDC30,0x166D3243,0xFB23D31,0x836C2F7,0x10E05,0x240000};
- var CURVE_Gy =[...]Chunk {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
- var CURVE_W=[2][9]Chunk {{0x162FEB83,0x2A31A48,0x100E0480,0x16,0x600,0x0,0x0,0x0,0x0},{0x7802561,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0}};
- var CURVE_SB=[2][2][9]Chunk {{{0x1DB010E4,0x2A31A48,0x100E04A0,0x16,0x600,0x0,0x0,0x0,0x0},{0x7802561,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x7802561,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0xBB33EA,0xDEAEAE9,0x233AF2F,0x1FADDC03,0x166D2643,0xFB23D31,0x836C2F7,0x10E05,0x240000}}};
- var CURVE_WB=[4][9]Chunk {{0x167A84B0,0xE108C2,0x1004AC10,0x7,0x200,0x0,0x0,0x0,0x0},{0x1E220475,0x166FCCAD,0x129FE68D,0x1D29DB51,0x2A0DC07,0x438,0xC000,0x0,0x0},{0xF10B93,0x1B37E657,0x194FF34E,0x1E94EDA8,0x1506E03,0x21C,0x6000,0x0,0x0},{0x1DFAAA11,0xE108C2,0x1004AC30,0x7,0x200,0x0,0x0,0x0,0x0}};
- var CURVE_BB=[4][4][9]Chunk {{{0x132B0CBD,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000},{0x132B0CBC,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000},{0x132B0CBC,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000},{0x7802562,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x7802561,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0x132B0CBC,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000},{0x132B0CBD,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000},{0x132B0CBC,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000}},{{0x7802562,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0x7802561,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0x7802561,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0x7802561,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x3C012B2,0x0,0x10,0x0,0x0,0x0,0x0,0x0,0x0},{0xF004AC2,0x0,0x40,0x0,0x0,0x0,0x0,0x0,0x0},{0xF6AFA0A,0x108E0531,0x1241B38F,0
x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000},{0x3C012B2,0x0,0x10,0x0,0x0,0x0,0x0,0x0,0x0}}};
-
-const USE_GLV bool=true
-const USE_GS_G2 bool=true
-const USE_GS_GT bool=true
-const GT_STRONG bool=true
-
-*/
-// BNT2 Curve
-/*
- const CURVETYPE int=WEIERSTRASS;
- const CURVE_PAIRING_TYPE int=BN_CURVE;
- const CURVE_A int= 0;
- var CURVE_B = [...]Chunk {0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
- var CURVE_Cof = [...]Chunk {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-
- var CURVE_Order=[...]Chunk {0x11AA2BF5,0x1FDB8D28,0xDCE0CF5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004};
- var CURVE_Bnx=[...]Chunk {0x608205,0x1008,0x10,0x0,0x0,0x0,0x0,0x0,0x0};
- var CURVE_Cru=[...]Chunk {0x866BD33,0x1A813A22,0x591C3BE,0xAB6EE60,0x1ECF2367,0x361B0BD,0x12000,0x0,0x0};
- var CURVE_Fra=[...]Chunk {0x13AEF062,0x1593464B,0x10EF3924,0x198D3667,0x17F195BB,0xFB3FD1,0xADAF429,0x11A53D19,0x124E0B};
- var CURVE_Frb=[...]Chunk {0xB1B429,0x10039B12,0xB465B55,0x59A91EA,0x50E7261,0xF0C5DF3,0x1FDBE90F,0x1EA2E4D1,0x11B1F8};
- var CURVE_Pxa=[...]Chunk {0x1F40A3C8,0x166491CC,0x19845E12,0xB9B49D2,0x161706B3,0xBBD82B4,0x18C609E7,0x19F2D278,0x16FC17};
- var CURVE_Pxb=[...]Chunk {0x18549540,0x2ABD456,0x1D944184,0x16DEF7CD,0x1A95D17D,0x42B2C83,0x16427206,0x17AB2E,0x1EB5B5};
- var CURVE_Pya=[...]Chunk {0x14220513,0x3DF6628,0x39CDEC5,0x894F10C,0x135F1268,0x1D28DC1C,0xAAA7537,0x130EC284,0x1E8EE4};
- var CURVE_Pyb=[...]Chunk {0x177CE78E,0x1DC9947A,0x1BE95E07,0x1D6E8DC4,0x1FB8E27,0x1B549EDE,0xF6E8A75,0x19B75C67,0x23CEF4};
- var CURVE_Gx =[...]Chunk {0x1460A48A,0x596E15D,0x1C35947A,0x1F27C851,0x1D00081C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004};
- var CURVE_Gy =[...]Chunk {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
- var CURVE_W=[2][9]Chunk {{0x1347083,0x5BB1415,0xE678744,0xC0602,0x600,0x0,0x0,0x0,0x0},{0xC10409,0x2010,0x20,0x0,0x0,0x0,0x0,0x0,0x0}};
- var CURVE_SB=[2][2][9]Chunk {{{0x1F5748C,0x5BB3425,0xE678764,0xC0602,0x600,0x0,0x0,0x0,0x0},{0xC10409,0x2010,0x20,0x0,0x0,0x0,0x0,0x0,0x0}},{{0xC10409,0x2010,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0x1075BB72,0x1A207913,0x1F6685B1,0x1F0FBC4C,0x1CFFFC1C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004}}};
- var CURVE_WB=[4][9]Chunk {{0xA70A224,0xC9396A4,0x1A228251,0x40200,0x200,0x0,0x0,0x0,0x0},{0x1030EF19,0xAD2B967,0xD50DC87,0x72CA2EC,0x148A1B9A,0x241207E,0xC000,0x0,0x0},{0x1848B88F,0x156964B7,0x6A86E4B,0x3965176,0xA450DCD,0x120903F,0x6000,0x0,0x0},{0xB31A62D,0xC93B6B4,0x1A228271,0x40200,0x200,0x0,0x0,0x0,0x0}};
- var CURVE_BB=[4][4][9]Chunk {{{0x1149A9F1,0x1FDB7D20,0xDCE0CE5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004},{0x1149A9F0,0x1FDB7D20,0xDCE0CE5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004},{0x1149A9F0,0x1FDB7D20,0xDCE0CE5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004},{0xC1040A,0x2010,0x20,0x0,0x0,0x0,0x0,0x0,0x0}},{{0xC10409,0x2010,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0x1149A9F0,0x1FDB7D20,0xDCE0CE5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004},{0x1149A9F1,0x1FDB7D20,0xDCE0CE5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004},{0x1149A9F0,0x1FDB7D20,0xDCE0CE5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004}},{{0xC1040A,0x2010,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0xC10409,0x2010,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0xC10409,0x2010,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0xC10409,0x2010,0x20,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x608206,0x1008,0x10,0x0,0x0,0x0,0x0,0x0,0x0},{0x1820812,0x4020,0x40,0x0,0x0,0x0,0x0,0x0,0x0}
,{0x10E927EA,0x1FDB6D18,0xDCE0CD5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004},{0x608206,0x1008,0x10,0x0,0x0,0x0,0x0,0x0,0x0}}};
-
-const USE_GLV bool=true
-const USE_GS_G2 bool=true
-const USE_GS_GT bool=true
-const GT_STRONG bool=true
-
-*/
-
-// BN254 Curve
-/*
- const CURVETYPE int=WEIERSTRASS;
- const CURVE_PAIRING_TYPE int=BN_CURVE;
- const CURVE_A int= 0;
- var CURVE_B = [...]Chunk {0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
- var CURVE_Cof = [...]Chunk {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-
- var CURVE_Order=[...]Chunk {0xD,0x8000000,0x428,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364};
- var CURVE_Bnx=[...]Chunk {0x1,0x4000000,0x10,0x0,0x0,0x0,0x0,0x0,0x0};
- var CURVE_Cru=[...]Chunk {0x7,0xC000000,0x1B3,0x12000000,0x2490,0x11200000,0x126CD,0x0,0x0};
- var CURVE_Fra=[...]Chunk {0xF2A6DE9,0xBEF3603,0xFDDF0B8,0x12E9249A,0x953F850,0xDA85423,0x1232D926,0x32425CF,0x1B3776};
- var CURVE_Frb=[...]Chunk {0x10D5922A,0xC10C9FC,0x10221431,0xF16DB65,0x16AC8DC1,0x1917ABDC,0xDD40FAA,0xD23DA30,0x9EBEE};
- var CURVE_Pxa=[...]Chunk {0x803FB2B,0xF721126,0x62FC364,0x9177691,0x1EDB6A46,0x63F4630,0x18BFAE36,0x176A33D6,0x61A10};
- var CURVE_Pxb=[...]Chunk {0x7D54CF3,0xC61A60F,0xDE12DC3,0x1AE8D75C,0xAA5B1F4,0x13C62CC1,0xCCC42A,0x1F374E6F,0x516AA};
- var CURVE_Pya=[...]Chunk {0x11CD2B9A,0xF8703C4,0xF826F46,0x1A15CD7B,0x822329B,0x104B34C6,0xD0E6A43,0x140D75F2,0x21897};
- var CURVE_Pyb=[...]Chunk {0xB3ACE9B,0x1168D763,0xE7255E2,0xDFFAE,0x18D37B09,0x22B7AF9,0x149A3DB5,0x1CF9162,0xEBB2B};
- var CURVE_Gx =[...]Chunk {0x12,0x18000000,0x4E9,0x2000000,0x8612,0x6C00000,0x6E8D1,0x10480000,0x252364};
- var CURVE_Gy =[...]Chunk {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
- var CURVE_W=[2][9]Chunk {{0x3,0x0,0x81,0x3000000,0x618,0x0,0x0,0x0,0x0},{0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0}};
- var CURVE_SB=[2][2][9]Chunk {{{0x4,0x8000000,0xA1,0x3000000,0x618,0x0,0x0,0x0,0x0},{0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0xA,0x8000000,0x3A7,0x1C000000,0x79E1,0x6C00000,0x6E8D1,0x10480000,0x252364}}};
- var CURVE_WB=[4][9]Chunk {{0x0,0x4000000,0x10,0x1000000,0x208,0x0,0x0,0x0,0x0},{0x5,0x14000000,0x152,0xE000000,0x1C70,0xC00000,0xC489,0x0,0x0},{0x3,0xC000000,0xB1,0x7000000,0xE38,0x10600000,0x6244,0x0,0x0},{0x1,0xC000000,0x30,0x1000000,0x208,0x0,0x0,0x0,0x0}};
- var CURVE_BB=[4][4][9]Chunk {{{0xD,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364},{0xC,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364},{0xC,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364},{0x2,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0xC,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364},{0xD,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364},{0xC,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364}},{{0x2,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x2,0x4000000,0x10,0x0,0x0,0x0,0x0,0x0,0x0},{0x2,0x10000000,0x40,0x0,0x0,0x0,0x0,0x0,0x0},{0xA,0x0,0x408,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364},{0x2,0x4000000,0x10,0x0,0x0,0x0,0x0,0x0,0x0}}};
-
-const USE_GLV bool=true
-const USE_GS_G2 bool=true
-const USE_GS_GT bool=true
-const GT_STRONG bool=false
-
-*/
-// BN454 Curve
-/*
- const CURVETYPE int=WEIERSTRASS;
- const CURVE_PAIRING_TYPE int=BN_CURVE;
- const CURVE_A int= 0;
- var CURVE_B = [...]Chunk {0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
- var CURVE_Cof = [...]Chunk {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-
- var CURVE_Order=[...]Chunk {0xD,0x210,0x1F80,0x400D884,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000};
- var CURVE_Gx =[...]Chunk {0x12,0x270,0x2100,0x1C00D89C,0x25084,0xA284,0x24720,0x10803AA1,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000};
- var CURVE_Gy =[...]Chunk {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-
- var CURVE_Bnx=[...]Chunk {0x1,0x8,0x0,0x2000002,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
- var CURVE_Cru=[...]Chunk {0x7,0xD8,0x900,0x16002436,0x481,0x1B24,0x168,0x48006C9,0x1600006C,0x10000091,0xD80000D,0x240000,0x0,0x0,0x0,0x0};
- var CURVE_Fra=[...]Chunk {0x1573B0EC,0x1816E4FE,0xA42E6E0,0x15DDCD87,0x2B17EC7,0x35B9A50,0x15AA1F74,0x1B7B2AC5,0x1CB5A200,0x9937657,0x17389A4A,0x738BADB,0xD92B321,0x3F5F0E6,0x1B1C9E9A,0x25CF3};
- var CURVE_Frb=[...]Chunk {0xA8C4F27,0x7E91D71,0x15BD3A1F,0x6230B14,0x1D50D1BD,0x1CA50833,0xA5827AB,0x15050FDB,0x74B3887,0x166C9A92,0x19C78A3C,0x199F4886,0x1B6D4F39,0x80A0F61,0x7236169,0x2230C};
- var CURVE_Pxa=[...]Chunk {0xF02B14,0x1DD1DD61,0x330AEC7,0x178617DE,0x1CEFFF36,0x116D35AF,0x1F879FBF,0x105DBF83,0x8345436,0x13664BCA,0x12EE86B5,0x776BB31,0x14AAFE16,0x41B3478,0x13E03554,0x2807A};
- var CURVE_Pxb=[...]Chunk {0x45BF266,0xE036876,0x8F0DBA,0xCB5976F,0x10DBC523,0x1723123C,0xBDDA7F4,0x10077CDE,0x11971DE0,0x14F1554A,0x195995EE,0x82E6FD7,0x40D5258,0x1400A58F,0x15A7850B,0x2B2A5};
- var CURVE_Pya=[...]Chunk {0x1E1B15C7,0x9CD5B5D,0x1571B2D2,0x1E4C048A,0x1474FB5D,0x18E2328C,0x11775519,0x144EF51F,0xF2FAABA,0x438F741,0x1930EAC0,0x144DC38,0x1287A0FE,0x36D8962,0x10011EAF,0x3ACF4};
- var CURVE_Pyb=[...]Chunk {0x571D60,0x8737DB,0xC4A363B,0x124E308F,0x13A65C7E,0x1387693A,0x10CDDA2F,0x184C096E,0x385175,0x5A34088,0xF17A93C,0x1E194915,0x1903ED91,0x4D6FA9F,0x8D8210B,0x12EDC};
- var CURVE_W=[2][16]Chunk {{0x3,0x40,0x180,0x10000010,0xC0,0x6,0x10000018,0xC00001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
- var CURVE_SB=[2][2][16]Chunk {{{0x4,0x50,0x180,0x14000014,0xC0,0x6,0x10000018,0xC00001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0xA,0x1D0,0x1E00,0x1400D874,0x24F03,0xA278,0x246F0,0xF003A9E,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000}}};
- var CURVE_WB=[4][16]Chunk {{0x0,0x8,0x80,0x2000002,0x40,0x2,0x10000008,0x400000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x5,0xA8,0x700,0xA00182A,0x381,0x121C,0x100,0x3800487,0x4000048,0x61,0x9000009,0x180000,0x0,0x0,0x0,0x0},{0x3,0x58,0x380,0x16000C16,0x1C0,0x90E,0x10000080,0x1C00243,0x12000024,0x10000030,0x4800004,0xC0000,0x0,0x0,0x0,0x0},{0x1,0x18,0x80,0x6000006,0x40,0x2,0x10000008,0x400000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
- var CURVE_BB=[4][4][16]Chunk {{{0xD,0x208,0x1F80,0x200D882,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000},{0xC,0x208,0x1F80,0x200D882,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000},{0xC,0x208,0x1F80,0x200D882,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000},{0x2,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0xC,0x208,0x1F80,0x200D882,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000},{0xD,0x208,0x1F80,0x200D882,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000},{0xC,0x208,0x1F80,0x200D882,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC0
00048,0x2400003,0x48000}},{{0x2,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x2,0x8,0x0,0x2000002,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x2,0x20,0x0,0x8000008,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0xA,0x200,0x1F80,0xD880,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000},{0x2,0x8,0x0,0x2000002,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}};
-
-const USE_GLV bool=true
-const USE_GS_G2 bool=true
-const USE_GS_GT bool=true
-const GT_STRONG bool=false
-
-*/
-
-// BLS455 Curve
-/*
- const CURVETYPE int=WEIERSTRASS;
- const CURVE_PAIRING_TYPE int=BLS_CURVE;
- const CURVE_A int= 0;
- var CURVE_B = [...]Chunk {0xA,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
- var CURVE_Cof = [...]Chunk {0xABFFAAB,0x14AABFFD,0xD52AADA,0x1562AAAB,0x15556AAA,0x2A,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-
- var CURVE_Order=[...]Chunk {0x1FC00001,0x3FFF,0x10000070,0x1400000,0x1D100,0xF0003A8,0x13C0009,0x1E200,0x180002E0,0x400001,0x4000,0x0,0x0,0x0,0x0,0x0};
- var CURVE_Gx =[...]Chunk {0x1DFCEDD1,0x16A62EEF,0xE80D3ED,0xB8DE876,0x179C7253,0x182DAB52,0x46CC85F,0x1E571D9C,0x1E8392B1,0x1A155867,0x19E6527C,0x23DC64E,0xABEDA59,0xF20662B,0x17CECC01,0x310A};
- var CURVE_Gy =[...]Chunk {0x6619B9B,0x27EBCD,0x1BE80A19,0x13B014BA,0x191A4936,0x13911916,0x107A5A3B,0x1DCB0863,0x1F5FB1,0xDE44A9C,0x18E23B2A,0x1FA81FD3,0xB0D6DFA,0xC2FE1EF,0xDDFA7E2,0x3351B};
-
- var CURVE_Bnx=[...]Chunk {0x800,0x1000004,0x40000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
- var CURVE_Cru=[...]Chunk {0xAA9,0x9017FE0,0x128DD8AA,0x1F4A321E,0x148FEC90,0x195CDEEA,0xE961AA2,0x168D3B66,0xAFD99D7,0xB989AA6,0x1F9A5724,0x91A05FF,0xE0EF5B,0xAAB9548,0x55555E5,0xAAAAB};
- var CURVE_Fra=[...]Chunk {0xA2EBF21,0x4E67DEE,0xCDE6590,0xE5EA94E,0x15454985,0x140CFC43,0x7E14D1C,0x1778395A,0x1944F022,0x166BEA1A,0xC3DEEA0,0x9F031A0,0x16A7459,0x1F1D6E00,0x125CFB72,0x72FD4};
- var CURVE_Frb=[...]Chunk {0x15D1438A,0x1019821D,0x1DCBF01A,0x1CB40187,0x118C70E6,0x18BD5A30,0xB018251,0x13275D08,0xA06E916,0x1C6D0096,0x39BA8ED,0x1F33D460,0x1F768501,0xB8E274F,0x12F85A72,0x37AD6};
- var CURVE_Pxa=[...]Chunk {0x10C1F542,0x23AF907,0x159F840,0xBAC0E1F,0x133D7766,0x1C034C5D,0x14C5C875,0x1ED0BDA2,0x16A49C71,0x1E9FF62D,0x14F3ACC0,0x1E0C9FEA,0xC4638DE,0x74D18DA,0xBEA0030,0x5D962};
- var CURVE_Pxb=[...]Chunk {0x749F03D,0xC843773,0xB17BCBA,0x1134AB4B,0x8EA016E,0x1A0D766C,0x58F819E,0x48A1FCC,0xE296F62,0x83370E4,0xC9BA1D5,0x1E43290E,0xEE59A80,0x1FDD85F5,0x1F3819B6,0x1D9F};
- var CURVE_Pya=[...]Chunk {0x181A77F4,0x191AD22,0x1E9F842A,0x1E1E6CF6,0xD55B9D9,0x1D062533,0x15BB1323,0x7ECBC1,0x1A9EC2EF,0x1EE14CE0,0x1E96B271,0xA794439,0x1C544324,0xE6AD5DC,0x16429B0F,0x448E3};
- var CURVE_Pyb=[...]Chunk {0x1E1FDBA2,0x1A09DB6C,0xF680D5B,0xFCC6122,0xC488E2A,0x1E489ECD,0x1005617E,0x1CF9EC36,0x1C89ED72,0x16C00D90,0x1563E595,0x1243DDC0,0x8698F9E,0x1BD81E7E,0xF2A0F4A,0x66A0};
-
-// not used
- var CURVE_W=[2][16]Chunk {{},{}};
- var CURVE_SB=[2][2][16]Chunk {{{},{}},{{},{}}};
- var CURVE_WB=[4][16]Chunk {{},{},{},{}};
- var CURVE_BB=[4][4][16]Chunk {{{},{},{},{}},{{},{},{},{}},{{},{},{},{}},{{},{},{},{}}};
-
-const USE_GLV bool=true
-const USE_GS_G2 bool=true
-const USE_GS_GT bool=true
-const GT_STRONG bool=false
-
-*/
-
-
-// BNT Curve
-/*
- const CURVETYPE int=WEIERSTRASS;
- const CURVE_PAIRING_TYPE int=BN_CURVE;
- const CURVE_A int= 0;
- var CURVE_B = [...]Chunk {0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
- var CURVE_Cof = [...]Chunk {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-
- var CURVE_Order=[...]Chunk {0xD30210D,0x13ABBBF4,0xCB2CD8E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120};
- var CURVE_Bnx=[...]Chunk {0x4081,0x40300,0x10,0x0,0x0,0x0,0x0,0x0,0x0};
- var CURVE_Cru=[...]Chunk {0xB4FCD87,0xF5A9EAD,0xEAC47EB,0x19054BE5,0x104C9764,0x18A3B28A,0x12006,0x0,0x0};
- var CURVE_Fra=[...]Chunk {0xDC80022,0xFAE8A75,0x1EB338D6,0x189209AD,0x13211BE6,0x4F8C850,0x10E53D94,0x12593778,0x1328A2};
- var CURVE_Frb=[...]Chunk {0xECA6F1,0x53F5582,0x1E65F5D9,0x1C18A27B,0x1A3DEB01,0x10A2832B,0x1456AA9A,0x9136B67,0x10D87E};
- var CURVE_Pxa=[...]Chunk {0x88E65BB,0x144C3F11,0xA98C4EF,0x18015A39,0x1548B7CC,0xA992820,0xE7AF301,0x19A09826,0x14483F};
- var CURVE_Pxb=[...]Chunk {0x8DBE2C0,0x133C4440,0x78D214E,0xAFFC3F0,0x51B57B9,0x285318D,0xC0B68FF,0x166709D8,0x87F46};
- var CURVE_Pya=[...]Chunk {0x20CA1D,0x101623F,0xE67CDB,0x19682CFD,0x19F72C94,0x14E372A1,0xF5D28B1,0x13820561,0x14E8C2};
- var CURVE_Pyb=[...]Chunk {0x116628F2,0x1EC21BE3,0xF2DF71A,0x144FC2CF,0x172681D0,0xC54163A,0xF47B7B0,0x148C48A9,0x17AFE2};
- var CURVE_Gx =[...]Chunk {0xEB4A712,0x14EDDFF7,0x1D192EAF,0x14AAAC29,0xD5F06E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120};
- var CURVE_Gy =[...]Chunk {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
- var CURVE_W=[2][9]Chunk {{0x1838403,0x1321803,0x106660E1,0x3024304,0x600,0x0,0x0,0x0,0x0},{0x8101,0x80600,0x20,0x0,0x0,0x0,0x0,0x0,0x0}};
- var CURVE_SB=[2][2][9]Chunk {{{0x1840504,0x13A1E03,0x10666101,0x3024304,0x600,0x0,0x0,0x0,0x0},{0x8101,0x80600,0x20,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x8101,0x80600,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0xBAC9D0A,0x1279A3F1,0x1C4C6CAD,0xEA62620,0xD5EFAE8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120}}};
- var CURVE_WB=[4][9]Chunk {{0x80C080,0xB0A0301,0x10222030,0x100C101,0x200,0x0,0x0,0x0,0x0},{0x88C4A85,0x15A9C820,0x14B71B0D,0x1D5A5F46,0x158868ED,0x106D21B1,0xC004,0x0,0x0},{0x4464583,0x1AD6E590,0xA5B8D8E,0x1EAD2FA3,0x1AC43476,0x83690D8,0x6002,0x0,0x0},{0x814181,0xB120901,0x10222050,0x100C101,0x200,0x0,0x0,0x0,0x0}};
- var CURVE_BB=[4][4][9]Chunk {{{0xD2FE08D,0x13A7B8F4,0xCB2CD7E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120},{0xD2FE08C,0x13A7B8F4,0xCB2CD7E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120},{0xD2FE08C,0x13A7B8F4,0xCB2CD7E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120},{0x8102,0x80600,0x20,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x8101,0x80600,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0xD2FE08C,0x13A7B8F4,0xCB2CD7E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120},{0xD2FE08D,0x13A7B8F4,0xCB2CD7E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120},{0xD2FE08C,0x13A7B8F4,0xCB2CD7E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120}},{{0x8102,0x80600,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0x8101,0x80600,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0x8101,0x80600,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0x8101,0x80600,0x20,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x4082,0x40300,0x10,0x0,0x0,0x0,0x0,0x0,0x0},{0x10202,0x100C00,0x40,0x0,0x0,0x0,0x0,0x0,0x0},{0xD2FA00A,0x13A3B
5F4,0xCB2CD6E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120},{0x4082,0x40300,0x10,0x0,0x0,0x0,0x0,0x0,0x0}}};
-
-const USE_GLV bool=true
-const USE_GS_G2 bool=true
-const USE_GS_GT bool=true
-const GT_STRONG bool=true
-
-
-*/
-
-
-// BLS383 Curve
-
-const CURVETYPE int=WEIERSTRASS
-const CURVE_PAIRING_TYPE int=BLS_CURVE
-const CURVE_A int= 0
-
-var CURVE_Order=[...]Chunk {0xFFF001,0xFFF8000,0xFE7800,0xBFDE007,0xC5EDF1C,0x3000049,0x910007A,0xC40007F,0x641004C,0x14,0x0,0x0,0x0,0x0};
-var CURVE_B = [...]Chunk {0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-var CURVE_Cof = [...]Chunk {0x52B,0x2A00,0xAAB2CA0,0x5560AAA,0x6055,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-var CURVE_Gx =[...]Chunk {0xD10786B,0xD59B348,0x3F54AD0,0x3477C0E,0x4578B9B,0xBF25B73,0x7BB6F65,0x4F6AC00,0xFF57E9C,0xEFD5830,0xFB6EC02,0xADB9F88,0xEE4BC98,0xB08C};
-var CURVE_Gy =[...]Chunk {0xD145DDB,0x5DA023,0x5FEF7CC,0x13F518C,0x2B2A66F,0x56EC346,0xC7A925F,0x96F3019,0x981223E,0x9061047,0x8F5BE59,0x4810AD,0x9337671,0x1F390};
-
-var CURVE_Bnx=[...]Chunk {0x40,0x100,0x110,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-var CURVE_Cru=[...]Chunk {0xDA155A9,0xA3AAC4E,0x61E5E3D,0xDF2FE87,0xE632625,0xBCDFAAD,0xD3035A6,0x5123128,0xBEAD683,0xDBF3A2B,0x424190,0x5C5FAB2,0x80A9F7,0x7AC52};
-
-
-var CURVE_Fra=[...]Chunk {0x2B4508B,0x2BA59A9,0x6EEF343,0x63DB7A0,0x1DFBC74,0x40341CB,0x32D55D3,0x1639E9D,0x5CC36D4,0xB19B3F0,0xD86AB98,0xF323EE4,0xB198672,0x5A5F};
-var CURVE_Frb=[...]Chunk {0x7F904E0,0x81051A9,0xF086A37,0xB7D49A6,0xB7DB8AB,0x8F3EEB8,0xC6C9543,0xEEF7983,0x49CB35D,0x7A65F65,0x7CBFBEC,0x693D177,0x5672384,0x751F2};
-var CURVE_Pxa=[...]Chunk {0xBAC9472,0x6059885,0xE2DC36D,0x7C4D31D,0x8C88A7,0xBDC90C3,0x1C688FC,0x29F0197,0xC43F167,0x3693539,0x61EB8BF,0xD81E5A5,0x22B56BF,0x4D507};
-var CURVE_Pxb=[...]Chunk {0x272AB23,0x9B4BD7A,0xF44DCE8,0x7AF19D4,0x3206A34,0x3F6F7B9,0x2A819FB,0x571DD3E,0x635D7EE,0x3A2BA3B,0xC1A126,0xAC28C78,0x17C3E5B,0xEE36};
-var CURVE_Pya=[...]Chunk {0x77BD4FD,0x81D2309,0xDFDFC6,0xB66072,0xC89A0C,0x41FC959,0x878287A,0x2E1FBCF,0x14EEE65,0x11C230,0x6BB325E,0x2887881,0x859A05C,0x8F40};
-var CURVE_Pyb=[...]Chunk {0x52C4CE6,0xA5E20A2,0xAFF40C8,0x5907A74,0x2448EF3,0x41760A4,0xFDA199,0xFFEF82B,0x8D4EA49,0xA0F29A1,0x6E4997B,0xAC7F7B8,0xBA88C12,0x1DCAB};
-
-// Not used
-var CURVE_W=[2][14]Chunk {{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
-var CURVE_SB=[2][2][14]Chunk {{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}};
-var CURVE_WB=[4][14]Chunk {{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
-var CURVE_BB=[4][4][14]Chunk {{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}};
-
-const USE_GLV bool=true
-const USE_GS_G2 bool=true
-const USE_GS_GT bool=true
-const GT_STRONG bool=false
-
-
-
-
[34/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/java/ROM32.java
----------------------------------------------------------------------
diff --git a/version22/java/ROM32.java b/version22/java/ROM32.java
deleted file mode 100644
index db75cdc..0000000
--- a/version22/java/ROM32.java
+++ /dev/null
@@ -1,714 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Fixed Data in ROM - Field and Curve parameters */
-
-public class ROM
-{
-/* Don't Modify from here... */
-
- public static final int CHUNK=32; /* Set word size */
- public static final int NOT_SPECIAL=0;
- public static final int PSEUDO_MERSENNE=1;
- public static final int MONTGOMERY_FRIENDLY=2;
- public static final int GENERALISED_MERSENNE=3;
- public static final int WEIERSTRASS=0;
- public static final int EDWARDS=1;
- public static final int MONTGOMERY=2;
- public static final int BN_CURVE=0;
- public static final int BLS_CURVE=1;
-
-/* ...to here */
-
-/*** Enter Some Field details here ***/
-// BN254 Curve
-// public static final int MODBITS=254; /* Number of bits in Modulus */
-// public static final int MOD8=3; /* Modulus mod 8 */
-// public static final int BASEBITS=29; /* Almost always 29, 28 for NIST521 */
-// public static final int AES_S=0; /* AES equivalaent strength if significantly less than group size */
-
-// BLS383 Curve
- public static final int MODBITS=383; /* Number of bits in Modulus */
- public static final int MOD8=3; /* Modulus mod 8 */
- public static final int BASEBITS=28; /* Almost always 29 or 28 */
- public static final int AES_S=0;
-
-// BLS455 Curve
-// public static final int MODBITS=455; /* Number of bits in Modulus */
-// public static final int MOD8=3; /* Modulus mod 8 */
-// public static final int BASEBITS=29; /* Almost always 29, 28 for NIST521 */
-// public static final int AES_S=128;
-
-// BN454 Curve
-// public static final int MODBITS=454; /* Number of bits in Modulus */
-// public static final int MOD8=3; /* Modulus mod 8 */
-// public static final int BASEBITS=29; /* Almost always 29, 28 for NIST521 */
-// public static final int AES_S=128;
-
-// HIFIVE Curve
-// public static final int MODBITS=336;
-// public static final int MOD8=5;
-// public static final int BASEBITS=29;
-// public static final int AES_S=128;
-
-// GOLDILOCKS
-// public static final int MODBITS=448;
-// public static final int MOD8=7;
-// public static final int BASEBITS=29;
-// public static final int AES_S=0;
-
-// NIST384
-// public static final int MODBITS=384;
-// public static final int MOD8=7;
-// public static final int BASEBITS=29;
-// public static final int AES_S=0;
-
-// C41417
-// public static final int MODBITS=414;
-// public static final int MOD8=7;
-// public static final int BASEBITS=29;
-// public static final int AES_S=0;
-
-// NIST521
-// public static final int MODBITS=521;
-// public static final int MOD8=7;
-// public static final int BASEBITS=28;
-// public static final int AES_S=0;
-
-// BN646 Curve
-// public static final int MODBITS=646;
-// public static final int MOD8=3;
-// public static final int BASEBITS=29;
-// public static final int AES_S=192;
-
-// Curve 25519
-// public static final int MODBITS=255;
-// public static final int MOD8=5;
-// public static final int BASEBITS=29;
-// public static final int AES_S=0;
-
-// NIST256 or Brainpool
-// public static final int MODBITS=256;
-// public static final int MOD8=7;
-// public static final int BASEBITS=29;
-// public static final int AES_S=0;
-
-// MF254
-// public static final int MODBITS=254;
-// public static final int MOD8=7;
-// public static final int BASEBITS=29;
-// public static final int AES_S=0;
-
-// MS255
-// public static final int MODBITS= 255;
-// public static final int MOD8= 3;
-// public static final int BASEBITS=29;
-// public static final int AES_S=0;
-
-// MF256
-// public static final int MODBITS=256;
-// public static final int MOD8=7;
-// public static final int BASEBITS=29;
-// public static final int AES_S=0;
-
-// MS256
-// public static final int MODBITS= 256;
-// public static final int MOD8= 3;
-// public static final int BASEBITS=29;
-// public static final int AES_S=0;
-
-// ANSSI
-// public static final int MODBITS= 256;
-// public static final int MOD8= 3;
-// public static final int BASEBITS=29;
-// public static final int AES_S=0;
-
- public static final int FFLEN=4; /* 2^n multiplier of BIGBITS to specify supported Finite Field size, e.g 2048=256*2^3 where BIGBITS=256 */
-
-
-/* Don't Modify from here... */
-
- public static final int NLEN=(1+((MODBITS-1)/BASEBITS));
- public static final int DNLEN=2*NLEN;
- public static final int BMASK=(((int)1<<BASEBITS)-1);
- public static final int MODBYTES=(1+(MODBITS-1)/8);
- public static final int NEXCESS =((int)1<<(CHUNK-BASEBITS-1));
- public static final int FEXCESS =((int)1<<(BASEBITS*NLEN-MODBITS));
- public static final int OMASK=(int)(-1)<<(MODBITS%BASEBITS);
- public static final int TBITS=MODBITS%BASEBITS; // Number of active bits in top word
- public static final int TMASK=((int)1<<TBITS)-1;
- public static final int BIGBITS=(MODBYTES*8);
-
-/* Finite field support - for RSA, DH etc. */
- public static final int FF_BITS=(BIGBITS*FFLEN); /* Finite Field Size in bits - must be 256.2^n */
- public static final int HFLEN=(FFLEN/2); /* Useful for half-size RSA private key operations */
-
- public static final int P_MBITS=MODBYTES*8;
- public static final int P_OMASK=((int)(-1)<<(P_MBITS%BASEBITS));
- public static final int P_FEXCESS=((int)1<<(BASEBITS*NLEN-P_MBITS));
- public static final int P_TBITS=(P_MBITS%BASEBITS);
-
-/* ...to here */
-
-// START SPECIFY FIELD DETAILS HERE
-//*********************************************************************************
-// Curve25519 Modulus
-// public static final int MODTYPE=PSEUDO_MERSENNE;
-// public static final int[] Modulus={0x1FFFFFED,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFFF};
-// public static final int MConst=19;
-
-// NIST-256 Modulus
-// public static final int MODTYPE=NOT_SPECIAL;
-// public static final int[] Modulus={0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FF,0x0,0x0,0x40000,0x1FE00000,0xFFFFFF};
-// public static final int MConst=1;
-
-// MF254 Modulus
-// public static final int MODTYPE=MONTGOMERY_FRIENDLY;
-// public static final int[] Modulus={0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3F80FF};
-// public static final int MConst=0x3F8100;
-
-// MS255 Modulus
-//public static final int MODTYPE= 1;
-//public static final int[] Modulus= {0x1FFFFD03,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFFF};
-//public static final int MConst=0x2FD;
-
-// MS256 Modulus
-//public static final int MODTYPE= 1;
-//public static final int[] Modulus= {0x1FFFFF43,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFFFFFF};
-//public static final int MConst=0xBD;
-
-// MF256 Modulus
-//public static final int MODTYPE= 2;
-//public static final int[] Modulus= {0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFFA7FF};
-//public static final int MConst=0xFFA800;
-
-// Brainpool Modulus
-// public static final int MODTYPE= 0;
-// public static final int[] Modulus= {0x1F6E5377,0x9A40E8,0x9880A08,0x17EC47AA,0x18D726E3,0x5484EC1,0x6F0F998,0x1B743DD5,0xA9FB57};
-// public static final int MConst=0xEFD89B9;
-
-// ANSSI Modulus
-// public static final int MODTYPE= 0;
-// public static final int[] Modulus= {0x186E9C03,0x7E79A9E,0x12329B7A,0x35B7957,0x435B396,0x16F46721,0x163C4049,0x1181675A,0xF1FD17};
-// public static final int MConst=0x164E1155;
-
-
-// BNCX Curve Modulus
-// public static final int MODTYPE=NOT_SPECIAL;
-// public static final int[] Modulus= {0x1C1B55B3,0x13311F7A,0x24FB86F,0x1FADDC30,0x166D3243,0xFB23D31,0x836C2F7,0x10E05,0x240000};
-// public static final int MConst=0x19789E85;
-
-// HIFIVE Curve Modulus
-// public static final int MODTYPE=PSEUDO_MERSENNE;
-// public static final int[] Modulus={0x1FFFFFFD,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFF};
-// public static final int MConst=0x3;
-
-// GOLDILOCKS Curve Modulus
-// public static final int MODTYPE=GENERALISED_MERSENNE;
-// public static final int[] Modulus={0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FDFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFF};
-// public static final int MConst=0x1;
-
-// NIST384 Curve Modulus
-// public static final int MODTYPE=NOT_SPECIAL;
-// public static final int[] Modulus={0x1FFFFFFF,0x7,0x0,0x1FFFFE00,0x1FFFEFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7F};
-// public static final int MConst=0x1;
-
-// C41417 Curve Modulus
-// public static final int MODTYPE=PSEUDO_MERSENNE;
-// public static final int[] Modulus={0x1FFFFFEF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFF};
-// public static final int MConst=0x11;
-
-// NIST521 Curve Modulus
-// public static final int MODTYPE=PSEUDO_MERSENNE;
-// public static final int[] Modulus={0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0x1FFFF};
-// public static final int MConst=0x1;
-
-
-// BN646 Curve Modulus
-// public static final int MODTYPE=NOT_SPECIAL;
-// public static final int[] Modulus={0x404E013,0x1203604,0x4E0000,0x80A2084,0x2,0xC90420,0x4051078,0x3600001,0xA20660,0x36,0x5100900,0x10288468,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90};
-// public static final int MConst=0x15F615E5;
-
-// BN254 Curve Modulus
-// public static final int MODTYPE=NOT_SPECIAL;
-// public static final int[] Modulus= {0x13,0x18000000,0x4E9,0x2000000,0x8612,0x6C00000,0x6E8D1,0x10480000,0x252364};
-// public static final int MConst=0x179435E5;
-
-// BN454 Curve Modulus
-// public static final int MODTYPE=NOT_SPECIAL;
-// public static final int[] Modulus= {0x13,0x270,0x2100,0x1C00D89C,0x25084,0xA284,0x24720,0x10803AA1,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000};
-// public static final int MConst=0x179435E5;
-
-// BLS383 Curve Modulus
- public static final int MODTYPE=NOT_SPECIAL;
- public static final int[] Modulus= {0xAAD556B,0xACAAB52,0x5F75D7A,0x1BB0147,0xD5D7520,0xCF73083,0xF99EB16,0x531820,0xA68EA32,0x2C01355,0x552A785,0x5C6105C,0x80A9F7,0x7AC52};
- public static final int MConst=0x123D0BD;
-
-// BLS455 Curve Modulus
-// public static final int MODTYPE=NOT_SPECIAL;
-// public static final int[] Modulus= {0x2AB,0x1500000C,0xAAA55AA,0xB12AAD6,0x6D1BA6C,0xCCA5674,0x12E2CF6E,0xA9F9662,0x34BD939,0x12D8EAB1,0xFD9978E,0x9240600,0xE0F95B,0xAAB9550,0x55555E5,0xAAAAB};
-// public static final int MConst=0x1F4017FD;
-
-
-// BNT Curve Modulus
-// public static final int MODTYPE=NOT_SPECIAL;
-// public static final int[] Modulus= {0xEB4A713,0x14EDDFF7,0x1D192EAF,0x14AAAC29,0xD5F06E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120};
-// public static final int MConst=0x1914C4E5;
-
-// BNT2 Curve Modulus
-// public static final int MODTYPE=NOT_SPECIAL;
-// public static final int[] Modulus= {0x1460A48B,0x596E15D,0x1C35947A,0x1F27C851,0x1D00081C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004};
-// public static final int MConst=0x6505CDD;
-
-// START SPECIFY CURVE DETAILS HERE
-//*********************************************************************************
-// Original Curve25519
-// public static final int CURVETYPE=MONTGOMERY;
-// public static final int CURVE_A =486662;
-// public static final int[] CURVE_B = {0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; // not used
-// public static final int[] CURVE_Order={0x1CF5D3ED,0x9318D2,0x1DE73596,0x1DF3BD45,0x14D,0x0,0x0,0x0,0x100000};
-// public static final int[] CURVE_Gx ={0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-// public static final int[] CURVE_Gy ={0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; // not used
-
-
-// Ed25519 Curve
-// public static final int CURVETYPE=EDWARDS;
-// public static final int CURVE_A = -1;
-// public static final int[] CURVE_B = {0x135978A3,0xF5A6E50,0x10762ADD,0x149A82,0x1E898007,0x3CBBBC,0x19CE331D,0x1DC56DFF,0x52036C};
-// public static final int[] CURVE_Order={0x1CF5D3ED,0x9318D2,0x1DE73596,0x1DF3BD45,0x14D,0x0,0x0,0x0,0x100000};
-// public static final int[] CURVE_Gx ={0xF25D51A,0xAB16B04,0x969ECB2,0x198EC12A,0xDC5C692,0x1118FEEB,0xFFB0293,0x1A79ADCA,0x216936};
-// public static final int[] CURVE_Gy={0x6666658,0x13333333,0x19999999,0xCCCCCCC,0x6666666,0x13333333,0x19999999,0xCCCCCCC,0x666666};
-
-// WS25519 Curve
-// public static final int CURVETYPE=WEIERSTRASS;
-// public static final int CURVE_A = -3;
-// public static final int[] CURVE_B = {0x28,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-// public static final int[] CURVE_Order = {0x1728ACA1,0x8E7230C,0x10E8DCDB,0x1C1FC966,0x5D5,0x0,0x0,0x0,0x800000};
-// public static final int[] CURVE_Gx={0x14D8261F,0x23A9C3B,0x1E392613,0xE9D560D,0x19BD0F9A,0x1A9EF052,0xCFB499,0x4242BE1,0x67E3F5};
-// public static final int[] CURVE_Gy={0x1DEEF38,0x1A31963F,0x4871D5,0x16572E70,0x1DEA014C,0x1AE6A722,0x165D7907,0x1903CD0B,0x36856};
-
-// NIST-256 Curve
-// public static final int CURVETYPE=WEIERSTRASS;
-// public static final int CURVE_A = -3;
-// public static final int[] CURVE_B={0x7D2604B,0x1E71E1F1,0x14EC3D8E,0x1A0D6198,0x86BC651,0x1EAABB4C,0xF9ECFAE,0x1B154752,0x5AC635};
-// public static final int[] CURVE_Order={0x1C632551,0x1DCE5617,0x5E7A13C,0xDF55B4E,0x1FFFFBCE,0x1FFFFFFF,0x3FFFF,0x1FE00000,0xFFFFFF};
-// public static final int[] CURVE_Gx={0x1898C296,0x509CA2E,0x1ACCE83D,0x6FB025B,0x40F2770,0x1372B1D2,0x91FE2F3,0x1E5C2588,0x6B17D1};
-// public static final int[] CURVE_Gy={0x17BF51F5,0x1DB20341,0xC57B3B2,0x1C66AED6,0x19E162BC,0x15A53E07,0x1E6E3B9F,0x1C5FC34F,0x4FE342};
-//
-// MF254 Modulus, Weierstrass Curve w-254-mont
-//public static final int CURVETYPE= 0;
-//public static final int CURVE_A = -3;
-//public static final int[] CURVE_B = {0x1FFFD08D,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3F80FF};
-//public static final int[] CURVE_Order={0xF8DF83F,0x1D20CE25,0x8DD701B,0x317D41B,0x1FFFFEB8,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3F80FF};
-//public static final int[] CURVE_Gx ={0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-//public static final int[] CURVE_Gy ={0x190D4EBC,0xB2EF9BF,0x14464C6B,0xE71C7F0,0x18AEBDFB,0xD3ADEBB,0x18052B85,0x1A6765CA,0x140E3F};
-
-// MF254 Modulus, Edwards Curve ed-254-mont
-//public static final int CURVETYPE= 1;
-//public static final int CURVE_A = -1;
-//public static final int[] CURVE_B = {0x367B,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-//public static final int[] CURVE_Order={0x46E98C7,0x179E9FF6,0x158BEC3A,0xA60D917,0x1FFFFEB9,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFE03F};
-//public static final int[] CURVE_Gx ={0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-//public static final int[] CURVE_Gy ={0xF2701E5,0x29687ED,0xC84861F,0x535081C,0x3F4E363,0x6A811B,0xCD65474,0x121AD498,0x19F0E6};
-
-// MF254 Modulus, Montgomery Curve
-// public static final int CURVETYPE=MONTGOMERY;
-// public static final int CURVE_A =-55790;
-// public static final int[] CURVE_B = {0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; // not used
-// public static final int[] CURVE_Order={0x46E98C7,0x179E9FF6,0x158BEC3A,0xA60D917,0x1FFFFEB9,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFE03F};
-// public static final int[] CURVE_Gx ={0x3,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-// public static final int[] CURVE_Gy ={0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; // not used
-
-// MS255 Modulus, Weierstrass Curve
-//public static final int CURVETYPE= WEIERSTRASS;
-//public static final int CURVE_A = -3;
-//public static final int[] CURVE_B = {0x1FFFAB46,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFFF};
-//public static final int[] CURVE_Order={0x1C594AEB,0x1C7D64C1,0x14ACF7EA,0x14705075,0x1FFFF864,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFFF};
-//public static final int[] CURVE_Gx ={0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-//public static final int[] CURVE_Gy ={0x9CB44BA,0x199FFB3B,0x1F698345,0xD8F19BB,0x17D177DB,0x1FFCD97F,0xCE487A,0x181DB74F,0x6F7A6A};
-
-// MS255 Modulus, Edwards Curve
-//public static final int CURVETYPE= EDWARDS;
-//public static final int CURVE_A = -1;
-//public static final int[] CURVE_B = {0xEA97,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-//public static final int[] CURVE_Order={0x436EB75,0x24E8F68,0x9A0CBAB,0x34F0BDB,0x1FFFFDCF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFF};
-//public static final int[] CURVE_Gx ={0x4,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-//public static final int[] CURVE_Gy ={0x108736A0,0x11512ADE,0x1116916E,0x29715DA,0x47E5529,0x66EC706,0x1517B095,0xA694F76,0x26CB78};
-
-// MS255 Modulus, Montgomery Curve
-// public static final int CURVETYPE=MONTGOMERY;
-// public static final int CURVE_A =-240222;
-// public static final int[] CURVE_B = {0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; // not used
-// public static final int[] CURVE_Order={0x436EB75,0x24E8F68,0x9A0CBAB,0x34F0BDB,0x1FFFFDCF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFF};
-// public static final int[] CURVE_Gx ={0x4,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-// public static final int[] CURVE_Gy ={0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; // not used
-
-// MS256, Weierstrass Curve
-//public static final int CURVETYPE= WEIERSTRASS;
-//public static final int CURVE_A = -3;
-//public static final int[] CURVE_B = {0x25581,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-//public static final int[] CURVE_Order={0x751A825,0x559014A,0x9971808,0x1904EBD4,0x1FFFFE43,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFFFFFF};
-//public static final int[] CURVE_Gx ={0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-//public static final int[] CURVE_Gy ={0x2B56C77,0x1FA31836,0x253B042,0x185F26EB,0xDD6BD02,0x4B66777,0x1B5FF20B,0xA783C8C,0x696F18};
-
-// MS256, Edwards Curve
-//public static final int CURVETYPE= EDWARDS;
-//public static final int CURVE_A = -1;
-//public static final int[] CURVE_B = {0x3BEE,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-//public static final int[] CURVE_Order={0x1122B4AD,0xDC27378,0x9AF1939,0x154AB5A1,0x1FFFFBE6,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3FFFFF};
-//public static final int[] CURVE_Gx ={0xD,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-//public static final int[] CURVE_Gy ={0x131CADBA,0x3FB7DA9,0x134C0FDC,0x14DAC704,0x46BFBE2,0x1859CFD0,0x1B6E8F4C,0x3C5424E,0x7D0AB4};
-
-// MS256 Modulus, Montgomery Curve
-// public static final int CURVETYPE=MONTGOMERY;
-// public static final int CURVE_A =-61370;
-// public static final int[] CURVE_B = {0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; // not used
-// public static final int[] CURVE_Order={0x1122B4AD,0xDC27378,0x9AF1939,0x154AB5A1,0x1FFFFBE6,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3FFFFF};
-// public static final int[] CURVE_Gx ={0xb,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-// public static final int[] CURVE_Gy ={0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; // not used
-
-// MF256 Modulus, Weierstrass Curve
-//public static final int CURVETYPE= WEIERSTRASS;
-//public static final int CURVE_A = -3;
-//public static final int[] CURVE_B = {0x14E6A,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-//public static final int[] CURVE_Order={0x79857EB,0x8862F0D,0x1941D2E7,0x2EA27CD,0x1FFFFFC5,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFFA7FF};
-//public static final int[] CURVE_Gx ={0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-//public static final int[] CURVE_Gy ={0xB724D2A,0x3CAA61,0x5371984,0x128FD71B,0x1AE28956,0x1D13091E,0x339EEAE,0x10F7C301,0x20887C};
-
-// MF256, Edwards Curve
-//public static final int CURVETYPE= EDWARDS;
-//public static final int CURVE_A = -1;
-//public static final int[] CURVE_B = {0x350A,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-//public static final int[] CURVE_Order={0x18EC7BAB,0x16C976F6,0x19CCF259,0x9775F70,0x1FFFFB15,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3FE9FF};
-//public static final int[] CURVE_Gx ={0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-//public static final int[] CURVE_Gy ={0x12F3C908,0xF553917,0x1FA9A35F,0xBCC91B,0x1AACA0C,0x1779ED96,0x156BABAF,0x1F1F1989,0xDAD8D4};
-
-// MF256 Modulus, Montgomery Curve
-// public static final int CURVETYPE=MONTGOMERY;
-// public static final int CURVE_A =-54314;
-// public static final int[] CURVE_B = {0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; // not used
-// public static final int[] CURVE_Order={0x18EC7BAB,0x16C976F6,0x19CCF259,0x9775F70,0x1FFFFB15,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3FE9FF};
-// public static final int[] CURVE_Gx ={0x8,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-// public static final int[] CURVE_Gy ={0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; // not used
-
-// Brainpool
-// public static final int CURVETYPE= WEIERSTRASS;
-// public static final int CURVE_A = -3;
-// public static final int[] CURVE_B = {0x1EE92B04,0x172C080F,0xBD2495A,0x7D7895E,0x176B7BF9,0x13B99E85,0x1A93F99A,0x18861B09,0x662C61};
-// public static final int[] CURVE_Order={0x174856A7,0xF07414,0x1869BDE4,0x12F5476A,0x18D718C3,0x5484EC1,0x6F0F998,0x1B743DD5,0xA9FB57};
-// public static final int[] CURVE_Gx ={0xE1305F4,0xD0C8AB1,0xBEF0ADE,0x28588F5,0x16149AFA,0x9D91D32,0x1EDDCC88,0x79839FC,0xA3E8EB};
-// public static final int[] CURVE_Gy ={0x1B25C9BE,0xD5F479A,0x1409C007,0x196DBC73,0x417E69B,0x1170A322,0x15B5FDEC,0x10468738,0x2D996C};
-
-// ANSSI
-// public static final int CURVETYPE= WEIERSTRASS;
-// public static final int CURVE_A = -3;
-// public static final int[] CURVE_B = {0x1B7BB73F,0x3AF6CB3,0xC68600C,0x181935C9,0xC00FDFE,0x1D3AA522,0x4C0352A,0x194A8515,0xEE353F};
-// public static final int[] CURVE_Order={0x6D655E1,0x1FEEA2CE,0x14AFE507,0x18CFC281,0x435B53D,0x16F46721,0x163C4049,0x1181675A,0xF1FD17};
-// public static final int[] CURVE_Gx ={0x198F5CFF,0x64BD16E,0x62DC059,0xFA5B95F,0x23958C2,0x1EA3A4EA,0x7ACC460,0x186AD827,0xB6B3D4};
-// public static final int[] CURVE_Gy ={0x14062CFB,0x188AD0AA,0x19327860,0x3860FD1,0xEF8C270,0x18F879F6,0x12447E49,0x1EF91640,0x6142E0};
-
-// HIFIVE
-// public static final int CURVETYPE=EDWARDS;
-// public static final int CURVE_A=1;
-// public static final int[] CURVE_Order={0x1E9FA805,0x197CACB9,0x1E4EEA9E,0x17AD70F,0x1FA9850C,0x38A0A,0x0,0x0,0x0,0x0,0x0,0x4000};
-// public static final int[] CURVE_B = {0x2B67,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-// public static final int[] CURVE_Gx ={0xC,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-// public static final int[] CURVE_Gy ={0x5FE8632,0x15F63428,0xD976C4,0x1AACA194,0x35B6DB5,0x8E3F7A,0x52D1B0E,0xF0A7A36,0x1C161D00,0x8170C70,0x1185AD59,0x181B};
-
-// GOLDILOCKS
-// public static final int CURVETYPE=EDWARDS;
-// public static final int CURVE_A=1;
-// public static final int[] CURVE_Order={0xB5844F3,0x1BC61495,0x1163D548,0x1984E51B,0x3690216,0xDA4D76B,0xFA7113B,0x1FEF9944,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FF};
-// public static final int[] CURVE_B = {0x1FFF6756,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FDFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFF};
-// public static final int[] CURVE_Gx ={0x15555555,0xAAAAAAA,0x15555555,0xAAAAAAA,0x15555555,0xAAAAAAA,0x15555555,0x152AAAAA,0xAAAAAAA,0x15555555,0xAAAAAAA,0x15555555,0xAAAAAAA,0x15555555,0xAAAAAAA,0x1555};
-// public static final int[] CURVE_Gy ={0xA9386ED,0x1757DE6F,0x13681AF6,0x19657DA3,0x3098BBB,0x12C19D15,0x12E03595,0xE515B18,0x17B7E36D,0x1AC426E,0xDBB5E8,0x10D8560,0x159D6205,0xB8246D9,0x17A58D2B,0x15C0};
-
-// NIST384
-// public static final int CURVETYPE=WEIERSTRASS;
-// public static final int CURVE_A=-3;
-// public static final int[] CURVE_Order = {0xCC52973,0x760CB56,0xC29DEBB,0x141B6491,0x12DDF581,0x6C0FA1B,0x1FFF1D8D,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7F};
-// public static final int[] CURVE_B = {0x13EC2AEF,0x142E476E,0xBB4674A,0xC731B14,0x1875AC65,0x447A809,0x4480C50,0xDDFD028,0x19181D9C,0x1F1FC168,0x623815A,0x47DCFC9,0x1312FA7E,0x59};
-// public static final int[] CURVE_Gx = {0x12760AB7,0x12A2F1C3,0x154A5B0E,0x5E4BB7E,0x2A38550,0xF0412A,0xE6167DD,0xC5174F3,0x146E1D3B,0x1799056B,0x3AC71C7,0x1D160A6F,0x87CA22B,0x55};
-// public static final int[] CURVE_Gy = {0x10EA0E5F,0x1218EBE4,0x1FA0675E,0x1639C3A,0xB8C00A6,0x1889DAF8,0x11F3A768,0x17A51342,0x9F8F41D,0x1C9496E1,0x1767A62F,0xC4C58DE,0x17DE4A9,0x1B};
-
-// C41417
-// public static final int CURVETYPE=EDWARDS;
-// public static final int CURVE_A=1;
-// public static final int[] CURVE_Order = {0x106AF79,0x18738D2F,0x18F3C606,0x1806715A,0x22B36F1,0xA67B830,0xCF32490,0x1FFFFFFD,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1F};
-// public static final int[] CURVE_B = {0xE21,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-// public static final int[] CURVE_Gx = {0x13CBC595,0x7E9C097,0x14DF1931,0x14E7F550,0x1A111301,0x15A6B6B5,0xD526292,0x18FEAFFE,0x1F44C03E,0x1E6A31B4,0x70C9B97,0x43180C6,0x1443300,0x19A4828A,0x68};
-// public static final int[] CURVE_Gy = {0x22,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-
-// NIST521
-// public static final int CURVETYPE=WEIERSTRASS;
-// public static final int CURVE_A=-3;
-// public static final int[] CURVE_Order = {0x1386409,0x6FB71E9,0xC47AEBB,0xC9B8899,0x5D03BB5,0x48F709A,0xB7FCC01,0xBF2F966,0x1868783,0xFFFFFA5,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0x1FFFF};
-// public static final int[] CURVE_B = {0xB503F00,0x451FD46,0xC34F1EF,0xDF883D2,0xF073573,0xBD3BB1B,0xB1652C0,0xEC7E937,0x6193951,0xF109E15,0x489918E,0x15F3B8B,0x25B99B3,0xEEA2DA7,0xB68540,0x929A21A,0xE1C9A1F,0x3EB9618,0x5195};
-// public static final int[] CURVE_Gx = {0x2E5BD66,0x7E7E31C,0xA429BF9,0xB3C1856,0x8DE3348,0x27A2FFA,0x8FE1DC1,0xEFE7592,0x14B5E77,0x4D3DBAA,0x8AF606B,0xB521F82,0x139053F,0x429C648,0x62395B4,0x9E3ECB6,0x404E9CD,0x8E06B70,0xC685};
-// public static final int[] CURVE_Gy = {0xFD16650,0xBE94769,0x2C24088,0x7086A27,0x761353C,0x13FAD0,0xC550B9,0x5EF4264,0x7EE7299,0x3E662C9,0xFBD1727,0x446817A,0x449579B,0xD998F54,0x42C7D1B,0x5C8A5FB,0xA3BC004,0x296A789,0x11839};
-
-//BN646 Curve
-/*
- public static final int CURVETYPE=WEIERSTRASS;
- public static final int CURVE_PAIRING_TYPE=BN_CURVE;
- public static final int CURVE_A = 0;
- public static final int[] CURVE_Order={0x1E04200D,0x1203603,0x420000,0x80A207E,0x2,0xC303F0,0x4051075,0x3600001,0xA20630,0x36,0x5100900,0x1028845C,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90};
- public static final int[] CURVE_B= {0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
- public static final int[] CURVE_Cof= {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-
- public static final int[] CURVE_Gx={0x404E012,0x1203604,0x4E0000,0x80A2084,0x2,0xC90420,0x4051078,0x3600001,0xA20660,0x36,0x5100900,0x10288468,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90};
- public static final int[] CURVE_Gy={0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-
- public static final int[] CURVE_Bnx={0x1001,0x0,0x10000,0x0,0x0,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
- public static final int[] CURVE_Cru={0x401B007,0x901,0x1B0000,0x1B024,0x0,0x288120,0xD812,0x900000,0x1B0120,0x0,0xD80000,0x6C048,0x0,0x6C0000,0x0,0x0,0x120000,0x0,0x0,0x0,0x0,0x0,0x0};
- public static final int[] CURVE_Fra={0x4929A14,0x3B756CA,0x4337DD0,0xFC1417C,0x193166BB,0x1DC54515,0x1C0DF653,0x19BF8961,0x155980E,0x1983CB14,0x4D76309,0x1DEAB1A4,0xF9C3CF5,0x128FEC2D,0x867E339,0xDA0548A,0x1A480AF,0xA3CBCD2,0x116DA6E0,0x2A546E9,0x789577C,0x1F9459D2,0x27};
- public static final int[] CURVE_Frb={0x1F7245FF,0x1D68DF39,0x1C1A822F,0x1848DF07,0x6CE9946,0x303BF0A,0x7F71A24,0x9A0769F,0x1F4C6E51,0x67C3521,0x38A5F6,0x123DD2C4,0x1063C317,0xFF825D2,0x17981E76,0x125FAB75,0x1EC78CD0,0x15C34375,0xE92591F,0x1D5ABD96,0x1876A883,0x6BA62D,0x68};
- public static final int[] CURVE_Pxa={0x1CCC5E10,0x119F939,0xC6C7FE9,0x81022FF,0x6486AA6,0x1CBC560B,0x1F707429,0xC82F7B9,0x1A7F5CDA,0x14C0EB47,0x11412373,0x13DAF21E,0x126BE416,0x166744A7,0x506E81,0x1048FFA3,0x13A6B0C9,0x1A90979A,0xE78C338,0x1722C561,0xBFFF9A1,0xC1AF83C,0x3F};
- public static final int[] CURVE_Pxb={0x67F4BC0,0x1BFC3C9,0x1E9DC3B6,0x87E2B03,0xB820274,0x1DD03B1E,0x517C463,0x1EFCBBC9,0x19F786A8,0x5572E90,0xD0BA5E0,0x16E8A40A,0x1013CF3B,0x11A7F82B,0x1C27B302,0x15E7CD12,0xB79A6DF,0x1EC6895B,0x5775A7E,0xBB28D24,0x416A171,0x127D284E,0x5D};
- public static final int[] CURVE_Pya={0xC3FB414,0x2B868EE,0xD858793,0x157FCFE,0x16C849AD,0x1D17B0A4,0x1353CFEA,0x940A061,0x1CEF834E,0x7BE766A,0x4584C1C,0xE2397E9,0x418E9D4,0x8F53B8,0x53B37E0,0x11CA29D9,0xE425654,0x9EFF9AF,0x18CF27A1,0x17755A26,0x3F5481A,0x6C531BC,0x1E};
- public static final int[] CURVE_Pyb={0x133908AD,0x17F1F1ED,0x14196532,0x19A85214,0x173EC3F7,0x1021EC2C,0xD798A3E,0x18F4C857,0x82EE2FA,0x11B5296D,0x1831D9C6,0x4463DB5,0x11B4812C,0xF93B884,0xC72653,0xEC6F6ED,0x916CFFF,0x1E81ED0A,0x1103518E,0x1E478B01,0x6B01074,0xC46CCAA,0x48};
- public static final int[][] CURVE_W={{0x6008003,0x0,0x80000,0x6,0x0,0x40030,0x3,0x0,0x30,0x0,0x0,0xC,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x2001,0x0,0x20000,0x0,0x0,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
- public static final int[][][] CURVE_SB={{{0x600A004,0x0,0xA0000,0x6,0x0,0x50030,0x3,0x0,0x30,0x0,0x0,0xC,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x2001,0x0,0x20000,0x0,0x0,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x2001,0x0,0x20000,0x0,0x0,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x1803A00A,0x1203603,0x3A0000,0x80A2078,0x2,0xBF03C0,0x4051072,0x3600001,0xA20600,0x36,0x5100900,0x10288450,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90}}};
- public static final int[][] CURVE_WB={{0x2001000,0x0,0x10000,0x2,0x0,0x8010,0x1,0x0,0x10,0x0,0x0,0x4,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x1C015005,0x600,0x150000,0x1201C,0x0,0x1C80E0,0x900E,0x600000,0x1200E0,0x0,0x900000,0x48038,0x0,0x480000,0x0,0x0,0xC0000,0x0,0x0,0x0,0x0,0x0,0x0},{0xE00B003,0x300,0xB0000,0x900E,0x0,0xE8070,0x4807,0x300000,0x90070,0x0,0x480000,0x2401C,0x0,0x240000,0x0,0x0,0x60000,0x0,0x0,0x0,0x0,0x0,0x0},{0x2003001,0x0,0x30000,0x2,0x0,0x18010,0x1,0x0,0x10,0x0,0x0,0x4,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
- public static final int[][][] CURVE_BB={{{0x1E04100D,0x1203603,0x410000,0x80A207E,0x2,0xC283F0,0x4051075,0x3600001,0xA20630,0x36,0x5100900,0x1028845C,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90},{0x1E04100C,0x1203603,0x410000,0x80A207E,0x2,0xC283F0,0x4051075,0x3600001,0xA20630,0x36,0x5100900,0x1028845C,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90},{0x1E04100C,0x1203603,0x410000,0x80A207E,0x2,0xC283F0,0x4051075,0x3600001,0xA20630,0x36,0x5100900,0x1028845C,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90},{0x2002,0x0,0x20000,0x0,0x0,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x2001,0x0,0x20000,0x0,0x0,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x1E04100C,0x1203603,0x410000,0x80A207E,0x2,0xC283F0,0x4051075,0x3600001,0xA20630,0x36,0x5100900,0x1028845C,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90},{0x1E04100D,0x1203603,0x410000,0x80A207E,0x2,0xC283F0,0x405
1075,0x3600001,0xA20630,0x36,0x5100900,0x1028845C,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90},{0x1E04100C,0x1203603,0x410000,0x80A207E,0x2,0xC283F0,0x4051075,0x3600001,0xA20630,0x36,0x5100900,0x1028845C,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90}},{{0x2002,0x0,0x20000,0x0,0x0,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x2001,0x0,0x20000,0x0,0x0,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x2001,0x0,0x20000,0x0,0x0,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x2001,0x0,0x20000,0x0,0x0,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x1002,0x0,0x10000,0x0,0x0,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x4002,0x0,0x40000,0x0,0x0,0x20000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x1E04000A,0x1203603,0x400000,0x80A207E,0x2,0xC203F0,0x4051075,0x3600001,0xA2063
0,0x36,0x5100900,0x1028845C,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90},{0x1002,0x0,0x10000,0x0,0x0,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}};
-
- public static final boolean USE_GLV =true;
- public static final boolean USE_GS_G2 =true;
- public static final boolean USE_GS_GT =true;
- public static final boolean GT_STRONG=false;
-*/
-// BNCX Curve
-/*
- public static final int CURVETYPE=WEIERSTRASS;
- public static final int CURVE_PAIRING_TYPE=BN_CURVE;
- public static final int CURVE_A = 0;
- public static final int[] CURVE_B = {0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
- public static final int[] CURVE_Cof = {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-
- public static final int[] CURVE_Order={0x16EB1F6D,0x108E0531,0x1241B3AF,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000};
- public static final int[] CURVE_Bnx={0x3C012B1,0x0,0x10,0x0,0x0,0x0,0x0,0x0,0x0};
- public static final int[] CURVE_Cru={0x14235C97,0xF0498BC,0x1BE1D58C,0x1BBEC8E3,0x3F1440B,0x654,0x12000,0x0,0x0};
- public static final int[] CURVE_Fra={0x15C80EA3,0x1EC8419A,0x1CFE0856,0xEE64DE2,0x11898686,0x5C55653,0x592BF86,0x5F4C740,0x135908};
- public static final int[] CURVE_Frb={0x6534710,0x1468DDE0,0x551B018,0x10C78E4D,0x4E3ABBD,0x9ECE6DE,0x2A40371,0x1A0C46C5,0x10A6F7};
- public static final int[] CURVE_Pxa={0x4D2EC74,0x428E777,0xF89C9B0,0x190B7F40,0x14BBB907,0x12807AE1,0x958D62C,0x58E0A76,0x19682D};
- public static final int[] CURVE_Pxb={0xE29CFE1,0x1D2C7459,0x270C3D1,0x172F6184,0x19743F81,0x49BD474,0x192A8047,0x1D87C33E,0x1466B9};
- public static final int[] CURVE_Pya={0xF0BE09F,0x7DFE75E,0x1FB06CC3,0x3667B08,0xE209636,0x110ABED7,0xE376078,0x1B2E4665,0xA79ED};
- public static final int[] CURVE_Pyb={0x898EE9D,0xC825914,0x14BB7AFB,0xC9D4AD3,0x13461C28,0x122896C6,0x240D71B,0x73D9898,0x6160C};
- public static final int[] CURVE_Gx ={0x1C1B55B2,0x13311F7A,0x24FB86F,0x1FADDC30,0x166D3243,0xFB23D31,0x836C2F7,0x10E05,0x240000};
- public static final int[] CURVE_Gy ={0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
- public static final int[][] CURVE_W={{0x162FEB83,0x2A31A48,0x100E0480,0x16,0x600,0x0,0x0,0x0,0x0},{0x7802561,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0}};
- public static final int[][][] CURVE_SB={{{0x1DB010E4,0x2A31A48,0x100E04A0,0x16,0x600,0x0,0x0,0x0,0x0},{0x7802561,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x7802561,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0xBB33EA,0xDEAEAE9,0x233AF2F,0x1FADDC03,0x166D2643,0xFB23D31,0x836C2F7,0x10E05,0x240000}}};
- public static final int[][] CURVE_WB={{0x167A84B0,0xE108C2,0x1004AC10,0x7,0x200,0x0,0x0,0x0,0x0},{0x1E220475,0x166FCCAD,0x129FE68D,0x1D29DB51,0x2A0DC07,0x438,0xC000,0x0,0x0},{0xF10B93,0x1B37E657,0x194FF34E,0x1E94EDA8,0x1506E03,0x21C,0x6000,0x0,0x0},{0x1DFAAA11,0xE108C2,0x1004AC30,0x7,0x200,0x0,0x0,0x0,0x0}};
- public static final int[][][] CURVE_BB={{{0x132B0CBD,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000},{0x132B0CBC,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000},{0x132B0CBC,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000},{0x7802562,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x7802561,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0x132B0CBC,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000},{0x132B0CBD,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000},{0x132B0CBC,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000}},{{0x7802562,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0x7802561,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0x7802561,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0x7802561,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x3C012B2,0x0,0x10,0x0,0x0,0x0,0x0,0x0,0x0},{0xF004AC2,0x0,0x40,0x0,0x0,0x0,0x0,0x0,0x0},{0xF6AFA0A,0x108E0531,0x1
241B38F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000},{0x3C012B2,0x0,0x10,0x0,0x0,0x0,0x0,0x0,0x0}}};
-
- public static final boolean USE_GLV =true;
- public static final boolean USE_GS_G2 =true;
- public static final boolean USE_GS_GT =true;
- public static final boolean GT_STRONG=true;
-*/
-// BNT2 Curve
-/*
- public static final int CURVETYPE=WEIERSTRASS;
- public static final int CURVE_PAIRING_TYPE=BN_CURVE;
- public static final int CURVE_A = 0;
- public static final int[] CURVE_B = {0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
- public static final int[] CURVE_Cof = {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-
- public static final int[] CURVE_Order={0x11AA2BF5,0x1FDB8D28,0xDCE0CF5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004};
- public static final int[] CURVE_Bnx={0x608205,0x1008,0x10,0x0,0x0,0x0,0x0,0x0,0x0};
- public static final int[] CURVE_Cru={0x866BD33,0x1A813A22,0x591C3BE,0xAB6EE60,0x1ECF2367,0x361B0BD,0x12000,0x0,0x0};
- public static final int[] CURVE_Fra={0x13AEF062,0x1593464B,0x10EF3924,0x198D3667,0x17F195BB,0xFB3FD1,0xADAF429,0x11A53D19,0x124E0B};
- public static final int[] CURVE_Frb={0xB1B429,0x10039B12,0xB465B55,0x59A91EA,0x50E7261,0xF0C5DF3,0x1FDBE90F,0x1EA2E4D1,0x11B1F8};
- public static final int[] CURVE_Pxa={0x1F40A3C8,0x166491CC,0x19845E12,0xB9B49D2,0x161706B3,0xBBD82B4,0x18C609E7,0x19F2D278,0x16FC17};
- public static final int[] CURVE_Pxb={0x18549540,0x2ABD456,0x1D944184,0x16DEF7CD,0x1A95D17D,0x42B2C83,0x16427206,0x17AB2E,0x1EB5B5};
- public static final int[] CURVE_Pya={0x14220513,0x3DF6628,0x39CDEC5,0x894F10C,0x135F1268,0x1D28DC1C,0xAAA7537,0x130EC284,0x1E8EE4};
- public static final int[] CURVE_Pyb={0x177CE78E,0x1DC9947A,0x1BE95E07,0x1D6E8DC4,0x1FB8E27,0x1B549EDE,0xF6E8A75,0x19B75C67,0x23CEF4};
- public static final int[] CURVE_Gx ={0x1460A48A,0x596E15D,0x1C35947A,0x1F27C851,0x1D00081C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004};
- public static final int[] CURVE_Gy ={0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
- public static final int[][] CURVE_W={{0x1347083,0x5BB1415,0xE678744,0xC0602,0x600,0x0,0x0,0x0,0x0},{0xC10409,0x2010,0x20,0x0,0x0,0x0,0x0,0x0,0x0}};
- public static final int[][][] CURVE_SB={{{0x1F5748C,0x5BB3425,0xE678764,0xC0602,0x600,0x0,0x0,0x0,0x0},{0xC10409,0x2010,0x20,0x0,0x0,0x0,0x0,0x0,0x0}},{{0xC10409,0x2010,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0x1075BB72,0x1A207913,0x1F6685B1,0x1F0FBC4C,0x1CFFFC1C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004}}};
- public static final int[][] CURVE_WB={{0xA70A224,0xC9396A4,0x1A228251,0x40200,0x200,0x0,0x0,0x0,0x0},{0x1030EF19,0xAD2B967,0xD50DC87,0x72CA2EC,0x148A1B9A,0x241207E,0xC000,0x0,0x0},{0x1848B88F,0x156964B7,0x6A86E4B,0x3965176,0xA450DCD,0x120903F,0x6000,0x0,0x0},{0xB31A62D,0xC93B6B4,0x1A228271,0x40200,0x200,0x0,0x0,0x0,0x0}};
- public static final int[][][] CURVE_BB={{{0x1149A9F1,0x1FDB7D20,0xDCE0CE5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004},{0x1149A9F0,0x1FDB7D20,0xDCE0CE5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004},{0x1149A9F0,0x1FDB7D20,0xDCE0CE5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004},{0xC1040A,0x2010,0x20,0x0,0x0,0x0,0x0,0x0,0x0}},{{0xC10409,0x2010,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0x1149A9F0,0x1FDB7D20,0xDCE0CE5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004},{0x1149A9F1,0x1FDB7D20,0xDCE0CE5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004},{0x1149A9F0,0x1FDB7D20,0xDCE0CE5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004}},{{0xC1040A,0x2010,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0xC10409,0x2010,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0xC10409,0x2010,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0xC10409,0x2010,0x20,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x608206,0x1008,0x10,0x0,0x0,0x0,0x0,0x0,0x0},{0x1820812,0x4020,0x40,0x0,0x0,0x0,0x0
,0x0,0x0},{0x10E927EA,0x1FDB6D18,0xDCE0CD5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004},{0x608206,0x1008,0x10,0x0,0x0,0x0,0x0,0x0,0x0}}};
-
- public static final boolean USE_GLV =true;
- public static final boolean USE_GS_G2 =true;
- public static final boolean USE_GS_GT =true;
- public static final boolean GT_STRONG=true;
-*/
-
-// BN254 Curve
-/*
- public static final int CURVETYPE=WEIERSTRASS;
- public static final int CURVE_PAIRING_TYPE=BN_CURVE;
- public static final int CURVE_A = 0;
- public static final int[] CURVE_B = {0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
- public static final int[] CURVE_Cof = {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-
- public static final int[] CURVE_Order={0xD,0x8000000,0x428,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364};
- public static final int[] CURVE_Bnx={0x1,0x4000000,0x10,0x0,0x0,0x0,0x0,0x0,0x0};
- public static final int[] CURVE_Cru={0x7,0xC000000,0x1B3,0x12000000,0x2490,0x11200000,0x126CD,0x0,0x0};
- public static final int[] CURVE_Fra={0xF2A6DE9,0xBEF3603,0xFDDF0B8,0x12E9249A,0x953F850,0xDA85423,0x1232D926,0x32425CF,0x1B3776};
- public static final int[] CURVE_Frb={0x10D5922A,0xC10C9FC,0x10221431,0xF16DB65,0x16AC8DC1,0x1917ABDC,0xDD40FAA,0xD23DA30,0x9EBEE};
- public static final int[] CURVE_Pxa={0x803FB2B,0xF721126,0x62FC364,0x9177691,0x1EDB6A46,0x63F4630,0x18BFAE36,0x176A33D6,0x61A10};
- public static final int[] CURVE_Pxb={0x7D54CF3,0xC61A60F,0xDE12DC3,0x1AE8D75C,0xAA5B1F4,0x13C62CC1,0xCCC42A,0x1F374E6F,0x516AA};
- public static final int[] CURVE_Pya={0x11CD2B9A,0xF8703C4,0xF826F46,0x1A15CD7B,0x822329B,0x104B34C6,0xD0E6A43,0x140D75F2,0x21897};
- public static final int[] CURVE_Pyb={0xB3ACE9B,0x1168D763,0xE7255E2,0xDFFAE,0x18D37B09,0x22B7AF9,0x149A3DB5,0x1CF9162,0xEBB2B};
- public static final int[] CURVE_Gx ={0x12,0x18000000,0x4E9,0x2000000,0x8612,0x6C00000,0x6E8D1,0x10480000,0x252364};
- public static final int[] CURVE_Gy ={0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
- public static final int[][] CURVE_W={{0x3,0x0,0x81,0x3000000,0x618,0x0,0x0,0x0,0x0},{0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0}};
- public static final int[][][] CURVE_SB={{{0x4,0x8000000,0xA1,0x3000000,0x618,0x0,0x0,0x0,0x0},{0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0xA,0x8000000,0x3A7,0x1C000000,0x79E1,0x6C00000,0x6E8D1,0x10480000,0x252364}}};
- public static final int[][] CURVE_WB={{0x0,0x4000000,0x10,0x1000000,0x208,0x0,0x0,0x0,0x0},{0x5,0x14000000,0x152,0xE000000,0x1C70,0xC00000,0xC489,0x0,0x0},{0x3,0xC000000,0xB1,0x7000000,0xE38,0x10600000,0x6244,0x0,0x0},{0x1,0xC000000,0x30,0x1000000,0x208,0x0,0x0,0x0,0x0}};
- public static final int[][][] CURVE_BB={{{0xD,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364},{0xC,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364},{0xC,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364},{0x2,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0xC,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364},{0xD,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364},{0xC,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364}},{{0x2,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x2,0x4000000,0x10,0x0,0x0,0x0,0x0,0x0,0x0},{0x2,0x10000000,0x40,0x0,0x0,0x0,0x0,0x0,0x0},{0xA,0x0,0x408,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364},{0x2,0x4000000,0x10,0x0,0x0,0x0,0x0,0x0,0x0}}};
-
- public static final boolean USE_GLV =true;
- public static final boolean USE_GS_G2 =true;
- public static final boolean USE_GS_GT =true;
- public static final boolean GT_STRONG=false;
-*/
-// BN454 Curve
-/*
- public static final int CURVETYPE=WEIERSTRASS;
- public static final int CURVE_PAIRING_TYPE=BN_CURVE;
- public static final int CURVE_A = 0;
- public static final int[] CURVE_B = {0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
- public static final int[] CURVE_Cof = {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-
- public static final int[] CURVE_Order={0xD,0x210,0x1F80,0x400D884,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000};
- public static final int[] CURVE_Gx={0x12,0x270,0x2100,0x1C00D89C,0x25084,0xA284,0x24720,0x10803AA1,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000};
- public static final int[] CURVE_Gy={0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-
- public static final int[] CURVE_Bnx={0x1,0x8,0x0,0x2000002,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
- public static final int[] CURVE_Cru={0x7,0xD8,0x900,0x16002436,0x481,0x1B24,0x168,0x48006C9,0x1600006C,0x10000091,0xD80000D,0x240000,0x0,0x0,0x0,0x0};
- public static final int[] CURVE_Fra={0x1573B0EC,0x1816E4FE,0xA42E6E0,0x15DDCD87,0x2B17EC7,0x35B9A50,0x15AA1F74,0x1B7B2AC5,0x1CB5A200,0x9937657,0x17389A4A,0x738BADB,0xD92B321,0x3F5F0E6,0x1B1C9E9A,0x25CF3};
- public static final int[] CURVE_Frb={0xA8C4F27,0x7E91D71,0x15BD3A1F,0x6230B14,0x1D50D1BD,0x1CA50833,0xA5827AB,0x15050FDB,0x74B3887,0x166C9A92,0x19C78A3C,0x199F4886,0x1B6D4F39,0x80A0F61,0x7236169,0x2230C};
- public static final int[] CURVE_Pxa={0xF02B14,0x1DD1DD61,0x330AEC7,0x178617DE,0x1CEFFF36,0x116D35AF,0x1F879FBF,0x105DBF83,0x8345436,0x13664BCA,0x12EE86B5,0x776BB31,0x14AAFE16,0x41B3478,0x13E03554,0x2807A};
- public static final int[] CURVE_Pxb={0x45BF266,0xE036876,0x8F0DBA,0xCB5976F,0x10DBC523,0x1723123C,0xBDDA7F4,0x10077CDE,0x11971DE0,0x14F1554A,0x195995EE,0x82E6FD7,0x40D5258,0x1400A58F,0x15A7850B,0x2B2A5};
- public static final int[] CURVE_Pya={0x1E1B15C7,0x9CD5B5D,0x1571B2D2,0x1E4C048A,0x1474FB5D,0x18E2328C,0x11775519,0x144EF51F,0xF2FAABA,0x438F741,0x1930EAC0,0x144DC38,0x1287A0FE,0x36D8962,0x10011EAF,0x3ACF4};
- public static final int[] CURVE_Pyb={0x571D60,0x8737DB,0xC4A363B,0x124E308F,0x13A65C7E,0x1387693A,0x10CDDA2F,0x184C096E,0x385175,0x5A34088,0xF17A93C,0x1E194915,0x1903ED91,0x4D6FA9F,0x8D8210B,0x12EDC};
- public static final int[][] CURVE_W={{0x3,0x40,0x180,0x10000010,0xC0,0x6,0x10000018,0xC00001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
- public static final int[][][] CURVE_SB={{{0x4,0x50,0x180,0x14000014,0xC0,0x6,0x10000018,0xC00001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0xA,0x1D0,0x1E00,0x1400D874,0x24F03,0xA278,0x246F0,0xF003A9E,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000}}};
- public static final int[][] CURVE_WB={{0x0,0x8,0x80,0x2000002,0x40,0x2,0x10000008,0x400000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x5,0xA8,0x700,0xA00182A,0x381,0x121C,0x100,0x3800487,0x4000048,0x61,0x9000009,0x180000,0x0,0x0,0x0,0x0},{0x3,0x58,0x380,0x16000C16,0x1C0,0x90E,0x10000080,0x1C00243,0x12000024,0x10000030,0x4800004,0xC0000,0x0,0x0,0x0,0x0},{0x1,0x18,0x80,0x6000006,0x40,0x2,0x10000008,0x400000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
- public static final int[][][] CURVE_BB={{{0xD,0x208,0x1F80,0x200D882,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000},{0xC,0x208,0x1F80,0x200D882,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000},{0xC,0x208,0x1F80,0x200D882,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000},{0x2,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0xC,0x208,0x1F80,0x200D882,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000},{0xD,0x208,0x1F80,0x200D882,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000},{0xC,0x208,0x1F80,0x200D882,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x9000
25B,0xC000048,0x2400003,0x48000}},{{0x2,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x2,0x8,0x0,0x2000002,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x2,0x20,0x0,0x8000008,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0xA,0x200,0x1F80,0xD880,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000},{0x2,0x8,0x0,0x2000002,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}};
-
- public static final boolean USE_GLV =true;
- public static final boolean USE_GS_G2 =true;
- public static final boolean USE_GS_GT =true;
- public static final boolean GT_STRONG=false;
-*/
-
-// BLS455 Curve
-/*
- public static final int CURVETYPE=WEIERSTRASS;
- public static final int CURVE_PAIRING_TYPE=BLS_CURVE;
- public static final int CURVE_A = 0;
- public static final int[] CURVE_B = {0xA,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
- public static final int[] CURVE_Cof = {0xABFFAAB,0x14AABFFD,0xD52AADA,0x1562AAAB,0x15556AAA,0x2A,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-
- public static final int[] CURVE_Order={0x1FC00001,0x3FFF,0x10000070,0x1400000,0x1D100,0xF0003A8,0x13C0009,0x1E200,0x180002E0,0x400001,0x4000,0x0,0x0,0x0,0x0,0x0};
- public static final int[] CURVE_Gx={0x1DFCEDD1,0x16A62EEF,0xE80D3ED,0xB8DE876,0x179C7253,0x182DAB52,0x46CC85F,0x1E571D9C,0x1E8392B1,0x1A155867,0x19E6527C,0x23DC64E,0xABEDA59,0xF20662B,0x17CECC01,0x310A};
- public static final int[] CURVE_Gy={0x6619B9B,0x27EBCD,0x1BE80A19,0x13B014BA,0x191A4936,0x13911916,0x107A5A3B,0x1DCB0863,0x1F5FB1,0xDE44A9C,0x18E23B2A,0x1FA81FD3,0xB0D6DFA,0xC2FE1EF,0xDDFA7E2,0x3351B};
-
- public static final int[] CURVE_Bnx={0x800,0x1000004,0x40000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
- public static final int[] CURVE_Cru={0xAA9,0x9017FE0,0x128DD8AA,0x1F4A321E,0x148FEC90,0x195CDEEA,0xE961AA2,0x168D3B66,0xAFD99D7,0xB989AA6,0x1F9A5724,0x91A05FF,0xE0EF5B,0xAAB9548,0x55555E5,0xAAAAB};
- public static final int[] CURVE_Fra={0xA2EBF21,0x4E67DEE,0xCDE6590,0xE5EA94E,0x15454985,0x140CFC43,0x7E14D1C,0x1778395A,0x1944F022,0x166BEA1A,0xC3DEEA0,0x9F031A0,0x16A7459,0x1F1D6E00,0x125CFB72,0x72FD4};
- public static final int[] CURVE_Frb={0x15D1438A,0x1019821D,0x1DCBF01A,0x1CB40187,0x118C70E6,0x18BD5A30,0xB018251,0x13275D08,0xA06E916,0x1C6D0096,0x39BA8ED,0x1F33D460,0x1F768501,0xB8E274F,0x12F85A72,0x37AD6};
- public static final int[] CURVE_Pxa={0x10C1F542,0x23AF907,0x159F840,0xBAC0E1F,0x133D7766,0x1C034C5D,0x14C5C875,0x1ED0BDA2,0x16A49C71,0x1E9FF62D,0x14F3ACC0,0x1E0C9FEA,0xC4638DE,0x74D18DA,0xBEA0030,0x5D962};
- public static final int[] CURVE_Pxb={0x749F03D,0xC843773,0xB17BCBA,0x1134AB4B,0x8EA016E,0x1A0D766C,0x58F819E,0x48A1FCC,0xE296F62,0x83370E4,0xC9BA1D5,0x1E43290E,0xEE59A80,0x1FDD85F5,0x1F3819B6,0x1D9F};
- public static final int[] CURVE_Pya={0x181A77F4,0x191AD22,0x1E9F842A,0x1E1E6CF6,0xD55B9D9,0x1D062533,0x15BB1323,0x7ECBC1,0x1A9EC2EF,0x1EE14CE0,0x1E96B271,0xA794439,0x1C544324,0xE6AD5DC,0x16429B0F,0x448E3};
- public static final int[] CURVE_Pyb={0x1E1FDBA2,0x1A09DB6C,0xF680D5B,0xFCC6122,0xC488E2A,0x1E489ECD,0x1005617E,0x1CF9EC36,0x1C89ED72,0x16C00D90,0x1563E595,0x1243DDC0,0x8698F9E,0x1BD81E7E,0xF2A0F4A,0x66A0};
-
-// not used
- public static final int[][] CURVE_W={{},{}};
- public static final int[][][] CURVE_SB={{{},{}},{{},{}}};
- public static final int[][] CURVE_WB={{},{},{},{}};
- public static final int[][][] CURVE_BB={{{},{},{},{}},{{},{},{},{}},{{},{},{},{}},{{},{},{},{}}};
-
- public static final boolean USE_GLV =true;
- public static final boolean USE_GS_G2 =true;
- public static final boolean USE_GS_GT =true;
- public static final boolean GT_STRONG=false;
-*/
-
-
-// BNT Curve
-/*
- public static final int CURVETYPE=WEIERSTRASS;
- public static final int CURVE_PAIRING_TYPE=BN_CURVE;
- public static final int CURVE_A = 0;
- public static final int[] CURVE_B = {0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
- public static final int[] CURVE_Cof = {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-
- public static final int[] CURVE_Order={0xD30210D,0x13ABBBF4,0xCB2CD8E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120};
- public static final int[] CURVE_Bnx={0x4081,0x40300,0x10,0x0,0x0,0x0,0x0,0x0,0x0};
- public static final int[] CURVE_Cru={0xB4FCD87,0xF5A9EAD,0xEAC47EB,0x19054BE5,0x104C9764,0x18A3B28A,0x12006,0x0,0x0};
- public static final int[] CURVE_Fra={0xDC80022,0xFAE8A75,0x1EB338D6,0x189209AD,0x13211BE6,0x4F8C850,0x10E53D94,0x12593778,0x1328A2};
- public static final int[] CURVE_Frb={0xECA6F1,0x53F5582,0x1E65F5D9,0x1C18A27B,0x1A3DEB01,0x10A2832B,0x1456AA9A,0x9136B67,0x10D87E};
- public static final int[] CURVE_Pxa={0x88E65BB,0x144C3F11,0xA98C4EF,0x18015A39,0x1548B7CC,0xA992820,0xE7AF301,0x19A09826,0x14483F};
- public static final int[] CURVE_Pxb={0x8DBE2C0,0x133C4440,0x78D214E,0xAFFC3F0,0x51B57B9,0x285318D,0xC0B68FF,0x166709D8,0x87F46};
- public static final int[] CURVE_Pya={0x20CA1D,0x101623F,0xE67CDB,0x19682CFD,0x19F72C94,0x14E372A1,0xF5D28B1,0x13820561,0x14E8C2};
- public static final int[] CURVE_Pyb={0x116628F2,0x1EC21BE3,0xF2DF71A,0x144FC2CF,0x172681D0,0xC54163A,0xF47B7B0,0x148C48A9,0x17AFE2};
- public static final int[] CURVE_Gx ={0xEB4A712,0x14EDDFF7,0x1D192EAF,0x14AAAC29,0xD5F06E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120};
- public static final int[] CURVE_Gy ={0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
- public static final int[][] CURVE_W={{0x1838403,0x1321803,0x106660E1,0x3024304,0x600,0x0,0x0,0x0,0x0},{0x8101,0x80600,0x20,0x0,0x0,0x0,0x0,0x0,0x0}};
- public static final int[][][] CURVE_SB={{{0x1840504,0x13A1E03,0x10666101,0x3024304,0x600,0x0,0x0,0x0,0x0},{0x8101,0x80600,0x20,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x8101,0x80600,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0xBAC9D0A,0x1279A3F1,0x1C4C6CAD,0xEA62620,0xD5EFAE8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120}}};
- public static final int[][] CURVE_WB={{0x80C080,0xB0A0301,0x10222030,0x100C101,0x200,0x0,0x0,0x0,0x0},{0x88C4A85,0x15A9C820,0x14B71B0D,0x1D5A5F46,0x158868ED,0x106D21B1,0xC004,0x0,0x0},{0x4464583,0x1AD6E590,0xA5B8D8E,0x1EAD2FA3,0x1AC43476,0x83690D8,0x6002,0x0,0x0},{0x814181,0xB120901,0x10222050,0x100C101,0x200,0x0,0x0,0x0,0x0}};
- public static final int[][][] CURVE_BB={{{0xD2FE08D,0x13A7B8F4,0xCB2CD7E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120},{0xD2FE08C,0x13A7B8F4,0xCB2CD7E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120},{0xD2FE08C,0x13A7B8F4,0xCB2CD7E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120},{0x8102,0x80600,0x20,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x8101,0x80600,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0xD2FE08C,0x13A7B8F4,0xCB2CD7E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120},{0xD2FE08D,0x13A7B8F4,0xCB2CD7E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120},{0xD2FE08C,0x13A7B8F4,0xCB2CD7E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120}},{{0x8102,0x80600,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0x8101,0x80600,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0x8101,0x80600,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0x8101,0x80600,0x20,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x4082,0x40300,0x10,0x0,0x0,0x0,0x0,0x0,0x0},{0x10202,0x100C00,0x40,0x0,0x0,0x0,0x0,0x0,0x0},{0xD2FA00
A,0x13A3B5F4,0xCB2CD6E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120},{0x4082,0x40300,0x10,0x0,0x0,0x0,0x0,0x0,0x0}}};
-
- public static final boolean USE_GLV =true;
- public static final boolean USE_GS_G2 =true;
- public static final boolean USE_GS_GT =true;
- public static final boolean GT_STRONG=true;
-
-*/
-
-// BLS383 Curve
-
- public static final int CURVETYPE=WEIERSTRASS;
- public static final int CURVE_PAIRING_TYPE=BLS_CURVE;
- public static final int CURVE_A = 0;
- public static final int[] CURVE_B = {0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
- public static final int[] CURVE_Cof = {0x52B,0x2A00,0xAAB2CA0,0x5560AAA,0x6055,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-
- public static final int[] CURVE_Order={0xFFF001,0xFFF8000,0xFE7800,0xBFDE007,0xC5EDF1C,0x3000049,0x910007A,0xC40007F,0x641004C,0x14,0x0,0x0,0x0,0x0};
- public static final int[] CURVE_Gx={0xD10786B,0xD59B348,0x3F54AD0,0x3477C0E,0x4578B9B,0xBF25B73,0x7BB6F65,0x4F6AC00,0xFF57E9C,0xEFD5830,0xFB6EC02,0xADB9F88,0xEE4BC98,0xB08C};
- public static final int[] CURVE_Gy={0xD145DDB,0x5DA023,0x5FEF7CC,0x13F518C,0x2B2A66F,0x56EC346,0xC7A925F,0x96F3019,0x981223E,0x9061047,0x8F5BE59,0x4810AD,0x9337671,0x1F390};
-
- public static final int[] CURVE_Bnx={0x40,0x100,0x110,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
- public static final int[] CURVE_Cru={0xDA155A9,0xA3AAC4E,0x61E5E3D,0xDF2FE87,0xE632625,0xBCDFAAD,0xD3035A6,0x5123128,0xBEAD683,0xDBF3A2B,0x424190,0x5C5FAB2,0x80A9F7,0x7AC52};
- public static final int[] CURVE_Fra={0x2B4508B,0x2BA59A9,0x6EEF343,0x63DB7A0,0x1DFBC74,0x40341CB,0x32D55D3,0x1639E9D,0x5CC36D4,0xB19B3F0,0xD86AB98,0xF323EE4,0xB198672,0x5A5F};
- public static final int[] CURVE_Frb={0x7F904E0,0x81051A9,0xF086A37,0xB7D49A6,0xB7DB8AB,0x8F3EEB8,0xC6C9543,0xEEF7983,0x49CB35D,0x7A65F65,0x7CBFBEC,0x693D177,0x5672384,0x751F2};
- public static final int[] CURVE_Pxa={0xBAC9472,0x6059885,0xE2DC36D,0x7C4D31D,0x8C88A7,0xBDC90C3,0x1C688FC,0x29F0197,0xC43F167,0x3693539,0x61EB8BF,0xD81E5A5,0x22B56BF,0x4D507};
- public static final int[] CURVE_Pxb={0x272AB23,0x9B4BD7A,0xF44DCE8,0x7AF19D4,0x3206A34,0x3F6F7B9,0x2A819FB,0x571DD3E,0x635D7EE,0x3A2BA3B,0xC1A126,0xAC28C78,0x17C3E5B,0xEE36};
- public static final int[] CURVE_Pya={0x77BD4FD,0x81D2309,0xDFDFC6,0xB66072,0xC89A0C,0x41FC959,0x878287A,0x2E1FBCF,0x14EEE65,0x11C230,0x6BB325E,0x2887881,0x859A05C,0x8F40};
- public static final int[] CURVE_Pyb={0x52C4CE6,0xA5E20A2,0xAFF40C8,0x5907A74,0x2448EF3,0x41760A4,0xFDA199,0xFFEF82B,0x8D4EA49,0xA0F29A1,0x6E4997B,0xAC7F7B8,0xBA88C12,0x1DCAB};
-
-// not used
- public static final int[][] CURVE_W={{},{}};
- public static final int[][][] CURVE_SB={{{},{}},{{},{}}};
- public static final int[][] CURVE_WB={{},{},{},{}};
- public static final int[][][] CURVE_BB={{{},{},{},{}},{{},{},{},{}},{{},{},{},{}},{{},{},{},{}}};
-
- public static final boolean USE_GLV =true;
- public static final boolean USE_GS_G2 =true;
- public static final boolean USE_GS_GT =true;
- public static final boolean GT_STRONG=false;
-
-
- public static boolean debug=false;
-}
[33/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/java/ROM64.java
----------------------------------------------------------------------
diff --git a/version22/java/ROM64.java b/version22/java/ROM64.java
deleted file mode 100644
index aa7b337..0000000
--- a/version22/java/ROM64.java
+++ /dev/null
@@ -1,703 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/* Fixed Data in ROM - Field and Curve parameters */
-
-public class ROM
-{
-/* Don't Modify from here... */
- public static final int CHUNK=64; /* Set word size */
- public static final int NOT_SPECIAL=0;
- public static final int PSEUDO_MERSENNE=1;
- public static final int MONTGOMERY_FRIENDLY=2;
- public static final int GENERALISED_MERSENNE=3;
- public static final int WEIERSTRASS=0;
- public static final int EDWARDS=1;
- public static final int MONTGOMERY=2;
- public static final int BN_CURVE=0;
- public static final int BLS_CURVE=1;
-
-/* ...to here */
-
-/*** Enter Some Field details here ***/
-// BN254 Curve
-// public static final int MODBITS=254; /* Number of bits in Modulus */
-// public static final int MOD8=3; /* Modulus mod 8 */
-// public static final int BASEBITS=56;
-// public static final int AES_S=0; /* AES equivalaent strength if significantly less than group size */
-
-// BN454 Curve
-// public static final int MODBITS=454; /* Number of bits in Modulus */
-// public static final int MOD8=3; /* Modulus mod 8 */
-// public static final int BASEBITS=60;
-// public static final int AES_S=128;
-
-// BLS455 Curve
-// public static final int MODBITS=455; /* Number of bits in Modulus */
-// public static final int MOD8=3; /* Modulus mod 8 */
-// public static final int BASEBITS=60;
-// public static final int AES_S=128;
-
-// BLS383 Curve
- public static final int MODBITS=383; /* Number of bits in Modulus */
- public static final int MOD8=3; /* Modulus mod 8 */
- public static final int BASEBITS=56;
- public static final int AES_S=0;
-
-
-// HIFIVE Curve
-// public static final int MODBITS=336;
-// public static final int MOD8=5;
-// public static final int BASEBITS=60;
-// public static final int AES_S=128;
-
-// GOLDILOCKS
-// public static final int MODBITS=448;
-// public static final int MOD8=7;
-// public static final int BASEBITS=60;
-// public static final int AES_S=0;
-
-// NIST384
-// public static final int MODBITS=384;
-// public static final int MOD8=7;
-// public static final int BASEBITS=60;
-// public static final int AES_S=0;
-
-// C41417
-// public static final int MODBITS=414;
-// public static final int MOD8=7;
-// public static final int BASEBITS=60;
-// public static final int AES_S=0;
-
-// NIST521
-// public static final int MODBITS=521;
-// public static final int MOD8=7;
-// public static final int BASEBITS=60;
-// public static final int AES_S=0;
-
-// BN646 Curve
-// public static final int MODBITS=646;
-// public static final int MOD8=3;
-// public static final int BASEBITS=60;
-// public static final int AES_S=192;
-
-// Curve 25519
-// public static final int MODBITS=255;
-// public static final int MOD8=5;
-// public static final int BASEBITS=56;
-// public static final int AES_S=0;
-
-// NIST256 or Brainpool
-// public static final int MODBITS=256;
-// public static final int MOD8=7;
-// public static final int BASEBITS=56;
-// public static final int AES_S=0;
-
-// MF254
-// public static final int MODBITS=254;
-// public static final int MOD8=7;
-// public static final int BASEBITS=56;
-// public static final int AES_S=0;
-
-// MS255
-// public static final int MODBITS= 255;
-// public static final int MOD8= 3;
-// public static final int BASEBITS=56;
-// public static final int AES_S=0;
-
-// MF256
-// public static final int MODBITS=256;
-// public static final int MOD8=7;
-// public static final int BASEBITS=56;
-// public static final int AES_S=0;
-
-// MS256
-// public static final int MODBITS= 256;
-// public static final int MOD8= 3;
-// public static final int BASEBITS=56;
-// public static final int AES_S=0;
-
-// ANSSI
-// public static final int MODBITS= 256;
-// public static final int MOD8= 3;
-// public static final int BASEBITS=56;
-// public static final int AES_S=0;
-
-
-/* RSA/DH modulus length as multiple of BIGBITS */
- public static final int FFLEN=4;
-
-/* Don't Modify from here... */
- public static final int NLEN=(1+((MODBITS-1)/BASEBITS));
- public static final int DNLEN=2*NLEN;
- public static final long BMASK=(((long)1<<BASEBITS)-1);
- public static final int MODBYTES=(1+(MODBITS-1)/8);
- public static final int HBITS=BASEBITS/2;
- public static final long HMASK=(((long)1<<HBITS)-1);
- public static final int NEXCESS =((int)1<<(CHUNK-BASEBITS-1));
- public static final long FEXCESS =((long)1<<(BASEBITS*NLEN-MODBITS));
- public static final long OMASK=(long)(-1)<<(MODBITS%BASEBITS);
- public static final int TBITS=MODBITS%BASEBITS; // Number of active bits in top word
- public static final long TMASK=((long)1<<TBITS)-1;
- public static final int BIGBITS=(MODBYTES*8);
-
-/* Finite field support - for RSA, DH etc. */
- public static final int FF_BITS=(BIGBITS*FFLEN); /* Finite Field Size in bits - must be 256.2^n */
- public static final int HFLEN=(FFLEN/2); /* Useful for half-size RSA private key operations */
-
- public static final int P_MBITS=MODBYTES*8;
- public static final long P_OMASK=((long)(-1)<<(P_MBITS%BASEBITS));
- public static final long P_FEXCESS=((long)1<<(BASEBITS*NLEN-P_MBITS));
- public static final int P_TBITS=(P_MBITS%BASEBITS);
-
-/* ...to here */
-
-// START SPECIFY FIELD DETAILS HERE
-//*********************************************************************************
-// Curve25519 Modulus
-// public static final int MODTYPE=PSEUDO_MERSENNE;
-// public static final long[] Modulus= {0xFFFFFFFFFFFFEDL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0x7FFFFFFFL};
-// public static final long MConst=0x13L;
-
-
-// NIST-256 Curve
-// public static final int MODTYPE=NOT_SPECIAL;
-// public static final long[] Modulus= {0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFL,0x0L,0x1000000L,0xFFFFFFFFL};
-// public static final long MConst=0x1L;
-
-// MF254 Modulus
-// public static final int MODTYPE=MONTGOMERY_FRIENDLY;
-// public static final long[] Modulus= {0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0x3F80FFFFL};
-// public static final long MConst=0x3F810000L;
-
-// MS255 Modulus
-//public static final int MODTYPE= 1;
-//public static final long[] Modulus= {0xFFFFFFFFFFFD03L,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0x7FFFFFFFL};
-//public static final long MConst=0x2FDL;
-
-// MS256 Modulus
-//public static final int MODTYPE= 1;
-//public static final long[] Modulus= {0xFFFFFFFFFFFF43L,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFL};
-//public static final long MConst=0xBDL;
-
-// MF256 Modulus
-//public static final int MODTYPE= 2;
-//public static final long[] Modulus= {0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFA7FFFFL};
-//public static final long MConst=0xFFA80000L;
-
-// Brainpool
-// public static final int MODTYPE= NOT_SPECIAL;
-// public static final long[] Modulus= {0x13481D1F6E5377L,0xF623D526202820L,0x909D838D726E3BL,0xA1EEA9BC3E660AL,0xA9FB57DBL};
-// public static final long MConst=0xA75590CEFD89B9L;
-
-// ANSSI
-// public static final int MODTYPE= 0;
-// public static final long[] Modulus= {0xFCF353D86E9C03L,0xADBCABC8CA6DE8L,0xE8CE42435B3961L,0xB3AD58F10126DL,0xF1FD178CL};
-// public static final long MConst=0x97483A164E1155L;
-
-// BNCX Curve Modulus
-//public static final int MODTYPE=NOT_SPECIAL;
-//public static final long[] Modulus= {0x6623EF5C1B55B3L,0xD6EE18093EE1BEL,0x647A6366D3243FL,0x8702A0DB0BDDFL,0x24000000L};
-//public static final long MConst=0x4E205BF9789E85L;
-
-// HIFIVE Curve
-//public static final int MODTYPE=PSEUDO_MERSENNE;
-//public static final long[] Modulus= {0xFFFFFFFFFFFFFFDL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFL};
-//public static final long MConst=0x3L;
-
-//GOLDILOCKS
-// public static final int MODTYPE=GENERALISED_MERSENNE;
-// public static final long[] Modulus={0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFEFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFL};
-// public static final long MConst=0x1;
-
-// NIST384 Curve Modulus
-// public static final int MODTYPE=NOT_SPECIAL;
-// public static final long[] Modulus={0xFFFFFFFFL,0xFFFFFF000000000L,0xFFFFFFFFFFFFEFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFL};
-// public static final long MConst=0x100000001L;
-
-// C41417 Curve Modulus
-// public static final int MODTYPE=PSEUDO_MERSENNE;
-// public static final long[] Modulus={0xFFFFFFFFFFFFFEFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0x3FFFFFFFFFFFFFL};
-// public static final long MConst=0x11L;
-
-// NIST521
-// public static final int MODTYPE=PSEUDO_MERSENNE;
-// public static final long[] Modulus={0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0x1FFFFFFFFFFL};
-// public static final long MConst=0x1L;
-
-// BN646
-// public static final int MODTYPE=NOT_SPECIAL;
-// public static final long[] Modulus= {0x2406C08404E013L,0x240510420138000L,0xE01920840000000L,0x601B00000901441L,0x400000006C0A206L,0xD814423414402L,0x6C051024000000L,0xD8000000000000L,0x9006CL,0x240000L,0x240000000000L};
-// public static final long MConst=0xCE50F5CF5F615E5L;
-
-// BN254 Curve
-// public static final int MODTYPE=NOT_SPECIAL;
-// public static final long[] Modulus= {0x13L,0x13A7L,0x80000000086121L,0x40000001BA344DL,0x25236482L};
-// public static final long MConst=0x435E50D79435E5L;
-
-// BN454 Curve
-// public static final int MODTYPE=NOT_SPECIAL;
-// public static final long[] Modulus= {0x4E00000013L,0x4E006C4E0000840L,0x800014508002508L,0x888401D5080091CL,0x21C00021D4400DAL,0x25B06C01B144009L,0xD80000909000L,0x240000900L};
-// public static final long MConst=0xF33C46ED79435E5L;
-
-// BLS455 Curve
-// public static final int MODTYPE=NOT_SPECIAL;
-// public static final long[] Modulus= {0xAA00001800002ABL,0xC589556B2AA956AL,0xB9994ACE86D1BA6L,0x3954FCB314B8B3DL,0xE3A5B1D56234BD9L,0x95B49203003F665L,0x57955572AA00E0FL,0x555559555L};
-// public static final long MConst=0xB3EF8137F4017FDL;
-
-// BLS383 Curve
- public static final int MODTYPE=NOT_SPECIAL;
- public static final long[] Modulus= {0xACAAB52AAD556BL,0x1BB01475F75D7AL,0xCF73083D5D7520L,0x531820F99EB16L,0x2C01355A68EA32L,0x5C6105C552A785L,0x7AC52080A9F7L};
- public static final long MConst=0xA59AB3B123D0BDL;
-
-
-// BNT Curve
-// public static final int MODTYPE=NOT_SPECIAL;
-// public static final long[] Modulus= {0x9DBBFEEEB4A713L,0x555614F464BABEL,0x3696F8D5F06E8AL,0x6517014EFA0BABL,0x240120DBL};
-// public static final long MConst=0xC5A872D914C4E5L;
-
-// BNT2 Curve
-// public static final int MODTYPE=NOT_SPECIAL;
-// public static final long[] Modulus= {0xB2DC2BB460A48BL,0x93E428F0D651E8L,0xF3B89D00081CFL,0x410F5AADB74E20L,0x24000482L};
-// public static final long MConst=0xFE6A47A6505CDDL;
-
-// START SPECIFY CURVE DETAILS HERE
-//*********************************************************************************
-
-// Ed25519 Curve
-// public static final int CURVETYPE=EDWARDS;
-// public static final int CURVE_A = -1;
-// public static final long[] CURVE_B = {0xEB4DCA135978A3L,0xA4D4141D8AB75L,0x797779E8980070L,0x2B6FFE738CC740L,0x52036CEEL};
-// public static final long[] CURVE_Order={0x12631A5CF5D3EDL,0xF9DEA2F79CD658L,0x14DEL,0x0L,0x10000000L};
-// public static final long[] CURVE_Gx ={0x562D608F25D51AL,0xC7609525A7B2C9L,0x31FDD6DC5C692CL,0xCD6E53FEC0A4E2L,0x216936D3L};
-// public static final long[] CURVE_Gy ={0x66666666666658L,0x66666666666666L,0x66666666666666L,0x66666666666666L,0x66666666L};
-
-// Original Curve25519
-// public static final int CURVETYPE=MONTGOMERY;
-// public static final int CURVE_A =486662;
-// public static final long[] CURVE_B = {0x0L,0x0L,0x0L,0x0L,0x0L}; // not used
-// public static final long[] CURVE_Order={0x12631A5CF5D3EDL,0xF9DEA2F79CD658L,0x14DEL,0x0L,0x10000000L};
-// public static final long[] CURVE_Gx ={0x9L,0x0L,0x0L,0x0L,0x0L};
-// public static final long[] CURVE_Gy ={0x0L,0x0L,0x0L,0x0L,0x0L}; // not used
-
-// NIST-256 Curve
-// public static final int CURVETYPE=WEIERSTRASS;
-// public static final int CURVE_A = -3;
-// public static final long[] CURVE_B = {0xCE3C3E27D2604BL,0x6B0CC53B0F63BL,0x55769886BC651DL,0xAA3A93E7B3EBBDL,0x5AC635D8L};
-// public static final long[] CURVE_Order={0xB9CAC2FC632551L,0xFAADA7179E84F3L,0xFFFFFFFFFFBCE6L,0xFFFFFFL,0xFFFFFFFFL};
-// public static final long[] CURVE_Gx ={0xA13945D898C296L,0x7D812DEB33A0F4L,0xE563A440F27703L,0xE12C4247F8BCE6L,0x6B17D1F2L};
-// public static final long[] CURVE_Gy ={0xB6406837BF51F5L,0x33576B315ECECBL,0x4A7C0F9E162BCEL,0xFE1A7F9B8EE7EBL,0x4FE342E2L};
-
-// MF254 Modulus, Weierstrass Curve w-254-mont
-//public static final int CURVETYPE= WEIERSTRASS;
-//public static final int CURVE_A = -3;
-//public static final long[] CURVE_B = {0xFFFFFFFFFFD08DL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0x3F80FFFFL};
-//public static final long[] CURVE_Order={0xA419C4AF8DF83FL,0x8BEA0DA375C06FL,0xFFFFFFFFFFEB81L,0xFFFFFFFFFFFFFFL,0x3F80FFFFL};
-//public static final long[] CURVE_Gx ={0x2L,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Gy ={0x65DF37F90D4EBCL,0x38E3F8511931ADL,0x75BD778AEBDFB7L,0x3B2E56014AE15AL,0x140E3FD3L};
-
-// MF254 Modulus, Edwards Curve ed-254-mont
-//public static final int CURVETYPE= EDWARDS;
-//public static final int CURVE_A = -1;
-//public static final long[] CURVE_B = {0x367BL,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Order={0xF3D3FEC46E98C7L,0x306C8BD62FB0EAL,0xFFFFFFFFFFEB95L,0xFFFFFFFFFFFFFFL,0xFE03FFFL};
-//public static final long[] CURVE_Gx ={0x1L,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Gy ={0x52D0FDAF2701E5L,0x9A840E3212187CL,0xD502363F4E3632L,0xD6A4C335951D00L,0x19F0E690L};
-
-// MF254 Modulus, Montgomery Curve
-// public static final int CURVETYPE=MONTGOMERY;
-// public static final int CURVE_A =-55790;
-// public static final long[] CURVE_B = {0x0L,0x0L,0x0L,0x0L,0x0L}; // not used
-// public static final long[] CURVE_Order={0xF3D3FEC46E98C7L,0x306C8BD62FB0EAL,0xFFFFFFFFFFEB95L,0xFFFFFFFFFFFFFFL,0xFE03FFFL};
-// public static final long[] CURVE_Gx ={0x3L,0x0L,0x0L,0x0L,0x0L};
-// public static final long[] CURVE_Gy ={0x0L,0x0L,0x0L,0x0L,0x0L}; // not used
-
-// MS255 Modulus, Weierstrass Curve
-//public static final int CURVETYPE= WEIERSTRASS;
-//public static final int CURVE_A = -3;
-//public static final long[] CURVE_B = {0xFFFFFFFFFFAB46L,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0x7FFFFFFFL};
-//public static final long[] CURVE_Order={0x8FAC983C594AEBL,0x38283AD2B3DFABL,0xFFFFFFFFFF864AL,0xFFFFFFFFFFFFFFL,0x7FFFFFFFL};
-//public static final long[] CURVE_Gx ={0x1L,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Gy ={0x33FF6769CB44BAL,0xC78CDDFDA60D17L,0xF9B2FF7D177DB6L,0xEDBA7833921EBFL,0x6F7A6AC0L};
-
-// MS255 Modulus, Edwards Curve
-//public static final int CURVETYPE= EDWARDS;
-//public static final int CURVE_A = -1;
-//public static final long[] CURVE_B = {0xEA97L,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Order={0x49D1ED0436EB75L,0xA785EDA6832EACL,0xFFFFFFFFFFDCF1L,0xFFFFFFFFFFFFFFL,0x1FFFFFFFL};
-//public static final long[] CURVE_Gx ={0x4L,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Gy ={0x2A255BD08736A0L,0x4B8AED445A45BAL,0xDD8E0C47E55291L,0x4A7BB545EC254CL,0x26CB7853L};
-
-// MS255 Modulus, Montgomery Curve
-// public static final int CURVETYPE=MONTGOMERY;
-// public static final int CURVE_A =-240222;
-// public static final long[] CURVE_B = {0x0L,0x0L,0x0L,0x0L,0x0L}; // not used
-// public static final long[] CURVE_Order={0x49D1ED0436EB75L,0xA785EDA6832EACL,0xFFFFFFFFFFDCF1L,0xFFFFFFFFFFFFFFL,0x1FFFFFFFL};
-// public static final long[] CURVE_Gx ={0x4L,0x0L,0x0L,0x0L,0x0L};
-// public static final long[] CURVE_Gy ={0x0L,0x0L,0x0L,0x0L,0x0L}; // not used
-
-// MS256, Weierstrass Curve
-//public static final int CURVETYPE= WEIERSTRASS;
-//public static final int CURVE_A = -3;
-//public static final long[] CURVE_B = {0x25581L,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Order={0xAB20294751A825L,0x8275EA265C6020L,0xFFFFFFFFFFE43CL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFL};
-//public static final long[] CURVE_Gx ={0x1L,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Gy ={0xF46306C2B56C77L,0x2F9375894EC10BL,0x6CCEEEDD6BD02CL,0xC1E466D7FC82C9L,0x696F1853L};
-
-// MS256, Edwards Curve
-//public static final int CURVETYPE= EDWARDS;
-//public static final int CURVE_A = -1;
-//public static final long[] CURVE_B = {0x3BEEL,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Order={0xB84E6F1122B4ADL,0xA55AD0A6BC64E5L,0xFFFFFFFFFFBE6AL,0xFFFFFFFFFFFFFFL,0x3FFFFFFFL};
-//public static final long[] CURVE_Gx ={0xDL,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Gy ={0x7F6FB5331CADBAL,0x6D63824D303F70L,0xB39FA046BFBE2AL,0x2A1276DBA3D330L,0x7D0AB41EL};
-
-// MS256 Modulus, Montgomery Curve
-// public static final int CURVETYPE=MONTGOMERY;
-// public static final int CURVE_A =-61370;
-// public static final long[] CURVE_B = {0x0L,0x0L,0x0L,0x0L,0x0L}; // not used
-// public static final long[] CURVE_Order={0xB84E6F1122B4ADL,0xA55AD0A6BC64E5L,0xFFFFFFFFFFBE6AL,0xFFFFFFFFFFFFFFL,0x3FFFFFFFL};
-// public static final long[] CURVE_Gx ={0xbL,0x0L,0x0L,0x0L,0x0L};
-// public static final long[] CURVE_Gy ={0x0L,0x0L,0x0L,0x0L,0x0L}; // not used
-
-// MF256 Modulus, Weierstrass Curve
-//public static final int CURVETYPE= WEIERSTRASS;
-//public static final int CURVE_A = -3;
-//public static final long[] CURVE_B = {0x14E6AL,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Order={0x10C5E1A79857EBL,0x7513E6E5074B9DL,0xFFFFFFFFFFFC51L,0xFFFFFFFFFFFFFFL,0xFFA7FFFFL};
-//public static final long[] CURVE_Gx ={0x1L,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Gy ={0x7954C2B724D2AL,0x47EB8D94DC6610L,0x26123DAE289569L,0xBE1808CE7BABBAL,0x20887C87L};
-
-// MF256, Edwards Curve
-//public static final int CURVETYPE= EDWARDS;
-//public static final int CURVE_A = -1;
-//public static final long[] CURVE_B = {0x350AL,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Order={0xD92EDED8EC7BABL,0xBBAFB86733C966L,0xFFFFFFFFFFB154L,0xFFFFFFFFFFFFFFL,0x3FE9FFFFL};
-//public static final long[] CURVE_Gx ={0x1L,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Gy ={0xEAA722F2F3C908L,0x5E648DFEA68D7DL,0xF3DB2C1AACA0C0L,0xF8CC4D5AEAEBEEL,0xDAD8D4F8L};
-
-// MF256 Modulus, Montgomery Curve
-// public static final int CURVETYPE=MONTGOMERY;
-// public static final int CURVE_A =-54314;
-// public static final long[] CURVE_B = {0x0L,0x0L,0x0L,0x0L,0x0L}; // not used
-// public static final long[] CURVE_Order={0xD92EDED8EC7BABL,0xBBAFB86733C966L,0xFFFFFFFFFFB154L,0xFFFFFFFFFFFFFFL,0x3FE9FFFFL};
-// public static final long[] CURVE_Gx ={0x8L,0x0L,0x0L,0x0L,0x0L};
-// public static final long[] CURVE_Gy ={0x0L,0x0L,0x0L,0x0L,0x0L}; // not used
-
-// Brainpool
-// public static final int CURVETYPE= 0;
-// public static final int CURVE_A = -3;
-// public static final long[] CURVE_B = {0xE58101FEE92B04L,0xEBC4AF2F49256AL,0x733D0B76B7BF93L,0x30D84EA4FE66A7L,0x662C61C4L};
-// public static final long[] CURVE_Order={0x1E0E82974856A7L,0x7AA3B561A6F790L,0x909D838D718C39L,0xA1EEA9BC3E660AL,0xA9FB57DBL};
-// public static final long[] CURVE_Gx ={0xA191562E1305F4L,0x42C47AAFBC2B79L,0xB23A656149AFA1L,0xC1CFE7B7732213L,0xA3E8EB3CL};
-// public static final long[] CURVE_Gy ={0xABE8F35B25C9BEL,0xB6DE39D027001DL,0xE14644417E69BCL,0x3439C56D7F7B22L,0x2D996C82L};
-
-// ANSSI
-// public static final int CURVETYPE= 0;
-// public static final int CURVE_A = -3;
-// public static final long[] CURVE_B = {0x75ED967B7BB73FL,0xC9AE4B1A18030L,0x754A44C00FDFECL,0x5428A9300D4ABAL,0xEE353FCAL};
-// public static final long[] CURVE_Order={0xFDD459C6D655E1L,0x67E140D2BF941FL,0xE8CE42435B53DCL,0xB3AD58F10126DL,0xF1FD178CL};
-// public static final long[] CURVE_Gx ={0xC97A2DD98F5CFFL,0xD2DCAF98B70164L,0x4749D423958C27L,0x56C139EB31183DL,0xB6B3D4C3L};
-// public static final long[] CURVE_Gy ={0x115A1554062CFBL,0xC307E8E4C9E183L,0xF0F3ECEF8C2701L,0xC8B204911F9271L,0x6142E0F7L};
-
-// HIFIVE
-// public static final int CURVETYPE= EDWARDS;
-// public static final int CURVE_A = 1;
-// public static final long[] CURVE_B = {0x2B67L,0x0L,0x0L,0x0L,0x0L,0x0L};
-// public static final long[] CURVE_Order={0xB2F95973E9FA805L,0xC0BD6B87F93BAA7L,0x71415FA9850L,0x0L,0x0L,0x200000000L};
-// public static final long[] CURVE_Gx ={0xCL,0x0L,0x0L,0x0L,0x0L,0x0L};
-// public static final long[] CURVE_Gy ={0x2BEC68505FE8632L,0x5D5650CA0365DB1L,0x3811C7EF435B6DBL,0x7853D1B14B46CL,0x56502E18E1C161DL,0xC0DC616BL};
-
-// GOLDILOCKS
-// public static final int CURVETYPE= EDWARDS;
-// public static final int CURVE_A = 1;
-// public static final long[] CURVE_B = {0xFFFFFFFFFFF6756L,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFEFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFL};
-// public static final long[] CURVE_Order={0x378C292AB5844F3L,0x6CC2728DC58F552L,0xEDB49AED6369021L,0xFFFF7CCA23E9C44L,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0x3FFFFFFL};
-// public static final long[] CURVE_Gx ={0x555555555555555L,0x555555555555555L,0x555555555555555L,0xAAA955555555555L,0xAAAAAAAAAAAAAAAL,0xAAAAAAAAAAAAAAAL,0xAAAAAAAAAAAAAAAL,0xAAAAAAAL};
-// public static final long[] CURVE_Gy ={0xAEAFBCDEA9386EDL,0xBCB2BED1CDA06BDL,0x565833A2A3098BBL,0x6D728AD8C4B80D6L,0x7A035884DD7B7E3L,0x205086C2B0036EDL,0x34AD7048DB359D6L,0xAE05E96L};
-
-// NIST384
-// public static final int CURVETYPE= WEIERSTRASS;
-// public static final int CURVE_A = -3;
-// public static final long[] CURVE_B = {0xA85C8EDD3EC2AEFL,0x56398D8A2ED19D2L,0x4088F5013875AC6L,0x9C6EFE814112031L,0x56BE3F82D19181DL,0xA7E23EE7E4988E0L,0xB3312FL};
-// public static final long[] CURVE_Order= {0xCEC196ACCC52973L,0x1A0DB248B0A77AEL,0x34D81F4372DDF58L,0xFFFFFFFFFFFFC76L,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFL};
-// public static final long[] CURVE_Gx = {0xA545E3872760AB7L,0x2F25DBF55296C3L,0x741E082542A3855L,0x3B628BA79B9859FL,0x71EF320AD746E1DL,0x22BE8B05378EB1CL,0xAA87CAL};
-// public static final long[] CURVE_Gy = {0xA431D7C90EA0E5FL,0x60B1CE1D7E819D7L,0xA3113B5F0B8C00AL,0x1DBD289A147CE9DL,0x8BF9292DC29F8F4L,0x4A96262C6F5D9E9L,0x3617DEL};
-
-// C41417
-// public static final int CURVETYPE= EDWARDS;
-// public static final int CURVE_A = 1;
-// public static final long[] CURVE_B = {0xE21L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
-// public static final long[] CURVE_Order= {0xB0E71A5E106AF79L,0x1C0338AD63CF181L,0x414CF706022B36FL,0xFFFFFFFFEB3CC92L,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0x7FFFFFFFFFFFFL};
-// public static final long[] CURVE_Gx = {0x4FD3812F3CBC595L,0x1A73FAA8537C64CL,0x4AB4D6D6BA11130L,0x3EC7F57FF35498AL,0xE5FCD46369F44C0L,0x300218C0631C326L,0x1A334905141443L};
-// public static final long[] CURVE_Gy = {0x22L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
-
-// NIST521
-// public static final int CURVETYPE= WEIERSTRASS;
-// public static final int CURVE_A = -3;
-// public static final long[] CURVE_B = {0xF451FD46B503F00L,0x73DF883D2C34F1EL,0x2C0BD3BB1BF0735L,0x3951EC7E937B165L,0x9918EF109E15619L,0x5B99B315F3B8B48L,0xB68540EEA2DA72L,0x8E1C9A1F929A21AL,0x51953EB961L};
-// public static final long[] CURVE_Order= {0xB6FB71E91386409L,0xB5C9B8899C47AEBL,0xC0148F709A5D03BL,0x8783BF2F966B7FCL,0xFFFFFFFFFFA5186L,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0x1FFFFFFFFFFL};
-// public static final long[] CURVE_Gx = {0x97E7E31C2E5BD66L,0x48B3C1856A429BFL,0xDC127A2FFA8DE33L,0x5E77EFE75928FE1L,0xF606B4D3DBAA14BL,0x39053FB521F828AL,0x62395B4429C6481L,0x404E9CD9E3ECB6L,0xC6858E06B7L};
-// public static final long[] CURVE_Gy = {0x8BE94769FD16650L,0x3C7086A272C2408L,0xB9013FAD076135L,0x72995EF42640C55L,0xD17273E662C97EEL,0x49579B446817AFBL,0x42C7D1BD998F544L,0x9A3BC0045C8A5FBL,0x11839296A78L};
-
-// BN646 Curve
-/*
- public static final int CURVETYPE=WEIERSTRASS;
- public static final int CURVE_PAIRING_TYPE=BN_CURVE;
- public static final int CURVE_A = 0;
-
- public static final long[] CURVE_Order={0x2406C07E04200DL,0x2405103F0108000L,0xD418607E0000000L,0x301B00000901441L,0x400000006C0A206L,0xD814422E14402L,0x6C051024000000L,0xD8000000000000L,0x9006CL,0x240000L,0x240000000000L};
- public static final long[] CURVE_B= {0x2L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
- public static final long[] CURVE_Cof= {0x1L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
- public static final long[] CURVE_Gx={0x2406C08404E012L,0x240510420138000L,0xE01920840000000L,0x601B00000901441L,0x400000006C0A206L,0xD814423414402L,0x6C051024000000L,0xD8000000000000L,0x9006CL,0x240000L,0x240000000000L};
- public static final long[] CURVE_Gy={0x1L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
-
- public static final long[] CURVE_Bnx={0x1001L,0x4000L,0x10000000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
- public static final long[] CURVE_Cru={0x1202401B007L,0xD812006C000L,0x480510240000000L,0x200480000000360L,0x1B01L,0x3602403600L,0xD800000000L,0x0L,0x12L,0x0L,0x0L};
- public static final long[] CURVE_Fra={0x76EAD944929A14L,0xB7E0A0BE10CDF74L,0x4FB8A8A2B93166BL,0xECDFC4B0F037D9L,0xC27307962815598L,0xCF5EF558D2135D8L,0x8CE651FD85AF9C3L,0x80AF6D02A45219FL,0x69B8147979A41A4L,0x9577C152A374C5BL,0x9FF28B3A478L};
- public static final long[] CURVE_Frb={0xFAD1BE73F7245FFL,0x6C246F83F06A08BL,0x906077E146CE994L,0x514D03B4F9FDC68L,0x7D8CF86A43F4C6EL,0x31791EE96200E29L,0x79D9FF04BA5063CL,0x8CD092FD5BADE60L,0x9647EB8686EBEC7L,0x6A883EAD5ECB3A4L,0x1A00D74C5B87L};
- public static final long[] CURVE_Pxa={0x4233F273CCC5E10L,0x6408117FB1B1FFAL,0xA7978AC166486AAL,0xDA6417BDCFDC1D0L,0xDCE981D68FA7F5CL,0x4169ED790F45048L,0xBA06CCE894F26BEL,0xB0C98247FD18141L,0x30CE35212F353A6L,0xFF9A1B9162B0B9EL,0xFD835F078BFL};
- public static final long[] CURVE_Pxb={0x837F879267F4BC0L,0x443F1581FA770EDL,0x8FBA0763CB82027L,0xA8F7E5DE4945F11L,0x780AAE5D219F786L,0xF3BB745205342E9L,0xCC0A34FF057013CL,0xA6DFAF3E689709EL,0xD69FBD8D12B6B79L,0x6A1715D9469215DL,0x1764FA509C41L};
- public static final long[] CURVE_Pya={0xC570D1DCC3FB414L,0xD0ABFE7F36161E4L,0xABA2F61496C849AL,0x4E4A05030CD4F3FL,0x70F7CECD5CEF83L,0x9D4711CBF491613L,0xDF8011EA770418EL,0x56548E514EC94ECL,0xC9E853DFF35EE42L,0x5481ABBAAD13633L,0x78D8A63783FL};
- public static final long[] CURVE_Pyb={0xAFE3E3DB33908ADL,0x7CD4290A506594CL,0xFA043D85973EC3FL,0xFAC7A642BB5E628L,0x71A36A52DA82EE2L,0x12C2231EDAE0C76L,0x994DF2771091B48L,0xCFFF7637B76831CL,0xD463BD03DA14916L,0x1074F23C580C40L,0x12188D99546BL};
- public static final long[][] CURVE_W={{0x6008003L,0x30020000L,0xC0080060000000L,0x300000000000000L,0x0L,0x600000L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x2001L,0x8000L,0x20000000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}};
- public static final long[][][] CURVE_SB={{{0x600A004L,0x30028000L,0xC00A0060000000L,0x300000000000000L,0x0L,0x600000L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x2001L,0x8000L,0x20000000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x2001L,0x8000L,0x20000000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x2406C07803A00AL,0x2405103C00E8000L,0xC817E0780000000L,0x1B00000901441L,0x400000006C0A206L,0xD814422814402L,0x6C051024000000L,0xD8000000000000L,0x9006CL,0x240000L,0x240000000000L}}};
- public static final long[][] CURVE_WB={{0x2001000L,0x10004000L,0x40010020000000L,0x100000000000000L,0x0L,0x200000L,0x0L,0x0L,0x0L,0x0L,0x0L},{0xC01C015005L,0x900E0054000L,0x3803901C0000000L,0xE00300000000240L,0x1200L,0x2401C02400L,0x9000000000L,0x0L,0xCL,0x0L,0x0L},{0x600E00B003L,0x4807002C000L,0x1C01D00E0000000L,0x700180000000120L,0x900L,0x1200E01200L,0x4800000000L,0x0L,0x6L,0x0L,0x0L},{0x2003001L,0x1000C000L,0x40030020000000L,0x100000000000000L,0x0L,0x200000L,0x0L,0x0L,0x0L,0x0L,0x0L}};
- public static final long[][][] CURVE_BB={{{0x2406C07E04100DL,0x2405103F0104000L,0xD418507E0000000L,0x301B00000901441L,0x400000006C0A206L,0xD814422E14402L,0x6C051024000000L,0xD8000000000000L,0x9006CL,0x240000L,0x240000000000L},{0x2406C07E04100CL,0x2405103F0104000L,0xD418507E0000000L,0x301B00000901441L,0x400000006C0A206L,0xD814422E14402L,0x6C051024000000L,0xD8000000000000L,0x9006CL,0x240000L,0x240000000000L},{0x2406C07E04100CL,0x2405103F0104000L,0xD418507E0000000L,0x301B00000901441L,0x400000006C0A206L,0xD814422E14402L,0x6C051024000000L,0xD8000000000000L,0x9006CL,0x240000L,0x240000000000L},{0x2002L,0x8000L,0x20000000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x2001L,0x8000L,0x20000000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x2406C07E04100CL,0x2405103F0104000L,0xD418507E0000000L,0x301B00000901441L,0x400000006C0A206L,0xD814422E14402L,0x6C051024000000L,0xD8000000000000L,0x9006CL,0x240000L,0x240000000000L},{0x2406C07E04100DL,0x2405103F0104000L,0xD418507E0000000L,0x301B0000090
1441L,0x400000006C0A206L,0xD814422E14402L,0x6C051024000000L,0xD8000000000000L,0x9006CL,0x240000L,0x240000000000L},{0x2406C07E04100CL,0x2405103F0104000L,0xD418507E0000000L,0x301B00000901441L,0x400000006C0A206L,0xD814422E14402L,0x6C051024000000L,0xD8000000000000L,0x9006CL,0x240000L,0x240000000000L}},{{0x2002L,0x8000L,0x20000000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x2001L,0x8000L,0x20000000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x2001L,0x8000L,0x20000000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x2001L,0x8000L,0x20000000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x1002L,0x4000L,0x10000000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x4002L,0x10000L,0x40000000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x2406C07E04000AL,0x2405103F0100000L,0xD418407E0000000L,0x301B00000901441L,0x400000006C0A206L,0xD814422E14402L,0x6C051024000000L,0xD8000000000000L,0x9006CL,0x240000L,0x240000000000L},{0x1002L,0x4000L,0x10000000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}
}};
-
- public static final boolean USE_GLV =true;
- public static final boolean USE_GS_G2 =true;
- public static final boolean USE_GS_GT =true;
- public static final boolean GT_STRONG=false;
-*/
-// BNCX Curve
-/*
- public static final int CURVETYPE=WEIERSTRASS;
- public static final int CURVE_PAIRING_TYPE=BN_CURVE;
- public static final int CURVE_A = 0;
- public static final long[] CURVE_B = {0x2L,0x0L,0x0L,0x0L,0x0L};
- public static final long[] CURVE_Cof = {0x1L,0x0L,0x0L,0x0L,0x0L};
- public static final long[] CURVE_Order={0x11C0A636EB1F6DL,0xD6EE0CC906CEBEL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L};
- public static final long[] CURVE_Bnx={0x3C012B1L,0x40L,0x0L,0x0L,0x0L};
- public static final long[] CURVE_Cru={0xE0931794235C97L,0xDF6471EF875631L,0xCA83F1440BDL,0x480000L,0x0L};
- public static final long[] CURVE_Fra={0xD9083355C80EA3L,0x7326F173F8215BL,0x8AACA718986867L,0xA63A0164AFE18BL,0x1359082FL};
- public static final long[] CURVE_Frb={0x8D1BBC06534710L,0x63C7269546C062L,0xD9CDBC4E3ABBD8L,0x623628A900DC53L,0x10A6F7D0L};
- public static final long[] CURVE_Pxa={0x851CEEE4D2EC74L,0x85BFA03E2726C0L,0xF5C34BBB907CL,0x7053B256358B25L,0x19682D2CL};
- public static final long[] CURVE_Pxb={0xA58E8B2E29CFE1L,0x97B0C209C30F47L,0x37A8E99743F81BL,0x3E19F64AA011C9L,0x1466B9ECL};
- public static final long[] CURVE_Pya={0xFBFCEBCF0BE09FL,0xB33D847EC1B30CL,0x157DAEE2096361L,0x72332B8DD81E22L,0xA79EDD9L};
- public static final long[] CURVE_Pyb={0x904B228898EE9DL,0x4EA569D2EDEBEDL,0x512D8D3461C286L,0xECC4C09035C6E4L,0x6160C39L};
- public static final long[] CURVE_Gx ={0x6623EF5C1B55B2L,0xD6EE18093EE1BEL,0x647A6366D3243FL,0x8702A0DB0BDDFL,0x24000000L};
- public static final long[] CURVE_Gy ={0x1L,0x0L,0x0L,0x0L,0x0L};
- public static final long[][] CURVE_W={{0x546349162FEB83L,0xB40381200L,0x6000L,0x0L,0x0L},{0x7802561L,0x80L,0x0L,0x0L,0x0L}};
- public static final long[][][] CURVE_SB={{{0x5463491DB010E4L,0xB40381280L,0x6000L,0x0L,0x0L},{0x7802561L,0x80L,0x0L,0x0L,0x0L}},{{0x7802561L,0x80L,0x0L,0x0L,0x0L},{0xBD5D5D20BB33EAL,0xD6EE0188CEBCBDL,0x647A6366D2643FL,0x8702A0DB0BDDFL,0x24000000L}}};
- public static final long[][] CURVE_WB={{0x1C2118567A84B0L,0x3C012B040L,0x2000L,0x0L,0x0L},{0xCDF995BE220475L,0x94EDA8CA7F9A36L,0x8702A0DC07EL,0x300000L,0x0L},{0x66FCCAE0F10B93L,0x4A76D4653FCD3BL,0x4381506E03FL,0x180000L,0x0L},{0x1C21185DFAAA11L,0x3C012B0C0L,0x2000L,0x0L,0x0L}};
- public static final long[][][] CURVE_BB={{{0x11C0A6332B0CBDL,0xD6EE0CC906CE7EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L},{0x11C0A6332B0CBCL,0xD6EE0CC906CE7EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L},{0x11C0A6332B0CBCL,0xD6EE0CC906CE7EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L},{0x7802562L,0x80L,0x0L,0x0L,0x0L}},{{0x7802561L,0x80L,0x0L,0x0L,0x0L},{0x11C0A6332B0CBCL,0xD6EE0CC906CE7EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L},{0x11C0A6332B0CBDL,0xD6EE0CC906CE7EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L},{0x11C0A6332B0CBCL,0xD6EE0CC906CE7EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L}},{{0x7802562L,0x80L,0x0L,0x0L,0x0L},{0x7802561L,0x80L,0x0L,0x0L,0x0L},{0x7802561L,0x80L,0x0L,0x0L,0x0L},{0x7802561L,0x80L,0x0L,0x0L,0x0L}},{{0x3C012B2L,0x40L,0x0L,0x0L,0x0L},{0xF004AC2L,0x100L,0x0L,0x0L,0x0L},{0x11C0A62F6AFA0AL,0xD6EE0CC906CE3EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L},{0x3C012B2L,0x40L,0x0L,0x0L,0x0L}}};
-
- public static final boolean USE_GLV =true;
- public static final boolean USE_GS_G2 =true;
- public static final boolean USE_GS_GT =true;
- public static final boolean GT_STRONG=true;
-*/
-// BNT Curve
-/*
-public static final int CURVETYPE=WEIERSTRASS;
-public static final int CURVE_PAIRING_TYPE=BN_CURVE;
-public static final int CURVE_A = 0;
-public static final long[] CURVE_B = {0x2L,0x0L,0x0L,0x0L,0x0L};
-public static final long[] CURVE_Cof = {0x1L,0x0L,0x0L,0x0L,0x0L};
-public static final long[] CURVE_Order={0x75777E8D30210DL,0xD43492B2CB363AL,0x3696F8D5F00E88L,0x6517014EFA0BABL,0x240120DBL};
-public static final long[] CURVE_Bnx={0x806000004081L,0x40L,0x0L,0x0L,0x0L};
-public static final long[] CURVE_Cru={0xEB53D5AB4FCD87L,0x82A5F2BAB11FADL,0x47651504C9764CL,0x4801B1L,0x0L};
-public static final long[] CURVE_Fra={0xF5D14EADC80022L,0x4904D6FACCE359L,0xF190A13211BE6CL,0xC9BBC4394F6509L,0x1328A292L};
-public static final long[] CURVE_Frb={0xA7EAB040ECA6F1L,0xC513DF997D764L,0x450657A3DEB01EL,0x9B5B3D15AAA6A1L,0x10D87E48L};
-public static final long[] CURVE_Pxa={0x8987E2288E65BBL,0xAD1CAA6313BEL,0x325041548B7CCCL,0x4C1339EBCC055L,0x14483FCDL};
-public static final long[] CURVE_Pxb={0x67888808DBE2C0L,0x7FE1F81E34853AL,0xA631A51B57B95L,0x384EC302DA3FC5L,0x87F46B3L};
-public static final long[] CURVE_Pya={0x202C47E020CA1DL,0xB4167E8399F36CL,0xC6E5439F72C94CL,0x102B0BD74A2C69L,0x14E8C29CL};
-public static final long[] CURVE_Pyb={0xD8437C716628F2L,0x27E167BCB7DC6BL,0xA82C7572681D0AL,0x62454BD1EDEC18L,0x17AFE2A4L};
-public static final long[] CURVE_Gx ={0x9DBBFEEEB4A712L,0x555614F464BABEL,0x3696F8D5F06E8AL,0x6517014EFA0BABL,0x240120DBL};
-public static final long[] CURVE_Gy ={0x1L,0x0L,0x0L,0x0L,0x0L};
-public static final long[][] CURVE_W={{0x26430061838403L,0x81218241998384L,0x6001L,0x0L,0x0L},{0x100C000008101L,0x80L,0x0L,0x0L,0x0L}};
-public static final long[][][] CURVE_SB={{{0x2743C061840504L,0x81218241998404L,0x6001L,0x0L,0x0L},{0x100C000008101L,0x80L,0x0L,0x0L,0x0L}},{{0x100C000008101L,0x80L,0x0L,0x0L,0x0L},{0x4F347E2BAC9D0AL,0x5313107131B2B6L,0x3696F8D5EFAE87L,0x6517014EFA0BABL,0x240120DBL}}};
-public static final long[][] CURVE_WB={{0x6140602080C080L,0x806080C08880C1L,0x2000L,0x0L,0x0L},{0xB53904088C4A85L,0xAD2FA352DC6C36L,0xDA436358868EDEL,0x300120L,0x0L},{0x5ADCB204464583L,0x5697D1A96E363BL,0x6D21B1AC43476FL,0x180090L,0x0L},{0x62412020814181L,0x806080C0888141L,0x2000L,0x0L,0x0L}};
-public static final long[][][] CURVE_BB={{{0x74F71E8D2FE08DL,0xD43492B2CB35FAL,0x3696F8D5F00E88L,0x6517014EFA0BABL,0x240120DBL},{0x74F71E8D2FE08CL,0xD43492B2CB35FAL,0x3696F8D5F00E88L,0x6517014EFA0BABL,0x240120DBL},{0x74F71E8D2FE08CL,0xD43492B2CB35FAL,0x3696F8D5F00E88L,0x6517014EFA0BABL,0x240120DBL},{0x100C000008102L,0x80L,0x0L,0x0L,0x0L}},{{0x100C000008101L,0x80L,0x0L,0x0L,0x0L},{0x74F71E8D2FE08CL,0xD43492B2CB35FAL,0x3696F8D5F00E88L,0x6517014EFA0BABL,0x240120DBL},{0x74F71E8D2FE08DL,0xD43492B2CB35FAL,0x3696F8D5F00E88L,0x6517014EFA0BABL,0x240120DBL},{0x74F71E8D2FE08CL,0xD43492B2CB35FAL,0x3696F8D5F00E88L,0x6517014EFA0BABL,0x240120DBL}},{{0x100C000008102L,0x80L,0x0L,0x0L,0x0L},{0x100C000008101L,0x80L,0x0L,0x0L,0x0L},{0x100C000008101L,0x80L,0x0L,0x0L,0x0L},{0x100C000008101L,0x80L,0x0L,0x0L,0x0L}},{{0x806000004082L,0x40L,0x0L,0x0L,0x0L},{0x2018000010202L,0x100L,0x0L,0x0L,0x0L},{0x7476BE8D2FA00AL,0xD43492B2CB35BAL,0x3696F8D5F00E88L,0x6517014EFA0BABL,0x240120DBL},{0x806000004082L,0x40L,0x0L
,0x0L,0x0L}}};
-
- public static final boolean USE_GLV =true;
- public static final boolean USE_GS_G2 =true;
- public static final boolean USE_GS_GT =true;
- public static final boolean GT_STRONG=true;
-
-*/
-
-// BNT2 Curve
-/*
- public static final int CURVETYPE=WEIERSTRASS;
- public static final int CURVE_PAIRING_TYPE=BN_CURVE;
- public static final int CURVE_A = 0;
- public static final long[] CURVE_B = {0x2L,0x0L,0x0L,0x0L,0x0L};
- public static final long[] CURVE_Cof = {0x1L,0x0L,0x0L,0x0L,0x0L};
- public static final long[] CURVE_Order={0xFB71A511AA2BF5L,0x8DE127B73833D7L,0xF3B89D00021CFL,0x410F5AADB74E20L,0x24000482L};
- public static final long[] CURVE_Bnx={0x20100608205L,0x40L,0x0L,0x0L,0x0L};
- public static final long[] CURVE_Cru={0x5027444866BD33L,0x5B773016470EFBL,0xC3617BECF23675L,0x480006L,0x0L};
- public static final long[] CURVE_Fra={0xB268C973AEF062L,0xC69B33C3BCE492L,0xF67FA37F195BBCL,0x29E8CAB6BD0A41L,0x124E0B8DL};
- public static final long[] CURVE_Frb={0x736240B1B429L,0xCD48F52D196D56L,0x18BBE650E72612L,0x17268FF6FA43DEL,0x11B1F8F5L};
- public static final long[] CURVE_Pxa={0xCC92399F40A3C8L,0xCDA4E96611784AL,0x7B056961706B35L,0x9693C6318279D7L,0x16FC17CFL};
- public static final long[] CURVE_Pxb={0x557A8AD8549540L,0x6F7BE6F6510610L,0x565907A95D17DBL,0xBD5975909C8188L,0x1EB5B500L};
- public static final long[] CURVE_Pya={0x7BECC514220513L,0x4A78860E737B14L,0x51B83935F12684L,0x761422AA9D4DFAL,0x1E8EE498L};
- public static final long[] CURVE_Pyb={0xB9328F577CE78EL,0xB746E26FA5781FL,0xA93DBC1FB8E27EL,0xBAE33BDBA29D76L,0x23CEF4CDL};
- public static final long[] CURVE_Gx ={0xB2DC2BB460A48AL,0x93E428F0D651E8L,0xF3B89D00081CFL,0x410F5AADB74E20L,0x24000482L};
- public static final long[] CURVE_Gy ={0x1L,0x0L,0x0L,0x0L,0x0L};
- public static final long[][] CURVE_W={{0xB76282A1347083L,0x60301399E1D10L,0x6000L,0x0L,0x0L},{0x40200C10409L,0x80L,0x0L,0x0L,0x0L}};
- public static final long[][][] CURVE_SB={{{0xB76684A1F5748CL,0x60301399E1D90L,0x6000L,0x0L,0x0L},{0x40200C10409L,0x80L,0x0L,0x0L,0x0L}},{{0x40200C10409L,0x80L,0x0L,0x0L,0x0L},{0x440F227075BB72L,0x87DE267D9A16C7L,0xF3B89CFFFC1CFL,0x410F5AADB74E20L,0x24000482L}}};
- public static final long[][] CURVE_WB={{0x9272D48A70A224L,0x20100688A0945L,0x2000L,0x0L,0x0L},{0x5A572CF030EF19L,0x9651763543721DL,0x8240FD48A1B9A3L,0x300004L,0x0L},{0xAD2C96F848B88FL,0xCB28BB1AA1B92EL,0x41207EA450DCD1L,0x180002L,0x0L},{0x9276D68B31A62DL,0x20100688A09C5L,0x2000L,0x0L,0x0L}};
- public static final long[][][] CURVE_BB={{{0xFB6FA41149A9F1L,0x8DE127B7383397L,0xF3B89D00021CFL,0x410F5AADB74E20L,0x24000482L},{0xFB6FA41149A9F0L,0x8DE127B7383397L,0xF3B89D00021CFL,0x410F5AADB74E20L,0x24000482L},{0xFB6FA41149A9F0L,0x8DE127B7383397L,0xF3B89D00021CFL,0x410F5AADB74E20L,0x24000482L},{0x40200C1040AL,0x80L,0x0L,0x0L,0x0L}},{{0x40200C10409L,0x80L,0x0L,0x0L,0x0L},{0xFB6FA41149A9F0L,0x8DE127B7383397L,0xF3B89D00021CFL,0x410F5AADB74E20L,0x24000482L},{0xFB6FA41149A9F1L,0x8DE127B7383397L,0xF3B89D00021CFL,0x410F5AADB74E20L,0x24000482L},{0xFB6FA41149A9F0L,0x8DE127B7383397L,0xF3B89D00021CFL,0x410F5AADB74E20L,0x24000482L}},{{0x40200C1040AL,0x80L,0x0L,0x0L,0x0L},{0x40200C10409L,0x80L,0x0L,0x0L,0x0L},{0x40200C10409L,0x80L,0x0L,0x0L,0x0L},{0x40200C10409L,0x80L,0x0L,0x0L,0x0L}},{{0x20100608206L,0x40L,0x0L,0x0L,0x0L},{0x80401820812L,0x100L,0x0L,0x0L,0x0L},{0xFB6DA310E927EAL,0x8DE127B7383357L,0xF3B89D00021CFL,0x410F5AADB74E20L,0x24000482L},{0x20100608206L,0x40L,0x0L,0x0L,0x0L}}};
-
- public static final boolean USE_GLV =true;
- public static final boolean USE_GS_G2 =true;
- public static final boolean USE_GS_GT =true;
- public static final boolean GT_STRONG=true;
-*/
-
-// BN254 Curve
-/*
- public static final int CURVETYPE=WEIERSTRASS;
- public static final int CURVE_PAIRING_TYPE=BN_CURVE;
- public static final int CURVE_A = 0;
- public static final long[] CURVE_B = {0x2L,0x0L,0x0L,0x0L,0x0L};
- public static final long[] CURVE_Cof = {0x1L,0x0L,0x0L,0x0L,0x0L};
- public static final long[] CURVE_Order={0xDL,0x800000000010A1L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L};
- public static final long[] CURVE_Bnx={0x80000000000001L,0x40L,0x0L,0x0L,0x0L};
- public static final long[] CURVE_Cru={0x80000000000007L,0x6CDL,0x40000000024909L,0x49B362L,0x0L};
- public static final long[] CURVE_Fra={0x7DE6C06F2A6DE9L,0x74924D3F77C2E1L,0x50A846953F8509L,0x212E7C8CB6499BL,0x1B377619L};
- public static final long[] CURVE_Frb={0x82193F90D5922AL,0x8B6DB2C08850C5L,0x2F57B96AC8DC17L,0x1ED1837503EAB2L,0x9EBEE69L};
- public static final long[] CURVE_Pxa={0xEE4224C803FB2BL,0x8BBB4898BF0D91L,0x7E8C61EDB6A464L,0x519EB62FEB8D8CL,0x61A10BBL};
- public static final long[] CURVE_Pxb={0x8C34C1E7D54CF3L,0x746BAE3784B70DL,0x8C5982AA5B1F4DL,0xBA737833310AA7L,0x516AAF9L};
- public static final long[] CURVE_Pya={0xF0E07891CD2B9AL,0xAE6BDBE09BD19L,0x96698C822329BDL,0x6BAF93439A90E0L,0x21897A0L};
- public static final long[] CURVE_Pyb={0x2D1AEC6B3ACE9BL,0x6FFD739C9578AL,0x56F5F38D37B090L,0x7C8B15268F6D44L,0xEBB2B0EL};
- public static final long[] CURVE_Gx ={0x12L,0x13A7L,0x80000000086121L,0x40000001BA344DL,0x25236482L};
- public static final long[] CURVE_Gy ={0x1L,0x0L,0x0L,0x0L,0x0L};
- public static final long[][] CURVE_W={{0x3L,0x80000000000204L,0x6181L,0x0L,0x0L},{0x1L,0x81L,0x0L,0x0L,0x0L}};
- public static final long[][][] CURVE_SB={{{0x4L,0x80000000000285L,0x6181L,0x0L,0x0L},{0x1L,0x81L,0x0L,0x0L,0x0L}},{{0x1L,0x81L,0x0L,0x0L,0x0L},{0xAL,0xE9DL,0x80000000079E1EL,0x40000001BA344DL,0x25236482L}}};
- public static final long[][] CURVE_WB={{0x80000000000000L,0x80000000000040L,0x2080L,0x0L,0x0L},{0x80000000000005L,0x54AL,0x8000000001C707L,0x312241L,0x0L},{0x80000000000003L,0x800000000002C5L,0xC000000000E383L,0x189120L,0x0L},{0x80000000000001L,0x800000000000C1L,0x2080L,0x0L,0x0L}};
- public static final long[][][] CURVE_BB={{{0x8000000000000DL,0x80000000001060L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L},{0x8000000000000CL,0x80000000001060L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L},{0x8000000000000CL,0x80000000001060L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L},{0x2L,0x81L,0x0L,0x0L,0x0L}},{{0x1L,0x81L,0x0L,0x0L,0x0L},{0x8000000000000CL,0x80000000001060L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L},{0x8000000000000DL,0x80000000001060L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L},{0x8000000000000CL,0x80000000001060L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L}},{{0x2L,0x81L,0x0L,0x0L,0x0L},{0x1L,0x81L,0x0L,0x0L,0x0L},{0x1L,0x81L,0x0L,0x0L,0x0L},{0x1L,0x81L,0x0L,0x0L,0x0L}},{{0x80000000000002L,0x40L,0x0L,0x0L,0x0L},{0x2L,0x102L,0x0L,0x0L,0x0L},{0xAL,0x80000000001020L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L},{0x80000000000002L,0x40L,0x0L,0x0L,0x0L}}};
-
- public static final boolean USE_GLV =true;
- public static final boolean USE_GS_G2 =true;
- public static final boolean USE_GS_GT =true;
- public static final boolean GT_STRONG=false;
-
-*/
-// BN454 Curve
-/*
- public static final int CURVETYPE=WEIERSTRASS;
- public static final int CURVE_PAIRING_TYPE=BN_CURVE;
- public static final int CURVE_A = 0;
- public static final long[] CURVE_Order={0x420000000DL,0x42006C4200007E0L,0x2000144FC0024FCL,0x887E01D4FC0091CL,0x21C00021D4400DAL,0x25B06C01B144009L,0xD80000909000L,0x240000900L};
- public static final long[] CURVE_B= {0x2L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
- public static final long[] CURVE_Cof= {0x1L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
- public static final long[] CURVE_Gx={0x4E00000012L,0x4E006C4E0000840L,0x800014508002508L,0x888401D5080091CL,0x21C00021D4400DAL,0x25B06C01B144009L,0xD80000909000L,0x240000900L};
- public static final long[] CURVE_Gy={0x1L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
-
- public static final long[] CURVE_Bnx={0x100000001L,0x10000010000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
- public static final long[] CURVE_Cru={0x1B00000007L,0x1B00121B0000240L,0xA00003648000048L,0x6C2400364800005L,0x36000012360000L,0x12000036000L,0x0L,0x0L};
- public static final long[] CURVE_Fra={0x302DC9FD573B0ECL,0x7AEEE6C3A90B9B8L,0xD06B734A02B17ECL,0xDBD9562D6A87DL,0x929326ECAFCB5A2L,0x32139C5D6DDCE26L,0x7A687EBE1CCD92BL,0x12E79EC72L};
- public static final long[] CURVE_Frb={0xCFD23AE2A8C4F27L,0xD311858A56F4E87L,0xAF94A1067D50D1BL,0x87A8287EDA9609EL,0x8F2CD9352474B38L,0xF39CCFA443671E2L,0x85A50141EC3B6D4L,0x111861C8DL};
- public static final long[] CURVE_Pxa={0xFBA3BAC20F02B14L,0x6BC30BEF0CC2BB1L,0xFE2DA6B5FCEFFF3L,0x3682EDFC1FE1E7EL,0xAD66CC979483454L,0xE163BB5D98CBBA1L,0xD55083668F14AAFL,0x1403D4F80L};
- public static final long[] CURVE_Pxb={0x9C06D0EC45BF266L,0x365ACBB7823C36EL,0xD2E4624790DBC52L,0xE0803BE6F2F769FL,0x7BA9E2AA951971DL,0x25841737EBE5665L,0x142E8014B1E40D5L,0x15952D69EL};
- public static final long[] CURVE_Pya={0x939AB6BBE1B15C7L,0xDF26024555C6CB4L,0x671C46519474FB5L,0xBAA277A8FC5DD54L,0xB00871EE82F2FAAL,0xFE0A26E1C64C3AL,0x7ABC6DB12C5287AL,0x1D67A4004L};
- public static final long[] CURVE_Pyb={0xC10E6FB60571D60L,0xE9271847B128D8EL,0xBE70ED2753A65C7L,0x75C2604B7433768L,0x4F0B46811003851L,0xD91F0CA48ABC5EAL,0x842C9ADF53F903EL,0x976E2360L};
- public static final long[][] CURVE_W={{0x800000003L,0x80000080000060L,0x60000000C00000CL,0x600000C00000L,0x0L,0x0L,0x0L,0x0L},{0x200000001L,0x20000020000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}};
- public static final long[][][] CURVE_SB={{{0xA00000004L,0xA00000A0000060L,0x60000000C00000CL,0x600000C00000L,0x0L,0x0L,0x0L,0x0L},{0x200000001L,0x20000020000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x200000001L,0x20000020000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x3A0000000AL,0x3A006C3A0000780L,0xC000144F00024F0L,0x887801D4F00091BL,0x21C00021D4400DAL,0x25B06C01B144009L,0xD80000909000L,0x240000900L}}};
- public static final long[][] CURVE_WB={{0x100000000L,0x10000010000020L,0x200000004000004L,0x200000400000L,0x0L,0x0L,0x0L,0x0L},{0x1500000005L,0x15000C1500001C0L,0x2438000038L,0x481C00243800004L,0x2400000C240000L,0xC000024000L,0x0L,0x0L},{0xB00000003L,0xB00060B00000E0L,0x121C00001CL,0x240E00121C00002L,0x12000006120000L,0x6000012000L,0x0L,0x0L},{0x300000001L,0x30000030000020L,0x200000004000004L,0x200000400000L,0x0L,0x0L,0x0L,0x0L}};
- public static final long[][][] CURVE_BB={{{0x410000000DL,0x41006C4100007E0L,0x2000144FC0024FCL,0x887E01D4FC0091CL,0x21C00021D4400DAL,0x25B06C01B144009L,0xD80000909000L,0x240000900L},{0x410000000CL,0x41006C4100007E0L,0x2000144FC0024FCL,0x887E01D4FC0091CL,0x21C00021D4400DAL,0x25B06C01B144009L,0xD80000909000L,0x240000900L},{0x410000000CL,0x41006C4100007E0L,0x2000144FC0024FCL,0x887E01D4FC0091CL,0x21C00021D4400DAL,0x25B06C01B144009L,0xD80000909000L,0x240000900L},{0x200000002L,0x20000020000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x200000001L,0x20000020000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x410000000CL,0x41006C4100007E0L,0x2000144FC0024FCL,0x887E01D4FC0091CL,0x21C00021D4400DAL,0x25B06C01B144009L,0xD80000909000L,0x240000900L},{0x410000000DL,0x41006C4100007E0L,0x2000144FC0024FCL,0x887E01D4FC0091CL,0x21C00021D4400DAL,0x25B06C01B144009L,0xD80000909000L,0x240000900L},{0x410000000CL,0x41006C4100007E0L,0x2000144FC0024FCL,0x887E01D4FC0091CL,0x21C00021D4400DAL,0x25B06C01B144009L,0xD80000909000L,
0x240000900L}},{{0x200000002L,0x20000020000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x200000001L,0x20000020000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x200000001L,0x20000020000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x200000001L,0x20000020000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x100000002L,0x10000010000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x400000002L,0x40000040000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x400000000AL,0x40006C4000007E0L,0x2000144FC0024FCL,0x887E01D4FC0091CL,0x21C00021D4400DAL,0x25B06C01B144009L,0xD80000909000L,0x240000900L},{0x100000002L,0x10000010000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}}};
-
- public static final boolean USE_GLV =true;
- public static final boolean USE_GS_G2 =true;
- public static final boolean USE_GS_GT =true;
- public static final boolean GT_STRONG=false;
-
-*/
-
-// BLS383 Curve
-
- public static final int CURVETYPE=WEIERSTRASS;
- public static final int CURVE_PAIRING_TYPE=BLS_CURVE;
- public static final int CURVE_A = 0;
-
- public static final long[] CURVE_Order={0xFFF80000FFF001L,0xBFDE0070FE7800L,0x3000049C5EDF1CL,0xC40007F910007AL,0x14641004CL,0x0L,0x0L};
- public static final long[] CURVE_B= {0x9L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
- public static final long[] CURVE_Cof= {0x2A00000052BL,0x5560AAAAAB2CA0L,0x6055L,0x0L,0x0L,0x0L,0x0L};
- public static final long[] CURVE_Gx={0xD59B348D10786BL,0x3477C0E3F54AD0L,0xBF25B734578B9BL,0x4F6AC007BB6F65L,0xEFD5830FF57E9CL,0xADB9F88FB6EC02L,0xB08CEE4BC98L};
- public static final long[] CURVE_Gy={0x5DA023D145DDBL,0x13F518C5FEF7CCL,0x56EC3462B2A66FL,0x96F3019C7A925FL,0x9061047981223EL,0x4810AD8F5BE59L,0x1F3909337671L};
-
- public static final long[] CURVE_Bnx={0x1000000040L,0x110L,0x0L,0x0L,0x0L,0x0L,0x0L};
- public static final long[] CURVE_Cru={0xA3AAC4EDA155A9L,0xDF2FE8761E5E3DL,0xBCDFAADE632625L,0x5123128D3035A6L,0xDBF3A2BBEAD683L,0x5C5FAB20424190L,0x7AC52080A9F7L};
- public static final long[] CURVE_Fra={0x2BA59A92B4508BL,0x63DB7A06EEF343L,0x40341CB1DFBC74L,0x1639E9D32D55D3L,0xB19B3F05CC36D4L,0xF323EE4D86AB98L,0x5A5FB198672L};
- public static final long[] CURVE_Frb={0x81051A97F904E0L,0xB7D49A6F086A37L,0x8F3EEB8B7DB8ABL,0xEEF7983C6C9543L,0x7A65F6549CB35DL,0x693D1777CBFBECL,0x751F25672384L};
- public static final long[] CURVE_Pxa={0x6059885BAC9472L,0x7C4D31DE2DC36DL,0xBDC90C308C88A7L,0x29F01971C688FCL,0x3693539C43F167L,0xD81E5A561EB8BFL,0x4D50722B56BFL};
- public static final long[] CURVE_Pxb={0x9B4BD7A272AB23L,0x7AF19D4F44DCE8L,0x3F6F7B93206A34L,0x571DD3E2A819FBL,0x3A2BA3B635D7EEL,0xAC28C780C1A126L,0xEE3617C3E5BL};
- public static final long[] CURVE_Pya={0x81D230977BD4FDL,0xB660720DFDFC6L,0x41FC9590C89A0CL,0x2E1FBCF878287AL,0x11C23014EEE65L,0x28878816BB325EL,0x8F40859A05CL};
- public static final long[] CURVE_Pyb={0xA5E20A252C4CE6L,0x5907A74AFF40C8L,0x41760A42448EF3L,0xFFEF82B0FDA199L,0xA0F29A18D4EA49L,0xAC7F7B86E4997BL,0x1DCABBA88C12L};
-// not used
- public static final long[][] CURVE_W={{},{}};
- public static final long[][][] CURVE_SB={{{},{}},{{},{}}};
- public static final long[][] CURVE_WB={{},{},{},{}};
- public static final long[][][] CURVE_BB={{{},{},{},{}},{{},{},{},{}},{{},{},{},{}},{{},{},{},{}}};
-
- public static final boolean USE_GLV =true;
- public static final boolean USE_GS_G2 =true;
- public static final boolean USE_GS_GT =true;
- public static final boolean GT_STRONG=false;
-
-
-
-// BLS455 Curve
-/*
- public static final int CURVETYPE=WEIERSTRASS;
- public static final int CURVE_PAIRING_TYPE=BLS_CURVE;
- public static final int CURVE_A = 0;
-
- public static final long[] CURVE_Order={0x7FFFFC00001L,0xA00000400001CL,0x25E000750001D10L,0xE0000F10004F000L,0x80000380002L,0x10L,0x0L,0x0L};
- public static final long[] CURVE_B= {0xAL,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
- public static final long[] CURVE_Cof= {0xA9557FFAABFFAABL,0xAAB15555B54AAB6L,0x555556AAL,0x0L,0x0L,0x0L,0x0L,0x0L};
- public static final long[] CURVE_Gx={0x6D4C5DDFDFCEDD1L,0x35C6F43B3A034FBL,0x7F05B56A579C725L,0xB1F2B8ECE11B321L,0x9F342AB0CFE8392L,0xA5911EE32767994L,0x3005E40CC56ABEDL,0x18855F3BL};
- public static final long[] CURVE_Gy={0x404FD79A6619B9BL,0x69D80A5D6FA0286L,0xEE722322D91A493L,0xB1EE58431C1E968L,0xCA9BC8953801F5FL,0xDFAFD40FE9E388EL,0x9F8985FC3DEB0D6L,0x19A8DB77EL};
-
- public static final long[] CURVE_Bnx={0x20000080000800L,0x10000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
- public static final long[] CURVE_Cru={0x9202FFC00000AA9L,0xFA5190F4A3762AL,0x8B2B9BDD548FEC9L,0xD7B469DB33A586AL,0xC91731354CAFD99L,0xF5B48D02FFFE695L,0x57955572A900E0EL,0x555559555L};
- public static final long[] CURVE_Fra={0x9CCFBDCA2EBF21L,0x572F54A73379964L,0x72819F887545498L,0x22BBC1CAD1F8534L,0xA82CD7D435944F0L,0x4594F818D030F7BL,0xEDCBE3ADC0016A7L,0x397EA4973L};
- public static final long[] CURVE_Frb={0xA033043B5D1438AL,0x6E5A00C3F72FC06L,0x4717AB46118C70EL,0x16993AE842C0609L,0x3B78DA012CA06E9L,0x501F99EA300E6EAL,0x69C971C4E9FF768L,0x1BD6B4BE1L};
- public static final long[] CURVE_Pxa={0x475F20F0C1F542L,0x65D6070F8567E10L,0xD780698BB33D776L,0x71F685ED1531721L,0x303D3FEC5B6A49CL,0x8DEF064FF553CEBL,0xC0E9A31B4C463L,0x2ECB12FA8L};
- public static final long[] CURVE_Pxb={0x99086EE6749F03DL,0xE89A55A5AC5EF2EL,0x7B41AECD88EA016L,0x622450FE6163E06L,0x755066E1C8E296FL,0xA80F219487326E8L,0x66DBFBB0BEAEE59L,0xECFFCE0L};
- public static final long[] CURVE_Pya={0x83235A4581A77F4L,0x9F0F367B7A7E10AL,0x8FA0C4A66D55B9DL,0xEF03F65E0D6EC4CL,0x9C7DC299C1A9EC2L,0x32453CA21CFA5ACL,0x6C3DCD5ABB9C544L,0x22471D90AL};
- public static final long[] CURVE_Pyb={0xF413B6D9E1FDBA2L,0xA7E630913DA0356L,0xFBC913D9AC488E2L,0x72E7CF61B401585L,0x656D801B21C89EDL,0xF9E921EEE0558F9L,0x3D2B7B03CFC8698L,0x33503CA8L};
-// not used
- public static final long[][] CURVE_W={{},{}};
- public static final long[][][] CURVE_SB={{{},{}},{{},{}}};
- public static final long[][] CURVE_WB={{},{},{},{}};
- public static final long[][][] CURVE_BB={{{},{},{},{}},{{},{},{},{}},{{},{},{},{}},{{},{},{},{}}};
-
- public static final boolean USE_GLV =true;
- public static final boolean USE_GS_G2 =true;
- public static final boolean USE_GS_GT =true;
- public static final boolean GT_STRONG=false;
-*/
- public static boolean debug=false;
-
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/java/RSA.java
----------------------------------------------------------------------
diff --git a/version22/java/RSA.java b/version22/java/RSA.java
deleted file mode 100644
index 1c275fe..0000000
--- a/version22/java/RSA.java
+++ /dev/null
@@ -1,362 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* RSA API high-level functions */
-
-public final class RSA {
-
- public static final int RFS=ROM.MODBYTES*ROM.FFLEN;
- public static final int SHA256=32;
- public static final int SHA384=48;
- public static final int SHA512=64;
-
- public static final int HASH_TYPE=SHA256;
-
-/* Hash number (optional) and string to array size of Bigs */
-
- public static byte[] hashit(int sha,byte[] A,int n)
- {
- byte[] R=null;
-
- if (sha==SHA256)
- {
- HASH256 H=new HASH256();
- if (A!=null) H.process_array(A);
- if (n>=0) H.process_num(n);
- R=H.hash();
- }
- if (sha==SHA384)
- {
- HASH384 H=new HASH384();
- if (A!=null) H.process_array(A);
- if (n>=0) H.process_num(n);
- R=H.hash();
- }
- if (sha==SHA512)
- {
- HASH512 H=new HASH512();
- if (A!=null) H.process_array(A);
- if (n>=0) H.process_num(n);
- R=H.hash();
- }
- return R;
- }
-
-/* generate an RSA key pair */
-
- public static void KEY_PAIR(RAND rng,int e,rsa_private_key PRIV,rsa_public_key PUB)
- { /* IEEE1363 A16.11/A16.12 more or less */
-
- int n=PUB.n.getlen()/2;
- FF t = new FF(n);
- FF p1=new FF(n);
- FF q1=new FF(n);
-
- for (;;)
- {
- PRIV.p.random(rng);
- while (PRIV.p.lastbits(2)!=3) PRIV.p.inc(1);
- while (!FF.prime(PRIV.p,rng)) PRIV.p.inc(4);
-
- p1.copy(PRIV.p);
- p1.dec(1);
-
- if (p1.cfactor(e)) continue;
- break;
- }
-
- for (;;)
- {
- PRIV.q.random(rng);
- while (PRIV.q.lastbits(2)!=3) PRIV.q.inc(1);
- while (!FF.prime(PRIV.q,rng)) PRIV.q.inc(4);
-
- q1.copy(PRIV.q);
- q1.dec(1);
-
- if (q1.cfactor(e)) continue;
-
- break;
- }
-
- PUB.n=FF.mul(PRIV.p,PRIV.q);
- PUB.e=e;
-
- t.copy(p1);
- t.shr();
- PRIV.dp.set(e);
- PRIV.dp.invmodp(t);
- if (PRIV.dp.parity()==0) PRIV.dp.add(t);
- PRIV.dp.norm();
-
- t.copy(q1);
- t.shr();
- PRIV.dq.set(e);
- PRIV.dq.invmodp(t);
- if (PRIV.dq.parity()==0) PRIV.dq.add(t);
- PRIV.dq.norm();
-
- PRIV.c.copy(PRIV.p);
- PRIV.c.invmodp(PRIV.q);
-
- return;
- }
-
-/* Mask Generation Function */
-
- public static void MGF1(int sha,byte[] Z,int olen,byte[] K)
- {
- int hlen=sha;
- byte[] B;
-
- int counter,cthreshold,k=0;
-
- for (int i=0;i<K.length;i++) K[i]=0;
-
- cthreshold=olen/hlen; if (olen%hlen!=0) cthreshold++;
- for (counter=0;counter<cthreshold;counter++)
- {
- B=hashit(sha,Z,counter);
- if (k+hlen>olen) for (int i=0;i<olen%hlen;i++) K[k++]=B[i];
- else for (int i=0;i<hlen;i++) K[k++]=B[i];
- }
- }
-
- public static void printBinary(byte[] array)
- {
- int i;
- for (i=0;i<array.length;i++)
- {
- System.out.printf("%02x", array[i]);
- }
- System.out.println();
- }
-
-
-
-/* SHAXXX identifier strings */
- private static final byte[] SHA256ID={0x30,0x31,0x30,0x0d,0x06,0x09,0x60,(byte)0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0x04,0x20};
- private static final byte[] SHA384ID={0x30,0x41,0x30,0x0d,0x06,0x09,0x60,(byte)0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,0x05,0x00,0x04,0x30};
- private static final byte[] SHA512ID={0x30,0x51,0x30,0x0d,0x06,0x09,0x60,(byte)0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00,0x04,0x40};
-
-/* PKCS 1.5 padding of a message to be signed */
-
- public static boolean PKCS15(int sha,byte[] m,byte[] w)
- {
- int olen=ROM.FF_BITS/8;
- int i,hlen=sha;
- int idlen=19;
-
- if (olen<idlen+hlen+10) return false;
- byte[] H=hashit(sha,m,-1);
-
- for (i=0;i<w.length;i++) w[i]=0;
- i=0;
- w[i++]=0;
- w[i++]=1;
- for (int j=0;j<olen-idlen-hlen-3;j++)
- w[i++]=(byte)0xff;
- w[i++]=0;
-
-
- if (hlen==SHA256) for (int j=0;j<idlen;j++) w[i++]=SHA256ID[j];
- if (hlen==SHA384) for (int j=0;j<idlen;j++) w[i++]=SHA384ID[j];
- if (hlen==SHA512) for (int j=0;j<idlen;j++) w[i++]=SHA512ID[j];
-
- for (int j=0;j<hlen;j++)
- w[i++]=H[j];
-
- return true;
- }
-
-
- /* OAEP Message Encoding for Encryption */
- public static byte[] OAEP_ENCODE(int sha,byte[] m,RAND rng,byte[] p)
- {
- int i,slen,olen=RFS-1;
- int mlen=m.length;
- int hlen,seedlen;
- byte[] f=new byte[RFS];
-
- hlen=sha;
- byte[] SEED=new byte[hlen];
- seedlen=hlen;
-
- if (mlen>olen-hlen-seedlen-1) return new byte[0];
-
- byte[] DBMASK=new byte[olen-seedlen];
-
- byte[] h=hashit(sha,p,-1);
-
- for (i=0;i<hlen;i++) f[i]=h[i];
-
- slen=olen-mlen-hlen-seedlen-1;
-
- for (i=0;i<slen;i++) f[hlen+i]=0;
- f[hlen+slen]=1;
- for (i=0;i<mlen;i++) f[hlen+slen+1+i]=m[i];
-
- for (i=0;i<seedlen;i++) SEED[i]=(byte)rng.getByte();
-
- MGF1(sha,SEED,olen-seedlen,DBMASK);
-
- for (i=0;i<olen-seedlen;i++) DBMASK[i]^=f[i];
-
- MGF1(sha,DBMASK,seedlen,f);
-
- for (i=0;i<seedlen;i++) f[i]^=SEED[i];
-
- for (i=0;i<olen-seedlen;i++) f[i+seedlen]=DBMASK[i];
-
- /* pad to length RFS */
- int d=1;
- for (i=RFS-1;i>=d;i--)
- f[i]=f[i-d];
- for (i=d-1;i>=0;i--)
- f[i]=0;
-
- return f;
- }
-
- /* OAEP Message Decoding for Decryption */
- public static byte[] OAEP_DECODE(int sha,byte[] p,byte[] f)
- {
- int x,t;
- boolean comp;
- int i,k,olen=RFS-1;
- int hlen,seedlen;
-
- hlen=sha;
- byte[] SEED=new byte[hlen];
- seedlen=hlen;
- byte[] CHASH=new byte[hlen];
-
- if (olen<seedlen+hlen+1) return new byte[0];
- byte[] DBMASK=new byte[olen-seedlen];
- for (i=0;i<olen-seedlen;i++) DBMASK[i]=0;
-
- if (f.length<RFS)
- {
- int d=RFS-f.length;
- for (i=RFS-1;i>=d;i--)
- f[i]=f[i-d];
- for (i=d-1;i>=0;i--)
- f[i]=0;
-
- }
-
- byte[] h=hashit(sha,p,-1);
-
- for (i=0;i<hlen;i++) CHASH[i]=h[i];
-
- x=f[0];
-
- for (i=seedlen;i<olen;i++)
- DBMASK[i-seedlen]=f[i+1];
-
- MGF1(sha,DBMASK,seedlen,SEED);
- for (i=0;i<seedlen;i++) SEED[i]^=f[i+1];
- MGF1(sha,SEED,olen-seedlen,f);
- for (i=0;i<olen-seedlen;i++) DBMASK[i]^=f[i];
-
- comp=true;
- for (i=0;i<hlen;i++)
- {
- if (CHASH[i]!=DBMASK[i]) comp=false;
- }
-
- for (i=0;i<olen-seedlen-hlen;i++)
- DBMASK[i]=DBMASK[i+hlen];
-
- for (i=0;i<hlen;i++)
- SEED[i]=CHASH[i]=0;
-
- for (k=0;;k++)
- {
- if (k>=olen-seedlen-hlen) return new byte[0];
- if (DBMASK[k]!=0) break;
- }
-
- t=DBMASK[k];
- if (!comp || x!=0 || t!=0x01)
- {
- for (i=0;i<olen-seedlen;i++) DBMASK[i]=0;
- return new byte[0];
- }
-
- byte[] r=new byte[olen-seedlen-hlen-k-1];
-
- for (i=0;i<olen-seedlen-hlen-k-1;i++)
- r[i]=DBMASK[i+k+1];
-
- for (i=0;i<olen-seedlen;i++) DBMASK[i]=0;
-
- return r;
- }
-
- /* destroy the Private Key structure */
- public static void PRIVATE_KEY_KILL(rsa_private_key PRIV)
- {
- PRIV.p.zero();
- PRIV.q.zero();
- PRIV.dp.zero();
- PRIV.dq.zero();
- PRIV.c.zero();
- }
-
- /* RSA encryption with the public key */
- public static void ENCRYPT(rsa_public_key PUB,byte[] F,byte[] G)
- {
- int n=PUB.n.getlen();
- FF f=new FF(n);
- FF.fromBytes(f,F);
- f.power(PUB.e,PUB.n);
- f.toBytes(G);
- }
-
- /* RSA decryption with the private key */
- public static void DECRYPT(rsa_private_key PRIV,byte[] G,byte[] F)
- {
- int n=PRIV.p.getlen();
- FF g=new FF(2*n);
-
- FF.fromBytes(g,G);
- FF jp=g.dmod(PRIV.p);
- FF jq=g.dmod(PRIV.q);
-
- jp.skpow(PRIV.dp,PRIV.p);
- jq.skpow(PRIV.dq,PRIV.q);
-
- g.zero();
- g.dscopy(jp);
- jp.mod(PRIV.q);
- if (FF.comp(jp,jq)>0) jq.add(PRIV.q);
- jq.sub(jp);
- jq.norm();
-
- FF t=FF.mul(PRIV.c,jq);
- jq=t.dmod(PRIV.q);
-
- t=FF.mul(jq,PRIV.p);
- g.add(t);
- g.norm();
-
- g.toBytes(F);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/java/TestECDH.java
----------------------------------------------------------------------
diff --git a/version22/java/TestECDH.java b/version22/java/TestECDH.java
deleted file mode 100644
index 7a556b1..0000000
--- a/version22/java/TestECDH.java
+++ /dev/null
@@ -1,179 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* test driver and function exerciser for ECDH/ECIES/ECDSA API Functions */
-
-public class TestECDH
-{
- public static void printBinary(byte[] array)
- {
- int i;
- for (i=0;i<array.length;i++)
- {
- System.out.printf("%02x", array[i]);
- }
- System.out.println();
- }
-
- public static void main(String[] args)
- {
- int i,j=0,res;
- int result;
- String pp=new String("M0ng00se");
-
- int EGS=ECDH.EGS;
- int EFS=ECDH.EFS;
- int EAS=AES.KS;
- int sha=ECDH.HASH_TYPE;
-
- byte[] S1=new byte[EGS];
- byte[] W0=new byte[2*EFS+1];
- byte[] W1=new byte[2*EFS+1];
- byte[] Z0=new byte[EFS];
- byte[] Z1=new byte[EFS];
- byte[] RAW=new byte[100];
- byte[] SALT=new byte[8];
- byte[] P1=new byte[3];
- byte[] P2=new byte[4];
- byte[] V=new byte[2*EFS+1];
- byte[] M=new byte[17];
- byte[] T=new byte[12];
- byte[] CS=new byte[EGS];
- byte[] DS=new byte[EGS];
-
- RAND rng=new RAND();
-
- rng.clean();
- for (i=0;i<100;i++) RAW[i]=(byte)(i);
-
- rng.seed(100,RAW);
-
-//for (j=0;j<100;j++)
-//{
-
- for (i=0;i<8;i++) SALT[i]=(byte)(i+1); // set Salt
-
- System.out.println("Alice's Passphrase= "+pp);
- byte[] PW=pp.getBytes();
-
-/* private key S0 of size EGS bytes derived from Password and Salt */
-
- byte[] S0=ECDH.PBKDF2(sha,PW,SALT,1000,EGS);
-
- System.out.print("Alice's private key= 0x");
- printBinary(S0);
-
-/* Generate Key pair S/W */
- ECDH.KEY_PAIR_GENERATE(null,S0,W0);
-
- System.out.print("Alice's public key= 0x");
- printBinary(W0);
-
- res=ECDH.PUBLIC_KEY_VALIDATE(true,W0);
- if (res!=0)
- {
- System.out.println("ECP Public Key is invalid!\n");
- return;
- }
-/* Random private key for other party */
- ECDH.KEY_PAIR_GENERATE(rng,S1,W1);
-
- System.out.print("Servers private key= 0x");
- printBinary(S1);
-
- System.out.print("Servers public key= 0x");
- printBinary(W1);
-
-
- res=ECDH.PUBLIC_KEY_VALIDATE(true,W1);
- if (res!=0)
- {
- System.out.print("ECP Public Key is invalid!\n");
- return;
- }
-
-/* Calculate common key using DH - IEEE 1363 method */
-
- ECDH.ECPSVDP_DH(S0,W1,Z0);
- ECDH.ECPSVDP_DH(S1,W0,Z1);
-
- boolean same=true;
- for (i=0;i<EFS;i++)
- if (Z0[i]!=Z1[i]) same=false;
-
- if (!same)
- {
- System.out.println("*** ECPSVDP-DH Failed");
- return;
- }
-
- byte[] KEY=ECDH.KDF2(sha,Z0,null,EAS);
-
- System.out.print("Alice's DH Key= 0x"); printBinary(KEY);
- System.out.print("Servers DH Key= 0x"); printBinary(KEY);
-
- if (ROM.CURVETYPE!=ROM.MONTGOMERY)
- {
- System.out.println("Testing ECIES");
-
- P1[0]=0x0; P1[1]=0x1; P1[2]=0x2;
- P2[0]=0x0; P2[1]=0x1; P2[2]=0x2; P2[3]=0x3;
-
- for (i=0;i<=16;i++) M[i]=(byte)i;
-
- byte[] C=ECDH.ECIES_ENCRYPT(sha,P1,P2,rng,W1,M,V,T);
-
- System.out.println("Ciphertext= ");
- System.out.print("V= 0x"); printBinary(V);
- System.out.print("C= 0x"); printBinary(C);
- System.out.print("T= 0x"); printBinary(T);
-
-
- M=ECDH.ECIES_DECRYPT(sha,P1,P2,V,C,T,S1);
- if (M.length==0)
- {
- System.out.println("*** ECIES Decryption Failed\n");
- return;
- }
- else System.out.println("Decryption succeeded");
-
- System.out.print("Message is 0x"); printBinary(M);
-
- System.out.println("Testing ECDSA");
-
- if (ECDH.ECPSP_DSA(sha,rng,S0,M,CS,DS)!=0)
- {
- System.out.println("***ECDSA Signature Failed");
- return;
- }
- System.out.println("Signature= ");
- System.out.print("C= 0x"); printBinary(CS);
- System.out.print("D= 0x"); printBinary(DS);
-
- if (ECDH.ECPVP_DSA(sha,W0,M,CS,DS)!=0)
- {
- System.out.println("***ECDSA Verification Failed");
- return;
- }
- else System.out.println("ECDSA Signature/Verification succeeded "+j);
-//}
-//System.out.println("Test Completed Successfully");
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/java/TestMPIN.java
----------------------------------------------------------------------
diff --git a/version22/java/TestMPIN.java b/version22/java/TestMPIN.java
deleted file mode 100644
index c021e71..0000000
--- a/version22/java/TestMPIN.java
+++ /dev/null
@@ -1,270 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* test driver and function exerciser for MPIN API Functions */
-
-import java.util.Date;
-import java.util.Scanner;
-
-public class TestMPIN
-{
- static boolean PERMITS=true;
- static boolean PINERROR=true;
- static boolean FULL=true;
- static boolean SINGLE_PASS=false;
-
- static void printBinary(byte[] array)
- {
- int i;
- for (i=0;i<array.length;i++)
- {
- System.out.printf("%02x", array[i]);
- }
- System.out.println();
- }
-
- public static void main(String[] args) {
- RAND rng=new RAND();
- byte[] raw=new byte[100];
- for (int i=0;i<100;i++) raw[i]=(byte)(i+1);
- rng.seed(100,raw);
-
- int EGS=MPIN.EGS;
- int EFS=MPIN.EFS;
- int G1S=2*EFS+1; /* Group 1 Size */
- int G2S=4*EFS; /* Group 2 Size */
- int EAS=16;
-
- int sha=MPIN.HASH_TYPE;
-
- byte[] S = new byte[EGS];
- byte[] SST = new byte[G2S];
- byte[] TOKEN = new byte[G1S];
- byte[] PERMIT = new byte[G1S];
- byte[] SEC = new byte[G1S];
- byte[] xID = new byte[G1S];
- byte[] xCID = new byte[G1S];
- byte[] X= new byte[EGS];
- byte[] Y= new byte[EGS];
- byte[] E=new byte[12*EFS];
- byte[] F=new byte[12*EFS];
- byte[] HID=new byte[G1S];
- byte[] HTID=new byte[G1S];
-
- byte[] G1=new byte[12*EFS];
- byte[] G2=new byte[12*EFS];
- byte[] R=new byte[EGS];
- byte[] Z=new byte[G1S];
- byte[] W=new byte[EGS];
- byte[] T=new byte[G1S];
- byte[] CK=new byte[EAS];
- byte[] SK=new byte[EAS];
-
- byte[] HSID=null;
-
-/* Trusted Authority set-up */
-
- MPIN.RANDOM_GENERATE(rng,S);
- System.out.print("Master Secret s: 0x"); printBinary(S);
-
- /* Create Client Identity */
- String IDstr = "testUser@miracl.com";
- byte[] CLIENT_ID = IDstr.getBytes();
-
- byte[] HCID=MPIN.HASH_ID(sha,CLIENT_ID); /* Either Client or TA calculates Hash(ID) - you decide! */
-
- System.out.print("Client ID Hash= "); printBinary(HCID);
- System.out.print("Client ID= "); printBinary(CLIENT_ID);
-
-/* Client and Server are issued secrets by DTA */
- MPIN.GET_SERVER_SECRET(S,SST);
- System.out.print("Server Secret SS: 0x"); printBinary(SST);
-
- MPIN.GET_CLIENT_SECRET(S,HCID,TOKEN);
- System.out.print("Client Secret CS: 0x");
- printBinary(TOKEN);
-
-/* Client extracts PIN from secret to create Token */
- int pin=1234;
- System.out.println("Client extracts PIN= "+pin);
- int rtn=MPIN.EXTRACT_PIN(sha,CLIENT_ID,pin,TOKEN);
- if (rtn != 0)
- System.out.println("FAILURE: EXTRACT_PIN rtn: " + rtn);
-
- System.out.print("Client Token TK: 0x"); printBinary(TOKEN);
-
- if (FULL)
- {
- MPIN.PRECOMPUTE(TOKEN,HCID,G1,G2);
- }
- int date;
- if (PERMITS)
- {
- date=MPIN.today();
-/* Client gets "Time Token" permit from DTA */
- MPIN.GET_CLIENT_PERMIT(sha,date,S,HCID,PERMIT);
- System.out.print("Time Permit TP: 0x"); printBinary(PERMIT);
-
-/* This encoding makes Time permit look random - Elligator squared */
- MPIN.ENCODING(rng,PERMIT);
- System.out.print("Encoded Time Permit TP: 0x"); printBinary(PERMIT);
- MPIN.DECODING(PERMIT);
- System.out.print("Decoded Time Permit TP: 0x"); printBinary(PERMIT);
- }
- else date=0;
-
- System.out.print("\nPIN= ");
- Scanner scan=new Scanner(System.in);
- pin=scan.nextInt();
-
-/* Set date=0 and PERMIT=null if time permits not in use
-
-Client First pass: Inputs CLIENT_ID, optional RNG, pin, TOKEN and PERMIT. Output xID =x .H(CLIENT_ID) and re-combined secret SEC
-If PERMITS are is use, then date!=0 and PERMIT is added to secret and xCID = x.(H(CLIENT_ID)+H(date|H(CLIENT_ID)))
-Random value x is supplied externally if RNG=null, otherwise generated and passed out by RNG
-
-IMPORTANT: To save space and time..
-If Time Permits OFF set xCID = null, HTID=null and use xID and HID only
-If Time permits are ON, AND pin error detection is required then all of xID, xCID, HID and HTID are required
-If Time permits are ON, AND pin error detection is NOT required, set xID=null, HID=null and use xCID and HTID only.
-
-
-*/
-
- byte[] pxID=xID;
- byte[] pxCID=xCID;
- byte[] pHID=HID;
- byte[] pHTID=HTID;
- byte[] pE=E;
- byte[] pF=F;
- byte[] pPERMIT=PERMIT;
- byte[] prHID;
-
- if (date!=0)
- {
-
- prHID=pHTID;
- if (!PINERROR)
- {
- pxID=null;
- // pHID=null; // new
- }
- }
- else
- {
- prHID=pHID;
- pPERMIT=null;
- pxCID=null;
- pHTID=null;
- }
- if (!PINERROR)
- {
- pE=null;
- pF=null;
- }
-
- if (SINGLE_PASS)
- {
- System.out.println("MPIN Single Pass");
- int timeValue = MPIN.GET_TIME();
- rtn=MPIN.CLIENT(sha,date,CLIENT_ID,rng,X,pin,TOKEN,SEC,pxID,pxCID,pPERMIT,timeValue,Y);
- if (rtn != 0)
- System.out.println("FAILURE: CLIENT rtn: " + rtn);
-
- if (FULL)
- {
- HCID=MPIN.HASH_ID(sha,CLIENT_ID);
- MPIN.GET_G1_MULTIPLE(rng,1,R,HCID,Z); /* Also Send Z=r.ID to Server, remember random r */
- }
-
- rtn=MPIN.SERVER(sha,date,pHID,pHTID,Y,SST,pxID,pxCID,SEC,pE,pF,CLIENT_ID,timeValue);
- if (rtn != 0)
- System.out.println("FAILURE: SERVER rtn: " + rtn);
-
- if (FULL)
- {
- HSID=MPIN.HASH_ID(sha,CLIENT_ID);
- MPIN.GET_G1_MULTIPLE(rng,0,W,prHID,T); /* Also send T=w.ID to client, remember random w */
- }
- }
- else
- {
- System.out.println("MPIN Multi Pass");
- /* Send U=x.ID to server, and recreate secret from token and pin */
- rtn=MPIN.CLIENT_1(sha,date,CLIENT_ID,rng,X,pin,TOKEN,SEC,pxID,pxCID,pPERMIT);
- if (rtn != 0)
- System.out.println("FAILURE: CLIENT_1 rtn: " + rtn);
-
- if (FULL)
- {
- HCID=MPIN.HASH_ID(sha,CLIENT_ID);
- MPIN.GET_G1_MULTIPLE(rng,1,R,HCID,Z); /* Also Send Z=r.ID to Server, remember random r */
- }
-
- /* Server calculates H(ID) and H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. */
- MPIN.SERVER_1(sha,date,CLIENT_ID,pHID,pHTID);
-
- /* Server generates Random number Y and sends it to Client */
- MPIN.RANDOM_GENERATE(rng,Y);
-
- if (FULL)
- {
- HSID=MPIN.HASH_ID(sha,CLIENT_ID);
- MPIN.GET_G1_MULTIPLE(rng,0,W,prHID,T); /* Also send T=w.ID to client, remember random w */
- }
-
- /* Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC */
- rtn=MPIN.CLIENT_2(X,Y,SEC);
- if (rtn != 0)
- System.out.println("FAILURE: CLIENT_2 rtn: " + rtn);
-
- /* Server Second pass. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error. */
- /* If PIN error not required, set E and F = null */
-
- rtn=MPIN.SERVER_2(date,pHID,pHTID,Y,SST,pxID,pxCID,SEC,pE,pF);
-
- if (rtn != 0)
- System.out.println("FAILURE: SERVER_2 rtn: " + rtn);
- }
-
- if (rtn == MPIN.BAD_PIN)
- {
- System.out.println("Server says - Bad Pin. I don't know you. Feck off.\n");
- if (PINERROR)
- {
- int err=MPIN.KANGAROO(E,F);
- if (err!=0) System.out.format("(Client PIN is out by %d)\n",err);
- }
- return;
- }
- else System.out.println("Server says - PIN is good! You really are "+IDstr);
-
-
- if (FULL)
- {
- byte[] H=MPIN.HASH_ALL(sha,HCID,pxID,pxCID,SEC,Y,Z,T);
- MPIN.CLIENT_KEY(sha,G1,G2,pin,R,X,H,T,CK);
- System.out.print("Client Key = 0x"); printBinary(CK);
-
- H=MPIN.HASH_ALL(sha,HSID,pxID,pxCID,SEC,Y,Z,T);
- MPIN.SERVER_KEY(sha,Z,SST,W,H,pHID,pxID,pxCID,SK);
- System.out.print("Server Key = 0x"); printBinary(SK);
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/java/TestRSA.java
----------------------------------------------------------------------
diff --git a/version22/java/TestRSA.java b/version22/java/TestRSA.java
deleted file mode 100644
index d5ac5d3..0000000
--- a/version22/java/TestRSA.java
+++ /dev/null
@@ -1,92 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* test driver and function exerciser for RSA API Functions */
-
-public class TestRSA
-{
- public static void main(String[] args)
- {
- int i;
- int RFS=RSA.RFS;
- int sha=RSA.HASH_TYPE;
-
- String message="Hello World\n";
-
- rsa_public_key pub=new rsa_public_key(ROM.FFLEN);
- rsa_private_key priv=new rsa_private_key(ROM.HFLEN);
-
- byte[] ML=new byte[RFS];
- byte[] C=new byte[RFS];
- byte[] S=new byte[RFS];
- byte[] RAW=new byte[100];
-
- RAND rng=new RAND();
-
- rng.clean();
- for (i=0;i<100;i++) RAW[i]=(byte)(i);
-
- rng.seed(100,RAW);
-
-//for (i=0;i<10;i++)
-//{
- System.out.println("Generating public/private key pair");
- RSA.KEY_PAIR(rng,65537,priv,pub);
-
- byte[] M=message.getBytes();
- System.out.print("Encrypting test string\n");
-
-
- byte[] E=RSA.OAEP_ENCODE(sha,M,rng,null); /* OAEP encode message M to E */
-
- if (E.length==0) System.out.println("Encoding failed\n");
-
- RSA.ENCRYPT(pub,E,C); /* encrypt encoded message */
- System.out.print("Ciphertext= 0x"); RSA.printBinary(C);
-
- System.out.print("Decrypting test string\n");
- RSA.DECRYPT(priv,C,ML);
- byte[] MS=RSA.OAEP_DECODE(sha,null,ML); /* OAEP decode message */
-
- message=new String(MS);
- System.out.print(message);
-//}
-
- System.out.println("Signing message");
- RSA.PKCS15(sha,M,C);
-
- RSA.DECRYPT(priv,C,S); /* create signature in S */
-
- System.out.print("Signature= 0x"); RSA.printBinary(S);
-
- RSA.ENCRYPT(pub,S,ML);
-
- boolean cmp=true;
- if (C.length!=ML.length) cmp=false;
- else
- {
- for (int j=0;j<C.length;j++)
- if (C[j]!=ML[j]) cmp=false;
- }
- if (cmp) System.out.println("Signature is valid");
- else System.out.println("Signature is INVALID");
-
- RSA.PRIVATE_KEY_KILL(priv);
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/java/readme.txt
----------------------------------------------------------------------
diff --git a/version22/java/readme.txt b/version22/java/readme.txt
deleted file mode 100644
index 21180c9..0000000
--- a/version22/java/readme.txt
+++ /dev/null
@@ -1,61 +0,0 @@
-AMCL is very simple to build for Java.
-
-The first decision is whether to do a 32-bit or 64-bit build. In general a
-64-bit build will probably be faster if both your processor and operating
-system are 64-bit. Otherwise a 32-bit build is probably best.
-
-For a 32-bit build, copy BIG32.java, DBIG32.java and ROM32.java to BIG.java,
-DBIG.java and ROM.java respectively.
-
-For a 64-bit build, copy BIG64.java, DBIG64.java and ROM64.java to BIG.java,
-DBIG.java and ROM.java respectively.
-
-Next - decide the modulus type and curve type you want to use. Edit ROM.java
-where indicated. You might want to use one of the curves whose details are
-already in there.
-
-Three example API files are provided, MPIN.java which
-supports our M-Pin (tm) protocol, ECDH.java which supports elliptic
-curve key exchange, digital signature and public key crypto, and RSA.java
-which supports the RSA method. The first can be tested using the
-TestMPIN.java driver programs, the second can be tested using TestECDH.java,
-and the third with TestRSA.java
-
-In the ROM.java file you must provide the curve constants. Several examples
-are provided there, if you are willing to use one of these.
-
-To help generate the ROM constants for your own curve some MIRACL helper
-programs are included. The programs bngen.cpp and blsgen.cpp generate ROM
-data for a BN and BLS pairing friendly curves, and the program ecgen.cpp
-generates ROM data for regular EC curves.
-
-The MIRACL based program check.cpp helps choose the best number base for
-big number representation, given the word-length and the size of the modulus.
-
-The program bigtobig.cpp converts a big number to the AMCL
-BIG format.
-
-Don't forget to delete all .class files before rebuilding projects.
-
-For a quick jumpstart:-
-
-del *.class
-javac TestECDH.java
-java TestECDH
-
-del *.class
-javac TestRSA.java
-java TestRSA
-
-del *.class
-javac TestMPIN.java
-java TestMPIN
-
-del *.class
-javac BenchtestEC.java
-java BenchtestEC
-
-del *.class
-javac BenchtestPAIR.java
-java BenchtestPAIR
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/java/rsa_private_key.java
----------------------------------------------------------------------
diff --git a/version22/java/rsa_private_key.java b/version22/java/rsa_private_key.java
deleted file mode 100644
index 3500dce..0000000
--- a/version22/java/rsa_private_key.java
+++ /dev/null
@@ -1,13 +0,0 @@
-public final class rsa_private_key
-{
- public FF p,q,dp,dq,c;
-
- public rsa_private_key(int n)
- {
- p=new FF(n);
- q=new FF(n);
- dp=new FF(n);
- dq=new FF(n);
- c=new FF(n);
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/java/rsa_public_key.java
----------------------------------------------------------------------
diff --git a/version22/java/rsa_public_key.java b/version22/java/rsa_public_key.java
deleted file mode 100644
index 10491fc..0000000
--- a/version22/java/rsa_public_key.java
+++ /dev/null
@@ -1,11 +0,0 @@
-public final class rsa_public_key
-{
- public int e;
- public FF n;
-
- public rsa_public_key(int m)
- {
- e=0;
- n=new FF(m);
- }
-}
[09/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/pair256.c
----------------------------------------------------------------------
diff --git a/version3/c/pair256.c b/version3/c/pair256.c
deleted file mode 100644
index 5608372..0000000
--- a/version3/c/pair256.c
+++ /dev/null
@@ -1,864 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL BLS Curve pairing functions */
-
-//#define HAS_MAIN
-
-#include "pair256_ZZZ.h"
-
-/* Line function */
-static void PAIR_ZZZ_line(FP48_YYY *v,ECP8_ZZZ *A,ECP8_ZZZ *B,FP_YYY *Qx,FP_YYY *Qy)
-{
- //FP2_YYY t;
-
- FP8_YYY X1,Y1,T1,T2;
- FP8_YYY XX,YY,ZZ,YZ;
- FP16_YYY a,b,c;
-
- if (A==B)
- {
- /* doubling */
- FP8_YYY_copy(&XX,&(A->x)); //FP8_YYY XX=new FP8_YYY(A.getx()); //X
- FP8_YYY_copy(&YY,&(A->y)); //FP8_YYY YY=new FP8_YYY(A.gety()); //Y
- FP8_YYY_copy(&ZZ,&(A->z)); //FP8_YYY ZZ=new FP8_YYY(A.getz()); //Z
-
-
- FP8_YYY_copy(&YZ,&YY); //FP8_YYY YZ=new FP8_YYY(YY); //Y
- FP8_YYY_mul(&YZ,&YZ,&ZZ); //YZ.mul(ZZ); //YZ
- FP8_YYY_sqr(&XX,&XX); //XX.sqr(); //X^2
- FP8_YYY_sqr(&YY,&YY); //YY.sqr(); //Y^2
- FP8_YYY_sqr(&ZZ,&ZZ); //ZZ.sqr(); //Z^2
-
- FP8_YYY_imul(&YZ,&YZ,4); //YZ.imul(4);
- FP8_YYY_neg(&YZ,&YZ); //YZ.neg();
- FP8_YYY_norm(&YZ); //YZ.norm(); //-4YZ
-
- FP8_YYY_imul(&XX,&XX,6); //6X^2
- //FP2_YYY_from_FP(&t,Qx);
- FP8_YYY_tmul(&XX,&XX,Qx); //6X^2.Xs
-
- FP8_YYY_imul(&ZZ,&ZZ,3*CURVE_B_I_ZZZ); //3Bz^2
- //FP2_YYY_from_FP(&t,Qy);
- FP8_YYY_tmul(&YZ,&YZ,Qy); //-4YZ.Ys
-
-#if SEXTIC_TWIST_ZZZ==D_TYPE
- FP8_YYY_div_2i(&ZZ); //6(b/i)z^2
-#endif
-#if SEXTIC_TWIST_ZZZ==M_TYPE
- FP8_YYY_times_i(&ZZ);
- FP8_YYY_add(&ZZ,&ZZ,&ZZ); // 6biz^2
- FP8_YYY_times_i(&YZ);
- FP8_YYY_norm(&YZ);
-#endif
- FP8_YYY_norm(&ZZ); // 6bi.Z^2
-
- FP8_YYY_add(&YY,&YY,&YY); // 2y^2
- FP8_YYY_sub(&ZZ,&ZZ,&YY); //
- FP8_YYY_norm(&ZZ); // 6b.Z^2-2Y^2
-
- FP16_YYY_from_FP8s(&a,&YZ,&ZZ); // -4YZ.Ys | 6b.Z^2-2Y^2 | 6X^2.Xs
-#if SEXTIC_TWIST_ZZZ==D_TYPE
- FP16_YYY_from_FP8(&b,&XX);
- FP16_YYY_zero(&c);
-#endif
-#if SEXTIC_TWIST_ZZZ==M_TYPE
- FP16_YYY_zero(&b);
- FP16_YYY_from_FP8H(&c,&XX);
-#endif
-
- ECP8_ZZZ_dbl(A); //A.dbl();
- }
- else
- {
- /* addition */
-
- FP8_YYY_copy(&X1,&(A->x)); //FP8_YYY X1=new FP8_YYY(A.getx()); // X1
- FP8_YYY_copy(&Y1,&(A->y)); //FP8_YYY Y1=new FP8_YYY(A.gety()); // Y1
- FP8_YYY_copy(&T1,&(A->z)); //FP8_YYY T1=new FP8_YYY(A.getz()); // Z1
-
- FP8_YYY_copy(&T2,&T1); //FP8_YYY T2=new FP8_YYY(A.getz()); // Z1
-
- FP8_YYY_mul(&T1,&T1,&(B->y)); //T1.mul(B.gety()); // T1=Z1.Y2
- FP8_YYY_mul(&T2,&T2,&(B->x)); //T2.mul(B.getx()); // T2=Z1.X2
-
- FP8_YYY_sub(&X1,&X1,&T2); //X1.sub(T2);
- FP8_YYY_norm(&X1); //X1.norm(); // X1=X1-Z1.X2
- FP8_YYY_sub(&Y1,&Y1,&T1); //Y1.sub(T1);
- FP8_YYY_norm(&Y1); //Y1.norm(); // Y1=Y1-Z1.Y2
-
- FP8_YYY_copy(&T1,&X1); //T1.copy(X1); // T1=X1-Z1.X2
- //FP2_YYY_from_FP(&t,Qy);
- FP8_YYY_tmul(&X1,&X1,Qy); //X1.pmul(Qy); // X1=(X1-Z1.X2).Ys
-#if SEXTIC_TWIST_ZZZ==M_TYPE
- FP8_YYY_times_i(&X1);
- FP8_YYY_norm(&X1);
-#endif
-
- FP8_YYY_mul(&T1,&T1,&(B->y)); //T1.mul(B.gety()); // T1=(X1-Z1.X2).Y2
-
- FP8_YYY_copy(&T2,&Y1); //T2.copy(Y1); // T2=Y1-Z1.Y2
- FP8_YYY_mul(&T2,&T2,&(B->x)); //T2.mul(B.getx()); // T2=(Y1-Z1.Y2).X2
- FP8_YYY_sub(&T2,&T2,&T1); //T2.sub(T1);
- FP8_YYY_norm(&T2); //T2.norm(); // T2=(Y1-Z1.Y2).X2 - (X1-Z1.X2).Y2
- //FP2_YYY_from_FP(&t,Qx);
- FP8_YYY_tmul(&Y1,&Y1,Qx); //Y1.pmul(Qx);
- FP8_YYY_neg(&Y1,&Y1); //Y1.neg();
- FP8_YYY_norm(&Y1); //Y1.norm(); // Y1=-(Y1-Z1.Y2).Xs
-
- FP16_YYY_from_FP8s(&a,&X1,&T2); // (X1-Z1.X2).Ys | (Y1-Z1.Y2).X2 - (X1-Z1.X2).Y2 | - (Y1-Z1.Y2).Xs
-#if SEXTIC_TWIST_ZZZ==D_TYPE
- FP16_YYY_from_FP8(&b,&Y1); //b=new FP4(Y1);
- FP16_YYY_zero(&c);
-#endif
-#if SEXTIC_TWIST_ZZZ==M_TYPE
- FP16_YYY_zero(&b);
- FP16_YYY_from_FP8H(&c,&Y1); //b=new FP4(Y1);
-#endif
- ECP8_ZZZ_add(A,B); // A.add(B);
- }
-
- FP48_YYY_from_FP16s(v,&a,&b,&c);
-}
-
-/* Optimal R-ate pairing r=e(P,Q) */
-void PAIR_ZZZ_ate(FP48_YYY *r,ECP8_ZZZ *P1,ECP_ZZZ *Q1)
-{
- BIG_XXX x,n,n3;
- FP_YYY Qx,Qy;
- int i,j,nb,bt;
- ECP8_ZZZ A,NP,P;
- ECP_ZZZ Q;
- FP48_YYY lv;
-
- BIG_XXX_rcopy(x,CURVE_Bnx_ZZZ);
-
- BIG_XXX_copy(n,x);
-
- //BIG_XXX_norm(n);
- BIG_XXX_pmul(n3,n,3);
- BIG_XXX_norm(n3);
-
- ECP8_ZZZ_copy(&P,P1);
- ECP_ZZZ_copy(&Q,Q1);
-
- ECP8_ZZZ_affine(&P);
- ECP_ZZZ_affine(&Q);
-
-
- FP_YYY_copy(&Qx,&(Q.x));
- FP_YYY_copy(&Qy,&(Q.y));
-
- ECP8_ZZZ_copy(&A,&P);
- ECP8_ZZZ_copy(&NP,&P); ECP8_ZZZ_neg(&NP);
-
- FP48_YYY_one(r);
- nb=BIG_XXX_nbits(n3); // n3
-
- j=0;
- /* Main Miller Loop */
- for (i=nb-2; i>=1; i--)
- {
- j++;
- FP48_YYY_sqr(r,r);
- PAIR_ZZZ_line(&lv,&A,&A,&Qx,&Qy);
- FP48_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
-//printf("r= "); FP48_YYY_output(r); printf("\n");
-//if (j>3) exit(0);
- bt= BIG_XXX_bit(n3,i)-BIG_XXX_bit(n,i); // BIG_XXX_bit(n,i);
- if (bt==1)
- {
-//printf("bt=1\n");
- PAIR_ZZZ_line(&lv,&A,&P,&Qx,&Qy);
- FP48_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
- }
- if (bt==-1)
- {
-//printf("bt=-1\n");
- //ECP8_ZZZ_neg(P);
- PAIR_ZZZ_line(&lv,&A,&NP,&Qx,&Qy);
- FP48_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
- //ECP8_ZZZ_neg(P);
- }
-
- }
-
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- FP48_YYY_conj(r,r);
-#endif
-
-}
-
-/* Optimal R-ate double pairing e(P,Q).e(R,S) */
-void PAIR_ZZZ_double_ate(FP48_YYY *r,ECP8_ZZZ *P1,ECP_ZZZ *Q1,ECP8_ZZZ *R1,ECP_ZZZ *S1)
-{
- BIG_XXX x,n,n3;
- FP_YYY Qx,Qy,Sx,Sy;
- int i,nb,bt;
- ECP8_ZZZ A,B,NP,NR,P,R;
- ECP_ZZZ Q,S;
- FP48_YYY lv;
-
- BIG_XXX_rcopy(x,CURVE_Bnx_ZZZ);
- BIG_XXX_copy(n,x);
-
- //BIG_XXX_norm(n);
- BIG_XXX_pmul(n3,n,3);
- BIG_XXX_norm(n3);
-
- ECP8_ZZZ_copy(&P,P1);
- ECP_ZZZ_copy(&Q,Q1);
-
- ECP8_ZZZ_affine(&P);
- ECP_ZZZ_affine(&Q);
-
- ECP8_ZZZ_copy(&R,R1);
- ECP_ZZZ_copy(&S,S1);
-
- ECP8_ZZZ_affine(&R);
- ECP_ZZZ_affine(&S);
-
- FP_YYY_copy(&Qx,&(Q.x));
- FP_YYY_copy(&Qy,&(Q.y));
-
- FP_YYY_copy(&Sx,&(S.x));
- FP_YYY_copy(&Sy,&(S.y));
-
- ECP8_ZZZ_copy(&A,&P);
- ECP8_ZZZ_copy(&B,&R);
- ECP8_ZZZ_copy(&NP,&P); ECP8_ZZZ_neg(&NP);
- ECP8_ZZZ_copy(&NR,&R); ECP8_ZZZ_neg(&NR);
-
-
- FP48_YYY_one(r);
- nb=BIG_XXX_nbits(n3);
-
- /* Main Miller Loop */
- for (i=nb-2; i>=1; i--)
- {
- FP48_YYY_sqr(r,r);
- PAIR_ZZZ_line(&lv,&A,&A,&Qx,&Qy);
- FP48_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
-
- PAIR_ZZZ_line(&lv,&B,&B,&Sx,&Sy);
- FP48_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
-
- bt=BIG_XXX_bit(n3,i)-BIG_XXX_bit(n,i); // bt=BIG_XXX_bit(n,i);
- if (bt==1)
- {
- PAIR_ZZZ_line(&lv,&A,&P,&Qx,&Qy);
- FP48_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
-
- PAIR_ZZZ_line(&lv,&B,&R,&Sx,&Sy);
- FP48_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
- }
- if (bt==-1)
- {
- //ECP8_ZZZ_neg(P);
- PAIR_ZZZ_line(&lv,&A,&NP,&Qx,&Qy);
- FP48_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
- //ECP8_ZZZ_neg(P);
- //ECP8_ZZZ_neg(R);
- PAIR_ZZZ_line(&lv,&B,&NR,&Sx,&Sy);
- FP48_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
- //ECP8_ZZZ_neg(R);
- }
- }
-
-
-
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- FP48_YYY_conj(r,r);
-#endif
-
-}
-
-/* final exponentiation - keep separate for multi-pairings and to avoid thrashing stack */
-
-void PAIR_ZZZ_fexp(FP48_YYY *r)
-{
- FP2_YYY X;
- BIG_XXX x;
- FP_YYY a,b;
- FP48_YYY t1,t2,t3,t7;
-
- BIG_XXX_rcopy(x,CURVE_Bnx_ZZZ);
- FP_YYY_rcopy(&a,Fra_YYY);
- FP_YYY_rcopy(&b,Frb_YYY);
- FP2_YYY_from_FPs(&X,&a,&b);
-
- /* Easy part of final exp - r^(p^24-1)(p^8+1)*/
-
- FP48_YYY_inv(&t7,r);
- FP48_YYY_conj(r,r);
-
- FP48_YYY_mul(r,&t7);
- FP48_YYY_copy(&t7,r);
-
- FP48_YYY_frob(r,&X,8);
-
- FP48_YYY_mul(r,&t7);
-
-// Ghamman & Fouotsa Method for hard part of fexp - r^e1 . r^p^e2 . r^p^2^e3 ..
-
-// e0 = u^17 - 2*u^16 + u^15 - u^9 + 2*u^8 - u^7 + 3 // .p^0
-// e1 = u^16 - 2*u^15 + u^14 - u^8 + 2*u^7 - u^6 // .p^1
-// e2 = u^15 - 2*u^14 + u^13 - u^7 + 2*u^6 - u^5
-// e3 = u^14 - 2*u^13 + u^12 - u^6 + 2*u^5 - u^4
-// e4 = u^13 - 2*u^12 + u^11 - u^5 + 2*u^4 - u^3
-// e5 = u^12 - 2*u^11 + u^10 - u^4 + 2*u^3 - u^2
-// e6 = u^11 - 2*u^10 + u^9 - u^3 + 2*u^2 - u
-// e7 = u^10 - 2*u^9 + u^8 - u^2 + 2*u - 1
-// e8 = u^9 - 2*u^8 + u^7
-// e9 = u^8 - 2*u^7 + u^6
-// e10 = u^7 - 2*u^6 + u^5
-// e11 = u^6 - 2*u^5 + u^4
-// e12 = u^5 - 2*u^4 + u^3
-// e13 = u^4 - 2*u^3 + u^2
-// e14 = u^3 - 2*u^2 + u
-// e15 = u^2 - 2*u + 1
-
-// e15 = u^2-2*u+1
-// e14 = u.e15
-// e13 = u.e14
-// e12 = u.e13
-// e11 = u.e12
-// e10 = u.e11
-// e9 = u.e10
-// e8 = u.e9
-// e7 = u.e8 - e15
-// e6 = u.e7
-// e5 = u.e6
-// e4 = u.e5
-// e3 = u.e4
-// e2 = u.e3
-// e1 = u.e2
-// e0 = u.e1 + 3
-
-// f^e0.f^e1^p.f^e2^p^2.. .. f^e14^p^14.f^e15^p^15
-
- FP48_YYY_usqr(&t7,r); // t7=f^2
- FP48_YYY_pow(&t1,&t7,x); // t1=f^2u
-
- BIG_XXX_fshr(x,1);
- FP48_YYY_pow(&t2,&t1,x); // t2=f^2u^(u/2) = f^u^2
- BIG_XXX_fshl(x,1); // x must be even
-
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- FP48_YYY_conj(&t1,&t1);
-#endif
-
- FP48_YYY_conj(&t3,&t1); // t3=f^-2u
- FP48_YYY_mul(&t2,&t3); // t2=f^u^2.f^-2u
- FP48_YYY_mul(&t2,r); // t2=f^u^2.f^-2u.f = f^(u^2-2u+1) = f^e15
-
- FP48_YYY_mul(r,&t7); // f^3
-
- FP48_YYY_pow(&t1,&t2,x); // f^e15^u = f^(u.e15) = f^(u^3-2u^2+u) = f^(e14)
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- FP48_YYY_conj(&t1,&t1);
-#endif
- FP48_YYY_copy(&t3,&t1);
- FP48_YYY_frob(&t3,&X,14); // f^(u^3-2u^2+u)^p^14
- FP48_YYY_mul(r,&t3); // f^3.f^(u^3-2u^2+u)^p^14
-
- FP48_YYY_pow(&t1,&t1,x); // f^(u.e14) = f^(u^4-2u^3+u^2) = f^(e13)
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- FP48_YYY_conj(&t1,&t1);
-#endif
- FP48_YYY_copy(&t3,&t1);
- FP48_YYY_frob(&t3,&X,13); // f^(e13)^p^13
- FP48_YYY_mul(r,&t3); // f^3.f^(u^3-2u^2+u)^p^14.f^(u^4-2u^3+u^2)^p^13
-
- FP48_YYY_pow(&t1,&t1,x); // f^(u.e13)
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- FP48_YYY_conj(&t1,&t1);
-#endif
- FP48_YYY_copy(&t3,&t1);
- FP48_YYY_frob(&t3,&X,12); // f^(e12)^p^12
- FP48_YYY_mul(r,&t3);
-
- FP48_YYY_pow(&t1,&t1,x); // f^(u.e12)
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- FP48_YYY_conj(&t1,&t1);
-#endif
- FP48_YYY_copy(&t3,&t1);
- FP48_YYY_frob(&t3,&X,11); // f^(e11)^p^11
- FP48_YYY_mul(r,&t3);
-
- FP48_YYY_pow(&t1,&t1,x); // f^(u.e11)
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- FP48_YYY_conj(&t1,&t1);
-#endif
- FP48_YYY_copy(&t3,&t1);
- FP48_YYY_frob(&t3,&X,10); // f^(e10)^p^10
- FP48_YYY_mul(r,&t3);
-
- FP48_YYY_pow(&t1,&t1,x); // f^(u.e10)
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- FP48_YYY_conj(&t1,&t1);
-#endif
- FP48_YYY_copy(&t3,&t1);
- FP48_YYY_frob(&t3,&X,9); // f^(e9)^p^9
- FP48_YYY_mul(r,&t3);
-
- FP48_YYY_pow(&t1,&t1,x); // f^(u.e9)
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- FP48_YYY_conj(&t1,&t1);
-#endif
- FP48_YYY_copy(&t3,&t1);
- FP48_YYY_frob(&t3,&X,8); // f^(e8)^p^8
- FP48_YYY_mul(r,&t3);
-
- FP48_YYY_pow(&t1,&t1,x); // f^(u.e8)
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- FP48_YYY_conj(&t1,&t1);
-#endif
- FP48_YYY_conj(&t3,&t2);
- FP48_YYY_mul(&t1,&t3); // f^(u.e8).f^-e15
- FP48_YYY_copy(&t3,&t1);
- FP48_YYY_frob(&t3,&X,7); // f^(e7)^p^7
- FP48_YYY_mul(r,&t3);
-
- FP48_YYY_pow(&t1,&t1,x); // f^(u.e7)
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- FP48_YYY_conj(&t1,&t1);
-#endif
- FP48_YYY_copy(&t3,&t1);
- FP48_YYY_frob(&t3,&X,6); // f^(e6)^p^6
- FP48_YYY_mul(r,&t3);
-
- FP48_YYY_pow(&t1,&t1,x); // f^(u.e6)
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- FP48_YYY_conj(&t1,&t1);
-#endif
- FP48_YYY_copy(&t3,&t1);
- FP48_YYY_frob(&t3,&X,5); // f^(e5)^p^5
- FP48_YYY_mul(r,&t3);
-
- FP48_YYY_pow(&t1,&t1,x); // f^(u.e5)
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- FP48_YYY_conj(&t1,&t1);
-#endif
- FP48_YYY_copy(&t3,&t1);
- FP48_YYY_frob(&t3,&X,4); // f^(e4)^p^4
- FP48_YYY_mul(r,&t3);
-
- FP48_YYY_pow(&t1,&t1,x); // f^(u.e4)
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- FP48_YYY_conj(&t1,&t1);
-#endif
- FP48_YYY_copy(&t3,&t1);
- FP48_YYY_frob(&t3,&X,3); // f^(e3)^p^3
- FP48_YYY_mul(r,&t3);
-
- FP48_YYY_pow(&t1,&t1,x); // f^(u.e3)
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- FP48_YYY_conj(&t1,&t1);
-#endif
- FP48_YYY_copy(&t3,&t1);
- FP48_YYY_frob(&t3,&X,2); // f^(e2)^p^2
- FP48_YYY_mul(r,&t3);
-
- FP48_YYY_pow(&t1,&t1,x); // f^(u.e2)
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- FP48_YYY_conj(&t1,&t1);
-#endif
- FP48_YYY_copy(&t3,&t1);
- FP48_YYY_frob(&t3,&X,1); // f^(e1)^p^1
- FP48_YYY_mul(r,&t3);
-
- FP48_YYY_pow(&t1,&t1,x); // f^(u.e1)
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- FP48_YYY_conj(&t1,&t1);
-#endif
- FP48_YYY_mul(r,&t1); // r.f^e0
-
- FP48_YYY_frob(&t2,&X,15); // f^(e15.p^15)
- FP48_YYY_mul(r,&t2);
-
-
- FP48_YYY_reduce(r);
-
-}
-
-#ifdef USE_GLV_ZZZ
-/* GLV method */
-static void glv(BIG_XXX u[2],BIG_XXX e)
-{
-
-// -(x^8).P = (Beta.x,y)
-
- BIG_XXX x,x2,q;
- BIG_XXX_rcopy(x,CURVE_Bnx_ZZZ);
-
- BIG_XXX_smul(x2,x,x);
- BIG_XXX_smul(x,x2,x2);
- BIG_XXX_smul(x2,x,x);
-
- BIG_XXX_copy(u[0],e);
- BIG_XXX_mod(u[0],x2);
- BIG_XXX_copy(u[1],e);
- BIG_XXX_sdiv(u[1],x2);
-
- BIG_XXX_rcopy(q,CURVE_Order_ZZZ);
- BIG_XXX_sub(u[1],q,u[1]);
-
-
- return;
-}
-#endif // USE_GLV
-
-/* Galbraith & Scott Method */
-static void gs(BIG_XXX u[16],BIG_XXX e)
-{
- int i;
-
- BIG_XXX x,w,q;
- BIG_XXX_rcopy(q,CURVE_Order_ZZZ);
- BIG_XXX_rcopy(x,CURVE_Bnx_ZZZ);
- BIG_XXX_copy(w,e);
-
- for (i=0; i<15; i++)
- {
- BIG_XXX_copy(u[i],w);
- BIG_XXX_mod(u[i],x);
- BIG_XXX_sdiv(w,x);
- }
- BIG_XXX_copy(u[15],w);
-
-/* */
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- BIG_XXX_modneg(u[1],u[1],q);
- BIG_XXX_modneg(u[3],u[3],q);
- BIG_XXX_modneg(u[5],u[5],q);
- BIG_XXX_modneg(u[7],u[7],q);
- BIG_XXX_modneg(u[9],u[9],q);
- BIG_XXX_modneg(u[11],u[11],q);
- BIG_XXX_modneg(u[13],u[13],q);
- BIG_XXX_modneg(u[15],u[15],q);
-#endif
-
-
- return;
-}
-
-/* Multiply P by e in group G1 */
-void PAIR_ZZZ_G1mul(ECP_ZZZ *P,BIG_XXX e)
-{
-#ifdef USE_GLV_ZZZ /* Note this method is patented */
- int np,nn;
- ECP_ZZZ Q;
- FP_YYY cru;
- BIG_XXX t,q;
- BIG_XXX u[2];
-
- BIG_XXX_rcopy(q,CURVE_Order_ZZZ);
- glv(u,e);
-
- //ECP_ZZZ_affine(P);
- ECP_ZZZ_copy(&Q,P); ECP_ZZZ_affine(&Q);
- FP_YYY_rcopy(&cru,CURVE_Cru_ZZZ);
- FP_YYY_mul(&(Q.x),&(Q.x),&cru);
-
- /* note that -a.B = a.(-B). Use a or -a depending on which is smaller */
-
- np=BIG_XXX_nbits(u[0]);
- BIG_XXX_modneg(t,u[0],q);
- nn=BIG_XXX_nbits(t);
- if (nn<np)
- {
- BIG_XXX_copy(u[0],t);
- ECP_ZZZ_neg(P);
- }
-
- np=BIG_XXX_nbits(u[1]);
- BIG_XXX_modneg(t,u[1],q);
- nn=BIG_XXX_nbits(t);
- if (nn<np)
- {
- BIG_XXX_copy(u[1],t);
- ECP_ZZZ_neg(&Q);
- }
- BIG_XXX_norm(u[0]);
- BIG_XXX_norm(u[1]);
- ECP_ZZZ_mul2(P,&Q,u[0],u[1]);
-
-#else
- ECP_ZZZ_mul(P,e);
-#endif
-}
-
-/* Multiply P by e in group G2 */
-void PAIR_ZZZ_G2mul(ECP8_ZZZ *P,BIG_XXX e)
-{
-#ifdef USE_GS_G2_ZZZ /* Well I didn't patent it :) */
- int i,np,nn;
- ECP8_ZZZ Q[16];
- FP2_YYY X[3];
- BIG_XXX x,y,u[16];
-
- ECP8_ZZZ_frob_constants(X);
-
- BIG_XXX_rcopy(y,CURVE_Order_ZZZ);
- gs(u,e);
-
- //ECP8_ZZZ_affine(P);
-
- ECP8_ZZZ_copy(&Q[0],P);
- for (i=1; i<16; i++)
- {
- ECP8_ZZZ_copy(&Q[i],&Q[i-1]);
- ECP8_ZZZ_frob(&Q[i],X,1);
- }
-
- for (i=0; i<16; i++)
- {
- np=BIG_XXX_nbits(u[i]);
- BIG_XXX_modneg(x,u[i],y);
- nn=BIG_XXX_nbits(x);
- if (nn<np)
- {
- BIG_XXX_copy(u[i],x);
- ECP8_ZZZ_neg(&Q[i]);
- }
- BIG_XXX_norm(u[i]);
- //ECP8_ZZZ_affine(&Q[i]);
- }
-
- ECP8_ZZZ_mul16(P,Q,u);
-
-#else
- ECP8_ZZZ_mul(P,e);
-#endif
-}
-
-/* f=f^e */
-void PAIR_ZZZ_GTpow(FP48_YYY *f,BIG_XXX e)
-{
-#ifdef USE_GS_GT_ZZZ /* Note that this option requires a lot of RAM! Maybe better to use compressed XTR method, see FP16.cpp */
- int i,np,nn;
- FP48_YYY g[16];
- FP2_YYY X;
- BIG_XXX t,q;
- FP_YYY fx,fy;
- BIG_XXX u[16];
-
- FP_YYY_rcopy(&fx,Fra_YYY);
- FP_YYY_rcopy(&fy,Frb_YYY);
- FP2_YYY_from_FPs(&X,&fx,&fy);
-
- BIG_XXX_rcopy(q,CURVE_Order_ZZZ);
- gs(u,e);
-
- FP48_YYY_copy(&g[0],f);
- for (i=1; i<16; i++)
- {
- FP48_YYY_copy(&g[i],&g[i-1]);
- FP48_YYY_frob(&g[i],&X,1);
- }
-
- for (i=0; i<16; i++)
- {
- np=BIG_XXX_nbits(u[i]);
- BIG_XXX_modneg(t,u[i],q);
- nn=BIG_XXX_nbits(t);
- if (nn<np)
- {
- BIG_XXX_copy(u[i],t);
- FP48_YYY_conj(&g[i],&g[i]);
- }
- BIG_XXX_norm(u[i]);
- }
- FP48_YYY_pow16(f,g,u);
-
-#else
- FP48_YYY_pow(f,f,e);
-#endif
-}
-
-/* test group membership test - no longer needed */
-/* with GT-Strong curve, now only check that m!=1, conj(m)*m==1, and m.m^{p^4}=m^{p^2} */
-
-/*
-int PAIR_ZZZ_GTmember(FP48_YYY *m)
-{
- BIG_XXX a,b;
- FP2_YYY X;
- FP48_YYY r,w;
- if (FP48_YYY_isunity(m)) return 0;
- FP48_YYY_conj(&r,m);
- FP48_YYY_mul(&r,m);
- if (!FP48_YYY_isunity(&r)) return 0;
-
- BIG_XXX_rcopy(a,CURVE_Fra);
- BIG_XXX_rcopy(b,CURVE_Frb);
- FP2_YYY_from_BIG_XXXs(&X,a,b);
-
-
- FP48_YYY_copy(&r,m); FP48_YYY_frob(&r,&X); FP48_YYY_frob(&r,&X);
- FP48_YYY_copy(&w,&r); FP48_YYY_frob(&w,&X); FP48_YYY_frob(&w,&X);
- FP48_YYY_mul(&w,m);
-
-
-#ifndef GT_STRONG
- if (!FP48_YYY_equals(&w,&r)) return 0;
-
- BIG_XXX_rcopy(a,CURVE_Bnx);
-
- FP48_YYY_copy(&r,m); FP48_YYY_pow(&w,&r,a); FP48_YYY_pow(&w,&w,a);
- FP48_YYY_sqr(&r,&w); FP48_YYY_mul(&r,&w); FP48_YYY_sqr(&r,&r);
-
- FP48_YYY_copy(&w,m); FP48_YYY_frob(&w,&X);
- #endif
-
- return FP48_YYY_equals(&w,&r);
-}
-
-*/
-
-
-#ifdef HAS_MAIN
-
-using namespace std;
-using namespace ZZZ;
-
-
-// g++ -O2 pair256_BLS48.cpp ecp8_BLS48.cpp fp48_BLS48.cpp fp16_BLS48.cpp fp8_BLS48.cpp fp4_BLS48.cpp fp2_BLS48.cpp ecp_BLS48.cpp fp_BLS48.cpp big_B560_29.cpp rom_curve_BLS48.cpp rom_field_BLS48.cpp rand.cpp hash.cpp oct.cpp -o pair256_BLS48.exe
-
-int main()
-{
- int i;
- char byt[32];
- csprng rng;
- BIG xa,xb,ya,yb,w,a,b,t1,q,u[2],v[4],m,r,xx,x2,x4,p;
- ECP8 P,G;
- ECP Q,R;
- FP48 g,gp;
- FP16 t,c,cp,cpm1,cpm2;
- FP8 X,Y;
- FP2 x,y,f,Aa,Bb;
- FP cru;
-
- for (i=0;i<32;i++)
- byt[i]=i+9;
- RAND_seed(&rng,32,byt);
-
- BIG_rcopy(r,CURVE_Order);
- BIG_rcopy(p,Modulus);
-
-
- BIG_rcopy(xa,CURVE_Gx_ZZZ);
- BIG_rcopy(ya,CURVE_Gy_ZZZ);
-
- ECP_ZZZ_set(&Q,xa,ya);
- if (Q.inf) printf("Failed to set - point not on curve\n");
- else printf("G1 set success\n");
-
- printf("Q= ");
- ECP_ZZZ_output(&Q);
- printf("\n");
-
- ECP8_generator(&P);
-
- if (P.inf) printf("Failed to set - point not on curve\n");
- else printf("G2 set success\n");
-
- BIG_rcopy(a,Fra);
- BIG_rcopy(b,Frb);
- FP2_from_BIGs(&f,a,b);
-
-
-//exit(0);
-
- PAIR_ZZZ_ate(&g,&P,&Q);
-
- printf("gb= ");
- FP48_output(&g);
- printf("\n");
- PAIR_ZZZ_fexp(&g);
-
- printf("g= ");
- FP48_output(&g);
- printf("\n");
-
- //FP48_pow(&g,&g,r);
-
- // printf("g^r= ");
- //FP48_output(&g);
- //printf("\n");
-
- ECP_ZZZ_copy(&R,&Q);
- ECP8_copy(&G,&P);
-
- ECP8_dbl(&G);
- ECP_dbl(&R);
- ECP_affine(&R);
-
- PAIR_ZZZ_ate(&g,&G,&Q);
- PAIR_ZZZ_fexp(&g);
-
- printf("g1= ");
- FP48_output(&g);
- printf("\n");
-
- PAIR_ZZZ_ate(&g,&P,&R);
- PAIR_ZZZ_fexp(&g);
-
- printf("g2= ");
- FP48_output(&g);
- printf("\n");
-
-
- PAIR_ZZZ_G1mul(&Q,r);
- printf("rQ= ");ECP_output(&Q); printf("\n");
-
- PAIR_ZZZ_G2mul(&P,r);
- printf("rP= ");ECP8_output(&P); printf("\n");
-
- //FP48_pow(&g,&g,r);
- PAIR_ZZZ_GTpow(&g,r);
- printf("g^r= ");FP48_output(&g); printf("\n");
-
-
- BIG_randomnum(w,r,&rng);
-
- FP48_copy(&gp,&g);
-
- PAIR_ZZZ_GTpow(&g,w);
-
- FP48_trace(&t,&g);
-
- printf("g^r= ");FP16_output(&t); printf("\n");
-
- FP48_compow(&t,&gp,w,r);
-
- printf("t(g)= "); FP16_output(&t); printf("\n");
-
-// PAIR_ZZZ_ate(&g,&P,&R);
-// PAIR_ZZZ_fexp(&g);
-
-// printf("g= ");
-// FP48_output(&g);
-// printf("\n");
-
-// PAIR_ZZZ_GTpow(&g,xa);
-}
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/pair256.h
----------------------------------------------------------------------
diff --git a/version3/c/pair256.h b/version3/c/pair256.h
deleted file mode 100644
index d270f76..0000000
--- a/version3/c/pair256.h
+++ /dev/null
@@ -1,77 +0,0 @@
-#ifndef PAIR256_ZZZ_H
-#define PAIR256_ZZZ_H
-
-#include "fp48_YYY.h"
-#include "ecp8_ZZZ.h"
-#include "ecp_ZZZ.h"
-
-
-/* Pairing constants */
-
-extern const BIG_XXX CURVE_Bnx_ZZZ; /**< BN curve x parameter */
-extern const BIG_XXX CURVE_Cru_ZZZ; /**< BN curve Cube Root of Unity */
-
-extern const BIG_XXX CURVE_W_ZZZ[2]; /**< BN curve constant for GLV decomposition */
-extern const BIG_XXX CURVE_SB_ZZZ[2][2]; /**< BN curve constant for GLV decomposition */
-extern const BIG_XXX CURVE_WB_ZZZ[4]; /**< BN curve constant for GS decomposition */
-extern const BIG_XXX CURVE_BB_ZZZ[4][4]; /**< BN curve constant for GS decomposition */
-
-/* Pairing function prototypes */
-/** @brief Calculate Miller loop for Optimal ATE pairing e(P,Q)
- *
- @param r FP48 result of the pairing calculation e(P,Q)
- @param P ECP8 instance, an element of G2
- @param Q ECP instance, an element of G1
-
- */
-extern void PAIR_ZZZ_ate(FP48_YYY *r,ECP8_ZZZ *P,ECP_ZZZ *Q);
-/** @brief Calculate Miller loop for Optimal ATE double-pairing e(P,Q).e(R,S)
- *
- Faster than calculating two separate pairings
- @param r FP48 result of the pairing calculation e(P,Q).e(R,S), an element of GT
- @param P ECP8 instance, an element of G2
- @param Q ECP instance, an element of G1
- @param R ECP8 instance, an element of G2
- @param S ECP instance, an element of G1
- */
-extern void PAIR_ZZZ_double_ate(FP48_YYY *r,ECP8_ZZZ *P,ECP_ZZZ *Q,ECP8_ZZZ *R,ECP_ZZZ *S);
-/** @brief Final exponentiation of pairing, converts output of Miller loop to element in GT
- *
- Here p is the internal modulus, and r is the group order
- @param x FP48, on exit = x^((p^12-1)/r)
- */
-extern void PAIR_ZZZ_fexp(FP48_YYY *x);
-/** @brief Fast point multiplication of a member of the group G1 by a BIG number
- *
- May exploit endomorphism for speed.
- @param Q ECP member of G1.
- @param b BIG multiplier
-
- */
-extern void PAIR_ZZZ_G1mul(ECP_ZZZ *Q,BIG_XXX b);
-/** @brief Fast point multiplication of a member of the group G2 by a BIG number
- *
- May exploit endomorphism for speed.
- @param P ECP8 member of G1.
- @param b BIG multiplier
-
- */
-extern void PAIR_ZZZ_G2mul(ECP8_ZZZ *P,BIG_XXX b);
-/** @brief Fast raising of a member of GT to a BIG power
- *
- May exploit endomorphism for speed.
- @param x FP48 member of GT.
- @param b BIG exponent
-
- */
-extern void PAIR_ZZZ_GTpow(FP48_YYY *x,BIG_XXX b);
-/** @brief Tests FP48 for membership of GT
- *
- @param x FP48 instance
- @return 1 if x is in GT, else return 0
-
- */
-extern int PAIR_ZZZ_GTmember(FP48_YYY *x);
-
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/pbc_support.c
----------------------------------------------------------------------
diff --git a/version3/c/pbc_support.c b/version3/c/pbc_support.c
deleted file mode 100644
index 3639fb7..0000000
--- a/version3/c/pbc_support.c
+++ /dev/null
@@ -1,180 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Symmetric crypto support functions Functions */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <time.h>
-
-#include "pbc_support.h"
-
-/* general purpose hash function w=hash(p|n|x|y) */
-void mhashit(int sha,int n,octet *x,octet *w)
-{
- int i,c[4],hlen;
- hash256 sha256;
- hash512 sha512;
- char hh[64];
-
- switch (sha)
- {
- case SHA256:
- HASH256_init(&sha256);
- break;
- case SHA384:
- HASH384_init(&sha512);
- break;
- case SHA512:
- HASH512_init(&sha512);
- break;
- }
-
- hlen=sha;
-
- if (n>0)
- {
- c[0]=(n>>24)&0xff;
- c[1]=(n>>16)&0xff;
- c[2]=(n>>8)&0xff;
- c[3]=(n)&0xff;
- for (i=0; i<4; i++)
- {
- switch(sha)
- {
- case SHA256:
- HASH256_process(&sha256,c[i]);
- break;
- case SHA384:
- HASH384_process(&sha512,c[i]);
- break;
- case SHA512:
- HASH512_process(&sha512,c[i]);
- break;
- }
- }
- }
-
- if (x!=NULL) for (i=0; i<x->len; i++)
- {
- switch(sha)
- {
- case SHA256:
- HASH256_process(&sha256,x->val[i]);
-
- break;
- case SHA384:
- HASH384_process(&sha512,x->val[i]);
- break;
- case SHA512:
- HASH512_process(&sha512,x->val[i]);
- break;
- }
- }
-
- for (i=0; i<hlen; i++) hh[i]=0;
- switch (sha)
- {
- case SHA256:
- HASH256_hash(&sha256,hh);
- break;
- case SHA384:
- HASH384_hash(&sha512,hh);
- break;
- case SHA512:
- HASH512_hash(&sha512,hh);
- break;
- }
-
- OCT_empty(w);
-
- if (hlen>=w->max)
- OCT_jbytes(w,hh,w->max);
- else
- {
- OCT_jbyte(w,0,w->max-hlen);
- OCT_jbytes(w,hh,hlen);
-
-// OCT_jbytes(w,hh,hlen);
-// OCT_jbyte(w,0,w->max-hlen);
- }
-}
-
-unsign32 today(void)
-{
- /* return time in slots since epoch */
- unsign32 ti=(unsign32)time(NULL);
- return (uint32_t)(ti/(60*TIME_SLOT_MINUTES));
-}
-
-/* Hash the M-Pin transcript - new */
-
-void HASH_ALL(int sha,octet *HID,octet *xID,octet *xCID,octet *SEC,octet *Y,octet *R,octet *W,octet *H)
-{
- char t[1284]; // assumes max modulus of 1024-bits
- octet T= {0,sizeof(t),t};
-
- OCT_joctet(&T,HID);
- if (xCID!=NULL) OCT_joctet(&T,xCID);
- else OCT_joctet(&T,xID);
- OCT_joctet(&T,SEC);
- OCT_joctet(&T,Y);
- OCT_joctet(&T,R);
- OCT_joctet(&T,W);
-
- mhashit(sha,0,&T,H);
-}
-
-void HASH_ID(int sha,octet *ID,octet *HID)
-{
- mhashit(sha,0,ID,HID);
-}
-
-unsign32 GET_TIME(void)
-{
- return (unsign32)time(NULL);
-}
-
-/* AES-GCM Encryption of octets, K is key, H is header,
- P is plaintext, C is ciphertext, T is authentication tag */
-void AES_GCM_ENCRYPT(octet *K,octet *IV,octet *H,octet *P,octet *C,octet *T)
-{
- gcm g;
- GCM_init(&g,K->len,K->val,IV->len,IV->val);
- GCM_add_header(&g,H->val,H->len);
- GCM_add_plain(&g,C->val,P->val,P->len);
- C->len=P->len;
- GCM_finish(&g,T->val);
- T->len=16;
-}
-
-/* AES-GCM Decryption of octets, K is key, H is header,
- P is plaintext, C is ciphertext, T is authentication tag */
-void AES_GCM_DECRYPT(octet *K,octet *IV,octet *H,octet *C,octet *P,octet *T)
-{
- gcm g;
- GCM_init(&g,K->len,K->val,IV->len,IV->val);
- GCM_add_header(&g,H->val,H->len);
- GCM_add_cipher(&g,P->val,C->val,C->len);
- P->len=C->len;
- GCM_finish(&g,T->val);
- T->len=16;
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/pbc_support.h
----------------------------------------------------------------------
diff --git a/version3/c/pbc_support.h b/version3/c/pbc_support.h
deleted file mode 100644
index 4fe82d9..0000000
--- a/version3/c/pbc_support.h
+++ /dev/null
@@ -1,96 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/**
- * @file pbc_support.h
- * @author Mike Scott
- * @brief Auxiliary functions for Pairing-based protocols
- *
- *
- */
-
-#ifndef PBC_SUPPORT_H
-#define PBC_SUPPORT_H
-
-#include "amcl.h"
-
-#define TIME_SLOT_MINUTES 1440 /**< Time Slot = 1 day */
-
-/** @brief general purpose hash function w=hash(n|x)
- *
- @param sha is the hash type
- @param n integer involved in the hash
- @param x octect involved in the h ash
- @param w output
- */
-extern void mhashit(int sha,int n,octet *x,octet *w);
-
-/** @brief Supply today's date as days from the epoch
- *
- @return today's date, as number of days elapsed since the epoch
- */
-unsign32 today(void);
-/** @brief Hash the session transcript
- @param h is the hash type
- @param I is the hashed input client ID = H(ID)
- @param U is the client output = x.H(ID)
- @param CU is the client output = x.(H(ID)+H(T|H(ID)))
- @param Y is the server challenge
- @param V is the client part response
- @param R is the client part response
- @param W is the server part response
- @param H the output is the hash of all of the above that apply
-*/
-void HASH_ALL(int h,octet *I,octet *U,octet *CU,octet *Y,octet *V,octet *R,octet *W,octet *H);
-/** @brief Hash an M-Pin Identity to an octet string
- *
- @param h is the hash type
- @param ID an octet containing the identity
- @param HID an octet containing the hashed identity
- */
-void HASH_ID(int h,octet *ID,octet *HID);
-/** @brief Get epoch time as unsigned integer
- *
- @return current epoch time in seconds
- */
-unsign32 GET_TIME(void);
-/** @brief AES-GCM Encryption
- *
- @param K AES key
- @param IV Initialization vector
- @param H Header
- @param P Plaintext
- @param C Ciphertext
- @param T Checksum
- */
-void AES_GCM_ENCRYPT(octet *K,octet *IV,octet *H,octet *P,octet *C,octet *T);
-
-/** @brief AES-GCM Decryption
- *
- @param K AES key
- @param IV Initialization vector
- @param H Header
- @param P Plaintext
- @param C Ciphertext
- @param T Checksum
- */
-void AES_GCM_DECRYPT(octet *K,octet *IV,octet *H,octet *C,octet *P,octet *T);
-
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rand.c
----------------------------------------------------------------------
diff --git a/version3/c/rand.c b/version3/c/rand.c
deleted file mode 100644
index 4a2cd0a..0000000
--- a/version3/c/rand.c
+++ /dev/null
@@ -1,172 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/*
- * Cryptographic strong random number generator
- *
- * Unguessable seed -> SHA -> PRNG internal state -> SHA -> random numbers
- * Slow - but secure
- *
- * See ftp://ftp.rsasecurity.com/pub/pdfs/bull-1.pdf for a justification
- */
-/* SU=m, m is Stack Usage */
-
-#include "amcl.h"
-
-/* SU= 20 */
-static unsign32 sbrand(csprng *rng)
-{
- /* Marsaglia & Zaman random number generator */
- int i,k;
- unsign32 pdiff,t;
- rng->rndptr++;
- if (rng->rndptr<NK) return rng->ira[rng->rndptr];
- rng->rndptr=0;
- for (i=0,k=NK-NJ; i<NK; i++,k++)
- {
- /* calculate next NK values */
- if (k==NK) k=0;
- t=rng->ira[k];
- pdiff=t - rng->ira[i] - rng->borrow;
-
- if (pdiff<t) rng->borrow=0;
- if (pdiff>t) rng->borrow=1;
- rng->ira[i]=pdiff;
- }
- return rng->ira[0];
-}
-
-/* SU= 20 */
-static void sirand(csprng* rng,unsign32 seed)
-{
- /* initialise random number system */
- /* modified so that a subsequent call "stirs" in another seed value */
- /* in this way as many seed bits as desired may be used */
- int i,in;
- unsign32 t,m=1;
- rng->borrow=0L;
- rng->rndptr=0;
- rng->ira[0]^=seed;
- for (i=1; i<NK; i++)
- {
- /* fill initialisation vector */
- in=(NV*i)%NK;
- rng->ira[in]^=m; /* note XOR */
- t=m;
- m=seed-m;
- seed=t;
- }
- for (i=0; i<10000; i++) sbrand(rng ); /* "warm-up" & stir the generator */
-}
-
-/* SU= 312 */
-static void fill_pool(csprng *rng)
-{
- /* hash down output of RNG to re-fill the pool */
- int i;
- hash256 sh;
- HASH256_init(&sh);
- for (i=0; i<128; i++) HASH256_process(&sh,sbrand(rng));
- HASH256_hash(&sh,rng->pool);
- rng->pool_ptr=0;
-}
-
-static unsign32 pack(const uchar *b)
-{
- /* pack bytes into a 32-bit Word */
- return ((unsign32)b[3]<<24)|((unsign32)b[2]<<16)|((unsign32)b[1]<<8)|(unsign32)b[0];
-}
-
-/* SU= 360 */
-/* Initialize RNG with some real entropy from some external source */
-void RAND_seed(csprng *rng,int rawlen,char *raw)
-{
- /* initialise from at least 128 byte string of raw *
- * random (keyboard?) input, and 32-bit time-of-day */
- int i;
- char digest[32];
- uchar b[4];
- hash256 sh;
- rng->pool_ptr=0;
- for (i=0; i<NK; i++) rng->ira[i]=0;
- if (rawlen>0)
- {
- HASH256_init(&sh);
- for (i=0; i<rawlen; i++)
- HASH256_process(&sh,raw[i]);
- HASH256_hash(&sh,digest);
-
- /* initialise PRNG from distilled randomness */
-
- for (i=0; i<8; i++)
- {
- b[0]=digest[4*i];
- b[1]=digest[4*i+1];
- b[2]=digest[4*i+2];
- b[3]=digest[4*i+3];
- // printf("%08x\n",pack(b));
- sirand(rng,pack(b));
- }
- }
- fill_pool(rng);
-}
-
-/* Terminate and clean up */
-void RAND_clean(csprng *rng)
-{
- /* kill internal state */
- int i;
- rng->pool_ptr=rng->rndptr=0;
- for (i=0; i<32; i++) rng->pool[i]=0;
- for (i=0; i<NK; i++) rng->ira[i]=0;
- rng->borrow=0;
-}
-
-/* get random byte */
-/* SU= 8 */
-int RAND_byte(csprng *rng)
-{
- int r;
- r=rng->pool[rng->pool_ptr++];
- if (rng->pool_ptr>=32) fill_pool(rng);
- return (r&0xff);
-}
-
-/* test main program */
-/*
-#include <stdio.h>
-#include <string.h>
-
-void main()
-{
- int i;
- char raw[256];
- csprng rng;
-
- RAND_clean(&rng);
-
-
- for (i=0;i<256;i++) raw[i]=(char)i;
- RAND_seed(&rng,256,raw);
-
- for (i=0;i<1000;i++)
- printf("%02x ",(unsigned char)RAND_byte(&rng));
-}
-
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/randapi.c
----------------------------------------------------------------------
diff --git a/version3/c/randapi.c b/version3/c/randapi.c
deleted file mode 100644
index 9b32efb..0000000
--- a/version3/c/randapi.c
+++ /dev/null
@@ -1,15 +0,0 @@
-#include "randapi.h"
-
-/* Initialise a Cryptographically Strong Random Number Generator from
- an octet of raw random data */
-
-void CREATE_CSPRNG(csprng *RNG,octet *RAW)
-{
- RAND_seed(RNG,RAW->len,RAW->val);
-}
-
-void KILL_CSPRNG(csprng *RNG)
-{
- RAND_clean(RNG);
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/randapi.h
----------------------------------------------------------------------
diff --git a/version3/c/randapi.h b/version3/c/randapi.h
deleted file mode 100644
index 9a6807e..0000000
--- a/version3/c/randapi.h
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/**
- * @file randapi.h
- * @author Mike Scott
- * @brief PRNG API File
- *
- */
-
-#ifndef RANDOM_H
-#define RANDOM_H
-
-#include "amcl.h"
-
-/** @brief Initialise a random number generator
- *
- @param R is a pointer to a cryptographically secure random number generator
- @param S is an input truly random seed value
- */
-extern void CREATE_CSPRNG(csprng *R,octet *S);
-/** @brief Kill a random number generator
- *
- Deletes all internal state
- @param R is a pointer to a cryptographically secure random number generator
- */
-extern void KILL_CSPRNG(csprng *R);
-
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/readme.txt
----------------------------------------------------------------------
diff --git a/version3/c/readme.txt b/version3/c/readme.txt
deleted file mode 100644
index 3d0dc01..0000000
--- a/version3/c/readme.txt
+++ /dev/null
@@ -1,75 +0,0 @@
-Namespaces are sinulated to separate different curves.
-
-To this end the BIG type is renamed to BIG_XXX, where XXX can be changed to
-describe the size and layout of the BIG variable. Similarily the FP type
-is renamed FP_YYY, where YYY reflects the modulus used. Also the ECP type
-is renamed ECP_ZZZ, where ZZZ describes the actual curve. Function names
-are also decorated in the same way.
-
-So for example to support both ED25519 and the NIST P256 curve on a 64-bit
-processor, we would need to create BIG_256_56, FP_25519, ECP_ED25519 and
-BIG_256_56, FP_NIST256, ECP_NIST256. Note that both curves could be built
-on top of BIG_256_56, as both require support for 256-bit numbers using
-an internal number base of 2^56.
-
-Separate ROM files provide the constants required for each curve. The
-associated header files (big.h, fp.h and ecp.h) also specify
-certain constants that must be set for the particular curve.
-
---------------------------------------
-
-To build the library and see it in action, copy all of the files in this
-directory to a fresh directory. Then execute the python3 script config32.py
-for a 32-bit build, or config64.py for a 64-bit build, and select the curves
-that you wish to support. Note that support for 16-bit builds is currently
-somewhat limited - see config16.py. A library is built automatically
-including all of the modules that you will need.
-
-The configuration files assume the gcc compiler. For clang edit the
-config32.py and config64.py files and substitute "clang" for "gcc".
-Note that clang is about 10-15% faster.*
-
-NOTE: In the file config_curve.h a couple of methods with possible IP issues
-are commented out. For faster pairing code, edit this file.
-
-As a quick example execute
-
-py config32.py
-
-or
-
-python3 config32.py
-
-Then select options 1, 3, 7, 18, 20, 25, 26 and 27, which are fixed for the example
-program. (For a 16-bit build select 1,3 and 5). Select 0 then to exit.
-
-Then compile
-
-gcc -O2 -std=c99 testall.c amcl.a -o testall.exe
-
-if using MINGW in Windows. Or for Linux
-
-gcc -O2 -std=c99 testall.c amcl.a -o testall
-
-The test program exercises 3 different ordinary elliptic curves, a
-pairing friendly curve and RSA, all in the one binary.
-
-The correct PIN is 1234
-
-
-Next compile
-
-
-gcc -O2 -std=c99 benchtest_all.c amcl.a -o benchtest_all.exe
-
-if using MINGW in Windows. Or for Linux
-
-gcc -O2 -std=c99 benchtest_all.c amcl.a -o benchtest_all
-
-This program provides some timings.
-
-*Using clang on Windows
-Download latest clang from http://releases.llvm.org/download.html
-Choose Clang for Windows (64-bit) (.sig)
-Install a free version of Microsoft Visual C++ https://www.visualstudio.com/downloads/
-Now use "clang" wherever "gcc" was used before.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_curve_ANSSI.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_curve_ANSSI.c b/version3/c/rom_curve_ANSSI.c
deleted file mode 100644
index 535a697..0000000
--- a/version3/c/rom_curve_ANSSI.c
+++ /dev/null
@@ -1,33 +0,0 @@
-#include "arch.h"
-#include "ecp_ANSSI.h"
-
-/* ANSSI Curve */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-const int CURVE_Cof_I_ANNSI= 1;
-const BIG_256_28 CURVE_Cof_ANSSI= {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const int CURVE_A_ANSSI= -3;
-const int CURVE_B_I_ANSSI= 0;
-const BIG_256_28 CURVE_B_ANSSI= {0xB7BB73F,0x75ED967,0x1A18030,0xC9AE4B,0xFDFEC,0x754A44C,0xD4ABA,0x5428A93,0xE353FCA,0xE};
-const BIG_256_28 CURVE_Order_ANSSI= {0x6D655E1,0xFDD459C,0x2BF941F,0x67E140D,0x35B53DC,0xE8CE424,0xF10126D,0xB3AD58,0x1FD178C,0xF};
-const BIG_256_28 CURVE_Gx_ANSSI= {0x98F5CFF,0xC97A2DD,0x8B70164,0xD2DCAF9,0x3958C27,0x4749D42,0xB31183D,0x56C139E,0x6B3D4C3,0xB};
-const BIG_256_28 CURVE_Gy_ANSSI= {0x4062CFB,0x115A155,0x4C9E183,0xC307E8E,0xF8C2701,0xF0F3ECE,0x11F9271,0xC8B2049,0x142E0F7,0x6};
-#endif
-
-#if CHUNK==64
-const int CURVE_Cof_I_ANNSI= 1;
-const BIG_256_56 CURVE_Cof_ANSSI= {0x1L,0x0L,0x0L,0x0L,0x0L};
-const int CURVE_A_ANSSI= -3;
-const int CURVE_B_I_ANSSI= 0;
-const BIG_256_56 CURVE_B_ANSSI= {0x75ED967B7BB73FL,0xC9AE4B1A18030L,0x754A44C00FDFECL,0x5428A9300D4ABAL,0xEE353FCAL};
-const BIG_256_56 CURVE_Order_ANSSI= {0xFDD459C6D655E1L,0x67E140D2BF941FL,0xE8CE42435B53DCL,0xB3AD58F10126DL,0xF1FD178CL};
-const BIG_256_56 CURVE_Gx_ANSSI= {0xC97A2DD98F5CFFL,0xD2DCAF98B70164L,0x4749D423958C27L,0x56C139EB31183DL,0xB6B3D4C3L};
-const BIG_256_56 CURVE_Gy_ANSSI= {0x115A1554062CFBL,0xC307E8E4C9E183L,0xF0F3ECEF8C2701L,0xC8B204911F9271L,0x6142E0F7L};
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_curve_BLS24.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_curve_BLS24.c b/version3/c/rom_curve_BLS24.c
deleted file mode 100644
index 6f55314..0000000
--- a/version3/c/rom_curve_BLS24.c
+++ /dev/null
@@ -1,67 +0,0 @@
-#include "arch.h"
-#include "ecp_BLS24.h"
-
-/* Curve BLS24 - Pairing friendly BLS24 curve */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-// Base Bits= 29
-
-const int CURVE_Cof_I_BLS24= 0;
-const int CURVE_A_BLS24= 0;
-const int CURVE_B_I_BLS24= 19;
-const BIG_480_29 CURVE_B_BLS24= {0x13,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_480_29 CURVE_Order_BLS24= {0x10000001,0xD047FF,0x1FD54464,0x1E3CE067,0xE322DDA,0x1D356F3F,0x7433B44,0x49091F9,0x1729CC2,0x250286C,0x16E62ED,0xB403E1E,0x1001000,0x80,0x0,0x0,0x0};
-const BIG_480_29 CURVE_Gx_BLS24= {0xBE3CCD4,0x33B07AF,0x1B67D159,0x3DFC5B5,0xEBA1FCC,0x1A3C1F84,0x56BE204,0xEF8DF1B,0x11AE2D84,0x5FEE546,0x161B3BF9,0x183B20EE,0x1EA5D99B,0x14F0C5BF,0xBE521B7,0x17C682F9,0x1AB2};
-const BIG_480_29 CURVE_Gy_BLS24= {0x121E5245,0x65D2E56,0x11577DB1,0x16DACC11,0x14F39746,0x459F694,0x12483FCF,0xC828B04,0xFD63E5A,0x7B1D52,0xAFDE738,0xF349254,0x1A4529FF,0x10E53353,0xF91DEE1,0x16E18D8A,0x47FC};
-
-const BIG_480_29 CURVE_Bnx_BLS24= {0x11FF80,0x80010,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_480_29 CURVE_Cof_BLS24= {0x19F415AB,0x1E0FFDFF,0x15AAADFF,0xAA,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_480_29 CURVE_Cru_BLS24= {0xDD794A9,0x1DE138A3,0x2BCCE90,0xC746127,0x15223DDC,0x1DD8890B,0xED08DB7,0xE24B9F,0xE379CE6,0x37011AC,0x11BAC820,0x1EEFAD01,0x200860F,0x147218A6,0xF16A209,0xF0079,0x555C};
-const BIG_480_29 CURVE_Pxaa_BLS24= {0x14E24678,0x1F149A9B,0x9609022,0x1C186868,0xCDEFC69,0x1C87BB2E,0x14A2235F,0x7586755,0x5896747,0x159BFE92,0x3B5572E,0x1710A521,0x71EB14A,0xC643C33,0x12581DE5,0x1BCA747D,0x959};
-const BIG_480_29 CURVE_Pxab_BLS24= {0x1FB099B8,0x3FCF5D7,0x4A91C0E,0xC6EEB40,0x11FC2385,0x11B5AE8D,0x1A9CC3E7,0x194FE144,0x185DB2A5,0x930E1C7,0x14F85F9A,0x1F2ED4E,0x1D1BE5AD,0xF26169C,0xCF7F194,0x1DA1062E,0x3B0D};
-const BIG_480_29 CURVE_Pxba_BLS24= {0x11AD15D3,0xD0E6F38,0x17DB85BB,0x30A62F1,0x1EA3E09A,0x17B25FA1,0x1B7959AC,0x1165B19A,0x6C74FDB,0x18F790E1,0x12278FDA,0x1E008F79,0x103F329,0x14619FF1,0x1EBCAA8,0xFF5A9CA,0x3EC2};
-const BIG_480_29 CURVE_Pxbb_BLS24= {0x1EE0F480,0x3D5943A,0xF5B12E3,0x128AADC8,0x180E1CB9,0x1EFD916F,0x48BC7F,0x1D5EE1FA,0x5698EF5,0x11D6AED9,0x1386BC6E,0x196E900B,0x1CE2E465,0xC2A8ED3,0x1E67DF99,0x71B7940,0xA5B};
-const BIG_480_29 CURVE_Pyaa_BLS24= {0x14781AA0,0xC324C98,0xEDC2AC,0x16C13B46,0x145FC44B,0x12529530,0x1310A8C4,0x1768C5C0,0xE19AE68,0x56E1C1D,0x13DAF93F,0x17E94366,0xF901AD0,0x76800CC,0x10250D8B,0x1E6BAE6D,0x5057};
-const BIG_480_29 CURVE_Pyab_BLS24= {0xEAE08FA,0xDDF62BF,0xA97E5AB,0xF0EE97,0x99A42CA,0x1C326578,0xF33DC11,0x8B913F7,0xFEF8552,0x19F35B90,0x58DDBDE,0xFC32FF2,0x1587B5DF,0xB5EB07A,0x1A258DE0,0x1692CC3D,0x2CE2};
-const BIG_480_29 CURVE_Pyba_BLS24= {0x5F0CC41,0xB9813B5,0x14C2A87D,0xFF1264A,0x19AF8A14,0x6CE6C3,0x2A7F8A2,0x121DCA7D,0x7D37153,0x19D21078,0x15466DC7,0x1362982B,0x1DD3CB5B,0x1CFC0D1C,0x18C69AF8,0x8CC7DC,0x1807};
-const BIG_480_29 CURVE_Pybb_BLS24= {0x115C1CAE,0x78D9732,0x16C26237,0x5A81A6A,0x1C38A777,0x56121FE,0x4DAD9D7,0x1BEBA670,0xA1D72FC,0xD60B274,0x19734258,0x1D621775,0x4691771,0x14206B68,0x17B22DE4,0x29D5B37,0x499D};
-const BIG_480_29 CURVE_W_BLS24[2]= {{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
-const BIG_480_29 CURVE_SB_BLS24[2][2]= {{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}};
-const BIG_480_29 CURVE_WB_BLS24[4]= {{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
-const BIG_480_29 CURVE_BB_BLS24[4][4]= {{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0
,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}};
-#endif
-
-#if CHUNK==64
-// Base Bits= 56
-
-const int CURVE_Cof_I_BLS24= 0;
-const int CURVE_A_BLS24= 0;
-const int CURVE_B_I_BLS24= 19;
-const BIG_480_56 CURVE_B_BLS24= {0x13L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
-const BIG_480_56 CURVE_Order_BLS24= {0x1A08FFF0000001L,0x1E7033FF551190L,0x6ADE7EE322DDAFL,0x848FC9D0CED13AL,0x50D81729CC224L,0x1F0F05B98BB44AL,0x10010010005A0L,0x0L,0x0L};
-const BIG_480_56 CURVE_Gx_BLS24= {0x6760F5EBE3CCD4L,0xEFE2DAED9F4564L,0x783F08EBA1FCC1L,0xC6F8D95AF88134L,0xDCA8D1AE2D8477L,0x9077586CEFE4BFL,0x8B7FEA5D99BC1DL,0x17CAF9486DE9E1L,0x1AB2BE34L};
-const BIG_480_56 CURVE_Gy_BLS24= {0xCBA5CAD21E5245L,0x6D6608C55DF6C4L,0xB3ED294F39746BL,0x145824920FF3C8L,0x63AA4FD63E5A64L,0x492A2BF79CE00FL,0x66A7A4529FF79AL,0x6C53E477B861CAL,0x47FCB70CL};
-
-const BIG_480_56 CURVE_Bnx_BLS24= {0x100020011FF80L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
-const BIG_480_56 CURVE_Cof_BLS24= {0xC1FFBFF9F415ABL,0x5556AAB7FFL,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
-const BIG_480_56 CURVE_Cru_BLS24= {0xBC27146DD794A9L,0x3A30938AF33A43L,0xB112175223DDC6L,0x125CFBB4236DFBL,0x2358E379CE607L,0xD680C6EB20806EL,0x314C200860FF77L,0x3CBC5A88268E4L,0x555C0078L};
-const BIG_480_56 CURVE_Pxaa_BLS24= {0xE2935374E24678L,0xC34342582408BL,0xF765CCDEFC69EL,0xC33AAD2888D7F9L,0x7FD2458967473AL,0x52908ED55CBAB3L,0x786671EB14AB88L,0xA3EC96077958C8L,0x959DE53L};
-const BIG_480_56 CURVE_Pxab_BLS24= {0x7F9EBAFFB099B8L,0x3775A012A47038L,0x6B5D1B1FC23856L,0x7F0A26A730F9E3L,0x1C38F85DB2A5CAL,0x76A753E17E6926L,0x2D39D1BE5AD0F9L,0x31733DFC651E4CL,0x3B0DED08L};
-const BIG_480_56 CURVE_Pxba_BLS24= {0xA1CDE711AD15D3L,0x853178DF6E16EDL,0x64BF43EA3E09A1L,0x2D8CD6DE566B2FL,0xF21C26C74FDB8BL,0x47BCC89E3F6B1EL,0x3FE2103F329F00L,0x4E507AF2AA28C3L,0x3EC27FADL};
-const BIG_480_56 CURVE_Pxbb_BLS24= {0x7AB2875EE0F480L,0x4556E43D6C4B8CL,0xFB22DF80E1CB99L,0xF70FD0122F1FFDL,0xD5DB25698EF5EAL,0x4805CE1AF1BA3AL,0x1DA7CE2E465CB7L,0xCA0799F7E65855L,0xA5B38DBL};
-const BIG_480_56 CURVE_Pyaa_BLS24= {0x86499314781AA0L,0x609DA303B70AB1L,0xA52A6145FC44BBL,0x462E04C42A3124L,0xC383AE19AE68BBL,0xA1B34F6BE4FCADL,0x198F901AD0BF4L,0x736C094362CED0L,0x5057F35DL};
-const BIG_480_56 CURVE_Pyab_BLS24= {0xBBEC57EEAE08FAL,0x78774BAA5F96ADL,0x64CAF099A42CA0L,0xC89FBBCCF70478L,0x6B720FEF855245L,0x97F916376F7B3EL,0x60F5587B5DF7E1L,0x61EE89637816BDL,0x2CE2B496L};
-const BIG_480_56 CURVE_Pyba_BLS24= {0x730276A5F0CC41L,0xF89325530AA1F5L,0xD9CD879AF8A147L,0xEE53E8A9FE2880L,0x420F07D3715390L,0x4C15D519B71F3AL,0x1A39DD3CB5B9B1L,0x3EE631A6BE39F8L,0x18070466L};
-const BIG_480_56 CURVE_Pybb_BLS24= {0xF1B2E6515C1CAEL,0xD40D355B0988DCL,0xC243FDC38A7772L,0x5D338136B675CAL,0x164E8A1D72FCDFL,0xBBAE5CD0961ACL,0xD6D04691771EB1L,0xD9BDEC8B792840L,0x499D14EAL};
-const BIG_480_56 CURVE_W_BLS24[2]= {{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}};
-const BIG_480_56 CURVE_SB_BLS24[2][2]= {{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}}};
-const BIG_480_56 CURVE_WB_BLS24[4]= {{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}};
-const BIG_480_56 CURVE_BB_BLS24[4][4]= {{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}}};
-
-#endif
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_curve_BLS381.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_curve_BLS381.c b/version3/c/rom_curve_BLS381.c
deleted file mode 100644
index c4f019e..0000000
--- a/version3/c/rom_curve_BLS381.c
+++ /dev/null
@@ -1,62 +0,0 @@
-#include "arch.h"
-#include "ecp_BLS381.h"
-
-/* Curve BLS381 - Pairing friendly BLS curve */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-
-const int CURVE_Cof_I_BLS381= 0;
-const int CURVE_A_BLS381= 0;
-const int CURVE_B_I_BLS381= 4;
-const BIG_384_29 CURVE_B_BLS381= {0x4,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_384_29 CURVE_Order_BLS381= {0x1,0x1FFFFFF8,0x1F96FFBF,0x1B4805FF,0x1D80553B,0xC0404D0,0x1520CCE7,0xA6533AF,0x73EDA7,0x0,0x0,0x0,0x0,0x0};
-const BIG_384_29 CURVE_Gx_BLS381= {0x1B22C6BB,0x19D78056,0x1E86BBFE,0xBD07FF2,0x1AC586C5,0x1D1F8B8D,0x4168538,0x9F2EE97,0xFC3688C,0x27D4D60,0x9A558E3,0x32FAF28,0x1F1D3A73,0xB};
-const BIG_384_29 CURVE_Gy_BLS381= {0x6C5E7E1,0x551194A,0x222B903,0x198E8945,0xB3EDD03,0xC659602,0xBD8036C,0x12BABA01,0x4FCF5E0,0xBA0EC57,0x8278C3B,0x75541E3,0xB3F481E,0x4};
-
-
-const BIG_384_29 CURVE_Bnx_BLS381= {0x10000,0x10080000,0x34,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_384_29 CURVE_Cof_BLS381= {0xAAAB,0x55558,0x157855A3,0x191800AA,0x396,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_384_29 CURVE_Cru_BLS381= {0x1FFEFFFE,0x100FFFFF,0x280008B,0xFB026C4,0x9688DE1,0x149DF37C,0x1FAB76CE,0xED41EE,0x11BA69C6,0x1EFBB672,0x17C659CB,0x0,0x0,0x0};
-
-const BIG_384_29 CURVE_Pxa_BLS381= {0x121BDB8,0x402B646,0x16EFBF5,0x18064D50,0x1D1770BA,0x5B23D71,0xC0AD144,0x1A9F4807,0x11C6E47A,0x196E2882,0x9820149,0x11E1522,0x4AA2B2F,0x1};
-const BIG_384_29 CURVE_Pxb_BLS381= {0x1D042B7E,0xD63E82A,0x51755F9,0x19E22427,0x15049334,0x10DDEE3F,0x186AD769,0x1A132416,0x5596BD0,0x4413A7B,0x1F6B34E8,0x4E33EC0,0x1E02B605,0x9};
-const BIG_384_29 CURVE_Pya_BLS381= {0x8B82801,0xC9AA430,0xB28A278,0x15939877,0xD12C923,0xD34A8B0,0xE9DB50A,0x155197BA,0x1AADFD9B,0x16D171A8,0x3327371,0x4FADC23,0xE5D5277,0x6};
-const BIG_384_29 CURVE_Pyb_BLS381= {0x105F79BE,0x15483AFF,0x1B07686A,0xE1A4EB9,0x99AB3F3,0x955AB97,0xEBC99D2,0xFD0B4EC,0x19CB3E28,0x15E145C,0xCAB34AC,0x1D4E6998,0x6C4A02,0x3};
-const BIG_384_29 CURVE_W_BLS381[2]= {{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
-const BIG_384_29 CURVE_SB_BLS381[2][2]= {{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}};
-const BIG_384_29 CURVE_WB_BLS381[4]= {{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
-const BIG_384_29 CURVE_BB_BLS381[4][4]= {{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}};
-
-
-#endif
-
-#if CHUNK==64
-
-const int CURVE_Cof_I_BLS381= 0;
-const int CURVE_A_BLS381= 0;
-const int CURVE_B_I_BLS381= 4;
-const BIG_384_58 CURVE_B_BLS381= {0x4L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
-const BIG_384_58 CURVE_Order_BLS381= {0x3FFFFFF00000001L,0x36900BFFF96FFBFL,0x180809A1D80553BL,0x14CA675F520CCE7L,0x73EDA7L,0x0L,0x0L};
-const BIG_384_58 CURVE_Gx_BLS381= {0x33AF00ADB22C6BBL,0x17A0FFE5E86BBFEL,0x3A3F171BAC586C5L,0x13E5DD2E4168538L,0x4FA9AC0FC3688CL,0x65F5E509A558E3L,0x17F1D3A73L};
-const BIG_384_58 CURVE_Gy_BLS381= {0xAA232946C5E7E1L,0x331D128A222B903L,0x18CB2C04B3EDD03L,0x25757402BD8036CL,0x1741D8AE4FCF5E0L,0xEAA83C68278C3BL,0x8B3F481EL};
-
-const BIG_384_58 CURVE_Bnx_BLS381= {0x201000000010000L,0x34L,0x0L,0x0L,0x0L,0x0L,0x0L};
-const BIG_384_58 CURVE_Cof_BLS381= {0xAAAB0000AAABL,0x3230015557855A3L,0x396L,0x0L,0x0L,0x0L,0x0L};
-const BIG_384_58 CURVE_Cru_BLS381= {0x201FFFFFFFEFFFEL,0x1F604D88280008BL,0x293BE6F89688DE1L,0x1DA83DDFAB76CEL,0x3DF76CE51BA69C6L,0x17C659CBL,0x0L};
-
-const BIG_384_58 CURVE_Pxa_BLS381= {0x8056C8C121BDB8L,0x300C9AA016EFBF5L,0xB647AE3D1770BAL,0x353E900EC0AD144L,0x32DC51051C6E47AL,0x23C2A449820149L,0x24AA2B2FL};
-const BIG_384_58 CURVE_Pxb_BLS381= {0x1AC7D055D042B7EL,0x33C4484E51755F9L,0x21BBDC7F5049334L,0x3426482D86AD769L,0x88274F65596BD0L,0x9C67D81F6B34E8L,0x13E02B605L};
-const BIG_384_58 CURVE_Pya_BLS381= {0x193548608B82801L,0x2B2730EEB28A278L,0x1A695160D12C923L,0x2AA32F74E9DB50AL,0x2DA2E351AADFD9BL,0x9F5B8463327371L,0xCE5D5277L};
-const BIG_384_58 CURVE_Pyb_BLS381= {0x2A9075FF05F79BEL,0x1C349D73B07686AL,0x12AB572E99AB3F3L,0x1FA169D8EBC99D2L,0x2BC28B99CB3E28L,0x3A9CD330CAB34ACL,0x606C4A02L};
-const BIG_384_58 CURVE_W_BLS381[2]= {{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}};
-const BIG_384_58 CURVE_SB_BLS381[2][2]= {{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}}};
-const BIG_384_58 CURVE_WB_BLS381[4]= {{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}};
-const BIG_384_58 CURVE_BB_BLS381[4][4]= {{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}}};
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_curve_BLS383.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_curve_BLS383.c b/version3/c/rom_curve_BLS383.c
deleted file mode 100644
index 9b870e6..0000000
--- a/version3/c/rom_curve_BLS383.c
+++ /dev/null
@@ -1,62 +0,0 @@
-#include "arch.h"
-#include "ecp_BLS383.h"
-
-/* Curve BLS383 - Pairing friendly BLS curve */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-
-// Base Bits= 29
-
-const int CURVE_A_BLS383= 0;
-const int CURVE_Cof_I_BLS383= 0;
-const BIG_384_29 CURVE_Cof_BLS383= {0x15169EAB,0xA82AB0A,0xAAEFFED,0x15558001,0x555,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const int CURVE_B_I_BLS383= 15;
-const BIG_384_29 CURVE_B_BLS383= {0xF,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_384_29 CURVE_Order_BLS383= {0x1EBC0001,0x1904CF5F,0x834E5CE,0xBE12B42,0xB381DE0,0xE40B4C,0x270110,0x10018017,0x1002001,0x0,0x0,0x0,0x0,0x0};
-const BIG_384_29 CURVE_Gx_BLS383= {0x8734573,0x623B9C8,0x1D1DC11E,0xBB7E107,0x1E3445C5,0x1D6C2578,0x10B0BE1E,0xED6103E,0x10F31D9F,0x296ED82,0x18E0D7D0,0x12F3D9C9,0x1FCBA55B,0x20};
-const BIG_384_29 CURVE_Gy_BLS383= {0x3F224,0x968B2F4,0x1FE63F48,0xFA93D90,0x14D2DDE5,0x54A56F5,0x12441D4C,0x18CD76C8,0x199D0DAD,0xE18E236,0x92BA73,0x99F6600,0x8F16727,0x3};
-
-const BIG_384_29 CURVE_Bnx_BLS383= {0x1001200,0x400000,0x40,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_384_29 CURVE_Cru_BLS383= {0xEAAC2A9,0x61B3A81,0x17D974B7,0xBED0345,0xA341BC2,0x17A51A6F,0x5738948,0x69B7BAE,0x14605445,0x374A43,0x8116AD1,0x956DD69,0x16556956,0x2A};
-const BIG_384_29 CURVE_Pxa_BLS383= {0xD7F2D86,0x1E59DB1,0x17474F85,0x1FB56CF2,0x572EE81,0xE487AB1,0x96F51FC,0x190A5AAE,0x6432501,0x13E58F3A,0x101E6425,0xFD807D1,0x34D2240,0x3};
-const BIG_384_29 CURVE_Pxb_BLS383= {0x452DE15,0x1ECF20F6,0x1FF9837B,0x95651AA,0xD5D75B5,0x5D44749,0x12277F66,0x1DB3A0B9,0x1D24F498,0x19441B0E,0x1CDE9DC5,0x2C975,0xD78006,0x18};
-const BIG_384_29 CURVE_Pya_BLS383= {0x1408CB41,0x34785DC,0x3586597,0x13DBC9E4,0x1A2E75B4,0x1D65489,0xCF9A25E,0x1ACE7933,0x1B6E990E,0x19FF31A3,0x12527615,0x1A44A68F,0x1792CF93,0x19};
-const BIG_384_29 CURVE_Pyb_BLS383= {0x1F479093,0x16C2321B,0x1889218E,0x87961BC,0x1BC98B01,0x197A24FB,0xA3DEBC2,0x88D67DF,0x1CE0D,0x1E8AD3D7,0x93B9EE9,0x59B18D6,0xE5247DD,0x10};
-const BIG_384_29 CURVE_W_BLS383[2]= {{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
-const BIG_384_29 CURVE_SB_BLS383[2][2]= {{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}};
-const BIG_384_29 CURVE_WB_BLS383[4]= {{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
-const BIG_384_29 CURVE_BB_BLS383[4][4]= {{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}};
-
-#endif
-
-#if CHUNK==64
-
-// Base Bits= 58
-
-const int CURVE_A_BLS383= 0;
-const int CURVE_Cof_I_BLS383= 0;
-const BIG_384_58 CURVE_Cof_BLS383= {0x150556155169EABL,0x2AAB0002AAEFFEDL,0x555L,0x0L,0x0L,0x0L,0x0L};
-const int CURVE_B_I_BLS383= 15;
-const BIG_384_58 CURVE_B_BLS383= {0xFL,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
-const BIG_384_58 CURVE_Order_BLS383= {0x32099EBFEBC0001L,0x17C25684834E5CEL,0x1C81698B381DE0L,0x2003002E0270110L,0x1002001L,0x0L,0x0L};
-const BIG_384_58 CURVE_Gx_BLS383= {0xC4773908734573L,0x176FC20FD1DC11EL,0x3AD84AF1E3445C5L,0x1DAC207D0B0BE1EL,0x52DDB050F31D9FL,0x25E7B3938E0D7D0L,0x41FCBA55BL};
-const BIG_384_58 CURVE_Gy_BLS383= {0x12D165E8003F224L,0x1F527B21FE63F48L,0xA94ADEB4D2DDE5L,0x319AED912441D4CL,0x1C31C46D99D0DADL,0x133ECC00092BA73L,0x68F16727L};
-
-const BIG_384_58 CURVE_Bnx_BLS383= {0x8000001001200L,0x40L,0x0L,0x0L,0x0L,0x0L,0x0L};
-const BIG_384_58 CURVE_Cru_BLS383= {0xC367502EAAC2A9L,0x17DA068B7D974B7L,0x2F4A34DEA341BC2L,0xD36F75C5738948L,0x6E94874605445L,0x12ADBAD28116AD1L,0x556556956L};
-const BIG_384_58 CURVE_Pxa_BLS383= {0x3CB3B62D7F2D86L,0x3F6AD9E57474F85L,0x1C90F562572EE81L,0x3214B55C96F51FCL,0x27CB1E746432501L,0x1FB00FA301E6425L,0x634D2240L};
-const BIG_384_58 CURVE_Pxb_BLS383= {0x3D9E41EC452DE15L,0x12ACA355FF9837BL,0xBA88E92D5D75B5L,0x3B6741732277F66L,0x3288361DD24F498L,0x592EBCDE9DC5L,0x300D78006L};
-const BIG_384_58 CURVE_Pya_BLS383= {0x68F0BB9408CB41L,0x27B793C83586597L,0x3ACA913A2E75B4L,0x359CF266CF9A25EL,0x33FE6347B6E990EL,0x34894D1F2527615L,0x33792CF93L};
-const BIG_384_58 CURVE_Pyb_BLS383= {0x2D846437F479093L,0x10F2C379889218EL,0x32F449F7BC98B01L,0x111ACFBEA3DEBC2L,0x3D15A7AE001CE0DL,0xB3631AC93B9EE9L,0x20E5247DDL};
-const BIG_384_58 CURVE_W_BLS383[2]= {{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}};
-const BIG_384_58 CURVE_SB_BLS383[2][2]= {{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}}};
-const BIG_384_58 CURVE_WB_BLS383[4]= {{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}};
-const BIG_384_58 CURVE_BB_BLS383[4][4]= {{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}}};
-
-#endif
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_curve_BLS461.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_curve_BLS461.c b/version3/c/rom_curve_BLS461.c
deleted file mode 100644
index 37180e7..0000000
--- a/version3/c/rom_curve_BLS461.c
+++ /dev/null
@@ -1,59 +0,0 @@
-#include "arch.h"
-#include "ecp_BLS461.h"
-
-/* Curve BLS383 - Pairing friendly BLS curve */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-
-const int CURVE_Cof_I_BLS461= 0;
-const int CURVE_A_BLS461= 0;
-const int CURVE_B_I_BLS461= 9;
-const BIG_464_28 CURVE_B_BLS461= {0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_464_28 CURVE_Order_BLS461= {0x1,0x0,0xFFFFC00,0x7FEFFFE,0x110000,0x7FFC800,0x801FC01,0x5FD000E,0x17FE0,0xFFFC018,0xFFFFFF7,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_464_28 CURVE_Gx_BLS461= {0xADEE93D,0x4D026A8,0x74B7411,0xD9C00EE,0x31AC7F2,0xC3981B5,0x9218229,0xD3564DC,0xA096650,0x6F7C292,0x9743616,0xBE922B1,0x12CF668,0xC81327,0x463B73A,0xE74E99B,0xAD0};
-const BIG_464_28 CURVE_Gy_BLS461= {0xAD1D465,0xF763157,0xC4FF470,0x17884C8,0xB8D215D,0xA819E66,0xF4959D0,0xE5C3245,0xB84910A,0xB8BFA40,0xBE96EEC,0x8BF9F8C,0xF277ACC,0x5F1C3F2,0x5F68C9,0xCDB14B3,0x77B};
-
-const BIG_464_28 CURVE_Bnx_BLS461= {0x0,0xFBFFFE0,0x1FFFFF,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_464_28 CURVE_Cof_BLS461= {0xAAAAAAB,0xA7FFFEA,0x1556AA,0xD55AAAB,0x554FFFF,0x1555,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_464_28 CURVE_Cru_BLS461= {0xFFFFFFE,0x40001F,0xFE00000,0xFFE7FFF,0xF0FFF6F,0x7200C47,0x7BCC604,0x15796DB,0xCF47771,0x9875433,0x613F0E8,0x5000502,0xEBFFF60,0x1FFFFF,0x0,0x0,0x0};
-const BIG_464_28 CURVE_Pxa_BLS461= {0x6D0A37C,0x5B50318,0x75DCC46,0xC2E492E,0xD6878A9,0xE01F919,0xF92F564,0x86DB74F,0x66803F0,0x46D581A,0x7ED78D,0x2F97C29,0xC270C89,0xF679453,0x6A50A9A,0x54138A0,0x10CC};
-const BIG_464_28 CURVE_Pxb_BLS461= {0x2C1C0AD,0xF85CA8C,0x25CADE9,0x6CD66C4,0xA289609,0xC612951,0xEE2401A,0x529ABEB,0xF65B17D,0xBA09D33,0xD4C5AF5,0x4D4371E,0x46A672E,0xA279D22,0xACEA37C,0x1FB4FE5,0x95C};
-const BIG_464_28 CURVE_Pya_BLS461= {0x2FB006,0xCCD0C1B,0xA12A337,0x3D194A4,0xC92C895,0x4960CFC,0x39FC68B,0x3A9B00F,0xED1BA0F,0xA7DBBC5,0xA9CDFD8,0x27CC2F7,0x4E73ED2,0x6070F4F,0xEBA7E67,0xAC848E7,0x226};
-const BIG_464_28 CURVE_Pyb_BLS461= {0xDF1457C,0xA506ADF,0x4C20A8,0xD6A31DC,0x36E3FB4,0xEA9A8F1,0x92F5668,0x3C3BE44,0x67A1297,0x74BEABA,0x56A20BE,0x4C42E38,0x45157F0,0x2AB1D00,0xBB402EA,0x101B4FA,0xE38};
-const BIG_464_28 CURVE_W_BLS461[2]= {{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
-const BIG_464_28 CURVE_SB_BLS461[2][2]= {{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}};
-const BIG_464_28 CURVE_WB_BLS461[4]= {{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
-const BIG_464_28 CURVE_BB_BLS461[4][4]= {{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x
0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}};
-
-#endif
-
-#if CHUNK==64
-
-const int CURVE_Cof_I_BLS461= 0;
-const int CURVE_A_BLS461= 0;
-const int CURVE_B_I_BLS461= 9;
-const BIG_464_60 CURVE_B_BLS461= {0x9L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
-const BIG_464_60 CURVE_Order_BLS461= {0x1L,0x7FEFFFEFFFFC0L,0xC017FFC80001100L,0x7FE05FD000E801FL,0xFFFF7FFFC018001L,0xFFL,0x0L,0x0L};
-const BIG_464_60 CURVE_Gx_BLS461= {0x14D026A8ADEE93DL,0xF2D9C00EE74B741L,0x229C3981B531AC7L,0x6650D3564DC9218L,0x436166F7C292A09L,0x2CF668BE922B197L,0x463B73A0C813271L,0xAD0E74E99BL};
-const BIG_464_60 CURVE_Gy_BLS461= {0xF763157AD1D465L,0x5D17884C8C4FF47L,0x9D0A819E66B8D21L,0x910AE5C3245F495L,0x96EECB8BFA40B84L,0x277ACC8BF9F8CBEL,0x5F68C95F1C3F2FL,0x77BCDB14B3L};
-
-const BIG_464_60 CURVE_Bnx_BLS461= {0xFFBFFFE00000000L,0x1FFFFL,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
-const BIG_464_60 CURVE_Cof_BLS461= {0xAA7FFFEAAAAAAABL,0xFFD55AAAB01556AL,0x1555554FFL,0x0L,0x0L,0x0L,0x0L,0x0L};
-const BIG_464_60 CURVE_Cru_BLS461= {0x40001FFFFFFFEL,0x6FFFE7FFFFE0000L,0x6047200C47F0FFFL,0x777115796DB7BCCL,0x3F0E89875433CF4L,0xBFFF60500050261L,0x1FFFFFEL,0x0L};
-const BIG_464_60 CURVE_Pxa_BLS461= {0x65B503186D0A37CL,0xA9C2E492E75DCC4L,0x564E01F919D6878L,0x3F086DB74FF92FL,0xED78D46D581A668L,0x270C892F97C2907L,0x6A50A9AF679453CL,0x10CC54138A0L};
-const BIG_464_60 CURVE_Pxb_BLS461= {0x9F85CA8C2C1C0ADL,0x96CD66C425CADEL,0x1AC612951A2896L,0xB17D529ABEBEE24L,0xC5AF5BA09D33F65L,0x6A672E4D4371ED4L,0xACEA37CA279D224L,0x95C1FB4FE5L};
-const BIG_464_60 CURVE_Pya_BLS461= {0x7CCD0C1B02FB006L,0x953D194A4A12A33L,0x68B4960CFCC92C8L,0xBA0F3A9B00F39FCL,0xCDFD8A7DBBC5ED1L,0xE73ED227CC2F7A9L,0xEBA7E676070F4F4L,0x226AC848E7L};
-const BIG_464_60 CURVE_Pyb_BLS461= {0x8A506ADFDF1457CL,0xB4D6A31DC04C20AL,0x668EA9A8F136E3FL,0x12973C3BE4492F5L,0xA20BE74BEABA67AL,0x5157F04C42E3856L,0xBB402EA2AB1D004L,0xE38101B4FAL};
-const BIG_464_60 CURVE_W_BLS461[2]= {{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}};
-const BIG_464_60 CURVE_SB_BLS461[2][2]= {{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}}};
-const BIG_464_60 CURVE_WB_BLS461[4]= {{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}};
-const BIG_464_60 CURVE_BB_BLS461[4][4]= {{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}}};
-
-
-#endif
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_curve_BLS48.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_curve_BLS48.c b/version3/c/rom_curve_BLS48.c
deleted file mode 100644
index ba97dc0..0000000
--- a/version3/c/rom_curve_BLS48.c
+++ /dev/null
@@ -1,88 +0,0 @@
-#include "arch.h"
-#include "ecp_BLS48.h"
-
-/* Curve BLS48 - Pairing friendly BLS48 curve */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-
-// Base Bits= 29
-
-const int CURVE_Cof_I_BLS48= 0;
-const int CURVE_A_BLS48= 0;
-const int CURVE_B_I_BLS48= 17;
-const BIG_560_29 CURVE_B_BLS48= {0x11,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_560_29 CURVE_Order_BLS48= {0x1,0x17FFF800,0xA769C21,0x8AA813C,0x2029C21,0xA68F58B,0xB6307F4,0x1184DA51,0x6DFED78,0x1A3C85E9,0x571037B,0x1637F1F9,0x1C465FB0,0x98354B9,0x118DF17A,0x1422355D,0x43BF73E,0x6,0x0,0x0};
-const BIG_560_29 CURVE_Gx_BLS48= {0x5D71D33,0x1943697B,0x18CB783F,0x1B00AA9F,0x1711EE0B,0x7F80B23,0x129FD8CC,0x1345E03F,0x9A80F66,0x7038173,0xC056511,0x142801F5,0x42B2C3A,0x1AF09869,0x7924166,0x8381264,0x957EDD7,0xBACAEDC,0xA27A4A1,0x13};
-const BIG_560_29 CURVE_Gy_BLS48= {0xA6ED83A,0x14D2D9FF,0xA29C33D,0x1B8972A9,0x6958677,0x19C8F547,0x1DED7E3E,0x14F9E3DC,0x18FB7229,0x27171C0,0x1551E32D,0xE6184CC,0x6260E3C,0x733D204,0x579C437,0x1534665C,0x2B3349D,0x3162FD7,0xB634253,0x1};
-
-const BIG_560_29 CURVE_Bnx_BLS48= {0x1DE40020,0x3,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_560_29 CURVE_Cof_BLS48= {0x1F12ABEB,0x516887B,0x5,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_560_29 CURVE_Cru_BLS48= {0xCBBA429,0x1B273F3,0xD3DD160,0x19C61452,0x308093A,0x146E1E34,0xAE0E768,0x1185948,0x1B73BC2D,0x93D855C,0x1B1A639C,0x118C919B,0xFF04AE3,0xF1CCD77,0x91318E5,0x10644780,0x3A79F7,0x1BE77919,0x145F60F3,0x1F};
-const BIG_560_29 CURVE_Pxaaa_BLS48= {0x923CE4A,0x14697474,0xAE04F4A,0x17AE205A,0x1313A20C,0x10B2EC50,0x18DF074F,0x15FE3FE8,0x7C90B98,0x959BF85,0xE57BD37,0x14376C96,0xBF57375,0xE20B625,0x12EE2172,0x1CBBCE85,0x1A5D9487,0xD0E024B,0x195E3602,0x1C};
-const BIG_560_29 CURVE_Pxaab_BLS48= {0xC0A1BE1,0x138E6E2D,0x1DF5FDC,0x151FC760,0x33972C5,0x56AA3C2,0x2491D8C,0x115B9FD7,0x140A11FA,0x1873AE35,0x1F259C26,0x74B0647,0x12D18B04,0x4672431,0x1C27F419,0x1CAA4D35,0x18DB48B6,0x13A54BDA,0x5080497,0x5};
-const BIG_560_29 CURVE_Pxaba_BLS48= {0x170C5DC4,0x11D39263,0x16B3BCB6,0x152C95BB,0x19BEC736,0x8849A12,0x49AB2A8,0xC7162D3,0xC58CD55,0x15C2659,0x11EE8B90,0xB40CAFC,0xE233167,0x7BEC8BE,0x129335BD,0x151C7DBB,0x78B689B,0x1B6B8EED,0x14BFBE3D,0x16};
-const BIG_560_29 CURVE_Pxabb_BLS48= {0x1A64B740,0x6B14B34,0x12481578,0x23FA931,0x323ADD1,0x206B82A,0xD789E1B,0x1FCFA666,0x1F4EEA7,0xF1E39E2,0x1968610,0xAF3EBD3,0x590D3B,0xDA0C35A,0x17306AAF,0xCF9DD2B,0x3F63B1A,0x96FF2F9,0xE102A76,0x12};
-const BIG_560_29 CURVE_Pxbaa_BLS48= {0x12F1E01F,0xDD8630B,0x12C29802,0x186239A6,0x19218788,0x4C87D1,0x16AE2501,0x775C076,0x870C80B,0x1A394429,0x1637D478,0x4A420E8,0x1C3AD4D4,0x10E5E713,0x111E6AD5,0x514FCF0,0x7CC49D3,0xC678A2,0x1787BDFD,0x1B};
-const BIG_560_29 CURVE_Pxbab_BLS48= {0x637383D,0x1851C11C,0x661F866,0x14404A7F,0x15D3D212,0x9AE28F6,0x8051F25,0x1E1CE2BF,0x137D882F,0xB231CEB,0xA8DB8FC,0x18957645,0x5E54DA8,0x1FF41C44,0x1A297414,0x17E1CBC5,0x1014F91F,0x4282AB7,0xB6CE9E3,0x10};
-const BIG_560_29 CURVE_Pxbba_BLS48= {0x1711939C,0xB41ED9E,0x69066BA,0x137CA3AD,0xCF2F6C0,0x5E6DAB9,0x2CE1323,0x946E448,0xF353D1C,0x14D9919F,0x46B7046,0x1A12015,0x3D6070,0x18C3E8D2,0x1F23BA45,0x1F1A337C,0x435A9CC,0x6CA1DF1,0x8A9CE1,0x15};
-const BIG_560_29 CURVE_Pxbbb_BLS48= {0x56F4899,0x196A0854,0xA959750,0x38A3D72,0x190BC9BC,0x145752BC,0x1E9E26DA,0x1403F88,0x71895E3,0x14162F5D,0x19FEC5FF,0x14190B16,0x7597C,0x19A3CF18,0x26A4B00,0x113D1BB6,0x7857A32,0xE0B78AB,0x1DD51E0F,0x1B};
-const BIG_560_29 CURVE_Pyaaa_BLS48= {0x14137844,0x1704BE7D,0x1FD3CCDD,0x189D8C93,0x1C768851,0xF5C37D5,0xE29C659,0x20AB1C1,0xF8896E0,0x1E08663E,0x1D1D539C,0x117E1C47,0x156CDD39,0x161F1017,0x143E8C72,0x174B22FD,0x18706190,0x49AA47E,0x19BB42E1,0xE};
-const BIG_560_29 CURVE_Pyaab_BLS48= {0xDC83190,0x12F19247,0x1AA26424,0x15D55E88,0xC418D32,0xB0E91DD,0x47CBFF7,0x2D992C1,0xDE03C1F,0x7694AE5,0x5C741A2,0x1D423AC6,0x5E02B9E,0x1E903F10,0x4EA6513,0x433A1F1,0x8EFA1C4,0xED54713,0x1E72CE4F,0x4};
-const BIG_560_29 CURVE_Pyaba_BLS48= {0x1985C0D,0xEE2FE82,0x64770FA,0x11A809B4,0x1483ACE9,0x18BCD2FA,0x171F32C,0x1612D58D,0x1E658341,0x1CBE2201,0x186E971,0x73F0E1,0xB0A5F40,0xAC90FB0,0x1635E008,0x237498B,0x1F3140D6,0xBF789A9,0x1166F259,0x1A};
-const BIG_560_29 CURVE_Pyabb_BLS48= {0x159D42F8,0x1B7F0540,0x45895D7,0x14875FA2,0x1E9E7F2B,0x10139D87,0x10F3FD7D,0x11D3717F,0x69E5006,0xF9BB3C4,0x13C9ED8D,0x16516DA,0x102F51DE,0x2725FEC,0x1F125B66,0xFFC324,0x1ED80731,0x1C16C4D,0x383AAA8,0x14};
-const BIG_560_29 CURVE_Pybaa_BLS48= {0x1F38039F,0x6A8959C,0x13C68984,0x11DD12AF,0x58093CF,0x1C8550A0,0xFFA1622,0xFF85979,0x1F2ABB75,0x18862E62,0x1EB6A2C9,0x1EC80B64,0x8EC2F18,0xE7BF713,0xC36B65A,0x19C5DD89,0x18A1D1AB,0xF772C8D,0xC11927C,0x5};
-const BIG_560_29 CURVE_Pybab_BLS48= {0x95F7865,0x134F0379,0x1CE9A0E,0x17E0EADD,0x1DACADD7,0x1B18F9F8,0x181D3943,0x186679A,0x2505BB0,0x1FDF1DC8,0x11B36A49,0x11E254E9,0xA438576,0x102B09AE,0x139984F4,0x15BC0233,0x1B6F180E,0x960562B,0x48CA65B,0x6};
-const BIG_560_29 CURVE_Pybba_BLS48= {0x7CC1979,0xEC1D4FB,0x1D89E6F0,0x955F38E,0x1635FDA9,0x123D8E10,0x10076209,0x494404A,0xD733D7,0x17678BCF,0x153841F9,0x10696FFD,0x5BC9FE8,0x1A20D8B2,0xE22EC9D,0x18449116,0x108C86C5,0x1B4CD720,0x34967,0x19};
-const BIG_560_29 CURVE_Pybbb_BLS48= {0xFC9F25B,0x7E44AB1,0xE9AB5D3,0x589F00D,0x1C9D264F,0xC7478B4,0x16B24A13,0x1D2C146B,0xEF84D9A,0xF47ECDE,0x1BFEE16A,0x1B69071E,0x11AB4C1C,0xBE9D9EF,0x390F005,0x78C8288,0x1B9BF549,0x9320730,0x3D84D97,0x14};
-const BIG_560_29 CURVE_W_BLS48[2]= {{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
-const BIG_560_29 CURVE_SB_BLS48[2][2]= {{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}};
-const BIG_560_29 CURVE_WB_BLS48[4]= {{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
-const BIG_560_29 CURVE_BB_BLS48[4][4]= {{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0
x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}};
-
-
-#endif
-
-#if CHUNK==64
-
-// Base Bits= 58
-
-const int CURVE_Cof_I_BLS48= 0;
-const int CURVE_A_BLS48= 0;
-const int CURVE_B_I_BLS48= 17;
-const BIG_560_58 CURVE_B_BLS48= {0x11L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
-const BIG_560_58 CURVE_Order_BLS48= {0x2FFFF0000000001L,0x11550278A769C21L,0x14D1EB162029C21L,0x2309B4A2B6307F4L,0x34790BD26DFED78L,0x2C6FE3F2571037BL,0x1306A973C465FB0L,0x28446ABB18DF17AL,0xC43BF73EL,0x0L};
-const BIG_560_58 CURVE_Gx_BLS48= {0x3286D2F65D71D33L,0x3601553F8CB783FL,0xFF01647711EE0BL,0x268BC07F29FD8CCL,0xE0702E69A80F66L,0x285003EAC056511L,0x35E130D242B2C3AL,0x107024C87924166L,0x17595DB8957EDD7L,0x26A27A4A1L};
-const BIG_560_58 CURVE_Gy_BLS48= {0x29A5B3FEA6ED83AL,0x3712E552A29C33DL,0x3391EA8E6958677L,0x29F3C7B9DED7E3EL,0x4E2E3818FB7229L,0x1CC30999551E32DL,0xE67A4086260E3CL,0x2A68CCB8579C437L,0x62C5FAE2B3349DL,0x2B634253L};
-
-const BIG_560_58 CURVE_Bnx_BLS48= {0x7DE40020L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
-const BIG_560_58 CURVE_Cof_BLS48= {0xA2D10F7F12ABEBL,0x5L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
-const BIG_560_58 CURVE_Cru_BLS48= {0x364E7E6CBBA429L,0x338C28A4D3DD160L,0x28DC3C68308093AL,0x230B290AE0E768L,0x127B0AB9B73BC2DL,0x23192337B1A639CL,0x1E399AEEFF04AE3L,0x20C88F0091318E5L,0x37CEF23203A79F7L,0x3F45F60F3L};
-const BIG_560_58 CURVE_Pxaaa_BLS48= {0x28D2E8E8923CE4AL,0x2F5C40B4AE04F4AL,0x2165D8A1313A20CL,0x2BFC7FD18DF074FL,0x12B37F0A7C90B98L,0x286ED92CE57BD37L,0x1C416C4ABF57375L,0x39779D0B2EE2172L,0x1A1C0497A5D9487L,0x3995E3602L};
-const BIG_560_58 CURVE_Pxaab_BLS48= {0x271CDC5AC0A1BE1L,0x2A3F8EC01DF5FDCL,0xAD5478433972C5L,0x22B73FAE2491D8CL,0x30E75C6B40A11FAL,0xE960C8FF259C26L,0x8CE48632D18B04L,0x39549A6BC27F419L,0x274A97B58DB48B6L,0xA5080497L};
-const BIG_560_58 CURVE_Pxaba_BLS48= {0x23A724C770C5DC4L,0x2A592B776B3BCB6L,0x110934259BEC736L,0x18E2C5A649AB2A8L,0x2B84CB2C58CD55L,0x168195F91EE8B90L,0xF7D917CE233167L,0x2A38FB7729335BDL,0x36D71DDA78B689BL,0x2D4BFBE3DL};
-const BIG_560_58 CURVE_Pxabb_BLS48= {0xD629669A64B740L,0x47F52632481578L,0x40D7054323ADD1L,0x3F9F4CCCD789E1BL,0x1E3C73C41F4EEA7L,0x15E7D7A61968610L,0x1B4186B40590D3BL,0x19F3BA577306AAFL,0x12DFE5F23F63B1AL,0x24E102A76L};
-const BIG_560_58 CURVE_Pxbaa_BLS48= {0x1BB0C6172F1E01FL,0x30C4734D2C29802L,0x990FA39218788L,0xEEB80ED6AE2501L,0x34728852870C80BL,0x94841D1637D478L,0x21CBCE27C3AD4D4L,0xA29F9E111E6AD5L,0x18CF1447CC49D3L,0x37787BDFDL};
-const BIG_560_58 CURVE_Pxbab_BLS48= {0x30A38238637383DL,0x288094FE661F866L,0x135C51ED5D3D212L,0x3C39C57E8051F25L,0x164639D737D882FL,0x312AEC8AA8DB8FCL,0x3FE838885E54DA8L,0x2FC3978BA297414L,0x850556F014F91FL,0x20B6CE9E3L};
-const BIG_560_58 CURVE_Pxbba_BLS48= {0x1683DB3D711939CL,0x26F9475A69066BAL,0xBCDB572CF2F6C0L,0x128DC8902CE1323L,0x29B3233EF353D1CL,0x342402A46B7046L,0x3187D1A403D6070L,0x3E3466F9F23BA45L,0xD943BE2435A9CCL,0x2A08A9CE1L};
-const BIG_560_58 CURVE_Pxbbb_BLS48= {0x32D410A856F4899L,0x7147AE4A959750L,0x28AEA57990BC9BCL,0x2807F11E9E26DAL,0x282C5EBA71895E3L,0x2832162D9FEC5FFL,0x33479E30007597CL,0x227A376C26A4B00L,0x1C16F1567857A32L,0x37DD51E0FL};
-const BIG_560_58 CURVE_Pyaaa_BLS48= {0x2E097CFB4137844L,0x313B1927FD3CCDDL,0x1EB86FABC768851L,0x4156382E29C659L,0x3C10CC7CF8896E0L,0x22FC388FD1D539CL,0x2C3E202F56CDD39L,0x2E9645FB43E8C72L,0x93548FD8706190L,0x1D9BB42E1L};
-const BIG_560_58 CURVE_Pyaab_BLS48= {0x25E3248EDC83190L,0x2BAABD11AA26424L,0x161D23BAC418D32L,0x5B3258247CBFF7L,0xED295CADE03C1FL,0x3A84758C5C741A2L,0x3D207E205E02B9EL,0x86743E24EA6513L,0x1DAA8E268EFA1C4L,0x9E72CE4FL};
-const BIG_560_58 CURVE_Pyaba_BLS48= {0x1DC5FD041985C0DL,0x2350136864770FAL,0x3179A5F5483ACE9L,0x2C25AB1A171F32CL,0x397C4403E658341L,0xE7E1C2186E971L,0x15921F60B0A5F40L,0x46E9317635E008L,0x17EF1353F3140D6L,0x35166F259L};
-const BIG_560_58 CURVE_Pyabb_BLS48= {0x36FE0A8159D42F8L,0x290EBF4445895D7L,0x20273B0FE9E7F2BL,0x23A6E2FF0F3FD7DL,0x1F37678869E5006L,0x2CA2DB53C9ED8DL,0x4E4BFD902F51DEL,0x1FF8649F125B66L,0x382D89BED80731L,0x28383AAA8L};
-const BIG_560_58 CURVE_Pybaa_BLS48= {0xD512B39F38039FL,0x23BA255F3C68984L,0x390AA14058093CFL,0x1FF0B2F2FFA1622L,0x310C5CC5F2ABB75L,0x3D9016C9EB6A2C9L,0x1CF7EE268EC2F18L,0x338BBB12C36B65AL,0x1EEE591B8A1D1ABL,0xAC11927CL};
-const BIG_560_58 CURVE_Pybab_BLS48= {0x269E06F295F7865L,0x2FC1D5BA1CE9A0EL,0x3631F3F1DACADD7L,0x30CCF3581D3943L,0x3FBE3B902505BB0L,0x23C4A9D31B36A49L,0x2056135CA438576L,0x2B78046739984F4L,0x12C0AC57B6F180EL,0xC48CA65BL};
-const BIG_560_58 CURVE_Pybba_BLS48= {0x1D83A9F67CC1979L,0x12ABE71DD89E6F0L,0x247B1C21635FDA9L,0x92880950076209L,0x2ECF179E0D733D7L,0x20D2DFFB53841F9L,0x3441B1645BC9FE8L,0x3089222CE22EC9DL,0x3699AE4108C86C5L,0x320034967L};
-const BIG_560_58 CURVE_Pybbb_BLS48= {0xFC89562FC9F25BL,0xB13E01AE9AB5D3L,0x18E8F169C9D264FL,0x3A5828D76B24A13L,0x1E8FD9BCEF84D9AL,0x36D20E3DBFEE16AL,0x17D3B3DF1AB4C1CL,0xF190510390F005L,0x12640E61B9BF549L,0x283D84D97L};
-const BIG_560_58 CURVE_W_BLS48[2]= {{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}};
-const BIG_560_58 CURVE_SB_BLS48[2][2]= {{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}}};
-const BIG_560_58 CURVE_WB_BLS48[4]= {{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}};
-const BIG_560_58 CURVE_BB_BLS48[4][4]= {{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}}};
-
-
-#endif
\ No newline at end of file
[40/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/go/MPIN.go
----------------------------------------------------------------------
diff --git a/version22/go/MPIN.go b/version22/go/MPIN.go
deleted file mode 100644
index 43b5f32..0000000
--- a/version22/go/MPIN.go
+++ /dev/null
@@ -1,769 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* MPIN API Functions */
-
-package main
-
-import "time"
-
-//import "fmt"
-
-/* Configure mode of operation */
-
-const PERMITS bool=true
-const PINERROR bool=true
-const FULL bool=true
-const SINGLE_PASS bool=false
-
-
-const MPIN_EFS int=int(MODBYTES)
-const MPIN_EGS int=int(MODBYTES)
-const MPIN_PAS int=16
-const MPIN_BAD_PARAMS int=-11
-const MPIN_INVALID_POINT int=-14
-const MPIN_WRONG_ORDER int=-18
-const MPIN_BAD_PIN int=-19
-const MPIN_SHA256 int=32
-const MPIN_SHA384 int=48
-const MPIN_SHA512 int=64
-
-/* Configure your PIN here */
-
-const MPIN_MAXPIN int32=10000 /* PIN less than this */
-const MPIN_PBLEN int32=14 /* Number of bits in PIN */
-const MPIN_TS int=10 /* 10 for 4 digit PIN, 14 for 6-digit PIN - 2^TS/TS approx = sqrt(MAXPIN) */
-const MPIN_TRAP int=200 /* 200 for 4 digit PIN, 2000 for 6-digit PIN - approx 2*sqrt(MAXPIN) */
-
-const MPIN_HASH_TYPE int=MPIN_SHA256
-
-func mpin_hash(sha int,c *FP4,U *ECP) []byte {
- var w [MPIN_EFS]byte
- var t [6*MPIN_EFS]byte
- var h []byte
-
- c.geta().getA().toBytes(w[:]); for i:=0;i<MPIN_EFS;i++ {t[i]=w[i]}
- c.geta().getB().toBytes(w[:]); for i:=MPIN_EFS;i<2*MPIN_EFS;i++ {t[i]=w[i-MPIN_EFS]}
- c.getb().getA().toBytes(w[:]); for i:=2*MPIN_EFS;i<3*MPIN_EFS;i++ {t[i]=w[i-2*MPIN_EFS]}
- c.getb().getB().toBytes(w[:]); for i:=3*MPIN_EFS;i<4*MPIN_EFS;i++ {t[i]=w[i-3*MPIN_EFS]}
-
- U.getX().toBytes(w[:]); for i:=4*MPIN_EFS;i<5*MPIN_EFS;i++ {t[i]=w[i-4*MPIN_EFS]}
- U.getY().toBytes(w[:]); for i:=5*MPIN_EFS;i<6*MPIN_EFS;i++ {t[i]=w[i-5*MPIN_EFS]}
-
- if sha==MPIN_SHA256 {
- H:=NewHASH256()
- H.Process_array(t[:])
- h=H.Hash()
- }
- if sha==MPIN_SHA384 {
- H:=NewHASH384()
- H.Process_array(t[:])
- h=H.Hash()
- }
- if sha==MPIN_SHA512 {
- H:=NewHASH512()
- H.Process_array(t[:])
- h=H.Hash()
- }
- if h==nil {return nil}
- R:=make([]byte,MPIN_PAS)
- for i:=0;i<MPIN_PAS;i++ {R[i]=h[i]}
- return R
-}
-
-/* Hash number (optional) and string to coordinate on curve */
-
-func mhashit(sha int,n int32,ID []byte) []byte {
- var R []byte
- if sha==MPIN_SHA256 {
- H:=NewHASH256()
- if n!=0 {H.Process_num(n)}
- H.Process_array(ID)
- R=H.Hash()
- }
- if sha==MPIN_SHA384 {
- H:=NewHASH384()
- if n!=0 {H.Process_num(n)}
- H.Process_array(ID)
- R=H.Hash()
- }
- if sha==MPIN_SHA512 {
- H:=NewHASH512()
- if n!=0 {H.Process_num(n)}
- H.Process_array(ID)
- R=H.Hash()
- }
- if R==nil {return nil}
- const RM int=int(MODBYTES)
- var W [RM]byte
- if sha>RM {
- for i:=0;i<RM;i++ {W[i]=R[i]}
- } else {
- for i:=0;i<sha;i++ {W[i]=R[i]}
- for i:=sha;i<RM;i++ {W[i]=0}
- }
-
- return W[:]
-}
-
-func mapit(h []byte) *ECP {
- q:=NewBIGints(Modulus)
- x:=fromBytes(h[:])
- x.mod(q)
- var P *ECP
- for true {
- P=NewECPbigint(x,0)
- if !P.is_infinity() {break}
- x.inc(1); x.norm()
- }
- if CURVE_PAIRING_TYPE!=BN_CURVE {
- c:=NewBIGints(CURVE_Cof)
- P=P.mul(c)
- }
- return P
-}
-
-/* needed for SOK */
-func mapit2(h []byte) *ECP2 {
- q:=NewBIGints(Modulus)
- x:=fromBytes(h[:])
- one:=NewBIGint(1)
- var X *FP2
- var Q,T,K *ECP2
- x.mod(q)
- for true {
- X=NewFP2bigs(one,x)
- Q=NewECP2fp2(X)
- if !Q.is_infinity() {break}
- x.inc(1); x.norm()
- }
-/* Fast Hashing to G2 - Fuentes-Castaneda, Knapp and Rodriguez-Henriquez */
- Fra:=NewBIGints(CURVE_Fra)
- Frb:=NewBIGints(CURVE_Frb)
- X=NewFP2bigs(Fra,Frb)
- x=NewBIGints(CURVE_Bnx)
-
- T=NewECP2(); T.copy(Q)
- T.mul(x); T.neg()
- K=NewECP2(); K.copy(T)
- K.dbl(); K.add(T); K.affine()
-
- K.frob(X)
- Q.frob(X); Q.frob(X); Q.frob(X)
- Q.add(T); Q.add(K)
- T.frob(X); T.frob(X)
- Q.add(T)
- Q.affine()
- return Q
-}
-
-/* return time in slots since epoch */
-func MPIN_today() int {
- now:=time.Now()
- return int(now.Unix())/(60*1440)
-}
-
-/* these next two functions help to implement elligator squared - http://eprint.iacr.org/2014/043 */
-/* maps a random u to a point on the curve */
-func emap(u *BIG,cb int) *ECP {
- var P *ECP
- x:=NewBIGcopy(u)
- p:=NewBIGints(Modulus)
- x.mod(p)
- for true {
- P=NewECPbigint(x,cb)
- if !P.is_infinity() {break}
- x.inc(1); x.norm()
- }
- return P
-}
-
-/* returns u derived from P. Random value in range 1 to return value should then be added to u */
-func unmap(u* BIG,P *ECP) int {
- s:=P.getS()
- var R *ECP
- r:=0
- x:=P.getX()
- u.copy(x)
- for true {
- u.dec(1); u.norm()
- r++
- R=NewECPbigint(u,s)
- if !R.is_infinity() {break}
- }
- return r
-}
-
-func MPIN_HASH_ID(sha int,ID []byte) []byte {
- return mhashit(sha,0,ID)
-}
-
-/* these next two functions implement elligator squared - http://eprint.iacr.org/2014/043 */
-/* Elliptic curve point E in format (0x04,x,y} is converted to form {0x0-,u,v} */
-/* Note that u and v are indistinguisible from random strings */
-func MPIN_ENCODING(rng *RAND,E []byte) int {
- var T [MPIN_EFS]byte
-
- for i:=0;i<MPIN_EFS;i++ {T[i]=E[i+1]}
- u:=fromBytes(T[:])
- for i:=0;i<MPIN_EFS;i++ {T[i]=E[i+MPIN_EFS+1]}
- v:=fromBytes(T[:])
-
- P:=NewECPbigs(u,v)
- if P.is_infinity() {return MPIN_INVALID_POINT}
-
- p:=NewBIGints(Modulus)
- u=randomnum(p,rng)
-
- su:=int(rng.GetByte()); /*if (su<0) su=-su;*/ su%=2
-
- W:=emap(u,su)
- P.sub(W)
- sv:=P.getS()
- rn:=unmap(v,P)
- m:=int(rng.GetByte()); /*if (m<0) m=-m;*/ m%=rn
- v.inc(m+1)
- E[0]=byte(su+2*sv)
- u.toBytes(T[:])
- for i:=0;i<MPIN_EFS;i++ {E[i+1]=T[i]}
- v.toBytes(T[:])
- for i:=0;i<MPIN_EFS;i++ {E[i+MPIN_EFS+1]=T[i]}
-
- return 0
-}
-
-func MPIN_DECODING(D []byte) int {
- var T [MPIN_EFS]byte
-
- if (D[0]&0x04)!=0 {return MPIN_INVALID_POINT}
-
- for i:=0;i<MPIN_EFS;i++ {T[i]=D[i+1]}
- u:=fromBytes(T[:])
- for i:=0;i<MPIN_EFS;i++ {T[i]=D[i+MPIN_EFS+1]}
- v:=fromBytes(T[:])
-
- su:=int(D[0]&1)
- sv:=int((D[0]>>1)&1)
- W:=emap(u,su)
- P:=emap(v,sv)
- P.add(W)
- u=P.getX()
- v=P.getY()
- D[0]=0x04
- u.toBytes(T[:])
- for i:=0;i<MPIN_EFS;i++ {D[i+1]=T[i]}
- v.toBytes(T[:])
- for i:=0;i<MPIN_EFS;i++ {D[i+MPIN_EFS+1]=T[i]}
-
- return 0
-}
-
-/* R=R1+R2 in group G1 */
-func MPIN_RECOMBINE_G1(R1 []byte,R2 []byte,R []byte) int {
- P:=ECP_fromBytes(R1)
- Q:=ECP_fromBytes(R2)
-
- if (P.is_infinity() || Q.is_infinity()) {return MPIN_INVALID_POINT}
-
- P.add(Q)
-
- P.toBytes(R[:])
- return 0
-}
-
-/* W=W1+W2 in group G2 */
-func MPIN_RECOMBINE_G2(W1 []byte,W2 []byte,W []byte) int {
- P:=ECP2_fromBytes(W1)
- Q:=ECP2_fromBytes(W2)
-
- if (P.is_infinity() || Q.is_infinity()) {return MPIN_INVALID_POINT}
-
- P.add(Q)
-
- P.toBytes(W)
- return 0
-}
-
-/* create random secret S */
-func MPIN_RANDOM_GENERATE(rng *RAND,S []byte) int {
- r:=NewBIGints(CURVE_Order);
- s:=randomnum(r,rng)
- if AES_S>0 {
- s.mod2m(2*AES_S)
- }
- s.toBytes(S)
- return 0
-}
-
-/* Extract PIN from TOKEN for identity CID */
-func MPIN_EXTRACT_PIN(sha int,CID []byte,pin int,TOKEN []byte) int {
- P:=ECP_fromBytes(TOKEN)
- if P.is_infinity() {return MPIN_INVALID_POINT}
- h:=mhashit(sha,0,CID)
- R:=mapit(h)
-
- R=R.pinmul(int32(pin)%MPIN_MAXPIN,MPIN_PBLEN)
- P.sub(R)
-
- P.toBytes(TOKEN)
-
- return 0
-}
-
-/* Implement step 2 on client side of MPin protocol */
-func MPIN_CLIENT_2(X []byte,Y []byte,SEC []byte) int {
- r:=NewBIGints(CURVE_Order)
- P:=ECP_fromBytes(SEC)
- if P.is_infinity() {return MPIN_INVALID_POINT}
-
- px:=fromBytes(X)
- py:=fromBytes(Y)
- px.add(py)
- px.mod(r)
- //px.rsub(r)
-
- P=G1mul(P,px)
- P.neg()
- P.toBytes(SEC)
- //G1mul(P,px).toBytes(SEC)
- return 0
-}
-
-/* Implement step 1 on client side of MPin protocol */
-func MPIN_CLIENT_1(sha int,date int,CLIENT_ID []byte,rng *RAND,X []byte,pin int,TOKEN []byte,SEC []byte,xID []byte,xCID []byte,PERMIT []byte) int {
- r:=NewBIGints(CURVE_Order)
-
- var x *BIG
- if (rng!=nil) {
- x=randomnum(r,rng)
- if AES_S>0 {
- x.mod2m(2*AES_S)
- }
- x.toBytes(X)
- } else {
- x=fromBytes(X)
- }
-
- h:=mhashit(sha,0,CLIENT_ID)
- P:=mapit(h)
-
- T:=ECP_fromBytes(TOKEN)
- if T.is_infinity() {return MPIN_INVALID_POINT}
-
- W:=P.pinmul(int32(pin)%MPIN_MAXPIN,MPIN_PBLEN)
- T.add(W)
- if date!=0 {
- W=ECP_fromBytes(PERMIT)
- if W.is_infinity() {return MPIN_INVALID_POINT}
- T.add(W)
- h=mhashit(sha,int32(date),h)
- W=mapit(h)
- if xID!=nil {
- P=G1mul(P,x)
- P.toBytes(xID)
- W=G1mul(W,x)
- P.add(W)
- } else {
- P.add(W)
- P=G1mul(P,x)
- }
- if xCID!=nil {P.toBytes(xCID)}
- } else {
- if xID!=nil {
- P=G1mul(P,x)
- P.toBytes(xID)
- }
- }
-
-
- T.toBytes(SEC)
- return 0
-}
-
-/* Extract Server Secret SST=S*Q where Q is fixed generator in G2 and S is master secret */
-func MPIN_GET_SERVER_SECRET(S []byte,SST []byte) int {
- Q:=NewECP2fp2s(NewFP2bigs(NewBIGints(CURVE_Pxa),NewBIGints(CURVE_Pxb)),NewFP2bigs(NewBIGints(CURVE_Pya),NewBIGints(CURVE_Pyb)))
-
- s:=fromBytes(S)
- Q=G2mul(Q,s)
- Q.toBytes(SST)
- return 0
-}
-
-/*
- W=x*H(G);
- if RNG == NULL then X is passed in
- if RNG != NULL the X is passed out
- if type=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve
-*/
-func MPIN_GET_G1_MULTIPLE(rng *RAND,typ int,X []byte,G []byte,W []byte) int {
- var x *BIG
- r:=NewBIGints(CURVE_Order)
- if rng!=nil {
- x=randomnum(r,rng)
- if AES_S>0 {
- x.mod2m(2*AES_S)
- }
- x.toBytes(X)
- } else {
- x=fromBytes(X)
- }
- var P *ECP
- if typ==0 {
- P=ECP_fromBytes(G)
- if P.is_infinity() {return MPIN_INVALID_POINT}
- } else {P=mapit(G)}
-
- G1mul(P,x).toBytes(W)
- return 0
-}
-
-/* Client secret CST=S*H(CID) where CID is client ID and S is master secret */
-/* CID is hashed externally */
-func MPIN_GET_CLIENT_SECRET(S []byte,CID []byte,CST []byte) int {
- return MPIN_GET_G1_MULTIPLE(nil,1,S,CID,CST)
-}
-
-/* Time Permit CTT=S*(date|H(CID)) where S is master secret */
-func MPIN_GET_CLIENT_PERMIT(sha,date int,S []byte,CID []byte,CTT []byte) int {
- h:=mhashit(sha,int32(date),CID)
- P:=mapit(h)
-
- s:=fromBytes(S)
- G1mul(P,s).toBytes(CTT)
- return 0
-}
-
-/* Outputs H(CID) and H(T|H(CID)) for time permits. If no time permits set HID=HTID */
-func MPIN_SERVER_1(sha int,date int,CID []byte,HID []byte,HTID []byte) {
- h:=mhashit(sha,0,CID)
- P:=mapit(h)
-
- P.toBytes(HID);
- if date!=0 {
- // if HID!=nil {P.toBytes(HID)}
- h=mhashit(sha,int32(date),h)
- R:=mapit(h)
- P.add(R)
- P.toBytes(HTID)
- } //else {P.toBytes(HID)}
-}
-
-/* Implement step 2 of MPin protocol on server side */
-func MPIN_SERVER_2(date int,HID []byte,HTID []byte,Y []byte,SST []byte,xID []byte,xCID []byte,mSEC []byte,E []byte,F []byte) int {
-// q:=NewBIGints(Modulus)
- Q:=NewECP2fp2s(NewFP2bigs(NewBIGints(CURVE_Pxa),NewBIGints(CURVE_Pxb)),NewFP2bigs(NewBIGints(CURVE_Pya),NewBIGints(CURVE_Pyb)))
-
- sQ:=ECP2_fromBytes(SST)
- if sQ.is_infinity() {return MPIN_INVALID_POINT}
-
- var R *ECP
- if date!=0 {
- R=ECP_fromBytes(xCID)
- } else {
- if xID==nil {return MPIN_BAD_PARAMS}
- R=ECP_fromBytes(xID)
- }
- if R.is_infinity() {return MPIN_INVALID_POINT}
-
- y:=fromBytes(Y)
- var P *ECP
- if date!=0 {
- P=ECP_fromBytes(HTID)
- } else {
- if HID==nil {return MPIN_BAD_PARAMS}
- P=ECP_fromBytes(HID)
- }
-
- if P.is_infinity() {return MPIN_INVALID_POINT}
-
- P=G1mul(P,y)
- P.add(R)
- R=ECP_fromBytes(mSEC)
- if R.is_infinity() {return MPIN_INVALID_POINT}
-
- var g *FP12
-// FP12 g1=new FP12(0);
-
- g=ate2(Q,R,sQ,P)
- g=fexp(g)
-
- if !g.isunity() {
- if (HID!=nil && xID!=nil && E!=nil && F!=nil) {
- g.toBytes(E)
- if date!=0 {
- P=ECP_fromBytes(HID)
- if P.is_infinity() {return MPIN_INVALID_POINT}
- R=ECP_fromBytes(xID)
- if R.is_infinity() {return MPIN_INVALID_POINT}
-
- P=G1mul(P,y)
- P.add(R)
- }
- g=ate(Q,P)
- g=fexp(g)
- g.toBytes(F)
- }
- return MPIN_BAD_PIN
- }
-
- return 0
-}
-
-/* Pollards kangaroos used to return PIN error */
-func MPIN_KANGAROO(E []byte,F []byte) int {
- ge:=FP12_fromBytes(E)
- gf:=FP12_fromBytes(F)
- var distance [MPIN_TS]int
- t:=NewFP12copy(gf)
-
- var table []*FP12
- var i int
- s:=1
- for m:=0;m<MPIN_TS;m++ {
- distance[m]=s
- table=append(table,NewFP12copy(t))
- s*=2
- t.usqr()
- }
- t.one()
- dn:=0
- for j:=0;j<MPIN_TRAP;j++ {
- i=t.geta().geta().getA().lastbits(20)%MPIN_TS
- t.mul(table[i])
- dn+=distance[i]
- }
- gf.copy(t); gf.conj()
- steps:=0; dm:=0
- res:=0
- for dm-dn<int(MPIN_MAXPIN) {
- steps++
- if steps>4*MPIN_TRAP {break}
- i=ge.geta().geta().getA().lastbits(20)%MPIN_TS;
- ge.mul(table[i])
- dm+=distance[i]
- if ge.equals(t) {
- res=dm-dn
- break;
- }
- if ge.equals(gf) {
- res=dn-dm
- break
- }
-
- }
- if (steps>4*MPIN_TRAP || dm-dn>=int(MPIN_MAXPIN)) {res=0 } // Trap Failed - probable invalid token
- return int(res)
-}
-
-/* Functions to support M-Pin Full */
-
-func MPIN_PRECOMPUTE(TOKEN []byte,CID []byte,G1 []byte,G2 []byte) int {
- var P,T *ECP
- var g *FP12
-
- T=ECP_fromBytes(TOKEN)
- if T.is_infinity() {return MPIN_INVALID_POINT}
-
- P=mapit(CID)
-
- Q:=NewECP2fp2s(NewFP2bigs(NewBIGints(CURVE_Pxa),NewBIGints(CURVE_Pxb)),NewFP2bigs(NewBIGints(CURVE_Pya),NewBIGints(CURVE_Pyb)))
-
- g=ate(Q,T)
- g=fexp(g)
- g.toBytes(G1)
-
- g=ate(Q,P)
- g=fexp(g)
- g.toBytes(G2)
-
- return 0
-}
-
-/* Hash the M-Pin transcript - new */
-
-func MPIN_HASH_ALL(sha int,HID []byte,xID []byte,xCID []byte,SEC []byte,Y []byte,R []byte,W []byte) []byte {
- tlen:=0
- var T [10*int(MODBYTES)+4]byte
-
- for i:=0;i<len(HID);i++ {T[i]=HID[i]}
- tlen+=len(HID)
- if xCID!=nil {
- for i:=0;i<len(xCID);i++ {T[i+tlen]=xCID[i]}
- tlen+=len(xCID)
- } else {
- for i:=0;i<len(xID);i++ {T[i+tlen]=xID[i]}
- tlen+=len(xID)
- }
- for i:=0;i<len(SEC);i++ {T[i+tlen]=SEC[i]}
- tlen+=len(SEC)
- for i:=0;i<len(Y);i++ {T[i+tlen]=Y[i]}
- tlen+=len(Y)
- for i:=0;i<len(R);i++ {T[i+tlen]=R[i]}
- tlen+=len(R)
- for i:=0;i<len(W);i++ {T[i+tlen]=W[i]}
- tlen+=len(W)
-
- return mhashit(sha,0,T[:])
-}
-
-/* calculate common key on client side */
-/* wCID = w.(A+AT) */
-func MPIN_CLIENT_KEY(sha int,G1 []byte,G2 []byte,pin int,R []byte,X []byte,H []byte,wCID []byte,CK []byte) int {
-
- g1:=FP12_fromBytes(G1)
- g2:=FP12_fromBytes(G2)
- z:=fromBytes(R)
- x:=fromBytes(X)
- h:=fromBytes(H)
-
- W:=ECP_fromBytes(wCID)
- if W.is_infinity() {return MPIN_INVALID_POINT}
-
- W=G1mul(W,x)
-
- f:=NewFP2bigs(NewBIGints(CURVE_Fra),NewBIGints(CURVE_Frb))
- r:=NewBIGints(CURVE_Order)
- q:=NewBIGints(Modulus)
-
- z.add(h); //new
- z.mod(r);
-
- m:=NewBIGcopy(q)
- m.mod(r)
-
- a:=NewBIGcopy(z)
- a.mod(m)
-
- b:=NewBIGcopy(z)
- b.div(m)
-
- g2.pinpow(pin,int(MPIN_PBLEN))
- g1.mul(g2)
-
- c:=g1.trace()
- g2.copy(g1)
- g2.frob(f)
- cp:=g2.trace()
- g1.conj()
- g2.mul(g1)
- cpm1:=g2.trace()
- g2.mul(g1)
- cpm2:=g2.trace()
-
- c=c.xtr_pow2(cp,cpm1,cpm2,a,b)
-
- t:=mpin_hash(sha,c,W);
-
- for i:=0;i<MPIN_PAS;i++ {CK[i]=t[i]}
-
- return 0
-}
-
-/* calculate common key on server side */
-/* Z=r.A - no time permits involved */
-
-func MPIN_SERVER_KEY(sha int,Z []byte,SST []byte,W []byte,H []byte,HID []byte,xID []byte,xCID []byte,SK []byte) int {
- sQ:=ECP2_fromBytes(SST)
- if sQ.is_infinity() {return MPIN_INVALID_POINT}
- R:=ECP_fromBytes(Z)
- if R.is_infinity() {return MPIN_INVALID_POINT}
- A:=ECP_fromBytes(HID)
- if A.is_infinity() {return MPIN_INVALID_POINT}
-
- var U *ECP
- if xCID!=nil {
- U=ECP_fromBytes(xCID)
- } else {U=ECP_fromBytes(xID)}
- if U.is_infinity() {return MPIN_INVALID_POINT}
-
- w:=fromBytes(W)
- h:=fromBytes(H)
- A=G1mul(A,h) // new
- R.add(A)
-
- U=G1mul(U,w)
- g:=ate(sQ,R)
- g=fexp(g)
-
- c:=g.trace()
-
- t:=mpin_hash(sha,c,U)
-
- for i:=0;i<MPIN_PAS;i++ {SK[i]=t[i]}
-
- return 0
-}
-
-/* return time since epoch */
-func MPIN_GET_TIME() int {
- now:=time.Now()
- return int(now.Unix())
-}
-
-/* Generate Y = H(epoch, xCID/xID) */
-func MPIN_GET_Y(sha int,TimeValue int,xCID []byte,Y []byte) {
- h:= mhashit(sha,int32(TimeValue),xCID)
- y:= fromBytes(h)
- q:=NewBIGints(CURVE_Order)
- y.mod(q)
- if AES_S>0 {
- y.mod2m(2*AES_S)
- }
- y.toBytes(Y)
-}
-
-/* One pass MPIN Client */
-func MPIN_CLIENT(sha int,date int,CLIENT_ID []byte,RNG *RAND,X []byte,pin int,TOKEN []byte,SEC []byte,xID []byte,xCID []byte,PERMIT []byte,TimeValue int,Y []byte) int {
- rtn:=0
-
- var pID []byte
- if date == 0 {
- pID = xID
- } else {pID = xCID}
-
- rtn = MPIN_CLIENT_1(sha,date,CLIENT_ID,RNG,X,pin,TOKEN,SEC,xID,xCID,PERMIT)
- if rtn != 0 {return rtn}
-
- MPIN_GET_Y(sha,TimeValue,pID,Y)
-
- rtn = MPIN_CLIENT_2(X,Y,SEC)
- if rtn != 0 {return rtn}
-
- return 0
-}
-
-/* One pass MPIN Server */
-func MPIN_SERVER(sha int,date int,HID []byte,HTID []byte,Y []byte,SST []byte,xID []byte,xCID []byte,SEC []byte,E []byte,F []byte,CID []byte,TimeValue int) int {
- rtn:=0
-
- var pID []byte
- if date == 0 {
- pID = xID
- } else {pID = xCID}
-
- MPIN_SERVER_1(sha,date,CID,HID,HTID)
- MPIN_GET_Y(sha,TimeValue,pID,Y);
-
- rtn = MPIN_SERVER_2(date,HID,HTID,Y,SST,xID,xCID,SEC,E,F)
- if rtn != 0 {return rtn}
-
- return 0
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/go/PAIR.go
----------------------------------------------------------------------
diff --git a/version22/go/PAIR.go b/version22/go/PAIR.go
deleted file mode 100644
index 89c80ce..0000000
--- a/version22/go/PAIR.go
+++ /dev/null
@@ -1,641 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* MiotCL BN Curve Pairing functions */
-
-package main
-
-//import "fmt"
-
-/* Line function */
-func line(A *ECP2,B *ECP2,Qx *FP,Qy *FP) *FP12 {
- P:=NewECP2()
-
- P.copy(A);
- ZZ:=NewFP2copy(P.getz())
- ZZ.sqr()
- var D int
- if A==B {
- D=A.dbl()
- } else {D=A.add(B)}
-
- if D<0 {return NewFP12int(1)}
-
- Z3:=NewFP2copy(A.getz())
-
- var a *FP4
- var b *FP4
- c:=NewFP4int(0)
-
- if (D==0) { /* Addition */
- X:=NewFP2copy(B.getx())
- Y:=NewFP2copy(B.gety())
- T:=NewFP2copy(P.getz())
- T.mul(Y)
- ZZ.mul(T)
-
- NY:=NewFP2copy(P.gety()); NY.neg()
- ZZ.add(NY)
- Z3.pmul(Qy)
- T.mul(P.getx());
- X.mul(NY);
- T.add(X);
- a=NewFP4fp2s(Z3,T)
- ZZ.neg();
- ZZ.pmul(Qx)
- b=NewFP4fp2(ZZ)
- } else { /* Doubling */
- X:=NewFP2copy(P.getx())
- Y:=NewFP2copy(P.gety())
- T:=NewFP2copy(P.getx())
- T.sqr()
- T.imul(3)
-
- Y.sqr()
- Y.add(Y)
- Z3.mul(ZZ)
- Z3.pmul(Qy)
-
- X.mul(T)
- X.sub(Y)
- a=NewFP4fp2s(Z3,X)
- T.neg()
- ZZ.mul(T)
- ZZ.pmul(Qx)
- b=NewFP4fp2(ZZ)
- }
- return NewFP12fp4s(a,b,c)
-}
-
-/* Optimal R-ate pairing */
-func ate(P *ECP2,Q *ECP) *FP12 {
- f:=NewFP2bigs(NewBIGints(CURVE_Fra),NewBIGints(CURVE_Frb))
- x:=NewBIGints(CURVE_Bnx)
- n:=NewBIGcopy(x)
- K:=NewECP2()
- var lv *FP12
-
- if CURVE_PAIRING_TYPE == BN_CURVE {
- n.pmul(6); n.dec(2)
- } else {n.copy(x)}
-
- n.norm()
- P.affine()
- Q.affine()
- Qx:=NewFPcopy(Q.getx())
- Qy:=NewFPcopy(Q.gety())
-
- A:=NewECP2()
- r:=NewFP12int(1)
-
- A.copy(P)
- nb:=n.nbits()
-
- for i:=nb-2;i>=1;i-- {
- lv=line(A,A,Qx,Qy)
- r.smul(lv)
- if n.bit(i)==1 {
-
- lv=line(A,P,Qx,Qy)
-
- r.smul(lv)
- }
- r.sqr()
- }
-
- lv=line(A,A,Qx,Qy)
- r.smul(lv)
-
- if n.parity()==1 {
- lv=line(A,P,Qx,Qy)
- r.smul(lv)
- }
-
-/* R-ate fixup required for BN curves */
-
- if CURVE_PAIRING_TYPE == BN_CURVE {
- r.conj()
- K.copy(P)
- K.frob(f)
- A.neg()
- lv=line(A,K,Qx,Qy)
- r.smul(lv)
- K.frob(f)
- K.neg()
- lv=line(A,K,Qx,Qy)
- r.smul(lv)
- }
-
- return r
-}
-
-/* Optimal R-ate double pairing e(P,Q).e(R,S) */
-func ate2(P *ECP2,Q *ECP,R *ECP2,S *ECP) *FP12 {
- f:=NewFP2bigs(NewBIGints(CURVE_Fra),NewBIGints(CURVE_Frb))
- x:=NewBIGints(CURVE_Bnx)
- n:=NewBIGcopy(x)
- K:=NewECP2()
- var lv *FP12
-
- if CURVE_PAIRING_TYPE == BN_CURVE {
- n.pmul(6); n.dec(2)
- } else {n.copy(x)}
-
- n.norm()
- P.affine()
- Q.affine()
- R.affine()
- S.affine()
-
- Qx:=NewFPcopy(Q.getx())
- Qy:=NewFPcopy(Q.gety())
- Sx:=NewFPcopy(S.getx())
- Sy:=NewFPcopy(S.gety())
-
- A:=NewECP2()
- B:=NewECP2()
- r:=NewFP12int(1)
-
- A.copy(P)
- B.copy(R)
- nb:=n.nbits()
-
- for i:=nb-2;i>=1;i-- {
- lv=line(A,A,Qx,Qy)
- r.smul(lv)
- lv=line(B,B,Sx,Sy)
- r.smul(lv)
-
- if n.bit(i)==1 {
- lv=line(A,P,Qx,Qy)
- r.smul(lv)
- lv=line(B,R,Sx,Sy)
- r.smul(lv)
- }
- r.sqr()
- }
-
- lv=line(A,A,Qx,Qy)
- r.smul(lv)
- lv=line(B,B,Sx,Sy)
- r.smul(lv)
- if n.parity()==1 {
- lv=line(A,P,Qx,Qy)
- r.smul(lv)
- lv=line(B,R,Sx,Sy)
- r.smul(lv)
- }
-
-/* R-ate fixup */
- if CURVE_PAIRING_TYPE == BN_CURVE {
- r.conj()
- K.copy(P)
- K.frob(f)
- A.neg()
- lv=line(A,K,Qx,Qy)
- r.smul(lv)
- K.frob(f)
- K.neg()
- lv=line(A,K,Qx,Qy)
- r.smul(lv)
-
- K.copy(R)
- K.frob(f)
- B.neg()
- lv=line(B,K,Sx,Sy)
- r.smul(lv)
- K.frob(f)
- K.neg()
- lv=line(B,K,Sx,Sy)
- r.smul(lv)
- }
-
- return r
-}
-
-/* final exponentiation - keep separate for multi-pairings and to avoid thrashing stack */
-func fexp(m *FP12) *FP12 {
- f:=NewFP2bigs(NewBIGints(CURVE_Fra),NewBIGints(CURVE_Frb))
- x:=NewBIGints(CURVE_Bnx)
- r:=NewFP12copy(m)
-
-/* Easy part of final exp */
- lv:=NewFP12copy(r)
- lv.inverse()
- r.conj()
-
- r.mul(lv)
- lv.copy(r)
- r.frob(f)
- r.frob(f)
- r.mul(lv)
-/* Hard part of final exp */
- if CURVE_PAIRING_TYPE == BN_CURVE {
- lv.copy(r)
- lv.frob(f)
- x0:=NewFP12copy(lv)
- x0.frob(f)
- lv.mul(r)
- x0.mul(lv)
- x0.frob(f)
- x1:=NewFP12copy(r)
- x1.conj()
- x4:=r.pow(x)
-
- x3:=NewFP12copy(x4)
- x3.frob(f)
-
- x2:=x4.pow(x)
-
- x5:=NewFP12copy(x2); x5.conj()
- lv=x2.pow(x)
-
- x2.frob(f)
- r.copy(x2); r.conj()
-
- x4.mul(r)
- x2.frob(f)
-
- r.copy(lv)
- r.frob(f)
- lv.mul(r)
-
- lv.usqr()
- lv.mul(x4)
- lv.mul(x5)
- r.copy(x3)
- r.mul(x5)
- r.mul(lv)
- lv.mul(x2)
- r.usqr()
- r.mul(lv)
- r.usqr()
- lv.copy(r)
- lv.mul(x1)
- r.mul(x0)
- lv.usqr()
- r.mul(lv)
- r.reduce()
- } else {
-
-// Ghamman & Fouotsa Method
- y0:=NewFP12copy(r); y0.usqr()
- y1:=y0.pow(x)
- x.fshr(1); y2:=y1.pow(x); x.fshl(1)
- y3:=NewFP12copy(r); y3.conj()
- y1.mul(y3)
-
- y1.conj()
- y1.mul(y2)
-
- y2=y1.pow(x)
-
- y3=y2.pow(x)
- y1.conj()
- y3.mul(y1)
-
- y1.conj();
- y1.frob(f); y1.frob(f); y1.frob(f)
- y2.frob(f); y2.frob(f)
- y1.mul(y2)
-
- y2=y3.pow(x)
- y2.mul(y0)
- y2.mul(r)
-
- y1.mul(y2)
- y2.copy(y3); y2.frob(f)
- y1.mul(y2)
- r.copy(y1)
- r.reduce()
-
-
-/*
- x0:=NewFP12copy(r)
- x1:=NewFP12copy(r)
- lv.copy(r); lv.frob(f)
- x3:=NewFP12copy(lv); x3.conj(); x1.mul(x3)
- lv.frob(f); lv.frob(f)
- x1.mul(lv)
-
- r.copy(r.pow(x)) //r=r.pow(x);
- x3.copy(r); x3.conj(); x1.mul(x3)
- lv.copy(r); lv.frob(f)
- x0.mul(lv)
- lv.frob(f)
- x1.mul(lv)
- lv.frob(f)
- x3.copy(lv); x3.conj(); x0.mul(x3)
-
- r.copy(r.pow(x))
- x0.mul(r)
- lv.copy(r); lv.frob(f); lv.frob(f)
- x3.copy(lv); x3.conj(); x0.mul(x3)
- lv.frob(f)
- x1.mul(lv)
-
- r.copy(r.pow(x))
- lv.copy(r); lv.frob(f)
- x3.copy(lv); x3.conj(); x0.mul(x3)
- lv.frob(f)
- x1.mul(lv)
-
- r.copy(r.pow(x))
- x3.copy(r); x3.conj(); x0.mul(x3)
- lv.copy(r); lv.frob(f)
- x1.mul(lv)
-
- r.copy(r.pow(x))
- x1.mul(r)
-
- x0.usqr()
- x0.mul(x1)
- r.copy(x0)
- r.reduce() */
- }
- return r
-}
-
-/* GLV method */
-func glv(e *BIG) []*BIG {
- var u []*BIG
- if CURVE_PAIRING_TYPE == BN_CURVE {
- t:=NewBIGint(0)
- q:=NewBIGints(CURVE_Order)
- var v []*BIG
-
- for i:=0;i<2;i++ {
- t.copy(NewBIGints(CURVE_W[i])) // why not just t=new BIG(ROM.CURVE_W[i]);
- d:=mul(t,e)
- v=append(v,NewBIGcopy(d.div(q)))
- u=append(u,NewBIGint(0))
- }
- u[0].copy(e)
- for i:=0;i<2;i++ {
- for j:=0;j<2;j++ {
- t.copy(NewBIGints(CURVE_SB[j][i]))
- t.copy(modmul(v[j],t,q))
- u[i].add(q)
- u[i].sub(t)
- u[i].mod(q)
- }
- }
- } else {
- q:=NewBIGints(CURVE_Order)
- x:=NewBIGints(CURVE_Bnx)
- x2:=smul(x,x)
- u=append(u,NewBIGcopy(e))
- u[0].mod(x2)
- u=append(u,NewBIGcopy(e))
- u[1].div(x2)
- u[1].rsub(q)
- }
- return u
-}
-
-/* Galbraith & Scott Method */
-func gs(e *BIG) []*BIG {
- var u []*BIG
- if CURVE_PAIRING_TYPE == BN_CURVE {
- t:=NewBIGint(0)
- q:=NewBIGints(CURVE_Order)
-
- var v []*BIG
- for i:=0;i<4;i++ {
- t.copy(NewBIGints(CURVE_WB[i]))
- d:=mul(t,e)
- v=append(v,NewBIGcopy(d.div(q)))
- u=append(u,NewBIGint(0))
- }
- u[0].copy(e)
- for i:=0;i<4;i++ {
- for j:=0;j<4;j++ {
- t.copy(NewBIGints(CURVE_BB[j][i]))
- t.copy(modmul(v[j],t,q))
- u[i].add(q)
- u[i].sub(t)
- u[i].mod(q)
- }
- }
- } else {
- x:=NewBIGints(CURVE_Bnx)
- w:=NewBIGcopy(e)
- for i:=0;i<4;i++ {
- u=append(u,NewBIGcopy(w))
- u[i].mod(x)
- w.div(x)
- }
- }
- return u
-}
-
-/* Multiply P by e in group G1 */
-func G1mul(P *ECP,e *BIG) *ECP {
- var R *ECP
- if (USE_GLV) {
- P.affine()
- R=NewECP()
- R.copy(P)
- Q:=NewECP()
- Q.copy(P)
- q:=NewBIGints(CURVE_Order);
- cru:=NewFPbig(NewBIGints(CURVE_Cru))
- t:=NewBIGint(0)
- u:=glv(e)
- Q.getx().mul(cru)
-
- np:=u[0].nbits()
- t.copy(modneg(u[0],q))
- nn:=t.nbits()
- if nn<np {
- u[0].copy(t)
- R.neg()
- }
-
- np=u[1].nbits()
- t.copy(modneg(u[1],q))
- nn=t.nbits()
- if nn<np {
- u[1].copy(t)
- Q.neg()
- }
-
- R=R.mul2(u[0],Q,u[1])
-
- } else {
- R=P.mul(e)
- }
- return R
-}
-
-/* Multiply P by e in group G2 */
-func G2mul(P *ECP2,e *BIG) *ECP2 {
- var R *ECP2
- if (USE_GS_G2) {
- var Q []*ECP2
- f:=NewFP2bigs(NewBIGints(CURVE_Fra),NewBIGints(CURVE_Frb))
- q:=NewBIGints(CURVE_Order)
- u:=gs(e)
-
- t:=NewBIGint(0)
- P.affine()
- Q=append(Q,NewECP2()); Q[0].copy(P);
- for i:=1;i<4;i++ {
- Q=append(Q,NewECP2()); Q[i].copy(Q[i-1])
- Q[i].frob(f)
- }
- for i:=0;i<4;i++ {
- np:=u[i].nbits()
- t.copy(modneg(u[i],q))
- nn:=t.nbits()
- if nn<np {
- u[i].copy(t)
- Q[i].neg()
- }
- }
-
- R=mul4(Q,u)
-
- } else {
- R=P.mul(e)
- }
- return R
-}
-
-/* f=f^e */
-/* Note that this method requires a lot of RAM! Better to use compressed XTR method, see FP4.java */
-func GTpow(d *FP12,e *BIG) *FP12 {
- var r *FP12
- if USE_GS_GT {
- var g []*FP12
- f:=NewFP2bigs(NewBIGints(CURVE_Fra),NewBIGints(CURVE_Frb))
- q:=NewBIGints(CURVE_Order)
- t:=NewBIGint(0)
-
- u:=gs(e)
-
- g=append(g,NewFP12copy(d))
- for i:=1;i<4;i++ {
- g=append(g,NewFP12int(0))
- g[i].copy(g[i-1])
- g[i].frob(f)
- }
- for i:=0;i<4;i++ {
- np:=u[i].nbits()
- t.copy(modneg(u[i],q))
- nn:=t.nbits()
- if nn<np {
- u[i].copy(t)
- g[i].conj()
- }
- }
- r=pow4(g,u)
- } else {
- r=d.pow(e)
- }
- return r
-}
-
-/* test group membership - no longer needed*/
-/* with GT-Strong curve, now only check that m!=1, conj(m)*m==1, and m.m^{p^4}=m^{p^2} */
-/*
-func GTmember(m *FP12) bool {
- if m.isunity() {return false}
- r:=NewFP12copy(m)
- r.conj()
- r.mul(m)
- if !r.isunity() {return false}
-
- f:=NewFP2bigs(NewBIGints(CURVE_Fra),NewBIGints(CURVE_Frb))
-
- r.copy(m); r.frob(f); r.frob(f)
- w:=NewFP12copy(r); w.frob(f); w.frob(f)
- w.mul(m)
- if !GT_STRONG {
- if !w.equals(r) {return false}
- x:=NewBIGints(CURVE_Bnx);
- r.copy(m); w=r.pow(x); w=w.pow(x)
- r.copy(w); r.sqr(); r.mul(w); r.sqr()
- w.copy(m); w.frob(f)
- }
- return w.equals(r)
-}
-*/
-/*
-func main() {
-
- Q:=NewECPbigs(NewBIGints(CURVE_Gx),NewBIGints(CURVE_Gy))
- P:=NewECP2fp2s(NewFP2bigs(NewBIGints(CURVE_Pxa),NewBIGints(CURVE_Pxb)),NewFP2bigs(NewBIGints(CURVE_Pya),NewBIGints(CURVE_Pyb)))
-
- //r:=NewBIGints(CURVE_Order)
- //xa:=NewBIGints(CURVE_Pxa)
-
- fmt.Printf("P= "+P.toString())
- fmt.Printf("\n");
- fmt.Printf("Q= "+Q.toString());
- fmt.Printf("\n");
-
- //m:=NewBIGint(17)
-
- e:=ate(P,Q)
- e=fexp(e)
- for i:=1;i<1000;i++ {
- e=ate(P,Q)
-// fmt.Printf("\ne= "+e.toString())
-// fmt.Printf("\n")
-
- e=fexp(e)
- }
- // e=GTpow(e,m);
-
- fmt.Printf("\ne= "+e.toString())
- fmt.Printf("\n");
- GLV:=glv(r)
-
- fmt.Printf("GLV[0]= "+GLV[0].toString())
- fmt.Printf("\n")
-
- fmt.Printf("GLV[0]= "+GLV[1].toString())
- fmt.Printf("\n")
-
- G:=NewECP(); G.copy(Q)
- R:=NewECP2(); R.copy(P)
-
-
- e=ate(R,Q)
- e=fexp(e)
-
- e=GTpow(e,xa)
- fmt.Printf("\ne= "+e.toString());
- fmt.Printf("\n")
-
- R=G2mul(R,xa)
- e=ate(R,G)
- e=fexp(e)
-
- fmt.Printf("\ne= "+e.toString())
- fmt.Printf("\n")
-
- G=G1mul(G,xa)
- e=ate(P,G)
- e=fexp(e)
- fmt.Printf("\ne= "+e.toString())
- fmt.Printf("\n")
-}
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/go/RAND.go
----------------------------------------------------------------------
diff --git a/version22/go/RAND.go b/version22/go/RAND.go
deleted file mode 100644
index 2b30ec4..0000000
--- a/version22/go/RAND.go
+++ /dev/null
@@ -1,153 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/*
- * Cryptographic strong random number generator
- *
- * Unguessable seed -> SHA -> PRNG internal state -> SHA -> random numbers
- * Slow - but secure
- *
- * See ftp://ftp.rsasecurity.com/pub/pdfs/bull-1.pdf for a justification
- */
-
-/* Marsaglia & Zaman Random number generator constants */
-
-
-package main
-
-//import "fmt"
-
-const rand_NK int=21
-const rand_NJ int=6
-const rand_NV int=8
-
-type RAND struct {
- ira [rand_NK]uint32 /* random number... */
- rndptr int
- borrow uint32
- pool_ptr int
- pool [32]byte
-}
-
-/* Terminate and clean up */
-func (R *RAND) Clean() { /* kill internal state */
- R.pool_ptr=0; R.rndptr=0;
- for i:=0;i<32;i++ {R.pool[i]=0}
- for i:=0;i<rand_NK;i++ {R.ira[i]=0}
- R.borrow=0;
-}
-
-func NewRAND() *RAND {
- R:=new(RAND)
- R.Clean()
- return R
-}
-
-func (R *RAND) sbrand() uint32 { /* Marsaglia & Zaman random number generator */
- R.rndptr++
- if R.rndptr<rand_NK {return R.ira[R.rndptr]}
- R.rndptr=0
- k:=rand_NK-rand_NJ
- for i:=0;i<rand_NK;i++{ /* calculate next NK values */
- if k==rand_NK {k=0}
- t:=R.ira[k]
- pdiff:=t-R.ira[i]-R.borrow
- if pdiff<t {R.borrow=0}
- if pdiff>t {R.borrow=1}
- R.ira[i]=pdiff
- k++
- }
-
- return R.ira[0];
-}
-
-func (R *RAND) sirand(seed uint32) {
- var m uint32=1;
- R.borrow=0
- R.rndptr=0
- R.ira[0]^=seed;
- for i:=1;i<rand_NK;i++ { /* fill initialisation vector */
- in:=(rand_NV*i)%rand_NK;
- R.ira[in]^=m; /* note XOR */
- t:=m
- m=seed-m
- seed=t
- }
- for i:=0;i<10000;i++ {R.sbrand()} /* "warm-up" & stir the generator */
-}
-
-func (R *RAND) fill_pool() {
- sh:=NewHASH256()
- for i:=0;i<128;i++ {sh.Process(byte(R.sbrand()&0xff))}
- W:=sh.Hash()
- for i:=0;i<32;i++ {R.pool[i]=W[i]}
- R.pool_ptr=0;
-}
-
-func pack(b [4]byte) uint32 { /* pack 4 bytes into a 32-bit Word */
- return (((uint32(b[3]))&0xff)<<24)|((uint32(b[2])&0xff)<<16)|((uint32(b[1])&0xff)<<8)|(uint32(b[0])&0xff)
-}
-
-/* Initialize RNG with some real entropy from some external source */
-func (R *RAND) Seed(rawlen int,raw []byte) { /* initialise from at least 128 byte string of raw random entropy */
- var b [4]byte
- sh:=NewHASH256()
- R.pool_ptr=0;
-
- for i:=0;i<rand_NK;i++ {R.ira[i]=0}
- if rawlen>0 {
- for i:=0;i<rawlen;i++ {
- sh.Process(raw[i])
- }
- digest:=sh.Hash()
-
-/* initialise PRNG from distilled randomness */
-
- for i:=0;i<8;i++ {
- b[0]=digest[4*i]; b[1]=digest[4*i+1]; b[2]=digest[4*i+2]; b[3]=digest[4*i+3]
- R.sirand(pack(b))
- }
- }
- R.fill_pool()
-}
-
-/* get random byte */
-func (R *RAND) GetByte() byte {
- r:=R.pool[R.pool_ptr]
- R.pool_ptr++
- if R.pool_ptr>=32 {R.fill_pool()}
- return byte(r&0xff)
-}
-
-/* test main program */
-/*
-func main() {
- var raw [100]byte
- rng:=NewRAND()
-
- rng.Clean()
- for i:=0;i<100;i++ {raw[i]=byte(i)}
-
- rng.Seed(100,raw[:])
-
- for i:=0;i<1000;i++ {
- fmt.Printf("%03d ",rng.GetByte())
- }
-}
-*/
[37/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/java/AES.java
----------------------------------------------------------------------
diff --git a/version22/java/AES.java b/version22/java/AES.java
deleted file mode 100644
index 648db7c..0000000
--- a/version22/java/AES.java
+++ /dev/null
@@ -1,695 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-
-/* AES Encryption */
-
-
-public class AES {
- int Nk,Nr;
- int mode;
- private int[] fkey=new int[60];
- private int[] rkey=new int[60];
- public byte[] f=new byte[16];
-
-
- public static final int ECB=0;
- public static final int CBC=1;
- public static final int CFB1=2;
- public static final int CFB2=3;
- public static final int CFB4=5;
- public static final int OFB1=14;
- public static final int OFB2=15;
- public static final int OFB4=17;
- public static final int OFB8=21;
- public static final int OFB16=29;
- public static final int CTR1=30;
- public static final int CTR2=31;
- public static final int CTR4=33;
- public static final int CTR8=37;
- public static final int CTR16=45;
-
- private static final byte[] InCo={(byte)0xB,(byte)0xD,(byte)0x9,(byte)0xE}; /* Inverse Coefficients */
-
- public static final int KS=16; /* Key Size in bytes */
- public static final int BS=16; /* Block Size */
-
- private static final byte[] ptab=
- {(byte)1,(byte)3,(byte)5,(byte)15,(byte)17,(byte)51,(byte)85,(byte)255,(byte)26,(byte)46,(byte)114,(byte)150,(byte)161,(byte)248,(byte)19,(byte)53,
- (byte)95,(byte)225,(byte)56,(byte)72,(byte)216,(byte)115,(byte)149,(byte)164,(byte)247,(byte)2,(byte)6,(byte)10,(byte)30,(byte)34,(byte)102,(byte)170,
- (byte)229,(byte)52,(byte)92,(byte)228,(byte)55,(byte)89,(byte)235,(byte)38,(byte)106,(byte)190,(byte)217,(byte)112,(byte)144,(byte)171,(byte)230,(byte)49,
- (byte)83,(byte)245,(byte)4,(byte)12,(byte)20,(byte)60,(byte)68,(byte)204,(byte)79,(byte)209,(byte)104,(byte)184,(byte)211,(byte)110,(byte)178,(byte)205,
- (byte)76,(byte)212,(byte)103,(byte)169,(byte)224,(byte)59,(byte)77,(byte)215,(byte)98,(byte)166,(byte)241,(byte)8,(byte)24,(byte)40,(byte)120,(byte)136,
- (byte)131,(byte)158,(byte)185,(byte)208,(byte)107,(byte)189,(byte)220,(byte)127,(byte)129,(byte)152,(byte)179,(byte)206,(byte)73,(byte)219,(byte)118,(byte)154,
- (byte)181,(byte)196,(byte)87,(byte)249,(byte)16,(byte)48,(byte)80,(byte)240,(byte)11,(byte)29,(byte)39,(byte)105,(byte)187,(byte)214,(byte)97,(byte)163,
- (byte)254,(byte)25,(byte)43,(byte)125,(byte)135,(byte)146,(byte)173,(byte)236,(byte)47,(byte)113,(byte)147,(byte)174,(byte)233,(byte)32,(byte)96,(byte)160,
- (byte)251,(byte)22,(byte)58,(byte)78,(byte)210,(byte)109,(byte)183,(byte)194,(byte)93,(byte)231,(byte)50,(byte)86,(byte)250,(byte)21,(byte)63,(byte)65,
- (byte)195,(byte)94,(byte)226,(byte)61,(byte)71,(byte)201,(byte)64,(byte)192,(byte)91,(byte)237,(byte)44,(byte)116,(byte)156,(byte)191,(byte)218,(byte)117,
- (byte)159,(byte)186,(byte)213,(byte)100,(byte)172,(byte)239,(byte)42,(byte)126,(byte)130,(byte)157,(byte)188,(byte)223,(byte)122,(byte)142,(byte)137,(byte)128,
- (byte)155,(byte)182,(byte)193,(byte)88,(byte)232,(byte)35,(byte)101,(byte)175,(byte)234,(byte)37,(byte)111,(byte)177,(byte)200,(byte)67,(byte)197,(byte)84,
- (byte)252,(byte)31,(byte)33,(byte)99,(byte)165,(byte)244,(byte)7,(byte)9,(byte)27,(byte)45,(byte)119,(byte)153,(byte)176,(byte)203,(byte)70,(byte)202,
- (byte)69,(byte)207,(byte)74,(byte)222,(byte)121,(byte)139,(byte)134,(byte)145,(byte)168,(byte)227,(byte)62,(byte)66,(byte)198,(byte)81,(byte)243,(byte)14,
- (byte)18,(byte)54,(byte)90,(byte)238,(byte)41,(byte)123,(byte)141,(byte)140,(byte)143,(byte)138,(byte)133,(byte)148,(byte)167,(byte)242,(byte)13,(byte)23,
- (byte)57,(byte)75,(byte)221,(byte)124,(byte)132,(byte)151,(byte)162,(byte)253,(byte)28,(byte)36,(byte)108,(byte)180,(byte)199,(byte)82,(byte)246,(byte)1};
-
- private static final byte[] ltab=
- {(byte)0,(byte)255,(byte)25,(byte)1,(byte)50,(byte)2,(byte)26,(byte)198,(byte)75,(byte)199,(byte)27,(byte)104,(byte)51,(byte)238,(byte)223,(byte)3,
- (byte)100,(byte)4,(byte)224,(byte)14,(byte)52,(byte)141,(byte)129,(byte)239,(byte)76,(byte)113,(byte)8,(byte)200,(byte)248,(byte)105,(byte)28,(byte)193,
- (byte)125,(byte)194,(byte)29,(byte)181,(byte)249,(byte)185,(byte)39,(byte)106,(byte)77,(byte)228,(byte)166,(byte)114,(byte)154,(byte)201,(byte)9,(byte)120,
- (byte)101,(byte)47,(byte)138,(byte)5,(byte)33,(byte)15,(byte)225,(byte)36,(byte)18,(byte)240,(byte)130,(byte)69,(byte)53,(byte)147,(byte)218,(byte)142,
- (byte)150,(byte)143,(byte)219,(byte)189,(byte)54,(byte)208,(byte)206,(byte)148,(byte)19,(byte)92,(byte)210,(byte)241,(byte)64,(byte)70,(byte)131,(byte)56,
- (byte)102,(byte)221,(byte)253,(byte)48,(byte)191,(byte)6,(byte)139,(byte)98,(byte)179,(byte)37,(byte)226,(byte)152,(byte)34,(byte)136,(byte)145,(byte)16,
- (byte)126,(byte)110,(byte)72,(byte)195,(byte)163,(byte)182,(byte)30,(byte)66,(byte)58,(byte)107,(byte)40,(byte)84,(byte)250,(byte)133,(byte)61,(byte)186,
- (byte)43,(byte)121,(byte)10,(byte)21,(byte)155,(byte)159,(byte)94,(byte)202,(byte)78,(byte)212,(byte)172,(byte)229,(byte)243,(byte)115,(byte)167,(byte)87,
- (byte)175,(byte)88,(byte)168,(byte)80,(byte)244,(byte)234,(byte)214,(byte)116,(byte)79,(byte)174,(byte)233,(byte)213,(byte)231,(byte)230,(byte)173,(byte)232,
- (byte)44,(byte)215,(byte)117,(byte)122,(byte)235,(byte)22,(byte)11,(byte)245,(byte)89,(byte)203,(byte)95,(byte)176,(byte)156,(byte)169,(byte)81,(byte)160,
- (byte)127,(byte)12,(byte)246,(byte)111,(byte)23,(byte)196,(byte)73,(byte)236,(byte)216,(byte)67,(byte)31,(byte)45,(byte)164,(byte)118,(byte)123,(byte)183,
- (byte)204,(byte)187,(byte)62,(byte)90,(byte)251,(byte)96,(byte)177,(byte)134,(byte)59,(byte)82,(byte)161,(byte)108,(byte)170,(byte)85,(byte)41,(byte)157,
- (byte)151,(byte)178,(byte)135,(byte)144,(byte)97,(byte)190,(byte)220,(byte)252,(byte)188,(byte)149,(byte)207,(byte)205,(byte)55,(byte)63,(byte)91,(byte)209,
- (byte)83,(byte)57,(byte)132,(byte)60,(byte)65,(byte)162,(byte)109,(byte)71,(byte)20,(byte)42,(byte)158,(byte)93,(byte)86,(byte)242,(byte)211,(byte)171,
- (byte)68,(byte)17,(byte)146,(byte)217,(byte)35,(byte)32,(byte)46,(byte)137,(byte)180,(byte)124,(byte)184,(byte)38,(byte)119,(byte)153,(byte)227,(byte)165,
- (byte)103,(byte)74,(byte)237,(byte)222,(byte)197,(byte)49,(byte)254,(byte)24,(byte)13,(byte)99,(byte)140,(byte)128,(byte)192,(byte)247,(byte)112,(byte)7};
-
- private static final byte[] fbsub=
- {(byte)99,(byte)124,(byte)119,(byte)123,(byte)242,(byte)107,(byte)111,(byte)197,(byte)48,(byte)1,(byte)103,(byte)43,(byte)254,(byte)215,(byte)171,(byte)118,
- (byte)202,(byte)130,(byte)201,(byte)125,(byte)250,(byte)89,(byte)71,(byte)240,(byte)173,(byte)212,(byte)162,(byte)175,(byte)156,(byte)164,(byte)114,(byte)192,
- (byte)183,(byte)253,(byte)147,(byte)38,(byte)54,(byte)63,(byte)247,(byte)204,(byte)52,(byte)165,(byte)229,(byte)241,(byte)113,(byte)216,(byte)49,(byte)21,
- (byte)4,(byte)199,(byte)35,(byte)195,(byte)24,(byte)150,(byte)5,(byte)154,(byte)7,(byte)18,(byte)128,(byte)226,(byte)235,(byte)39,(byte)178,(byte)117,
- (byte)9,(byte)131,(byte)44,(byte)26,(byte)27,(byte)110,(byte)90,(byte)160,(byte)82,(byte)59,(byte)214,(byte)179,(byte)41,(byte)227,(byte)47,(byte)132,
- (byte)83,(byte)209,(byte)0,(byte)237,(byte)32,(byte)252,(byte)177,(byte)91,(byte)106,(byte)203,(byte)190,(byte)57,(byte)74,(byte)76,(byte)88,(byte)207,
- (byte)208,(byte)239,(byte)170,(byte)251,(byte)67,(byte)77,(byte)51,(byte)133,(byte)69,(byte)249,(byte)2,(byte)127,(byte)80,(byte)60,(byte)159,(byte)168,
- (byte)81,(byte)163,(byte)64,(byte)143,(byte)146,(byte)157,(byte)56,(byte)245,(byte)188,(byte)182,(byte)218,(byte)33,(byte)16,(byte)255,(byte)243,(byte)210,
- (byte)205,(byte)12,(byte)19,(byte)236,(byte)95,(byte)151,(byte)68,(byte)23,(byte)196,(byte)167,(byte)126,(byte)61,(byte)100,(byte)93,(byte)25,(byte)115,
- (byte)96,(byte)129,(byte)79,(byte)220,(byte)34,(byte)42,(byte)144,(byte)136,(byte)70,(byte)238,(byte)184,(byte)20,(byte)222,(byte)94,(byte)11,(byte)219,
- (byte)224,(byte)50,(byte)58,(byte)10,(byte)73,(byte)6,(byte)36,(byte)92,(byte)194,(byte)211,(byte)172,(byte)98,(byte)145,(byte)149,(byte)228,(byte)121,
- (byte)231,(byte)200,(byte)55,(byte)109,(byte)141,(byte)213,(byte)78,(byte)169,(byte)108,(byte)86,(byte)244,(byte)234,(byte)101,(byte)122,(byte)174,(byte)8,
- (byte)186,(byte)120,(byte)37,(byte)46,(byte)28,(byte)166,(byte)180,(byte)198,(byte)232,(byte)221,(byte)116,(byte)31,(byte)75,(byte)189,(byte)139,(byte)138,
- (byte)112,(byte)62,(byte)181,(byte)102,(byte)72,(byte)3,(byte)246,(byte)14,(byte)97,(byte)53,(byte)87,(byte)185,(byte)134,(byte)193,(byte)29,(byte)158,
- (byte)225,(byte)248,(byte)152,(byte)17,(byte)105,(byte)217,(byte)142,(byte)148,(byte)155,(byte)30,(byte)135,(byte)233,(byte)206,(byte)85,(byte)40,(byte)223,
- (byte)140,(byte)161,(byte)137,(byte)13,(byte)191,(byte)230,(byte)66,(byte)104,(byte)65,(byte)153,(byte)45,(byte)15,(byte)176,(byte)84,(byte)187,(byte)22};
-
- private static final byte[] rbsub=
- {(byte)82,(byte)9,(byte)106,(byte)213,(byte)48,(byte)54,(byte)165,(byte)56,(byte)191,(byte)64,(byte)163,(byte)158,(byte)129,(byte)243,(byte)215,(byte)251,
- (byte)124,(byte)227,(byte)57,(byte)130,(byte)155,(byte)47,(byte)255,(byte)135,(byte)52,(byte)142,(byte)67,(byte)68,(byte)196,(byte)222,(byte)233,(byte)203,
- (byte)84,(byte)123,(byte)148,(byte)50,(byte)166,(byte)194,(byte)35,(byte)61,(byte)238,(byte)76,(byte)149,(byte)11,(byte)66,(byte)250,(byte)195,(byte)78,
- (byte)8,(byte)46,(byte)161,(byte)102,(byte)40,(byte)217,(byte)36,(byte)178,(byte)118,(byte)91,(byte)162,(byte)73,(byte)109,(byte)139,(byte)209,(byte)37,
- (byte)114,(byte)248,(byte)246,(byte)100,(byte)134,(byte)104,(byte)152,(byte)22,(byte)212,(byte)164,(byte)92,(byte)204,(byte)93,(byte)101,(byte)182,(byte)146,
- (byte)108,(byte)112,(byte)72,(byte)80,(byte)253,(byte)237,(byte)185,(byte)218,(byte)94,(byte)21,(byte)70,(byte)87,(byte)167,(byte)141,(byte)157,(byte)132,
- (byte)144,(byte)216,(byte)171,(byte)0,(byte)140,(byte)188,(byte)211,(byte)10,(byte)247,(byte)228,(byte)88,(byte)5,(byte)184,(byte)179,(byte)69,(byte)6,
- (byte)208,(byte)44,(byte)30,(byte)143,(byte)202,(byte)63,(byte)15,(byte)2,(byte)193,(byte)175,(byte)189,(byte)3,(byte)1,(byte)19,(byte)138,(byte)107,
- (byte)58,(byte)145,(byte)17,(byte)65,(byte)79,(byte)103,(byte)220,(byte)234,(byte)151,(byte)242,(byte)207,(byte)206,(byte)240,(byte)180,(byte)230,(byte)115,
- (byte)150,(byte)172,(byte)116,(byte)34,(byte)231,(byte)173,(byte)53,(byte)133,(byte)226,(byte)249,(byte)55,(byte)232,(byte)28,(byte)117,(byte)223,(byte)110,
- (byte)71,(byte)241,(byte)26,(byte)113,(byte)29,(byte)41,(byte)197,(byte)137,(byte)111,(byte)183,(byte)98,(byte)14,(byte)170,(byte)24,(byte)190,(byte)27,
- (byte)252,(byte)86,(byte)62,(byte)75,(byte)198,(byte)210,(byte)121,(byte)32,(byte)154,(byte)219,(byte)192,(byte)254,(byte)120,(byte)205,(byte)90,(byte)244,
- (byte)31,(byte)221,(byte)168,(byte)51,(byte)136,(byte)7,(byte)199,(byte)49,(byte)177,(byte)18,(byte)16,(byte)89,(byte)39,(byte)128,(byte)236,(byte)95,
- (byte)96,(byte)81,(byte)127,(byte)169,(byte)25,(byte)181,(byte)74,(byte)13,(byte)45,(byte)229,(byte)122,(byte)159,(byte)147,(byte)201,(byte)156,(byte)239,
- (byte)160,(byte)224,(byte)59,(byte)77,(byte)174,(byte)42,(byte)245,(byte)176,(byte)200,(byte)235,(byte)187,(byte)60,(byte)131,(byte)83,(byte)153,(byte)97,
- (byte)23,(byte)43,(byte)4,(byte)126,(byte)186,(byte)119,(byte)214,(byte)38,(byte)225,(byte)105,(byte)20,(byte)99,(byte)85,(byte)33,(byte)12,(byte)125};
-
- private static final byte[] rco=
- {(byte)1,(byte)2,(byte)4,(byte)8,(byte)16,(byte)32,(byte)64,(byte)128,(byte)27,(byte)54,(byte)108,(byte)216,(byte)171,(byte)77,(byte)154,(byte)47};
-
- private static final int[] ftable=
- {0xa56363c6,0x847c7cf8,0x997777ee,0x8d7b7bf6,0xdf2f2ff,0xbd6b6bd6,
- 0xb16f6fde,0x54c5c591,0x50303060,0x3010102,0xa96767ce,0x7d2b2b56,
- 0x19fefee7,0x62d7d7b5,0xe6abab4d,0x9a7676ec,0x45caca8f,0x9d82821f,
- 0x40c9c989,0x877d7dfa,0x15fafaef,0xeb5959b2,0xc947478e,0xbf0f0fb,
- 0xecadad41,0x67d4d4b3,0xfda2a25f,0xeaafaf45,0xbf9c9c23,0xf7a4a453,
- 0x967272e4,0x5bc0c09b,0xc2b7b775,0x1cfdfde1,0xae93933d,0x6a26264c,
- 0x5a36366c,0x413f3f7e,0x2f7f7f5,0x4fcccc83,0x5c343468,0xf4a5a551,
- 0x34e5e5d1,0x8f1f1f9,0x937171e2,0x73d8d8ab,0x53313162,0x3f15152a,
- 0xc040408,0x52c7c795,0x65232346,0x5ec3c39d,0x28181830,0xa1969637,
- 0xf05050a,0xb59a9a2f,0x907070e,0x36121224,0x9b80801b,0x3de2e2df,
- 0x26ebebcd,0x6927274e,0xcdb2b27f,0x9f7575ea,0x1b090912,0x9e83831d,
- 0x742c2c58,0x2e1a1a34,0x2d1b1b36,0xb26e6edc,0xee5a5ab4,0xfba0a05b,
- 0xf65252a4,0x4d3b3b76,0x61d6d6b7,0xceb3b37d,0x7b292952,0x3ee3e3dd,
- 0x712f2f5e,0x97848413,0xf55353a6,0x68d1d1b9,0x0,0x2cededc1,
- 0x60202040,0x1ffcfce3,0xc8b1b179,0xed5b5bb6,0xbe6a6ad4,0x46cbcb8d,
- 0xd9bebe67,0x4b393972,0xde4a4a94,0xd44c4c98,0xe85858b0,0x4acfcf85,
- 0x6bd0d0bb,0x2aefefc5,0xe5aaaa4f,0x16fbfbed,0xc5434386,0xd74d4d9a,
- 0x55333366,0x94858511,0xcf45458a,0x10f9f9e9,0x6020204,0x817f7ffe,
- 0xf05050a0,0x443c3c78,0xba9f9f25,0xe3a8a84b,0xf35151a2,0xfea3a35d,
- 0xc0404080,0x8a8f8f05,0xad92923f,0xbc9d9d21,0x48383870,0x4f5f5f1,
- 0xdfbcbc63,0xc1b6b677,0x75dadaaf,0x63212142,0x30101020,0x1affffe5,
- 0xef3f3fd,0x6dd2d2bf,0x4ccdcd81,0x140c0c18,0x35131326,0x2fececc3,
- 0xe15f5fbe,0xa2979735,0xcc444488,0x3917172e,0x57c4c493,0xf2a7a755,
- 0x827e7efc,0x473d3d7a,0xac6464c8,0xe75d5dba,0x2b191932,0x957373e6,
- 0xa06060c0,0x98818119,0xd14f4f9e,0x7fdcdca3,0x66222244,0x7e2a2a54,
- 0xab90903b,0x8388880b,0xca46468c,0x29eeeec7,0xd3b8b86b,0x3c141428,
- 0x79dedea7,0xe25e5ebc,0x1d0b0b16,0x76dbdbad,0x3be0e0db,0x56323264,
- 0x4e3a3a74,0x1e0a0a14,0xdb494992,0xa06060c,0x6c242448,0xe45c5cb8,
- 0x5dc2c29f,0x6ed3d3bd,0xefacac43,0xa66262c4,0xa8919139,0xa4959531,
- 0x37e4e4d3,0x8b7979f2,0x32e7e7d5,0x43c8c88b,0x5937376e,0xb76d6dda,
- 0x8c8d8d01,0x64d5d5b1,0xd24e4e9c,0xe0a9a949,0xb46c6cd8,0xfa5656ac,
- 0x7f4f4f3,0x25eaeacf,0xaf6565ca,0x8e7a7af4,0xe9aeae47,0x18080810,
- 0xd5baba6f,0x887878f0,0x6f25254a,0x722e2e5c,0x241c1c38,0xf1a6a657,
- 0xc7b4b473,0x51c6c697,0x23e8e8cb,0x7cdddda1,0x9c7474e8,0x211f1f3e,
- 0xdd4b4b96,0xdcbdbd61,0x868b8b0d,0x858a8a0f,0x907070e0,0x423e3e7c,
- 0xc4b5b571,0xaa6666cc,0xd8484890,0x5030306,0x1f6f6f7,0x120e0e1c,
- 0xa36161c2,0x5f35356a,0xf95757ae,0xd0b9b969,0x91868617,0x58c1c199,
- 0x271d1d3a,0xb99e9e27,0x38e1e1d9,0x13f8f8eb,0xb398982b,0x33111122,
- 0xbb6969d2,0x70d9d9a9,0x898e8e07,0xa7949433,0xb69b9b2d,0x221e1e3c,
- 0x92878715,0x20e9e9c9,0x49cece87,0xff5555aa,0x78282850,0x7adfdfa5,
- 0x8f8c8c03,0xf8a1a159,0x80898909,0x170d0d1a,0xdabfbf65,0x31e6e6d7,
- 0xc6424284,0xb86868d0,0xc3414182,0xb0999929,0x772d2d5a,0x110f0f1e,
- 0xcbb0b07b,0xfc5454a8,0xd6bbbb6d,0x3a16162c};
-
- private static final int[] rtable=
- {0x50a7f451,0x5365417e,0xc3a4171a,0x965e273a,0xcb6bab3b,0xf1459d1f,
- 0xab58faac,0x9303e34b,0x55fa3020,0xf66d76ad,0x9176cc88,0x254c02f5,
- 0xfcd7e54f,0xd7cb2ac5,0x80443526,0x8fa362b5,0x495ab1de,0x671bba25,
- 0x980eea45,0xe1c0fe5d,0x2752fc3,0x12f04c81,0xa397468d,0xc6f9d36b,
- 0xe75f8f03,0x959c9215,0xeb7a6dbf,0xda595295,0x2d83bed4,0xd3217458,
- 0x2969e049,0x44c8c98e,0x6a89c275,0x78798ef4,0x6b3e5899,0xdd71b927,
- 0xb64fe1be,0x17ad88f0,0x66ac20c9,0xb43ace7d,0x184adf63,0x82311ae5,
- 0x60335197,0x457f5362,0xe07764b1,0x84ae6bbb,0x1ca081fe,0x942b08f9,
- 0x58684870,0x19fd458f,0x876cde94,0xb7f87b52,0x23d373ab,0xe2024b72,
- 0x578f1fe3,0x2aab5566,0x728ebb2,0x3c2b52f,0x9a7bc586,0xa50837d3,
- 0xf2872830,0xb2a5bf23,0xba6a0302,0x5c8216ed,0x2b1ccf8a,0x92b479a7,
- 0xf0f207f3,0xa1e2694e,0xcdf4da65,0xd5be0506,0x1f6234d1,0x8afea6c4,
- 0x9d532e34,0xa055f3a2,0x32e18a05,0x75ebf6a4,0x39ec830b,0xaaef6040,
- 0x69f715e,0x51106ebd,0xf98a213e,0x3d06dd96,0xae053edd,0x46bde64d,
- 0xb58d5491,0x55dc471,0x6fd40604,0xff155060,0x24fb9819,0x97e9bdd6,
- 0xcc434089,0x779ed967,0xbd42e8b0,0x888b8907,0x385b19e7,0xdbeec879,
- 0x470a7ca1,0xe90f427c,0xc91e84f8,0x0,0x83868009,0x48ed2b32,
- 0xac70111e,0x4e725a6c,0xfbff0efd,0x5638850f,0x1ed5ae3d,0x27392d36,
- 0x64d90f0a,0x21a65c68,0xd1545b9b,0x3a2e3624,0xb1670a0c,0xfe75793,
- 0xd296eeb4,0x9e919b1b,0x4fc5c080,0xa220dc61,0x694b775a,0x161a121c,
- 0xaba93e2,0xe52aa0c0,0x43e0223c,0x1d171b12,0xb0d090e,0xadc78bf2,
- 0xb9a8b62d,0xc8a91e14,0x8519f157,0x4c0775af,0xbbdd99ee,0xfd607fa3,
- 0x9f2601f7,0xbcf5725c,0xc53b6644,0x347efb5b,0x7629438b,0xdcc623cb,
- 0x68fcedb6,0x63f1e4b8,0xcadc31d7,0x10856342,0x40229713,0x2011c684,
- 0x7d244a85,0xf83dbbd2,0x1132f9ae,0x6da129c7,0x4b2f9e1d,0xf330b2dc,
- 0xec52860d,0xd0e3c177,0x6c16b32b,0x99b970a9,0xfa489411,0x2264e947,
- 0xc48cfca8,0x1a3ff0a0,0xd82c7d56,0xef903322,0xc74e4987,0xc1d138d9,
- 0xfea2ca8c,0x360bd498,0xcf81f5a6,0x28de7aa5,0x268eb7da,0xa4bfad3f,
- 0xe49d3a2c,0xd927850,0x9bcc5f6a,0x62467e54,0xc2138df6,0xe8b8d890,
- 0x5ef7392e,0xf5afc382,0xbe805d9f,0x7c93d069,0xa92dd56f,0xb31225cf,
- 0x3b99acc8,0xa77d1810,0x6e639ce8,0x7bbb3bdb,0x97826cd,0xf418596e,
- 0x1b79aec,0xa89a4f83,0x656e95e6,0x7ee6ffaa,0x8cfbc21,0xe6e815ef,
- 0xd99be7ba,0xce366f4a,0xd4099fea,0xd67cb029,0xafb2a431,0x31233f2a,
- 0x3094a5c6,0xc066a235,0x37bc4e74,0xa6ca82fc,0xb0d090e0,0x15d8a733,
- 0x4a9804f1,0xf7daec41,0xe50cd7f,0x2ff69117,0x8dd64d76,0x4db0ef43,
- 0x544daacc,0xdf0496e4,0xe3b5d19e,0x1b886a4c,0xb81f2cc1,0x7f516546,
- 0x4ea5e9d,0x5d358c01,0x737487fa,0x2e410bfb,0x5a1d67b3,0x52d2db92,
- 0x335610e9,0x1347d66d,0x8c61d79a,0x7a0ca137,0x8e14f859,0x893c13eb,
- 0xee27a9ce,0x35c961b7,0xede51ce1,0x3cb1477a,0x59dfd29c,0x3f73f255,
- 0x79ce1418,0xbf37c773,0xeacdf753,0x5baafd5f,0x146f3ddf,0x86db4478,
- 0x81f3afca,0x3ec468b9,0x2c342438,0x5f40a3c2,0x72c31d16,0xc25e2bc,
- 0x8b493c28,0x41950dff,0x7101a839,0xdeb30c08,0x9ce4b4d8,0x90c15664,
- 0x6184cb7b,0x70b632d5,0x745c6c48,0x4257b8d0};
-
-
-/* Rotates 32-bit word left by 1, 2 or 3 byte */
-
- private static int ROTL8(int x)
- {
- return (((x)<<8)|((x)>>>24));
- }
-
- private static int ROTL16(int x)
- {
- return (((x)<<16)|((x)>>>16));
- }
-
- private static int ROTL24(int x)
- {
- return (((x)<<24)|((x)>>>8));
- }
-
- private static int pack(byte[] b)
- { /* pack bytes into a 32-bit Word */
- return ((((int)b[3])&0xff)<<24)|(((int)b[2]&0xff)<<16)|(((int)b[1]&0xff)<<8)|((int)b[0]&0xff);
- }
-
- private static byte[] unpack(int a)
- { /* unpack bytes from a word */
- byte [] b=new byte[4];
- b[0]=(byte)(a);
- b[1]=(byte)(a>>>8);
- b[2]=(byte)(a>>>16);
- b[3]=(byte)(a>>>24);
- return b;
- }
-
- private static byte bmul(byte x,byte y)
- { /* x.y= AntiLog(Log(x) + Log(y)) */
-
- int ix=((int)x)&0xff;
- int iy=((int)y)&0xff;
- int lx=((int)ltab[ix])&0xff;
- int ly=((int)ltab[iy])&0xff;
- if (x!=0 && y!=0) return ptab[(lx+ly)%255];
- else return (byte)0;
- }
-
- // if (x && y)
-
- private static int SubByte(int a)
- {
- byte [] b=unpack(a);
- b[0]=fbsub[(int)b[0]&0xff];
- b[1]=fbsub[(int)b[1]&0xff];
- b[2]=fbsub[(int)b[2]&0xff];
- b[3]=fbsub[(int)b[3]&0xff];
- return pack(b);
- }
-
- private static byte product(int x,int y)
- { /* dot product of two 4-byte arrays */
- byte [] xb;//=new byte[4];
- byte [] yb;//=new byte[4];
- xb=unpack(x);
- yb=unpack(y);
-
- return (byte)(bmul(xb[0],yb[0])^bmul(xb[1],yb[1])^bmul(xb[2],yb[2])^bmul(xb[3],yb[3]));
- }
-
- private static int InvMixCol(int x)
- { /* matrix Multiplication */
- int y,m;
- byte [] b=new byte[4];
-
- m=pack(InCo);
- b[3]=product(m,x);
- m=ROTL24(m);
- b[2]=product(m,x);
- m=ROTL24(m);
- b[1]=product(m,x);
- m=ROTL24(m);
- b[0]=product(m,x);
- y=pack(b);
- return y;
- }
-
- private static void increment(byte [] f)
- {
- int i;
- for (i=0;i<16;i++)
- {
- f[i]++;
- if (f[i]!=0) break;
- }
- }
-
-/* reset cipher */
- public void reset(int m,byte[] iv)
- { /* reset mode, or reset iv */
- mode=m;
- for (int i=0;i<16;i++)
- f[i]=0;
- if (mode!=ECB && iv!=null)
- for (int i=0;i<16;i++)
- f[i]=iv[i];
- }
-
- public byte[] getreg()
- {
- byte [] ir=new byte[16];
- for (int i=0;i<16;i++) ir[i]=f[i];
- return ir;
- }
-
-/* Initialise cipher */
- public boolean init(int m,int nk,byte[] key,byte[] iv)
- { /* Key=16 bytes */
- /* Key Scheduler. Create expanded encryption key */
- int i,j,k,N,nr;
- int [] CipherKey=new int[8];
- byte [] b=new byte[4];
- nk/=4;
-
- if (nk!=4 && nk!=6 && nk!=8) return false;
-
- nr=6+nk;
-
- Nk=nk; Nr=nr;
-
- reset(m,iv);
- N=4*(nr+1);
-
- for (i=j=0;i<nk;i++,j+=4)
- {
- for (k=0;k<4;k++) b[k]=key[j+k];
- CipherKey[i]=pack(b);
- }
- for (i=0;i<nk;i++) fkey[i]=CipherKey[i];
- for (j=nk,k=0;j<N;j+=nk,k++)
- {
- fkey[j]=fkey[j-nk]^SubByte(ROTL24(fkey[j-1]))^((int)rco[k])&0xff;
- for (i=1;i<nk && (i+j)<N;i++)
- fkey[i+j]=fkey[i+j-nk]^fkey[i+j-1];
- }
-
- /* now for the expanded decrypt key in reverse order */
-
- for (j=0;j<4;j++) rkey[j+N-4]=fkey[j];
- for (i=4;i<N-4;i+=4)
- {
- k=N-4-i;
- for (j=0;j<4;j++) rkey[k+j]=InvMixCol(fkey[i+j]);
- }
- for (j=N-4;j<N;j++) rkey[j-N+4]=fkey[j];
- return true;
- }
-
-/* Encrypt a single block */
- public void ecb_encrypt(byte[] buff)
- {
- int i,j,k;
- int t;
- byte [] b=new byte[4];
- int [] p=new int[4];
- int [] q=new int[4];
-
- for (i=j=0;i<4;i++,j+=4)
- {
- for (k=0;k<4;k++) b[k]=buff[j+k];
- p[i]=pack(b);
- p[i]^=fkey[i];
- }
-
- k=4;
-
-/* State alternates between p and q */
- for (i=1;i<Nr;i++)
- {
- q[0]=fkey[k]^ftable[p[0]&0xff]^
- ROTL8(ftable[(p[1]>>>8)&0xff])^
- ROTL16(ftable[(p[2]>>>16)&0xff])^
- ROTL24(ftable[(p[3]>>>24)&0xff]);
- q[1]=fkey[k+1]^ftable[p[1]&0xff]^
- ROTL8(ftable[(p[2]>>>8)&0xff])^
- ROTL16(ftable[(p[3]>>>16)&0xff])^
- ROTL24(ftable[(p[0]>>>24)&0xff]);
- q[2]=fkey[k+2]^ftable[p[2]&0xff]^
- ROTL8(ftable[(p[3]>>>8)&0xff])^
- ROTL16(ftable[(p[0]>>>16)&0xff])^
- ROTL24(ftable[(p[1]>>>24)&0xff]);
- q[3]=fkey[k+3]^ftable[p[3]&0xff]^
- ROTL8(ftable[(p[0]>>>8)&0xff])^
- ROTL16(ftable[(p[1]>>>16)&0xff])^
- ROTL24(ftable[(p[2]>>>24)&0xff]);
-
- k+=4;
- for (j=0;j<4;j++)
- {
- t=p[j]; p[j]=q[j]; q[j]=t;
- }
- }
-
-/* Last Round */
-
- q[0]=fkey[k]^((int)fbsub[p[0]&0xff]&0xff)^
- ROTL8((int)fbsub[(p[1]>>>8)&0xff]&0xff)^
- ROTL16((int)fbsub[(p[2]>>>16)&0xff]&0xff)^
- ROTL24((int)fbsub[(p[3]>>>24)&0xff]&0xff);
-
- q[1]=fkey[k+1]^((int)fbsub[p[1]&0xff]&0xff)^
- ROTL8((int)fbsub[(p[2]>>>8)&0xff]&0xff)^
- ROTL16((int)fbsub[(p[3]>>>16)&0xff]&0xff)^
- ROTL24((int)fbsub[(p[0]>>>24)&0xff]&0xff);
-
- q[2]=fkey[k+2]^((int)fbsub[p[2]&0xff]&0xff)^
- ROTL8((int)fbsub[(p[3]>>>8)&0xff]&0xff)^
- ROTL16((int)fbsub[(p[0]>>>16)&0xff]&0xff)^
- ROTL24((int)fbsub[(p[1]>>>24)&0xff]&0xff);
-
- q[3]=fkey[k+3]^((int)fbsub[(p[3])&0xff]&0xff)^
- ROTL8((int)fbsub[(p[0]>>>8)&0xff]&0xff)^
- ROTL16((int)fbsub[(p[1]>>>16)&0xff]&0xff)^
- ROTL24((int)fbsub[(p[2]>>>24)&0xff]&0xff);
-
- for (i=j=0;i<4;i++,j+=4)
- {
- b=unpack(q[i]);
- for (k=0;k<4;k++) buff[j+k]=b[k];
- }
- }
-
-/* Decrypt a single block */
- public void ecb_decrypt(byte[] buff)
- {
- int i,j,k;
- int t;
- byte [] b=new byte[4];
- int [] p=new int[4];
- int [] q=new int[4];
-
- for (i=j=0;i<4;i++,j+=4)
- {
- for (k=0;k<4;k++) b[k]=buff[j+k];
- p[i]=pack(b);
- p[i]^=rkey[i];
- }
-
- k=4;
-
-/* State alternates between p and q */
- for (i=1;i<Nr;i++)
- {
- q[0]=rkey[k]^rtable[p[0]&0xff]^
- ROTL8(rtable[(p[3]>>>8)&0xff])^
- ROTL16(rtable[(p[2]>>>16)&0xff])^
- ROTL24(rtable[(p[1]>>>24)&0xff]);
- q[1]=rkey[k+1]^rtable[p[1]&0xff]^
- ROTL8(rtable[(p[0]>>>8)&0xff])^
- ROTL16(rtable[(p[3]>>>16)&0xff])^
- ROTL24(rtable[(p[2]>>>24)&0xff]);
- q[2]=rkey[k+2]^rtable[p[2]&0xff]^
- ROTL8(rtable[(p[1]>>>8)&0xff])^
- ROTL16(rtable[(p[0]>>>16)&0xff])^
- ROTL24(rtable[(p[3]>>>24)&0xff]);
- q[3]=rkey[k+3]^rtable[p[3]&0xff]^
- ROTL8(rtable[(p[2]>>>8)&0xff])^
- ROTL16(rtable[(p[1]>>>16)&0xff])^
- ROTL24(rtable[(p[0]>>>24)&0xff]);
-
- k+=4;
- for (j=0;j<4;j++)
- {
- t=p[j]; p[j]=q[j]; q[j]=t;
- }
- }
-
-/* Last Round */
-
- q[0]=rkey[k]^((int)rbsub[p[0]&0xff]&0xff)^
- ROTL8((int)rbsub[(p[3]>>>8)&0xff]&0xff)^
- ROTL16((int)rbsub[(p[2]>>>16)&0xff]&0xff)^
- ROTL24((int)rbsub[(p[1]>>>24)&0xff]&0xff);
- q[1]=rkey[k+1]^((int)rbsub[p[1]&0xff]&0xff)^
- ROTL8((int)rbsub[(p[0]>>>8)&0xff]&0xff)^
- ROTL16((int)rbsub[(p[3]>>>16)&0xff]&0xff)^
- ROTL24((int)rbsub[(p[2]>>>24)&0xff]&0xff);
- q[2]=rkey[k+2]^((int)rbsub[p[2]&0xff]&0xff)^
- ROTL8((int)rbsub[(p[1]>>>8)&0xff]&0xff)^
- ROTL16((int)rbsub[(p[0]>>>16)&0xff]&0xff)^
- ROTL24((int)rbsub[(p[3]>>>24)&0xff]&0xff);
- q[3]=rkey[k+3]^((int)rbsub[p[3]&0xff]&0xff)^
- ROTL8((int)rbsub[(p[2]>>>8)&0xff]&0xff)^
- ROTL16((int)rbsub[(p[1]>>>16)&0xff]&0xff)^
- ROTL24((int)rbsub[(p[0]>>>24)&0xff]&0xff);
-
- for (i=j=0;i<4;i++,j+=4)
- {
- b=unpack(q[i]);
- for (k=0;k<4;k++) buff[j+k]=b[k];
- }
-
- }
-
-/* Encrypt using selected mode of operation */
- public int encrypt(byte[] buff)
- {
- int j,bytes;
- byte[] st=new byte[16];
- int fell_off;
-
-// Supported Modes of Operation
-
- fell_off=0;
- switch (mode)
- {
- case ECB:
- ecb_encrypt(buff);
- return 0;
- case CBC:
- for (j=0;j<16;j++) buff[j]^=f[j];
- ecb_encrypt(buff);
- for (j=0;j<16;j++) f[j]=buff[j];
- return 0;
-
- case CFB1:
- case CFB2:
- case CFB4:
- bytes=mode-CFB1+1;
- for (j=0;j<bytes;j++) fell_off=(fell_off<<8)|f[j];
- for (j=0;j<16;j++) st[j]=f[j];
- for (j=bytes;j<16;j++) f[j-bytes]=f[j];
- ecb_encrypt(st);
- for (j=0;j<bytes;j++)
- {
- buff[j]^=st[j];
- f[16-bytes+j]=buff[j];
- }
- return fell_off;
-
- case OFB1:
- case OFB2:
- case OFB4:
- case OFB8:
- case OFB16:
-
- bytes=mode-OFB1+1;
- ecb_encrypt(f);
- for (j=0;j<bytes;j++) buff[j]^=f[j];
- return 0;
-
- case CTR1:
- case CTR2:
- case CTR4:
- case CTR8:
- case CTR16:
-
- bytes=mode-CTR1+1;
- for (j=0;j<16;j++) st[j]=f[j];
- ecb_encrypt(st);
- for (j=0;j<bytes;j++) buff[j]^=st[j];
- increment(f);
-
- default:
- return 0;
- }
- }
-
-/* Decrypt using selected mode of operation */
- public int decrypt(byte[] buff)
- {
- int j,bytes;
- byte[] st=new byte[16];
- int fell_off;
-
- // Supported modes of operation
- fell_off=0;
- switch (mode)
- {
- case ECB:
- ecb_decrypt(buff);
- return 0;
- case CBC:
- for (j=0;j<16;j++)
- {
- st[j]=f[j];
- f[j]=buff[j];
- }
- ecb_decrypt(buff);
- for (j=0;j<16;j++)
- {
- buff[j]^=st[j];
- st[j]=0;
- }
- return 0;
- case CFB1:
- case CFB2:
- case CFB4:
- bytes=mode-CFB1+1;
- for (j=0;j<bytes;j++) fell_off=(fell_off<<8)|f[j];
- for (j=0;j<16;j++) st[j]=f[j];
- for (j=bytes;j<16;j++) f[j-bytes]=f[j];
- ecb_encrypt(st);
- for (j=0;j<bytes;j++)
- {
- f[16-bytes+j]=buff[j];
- buff[j]^=st[j];
- }
- return fell_off;
- case OFB1:
- case OFB2:
- case OFB4:
- case OFB8:
- case OFB16:
- bytes=mode-OFB1+1;
- ecb_encrypt(f);
- for (j=0;j<bytes;j++) buff[j]^=f[j];
- return 0;
-
- case CTR1:
- case CTR2:
- case CTR4:
- case CTR8:
- case CTR16:
-
- bytes=mode-CTR1+1;
- for (j=0;j<16;j++) st[j]=f[j];
- ecb_encrypt(st);
- for (j=0;j<bytes;j++) buff[j]^=st[j];
- increment(f);
-
- default:
- return 0;
- }
- }
-
-/* Clean up and delete left-overs */
- public void end()
- { // clean up
- int i;
- for (i=0;i<4*(Nr+1);i++)
- fkey[i]=rkey[i]=0;
- for (i=0;i<16;i++)
- f[i]=0;
- }
-
- public static void main(String[] args) {
- int i;
-
- byte[] key=new byte[32];
- byte[] block=new byte[16];
- byte[] iv=new byte[16];
-
- for (i=0;i<32;i++) key[i]=0;
- key[0]=1;
- for (i=0;i<16;i++) iv[i]=(byte)i;
- for (i=0;i<16;i++) block[i]=(byte)i;
-
- AES a=new AES();
-
- a.init(CTR16,32,key,iv);
- System.out.println("Plain= ");
- for (i=0;i<16;i++) System.out.format("%02X ", block[i]&0xff);
- System.out.println("");
-
- a.encrypt(block);
-
- System.out.println("Encrypt= ");
- for (i=0;i<16;i++) System.out.format("%02X ", block[i]&0xff);
- System.out.println("");
-
- a.reset(CTR16,iv);
- a.decrypt(block);
-
- System.out.println("Decrypt= ");
- for (i=0;i<16;i++) System.out.format("%02X ", block[i]&0xff);
- System.out.println("");
-
- a.end();
-
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/java/BIG32.java
----------------------------------------------------------------------
diff --git a/version22/java/BIG32.java b/version22/java/BIG32.java
deleted file mode 100644
index e43e7b4..0000000
--- a/version22/java/BIG32.java
+++ /dev/null
@@ -1,1016 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL BIG number class */
-
-public class BIG {
- protected int[] w=new int[ROM.NLEN];
-/* Constructors */
-
- public BIG()
- {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]=0;
- }
-
- public BIG(int x)
- {
- w[0]=x;
- for (int i=1;i<ROM.NLEN;i++)
- w[i]=0;
- }
-
- public BIG(BIG x)
- {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]=x.w[i];
- }
-
- public BIG(DBIG x)
- {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]=x.w[i];
- }
-
- public BIG(int[] x)
- {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]=x[i];
- }
-
- public int get(int i)
- {
- return w[i];
- }
-
- public void set(int i,int x)
- {
- w[i]=x;
- }
-
-/* calculate Field Excess */
- public static int EXCESS(BIG a)
- {
- return ((a.w[ROM.NLEN-1]&ROM.OMASK)>>(ROM.MODBITS%ROM.BASEBITS));
- }
-
-/* Check if product causes excess */
- public static boolean pexceed(BIG a,BIG b)
- {
- int ea,eb;
- ea=EXCESS(a);
- eb=EXCESS(b);
- if ((long)(ea+1)*(eb+1)>ROM.FEXCESS) return true;
- return false;
- }
-
-/* Check if square causes excess */
- public static boolean sexceed(BIG a)
- {
- int ea,eb;
- ea=EXCESS(a);
- if ((long)(ea+1)*(ea+1)>ROM.FEXCESS) return true;
- return false;
- }
-
- public static int FF_EXCESS(BIG a)
- {
- return ((a.get(ROM.NLEN-1)&ROM.P_OMASK)>>(ROM.P_TBITS));
- }
-
-/* Check if product causes excess */
- public static boolean ff_pexceed(BIG a,BIG b)
- {
- int ea,eb;
- ea=FF_EXCESS(a);
- eb=FF_EXCESS(b);
- if ((long)(ea+1)*(eb+1)>ROM.P_FEXCESS) return true;
- return false;
- }
-
-/* Check if square causes excess */
- public static boolean ff_sexceed(BIG a)
- {
- int ea;
- ea=FF_EXCESS(a);
- if ((long)(ea+1)*(ea+1)>ROM.P_FEXCESS) return true;
- return false;
- }
-
-/* Conditional swap of two bigs depending on d using XOR - no branches */
- public void cswap(BIG b,int d)
- {
- int i;
- int t,c=d;
- c=~(c-1);
-
- for (i=0;i<ROM.NLEN;i++)
- {
- t=c&(w[i]^b.w[i]);
- w[i]^=t;
- b.w[i]^=t;
- }
- }
-
- public void cmove(BIG g,int d)
- {
- int i;
- int b=-d;
-
- for (i=0;i<ROM.NLEN;i++)
- {
- w[i]^=(w[i]^g.w[i])&b;
- }
- }
-
- public static int cast_to_chunk(int x)
- {
- return (int)x;
- }
-
-/* normalise BIG - force all digits < 2^BASEBITS */
- public long norm() {
- int d,carry=0;
- for (int i=0;i<ROM.NLEN-1;i++)
- {
- d=w[i]+carry;
- w[i]=d&ROM.BMASK;
- carry=d>>ROM.BASEBITS;
- }
- w[ROM.NLEN-1]=(w[ROM.NLEN-1]+carry);
- return (long)(w[ROM.NLEN-1]>>((8*ROM.MODBYTES)%ROM.BASEBITS));
- }
-
-/* return number of bits */
- public int nbits() {
- int bts,k=ROM.NLEN-1;
- int c;
- norm();
- while (k>=0 && w[k]==0) k--;
- if (k<0) return 0;
- bts=ROM.BASEBITS*k;
- c=w[k];
- while (c!=0) {c/=2; bts++;}
- return bts;
- }
-
- public String toRawString()
- {
- BIG b=new BIG(this);
- String s="(";
- for (int i=0;i<ROM.NLEN-1;i++)
- {
- s+=Integer.toHexString(b.w[i]); s+=",";
- }
- s+=Integer.toHexString(b.w[ROM.NLEN-1]); s+=")";
- return s;
- }
-
-/* Convert to Hex String */
- public String toString() {
- BIG b;
- String s="";
- int len=nbits();
-
- if (len%4==0) len/=4;
- else {len/=4; len++;}
- if (len<ROM.MODBYTES*2) len=ROM.MODBYTES*2;
-
- for (int i=len-1;i>=0;i--)
- {
- b=new BIG(this);
- b.shr(i*4);
- s+=Integer.toHexString(b.w[0]&15);
- }
- return s;
- }
-
- public static int[] muladd(int x,int y,int c,int r)
- {
- int[] tb=new int[2];
- long prod=(long)x*y+c+r;
- tb[1]=(int)prod&ROM.BMASK;
- tb[0]=(int)(prod>>ROM.BASEBITS);
- return tb;
- }
-
-/* this*=x, where x is >NEXCESS */
- public int pmul(int c)
- {
- int ak,carry=0;
- int[] cr=new int[2];
-
- norm();
- for (int i=0;i<ROM.NLEN;i++)
- {
- ak=w[i];
- w[i]=0;
- cr=muladd(ak,c,carry,w[i]);
- carry=cr[0];
- w[i]=cr[1];
- }
- return carry;
- }
-
-/* this*=c and catch overflow in DBIG */
- public DBIG pxmul(int c)
- {
- DBIG m=new DBIG(0);
- int[] cr=new int[2];
- int carry=0;
- for (int j=0;j<ROM.NLEN;j++)
- {
- cr=muladd(w[j],c,carry,m.w[j]);
- carry=cr[0];
- m.w[j]=cr[1];
- }
- m.w[ROM.NLEN]=carry;
- return m;
- }
-
-/* divide by 3 */
- public int div3()
- {
- int ak,base,carry=0;
- norm();
- base=((int)1<<ROM.BASEBITS);
- for (int i=ROM.NLEN-1;i>=0;i--)
- {
- ak=(carry*base+w[i]);
- w[i]=ak/3;
- carry=ak%3;
- }
- return (int)carry;
- }
-
-/* return a*b where result fits in a BIG */
- public static BIG smul(BIG a,BIG b)
- {
- int carry;
- BIG c=new BIG(0);
- int[] cr=new int[2];
- for (int i=0;i<ROM.NLEN;i++)
- {
- carry=0;
- for (int j=0;j<ROM.NLEN;j++)
- {
- if (i+j<ROM.NLEN)
- {
- cr=muladd(a.w[i],b.w[j],carry,c.w[i+j]);
- carry=cr[0];
- c.w[i+j]=cr[1];
- }
- }
- }
- return c;
- }
-
-/* return a*b as DBIG */
- public static DBIG mul(BIG a,BIG b)
- {
- long t,co;
- DBIG c=new DBIG(0);
- // a.norm();
- // b.norm();
-
- long[] d=new long[ROM.NLEN];
- long s;
- int i,k;
-
- for (i=0;i<ROM.NLEN;i++)
- d[i]=(long)a.w[i]*b.w[i];
-
- s=d[0];
- t=s; c.w[0]=(int)t&ROM.BMASK; co=t>>ROM.BASEBITS;
-
- for (k=1;k<ROM.NLEN;k++)
- {
- s+=d[k]; t=co+s; for (i=k;i>=1+k/2;i--) t+=(long)(a.w[i]-a.w[k-i])*(b.w[k-i]-b.w[i]); c.w[k]=(int)t&ROM.BMASK; co=t>>ROM.BASEBITS;
- }
- for (k=ROM.NLEN;k<2*ROM.NLEN-1;k++)
- {
- s-=d[k-ROM.NLEN]; t=co+s; for (i=ROM.NLEN-1;i>=1+k/2;i--) t+=(long)(a.w[i]-a.w[k-i])*(b.w[k-i]-b.w[i]); c.w[k]=(int)t&ROM.BMASK; co=t>>ROM.BASEBITS;
- }
- c.w[2*ROM.NLEN-1]=(int)co;
-
- return c;
- }
-
-/* return a^2 as DBIG */
- public static DBIG sqr(BIG a)
- {
- int i,j,last;
- long t,co;
- DBIG c=new DBIG(0);
- // a.norm();
-
- t=(long)a.w[0]*a.w[0];
- c.w[0]=(int)t&ROM.BMASK; co=t>>ROM.BASEBITS;
- t=(long)a.w[1]*a.w[0]; t+=t; t+=co;
- c.w[1]=(int)t&ROM.BMASK; co=t>>ROM.BASEBITS;
-
- last=ROM.NLEN-ROM.NLEN%2;
- for (j=2;j<last;j+=2)
- {
- t=(long)a.w[j]*a.w[0]; for (i=1;i<(j+1)/2;i++) t+=(long)a.w[j-i]*a.w[i]; t+=t; t+=co; t+=(long)a.w[j/2]*a.w[j/2];
- c.w[j]=(int)t&ROM.BMASK; co=t>>ROM.BASEBITS;
- t=(long)a.w[j+1]*a.w[0]; for (i=1;i<(j+2)/2;i++) t+=(long)a.w[j+1-i]*a.w[i]; t+=t; t+=co;
- c.w[j+1]=(int)t&ROM.BMASK; co=t>>ROM.BASEBITS;
- }
- j=last;
- if (ROM.NLEN%2==1)
- {
- t=(long)a.w[j]*a.w[0]; for (i=1;i<(j+1)/2;i++) t+=(long)a.w[j-i]*a.w[i]; t+=t; t+=co; t+=(long)a.w[j/2]*a.w[j/2];
- c.w[j]=(int)t&ROM.BMASK; co=t>>ROM.BASEBITS; j++;
- t=(long)a.w[ROM.NLEN-1]*a.w[j-ROM.NLEN+1]; for (i=j-ROM.NLEN+2;i<(j+1)/2;i++) t+=(long)a.w[j-i]*a.w[i]; t+=t; t+=co;
- c.w[j]=(int)t&ROM.BMASK; co=t>>ROM.BASEBITS; j++;
- }
- for (;j<ROM.DNLEN-2;j+=2)
- {
- t=(long)a.w[ROM.NLEN-1]*a.w[j-ROM.NLEN+1]; for (i=j-ROM.NLEN+2;i<(j+1)/2;i++) t+=(long)a.w[j-i]*a.w[i]; t+=t; t+=co; t+=(long)a.w[j/2]*a.w[j/2];
- c.w[j]=(int)t&ROM.BMASK; co=t>>ROM.BASEBITS;
- t=(long)a.w[ROM.NLEN-1]*a.w[j-ROM.NLEN+2]; for (i=j-ROM.NLEN+3;i<(j+2)/2;i++) t+=(long)a.w[j+1-i]*a.w[i]; t+=t; t+=co;
- c.w[j+1]=(int)t&ROM.BMASK; co=t>>ROM.BASEBITS;
- }
-
- t=(long)a.w[ROM.NLEN-1]*a.w[ROM.NLEN-1]+co;
- c.w[ROM.DNLEN-2]=(int)t&ROM.BMASK; co=t>>ROM.BASEBITS;
- c.w[ROM.DNLEN-1]=(int)co;
-
- return c;
- }
-
- static BIG monty(DBIG d)
- {
- BIG b;
- long t,c,s;
- int i,k;
- long[] dd=new long[ROM.NLEN];
- int[] v=new int[ROM.NLEN];
- BIG m=new BIG(ROM.Modulus);
- b=new BIG(0);
-
- t=d.w[0]; v[0]=((int)t*ROM.MConst)&ROM.BMASK; t+=(long)v[0]*m.w[0]; c=(t>>ROM.BASEBITS)+d.w[1]; s=0;
-
- for (k=1;k<ROM.NLEN;k++)
- {
- t=c+s+(long)v[0]*m.w[k];
- for (i=k-1;i>k/2;i--) t+=(long)(v[k-i]-v[i])*(m.w[i]-m.w[k-i]);
- v[k]=((int)t*ROM.MConst)&ROM.BMASK; t+=(long)v[k]*m.w[0]; c=(t>>ROM.BASEBITS)+d.w[k+1];
- dd[k]=(long)v[k]*m.w[k]; s+=dd[k];
- }
- for (k=ROM.NLEN;k<2*ROM.NLEN-1;k++)
- {
- t=c+s;
- for (i=ROM.NLEN-1;i>=1+k/2;i--) t+=(long)(v[k-i]-v[i])*(m.w[i]-m.w[k-i]);
- b.w[k-ROM.NLEN]=(int)t&ROM.BMASK; c=(t>>ROM.BASEBITS)+d.w[k+1]; s-=dd[k-ROM.NLEN+1];
- }
- b.w[ROM.NLEN-1]=(int)c&ROM.BMASK;
- b.norm();
- return b;
- }
-
-/* reduce a DBIG to a BIG using the appropriate form of the modulus */
- public static BIG mod(DBIG d)
- {
- if (ROM.MODTYPE==ROM.PSEUDO_MERSENNE)
- {
- BIG b;
- int v,tw;
- BIG t=d.split(ROM.MODBITS);
- b=new BIG(d);
-
- v=t.pmul((int)ROM.MConst);
- tw=t.w[ROM.NLEN-1];
- t.w[ROM.NLEN-1]&=ROM.TMASK;
- t.w[0]+=(ROM.MConst*((tw>>ROM.TBITS)+(v<<(ROM.BASEBITS-ROM.TBITS))));
-
- b.add(t);
- b.norm();
- return b;
- }
- if (ROM.MODTYPE==ROM.MONTGOMERY_FRIENDLY)
- {
- BIG b;
- int[] cr=new int[2];
- for (int i=0;i<ROM.NLEN;i++)
- {
- cr=muladd(d.w[i],ROM.MConst-1,d.w[i],d.w[ROM.NLEN+i-1]);
- d.w[ROM.NLEN+i]+=cr[0];
- d.w[ROM.NLEN+i-1]=cr[1];
- }
-
- b=new BIG(0);
- for (int i=0;i<ROM.NLEN;i++ )
- b.w[i]=d.w[ROM.NLEN+i];
- b.norm();
- return b;
- }
- if (ROM.MODTYPE==ROM.GENERALISED_MERSENNE)
- { // GoldiLocks Only
- BIG b;
- BIG t=d.split(ROM.MODBITS);
- b=new BIG(d);
- b.add(t);
- DBIG dd=new DBIG(t);
- dd.shl(ROM.MODBITS/2);
-
- BIG tt=dd.split(ROM.MODBITS);
- BIG lo=new BIG(dd);
- b.add(tt);
- b.add(lo);
- b.norm();
- tt.shl(ROM.MODBITS/2);
- b.add(tt);
-
- int carry=b.w[ROM.NLEN-1]>>ROM.TBITS;
- b.w[ROM.NLEN-1]&=ROM.TMASK;
- b.w[0]+=carry;
-
- b.w[224/ROM.BASEBITS]+=carry<<(224%ROM.BASEBITS);
- b.norm();
- return b;
- }
- if (ROM.MODTYPE==ROM.NOT_SPECIAL)
- {
- return monty(d);
- }
-
- return new BIG(0);
- }
-
-
-
-/****************************************************************************/
- public void xortop(long x)
- {
- w[ROM.NLEN-1]^=x;
- }
-
-/* set x = x mod 2^m */
- public void mod2m(int m)
- {
- int i,wd,bt;
- wd=m/ROM.BASEBITS;
- bt=m%ROM.BASEBITS;
- w[wd]&=((cast_to_chunk(1)<<bt)-1);
- for (i=wd+1;i<ROM.NLEN;i++) w[i]=0;
- }
-
-/* return n-th bit */
- public int bit(int n)
- {
- if ((w[n/ROM.BASEBITS]&(cast_to_chunk(1)<<(n%ROM.BASEBITS)))>0) return 1;
- else return 0;
- }
-
-/* Shift right by less than a word */
- public int fshr(int k) {
- int r=(int)(w[0]&((cast_to_chunk(1)<<k)-1)); /* shifted out part */
- for (int i=0;i<ROM.NLEN-1;i++)
- w[i]=(w[i]>>k)|((w[i+1]<<(ROM.BASEBITS-k))&ROM.BMASK);
- w[ROM.NLEN-1]=w[ROM.NLEN-1]>>k;
- return r;
- }
-
-/* Shift right by less than a word */
- public int fshl(int k) {
- w[ROM.NLEN-1]=((w[ROM.NLEN-1]<<k))|(w[ROM.NLEN-2]>>(ROM.BASEBITS-k));
- for (int i=ROM.NLEN-2;i>0;i--)
- w[i]=((w[i]<<k)&ROM.BMASK)|(w[i-1]>>(ROM.BASEBITS-k));
- w[0]=(w[0]<<k)&ROM.BMASK;
- return (int)(w[ROM.NLEN-1]>>((8*ROM.MODBYTES)%ROM.BASEBITS)); /* return excess - only used in FF.java */
- }
-
-/* test for zero */
- public boolean iszilch() {
- for (int i=0;i<ROM.NLEN;i++)
- if (w[i]!=0) return false;
- return true;
- }
-
-/* set to zero */
- public void zero()
- {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]=0;
- }
-
-/* set to one */
- public void one()
- {
- w[0]=1;
- for (int i=1;i<ROM.NLEN;i++)
- w[i]=0;
- }
-
-/* Test for equal to one */
- public boolean isunity()
- {
- for (int i=1;i<ROM.NLEN;i++)
- if (w[i]!=0) return false;
- if (w[0]!=1) return false;
- return true;
- }
-
-/* Copy from another BIG */
- public void copy(BIG x)
- {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]=x.w[i];
- }
-
- public void copy(DBIG x)
- {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]=x.w[i];
- }
-
-/* general shift right */
- public void shr(int k) {
- int n=k%ROM.BASEBITS;
- int m=k/ROM.BASEBITS;
- for (int i=0;i<ROM.NLEN-m-1;i++)
- w[i]=(w[m+i]>>n)|((w[m+i+1]<<(ROM.BASEBITS-n))&ROM.BMASK);
- if (ROM.NLEN>m) w[ROM.NLEN-m-1]=w[ROM.NLEN-1]>>n;
- for (int i=ROM.NLEN-m;i<ROM.NLEN;i++) w[i]=0;
- }
-
-/* general shift left */
- public void shl(int k) {
- int n=k%ROM.BASEBITS;
- int m=k/ROM.BASEBITS;
-
- w[ROM.NLEN-1]=((w[ROM.NLEN-1-m]<<n));
- if (ROM.NLEN>=m+2) w[ROM.NLEN-1]|=(w[ROM.NLEN-m-2]>>(ROM.BASEBITS-n));
-
- for (int i=ROM.NLEN-2;i>m;i--)
- w[i]=((w[i-m]<<n)&ROM.BMASK)|(w[i-m-1]>>(ROM.BASEBITS-n));
- w[m]=(w[0]<<n)&ROM.BMASK;
- for (int i=0;i<m;i++) w[i]=0;
- }
-
-/* return this+x */
- public BIG plus(BIG x) {
- BIG s=new BIG(0);
- for (int i=0;i<ROM.NLEN;i++)
- s.w[i]=w[i]+x.w[i];
- return s;
- }
-
-/* this+=x */
- public void add(BIG x) {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]+=x.w[i];
- }
-
-/* this+=x, where x is int */
- public void inc(int x) {
- norm();
- w[0]+=x;
- }
-
-/* this+=x, where x is long */
- public void incl(long x) {
- norm();
- w[0]+=x;
- }
-
-/* return this.x */
- public BIG minus(BIG x) {
- BIG d=new BIG(0);
- for (int i=0;i<ROM.NLEN;i++)
- d.w[i]=w[i]-x.w[i];
- return d;
- }
-
-/* this-=x */
- public void sub(BIG x) {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]-=x.w[i];
- }
-
-/* reverse subtract this=x-this */
- public void rsub(BIG x) {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]=x.w[i]-w[i];
- }
-
-/* this-=x where x is int */
- public void dec(int x) {
- norm();
- w[0]-=x;
- }
-
-/* this*=x, where x is small int<NEXCESS */
- public void imul(int c)
- {
- for (int i=0;i<ROM.NLEN;i++) w[i]*=c;
- }
-
-/* convert this BIG to byte array */
- public void tobytearray(byte[] b,int n)
- {
- norm();
- BIG c=new BIG(this);
-
- for (int i=ROM.MODBYTES-1;i>=0;i--)
- {
- b[i+n]=(byte)c.w[0];
- c.fshr(8);
- }
- }
-
-/* convert from byte array to BIG */
- public static BIG frombytearray(byte[] b,int n)
- {
- BIG m=new BIG(0);
-
- for (int i=0;i<ROM.MODBYTES;i++)
- {
- m.fshl(8); m.w[0]+=(int)b[i+n]&0xff;
- //m.inc((int)b[i]&0xff);
- }
- return m;
- }
-
- public void toBytes(byte[] b)
- {
- tobytearray(b,0);
- }
-
- public static BIG fromBytes(byte[] b)
- {
- return frombytearray(b,0);
- }
-
-/* Compare a and b, return 0 if a==b, -1 if a<b, +1 if a>b. Inputs must be normalised */
- public static int comp(BIG a,BIG b)
- {
- for (int i=ROM.NLEN-1;i>=0;i--)
- {
- if (a.w[i]==b.w[i]) continue;
- if (a.w[i]>b.w[i]) return 1;
- else return -1;
- }
- return 0;
- }
-
-/* Arazi and Qi inversion mod 256 */
- public static int invmod256(int a)
- {
- int U,t1,t2,b,c;
- t1=0;
- c=(a>>1)&1;
- t1+=c;
- t1&=1;
- t1=2-t1;
- t1<<=1;
- U=t1+1;
-
-// i=2
- b=a&3;
- t1=U*b; t1>>=2;
- c=(a>>2)&3;
- t2=(U*c)&3;
- t1+=t2;
- t1*=U; t1&=3;
- t1=4-t1;
- t1<<=2;
- U+=t1;
-
-// i=4
- b=a&15;
- t1=U*b; t1>>=4;
- c=(a>>4)&15;
- t2=(U*c)&15;
- t1+=t2;
- t1*=U; t1&=15;
- t1=16-t1;
- t1<<=4;
- U+=t1;
-
- return U;
- }
-
-/* a=1/a mod 2^256. This is very fast! */
- public void invmod2m()
- {
- int i;
- BIG U=new BIG(0);
- BIG b=new BIG(0);
- BIG c=new BIG(0);
-
- U.inc(invmod256(lastbits(8)));
-
- for (i=8;i<ROM.BIGBITS;i<<=1)
- {
- b.copy(this); b.mod2m(i);
- BIG t1=BIG.smul(U,b);
- t1.shr(i);
-
- c.copy(this); c.shr(i); c.mod2m(i);
- BIG t2=BIG.smul(U,c); t2.mod2m(i);
- t1.add(t2);
- b=BIG.smul(t1,U); t1.copy(b);
- t1.mod2m(i);
-
- t2.one(); t2.shl(i); t1.rsub(t2); t1.norm();
-
- t1.shl(i);
- U.add(t1);
- }
- U.mod2m(ROM.BIGBITS);
- copy(U);
- norm();
- }
-
-/* reduce this mod m */
- public void mod(BIG m)
- {
- int k=0;
- BIG r=new BIG(0);
-
- norm();
- if (comp(this,m)<0) return;
- do
- {
- m.fshl(1);
- k++;
- } while (comp(this,m)>=0);
-
- while (k>0)
- {
- m.fshr(1);
-
- r.copy(this);
- r.sub(m);
- r.norm();
- cmove(r,(int)(1-((r.w[ROM.NLEN-1]>>(ROM.CHUNK-1))&1)));
-/*
- if (comp(this,m)>=0)
- {
- sub(m);
- norm();
- } */
- k--;
- }
- }
-
-/* divide this by m */
- public void div(BIG m)
- {
- int d,k=0;
- norm();
- BIG e=new BIG(1);
- BIG b=new BIG(this);
- BIG r=new BIG(0);
- zero();
-
- while (comp(b,m)>=0)
- {
- e.fshl(1);
- m.fshl(1);
- k++;
- }
-
- while (k>0)
- {
- m.fshr(1);
- e.fshr(1);
-
- r.copy(b);
- r.sub(m);
- r.norm();
- d=(int)(1-((r.w[ROM.NLEN-1]>>(ROM.CHUNK-1))&1));
- b.cmove(r,d);
- r.copy(this);
- r.add(e);
- r.norm();
- cmove(r,d);
-
-/*
- if (comp(b,m)>=0)
- {
- add(e);
- norm();
- b.sub(m);
- b.norm();
- } */
- k--;
- }
- }
-
-/* return parity */
- public int parity()
- {
- return (int)(w[0]%2);
- }
-
-/* return n last bits */
- public int lastbits(int n)
- {
- int msk=(1<<n)-1;
- norm();
- return ((int)w[0])&msk;
- }
-
-/* get 8*MODBYTES size random number */
- public static BIG random(RAND rng)
- {
- BIG m=new BIG(0);
- int i,b,j=0,r=0;
-
-/* generate random BIG */
- for (i=0;i<8*ROM.MODBYTES;i++)
- {
- if (j==0) r=rng.getByte();
- else r>>=1;
-
- b=r&1;
- m.shl(1); m.w[0]+=b;// m.inc(b);
- j++; j&=7;
- }
- return m;
- }
-
-/* Create random BIG in portable way, one bit at a time */
- public static BIG randomnum(BIG q,RAND rng)
- {
- DBIG d=new DBIG(0);
- int i,b,j=0,r=0;
- for (i=0;i<2*ROM.MODBITS;i++)
- {
- if (j==0) r=rng.getByte();
- else r>>=1;
-
- b=r&1;
- d.shl(1); d.w[0]+=b;// m.inc(b);
- j++; j&=7;
- }
- BIG m=d.mod(q);
- return m;
- }
-
-/* return a*b mod m */
- public static BIG modmul(BIG a,BIG b,BIG m)
- {
- a.mod(m);
- b.mod(m);
- DBIG d=mul(a,b);
- return d.mod(m);
- }
-
-/* return a^2 mod m */
- public static BIG modsqr(BIG a,BIG m)
- {
- a.mod(m);
- DBIG d=sqr(a);
- return d.mod(m);
- }
-
-/* return -a mod m */
- public static BIG modneg(BIG a,BIG m)
- {
- a.mod(m);
- return m.minus(a);
- }
-
-/* return this^e mod m */
- public BIG powmod(BIG e,BIG m)
- {
- int bt;
- norm();
- e.norm();
- BIG a=new BIG(1);
- BIG z=new BIG(e);
- BIG s=new BIG(this);
- while (true)
- {
- bt=z.parity();
- z.fshr(1);
- if (bt==1) a=modmul(a,s,m);
- if (z.iszilch()) break;
- s=modsqr(s,m);
- }
- return a;
- }
-
-/* Jacobi Symbol (this/p). Returns 0, 1 or -1 */
- public int jacobi(BIG p)
- {
- int n8,k,m=0;
- BIG t=new BIG(0);
- BIG x=new BIG(0);
- BIG n=new BIG(0);
- BIG zilch=new BIG(0);
- BIG one=new BIG(1);
- if (p.parity()==0 || comp(this,zilch)==0 || comp(p,one)<=0) return 0;
- norm();
- x.copy(this);
- n.copy(p);
- x.mod(p);
-
- while (comp(n,one)>0)
- {
- if (comp(x,zilch)==0) return 0;
- n8=n.lastbits(3);
- k=0;
- while (x.parity()==0)
- {
- k++;
- x.shr(1);
- }
- if (k%2==1) m+=(n8*n8-1)/8;
- m+=(n8-1)*(x.lastbits(2)-1)/4;
- t.copy(n);
- t.mod(x);
- n.copy(x);
- x.copy(t);
- m%=2;
-
- }
- if (m==0) return 1;
- else return -1;
- }
-
-/* this=1/this mod p. Binary method */
- public void invmodp(BIG p)
- {
- mod(p);
- BIG u=new BIG(this);
- BIG v=new BIG(p);
- BIG x1=new BIG(1);
- BIG x2=new BIG(0);
- BIG t=new BIG(0);
- BIG one=new BIG(1);
-
- while (comp(u,one)!=0 && comp(v,one)!=0)
- {
- while (u.parity()==0)
- {
- u.shr(1);
- if (x1.parity()!=0)
- {
- x1.add(p);
- x1.norm();
- }
- x1.shr(1);
- }
- while (v.parity()==0)
- {
- v.shr(1);
- if (x2.parity()!=0)
- {
- x2.add(p);
- x2.norm();
- }
- x2.shr(1);
- }
- if (comp(u,v)>=0)
- {
- u.sub(v);
- u.norm();
- if (comp(x1,x2)>=0) x1.sub(x2);
- else
- {
- t.copy(p);
- t.sub(x2);
- x1.add(t);
- }
- x1.norm();
- }
- else
- {
- v.sub(u);
- v.norm();
- if (comp(x2,x1)>=0) x2.sub(x1);
- else
- {
- t.copy(p);
- t.sub(x1);
- x2.add(t);
- }
- x2.norm();
- }
- }
- if (comp(u,one)==0) copy(x1);
- else copy(x2);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/java/BIG64.java
----------------------------------------------------------------------
diff --git a/version22/java/BIG64.java b/version22/java/BIG64.java
deleted file mode 100644
index c66b495..0000000
--- a/version22/java/BIG64.java
+++ /dev/null
@@ -1,1040 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL BIG number class */
-
-public class BIG {
- protected long[] w=new long[ROM.NLEN];
-/* Constructors */
- public BIG()
- {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]=0;
- }
-
- public BIG(int x)
- {
- w[0]=x;
- for (int i=1;i<ROM.NLEN;i++)
- w[i]=0;
- }
-
- public BIG(BIG x)
- {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]=x.w[i];
- }
-
- public BIG(DBIG x)
- {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]=x.w[i];
- }
-
- public BIG(long[] x)
- {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]=x[i];
- }
-
- public long get(int i)
- {
- return w[i];
- }
-
- public void set(int i,long x)
- {
- w[i]=x;
- }
-
-/* calculate Field Excess */
- public static long EXCESS(BIG a)
- {
- return ((a.w[ROM.NLEN-1]&ROM.OMASK)>>(ROM.MODBITS%ROM.BASEBITS));
- }
-
-/* Check if product causes excess */
- public static boolean pexceed(BIG a,BIG b)
- {
- long ea,eb;
- ea=EXCESS(a);
- eb=EXCESS(b);
- if ((ea+1)>ROM.FEXCESS/(eb+1)) return true;
- return false;
- }
-
-/* Check if square causes excess */
- public static boolean sexceed(BIG a)
- {
- long ea;
- ea=EXCESS(a);
- if ((ea+1)>ROM.FEXCESS/(ea+1)) return true;
- return false;
- }
-
- public static long FF_EXCESS(BIG a)
- {
- return ((a.get(ROM.NLEN-1)&ROM.P_OMASK)>>(ROM.P_TBITS));
- }
-
-/* Check if product causes excess */
- public static boolean ff_pexceed(BIG a,BIG b)
- {
- long ea,eb;
- ea=FF_EXCESS(a);
- eb=FF_EXCESS(b);
- if ((ea+1)>ROM.P_FEXCESS/(eb+1)) return true;
- return false;
- }
-
-/* Check if square causes excess */
- public static boolean ff_sexceed(BIG a)
- {
- long ea;
- ea=FF_EXCESS(a);
- if ((ea+1)>ROM.P_FEXCESS/(ea+1)) return true;
- return false;
- }
-
-/* Conditional swap of two bigs depending on d using XOR - no branches */
- public void cswap(BIG b,int d)
- {
- int i;
- long t,c=(long)d;
- c=~(c-1);
-
- for (i=0;i<ROM.NLEN;i++)
- {
- t=c&(w[i]^b.w[i]);
- w[i]^=t;
- b.w[i]^=t;
- }
- }
-
- public void cmove(BIG g,int d)
- {
- int i;
- long t,b=-d;
-
- for (i=0;i<ROM.NLEN;i++)
- {
- w[i]^=(w[i]^g.w[i])&b;
- }
- }
-
- public static long cast_to_chunk(int x)
- {
- return (long)x;
- }
-
-/* normalise BIG - force all digits < 2^BASEBITS */
- public long norm() {
- long d,carry=0;
- for (int i=0;i<ROM.NLEN-1;i++)
- {
- d=w[i]+carry;
- w[i]=d&ROM.BMASK;
- carry=(d>>ROM.BASEBITS);
- }
- w[ROM.NLEN-1]=(w[ROM.NLEN-1]+carry);
- return (long)(w[ROM.NLEN-1]>>((8*ROM.MODBYTES)%ROM.BASEBITS));
- }
-
-/* return number of bits */
- public int nbits() {
- int bts,k=ROM.NLEN-1;
- long c;
- norm();
- while (k>=0 && w[k]==0) k--;
- if (k<0) return 0;
- bts=ROM.BASEBITS*k;
- c=w[k];
- while (c!=0) {c/=2; bts++;}
- return bts;
- }
-
- public String toRawString()
- {
- BIG b=new BIG(this);
- String s="(";
- for (int i=0;i<ROM.NLEN-1;i++)
- {
- s+=Long.toHexString(b.w[i]); s+=",";
- }
- s+=Long.toHexString(b.w[ROM.NLEN-1]); s+=")";
- return s;
- }
-
-/* Convert to Hex String */
- public String toString() {
- BIG b;
- String s="";
- int len=nbits();
-
- if (len%4==0) len/=4;
- else {len/=4; len++;}
- if (len<ROM.MODBYTES*2) len=ROM.MODBYTES*2;
-
- for (int i=len-1;i>=0;i--)
- {
- b=new BIG(this);
- b.shr(i*4);
- s+=Long.toHexString(b.w[0]&15);
- }
- return s;
- }
-
-/* set this[i]+=x*y+c, and return high part */
-/*
- public long muladd(long a,long b,long c,int i)
- {
- long x0,x1,y0,y1;
- x0=a&ROM.HMASK;
- x1=(a>>ROM.HBITS);
- y0=b&ROM.HMASK;
- y1=(b>>ROM.HBITS);
- long bot=x0*y0;
- long top=x1*y1;
- long mid=x0*y1+x1*y0;
-
- x0=mid&ROM.HMASK;
- x1=(mid>>ROM.HBITS);
- bot+=x0<<ROM.HBITS; bot+=c; bot+=w[i];
-
- top+=x1;
- long carry=bot>>ROM.BASEBITS;
- bot&=ROM.BMASK;
- top+=carry;
- w[i]=bot;
- return top;
- }
-*/
-
- public static long[] muladd(long a,long b,long c,long r)
- {
- long x0,x1,y0,y1;
- long[] tb=new long[2];
- x0=a&ROM.HMASK;
- x1=(a>>ROM.HBITS);
- y0=b&ROM.HMASK;
- y1=(b>>ROM.HBITS);
- long bot=x0*y0;
- long top=x1*y1;
- long mid=x0*y1+x1*y0;
- x0=mid&ROM.HMASK;
- x1=(mid>>ROM.HBITS);
- bot+=x0<<ROM.HBITS; bot+=c; bot+=r;
- top+=x1;
- long carry=bot>>ROM.BASEBITS;
- bot&=ROM.BMASK;
- top+=carry;
- tb[0]=top;
- tb[1]=bot;
- return tb;
- }
-
-
-
-
-/* this*=x, where x is >NEXCESS */
- public long pmul(int c)
- {
- long ak,carry=0;
- long[] cr=new long[2];
- norm();
- for (int i=0;i<ROM.NLEN;i++)
- {
- ak=w[i];
- w[i]=0;
-
- cr=muladd(ak,(long)c,carry,w[i]);
- carry=cr[0];
- w[i]=cr[1];
-
- }
- return carry;
- }
-
-/* this*=c and catch overflow in DBIG */
- public DBIG pxmul(int c)
- {
- DBIG m=new DBIG(0);
- long[] cr=new long[2];
- long carry=0;
- for (int j=0;j<ROM.NLEN;j++)
- {
- cr=muladd(w[j],(long)c,carry,m.w[j]);
- carry=cr[0];
- m.w[j]=cr[1];
- }
- m.w[ROM.NLEN]=carry;
- return m;
- }
-
-/* divide by 3 */
- public int div3()
- {
- long ak,base,carry=0;
- norm();
- base=((long)1<<ROM.BASEBITS);
- for (int i=ROM.NLEN-1;i>=0;i--)
- {
- ak=(carry*base+w[i]);
- w[i]=ak/3;
- carry=ak%3;
- }
- return (int)carry;
- }
-
-/* return a*b where result fits in a BIG */
- public static BIG smul(BIG a,BIG b)
- {
- long carry;
- long[] cr=new long[2];
- BIG c=new BIG(0);
- for (int i=0;i<ROM.NLEN;i++)
- {
- carry=0;
- for (int j=0;j<ROM.NLEN;j++)
- if (i+j<ROM.NLEN)
- {
- cr=muladd(a.w[i],b.w[j],carry,c.w[i+j]);
- carry=cr[0];
- c.w[i+j]=cr[1];
- }
- }
- return c;
- }
-
-/* return a*b as DBIG */
- public static DBIG mul(BIG a,BIG b)
- {
- DBIG c=new DBIG(0);
- long carry;
- long[] cr=new long[2];
-// a.norm();
-// b.norm();
-
- for (int i=0;i<ROM.NLEN;i++)
- {
- carry=0;
- for (int j=0;j<ROM.NLEN;j++)
- {
- cr=muladd(a.w[i],b.w[j],carry,c.w[i+j]);
- carry=cr[0];
- c.w[i+j]=cr[1];
- //carry=c.muladd(a.w[i],b.w[j],carry,i+j);
- }
- c.w[ROM.NLEN+i]=carry;
- }
-
- return c;
- }
-
-/* return a^2 as DBIG */
- public static DBIG sqr(BIG a)
- {
- DBIG c=new DBIG(0);
- long carry;
- long[] cr=new long[2];
- // a.norm();
- for (int i=0;i<ROM.NLEN;i++)
- {
- carry=0;
- for (int j=i+1;j<ROM.NLEN;j++)
- {
- cr=muladd(2*a.w[i],a.w[j],carry,c.w[i+j]);
- carry=cr[0];
- c.w[i+j]=cr[1];
- //carry=c.muladd(2*a.w[i],a.w[j],carry,i+j);
- }
- c.w[ROM.NLEN+i]=carry;
- }
-
- for (int i=0;i<ROM.NLEN;i++)
- {
- cr=muladd(a.w[i],a.w[i],0,c.w[2*i]);
- c.w[2*i+1]+=cr[0];
- c.w[2*i]=cr[1];
- //c.w[2*i+1]+=c.muladd(a.w[i],a.w[i],0,2*i);
- }
- c.norm();
- return c;
- }
-
- static BIG monty(DBIG d)
- {
- BIG b;
- BIG md=new BIG(ROM.Modulus);
- long m,carry;
- long[] cr=new long[2];
- for (int i=0;i<ROM.NLEN;i++)
- {
- if (ROM.MConst==-1) m=(-d.w[i])&ROM.BMASK;
- else
- {
- if (ROM.MConst==1) m=d.w[i];
- else m=(ROM.MConst*d.w[i])&ROM.BMASK;
- }
-
- carry=0;
- for (int j=0;j<ROM.NLEN;j++)
- {
- cr=muladd(m,md.w[j],carry,d.w[i+j]);
- carry=cr[0];
- d.w[i+j]=cr[1];
- }
- d.w[ROM.NLEN+i]+=carry;
- }
-
- b=new BIG(0);
- for (int i=0;i<ROM.NLEN;i++ )
- b.w[i]=d.w[ROM.NLEN+i];
- b.norm();
- return b;
- }
-
-/* reduce a DBIG to a BIG using the appropriate form of the modulus */
- public static BIG mod(DBIG d)
- {
- if (ROM.MODTYPE==ROM.PSEUDO_MERSENNE)
- {
- BIG b;
- long v,tw;
- BIG t=d.split(ROM.MODBITS);
- b=new BIG(d);
-
- v=t.pmul((int)ROM.MConst);
- tw=t.w[ROM.NLEN-1];
- t.w[ROM.NLEN-1]&=ROM.TMASK;
- t.w[0]+=(ROM.MConst*((tw>>ROM.TBITS)+(v<<(ROM.BASEBITS-ROM.TBITS))));
-
- b.add(t);
- b.norm();
- return b;
- }
- if (ROM.MODTYPE==ROM.MONTGOMERY_FRIENDLY)
- {
- BIG b;
- long[] cr=new long[2];
- for (int i=0;i<ROM.NLEN;i++)
- {
- cr=muladd(d.w[i],ROM.MConst-1,d.w[i],d.w[ROM.NLEN+i-1]);
- d.w[ROM.NLEN+i]+=cr[0];
- d.w[ROM.NLEN+i-1]=cr[1];
- }
-
- b=new BIG(0);
- for (int i=0;i<ROM.NLEN;i++ )
- b.w[i]=d.w[ROM.NLEN+i];
- b.norm();
- return b;
- }
- if (ROM.MODTYPE==ROM.GENERALISED_MERSENNE)
- { // GoldiLocks Only
- BIG b;
- BIG t=d.split(ROM.MODBITS);
- b=new BIG(d);
- b.add(t);
- DBIG dd=new DBIG(t);
- dd.shl(ROM.MODBITS/2);
-
- BIG tt=dd.split(ROM.MODBITS);
- BIG lo=new BIG(dd);
- b.add(tt);
- b.add(lo);
- b.norm();
- tt.shl(ROM.MODBITS/2);
- b.add(tt);
-
- long carry=b.w[ROM.NLEN-1]>>ROM.TBITS;
- b.w[ROM.NLEN-1]&=ROM.TMASK;
- b.w[0]+=carry;
-
- b.w[224/ROM.BASEBITS]+=carry<<(224%ROM.BASEBITS);
- b.norm();
- return b;
- }
- if (ROM.MODTYPE==ROM.NOT_SPECIAL)
- {
- return monty(d);
- }
-
- return new BIG(0);
- }
-
-
-/****************************************************************************/
-
- public void xortop(long x)
- {
- w[ROM.NLEN-1]^=x;
- }
-
-/* set x = x mod 2^m */
- public void mod2m(int m)
- {
- int i,wd,bt;
- wd=m/ROM.BASEBITS;
- bt=m%ROM.BASEBITS;
- w[wd]&=((cast_to_chunk(1)<<bt)-1);
- for (i=wd+1;i<ROM.NLEN;i++) w[i]=0;
- }
-
-/* return n-th bit */
- public int bit(int n)
- {
- if ((w[n/ROM.BASEBITS]&(cast_to_chunk(1)<<(n%ROM.BASEBITS)))>0) return 1;
- else return 0;
- }
-
-/* Shift right by less than a word */
- public int fshr(int k) {
- int r=(int)(w[0]&((cast_to_chunk(1)<<k)-1)); /* shifted out part */
- for (int i=0;i<ROM.NLEN-1;i++)
- w[i]=(w[i]>>k)|((w[i+1]<<(ROM.BASEBITS-k))&ROM.BMASK);
- w[ROM.NLEN-1]=w[ROM.NLEN-1]>>k;
- return r;
- }
-
-/* Shift right by less than a word */
- public int fshl(int k) {
- w[ROM.NLEN-1]=((w[ROM.NLEN-1]<<k))|(w[ROM.NLEN-2]>>(ROM.BASEBITS-k));
- for (int i=ROM.NLEN-2;i>0;i--)
- w[i]=((w[i]<<k)&ROM.BMASK)|(w[i-1]>>(ROM.BASEBITS-k));
- w[0]=(w[0]<<k)&ROM.BMASK;
- return (int)(w[ROM.NLEN-1]>>((8*ROM.MODBYTES)%ROM.BASEBITS)); /* return excess - only used in FF.java */
- }
-
-/* test for zero */
- public boolean iszilch() {
- for (int i=0;i<ROM.NLEN;i++)
- if (w[i]!=0) return false;
- return true;
- }
-
-/* set to zero */
- public void zero()
- {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]=0;
- }
-
-/* set to one */
- public void one()
- {
- w[0]=1;
- for (int i=1;i<ROM.NLEN;i++)
- w[i]=0;
- }
-
-/* Test for equal to one */
- public boolean isunity()
- {
- for (int i=1;i<ROM.NLEN;i++)
- if (w[i]!=0) return false;
- if (w[0]!=1) return false;
- return true;
- }
-
-/* Copy from another BIG */
- public void copy(BIG x)
- {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]=x.w[i];
- }
-
- public void copy(DBIG x)
- {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]=x.w[i];
- }
-
-/* general shift right */
- public void shr(int k) {
- int n=k%ROM.BASEBITS;
- int m=k/ROM.BASEBITS;
- for (int i=0;i<ROM.NLEN-m-1;i++)
- w[i]=(w[m+i]>>n)|((w[m+i+1]<<(ROM.BASEBITS-n))&ROM.BMASK);
- if (ROM.NLEN>m) w[ROM.NLEN-m-1]=w[ROM.NLEN-1]>>n;
- for (int i=ROM.NLEN-m;i<ROM.NLEN;i++) w[i]=0;
- }
-
-/* general shift left */
- public void shl(int k) {
- int n=k%ROM.BASEBITS;
- int m=k/ROM.BASEBITS;
-
- w[ROM.NLEN-1]=((w[ROM.NLEN-1-m]<<n));
- if (ROM.NLEN>=m+2) w[ROM.NLEN-1]|=(w[ROM.NLEN-m-2]>>(ROM.BASEBITS-n));
-
- for (int i=ROM.NLEN-2;i>m;i--)
- w[i]=((w[i-m]<<n)&ROM.BMASK)|(w[i-m-1]>>(ROM.BASEBITS-n));
- w[m]=(w[0]<<n)&ROM.BMASK;
- for (int i=0;i<m;i++) w[i]=0;
- }
-
-/* return this+x */
- public BIG plus(BIG x) {
- BIG s=new BIG(0);
- for (int i=0;i<ROM.NLEN;i++)
- s.w[i]=w[i]+x.w[i];
- return s;
- }
-
-/* this+=x */
- public void add(BIG x) {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]+=x.w[i];
- }
-
-/* this+=x, where x is int */
- public void inc(int x) {
- norm();
- w[0]+=x;
- }
-
-/* this+=x, where x is long */
- public void incl(long x) {
- norm();
- w[0]+=x;
- }
-
-/* return this.x */
- public BIG minus(BIG x) {
- BIG d=new BIG(0);
- for (int i=0;i<ROM.NLEN;i++)
- d.w[i]=w[i]-x.w[i];
- return d;
- }
-
-/* this-=x */
- public void sub(BIG x) {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]-=x.w[i];
- }
-
-/* reverse subtract this=x-this */
- public void rsub(BIG x) {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]=x.w[i]-w[i];
- }
-
-/* this-=x where x is int */
- public void dec(int x) {
- norm();
- w[0]-=x;
- }
-
-/* this*=x, where x is small int<NEXCESS */
- public void imul(int c)
- {
- for (int i=0;i<ROM.NLEN;i++) w[i]*=c;
- }
-
-/* convert this BIG to byte array */
- public void tobytearray(byte[] b,int n)
- {
- norm();
- BIG c=new BIG(this);
-
- for (int i=ROM.MODBYTES-1;i>=0;i--)
- {
- b[i+n]=(byte)c.w[0];
- c.fshr(8);
- }
- }
-
-/* convert from byte array to BIG */
- public static BIG frombytearray(byte[] b,int n)
- {
- BIG m=new BIG(0);
-
- for (int i=0;i<ROM.MODBYTES;i++)
- {
- m.fshl(8); m.w[0]+=(int)b[i+n]&0xff;
- //m.inc((int)b[i]&0xff);
- }
- return m;
- }
-
- public void toBytes(byte[] b)
- {
- tobytearray(b,0);
- }
-
- public static BIG fromBytes(byte[] b)
- {
- return frombytearray(b,0);
- }
-
-/* Compare a and b, return 0 if a==b, -1 if a<b, +1 if a>b. Inputs must be normalised */
- public static int comp(BIG a,BIG b)
- {
- for (int i=ROM.NLEN-1;i>=0;i--)
- {
- if (a.w[i]==b.w[i]) continue;
- if (a.w[i]>b.w[i]) return 1;
- else return -1;
- }
- return 0;
- }
-
-/* Arazi and Qi inversion mod 256 */
- public static int invmod256(int a)
- {
- int U,t1,t2,b,c;
- t1=0;
- c=(a>>1)&1;
- t1+=c;
- t1&=1;
- t1=2-t1;
- t1<<=1;
- U=t1+1;
-
-// i=2
- b=a&3;
- t1=U*b; t1>>=2;
- c=(a>>2)&3;
- t2=(U*c)&3;
- t1+=t2;
- t1*=U; t1&=3;
- t1=4-t1;
- t1<<=2;
- U+=t1;
-
-// i=4
- b=a&15;
- t1=U*b; t1>>=4;
- c=(a>>4)&15;
- t2=(U*c)&15;
- t1+=t2;
- t1*=U; t1&=15;
- t1=16-t1;
- t1<<=4;
- U+=t1;
-
- return U;
- }
-
-/* a=1/a mod 2^256. This is very fast! */
- public void invmod2m()
- {
- int i;
- BIG U=new BIG(0);
- BIG b=new BIG(0);
- BIG c=new BIG(0);
-
- U.inc(invmod256(lastbits(8)));
-
- for (i=8;i<ROM.BIGBITS;i<<=1)
- {
- b.copy(this); b.mod2m(i);
- BIG t1=BIG.smul(U,b);
- t1.shr(i);
-
- c.copy(this); c.shr(i); c.mod2m(i);
- BIG t2=BIG.smul(U,c); t2.mod2m(i);
- t1.add(t2);
- b=BIG.smul(t1,U); t1.copy(b);
- t1.mod2m(i);
-
- t2.one(); t2.shl(i); t1.rsub(t2); t1.norm();
-
- t1.shl(i);
- U.add(t1);
- }
- U.mod2m(ROM.BIGBITS);
- copy(U);
- norm();
- }
-
-/* reduce this mod m */
- public void mod(BIG m)
- {
- int k=0;
- BIG r=new BIG(0);
-
- norm();
- if (comp(this,m)<0) return;
- do
- {
- m.fshl(1);
- k++;
- } while (comp(this,m)>=0);
-
- while (k>0)
- {
- m.fshr(1);
-
- r.copy(this);
- r.sub(m);
- r.norm();
- cmove(r,(int)(1-((r.w[ROM.NLEN-1]>>(ROM.CHUNK-1))&1)));
-/*
- if (comp(this,m)>=0)
- {
- sub(m);
- norm();
- } */
- k--;
- }
- }
-
-/* divide this by m */
- public void div(BIG m)
- {
- int d,k=0;
- norm();
- BIG e=new BIG(1);
- BIG b=new BIG(this);
- BIG r=new BIG(0);
- zero();
-
- while (comp(b,m)>=0)
- {
- e.fshl(1);
- m.fshl(1);
- k++;
- }
-
- while (k>0)
- {
- m.fshr(1);
- e.fshr(1);
-
- r.copy(b);
- r.sub(m);
- r.norm();
- d=(int)(1-((r.w[ROM.NLEN-1]>>(ROM.CHUNK-1))&1));
- b.cmove(r,d);
- r.copy(this);
- r.add(e);
- r.norm();
- cmove(r,d);
-
-/*
- if (comp(b,m)>=0)
- {
- add(e);
- norm();
- b.sub(m);
- b.norm();
- } */
- k--;
- }
- }
-
-/* return parity */
- public int parity()
- {
- return (int)(w[0]%2);
- }
-
-/* return n last bits */
- public int lastbits(int n)
- {
- int msk=(1<<n)-1;
- norm();
- return ((int)w[0])&msk;
- }
-
-/* get 8*MODBYTES size random number */
- public static BIG random(RAND rng)
- {
- BIG m=new BIG(0);
- int i,b,j=0,r=0;
-
-/* generate random BIG */
- for (i=0;i<8*ROM.MODBYTES;i++)
- {
- if (j==0) r=rng.getByte();
- else r>>=1;
-
- b=r&1;
- m.shl(1); m.w[0]+=b;// m.inc(b);
- j++; j&=7;
- }
- return m;
- }
-
-/* Create random BIG in portable way, one bit at a time */
- public static BIG randomnum(BIG q,RAND rng)
- {
- DBIG d=new DBIG(0);
- int i,b,j=0,r=0;
- for (i=0;i<2*ROM.MODBITS;i++)
- {
- if (j==0) r=rng.getByte();
- else r>>=1;
-
- b=r&1;
- d.shl(1); d.w[0]+=b;// m.inc(b);
- j++; j&=7;
- }
- BIG m=d.mod(q);
- return m;
- }
-
-/* return a*b mod m */
- public static BIG modmul(BIG a,BIG b,BIG m)
- {
- a.mod(m);
- b.mod(m);
- DBIG d=mul(a,b);
- return d.mod(m);
- }
-
-/* return a^2 mod m */
- public static BIG modsqr(BIG a,BIG m)
- {
- a.mod(m);
- DBIG d=sqr(a);
- return d.mod(m);
- }
-
-/* return -a mod m */
- public static BIG modneg(BIG a,BIG m)
- {
- a.mod(m);
- return m.minus(a);
- }
-
-/* return this^e mod m */
- public BIG powmod(BIG e,BIG m)
- {
- int bt;
- norm();
- e.norm();
- BIG a=new BIG(1);
- BIG z=new BIG(e);
- BIG s=new BIG(this);
- while (true)
- {
- bt=z.parity();
- z.fshr(1);
- if (bt==1) a=modmul(a,s,m);
- if (z.iszilch()) break;
- s=modsqr(s,m);
- }
- return a;
- }
-
-/* Jacobi Symbol (this/p). Returns 0, 1 or -1 */
- public int jacobi(BIG p)
- {
- int n8,k,m=0;
- BIG t=new BIG(0);
- BIG x=new BIG(0);
- BIG n=new BIG(0);
- BIG zilch=new BIG(0);
- BIG one=new BIG(1);
- if (p.parity()==0 || comp(this,zilch)==0 || comp(p,one)<=0) return 0;
- norm();
- x.copy(this);
- n.copy(p);
- x.mod(p);
-
- while (comp(n,one)>0)
- {
- if (comp(x,zilch)==0) return 0;
- n8=n.lastbits(3);
- k=0;
- while (x.parity()==0)
- {
- k++;
- x.shr(1);
- }
- if (k%2==1) m+=(n8*n8-1)/8;
- m+=(n8-1)*(x.lastbits(2)-1)/4;
- t.copy(n);
- t.mod(x);
- n.copy(x);
- x.copy(t);
- m%=2;
-
- }
- if (m==0) return 1;
- else return -1;
- }
-
-/* this=1/this mod p. Binary method */
- public void invmodp(BIG p)
- {
- mod(p);
- BIG u=new BIG(this);
- BIG v=new BIG(p);
- BIG x1=new BIG(1);
- BIG x2=new BIG(0);
- BIG t=new BIG(0);
- BIG one=new BIG(1);
-
- while (comp(u,one)!=0 && comp(v,one)!=0)
- {
- while (u.parity()==0)
- {
- u.shr(1);
- if (x1.parity()!=0)
- {
- x1.add(p);
- x1.norm();
- }
- x1.shr(1);
- }
- while (v.parity()==0)
- {
- v.shr(1);
- if (x2.parity()!=0)
- {
- x2.add(p);
- x2.norm();
- }
- x2.shr(1);
- }
- if (comp(u,v)>=0)
- {
- u.sub(v);
- u.norm();
- if (comp(x1,x2)>=0) x1.sub(x2);
- else
- {
- t.copy(p);
- t.sub(x2);
- x1.add(t);
- }
- x1.norm();
- }
- else
- {
- v.sub(u);
- v.norm();
- if (comp(x2,x1)>=0) x2.sub(x1);
- else
- {
- t.copy(p);
- t.sub(x1);
- x2.add(t);
- }
- x2.norm();
- }
- }
- if (comp(u,one)==0) copy(x1);
- else copy(x2);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/java/BenchtestEC.java
----------------------------------------------------------------------
diff --git a/version22/java/BenchtestEC.java b/version22/java/BenchtestEC.java
deleted file mode 100644
index 1800635..0000000
--- a/version22/java/BenchtestEC.java
+++ /dev/null
@@ -1,160 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Test and benchmark elliptic curve and RSA functions */
-
-public class BenchtestEC
-{
-/* generate an RSA key pair */
- public static final int MIN_TIME=10; /* seconds */
- public static final int MIN_ITERS=10;
-
- public static void main(String[] args)
- {
- int i,iterations;
- long start,elapsed;
- byte[] RAW=new byte[100];
- RAND rng=new RAND();
- double dur;
- rsa_public_key pub=new rsa_public_key(ROM.FFLEN);
- rsa_private_key priv=new rsa_private_key(ROM.HFLEN);
- byte[] P=new byte[RSA.RFS];
- byte[] M=new byte[RSA.RFS];
- byte[] C=new byte[RSA.RFS];
-
-
- rng.clean();
- for (i=0;i<100;i++) RAW[i]=(byte)(i);
-
- rng.seed(100,RAW);
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- {
- System.out.print("Weierstrass parameterization\n");
- }
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- System.out.print("Edwards parameterization\n");
- }
- if (ROM.CURVETYPE==ROM.MONTGOMERY)
- {
- System.out.print("Montgomery parameterization\n");
- }
-
- if (ROM.MODTYPE==ROM.PSEUDO_MERSENNE)
- {
- System.out.print("Pseudo-Mersenne Modulus\n");
- }
- if (ROM.MODTYPE==ROM.MONTGOMERY_FRIENDLY)
- {
- System.out.print("Montgomery friendly Modulus\n");
- }
- if (ROM.MODTYPE==ROM.GENERALISED_MERSENNE)
- {
- System.out.print("Generalised-Mersenne Modulus\n");
- }
- if (ROM.MODTYPE==ROM.NOT_SPECIAL)
- {
- System.out.print("Not special Modulus\n");
- }
-
- System.out.format("Modulus size %d bits\n",ROM.MODBITS);
- System.out.format("%d bit build\n",ROM.CHUNK);
- BIG r,gx,gy,s,wx,wy;
- ECP G,WP;
-
- gx=new BIG(ROM.CURVE_Gx);
- if (ROM.CURVETYPE!=ROM.MONTGOMERY)
- {
- gy=new BIG(ROM.CURVE_Gy);
- G=new ECP(gx,gy);
- }
- else
- G=new ECP(gx);
-
- r=new BIG(ROM.CURVE_Order);
- s=BIG.randomnum(r,rng);
-
- WP=G.mul(r);
- if (!WP.is_infinity())
- {
- System.out.print("FAILURE - rG!=O\n");
- return;
- }
-
- start = System.currentTimeMillis();
- iterations=0;
- do {
- WP=G.mul(s);
- iterations++;
- elapsed=(System.currentTimeMillis()-start);
- } while (elapsed<MIN_TIME*1000 || iterations<MIN_ITERS);
- dur=(double)elapsed/iterations;
- System.out.format("EC mul - %8d iterations ",iterations);
- System.out.format(" %8.2f ms per iteration\n",dur);
-
-
- System.out.format("Generating %d-bit RSA public/private key pair\n",ROM.FFLEN*ROM.BIGBITS);
-
- iterations=0;
- start=System.currentTimeMillis();
- do {
- RSA.KEY_PAIR(rng,65537,priv,pub);
- iterations++;
- elapsed=(System.currentTimeMillis()-start);
- } while (elapsed<MIN_TIME*1000 || iterations<MIN_ITERS);
- dur=(double)elapsed/iterations;
- System.out.format("RSA gen - %8d iterations ",iterations);
- System.out.format(" %8.2f ms per iteration\n",dur);
-
- for (i=0;i<RSA.RFS;i++) M[i]=(byte)(i%128);
-
- iterations=0;
- start=System.currentTimeMillis();
- do {
- RSA.ENCRYPT(pub,M,C);
- iterations++;
- elapsed=(System.currentTimeMillis()-start);
- } while (elapsed<MIN_TIME*1000 || iterations<MIN_ITERS);
- dur=(double)elapsed/iterations;
- System.out.format("RSA enc - %8d iterations ",iterations);
- System.out.format(" %8.2f ms per iteration\n",dur);
-
- iterations=0;
- start=System.currentTimeMillis();
- do {
- RSA.DECRYPT(priv,C,P);
- iterations++;
- elapsed=(System.currentTimeMillis()-start);
- } while (elapsed<MIN_TIME*1000 || iterations<MIN_ITERS);
- dur=(double)elapsed/iterations;
- System.out.format("RSA dec - %8d iterations ",iterations);
- System.out.format(" %8.2f ms per iteration\n",dur);
-
- for (i=0;i<RSA.RFS;i++)
- {
- if (P[i]!=M[i])
- {
- System.out.print("FAILURE - RSA decryption\n");
- return;
- }
- }
-
- System.out.print("All tests pass\n");
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/java/BenchtestPAIR.java
----------------------------------------------------------------------
diff --git a/version22/java/BenchtestPAIR.java b/version22/java/BenchtestPAIR.java
deleted file mode 100644
index 6958643..0000000
--- a/version22/java/BenchtestPAIR.java
+++ /dev/null
@@ -1,208 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Test and benchmark pairing functions */
-
-public class BenchtestPAIR
-{
- public static final int MIN_TIME=10; /* seconds */
- public static final int MIN_ITERS=10;
-
- public static void main(String[] args)
- {
- int i,iterations;
- long start,elapsed;
- byte[] RAW=new byte[100];
- RAND rng=new RAND();
- double dur;
-
- rng.clean();
- for (i=0;i<100;i++) RAW[i]=(byte)(i);
- rng.seed(100,RAW);
-
- if (ROM.CURVE_PAIRING_TYPE==ROM.BN_CURVE)
- {
- System.out.print("BN Pairing-Friendly Curve\n");
- }
- if (ROM.CURVE_PAIRING_TYPE==ROM.BLS_CURVE)
- {
- System.out.print("BLS Pairing-Friendly Curve\n");
- }
-
- System.out.format("Modulus size %d bits\n",ROM.MODBITS);
- System.out.format("%d bit build\n",ROM.CHUNK);
-
- ECP G=new ECP(new BIG(ROM.CURVE_Gx),new BIG(ROM.CURVE_Gy));
-
- BIG r=new BIG(ROM.CURVE_Order);
- BIG s=BIG.randomnum(r,rng);
-
- ECP P=PAIR.G1mul(G,r);
-
- if (!P.is_infinity())
- {
- System.out.print("FAILURE - rP!=O\n");
- return;
- }
-
- iterations=0;
- start=System.currentTimeMillis();
- do {
- P=PAIR.G1mul(G,s);
- iterations++;
- elapsed=(System.currentTimeMillis()-start);
- } while (elapsed<MIN_TIME*1000 || iterations<MIN_ITERS);
- dur=(double)elapsed/iterations;
- System.out.format("G1 mul - %8d iterations ",iterations);
- System.out.format(" %8.2f ms per iteration\n",dur);
-
- ECP2 Q=new ECP2(new FP2(new BIG(ROM.CURVE_Pxa),new BIG(ROM.CURVE_Pxb)),new FP2(new BIG(ROM.CURVE_Pya),new BIG(ROM.CURVE_Pyb)));
- ECP2 W=PAIR.G2mul(Q,r);
-
- if (!W.is_infinity())
- {
- System.out.print("FAILURE - rQ!=O\n");
- return;
- }
-
- iterations=0;
- start=System.currentTimeMillis();
- do {
- W=PAIR.G2mul(Q,s);
- iterations++;
- elapsed=(System.currentTimeMillis()-start);
- } while (elapsed<MIN_TIME*1000 || iterations<MIN_ITERS);
- dur=(double)elapsed/iterations;
- System.out.format("G2 mul - %8d iterations ",iterations);
- System.out.format(" %8.2f ms per iteration\n",dur);
-
- FP12 w=PAIR.ate(Q,P);
- w=PAIR.fexp(w);
-
- FP12 g=PAIR.GTpow(w,r);
-
- if (!g.isunity())
- {
- System.out.print("FAILURE - g^r!=1\n");
- return;
- }
-
- iterations=0;
- start=System.currentTimeMillis();
- do {
- g=PAIR.GTpow(w,s);
- iterations++;
- elapsed=(System.currentTimeMillis()-start);
- } while (elapsed<MIN_TIME*1000 || iterations<MIN_ITERS);
- dur=(double)elapsed/iterations;
- System.out.format("GT pow - %8d iterations ",iterations);
- System.out.format(" %8.2f ms per iteration\n",dur);
-
- FP2 f=new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb));
- BIG q=new BIG(ROM.Modulus);
-
- BIG m=new BIG(q);
- m.mod(r);
-
- BIG a=new BIG(s);
- a.mod(m);
-
- BIG b=new BIG(s);
- b.div(m);
-
- g.copy(w);
- FP4 c=g.trace();
-
- g.frob(f);
- FP4 cp=g.trace();
-
- w.conj();
- g.mul(w);
- FP4 cpm1=g.trace();
- g.mul(w);
- FP4 cpm2=g.trace();
- FP4 cr;
-
- iterations=0;
- start=System.currentTimeMillis();
- do {
- cr=c.xtr_pow2(cp,cpm1,cpm2,a,b);
- iterations++;
- elapsed=(System.currentTimeMillis()-start);
- } while (elapsed<MIN_TIME*1000 || iterations<MIN_ITERS);
- dur=(double)elapsed/iterations;
- System.out.format("GT pow (compressed) - %8d iterations ",iterations);
- System.out.format(" %8.2f ms per iteration\n",dur);
-
- iterations=0;
- start=System.currentTimeMillis();
- do {
- w=PAIR.ate(Q,P);
- iterations++;
- elapsed=(System.currentTimeMillis()-start);
- } while (elapsed<MIN_TIME*1000 || iterations<MIN_ITERS);
- dur=(double)elapsed/iterations;
- System.out.format("PAIRing ATE - %8d iterations ",iterations);
- System.out.format(" %8.2f ms per iteration\n",dur);
-
- iterations=0;
- start=System.currentTimeMillis();
- do {
- g=PAIR.fexp(w);
- iterations++;
- elapsed=(System.currentTimeMillis()-start);
- } while (elapsed<MIN_TIME*1000 || iterations<MIN_ITERS);
- dur=(double)elapsed/iterations;
- System.out.format("PAIRing FEXP - %8d iterations ",iterations);
- System.out.format(" %8.2f ms per iteration\n",dur);
-
- P.copy(G);
- Q.copy(W);
-
- P=PAIR.G1mul(P,s);
-
- g=PAIR.ate(Q,P);
- g=PAIR.fexp(g);
-
- P.copy(G);
- Q=PAIR.G2mul(Q,s);
-
- w=PAIR.ate(Q,P);
- w=PAIR.fexp(w);
-
- if (!g.equals(w))
- {
- System.out.print("FAILURE - e(sQ,p)!=e(Q,sP) \n");
- return;
- }
-
- Q.copy(W);
- g=PAIR.ate(Q,P);
- g=PAIR.fexp(g);
- g=PAIR.GTpow(g,s);
-
- if (!g.equals(w))
- {
- System.out.print("FAILURE - e(sQ,p)!=e(Q,P)^s \n");
- return;
- }
-
- System.out.print("All tests pass\n");
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/java/DBIG32.java
----------------------------------------------------------------------
diff --git a/version22/java/DBIG32.java b/version22/java/DBIG32.java
deleted file mode 100644
index 892fcd1..0000000
--- a/version22/java/DBIG32.java
+++ /dev/null
@@ -1,308 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL double length DBIG number class */
-
-public class DBIG {
- protected int[] w=new int[ROM.DNLEN];
-
-/* normalise this */
- public void norm() {
- int d,carry=0;
- for (int i=0;i<ROM.DNLEN-1;i++)
- {
- d=w[i]+carry;
- carry=d>>ROM.BASEBITS;
- w[i]=d&ROM.BMASK;
- }
- w[ROM.DNLEN-1]=(w[ROM.DNLEN-1]+carry);
- }
-
-
-/*
- public String toRawString()
- {
- DBIG b=new DBIG(this);
- String s="(";
- for (int i=0;i<ROM.DNLEN-1;i++)
- {
- s+=Integer.toHexString(b.w[i]); s+=",";
- }
- s+=Integer.toHexString(b.w[ROM.DNLEN-1]); s+=")";
- return s;
- }
-*/
-
-
-/****************************************************************************/
-
-
-/* return number of bits in this */
- public int nbits() {
- int bts,k=ROM.DNLEN-1;
- long c;
- norm();
- while (w[k]==0 && k>=0) k--;
- if (k<0) return 0;
- bts=ROM.BASEBITS*k;
- c=w[k];
- while (c!=0) {c/=2; bts++;}
- return bts;
- }
-
-/* convert this to string */
- public String toString() {
- DBIG b;
- String s="";
- int len=nbits();
- if (len%4==0) len>>=2; //len/=4;
- else {len>>=2; len++;}
-
- for (int i=len-1;i>=0;i--)
- {
- b=new DBIG(this);
- b.shr(i*4);
- s+=Integer.toHexString((int)(b.w[0]&15));
- }
- return s;
- }
-
- public void cmove(DBIG g,int d)
- {
- int i;
- // int b=-d;
-
- for (i=0;i<ROM.DNLEN;i++)
- {
- w[i]^=(w[i]^g.w[i])&BIG.cast_to_chunk(-d);
- }
- }
-
-/* Constructors */
- public DBIG(int x)
- {
- w[0]=x;
- for (int i=1;i<ROM.DNLEN;i++)
- w[i]=0;
- }
-
- public DBIG(DBIG x)
- {
- for (int i=0;i<ROM.DNLEN;i++)
- w[i]=x.w[i];
- }
-
- public DBIG(BIG x)
- {
- for (int i=0;i<ROM.NLEN-1;i++)
- w[i]=x.w[i];//get(i);
-
- w[ROM.NLEN-1]=x.w[(ROM.NLEN-1)]&ROM.BMASK; /* top word normalized */
- w[ROM.NLEN]=(x.w[(ROM.NLEN-1)]>>ROM.BASEBITS);
-
- for (int i=ROM.NLEN+1;i<ROM.DNLEN;i++) w[i]=0;
- }
-
-/* split DBIG at position n, return higher half, keep lower half */
- public BIG split(int n)
- {
- BIG t=new BIG(0);
- int nw,m=n%ROM.BASEBITS;
- int carry=w[ROM.DNLEN-1]<<(ROM.BASEBITS-m);
-
- for (int i=ROM.DNLEN-2;i>=ROM.NLEN-1;i--)
- {
- nw=(w[i]>>m)|carry;
- carry=(w[i]<<(ROM.BASEBITS-m))&ROM.BMASK;
- t.w[i-ROM.NLEN+1]=nw;
- // t.set(i-ROM.NLEN+1,nw);
- }
- w[ROM.NLEN-1]&=(((int)1<<m)-1);
- return t;
- }
-
-/* Copy from another DBIG */
- public void copy(DBIG x)
- {
- for (int i=0;i<ROM.DNLEN;i++)
- w[i]=x.w[i];
- }
-
-/* test this=0? */
- public boolean iszilch() {
- for (int i=0;i<ROM.DNLEN;i++)
- if (w[i]!=0) return false;
- return true;
- }
-
-/* shift this right by k bits */
- public void shr(int k) {
- int n=k%ROM.BASEBITS;
- int m=k/ROM.BASEBITS;
- for (int i=0;i<ROM.DNLEN-m-1;i++)
- w[i]=(w[m+i]>>n)|((w[m+i+1]<<(ROM.BASEBITS-n))&ROM.BMASK);
- w[ROM.DNLEN-m-1]=w[ROM.DNLEN-1]>>n;
- for (int i=ROM.DNLEN-m;i<ROM.DNLEN;i++) w[i]=0;
- }
-
-/* shift this left by k bits */
- public void shl(int k) {
- int n=k%ROM.BASEBITS;
- int m=k/ROM.BASEBITS;
-
- w[ROM.DNLEN-1]=((w[ROM.DNLEN-1-m]<<n))|(w[ROM.DNLEN-m-2]>>(ROM.BASEBITS-n));
- for (int i=ROM.DNLEN-2;i>m;i--)
- w[i]=((w[i-m]<<n)&ROM.BMASK)|(w[i-m-1]>>(ROM.BASEBITS-n));
- w[m]=(w[0]<<n)&ROM.BMASK;
- for (int i=0;i<m;i++) w[i]=0;
- }
-
-/* this+=x */
- public void add(DBIG x) {
- for (int i=0;i<ROM.DNLEN;i++)
- w[i]+=x.w[i];
- }
-
-/* this-=x */
- public void sub(DBIG x) {
- for (int i=0;i<ROM.DNLEN;i++)
- w[i]-=x.w[i];
- }
-
-/* Compare a and b, return 0 if a==b, -1 if a<b, +1 if a>b. Inputs must be normalised */
- public static int comp(DBIG a,DBIG b)
- {
- for (int i=ROM.DNLEN-1;i>=0;i--)
- {
- if (a.w[i]==b.w[i]) continue;
- if (a.w[i]>b.w[i]) return 1;
- else return -1;
- }
- return 0;
- }
-
-/* reduces this DBIG mod a BIG, and returns the BIG */
- public BIG mod(BIG c)
- {
- int k=0;
- norm();
- DBIG m=new DBIG(c);
- DBIG r=new DBIG(0);
-
- if (comp(this,m)<0) return new BIG(this);
-
- do
- {
- m.shl(1);
- k++;
- }
- while (comp(this,m)>=0);
-
- while (k>0)
- {
- m.shr(1);
-
- r.copy(this);
- r.sub(m);
- r.norm();
- cmove(r,(int)(1-((r.w[ROM.DNLEN-1]>>(ROM.CHUNK-1))&1)));
-/*
- if (comp(this,m)>=0)
- {
- sub(m);
- norm();
- }
-*/
- k--;
- }
- return new BIG(this);
- }
-
-/* reduces this DBIG mod a DBIG in place */
-/* public void mod(DBIG m)
- {
- int k=0;
- if (comp(this,m)<0) return;
-
- do
- {
- m.shl(1);
- k++;
- }
- while (comp(this,m)>=0);
-
- while (k>0)
- {
- m.shr(1);
- if (comp(this,m)>=0)
- {
- sub(m);
- norm();
- }
- k--;
- }
- return;
-
- }*/
-
-/* return this/c */
- public BIG div(BIG c)
- {
- int d,k=0;
- DBIG m=new DBIG(c);
- DBIG dr=new DBIG(0);
- BIG r=new BIG(0);
- BIG a=new BIG(0);
- BIG e=new BIG(1);
- norm();
-
- while (comp(this,m)>=0)
- {
- e.fshl(1);
- m.shl(1);
- k++;
- }
-
- while (k>0)
- {
- m.shr(1);
- e.shr(1);
-
- dr.copy(this);
- dr.sub(m);
- dr.norm();
- d=(int)(1-((dr.w[ROM.DNLEN-1]>>(ROM.CHUNK-1))&1));
- cmove(dr,d);
- r.copy(a);
- r.add(e);
- r.norm();
- a.cmove(r,d);
-/*
- if (comp(this,m)>0)
- {
- a.add(e);
- a.norm();
- sub(m);
- norm();
- } */
- k--;
- }
- return a;
- }
-}
[36/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/java/DBIG64.java
----------------------------------------------------------------------
diff --git a/version22/java/DBIG64.java b/version22/java/DBIG64.java
deleted file mode 100644
index 4596077..0000000
--- a/version22/java/DBIG64.java
+++ /dev/null
@@ -1,306 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL double length DBIG number class */
-
-public class DBIG {
- protected long[] w=new long[ROM.DNLEN];
-
-/* normalise this */
- public void norm() {
- long d,carry=0;
- for (int i=0;i<ROM.DNLEN-1;i++)
- {
- d=w[i]+carry;
- carry=d>>ROM.BASEBITS;
- w[i]=d&ROM.BMASK;
- }
- w[ROM.DNLEN-1]=(w[ROM.DNLEN-1]+carry);
- }
-
-
-/*
- public String toRawString()
- {
- DBIG b=new DBIG(this);
- String s="(";
- for (int i=0;i<ROM.DNLEN-1;i++)
- {
- s+=Long.toHexString(b.w[i]); s+=",";
- }
- s+=Long.toHexString(b.w[ROM.DNLEN-1]); s+=")";
- return s;
- }
-*/
-
-/****************************************************************************/
-
-/* return number of bits in this */
- public int nbits() {
- int bts,k=ROM.DNLEN-1;
- long c;
- norm();
- while (w[k]==0 && k>=0) k--;
- if (k<0) return 0;
- bts=ROM.BASEBITS*k;
- c=w[k];
- while (c!=0) {c/=2; bts++;}
- return bts;
- }
-
-/* convert this to string */
- public String toString() {
- DBIG b;
- String s="";
- int len=nbits();
- if (len%4==0) len>>=2; //len/=4;
- else {len>>=2; len++;}
-
- for (int i=len-1;i>=0;i--)
- {
- b=new DBIG(this);
- b.shr(i*4);
- s+=Integer.toHexString((int)(b.w[0]&15));
- }
- return s;
- }
-
- public void cmove(DBIG g,int d)
- {
- int i;
- //long b=-d;
-
- for (i=0;i<ROM.DNLEN;i++)
- {
- w[i]^=(w[i]^g.w[i])&BIG.cast_to_chunk(-d);
- }
- }
-
-/* Constructors */
- public DBIG(int x)
- {
- w[0]=x;
- for (int i=1;i<ROM.DNLEN;i++)
- w[i]=0;
- }
-
- public DBIG(DBIG x)
- {
- for (int i=0;i<ROM.DNLEN;i++)
- w[i]=x.w[i];
- }
-
- public DBIG(BIG x)
- {
- for (int i=0;i<ROM.NLEN-1;i++)
- w[i]=x.w[i]; //get(i);
-
- w[ROM.NLEN-1]=x.w[(ROM.NLEN-1)]&ROM.BMASK; /* top word normalized */
- w[ROM.NLEN]=(x.w[(ROM.NLEN-1)]>>ROM.BASEBITS);
-
- for (int i=ROM.NLEN+1;i<ROM.DNLEN;i++) w[i]=0;
- }
-
-/* split DBIG at position n, return higher half, keep lower half */
- public BIG split(int n)
- {
- BIG t=new BIG(0);
- int m=n%ROM.BASEBITS;
- long nw,carry=w[ROM.DNLEN-1]<<(ROM.BASEBITS-m);
-
- for (int i=ROM.DNLEN-2;i>=ROM.NLEN-1;i--)
- {
- nw=(w[i]>>m)|carry;
- carry=(w[i]<<(ROM.BASEBITS-m))&ROM.BMASK;
- t.w[i-ROM.NLEN+1]=nw;
- //t.set(i-ROM.NLEN+1,nw);
- }
- w[ROM.NLEN-1]&=(((long)1<<m)-1);
- return t;
- }
-
-/* Copy from another DBIG */
- public void copy(DBIG x)
- {
- for (int i=0;i<ROM.DNLEN;i++)
- w[i]=x.w[i];
- }
-
-/* test this=0? */
- public boolean iszilch() {
- for (int i=0;i<ROM.DNLEN;i++)
- if (w[i]!=0) return false;
- return true;
- }
-
-/* shift this right by k bits */
- public void shr(int k) {
- int n=k%ROM.BASEBITS;
- int m=k/ROM.BASEBITS;
- for (int i=0;i<ROM.DNLEN-m-1;i++)
- w[i]=(w[m+i]>>n)|((w[m+i+1]<<(ROM.BASEBITS-n))&ROM.BMASK);
- w[ROM.DNLEN-m-1]=w[ROM.DNLEN-1]>>n;
- for (int i=ROM.DNLEN-m;i<ROM.DNLEN;i++) w[i]=0;
- }
-
-/* shift this left by k bits */
- public void shl(int k) {
- int n=k%ROM.BASEBITS;
- int m=k/ROM.BASEBITS;
-
- w[ROM.DNLEN-1]=((w[ROM.DNLEN-1-m]<<n))|(w[ROM.DNLEN-m-2]>>(ROM.BASEBITS-n));
- for (int i=ROM.DNLEN-2;i>m;i--)
- w[i]=((w[i-m]<<n)&ROM.BMASK)|(w[i-m-1]>>(ROM.BASEBITS-n));
- w[m]=(w[0]<<n)&ROM.BMASK;
- for (int i=0;i<m;i++) w[i]=0;
- }
-
-/* this+=x */
- public void add(DBIG x) {
- for (int i=0;i<ROM.DNLEN;i++)
- w[i]+=x.w[i];
- }
-
-/* this-=x */
- public void sub(DBIG x) {
- for (int i=0;i<ROM.DNLEN;i++)
- w[i]-=x.w[i];
- }
-
-/* Compare a and b, return 0 if a==b, -1 if a<b, +1 if a>b. Inputs must be normalised */
- public static int comp(DBIG a,DBIG b)
- {
- for (int i=ROM.DNLEN-1;i>=0;i--)
- {
- if (a.w[i]==b.w[i]) continue;
- if (a.w[i]>b.w[i]) return 1;
- else return -1;
- }
- return 0;
- }
-
-/* reduces this DBIG mod a BIG, and returns the BIG */
- public BIG mod(BIG c)
- {
- int k=0;
- norm();
- DBIG m=new DBIG(c);
- DBIG r=new DBIG(0);
-
- if (comp(this,m)<0) return new BIG(this);
-
- do
- {
- m.shl(1);
- k++;
- }
- while (comp(this,m)>=0);
-
- while (k>0)
- {
- m.shr(1);
-
- r.copy(this);
- r.sub(m);
- r.norm();
- cmove(r,(int)(1-((r.w[ROM.DNLEN-1]>>(ROM.CHUNK-1))&1)));
-/*
- if (comp(this,m)>=0)
- {
- sub(m);
- norm();
- }
-*/
- k--;
- }
- return new BIG(this);
- }
-
-/* reduces this DBIG mod a DBIG in place */
-/* public void mod(DBIG m)
- {
- int k=0;
- if (comp(this,m)<0) return;
-
- do
- {
- m.shl(1);
- k++;
- }
- while (comp(this,m)>=0);
-
- while (k>0)
- {
- m.shr(1);
- if (comp(this,m)>=0)
- {
- sub(m);
- norm();
- }
- k--;
- }
- return;
-
- }*/
-
-/* return this/c */
- public BIG div(BIG c)
- {
- int d,k=0;
- DBIG m=new DBIG(c);
- DBIG dr=new DBIG(0);
- BIG r=new BIG(0);
- BIG a=new BIG(0);
- BIG e=new BIG(1);
- norm();
-
- while (comp(this,m)>=0)
- {
- e.fshl(1);
- m.shl(1);
- k++;
- }
-
- while (k>0)
- {
- m.shr(1);
- e.shr(1);
-
- dr.copy(this);
- dr.sub(m);
- dr.norm();
- d=(int)(1-((dr.w[ROM.DNLEN-1]>>(ROM.CHUNK-1))&1));
- cmove(dr,d);
- r.copy(a);
- r.add(e);
- r.norm();
- a.cmove(r,d);
-/*
- if (comp(this,m)>0)
- {
- a.add(e);
- a.norm();
- sub(m);
- norm();
- } */
- k--;
- }
- return a;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/java/ECDH.java
----------------------------------------------------------------------
diff --git a/version22/java/ECDH.java b/version22/java/ECDH.java
deleted file mode 100644
index 12b7589..0000000
--- a/version22/java/ECDH.java
+++ /dev/null
@@ -1,581 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Elliptic Curve API high-level functions */
-
-public final class ECDH {
- public static final int INVALID_PUBLIC_KEY=-2;
- public static final int ERROR=-3;
- public static final int INVALID=-4;
- public static final int EFS=ROM.MODBYTES;
- public static final int EGS=ROM.MODBYTES;
- public static final int EAS=16;
- public static final int EBS=16;
- public static final int SHA256=32;
- public static final int SHA384=48;
- public static final int SHA512=64;
-
- public static final int HASH_TYPE=SHA512;
-
-/* Convert Integer to n-byte array */
- private static byte[] inttoBytes(int n,int len)
- {
- int i;
- byte[] b=new byte[len];
-
- for (i=0;i<len;i++) b[i]=0;
- i=len;
- while (n>0 && i>0)
- {
- i--;
- b[i]=(byte)(n&0xff);
- n/=256;
- }
- return b;
- }
-
- private static byte[] hashit(int sha,byte[] A,int n,byte[] B,int pad)
- {
- byte[] R=null;
-
- if (sha==SHA256)
- {
- HASH256 H=new HASH256();
- H.process_array(A); if (n>0) H.process_num(n);
- if (B!=null) H.process_array(B);
- R=H.hash();
- }
- if (sha==SHA384)
- {
- HASH384 H=new HASH384();
- H.process_array(A); if (n>0) H.process_num(n);
- if (B!=null) H.process_array(B);
- R=H.hash();
- }
- if (sha==SHA512)
- {
- HASH512 H=new HASH512();
- H.process_array(A); if (n>0) H.process_num(n);
- if (B!=null) H.process_array(B);
- R=H.hash();
- }
- if (R==null) return null;
-
- if (pad==0) return R;
-/* If pad>0 output is truncated or padded to pad bytes */
- byte[] W=new byte[pad];
- if (pad<=sha)
- {
- for (int i=0;i<pad;i++) W[i]=R[i];
- }
- else
- {
- for (int i=0;i<sha;i++) W[i]=R[i];
- for (int i=sha;i<pad;i++) W[i]=0;
- }
- return W;
- }
-
-/* Key Derivation Functions */
-/* Input octet Z */
-/* Output key of length olen */
- public static byte[] KDF1(int sha,byte[] Z,int olen)
- {
-/* NOTE: the parameter olen is the length of the output K in bytes */
- int hlen=sha;
- byte[] K=new byte[olen];
- byte[] B;
- int counter,cthreshold,k=0;
-
- for (int i=0;i<K.length;i++) K[i]=0;
-
- cthreshold=olen/hlen; if (olen%hlen!=0) cthreshold++;
-
- for (counter=0;counter<cthreshold;counter++)
- {
- B=hashit(sha,Z,counter,null,0);
- if (k+hlen>olen) for (int i=0;i<olen%hlen;i++) K[k++]=B[i];
- else for (int i=0;i<hlen;i++) K[k++]=B[i];
- }
- return K;
- }
-
- public static byte[] KDF2(int sha,byte[] Z,byte[] P,int olen)
- {
-/* NOTE: the parameter olen is the length of the output k in bytes */
- int hlen=sha;
- byte[] K=new byte[olen];
- byte[] B;
- int counter,cthreshold,k=0;
-
- for (int i=0;i<K.length;i++) K[i]=0;
-
- cthreshold=olen/hlen; if (olen%hlen!=0) cthreshold++;
-
- for (counter=1;counter<=cthreshold;counter++)
- {
- B=hashit(sha,Z,counter,P,0);
- if (k+hlen>olen) for (int i=0;i<olen%hlen;i++) K[k++]=B[i];
- else for (int i=0;i<hlen;i++) K[k++]=B[i];
- }
-
- return K;
- }
-
-/* Password based Key Derivation Function */
-/* Input password p, salt s, and repeat count */
-/* Output key of length olen */
- public static byte[] PBKDF2(int sha,byte[] Pass,byte[] Salt,int rep,int olen)
- {
- int i,j,k,len,d,opt;
- d=olen/sha; if (olen%sha!=0) d++;
- byte[] F=new byte[sha];
- byte[] U=new byte[sha];
- byte[] S=new byte[Salt.length+4];
-
- byte[] K=new byte[d*sha];
- opt=0;
-
- for (i=1;i<=d;i++)
- {
- for (j=0;j<Salt.length;j++) S[j]=Salt[j];
- byte[] N=inttoBytes(i,4);
- for (j=0;j<4;j++) S[Salt.length+j]=N[j];
-
- HMAC(sha,S,Pass,F);
-
- for (j=0;j<sha;j++) U[j]=F[j];
- for (j=2;j<=rep;j++)
- {
- HMAC(sha,U,Pass,U);
- for (k=0;k<sha;k++) F[k]^=U[k];
- }
- for (j=0;j<sha;j++) K[opt++]=F[j];
- }
- byte[] key=new byte[olen];
- for (i=0;i<olen;i++) key[i]=K[i];
- return key;
- }
-
-/* Calculate HMAC of m using key k. HMAC is tag of length olen */
- public static int HMAC(int sha,byte[] M,byte[] K,byte[] tag)
- {
- /* Input is from an octet m *
- * olen is requested output length in bytes. k is the key *
- * The output is the calculated tag */
- int b=64;
- if (sha>32) b=128;
- byte[] B;
- byte[] K0=new byte[b];
- int olen=tag.length;
-
- //b=K0.length;
- if (olen<4 /*|| olen>sha*/) return 0;
-
- for (int i=0;i<b;i++) K0[i]=0;
-
- if (K.length > b)
- {
- B=hashit(sha,K,0,null,0);
- for (int i=0;i<sha;i++) K0[i]=B[i];
- }
- else
- for (int i=0;i<K.length;i++ ) K0[i]=K[i];
-
- for (int i=0;i<b;i++) K0[i]^=0x36;
- B=hashit(sha,K0,0,M,0);
-
- for (int i=0;i<b;i++) K0[i]^=0x6a;
- B=hashit(sha,K0,0,B,olen);
-
- for (int i=0;i<olen;i++) tag[i]=B[i];
-
- return 1;
- }
-
-/* AES encryption/decryption. Encrypt byte array M using key K and returns ciphertext */
- public static byte[] AES_CBC_IV0_ENCRYPT(byte[] K,byte[] M)
- { /* AES CBC encryption, with Null IV and key K */
- /* Input is from an octet string M, output is to an octet string C */
- /* Input is padded as necessary to make up a full final block */
- AES a=new AES();
- boolean fin;
- int i,j,ipt,opt;
- byte[] buff=new byte[16];
- int clen=16+(M.length/16)*16;
-
- byte[] C=new byte[clen];
- int padlen;
-
- a.init(AES.CBC,K.length,K,null);
-
- ipt=opt=0;
- fin=false;
- for(;;)
- {
- for (i=0;i<16;i++)
- {
- if (ipt<M.length) buff[i]=M[ipt++];
- else {fin=true; break;}
- }
- if (fin) break;
- a.encrypt(buff);
- for (i=0;i<16;i++)
- C[opt++]=buff[i];
- }
-
-/* last block, filled up to i-th index */
-
- padlen=16-i;
- for (j=i;j<16;j++) buff[j]=(byte)padlen;
-
- a.encrypt(buff);
-
- for (i=0;i<16;i++)
- C[opt++]=buff[i];
- a.end();
- return C;
- }
-
-/* returns plaintext if all consistent, else returns null string */
- public static byte[] AES_CBC_IV0_DECRYPT(byte[] K,byte[] C)
- { /* padding is removed */
- AES a=new AES();
- int i,ipt,opt,ch;
- byte[] buff=new byte[16];
- byte[] MM=new byte[C.length];
- boolean fin,bad;
- int padlen;
- ipt=opt=0;
-
- a.init(AES.CBC,K.length,K,null);
-
- if (C.length==0) return new byte[0];
- ch=C[ipt++];
-
- fin=false;
-
- for(;;)
- {
- for (i=0;i<16;i++)
- {
- buff[i]=(byte)ch;
- if (ipt>=C.length) {fin=true; break;}
- else ch=C[ipt++];
- }
- a.decrypt(buff);
- if (fin) break;
- for (i=0;i<16;i++)
- MM[opt++]=buff[i];
- }
-
- a.end();
- bad=false;
- padlen=buff[15];
- if (i!=15 || padlen<1 || padlen>16) bad=true;
- if (padlen>=2 && padlen<=16)
- for (i=16-padlen;i<16;i++) if (buff[i]!=padlen) bad=true;
-
- if (!bad) for (i=0;i<16-padlen;i++)
- MM[opt++]=buff[i];
-
- if (bad) return new byte[0];
-
- byte[] M=new byte[opt];
- for (i=0;i<opt;i++) M[i]=MM[i];
-
- return M;
- }
-
-/* Calculate a public/private EC GF(p) key pair W,S where W=S.G mod EC(p),
- * where S is the secret key and W is the public key
- * and G is fixed generator.
- * If RNG is NULL then the private key is provided externally in S
- * otherwise it is generated randomly internally */
- public static int KEY_PAIR_GENERATE(RAND RNG,byte[] S,byte[] W)
- {
- BIG r,gx,gy,s,wx,wy;
- ECP G,WP;
- int res=0;
- // byte[] T=new byte[EFS];
-
- gx=new BIG(ROM.CURVE_Gx);
-
- if (ROM.CURVETYPE!=ROM.MONTGOMERY)
- {
- gy=new BIG(ROM.CURVE_Gy);
- G=new ECP(gx,gy);
- }
- else
- G=new ECP(gx);
-
- r=new BIG(ROM.CURVE_Order);
-
- if (RNG==null)
- {
- s=BIG.fromBytes(S);
- s.mod(r);
- }
- else
- {
- s=BIG.randomnum(r,RNG);
- }
-
- if (ROM.AES_S>0)
- {
- s.mod2m(2*ROM.AES_S);
- }
- s.toBytes(S);
-
- WP=G.mul(s);
- WP.toBytes(W);
-
- return res;
- }
-
-/* validate public key. Set full=true for fuller check */
- public static int PUBLIC_KEY_VALIDATE(boolean full,byte[] W)
- {
- BIG r;
- ECP WP=ECP.fromBytes(W);
- int res=0;
-
- r=new BIG(ROM.CURVE_Order);
-
- if (WP.is_infinity()) res=INVALID_PUBLIC_KEY;
-
- if (res==0 && full)
- {
- WP=WP.mul(r);
- if (!WP.is_infinity()) res=INVALID_PUBLIC_KEY;
- }
- return res;
- }
-
-/* IEEE-1363 Diffie-Hellman online calculation Z=S.WD */
- public static int ECPSVDP_DH(byte[] S,byte[] WD,byte[] Z)
- {
- BIG r,s,wx,wy,z;
- int valid;
- ECP W;
- int res=0;
- byte[] T=new byte[EFS];
-
- s=BIG.fromBytes(S);
-
- W=ECP.fromBytes(WD);
- if (W.is_infinity()) res=ERROR;
-
- if (res==0)
- {
- r=new BIG(ROM.CURVE_Order);
- s.mod(r);
-
- W=W.mul(s);
- if (W.is_infinity()) res=ERROR;
- else
- {
- W.getX().toBytes(T);
- for (int i=0;i<EFS;i++) Z[i]=T[i];
- }
- }
- return res;
- }
-
-/* IEEE ECDSA Signature, C and D are signature on F using private key S */
- public static int ECPSP_DSA(int sha,RAND RNG,byte[] S,byte[] F,byte[] C,byte[] D)
- {
- byte[] T=new byte[EFS];
- BIG gx,gy,r,s,f,c,d,u,vx,w;
- ECP G,V;
- byte[] B=hashit(sha,F,0,null,ROM.MODBYTES);
-
- gx=new BIG(ROM.CURVE_Gx);
- gy=new BIG(ROM.CURVE_Gy);
-
- G=new ECP(gx,gy);
- r=new BIG(ROM.CURVE_Order);
-
- s=BIG.fromBytes(S);
- f=BIG.fromBytes(B);
-
- c=new BIG(0);
- d=new BIG(0);
- V=new ECP();
-
- do {
- u=BIG.randomnum(r,RNG);
- w=BIG.randomnum(r,RNG);
- if (ROM.AES_S>0)
- {
- u.mod2m(2*ROM.AES_S);
- }
- V.copy(G);
- V=V.mul(u);
- vx=V.getX();
- c.copy(vx);
- c.mod(r);
- if (c.iszilch()) continue;
-
- u.copy(BIG.modmul(u,w,r));
-
- u.invmodp(r);
- d.copy(BIG.modmul(s,c,r));
- d.add(f);
-
- d.copy(BIG.modmul(d,w,r));
-
- d.copy(BIG.modmul(u,d,r));
- } while (d.iszilch());
-
- c.toBytes(T);
- for (int i=0;i<EFS;i++) C[i]=T[i];
- d.toBytes(T);
- for (int i=0;i<EFS;i++) D[i]=T[i];
- return 0;
- }
-
-/* IEEE1363 ECDSA Signature Verification. Signature C and D on F is verified using public key W */
- public static int ECPVP_DSA(int sha,byte[] W,byte[] F, byte[] C,byte[] D)
- {
- BIG r,gx,gy,f,c,d,h2;
- int res=0;
- ECP G,WP,P;
- int valid;
-
- byte[] B=hashit(sha,F,0,null,ROM.MODBYTES);
-
- gx=new BIG(ROM.CURVE_Gx);
- gy=new BIG(ROM.CURVE_Gy);
-
- G=new ECP(gx,gy);
- r=new BIG(ROM.CURVE_Order);
-
- c=BIG.fromBytes(C);
- d=BIG.fromBytes(D);
- f=BIG.fromBytes(B);
-
- if (c.iszilch() || BIG.comp(c,r)>=0 || d.iszilch() || BIG.comp(d,r)>=0)
- res=INVALID;
-
- if (res==0)
- {
- d.invmodp(r);
- f.copy(BIG.modmul(f,d,r));
- h2=BIG.modmul(c,d,r);
-
- WP=ECP.fromBytes(W);
- if (WP.is_infinity()) res=ERROR;
- else
- {
- P=new ECP();
- P.copy(WP);
- P=P.mul2(h2,G,f);
- if (P.is_infinity()) res=INVALID;
- else
- {
- d=P.getX();
- d.mod(r);
- if (BIG.comp(d,c)!=0) res=INVALID;
- }
- }
- }
-
- return res;
- }
-
-/* IEEE1363 ECIES encryption. Encryption of plaintext M uses public key W and produces ciphertext V,C,T */
- public static byte[] ECIES_ENCRYPT(int sha,byte[] P1,byte[] P2,RAND RNG,byte[] W,byte[] M,byte[] V,byte[] T)
- {
- int i,len;
-
- byte[] Z=new byte[EFS];
- byte[] VZ=new byte[3*EFS+1];
- byte[] K1=new byte[EAS];
- byte[] K2=new byte[EAS];
- byte[] U=new byte[EGS];
-
- if (KEY_PAIR_GENERATE(RNG,U,V)!=0) return new byte[0];
- if (ECPSVDP_DH(U,W,Z)!=0) return new byte[0];
-
- for (i=0;i<2*EFS+1;i++) VZ[i]=V[i];
- for (i=0;i<EFS;i++) VZ[2*EFS+1+i]=Z[i];
-
-
- byte[] K=KDF2(sha,VZ,P1,EFS);
-
- for (i=0;i<EAS;i++) {K1[i]=K[i]; K2[i]=K[EAS+i];}
-
- byte[] C=AES_CBC_IV0_ENCRYPT(K1,M);
-
- byte[] L2=inttoBytes(P2.length,8);
-
- byte[] AC=new byte[C.length+P2.length+8];
- for (i=0;i<C.length;i++) AC[i]=C[i];
- for (i=0;i<P2.length;i++) AC[C.length+i]=P2[i];
- for (i=0;i<8;i++) AC[C.length+P2.length+i]=L2[i];
-
- HMAC(sha,AC,K2,T);
-
- return C;
- }
-
-/* IEEE1363 ECIES decryption. Decryption of ciphertext V,C,T using private key U outputs plaintext M */
- public static byte[] ECIES_DECRYPT(int sha,byte[] P1,byte[] P2,byte[] V,byte[] C,byte[] T,byte[] U)
- {
-
- int i,len;
-
- byte[] Z=new byte[EFS];
- byte[] VZ=new byte[3*EFS+1];
- byte[] K1=new byte[EAS];
- byte[] K2=new byte[EAS];
- byte[] TAG=new byte[T.length];
-
- if (ECPSVDP_DH(U,V,Z)!=0) return new byte[0];
-
- for (i=0;i<2*EFS+1;i++) VZ[i]=V[i];
- for (i=0;i<EFS;i++) VZ[2*EFS+1+i]=Z[i];
-
- byte[] K=KDF2(sha,VZ,P1,EFS);
-
- for (i=0;i<EAS;i++) {K1[i]=K[i]; K2[i]=K[EAS+i];}
-
- byte[] M=AES_CBC_IV0_DECRYPT(K1,C);
-
- if (M.length==0) return M;
-
- byte[] L2=inttoBytes(P2.length,8);
-
- byte[] AC=new byte[C.length+P2.length+8];
-
- for (i=0;i<C.length;i++) AC[i]=C[i];
- for (i=0;i<P2.length;i++) AC[C.length+i]=P2[i];
- for (i=0;i<8;i++) AC[C.length+P2.length+i]=L2[i];
-
- HMAC(sha,AC,K2,TAG);
-
- boolean same=true;
- for (i=0;i<T.length;i++) if (T[i]!=TAG[i]) same=false;
- if (!same) return new byte[0];
-
- return M;
-
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/java/ECP.java
----------------------------------------------------------------------
diff --git a/version22/java/ECP.java b/version22/java/ECP.java
deleted file mode 100644
index d315e45..0000000
--- a/version22/java/ECP.java
+++ /dev/null
@@ -1,917 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Elliptic Curve Point class */
-
-public final class ECP {
- private FP x;
- private FP y;
- private FP z;
- private boolean INF;
-
-/* Constructor - set to O */
- public ECP() {
- INF=true;
- x=new FP(0);
- y=new FP(1);
- z=new FP(1);
- }
-/* test for O point-at-infinity */
- public boolean is_infinity() {
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- x.reduce(); y.reduce(); z.reduce();
- return (x.iszilch() && y.equals(z));
- }
- else return INF;
- }
-/* Conditional swap of P and Q dependant on d */
- private void cswap(ECP Q,int d)
- {
- x.cswap(Q.x,d);
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) y.cswap(Q.y,d);
- z.cswap(Q.z,d);
- if (ROM.CURVETYPE!=ROM.EDWARDS)
- {
- boolean bd;
- if (d==0) bd=false;
- else bd=true;
- bd=bd&(INF^Q.INF);
- INF^=bd;
- Q.INF^=bd;
- }
- }
-
-/* Conditional move of Q to P dependant on d */
- private void cmove(ECP Q,int d)
- {
- x.cmove(Q.x,d);
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) y.cmove(Q.y,d);
- z.cmove(Q.z,d);
- if (ROM.CURVETYPE!=ROM.EDWARDS)
- {
- boolean bd;
- if (d==0) bd=false;
- else bd=true;
- INF^=(INF^Q.INF)&bd;
- }
- }
-
-/* return 1 if b==c, no branching */
- private static int teq(int b,int c)
- {
- int x=b^c;
- x-=1; // if x=0, x now -1
- return ((x>>31)&1);
- }
-
-/* Constant time select from pre-computed table */
- private void select(ECP W[],int b)
- {
- ECP MP=new ECP();
- int m=b>>31;
- int babs=(b^m)-m;
-
- babs=(babs-1)/2;
-
- cmove(W[0],teq(babs,0)); // conditional move
- cmove(W[1],teq(babs,1));
- cmove(W[2],teq(babs,2));
- cmove(W[3],teq(babs,3));
- cmove(W[4],teq(babs,4));
- cmove(W[5],teq(babs,5));
- cmove(W[6],teq(babs,6));
- cmove(W[7],teq(babs,7));
-
- MP.copy(this);
- MP.neg();
- cmove(MP,(int)(m&1));
- }
-
-/* Test P == Q */
- public boolean equals(ECP Q) {
- if (is_infinity() && Q.is_infinity()) return true;
- if (is_infinity() || Q.is_infinity()) return false;
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- {
- FP zs2=new FP(z); zs2.sqr();
- FP zo2=new FP(Q.z); zo2.sqr();
- FP zs3=new FP(zs2); zs3.mul(z);
- FP zo3=new FP(zo2); zo3.mul(Q.z);
- zs2.mul(Q.x);
- zo2.mul(x);
- if (!zs2.equals(zo2)) return false;
- zs3.mul(Q.y);
- zo3.mul(y);
- if (!zs3.equals(zo3)) return false;
- }
- else
- {
- FP a=new FP(0);
- FP b=new FP(0);
- a.copy(x); a.mul(Q.z); a.reduce();
- b.copy(Q.x); b.mul(z); b.reduce();
- if (!a.equals(b)) return false;
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- a.copy(y); a.mul(Q.z); a.reduce();
- b.copy(Q.y); b.mul(z); b.reduce();
- if (!a.equals(b)) return false;
- }
- }
- return true;
- }
-
-/* this=P */
- public void copy(ECP P)
- {
- x.copy(P.x);
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) y.copy(P.y);
- z.copy(P.z);
- INF=P.INF;
- }
-/* this=-this */
- public void neg() {
- if (is_infinity()) return;
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- {
- y.neg(); y.norm();
- }
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- x.neg(); x.norm();
- }
- return;
- }
-/* set this=O */
- public void inf() {
- INF=true;
- x.zero();
- y.one();
- z.one();
- // y=new FP(1);
- // z=new FP(1);
- }
-
-/* Calculate RHS of curve equation */
- public static FP RHS(FP x) {
- x.norm();
- FP r=new FP(x);
- r.sqr();
-
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- { // x^3+Ax+B
- FP b=new FP(new BIG(ROM.CURVE_B));
- r.mul(x);
- if (ROM.CURVE_A==-3)
- {
- FP cx=new FP(x);
- cx.imul(3);
- cx.neg(); cx.norm();
- r.add(cx);
- }
- r.add(b);
- }
- if (ROM.CURVETYPE==ROM.EDWARDS)
- { // (Ax^2-1)/(Bx^2-1)
- FP b=new FP(new BIG(ROM.CURVE_B));
-
- FP one=new FP(1);
- b.mul(r);
- b.sub(one);
- if (ROM.CURVE_A==-1) r.neg();
- r.sub(one);
-
- b.inverse();
-
- r.mul(b);
- }
- if (ROM.CURVETYPE==ROM.MONTGOMERY)
- { // x^3+Ax^2+x
- FP x3=new FP(0);
- x3.copy(r);
- x3.mul(x);
- r.imul(ROM.CURVE_A);
- r.add(x3);
- r.add(x);
- }
- r.reduce();
- return r;
- }
-
-/* set (x,y) from two BIGs */
- public ECP(BIG ix,BIG iy) {
- x=new FP(ix);
- y=new FP(iy);
- z=new FP(1);
- FP rhs=RHS(x);
-
- if (ROM.CURVETYPE==ROM.MONTGOMERY)
- {
- if (rhs.jacobi()==1) INF=false;
- else inf();
- }
- else
- {
- FP y2=new FP(y);
- y2.sqr();
- if (y2.equals(rhs)) INF=false;
- else inf();
- }
- }
-/* set (x,y) from BIG and a bit */
- public ECP(BIG ix,int s) {
- x=new FP(ix);
- FP rhs=RHS(x);
- y=new FP(0);
- z=new FP(1);
- if (rhs.jacobi()==1)
- {
- FP ny=rhs.sqrt();
- if (ny.redc().parity()!=s) ny.neg();
- y.copy(ny);
- INF=false;
- }
- else inf();
- }
-
-/* set from x - calculate y from curve equation */
- public ECP(BIG ix) {
- x=new FP(ix);
- FP rhs=RHS(x);
- y=new FP(0);
- z=new FP(1);
- if (rhs.jacobi()==1)
- {
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) y.copy(rhs.sqrt());
- INF=false;
- }
- else INF=true;
- }
-
-/* set to affine - from (x,y,z) to (x,y) */
- public void affine() {
- if (is_infinity()) return;
- FP one=new FP(1);
- if (z.equals(one)) return;
- z.inverse();
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- {
- FP z2=new FP(z);
- z2.sqr();
- x.mul(z2); x.reduce();
- y.mul(z2);
- y.mul(z); y.reduce();
- }
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- x.mul(z); x.reduce();
- y.mul(z); y.reduce();
- }
- if (ROM.CURVETYPE==ROM.MONTGOMERY)
- {
- x.mul(z); x.reduce();
- }
- z.copy(one);
- }
-/* extract x as a BIG */
- public BIG getX()
- {
- affine();
- return x.redc();
- }
-/* extract y as a BIG */
- public BIG getY()
- {
- affine();
- return y.redc();
- }
-
-/* get sign of Y */
- public int getS()
- {
- affine();
- BIG y=getY();
- return y.parity();
- }
-/* extract x as an FP */
- public FP getx()
- {
- return x;
- }
-/* extract y as an FP */
- public FP gety()
- {
- return y;
- }
-/* extract z as an FP */
- public FP getz()
- {
- return z;
- }
-/* convert to byte array */
- public void toBytes(byte[] b)
- {
- byte[] t=new byte[ROM.MODBYTES];
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) b[0]=0x04;
- else b[0]=0x02;
-
- affine();
- x.redc().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) b[i+1]=t[i];
- if (ROM.CURVETYPE!=ROM.MONTGOMERY)
- {
- y.redc().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) b[i+ROM.MODBYTES+1]=t[i];
- }
- }
-/* convert from byte array to point */
- public static ECP fromBytes(byte[] b)
- {
- byte[] t=new byte[ROM.MODBYTES];
- BIG p=new BIG(ROM.Modulus);
-
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=b[i+1];
- BIG px=BIG.fromBytes(t);
- if (BIG.comp(px,p)>=0) return new ECP();
-
- if (b[0]==0x04)
- {
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=b[i+ROM.MODBYTES+1];
- BIG py=BIG.fromBytes(t);
- if (BIG.comp(py,p)>=0) return new ECP();
- return new ECP(px,py);
- }
- else return new ECP(px);
- }
-/* convert to hex string */
- public String toString() {
- if (is_infinity()) return "infinity";
- affine();
- if (ROM.CURVETYPE==ROM.MONTGOMERY) return "("+x.redc().toString()+")";
- else return "("+x.redc().toString()+","+y.redc().toString()+")";
- }
-/* this*=2 */
- public void dbl() {
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- {
- if (INF) return;
- if (y.iszilch())
- {
- inf();
- return;
- }
-
- FP w1=new FP(x);
- FP w6=new FP(z);
- FP w2=new FP(0);
- FP w3=new FP(x);
- FP w8=new FP(x);
-
- if (ROM.CURVE_A==-3)
- {
- w6.sqr();
- w1.copy(w6);
- w1.neg();
- w3.add(w1);
- w8.add(w6);
- w3.mul(w8);
- w8.copy(w3);
- w8.imul(3);
- }
- else
- {
- w1.sqr();
- w8.copy(w1);
- w8.imul(3);
- }
-
- w2.copy(y); w2.sqr();
- w3.copy(x); w3.mul(w2);
- w3.imul(4);
- w1.copy(w3); w1.neg();
- w1.norm();
-
- x.copy(w8); x.sqr();
- x.add(w1);
- x.add(w1);
- x.norm();
-
- z.mul(y);
- z.add(z);
-
- w2.add(w2);
- w2.sqr();
- w2.add(w2);
- w3.sub(x);
- y.copy(w8); y.mul(w3);
- y.sub(w2);
- y.norm();
- z.norm();
- }
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- FP C=new FP(x);
- FP D=new FP(y);
- FP H=new FP(z);
- FP J=new FP(0);
-
- x.mul(y); x.add(x);
- C.sqr();
- D.sqr();
- if (ROM.CURVE_A==-1) C.neg();
- y.copy(C); y.add(D);
- y.norm();
- H.sqr(); H.add(H);
- z.copy(y);
- J.copy(y); J.sub(H);
- x.mul(J);
- C.sub(D);
- y.mul(C);
- z.mul(J);
-
- x.norm();
- y.norm();
- z.norm();
- }
- if (ROM.CURVETYPE==ROM.MONTGOMERY)
- {
- FP A=new FP(x);
- FP B=new FP(x);
- FP AA=new FP(0);
- FP BB=new FP(0);
- FP C=new FP(0);
-
- if (INF) return;
-
- A.add(z);
- AA.copy(A); AA.sqr();
- B.sub(z);
- BB.copy(B); BB.sqr();
- C.copy(AA); C.sub(BB);
-
- x.copy(AA); x.mul(BB);
-
- A.copy(C); A.imul((ROM.CURVE_A+2)/4);
-
- BB.add(A);
- z.copy(BB); z.mul(C);
- x.norm();
- z.norm();
- }
- return;
- }
-
-/* this+=Q */
- public void add(ECP Q) {
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- {
- if (INF)
- {
- copy(Q);
- return;
- }
- if (Q.INF) return;
-
- boolean aff=false;
-
- FP one=new FP(1);
- if (Q.z.equals(one)) aff=true;
-
- FP A,C;
- FP B=new FP(z);
- FP D=new FP(z);
- if (!aff)
- {
- A=new FP(Q.z);
- C=new FP(Q.z);
-
- A.sqr(); B.sqr();
- C.mul(A); D.mul(B);
-
- A.mul(x);
- C.mul(y);
- }
- else
- {
- A=new FP(x);
- C=new FP(y);
-
- B.sqr();
- D.mul(B);
- }
-
- B.mul(Q.x); B.sub(A);
- D.mul(Q.y); D.sub(C);
-
- if (B.iszilch())
- {
- if (D.iszilch())
- {
- dbl();
- return;
- }
- else
- {
- INF=true;
- return;
- }
- }
-
- if (!aff) z.mul(Q.z);
- z.mul(B);
-
- FP e=new FP(B); e.sqr();
- B.mul(e);
- A.mul(e);
-
- e.copy(A);
- e.add(A); e.add(B);
- x.copy(D); x.sqr(); x.sub(e);
-
- A.sub(x);
- y.copy(A); y.mul(D);
- C.mul(B); y.sub(C);
-
- x.norm();
- y.norm();
- z.norm();
- }
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- FP b=new FP(new BIG(ROM.CURVE_B));
- FP A=new FP(z);
- FP B=new FP(0);
- FP C=new FP(x);
- FP D=new FP(y);
- FP E=new FP(0);
- FP F=new FP(0);
- FP G=new FP(0);
- // FP H=new FP(0);
- // FP I=new FP(0);
-
- A.mul(Q.z);
- B.copy(A); B.sqr();
- C.mul(Q.x);
- D.mul(Q.y);
-
- E.copy(C); E.mul(D); E.mul(b);
- F.copy(B); F.sub(E);
- G.copy(B); G.add(E);
-
- if (ROM.CURVE_A==1)
- {
- E.copy(D); E.sub(C);
- }
- C.add(D);
-
- B.copy(x); B.add(y);
- D.copy(Q.x); D.add(Q.y);
- B.mul(D);
- B.sub(C);
- B.mul(F);
- x.copy(A); x.mul(B);
-
- if (ROM.CURVE_A==1)
- {
- C.copy(E); C.mul(G);
- }
- if (ROM.CURVE_A==-1)
- {
- C.mul(G);
- }
- y.copy(A); y.mul(C);
- z.copy(F); z.mul(G);
- x.norm(); y.norm(); z.norm();
- }
- return;
- }
-
-/* Differential Add for Montgomery curves. this+=Q where W is this-Q and is affine. */
- public void dadd(ECP Q,ECP W) {
- FP A=new FP(x);
- FP B=new FP(x);
- FP C=new FP(Q.x);
- FP D=new FP(Q.x);
- FP DA=new FP(0);
- FP CB=new FP(0);
-
- A.add(z);
- B.sub(z);
-
- C.add(Q.z);
- D.sub(Q.z);
-
- DA.copy(D); DA.mul(A);
- CB.copy(C); CB.mul(B);
-
- A.copy(DA); A.add(CB); A.sqr();
- B.copy(DA); B.sub(CB); B.sqr();
-
- x.copy(A);
- z.copy(W.x); z.mul(B);
-
- if (z.iszilch()) inf();
- else INF=false;
-
- x.norm();
- }
-/* this-=Q */
- public void sub(ECP Q) {
- Q.neg();
- add(Q);
- Q.neg();
- }
-
- public static void multiaffine(int m,ECP[] P)
- {
- int i;
- FP t1=new FP(0);
- FP t2=new FP(0);
-
- FP[] work=new FP[m];
-
- for (i=0;i<m;i++)
- work[i]=new FP(0);
-
- work[0].one();
- work[1].copy(P[0].z);
-
- for (i=2;i<m;i++)
- {
- work[i].copy(work[i-1]);
- work[i].mul(P[i-1].z);
- }
-
- t1.copy(work[m-1]);
- t1.mul(P[m-1].z);
- t1.inverse();
- t2.copy(P[m-1].z);
- work[m-1].mul(t1);
-
- for (i=m-2;;i--)
- {
- if (i==0)
- {
- work[0].copy(t1);
- work[0].mul(t2);
- break;
- }
- work[i].mul(t2);
- work[i].mul(t1);
- t2.mul(P[i].z);
- }
-/* now work[] contains inverses of all Z coordinates */
-
- for (i=0;i<m;i++)
- {
- P[i].z.one();
- t1.copy(work[i]);
- t1.sqr();
- P[i].x.mul(t1);
- t1.mul(work[i]);
- P[i].y.mul(t1);
- }
- }
-
-/* constant time multiply by small integer of length bts - use ladder */
- public ECP pinmul(int e,int bts) {
- if (ROM.CURVETYPE==ROM.MONTGOMERY)
- return this.mul(new BIG(e));
- else
- {
- int nb,i,b;
- ECP P=new ECP();
- ECP R0=new ECP();
- ECP R1=new ECP(); R1.copy(this);
-
- for (i=bts-1;i>=0;i--)
- {
- b=(e>>i)&1;
- P.copy(R1);
- P.add(R0);
- R0.cswap(R1,b);
- R1.copy(P);
- R0.dbl();
- R0.cswap(R1,b);
- }
- P.copy(R0);
- P.affine();
- return P;
- }
- }
-
-/* return e.this */
-
- public ECP mul(BIG e) {
- if (e.iszilch() || is_infinity()) return new ECP();
- ECP P=new ECP();
- if (ROM.CURVETYPE==ROM.MONTGOMERY)
- {
-/* use Ladder */
- int nb,i,b;
- ECP D=new ECP();
- ECP R0=new ECP(); R0.copy(this);
- ECP R1=new ECP(); R1.copy(this);
- R1.dbl();
- D.copy(this); D.affine();
- nb=e.nbits();
- for (i=nb-2;i>=0;i--)
- {
- b=e.bit(i);
- P.copy(R1);
- P.dadd(R0,D);
- R0.cswap(R1,b);
- R1.copy(P);
- R0.dbl();
- R0.cswap(R1,b);
- }
- P.copy(R0);
- }
- else
- {
-// fixed size windows
- int i,b,nb,m,s,ns;
- BIG mt=new BIG();
- BIG t=new BIG();
- ECP Q=new ECP();
- ECP C=new ECP();
- ECP[] W=new ECP[8];
- byte[] w=new byte[1+(ROM.NLEN*ROM.BASEBITS+3)/4];
-
- affine();
-
-// precompute table
- Q.copy(this);
- Q.dbl();
- W[0]=new ECP();
- W[0].copy(this);
-
- for (i=1;i<8;i++)
- {
- W[i]=new ECP();
- W[i].copy(W[i-1]);
- W[i].add(Q);
- }
-
-// convert the table to affine
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- multiaffine(8,W);
-
-// make exponent odd - add 2P if even, P if odd
- t.copy(e);
- s=t.parity();
- t.inc(1); t.norm(); ns=t.parity(); mt.copy(t); mt.inc(1); mt.norm();
- t.cmove(mt,s);
- Q.cmove(this,ns);
- C.copy(Q);
-
- nb=1+(t.nbits()+3)/4;
-
-// convert exponent to signed 4-bit window
- for (i=0;i<nb;i++)
- {
- w[i]=(byte)(t.lastbits(5)-16);
- t.dec(w[i]); t.norm();
- t.fshr(4);
- }
- w[nb]=(byte)t.lastbits(5);
-
- P.copy(W[(w[nb]-1)/2]);
- for (i=nb-1;i>=0;i--)
- {
- Q.select(W,w[i]);
- P.dbl();
- P.dbl();
- P.dbl();
- P.dbl();
- P.add(Q);
- }
- P.sub(C); /* apply correction */
- }
- P.affine();
- return P;
- }
-
-/* Return e.this+f.Q */
-
- public ECP mul2(BIG e,ECP Q,BIG f) {
- BIG te=new BIG();
- BIG tf=new BIG();
- BIG mt=new BIG();
- ECP S=new ECP();
- ECP T=new ECP();
- ECP C=new ECP();
- ECP[] W=new ECP[8];
- byte[] w=new byte[1+(ROM.NLEN*ROM.BASEBITS+1)/2];
- int i,s,ns,nb;
- byte a,b;
-
- affine();
- Q.affine();
-
- te.copy(e);
- tf.copy(f);
-
-// precompute table
- W[1]=new ECP(); W[1].copy(this); W[1].sub(Q);
- W[2]=new ECP(); W[2].copy(this); W[2].add(Q);
- S.copy(Q); S.dbl();
- W[0]=new ECP(); W[0].copy(W[1]); W[0].sub(S);
- W[3]=new ECP(); W[3].copy(W[2]); W[3].add(S);
- T.copy(this); T.dbl();
- W[5]=new ECP(); W[5].copy(W[1]); W[5].add(T);
- W[6]=new ECP(); W[6].copy(W[2]); W[6].add(T);
- W[4]=new ECP(); W[4].copy(W[5]); W[4].sub(S);
- W[7]=new ECP(); W[7].copy(W[6]); W[7].add(S);
-
-// convert the table to affine
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- multiaffine(8,W);
-
-// if multiplier is odd, add 2, else add 1 to multiplier, and add 2P or P to correction
-
- s=te.parity();
- te.inc(1); te.norm(); ns=te.parity(); mt.copy(te); mt.inc(1); mt.norm();
- te.cmove(mt,s);
- T.cmove(this,ns);
- C.copy(T);
-
- s=tf.parity();
- tf.inc(1); tf.norm(); ns=tf.parity(); mt.copy(tf); mt.inc(1); mt.norm();
- tf.cmove(mt,s);
- S.cmove(Q,ns);
- C.add(S);
-
- mt.copy(te); mt.add(tf); mt.norm();
- nb=1+(mt.nbits()+1)/2;
-
-// convert exponent to signed 2-bit window
- for (i=0;i<nb;i++)
- {
- a=(byte)(te.lastbits(3)-4);
- te.dec(a); te.norm();
- te.fshr(2);
- b=(byte)(tf.lastbits(3)-4);
- tf.dec(b); tf.norm();
- tf.fshr(2);
- w[i]=(byte)(4*a+b);
- }
- w[nb]=(byte)(4*te.lastbits(3)+tf.lastbits(3));
- S.copy(W[(w[nb]-1)/2]);
-
- for (i=nb-1;i>=0;i--)
- {
- T.select(W,w[i]);
- S.dbl();
- S.dbl();
- S.add(T);
- }
- S.sub(C); /* apply correction */
- S.affine();
- return S;
- }
-
-/*
- public static void main(String[] args) {
-
- BIG Gx=new BIG(ROM.CURVE_Gx);
- BIG Gy;
- ECP P;
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) Gy=new BIG(ROM.CURVE_Gy);
- BIG r=new BIG(ROM.CURVE_Order);
-
- //r.dec(7);
-
- System.out.println("Gx= "+Gx.toString());
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) System.out.println("Gy= "+Gy.toString());
-
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) P=new ECP(Gx,Gy);
- else P=new ECP(Gx);
-
- System.out.println("P= "+P.toString());
-
- ECP R=P.mul(r);
- //for (int i=0;i<10000;i++)
- // R=P.mul(r);
-
- System.out.println("R= "+R.toString());
- } */
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/java/ECP2.java
----------------------------------------------------------------------
diff --git a/version22/java/ECP2.java b/version22/java/ECP2.java
deleted file mode 100644
index ec9f674..0000000
--- a/version22/java/ECP2.java
+++ /dev/null
@@ -1,624 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL Weierstrass elliptic curve functions over FP2 */
-
-public final class ECP2 {
- private FP2 x;
- private FP2 y;
- private FP2 z;
- private boolean INF;
-
-/* Constructor - set this=O */
- public ECP2() {
- INF=true;
- x=new FP2(0);
- y=new FP2(1);
- z=new FP2(1);
- }
-
-/* Test this=O? */
- public boolean is_infinity() {
- return INF;
- }
-/* copy this=P */
- public void copy(ECP2 P)
- {
- x.copy(P.x);
- y.copy(P.y);
- z.copy(P.z);
- INF=P.INF;
- }
-/* set this=O */
- public void inf() {
- INF=true;
- x.zero();
- y.zero();
- z.zero();
- }
-
-/* Conditional move of Q to P dependant on d */
- public void cmove(ECP2 Q,int d)
- {
- x.cmove(Q.x,d);
- y.cmove(Q.y,d);
- z.cmove(Q.z,d);
-
- boolean bd;
- if (d==0) bd=false;
- else bd=true;
- INF^=(INF^Q.INF)&bd;
- }
-
-/* return 1 if b==c, no branching */
- public static int teq(int b,int c)
- {
- int x=b^c;
- x-=1; // if x=0, x now -1
- return ((x>>31)&1);
- }
-
-/* Constant time select from pre-computed table */
- public void select(ECP2 W[],int b)
- {
- ECP2 MP=new ECP2();
- int m=b>>31;
- int babs=(b^m)-m;
-
- babs=(babs-1)/2;
-
- cmove(W[0],teq(babs,0)); // conditional move
- cmove(W[1],teq(babs,1));
- cmove(W[2],teq(babs,2));
- cmove(W[3],teq(babs,3));
- cmove(W[4],teq(babs,4));
- cmove(W[5],teq(babs,5));
- cmove(W[6],teq(babs,6));
- cmove(W[7],teq(babs,7));
-
- MP.copy(this);
- MP.neg();
- cmove(MP,(int)(m&1));
- }
-
-/* Test if P == Q */
- public boolean equals(ECP2 Q) {
- if (is_infinity() && Q.is_infinity()) return true;
- if (is_infinity() || Q.is_infinity()) return false;
-
- FP2 zs2=new FP2(z); zs2.sqr();
- FP2 zo2=new FP2(Q.z); zo2.sqr();
- FP2 zs3=new FP2(zs2); zs3.mul(z);
- FP2 zo3=new FP2(zo2); zo3.mul(Q.z);
- zs2.mul(Q.x);
- zo2.mul(x);
- if (!zs2.equals(zo2)) return false;
- zs3.mul(Q.y);
- zo3.mul(y);
- if (!zs3.equals(zo3)) return false;
-
- return true;
- }
-/* set this=-this */
- public void neg() {
- if (is_infinity()) return;
- y.neg(); y.norm();
- return;
- }
-/* set to Affine - (x,y,z) to (x,y) */
- public void affine() {
- if (is_infinity()) return;
- FP2 one=new FP2(1);
- if (z.equals(one)) return;
- z.inverse();
-
- FP2 z2=new FP2(z);
- z2.sqr();
- x.mul(z2); x.reduce();
- y.mul(z2);
- y.mul(z); y.reduce();
- z.copy(one);
- }
-/* extract affine x as FP2 */
- public FP2 getX()
- {
- affine();
- return x;
- }
-/* extract affine y as FP2 */
- public FP2 getY()
- {
- affine();
- return y;
- }
-/* extract projective x */
- public FP2 getx()
- {
- return x;
- }
-/* extract projective y */
- public FP2 gety()
- {
- return y;
- }
-/* extract projective z */
- public FP2 getz()
- {
- return z;
- }
-/* convert to byte array */
- public void toBytes(byte[] b)
- {
- byte[] t=new byte[ROM.MODBYTES];
- affine();
- x.getA().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++)
- b[i]=t[i];
- x.getB().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++)
- b[i+ROM.MODBYTES]=t[i];
-
- y.getA().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++)
- b[i+2*ROM.MODBYTES]=t[i];
- y.getB().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++)
- b[i+3*ROM.MODBYTES]=t[i];
- }
-/* convert from byte array to point */
- public static ECP2 fromBytes(byte[] b)
- {
- byte[] t=new byte[ROM.MODBYTES];
- BIG ra;
- BIG rb;
-
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=b[i];
- ra=BIG.fromBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=b[i+ROM.MODBYTES];
- rb=BIG.fromBytes(t);
- FP2 rx=new FP2(ra,rb);
-
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=b[i+2*ROM.MODBYTES];
- ra=BIG.fromBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=b[i+3*ROM.MODBYTES];
- rb=BIG.fromBytes(t);
- FP2 ry=new FP2(ra,rb);
-
- return new ECP2(rx,ry);
- }
-/* convert this to hex string */
- public String toString() {
- if (is_infinity()) return "infinity";
- affine();
- return "("+x.toString()+","+y.toString()+")";
- }
-
-/* Calculate RHS of twisted curve equation x^3+B/i */
- public static FP2 RHS(FP2 x) {
- x.norm();
- FP2 r=new FP2(x);
- r.sqr();
- FP2 b=new FP2(new BIG(ROM.CURVE_B));
- b.div_ip();
- r.mul(x);
- r.add(b);
-
- r.reduce();
- return r;
- }
-
-/* construct this from (x,y) - but set to O if not on curve */
- public ECP2(FP2 ix,FP2 iy) {
- x=new FP2(ix);
- y=new FP2(iy);
- z=new FP2(1);
- FP2 rhs=RHS(x);
- FP2 y2=new FP2(y);
- y2.sqr();
- if (y2.equals(rhs)) INF=false;
- else {x.zero();INF=true;}
- }
-
-/* construct this from x - but set to O if not on curve */
- public ECP2(FP2 ix) {
- x=new FP2(ix);
- y=new FP2(1);
- z=new FP2(1);
- FP2 rhs=RHS(x);
- if (rhs.sqrt())
- {
- y.copy(rhs);
- INF=false;
- }
- else {x.zero();INF=true;}
- }
-
-/* this+=this */
- public int dbl() {
- if (INF) return -1;
- if (y.iszilch())
- {
- inf();
- return -1;
- }
-
- FP2 w1=new FP2(x);
- FP2 w2=new FP2(0);
- FP2 w3=new FP2(x);
- FP2 w8=new FP2(x);
-
- w1.sqr();
- w8.copy(w1);
- w8.imul(3);
-
- w2.copy(y); w2.sqr();
- w3.copy(x); w3.mul(w2);
- w3.imul(4);
- w1.copy(w3); w1.neg();
- w1.norm();
-
- x.copy(w8); x.sqr();
- x.add(w1);
- x.add(w1);
- x.norm();
-
- z.mul(y);
- z.add(z);
-
- w2.add(w2);
- w2.sqr();
- w2.add(w2);
- w3.sub(x);
- y.copy(w8); y.mul(w3);
- // w2.norm();
- y.sub(w2);
-
- y.norm();
- z.norm();
-
- return 1;
- }
-
-/* this+=Q - return 0 for add, 1 for double, -1 for O */
- public int add(ECP2 Q) {
- if (INF)
- {
- copy(Q);
- return -1;
- }
- if (Q.INF) return -1;
-
- boolean aff=false;
-
- if (Q.z.isunity()) aff=true;
-
- FP2 A,C;
- FP2 B=new FP2(z);
- FP2 D=new FP2(z);
- if (!aff)
- {
- A=new FP2(Q.z);
- C=new FP2(Q.z);
-
- A.sqr(); B.sqr();
- C.mul(A); D.mul(B);
-
- A.mul(x);
- C.mul(y);
- }
- else
- {
- A=new FP2(x);
- C=new FP2(y);
-
- B.sqr();
- D.mul(B);
- }
-
- B.mul(Q.x); B.sub(A);
- D.mul(Q.y); D.sub(C);
-
- if (B.iszilch())
- {
- if (D.iszilch())
- {
- dbl();
- return 1;
- }
- else
- {
- INF=true;
- return -1;
- }
- }
-
- if (!aff) z.mul(Q.z);
- z.mul(B);
-
- FP2 e=new FP2(B); e.sqr();
- B.mul(e);
- A.mul(e);
-
- e.copy(A);
- e.add(A); e.add(B);
- x.copy(D); x.sqr(); x.sub(e);
-
- A.sub(x);
- y.copy(A); y.mul(D);
- C.mul(B); y.sub(C);
-
- x.norm();
- y.norm();
- z.norm();
-
- return 0;
- }
-
-/* set this-=Q */
- public int sub(ECP2 Q) {
- Q.neg();
- int D=add(Q);
- Q.neg();
- return D;
- }
-/* set this*=q, where q is Modulus, using Frobenius */
- public void frob(FP2 X)
- {
- if (INF) return;
- FP2 X2=new FP2(X);
- X2.sqr();
- x.conj();
- y.conj();
- z.conj();
- z.reduce();
- x.mul(X2);
- y.mul(X2);
- y.mul(X);
- }
-
-/* normalises m-array of ECP2 points. Requires work vector of m FP2s */
-
- public static void multiaffine(int m,ECP2[] P)
- {
- int i;
- FP2 t1=new FP2(0);
- FP2 t2=new FP2(0);
-
- FP2[] work=new FP2[m];
- work[0]=new FP2(1);
- work[1]=new FP2(P[0].z);
- for (i=2;i<m;i++)
- {
- work[i]=new FP2(work[i-1]);
- work[i].mul(P[i-1].z);
- }
-
- t1.copy(work[m-1]); t1.mul(P[m-1].z);
-
- t1.inverse();
-
- t2.copy(P[m-1].z);
- work[m-1].mul(t1);
-
- for (i=m-2;;i--)
- {
- if (i==0)
- {
- work[0].copy(t1);
- work[0].mul(t2);
- break;
- }
- work[i].mul(t2);
- work[i].mul(t1);
- t2.mul(P[i].z);
- }
-/* now work[] contains inverses of all Z coordinates */
-
- for (i=0;i<m;i++)
- {
- P[i].z.one();
- t1.copy(work[i]); t1.sqr();
- P[i].x.mul(t1);
- t1.mul(work[i]);
- P[i].y.mul(t1);
- }
- }
-
-/* P*=e */
- public ECP2 mul(BIG e)
- {
-/* fixed size windows */
- int i,b,nb,m,s,ns;
- BIG mt=new BIG();
- BIG t=new BIG();
- ECP2 P=new ECP2();
- ECP2 Q=new ECP2();
- ECP2 C=new ECP2();
- ECP2[] W=new ECP2[8];
- byte[] w=new byte[1+(ROM.NLEN*ROM.BASEBITS+3)/4];
-
- if (is_infinity()) return new ECP2();
-
- affine();
-
-/* precompute table */
- Q.copy(this);
- Q.dbl();
- W[0]=new ECP2();
- W[0].copy(this);
-
- for (i=1;i<8;i++)
- {
- W[i]=new ECP2();
- W[i].copy(W[i-1]);
- W[i].add(Q);
- }
-
-/* convert the table to affine */
-
- multiaffine(8,W);
-
-/* make exponent odd - add 2P if even, P if odd */
- t.copy(e);
- s=t.parity();
- t.inc(1); t.norm(); ns=t.parity(); mt.copy(t); mt.inc(1); mt.norm();
- t.cmove(mt,s);
- Q.cmove(this,ns);
- C.copy(Q);
-
- nb=1+(t.nbits()+3)/4;
-/* convert exponent to signed 4-bit window */
- for (i=0;i<nb;i++)
- {
- w[i]=(byte)(t.lastbits(5)-16);
- t.dec(w[i]); t.norm();
- t.fshr(4);
- }
- w[nb]=(byte)t.lastbits(5);
-
- P.copy(W[(w[nb]-1)/2]);
- for (i=nb-1;i>=0;i--)
- {
- Q.select(W,w[i]);
- P.dbl();
- P.dbl();
- P.dbl();
- P.dbl();
- P.add(Q);
- }
- P.sub(C);
- P.affine();
- return P;
- }
-
-/* P=u0.Q0+u1*Q1+u2*Q2+u3*Q3 */
- public static ECP2 mul4(ECP2[] Q,BIG[] u)
- {
- int i,j,nb;
- int[] a=new int[4];
- ECP2 T=new ECP2();
- ECP2 C=new ECP2();
- ECP2 P=new ECP2();
- ECP2[] W=new ECP2[8];
-
- BIG mt=new BIG();
- BIG[] t=new BIG[4];
-
- byte[] w=new byte[ROM.NLEN*ROM.BASEBITS+1];
-
- for (i=0;i<4;i++)
- {
- t[i]=new BIG(u[i]);
- Q[i].affine();
- }
-
-/* precompute table */
-
- W[0]=new ECP2(); W[0].copy(Q[0]); W[0].sub(Q[1]);
- W[1]=new ECP2(); W[1].copy(W[0]);
- W[2]=new ECP2(); W[2].copy(W[0]);
- W[3]=new ECP2(); W[3].copy(W[0]);
- W[4]=new ECP2(); W[4].copy(Q[0]); W[4].add(Q[1]);
- W[5]=new ECP2(); W[5].copy(W[4]);
- W[6]=new ECP2(); W[6].copy(W[4]);
- W[7]=new ECP2(); W[7].copy(W[4]);
- T.copy(Q[2]); T.sub(Q[3]);
- W[1].sub(T);
- W[2].add(T);
- W[5].sub(T);
- W[6].add(T);
- T.copy(Q[2]); T.add(Q[3]);
- W[0].sub(T);
- W[3].add(T);
- W[4].sub(T);
- W[7].add(T);
-
- multiaffine(8,W);
-
-/* if multiplier is even add 1 to multiplier, and add P to correction */
- mt.zero(); C.inf();
- for (i=0;i<4;i++)
- {
- if (t[i].parity()==0)
- {
- t[i].inc(1); t[i].norm();
- C.add(Q[i]);
- }
- mt.add(t[i]); mt.norm();
- }
-
- nb=1+mt.nbits();
-
-/* convert exponent to signed 1-bit window */
- for (j=0;j<nb;j++)
- {
- for (i=0;i<4;i++)
- {
- a[i]=(byte)(t[i].lastbits(2)-2);
- t[i].dec(a[i]); t[i].norm();
- t[i].fshr(1);
- }
- w[j]=(byte)(8*a[0]+4*a[1]+2*a[2]+a[3]);
- }
- w[nb]=(byte)(8*t[0].lastbits(2)+4*t[1].lastbits(2)+2*t[2].lastbits(2)+t[3].lastbits(2));
-
- P.copy(W[(w[nb]-1)/2]);
- for (i=nb-1;i>=0;i--)
- {
- T.select(W,w[i]);
- P.dbl();
- P.add(T);
- }
- P.sub(C); /* apply correction */
-
- P.affine();
- return P;
- }
-
-/*
- public static void main(String[] args) {
- BIG r=new BIG(ROM.Modulus);
-
- BIG Pxa=new BIG(ROM.CURVE_Pxa);
- BIG Pxb=new BIG(ROM.CURVE_Pxb);
- BIG Pya=new BIG(ROM.CURVE_Pya);
- BIG Pyb=new BIG(ROM.CURVE_Pyb);
-
- BIG Fra=new BIG(ROM.CURVE_Fra);
- BIG Frb=new BIG(ROM.CURVE_Frb);
-
- FP2 f=new FP2(Fra,Frb);
-
- FP2 Px=new FP2(Pxa,Pxb);
- FP2 Py=new FP2(Pya,Pyb);
-
- ECP2 P=new ECP2(Px,Py);
-
- System.out.println("P= "+P.toString());
-
- P=P.mul(r);
- System.out.println("P= "+P.toString());
-
- ECP2 Q=new ECP2(Px,Py);
- Q.frob(f);
- System.out.println("Q= "+Q.toString());
- } */
-
-
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/java/FF.java
----------------------------------------------------------------------
diff --git a/version22/java/FF.java b/version22/java/FF.java
deleted file mode 100644
index a6ee1fe..0000000
--- a/version22/java/FF.java
+++ /dev/null
@@ -1,941 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Large Finite Field arithmetic */
-/* AMCL mod p functions */
-
-public final class FF {
- private final BIG[] v;
- private final int length;
-
-/* Constructors */
- public FF(int n)
- {
- v=new BIG[n];
- for (int i=0;i<n;i++)
- v[i]=new BIG(0);
- length=n;
- }
-
- public int getlen()
- {
- return length;
- }
-
-/* set to integer */
- public void set(int m)
- {
- zero();
- v[0].set(0,(m&ROM.BMASK));
- v[0].set(1,(m>>ROM.BASEBITS));
- }
-
-/* copy from FF b */
- public void copy(FF b)
- {
- for (int i=0;i<length;i++)
- {
- v[i].copy(b.v[i]);
- }
- }
-
-/* x=y<<n */
- public void dsucopy(FF b)
- {
- for (int i=0;i<b.length;i++)
- {
- v[b.length+i].copy(b.v[i]);
- v[i].zero();
- }
- }
-
-/* x=y */
- public void dscopy(FF b)
- {
- for (int i=0;i<b.length;i++)
- {
- v[i].copy(b.v[i]);
- v[b.length+i].zero();
- }
- }
-
-/* x=y>>n */
- public void sducopy(FF b)
- {
- for (int i=0;i<length;i++)
- {
- v[i].copy(b.v[length+i]);
- }
- }
-
-/* set to zero */
- public void zero()
- {
- for (int i=0;i<length;i++)
- {
- v[i].zero();
- }
- }
-
- public void one()
- {
- v[0].one();
- for (int i=1;i<length;i++)
- {
- v[i].zero();
- }
- }
-
-/* test equals 0 */
- public boolean iszilch()
- {
- for (int i=0;i<length;i++)
- {
- if (!v[i].iszilch()) return false;
- }
- return true;
- }
-
-/* shift right by BIGBITS-bit words */
- public void shrw(int n)
- {
- for (int i=0;i<n;i++)
- {
- v[i].copy(v[i+n]);
- v[i+n].zero();
- }
- }
-
-/* shift left by BIGBITS-bit words */
- public void shlw(int n)
- {
- for (int i=0;i<n;i++)
- {
- v[n+i].copy(v[i]);
- v[i].zero();
- }
- }
-
-/* extract last bit */
- public int parity()
- {
- return v[0].parity();
- }
-
- public int lastbits(int m)
- {
- return v[0].lastbits(m);
- }
-
-/* compare x and y - must be normalised, and of same length */
- public static int comp(FF a,FF b)
- {
- int i,j;
- for (i=a.length-1;i>=0;i--)
- {
- j=BIG.comp(a.v[i],b.v[i]);
- if (j!=0) return j;
- }
- return 0;
- }
-
-/* recursive add */
- public void radd(int vp,FF x,int xp,FF y,int yp,int n)
- {
- for (int i=0;i<n;i++)
- {
- v[vp+i].copy(x.v[xp+i]);
- v[vp+i].add(y.v[yp+i]);
- }
- }
-
-/* recursive inc */
- public void rinc(int vp,FF y,int yp,int n)
- {
- for (int i=0;i<n;i++)
- {
- v[vp+i].add(y.v[yp+i]);
- }
- }
-
-/* recursive sub */
- public void rsub(int vp,FF x,int xp,FF y,int yp,int n)
- {
- for (int i=0;i<n;i++)
- {
- v[vp+i].copy(x.v[xp+i]);
- v[vp+i].sub(y.v[yp+i]);
- }
- }
-
-/* recursive dec */
- public void rdec(int vp,FF y,int yp,int n)
- {
- for (int i=0;i<n;i++)
- {
- v[vp+i].sub(y.v[yp+i]);
- }
- }
-
-/* simple add */
- public void add(FF b)
- {
- for (int i=0;i<length;i++)
- v[i].add(b.v[i]);
- }
-
-/* simple sub */
- public void sub(FF b)
- {
- for (int i=0;i<length;i++)
- v[i].sub(b.v[i]);
- }
-
-/* reverse sub */
- public void revsub(FF b)
- {
- for (int i=0;i<length;i++)
- v[i].rsub(b.v[i]);
- }
-
-/* increment/decrement by a small integer */
- public void inc(int m)
- {
- v[0].inc(m);
- norm();
- }
-
- public void dec(int m)
- {
- v[0].dec(m);
- norm();
- }
-
- /* normalise - but hold any overflow in top part unless n<0 */
- private void rnorm(int vp,int n)
- {
- boolean trunc=false;
- int i;
- long carry;
- if (n<0)
- { /* -v n signals to do truncation */
- n=-n;
- trunc=true;
- }
- for (i=0;i<n-1;i++)
- {
- carry=v[vp+i].norm();
- v[vp+i].xortop(carry<<ROM.P_TBITS);
- v[vp+i+1].incl(carry);
- }
- carry=v[vp+n-1].norm();
- if (trunc)
- v[vp+n-1].xortop(carry<<ROM.P_TBITS);
- }
-
- public void norm()
- {
- rnorm(0,length);
- }
-
-/* shift left by one bit */
- public void shl()
- {
- int i,carry,delay_carry=0;
- for (i=0;i<length-1;i++)
- {
- carry=v[i].fshl(1);
- v[i].inc(delay_carry);
- v[i].xortop((long)carry<<ROM.P_TBITS);
- delay_carry=carry;
- }
- v[length-1].fshl(1);
- v[length-1].inc(delay_carry);
- }
-
-/* shift right by one bit */
-
- public void shr()
- {
- int carry;
- for (int i=length-1;i>0;i--)
- {
- carry=v[i].fshr(1);
- v[i-1].xortop((long)carry<<ROM.P_TBITS);
- }
- v[0].fshr(1);
- }
-
-/* Convert to Hex String */
- public String toString()
- {
- norm();
- String s="";
- for (int i=length-1;i>=0;i--)
- {
- s+=v[i].toString(); //s+=" ";
- }
- return s;
- }
-
-/*
- public String toRawString(int len)
- {
- // norm(len);
- String s="";
- for (int i=len-1;i>=0;i--)
- {
- s+=v[i].toRawString(); s+=" ";
- }
- return s;
- }
-*/
-/* Convert FFs to/from byte arrays */
- public void toBytes(byte[] b)
- {
- for (int i=0;i<length;i++)
- {
- v[i].tobytearray(b,(length-i-1)*ROM.MODBYTES);
- }
- }
-
- public static void fromBytes(FF x,byte[] b)
- {
- for (int i=0;i<x.length;i++)
- {
- x.v[i]=BIG.frombytearray(b,(x.length-i-1)*ROM.MODBYTES);
- }
- }
-
-/* in-place swapping using xor - side channel resistant - lengths must be the same */
- private static void cswap(FF a,FF b,int d)
- {
- for (int i=0;i<a.length;i++)
- {
- // BIG.cswap(a.v[i],b.v[i],d);
- a.v[i].cswap(b.v[i],d);
- }
- }
-
-/* z=x*y, t is workspace */
- private void karmul(int vp,FF x,int xp,FF y,int yp,FF t,int tp,int n)
- {
- int nd2;
- if (n==1)
- {
- DBIG d=BIG.mul(x.v[xp],y.v[yp]);
- v[vp+1]=d.split(8*ROM.MODBYTES);
- v[vp].copy(d);
- return;
- }
- nd2=n/2;
- radd(vp,x,xp,x,xp+nd2,nd2);
- rnorm(vp,nd2); /* Important - required for 32-bit build */
- radd(vp+nd2,y,yp,y,yp+nd2,nd2);
- rnorm(vp+nd2,nd2); /* Important - required for 32-bit build */
-
- t.karmul(tp,this,vp,this,vp+nd2,t,tp+n,nd2);
- karmul(vp,x,xp,y,yp,t,tp+n,nd2);
- karmul(vp+n,x,xp+nd2,y,yp+nd2,t,tp+n,nd2);
- t.rdec(tp,this,vp,n);
- t.rdec(tp,this,vp+n,n);
- rinc(vp+nd2,t,tp,n);
- rnorm(vp,2*n);
- }
-
- private void karsqr(int vp,FF x,int xp,FF t,int tp,int n)
- {
- int nd2;
- if (n==1)
- {
- DBIG d=BIG.sqr(x.v[xp]);
- v[vp+1].copy(d.split(8*ROM.MODBYTES));
- v[vp].copy(d);
- return;
- }
-
- nd2=n/2;
- karsqr(vp,x,xp,t,tp+n,nd2);
- karsqr(vp+n,x,xp+nd2,t,tp+n,nd2);
- t.karmul(tp,x,xp,x,xp+nd2,t,tp+n,nd2);
- rinc(vp+nd2,t,tp,n);
- rinc(vp+nd2,t,tp,n);
- rnorm(vp+nd2,n);
- }
-
-
- private void karmul_lower(int vp,FF x,int xp,FF y,int yp,FF t,int tp,int n)
- { /* Calculates Least Significant bottom half of x*y */
- int nd2;
- if (n==1)
- { /* only calculate bottom half of product */
- v[vp].copy(BIG.smul(x.v[xp],y.v[yp]));
- return;
- }
- nd2=n/2;
- karmul(vp,x,xp,y,yp,t,tp+n,nd2);
- t.karmul_lower(tp,x,xp+nd2,y,yp,t,tp+n,nd2);
- rinc(vp+nd2,t,tp,nd2);
- t.karmul_lower(tp,x,xp,y,yp+nd2,t,tp+n,nd2);
-
- rinc(vp+nd2,t,tp,nd2);
- rnorm(vp+nd2,-nd2); /* truncate it */
- }
-
- private void karmul_upper(FF x,FF y,FF t,int n)
- { /* Calculates Most Significant upper half of x*y, given lower part */
- int nd2;
-
- nd2=n/2;
- radd(n,x,0,x,nd2,nd2);
- radd(n+nd2,y,0,y,nd2,nd2);
- rnorm(n,nd2);
- rnorm(n+nd2,nd2);
-
- t.karmul(0,this,n+nd2,this,n,t,n,nd2); /* t = (a0+a1)(b0+b1) */
- karmul(n,x,nd2,y,nd2,t,n,nd2); /* z[n]= a1*b1 */
- /* z[0-nd2]=l(a0b0) z[nd2-n]= h(a0b0)+l(t)-l(a0b0)-l(a1b1) */
- t.rdec(0,this,n,n); /* t=t-a1b1 */
- rinc(nd2,this,0,nd2); /* z[nd2-n]+=l(a0b0) = h(a0b0)+l(t)-l(a1b1) */
- rdec(nd2,t,0,nd2); /* z[nd2-n]=h(a0b0)+l(t)-l(a1b1)-l(t-a1b1)=h(a0b0) */
- rnorm(0,-n); /* a0b0 now in z - truncate it */
- t.rdec(0,this,0,n); /* (a0+a1)(b0+b1) - a0b0 */
- rinc(nd2,t,0,n);
-
- rnorm(nd2,n);
- }
-
- /* z=x*y. Assumes x and y are of same length. */
- public static FF mul(FF x,FF y)
- {
- int n=x.length;
- FF z=new FF(2*n);
- FF t=new FF(2*n);
-// x.norm(); y.norm();
- z.karmul(0,x,0,y,0,t,0,n);
- return z;
- }
-
- /* z=x^2 */
- public static FF sqr(FF x)
- {
- int n=x.length;
- FF z=new FF(2*n);
- FF t=new FF(2*n);
-// x.norm();
- z.karsqr(0,x,0,t,0,n);
- return z;
- }
-
-/* return low part of product this*y */
- public void lmul(FF y)
- {
- int n=length;
- FF t=new FF(2*n);
- FF x=new FF(n); x.copy(this);
-// x.norm(); y.norm();
- karmul_lower(0,x,0,y,0,t,0,n);
- }
-
-/* Set b=b mod c */
- public void mod(FF c)
- {
- int k=0;
-
- norm();
- if (comp(this,c)<0)
- return;
- do
- {
- c.shl();
- k++;
- } while (comp(this,c)>=0);
-
- while (k>0)
- {
- c.shr();
- if (comp(this,c)>=0)
- {
- sub(c);
- norm();
- }
- k--;
- }
- }
-
-/* return This mod modulus, N is modulus, ND is Montgomery Constant */
- public FF reduce(FF N,FF ND)
- { /* fast karatsuba Montgomery reduction */
- int n=N.length;
- FF t=new FF(2*n);
- FF r=new FF(n);
- FF m=new FF(n);
-
- r.sducopy(this);
- m.karmul_lower(0,this,0,ND,0,t,0,n);
- karmul_upper(N,m,t,n);
- m.sducopy(this);
-
- r.add(N);
- r.sub(m);
- r.norm();
-
- return r;
- }
-
-/* Set r=this mod b */
-/* this is of length - 2*n */
-/* r,b is of length - n */
- public FF dmod(FF b)
- {
- int k,n=b.length;
- FF m=new FF(2*n);
- FF x=new FF(2*n);
- FF r=new FF(n);
-
- x.copy(this);
- x.norm();
- m.dsucopy(b); k=ROM.BIGBITS*n;
-
- while (comp(x,m)>=0)
- {
- x.sub(m);
- x.norm();
- }
-
- while (k>0)
- {
- m.shr();
-
- if (comp(x,m)>=0)
- {
- x.sub(m);
- x.norm();
- }
- k--;
- }
-
- r.copy(x);
- r.mod(b);
- return r;
- }
-
-/* Set return=1/this mod p. Binary method - a<p on entry */
-
- public void invmodp(FF p)
- {
- int n=p.length;
-
- FF u=new FF(n);
- FF v=new FF(n);
- FF x1=new FF(n);
- FF x2=new FF(n);
- FF t=new FF(n);
- FF one=new FF(n);
-
- one.one();
- u.copy(this);
- v.copy(p);
- x1.copy(one);
- x2.zero();
-
- // reduce n in here as well!
- while (comp(u,one)!=0 && comp(v,one)!=0)
- {
- while (u.parity()==0)
- {
- u.shr();
- if (x1.parity()!=0)
- {
- x1.add(p);
- x1.norm();
- }
- x1.shr();
- }
- while (v.parity()==0)
- {
- v.shr();
- if (x2.parity()!=0)
- {
- x2.add(p);
- x2.norm();
- }
- x2.shr();
- }
- if (comp(u,v)>=0)
- {
-
- u.sub(v);
- u.norm();
- if (comp(x1,x2)>=0) x1.sub(x2);
- else
- {
- t.copy(p);
- t.sub(x2);
- x1.add(t);
- }
- x1.norm();
- }
- else
- {
- v.sub(u);
- v.norm();
- if (comp(x2,x1)>=0) x2.sub(x1);
- else
- {
- t.copy(p);
- t.sub(x1);
- x2.add(t);
- }
- x2.norm();
- }
- }
- if (comp(u,one)==0)
- copy(x1);
- else
- copy(x2);
- }
-
-/* nresidue mod m */
- public void nres(FF m)
- {
- int n=m.length;
- FF d=new FF(2*n);
- d.dsucopy(this);
- copy(d.dmod(m));
- }
-
- public void redc(FF m,FF ND)
- {
- int n=m.length;
- FF d=new FF(2*n);
- mod(m);
- d.dscopy(this);
- copy(d.reduce(m,ND));
- mod(m);
- }
-
- private void mod2m(int m)
- {
- for (int i=m;i<length;i++)
- v[i].zero();
- }
-
- /* U=1/a mod 2^m - Arazi & Qi */
- private FF invmod2m()
- {
- int i,n=length;
-
- FF b=new FF(n);
- FF c=new FF(n);
- FF U=new FF(n);
- FF t;
-
- U.zero();
- U.v[0].copy(v[0]);
- U.v[0].invmod2m();
-
- for (i=1;i<n;i<<=1)
- {
- b.copy(this); b.mod2m(i);
- t=mul(U,b);
-
- t.shrw(i); b.copy(t);
- c.copy(this); c.shrw(i); c.mod2m(i);
- c.lmul(U); c.mod2m(i);
-
- b.add(c); b.norm();
- b.lmul(U); b.mod2m(i);
-
- c.one(); c.shlw(i); b.revsub(c); b.norm();
- b.shlw(i);
- U.add(b);
- }
- U.norm();
- return U;
- }
-
- public void random(RAND rng)
- {
- int n=length;
- for (int i=0;i<n;i++)
- {
- v[i].copy(BIG.random(rng));
- }
- /* make sure top bit is 1 */
- while (v[n-1].nbits()<ROM.MODBYTES*8) v[n-1].copy(BIG.random(rng));
- }
-
- /* generate random x */
- public void randomnum(FF p,RAND rng)
- {
- int n=length;
- FF d=new FF(2*n);
-
- for (int i=0;i<2*n;i++)
- {
- d.v[i].copy(BIG.random(rng));
- }
- copy(d.dmod(p));
- }
-
- /* this*=y mod p */
- public void modmul(FF y,FF p,FF nd)
- {
- if (BIG.ff_pexceed(v[length-1],y.v[y.length-1])) mod(p);
- FF d=mul(this,y);
- copy(d.reduce(p,nd));
- }
-
- /* this*=y mod p */
- public void modsqr(FF p,FF nd)
- {
- if (BIG.ff_sexceed(v[length-1])) mod(p);
- FF d=sqr(this);
- copy(d.reduce(p,nd));
- }
-
- /* this=this^e mod p using side-channel resistant Montgomery Ladder, for large e */
- public void skpow(FF e,FF p)
- {
- int i,b,n=p.length;
- FF R0=new FF(n);
- FF R1=new FF(n);
- FF ND=p.invmod2m();
-
- mod(p);
- R0.one();
- R1.copy(this);
- R0.nres(p);
- R1.nres(p);
-
- for (i=8*ROM.MODBYTES*n-1;i>=0;i--)
- {
- b=e.v[i/ROM.BIGBITS].bit(i%ROM.BIGBITS);
- copy(R0);
- modmul(R1,p,ND);
-
- cswap(R0,R1,b);
- R0.modsqr(p,ND);
-
- R1.copy(this);
- cswap(R0,R1,b);
- }
- copy(R0);
- redc(p,ND);
- }
-
- /* this =this^e mod p using side-channel resistant Montgomery Ladder, for short e */
- public void skpow(BIG e,FF p)
- {
- int i,b,n=p.length;
- FF R0=new FF(n);
- FF R1=new FF(n);
- FF ND=p.invmod2m();
-
- mod(p);
- R0.one();
- R1.copy(this);
- R0.nres(p);
- R1.nres(p);
-
- for (i=8*ROM.MODBYTES-1;i>=0;i--)
- {
- b=e.bit(i);
- copy(R0);
- modmul(R1,p,ND);
-
- cswap(R0,R1,b);
- R0.modsqr(p,ND);
-
- R1.copy(this);
- cswap(R0,R1,b);
- }
- copy(R0);
- redc(p,ND);
- }
-
- /* raise to an integer power - right-to-left method */
- public void power(int e,FF p)
- {
- int n=p.length;
- FF w=new FF(n);
- FF ND=p.invmod2m();
- boolean f=true;
-
- w.copy(this);
- w.nres(p);
-
- if (e==2)
- {
- copy(w);
- modsqr(p,ND);
- }
- else for (; ; )
- {
- if (e%2==1)
- {
- if (f) copy(w);
- else modmul(w,p,ND);
- f=false;
- }
- e>>=1;
- if (e==0) break;
- w.modsqr(p,ND);
- }
- redc(p,ND);
- }
-
- /* this=this^e mod p, faster but not side channel resistant */
- public void pow(FF e,FF p)
- {
- int i,b,n=p.length;
- FF w=new FF(n);
- FF ND=p.invmod2m();
-
- w.copy(this);
- one();
- nres(p);
- w.nres(p);
- for (i=8*ROM.MODBYTES*n-1;i>=0;i--)
- {
- modsqr(p,ND);
- b=e.v[i/ROM.BIGBITS].bit(i%ROM.BIGBITS);
- if (b==1) modmul(w,p,ND);
- }
- redc(p,ND);
- }
-
- /* double exponentiation r=x^e.y^f mod p */
- public void pow2(BIG e,FF y,BIG f,FF p)
- {
- int i,eb,fb,n=p.length;
- FF xn=new FF(n);
- FF yn=new FF(n);
- FF xy=new FF(n);
- FF ND=p.invmod2m();
-
- xn.copy(this);
- yn.copy(y);
- xn.nres(p);
- yn.nres(p);
- xy.copy(xn); xy.modmul(yn,p,ND);
- one();
- nres(p);
-
- for (i=8*ROM.MODBYTES-1;i>=0;i--)
- {
- eb=e.bit(i);
- fb=f.bit(i);
- modsqr(p,ND);
- if (eb==1)
- {
- if (fb==1) modmul(xy,p,ND);
- else modmul(xn,p,ND);
- }
- else
- {
- if (fb==1) modmul(yn,p,ND);
- }
- }
- redc(p,ND);
- }
-
- private static int igcd(int x,int y)
- { /* integer GCD, returns GCD of x and y */
- int r;
- if (y==0) return x;
- while ((r=x%y)!=0)
- {x=y;y=r;}
- return y;
- }
-
- /* quick and dirty check for common factor with n */
- public boolean cfactor(int s)
- {
- int r,n=length;
- int g;
-
- FF x=new FF(n);
- FF y=new FF(n);
-
- y.set(s);
- x.copy(this);
- x.norm();
-
- do
- {
- x.sub(y);
- x.norm();
- while (!x.iszilch() && x.parity()==0) x.shr();
- }
- while (comp(x,y)>0);
-
- g=(int)x.v[0].get(0);
- r=igcd(s,g);
- if (r>1) return true;
- return false;
- }
-
- /* Miller-Rabin test for primality. Slow. */
- public static boolean prime(FF p,RAND rng)
- {
- int i,j,s=0,n=p.length;
- boolean loop;
- FF d=new FF(n);
- FF x=new FF(n);
- FF unity=new FF(n);
- FF nm1=new FF(n);
-
- int sf=4849845; /* 3*5*.. *19 */
- p.norm();
-
- if (p.cfactor(sf)) return false;
- unity.one();
- nm1.copy(p);
- nm1.sub(unity);
- nm1.norm();
- d.copy(nm1);
-
- while (d.parity()==0)
- {
- d.shr();
- s++;
- }
- if (s==0) return false;
- for (i=0;i<10;i++)
- {
- x.randomnum(p,rng);
- x.pow(d,p);
-
- if (comp(x,unity)==0 || comp(x,nm1)==0) continue;
- loop=false;
- for (j=1;j<s;j++)
- {
- x.power(2,p);
- if (comp(x,unity)==0) return false;
- if (comp(x,nm1)==0) {loop=true; break;}
- }
- if (loop) continue;
- return false;
- }
- return true;
- }
-
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/java/FP.java
----------------------------------------------------------------------
diff --git a/version22/java/FP.java b/version22/java/FP.java
deleted file mode 100644
index bafa46b..0000000
--- a/version22/java/FP.java
+++ /dev/null
@@ -1,345 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Finite Field arithmetic */
-/* AMCL mod p functions */
-
-public final class FP {
- private final BIG x;
- private static BIG p=new BIG(ROM.Modulus);
-
-/* Constructors */
- public FP(int a)
- {
- x=new BIG(a);
- nres();
- }
-
- public FP()
- {
- x=new BIG(0);
- }
-
- public FP(BIG a)
- {
- x=new BIG(a);
- nres();
- }
-
- public FP(FP a)
- {
- x=new BIG(a.x);
- }
-
-/* convert to string */
- public String toString()
- {
- String s=redc().toString();
- return s;
- }
-
- public String toRawString()
- {
- String s=x.toRawString();
- return s;
- }
-
-/* convert to Montgomery n-residue form */
- public void nres()
- {
- if (ROM.MODTYPE!=ROM.PSEUDO_MERSENNE && ROM.MODTYPE!=ROM.GENERALISED_MERSENNE)
- {
- DBIG d=new DBIG(x);
- d.shl(ROM.NLEN*ROM.BASEBITS);
- x.copy(d.mod(p));
- }
- }
-
-/* convert back to regular form */
- public BIG redc()
- {
- if (ROM.MODTYPE!=ROM.PSEUDO_MERSENNE && ROM.MODTYPE!=ROM.GENERALISED_MERSENNE)
- {
- DBIG d=new DBIG(x);
- return BIG.mod(d);
- }
- else
- {
- BIG r=new BIG(x);
- return r;
- }
- }
-
-/* test this=0? */
- public boolean iszilch() {
- reduce();
- return x.iszilch();
- }
-
-/* copy from FP b */
- public void copy(FP b)
- {
- x.copy(b.x);
- }
-
-/* set this=0 */
- public void zero()
- {
- x.zero();
- }
-
-/* set this=1 */
- public void one()
- {
- x.one(); nres();
- }
-
-/* normalise this */
- public void norm()
- {
- x.norm();
- }
-
-/* swap FPs depending on d */
- public void cswap(FP b,int d)
- {
- x.cswap(b.x,d);
- }
-
-/* copy FPs depending on d */
- public void cmove(FP b,int d)
- {
- x.cmove(b.x,d);
- }
-
-/* this*=b mod Modulus */
- public void mul(FP b)
- {
- norm();
- b.norm();
-
- if (BIG.pexceed(x,b.x)) reduce();
-
- DBIG d=BIG.mul(x,b.x);
- x.copy(BIG.mod(d));
- }
-
-/* this*=c mod Modulus, where c is a small int */
- public void imul(int c)
- {
- norm();
- boolean s=false;
- if (c<0)
- {
- c=-c;
- s=true;
- }
- if (c<ROM.NEXCESS && ((BIG.EXCESS(x)+1)*(c+1)+1)<ROM.FEXCESS)
- {
- x.imul(c);
- }
- else
- {
- if (((BIG.EXCESS(x)+1)*(c+1)+1)<ROM.FEXCESS) x.pmul(c);
- else
- {
- DBIG d=x.pxmul(c);
- x.copy(d.mod(p));
- }
- }
- if (s) neg();
- norm();
- }
-
-/* this*=this mod Modulus */
- public void sqr()
- {
- DBIG d;
- norm();
-
- if (BIG.sexceed(x)) reduce();
-
- d=BIG.sqr(x);
- x.copy(BIG.mod(d));
- }
-
-/* this+=b */
- public void add(FP b) {
- x.add(b.x);
- if (BIG.EXCESS(x)+2>=ROM.FEXCESS) reduce();
- }
-
-// https://graphics.stanford.edu/~seander/bithacks.html
-// constant time log to base 2 (or number of bits in)
-
- private static int logb2(int v)
- {
- int r;
- v |= v >>> 1;
- v |= v >>> 2;
- v |= v >>> 4;
- v |= v >>> 8;
- v |= v >>> 16;
-
- v = v - ((v >>> 1) & 0x55555555);
- v = (v & 0x33333333) + ((v >>> 2) & 0x33333333);
- r = ((v + (v >>> 4) & 0xF0F0F0F) * 0x1010101) >>> 24;
- return r+1;
- }
-
-/* this = -this mod Modulus */
- public void neg()
- {
- int sb;
- BIG m=new BIG(p);
-
- norm();
- sb=logb2((int)BIG.EXCESS(x));
-/*
- ov=BIG.EXCESS(x);
- sb=1; while(ov!=0) {sb++;ov>>=1;}
-*/
- m.fshl(sb);
- x.rsub(m);
-
- if (BIG.EXCESS(x)>=ROM.FEXCESS) reduce();
- }
-
-/* this-=b */
- public void sub(FP b)
- {
- FP n=new FP(b);
- n.neg();
- this.add(n);
- }
-
-/* this/=2 mod Modulus */
- public void div2()
- {
- x.norm();
- if (x.parity()==0)
- x.fshr(1);
- else
- {
- x.add(p);
- x.norm();
- x.fshr(1);
- }
- }
-
-/* this=1/this mod Modulus */
- public void inverse()
- {
- BIG r=redc();
- r.invmodp(p);
- x.copy(r);
- nres();
- }
-
-/* return TRUE if this==a */
- public boolean equals(FP a)
- {
- a.reduce();
- reduce();
- if (BIG.comp(a.x,x)==0) return true;
- return false;
- }
-
-/* reduce this mod Modulus */
- public void reduce()
- {
- x.mod(p);
- }
-
-/* return this^e mod Modulus */
- public FP pow(BIG e)
- {
- int bt;
- FP r=new FP(1);
- e.norm();
- x.norm();
- FP m=new FP(this);
- while (true)
- {
- bt=e.parity();
- e.fshr(1);
- if (bt==1) r.mul(m);
- if (e.iszilch()) break;
- m.sqr();
- }
- r.x.mod(p);
- return r;
- }
-
-/* return sqrt(this) mod Modulus */
- public FP sqrt()
- {
- reduce();
- BIG b=new BIG(p);
- if (ROM.MOD8==5)
- {
- b.dec(5); b.norm(); b.shr(3);
- FP i=new FP(this); i.x.shl(1);
- FP v=i.pow(b);
- i.mul(v); i.mul(v);
- i.x.dec(1);
- FP r=new FP(this);
- r.mul(v); r.mul(i);
- r.reduce();
- return r;
- }
- else
- {
- b.inc(1); b.norm(); b.shr(2);
- return pow(b);
- }
- }
-
-/* return jacobi symbol (this/Modulus) */
- public int jacobi()
- {
- BIG w=redc();
- return w.jacobi(p);
- }
-/*
- public static void main(String[] args) {
- BIG m=new BIG(ROM.Modulus);
- BIG x=new BIG(3);
- BIG e=new BIG(m);
- e.dec(1);
-
- System.out.println("m= "+m.nbits());
-
-
- BIG r=x.powmod(e,m);
-
- System.out.println("m= "+m.toString());
- System.out.println("r= "+r.toString());
-
- BIG.cswap(m,r,0);
-
- System.out.println("m= "+m.toString());
- System.out.println("r= "+r.toString());
-
-// FP y=new FP(3);
-// FP s=y.pow(e);
-// System.out.println("s= "+s.toString());
-
- } */
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/java/FP12.java
----------------------------------------------------------------------
diff --git a/version22/java/FP12.java b/version22/java/FP12.java
deleted file mode 100644
index 7ef0607..0000000
--- a/version22/java/FP12.java
+++ /dev/null
@@ -1,641 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL Fp^12 functions */
-/* FP12 elements are of the form a+i.b+i^2.c */
-
-public final class FP12 {
- private final FP4 a;
- private final FP4 b;
- private final FP4 c;
-/* reduce all components of this mod Modulus */
- public void reduce()
- {
- a.reduce();
- b.reduce();
- c.reduce();
- }
-/* normalise all components of this */
- public void norm()
- {
- a.norm();
- b.norm();
- c.norm();
- }
-/* test x==0 ? */
- public boolean iszilch() {
- reduce();
- return (a.iszilch() && b.iszilch() && c.iszilch());
- }
-/* test x==1 ? */
- public boolean isunity() {
- FP4 one=new FP4(1);
- return (a.equals(one) && b.iszilch() && c.iszilch());
- }
-/* return 1 if x==y, else 0 */
- public boolean equals(FP12 x)
- {
- return (a.equals(x.a) && b.equals(x.b) && c.equals(x.c));
- }
-/* extract a from this */
- public FP4 geta()
- {
- return a;
- }
-/* extract b */
- public FP4 getb()
- {
- return b;
- }
-/* extract c */
- public FP4 getc()
- {
- return c;
- }
-/* copy this=x */
- public void copy(FP12 x)
- {
- a.copy(x.a);
- b.copy(x.b);
- c.copy(x.c);
- }
-/* set this=1 */
- public void one()
- {
- a.one();
- b.zero();
- c.zero();
- }
-/* this=conj(this) */
- public void conj()
- {
- a.conj();
- b.nconj();
- c.conj();
- }
-/* Constructors */
- public FP12(FP4 d)
- {
- a=new FP4(d);
- b=new FP4(0);
- c=new FP4(0);
- }
-
- public FP12(int d)
- {
- a=new FP4(d);
- b=new FP4(0);
- c=new FP4(0);
- }
-
- public FP12(FP4 d,FP4 e,FP4 f)
- {
- a=new FP4(d);
- b=new FP4(e);
- c=new FP4(f);
- }
-
- public FP12(FP12 x)
- {
- a=new FP4(x.a);
- b=new FP4(x.b);
- c=new FP4(x.c);
- }
-
-/* Granger-Scott Unitary Squaring */
- public void usqr()
- {
- FP4 A=new FP4(a);
- FP4 B=new FP4(c);
- FP4 C=new FP4(b);
- FP4 D=new FP4(0);
-
- a.sqr();
- D.copy(a); D.add(a);
- a.add(D);
-
- a.norm();
- A.nconj();
-
- A.add(A);
- a.add(A);
- B.sqr();
- B.times_i();
-
- D.copy(B); D.add(B);
- B.add(D);
- B.norm();
-
- C.sqr();
- D.copy(C); D.add(C);
- C.add(D);
- C.norm();
-
- b.conj();
- b.add(b);
- c.nconj();
-
- c.add(c);
- b.add(B);
- c.add(C);
- reduce();
-
- }
-
-/* Chung-Hasan SQR2 method from http://cacr.uwaterloo.ca/techreports/2006/cacr2006-24.pdf */
- public void sqr()
- {
- FP4 A=new FP4(a);
- FP4 B=new FP4(b);
- FP4 C=new FP4(c);
- FP4 D=new FP4(a);
-
- A.sqr();
- B.mul(c);
- B.add(B);
- C.sqr();
- D.mul(b);
- D.add(D);
-
- c.add(a);
- c.add(b);
- c.sqr();
-
- a.copy(A);
-
- A.add(B);
- A.norm();
- A.add(C);
- A.add(D);
- A.norm();
-
- A.neg();
- B.times_i();
- C.times_i();
-
- a.add(B);
-
- b.copy(C); b.add(D);
- c.add(A);
- norm();
- }
-
-/* FP12 full multiplication this=this*y */
- public void mul(FP12 y)
- {
- FP4 z0=new FP4(a);
- FP4 z1=new FP4(0);
- FP4 z2=new FP4(b);
- FP4 z3=new FP4(0);
- FP4 t0=new FP4(a);
- FP4 t1=new FP4(y.a);
-
- z0.mul(y.a);
- z2.mul(y.b);
-
- t0.add(b);
- t1.add(y.b);
-
- z1.copy(t0); z1.mul(t1);
- t0.copy(b); t0.add(c);
-
- t1.copy(y.b); t1.add(y.c);
- z3.copy(t0); z3.mul(t1);
-
- t0.copy(z0); t0.neg();
- t1.copy(z2); t1.neg();
-
- z1.add(t0);
- z1.norm();
- b.copy(z1); b.add(t1);
-
- z3.add(t1);
- z2.add(t0);
-
- t0.copy(a); t0.add(c);
- t1.copy(y.a); t1.add(y.c);
- t0.mul(t1);
- z2.add(t0);
-
- t0.copy(c); t0.mul(y.c);
- t1.copy(t0); t1.neg();
-
- z2.norm();
- z3.norm();
- b.norm();
-
- c.copy(z2); c.add(t1);
- z3.add(t1);
- t0.times_i();
- b.add(t0);
-
- z3.times_i();
- a.copy(z0); a.add(z3);
- norm();
- }
-
-/* Special case of multiplication arises from special form of ATE pairing line function */
- public void smul(FP12 y)
- {
- FP4 z0=new FP4(a);
- FP4 z2=new FP4(b);
- FP4 z3=new FP4(b);
- FP4 t0=new FP4(0);
- FP4 t1=new FP4(y.a);
-
- z0.mul(y.a);
- z2.pmul(y.b.real());
- b.add(a);
- t1.real().add(y.b.real());
-
- b.mul(t1);
- z3.add(c);
- z3.pmul(y.b.real());
-
- t0.copy(z0); t0.neg();
- t1.copy(z2); t1.neg();
-
- b.add(t0);
- b.norm();
-
- b.add(t1);
- z3.add(t1);
- z2.add(t0);
-
- t0.copy(a); t0.add(c);
- t0.mul(y.a);
- c.copy(z2); c.add(t0);
-
- z3.times_i();
- a.copy(z0); a.add(z3);
-
- norm();
- }
-
-/* this=1/this */
- public void inverse()
- {
- FP4 f0=new FP4(a);
- FP4 f1=new FP4(b);
- FP4 f2=new FP4(a);
- FP4 f3=new FP4(0);
-
- norm();
- f0.sqr();
- f1.mul(c);
- f1.times_i();
- f0.sub(f1);
-
- f1.copy(c); f1.sqr();
- f1.times_i();
- f2.mul(b);
- f1.sub(f2);
-
- f2.copy(b); f2.sqr();
- f3.copy(a); f3.mul(c);
- f2.sub(f3);
-
- f3.copy(b); f3.mul(f2);
- f3.times_i();
- a.mul(f0);
- f3.add(a);
- c.mul(f1);
- c.times_i();
-
- f3.add(c);
- f3.inverse();
- a.copy(f0); a.mul(f3);
- b.copy(f1); b.mul(f3);
- c.copy(f2); c.mul(f3);
- }
-
-/* this=this^p using Frobenius */
- public void frob(FP2 f)
- {
- FP2 f2=new FP2(f);
- FP2 f3=new FP2(f);
-
- f2.sqr();
- f3.mul(f2);
-
- a.frob(f3);
- b.frob(f3);
- c.frob(f3);
-
- b.pmul(f);
- c.pmul(f2);
- }
-
-/* trace function */
- public FP4 trace()
- {
- FP4 t=new FP4(0);
- t.copy(a);
- t.imul(3);
- t.reduce();
- return t;
- }
-
-/* convert from byte array to FP12 */
- public static FP12 fromBytes(byte[] w)
- {
- BIG a,b;
- FP2 c,d;
- FP4 e,f,g;
- byte[] t=new byte[ROM.MODBYTES];
-
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i];
- a=BIG.fromBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+ROM.MODBYTES];
- b=BIG.fromBytes(t);
- c=new FP2(a,b);
-
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+2*ROM.MODBYTES];
- a=BIG.fromBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+3*ROM.MODBYTES];
- b=BIG.fromBytes(t);
- d=new FP2(a,b);
-
- e=new FP4(c,d);
-
-
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+4*ROM.MODBYTES];
- a=BIG.fromBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+5*ROM.MODBYTES];
- b=BIG.fromBytes(t);
- c=new FP2(a,b);
-
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+6*ROM.MODBYTES];
- a=BIG.fromBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+7*ROM.MODBYTES];
- b=BIG.fromBytes(t);
- d=new FP2(a,b);
-
- f=new FP4(c,d);
-
-
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+8*ROM.MODBYTES];
- a=BIG.fromBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+9*ROM.MODBYTES];
- b=BIG.fromBytes(t);
- c=new FP2(a,b);
-
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+10*ROM.MODBYTES];
- a=BIG.fromBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+11*ROM.MODBYTES];
- b=BIG.fromBytes(t);
- d=new FP2(a,b);
-
- g=new FP4(c,d);
-
- return new FP12(e,f,g);
- }
-
-/* convert this to byte array */
- public void toBytes(byte[] w)
- {
- byte[] t=new byte[ROM.MODBYTES];
- a.geta().getA().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) w[i]=t[i];
- a.geta().getB().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) w[i+ROM.MODBYTES]=t[i];
- a.getb().getA().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) w[i+2*ROM.MODBYTES]=t[i];
- a.getb().getB().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) w[i+3*ROM.MODBYTES]=t[i];
-
- b.geta().getA().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) w[i+4*ROM.MODBYTES]=t[i];
- b.geta().getB().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) w[i+5*ROM.MODBYTES]=t[i];
- b.getb().getA().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) w[i+6*ROM.MODBYTES]=t[i];
- b.getb().getB().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) w[i+7*ROM.MODBYTES]=t[i];
-
- c.geta().getA().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) w[i+8*ROM.MODBYTES]=t[i];
- c.geta().getB().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) w[i+9*ROM.MODBYTES]=t[i];
- c.getb().getA().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) w[i+10*ROM.MODBYTES]=t[i];
- c.getb().getB().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) w[i+11*ROM.MODBYTES]=t[i];
- }
-
-/* convert to hex string */
- public String toString()
- {
- return ("["+a.toString()+","+b.toString()+","+c.toString()+"]");
- }
-
-/* this=this^e */
-/* Note this is simple square and multiply, so not side-channel safe */
- public FP12 pow(BIG e)
- {
- norm();
- e.norm();
- FP12 w=new FP12(this);
- BIG z=new BIG(e);
- FP12 r=new FP12(1);
-
- while (true)
- {
- int bt=z.parity();
- z.fshr(1);
- if (bt==1) r.mul(w);
- if (z.iszilch()) break;
- w.usqr();
- }
- r.reduce();
- return r;
- }
-
-/* constant time powering by small integer of max length bts */
- public void pinpow(int e,int bts)
- {
- int i,b;
- FP12 [] R=new FP12[2];
- R[0]=new FP12(1);
- R[1]=new FP12(this);
- for (i=bts-1;i>=0;i--)
- {
- b=(e>>i)&1;
- R[1-b].mul(R[b]);
- R[b].usqr();
- }
- this.copy(R[0]);
- }
-
-/* p=q0^u0.q1^u1.q2^u2.q3^u3 */
-/* Timing attack secure, but not cache attack secure */
-
- public static FP12 pow4(FP12[] q,BIG[] u)
- {
- int i,j,nb,m;
- int[] a=new int[4];
- FP12 [] g=new FP12[8];
- FP12 [] s=new FP12[2];
- FP12 c=new FP12(1);
- FP12 p=new FP12(0);
- BIG [] t=new BIG[4];
- BIG mt=new BIG(0);
- byte[] w=new byte[ROM.NLEN*ROM.BASEBITS+1];
-
- for (i=0;i<4;i++)
- t[i]=new BIG(u[i]);
-
- s[0]=new FP12(0);
- s[1]=new FP12(0);
-
- g[0]=new FP12(q[0]); s[0].copy(q[1]); s[0].conj(); g[0].mul(s[0]);
- g[1]=new FP12(g[0]);
- g[2]=new FP12(g[0]);
- g[3]=new FP12(g[0]);
- g[4]=new FP12(q[0]); g[4].mul(q[1]);
- g[5]=new FP12(g[4]);
- g[6]=new FP12(g[4]);
- g[7]=new FP12(g[4]);
-
- s[1].copy(q[2]); s[0].copy(q[3]); s[0].conj(); s[1].mul(s[0]);
- s[0].copy(s[1]); s[0].conj(); g[1].mul(s[0]);
- g[2].mul(s[1]);
- g[5].mul(s[0]);
- g[6].mul(s[1]);
- s[1].copy(q[2]); s[1].mul(q[3]);
- s[0].copy(s[1]); s[0].conj(); g[0].mul(s[0]);
- g[3].mul(s[1]);
- g[4].mul(s[0]);
- g[7].mul(s[1]);
-
-/* if power is even add 1 to power, and add q to correction */
-
- for (i=0;i<4;i++)
- {
- if (t[i].parity()==0)
- {
- t[i].inc(1); t[i].norm();
- c.mul(q[i]);
- }
- mt.add(t[i]); mt.norm();
- }
- c.conj();
- nb=1+mt.nbits();
-
-/* convert exponent to signed 1-bit window */
- for (j=0;j<nb;j++)
- {
- for (i=0;i<4;i++)
- {
- a[i]=(t[i].lastbits(2)-2);
- t[i].dec(a[i]); t[i].norm();
- t[i].fshr(1);
- }
- w[j]=(byte)(8*a[0]+4*a[1]+2*a[2]+a[3]);
- }
- w[nb]=(byte)(8*t[0].lastbits(2)+4*t[1].lastbits(2)+2*t[2].lastbits(2)+t[3].lastbits(2));
- p.copy(g[(w[nb]-1)/2]);
-
- for (i=nb-1;i>=0;i--)
- {
- m=w[i]>>7;
- j=(w[i]^m)-m; /* j=abs(w[i]) */
- j=(j-1)/2;
- s[0].copy(g[j]); s[1].copy(g[j]); s[1].conj();
- p.usqr();
- p.mul(s[m&1]);
- }
- p.mul(c); /* apply correction */
- p.reduce();
- return p;
- }
-
-/*
- public static void main(String[] args) {
- BIG p=new BIG(ROM.Modulus);
- FP2 w0,w1;
- BIG a=new BIG(0);
- BIG b=new BIG(0);
-
- a.zero(); b.zero(); a.inc(1); b.inc(2);
- w0=new FP2(a,b);
- a.zero(); b.zero(); a.inc(3); b.inc(4);
- w1=new FP2(a,b);
- FP4 t0=new FP4(w0,w1);
-
- a.zero(); b.zero(); a.inc(5); b.inc(6);
- w0=new FP2(a,b);
- a.zero(); b.zero(); a.inc(7); b.inc(8);
- w1=new FP2(a,b);
- FP4 t1=new FP4(w0,w1);
-
- a.zero(); b.zero(); a.inc(9); b.inc(10);
- w0=new FP2(a,b);
- a.zero(); b.zero(); a.inc(11); b.inc(12);
- w1=new FP2(a,b);
- FP4 t2=new FP4(w0,w1);
-
- FP12 w=new FP12(t0,t1,t2);
- FP12 t=new FP12(w);
-
- System.out.println("w= "+w.toString());
-
- a=new BIG(ROM.CURVE_Fra);
- b=new BIG(ROM.CURVE_Frb);
-
- FP2 f=new FP2(a,b);
-
- w.frob(f);
- System.out.println("w= "+w.toString());
-
- w=t.pow(p);
-
- System.out.println("w= "+w.toString());
-
- w.inverse();
-
- System.out.println("1/w= "+w.toString());
-
- w.inverse();
-
- System.out.println("w= "+w.toString());
-
- t.copy(w);
- w.conj();
- t.inverse();
- w.mul(t);
-
- System.out.println("w^(p^6-1)= "+w.toString());
-
- t.copy(w);
- w.frob(f);
- w.frob(f);
- w.mul(t);
-
- System.out.println("w^(p^6-1)(p^2+1)= "+w.toString());
-
- t.copy(w);
-
- t.inverse();
- w.conj();
-
- System.out.println("w= "+w.toString());
- System.out.println("t= "+t.toString());
- } */
-}
[30/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/HASH512.js
----------------------------------------------------------------------
diff --git a/version22/js/HASH512.js b/version22/js/HASH512.js
deleted file mode 100644
index 5a6f47a..0000000
--- a/version22/js/HASH512.js
+++ /dev/null
@@ -1,236 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-var HASH512 = function() {
- this.length=[];
- this.h=[];
- this.w=[];
- this.init();
-};
-
-HASH512.prototype={
-
- transform: function()
- { /* basic transformation step */
- var a,b,c,d,e,ee,zz,f,g,hh,t1,t2;
- var j,r;
- for (j=16;j<80;j++)
- this.w[j]=HASH512.theta1(this.w[j-2]).add(this.w[j-7]).add(HASH512.theta0(this.w[j-15])).add(this.w[j-16]);
-
- a=this.h[0].copy(); b=this.h[1].copy(); c=this.h[2].copy(); d=this.h[3].copy();
- e=this.h[4].copy(); f=this.h[5].copy(); g=this.h[6].copy(); hh=this.h[7].copy();
-
- for (j=0;j<80;j++)
- { /* 80 times - mush it up */
- t1=hh.copy();
- t1.add(HASH512.Sig1(e)).add(HASH512.Ch(e,f,g)).add(HASH512.HK[j]).add(this.w[j]);
-
- t2=HASH512.Sig0(a); t2.add(HASH512.Maj(a,b,c));
- hh=g; g=f; f=e;
- e=d.copy(); e.add(t1);
-
- d=c;
- c=b;
- b=a;
- a=t1.copy(); a.add(t2);
- }
-
- this.h[0].add(a); this.h[1].add(b); this.h[2].add(c); this.h[3].add(d);
- this.h[4].add(e); this.h[5].add(f); this.h[6].add(g); this.h[7].add(hh);
- },
-
-/* Initialise Hash function */
- init: function()
- { /* initialise */
- var i;
- for (i=0;i<80;i++) this.w[i]=new UInt64(0,0);
- this.length[0]=new UInt64(0,0); this.length[1]=new UInt64(0,0);
- this.h[0]=HASH512.H[0].copy();
- this.h[1]=HASH512.H[1].copy();
- this.h[2]=HASH512.H[2].copy();
- this.h[3]=HASH512.H[3].copy();
- this.h[4]=HASH512.H[4].copy();
- this.h[5]=HASH512.H[5].copy();
- this.h[6]=HASH512.H[6].copy();
- this.h[7]=HASH512.H[7].copy();
- },
-
-/* process a single byte */
- process: function(byt)
- { /* process the next message byte */
- var cnt;
- cnt=(this.length[0].bot>>>6)%16;
- this.w[cnt].shlb();
- this.w[cnt].bot|=(byt&0xFF);
-
- var e=new UInt64(0,8);
- this.length[0].add(e);
- if (this.length[0].top===0 && this.length[0].bot==0) { e=new UInt64(0,1); this.length[1].add(e); }
- if ((this.length[0].bot%1024)===0) this.transform();
- },
-
-/* process an array of bytes */
- process_array: function(b)
- {
- for (var i=0;i<b.length;i++) this.process(b[i]);
- },
-
-/* process a 32-bit integer */
- process_num: function(n)
- {
- this.process((n>>24)&0xff);
- this.process((n>>16)&0xff);
- this.process((n>>8)&0xff);
- this.process(n&0xff);
- },
-
- hash: function()
- { /* pad message and finish - supply digest */
- var i;
- var digest=[];
- var len0,len1;
- len0=this.length[0].copy();
- len1=this.length[1].copy();
- this.process(0x80);
- while ((this.length[0].bot%1024)!=896) this.process(0);
-
- this.w[14]=len1;
- this.w[15]=len0;
- this.transform();
-
- for (i=0;i<HASH512.len;i++)
- { /* convert to bytes */
- digest[i]=HASH512.R(8*(7-i%8),this.h[i>>>3]).bot&0xff;
- }
-
- this.init();
- return digest;
- }
-};
-
-/* static functions */
-HASH512.S= function(n,x)
-{
- if (n==0) return x;
- if (n<32)
- return new UInt64((x.top>>>n) | (x.bot<<(32-n)), (x.bot>>>n) | (x.top << (32-n)));
- else
- return new UInt64((x.bot>>>(n-32)) | (x.top << (64-n)),(x.top>>>(n-32)) | (x.bot<<(64-n)));
-
-};
-
-HASH512.R= function(n,x)
-{
- if (n==0) return x;
- if (n<32)
- return new UInt64((x.top>>>n),(x.bot>>>n | (x.top << (32-n))));
- else
- return new UInt64(0,x.top >>> (n-32));
-};
-
-HASH512.Ch= function(x,y,z)
-{
- return new UInt64((x.top&y.top)^(~(x.top)&z.top),(x.bot&y.bot)^(~(x.bot)&z.bot));
-};
-
-HASH512.Maj= function(x,y,z)
-{
- return new UInt64((x.top&y.top)^(x.top&z.top)^(y.top&z.top),(x.bot&y.bot)^(x.bot&z.bot)^(y.bot&z.bot));
-};
-
-HASH512.Sig0= function(x)
-{
- var r1=HASH512.S(28,x);
- var r2=HASH512.S(34,x);
- var r3=HASH512.S(39,x);
- return new UInt64(r1.top^r2.top^r3.top,r1.bot^r2.bot^r3.bot);
-};
-
-HASH512.Sig1= function(x)
-{
- var r1=HASH512.S(14,x);
- var r2=HASH512.S(18,x);
- var r3=HASH512.S(41,x);
- return new UInt64(r1.top^r2.top^r3.top,r1.bot^r2.bot^r3.bot);
-};
-
-HASH512.theta0= function(x)
-{
- var r1=HASH512.S(1,x);
- var r2=HASH512.S(8,x);
- var r3=HASH512.R(7,x);
- return new UInt64(r1.top^r2.top^r3.top,r1.bot^r2.bot^r3.bot);
-};
-
-HASH512.theta1= function(x)
-{
- var r1=HASH512.S(19,x);
- var r2=HASH512.S(61,x);
- var r3=HASH512.R(6,x);
- return new UInt64(r1.top^r2.top^r3.top,r1.bot^r2.bot^r3.bot);
-};
-
-/* constants */
-HASH512.len= 64;
-
-HASH512.H = [new UInt64(0x6a09e667, 0xf3bcc908), new UInt64(0xbb67ae85, 0x84caa73b),
- new UInt64(0x3c6ef372, 0xfe94f82b), new UInt64(0xa54ff53a, 0x5f1d36f1),
- new UInt64(0x510e527f, 0xade682d1), new UInt64(0x9b05688c, 0x2b3e6c1f),
- new UInt64(0x1f83d9ab, 0xfb41bd6b), new UInt64(0x5be0cd19, 0x137e2179)];
-
-HASH512.HK = [new UInt64(0x428a2f98, 0xd728ae22), new UInt64(0x71374491, 0x23ef65cd),
- new UInt64(0xb5c0fbcf, 0xec4d3b2f), new UInt64(0xe9b5dba5, 0x8189dbbc),
- new UInt64(0x3956c25b, 0xf348b538), new UInt64(0x59f111f1, 0xb605d019),
- new UInt64(0x923f82a4, 0xaf194f9b), new UInt64(0xab1c5ed5, 0xda6d8118),
- new UInt64(0xd807aa98, 0xa3030242), new UInt64(0x12835b01, 0x45706fbe),
- new UInt64(0x243185be, 0x4ee4b28c), new UInt64(0x550c7dc3, 0xd5ffb4e2),
- new UInt64(0x72be5d74, 0xf27b896f), new UInt64(0x80deb1fe, 0x3b1696b1),
- new UInt64(0x9bdc06a7, 0x25c71235), new UInt64(0xc19bf174, 0xcf692694),
- new UInt64(0xe49b69c1, 0x9ef14ad2), new UInt64(0xefbe4786, 0x384f25e3),
- new UInt64(0x0fc19dc6, 0x8b8cd5b5), new UInt64(0x240ca1cc, 0x77ac9c65),
- new UInt64(0x2de92c6f, 0x592b0275), new UInt64(0x4a7484aa, 0x6ea6e483),
- new UInt64(0x5cb0a9dc, 0xbd41fbd4), new UInt64(0x76f988da, 0x831153b5),
- new UInt64(0x983e5152, 0xee66dfab), new UInt64(0xa831c66d, 0x2db43210),
- new UInt64(0xb00327c8, 0x98fb213f), new UInt64(0xbf597fc7, 0xbeef0ee4),
- new UInt64(0xc6e00bf3, 0x3da88fc2), new UInt64(0xd5a79147, 0x930aa725),
- new UInt64(0x06ca6351, 0xe003826f), new UInt64(0x14292967, 0x0a0e6e70),
- new UInt64(0x27b70a85, 0x46d22ffc), new UInt64(0x2e1b2138, 0x5c26c926),
- new UInt64(0x4d2c6dfc, 0x5ac42aed), new UInt64(0x53380d13, 0x9d95b3df),
- new UInt64(0x650a7354, 0x8baf63de), new UInt64(0x766a0abb, 0x3c77b2a8),
- new UInt64(0x81c2c92e, 0x47edaee6), new UInt64(0x92722c85, 0x1482353b),
- new UInt64(0xa2bfe8a1, 0x4cf10364), new UInt64(0xa81a664b, 0xbc423001),
- new UInt64(0xc24b8b70, 0xd0f89791), new UInt64(0xc76c51a3, 0x0654be30),
- new UInt64(0xd192e819, 0xd6ef5218), new UInt64(0xd6990624, 0x5565a910),
- new UInt64(0xf40e3585, 0x5771202a), new UInt64(0x106aa070, 0x32bbd1b8),
- new UInt64(0x19a4c116, 0xb8d2d0c8), new UInt64(0x1e376c08, 0x5141ab53),
- new UInt64(0x2748774c, 0xdf8eeb99), new UInt64(0x34b0bcb5, 0xe19b48a8),
- new UInt64(0x391c0cb3, 0xc5c95a63), new UInt64(0x4ed8aa4a, 0xe3418acb),
- new UInt64(0x5b9cca4f, 0x7763e373), new UInt64(0x682e6ff3, 0xd6b2b8a3),
- new UInt64(0x748f82ee, 0x5defb2fc), new UInt64(0x78a5636f, 0x43172f60),
- new UInt64(0x84c87814, 0xa1f0ab72), new UInt64(0x8cc70208, 0x1a6439ec),
- new UInt64(0x90befffa, 0x23631e28), new UInt64(0xa4506ceb, 0xde82bde9),
- new UInt64(0xbef9a3f7, 0xb2c67915), new UInt64(0xc67178f2, 0xe372532b),
- new UInt64(0xca273ece, 0xea26619c), new UInt64(0xd186b8c7, 0x21c0c207),
- new UInt64(0xeada7dd6, 0xcde0eb1e), new UInt64(0xf57d4f7f, 0xee6ed178),
- new UInt64(0x06f067aa, 0x72176fba), new UInt64(0x0a637dc5, 0xa2c898a6),
- new UInt64(0x113f9804, 0xbef90dae), new UInt64(0x1b710b35, 0x131c471b),
- new UInt64(0x28db77f5, 0x23047d84), new UInt64(0x32caab7b, 0x40c72493),
- new UInt64(0x3c9ebe0a, 0x15c9bebc), new UInt64(0x431d67c4, 0x9c100d4c),
- new UInt64(0x4cc5d4be, 0xcb3e42b6), new UInt64(0x597f299c, 0xfc657e2a),
- new UInt64(0x5fcb6fab, 0x3ad6faec), new UInt64(0x6c44198c, 0x4a475817)];
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/MPIN.js
----------------------------------------------------------------------
diff --git a/version22/js/MPIN.js b/version22/js/MPIN.js
deleted file mode 100644
index fdd1d80..0000000
--- a/version22/js/MPIN.js
+++ /dev/null
@@ -1,933 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/* MPIN API Functions */
-
-var MPIN = {
- BAD_PARAMS:-11,
- INVALID_POINT:-14,
- WRONG_ORDER:-18,
- BAD_PIN:-19,
-/* configure PIN here */
- MAXPIN:10000, /* max PIN */
- PBLEN:14, /* MAXPIN length in bits */
- TS:10, /* 10 for 4 digit PIN, 14 for 6-digit PIN - 2^TS/TS approx = sqrt(MAXPIN) */
- TRAP:200, /* 200 for 4 digit PIN, 2000 for 6-digit PIN - approx 2*sqrt(MAXPIN) */
- EFS:ROM.MODBYTES,
- EGS:ROM.MODBYTES,
- PAS:16,
-
- SHA256 : 32,
- SHA384 : 48,
- SHA512 : 64,
-
- HASH_TYPE : 32,
-
-
-/* return time in slots since epoch */
- today: function() {
- var now=new Date();
- return Math.floor(now.getTime()/(60000*1440)); // for daily tokens
- },
-
- bytestostring: function(b)
- {
- var s="";
- var len=b.length;
- var ch;
-
- for (var i=0;i<len;i++)
- {
- ch=b[i];
- s+=((ch>>>4)&15).toString(16);
- s+=(ch&15).toString(16);
-
- }
- return s;
- },
-
- stringtobytes: function(s)
- {
- var b=[];
- for (var i=0;i<s.length;i++)
- b.push(s.charCodeAt(i));
- return b;
- },
-
- comparebytes: function(a,b)
- {
- if (a.length!=b.length) return false;
- for (var i=0;i<a.length;i++)
- {
- if (a[i]!=b[i]) return false;
- }
- return true;
- },
-
- mpin_hash: function(sha,c,U)
- {
- var t=[];
- var w=[];
- var h=[];
-
- c.geta().getA().toBytes(w); for (var i=0;i<this.EFS;i++) t[i]=w[i];
- c.geta().getB().toBytes(w); for (var i=this.EFS;i<2*this.EFS;i++) t[i]=w[i-this.EFS];
- c.getb().getA().toBytes(w); for (var i=2*this.EFS;i<3*this.EFS;i++) t[i]=w[i-2*this.EFS];
- c.getb().getB().toBytes(w); for (var i=3*this.EFS;i<4*this.EFS;i++) t[i]=w[i-3*this.EFS];
-
- U.getX().toBytes(w); for (var i=4*this.EFS;i<5*this.EFS;i++) t[i]=w[i-4*this.EFS];
- U.getY().toBytes(w); for (var i=5*this.EFS;i<6*this.EFS;i++) t[i]=w[i-5*this.EFS];
-
- if (sha==this.SHA256)
- {
- var H=new HASH256();
- H.process_array(t);
- h=H.hash();
- }
- if (sha==this.SHA384)
- {
- var H=new HASH384();
- H.process_array(t);
- h=H.hash();
- }
- if (sha==this.SHA512)
- {
- var H=new HASH512();
- H.process_array(t);
- h=H.hash();
- }
- if (h.length==0) return null;
- var R=[];
- for (var i=0;i<this.PAS;i++) R[i]=h[i];
- return R;
- },
-/* Hash number (optional) and string to point on curve */
-
- hashit: function(sha,n,B)
- {
- var R=[];
-
- if (sha==this.SHA256)
- {
- var H=new HASH256();
- if (n>0) H.process_num(n);
- H.process_array(B);
- R=H.hash();
- }
- if (sha==this.SHA384)
- {
- var H=new HASH384();
- if (n>0) H.process_num(n);
- H.process_array(B);
- R=H.hash();
- }
- if (sha==this.SHA512)
- {
- var H=new HASH512();
- if (n>0) H.process_num(n);
- H.process_array(B);
- R=H.hash();
- }
- if (R.length==0) return null;
- var W=[];
-
- if (sha>=ROM.MODBYTES)
- for (var i=0;i<ROM.MODBYTES;i++) W[i]=R[i];
- else
- {
- for (var i=0;i<sha;i++) W[i]=R[i];
- for (var i=sha;i<ROM.MODBYTES;i++) W[i]=0;
- }
- return W;
- },
-
- mapit: function(h)
- {
- var q=new BIG(0); q.rcopy(ROM.Modulus);
- var x=BIG.fromBytes(h);
- x.mod(q);
- var P=new ECP();
- while (true)
- {
- P.setxi(x,0);
- if (!P.is_infinity()) break;
- x.inc(1); x.norm();
- }
- if (ROM.CURVE_PAIRING_TYPE!=ROM.BN_CURVE)
- {
- var c=new BIG(0); c.rcopy(ROM.CURVE_Cof);
- P=P.mul(c);
- }
- return P;
- },
-
-/* needed for SOK */
- mapit2: function(h)
- {
- var q=new BIG(0); q.rcopy(ROM.Modulus);
- var x=BIG.fromBytes(h);
- var one=new BIG(1);
- x.mod(q);
- var Q,T,K,X;
- while (true)
- {
- X=new FP2(one,x);
- Q=new ECP2(); Q.setx(X);
- if (!Q.is_infinity()) break;
- x.inc(1); x.norm();
- }
-/* Fast Hashing to G2 - Fuentes-Castaneda, Knapp and Rodriguez-Henriquez */
-
- var Fa=new BIG(0); Fa.rcopy(ROM.CURVE_Fra);
- var Fb=new BIG(0); Fb.rcopy(ROM.CURVE_Frb);
- X=new FP2(Fa,Fb);
- x=new BIG(0); x.rcopy(ROM.CURVE_Bnx);
-
- T=new ECP2(); T.copy(Q);
- T.mul(x); T.neg();
- K=new ECP2(); K.copy(T);
- K.dbl(); K.add(T); K.affine();
-
- K.frob(X);
- Q.frob(X); Q.frob(X); Q.frob(X);
- Q.add(T); Q.add(K);
- T.frob(X); T.frob(X);
- Q.add(T);
- Q.affine();
- return Q;
-
- },
-
-/* these next two functions help to implement elligator squared - http://eprint.iacr.org/2014/043 */
-/* maps a random u to a point on the curve */
- map: function(u,cb)
- {
- var P=new ECP();
- var x=new BIG(u);
- var p=new BIG(0); p.rcopy(ROM.Modulus);
- x.mod(p);
- while (true)
- {
- P.setxi(x,cb);
- if (!P.is_infinity()) break;
- x.inc(1); x.norm();
- }
- return P;
- },
-
-/* returns u derived from P. Random value in range 1 to return value should then be added to u */
- unmap: function(u,P)
- {
- var s=P.getS();
- var R=new ECP();
- var r=0;
- var x=P.getX();
- u.copy(x);
- while (true)
- {
- u.dec(1); u.norm();
- r++;
- R.setxi(u,s); //=new ECP(u,s);
- if (!R.is_infinity()) break;
- }
- return r;
- },
-
-/* these next two functions implement elligator squared - http://eprint.iacr.org/2014/043 */
-/* Elliptic curve point E in format (0x04,x,y} is converted to form {0x0-,u,v} */
-/* Note that u and v are indistinguisible from random strings */
- ENCODING: function(rng,E)
- {
- var i,rn,m,su,sv;
- var T=[];
-
- for (i=0;i<this.EFS;i++) T[i]=E[i+1];
- var u=BIG.fromBytes(T);
- for (i=0;i<this.EFS;i++) T[i]=E[i+this.EFS+1];
- var v=BIG.fromBytes(T);
-
- var P=new ECP(0); P.setxy(u,v);
- if (P.is_infinity()) return this.INVALID_POINT;
-
- var p=new BIG(0); p.rcopy(ROM.Modulus);
- u=BIG.randomnum(p,rng);
-
- su=rng.getByte(); if (su<0) su=-su; su%=2;
-
- var W=this.map(u,su);
- P.sub(W);
- sv=P.getS();
- rn=this.unmap(v,P);
- m=rng.getByte(); if (m<0) m=-m; m%=rn;
- v.inc(m+1);
- E[0]=(su+2*sv);
- u.toBytes(T);
- for (i=0;i<this.EFS;i++) E[i+1]=T[i];
- v.toBytes(T);
- for (i=0;i<this.EFS;i++) E[i+this.EFS+1]=T[i];
-
- return 0;
- },
-
- DECODING: function(D)
- {
- var i,su,sv;
- var T=[];
-
- if ((D[0]&0x04)!==0) return this.INVALID_POINT;
-
- for (i=0;i<this.EFS;i++) T[i]=D[i+1];
- var u=BIG.fromBytes(T);
- for (i=0;i<this.EFS;i++) T[i]=D[i+this.EFS+1];
- var v=BIG.fromBytes(T);
-
- su=D[0]&1;
- sv=(D[0]>>1)&1;
- var W=this.map(u,su);
- var P=this.map(v,sv);
- P.add(W);
- u=P.getX();
- v=P.getY();
- D[0]=0x04;
- u.toBytes(T);
- for (i=0;i<this.EFS;i++) D[i+1]=T[i];
- v.toBytes(T);
- for (i=0;i<this.EFS;i++) D[i+this.EFS+1]=T[i];
-
- return 0;
- },
-
-/* R=R1+R2 in group G1 */
- RECOMBINE_G1: function(R1,R2,R)
- {
- var P=ECP.fromBytes(R1);
- var Q=ECP.fromBytes(R2);
-
- if (P.is_infinity() || Q.is_infinity()) return this.INVALID_POINT;
-
- P.add(Q);
-
- P.toBytes(R);
- return 0;
- },
-
-/* W=W1+W2 in group G2 */
- RECOMBINE_G2: function(W1,W2,W)
- {
- var P=ECP2.fromBytes(W1);
- var Q=ECP2.fromBytes(W2);
-
- if (P.is_infinity() || Q.is_infinity()) return this.INVALID_POINT;
-
- P.add(Q);
-
- P.toBytes(W);
- return 0;
- },
-
- HASH_ID: function(sha,ID)
- {
- return this.hashit(sha,0,ID);
- },
-
-/* create random secret S */
- RANDOM_GENERATE: function(rng,S)
- {
- var r=new BIG(0); r.rcopy(ROM.CURVE_Order);
- var s=BIG.randomnum(r,rng);
- if (ROM.AES_S>0)
- {
- s.mod2m(2*ROM.AES_S);
- }
- s.toBytes(S);
- return 0;
- },
-
-/* Extract PIN from TOKEN for identity CID */
- EXTRACT_PIN: function(sha,CID,pin,TOKEN)
- {
- var P=ECP.fromBytes(TOKEN);
- if (P.is_infinity()) return this.INVALID_POINT;
- var h=this.hashit(sha,0,CID);
- var R=this.mapit(h);
-
- pin%=this.MAXPIN;
-
- R=R.pinmul(pin,this.PBLEN);
- P.sub(R);
-
- P.toBytes(TOKEN);
-
- return 0;
- },
-
-/* Extract Server Secret SST=S*Q where Q is fixed generator in G2 and S is master secret */
- GET_SERVER_SECRET: function(S,SST)
- {
-
- var A=new BIG(0);
- var B=new BIG(0);
- A.rcopy(ROM.CURVE_Pxa); B.rcopy(ROM.CURVE_Pxb);
- var QX=new FP2(0); QX.bset(A,B);
- A.rcopy(ROM.CURVE_Pya); B.rcopy(ROM.CURVE_Pyb);
- var QY=new FP2(0); QY.bset(A,B);
-
- var Q=new ECP2();
- Q.setxy(QX,QY);
-
- var s=BIG.fromBytes(S);
- Q=PAIR.G2mul(Q,s);
- Q.toBytes(SST);
- return 0;
- },
-
- TEST_PAIR: function(PR)
- {
- var G=new ECP(0);
- var A=new BIG(0);
- var B=new BIG(0);
- A.rcopy(ROM.CURVE_Pxa); B.rcopy(ROM.CURVE_Pxb);
- var QX=new FP2(0); QX.bset(A,B);
- A.rcopy(ROM.CURVE_Pya); B.rcopy(ROM.CURVE_Pyb);
- var QY=new FP2(0); QY.bset(A,B);
-
- var Q=new ECP2();
- Q.setxy(QX,QY);
-
- var gx=new BIG(0); gx.rcopy(ROM.CURVE_Gx);
- var gy=new BIG(0); gy.rcopy(ROM.CURVE_Gy);
- G.setxy(gx,gy);
-
- var g=PAIR.ate(Q,G);
- g=PAIR.fexp(g);
- g.toBytes(PR);
- },
-
-/*
- W=x*H(G);
- if RNG == NULL then X is passed in
- if RNG != NULL the X is passed out
- if type=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve
-*/
- GET_G1_MULTIPLE: function(rng,type,X,G,W)
- {
- var x;
- var r=new BIG(0); r.rcopy(ROM.CURVE_Order);
-
- if (rng!=null)
- {
- x=BIG.randomnum(r,rng);
- if (ROM.AES_S>0)
- {
- x.mod2m(2*ROM.AES_S);
- }
- x.toBytes(X);
- }
- else
- {
- x=BIG.fromBytes(X);
- }
- var P;
- if (type==0)
- {
- P=ECP.fromBytes(G);
- if (P.is_infinity()) return INVALID_POINT;
- }
- else
- P=this.mapit(G);
-
- PAIR.G1mul(P,x).toBytes(W);
- return 0;
- },
-
-
-/* Client secret CST=S*H(CID) where CID is client ID and S is master secret */
- GET_CLIENT_SECRET: function(S,CID,CST)
- {
- return this.GET_G1_MULTIPLE(null,1,S,CID,CST);
- },
-
-/* Time Permit CTT=S*(date|H(CID)) where S is master secret */
- GET_CLIENT_PERMIT: function(sha,date,S,CID,CTT)
- {
- var h=this.hashit(sha,date,CID);
- var P=this.mapit(h);
-
- var s=BIG.fromBytes(S);
- P=PAIR.G1mul(P,s);
- P.toBytes(CTT);
- return 0;
- },
-
-/* Implement step 1 on client side of MPin protocol */
- CLIENT_1: function(sha,date,CLIENT_ID,rng,X,pin,TOKEN,SEC,xID,xCID,PERMIT)
- {
- var r=new BIG(0); r.rcopy(ROM.CURVE_Order);
- // var q=new BIG(0); q.rcopy(ROM.Modulus);
- var x;
- if (rng!==null)
- {
- x=BIG.randomnum(r,rng);
- if (ROM.AES_S>0)
- {
- x.mod2m(2*ROM.AES_S);
- }
- x.toBytes(X);
- }
- else
- {
- x=BIG.fromBytes(X);
- }
- var P,T,W;
-
- var h=this.hashit(sha,0,CLIENT_ID);
- P=this.mapit(h);
- T=ECP.fromBytes(TOKEN);
- if (T.is_infinity()) return this.INVALID_POINT;
-
- pin%=this.MAXPIN;
- W=P.pinmul(pin,this.PBLEN);
- T.add(W);
-
- if (date!=0)
- {
- W=ECP.fromBytes(PERMIT);
- if (W.is_infinity()) return this.INVALID_POINT;
- T.add(W);
- h=this.hashit(sha,date,h);
- W=this.mapit(h);
- if (xID!=null)
- {
- P=PAIR.G1mul(P,x);
- P.toBytes(xID);
- W=PAIR.G1mul(W,x);
- P.add(W);
- }
- else
- {
- P.add(W);
- P=PAIR.G1mul(P,x);
- }
- if (xCID!=null) P.toBytes(xCID);
- }
- else
- {
- if (xID!=null)
- {
- P=PAIR.G1mul(P,x);
- P.toBytes(xID);
- }
- }
-
- T.toBytes(SEC);
- return 0;
- },
-
-/* Implement step 2 on client side of MPin protocol */
- CLIENT_2: function(X,Y,SEC)
- {
- var r=new BIG(0); r.rcopy(ROM.CURVE_Order);
- var P=ECP.fromBytes(SEC);
- if (P.is_infinity()) return this.INVALID_POINT;
-
- var px=BIG.fromBytes(X);
- var py=BIG.fromBytes(Y);
- px.add(py);
- px.mod(r);
- // px.rsub(r);
-
- P=PAIR.G1mul(P,px);
- P.neg();
- P.toBytes(SEC);
- //PAIR.G1mul(P,px).toBytes(SEC);
- return 0;
- },
-
-/* Outputs H(CID) and H(T|H(CID)) for time permits. If no time permits set HID=HTID */
- SERVER_1: function(sha,date,CID,HID,HTID)
- {
- var h=this.hashit(sha,0,CID);
- var R,P=this.mapit(h);
-
- P.toBytes(HID);
- if (date!==0)
- {
- //if (HID!=null) P.toBytes(HID);
- h=this.hashit(sha,date,h);
- R=this.mapit(h);
- P.add(R);
- P.toBytes(HTID);
- }
- //else P.toBytes(HID);
- },
-
-/* Implement step 1 of MPin protocol on server side */
- SERVER_2: function(date,HID,HTID,Y,SST,xID,xCID,mSEC,E,F)
- {
- var A=new BIG(0);
- var B=new BIG(0);
- A.rcopy(ROM.CURVE_Pxa); B.rcopy(ROM.CURVE_Pxb);
- var QX=new FP2(0); QX.bset(A,B);
- A.rcopy(ROM.CURVE_Pya); B.rcopy(ROM.CURVE_Pyb);
- var QY=new FP2(0); QY.bset(A,B);
-
- var Q=new ECP2();
- Q.setxy(QX,QY);
-
- var sQ=ECP2.fromBytes(SST);
- if (sQ.is_infinity()) return this.INVALID_POINT;
-
- var R;
- if (date!==0)
- R=ECP.fromBytes(xCID);
- else
- {
- if (xID==null) return this.BAD_PARAMS;
- R=ECP.fromBytes(xID);
- }
- if (R.is_infinity()) return this.INVALID_POINT;
-
- var y=BIG.fromBytes(Y);
- var P;
-
- if (date!=0) P=ECP.fromBytes(HTID);
- else
- {
- if (HID==null) return this.BAD_PARAMS;
- P=ECP.fromBytes(HID);
- }
- if (P.is_infinity()) return this.INVALID_POINT;
-
- P=PAIR.G1mul(P,y);
- P.add(R);
- R=ECP.fromBytes(mSEC);
- if (R.is_infinity()) return this.INVALID_POINT;
-
- var g=PAIR.ate2(Q,R,sQ,P);
- g=PAIR.fexp(g);
-
- if (!g.isunity())
- {
- if (HID!=null && xID!=null && E!=null && F!=null)
- {
- g.toBytes(E);
- if (date!==0)
- {
- P=ECP.fromBytes(HID);
- if (P.is_infinity()) return this.INVALID_POINT;
- R=ECP.fromBytes(xID);
- if (R.is_infinity()) return this.INVALID_POINT;
-
- P=PAIR.G1mul(P,y);
- P.add(R);
- }
- g=PAIR.ate(Q,P);
- g=PAIR.fexp(g);
-
- g.toBytes(F);
- }
- return this.BAD_PIN;
- }
- return 0;
- },
-
-/* Pollards kangaroos used to return PIN error */
- KANGAROO: function(E,F)
- {
- var ge=FP12.fromBytes(E);
- var gf=FP12.fromBytes(F);
- var distance = [];
- var t=new FP12(gf);
- var table=[];
- var i,j,m,s,dn,dm,res,steps;
-
- s=1;
- for (m=0;m<this.TS;m++)
- {
- distance[m]=s;
- table[m]=new FP12(t);
- s*=2;
- t.usqr();
- }
- t.one();
- dn=0;
- for (j=0;j<this.TRAP;j++)
- {
- i=t.geta().geta().getA().lastbits(20)%this.TS;
- t.mul(table[i]);
- dn+=distance[i];
- }
- gf.copy(t); gf.conj();
- steps=0; dm=0;
- res=0;
- while (dm-dn<this.MAXPIN)
- {
- steps++;
- if (steps>4*this.TRAP) break;
- i=ge.geta().geta().getA().lastbits(20)%this.TS;
- ge.mul(table[i]);
- dm+=distance[i];
- if (ge.equals(t))
- {
- res=dm-dn;
- break;
- }
- if (ge.equals(gf))
- {
- res=dn-dm;
- break;
- }
-
- }
- if (steps>4*this.TRAP || dm-dn>=this.MAXPIN) {res=0; } // Trap Failed - probable invalid token
- return res;
- },
-
- /* return time since epoch */
- GET_TIME: function() {
- var now=new Date();
- return Math.floor(now.getTime()/(1000));
- },
-
- /* y = H(time,xCID) */
- GET_Y: function(sha,TimeValue,xCID,Y)
- {
- var q=new BIG(0);
- q.rcopy(ROM.CURVE_Order);
- var h=this.hashit(sha,TimeValue,xCID);
- var y=BIG.fromBytes(h);
- y.mod(q);
- if (ROM.AES_S>0)
- {
- y.mod2m(2*ROM.AES_S);
- }
- y.toBytes(Y);
- return 0;
- },
-
- /* One pass MPIN Client */
- CLIENT: function(sha,date,CLIENT_ID,rng,X,pin,TOKEN,SEC,xID,xCID,PERMIT,TimeValue,Y)
- {
-
- var rtn=0;
- var pID;
- if (date == 0) {
- pID = xID;
- } else {
- pID = xCID;
- xID = null;
- }
-
- rtn = this.CLIENT_1(sha,date,CLIENT_ID,rng,X,pin,TOKEN,SEC,xID,xCID,PERMIT);
- if (rtn != 0)
- return rtn;
-
- this.GET_Y(sha,TimeValue,pID,Y);
-
- rtn = this.CLIENT_2(X,Y,SEC);
- if (rtn != 0)
- return rtn;
-
- return 0;
- },
-
- /* One pass MPIN Server */
- SERVER: function(sha,date,HID,HTID,Y,SST,xID,xCID,mSEC,E,F,CID,TimeValue)
- {
- var rtn=0;
- var pID;
- if (date == 0) {
- pID = xID;
- } else {
- pID = xCID;
- }
-
- this.SERVER_1(sha,date,CID,HID,HTID);
-
- this.GET_Y(sha,TimeValue,pID,Y);
-
- rtn = this.SERVER_2(date,HID,HTID,Y,SST,xID,xCID,mSEC,E,F);
- if (rtn != 0)
- return rtn;
-
- return 0;
- },
-
-/* Functions to support M-Pin Full */
-
- PRECOMPUTE: function(TOKEN,CID,G1,G2)
- {
- var P,T;
- var g;
-
- T=ECP.fromBytes(TOKEN);
- if (T.is_infinity()) return INVALID_POINT;
-
- P=this.mapit(CID);
-
- var A=new BIG(0);
- var B=new BIG(0);
- A.rcopy(ROM.CURVE_Pxa); B.rcopy(ROM.CURVE_Pxb);
- var QX=new FP2(0); QX.bset(A,B);
- A.rcopy(ROM.CURVE_Pya); B.rcopy(ROM.CURVE_Pyb);
- var QY=new FP2(0); QY.bset(A,B);
-
- var Q=new ECP2();
- Q.setxy(QX,QY);
-
- g=PAIR.ate(Q,T);
- g=PAIR.fexp(g);
- g.toBytes(G1);
-
- g=PAIR.ate(Q,P);
- g=PAIR.fexp(g);
- g.toBytes(G2);
-
- return 0;
- },
-
-/* Hash the M-Pin transcript - new */
-
- HASH_ALL: function(sha,HID,xID,xCID,SEC,Y,R,W)
- {
- var tlen=0;
- var T=[];
-
-
- for (var i=0;i<HID.length;i++) T[i]=HID[i];
- tlen+=HID.length;
- if (xCID!=null)
- {
- for (var i=0;i<xCID.length;i++) T[i+tlen]=xCID[i];
- tlen+=xCID.length;
- }
- else
- {
- for (i=0;i<xID.length;i++) T[i+tlen]=xID[i];
- tlen+=xID.length;
- }
- for (var i=0;i<SEC.length;i++) T[i+tlen]=SEC[i];
- tlen+=SEC.length;
- for (var i=0;i<Y.length;i++) T[i+tlen]=Y[i];
- tlen+=Y.length;
- for (var i=0;i<R.length;i++) T[i+tlen]=R[i];
- tlen+=R.length;
- for (var i=0;i<W.length;i++) T[i+tlen]=W[i];
- tlen+=W.length;
-
- return this.hashit(sha,0,T);
- },
-
-/* calculate common key on client side */
-/* wCID = w.(A+AT) */
- CLIENT_KEY: function(sha,G1,G2,pin,R,X,H,wCID,CK)
- {
- var t=[];
-
- var g1=FP12.fromBytes(G1);
- var g2=FP12.fromBytes(G2);
- var z=BIG.fromBytes(R);
- var x=BIG.fromBytes(X);
- var h=BIG.fromBytes(H);
-
- var W=ECP.fromBytes(wCID);
- if (W.is_infinity()) return this.INVALID_POINT;
-
- W=PAIR.G1mul(W,x);
-
- var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra);
- var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb);
- var f=new FP2(fa,fb); //f.bset(fa,fb);
-
- var r=new BIG(0); r.rcopy(ROM.CURVE_Order);
- var q=new BIG(0); q.rcopy(ROM.Modulus);
-
- z.add(h);
- z.mod(r);
-
- var m=new BIG(q);
- m.mod(r);
-
- var a=new BIG(z);
- a.mod(m);
-
- var b=new BIG(z);
- b.div(m);
-
- g2.pinpow(pin,this.PBLEN);
- g1.mul(g2);
-
- var c=g1.trace();
- g2.copy(g1);
- g2.frob(f);
- var cp=g2.trace();
- g1.conj();
- g2.mul(g1);
- var cpm1=g2.trace();
- g2.mul(g1);
- var cpm2=g2.trace();
-
- c=c.xtr_pow2(cp,cpm1,cpm2,a,b);
-
- t=this.mpin_hash(sha,c,W);
-
- for (var i=0;i<this.PAS;i++) CK[i]=t[i];
-
- return 0;
- },
-
-/* calculate common key on server side */
-/* Z=r.A - no time permits involved */
-
- SERVER_KEY: function(sha,Z,SST,W,H,HID,xID,xCID,SK)
- {
- var t=[];
-
- var sQ=ECP2.fromBytes(SST);
- if (sQ.is_infinity()) return this.INVALID_POINT;
- var R=ECP.fromBytes(Z);
- if (R.is_infinity()) return this.INVALID_POINT;
- var A=ECP.fromBytes(HID);
- if (A.is_infinity()) return this.INVALID_POINT;
-
- var U;
- if (xCID!=null)
- U=ECP.fromBytes(xCID);
- else
- U=ECP.fromBytes(xID);
- if (U.is_infinity()) return this.INVALID_POINT;
-
- var w=BIG.fromBytes(W);
- var h=BIG.fromBytes(H);
- A=PAIR.G1mul(A,h);
- R.add(A);
-
- U=PAIR.G1mul(U,w);
- var g=PAIR.ate(sQ,R);
- g=PAIR.fexp(g);
-
- var c=g.trace();
-
- t=this.mpin_hash(sha,c,U);
-
- for (var i=0;i<this.PAS;i++) SK[i]=t[i];
-
- return 0;
- }
-};
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/PAIR.js
----------------------------------------------------------------------
diff --git a/version22/js/PAIR.js b/version22/js/PAIR.js
deleted file mode 100644
index e7c5878..0000000
--- a/version22/js/PAIR.js
+++ /dev/null
@@ -1,650 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-var PAIR = {
-/* Line function */
- line: function(A,B,Qx,Qy)
- {
- var P=new ECP2();
- var a,b,c;
- var r=new FP12(1);
- P.copy(A);
-
- var ZZ=new FP2(P.getz()); //ZZ.copy(P.getz());
- ZZ.sqr();
- var D;
- if (A==B) D=A.dbl();
- else D=A.add(B);
- if (D<0) return r;
- var Z3=new FP2(A.getz()); //Z3.copy(A.getz());
- c=new FP4(0);
- var X,Y,T;
- if (D===0)
- { /* Addition */
- X=new FP2(B.getx()); //X.copy(B.getx());
- Y=new FP2(B.gety()); //Y.copy(B.gety());
- T=new FP2(P.getz()); //T.copy(P.getz());
-
- T.mul(Y);
- ZZ.mul(T);
-
- var NY=new FP2(P.gety()); /*NY.copy(P.gety());*/ NY.neg();
- ZZ.add(NY);
- Z3.pmul(Qy);
- T.mul(P.getx());
- X.mul(NY);
- T.add(X);
- a=new FP4(Z3,T); //a.set(Z3,T);
- ZZ.neg();
- ZZ.pmul(Qx);
- b=new FP4(ZZ); //b.seta(ZZ);
- }
- else
- { /* Doubling */
- X=new FP2(P.getx()); //X.copy(P.getx());
- Y=new FP2(P.gety()); //Y.copy(P.gety());
- T=new FP2(P.getx()); //T.copy(P.getx());
- T.sqr();
- T.imul(3);
-
- Y.sqr();
- Y.add(Y);
- Z3.mul(ZZ);
- Z3.pmul(Qy);
-
- X.mul(T);
- X.sub(Y);
- a=new FP4(Z3,X); //a.set(Z3,X);
- T.neg();
- ZZ.mul(T);
-
- ZZ.pmul(Qx);
-
- b=new FP4(ZZ); //b.seta(ZZ);
- }
- r.set(a,b,c);
- return r;
- },
-
-/* Optimal R-ate pairing */
- ate: function(P,Q)
- {
- var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra);
- var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb);
- var f=new FP2(fa,fb); //f.bset(fa,fb);
-
- var x=new BIG(0); x.rcopy(ROM.CURVE_Bnx);
- var n=new BIG(x); //n.copy(x);
- var K=new ECP2();
- var lv;
-
- if (ROM.CURVE_PAIRING_TYPE==ROM.BN_CURVE)
- {
- n.pmul(6); n.dec(2);
- }
- else
- n.copy(x);
- n.norm();
-
- P.affine();
- Q.affine();
- var Qx=new FP(Q.getx()); //Qx.copy(Q.getx());
- var Qy=new FP(Q.gety()); //Qy.copy(Q.gety());
-
- var A=new ECP2();
- var r=new FP12(1);
-
- A.copy(P);
- var nb=n.nbits();
-
- for (var i=nb-2;i>=1;i--)
- {
- lv=PAIR.line(A,A,Qx,Qy);
-
- r.smul(lv);
-
- if (n.bit(i)==1)
- {
- lv=PAIR.line(A,P,Qx,Qy);
- r.smul(lv);
- }
- r.sqr();
- }
- lv=PAIR.line(A,A,Qx,Qy);
- r.smul(lv);
- if (n.parity()==1)
- {
- lv=line(A,P,Qx,Qy);
- r.smul(lv);
- }
-
-/* R-ate fixup */
- if (ROM.CURVE_PAIRING_TYPE==ROM.BN_CURVE)
- {
- r.conj();
- K.copy(P);
- K.frob(f);
- A.neg();
- lv=PAIR.line(A,K,Qx,Qy);
- r.smul(lv);
- K.frob(f);
- K.neg();
- lv=PAIR.line(A,K,Qx,Qy);
- r.smul(lv);
- }
- return r;
- },
-
-/* Optimal R-ate double pairing e(P,Q).e(R,S) */
- ate2: function(P,Q,R,S)
- {
- var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra);
- var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb);
- var f=new FP2(fa,fb); //f.bset(fa,fb);
- var x=new BIG(0); x.rcopy(ROM.CURVE_Bnx);
-
- var n=new BIG(x); //n.copy(x);
- var K=new ECP2();
- var lv;
-
- if (ROM.CURVE_PAIRING_TYPE==ROM.BN_CURVE)
- {
- n.pmul(6); n.dec(2);
- }
- else
- n.copy(x);
- n.norm();
-
- P.affine();
- Q.affine();
- R.affine();
- S.affine();
-
- var Qx=new FP(Q.getx()); //Qx.copy(Q.getx());
- var Qy=new FP(Q.gety()); //Qy.copy(Q.gety());
-
- var Sx=new FP(S.getx()); //Sx.copy(S.getx());
- var Sy=new FP(S.gety()); //Sy.copy(S.gety());
-
- var A=new ECP2();
- var B=new ECP2();
- var r=new FP12(1);
-
- A.copy(P);
- B.copy(R);
- var nb=n.nbits();
-
- for (var i=nb-2;i>=1;i--)
- {
- lv=PAIR.line(A,A,Qx,Qy);
- r.smul(lv);
- lv=PAIR.line(B,B,Sx,Sy);
- r.smul(lv);
- if (n.bit(i)==1)
- {
- lv=PAIR.line(A,P,Qx,Qy);
- r.smul(lv);
- lv=PAIR.line(B,R,Sx,Sy);
- r.smul(lv);
- }
- r.sqr();
- }
-
- lv=PAIR.line(A,A,Qx,Qy);
- r.smul(lv);
- lv=PAIR.line(B,B,Sx,Sy);
- r.smul(lv);
- if (n.parity()==1)
- {
- lv=line(A,P,Qx,Qy);
- r.smul(lv);
- lv=line(B,R,Sx,Sy);
- r.smul(lv);
- }
-
-/* R-ate fixup required for BN curves */
- if (ROM.CURVE_PAIRING_TYPE==ROM.BN_CURVE)
- {
- r.conj();
-
- K.copy(P);
- K.frob(f);
- A.neg();
- lv=PAIR.line(A,K,Qx,Qy);
- r.smul(lv);
- K.frob(f);
- K.neg();
- lv=PAIR.line(A,K,Qx,Qy);
- r.smul(lv);
-
- K.copy(R);
- K.frob(f);
- B.neg();
- lv=PAIR.line(B,K,Sx,Sy);
- r.smul(lv);
- K.frob(f);
- K.neg();
- lv=PAIR.line(B,K,Sx,Sy);
- r.smul(lv);
- }
- return r;
- },
-
-/* final exponentiation - keep separate for multi-pairings and to avoid thrashing stack */
- fexp: function(m)
- {
- var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra);
- var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb);
- var f=new FP2(fa,fb);
- var x=new BIG(0); x.rcopy(ROM.CURVE_Bnx);
-
- var r=new FP12(m); //r.copy(m);
-
-/* Easy part of final exp */
- var lv=new FP12(r); //lv.copy(r);
- lv.inverse();
- r.conj();
- r.mul(lv);
- lv.copy(r);
- r.frob(f);
- r.frob(f);
- r.mul(lv);
-
-/* Hard part of final exp */
- if (ROM.CURVE_PAIRING_TYPE==ROM.BN_CURVE)
- {
- var x0,x1,x2,x3,x4,x5;
- lv.copy(r);
- lv.frob(f);
- x0=new FP12(lv); //x0.copy(lv);
- x0.frob(f);
- lv.mul(r);
- x0.mul(lv);
- x0.frob(f);
- x1=new FP12(r); //x1.copy(r);
- x1.conj();
-
- x4=r.pow(x);
-
- x3=new FP12(x4); //x3.copy(x4);
- x3.frob(f);
- x2=x4.pow(x);
-
- x5=new FP12(x2); /*x5.copy(x2);*/ x5.conj();
- lv=x2.pow(x);
-
- x2.frob(f);
- r.copy(x2); r.conj();
-
- x4.mul(r);
- x2.frob(f);
-
- r.copy(lv);
- r.frob(f);
- lv.mul(r);
-
- lv.usqr();
- lv.mul(x4);
- lv.mul(x5);
- r.copy(x3);
- r.mul(x5);
- r.mul(lv);
- lv.mul(x2);
- r.usqr();
- r.mul(lv);
- r.usqr();
- lv.copy(r);
- lv.mul(x1);
- r.mul(x0);
- lv.usqr();
- r.mul(lv);
- r.reduce();
- }
- else
- {
- var y0,y1,y2,y3;
-// Ghamman & Fouotsa Method
- y0=new FP12(r); y0.usqr();
- y1=y0.pow(x);
- x.fshr(1); y2=y1.pow(x); x.fshl(1);
- y3=new FP12(r); y3.conj();
- y1.mul(y3);
-
- y1.conj();
- y1.mul(y2);
-
- y2=y1.pow(x);
-
- y3=y2.pow(x);
- y1.conj();
- y3.mul(y1);
-
- y1.conj();
- y1.frob(f); y1.frob(f); y1.frob(f);
- y2.frob(f); y2.frob(f);
- y1.mul(y2);
-
- y2=y3.pow(x);
- y2.mul(y0);
- y2.mul(r);
-
- y1.mul(y2);
- y2.copy(y3); y2.frob(f);
- y1.mul(y2);
- r.copy(y1);
- r.reduce();
-
-
-/*
- x0=new FP12(r);
- x1=new FP12(r);
- lv.copy(r); lv.frob(f);
- x3=new FP12(lv); x3.conj(); x1.mul(x3);
- lv.frob(f); lv.frob(f);
- x1.mul(lv);
-
- r.copy(r.pow(x)); //r=r.pow(x);
- x3.copy(r); x3.conj(); x1.mul(x3);
- lv.copy(r); lv.frob(f);
- x0.mul(lv);
- lv.frob(f);
- x1.mul(lv);
- lv.frob(f);
- x3.copy(lv); x3.conj(); x0.mul(x3);
-
- r.copy(r.pow(x));
- x0.mul(r);
- lv.copy(r); lv.frob(f); lv.frob(f);
- x3.copy(lv); x3.conj(); x0.mul(x3);
- lv.frob(f);
- x1.mul(lv);
-
- r.copy(r.pow(x));
- lv.copy(r); lv.frob(f);
- x3.copy(lv); x3.conj(); x0.mul(x3);
- lv.frob(f);
- x1.mul(lv);
-
- r.copy(r.pow(x));
- x3.copy(r); x3.conj(); x0.mul(x3);
- lv.copy(r); lv.frob(f);
- x1.mul(lv);
-
- r.copy(r.pow(x));
- x1.mul(r);
-
- x0.usqr();
- x0.mul(x1);
- r.copy(x0);
- r.reduce(); */
- }
- return r;
- }
-};
-
-/* GLV method */
-PAIR.glv= function(e)
-{
- var u=[];
- if (ROM.CURVE_PAIRING_TYPE==ROM.BN_CURVE)
- {
- var i,j;
- var t=new BIG(0);
- var q=new BIG(0); q.rcopy(ROM.CURVE_Order);
- var v=[];
-
- for (i=0;i<2;i++)
- {
- t.rcopy(ROM.CURVE_W[i]);
- var d=BIG.mul(t,e);
- v[i]=new BIG(d.div(q));
- u[i]=new BIG(0);
- }
- u[0].copy(e);
- for (i=0;i<2;i++)
- for (j=0;j<2;j++)
- {
- t.rcopy(ROM.CURVE_SB[j][i]);
- t.copy(BIG.modmul(v[j],t,q));
- u[i].add(q);
- u[i].sub(t);
- u[i].mod(q);
- }
- }
- else
- { // -(x^2).P = (Beta.x,y)
- var q=new BIG(0); q.rcopy(ROM.CURVE_Order);
- var x=new BIG(0); x.rcopy(ROM.CURVE_Bnx);
- var x2=BIG.smul(x,x);
- u[0]=new BIG(e);
- u[0].mod(x2);
- u[1]=new BIG(e);
- u[1].div(x2);
- u[1].rsub(q);
- }
- return u;
-};
-
-/* Galbraith & Scott Method */
-PAIR.gs= function(e)
-{
- var u=[];
- if (ROM.CURVE_PAIRING_TYPE==ROM.BN_CURVE)
- {
- var i,j;
- var t=new BIG(0);
- var q=new BIG(0); q.rcopy(ROM.CURVE_Order);
-
- var v=[];
-
- for (i=0;i<4;i++)
- {
- t.rcopy(ROM.CURVE_WB[i]);
- var d=BIG.mul(t,e);
- v[i]=new BIG(d.div(q));
- u[i]=new BIG(0);
- }
-
- u[0].copy(e);
- for (i=0;i<4;i++)
- for (j=0;j<4;j++)
- {
- t.rcopy(ROM.CURVE_BB[j][i]);
- t.copy(BIG.modmul(v[j],t,q));
- u[i].add(q);
- u[i].sub(t);
- u[i].mod(q);
- }
- }
- else
- {
- var x=new BIG(0); x.rcopy(ROM.CURVE_Bnx);
- var w=new BIG(e);
- for (var i=0;i<4;i++)
- {
- u[i]=new BIG(w);
- u[i].mod(x);
- w.div(x);
- }
- }
- return u;
-};
-
-/* Multiply P by e in group G1 */
-PAIR.G1mul= function(P,e)
-{
- var R;
- if (ROM.USE_GLV)
- {
- P.affine();
- R=new ECP();
- R.copy(P);
- var np,nn;
- var Q=new ECP();
- Q.copy(P);
- var q=new BIG(0); q.rcopy(ROM.CURVE_Order);
- var bcru=new BIG(0); bcru.rcopy(ROM.CURVE_Cru);
- var cru=new FP(bcru);
- var t=new BIG(0);
- var u=PAIR.glv(e);
-
- Q.getx().mul(cru);
-
- np=u[0].nbits();
- t.copy(BIG.modneg(u[0],q));
- nn=t.nbits();
- if (nn<np)
- {
- u[0].copy(t);
- R.neg();
- }
-
- np=u[1].nbits();
- t.copy(BIG.modneg(u[1],q));
- nn=t.nbits();
- if (nn<np)
- {
- u[1].copy(t);
- Q.neg();
- }
-
- R=R.mul2(u[0],Q,u[1]);
-
- }
- else
- {
- R=P.mul(e);
- }
- return R;
-};
-
-/* Multiply P by e in group G2 */
-PAIR.G2mul= function(P,e)
-{
- var R;
- if (ROM.USE_GS_G2)
- {
- var Q=[];
- var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra);
- var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb);
- var f=new FP2(fa,fb); //f.bset(fa,fb);
- var q=new BIG(0); q.rcopy(ROM.CURVE_Order);
-
- var u=PAIR.gs(e);
- var t=new BIG(0);
- var i,np,nn;
- P.affine();
- Q[0]=new ECP2(); Q[0].copy(P);
- for (i=1;i<4;i++)
- {
- Q[i]=new ECP2(); Q[i].copy(Q[i-1]);
- Q[i].frob(f);
- }
-
- for (i=0;i<4;i++)
- {
- np=u[i].nbits();
- t.copy(BIG.modneg(u[i],q));
- nn=t.nbits();
- if (nn<np)
- {
- u[i].copy(t);
- Q[i].neg();
- }
- }
-
- R=ECP2.mul4(Q,u);
- }
- else
- {
- R=P.mul(e);
- }
- return R;
-};
-
-/* Note that this method requires a lot of RAM! Better to use compressed XTR method, see FP4.js */
-PAIR.GTpow= function(d,e)
-{
- var r;
- if (ROM.USE_GS_GT)
- {
- var g=[];
- var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra);
- var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb);
- var f=new FP2(fa,fb);
- var q=new BIG(0); q.rcopy(ROM.CURVE_Order);
- var t=new BIG(0);
- var i,np,nn;
- var u=PAIR.gs(e);
-
- g[0]=new FP12(d);
- for (i=1;i<4;i++)
- {
- g[i]=new FP12(0); g[i].copy(g[i-1]);
- g[i].frob(f);
- }
- for (i=0;i<4;i++)
- {
- np=u[i].nbits();
- t.copy(BIG.modneg(u[i],q));
- nn=t.nbits();
- if (nn<np)
- {
- u[i].copy(t);
- g[i].conj();
- }
- }
- r=FP12.pow4(g,u);
- }
- else
- {
- r=d.pow(e);
- }
- return r;
-};
-
-/* test group membership - no longer needed */
-/* with GT-Strong curve, now only check that m!=1, conj(m)*m==1, and m.m^{p^4}=m^{p^2} */
-/*
-PAIR.GTmember= function(m)
-{
- if (m.isunity()) return false;
- var r=new FP12(m);
- r.conj();
- r.mul(m);
- if (!r.isunity()) return false;
-
- var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra);
- var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb);
- var f=new FP2(fa,fb); //f.bset(fa,fb);
-
- r.copy(m); r.frob(f); r.frob(f);
- var w=new FP12(r); w.frob(f); w.frob(f);
- w.mul(m);
- if (!ROM.GT_STRONG)
- {
- if (!w.equals(r)) return false;
- var x=new BIG(0); x.rcopy(ROM.CURVE_Bnx);
- r.copy(m); w=r.pow(x); w=w.pow(x);
- r.copy(w); r.sqr(); r.mul(w); r.sqr();
- w.copy(m); w.frob(f);
- }
- return w.equals(r);
-};
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/RAND.js
----------------------------------------------------------------------
diff --git a/version22/js/RAND.js b/version22/js/RAND.js
deleted file mode 100644
index 9e2dddd..0000000
--- a/version22/js/RAND.js
+++ /dev/null
@@ -1,148 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/*
- * Cryptographic strong random number generator
- *
- * Unguessable seed -> SHA -> PRNG internal state -> SHA -> random numbers
- * Slow - but secure
- *
- * See ftp://ftp.rsasecurity.com/pub/pdfs/bull-1.pdf for a justification
- */
-
-/* Marsaglia & Zaman Random number generator constants */
-
-
-var RAND=function()
-{
-/* Cryptographically strong pseudo-random number generator */
- this.ira=[]; /* random number... */
- this.rndptr=0; /* ...array & pointer */
- this.borrow=0;
- this.pool_ptr=0;
- this.pool=[]; /* random pool */
- this.clean();
-};
-
-RAND.prototype=
-{
- NK:21,
- NJ:6,
- NV:8,
-
-/* Terminate and clean up */
- clean : function()
- {
- var i;
- for (i=0;i<32;i++) this.pool[i]=0;
- for (i=0;i<this.NK;i++) this.ira[i]=0;
- this.rndptr=0;
- this.borrow=0;
- this.pool_ptr=0;
- },
-
- sbrand: function()
- { /* Marsaglia & Zaman random number generator */
- var i,k;
- var pdiff,t; /* unsigned 32-bit */
-
- this.rndptr++;
- if (this.rndptr<this.NK) return this.ira[this.rndptr];
- this.rndptr=0;
- for (i=0,k=this.NK-this.NJ;i<this.NK;i++,k++)
- { /* calculate next NK values */
- if (k==this.NK) k=0;
- t=this.ira[k]>>>0;
- pdiff=(t - this.ira[i] - this.borrow)|0;
- pdiff>>>=0; /* This is seriously wierd shit. I got to do this to get a proper unsigned comparison... */
- if (pdiff<t) this.borrow=0;
- if (pdiff>t) this.borrow=1;
- this.ira[i]=(pdiff|0);
- }
- return this.ira[0];
- },
-
- sirand: function(seed)
- {
- var i,inn;
- var t,m=1;
- this.borrow=0;
- this.rndptr=0;
- seed>>>=0;
- this.ira[0]^=seed;
-
- for (i=1;i<this.NK;i++)
- { /* fill initialisation vector */
- inn=(this.NV*i)%this.NK;
- this.ira[inn]^=m; /* note XOR */
- t=m;
- m=(seed-m)|0;
- seed=t;
- }
-
- for (i=0;i<10000;i++) this.sbrand(); /* "warm-up" & stir the generator */
- },
-
- fill_pool: function()
- {
- var sh=new HASH256();
- for (var i=0;i<128;i++) sh.process(this.sbrand());
- this.pool=sh.hash();
- this.pool_ptr=0;
- },
-
-/* Initialize RNG with some real entropy from some external source */
- seed: function(rawlen,raw)
- { /* initialise from at least 128 byte string of raw random entropy */
- var i;
- var digest=[];
- var b=[];
- var sh=new HASH256();
- this.pool_ptr=0;
- for (i=0;i<this.NK;i++) this.ira[i]=0;
- if (rawlen>0)
- {
- for (i=0;i<rawlen;i++)
- sh.process(raw[i]);
- digest=sh.hash();
-
-/* initialise PRNG from distilled randomness */
- for (i=0;i<8;i++)
- {
- b[0]=digest[4*i]; b[1]=digest[4*i+1]; b[2]=digest[4*i+2]; b[3]=digest[4*i+3];
- this.sirand(RAND.pack(b));
- }
- }
- this.fill_pool();
- },
-
-/* get random byte */
- getByte: function()
- {
- var r=this.pool[this.pool_ptr++];
- if (this.pool_ptr>=32) this.fill_pool();
- return (r&0xff);
- }
-};
-
-RAND.pack= function(b)
-{ /* pack 4 bytes into a 32-bit Word */
- return (((b[3])&0xff)<<24)|((b[2]&0xff)<<16)|((b[1]&0xff)<<8)|(b[0]&0xff);
-};
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/ROM.js
----------------------------------------------------------------------
diff --git a/version22/js/ROM.js b/version22/js/ROM.js
deleted file mode 100644
index dcf2af1..0000000
--- a/version22/js/ROM.js
+++ /dev/null
@@ -1,716 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/* Fixed Data in ROM - Field and Curve parameters */
-
-var ROM={
- CHUNK: 32,
-
-/* Field Type */
- NOT_SPECIAL: 0,
- PSEUDO_MERSENNE: 1,
- GENERALISED_MERSENNE: 2,
- MONTGOMERY_FRIENDLY: 3,
-
-/* Curve Type */
- WEIERSTRASS: 0,
- EDWARDS: 1,
- MONTGOMERY: 2,
- BN_CURVE: 0,
- BLS_CURVE: 1,
-
-/* Finite field support - for RSA, DH etc. */
- FFLEN: 4, /* Defines Finite Field size n = BIGBITS.FFLEN, where FFLEN mustbe power of 2 */
-
-/*** Enter Some Field details here ***/
-/* C25519 */
-// MODBITS: 255, /* Number of bits in Modulus */
-// MOD8: 5, /* Modulus mod 8 */
-// BASEBITS: 24,
-// AES_S: 0,
-
-/* NIST Curve */
-/* Brainpool */
-// MODBITS: 256,
-// MOD8: 7,
-// BASEBITS: 24,
-// AES_S: 0
-
-/* BN254/BNCX */
- MODBITS: 254,
- MOD8: 3,
- BASEBITS: 24,
- AES_S: 0,
-
-/* BLS383 */
-// MODBITS: 383,
-// MOD8: 3,
-// BASEBITS: 23,
-// AES_S: 0,
-
-/* BN454 */
-// MODBITS: 454,
-// MOD8: 3,
-// BASEBITS: 23,
-// AES_S: 128,
-
-/* BLS455 */
-// MODBITS: 455,
-// MOD8: 3,
-// BASEBITS: 23,
-// AES_S: 128,
-
-/* MF254 */
-// MODBITS: 254,
-// MOD8: 7,
-// BASEBITS: 24,
-
-/* MS255 */
-// MODBITS: 255,
-// MOD8: 3,
-// BASEBITS: 24,
-// AES_S: 0
-
-/* MF256 */
-// MODBITS: 256,
-// MOD8: 7,
-// BASEBITS: 24,
-// AES_S: 0
-
-/* MS256 */
-// MODBITS: 256,
-// MOD8: 3,
-// BASEBITS: 24,
-// AES_S: 0
-
-/* ANSSI */
-// MODBITS: 256,
-// MOD8: 3,
-// BASEBITS: 24,
-// AES_S: 0
-
-/* HIFIVE */
-// MODBITS: 336,
-// MOD8: 5,
-// BASEBITS: 23,
-// AES_S: 128
-
-/* GOLDILOCKS */
-// MODBITS: 448,
-// MOD8: 5,
-// BASEBITS: 23,
-// AES_S: 0
-
-/* C41417 */
-// MODBITS: 414,
-// MOD8: 7,
-// BASEBITS: 22,
-// AES_S: 0
-
-/* NIST384 */
-// MODBITS: 384,
-// MOD8: 7,
-// BASEBITS: 23,
-// AES_S: 0
-
-/* NIST521 */
-// MODBITS: 521,
-// MOD8: 7,
-// BASEBITS: 23,
-// AES_S: 0
-
-/* Specify Field here */
-
-/* C25519 */
-// MODTYPE: 1,
-// Modulus: [0xFFFFED,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x7FFF],
-// MConst: 19,
-
-/* BNCX */
- MODTYPE:0,
- Modulus: [0x1B55B3,0x23EF5C,0xE1BE66,0x18093E,0x3FD6EE,0x66D324,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400],
- MConst:0x789E85,
-
-/* BLS383 */
-// MODTYPE:0,
-// Modulus: [0x2D556B,0x556A55,0x75EAB2,0x23AFBA,0x1BB01,0x2BAEA4,0x5CC20F,0x758B67,0x20F99,0x640A63,0x69A3A8,0x6009AA,0x2A7852,0x20B8AA,0x7DD718,0x104054,0x7AC5],
-// MConst:0x23D0BD,
-
-/* HIFIVE */
-// MODTYPE:1,
-// Modulus: [0x7FFFFD,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x3FFF],
-// MConst: 0x3,
-
-/* GOLDILOCKS */
-// MODTYPE: 2,
-// Modulus: [0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7DFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FF],
-// MConst: 0x1,
-
-/* C41417 */
-// MODTYPE: 1,
-// Modulus: [0x3FFFEF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFF],
-// MConst: 0x11,
-
-/* NIST384 */
-// MODTYPE: 0,
-// Modulus: [0x7FFFFF,0x1FF,0x0,0x0,0x7FFFF0,0x7FDFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0xFFFF],
-// MConst: 0x1,
-
-/* NIST521 */
-// MODTYPE: 1,
-// Modulus: [0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFF],
-// MConst: 0x1,
-
-/* BN254 Curve */
-//MODTYPE:0,
-//Modulus: [0x13,0x0,0x13A700,0x0,0x210000,0x861,0x800000,0xBA344D,0x1,0x648240,0x2523],
-//MConst:0x9435E5,
-
-/* BN454 Curve */
-//MODTYPE:0,
-//Modulus: [0x13,0x9C00,0x100000,0x700004,0x6006C4,0x4A109,0x514200,0x640000,0x80091,0x803AA,0x36A22,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9090,0x1B000,0x24000,0x12000],
-//MConst:0x1435E5,
-
-/* BLS455 Curve */
-//MODTYPE:0,
-//Modulus: [0x2AB,0x300,0x5AAA80,0x59554A,0x589556,0x2374D8,0x2B3A1B,0x6DCCCA,0x14B8B3,0x29F966,0x2F64E5,0x6AB11A,0x63A5B1,0x7ECCB,0x2480C0,0x7CADA,0x2AA00E,0x72AAAE,0x655555,0x2AAAA],
-//MConst:0x4017FD,
-
-/* BNT Curve */
-//MODTYPE:0,
-//Modulus: [0xB4A713,0xBBFEEE,0xBABE9D,0x14F464,0x8A5556,0xD5F06E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],
-//MConst:0x14C4E5,
-
-/* BNT2 */
-//MODTYPE:0,
-//Modulus: [0x60A48B,0xDC2BB4,0x51E8B2,0x28F0D6,0xCF93E4,0xD00081,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],
-//MConst:0x505CDD,
-
-/* NIST Modulus */
-// MODTYPE:0,
-// Modulus: [0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x0,0x0,0x0,0x0,0x1,0xFFFF00,0xFFFF],
-// MConst:0x1,
-
-/* MF254 Modulus */
-// MODTYPE:3,
-// Modulus: [0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3F80],
-// MConst:0x3F81,
-
-/* MS255 Modulus */
-//MODTYPE:1,
-//Modulus: [0xFFFD03,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x7FFF],
-//MConst:0x2FD,
-
-/* MS256 Modulus */
-//MODTYPE:1,
-//Modulus: [0xFFFF43,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFF],
-//MConst:0xBD,
-
-/* MF256 Modulus */
-//MODTYPE:3,
-//Modulus: [0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFA7],
-//MConst:0xFFA8,
-
-/* Brainpool Modulus */
-// MODTYPE:0,
-// Modulus: [0x6E5377,0x481D1F,0x282013,0xD52620,0x3BF623,0x8D726E,0x909D83,0x3E660A,0xEEA9BC,0x57DBA1,0xA9FB],
-// MConst:0xFD89B9,
-
-/* ANSSI Modulus */
-// MODTYPE:0,
-// Modulus: [0x6E9C03,0xF353D8,0x6DE8FC,0xABC8CA,0x61ADBC,0x435B39,0xE8CE42,0x10126D,0x3AD58F,0x178C0B,0xF1FD],
-// MConst:0x4E1155,
-
-/* Specify Curve here */
-
-/* ED25519 Edwards */
-// CURVETYPE: 1,
-// CURVE_A : -1,
-// CURVE_B : [0x5978A3,0x4DCA13,0xAB75EB,0x4141D8,0x700A4D,0xE89800,0x797779,0x8CC740,0x6FFE73,0x6CEE2B,0x5203],
-// CURVE_Order: [0xF5D3ED,0x631A5C,0xD65812,0xA2F79C,0xDEF9DE,0x14,0x0,0x0,0x0,0x0,0x1000],
-// CURVE_Gx: [0x25D51A,0x2D608F,0xB2C956,0x9525A7,0x2CC760,0xDC5C69,0x31FDD6,0xC0A4E2,0x6E53FE,0x36D3CD,0x2169],
-// CURVE_Gy: [0x666658,0x666666,0x666666,0x666666,0x666666,0x666666,0x666666,0x666666,0x666666,0x666666,0x6666],
-
-/* Curve25519 */
-// CURVETYPE: 2,
-// CURVE_A : 486662,
-// CURVE_B : [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Order: [0xF5D3ED,0x631A5C,0xD65812,0xA2F79C,0xDEF9DE,0x14,0x0,0x0,0x0,0x0,0x1000],
-// CURVE_Gx: [0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Gy: [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-
-/* NIST Curve */
-// CURVETYPE:0,
-// CURVE_A : -3,
-// CURVE_B : [0xD2604B,0x3C3E27,0xF63BCE,0xCC53B0,0x1D06B0,0x86BC65,0x557698,0xB3EBBD,0x3A93E7,0x35D8AA,0x5AC6],
-// CURVE_Order:[0x632551,0xCAC2FC,0x84F3B9,0xA7179E,0xE6FAAD,0xFFFFBC,0xFFFFFF,0xFFFFFF,0x0,0xFFFF00,0xFFFF],
-// CURVE_Gx :[0x98C296,0x3945D8,0xA0F4A1,0x2DEB33,0x37D81,0x40F277,0xE563A4,0xF8BCE6,0x2C4247,0xD1F2E1,0x6B17],
-// CURVE_Gy :[0xBF51F5,0x406837,0xCECBB6,0x6B315E,0xCE3357,0x9E162B,0x4A7C0F,0x8EE7EB,0x1A7F9B,0x42E2FE,0x4FE3],
-
-/* MF254 Modulus, Weierstrass Curve */
-//CURVETYPE:0,
-//CURVE_A : -3,
-//CURVE_B : [0xFFD08D,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3F80],
-//CURVE_Order:[0x8DF83F,0x19C4AF,0xC06FA4,0xDA375,0x818BEA,0xFFFFEB,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3F80],
-//CURVE_Gx :[0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Gy :[0xD4EBC,0xDF37F9,0x31AD65,0xF85119,0xB738E3,0x8AEBDF,0x75BD77,0x4AE15A,0x2E5601,0x3FD33B,0x140E],
-
-/* MF254 Modulus, Edwards Curve */
-//CURVETYPE:1,
-//CURVE_A : -1,
-//CURVE_B : [0x367B,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Order:[0x6E98C7,0xD3FEC4,0xB0EAF3,0x8BD62F,0x95306C,0xFFFFEB,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FFFFF,0xFE0],
-//CURVE_Gx :[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Gy :[0x2701E5,0xD0FDAF,0x187C52,0xE3212,0x329A84,0x3F4E36,0xD50236,0x951D00,0xA4C335,0xE690D6,0x19F0],
-
-
-/* MF254 Modulus, Montgomery Curve */
-// CURVETYPE: 2,
-// CURVE_A : -55790,
-// CURVE_B : [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Order: [0x6E98C7,0xD3FEC4,0xB0EAF3,0x8BD62F,0x95306C,0xFFFFEB,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FFFFF,0xFE0],
-// CURVE_Gx: [0x3,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Gy: [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-
-/* MS255 Modulus, Weierstrass Curve */
-//CURVETYPE:0,
-//CURVE_A : -3,
-//CURVE_B : [0xFFAB46,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x7FFF],
-//CURVE_Order:[0x594AEB,0xAC983C,0xDFAB8F,0x3AD2B3,0x4A3828,0xFFFF86,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x7FFF],
-//CURVE_Gx :[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Gy :[0xCB44BA,0xFF6769,0xD1733,0xDDFDA6,0xB6C78C,0x7D177D,0xF9B2FF,0x921EBF,0xBA7833,0x6AC0ED,0x6F7A],
-
-/* MS255 Modulus, Edwards Curve */
-//CURVETYPE:1,
-//CURVE_A : -1,
-//CURVE_B : [0xEA97,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Order:[0x36EB75,0xD1ED04,0x2EAC49,0xEDA683,0xF1A785,0xFFFFDC,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x1FFF],
-//CURVE_Gx :[0x4,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Gy :[0x8736A0,0x255BD0,0x45BA2A,0xED445A,0x914B8A,0x47E552,0xDD8E0C,0xEC254C,0x7BB545,0x78534A,0x26CB],
-
-/* MS255 Modulus, Montgomery Curve */
-// CURVETYPE: 2,
-// CURVE_A : -240222,
-// CURVE_B : [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Order: [0x36EB75,0xD1ED04,0x2EAC49,0xEDA683,0xF1A785,0xFFFFDC,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x1FFF],
-// CURVE_Gx: [0x4,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Gy: [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-
-/* MS256 Modulus, Weierstrass Curve */
-//CURVETYPE:0,
-//CURVE_A : -3,
-//CURVE_B : [0x25581,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Order:[0x51A825,0x202947,0x6020AB,0xEA265C,0x3C8275,0xFFFFE4,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFF],
-//CURVE_Gx :[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Gy :[0xB56C77,0x6306C2,0xC10BF4,0x75894E,0x2C2F93,0xDD6BD0,0x6CCEEE,0xFC82C9,0xE466D7,0x1853C1,0x696F],
-
-/* MS256 Modulus, Edwards Curve */
-//CURVETYPE:1,
-//CURVE_A : -1,
-//CURVE_B : [0x3BEE,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Order:[0x22B4AD,0x4E6F11,0x64E5B8,0xD0A6BC,0x6AA55A,0xFFFFBE,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FFF],
-//CURVE_Gx :[0xD,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Gy :[0x1CADBA,0x6FB533,0x3F707F,0x824D30,0x2A6D63,0x46BFBE,0xB39FA0,0xA3D330,0x1276DB,0xB41E2A,0x7D0A],
-
-/* MS256 Modulus, Montgomery Curve */
-// CURVETYPE: 2,
-// CURVE_A : -61370,
-// CURVE_B : [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Order:[0x22B4AD,0x4E6F11,0x64E5B8,0xD0A6BC,0x6AA55A,0xFFFFBE,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FFF],
-// CURVE_Gx: [0xb,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Gy: [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-
-/* MF256 Modulus, Weierstrass Curve */
-//CURVETYPE:0,
-//CURVE_A : -3,
-//CURVE_B : [0x14E6A,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Order:[0x9857EB,0xC5E1A7,0x4B9D10,0xE6E507,0x517513,0xFFFFFC,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFA7],
-//CURVE_Gx :[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Gy :[0x724D2A,0x954C2B,0x661007,0x8D94DC,0x6947EB,0xAE2895,0x26123D,0x7BABBA,0x1808CE,0x7C87BE,0x2088],
-
-/* MF256 Modulus, Edwards Curve */
-//CURVETYPE:1,
-//CURVE_A : -1,
-//CURVE_B : [0x350A,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Order:[0xEC7BAB,0x2EDED8,0xC966D9,0xB86733,0x54BBAF,0xFFFFB1,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FE9],
-//CURVE_Gx :[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Gy :[0xF3C908,0xA722F2,0x8D7DEA,0x8DFEA6,0xC05E64,0x1AACA0,0xF3DB2C,0xEAEBEE,0xCC4D5A,0xD4F8F8,0xDAD8],
-
-/* MF256 Modulus, Montgomery Curve */
-// CURVETYPE: 2,
-// CURVE_A : -54314,
-// CURVE_B : [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Order:[0xEC7BAB,0x2EDED8,0xC966D9,0xB86733,0x54BBAF,0xFFFFB1,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FE9],
-// CURVE_Gx: [0x8,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Gy: [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-
-/* Brainpool */
-// CURVETYPE:0,
-// CURVE_A : -3,
-// CURVE_B : [0xE92B04,0x8101FE,0x256AE5,0xAF2F49,0x93EBC4,0x76B7BF,0x733D0B,0xFE66A7,0xD84EA4,0x61C430,0x662C],
-// CURVE_Order:[0x4856A7,0xE8297,0xF7901E,0xB561A6,0x397AA3,0x8D718C,0x909D83,0x3E660A,0xEEA9BC,0x57DBA1,0xA9FB],
-// CURVE_Gx :[0x1305F4,0x91562E,0x2B79A1,0x7AAFBC,0xA142C4,0x6149AF,0xB23A65,0x732213,0xCFE7B7,0xEB3CC1,0xA3E8],
-// CURVE_Gy :[0x25C9BE,0xE8F35B,0x1DAB,0x39D027,0xBCB6DE,0x417E69,0xE14644,0x7F7B22,0x39C56D,0x6C8234,0x2D99],
-
-/* ANSSI */
-// CURVETYPE:0,
-// CURVE_A : -3,
-// CURVE_B : [0x7BB73F,0xED967B,0x803075,0xE4B1A1,0xEC0C9A,0xC00FDF,0x754A44,0xD4ABA,0x28A930,0x3FCA54,0xEE35],
-// CURVE_Order:[0xD655E1,0xD459C6,0x941FFD,0x40D2BF,0xDC67E1,0x435B53,0xE8CE42,0x10126D,0x3AD58F,0x178C0B,0xF1FD],
-// CURVE_Gx :[0x8F5CFF,0x7A2DD9,0x164C9,0xAF98B7,0x27D2DC,0x23958C,0x4749D4,0x31183D,0xC139EB,0xD4C356,0xB6B3],
-// CURVE_Gy :[0x62CFB,0x5A1554,0xE18311,0xE8E4C9,0x1C307,0xEF8C27,0xF0F3EC,0x1F9271,0xB20491,0xE0F7C8,0x6142],
-
-/* HIFIVE */
-// CURVETYPE:1,
-// CURVE_A : 1,
-// CURVE_B : [0x2B67,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Order:[0x1FA805,0x2B2E7D,0x29ECBE,0x3FC9DD,0xBD6B8,0x530A18,0x45057E,0x3,0x0,0x0,0x0,0x0,0x0,0x0,0x800],
-// CURVE_Gx :[0xC,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Gy :[0x7E8632,0xD0A0B,0x6C4AFB,0x501B2E,0x55650C,0x36DB6B,0x1FBD0D,0x61C08E,0x314B46,0x70A7A3,0x587401,0xC70E0,0x56502E,0x38C2D6,0x303],
-
-/* GOLDILOCKS */
-// CURVETYPE:1,
-// CURVE_A : 1,
-// CURVE_B : [0x7F6756,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7DFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FF],
-// CURVE_Order:[0x5844F3,0x52556,0x548DE3,0x6E2C7A,0x4C2728,0x52042D,0x6BB58D,0x276DA4,0x23E9C4,0x7EF994,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x1FF],
-// CURVE_Gx :[0x555555,0x2AAAAA,0x555555,0x2AAAAA,0x555555,0x2AAAAA,0x555555,0x2AAAAA,0x555555,0x52AAAA,0x2AAAAA,0x555555,0x2AAAAA,0x555555,0x2AAAAA,0x555555,0x2AAAAA,0x555555,0x2AAAAA,0x555],
-// CURVE_Gy :[0x1386ED,0x779BD5,0x2F6BAB,0xE6D03,0x4B2BED,0x131777,0x4E8A8C,0x32B2C1,0x44B80D,0x6515B1,0x5F8DB5,0x426EBD,0x7A0358,0x6DDA,0x21B0AC,0x6B1028,0xDB359,0x15AE09,0x17A58D,0x570],
-
-/* C41417 */
-// CURVETYPE:1,
-// CURVE_A : 1,
-// CURVE_B : [0xE21,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Order:[0x6AF79,0x69784,0x1B0E7,0x18F3C6,0x338AD,0xDBC70,0x6022B,0x533DC,0x3CC924,0x3FFFAC,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x7FFF],
-// CURVE_Gx :[0xBC595,0x204BCF,0xC4FD3,0x14DF19,0x33FAA8,0x4C069,0x16BA11,0x2AD35B,0x1498A4,0x15FFCD,0x3EC7F,0x27D130,0xD4636,0x9B97F,0x631C3,0x8630,0x144330,0x241450,0x1A334],
-// CURVE_Gy :[0x22,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-
-/* NIST384 */
-// CURVETYPE:0,
-// CURVE_A : -3,
-// CURVE_B : [0x6C2AEF,0x11DBA7,0x74AA17,0x51768C,0x6398D8,0x6B58CA,0x5404E1,0xA0447,0x411203,0x5DFD02,0x607671,0x4168C8,0x56BE3F,0x1311C0,0xFB9F9,0x17D3F1,0xB331],
-// CURVE_Order:[0x452973,0x32D599,0x6BB3B0,0x45853B,0x20DB24,0x3BEB03,0x7D0DCB,0x31A6C0,0x7FFFC7,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0xFFFF],
-// CURVE_Gx :[0x760AB7,0x3C70E4,0x30E951,0x7AA94B,0x2F25DB,0x470AA0,0x20950A,0x7BA0F0,0x1B9859,0x45174F,0x3874ED,0x56BA3,0x71EF32,0x71D638,0x22C14D,0x65115F,0xAA87],
-// CURVE_Gy :[0x6A0E5F,0x3AF921,0x75E90C,0x6BF40C,0xB1CE1,0x18014C,0x6D7C2E,0x6D1889,0x147CE9,0x7A5134,0x63D076,0x16E14F,0xBF929,0x6BB3D3,0x98B1B,0x6F254B,0x3617],
-
-/* NIST521 */
-// CURVETYPE:0,
-// CURVE_A : -3,
-// CURVE_B : [0x503F00,0x3FA8D6,0x47BD14,0x6961A7,0x3DF883,0x60E6AE,0x4EEC6F,0x29605E,0x137B16,0x23D8FD,0x5864E5,0x84F0A,0x1918EF,0x771691,0x6CC57C,0x392DCC,0x6EA2DA,0x6D0A81,0x688682,0x50FC94,0x18E1C9,0x27D72C,0x1465],
-// CURVE_Order:[0x386409,0x6E3D22,0x3AEDBE,0x4CE23D,0x5C9B88,0x3A0776,0x3DC269,0x6600A4,0x166B7F,0x77E5F,0x461A1E,0x7FFFD2,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFF],
-// CURVE_Gx :[0x65BD66,0x7C6385,0x6FE5F9,0x2B5214,0xB3C18,0x1BC669,0x68BFEA,0xEE093,0x5928FE,0x6FDFCE,0x52D79,0x69EDD5,0x7606B4,0x3F0515,0x4FED48,0x409C82,0x429C64,0x472B68,0x7B2D98,0x4E6CF1,0x70404E,0x31C0D6,0x31A1],
-// CURVE_Gy :[0x516650,0x28ED3F,0x222FA,0x139612,0x47086A,0x6C26A7,0x4FEB41,0x285C80,0x2640C5,0x32BDE8,0x5FB9CA,0x733164,0x517273,0x2F5F7,0x66D11A,0x2224AB,0x5998F5,0x58FA37,0x297ED0,0x22E4,0x9A3BC,0x252D4F,0x460E],
-
-/* BNCX Curve */
-
- CURVETYPE:0,
- CURVE_PAIRING_TYPE: 0,
- CURVE_A : 0,
- CURVE_B : [0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- CURVE_Cof : [0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- CURVE_Order:[0xEB1F6D,0xC0A636,0xCEBE11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400],
- CURVE_Bnx:[0xC012B1,0x3,0x4000],
- CURVE_Cru:[0x235C97,0x931794,0x5631E0,0x71EF87,0xBDDF64,0x3F1440,0xCA8,0x480000],
- CURVE_Fra:[0xC80EA3,0x83355,0x215BD9,0xF173F8,0x677326,0x189868,0x8AACA7,0xAFE18B,0x3A0164,0x82FA6,0x1359],
- CURVE_Frb:[0x534710,0x1BBC06,0xC0628D,0x269546,0xD863C7,0x4E3ABB,0xD9CDBC,0xDC53,0x3628A9,0xF7D062,0x10A6],
- CURVE_Pxa:[0xD2EC74,0x1CEEE4,0x26C085,0xA03E27,0x7C85BF,0x4BBB90,0xF5C3,0x358B25,0x53B256,0x2D2C70,0x1968],
- CURVE_Pxb:[0x29CFE1,0x8E8B2E,0xF47A5,0xC209C3,0x1B97B0,0x9743F8,0x37A8E9,0xA011C9,0x19F64A,0xB9EC3E,0x1466],
- CURVE_Pya:[0xBE09F,0xFCEBCF,0xB30CFB,0x847EC1,0x61B33D,0xE20963,0x157DAE,0xD81E22,0x332B8D,0xEDD972,0xA79],
- CURVE_Pyb:[0x98EE9D,0x4B2288,0xEBED90,0x69D2ED,0x864EA5,0x3461C2,0x512D8D,0x35C6E4,0xC4C090,0xC39EC,0x616],
- CURVE_Gx :[0x1B55B2,0x23EF5C,0xE1BE66,0x18093E,0x3FD6EE,0x66D324,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400],
- CURVE_Gy :[0x1],
-
-// Arrays must be padded!
-
- CURVE_W:[[0x2FEB83,0x634916,0x120054,0xB4038,0x0,0x60,0x0,0x0,0x0,0x0,0x0],[0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],
- CURVE_SB:[[[0xB010E4,0x63491D,0x128054,0xB4038,0x0,0x60,0x0,0x0,0x0,0x0,0x0],
- [0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],
- [[0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0xBB33EA,0x5D5D20,0xBCBDBD,0x188CE,0x3FD6EE,0x66D264,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400]]],
- CURVE_WB:[[0x7A84B0,0x211856,0xB0401C,0x3C012,0x0,0x20,0x0,0x0,0x0,0x0,0x0],
- [0x220475,0xF995BE,0x9A36CD,0xA8CA7F,0x7E94ED,0x2A0DC0,0x870,0x300000,0x0,0x0,0x0],
- [0xF10B93,0xFCCAE0,0xCD3B66,0xD4653F,0x3F4A76,0x1506E0,0x438,0x180000,0x0,0x0,0x0],
- [0xFAAA11,0x21185D,0xB0C01C,0x3C012,0x0,0x20,0x0,0x0,0x0,0x0,0x0]],
- CURVE_BB:[[[0x2B0CBD,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400],
- [0x2B0CBC,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400],
- [0x2B0CBC,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400],
- [0x802562,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],
- [[0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x2B0CBC,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400],
- [0x2B0CBD,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400],
- [0x2B0CBC,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400]],
- [[0x802562,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],
- [[0xC012B2,0x3,0x4000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x4AC2,0xF,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x6AFA0A,0xC0A62F,0xCE3E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400],
- [0xC012B2,0x3,0x4000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]]],
-
-/* BNT Curve */
-/*
-CURVETYPE:0,
-CURVE_PAIRING_TYPE: 0,
-CURVE_A : 0,
-CURVE_B : [0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-CURVE_Cof : [0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-CURVE_Order:[0x30210D,0x777E8D,0x363A75,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],
-CURVE_Bnx:[0x4081,0x806000,0x4000],
-CURVE_Cru:[0x4FCD87,0x53D5AB,0x1FADEB,0xF2BAB1,0x4C82A5,0x4C976,0x476515,0x4801B1],
-CURVE_Fra:[0xC80022,0xD14EAD,0xE359F5,0xD6FACC,0x6C4904,0x3211BE,0xF190A1,0x4F6509,0xBBC439,0xA292C9,0x1328],
-CURVE_Frb:[0xECA6F1,0xEAB040,0xD764A7,0x3DF997,0x1E0C51,0xA3DEB0,0x450657,0xAAA6A1,0x5B3D15,0x7E489B,0x10D8],
-CURVE_Pxa:[0x8E65BB,0x87E228,0x13BE89,0x1CAA63,0xCC00AD,0x548B7C,0x325041,0xBCC055,0xC1339E,0x3FCD04,0x1448],
-CURVE_Pxb:[0xDBE2C0,0x888808,0x853A67,0xF81E34,0x957FE1,0x51B57B,0xA631A,0xDA3FC5,0x4EC302,0x46B338,0x87F],
-CURVE_Pya:[0x20CA1D,0x2C47E0,0xF36C20,0x7E8399,0x4CB416,0x9F72C9,0xC6E543,0x4A2C69,0x2B0BD7,0xC29C10,0x14E8],
-CURVE_Pyb:[0x6628F2,0x437C71,0xDC6BD8,0x67BCB7,0xA27E1,0x72681D,0xA82C75,0xEDEC18,0x454BD1,0xE2A462,0x17AF],
-CURVE_Gx :[0xB4A712,0xBBFEEE,0xBABE9D,0x14F464,0x8A5556,0xD5F06E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],
-CURVE_Gy :[0x1],
-CURVE_W:[[0x838403,0x430061,0x838426,0x824199,0x18121,0x60,0x0,0x0,0x0,0x0,0x0],[0x8101,0xC000,0x8001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],
-CURVE_SB:[[[0x840504,0x43C061,0x840427,0x824199,0x18121,0x60,0x0,0x0,0x0,0x0,0x0],
- [0x8101,0xC000,0x8001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],
- [[0x8101,0xC000,0x8001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0xAC9D0A,0x347E2B,0xB2B64F,0x107131,0x875313,0xD5EFAE,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401]]],
-CURVE_WB:[[0x80C080,0x406020,0x80C161,0x80C088,0x8060,0x20,0x0,0x0,0x0,0x0,0x0],
- [0x8C4A85,0x390408,0x6C36B5,0xA352DC,0xDEAD2F,0x58868E,0xDA4363,0x300120,0x0,0x0,0x0],
- [0x464583,0xDCB204,0x363B5A,0xD1A96E,0x6F5697,0xAC4347,0x6D21B1,0x180090,0x0,0x0,0x0],
- [0x814181,0x412020,0x814162,0x80C088,0x8060,0x20,0x0,0x0,0x0,0x0,0x0]],
-CURVE_BB:[[[0x2FE08D,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],
- [0x2FE08C,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],
- [0x2FE08C,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],
- [0x8102,0xC000,0x8001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],
- [[0x8101,0xC000,0x8001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x2FE08C,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],
- [0x2FE08D,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],
- [0x2FE08C,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401]],
- [[0x8102,0xC000,0x8001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x8101,0xC000,0x8001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x8101,0xC000,0x8001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x8101,0xC000,0x8001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],
- [[0x4082,0x806000,0x4000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x10202,0x18000,0x10002,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x2FA00A,0x76BE8D,0x35BA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],
- [0x4082,0x806000,0x4000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]]],
-
-*/
-
-/* BNT2 Curve */
-/*
-CURVETYPE:0,
-CURVE_PAIRING_TYPE: 0,
-CURVE_A : 0,
-CURVE_B : [0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-CURVE_Cof : [0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-CURVE_Order:[0xAA2BF5,0x71A511,0x33D7FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],
-CURVE_Bnx:[0x608205,0x20100,0x4000],
-CURVE_Cru:[0x66BD33,0x274448,0xEFB50,0x301647,0x755B77,0xECF236,0xC3617B,0x480006],
-CURVE_Fra:[0xAEF062,0x68C973,0xE492B2,0x33C3BC,0xBCC69B,0x7F195B,0xF67FA3,0xBD0A41,0xE8CAB6,0xB8D29,0x124E],
-CURVE_Frb:[0xB1B429,0x736240,0x6D5600,0xF52D19,0x12CD48,0x50E726,0x18BBE6,0xFA43DE,0x268FF6,0xF8F517,0x11B1],
-CURVE_Pxa:[0x40A3C8,0x92399F,0x784ACC,0xE96611,0x35CDA4,0x61706B,0x7B0569,0x8279D7,0x93C631,0x17CF96,0x16FC],
-CURVE_Pxb:[0x549540,0x7A8AD8,0x61055,0xE6F651,0xDB6F7B,0xA95D17,0x565907,0x9C8188,0x597590,0xB500BD,0x1EB5],
-CURVE_Pya:[0x220513,0xECC514,0x7B147B,0x860E73,0x844A78,0x35F126,0x51B839,0x9D4DFA,0x1422AA,0xE49876,0x1E8E],
-CURVE_Pyb:[0x7CE78E,0x328F57,0x781FB9,0xE26FA5,0x7EB746,0x1FB8E2,0xA93DBC,0xA29D76,0xE33BDB,0xF4CDBA,0x23CE],
-CURVE_Gx :[0x60A48A,0xDC2BB4,0x51E8B2,0x28F0D6,0xCF93E4,0xD00081,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],
-CURVE_Gy :[0x1],
-CURVE_W:[[0x347083,0x6282A1,0x1D10B7,0x1399E,0x603,0x60,0x0,0x0,0x0,0x0,0x0],
- [0xC10409,0x40200,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],
-CURVE_SB:[[[0xF5748C,0x6684A1,0x1D90B7,0x1399E,0x603,0x60,0x0,0x0,0x0,0x0,0x0],
- [0xC10409,0x40200,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],
- [[0xC10409,0x40200,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x75BB72,0xF2270,0x16C744,0x267D9A,0xCF87DE,0xCFFFC1,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400]]],
-CURVE_WB:[[0x70A224,0x72D48A,0x94592,0x688A,0x201,0x20,0x0,0x0,0x0,0x0,0x0],
- [0x30EF19,0x572CF0,0x721D5A,0x763543,0xA39651,0x48A1B9,0x8240FD,0x300004,0x0,0x0,0x0],
- [0x48B88F,0x2C96F8,0xB92EAD,0xBB1AA1,0xD1CB28,0xA450DC,0x41207E,0x180002,0x0,0x0,0x0],
- [0x31A62D,0x76D68B,0x9C592,0x688A,0x201,0x20,0x0,0x0,0x0,0x0,0x0]],
-CURVE_BB:[[[0x49A9F1,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],
- [0x49A9F0,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],
- [0x49A9F0,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],
- [0xC1040A,0x40200,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],
- [[0xC10409,0x40200,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x49A9F0,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],
- [0x49A9F1,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],
- [0x49A9F0,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400]],
- [[0xC1040A,0x40200,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0xC10409,0x40200,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0xC10409,0x40200,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0xC10409,0x40200,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],
- [[0x608206,0x20100,0x4000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x820812,0x80401,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0xE927EA,0x6DA310,0x3357FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],
- [0x608206,0x20100,0x4000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]]],
-*/
-
-/* BN254 Curve */
-/*
-CURVETYPE:0,
-CURVE_PAIRING_TYPE: 0,
-CURVE_A : 0,
-CURVE_B : [0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-CURVE_Cof : [0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-CURVE_Order:[0xD,0x0,0x10A100,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],
-CURVE_Bnx:[0x1,0x0,0x4080],
-CURVE_Cru:[0x7,0x0,0x6CD80,0x0,0x90000,0x249,0x400000,0x49B362],
-CURVE_Fra:[0x2A6DE9,0xE6C06F,0xC2E17D,0x4D3F77,0x97492,0x953F85,0x50A846,0xB6499B,0x2E7C8C,0x761921,0x1B37],
-CURVE_Frb:[0xD5922A,0x193F90,0x50C582,0xB2C088,0x178B6D,0x6AC8DC,0x2F57B9,0x3EAB2,0xD18375,0xEE691E,0x9EB],
-CURVE_Pxa:[0x3FB2B,0x4224C8,0xD91EE,0x4898BF,0x648BBB,0xEDB6A4,0x7E8C61,0xEB8D8C,0x9EB62F,0x10BB51,0x61A],
-CURVE_Pxb:[0xD54CF3,0x34C1E7,0xB70D8C,0xAE3784,0x4D746B,0xAA5B1F,0x8C5982,0x310AA7,0x737833,0xAAF9BA,0x516],
-CURVE_Pya:[0xCD2B9A,0xE07891,0xBD19F0,0xBDBE09,0xBD0AE6,0x822329,0x96698C,0x9A90E0,0xAF9343,0x97A06B,0x218],
-CURVE_Pyb:[0x3ACE9B,0x1AEC6B,0x578A2D,0xD739C9,0x9006FF,0x8D37B0,0x56F5F3,0x8F6D44,0x8B1526,0x2B0E7C,0xEBB],
-CURVE_Gx :[0x12,0x0,0x13A700,0x0,0x210000,0x861,0x800000,0xBA344D,0x1,0x648240,0x2523],
-CURVE_Gy :[0x1],
-CURVE_W:[[0x3,0x0,0x20400,0x0,0x818000,0x61,0x0,0x0,0x0,0x0,0x0],[0x1,0x0,0x8100,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],
-CURVE_SB:[[[0x4,0x0,0x28500,0x0,0x818000,0x61,0x0,0x0,0x0,0x0,0x0],[0x1,0x0,0x8100,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x1,0x0,0x8100,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0xA,0x0,0xE9D00,0x0,0x1E0000,0x79E,0x800000,0xBA344D,0x1,0x648240,0x2523]]],
-CURVE_WB:[[0x0,0x0,0x4080,0x0,0x808000,0x20,0x0,0x0,0x0,0x0,0x0],[0x5,0x0,0x54A80,0x0,0x70000,0x1C7,0x800000,0x312241,0x0,0x0,0x0],[0x3,0x0,0x2C580,0x0,0x838000,0xE3,0xC00000,0x189120,0x0,0x0,0x0],[0x1,0x0,0xC180,0x0,0x808000,0x20,0x0,0x0,0x0,0x0,0x0]],
-CURVE_BB:[[[0xD,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0xC,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0xC,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0x2,0x0,0x8100,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x1,0x0,0x8100,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0xC,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0xD,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0xC,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523]],[[0x2,0x0,0x8100,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x0,0x8100,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x0,0x8100,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x0,0x8100,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x2,0x0,0x4080,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x2,0x0,0x10200,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0xA,0x0,0x102000,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0x2,0x0,0x4080,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]]],
-*/
-
-/* BN454 Curve */
-/*
-CURVETYPE:0,
-CURVE_PAIRING_TYPE: 0,
-CURVE_A : 0,
-
-CURVE_Order:[0xD,0x8400,0x780000,0x100003,0x2006C4,0x49F88,0x513F00,0x610000,0x7C0091,0x7C03A9,0x36A21,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9090,0x1B000,0x24000,0x12000],
-CURVE_B: [0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-CURVE_Cof: [0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-CURVE_Gx:[0x12,0x9C00,0x100000,0x700004,0x6006C4,0x4A109,0x514200,0x640000,0x80091,0x803AA,0x36A22,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9090,0x1B000,0x24000,0x12000],
-CURVE_Gy:[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-
-CURVE_Bnx:[0x1,0x200,0x0,0x80000,0x100000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-CURVE_Cru:[0x7,0x3600,0x100000,0x580001,0x300121,0x903,0xD9200,0x2D0000,0x480000,0x48006C,0x1B0,0x91B0,0x36000,0x6C000,0x48000,0x0,0x0,0x0,0x0,0x0],
-CURVE_Fra:[0x73B0EC,0x393FAA,0x6E0C0B,0x1D485C,0x2EEE6C,0x62FD8F,0x4D280A,0x6E835B,0x2D6A87,0x37B2AC,0x568803,0x7657E5,0x129326,0x3B9C4D,0x67175B,0x159909,0x61CCD9,0x4D0FD7,0x7B1C9E,0x973C],
-CURVE_Frb:[0xC4F27,0x475C55,0x21F3F4,0x52B7A7,0x311858,0x21A37A,0x419F5,0x757CA5,0x5A9609,0x5050FD,0x2CE21E,0x1A923A,0xF2CD9,0x6CE3C5,0x33E910,0x6A79CE,0x1EC3B6,0x34A028,0x72361,0x88C3],
-CURVE_Pxa:[0x702B14,0x775841,0x6C7EE8,0x786615,0x3C30BE,0x5FFE6D,0x1AD7F3,0x77F16D,0x1FE1E7,0x5DBF8,0x5150DA,0x4BCA41,0x2D66CC,0x197743,0x6ED766,0x57F0B1,0x68F14A,0x2A106C,0x53E035,0xA01E],
-CURVE_Pxb:[0x5BF266,0x5A1D88,0x5BA701,0x3C11E1,0x65ACBB,0x378A46,0x91E43,0x7E9723,0x72F769,0x77CD,0x5C7782,0x554A8C,0x7BA9E2,0x7CACCA,0x5CDFA,0x6A92C2,0x4B1E40,0x5D002,0x35A785,0xACA9],
-CURVE_Pya:[0x1B15C7,0x56D77C,0x2D24E6,0x2AAE36,0x726024,0x69F6BB,0x194651,0x2338E2,0x7C5DD5,0x44EF51,0x3EAAEA,0x774179,0x300871,0xC9875,0x289B87,0x3D07F0,0x12C528,0x578DB6,0x10011E,0xEB3D],
-CURVE_Pyb:[0x571D60,0x4DF6C0,0x63B043,0x3D8946,0x127184,0x4CB8FD,0x349D4E,0x45F387,0x743376,0x4C096,0x6145D7,0x408801,0x4F0B46,0x578BD4,0x432922,0x1F6C8F,0x753F90,0x5935B,0x8D821,0x4BB7],
-CURVE_W:[[0x3,0x1000,0x180000,0x400000,0x0,0x181,0x300,0x30000,0xC0000,0xC0000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x400,0x0,0x100000,0x200000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],
-CURVE_SB:[[[0x4,0x1400,0x180000,0x500000,0x200000,0x181,0x300,0x30000,0xC0000,0xC0000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x400,0x0,0x100000,0x200000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x1,0x400,0x0,0x100000,0x200000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0xA,0x7400,0x600000,0x500003,0x2006C3,0x49E07,0x513C00,0x5E0000,0x700091,0x7003A9,0x36A21,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9090,0x1B000,0x24000,0x12000]]],
-CURVE_WB:[[0x0,0x200,0x80000,0x80000,0x100000,0x80,0x100,0x10000,0x40000,0x40000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x5,0x2A00,0x700000,0x280000,0x5000C1,0x702,0x90E00,0x200000,0x380000,0x380048,0x120,0x6120,0x24000,0x48000,0x30000,0x0,0x0,0x0,0x0,0x0],[0x3,0x1600,0x380000,0x580000,0x300060,0x381,0x48700,0x100000,0x1C0000,0x1C0024,0x90,0x3090,0x12000,0x24000,0x18000,0x0,0x0,0x0,0x0,0x0],[0x1,0x600,0x80000,0x180000,0x300000,0x80,0x100,0x10000,0x40000,0x40000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],
-CURVE_BB:[[[0xD,0x8200,0x780000,0x80003,0x1006C4,0x49F88,0x513F00,0x610000,0x7C0091,0x7C03A9,0x36A21,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9090,0x1B000,0x24000,0x12000],[0xC,0x8200,0x780000,0x80003,0x1006C4,0x49F88,0x513F00,0x610000,0x7C0091,0x7C03A9,0x36A21,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9090,0x1B000,0x24000,0x12000],[0xC,0x8200,0x780000,0x80003,0x1006C4,0x49F88,0x513F00,0x610000,0x7C0091,0x7C03A9,0x36A21,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9090,0x1B000,0x24000,0x12000],[0x2,0x400,0x0,0x100000,0x200000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x1,0x400,0x0,0x100000,0x200000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0xC,0x8200,0x780000,0x80003,0x1006C4,0x49F88,0x513F00,0x610000,0x7C0091,0x7C03A9,0x36A21,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9090,0x1B000,0x24000,0x12000],[0xD,0x8200,0x780000,0x80003,0x1006C4,0x49F88,0x513F00,0x610000,0x7C0091,0x7C03A9,0x36A21,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9
090,0x1B000,0x24000,0x12000],[0xC,0x8200,0x780000,0x80003,0x1006C4,0x49F88,0x513F00,0x610000,0x7C0091,0x7C03A9,0x36A21,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9090,0x1B000,0x24000,0x12000]],[[0x2,0x400,0x0,0x100000,0x200000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x400,0x0,0x100000,0x200000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x400,0x0,0x100000,0x200000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x400,0x0,0x100000,0x200000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x2,0x200,0x0,0x80000,0x100000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x2,0x800,0x0,0x200000,0x400000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0xA,0x8000,0x780000,0x3,0x6C4,0x49F88,0x513F00,0x610000,0x7C0091,0x7C03A9,0x36A21,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9090,0x1B000,0x24000,0x12000],[0x2,0x200,0x0,0x80000,0x100000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x
0,0x0,0x0,0x0]]],
-*/
-
-/* BLS455 Curve */
-/*
-CURVETYPE:0,
-CURVE_PAIRING_TYPE: 1,
-CURVE_A : 0,
-
-CURVE_Order:[0x400001,0xFFFFF,0x70000,0x20000,0xA0000,0x3A200,0x1D400,0x12F00,0x4F00,0x1E20,0xB80,0x1C0,0x80,0x20,0x0,0x0,0x0,0x0,0x0,0x0],
-CURVE_B: [0xA,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-CURVE_Cof: [0x3FFAAB,0x2FFF55,0x2DAA55,0x2DAA55,0x2B1555,0x2AD555,0x1555,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-CURVE_Gx:[0x7CEDD1,0xBBBFB,0x3EDB53,0x59D01A,0x5C6F43,0x38E4A6,0x55A95E,0xBF82D,0x611B32,0x6571D9,0xE4AC7,0x5867F4,0x1F342A,0x6CF329,0x47B8C9,0x76D2C8,0x4C56AB,0xBC81,0x57CECC,0xC42],
-CURVE_Gy:[0x619B9B,0x7AF34C,0x219013,0x6B7D01,0x1D80A5,0x34926D,0xC8B64,0x477391,0x1C1E96,0x5CB086,0x7D7EC7,0x4A9C00,0x4A9BC8,0x3C711D,0x7503FA,0x6B6FD7,0x43DEB0,0x7130BF,0x6DDFA7,0xCD46],
-
-CURVE_Bnx:[0x800,0x100,0x80,0x80,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-CURVE_Cru:[0xAA9,0x5FF800,0xAA480,0x7A51BB,0x7A5190,0x1FD921,0x6F7552,0x54595C,0x33A586,0x68D3B6,0x76675E,0x1AA657,0x491731,0x7FCD2B,0x2340BF,0x77ADA,0x2A900E,0x72AAAE,0x655555,0x2AAAA],
-CURVE_Fra:[0x2EBF21,0x1F7B94,0x590273,0x399BCC,0x72F54A,0xA930A,0x7E21D5,0x23940C,0x51F853,0x778395,0x13C08A,0x6A1ACA,0x282CD7,0x61EF7,0x3E0634,0x53A2CA,0x5C0016,0x397C75,0x125CFB,0x1CBF5],
-CURVE_Frb:[0x51438A,0x60876B,0x1A80C,0x1FB97E,0x65A00C,0x18E1CD,0x2D1846,0x4A38BD,0x42C060,0x3275D0,0x1BA45A,0x9650,0x3B78DA,0x1CDD4,0x667A8C,0x34280F,0x4E9FF7,0x392E38,0x52F85A,0xDEB5],
-CURVE_Pxa:[0x41F542,0x3E41E1,0x4011D,0x7C2B3F,0x5D6070,0x7AEECC,0x262ECC,0xEBC03,0x153172,0x6D0BDA,0x1271C7,0x762DB5,0x303D3F,0x2A79D6,0x4193FD,0x31C6F7,0x31B4C4,0x181D34,0x4BEA00,0x17658],
-CURVE_Pxb:[0x49F03D,0xDDCCE,0x4BA642,0x2D62F7,0x9A55A,0x5402DD,0x3B3623,0x33DA0D,0x6163E0,0x48A1FC,0x25BD88,0x70E471,0x755066,0x664DD0,0x486521,0x2CD407,0xBEAEE,0x5B7F76,0x7F3819,0x767],
-CURVE_Pya:[0x1A77F4,0x6B48B0,0x42A0C8,0x5BD3F0,0x70F367,0x2B73B3,0x1299B5,0x647D06,0xD6EC4,0x7ECBC,0x7B0BBC,0x4CE0D4,0x1C7DC2,0x1F4B59,0x4F2887,0x221922,0x2BB9C5,0x7B9AB,0x76429B,0x11238],
-CURVE_Pyb:[0x1FDBA2,0x76DB3C,0x55BD04,0x9ED01,0x7E6309,0x111C54,0x4F66B1,0x2FDE48,0x340158,0x4F9EC3,0x27B5CB,0xD90E4,0x656D80,0xAB1F2,0x487BB8,0x4C7CF4,0x3CFC86,0x256F60,0xF2A0F,0x19A8],
-
-// not used
-CURVE_W:[[],[]],
-CURVE_SB:[[[],[]],[[],[]]],
-CURVE_WB:[[],[],[],[]],
-CURVE_BB:[[[],[],[],[]],[[],[],[],[]],[[],[],[],[]],[[],[],[],[]]],
-*/
-
-
-/* BLS383 Curve */
-/*
-CURVETYPE:0,
-CURVE_PAIRING_TYPE: 1,
-CURVE_A : 0,
-
-CURVE_Order:[0x7FF001,0x700001,0x6003FF,0x387F3,0x4BFDE0,0xBDBE3,0x127,0x3D18,0x7F910,0x198800,0x190401,0xA,0x0,0x0,0x0,0x0,0x0],
-CURVE_B: [0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-CURVE_Cof: [0x52B,0x54000,0x328000,0x555559,0x55560A,0xC0A,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-CURVE_Gx:[0x10786B,0x36691A,0x2B4356,0x71FAA,0x33477C,0xAF173,0x496DCD,0x37B2DF,0x4007BB,0x389ED5,0x3FD5FA,0x7EAC18,0x6EC02E,0x3F11F6,0x262B6E,0x67725E,0xB08],
-CURVE_Gy:[0x145DDB,0x34047A,0x5F3017,0x462FF7,0x713F51,0x5654CD,0x3B0D18,0x492FAB,0x19C7A,0x7D2DE6,0x660488,0x30823,0x5BE599,0x215B1E,0x1C4120,0x499BB,0x1F39],
-
-CURVE_Bnx:[0x40,0x2000,0x44000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-CURVE_Cru:[0x2155A9,0x5589DB,0x78F68E,0x43B0F2,0x5DF2FE,0x4C64C4,0x37EAB7,0x1AD35E,0x128D30,0x6A246,0x6FAB5A,0x5F9D15,0x24190D,0x756408,0x7DD717,0x104054,0x7AC5],
-CURVE_Fra:[0x34508B,0x4B3525,0x4D0CAE,0x503777,0x463DB7,0x3BF78E,0xD072C,0x2AE9A0,0x69D32D,0x282C73,0x1730DB,0xCD9F8,0x6AB98B,0x7DC9B0,0x1CBCC8,0x7D8CC3,0x5A5],
-CURVE_Frb:[0x7904E0,0xA352F,0x28DE04,0x537843,0x3B7D49,0x6FB715,0x4FBAE2,0x4AA1C7,0x183C6C,0x3BDDEF,0x5272CD,0x532FB2,0x3FBEC7,0x22EEF9,0x611A4F,0x12B391,0x751F],
-CURVE_Pxa:[0x2C9472,0x3310B7,0xDB581,0xEF16E,0x77C4D3,0x119114,0x72430C,0x447E5E,0x1971C6,0x4E53E0,0x710FC5,0x349A9C,0x6B8BF3,0x4B4AC3,0x2FF607,0x3915AB,0x4D50],
-CURVE_Pxb:[0x72AB23,0x17AF44,0x73A26D,0x6A7A26,0x47AF19,0x640D46,0x5BDEE4,0xCFD9F,0x53E2A8,0x5CAE3B,0x58D75F,0x515D1D,0x1A1263,0x18F018,0x16EB0A,0x30BE1F,0xEE3],
-CURVE_Pya:[0x7BD4FD,0x24612E,0x7F1A07,0x3906FE,0x40B660,0x191341,0x7F2564,0x143D20,0x3CF878,0x4A5C3F,0x53BB9,0x8E118,0x3325E0,0x7102D7,0x170A21,0x42CD0,0x8F4],
-CURVE_Pyb:[0x2C4CE6,0x44144A,0x32297,0x3A57FA,0x35907A,0x4891DE,0x5D8290,0x50CCA0,0x2B0FD,0x13FFDF,0x6353A9,0x794D0,0x4997BA,0x6F70DC,0x4AB1F,0x5DD446,0x1DCA],
-
-// not used
-CURVE_W:[[],[]],
-CURVE_SB:[[[],[]],[[],[]]],
-CURVE_WB:[[],[],[],[]],
-CURVE_BB:[[[],[],[],[]],[[],[],[],[]],[[],[],[],[]],[[],[],[],[]]],
-
-*/
-
- USE_GLV: false,
- USE_GS_G2: false,
- USE_GS_GT: false,
- GT_STRONG: false,
-
- debug: false,
-
-
-// AES constants
-
- ECB:0,
- CBC:1,
- CFB1:2,
- CFB2:3,
- CFB4:5,
- OFB1:14,
- OFB2:15,
- OFB4:17,
- OFB8:21,
- OFB16:29,
- CTR1:30,
- CTR2:31,
- CTR4:33,
- CTR8:37,
- CTR16:45,
-
-// GCM constants
-
- GCM_ACCEPTING_HEADER:0,
- GCM_ACCEPTING_CIPHER:1,
- GCM_NOT_ACCEPTING_MORE:2,
- GCM_FINISHED:3,
- GCM_ENCRYPTING:0,
- GCM_DECRYPTING:1
-
-};
-
-ROM.MODINV=(Math.pow(2,-ROM.BASEBITS))
-ROM.NLEN=(1+(Math.floor((ROM.MODBITS-1)/ROM.BASEBITS)));
-ROM.DNLEN=2*ROM.NLEN;
-ROM.BMASK=(1<<ROM.BASEBITS)-1;
-ROM.MODBYTES=(1+(Math.floor((ROM.MODBITS-1)/8)));
-ROM.NEXCESS=(1<<(ROM.CHUNK-ROM.BASEBITS-1)); // 2^(CHUNK-BASEBITS-1)
-ROM.FEXCESS=(1<<(ROM.BASEBITS*ROM.NLEN-ROM.MODBITS)); // 2^(BASEBITS*NLEN-MODBITS)
-ROM.OMASK=(-1)<<ROM.TBITS;
-ROM.TBITS=ROM.MODBITS%ROM.BASEBITS;
-ROM.TMASK=(1<<ROM.TBITS)-1;
-ROM.BIGBITS=(8*ROM.MODBYTES);
-
-ROM.FF_BITS=(ROM.BIGBITS*ROM.FFLEN);
-ROM.HFLEN=(ROM.FFLEN/2); /* Useful for half-size RSA private key operations */
[41/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/go/ECP2.go
----------------------------------------------------------------------
diff --git a/version22/go/ECP2.go b/version22/go/ECP2.go
deleted file mode 100644
index 30fe1e4..0000000
--- a/version22/go/ECP2.go
+++ /dev/null
@@ -1,568 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* MiotCL Weierstrass elliptic curve functions over FP2 */
-
-package main
-
-//import "fmt"
-
-type ECP2 struct {
- x *FP2
- y *FP2
- z *FP2
- INF bool
-}
-
-func NewECP2() *ECP2 {
- E:=new(ECP2)
- E.x=NewFP2int(0)
- E.y=NewFP2int(1)
- E.z=NewFP2int(1)
- E.INF=true
- return E
-}
-
-/* Test this=O? */
-func (E *ECP2) is_infinity() bool {
- return E.INF
-}
-/* copy this=P */
-func (E *ECP2) copy(P *ECP2) {
- E.x.copy(P.x)
- E.y.copy(P.y)
- E.z.copy(P.z)
- E.INF=P.INF
-}
-/* set this=O */
-func (E *ECP2) inf() {
- E.INF=true
- E.x.zero()
- E.y.zero()
- E.z.zero()
-}
-
-/* set this=-this */
-func (E *ECP2) neg() {
- if E.is_infinity() {return}
- E.y.neg(); E.y.reduce()
-}
-
-/* Conditional move of Q to P dependant on d */
-func (E *ECP2) cmove(Q *ECP2,d int) {
- E.x.cmove(Q.x,d)
- E.y.cmove(Q.y,d)
- E.z.cmove(Q.z,d)
-
- var bd bool
- if (d==0) {
- bd=false
- } else {bd=true}
- E.INF=(E.INF!=(E.INF!=Q.INF)&&bd)
-}
-
-/* Constant time select from pre-computed table */
-func (E *ECP2) selector(W []*ECP2,b int32) {
- MP:=NewECP2()
- m:=b>>31
- babs:=(b^m)-m
-
- babs=(babs-1)/2
-
- E.cmove(W[0],teq(babs,0)) // conditional move
- E.cmove(W[1],teq(babs,1))
- E.cmove(W[2],teq(babs,2))
- E.cmove(W[3],teq(babs,3))
- E.cmove(W[4],teq(babs,4))
- E.cmove(W[5],teq(babs,5))
- E.cmove(W[6],teq(babs,6))
- E.cmove(W[7],teq(babs,7))
-
- MP.copy(E)
- MP.neg()
- E.cmove(MP,int(m&1))
-}
-
-/* Test if P == Q */
-func (E *ECP2) equals(Q *ECP2) bool {
- if E.is_infinity() && Q.is_infinity() {return true}
- if E.is_infinity() || Q.is_infinity() {return false}
-
- zs2:=NewFP2copy(E.z); zs2.sqr()
- zo2:=NewFP2copy(Q.z); zo2.sqr()
- zs3:=NewFP2copy(zs2); zs3.mul(E.z)
- zo3:=NewFP2copy(zo2); zo3.mul(Q.z)
- zs2.mul(Q.x)
- zo2.mul(E.x)
- if !zs2.equals(zo2) {return false}
- zs3.mul(Q.y)
- zo3.mul(E.y)
- if !zs3.equals(zo3) {return false}
-
- return true
-}
-
-/* set to Affine - (x,y,z) to (x,y) */
-func (E *ECP2) affine() {
- if E.is_infinity() {return}
- one:=NewFP2int(1)
- if E.z.equals(one) {return}
- E.z.inverse()
-
- z2:=NewFP2copy(E.z);
- z2.sqr()
- E.x.mul(z2); E.x.reduce()
- E.y.mul(z2)
- E.y.mul(E.z); E.y.reduce()
- E.z.copy(one)
-}
-
-/* extract affine x as FP2 */
-func (E *ECP2) getX() *FP2 {
- E.affine()
- return E.x
-}
-/* extract affine y as FP2 */
-func (E *ECP2) getY() *FP2 {
- E.affine();
- return E.y;
-}
-/* extract projective x */
-func (E *ECP2) getx() *FP2 {
- return E.x
-}
-/* extract projective y */
-func (E *ECP2) gety() *FP2 {
- return E.y
-}
-/* extract projective z */
-func (E *ECP2) getz() *FP2 {
- return E.z
-}
-
-/* convert to byte array */
-func (E *ECP2) toBytes(b []byte) {
- var t [int(MODBYTES)]byte
- MB:=int(MODBYTES)
-
- E.affine()
- E.x.getA().toBytes(t[:])
- for i:=0;i<MB;i++ { b[i]=t[i]}
- E.x.getB().toBytes(t[:])
- for i:=0;i<MB;i++ { b[i+MB]=t[i]}
-
- E.y.getA().toBytes(t[:])
- for i:=0;i<MB;i++ {b[i+2*MB]=t[i]}
- E.y.getB().toBytes(t[:])
- for i:=0;i<MB;i++ {b[i+3*MB]=t[i]}
-}
-
-/* convert from byte array to point */
-func ECP2_fromBytes(b []byte) *ECP2 {
- var t [int(MODBYTES)]byte
- MB:=int(MODBYTES)
-
- for i:=0;i<MB;i++ {t[i]=b[i]}
- ra:=fromBytes(t[:])
- for i:=0;i<MB;i++ {t[i]=b[i+MB]}
- rb:=fromBytes(t[:])
- rx:=NewFP2bigs(ra,rb)
-
- for i:=0;i<MB;i++ {t[i]=b[i+2*MB]}
- ra=fromBytes(t[:])
- for i:=0;i<MB;i++ {t[i]=b[i+3*MB]}
- rb=fromBytes(t[:])
- ry:=NewFP2bigs(ra,rb)
-
- return NewECP2fp2s(rx,ry)
-}
-
-/* convert this to hex string */
-func (E *ECP2) toString() string {
- if E.is_infinity() {return "infinity"}
- E.affine()
- return "("+E.x.toString()+","+E.y.toString()+")"
-}
-
-/* Calculate RHS of twisted curve equation x^3+B/i */
-func RHS2(x *FP2) *FP2 {
- x.norm()
- r:=NewFP2copy(x)
- r.sqr()
- b:=NewFP2big(NewBIGints(CURVE_B))
- b.div_ip()
- r.mul(x)
- r.add(b)
-
- r.reduce()
- return r
-}
-
-/* construct this from (x,y) - but set to O if not on curve */
-func NewECP2fp2s(ix *FP2,iy *FP2) *ECP2 {
- E:=new(ECP2)
- E.x=NewFP2copy(ix)
- E.y=NewFP2copy(iy)
- E.z=NewFP2int(1)
- rhs:=RHS2(E.x)
- y2:=NewFP2copy(E.y)
- y2.sqr()
- if y2.equals(rhs) {
- E.INF=false
- } else {E.x.zero();E.INF=true}
- return E
-}
-
-/* construct this from x - but set to O if not on curve */
-func NewECP2fp2(ix *FP2) *ECP2 {
- E:=new(ECP2)
- E.x=NewFP2copy(ix)
- E.y=NewFP2int(1)
- E.z=NewFP2int(1)
- rhs:=RHS2(E.x)
- if rhs.sqrt() {
- E.y.copy(rhs)
- E.INF=false;
- } else {E.x.zero();E.INF=true}
- return E
-}
-
-/* this+=this */
-func (E *ECP2) dbl() int {
- if E.INF {return -1}
- if E.y.iszilch() {
- E.inf()
- return -1
- }
-
- w1:=NewFP2copy(E.x)
- w2:=NewFP2int(0)
- w3:=NewFP2copy(E.x)
- w8:=NewFP2copy(E.x)
-
- w1.sqr()
- w8.copy(w1)
- w8.imul(3)
-
- w2.copy(E.y); w2.sqr()
- w3.copy(E.x); w3.mul(w2)
- w3.imul(4)
- w1.copy(w3); w1.neg()
- w1.norm();
-
- E.x.copy(w8); E.x.sqr()
- E.x.add(w1)
- E.x.add(w1)
- E.x.norm()
-
- E.z.mul(E.y)
- E.z.add(E.z)
-
- w2.add(w2)
- w2.sqr()
- w2.add(w2)
- w3.sub(E.x);
- E.y.copy(w8); E.y.mul(w3)
- // w2.norm();
- E.y.sub(w2)
-
- E.y.norm()
- E.z.norm()
-
- return 1
-}
-
-/* this+=Q - return 0 for add, 1 for double, -1 for O */
-func (E *ECP2) add(Q *ECP2) int {
- if E.INF {
- E.copy(Q)
- return -1
- }
- if Q.INF {return -1}
-
- aff:=false
-
- if Q.z.isunity() {aff=true}
-
- var A,C *FP2
- B:=NewFP2copy(E.z)
- D:=NewFP2copy(E.z)
- if !aff{
- A=NewFP2copy(Q.z)
- C=NewFP2copy(Q.z)
-
- A.sqr(); B.sqr()
- C.mul(A); D.mul(B)
-
- A.mul(E.x)
- C.mul(E.y)
- } else {
- A=NewFP2copy(E.x)
- C=NewFP2copy(E.y)
-
- B.sqr()
- D.mul(B)
- }
-
- B.mul(Q.x); B.sub(A)
- D.mul(Q.y); D.sub(C)
-
- if B.iszilch() {
- if D.iszilch() {
- E.dbl()
- return 1
- } else {
- E.INF=true
- return -1
- }
- }
-
- if !aff {E.z.mul(Q.z)}
- E.z.mul(B)
-
- e:=NewFP2copy(B); e.sqr()
- B.mul(e)
- A.mul(e)
-
- e.copy(A)
- e.add(A); e.add(B)
- E.x.copy(D); E.x.sqr(); E.x.sub(e)
-
- A.sub(E.x);
- E.y.copy(A); E.y.mul(D)
- C.mul(B); E.y.sub(C)
-
- E.x.norm()
- E.y.norm()
- E.z.norm()
-
- return 0
-}
-
-/* set this-=Q */
-func (E *ECP2) sub(Q *ECP2) int {
- Q.neg()
- D:=E.add(Q)
- Q.neg()
- return D
-}
-/* set this*=q, where q is Modulus, using Frobenius */
-func (E *ECP2) frob(X *FP2) {
- if E.INF {return}
- X2:=NewFP2copy(X)
- X2.sqr()
- E.x.conj()
- E.y.conj()
- E.z.conj()
- E.z.reduce();
- E.x.mul(X2)
- E.y.mul(X2)
- E.y.mul(X)
-}
-
-/* normalises m-array of ECP2 points. Requires work vector of m FP2s */
-
-func multiaffine2(m int,P []*ECP2) {
- t1:=NewFP2int(0)
- t2:=NewFP2int(0)
-
- var work []*FP2
-
- for i:=0;i<m;i++ {
- work=append(work,NewFP2int(0))
- }
-
- work[0].one()
- work[1].copy(P[0].z)
-
- for i:=2;i<m;i++ {
- work[i].copy(work[i-1])
- work[i].mul(P[i-1].z)
- }
-
- t1.copy(work[m-1]); t1.mul(P[m-1].z)
-
- t1.inverse()
-
- t2.copy(P[m-1].z)
- work[m-1].mul(t1)
-
- for i:=m-2;;i-- {
- if i==0 {
- work[0].copy(t1)
- work[0].mul(t2)
- break
- }
- work[i].mul(t2);
- work[i].mul(t1);
- t2.mul(P[i].z);
- }
-/* now work[] contains inverses of all Z coordinates */
-
- for i:=0;i<m;i++ {
- P[i].z.one();
- t1.copy(work[i]); t1.sqr()
- P[i].x.mul(t1)
- t1.mul(work[i])
- P[i].y.mul(t1)
- }
-}
-
-/* P*=e */
-func (E *ECP2) mul(e *BIG) *ECP2 {
-/* fixed size windows */
- mt:=NewBIG()
- t:=NewBIG()
- P:=NewECP2()
- Q:=NewECP2()
- C:=NewECP2()
-
- if E.is_infinity() {return NewECP2()}
-
- var W []*ECP2
- var w [1+(NLEN*int(BASEBITS)+3)/4]int8
-
- E.affine()
-
-/* precompute table */
- Q.copy(E)
- Q.dbl()
-
- W=append(W,NewECP2())
- W[0].copy(E);
-
- for i:=1;i<8;i++ {
- W=append(W,NewECP2())
- W[i].copy(W[i-1])
- W[i].add(Q)
- }
-
-/* convert the table to affine */
-
- multiaffine2(8,W[:])
-
-/* make exponent odd - add 2P if even, P if odd */
- t.copy(e)
- s:=int(t.parity())
- t.inc(1); t.norm(); ns:=int(t.parity()); mt.copy(t); mt.inc(1); mt.norm()
- t.cmove(mt,s)
- Q.cmove(E,ns)
- C.copy(Q)
-
- nb:=1+(t.nbits()+3)/4
-/* convert exponent to signed 4-bit window */
- for i:=0;i<nb;i++ {
- w[i]=int8(t.lastbits(5)-16)
- t.dec(int(w[i])); t.norm()
- t.fshr(4)
- }
- w[nb]=int8(t.lastbits(5))
-
- P.copy(W[(w[nb]-1)/2])
- for i:=nb-1;i>=0;i-- {
- Q.selector(W,int32(w[i]))
- P.dbl()
- P.dbl()
- P.dbl()
- P.dbl()
- P.add(Q)
- }
- P.sub(C)
- P.affine()
- return P
-}
-
-/* P=u0.Q0+u1*Q1+u2*Q2+u3*Q3 */
-func mul4(Q []*ECP2,u []*BIG) *ECP2 {
- var a [4]int8
- T:=NewECP2()
- C:=NewECP2()
- P:=NewECP2()
-
- var W [] *ECP2
-
- mt:=NewBIG()
- var t []*BIG
-
- var w [NLEN*int(BASEBITS)+1]int8
-
- for i:=0;i<4;i++ {
- t=append(t,NewBIGcopy(u[i]));
- Q[i].affine();
- }
-
-/* precompute table */
-
- W=append(W,NewECP2()); W[0].copy(Q[0]); W[0].sub(Q[1])
- W=append(W,NewECP2()); W[1].copy(W[0])
- W=append(W,NewECP2()); W[2].copy(W[0])
- W=append(W,NewECP2()); W[3].copy(W[0])
- W=append(W,NewECP2()); W[4].copy(Q[0]); W[4].add(Q[1])
- W=append(W,NewECP2()); W[5].copy(W[4])
- W=append(W,NewECP2()); W[6].copy(W[4])
- W=append(W,NewECP2()); W[7].copy(W[4])
-
- T.copy(Q[2]); T.sub(Q[3])
- W[1].sub(T)
- W[2].add(T)
- W[5].sub(T)
- W[6].add(T)
- T.copy(Q[2]); T.add(Q[3])
- W[0].sub(T)
- W[3].add(T)
- W[4].sub(T)
- W[7].add(T)
-
- multiaffine2(8,W[:])
-
-/* if multiplier is even add 1 to multiplier, and add P to correction */
- mt.zero(); C.inf()
- for i:=0;i<4;i++ {
- if t[i].parity()==0 {
- t[i].inc(1); t[i].norm()
- C.add(Q[i])
- }
- mt.add(t[i]); mt.norm()
- }
-
- nb:=1+mt.nbits();
-
-/* convert exponent to signed 1-bit window */
- for j:=0;j<nb;j++ {
- for i:=0;i<4;i++ {
- a[i]=int8(t[i].lastbits(2)-2)
- t[i].dec(int(a[i])); t[i].norm()
- t[i].fshr(1)
- }
- w[j]=(8*a[0]+4*a[1]+2*a[2]+a[3])
- }
- w[nb]=int8(8*t[0].lastbits(2)+4*t[1].lastbits(2)+2*t[2].lastbits(2)+t[3].lastbits(2))
-
- P.copy(W[(w[nb]-1)/2])
- for i:=nb-1;i>=0;i-- {
- T.selector(W,int32(w[i]))
- P.dbl()
- P.add(T)
- }
- P.sub(C) /* apply correction */
-
- P.affine()
- return P
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/go/FF.go
----------------------------------------------------------------------
diff --git a/version22/go/FF.go b/version22/go/FF.go
deleted file mode 100644
index 553f7ac..0000000
--- a/version22/go/FF.go
+++ /dev/null
@@ -1,905 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-package main
-
-//import "fmt"
-//import "os"
-
-//var debug bool = false
-
-type FF struct {
- length int
- v []*BIG
-}
-
-/* Constructors */
-func NewFFint(n int) *FF {
- F:=new(FF)
- for i:=0;i<n;i++ {
- F.v=append(F.v,NewBIG())
- }
- F.length=n
- return F
-}
-/*
-func NewFFints(x [][NLEN]int64,n int) *FF {
- F:=new(FF)
- for i:=0;i<n;i++ {
- F.v=append(F.v,NewBIGints(x[i]))
- }
- F.length=n
- return F
-}
-*/
-/* set to zero */
-func (F *FF) zero() {
- for i:=0;i<F.length;i++ {
- F.v[i].zero()
- }
-}
-
-func (F *FF) getlen() int {
- return F.length
- }
-
-/* set to integer */
-func (F *FF) set(m int) {
- F.zero()
- F.v[0].set(0,Chunk(m))
-}
-
-/* copy from FF b */
-func (F *FF) copy(b *FF) {
- for i:=0;i<F.length;i++ {
- F.v[i].copy(b.v[i])
- }
-}
-
-/* x=y<<n */
-func (F *FF) dsucopy(b *FF) {
- for i:=0;i<b.length;i++ {
- F.v[b.length+i].copy(b.v[i])
- F.v[i].zero()
- }
-}
-
-/* x=y */
-func (F *FF) dscopy(b *FF) {
- for i:=0;i<b.length;i++ {
- F.v[i].copy(b.v[i])
- F.v[b.length+i].zero()
- }
-}
-
-/* x=y>>n */
-func (F *FF) sducopy(b *FF) {
- for i:=0;i<F.length;i++ {
- F.v[i].copy(b.v[F.length+i])
- }
-}
-
-func (F *FF) one() {
- F.v[0].one();
- for i:=1;i<F.length;i++ {
- F.v[i].zero()
- }
-}
-
-/* test equals 0 */
-func (F *FF) iszilch() bool {
- for i:=0;i<F.length;i++ {
- if !F.v[i].iszilch() {return false}
- }
- return true
-}
-
-/* shift right by BIGBITS-bit words */
-func (F *FF) shrw(n int) {
- for i:=0;i<n;i++ {
- F.v[i].copy(F.v[i+n])
- F.v[i+n].zero()
- }
-}
-
-/* shift left by BIGBITS-bit words */
-func (F *FF) shlw(n int) {
- for i:=0;i<n;i++ {
- F.v[n+i].copy(F.v[i])
- F.v[i].zero()
- }
-}
-
-/* extract last bit */
-func (F *FF) parity() int {
- return F.v[0].parity()
-}
-
-func (F *FF) lastbits(m int) int {
- return F.v[0].lastbits(m)
-}
-
-/* compare x and y - must be normalised, and of same length */
-func ff_comp(a *FF,b *FF) int {
- for i:=a.length-1;i>=0;i-- {
- j:=comp(a.v[i],b.v[i])
- if j!=0 {return j}
- }
- return 0
-}
-
-/* recursive add */
-func (F *FF) radd(vp int,x *FF,xp int,y *FF,yp int,n int) {
- for i:=0;i<n;i++ {
- F.v[vp+i].copy(x.v[xp+i])
- F.v[vp+i].add(y.v[yp+i])
- }
-}
-
-/* recursive inc */
-func (F *FF) rinc(vp int,y *FF,yp int,n int) {
- for i:=0;i<n;i++ {
- F.v[vp+i].add(y.v[yp+i])
- }
-}
-
-/* recursive sub */
-func (F *FF) rsub(vp int,x *FF,xp int,y *FF,yp int,n int) {
- for i:=0;i<n;i++ {
- F.v[vp+i].copy(x.v[xp+i])
- F.v[vp+i].sub(y.v[yp+i])
- }
-}
-
-/* recursive dec */
-func (F *FF) rdec(vp int,y *FF,yp int,n int) {
- for i:=0;i<n;i++ {
- F.v[vp+i].sub(y.v[yp+i])
- }
-}
-
-/* simple add */
-func (F *FF) add(b *FF) {
- for i:=0;i<F.length;i++ {
- F.v[i].add(b.v[i])
- }
-}
-
-/* simple sub */
-func (F *FF) sub(b *FF) {
- for i:=0;i<F.length;i++ {
- F.v[i].sub(b.v[i])
- }
-}
-
-/* reverse sub */
-func (F *FF) revsub(b *FF) {
- for i:=0;i<F.length;i++ {
- F.v[i].rsub(b.v[i])
- }
-}
-
-/* normalise - but hold any overflow in top part unless n<0 */
-func (F *FF) rnorm(vp int,n int) {
- trunc:=false
- var carry Chunk
- if n<0 { /* -v n signals to do truncation */
- n=-n
- trunc=true
- }
- for i:=0;i<n-1;i++ {
- carry=F.v[vp+i].norm()
- F.v[vp+i].xortop(carry<<P_TBITS)
- F.v[vp+i+1].w[0]+=carry; // inc(carry)
- }
- carry=F.v[vp+n-1].norm()
- if trunc {
- F.v[vp+n-1].xortop(carry<<P_TBITS)
- }
-}
-
-func (F *FF) norm() {
- F.rnorm(0,F.length)
-}
-
-/* increment/decrement by a small integer */
-func (F *FF) inc(m int) {
- F.v[0].inc(m)
- F.norm()
-}
-
-func (F *FF) dec(m int) {
- F.v[0].dec(m)
- F.norm()
-}
-
-/* shift left by one bit */
-func (F *FF) shl() {
- var delay_carry int=0
- for i:=0;i<F.length-1;i++ {
- carry:=F.v[i].fshl(1)
- F.v[i].inc(delay_carry)
- F.v[i].xortop(Chunk(carry)<<P_TBITS)
- delay_carry=int(carry)
- }
- F.v[F.length-1].fshl(1)
- F.v[F.length-1].inc(delay_carry)
-}
-
-/* shift right by one bit */
-
-func (F *FF) shr() {
- for i:=F.length-1;i>0;i-- {
- carry:=F.v[i].fshr(1)
- F.v[i-1].xortop(Chunk(carry)<<P_TBITS)
- }
- F.v[0].fshr(1)
-}
-
-/* Convert to Hex String */
-func (F *FF) toString() string {
- F.norm()
- s:=""
- for i:=F.length-1;i>=0;i-- {
- s+=F.v[i].toString()
- }
- return s
-}
-
-/* Convert FFs to/from byte arrays */
-func (F *FF) toBytes(b []byte) {
- for i:=0;i<F.length;i++ {
- F.v[i].tobytearray(b,(F.length-i-1)*int(MODBYTES))
- }
-}
-
-func ff_fromBytes(x *FF,b []byte) {
- for i:=0;i<x.length;i++ {
- x.v[i]=frombytearray(b,(x.length-i-1)*int(MODBYTES))
- }
-}
-
-/* in-place swapping using xor - side channel resistant - lengths must be the same */
-func ff_cswap(a *FF,b *FF,d int) {
- for i:=0;i<a.length;i++ {
- a.v[i].cswap(b.v[i],d)
- }
-}
-
-/* z=x*y, t is workspace */
-func (F *FF) karmul(vp int,x *FF,xp int,y *FF,yp int,t *FF,tp int,n int) {
- if n==1 {
- d:=mul(x.v[xp],y.v[yp])
- F.v[vp+1]=d.split(8*MODBYTES)
- F.v[vp].dcopy(d)
- return
- }
- nd2:=n/2
- F.radd(vp,x,xp,x,xp+nd2,nd2)
- F.rnorm(vp,nd2)
- F.radd(vp+nd2,y,yp,y,yp+nd2,nd2)
- F.rnorm(vp+nd2,nd2)
- t.karmul(tp,F,vp,F,vp+nd2,t,tp+n,nd2)
- F.karmul(vp,x,xp,y,yp,t,tp+n,nd2)
- F.karmul(vp+n,x,xp+nd2,y,yp+nd2,t,tp+n,nd2)
- t.rdec(tp,F,vp,n)
- t.rdec(tp,F,vp+n,n)
- F.rinc(vp+nd2,t,tp,n)
- F.rnorm(vp,2*n)
-}
-
-func (F *FF) karsqr(vp int,x *FF,xp int,t *FF,tp int,n int) {
- if n==1 {
- d:=sqr(x.v[xp])
- F.v[vp+1].copy(d.split(8*MODBYTES))
- F.v[vp].dcopy(d)
- return
- }
-
- nd2:=n/2
- F.karsqr(vp,x,xp,t,tp+n,nd2)
- F.karsqr(vp+n,x,xp+nd2,t,tp+n,nd2)
- t.karmul(tp,x,xp,x,xp+nd2,t,tp+n,nd2)
- F.rinc(vp+nd2,t,tp,n)
- F.rinc(vp+nd2,t,tp,n)
- F.rnorm(vp+nd2,n)
-}
-
-/* Calculates Least Significant bottom half of x*y */
-func (F *FF) karmul_lower(vp int,x *FF,xp int,y *FF,yp int,t *FF,tp int,n int) {
- if n==1 { /* only calculate bottom half of product */
- F.v[vp].copy(smul(x.v[xp],y.v[yp]))
- return
- }
- nd2:=n/2
-
- F.karmul(vp,x,xp,y,yp,t,tp+n,nd2)
- t.karmul_lower(tp,x,xp+nd2,y,yp,t,tp+n,nd2)
- F.rinc(vp+nd2,t,tp,nd2)
- t.karmul_lower(tp,x,xp,y,yp+nd2,t,tp+n,nd2)
- F.rinc(vp+nd2,t,tp,nd2)
- F.rnorm(vp+nd2,-nd2) /* truncate it */
-}
-
-/* Calculates Most Significant upper half of x*y, given lower part */
-func (F *FF) karmul_upper(x *FF,y *FF,t *FF,n int) {
- nd2:=n/2
- F.radd(n,x,0,x,nd2,nd2)
- F.radd(n+nd2,y,0,y,nd2,nd2)
- F.rnorm(n,nd2)
- F.rnorm(n+nd2,nd2)
-
- t.karmul(0,F,n+nd2,F,n,t,n,nd2) /* t = (a0+a1)(b0+b1) */
- F.karmul(n,x,nd2,y,nd2,t,n,nd2) /* z[n]= a1*b1 */
-
- /* z[0-nd2]=l(a0b0) z[nd2-n]= h(a0b0)+l(t)-l(a0b0)-l(a1b1) */
- t.rdec(0,F,n,n) /* t=t-a1b1 */
-
- F.rinc(nd2,F,0,nd2) /* z[nd2-n]+=l(a0b0) = h(a0b0)+l(t)-l(a1b1) */
- F.rdec(nd2,t,0,nd2) /* z[nd2-n]=h(a0b0)+l(t)-l(a1b1)-l(t-a1b1)=h(a0b0) */
-
- F.rnorm(0,-n) /* a0b0 now in z - truncate it */
-
- t.rdec(0,F,0,n) /* (a0+a1)(b0+b1) - a0b0 */
- F.rinc(nd2,t,0,n)
-
- F.rnorm(nd2,n)
-}
-
-/* z=x*y. Assumes x and y are of same length. */
-func ff_mul(x *FF,y *FF) *FF {
- n:=x.length
- z:=NewFFint(2*n)
- t:=NewFFint(2*n)
- z.karmul(0,x,0,y,0,t,0,n)
- return z
-}
-
-/* return low part of product this*y */
-func (F *FF) lmul(y *FF) {
- n:=F.length
- t:=NewFFint(2*n)
- x:=NewFFint(n); x.copy(F)
- F.karmul_lower(0,x,0,y,0,t,0,n)
-}
-
-/* Set b=b mod c */
-func (F *FF) mod(c *FF) {
- var k int=1
-
- F.norm()
- if ff_comp(F,c)<0 {return}
-
- c.shl()
- for ff_comp(F,c)>=0 {
- c.shl()
- k++
- }
-
- for k>0 {
- c.shr()
- if ff_comp(F,c)>=0 {
- F.sub(c)
- F.norm()
- }
- k--
- }
-}
-
-/* z=x^2 */
-func ff_sqr(x *FF) *FF {
- n:=x.length
- z:=NewFFint(2*n)
- t:=NewFFint(2*n)
- z.karsqr(0,x,0,t,0,n)
- return z
-}
-
-/* return This mod modulus, N is modulus, ND is Montgomery Constant */
-func (F *FF) reduce(N *FF,ND *FF) *FF { /* fast karatsuba Montgomery reduction */
- n:=N.length
- t:=NewFFint(2*n)
- r:=NewFFint(n)
- m:=NewFFint(n)
-
- r.sducopy(F)
- m.karmul_lower(0,F,0,ND,0,t,0,n)
-
- F.karmul_upper(N,m,t,n)
-
- m.sducopy(F)
- r.add(N)
- r.sub(m)
- r.norm()
-
- return r
-
-}
-
-/* Set r=this mod b */
-/* this is of length - 2*n */
-/* r,b is of length - n */
-func (F *FF) dmod(b *FF) *FF {
- n:=b.length
- m:=NewFFint(2*n)
- x:=NewFFint(2*n)
- r:=NewFFint(n)
-
- x.copy(F)
- x.norm()
- m.dsucopy(b); k:=BIGBITS*n
-
- for ff_comp(x,m)>=0 {
- x.sub(m)
- x.norm()
- }
-
- for k>0 {
- m.shr()
-
- if ff_comp(x,m)>=0 {
- x.sub(m)
- x.norm()
- }
- k--
- }
-
- r.copy(x)
- r.mod(b)
- return r
-}
-
-/* Set return=1/this mod p. Binary method - a<p on entry */
-
-func (F *FF) invmodp(p *FF) {
- n:=p.length
-
- u:=NewFFint(n)
- v:=NewFFint(n)
- x1:=NewFFint(n)
- x2:=NewFFint(n)
- t:=NewFFint(n)
- one:=NewFFint(n)
-
- one.one()
- u.copy(F)
- v.copy(p)
- x1.copy(one)
- x2.zero()
-
- // reduce n in here as well!
- for (ff_comp(u,one)!=0 && ff_comp(v,one)!=0) {
- for u.parity()==0 {
- u.shr()
- if x1.parity()!=0 {
- x1.add(p)
- x1.norm()
- }
- x1.shr()
- }
- for v.parity()==0 {
- v.shr()
- if x2.parity()!=0 {
- x2.add(p)
- x2.norm()
- }
- x2.shr()
- }
- if ff_comp(u,v)>=0 {
- u.sub(v)
- u.norm()
- if ff_comp(x1,x2)>=0 {
- x1.sub(x2)
- } else {
- t.copy(p)
- t.sub(x2)
- x1.add(t)
- }
- x1.norm()
- } else {
- v.sub(u)
- v.norm()
- if ff_comp(x2,x1)>=0 {
- x2.sub(x1)
- } else {
- t.copy(p)
- t.sub(x1)
- x2.add(t)
- }
- x2.norm()
- }
- }
- if ff_comp(u,one)==0 {
- F.copy(x1)
- } else {
- F.copy(x2)
- }
-}
-
-/* nresidue mod m */
-func (F *FF) nres(m *FF) {
- n:=m.length
- if n==1 {
- d:=NewDBIGscopy(F.v[0])
- d.shl(uint(NLEN)*BASEBITS)
- F.v[0].copy(d.mod(m.v[0]))
- } else {
- d:=NewFFint(2*n)
- d.dsucopy(F)
- F.copy(d.dmod(m))
- }
-}
-
-func (F *FF) redc(m *FF,ND *FF) {
- n:=m.length
- if n==1 {
- d:=NewDBIGscopy(F.v[0])
- F.v[0].copy(monty(m.v[0],Chunk(1)<<BASEBITS-ND.v[0].w[0],d))
- } else {
- d:=NewFFint(2*n)
- F.mod(m)
- d.dscopy(F)
- F.copy(d.reduce(m,ND))
- F.mod(m)
- }
-}
-
-func (F *FF) mod2m(m int) {
- for i:=m;i<F.length;i++ {
- F.v[i].zero()
- }
-}
-
-/* U=1/a mod 2^m - Arazi & Qi */
-func (F *FF) invmod2m() *FF {
- n:=F.length
-
- b:=NewFFint(n)
- c:=NewFFint(n)
- U:=NewFFint(n)
-
- U.zero()
- U.v[0].copy(F.v[0])
- U.v[0].invmod2m()
-
- for i:=1;i<n;i<<=1 {
- b.copy(F); b.mod2m(i)
- t:=ff_mul(U,b); t.shrw(i); b.copy(t)
- c.copy(F); c.shrw(i); c.mod2m(i)
- c.lmul(U); c.mod2m(i)
-
- b.add(c); b.norm()
- b.lmul(U); b.mod2m(i)
-
- c.one(); c.shlw(i); b.revsub(c); b.norm()
- b.shlw(i)
- U.add(b)
- }
- U.norm()
- return U
-}
-
-func (F *FF) random(rng *RAND) {
- n:=F.length
- for i:=0;i<n;i++ {
- F.v[i].copy(random(rng))
- }
- /* make sure top bit is 1 */
- for (F.v[n-1].nbits()<int(MODBYTES*8)) {
- F.v[n-1].copy(random(rng))
- }
-}
-
-/* generate random x less than p */
-func (F *FF) randomnum(p *FF,rng *RAND) {
- n:=F.length
- d:=NewFFint(2*n)
-
- for i:=0;i<2*n;i++ {
- d.v[i].copy(random(rng))
- }
- F.copy(d.dmod(p))
-}
-
-/* this*=y mod p */
-func (F *FF) modmul(y *FF,p *FF,nd *FF) {
- if ff_pexceed(F.v[F.length-1],y.v[y.length-1]) {F.mod(p)}
- n:=p.length
- if n==1 {
- d:=mul(F.v[0],y.v[0])
- F.v[0].copy(monty(p.v[0],Chunk(1)<<BASEBITS-nd.v[0].w[0],d))
- } else {
- d:=ff_mul(F,y)
- F.copy(d.reduce(p,nd))
- }
-}
-
-/* this*=y mod p */
-func (F *FF) modsqr(p *FF,nd *FF) {
- if ff_sexceed(F.v[F.length-1]) {F.mod(p)}
- n:=p.length
- if n==1 {
- d:=sqr(F.v[0])
- F.v[0].copy(monty(p.v[0],Chunk(1)<<BASEBITS-nd.v[0].w[0],d))
- } else {
- d:=ff_sqr(F)
- F.copy(d.reduce(p,nd))
- }
-}
-
-/* this=this^e mod p using side-channel resistant Montgomery Ladder, for large e */
-func (F *FF) skpow(e *FF,p *FF) {
- n:=p.length
- R0:=NewFFint(n)
- R1:=NewFFint(n)
- ND:=p.invmod2m()
-
- F.mod(p)
- R0.one()
- R1.copy(F)
- R0.nres(p)
- R1.nres(p)
-
- for i:=int(8*MODBYTES)*n-1;i>=0;i-- {
- b:=int(e.v[i/BIGBITS].bit(i%BIGBITS))
- F.copy(R0)
- F.modmul(R1,p,ND)
-
- ff_cswap(R0,R1,b)
- R0.modsqr(p,ND)
-
- R1.copy(F)
- ff_cswap(R0,R1,b)
- }
- F.copy(R0)
- F.redc(p,ND)
-}
-
-/* this =this^e mod p using side-channel resistant Montgomery Ladder, for short e */
-func (F *FF) skpows(e *BIG,p *FF) {
- n:=p.length
- R0:=NewFFint(n)
- R1:=NewFFint(n)
- ND:=p.invmod2m()
-
- F.mod(p)
- R0.one()
- R1.copy(F)
- R0.nres(p)
- R1.nres(p)
-
- for i:=int(8*MODBYTES)-1;i>=0;i-- {
- b:=int(e.bit(i))
- F.copy(R0)
- F.modmul(R1,p,ND)
-
- ff_cswap(R0,R1,b)
- R0.modsqr(p,ND)
-
- R1.copy(F)
- ff_cswap(R0,R1,b)
- }
- F.copy(R0)
- F.redc(p,ND)
-}
-
-/* raise to an integer power - right-to-left method */
-func (F *FF) power(e int,p *FF) {
- n:=p.length
- w:=NewFFint(n)
- ND:=p.invmod2m()
- f:=true
-
- w.copy(F)
- w.nres(p)
-//i:=0;
- if e==2 {
- F.copy(w)
- F.modsqr(p,ND)
- } else {
- for (true) {
- if e%2==1 {
- if f {
- F.copy(w)
- } else {F.modmul(w,p,ND)}
- f=false
-
- }
- e>>=1
- if e==0 {break}
-//fmt.Printf("wb= "+w.toString()+"\n");
-//debug=true;
- w.modsqr(p,ND)
-//debug=false;
-//fmt.Printf("wa= "+w.toString()+"\n");
-//i+=1;
-//os.Exit(0);
- }
- }
-
- F.redc(p,ND)
-
-}
-
-/* this=this^e mod p, faster but not side channel resistant */
-func (F *FF) pow(e *FF,p *FF) {
- n:=p.length
- w:=NewFFint(n)
- ND:=p.invmod2m()
-//fmt.Printf("ND= "+ND.toString() +"\n");
- w.copy(F)
- F.one()
- F.nres(p)
- w.nres(p)
- for i:=int(8*MODBYTES)*n-1;i>=0;i-- {
- F.modsqr(p,ND)
- b:=e.v[i/BIGBITS].bit(i%BIGBITS)
- if b==1 {F.modmul(w,p,ND)}
- }
- F.redc(p,ND)
-}
-
-/* double exponentiation r=x^e.y^f mod p */
-func (F *FF) pow2(e *BIG,y *FF,f *BIG,p *FF) {
- n:=p.length
- xn:=NewFFint(n)
- yn:=NewFFint(n)
- xy:=NewFFint(n)
- ND:=p.invmod2m()
-
- xn.copy(F)
- yn.copy(y)
- xn.nres(p)
- yn.nres(p)
- xy.copy(xn); xy.modmul(yn,p,ND)
- F.one()
- F.nres(p)
-
- for i:=int(8*MODBYTES)-1;i>=0;i-- {
- eb:=e.bit(i)
- fb:=f.bit(i)
- F.modsqr(p,ND)
- if eb==1 {
- if fb==1 {
- F.modmul(xy,p,ND)
- } else {F.modmul(xn,p,ND)}
- } else {
- if fb==1 {F.modmul(yn,p,ND)}
- }
- }
- F.redc(p,ND)
-}
-
-func igcd(x int,y int) int { /* integer GCD, returns GCD of x and y */
- var r int
- if y==0 {return x}
- for true {
- r=x%y
- if r==0 {break}
- x=y;y=r
- }
- return y
-}
-
-/* quick and dirty check for common factor with n */
-func (F *FF) cfactor(s int) bool {
- n:=F.length
-
- x:=NewFFint(n)
- y:=NewFFint(n)
-
- y.set(s)
- x.copy(F)
- x.norm()
-
- x.sub(y)
- x.norm()
-
- for (!x.iszilch() && x.parity()==0) {x.shr()}
-
- for (ff_comp(x,y)>0) {
- x.sub(y)
- x.norm()
- for (!x.iszilch() && x.parity()==0) {x.shr()}
- }
-
- g:=int(x.v[0].get(0))
- r:=igcd(s,g)
- if r>1 {return true}
- return false
-}
-
-/* Miller-Rabin test for primality. Slow. */
-func prime(p *FF,rng *RAND) bool {
- s:=0
- n:=p.length
- d:=NewFFint(n)
- x:=NewFFint(n)
- unity:=NewFFint(n)
- nm1:=NewFFint(n)
-
- sf:=4849845 /* 3*5*.. *19 */
- p.norm()
-
- if p.cfactor(sf) {return false}
- unity.one()
- nm1.copy(p)
- nm1.sub(unity)
- nm1.norm()
- d.copy(nm1)
-
- for d.parity()==0 {
- d.shr()
- s++
- }
- if s==0 {return false}
-
- for i:=0;i<10;i++ {
- x.randomnum(p,rng)
- x.pow(d,p)
-
- if (ff_comp(x,unity)==0 || ff_comp(x,nm1)==0) {continue}
- loop:=false
- for j:=1;j<s;j++ {
- x.power(2,p)
- if ff_comp(x,unity)==0 {return false}
- if ff_comp(x,nm1)==0 {loop=true; break}
- }
- if loop {continue}
- return false
- }
-
- return true
-}
-/*
-func main() {
-
- var P = [4][5]int64 {{0xAD19A781670957,0x76A79C00965796,0xDEFCC5FC9A9717,0xF02F2940E20E9,0xBF59E34F},{0x6894F31844C908,0x8DADA70E82C79F,0xFD29F3836046F6,0x8C1D874D314DD0,0x46D077B},{0x3C515217813331,0x56680FD1CE935B,0xE55C53EEA8838E,0x92C2F7E14A4A95,0xD945E5B1},{0xACF673E919F5EF,0x6723E7E7DAB446,0x6B6FA69B36EB1B,0xF7D13920ECA300,0xB5FC2165}}
-
- fmt.Printf("Testing FF\n")
- var raw [100]byte
- rng:=NewRAND()
-
- rng.Clean()
- for i:=0;i<100;i++ {
- raw[i]=byte(i)
- }
-
- rng.Seed(100,raw[:])
-
- n:=4
-
- x:=NewFFint(n)
- x.set(3)
-
- p:=NewFFints(P[:],n)
-
- if prime(p,rng) {fmt.Printf("p is a prime\n"); fmt.Printf("\n")}
-
- e:=NewFFint(n)
- e.copy(p)
- e.dec(1); e.norm()
-
- fmt.Printf("e= "+e.toString())
- fmt.Printf("\n")
- x.skpow(e,p)
- fmt.Printf("x= "+x.toString())
- fmt.Printf("\n")
-}
-*/
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/go/FP.go
----------------------------------------------------------------------
diff --git a/version22/go/FP.go b/version22/go/FP.go
deleted file mode 100644
index 89bcbda..0000000
--- a/version22/go/FP.go
+++ /dev/null
@@ -1,279 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Finite Field arithmetic */
-/* CLINT mod p functions */
-
-package main
-
-//import "fmt"
-
-type FP struct {
- x *BIG
-}
-
-/* Constructors */
-func NewFPint(a int) *FP {
- F:=new(FP)
- F.x=NewBIGint(a)
- F.nres()
- return F
-}
-
-func NewFPbig(a *BIG) *FP {
- F:=new(FP)
- F.x=NewBIGcopy(a)
- F.nres()
- return F
-}
-
-func NewFPcopy(a *FP) *FP {
- F:=new(FP)
- F.x=NewBIGcopy(a.x)
- return F
-}
-
-func (F *FP) toString() string {
- return F.redc().toString()
-}
-
-/* convert to Montgomery n-residue form */
-func (F *FP) nres() {
- if MODTYPE!=PSEUDO_MERSENNE && MODTYPE!=GENERALISED_MERSENNE {
- p:=NewBIGints(Modulus);
- d:=NewDBIGscopy(F.x)
- d.shl(uint(NLEN)*BASEBITS)
- F.x.copy(d.mod(p))
- }
-}
-
-/* convert back to regular form */
-func (F *FP) redc() *BIG {
- if MODTYPE!=PSEUDO_MERSENNE && MODTYPE!=GENERALISED_MERSENNE {
- d:=NewDBIGscopy(F.x)
- return mod(d)
- } else {
- r:=NewBIGcopy(F.x)
- return r
- }
-}
-
-/* reduce this mod Modulus */
-func (F *FP) reduce() {
- p:=NewBIGints(Modulus)
- F.x.mod(p)
-}
-
-/* test this=0? */
-func (F *FP) iszilch() bool {
- F.reduce()
- return F.x.iszilch()
-}
-
-/* copy from FP b */
-func (F *FP) copy(b *FP ) {
- F.x.copy(b.x)
-}
-
-/* set this=0 */
-func (F *FP) zero() {
- F.x.zero()
-}
-
-/* set this=1 */
-func (F *FP) one() {
- F.x.one(); F.nres()
-}
-
-/* normalise this */
-func (F *FP) norm() {
- F.x.norm();
-}
-
-/* swap FPs depending on d */
-func (F *FP) cswap(b *FP,d int) {
- F.x.cswap(b.x,d);
-}
-
-/* copy FPs depending on d */
-func (F *FP) cmove(b *FP,d int) {
- F.x.cmove(b.x,d)
-}
-
-/* this*=b mod Modulus */
-func (F *FP) mul(b *FP) {
-
- F.norm()
- b.norm()
- if pexceed(F.x,b.x) {F.reduce()}
- d:=mul(F.x,b.x)
- F.x.copy(mod(d))
-}
-
-func logb2(w uint32) uint {
- v:=w
- v |= (v >> 1)
- v |= (v >> 2)
- v |= (v >> 4)
- v |= (v >> 8)
- v |= (v >> 16)
-
- v = v - ((v >> 1) & 0x55555555)
- v = (v & 0x33333333) + ((v >> 2) & 0x33333333)
- r:= uint(( ((v + (v >> 4)) & 0xF0F0F0F) * 0x1010101) >> 24)
- return (r+1)
-}
-
-/* this = -this mod Modulus */
-func (F *FP) neg() {
- p:=NewBIGints(Modulus)
- m:=NewBIGcopy(p)
- F.norm()
- sb:=logb2(uint32(EXCESS(F.x)))
-
-// ov:=EXCESS(F.x);
-// sb:=uint(1); for ov!=0 {sb++;ov>>=1}
-
- m.fshl(sb)
- F.x.rsub(m)
-
- if EXCESS(F.x)>=FEXCESS {F.reduce()}
-}
-
-
-/* this*=c mod Modulus, where c is a small int */
-func (F *FP) imul(c int) {
- F.norm()
- s:=false
- if (c<0) {
- c=-c
- s=true
- }
- afx:=(EXCESS(F.x)+1)*(Chunk(c)+1)+1;
- if (c<NEXCESS && afx<FEXCESS) {
- F.x.imul(c);
- } else {
- if (afx<FEXCESS) {
- F.x.pmul(c)
- } else {
- p:=NewBIGints(Modulus);
- d:=F.x.pxmul(c)
- F.x.copy(d.mod(p))
- }
- }
- if s {F.neg()}
- F.norm()
-}
-
-/* this*=this mod Modulus */
-func (F *FP) sqr() {
- F.norm();
- if sexceed(F.x) {F.reduce()}
- d:=sqr(F.x)
- F.x.copy(mod(d))
-}
-
-/* this+=b */
-func (F *FP) add(b *FP) {
- F.x.add(b.x)
- if (EXCESS(F.x)+2>=FEXCESS) {F.reduce()}
-}
-
-/* this-=b */
-func (F *FP) sub(b *FP) {
- n:=NewFPcopy(b)
- n.neg()
- F.add(n)
-}
-
-/* this/=2 mod Modulus */
-func (F *FP) div2() {
- F.x.norm()
- if (F.x.parity()==0) {
- F.x.fshr(1)
- } else {
- p:=NewBIGints(Modulus);
- F.x.add(p)
- F.x.norm()
- F.x.fshr(1)
- }
-}
-
-/* this=1/this mod Modulus */
-func (F *FP) inverse() {
- p:=NewBIGints(Modulus);
- r:=F.redc()
- r.invmodp(p)
- F.x.copy(r)
- F.nres()
-}
-
-/* return TRUE if this==a */
-func (F *FP) equals(a *FP) bool {
- a.reduce()
- F.reduce()
- if (comp(a.x,F.x)==0) {return true}
- return false
-}
-
-/* return this^e mod Modulus */
-func (F *FP) pow(e *BIG) *FP {
- r:=NewFPint(1)
- e.norm()
- F.x.norm()
- m:=NewFPcopy(F)
- for true {
- bt:=e.parity();
- e.fshr(1);
- if bt==1 {r.mul(m)}
- if e.iszilch() {break}
- m.sqr();
- }
- p:=NewBIGints(Modulus);
- r.x.mod(p);
- return r;
-}
-
-/* return sqrt(this) mod Modulus */
-func (F *FP) sqrt() *FP {
- F.reduce();
- p:=NewBIGints(Modulus);
- b:=NewBIGcopy(p)
- if MOD8==5 {
- b.dec(5); b.norm(); b.shr(3)
- i:=NewFPcopy(F); i.x.shl(1)
- v:=i.pow(b)
- i.mul(v); i.mul(v)
- i.x.dec(1)
- r:=NewFPcopy(F)
- r.mul(v); r.mul(i)
- r.reduce()
- return r
- } else {
- b.inc(1); b.norm(); b.shr(2)
- return F.pow(b);
- }
-}
-
-/* return jacobi symbol (this/Modulus) */
-func (F *FP) jacobi() int {
- w:=F.redc();
- p:=NewBIGints(Modulus);
- return w.jacobi(p)
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/go/FP12.go
----------------------------------------------------------------------
diff --git a/version22/go/FP12.go b/version22/go/FP12.go
deleted file mode 100644
index 88371b2..0000000
--- a/version22/go/FP12.go
+++ /dev/null
@@ -1,551 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* MiotCL Fp^12 functions */
-/* FP12 elements are of the form a+i.b+i^2.c */
-
-package main
-
-//import "fmt"
-
-type FP12 struct {
- a *FP4
- b *FP4
- c *FP4
-}
-
-/* Constructors */
-func NewFP12fp4(d *FP4) *FP12 {
- F:=new(FP12)
- F.a=NewFP4copy(d)
- F.b=NewFP4int(0)
- F.c=NewFP4int(0)
- return F
-}
-
-func NewFP12int(d int) *FP12 {
- F:=new(FP12)
- F.a=NewFP4int(d)
- F.b=NewFP4int(0)
- F.c=NewFP4int(0)
- return F
-}
-
-func NewFP12fp4s(d *FP4,e *FP4,f *FP4) *FP12 {
- F:=new(FP12)
- F.a=NewFP4copy(d)
- F.b=NewFP4copy(e)
- F.c=NewFP4copy(f)
- return F
-}
-
-func NewFP12copy(x *FP12) *FP12 {
- F:=new(FP12)
- F.a=NewFP4copy(x.a)
- F.b=NewFP4copy(x.b)
- F.c=NewFP4copy(x.c)
- return F
-}
-
-/* reduce all components of this mod Modulus */
-func (F *FP12) reduce() {
- F.a.reduce()
- F.b.reduce()
- F.c.reduce()
-}
-/* normalise all components of this */
-func (F *FP12) norm() {
- F.a.norm()
- F.b.norm()
- F.c.norm()
-}
-/* test x==0 ? */
-func (F *FP12) iszilch() bool {
- F.reduce()
- return (F.a.iszilch() && F.b.iszilch() && F.c.iszilch())
-}
-/* test x==1 ? */
-func (F *FP12) isunity() bool {
- one:=NewFP4int(1)
- return (F.a.equals(one) && F.b.iszilch() && F.c.iszilch())
-}
-/* return 1 if x==y, else 0 */
-func (F *FP12) equals(x *FP12) bool {
- return (F.a.equals(x.a) && F.b.equals(x.b) && F.c.equals(x.c))
-}
-
-/* extract a from this */
-func (F *FP12) geta() *FP4 {
- return F.a
-}
-/* extract b */
-func (F *FP12) getb() *FP4 {
- return F.b
-}
-/* extract c */
-func (F *FP12) getc() *FP4 {
- return F.c
-}
-/* copy this=x */
-func (F *FP12) copy(x *FP12) {
- F.a.copy(x.a)
- F.b.copy(x.b)
- F.c.copy(x.c)
-}
-/* set this=1 */
-func (F *FP12) one() {
- F.a.one()
- F.b.zero()
- F.c.zero()
-}
-/* this=conj(this) */
-func (F *FP12) conj() {
- F.a.conj()
- F.b.nconj()
- F.c.conj()
-}
-
-/* Granger-Scott Unitary Squaring */
-func (F *FP12) usqr() {
- A:=NewFP4copy(F.a)
- B:=NewFP4copy(F.c)
- C:=NewFP4copy(F.b)
- D:=NewFP4int(0)
-
- F.a.sqr()
- D.copy(F.a); D.add(F.a)
- F.a.add(D)
-
- F.a.norm();
- A.nconj()
-
- A.add(A)
- F.a.add(A)
- B.sqr()
- B.times_i()
-
- D.copy(B); D.add(B)
- B.add(D)
- B.norm();
-
- C.sqr()
- D.copy(C); D.add(C)
- C.add(D)
- C.norm();
-
- F.b.conj()
- F.b.add(F.b)
- F.c.nconj()
-
- F.c.add(F.c)
- F.b.add(B)
- F.c.add(C)
- F.reduce()
-
-}
-
-/* Chung-Hasan SQR2 method from http://cacr.uwaterloo.ca/techreports/2006/cacr2006-24.pdf */
-func (F *FP12) sqr() {
- A:=NewFP4copy(F.a)
- B:=NewFP4copy(F.b)
- C:=NewFP4copy(F.c)
- D:=NewFP4copy(F.a)
-
- A.sqr()
- B.mul(F.c)
- B.add(B)
- C.sqr()
- D.mul(F.b)
- D.add(D)
-
- F.c.add(F.a)
- F.c.add(F.b)
- F.c.sqr()
-
- F.a.copy(A)
-
- A.add(B)
- A.norm();
- A.add(C)
- A.add(D)
- A.norm();
-
- A.neg()
- B.times_i();
- C.times_i()
-
- F.a.add(B)
-
- F.b.copy(C); F.b.add(D)
- F.c.add(A)
- F.norm()
-}
-
-/* FP12 full multiplication this=this*y */
-func (F *FP12) mul(y *FP12) {
- z0:=NewFP4copy(F.a)
- z1:=NewFP4int(0)
- z2:=NewFP4copy(F.b)
- z3:=NewFP4int(0)
- t0:=NewFP4copy(F.a)
- t1:=NewFP4copy(y.a)
-
- z0.mul(y.a)
- z2.mul(y.b)
-
- t0.add(F.b)
- t1.add(y.b)
-
- z1.copy(t0); z1.mul(t1)
- t0.copy(F.b); t0.add(F.c)
-
- t1.copy(y.b); t1.add(y.c)
- z3.copy(t0); z3.mul(t1)
-
- t0.copy(z0); t0.neg()
- t1.copy(z2); t1.neg()
-
- z1.add(t0)
- z1.norm();
- F.b.copy(z1); F.b.add(t1)
-
- z3.add(t1)
- z2.add(t0)
-
- t0.copy(F.a); t0.add(F.c)
- t1.copy(y.a); t1.add(y.c)
- t0.mul(t1)
- z2.add(t0)
-
- t0.copy(F.c); t0.mul(y.c)
- t1.copy(t0); t1.neg()
-
- z2.norm();
- z3.norm();
- F.b.norm();
-
- F.c.copy(z2); F.c.add(t1)
- z3.add(t1)
- t0.times_i()
- F.b.add(t0)
-
- z3.times_i()
- F.a.copy(z0); F.a.add(z3)
- F.norm()
-}
-
-/* Special case of multiplication arises from special form of ATE pairing line function */
-func (F *FP12) smul(y *FP12) {
- z0:=NewFP4copy(F.a)
- z2:=NewFP4copy(F.b)
- z3:=NewFP4copy(F.b)
- t0:=NewFP4int(0)
- t1:=NewFP4copy(y.a)
-
- z0.mul(y.a)
- z2.pmul(y.b.real());
- F.b.add(F.a)
- t1.real().add(y.b.real())
-
- F.b.mul(t1)
- z3.add(F.c);
- z3.pmul(y.b.real())
-
- t0.copy(z0); t0.neg()
- t1.copy(z2); t1.neg()
-
- F.b.add(t0)
- F.b.norm();
-
- F.b.add(t1)
- z3.add(t1)
- z2.add(t0)
-
- t0.copy(F.a); t0.add(F.c)
- t0.mul(y.a)
- F.c.copy(z2); F.c.add(t0)
-
- z3.times_i()
- F.a.copy(z0); F.a.add(z3)
-
- F.norm()
-}
-
-/* this=1/this */
-func (F *FP12) inverse() {
- f0:=NewFP4copy(F.a)
- f1:=NewFP4copy(F.b)
- f2:=NewFP4copy(F.a)
- f3:=NewFP4int(0)
-
- F.norm()
- f0.sqr()
- f1.mul(F.c)
- f1.times_i()
- f0.sub(f1)
-
- f1.copy(F.c); f1.sqr()
- f1.times_i()
- f2.mul(F.b)
- f1.sub(f2)
-
- f2.copy(F.b); f2.sqr()
- f3.copy(F.a); f3.mul(F.c)
- f2.sub(f3)
-
- f3.copy(F.b); f3.mul(f2)
- f3.times_i()
- F.a.mul(f0)
- f3.add(F.a)
- F.c.mul(f1)
- F.c.times_i()
-
- f3.add(F.c)
- f3.inverse()
- F.a.copy(f0); F.a.mul(f3)
- F.b.copy(f1); F.b.mul(f3)
- F.c.copy(f2); F.c.mul(f3)
-}
-
-/* this=this^p using Frobenius */
-func (F *FP12) frob(f *FP2) {
- f2:=NewFP2copy(f)
- f3:=NewFP2copy(f)
-
- f2.sqr()
- f3.mul(f2)
-
- F.a.frob(f3);
- F.b.frob(f3);
- F.c.frob(f3);
-
- F.b.pmul(f);
- F.c.pmul(f2);
-}
-
-/* trace function */
-func (F *FP12) trace() *FP4 {
- t:=NewFP4int(0)
- t.copy(F.a)
- t.imul(3)
- t.reduce()
- return t;
-}
-
-
-/* convert from byte array to FP12 */
-func FP12_fromBytes(w []byte) *FP12 {
- var t [int(MODBYTES)]byte
- MB:=int(MODBYTES)
-
- for i:=0;i<MB;i++ {t[i]=w[i]}
- a:=fromBytes(t[:])
- for i:=0;i<MB;i++ {t[i]=w[i+MB]}
- b:=fromBytes(t[:])
- c:=NewFP2bigs(a,b)
-
- for i:=0;i<MB;i++ {t[i]=w[i+2*MB]}
- a=fromBytes(t[:])
- for i:=0;i<MB;i++ {t[i]=w[i+3*MB]}
- b=fromBytes(t[:])
- d:=NewFP2bigs(a,b)
-
- e:=NewFP4fp2s(c,d)
-
-
- for i:=0;i<MB;i++ {t[i]=w[i+4*MB]}
- a=fromBytes(t[:])
- for i:=0;i<MB;i++ {t[i]=w[i+5*MB]}
- b=fromBytes(t[:])
- c=NewFP2bigs(a,b)
-
- for i:=0;i<MB;i++ {t[i]=w[i+6*MB]}
- a=fromBytes(t[:])
- for i:=0;i<MB;i++ {t[i]=w[i+7*MB]}
- b=fromBytes(t[:])
- d=NewFP2bigs(a,b)
-
- f:=NewFP4fp2s(c,d)
-
-
- for i:=0;i<MB;i++ {t[i]=w[i+8*MB]}
- a=fromBytes(t[:])
- for i:=0;i<MB;i++ {t[i]=w[i+9*MB]}
- b=fromBytes(t[:]);
-
- c=NewFP2bigs(a,b)
-
- for i:=0;i<MB;i++ {t[i]=w[i+10*MB]}
- a=fromBytes(t[:])
- for i:=0;i<MB;i++ {t[i]=w[i+11*MB]}
- b=fromBytes(t[:])
- d=NewFP2bigs(a,b)
-
- g:=NewFP4fp2s(c,d)
-
- return NewFP12fp4s(e,f,g)
-}
-
-/* convert this to byte array */
-func (F *FP12) toBytes(w []byte) {
- var t [int(MODBYTES)]byte
- MB:=int(MODBYTES)
- F.a.geta().getA().toBytes(t[:])
- for i:=0;i<MB;i++ {w[i]=t[i]}
- F.a.geta().getB().toBytes(t[:])
- for i:=0;i<MB;i++ {w[i+MB]=t[i]}
- F.a.getb().getA().toBytes(t[:])
- for i:=0;i<MB;i++ {w[i+2*MB]=t[i]}
- F.a.getb().getB().toBytes(t[:])
- for i:=0;i<MB;i++ {w[i+3*MB]=t[i]}
-
- F.b.geta().getA().toBytes(t[:])
- for i:=0;i<MB;i++ {w[i+4*MB]=t[i]}
- F.b.geta().getB().toBytes(t[:])
- for i:=0;i<MB;i++ {w[i+5*MB]=t[i]}
- F.b.getb().getA().toBytes(t[:])
- for i:=0;i<MB;i++ {w[i+6*MB]=t[i]}
- F.b.getb().getB().toBytes(t[:])
- for i:=0;i<MB;i++ {w[i+7*MB]=t[i]}
-
- F.c.geta().getA().toBytes(t[:])
- for i:=0;i<MB;i++ {w[i+8*MB]=t[i]}
- F.c.geta().getB().toBytes(t[:])
- for i:=0;i<MB;i++ {w[i+9*MB]=t[i]}
- F.c.getb().getA().toBytes(t[:])
- for i:=0;i<MB;i++ {w[i+10*MB]=t[i]}
- F.c.getb().getB().toBytes(t[:])
- for i:=0;i<MB;i++ {w[i+11*MB]=t[i]}
-}
-
-/* convert to hex string */
-func (F *FP12) toString() string {
- return ("["+F.a.toString()+","+F.b.toString()+","+F.c.toString()+"]")
-}
-
-/* this=this^e */
-func (F *FP12) pow(e *BIG) *FP12 {
- F.norm()
- e.norm()
- w:=NewFP12copy(F)
- z:=NewBIGcopy(e)
- r:=NewFP12int(1)
-
- for true {
- bt:=z.parity()
- z.fshr(1)
- if bt==1 {r.mul(w)}
- if z.iszilch() {break}
- w.usqr()
- }
- r.reduce();
- return r;
-}
-
-/* constant time powering by small integer of max length bts */
-func (F *FP12) pinpow(e int,bts int) {
- var R []*FP12
- R=append(R,NewFP12int(1))
- R=append(R,NewFP12copy(F))
-
- for i:=bts-1;i>=0;i-- {
- b:=(e>>uint(i))&1
- R[1-b].mul(R[b])
- R[b].usqr()
- }
- F.copy(R[0])
-}
-
-/* p=q0^u0.q1^u1.q2^u2.q3^u3 */
-/* Timing attack secure, but not cache attack secure */
-
- func pow4(q []*FP12,u []*BIG) *FP12 {
- var a [4]int8
- var g []*FP12
- var s []*FP12
- c:=NewFP12int(1)
- p:=NewFP12int(0)
- var w [NLEN*int(BASEBITS)+1]int8
- var t []*BIG
- mt:=NewBIGint(0)
-
- for i:=0;i<4;i++ {
- t=append(t,NewBIGcopy(u[i]))
- }
-
- s=append(s,NewFP12int(0))
- s=append(s,NewFP12int(0))
-
- g=append(g,NewFP12copy(q[0])); s[0].copy(q[1]); s[0].conj(); g[0].mul(s[0])
- g=append(g,NewFP12copy(g[0]))
- g=append(g,NewFP12copy(g[0]))
- g=append(g,NewFP12copy(g[0]))
- g=append(g,NewFP12copy(q[0])); g[4].mul(q[1])
- g=append(g,NewFP12copy(g[4]))
- g=append(g,NewFP12copy(g[4]))
- g=append(g,NewFP12copy(g[4]))
-
- s[1].copy(q[2]); s[0].copy(q[3]); s[0].conj(); s[1].mul(s[0])
- s[0].copy(s[1]); s[0].conj(); g[1].mul(s[0])
- g[2].mul(s[1])
- g[5].mul(s[0])
- g[6].mul(s[1])
- s[1].copy(q[2]); s[1].mul(q[3])
- s[0].copy(s[1]); s[0].conj(); g[0].mul(s[0])
- g[3].mul(s[1])
- g[4].mul(s[0])
- g[7].mul(s[1])
-
-/* if power is even add 1 to power, and add q to correction */
-
- for i:=0;i<4;i++ {
- if t[i].parity()==0 {
- t[i].inc(1); t[i].norm()
- c.mul(q[i])
- }
- mt.add(t[i]); mt.norm()
- }
- c.conj()
- nb:=1+mt.nbits()
-
-/* convert exponent to signed 1-bit window */
- for j:=0;j<nb;j++ {
- for i:=0;i<4;i++ {
- a[i]=int8(t[i].lastbits(2)-2)
- t[i].dec(int(a[i])); t[i].norm();
- t[i].fshr(1)
- }
- w[j]=(8*a[0]+4*a[1]+2*a[2]+a[3])
- }
- w[nb]=int8(8*t[0].lastbits(2)+4*t[1].lastbits(2)+2*t[2].lastbits(2)+t[3].lastbits(2))
- p.copy(g[(w[nb]-1)/2])
-
- for i:=nb-1;i>=0;i-- {
- m:=w[i]>>7
- j:=(w[i]^m)-m /* j=abs(w[i]) */
- j=(j-1)/2
- s[0].copy(g[j]); s[1].copy(g[j]); s[1].conj()
- p.usqr()
- p.mul(s[m&1]);
- }
- p.mul(c) /* apply correction */
- p.reduce()
- return p;
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/go/FP2.go
----------------------------------------------------------------------
diff --git a/version22/go/FP2.go b/version22/go/FP2.go
deleted file mode 100644
index d4993e2..0000000
--- a/version22/go/FP2.go
+++ /dev/null
@@ -1,300 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Finite Field arithmetic Fp^2 functions */
-
-/* FP2 elements are of the form a+ib, where i is sqrt(-1) */
-
-package main
-
-//import "fmt"
-
-type FP2 struct {
- a *FP
- b *FP
-}
-
-/* Constructors */
-func NewFP2int(a int) *FP2 {
- F:=new(FP2)
- F.a=NewFPint(a)
- F.b=NewFPint(0)
- return F
-}
-
-func NewFP2copy(x *FP2) *FP2 {
- F:=new(FP2)
- F.a=NewFPcopy(x.a)
- F.b=NewFPcopy(x.b)
- return F
-}
-
-func NewFP2fps(c *FP,d *FP) *FP2 {
- F:=new(FP2)
- F.a=NewFPcopy(c)
- F.b=NewFPcopy(d)
- return F
-}
-
-func NewFP2bigs(c *BIG,d *BIG) *FP2 {
- F:=new(FP2)
- F.a=NewFPbig(c)
- F.b=NewFPbig(d)
- return F
-}
-
-func NewFP2fp(c *FP) *FP2 {
- F:=new(FP2)
- F.a=NewFPcopy(c)
- F.b=NewFPint(0)
- return F
-}
-
-func NewFP2big(c *BIG) *FP2 {
- F:=new(FP2)
- F.a=NewFPbig(c)
- F.b=NewFPint(0)
- return F
-}
-
-/* reduce components mod Modulus */
-func (F *FP2) reduce() {
- F.a.reduce()
- F.b.reduce()
-}
-
-/* normalise components of w */
-func (F *FP2) norm() {
- F.a.norm()
- F.b.norm()
-}
-
-/* test this=0 ? */
-func (F *FP2) iszilch() bool {
- F.reduce()
- return (F.a.iszilch() && F.b.iszilch())
-}
-
-func (F *FP2) cmove(g *FP2,d int) {
- F.a.cmove(g.a,d)
- F.b.cmove(g.b,d)
-}
-
-/* test this=1 ? */
-func (F *FP2) isunity() bool {
- one:=NewFPint(1)
- return (F.a.equals(one) && F.b.iszilch())
-}
-
-/* test this=x */
-func (F *FP2) equals(x *FP2) bool {
- return (F.a.equals(x.a) && F.b.equals(x.b))
-}
-
-/* extract a */
-func (F *FP2) getA() *BIG {
- return F.a.redc()
-}
-
-/* extract b */
-func (F *FP2) getB() *BIG {
- return F.b.redc()
-}
-
-/* copy this=x */
-func (F *FP2) copy(x *FP2) {
- F.a.copy(x.a)
- F.b.copy(x.b)
-}
-
-/* set this=0 */
-func (F *FP2) zero() {
- F.a.zero()
- F.b.zero()
-}
-
-/* set this=1 */
-func (F *FP2) one() {
- F.a.one()
- F.b.zero()
-}
-
-/* negate this mod Modulus */
-func (F *FP2) neg() {
- F.norm()
- m:=NewFPcopy(F.a)
- t:= NewFPint(0)
-
- m.add(F.b)
- m.neg()
- m.norm()
- t.copy(m); t.add(F.b)
- F.b.copy(m)
- F.b.add(F.a)
- F.a.copy(t)
-}
-
-/* set to a-ib */
-func (F *FP2) conj() {
- F.b.neg()
-}
-
-/* this+=a */
-func (F *FP2) add(x *FP2) {
- F.a.add(x.a)
- F.b.add(x.b)
-}
-
-/* this-=a */
-func (F *FP2) sub(x *FP2) {
- m:=NewFP2copy(x)
- m.neg()
- F.add(m)
-}
-
-/* this*=s, where s is an FP */
-func (F *FP2) pmul(s *FP) {
- F.a.mul(s)
- F.b.mul(s)
-}
-
-/* this*=i, where i is an int */
-func (F *FP2) imul(c int) {
- F.a.imul(c)
- F.b.imul(c)
-}
-
-/* this*=this */
-func (F *FP2) sqr() {
- F.norm()
- w1:=NewFPcopy(F.a)
- w3:=NewFPcopy(F.a)
- mb:=NewFPcopy(F.b)
-
- w3.mul(F.b)
- w1.add(F.b)
- mb.neg()
- F.a.add(mb)
- F.a.mul(w1)
- F.b.copy(w3); F.b.add(w3)
-
- F.norm()
-}
-
-/* this*=y */
-func (F *FP2) mul(y *FP2) {
- F.norm(); /* This is needed here as {a,b} is not normed before additions */
-
- w1:=NewFPcopy(F.a)
- w2:=NewFPcopy(F.b)
- w5:=NewFPcopy(F.a)
- mw:=NewFPint(0)
-
- w1.mul(y.a) // w1=a*y.a - this norms w1 and y.a, NOT a
- w2.mul(y.b) // w2=b*y.b - this norms w2 and y.b, NOT b
- w5.add(F.b) // w5=a+b
- F.b.copy(y.a); F.b.add(y.b) // b=y.a+y.b
-
- F.b.mul(w5);
- mw.copy(w1); mw.add(w2); mw.neg()
-
- F.b.add(mw); mw.add(w1)
- F.a.copy(w1); F.a.add(mw)
-
- F.norm()
-}
-
-/* sqrt(a+ib) = sqrt(a+sqrt(a*a-n*b*b)/2)+ib/(2*sqrt(a+sqrt(a*a-n*b*b)/2)) */
-/* returns true if this is QR */
-func (F *FP2) sqrt() bool {
- if F.iszilch() {return true}
- w1:=NewFPcopy(F.b)
- w2:=NewFPcopy(F.a)
- w1.sqr(); w2.sqr(); w1.add(w2)
- if w1.jacobi()!=1 { F.zero(); return false }
- w1=w1.sqrt()
- w2.copy(F.a); w2.add(w1); w2.div2()
- if w2.jacobi()!=1 {
- w2.copy(F.a); w2.sub(w1); w2.div2()
- if w2.jacobi()!=1 { F.zero(); return false }
- }
- w2=w2.sqrt()
- F.a.copy(w2)
- w2.add(w2)
- w2.inverse()
- F.b.mul(w2)
- return true
-}
-
-/* output to hex string */
-func (F *FP2) toString() string {
- return ("["+F.a.toString()+","+F.b.toString()+"]")
-}
-
-/* this=1/this */
-func (F *FP2) inverse() {
- F.norm()
- w1:=NewFPcopy(F.a)
- w2:=NewFPcopy(F.b)
-
- w1.sqr()
- w2.sqr()
- w1.add(w2)
- w1.inverse()
- F.a.mul(w1)
- w1.neg()
- F.b.mul(w1)
-}
-
-/* this/=2 */
-func (F *FP2) div2() {
- F.a.div2()
- F.b.div2()
-}
-
-/* this*=sqrt(-1) */
-func (F *FP2) times_i() {
- // a.norm();
- z:=NewFPcopy(F.a)
- F.a.copy(F.b); F.a.neg()
- F.b.copy(z)
-}
-
-/* w*=(1+sqrt(-1)) */
-/* where X*2-(1+sqrt(-1)) is irreducible for FP4, assumes p=3 mod 8 */
-func (F *FP2) mul_ip() {
- F.norm()
- t:=NewFP2copy(F)
- z:=NewFPcopy(F.a)
- F.a.copy(F.b)
- F.a.neg()
- F.b.copy(z)
- F.add(t)
- F.norm()
-}
-
-/* w/=(1+sqrt(-1)) */
-func (F *FP2) div_ip() {
- t:=NewFP2int(0)
- F.norm()
- t.a.copy(F.a); t.a.add(F.b)
- t.b.copy(F.b); t.b.sub(F.a);
- F.copy(t)
- F.div2()
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/go/FP4.go
----------------------------------------------------------------------
diff --git a/version22/go/FP4.go b/version22/go/FP4.go
deleted file mode 100644
index 649b88c..0000000
--- a/version22/go/FP4.go
+++ /dev/null
@@ -1,479 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Finite Field arithmetic Fp^4 functions */
-
-/* FP4 elements are of the form a+ib, where i is sqrt(-1+sqrt(-1)) */
-
-package main
-
-//import "fmt"
-
-type FP4 struct {
- a *FP2
- b *FP2
-}
-
-/* Constructors */
-func NewFP4int(a int) *FP4 {
- F:=new(FP4)
- F.a=NewFP2int(a)
- F.b=NewFP2int(0)
- return F
-}
-
-func NewFP4copy(x *FP4) *FP4 {
- F:=new(FP4)
- F.a=NewFP2copy(x.a)
- F.b=NewFP2copy(x.b)
- return F
-}
-
-func NewFP4fp2s(c *FP2,d *FP2) *FP4 {
- F:=new(FP4)
- F.a=NewFP2copy(c)
- F.b=NewFP2copy(d)
- return F
-}
-
-func NewFP4fp2(c *FP2) *FP4 {
- F:=new(FP4)
- F.a=NewFP2copy(c)
- F.b=NewFP2int(0)
- return F
-}
-
-/* reduce all components of this mod Modulus */
-func (F *FP4) reduce() {
- F.a.reduce()
- F.b.reduce()
-}
-
-/* normalise all components of this mod Modulus */
-func (F *FP4) norm() {
- F.a.norm()
- F.b.norm()
-}
-
-/* test this==0 ? */
-func (F *FP4) iszilch() bool {
- F.reduce()
- return F.a.iszilch() && F.b.iszilch()
-}
-
-/* test this==1 ? */
-func (F *FP4) isunity() bool {
- one:=NewFP2int(1)
- return F.a.equals(one) && F.b.iszilch()
-}
-
-/* test is w real? That is in a+ib test b is zero */
-func (F *FP4) isreal() bool {
- return F.b.iszilch()
-}
-/* extract real part a */
-func (F *FP4) real() *FP2 {
- return F.a
-}
-
-func (F *FP4) geta() *FP2 {
- return F.a
-}
-/* extract imaginary part b */
-func (F *FP4) getb() *FP2 {
- return F.b
-}
-/* test this=x? */
-func (F *FP4) equals(x *FP4) bool {
- return (F.a.equals(x.a) && F.b.equals(x.b))
-}
-
-/* copy this=x */
-func (F *FP4) copy(x *FP4) {
- F.a.copy(x.a)
- F.b.copy(x.b)
-}
-/* set this=0 */
-func (F *FP4) zero() {
- F.a.zero()
- F.b.zero()
- }
-/* set this=1 */
-func (F *FP4) one() {
- F.a.one()
- F.b.zero()
-}
-
-/* set this=-this */
-func (F *FP4) neg() {
- m:=NewFP2copy(F.a);
- t:=NewFP2int(0)
- m.add(F.b)
- m.neg()
- m.norm()
- t.copy(m); t.add(F.b)
- F.b.copy(m)
- F.b.add(F.a)
- F.a.copy(t)
-}
-
-/* this=conjugate(this) */
-func (F *FP4) conj() {
- F.b.neg(); F.b.norm()
-}
-
-/* this=-conjugate(this) */
-func (F *FP4) nconj() {
- F.a.neg(); F.a.norm()
-}
-
-/* this+=x */
-func (F *FP4) add(x *FP4) {
- F.a.add(x.a)
- F.b.add(x.b)
-}
-/* this-=x */
-func (F *FP4) sub(x *FP4) {
- m:=NewFP4copy(x)
- m.neg()
- F.add(m)
-}
-
-/* this*=s where s is FP2 */
-func (F *FP4) pmul(s *FP2) {
- F.a.mul(s)
- F.b.mul(s)
-}
-/* this*=c where c is int */
-func (F *FP4) imul(c int) {
- F.a.imul(c)
- F.b.imul(c)
-}
-
-/* this*=this */
-func (F *FP4) sqr() {
- F.norm()
-
- t1:=NewFP2copy(F.a)
- t2:=NewFP2copy(F.b)
- t3:=NewFP2copy(F.a)
-
- t3.mul(F.b)
- t1.add(F.b)
- t2.mul_ip()
-
- t2.add(F.a)
- F.a.copy(t1)
-
- F.a.mul(t2)
-
- t2.copy(t3)
- t2.mul_ip()
- t2.add(t3)
- t2.neg()
- F.a.add(t2)
-
- F.b.copy(t3)
- F.b.add(t3)
-
- F.norm()
-}
-
-/* this*=y */
-func (F *FP4) mul(y *FP4) {
- F.norm()
-
- t1:=NewFP2copy(F.a)
- t2:=NewFP2copy(F.b)
- t3:=NewFP2int(0)
- t4:=NewFP2copy(F.b)
-
- t1.mul(y.a)
- t2.mul(y.b)
- t3.copy(y.b)
- t3.add(y.a)
- t4.add(F.a)
-
- t4.mul(t3)
- t4.sub(t1)
- t4.norm();
-
- F.b.copy(t4)
- F.b.sub(t2)
- t2.mul_ip()
- F.a.copy(t2)
- F.a.add(t1)
-
- F.norm()
-}
-
-/* convert this to hex string */
-func (F *FP4) toString() string {
- return ("["+F.a.toString()+","+F.b.toString()+"]")
-}
-
-/* this=1/this */
-func (F *FP4) inverse() {
- F.norm()
-
- t1:=NewFP2copy(F.a)
- t2:=NewFP2copy(F.b)
-
- t1.sqr()
- t2.sqr()
- t2.mul_ip()
- t1.sub(t2)
- t1.inverse()
- F.a.mul(t1)
- t1.neg()
- F.b.mul(t1)
-}
-
-/* this*=i where i = sqrt(-1+sqrt(-1)) */
-func (F *FP4) times_i() {
- F.norm()
- s:=NewFP2copy(F.b)
- t:=NewFP2copy(F.b)
- s.times_i()
- t.add(s)
- t.norm();
- F.b.copy(F.a)
- F.a.copy(t)
-}
-
-/* this=this^p using Frobenius */
-func (F *FP4) frob(f *FP2) {
- F.a.conj()
- F.b.conj()
- F.b.mul(f)
-}
-
-/* this=this^e */
-func (F *FP4) pow(e *BIG) *FP4 {
- F.norm()
- e.norm()
- w:=NewFP4copy(F)
- z:=NewBIGcopy(e)
- r:=NewFP4int(1)
- for true {
- bt:=z.parity()
- z.fshr(1)
- if bt==1 {r.mul(w)}
- if z.iszilch() {break}
- w.sqr()
- }
- r.reduce()
- return r
-}
-
-/* XTR xtr_a function */
-func (F *FP4) xtr_A(w *FP4,y *FP4,z *FP4) {
- r:=NewFP4copy(w)
- t:=NewFP4copy(w)
- r.sub(y);
- r.pmul(F.a)
- t.add(y)
- t.pmul(F.b)
- t.times_i()
-
- F.copy(r)
- F.add(t)
- F.add(z)
-
- F.norm()
-}
-
-/* XTR xtr_d function */
-func (F *FP4) xtr_D() {
- w:=NewFP4copy(F)
- F.sqr(); w.conj()
- w.add(w)
- F.sub(w)
- F.reduce()
-}
-
-/* r=x^n using XTR method on traces of FP12s */
-func (F *FP4) xtr_pow(n *BIG) *FP4 {
- a:=NewFP4int(3)
- b:=NewFP4copy(F)
- c:=NewFP4copy(b)
- c.xtr_D()
- t:=NewFP4int(0)
- r:=NewFP4int(0)
-
- n.norm()
- par:=n.parity()
- v:=NewBIGcopy(n); v.fshr(1)
- if (par==0) {v.dec(1); v.norm()}
-
- nb:=v.nbits();
- for i:=nb-1;i>=0;i-- {
- if v.bit(i)!=1 {
- t.copy(b)
- F.conj()
- c.conj()
- b.xtr_A(a,F,c)
- F.conj()
- c.copy(t)
- c.xtr_D()
- a.xtr_D()
- } else {
- t.copy(a); t.conj()
- a.copy(b)
- a.xtr_D()
- b.xtr_A(c,F,t)
- c.xtr_D()
- }
- }
- if par==0 {
- r.copy(c)
- } else {r.copy(b)}
- r.reduce()
- return r
-}
-
-/* r=ck^a.cl^n using XTR double exponentiation method on traces of FP12s. See Stam thesis. */
-func (F *FP4) xtr_pow2(ck *FP4,ckml *FP4,ckm2l *FP4,a *BIG,b *BIG) *FP4 {
- a.norm(); b.norm()
- e:=NewBIGcopy(a)
- d:=NewBIGcopy(b)
- w:=NewBIGint(0)
-
- cu:=NewFP4copy(ck) // can probably be passed in w/o copying
- cv:=NewFP4copy(F);
- cumv:=NewFP4copy(ckml)
- cum2v:=NewFP4copy(ckm2l)
- r:=NewFP4int(0)
- t:=NewFP4int(0)
-
- f2:=0
- for (d.parity()==0 && e.parity()==0) {
- d.fshr(1)
- e.fshr(1)
- f2++
- }
-
- for comp(d,e)!=0 {
- if comp(d,e)>0 {
- w.copy(e); w.imul(4); w.norm()
- if comp(d,w)<=0 {
- w.copy(d); d.copy(e)
- e.rsub(w); e.norm()
-
- t.copy(cv);
- t.xtr_A(cu,cumv,cum2v)
- cum2v.copy(cumv);
- cum2v.conj()
- cumv.copy(cv)
- cv.copy(cu)
- cu.copy(t)
- } else {
- if (d.parity()==0) {
- d.fshr(1)
- r.copy(cum2v); r.conj()
- t.copy(cumv)
- t.xtr_A(cu,cv,r)
- cum2v.copy(cumv)
- cum2v.xtr_D()
- cumv.copy(t)
- cu.xtr_D()
- } else {
- if (e.parity()==1) {
- d.sub(e); d.norm()
- d.fshr(1)
- t.copy(cv)
- t.xtr_A(cu,cumv,cum2v)
- cu.xtr_D()
- cum2v.copy(cv)
- cum2v.xtr_D()
- cum2v.conj()
- cv.copy(t)
- } else {
- w.copy(d)
- d.copy(e); d.fshr(1)
- e.copy(w)
- t.copy(cumv)
- t.xtr_D()
- cumv.copy(cum2v); cumv.conj()
- cum2v.copy(t); cum2v.conj()
- t.copy(cv)
- t.xtr_D()
- cv.copy(cu)
- cu.copy(t)
- }
- }
- }
- }
- if comp(d,e)<0 {
- w.copy(d); w.imul(4); w.norm()
- if comp(e,w)<=0 {
- e.sub(d); e.norm()
- t.copy(cv)
- t.xtr_A(cu,cumv,cum2v)
- cum2v.copy(cumv)
- cumv.copy(cu)
- cu.copy(t)
- } else {
- if (e.parity()==0) {
- w.copy(d)
- d.copy(e); d.fshr(1)
- e.copy(w)
- t.copy(cumv)
- t.xtr_D()
- cumv.copy(cum2v); cumv.conj()
- cum2v.copy(t); cum2v.conj()
- t.copy(cv)
- t.xtr_D()
- cv.copy(cu)
- cu.copy(t)
- } else {
- if (d.parity()==1) {
- w.copy(e)
- e.copy(d)
- w.sub(d); w.norm()
- d.copy(w); d.fshr(1)
- t.copy(cv)
- t.xtr_A(cu,cumv,cum2v)
- cumv.conj()
- cum2v.copy(cu)
- cum2v.xtr_D()
- cum2v.conj()
- cu.copy(cv)
- cu.xtr_D()
- cv.copy(t)
- } else {
- d.fshr(1)
- r.copy(cum2v); r.conj()
- t.copy(cumv)
- t.xtr_A(cu,cv,r)
- cum2v.copy(cumv)
- cum2v.xtr_D()
- cumv.copy(t)
- cu.xtr_D()
- }
- }
- }
- }
- }
- r.copy(cv)
- r.xtr_A(cu,cumv,cum2v)
- for i:=0;i<f2;i++ {r.xtr_D()}
- r=r.xtr_pow(d)
- return r
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/go/GCM.go
----------------------------------------------------------------------
diff --git a/version22/go/GCM.go b/version22/go/GCM.go
deleted file mode 100644
index fcd7310..0000000
--- a/version22/go/GCM.go
+++ /dev/null
@@ -1,337 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/*
-* Implementation of the AES-GCM Encryption/Authentication
-*
-* Some restrictions..
-* 1. Only for use with AES
-* 2. Returned tag is always 128-bits. Truncate at your own risk.
-* 3. The order of function calls must follow some rules
-*
-* Typical sequence of calls..
-* 1. call GCM_init
-* 2. call GCM_add_header any number of times, as long as length of header is multiple of 16 bytes (block size)
-* 3. call GCM_add_header one last time with any length of header
-* 4. call GCM_add_cipher any number of times, as long as length of cipher/plaintext is multiple of 16 bytes
-* 5. call GCM_add_cipher one last time with any length of cipher/plaintext
-* 6. call GCM_finish to extract the tag.
-*
-* See http://www.mindspring.com/~dmcgrew/gcm-nist-6.pdf
-*/
-
-
-package main
-
-import
-(
-// "fmt"
- "strconv"
-)
-
-const gcm_NB int=4
-const GCM_ACCEPTING_HEADER int=0
-const GCM_ACCEPTING_CIPHER int=1
-const GCM_NOT_ACCEPTING_MORE int=2
-const GCM_FINISHED int=3
-const GCM_ENCRYPTING int=0
-const GCM_DECRYPTING int=1
-
-
-type GCM struct {
- table [128][4]uint32 /* 2k bytes */
- stateX [16]byte
- Y_0 [16]byte
- counter int
- lenA [2]uint32
- lenC [2]uint32
- status int
- a *AES
-}
-
-func gcm_pack(b [4]byte) uint32 { /* pack bytes into a 32-bit Word */
- return ((uint32(b[0])&0xff)<<24)|((uint32(b[1])&0xff)<<16)|((uint32(b[2])&0xff)<<8)|(uint32(b[3])&0xff)
-}
-
-func gcm_unpack(a uint32) [4]byte { /* unpack bytes from a word */
- var b=[4]byte{byte((a>>24)&0xff),byte((a>>16)&0xff),byte((a>>8)&0xff),byte(a&0xff)}
- return b;
-}
-
-func (G *GCM) precompute(H []byte) {
- var b [4]byte
- j:=0
- for i:=0;i<gcm_NB;i++ {
- b[0]=H[j]; b[1]=H[j+1]; b[2]=H[j+2]; b[3]=H[j+3]
- G.table[0][i]=gcm_pack(b);
- j+=4
- }
- for i:=1;i<128;i++ {
- c:=uint32(0)
- for j:=0;j<gcm_NB;j++ {G.table[i][j]=c|(G.table[i-1][j])>>1; c=G.table[i-1][j]<<31;}
- if c != 0 {G.table[i][0]^=0xE1000000} /* irreducible polynomial */
- }
-}
-
-func (G *GCM) gf2mul() { /* gf2m mul - Z=H*X mod 2^128 */
- var P [4]uint32
-
- for i:=0;i<4;i++ {P[i]=0}
- j:=uint(8); m:=0
- for i:=0;i<128;i++ {
- j--
- c:=uint32((G.stateX[m]>>j)&1); c=^c+1
- for k:=0;k<gcm_NB;k++ {P[k]^=(G.table[i][k]&c)}
- if j==0 {
- j=8; m++;
- if m==16 {break}
- }
- }
- j=0
- for i:=0;i<gcm_NB;i++ {
- b:=gcm_unpack(P[i])
- G.stateX[j]=b[0]; G.stateX[j+1]=b[1]; G.stateX[j+2]=b[2]; G.stateX[j+3]=b[3];
- j+=4
- }
-}
-
-func (G *GCM) wrap() { /* Finish off GHASH */
- var F [4]uint32
- var L [16]byte
-
- /* convert lengths from bytes to bits */
- F[0]=(G.lenA[0]<<3)|(G.lenA[1]&0xE0000000)>>29
- F[1]=G.lenA[1]<<3
- F[2]=(G.lenC[0]<<3)|(G.lenC[1]&0xE0000000)>>29
- F[3]=G.lenC[1]<<3
- j:=0
- for i:=0;i<gcm_NB;i++ {
- b:=gcm_unpack(F[i]);
- L[j]=b[0]; L[j+1]=b[1]; L[j+2]=b[2]; L[j+3]=b[3]
- j+=4
- }
- for i:=0;i<16;i++ {G.stateX[i]^=L[i]}
- G.gf2mul()
-}
-
-func (G *GCM) ghash(plain []byte,len int) bool {
- if G.status==GCM_ACCEPTING_HEADER {G.status=GCM_ACCEPTING_CIPHER}
- if G.status != GCM_ACCEPTING_CIPHER {return false}
-
- j:=0
- for (j<len) {
- for i:=0;i<16 && j<len;i++ {
- G.stateX[i]^=plain[j]; j++
- G.lenC[1]++; if G.lenC[1]==0 {G.lenC[0]++}
- }
- G.gf2mul();
- }
- if len%16 != 0 {G.status=GCM_NOT_ACCEPTING_MORE}
- return true;
- }
-
- /* Initialize GCM mode */
-func (G *GCM) Init(nk int,key []byte,niv int,iv []byte) { /* iv size niv is usually 12 bytes (96 bits). AES key size nk can be 16,24 or 32 bytes */
- var H [16]byte
-
- for i:=0;i<16;i++ {H[i]=0; G.stateX[i]=0}
-
- G.a=new(AES)
-
- G.a.Init(aes_ECB,nk,key,iv)
- G.a.ecb_encrypt(H[:]) /* E(K,0) */
- G.precompute(H[:])
-
- G.lenA[0]=0;G.lenC[0]=0;G.lenA[1]=0;G.lenC[1]=0
- if niv==12 {
- for i:=0;i<12;i++ {G.a.f[i]=iv[i]}
- b:=gcm_unpack(uint32(1))
- G.a.f[12]=b[0]; G.a.f[13]=b[1]; G.a.f[14]=b[2]; G.a.f[15]=b[3]; /* initialise IV */
- for i:=0;i<16;i++ {G.Y_0[i]=G.a.f[i]}
- } else {
- G.status=GCM_ACCEPTING_CIPHER;
- G.ghash(iv,niv) /* GHASH(H,0,IV) */
- G.wrap()
- for i:=0;i<16;i++ {G.a.f[i]=G.stateX[i];G.Y_0[i]=G.a.f[i];G.stateX[i]=0}
- G.lenA[0]=0;G.lenC[0]=0;G.lenA[1]=0;G.lenC[1]=0
- }
- G.status=GCM_ACCEPTING_HEADER
-}
-
-/* Add Header data - included but not encrypted */
-func (G *GCM) Add_header(header []byte,len int) bool { /* Add some header. Won't be encrypted, but will be authenticated. len is length of header */
- if G.status != GCM_ACCEPTING_HEADER {return false}
-
- j:=0
- for j<len {
- for i:=0;i<16 && j<len;i++ {
- G.stateX[i]^=header[j]; j++
- G.lenA[1]++; if G.lenA[1]==0 {G.lenA[0]++}
- }
- G.gf2mul();
- }
- if len%16 != 0 {G.status=GCM_ACCEPTING_CIPHER}
-
- return true;
- }
-
-/* Add Plaintext - included and encrypted */
-func (G *GCM) Add_plain(plain []byte,len int) []byte {
- var B [16]byte
- var b [4]byte
-
- cipher:=make([]byte,len)
- var counter uint32=0
- if G.status == GCM_ACCEPTING_HEADER {G.status=GCM_ACCEPTING_CIPHER}
- if G.status != GCM_ACCEPTING_CIPHER {return nil}
-
- j:=0
- for j<len {
-
- b[0]=G.a.f[12]; b[1]=G.a.f[13]; b[2]=G.a.f[14]; b[3]=G.a.f[15];
- counter=gcm_pack(b)
- counter++
- b=gcm_unpack(counter)
- G.a.f[12]=b[0]; G.a.f[13]=b[1]; G.a.f[14]=b[2]; G.a.f[15]=b[3] /* increment counter */
- for i:=0;i<16;i++ {B[i]=G.a.f[i]}
- G.a.ecb_encrypt(B[:]); /* encrypt it */
-
- for i:=0;i<16 && j<len;i++ {
- cipher[j]=(plain[j]^B[i])
- G.stateX[i]^=cipher[j]; j++
- G.lenC[1]++; if G.lenC[1]==0 {G.lenC[0]++}
- }
- G.gf2mul()
- }
- if len%16 != 0 {G.status=GCM_NOT_ACCEPTING_MORE}
- return cipher
-}
-
-/* Add Ciphertext - decrypts to plaintext */
-func (G *GCM) Add_cipher(cipher []byte,len int) []byte {
- var B [16]byte
- var b [4]byte
-
- plain:=make([]byte,len)
- var counter uint32=0
-
- if G.status==GCM_ACCEPTING_HEADER {G.status=GCM_ACCEPTING_CIPHER}
- if G.status != GCM_ACCEPTING_CIPHER {return nil}
-
- j:=0
- for j<len {
- b[0]=G.a.f[12]; b[1]=G.a.f[13]; b[2]=G.a.f[14]; b[3]=G.a.f[15]
- counter=gcm_pack(b);
- counter++
- b=gcm_unpack(counter)
- G.a.f[12]=b[0]; G.a.f[13]=b[1]; G.a.f[14]=b[2]; G.a.f[15]=b[3]; /* increment counter */
- for i:=0;i<16;i++ {B[i]=G.a.f[i]}
- G.a.ecb_encrypt(B[:]) /* encrypt it */
- for i:=0;i<16 && j<len;i++ {
- oc:=cipher[j];
- plain[j]=(cipher[j]^B[i])
- G.stateX[i]^=oc; j++
- G.lenC[1]++; if G.lenC[1]==0 {G.lenC[0]++}
- }
- G.gf2mul()
- }
- if len%16 != 0 {G.status=GCM_NOT_ACCEPTING_MORE}
- return plain
-}
-
-/* Finish and extract Tag */
-func (G *GCM) Finish(extract bool) [16]byte { /* Finish off GHASH and extract tag (MAC) */
- var tag [16]byte
-
- G.wrap()
- /* extract tag */
- if extract {
- G.a.ecb_encrypt(G.Y_0[:]); /* E(K,Y0) */
- for i:=0;i<16;i++ {G.Y_0[i]^=G.stateX[i]}
- for i:=0;i<16;i++ {tag[i]=G.Y_0[i];G.Y_0[i]=0;G.stateX[i]=0}
- }
- G.status=GCM_FINISHED
- G.a.End()
- return tag
-}
-
-func hex2bytes(s string) []byte {
- lgh:=len(s)
- data:=make([]byte,lgh/2)
-
- for i:=0;i<lgh;i+=2 {
- a,_ := strconv.ParseInt(s[i:i+2],16,32)
- data[i/2]=byte(a)
- }
- return data
-}
-
-/*
-func main() {
-
- KT:="feffe9928665731c6d6a8f9467308308"
- MT:="d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39"
- HT:="feedfacedeadbeeffeedfacedeadbeefabaddad2"
-
- NT:="9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b";
-// Tag should be 619cc5aefffe0bfa462af43c1699d050
-
- g:=new(GCM)
-
- M:=hex2bytes(MT)
- H:=hex2bytes(HT)
- N:=hex2bytes(NT)
- K:=hex2bytes(KT)
-
- lenM:=len(M)
- lenH:=len(H)
- lenK:=len(K)
- lenIV:=len(N)
-
- fmt.Printf("Plaintext=\n");
- for i:=0;i<lenM;i++ {fmt.Printf("%02x",M[i])}
- fmt.Printf("\n")
-
- g.Init(lenK,K,lenIV,N)
- g.Add_header(H,lenH)
- C:=g.Add_plain(M,lenM)
- T:=g.Finish(true)
-
- fmt.Printf("Ciphertext=\n")
- for i:=0;i<lenM;i++ {fmt.Printf("%02x",C[i])}
- fmt.Printf("\n")
-
- fmt.Printf("Tag=\n")
- for i:=0;i<16;i++ {fmt.Printf("%02x",T[i])}
- fmt.Printf("\n")
-
- g.Init(lenK,K,lenIV,N)
- g.Add_header(H,lenH)
- P:=g.Add_cipher(C,lenM)
- T=g.Finish(true)
-
- fmt.Printf("Plaintext=\n");
- for i:=0;i<lenM;i++ {fmt.Printf("%02x",P[i])}
- fmt.Printf("\n")
-
- fmt.Printf("Tag=\n");
- for i:=0;i<16;i++ {fmt.Printf("%02x",T[i])}
- fmt.Printf("\n")
-}
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/go/HASH256.go
----------------------------------------------------------------------
diff --git a/version22/go/HASH256.go b/version22/go/HASH256.go
deleted file mode 100644
index e6d30c8..0000000
--- a/version22/go/HASH256.go
+++ /dev/null
@@ -1,192 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/*
- * Implementation of the Secure Hashing Algorithm (SHA-256)
- *
- * Generates a 256 bit message digest. It should be impossible to come
- * come up with two messages that hash to the same value ("collision free").
- *
- * For use with byte-oriented messages only.
- */
-
-
-package main
-
-//import "fmt"
-
-const hash256_H0 uint32=0x6A09E667
-const hash256_H1 uint32=0xBB67AE85
-const hash256_H2 uint32=0x3C6EF372
-const hash256_H3 uint32=0xA54FF53A
-const hash256_H4 uint32=0x510E527F
-const hash256_H5 uint32=0x9B05688C
-const hash256_H6 uint32=0x1F83D9AB
-const hash256_H7 uint32=0x5BE0CD19
-
-var hash256_K = [...]uint32 {
- 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5,0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5,
- 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3,0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174,
- 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc,0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da,
- 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7,0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967,
- 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13,0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85,
- 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3,0xd192e819,0xd6990624,0xf40e3585,0x106aa070,
- 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5,0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3,
- 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208,0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2}
-
-
-type HASH256 struct {
- length [2]uint32
- h [8]uint32
- w [64]uint32
-
-}
-
-/* functions */
-func hash256_S(n uint32,x uint32) uint32 {
- return (((x)>>n) | ((x)<<(32-n)))
-}
-
-func hash256_R(n uint32,x uint32) uint32 {
- return ((x)>>n)
-}
-
-func hash256_Ch(x,y,z uint32) uint32 {
- return ((x&y)^(^(x)&z))
-}
-
-func hash256_Maj(x,y,z uint32) uint32 {
- return ((x&y)^(x&z)^(y&z))
-}
-
-func hash256_Sig0(x uint32) uint32 {
- return (hash256_S(2,x)^hash256_S(13,x)^hash256_S(22,x))
-}
-
-func hash256_Sig1(x uint32) uint32 {
- return (hash256_S(6,x)^hash256_S(11,x)^hash256_S(25,x))
-}
-
-func hash256_theta0(x uint32) uint32 {
- return (hash256_S(7,x)^hash256_S(18,x)^hash256_R(3,x));
-}
-
-func hash256_theta1(x uint32) uint32 {
- return (hash256_S(17,x)^hash256_S(19,x)^hash256_R(10,x))
-}
-
-func (H *HASH256) transform() { /* basic transformation step */
- for j:=16;j<64;j++ {
- H.w[j]=hash256_theta1(H.w[j-2])+H.w[j-7]+hash256_theta0(H.w[j-15])+H.w[j-16]
- }
- a:=H.h[0]; b:=H.h[1]; c:=H.h[2]; d:=H.h[3]
- e:=H.h[4]; f:=H.h[5]; g:=H.h[6]; hh:=H.h[7]
- for j:=0;j<64;j++ { /* 64 times - mush it up */
- t1:=hh+hash256_Sig1(e)+hash256_Ch(e,f,g)+hash256_K[j]+H.w[j]
- t2:=hash256_Sig0(a)+hash256_Maj(a,b,c)
- hh=g; g=f; f=e
- e=d+t1
- d=c
- c=b
- b=a
- a=t1+t2
- }
- H.h[0]+=a; H.h[1]+=b; H.h[2]+=c; H.h[3]+=d
- H.h[4]+=e; H.h[5]+=f; H.h[6]+=g; H.h[7]+=hh
-}
-
-/* Initialise Hash function */
-func (H *HASH256) Init() { /* initialise */
- for i:=0;i<64;i++ {H.w[i]=0}
- H.length[0]=0; H.length[1]=0
- H.h[0]=hash256_H0
- H.h[1]=hash256_H1
- H.h[2]=hash256_H2
- H.h[3]=hash256_H3
- H.h[4]=hash256_H4
- H.h[5]=hash256_H5
- H.h[6]=hash256_H6
- H.h[7]=hash256_H7
-}
-
-func NewHASH256() *HASH256 {
- H:= new(HASH256)
- H.Init()
- return H
-}
-
-/* process a single byte */
-func (H *HASH256) Process(byt byte) { /* process the next message byte */
- cnt:=(H.length[0]/32)%16;
-
- H.w[cnt]<<=8;
- H.w[cnt]|=uint32(byt&0xFF);
- H.length[0]+=8;
- if H.length[0]==0 {H.length[1]++; H.length[0]=0}
- if (H.length[0]%512)==0 {H.transform()}
-}
-
-/* process an array of bytes */
-func (H *HASH256) Process_array(b []byte) {
- for i:=0;i<len(b);i++ {H.Process((b[i]))}
-}
-
-/* process a 32-bit integer */
-func (H *HASH256) Process_num(n int32) {
- H.Process(byte((n>>24)&0xff));
- H.Process(byte((n>>16)&0xff));
- H.Process(byte((n>>8)&0xff));
- H.Process(byte(n&0xff));
-}
-
-/* Generate 32-byte Hash */
-func (H *HASH256) Hash() []byte { /* pad message and finish - supply digest */
- var digest [32]byte
- len0:=H.length[0]
- len1:=H.length[1]
- H.Process(0x80);
- for (H.length[0]%512)!=448 {H.Process(0)}
- H.w[14]=len1;
- H.w[15]=len0;
- H.transform();
- for i:=0;i<32;i++ { /* convert to bytes */
- digest[i]=byte((H.h[i/4]>>uint(8*(3-i%4))) & 0xff);
- }
- H.Init()
- return digest[0:32]
-}
-
-/* test program: should produce digest */
-
-//248d6a61 d20638b8 e5c02693 0c3e6039 a33ce459 64ff2167 f6ecedd4 19db06c1
-/*
-func main() {
-
- test := []byte("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq")
- sh:=NewHASH256()
-
- for i:=0;i<len(test);i++ {
- sh.Process(test[i])
- }
-
- digest:=sh.Hash()
- for i:=0;i<32;i++ {fmt.Printf("%02x",digest[i])}
-
-} */
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/go/HASH384.go
----------------------------------------------------------------------
diff --git a/version22/go/HASH384.go b/version22/go/HASH384.go
deleted file mode 100644
index ee3e535..0000000
--- a/version22/go/HASH384.go
+++ /dev/null
@@ -1,204 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/*
- * Implementation of the Secure Hashing Algorithm (SHA-384)
- *
- * Generates a 384 bit message digest. It should be impossible to come
- * come up with two messages that hash to the same value ("collision free").
- *
- * For use with byte-oriented messages only.
- */
-
-
-package main
-
-//import "fmt"
-
-const hash384_H0 uint64=0xcbbb9d5dc1059ed8
-const hash384_H1 uint64=0x629a292a367cd507
-const hash384_H2 uint64=0x9159015a3070dd17
-const hash384_H3 uint64=0x152fecd8f70e5939
-const hash384_H4 uint64=0x67332667ffc00b31
-const hash384_H5 uint64=0x8eb44a8768581511
-const hash384_H6 uint64=0xdb0c2e0d64f98fa7
-const hash384_H7 uint64=0x47b5481dbefa4fa4
-
-var hash384_K = [...]uint64 {
- 0x428a2f98d728ae22,0x7137449123ef65cd,0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc,
- 0x3956c25bf348b538,0x59f111f1b605d019,0x923f82a4af194f9b,0xab1c5ed5da6d8118,
- 0xd807aa98a3030242,0x12835b0145706fbe,0x243185be4ee4b28c,0x550c7dc3d5ffb4e2,
- 0x72be5d74f27b896f,0x80deb1fe3b1696b1,0x9bdc06a725c71235,0xc19bf174cf692694,
- 0xe49b69c19ef14ad2,0xefbe4786384f25e3,0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65,
- 0x2de92c6f592b0275,0x4a7484aa6ea6e483,0x5cb0a9dcbd41fbd4,0x76f988da831153b5,
- 0x983e5152ee66dfab,0xa831c66d2db43210,0xb00327c898fb213f,0xbf597fc7beef0ee4,
- 0xc6e00bf33da88fc2,0xd5a79147930aa725,0x06ca6351e003826f,0x142929670a0e6e70,
- 0x27b70a8546d22ffc,0x2e1b21385c26c926,0x4d2c6dfc5ac42aed,0x53380d139d95b3df,
- 0x650a73548baf63de,0x766a0abb3c77b2a8,0x81c2c92e47edaee6,0x92722c851482353b,
- 0xa2bfe8a14cf10364,0xa81a664bbc423001,0xc24b8b70d0f89791,0xc76c51a30654be30,
- 0xd192e819d6ef5218,0xd69906245565a910,0xf40e35855771202a,0x106aa07032bbd1b8,
- 0x19a4c116b8d2d0c8,0x1e376c085141ab53,0x2748774cdf8eeb99,0x34b0bcb5e19b48a8,
- 0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb,0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3,
- 0x748f82ee5defb2fc,0x78a5636f43172f60,0x84c87814a1f0ab72,0x8cc702081a6439ec,
- 0x90befffa23631e28,0xa4506cebde82bde9,0xbef9a3f7b2c67915,0xc67178f2e372532b,
- 0xca273eceea26619c,0xd186b8c721c0c207,0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178,
- 0x06f067aa72176fba,0x0a637dc5a2c898a6,0x113f9804bef90dae,0x1b710b35131c471b,
- 0x28db77f523047d84,0x32caab7b40c72493,0x3c9ebe0a15c9bebc,0x431d67c49c100d4c,
- 0x4cc5d4becb3e42b6,0x597f299cfc657e2a,0x5fcb6fab3ad6faec,0x6c44198c4a475817}
-
-
-type HASH384 struct {
- length [2]uint64
- h [8]uint64
- w [80]uint64
-
-}
-
-/* functions */
-func hash384_S(n uint64,x uint64) uint64 {
- return (((x)>>n) | ((x)<<(64-n)))
-}
-
-func hash384_R(n uint64,x uint64) uint64 {
- return ((x)>>n)
-}
-
-func hash384_Ch(x,y,z uint64) uint64 {
- return ((x&y)^(^(x)&z))
-}
-
-func hash384_Maj(x,y,z uint64) uint64 {
- return ((x&y)^(x&z)^(y&z))
-}
-
-func hash384_Sig0(x uint64) uint64 {
- return (hash384_S(28,x)^hash384_S(34,x)^hash384_S(39,x))
-}
-
-func hash384_Sig1(x uint64) uint64 {
- return (hash384_S(14,x)^hash384_S(18,x)^hash384_S(41,x))
-}
-
-func hash384_theta0(x uint64) uint64 {
- return (hash384_S(1,x)^hash384_S(8,x)^hash384_R(7,x));
-}
-
-func hash384_theta1(x uint64) uint64 {
- return (hash384_S(19,x)^hash384_S(61,x)^hash384_R(6,x))
-}
-
-func (H *HASH384) transform() { /* basic transformation step */
- for j:=16;j<80;j++ {
- H.w[j]=hash384_theta1(H.w[j-2])+H.w[j-7]+hash384_theta0(H.w[j-15])+H.w[j-16]
- }
- a:=H.h[0]; b:=H.h[1]; c:=H.h[2]; d:=H.h[3]
- e:=H.h[4]; f:=H.h[5]; g:=H.h[6]; hh:=H.h[7]
- for j:=0;j<80;j++ { /* 80 times - mush it up */
- t1:=hh+hash384_Sig1(e)+hash384_Ch(e,f,g)+hash384_K[j]+H.w[j]
- t2:=hash384_Sig0(a)+hash384_Maj(a,b,c)
- hh=g; g=f; f=e
- e=d+t1
- d=c
- c=b
- b=a
- a=t1+t2
- }
- H.h[0]+=a; H.h[1]+=b; H.h[2]+=c; H.h[3]+=d
- H.h[4]+=e; H.h[5]+=f; H.h[6]+=g; H.h[7]+=hh
-}
-
-/* Initialise Hash function */
-func (H *HASH384) Init() { /* initialise */
- for i:=0;i<80;i++ {H.w[i]=0}
- H.length[0]=0; H.length[1]=0
- H.h[0]=hash384_H0
- H.h[1]=hash384_H1
- H.h[2]=hash384_H2
- H.h[3]=hash384_H3
- H.h[4]=hash384_H4
- H.h[5]=hash384_H5
- H.h[6]=hash384_H6
- H.h[7]=hash384_H7
-}
-
-func NewHASH384() *HASH384 {
- H:= new(HASH384)
- H.Init()
- return H
-}
-
-/* process a single byte */
-func (H *HASH384) Process(byt byte) { /* process the next message byte */
- cnt:=(H.length[0]/64)%16;
-
- H.w[cnt]<<=8;
- H.w[cnt]|=uint64(byt&0xFF);
- H.length[0]+=8;
- if H.length[0]==0 {H.length[1]++; H.length[0]=0}
- if (H.length[0]%1024)==0 {H.transform()}
-}
-
-/* process an array of bytes */
-func (H *HASH384) Process_array(b []byte) {
- for i:=0;i<len(b);i++ {H.Process((b[i]))}
-}
-
-/* process a 32-bit integer */
-func (H *HASH384) Process_num(n int32) {
- H.Process(byte((n>>24)&0xff));
- H.Process(byte((n>>16)&0xff));
- H.Process(byte((n>>8)&0xff));
- H.Process(byte(n&0xff));
-}
-
-/* Generate 32-byte Hash */
-func (H *HASH384) Hash() []byte { /* pad message and finish - supply digest */
- var digest [48]byte
- len0:=H.length[0]
- len1:=H.length[1]
- H.Process(0x80);
- for (H.length[0]%1024)!=896 {H.Process(0)}
- H.w[14]=len1;
- H.w[15]=len0;
- H.transform();
- for i:=0;i<48;i++ { /* convert to bytes */
- digest[i]=byte((H.h[i/8]>>uint(8*(7-i%8))) & 0xff);
- }
- H.Init()
- return digest[0:48]
-}
-
-/* test program: should produce digest */
-
-//09330c33f71147e8 3d192fc782cd1b47 53111b173b3b05d2 2fa08086e3b0f712 fcc7c71a557e2db9 66c3e9fa91746039
-/*
-func main() {
-
- test := []byte("abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu")
- sh:=NewHASH384()
-
- for i:=0;i<len(test);i++ {
- sh.Process(test[i])
- }
-
- digest:=sh.Hash()
- for i:=0;i<48;i++ {fmt.Printf("%02x",digest[i])}
-
-}
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/go/HASH512.go
----------------------------------------------------------------------
diff --git a/version22/go/HASH512.go b/version22/go/HASH512.go
deleted file mode 100644
index be274f3..0000000
--- a/version22/go/HASH512.go
+++ /dev/null
@@ -1,204 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/*
- * Implementation of the Secure Hashing Algorithm (SHA-384)
- *
- * Generates a 384 bit message digest. It should be impossible to come
- * come up with two messages that hash to the same value ("collision free").
- *
- * For use with byte-oriented messages only.
- */
-
-
-package main
-
-//import "fmt"
-
-const hash512_H0 uint64=0x6a09e667f3bcc908
-const hash512_H1 uint64=0xbb67ae8584caa73b
-const hash512_H2 uint64=0x3c6ef372fe94f82b
-const hash512_H3 uint64=0xa54ff53a5f1d36f1
-const hash512_H4 uint64=0x510e527fade682d1
-const hash512_H5 uint64=0x9b05688c2b3e6c1f
-const hash512_H6 uint64=0x1f83d9abfb41bd6b
-const hash512_H7 uint64=0x5be0cd19137e2179
-
-var hash512_K = [...]uint64 {
- 0x428a2f98d728ae22,0x7137449123ef65cd,0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc,
- 0x3956c25bf348b538,0x59f111f1b605d019,0x923f82a4af194f9b,0xab1c5ed5da6d8118,
- 0xd807aa98a3030242,0x12835b0145706fbe,0x243185be4ee4b28c,0x550c7dc3d5ffb4e2,
- 0x72be5d74f27b896f,0x80deb1fe3b1696b1,0x9bdc06a725c71235,0xc19bf174cf692694,
- 0xe49b69c19ef14ad2,0xefbe4786384f25e3,0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65,
- 0x2de92c6f592b0275,0x4a7484aa6ea6e483,0x5cb0a9dcbd41fbd4,0x76f988da831153b5,
- 0x983e5152ee66dfab,0xa831c66d2db43210,0xb00327c898fb213f,0xbf597fc7beef0ee4,
- 0xc6e00bf33da88fc2,0xd5a79147930aa725,0x06ca6351e003826f,0x142929670a0e6e70,
- 0x27b70a8546d22ffc,0x2e1b21385c26c926,0x4d2c6dfc5ac42aed,0x53380d139d95b3df,
- 0x650a73548baf63de,0x766a0abb3c77b2a8,0x81c2c92e47edaee6,0x92722c851482353b,
- 0xa2bfe8a14cf10364,0xa81a664bbc423001,0xc24b8b70d0f89791,0xc76c51a30654be30,
- 0xd192e819d6ef5218,0xd69906245565a910,0xf40e35855771202a,0x106aa07032bbd1b8,
- 0x19a4c116b8d2d0c8,0x1e376c085141ab53,0x2748774cdf8eeb99,0x34b0bcb5e19b48a8,
- 0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb,0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3,
- 0x748f82ee5defb2fc,0x78a5636f43172f60,0x84c87814a1f0ab72,0x8cc702081a6439ec,
- 0x90befffa23631e28,0xa4506cebde82bde9,0xbef9a3f7b2c67915,0xc67178f2e372532b,
- 0xca273eceea26619c,0xd186b8c721c0c207,0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178,
- 0x06f067aa72176fba,0x0a637dc5a2c898a6,0x113f9804bef90dae,0x1b710b35131c471b,
- 0x28db77f523047d84,0x32caab7b40c72493,0x3c9ebe0a15c9bebc,0x431d67c49c100d4c,
- 0x4cc5d4becb3e42b6,0x597f299cfc657e2a,0x5fcb6fab3ad6faec,0x6c44198c4a475817}
-
-
-type HASH512 struct {
- length [2]uint64
- h [8]uint64
- w [80]uint64
-
-}
-
-/* functions */
-func hash512_S(n uint64,x uint64) uint64 {
- return (((x)>>n) | ((x)<<(64-n)))
-}
-
-func hash512_R(n uint64,x uint64) uint64 {
- return ((x)>>n)
-}
-
-func hash512_Ch(x,y,z uint64) uint64 {
- return ((x&y)^(^(x)&z))
-}
-
-func hash512_Maj(x,y,z uint64) uint64 {
- return ((x&y)^(x&z)^(y&z))
-}
-
-func hash512_Sig0(x uint64) uint64 {
- return (hash512_S(28,x)^hash512_S(34,x)^hash512_S(39,x))
-}
-
-func hash512_Sig1(x uint64) uint64 {
- return (hash512_S(14,x)^hash512_S(18,x)^hash512_S(41,x))
-}
-
-func hash512_theta0(x uint64) uint64 {
- return (hash512_S(1,x)^hash512_S(8,x)^hash512_R(7,x));
-}
-
-func hash512_theta1(x uint64) uint64 {
- return (hash512_S(19,x)^hash512_S(61,x)^hash512_R(6,x))
-}
-
-func (H *HASH512) transform() { /* basic transformation step */
- for j:=16;j<80;j++ {
- H.w[j]=hash512_theta1(H.w[j-2])+H.w[j-7]+hash512_theta0(H.w[j-15])+H.w[j-16]
- }
- a:=H.h[0]; b:=H.h[1]; c:=H.h[2]; d:=H.h[3]
- e:=H.h[4]; f:=H.h[5]; g:=H.h[6]; hh:=H.h[7]
- for j:=0;j<80;j++ { /* 80 times - mush it up */
- t1:=hh+hash512_Sig1(e)+hash512_Ch(e,f,g)+hash512_K[j]+H.w[j]
- t2:=hash512_Sig0(a)+hash512_Maj(a,b,c)
- hh=g; g=f; f=e
- e=d+t1
- d=c
- c=b
- b=a
- a=t1+t2
- }
- H.h[0]+=a; H.h[1]+=b; H.h[2]+=c; H.h[3]+=d
- H.h[4]+=e; H.h[5]+=f; H.h[6]+=g; H.h[7]+=hh
-}
-
-/* Initialise Hash function */
-func (H *HASH512) Init() { /* initialise */
- for i:=0;i<80;i++ {H.w[i]=0}
- H.length[0]=0; H.length[1]=0
- H.h[0]=hash512_H0
- H.h[1]=hash512_H1
- H.h[2]=hash512_H2
- H.h[3]=hash512_H3
- H.h[4]=hash512_H4
- H.h[5]=hash512_H5
- H.h[6]=hash512_H6
- H.h[7]=hash512_H7
-}
-
-func NewHASH512() *HASH512 {
- H:= new(HASH512)
- H.Init()
- return H
-}
-
-/* process a single byte */
-func (H *HASH512) Process(byt byte) { /* process the next message byte */
- cnt:=(H.length[0]/64)%16;
-
- H.w[cnt]<<=8;
- H.w[cnt]|=uint64(byt&0xFF);
- H.length[0]+=8;
- if H.length[0]==0 {H.length[1]++; H.length[0]=0}
- if (H.length[0]%1024)==0 {H.transform()}
-}
-
-/* process an array of bytes */
-func (H *HASH512) Process_array(b []byte) {
- for i:=0;i<len(b);i++ {H.Process((b[i]))}
-}
-
-/* process a 32-bit integer */
-func (H *HASH512) Process_num(n int32) {
- H.Process(byte((n>>24)&0xff));
- H.Process(byte((n>>16)&0xff));
- H.Process(byte((n>>8)&0xff));
- H.Process(byte(n&0xff));
-}
-
-/* Generate 32-byte Hash */
-func (H *HASH512) Hash() []byte { /* pad message and finish - supply digest */
- var digest [64]byte
- len0:=H.length[0]
- len1:=H.length[1]
- H.Process(0x80);
- for (H.length[0]%1024)!=896 {H.Process(0)}
- H.w[14]=len1;
- H.w[15]=len0;
- H.transform();
- for i:=0;i<64;i++ { /* convert to bytes */
- digest[i]=byte((H.h[i/8]>>uint(8*(7-i%8))) & 0xff);
- }
- H.Init()
- return digest[0:64]
-}
-
-/* test program: should produce digest */
-
-//8e959b75dae313da 8cf4f72814fc143f 8f7779c6eb9f7fa1 7299aeadb6889018 501d289e4900f7e4 331b99dec4b5433a c7d329eeb6dd2654 5e96e55b874be909
-/*
-func main() {
-
- test := []byte("abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu")
- sh:=NewHASH512()
-
- for i:=0;i<len(test);i++ {
- sh.Process(test[i])
- }
-
- digest:=sh.Hash()
- for i:=0;i<64;i++ {fmt.Printf("%02x",digest[i])}
-
-}
-*/
[05/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/cpp/amcl.h
----------------------------------------------------------------------
diff --git a/version3/cpp/amcl.h b/version3/cpp/amcl.h
deleted file mode 100644
index 4b88f07..0000000
--- a/version3/cpp/amcl.h
+++ /dev/null
@@ -1,585 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-
-#ifndef AMCL_H
-#define AMCL_H
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdbool.h>
-#include <inttypes.h>
-#include "arch.h"
-
-namespace amcl {
-
-/* modulus types */
-
-#define NOT_SPECIAL 0 /**< Modulus of no exploitable form */
-#define PSEUDO_MERSENNE 1 /**< Pseudo-mersenne modulus of form $2^n-c$ */
-#define MONTGOMERY_FRIENDLY 3 /**< Montgomery Friendly modulus of form $2^a(2^b-c)-1$ */
-#define GENERALISED_MERSENNE 2 /**< Generalised-mersenne modulus of form $2^n-2^m-1$, GOLDILOCKS only */
-
-
-/* Curve types */
-
-#define WEIERSTRASS 0 /**< Short Weierstrass form curve */
-#define EDWARDS 1 /**< Edwards or Twisted Edwards curve */
-#define MONTGOMERY 2 /**< Montgomery form curve */
-
-/* Pairing-Friendly types */
-
-#define NOT 0
-#define BN 1
-#define BLS 2
-
-#define D_TYPE 0
-#define M_TYPE 1
-
-/**
- * @brief SHA256 hash function instance */
-typedef struct
-{
- unsign32 length[2]; /**< 64-bit input length */
- unsign32 h[8]; /**< Internal state */
- unsign32 w[80]; /**< Internal state */
- int hlen; /**< Hash length in bytes */
-} hash256;
-
-/**
- * @brief SHA384-512 hash function instance */
-typedef struct
-{
- unsign64 length[2]; /**< 64-bit input length */
- unsign64 h[8]; /**< Internal state */
- unsign64 w[80]; /**< Internal state */
- int hlen; /**< Hash length in bytes */
-} hash512;
-
-/**
- * @brief SHA384 hash function instance */
-typedef hash512 hash384;
-
-/**
- * @brief SHA3 hash function instance */
-typedef struct {
- unsign64 length;
- unsign64 S[5][5];
- int rate,len;
-} sha3;
-
-#define SHA256 32 /**< SHA-256 hashing */
-#define SHA384 48 /**< SHA-384 hashing */
-#define SHA512 64 /**< SHA-512 hashing */
-
-#define SHA3_HASH224 28 /**< SHA3 224 bit hash */
-#define SHA3_HASH256 32 /**< SHA3 256 bit hash */
-#define SHA3_HASH384 48 /**< SHA3 384 bit hash */
-#define SHA3_HASH512 64 /**< SHA3 512 bit hash */
-
-#define SHAKE128 16 /**< SHAKE128 hash */
-#define SHAKE256 32 /**< SHAKE256 hash */
-
-
-/* NewHope parameters */
-
-//q= 12289
-
-#define RLWE_PRIME 0x3001 // q in Hex
-#define RLWE_LGN 10 // Degree n=2^LGN
-#define RLWE_ND 0xF7002FFF // 1/(R-q) mod R
-#define RLWE_ONE 0x2AC8 // R mod q
-#define RLWE_R2MODP 0x1620 // R^2 mod q
-
-/* Symmetric Encryption AES structure */
-
-#define ECB 0 /**< Electronic Code Book */
-#define CBC 1 /**< Cipher Block Chaining */
-#define CFB1 2 /**< Cipher Feedback - 1 byte */
-#define CFB2 3 /**< Cipher Feedback - 2 bytes */
-#define CFB4 5 /**< Cipher Feedback - 4 bytes */
-#define OFB1 14 /**< Output Feedback - 1 byte */
-#define OFB2 15 /**< Output Feedback - 2 bytes */
-#define OFB4 17 /**< Output Feedback - 4 bytes */
-#define OFB8 21 /**< Output Feedback - 8 bytes */
-#define OFB16 29 /**< Output Feedback - 16 bytes */
-#define CTR1 30 /**< Counter Mode - 1 byte */
-#define CTR2 31 /**< Counter Mode - 2 bytes */
-#define CTR4 33 /**< Counter Mode - 4 bytes */
-#define CTR8 37 /**< Counter Mode - 8 bytes */
-#define CTR16 45 /**< Counter Mode - 16 bytes */
-
-#define uchar unsigned char /**< Unsigned char */
-
-/**
- @brief AES instance
-*/
-
-
-typedef struct
-{
- int Nk; /**< AES Key Length */
- int Nr; /**< AES Number of rounds */
- int mode; /**< AES mode of operation */
- unsign32 fkey[60]; /**< subkeys for encrypton */
- unsign32 rkey[60]; /**< subkeys for decrypton */
- char f[16]; /**< buffer for chaining vector */
-} aes;
-
-/* AES-GCM suppport. */
-
-#define GCM_ACCEPTING_HEADER 0 /**< GCM status */
-#define GCM_ACCEPTING_CIPHER 1 /**< GCM status */
-#define GCM_NOT_ACCEPTING_MORE 2 /**< GCM status */
-#define GCM_FINISHED 3 /**< GCM status */
-#define GCM_ENCRYPTING 0 /**< GCM mode */
-#define GCM_DECRYPTING 1 /**< GCM mode */
-
-
-/**
- @brief GCM mode instance, using AES internally
-*/
-
-typedef struct
-{
- unsign32 table[128][4]; /**< 2k byte table */
- uchar stateX[16]; /**< GCM Internal State */
- uchar Y_0[16]; /**< GCM Internal State */
- unsign32 lenA[2]; /**< GCM 64-bit length of header */
- unsign32 lenC[2]; /**< GCM 64-bit length of ciphertext */
- int status; /**< GCM Status */
- aes a; /**< Internal Instance of aes cipher */
-} gcm;
-
-/* Marsaglia & Zaman Random number generator constants */
-
-#define NK 21 /**< PRNG constant */
-#define NJ 6 /**< PRNG constant */
-#define NV 8 /**< PRNG constant */
-
-
-/**
- @brief Cryptographically secure pseudo-random number generator instance
-*/
-
-typedef struct
-{
- unsign32 ira[NK]; /**< random number array */
- int rndptr; /**< pointer into array */
- unsign32 borrow; /**< borrow as a result of subtraction */
- int pool_ptr; /**< pointer into random pool */
- char pool[32]; /**< random pool */
-} csprng;
-
-
-/**
- @brief Portable representation of a big positive number
-*/
-
-typedef struct
-{
- int len; /**< length in bytes */
- int max; /**< max length allowed - enforce truncation */
- char *val; /**< byte array */
-} octet;
-
-
-/* Octet string handlers */
-/** @brief Formats and outputs an octet to the console in hex
- *
- @param O Octet to be output
- */
-extern void OCT_output(octet *O);
-/** @brief Formats and outputs an octet to the console as a character string
- *
- @param O Octet to be output
- */
-extern void OCT_output_string(octet *O);
-/** @brief Wipe clean an octet
- *
- @param O Octet to be cleaned
- */
-extern void OCT_clear(octet *O);
-/** @brief Compare two octets
- *
- @param O first Octet to be compared
- @param P second Octet to be compared
- @return 1 if equal, else 0
- */
-extern int OCT_comp(octet *O,octet *P);
-
-
-/** @brief Compare first n bytes of two octets
- *
- @param O first Octet to be compared
- @param P second Octet to be compared
- @param n number of bytes to compare
- @return 1 if equal, else 0
- */
-extern int OCT_ncomp(octet *O,octet *P,int n);
-/** @brief Join from a C string to end of an octet
- *
- Truncates if there is no room
- @param O Octet to be written to
- @param s zero terminated string to be joined to octet
- */
-extern void OCT_jstring(octet *O,char *s);
-/** @brief Join bytes to end of an octet
- *
- Truncates if there is no room
- @param O Octet to be written to
- @param s bytes to be joined to end of octet
- @param n number of bytes to join
- */
-extern void OCT_jbytes(octet *O,char *s,int n);
-/** @brief Join single byte to end of an octet, repeated n times
- *
- Truncates if there is no room
- @param O Octet to be written to
- @param b byte to be joined to end of octet
- @param n number of times b is to be joined
- */
-extern void OCT_jbyte(octet *O,int b,int n);
-/** @brief Join one octet to the end of another
- *
- Truncates if there is no room
- @param O Octet to be written to
- @param P Octet to be joined to the end of O
- */
-extern void OCT_joctet(octet *O,octet *P);
-/** @brief XOR common bytes of a pair of Octets
- *
- @param O Octet - on exit = O xor P
- @param P Octet to be xored into O
- */
-extern void OCT_xor(octet *O,octet *P);
-/** @brief reset Octet to zero length
- *
- @param O Octet to be emptied
- */
-extern void OCT_empty(octet *O);
-/** @brief Pad out an Octet to the given length
- *
- Padding is done by inserting leading zeros, so abcd becomes 00abcd
- @param O Octet to be padded
- @param n new length of Octet
- */
-extern int OCT_pad(octet *O,int n);
-/** @brief Convert an Octet to printable base64 number
- *
- @param b zero terminated byte array to take base64 conversion
- @param O Octet to be converted
- */
-extern void OCT_tobase64(char *b,octet *O);
-/** @brief Populate an Octet from base64 number
- *
- @param O Octet to be populated
- @param b zero terminated base64 string
-
- */
-extern void OCT_frombase64(octet *O,char *b);
-/** @brief Copy one Octet into another
- *
- @param O Octet to be copied to
- @param P Octet to be copied from
-
- */
-extern void OCT_copy(octet *O,octet *P);
-/** @brief XOR every byte of an octet with input m
- *
- @param O Octet
- @param m byte to be XORed with every byte of O
-
- */
-extern void OCT_xorbyte(octet *O,int m);
-/** @brief Chops Octet into two, leaving first n bytes in O, moving the rest to P
- *
- @param O Octet to be chopped
- @param P new Octet to be created
- @param n number of bytes to chop off O
-
- */
-extern void OCT_chop(octet *O,octet *P,int n);
-/** @brief Join n bytes of integer m to end of Octet O (big endian)
- *
- Typically n is 4 for a 32-bit integer
- @param O Octet to be appended to
- @param m integer to be appended to O
- @param n number of bytes in m
-
- */
-extern void OCT_jint(octet *O,int m,int n);
-/** @brief Create an Octet from bytes taken from a random number generator
- *
- Truncates if there is no room
- @param O Octet to be populated
- @param R an instance of a Cryptographically Secure Random Number Generator
- @param n number of bytes to extracted from R
-
- */
-extern void OCT_rand(octet *O,csprng *R,int n);
-/** @brief Shifts Octet left by n bytes
- *
- Leftmost bytes disappear
- @param O Octet to be shifted
- @param n number of bytes to shift
-
- */
-extern void OCT_shl(octet *O,int n);
-/** @brief Convert a hex number to an Octet
- *
- @param dst Octet
- @param src Hex string to be converted
- */
-extern void OCT_fromHex(octet *dst,char *src);
-/** @brief Convert an Octet to printable hex number
- *
- @param dst hex value
- @param src Octet to be converted
- */
-extern void OCT_toHex(octet *src,char *dst);
-/** @brief Convert an Octet to string
- *
- @param dst string value
- @param src Octet to be converted
- */
-extern void OCT_toStr(octet *src,char *dst);
-
-
-
-/* Hash function */
-/** @brief Initialise an instance of SHA256
- *
- @param H an instance SHA256
- */
-extern void HASH256_init(hash256 *H);
-/** @brief Add a byte to the hash
- *
- @param H an instance SHA256
- @param b byte to be included in hash
- */
-extern void HASH256_process(hash256 *H,int b);
-/** @brief Generate 32-byte hash
- *
- @param H an instance SHA256
- @param h is the output 32-byte hash
- */
-extern void HASH256_hash(hash256 *H,char *h);
-
-
-/** @brief Initialise an instance of SHA384
- *
- @param H an instance SHA384
- */
-extern void HASH384_init(hash384 *H);
-/** @brief Add a byte to the hash
- *
- @param H an instance SHA384
- @param b byte to be included in hash
- */
-extern void HASH384_process(hash384 *H,int b);
-/** @brief Generate 48-byte hash
- *
- @param H an instance SHA384
- @param h is the output 48-byte hash
- */
-extern void HASH384_hash(hash384 *H,char *h);
-
-
-/** @brief Initialise an instance of SHA512
- *
- @param H an instance SHA512
- */
-extern void HASH512_init(hash512 *H);
-/** @brief Add a byte to the hash
- *
- @param H an instance SHA512
- @param b byte to be included in hash
- */
-extern void HASH512_process(hash512 *H,int b);
-/** @brief Generate 64-byte hash
- *
- @param H an instance SHA512
- @param h is the output 64-byte hash
- */
-extern void HASH512_hash(hash512 *H,char *h);
-
-
-/** @brief Initialise an instance of SHA3
- *
- @param H an instance SHA3
- @param t the instance type
- */
-extern void SHA3_init(sha3 *H,int t);
-/** @brief process a byte for SHA3
- *
- @param H an instance SHA3
- @param b a byte of date to be processed
- */
-extern void SHA3_process(sha3 *H,int b);
-/** @brief create fixed length hash output of SHA3
- *
- @param H an instance SHA3
- @param h a byte array to take hash
- */
-extern void SHA3_hash(sha3 *H,char *h);
-/** @brief create variable length hash output of SHA3
- *
- @param H an instance SHA3
- @param h a byte array to take hash
- @param len is the length of the hash
- */
-extern void SHA3_shake(sha3 *H,char *h,int len);
-/** @brief generate further hash output of SHA3
- *
- @param H an instance SHA3
- @param h a byte array to take hash
- @param len is the length of the hash
- */
-extern void SHA3_squeeze(sha3 *H,char *h,int len);
-
-
-
-/* AES functions */
-/** @brief Reset AES mode or IV
- *
- @param A an instance of the aes
- @param m is the new active mode of operation (ECB, CBC, OFB, CFB etc)
- @param iv the new Initialisation Vector
- */
-extern void AES_reset(aes *A,int m,char *iv);
-/** @brief Extract chaining vector from aes instance
- *
- @param A an instance of the aes
- @param f the extracted chaining vector
- */
-extern void AES_getreg(aes *A,char * f);
-/** @brief Initialise an instance of aes and its mode of operation
- *
- @param A an instance aes
- @param m is the active mode of operation (ECB, CBC, OFB, CFB etc)
- @param n is the key length in bytes, 16, 24 or 32
- @param k the AES key as an array of 16 bytes
- @param iv the Initialisation Vector
- @return 0 for invalid n
- */
-extern int AES_init(aes *A,int m,int n,char *k,char *iv);
-/** @brief Encrypt a single 16 byte block in ECB mode
- *
- @param A an instance of the aes
- @param b is an array of 16 plaintext bytes, on exit becomes ciphertext
- */
-extern void AES_ecb_encrypt(aes *A,uchar * b);
-/** @brief Decrypt a single 16 byte block in ECB mode
- *
- @param A an instance of the aes
- @param b is an array of 16 cipherext bytes, on exit becomes plaintext
- */
-extern void AES_ecb_decrypt(aes *A,uchar * b);
-/** @brief Encrypt a single 16 byte block in active mode
- *
- @param A an instance of the aes
- @param b is an array of 16 plaintext bytes, on exit becomes ciphertext
- @return 0, or overflow bytes from CFB mode
- */
-extern unsign32 AES_encrypt(aes *A,char *b );
-/** @brief Decrypt a single 16 byte block in active mode
- *
- @param A an instance of the aes
- @param b is an array of 16 ciphertext bytes, on exit becomes plaintext
- @return 0, or overflow bytes from CFB mode
- */
-extern unsign32 AES_decrypt(aes *A,char *b);
-/** @brief Clean up after application of AES
- *
- @param A an instance of the aes
- */
-extern void AES_end(aes *A);
-
-
-/* AES-GCM functions */
-/** @brief Initialise an instance of AES-GCM mode
- *
- @param G an instance AES-GCM
- @param nk is the key length in bytes, 16, 24 or 32
- @param k the AES key as an array of 16 bytes
- @param n the number of bytes in the Initialisation Vector (IV)
- @param iv the IV
- */
-extern void GCM_init(gcm *G,int nk,char *k,int n,char *iv);
-/** @brief Add header (material to be authenticated but not encrypted)
- *
- Note that this function can be called any number of times with n a multiple of 16, and then one last time with any value for n
- @param G an instance AES-GCM
- @param b is the header material to be added
- @param n the number of bytes in the header
- */
-extern int GCM_add_header(gcm *G,char *b,int n);
-/** @brief Add plaintext and extract ciphertext
- *
- Note that this function can be called any number of times with n a multiple of 16, and then one last time with any value for n
- @param G an instance AES-GCM
- @param c is the ciphertext generated
- @param p is the plaintext material to be added
- @param n the number of bytes in the plaintext
- */
-extern int GCM_add_plain(gcm *G,char *c,char *p,int n);
-/** @brief Add ciphertext and extract plaintext
- *
- Note that this function can be called any number of times with n a multiple of 16, and then one last time with any value for n
- @param G an instance AES-GCM
- @param p is the plaintext generated
- @param c is the ciphertext material to be added
- @param n the number of bytes in the ciphertext
- */
-extern int GCM_add_cipher(gcm *G,char *p,char *c,int n);
-/** @brief Finish off and extract authentication tag (HMAC)
- *
- @param G is an active instance AES-GCM
- @param t is the output 16 byte authentication tag
- */
-extern void GCM_finish(gcm *G,char *t);
-
-
-
-/* random numbers */
-/** @brief Seed a random number generator from an array of bytes
- *
- The provided seed should be truly random
- @param R an instance of a Cryptographically Secure Random Number Generator
- @param n the number of seed bytes provided
- @param b an array of seed bytes
-
- */
-extern void RAND_seed(csprng *R,int n,char *b);
-/** @brief Delete all internal state of a random number generator
- *
- @param R an instance of a Cryptographically Secure Random Number Generator
- */
-extern void RAND_clean(csprng *R);
-/** @brief Return a random byte from a random number generator
- *
- @param R an instance of a Cryptographically Secure Random Number Generator
- @return a random byte
- */
-extern int RAND_byte(csprng *R);
-
-}
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/cpp/arch.h
----------------------------------------------------------------------
diff --git a/version3/cpp/arch.h b/version3/cpp/arch.h
deleted file mode 100644
index d21d0cd..0000000
--- a/version3/cpp/arch.h
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/* Architecture definition header file */
-
-/**
- * @file arch.h
- * @author Mike Scott
- * @date 23rd February 2016
- * @brief Architecture Header File
- *
- * Specify Processor Architecture
- *
- */
-
-/* NOTE: There is only one user configurable section in this header - see below */
-
-#ifndef ARCH_H
-#define ARCH_H
-#include <stdint.h>
-
-namespace amcl {
-
-/*** START OF USER CONFIGURABLE SECTION - set architecture ***/
-
-#define CHUNK @WL@ /**< size of chunk in bits = wordlength of computer = 16, 32 or 64. Note not all curve options are supported on 16-bit processors - see rom.c */
-
-/*** END OF USER CONFIGURABLE SECTION ***/
-
-/* Create Integer types */
-/* Support for C99? Note for GCC need to explicitly include -std=c99 in command line */
-
-
-#define byte uint8_t /**< 8-bit unsigned integer */
-#define sign8 int8_t /**< 8-bit signed integer */
-#define sign16 int16_t /**< 16-bit signed integer */
-#define sign32 int32_t /**< 32-bit signed integer */
-#define sign64 int64_t /**< 64-bit signed integer */
-#define unsign32 uint32_t /**< 32-bit unsigned integer */
-#define unsign64 uint64_t /**< 64-bit unsigned integer */
-
-#define uchar unsigned char /**< Unsigned char */
-
-/* Don't mess with anything below this line unless you know what you are doing */
-/* This next is probably OK, but may need changing for non-C99-standard environments */
-
-/* This next is probably OK, but may need changing for non-C99-standard environments */
-
-#if CHUNK==16
-
-#define chunk int16_t /**< C type corresponding to word length */
-#define dchunk int32_t /**< Always define double length chunk type if available */
-
-#endif
-
-#if CHUNK == 32
-
-#define chunk int32_t /**< C type corresponding to word length */
-#define dchunk int64_t /**< Always define double length chunk type if available */
-
-#endif
-
-#if CHUNK == 64
-
- #define chunk int64_t /**< C type corresponding to word length */
- #ifdef __GNUC__
- #define dchunk __int128 /**< Always define double length chunk type if available - GCC supports 128 bit type ??? */
- #endif
-
- #ifdef __clang__
- #define dchunk __int128
- #endif
-
-#endif
-
-#ifdef dchunk
-#define COMBA /**< Use COMBA method for faster muls, sqrs and reductions */
-#endif
-
-}
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/cpp/benchtest_all.cpp
----------------------------------------------------------------------
diff --git a/version3/cpp/benchtest_all.cpp b/version3/cpp/benchtest_all.cpp
deleted file mode 100644
index 28d1d33..0000000
--- a/version3/cpp/benchtest_all.cpp
+++ /dev/null
@@ -1,973 +0,0 @@
-/* Test and benchmark elliptic curve and RSA functions
- First build amcl.a from build_ec batch file
- gcc -O3 benchtest_ec.c amcl.a -o benchtest_ec.exe
-*/
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-
-#include "rsa_RSA2048.h"
-#include "ecp_ED25519.h"
-#include "pair_BN254.h"
-
-#if CHUNK==32 || CHUNK==64
-#include "ecp_NIST256.h"
-#include "ecp_GOLDILOCKS.h"
-#include "pair_BLS383.h"
-#include "pair192_BLS24.h"
-#include "pair256_BLS48.h"
-#endif
-
-#define MIN_TIME 10.0
-#define MIN_ITERS 10
-
-using namespace amcl;
-
-int ED_25519(csprng *RNG)
-{
- using namespace ED25519;
- using namespace ED25519_BIG;
-
- int i,iterations;
- clock_t start;
- double elapsed;
- ECP EP,EG;
- BIG s,r,x,y;
- printf("\nTesting/Timing ED25519 ECC\n");
-
-#if CURVETYPE_ED25519==WEIERSTRASS
- printf("Weierstrass parameterization\n");
-#endif
-#if CURVETYPE_ED25519==EDWARDS
- printf("Edwards parameterization\n");
-#endif
-#if CURVETYPE_ED25519==MONTGOMERY
- printf("Montgomery parameterization\n");
-#endif
-
-#if CHUNK==16
- printf("16-bit Build\n");
-#endif
-#if CHUNK==32
- printf("32-bit Build\n");
-#endif
-#if CHUNK==64
- printf("64-bit Build\n");
-#endif
-
- ECP_generator(&EG);
-
- BIG_rcopy(r,CURVE_Order);
- BIG_randomnum(s,r,RNG);
- ECP_copy(&EP,&EG);
- ECP_mul(&EP,r);
-
- if (!ECP_isinf(&EP))
- {
- printf("FAILURE - rG!=O\n");
- return 0;
- }
-
- iterations=0;
- start=clock();
- do {
- ECP_copy(&EP,&EG);
- ECP_mul(&EP,s);
-
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("EC mul - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- return 0;
-}
-
-#if CHUNK==32 || CHUNK==64
-int NIST_256(csprng *RNG)
-{
- using namespace NIST256;
- using namespace NIST256_BIG;
-
- int i,iterations;
- clock_t start;
- double elapsed;
- ECP EP,EG;
- BIG s,r,x,y;
- printf("\nTesting/Timing NIST256 ECC\n");
-
-#if CURVETYPE_NIST256==WEIERSTRASS
- printf("Weierstrass parameterization\n");
-#endif
-#if CURVETYPE_NIST256==EDWARDS
- printf("Edwards parameterization\n");
-#endif
-#if CURVETYPE_NIST256==MONTGOMERY
- printf("Montgomery parameterization\n");
-#endif
-
-#if CHUNK==16
- printf("16-bit Build\n");
-#endif
-#if CHUNK==32
- printf("32-bit Build\n");
-#endif
-#if CHUNK==64
- printf("64-bit Build\n");
-#endif
-
- ECP_generator(&EG);
-
- BIG_rcopy(r,CURVE_Order);
- BIG_randomnum(s,r,RNG);
- ECP_copy(&EP,&EG);
- ECP_mul(&EP,r);
-
- if (!ECP_isinf(&EP))
- {
- printf("FAILURE - rG!=O\n");
- return 0;
- }
-
- iterations=0;
- start=clock();
- do {
- ECP_copy(&EP,&EG);
- ECP_mul(&EP,s);
-
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("EC mul - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- return 0;
-}
-
-int GOLDI_LOCKS(csprng *RNG)
-{
- using namespace GOLDILOCKS;
- using namespace GOLDILOCKS_BIG;
-
- int i,iterations;
- clock_t start;
- double elapsed;
- ECP EP,EG;
- BIG s,r,x,y;
- printf("\nTesting/Timing GOLDILOCKS ECC\n");
-
-#if CURVETYPE_GOLDILOCKS==WEIERSTRASS
- printf("Weierstrass parameterization\n");
-#endif
-#if CURVETYPE_GOLDILOCKS==EDWARDS
- printf("Edwards parameterization\n");
-#endif
-#if CURVETYPE_GOLDILOCKS==MONTGOMERY
- printf("Montgomery parameterization\n");
-#endif
-
-#if CHUNK==16
- printf("16-bit Build\n");
-#endif
-#if CHUNK==32
- printf("32-bit Build\n");
-#endif
-#if CHUNK==64
- printf("64-bit Build\n");
-#endif
-
- ECP_generator(&EG);
-
- BIG_rcopy(r,CURVE_Order);
- BIG_randomnum(s,r,RNG);
- ECP_copy(&EP,&EG);
- ECP_mul(&EP,r);
-
- if (!ECP_isinf(&EP))
- {
- printf("FAILURE - rG!=O\n");
- return 0;
- }
-
- iterations=0;
- start=clock();
- do {
- ECP_copy(&EP,&EG);
- ECP_mul(&EP,s);
-
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("EC mul - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- return 0;
-}
-#endif
-
-int BN_254(csprng *RNG)
-{
- using namespace BN254;
- using namespace BN254_FP;
- using namespace BN254_BIG;
-
- int i,iterations;
- clock_t start;
- double elapsed;
-
- ECP P,G;
- ECP2 Q,W;
- FP12 g,w;
- FP4 cm;
- FP2 wx,wy;
-
- BIG s,r,x,y;
- printf("\nTesting/Timing BN254 Pairings\n");
-
- ECP_generator(&G);
-
- BIG_rcopy(r,CURVE_Order);
- BIG_randomnum(s,r,RNG);
- ECP_copy(&P,&G);
- PAIR_G1mul(&P,r);
-
- if (!ECP_isinf(&P))
- {
- printf("FAILURE - rG!=O\n");
- return 0;
- }
-
- iterations=0;
- start=clock();
- do {
- ECP_copy(&P,&G);
- PAIR_G1mul(&P,s);
-
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("G1 mul - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- ECP2_generator(&W);
-
- ECP2_copy(&Q,&W);
- ECP2_mul(&Q,r);
-
- if (!ECP2_isinf(&Q))
- {
- printf("FAILURE - rQ!=O\n");
- return 0;
- }
-
- iterations=0;
- start=clock();
- do {
- ECP2_copy(&Q,&W);
- PAIR_G2mul(&Q,s);
-
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("G2 mul - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- PAIR_ate(&w,&Q,&P);
- PAIR_fexp(&w);
-
- FP12_copy(&g,&w);
-
- PAIR_GTpow(&g,r);
-
- if (!FP12_isunity(&g))
- {
- printf("FAILURE - g^r!=1\n");
- return 0;
- }
-
- iterations=0;
- start=clock();
- do {
- FP12_copy(&g,&w);
- PAIR_GTpow(&g,s);
-
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("GT pow - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- FP12_copy(&g,&w);
-
- iterations=0;
- start=clock();
- do {
- FP12_compow(&cm,&g,s,r);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("GT pow (compressed) - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- iterations=0;
- start=clock();
- do {
- PAIR_ate(&w,&Q,&P);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("PAIRing ATE - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- iterations=0;
- start=clock();
- do {
- FP12_copy(&g,&w);
- PAIR_fexp(&g);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("PAIRing FEXP - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- ECP_copy(&P,&G);
- ECP2_copy(&Q,&W);
-
- PAIR_G1mul(&P,s);
- PAIR_ate(&g,&Q,&P);
- PAIR_fexp(&g);
-
- ECP_copy(&P,&G);
-
- PAIR_G2mul(&Q,s);
- PAIR_ate(&w,&Q,&P);
- PAIR_fexp(&w);
-
- if (!FP12_equals(&g,&w))
- {
- printf("FAILURE - e(sQ,p)!=e(Q,sP) \n");
- return 0;
- }
-
- ECP2_copy(&Q,&W);
- PAIR_ate(&g,&Q,&P);
- PAIR_fexp(&g);
-
- PAIR_GTpow(&g,s);
-
- if (!FP12_equals(&g,&w))
- {
- printf("FAILURE - e(sQ,p)!=e(Q,P)^s \n");
- return 0;
- }
- return 0;
-}
-
-#if CHUNK==32 || CHUNK==64
-int BLS_383(csprng *RNG)
-{
- using namespace BLS383;
- using namespace BLS383_FP;
- using namespace BLS383_BIG;
-
- int i,iterations;
- clock_t start;
- double elapsed;
-
- ECP P,G;
- ECP2 Q,W;
- FP12 g,w;
- FP4 cm;
- FP2 wx,wy;
-
- BIG s,r,x,y;
- printf("\nTesting/Timing BLS383 Pairings\n");
-
- ECP_generator(&G);
-
- BIG_rcopy(r,CURVE_Order);
- BIG_randomnum(s,r,RNG);
- ECP_copy(&P,&G);
- PAIR_G1mul(&P,r);
-
- if (!ECP_isinf(&P))
- {
- printf("FAILURE - rG!=O\n");
- return 0;
- }
-
- iterations=0;
- start=clock();
- do {
- ECP_copy(&P,&G);
- PAIR_G1mul(&P,s);
-
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("G1 mul - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- ECP2_generator(&W);
-
- ECP2_copy(&Q,&W);
- ECP2_mul(&Q,r);
-
- if (!ECP2_isinf(&Q))
- {
- printf("FAILURE - rQ!=O\n");
- return 0;
- }
-
- iterations=0;
- start=clock();
- do {
- ECP2_copy(&Q,&W);
- PAIR_G2mul(&Q,s);
-
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("G2 mul - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- PAIR_ate(&w,&Q,&P);
- PAIR_fexp(&w);
-
- FP12_copy(&g,&w);
-
- PAIR_GTpow(&g,r);
-
- if (!FP12_isunity(&g))
- {
- printf("FAILURE - g^r!=1\n");
- return 0;
- }
-
- iterations=0;
- start=clock();
- do {
- FP12_copy(&g,&w);
- PAIR_GTpow(&g,s);
-
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("GT pow - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- FP12_copy(&g,&w);
-
- iterations=0;
- start=clock();
- do {
- FP12_compow(&cm,&g,s,r);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("GT pow (compressed) - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- iterations=0;
- start=clock();
- do {
- PAIR_ate(&w,&Q,&P);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("PAIRing ATE - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- iterations=0;
- start=clock();
- do {
- FP12_copy(&g,&w);
- PAIR_fexp(&g);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("PAIRing FEXP - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- ECP_copy(&P,&G);
- ECP2_copy(&Q,&W);
-
- PAIR_G1mul(&P,s);
- PAIR_ate(&g,&Q,&P);
- PAIR_fexp(&g);
-
- ECP_copy(&P,&G);
-
- PAIR_G2mul(&Q,s);
- PAIR_ate(&w,&Q,&P);
- PAIR_fexp(&w);
-
- if (!FP12_equals(&g,&w))
- {
- printf("FAILURE - e(sQ,p)!=e(Q,sP) \n");
- return 0;
- }
-
- ECP2_copy(&Q,&W);
- PAIR_ate(&g,&Q,&P);
- PAIR_fexp(&g);
-
- PAIR_GTpow(&g,s);
-
- if (!FP12_equals(&g,&w))
- {
- printf("FAILURE - e(sQ,p)!=e(Q,P)^s \n");
- return 0;
- }
- return 0;
-}
-
-int BLS_24(csprng *RNG)
-{
- using namespace BLS24;
- using namespace BLS24_FP;
- using namespace BLS24_BIG;
-
- int i,iterations;
- clock_t start;
- double elapsed;
-
- ECP P,G;
- ECP4 Q,W;
- FP24 g,w;
-
- FP8 cm;
- BIG a,b,s,r;
-
- printf("\nTesting/Timing BLS24 Pairings\n");
-
- ECP_generator(&G);
-
- BIG_rcopy(r,CURVE_Order);
- BIG_randomnum(s,r,RNG);
- ECP_copy(&P,&G);
- PAIR_G1mul(&P,r);
-
- if (!ECP_isinf(&P))
- {
- printf("FAILURE - rG!=O\n");
- return 0;
- }
-
- iterations=0;
- start=clock();
- do {
- ECP_copy(&P,&G);
- PAIR_G1mul(&P,s);
-
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("G1 mul - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- ECP4_generator(&W);
-
- ECP4_copy(&Q,&W);
- ECP4_mul(&Q,r);
-
- if (!ECP4_isinf(&Q))
- {
- printf("FAILURE - rQ!=O\n");
- return 0;
- }
-
- iterations=0;
- start=clock();
- do {
- ECP4_copy(&Q,&W);
- PAIR_G2mul(&Q,s);
-
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("G2 mul - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- PAIR_ate(&w,&Q,&P);
- PAIR_fexp(&w);
-
- FP24_copy(&g,&w);
-
- PAIR_GTpow(&g,r);
-
- if (!FP24_isunity(&g))
- {
- printf("FAILURE - g^r!=1\n");
- return 0;
- }
-
- iterations=0;
- start=clock();
- do {
- FP24_copy(&g,&w);
- PAIR_GTpow(&g,s);
-
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("GT pow - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- FP24_copy(&g,&w);
-
- iterations=0;
- start=clock();
- do {
- FP24_compow(&cm,&g,s,r);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("GT pow (compressed) - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- iterations=0;
- start=clock();
- do {
- PAIR_ate(&w,&Q,&P);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("PAIRing ATE - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- iterations=0;
- start=clock();
- do {
- FP24_copy(&g,&w);
- PAIR_fexp(&g);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("PAIRing FEXP - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- ECP_copy(&P,&G);
- ECP4_copy(&Q,&W);
-
- PAIR_G1mul(&P,s);
- PAIR_ate(&g,&Q,&P);
- PAIR_fexp(&g);
-
- ECP_copy(&P,&G);
-
- PAIR_G2mul(&Q,s);
- PAIR_ate(&w,&Q,&P);
- PAIR_fexp(&w);
-
- if (!FP24_equals(&g,&w))
- {
- printf("FAILURE - e(sQ,p)!=e(Q,sP) \n");
- return 0;
- }
-
- ECP4_copy(&Q,&W);
- PAIR_ate(&g,&Q,&P);
- PAIR_fexp(&g);
-
- PAIR_GTpow(&g,s);
-
- if (!FP24_equals(&g,&w))
- {
- printf("FAILURE - e(sQ,p)!=e(Q,P)^s \n");
- return 0;
- }
- return 0;
-}
-
-
-
-int BLS_48(csprng *RNG)
-{
- using namespace BLS48;
- using namespace BLS48_FP;
- using namespace BLS48_BIG;
-
- int i,iterations;
- clock_t start;
- double elapsed;
-
- ECP P,G;
- ECP8 Q,W;
- FP48 g,w;
-
- FP16 cm;
- BIG a,b,s,r;
-
- printf("\nTesting/Timing BLS48 Pairings\n");
-
- ECP_generator(&G);
-
- BIG_rcopy(r,CURVE_Order);
- BIG_randomnum(s,r,RNG);
- ECP_copy(&P,&G);
- PAIR_G1mul(&P,r);
-
- if (!ECP_isinf(&P))
- {
- printf("FAILURE - rG!=O\n");
- return 0;
- }
-
- iterations=0;
- start=clock();
- do {
- ECP_copy(&P,&G);
- PAIR_G1mul(&P,s);
-
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("G1 mul - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
-
- ECP8_generator(&W);
-
- ECP8_copy(&Q,&W);
- ECP8_mul(&Q,r);
-
- if (!ECP8_isinf(&Q))
- {
- printf("FAILURE - rQ!=O\n");
- return 0;
- }
-
- iterations=0;
- start=clock();
- do {
- ECP8_copy(&Q,&W);
- PAIR_G2mul(&Q,s);
-
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("G2 mul - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
-
- PAIR_ate(&w,&Q,&P);
- PAIR_fexp(&w);
-
- FP48_copy(&g,&w);
-
- PAIR_GTpow(&g,r);
-
- if (!FP48_isunity(&g))
- {
- printf("FAILURE - g^r!=1\n");
- return 0;
- }
-
- iterations=0;
- start=clock();
- do {
- FP48_copy(&g,&w);
- PAIR_GTpow(&g,s);
-
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("GT pow - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- FP48_copy(&g,&w);
-
- iterations=0;
- start=clock();
- do {
- FP48_compow(&cm,&g,s,r);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("GT pow (compressed) - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- iterations=0;
- start=clock();
- do {
- PAIR_ate(&w,&Q,&P);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("PAIRing ATE - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- iterations=0;
- start=clock();
- do {
- FP48_copy(&g,&w);
- PAIR_fexp(&g);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("PAIRing FEXP - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- ECP_copy(&P,&G);
- ECP8_copy(&Q,&W);
-
- PAIR_G1mul(&P,s);
- PAIR_ate(&g,&Q,&P);
- PAIR_fexp(&g);
-
- ECP_copy(&P,&G);
-
- PAIR_G2mul(&Q,s);
- PAIR_ate(&w,&Q,&P);
- PAIR_fexp(&w);
-
- if (!FP48_equals(&g,&w))
- {
- printf("FAILURE - e(sQ,p)!=e(Q,sP) \n");
- return 0;
- }
-
- ECP8_copy(&Q,&W);
- PAIR_ate(&g,&Q,&P);
- PAIR_fexp(&g);
-
- PAIR_GTpow(&g,s);
-
- if (!FP48_equals(&g,&w))
- {
- printf("FAILURE - e(sQ,p)!=e(Q,P)^s \n");
- return 0;
- }
- return 0;
-}
-#endif
-
-
-int RSA_2048(csprng *RNG)
-{
- using namespace RSA2048;
-
- rsa_public_key pub;
- rsa_private_key priv;
-
- int i,iterations;
- clock_t start;
- double elapsed;
-
- char m[RFS_RSA2048],d[RFS_RSA2048],c[RFS_RSA2048];
- octet M= {0,sizeof(m),m};
- octet D= {0,sizeof(d),d};
- octet C= {0,sizeof(c),c};
-
- printf("\nTesting/Timing 2048-bit RSA\n");
-
- printf("Generating 2048-bit RSA public/private key pair\n");
-
- iterations=0;
- start=clock();
- do {
- RSA_KEY_PAIR(RNG,65537,&priv,&pub,NULL,NULL);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("RSA gen - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- M.len=RFS_RSA2048;
- for (i=0;i<RFS_RSA2048;i++) M.val[i]=i%128;
-
- iterations=0;
- start=clock();
- do {
- RSA_ENCRYPT(&pub,&M,&C);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("RSA enc - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- iterations=0;
- start=clock();
- do {
- RSA_DECRYPT(&priv,&C,&D);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("RSA dec - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- for (i=0;i<RFS_RSA2048;i++)
- {
- if (M.val[i]!=D.val[i])
- {
- printf("FAILURE - RSA decryption\n");
- return 0;
- }
- }
-
- printf("All tests pass\n");
-
- return 0;
-}
-
-int main()
-{
- csprng RNG;
- int i;
- char pr[10];
- unsigned long ran;
-
- time((time_t *)&ran);
- pr[0]=ran;
- pr[1]=ran>>8;
- pr[2]=ran>>16;
- pr[3]=ran>>24;
- for (i=0;i<10;i++) pr[i]=i; /*****4****/
- RAND_seed(&RNG,10,pr);
-
- ED_25519(&RNG);
-#if CHUNK==32 || CHUNK==64
- NIST_256(&RNG);
- GOLDI_LOCKS(&RNG);
-#endif
- BN_254(&RNG);
-#if CHUNK==32 || CHUNK==64
- BLS_383(&RNG);
- BLS_24(&RNG);
- BLS_48(&RNG);
-#endif
- RSA_2048(&RNG);
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/cpp/big.cpp
----------------------------------------------------------------------
diff --git a/version3/cpp/big.cpp b/version3/cpp/big.cpp
deleted file mode 100644
index 0da0de8..0000000
--- a/version3/cpp/big.cpp
+++ /dev/null
@@ -1,1508 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/* AMCL basic functions for BIG type */
-/* SU=m, SU is Stack Usage */
-
-#include "big_XXX.h"
-
-/* test a=0? */
-int XXX::BIG_iszilch(BIG a)
-{
- int i;
- for (i=0; i<NLEN_XXX; i++)
- if (a[i]!=0) return 0;
- return 1;
-}
-
-/* test a=1? */
-int XXX::BIG_isunity(BIG a)
-{
- int i;
- for (i=1; i<NLEN_XXX; i++)
- if (a[i]!=0) return 0;
- if (a[0]!=1) return 0;
- return 1;
-}
-
-/* test a=0? */
-int XXX::BIG_diszilch(DBIG a)
-{
- int i;
- for (i=0; i<DNLEN_XXX; i++)
- if (a[i]!=0) return 0;
- return 1;
-}
-
-/* SU= 56 */
-/* output a */
-void XXX::BIG_output(BIG a)
-{
- BIG b;
- int i,len;
- len=BIG_nbits(a);
- if (len%4==0) len/=4;
- else
- {
- len/=4;
- len++;
- }
- if (len<MODBYTES_XXX*2) len=MODBYTES_XXX*2;
-
- for (i=len-1; i>=0; i--)
- {
- BIG_copy(b,a);
- BIG_shr(b,i*4);
- printf("%01x",(unsigned int) b[0]&15);
- }
-}
-
-/* SU= 16 */
-void XXX::BIG_rawoutput(BIG a)
-{
- int i;
- printf("(");
- for (i=0; i<NLEN_XXX-1; i++)
-#if CHUNK==64
- printf("%jx,",(uintmax_t) a[i]);
- printf("%jx)",(uintmax_t) a[NLEN_XXX-1]);
-#else
- printf("%x,",(unsigned int) a[i]);
- printf("%x)",(unsigned int) a[NLEN_XXX-1]);
-#endif
-}
-
-/* Swap a and b if d=1 */
-void XXX::BIG_cswap(BIG a,BIG b,int d)
-{
- int i;
- chunk t,c=d;
- c=~(c-1);
-#ifdef DEBUG_NORM
- for (i=0; i<NLEN_XXX+2; i++)
-#else
- for (i=0; i<NLEN_XXX; i++)
-#endif
- {
- t=c&(a[i]^b[i]);
- a[i]^=t;
- b[i]^=t;
- }
-}
-
-/* Move b to a if d=1 */
-void XXX::BIG_cmove(BIG f,BIG g,int d)
-{
- int i;
- chunk b=(chunk)-d;
-#ifdef DEBUG_NORM
- for (i=0; i<NLEN_XXX+2; i++)
-#else
- for (i=0; i<NLEN_XXX; i++)
-#endif
- {
- f[i]^=(f[i]^g[i])&b;
- }
-}
-
-/* Move g to f if d=1 */
-void XXX::BIG_dcmove(DBIG f,DBIG g,int d)
-{
- int i;
- chunk b=(chunk)-d;
-#ifdef DEBUG_NORM
- for (i=0; i<DNLEN_XXX+2; i++)
-#else
- for (i=0; i<DNLEN_XXX; i++)
-#endif
- {
- f[i]^=(f[i]^g[i])&b;
- }
-}
-
-/* convert BIG to/from bytes */
-/* SU= 64 */
-void XXX::BIG_toBytes(char *b,BIG a)
-{
- int i;
- BIG c;
- //BIG_norm(a);
- BIG_copy(c,a);
- BIG_norm(c);
- for (i=MODBYTES_XXX-1; i>=0; i--)
- {
- b[i]=c[0]&0xff;
- BIG_fshr(c,8);
- }
-}
-
-/* SU= 16 */
-void XXX::BIG_fromBytes(BIG a,char *b)
-{
- int i;
- BIG_zero(a);
- for (i=0; i<MODBYTES_XXX; i++)
- {
- BIG_fshl(a,8);
- a[0]+=(int)(unsigned char)b[i];
- //BIG_inc(a,(int)(unsigned char)b[i]); BIG_norm(a);
- }
-#ifdef DEBUG_NORM
- a[MPV_XXX]=1; a[MNV_XXX]=0;
-#endif
-}
-
-void XXX::BIG_fromBytesLen(BIG a,char *b,int s)
-{
- int i,len=s;
- BIG_zero(a);
-
- if (len>MODBYTES_XXX) len=MODBYTES_XXX;
- for (i=0; i<len; i++)
- {
- BIG_fshl(a,8);
- a[0]+=(int)(unsigned char)b[i];
- }
-#ifdef DEBUG_NORM
- a[MPV_XXX]=1; a[MNV_XXX]=0;
-#endif
-}
-
-
-
-/* SU= 88 */
-void XXX::BIG_doutput(DBIG a)
-{
- DBIG b;
- int i,len;
- BIG_dnorm(a);
- len=BIG_dnbits(a);
- if (len%4==0) len/=4;
- else
- {
- len/=4;
- len++;
- }
-
- for (i=len-1; i>=0; i--)
- {
- BIG_dcopy(b,a);
- BIG_dshr(b,i*4);
- printf("%01x",(unsigned int) b[0]&15);
- }
-}
-
-
-void XXX::BIG_drawoutput(DBIG a)
-{
- int i;
- printf("(");
- for (i=0; i<DNLEN_XXX-1; i++)
-#if CHUNK==64
- printf("%jx,",(uintmax_t) a[i]);
- printf("%jx)",(uintmax_t) a[DNLEN_XXX-1]);
-#else
- printf("%x,",(unsigned int) a[i]);
- printf("%x)",(unsigned int) a[DNLEN_XXX-1]);
-#endif
-}
-
-/* Copy b=a */
-void XXX::BIG_copy(BIG b,BIG a)
-{
- int i;
- for (i=0; i<NLEN_XXX; i++)
- b[i]=a[i];
-#ifdef DEBUG_NORM
- b[MPV_XXX]=a[MPV_XXX];
- b[MNV_XXX]=a[MNV_XXX];
-#endif
-}
-
-/* Copy from ROM b=a */
-void XXX::BIG_rcopy(BIG b,const BIG a)
-{
- int i;
- for (i=0; i<NLEN_XXX; i++)
- b[i]=a[i];
-#ifdef DEBUG_NORM
- b[MPV_XXX]=1; b[MNV_XXX]=0;
-#endif
-}
-
-/* double length DBIG copy b=a */
-void XXX::BIG_dcopy(DBIG b,DBIG a)
-{
- int i;
- for (i=0; i<DNLEN_XXX; i++)
- b[i]=a[i];
-#ifdef DEBUG_NORM
- b[DMPV_XXX]=a[DMPV_XXX];
- b[DMNV_XXX]=a[DMNV_XXX];
-#endif
-}
-
-/* Copy BIG to bottom half of DBIG */
-void XXX::BIG_dscopy(DBIG b,BIG a)
-{
- int i;
- for (i=0; i<NLEN_XXX-1; i++)
- b[i]=a[i];
-
- b[NLEN_XXX-1]=a[NLEN_XXX-1]&BMASK_XXX; /* top word normalized */
- b[NLEN_XXX]=a[NLEN_XXX-1]>>BASEBITS_XXX;
-
- for (i=NLEN_XXX+1; i<DNLEN_XXX; i++) b[i]=0;
-#ifdef DEBUG_NORM
- b[DMPV_XXX]=a[MPV_XXX];
- b[DMNV_XXX]=a[MNV_XXX];
-#endif
-}
-
-/* Copy BIG to top half of DBIG */
-void XXX::BIG_dsucopy(DBIG b,BIG a)
-{
- int i;
- for (i=0; i<NLEN_XXX; i++)
- b[i]=0;
- for (i=NLEN_XXX; i<DNLEN_XXX; i++)
- b[i]=a[i-NLEN_XXX];
-#ifdef DEBUG_NORM
- b[DMPV_XXX]=a[MPV_XXX];
- b[DMNV_XXX]=a[MNV_XXX];
-#endif
-}
-
-/* Copy bottom half of DBIG to BIG */
-void XXX::BIG_sdcopy(BIG b,DBIG a)
-{
- int i;
- for (i=0; i<NLEN_XXX; i++)
- b[i]=a[i];
-#ifdef DEBUG_NORM
- b[MPV_XXX]=a[DMPV_XXX];
- b[MNV_XXX]=a[DMNV_XXX];
-#endif
-}
-
-/* Copy top half of DBIG to BIG */
-void XXX::BIG_sducopy(BIG b,DBIG a)
-{
- int i;
- for (i=0; i<NLEN_XXX; i++)
- b[i]=a[i+NLEN_XXX];
-#ifdef DEBUG_NORM
- b[MPV_XXX]=a[DMPV_XXX];
- b[MNV_XXX]=a[DMNV_XXX];
-
-#endif
-}
-
-/* Set a=0 */
-void XXX::BIG_zero(BIG a)
-{
- int i;
- for (i=0; i<NLEN_XXX; i++)
- a[i]=0;
-#ifdef DEBUG_NORM
- a[MPV_XXX]=a[MNV_XXX]=0;
-#endif
-}
-
-void XXX::BIG_dzero(DBIG a)
-{
- int i;
- for (i=0; i<DNLEN_XXX; i++)
- a[i]=0;
-#ifdef DEBUG_NORM
- a[DMPV_XXX]=a[DMNV_XXX]=0;
-#endif
-}
-
-/* set a=1 */
-void XXX::BIG_one(BIG a)
-{
- int i;
- a[0]=1;
- for (i=1; i<NLEN_XXX; i++)
- a[i]=0;
-#ifdef DEBUG_NORM
- a[MPV_XXX]=1;
- a[MNV_XXX]=0;
-#endif
-}
-
-
-
-/* Set c=a+b */
-/* SU= 8 */
-void XXX::BIG_add(BIG c,BIG a,BIG b)
-{
- int i;
- for (i=0; i<NLEN_XXX; i++)
- c[i]=a[i]+b[i];
-#ifdef DEBUG_NORM
- c[MPV_XXX]=a[MPV_XXX]+b[MPV_XXX];
- c[MNV_XXX]=a[MNV_XXX]+b[MNV_XXX];
- if (c[MPV_XXX]>NEXCESS_XXX) printf("add problem - positive digit overflow %d\n",c[MPV_XXX]);
- if (c[MNV_XXX]>NEXCESS_XXX) printf("add problem - negative digit overflow %d\n",c[MNV_XXX]);
-
-#endif
-}
-
-/* Set c=a or b */
-/* SU= 8 */
-void XXX::BIG_or(BIG c,BIG a,BIG b)
-{
- int i;
- BIG_norm(a);
- BIG_norm(b);
- for (i=0; i<NLEN_XXX; i++)
- c[i]=a[i]|b[i];
-#ifdef DEBUG_NORM
- c[MPV_XXX]=1;
- c[MNV_XXX]=0;
-#endif
-
-}
-
-
-/* Set c=c+d */
-void XXX::BIG_inc(BIG c,int d)
-{
- BIG_norm(c);
- c[0]+=(chunk)d;
-#ifdef DEBUG_NORM
- c[MPV_XXX]+=1;
-#endif
-}
-
-/* Set c=a-b */
-/* SU= 8 */
-void XXX::BIG_sub(BIG c,BIG a,BIG b)
-{
- int i;
- for (i=0; i<NLEN_XXX; i++)
- c[i]=a[i]-b[i];
-#ifdef DEBUG_NORM
- c[MPV_XXX]=a[MPV_XXX]+b[MNV_XXX];
- c[MNV_XXX]=a[MNV_XXX]+b[MPV_XXX];
- if (c[MPV_XXX]>NEXCESS_XXX) printf("sub problem - positive digit overflow %d\n",c[MPV_XXX]);
- if (c[MNV_XXX]>NEXCESS_XXX) printf("sub problem - negative digit overflow %d\n",c[MNV_XXX]);
-
-#endif
-}
-
-/* SU= 8 */
-
-void XXX::BIG_dsub(DBIG c,DBIG a,DBIG b)
-{
- int i;
- for (i=0; i<DNLEN_XXX; i++)
- c[i]=a[i]-b[i];
-#ifdef DEBUG_NORM
- c[DMPV_XXX]=a[DMPV_XXX]+b[DMNV_XXX];
- c[DMNV_XXX]=a[DMNV_XXX]+b[DMPV_XXX];
- if (c[DMPV_XXX]>NEXCESS_XXX) printf("double sub problem - positive digit overflow %d\n",c[DMPV_XXX]);
- if (c[DMNV_XXX]>NEXCESS_XXX) printf("double sub problem - negative digit overflow %d\n",c[DMNV_XXX]);
-#endif
-}
-
-void XXX::BIG_dadd(DBIG c,DBIG a,DBIG b)
-{
- int i;
- for (i=0; i<DNLEN_XXX; i++)
- c[i]=a[i]+b[i];
-#ifdef DEBUG_NORM
- c[DMPV_XXX]=a[DMPV_XXX]+b[DMNV_XXX];
- c[DMNV_XXX]=a[DMNV_XXX]+b[DMPV_XXX];
- if (c[DMPV_XXX]>NEXCESS_XXX) printf("double add problem - positive digit overflow %d\n",c[DMPV_XXX]);
- if (c[DMNV_XXX]>NEXCESS_XXX) printf("double add problem - negative digit overflow %d\n",c[DMNV_XXX]);
-#endif
-}
-
-/* Set c=c-1 */
-void XXX::BIG_dec(BIG c,int d)
-{
- BIG_norm(c);
- c[0]-=(chunk)d;
-#ifdef DEBUG_NORM
- c[MNV_XXX]+=1;
-#endif
-}
-
-/* multiplication r=a*c by c<=NEXCESS_XXX */
-void XXX::BIG_imul(BIG r,BIG a,int c)
-{
- int i;
- for (i=0; i<NLEN_XXX; i++) r[i]=a[i]*c;
-#ifdef DEBUG_NORM
- r[MPV_XXX]=a[MPV_XXX]*c;
- r[MNV_XXX]=a[MNV_XXX]*c;
- if (r[MPV_XXX]>NEXCESS_XXX) printf("int mul problem - positive digit overflow %d\n",r[MPV_XXX]);
- if (r[MNV_XXX]>NEXCESS_XXX) printf("int mul problem - negative digit overflow %d\n",r[MNV_XXX]);
-
-#endif
-}
-
-/* multiplication r=a*c by larger integer - c<=FEXCESS */
-/* SU= 24 */
-chunk XXX::BIG_pmul(BIG r,BIG a,int c)
-{
- int i;
- chunk ak,carry=0;
-// BIG_norm(a);
- for (i=0; i<NLEN_XXX; i++)
- {
- ak=a[i];
- r[i]=0;
- carry=muladd(ak,(chunk)c,carry,&r[i]);
- }
-#ifdef DEBUG_NORM
- r[MPV_XXX]=1;
- r[MNV_XXX]=0;
-#endif
- return carry;
-}
-
-/* r/=3 */
-/* SU= 16 */
-int XXX::BIG_div3(BIG r)
-{
- int i;
- chunk ak,base,carry=0;
- BIG_norm(r);
- base=((chunk)1<<BASEBITS_XXX);
- for (i=NLEN_XXX-1; i>=0; i--)
- {
- ak=(carry*base+r[i]);
- r[i]=ak/3;
- carry=ak%3;
- }
- return (int)carry;
-}
-
-/* multiplication c=a*b by even larger integer b>FEXCESS, resulting in DBIG */
-/* SU= 24 */
-void XXX::BIG_pxmul(DBIG c,BIG a,int b)
-{
- int j;
- chunk carry;
- BIG_dzero(c);
- carry=0;
- for (j=0; j<NLEN_XXX; j++)
- carry=muladd(a[j],(chunk)b,carry,&c[j]);
- c[NLEN_XXX]=carry;
-#ifdef DEBUG_NORM
- c[DMPV_XXX]=1;
- c[DMNV_XXX]=0;
-#endif
-}
-
-/* .. if you know the result will fit in a BIG, c must be distinct from a and b */
-/* SU= 40 */
-void XXX::BIG_smul(BIG c,BIG a,BIG b)
-{
- int i,j;
- chunk carry;
-// BIG_norm(a);
-// BIG_norm(b);
-
- BIG_zero(c);
- for (i=0; i<NLEN_XXX; i++)
- {
- carry=0;
- for (j=0; j<NLEN_XXX; j++)
- {
- if (i+j<NLEN_XXX)
- carry=muladd(a[i],b[j],carry,&c[i+j]);
- }
- }
-#ifdef DEBUG_NORM
- c[MPV_XXX]=1;
- c[MNV_XXX]=0;
-#endif
-
-}
-
-/* Set c=a*b */
-/* SU= 72 */
-void XXX::BIG_mul(DBIG c,BIG a,BIG b)
-{
- int i;
-#ifdef dchunk
- dchunk t,co;
- dchunk s;
- dchunk d[NLEN_XXX];
- int k;
-#endif
-
-#ifdef DEBUG_NORM
- if ((a[MPV_XXX]!=1 && a[MPV_XXX]!=0) || a[MNV_XXX]!=0) printf("First input to mul not normed\n");
- if ((b[MPV_XXX]!=1 && b[MPV_XXX]!=0) || b[MNV_XXX]!=0) printf("Second input to mul not normed\n");
-#endif
-
- /* Faster to Combafy it.. Let the compiler unroll the loops! */
-
-#ifdef COMBA
-
- /* faster psuedo-Karatsuba method */
-#ifdef UNWOUND
-
- /* Insert output of faster.c here */
-
-#else
- for (i=0; i<NLEN_XXX; i++)
- d[i]=(dchunk)a[i]*b[i];
-
- s=d[0];
- t=s;
- c[0]=(chunk)t&BMASK_XXX;
- co=t>>BASEBITS_XXX;
-
- for (k=1; k<NLEN_XXX; k++)
- {
- s+=d[k];
- t=co+s;
- for (i=k; i>=1+k/2; i--) t+=(dchunk)(a[i]-a[k-i])*(b[k-i]-b[i]);
- c[k]=(chunk)t&BMASK_XXX;
- co=t>>BASEBITS_XXX;
- }
- for (k=NLEN_XXX; k<2*NLEN_XXX-1; k++)
- {
- s-=d[k-NLEN_XXX];
- t=co+s;
- for (i=NLEN_XXX-1; i>=1+k/2; i--) t+=(dchunk)(a[i]-a[k-i])*(b[k-i]-b[i]);
- c[k]=(chunk)t&BMASK_XXX;
- co=t>>BASEBITS_XXX;
- }
- c[2*NLEN_XXX-1]=(chunk)co;
-
-#endif
-
-#else
- int j;
- chunk carry;
- BIG_dzero(c);
- for (i=0; i<NLEN_XXX; i++)
- {
- carry=0;
- for (j=0; j<NLEN_XXX; j++)
- carry=muladd(a[i],b[j],carry,&c[i+j]);
-
- c[NLEN_XXX+i]=carry;
- }
-
-#endif
-
-#ifdef DEBUG_NORM
- c[DMPV_XXX]=1;
- c[DMNV_XXX]=0;
-#endif
-}
-
-/* Set c=a*a */
-/* SU= 80 */
-void XXX::BIG_sqr(DBIG c,BIG a)
-{
- int i,j,last;
-#ifdef dchunk
- dchunk t,co;
-#endif
-
-#ifdef DEBUG_NORM
- if ((a[MPV_XXX]!=1 && a[MPV_XXX]!=0) || a[MNV_XXX]!=0) printf("Input to sqr not normed\n");
-#endif
- /* Note 2*a[i] in loop below and extra addition */
-
-#ifdef COMBA
-
-#ifdef UNWOUND
-
- /* Insert output of faster.c here */
-
-#else
-
-
- t=(dchunk)a[0]*a[0];
- c[0]=(chunk)t&BMASK_XXX;
- co=t>>BASEBITS_XXX;
-
- for (j=1;j<NLEN_XXX-1; )
- {
- t=(dchunk)a[j]*a[0];
- for (i=1; i<(j+1)/2; i++) {t+=(dchunk)a[j-i]*a[i]; }
- t+=t; t+=co;
- c[j]=(chunk)t&BMASK_XXX;
- co=t>>BASEBITS_XXX;
- j++;
- t=(dchunk)a[j]*a[0];
- for (i=1; i<(j+1)/2; i++) {t+=(dchunk)a[j-i]*a[i]; }
- t+=t; t+=co;
- t+=(dchunk)a[j/2]*a[j/2];
- c[j]=(chunk)t&BMASK_XXX;
- co=t>>BASEBITS_XXX;
- j++;
- }
-
- for (j=NLEN_XXX-1+NLEN_XXX%2;j<DNLEN_XXX-3; )
- {
- t=(dchunk)a[NLEN_XXX-1]*a[j-NLEN_XXX+1];
- for (i=j-NLEN_XXX+2; i<(j+1)/2; i++) {t+=(dchunk)a[j-i]*a[i]; }
- t+=t; t+=co;
- c[j]=(chunk)t&BMASK_XXX;
- co=t>>BASEBITS_XXX;
- j++;
- t=(dchunk)a[NLEN_XXX-1]*a[j-NLEN_XXX+1];
- for (i=j-NLEN_XXX+2; i<(j+1)/2; i++) {t+=(dchunk)a[j-i]*a[i]; }
- t+=t; t+=co;
- t+=(dchunk)a[j/2]*a[j/2];
- c[j]=(chunk)t&BMASK_XXX;
- co=t>>BASEBITS_XXX;
- j++;
- }
-
- t=(dchunk)a[NLEN_XXX-2]*a[NLEN_XXX-1];
- t+=t; t+=co;
- c[DNLEN_XXX-3]=(chunk)t&BMASK_XXX;
- co=t>>BASEBITS_XXX;
-
- t=(dchunk)a[NLEN_XXX-1]*a[NLEN_XXX-1]+co;
- c[DNLEN_XXX-2]=(chunk)t&BMASK_XXX;
- co=t>>BASEBITS_XXX;
- c[DNLEN_XXX-1]=(chunk)co;
-
-
-#endif
-
-#else
- chunk carry;
- BIG_dzero(c);
- for (i=0; i<NLEN_XXX; i++)
- {
- carry=0;
- for (j=i+1; j<NLEN_XXX; j++)
- carry=muladd(a[i],a[j],carry,&c[i+j]);
- c[NLEN_XXX+i]=carry;
- }
-
- for (i=0; i<DNLEN_XXX; i++) c[i]*=2;
-
- for (i=0; i<NLEN_XXX; i++)
- c[2*i+1]+=muladd(a[i],a[i],0,&c[2*i]);
-
- BIG_dnorm(c);
-#endif
-
-
-#ifdef DEBUG_NORM
- c[DMPV_XXX]=1;
- c[DMNV_XXX]=0;
-#endif
-
-}
-
-/* Montgomery reduction */
-void XXX::BIG_monty(BIG a,BIG md,chunk MC,DBIG d)
-{
- int i,k;
-
-#ifdef dchunk
- dchunk t,c,s;
- dchunk dd[NLEN_XXX];
- chunk v[NLEN_XXX];
-#endif
-
-#ifdef COMBA
-
-#ifdef UNWOUND
-
- /* Insert output of faster.c here */
-
-#else
-
- t=d[0];
- v[0]=((chunk)t*MC)&BMASK_XXX;
- t+=(dchunk)v[0]*md[0];
- c=(t>>BASEBITS_XXX)+d[1];
- s=0;
-
- for (k=1; k<NLEN_XXX; k++)
- {
- t=c+s+(dchunk)v[0]*md[k];
- for (i=k-1; i>k/2; i--) t+=(dchunk)(v[k-i]-v[i])*(md[i]-md[k-i]);
- v[k]=((chunk)t*MC)&BMASK_XXX;
- t+=(dchunk)v[k]*md[0];
- c=(t>>BASEBITS_XXX)+d[k+1];
- dd[k]=(dchunk)v[k]*md[k];
- s+=dd[k];
- }
- for (k=NLEN_XXX; k<2*NLEN_XXX-1; k++)
- {
- t=c+s;
- for (i=NLEN_XXX-1; i>=1+k/2; i--) t+=(dchunk)(v[k-i]-v[i])*(md[i]-md[k-i]);
- a[k-NLEN_XXX]=(chunk)t&BMASK_XXX;
- c=(t>>BASEBITS_XXX)+d[k+1];
- s-=dd[k-NLEN_XXX+1];
- }
- a[NLEN_XXX-1]=(chunk)c&BMASK_XXX;
-
-#endif
-
-
-
-#else
- int j;
- chunk m,carry;
- for (i=0; i<NLEN_XXX; i++)
- {
- if (MC==-1) m=(-d[i])&BMASK_XXX;
- else
- {
- if (MC==1) m=d[i];
- else m=(MC*d[i])&BMASK_XXX;
- }
- carry=0;
- for (j=0; j<NLEN_XXX; j++)
- carry=muladd(m,md[j],carry,&d[i+j]);
- d[NLEN_XXX+i]+=carry;
- }
- BIG_sducopy(a,d);
- BIG_norm(a);
-
-#endif
-
-#ifdef DEBUG_NORM
- a[MPV_XXX]=1; a[MNV_XXX]=0;
-#endif
-}
-
-/* General shift left of a by n bits */
-/* a MUST be normalised */
-/* SU= 32 */
-void XXX::BIG_shl(BIG a,int k)
-{
- int i;
- int n=k%BASEBITS_XXX;
- int m=k/BASEBITS_XXX;
-
- a[NLEN_XXX-1]=((a[NLEN_XXX-1-m]<<n));
- if (NLEN_XXX>=m+2) a[NLEN_XXX-1]|=(a[NLEN_XXX-m-2]>>(BASEBITS_XXX-n));
-
- for (i=NLEN_XXX-2; i>m; i--)
- a[i]=((a[i-m]<<n)&BMASK_XXX)|(a[i-m-1]>>(BASEBITS_XXX-n));
- a[m]=(a[0]<<n)&BMASK_XXX;
- for (i=0; i<m; i++) a[i]=0;
-
-}
-
-/* Fast shift left of a by n bits, where n less than a word, Return excess (but store it as well) */
-/* a MUST be normalised */
-/* SU= 16 */
-int XXX::BIG_fshl(BIG a,int n)
-{
- int i;
-
- a[NLEN_XXX-1]=((a[NLEN_XXX-1]<<n))|(a[NLEN_XXX-2]>>(BASEBITS_XXX-n)); /* top word not masked */
- for (i=NLEN_XXX-2; i>0; i--)
- a[i]=((a[i]<<n)&BMASK_XXX)|(a[i-1]>>(BASEBITS_XXX-n));
- a[0]=(a[0]<<n)&BMASK_XXX;
-
- return (int)(a[NLEN_XXX-1]>>((8*MODBYTES_XXX)%BASEBITS_XXX)); /* return excess - only used in ff.c */
-}
-
-/* double length left shift of a by k bits - k can be > BASEBITS_XXX , a MUST be normalised */
-/* SU= 32 */
-void XXX::BIG_dshl(DBIG a,int k)
-{
- int i;
- int n=k%BASEBITS_XXX;
- int m=k/BASEBITS_XXX;
-
- a[DNLEN_XXX-1]=((a[DNLEN_XXX-1-m]<<n))|(a[DNLEN_XXX-m-2]>>(BASEBITS_XXX-n));
-
- for (i=DNLEN_XXX-2; i>m; i--)
- a[i]=((a[i-m]<<n)&BMASK_XXX)|(a[i-m-1]>>(BASEBITS_XXX-n));
- a[m]=(a[0]<<n)&BMASK_XXX;
- for (i=0; i<m; i++) a[i]=0;
-
-}
-
-/* General shift rightof a by k bits */
-/* a MUST be normalised */
-/* SU= 32 */
-void XXX::BIG_shr(BIG a,int k)
-{
- int i;
- int n=k%BASEBITS_XXX;
- int m=k/BASEBITS_XXX;
- for (i=0; i<NLEN_XXX-m-1; i++)
- a[i]=(a[m+i]>>n)|((a[m+i+1]<<(BASEBITS_XXX-n))&BMASK_XXX);
- if (NLEN_XXX>m) a[NLEN_XXX-m-1]=a[NLEN_XXX-1]>>n;
- for (i=NLEN_XXX-m; i<NLEN_XXX; i++) a[i]=0;
-
-}
-
-/* Fast combined shift, subtract and norm. Return sign of result */
-int XXX::BIG_ssn(BIG r,BIG a,BIG m)
-{
- int i,n=NLEN_XXX-1;
- chunk carry;
- m[0]=(m[0]>>1)|((m[1]<<(BASEBITS_XXX-1))&BMASK_XXX);
- r[0]=a[0]-m[0];
- carry=r[0]>>BASEBITS_XXX;
- r[0]&=BMASK_XXX;
-
- for (i=1;i<n;i++)
- {
- m[i]=(m[i]>>1)|((m[i+1]<<(BASEBITS_XXX-1))&BMASK_XXX);
- r[i]=a[i]-m[i]+carry;
- carry=r[i]>>BASEBITS_XXX;
- r[i]&=BMASK_XXX;
- }
-
- m[n]>>=1;
- r[n]=a[n]-m[n]+carry;
-#ifdef DEBUG_NORM
- r[MPV_XXX]=1; r[MNV_XXX]=0;
-#endif
- return ((r[n]>>(CHUNK-1))&1);
-}
-
-/* Faster shift right of a by k bits. Return shifted out part */
-/* a MUST be normalised */
-/* SU= 16 */
-int XXX::BIG_fshr(BIG a,int k)
-{
- int i;
- chunk r=a[0]&(((chunk)1<<k)-1); /* shifted out part */
- for (i=0; i<NLEN_XXX-1; i++)
- a[i]=(a[i]>>k)|((a[i+1]<<(BASEBITS_XXX-k))&BMASK_XXX);
- a[NLEN_XXX-1]=a[NLEN_XXX-1]>>k;
- return (int)r;
-}
-
-/* double length right shift of a by k bits - can be > BASEBITS_XXX */
-/* SU= 32 */
-void XXX::BIG_dshr(DBIG a,int k)
-{
- int i;
- int n=k%BASEBITS_XXX;
- int m=k/BASEBITS_XXX;
- for (i=0; i<DNLEN_XXX-m-1; i++)
- a[i]=(a[m+i]>>n)|((a[m+i+1]<<(BASEBITS_XXX-n))&BMASK_XXX);
- a[DNLEN_XXX-m-1]=a[DNLEN_XXX-1]>>n;
- for (i=DNLEN_XXX-m; i<DNLEN_XXX; i++ ) a[i]=0;
-}
-
-/* Split DBIG d into two BIGs t|b. Split happens at n bits, where n falls into NLEN_XXX word */
-/* d MUST be normalised */
-/* SU= 24 */
-chunk XXX::BIG_split(BIG t,BIG b,DBIG d,int n)
-{
- int i;
- chunk nw,carry=0;
- int m=n%BASEBITS_XXX;
-// BIG_dnorm(d);
-
- if (m==0)
- {
- for (i=0; i<NLEN_XXX; i++) b[i]=d[i];
- if (t!=b)
- {
- for (i=NLEN_XXX; i<2*NLEN_XXX; i++) t[i-NLEN_XXX]=d[i];
- carry=t[NLEN_XXX-1]>>BASEBITS_XXX;
- t[NLEN_XXX-1]=t[NLEN_XXX-1]&BMASK_XXX; /* top word normalized */
- }
- return carry;
- }
-
- for (i=0; i<NLEN_XXX-1; i++) b[i]=d[i];
-
- b[NLEN_XXX-1]=d[NLEN_XXX-1]&(((chunk)1<<m)-1);
-
- if (t!=b)
- {
- carry=(d[DNLEN_XXX-1]<<(BASEBITS_XXX-m));
- for (i=DNLEN_XXX-2; i>=NLEN_XXX-1; i--)
- {
- nw=(d[i]>>m)|carry;
- carry=(d[i]<<(BASEBITS_XXX-m))&BMASK_XXX;
- t[i-NLEN_XXX+1]=nw;
- }
- }
-#ifdef DEBUG_NORM
- t[MPV_XXX]=1; t[MNV_XXX]=0;
- b[MPV_XXX]=1; b[MNV_XXX]=0;
-#endif
- return carry;
-}
-
-/* you gotta keep the sign of carry! Look - no branching! */
-/* Note that sign bit is needed to disambiguate between +ve and -ve values */
-/* normalise BIG - force all digits < 2^BASEBITS_XXX */
-chunk XXX::BIG_norm(BIG a)
-{
- int i;
- chunk d,carry=0;
- for (i=0; i<NLEN_XXX-1; i++)
- {
- d=a[i]+carry;
- a[i]=d&BMASK_XXX;
- carry=d>>BASEBITS_XXX;
- }
- a[NLEN_XXX-1]=(a[NLEN_XXX-1]+carry);
-
-#ifdef DEBUG_NORM
- a[MPV_XXX]=1; a[MNV_XXX]=0;
-#endif
- return (a[NLEN_XXX-1]>>((8*MODBYTES_XXX)%BASEBITS_XXX)); /* only used in ff.c */
-}
-
-void XXX::BIG_dnorm(DBIG a)
-{
- int i;
- chunk d,carry=0;
- for (i=0; i<DNLEN_XXX-1; i++)
- {
- d=a[i]+carry;
- a[i]=d&BMASK_XXX;
- carry=d>>BASEBITS_XXX;
- }
- a[DNLEN_XXX-1]=(a[DNLEN_XXX-1]+carry);
-#ifdef DEBUG_NORM
- a[DMPV_XXX]=1; a[DMNV_XXX]=0;
-#endif
-}
-
-/* Compare a and b. Return 1 for a>b, -1 for a<b, 0 for a==b */
-/* a and b MUST be normalised before call */
-int XXX::BIG_comp(BIG a,BIG b)
-{
- int i;
- for (i=NLEN_XXX-1; i>=0; i--)
- {
- if (a[i]==b[i]) continue;
- if (a[i]>b[i]) return 1;
- else return -1;
- }
- return 0;
-}
-
-int XXX::BIG_dcomp(DBIG a,DBIG b)
-{
- int i;
- for (i=DNLEN_XXX-1; i>=0; i--)
- {
- if (a[i]==b[i]) continue;
- if (a[i]>b[i]) return 1;
- else return -1;
- }
- return 0;
-}
-
-/* return number of bits in a */
-/* SU= 8 */
-int XXX::BIG_nbits(BIG a)
-{
- int bts,k=NLEN_XXX-1;
- BIG t;
- chunk c;
- BIG_copy(t,a);
- BIG_norm(t);
- while (k>=0 && t[k]==0) k--;
- if (k<0) return 0;
- bts=BASEBITS_XXX*k;
- c=t[k];
- while (c!=0)
- {
- c/=2;
- bts++;
- }
- return bts;
-}
-
-/* SU= 8, Calculate number of bits in a DBIG - output normalised */
-int XXX::BIG_dnbits(DBIG a)
-{
- int bts,k=DNLEN_XXX-1;
- DBIG t;
- chunk c;
- BIG_dcopy(t,a);
- BIG_dnorm(t);
- while (k>=0 && t[k]==0) k--;
- if (k<0) return 0;
- bts=BASEBITS_XXX*k;
- c=t[k];
- while (c!=0)
- {
- c/=2;
- bts++;
- }
- return bts;
-}
-
-
-/* Set b=b mod c */
-/* SU= 16 */
-void XXX::BIG_mod(BIG b,BIG c1)
-{
- int k=0;
- BIG r; /**/
- BIG c;
- BIG_copy(c,c1);
-
- BIG_norm(b);
- if (BIG_comp(b,c)<0)
- return;
- do
- {
- BIG_fshl(c,1);
- k++;
- }
- while (BIG_comp(b,c)>=0);
-
- while (k>0)
- {
- BIG_fshr(c,1);
-
-// constant time...
- BIG_sub(r,b,c);
- BIG_norm(r);
- BIG_cmove(b,r,1-((r[NLEN_XXX-1]>>(CHUNK-1))&1));
- k--;
- }
-}
-
-/* Set a=b mod c, b is destroyed. Slow but rarely used. */
-/* SU= 96 */
-void XXX::BIG_dmod(BIG a,DBIG b,BIG c)
-{
- int k=0;
- DBIG m,r;
- BIG_dnorm(b);
- BIG_dscopy(m,c);
-
- if (BIG_dcomp(b,m)<0)
- {
- BIG_sdcopy(a,b);
- return;
- }
-
- do
- {
- BIG_dshl(m,1);
- k++;
- }
- while (BIG_dcomp(b,m)>=0);
-
- while (k>0)
- {
- BIG_dshr(m,1);
-// constant time...
- BIG_dsub(r,b,m);
- BIG_dnorm(r);
- BIG_dcmove(b,r,1-((r[DNLEN_XXX-1]>>(CHUNK-1))&1));
-
- k--;
- }
- BIG_sdcopy(a,b);
-}
-
-/* Set a=b/c, b is destroyed. Slow but rarely used. */
-/* SU= 136 */
-
-void XXX::BIG_ddiv(BIG a,DBIG b,BIG c)
-{
- int d,k=0;
- DBIG m,dr;
- BIG e,r;
- BIG_dnorm(b);
- BIG_dscopy(m,c);
-
- BIG_zero(a);
- BIG_zero(e);
- BIG_inc(e,1);
-
- while (BIG_dcomp(b,m)>=0)
- {
- BIG_fshl(e,1);
- BIG_dshl(m,1);
- k++;
- }
-
- while (k>0)
- {
- BIG_dshr(m,1);
- BIG_fshr(e,1);
-
- BIG_dsub(dr,b,m);
- BIG_dnorm(dr);
- d=1-((dr[DNLEN_XXX-1]>>(CHUNK-1))&1);
- BIG_dcmove(b,dr,d);
-
- BIG_add(r,a,e);
- BIG_norm(r);
- BIG_cmove(a,r,d);
-
- k--;
- }
-}
-
-/* SU= 136 */
-
-void XXX::BIG_sdiv(BIG a,BIG c)
-{
- int d,k=0;
- BIG m,e,b,r;
- BIG_norm(a);
- BIG_copy(b,a);
- BIG_copy(m,c);
-
- BIG_zero(a);
- BIG_zero(e);
- BIG_inc(e,1);
-
- while (BIG_comp(b,m)>=0)
- {
- BIG_fshl(e,1);
- BIG_fshl(m,1);
- k++;
- }
-
- while (k>0)
- {
- BIG_fshr(m,1);
- BIG_fshr(e,1);
-
- BIG_sub(r,b,m);
- BIG_norm(r);
- d=1-((r[NLEN_XXX-1]>>(CHUNK-1))&1);
- BIG_cmove(b,r,d);
-
- BIG_add(r,a,e);
- BIG_norm(r);
- BIG_cmove(a,r,d);
- k--;
- }
-}
-
-/* return LSB of a */
-int XXX::BIG_parity(BIG a)
-{
- return a[0]%2;
-}
-
-/* return n-th bit of a */
-/* SU= 16 */
-int XXX::BIG_bit(BIG a,int n)
-{
- if (a[n/BASEBITS_XXX]&((chunk)1<<(n%BASEBITS_XXX))) return 1;
- else return 0;
-}
-
-/* return NAF value as +/- 1, 3 or 5. x and x3 should be normed.
-nbs is number of bits processed, and nzs is number of trailing 0s detected */
-/* SU= 32 */
-/*
-int BIG_nafbits(BIG x,BIG x3,int i,int *nbs,int *nzs)
-{
- int j,r,nb;
-
- nb=BIG_bit(x3,i)-BIG_bit(x,i);
- *nbs=1;
- *nzs=0;
- if (nb==0) return 0;
- if (i==0) return nb;
-
- if (nb>0) r=1;
- else r=(-1);
-
- for (j=i-1;j>0;j--)
- {
- (*nbs)++;
- r*=2;
- nb=BIG_bit(x3,j)-BIG_bit(x,j);
- if (nb>0) r+=1;
- if (nb<0) r-=1;
- if (abs(r)>5) break;
- }
-
- if (r%2!=0 && j!=0)
- { // backtrack
- if (nb>0) r=(r-1)/2;
- if (nb<0) r=(r+1)/2;
- (*nbs)--;
- }
-
- while (r%2==0)
- { // remove trailing zeros
- r/=2;
- (*nzs)++;
- (*nbs)--;
- }
- return r;
-}
-*/
-
-/* return last n bits of a, where n is small < BASEBITS_XXX */
-/* SU= 16 */
-int XXX::BIG_lastbits(BIG a,int n)
-{
- int msk=(1<<n)-1;
- BIG_norm(a);
- return ((int)a[0])&msk;
-}
-
-/* get 8*MODBYTES_XXX size random number */
-void XXX::BIG_random(BIG m,csprng *rng)
-{
- int i,b,j=0,r=0;
- int len=8*MODBYTES_XXX;
-
- BIG_zero(m);
- /* generate random BIG */
- for (i=0; i<len; i++)
- {
- if (j==0) r=RAND_byte(rng);
- else r>>=1;
- b=r&1;
- BIG_shl(m,1);
- m[0]+=b;
- j++;
- j&=7;
- }
-
-#ifdef DEBUG_NORM
- m[MPV_XXX]=1; m[MNV_XXX]=0;
-#endif
-}
-
-/* get random BIG from rng, modulo q. Done one bit at a time, so its portable */
-
-void XXX::BIG_randomnum(BIG m,BIG q,csprng *rng)
-{
- int i,b,j=0,r=0;
- DBIG d;
- BIG_dzero(d);
- /* generate random DBIG */
- for (i=0; i<2*BIG_nbits(q); i++)
- {
- if (j==0) r=RAND_byte(rng);
- else r>>=1;
- b=r&1;
- BIG_dshl(d,1);
- d[0]+=b;
- j++;
- j&=7;
- }
- /* reduce modulo a BIG. Removes bias */
- BIG_dmod(m,d,q);
-#ifdef DEBUG_NORM
- m[MPV_XXX]=1; m[MNV_XXX]=0;
-#endif
-}
-
-/* Set r=a*b mod m */
-/* SU= 96 */
-void XXX::BIG_modmul(BIG r,BIG a1,BIG b1,BIG m)
-{
- DBIG d;
- BIG a,b;
- BIG_copy(a,a1);
- BIG_copy(b,b1);
- BIG_mod(a,m);
- BIG_mod(b,m);
-
- BIG_mul(d,a,b);
- BIG_dmod(r,d,m);
-}
-
-/* Set a=a*a mod m */
-/* SU= 88 */
-void XXX::BIG_modsqr(BIG r,BIG a1,BIG m)
-{
- DBIG d;
- BIG a;
- BIG_copy(a,a1);
- BIG_mod(a,m);
- BIG_sqr(d,a);
- BIG_dmod(r,d,m);
-}
-
-/* Set r=-a mod m */
-/* SU= 16 */
-void XXX::BIG_modneg(BIG r,BIG a1,BIG m)
-{
- BIG a;
- BIG_copy(a,a1);
- BIG_mod(a,m);
- BIG_sub(r,m,a);
-// BIG_mod(r,m);
-}
-
-/* Set a=a/b mod m */
-/* SU= 136 */
-void XXX::BIG_moddiv(BIG r,BIG a1,BIG b1,BIG m)
-{
- DBIG d;
- BIG z;
- BIG a,b;
- BIG_copy(a,a1);
- BIG_copy(b,b1);
- BIG_mod(a,m);
- BIG_invmodp(z,b,m);
-
- BIG_mul(d,a,z);
- BIG_dmod(r,d,m);
-}
-
-/* Get jacobi Symbol (a/p). Returns 0, 1 or -1 */
-/* SU= 216 */
-int XXX::BIG_jacobi(BIG a,BIG p)
-{
- int n8,k,m=0;
- BIG t,x,n,zilch,one;
- BIG_one(one);
- BIG_zero(zilch);
- if (BIG_parity(p)==0 || BIG_comp(a,zilch)==0 || BIG_comp(p,one)<=0) return 0;
- BIG_norm(a);
- BIG_copy(x,a);
- BIG_copy(n,p);
- BIG_mod(x,p);
-
- while (BIG_comp(n,one)>0)
- {
- if (BIG_comp(x,zilch)==0) return 0;
- n8=BIG_lastbits(n,3);
- k=0;
- while (BIG_parity(x)==0)
- {
- k++;
- BIG_shr(x,1);
- }
- if (k%2==1) m+=(n8*n8-1)/8;
- m+=(n8-1)*(BIG_lastbits(x,2)-1)/4;
- BIG_copy(t,n);
-
- BIG_mod(t,x);
- BIG_copy(n,x);
- BIG_copy(x,t);
- m%=2;
-
- }
- if (m==0) return 1;
- else return -1;
-}
-
-/* Set r=1/a mod p. Binary method */
-/* SU= 240 */
-void XXX::BIG_invmodp(BIG r,BIG a,BIG p)
-{
- BIG u,v,x1,x2,t,one;
- BIG_mod(a,p);
- BIG_copy(u,a);
- BIG_copy(v,p);
- BIG_one(one);
- BIG_copy(x1,one);
- BIG_zero(x2);
-
- while (BIG_comp(u,one)!=0 && BIG_comp(v,one)!=0)
- {
- while (BIG_parity(u)==0)
- {
- BIG_fshr(u,1);
- if (BIG_parity(x1)!=0)
- {
- BIG_add(x1,p,x1);
- BIG_norm(x1);
- }
- BIG_fshr(x1,1);
- }
- while (BIG_parity(v)==0)
- {
- BIG_fshr(v,1);
- if (BIG_parity(x2)!=0)
- {
- BIG_add(x2,p,x2);
- BIG_norm(x2);
- }
- BIG_fshr(x2,1);
- }
- if (BIG_comp(u,v)>=0)
- {
- BIG_sub(u,u,v);
- BIG_norm(u);
- if (BIG_comp(x1,x2)>=0) BIG_sub(x1,x1,x2);
- else
- {
- BIG_sub(t,p,x2);
- BIG_add(x1,x1,t);
- }
- BIG_norm(x1);
- }
- else
- {
- BIG_sub(v,v,u);
- BIG_norm(v);
- if (BIG_comp(x2,x1)>=0) BIG_sub(x2,x2,x1);
- else
- {
- BIG_sub(t,p,x1);
- BIG_add(x2,x2,t);
- }
- BIG_norm(x2);
- }
- }
- if (BIG_comp(u,one)==0)
- BIG_copy(r,x1);
- else
- BIG_copy(r,x2);
-}
-
-/* set x = x mod 2^m */
-void XXX::BIG_mod2m(BIG x,int m)
-{
- int i,wd,bt;
- chunk msk;
- BIG_norm(x);
-// if (m>=MODBITS) return;
- wd=m/BASEBITS_XXX;
- bt=m%BASEBITS_XXX;
- msk=((chunk)1<<bt)-1;
- x[wd]&=msk;
- for (i=wd+1; i<NLEN_XXX; i++) x[i]=0;
-}
-
-// new
-/* Convert to DBIG number from byte array of given length */
-void XXX::BIG_dfromBytesLen(DBIG a,char *b,int s)
-{
- int i,len=s;
- BIG_dzero(a);
-
- for (i=0; i<len; i++)
- {
- BIG_dshl(a,8);
- a[0]+=(int)(unsigned char)b[i];
- }
-#ifdef DEBUG_NORM
- a[DMPV_XXX]=1; a[DMNV_XXX]=0;
-#endif
-}
[43/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/rsa.c
----------------------------------------------------------------------
diff --git a/version22/c/rsa.c b/version22/c/rsa.c
deleted file mode 100644
index d5898bd..0000000
--- a/version22/c/rsa.c
+++ /dev/null
@@ -1,394 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* RSA Functions - see main program below */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <time.h>
-
-#include "rsa.h"
-
-#define ROUNDUP(a,b) ((a)-1)/(b)+1
-
-/* general purpose hash function w=hash(p|n|x|y) */
-static int hashit(int sha,octet *p,int n,octet *w)
-{
- int i,c[4],hlen;
- hash256 sha256;
- hash512 sha512;
- char hh[64];
-
- switch (sha)
- {
- case SHA256:
- HASH256_init(&sha256);
- break;
- case SHA384:
- HASH384_init(&sha512);
- break;
- case SHA512:
- HASH512_init(&sha512);
- break;
- }
-
- hlen=sha;
-
- if (p!=NULL) for (i=0; i<p->len; i++)
- {
- switch(sha)
- {
- case SHA256:
- HASH256_process(&sha256,p->val[i]);
- break;
- case SHA384:
- HASH384_process(&sha512,p->val[i]);
- break;
- case SHA512:
- HASH512_process(&sha512,p->val[i]);
- break;
- }
- }
- if (n>=0)
- {
- c[0]=(n>>24)&0xff;
- c[1]=(n>>16)&0xff;
- c[2]=(n>>8)&0xff;
- c[3]=(n)&0xff;
- for (i=0; i<4; i++)
- {
- switch(sha)
- {
- case SHA256:
- HASH256_process(&sha256,c[i]);
- break;
- case SHA384:
- HASH384_process(&sha512,c[i]);
- break;
- case SHA512:
- HASH512_process(&sha512,c[i]);
- break;
- }
- }
- }
-
- switch (sha)
- {
- case SHA256:
- HASH256_hash(&sha256,hh);
- break;
- case SHA384:
- HASH384_hash(&sha512,hh);
- break;
- case SHA512:
- HASH512_hash(&sha512,hh);
- break;
- }
-
- OCT_empty(w);
- OCT_jbytes(w,hh,hlen);
- for (i=0; i<hlen; i++) hh[i]=0;
-
- return hlen;
-}
-
-/* generate an RSA key pair */
-void RSA_KEY_PAIR(csprng *RNG,sign32 e,rsa_private_key *PRIV,rsa_public_key *PUB,octet *P, octet* Q)
-{
- /* IEEE1363 A16.11/A16.12 more or less */
- BIG t[HFLEN],p1[HFLEN],q1[HFLEN];
-
- if (RNG!=NULL)
- {
-
- for (;;)
- {
-
- FF_random(PRIV->p,RNG,HFLEN);
- while (FF_lastbits(PRIV->p,2)!=3) FF_inc(PRIV->p,1,HFLEN);
- while (!FF_prime(PRIV->p,RNG,HFLEN))
- FF_inc(PRIV->p,4,HFLEN);
-
- FF_copy(p1,PRIV->p,HFLEN);
- FF_dec(p1,1,HFLEN);
-
- if (FF_cfactor(p1,e,HFLEN)) continue;
- break;
- }
-
- for (;;)
- {
- FF_random(PRIV->q,RNG,HFLEN);
- while (FF_lastbits(PRIV->q,2)!=3) FF_inc(PRIV->q,1,HFLEN);
- while (!FF_prime(PRIV->q,RNG,HFLEN))
- FF_inc(PRIV->q,4,HFLEN);
-
- FF_copy(q1,PRIV->q,HFLEN);
- FF_dec(q1,1,HFLEN);
- if (FF_cfactor(q1,e,HFLEN)) continue;
-
- break;
- }
-
- }
- else
- {
- FF_fromOctet(PRIV->p,P,HFLEN);
- FF_fromOctet(PRIV->q,Q,HFLEN);
-
- FF_copy(p1,PRIV->p,HFLEN);
- FF_dec(p1,1,HFLEN);
-
- FF_copy(q1,PRIV->q,HFLEN);
- FF_dec(q1,1,HFLEN);
- }
-
- FF_mul(PUB->n,PRIV->p,PRIV->q,HFLEN);
- PUB->e=e;
-
- FF_copy(t,p1,HFLEN);
- FF_shr(t,HFLEN);
- FF_init(PRIV->dp,e,HFLEN);
- FF_invmodp(PRIV->dp,PRIV->dp,t,HFLEN);
- if (FF_parity(PRIV->dp)==0) FF_add(PRIV->dp,PRIV->dp,t,HFLEN);
- FF_norm(PRIV->dp,HFLEN);
-
- FF_copy(t,q1,HFLEN);
- FF_shr(t,HFLEN);
- FF_init(PRIV->dq,e,HFLEN);
- FF_invmodp(PRIV->dq,PRIV->dq,t,HFLEN);
- if (FF_parity(PRIV->dq)==0) FF_add(PRIV->dq,PRIV->dq,t,HFLEN);
- FF_norm(PRIV->dq,HFLEN);
-
- FF_invmodp(PRIV->c,PRIV->p,PRIV->q,HFLEN);
-
- return;
-}
-
-/* Mask Generation Function */
-
-void MGF1(int sha,octet *z,int olen,octet *mask)
-{
- char h[64];
- octet H= {0,sizeof(h),h};
- int hlen=sha;
- int counter,cthreshold;
-
- OCT_empty(mask);
-
- cthreshold=ROUNDUP(olen,hlen);
- for (counter=0; counter<cthreshold; counter++)
- {
- hashit(sha,z,counter,&H);
- if (mask->len+hlen>olen) OCT_jbytes(mask,H.val,olen%hlen);
- else OCT_joctet(mask,&H);
- }
- OCT_clear(&H);
-}
-
-/* SHAXXX identifier strings */
-const char SHA256ID[]= {0x30,0x31,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0x04,0x20};
-const char SHA384ID[]= {0x30,0x41,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,0x05,0x00,0x04,0x30};
-const char SHA512ID[]= {0x30,0x51,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00,0x04,0x40};
-
-/* PKCS 1.5 padding of a message to be signed */
-/* NOTE: length of output encoded in w->max */
-
-int PKCS15(int sha,octet *m,octet *w)
-{
- int olen=w->max;
- int hlen=sha;
- int idlen=19;
- char h[64];
- octet H= {0,sizeof(h),h};
-
- if (olen<idlen+hlen+10) return 0;
- hashit(sha,m,-1,&H);
-
- OCT_empty(w);
- OCT_jbyte(w,0x00,1);
- OCT_jbyte(w,0x01,1);
- OCT_jbyte(w,0xff,olen-idlen-hlen-3);
- OCT_jbyte(w,0x00,1);
-
- if (hlen==32) OCT_jbytes(w,(char *)SHA256ID,idlen);
- if (hlen==48) OCT_jbytes(w,(char *)SHA384ID,idlen);
- if (hlen==64) OCT_jbytes(w,(char *)SHA512ID,idlen);
-
- OCT_joctet(w,&H);
-
- return 1;
-}
-
-/* OAEP Message Encoding for Encryption */
-/* NOTE: length of output encoded in f->max */
-
-int OAEP_ENCODE(int sha,octet *m,csprng *RNG,octet *p,octet *f)
-{
- int slen,olen=f->max-1;
- int mlen=m->len;
- int hlen,seedlen;
- char dbmask[MAX_RSA_BYTES],seed[64];
- octet DBMASK= {0,sizeof(dbmask),dbmask};
- octet SEED= {0,sizeof(seed),seed};
-
- hlen=seedlen=sha;
- if (mlen>olen-hlen-seedlen-1) return 0;
- if (m==f) return 0; /* must be distinct octets */
-
- hashit(sha,p,-1,f);
-
- slen=olen-mlen-hlen-seedlen-1;
-
- OCT_jbyte(f,0,slen);
- OCT_jbyte(f,0x1,1);
- OCT_joctet(f,m);
-
- OCT_rand(&SEED,RNG,seedlen);
-
- MGF1(sha,&SEED,olen-seedlen,&DBMASK);
-
- OCT_xor(&DBMASK,f);
- MGF1(sha,&DBMASK,seedlen,f);
-
- OCT_xor(f,&SEED);
-
- OCT_joctet(f,&DBMASK);
-
- OCT_pad(f,f->max);
- OCT_clear(&SEED);
- OCT_clear(&DBMASK);
-
- return 1;
-}
-
-/* OAEP Message Decoding for Decryption */
-
-int OAEP_DECODE(int sha,octet *p,octet *f)
-{
- int comp,x,t;
- int i,k,olen=f->max-1;
- int hlen,seedlen;
- char dbmask[MAX_RSA_BYTES],seed[64],chash[64];
- octet DBMASK= {0,sizeof(dbmask),dbmask};
- octet SEED= {0,sizeof(seed),seed};
- octet CHASH= {0,sizeof(chash),chash};
-
- seedlen=hlen=sha;
- if (olen<seedlen+hlen+1) return 0;
- if (!OCT_pad(f,olen+1)) return 0;
- hashit(sha,p,-1,&CHASH);
-
- x=f->val[0];
- for (i=seedlen; i<olen; i++)
- DBMASK.val[i-seedlen]=f->val[i+1];
- DBMASK.len=olen-seedlen;
-
- MGF1(sha,&DBMASK,seedlen,&SEED);
- for (i=0; i<seedlen; i++) SEED.val[i]^=f->val[i+1];
- MGF1(sha,&SEED,olen-seedlen,f);
- OCT_xor(&DBMASK,f);
-
- comp=OCT_ncomp(&CHASH,&DBMASK,hlen);
-
- OCT_shl(&DBMASK,hlen);
-
- OCT_clear(&SEED);
- OCT_clear(&CHASH);
-
- for (k=0;; k++)
- {
- if (k>=DBMASK.len)
- {
- OCT_clear(&DBMASK);
- return 0;
- }
- if (DBMASK.val[k]!=0) break;
- }
-
- t=DBMASK.val[k];
- if (!comp || x!=0 || t!=0x01)
- {
- OCT_clear(&DBMASK);
- return 0;
- }
-
- OCT_shl(&DBMASK,k+1);
- OCT_copy(f,&DBMASK);
- OCT_clear(&DBMASK);
-
- return 1;
-}
-
-/* destroy the Private Key structure */
-void RSA_PRIVATE_KEY_KILL(rsa_private_key *PRIV)
-{
- FF_zero(PRIV->p,HFLEN);
- FF_zero(PRIV->q,HFLEN);
- FF_zero(PRIV->dp,HFLEN);
- FF_zero(PRIV->dq,HFLEN);
- FF_zero(PRIV->c,HFLEN);
-}
-
-/* RSA encryption with the public key */
-void RSA_ENCRYPT(rsa_public_key *PUB,octet *F,octet *G)
-{
- BIG f[FFLEN];
- FF_fromOctet(f,F,FFLEN);
-
- FF_power(f,f,PUB->e,PUB->n,FFLEN);
-
- FF_toOctet(G,f,FFLEN);
-}
-
-/* RSA decryption with the private key */
-void RSA_DECRYPT(rsa_private_key *PRIV,octet *G,octet *F)
-{
- BIG g[FFLEN],t[FFLEN],jp[HFLEN],jq[HFLEN];
-
- FF_fromOctet(g,G,FFLEN);
-
- FF_dmod(jp,g,PRIV->p,HFLEN);
- FF_dmod(jq,g,PRIV->q,HFLEN);
-
- FF_skpow(jp,jp,PRIV->dp,PRIV->p,HFLEN);
- FF_skpow(jq,jq,PRIV->dq,PRIV->q,HFLEN);
-
-
- FF_zero(g,FFLEN);
- FF_copy(g,jp,HFLEN);
- FF_mod(jp,PRIV->q,HFLEN);
- if (FF_comp(jp,jq,HFLEN)>0)
- FF_add(jq,jq,PRIV->q,HFLEN);
- FF_sub(jq,jq,jp,HFLEN);
- FF_norm(jq,HFLEN);
-
- FF_mul(t,PRIV->c,jq,HFLEN);
- FF_dmod(jq,t,PRIV->q,HFLEN);
-
- FF_mul(t,jq,PRIV->p,HFLEN);
- FF_add(g,t,g,FFLEN);
- FF_norm(g,FFLEN);
-
- FF_toOctet(F,g,FFLEN);
-
- return;
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/rsa.h
----------------------------------------------------------------------
diff --git a/version22/c/rsa.h b/version22/c/rsa.h
deleted file mode 100644
index b2c6ea0..0000000
--- a/version22/c/rsa.h
+++ /dev/null
@@ -1,99 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/**
- * @file rsa.h
- * @author Mike Scott and Kealan McCusker
- * @date 2nd June 2015
- * @brief RSA Header file for implementation of RSA protocol
- *
- * declares functions
- *
- */
-
-#ifndef RSA_H
-#define RSA_H
-
-#include "amcl.h"
-
-#define MAX_RSA_BYTES 512 // Maximum of 4096
-#define HASH_TYPE_RSA SHA256 /**< Chosen Hash algorithm */
-#define RFS MODBYTES*FFLEN /**< RSA Public Key Size in bytes */
-
-/* RSA Auxiliary Functions */
-
-/** @brief RSA Key Pair Generator
- *
- @param R is a pointer to a cryptographically secure random number generator
- @param e the encryption exponent
- @param PRIV the output RSA private key
- @param PUB the output RSA public key
- @param P Input prime number. Used when R is equal to NULL for testing
- @param Q Inpuy prime number. Used when R is equal to NULL for testing
- */
-extern void RSA_KEY_PAIR(csprng *R,sign32 e,rsa_private_key* PRIV,rsa_public_key* PUB,octet *P, octet* Q);
-/** @brief PKCS V1.5 padding of a message prior to RSA signature
- *
- @param h is the hash type
- @param M is the input message
- @param W is the output encoding, ready for RSA signature
- @return 1 if OK, else 0
- */
-extern int PKCS15(int h,octet *M,octet *W);
-/** @brief OAEP padding of a message prior to RSA encryption
- *
- @param h is the hash type
- @param M is the input message
- @param R is a pointer to a cryptographically secure random number generator
- @param P are input encoding parameter string (could be NULL)
- @param F is the output encoding, ready for RSA encryption
- @return 1 if OK, else 0
- */
-extern int OAEP_ENCODE(int h,octet *M,csprng *R,octet *P,octet *F);
-/** @brief OAEP unpadding of a message after RSA decryption
- *
- Unpadding is done in-place
- @param h is the hash type
- @param P are input encoding parameter string (could be NULL)
- @param F is input padded message, unpadded on output
- @return 1 if OK, else 0
- */
-extern int OAEP_DECODE(int h,octet *P,octet *F);
-/** @brief RSA encryption of suitably padded plaintext
- *
- @param PUB the input RSA public key
- @param F is input padded message
- @param G is the output ciphertext
- */
-extern void RSA_ENCRYPT(rsa_public_key* PUB,octet *F,octet *G);
-/** @brief RSA decryption of ciphertext
- *
- @param PRIV the input RSA private key
- @param G is the input ciphertext
- @param F is output plaintext (requires unpadding)
-
- */
-extern void RSA_DECRYPT(rsa_private_key* PRIV,octet *G,octet *F);
-/** @brief Destroy an RSA private Key
- *
- @param PRIV the input RSA private key. Destroyed on output.
- */
-extern void RSA_PRIVATE_KEY_KILL(rsa_private_key *PRIV);
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/testecdh.c
----------------------------------------------------------------------
diff --git a/version22/c/testecdh.c b/version22/c/testecdh.c
deleted file mode 100644
index 31e4944..0000000
--- a/version22/c/testecdh.c
+++ /dev/null
@@ -1,207 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* test driver and function exerciser for ECDH/ECIES/ECDSA API Functions */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "ecdh.h"
-#include "randapi.h"
-
-int ecdh(csprng *RNG)
-{
- int i,res;
- char *pp="M0ng00se";
- /* These octets are automatically protected against buffer overflow attacks */
- /* Note salt must be big enough to include an appended word */
- /* Note ECIES ciphertext C must be big enough to include at least 1 appended block */
- /* Recall EFS is field size in bytes. So EFS=32 for 256-bit curve */
- char s0[2*EGS],s1[EGS],w0[2*EFS+1],w1[2*EFS+1],z0[EFS],z1[EFS],key[EAS],salt[40],pw[40];
- octet S0= {0,sizeof(s0),s0};
- octet S1= {0,sizeof(s1),s1};
- octet W0= {0,sizeof(w0),w0};
- octet W1= {0,sizeof(w1),w1};
- octet Z0= {0,sizeof(z0),z0};
- octet Z1= {0,sizeof(z1),z1};
- octet KEY= {0,sizeof(key),key};
- octet SALT= {0,sizeof(salt),salt};
- octet PW= {0,sizeof(pw),pw};
-
- SALT.len=8;
- for (i=0; i<8; i++) SALT.val[i]=i+1; // set Salt
-
- printf("Alice's Passphrase= %s\n",pp);
-
- OCT_empty(&PW);
- OCT_jstring(&PW,pp); // set Password from string
-
- /* private key S0 of size EGS bytes derived from Password and Salt */
-
- PBKDF2(HASH_TYPE_ECC,&PW,&SALT,1000,EGS,&S0);
-
- printf("Alices private key= 0x");
- OCT_output(&S0);
-
- /* Generate Key pair S/W */
-
- ECP_KEY_PAIR_GENERATE(NULL,&S0,&W0);
- printf("Alices public key= 0x");
- OCT_output(&W0);
-
- res=ECP_PUBLIC_KEY_VALIDATE(1,&W0);
- if (res!=0)
- {
- printf("ECP Public Key is invalid!\n");
- return 0;
- }
-
- /* Random private key for other party */
- ECP_KEY_PAIR_GENERATE(RNG,&S1,&W1);
- res=ECP_PUBLIC_KEY_VALIDATE(1,&W1);
- if (res!=0)
- {
- printf("ECP Public Key is invalid!\n");
- return 0;
- }
- printf("Servers private key= 0x");
- OCT_output(&S1);
- printf("Servers public key= 0x");
- OCT_output(&W1);
-
- /* Calculate common key using DH - IEEE 1363 method */
-
- ECPSVDP_DH(&S0,&W1,&Z0);
- ECPSVDP_DH(&S1,&W0,&Z1);
-
- if (!OCT_comp(&Z0,&Z1))
- {
- printf("*** ECPSVDP-DH Failed\n");
- return 0;
- }
-
- KDF2(HASH_TYPE_ECC,&Z0,NULL,EAS,&KEY);
-
- printf("Alice's DH Key= 0x");
- OCT_output(&KEY);
- printf("Servers DH Key= 0x");
- OCT_output(&KEY);
-
-#if CURVETYPE != MONTGOMERY
-
- char ds[EGS],p1[30],p2[30],v[2*EFS+1],m[32],c[64],t[32],cs[EGS];
- octet DS= {0,sizeof(ds),ds};
- octet CS= {0,sizeof(cs),cs};
- octet P1= {0,sizeof(p1),p1};
- octet P2= {0,sizeof(p2),p2};
- octet V= {0,sizeof(v),v};
- octet M= {0,sizeof(m),m};
- octet C= {0,sizeof(c),c};
- octet T= {0,sizeof(t),t};
-
- printf("Testing ECIES\n");
-
- P1.len=3;
- P1.val[0]=0x0;
- P1.val[1]=0x1;
- P1.val[2]=0x2;
- P2.len=4;
- P2.val[0]=0x0;
- P2.val[1]=0x1;
- P2.val[2]=0x2;
- P2.val[3]=0x3;
-
- M.len=17;
- for (i=0; i<=16; i++) M.val[i]=i;
-
- ECP_ECIES_ENCRYPT(HASH_TYPE_ECC,&P1,&P2,RNG,&W1,&M,12,&V,&C,&T);
-
- printf("Ciphertext= \n");
- printf("V= 0x");
- OCT_output(&V);
- printf("C= 0x");
- OCT_output(&C);
- printf("T= 0x");
- OCT_output(&T);
-
- if (!ECP_ECIES_DECRYPT(HASH_TYPE_ECC,&P1,&P2,&V,&C,&T,&S1,&M))
- {
- printf("*** ECIES Decryption Failed\n");
- return 0;
- }
- else printf("Decryption succeeded\n");
-
- printf("Message is 0x");
- OCT_output(&M);
-
-
- printf("Testing ECDSA\n");
-
- if (ECPSP_DSA(HASH_TYPE_ECC,RNG,NULL,&S0,&M,&CS,&DS)!=0)
- {
- printf("***ECDSA Signature Failed\n");
- return 0;
- }
-
- printf("Signature C = 0x");
- OCT_output(&CS);
- printf("Signature D = 0x");
- OCT_output(&DS);
-
- if (ECPVP_DSA(HASH_TYPE_ECC,&W0,&M,&CS,&DS)!=0)
- {
- printf("***ECDSA Verification Failed\n");
- return 0;
- }
- else
- {
- printf("ECDSA Signature/Verification succeeded\n");
- }
-
-#endif
-
- return 0;
-}
-
-int main()
-{
- int i;
- unsigned long ran;
-
- char raw[100];
- octet RAW= {0,sizeof(raw),raw};
- csprng RNG; /* Crypto Strong RNG */
-
- time((time_t *)&ran);
-
- RAW.len=100; /* fake random seed source */
- RAW.val[0]=ran;
- RAW.val[1]=ran>>8;
- RAW.val[2]=ran>>16;
- RAW.val[3]=ran>>24;
- for (i=0; i<100; i++) RAW.val[i]=i+1;
-
- CREATE_CSPRNG(&RNG,&RAW); /* initialise strong RNG */
-
- ecdh(&RNG);
-
- KILL_CSPRNG(&RNG);
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/testmpin.c
----------------------------------------------------------------------
diff --git a/version22/c/testmpin.c b/version22/c/testmpin.c
deleted file mode 100644
index f3ba165..0000000
--- a/version22/c/testmpin.c
+++ /dev/null
@@ -1,313 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* test driver and function exerciser for MPIN Functions */
-/* Version 3.0 - supports Time Permits */
-
-/* Build executible after installation:
-
- gcc -std=c99 -g ./testmpin.c -I/opt/amcl/include -L/opt/amcl/lib -lamcl -lmpin -o testmpin
-
-*/
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "mpin.h"
-#include "randapi.h"
-
-#define PERMITS /* for time permits ON or OFF */
-#define PINERROR /* For PIN ERROR detection ON or OFF */
-#define FULL /* for M-Pin Full or M-Pin regular */
-//#define SINGLE_PASS /* SINGLE PASS M-Pin */
-
-int mpin(csprng *RNG)
-{
- int pin,rtn,err;
-#ifdef PERMITS
- int date=MPIN_today();
-#else
- int date=0;
-#endif
- char x[PGS],s[PGS],y[PGS],client_id[100],sst[4*PFS],token[2*PFS+1],sec[2*PFS+1],permit[2*PFS+1],xcid[2*PFS+1],xid[2*PFS+1],e[12*PFS],f[12*PFS];
- char hcid[PFS],hsid[PFS],hid[2*PFS+1],htid[2*PFS+1],h[PGS];
-#ifdef FULL
- char r[PGS],z[2*PFS+1],w[PGS],t[2*PFS+1];
- char g1[12*PFS],g2[12*PFS];
- char ck[PAS],sk[PAS];
-#endif
- octet S= {0,sizeof(s),s};
- octet X= {0,sizeof(x),x};
- octet Y= {0,sizeof(y),y};
- octet H= {0,sizeof(h),h};
- octet CLIENT_ID= {0,sizeof(client_id),client_id};
- octet SST= {0,sizeof(sst),sst};
- octet TOKEN= {0,sizeof(token),token};
- octet SEC= {0,sizeof(sec),sec};
- octet PERMIT= {0,sizeof(permit),permit};
- octet xCID= {0,sizeof(xcid),xcid};
- octet xID= {0,sizeof(xid),xid};
- octet HCID= {0,sizeof(hcid),hcid};
- octet HSID= {0,sizeof(hsid),hsid};
- octet HID= {0,sizeof(hid),hid};
- octet HTID= {0,sizeof(htid),htid};
- octet E= {0,sizeof(e),e};
- octet F= {0,sizeof(f),f};
-#ifdef FULL
- octet R= {0,sizeof(r),r};
- octet Z= {0,sizeof(z),z};
- octet W= {0,sizeof(w),w};
- octet T= {0,sizeof(t),t};
- octet G1= {0,sizeof(g1),g1};
- octet G2= {0,sizeof(g2),g2};
- octet SK= {0,sizeof(sk),sk};
- octet CK= {0,sizeof(ck),ck};
-#endif
- octet *pxID,*pxCID,*pHID,*pHTID,*pE,*pF,*pPERMIT,*prHID;
- char idhex[100];
-
- /* Trusted Authority set-up */
- MPIN_RANDOM_GENERATE(RNG,&S);
- printf("Master Secret= ");
- OCT_output(&S);
-
- /* Create Client Identity */
- OCT_jstring(&CLIENT_ID,"testUser@miracl.com");
- MPIN_HASH_ID(HASH_TYPE_MPIN,&CLIENT_ID,&HCID); /* Either Client or TA calculates Hash(ID) - you decide! */
-
- printf("Client ID Hash= ");
- OCT_output(&HCID);
- printf("\n");
-
- OCT_toHex(&CLIENT_ID,idhex);
- printf("Client ID= %s\n",idhex);// OCT_toHex(&CLIENT_ID); printf("\n");
-
- /* Client and Server are issued secrets by DTA */
- MPIN_GET_SERVER_SECRET(&S,&SST);
- printf("Server Secret= ");
- OCT_output(&SST);
-
- MPIN_GET_CLIENT_SECRET(&S,&HCID,&TOKEN);
- printf("Client Secret= ");
- OCT_output(&TOKEN);
-
- /* Client extracts PIN from secret to create Token */
- pin=1234;
- printf("Client extracts PIN= %d\n",pin);
- MPIN_EXTRACT_PIN(HASH_TYPE_MPIN,&CLIENT_ID,pin,&TOKEN);
- printf("Client Token= ");
- OCT_output(&TOKEN);
-
-#ifdef FULL
- MPIN_PRECOMPUTE(&TOKEN,&HCID,NULL,&G1,&G2);
-#endif
-
-#ifdef PERMITS
- /* Client gets "Time Permit" from DTA */
- printf("Client gets Time Permit\n");
-
- MPIN_GET_CLIENT_PERMIT(HASH_TYPE_MPIN,date,&S,&HCID,&PERMIT);
- printf("Time Permit= ");
- OCT_output(&PERMIT);
-
- /* This encoding makes Time permit look random */
- if (MPIN_ENCODING(RNG,&PERMIT)!=0) printf("Encoding error\n");
- /* printf("Encoded Time Permit= "); OCT_output(&PERMIT); */
- if (MPIN_DECODING(&PERMIT)!=0) printf("Decoding error\n");
- /* printf("Decoded Time Permit= "); OCT_output(&PERMIT); */
-#endif
-
- /* MPin Protocol */
-
- /* Client enters PIN */
- printf("\nPIN= ");
- if(scanf("%d",&pin)) {};
- /* to avoid silly compile error */
- getchar();
-
- /* Set date=0 and PERMIT=NULL if time permits not in use
-
- Client First pass: Inputs CLIENT_ID, optional RNG, pin, TOKEN and PERMIT. Output xID = x.H(CLIENT_ID) and re-combined secret SEC
- If PERMITS are is use, then date!=0 and PERMIT is added to secret and xCID = x.(H(CLIENT_ID)+H(date|H(CLIENT_ID)))
- Random value x is supplied externally if RNG=NULL, otherwise generated and passed out by RNG
-
- HSID - hashed client ID as calculated by the server
- HCID - hashed client ID as calculated by the client
-
- IMPORTANT: To save space and time..
- If Time Permits OFF set xCID = NULL, HTID=NULL and use xID and HID only
- If Time permits are ON, AND pin error detection is required then all of xID, xCID, HID and HTID are required
- If Time permits are ON, AND pin error detection is NOT required, set xID=NULL, HID=NULL and use xCID and HTID only.
-
- */
-
- pxID=&xID;
- pxCID=&xCID;
- pHID=&HID;
- pHTID=&HTID;
- pE=&E;
- pF=&F;
- pPERMIT=&PERMIT;
-
-#ifdef PERMITS
- prHID=pHTID;
-#ifndef PINERROR
- pxID=NULL;
-// pHID=NULL; //new
-#endif
-#else
- prHID=pHID;
- pPERMIT=NULL;
- pxCID=NULL;
- pHTID=NULL;
-#endif
-#ifndef PINERROR
- pE=NULL;
- pF=NULL;
-#endif
-
- /* When set only send hashed IDs to server */
- octet *pID;
-#ifdef USE_ANONYMOUS
- pID = &HCID;
-#else
- pID = &CLIENT_ID;
-#endif
-
-#ifdef SINGLE_PASS
- int timeValue;
- printf("MPIN Single Pass\n");
- timeValue = MPIN_GET_TIME();
-
- rtn=MPIN_CLIENT(HASH_TYPE_MPIN,date,&CLIENT_ID,RNG,&X,pin,&TOKEN,&SEC,pxID,pxCID,pPERMIT,NULL,timeValue,&Y);
-
- if (rtn != 0)
- {
- printf("MPIN_CLIENT ERROR %d\n", rtn);
- return 1;
- }
-
-#ifdef FULL
- MPIN_GET_G1_MULTIPLE(RNG,1,&R,&HCID,&Z); /* Also Send Z=r.ID to Server, remember random r */
-#endif
-
-
- rtn=MPIN_SERVER(HASH_TYPE_MPIN,date,pHID,pHTID,&Y,&SST,pxID,pxCID,&SEC,pE,pF,pID,NULL,timeValue);
-
-#ifdef FULL
- MPIN_HASH_ID(HASH_TYPE_MPIN,&CLIENT_ID,&HSID); // new
- MPIN_GET_G1_MULTIPLE(RNG,0,&W,prHID,&T); /* Also send T=w.ID to client, remember random w */
-#endif
-
-#else // SINGLE_PASS
- printf("MPIN Multi Pass\n");
- if (MPIN_CLIENT_1(HASH_TYPE_MPIN,date,&CLIENT_ID,RNG,&X,pin,&TOKEN,&SEC,pxID,pxCID,pPERMIT)!=0)
- {
- printf("Error from Client side - First Pass\n");
- return 0;
- }
-
- /* Send U=x.ID to server, and recreate secret from token and pin */
-
-#ifdef FULL
- MPIN_HASH_ID(HASH_TYPE_MPIN,&CLIENT_ID,&HCID);
- MPIN_GET_G1_MULTIPLE(RNG,1,&R,&HCID,&Z); /* Also Send Z=r.ID to Server, remember random r, DH component */
-#endif
-
- /* Server calculates H(ID) and H(ID)+H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. */
- MPIN_SERVER_1(HASH_TYPE_MPIN,date,pID,pHID,pHTID);
-
- /* Server generates Random number Y and sends it to Client */
- MPIN_RANDOM_GENERATE(RNG,&Y);
-
-#ifdef FULL
- MPIN_HASH_ID(HASH_TYPE_MPIN,&CLIENT_ID,&HSID); //new
- MPIN_GET_G1_MULTIPLE(RNG,0,&W,prHID,&T); /* Also send T=w.ID to client, remember random w, DH component */
-#endif
-
- /* Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC */
- if (MPIN_CLIENT_2(&X,&Y,&SEC)!=0)
- {
- printf("Error from Client side - Second Pass\n");
- return 1;
- }
-
- /* Server Second phase. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error. */
- /* If PIN error not required, set E and F = NULL */
- rtn=MPIN_SERVER_2(date,pHID,pHTID,&Y,&SST,pxID,pxCID,&SEC,pE,pF);
-#endif // SINGLE_PASS
-
- if (rtn!=0)
- {
- printf("Server says - Bad Pin.\n");
-#ifdef PINERROR
-
- err=MPIN_KANGAROO(&E,&F);
- if (err) printf("(Client PIN is out by %d)\n",err);
-
-#endif
- return 1;
- }
- else
- {
- printf("Server says - PIN is good! You really are ");
- OCT_output_string(&CLIENT_ID);
- printf(".\n");
- }
-
-#ifdef FULL
- MPIN_HASH_ALL(HASH_TYPE_MPIN,&HCID,pxID,pxCID,&SEC,&Y,&Z,&T,&H); // new
- MPIN_CLIENT_KEY(HASH_TYPE_MPIN,&G1,&G2,pin,&R,&X,&H,&T,&CK); // new H
- printf("Client Key = ");
- OCT_output(&CK);
-
- MPIN_HASH_ALL(HASH_TYPE_MPIN,&HSID,pxID,pxCID,&SEC,&Y,&Z,&T,&H);
- MPIN_SERVER_KEY(HASH_TYPE_MPIN,&Z,&SST,&W,&H,pHID,pxID,pxCID,&SK); // new H,pHID
- printf("Server Key = ");
- OCT_output(&SK);
-#endif
- return 0;
-}
-
-int main()
-{
- int i;
- unsigned long ran;
-
- char raw[100];
- octet RAW= {0,sizeof(raw),raw};
- csprng RNG; /* Crypto Strong RNG */
-
- time((time_t *)&ran);
-
- RAW.len=100; /* fake random seed source */
- RAW.val[0]=ran;
- RAW.val[1]=ran>>8;
- RAW.val[2]=ran>>16;
- RAW.val[3]=ran>>24;
- for (i=0; i<100; i++) RAW.val[i]=i+1;
-
- CREATE_CSPRNG(&RNG,&RAW); /* initialise strong RNG */
-
- mpin(&RNG);
-
- KILL_CSPRNG(&RNG);
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/testrsa.c
----------------------------------------------------------------------
diff --git a/version22/c/testrsa.c b/version22/c/testrsa.c
deleted file mode 100644
index 247ba97..0000000
--- a/version22/c/testrsa.c
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* test driver and function exerciser for RSA API Functions */
-
-#include <stdio.h>
-#include <time.h>
-#include "rsa.h"
-#include "randapi.h"
-
-int rsa(csprng *RNG)
-{
- char m[RFS],ml[RFS],c[RFS],e[RFS],s[RFS];
- rsa_public_key pub;
- rsa_private_key priv;
-
- octet M= {0,sizeof(m),m};
- octet ML= {0,sizeof(ml),ml};
- octet C= {0,sizeof(c),c};
- octet E= {0,sizeof(e),e};
- octet S= {0,sizeof(s),s};
-
- printf("Generating public/private key pair\n");
- RSA_KEY_PAIR(RNG,65537,&priv,&pub,NULL,NULL);
-
- printf("Encrypting test string\n");
- OCT_jstring(&M,(char *)"Hello World\n");
-
- OAEP_ENCODE(HASH_TYPE_RSA,&M,RNG,NULL,&E); /* OAEP encode message m to e */
-
- RSA_ENCRYPT(&pub,&E,&C); /* encrypt encoded message */
- printf("Ciphertext= ");
- OCT_output(&C);
-
- printf("Decrypting test string\n");
- RSA_DECRYPT(&priv,&C,&ML); /* ... and then decrypt it */
-
- OAEP_DECODE(HASH_TYPE_RSA,NULL,&ML); /* decode it */
- OCT_output_string(&ML);
-
- printf("Signing message\n");
- PKCS15(HASH_TYPE_RSA,&M,&C);
-
- RSA_DECRYPT(&priv,&C,&S); /* create signature in S */
-
- printf("Signature= ");
- OCT_output(&S);
-
- RSA_ENCRYPT(&pub,&S,&ML);
-
- if (OCT_comp(&C,&ML)) printf("Signature is valid\n");
- else printf("Signature is INVALID\n");
-
- RSA_PRIVATE_KEY_KILL(&priv);
-
- OCT_clear(&M);
- OCT_clear(&ML); /* clean up afterwards */
- OCT_clear(&C);
- OCT_clear(&E);
-
- return 0;
-}
-
-int main()
-{
- int i;
- unsigned long ran;
-
- char raw[100];
- octet RAW= {0,sizeof(raw),raw};
- csprng RNG; /* Crypto Strong RNG */
-
- time((time_t *)&ran);
-
- RAW.len=100; /* fake random seed source */
- RAW.val[0]=ran;
- RAW.val[1]=ran>>8;
- RAW.val[2]=ran>>16;
- RAW.val[3]=ran>>24;
- for (i=0; i<100; i++) RAW.val[i]=i+1;
-
- CREATE_CSPRNG(&RNG,&RAW); /* initialise strong RNG */
-
- rsa(&RNG);
-
- KILL_CSPRNG(&RNG);
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/x509.c
----------------------------------------------------------------------
diff --git a/version22/c/x509.c b/version22/c/x509.c
deleted file mode 100644
index 6a59294..0000000
--- a/version22/c/x509.c
+++ /dev/null
@@ -1,1079 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL X.509 Functions */
-
-// To run test program, define HAS_MAIN
-// gcc x509.c ecdh.c rsa.c amcl.a -o x509.exe
-
-#define HAS_MAIN
-
-#include <stdio.h>
-#include "ecdh.h"
-#include "rsa.h"
-#include "x509.h"
-
-// ASN.1 tags
-
-#define ANY 0x00
-#define SEQ 0x30
-#define OID 0x06
-#define INT 0x02
-#define NUL 0x05
-#define ZER 0x00
-#define UTF 0x0C
-#define UTC 0x17
-#define LOG 0x01
-#define BIT 0x03
-#define OCT 0x04
-#define STR 0x13
-#define SET 0x31
-#define IA5 0x16
-
-// Supported Encryption Methods
-
-#define ECC 1
-#define RSA 2
-#define ECC_H256 11
-#define ECC_H384 12
-#define ECC_H512 13
-#define RSA_H256 21
-#define RSA_H384 22
-#define RSA_H512 23
-
-// return xxxxxxxxxxxxxxxx | xxxx | xxxx
-// 2048 | 2 | 3 -> 2048-bit RSA with SHA512
-
-#define H256 2
-#define H384 3
-#define H512 4
-
-// Define some OIDs
-
-// Elliptic Curve with SHA256
-static char eccsha256[8]= {0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,0x02};
-static octet ECCSHA256= {8,sizeof(eccsha256),eccsha256};
-
-// Elliptic Curve with SHA384
-static char eccsha384[8]= {0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,0x03};
-static octet ECCSHA384= {8,sizeof(eccsha384),eccsha384};
-
-// Elliptic Curve with SHA512
-static char eccsha512[8]= {0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,0x04};
-static octet ECCSHA512= {8,sizeof(eccsha512),eccsha512};
-
-// EC Public Key
-static char ecpk[7]= {0x2a,0x86,0x48,0xce,0x3d,0x02,0x01};
-static octet ECPK= {7,sizeof(ecpk),ecpk};
-
-// C25519 curve
-static char prime25519[9]= {0x2B,0x06,0x01,0x04,0x01,0xDA,0x47,0x0F,0x01}; /*****/
-static octet PRIME25519= {9,sizeof(prime25519),prime25519};
-
-// NIST256 curve
-static char prime256v1[8]= {0x2a,0x86,0x48,0xce,0x3d,0x03,0x01,0x07};
-static octet PRIME256V1= {8,sizeof(prime256v1),prime256v1};
-
-// NIST384 curve
-static char secp384r1[5]= {0x2B,0x81,0x04,0x00,0x22};
-static octet SECP384R1= {5,sizeof(secp384r1),secp384r1};
-
-// NIST521 curve
-static char secp521r1[5]= {0x2B,0x81,0x04,0x00,0x23};
-static octet SECP521R1= {5,sizeof(secp521r1),secp521r1};
-
-// RSA Public Key
-static char rsapk[9]= {0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01};
-static octet RSAPK= {9,sizeof(rsapk),rsapk};
-
-// RSA with SHA256
-static char rsasha256[9]= {0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0b};
-static octet RSASHA256= {9,sizeof(rsasha256),rsasha256};
-
-// RSA with SHA384
-static char rsasha384[9]= {0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0c};
-static octet RSASHA384= {9,sizeof(rsasha384),rsasha384};
-
-// RSA with SHA512
-static char rsasha512[9]= {0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0d};
-static octet RSASHA512= {9,sizeof(rsasha512),rsasha512};
-
-#ifdef HAS_MAIN
-// countryName
-static char cn[3]= {0x55,0x04,0x06};
-static octet CN= {3,sizeof(cn),cn};
-
-// stateName
-// static char sn[3]= {0x55,0x04,0x08};
-// static octet SN= {3,sizeof(sn),sn};
-
-// localName
-// static char ln[3]= {0x55,0x04,0x07};
-// static octet LN= {3,sizeof(ln),ln};
-
-// orgName
-static char on[3]= {0x55,0x04,0x0A};
-static octet ON= {3,sizeof(on),on};
-
-// unitName
-// static char un[3]= {0x55,0x04,0x0B};
-// static octet UN= {3,sizeof(un),un};
-
-// myName
-// static char mn[3]= {0x55,0x04,0x03};
-// static octet MN= {3,sizeof(mn),mn};
-
-// emailName
-static char en[9]= {0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x01};
-static octet EN= {9,sizeof(en),en};
-#endif // HAS_MAIN
-
-/* Check expected TAG and return ASN.1 field length. If tag=0 skip check. */
-static int getalen(int tag,char *b,int j)
-{
- int len;
-
- if (tag!=0 && (unsigned char)b[j]!=tag) return -1; // not a valid tag
- j++;
-
- if ((unsigned char)b[j]==0x81)
- {
- j++;
- len=(unsigned char)b[j];
- }
- else if ((unsigned char)b[j]==0x82)
- {
- j++;
- len=256*b[j++];
- len+=(unsigned char)b[j];
- }
- else
- {
- len=(unsigned char)b[j];
- if (len>127) return -1;
- }
- return len;
-}
-
-/* jump over length field */
-static int skip(int len)
-{
- if (len<128) return 2;
- if (len>=128 && len<256) return 3;
- return 4;
-}
-
-/* round length up to nearest 8-byte length */
-static int bround(int len)
-{
- if (len%8==0) return len;
- return len+(8-len%8);
-
-}
-
-// Input signed cert as octet, and extract signature
-// Return 0 for failure, ECC for Elliptic Curve signature, RSA for RSA signature
-// Note that signature type is not provided here - its the type of the public key that
-// is used to verify it that matters, and which determines for example the curve to be used!
-
-pktype X509_extract_cert_sig(octet *sc,octet *sig)
-{
- int i,j,k,fin,len,rlen,sj,ex;
- char soid[9];
- octet SOID= {0,sizeof(soid),soid};
- pktype ret;
-
- ret.type=0;
- ret.hash=0;
-
- j=0;
-
- len=getalen(SEQ,sc->val,j); // Check for expected SEQ clause, and get length
- if (len<0) return ret; // if not a SEQ clause, there is a problem, exit
- j+=skip(len); // skip over length to clause contents. Add len to skip clause
-
- if (len+j!=sc->len) return ret;
-
- len=getalen(SEQ,sc->val,j);
- if (len<0) return ret;
- j+=skip(len)+len; // jump over cert to signature OID
-
- len=getalen(SEQ,sc->val,j);
- if (len<0) return ret;
- j+=skip(len);
-
- sj=j+len; // Needed to jump over signature OID
-
-// dive in to extract OID
- len=getalen(OID,sc->val,j);
- if (len<0) return ret;
- j+=skip(len);
-
- fin=j+len;
- SOID.len=len;
- for (i=0; j<fin; j++)
- SOID.val[i++]= sc->val[j];
-
- // check OID here..
-
- if (OCT_comp(&ECCSHA256,&SOID))
- {
- ret.type=ECC;
- ret.hash=H256;
- }
- if (OCT_comp(&ECCSHA384,&SOID))
- {
- ret.type=ECC;
- ret.hash=H384;
- }
- if (OCT_comp(&ECCSHA512,&SOID))
- {
- ret.type=ECC;
- ret.hash=H512;
- }
- if (OCT_comp(&RSASHA256,&SOID))
- {
- ret.type=RSA;
- ret.hash=H256;
- }
- if (OCT_comp(&RSASHA384,&SOID))
- {
- ret.type=RSA;
- ret.hash=H384;
- }
- if (OCT_comp(&RSASHA512,&SOID))
- {
- ret.type=RSA;
- ret.hash=H512;
- }
-
- if (ret.type==0) return ret; // unsupported type
-
- j=sj; // jump out to signature
-
- len=getalen(BIT,sc->val,j);
- if (len<0)
- {
- ret.type=0;
- return ret;
- }
- j+=skip(len);
- j++;
- len--; // skip bit shift (hopefully 0!)
-
- if (ret.type==ECC)
- {
- // signature in the form (r,s)
- len=getalen(SEQ,sc->val,j);
- if (len<0)
- {
- ret.type=0;
- return ret;
- }
- j+=skip(len);
-
- // pick up r part of signature
- len=getalen(INT,sc->val,j);
- if (len<0)
- {
- ret.type=0;
- return ret;
- }
- j+=skip(len);
-
- if (sc->val[j]==0)
- {
- // skip leading zero
- j++;
- len--;
- }
- rlen=bround(len);
-
- ex=rlen-len;
- sig->len=2*rlen;
-
- i=0;
- for (k=0; k<ex; k++)
- sig->val[i++]=0;
-
- fin=j+len;
- for (; j<fin; j++)
- sig->val[i++]= sc->val[j];
-
- // pick up s part of signature
- len=getalen(INT,sc->val,j);
- if (len<0)
- {
- ret.type=0;
- return ret;
- }
- j+=skip(len);
-
- if (sc->val[j]==0)
- {
- // skip leading zeros
- j++;
- len--;
- }
- rlen=bround(len);
- ex=rlen-len;
- for (k=0; k<ex; k++)
- sig->val[i++]=0;
-
- fin=j+len;
- for (; j<fin; j++)
- sig->val[i++]= sc->val[j];
-
- }
- if (ret.type==RSA)
- {
- rlen=bround(len);
- ex=rlen-len;
-
- sig->len=rlen;
- i=0;
- for (k=0; k<ex; k++)
- sig->val[i++]=0;
-
- fin=j+len;
- for (; j<fin; j++)
- sig->val[i++]= sc->val[j];
-
- }
- if (ret.hash==H256) ret.curve=NIST256;
- if (ret.hash==H384) ret.curve=NIST384;
- if (ret.hash==H512) ret.curve=NIST521;
-
- return ret;
-}
-
-// Extract certificate from signed cert
-int X509_extract_cert(octet *sc,octet *cert)
-{
- int i,j,fin,len,k;
-
- j=0;
- len=getalen(SEQ,sc->val,j);
-
- if (len<0) return 0;
- j+=skip(len);
-
- k=j;
-
- len=getalen(SEQ,sc->val,j);
- if (len<0) return 0;
- j+=skip(len);
-
- fin=j+len;
- cert->len=fin-k;
- for (i=k; i<fin; i++) cert->val[i-k]=sc->val[i];
-
- return 1;
-}
-
-// Extract Public Key from inside Certificate
-pktype X509_extract_public_key(octet *c,octet *key)
-{
- int i,j,fin,len,sj;
- char koid[12]; /*****/
- octet KOID= {0,sizeof(koid),koid};
- pktype ret;
-
- ret.type=ret.hash=0;
- ret.curve=-1;
-
- j=0;
-
- len=getalen(SEQ,c->val,j);
- if (len<0) return ret;
- j+=skip(len);
-
- if (len+j!=c->len) return ret;
-
- len=getalen(0,c->val,j);
- if (len<0) return ret;
- j+=skip(len)+len; //jump over version clause
-
- len=getalen(INT,c->val,j);
-
- if (len>0) j+=skip(len)+len; // jump over serial number clause (if there is one)
-
- len=getalen(SEQ,c->val,j);
- if (len<0) return ret;
- j+=skip(len)+len; // jump over signature algorithm
-
- len=getalen(SEQ,c->val,j);
- if (len<0) return ret;
- j+=skip(len)+len; // skip issuer
-
- len=getalen(SEQ,c->val,j);
- if (len<0) return ret;
- j+=skip(len)+len; // skip validity
-
- len=getalen(SEQ,c->val,j);
- if (len<0) return ret;
- j+=skip(len)+len; // skip subject
-
- len=getalen(SEQ,c->val,j);
- if (len<0) return ret;
- j+=skip(len); //
-
- len=getalen(SEQ,c->val,j);
- if (len<0) return ret;
- j+=skip(len);
-
-// ** Maybe dive in and check Public Key OIDs here?
-// ecpublicKey & prime256v1, secp384r1 or secp521r1 for ECC
-// rsapublicKey for RSA
-
- sj=j+len;
-
- len=getalen(OID,c->val,j);
- if (len<0) return ret;
- j+=skip(len);
-
- fin=j+len;
- KOID.len=len;
- for (i=0; j<fin; j++)
- KOID.val[i++]= c->val[j];
-
- ret.type=0;
- if (OCT_comp(&ECPK,&KOID)) ret.type=ECC;
- if (OCT_comp(&RSAPK,&KOID)) ret.type=RSA;
-
- if (ret.type==0) return ret;
-
- if (ret.type==ECC)
- {
- // which elliptic curve?
- len=getalen(OID,c->val,j);
- if (len<0)
- {
- ret.type=0;
- return ret;
- }
- j+=skip(len);
-
- fin=j+len;
- KOID.len=len;
- for (i=0; j<fin; j++)
- KOID.val[i++]= c->val[j];
-
- if (OCT_comp(&PRIME25519,&KOID)) ret.curve=C25519; /*****/
- if (OCT_comp(&PRIME256V1,&KOID)) ret.curve=NIST256;
- if (OCT_comp(&SECP384R1,&KOID)) ret.curve=NIST384;
- if (OCT_comp(&SECP521R1,&KOID)) ret.curve=NIST521;
- }
-
- j=sj; // skip to actual Public Key
-
- len=getalen(BIT,c->val,j);
- if (len<0)
- {
- ret.type=0;
- return ret;
- }
- j+=skip(len); //
- j++;
- len--; // skip bit shift (hopefully 0!)
-
-// extract key
- if (ret.type==ECC)
- {
- key->len=len;
- fin=j+len;
- for (i=0; j<fin; j++)
- key->val[i++]= c->val[j];
-
- }
- if (ret.type==RSA)
- {
- // Key is (modulus,exponent) - assume exponent is 65537
- len=getalen(SEQ,c->val,j);
- if (len<0)
- {
- ret.type=0;
- return ret;
- }
- j+=skip(len); //
-
- len=getalen(INT,c->val,j); // get modulus
- if (len<0)
- {
- ret.type=0;
- return ret;
- }
- j+=skip(len); //
- if (c->val[j]==0)
- {
- j++;
- len--; // remove leading zero
- }
-
- key->len=len;
- fin=j+len;
- for (i=0; j<fin; j++)
- key->val[i++]= c->val[j];
-
- }
- return ret;
-}
-
-// Find pointer to main sections of cert, before extracting individual field
-// Find index to issuer in cert
-int X509_find_issuer(octet *c)
-{
- int j,len;
- j=0;
- len=getalen(SEQ,c->val,j);
- if (len<0) return 0;
- j+=skip(len);
-
- if (len+j!=c->len) return 0;
-
- len=getalen(0,c->val,j);
- if (len<0) return 0;
- j+=skip(len)+len; //jump over version clause
-
- len=getalen(INT,c->val,j);
-
- if (len>0) j+=skip(len)+len; // jump over serial number clause (if there is one)
-
- len=getalen(SEQ,c->val,j);
- if (len<0) return 0;
- j+=skip(len)+len; // jump over signature algorithm
-
- return j;
-}
-
-// Find index to validity period
-int X509_find_validity(octet *c)
-{
- int j,len;
- j=X509_find_issuer(c);
-
- len=getalen(SEQ,c->val,j);
- if (len<0) return 0;
- j+=skip(len)+len; // skip issuer
-
- return j;
-}
-
-// Find index to subject in cert
-int X509_find_subject(octet *c)
-{
- int j,len;
- j=X509_find_validity(c);
-
- len=getalen(SEQ,c->val,j);
- if (len<0) return 0;
- j+=skip(len)+len; // skip validity
-
- return j;
-}
-
-// NOTE: When extracting cert information, we actually return just an index to the data inside the cert, and maybe its length
-// So no memory is assigned to store cert info. It is the callers responsibility to allocate such memory if required, and copy
-// cert information into it.
-
-// Find entity property indicated by SOID, given start of issuer or subject field. Return index in cert, flen=length of field
-
-int X509_find_entity_property(octet *c,octet *SOID,int start,int *flen)
-{
- int i,j,k,fin,len,tlen;
- char foid[50]; /*****/
- octet FOID= {0,sizeof(foid),foid};
-
- j=start;
-
- tlen=getalen(SEQ,c->val,j);
- if (tlen<0) return 0;
- j+=skip(tlen);
-
- for (k=j; j<k+tlen;)
- {
- // search for Owner OID
- len=getalen(SET,c->val,j);
- if (len<0) return 0;
- j+=skip(len);
- len=getalen(SEQ,c->val,j);
- if (len<0) return 0;
- j+=skip(len);
- len=getalen(OID,c->val,j);
- if (len<0) return 0;
- j+=skip(len);
- fin=j+len; // extract OID
- FOID.len=len;
- for (i=0; j<fin; j++)
- FOID.val[i++]= c->val[j];
- len=getalen(ANY,c->val,j); // get text, could be any type
- if (len<0) return 0;
-
- j+=skip(len);
- if (OCT_comp(&FOID,SOID))
- {
- // if its the right one return
- *flen=len;
- return j;
- }
- j+=len; // skip over it
- }
- *flen=0; /*****/
- return 0;
-}
-
-// Find start date of certificate validity period
-int X509_find_start_date(octet *c,int start)
-{
- int j,len;
- j=start;
-
- len=getalen(SEQ,c->val,j);
- if (len<0) return 0;
- j+=skip(len);
-
- len=getalen(UTC,c->val,j);
- if (len<0) return 0;
- j+=skip(len);
- return j;
-}
-
-// Find expiry date of certificate validity period
-int X509_find_expiry_date(octet *c,int start)
-{
- int j,len;
- j=start;
-
- len=getalen(SEQ,c->val,j);
- if (len<0) return 0;
- j+=skip(len);
-
- len=getalen(UTC,c->val,j);
- if (len<0) return 0;
- j+=skip(len)+len;
-
- len=getalen(UTC,c->val,j);
- if (len<0) return 0;
- j+=skip(len);
-
- return j;
-}
-
-void print_out(char *des,octet *c,int index,int len)
-{
- int i;
- printf("%s [",des);
- for (i=0; i<len; i++)
- printf("%c",c->val[index+i]);
- printf("]\n");
-}
-
-void print_date(char *des,octet *c,int index)
-{
- int i=index;
- printf("%s [",des);
- if (i==0) printf("]\n");
- else printf("20%c%c-%c%c-%c%c %c%c:%c%c:%c%c]\n",c->val[i],c->val[i+1],c->val[i+2],c->val[i+3],c->val[i+4],c->val[i+5],c->val[i+6],c->val[i+7],c->val[i+8],c->val[i+9],c->val[i+10],c->val[i+11]);
-}
-
-
-#ifdef HAS_MAIN
-
-/* test driver program */
-// Sample Certs. Uncomment one CA cert and one example cert. Note that AMCL library must be built to support given curve.
-// Sample Certs all created using OpenSSL - see http://blog.didierstevens.com/2008/12/30/howto-make-your-own-cert-with-openssl/
-// Note - SSL currently only supports NIST curves. Howevever version 1.1.0 of OpenSSL now supports C25519
-
-#if CHOICE==C25519
-// ** CA is RSA 2048-bit based - for use with C25519 build of the library - assumes use of SHA256 in Certs
-
-char ca_b64[]="MIID6zCCAtOgAwIBAgIJALJxywTGMUA7MA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJJRTEQMA4GA1UECAwHSXJlbGFuZDEPMA0GA1UEBwwGRHVibGluMQ8wDQYDVQQKDAZNSVJBQ0wxDTALBgNVBAsMBGxhYnMxEzARBgNVBAMMCk1pa2UgU2NvdHQxJDAiBgkqhkiG9w0BCQEWFW1pa2Uuc2NvdHRAbWlyYWNsLmNvbTAeFw0xNjA2MzAxNzQyNDFaFw0yMTA2MzAxNzQyNDFaMIGLMQswCQYDVQQGEwJJRTEQMA4GA1UECAwHSXJlbGFuZDEPMA0GA1UEBwwGRHVibGluMQ8wDQYDVQQKDAZNSVJBQ0wxDTALBgNVBAsMBGxhYnMxEzARBgNVBAMMCk1pa2UgU2NvdHQxJDAiBgkqhkiG9w0BCQEWFW1pa2Uuc2NvdHRAbWlyYWNsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPCTPcPWgiI0ka5Czd0ZzW+gTaMEe9QW7FGu5+9fS6ALrCpdbxdwDX8+OQXZuQJpLYEAIq1pDh3fVQguH/jUM9gQQrS2Lmz3KhXC/J3yv85FRotCGv13ztapMedTy2IxzbtPvoQQc+IAlUPX6DtD8JqBoAstrlQUnkMChKztMGR2OERdjNzXmXm+KMMPlZzk+EvRwCornVA+SB5QAWj7y/3ISFo0y1WG8ewoQEx3HQYrjXbQP1VTdiLW7dHPQP86XKoTMtTBEYWuFhKB9ClCeu4Qqqxqa9UPIVfdro7SoZScCt+OX4KhzLnOCFupoLxE+yTDhDpYcCcmI1yglCv9DpMCAwEAAaNQME4wHQYDVR0OBBYEFFH18YEMoxms7121N/nQ+Wm3b5smMB8GA1UdIwQYMBaAFFH18YEMoxms7121N/nQ+Wm3b5smMAwGA1UdEwQFMAMBAf8wDQYJKo
ZIhvcNAQELBQADggEBALCUob0y2O4DSzsqG76yrtCxXWxDdgjSkHKzwFK62BzZK5EuCDJrVgCyoLX0SvYvoT9x0wtS+bxJ7TNEGn7Rkp5/iSQCUSF7sVRoHqzErk70xVKKDy5FS+zre8k08nJrtRg2u1PmY95NO1SE96BtUVLs+8rQuqEX283tqlmqE/SF2+lxOb0WaVrya4oCJfj/XT83pRTcd5w9i7huWltMbKbagkmlQ/5q9Ayp/Jh1lLXmxr+/xEbZ2xEop/y+mgVF0vLxap7R5toBA0Yk7vvirlYv0hZGqGi5lBc9VeUqm1H/7XCi5xRU3AtJ4QRk4Z1xUa4qAPKfiqlPKd1dVe3Ah3w=";
-
-// an ECC 255-bit CA-signed cert
-char cert_b64[]="MIICqjCCAZICCQCk9jKdJYtnjDANBgkqhkiG9w0BAQsFADCBizELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEPMA0GA1UECgwGTUlSQUNMMQ0wCwYDVQQLDARsYWJzMRMwEQYDVQQDDApNaWtlIFNjb3R0MSQwIgYJKoZIhvcNAQkBFhVtaWtlLnNjb3R0QG1pcmFjbC5jb20wHhcNMTYwNjMwMTc0NjQ4WhcNMTYwNzMwMTc0NjQ4WjCBjDELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEPMA0GA1UECgwGTUlSQUNMMQ0wCwYDVQQLDARsYWJzMRgwFgYDVQQDDA9LZWFsYW4gTWNDdXNrZXIxIDAeBgkqhkiG9w0BCQEWEWtlYWxhbkBtaXJhY2wuY29tMDkwFAYHKoZIzj0CAQYJKwYBBAHaRw8BAyEASiRQmhO9PP+SqodOhXYrnSlcyAOog63E6a4KLDFvAzEwDQYJKoZIhvcNAQELBQADggEBALByfCM/EhdqWBrEnDHtH2/U8xr1eSylHdcfnDSDR+X6KXH5rIJ/397lZQMHB6QSsEiVrWzfFDFPPjDN3xEDsZw09ZTT+L8Wi5P3UKR1gtawQCx3ciKEywAU1CU2dV05gvyebqIsbFUyH7jOlj6/1hIx9zaiLcoEex6D55MYQuWo664HF3CNdJFk1k4HF+fclRhyl4iryp0F9p0Wl5vyn96kg0NwaBZG860oCWDHZsjRq1JeSSaRf9CKNXWbQwjByeEcDphpprqmoVcI60cC0TvZZm1x4y7vjCXLD6uCDw3P7fnSp40yce64+IKUr8/cS+QYus58KHdLaLXsojZHL3c=";
-#endif
-
-#if CHOICE==NIST256
-
-// ** CA is RSA 2048-bit based - for use with NIST256 build of library - assumes use of SHA256 in Certs
-// RSA 2048 Self-Signed CA cert
-char ca_b64[]="MIIDuzCCAqOgAwIBAgIJAP44jcM1MOROMA0GCSqGSIb3DQEBCwUAMHQxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEfMB0GCSqGSIb3DQEJARYQbXNjb3R0QGluZGlnby5pZTAeFw0xNTExMjYwOTUwMzlaFw0yMDExMjUwOTUwMzlaMHQxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEfMB0GCSqGSIb3DQEJARYQbXNjb3R0QGluZGlnby5pZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANUs7/nri9J8zw8rW8JVszXP0ZqeLoQJaq2X28ebm8x5VT3okr9rnBjFjpx0YKQCAFQf8iSOOYuNpDvtZ/YpsjPbk2rg5sLY9G0eUMqrTuZ7moPSxnrXS5evizjD9Z9HqaqeNEYD3sPouPg+lhU1oAUQjUTJVFhEr1x0EnSEYbbrWtY9ZDSuZv+d4NIeqqPOYFd1yZc+LYZyQbAAQqwRLNPZH/rnIykLa6I7w7mGT7H6SBz2O09BtgpTHhalL40ecXa4ZOEze0xwzlc+mEFIrnmdadg3vQrJt42RVbo3LN6RfDIqUZOMOtQW/53pUR1lIpCwVWJTiOpmSEIEqhhjFq0CAwEAAaNQME4wHQYDVR0OBBYEFJrz6LHeT6FcjRahpUC3hAMxKRTCMB8GA1UdIwQYMBaAFJrz6LHeT6FcjRahpUC3hAMxKRTCMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADqkqCYVa3X8XO9Ufu6XIUoZafFPRjSeJXvEIWqlbm7ixJ
Z2FPOvf2eMc5RCZYigNKhsxru5Ojw0lPcpa8DDmEsdZDf7p0vlmf7T7xH9gtoInh4DzgI8HRHFc8R/z2/jLX7nlLoopKX5yp7F1gRACg0pd4tGpQ6EnBNcYZZghFH9UIRDmx+vDlwDCu8vyRPt35orrEiI4XGq/QkvxxAb5YWxQ4i06064ULfyCI7suu3KoobdM1aAaA8zhpOOBXKbq+Wi9IGFe/wiEMHLmfHdt9CBTjIWb//IHji4RT05kCmTVrx97pb7EHafuL3L10mM5cpTyBWKnb4kMFtx9yw+S2U=";
-// an RSA 2048 CA-signed cert
-//char cert_b64[]="MIIDcjCCAloCAQEwDQYJKoZIhvcNAQELBQAwdDELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMR8wHQYJKoZIhvcNAQkBFhBtc2NvdHRAaW5kaWdvLmllMB4XDTE1MTEyNjEwMzQzMFoXDTE3MTEyNTEwMzQzMFowgYkxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xETAPBgNVBAoMCENlcnRpVm94MQ0wCwYDVQQLDARMYWJzMQ0wCwYDVQQDDARNSUtFMSYwJAYJKoZIhvcNAQkBFhdtaWtlLnNjb3R0QGNlcnRpdm94LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIoxaQHFQzfyNChrw+3i7FjRFMHZ4zspkjkAcJW21LdBCqrxU+sdjyBoSFlrlafQOHshbrEP93AKX1bfaYbuV4fzq7OlRaLxaK+b+xrOJdewMI2WZ5OwEzj3onZATISogIoB6dTdzJ41NuxuMqQ/DqOnVrRA0SoIespbQhB8FGHBLw0hJATBzUk+bqOIt0HmnMp2EbYgtuG4lYINU/lD3Qt16SunUukWRLtxqJkioie+dkhP2zm+bOlSVmeQb4Wp8AI14OKkTfkdYC8qCxb5eabg90Q33rQUhNwRQHhHwopZwD/BgodasoSrPfwUlj0awh6y87eMGcik5Q/mjkCk5MCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAFrd7R/67ClkbLhpiX++6QTOa47siUAB9v+Qil9hZfhPNeeM589ixYkD4zH5pOK2B0ea+CXEKkanQ6lXx9KV86yS7fq6Yww7wO0diecusHd0+P82i46Tq0nm8nlsnAuhYoFRUGa2m2D
kB1HSsB0ts8DjzFLySonFjSSLHDU0ox9/uFbJMzipy3ijAA4XM0N4jRrUfrmxpA7DOOsbEbGkvvB7VK9+s9PHE/4dJTwhSteplUnhxVFkkDo/JwaLx4/IEQRlCF3KEQ5s3AwRHnbrIjOY2yONxHBtJEp7QN5aOHruwvMNRNheCBPiQJyLitUsFGr4voANmobkrFgYtu0tRMQ==";
-// an ECC 256 CA-signed cert
-char cert_b64[]="MIICojCCAYoCAQMwDQYJKoZIhvcNAQELBQAwdDELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMR8wHQYJKoZIhvcNAQkBFhBtc2NvdHRAaW5kaWdvLmllMB4XDTE1MTEyNjEzNDcyOVoXDTE3MTEyNTEzNDcyOVowgYQxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xETAPBgNVBAoMCENlcnRpdm94MQ0wCwYDVQQLDARMYWJzMQ8wDQYDVQQDDAZtc2NvdHQxHzAdBgkqhkiG9w0BCQEWEG1zY290dEBpbmRpZ28uaWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATO2iZiQZsXxzwBKnufKfZcsctNXZ4PmfJm638PmX9DQ3Xdb+nD5VxiOakNcB9xf5im8CriiOF5Z/7yPGyzUMbdMA0GCSqGSIb3DQEBCwUAA4IBAQAK5fMgGCCiPts8hMUZvYDpu8hd7qtPKPBc10QUccHb7PGrhqf/Ex2Gpj1aaURmx7SGZG0HX97LtkdW8KQpEoyaa60r7cjVA589TznxXKSGg5ggVoFJNpuZUm7VcolLjwIgTxtGbPzrvVMiZ4cl4PwFePXVKTl4f8XkOFX5gLmVSuCf729lEBmpx3IzqGmTjmnBixaApUElOKVeL7hiUKP3TqMUxZN+QNJBq4Mh9K9h4Sks2oneLwBwhMqQvpmcOb/7SucJn5N0IgJoGaMbfX0oCJJID1NSbagUSbFD1XciR2Ng9VtvnRP+htmEQ7jtww8phFdrWt5M5zPGOHUppqDx";
-
-// ** CA is ECC 256 based - for use with NIST256 build of library
-// ECC 256 Self-Signed CA cert
-//char ca_b64[]="MIIB7TCCAZOgAwIBAgIJANp4nGS/VYj2MAoGCCqGSM49BAMCMFMxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0xNTExMjYxMzI0MTBaFw0yMDExMjUxMzI0MTBaMFMxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPb6IjYNKyfbEtL1aafzW1jrn6ALn3PnGm7AyX+pcvwG0GKmb3Z/uHzhT4GysNE0/GB1n4Y/mrORQIm2X98rRs6jUDBOMB0GA1UdDgQWBBSfXUNkgJVklIhuXq4DCnVYhsdzwDAfBgNVHSMEGDAWgBSfXUNkgJVklIhuXq4DCnVYhsdzwDAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0gAMEUCIQDrZJ1tshwTl/jabU2i49EOgbWe0ZgE3QZywJclf5IVwwIgVmz79AAf7e098lyrOKYAqbwjHVyMZGfmkNNGIuIhp/Q=";
-// an ECC 256 CA-signed cert
-//char cert_b64[]="MIIBvjCCAWQCAQEwCgYIKoZIzj0EAwIwUzELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMB4XDTE1MTEyNjEzMjc1N1oXDTE3MTEyNTEzMjc1N1owgYIxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xETAPBgNVBAoMCENlcnRpdm94MQ0wCwYDVQQLDARMYWJzMQ0wCwYDVQQDDARtaWtlMR8wHQYJKoZIhvcNAQkBFhBtc2NvdHRAaW5kaWdvLmllMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEY42H52TfWMLueKB1o2Sq8uKaKErbHJ2GRAxrnJdNxex0hxZF5FUx7664BbPUolKhpvKTnJxDq5/gMqXzpKgR6DAKBggqhkjOPQQDAgNIADBFAiEA0ew08Xg32g7BwheslVKwXo9XRRx4kygYha1+cn0tvaUCIEKCEwnosZlAckjcZt8aHN5zslE9K9Y7XxTErTstthKc";
-// an RSA 2048 CA-signed cert
-//char cert_b64[]="MIICiDCCAi4CAQIwCgYIKoZIzj0EAwIwUzELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMB4XDTE1MTEyNjEzMzcwNVoXDTE3MTEyNTEzMzcwNVowgYExCzAJBgNVBAYTAklFMQ8wDQYDVQQIDAZJZWxhbmQxDzANBgNVBAcMBkR1YmxpbjERMA8GA1UECgwIQ2VydGl2b3gxDTALBgNVBAsMBExhYnMxDTALBgNVBAMMBE1pa2UxHzAdBgkqhkiG9w0BCQEWEG1zY290dEBpbmRpZ28uaWUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjPBVwmPg8Gwx0+8xekmomptA0BDwS7NUfBetqDqNMNyji0bSe8LAfpciU7NW/HWfUE1lndCqSDDwnMJmwC5e3GAl/Bus+a+z8ruEhWGbn95xrHXFkOawbRlXuS7UcEQCvPr8KQHhNsg4cyV7Hn527CPUl27n+WN8/pANo01cTN/dQaK87naU0Mid09vktlMKSN0zyJOnc5CsaTLs+vCRKJ9sUL3d4IQIA2y7gvrTe+iY/QI26nqhGpNWYyFkAdy9PdHUEnDI6JsfF7jFh37yG7XEgDDA3asp/oi1T1+ZoASj2boL++opdqCzDndeWwzDWAWuvJ9wULd80ti6x737ZAgMBAAEwCgYIKoZIzj0EAwIDSAAwRQIgCDwgl98+9moBo+etaLt8MvB/z5Ti6i9neRTZkvoFl7YCIQDq//M3OB757fepErRzIQo3aFAFYjOooi6WdSqP3XqGIg==";
-
-#endif
-
-#if CHOICE==NIST384
-
-// ** CA is RSA 3072-bit based - for use with NIST384 build of library - assumes use of SHA384 in Certs
-// RSA 3072 Self-Signed CA cert
-char ca_b64[]="MIIElzCCAv+gAwIBAgIJAJA+8OyEeK4FMA0GCSqGSIb3DQEBDAUAMGIxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDENMAsGA1UEAwwETWlrZTAeFw0xNTExMjYxNDQ0MDBaFw0yMDExMjUxNDQ0MDBaMGIxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDENMAsGA1UEAwwETWlrZTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANvNO8ahsanxzqwkp3A3bujwObJoP3xpOiAAxwGbW867wx4EqBjPRZP+Wcm9Du6e4Fx9U7tHrOLocIUUBcRrmxUJ7Z375hX0cV9yuoYPNv0o2klJhB8+i4YXddkOrSmDLV4r46Ytt1/gjImziat6ZJALdd/uIuhaXwjzy1fFqSEBpkzhrFwFP9MG+5CgbRQed+YxZ10l/rjk+h3LKq9UFsxRCMPYhBFgmEKAVTMnbTfNNxawTRCKtK7nxxruGvAEM+k0ge5rvybERQ0NxtizefBSsB3Q6QVZOsRJiyC0HQhE6ZBHn4h3A5nHUZwPeh71KShw3uMPPB3Kp1pb/1Euq8azyXSshEMPivvgcGJSlm2b/xqsyrT1tie82MqB0APYAtbx3i5q8p+rD143NiNO8fzCq/J+EV82rVyvqDxf7AaTdJqDbZmnFRbIcrLcQdigWZdSjc+WxrCeOtebRmRknuUmetsCUPVzGv71PLMUNQ2qEiq8KGWmnMBJYVMl96bPxwIDAQABo1AwTjAdBgNVHQ4EFgQUsSjrHeZ5TNI2tMcQd6wUnFpU8DcwHwYDVR0jBB
gwFoAUsSjrHeZ5TNI2tMcQd6wUnFpU8DcwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQwFAAOCAYEADlnC1gYIHpVf4uSuBpYNHMO324hhGajHNraHYQAoYc0bW4OcKi0732ib5CHDrV3LCxjxF4lxZVo61gatg5LnfJYldXc0vP0GQRcaqC6lXlLb8ZJ0O3oPgZkAqpzc+AQxYW1wFxbzX8EJU0stSwAuxkgs9bwg8tTxIhDutrcjQl3osnAqGDyM+7VAG5QLRMzxiZumyD7s/xBUOa+L6OKXf4QRr/SH/rPU8H+ENaNkv4PApSVzCgTBPOFBIzqEuO4hcQI0laUopsp2kK1w6wYB5oY/rR/O6lNNfB2WEtfdIhdbQru4cUE3boKerM8Mjd21RuerAuK4X8cbDudHIFsaopGSNuzZwPo/bu0OsmZkORxvdjahHJ0G3/6jM6nEDoIy6mXUCGOUOMhGQKCa8TYlZdPKz29QIxk6HA1wCA38MxUo/29Z7oYw27Mx3x8Gcr+UA4vc+oBN3IEzRmhRZKAYQ10MhYPx3NmYGZBDqHvT06oG5hysTCtlVzx0Tm+o01JQ";
-// an RSA 3072 CA-signed cert
-//char cert_b64[]="MIIEWzCCAsMCAQYwDQYJKoZIhvcNAQEMBQAwYjELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ0wCwYDVQQDDARNaWtlMB4XDTE1MTEyNjE0NDY0MloXDTE3MTEyNTE0NDY0MlowgYQxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xETAPBgNVBAoMCENlcnRpdm94MQ0wCwYDVQQLDARMYWJzMQ8wDQYDVQQDDAZtc2NvdHQxHzAdBgkqhkiG9w0BCQEWEG1zY290dEBpbmRpZ28uaWUwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQC6SrDiE4BpTEks1YpX209q8iH0dfvhGO8hi1rGYFYnz+eeiOvPdXiCdIPVPbGwxQGMEnZQV1X0KupYJw3LR2EsXhN4LZBxnQZmDvUXsTU+Ft/CKZUxVoXpNMxzwl70RC6XeUpPxvdPXa78AnfLL/DsOKsxCfNaKYZZ6G53L6Y69+HrCbyM7g2KrZ9/K/FXS1veMpRj9EbA6Mcdv1TUDNK2fTDV952AQO3kC3+PqywdVgPvntraAoQomrni+tcFW7UXe2Sk7DRcF/acBSuo2UtP3m9UWNL+8HOXvtRqmhns55Vj4DxKuPln759UBS7WZ11apCvC3BvCHR/k3WRf9PQWnW2cmT73/kEShvTRi8h7F9RWvYTEF1MuwSVy+l51q8O3rJU4XxnLm/YbtIGXZUf5Rqb0985zQkA+6rip/OSc8X5a3OV3kp38U7tXJ5sqBMg9RdIIz42cmiRLG5NYSj0/T6zjYEdwj3SYEBoPN/7UGSmhu8fdxS7JYPNpOsgeiu8CAwEAATANBgkqhkiG9w0BAQwFAAOCAY
EAyxxEg0hWLFuN2fiukX6vqzSDx5Ac8w1JI4W/bamRd7iDZfHQYqyPDZi9s07I2PcGbByj2oqoyGiIEBLbsljdIEF4D229h2kisn1gA9O+0IM44EgjhBTUoNDgC+SbfJrXlU2GZ1XI3OWjbK7+1wiv0NaBShbbiPgSdjQBP8S+9W7lyyIrZEM1J7maBdepie1BS//DUDmpQzEi0UlB1J+HmQpyZsnT97J9uIPKsK4t2/+iOiknl6iS4GzAQKMLqj2yIBRf/O44ZZ6UZIKLtI4PCVS/8H5Lrg3AC0kr4ZkPAXzefUiTwyLVkqYSxSSTvtb3BpgOxIbmA6juFid0rvUyjN4fuDQkxl3PZyQwIHjpz33HyKrmo4BZ8Dg4JT8LCsQgd0AaD3r0QOS5FdLhkb+rD8EMSsCoOCEtPI6lqLJCrGOQWj7zbcUdPOEsczWMI9hSfK3u/P9+gOUBUFkb0gBIn3WvNuHifIHpsZ5bzbR+SGtu5Tgc7CCCPyNgz1Beb247";
-// an ECC 384 CA-signed cert
-char cert_b64[]="MIIDCDCCAXACAQcwDQYJKoZIhvcNAQEMBQAwYjELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ0wCwYDVQQDDARNaWtlMB4XDTE1MTEyNjE1MzU1M1oXDTE3MTEyNTE1MzU1M1owYDELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEQMA4GA1UECgwHQ2VydGl2bzENMAsGA1UECwwETGFiczENMAsGA1UEAwwEbWlrZTB2MBAGByqGSM49AgEGBSuBBAAiA2IABJ1J+FT5mxxYEM4aYKM0CvZHmh8JFXzoBmzibabrvyTz79+1QOrR+6MEEsKtmJIYPJi+GsQ0PmjF2HmJncM1zeQh7DQYJf2Xc8p5Vjd8//6YREBVfN3UIyrl87MSucy+mjANBgkqhkiG9w0BAQwFAAOCAYEAmuwa64+K1qlCELpcnCyWwMhSb+Zsw0Hh6q/BfxalZhsX1UFEwE9nHoVJcokaEEYF4u4AYXU5rdysRHxYBfgMbohguTT7sJwCfve2JqpqvhQOkGDG1DB4Ho4y7NPPYB2+UMd7JMD0TOcHXdgQ8FtAE0ClD8VkW0gAC0lCrbQbynfLoUjIWqg3w2g79hvdZPgRt208nFiHuezynOaEFePoXl8CxHInsxAnMaJn2fEs5/QH67pwD65mPdNFsvlr0zdzYcceqEmEHpRAXFOQAJtffGjWAGGX/CsghLuqlpdCiTGA1B53XoXKJvArr/kHpTNMsU1NnkQIHZ5n4USCo4QgL6n9nwem7U2mYBYjmxPi5Y3JJnTZz4zUnv0bD0vSwoivnFZox9H6qTAkeIX1ojJ2ujxWHNOMvOFb6nU2gqNZj2vYcO38OIrK9gwM9lm4FF20YBuf
h+WOzQthrHJv0YuQt3NuDQEMkvz+23YvzZlr+e2XqDlMhyR01Kk0MXeLGGcv";
-
-// ** CA is ECC 384 based - - for use with NIST384 build of library - assumes use of SHA384 in Certs
-// ECC 384 Self-Signed CA Cert
-//char ca_b64[]="MIICSTCCAc6gAwIBAgIJAIwHpOFSZLXnMAoGCCqGSM49BAMDMGIxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDENMAsGA1UEAwwEbWlrZTAeFw0xNTExMjYxNTQ0NTlaFw0yMDExMjUxNTQ0NTlaMGIxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDENMAsGA1UEAwwEbWlrZTB2MBAGByqGSM49AgEGBSuBBAAiA2IABOEPMYBqzIn1hJAMZ0aEVxQ08gBF2aSfWtEJtmKj64014w7VfWdeFQSIMP9SjmhatFbAvxep8xgcwbeAobGTqCgUp+0EdFZR1ktKSND/S+UDU1YSNCFRvlNTJ6YmXUkW36NQME4wHQYDVR0OBBYEFDQxIZoKNniNuW91UMJ1KWEjs045MB8GA1UdIwQYMBaAFDQxIZoKNniNuW91UMJ1KWEjs045MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwMDaQAwZgIxANbml6sp5A92qQiCM/OtBf+TbXpSpIO83TuNP9V2lsphp0CEX3KwAuqBXB95m9/xWAIxAOXAT2LqieSbUh4fpxcdaeY01RoGtD2AQch1a6BuIugcQqTfqLcXy7D51R70R729sA==";
-// an ECC 384 CA-signed cert
-//char cert_b64[]="MIICCjCCAZACAQgwCgYIKoZIzj0EAwMwYjELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ0wCwYDVQQDDARtaWtlMB4XDTE1MTEyNjE1NTIxMFoXDTE3MTEyNTE1NTIxMFowgYIxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xETAPBgNVBAoMCENlcnRpdm94MQ0wCwYDVQQLDARMYWJzMQ0wCwYDVQQDDARtaWtlMR8wHQYJKoZIhvcNAQkBFhBtc2NvdHRAaW5kaWdvLmllMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEf2Qm6jH2U+vhAApsMqH9gzGCH8rk+mUwFSD3Uud4NiyPBqrJRC1eetVvr3cYb6ucDTa15km6QKvZZrsRW+Z4ZpryoEE6esmD4XPLrtrOtoxtxFNRhiMmT/M9zcrfMJC5MAoGCCqGSM49BAMDA2gAMGUCMF0x6PAvvnJR3riZdUPC4OWFC2K3eiz3QuLCdFOZVIqX7mkLftdS8BtzusXWMMgFCQIxALJNMKLs39P9wYQHu1C+v9ieltQr20C+WVYxqUvgL/KTdxd9dzc3wseZRDT1CydqOA==";
-// an RSA 3072 CA-signed cert
-//char cert_b64[]="MIIDFjCCAp4CAQkwCgYIKoZIzj0EAwMwYjELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ0wCwYDVQQDDARtaWtlMB4XDTE1MTEyNjE2MTYwNloXDTE3MTEyNTE2MTYwNlowYzELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjERMA8GA1UECgwIQ2VydGl2b3gxDTALBgNVBAsMBGxhYnMxDzANBgNVBAMMBmtlYWxhbjCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAK5QhVjR+UGt3ZWPSGicpviqaOhxXmmvOepdl5Seqr+Iweb3IuEDgtHGwrw/EEgWlKPfS/2LW9ncptdNbVQh7+2rojj7ZtedrAK5p7I9b22f2U3sSHIqjtTT0BjqzL0qEwy/ATqbf93Tcr3yT0Ygh3yzbvn4zodrWQZK8kkN3PQKkiHBCuIxo+8MlTs8d99dl1hbJ84MYZuPmhrkB4oLEAt8+srtL+a4Yd0wPhuCYrLjBnYkD9TlcWLWWh8/iwXiznrY8gQsXSveQNzQjcmHilZrTlTL2dnyI2v7BAXXHSwo6UeES0n064fnYTr3JB0GArMcty6RD3E7xr64HNzzTE2+8cDxufNvU0tq2Z72oZ9cAReHUL5P6mLfORI+AhtCHrXGJch/F07ZX9h8UFpzok8NK5++Q7lHKuezTYRRPlDL5hDB3BUpBwvILdqujcbNil04cuLRBNT/WgqRXEBRjlHLgZaLChFV2VSJ9Z1Uke2lfm5X2O0XPQLhjMSiuvr4HwIDAQABMAoGCCqGSM49BAMDA2YAMGMCLxHSQAYP2EsuIpR4TzDDSIlsw4BBsD7W0ZfH91v9J0j5UWQJD/
yNjMtyA2Qlkq/0AjB+SJQbLgycNJH5SnR/X5wx26/62ln9s0swUtlCYVtNzyEQ3YRHSZbmTbh16RUT7Ak=";
-
-#endif
-
-#if CHOICE==NIST521
-
-// ** CA is ECC 521 based - - for use with NIST521 build of library - assumes use of SHA512 in Certs
-// ECC 521 Self-Signed CA Cert
-char ca_b64[]="MIIC+TCCAlqgAwIBAgIJAKlppiHsRpY8MAoGCCqGSM49BAMEMIGUMQswCQYDVQQGEwJJRTEQMA4GA1UECAwHSXJlbGFuZDEPMA0GA1UEBwwGRHVibGluMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDTALBgNVBAsMBExhYnMxDzANBgNVBAMMBm1zY290dDEfMB0GCSqGSIb3DQEJARYQbXNjb3R0QGluZGlnby5pZTAeFw0xNTEyMDExMzE5MjZaFw0yMDExMzAxMzE5MjZaMIGUMQswCQYDVQQGEwJJRTEQMA4GA1UECAwHSXJlbGFuZDEPMA0GA1UEBwwGRHVibGluMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDTALBgNVBAsMBExhYnMxDzANBgNVBAMMBm1zY290dDEfMB0GCSqGSIb3DQEJARYQbXNjb3R0QGluZGlnby5pZTCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAKUj6Qa4Vr1vyango8XHlLIIEzY9IVppdpGUrMlNfo0Spu+AXGhnluwJTZXOYLi8jSIPEAL7vuwS5H6uPPIz1QWXALRETVYAQfK0pIfPHq+edTHVTXMcAUpdNla2d4LwYO7HpkSQFHd7aaDN3yVhSL2J0LBLgy0wGkEHuyK1O2r0xNu6o1AwTjAdBgNVHQ4EFgQU966PLshKffU/NRCivMmNq8RiRkAwHwYDVR0jBBgwFoAU966PLshKffU/NRCivMmNq8RiRkAwDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDBAOBjAAwgYgCQgHkLczeTWXq5BfY0bsTOSNU8bYy39OhiQ8wr5rlXY0zOg0fDyokueL4dhkXp8FjbIyUfQBY5OMxjtcn2p+cXU+6MwJCAci61REgxZvjpf1X8pGeSsOKa7GhfsfVnbQm+LQmjVmhMHbVRk
Q4h93CENN4MH/86XNozO9USh+ydTislAcXvCb0";
-// an ECC 521 CA-signed cert
-char cert_b64[]="MIICZjCCAccCAQMwCgYIKoZIzj0EAwQwgZQxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDENMAsGA1UECwwETGFiczEPMA0GA1UEAwwGbXNjb3R0MR8wHQYJKoZIhvcNAQkBFhBtc2NvdHRAaW5kaWdvLmllMB4XDTE1MTIwMTEzMjkxN1oXDTE3MTEzMDEzMjkxN1owYTELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjERMA8GA1UECgwIQ2VydGlWb3gxDTALBgNVBAsMBExhYnMxDTALBgNVBAMMBE1pa2UwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAAva/N4kP2LMSGJZ5tvULlfdNx2M/+xYeCrQkuFmY8sG+mdcUAaSx819fztn2jz1nfdTJnuj79AhfUOL8hlTW14BwErp3DnqWa7Y/rpSJP+AsnJ2bZg4yGUDfVy/Q0AQychSzJm2oGRfdliyBIc+2SoQJ/Rf0ZVKVJ5FfRbWUUiKqYUqjAKBggqhkjOPQQDBAOBjAAwgYgCQgFE1Y7d9aBdxpZqROtkdVNG8XBCTSlMX0fISWkSM8ZEiQfYf7YgXzLjk8wHnv04Mv6kmAuV0V1AHs2M0/753CYEfAJCAPZo801McsGe+3jYALrFFw9Wj7KQC/sFEJ7/I+PYyJtrlfTTqmV0IFKdJzjEsk7ic+Gd4Nbs6kIe1GyYbrcyC4wT";
-
-#endif
-
-char io[5000];
-octet IO= {0,sizeof(io),io};
-
-#define MAXMODBYTES 72
-#define MAXFFLEN 16
-
-char sig[MAXMODBYTES*MAXFFLEN];
-octet SIG= {0,sizeof(sig),sig};
-
-char r[MAXMODBYTES];
-octet R= {0,sizeof(r),r};
-
-char s[MAXMODBYTES];
-octet S= {0,sizeof(s),s};
-
-char cakey[MAXMODBYTES*MAXFFLEN];
-octet CAKEY= {0,sizeof(cakey),cakey};
-
-char certkey[MAXMODBYTES*MAXFFLEN];
-octet CERTKEY= {0,sizeof(certkey),certkey};
-
-char h[5000];
-octet H= {0,sizeof(h),h};
-
-char hh[5000];
-octet HH= {0,sizeof(hh),hh};
-
-char hp[RFS];
-octet HP= {0,sizeof(hp),hp};
-
-
-int main()
-{
- int res,len,sha;
- int c,ic;
- rsa_public_key PK;
- pktype st,ca,pt;
-
- printf("First check signature on self-signed cert and extract CA public key\n");
- OCT_frombase64(&IO,ca_b64);
- printf("CA Self-Signed Cert= \n");
- OCT_output(&IO);
- printf("\n");
-
- st=X509_extract_cert_sig(&IO,&SIG); // returns signature type
-
- if (st.type==0)
- {
- printf("Unable to extract cert signature\n");
- return 0;
- }
-
- if (st.type==ECC)
- {
- OCT_chop(&SIG,&S,SIG.len/2);
- OCT_copy(&R,&SIG);
- printf("ECC SIG= \n");
- OCT_output(&R);
- OCT_output(&S);
- printf("\n");
- }
-
- if (st.type==RSA)
- {
- printf("RSA SIG= \n");
- OCT_output(&SIG);
- printf("\n");
- }
-
- if (st.hash==H256) printf("Hashed with SHA256\n");
- if (st.hash==H384) printf("Hashed with SHA384\n");
- if (st.hash==H512) printf("Hashed with SHA512\n");
-
-// Extract Cert from signed Cert
-
- c=X509_extract_cert(&IO,&H);
-
- printf("\nCert= \n");
- OCT_output(&H);
- printf("\n");
-
-// show some details
- printf("Issuer Details\n");
- ic=X509_find_issuer(&H);
- c=X509_find_entity_property(&H,&ON,ic,&len);
- print_out("owner=",&H,c,len);
- c=X509_find_entity_property(&H,&CN,ic,&len);
- print_out("country=",&H,c,len);
- c=X509_find_entity_property(&H,&EN,ic,&len);
- print_out("email=",&H,c,len);
- printf("\n");
-
- ca=X509_extract_public_key(&H,&CAKEY);
-
- if (ca.type==0)
- {
- printf("Not supported by library\n");
- return 0;
- }
- if (ca.type!=st.type)
- {
- printf("Not self-signed\n");
- }
-
- if (ca.type==ECC)
- {
- printf("EXTRACTED ECC PUBLIC KEY= \n");
- OCT_output(&CAKEY);
- }
- if (ca.type==RSA)
- {
- printf("EXTRACTED RSA PUBLIC KEY= \n");
- OCT_output(&CAKEY);
- }
- printf("\n");
-
-// Cert is self-signed - so check signature
-
- printf("Checking Self-Signed Signature\n");
- if (ca.type==ECC)
- {
- if (ca.curve!=CHOICE)
- {
- printf("Curve is not supported\n");
- return 0;
- }
- res=ECP_PUBLIC_KEY_VALIDATE(1,&CAKEY);
- if (res!=0)
- {
- printf("ECP Public Key is invalid!\n");
- return 0;
- }
- else printf("ECP Public Key is Valid\n");
-
- sha=0;
-
- if (st.hash==H256) sha=SHA256;
- if (st.hash==H384) sha=SHA384;
- if (st.hash==H512) sha=SHA512;
- if (st.hash==0)
- {
- printf("Hash Function not supported\n");
- return 0;
- }
-
- if (ECPVP_DSA(sha,&CAKEY,&H,&R,&S)!=0)
- {
- printf("***ECDSA Verification Failed\n");
- return 0;
- }
- else
- printf("ECDSA Signature/Verification succeeded \n");
- }
-
- if (ca.type==RSA)
- {
- PK.e=65537; // assuming this!
- FF_fromOctet(PK.n,&CAKEY,FFLEN);
-
- sha=0;
-
- if (st.hash==H256) sha=SHA256;
- if (st.hash==H384) sha=SHA384;
- if (st.hash==H512) sha=SHA512;
- if (st.hash==0)
- {
- printf("Hash Function not supported\n");
- return 0;
- }
- PKCS15(sha,&H,&HP);
-
- RSA_ENCRYPT(&PK,&SIG,&HH);
-
- if (OCT_comp(&HP,&HH))
- printf("RSA Signature/Verification succeeded \n");
- else
- {
- printf("***RSA Verification Failed\n");
- return 0;
- }
- }
-
- printf("\nNext check CA signature on cert, and extract public key\n");
-
- OCT_frombase64(&IO,cert_b64);
- printf("Example Cert= \n");
- OCT_output(&IO);
- printf("\n");
-
- st=X509_extract_cert_sig(&IO,&SIG);
-
- if (st.type==0)
- {
- printf("Unable to check cert signature\n");
- return 0;
- }
-
- if (st.type==ECC)
- {
- OCT_chop(&SIG,&S,SIG.len/2);
- OCT_copy(&R,&SIG);
- printf("SIG= \n");
- OCT_output(&R);
-
- OCT_output(&S);
-
- printf("\n");
- }
-
- if (st.type==RSA)
- {
- printf("SIG= \n");
- OCT_output(&SIG);
- printf("\n");
- }
-
- c=X509_extract_cert(&IO,&H);
-
- printf("Cert= \n");
- OCT_output(&H);
- printf("\n");
-
- printf("Subject Details\n");
- ic=X509_find_subject(&H);
- c=X509_find_entity_property(&H,&ON,ic,&len);
- print_out("owner=",&H,c,len);
- c=X509_find_entity_property(&H,&CN,ic,&len);
- print_out("country=",&H,c,len);
- c=X509_find_entity_property(&H,&EN,ic,&len);
- print_out("email=",&H,c,len);
- printf("\n");
-
- ic=X509_find_validity(&H);
- c=X509_find_start_date(&H,ic);
- print_date("start date= ",&H,c);
- c=X509_find_expiry_date(&H,ic);
- print_date("expiry date=",&H,c);
- printf("\n");
-
- pt=X509_extract_public_key(&H,&CERTKEY);
-
- if (pt.type==0)
- {
- printf("Not supported by library\n");
- return 0;
- }
-
- if (pt.type==ECC)
- {
- printf("EXTRACTED ECC PUBLIC KEY= \n");
- OCT_output(&CERTKEY);
- }
- if (pt.type==RSA)
- {
- printf("EXTRACTED RSA PUBLIC KEY= \n");
- OCT_output(&CERTKEY);
- }
-
- printf("\n");
-
- /* Check CA signature */
-
- if (ca.type==ECC)
- {
- printf("Checking CA's ECC Signature on Cert\n");
- res=ECP_PUBLIC_KEY_VALIDATE(1,&CAKEY);
- if (res!=0)
- printf("ECP Public Key is invalid!\n");
- else printf("ECP Public Key is Valid\n");
-
- sha=0;
-
- if (st.hash==H256) sha=SHA256;
- if (st.hash==H384) sha=SHA384;
- if (st.hash==H512) sha=SHA512;
- if (st.hash==0)
- {
- printf("Hash Function not supported\n");
- return 0;
- }
-
- if (ECPVP_DSA(sha,&CAKEY,&H,&R,&S)!=0)
- printf("***ECDSA Verification Failed\n");
- else
- printf("ECDSA Signature/Verification succeeded \n");
- }
-
- if (ca.type==RSA)
- {
- printf("Checking CA's RSA Signature on Cert\n");
- PK.e=65537; // assuming this!
- FF_fromOctet(PK.n,&CAKEY,FFLEN);
-
- sha=0;
-
- if (st.hash==H256) sha=SHA256;
- if (st.hash==H384) sha=SHA384;
- if (st.hash==H512) sha=SHA512;
- if (st.hash==0)
- {
- printf("Hash Function not supported\n");
- return 0;
- }
- PKCS15(sha,&H,&HP);
-
- RSA_ENCRYPT(&PK,&SIG,&HH);
-
- if (OCT_comp(&HP,&HH))
- printf("RSA Signature/Verification succeeded \n");
- else
- printf("***RSA Verification Failed\n");
-
- }
-
- return 0;
-}
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/x509.h
----------------------------------------------------------------------
diff --git a/version22/c/x509.h b/version22/c/x509.h
deleted file mode 100644
index b0f0941..0000000
--- a/version22/c/x509.h
+++ /dev/null
@@ -1,113 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL x509 header file */
-
-/**
- * @file x509.h
- * @author Mike Scott and Kealan McCusker
- * @date 19th May 2015
- * @brief X509 function Header File
- *
- * defines structures
- * declares functions
- *
- */
-
-#ifndef X509_H
-#define X509_H
-
-/**
- * @brief Public key type
- */
-typedef struct
-{
- int type; /**< signature type (ECC or RSA) */
- int hash; /**< hash type */
- int curve; /**< elliptic curve used */
-} pktype;
-
-
-/* X.509 functions */
-/** @brief Extract certificate signature
- *
- @param c an X.509 certificate
- @param s the extracted signature
- @return 0 on failure, or indicator of signature type (ECC or RSA)
-
-*/
-extern pktype X509_extract_cert_sig(octet *c,octet *s);
-/** @brief
- *
- @param sc a signed certificate
- @param c the extracted certificate
- @return 0 on failure
-*/
-extern int X509_extract_cert(octet *sc,octet *c);
-/** @brief
- *
- @param c an X.509 certificate
- @param k the extracted key
- @return 0 on failure, or indicator of public key type (ECC or RSA)
-*/
-extern pktype X509_extract_public_key(octet *c,octet *k);
-/** @brief
- *
- @param c an X.509 certificate
- @return 0 on failure, or pointer to issuer field in cert
-*/
-extern int X509_find_issuer(octet *c);
-/** @brief
- *
- @param c an X.509 certificate
- @return 0 on failure, or pointer to validity field in cert
-*/
-extern int X509_find_validity(octet *c);
-/** @brief
- *
- @param c an X.509 certificate
- @return 0 on failure, or pointer to subject field in cert
-*/
-extern int X509_find_subject(octet *c);
-/** @brief
- *
- @param c an X.509 certificate
- @param S is OID of property we are looking for
- @param s is a pointer to the section of interest in the cert
- @param f is pointer to the length of the property
- @return 0 on failure, or pointer to the property
-*/
-extern int X509_find_entity_property(octet *c,octet *S,int s,int *f);
-/** @brief
- *
- @param c an X.509 certificate
- @param s is a pointer to the start of the validity field
- @return 0 on failure, or pointer to the start date
-*/
-extern int X509_find_start_date(octet *c,int s);
-/** @brief
- *
- @param c an X.509 certificate
- @param s is a pointer to the start of the validity field
- @return 0 on failure, or pointer to the expiry date
-*/
-extern int X509_find_expiry_date(octet *c,int s);
-
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/check.cpp
----------------------------------------------------------------------
diff --git a/version22/check.cpp b/version22/check.cpp
deleted file mode 100644
index f0a31d9..0000000
--- a/version22/check.cpp
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Utility to recommend best choice for BASEBITS
-
-(MINGW build)
-
-g++ -O2 check.cpp big.cpp miracl.a -o check.exe */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "big.h"
-
-using namespace std;
-
-Miracl precision=20;
-
-int main(int argc, char *argv[])
-{
- int p,w,b,n,s,t,e,ex;
- Big lhs,rhs;
-
- argc--; argv++;
-
- if (argc!=2)
- {
- printf("Bad arguments\n");
- printf("check wordlength modulus-length\n");
- printf("Wordlength can be 16, 32 or 64 (or 26 for Javascript)\n");
- printf("Example:\n");
- printf("check 32 256\n");
- printf("Outputs choices for BASEBITS, number of words per Big, and number of spare bits\n");
- printf("Normally choose for minimum words per Big, and maximum spare bits\n");
- printf("(But >= 12 spare bits is enough, and tidier if BASEBITS =0 mod 4) \n");
- exit(0);
- }
-
- n=atoi(argv[0]);
- p=atoi(argv[1]); // Number of bits in prime modulus
-
- if (n!=16 && n!=26 && n!=32 && n!=64)
- {
- printf("wordlength must be 16, 32 or 64\n");
- return 0;
- }
-
- rhs=pow((Big)2,2*n-1);
- e=3; // need at least 3 bits to allow adds and subtracts without normalisation
- if (n==26)
- {
- rhs*=2; // no sign bit to worry about in Javascript
- e=1; // not an issue for Javascript
- }
-
- for (b=n-e;b>=n-8;b--)
- {
- if (n==64 && b%2!=0) continue; // insist on even values for 64-bit builds
- w=p/b; if (p%b!=0) w++;
- s=w*b-p;
-
- lhs=(w+2)*pow((Big)2,2*b); // sum of products plus carry plus one for redc
-
- if (lhs>=rhs) {printf("Stability violation for BASEBITS= %d\n",b); continue;}
- ex=1;
- while (lhs<rhs)
- {
- ex*=2; lhs*=2;
- }
- ex/=2;
-
-
-// Top bits of Modulus must appear in top word of representation. Also at least 4 bits spare needed for field excess.
- if (s<4 || s>=b) {printf("Not enough Fp spare for BASEBITS= %d\n",b); continue;}
-// At least 2 spare bits needed for FF excess
- t=b*(1+(p-1)/b) - 8*(1+(p-1)/8);
- if (t<2 || t>=b) {printf("Not enough FF spare for BASEBITS= %d\n",b);}
-
- printf("Solution for BASEBITS= %d, Words Per Big=%d, Fp spare bits= %d, FF spare bits= %d (%d)\n",b,w,s,t,ex);
- //break;
- }
-
- return 0;
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/cs/readme.txt
----------------------------------------------------------------------
diff --git a/version22/cs/readme.txt b/version22/cs/readme.txt
deleted file mode 100644
index de1039d..0000000
--- a/version22/cs/readme.txt
+++ /dev/null
@@ -1,36 +0,0 @@
-AMCL is very simple to build for C#.
-
-NOTE: The C# code is automatically generated from the Java code using
-the Java to C# Converter from Tangible Software Solutions. We noted a few minor
-fix-ups that were required when we tried the current version of the Converter.
-
-
-** In HASH384.cs and HASH512.cs change long to ulong. Remove castes in S() and R(). Add (ulong) caste
-in process()
-** Comment out debug "main" programs in files other than Test***.cs
-** In BIG.cs function mod() change "checked" to "unchecked"
-** In BIG.cs in modmul() change BIG.mod(m);BIG.mod(m) to a.mod(m);b.mod(m). Same in modsqr() and modneg()
-** In BIG.cs in jacobi() change BIG.mod(p) to x.mod(p) and BIG.mod(m) to t.mod(m)
-** In TestMPIN.java change line Scanner ...; pin=scan.next(); to pin = int.Parse(Console.ReadLine());
-
-
-Three example API files will be generated, MPIN.cs which
-supports our M-Pin (tm) protocol, ECDH.cs which supports elliptic
-curve key exchange, digital signature and public key crypto, and RSA.cs
-which supports the RSA method.
-
-In the ROM.cs file you must provide the curve constants for the curve you want to use.
-Several examples are provided in the Java code, if you are willing to convert and use one of these.
-
-When the translation is complete, for a quick jumpstart:-
-
-csc TestMPIN.cs MPIN.cs FP.cs BIG.cs DBIG.cs AES.cs HASH256.cs HASH384.cs HASH512.cs RAND.cs ROM.cs StringHelperClass.cs ECP.cs FP2.cs ECP2.cs FP4.cs FP12.cs PAIR.cs RectangularArrays.cs
-
-or
-
-csc TestECDH.cs ECDH.cs FP.cs BIG.cs DBIG.cs AES.cs HASH256.cs HASH384.cs HASH512.cs RAND.cs ROM.cs StringHelperClass.cs ECP.cs
-
-or
-
-csc TestRSA.cs RSA.cs FF.cs BIG.cs DBIG.cs HASH256.cs HASH384.cs HASH512.cs RAND.cs ROM.cs StringHelperClass.cs
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/ecgen.cpp
----------------------------------------------------------------------
diff --git a/version22/ecgen.cpp b/version22/ecgen.cpp
deleted file mode 100644
index 8abf112..0000000
--- a/version22/ecgen.cpp
+++ /dev/null
@@ -1,125 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* ECGEN - Helper MIRACL program to generate constants for EC curves
-
-(MINGW build)
-
-g++ -O3 ecgen.cpp ecn.cpp big.cpp miracl.a -o ecgen.exe
-
-
-*/
-
-#include <iostream>
-#include "big.h"
-#include "zzn2.h"
-#include "ecn2.h"
-
-using namespace std;
-
-Miracl precision(20,0);
-
-Big output(int chunk,int w,Big t,Big m)
-{
- Big last,y=t;
-
- cout << "{";
- for (int i=0;i<w;i++)
- {
- last=y%m;
- cout << "0x" << last;
- y/=m;
- if (i==w-1) break;
- if (chunk==64) cout << "L,";
- else cout << ",";
- }
-
- if (chunk==64) cout << "L}";
- else cout << "}";
- return last;
-}
-
-#define NOT_SPECIAL 0
-#define PSEUDO_MERSENNE 1
-#define GENERALISED_MERSENNE 2
-#define MONTGOMERY_FRIENDLY 3
-
-#define WEIERSTRASS 0
-#define EDWARDS 1
-#define MONTGOMERY 2
-
-/*** Set Modulus and Curve Type Here ***/
-
-/* Fill in this bit.... */
-
-#define CHUNK 64 /* processor word size */
-#define MBITS 336 /* Modulus size in bits */
-
-/* This next from output of check.cpp program */
-#define BASEBITS 60
-
-#define WORDS (1+((MBITS-1)/BASEBITS))
-#define MODTYPE PSEUDO_MERSENNE
-#define CURVETYPE EDWARDS
-#define CURVE_A 1 // like A parameter in CURVE: y^2=x^3+Ax+B
-
-/* .....to here */
-
-
-int main()
-{
- miracl *mip=&precision;
- Big p,q,R,B;
- Big m,x,y,w,t,c,n,r,a,b,gx,gy,D,C,MC;
- int i,A;
-
-
-/* Fill in this bit... */
-
- p=pow((Big)2,MBITS)-3; // Modulus
- mip->IOBASE=16;
- r=(char *)"200000000000000000000000000000000000000000071415FA9850C0BD6B87F93BAA7B2F95973E9FA805"; // Group Order
- B=11111; // B parameter of elliptic curve
- gx=(char *)"C"; // generator point
- gy=(char *)"C0DC616B56502E18E1C161D007853D1B14B46C3811C7EF435B6DB5D5650CA0365DB12BEC68505FE8632";
-
-/* .....to here */
-
- cout << "MOD8 = " << p%8 << endl;
-
- m=pow((Big)2,BASEBITS);
-
- cout << "Modulus="; MC=output(CHUNK,WORDS,p,m); cout << ";" << endl;
-
-#if MODTYPE==NOT_SPECIAL
- cout << "MConst=0x" << inverse(m-p%m,m) << ";" << endl;
-#endif
-#if MODTYPE==MONTGOMERY_FRIENDLY
- cout << "MConst=0x" << MC+1 << ";" << endl;
-#endif
-#if MODTYPE==PSEUDO_MERSENNE
- cout << "MConst=0x" << pow((Big)2,MBITS)-p << ";" << endl;
-#endif
-
- cout << "Order="; output(CHUNK,WORDS,r,m); cout << ";" << endl;
- cout << "CURVE_B="; output(CHUNK,WORDS,B,m); cout << ";" << endl;
- cout << "CURVE_Gx="; output(CHUNK,WORDS,gx,m); cout << ";" << endl;
- cout << "CURVE_Gy="; output(CHUNK,WORDS,gy,m); cout << ";" << endl;
-
-}
[50/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/aes.c
----------------------------------------------------------------------
diff --git a/version22/c/aes.c b/version22/c/aes.c
deleted file mode 100644
index f876c51..0000000
--- a/version22/c/aes.c
+++ /dev/null
@@ -1,702 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-
-/*
- * Implementation of the NIST Advanced Ecryption Standard
- *
- * SU=m, SU is Stack Usage
- */
-
-#include <stdlib.h>
-#include "arch.h"
-#include "amcl.h"
-
-/* this is fixed */
-#define NB 4
-
-/* Rotates 32-bit word left by 1, 2 or 3 byte */
-
-#define ROTL8(x) (((x)<<8)|((x)>>24))
-#define ROTL16(x) (((x)<<16)|((x)>>16))
-#define ROTL24(x) (((x)<<24)|((x)>>8))
-
-static const uchar InCo[4]= {0xB,0xD,0x9,0xE}; /* Inverse Coefficients */
-
-static const uchar ptab[]=
-{
- 1,3,5,15,17,51,85,255,26,46,114,150,161,248,19,53,
- 95,225,56,72,216,115,149,164,247,2,6,10,30,34,102,170,
- 229,52,92,228,55,89,235,38,106,190,217,112,144,171,230,49,
- 83,245,4,12,20,60,68,204,79,209,104,184,211,110,178,205,
- 76,212,103,169,224,59,77,215,98,166,241,8,24,40,120,136,
- 131,158,185,208,107,189,220,127,129,152,179,206,73,219,118,154,
- 181,196,87,249,16,48,80,240,11,29,39,105,187,214,97,163,
- 254,25,43,125,135,146,173,236,47,113,147,174,233,32,96,160,
- 251,22,58,78,210,109,183,194,93,231,50,86,250,21,63,65,
- 195,94,226,61,71,201,64,192,91,237,44,116,156,191,218,117,
- 159,186,213,100,172,239,42,126,130,157,188,223,122,142,137,128,
- 155,182,193,88,232,35,101,175,234,37,111,177,200,67,197,84,
- 252,31,33,99,165,244,7,9,27,45,119,153,176,203,70,202,
- 69,207,74,222,121,139,134,145,168,227,62,66,198,81,243,14,
- 18,54,90,238,41,123,141,140,143,138,133,148,167,242,13,23,
- 57,75,221,124,132,151,162,253,28,36,108,180,199,82,246,1
-};
-
-static const uchar ltab[]=
-{
- 0,255,25,1,50,2,26,198,75,199,27,104,51,238,223,3,
- 100,4,224,14,52,141,129,239,76,113,8,200,248,105,28,193,
- 125,194,29,181,249,185,39,106,77,228,166,114,154,201,9,120,
- 101,47,138,5,33,15,225,36,18,240,130,69,53,147,218,142,
- 150,143,219,189,54,208,206,148,19,92,210,241,64,70,131,56,
- 102,221,253,48,191,6,139,98,179,37,226,152,34,136,145,16,
- 126,110,72,195,163,182,30,66,58,107,40,84,250,133,61,186,
- 43,121,10,21,155,159,94,202,78,212,172,229,243,115,167,87,
- 175,88,168,80,244,234,214,116,79,174,233,213,231,230,173,232,
- 44,215,117,122,235,22,11,245,89,203,95,176,156,169,81,160,
- 127,12,246,111,23,196,73,236,216,67,31,45,164,118,123,183,
- 204,187,62,90,251,96,177,134,59,82,161,108,170,85,41,157,
- 151,178,135,144,97,190,220,252,188,149,207,205,55,63,91,209,
- 83,57,132,60,65,162,109,71,20,42,158,93,86,242,211,171,
- 68,17,146,217,35,32,46,137,180,124,184,38,119,153,227,165,
- 103,74,237,222,197,49,254,24,13,99,140,128,192,247,112,7
-};
-
-static const uchar fbsub[]=
-{
- 99,124,119,123,242,107,111,197,48,1,103,43,254,215,171,118,
- 202,130,201,125,250,89,71,240,173,212,162,175,156,164,114,192,
- 183,253,147,38,54,63,247,204,52,165,229,241,113,216,49,21,
- 4,199,35,195,24,150,5,154,7,18,128,226,235,39,178,117,
- 9,131,44,26,27,110,90,160,82,59,214,179,41,227,47,132,
- 83,209,0,237,32,252,177,91,106,203,190,57,74,76,88,207,
- 208,239,170,251,67,77,51,133,69,249,2,127,80,60,159,168,
- 81,163,64,143,146,157,56,245,188,182,218,33,16,255,243,210,
- 205,12,19,236,95,151,68,23,196,167,126,61,100,93,25,115,
- 96,129,79,220,34,42,144,136,70,238,184,20,222,94,11,219,
- 224,50,58,10,73,6,36,92,194,211,172,98,145,149,228,121,
- 231,200,55,109,141,213,78,169,108,86,244,234,101,122,174,8,
- 186,120,37,46,28,166,180,198,232,221,116,31,75,189,139,138,
- 112,62,181,102,72,3,246,14,97,53,87,185,134,193,29,158,
- 225,248,152,17,105,217,142,148,155,30,135,233,206,85,40,223,
- 140,161,137,13,191,230,66,104,65,153,45,15,176,84,187,22
-};
-
-static const uchar rbsub[]=
-{
- 82,9,106,213,48,54,165,56,191,64,163,158,129,243,215,251,
- 124,227,57,130,155,47,255,135,52,142,67,68,196,222,233,203,
- 84,123,148,50,166,194,35,61,238,76,149,11,66,250,195,78,
- 8,46,161,102,40,217,36,178,118,91,162,73,109,139,209,37,
- 114,248,246,100,134,104,152,22,212,164,92,204,93,101,182,146,
- 108,112,72,80,253,237,185,218,94,21,70,87,167,141,157,132,
- 144,216,171,0,140,188,211,10,247,228,88,5,184,179,69,6,
- 208,44,30,143,202,63,15,2,193,175,189,3,1,19,138,107,
- 58,145,17,65,79,103,220,234,151,242,207,206,240,180,230,115,
- 150,172,116,34,231,173,53,133,226,249,55,232,28,117,223,110,
- 71,241,26,113,29,41,197,137,111,183,98,14,170,24,190,27,
- 252,86,62,75,198,210,121,32,154,219,192,254,120,205,90,244,
- 31,221,168,51,136,7,199,49,177,18,16,89,39,128,236,95,
- 96,81,127,169,25,181,74,13,45,229,122,159,147,201,156,239,
- 160,224,59,77,174,42,245,176,200,235,187,60,131,83,153,97,
- 23,43,4,126,186,119,214,38,225,105,20,99,85,33,12,125
-};
-
-static const unsign32 rco[]=
-{1,2,4,8,16,32,64,128,27,54,108,216,171,77,154,47};
-
-static const unsign32 ftable[]=
-{
- 0xa56363c6,0x847c7cf8,0x997777ee,0x8d7b7bf6,0xdf2f2ff,0xbd6b6bd6,
- 0xb16f6fde,0x54c5c591,0x50303060,0x3010102,0xa96767ce,0x7d2b2b56,
- 0x19fefee7,0x62d7d7b5,0xe6abab4d,0x9a7676ec,0x45caca8f,0x9d82821f,
- 0x40c9c989,0x877d7dfa,0x15fafaef,0xeb5959b2,0xc947478e,0xbf0f0fb,
- 0xecadad41,0x67d4d4b3,0xfda2a25f,0xeaafaf45,0xbf9c9c23,0xf7a4a453,
- 0x967272e4,0x5bc0c09b,0xc2b7b775,0x1cfdfde1,0xae93933d,0x6a26264c,
- 0x5a36366c,0x413f3f7e,0x2f7f7f5,0x4fcccc83,0x5c343468,0xf4a5a551,
- 0x34e5e5d1,0x8f1f1f9,0x937171e2,0x73d8d8ab,0x53313162,0x3f15152a,
- 0xc040408,0x52c7c795,0x65232346,0x5ec3c39d,0x28181830,0xa1969637,
- 0xf05050a,0xb59a9a2f,0x907070e,0x36121224,0x9b80801b,0x3de2e2df,
- 0x26ebebcd,0x6927274e,0xcdb2b27f,0x9f7575ea,0x1b090912,0x9e83831d,
- 0x742c2c58,0x2e1a1a34,0x2d1b1b36,0xb26e6edc,0xee5a5ab4,0xfba0a05b,
- 0xf65252a4,0x4d3b3b76,0x61d6d6b7,0xceb3b37d,0x7b292952,0x3ee3e3dd,
- 0x712f2f5e,0x97848413,0xf55353a6,0x68d1d1b9,0x0,0x2cededc1,
- 0x60202040,0x1ffcfce3,0xc8b1b179,0xed5b5bb6,0xbe6a6ad4,0x46cbcb8d,
- 0xd9bebe67,0x4b393972,0xde4a4a94,0xd44c4c98,0xe85858b0,0x4acfcf85,
- 0x6bd0d0bb,0x2aefefc5,0xe5aaaa4f,0x16fbfbed,0xc5434386,0xd74d4d9a,
- 0x55333366,0x94858511,0xcf45458a,0x10f9f9e9,0x6020204,0x817f7ffe,
- 0xf05050a0,0x443c3c78,0xba9f9f25,0xe3a8a84b,0xf35151a2,0xfea3a35d,
- 0xc0404080,0x8a8f8f05,0xad92923f,0xbc9d9d21,0x48383870,0x4f5f5f1,
- 0xdfbcbc63,0xc1b6b677,0x75dadaaf,0x63212142,0x30101020,0x1affffe5,
- 0xef3f3fd,0x6dd2d2bf,0x4ccdcd81,0x140c0c18,0x35131326,0x2fececc3,
- 0xe15f5fbe,0xa2979735,0xcc444488,0x3917172e,0x57c4c493,0xf2a7a755,
- 0x827e7efc,0x473d3d7a,0xac6464c8,0xe75d5dba,0x2b191932,0x957373e6,
- 0xa06060c0,0x98818119,0xd14f4f9e,0x7fdcdca3,0x66222244,0x7e2a2a54,
- 0xab90903b,0x8388880b,0xca46468c,0x29eeeec7,0xd3b8b86b,0x3c141428,
- 0x79dedea7,0xe25e5ebc,0x1d0b0b16,0x76dbdbad,0x3be0e0db,0x56323264,
- 0x4e3a3a74,0x1e0a0a14,0xdb494992,0xa06060c,0x6c242448,0xe45c5cb8,
- 0x5dc2c29f,0x6ed3d3bd,0xefacac43,0xa66262c4,0xa8919139,0xa4959531,
- 0x37e4e4d3,0x8b7979f2,0x32e7e7d5,0x43c8c88b,0x5937376e,0xb76d6dda,
- 0x8c8d8d01,0x64d5d5b1,0xd24e4e9c,0xe0a9a949,0xb46c6cd8,0xfa5656ac,
- 0x7f4f4f3,0x25eaeacf,0xaf6565ca,0x8e7a7af4,0xe9aeae47,0x18080810,
- 0xd5baba6f,0x887878f0,0x6f25254a,0x722e2e5c,0x241c1c38,0xf1a6a657,
- 0xc7b4b473,0x51c6c697,0x23e8e8cb,0x7cdddda1,0x9c7474e8,0x211f1f3e,
- 0xdd4b4b96,0xdcbdbd61,0x868b8b0d,0x858a8a0f,0x907070e0,0x423e3e7c,
- 0xc4b5b571,0xaa6666cc,0xd8484890,0x5030306,0x1f6f6f7,0x120e0e1c,
- 0xa36161c2,0x5f35356a,0xf95757ae,0xd0b9b969,0x91868617,0x58c1c199,
- 0x271d1d3a,0xb99e9e27,0x38e1e1d9,0x13f8f8eb,0xb398982b,0x33111122,
- 0xbb6969d2,0x70d9d9a9,0x898e8e07,0xa7949433,0xb69b9b2d,0x221e1e3c,
- 0x92878715,0x20e9e9c9,0x49cece87,0xff5555aa,0x78282850,0x7adfdfa5,
- 0x8f8c8c03,0xf8a1a159,0x80898909,0x170d0d1a,0xdabfbf65,0x31e6e6d7,
- 0xc6424284,0xb86868d0,0xc3414182,0xb0999929,0x772d2d5a,0x110f0f1e,
- 0xcbb0b07b,0xfc5454a8,0xd6bbbb6d,0x3a16162c
-};
-
-static const unsign32 rtable[]=
-{
- 0x50a7f451,0x5365417e,0xc3a4171a,0x965e273a,0xcb6bab3b,0xf1459d1f,
- 0xab58faac,0x9303e34b,0x55fa3020,0xf66d76ad,0x9176cc88,0x254c02f5,
- 0xfcd7e54f,0xd7cb2ac5,0x80443526,0x8fa362b5,0x495ab1de,0x671bba25,
- 0x980eea45,0xe1c0fe5d,0x2752fc3,0x12f04c81,0xa397468d,0xc6f9d36b,
- 0xe75f8f03,0x959c9215,0xeb7a6dbf,0xda595295,0x2d83bed4,0xd3217458,
- 0x2969e049,0x44c8c98e,0x6a89c275,0x78798ef4,0x6b3e5899,0xdd71b927,
- 0xb64fe1be,0x17ad88f0,0x66ac20c9,0xb43ace7d,0x184adf63,0x82311ae5,
- 0x60335197,0x457f5362,0xe07764b1,0x84ae6bbb,0x1ca081fe,0x942b08f9,
- 0x58684870,0x19fd458f,0x876cde94,0xb7f87b52,0x23d373ab,0xe2024b72,
- 0x578f1fe3,0x2aab5566,0x728ebb2,0x3c2b52f,0x9a7bc586,0xa50837d3,
- 0xf2872830,0xb2a5bf23,0xba6a0302,0x5c8216ed,0x2b1ccf8a,0x92b479a7,
- 0xf0f207f3,0xa1e2694e,0xcdf4da65,0xd5be0506,0x1f6234d1,0x8afea6c4,
- 0x9d532e34,0xa055f3a2,0x32e18a05,0x75ebf6a4,0x39ec830b,0xaaef6040,
- 0x69f715e,0x51106ebd,0xf98a213e,0x3d06dd96,0xae053edd,0x46bde64d,
- 0xb58d5491,0x55dc471,0x6fd40604,0xff155060,0x24fb9819,0x97e9bdd6,
- 0xcc434089,0x779ed967,0xbd42e8b0,0x888b8907,0x385b19e7,0xdbeec879,
- 0x470a7ca1,0xe90f427c,0xc91e84f8,0x0,0x83868009,0x48ed2b32,
- 0xac70111e,0x4e725a6c,0xfbff0efd,0x5638850f,0x1ed5ae3d,0x27392d36,
- 0x64d90f0a,0x21a65c68,0xd1545b9b,0x3a2e3624,0xb1670a0c,0xfe75793,
- 0xd296eeb4,0x9e919b1b,0x4fc5c080,0xa220dc61,0x694b775a,0x161a121c,
- 0xaba93e2,0xe52aa0c0,0x43e0223c,0x1d171b12,0xb0d090e,0xadc78bf2,
- 0xb9a8b62d,0xc8a91e14,0x8519f157,0x4c0775af,0xbbdd99ee,0xfd607fa3,
- 0x9f2601f7,0xbcf5725c,0xc53b6644,0x347efb5b,0x7629438b,0xdcc623cb,
- 0x68fcedb6,0x63f1e4b8,0xcadc31d7,0x10856342,0x40229713,0x2011c684,
- 0x7d244a85,0xf83dbbd2,0x1132f9ae,0x6da129c7,0x4b2f9e1d,0xf330b2dc,
- 0xec52860d,0xd0e3c177,0x6c16b32b,0x99b970a9,0xfa489411,0x2264e947,
- 0xc48cfca8,0x1a3ff0a0,0xd82c7d56,0xef903322,0xc74e4987,0xc1d138d9,
- 0xfea2ca8c,0x360bd498,0xcf81f5a6,0x28de7aa5,0x268eb7da,0xa4bfad3f,
- 0xe49d3a2c,0xd927850,0x9bcc5f6a,0x62467e54,0xc2138df6,0xe8b8d890,
- 0x5ef7392e,0xf5afc382,0xbe805d9f,0x7c93d069,0xa92dd56f,0xb31225cf,
- 0x3b99acc8,0xa77d1810,0x6e639ce8,0x7bbb3bdb,0x97826cd,0xf418596e,
- 0x1b79aec,0xa89a4f83,0x656e95e6,0x7ee6ffaa,0x8cfbc21,0xe6e815ef,
- 0xd99be7ba,0xce366f4a,0xd4099fea,0xd67cb029,0xafb2a431,0x31233f2a,
- 0x3094a5c6,0xc066a235,0x37bc4e74,0xa6ca82fc,0xb0d090e0,0x15d8a733,
- 0x4a9804f1,0xf7daec41,0xe50cd7f,0x2ff69117,0x8dd64d76,0x4db0ef43,
- 0x544daacc,0xdf0496e4,0xe3b5d19e,0x1b886a4c,0xb81f2cc1,0x7f516546,
- 0x4ea5e9d,0x5d358c01,0x737487fa,0x2e410bfb,0x5a1d67b3,0x52d2db92,
- 0x335610e9,0x1347d66d,0x8c61d79a,0x7a0ca137,0x8e14f859,0x893c13eb,
- 0xee27a9ce,0x35c961b7,0xede51ce1,0x3cb1477a,0x59dfd29c,0x3f73f255,
- 0x79ce1418,0xbf37c773,0xeacdf753,0x5baafd5f,0x146f3ddf,0x86db4478,
- 0x81f3afca,0x3ec468b9,0x2c342438,0x5f40a3c2,0x72c31d16,0xc25e2bc,
- 0x8b493c28,0x41950dff,0x7101a839,0xdeb30c08,0x9ce4b4d8,0x90c15664,
- 0x6184cb7b,0x70b632d5,0x745c6c48,0x4257b8d0
-};
-
-#define MR_TOBYTE(x) ((uchar)((x)))
-
-static unsign32 pack(const uchar *b)
-{
- /* pack bytes into a 32-bit Word */
- return ((unsign32)b[3]<<24)|((unsign32)b[2]<<16)|((unsign32)b[1]<<8)|(unsign32)b[0];
-}
-
-static void unpack(unsign32 a,uchar *b)
-{
- /* unpack bytes from a word */
- b[0]=MR_TOBYTE(a);
- b[1]=MR_TOBYTE(a>>8);
- b[2]=MR_TOBYTE(a>>16);
- b[3]=MR_TOBYTE(a>>24);
-}
-
-/* SU= 8 */
-static uchar bmul(uchar x,uchar y)
-{
- /* x.y= AntiLog(Log(x) + Log(y)) */
- if (x && y) return ptab[(ltab[x]+ltab[y])%255];
- else return 0;
-}
-
-static unsign32 SubByte(unsign32 a)
-{
- uchar b[4];
- unpack(a,b);
- b[0]=fbsub[b[0]];
- b[1]=fbsub[b[1]];
- b[2]=fbsub[b[2]];
- b[3]=fbsub[b[3]];
- return pack(b);
-}
-
-/* SU= 16 */
-static uchar product(unsign32 x,unsign32 y)
-{
- /* dot product of two 4-byte arrays */
- uchar xb[4],yb[4];
- unpack(x,xb);
- unpack(y,yb);
- return bmul(xb[0],yb[0])^bmul(xb[1],yb[1])^bmul(xb[2],yb[2])^bmul(xb[3],yb[3]);
-}
-
-static unsign32 InvMixCol(unsign32 x)
-{
- /* matrix Multiplication */
- unsign32 y,m;
- uchar b[4];
-
- m=pack(InCo);
- b[3]=product(m,x);
- m=ROTL24(m);
- b[2]=product(m,x);
- m=ROTL24(m);
- b[1]=product(m,x);
- m=ROTL24(m);
- b[0]=product(m,x);
- y=pack(b);
- return y;
-}
-
-/* SU= 8 */
-/* reset cipher */
-void AES_reset(amcl_aes *a,int mode,char *iv)
-{
- /* reset mode, or reset iv */
- int i;
- a->mode=mode;
- for (i=0; i<4*NB; i++)
- a->f[i]=0;
- if (mode!=ECB && iv!=NULL)
- {
- for (i=0; i<4*NB; i++)
- a->f[i]=iv[i];
- }
-}
-
-void AES_getreg(amcl_aes *a,char *ir)
-{
- int i;
- for (i=0; i<4*NB; i++) ir[i]=a->f[i];
-}
-
-/* SU= 72 */
-/* Initialise cipher */
-int AES_init(amcl_aes* a,int mode,int nk,char *key,char *iv)
-{
- /* Key length Nk=16, 24 or 32 bytes */
- /* Key Scheduler. Create expanded encryption key */
- int i,j,k,N,nr;
- unsign32 CipherKey[8];
-
- nk/=4;
-
- if (nk!=4 && nk!=6 && nk!=8) return 0;
-
- nr=6+nk;
-
- a->Nk=nk;
- a->Nr=nr;
-
- AES_reset(a,mode,iv);
-
- N=NB*(nr+1);
-
- for (i=j=0; i<nk; i++,j+=4)
- {
- CipherKey[i]=pack((uchar *)&key[j]);
- }
- for (i=0; i<nk; i++) a->fkey[i]=CipherKey[i];
- for (j=nk,k=0; j<N; j+=nk,k++)
- {
- a->fkey[j]=a->fkey[j-nk]^SubByte(ROTL24(a->fkey[j-1]))^rco[k];
- if (nk<=6)
- {
- for (i=1; i<nk && (i+j)<N; i++)
- a->fkey[i+j]=a->fkey[i+j-nk]^a->fkey[i+j-1];
- }
- else
- {
- for (i=1; i<4 && (i+j)<N; i++)
- a->fkey[i+j]=a->fkey[i+j-nk]^a->fkey[i+j-1];
- if ((j+4)<N) a->fkey[j+4]=a->fkey[j+4-nk]^SubByte(a->fkey[j+3]);
- for (i=5; i<nk && (i+j)<N; i++)
- a->fkey[i+j]=a->fkey[i+j-nk]^a->fkey[i+j-1];
- }
-
- }
- /* now for the expanded decrypt key in reverse order */
-
- for (j=0; j<NB; j++) a->rkey[j+N-NB]=a->fkey[j];
- for (i=NB; i<N-NB; i+=NB)
- {
- k=N-NB-i;
- for (j=0; j<NB; j++) a->rkey[k+j]=InvMixCol(a->fkey[i+j]);
- }
- for (j=N-NB; j<N; j++) a->rkey[j-N+NB]=a->fkey[j];
- return 1;
-}
-
-/* SU= 80 */
-/* Encrypt a single block */
-void AES_ecb_encrypt(amcl_aes *a,uchar *buff)
-{
- int i,j,k;
- unsign32 p[4],q[4],*x,*y,*t;
-
- for (i=j=0; i<NB; i++,j+=4)
- {
- p[i]=pack((uchar *)&buff[j]);
- p[i]^=a->fkey[i];
- }
-
- k=NB;
- x=p;
- y=q;
-
- /* State alternates between x and y */
- for (i=1; i<a->Nr; i++)
- {
-
- y[0]=a->fkey[k]^ftable[MR_TOBYTE(x[0])]^
- ROTL8(ftable[MR_TOBYTE(x[1]>>8)])^
- ROTL16(ftable[MR_TOBYTE(x[2]>>16)])^
- ROTL24(ftable[x[3]>>24]);
- y[1]=a->fkey[k+1]^ftable[MR_TOBYTE(x[1])]^
- ROTL8(ftable[MR_TOBYTE(x[2]>>8)])^
- ROTL16(ftable[MR_TOBYTE(x[3]>>16)])^
- ROTL24(ftable[x[0]>>24]);
- y[2]=a->fkey[k+2]^ftable[MR_TOBYTE(x[2])]^
- ROTL8(ftable[MR_TOBYTE(x[3]>>8)])^
- ROTL16(ftable[MR_TOBYTE(x[0]>>16)])^
- ROTL24(ftable[x[1]>>24]);
- y[3]=a->fkey[k+3]^ftable[MR_TOBYTE(x[3])]^
- ROTL8(ftable[MR_TOBYTE(x[0]>>8)])^
- ROTL16(ftable[MR_TOBYTE(x[1]>>16)])^
- ROTL24(ftable[x[2]>>24]);
-
- k+=4;
- t=x;
- x=y;
- y=t; /* swap pointers */
- }
-
- /* Last Round */
-
- y[0]=a->fkey[k]^(unsign32)fbsub[MR_TOBYTE(x[0])]^
- ROTL8((unsign32)fbsub[MR_TOBYTE(x[1]>>8)])^
- ROTL16((unsign32)fbsub[MR_TOBYTE(x[2]>>16)])^
- ROTL24((unsign32)fbsub[x[3]>>24]);
- y[1]=a->fkey[k+1]^(unsign32)fbsub[MR_TOBYTE(x[1])]^
- ROTL8((unsign32)fbsub[MR_TOBYTE(x[2]>>8)])^
- ROTL16((unsign32)fbsub[MR_TOBYTE(x[3]>>16)])^
- ROTL24((unsign32)fbsub[x[0]>>24]);
- y[2]=a->fkey[k+2]^(unsign32)fbsub[MR_TOBYTE(x[2])]^
- ROTL8((unsign32)fbsub[MR_TOBYTE(x[3]>>8)])^
- ROTL16((unsign32)fbsub[MR_TOBYTE(x[0]>>16)])^
- ROTL24((unsign32)fbsub[x[1]>>24]);
- y[3]=a->fkey[k+3]^(unsign32)fbsub[MR_TOBYTE(x[3])]^
- ROTL8((unsign32)fbsub[MR_TOBYTE(x[0]>>8)])^
- ROTL16((unsign32)fbsub[MR_TOBYTE(x[1]>>16)])^
- ROTL24((unsign32)fbsub[x[2]>>24]);
-
- for (i=j=0; i<NB; i++,j+=4)
- {
- unpack(y[i],(uchar *)&buff[j]);
- x[i]=y[i]=0; /* clean up stack */
- }
-}
-
-/* SU= 80 */
-/* Decrypt a single block */
-void AES_ecb_decrypt(amcl_aes *a,uchar *buff)
-{
- int i,j,k;
- unsign32 p[4],q[4],*x,*y,*t;
-
- for (i=j=0; i<NB; i++,j+=4)
- {
- p[i]=pack((uchar *)&buff[j]);
- p[i]^=a->rkey[i];
- }
-
- k=NB;
- x=p;
- y=q;
-
- /* State alternates between x and y */
- for (i=1; i<a->Nr; i++)
- {
- /* Nr is number of rounds. May be odd. */
-
- y[0]=a->rkey[k]^rtable[MR_TOBYTE(x[0])]^
- ROTL8(rtable[MR_TOBYTE(x[3]>>8)])^
- ROTL16(rtable[MR_TOBYTE(x[2]>>16)])^
- ROTL24(rtable[x[1]>>24]);
- y[1]=a->rkey[k+1]^rtable[MR_TOBYTE(x[1])]^
- ROTL8(rtable[MR_TOBYTE(x[0]>>8)])^
- ROTL16(rtable[MR_TOBYTE(x[3]>>16)])^
- ROTL24(rtable[x[2]>>24]);
- y[2]=a->rkey[k+2]^rtable[MR_TOBYTE(x[2])]^
- ROTL8(rtable[MR_TOBYTE(x[1]>>8)])^
- ROTL16(rtable[MR_TOBYTE(x[0]>>16)])^
- ROTL24(rtable[x[3]>>24]);
- y[3]=a->rkey[k+3]^rtable[MR_TOBYTE(x[3])]^
- ROTL8(rtable[MR_TOBYTE(x[2]>>8)])^
- ROTL16(rtable[MR_TOBYTE(x[1]>>16)])^
- ROTL24(rtable[x[0]>>24]);
-
- k+=4;
- t=x;
- x=y;
- y=t; /* swap pointers */
- }
-
-
- /* Last Round */
- y[0]=a->rkey[k]^(unsign32)rbsub[MR_TOBYTE(x[0])]^
- ROTL8((unsign32)rbsub[MR_TOBYTE(x[3]>>8)])^
- ROTL16((unsign32)rbsub[MR_TOBYTE(x[2]>>16)])^
- ROTL24((unsign32)rbsub[x[1]>>24]);
- y[1]=a->rkey[k+1]^(unsign32)rbsub[MR_TOBYTE(x[1])]^
- ROTL8((unsign32)rbsub[MR_TOBYTE(x[0]>>8)])^
- ROTL16((unsign32)rbsub[MR_TOBYTE(x[3]>>16)])^
- ROTL24((unsign32)rbsub[x[2]>>24]);
- y[2]=a->rkey[k+2]^(unsign32)rbsub[MR_TOBYTE(x[2])]^
- ROTL8((unsign32)rbsub[MR_TOBYTE(x[1]>>8)])^
- ROTL16((unsign32)rbsub[MR_TOBYTE(x[0]>>16)])^
- ROTL24((unsign32)rbsub[x[3]>>24]);
- y[3]=a->rkey[k+3]^(unsign32)rbsub[MR_TOBYTE(x[3])]^
- ROTL8((unsign32)rbsub[MR_TOBYTE(x[2]>>8)])^
- ROTL16((unsign32)rbsub[MR_TOBYTE(x[1]>>16)])^
- ROTL24((unsign32)rbsub[x[0]>>24]);
-
- for (i=j=0; i<NB; i++,j+=4)
- {
- unpack(y[i],(uchar *)&buff[j]);
- x[i]=y[i]=0; /* clean up stack */
- }
-
-}
-
-/* simple default increment function */
-static void increment(char *f)
-{
- int i;
- for (i=0; i<16; i++)
- {
- f[i]++;
- if (f[i]!=0) break;
- }
-}
-
-/* SU= 40 */
-/* Encrypt using selected mode of operation */
-unsign32 AES_encrypt(amcl_aes* a,char *buff)
-{
- int j,bytes;
- char st[16];
- unsign32 fell_off;
-
- /* Supported Modes of Operation */
-
- fell_off=0;
- switch (a->mode)
- {
- case ECB:
- AES_ecb_encrypt(a,(uchar *)buff);
- return 0;
- case CBC:
- for (j=0; j<4*NB; j++) buff[j]^=a->f[j];
- AES_ecb_encrypt(a,(uchar *)buff);
- for (j=0; j<4*NB; j++) a->f[j]=buff[j];
- return 0;
-
- case CFB1:
- case CFB2:
- case CFB4:
- bytes=a->mode-CFB1+1;
- for (j=0; j<bytes; j++) fell_off=(fell_off<<8)|a->f[j];
- for (j=0; j<4*NB; j++) st[j]=a->f[j];
- for (j=bytes; j<4*NB; j++) a->f[j-bytes]=a->f[j];
- AES_ecb_encrypt(a,(uchar *)st);
- for (j=0; j<bytes; j++)
- {
- buff[j]^=st[j];
- a->f[16-bytes+j]=buff[j];
- }
- return fell_off;
-
- case OFB1:
- case OFB2:
- case OFB4:
- case OFB8:
- case OFB16:
-
- bytes=a->mode-OFB1+1;
- AES_ecb_encrypt(a,(uchar *)(a->f));
- for (j=0; j<bytes; j++) buff[j]^=a->f[j];
- return 0;
-
- case CTR1:
- case CTR2:
- case CTR4:
- case CTR8:
- case CTR16:
-
- bytes=a->mode-CTR1+1;
- for (j=0; j<4*NB; j++) st[j]=a->f[j];
- AES_ecb_encrypt(a,(uchar *)st);
- for (j=0; j<bytes; j++) buff[j]^=st[j];
- increment(a->f);
-
- default:
- return 0;
- }
-}
-
-/* SU= 40 */
-/* Decrypt using selected mode of operation */
-unsign32 AES_decrypt(amcl_aes *a,char *buff)
-{
- int j,bytes;
- char st[16];
- unsign32 fell_off;
-
- /* Supported modes of operation */
- fell_off=0;
- switch (a->mode)
- {
- case ECB:
- AES_ecb_decrypt(a,(uchar *)buff);
- return 0;
- case CBC:
- for (j=0; j<4*NB; j++)
- {
- st[j]=a->f[j];
- a->f[j]=buff[j];
- }
- AES_ecb_decrypt(a,(uchar *)buff);
- for (j=0; j<4*NB; j++)
- {
- buff[j]^=st[j];
- st[j]=0;
- }
- return 0;
- case CFB1:
- case CFB2:
- case CFB4:
- bytes=a->mode-CFB1+1;
- for (j=0; j<bytes; j++) fell_off=(fell_off<<8)|a->f[j];
- for (j=0; j<4*NB; j++) st[j]=a->f[j];
- for (j=bytes; j<4*NB; j++) a->f[j-bytes]=a->f[j];
- AES_ecb_encrypt(a,(uchar *)st);
- for (j=0; j<bytes; j++)
- {
- a->f[16-bytes+j]=buff[j];
- buff[j]^=st[j];
- }
- return fell_off;
- case OFB1:
- case OFB2:
- case OFB4:
- case OFB8:
- case OFB16:
- bytes=a->mode-OFB1+1;
- AES_ecb_encrypt(a,(uchar *)(a->f));
- for (j=0; j<bytes; j++) buff[j]^=a->f[j];
- return 0;
-
- case CTR1:
- case CTR2:
- case CTR4:
- case CTR8:
- case CTR16:
-
- bytes=a->mode-CTR1+1;
- for (j=0; j<4*NB; j++) st[j]=a->f[j];
- AES_ecb_encrypt(a,(uchar *)st);
- for (j=0; j<bytes; j++) buff[j]^=st[j];
- increment(a->f);
-
- default:
- return 0;
- }
-}
-
-/* Clean up and delete left-overs */
-void AES_end(amcl_aes *a)
-{
- /* clean up */
- int i;
- for (i=0; i<NB*(a->Nr+1); i++)
- a->fkey[i]=a->rkey[i]=0;
- for (i=0; i<4*NB; i++)
- a->f[i]=0;
-}
-
-
-/*
-#include <stdio.h>
-
-#define KK 32
-
-int main()
-{
- int i;
- amcl_aes a;
- unsign32 t;
- uchar x,y;
-
- char key[KK];
- char block[16];
- char iv[16];
- for (i=0;i<KK;i++) key[i]=5;
- key[0]=1;
- for (i=0;i<16;i++) iv[i]=i;
- for (i=0;i<16;i++) block[i]=i;
-
- AES_init(&a,CTR16,KK,key,iv);
-
- printf("Plain= ");
- for (i=0;i<16;i++) printf("%02x",block[i]);
- printf("\n");
- AES_encrypt(&a,block);
- printf("Encrypt= ");
- for (i=0;i<16;i++) printf("%02x",(uchar)block[i]);
- printf("\n");
- AES_reset(&a,CTR16,iv);
- AES_decrypt(&a,block);
- printf("Decrypt= ");
- for (i=0;i<16;i++) printf("%02x",(uchar)block[i]);
- printf("\n");
-
- AES_end(&a);
-
- return 0;
-}
-
-*/
-
[51/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
update code
Project: http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/commit/1add7560
Tree: http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/tree/1add7560
Diff: http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/diff/1add7560
Branch: refs/heads/master
Commit: 1add756065bc30f21dc32a317ad9b17f19aa346f
Parents: 70e3a3a
Author: Brian Spector <br...@Brians-MacBook-Air-2018.local>
Authored: Tue Jan 15 15:11:57 2019 +0000
Committer: Brian Spector <br...@Brians-MacBook-Air-2018.local>
Committed: Tue Jan 15 15:11:57 2019 +0000
----------------------------------------------------------------------
LICENSE-2.0.TXT | 202 --
NOTICE.txt | 5 -
readme.txt | 41 -
version22/amcl22.pdf | Bin 419918 -> 0 bytes
version22/bigtobig.cpp | 292 ---
version22/blsgen.cpp | 194 --
version22/bngen.cpp | 251 ---
version22/c/CARSK.pem | 54 -
version22/c/aes.c | 702 -------
version22/c/amcl.h | 2935 ---------------------------
version22/c/arch.h | 119 --
version22/c/benchtest_ec.c | 212 --
version22/c/benchtest_pair.c | 257 ---
version22/c/big.c | 1525 --------------
version22/c/build_ec | 22 -
version22/c/build_ec.bat | 22 -
version22/c/build_pair | 27 -
version22/c/build_pair.bat | 27 -
version22/c/ca.crt | 23 -
version22/c/eccert.pem | 17 -
version22/c/ecdh.c | 751 -------
version22/c/ecdh.h | 206 --
version22/c/ecp.c | 1176 -----------
version22/c/ecp2.c | 696 -------
version22/c/faster.c | 98 -
version22/c/faster.txt | 25 -
version22/c/ff.c | 1150 -----------
version22/c/fp.c | 608 ------
version22/c/fp12.c | 727 -------
version22/c/fp2.c | 435 ----
version22/c/fp4.c | 651 ------
version22/c/gcm.c | 411 ----
version22/c/hash.c | 422 ----
version22/c/maxstack.c | 62 -
version22/c/mpin.c | 1212 -----------
version22/c/mpin.h | 408 ----
version22/c/oct.c | 428 ----
version22/c/pair.c | 828 --------
version22/c/rand.c | 172 --
version22/c/randapi.c | 15 -
version22/c/randapi.h | 20 -
version22/c/readme.txt | 77 -
version22/c/rom.c | 1206 -----------
version22/c/rsa.c | 394 ----
version22/c/rsa.h | 99 -
version22/c/testecdh.c | 207 --
version22/c/testmpin.c | 313 ---
version22/c/testrsa.c | 104 -
version22/c/x509.c | 1079 ----------
version22/c/x509.h | 113 --
version22/check.cpp | 100 -
version22/cs/readme.txt | 36 -
version22/ecgen.cpp | 125 --
version22/go/AES.go | 634 ------
version22/go/BIG.go | 850 --------
version22/go/BenchtestEC.go | 154 --
version22/go/BenchtestPAIR.go | 206 --
version22/go/DBIG.go | 256 ---
version22/go/ECDH.go | 547 -----
version22/go/ECP.go | 893 --------
version22/go/ECP2.go | 568 ------
version22/go/FF.go | 905 ---------
version22/go/FP.go | 279 ---
version22/go/FP12.go | 551 -----
version22/go/FP2.go | 300 ---
version22/go/FP4.go | 479 -----
version22/go/GCM.go | 337 ---
version22/go/HASH256.go | 192 --
version22/go/HASH384.go | 204 --
version22/go/HASH512.go | 204 --
version22/go/MPIN.go | 769 -------
version22/go/PAIR.go | 641 ------
version22/go/RAND.go | 153 --
version22/go/ROM32.go | 825 --------
version22/go/ROM64.go | 826 --------
version22/go/RSA.go | 363 ----
version22/go/TestECDH.go | 164 --
version22/go/TestMPIN.go | 241 ---
version22/go/TestRSA.go | 98 -
version22/go/readme.txt | 50 -
version22/java/AES.java | 695 -------
version22/java/BIG32.java | 1016 ----------
version22/java/BIG64.java | 1040 ----------
version22/java/BenchtestEC.java | 160 --
version22/java/BenchtestPAIR.java | 208 --
version22/java/DBIG32.java | 308 ---
version22/java/DBIG64.java | 306 ---
version22/java/ECDH.java | 581 ------
version22/java/ECP.java | 917 ---------
version22/java/ECP2.java | 624 ------
version22/java/FF.java | 941 ---------
version22/java/FP.java | 345 ----
version22/java/FP12.java | 641 ------
version22/java/FP2.java | 393 ----
version22/java/FP4.java | 584 ------
version22/java/GCM.java | 374 ----
version22/java/HASH256.java | 216 --
version22/java/HASH384.java | 227 ---
version22/java/HASH512.java | 229 ---
version22/java/MPIN.java | 853 --------
version22/java/PAIR.java | 685 -------
version22/java/RAND.java | 161 --
version22/java/ROM32.java | 714 -------
version22/java/ROM64.java | 703 -------
version22/java/RSA.java | 362 ----
version22/java/TestECDH.java | 179 --
version22/java/TestMPIN.java | 270 ---
version22/java/TestRSA.java | 92 -
version22/java/readme.txt | 61 -
version22/java/rsa_private_key.java | 13 -
version22/java/rsa_public_key.java | 11 -
version22/js/AES.js | 634 ------
version22/js/BIG.js | 1037 ----------
version22/js/BenchtestEC.html | 162 --
version22/js/BenchtestPAIR.html | 226 ---
version22/js/DBIG.js | 284 ---
version22/js/ECDH.js | 585 ------
version22/js/ECP.js | 903 --------
version22/js/ECP2.js | 604 ------
version22/js/FF.js | 947 ---------
version22/js/FP.js | 360 ----
version22/js/FP12.js | 558 -----
version22/js/FP2.js | 321 ---
version22/js/FP4.js | 501 -----
version22/js/GCM.js | 305 ---
version22/js/HASH256.js | 180 --
version22/js/HASH384.js | 238 ---
version22/js/HASH512.js | 236 ---
version22/js/MPIN.js | 933 ---------
version22/js/PAIR.js | 650 ------
version22/js/RAND.js | 148 --
version22/js/ROM.js | 716 -------
version22/js/RSA.js | 392 ----
version22/js/TestECDH.html | 143 --
version22/js/TestMPIN.html | 330 ---
version22/js/TestRSA.html | 115 --
version22/js/UInt64.js | 54 -
version22/js/readme.txt | 41 -
version22/rust/.gitignore | 5 -
version22/rust/Cargo.toml | 24 -
version22/rust/readme.txt | 56 -
version22/rust/src/aes.rs | 628 ------
version22/rust/src/big.rs | 1227 -----------
version22/rust/src/dbig.rs | 249 ---
version22/rust/src/ecdh.rs | 585 ------
version22/rust/src/ecp.rs | 955 ---------
version22/rust/src/ecp2.rs | 677 ------
version22/rust/src/ff.rs | 944 ---------
version22/rust/src/fp.rs | 354 ----
version22/rust/src/fp12.rs | 628 ------
version22/rust/src/fp2.rs | 366 ----
version22/rust/src/fp4.rs | 563 -----
version22/rust/src/gcm.rs | 356 ----
version22/rust/src/hash256.rs | 182 --
version22/rust/src/hash384.rs | 188 --
version22/rust/src/hash512.rs | 189 --
version22/rust/src/lib.rs | 36 -
version22/rust/src/mpin.rs | 768 -------
version22/rust/src/pair.rs | 674 ------
version22/rust/src/rand.rs | 147 --
version22/rust/src/rom32.rs | 349 ----
version22/rust/src/rom64.rs | 348 ----
version22/rust/src/rsa.rs | 372 ----
version22/rust/tests/benchtest_ec.rs | 185 --
version22/rust/tests/benchtest_pair.rs | 245 ---
version22/rust/tests/test_ecdh.rs | 180 --
version22/rust/tests/test_mpin.rs | 217 --
version22/rust/tests/test_rsa.rs | 109 -
version22/swift/BenchtestEC.swift | 161 --
version22/swift/BenchtestPAIR.swift | 206 --
version22/swift/TestECDH.swift | 167 --
version22/swift/TestMPIN.swift | 259 ---
version22/swift/TestRSA.swift | 100 -
version22/swift/aes.swift | 639 ------
version22/swift/big.swift | 1169 -----------
version22/swift/dbig.swift | 265 ---
version22/swift/ecdh.swift | 587 ------
version22/swift/ecp.swift | 923 ---------
version22/swift/ecp2.swift | 618 ------
version22/swift/ff.swift | 927 ---------
version22/swift/fp.swift | 309 ---
version22/swift/fp12.swift | 584 ------
version22/swift/fp2.swift | 329 ---
version22/swift/fp4.swift | 517 -----
version22/swift/gcm.swift | 326 ---
version22/swift/hash256.swift | 188 --
version22/swift/hash384.swift | 198 --
version22/swift/hash512.swift | 198 --
version22/swift/main.swift | 13 -
version22/swift/mpin.swift | 833 --------
version22/swift/pair.swift | 592 ------
version22/swift/rand.swift | 131 --
version22/swift/readme.txt | 135 --
version22/swift/rom32.swift | 645 ------
version22/swift/rom64.swift | 258 ---
version22/swift/rsa.swift | 400 ----
version3/amcl3.pdf | Bin 299401 -> 0 bytes
version3/bestpair.cpp | 623 ------
version3/bigtobig.cpp | 292 ---
version3/c/aes.c | 704 -------
version3/c/amcl.h | 590 ------
version3/c/arch.h | 129 --
version3/c/benchtest_all.c | 1019 ----------
version3/c/big.c | 1535 --------------
version3/c/big.h | 610 ------
version3/c/config16.py | 367 ----
version3/c/config32.py | 645 ------
version3/c/config64.py | 639 ------
version3/c/config_big.h | 38 -
version3/c/config_curve.h | 44 -
version3/c/config_ff.h | 38 -
version3/c/config_field.h | 34 -
version3/c/ecdh.c | 424 ----
version3/c/ecdh.h | 146 --
version3/c/ecdh_support.c | 352 ----
version3/c/ecdh_support.h | 114 --
version3/c/ecp.c | 1468 --------------
version3/c/ecp.h | 314 ---
version3/c/ecp2.c | 912 ---------
version3/c/ecp2.h | 220 --
version3/c/ecp4.c | 1068 ----------
version3/c/ecp4.h | 232 ---
version3/c/ecp8.c | 1311 ------------
version3/c/ecp8.h | 246 ---
version3/c/faster.c | 97 -
version3/c/faster.txt | 29 -
version3/c/fastest.c | 59 -
version3/c/fastest.txt | 28 -
version3/c/ff.c | 1155 -----------
version3/c/ff.h | 296 ---
version3/c/fp.c | 878 --------
version3/c/fp.h | 245 ---
version3/c/fp12.c | 984 ---------
version3/c/fp12.h | 216 --
version3/c/fp16.c | 693 -------
version3/c/fp16.h | 260 ---
version3/c/fp2.c | 489 -----
version3/c/fp2.h | 240 ---
version3/c/fp24.c | 1123 ----------
version3/c/fp24.h | 196 --
version3/c/fp4.c | 800 --------
version3/c/fp4.h | 305 ---
version3/c/fp48.c | 1385 -------------
version3/c/fp48.h | 196 --
version3/c/fp8.c | 795 --------
version3/c/fp8.h | 294 ---
version3/c/gcm.c | 411 ----
version3/c/hash.c | 607 ------
version3/c/mpin.c | 995 ---------
version3/c/mpin.h | 345 ----
version3/c/mpin192.c | 975 ---------
version3/c/mpin192.h | 339 ----
version3/c/mpin256.c | 998 ---------
version3/c/mpin256.h | 339 ----
version3/c/newhope.c | 513 -----
version3/c/newhope.h | 51 -
version3/c/oct.c | 429 ----
version3/c/pair.c | 1027 ----------
version3/c/pair.h | 103 -
version3/c/pair192.c | 752 -------
version3/c/pair192.h | 77 -
version3/c/pair256.c | 864 --------
version3/c/pair256.h | 77 -
version3/c/pbc_support.c | 180 --
version3/c/pbc_support.h | 96 -
version3/c/rand.c | 172 --
version3/c/randapi.c | 15 -
version3/c/randapi.h | 46 -
version3/c/readme.txt | 75 -
version3/c/rom_curve_ANSSI.c | 33 -
version3/c/rom_curve_BLS24.c | 67 -
version3/c/rom_curve_BLS381.c | 62 -
version3/c/rom_curve_BLS383.c | 62 -
version3/c/rom_curve_BLS461.c | 59 -
version3/c/rom_curve_BLS48.c | 88 -
version3/c/rom_curve_BN254.c | 80 -
version3/c/rom_curve_BN254CX.c | 81 -
version3/c/rom_curve_BRAINPOOL.c | 36 -
version3/c/rom_curve_C25519.c | 27 -
version3/c/rom_curve_C41417.c | 35 -
version3/c/rom_curve_ED25519.c | 45 -
version3/c/rom_curve_FP256BN.c | 86 -
version3/c/rom_curve_FP512BN.c | 87 -
version3/c/rom_curve_GOLDILOCKS.c | 37 -
version3/c/rom_curve_HIFIVE.c | 37 -
version3/c/rom_curve_NIST256.c | 37 -
version3/c/rom_curve_NIST384.c | 36 -
version3/c/rom_curve_NIST521.c | 35 -
version3/c/rom_curve_NUMS256E.c | 43 -
version3/c/rom_curve_NUMS256W.c | 34 -
version3/c/rom_curve_NUMS384E.c | 34 -
version3/c/rom_curve_NUMS384W.c | 34 -
version3/c/rom_curve_NUMS512E.c | 33 -
version3/c/rom_curve_NUMS512W.c | 34 -
version3/c/rom_curve_SECP256K1.c | 39 -
version3/c/rom_field_25519.c | 33 -
version3/c/rom_field_256PME.c | 28 -
version3/c/rom_field_256PMW.c | 26 -
version3/c/rom_field_384PM.c | 25 -
version3/c/rom_field_512PM.c | 25 -
version3/c/rom_field_ANSSI.c | 25 -
version3/c/rom_field_BLS24.c | 32 -
version3/c/rom_field_BLS381.c | 30 -
version3/c/rom_field_BLS383.c | 30 -
version3/c/rom_field_BLS461.c | 31 -
version3/c/rom_field_BLS48.c | 32 -
version3/c/rom_field_BN254.c | 37 -
version3/c/rom_field_BN254CX.c | 38 -
version3/c/rom_field_BRAINPOOL.c | 25 -
version3/c/rom_field_C41417.c | 25 -
version3/c/rom_field_FP256BN.c | 36 -
version3/c/rom_field_FP512BN.c | 38 -
version3/c/rom_field_GOLDILOCKS.c | 30 -
version3/c/rom_field_HIFIVE.c | 27 -
version3/c/rom_field_NIST256.c | 27 -
version3/c/rom_field_NIST384.c | 27 -
version3/c/rom_field_NIST521.c | 25 -
version3/c/rom_field_SECP256K1.c | 28 -
version3/c/rsa.c | 162 --
version3/c/rsa.h | 110 -
version3/c/rsa_support.c | 237 ---
version3/c/rsa_support.h | 62 -
version3/c/testall.c | 1627 ---------------
version3/c/testnhs.c | 71 -
version3/c/x509.c | 1097 ----------
version3/c/x509.h | 109 -
version3/check.cpp | 108 -
version3/cpp/aes.cpp | 706 -------
version3/cpp/amcl.h | 585 ------
version3/cpp/arch.h | 98 -
version3/cpp/benchtest_all.cpp | 973 ---------
version3/cpp/big.cpp | 1508 --------------
version3/cpp/big.h | 595 ------
version3/cpp/config16.py | 370 ----
version3/cpp/config32.py | 641 ------
version3/cpp/config64.py | 641 ------
version3/cpp/config_big.h | 12 -
version3/cpp/config_curve.h | 47 -
version3/cpp/config_ff.h | 13 -
version3/cpp/config_field.h | 15 -
version3/cpp/ecdh.cpp | 435 ----
version3/cpp/ecdh.h | 154 --
version3/cpp/ecdh_support.cpp | 351 ----
version3/cpp/ecdh_support.h | 84 -
version3/cpp/ecp.cpp | 1467 -------------
version3/cpp/ecp.h | 293 ---
version3/cpp/ecp2.cpp | 922 ---------
version3/cpp/ecp2.h | 203 --
version3/cpp/ecp4.cpp | 1074 ----------
version3/cpp/ecp4.h | 243 ---
version3/cpp/ecp8.cpp | 1318 ------------
version3/cpp/ecp8.h | 253 ---
version3/cpp/ff.cpp | 1181 -----------
version3/cpp/ff.h | 276 ---
version3/cpp/fp.cpp | 878 --------
version3/cpp/fp.h | 229 ---
version3/cpp/fp12.cpp | 1005 ---------
version3/cpp/fp12.h | 194 --
version3/cpp/fp16.cpp | 697 -------
version3/cpp/fp16.h | 264 ---
version3/cpp/fp2.cpp | 486 -----
version3/cpp/fp2.h | 219 --
version3/cpp/fp24.cpp | 1126 ----------
version3/cpp/fp24.h | 200 --
version3/cpp/fp4.cpp | 808 --------
version3/cpp/fp4.h | 286 ---
version3/cpp/fp48.cpp | 1389 -------------
version3/cpp/fp48.h | 199 --
version3/cpp/fp8.cpp | 800 --------
version3/cpp/fp8.h | 301 ---
version3/cpp/gcm.cpp | 413 ----
version3/cpp/hash.cpp | 599 ------
version3/cpp/mpin.cpp | 1012 ---------
version3/cpp/mpin.h | 340 ----
version3/cpp/mpin192.cpp | 985 ---------
version3/cpp/mpin192.h | 340 ----
version3/cpp/mpin256.cpp | 1006 ---------
version3/cpp/mpin256.h | 340 ----
version3/cpp/newhope.cpp | 515 -----
version3/cpp/newhope.h | 54 -
version3/cpp/oct.cpp | 431 ----
version3/cpp/pair.cpp | 983 ---------
version3/cpp/pair.h | 80 -
version3/cpp/pair192.cpp | 758 -------
version3/cpp/pair192.h | 80 -
version3/cpp/pair256.cpp | 878 --------
version3/cpp/pair256.h | 80 -
version3/cpp/pbc_support.cpp | 179 --
version3/cpp/pbc_support.h | 66 -
version3/cpp/rand.cpp | 174 --
version3/cpp/randapi.cpp | 17 -
version3/cpp/randapi.h | 24 -
version3/cpp/readme.txt | 61 -
version3/cpp/rom_curve_ANSSI.cpp | 42 -
version3/cpp/rom_curve_BLS24.cpp | 78 -
version3/cpp/rom_curve_BLS381.cpp | 64 -
version3/cpp/rom_curve_BLS383.cpp | 68 -
version3/cpp/rom_curve_BLS461.cpp | 69 -
version3/cpp/rom_curve_BLS48.cpp | 95 -
version3/cpp/rom_curve_BN254.cpp | 89 -
version3/cpp/rom_curve_BN254CX.cpp | 83 -
version3/cpp/rom_curve_BRAINPOOL.cpp | 43 -
version3/cpp/rom_curve_C25519.cpp | 36 -
version3/cpp/rom_curve_C41417.cpp | 42 -
version3/cpp/rom_curve_ED25519.cpp | 54 -
version3/cpp/rom_curve_FP256BN.cpp | 86 -
version3/cpp/rom_curve_FP512BN.cpp | 88 -
version3/cpp/rom_curve_GOLDILOCKS.cpp | 43 -
version3/cpp/rom_curve_HIFIVE.cpp | 43 -
version3/cpp/rom_curve_NIST256.cpp | 44 -
version3/cpp/rom_curve_NIST384.cpp | 42 -
version3/cpp/rom_curve_NIST521.cpp | 42 -
version3/cpp/rom_curve_NUMS256E.cpp | 53 -
version3/cpp/rom_curve_NUMS256W.cpp | 44 -
version3/cpp/rom_curve_NUMS384E.cpp | 42 -
version3/cpp/rom_curve_NUMS384W.cpp | 42 -
version3/cpp/rom_curve_NUMS512E.cpp | 42 -
version3/cpp/rom_curve_NUMS512W.cpp | 42 -
version3/cpp/rom_curve_SECP256K1.cpp | 45 -
version3/cpp/rom_field_ANSSI.cpp | 34 -
version3/cpp/rom_field_BLS24.cpp | 37 -
version3/cpp/rom_field_BLS381.cpp | 39 -
version3/cpp/rom_field_BLS383.cpp | 39 -
version3/cpp/rom_field_BLS461.cpp | 40 -
version3/cpp/rom_field_BLS48.cpp | 38 -
version3/cpp/rom_field_BN254.cpp | 48 -
version3/cpp/rom_field_BN254CX.cpp | 49 -
version3/cpp/rom_field_BRAINPOOL.cpp | 34 -
version3/cpp/rom_field_C41417.cpp | 34 -
version3/cpp/rom_field_F25519.cpp | 43 -
version3/cpp/rom_field_F256PME.cpp | 41 -
version3/cpp/rom_field_F256PMW.cpp | 36 -
version3/cpp/rom_field_F384PM.cpp | 35 -
version3/cpp/rom_field_F512PM.cpp | 35 -
version3/cpp/rom_field_FP256BN.cpp | 45 -
version3/cpp/rom_field_FP512BN.cpp | 47 -
version3/cpp/rom_field_GOLDILOCKS.cpp | 38 -
version3/cpp/rom_field_HIFIVE.cpp | 35 -
version3/cpp/rom_field_NIST256.cpp | 35 -
version3/cpp/rom_field_NIST384.cpp | 35 -
version3/cpp/rom_field_NIST521.cpp | 34 -
version3/cpp/rom_field_SECP256K1.cpp | 38 -
version3/cpp/rsa.cpp | 164 --
version3/cpp/rsa.h | 106 -
version3/cpp/rsa_support.cpp | 239 ---
version3/cpp/rsa_support.h | 49 -
version3/cpp/testall.cpp | 1643 ---------------
version3/cpp/testnhs.cpp | 73 -
version3/cpp/x509.cpp | 1097 ----------
version3/cpp/x509.h | 115 --
version3/curves.txt | 35 -
version3/go/AES.go | 634 ------
version3/go/ARCH32.go | 28 -
version3/go/ARCH64.go | 26 -
version3/go/BIG32.go | 961 ---------
version3/go/BIG64.go | 963 ---------
version3/go/BenchtestALL.go | 881 --------
version3/go/DBIG.go | 274 ---
version3/go/ECDH.go | 565 ------
version3/go/ECP.go | 1038 ----------
version3/go/ECP2.go | 701 -------
version3/go/ECP4.go | 711 -------
version3/go/ECP8.go | 862 --------
version3/go/FF32.go | 943 ---------
version3/go/FF64.go | 943 ---------
version3/go/FP.go | 556 -----
version3/go/FP12.go | 765 -------
version3/go/FP16.go | 527 -----
version3/go/FP2.go | 333 ---
version3/go/FP24.go | 885 --------
version3/go/FP4.go | 590 ------
version3/go/FP48.go | 998 ---------
version3/go/FP8.go | 606 ------
version3/go/GCM.go | 337 ---
version3/go/HASH256.go | 193 --
version3/go/HASH384.go | 206 --
version3/go/HASH512.go | 206 --
version3/go/MPIN.go | 755 -------
version3/go/MPIN192.go | 760 -------
version3/go/MPIN256.go | 728 -------
version3/go/NHS.go | 539 -----
version3/go/PAIR.go | 777 -------
version3/go/PAIR192.go | 574 ------
version3/go/PAIR256.go | 563 -----
version3/go/RAND.go | 153 --
version3/go/ROM_ANSSI_32.go | 36 -
version3/go/ROM_ANSSI_64.go | 36 -
version3/go/ROM_BLS24_32.go | 58 -
version3/go/ROM_BLS24_64.go | 58 -
version3/go/ROM_BLS381_32.go | 56 -
version3/go/ROM_BLS381_64.go | 58 -
version3/go/ROM_BLS383_32.go | 55 -
version3/go/ROM_BLS383_64.go | 55 -
version3/go/ROM_BLS461_32.go | 54 -
version3/go/ROM_BLS461_64.go | 54 -
version3/go/ROM_BLS48_32.go | 66 -
version3/go/ROM_BLS48_64.go | 66 -
version3/go/ROM_BN254CX_32.go | 56 -
version3/go/ROM_BN254CX_64.go | 56 -
version3/go/ROM_BN254_32.go | 56 -
version3/go/ROM_BN254_64.go | 56 -
version3/go/ROM_BRAINPOOL_32.go | 38 -
version3/go/ROM_BRAINPOOL_64.go | 38 -
version3/go/ROM_C25519_32.go | 36 -
version3/go/ROM_C25519_64.go | 36 -
version3/go/ROM_C41417_32.go | 37 -
version3/go/ROM_C41417_64.go | 36 -
version3/go/ROM_ED25519_32.go | 37 -
version3/go/ROM_ED25519_64.go | 38 -
version3/go/ROM_FP256BN_32.go | 56 -
version3/go/ROM_FP256BN_64.go | 54 -
version3/go/ROM_FP512BN_32.go | 57 -
version3/go/ROM_FP512BN_64.go | 55 -
version3/go/ROM_GOLDILOCKS_32.go | 36 -
version3/go/ROM_GOLDILOCKS_64.go | 37 -
version3/go/ROM_HIFIVE_32.go | 36 -
version3/go/ROM_HIFIVE_64.go | 36 -
version3/go/ROM_NIST256_32.go | 36 -
version3/go/ROM_NIST256_64.go | 36 -
version3/go/ROM_NIST384_32.go | 36 -
version3/go/ROM_NIST384_64.go | 36 -
version3/go/ROM_NIST521_32.go | 37 -
version3/go/ROM_NIST521_64.go | 37 -
version3/go/ROM_NUMS256E_32.go | 36 -
version3/go/ROM_NUMS256E_64.go | 36 -
version3/go/ROM_NUMS256W_32.go | 36 -
version3/go/ROM_NUMS256W_64.go | 37 -
version3/go/ROM_NUMS384E_32.go | 36 -
version3/go/ROM_NUMS384E_64.go | 36 -
version3/go/ROM_NUMS384W_32.go | 36 -
version3/go/ROM_NUMS384W_64.go | 36 -
version3/go/ROM_NUMS512E_32.go | 36 -
version3/go/ROM_NUMS512E_64.go | 36 -
version3/go/ROM_NUMS512W_32.go | 37 -
version3/go/ROM_NUMS512W_64.go | 36 -
version3/go/ROM_SEC256K1_64.go | 39 -
version3/go/ROM_SECP256K1_32.go | 39 -
version3/go/RSA.go | 361 ----
version3/go/SHA3.go | 258 ---
version3/go/TestALL.go | 1315 ------------
version3/go/TestNHS.go | 64 -
version3/go/config32.py | 357 ----
version3/go/config64.py | 357 ----
version3/go/readme.txt | 49 -
version3/java/AES.java | 695 -------
version3/java/BIG32.java | 934 ---------
version3/java/BIG64.java | 933 ---------
version3/java/DBIG32.java | 282 ---
version3/java/DBIG64.java | 280 ---
version3/java/ECDH.java | 608 ------
version3/java/ECP.java | 1112 ----------
version3/java/ECP2.java | 798 --------
version3/java/ECP4.java | 770 -------
version3/java/ECP8.java | 932 ---------
version3/java/FF32.java | 1029 ----------
version3/java/FF64.java | 1028 ----------
version3/java/FP12.java | 910 ---------
version3/java/FP16.java | 565 ------
version3/java/FP2.java | 425 ----
version3/java/FP24.java | 854 --------
version3/java/FP32.java | 678 -------
version3/java/FP4.java | 724 -------
version3/java/FP48.java | 1060 ----------
version3/java/FP64.java | 682 -------
version3/java/FP8.java | 658 ------
version3/java/GCM.java | 376 ----
version3/java/HASH256.java | 218 --
version3/java/HASH384.java | 229 ---
version3/java/HASH512.java | 232 ---
version3/java/MPIN.java | 823 --------
version3/java/MPIN192.java | 806 --------
version3/java/MPIN256.java | 815 --------
version3/java/NHS.java | 577 ------
version3/java/OLDECP.java | 1044 ----------
version3/java/OLDECP2.java | 781 -------
version3/java/PAIR.java | 817 --------
version3/java/PAIR192.java | 550 -----
version3/java/PAIR256.java | 628 ------
version3/java/RAND.java | 163 --
version3/java/README.md | 27 -
version3/java/ROM_ANSSI_32.java | 42 -
version3/java/ROM_ANSSI_64.java | 43 -
version3/java/ROM_BLS24_32.java | 60 -
version3/java/ROM_BLS24_64.java | 60 -
version3/java/ROM_BLS381_32.java | 57 -
version3/java/ROM_BLS381_64.java | 57 -
version3/java/ROM_BLS383_32.java | 58 -
version3/java/ROM_BLS383_64.java | 55 -
version3/java/ROM_BLS461_32.java | 56 -
version3/java/ROM_BLS461_64.java | 56 -
version3/java/ROM_BLS48_32.java | 68 -
version3/java/ROM_BLS48_64.java | 68 -
version3/java/ROM_BN254CX_32.java | 57 -
version3/java/ROM_BN254CX_64.java | 58 -
version3/java/ROM_BN254_32.java | 55 -
version3/java/ROM_BN254_64.java | 55 -
version3/java/ROM_BRAINPOOL_32.java | 44 -
version3/java/ROM_BRAINPOOL_64.java | 43 -
version3/java/ROM_C25519_32.java | 41 -
version3/java/ROM_C25519_64.java | 42 -
version3/java/ROM_C41417_32.java | 41 -
version3/java/ROM_C41417_64.java | 44 -
version3/java/ROM_ED25519_32.java | 41 -
version3/java/ROM_ED25519_64.java | 43 -
version3/java/ROM_FP256BN_32.java | 56 -
version3/java/ROM_FP256BN_64.java | 55 -
version3/java/ROM_FP512BN_32.java | 55 -
version3/java/ROM_FP512BN_64.java | 56 -
version3/java/ROM_GOLDILOCKS_32.java | 43 -
version3/java/ROM_GOLDILOCKS_64.java | 44 -
version3/java/ROM_HIFIVE_32.java | 42 -
version3/java/ROM_HIFIVE_64.java | 43 -
version3/java/ROM_NIST256_32.java | 45 -
version3/java/ROM_NIST256_64.java | 43 -
version3/java/ROM_NIST384_32.java | 43 -
version3/java/ROM_NIST384_64.java | 44 -
version3/java/ROM_NIST521_32.java | 43 -
version3/java/ROM_NIST521_64.java | 44 -
version3/java/ROM_NUMS256E_32.java | 39 -
version3/java/ROM_NUMS256E_64.java | 42 -
version3/java/ROM_NUMS256W_32.java | 44 -
version3/java/ROM_NUMS256W_64.java | 45 -
version3/java/ROM_NUMS384E_32.java | 40 -
version3/java/ROM_NUMS384E_64.java | 40 -
version3/java/ROM_NUMS384W_32.java | 43 -
version3/java/ROM_NUMS384W_64.java | 55 -
version3/java/ROM_NUMS512E_32.java | 40 -
version3/java/ROM_NUMS512E_64.java | 40 -
version3/java/ROM_NUMS512W_32.java | 40 -
version3/java/ROM_NUMS512W_64.java | 41 -
version3/java/ROM_SECP256K1_32.java | 45 -
version3/java/ROM_SECP256K1_64.java | 43 -
version3/java/RSA.java | 369 ----
version3/java/SHA3.java | 255 ---
version3/java/TestECDH.java | 192 --
version3/java/TestMPIN.java | 297 ---
version3/java/TestMPIN192.java | 297 ---
version3/java/TestMPIN256.java | 297 ---
version3/java/TestNHS.java | 70 -
version3/java/TestRSA.java | 111 -
version3/java/TesttimeECDH.java | 103 -
version3/java/TesttimeMPIN.java | 195 --
version3/java/TesttimeMPIN192.java | 195 --
version3/java/TesttimeMPIN256.java | 195 --
version3/java/TesttimeRSA.java | 99 -
version3/java/config32.py | 387 ----
version3/java/config64.py | 386 ----
version3/java/pom.xml | 19 -
version3/java/private_key.java | 16 -
version3/java/public_key.java | 14 -
version3/js/BenchtestALL.html | 1076 ----------
version3/js/TestALL.html | 1527 --------------
version3/js/TestNHS.html | 56 -
version3/js/aes.js | 705 -------
version3/js/big.js | 1552 --------------
version3/js/ctx.js | 611 ------
version3/js/ecdh.js | 771 -------
version3/js/ecp.js | 1398 -------------
version3/js/ecp2.js | 921 ---------
version3/js/ecp4.js | 885 --------
version3/js/ecp8.js | 1061 ----------
version3/js/ff.js | 1002 ---------
version3/js/fp.js | 708 -------
version3/js/fp12.js | 893 --------
version3/js/fp16.js | 573 ------
version3/js/fp2.js | 405 ----
version3/js/fp24.js | 963 ---------
version3/js/fp4.js | 642 ------
version3/js/fp48.js | 1271 ------------
version3/js/fp8.js | 660 ------
version3/js/gcm.js | 428 ----
version3/js/hash256.js | 198 --
version3/js/hash384.js | 275 ---
version3/js/hash512.js | 277 ---
version3/js/include.html | 25 -
version3/js/mpin.js | 1059 ----------
version3/js/mpin192.js | 1046 ----------
version3/js/mpin256.js | 1080 ----------
version3/js/nhs.js | 565 ------
version3/js/pair.js | 774 -------
version3/js/pair192.js | 545 -----
version3/js/pair256.js | 622 ------
version3/js/rand.js | 184 --
version3/js/readme.txt | 48 -
version3/js/rom_curve.js | 1127 ----------
version3/js/rom_field.js | 425 ----
version3/js/rsa.js | 515 -----
version3/js/sha3.js | 264 ---
version3/js/uint64.js | 61 -
version3/python/big.py | 159 --
version3/python/bls381.py | 40 -
version3/python/bls383.py | 40 -
version3/python/bn254.py | 38 -
version3/python/bn254cx.py | 39 -
version3/python/c25519.py | 19 -
version3/python/config.py | 175 --
version3/python/constants.py | 17 -
version3/python/ecdh.py | 162 --
version3/python/ecp.py | 634 ------
version3/python/ecp2.py | 290 ---
version3/python/ed25519.py | 19 -
version3/python/fp.py | 97 -
version3/python/fp12.py | 314 ---
version3/python/fp2.py | 153 --
version3/python/fp4.py | 144 --
version3/python/goldilocks.py | 19 -
version3/python/mpin.py | 227 ---
version3/python/nist256.py | 19 -
version3/python/nist384.py | 19 -
version3/python/nist521.py | 20 -
version3/python/pair.py | 317 ---
version3/python/readme.txt | 39 -
version3/python/sec256k1.py | 19 -
version3/python/test.py | 122 --
version3/readme.txt | 17 -
version3/romgen.cpp | 1561 --------------
version3/rust/BenchtestALL.rs | 970 ---------
version3/rust/TestALL.rs | 1235 -----------
version3/rust/TestNHS.rs | 76 -
version3/rust/aes.rs | 628 ------
version3/rust/arch32.rs | 22 -
version3/rust/arch64.rs | 22 -
version3/rust/big.rs | 1078 ----------
version3/rust/config32.py | 400 ----
version3/rust/config64.py | 399 ----
version3/rust/dbig.rs | 272 ---
version3/rust/ecdh.rs | 604 ------
version3/rust/ecp.rs | 1065 ----------
version3/rust/ecp2.rs | 671 ------
version3/rust/ecp4.rs | 702 -------
version3/rust/ecp8.rs | 873 --------
version3/rust/ff.rs | 1018 ----------
version3/rust/fp.rs | 625 ------
version3/rust/fp12.rs | 798 --------
version3/rust/fp16.rs | 553 -----
version3/rust/fp2.rs | 353 ----
version3/rust/fp24.rs | 840 --------
version3/rust/fp4.rs | 624 ------
version3/rust/fp48.rs | 1069 ----------
version3/rust/fp8.rs | 635 ------
version3/rust/gcm.rs | 356 ----
version3/rust/hash256.rs | 177 --
version3/rust/hash384.rs | 189 --
version3/rust/hash512.rs | 190 --
version3/rust/lib.rs | 10 -
version3/rust/mod.rs | 11 -
version3/rust/modecc.rs | 8 -
version3/rust/modpf.rs | 11 -
version3/rust/modpf192.rs | 12 -
version3/rust/modpf256.rs | 13 -
version3/rust/modrsa.rs | 6 -
version3/rust/mpin.rs | 800 --------
version3/rust/mpin192.rs | 780 -------
version3/rust/mpin256.rs | 791 --------
version3/rust/nhs.rs | 511 -----
version3/rust/pair.rs | 764 -------
version3/rust/pair192.rs | 494 -----
version3/rust/pair256.rs | 574 ------
version3/rust/rand.rs | 147 --
version3/rust/readme.txt | 40 -
version3/rust/rom_anssi_32.rs | 39 -
version3/rust/rom_anssi_64.rs | 39 -
version3/rust/rom_bls24_32.rs | 59 -
version3/rust/rom_bls24_64.rs | 59 -
version3/rust/rom_bls381_32.rs | 57 -
version3/rust/rom_bls381_64.rs | 56 -
version3/rust/rom_bls383_32.rs | 55 -
version3/rust/rom_bls383_64.rs | 55 -
version3/rust/rom_bls461_32.rs | 55 -
version3/rust/rom_bls461_64.rs | 56 -
version3/rust/rom_bls48_32.rs | 67 -
version3/rust/rom_bls48_64.rs | 67 -
version3/rust/rom_bn254CX_32.rs | 56 -
version3/rust/rom_bn254CX_64.rs | 58 -
version3/rust/rom_bn254_32.rs | 53 -
version3/rust/rom_bn254_64.rs | 53 -
version3/rust/rom_brainpool_32.rs | 40 -
version3/rust/rom_brainpool_64.rs | 40 -
version3/rust/rom_c25519_32.rs | 39 -
version3/rust/rom_c25519_64.rs | 38 -
version3/rust/rom_c41417_32.rs | 38 -
version3/rust/rom_c41417_64.rs | 38 -
version3/rust/rom_ed25519_32.rs | 38 -
version3/rust/rom_ed25519_64.rs | 38 -
version3/rust/rom_fp256bn_32.rs | 54 -
version3/rust/rom_fp256bn_64.rs | 54 -
version3/rust/rom_fp512bn_32.rs | 53 -
version3/rust/rom_fp512bn_64.rs | 53 -
version3/rust/rom_goldilocks_32.rs | 38 -
version3/rust/rom_goldilocks_64.rs | 38 -
version3/rust/rom_hifive_32.rs | 38 -
version3/rust/rom_hifive_64.rs | 38 -
version3/rust/rom_nist256_32.rs | 41 -
version3/rust/rom_nist256_64.rs | 40 -
version3/rust/rom_nist384_32.rs | 38 -
version3/rust/rom_nist384_64.rs | 38 -
version3/rust/rom_nist521_32.rs | 39 -
version3/rust/rom_nist521_64.rs | 38 -
version3/rust/rom_nums256e_32.rs | 40 -
version3/rust/rom_nums256e_64.rs | 42 -
version3/rust/rom_nums256w_32.rs | 38 -
version3/rust/rom_nums256w_64.rs | 40 -
version3/rust/rom_nums384e_32.rs | 40 -
version3/rust/rom_nums384e_64.rs | 39 -
version3/rust/rom_nums384w_32.rs | 39 -
version3/rust/rom_nums384w_64.rs | 38 -
version3/rust/rom_nums512e_32.rs | 37 -
version3/rust/rom_nums512e_64.rs | 38 -
version3/rust/rom_nums512w_32.rs | 39 -
version3/rust/rom_nums512w_64.rs | 38 -
version3/rust/rom_secp256k1_32.rs | 40 -
version3/rust/rom_secp256k1_64.rs | 39 -
version3/rust/rsa.rs | 362 ----
version3/rust/sha3.rs | 242 ---
version3/swift/BenchtestALL.swift | 888 --------
version3/swift/TestALL.swift | 1425 -------------
version3/swift/TestNHS.swift | 70 -
version3/swift/aes.swift | 641 ------
version3/swift/big.swift | 1150 -----------
version3/swift/config32.py | 354 ----
version3/swift/config64.py | 352 ----
version3/swift/dbig.swift | 291 ---
version3/swift/ecdh.swift | 595 ------
version3/swift/ecp.swift | 1070 ----------
version3/swift/ecp2.swift | 735 -------
version3/swift/ecp4.swift | 739 -------
version3/swift/ecp8.swift | 894 --------
version3/swift/ff.swift | 996 ---------
version3/swift/fp.swift | 616 ------
version3/swift/fp12.swift | 815 --------
version3/swift/fp16.swift | 576 ------
version3/swift/fp2.swift | 359 ----
version3/swift/fp24.swift | 852 --------
version3/swift/fp4.swift | 632 ------
version3/swift/fp48.swift | 1071 ----------
version3/swift/fp8.swift | 658 ------
version3/swift/gcm.swift | 326 ---
version3/swift/hash256.swift | 188 --
version3/swift/hash384.swift | 198 --
version3/swift/hash512.swift | 198 --
version3/swift/mpin.swift | 822 --------
version3/swift/mpin192.swift | 828 --------
version3/swift/mpin256.swift | 816 --------
version3/swift/nhs.swift | 550 -----
version3/swift/pair.swift | 724 -------
version3/swift/pair192.swift | 512 -----
version3/swift/pair256.swift | 587 ------
version3/swift/rand.swift | 136 --
version3/swift/readme.txt | 43 -
version3/swift/rom_anssi.swift | 73 -
version3/swift/rom_bls24.swift | 104 -
version3/swift/rom_bls381.swift | 105 -
version3/swift/rom_bls383.swift | 101 -
version3/swift/rom_bls461.swift | 107 -
version3/swift/rom_bls48.swift | 120 --
version3/swift/rom_bn254.swift | 104 -
version3/swift/rom_bn254CX.swift | 106 -
version3/swift/rom_brainpool.swift | 74 -
version3/swift/rom_c25519.swift | 72 -
version3/swift/rom_c41417.swift | 71 -
version3/swift/rom_ed25519.swift | 72 -
version3/swift/rom_fp256bn.swift | 102 -
version3/swift/rom_fp512bn.swift | 105 -
version3/swift/rom_goldilocks.swift | 70 -
version3/swift/rom_hifive.swift | 72 -
version3/swift/rom_nist256.swift | 70 -
version3/swift/rom_nist384.swift | 70 -
version3/swift/rom_nist521.swift | 71 -
version3/swift/rom_nums256e.swift | 72 -
version3/swift/rom_nums256w.swift | 72 -
version3/swift/rom_nums384e.swift | 72 -
version3/swift/rom_nums384w.swift | 73 -
version3/swift/rom_nums512e.swift | 75 -
version3/swift/rom_nums512w.swift | 72 -
version3/swift/rom_secp256k1.swift | 70 -
version3/swift/rsa.swift | 390 ----
version3/swift/sha3.swift | 264 ---
version3/wasm/config.py | 669 ------
version3/wasm/readme.txt | 72 -
879 files changed, 297899 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/LICENSE-2.0.TXT
----------------------------------------------------------------------
diff --git a/LICENSE-2.0.TXT b/LICENSE-2.0.TXT
deleted file mode 100644
index 9b5e401..0000000
--- a/LICENSE-2.0.TXT
+++ /dev/null
@@ -1,202 +0,0 @@
-
- Apache License
- Version 2.0, January 2004
- http://www.apache.org/licenses/
-
- TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
- 1. Definitions.
-
- "License" shall mean the terms and conditions for use, reproduction,
- and distribution as defined by Sections 1 through 9 of this document.
-
- "Licensor" shall mean the copyright owner or entity authorized by
- the copyright owner that is granting the License.
-
- "Legal Entity" shall mean the union of the acting entity and all
- other entities that control, are controlled by, or are under common
- control with that entity. For the purposes of this definition,
- "control" means (i) the power, direct or indirect, to cause the
- direction or management of such entity, whether by contract or
- otherwise, or (ii) ownership of fifty percent (50%) or more of the
- outstanding shares, or (iii) beneficial ownership of such entity.
-
- "You" (or "Your") shall mean an individual or Legal Entity
- exercising permissions granted by this License.
-
- "Source" form shall mean the preferred form for making modifications,
- including but not limited to software source code, documentation
- source, and configuration files.
-
- "Object" form shall mean any form resulting from mechanical
- transformation or translation of a Source form, including but
- not limited to compiled object code, generated documentation,
- and conversions to other media types.
-
- "Work" shall mean the work of authorship, whether in Source or
- Object form, made available under the License, as indicated by a
- copyright notice that is included in or attached to the work
- (an example is provided in the Appendix below).
-
- "Derivative Works" shall mean any work, whether in Source or Object
- form, that is based on (or derived from) the Work and for which the
- editorial revisions, annotations, elaborations, or other modifications
- represent, as a whole, an original work of authorship. For the purposes
- of this License, Derivative Works shall not include works that remain
- separable from, or merely link (or bind by name) to the interfaces of,
- the Work and Derivative Works thereof.
-
- "Contribution" shall mean any work of authorship, including
- the original version of the Work and any modifications or additions
- to that Work or Derivative Works thereof, that is intentionally
- submitted to Licensor for inclusion in the Work by the copyright owner
- or by an individual or Legal Entity authorized to submit on behalf of
- the copyright owner. For the purposes of this definition, "submitted"
- means any form of electronic, verbal, or written communication sent
- to the Licensor or its representatives, including but not limited to
- communication on electronic mailing lists, source code control systems,
- and issue tracking systems that are managed by, or on behalf of, the
- Licensor for the purpose of discussing and improving the Work, but
- excluding communication that is conspicuously marked or otherwise
- designated in writing by the copyright owner as "Not a Contribution."
-
- "Contributor" shall mean Licensor and any individual or Legal Entity
- on behalf of whom a Contribution has been received by Licensor and
- subsequently incorporated within the Work.
-
- 2. Grant of Copyright License. Subject to the terms and conditions of
- this License, each Contributor hereby grants to You a perpetual,
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
- copyright license to reproduce, prepare Derivative Works of,
- publicly display, publicly perform, sublicense, and distribute the
- Work and such Derivative Works in Source or Object form.
-
- 3. Grant of Patent License. Subject to the terms and conditions of
- this License, each Contributor hereby grants to You a perpetual,
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
- (except as stated in this section) patent license to make, have made,
- use, offer to sell, sell, import, and otherwise transfer the Work,
- where such license applies only to those patent claims licensable
- by such Contributor that are necessarily infringed by their
- Contribution(s) alone or by combination of their Contribution(s)
- with the Work to which such Contribution(s) was submitted. If You
- institute patent litigation against any entity (including a
- cross-claim or counterclaim in a lawsuit) alleging that the Work
- or a Contribution incorporated within the Work constitutes direct
- or contributory patent infringement, then any patent licenses
- granted to You under this License for that Work shall terminate
- as of the date such litigation is filed.
-
- 4. Redistribution. You may reproduce and distribute copies of the
- Work or Derivative Works thereof in any medium, with or without
- modifications, and in Source or Object form, provided that You
- meet the following conditions:
-
- (a) You must give any other recipients of the Work or
- Derivative Works a copy of this License; and
-
- (b) You must cause any modified files to carry prominent notices
- stating that You changed the files; and
-
- (c) You must retain, in the Source form of any Derivative Works
- that You distribute, all copyright, patent, trademark, and
- attribution notices from the Source form of the Work,
- excluding those notices that do not pertain to any part of
- the Derivative Works; and
-
- (d) If the Work includes a "NOTICE" text file as part of its
- distribution, then any Derivative Works that You distribute must
- include a readable copy of the attribution notices contained
- within such NOTICE file, excluding those notices that do not
- pertain to any part of the Derivative Works, in at least one
- of the following places: within a NOTICE text file distributed
- as part of the Derivative Works; within the Source form or
- documentation, if provided along with the Derivative Works; or,
- within a display generated by the Derivative Works, if and
- wherever such third-party notices normally appear. The contents
- of the NOTICE file are for informational purposes only and
- do not modify the License. You may add Your own attribution
- notices within Derivative Works that You distribute, alongside
- or as an addendum to the NOTICE text from the Work, provided
- that such additional attribution notices cannot be construed
- as modifying the License.
-
- You may add Your own copyright statement to Your modifications and
- may provide additional or different license terms and conditions
- for use, reproduction, or distribution of Your modifications, or
- for any such Derivative Works as a whole, provided Your use,
- reproduction, and distribution of the Work otherwise complies with
- the conditions stated in this License.
-
- 5. Submission of Contributions. Unless You explicitly state otherwise,
- any Contribution intentionally submitted for inclusion in the Work
- by You to the Licensor shall be under the terms and conditions of
- this License, without any additional terms or conditions.
- Notwithstanding the above, nothing herein shall supersede or modify
- the terms of any separate license agreement you may have executed
- with Licensor regarding such Contributions.
-
- 6. Trademarks. This License does not grant permission to use the trade
- names, trademarks, service marks, or product names of the Licensor,
- except as required for reasonable and customary use in describing the
- origin of the Work and reproducing the content of the NOTICE file.
-
- 7. Disclaimer of Warranty. Unless required by applicable law or
- agreed to in writing, Licensor provides the Work (and each
- Contributor provides its Contributions) on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
- implied, including, without limitation, any warranties or conditions
- of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
- PARTICULAR PURPOSE. You are solely responsible for determining the
- appropriateness of using or redistributing the Work and assume any
- risks associated with Your exercise of permissions under this License.
-
- 8. Limitation of Liability. In no event and under no legal theory,
- whether in tort (including negligence), contract, or otherwise,
- unless required by applicable law (such as deliberate and grossly
- negligent acts) or agreed to in writing, shall any Contributor be
- liable to You for damages, including any direct, indirect, special,
- incidental, or consequential damages of any character arising as a
- result of this License or out of the use or inability to use the
- Work (including but not limited to damages for loss of goodwill,
- work stoppage, computer failure or malfunction, or any and all
- other commercial damages or losses), even if such Contributor
- has been advised of the possibility of such damages.
-
- 9. Accepting Warranty or Additional Liability. While redistributing
- the Work or Derivative Works thereof, You may choose to offer,
- and charge a fee for, acceptance of support, warranty, indemnity,
- or other liability obligations and/or rights consistent with this
- License. However, in accepting such obligations, You may act only
- on Your own behalf and on Your sole responsibility, not on behalf
- of any other Contributor, and only if You agree to indemnify,
- defend, and hold each Contributor harmless for any liability
- incurred by, or claims asserted against, such Contributor by reason
- of your accepting any such warranty or additional liability.
-
- END OF TERMS AND CONDITIONS
-
- APPENDIX: How to apply the Apache License to your work.
-
- To apply the Apache License to your work, attach the following
- boilerplate notice, with the fields enclosed by brackets "[]"
- replaced with your own identifying information. (Don't include
- the brackets!) The text should be enclosed in the appropriate
- comment syntax for the file format. We also recommend that a
- file or class name and description of purpose be included on the
- same "printed page" as the copyright notice for easier
- identification within third-party archives.
-
- Copyright [yyyy] [name of copyright owner]
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/NOTICE.txt
----------------------------------------------------------------------
diff --git a/NOTICE.txt b/NOTICE.txt
deleted file mode 100644
index 2e6c028..0000000
--- a/NOTICE.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Apache Milagro Crypto Libraries
-Copyright 2016 The Apache Software Foundation
-
-This product includes software developed at
-The Apache Software Foundation (http://www.apache.org/).
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/readme.txt
----------------------------------------------------------------------
diff --git a/readme.txt b/readme.txt
deleted file mode 100644
index 5469379..0000000
--- a/readme.txt
+++ /dev/null
@@ -1,41 +0,0 @@
-The Apache Milagro Cryptographic Library
-
-Note that the AMCL currently comes in two versions, version 2.2
-and version 3.1
-
-AMCL v2.2 is presented in what might be called a pre-library state.
-
-In the various supported languages the source code is made available,
-but it is not organised into rigid packages/crates/jars/whatever
-It is expected that the consumer will themselves take this final step,
-depending on the exact requirements of their project.
-
-Note that version 2.2 is no longer supported.
-
-AMCL v3.1 uses a standard Python 3 script to build libraries in all
-supported languages. New users should use this version.
-
-The main improvement is that AMCL v3 can optionally simultaneously support
-multiple elliptic curves and RSA key sizes within a single appliction.
-
-Note that AMCL is largely configured at compile time. In version 3 this
-configuration is handled by the Python script.
-
-AMCL is available in 32-bit and 64-bit versions in most languages. Limited
-support for 16-bit processors is provided by the C version.
-
-Now languages like to remain "standard" irrespective of the underlying
-hardware. However when it comes to optimal performance, it is impossible
-to remain architecture-agnostic. If a processor supports 64-bit
-instructions that operate on 64-bit registers, it will be a waste not to
-use them. Therefore the 64-bit language versions should always be used
-on 64-bit processors.
-
-Version 3.1 is a major "under the hood" upgrade. Field arithmetic is
-performed using ideas from http://eprint.iacr.org/2017/437 to ensure
-that critical calculations are performed in constant time. This strongly
-mitigates against side-channel attacks. Exception-free formulae are
-now used for Weierstrass elliptic curves. A new standardised script
-builds for the same set of curves across all languages.
-
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/amcl22.pdf
----------------------------------------------------------------------
diff --git a/version22/amcl22.pdf b/version22/amcl22.pdf
deleted file mode 100644
index b5ba27f..0000000
Binary files a/version22/amcl22.pdf and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/bigtobig.cpp
----------------------------------------------------------------------
diff --git a/version22/bigtobig.cpp b/version22/bigtobig.cpp
deleted file mode 100644
index fbc89ea..0000000
--- a/version22/bigtobig.cpp
+++ /dev/null
@@ -1,292 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-//
-// Program to convert from Big to AMCL BIG format
-// cl /O2 bigtobig.cpp big.cpp miracl.lib
-// g++ -O2 bigtobig.cpp big.cpp miracl.a -o bigtobig
-//
-//
-
-#include <iostream>
-#include "zzn.h"
-
-using namespace std;
-
-Miracl precision=100;
-
-// Code to parse formula in command line
-// This code isn't mine, but its public domain
-// Shamefully I forget the source
-//
-// NOTE: It may be necessary on some platforms to change the operators * and #
-//
-
-#if defined(unix)
-#define TIMES '.'
-#define RAISE '^'
-#else
-#define TIMES '*'
-#define RAISE '#'
-#endif
-
-Big tt;
-static char *ss;
-
-void eval_power (Big& oldn,Big& n,char op)
-{
- if (op) n=pow(oldn,toint(n)); // power(oldn,size(n),n,n);
-}
-
-void eval_product (Big& oldn,Big& n,char op)
-{
- switch (op)
- {
- case TIMES:
- n*=oldn;
- break;
- case '/':
- n=oldn/n;
- break;
- case '%':
- n=oldn%n;
- }
-}
-
-void eval_sum (Big& oldn,Big& n,char op)
-{
- switch (op)
- {
- case '+':
- n+=oldn;
- break;
- case '-':
- n=oldn-n;
- }
-}
-
-void eval (void)
-{
- Big oldn[3];
- Big n;
- int i;
- char oldop[3];
- char op;
- char minus;
- for (i=0;i<3;i++)
- {
- oldop[i]=0;
- }
-LOOP:
- while (*ss==' ')
- ss++;
- if (*ss=='-') /* Unary minus */
- {
- ss++;
- minus=1;
- }
- else
- minus=0;
- while (*ss==' ')
- ss++;
- if (*ss=='(' || *ss=='[' || *ss=='{') /* Number is subexpression */
- {
- ss++;
- eval ();
- n=tt;
- }
- else /* Number is decimal value */
- {
- for (i=0;ss[i]>='0' && ss[i]<='9';i++)
- ;
- if (!i) /* No digits found */
- {
- cout << "Error - invalid number" << endl;
- exit (20);
- }
- op=ss[i];
- ss[i]=0;
- n=atoi(ss);
- ss+=i;
- *ss=op;
- }
- if (minus) n=-n;
- do
- op=*ss++;
- while (op==' ');
- if (op==0 || op==')' || op==']' || op=='}')
- {
- eval_power (oldn[2],n,oldop[2]);
- eval_product (oldn[1],n,oldop[1]);
- eval_sum (oldn[0],n,oldop[0]);
- tt=n;
- return;
- }
- else
- {
- if (op==RAISE)
- {
- eval_power (oldn[2],n,oldop[2]);
- oldn[2]=n;
- oldop[2]=RAISE;
- }
- else
- {
- if (op==TIMES || op=='/' || op=='%')
- {
- eval_power (oldn[2],n,oldop[2]);
- oldop[2]=0;
- eval_product (oldn[1],n,oldop[1]);
- oldn[1]=n;
- oldop[1]=op;
- }
- else
- {
- if (op=='+' || op=='-')
- {
- eval_power (oldn[2],n,oldop[2]);
- oldop[2]=0;
- eval_product (oldn[1],n,oldop[1]);
- oldop[1]=0;
- eval_sum (oldn[0],n,oldop[0]);
- oldn[0]=n;
- oldop[0]=op;
- }
- else /* Error - invalid operator */
- {
- cout << "Error - invalid operator" << endl;
- exit (20);
- }
- }
- }
- }
- goto LOOP;
-}
-
-void output(int w,Big t,Big m)
-{
- Big y=t;
-
- for (int i=0;i<w;i++)
- {
- cout << "0x" << y%m ;
- if (i<w-1) cout << ",";
- y/=m;
- }
- cout << endl;
-}
-
-int main(int argc, char **argv)
-{
- int i,ip,chunk,basebits;
- Big n,m;
- BOOL gotP,gotA,gotB;
- int Base;
- miracl *mip=&precision;
- argv++; argc--;
- if (argc<1)
- {
- cout << "Program converts from Big to BIG" << endl;
- cout << "bigtobig <big number> <chunk>> <basebits>" << endl;
- cout << "OR" << endl;
- cout << "bigtobig <formula for big number> <chunk>> <basebits>" << endl;
-#if defined(unix)
- cout << "e.g. bigtobig -f 2^255-19 32 29" << endl;
-#else
- cout << "e.g. bigtobig -f 2#255-19 32 29" << endl;
-#endif
- cout << "To input Big number in Hex, precede with -h" << endl;
- return 0;
- }
-
- ip=0;
- gprime(1000);
- gotP=gotA=gotB=FALSE;
- n=0;
- Base=10;
- while (ip<argc)
- {
- if (!gotP && strcmp(argv[ip],"-f")==0)
- {
- ip++;
- if (!gotP && ip<argc)
- {
-
- ss=argv[ip++];
- tt=0;
- eval();
- n=tt;
- gotP=TRUE;
- continue;
- }
- else
- {
- cout << "Error in command line" << endl;
- return 0;
- }
- }
-
-
- if (strcmp(argv[ip],"-h")==0)
- {
- ip++;
- Base=16;
- continue;
- }
-
- if (!gotP)
- {
- mip->IOBASE=Base;
- n=argv[ip++];
- mip->IOBASE=10;
- gotP=TRUE;
- continue;
- }
- if (!gotA)
- {
- mip->IOBASE=Base;
- chunk=atoi(argv[ip++]);
- gotA=TRUE;
- continue;
- }
- if (!gotB)
- {
- mip->IOBASE=Base;
- basebits=atoi(argv[ip++]);
- gotB=TRUE;
- continue;
- }
- cout << "Error in command line" << endl;
- return 0;
- }
- if (!gotP || !gotA || !gotB)
- {
- cout << "Error in command line" << endl;
- return 0;
- }
-
- mip->IOBASE=16;
-
- m=pow((Big)2,basebits);
-
- output(1+bits(n)/basebits,n,m);
-
- return 0;
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/blsgen.cpp
----------------------------------------------------------------------
diff --git a/version22/blsgen.cpp b/version22/blsgen.cpp
deleted file mode 100644
index 9b08b7c..0000000
--- a/version22/blsgen.cpp
+++ /dev/null
@@ -1,194 +0,0 @@
-/*
-Copyright 2015 CertiVox UK Ltd
-
-This file is part of The CertiVox MIRACL IOT Crypto SDK (MiotCL)
-
-MiotCL is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-MiotCL is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with MiotCL. If not, see <http://www.gnu.org/licenses/>.
-
-You can be released from the requirements of the license by purchasing
-a commercial license.
-*/
-
-/* BLSGEN - Helper MIRACL program to generate constants for BlS curves
-
-(MINGW build)
-
-g++ -O3 blsgen.cpp big.cpp zzn.cpp ecn.cpp zzn2.cpp ecn2.cpp miracl.a -o blsgen.exe
-
-This ONLY works for D-type curves of the form y^2=x^3+1, with a positive x parameter
-
-*/
-
-#include <iostream>
-#include "big.h"
-#include "ecn.h"
-#include "zzn2.h"
-#include "ecn2.h"
-
-using namespace std;
-
-Miracl precision(20,0);
-
-Big output(int chunk,int w,Big t,Big m)
-{
- Big last,y=t;
-
- cout << "{";
- for (int i=0;i<w;i++)
- {
- last=y%m;
- cout << "0x" << last;
- y/=m;
- if (i==w-1) break;
- if (chunk==64) cout << "L,";
- else cout << ",";
- }
-
- if (chunk==64) cout << "L}";
- else cout << "}";
- return last;
-}
-
-void set_frobenius_constant(ZZn2 &X)
-{
- Big p=get_modulus();
- switch (get_mip()->pmod8)
- {
- case 5:
- X.set((Big)0,(Big)1); // = (sqrt(-2)^(p-1)/2
- break;
- case 3: // = (1+sqrt(-1))^(p-1)/2
- X.set((Big)1,(Big)1);
- break;
- case 7:
- X.set((Big)2,(Big)1); // = (2+sqrt(-1))^(p-1)/2
- default: break;
- }
- X=pow(X,(p-1)/6);
-}
-
-/* Fill in this bit yourself.... */
-
-#define CHUNK 64 /* processor word size */
-#define MBITS 455 /* Modulus size in bits */
-
-/* This next from output of check.cpp program */
-#define BASEBITS 60
-
-#define MODTYPE NOT_SPECIAL
-#define CURVETYPE WEIERSTRASS
-#define CURVE_A 0 // like A parameter in CURVE: y^2=x^3+Ax+B
-
-/* .....to here */
-
-#define WORDS (1+((MBITS-1)/BASEBITS))
-
-int main()
-{
- miracl *mip=&precision;
- Big p,q,R,Beta;
- Big m,x,y,w,t,c,n,r,a,b,gx,gy,B,xa,xb,ya,yb,cof;
- Big np,PP,TT,FF;
- ZZn cru;
- ZZn2 X;
- ECn P;
- ECn2 Q;
- ZZn2 Xa,Ya;
- int i,j;
-
- mip->IOBASE=16;
-
-/* Set BLS value x which determines curve */
-
- x= (char *)"10002000002000010007";
- B=1;
- x= (char *)"10000000000004100100";
- B=7;
- x= (char *)"10000020000080000800";
- B=10;
-/* ... to here */
-
- p=(pow(x,6)-2*pow(x,5)+2*pow(x,3)+x+1)/3;
- ecurve((Big)0,B,p,MR_AFFINE);
- mip->TWIST=MR_SEXTIC_D;
- t=x+1;
- q=pow(x,4)-x*x+1;
- cof=(p+1-t)/q;
-
-// cout << "cof= " << (p+1-t)/q << endl;
-
- gx=-1; gy=3;
- if (!P.set(gx,gy))
- {
- cout << "Failed - try another x " << endl;
- return 0;
- }
-
-// while (!P.set(gx) || (cof*P).iszero()) gx=gx+1;
-
- P*=cof;
- P.get(gx,gy);
-
- cout << "MOD8 " << p%8 << endl;
-
- m=pow((Big)2,BASEBITS);
-
- cout << "MConst=0x" << inverse(m-p%m,m) << ";" << endl;
-
- cout << "Modulus="; output(CHUNK,WORDS,p,m); cout << ";" << endl;
-
- cout << "CURVE_Order="; output(CHUNK,WORDS,q,m); cout << ";" << endl;
- cout << "CURVE_Cof="; output(CHUNK,WORDS,cof,m); cout << ";" << endl;
- cout << "CURVE_B= "; output(CHUNK,WORDS,B,m); cout << ";" << endl;
- cout << "CURVE_Gx="; output(CHUNK,WORDS,gx,m); cout << ";" << endl;
- cout << "CURVE_Gy="; output(CHUNK,WORDS,gy,m); cout << ";" << endl;
- cout << endl;
- cout << "CURVE_Bnx="; output(CHUNK,WORDS,x,m); cout << ";" << endl;
-
- modulo(p);
-
- cru=pow((ZZn)2,(p-1)/3);
- cru*=cru; // right cube root of unity
-
- cout << "CURVE_Cru="; output(CHUNK,WORDS,(Big)cru,m); cout << ";" << endl;
-
- set_frobenius_constant(X);
- X.get(a,b);
- cout << "CURVE_Fra="; output(CHUNK,WORDS,a,m); cout << ";" << endl;
- cout << "CURVE_Frb="; output(CHUNK,WORDS,b,m); cout << ";" << endl;
-
- while (!Q.set(randn2())) ;
-
- TT=t*t-2*p;
- PP=p*p;
- FF=sqrt((4*PP-TT*TT)/3);
- np=PP+1-(-3*FF+TT)/2; // 2 possibilities...
-
- Q=(np/q)*Q;
-
- Q.get(Xa,Ya);
- Xa.get(a,b);
- cout << "CURVE_Pxa="; output(CHUNK,WORDS,a,m); cout << ";" << endl;
- cout << "CURVE_Pxb="; output(CHUNK,WORDS,b,m); cout << ";" << endl;
- Ya.get(a,b);
- cout << "CURVE_Pya="; output(CHUNK,WORDS,a,m); cout << ";" << endl;
- cout << "CURVE_Pyb="; output(CHUNK,WORDS,b,m); cout << ";" << endl;
-
- Q*=q;
- if (!Q.iszero())
- {
- cout << "**** Failed ****" << endl;
- cout << "\nQ= " << Q << endl << endl;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/bngen.cpp
----------------------------------------------------------------------
diff --git a/version22/bngen.cpp b/version22/bngen.cpp
deleted file mode 100644
index da4c10c..0000000
--- a/version22/bngen.cpp
+++ /dev/null
@@ -1,251 +0,0 @@
-/*
-Copyright 2015 CertiVox UK Ltd
-
-This file is part of The CertiVox MIRACL IOT Crypto SDK (MiotCL)
-
-MiotCL is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-MiotCL is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with MiotCL. If not, see <http://www.gnu.org/licenses/>.
-
-You can be released from the requirements of the license by purchasing
-a commercial license.
-*/
-
-/* BNGEN - Helper MIRACL program to generate constants for BN curve
-
-(MINGW build)
-
-g++ -O3 bngen.cpp big.cpp zzn.cpp zzn2.cpp ecn2.cpp miracl.a -o bngen.exe
-
-This ONLY works for D-type curves of the form y^2=x^3+2, with a negative x parameter, and x=3 mod 4
-
-*/
-
-#include <iostream>
-#include "big.h"
-#include "zzn2.h"
-#include "ecn2.h"
-
-using namespace std;
-
-Miracl precision(20,0);
-
-Big output(int chunk,int w,Big t,Big m)
-{
- Big last,y=t;
-
- cout << "{";
- for (int i=0;i<w;i++)
- {
- last=y%m;
- cout << "0x" << last;
- y/=m;
- if (i==w-1) break;
- if (chunk==64) cout << "L,";
- else cout << ",";
- }
-
- if (chunk==64) cout << "L}";
- else cout << "}";
- return last;
-}
-
-void q_power_frobenius(ECn2 &A,ZZn2 &F)
-{
-// Fast multiplication of A by q (for Trace-Zero group members only)
- ZZn2 x,y,z,w,r;
-
- A.get(x,y);
-
- w=F*F;
- r=F;
-
- if (get_mip()->TWIST==MR_SEXTIC_M) r=inverse(F); // could be precalculated
- if (get_mip()->TWIST==MR_SEXTIC_D) r=F;
-
- w=r*r;
- x=w*conj(x);
- y=r*w*conj(y);
-
- A.set(x,y);
-}
-
-//
-// Faster Hashing to G2 - Fuentes-Castaneda, Knapp and Rodriguez-Henriquez
-//
-
-void cofactor(ECn2& S,ZZn2 &F,Big& x)
-{
- ECn2 T,K;
- T=S;
- T*=-x;
- T.norm();
- K=(T+T)+T;
- K.norm();
- q_power_frobenius(K,F);
- q_power_frobenius(S,F); q_power_frobenius(S,F); q_power_frobenius(S,F);
- S+=T; S+=K;
- q_power_frobenius(T,F); q_power_frobenius(T,F);
- S+=T;
- S.norm();
-}
-
-void set_frobenius_constant(ZZn2 &X)
-{
- Big p=get_modulus();
- switch (get_mip()->pmod8)
- {
- case 5:
- X.set((Big)0,(Big)1); // = (sqrt(-2)^(p-1)/2
- break;
- case 3: // = (1+sqrt(-1))^(p-1)/2
- X.set((Big)1,(Big)1);
- break;
- case 7:
- X.set((Big)2,(Big)1); // = (2+sqrt(-1))^(p-1)/2
- default: break;
- }
- X=pow(X,(p-1)/6);
-}
-
-/* Fill in this bit yourself.... */
-
-#define CHUNK 64 /* processor word size */
-#define MBITS 454 /* Modulus size in bits */
-
-/* This next from output of check.cpp program */
-#define BASEBITS 60
-
-#define MODTYPE NOT_SPECIAL
-#define CURVETYPE WEIERSTRASS
-#define CURVE_A 0 // like A parameter in CURVE: y^2=x^3+Ax+B
-
-/* .....to here */
-
-#define WORDS (1+((MBITS-1)/BASEBITS))
-
-int main()
-{
- miracl *mip=&precision;
- Big p,q,R,cru;
- Big m,x,y,w,t,c,n,r,a,b,gx,gy,B,xa,xb,ya,yb,cof;
- ZZn2 X;
- ECn2 Q;
- ZZn2 Xa,Ya;
- int i;
-
- mip->IOBASE=16;
-
-/* Set BN value x which determines curve - note that x is assumed to be negative */
-
-// x=(char *)"6000000000101041"; // for full 256-bit GT_STRONG parameter
-// x=(char *)"4080000000000001"; // Fast but not not GT_STRONG parameter
-
-// x=(char *)"4000020100608205"; // G2 and GT-Strong parameter
-// x=(char *)"4000000003C012B1"; // CertiVox's GT_STRONG parameter
-// x=(char *)"10000000000000000000004000000000000001001";
-// x=(char *)"4000806000004081"; // Best GT_STRONG parameter
-
-/* Fill in this bit yourself... */
-
-// x=(char *)"4080000000000001"; // Nogami's fast parameter
- x=(char *)"10000010000000000000100000001";
-// x=(char *)"10000000000000000000004000000000000001001";
-
-/* ... to here */
-
- p=36*pow(x,4)-36*pow(x,3)+24*x*x-6*x+1;
- ecurve((Big)0,(Big)2,p,MR_AFFINE);
- mip->TWIST=MR_SEXTIC_D;
- t=6*x*x+1;
- q=p+1-t;
- cof=1;
- B=2;
- gx=p-1;
- gy=1;
-
- cout << "MOD8 " << p%8 << endl;
-
- m=pow((Big)2,BASEBITS);
-
- cout << "MConst=0x" << inverse(m-p%m,m) << ";" << endl;
-
- cout << "Modulus="; output(CHUNK,WORDS,p,m); cout << ";" << endl;
-
- cout << "CURVE_Order="; output(CHUNK,WORDS,q,m); cout << ";" << endl;
- cout << "CURVE_Cof="; output(CHUNK,WORDS,cof,m); cout << ";" << endl;
- cout << "CURVE_B= "; output(CHUNK,WORDS,B,m); cout << ";" << endl;
- cout << "CURVE_Gx="; output(CHUNK,WORDS,gx,m); cout << ";" << endl;
- cout << "CURVE_Gy="; output(CHUNK,WORDS,gy,m); cout << ";" << endl;
- cout << endl;
- cout << "CURVE_Bnx="; output(CHUNK,WORDS,x,m); cout << ";" << endl;
-
- cru=(18*pow(x,3)-18*x*x+9*x-2);
- cout << "CURVE_Cru="; output(CHUNK,WORDS,cru,m); cout << ";" << endl;
-
- set_frobenius_constant(X);
- X.get(a,b);
- cout << "CURVE_Fra="; output(CHUNK,WORDS,a,m); cout << ";" << endl;
- cout << "CURVE_Frb="; output(CHUNK,WORDS,b,m); cout << ";" << endl;
-
- Xa.set((ZZn)0,(ZZn)-1);
- Ya.set((ZZn)1,ZZn(0));
- Q.set(Xa,Ya);
-
-// cofactor(Q,X,x);
-
- Q=(p-1+t)*Q;
-
- Q.get(Xa,Ya);
- Xa.get(a,b);
- cout << "CURVE_Pxa="; output(CHUNK,WORDS,a,m); cout << ";" << endl;
- cout << "CURVE_Pxb="; output(CHUNK,WORDS,b,m); cout << ";" << endl;
- Ya.get(a,b);
- cout << "CURVE_Pya="; output(CHUNK,WORDS,a,m); cout << ";" << endl;
- cout << "CURVE_Pyb="; output(CHUNK,WORDS,b,m); cout << ";" << endl;
-
-// Q*=q;
-// cout << "Q= " << Q << endl;
-
-
- cout << "CURVE_W[2]={"; output(CHUNK,WORDS,6*x*x-4*x+1,m);cout << ","; output(CHUNK,WORDS,(2*x-1),m); cout << "};" << endl;
- cout << "CURVE_SB[2][2]={"; cout << "{"; output(CHUNK,WORDS,6*x*x-2*x,m); cout << ","; output(CHUNK,WORDS,(2*x-1),m); cout << "}";cout << ","; cout << "{"; output(CHUNK,WORDS,(2*x-1),m); cout << ","; output(CHUNK,WORDS,q-(6*x*x-4*x+1),m); cout << "}"; cout << "};" << endl;
-
- cout << "CURVE_WB[4]={"; output(CHUNK,WORDS,2*x*x-3*x+1,m); cout << ","; output(CHUNK,WORDS,12*x*x*x-8*x*x+x,m);
- cout << ","; output(CHUNK,WORDS,6*x*x*x-4*x*x+x,m); cout << ","; output(CHUNK,WORDS,2*x*x-x,m); cout << "};" << endl;
-
- cout << "CURVE_BB[4][4]={";
- cout << "{";
- output(CHUNK,WORDS,q-x+1,m);
- cout << ","; output(CHUNK,WORDS,q-x,m);
- cout << ","; output(CHUNK,WORDS,q-x,m);
- cout << ","; output(CHUNK,WORDS,2*x,m);
- cout << "}";
-
- cout << ","; cout << "{";output(CHUNK,WORDS,2*x-1,m);
- cout << ","; output(CHUNK,WORDS,q-x,m);
- cout << ","; output(CHUNK,WORDS,q-x+1,m);
- cout << ","; output(CHUNK,WORDS,q-x,m);
- cout << "}";
- cout << ","; cout << "{"; output(CHUNK,WORDS,2*x,m);
- cout << ","; output(CHUNK,WORDS,2*x-1,m);
- cout << ","; output(CHUNK,WORDS,2*x-1,m);
- cout << ","; output(CHUNK,WORDS,2*x-1,m);
- cout << "}";
-
- cout << ","; cout << "{"; output(CHUNK,WORDS,x+1,m);
- cout << ","; output(CHUNK,WORDS,4*x-2,m);
- cout << ","; output(CHUNK,WORDS,q-2*x-1,m);
- cout << ","; output(CHUNK,WORDS,x+1,m);
- cout << "}";
- cout << "};" << endl;
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/CARSK.pem
----------------------------------------------------------------------
diff --git a/version22/c/CARSK.pem b/version22/c/CARSK.pem
deleted file mode 100644
index 743aead..0000000
--- a/version22/c/CARSK.pem
+++ /dev/null
@@ -1,54 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-256-CBC,E7A447797FE65D8D1309B743D8BA74B7
-
-G+ZhtxB+W4fKo11fAzggY0OOOB1RAwwSZFZ0DhlYEl76BLMUlXUfiziGQvpKcKdW
-aKcCPqmWw0TFkgwdwRB1NPu2tX786tNF3tIQa33TEuaY1ekyP9DpQdGksNHEIZ5N
-fCW22KJ+7lcm5/0G8IJXXUAAXiE65o+X+6vlmT9nzSPlCKOZvb0ITtahuphzg6l3
-QmXHYYtflKoqv9mFo63IGIp2EXjAlJUlVs+8f1NG+8b4J0KrHXx5MmvNBn+86GEV
-8lyryqgVFRxfbcvDI2s7GGLW4KZCDCRxRrG3GTtXRjJaVjw7VutL1teUfHKOegpA
-iFa0HNpILpqu6K99DBcteJaFxW3gOr3PdaylC046G+P059AnBA86lsJedKjbJ3WW
-DXtOawuBIQ3iIrGJ/q5vMK7cbAG785HOaqMQth0YPB/VFklsjAd/RW2CKr94ggB9
-wU1/IUcJ25pz/ph/7h7KDjoxIa1OEx5EHzzrFc88jGAmEBSfx6J5tU2GtruJhoqr
-SpiW36KQt+xFydfjywxO32BQ9YPae1yeQQwrX67YBNUkQhQpff7KxqqQJt7wqAVL
-vD4jthqRHOutco/It0cuqyO8dK01UDB6UIZdRlJuJ83HmqI+3YDtd2MOUIteSXMb
-4wAhMf1XFB6FQUuzB9Nc85wXWa5a7qyP63VMoPgiqgh7g5Is52hlcFcIBz6GE+h6
-Oz8FnaVX5K7Co2XojTJ3f99t5oEvF3aMPbCnG6izFQYNH+o8XTxRrldpb7hvoU6t
-z3lh4i8p2lq/DO1F8C9jKX0nJiSK311beuqkb0pA4VBPYNYBvx+UP3zBdcE82sab
-2flx1m6/OrJnyDMAOZAUFdbarU4AFJgLrBWbDjouCDHlQLZjY6ubBlvmslzY9QdR
-A1ssy1+wi39bM6ZSnrS1310/JDQPdIrd6Srh6e+54xiJHpjcvqE77uBeeje9ilHB
-pXdKi6Hv873yrI5T/F5zonKoFc1OO4cOrc8MLaQs0kJTcjXdg9uNk3AYKDYyq5JV
-gvJU2c/W/Z4pq0ve2ekETXjaoz2DSzbg1LGgzy/AOdPukmNgADn9qRyNtgwr30ix
-kDRjEG9bt5unkskXjdqtwl6mKiYvtM2SPfncdyCW3tqW++a7GvlA1TLecgzw9t40
-+m0gKcIBj/vy6VFiLluQy7J59+MD6BNVxSeFvR2gMsj1sIxsIrq4lxPyG4knp3RA
-JeKTDes5DrquboJ1usl2ra8v5njJB8phHDVss4rBtlWuw5zBagaTN2PU8GLzmte6
-6PeagGDYNl2zoTMVOtTQ1BYDE08IS6ZNqSftrkGx4ypDnI5EHqoAl+ksSenGq2eg
-0/vW768hHSmQXIZHsV6YuI2nqYoM+SDAAFg38hnrtoIYEf0XYhHhr3hasL1ckWxG
-Q/fAlZynbxKL98KKB47eXXky0CHeJ77zICD1sotXIJJN4yMeDW14HIFCV/G9l+RI
-NYHCYzlnoaz244TTidsyYt02GYbR3zshhUw1CNn4THHQl9p4o7jYO/gFZtelc3+V
-SeVOKCXiSnJPhPiFVbnhlpJ7+4GhdpZRi84a6aLRinOUZf0WjYspOKhEaPOP5e1m
-ZKgC6vqqWawN+NQhHNG/S8Opu/TAt0hNE5fCYUUdWCL3MmuJPSsJ0orEtV3TAqLz
-q4znU2fzh3nuTKVWxeHbiVJ8dW50JhhixDYW4KrW8U/KHpqIRc3CztZllFrH/5ly
-al1FqhsNt4DgJwgqz34MMtKFOWw5K9/DPB/Dy0s9BrxkE5B6dxwj5S9RcVMkkkw/
-xVF2qt7ApLcPl84iQtP+Dz+bGWCL7LeeO5JG42Al4M3buO5b+34N4CpRHZh5E6AW
-uRbFuY/RiiqOxG+PQmWRdnEReBf4ORgocr5Kv3PAjp2LUf4aeSBsmml2CV7lgJue
-BOPJuiHL9YTfBchABi1dkMTjXUshtbtxLmBVJmkFsaTsMZsKKKRuIk+O80yYOncd
-uF+vKn1+F1hMV84ejIjLjreq+yTSDvVlmQn5v4jbDLtlpYBFoaMPq1GBqt0ZYSrK
-/sy/sy+jzneESlb520jOtSd2sryXL3jJOxJauZltALmJ5ZqImJ1NXZ8vTTwLmMaA
-DG3PqtZprI8oOj/iPXCcMPXkaLWJ+lVIfIqfxXYSMwj9ZVYoRBaYmym33v7pZtkn
-/8zLXv8J19LSoG+Ykfaf7Sf8fi0FzRmrj7jjXc2Sf5m1PhS2Ss17J8YydXeulKER
-M1TPOcfrkvdHZzt+ECNkqDxbbskaUTm9HdZ5HTdybnLryQalEzR9jzC02QobDOiI
-eQ6j0MjEpK4KQ9HY+deZiFysKQopvBjD7uSoq8gTBtLD4gpYVveD7Y5tlwVknrhl
-iFhdRCAgC6XLE+N7PkQm+nyI9T/IERSP9zDQyTguJKP4sq3Hl6hCkjuuogD6nLmP
-pKL4z+u0pqEakNExFxsDL/hf2G3KnFEJHhtT4/JlxuuJhdKs1uCO7zzWratwbFM1
-EQ9euYxLutt/5sNOaU+uabmk4R4ziRsdFYDOHBQR3IhoUJ9L4UhPvMZTo+ZSHpWC
-ellUk5UspPR3pzcd+lnQQGNTkwzMWayhSFfFJ6sdvfd1TTNflYpFhLHOD+ZSx4go
-/VrkSOkoXZtdr8a6cqOI1wOQIoeYjama4h+R+XW1jrc52GHchhrx7ZPjWGllYN5g
-ypzWl9gFbGGfx1gmIt6OCfCIcGxOMS7o5taCUpjiqU75Ts4Ri+/c6RJcI3CqBBT6
-mJ+nSfTZ7hMTaCmmmkYbvcCcAVZ9W/IxyVMj/p7pI7sH65vz3mNC7E/veF7rlSSZ
-EvgSjv12FgmD5rGtW5b0bbbylOvRygo1BpgCWSp91R22Yw+pjZilSvy0kWEMq2yx
-d6sLdkjZgLtp2NPMCM51OpuO0Hidd7KwdaJoB5rJwGs1+JWKtv/Xr4cSBXzpgDWl
-LxaGwC0KcDVoGRqvJldGuCpdN56yC46njzgZmQBq2QXthrJ1wveMiwpyFd/fu4KJ
-gu+OlNzMvZRz9zJkfHdswnx/P/E+FR/yv+W1ZKKhb6hBHoW7HOuJecjmbZpD562Y
-snzQ+Ehc3H88Mykzcc/iHZabNbP+M2TcPQ5eLvd2oPKsSFZw7EHU1B6XFpzk6r8x
------END RSA PRIVATE KEY-----
[18/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/config32.py
----------------------------------------------------------------------
diff --git a/version3/c/config32.py b/version3/c/config32.py
deleted file mode 100644
index ebefbff..0000000
--- a/version3/c/config32.py
+++ /dev/null
@@ -1,645 +0,0 @@
-import os
-import sys
-
-deltext=""
-if sys.platform.startswith("linux") :
- deltext="rm"
- copytext="cp"
-if sys.platform.startswith("darwin") :
- deltext="rm"
- copytext="cp"
-if sys.platform.startswith("win") :
- deltext="del"
- copytext="copy"
-
-def replace(namefile,oldtext,newtext):
- f = open(namefile,'r')
- filedata = f.read()
- f.close()
-
- newdata = filedata.replace(oldtext,newtext)
-
- f = open(namefile,'w')
- f.write(newdata)
- f.close()
-
-
-def rsaset(tb,tff,nb,base,ml) :
- bd=tb+"_"+base
- fnameh="config_big_"+bd+".h"
- os.system(copytext+" config_big.h "+fnameh)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"@NB@",nb)
- replace(fnameh,"@BASE@",base)
-
- fnameh="config_ff_"+tff+".h"
- os.system(copytext+" config_ff.h "+fnameh)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"WWW",tff)
- replace(fnameh,"@ML@",ml);
-
- fnamec="big_"+bd+".c"
- fnameh="big_"+bd+".h"
-
- os.system(copytext+" big.c "+fnamec)
- os.system(copytext+" big.h "+fnameh)
-
- replace(fnamec,"XXX",bd)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- fnamec="ff_"+tff+".c"
- fnameh="ff_"+tff+".h"
-
- os.system(copytext+" ff.c "+fnamec)
- os.system(copytext+" ff.h "+fnameh)
-
- replace(fnamec,"WWW",tff)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"WWW",tff)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- fnamec="rsa_"+tff+".c"
- fnameh="rsa_"+tff+".h"
-
- os.system(copytext+" rsa.c "+fnamec)
- os.system(copytext+" rsa.h "+fnameh)
-
- replace(fnamec,"WWW",tff)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"WWW",tff)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
-def curveset(tb,tf,tc,nb,base,nbt,m8,mt,ct,pf,stw,sx,cs) :
- bd=tb+"_"+base
-
- fnameh="config_big_"+bd+".h"
- os.system(copytext+" config_big.h "+fnameh)
-
- replace(fnameh,"XXX",bd)
- replace(fnameh,"@NB@",nb)
- replace(fnameh,"@BASE@",base)
-
-
- fnameh="config_field_"+tf+".h"
- os.system(copytext+" config_field.h "+fnameh)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"@NBT@",nbt)
- replace(fnameh,"@M8@",m8)
- replace(fnameh,"@MT@",mt)
-
- ib=int(base)
-
- ib=int(base)
- inb=int(nb)
- inbt=int(nbt)
- sh=ib*(1+((8*inb-1)//ib))-inbt
- if sh > 14 :
- sh=14
- replace(fnameh,"@SH@",str(sh))
-
- fnameh="config_curve_"+tc+".h"
- os.system(copytext+" config_curve.h "+fnameh)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"@CT@",ct)
- replace(fnameh,"@PF@",pf)
-
- replace(fnameh,"@ST@",stw)
- replace(fnameh,"@SX@",sx)
- replace(fnameh,"@CS@",cs)
-
- fnamec="big_"+bd+".c"
- fnameh="big_"+bd+".h"
-
- os.system(copytext+" big.c "+fnamec)
- os.system(copytext+" big.h "+fnameh)
-
- replace(fnamec,"XXX",bd)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- fnamec="fp_"+tf+".c"
- fnameh="fp_"+tf+".h"
-
- os.system(copytext+" fp.c "+fnamec)
- os.system(copytext+" fp.h "+fnameh)
-
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- os.system("gcc -O3 -std=c99 -c rom_field_"+tf+".c");
-
- fnamec="ecp_"+tc+".c"
- fnameh="ecp_"+tc+".h"
-
- os.system(copytext+" ecp.c "+fnamec)
- os.system(copytext+" ecp.h "+fnameh)
-
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- fnamec="ecdh_"+tc+".c"
- fnameh="ecdh_"+tc+".h"
-
- os.system(copytext+" ecdh.c "+fnamec)
- os.system(copytext+" ecdh.h "+fnameh)
-
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- os.system("gcc -O3 -std=c99 -c rom_curve_"+tc+".c");
-
- if pf != "NOT" :
- fnamec="fp2_"+tf+".c"
- fnameh="fp2_"+tf+".h"
-
- os.system(copytext+" fp2.c "+fnamec)
- os.system(copytext+" fp2.h "+fnameh)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- fnamec="fp4_"+tf+".c"
- fnameh="fp4_"+tf+".h"
-
- os.system(copytext+" fp4.c "+fnamec)
- os.system(copytext+" fp4.h "+fnameh)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnamec,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
-
- if cs == "128" :
- fnamec="fp12_"+tf+".c"
- fnameh="fp12_"+tf+".h"
-
- os.system(copytext+" fp12.c "+fnamec)
- os.system(copytext+" fp12.h "+fnameh)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- fnamec="ecp2_"+tc+".c"
- fnameh="ecp2_"+tc+".h"
-
- os.system(copytext+" ecp2.c "+fnamec)
- os.system(copytext+" ecp2.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- fnamec="pair_"+tc+".c"
- fnameh="pair_"+tc+".h"
-
- os.system(copytext+" pair.c "+fnamec)
- os.system(copytext+" pair.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- fnamec="mpin_"+tc+".c"
- fnameh="mpin_"+tc+".h"
-
- os.system(copytext+" mpin.c "+fnamec)
- os.system(copytext+" mpin.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- if cs == "192" :
- fnamec="fp8_"+tf+".c"
- fnameh="fp8_"+tf+".h"
-
- os.system(copytext+" fp8.c "+fnamec)
- os.system(copytext+" fp8.h "+fnameh)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnamec,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
-
- fnamec="fp24_"+tf+".c"
- fnameh="fp24_"+tf+".h"
-
- os.system(copytext+" fp24.c "+fnamec)
- os.system(copytext+" fp24.h "+fnameh)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- fnamec="ecp4_"+tc+".c"
- fnameh="ecp4_"+tc+".h"
-
- os.system(copytext+" ecp4.c "+fnamec)
- os.system(copytext+" ecp4.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- fnamec="pair192_"+tc+".c"
- fnameh="pair192_"+tc+".h"
-
- os.system(copytext+" pair192.c "+fnamec)
- os.system(copytext+" pair192.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- fnamec="mpin192_"+tc+".c"
- fnameh="mpin192_"+tc+".h"
-
- os.system(copytext+" mpin192.c "+fnamec)
- os.system(copytext+" mpin192.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- if cs == "256" :
-
- fnamec="fp8_"+tf+".c"
- fnameh="fp8_"+tf+".h"
-
- os.system(copytext+" fp8.c "+fnamec)
- os.system(copytext+" fp8.h "+fnameh)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnamec,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
-
- fnamec="ecp8_"+tc+".c"
- fnameh="ecp8_"+tc+".h"
-
- os.system(copytext+" ecp8.c "+fnamec)
- os.system(copytext+" ecp8.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
-
- fnamec="fp16_"+tf+".c"
- fnameh="fp16_"+tf+".h"
-
- os.system(copytext+" fp16.c "+fnamec)
- os.system(copytext+" fp16.h "+fnameh)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnamec,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
-
- fnamec="fp48_"+tf+".c"
- fnameh="fp48_"+tf+".h"
-
- os.system(copytext+" fp48.c "+fnamec)
- os.system(copytext+" fp48.h "+fnameh)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
-
- fnamec="pair256_"+tc+".c"
- fnameh="pair256_"+tc+".h"
-
- os.system(copytext+" pair256.c "+fnamec)
- os.system(copytext+" pair256.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- fnamec="mpin256_"+tc+".c"
- fnameh="mpin256_"+tc+".h"
-
- os.system(copytext+" mpin256.c "+fnamec)
- os.system(copytext+" mpin256.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
-replace("arch.h","@WL@","32")
-print("Elliptic Curves")
-print("1. ED25519")
-print("2. C25519")
-print("3. NIST256")
-print("4. BRAINPOOL")
-print("5. ANSSI")
-print("6. HIFIVE")
-print("7. GOLDILOCKS")
-print("8. NIST384")
-print("9. C41417")
-print("10. NIST521\n")
-print("11. NUMS256W")
-print("12. NUMS256E")
-print("13. NUMS384W")
-print("14. NUMS384E")
-print("15. NUMS512W")
-print("16. NUMS512E")
-print("17. SECP256K1\n")
-
-print("Pairing-Friendly Elliptic Curves")
-print("18. BN254")
-print("19. BN254CX")
-print("20. BLS383")
-print("21. BLS381")
-print("22. FP256BN")
-print("23. FP512BN")
-print("24. BLS461\n")
-print("25. BLS24")
-print("26. BLS48\n")
-
-print("RSA")
-print("27. RSA2048")
-print("28. RSA3072")
-print("29. RSA4096")
-
-selection=[]
-ptr=0
-max=30
-
-curve_selected=False
-pfcurve_selected=False
-rsa_selected=False
-
-while ptr<max:
- x=int(input("Choose a Scheme to support - 0 to finish: "))
- if x == 0:
- break
-# print("Choice= ",x)
- already=False
- for i in range(0,ptr):
- if x==selection[i]:
- already=True
- break
- if already:
- continue
-
- selection.append(x)
- ptr=ptr+1
-
-# curveset(big,field,curve,big_length_bytes,bits_in_base,modulus_bits,modulus_mod_8,modulus_type,curve_type,pairing_friendly,sextic twist,sign of x,curve security)
-# for each curve give names for big, field and curve. In many cases the latter two will be the same.
-# Typically "big" is the size in bits, always a multiple of 8, "field" describes the modulus, and "curve" is the common name for the elliptic curve
-# big_length_bytes is "big" divided by 8
-# Next give the number base used for 32 bit architectures, as n where the base is 2^n (note that these must be fixed for the same "big" name, if is ever re-used for another curve)
-# modulus_bits is the bit length of the modulus, typically the same or slightly smaller than "big"
-# modulus_mod_8 is the remainder when the modulus is divided by 8
-# modulus_type is NOT_SPECIAL, or PSEUDO_MERSENNE, or MONTGOMERY_Friendly, or GENERALISED_MERSENNE (supported for GOLDILOCKS only)
-# curve_type is WEIERSTRASS, EDWARDS or MONTGOMERY
-# pairing_friendly is BN, BLS or NOT (if not pairing friendly)
-# if pairing friendly. M or D type twist, and sign of the family parameter x
-# curve security is AES equiavlent, rounded up.
-
- if x==1:
- curveset("256","25519","ED25519","32","29","255","5","PSEUDO_MERSENNE","EDWARDS","NOT","","","128")
- curve_selected=True
- if x==2:
- curveset("256","25519","C25519","32","29","255","5","PSEUDO_MERSENNE","MONTGOMERY","NOT","","","128")
- curve_selected=True
- if x==3:
- curveset("256","NIST256","NIST256","32","28","256","7","NOT_SPECIAL","WEIERSTRASS","NOT","","","128")
- curve_selected=True
- if x==4:
- curveset("256","BRAINPOOL","BRAINPOOL","32","28","256","7","NOT_SPECIAL","WEIERSTRASS","NOT","","","128")
- curve_selected=True
- if x==5:
- curveset("256","ANSSI","ANSSI","32","28","256","7","NOT_SPECIAL","WEIERSTRASS","NOT","","","128")
- curve_selected=True
-
- if x==6:
- curveset("336","HIFIVE","HIFIVE","42","29","336","5","PSEUDO_MERSENNE","EDWARDS","NOT","","","192")
- curve_selected=True
- if x==7:
- curveset("448","GOLDILOCKS","GOLDILOCKS","56","29","448","7","GENERALISED_MERSENNE","EDWARDS","NOT","","","256")
- curve_selected=True
- if x==8:
- curveset("384","NIST384","NIST384","48","29","384","7","NOT_SPECIAL","WEIERSTRASS","NOT","","","192")
- curve_selected=True
- if x==9:
- curveset("416","C41417","C41417","52","29","414","7","PSEUDO_MERSENNE","EDWARDS","NOT","","","256")
- curve_selected=True
- if x==10:
- curveset("528","NIST521","NIST521","66","28","521","7","PSEUDO_MERSENNE","WEIERSTRASS","NOT","","","256")
- curve_selected=True
-
- if x==11:
- curveset("256","256PMW","NUMS256W","32","28","256","3","PSEUDO_MERSENNE","WEIERSTRASS","NOT","","","128")
- curve_selected=True
- if x==12:
- curveset("256","256PME","NUMS256E","32","29","256","3","PSEUDO_MERSENNE","EDWARDS","NOT","","","128")
- curve_selected=True
- if x==13:
- curveset("384","384PM","NUMS384W","48","29","384","3","PSEUDO_MERSENNE","WEIERSTRASS","NOT","","","192")
- curve_selected=True
- if x==14:
- curveset("384","384PM","NUMS384E","48","29","384","3","PSEUDO_MERSENNE","EDWARDS","NOT","","","192")
- curve_selected=True
- if x==15:
- curveset("512","512PM","NUMS512W","64","29","512","7","PSEUDO_MERSENNE","WEIERSTRASS","NOT","","","256")
- curve_selected=True
- if x==16:
- curveset("512","512PM","NUMS512E","64","29","512","7","PSEUDO_MERSENNE","EDWARDS","NOT","","","256")
- curve_selected=True
-
- if x==17:
- curveset("256","SECP256K1","SECP256K1","32","28","256","7","NOT_SPECIAL","WEIERSTRASS","NOT","","","128")
- curve_selected=True
-
-
- if x==18:
- curveset("256","BN254","BN254","32","28","254","3","NOT_SPECIAL","WEIERSTRASS","BN","D_TYPE","NEGATIVEX","128")
- pfcurve_selected=True
- if x==19:
- curveset("256","BN254CX","BN254CX","32","28","254","3","NOT_SPECIAL","WEIERSTRASS","BN","D_TYPE","NEGATIVEX","128")
- pfcurve_selected=True
- if x==20:
- curveset("384","BLS383","BLS383","48","29","383","3","NOT_SPECIAL","WEIERSTRASS","BLS","M_TYPE","POSITIVEX","128")
- pfcurve_selected=True
-
- if x==21:
- curveset("384","BLS381","BLS381","48","29","381","3","NOT_SPECIAL","WEIERSTRASS","BLS","M_TYPE","NEGATIVEX","128")
- pfcurve_selected=True
-
- if x==22:
- curveset("256","FP256BN","FP256BN","32","28","256","3","NOT_SPECIAL","WEIERSTRASS","BN","M_TYPE","NEGATIVEX","128")
- pfcurve_selected=True
- if x==23:
- curveset("512","FP512BN","FP512BN","64","29","512","3","NOT_SPECIAL","WEIERSTRASS","BN","M_TYPE","POSITIVEX","128")
- pfcurve_selected=True
-# https://eprint.iacr.org/2017/334.pdf
- if x==24:
- curveset("464","BLS461","BLS461","58","28","461","3","NOT_SPECIAL","WEIERSTRASS","BLS","M_TYPE","NEGATIVEX","128")
- pfcurve_selected=True
-
- if x==25:
- curveset("480","BLS24","BLS24","60","29","479","3","NOT_SPECIAL","WEIERSTRASS","BLS","M_TYPE","POSITIVEX","192")
- pfcurve_selected=True
-
-
- if x==26:
- curveset("560","BLS48","BLS48","70","29","556","3","NOT_SPECIAL","WEIERSTRASS","BLS","M_TYPE","POSITIVEX","256")
- pfcurve_selected=True
-
-
-# rsaset(big,ring,big_length_bytes,bits_in_base,multiplier)
-# for each choice give distinct names for "big" and "ring".
-# Typically "big" is the length in bits of the underlying big number type
-# "ring" is the RSA modulus size = "big" times 2^m
-# big_length_bytes is "big" divided by 8
-# Next give the number base used for 32 bit architecture, as n where the base is 2^n
-# multiplier is 2^m (see above)
-
-# There are choices here, different ways of getting the same result, but some faster than others
- if x==27:
- #256 is slower but may allow reuse of 256-bit BIGs used for elliptic curve
- #512 is faster.. but best is 1024
- rsaset("1024","2048","128","28","2")
- #rsaset("512","2048","64","29","4")
- #rsaset("256","2048","32","29","8")
- rsa_selected=True
- if x==28:
- rsaset("384","3072","48","28","8")
- rsa_selected=True
- if x==29:
- #rsaset("256","4096","32","29","16")
- rsaset("512","4096","64","29","8")
- rsa_selected=True
-
-
-os.system(deltext+" big.*")
-os.system(deltext+" fp.*")
-os.system(deltext+" ecp.*")
-os.system(deltext+" ecdh.*")
-os.system(deltext+" ff.*")
-os.system(deltext+" rsa.*")
-os.system(deltext+" config_big.h")
-os.system(deltext+" config_field.h")
-os.system(deltext+" config_curve.h")
-os.system(deltext+" config_ff.h")
-os.system(deltext+" fp2.*")
-os.system(deltext+" fp4.*")
-os.system(deltext+" fp8.*")
-os.system(deltext+" fp16.*")
-
-
-os.system(deltext+" fp12.*")
-os.system(deltext+" fp24.*")
-os.system(deltext+" fp48.*")
-
-os.system(deltext+" ecp2.*")
-os.system(deltext+" ecp4.*")
-os.system(deltext+" ecp8.*")
-
-os.system(deltext+" pair.*")
-os.system(deltext+" mpin.*")
-
-os.system(deltext+" pair192.*")
-os.system(deltext+" mpin192.*")
-
-os.system(deltext+" pair256.*")
-os.system(deltext+" mpin256.*")
-
-# create library
-os.system("gcc -O3 -std=c99 -c randapi.c")
-if curve_selected :
- os.system("gcc -O3 -std=c99 -c ecdh_support.c")
-if rsa_selected :
- os.system("gcc -O3 -std=c99 -c rsa_support.c")
-if pfcurve_selected :
- os.system("gcc -O3 -std=c99 -c pbc_support.c")
-
-os.system("gcc -O3 -std=c99 -c hash.c")
-os.system("gcc -O3 -std=c99 -c rand.c")
-os.system("gcc -O3 -std=c99 -c oct.c")
-os.system("gcc -O3 -std=c99 -c aes.c")
-os.system("gcc -O3 -std=c99 -c gcm.c")
-os.system("gcc -O3 -std=c99 -c newhope.c")
-
-if sys.platform.startswith("win") :
- os.system("for %i in (*.o) do @echo %~nxi >> f.list")
- os.system("ar rc amcl.a @f.list")
- os.system(deltext+" f.list")
-
-else :
- os.system("ar rc amcl.a *.o")
-
-os.system(deltext+" *.o")
-
-#print("Your section was ");
-#for i in range(0,ptr):
-# print (selection[i])
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/config64.py
----------------------------------------------------------------------
diff --git a/version3/c/config64.py b/version3/c/config64.py
deleted file mode 100644
index af08df3..0000000
--- a/version3/c/config64.py
+++ /dev/null
@@ -1,639 +0,0 @@
-import os
-import sys
-
-deltext=""
-if sys.platform.startswith("linux") :
- deltext="rm"
- copytext="cp"
-if sys.platform.startswith("darwin") :
- deltext="rm"
- copytext="cp"
-if sys.platform.startswith("win") :
- deltext="del"
- copytext="copy"
-
-def replace(namefile,oldtext,newtext):
- f = open(namefile,'r')
- filedata = f.read()
- f.close()
-
- newdata = filedata.replace(oldtext,newtext)
-
- f = open(namefile,'w')
- f.write(newdata)
- f.close()
-
-
-def rsaset(tb,tff,nb,base,ml) :
- bd=tb+"_"+base
- fnameh="config_big_"+bd+".h"
- os.system(copytext+" config_big.h "+fnameh)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"@NB@",nb)
- replace(fnameh,"@BASE@",base)
-
- fnameh="config_ff_"+tff+".h"
- os.system(copytext+" config_ff.h "+fnameh)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"WWW",tff)
- replace(fnameh,"@ML@",ml);
-
- fnamec="big_"+bd+".c"
- fnameh="big_"+bd+".h"
-
- os.system(copytext+" big.c "+fnamec)
- os.system(copytext+" big.h "+fnameh)
-
- replace(fnamec,"XXX",bd)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- fnamec="ff_"+tff+".c"
- fnameh="ff_"+tff+".h"
-
- os.system(copytext+" ff.c "+fnamec)
- os.system(copytext+" ff.h "+fnameh)
-
- replace(fnamec,"WWW",tff)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"WWW",tff)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- fnamec="rsa_"+tff+".c"
- fnameh="rsa_"+tff+".h"
-
- os.system(copytext+" rsa.c "+fnamec)
- os.system(copytext+" rsa.h "+fnameh)
-
- replace(fnamec,"WWW",tff)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"WWW",tff)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
-def curveset(tb,tf,tc,nb,base,nbt,m8,mt,ct,pf,stw,sx,cs) :
- bd=tb+"_"+base
- fnameh="config_big_"+bd+".h"
- os.system(copytext+" config_big.h "+fnameh)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"@NB@",nb)
- replace(fnameh,"@BASE@",base)
-
- fnameh="config_field_"+tf+".h"
- os.system(copytext+" config_field.h "+fnameh)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"@NBT@",nbt)
- replace(fnameh,"@M8@",m8)
- replace(fnameh,"@MT@",mt)
-
- ib=int(base)
- inb=int(nb)
- inbt=int(nbt)
- sh=ib*(1+((8*inb-1)//ib))-inbt
- if sh > 30 :
- sh=30
- replace(fnameh,"@SH@",str(sh))
-
- fnameh="config_curve_"+tc+".h"
- os.system(copytext+" config_curve.h "+fnameh)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"@CT@",ct)
- replace(fnameh,"@PF@",pf)
-
- replace(fnameh,"@ST@",stw)
- replace(fnameh,"@SX@",sx)
- replace(fnameh,"@CS@",cs)
-
- fnamec="big_"+bd+".c"
- fnameh="big_"+bd+".h"
-
- os.system(copytext+" big.c "+fnamec)
- os.system(copytext+" big.h "+fnameh)
-
- replace(fnamec,"XXX",bd)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- fnamec="fp_"+tf+".c"
- fnameh="fp_"+tf+".h"
-
- os.system(copytext+" fp.c "+fnamec)
- os.system(copytext+" fp.h "+fnameh)
-
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- os.system("gcc -O3 -std=c99 -c rom_field_"+tf+".c");
-
- fnamec="ecp_"+tc+".c"
- fnameh="ecp_"+tc+".h"
-
- os.system(copytext+" ecp.c "+fnamec)
- os.system(copytext+" ecp.h "+fnameh)
-
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- fnamec="ecdh_"+tc+".c"
- fnameh="ecdh_"+tc+".h"
-
- os.system(copytext+" ecdh.c "+fnamec)
- os.system(copytext+" ecdh.h "+fnameh)
-
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- os.system("gcc -O3 -std=c99 -c rom_curve_"+tc+".c");
-
- if pf != "NOT" :
- fnamec="fp2_"+tf+".c"
- fnameh="fp2_"+tf+".h"
-
- os.system(copytext+" fp2.c "+fnamec)
- os.system(copytext+" fp2.h "+fnameh)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- fnamec="fp4_"+tf+".c"
- fnameh="fp4_"+tf+".h"
-
- os.system(copytext+" fp4.c "+fnamec)
- os.system(copytext+" fp4.h "+fnameh)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnamec,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- if cs == "128" :
- fnamec="fp12_"+tf+".c"
- fnameh="fp12_"+tf+".h"
-
- os.system(copytext+" fp12.c "+fnamec)
- os.system(copytext+" fp12.h "+fnameh)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- fnamec="ecp2_"+tc+".c"
- fnameh="ecp2_"+tc+".h"
-
- os.system(copytext+" ecp2.c "+fnamec)
- os.system(copytext+" ecp2.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- fnamec="pair_"+tc+".c"
- fnameh="pair_"+tc+".h"
-
- os.system(copytext+" pair.c "+fnamec)
- os.system(copytext+" pair.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- fnamec="mpin_"+tc+".c"
- fnameh="mpin_"+tc+".h"
-
- os.system(copytext+" mpin.c "+fnamec)
- os.system(copytext+" mpin.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- if cs == "192" :
- fnamec="fp8_"+tf+".c"
- fnameh="fp8_"+tf+".h"
-
- os.system(copytext+" fp8.c "+fnamec)
- os.system(copytext+" fp8.h "+fnameh)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnamec,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
-
- fnamec="fp24_"+tf+".c"
- fnameh="fp24_"+tf+".h"
-
- os.system(copytext+" fp24.c "+fnamec)
- os.system(copytext+" fp24.h "+fnameh)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- fnamec="ecp4_"+tc+".c"
- fnameh="ecp4_"+tc+".h"
-
- os.system(copytext+" ecp4.c "+fnamec)
- os.system(copytext+" ecp4.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- fnamec="pair192_"+tc+".c"
- fnameh="pair192_"+tc+".h"
-
- os.system(copytext+" pair192.c "+fnamec)
- os.system(copytext+" pair192.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- fnamec="mpin192_"+tc+".c"
- fnameh="mpin192_"+tc+".h"
-
- os.system(copytext+" mpin192.c "+fnamec)
- os.system(copytext+" mpin192.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- if cs == "256" :
-
- fnamec="fp8_"+tf+".c"
- fnameh="fp8_"+tf+".h"
-
- os.system(copytext+" fp8.c "+fnamec)
- os.system(copytext+" fp8.h "+fnameh)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnamec,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
-
- fnamec="ecp8_"+tc+".c"
- fnameh="ecp8_"+tc+".h"
-
- os.system(copytext+" ecp8.c "+fnamec)
- os.system(copytext+" ecp8.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
-
- fnamec="fp16_"+tf+".c"
- fnameh="fp16_"+tf+".h"
-
- os.system(copytext+" fp16.c "+fnamec)
- os.system(copytext+" fp16.h "+fnameh)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnamec,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
-
- fnamec="fp48_"+tf+".c"
- fnameh="fp48_"+tf+".h"
-
- os.system(copytext+" fp48.c "+fnamec)
- os.system(copytext+" fp48.h "+fnameh)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
-
- fnamec="pair256_"+tc+".c"
- fnameh="pair256_"+tc+".h"
-
- os.system(copytext+" pair256.c "+fnamec)
- os.system(copytext+" pair256.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
- fnamec="mpin256_"+tc+".c"
- fnameh="mpin256_"+tc+".h"
-
- os.system(copytext+" mpin256.c "+fnamec)
- os.system(copytext+" mpin256.h "+fnameh)
- replace(fnamec,"ZZZ",tc)
- replace(fnamec,"YYY",tf)
- replace(fnamec,"XXX",bd)
- replace(fnameh,"ZZZ",tc)
- replace(fnameh,"YYY",tf)
- replace(fnameh,"XXX",bd)
- os.system("gcc -O3 -std=c99 -c "+fnamec)
-
-replace("arch.h","@WL@","64")
-print("Elliptic Curves")
-print("1. ED25519")
-print("2. C25519")
-print("3. NIST256")
-print("4. BRAINPOOL")
-print("5. ANSSI")
-print("6. HIFIVE")
-print("7. GOLDILOCKS")
-print("8. NIST384")
-print("9. C41417")
-print("10. NIST521\n")
-print("11. NUMS256W")
-print("12. NUMS256E")
-print("13. NUMS384W")
-print("14. NUMS384E")
-print("15. NUMS512W")
-print("16. NUMS512E")
-print("17. SECP256K1\n")
-
-print("Pairing-Friendly Elliptic Curves")
-print("18. BN254")
-print("19. BN254CX")
-print("20. BLS383")
-print("21. BLS381")
-print("22. FP256BN")
-print("23. FP512BN")
-print("24. BLS461\n")
-print("25. BLS24")
-print("26. BLS48\n")
-
-print("RSA")
-print("27. RSA2048")
-print("28. RSA3072")
-print("29. RSA4096")
-
-selection=[]
-ptr=0
-max=30
-
-curve_selected=False
-pfcurve_selected=False
-rsa_selected=False
-
-while ptr<max:
- x=int(input("Choose a Scheme to support - 0 to finish: "))
- if x == 0:
- break
-# print("Choice= ",x)
- already=False
- for i in range(0,ptr):
- if x==selection[i]:
- already=True
- break
- if already:
- continue
-
- selection.append(x)
- ptr=ptr+1
-
-# curveset(big,field,curve,big_length_bytes,bits_in_base,modulus_bits,modulus_mod_8,modulus_type,curve_type,pairing_friendly,sextic twist,sign of x,curve security)
-# for each curve give names for big, field and curve. In many cases the latter two will be the same.
-# Typically "big" is the size in bits, always a multiple of 8, "field" describes the modulus, and "curve" is the common name for the elliptic curve
-# big_length_bytes is "big" divided by 8
-# Next give the number base used for 64 bit architectures, as n where the base is 2^n (note that these must be fixed for the same "big" name, if is ever re-used for another curve)
-# modulus_bits is the bit length of the modulus, typically the same or slightly smaller than "big"
-# modulus_mod_8 is the remainder when the modulus is divided by 8
-# modulus_type is NOT_SPECIAL, or PSEUDO_MERSENNE, or MONTGOMERY_Friendly, or GENERALISED_MERSENNE (supported for GOLDILOCKS only)
-# curve_type is WEIERSTRASS, EDWARDS or MONTGOMERY
-# pairing_friendly is BN, BLS or NOT (if not pairing friendly)
-# if pairing friendly. M or D type twist, and sign of the family parameter x
-# curve security is AES equiavlent, rounded up.
-
- if x==1:
- curveset("256","25519","ED25519","32","56","255","5","PSEUDO_MERSENNE","EDWARDS","NOT","","","128")
- curve_selected=True
- if x==2:
- curveset("256","25519","C25519","32","56","255","5","PSEUDO_MERSENNE","MONTGOMERY","NOT","","","128")
- curve_selected=True
- if x==3:
- curveset("256","NIST256","NIST256","32","56","256","7","NOT_SPECIAL","WEIERSTRASS","NOT","","","128")
- curve_selected=True
- if x==4:
- curveset("256","BRAINPOOL","BRAINPOOL","32","56","256","7","NOT_SPECIAL","WEIERSTRASS","NOT","","","128")
- curve_selected=True
- if x==5:
- curveset("256","ANSSI","ANSSI","32","56","256","7","NOT_SPECIAL","WEIERSTRASS","NOT","","","128")
- curve_selected=True
-
- if x==6:
- curveset("336","HIFIVE","HIFIVE","42","60","336","5","PSEUDO_MERSENNE","EDWARDS","NOT","","","128")
- curve_selected=True
- if x==7:
- curveset("448","GOLDILOCKS","GOLDILOCKS","56","58","448","7","GENERALISED_MERSENNE","EDWARDS","NOT","","","128")
- curve_selected=True
- if x==8:
- curveset("384","NIST384","NIST384","48","56","384","7","NOT_SPECIAL","WEIERSTRASS","NOT","","","128")
- curve_selected=True
- if x==9:
- curveset("416","C41417","C41417","52","60","414","7","PSEUDO_MERSENNE","EDWARDS","NOT","","","128")
- curve_selected=True
- if x==10:
- curveset("528","NIST521","NIST521","66","60","521","7","PSEUDO_MERSENNE","WEIERSTRASS","NOT","","","128")
- curve_selected=True
-
- if x==11:
- curveset("256","256PMW","NUMS256W","32","56","256","3","PSEUDO_MERSENNE","WEIERSTRASS","NOT","","","128")
- curve_selected=True
- if x==12:
- curveset("256","256PME","NUMS256E","32","56","256","3","PSEUDO_MERSENNE","EDWARDS","NOT","","","128")
- curve_selected=True
- if x==13:
- curveset("384","384PM","NUMS384W","48","56","384","3","PSEUDO_MERSENNE","WEIERSTRASS","NOT","","","128")
- curve_selected=True
- if x==14:
- curveset("384","384PM","NUMS384E","48","56","384","3","PSEUDO_MERSENNE","EDWARDS","NOT","","","128")
- curve_selected=True
- if x==15:
- curveset("512","512PM","NUMS512W","64","56","512","7","PSEUDO_MERSENNE","WEIERSTRASS","NOT","","","128")
- curve_selected=True
- if x==16:
- curveset("512","512PM","NUMS512E","64","56","512","7","PSEUDO_MERSENNE","EDWARDS","NOT","","","128")
- curve_selected=True
-
- if x==17:
- curveset("256","SECP256K1","SECP256K1","32","56","256","7","NOT_SPECIAL","WEIERSTRASS","NOT","","","128")
- curve_selected=True
-
-
- if x==18:
- curveset("256","BN254","BN254","32","56","254","3","NOT_SPECIAL","WEIERSTRASS","BN","D_TYPE","NEGATIVEX","128")
- pfcurve_selected=True
- if x==19:
- curveset("256","BN254CX","BN254CX","32","56","254","3","NOT_SPECIAL","WEIERSTRASS","BN","D_TYPE","NEGATIVEX","128")
- pfcurve_selected=True
- if x==20:
- curveset("384","BLS383","BLS383","48","58","383","3","NOT_SPECIAL","WEIERSTRASS","BLS","M_TYPE","POSITIVEX","128")
- pfcurve_selected=True
-
- if x==21:
- curveset("384","BLS381","BLS381","48","58","381","3","NOT_SPECIAL","WEIERSTRASS","BLS","M_TYPE","NEGATIVEX","128")
- pfcurve_selected=True
-
-
- if x==22:
- curveset("256","FP256BN","FP256BN","32","56","256","3","NOT_SPECIAL","WEIERSTRASS","BN","M_TYPE","NEGATIVEX","128")
- pfcurve_selected=True
- if x==23:
- curveset("512","FP512BN","FP512BN","64","60","512","3","NOT_SPECIAL","WEIERSTRASS","BN","M_TYPE","POSITIVEX","128")
- pfcurve_selected=True
-# https://eprint.iacr.org/2017/334.pdf
- if x==24:
- curveset("464","BLS461","BLS461","58","60","461","3","NOT_SPECIAL","WEIERSTRASS","BLS","M_TYPE","NEGATIVEX","128")
- pfcurve_selected=True
-
- if x==25:
- curveset("480","BLS24","BLS24","60","56","479","3","NOT_SPECIAL","WEIERSTRASS","BLS","M_TYPE","POSITIVEX","192")
- pfcurve_selected=True
-
- if x==26:
- curveset("560","BLS48","BLS48","70","58","556","3","NOT_SPECIAL","WEIERSTRASS","BLS","M_TYPE","POSITIVEX","256")
- pfcurve_selected=True
-
-
-# rsaset(big,ring,big_length_bytes,bits_in_base,multiplier)
-# for each choice give distinct names for "big" and "ring".
-# Typically "big" is the length in bits of the underlying big number type
-# "ring" is the RSA modulus size = "big" times 2^m
-# big_length_bytes is "big" divided by 8
-# Next give the number base used for 64 bit architecture, as n where the base is 2^n
-# multiplier is 2^m (see above)
-
-# There are choices here, different ways of getting the same result, but some faster than others
- if x==27:
- #256 is slower but may allow reuse of 256-bit BIGs used for elliptic curve
- #512 is faster.. but best is 1024
- rsaset("1024","2048","128","58","2")
- #rsaset("512","2048","64","60","4")
- #rsaset("256","2048","32","56","8")
- rsa_selected=True
- if x==28:
- rsaset("384","3072","48","56","8")
- rsa_selected=True
- if x==29:
- #rsaset("256","4096","32","56","16")
- rsaset("512","4096","64","60","8")
- rsa_selected=True
-
-
-os.system(deltext+" big.*")
-os.system(deltext+" fp.*")
-os.system(deltext+" ecp.*")
-os.system(deltext+" ecdh.*")
-os.system(deltext+" ff.*")
-os.system(deltext+" rsa.*")
-os.system(deltext+" config_big.h")
-os.system(deltext+" config_field.h")
-os.system(deltext+" config_curve.h")
-os.system(deltext+" config_ff.h")
-os.system(deltext+" fp2.*")
-os.system(deltext+" fp4.*")
-os.system(deltext+" fp8.*")
-os.system(deltext+" fp16.*")
-
-os.system(deltext+" fp12.*")
-os.system(deltext+" fp24.*")
-os.system(deltext+" fp48.*")
-
-os.system(deltext+" ecp2.*")
-os.system(deltext+" ecp4.*")
-os.system(deltext+" ecp8.*")
-
-os.system(deltext+" pair.*")
-os.system(deltext+" mpin.*")
-
-os.system(deltext+" pair192.*")
-os.system(deltext+" mpin192.*")
-
-os.system(deltext+" pair256.*")
-os.system(deltext+" mpin256.*")
-
-# create library
-os.system("gcc -O3 -std=c99 -c randapi.c")
-if curve_selected :
- os.system("gcc -O3 -std=c99 -c ecdh_support.c")
-if rsa_selected :
- os.system("gcc -O3 -std=c99 -c rsa_support.c")
-if pfcurve_selected :
- os.system("gcc -O3 -std=c99 -c pbc_support.c")
-
-os.system("gcc -O3 -std=c99 -c hash.c")
-os.system("gcc -O3 -std=c99 -c rand.c")
-os.system("gcc -O3 -std=c99 -c oct.c")
-os.system("gcc -O3 -std=c99 -c aes.c")
-os.system("gcc -O3 -std=c99 -c gcm.c")
-os.system("gcc -O3 -std=c99 -c newhope.c")
-
-if sys.platform.startswith("win") :
- os.system("for %i in (*.o) do @echo %~nxi >> f.list")
- os.system("ar rc amcl.a @f.list")
- os.system(deltext+" f.list")
-
-else :
- os.system("ar rc amcl.a *.o")
-
-os.system(deltext+" *.o")
-
-
-#print("Your section was ");
-#for i in range(0,ptr):
-# print (selection[i])
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/config_big.h
----------------------------------------------------------------------
diff --git a/version3/c/config_big.h b/version3/c/config_big.h
deleted file mode 100644
index 76822ed..0000000
--- a/version3/c/config_big.h
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/**
- * @file config_big.h
- * @author Mike Scott
- * @brief Config BIG Header File
- *
- */
-
-#ifndef CONFIG_BIG_XXX_H
-#define CONFIG_BIG_XXX_H
-
-#include"amcl.h"
-
-// BIG stuff
-
-#define MODBYTES_XXX @NB@ /**< Number of bytes in Modulus */
-#define BASEBITS_XXX @BASE@ /**< Numbers represented to base 2*BASEBITS */
-
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/config_curve.h
----------------------------------------------------------------------
diff --git a/version3/c/config_curve.h b/version3/c/config_curve.h
deleted file mode 100644
index 58208df..0000000
--- a/version3/c/config_curve.h
+++ /dev/null
@@ -1,44 +0,0 @@
-#ifndef CONFIG_CURVE_ZZZ_H
-#define CONFIG_CURVE_ZZZ_H
-
-#include"amcl.h"
-#include"config_field_YYY.h"
-
-// ECP stuff
-
-#define CURVETYPE_ZZZ @CT@
-#define PAIRING_FRIENDLY_ZZZ @PF@
-#define CURVE_SECURITY_ZZZ @CS@
-
-
-#if PAIRING_FRIENDLY_ZZZ != NOT
-//#define USE_GLV_ZZZ /**< Note this method is patented (GLV), so maybe you want to comment this out */
-//#define USE_GS_G2_ZZZ /**< Well we didn't patent it :) But may be covered by GLV patent :( */
-#define USE_GS_GT_ZZZ /**< Not patented, so probably safe to always use this */
-
-#define POSITIVEX 0
-#define NEGATIVEX 1
-
-#define SEXTIC_TWIST_ZZZ @ST@
-#define SIGN_OF_X_ZZZ @SX@
-
-#endif
-
-#if CURVE_SECURITY_ZZZ == 128
-#define AESKEY_ZZZ 16 /**< Symmetric Key size - 128 bits */
-#define HASH_TYPE_ZZZ SHA256 /**< Hash type */
-#endif
-
-#if CURVE_SECURITY_ZZZ == 192
-#define AESKEY_ZZZ 24 /**< Symmetric Key size - 192 bits */
-#define HASH_TYPE_ZZZ SHA384 /**< Hash type */
-#endif
-
-#if CURVE_SECURITY_ZZZ == 256
-#define AESKEY_ZZZ 32 /**< Symmetric Key size - 256 bits */
-#define HASH_TYPE_ZZZ SHA512 /**< Hash type */
-#endif
-
-
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/config_ff.h
----------------------------------------------------------------------
diff --git a/version3/c/config_ff.h b/version3/c/config_ff.h
deleted file mode 100644
index 173dab7..0000000
--- a/version3/c/config_ff.h
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/**
- * @file config_ff.h
- * @author Mike Scott
- * @brief COnfig FF Header File
- *
- */
-
-#ifndef CONFIG_RSA_WWW_H
-#define CONFIG_RSA_WWW_H
-
-#include "amcl.h"
-#include "config_big_XXX.h"
-
-// FF stuff
-
-#define FFLEN_WWW @ML@ /**< 2^n multiplier of BIGBITS to specify supported Finite Field size, e.g 2048=256*2^3 where BIGBITS=256 */
-
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/config_field.h
----------------------------------------------------------------------
diff --git a/version3/c/config_field.h b/version3/c/config_field.h
deleted file mode 100644
index 2d727f2..0000000
--- a/version3/c/config_field.h
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-#ifndef CONFIG_FIELD_YYY_H
-#define CONFIG_FIELD_YYY_H
-
-#include"amcl.h"
-#include "config_big_XXX.h"
-
-// FP stuff
-
-#define MBITS_YYY @NBT@
-#define MOD8_YYY @M8@
-#define MODTYPE_YYY @MT@
-#define MAXXES_YYY @SH@
-
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/ecdh.c
----------------------------------------------------------------------
diff --git a/version3/c/ecdh.c b/version3/c/ecdh.c
deleted file mode 100644
index e9c4c95..0000000
--- a/version3/c/ecdh.c
+++ /dev/null
@@ -1,424 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* ECDH/ECIES/ECDSA Functions - see main program below */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <time.h>
-
-#include "ecdh_ZZZ.h"
-
-/* Calculate a public/private EC GF(p) key pair. W=S.G mod EC(p),
- * where S is the secret key and W is the public key
- * and G is fixed generator.
- * If RNG is NULL then the private key is provided externally in S
- * otherwise it is generated randomly internally */
-int ECP_ZZZ_KEY_PAIR_GENERATE(csprng *RNG,octet* S,octet *W)
-{
- BIG_XXX r,gx,gy,s;
- ECP_ZZZ G;
- int res=0;
-
- ECP_ZZZ_generator(&G);
-
- BIG_XXX_rcopy(r,CURVE_Order_ZZZ);
- if (RNG!=NULL)
- {
- BIG_XXX_randomnum(s,r,RNG);
- }
- else
- {
- BIG_XXX_fromBytes(s,S->val);
- BIG_XXX_mod(s,r);
- }
-
-#ifdef AES_S
- BIG_XXX_mod2m(s,2*AES_S);
-// BIG_toBytes(S->val,s);
-#endif
-
- S->len=EGS_ZZZ;
- BIG_XXX_toBytes(S->val,s);
-
- ECP_ZZZ_mul(&G,s);
-
- ECP_ZZZ_toOctet(W,&G,false); /* To use point compression on public keys, change to true */
-/*
-#if CURVETYPE_ZZZ!=MONTGOMERY
- ECP_ZZZ_get(gx,gy,&G);
-#else
- ECP_ZZZ_get(gx,&G);
-
-#endif
-
-
-
-#if CURVETYPE_ZZZ!=MONTGOMERY
- W->len=2*EFS_ZZZ+1;
- W->val[0]=4;
- BIG_XXX_toBytes(&(W->val[1]),gx);
- BIG_XXX_toBytes(&(W->val[EFS_ZZZ+1]),gy);
-#else
- W->len=EFS_ZZZ+1;
- W->val[0]=2;
- BIG_XXX_toBytes(&(W->val[1]),gx);
-#endif
-*/
- return res;
-}
-
-/* Validate public key */
-int ECP_ZZZ_PUBLIC_KEY_VALIDATE(octet *W)
-{
- BIG_XXX q,r,wx,k;
- ECP_ZZZ WP;
- int valid,nb;
- int res=0;
-
- BIG_XXX_rcopy(q,Modulus_YYY);
- BIG_XXX_rcopy(r,CURVE_Order_ZZZ);
-
- valid=ECP_ZZZ_fromOctet(&WP,W);
- if (!valid) res=ECDH_INVALID_PUBLIC_KEY;
-
-/*
- BIG_XXX_fromBytes(wx,&(W->val[1]));
- if (BIG_XXX_comp(wx,q)>=0) res=ECDH_INVALID_PUBLIC_KEY;
-#if CURVETYPE_ZZZ!=MONTGOMERY
- BIG_XXX wy;
- BIG_XXX_fromBytes(wy,&(W->val[EFS_ZZZ+1]));
- if (BIG_XXX_comp(wy,q)>=0) res=ECDH_INVALID_PUBLIC_KEY;
-#endif
-*/
- if (res==0)
- {
-
-//#if CURVETYPE_ZZZ!=MONTGOMERY
-// valid=ECP_ZZZ_set(&WP,wx,wy);
-//#else
-// valid=ECP_ZZZ_set(&WP,wx);
-//#endif
-// if (!valid || ECP_ZZZ_isinf(&WP)) res=ECDH_INVALID_PUBLIC_KEY;
-// if (res==0 )
-// {
- /* Check point is not in wrong group */
- nb=BIG_XXX_nbits(q);
- BIG_XXX_one(k);
- BIG_XXX_shl(k,(nb+4)/2);
- BIG_XXX_add(k,q,k);
- BIG_XXX_sdiv(k,r); /* get co-factor */
-
- while (BIG_XXX_parity(k)==0)
- {
- ECP_ZZZ_dbl(&WP);
- BIG_XXX_fshr(k,1);
- }
-
- if (!BIG_XXX_isunity(k)) ECP_ZZZ_mul(&WP,k);
- if (ECP_ZZZ_isinf(&WP)) res=ECDH_INVALID_PUBLIC_KEY;
-// }
- }
-
- return res;
-}
-
-/* IEEE-1363 Diffie-Hellman online calculation Z=S.WD */
-int ECP_ZZZ_SVDP_DH(octet *S,octet *WD,octet *Z)
-{
- BIG_XXX r,s,wx;
- int valid;
- ECP_ZZZ W;
- int res=0;
-
- BIG_XXX_fromBytes(s,S->val);
-
- valid=ECP_ZZZ_fromOctet(&W,WD);
-/*
- BIG_XXX_fromBytes(wx,&(WD->val[1]));
-#if CURVETYPE_ZZZ!=MONTGOMERY
- BIG_XXX wy;
- BIG_XXX_fromBytes(wy,&(WD->val[EFS_ZZZ+1]));
- valid=ECP_ZZZ_set(&W,wx,wy);
-#else
- valid=ECP_ZZZ_set(&W,wx);
-#endif
-*/
- if (!valid) res=ECDH_ERROR;
- if (res==0)
- {
- BIG_XXX_rcopy(r,CURVE_Order_ZZZ);
- BIG_XXX_mod(s,r);
-
- ECP_ZZZ_mul(&W,s);
- if (ECP_ZZZ_isinf(&W)) res=ECDH_ERROR;
- else
- {
-#if CURVETYPE_ZZZ!=MONTGOMERY
- ECP_ZZZ_get(wx,wx,&W);
-#else
- ECP_ZZZ_get(wx,&W);
-#endif
- Z->len=MODBYTES_XXX;
- BIG_XXX_toBytes(Z->val,wx);
- }
- }
- return res;
-}
-
-#if CURVETYPE_ZZZ!=MONTGOMERY
-
-/* IEEE ECDSA Signature, C and D are signature on F using private key S */
-int ECP_ZZZ_SP_DSA(int sha,csprng *RNG,octet *K,octet *S,octet *F,octet *C,octet *D)
-{
- char h[128];
- octet H= {0,sizeof(h),h};
-
- BIG_XXX gx,gy,r,s,f,c,d,u,vx,w;
- ECP_ZZZ G,V;
-
- ehashit(sha,F,-1,NULL,&H,sha);
-
- ECP_ZZZ_generator(&G);
-
- BIG_XXX_rcopy(r,CURVE_Order_ZZZ);
-
- BIG_XXX_fromBytes(s,S->val);
-
- int hlen=H.len;
- if (H.len>MODBYTES_XXX) hlen=MODBYTES_XXX;
- BIG_XXX_fromBytesLen(f,H.val,hlen);
-
- if (RNG!=NULL)
- {
- do
- {
-
- BIG_XXX_randomnum(u,r,RNG);
- BIG_XXX_randomnum(w,r,RNG); /* side channel masking */
-
-#ifdef AES_S
- BIG_XXX_mod2m(u,2*AES_S);
-#endif
- ECP_ZZZ_copy(&V,&G);
- ECP_ZZZ_mul(&V,u);
-
- ECP_ZZZ_get(vx,vx,&V);
-
- BIG_XXX_copy(c,vx);
- BIG_XXX_mod(c,r);
- if (BIG_XXX_iszilch(c)) continue;
-
- BIG_XXX_modmul(u,u,w,r);
-
- BIG_XXX_invmodp(u,u,r);
- BIG_XXX_modmul(d,s,c,r);
-
- BIG_XXX_add(d,f,d);
-
- BIG_XXX_modmul(d,d,w,r);
-
- BIG_XXX_modmul(d,u,d,r);
- } while (BIG_XXX_iszilch(d));
- }
- else
- {
- BIG_XXX_fromBytes(u,K->val);
- BIG_XXX_mod(u,r);
-
-#ifdef AES_S
- BIG_XXX_mod2m(u,2*AES_S);
-#endif
- ECP_ZZZ_copy(&V,&G);
- ECP_ZZZ_mul(&V,u);
-
- ECP_ZZZ_get(vx,vx,&V);
-
- BIG_XXX_copy(c,vx);
- BIG_XXX_mod(c,r);
- if (BIG_XXX_iszilch(c)) return ECDH_ERROR;
-
-
- BIG_XXX_invmodp(u,u,r);
- BIG_XXX_modmul(d,s,c,r);
-
- BIG_XXX_add(d,f,d);
-
- BIG_XXX_modmul(d,u,d,r);
- if (BIG_XXX_iszilch(d)) return ECDH_ERROR;
- }
-
- C->len=D->len=EGS_ZZZ;
-
- BIG_XXX_toBytes(C->val,c);
- BIG_XXX_toBytes(D->val,d);
-
- return 0;
-}
-
-/* IEEE1363 ECDSA Signature Verification. Signature C and D on F is verified using public key W */
-int ECP_ZZZ_VP_DSA(int sha,octet *W,octet *F, octet *C,octet *D)
-{
- char h[128];
- octet H= {0,sizeof(h),h};
-
- BIG_XXX r,gx,gy,wx,wy,f,c,d,h2;
- int res=0;
- ECP_ZZZ G,WP;
- int valid;
-
- ehashit(sha,F,-1,NULL,&H,sha);
-
- ECP_ZZZ_generator(&G);
-
- BIG_XXX_rcopy(r,CURVE_Order_ZZZ);
-
- OCT_shl(C,C->len-MODBYTES_XXX);
- OCT_shl(D,D->len-MODBYTES_XXX);
-
- BIG_XXX_fromBytes(c,C->val);
- BIG_XXX_fromBytes(d,D->val);
-
- int hlen=H.len;
- if (hlen>MODBYTES_XXX) hlen=MODBYTES_XXX;
-
- BIG_XXX_fromBytesLen(f,H.val,hlen);
-
- //BIG_fromBytes(f,H.val);
-
- if (BIG_XXX_iszilch(c) || BIG_XXX_comp(c,r)>=0 || BIG_XXX_iszilch(d) || BIG_XXX_comp(d,r)>=0)
- res=ECDH_INVALID;
-
- if (res==0)
- {
- BIG_XXX_invmodp(d,d,r);
- BIG_XXX_modmul(f,f,d,r);
- BIG_XXX_modmul(h2,c,d,r);
-
- valid=ECP_ZZZ_fromOctet(&WP,W);
-/*
- BIG_XXX_fromBytes(wx,&(W->val[1]));
- BIG_XXX_fromBytes(wy,&(W->val[EFS_ZZZ+1]));
-
- valid=ECP_ZZZ_set(&WP,wx,wy);
-*/
- if (!valid) res=ECDH_ERROR;
- else
- {
- ECP_ZZZ_mul2(&WP,&G,h2,f);
-
- if (ECP_ZZZ_isinf(&WP)) res=ECDH_INVALID;
- else
- {
- ECP_ZZZ_get(d,d,&WP);
- BIG_XXX_mod(d,r);
- if (BIG_XXX_comp(d,c)!=0) res=ECDH_INVALID;
- }
- }
- }
-
- return res;
-}
-
-/* IEEE1363 ECIES encryption. Encryption of plaintext M uses public key W and produces ciphertext V,C,T */
-void ECP_ZZZ_ECIES_ENCRYPT(int sha,octet *P1,octet *P2,csprng *RNG,octet *W,octet *M,int tlen,octet *V,octet *C,octet *T)
-{
-
- int i,len;
- char z[EFS_ZZZ],vz[3*EFS_ZZZ+1],k[2*AESKEY_ZZZ],k1[AESKEY_ZZZ],k2[AESKEY_ZZZ],l2[8],u[EFS_ZZZ];
- octet Z= {0,sizeof(z),z};
- octet VZ= {0,sizeof(vz),vz};
- octet K= {0,sizeof(k),k};
- octet K1= {0,sizeof(k1),k1};
- octet K2= {0,sizeof(k2),k2};
- octet L2= {0,sizeof(l2),l2};
- octet U= {0,sizeof(u),u};
-
- if (ECP_ZZZ_KEY_PAIR_GENERATE(RNG,&U,V)!=0) return;
- if (ECP_ZZZ_SVDP_DH(&U,W,&Z)!=0) return;
-
- OCT_copy(&VZ,V);
- OCT_joctet(&VZ,&Z);
-
- KDF2(sha,&VZ,P1,2*AESKEY_ZZZ,&K);
-
- K1.len=K2.len=AESKEY_ZZZ;
- for (i=0; i<AESKEY_ZZZ; i++)
- {
- K1.val[i]=K.val[i];
- K2.val[i]=K.val[AESKEY_ZZZ+i];
- }
-
- AES_CBC_IV0_ENCRYPT(&K1,M,C);
-
- OCT_jint(&L2,P2->len,8);
-
- len=C->len;
- OCT_joctet(C,P2);
- OCT_joctet(C,&L2);
- HMAC(sha,C,&K2,tlen,T);
- C->len=len;
-}
-
-/* IEEE1363 ECIES decryption. Decryption of ciphertext V,C,T using private key U outputs plaintext M */
-int ECP_ZZZ_ECIES_DECRYPT(int sha,octet *P1,octet *P2,octet *V,octet *C,octet *T,octet *U,octet *M)
-{
-
- int i,len;
- char z[EFS_ZZZ],vz[3*EFS_ZZZ+1],k[2*AESKEY_ZZZ],k1[AESKEY_ZZZ],k2[AESKEY_ZZZ],l2[8],tag[32];
- octet Z= {0,sizeof(z),z};
- octet VZ= {0,sizeof(vz),vz};
- octet K= {0,sizeof(k),k};
- octet K1= {0,sizeof(k1),k1};
- octet K2= {0,sizeof(k2),k2};
- octet L2= {0,sizeof(l2),l2};
- octet TAG= {0,sizeof(tag),tag};
-
- if (ECP_ZZZ_SVDP_DH(U,V,&Z)!=0) return 0;
-
- OCT_copy(&VZ,V);
- OCT_joctet(&VZ,&Z);
-
- KDF2(sha,&VZ,P1,2*AESKEY_ZZZ,&K);
-
- K1.len=K2.len=AESKEY_ZZZ;
- for (i=0; i<AESKEY_ZZZ; i++)
- {
- K1.val[i]=K.val[i];
- K2.val[i]=K.val[AESKEY_ZZZ+i];
- }
-
- if (!AES_CBC_IV0_DECRYPT(&K1,C,M)) return 0;
-
- OCT_jint(&L2,P2->len,8);
-
- len=C->len;
- OCT_joctet(C,P2);
- OCT_joctet(C,&L2);
- HMAC(sha,C,&K2,T->len,&TAG);
- C->len=len;
-
- if (!OCT_ncomp(T,&TAG,T->len)) return 0;
-
- return 1;
-
-}
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/ecdh.h
----------------------------------------------------------------------
diff --git a/version3/c/ecdh.h b/version3/c/ecdh.h
deleted file mode 100644
index 10a1828..0000000
--- a/version3/c/ecdh.h
+++ /dev/null
@@ -1,146 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/**
- * @file ecdh.h
- * @author Mike Scott
- * @brief ECDH Header file for implementation of standard EC protocols
- *
- *
- */
-
-#ifndef ECDH_ZZZ_H
-#define ECDH_ZZZ_H
-
-#include "ecp_ZZZ.h"
-#include "ecdh_support.h"
-
-
-/*** START OF USER CONFIGURABLE SECTION - ***/
-
-//#define EAS_ZZZ 16 /**< Symmetric Key size - 128 bits */
-//#define HASH_TYPE_ECC_ZZZ SHA512 /**< Hash type */
-
-/*** END OF USER CONFIGURABLE SECTION ***/
-
-#define EGS_ZZZ MODBYTES_XXX /**< ECC Group Size in bytes */
-#define EFS_ZZZ MODBYTES_XXX /**< ECC Field Size in bytes */
-
-#define ECDH_OK 0 /**< Function completed without error */
-/*#define ECDH_DOMAIN_ERROR -1*/
-#define ECDH_INVALID_PUBLIC_KEY -2 /**< Public Key is Invalid */
-#define ECDH_ERROR -3 /**< ECDH Internal Error */
-#define ECDH_INVALID -4 /**< ECDH Internal Error */
-/*#define ECDH_DOMAIN_NOT_FOUND -5
-#define ECDH_OUT_OF_MEMORY -6
-#define ECDH_DIV_BY_ZERO -7
-#define ECDH_BAD_ASSUMPTION -8*/
-
-/* ECDH primitives */
-/** @brief Generate an ECC public/private key pair
- *
- @param R is a pointer to a cryptographically secure random number generator
- @param s the private key, an output internally randomly generated if R!=NULL, otherwise must be provided as an input
- @param W the output public key, which is s.G, where G is a fixed generator
- @return 0 or an error code
- */
-extern int ECP_ZZZ_KEY_PAIR_GENERATE(csprng *R,octet *s,octet *W);
-/** @brief Validate an ECC public key
- *
- @param W the input public key to be validated
- @return 0 if public key is OK, or an error code
- */
-extern int ECP_ZZZ_PUBLIC_KEY_VALIDATE(octet *W);
-
-/* ECDH primitives */
-
-/** @brief Generate Diffie-Hellman shared key
- *
- IEEE-1363 Diffie-Hellman shared secret calculation
- @param s is the input private key,
- @param W the input public key of the other party
- @param K the output shared key, in fact the x-coordinate of s.W
- @return 0 or an error code
- */
-extern int ECP_ZZZ_SVDP_DH(octet *s,octet *W,octet *K);
-/*extern int ECPSVDP_DHC(octet *,octet *,int,octet *);*/
-
-/*#if CURVETYPE!=MONTGOMERY */
-/* ECIES functions */
-/*#if CURVETYPE!=MONTGOMERY */
-/* ECIES functions */
-/** @brief ECIES Encryption
- *
- IEEE-1363 ECIES Encryption
- @param h is the hash type
- @param P1 input Key Derivation parameters
- @param P2 input Encoding parameters
- @param R is a pointer to a cryptographically secure random number generator
- @param W the input public key of the recieving party
- @param M is the plaintext message to be encrypted
- @param len the length of the HMAC tag
- @param V component of the output ciphertext
- @param C the output ciphertext
- @param T the output HMAC tag, part of the ciphertext
- */
-extern void ECP_ZZZ_ECIES_ENCRYPT(int h,octet *P1,octet *P2,csprng *R,octet *W,octet *M,int len,octet *V,octet *C,octet *T);
-/** @brief ECIES Decryption
- *
- IEEE-1363 ECIES Decryption
- @param h is the hash type
- @param P1 input Key Derivation parameters
- @param P2 input Encoding parameters
- @param V component of the input ciphertext
- @param C the input ciphertext
- @param T the input HMAC tag, part of the ciphertext
- @param U the input private key for decryption
- @param M the output plaintext message
- @return 1 if successful, else 0
- */
-extern int ECP_ZZZ_ECIES_DECRYPT(int h,octet *P1,octet *P2,octet *V,octet *C,octet *T,octet *U,octet *M);
-
-/* ECDSA functions */
-/** @brief ECDSA Signature
- *
- IEEE-1363 ECDSA Signature
- @param h is the hash type
- @param R is a pointer to a cryptographically secure random number generator
- @param k Ephemeral key. This value is used when R=NULL
- @param s the input private signing key
- @param M the input message to be signed
- @param c component of the output signature
- @param d component of the output signature
-
- */
-extern int ECP_ZZZ_SP_DSA(int h,csprng *R,octet *k,octet *s,octet *M,octet *c,octet *d);
-/** @brief ECDSA Signature Verification
- *
- IEEE-1363 ECDSA Signature Verification
- @param h is the hash type
- @param W the input public key
- @param M the input message
- @param c component of the input signature
- @param d component of the input signature
- @return 0 or an error code
- */
-extern int ECP_ZZZ_VP_DSA(int h,octet *W,octet *M,octet *c,octet *d);
-/*#endif*/
-
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/ecdh_support.c
----------------------------------------------------------------------
diff --git a/version3/c/ecdh_support.c b/version3/c/ecdh_support.c
deleted file mode 100644
index b01ccc9..0000000
--- a/version3/c/ecdh_support.c
+++ /dev/null
@@ -1,352 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Symmetric crypto support functions Functions */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <time.h>
-
-#include "ecdh_support.h"
-
-#define ROUNDUP(a,b) ((a)-1)/(b)+1
-
-/* general purpose hash function w=hash(p|n|x|y) */
-/* pad or truncate ouput to length pad if pad!=0 */
-void ehashit(int sha,octet *p,int n,octet *x,octet *w,int pad)
-{
- int i,c[4],hlen;
- hash256 sha256;
- hash512 sha512;
- char hh[64];
-
- switch (sha)
- {
- case SHA256:
- HASH256_init(&sha256);
- break;
- case SHA384:
- HASH384_init(&sha512);
- break;
- case SHA512:
- HASH512_init(&sha512);
- break;
- }
-
- hlen=sha;
-
- for (i=0; i<p->len; i++)
- {
- switch(sha)
- {
- case SHA256:
- HASH256_process(&sha256,p->val[i]);
- break;
- case SHA384:
- HASH384_process(&sha512,p->val[i]);
- break;
- case SHA512:
- HASH512_process(&sha512,p->val[i]);
- break;
- }
- }
- if (n>0)
- {
- c[0]=(n>>24)&0xff;
- c[1]=(n>>16)&0xff;
- c[2]=(n>>8)&0xff;
- c[3]=(n)&0xff;
- for (i=0; i<4; i++)
- {
- switch(sha)
- {
- case SHA256:
- HASH256_process(&sha256,c[i]);
- break;
- case SHA384:
- HASH384_process(&sha512,c[i]);
- break;
- case SHA512:
- HASH512_process(&sha512,c[i]);
- break;
- }
- }
- }
- if (x!=NULL) for (i=0; i<x->len; i++)
- {
- switch(sha)
- {
- case SHA256:
- HASH256_process(&sha256,x->val[i]);
- break;
- case SHA384:
- HASH384_process(&sha512,x->val[i]);
- break;
- case SHA512:
- HASH512_process(&sha512,x->val[i]);
- break;
- }
- }
-
- switch (sha)
- {
- case SHA256:
- HASH256_hash(&sha256,hh);
- break;
- case SHA384:
- HASH384_hash(&sha512,hh);
- break;
- case SHA512:
- HASH512_hash(&sha512,hh);
- break;
- }
-
- OCT_empty(w);
- if (!pad)
- OCT_jbytes(w,hh,hlen);
- else
- {
- if (pad<=hlen)
- OCT_jbytes(w,hh,pad);
- else
- {
- OCT_jbyte(w,0,pad-hlen);
- OCT_jbytes(w,hh,hlen);
-
-// OCT_jbytes(w,hh,hlen);
-// OCT_jbyte(w,0,pad-hlen);
- }
- }
- return;
-}
-
-/* Hash octet p to octet w */
-void HASH(int sha,octet *p,octet *w)
-{
- ehashit(sha,p,-1,NULL,w,0);
-}
-
-/* Calculate HMAC of m using key k. HMAC is tag of length olen */
-int HMAC(int sha,octet *m,octet *k,int olen,octet *tag)
-{
- /* Input is from an octet m *
- * olen is requested output length in bytes. k is the key *
- * The output is the calculated tag */
- int hlen,b;
- char h[128],k0[128];
- octet H= {0,sizeof(h),h};
- octet K0= {0,sizeof(k0),k0};
-
- hlen=sha;
- if (hlen>32) b=128;
- else b=64;
-
- if (olen<4 /*|| olen>hlen*/) return 0;
-
- if (k->len > b) ehashit(sha,k,-1,NULL,&K0,0);
- else OCT_copy(&K0,k);
-
- OCT_jbyte(&K0,0,b-K0.len);
-
- OCT_xorbyte(&K0,0x36);
-
- ehashit(sha,&K0,-1,m,&H,0);
-
- OCT_xorbyte(&K0,0x6a); /* 0x6a = 0x36 ^ 0x5c */
- ehashit(sha,&K0,-1,&H,&H,olen);
-
- OCT_empty(tag);
-
- OCT_jbytes(tag,H.val,olen);
-
- return 1;
-}
-
-/* Key Derivation Functions */
-/* Input octet z */
-/* Output key of length olen */
-/*
-void KDF1(octet *z,int olen,octet *key)
-{
- char h[32];
- octet H={0,sizeof(h),h};
- int counter,cthreshold;
- int hlen=32;
-
- OCT_empty(key);
-
- cthreshold=ROUNDUP(olen,hlen);
-
- for (counter=0;counter<cthreshold;counter++)
- {
- ehashit(z,counter,NULL,NULL,&H);
- if (key->len+hlen>olen) OCT_jbytes(key,H.val,olen%hlen);
- else OCT_joctet(key,&H);
- }
-}
-*/
-void KDF2(int sha,octet *z,octet *p,int olen,octet *key)
-{
- /* NOTE: the parameter olen is the length of the output k in bytes */
- char h[64];
- octet H= {0,sizeof(h),h};
- int counter,cthreshold;
- int hlen=sha;
-
- OCT_empty(key);
-
- cthreshold=ROUNDUP(olen,hlen);
-
- for (counter=1; counter<=cthreshold; counter++)
- {
- ehashit(sha,z,counter,p,&H,0);
- if (key->len+hlen>olen) OCT_jbytes(key,H.val,olen%hlen);
- else OCT_joctet(key,&H);
- }
-
-}
-
-/* Password based Key Derivation Function */
-/* Input password p, salt s, and repeat count */
-/* Output key of length olen */
-void PBKDF2(int sha,octet *p,octet *s,int rep,int olen,octet *key)
-{
- int i,j,len,d=ROUNDUP(olen,sha);
- char f[64],u[64];
- octet F= {0,sizeof(f),f};
- octet U= {0,sizeof(u),u};
- OCT_empty(key);
-
- for (i=1; i<=d; i++)
- {
- len=s->len;
- OCT_jint(s,i,4);
-
- HMAC(sha,s,p,sha,&F);
-
- s->len=len;
- OCT_copy(&U,&F);
- for (j=2; j<=rep; j++)
- {
- HMAC(sha,&U,p,sha,&U);
- OCT_xor(&F,&U);
- }
-
- OCT_joctet(key,&F);
- }
-
- OCT_chop(key,NULL,olen);
-}
-
-/* AES encryption/decryption. Encrypt byte array M using key K and returns ciphertext */
-void AES_CBC_IV0_ENCRYPT(octet *k,octet *m,octet *c)
-{
- /* AES CBC encryption, with Null IV and key k */
- /* Input is from an octet string m, output is to an octet string c */
- /* Input is padded as necessary to make up a full final block */
- amcl_aes a;
- int fin;
- int i,j,ipt,opt;
- char buff[16];
- int padlen;
-
- OCT_clear(c);
- if (m->len==0) return;
- AES_init(&a,CBC,k->len,k->val,NULL);
-
- ipt=opt=0;
- fin=0;
- for(;;)
- {
- for (i=0; i<16; i++)
- {
- if (ipt<m->len) buff[i]=m->val[ipt++];
- else
- {
- fin=1;
- break;
- }
- }
- if (fin) break;
- AES_encrypt(&a,buff);
- for (i=0; i<16; i++)
- if (opt<c->max) c->val[opt++]=buff[i];
- }
-
- /* last block, filled up to i-th index */
-
- padlen=16-i;
- for (j=i; j<16; j++) buff[j]=padlen;
- AES_encrypt(&a,buff);
- for (i=0; i<16; i++)
- if (opt<c->max) c->val[opt++]=buff[i];
- AES_end(&a);
- c->len=opt;
-}
-
-/* decrypts and returns TRUE if all consistent, else returns FALSE */
-int AES_CBC_IV0_DECRYPT(octet *k,octet *c,octet *m)
-{
- /* padding is removed */
- amcl_aes a;
- int i,ipt,opt,ch;
- char buff[16];
- int fin,bad;
- int padlen;
- ipt=opt=0;
-
- OCT_clear(m);
- if (c->len==0) return 1;
- ch=c->val[ipt++];
-
- AES_init(&a,CBC,k->len,k->val,NULL);
- fin=0;
-
- for(;;)
- {
- for (i=0; i<16; i++)
- {
- buff[i]=ch;
- if (ipt>=c->len)
- {
- fin=1;
- break;
- }
- else ch=c->val[ipt++];
- }
- AES_decrypt(&a,buff);
- if (fin) break;
- for (i=0; i<16; i++)
- if (opt<m->max) m->val[opt++]=buff[i];
- }
- AES_end(&a);
- bad=0;
- padlen=buff[15];
- if (i!=15 || padlen<1 || padlen>16) bad=1;
- if (padlen>=2 && padlen<=16)
- for (i=16-padlen; i<16; i++) if (buff[i]!=padlen) bad=1;
-
- if (!bad) for (i=0; i<16-padlen; i++)
- if (opt<m->max) m->val[opt++]=buff[i];
-
- m->len=opt;
- if (bad) return 0;
- return 1;
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/ecdh_support.h
----------------------------------------------------------------------
diff --git a/version3/c/ecdh_support.h b/version3/c/ecdh_support.h
deleted file mode 100644
index 85b200d..0000000
--- a/version3/c/ecdh_support.h
+++ /dev/null
@@ -1,114 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/**
- * @file ecdh_support.h
- * @author Mike Scott
- * @brief ECDH Support Header File
- *
- */
-
-#ifndef ECC_SUPPORT_H
-#define ECC_SUPPORT_H
-
-#include "amcl.h"
-
-/* Auxiliary Functions */
-
-/** @brief general purpose hash function w=hash(p|n|x|y)
- *
- @param sha is the hash type
- @param p first octect involved in the hash
- @param n integer involved in the hash
- @param x second octect involved in the h ash
- @param w output
- @param pad padding
- */
-extern void ehashit(int sha,octet *p,int n,octet *x,octet *w,int pad);
-
-/** @brief hash an octet into another octet
- *
- @param h is the hash type
- @param I input octet
- @param O output octet - H(I)
- */
-extern void HASH(int h,octet *I,octet *O);
-/** @brief HMAC of message M using key K to create tag of length len in octet tag
- *
- IEEE-1363 MAC1 function. Uses SHA256 internally.
- @param h is the hash type
- @param M input message octet
- @param K input encryption key
- @param len is output desired length of HMAC tag
- @param tag is the output HMAC
- @return 0 for bad parameters, else 1
- */
-extern int HMAC(int h,octet *M,octet *K,int len,octet *tag);
-
-/*extern void KDF1(octet *,int,octet *);*/
-
-/** @brief Key Derivation Function - generates key K from inputs Z and P
- *
- IEEE-1363 KDF2 Key Derivation Function. Uses SHA256 internally.
- @param h is the hash type
- @param Z input octet
- @param P input key derivation parameters - can be NULL
- @param len is output desired length of key
- @param K is the derived key
- */
-extern void KDF2(int h,octet *Z,octet *P,int len,octet *K);
-/** @brief Password Based Key Derivation Function - generates key K from password, salt and repeat counter
- *
- PBKDF2 Password Based Key Derivation Function. Uses SHA256 internally.
- @param h is the hash type
- @param P input password
- @param S input salt
- @param rep Number of times to be iterated.
- @param len is output desired length
- @param K is the derived key
- */
-extern void PBKDF2(int h,octet *P,octet *S,int rep,int len,octet *K);
-/** @brief AES encrypts a plaintext to a ciphtertext
- *
- IEEE-1363 AES_CBC_IV0_ENCRYPT function. Encrypts in CBC mode with a zero IV, padding as necessary to create a full final block.
- @param K AES key
- @param P input plaintext octet
- @param C output ciphertext octet
- */
-extern void AES_CBC_IV0_ENCRYPT(octet *K,octet *P,octet *C);
-/** @brief AES encrypts a plaintext to a ciphtertext
- *
- IEEE-1363 AES_CBC_IV0_DECRYPT function. Decrypts in CBC mode with a zero IV.
- @param K AES key
- @param C input ciphertext octet
- @param P output plaintext octet
- @return 0 if bad input, else 1
- */
-extern int AES_CBC_IV0_DECRYPT(octet *K,octet *C,octet *P);
-
-/* ECDH primitives - support functions */
-/** @brief Generate an ECC public/private key pair
- *
- @param R is a pointer to a cryptographically secure random number generator
- @param s the private key, an output internally randomly generated if R!=NULL, otherwise must be provided as an input
- @param W the output public key, which is s.G, where G is a fixed generator
- @return 0 or an error code
- */
-
-#endif
[31/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/ECP2.js
----------------------------------------------------------------------
diff --git a/version22/js/ECP2.js b/version22/js/ECP2.js
deleted file mode 100644
index 6c75271..0000000
--- a/version22/js/ECP2.js
+++ /dev/null
@@ -1,604 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/* AMCL Weierstrass elliptic curve functions over FP2 */
-
-/* Constructor, set this=O */
-var ECP2=function()
-{
- this.x=new FP2(0);
- this.y=new FP2(1);
- this.z=new FP2(1);
- this.INF=true;
-};
-
-ECP2.prototype={
-/* Test this=O? */
- is_infinity: function()
- {
- return this.INF;
- },
-/* copy this=P */
- copy: function(P)
- {
- this.x.copy(P.x);
- this.y.copy(P.y);
- this.z.copy(P.z);
- this.INF=P.INF;
- },
-/* set this=O */
- inf: function()
- {
- this.INF=true;
- this.x.zero();
- this.y.zero();
- this.z.zero();
- },
-
-/* conditional move of Q to P dependant on d */
- cmove: function(Q,d)
- {
- this.x.cmove(Q.x,d);
- this.y.cmove(Q.y,d);
- this.z.cmove(Q.z,d);
-
- var bd=(d!==0)?true:false;
- this.INF^=(this.INF^Q.INF)&bd;
- },
-
-/* Constant time select from pre-computed table */
- select: function(W,b)
- {
- var MP=new ECP2();
- var m=b>>31;
- var babs=(b^m)-m;
-
- babs=(babs-1)/2;
-
- this.cmove(W[0],ECP2.teq(babs,0)); // conditional move
- this.cmove(W[1],ECP2.teq(babs,1));
- this.cmove(W[2],ECP2.teq(babs,2));
- this.cmove(W[3],ECP2.teq(babs,3));
- this.cmove(W[4],ECP2.teq(babs,4));
- this.cmove(W[5],ECP2.teq(babs,5));
- this.cmove(W[6],ECP2.teq(babs,6));
- this.cmove(W[7],ECP2.teq(babs,7));
-
- MP.copy(this);
- MP.neg();
- this.cmove(MP,(m&1));
- },
-
-/* Test P == Q */
-
- equals: function(Q) {
- if (this.is_infinity() && Q.is_infinity()) return true;
- if (this.is_infinity() || Q.is_infinity()) return false;
-
- var zs2=new FP2(this.z); /*zs2.copy(this.z);*/ zs2.sqr();
- var zo2=new FP2(Q.z); /*zo2.copy(Q.z);*/ zo2.sqr();
- var zs3=new FP2(zs2); /*zs3.copy(zs2);*/ zs3.mul(this.z);
- var zo3=new FP2(zo2); /*zo3.copy(zo2);*/ zo3.mul(Q.z);
- zs2.mul(Q.x);
- zo2.mul(this.x);
- if (!zs2.equals(zo2)) return false;
- zs3.mul(Q.y);
- zo3.mul(this.y);
- if (!zs3.equals(zo3)) return false;
-
- return true;
- },
-/* set this=-this */
- neg: function()
- {
- if (this.is_infinity()) return;
- this.y.neg(); this.y.norm();
- return;
- },
-/* convert this to affine, from (x,y,z) to (x,y) */
- affine: function()
- {
- if (this.is_infinity()) return;
- var one=new FP2(1);
- if (this.z.equals(one)) return;
- this.z.inverse();
-
- var z2=new FP2(this.z); //z2.copy(this.z);
- z2.sqr();
- this.x.mul(z2); this.x.reduce();
- this.y.mul(z2);
- this.y.mul(this.z); this.y.reduce();
- this.z=one;
- },
-/* extract affine x as FP2 */
- getX: function()
- {
- this.affine();
- return this.x;
- },
-/* extract affine y as FP2 */
- getY: function()
- {
- this.affine();
- return this.y;
- },
-/* extract projective x */
- getx: function()
- {
- return this.x;
- },
-/* extract projective y */
- gety: function()
- {
- return this.y;
- },
-/* extract projective z */
- getz: function()
- {
- return this.z;
- },
-/* convert this to byte array */
- toBytes: function(b)
- {
- var i,t=[];
- this.affine();
- this.x.getA().toBytes(t);
- for (i=0;i<ROM.MODBYTES;i++)
- b[i]=t[i];
- this.x.getB().toBytes(t);
- for (i=0;i<ROM.MODBYTES;i++)
- b[i+ROM.MODBYTES]=t[i];
-
- this.y.getA().toBytes(t);
- for (i=0;i<ROM.MODBYTES;i++)
- b[i+2*ROM.MODBYTES]=t[i];
- this.y.getB().toBytes(t);
- for (i=0;i<ROM.MODBYTES;i++)
- b[i+3*ROM.MODBYTES]=t[i];
- },
-/* convert this to hex string */
- toString: function()
- {
- if (this.is_infinity()) return "infinity";
- this.affine();
- return "("+this.x.toString()+","+this.y.toString()+")";
- },
-/* set this=(x,y) */
- setxy: function(ix,iy)
- {
- this.x.copy(ix);
- this.y.copy(iy);
- this.z.one();
-
- var rhs=ECP2.RHS(this.x);
-
- var y2=new FP2(this.y); //y2.copy(this.y);
- y2.sqr();
- if (y2.equals(rhs)) this.INF=false;
- else this.inf();
- },
-
-/* set this=(x,.) */
- setx: function(ix)
- {
- this.x.copy(ix);
- this.z.one();
-
- var rhs=ECP2.RHS(this.x);
-
- if (rhs.sqrt())
- {
- this.y.copy(rhs);
- this.INF=false;
- }
- else this.inf();
- },
-
-/* set this*=q, where q is Modulus, using Frobenius */
- frob: function(X)
- {
- if (this.INF) return;
- var X2=new FP2(X); //X2.copy(X);
- X2.sqr();
- this.x.conj();
- this.y.conj();
- this.z.conj();
- this.z.reduce();
- this.x.mul(X2);
- this.y.mul(X2);
- this.y.mul(X);
- },
-/* this+=this */
- dbl: function()
- {
- if (this.INF) return -1;
- if (this.y.iszilch())
- {
- this.inf();
- return -1;
- }
-
- var w1=new FP2(this.x); //w1.copy(this.x);
- var w2=new FP2(0);
- var w3=new FP2(this.x); //w3.copy(this.x);
- var w8=new FP2(this.x); //w8.copy(this.x);
-
- w1.sqr();
- w8.copy(w1);
- w8.imul(3);
-
- w2.copy(this.y); w2.sqr();
- w3.copy(this.x); w3.mul(w2);
- w3.imul(4);
- w1.copy(w3); w1.neg();
-
-
- this.x.copy(w8); this.x.sqr();
- this.x.add(w1);
- this.x.add(w1);
- this.x.norm();
-
- this.z.mul(this.y);
- this.z.add(this.z);
-
- w2.add(w2);
- w2.sqr();
- w2.add(w2);
- w3.sub(this.x);
- this.y.copy(w8); this.y.mul(w3);
- this.y.sub(w2);
- this.y.norm();
- this.z.norm();
-
- return 1;
- },
-/* this+=Q - return 0 for add, 1 for double, -1 for O */
-/* this+=Q */
- add: function(Q)
- {
- if (this.INF)
- {
- this.copy(Q);
- return -1;
- }
- if (Q.INF) return -1;
-
- var aff=false;
-
- if (Q.z.isunity()) aff=true;
-
- var A,C;
- var B=new FP2(this.z);
- var D=new FP2(this.z);
- if (!aff)
- {
- A=new FP2(Q.z);
- C=new FP2(Q.z);
-
- A.sqr(); B.sqr();
- C.mul(A); D.mul(B);
-
- A.mul(this.x);
- C.mul(this.y);
- }
- else
- {
- A=new FP2(this.x);
- C=new FP2(this.y);
-
- B.sqr();
- D.mul(B);
- }
-
- B.mul(Q.x); B.sub(A);
- D.mul(Q.y); D.sub(C);
-
- if (B.iszilch())
- {
- if (D.iszilch())
- {
- this.dbl();
- return 1;
- }
- else
- {
- this.INF=true;
- return -1;
- }
- }
-
- if (!aff) this.z.mul(Q.z);
- this.z.mul(B);
-
- var e=new FP2(B); e.sqr();
- B.mul(e);
- A.mul(e);
-
- e.copy(A);
- e.add(A); e.add(B);
- this.x.copy(D); this.x.sqr(); this.x.sub(e);
-
- A.sub(this.x);
- this.y.copy(A); this.y.mul(D);
- C.mul(B); this.y.sub(C);
-
- this.x.norm();
- this.y.norm();
- this.z.norm();
- return 0;
- },
-/* this-=Q */
- sub: function(Q)
- {
- Q.neg();
- var D=this.add(Q);
- Q.neg();
- return D;
- },
-
-/* P*=e */
- mul: function(e)
- {
-/* fixed size windows */
- var i,b,nb,m,s,ns;
- var mt=new BIG();
- var t=new BIG();
- var C=new ECP2();
- var P=new ECP2();
- var Q=new ECP2();
- var W=[];
- var w=[];
-
- if (this.is_infinity()) return new ECP2();
-
- this.affine();
-
-// precompute table
- Q.copy(this);
- Q.dbl();
- W[0]=new ECP2();
- W[0].copy(this);
-
- for (i=1;i<8;i++)
- {
- W[i]=new ECP2();
- W[i].copy(W[i-1]);
- W[i].add(Q);
- }
-
-// convert the table to affine
-
- ECP2.multiaffine(8,W);
-
-// make exponent odd - add 2P if even, P if odd
- t.copy(e);
- s=t.parity();
- t.inc(1); t.norm(); ns=t.parity(); mt.copy(t); mt.inc(1); mt.norm();
- t.cmove(mt,s);
- Q.cmove(this,ns);
- C.copy(Q);
-
- nb=1+Math.floor((t.nbits()+3)/4);
-
-// convert exponent to signed 4-bit window
- for (i=0;i<nb;i++)
- {
- w[i]=(t.lastbits(5)-16);
- t.dec(w[i]); t.norm();
- t.fshr(4);
- }
- w[nb]=t.lastbits(5);
-
- P.copy(W[Math.floor((w[nb]-1)/2)]);
- for (i=nb-1;i>=0;i--)
- {
- Q.select(W,w[i]);
- P.dbl();
- P.dbl();
- P.dbl();
- P.dbl();
- P.add(Q);
- }
- P.sub(C);
- P.affine();
- return P;
- }
-};
-
-/* convert from byte array to point */
-ECP2.fromBytes=function(b)
-{
- var i,t=[];
- var ra,rb;
-
- for (i=0;i<ROM.MODBYTES;i++) t[i]=b[i];
- ra=BIG.fromBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) t[i]=b[i+ROM.MODBYTES];
- rb=BIG.fromBytes(t);
-
- var rx=new FP2(ra,rb); //rx.bset(ra,rb);
-
- for (i=0;i<ROM.MODBYTES;i++) t[i]=b[i+2*ROM.MODBYTES];
- ra=BIG.fromBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) t[i]=b[i+3*ROM.MODBYTES];
- rb=BIG.fromBytes(t);
-
- var ry=new FP2(ra,rb); //ry.bset(ra,rb);
-
- var P=new ECP2();
- P.setxy(rx,ry);
- return P;
-};
-
-/* Calculate RHS of curve equation x^3+B */
-ECP2.RHS=function(x)
-{
- x.norm();
- var r=new FP2(x); //r.copy(x);
- r.sqr();
-
- var c=new BIG(0); c.rcopy(ROM.CURVE_B);
- var b=new FP2(c); //b.bseta(c);
- b.div_ip();
- r.mul(x);
- r.add(b);
-
- r.reduce();
- return r;
-};
-
-/* normalises m-array of ECP2 points. Requires work vector of m FP2s */
-
-ECP2.multiaffine=function(m,P)
-{
- var i;
- var t1=new FP2(0);
- var t2=new FP2(0);
- var work=[];
-
- work[0]=new FP2(1);
- work[1]=new FP2(P[0].z);
- for (i=2;i<m;i++)
- {
- work[i]=new FP2(work[i-1]);
- work[i].mul(P[i-1].z);
- }
-
- t1.copy(work[m-1]); t1.mul(P[m-1].z);
-
- t1.inverse();
-
- t2.copy(P[m-1].z);
- work[m-1].mul(t1);
-
- for (i=m-2;;i--)
- {
- if (i==0)
- {
- work[0].copy(t1);
- work[0].mul(t2);
- break;
- }
- work[i].mul(t2);
- work[i].mul(t1);
- t2.mul(P[i].z);
- }
-/* now work[] contains inverses of all Z coordinates */
-
- for (i=0;i<m;i++)
- {
- P[i].z.one();
- t1.copy(work[i]); t1.sqr();
- P[i].x.mul(t1);
- t1.mul(work[i]);
- P[i].y.mul(t1);
- }
-};
-
-/* P=u0.Q0+u1*Q1+u2*Q2+u3*Q3 */
-ECP2.mul4=function(Q,u)
-{
- var i,j,nb;
- var a=[];
- var T=new ECP2();
- var C=new ECP2();
- var P=new ECP2();
- var W=[];
- var mt=new BIG();
- var t=[];
- var w=[];
-
- for (i=0;i<4;i++)
- {
- t[i]=new BIG(u[i]);
- Q[i].affine();
- }
-
-/* precompute table */
-
- W[0]=new ECP2(); W[0].copy(Q[0]); W[0].sub(Q[1]);
- W[1]=new ECP2(); W[1].copy(W[0]);
- W[2]=new ECP2(); W[2].copy(W[0]);
- W[3]=new ECP2(); W[3].copy(W[0]);
- W[4]=new ECP2(); W[4].copy(Q[0]); W[4].add(Q[1]);
- W[5]=new ECP2(); W[5].copy(W[4]);
- W[6]=new ECP2(); W[6].copy(W[4]);
- W[7]=new ECP2(); W[7].copy(W[4]);
- T.copy(Q[2]); T.sub(Q[3]);
- W[1].sub(T);
- W[2].add(T);
- W[5].sub(T);
- W[6].add(T);
- T.copy(Q[2]); T.add(Q[3]);
- W[0].sub(T);
- W[3].add(T);
- W[4].sub(T);
- W[7].add(T);
-
- ECP2.multiaffine(8,W);
-
-/* if multiplier is even add 1 to multiplier, and add P to correction */
- mt.zero(); C.inf();
- for (i=0;i<4;i++)
- {
- if (t[i].parity()==0)
- {
- t[i].inc(1); t[i].norm();
- C.add(Q[i]);
- }
- mt.add(t[i]); mt.norm();
- }
-
- nb=1+mt.nbits();
-
-/* convert exponent to signed 1-bit window */
- for (j=0;j<nb;j++)
- {
- for (i=0;i<4;i++)
- {
- a[i]=(t[i].lastbits(2)-2);
- t[i].dec(a[i]); t[i].norm();
- t[i].fshr(1);
- }
- w[j]=(8*a[0]+4*a[1]+2*a[2]+a[3]);
- }
- w[nb]=(8*t[0].lastbits(2)+4*t[1].lastbits(2)+2*t[2].lastbits(2)+t[3].lastbits(2));
-
- P.copy(W[Math.floor((w[nb]-1)/2)]);
-
- for (i=nb-1;i>=0;i--)
- {
- T.select(W,w[i]);
- P.dbl();
- P.add(T);
- }
- P.sub(C); /* apply correction */
-
- P.affine();
- return P;
-};
-
-/* return 1 if b==c, no branching */
-ECP2.teq=function(b,c)
-{
- var x=b^c;
- x-=1; // if x=0, x now -1
- return ((x>>31)&1);
-};
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/FF.js
----------------------------------------------------------------------
diff --git a/version22/js/FF.js b/version22/js/FF.js
deleted file mode 100644
index 94dedc6..0000000
--- a/version22/js/FF.js
+++ /dev/null
@@ -1,947 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/* AMCL FF number class */
-
-/* General purpose Constructor */
-var FF = function(n) {
- this.v=new Array(n);
- this.length=n;
- for (var i=0;i<n;i++)
- this.v[i]=new BIG(0);
-};
-
-FF.prototype={
-/* set to zero */
-
- P_EXCESS: function()
- {
- return ((this.v[this.length-1].get(ROM.NLEN-1)&FF.P_OMASK)>>(FF.P_TBITS));
- },
-
- zero: function()
- {
- for (var i=0;i<this.length;i++) this.v[i].zero();
- return this;
- },
-
- getlen: function()
- {
- return this.length;
- },
-
-/* set to integer */
- set: function(m)
- {
- this.zero();
- this.v[0].set(0,(m&ROM.BMASK));
- this.v[0].set(1,(m>>ROM.BASEBITS));
- },
-/* copy from FF b */
- copy: function(b)
- {
- for (var i=0;i<this.length;i++)
- {
- this.v[i].copy(b.v[i]);
- }
- },
-/* copy from FF b */
- rcopy: function(b)
- {
- for (var i=0;i<this.length;i++)
- {
- this.v[i].rcopy(b[i]);
- }
- },
-/* x=y<<n */
- dsucopy: function(b)
- {
- for (var i=0;i<b.length;i++)
- {
- this.v[b.length+i].copy(b.v[i]);
- this.v[i].zero();
- }
- },
-/* x=y */
- dscopy: function(b)
- {
- for (var i=0;i<b.length;i++)
- {
- this.v[i].copy(b.v[i]);
- this.v[b.length+i].zero();
- }
- },
-
-/* x=y>>n */
- sducopy: function(b)
- {
- for (var i=0;i<this.length;i++)
- {
- this.v[i].copy(b.v[this.length+i]);
- }
- },
- one: function()
- {
- this.v[0].one();
- for (var i=1;i<this.length;i++)
- {
- this.v[i].zero();
- }
- },
-/* test equals 0 */
- iszilch: function()
- {
- for (var i=0;i<this.length;i++)
- {
- if (!this.v[i].iszilch()) return false;
- }
- return true;
- },
-/* shift right by BIGBITS-bit words */
- shrw: function(n)
- {
- for (var i=0;i<n;i++)
- {
- this.v[i].copy(this.v[i+n]);
- this.v[i+n].zero();
- }
- },
-
-/* shift left by BIGBITS-bit words */
- shlw: function(n)
- {
- for (var i=0;i<n;i++)
- {
- this.v[n+i].copy(this.v[i]);
- this.v[i].zero();
- }
- },
-/* extract last bit */
- parity: function()
- {
- return this.v[0].parity();
- },
-
- lastbits: function(m)
- {
- return this.v[0].lastbits(m);
- },
-
-
-/* recursive add */
- radd: function(vp,x,xp,y,yp,n)
- {
- for (var i=0;i<n;i++)
- {
- this.v[vp+i].copy(x.v[xp+i]);
- this.v[vp+i].add(y.v[yp+i]);
- }
- },
-
-/* recursive inc */
- rinc: function(vp,y,yp,n)
- {
- for (var i=0;i<n;i++)
- {
- this.v[vp+i].add(y.v[yp+i]);
- }
- },
-
-/* recursive sub */
- rsub: function(vp,x,xp,y,yp,n)
- {
- for (var i=0;i<n;i++)
- {
- this.v[vp+i].copy(x.v[xp+i]);
- this.v[vp+i].sub(y.v[yp+i]);
- }
- },
-
-/* recursive dec */
- rdec: function(vp,y,yp,n)
- {
- for (var i=0;i<n;i++)
- {
- this.v[vp+i].sub(y.v[yp+i]);
- }
- },
-
-/* simple add */
- add: function(b)
- {
- for (var i=0;i<this.length;i++)
- this.v[i].add(b.v[i]);
- },
-
-/* simple sub */
- sub: function(b)
- {
- for (var i=0;i<this.length;i++)
- this.v[i].sub(b.v[i]);
- },
-
-/* reverse sub */
- revsub: function(b)
- {
- for (var i=0;i<this.length;i++)
- this.v[i].rsub(b.v[i]);
- },
-
-/* increment/decrement by a small integer */
- inc: function(m)
- {
- this.v[0].inc(m);
- this.norm();
- },
-
- dec: function(m)
- {
- this.v[0].dec(m);
- this.norm();
- },
-
- /* normalise - but hold any overflow in top part unless n<0 */
- rnorm: function(vp,n)
- {
- var trunc=false;
- var i,carry;
- if (n<0)
- { /* -v n signals to do truncation */
- n=-n;
- trunc=true;
- }
- for (i=0;i<n-1;i++)
- {
- carry=this.v[vp+i].norm();
- this.v[vp+i].xortop(carry<<FF.P_TBITS);
- this.v[vp+i+1].inc(carry);
- }
- carry=this.v[vp+n-1].norm();
- if (trunc)
- this.v[vp+n-1].xortop(carry<<FF.P_TBITS);
- return this;
- },
- norm: function()
- {
- this.rnorm(0,this.length);
- },
-
-/* shift left by one bit */
- shl: function()
- {
- var i,carry,delay_carry=0;
- for (i=0;i<this.length-1;i++)
- {
- carry=this.v[i].fshl(1);
- this.v[i].inc(delay_carry);
- this.v[i].xortop(carry<<FF.P_TBITS);
- delay_carry=carry;
- }
- this.v[this.length-1].fshl(1);
- this.v[this.length-1].inc(delay_carry);
- },
-
-/* shift right by one bit */
- shr: function()
- {
- var i,carry;
- for (i=this.length-1;i>0;i--)
- {
- carry=this.v[i].fshr(1);
- this.v[i-1].ortop(carry<<FF.P_TBITS);
- }
- this.v[0].fshr(1);
- },
-
-/* Convert to Hex String */
- toString: function()
- {
- this.norm();
- var s="";
-
- for (var i=this.length-1;i>=0;i--)
- {
- s+=this.v[i].toString();
- }
- return s;
- },
-/* Convert FFs to/from byte arrays */
- toBytes: function(b)
- {
- for (var i=0;i<this.length;i++)
- {
- this.v[i].tobytearray(b,(this.length-i-1)*ROM.MODBYTES);
- }
- },
-
-/* z=x*y, t is workspace */
- karmul: function(vp,x,xp,y,yp,t,tp,n)
- {
- var nd2;
- if (n==1)
- {
- var d=BIG.mul(x.v[xp],y.v[yp]);
- this.v[vp+1]=d.split(8*ROM.MODBYTES);
- this.v[vp].copy(d);
- return;
- }
- nd2=n/2;
- this.radd(vp,x,xp,x,xp+nd2,nd2);
- this.rnorm(vp,nd2); /* Important - required for 32-bit build */
- this.radd(vp+nd2,y,yp,y,yp+nd2,nd2);
- this.rnorm(vp+nd2,nd2); /* Important - required for 32-bit build */
- t.karmul(tp,this,vp,this,vp+nd2,t,tp+n,nd2);
- this.karmul(vp,x,xp,y,yp,t,tp+n,nd2);
- this.karmul(vp+n,x,xp+nd2,y,yp+nd2,t,tp+n,nd2);
- t.rdec(tp,this,vp,n);
- t.rdec(tp,this,vp+n,n);
- this.rinc(vp+nd2,t,tp,n);
- this.rnorm(vp,2*n);
- },
-
- karsqr: function(vp,x,xp,t,tp,n)
- {
- var nd2;
- if (n==1)
- {
- var d=BIG.sqr(x.v[xp]);
- this.v[vp+1].copy(d.split(8*ROM.MODBYTES));
- this.v[vp].copy(d);
- return;
- }
-
- nd2=n/2;
- this.karsqr(vp,x,xp,t,tp+n,nd2);
- this.karsqr(vp+n,x,xp+nd2,t,tp+n,nd2);
- t.karmul(tp,x,xp,x,xp+nd2,t,tp+n,nd2);
- this.rinc(vp+nd2,t,tp,n);
- this.rinc(vp+nd2,t,tp,n);
- this.rnorm(vp+nd2,n);
- },
-
- karmul_lower: function(vp,x,xp,y,yp,t,tp,n)
- { /* Calculates Least Significant bottom half of x*y */
- var nd2;
- if (n==1)
- { /* only calculate bottom half of product */
- this.v[vp].copy(BIG.smul(x.v[xp],y.v[yp]));
- return;
- }
- nd2=n/2;
-
- this.karmul(vp,x,xp,y,yp,t,tp+n,nd2);
- t.karmul_lower(tp,x,xp+nd2,y,yp,t,tp+n,nd2);
- this.rinc(vp+nd2,t,tp,nd2);
- t.karmul_lower(tp,x,xp,y,yp+nd2,t,tp+n,nd2);
-
- this.rinc(vp+nd2,t,tp,nd2);
- this.rnorm(vp+nd2,-nd2); /* truncate it */
- },
-
- karmul_upper: function(x,y,t,n)
- { /* Calculates Most Significant upper half of x*y, given lower part */
- var nd2;
-
- nd2=n/2;
- this.radd(n,x,0,x,nd2,nd2);
- this.radd(n+nd2,y,0,y,nd2,nd2);
- this.rnorm(n,nd2);
- this.rnorm(n+nd2,nd2);
-
- t.karmul(0,this,n+nd2,this,n,t,n,nd2); /* t = (a0+a1)(b0+b1) */
- this.karmul(n,x,nd2,y,nd2,t,n,nd2); /* z[n]= a1*b1 */
- /* z[0-nd2]=l(a0b0) z[nd2-n]= h(a0b0)+l(t)-l(a0b0)-l(a1b1) */
- t.rdec(0,this,n,n); /* t=t-a1b1 */
- this.rinc(nd2,this,0,nd2); /* z[nd2-n]+=l(a0b0) = h(a0b0)+l(t)-l(a1b1) */
- this.rdec(nd2,t,0,nd2); /* z[nd2-n]=h(a0b0)+l(t)-l(a1b1)-l(t-a1b1)=h(a0b0) */
- this.rnorm(0,-n); /* a0b0 now in z - truncate it */
- t.rdec(0,this,0,n); /* (a0+a1)(b0+b1) - a0b0 */
- this.rinc(nd2,t,0,n);
-
- this.rnorm(nd2,n);
- },
-
-/* return low part of product this*y */
- lmul: function(y)
- {
- var n=this.length;
- var t=new FF(2*n);
- var x=new FF(n); x.copy(this);
- this.karmul_lower(0,x,0,y,0,t,0,n);
- },
-
-/* Set b=b mod c */
- mod: function(c)
- {
- var k=0;
-
- this.norm();
- if (FF.comp(this,c)<0)
- return;
- do
- {
- c.shl();
- k++;
- } while (FF.comp(this,c)>=0);
-
- while (k>0)
- {
- c.shr();
- if (FF.comp(this,c)>=0)
- {
- this.sub(c);
- this.norm();
- }
- k--;
- }
- },
-
-/* return This mod modulus, N is modulus, ND is Montgomery Constant */
- reduce: function(N,ND)
- { /* fast karatsuba Montgomery reduction */
- var n=N.length;
- var t=new FF(2*n);
- var r=new FF(n);
- var m=new FF(n);
-
- r.sducopy(this);
- m.karmul_lower(0,this,0,ND,0,t,0,n);
- this.karmul_upper(N,m,t,n);
- m.sducopy(this);
-
- r.add(N);
- r.sub(m);
- r.norm();
-
- return r;
-
- },
-
-/* Set r=this mod b */
-/* this is of length - 2*n */
-/* r,b is of length - n */
- dmod: function(b)
- {
- var k,n=b.length;
- var m=new FF(2*n);
- var x=new FF(2*n);
- var r=new FF(n);
-
- x.copy(this);
- x.norm();
- m.dsucopy(b); k=ROM.BIGBITS*n;
-
- while (FF.comp(x,m)>=0)
- {
- x.sub(m);
- x.norm();
- }
-
- while (k>0)
- {
- m.shr();
-
- if (FF.comp(x,m)>=0)
- {
- x.sub(m);
- x.norm();
- }
- k--;
- }
-
- r.copy(x);
- r.mod(b);
- return r;
- },
-
-/* Set return=1/this mod p. Binary method - a<p on entry */
- invmodp: function(p)
- {
- var n=p.length;
-
- var u=new FF(n);
- var v=new FF(n);
- var x1=new FF(n);
- var x2=new FF(n);
- var t=new FF(n);
- var one=new FF(n);
-
- one.one();
- u.copy(this);
- v.copy(p);
- x1.copy(one);
- x2.zero();
-
- // reduce n in here as well!
- while (FF.comp(u,one)!==0 && FF.comp(v,one)!==0)
- {
- while (u.parity()===0)
- {
- u.shr();
- if (x1.parity()!==0)
- {
- x1.add(p);
- x1.norm();
- }
- x1.shr();
- }
- while (v.parity()===0)
- {
- v.shr();
- if (x2.parity()!==0)
- {
- x2.add(p);
- x2.norm();
- }
- x2.shr();
- }
- if (FF.comp(u,v)>=0)
- {
-
- u.sub(v);
- u.norm();
- if (FF.comp(x1,x2)>=0) x1.sub(x2);
- else
- {
- t.copy(p);
- t.sub(x2);
- x1.add(t);
- }
- x1.norm();
- }
- else
- {
- v.sub(u);
- v.norm();
- if (FF.comp(x2,x1)>=0) x2.sub(x1);
- else
- {
- t.copy(p);
- t.sub(x1);
- x2.add(t);
- }
- x2.norm();
- }
- }
- if (FF.comp(u,one)===0)
- this.copy(x1);
- else
- this.copy(x2);
- },
-
-/* nresidue mod m */
- nres: function(m)
- {
- var n=m.length;
- var d=new FF(2*n);
- d.dsucopy(this);
- this.copy(d.dmod(m));
- },
-
- redc: function(m,ND)
- {
- var n=m.length;
- var d=new FF(2*n);
-
- this.mod(m);
- d.dscopy(this);
-
- this.copy(d.reduce(m,ND));
- this.mod(m);
- },
-
- mod2m: function(m)
- {
- for (var i=m;i<this.length;i++)
- this.v[i].zero();
- },
-
- /* U=1/a mod 2^m - Arazi & Qi */
- invmod2m: function()
- {
- var i,n=this.length;
-
- var b=new FF(n);
- var c=new FF(n);
- var U=new FF(n);
-
- var t;
-
- U.zero();
- U.v[0].copy(this.v[0]);
- U.v[0].invmod2m();
-
- for (i=1;i<n;i<<=1)
- {
- b.copy(this); b.mod2m(i);
- t=FF.mul(U,b); t.shrw(i); b.copy(t);
- c.copy(this); c.shrw(i); c.mod2m(i);
- c.lmul(U); c.mod2m(i);
-
- b.add(c); b.norm();
- b.lmul(U); b.mod2m(i);
-
- c.one(); c.shlw(i); b.revsub(c); b.norm();
- b.shlw(i);
- U.add(b);
- }
- U.norm();
- return U;
- },
-
- random: function(rng)
- {
- var n=this.length;
- for (var i=0;i<n;i++)
- {
- this.v[i].copy(BIG.random(rng));
- }
- /* make sure top bit is 1 */
- while (this.v[n-1].nbits()<ROM.MODBYTES*8) this.v[n-1].copy(BIG.random(rng));
-
- },
-
- /* generate random x */
- randomnum: function(p,rng)
- {
- var n=this.length;
- var d=new FF(2*n);
-
- for (var i=0;i<2*n;i++)
- {
- d.v[i].copy(BIG.random(rng));
- }
- this.copy(d.dmod(p));
- },
-
- /* this*=y mod p */
- modmul: function(y,p,nd)
- {
- var ex=this.P_EXCESS();
- var ey=y.P_EXCESS();
- if ((ex+1)>=Math.floor((FF.P_FEXCESS-1)/(ey+1))) this.mod(p);
- var d=FF.mul(this,y);
- this.copy(d.reduce(p,nd));
- },
-
- /* this*=y mod p */
- modsqr: function(p,nd)
- {
- var ex=this.P_EXCESS();
- if ((ex+1)>=Math.floor((FF.P_FEXCESS-1)/(ex+1))) this.mod(p);
- var d=FF.sqr(this);
- this.copy(d.reduce(p,nd));
- },
-
- /* this=this^e mod p using side-channel resistant Montgomery Ladder, for large e */
- skpow: function(e,p)
- {
- var i,b,n=p.length;
- var R0=new FF(n);
- var R1=new FF(n);
- var ND=p.invmod2m();
-
- this.mod(p);
- R0.one();
- R1.copy(this);
- R0.nres(p);
- R1.nres(p);
-
- for (i=8*ROM.MODBYTES*n-1;i>=0;i--)
- {
-
- b=e.v[Math.floor(i/ROM.BIGBITS)].bit(i%ROM.BIGBITS);
-
- this.copy(R0);
- this.modmul(R1,p,ND);
-
- FF.cswap(R0,R1,b);
- R0.modsqr(p,ND);
-
- R1.copy(this);
- FF.cswap(R0,R1,b);
-
- }
-
- this.copy(R0);
- this.redc(p,ND);
- },
-
- /* this =this^e mod p using side-channel resistant Montgomery Ladder, for short e */
- skspow: function(e,p)
- {
- var i,b,n=p.length;
- var R0=new FF(n);
- var R1=new FF(n);
- var ND=p.invmod2m();
-
- this.mod(p);
- R0.one();
- R1.copy(this);
- R0.nres(p);
- R1.nres(p);
-
- for (i=8*ROM.MODBYTES-1;i>=0;i--)
- {
- b=e.bit(i);
- this.copy(R0);
- this.modmul(R1,p,ND);
-
- FF.cswap(R0,R1,b);
- R0.modsqr(p,ND);
-
- R1.copy(this);
- FF.cswap(R0,R1,b);
- }
- this.copy(R0);
- this.redc(p,ND);
- },
-
- /* raise to an integer power - right-to-left method */
- power: function(e,p)
- {
- var n=p.length;
- var f=true;
- var w=new FF(n);
- var ND=p.invmod2m();
-
- w.copy(this);
- w.nres(p);
-
- if (e==2)
- {
- this.copy(w);
- this.modsqr(p,ND);
- }
- else for (; ; )
- {
- if (e%2==1)
- {
- if (f) this.copy(w);
- else
- {
- ROM.debug=true;
- this.modmul(w,p,ND);
- ROM.debug=false;
- }
- f=false;
-
- }
- e>>=1;
- if (e===0) break;
- w.modsqr(p,ND);
- }
-
- this.redc(p,ND);
- },
-
- /* this=this^e mod p, faster but not side channel resistant */
- pow: function(e,p)
- {
- var i,b,n=p.length;
- var w=new FF(n);
- var ND=p.invmod2m();
-
- w.copy(this);
- this.one();
- this.nres(p);
- w.nres(p);
- for (i=8*ROM.MODBYTES*n-1;i>=0;i--)
- {
- this.modsqr(p,ND);
- b=e.v[Math.floor(i/ROM.BIGBITS)].bit(i%ROM.BIGBITS);
- if (b==1) this.modmul(w,p,ND);
- }
- this.redc(p,ND);
- },
-
- /* double exponentiation r=x^e.y^f mod p */
- pow2: function(e,y,f,p)
- {
- var i,eb,fb,n=p.length;
- var xn=new FF(n);
- var yn=new FF(n);
- var xy=new FF(n);
- var ND=p.invmod2m();
-
- xn.copy(this);
- yn.copy(y);
- xn.nres(p);
- yn.nres(p);
- xy.copy(xn); xy.modmul(yn,p,ND);
- this.one();
- this.nres(p);
-
- for (i=8*ROM.MODBYTES-1;i>=0;i--)
- {
- eb=e.bit(i);
- fb=f.bit(i);
- this.modsqr(p,ND);
- if (eb==1)
- {
- if (fb==1) this.modmul(xy,p,ND);
- else this.modmul(xn,p,ND);
- }
- else
- {
- if (fb==1) this.modmul(yn,p,ND);
- }
- }
- this.redc(p,ND);
- },
-
- /* quick and dirty check for common factor with n */
- cfactor: function(s)
- {
- var r,n=this.length;
- var g;
-
- var x=new FF(n);
- var y=new FF(n);
- y.set(s);
-
- x.copy(this);
- x.norm();
-
- do
- {
- x.sub(y);
- x.norm();
- while (!x.iszilch() && x.parity()===0) x.shr();
- }
- while (FF.comp(x,y)>0);
-
- g=x.v[0].get(0);
- r=FF.igcd(s,g);
- if (r>1) return true;
- return false;
- }
-
-
-};
-
-FF.P_MBITS=ROM.MODBYTES*8;
-FF.P_OMASK=((-1)<<(FF.P_MBITS%ROM.BASEBITS));
-FF.P_FEXCESS=(1<<(ROM.BASEBITS*ROM.NLEN-FF.P_MBITS));
-FF.P_TBITS=(FF.P_MBITS%ROM.BASEBITS);
-
-
-/* compare x and y - must be normalised, and of same length */
-FF.comp=function(a,b)
-{
- var i,j;
- for (i=a.length-1;i>=0;i--)
- {
- j=BIG.comp(a.v[i],b.v[i]);
- if (j!==0) return j;
- }
- return 0;
-};
-
-FF.fromBytes=function(x,b)
-{
- for (var i=0;i<x.length;i++)
- {
- x.v[i]=BIG.frombytearray(b,(x.length-i-1)*ROM.MODBYTES);
- }
-};
-
-/* in-place swapping using xor - side channel resistant - lengths must be the same */
-FF.cswap=function(a,b,d)
-{
- for (var i=0;i<a.length;i++)
- {
- // BIG.cswap(a.v[i],b.v[i],d);
- a.v[i].cswap(b.v[i],d);
- }
-};
-
- /* z=x*y. Assumes x and y are of same length. */
-FF.mul=function(x,y)
-{
- var n=x.length;
- var z=new FF(2*n);
- var t=new FF(2*n);
- z.karmul(0,x,0,y,0,t,0,n);
- return z;
-};
-
- /* z=x^2 */
-FF.sqr=function(x)
-{
- var n=x.length;
- var z=new FF(2*n);
- var t=new FF(2*n);
- z.karsqr(0,x,0,t,0,n);
- return z;
-};
-
-FF.igcd=function(x,y)
-{ /* integer GCD, returns GCD of x and y */
- var r;
- if (y===0) return x;
- while ((r=x%y)!==0)
- {x=y;y=r;}
- return y;
-};
-
-/* Miller-Rabin test for primality. Slow. */
-FF.prime=function(p,rng)
-{
- var i,j,s=0,n=p.length;
- var loop;
- var d=new FF(n);
- var x=new FF(n);
- var unity=new FF(n);
- var nm1=new FF(n);
-
- var sf=4849845; /* 3*5*.. *19 */
- p.norm();
-
- if (p.cfactor(sf)) return false;
- unity.one();
- nm1.copy(p);
- nm1.sub(unity);
- nm1.norm();
- d.copy(nm1);
-
- while (d.parity()===0)
- {
- d.shr();
- s++;
- }
- if (s===0) return false;
-
- for (i=0;i<10;i++)
- {
- x.randomnum(p,rng);
- x.pow(d,p);
- if (FF.comp(x,unity)===0 || FF.comp(x,nm1)===0) continue;
- loop=false;
- for (j=1;j<s;j++)
- {
- x.power(2,p);
- if (FF.comp(x,unity)===0) return false;
- if (FF.comp(x,nm1)===0) {loop=true; break;}
- }
- if (loop) continue;
- return false;
- }
- return true;
-};
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/FP.js
----------------------------------------------------------------------
diff --git a/version22/js/FP.js b/version22/js/FP.js
deleted file mode 100644
index 0d23382..0000000
--- a/version22/js/FP.js
+++ /dev/null
@@ -1,360 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/* Finite Field arithmetic */
-/* AMCL mod p functions */
-
-/* General purpose COnstructor */
-var FP = function(x) {
- if (x instanceof FP)
- {
- this.f=new BIG(x.f);
- }
- else
- {
- this.f=new BIG(x);
- this.nres();
- }
-};
-
-FP.prototype={
-/* set this=0 */
- zero: function()
- {
- return this.f.zero();
- },
-
-/* copy from a BIG in ROM */
- rcopy: function(y)
- {
- this.f.rcopy(y);
- this.nres();
- },
-
-/* copy from another BIG */
- bcopy: function(y)
- {
- this.f.copy(y);
- this.nres();
-//alert("4. f= "+this.f.toString());
- },
-
-/* copy from another FP */
- copy: function(y)
- {
- return this.f.copy(y.f);
- },
-
-/* conditional swap of a and b depending on d */
- cswap: function(b,d)
- {
- this.f.cswap(b.f,d);
- },
-
-/* conditional copy of b to a depending on d */
- cmove: function(b,d)
- {
- this.f.cmove(b.f,d);
- },
-
-/* convert to Montgomery n-residue form */
- nres: function()
- {
- if (ROM.MODTYPE!=ROM.PSEUDO_MERSENNE && ROM.MODTYPE!=ROM.GENERALISED_MERSENNE)
- {
- var p=new BIG();
- p.rcopy(ROM.Modulus);
- var d=new DBIG(0);
-//alert("f= "+this.f.toString());
- d.hcopy(this.f);
- d.norm();
-//alert("1. d= "+d.toString());
- d.shl(ROM.NLEN*ROM.BASEBITS);
-//alert("2. d= "+d.toString());
- this.f.copy(d.mod(p));
-//alert("3. f= "+this.f.toString());
-
- }
- return this;
- },
-
-/* convert back to regular form */
- redc: function()
- {
- var r=new BIG(0);
- r.copy(this.f);
- if (ROM.MODTYPE!=ROM.PSEUDO_MERSENNE && ROM.MODTYPE!=ROM.GENERALISED_MERSENNE)
- {
- var d=new DBIG(0);
- d.hcopy(this.f);
-//alert("rd= "+d.toString());
- var w=BIG.mod(d);
-//alert("w= "+w.toString());
- r.copy(w);
- }
-
- return r;
- },
-
-/* convert this to string */
- toString: function()
- {
- var s=this.redc().toString();
- return s;
- },
-
-/* test this=0 */
- iszilch: function()
- {
- this.reduce();
- return this.f.iszilch();
- },
-
-/* reduce this mod Modulus */
- reduce: function()
- {
- var p=new BIG(0);
- p.rcopy(ROM.Modulus);
- return this.f.mod(p);
- },
-
-/* set this=1 */
- one: function()
- {
- this.f.one();
- return this.nres();
- },
-
-/* normalise this */
- norm: function()
- {
- return this.f.norm();
- },
-
-/* this*=b mod Modulus */
- mul: function(b)
- {
- this.norm();
- b.norm();
- var ea=BIG.EXCESS(this.f);
- var eb=BIG.EXCESS(b.f);
-
- if ((ea+1)*(eb+1)>ROM.FEXCESS) this.reduce();
- //if ((ea+1) >= Math.floor((ROM.FEXCESS-1)/(eb+1))) this.reduce();
-
- var d=BIG.mul(this.f,b.f);
- this.f.copy(BIG.mod(d));
- return this;
- },
-
-/* this*=c mod Modulus where c is an int */
- imul: function(c)
- {
- var s=false;
- this.norm();
- if (c<0)
- {
- c=-c;
- s=true;
- }
-
- var afx=(BIG.EXCESS(this.f)+1)*(c+1)+1;
- if (c<ROM.NEXCESS && afx<ROM.FEXCESS)
- {
- this.f.imul(c);
- }
- else
- {
- if (afx<ROM.FEXCESS) this.f.pmul(c);
- else
- {
- var p=new BIG(0);
- p.rcopy(ROM.Modulus);
- var d=this.f.pxmul(c);
- this.f.copy(d.mod(p));
- }
- }
- if (s) this.neg();
- return this.norm();
- },
-
-/* this*=this mod Modulus */
- sqr: function()
- {
- var d;
- this.norm();
- var ea=BIG.EXCESS(this.f);
-
- if ((ea+1)*(ea+1)>ROM.FEXCESS) this.reduce();
- //if ((ea+1)>= Math.floor((ROM.FEXCESS-1)/(ea+1))) this.reduce();
-
- d=BIG.sqr(this.f);
- var t=BIG.mod(d);
- this.f.copy(t);
- return this;
- },
-
-/* this+=b */
- add: function(b)
- {
- this.f.add(b.f);
- if (BIG.EXCESS(this.f)+2>=ROM.FEXCESS) this.reduce();
- return this;
- },
-/* this=-this mod Modulus */
- neg: function()
- {
- var sb,ov;
- var m=new BIG(0);
- m.rcopy(ROM.Modulus);
-
- this.norm();
- sb=FP.logb2(BIG.EXCESS(this.f));
-
-// ov=BIG.EXCESS(this.f);
-// sb=1; while(ov!==0) {sb++;ov>>=1;}
-
- m.fshl(sb);
- this.f.rsub(m);
- if (BIG.EXCESS(this.f)>=ROM.FEXCESS) this.reduce();
- return this;
- },
-
-/* this-=b */
- sub: function(b)
- {
- var n=new FP(0);
- n.copy(b);
- n.neg();
- this.add(n);
- return this;
- },
-
-/* this/=2 mod Modulus */
- div2: function()
- {
- this.norm();
- if (this.f.parity()===0)
- this.f.fshr(1);
- else
- {
- var p=new BIG(0);
- p.rcopy(ROM.Modulus);
-
- this.f.add(p);
- this.f.norm();
- this.f.fshr(1);
- }
- return this;
- },
-
-/* this=1/this mod Modulus */
- inverse: function()
- {
- var p=new BIG(0);
- p.rcopy(ROM.Modulus);
- var r=this.redc();
- r.invmodp(p);
- this.f.copy(r);
- return this.nres();
- },
-
-/* return TRUE if this==a */
- equals: function(a)
- {
- a.reduce();
- this.reduce();
- if (BIG.comp(a.f,this.f)===0) return true;
- return false;
- },
-
-/* return this^e mod Modulus */
- pow: function(e)
- {
- var bt;
- var r=new FP(1);
- e.norm();
- this.norm();
- var m=new FP(0);
- m.copy(this);
- while (true)
- {
- bt=e.parity();
- e.fshr(1);
- if (bt==1) r.mul(m);
- if (e.iszilch()) break;
- m.sqr();
- }
-
- r.reduce();
- return r;
- },
-
-/* return jacobi symbol (this/Modulus) */
- jacobi: function()
- {
- var p=new BIG(0);
- p.rcopy(ROM.Modulus);
- var w=this.redc();
- return w.jacobi(p);
- },
-
-/* return sqrt(this) mod Modulus */
- sqrt: function()
- {
- this.reduce();
- var b=new BIG(0);
- b.rcopy(ROM.Modulus);
- if (ROM.MOD8==5)
- {
- b.dec(5); b.norm(); b.shr(3);
- var i=new FP(0);
- i.copy(this);
- i.f.shl(1);
- var v=i.pow(b);
- i.mul(v); i.mul(v);
- i.f.dec(1);
- var r=new FP(0);
- r.copy(this);
- r.mul(v); r.mul(i);
- r.reduce();
- return r;
- }
- else
- {
- b.inc(1); b.norm(); b.shr(2);
- return this.pow(b);
- }
- }
-
-};
-
-FP.logb2=function(v)
-{
- v |= v >>> 1;
- v |= v >>> 2;
- v |= v >>> 4;
- v |= v >>> 8;
- v |= v >>> 16;
-
- v = v - ((v >>> 1) & 0x55555555);
- v = (v & 0x33333333) + ((v >>> 2) & 0x33333333);
- var r = ((v + (v >>> 4) & 0xF0F0F0F) * 0x1010101) >>> 24;
- return r+1;
-};
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/FP12.js
----------------------------------------------------------------------
diff --git a/version22/js/FP12.js b/version22/js/FP12.js
deleted file mode 100644
index 0d85044..0000000
--- a/version22/js/FP12.js
+++ /dev/null
@@ -1,558 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/* AMCL Fp^12 functions */
-
-/* FP12 elements are of the form a+i.b+i^2.c */
-
-/* general purpose constructor */
-var FP12= function(d,e,f)
-{
- if (d instanceof FP12)
- {
- this.a=new FP4(d.a);
- this.b=new FP4(d.b);
- this.c=new FP4(d.c);
- }
- else
- {
- this.a=new FP4(d);
- this.b=new FP4(e);
- this.c=new FP4(f);
- }
-};
-
-FP12.prototype={
-/* reduce all components of this mod Modulus */
- reduce: function()
- {
- this.a.reduce();
- this.b.reduce();
- this.c.reduce();
- },
-/* normalize all components of this mod Modulus */
- norm: function()
- {
- this.a.norm();
- this.b.norm();
- this.c.norm();
- },
-/* test x==0 ? */
- iszilch: function()
- {
- this.reduce();
- return (this.a.iszilch() && this.b.iszilch() && this.c.iszilch());
- },
-/* test x==1 ? */
- isunity: function()
- {
- var one=new FP4(1);
- return (this.a.equals(one) && this.b.iszilch() && this.b.iszilch());
- },
-/* extract a from this */
- geta: function()
- {
- return this.a;
- },
-/* extract b */
- getb: function()
- {
- return this.b;
- },
-/* extract c */
- getc: function()
- {
- return this.c;
- },
-/* return 1 if x==y, else 0 */
- equals: function(x)
- {
- return (this.a.equals(x.a) && this.b.equals(x.b)&& this.c.equals(x.c));
- },
-/* copy this=x */
- copy: function(x)
- {
- this.a.copy(x.a);
- this.b.copy(x.b);
- this.c.copy(x.c);
- },
-/* set this=1 */
- one: function()
- {
- this.a.one();
- this.b.zero();
- this.c.zero();
- },
-/* this=conj(this) */
- conj: function()
- {
- this.a.conj();
- this.b.nconj();
- this.c.conj();
- },
-
-/* set this from 3 FP4s */
- set: function(d,e,f)
- {
- this.a.copy(d);
- this.b.copy(e);
- this.c.copy(f);
- },
-/* set this from one FP4 */
- seta: function(d)
- {
- this.a.copy(d);
- this.b.zero();
- this.c.zero();
- },
-
-/* Granger-Scott Unitary Squaring */
- usqr: function()
- {
- var A=new FP4(this.a); //A.copy(this.a);
- var B=new FP4(this.c); //B.copy(this.c);
- var C=new FP4(this.b); //C.copy(this.b);
- var D=new FP4(0);
-
- this.a.sqr();
- D.copy(this.a); D.add(this.a);
- this.a.add(D);
-
- A.nconj();
-
- A.add(A);
- this.a.add(A);
- B.sqr();
- B.times_i();
-
- D.copy(B); D.add(B);
- B.add(D);
-
- C.sqr();
- D.copy(C); D.add(C);
- C.add(D);
-
- this.b.conj();
- this.b.add(this.b);
- this.c.nconj();
-
- this.c.add(this.c);
- this.b.add(B);
- this.c.add(C);
- this.reduce();
- },
-
-/* Chung-Hasan SQR2 method from http://cacr.uwaterloo.ca/techreports/2006/cacr2006-24.pdf */
- sqr: function()
- {
- var A=new FP4(this.a); //A.copy(this.a);
- var B=new FP4(this.b); //B.copy(this.b);
- var C=new FP4(this.c); //C.copy(this.c);
- var D=new FP4(this.a); //D.copy(this.a);
-
- A.sqr();
- B.mul(this.c);
- B.add(B);
- C.sqr();
- D.mul(this.b);
- D.add(D);
-
- this.c.add(this.a);
- this.c.add(this.b);
- this.c.sqr();
-
- this.a.copy(A);
-
- A.add(B);
- A.add(C);
- A.add(D);
- A.neg();
- B.times_i();
- C.times_i();
-
- this.a.add(B);
- this.b.copy(C); this.b.add(D);
- this.c.add(A);
-
- this.norm();
- },
-
-/* FP12 full multiplication this=this*y */
- mul: function(y)
- {
- var z0=new FP4(this.a); //z0.copy(this.a);
- var z1=new FP4(0);
- var z2=new FP4(this.b); //z2.copy(this.b);
- var z3=new FP4(0);
- var t0=new FP4(this.a); //t0.copy(this.a);
- var t1=new FP4(y.a); //t1.copy(y.a);
-
- z0.mul(y.a);
- z2.mul(y.b);
-
- t0.add(this.b);
- t1.add(y.b);
-
- z1.copy(t0); z1.mul(t1);
- t0.copy(this.b); t0.add(this.c);
-
- t1.copy(y.b); t1.add(y.c);
- z3.copy(t0); z3.mul(t1);
-
- t0.copy(z0); t0.neg();
- t1.copy(z2); t1.neg();
-
- z1.add(t0);
- this.b.copy(z1); this.b.add(t1);
-
- z3.add(t1);
- z2.add(t0);
-
- t0.copy(this.a); t0.add(this.c);
- t1.copy(y.a); t1.add(y.c);
- t0.mul(t1);
- z2.add(t0);
-
- t0.copy(this.c); t0.mul(y.c);
- t1.copy(t0); t1.neg();
-
- this.c.copy(z2); this.c.add(t1);
- z3.add(t1);
- t0.times_i();
- this.b.add(t0);
-
- z3.times_i();
- this.a.copy(z0); this.a.add(z3);
-
- this.norm();
- },
-
-/* Special case this*=y that arises from special form of ATE pairing line function */
- smul: function(y)
- {
- var z0=new FP4(this.a); //z0.copy(this.a);
- var z2=new FP4(this.b); //z2.copy(this.b);
- var z3=new FP4(this.b); //z3.copy(this.b);
- var t0=new FP4(0);
- var t1=new FP4(y.a); //t1.copy(y.a);
-
- z0.mul(y.a);
- z2.pmul(y.b.real());
- this.b.add(this.a);
- t1.real().add(y.b.real());
-
- this.b.mul(t1);
- z3.add(this.c);
- z3.pmul(y.b.real());
-
- t0.copy(z0); t0.neg();
- t1.copy(z2); t1.neg();
-
- this.b.add(t0);
-
- this.b.add(t1);
- z3.add(t1);
- z2.add(t0);
-
- t0.copy(this.a); t0.add(this.c);
- t0.mul(y.a);
- this.c.copy(z2); this.c.add(t0);
-
- z3.times_i();
- this.a.copy(z0); this.a.add(z3);
-
- this.norm();
- },
-
-/* this=1/this */
- inverse: function()
- {
- var f0=new FP4(this.a); //f0.copy(this.a);
- var f1=new FP4(this.b); //f1.copy(this.b);
- var f2=new FP4(this.a); //f2.copy(this.a);
- var f3=new FP4(0);
-
- f0.sqr();
- f1.mul(this.c);
- f1.times_i();
- f0.sub(f1);
-
- f1.copy(this.c); f1.sqr();
- f1.times_i();
- f2.mul(this.b);
- f1.sub(f2);
-
- f2.copy(this.b); f2.sqr();
- f3.copy(this.a); f3.mul(this.c);
- f2.sub(f3);
-
- f3.copy(this.b); f3.mul(f2);
- f3.times_i();
- this.a.mul(f0);
- f3.add(this.a);
- this.c.mul(f1);
- this.c.times_i();
-
- f3.add(this.c);
- f3.inverse();
- this.a.copy(f0); this.a.mul(f3);
- this.b.copy(f1); this.b.mul(f3);
- this.c.copy(f2); this.c.mul(f3);
- },
-
-/* this=this^p, where p=Modulus, using Frobenius */
- frob: function(f)
- {
- var f2=new FP2(f);
- var f3=new FP2(f);
-
- f2.sqr();
- f3.mul(f2);
-
- this.a.frob(f3);
- this.b.frob(f3);
- this.c.frob(f3);
-
- this.b.pmul(f);
- this.c.pmul(f2);
- },
-
-/* trace function */
- trace: function()
- {
- var t=new FP4(0);
- t.copy(this.a);
- t.imul(3);
- t.reduce();
- return t;
- },
-/* convert this to hex string */
- toString: function()
- {
- return ("["+this.a.toString()+","+this.b.toString()+","+this.c.toString()+"]");
- },
-/* convert this to byte array */
- toBytes: function(w)
- {
- var i;
- var t=[];
- this.a.geta().getA().toBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) w[i]=t[i];
- this.a.geta().getB().toBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) w[i+ROM.MODBYTES]=t[i];
- this.a.getb().getA().toBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) w[i+2*ROM.MODBYTES]=t[i];
- this.a.getb().getB().toBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) w[i+3*ROM.MODBYTES]=t[i];
-
- this.b.geta().getA().toBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) w[i+4*ROM.MODBYTES]=t[i];
- this.b.geta().getB().toBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) w[i+5*ROM.MODBYTES]=t[i];
- this.b.getb().getA().toBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) w[i+6*ROM.MODBYTES]=t[i];
- this.b.getb().getB().toBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) w[i+7*ROM.MODBYTES]=t[i];
-
- this.c.geta().getA().toBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) w[i+8*ROM.MODBYTES]=t[i];
- this.c.geta().getB().toBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) w[i+9*ROM.MODBYTES]=t[i];
- this.c.getb().getA().toBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) w[i+10*ROM.MODBYTES]=t[i];
- this.c.getb().getB().toBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) w[i+11*ROM.MODBYTES]=t[i];
- },
-
-/* set this=this^e */
- pow: function(e)
- {
- this.norm();
- e.norm();
- var w=new FP12(this); //w.copy(this);
- var z=new BIG(e); //z.copy(e);
- var r=new FP12(1);
-
- while (true)
- {
- var bt=z.parity();
- z.fshr(1);
- if (bt==1) r.mul(w);
- if (z.iszilch()) break;
- w.usqr();
- }
- r.reduce();
- return r;
- },
-
-/* constant time powering by small integer of max length bts */
- pinpow: function(e,bts)
- {
- var i,b;
- var R=[];
- R[0]=new FP12(1);
- R[1]=new FP12(this);
- for (i=bts-1;i>=0;i--)
- {
- b=(e>>i)&1;
- R[1-b].mul(R[b]);
- R[b].usqr();
- }
- this.copy(R[0]);
- }
-};
-
-/* convert from byte array to FP12 */
-FP12.fromBytes= function(w)
-{
- var i,a,b,c,d,e,f,g;
- var t=[];
-
- for (i=0;i<ROM.MODBYTES;i++) t[i]=w[i];
- a=BIG.fromBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) t[i]=w[i+ROM.MODBYTES];
- b=BIG.fromBytes(t);
- c=new FP2(a,b); //c.bset(a,b);
-
- for (i=0;i<ROM.MODBYTES;i++) t[i]=w[i+2*ROM.MODBYTES];
- a=BIG.fromBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) t[i]=w[i+3*ROM.MODBYTES];
- b=BIG.fromBytes(t);
- d=new FP2(a,b); //d.bset(a,b);
-
- e=new FP4(c,d); //e.set(c,d);
-
- for (i=0;i<ROM.MODBYTES;i++) t[i]=w[i+4*ROM.MODBYTES];
- a=BIG.fromBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) t[i]=w[i+5*ROM.MODBYTES];
- b=BIG.fromBytes(t);
- c=new FP2(a,b); //c.bset(a,b);
-
- for (i=0;i<ROM.MODBYTES;i++) t[i]=w[i+6*ROM.MODBYTES];
- a=BIG.fromBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) t[i]=w[i+7*ROM.MODBYTES];
- b=BIG.fromBytes(t);
- d=new FP2(a,b);
-
- f=new FP4(c,d); //f.set(c,d);
-
- for (i=0;i<ROM.MODBYTES;i++) t[i]=w[i+8*ROM.MODBYTES];
- a=BIG.fromBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) t[i]=w[i+9*ROM.MODBYTES];
- b=BIG.fromBytes(t);
- c=new FP2(a,b); //c.bset(a,b);
-
- for (i=0;i<ROM.MODBYTES;i++) t[i]=w[i+10*ROM.MODBYTES];
- a=BIG.fromBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) t[i]=w[i+11*ROM.MODBYTES];
- b=BIG.fromBytes(t);
- d=new FP2(a,b); //d.bset(a,b);
-
- g=new FP4(c,d); //g.set(c,d);
-
- var r=new FP12(e,f,g); //r.set(e,f,g);
-
- return r;
-};
-
-/* p=q0^u0.q1^u1.q2^u2.q3^u3 */
-/* Timing attack secure, but not cache attack secure */
-
-FP12.pow4= function(q,u)
-{
- var i,j,nb,m;
- var a=[];
- var g=[];
- var s=[];
-
- var c=new FP12(1);
- var p=new FP12(0);
- var t=[];
-
- var mt=new BIG(0);
- var w=[];
-
- for (i=0;i<4;i++)
- t[i]=new BIG(u[i]);
-
- s[0]=new FP12(0);
- s[1]=new FP12(0);
-
- g[0]=new FP12(q[0]); s[0].copy(q[1]); s[0].conj(); g[0].mul(s[0]);
- g[1]=new FP12(g[0]);
- g[2]=new FP12(g[0]);
- g[3]=new FP12(g[0]);
- g[4]=new FP12(q[0]); g[4].mul(q[1]);
- g[5]=new FP12(g[4]);
- g[6]=new FP12(g[4]);
- g[7]=new FP12(g[4]);
-
- s[1].copy(q[2]); s[0].copy(q[3]); s[0].conj(); s[1].mul(s[0]);
- s[0].copy(s[1]); s[0].conj(); g[1].mul(s[0]);
- g[2].mul(s[1]);
- g[5].mul(s[0]);
- g[6].mul(s[1]);
- s[1].copy(q[2]); s[1].mul(q[3]);
- s[0].copy(s[1]); s[0].conj(); g[0].mul(s[0]);
- g[3].mul(s[1]);
- g[4].mul(s[0]);
- g[7].mul(s[1]);
-
-/* if power is even add 1 to power, and add q to correction */
-
- for (i=0;i<4;i++)
- {
- if (t[i].parity()==0)
- {
- t[i].inc(1); t[i].norm();
- c.mul(q[i]);
- }
- mt.add(t[i]); mt.norm();
- }
- c.conj();
- nb=1+mt.nbits();
-
-/* convert exponent to signed 1-bit window */
- for (j=0;j<nb;j++)
- {
- for (i=0;i<4;i++)
- {
- a[i]=(t[i].lastbits(2)-2);
- t[i].dec(a[i]); t[i].norm();
- t[i].fshr(1);
- }
- w[j]=(8*a[0]+4*a[1]+2*a[2]+a[3]);
- }
- w[nb]=(8*t[0].lastbits(2)+4*t[1].lastbits(2)+2*t[2].lastbits(2)+t[3].lastbits(2));
- p.copy(g[Math.floor((w[nb]-1)/2)]);
-
- for (i=nb-1;i>=0;i--)
- {
- m=w[i]>>31;
- j=(w[i]^m)-m; /* j=abs(w[i]) */
- j=(j-1)/2;
- s[0].copy(g[j]); s[1].copy(g[j]); s[1].conj();
- p.usqr();
- p.mul(s[m&1]);
- }
- p.mul(c); /* apply correction */
- p.reduce();
- return p;
-};
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/FP2.js
----------------------------------------------------------------------
diff --git a/version22/js/FP2.js b/version22/js/FP2.js
deleted file mode 100644
index a7b4e95..0000000
--- a/version22/js/FP2.js
+++ /dev/null
@@ -1,321 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/* Finite Field arithmetic Fp^2 functions */
-
-/* FP2 elements are of the form a+ib, where i is sqrt(-1) */
-
-/* general purpose constructor */
-var FP2 =function(c,d)
-{
- if (c instanceof FP2)
- {
- this.a=new FP(c.a);
- this.b=new FP(c.b);
- }
- else
- {
- this.a=new FP(c);
- this.b=new FP(d);
- }
-};
-
-FP2.prototype={
-/* reduce components mod Modulus */
- reduce: function()
- {
- this.a.reduce();
- this.b.reduce();
- },
-/* normalise components of w */
- norm: function()
- {
- this.a.norm();
- this.b.norm();
- },
-/* test this=0 ? */
- iszilch: function()
- {
- this.reduce();
- return (this.a.iszilch() && this.b.iszilch());
- },
-/* test this=1 ? */
- isunity: function()
- {
- var one=new FP(1);
- return (this.a.equals(one) && this.b.iszilch());
- },
-/* conditional copy of g to this depending on d */
- cmove:function(g,d)
- {
- this.a.cmove(g.a,d);
- this.b.cmove(g.b,d);
- },
-
-/* test this=x */
- equals: function(x) {
- return (this.a.equals(x.a) && this.b.equals(x.b));
- },
-/* extract a */
- getA: function()
- {
- return this.a.redc();
- },
-/* extract b */
- getB: function()
- {
- return this.b.redc();
- },
-
-/* set from pair of FPs */
- set: function(c,d)
- {
- this.a.copy(c);
- this.b.copy(d);
- },
-/* set a */
- seta: function(c)
- {
- this.a.copy(c);
- this.b.zero();
- },
-
-/* set from two BIGs */
- bset: function(c,d)
- {
- this.a.bcopy(c);
- this.b.bcopy(d);
- },
-
-/* set from one BIG */
- bseta: function(c)
- {
- this.a.bcopy(c);
- this.b.zero();
- },
-/* copy this=x */
- copy: function(x)
- {
- this.a.copy(x.a);
- this.b.copy(x.b);
- },
-/* set this=0 */
- zero: function()
- {
- this.a.zero();
- this.b.zero();
- },
-/* set this=1 */
- one: function()
- {
- this.a.one();
- this.b.zero();
- },
-/* negate this */
- neg: function()
- {
- this.norm();
- var m=new FP(this.a);
- var t=new FP(0);
-
- m.add(this.b);
- m.neg();
- m.norm();
- t.copy(m); t.add(this.b);
- this.b.copy(m);
- this.b.add(this.a);
- this.a.copy(t);
- //this.norm();
- },
-/* conjugate this */
- conj: function()
- {
- this.b.neg();
- },
-/* this+=a */
- add: function(x)
- {
- this.a.add(x.a);
- this.b.add(x.b);
- },
-/* this-=x */
- sub: function(x)
- {
- var m=new FP2(x); //var m=new FP2(0); m.copy(x);
- m.neg();
- this.add(m);
- },
-/* this*=s, where s is FP */
- pmul: function(s)
- {
- this.a.mul(s);
- this.b.mul(s);
- },
-/* this*=c, where s is int */
- imul: function(c)
- {
- this.a.imul(c);
- this.b.imul(c);
- },
-/* this*=this */
- sqr: function()
- {
- this.norm();
-
- var w1=new FP(this.a);
- var w3=new FP(this.a);
- var mb=new FP(this.b);
-
- w3.mul(this.b);
- w1.add(this.b);
- mb.neg();
- this.a.add(mb);
- this.a.mul(w1);
- this.b.copy(w3); this.b.add(w3);
- this.norm();
- },
-/* this*=y */
- mul: function(y)
- {
- this.norm(); // This is needed here as {a,b} is not normed before additions
-
- var w1=new FP(this.a);
- var w2=new FP(this.b);
- var w5=new FP(this.a);
- var mw=new FP(0);
-
- w1.mul(y.a); // w1=a*y.a - this norms w1 and y.a, NOT a
- w2.mul(y.b); // w2=b*y.b - this norms w2 and y.b, NOT b
- w5.add(this.b); // w5=a+b
- this.b.copy(y.a); this.b.add(y.b); // b=y.a+y.b
-
- this.b.mul(w5);
- mw.copy(w1); mw.add(w2); mw.neg();
-
- this.b.add(mw); mw.add(w1);
- this.a.copy(w1); this.a.add(mw);
-
- this.norm();
- },
-
-/* sqrt(a+ib) = sqrt(a+sqrt(a*a-n*b*b)/2)+ib/(2*sqrt(a+sqrt(a*a-n*b*b)/2)) */
-/* returns true if this is QR */
- sqrt: function()
- {
- if (this.iszilch()) return true;
- var w1=new FP(this.b);
- var w2=new FP(this.a);
-
- w1.sqr(); w2.sqr(); w1.add(w2);
- if (w1.jacobi()!=1) { this.zero(); return false; }
- w1=w1.sqrt();
- w2.copy(this.a); w2.add(w1); w2.div2();
- if (w2.jacobi()!=1)
- {
- w2.copy(this.a); w2.sub(w1); w2.div2();
- if (w2.jacobi()!=1) { this.zero(); return false; }
- }
- w2=w2.sqrt();
- this.a.copy(w2);
- w2.add(w2);
- w2.inverse();
- this.b.mul(w2);
- return true;
- },
-
-/* convert this to hex string */
- toString: function()
- {
- return ("["+this.a.toString()+","+this.b.toString()+"]");
- },
-/* this=1/this */
- inverse: function()
- {
- this.norm();
- var w1=new FP(this.a);
- var w2=new FP(this.b);
- w1.sqr();
- w2.sqr();
- w1.add(w2);
- w1.inverse();
- this.a.mul(w1);
- w1.neg();
- this.b.mul(w1);
- },
-/* this/=2 */
- div2: function()
- {
- this.a.div2();
- this.b.div2();
- },
-/* this*=sqrt(-1) */
- times_i: function()
- {
- var z=new FP(this.a); //z.copy(this.a);
- this.a.copy(this.b); this.a.neg();
- this.b.copy(z);
- },
-
-/* w*=(1+sqrt(-1)) */
-/* where X*2-(1+sqrt(-1)) is irreducible for FP4, assumes p=3 mod 8 */
- mul_ip: function()
- {
- this.norm();
- var t=new FP2(this);// t.copy(this);
- var z=new FP(this.a); //z.copy(this.a);
- this.a.copy(this.b);
- this.a.neg();
- this.b.copy(z);
- this.add(t);
- this.norm();
- },
-
-/* w/=(1+sqrt(-1)) */
- div_ip: function()
- {
- var t=new FP2(0);
- this.norm();
- t.a.copy(this.a); t.a.add(this.b);
- t.b.copy(this.b); t.b.sub(this.a);
- this.copy(t);
- this.div2();
- },
-/* this=this^e */
- pow: function(e)
- {
- var bt;
- var r=new FP2(1);
- this.norm();
- var x=new FP2(this); //x.copy(this);
- e.norm();
- while (true)
- {
- bt=e.parity();
- e.fshr(1);
- if (bt==1) r.mul(x);
- if (e.iszilch()) break;
- x.sqr();
- }
-
- r.reduce();
- return r;
- }
-
-};
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/FP4.js
----------------------------------------------------------------------
diff --git a/version22/js/FP4.js b/version22/js/FP4.js
deleted file mode 100644
index 640ac63..0000000
--- a/version22/js/FP4.js
+++ /dev/null
@@ -1,501 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/* Finite Field arithmetic Fp^4 functions */
-
-/* FP4 elements are of the form a+ib, where i is sqrt(-1+sqrt(-1)) */
-
-/* general purpose constructor */
-var FP4=function(c,d)
-{
- if (c instanceof FP4)
- {
- this.a=new FP2(c.a);
- this.b=new FP2(c.b);
- }
- else
- {
- this.a=new FP2(c);
- this.b=new FP2(d);
- }
-};
-
-FP4.prototype={
-/* reduce all components of this mod Modulus */
- reduce: function()
- {
- this.a.reduce();
- this.b.reduce();
- },
-/* normalise all components of this mod Modulus */
- norm: function()
- {
- this.a.norm();
- this.b.norm();
- },
-/* test this==0 ? */
- iszilch: function()
- {
- this.reduce();
- return (this.a.iszilch() && this.b.iszilch());
- },
-/* test this==1 ? */
- isunity: function()
- {
- var one=new FP2(1);
- return (this.a.equals(one) && this.b.iszilch());
- },
-/* test is w real? That is in a+ib test b is zero */
- isreal: function()
- {
- return this.b.iszilch();
- },
-/* extract real part a */
- real: function()
- {
- return this.a;
- },
-
- geta: function()
- {
- return this.a;
- },
-/* extract imaginary part b */
- getb: function()
- {
- return this.b;
- },
-/* test this=x? */
- equals: function(x)
- {
- return (this.a.equals(x.a) && this.b.equals(x.b));
- },
-/* copy this=x */
- copy: function(x)
- {
- this.a.copy(x.a);
- this.b.copy(x.b);
- },
-/* this=0 */
- zero: function()
- {
- this.a.zero();
- this.b.zero();
- },
-/* this=1 */
- one: function()
- {
- this.a.one();
- this.b.zero();
- },
-
-/* set from two FP2s */
- set: function(c,d)
- {
- this.a.copy(c);
- this.b.copy(d);
- },
-/* set a */
- seta: function(c)
- {
- this.a.copy(c);
- this.b.zero();
- },
-/* this=-this */
- neg: function()
- {
- var m=new FP2(this.a); //m.copy(this.a);
- var t=new FP2(0);
- m.add(this.b);
- m.neg();
- m.norm();
- t.copy(m); t.add(this.b);
- this.b.copy(m);
- this.b.add(this.a);
- this.a.copy(t);
- },
-/* this=conjugate(this) */
- conj: function()
- {
- this.b.neg(); this.b.norm();
- },
-/* this=-conjugate(this) */
- nconj: function()
- {
- this.a.neg(); this.a.norm();
- },
-/* this+=x */
- add: function(x)
- {
- this.a.add(x.a);
- this.b.add(x.b);
- },
-/* this-=x */
- sub: function(x)
- {
- var m=new FP4(x); // m.copy(x);
- m.neg();
- this.add(m);
- },
-/* this*=s where s is FP2 */
- pmul: function(s)
- {
- this.a.mul(s);
- this.b.mul(s);
- },
-/* this*=c where s is int */
- imul: function(c)
- {
- this.a.imul(c);
- this.b.imul(c);
- },
-/* this*=this */
- sqr: function()
- {
- this.norm();
-
- var t1=new FP2(this.a); //t1.copy(this.a);
- var t2=new FP2(this.b); //t2.copy(this.b);
- var t3=new FP2(this.a); //t3.copy(this.a);
-
- t3.mul(this.b);
- t1.add(this.b);
- t2.mul_ip();
-
- t2.add(this.a);
- this.a.copy(t1);
-
- this.a.mul(t2);
-
- t2.copy(t3);
- t2.mul_ip();
- t2.add(t3);
-
- t2.neg();
-
- this.a.add(t2);
-
- this.b.copy(t3);
- this.b.add(t3);
-
- this.norm();
- },
-/* this*=y */
- mul: function(y)
- {
- this.norm();
-
- var t1=new FP2(this.a); //t1.copy(this.a);
- var t2=new FP2(this.b); //t2.copy(this.b);
- var t3=new FP2(0);
- var t4=new FP2(this.b); //t4.copy(this.b);
-
- t1.mul(y.a);
- t2.mul(y.b);
- t3.copy(y.b);
- t3.add(y.a);
- t4.add(this.a);
-
- t4.mul(t3);
- t4.sub(t1);
-
- this.b.copy(t4);
- this.b.sub(t2);
- t2.mul_ip();
- this.a.copy(t2);
- this.a.add(t1);
-
- this.norm();
- },
-/* convert to hex string */
- toString: function()
- {
- return ("["+this.a.toString()+","+this.b.toString()+"]");
- },
-/* this=1/this */
- inverse: function()
- {
- this.norm();
-
- var t1=new FP2(this.a); //t1.copy(this.a);
- var t2=new FP2(this.b);// t2.copy(this.b);
-
- t1.sqr();
- t2.sqr();
- t2.mul_ip();
- t1.sub(t2);
- t1.inverse();
- this.a.mul(t1);
- t1.neg();
- this.b.mul(t1);
- },
-
-/* this*=i where i = sqrt(-1+sqrt(-1)) */
- times_i: function()
- {
- var s=new FP2(this.b); //s.copy(this.b);
- var t=new FP2(this.b); //t.copy(this.b);
- s.times_i();
- t.add(s);
- this.b.copy(this.a);
- this.a.copy(t);
- },
-
-/* this=this^q using Frobenius, where q is Modulus */
- frob: function(f)
- {
- this.a.conj();
- this.b.conj();
- this.b.mul(f);
- },
-
-/* this=this^e */
- pow: function(e)
- {
- this.norm();
- e.norm();
- var w=new FP4(this); //w.copy(this);
- var z=new BIG(e); //z.copy(e);
- var r=new FP4(1);
- while (true)
- {
- var bt=z.parity();
- z.fshr(1);
- if (bt==1) r.mul(w);
- if (z.iszilch()) break;
- w.sqr();
- }
- r.reduce();
- return r;
- },
-
-/* XTR xtr_a function */
- xtr_A: function(w,y,z)
- {
- var r=new FP4(w); //r.copy(w);
- var t=new FP4(w); //t.copy(w);
- r.sub(y);
- r.pmul(this.a);
- t.add(y);
- t.pmul(this.b);
- t.times_i();
-
- this.copy(r);
- this.add(t);
- this.add(z);
-
- this.norm();
- },
-/* XTR xtr_d function */
- xtr_D: function()
- {
- var w=new FP4(this); //w.copy(this);
- this.sqr(); w.conj();
- w.add(w);
- this.sub(w);
- this.reduce();
- },
-/* r=x^n using XTR method on traces of FP12s */
- xtr_pow: function(n)
- {
- var a=new FP4(3);
- var b=new FP4(this);
- var c=new FP4(b);
- c.xtr_D();
- var t=new FP4(0);
- var r=new FP4(0);
-
- n.norm();
- var par=n.parity();
- var v=new BIG(n); v.fshr(1);
- if (par===0) {v.dec(1); v.norm();}
-
- var nb=v.nbits();
- for (var i=nb-1;i>=0;i--)
- {
- if (v.bit(i)!=1)
- {
- t.copy(b);
- this.conj();
- c.conj();
- b.xtr_A(a,this,c);
- this.conj();
- c.copy(t);
- c.xtr_D();
- a.xtr_D();
- }
- else
- {
- t.copy(a); t.conj();
- a.copy(b);
- a.xtr_D();
- b.xtr_A(c,this,t);
- c.xtr_D();
- }
- }
- if (par===0) r.copy(c);
- else r.copy(b);
- r.reduce();
- return r;
- },
-
-/* r=ck^a.cl^n using XTR double exponentiation method on traces of FP12s. See Stam thesis. */
- xtr_pow2: function(ck,ckml,ckm2l,a,b)
- {
- a.norm(); b.norm();
- var e=new BIG(a); //e.copy(a);
- var d=new BIG(b); //d.copy(b);
- var w=new BIG(0);
-
- var cu=new FP4(ck); //cu.copy(ck); // can probably be passed in w/o copying
- var cv=new FP4(this); //cv.copy(this);
- var cumv=new FP4(ckml); //cumv.copy(ckml);
- var cum2v=new FP4(ckm2l); //cum2v.copy(ckm2l);
- var r=new FP4(0);
- var t=new FP4(0);
-
- var f2=0;
- while (d.parity()===0 && e.parity()===0)
- {
- d.fshr(1);
- e.fshr(1);
- f2++;
- }
-
- while (BIG.comp(d,e)!==0)
- {
- if (BIG.comp(d,e)>0)
- {
- w.copy(e); w.imul(4); w.norm();
- if (BIG.comp(d,w)<=0)
- {
- w.copy(d); d.copy(e);
- e.rsub(w); e.norm();
-
- t.copy(cv);
- t.xtr_A(cu,cumv,cum2v);
- cum2v.copy(cumv);
- cum2v.conj();
- cumv.copy(cv);
- cv.copy(cu);
- cu.copy(t);
-
- }
- else if (d.parity()===0)
- {
- d.fshr(1);
- r.copy(cum2v); r.conj();
- t.copy(cumv);
- t.xtr_A(cu,cv,r);
- cum2v.copy(cumv);
- cum2v.xtr_D();
- cumv.copy(t);
- cu.xtr_D();
- }
- else if (e.parity()==1)
- {
- d.sub(e); d.norm();
- d.fshr(1);
- t.copy(cv);
- t.xtr_A(cu,cumv,cum2v);
- cu.xtr_D();
- cum2v.copy(cv);
- cum2v.xtr_D();
- cum2v.conj();
- cv.copy(t);
- }
- else
- {
- w.copy(d);
- d.copy(e); d.fshr(1);
- e.copy(w);
- t.copy(cumv);
- t.xtr_D();
- cumv.copy(cum2v); cumv.conj();
- cum2v.copy(t); cum2v.conj();
- t.copy(cv);
- t.xtr_D();
- cv.copy(cu);
- cu.copy(t);
- }
- }
- if (BIG.comp(d,e)<0)
- {
- w.copy(d); w.imul(4); w.norm();
- if (BIG.comp(e,w)<=0)
- {
- e.sub(d); e.norm();
- t.copy(cv);
- t.xtr_A(cu,cumv,cum2v);
- cum2v.copy(cumv);
- cumv.copy(cu);
- cu.copy(t);
- }
- else if (e.parity()===0)
- {
- w.copy(d);
- d.copy(e); d.fshr(1);
- e.copy(w);
- t.copy(cumv);
- t.xtr_D();
- cumv.copy(cum2v); cumv.conj();
- cum2v.copy(t); cum2v.conj();
- t.copy(cv);
- t.xtr_D();
- cv.copy(cu);
- cu.copy(t);
- }
- else if (d.parity()==1)
- {
- w.copy(e);
- e.copy(d);
- w.sub(d); w.norm();
- d.copy(w); d.fshr(1);
- t.copy(cv);
- t.xtr_A(cu,cumv,cum2v);
- cumv.conj();
- cum2v.copy(cu);
- cum2v.xtr_D();
- cum2v.conj();
- cu.copy(cv);
- cu.xtr_D();
- cv.copy(t);
- }
- else
- {
- d.fshr(1);
- r.copy(cum2v); r.conj();
- t.copy(cumv);
- t.xtr_A(cu,cv,r);
- cum2v.copy(cumv);
- cum2v.xtr_D();
- cumv.copy(t);
- cu.xtr_D();
- }
- }
- }
- r.copy(cv);
- r.xtr_A(cu,cumv,cum2v);
- for (var i=0;i<f2;i++)
- r.xtr_D();
- r=r.xtr_pow(d);
- return r;
- }
-
-};
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/GCM.js
----------------------------------------------------------------------
diff --git a/version22/js/GCM.js b/version22/js/GCM.js
deleted file mode 100644
index 16482d0..0000000
--- a/version22/js/GCM.js
+++ /dev/null
@@ -1,305 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/*
- * Implementation of the AES-GCM Encryption/Authentication
- *
- * Some restrictions..
- * 1. Only for use with AES
- * 2. Returned tag is always 128-bits. Truncate at your own risk.
- * 3. The order of function calls must follow some rules
- *
- * Typical sequence of calls..
- * 1. call GCM_init
- * 2. call GCM_add_header any number of times, as long as length of header is multiple of 16 bytes (block size)
- * 3. call GCM_add_header one last time with any length of header
- * 4. call GCM_add_cipher any number of times, as long as length of cipher/plaintext is multiple of 16 bytes
- * 5. call GCM_add_cipher one last time with any length of cipher/plaintext
- * 6. call GCM_finish to extract the tag.
- *
- * See http://www.mindspring.com/~dmcgrew/gcm-nist-6.pdf
- */
-
-var GCM = function() {
- this.table=new Array(128);
- for (var i=0;i<128;i++)
- this.table[i]=new Array(4); /* 2k bytes */
- this.stateX=[];
- this.Y_0=[];
- this.counter=0;
- this.lenA=[];
- this.lenC=[];
- this.status=0;
- this.a=new AES();
-};
-
-GCM.prototype={
-
- precompute: function(H)
- {
- var i,j,c;
- var b=[];
-
- for (i=j=0;i<4;i++,j+=4)
- {
- b[0]=H[j]; b[1]=H[j+1]; b[2]=H[j+2]; b[3]=H[j+3];
- this.table[0][i]=GCM.pack(b);
- }
- for (i=1;i<128;i++)
- {
- c=0;
- for (j=0;j<4;j++)
- {
- this.table[i][j]=c|(this.table[i-1][j])>>>1;
- c=this.table[i-1][j]<<31;
- }
- if (c!==0) this.table[i][0]^=0xE1000000; /* irreducible polynomial */
- }
- },
-
- gf2mul: function()
- { /* gf2m mul - Z=H*X mod 2^128 */
- var i,j,m,k;
- var P=[];
- var c;
- var b=[];
-
- P[0]=P[1]=P[2]=P[3]=0;
- j=8; m=0;
- for (i=0;i<128;i++)
- {
- c=(this.stateX[m]>>>(--j))&1; c=~c+1;
- for (k=0;k<4;k++) P[k]^=(this.table[i][k]&c);
- if (j===0)
- {
- j=8; m++;
- if (m==16) break;
- }
- }
- for (i=j=0;i<4;i++,j+=4)
- {
- b=GCM.unpack(P[i]);
- this.stateX[j]=b[0]; this.stateX[j+1]=b[1]; this.stateX[j+2]=b[2]; this.stateX[j+3]=b[3];
- }
- },
-
- wrap: function()
- { /* Finish off GHASH */
- var i,j;
- var F=[];
- var L=[];
- var b=[];
-
-/* convert lengths from bytes to bits */
- F[0]=(this.lenA[0]<<3)|(this.lenA[1]&0xE0000000)>>>29;
- F[1]=this.lenA[1]<<3;
- F[2]=(this.lenC[0]<<3)|(this.lenC[1]&0xE0000000)>>>29;
- F[3]=this.lenC[1]<<3;
- for (i=j=0;i<4;i++,j+=4)
- {
- b=GCM.unpack(F[i]);
- L[j]=b[0]; L[j+1]=b[1]; L[j+2]=b[2]; L[j+3]=b[3];
- }
- for (i=0;i<16;i++) this.stateX[i]^=L[i];
- this.gf2mul();
- },
-
-/* Initialize GCM mode */
- init: function(nk,key,niv,iv)
- { /* iv size niv is usually 12 bytes (96 bits). AES key size nk can be 16,24 or 32 bytes */
- var i;
- var H=[];
- var b=[];
-
- for (i=0;i<16;i++) {H[i]=0; this.stateX[i]=0;}
-
- this.a.init(ROM.ECB,nk,key,iv);
- this.a.ecb_encrypt(H); /* E(K,0) */
- this.precompute(H);
-
- this.lenA[0]=this.lenC[0]=this.lenA[1]=this.lenC[1]=0;
- if (niv==12)
- {
- for (i=0;i<12;i++) this.a.f[i]=iv[i];
- b=GCM.unpack(1);
- this.a.f[12]=b[0]; this.a.f[13]=b[1]; this.a.f[14]=b[2]; this.a.f[15]=b[3]; /* initialise IV */
- for (i=0;i<16;i++) this.Y_0[i]=this.a.f[i];
- }
- else
- {
- this.status=ROM.GCM_ACCEPTING_CIPHER;
- this.ghash(iv,niv); /* GHASH(H,0,IV) */
- this.wrap();
- for (i=0;i<16;i++) {this.a.f[i]=this.stateX[i];this.Y_0[i]=this.a.f[i];this.stateX[i]=0;}
- this.lenA[0]=this.lenC[0]=this.lenA[1]=this.lenC[1]=0;
- }
- this.status=ROM.GCM_ACCEPTING_HEADER;
- },
-
-/* Add Header data - included but not encrypted */
- add_header: function(header,len)
- { /* Add some header. Won't be encrypted, but will be authenticated. len is length of header */
- var i,j=0;
- if (this.status!=ROM.GCM_ACCEPTING_HEADER) return false;
-
- while (j<len)
- {
- for (i=0;i<16 && j<len;i++)
- {
- this.stateX[i]^=header[j++];
- this.lenA[1]++; this.lenA[1]|=0; if (this.lenA[1]===0) this.lenA[0]++;
- }
- this.gf2mul();
- }
- if (len%16!==0) this.status=ROM.GCM_ACCEPTING_CIPHER;
- return true;
- },
-
- ghash: function(plain,len)
- {
- var i,j=0;
-
- if (this.status==ROM.GCM_ACCEPTING_HEADER) this.status=ROM.GCM_ACCEPTING_CIPHER;
- if (this.status!=ROM.GCM_ACCEPTING_CIPHER) return false;
-
- while (j<len)
- {
- for (i=0;i<16 && j<len;i++)
- {
- this.stateX[i]^=plain[j++];
- this.lenC[1]++; this.lenC[1]|=0; if (this.lenC[1]===0) this.lenC[0]++;
- }
- this.gf2mul();
- }
- if (len%16!==0) this.status=ROM.GCM_NOT_ACCEPTING_MORE;
- return true;
- },
-
-/* Add Plaintext - included and encrypted */
- add_plain: function(plain,len)
- {
- var i,j=0;
- var B=[];
- var b=[];
- var cipher=[];
-
- if (this.status==ROM.GCM_ACCEPTING_HEADER) this.status=ROM.GCM_ACCEPTING_CIPHER;
- if (this.status!=ROM.GCM_ACCEPTING_CIPHER) return cipher;
-
- while (j<len)
- {
-
- b[0]=this.a.f[12]; b[1]=this.a.f[13]; b[2]=this.a.f[14]; b[3]=this.a.f[15];
- this.counter=GCM.pack(b);
- this.counter++;
- b=GCM.unpack(this.counter);
- this.a.f[12]=b[0]; this.a.f[13]=b[1]; this.a.f[14]=b[2]; this.a.f[15]=b[3]; /* increment counter */
- for (i=0;i<16;i++) B[i]=this.a.f[i];
- this.a.ecb_encrypt(B); /* encrypt it */
-
- for (i=0;i<16 && j<len;i++)
- {
- cipher[j]=(plain[j]^B[i]);
- this.stateX[i]^=cipher[j++];
- this.lenC[1]++; this.lenC[1]|=0; if (this.lenC[1]===0) this.lenC[0]++;
- }
- this.gf2mul();
- }
- if (len%16!==0) this.status=ROM.GCM_NOT_ACCEPTING_MORE;
- return cipher;
- },
-
-/* Add Ciphertext - decrypts to plaintext */
- add_cipher: function(cipher,len)
- {
- var i,j=0;
- var B=[];
- var b=[];
- var plain=[];
-
- if (this.status==ROM.GCM_ACCEPTING_HEADER) this.status=ROM.GCM_ACCEPTING_CIPHER;
- if (this.status!=ROM.GCM_ACCEPTING_CIPHER) return plain;
-
- while (j<len)
- {
- b[0]=this.a.f[12]; b[1]=this.a.f[13]; b[2]=this.a.f[14]; b[3]=this.a.f[15];
- this.counter=GCM.pack(b);
- this.counter++;
- b=GCM.unpack(this.counter);
- this.a.f[12]=b[0]; this.a.f[13]=b[1]; this.a.f[14]=b[2]; this.a.f[15]=b[3]; /* increment counter */
- for (i=0;i<16;i++) B[i]=this.a.f[i];
- this.a.ecb_encrypt(B); /* encrypt it */
- for (i=0;i<16 && j<len;i++)
- {
- var oc=cipher[j];
- plain[j]=(cipher[j]^B[i]);
- this.stateX[i]^=oc; j++;
- this.lenC[1]++; this.lenC[1]|=0; if (this.lenC[1]===0) this.lenC[0]++;
- }
- this.gf2mul();
- }
- if (len%16!==0) this.status=ROM.GCM_NOT_ACCEPTING_MORE;
- return plain;
- },
-
-/* Finish and extract Tag */
- finish: function(extract)
- { /* Finish off GHASH and extract tag (MAC) */
- var i;
- var tag=[];
-
- this.wrap();
-/* extract tag */
- if (extract)
- {
- this.a.ecb_encrypt(this.Y_0); /* E(K,Y0) */
- for (i=0;i<16;i++) this.Y_0[i]^=this.stateX[i];
- for (i=0;i<16;i++) {tag[i]=this.Y_0[i];this.Y_0[i]=this.stateX[i]=0;}
- }
- this.status=ROM.GCM_FINISHED;
- this.a.end();
- return tag;
- }
-
-};
-
-GCM.pack= function(b)
-{ /* pack 4 bytes into a 32-bit Word */
- return (((b[0])&0xff)<<24)|((b[1]&0xff)<<16)|((b[2]&0xff)<<8)|(b[3]&0xff);
-};
-
-GCM.unpack=function(a)
-{ /* unpack bytes from a word */
- var b=[];
- b[3]=(a&0xff);
- b[2]=((a>>>8)&0xff);
- b[1]=((a>>>16)&0xff);
- b[0]=((a>>>24)&0xff);
- return b;
-};
-
-GCM.hex2bytes=function(s)
-{
- var len = s.length;
- var data = [];
- for (var i = 0; i < len; i += 2)
- data[i / 2] = parseInt(s.substr(i,2),16);
-
- return data;
-};
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/HASH256.js
----------------------------------------------------------------------
diff --git a/version22/js/HASH256.js b/version22/js/HASH256.js
deleted file mode 100644
index a683916..0000000
--- a/version22/js/HASH256.js
+++ /dev/null
@@ -1,180 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-var HASH256 = function() {
- this.length=[];
- this.h=[];
- this.w=[];
- this.init();
-};
-
-HASH256.prototype={
-
- /* functions */
-
- transform: function()
- { /* basic transformation step */
- var a,b,c,d,e,f,g,hh,t1,t2;
- var j;
- for (j=16;j<64;j++)
- this.w[j]=(HASH256.theta1(this.w[j-2])+this.w[j-7]+HASH256.theta0(this.w[j-15])+this.w[j-16])|0;
-
- a=this.h[0]; b=this.h[1]; c=this.h[2]; d=this.h[3];
- e=this.h[4]; f=this.h[5]; g=this.h[6]; hh=this.h[7];
-
- for (j=0;j<64;j++)
- { /* 64 times - mush it up */
- t1=(hh+HASH256.Sig1(e)+HASH256.Ch(e,f,g)+HASH256.HK[j]+this.w[j])|0;
- t2=(HASH256.Sig0(a)+HASH256.Maj(a,b,c))|0;
- hh=g; g=f; f=e;
- e=(d+t1)|0; // Need to knock these back down to prevent 52-bit overflow
- d=c;
- c=b;
- b=a;
- a=(t1+t2)|0;
-
- }
- this.h[0]+=a; this.h[1]+=b; this.h[2]+=c; this.h[3]+=d;
- this.h[4]+=e; this.h[5]+=f; this.h[6]+=g; this.h[7]+=hh;
-
- },
-
-/* Initialise Hash function */
- init: function()
- { /* initialise */
- var i;
- for (i=0;i<64;i++) this.w[i]=0;
- this.length[0]=this.length[1]=0;
- this.h[0]=HASH256.H[0];
- this.h[1]=HASH256.H[1];
- this.h[2]=HASH256.H[2];
- this.h[3]=HASH256.H[3];
- this.h[4]=HASH256.H[4];
- this.h[5]=HASH256.H[5];
- this.h[6]=HASH256.H[6];
- this.h[7]=HASH256.H[7];
- },
-
-/* process a single byte */
- process: function(byt)
- { /* process the next message byte */
- var cnt;
-
- cnt=(this.length[0]>>>5)%16;
- this.w[cnt]<<=8;
- this.w[cnt]|=(byt&0xFF);
- this.length[0]+=8;
- if ((this.length[0]&0xffffffff)===0) { this.length[1]++; this.length[0]=0; }
- if ((this.length[0]%512)===0) this.transform();
- },
-
-/* process an array of bytes */
- process_array: function(b)
- {
- for (var i=0;i<b.length;i++) this.process(b[i]);
- },
-
-/* process a 32-bit integer */
- process_num: function(n)
- {
- this.process((n>>24)&0xff);
- this.process((n>>16)&0xff);
- this.process((n>>8)&0xff);
- this.process(n&0xff);
- },
-
- hash: function()
- { /* pad message and finish - supply digest */
- var i;
- var digest=[];
- var len0,len1;
- len0=this.length[0];
- len1=this.length[1];
- this.process(0x80);
- while ((this.length[0]%512)!=448) this.process(0);
-
- this.w[14]=len1;
- this.w[15]=len0;
- this.transform();
-
- for (i=0;i<HASH256.len;i++)
- { /* convert to bytes */
- digest[i]=((this.h[i>>>2]>>(8*(3-i%4))) & 0xff);
- }
- this.init();
- return digest;
- }
-};
-
-/* static functions */
-
-HASH256.S= function(n,x)
-{
- return (((x)>>>n) | ((x)<<(32-n)));
-};
-
-HASH256.R= function(n,x)
-{
- return ((x)>>>n);
-};
-
-HASH256.Ch= function(x,y,z)
-{
- return ((x&y)^(~(x)&z));
-};
-
-HASH256.Maj= function(x,y,z)
-{
- return ((x&y)^(x&z)^(y&z));
-};
-
-HASH256.Sig0= function(x)
-{
- return (HASH256.S(2,x)^HASH256.S(13,x)^HASH256.S(22,x));
-};
-
-HASH256.Sig1= function(x)
-{
- return (HASH256.S(6,x)^HASH256.S(11,x)^HASH256.S(25,x));
-};
-
-HASH256.theta0= function(x)
-{
- return (HASH256.S(7,x)^HASH256.S(18,x)^HASH256.R(3,x));
-};
-
-HASH256.theta1= function(x)
-{
- return (HASH256.S(17,x)^HASH256.S(19,x)^HASH256.R(10,x));
-};
-
-/* constants */
-HASH256.len= 32;
-
-HASH256.H = [0x6A09E667,0xBB67AE85,0x3C6EF372,0xA54FF53A,0x510E527F,0x9B05688C,0x1F83D9AB,0x5BE0CD19];
-
-HASH256.HK = [0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
- 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
- 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
- 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
- 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
- 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
- 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
- 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2];
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/HASH384.js
----------------------------------------------------------------------
diff --git a/version22/js/HASH384.js b/version22/js/HASH384.js
deleted file mode 100644
index 1aa89a1..0000000
--- a/version22/js/HASH384.js
+++ /dev/null
@@ -1,238 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-var HASH384 = function() {
- this.length=[];
- this.h=[];
- this.w=[];
- this.init();
-};
-
-HASH384.prototype={
-/* constants */
-
-
- transform: function()
- { /* basic transformation step */
- var a,b,c,d,e,ee,zz,f,g,hh,t1,t2;
- var j,r;
- for (j=16;j<80;j++)
- this.w[j]=HASH384.theta1(this.w[j-2]).add(this.w[j-7]).add(HASH384.theta0(this.w[j-15])).add(this.w[j-16]);
-
- a=this.h[0].copy(); b=this.h[1].copy(); c=this.h[2].copy(); d=this.h[3].copy();
- e=this.h[4].copy(); f=this.h[5].copy(); g=this.h[6].copy(); hh=this.h[7].copy();
-
- for (j=0;j<80;j++)
- { /* 80 times - mush it up */
- t1=hh.copy();
- t1.add(HASH384.Sig1(e)).add(HASH384.Ch(e,f,g)).add(HASH384.HK[j]).add(this.w[j]);
-
- t2=HASH384.Sig0(a); t2.add(HASH384.Maj(a,b,c));
- hh=g; g=f; f=e;
- e=d.copy(); e.add(t1);
-
- d=c;
- c=b;
- b=a;
- a=t1.copy(); a.add(t2);
- }
-
- this.h[0].add(a); this.h[1].add(b); this.h[2].add(c); this.h[3].add(d);
- this.h[4].add(e); this.h[5].add(f); this.h[6].add(g); this.h[7].add(hh);
- },
-
-/* Initialise Hash function */
- init: function()
- { /* initialise */
- var i;
- for (i=0;i<80;i++) this.w[i]=new UInt64(0,0);
- this.length[0]=new UInt64(0,0); this.length[1]=new UInt64(0,0);
- this.h[0]=HASH384.H[0].copy();
- this.h[1]=HASH384.H[1].copy();
- this.h[2]=HASH384.H[2].copy();
- this.h[3]=HASH384.H[3].copy();
- this.h[4]=HASH384.H[4].copy();
- this.h[5]=HASH384.H[5].copy();
- this.h[6]=HASH384.H[6].copy();
- this.h[7]=HASH384.H[7].copy();
- },
-
-/* process a single byte */
- process: function(byt)
- { /* process the next message byte */
- var cnt;
- cnt=(this.length[0].bot>>>6)%16;
- this.w[cnt].shlb();
- this.w[cnt].bot|=(byt&0xFF);
-
- var e=new UInt64(0,8);
- this.length[0].add(e);
- if (this.length[0].top===0 && this.length[0].bot==0) { e=new UInt64(0,1); this.length[1].add(e); }
- if ((this.length[0].bot%1024)===0) this.transform();
- },
-
-/* process an array of bytes */
- process_array: function(b)
- {
- for (var i=0;i<b.length;i++) this.process(b[i]);
- },
-
-/* process a 32-bit integer */
- process_num: function(n)
- {
- this.process((n>>24)&0xff);
- this.process((n>>16)&0xff);
- this.process((n>>8)&0xff);
- this.process(n&0xff);
- },
-
- hash: function()
- { /* pad message and finish - supply digest */
- var i;
- var digest=[];
- var len0,len1;
- len0=this.length[0].copy();
- len1=this.length[1].copy();
- this.process(0x80);
- while ((this.length[0].bot%1024)!=896) this.process(0);
-
- this.w[14]=len1;
- this.w[15]=len0;
- this.transform();
-
- for (i=0;i<HASH384.len;i++)
- { /* convert to bytes */
- digest[i]=HASH384.R(8*(7-i%8),this.h[i>>>3]).bot&0xff;
- }
-
- this.init();
- return digest;
- }
-};
-
-
-/* static functions */
-HASH384.S= function(n,x)
-{
- if (n==0) return x;
- if (n<32)
- return new UInt64((x.top>>>n) | (x.bot<<(32-n)), (x.bot>>>n) | (x.top << (32-n)));
- else
- return new UInt64((x.bot>>>(n-32)) | (x.top << (64-n)),(x.top>>>(n-32)) | (x.bot<<(64-n)));
-
-};
-
-HASH384.R= function(n,x)
-{
- if (n==0) return x;
- if (n<32)
- return new UInt64((x.top>>>n),(x.bot>>>n | (x.top << (32-n))));
- else
- return new UInt64(0,x.top >>> (n-32));
-};
-
-HASH384.Ch= function(x,y,z)
-{
- return new UInt64((x.top&y.top)^(~(x.top)&z.top),(x.bot&y.bot)^(~(x.bot)&z.bot));
-};
-
-HASH384.Maj= function(x,y,z)
-{
- return new UInt64((x.top&y.top)^(x.top&z.top)^(y.top&z.top),(x.bot&y.bot)^(x.bot&z.bot)^(y.bot&z.bot));
-};
-
-HASH384.Sig0= function(x)
-{
- var r1=HASH384.S(28,x);
- var r2=HASH384.S(34,x);
- var r3=HASH384.S(39,x);
- return new UInt64(r1.top^r2.top^r3.top,r1.bot^r2.bot^r3.bot);
-};
-
-HASH384.Sig1= function(x)
-{
- var r1=HASH384.S(14,x);
- var r2=HASH384.S(18,x);
- var r3=HASH384.S(41,x);
- return new UInt64(r1.top^r2.top^r3.top,r1.bot^r2.bot^r3.bot);
-};
-
-HASH384.theta0= function(x)
-{
- var r1=HASH384.S(1,x);
- var r2=HASH384.S(8,x);
- var r3=HASH384.R(7,x);
- return new UInt64(r1.top^r2.top^r3.top,r1.bot^r2.bot^r3.bot);
-};
-
-HASH384.theta1= function(x)
-{
- var r1=HASH384.S(19,x);
- var r2=HASH384.S(61,x);
- var r3=HASH384.R(6,x);
- return new UInt64(r1.top^r2.top^r3.top,r1.bot^r2.bot^r3.bot);
-};
-
-HASH384.len= 48;
-
-HASH384.H = [new UInt64(0xcbbb9d5d,0xc1059ed8), new UInt64(0x629a292a,0x367cd507),
- new UInt64(0x9159015a,0x3070dd17), new UInt64(0x152fecd8,0xf70e5939),
- new UInt64(0x67332667,0xffc00b31), new UInt64(0x8eb44a87,0x68581511),
- new UInt64(0xdb0c2e0d,0x64f98fa7), new UInt64(0x47b5481d,0xbefa4fa4)];
-
-HASH384.HK = [new UInt64(0x428a2f98, 0xd728ae22), new UInt64(0x71374491, 0x23ef65cd),
- new UInt64(0xb5c0fbcf, 0xec4d3b2f), new UInt64(0xe9b5dba5, 0x8189dbbc),
- new UInt64(0x3956c25b, 0xf348b538), new UInt64(0x59f111f1, 0xb605d019),
- new UInt64(0x923f82a4, 0xaf194f9b), new UInt64(0xab1c5ed5, 0xda6d8118),
- new UInt64(0xd807aa98, 0xa3030242), new UInt64(0x12835b01, 0x45706fbe),
- new UInt64(0x243185be, 0x4ee4b28c), new UInt64(0x550c7dc3, 0xd5ffb4e2),
- new UInt64(0x72be5d74, 0xf27b896f), new UInt64(0x80deb1fe, 0x3b1696b1),
- new UInt64(0x9bdc06a7, 0x25c71235), new UInt64(0xc19bf174, 0xcf692694),
- new UInt64(0xe49b69c1, 0x9ef14ad2), new UInt64(0xefbe4786, 0x384f25e3),
- new UInt64(0x0fc19dc6, 0x8b8cd5b5), new UInt64(0x240ca1cc, 0x77ac9c65),
- new UInt64(0x2de92c6f, 0x592b0275), new UInt64(0x4a7484aa, 0x6ea6e483),
- new UInt64(0x5cb0a9dc, 0xbd41fbd4), new UInt64(0x76f988da, 0x831153b5),
- new UInt64(0x983e5152, 0xee66dfab), new UInt64(0xa831c66d, 0x2db43210),
- new UInt64(0xb00327c8, 0x98fb213f), new UInt64(0xbf597fc7, 0xbeef0ee4),
- new UInt64(0xc6e00bf3, 0x3da88fc2), new UInt64(0xd5a79147, 0x930aa725),
- new UInt64(0x06ca6351, 0xe003826f), new UInt64(0x14292967, 0x0a0e6e70),
- new UInt64(0x27b70a85, 0x46d22ffc), new UInt64(0x2e1b2138, 0x5c26c926),
- new UInt64(0x4d2c6dfc, 0x5ac42aed), new UInt64(0x53380d13, 0x9d95b3df),
- new UInt64(0x650a7354, 0x8baf63de), new UInt64(0x766a0abb, 0x3c77b2a8),
- new UInt64(0x81c2c92e, 0x47edaee6), new UInt64(0x92722c85, 0x1482353b),
- new UInt64(0xa2bfe8a1, 0x4cf10364), new UInt64(0xa81a664b, 0xbc423001),
- new UInt64(0xc24b8b70, 0xd0f89791), new UInt64(0xc76c51a3, 0x0654be30),
- new UInt64(0xd192e819, 0xd6ef5218), new UInt64(0xd6990624, 0x5565a910),
- new UInt64(0xf40e3585, 0x5771202a), new UInt64(0x106aa070, 0x32bbd1b8),
- new UInt64(0x19a4c116, 0xb8d2d0c8), new UInt64(0x1e376c08, 0x5141ab53),
- new UInt64(0x2748774c, 0xdf8eeb99), new UInt64(0x34b0bcb5, 0xe19b48a8),
- new UInt64(0x391c0cb3, 0xc5c95a63), new UInt64(0x4ed8aa4a, 0xe3418acb),
- new UInt64(0x5b9cca4f, 0x7763e373), new UInt64(0x682e6ff3, 0xd6b2b8a3),
- new UInt64(0x748f82ee, 0x5defb2fc), new UInt64(0x78a5636f, 0x43172f60),
- new UInt64(0x84c87814, 0xa1f0ab72), new UInt64(0x8cc70208, 0x1a6439ec),
- new UInt64(0x90befffa, 0x23631e28), new UInt64(0xa4506ceb, 0xde82bde9),
- new UInt64(0xbef9a3f7, 0xb2c67915), new UInt64(0xc67178f2, 0xe372532b),
- new UInt64(0xca273ece, 0xea26619c), new UInt64(0xd186b8c7, 0x21c0c207),
- new UInt64(0xeada7dd6, 0xcde0eb1e), new UInt64(0xf57d4f7f, 0xee6ed178),
- new UInt64(0x06f067aa, 0x72176fba), new UInt64(0x0a637dc5, 0xa2c898a6),
- new UInt64(0x113f9804, 0xbef90dae), new UInt64(0x1b710b35, 0x131c471b),
- new UInt64(0x28db77f5, 0x23047d84), new UInt64(0x32caab7b, 0x40c72493),
- new UInt64(0x3c9ebe0a, 0x15c9bebc), new UInt64(0x431d67c4, 0x9c100d4c),
- new UInt64(0x4cc5d4be, 0xcb3e42b6), new UInt64(0x597f299c, 0xfc657e2a),
- new UInt64(0x5fcb6fab, 0x3ad6faec), new UInt64(0x6c44198c, 0x4a475817)];
\ No newline at end of file
[14/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/fp12.h
----------------------------------------------------------------------
diff --git a/version3/c/fp12.h b/version3/c/fp12.h
deleted file mode 100644
index 99fed17..0000000
--- a/version3/c/fp12.h
+++ /dev/null
@@ -1,216 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/**
- * @file fp12.h
- * @author Mike Scott
- * @brief FP12 Header File
- *
- */
-
-#ifndef FP12_YYY_H
-#define FP12_YYY_H
-
-#include "fp4_YYY.h"
-
-/**
- @brief FP12 Structure - towered over three FP4
-*/
-
-typedef struct
-{
- FP4_YYY a; /**< first part of FP12 */
- FP4_YYY b; /**< second part of FP12 */
- FP4_YYY c; /**< third part of FP12 */
-} FP12_YYY;
-
-extern const BIG_XXX Fra_YYY; /**< real part of BN curve Frobenius Constant */
-extern const BIG_XXX Frb_YYY; /**< imaginary part of BN curve Frobenius Constant */
-
-/* FP12 prototypes */
-/** @brief Tests for FP12 equal to zero
- *
- @param x FP12 number to be tested
- @return 1 if zero, else returns 0
- */
-extern int FP12_YYY_iszilch(FP12_YYY *x);
-/** @brief Tests for FP12 equal to unity
- *
- @param x FP12 number to be tested
- @return 1 if unity, else returns 0
- */
-extern int FP12_YYY_isunity(FP12_YYY *x);
-/** @brief Copy FP12 to another FP12
- *
- @param x FP12 instance, on exit = y
- @param y FP12 instance to be copied
- */
-extern void FP12_YYY_copy(FP12_YYY *x,FP12_YYY *y);
-/** @brief Set FP12 to unity
- *
- @param x FP12 instance to be set to one
- */
-extern void FP12_YYY_one(FP12_YYY *x);
-/** @brief Tests for equality of two FP12s
- *
- @param x FP12 instance to be compared
- @param y FP12 instance to be compared
- @return 1 if x=y, else returns 0
- */
-extern int FP12_YYY_equals(FP12_YYY *x,FP12_YYY *y);
-/** @brief Conjugation of FP12
- *
- If y=(a,b,c) (where a,b,c are its three FP4 components) on exit x=(conj(a),-conj(b),conj(c))
- @param x FP12 instance, on exit = conj(y)
- @param y FP12 instance
- */
-extern void FP12_YYY_conj(FP12_YYY *x,FP12_YYY *y);
-/** @brief Initialise FP12 from single FP4
- *
- Sets first FP4 component of an FP12, other components set to zero
- @param x FP12 instance to be initialised
- @param a FP4 to form first part of FP4
- */
-extern void FP12_YYY_from_FP4(FP12_YYY *x,FP4_YYY *a);
-/** @brief Initialise FP12 from three FP4s
- *
- @param x FP12 instance to be initialised
- @param a FP4 to form first part of FP12
- @param b FP4 to form second part of FP12
- @param c FP4 to form third part of FP12
- */
-extern void FP12_YYY_from_FP4s(FP12_YYY *x,FP4_YYY *a,FP4_YYY* b,FP4_YYY *c);
-/** @brief Fast Squaring of an FP12 in "unitary" form
- *
- @param x FP12 instance, on exit = y^2
- @param y FP4 instance, must be unitary
- */
-extern void FP12_YYY_usqr(FP12_YYY *x,FP12_YYY *y);
-/** @brief Squaring an FP12
- *
- @param x FP12 instance, on exit = y^2
- @param y FP12 instance
- */
-extern void FP12_YYY_sqr(FP12_YYY *x,FP12_YYY *y);
-/** @brief Fast multiplication of an FP12 by an FP12 that arises from an ATE pairing line function
- *
- Here the multiplier has a special form that can be exploited
- @param x FP12 instance, on exit = x*y
- @param y FP12 instance, of special form
- @param t D_TYPE or M_TYPE twist
- */
-extern void FP12_YYY_smul(FP12_YYY *x,FP12_YYY *y,int t);
-/** @brief Multiplication of two FP12s
- *
- @param x FP12 instance, on exit = x*y
- @param y FP12 instance, the multiplier
- */
-extern void FP12_YYY_mul(FP12_YYY *x,FP12_YYY *y);
-/** @brief Inverting an FP12
- *
- @param x FP12 instance, on exit = 1/y
- @param y FP12 instance
- */
-extern void FP12_YYY_inv(FP12_YYY *x,FP12_YYY *y);
-/** @brief Raises an FP12 to the power of a BIG
- *
- @param r FP12 instance, on exit = y^b
- @param x FP12 instance
- @param b BIG number
- */
-extern void FP12_YYY_pow(FP12_YYY *r,FP12_YYY *x,BIG_XXX b);
-/** @brief Raises an FP12 instance x to a small integer power, side-channel resistant
- *
- @param x FP12 instance, on exit = x^i
- @param i small integer exponent
- @param b maximum number of bits in exponent
- */
-extern void FP12_YYY_pinpow(FP12_YYY *x,int i,int b);
-
-/** @brief Raises an FP12 instance x to a BIG power, compressed to FP4
- *
- @param c FP4 instance, on exit = x^(e mod r) as FP4
- @param x FP12 input
- @param e BIG exponent
- @param r BIG group order
- */
-extern void FP12_YYY_compow(FP4_YYY *c,FP12_YYY *x,BIG_XXX e,BIG_XXX r);
-
-/** @brief Calculate x[0]^b[0].x[1]^b[1].x[2]^b[2].x[3]^b[3], side-channel resistant
- *
- @param r FP12 instance, on exit = x[0]^b[0].x[1]^b[1].x[2]^b[2].x[3]^b[3]
- @param x FP12 array with 4 FP12s
- @param b BIG array of 4 exponents
- */
-extern void FP12_YYY_pow4(FP12_YYY *r,FP12_YYY *x,BIG_XXX *b);
-/** @brief Raises an FP12 to the power of the internal modulus p, using the Frobenius
- *
- @param x FP12 instance, on exit = x^p
- @param f FP2 precalculated Frobenius constant
- */
-extern void FP12_YYY_frob(FP12_YYY *x,FP2_YYY *f);
-/** @brief Reduces all components of possibly unreduced FP12 mod Modulus
- *
- @param x FP12 instance, on exit reduced mod Modulus
- */
-extern void FP12_YYY_reduce(FP12_YYY *x);
-/** @brief Normalises the components of an FP12
- *
- @param x FP12 instance to be normalised
- */
-extern void FP12_YYY_norm(FP12_YYY *x);
-/** @brief Formats and outputs an FP12 to the console
- *
- @param x FP12 instance to be printed
- */
-extern void FP12_YYY_output(FP12_YYY *x);
-/** @brief Formats and outputs an FP12 instance to an octet string
- *
- Serializes the components of an FP12 to big-endian base 256 form.
- @param S output octet string
- @param x FP12 instance to be converted to an octet string
- */
-extern void FP12_YYY_toOctet(octet *S,FP12_YYY *x);
-/** @brief Creates an FP12 instance from an octet string
- *
- De-serializes the components of an FP12 to create an FP12 from big-endian base 256 components.
- @param x FP12 instance to be created from an octet string
- @param S input octet string
-
- */
-extern void FP12_YYY_fromOctet(FP12_YYY *x,octet *S);
-/** @brief Calculate the trace of an FP12
- *
- @param t FP4 trace of x, on exit = tr(x)
- @param x FP12 instance
-
- */
-extern void FP12_YYY_trace(FP4_YYY *t,FP12_YYY *x);
-
-/** @brief Conditional copy of FP12 number
- *
- Conditionally copies second parameter to the first (without branching)
- @param x FP12 instance, set to y if s!=0
- @param y another FP12 instance
- @param s copy only takes place if not equal to 0
- */
-extern void FP12_YYY_cmove(FP12_YYY *x,FP12_YYY *y,int s);
-
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/fp16.c
----------------------------------------------------------------------
diff --git a/version3/c/fp16.c b/version3/c/fp16.c
deleted file mode 100644
index 623e87b..0000000
--- a/version3/c/fp16.c
+++ /dev/null
@@ -1,693 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL Fp^8 functions */
-
-/* FP16 elements are of the form a+ib, where i is sqrt(sqrt(-1+sqrt(-1))) */
-
-#include "fp16_YYY.h"
-
-
-/* test x==0 ? */
-int FP16_YYY_iszilch(FP16_YYY *x)
-{
- if (FP8_YYY_iszilch(&(x->a)) && FP8_YYY_iszilch(&(x->b))) return 1;
- return 0;
-}
-
-/* test x==1 ? */
-int FP16_YYY_isunity(FP16_YYY *x)
-{
- if (FP8_YYY_isunity(&(x->a)) && FP8_YYY_iszilch(&(x->b))) return 1;
- return 0;
-}
-
-/* test is w real? That is in a+ib test b is zero */
-int FP16_YYY_isreal(FP16_YYY *w)
-{
- return FP8_YYY_iszilch(&(w->b));
-}
-
-/* return 1 if x==y, else 0 */
-int FP16_YYY_equals(FP16_YYY *x,FP16_YYY *y)
-{
- if (FP8_YYY_equals(&(x->a),&(y->a)) && FP8_YYY_equals(&(x->b),&(y->b)))
- return 1;
- return 0;
-}
-
-/* set FP16 from two FP8s */
-void FP16_YYY_from_FP8s(FP16_YYY *w,FP8_YYY * x,FP8_YYY* y)
-{
- FP8_YYY_copy(&(w->a), x);
- FP8_YYY_copy(&(w->b), y);
-}
-
-/* set FP16 from FP8 */
-void FP16_YYY_from_FP8(FP16_YYY *w,FP8_YYY *x)
-{
- FP8_YYY_copy(&(w->a), x);
- FP8_YYY_zero(&(w->b));
-}
-
-/* set high part of FP16 from FP8 */
-void FP16_YYY_from_FP8H(FP16_YYY *w,FP8_YYY *x)
-{
- FP8_YYY_copy(&(w->b), x);
- FP8_YYY_zero(&(w->a));
-}
-
-/* FP16 copy w=x */
-void FP16_YYY_copy(FP16_YYY *w,FP16_YYY *x)
-{
- if (w==x) return;
- FP8_YYY_copy(&(w->a), &(x->a));
- FP8_YYY_copy(&(w->b), &(x->b));
-}
-
-/* FP16 w=0 */
-void FP16_YYY_zero(FP16_YYY *w)
-{
- FP8_YYY_zero(&(w->a));
- FP8_YYY_zero(&(w->b));
-}
-
-/* FP16 w=1 */
-void FP16_YYY_one(FP16_YYY *w)
-{
- FP8_YYY_one(&(w->a));
- FP8_YYY_zero(&(w->b));
-}
-
-/* Set w=-x */
-void FP16_YYY_neg(FP16_YYY *w,FP16_YYY *x)
-{
- /* Just one field neg */
- FP8_YYY m,t;
- FP16_YYY_norm(x);
- FP8_YYY_add(&m,&(x->a),&(x->b));
- FP8_YYY_norm(&m);
- FP8_YYY_neg(&m,&m);
- FP8_YYY_add(&t,&m,&(x->b));
- FP8_YYY_add(&(w->b),&m,&(x->a));
- FP8_YYY_copy(&(w->a),&t);
- FP16_YYY_norm(w);
-}
-
-/* Set w=conj(x) */
-void FP16_YYY_conj(FP16_YYY *w,FP16_YYY *x)
-{
- FP8_YYY_copy(&(w->a), &(x->a));
- FP8_YYY_neg(&(w->b), &(x->b));
- FP16_YYY_norm(w);
-}
-
-/* Set w=-conj(x) */
-void FP16_YYY_nconj(FP16_YYY *w,FP16_YYY *x)
-{
- FP8_YYY_copy(&(w->b),&(x->b));
- FP8_YYY_neg(&(w->a), &(x->a));
- FP16_YYY_norm(w);
-}
-
-/* Set w=x+y */
-void FP16_YYY_add(FP16_YYY *w,FP16_YYY *x,FP16_YYY *y)
-{
- FP8_YYY_add(&(w->a), &(x->a), &(y->a));
- FP8_YYY_add(&(w->b), &(x->b), &(y->b));
-}
-
-/* Set w=x-y */
-/* Input y MUST be normed */
-void FP16_YYY_sub(FP16_YYY *w,FP16_YYY *x,FP16_YYY *y)
-{
- FP16_YYY my;
-
- FP16_YYY_neg(&my, y);
- FP16_YYY_add(w, x, &my);
-
-}
-
-/* reduce all components of w mod Modulus */
-void FP16_YYY_reduce(FP16_YYY *w)
-{
- FP8_YYY_reduce(&(w->a));
- FP8_YYY_reduce(&(w->b));
-}
-
-/* normalise all elements of w */
-void FP16_YYY_norm(FP16_YYY *w)
-{
- FP8_YYY_norm(&(w->a));
- FP8_YYY_norm(&(w->b));
-}
-
-/* Set w=s*x, where s is FP8 */
-void FP16_YYY_pmul(FP16_YYY *w,FP16_YYY *x,FP8_YYY *s)
-{
- FP8_YYY_mul(&(w->a),&(x->a),s);
- FP8_YYY_mul(&(w->b),&(x->b),s);
-}
-
-/* Set w=s*x, where s is FP2 */
-void FP16_YYY_qmul(FP16_YYY *w,FP16_YYY *x,FP2_YYY *s)
-{
- FP8_YYY_qmul(&(w->a),&(x->a),s);
- FP8_YYY_qmul(&(w->b),&(x->b),s);
-}
-
-/* Set w=s*x, where s is int */
-void FP16_YYY_imul(FP16_YYY *w,FP16_YYY *x,int s)
-{
- FP8_YYY_imul(&(w->a),&(x->a),s);
- FP8_YYY_imul(&(w->b),&(x->b),s);
-}
-
-/* Set w=x^2 */
-/* Input MUST be normed */
-void FP16_YYY_sqr(FP16_YYY *w,FP16_YYY *x)
-{
- FP8_YYY t1,t2,t3;
-
- FP8_YYY_mul(&t3,&(x->a),&(x->b)); /* norms x */
- FP8_YYY_copy(&t2,&(x->b));
- FP8_YYY_add(&t1,&(x->a),&(x->b));
- FP8_YYY_times_i(&t2);
-
- FP8_YYY_add(&t2,&(x->a),&t2);
-
- FP8_YYY_norm(&t1); // 2
- FP8_YYY_norm(&t2); // 2
-
- FP8_YYY_mul(&(w->a),&t1,&t2);
-
- FP8_YYY_copy(&t2,&t3);
- FP8_YYY_times_i(&t2);
-
- FP8_YYY_add(&t2,&t2,&t3);
-
- FP8_YYY_norm(&t2); // 2
- FP8_YYY_neg(&t2,&t2);
- FP8_YYY_add(&(w->a),&(w->a),&t2); /* a=(a+b)(a+i^2.b)-i^2.ab-ab = a*a+ib*ib */
- FP8_YYY_add(&(w->b),&t3,&t3); /* b=2ab */
-
- FP16_YYY_norm(w);
-}
-
-/* Set w=x*y */
-/* Inputs MUST be normed */
-void FP16_YYY_mul(FP16_YYY *w,FP16_YYY *x,FP16_YYY *y)
-{
-
- FP8_YYY t1,t2,t3,t4;
- FP8_YYY_mul(&t1,&(x->a),&(y->a));
- FP8_YYY_mul(&t2,&(x->b),&(y->b));
-
- FP8_YYY_add(&t3,&(y->b),&(y->a));
- FP8_YYY_add(&t4,&(x->b),&(x->a));
-
- FP8_YYY_norm(&t4); // 2
- FP8_YYY_norm(&t3); // 2
-
- FP8_YYY_mul(&t4,&t4,&t3); /* (xa+xb)(ya+yb) */
-
- FP8_YYY_neg(&t3,&t1); // 1
- FP8_YYY_add(&t4,&t4,&t3); //t4E=3
- FP8_YYY_norm(&t4);
-
- FP8_YYY_neg(&t3,&t2); // 1
- FP8_YYY_add(&(w->b),&t4,&t3); //wbE=3
-
- FP8_YYY_times_i(&t2);
- FP8_YYY_add(&(w->a),&t2,&t1);
-
- FP16_YYY_norm(w);
-}
-
-/* output FP16 in format [a,b] */
-void FP16_YYY_output(FP16_YYY *w)
-{
- printf("[");
- FP8_YYY_output(&(w->a));
- printf(",");
- FP8_YYY_output(&(w->b));
- printf("]");
-}
-
-void FP16_YYY_rawoutput(FP16_YYY *w)
-{
- printf("[");
- FP8_YYY_rawoutput(&(w->a));
- printf(",");
- FP8_YYY_rawoutput(&(w->b));
- printf("]");
-}
-
-/* Set w=1/x */
-void FP16_YYY_inv(FP16_YYY *w,FP16_YYY *x)
-{
- FP8_YYY t1,t2;
- FP8_YYY_sqr(&t1,&(x->a));
- FP8_YYY_sqr(&t2,&(x->b));
- FP8_YYY_times_i(&t2);
- FP8_YYY_norm(&t2);
-
- FP8_YYY_sub(&t1,&t1,&t2);
- FP8_YYY_norm(&t1);
-
- FP8_YYY_inv(&t1,&t1);
-
- FP8_YYY_mul(&(w->a),&t1,&(x->a));
- FP8_YYY_neg(&t1,&t1);
- FP8_YYY_norm(&t1);
- FP8_YYY_mul(&(w->b),&t1,&(x->b));
-}
-
-/* w*=i where i = sqrt(sqrt(-1+sqrt(-1))) */
-void FP16_YYY_times_i(FP16_YYY *w)
-{
- FP8_YYY s,t;
- FP8_YYY_copy(&s,&(w->b));
- FP8_YYY_copy(&t,&(w->a));
- FP8_YYY_times_i(&s);
- FP8_YYY_copy(&(w->a),&s);
- FP8_YYY_copy(&(w->b),&t);
- FP16_YYY_norm(w);
-}
-
-void FP16_YYY_times_i2(FP16_YYY *w)
-{
- FP8_YYY_times_i(&(w->a));
- FP8_YYY_times_i(&(w->b));
-}
-
-void FP16_YYY_times_i4(FP16_YYY *w)
-{
- FP8_YYY_times_i2(&(w->a));
- FP8_YYY_times_i2(&(w->b));
-}
-
-/* Set w=w^p using Frobenius */
-void FP16_YYY_frob(FP16_YYY *w,FP2_YYY *f)
-{ // f=(i+1)^(p-3)/8
- FP2_YYY ff;
-
- FP2_YYY_sqr(&ff,f); // (i+1)^(p-3)/4
- FP2_YYY_norm(&ff);
-
- FP8_YYY_frob(&(w->a),&ff);
- FP8_YYY_frob(&(w->b),&ff);
-
- FP8_YYY_qmul(&(w->b),&(w->b),f); // times (1+i)^(p-3)/8
- FP8_YYY_times_i(&(w->b)); // (i+1)^(p-1)/8
-}
-
-/* Set r=a^b mod m */
-void FP16_YYY_pow(FP16_YYY *r,FP16_YYY * a,BIG_XXX b)
-{
- FP16_YYY w;
- BIG_XXX z,zilch;
- int bt;
-
- BIG_XXX_zero(zilch);
-
- BIG_XXX_copy(z,b);
- FP16_YYY_copy(&w,a);
- FP16_YYY_one(r);
- BIG_XXX_norm(z);
- while(1)
- {
- bt=BIG_XXX_parity(z);
- BIG_XXX_shr(z,1);
- if (bt) FP16_YYY_mul(r,r,&w);
- if (BIG_XXX_comp(z,zilch)==0) break;
- FP16_YYY_sqr(&w,&w);
- }
- FP16_YYY_reduce(r);
-}
-
-/* Move b to a if d=1 */
-void FP16_YYY_cmove(FP16_YYY *f,FP16_YYY *g,int d)
-{
- FP8_YYY_cmove(&(f->a),&(g->a),d);
- FP8_YYY_cmove(&(f->b),&(g->b),d);
-}
-
-#if CURVE_SECURITY_ZZZ == 256
-
-/* XTR xtr_a function */
-void FP16_YYY_xtr_A(FP16_YYY *r,FP16_YYY *w,FP16_YYY *x,FP16_YYY *y,FP16_YYY *z)
-{
- FP16_YYY t1,t2;
-
- FP16_YYY_copy(r,x);
- FP16_YYY_sub(&t1,w,y);
- FP16_YYY_norm(&t1);
- FP16_YYY_pmul(&t1,&t1,&(r->a));
- FP16_YYY_add(&t2,w,y);
- FP16_YYY_norm(&t2);
- FP16_YYY_pmul(&t2,&t2,&(r->b));
- FP16_YYY_times_i(&t2);
-
- FP16_YYY_add(r,&t1,&t2);
- FP16_YYY_add(r,r,z);
-
- FP16_YYY_reduce(r);
-}
-
-/* XTR xtr_d function */
-void FP16_YYY_xtr_D(FP16_YYY *r,FP16_YYY *x)
-{
- FP16_YYY w;
- FP16_YYY_copy(r,x);
- FP16_YYY_conj(&w,r);
- FP16_YYY_add(&w,&w,&w);
- FP16_YYY_sqr(r,r);
- FP16_YYY_norm(&w);
- FP16_YYY_sub(r,r,&w);
- FP16_YYY_reduce(r); /* reduce here as multiple calls trigger automatic reductions */
-}
-
-/* r=x^n using XTR method on traces of FP12s */
-void FP16_YYY_xtr_pow(FP16_YYY *r,FP16_YYY *x,BIG_XXX n)
-{
- int i,par,nb;
- BIG_XXX v;
- FP2_YYY w2;
- FP4_YYY w4;
- FP8_YYY w8;
- FP16_YYY t,a,b,c,sf;
-
- BIG_XXX_zero(v);
- BIG_XXX_inc(v,3);
- BIG_XXX_norm(v);
- FP2_YYY_from_BIG(&w2,v);
- FP4_YYY_from_FP2(&w4,&w2);
- FP8_YYY_from_FP4(&w8,&w4);
- FP16_YYY_from_FP8(&a,&w8);
- FP16_YYY_copy(&sf,x);
- FP16_YYY_norm(&sf);
- FP16_YYY_copy(&b,&sf);
- FP16_YYY_xtr_D(&c,&sf);
-
-
- par=BIG_XXX_parity(n);
- BIG_XXX_copy(v,n);
- BIG_XXX_norm(v);
- BIG_XXX_shr(v,1);
- if (par==0)
- {
- BIG_XXX_dec(v,1);
- BIG_XXX_norm(v);
- }
-
- nb=BIG_XXX_nbits(v);
- for (i=nb-1; i>=0; i--)
- {
- if (!BIG_XXX_bit(v,i))
- {
- FP16_YYY_copy(&t,&b);
- FP16_YYY_conj(&sf,&sf);
- FP16_YYY_conj(&c,&c);
- FP16_YYY_xtr_A(&b,&a,&b,&sf,&c);
- FP16_YYY_conj(&sf,&sf);
- FP16_YYY_xtr_D(&c,&t);
- FP16_YYY_xtr_D(&a,&a);
- }
- else
- {
- FP16_YYY_conj(&t,&a);
- FP16_YYY_xtr_D(&a,&b);
- FP16_YYY_xtr_A(&b,&c,&b,&sf,&t);
- FP16_YYY_xtr_D(&c,&c);
- }
- }
-
- if (par==0) FP16_YYY_copy(r,&c);
- else FP16_YYY_copy(r,&b);
- FP16_YYY_reduce(r);
-}
-
-/* r=ck^a.cl^n using XTR double exponentiation method on traces of FP12s. See Stam thesis. */
-void FP16_YYY_xtr_pow2(FP16_YYY *r,FP16_YYY *ck,FP16_YYY *cl,FP16_YYY *ckml,FP16_YYY *ckm2l,BIG_XXX a,BIG_XXX b)
-{
- int i,f2;
- BIG_XXX d,e,w;
- FP16_YYY t,cu,cv,cumv,cum2v;
-
-
- BIG_XXX_copy(e,a);
- BIG_XXX_copy(d,b);
- BIG_XXX_norm(d);
- BIG_XXX_norm(e);
- FP16_YYY_copy(&cu,ck);
- FP16_YYY_copy(&cv,cl);
- FP16_YYY_copy(&cumv,ckml);
- FP16_YYY_copy(&cum2v,ckm2l);
-
- f2=0;
- while (BIG_XXX_parity(d)==0 && BIG_XXX_parity(e)==0)
- {
- BIG_XXX_shr(d,1);
- BIG_XXX_shr(e,1);
- f2++;
- }
- while (BIG_XXX_comp(d,e)!=0)
- {
- if (BIG_XXX_comp(d,e)>0)
- {
- BIG_XXX_imul(w,e,4);
- BIG_XXX_norm(w);
- if (BIG_XXX_comp(d,w)<=0)
- {
- BIG_XXX_copy(w,d);
- BIG_XXX_copy(d,e);
- BIG_XXX_sub(e,w,e);
- BIG_XXX_norm(e);
- FP16_YYY_xtr_A(&t,&cu,&cv,&cumv,&cum2v);
- FP16_YYY_conj(&cum2v,&cumv);
- FP16_YYY_copy(&cumv,&cv);
- FP16_YYY_copy(&cv,&cu);
- FP16_YYY_copy(&cu,&t);
- }
- else if (BIG_XXX_parity(d)==0)
- {
- BIG_XXX_shr(d,1);
- FP16_YYY_conj(r,&cum2v);
- FP16_YYY_xtr_A(&t,&cu,&cumv,&cv,r);
- FP16_YYY_xtr_D(&cum2v,&cumv);
- FP16_YYY_copy(&cumv,&t);
- FP16_YYY_xtr_D(&cu,&cu);
- }
- else if (BIG_XXX_parity(e)==1)
- {
- BIG_XXX_sub(d,d,e);
- BIG_XXX_norm(d);
- BIG_XXX_shr(d,1);
- FP16_YYY_xtr_A(&t,&cu,&cv,&cumv,&cum2v);
- FP16_YYY_xtr_D(&cu,&cu);
- FP16_YYY_xtr_D(&cum2v,&cv);
- FP16_YYY_conj(&cum2v,&cum2v);
- FP16_YYY_copy(&cv,&t);
- }
- else
- {
- BIG_XXX_copy(w,d);
- BIG_XXX_copy(d,e);
- BIG_XXX_shr(d,1);
- BIG_XXX_copy(e,w);
- FP16_YYY_xtr_D(&t,&cumv);
- FP16_YYY_conj(&cumv,&cum2v);
- FP16_YYY_conj(&cum2v,&t);
- FP16_YYY_xtr_D(&t,&cv);
- FP16_YYY_copy(&cv,&cu);
- FP16_YYY_copy(&cu,&t);
- }
- }
- if (BIG_XXX_comp(d,e)<0)
- {
- BIG_XXX_imul(w,d,4);
- BIG_XXX_norm(w);
- if (BIG_XXX_comp(e,w)<=0)
- {
- BIG_XXX_sub(e,e,d);
- BIG_XXX_norm(e);
- FP16_YYY_xtr_A(&t,&cu,&cv,&cumv,&cum2v);
- FP16_YYY_copy(&cum2v,&cumv);
- FP16_YYY_copy(&cumv,&cu);
- FP16_YYY_copy(&cu,&t);
- }
- else if (BIG_XXX_parity(e)==0)
- {
- BIG_XXX_copy(w,d);
- BIG_XXX_copy(d,e);
- BIG_XXX_shr(d,1);
- BIG_XXX_copy(e,w);
- FP16_YYY_xtr_D(&t,&cumv);
- FP16_YYY_conj(&cumv,&cum2v);
- FP16_YYY_conj(&cum2v,&t);
- FP16_YYY_xtr_D(&t,&cv);
- FP16_YYY_copy(&cv,&cu);
- FP16_YYY_copy(&cu,&t);
- }
- else if (BIG_XXX_parity(d)==1)
- {
- BIG_XXX_copy(w,e);
- BIG_XXX_copy(e,d);
- BIG_XXX_sub(w,w,d);
- BIG_XXX_norm(w);
- BIG_XXX_copy(d,w);
- BIG_XXX_shr(d,1);
- FP16_YYY_xtr_A(&t,&cu,&cv,&cumv,&cum2v);
- FP16_YYY_conj(&cumv,&cumv);
- FP16_YYY_xtr_D(&cum2v,&cu);
- FP16_YYY_conj(&cum2v,&cum2v);
- FP16_YYY_xtr_D(&cu,&cv);
- FP16_YYY_copy(&cv,&t);
- }
- else
- {
- BIG_XXX_shr(d,1);
- FP16_YYY_conj(r,&cum2v);
- FP16_YYY_xtr_A(&t,&cu,&cumv,&cv,r);
- FP16_YYY_xtr_D(&cum2v,&cumv);
- FP16_YYY_copy(&cumv,&t);
- FP16_YYY_xtr_D(&cu,&cu);
- }
- }
- }
- FP16_YYY_xtr_A(r,&cu,&cv,&cumv,&cum2v);
- for (i=0; i<f2; i++) FP16_YYY_xtr_D(r,r);
- FP16_YYY_xtr_pow(r,r,d);
-}
-
-#endif
-
-
-
-/*
-int main(){
- FP2 w0,w1,f;
- FP8 w,t;
- FP8 c1,c2,c3,c4,cr;
- BIG a,b;
- BIG e,e1,e2;
- BIG p,md;
-
-
- BIG_rcopy(md,Modulus);
- //Test w^(P^4) = w mod p^2
- BIG_zero(a); BIG_inc(a,27);
- BIG_zero(b); BIG_inc(b,45);
- FP2_from_BIGs(&w0,a,b);
-
- BIG_zero(a); BIG_inc(a,33);
- BIG_zero(b); BIG_inc(b,54);
- FP2_from_BIGs(&w1,a,b);
-
- FP8_from_FP2s(&w,&w0,&w1);
- FP8_reduce(&w);
-
- printf("w= ");
- FP8_output(&w);
- printf("\n");
-
-
- FP8_copy(&t,&w);
-
-
- BIG_copy(p,md);
- FP8_pow(&w,&w,p);
-
- printf("w^p= ");
- FP8_output(&w);
- printf("\n");
-//exit(0);
-
- BIG_rcopy(a,CURVE_Fra);
- BIG_rcopy(b,CURVE_Frb);
- FP2_from_BIGs(&f,a,b);
-
- FP8_frob(&t,&f);
- printf("w^p= ");
- FP8_output(&t);
- printf("\n");
-
- FP8_pow(&w,&w,p);
- FP8_pow(&w,&w,p);
- FP8_pow(&w,&w,p);
- printf("w^p4= ");
- FP8_output(&w);
- printf("\n");
-
-// Test 1/(1/x) = x mod p^4
- FP8_from_FP2s(&w,&w0,&w1);
- printf("Test Inversion \nw= ");
- FP8_output(&w);
- printf("\n");
-
- FP8_inv(&w,&w);
- printf("1/w mod p^4 = ");
- FP8_output(&w);
- printf("\n");
-
- FP8_inv(&w,&w);
- printf("1/(1/w) mod p^4 = ");
- FP8_output(&w);
- printf("\n");
-
- BIG_zero(e); BIG_inc(e,12);
-
-
-
- // FP8_xtr_A(&w,&t,&w,&t,&t);
- FP8_xtr_pow(&w,&w,e);
-
- printf("w^e= ");
- FP8_output(&w);
- printf("\n");
-
-
- BIG_zero(a); BIG_inc(a,37);
- BIG_zero(b); BIG_inc(b,17);
- FP2_from_BIGs(&w0,a,b);
-
- BIG_zero(a); BIG_inc(a,49);
- BIG_zero(b); BIG_inc(b,31);
- FP2_from_BIGs(&w1,a,b);
-
- FP8_from_FP2s(&c1,&w0,&w1);
- FP8_from_FP2s(&c2,&w0,&w1);
- FP8_from_FP2s(&c3,&w0,&w1);
- FP8_from_FP2s(&c4,&w0,&w1);
-
- BIG_zero(e1); BIG_inc(e1,3331);
- BIG_zero(e2); BIG_inc(e2,3372);
-
- FP8_xtr_pow2(&w,&c1,&w,&c2,&c3,e1,e2);
-
- printf("c^e= ");
- FP8_output(&w);
- printf("\n");
-
-
- return 0;
-}
-*/
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/fp16.h
----------------------------------------------------------------------
diff --git a/version3/c/fp16.h b/version3/c/fp16.h
deleted file mode 100644
index d2d87d3..0000000
--- a/version3/c/fp16.h
+++ /dev/null
@@ -1,260 +0,0 @@
-#ifndef FP16_YYY_H
-#define FP16_YYY_H
-
-#include "fp8_YYY.h"
-#include "config_curve_ZZZ.h"
-
-
-/**
- @brief FP16 Structure - towered over two FP8
-*/
-
-typedef struct
-{
- FP8_YYY a; /**< real part of FP16 */
- FP8_YYY b; /**< imaginary part of FP16 */
-} FP16_YYY;
-
-
-/* FP16 prototypes */
-/** @brief Tests for FP16 equal to zero
- *
- @param x FP16 number to be tested
- @return 1 if zero, else returns 0
- */
-extern int FP16_YYY_iszilch(FP16_YYY *x);
-/** @brief Tests for FP16 equal to unity
- *
- @param x FP16 number to be tested
- @return 1 if unity, else returns 0
- */
-extern int FP16_YYY_isunity(FP16_YYY *x);
-/** @brief Tests for equality of two FP16s
- *
- @param x FP16 instance to be compared
- @param y FP16 instance to be compared
- @return 1 if x=y, else returns 0
- */
-extern int FP16_YYY_equals(FP16_YYY *x,FP16_YYY *y);
-/** @brief Tests for FP16 having only a real part and no imaginary part
- *
- @param x FP16 number to be tested
- @return 1 if real, else returns 0
- */
-extern int FP16_YYY_isreal(FP16_YYY *x);
-/** @brief Initialise FP16 from two FP8s
- *
- @param x FP16 instance to be initialised
- @param a FP8 to form real part of FP16
- @param b FP8 to form imaginary part of FP16
- */
-extern void FP16_YYY_from_FP8s(FP16_YYY *x,FP8_YYY *a,FP8_YYY *b);
-/** @brief Initialise FP16 from single FP8
- *
- Imaginary part is set to zero
- @param x FP16 instance to be initialised
- @param a FP8 to form real part of FP16
- */
-extern void FP16_YYY_from_FP8(FP16_YYY *x,FP8_YYY *a);
-
-/** @brief Initialise FP16 from single FP8
- *
- real part is set to zero
- @param x FP16 instance to be initialised
- @param a FP8 to form imaginary part of FP16
- */
-extern void FP16_YYY_from_FP8H(FP16_YYY *x,FP8_YYY *a);
-
-
-/** @brief Copy FP16 to another FP16
- *
- @param x FP16 instance, on exit = y
- @param y FP16 instance to be copied
- */
-extern void FP16_YYY_copy(FP16_YYY *x,FP16_YYY *y);
-/** @brief Set FP16 to zero
- *
- @param x FP16 instance to be set to zero
- */
-extern void FP16_YYY_zero(FP16_YYY *x);
-/** @brief Set FP16 to unity
- *
- @param x FP16 instance to be set to one
- */
-extern void FP16_YYY_one(FP16_YYY *x);
-/** @brief Negation of FP16
- *
- @param x FP16 instance, on exit = -y
- @param y FP16 instance
- */
-extern void FP16_YYY_neg(FP16_YYY *x,FP16_YYY *y);
-/** @brief Conjugation of FP16
- *
- If y=(a,b) on exit x=(a,-b)
- @param x FP16 instance, on exit = conj(y)
- @param y FP16 instance
- */
-extern void FP16_YYY_conj(FP16_YYY *x,FP16_YYY *y);
-/** @brief Negative conjugation of FP16
- *
- If y=(a,b) on exit x=(-a,b)
- @param x FP16 instance, on exit = -conj(y)
- @param y FP16 instance
- */
-extern void FP16_YYY_nconj(FP16_YYY *x,FP16_YYY *y);
-/** @brief addition of two FP16s
- *
- @param x FP16 instance, on exit = y+z
- @param y FP16 instance
- @param z FP16 instance
- */
-extern void FP16_YYY_add(FP16_YYY *x,FP16_YYY *y,FP16_YYY *z);
-/** @brief subtraction of two FP16s
- *
- @param x FP16 instance, on exit = y-z
- @param y FP16 instance
- @param z FP16 instance
- */
-extern void FP16_YYY_sub(FP16_YYY *x,FP16_YYY *y,FP16_YYY *z);
-/** @brief Multiplication of an FP16 by an FP8
- *
- @param x FP16 instance, on exit = y*a
- @param y FP16 instance
- @param a FP8 multiplier
- */
-extern void FP16_YYY_pmul(FP16_YYY *x,FP16_YYY *y,FP8_YYY *a);
-
-/** @brief Multiplication of an FP16 by an FP2
- *
- @param x FP16 instance, on exit = y*a
- @param y FP16 instance
- @param a FP2 multiplier
- */
-extern void FP16_YYY_qmul(FP16_YYY *x,FP16_YYY *y,FP2_YYY *a);
-
-/** @brief Multiplication of an FP16 by a small integer
- *
- @param x FP16 instance, on exit = y*i
- @param y FP16 instance
- @param i an integer
- */
-extern void FP16_YYY_imul(FP16_YYY *x,FP16_YYY *y,int i);
-/** @brief Squaring an FP16
- *
- @param x FP16 instance, on exit = y^2
- @param y FP16 instance
- */
-extern void FP16_YYY_sqr(FP16_YYY *x,FP16_YYY *y);
-/** @brief Multiplication of two FP16s
- *
- @param x FP16 instance, on exit = y*z
- @param y FP16 instance
- @param z FP16 instance
- */
-extern void FP16_YYY_mul(FP16_YYY *x,FP16_YYY *y,FP16_YYY *z);
-/** @brief Inverting an FP16
- *
- @param x FP16 instance, on exit = 1/y
- @param y FP16 instance
- */
-extern void FP16_YYY_inv(FP16_YYY *x,FP16_YYY *y);
-/** @brief Formats and outputs an FP16 to the console
- *
- @param x FP16 instance to be printed
- */
-extern void FP16_YYY_output(FP16_YYY *x);
-/** @brief Formats and outputs an FP16 to the console in raw form (for debugging)
- *
- @param x FP16 instance to be printed
- */
-extern void FP16_YYY_rawoutput(FP16_YYY *x);
-/** @brief multiplies an FP16 instance by irreducible polynomial sqrt(1+sqrt(-1))
- *
- @param x FP16 instance, on exit = sqrt(1+sqrt(-1)*x
- */
-extern void FP16_YYY_times_i(FP16_YYY *x);
-/** @brief multiplies an FP16 instance by irreducible polynomial (1+sqrt(-1))
- *
- @param x FP16 instance, on exit = sqrt(1+sqrt(-1))^2*x
- */
-extern void FP16_YYY_times_i2(FP16_YYY *x);
-
-/** @brief multiplies an FP16 instance by irreducible polynomial (1+sqrt(-1))
- *
- @param x FP16 instance, on exit = sqrt(1+sqrt(-1))^4*x
- */
-extern void FP16_YYY_times_i4(FP16_YYY *x);
-
-
-/** @brief Normalises the components of an FP16
- *
- @param x FP16 instance to be normalised
- */
-extern void FP16_YYY_norm(FP16_YYY *x);
-/** @brief Reduces all components of possibly unreduced FP16 mod Modulus
- *
- @param x FP16 instance, on exit reduced mod Modulus
- */
-extern void FP16_YYY_reduce(FP16_YYY *x);
-/** @brief Raises an FP16 to the power of a BIG
- *
- @param x FP16 instance, on exit = y^b
- @param y FP16 instance
- @param b BIG number
- */
-extern void FP16_YYY_pow(FP16_YYY *x,FP16_YYY *y,BIG_XXX b);
-/** @brief Raises an FP16 to the power of the internal modulus p, using the Frobenius
- *
- @param x FP16 instance, on exit = x^p
- @param f FP2 precalculated Frobenius constant
- */
-extern void FP16_YYY_frob(FP16_YYY *x,FP2_YYY *f);
-/** @brief Calculates the XTR addition function r=w*x-conj(x)*y+z
- *
- @param r FP16 instance, on exit = w*x-conj(x)*y+z
- @param w FP16 instance
- @param x FP16 instance
- @param y FP16 instance
- @param z FP16 instance
- */
-extern void FP16_YYY_xtr_A(FP16_YYY *r,FP16_YYY *w,FP16_YYY *x,FP16_YYY *y,FP16_YYY *z);
-/** @brief Calculates the XTR doubling function r=x^2-2*conj(x)
- *
- @param r FP16 instance, on exit = x^2-2*conj(x)
- @param x FP16 instance
- */
-extern void FP16_YYY_xtr_D(FP16_YYY *r,FP16_YYY *x);
-/** @brief Calculates FP16 trace of an FP12 raised to the power of a BIG number
- *
- XTR single exponentiation
- @param r FP16 instance, on exit = trace(w^b)
- @param x FP16 instance, trace of an FP12 w
- @param b BIG number
- */
-extern void FP16_YYY_xtr_pow(FP16_YYY *r,FP16_YYY *x,BIG_XXX b);
-/** @brief Calculates FP16 trace of c^a.d^b, where c and d are derived from FP16 traces of FP12s
- *
- XTR double exponentiation
- Assumes c=tr(x^m), d=tr(x^n), e=tr(x^(m-n)), f=tr(x^(m-2n))
- @param r FP16 instance, on exit = trace(c^a.d^b)
- @param c FP16 instance, trace of an FP12
- @param d FP16 instance, trace of an FP12
- @param e FP16 instance, trace of an FP12
- @param f FP16 instance, trace of an FP12
- @param a BIG number
- @param b BIG number
- */
-extern void FP16_YYY_xtr_pow2(FP16_YYY *r,FP16_YYY *c,FP16_YYY *d,FP16_YYY *e,FP16_YYY *f,BIG_XXX a,BIG_XXX b);
-
-/** @brief Conditional copy of FP16 number
- *
- Conditionally copies second parameter to the first (without branching)
- @param x FP16 instance, set to y if s!=0
- @param y another FP16 instance
- @param s copy only takes place if not equal to 0
- */
-extern void FP16_YYY_cmove(FP16_YYY *x,FP16_YYY *y,int s);
-
-
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/fp2.c
----------------------------------------------------------------------
diff --git a/version3/c/fp2.c b/version3/c/fp2.c
deleted file mode 100644
index d0c8e3f..0000000
--- a/version3/c/fp2.c
+++ /dev/null
@@ -1,489 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL Fp^2 functions */
-/* SU=m, m is Stack Usage (no lazy )*/
-
-/* FP2 elements are of the form a+ib, where i is sqrt(-1) */
-
-#include "fp2_YYY.h"
-
-/* test x==0 ? */
-/* SU= 8 */
-int FP2_YYY_iszilch(FP2_YYY *x)
-{
- // FP2_YYY_reduce(x);
- if (FP_YYY_iszilch(&(x->a)) && FP_YYY_iszilch(&(x->b))) return 1;
- return 0;
-}
-
-/* Move b to a if d=1 */
-void FP2_YYY_cmove(FP2_YYY *f,FP2_YYY *g,int d)
-{
- FP_YYY_cmove(&(f->a),&(g->a),d);
- FP_YYY_cmove(&(f->b),&(g->b),d);
-}
-
-/* test x==1 ? */
-/* SU= 48 */
-int FP2_YYY_isunity(FP2_YYY *x)
-{
- FP_YYY one;
- FP_YYY_one(&one);
- //FP2_YYY_reduce(x);
- if (FP_YYY_equals(&(x->a),&one) && FP_YYY_iszilch(&(x->b))) return 1;
- return 0;
-}
-
-/* SU= 8 */
-/* Fully reduce a and b mod Modulus */
-void FP2_YYY_reduce(FP2_YYY *w)
-{
- FP_YYY_reduce(&(w->a));
- FP_YYY_reduce(&(w->b));
-}
-
-/* return 1 if x==y, else 0 */
-/* SU= 16 */
-int FP2_YYY_equals(FP2_YYY *x,FP2_YYY *y)
-{
- if (FP_YYY_equals(&(x->a),&(y->a)) && FP_YYY_equals(&(x->b),&(y->b)))
- return 1;
- return 0;
-}
-
-/* Create FP2 from two FPs */
-/* SU= 16 */
-void FP2_YYY_from_FPs(FP2_YYY *w,FP_YYY *x,FP_YYY *y)
-{
- FP_YYY_copy(&(w->a),x);
- FP_YYY_copy(&(w->b),y);
-}
-
-/* Create FP2 from two BIGS */
-/* SU= 16 */
-void FP2_YYY_from_BIGs(FP2_YYY *w,BIG_XXX x,BIG_XXX y)
-{
- FP_YYY_nres(&(w->a),x);
- FP_YYY_nres(&(w->b),y);
-}
-
-/* Create FP2 from FP */
-/* SU= 8 */
-void FP2_YYY_from_FP(FP2_YYY *w,FP_YYY *x)
-{
- FP_YYY_copy(&(w->a),x);
- FP_YYY_zero(&(w->b));
-}
-
-/* Create FP2 from BIG */
-/* SU= 8 */
-void FP2_YYY_from_BIG(FP2_YYY *w,BIG_XXX x)
-{
- FP_YYY_nres(&(w->a),x);
- FP_YYY_zero(&(w->b));
-}
-
-/* FP2 copy w=x */
-/* SU= 16 */
-void FP2_YYY_copy(FP2_YYY *w,FP2_YYY *x)
-{
- if (w==x) return;
- FP_YYY_copy(&(w->a),&(x->a));
- FP_YYY_copy(&(w->b),&(x->b));
-}
-
-/* FP2 set w=0 */
-/* SU= 8 */
-void FP2_YYY_zero(FP2_YYY *w)
-{
- FP_YYY_zero(&(w->a));
- FP_YYY_zero(&(w->b));
-}
-
-/* FP2 set w=1 */
-/* SU= 48 */
-void FP2_YYY_one(FP2_YYY *w)
-{
- FP_YYY one;
- FP_YYY_one(&one);
- FP2_YYY_from_FP(w,&one);
-}
-
-/* Set w=-x */
-/* SU= 88 */
-void FP2_YYY_neg(FP2_YYY *w,FP2_YYY *x)
-{
- /* Just one neg! */
- FP_YYY m,t;
-// FP2_YYY_norm(x);
- FP_YYY_add(&m,&(x->a),&(x->b));
- FP_YYY_neg(&m,&m);
- FP_YYY_add(&t,&m,&(x->b));
- FP_YYY_add(&(w->b),&m,&(x->a));
- FP_YYY_copy(&(w->a),&t);
-
-}
-
-/* Set w=conj(x) */
-/* SU= 16 */
-void FP2_YYY_conj(FP2_YYY *w,FP2_YYY *x)
-{
- FP_YYY_copy(&(w->a),&(x->a));
-// BIG_XXX_norm(x->b);
- FP_YYY_neg(&(w->b),&(x->b));
- FP_YYY_norm(&(w->b));
-}
-
-/* Set w=x+y */
-/* SU= 16 */
-void FP2_YYY_add(FP2_YYY *w,FP2_YYY *x,FP2_YYY *y)
-{
- FP_YYY_add(&(w->a),&(x->a),&(y->a));
- FP_YYY_add(&(w->b),&(x->b),&(y->b));
-}
-
-/* Set w=x-y */
-/* Input y MUST be normed */
-void FP2_YYY_sub(FP2_YYY *w,FP2_YYY *x,FP2_YYY *y)
-{
- FP2_YYY m;
- FP2_YYY_neg(&m,y);
- FP2_YYY_add(w,x,&m);
-}
-
-/* Set w=s*x, where s is FP */
-/* SU= 16 */
-void FP2_YYY_pmul(FP2_YYY *w,FP2_YYY *x,FP_YYY *s)
-{
- FP_YYY_mul(&(w->a),&(x->a),s);
- FP_YYY_mul(&(w->b),&(x->b),s);
-}
-
-/* SU= 16 */
-/* Set w=s*x, where s is int */
-void FP2_YYY_imul(FP2_YYY *w,FP2_YYY *x,int s)
-{
- FP_YYY_imul(&(w->a),&(x->a),s);
- FP_YYY_imul(&(w->b),&(x->b),s);
-}
-
-/* Set w=x^2 */
-/* SU= 128 */
-void FP2_YYY_sqr(FP2_YYY *w,FP2_YYY *x)
-{
- FP_YYY w1,w3,mb;
-
- FP_YYY_add(&w1,&(x->a),&(x->b));
- FP_YYY_neg(&mb,&(x->b));
-
- FP_YYY_add(&w3,&(x->a),&(x->a));
- FP_YYY_norm(&w3);
- FP_YYY_mul(&(w->b),&w3,&(x->b));
-
- FP_YYY_add(&(w->a),&(x->a),&mb);
-
- FP_YYY_norm(&w1);
- FP_YYY_norm(&(w->a));
-
- FP_YYY_mul(&(w->a),&w1,&(w->a)); /* w->a#2 w->a=1 w1&w2=6 w1*w2=2 */
-}
-
-
-/* Set w=x*y */
-/* Inputs MUST be normed */
-/* Now uses Lazy reduction */
-void FP2_YYY_mul(FP2_YYY *w,FP2_YYY *x,FP2_YYY *y)
-{
- DBIG_XXX A,B,E,F,pR;
- BIG_XXX C,D,p;
-
- BIG_XXX_rcopy(p,Modulus_YYY);
- BIG_XXX_dsucopy(pR,p);
-
-// reduce excesses of a and b as required (so product < pR)
-
- if ((sign64)(x->a.XES+x->b.XES)*(y->a.XES+y->b.XES)>(sign64)FEXCESS_YYY)
- {
-#ifdef DEBUG_REDUCE
- printf("FP2 Product too large - reducing it\n");
-#endif
- if (x->a.XES>1) FP_YYY_reduce(&(x->a));
- if (x->b.XES>1) FP_YYY_reduce(&(x->b));
- }
-
- BIG_XXX_mul(A,x->a.g,y->a.g);
- BIG_XXX_mul(B,x->b.g,y->b.g);
-
- BIG_XXX_add(C,x->a.g,x->b.g);
- BIG_XXX_norm(C);
- BIG_XXX_add(D,y->a.g,y->b.g);
- BIG_XXX_norm(D);
-
- BIG_XXX_mul(E,C,D);
- BIG_XXX_dadd(F,A,B);
- BIG_XXX_dsub(B,pR,B); //
-
- BIG_XXX_dadd(A,A,B); // A<pR? Not necessarily, but <2pR
- BIG_XXX_dsub(E,E,F); // E<pR ? Yes
-
- BIG_XXX_dnorm(A);
- FP_YYY_mod(w->a.g,A);
- w->a.XES=3;// may drift above 2p...
- BIG_XXX_dnorm(E);
- FP_YYY_mod(w->b.g,E);
- w->b.XES=2;
-
-}
-
-/* output FP2 in hex format [a,b] */
-/* SU= 16 */
-void FP2_YYY_output(FP2_YYY *w)
-{
- BIG_XXX bx,by;
- FP2_YYY_reduce(w);
- FP_YYY_redc(bx,&(w->a));
- FP_YYY_redc(by,&(w->b));
- printf("[");
- BIG_XXX_output(bx);
- printf(",");
- BIG_XXX_output(by);
- printf("]");
- FP_YYY_nres(&(w->a),bx);
- FP_YYY_nres(&(w->b),by);
-}
-
-/* SU= 8 */
-void FP2_YYY_rawoutput(FP2_YYY *w)
-{
- printf("[");
- BIG_XXX_rawoutput(w->a.g);
- printf(",");
- BIG_XXX_rawoutput(w->b.g);
- printf("]");
-}
-
-
-/* Set w=1/x */
-/* SU= 128 */
-void FP2_YYY_inv(FP2_YYY *w,FP2_YYY *x)
-{
- BIG_XXX m,b;
- FP_YYY w1,w2;
-
- FP2_YYY_norm(x);
- FP_YYY_sqr(&w1,&(x->a));
- FP_YYY_sqr(&w2,&(x->b));
- FP_YYY_add(&w1,&w1,&w2);
-
- FP_YYY_inv(&w1,&w1);
-
- FP_YYY_mul(&(w->a),&(x->a),&w1);
- FP_YYY_neg(&w1,&w1);
- FP_YYY_norm(&w1);
- FP_YYY_mul(&(w->b),&(x->b),&w1);
-// FP2_YYY_norm(w);
-}
-
-
-/* Set w=x/2 */
-/* SU= 16 */
-void FP2_YYY_div2(FP2_YYY *w,FP2_YYY *x)
-{
- FP_YYY_div2(&(w->a),&(x->a));
- FP_YYY_div2(&(w->b),&(x->b));
-}
-
-/* Set w*=(1+sqrt(-1)) */
-/* where X^2-(1+sqrt(-1)) is irreducible for FP4, assumes p=3 mod 8 */
-
-/* Input MUST be normed */
-void FP2_YYY_mul_ip(FP2_YYY *w)
-{
- FP_YYY z;
- FP2_YYY t;
-
-// FP2_YYY_norm(w);
- FP2_YYY_copy(&t,w);
-
- FP_YYY_copy(&z,&(w->a));
- FP_YYY_neg(&(w->a),&(w->b));
- FP_YYY_copy(&(w->b),&z);
-
- FP2_YYY_add(w,&t,w);
-// Output NOT normed, so use with care
-}
-
-
-void FP2_YYY_div_ip2(FP2_YYY *w)
-{
- FP2_YYY t;
- FP2_YYY_norm(w);
- FP_YYY_add(&(t.a),&(w->a),&(w->b));
- FP_YYY_sub(&(t.b),&(w->b),&(w->a));
- FP2_YYY_norm(&t);
- FP2_YYY_copy(w,&t);
-}
-
-/* Set w/=(1+sqrt(-1)) */
-/* SU= 88 */
-void FP2_YYY_div_ip(FP2_YYY *w)
-{
- FP2_YYY t;
- FP2_YYY_norm(w);
- FP_YYY_add(&t.a,&(w->a),&(w->b));
- FP_YYY_sub(&t.b,&(w->b),&(w->a));
- FP2_YYY_norm(&t);
- FP2_YYY_div2(w,&t);
-}
-
-/* SU= 8 */
-/* normalise a and b components of w */
-void FP2_YYY_norm(FP2_YYY *w)
-{
- FP_YYY_norm(&(w->a));
- FP_YYY_norm(&(w->b));
-}
-
-/* Set w=a^b mod m */
-/* SU= 208 */
-void FP2_YYY_pow(FP2_YYY *r,FP2_YYY* a,BIG_XXX b)
-{
- FP2_YYY w;
- FP_YYY one;
- BIG_XXX z,zilch;
- int bt;
-
- BIG_XXX_norm(b);
- BIG_XXX_copy(z,b);
- FP2_YYY_copy(&w,a);
- FP_YYY_one(&one);
- BIG_XXX_zero(zilch);
- FP2_YYY_from_FP(r,&one);
- while(1)
- {
- bt=BIG_XXX_parity(z);
- BIG_XXX_shr(z,1);
- if (bt) FP2_YYY_mul(r,r,&w);
- if (BIG_XXX_comp(z,zilch)==0) break;
- FP2_YYY_sqr(&w,&w);
- }
- FP2_YYY_reduce(r);
-}
-
-/* sqrt(a+ib) = sqrt(a+sqrt(a*a-n*b*b)/2)+ib/(2*sqrt(a+sqrt(a*a-n*b*b)/2)) */
-/* returns true if u is QR */
-
-int FP2_YYY_sqrt(FP2_YYY *w,FP2_YYY *u)
-{
- BIG_XXX b;
- FP_YYY w1,w2;
- FP2_YYY_copy(w,u);
- if (FP2_YYY_iszilch(w)) return 1;
-
- FP_YYY_sqr(&w1,&(w->b));
- FP_YYY_sqr(&w2,&(w->a));
- FP_YYY_add(&w1,&w1,&w2);
- if (!FP_YYY_qr(&w1))
- {
- FP2_YYY_zero(w);
- return 0;
- }
- FP_YYY_sqrt(&w1,&w1);
- FP_YYY_add(&w2,&(w->a),&w1);
- FP_YYY_norm(&w2);
- FP_YYY_div2(&w2,&w2);
- if (!FP_YYY_qr(&w2))
- {
- FP_YYY_sub(&w2,&(w->a),&w1);
- FP_YYY_norm(&w2);
- FP_YYY_div2(&w2,&w2);
- if (!FP_YYY_qr(&w2))
- {
- FP2_YYY_zero(w);
- return 0;
- }
- }
- FP_YYY_sqrt(&w2,&w2);
- FP_YYY_copy(&(w->a),&w2);
- FP_YYY_add(&w2,&w2,&w2);
-
- FP_YYY_inv(&w2,&w2);
-
- FP_YYY_mul(&(w->b),&(w->b),&w2);
- return 1;
-}
-
-/* New stuff for ECp4 support */
-
-/* Input MUST be normed */
-void FP2_YYY_times_i(FP2_YYY *w)
-{
- FP_YYY z;
-
- // FP2_norm(w);
-
- FP_YYY_copy(&z,&(w->a));
- FP_YYY_neg(&(w->a),&(w->b));
- FP_YYY_copy(&(w->b),&z);
-
-// Output NOT normed, so use with care
-}
-
-/*
-int main()
-{
- int i;
- FP2_YYY w,z;
- BIG_XXX a,b,e;
- BIG_XXX pp1,pm1;
- BIG_XXX_unity(a); BIG_XXX_unity(b);
- FP2_YYY_from_BIGs(&w,a,b);
-// for (i=0;i<100;i++)
-// {
-// BIG_XXX_randomnum(a); BIG_XXX_randomnum(b);
-// BIG_XXX_mod(a,Modulus_YYY); BIG_XXX_mod(b,Modulus_YYY);
-// FP2_YYY_from_FPs(&w,a,b);
-// FP2_YYY_output(&w);
-// FP2_YYY_inv(&z,&w);
-// FP2_YYY_output(&z);
-// FP2_YYY_inv(&z,&z);
-// FP2_YYY_output(&z);
-// FP2_YYY_output(&w);
-// if (FP2_YYY_comp(&w,&z)!=1) printf("error \n");
-// else printf("OK \n");
-// }
-//exit(0);
- printf("w= "); FP2_YYY_output(&w); printf("\n");
- BIG_XXX_zero(e); BIG_XXX_inc(e,27);
- FP2_YYY_pow(&w,&w,e);
- FP2_YYY_output(&w);
-exit(0);
- BIG_XXX_rcopy(pp1,Modulus_YYY);
- BIG_XXX_rcopy(pm1,Modulus_YYY);
- BIG_XXX_inc(pp1,1);
- BIG_XXX_dec(pm1,1);
- BIG_XXX_norm(pp1);
- BIG_XXX_norm(pm1);
- FP2_YYY_pow(&w,&w,pp1);
- FP2_YYY_pow(&w,&w,pm1);
- FP2_YYY_output(&w);
-}
-
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/fp2.h
----------------------------------------------------------------------
diff --git a/version3/c/fp2.h b/version3/c/fp2.h
deleted file mode 100644
index 6767685..0000000
--- a/version3/c/fp2.h
+++ /dev/null
@@ -1,240 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/**
- * @file fp2.h
- * @author Mike Scott
- * @brief FP2 Header File
- *
- */
-
-#ifndef FP2_YYY_H
-#define FP2_YYY_H
-
-#include "fp_YYY.h"
-
-/**
- @brief FP2 Structure - quadratic extension field
-*/
-
-typedef struct
-{
- FP_YYY a; /**< real part of FP2 */
- FP_YYY b; /**< imaginary part of FP2 */
-} FP2_YYY;
-
-/* FP2 prototypes */
-
-/** @brief Tests for FP2 equal to zero
- *
- @param x FP2 number to be tested
- @return 1 if zero, else returns 0
- */
-extern int FP2_YYY_iszilch(FP2_YYY *x);
-/** @brief Conditional copy of FP2 number
- *
- Conditionally copies second parameter to the first (without branching)
- @param x FP2 instance, set to y if s!=0
- @param y another FP2 instance
- @param s copy only takes place if not equal to 0
- */
-extern void FP2_YYY_cmove(FP2_YYY *x,FP2_YYY *y,int s);
-/** @brief Tests for FP2 equal to one
- *
- @param x FP2 instance to be tested
- @return 1 if x=1, else returns 0
- */
-extern int FP2_YYY_isunity(FP2_YYY *x);
-/** @brief Tests for equality of two FP2s
- *
- @param x FP2 instance to be compared
- @param y FP2 instance to be compared
- @return 1 if x=y, else returns 0
- */
-extern int FP2_YYY_equals(FP2_YYY *x,FP2_YYY *y);
-/** @brief Initialise FP2 from two FP numbers
- *
- @param x FP2 instance to be initialised
- @param a FP to form real part of FP2
- @param b FP to form imaginary part of FP2
- */
-extern void FP2_YYY_from_FPs(FP2_YYY *x,FP_YYY *a,FP_YYY *b);
-/** @brief Initialise FP2 from two BIG integers
- *
- @param x FP2 instance to be initialised
- @param a BIG to form real part of FP2
- @param b BIG to form imaginary part of FP2
- */
-extern void FP2_YYY_from_BIGs(FP2_YYY *x,BIG_XXX a,BIG_XXX b);
-/** @brief Initialise FP2 from single FP
- *
- Imaginary part is set to zero
- @param x FP2 instance to be initialised
- @param a FP to form real part of FP2
- */
-extern void FP2_YYY_from_FP(FP2_YYY *x,FP_YYY *a);
-/** @brief Initialise FP2 from single BIG
- *
- Imaginary part is set to zero
- @param x FP2 instance to be initialised
- @param a BIG to form real part of FP2
- */
-extern void FP2_YYY_from_BIG(FP2_YYY *x,BIG_XXX a);
-/** @brief Copy FP2 to another FP2
- *
- @param x FP2 instance, on exit = y
- @param y FP2 instance to be copied
- */
-extern void FP2_YYY_copy(FP2_YYY *x,FP2_YYY *y);
-/** @brief Set FP2 to zero
- *
- @param x FP2 instance to be set to zero
- */
-extern void FP2_YYY_zero(FP2_YYY *x);
-/** @brief Set FP2 to unity
- *
- @param x FP2 instance to be set to one
- */
-extern void FP2_YYY_one(FP2_YYY *x);
-/** @brief Negation of FP2
- *
- @param x FP2 instance, on exit = -y
- @param y FP2 instance
- */
-extern void FP2_YYY_neg(FP2_YYY *x,FP2_YYY *y);
-/** @brief Conjugation of FP2
- *
- If y=(a,b) on exit x=(a,-b)
- @param x FP2 instance, on exit = conj(y)
- @param y FP2 instance
- */
-extern void FP2_YYY_conj(FP2_YYY *x,FP2_YYY *y);
-/** @brief addition of two FP2s
- *
- @param x FP2 instance, on exit = y+z
- @param y FP2 instance
- @param z FP2 instance
- */
-extern void FP2_YYY_add(FP2_YYY *x,FP2_YYY *y,FP2_YYY *z);
-/** @brief subtraction of two FP2s
- *
- @param x FP2 instance, on exit = y-z
- @param y FP2 instance
- @param z FP2 instance
- */
-extern void FP2_YYY_sub(FP2_YYY *x,FP2_YYY *y,FP2_YYY *z);
-/** @brief Multiplication of an FP2 by an FP
- *
- @param x FP2 instance, on exit = y*b
- @param y FP2 instance
- @param b FP residue
- */
-extern void FP2_YYY_pmul(FP2_YYY *x,FP2_YYY *y,FP_YYY *b);
-/** @brief Multiplication of an FP2 by a small integer
- *
- @param x FP2 instance, on exit = y*i
- @param y FP2 instance
- @param i an integer
- */
-extern void FP2_YYY_imul(FP2_YYY *x,FP2_YYY *y,int i);
-/** @brief Squaring an FP2
- *
- @param x FP2 instance, on exit = y^2
- @param y FP2 instance
- */
-extern void FP2_YYY_sqr(FP2_YYY *x,FP2_YYY *y);
-/** @brief Multiplication of two FP2s
- *
- @param x FP2 instance, on exit = y*z
- @param y FP2 instance
- @param z FP2 instance
- */
-extern void FP2_YYY_mul(FP2_YYY *x,FP2_YYY *y,FP2_YYY *z);
-/** @brief Formats and outputs an FP2 to the console
- *
- @param x FP2 instance
- */
-extern void FP2_YYY_output(FP2_YYY *x);
-/** @brief Formats and outputs an FP2 to the console in raw form (for debugging)
- *
- @param x FP2 instance
- */
-extern void FP2_YYY_rawoutput(FP2_YYY *x);
-/** @brief Inverting an FP2
- *
- @param x FP2 instance, on exit = 1/y
- @param y FP2 instance
- */
-extern void FP2_YYY_inv(FP2_YYY *x,FP2_YYY *y);
-/** @brief Divide an FP2 by 2
- *
- @param x FP2 instance, on exit = y/2
- @param y FP2 instance
- */
-extern void FP2_YYY_div2(FP2_YYY *x,FP2_YYY *y);
-/** @brief Multiply an FP2 by (1+sqrt(-1))
- *
- Note that (1+sqrt(-1)) is irreducible for FP4
- @param x FP2 instance, on exit = x*(1+sqrt(-1))
- */
-extern void FP2_YYY_mul_ip(FP2_YYY *x);
-/** @brief Divide an FP2 by (1+sqrt(-1))/2 -
- *
- Note that (1+sqrt(-1)) is irreducible for FP4
- @param x FP2 instance, on exit = 2x/(1+sqrt(-1))
- */
-extern void FP2_YYY_div_ip2(FP2_YYY *x);
-/** @brief Divide an FP2 by (1+sqrt(-1))
- *
- Note that (1+sqrt(-1)) is irreducible for FP4
- @param x FP2 instance, on exit = x/(1+sqrt(-1))
- */
-extern void FP2_YYY_div_ip(FP2_YYY *x);
-/** @brief Normalises the components of an FP2
- *
- @param x FP2 instance to be normalised
- */
-extern void FP2_YYY_norm(FP2_YYY *x);
-/** @brief Reduces all components of possibly unreduced FP2 mod Modulus
- *
- @param x FP2 instance, on exit reduced mod Modulus
- */
-extern void FP2_YYY_reduce(FP2_YYY *x);
-/** @brief Raises an FP2 to the power of a BIG
- *
- @param x FP2 instance, on exit = y^b
- @param y FP2 instance
- @param b BIG number
- */
-extern void FP2_YYY_pow(FP2_YYY *x,FP2_YYY *y,BIG_XXX b);
-/** @brief Square root of an FP2
- *
- @param x FP2 instance, on exit = sqrt(y)
- @param y FP2 instance
- */
-extern int FP2_YYY_sqrt(FP2_YYY *x,FP2_YYY *y);
-
-/** @brief Multiply an FP2 by sqrt(-1)
- *
- Note that -1 is QNR
- @param x FP2 instance, on exit = x*sqrt(-1)
- */
-extern void FP2_YYY_times_i(FP2_YYY *x);
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/fp24.c
----------------------------------------------------------------------
diff --git a/version3/c/fp24.c b/version3/c/fp24.c
deleted file mode 100644
index 07a6525..0000000
--- a/version3/c/fp24.c
+++ /dev/null
@@ -1,1123 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL Fp^12 functions */
-/* SU=m, m is Stack Usage (no lazy )*/
-/* FP24 elements are of the form a+i.b+i^2.c */
-
-#include "fp24_YYY.h"
-
-/* return 1 if b==c, no branching */
-static int teq(sign32 b,sign32 c)
-{
- sign32 x=b^c;
- x-=1; // if x=0, x now -1
- return (int)((x>>31)&1);
-}
-
-
-/* Constant time select from pre-computed table */
-static void FP24_YYY_select(FP24_YYY *f,FP24_YYY g[],sign32 b)
-{
- FP24_YYY invf;
- sign32 m=b>>31;
- sign32 babs=(b^m)-m;
-
- babs=(babs-1)/2;
-
- FP24_YYY_cmove(f,&g[0],teq(babs,0)); // conditional move
- FP24_YYY_cmove(f,&g[1],teq(babs,1));
- FP24_YYY_cmove(f,&g[2],teq(babs,2));
- FP24_YYY_cmove(f,&g[3],teq(babs,3));
- FP24_YYY_cmove(f,&g[4],teq(babs,4));
- FP24_YYY_cmove(f,&g[5],teq(babs,5));
- FP24_YYY_cmove(f,&g[6],teq(babs,6));
- FP24_YYY_cmove(f,&g[7],teq(babs,7));
-
- FP24_YYY_copy(&invf,f);
- FP24_YYY_conj(&invf,&invf); // 1/f
- FP24_YYY_cmove(f,&invf,(int)(m&1));
-}
-
-/* test x==0 ? */
-/* SU= 8 */
-int FP24_YYY_iszilch(FP24_YYY *x)
-{
- if (FP8_YYY_iszilch(&(x->a)) && FP8_YYY_iszilch(&(x->b)) && FP8_YYY_iszilch(&(x->c))) return 1;
- return 0;
-}
-
-/* test x==1 ? */
-/* SU= 8 */
-int FP24_YYY_isunity(FP24_YYY *x)
-{
- if (FP8_YYY_isunity(&(x->a)) && FP8_YYY_iszilch(&(x->b)) && FP8_YYY_iszilch(&(x->c))) return 1;
- return 0;
-}
-
-/* FP24 copy w=x */
-/* SU= 16 */
-void FP24_YYY_copy(FP24_YYY *w,FP24_YYY *x)
-{
- if (x==w) return;
- FP8_YYY_copy(&(w->a),&(x->a));
- FP8_YYY_copy(&(w->b),&(x->b));
- FP8_YYY_copy(&(w->c),&(x->c));
-}
-
-/* FP24 w=1 */
-/* SU= 8 */
-void FP24_YYY_one(FP24_YYY *w)
-{
- FP8_YYY_one(&(w->a));
- FP8_YYY_zero(&(w->b));
- FP8_YYY_zero(&(w->c));
-}
-
-/* return 1 if x==y, else 0 */
-/* SU= 16 */
-int FP24_YYY_equals(FP24_YYY *x,FP24_YYY *y)
-{
- if (FP8_YYY_equals(&(x->a),&(y->a)) && FP8_YYY_equals(&(x->b),&(y->b)) && FP8_YYY_equals(&(x->b),&(y->b)))
- return 1;
- return 0;
-}
-
-/* Set w=conj(x) */
-/* SU= 8 */
-void FP24_YYY_conj(FP24_YYY *w,FP24_YYY *x)
-{
- FP24_YYY_copy(w,x);
- FP8_YYY_conj(&(w->a),&(w->a));
- FP8_YYY_nconj(&(w->b),&(w->b));
- FP8_YYY_conj(&(w->c),&(w->c));
-}
-
-/* Create FP24 from FP8 */
-/* SU= 8 */
-void FP24_YYY_from_FP8(FP24_YYY *w,FP8_YYY *a)
-{
- FP8_YYY_copy(&(w->a),a);
- FP8_YYY_zero(&(w->b));
- FP8_YYY_zero(&(w->c));
-}
-
-/* Create FP24 from 3 FP8's */
-/* SU= 16 */
-void FP24_YYY_from_FP8s(FP24_YYY *w,FP8_YYY *a,FP8_YYY *b,FP8_YYY *c)
-{
- FP8_YYY_copy(&(w->a),a);
- FP8_YYY_copy(&(w->b),b);
- FP8_YYY_copy(&(w->c),c);
-}
-
-/* Granger-Scott Unitary Squaring. This does not benefit from lazy reduction */
-/* SU= 600 */
-void FP24_YYY_usqr(FP24_YYY *w,FP24_YYY *x)
-{
- FP8_YYY A,B,C,D;
-
- FP8_YYY_copy(&A,&(x->a));
-
- FP8_YYY_sqr(&(w->a),&(x->a));
- FP8_YYY_add(&D,&(w->a),&(w->a));
- FP8_YYY_add(&(w->a),&D,&(w->a));
-
- FP8_YYY_norm(&(w->a));
- FP8_YYY_nconj(&A,&A);
-
- FP8_YYY_add(&A,&A,&A);
- FP8_YYY_add(&(w->a),&(w->a),&A);
- FP8_YYY_sqr(&B,&(x->c));
- FP8_YYY_times_i(&B);
-
- FP8_YYY_add(&D,&B,&B);
- FP8_YYY_add(&B,&B,&D);
- FP8_YYY_norm(&B);
-
- FP8_YYY_sqr(&C,&(x->b));
-
- FP8_YYY_add(&D,&C,&C);
- FP8_YYY_add(&C,&C,&D);
-
- FP8_YYY_norm(&C);
- FP8_YYY_conj(&(w->b),&(x->b));
- FP8_YYY_add(&(w->b),&(w->b),&(w->b));
- FP8_YYY_nconj(&(w->c),&(x->c));
-
- FP8_YYY_add(&(w->c),&(w->c),&(w->c));
- FP8_YYY_add(&(w->b),&B,&(w->b));
- FP8_YYY_add(&(w->c),&C,&(w->c));
-
- FP24_YYY_reduce(w); /* reduce here as in pow function repeated squarings would trigger multiple reductions */
-}
-
-/* FP24 squaring w=x^2 */
-/* SU= 600 */
-void FP24_YYY_sqr(FP24_YYY *w,FP24_YYY *x)
-{
- /* Use Chung-Hasan SQR2 method from http://cacr.uwaterloo.ca/techreports/2006/cacr2006-24.pdf */
-
- FP8_YYY A,B,C,D;
-
- FP8_YYY_sqr(&A,&(x->a));
- FP8_YYY_mul(&B,&(x->b),&(x->c));
- FP8_YYY_add(&B,&B,&B);
-FP8_YYY_norm(&B);
- FP8_YYY_sqr(&C,&(x->c));
-
- FP8_YYY_mul(&D,&(x->a),&(x->b));
- FP8_YYY_add(&D,&D,&D);
-
- FP8_YYY_add(&(w->c),&(x->a),&(x->c));
- FP8_YYY_add(&(w->c),&(x->b),&(w->c));
-FP8_YYY_norm(&(w->c));
-
- FP8_YYY_sqr(&(w->c),&(w->c));
-
- FP8_YYY_copy(&(w->a),&A);
- FP8_YYY_add(&A,&A,&B);
-
- FP8_YYY_norm(&A);
-
- FP8_YYY_add(&A,&A,&C);
- FP8_YYY_add(&A,&A,&D);
-
- FP8_YYY_norm(&A);
-
- FP8_YYY_neg(&A,&A);
- FP8_YYY_times_i(&B);
- FP8_YYY_times_i(&C);
-
- FP8_YYY_add(&(w->a),&(w->a),&B);
- FP8_YYY_add(&(w->b),&C,&D);
- FP8_YYY_add(&(w->c),&(w->c),&A);
-
- FP24_YYY_norm(w);
-}
-
-/* FP24 full multiplication w=w*y */
-
-
-/* SU= 896 */
-/* FP24 full multiplication w=w*y */
-void FP24_YYY_mul(FP24_YYY *w,FP24_YYY *y)
-{
- FP8_YYY z0,z1,z2,z3,t0,t1;
-
- FP8_YYY_mul(&z0,&(w->a),&(y->a));
- FP8_YYY_mul(&z2,&(w->b),&(y->b)); //
-
- FP8_YYY_add(&t0,&(w->a),&(w->b));
- FP8_YYY_add(&t1,&(y->a),&(y->b)); //
-
-FP8_YYY_norm(&t0);
-FP8_YYY_norm(&t1);
-
- FP8_YYY_mul(&z1,&t0,&t1);
- FP8_YYY_add(&t0,&(w->b),&(w->c));
- FP8_YYY_add(&t1,&(y->b),&(y->c)); //
-
-FP8_YYY_norm(&t0);
-FP8_YYY_norm(&t1);
-
- FP8_YYY_mul(&z3,&t0,&t1);
-
- FP8_YYY_neg(&t0,&z0);
- FP8_YYY_neg(&t1,&z2);
-
- FP8_YYY_add(&z1,&z1,&t0); // z1=z1-z0
-// FP8_YYY_norm(&z1);
- FP8_YYY_add(&(w->b),&z1,&t1);
-// z1=z1-z2
- FP8_YYY_add(&z3,&z3,&t1); // z3=z3-z2
- FP8_YYY_add(&z2,&z2,&t0); // z2=z2-z0
-
- FP8_YYY_add(&t0,&(w->a),&(w->c));
- FP8_YYY_add(&t1,&(y->a),&(y->c));
-
-FP8_YYY_norm(&t0);
-FP8_YYY_norm(&t1);
-
- FP8_YYY_mul(&t0,&t1,&t0);
- FP8_YYY_add(&z2,&z2,&t0);
-
- FP8_YYY_mul(&t0,&(w->c),&(y->c));
- FP8_YYY_neg(&t1,&t0);
-
- FP8_YYY_add(&(w->c),&z2,&t1);
- FP8_YYY_add(&z3,&z3,&t1);
- FP8_YYY_times_i(&t0);
- FP8_YYY_add(&(w->b),&(w->b),&t0);
-FP8_YYY_norm(&z3);
- FP8_YYY_times_i(&z3);
- FP8_YYY_add(&(w->a),&z0,&z3);
-
- FP24_YYY_norm(w);
-}
-
-/* FP24 multiplication w=w*y */
-/* SU= 744 */
-/* catering for special case that arises from special form of ATE pairing line function */
-void FP24_YYY_smul(FP24_YYY *w,FP24_YYY *y,int type)
-{
- FP8_YYY z0,z1,z2,z3,t0,t1;
-
- if (type==D_TYPE)
- { // y->c is 0
-
- FP8_YYY_copy(&z3,&(w->b));
- FP8_YYY_mul(&z0,&(w->a),&(y->a));
-
- FP8_YYY_pmul(&z2,&(w->b),&(y->b).a);
- FP8_YYY_add(&(w->b),&(w->a),&(w->b));
- FP8_YYY_copy(&t1,&(y->a));
- FP4_YYY_add(&t1.a,&t1.a,&(y->b).a);
-
- FP8_YYY_norm(&t1);
- FP8_YYY_norm(&(w->b));
-
- FP8_YYY_mul(&(w->b),&(w->b),&t1);
- FP8_YYY_add(&z3,&z3,&(w->c));
- FP8_YYY_norm(&z3);
- FP8_YYY_pmul(&z3,&z3,&(y->b).a);
- FP8_YYY_neg(&t0,&z0);
- FP8_YYY_neg(&t1,&z2);
-
- FP8_YYY_add(&(w->b),&(w->b),&t0); // z1=z1-z0
-// FP8_YYY_norm(&(w->b));
- FP8_YYY_add(&(w->b),&(w->b),&t1); // z1=z1-z2
-
- FP8_YYY_add(&z3,&z3,&t1); // z3=z3-z2
- FP8_YYY_add(&z2,&z2,&t0); // z2=z2-z0
-
- FP8_YYY_add(&t0,&(w->a),&(w->c));
-
- FP8_YYY_norm(&t0);
- FP8_YYY_norm(&z3);
-
- FP8_YYY_mul(&t0,&(y->a),&t0);
- FP8_YYY_add(&(w->c),&z2,&t0);
-
- FP8_YYY_times_i(&z3);
- FP8_YYY_add(&(w->a),&z0,&z3);
- }
-
- if (type==M_TYPE)
- { // y->b is zero
- FP8_YYY_mul(&z0,&(w->a),&(y->a));
- FP8_YYY_add(&t0,&(w->a),&(w->b));
- FP8_YYY_norm(&t0);
-
- FP8_YYY_mul(&z1,&t0,&(y->a));
- FP8_YYY_add(&t0,&(w->b),&(w->c));
- FP8_YYY_norm(&t0);
-
- FP8_YYY_pmul(&z3,&t0,&(y->c).b);
- FP8_YYY_times_i(&z3);
-
- FP8_YYY_neg(&t0,&z0);
- FP8_YYY_add(&z1,&z1,&t0); // z1=z1-z0
-
- FP8_YYY_copy(&(w->b),&z1);
-
- FP8_YYY_copy(&z2,&t0);
-
- FP8_YYY_add(&t0,&(w->a),&(w->c));
- FP8_YYY_add(&t1,&(y->a),&(y->c));
-
- FP8_YYY_norm(&t0);
- FP8_YYY_norm(&t1);
-
- FP8_YYY_mul(&t0,&t1,&t0);
- FP8_YYY_add(&z2,&z2,&t0);
-
- FP8_YYY_pmul(&t0,&(w->c),&(y->c).b);
- FP8_YYY_times_i(&t0);
- FP8_YYY_neg(&t1,&t0);
- FP8_YYY_times_i(&t0);
-
- FP8_YYY_add(&(w->c),&z2,&t1);
- FP8_YYY_add(&z3,&z3,&t1);
-
- FP8_YYY_add(&(w->b),&(w->b),&t0);
- FP8_YYY_norm(&z3);
- FP8_YYY_times_i(&z3);
- FP8_YYY_add(&(w->a),&z0,&z3);
- }
- FP24_YYY_norm(w);
-}
-
-/* Set w=1/x */
-/* SU= 600 */
-void FP24_YYY_inv(FP24_YYY *w,FP24_YYY *x)
-{
- FP8_YYY f0,f1,f2,f3;
-// FP24_norm(x);
-
- FP8_YYY_sqr(&f0,&(x->a));
- FP8_YYY_mul(&f1,&(x->b),&(x->c));
- FP8_YYY_times_i(&f1);
- FP8_YYY_sub(&f0,&f0,&f1); /* y.a */
- FP8_YYY_norm(&f0);
-
- FP8_YYY_sqr(&f1,&(x->c));
- FP8_YYY_times_i(&f1);
- FP8_YYY_mul(&f2,&(x->a),&(x->b));
- FP8_YYY_sub(&f1,&f1,&f2); /* y.b */
- FP8_YYY_norm(&f1);
-
- FP8_YYY_sqr(&f2,&(x->b));
- FP8_YYY_mul(&f3,&(x->a),&(x->c));
- FP8_YYY_sub(&f2,&f2,&f3); /* y.c */
- FP8_YYY_norm(&f2);
-
- FP8_YYY_mul(&f3,&(x->b),&f2);
- FP8_YYY_times_i(&f3);
- FP8_YYY_mul(&(w->a),&f0,&(x->a));
- FP8_YYY_add(&f3,&(w->a),&f3);
- FP8_YYY_mul(&(w->c),&f1,&(x->c));
- FP8_YYY_times_i(&(w->c));
-
-
-
- FP8_YYY_add(&f3,&(w->c),&f3);
- FP8_YYY_norm(&f3);
-
- FP8_YYY_inv(&f3,&f3);
- FP8_YYY_mul(&(w->a),&f0,&f3);
- FP8_YYY_mul(&(w->b),&f1,&f3);
- FP8_YYY_mul(&(w->c),&f2,&f3);
-
-}
-
-/* constant time powering by small integer of max length bts */
-
-void FP24_YYY_pinpow(FP24_YYY *r,int e,int bts)
-{
- int i,b;
- FP24_YYY R[2];
-
- FP24_YYY_one(&R[0]);
- FP24_YYY_copy(&R[1],r);
-
- for (i=bts-1; i>=0; i--)
- {
- b=(e>>i)&1;
- FP24_YYY_mul(&R[1-b],&R[b]);
- FP24_YYY_usqr(&R[b],&R[b]);
- }
- FP24_YYY_copy(r,&R[0]);
-}
-
-/* Compressed powering of unitary elements y=x^(e mod r) */
-
-void FP24_YYY_compow(FP8_YYY *c,FP24_YYY *x,BIG_XXX e,BIG_XXX r)
-{
- FP24_YYY g1,g2;
- FP8_YYY cp,cpm1,cpm2;
- FP2_YYY f;
- BIG_XXX q,a,b,m;
-
- BIG_XXX_rcopy(a,Fra_YYY);
- BIG_XXX_rcopy(b,Frb_YYY);
- FP2_YYY_from_BIGs(&f,a,b);
-
- BIG_XXX_rcopy(q,Modulus_YYY);
-
- FP24_YYY_copy(&g1,x);
- FP24_YYY_copy(&g2,x);
-
- BIG_XXX_copy(m,q);
- BIG_XXX_mod(m,r);
-
- BIG_XXX_copy(a,e);
- BIG_XXX_mod(a,m);
-
- BIG_XXX_copy(b,e);
- BIG_XXX_sdiv(b,m);
-
- FP24_YYY_trace(c,&g1);
-
- if (BIG_XXX_iszilch(b))
- {
- FP8_YYY_xtr_pow(c,c,e);
- return;
- }
-
- FP24_YYY_frob(&g2,&f,1);
- FP24_YYY_trace(&cp,&g2);
- FP24_YYY_conj(&g1,&g1);
- FP24_YYY_mul(&g2,&g1);
- FP24_YYY_trace(&cpm1,&g2);
- FP24_YYY_mul(&g2,&g1);
-
- FP24_YYY_trace(&cpm2,&g2);
-
- FP8_YYY_xtr_pow2(c,&cp,c,&cpm1,&cpm2,a,b);
-
-}
-
-/* Note this is simple square and multiply, so not side-channel safe */
-
-void FP24_YYY_pow(FP24_YYY *r,FP24_YYY *a,BIG_XXX b)
-{
- FP24_YYY w,sf;
- BIG_XXX b1,b3;
- int i,nb,bt;
- BIG_XXX_copy(b1,b);
- BIG_XXX_norm(b1);
- BIG_XXX_pmul(b3,b1,3);
- BIG_XXX_norm(b3);
-
- FP24_YYY_copy(&sf,a);
- FP24_YYY_norm(&sf);
- FP24_YYY_copy(&w,&sf);
-
-
- nb=BIG_XXX_nbits(b3);
- for (i=nb-2;i>=1;i--)
- {
- FP24_YYY_usqr(&w,&w);
- bt=BIG_XXX_bit(b3,i)-BIG_XXX_bit(b1,i);
- if (bt==1)
- FP24_YYY_mul(&w,&sf);
- if (bt==-1)
- {
- FP24_YYY_conj(&sf,&sf);
- FP24_YYY_mul(&w,&sf);
- FP24_YYY_conj(&sf,&sf);
- }
- }
-
- FP24_YYY_copy(r,&w);
- FP24_YYY_reduce(r);
-}
-
-
-/* SU= 528 */
-/* set r=a^b */
-/* Note this is simple square and multiply, so not side-channel safe
-
-void FP24_ppow(FP24 *r,FP24 *a,BIG_XXX b)
-{
- FP24 w;
- BIG_XXX z,zilch;
- int bt;
- BIG_XXX_zero(zilch);
- BIG_XXX_norm(b);
- BIG_XXX_copy(z,b);
- FP24_copy(&w,a);
- FP24_one(r);
-
- while(1)
- {
- bt=BIG_XXX_parity(z);
- BIG_XXX_shr(z,1);
- if (bt)
- {
- //printf("In mul\n");
- FP24_mul(r,&w);
- //printf("Out of mul\n");
- }
- if (BIG_XXX_comp(z,zilch)==0) break;
- //printf("In sqr\n");
- FP24_sqr(&w,&w);
- //printf("Out of sqr\n");
- }
-
- FP24_reduce(r);
-} */
-
-
-/* p=q0^u0.q1^u1.q2^u2.q3^u3... */
-/* Side channel attack secure */
-// Bos & Costello https://eprint.iacr.org/2013/458.pdf
-// Faz-Hernandez & Longa & Sanchez https://eprint.iacr.org/2013/158.pdf
-
-void FP24_YYY_pow8(FP24_YYY *p,FP24_YYY *q,BIG_XXX u[8])
-{
- int i,j,k,nb,pb1,pb2,bt;
- FP24_YYY g1[8],g2[8],r;
- BIG_XXX t[8],mt;
- sign8 w1[NLEN_XXX*BASEBITS_XXX+1];
- sign8 s1[NLEN_XXX*BASEBITS_XXX+1];
- sign8 w2[NLEN_XXX*BASEBITS_XXX+1];
- sign8 s2[NLEN_XXX*BASEBITS_XXX+1];
- FP_YYY fx,fy;
- FP2_YYY X;
-
- FP_YYY_rcopy(&fx,Fra_YYY);
- FP_YYY_rcopy(&fy,Frb_YYY);
- FP2_YYY_from_FPs(&X,&fx,&fy);
-
- for (i=0; i<8; i++)
- BIG_XXX_copy(t[i],u[i]);
-
-// Precomputed table
- FP24_YYY_copy(&g1[0],&q[0]); // q[0]
- FP24_YYY_copy(&g1[1],&g1[0]);
- FP24_YYY_mul(&g1[1],&q[1]); // q[0].q[1]
- FP24_YYY_copy(&g1[2],&g1[0]);
- FP24_YYY_mul(&g1[2],&q[2]); // q[0].q[2]
- FP24_YYY_copy(&g1[3],&g1[1]);
- FP24_YYY_mul(&g1[3],&q[2]); // q[0].q[1].q[2]
- FP24_YYY_copy(&g1[4],&g1[0]);
- FP24_YYY_mul(&g1[4],&q[3]); // q[0].q[3]
- FP24_YYY_copy(&g1[5],&g1[1]);
- FP24_YYY_mul(&g1[5],&q[3]); // q[0].q[1].q[3]
- FP24_YYY_copy(&g1[6],&g1[2]);
- FP24_YYY_mul(&g1[6],&q[3]); // q[0].q[2].q[3]
- FP24_YYY_copy(&g1[7],&g1[3]);
- FP24_YYY_mul(&g1[7],&q[3]); // q[0].q[1].q[2].q[3]
-
-// Use Frobenius
-
- for (i=0;i<8;i++)
- {
- FP24_YYY_copy(&g2[i],&g1[i]);
- FP24_YYY_frob(&g2[i],&X,4);
- }
-
-// Make it odd
- pb1=1-BIG_XXX_parity(t[0]);
- BIG_XXX_inc(t[0],pb1);
- BIG_XXX_norm(t[0]);
-
- pb2=1-BIG_XXX_parity(t[4]);
- BIG_XXX_inc(t[4],pb2);
- BIG_XXX_norm(t[4]);
-
-// Number of bits
- BIG_XXX_zero(mt);
- for (i=0; i<8; i++)
- {
- BIG_XXX_or(mt,mt,t[i]);
- }
- nb=1+BIG_XXX_nbits(mt);
-
-// Sign pivot
- s1[nb-1]=1;
- s2[nb-1]=1;
- for (i=0;i<nb-1;i++)
- {
- BIG_XXX_fshr(t[0],1);
- s1[i]=2*BIG_XXX_parity(t[0])-1;
- BIG_XXX_fshr(t[4],1);
- s2[i]=2*BIG_XXX_parity(t[4])-1;
- }
-
-// Recoded exponents
- for (i=0; i<nb; i++)
- {
- w1[i]=0;
- k=1;
- for (j=1; j<4; j++)
- {
- bt=s1[i]*BIG_XXX_parity(t[j]);
- BIG_XXX_fshr(t[j],1);
-
- BIG_XXX_dec(t[j],(bt>>1));
- BIG_XXX_norm(t[j]);
- w1[i]+=bt*k;
- k*=2;
- }
-
- w2[i]=0;
- k=1;
- for (j=5; j<8; j++)
- {
- bt=s2[i]*BIG_XXX_parity(t[j]);
- BIG_XXX_fshr(t[j],1);
-
- BIG_XXX_dec(t[j],(bt>>1));
- BIG_XXX_norm(t[j]);
- w2[i]+=bt*k;
- k*=2;
- }
- }
-
-// Main loop
- FP24_YYY_select(p,g1,2*w1[nb-1]+1);
- FP24_YYY_select(&r,g2,2*w2[nb-1]+1);
- FP24_YYY_mul(p,&r);
- for (i=nb-2; i>=0; i--)
- {
- FP24_YYY_usqr(p,p);
- FP24_YYY_select(&r,g1,2*w1[i]+s1[i]);
- FP24_YYY_mul(p,&r);
- FP24_YYY_select(&r,g2,2*w2[i]+s2[i]);
- FP24_YYY_mul(p,&r);
- }
-
-// apply correction
- FP24_YYY_conj(&r,&q[0]);
- FP24_YYY_mul(&r,p);
- FP24_YYY_cmove(p,&r,pb1);
- FP24_YYY_conj(&r,&q[4]);
- FP24_YYY_mul(&r,p);
- FP24_YYY_cmove(p,&r,pb2);
-
- FP24_YYY_reduce(p);
-}
-
-/*
-void FP24_YYY_pow8(FP24_YYY *p,FP24_YYY *q,BIG_XXX u[8])
-{
- int i,j,a[4],nb,m;
- FP24_YYY g[8],f[8],c,s[2];
- BIG_XXX t[8],mt;
- sign8 w[NLEN_XXX*BASEBITS_XXX+1];
- sign8 z[NLEN_XXX*BASEBITS_XXX+1];
- FP fx,fy;
- FP2 X;
-
- FP_rcopy(&fx,Fra_YYY);
- FP_rcopy(&fy,Frb_YYY);
- FP2_from_FPs(&X,&fx,&fy);
-
- for (i=0; i<8; i++)
- BIG_XXX_copy(t[i],u[i]);
-
- FP24_YYY_copy(&g[0],&q[0]);
- FP24_YYY_conj(&s[0],&q[1]);
- FP24_YYY_mul(&g[0],&s[0]); // P/Q
- FP24_YYY_copy(&g[1],&g[0]);
- FP24_YYY_copy(&g[2],&g[0]);
- FP24_YYY_copy(&g[3],&g[0]);
- FP24_YYY_copy(&g[4],&q[0]);
- FP24_YYY_mul(&g[4],&q[1]); // P*Q
- FP24_YYY_copy(&g[5],&g[4]);
- FP24_YYY_copy(&g[6],&g[4]);
- FP24_YYY_copy(&g[7],&g[4]);
-
- FP24_YYY_copy(&s[1],&q[2]);
- FP24_YYY_conj(&s[0],&q[3]);
- FP24_YYY_mul(&s[1],&s[0]); // R/S
- FP24_YYY_conj(&s[0],&s[1]);
- FP24_YYY_mul(&g[1],&s[0]);
- FP24_YYY_mul(&g[2],&s[1]);
- FP24_YYY_mul(&g[5],&s[0]);
- FP24_YYY_mul(&g[6],&s[1]);
- FP24_YYY_copy(&s[1],&q[2]);
- FP24_YYY_mul(&s[1],&q[3]); // R*S
- FP24_YYY_conj(&s[0],&s[1]);
- FP24_YYY_mul(&g[0],&s[0]);
- FP24_YYY_mul(&g[3],&s[1]);
- FP24_YYY_mul(&g[4],&s[0]);
- FP24_YYY_mul(&g[7],&s[1]);
-
-// Use Frobenius
-
- for (i=0;i<8;i++)
- {
- FP24_YYY_copy(&f[i],&g[i]);
- FP24_YYY_frob(&f[i],&X,4);
- }
-
-
- // if power is even add 1 to power, and add q to correction
- FP24_YYY_one(&c);
-
- BIG_XXX_zero(mt);
- for (i=0; i<8; i++)
- {
- if (BIG_XXX_parity(t[i])==0)
- {
- BIG_XXX_inc(t[i],1);
- BIG_XXX_norm(t[i]);
- FP24_YYY_mul(&c,&q[i]);
- }
- BIG_XXX_add(mt,mt,t[i]);
- BIG_XXX_norm(mt);
- }
-
- FP24_YYY_conj(&c,&c);
- nb=1+BIG_XXX_nbits(mt);
-
- // convert exponents to signed 1-bit windows
- for (j=0; j<nb; j++)
- {
- for (i=0; i<4; i++)
- {
- a[i]=BIG_XXX_lastbits(t[i],2)-2;
- BIG_XXX_dec(t[i],a[i]);
- BIG_XXX_norm(t[i]);
- BIG_XXX_fshr(t[i],1);
- }
- w[j]=8*a[0]+4*a[1]+2*a[2]+a[3];
- }
- w[nb]=8*BIG_XXX_lastbits(t[0],2)+4*BIG_XXX_lastbits(t[1],2)+2*BIG_XXX_lastbits(t[2],2)+BIG_XXX_lastbits(t[3],2);
-
-
- for (j=0; j<nb; j++)
- {
- for (i=0; i<4; i++)
- {
- a[i]=BIG_XXX_lastbits(t[i+4],2)-2;
- BIG_XXX_dec(t[i+4],a[i]);
- BIG_XXX_norm(t[i+4]);
- BIG_XXX_fshr(t[i+4],1);
- }
- z[j]=8*a[0]+4*a[1]+2*a[2]+a[3];
- }
- z[nb]=8*BIG_XXX_lastbits(t[4],2)+4*BIG_XXX_lastbits(t[5],2)+2*BIG_XXX_lastbits(t[6],2)+BIG_XXX_lastbits(t[7],2);
-
-
- FP24_YYY_copy(p,&g[(w[nb]-1)/2]);
- FP24_YYY_mul(p,&f[(z[nb]-1)/2]);
- for (i=nb-1; i>=0; i--)
- {
- FP24_YYY_usqr(p,p);
-
- m=w[i]>>7;
- j=(w[i]^m)-m; // j=abs(w[i])
- j=(j-1)/2;
- FP24_YYY_copy(&s[0],&g[j]);
- FP24_YYY_conj(&s[1],&g[j]);
- FP24_YYY_mul(p,&s[m&1]);
-
- m=z[i]>>7;
- j=(z[i]^m)-m; // j=abs(w[i])
- j=(j-1)/2;
- FP24_YYY_copy(&s[0],&f[j]);
- FP24_YYY_conj(&s[1],&f[j]);
- FP24_YYY_mul(p,&s[m&1]);
-
- }
- FP24_YYY_mul(p,&c); // apply correction
- FP24_YYY_reduce(p);
-}
-*/
-
-/* Set w=w^p using Frobenius */
-/* SU= 160 */
-void FP24_YYY_frob(FP24_YYY *w,FP2_YYY *f,int n)
-{
- int i;
- FP4_YYY X2,X4;
- FP2_YYY f3,f2; // f=(1+i)^(p-7)/12
- FP2_YYY_sqr(&f2,f); //
- FP2_YYY_mul(&f3,&f2,f); // f3=f^3=(1+i)^(p-7)/4
-
- FP2_YYY_mul_ip(&f3); // f3 = (1+i).f3 = (1+i)^(p-3)/4
- FP2_YYY_norm(&f3);
-
- for (i=0;i<n;i++)
- {
- FP8_YYY_frob(&(w->a),&f3); // a=a^p
- FP8_YYY_frob(&(w->b),&f3); // b=b^p
- FP8_YYY_frob(&(w->c),&f3); // c=c^p
-
- FP8_YYY_qmul(&(w->b),&(w->b),f); FP8_YYY_times_i2(&(w->b));
- FP8_YYY_qmul(&(w->c),&(w->c),&f2); FP8_YYY_times_i2(&(w->c)); FP8_YYY_times_i2(&(w->c));
- }
-}
-
-
-/* SU= 8 */
-/* normalise all components of w */
-void FP24_YYY_norm(FP24_YYY *w)
-{
- FP8_YYY_norm(&(w->a));
- FP8_YYY_norm(&(w->b));
- FP8_YYY_norm(&(w->c));
-}
-
-/* SU= 8 */
-/* reduce all components of w */
-void FP24_YYY_reduce(FP24_YYY *w)
-{
- FP8_YYY_reduce(&(w->a));
- FP8_YYY_reduce(&(w->b));
- FP8_YYY_reduce(&(w->c));
-}
-
-/* trace function w=trace(x) */
-/* SU= 8 */
-void FP24_YYY_trace(FP8_YYY *w,FP24_YYY *x)
-{
- FP8_YYY_imul(w,&(x->a),3);
- FP8_YYY_reduce(w);
-}
-
-/* SU= 8 */
-/* Output w in hex */
-void FP24_YYY_output(FP24_YYY *w)
-{
- printf("[");
- FP8_YYY_output(&(w->a));
- printf(",");
- FP8_YYY_output(&(w->b));
- printf(",");
- FP8_YYY_output(&(w->c));
- printf("]");
-}
-
-/* SU= 64 */
-/* Convert g to octet string w */
-void FP24_YYY_toOctet(octet *W,FP24_YYY *g)
-{
- BIG_XXX a;
- W->len=24*MODBYTES_XXX;
-
- FP_YYY_redc(a,&(g->a.a.a.a));
- BIG_XXX_toBytes(&(W->val[0]),a);
- FP_YYY_redc(a,&(g->a.a.a.b));
- BIG_XXX_toBytes(&(W->val[MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->a.a.b.a));
- BIG_XXX_toBytes(&(W->val[2*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->a.a.b.b));
- BIG_XXX_toBytes(&(W->val[3*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->a.b.a.a));
- BIG_XXX_toBytes(&(W->val[4*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->a.b.a.b));
- BIG_XXX_toBytes(&(W->val[5*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->a.b.b.a));
- BIG_XXX_toBytes(&(W->val[6*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->a.b.b.b));
- BIG_XXX_toBytes(&(W->val[7*MODBYTES_XXX]),a);
-
- FP_YYY_redc(a,&(g->b.a.a.a));
- BIG_XXX_toBytes(&(W->val[8*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->b.a.a.b));
- BIG_XXX_toBytes(&(W->val[9*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->b.a.b.a));
- BIG_XXX_toBytes(&(W->val[10*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->b.a.b.b));
- BIG_XXX_toBytes(&(W->val[11*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->b.b.a.a));
- BIG_XXX_toBytes(&(W->val[12*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->b.b.a.b));
- BIG_XXX_toBytes(&(W->val[13*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->b.b.b.a));
- BIG_XXX_toBytes(&(W->val[14*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->b.b.b.b));
- BIG_XXX_toBytes(&(W->val[15*MODBYTES_XXX]),a);
-
- FP_YYY_redc(a,&(g->c.a.a.a));
- BIG_XXX_toBytes(&(W->val[16*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->c.a.a.b));
- BIG_XXX_toBytes(&(W->val[17*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->c.a.b.a));
- BIG_XXX_toBytes(&(W->val[18*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->c.a.b.b));
- BIG_XXX_toBytes(&(W->val[19*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->c.b.a.a));
- BIG_XXX_toBytes(&(W->val[20*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->c.b.a.b));
- BIG_XXX_toBytes(&(W->val[21*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->c.b.b.a));
- BIG_XXX_toBytes(&(W->val[22*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->c.b.b.b));
- BIG_XXX_toBytes(&(W->val[23*MODBYTES_XXX]),a);
-}
-
-/* SU= 24 */
-/* Restore g from octet string w */
-void FP24_YYY_fromOctet(FP24_YYY *g,octet *W)
-{
- BIG_XXX b;
-
- BIG_XXX_fromBytes(b,&W->val[0]);
- FP_YYY_nres(&(g->a.a.a.a),b);
- BIG_XXX_fromBytes(b,&W->val[MODBYTES_XXX]);
- FP_YYY_nres(&(g->a.a.a.b),b);
- BIG_XXX_fromBytes(b,&W->val[2*MODBYTES_XXX]);
- FP_YYY_nres(&(g->a.a.b.a),b);
- BIG_XXX_fromBytes(b,&W->val[3*MODBYTES_XXX]);
- FP_YYY_nres(&(g->a.a.b.b),b);
- BIG_XXX_fromBytes(b,&W->val[4*MODBYTES_XXX]);
- FP_YYY_nres(&(g->a.b.a.a),b);
- BIG_XXX_fromBytes(b,&W->val[5*MODBYTES_XXX]);
- FP_YYY_nres(&(g->a.b.a.b),b);
- BIG_XXX_fromBytes(b,&W->val[6*MODBYTES_XXX]);
- FP_YYY_nres(&(g->a.b.b.a),b);
- BIG_XXX_fromBytes(b,&W->val[7*MODBYTES_XXX]);
- FP_YYY_nres(&(g->a.b.b.b),b);
-
- BIG_XXX_fromBytes(b,&W->val[8*MODBYTES_XXX]);
- FP_YYY_nres(&(g->b.a.a.a),b);
- BIG_XXX_fromBytes(b,&W->val[9*MODBYTES_XXX]);
- FP_YYY_nres(&(g->b.a.a.b),b);
- BIG_XXX_fromBytes(b,&W->val[10*MODBYTES_XXX]);
- FP_YYY_nres(&(g->b.a.b.a),b);
- BIG_XXX_fromBytes(b,&W->val[11*MODBYTES_XXX]);
- FP_YYY_nres(&(g->b.a.b.b),b);
- BIG_XXX_fromBytes(b,&W->val[12*MODBYTES_XXX]);
- FP_YYY_nres(&(g->b.b.a.a),b);
- BIG_XXX_fromBytes(b,&W->val[13*MODBYTES_XXX]);
- FP_YYY_nres(&(g->b.b.a.b),b);
- BIG_XXX_fromBytes(b,&W->val[14*MODBYTES_XXX]);
- FP_YYY_nres(&(g->b.b.b.a),b);
- BIG_XXX_fromBytes(b,&W->val[15*MODBYTES_XXX]);
- FP_YYY_nres(&(g->b.b.b.b),b);
-
- BIG_XXX_fromBytes(b,&W->val[16*MODBYTES_XXX]);
- FP_YYY_nres(&(g->c.a.a.a),b);
- BIG_XXX_fromBytes(b,&W->val[17*MODBYTES_XXX]);
- FP_YYY_nres(&(g->c.a.a.b),b);
- BIG_XXX_fromBytes(b,&W->val[18*MODBYTES_XXX]);
- FP_YYY_nres(&(g->c.a.b.a),b);
- BIG_XXX_fromBytes(b,&W->val[19*MODBYTES_XXX]);
- FP_YYY_nres(&(g->c.a.b.b),b);
- BIG_XXX_fromBytes(b,&W->val[20*MODBYTES_XXX]);
- FP_YYY_nres(&(g->c.b.a.a),b);
- BIG_XXX_fromBytes(b,&W->val[21*MODBYTES_XXX]);
- FP_YYY_nres(&(g->c.b.a.b),b);
- BIG_XXX_fromBytes(b,&W->val[22*MODBYTES_XXX]);
- FP_YYY_nres(&(g->c.b.b.a),b);
- BIG_XXX_fromBytes(b,&W->val[23*MODBYTES_XXX]);
- FP_YYY_nres(&(g->c.b.b.b),b);
-}
-
-/* Move b to a if d=1 */
-void FP24_YYY_cmove(FP24_YYY *f,FP24_YYY *g,int d)
-{
- FP8_YYY_cmove(&(f->a),&(g->a),d);
- FP8_YYY_cmove(&(f->b),&(g->b),d);
- FP8_YYY_cmove(&(f->c),&(g->c),d);
-}
-
-/*
-using namespace YYY;
-
-int main() {
- int i;
- FP2 f,w0,w1,X;
- FP4 f0,f1;
- FP8 t0,t1,t2;
- FP24 w,t,lv;
- BIG a,b;
- BIG p;
-
-
- char raw[100];
- csprng RNG; // Crypto Strong RNG
-
- for (i=0; i<100; i++) raw[i]=i;
-
- BIG_rcopy(a,Fra_YYY);
- BIG_rcopy(b,Frb_YYY);
- FP2_from_BIGs(&X,a,b);
-
-
-
- RAND_seed(&RNG,100,raw); // initialise strong RNG
-
- BIG_rcopy(p,Modulus);
-
- BIG_randomnum(a,p,&RNG);
- BIG_randomnum(b,p,&RNG);
- FP2_from_BIGs(&w0,a,b);
-
- BIG_randomnum(a,p,&RNG);
- BIG_randomnum(b,p,&RNG);
- FP2_from_BIGs(&w1,a,b);
-
- FP4_from_FP2s(&f0,&w0,&w1);
-
- BIG_randomnum(a,p,&RNG);
- BIG_randomnum(b,p,&RNG);
- FP2_from_BIGs(&w0,a,b);
-
- BIG_randomnum(a,p,&RNG);
- BIG_randomnum(b,p,&RNG);
- FP2_from_BIGs(&w1,a,b);
-
- FP4_from_FP2s(&f1,&w0,&w1);
- FP8_from_FP4s(&t0,&f0,&f1);
-
- BIG_randomnum(a,p,&RNG);
- BIG_randomnum(b,p,&RNG);
- FP2_from_BIGs(&w0,a,b);
-
- BIG_randomnum(a,p,&RNG);
- BIG_randomnum(b,p,&RNG);
- FP2_from_BIGs(&w1,a,b);
-
- FP4_from_FP2s(&f0,&w0,&w1);
-
- BIG_randomnum(a,p,&RNG);
- BIG_randomnum(b,p,&RNG);
- FP2_from_BIGs(&w0,a,b);
-
- BIG_randomnum(a,p,&RNG);
- BIG_randomnum(b,p,&RNG);
- FP2_from_BIGs(&w1,a,b);
-
- FP4_from_FP2s(&f1,&w0,&w1);
- FP8_from_FP4s(&t1,&f0,&f1);
-
- BIG_randomnum(a,p,&RNG);
- BIG_randomnum(b,p,&RNG);
- FP2_from_BIGs(&w0,a,b);
-
- BIG_randomnum(a,p,&RNG);
- BIG_randomnum(b,p,&RNG);
- FP2_from_BIGs(&w1,a,b);
-
- FP4_from_FP2s(&f0,&w0,&w1);
-
- BIG_randomnum(a,p,&RNG);
- BIG_randomnum(b,p,&RNG);
- FP2_from_BIGs(&w0,a,b);
-
- BIG_randomnum(a,p,&RNG);
- BIG_randomnum(b,p,&RNG);
- FP2_from_BIGs(&w1,a,b);
-
- FP4_from_FP2s(&f1,&w0,&w1);
- FP8_from_FP4s(&t2,&f0,&f1);
-
- FP24_from_FP8s(&w,&t0,&t1,&t2);
-
-
- FP24_copy(&t,&w);
-
- printf("w= ");
- FP24_output(&w);
- printf("\n");
-
- FP24_norm(&w);
-
- printf("w^p= ");
- FP24_frob(&w,&X);
- FP24_output(&w);
- printf("\n");
-
-// printf("p.w= ");
-// FP24_ppow(&t,&t,p);
-// FP24_output(&t);
-// printf("\n");
-
- printf("1/w= ");
- FP24_inv(&t,&w);
- FP24_output(&t);
- printf("\n");
-
- printf("w= ");
- FP24_inv(&w,&t);
- FP24_output(&w);
- printf("\n");
-
- return 0;
-}
-
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/fp24.h
----------------------------------------------------------------------
diff --git a/version3/c/fp24.h b/version3/c/fp24.h
deleted file mode 100644
index 13ff25c..0000000
--- a/version3/c/fp24.h
+++ /dev/null
@@ -1,196 +0,0 @@
-#ifndef FP24_YYY_H
-#define FP24_YYY_H
-
-#include "fp8_YYY.h"
-
-/**
- @brief FP12 Structure - towered over three FP8
-*/
-
-typedef struct
-{
- FP8_YYY a; /**< first part of FP12 */
- FP8_YYY b; /**< second part of FP12 */
- FP8_YYY c; /**< third part of FP12 */
-} FP24_YYY;
-
-extern const BIG_XXX Fra_YYY; /**< real part of BN curve Frobenius Constant */
-extern const BIG_XXX Frb_YYY; /**< imaginary part of BN curve Frobenius Constant */
-
-/* FP24 prototypes */
-/** @brief Tests for FP24 equal to zero
- *
- @param x FP24 number to be tested
- @return 1 if zero, else returns 0
- */
-extern int FP24_YYY_iszilch(FP24_YYY *x);
-/** @brief Tests for FP24 equal to unity
- *
- @param x FP24 number to be tested
- @return 1 if unity, else returns 0
- */
-extern int FP24_YYY_isunity(FP24_YYY *x);
-/** @brief Copy FP24 to another FP24
- *
- @param x FP24 instance, on exit = y
- @param y FP24 instance to be copied
- */
-extern void FP24_YYY_copy(FP24_YYY *x,FP24_YYY *y);
-/** @brief Set FP24 to unity
- *
- @param x FP24 instance to be set to one
- */
-extern void FP24_YYY_one(FP24_YYY *x);
-/** @brief Tests for equality of two FP24s
- *
- @param x FP24 instance to be compared
- @param y FP24 instance to be compared
- @return 1 if x=y, else returns 0
- */
-extern int FP24_YYY_equals(FP24_YYY *x,FP24_YYY *y);
-/** @brief Conjugation of FP24
- *
- If y=(a,b,c) (where a,b,c are its three FP8 components) on exit x=(conj(a),-conj(b),conj(c))
- @param x FP24 instance, on exit = conj(y)
- @param y FP24 instance
- */
-extern void FP24_YYY_conj(FP24_YYY *x,FP24_YYY *y);
-/** @brief Initialise FP24 from single FP8
- *
- Sets first FP8 component of an FP24, other components set to zero
- @param x FP24 instance to be initialised
- @param a FP8 to form first part of FP8
- */
-extern void FP24_YYY_from_FP8(FP24_YYY *x,FP8_YYY *a);
-/** @brief Initialise FP24 from three FP8s
- *
- @param x FP24 instance to be initialised
- @param a FP8 to form first part of FP24
- @param b FP8 to form second part of FP24
- @param c FP8 to form third part of FP24
- */
-extern void FP24_YYY_from_FP8s(FP24_YYY *x,FP8_YYY *a,FP8_YYY* b,FP8_YYY *c);
-/** @brief Fast Squaring of an FP24 in "unitary" form
- *
- @param x FP24 instance, on exit = y^2
- @param y FP8 instance, must be unitary
- */
-extern void FP24_YYY_usqr(FP24_YYY *x,FP24_YYY *y);
-/** @brief Squaring an FP24
- *
- @param x FP24 instance, on exit = y^2
- @param y FP24 instance
- */
-extern void FP24_YYY_sqr(FP24_YYY *x,FP24_YYY *y);
-/** @brief Fast multiplication of an FP24 by an FP24 that arises from an ATE pairing line function
- *
- Here the multiplier has a special form that can be exploited
- @param x FP24 instance, on exit = x*y
- @param y FP24 instance, of special form
- @param t D_TYPE or M_TYPE twist
- */
-extern void FP24_YYY_smul(FP24_YYY *x,FP24_YYY *y,int t);
-/** @brief Multiplication of two FP24s
- *
- @param x FP24 instance, on exit = x*y
- @param y FP24 instance, the multiplier
- */
-extern void FP24_YYY_mul(FP24_YYY *x,FP24_YYY *y);
-/** @brief Inverting an FP24
- *
- @param x FP24 instance, on exit = 1/y
- @param y FP24 instance
- */
-extern void FP24_YYY_inv(FP24_YYY *x,FP24_YYY *y);
-/** @brief Raises an FP24 to the power of a BIG
- *
- @param r FP24 instance, on exit = y^b
- @param x FP24 instance
- @param b BIG number
- */
-extern void FP24_YYY_pow(FP24_YYY *r,FP24_YYY *x,BIG_XXX b);
-
-//extern void FP24_ppow(FP24 *r,FP24 *x,BIG b);
-
-/** @brief Raises an FP24 instance x to a small integer power, side-channel resistant
- *
- @param x FP24 instance, on exit = x^i
- @param i small integer exponent
- @param b maximum number of bits in exponent
- */
-extern void FP24_YYY_pinpow(FP24_YYY *x,int i,int b);
-
-/** @brief Raises an FP24 instance x to a BIG power, compressed to FP8
- *
- @param c FP8 instance, on exit = x^(e mod r) as FP8
- @param x FP24 input
- @param e BIG exponent
- @param r BIG group order
- */
-extern void FP24_YYY_compow(FP8_YYY *c,FP24_YYY *x,BIG_XXX e,BIG_XXX r);
-
-/** @brief Calculate Pi x[i]^b[i] for i=0 to 7, side-channel resistant
- *
- @param r FP24 instance, on exit = Pi x[i]^b[i] for i=0 to 7
- @param x FP24 array with 4 FP24s
- @param b BIG array of 4 exponents
- */
-extern void FP24_YYY_pow8(FP24_YYY *r,FP24_YYY *x,BIG_XXX *b);
-
-
-/** @brief Raises an FP24 to the power of the internal modulus p, using the Frobenius
- *
- @param x FP24 instance, on exit = x^p^n
- @param f FP2 precalculated Frobenius constant
- @param n power of p
- */
-extern void FP24_YYY_frob(FP24_YYY *x,FP2_YYY *f,int n);
-
-/** @brief Reduces all components of possibly unreduced FP24 mod Modulus
- *
- @param x FP24 instance, on exit reduced mod Modulus
- */
-extern void FP24_YYY_reduce(FP24_YYY *x);
-/** @brief Normalises the components of an FP24
- *
- @param x FP24 instance to be normalised
- */
-extern void FP24_YYY_norm(FP24_YYY *x);
-/** @brief Formats and outputs an FP24 to the console
- *
- @param x FP24 instance to be printed
- */
-extern void FP24_YYY_output(FP24_YYY *x);
-/** @brief Formats and outputs an FP24 instance to an octet string
- *
- Serializes the components of an FP24 to big-endian base 256 form.
- @param S output octet string
- @param x FP24 instance to be converted to an octet string
- */
-extern void FP24_YYY_toOctet(octet *S,FP24_YYY *x);
-/** @brief Creates an FP24 instance from an octet string
- *
- De-serializes the components of an FP24 to create an FP24 from big-endian base 256 components.
- @param x FP24 instance to be created from an octet string
- @param S input octet string
-
- */
-extern void FP24_YYY_fromOctet(FP24_YYY *x,octet *S);
-/** @brief Calculate the trace of an FP24
- *
- @param t FP8 trace of x, on exit = tr(x)
- @param x FP24 instance
-
- */
-extern void FP24_YYY_trace(FP8_YYY *t,FP24_YYY *x);
-
-/** @brief Conditional copy of FP24_YYY number
- *
- Conditionally copies second parameter to the first (without branching)
- @param x FP24_YYY instance, set to y if s!=0
- @param y another FP24_YYY instance
- @param s copy only takes place if not equal to 0
- */
-extern void FP24_YYY_cmove(FP24_YYY *x,FP24_YYY *y,int s);
-
-#endif
[03/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/cpp/ecdh_support.cpp
----------------------------------------------------------------------
diff --git a/version3/cpp/ecdh_support.cpp b/version3/cpp/ecdh_support.cpp
deleted file mode 100644
index 63435ec..0000000
--- a/version3/cpp/ecdh_support.cpp
+++ /dev/null
@@ -1,351 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Symmetric crypto support functions Functions */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <time.h>
-
-#include "ecdh_support.h"
-
-using namespace amcl;
-
-#define ROUNDUP(a,b) ((a)-1)/(b)+1
-
-/* general purpose hash function w=hash(p|n|x|y) */
-/* pad or truncate ouput to length pad if pad!=0 */
-void amcl::ehashit(int sha,octet *p,int n,octet *x,octet *w,int pad)
-{
- int i,c[4],hlen;
- hash256 sha256;
- hash512 sha512;
- char hh[64];
-
- switch (sha)
- {
- case SHA256:
- HASH256_init(&sha256);
- break;
- case SHA384:
- HASH384_init(&sha512);
- break;
- case SHA512:
- HASH512_init(&sha512);
- break;
- }
-
- hlen=sha;
-
- for (i=0; i<p->len; i++)
- {
- switch(sha)
- {
- case SHA256:
- HASH256_process(&sha256,p->val[i]);
- break;
- case SHA384:
- HASH384_process(&sha512,p->val[i]);
- break;
- case SHA512:
- HASH512_process(&sha512,p->val[i]);
- break;
- }
- }
- if (n>0)
- {
- c[0]=(n>>24)&0xff;
- c[1]=(n>>16)&0xff;
- c[2]=(n>>8)&0xff;
- c[3]=(n)&0xff;
- for (i=0; i<4; i++)
- {
- switch(sha)
- {
- case SHA256:
- HASH256_process(&sha256,c[i]);
- break;
- case SHA384:
- HASH384_process(&sha512,c[i]);
- break;
- case SHA512:
- HASH512_process(&sha512,c[i]);
- break;
- }
- }
- }
- if (x!=NULL) for (i=0; i<x->len; i++)
- {
- switch(sha)
- {
- case SHA256:
- HASH256_process(&sha256,x->val[i]);
- break;
- case SHA384:
- HASH384_process(&sha512,x->val[i]);
- break;
- case SHA512:
- HASH512_process(&sha512,x->val[i]);
- break;
- }
- }
-
- switch (sha)
- {
- case SHA256:
- HASH256_hash(&sha256,hh);
- break;
- case SHA384:
- HASH384_hash(&sha512,hh);
- break;
- case SHA512:
- HASH512_hash(&sha512,hh);
- break;
- }
-
- OCT_empty(w);
- if (!pad)
- OCT_jbytes(w,hh,hlen);
- else
- {
- if (pad<=hlen)
- OCT_jbytes(w,hh,pad);
- else
- {
- OCT_jbyte(w,0,pad-hlen);
- OCT_jbytes(w,hh,hlen);
- }
- }
- return;
-}
-
-/* Hash octet p to octet w */
-void amcl::HASH(int sha,octet *p,octet *w)
-{
- ehashit(sha,p,-1,NULL,w,0);
-}
-
-/* Calculate HMAC of m using key k. HMAC is tag of length olen */
-int amcl::HMAC(int sha,octet *m,octet *k,int olen,octet *tag)
-{
- /* Input is from an octet m *
- * olen is requested output length in bytes. k is the key *
- * The output is the calculated tag */
- int hlen,b;
- char h[128],k0[128];
- octet H= {0,sizeof(h),h};
- octet K0= {0,sizeof(k0),k0};
-
- hlen=sha;
- if (hlen>32) b=128;
- else b=64;
-
- if (olen<4 /*|| olen>hlen*/) return 0;
-
- if (k->len > b) ehashit(sha,k,-1,NULL,&K0,0);
- else OCT_copy(&K0,k);
-
- OCT_jbyte(&K0,0,b-K0.len);
-
- OCT_xorbyte(&K0,0x36);
-
- ehashit(sha,&K0,-1,m,&H,0);
-
- OCT_xorbyte(&K0,0x6a); /* 0x6a = 0x36 ^ 0x5c */
- ehashit(sha,&K0,-1,&H,&H,olen);
-
- OCT_empty(tag);
-
- OCT_jbytes(tag,H.val,olen);
-
- return 1;
-}
-
-/* Key Derivation Functions */
-/* Input octet z */
-/* Output key of length olen */
-/*
-void KDF1(octet *z,int olen,octet *key)
-{
- char h[32];
- octet H={0,sizeof(h),h};
- int counter,cthreshold;
- int hlen=32;
-
- OCT_empty(key);
-
- cthreshold=ROUNDUP(olen,hlen);
-
- for (counter=0;counter<cthreshold;counter++)
- {
- ehashit(z,counter,NULL,NULL,&H);
- if (key->len+hlen>olen) OCT_jbytes(key,H.val,olen%hlen);
- else OCT_joctet(key,&H);
- }
-}
-*/
-void amcl::KDF2(int sha,octet *z,octet *p,int olen,octet *key)
-{
- /* NOTE: the parameter olen is the length of the output k in bytes */
- char h[64];
- octet H= {0,sizeof(h),h};
- int counter,cthreshold;
- int hlen=sha;
-
- OCT_empty(key);
-
- cthreshold=ROUNDUP(olen,hlen);
-
- for (counter=1; counter<=cthreshold; counter++)
- {
- ehashit(sha,z,counter,p,&H,0);
- if (key->len+hlen>olen) OCT_jbytes(key,H.val,olen%hlen);
- else OCT_joctet(key,&H);
- }
-
-}
-
-/* Password based Key Derivation Function */
-/* Input password p, salt s, and repeat count */
-/* Output key of length olen */
-void amcl::PBKDF2(int sha,octet *p,octet *s,int rep,int olen,octet *key)
-{
- int i,j,len,d=ROUNDUP(olen,sha);
- char f[64],u[64];
- octet F= {0,sizeof(f),f};
- octet U= {0,sizeof(u),u};
- OCT_empty(key);
-
- for (i=1; i<=d; i++)
- {
- len=s->len;
- OCT_jint(s,i,4);
-
- HMAC(sha,s,p,sha,&F);
-
- s->len=len;
- OCT_copy(&U,&F);
- for (j=2; j<=rep; j++)
- {
- HMAC(sha,&U,p,sha,&U);
- OCT_xor(&F,&U);
- }
-
- OCT_joctet(key,&F);
- }
-
- OCT_chop(key,NULL,olen);
-}
-
-/* AES encryption/decryption. Encrypt byte array M using key K and returns ciphertext */
-void amcl::AES_CBC_IV0_ENCRYPT(octet *k,octet *m,octet *c)
-{
- /* AES CBC encryption, with Null IV and key k */
- /* Input is from an octet string m, output is to an octet string c */
- /* Input is padded as necessary to make up a full final block */
- aes a;
- int fin;
- int i,j,ipt,opt;
- char buff[16];
- int padlen;
-
- OCT_clear(c);
- if (m->len==0) return;
- AES_init(&a,CBC,k->len,k->val,NULL);
-
- ipt=opt=0;
- fin=0;
- for(;;)
- {
- for (i=0; i<16; i++)
- {
- if (ipt<m->len) buff[i]=m->val[ipt++];
- else
- {
- fin=1;
- break;
- }
- }
- if (fin) break;
- AES_encrypt(&a,buff);
- for (i=0; i<16; i++)
- if (opt<c->max) c->val[opt++]=buff[i];
- }
-
- /* last block, filled up to i-th index */
-
- padlen=16-i;
- for (j=i; j<16; j++) buff[j]=padlen;
- AES_encrypt(&a,buff);
- for (i=0; i<16; i++)
- if (opt<c->max) c->val[opt++]=buff[i];
- AES_end(&a);
- c->len=opt;
-}
-
-/* decrypts and returns TRUE if all consistent, else returns FALSE */
-int amcl::AES_CBC_IV0_DECRYPT(octet *k,octet *c,octet *m)
-{
- /* padding is removed */
- aes a;
- int i,ipt,opt,ch;
- char buff[16];
- int fin,bad;
- int padlen;
- ipt=opt=0;
-
- OCT_clear(m);
- if (c->len==0) return 1;
- ch=c->val[ipt++];
-
- AES_init(&a,CBC,k->len,k->val,NULL);
- fin=0;
-
- for(;;)
- {
- for (i=0; i<16; i++)
- {
- buff[i]=ch;
- if (ipt>=c->len)
- {
- fin=1;
- break;
- }
- else ch=c->val[ipt++];
- }
- AES_decrypt(&a,buff);
- if (fin) break;
- for (i=0; i<16; i++)
- if (opt<m->max) m->val[opt++]=buff[i];
- }
- AES_end(&a);
- bad=0;
- padlen=buff[15];
- if (i!=15 || padlen<1 || padlen>16) bad=1;
- if (padlen>=2 && padlen<=16)
- for (i=16-padlen; i<16; i++) if (buff[i]!=padlen) bad=1;
-
- if (!bad) for (i=0; i<16-padlen; i++)
- if (opt<m->max) m->val[opt++]=buff[i];
-
- m->len=opt;
- if (bad) return 0;
- return 1;
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/cpp/ecdh_support.h
----------------------------------------------------------------------
diff --git a/version3/cpp/ecdh_support.h b/version3/cpp/ecdh_support.h
deleted file mode 100644
index 65538e1..0000000
--- a/version3/cpp/ecdh_support.h
+++ /dev/null
@@ -1,84 +0,0 @@
-#ifndef ECC_SUPPORT_H
-#define ECC_SUPPORT_H
-
-#include "amcl.h"
-
-namespace amcl {
-
-/* Auxiliary Functions */
-
-
-extern void ehashit(int ,octet *,int ,octet *,octet *,int);
-
-/** @brief hash an octet into another octet
- *
- @param h is the hash type
- @param I input octet
- @param O output octet - H(I)
- */
-extern void HASH(int h,octet *I,octet *O);
-/** @brief HMAC of message M using key K to create tag of length len in octet tag
- *
- IEEE-1363 MAC1 function. Uses SHA256 internally.
- @param h is the hash type
- @param M input message octet
- @param K input encryption key
- @param len is output desired length of HMAC tag
- @param tag is the output HMAC
- @return 0 for bad parameters, else 1
- */
-extern int HMAC(int h,octet *M,octet *K,int len,octet *tag);
-
-/*extern void KDF1(octet *,int,octet *);*/
-
-/** @brief Key Derivation Function - generates key K from inputs Z and P
- *
- IEEE-1363 KDF2 Key Derivation Function. Uses SHA256 internally.
- @param h is the hash type
- @param Z input octet
- @param P input key derivation parameters - can be NULL
- @param len is output desired length of key
- @param K is the derived key
- */
-extern void KDF2(int h,octet *Z,octet *P,int len,octet *K);
-/** @brief Password Based Key Derivation Function - generates key K from password, salt and repeat counter
- *
- PBKDF2 Password Based Key Derivation Function. Uses SHA256 internally.
- @param h is the hash type
- @param P input password
- @param S input salt
- @param rep Number of times to be iterated.
- @param len is output desired length
- @param K is the derived key
- */
-extern void PBKDF2(int h,octet *P,octet *S,int rep,int len,octet *K);
-/** @brief AES encrypts a plaintext to a ciphtertext
- *
- IEEE-1363 AES_CBC_IV0_ENCRYPT function. Encrypts in CBC mode with a zero IV, padding as necessary to create a full final block.
- @param K AES key
- @param P input plaintext octet
- @param C output ciphertext octet
- */
-extern void AES_CBC_IV0_ENCRYPT(octet *K,octet *P,octet *C);
-/** @brief AES encrypts a plaintext to a ciphtertext
- *
- IEEE-1363 AES_CBC_IV0_DECRYPT function. Decrypts in CBC mode with a zero IV.
- @param K AES key
- @param C input ciphertext octet
- @param P output plaintext octet
- @return 0 if bad input, else 1
- */
-extern int AES_CBC_IV0_DECRYPT(octet *K,octet *C,octet *P);
-
-/* ECDH primitives - support functions */
-/** @brief Generate an ECC public/private key pair
- *
- @param R is a pointer to a cryptographically secure random number generator
- @param s the private key, an output internally randomly generated if R!=NULL, otherwise must be provided as an input
- @param W the output public key, which is s.G, where G is a fixed generator
- @return 0 or an error code
- */
-
-}
-
- #endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/cpp/ecp.cpp
----------------------------------------------------------------------
diff --git a/version3/cpp/ecp.cpp b/version3/cpp/ecp.cpp
deleted file mode 100644
index a9f9309..0000000
--- a/version3/cpp/ecp.cpp
+++ /dev/null
@@ -1,1467 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL Elliptic Curve Functions */
-/* SU=m, SU is Stack Usage (Weierstrass Curves) */
-
-//#define HAS_MAIN
-
-#include "ecp_ZZZ.h"
-
-using namespace XXX;
-using namespace YYY;
-
-/* test for P=O point-at-infinity */
-int ZZZ::ECP_isinf(ECP *P)
-{
-// if (P->inf) return 1;
-// FP_reduce(&(P->x)); FP_reduce(&(P->z));
-#if CURVETYPE_ZZZ==EDWARDS
-// FP_reduce(&(P->y));
- return (FP_iszilch(&(P->x)) && FP_equals(&(P->y),&(P->z)));
-#endif
-#if CURVETYPE_ZZZ==WEIERSTRASS
-// FP_reduce(&(P->y));
- return (FP_iszilch(&(P->x)) && FP_iszilch(&(P->z)));
-#endif
-#if CURVETYPE_ZZZ==MONTGOMERY
- return FP_iszilch(&(P->z));
-#endif
-// return P->inf;
-
-}
-
-/* Conditional swap of P and Q dependant on d */
-static void ECP_cswap(ZZZ::ECP *P,ZZZ::ECP *Q,int d)
-{
- FP_cswap(&(P->x),&(Q->x),d);
-#if CURVETYPE_ZZZ!=MONTGOMERY
- FP_cswap(&(P->y),&(Q->y),d);
-#endif
- FP_cswap(&(P->z),&(Q->z),d);
-/*
- d=~(d-1);
- d=d&(P->inf^Q->inf);
- P->inf^=d;
- Q->inf^=d;
-*/
-}
-
-#if CURVETYPE_ZZZ!=MONTGOMERY
-/* Conditional move Q to P dependant on d */
-static void ECP_cmove(ZZZ::ECP *P,ZZZ::ECP *Q,int d)
-{
- FP_cmove(&(P->x),&(Q->x),d);
-#if CURVETYPE_ZZZ!=MONTGOMERY
- FP_cmove(&(P->y),&(Q->y),d);
-#endif
- FP_cmove(&(P->z),&(Q->z),d);
-/*
- d=~(d-1);
- P->inf^=(P->inf^Q->inf)&d;
-*/
-}
-
-/* return 1 if b==c, no branching */
-static int teq(sign32 b,sign32 c)
-{
- sign32 x=b^c;
- x-=1; // if x=0, x now -1
- return (int)((x>>31)&1);
-}
-#endif // CURVETYPE_ZZZ!=MONTGOMERY
-
-#if CURVETYPE_ZZZ!=MONTGOMERY
-/* Constant time select from pre-computed table */
-static void ECP_select(ZZZ::ECP *P,ZZZ::ECP W[],sign32 b)
-{
- ZZZ::ECP MP;
- sign32 m=b>>31;
- sign32 babs=(b^m)-m;
-
- babs=(babs-1)/2;
-
- ECP_cmove(P,&W[0],teq(babs,0)); // conditional move
- ECP_cmove(P,&W[1],teq(babs,1));
- ECP_cmove(P,&W[2],teq(babs,2));
- ECP_cmove(P,&W[3],teq(babs,3));
- ECP_cmove(P,&W[4],teq(babs,4));
- ECP_cmove(P,&W[5],teq(babs,5));
- ECP_cmove(P,&W[6],teq(babs,6));
- ECP_cmove(P,&W[7],teq(babs,7));
-
- ECP_copy(&MP,P);
- ECP_neg(&MP); // minus P
- ECP_cmove(P,&MP,(int)(m&1));
-}
-#endif
-
-/* Test P == Q */
-/* SU=168 */
-int ZZZ::ECP_equals(ECP *P,ECP *Q)
-{
- FP a,b;
-// if (ECP_isinf(P) && ECP_isinf(Q)) return 1;
-// if (ECP_isinf(P) || ECP_isinf(Q)) return 0;
-
-
- FP_mul(&a,&(P->x),&(Q->z));
- FP_mul(&b,&(Q->x),&(P->z));
- if (!FP_equals(&a,&b)) return 0;
-
-#if CURVETYPE_ZZZ!=MONTGOMERY
- FP_mul(&a,&(P->y),&(Q->z));
- FP_mul(&b,&(Q->y),&(P->z));
- if (!FP_equals(&a,&b)) return 0;
-#endif
-
- return 1;
-
-}
-
-/* Set P=Q */
-/* SU=16 */
-void ZZZ::ECP_copy(ECP *P,ECP *Q)
-{
-// P->inf=Q->inf;
- FP_copy(&(P->x),&(Q->x));
-#if CURVETYPE_ZZZ!=MONTGOMERY
- FP_copy(&(P->y),&(Q->y));
-#endif
- FP_copy(&(P->z),&(Q->z));
-}
-
-/* Set P=-Q */
-#if CURVETYPE_ZZZ!=MONTGOMERY
-/* SU=8 */
-void ZZZ::ECP_neg(ECP *P)
-{
-// if (ECP_isinf(P)) return;
-#if CURVETYPE_ZZZ==WEIERSTRASS
- FP_neg(&(P->y),&(P->y));
- FP_norm(&(P->y));
-#else
- FP_neg(&(P->x),&(P->x));
- FP_norm(&(P->x));
-#endif
-
-}
-#endif
-
-/* Set P=O */
-void ZZZ::ECP_inf(ECP *P)
-{
- FP_zero(&(P->x));
-#if CURVETYPE_ZZZ!=MONTGOMERY
- FP_one(&(P->y));
-#endif
-#if CURVETYPE_ZZZ!=EDWARDS
- FP_zero(&(P->z));
-#else
- FP_one(&(P->z));
-#endif
-// P->inf=1;
-}
-
-/* Calculate right Hand Side of curve equation y^2=RHS */
-/* SU=56 */
-void ZZZ::ECP_rhs(FP *v,FP *x)
-{
-#if CURVETYPE_ZZZ==WEIERSTRASS
- /* x^3+Ax+B */
- FP t;
- FP_sqr(&t,x);
- FP_mul(&t,&t,x);
-
- if (CURVE_A==-3)
- {
- FP_neg(v,x);
- FP_norm(v);
- FP_imul(v,v,-CURVE_A);
- FP_norm(v);
- FP_add(v,&t,v);
- }
- else FP_copy(v,&t);
-
- FP_rcopy(&t,CURVE_B);
-
- FP_add(v,&t,v);
- FP_reduce(v);
-#endif
-
-#if CURVETYPE_ZZZ==EDWARDS
- /* (Ax^2-1)/(Bx^2-1) */
- FP t,one;
- FP_sqr(v,x);
- FP_one(&one);
- FP_rcopy(&t,CURVE_B);
-
- FP_mul(&t,v,&t);
- FP_sub(&t,&t,&one);
- FP_norm(&t);
- if (CURVE_A==1) FP_sub(v,v,&one);
-
- if (CURVE_A==-1)
- {
- FP_add(v,v,&one);
- FP_norm(v);
- FP_neg(v,v);
- }
- FP_norm(v);
- FP_inv(&t,&t);
- FP_mul(v,v,&t);
- FP_reduce(v);
-#endif
-
-#if CURVETYPE_ZZZ==MONTGOMERY
- /* x^3+Ax^2+x */
- FP x2,x3;
- FP_sqr(&x2,x);
- FP_mul(&x3,&x2,x);
- FP_copy(v,x);
- FP_imul(&x2,&x2,CURVE_A);
- FP_add(v,v,&x2);
- FP_add(v,v,&x3);
- FP_reduce(v);
-#endif
-}
-
-/* Set P=(x,y) */
-
-#if CURVETYPE_ZZZ==MONTGOMERY
-
-/* Set P=(x,{y}) */
-
-int ZZZ::ECP_set(ECP *P,BIG x)
-{
- BIG m,b;
- FP rhs;
- BIG_rcopy(m,Modulus);
-
- FP_nres(&rhs,x);
-
- ECP_rhs(&rhs,&rhs);
- FP_redc(b,&rhs);
-
- if (BIG_jacobi(b,m)!=1)
- {
- ECP_inf(P);
- return 0;
- }
- //P->inf=0;
- FP_nres(&(P->x),x);
- FP_one(&(P->z));
- return 1;
-}
-
-/* Extract x coordinate as BIG */
-int ZZZ::ECP_get(BIG x,ECP *P)
-{
- ECP W;
- ECP_copy(&W,P);
- ECP_affine(W);
- if (ECP_isinf(&W)) return -1;
- //ECP_affine(P);
- FP_redc(x,&(W.x));
- return 0;
-}
-
-
-#else
-/* Extract (x,y) and return sign of y. If x and y are the same return only x */
-/* SU=16 */
-int ZZZ::ECP_get(BIG x,BIG y,ECP *P)
-{
- int s;
- ECP W;
- ECP_copy(&W,P);
- ECP_affine(&W);
- if (ECP_isinf(&W)) return -1;
-
- FP_redc(y,&(W.y));
- s=BIG_parity(y);
-
- FP_redc(x,&(W.x));
-
- return s;
-}
-
-/* Set P=(x,{y}) */
-/* SU=96 */
-int ZZZ::ECP_set(ECP *P,BIG x,BIG y)
-{
- FP rhs,y2;
-
- FP_nres(&y2,y);
- FP_sqr(&y2,&y2);
- FP_reduce(&y2);
-
- FP_nres(&rhs,x);
- ECP_rhs(&rhs,&rhs);
-
- if (!FP_equals(&y2,&rhs))
- {
- ECP_inf(P);
- return 0;
- }
-
- // P->inf=0;
-
- FP_nres(&(P->x),x);
- FP_nres(&(P->y),y);
- FP_one(&(P->z));
- return 1;
-}
-
-/* Set P=(x,y), where y is calculated from x with sign s */
-/* SU=136 */
-int ZZZ::ECP_setx(ECP *P,BIG x,int s)
-{
- FP rhs;
- BIG t,m;
- BIG_rcopy(m,Modulus);
-
- FP_nres(&rhs,x);
-
- ECP_rhs(&rhs,&rhs);
-
- FP_redc(t,&rhs);
- if (BIG_jacobi(t,m)!=1)
- {
- ECP_inf(P);
- return 0;
- }
-
- // P->inf=0;
-
- FP_nres(&(P->x),x);
- FP_sqrt(&(P->y),&rhs);
-
-//printf("SR= "); FP_output(&(P->y)); printf("\n");
-
- FP_redc(t,&(P->y));
-
-//printf("t= "); BIG_output(t); printf("\n");
-
- if (BIG_parity(t)!=s)
- FP_neg(&(P->y),&(P->y));
- FP_reduce(&(P->y));
- FP_one(&(P->z));
- return 1;
-}
-
-#endif
-
-/* Convert P to Affine, from (x,y,z) to (x,y) */
-/* SU=160 */
-void ZZZ::ECP_affine(ECP *P)
-{
- FP one,iz;
- BIG b;
- if (ECP_isinf(P)) return;
- FP_one(&one);
- if (FP_equals(&(P->z),&one)) return;
-
- FP_inv(&iz,&(P->z));
- FP_mul(&(P->x),&(P->x),&iz);
-
-#if CURVETYPE_ZZZ==EDWARDS || CURVETYPE_ZZZ==WEIERSTRASS
-
- FP_mul(&(P->y),&(P->y),&iz);
- FP_reduce(&(P->y));
-
-#endif
-
- FP_reduce(&(P->x));
- FP_copy(&(P->z),&one);
-}
-
-/* SU=120 */
-void ZZZ::ECP_outputxyz(ECP *P)
-{
- BIG x,z;
- if (ECP_isinf(P))
- {
- printf("Infinity\n");
- return;
- }
- FP_reduce(&(P->x));
- FP_redc(x,&(P->x));
- FP_reduce(&(P->z));
- FP_redc(z,&(P->z));
-
-#if CURVETYPE_ZZZ!=MONTGOMERY
- BIG y;
- FP_reduce(&(P->y));
- FP_redc(y,&(P->y));
- printf("(");
- BIG_output(x);
- printf(",");
- BIG_output(y);
- printf(",");
- BIG_output(z);
- printf(")\n");
-
-#else
- printf("(");
- BIG_output(x);
- printf(",");
- BIG_output(z);
- printf(")\n");
-#endif
-}
-
-/* SU=16 */
-/* Output point P */
-void ZZZ::ECP_output(ECP *P)
-{
- BIG x,y;
- if (ECP_isinf(P))
- {
- printf("Infinity\n");
- return;
- }
- ECP_affine(P);
-#if CURVETYPE_ZZZ!=MONTGOMERY
- FP_redc(x,&(P->x));
- FP_redc(y,&(P->y));
- printf("(");
- BIG_output(x);
- printf(",");
- BIG_output(y);
- printf(")\n");
-#else
- FP_redc(x,&(P->x));
- printf("(");
- BIG_output(x);
- printf(")\n");
-#endif
-}
-
-/* SU=16 */
-/* Output point P */
-void ZZZ::ECP_rawoutput(ECP *P)
-{
- BIG x,y,z;
-// if (ECP_isinf(P))
- // {
- // printf("Infinity\n");
- // return;
- // }
-// ECP_affine(P);
-#if CURVETYPE_ZZZ!=MONTGOMERY
- FP_redc(x,&(P->x));
- FP_redc(y,&(P->y));
- FP_redc(z,&(P->z));
- printf("(");
- BIG_output(x);
- printf(",");
- BIG_output(y);
- printf(",");
- BIG_output(z);
- printf(")\n");
-#else
- FP_redc(x,&(P->x));
- FP_redc(z,&(P->z));
- printf("(");
- BIG_output(x);
- printf(",");
- BIG_output(z);
- printf(")\n");
-#endif
-}
-
-/* SU=88 */
-/* Convert P to octet string, compressing if desired */
-void ZZZ::ECP_toOctet(octet *W,ECP *P,bool compress)
-{
-#if CURVETYPE_ZZZ==MONTGOMERY
- BIG x;
- ECP_get(x,P);
- W->len=MODBYTES_XXX+1;
- W->val[0]=0x06;
- BIG_toBytes(&(W->val[1]),x);
-#else
- BIG x,y;
- ECP_get(x,y,P);
- if (compress)
- {
- W->val[0]=0x02;
- if (BIG_parity(y)==1) W->val[0]=0x03;
- W->len=MODBYTES_XXX+1;
- BIG_toBytes(&(W->val[1]),x);
- }
- else
- {
- W->val[0]=0x04;
- W->len=2*MODBYTES_XXX+1;
- BIG_toBytes(&(W->val[1]),x);
- BIG_toBytes(&(W->val[MODBYTES_XXX+1]),y);
- }
-#endif
-}
-
-/* SU=88 */
-/* Restore P from octet string */
-int ZZZ::ECP_fromOctet(ECP *P,octet *W)
-{
-#if CURVETYPE_ZZZ==MONTGOMERY
- BIG x;
- BIG_fromBytes(x,&(W->val[1]));
- if (ECP_set(P,x)) return 1;
- return 0;
-#else
- BIG x,y;
- int typ=W->val[0];
- BIG_fromBytes(x,&(W->val[1]));
-
- if (typ==0x04)
- {
- BIG_fromBytes(y,&(W->val[MODBYTES_XXX+1]));
- if (ECP_set(P,x,y)) return 1;
- }
- if (typ==0x02 || typ==0x03)
- {
- if (ECP_setx(P,x,typ&1)) return 1;
- }
- return 0;
-#endif
-}
-
-
-/* Set P=2P */
-/* SU=272 */
-void ZZZ::ECP_dbl(ECP *P)
-{
-#if CURVETYPE_ZZZ==WEIERSTRASS
- FP t0,t1,t2,t3,x3,y3,z3,b;
-
-// if (ECP_isinf(P)) return;
-
- if (CURVE_A==0)
- {
- //FP_copy(&t0,&(P->y)); //FP t0=new FP(y);
- FP_sqr(&t0,&(P->y)); //t0.sqr();
- //FP_copy(&t1,&(P->y)); //FP t1=new FP(y);
- FP_mul(&t1,&(P->y),&(P->z)); //t1.mul(z);
-
- //FP_copy(&t2,&(P->z)); //FP t2=new FP(z);
- FP_sqr(&t2,&(P->z)); //t2.sqr();
-
- //FP_copy(&(P->z),&t0); //z.copy(t0);
- FP_add(&(P->z),&t0,&t0); //z.add(t0);
- FP_norm(&(P->z)); //z.norm();
- FP_add(&(P->z),&(P->z),&(P->z)); //z.add(z);
- FP_add(&(P->z),&(P->z),&(P->z)); //z.add(z);
- FP_norm(&(P->z)); //z.norm();
-
- FP_imul(&t2,&t2,3*CURVE_B_I); //t2.imul(3*ROM.CURVE_B_I);
- //FP_copy(&x3,&t2); //FP x3=new FP(t2);
- FP_mul(&x3,&t2,&(P->z)); //x3.mul(z);
-
- //FP_copy(&y3,&t0); //FP y3=new FP(t0);
- FP_add(&y3,&t0,&t2); //y3.add(t2);
- FP_norm(&y3); //y3.norm();
- FP_mul(&(P->z),&(P->z),&t1); //z.mul(t1);
-
- //FP_copy(&t1,&t2); //t1.copy(t2);
- FP_add(&t1,&t2,&t2); //t1.add(t2);
- FP_add(&t2,&t2,&t1); //t2.add(t1);
- FP_sub(&t0,&t0,&t2); //t0.sub(t2);
- FP_norm(&t0); //t0.norm();
- FP_mul(&y3,&y3,&t0); //y3.mul(t0);
- FP_add(&y3,&y3,&x3); //y3.add(x3);
- //FP_copy(&t1,&(P->x)); //t1.copy(x); *** optimization possible
- FP_mul(&t1,&(P->x),&(P->y)); //t1.mul(y);
- //FP_copy(&(P->x),&t0); //x.copy(t0);
- FP_norm(&t0); //x.norm();
- FP_mul(&(P->x),&t0,&t1); //x.mul(t1);
- FP_add(&(P->x),&(P->x),&(P->x)); //x.add(x);
- FP_norm(&(P->x)); //x.norm();
- FP_copy(&(P->y),&y3); //y.copy(y3);
- FP_norm(&(P->y)); //y.norm();
- }
- else // its -3
- {
- //FP_copy(&t0,&(P->x)); //FP t0=new FP(x);
- //FP_copy(&t1,&(P->y)); //FP t1=new FP(y);
- //FP_copy(&t2,&(P->z)); //FP t2=new FP(z);
- //FP_copy(&t3,&(P->x)); //FP t3=new FP(x);
- //FP_copy(&z3,&(P->z)); //FP z3=new FP(z);
-
- if (CURVE_B_I==0) //if (ROM.CURVE_B_I==0)
- FP_rcopy(&b,CURVE_B); //b.copy(new FP(new BIG(ROM.CURVE_B)));
-
- FP_sqr(&t0,&(P->x)); //t0.sqr(); //1 x^2
- FP_sqr(&t1,&(P->y)); //t1.sqr(); //2 y^2
- FP_sqr(&t2,&(P->z)); //t2.sqr(); //3
-
- FP_mul(&t3,&(P->x),&(P->y)); //t3.mul(y); //4
- FP_add(&t3,&t3,&t3); //t3.add(t3);
- FP_norm(&t3); //t3.norm();//5
-
- FP_mul(&z3,&(P->z),&(P->x)); //z3.mul(x); //6
- FP_add(&z3,&z3,&z3); //z3.add(z3);
- FP_norm(&z3); //z3.norm();//7
- //FP_copy(&y3,&t2); //y3.copy(t2);
-
- if (CURVE_B_I==0) //if (ROM.CURVE_B_I==0)
- FP_mul(&y3,&t2,&b); //y3.mul(b); //8
- else
- FP_imul(&y3,&t2,CURVE_B_I); //y3.imul(ROM.CURVE_B_I);
-
- FP_sub(&y3,&y3,&z3); //y3.sub(z3); //y3.norm(); //9 ***
- //FP_copy(&x3,&y3); //x3.copy(y3);
- FP_add(&x3,&y3,&y3); //x3.add(y3);
- FP_norm(&x3); //x3.norm();//10
-
- FP_add(&y3,&y3,&x3); //y3.add(x3); //y3.norm();//11
- //FP_copy(&x3,&t1); //x3.copy(t1);
- FP_sub(&x3,&t1,&y3); //x3.sub(y3);
- FP_norm(&x3); //x3.norm();//12
- FP_add(&y3,&y3,&t1); //y3.add(t1);
- FP_norm(&y3); //y3.norm();//13
- FP_mul(&y3,&y3,&x3); //y3.mul(x3); //14
- FP_mul(&x3,&x3,&t3); //x3.mul(t3); //15
- //FP_copy(&t3,&t2); //t3.copy(t2);
- FP_add(&t3,&t2,&t2); //t3.add(t2); //16
- FP_add(&t2,&t2,&t3); //t2.add(t3); //17
-
- if (CURVE_B_I==0) //if (ROM.CURVE_B_I==0)
- FP_mul(&z3,&z3,&b); //z3.mul(b); //18
- else
- FP_imul(&z3,&z3,CURVE_B_I); //z3.imul(ROM.CURVE_B_I);
-
- FP_sub(&z3,&z3,&t2); //z3.sub(t2); //z3.norm();//19
- FP_sub(&z3,&z3,&t0); //z3.sub(t0);
- FP_norm(&z3); //z3.norm();//20 ***
- //FP_copy(&t3,&z3); //t3.copy(z3);
- FP_add(&t3,&z3,&z3); //t3.add(z3); //t3.norm();//21
-
- FP_add(&z3,&z3,&t3); //z3.add(t3);
- FP_norm(&z3); //z3.norm(); //22
- //FP_copy(&t3,&t0); //t3.copy(t0);
- FP_add(&t3,&t0,&t0); //t3.add(t0); //t3.norm(); //23
- FP_add(&t0,&t0,&t3); //t0.add(t3); //t0.norm();//24
- FP_sub(&t0,&t0,&t2); //t0.sub(t2);
- FP_norm(&t0); //t0.norm();//25
-
- FP_mul(&t0,&t0,&z3); //t0.mul(z3);//26
- FP_add(&y3,&y3,&t0); //y3.add(t0); //y3.norm();//27
- //FP_copy(&t0,&(P->y)); //t0.copy(y);
- FP_mul(&t0,&(P->y),&(P->z)); //t0.mul(z);//28
- FP_add(&t0,&t0,&t0); //t0.add(t0);
- FP_norm(&t0); //t0.norm(); //29
- FP_mul(&z3,&z3,&t0); //z3.mul(t0);//30
- FP_sub(&(P->x),&x3,&z3); //x3.sub(z3); //x3.norm();//31
- FP_add(&t0,&t0,&t0); //t0.add(t0);
- FP_norm(&t0); //t0.norm();//32
- FP_add(&t1,&t1,&t1); //t1.add(t1);
- FP_norm(&t1); //t1.norm();//33
- //FP_copy(&z3,&t0); //z3.copy(t0);
- FP_mul(&(P->z),&t0,&t1); //z3.mul(t1);//34
-
- //FP_copy(&(P->x),&x3); //x.copy(x3);
- FP_norm(&(P->x)); //x.norm();
- FP_copy(&(P->y),&y3); //y.copy(y3);
- FP_norm(&(P->y)); //y.norm();
- //FP_copy(&(P->z),&z3); //z.copy(z3);
- FP_norm(&(P->z)); //z.norm();
- }
-#endif
-
-#if CURVETYPE_ZZZ==EDWARDS
- /* Not using square for multiplication swap, as (1) it needs more adds, and (2) it triggers more reductions */
-
- FP C,D,H,J;
-
-// if (ECP_isinf(P)) return;
-
- //FP_copy(&C,&(P->x)); //FP C=new FP(x);
- FP_sqr(&C,&(P->x)); //C.sqr();
- //FP_copy(&D,&(P->y)); //FP D=new FP(y);
- //FP_copy(&H,&(P->z)); //FP H=new FP(z);
-
- FP_mul(&(P->x),&(P->x),&(P->y)); //x.mul(y);
- FP_add(&(P->x),&(P->x),&(P->x)); //x.add(x);
- FP_norm(&(P->x)); //x.norm();
-
- FP_sqr(&D,&(P->y)); //D.sqr();
-
- if (CURVE_A==-1) //if (ROM.CURVE_A==-1)
- FP_neg(&C,&C); // C.neg();
-
- //FP_copy(&(P->y),&C); //y.copy(C);
- FP_add(&(P->y),&C,&D); //y.add(D);
- FP_norm(&(P->y)); //y.norm();
- FP_sqr(&H,&(P->z)); //H.sqr();
- FP_add(&H,&H,&H); //H.add(H);
-
-
- //FP_copy(&(P->z),&(P->y)); //z.copy(y);
- //FP_copy(&J,&(P->y)); //J.copy(y);
-
- FP_sub(&J,&(P->y),&H); //J.sub(H);
- FP_norm(&J); //J.norm();
-
- FP_mul(&(P->x),&(P->x),&J); //x.mul(J);
- FP_sub(&C,&C,&D); //C.sub(D);
- FP_norm(&C); //C.norm();
- FP_mul(&(P->z),&(P->y),&J); //z.mul(J);
- FP_mul(&(P->y),&(P->y),&C); //y.mul(C);
-
-
-#endif
-
-#if CURVETYPE_ZZZ==MONTGOMERY
- FP A,B,AA,BB,C;
-
-// if (ECP_isinf(P)) return;
-
- //FP_copy(&A,&(P->x)); //FP A=new FP(x);
- //FP_copy(&B,&(P->x)); //FP B=new FP(x);
-
- FP_add(&A,&(P->x),&(P->z)); //A.add(z);
- FP_norm(&A); //A.norm();
- //FP_copy(&AA,&A); //AA.copy(A);
- FP_sqr(&AA,&A); //AA.sqr();
- FP_sub(&B,&(P->x),&(P->z)); //B.sub(z);
- FP_norm(&B); //B.norm();
- //FP_copy(&BB,&B); //BB.copy(B);
- FP_sqr(&BB,&B); //BB.sqr();
- //FP_copy(&C,&AA); //C.copy(AA);
- FP_sub(&C,&AA,&BB); //C.sub(BB);
- FP_norm(&C); //C.norm();
- //FP_copy(&(P->x),&AA); //x.copy(AA);
- FP_mul(&(P->x),&AA,&BB); //x.mul(BB);
-
- //FP_copy(&A,&C); //A.copy(C);
- FP_imul(&A,&C,(CURVE_A+2)/4); //A.imul((ROM.CURVE_A+2)/4);
-
- FP_add(&BB,&BB,&A); //BB.add(A);
- FP_norm(&BB); //BB.norm();
- //FP_copy(&(P->z),&BB); //z.copy(BB);
- FP_mul(&(P->z),&BB,&C); //z.mul(C);
-
-#endif
-}
-
-#if CURVETYPE_ZZZ==MONTGOMERY
-
-/* Set P+=Q. W is difference between P and Q and is affine */
-void ZZZ::ECP_add(ECP *P,ECP *Q,ECP *W)
-{
- FP A,B,C,D,DA,CB;
-
- //FP_copy(&A,&(P->x)); //FP A=new FP(x);
- //FP_copy(&B,&(P->x)); //FP B=new FP(x);
- //FP_copy(&C,&(Q->x)); //FP C=new FP(Q.x);
- //FP_copy(&D,&(Q->x)); //FP D=new FP(Q.x);
-
- FP_add(&A,&(P->x),&(P->z)); //A.add(z);
- FP_sub(&B,&(P->x),&(P->z)); //B.sub(z);
-
- FP_add(&C,&(Q->x),&(Q->z)); //C.add(Q.z);
-
- FP_sub(&D,&(Q->x),&(Q->z)); //D.sub(Q.z);
- FP_norm(&A); //A.norm();
-
- FP_norm(&D); //D.norm();
- //FP_copy(&DA,&D); //DA.copy(D);
- FP_mul(&DA,&D,&A); //DA.mul(A);
-
-
-
- FP_norm(&C); //C.norm();
- FP_norm(&B); //B.norm();
- //FP_copy(&CB,&C); //CB.copy(C);
- FP_mul(&CB,&C,&B); //CB.mul(B);
-
- //FP_copy(&A,&DA); //A.copy(DA);
- FP_add(&A,&DA,&CB); //A.add(CB);
- FP_norm(&A); //A.norm();
- FP_sqr(&(P->x),&A); //A.sqr();
- //FP_copy(&B,&DA); //B.copy(DA);
- FP_sub(&B,&DA,&CB); //B.sub(CB);
- FP_norm(&B); //B.norm();
- FP_sqr(&B,&B); //B.sqr();
-
- //FP_copy(&(P->x),&A); //x.copy(A);
- //FP_copy(&(P->z),&(W->x));//z.copy(W.x);
- FP_mul(&(P->z),&(W->x),&B); //z.mul(B);
-
-}
-
-#else
-
-/* Set P+=Q */
-/* SU=248 */
-void ZZZ::ECP_add(ECP *P,ECP *Q)
-{
-#if CURVETYPE_ZZZ==WEIERSTRASS
-
- int b3;
- FP t0,t1,t2,t3,t4,x3,y3,z3,b;
-/*
- if (ECP_isinf(Q)) return;
- if (ECP_isinf(P))
- {
- ECP_copy(P,Q);
- return;
- }
-*/
- if (CURVE_A==0)
- {
- b3=3*CURVE_B_I; //int b=3*ROM.CURVE_B_I;
- //FP_copy(&t0,&(P->x)); //FP t0=new FP(x);
- FP_mul(&t0,&(P->x),&(Q->x)); //t0.mul(Q.x);
- //FP_copy(&t1,&(P->y)); //FP t1=new FP(y);
- FP_mul(&t1,&(P->y),&(Q->y)); //t1.mul(Q.y);
- //FP_copy(&t2,&(P->z)); //FP t2=new FP(z);
- FP_mul(&t2,&(P->z),&(Q->z)); //t2.mul(Q.z);
- //FP_copy(&t3,&(P->x)); //FP t3=new FP(x);
- FP_add(&t3,&(P->x),&(P->y)); //t3.add(y);
- FP_norm(&t3); //t3.norm();
- //FP_copy(&t4,&(Q->x)); //FP t4=new FP(Q.x);
- FP_add(&t4,&(Q->x),&(Q->y)); //t4.add(Q.y);
- FP_norm(&t4); //t4.norm();
- FP_mul(&t3,&t3,&t4); //t3.mul(t4);
- //FP_copy(&t4,&t0); //t4.copy(t0);
- FP_add(&t4,&t0,&t1); //t4.add(t1);
-
- FP_sub(&t3,&t3,&t4); //t3.sub(t4);
- FP_norm(&t3); //t3.norm();
- //FP_copy(&t4,&(P->y)); //t4.copy(y);
- FP_add(&t4,&(P->y),&(P->z)); //t4.add(z);
- FP_norm(&t4); //t4.norm();
- //FP_copy(&x3,&(Q->y)); //FP x3=new FP(Q.y);
- FP_add(&x3,&(Q->y),&(Q->z)); //x3.add(Q.z);
- FP_norm(&x3); //x3.norm();
-
- FP_mul(&t4,&t4,&x3); //t4.mul(x3);
- //FP_copy(&x3,&t1); //x3.copy(t1);
- FP_add(&x3,&t1,&t2); //x3.add(t2);
-
- FP_sub(&t4,&t4,&x3); //t4.sub(x3);
- FP_norm(&t4); //t4.norm();
- //FP_copy(&x3,&(P->x)); //x3.copy(x);
- FP_add(&x3,&(P->x),&(P->z)); //x3.add(z);
- FP_norm(&x3); //x3.norm();
- //FP_copy(&y3,&(Q->x)); //FP y3=new FP(Q.x);
- FP_add(&y3,&(Q->x),&(Q->z)); //y3.add(Q.z);
- FP_norm(&y3); //y3.norm();
- FP_mul(&x3,&x3,&y3); //x3.mul(y3);
- //FP_copy(&y3,&t0); //y3.copy(t0);
- FP_add(&y3,&t0,&t2); //y3.add(t2);
- FP_sub(&y3,&x3,&y3); //y3.rsub(x3);
- FP_norm(&y3); //y3.norm();
- //FP_copy(&x3,&t0); //x3.copy(t0);
- FP_add(&x3,&t0,&t0); //x3.add(t0);
- FP_add(&t0,&t0,&x3); //t0.add(x3);
- FP_norm(&t0); //t0.norm();
- FP_imul(&t2,&t2,b3); //t2.imul(b);
-
- //FP_copy(&z3,&t1); //FP z3=new FP(t1);
- FP_add(&z3,&t1,&t2); //z3.add(t2);
- FP_norm(&z3); //z3.norm();
- FP_sub(&t1,&t1,&t2); //t1.sub(t2);
- FP_norm(&t1); //t1.norm();
- FP_imul(&y3,&y3,b3); //y3.imul(b);
-
- //FP_copy(&x3,&y3); //x3.copy(y3);
- FP_mul(&x3,&y3,&t4); //x3.mul(t4);
- //FP_copy(&t2,&t3); //t2.copy(t3);
- FP_mul(&t2,&t3,&t1); //t2.mul(t1);
- FP_sub(&(P->x),&t2,&x3); //x3.rsub(t2);
- FP_mul(&y3,&y3,&t0); //y3.mul(t0);
- FP_mul(&t1,&t1,&z3); //t1.mul(z3);
- FP_add(&(P->y),&y3,&t1); //y3.add(t1);
- FP_mul(&t0,&t0,&t3); //t0.mul(t3);
- FP_mul(&z3,&z3,&t4); //z3.mul(t4);
- FP_add(&(P->z),&z3,&t0); //z3.add(t0);
-
- //FP_copy(&(P->x),&x3); //x.copy(x3);
- FP_norm(&(P->x)); //x.norm();
- //FP_copy(&(P->y),&y3); //y.copy(y3);
- FP_norm(&(P->y)); //y.norm();
- //FP_copy(&(P->z),&z3); //z.copy(z3);
- FP_norm(&(P->z)); //z.norm();
- }
- else
- {
- //FP_copy(&t0,&(P->x)); //FP t0=new FP(x);
- //FP_copy(&t1,&(P->y)); //FP t1=new FP(y);
- //FP_copy(&t2,&(P->z)); //FP t2=new FP(z);
- //FP_copy(&t3,&(P->x)); //FP t3=new FP(x);
- //FP_copy(&t4,&(Q->x)); //FP t4=new FP(Q.x);
-
- //FP_copy(&y3,&(Q->x)); //FP y3=new FP(Q.x);
- //FP_copy(&x3,&(Q->y)); //FP x3=new FP(Q.y);
-
- if (CURVE_B_I==0) //if (ROM.CURVE_B_I==0)
- FP_rcopy(&b,CURVE_B); //b.copy(new FP(new BIG(ROM.CURVE_B)));
-
- FP_mul(&t0,&(P->x),&(Q->x)); //t0.mul(Q.x); //1
- FP_mul(&t1,&(P->y),&(Q->y)); //t1.mul(Q.y); //2
- FP_mul(&t2,&(P->z),&(Q->z)); //t2.mul(Q.z); //3
-
- FP_add(&t3,&(P->x),&(P->y)); //t3.add(y);
- FP_norm(&t3); //t3.norm(); //4
- FP_add(&t4,&(Q->x),&(Q->y)); //t4.add(Q.y);
- FP_norm(&t4); //t4.norm();//5
- FP_mul(&t3,&t3,&t4); //t3.mul(t4);//6
- //FP_copy(&t4,&t0); //t4.copy(t0);
- FP_add(&t4,&t0,&t1); //t4.add(t1); //t4.norm(); //7
- FP_sub(&t3,&t3,&t4); //t3.sub(t4);
- FP_norm(&t3); //t3.norm(); //8
- //FP_copy(&t4,&(P->y)); //t4.copy(y);
- FP_add(&t4,&(P->y),&(P->z)); //t4.add(z);
- FP_norm(&t4); //t4.norm();//9
- FP_add(&x3,&(Q->y),&(Q->z)); //x3.add(Q.z);
- FP_norm(&x3); //x3.norm();//10
- FP_mul(&t4,&t4,&x3); //t4.mul(x3); //11
- //FP_copy(&x3,&t1); //x3.copy(t1);
- FP_add(&x3,&t1,&t2); //x3.add(t2); //x3.norm();//12
-
- FP_sub(&t4,&t4,&x3); //t4.sub(x3);
- FP_norm(&t4); //t4.norm();//13
- //FP_copy(&x3,&(P->x)); //x3.copy(x);
- FP_add(&x3,&(P->x),&(P->z)); //x3.add(z);
- FP_norm(&x3); //x3.norm(); //14
- FP_add(&y3,&(Q->x),&(Q->z)); //y3.add(Q.z);
- FP_norm(&y3); //y3.norm();//15
-
- FP_mul(&x3,&x3,&y3); //x3.mul(y3); //16
- //FP_copy(&y3,&t0); //y3.copy(t0);
- FP_add(&y3,&t0,&t2); //y3.add(t2); //y3.norm();//17
-
- FP_sub(&y3,&x3,&y3); //y3.rsub(x3);
- FP_norm(&y3); //y3.norm(); //18
- //FP_copy(&z3,&t2); //z3.copy(t2);
-
- if (CURVE_B_I==0) //if (ROM.CURVE_B_I==0)
- FP_mul(&z3,&t2,&b); //z3.mul(b); //18
- else
- FP_imul(&z3,&t2,CURVE_B_I); //z3.imul(ROM.CURVE_B_I);
-
- //FP_copy(&x3,&y3); //x3.copy(y3);
- FP_sub(&x3,&y3,&z3); //x3.sub(z3);
- FP_norm(&x3); //x3.norm(); //20
- //FP_copy(&z3,&x3); //z3.copy(x3);
- FP_add(&z3,&x3,&x3); //z3.add(x3); //z3.norm(); //21
-
- FP_add(&x3,&x3,&z3); //x3.add(z3); //x3.norm(); //22
- //FP_copy(&z3,&t1); //z3.copy(t1);
- FP_sub(&z3,&t1,&x3); //z3.sub(x3);
- FP_norm(&z3); //z3.norm(); //23
- FP_add(&x3,&x3,&t1); //x3.add(t1);
- FP_norm(&x3); //x3.norm(); //24
-
- if (CURVE_B_I==0) //if (ROM.CURVE_B_I==0)
- FP_mul(&y3,&y3,&b); //y3.mul(b); //18
- else
- FP_imul(&y3,&y3,CURVE_B_I); //y3.imul(ROM.CURVE_B_I);
-
- //FP_copy(&t1,&t2); //t1.copy(t2);
- FP_add(&t1,&t2,&t2); //t1.add(t2); //t1.norm();//26
- FP_add(&t2,&t2,&t1); //t2.add(t1); //t2.norm();//27
-
- FP_sub(&y3,&y3,&t2); //y3.sub(t2); //y3.norm(); //28
-
- FP_sub(&y3,&y3,&t0); //y3.sub(t0);
- FP_norm(&y3); //y3.norm(); //29
- //FP_copy(&t1,&y3); //t1.copy(y3);
- FP_add(&t1,&y3,&y3); //t1.add(y3); //t1.norm();//30
- FP_add(&y3,&y3,&t1); //y3.add(t1);
- FP_norm(&y3); //y3.norm(); //31
-
- //FP_copy(&t1,&t0); //t1.copy(t0);
- FP_add(&t1,&t0,&t0); //t1.add(t0); //t1.norm(); //32
- FP_add(&t0,&t0,&t1); //t0.add(t1); //t0.norm();//33
- FP_sub(&t0,&t0,&t2); //t0.sub(t2);
- FP_norm(&t0); //t0.norm();//34
- //FP_copy(&t1,&t4); //t1.copy(t4);
- FP_mul(&t1,&t4,&y3); //t1.mul(y3);//35
- //FP_copy(&t2,&t0); //t2.copy(t0);
- FP_mul(&t2,&t0,&y3); //t2.mul(y3);//36
- //FP_copy(&y3,&x3); //y3.copy(x3);
- FP_mul(&y3,&x3,&z3); //y3.mul(z3);//37
- FP_add(&(P->y),&y3,&t2); //y3.add(t2); //y3.norm();//38
- FP_mul(&x3,&x3,&t3); //x3.mul(t3);//39
- FP_sub(&(P->x),&x3,&t1); //x3.sub(t1);//40
- FP_mul(&z3,&z3,&t4); //z3.mul(t4);//41
- //FP_copy(&t1,&t3); //t1.copy(t3);
- FP_mul(&t1,&t3,&t0); //t1.mul(t0);//42
- FP_add(&(P->z),&z3,&t1); //z3.add(t1);
- //FP_copy(&(P->x),&x3); //x.copy(x3);
- FP_norm(&(P->x)); //x.norm();
- //FP_copy(&(P->y),&y3); //y.copy(y3);
- FP_norm(&(P->y)); //y.norm();
- //FP_copy(&(P->z),&z3); //z.copy(z3);
- FP_norm(&(P->z)); //z.norm();
- }
-
-#else
- FP A,B,C,D,E,F,G,b;
-
-/*
- if (ECP_isinf(Q)) return;
- if (ECP_isinf(P))
- {
- ECP_copy(P,Q);
- return;
- }
-*/
-
- //FP_copy(&A,&(P->z)); //FP A=new FP(z);
- //FP_copy(&C,&(P->x)); //FP C=new FP(x);
- //FP_copy(&D,&(P->y)); //FP D=new FP(y);
-
- FP_mul(&A,&(P->z),&(Q->z)); //A.mul(Q.z);
- //FP_copy(&B,&A); //B.copy(A);
- FP_sqr(&B,&A); //B.sqr();
- FP_mul(&C,&(P->x),&(Q->x)); //C.mul(Q.x);
- FP_mul(&D,&(P->y),&(Q->y)); //D.mul(Q.y);
-
- //FP_copy(&E,&C); //E.copy(C);
- FP_mul(&E,&C,&D); //E.mul(D);
-
- if (CURVE_B_I==0) //if (ROM.CURVE_B_I==0)
- {
- FP_rcopy(&b,CURVE_B); //FP b=new FP(new BIG(ROM.CURVE_B));
- FP_mul(&E,&E,&b); //E.mul(b);
- }
- else
- FP_imul(&E,&E,CURVE_B_I); //E.imul(ROM.CURVE_B_I);
-
- //FP_copy(&F,&B); //F.copy(B);
- FP_sub(&F,&B,&E); //F.sub(E);
- //FP_copy(&G,&B); //G.copy(B);
- FP_add(&G,&B,&E); //G.add(E);
-
- if (CURVE_A==1) //if (ROM.CURVE_A==1)
- {
- //FP_copy(&E,&D); //E.copy(D);
- FP_sub(&E,&D,&C); //E.sub(C);
- }
- FP_add(&C,&C,&D); //C.add(D);
-
- //FP_copy(&B,&(P->x)); //B.copy(x);
- FP_add(&B,&(P->x),&(P->y)); //B.add(y);
- //FP_copy(&D,&(Q->x)); //D.copy(Q.x);
- FP_add(&D,&(Q->x),&(Q->y)); //D.add(Q.y);
- FP_norm(&B); //B.norm();
- FP_norm(&D); //D.norm();
- FP_mul(&B,&B,&D); //B.mul(D);
- FP_sub(&B,&B,&C); //B.sub(C);
- FP_norm(&B); //B.norm();
- FP_norm(&F); //F.norm();
- FP_mul(&B,&B,&F); //B.mul(F);
- //FP_copy(&(P->x),&A); //x.copy(A);
- FP_mul(&(P->x),&A,&B); //x.mul(B);
- FP_norm(&G); //G.norm();
-
- if (CURVE_A==1) //if (ROM.CURVE_A==1)
- {
- FP_norm(&E); //E.norm();
- //FP_copy(&C,&E); //C.copy(E);
- FP_mul(&C,&E,&G); //C.mul(G);
- }
- if (CURVE_A==-1) //if (ROM.CURVE_A==-1)
- {
- FP_norm(&C); //C.norm();
- FP_mul(&C,&C,&G); //C.mul(G);
- }
- //FP_copy(&(P->y),&A); //y.copy(A);
- FP_mul(&(P->y),&A,&C); //y.mul(C);
-
- //FP_copy(&(P->z),&F); //z.copy(F);
- FP_mul(&(P->z),&F,&G); //z.mul(G);
-
-#endif
-}
-
-/* Set P-=Q */
-/* SU=16 */
-void ZZZ::ECP_sub(ECP *P,ECP *Q)
-{
- ECP NQ;
- ECP_copy(&NQ,Q);
- ECP_neg(&NQ);
- //ECP_neg(Q);
- ECP_add(P,&NQ);
- //ECP_neg(Q);
-}
-
-#endif
-
-#if CURVETYPE_ZZZ!=MONTGOMERY
-/* constant time multiply by small integer of length bts - use ladder */
-void ZZZ::ECP_pinmul(ECP *P,int e,int bts)
-{
- int i,b;
- ECP R0,R1;
-
- ECP_affine(P);
- ECP_inf(&R0);
- ECP_copy(&R1,P);
-
- for (i=bts-1; i>=0; i--)
- {
- b=(e>>i)&1;
- ECP_copy(P,&R1);
- ECP_add(P,&R0);
- ECP_cswap(&R0,&R1,b);
- ECP_copy(&R1,P);
- ECP_dbl(&R0);
- ECP_cswap(&R0,&R1,b);
- }
- ECP_copy(P,&R0);
- ECP_affine(P);
-}
-#endif
-
-/* Set P=r*P */
-/* SU=424 */
-void ZZZ::ECP_mul(ECP *P,BIG e)
-{
-#if CURVETYPE_ZZZ==MONTGOMERY
- /* Montgomery ladder */
- int nb,i,b;
- ECP R0,R1,D;
- if (ECP_isinf(P)) return;
- if (BIG_iszilch(e))
- {
- ECP_inf(P);
- return;
- }
- //ECP_affine(P);
-
- ECP_copy(&R0,P);
- ECP_copy(&R1,P);
- ECP_dbl(&R1);
-
- ECP_copy(&D,P); ECP_affine(&D);
-
- nb=BIG_nbits(e);
- for (i=nb-2; i>=0; i--)
- {
- b=BIG_bit(e,i);
- ECP_copy(P,&R1);
- ECP_add(P,&R0,&D);
- ECP_cswap(&R0,&R1,b);
- ECP_copy(&R1,P);
- ECP_dbl(&R0);
-
- ECP_cswap(&R0,&R1,b);
- }
-
- ECP_copy(P,&R0);
-
-#else
- /* fixed size windows */
- int i,nb,s,ns;
- BIG mt,t;
- ECP Q,W[8],C;
- sign8 w[1+(NLEN_XXX*BASEBITS_XXX+3)/4];
-
- if (ECP_isinf(P)) return;
- if (BIG_iszilch(e))
- {
- ECP_inf(P);
- return;
- }
-
- //ECP_affine(P);
-
- /* precompute table */
-
- ECP_copy(&Q,P);
- ECP_dbl(&Q);
-
- ECP_copy(&W[0],P);
-
- for (i=1; i<8; i++)
- {
- ECP_copy(&W[i],&W[i-1]);
- ECP_add(&W[i],&Q);
- }
-
-//printf("W[1]= ");ECP_output(&W[1]); printf("\n");
-
- /* make exponent odd - add 2P if even, P if odd */
- BIG_copy(t,e);
- s=BIG_parity(t);
- BIG_inc(t,1);
- BIG_norm(t);
- ns=BIG_parity(t);
- BIG_copy(mt,t);
- BIG_inc(mt,1);
- BIG_norm(mt);
- BIG_cmove(t,mt,s);
- ECP_cmove(&Q,P,ns);
- ECP_copy(&C,&Q);
-
- nb=1+(BIG_nbits(t)+3)/4;
-
- /* convert exponent to signed 4-bit window */
- for (i=0; i<nb; i++)
- {
- w[i]=BIG_lastbits(t,5)-16;
- BIG_dec(t,w[i]);
- BIG_norm(t);
- BIG_fshr(t,4);
- }
- w[nb]=BIG_lastbits(t,5);
-
- ECP_copy(P,&W[(w[nb]-1)/2]);
- for (i=nb-1; i>=0; i--)
- {
- ECP_select(&Q,W,w[i]);
- ECP_dbl(P);
- ECP_dbl(P);
- ECP_dbl(P);
- ECP_dbl(P);
- ECP_add(P,&Q);
- }
- ECP_sub(P,&C); /* apply correction */
-#endif
- ECP_affine(P);
-}
-
-#if CURVETYPE_ZZZ!=MONTGOMERY
-/* Set P=eP+fQ double multiplication */
-/* constant time - as useful for GLV method in pairings */
-/* SU=456 */
-
-void ZZZ::ECP_mul2(ECP *P,ECP *Q,BIG e,BIG f)
-{
- BIG te,tf,mt;
- ECP S,T,W[8],C;
- sign8 w[1+(NLEN_XXX*BASEBITS_XXX+1)/2];
- int i,a,b,s,ns,nb;
-
- //ECP_affine(P);
- //ECP_affine(Q);
-
- BIG_copy(te,e);
- BIG_copy(tf,f);
-
- /* precompute table */
- ECP_copy(&W[1],P);
- ECP_sub(&W[1],Q); /* P+Q */
- ECP_copy(&W[2],P);
- ECP_add(&W[2],Q); /* P-Q */
- ECP_copy(&S,Q);
- ECP_dbl(&S); /* S=2Q */
- ECP_copy(&W[0],&W[1]);
- ECP_sub(&W[0],&S);
- ECP_copy(&W[3],&W[2]);
- ECP_add(&W[3],&S);
- ECP_copy(&T,P);
- ECP_dbl(&T); /* T=2P */
- ECP_copy(&W[5],&W[1]);
- ECP_add(&W[5],&T);
- ECP_copy(&W[6],&W[2]);
- ECP_add(&W[6],&T);
- ECP_copy(&W[4],&W[5]);
- ECP_sub(&W[4],&S);
- ECP_copy(&W[7],&W[6]);
- ECP_add(&W[7],&S);
-
- /* if multiplier is odd, add 2, else add 1 to multiplier, and add 2P or P to correction */
-
- s=BIG_parity(te);
- BIG_inc(te,1);
- BIG_norm(te);
- ns=BIG_parity(te);
- BIG_copy(mt,te);
- BIG_inc(mt,1);
- BIG_norm(mt);
- BIG_cmove(te,mt,s);
- ECP_cmove(&T,P,ns);
- ECP_copy(&C,&T);
-
- s=BIG_parity(tf);
- BIG_inc(tf,1);
- BIG_norm(tf);
- ns=BIG_parity(tf);
- BIG_copy(mt,tf);
- BIG_inc(mt,1);
- BIG_norm(mt);
- BIG_cmove(tf,mt,s);
- ECP_cmove(&S,Q,ns);
- ECP_add(&C,&S);
-
- BIG_add(mt,te,tf);
- BIG_norm(mt);
- nb=1+(BIG_nbits(mt)+1)/2;
-
- /* convert exponent to signed 2-bit window */
- for (i=0; i<nb; i++)
- {
- a=BIG_lastbits(te,3)-4;
- BIG_dec(te,a);
- BIG_norm(te);
- BIG_fshr(te,2);
- b=BIG_lastbits(tf,3)-4;
- BIG_dec(tf,b);
- BIG_norm(tf);
- BIG_fshr(tf,2);
- w[i]=4*a+b;
- }
- w[nb]=(4*BIG_lastbits(te,3)+BIG_lastbits(tf,3));
-
- ECP_copy(P,&W[(w[nb]-1)/2]);
- for (i=nb-1; i>=0; i--)
- {
- ECP_select(&T,W,w[i]);
- ECP_dbl(P);
- ECP_dbl(P);
- ECP_add(P,&T);
- }
- ECP_sub(P,&C); /* apply correction */
- ECP_affine(P);
-}
-
-#endif
-
-void ZZZ::ECP_cfp(ECP *P)
-{ /* multiply point by curves cofactor */
- BIG c;
- int cf=CURVE_Cof_I;
- if (cf==1) return;
- if (cf==4)
- {
- ECP_dbl(P);
- ECP_dbl(P);
- //ECP_affine(P);
- return;
- }
- if (cf==8)
- {
- ECP_dbl(P);
- ECP_dbl(P);
- ECP_dbl(P);
- //ECP_affine(P);
- return;
- }
- BIG_rcopy(c,CURVE_Cof);
- ECP_mul(P,c);
- return;
-}
-
-/* map BIG to point on curve of correct order */
-/* The BIG should be the output of some hash function */
-
-void ZZZ::ECP_mapit(ECP *P,octet *W)
-{
- BIG q,x;
- BIG_fromBytes(x,W->val);
- BIG_rcopy(q,Modulus);
- BIG_mod(x,q);
-
- for (;;)
- {
- for (;;)
- {
-#if CURVETYPE_ZZZ!=MONTGOMERY
- ECP_setx(P,x,0);
-#else
- ECP_set(P,x);
-#endif
- BIG_inc(x,1); BIG_norm(x);
- if (!ECP_isinf(P)) break;
- }
- ECP_cfp(P);
- if (!ECP_isinf(P)) break;
- }
-}
-
-void ZZZ::ECP_generator(ECP *G)
-{
- BIG x,y;
- BIG_rcopy(x,CURVE_Gx);
-#if CURVETYPE_ZZZ!=MONTGOMERY
- BIG_rcopy(y,CURVE_Gy);
- ECP_set(G,x,y);
-#else
- ECP_set(G,x);
-#endif
-}
-
-#ifdef HAS_MAIN
-
-using namespace ZZZ;
-
-int main()
-{
- int i;
- ECP G,P;
- csprng RNG;
- BIG r,s,x,y,b,m,w,q;
- BIG_rcopy(x,CURVE_Gx);
-#if CURVETYPE_ZZZ!=MONTGOMERY
- BIG_rcopy(y,CURVE_Gy);
-#endif
- BIG_rcopy(m,Modulus);
-
- printf("x= ");
- BIG_output(x);
- printf("\n");
-#if CURVETYPE_ZZZ!=MONTGOMERY
- printf("y= ");
- BIG_output(y);
- printf("\n");
-#endif
- RNG_seed(&RNG,3,"abc");
-
-#if CURVETYPE_ZZZ!=MONTGOMERY
- ECP_set(&G,x,y);
-#else
- ECP_set(&G,x);
-#endif
- if (ECP_isinf(&G)) printf("Failed to set - point not on curve\n");
- else printf("set success\n");
-
- ECP_output(&G);
-
- BIG_rcopy(r,CURVE_Order); //BIG_dec(r,7);
- printf("r= ");
- BIG_output(r);
- printf("\n");
-
- ECP_copy(&P,&G);
-
- ECP_mul(&P,r);
-
- ECP_output(&P);
-//exit(0);
- BIG_randomnum(w,&RNG);
- BIG_mod(w,r);
-
- ECP_copy(&P,&G);
- ECP_mul(&P,w);
-
- ECP_output(&P);
-
- return 0;
-}
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/cpp/ecp.h
----------------------------------------------------------------------
diff --git a/version3/cpp/ecp.h b/version3/cpp/ecp.h
deleted file mode 100644
index fc7c901..0000000
--- a/version3/cpp/ecp.h
+++ /dev/null
@@ -1,293 +0,0 @@
-#ifndef ECP_ZZZ_H
-#define ECP_ZZZ_H
-
-#include "fp_YYY.h"
-#include "config_curve_ZZZ.h"
-
-using namespace amcl;
-
-namespace ZZZ {
-
-/* Curve Params - see rom.c */
-extern const int CURVE_A; /**< Elliptic curve A parameter */
-extern const int CURVE_B_I;
-extern const int CURVE_Cof_I;
-extern const XXX::BIG CURVE_B; /**< Elliptic curve B parameter */
-extern const XXX::BIG CURVE_Order; /**< Elliptic curve group order */
-extern const XXX::BIG CURVE_Cof; /**< Elliptic curve cofactor */
-
-/* Generator point on G1 */
-extern const XXX::BIG CURVE_Gx; /**< x-coordinate of generator point in group G1 */
-extern const XXX::BIG CURVE_Gy; /**< y-coordinate of generator point in group G1 */
-
-
-/* For Pairings only */
-
-/* Generator point on G2 */
-extern const XXX::BIG CURVE_Pxa; /**< real part of x-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pxb; /**< imaginary part of x-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pya; /**< real part of y-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pyb; /**< imaginary part of y-coordinate of generator point in group G2 */
-
-/*** needed for BLS24 curves ***/
-
-extern const XXX::BIG CURVE_Pxaa; /**< real part of x-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pxab; /**< imaginary part of x-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pxba; /**< real part of x-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pxbb; /**< imaginary part of x-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pyaa; /**< real part of y-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pyab; /**< imaginary part of y-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pyba; /**< real part of y-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pybb; /**< imaginary part of y-coordinate of generator point in group G2 */
-
-/*** needed for BLS48 curves ***/
-
-extern const XXX::BIG CURVE_Pxaaa; /**< real part of x-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pxaab; /**< imaginary part of x-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pxaba; /**< real part of x-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pxabb; /**< imaginary part of x-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pxbaa; /**< real part of x-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pxbab; /**< imaginary part of x-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pxbba; /**< real part of x-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pxbbb; /**< imaginary part of x-coordinate of generator point in group G2 */
-
-extern const XXX::BIG CURVE_Pyaaa; /**< real part of y-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pyaab; /**< imaginary part of y-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pyaba; /**< real part of y-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pyabb; /**< imaginary part of y-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pybaa; /**< real part of y-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pybab; /**< imaginary part of y-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pybba; /**< real part of y-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pybbb; /**< imaginary part of y-coordinate of generator point in group G2 */
-
-
-
-extern const XXX::BIG CURVE_Bnx; /**< BN curve x parameter */
-
-extern const XXX::BIG CURVE_Cru; /**< BN curve Cube Root of Unity */
-
-extern const XXX::BIG Fra; /**< real part of BN curve Frobenius Constant */
-extern const XXX::BIG Frb; /**< imaginary part of BN curve Frobenius Constant */
-
-
-extern const XXX::BIG CURVE_W[2]; /**< BN curve constant for GLV decomposition */
-extern const XXX::BIG CURVE_SB[2][2]; /**< BN curve constant for GLV decomposition */
-extern const XXX::BIG CURVE_WB[4]; /**< BN curve constant for GS decomposition */
-extern const XXX::BIG CURVE_BB[4][4]; /**< BN curve constant for GS decomposition */
-
-
-/**
- @brief ECP structure - Elliptic Curve Point over base field
-*/
-
-typedef struct
-{
-// int inf; /**< Infinity Flag - not needed for Edwards representation */
-
- YYY::FP x; /**< x-coordinate of point */
-#if CURVETYPE_ZZZ!=MONTGOMERY
- YYY::FP y; /**< y-coordinate of point. Not needed for Montgomery representation */
-#endif
- YYY::FP z;/**< z-coordinate of point */
-} ECP;
-
-
-/* ECP E(Fp) prototypes */
-/** @brief Tests for ECP point equal to infinity
- *
- @param P ECP point to be tested
- @return 1 if infinity, else returns 0
- */
-extern int ECP_isinf(ECP *P);
-/** @brief Tests for equality of two ECPs
- *
- @param P ECP instance to be compared
- @param Q ECP instance to be compared
- @return 1 if P=Q, else returns 0
- */
-extern int ECP_equals(ECP *P,ECP *Q);
-/** @brief Copy ECP point to another ECP point
- *
- @param P ECP instance, on exit = Q
- @param Q ECP instance to be copied
- */
-extern void ECP_copy(ECP *P,ECP *Q);
-/** @brief Negation of an ECP point
- *
- @param P ECP instance, on exit = -P
- */
-extern void ECP_neg(ECP *P);
-/** @brief Set ECP to point-at-infinity
- *
- @param P ECP instance to be set to infinity
- */
-extern void ECP_inf(ECP *P);
-/** @brief Calculate Right Hand Side of curve equation y^2=f(x)
- *
- Function f(x) depends on form of elliptic curve, Weierstrass, Edwards or Montgomery.
- Used internally.
- @param r BIG n-residue value of f(x)
- @param x BIG n-residue x
- */
-extern void ECP_rhs(YYY::FP *r,YYY::FP *x);
-/** @brief Set ECP to point(x,y) given just x and sign of y
- *
- Point P set to infinity if no such point on the curve. If x is on the curve then y is calculated from the curve equation.
- The correct y value (plus or minus) is selected given its sign s.
- @param P ECP instance to be set (x,[y])
- @param x BIG x coordinate of point
- @param s an integer representing the "sign" of y, in fact its least significant bit.
- */
-extern int ECP_setx(ECP *P,XXX::BIG x,int s);
-
-#if CURVETYPE_ZZZ==MONTGOMERY
-/** @brief Set ECP to point(x,[y]) given x
- *
- Point P set to infinity if no such point on the curve. Note that y coordinate is not needed.
- @param P ECP instance to be set (x,[y])
- @param x BIG x coordinate of point
- @return 1 if point exists, else 0
- */
-extern int ECP_set(ECP *P,XXX::BIG x);
-/** @brief Extract x coordinate of an ECP point P
- *
- @param x BIG on exit = x coordinate of point
- @param P ECP instance (x,[y])
- @return -1 if P is point-at-infinity, else 0
- */
-extern int ECP_get(XXX::BIG x,ECP *P);
-/** @brief Adds ECP instance Q to ECP instance P, given difference D=P-Q
- *
- Differential addition of points on a Montgomery curve
- @param P ECP instance, on exit =P+Q
- @param Q ECP instance to be added to P
- @param D Difference between P and Q
- */
-extern void ECP_add(ECP *P,ECP *Q,ECP *D);
-#else
-/** @brief Set ECP to point(x,y) given x and y
- *
- Point P set to infinity if no such point on the curve.
- @param P ECP instance to be set (x,y)
- @param x BIG x coordinate of point
- @param y BIG y coordinate of point
- @return 1 if point exists, else 0
- */
-extern int ECP_set(ECP *P,XXX::BIG x,XXX::BIG y);
-/** @brief Extract x and y coordinates of an ECP point P
- *
- If x=y, returns only x
- @param x BIG on exit = x coordinate of point
- @param y BIG on exit = y coordinate of point (unless x=y)
- @param P ECP instance (x,y)
- @return sign of y, or -1 if P is point-at-infinity
- */
-extern int ECP_get(XXX::BIG x,XXX::BIG y,ECP *P);
-/** @brief Adds ECP instance Q to ECP instance P
- *
- @param P ECP instance, on exit =P+Q
- @param Q ECP instance to be added to P
- */
-extern void ECP_add(ECP *P,ECP *Q);
-/** @brief Subtracts ECP instance Q from ECP instance P
- *
- @param P ECP instance, on exit =P-Q
- @param Q ECP instance to be subtracted from P
- */
-extern void ECP_sub(ECP *P,ECP *Q);
-#endif
-/** @brief Converts an ECP point from Projective (x,y,z) coordinates to affine (x,y) coordinates
- *
- @param P ECP instance to be converted to affine form
- */
-extern void ECP_affine(ECP *P);
-/** @brief Formats and outputs an ECP point to the console, in projective coordinates
- *
- @param P ECP instance to be printed
- */
-extern void ECP_outputxyz(ECP *P);
-/** @brief Formats and outputs an ECP point to the console, converted to affine coordinates
- *
- @param P ECP instance to be printed
- */
-extern void ECP_output(ECP * P);
-
-/** @brief Formats and outputs an ECP point to the console
- *
- @param P ECP instance to be printed
- */
-extern void ECP_rawoutput(ECP * P);
-
-/** @brief Formats and outputs an ECP point to an octet string
- *
- The octet string is normally in the standard form 0x04|x|y
- Here x (and y) are the x and y coordinates in left justified big-endian base 256 form.
- For Montgomery curve it is 0x06|x
- If c is true, only the x coordinate is provided as in 0x2|x if y is even, or 0x3|x if y is odd
- @param c compression required, true or false
- @param S output octet string
- @param P ECP instance to be converted to an octet string
- */
-extern void ECP_toOctet(octet *S,ECP *P,bool c);
-/** @brief Creates an ECP point from an octet string
- *
- The octet string is normally in the standard form 0x04|x|y
- Here x (and y) are the x and y coordinates in left justified big-endian base 256 form.
- For Montgomery curve it is 0x06|x
- If in compressed form only the x coordinate is provided as in 0x2|x if y is even, or 0x3|x if y is odd
- @param P ECP instance to be created from the octet string
- @param S input octet string
- return 1 if octet string corresponds to a point on the curve, else 0
- */
-extern int ECP_fromOctet(ECP *P,octet *S);
-/** @brief Doubles an ECP instance P
- *
- @param P ECP instance, on exit =2*P
- */
-extern void ECP_dbl(ECP *P);
-/** @brief Multiplies an ECP instance P by a small integer, side-channel resistant
- *
- @param P ECP instance, on exit =i*P
- @param i small integer multiplier
- @param b maximum number of bits in multiplier
- */
-extern void ECP_pinmul(ECP *P,int i,int b);
-/** @brief Multiplies an ECP instance P by a BIG, side-channel resistant
- *
- Uses Montgomery ladder for Montgomery curves, otherwise fixed sized windows.
- @param P ECP instance, on exit =b*P
- @param b BIG number multiplier
-
- */
-extern void ECP_mul(ECP *P,XXX::BIG b);
-/** @brief Calculates double multiplication P=e*P+f*Q, side-channel resistant
- *
- @param P ECP instance, on exit =e*P+f*Q
- @param Q ECP instance
- @param e BIG number multiplier
- @param f BIG number multiplier
- */
-extern void ECP_mul2(ECP *P,ECP *Q,XXX::BIG e,XXX::BIG f);
-
-/** @brief Multiplies random point by co-factor
- *
- @param Q ECP multiplied by co-factor
- */
-extern void ECP_cfp(ECP *Q);
-
-/** @brief Maps random BIG to curve point of correct order
- *
- @param Q ECP instance of correct order
- @param w OCTET byte array to be mapped
- */
-extern void ECP_mapit(ECP *Q,octet *w);
-
-/** @brief Get Group Generator from ROM
- *
- @param G ECP instance
- */
-extern void ECP_generator(ECP *G);
-
-}
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/cpp/ecp2.cpp
----------------------------------------------------------------------
diff --git a/version3/cpp/ecp2.cpp b/version3/cpp/ecp2.cpp
deleted file mode 100644
index 9915d17..0000000
--- a/version3/cpp/ecp2.cpp
+++ /dev/null
@@ -1,922 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL Weierstrass elliptic curve functions over FP2 */
-/* SU=m, m is Stack Usage */
-
-#include "ecp2_ZZZ.h"
-
-using namespace XXX;
-using namespace YYY;
-
-int ZZZ::ECP2_isinf(ECP2 *P)
-{
-// if (P->inf) return 1;
- return (FP2_iszilch(&(P->x)) & FP2_iszilch(&(P->z)));
-}
-
-/* Set P=Q */
-/* SU= 16 */
-void ZZZ::ECP2_copy(ECP2 *P,ECP2 *Q)
-{
-// P->inf=Q->inf;
- FP2_copy(&(P->x),&(Q->x));
- FP2_copy(&(P->y),&(Q->y));
- FP2_copy(&(P->z),&(Q->z));
-}
-
-/* set P to Infinity */
-/* SU= 8 */
-void ZZZ::ECP2_inf(ECP2 *P)
-{
-// P->inf=1;
- FP2_zero(&(P->x));
- FP2_one(&(P->y));
- FP2_zero(&(P->z));
-}
-
-/* Conditional move Q to P dependant on d */
-static void ECP2_cmove(ZZZ::ECP2 *P,ZZZ::ECP2 *Q,int d)
-{
- FP2_cmove(&(P->x),&(Q->x),d);
- FP2_cmove(&(P->y),&(Q->y),d);
- FP2_cmove(&(P->z),&(Q->z),d);
-// d=~(d-1);
-// P->inf^=(P->inf^Q->inf)&d;
-}
-
-/* return 1 if b==c, no branching */
-static int teq(sign32 b,sign32 c)
-{
- sign32 x=b^c;
- x-=1; // if x=0, x now -1
- return (int)((x>>31)&1);
-}
-
-/* Constant time select from pre-computed table */
-static void ECP2_select(ZZZ::ECP2 *P,ZZZ::ECP2 W[],sign32 b)
-{
- ZZZ::ECP2 MP;
- sign32 m=b>>31;
- sign32 babs=(b^m)-m;
-
- babs=(babs-1)/2;
-
- ECP2_cmove(P,&W[0],teq(babs,0)); // conditional move
- ECP2_cmove(P,&W[1],teq(babs,1));
- ECP2_cmove(P,&W[2],teq(babs,2));
- ECP2_cmove(P,&W[3],teq(babs,3));
- ECP2_cmove(P,&W[4],teq(babs,4));
- ECP2_cmove(P,&W[5],teq(babs,5));
- ECP2_cmove(P,&W[6],teq(babs,6));
- ECP2_cmove(P,&W[7],teq(babs,7));
-
- ECP2_copy(&MP,P);
- ECP2_neg(&MP); // minus P
- ECP2_cmove(P,&MP,(int)(m&1));
-}
-
-/* return 1 if P==Q, else 0 */
-/* SU= 312 */
-int ZZZ::ECP2_equals(ECP2 *P,ECP2 *Q)
-{
- FP2 a,b;
-// if (ECP2_isinf(P) && ECP2_isinf(Q)) return 1;
-// if (ECP2_isinf(P) || ECP2_isinf(Q)) return 0;
-
- FP2_mul(&a,&(P->x),&(Q->z));
- FP2_mul(&b,&(Q->x),&(P->z));
- if (!FP2_equals(&a,&b)) return 0;
-
- FP2_mul(&a,&(P->y),&(Q->z));
- FP2_mul(&b,&(Q->y),&(P->z));
- if (!FP2_equals(&a,&b)) return 0;
- return 1;
-}
-
-/* Make P affine (so z=1) */
-/* SU= 232 */
-void ZZZ::ECP2_affine(ECP2 *P)
-{
- FP2 one,iz;
- if (ECP2_isinf(P)) return;
-
- FP2_one(&one);
- if (FP2_isunity(&(P->z)))
- {
- FP2_reduce(&(P->x));
- FP2_reduce(&(P->y));
- return;
- }
-
- FP2_inv(&iz,&(P->z));
- FP2_mul(&(P->x),&(P->x),&iz);
- FP2_mul(&(P->y),&(P->y),&iz);
-
- FP2_reduce(&(P->x));
- FP2_reduce(&(P->y));
- FP2_copy(&(P->z),&one);
-}
-
-/* extract x, y from point P */
-/* SU= 16 */
-int ZZZ::ECP2_get(FP2 *x,FP2 *y,ECP2 *P)
-{
- ECP2 W;
- ECP2_copy(&W,P);
- ECP2_affine(&W);
- if (ECP2_isinf(&W)) return -1;
-// if (P->inf) return -1;
- //ECP2_affine(P);
- FP2_copy(y,&(W.y));
- FP2_copy(x,&(W.x));
- return 0;
-}
-
-/* SU= 152 */
-/* Output point P */
-void ZZZ::ECP2_output(ECP2 *P)
-{
- FP2 x,y;
- if (ECP2_isinf(P))
- {
- printf("Infinity\n");
- return;
- }
- ECP2_get(&x,&y,P);
- printf("(");
- FP2_output(&x);
- printf(",");
- FP2_output(&y);
- printf(")\n");
-}
-
-/* SU= 232 */
-void ZZZ::ECP2_outputxyz(ECP2 *P)
-{
- ECP2 Q;
- if (ECP2_isinf(P))
- {
- printf("Infinity\n");
- return;
- }
- ECP2_copy(&Q,P);
- printf("(");
- FP2_output(&(Q.x));
- printf(",");
- FP2_output(&(Q.y));
- printf(",");
- FP2_output(&(Q.z));
- printf(")\n");
-}
-
-/* SU= 168 */
-/* Convert Q to octet string */
-void ZZZ::ECP2_toOctet(octet *W,ECP2 *Q)
-{
- BIG b;
- FP2 qx,qy;
- ECP2_get(&qx,&qy,Q);
-
- FP_redc(b,&(qx.a));
- BIG_toBytes(&(W->val[0]),b);
- FP_redc(b,&(qx.b));
- BIG_toBytes(&(W->val[MODBYTES_XXX]),b);
- FP_redc(b,&(qy.a));
- BIG_toBytes(&(W->val[2*MODBYTES_XXX]),b);
- FP_redc(b,&(qy.b));
- BIG_toBytes(&(W->val[3*MODBYTES_XXX]),b);
-
- W->len=4*MODBYTES_XXX;
-
-}
-
-/* SU= 176 */
-/* restore Q from octet string */
-int ZZZ::ECP2_fromOctet(ECP2 *Q,octet *W)
-{
- BIG b;
- FP2 qx,qy;
- BIG_fromBytes(b,&(W->val[0]));
- FP_nres(&(qx.a),b);
- BIG_fromBytes(b,&(W->val[MODBYTES_XXX]));
- FP_nres(&(qx.b),b);
- BIG_fromBytes(b,&(W->val[2*MODBYTES_XXX]));
- FP_nres(&(qy.a),b);
- BIG_fromBytes(b,&(W->val[3*MODBYTES_XXX]));
- FP_nres(&(qy.b),b);
-
- if (ECP2_set(Q,&qx,&qy)) return 1;
- return 0;
-}
-
-/* SU= 128 */
-/* Calculate RHS of twisted curve equation x^3+B/i or x^3+Bi*/
-void ZZZ::ECP2_rhs(FP2 *rhs,FP2 *x)
-{
- /* calculate RHS of elliptic curve equation */
- FP2 t;
- BIG b;
- FP2_sqr(&t,x);
-
- FP2_mul(rhs,&t,x);
-
- /* Assuming CURVE_A=0 */
-
- BIG_rcopy(b,CURVE_B);
-
- FP2_from_BIG(&t,b);
-
-#if SEXTIC_TWIST_ZZZ == D_TYPE
- FP2_div_ip(&t); /* IMPORTANT - here we use the correct SEXTIC twist of the curve */
-#endif
-
-#if SEXTIC_TWIST_ZZZ == M_TYPE
- FP2_norm(&t);
- FP2_mul_ip(&t); /* IMPORTANT - here we use the correct SEXTIC twist of the curve */
- FP2_norm(&t);
-
-#endif
-
-
- FP2_add(rhs,&t,rhs);
- FP2_reduce(rhs);
-}
-
-
-/* Set P=(x,y). Return 1 if (x,y) is on the curve, else return 0*/
-/* SU= 232 */
-int ZZZ::ECP2_set(ECP2 *P,FP2 *x,FP2 *y)
-{
- FP2 rhs,y2;
-
- FP2_sqr(&y2,y);
- ECP2_rhs(&rhs,x);
-
- if (!FP2_equals(&y2,&rhs))
- {
- ECP2_inf(P);
- return 0;
- }
-
- // P->inf=0;
- FP2_copy(&(P->x),x);
- FP2_copy(&(P->y),y);
-
- FP2_one(&(P->z));
- return 1;
-}
-
-/* Set P=(x,y). Return 1 if (x,.) is on the curve, else return 0 */
-/* SU= 232 */
-int ZZZ::ECP2_setx(ECP2 *P,FP2 *x)
-{
- FP2 y;
- ECP2_rhs(&y,x);
-
- if (!FP2_sqrt(&y,&y))
- {
- ECP2_inf(P);
- return 0;
- }
-
-// P->inf=0;
- FP2_copy(&(P->x),x);
- FP2_copy(&(P->y),&y);
- FP2_one(&(P->z));
- return 1;
-}
-
-/* Set P=-P */
-/* SU= 8 */
-void ZZZ::ECP2_neg(ECP2 *P)
-{
-// if (ECP2_isinf(P)) return;
- FP2_norm(&(P->y));
- FP2_neg(&(P->y),&(P->y));
- FP2_norm(&(P->y));
-}
-
-/* R+=R */
-/* return -1 for Infinity, 0 for addition, 1 for doubling */
-/* SU= 448 */
-int ZZZ::ECP2_dbl(ECP2 *P)
-{
- FP2 t0,t1,t2,t3,iy,x3,y3;
-// if (P->inf) return -1;
-
- FP2_copy(&iy,&(P->y)); //FP2 iy=new FP2(y);
-#if SEXTIC_TWIST_ZZZ==D_TYPE
- FP2_mul_ip(&iy); //iy.mul_ip();
- FP2_norm(&iy); //iy.norm();
-#endif
- //FP2_copy(&t0,&(P->y)); //FP2 t0=new FP2(y); //***** Change
- FP2_sqr(&t0,&(P->y)); //t0.sqr();
-#if SEXTIC_TWIST_ZZZ==D_TYPE
- FP2_mul_ip(&t0); //t0.mul_ip();
-#endif
- //FP2_copy(&t1,&iy); //FP2 t1=new FP2(iy);
- FP2_mul(&t1,&iy,&(P->z)); //t1.mul(z);
- //FP2_copy(&t2,&(P->z)); //FP2 t2=new FP2(z);
- FP2_sqr(&t2,&(P->z)); //t2.sqr();
-
- //FP2_copy(&(P->z),&t0); //z.copy(t0);
- FP2_add(&(P->z),&t0,&t0); //z.add(t0);
- FP2_norm(&(P->z)); //z.norm();
- FP2_add(&(P->z),&(P->z),&(P->z)); //z.add(z);
- FP2_add(&(P->z),&(P->z),&(P->z)); //z.add(z);
- FP2_norm(&(P->z)); //z.norm();
-
- FP2_imul(&t2,&t2,3*CURVE_B_I); //t2.imul(3*ROM.CURVE_B_I);
-#if SEXTIC_TWIST_ZZZ==M_TYPE
- FP2_mul_ip(&t2);
- FP2_norm(&t2);
-#endif
-
- //FP2_copy(&x3,&t2); //FP2 x3=new FP2(t2);
- FP2_mul(&x3,&t2,&(P->z)); //x3.mul(z);
-
- //FP2_copy(&y3,&t0); //FP2 y3=new FP2(t0);
-
- FP2_add(&y3,&t0,&t2); //y3.add(t2);
- FP2_norm(&y3); //y3.norm();
- FP2_mul(&(P->z),&(P->z),&t1); //z.mul(t1);
-
- //FP2_copy(&t1,&t2); //t1.copy(t2);
- FP2_add(&t1,&t2,&t2); //t1.add(t2);
- FP2_add(&t2,&t2,&t1); //t2.add(t1);
- FP2_norm(&t2); //t2.norm();
- FP2_sub(&t0,&t0,&t2); //t0.sub(t2);
- FP2_norm(&t0); //t0.norm(); //y^2-9bz^2
- FP2_mul(&y3,&y3,&t0); //y3.mul(t0);
- FP2_add(&(P->y),&y3,&x3); //y3.add(x3); //(y^2+3z*2)(y^2-9z^2)+3b.z^2.8y^2
- //FP2_copy(&t1,&(P->x)); //t1.copy(x);
- FP2_mul(&t1,&(P->x),&iy); //t1.mul(iy); //
- //FP2_copy(&(P->x),&t0); //x.copy(t0);
- FP2_norm(&t0); //x.norm();
- FP2_mul(&(P->x),&t0,&t1); //x.mul(t1);
- FP2_add(&(P->x),&(P->x),&(P->x)); //x.add(x); //(y^2-9bz^2)xy2
-
- FP2_norm(&(P->x)); //x.norm();
- //FP2_copy(&(P->y),&y3); //y.copy(y3);
- FP2_norm(&(P->y)); //y.norm();
-
- return 1;
-}
-
-/* Set P+=Q */
-/* SU= 400 */
-int ZZZ::ECP2_add(ECP2 *P,ECP2 *Q)
-{
- FP2 t0,t1,t2,t3,t4,x3,y3,z3;
- int b3=3*CURVE_B_I;
-/* if (Q->inf) return 0;
- if (P->inf)
- {
- ECP2_copy(P,Q);
- return 0;
- }
-*/
-
-
- //FP2_copy(&t0,&(P->x)); //FP2 t0=new FP2(x);
- FP2_mul(&t0,&(P->x),&(Q->x)); //t0.mul(Q.x); // x.Q.x
- //FP2_copy(&t1,&(P->y)); //FP2 t1=new FP2(y);
- FP2_mul(&t1,&(P->y),&(Q->y)); //t1.mul(Q.y); // y.Q.y
-
- //FP2_copy(&t2,&(P->z)); //FP2 t2=new FP2(z);
- FP2_mul(&t2,&(P->z),&(Q->z)); //t2.mul(Q.z);
- //FP2_copy(&t3,&(P->x)); //FP2 t3=new FP2(x);
-
- FP2_add(&t3,&(P->x),&(P->y)); //t3.add(y);
- FP2_norm(&t3); //t3.norm(); //t3=X1+Y1
- //FP2_copy(&t4,&(Q->x)); //FP2 t4=new FP2(Q.x);
- FP2_add(&t4,&(Q->x),&(Q->y)); //t4.add(Q.y);
- FP2_norm(&t4); //t4.norm(); //t4=X2+Y2
- FP2_mul(&t3,&t3,&t4); //t3.mul(t4); //t3=(X1+Y1)(X2+Y2)
-
- //FP2_copy(&t4,&t0); //t4.copy(t0);
- FP2_add(&t4,&t0,&t1); //t4.add(t1); //t4=X1.X2+Y1.Y2
-
- FP2_sub(&t3,&t3,&t4); //t3.sub(t4);
- FP2_norm(&t3); //t3.norm();
-#if SEXTIC_TWIST_ZZZ==D_TYPE
- FP2_mul_ip(&t3); //t3.mul_ip();
- FP2_norm(&t3); //t3.norm(); //t3=(X1+Y1)(X2+Y2)-(X1.X2+Y1.Y2) = X1.Y2+X2.Y1
-#endif
- //FP2_copy(&t4,&(P->y)); //t4.copy(y);
- FP2_add(&t4,&(P->y),&(P->z)); //t4.add(z);
- FP2_norm(&t4); //t4.norm(); //t4=Y1+Z1
- //FP2_copy(&x3,&(Q->y)); //FP2 x3=new FP2(Q.y);
- FP2_add(&x3,&(Q->y),&(Q->z)); //x3.add(Q.z);
- FP2_norm(&x3); //x3.norm(); //x3=Y2+Z2
-
- FP2_mul(&t4,&t4,&x3); //t4.mul(x3); //t4=(Y1+Z1)(Y2+Z2)
- //FP2_copy(&x3,&t1); //x3.copy(t1); //
- FP2_add(&x3,&t1,&t2); //x3.add(t2); //X3=Y1.Y2+Z1.Z2
-
- FP2_sub(&t4,&t4,&x3); //t4.sub(x3);
- FP2_norm(&t4); //t4.norm();
-#if SEXTIC_TWIST_ZZZ==D_TYPE
- FP2_mul_ip(&t4); //t4.mul_ip();
- FP2_norm(&t4); //t4.norm(); //t4=(Y1+Z1)(Y2+Z2) - (Y1.Y2+Z1.Z2) = Y1.Z2+Y2.Z1
-#endif
- //FP2_copy(&x3,&(P->x)); //x3.copy(x);
- FP2_add(&x3,&(P->x),&(P->z)); //x3.add(z);
- FP2_norm(&x3); //x3.norm(); // x3=X1+Z1
- //FP2_copy(&y3,&(Q->x)); //FP2 y3=new FP2(Q.x);
- FP2_add(&y3,&(Q->x),&(Q->z)); //y3.add(Q.z);
- FP2_norm(&y3); //y3.norm(); // y3=X2+Z2
- FP2_mul(&x3,&x3,&y3); //x3.mul(y3); // x3=(X1+Z1)(X2+Z2)
- //FP2_copy(&y3,&t0); //y3.copy(t0);
- FP2_add(&y3,&t0,&t2); //y3.add(t2); // y3=X1.X2+Z1+Z2
- FP2_sub(&y3,&x3,&y3); //y3.rsub(x3);
- FP2_norm(&y3); //y3.norm(); // y3=(X1+Z1)(X2+Z2) - (X1.X2+Z1.Z2) = X1.Z2+X2.Z1
-#if SEXTIC_TWIST_ZZZ==D_TYPE
- FP2_mul_ip(&t0); //t0.mul_ip();
- FP2_norm(&t0); //t0.norm(); // x.Q.x
- FP2_mul_ip(&t1); //t1.mul_ip();
- FP2_norm(&t1); //t1.norm(); // y.Q.y
-#endif
-
- //FP2_copy(&x3,&t0); //x3.copy(t0);
- FP2_add(&x3,&t0,&t0); //x3.add(t0);
- FP2_add(&t0,&t0,&x3); //t0.add(x3);
- FP2_norm(&t0); //t0.norm();
- FP2_imul(&t2,&t2,b3); //t2.imul(b);
-#if SEXTIC_TWIST_ZZZ==M_TYPE
- FP2_mul_ip(&t2);
- FP2_norm(&t2);
-#endif
-
- //FP2_copy(&z3,&t1); //FP2 z3=new FP2(t1);
- FP2_add(&z3,&t1,&t2); //z3.add(t2);
- FP2_norm(&z3); //z3.norm();
- FP2_sub(&t1,&t1,&t2); //t1.sub(t2);
- FP2_norm(&t1); //t1.norm();
-
- FP2_imul(&y3,&y3,b3); //y3.imul(b);
-#if SEXTIC_TWIST_ZZZ==M_TYPE
- FP2_mul_ip(&y3);
- FP2_norm(&y3);
-#endif
-
- //FP2_copy(&x3,&y3); //x3.copy(y3);
- FP2_mul(&x3,&y3,&t4); //x3.mul(t4);
- //FP2_copy(&t2,&t3); //t2.copy(t3);
- FP2_mul(&t2,&t3,&t1); //t2.mul(t1);
- FP2_sub(&(P->x),&t2,&x3); //x3.rsub(t2);
- FP2_mul(&y3,&y3,&t0); //y3.mul(t0);
- FP2_mul(&t1,&t1,&z3); //t1.mul(z3);
- FP2_add(&(P->y),&y3,&t1); //y3.add(t1);
-
- FP2_mul(&t0,&t0,&t3); //t0.mul(t3);
- FP2_mul(&z3,&z3,&t4); //z3.mul(t4);
- FP2_add(&(P->z),&z3,&t0); //z3.add(t0);
-
- //FP2_copy(&(P->x),&x3); //x.copy(x3);
- FP2_norm(&(P->x)); //x.norm();
- //FP2_copy(&(P->y),&y3); //y.copy(y3);
- FP2_norm(&(P->y)); //y.norm();
- //FP2_copy(&(P->z),&z3); //z.copy(z3);
- FP2_norm(&(P->z)); //z.norm();
-
- return 0;
-}
-
-/* Set P-=Q */
-/* SU= 16 */
-void ZZZ::ECP2_sub(ECP2 *P,ECP2 *Q)
-{
- ECP2 NQ;
- ECP2_copy(&NQ,Q);
- ECP2_neg(&NQ);
- //ECP2_neg(Q);
- ECP2_add(P,&NQ);
- //ECP2_neg(Q);
-}
-
-/* P*=e */
-/* SU= 280 */
-void ZZZ::ECP2_mul(ECP2 *P,BIG e)
-{
- /* fixed size windows */
- int i,nb,s,ns;
- BIG mt,t;
- ECP2 Q,W[8],C;
- sign8 w[1+(NLEN_XXX*BASEBITS_XXX+3)/4];
-
- if (ECP2_isinf(P)) return;
- //ECP2_affine(P);
-
-
- /* precompute table */
-
- ECP2_copy(&Q,P);
- ECP2_dbl(&Q);
- ECP2_copy(&W[0],P);
-
- for (i=1; i<8; i++)
- {
- ECP2_copy(&W[i],&W[i-1]);
- ECP2_add(&W[i],&Q);
- }
-
- /* make exponent odd - add 2P if even, P if odd */
- BIG_copy(t,e);
- s=BIG_parity(t);
- BIG_inc(t,1);
- BIG_norm(t);
- ns=BIG_parity(t);
- BIG_copy(mt,t);
- BIG_inc(mt,1);
- BIG_norm(mt);
- BIG_cmove(t,mt,s);
- ECP2_cmove(&Q,P,ns);
- ECP2_copy(&C,&Q);
-
- nb=1+(BIG_nbits(t)+3)/4;
-
- /* convert exponent to signed 4-bit window */
- for (i=0; i<nb; i++)
- {
- w[i]=BIG_lastbits(t,5)-16;
- BIG_dec(t,w[i]);
- BIG_norm(t);
- BIG_fshr(t,4);
- }
- w[nb]=BIG_lastbits(t,5);
-
- ECP2_copy(P,&W[(w[nb]-1)/2]);
- for (i=nb-1; i>=0; i--)
- {
- ECP2_select(&Q,W,w[i]);
- ECP2_dbl(P);
- ECP2_dbl(P);
- ECP2_dbl(P);
- ECP2_dbl(P);
- ECP2_add(P,&Q);
- }
- ECP2_sub(P,&C); /* apply correction */
- ECP2_affine(P);
-}
-
-/* Calculates q.P using Frobenius constant X */
-/* SU= 96 */
-void ZZZ::ECP2_frob(ECP2 *P,FP2 *X)
-{
- FP2 X2;
- FP2_sqr(&X2,X);
-//printf("Into frob %d\n",(P->z).b.XES);
- FP2_conj(&(P->x),&(P->x));
-//printf("x\n");
- FP2_conj(&(P->y),&(P->y));
-//printf("za = %d zb= %d\n",(P->z).a.g[MPV_XXX],(P->z).b.g[MPV_XXX]);
- FP2_conj(&(P->z),&(P->z));
-//printf("Into frob %d\n",(P->z).b.XES);
- FP2_reduce(&(P->z));
- FP2_mul(&(P->x),&X2,&(P->x));
- FP2_mul(&(P->y),&X2,&(P->y));
- FP2_mul(&(P->y),X,&(P->y));
-}
-
-// Bos & Costello https://eprint.iacr.org/2013/458.pdf
-// Faz-Hernandez & Longa & Sanchez https://eprint.iacr.org/2013/158.pdf
-// Side channel attack secure
-
-void ZZZ::ECP2_mul4(ECP2 *P,ECP2 Q[4],BIG u[4])
-{
- int i,j,k,nb,pb,bt;
- ECP2 T[8],W;
- BIG t[4],mt;
- sign8 w[NLEN_XXX*BASEBITS_XXX+1];
- sign8 s[NLEN_XXX*BASEBITS_XXX+1];
-
- for (i=0; i<4; i++)
- {
- BIG_copy(t[i],u[i]);
- //ECP2_affine(&Q[i]);
- }
-
-// Precomputed table
- ECP2_copy(&T[0],&Q[0]); // Q[0]
- ECP2_copy(&T[1],&T[0]);
- ECP2_add(&T[1],&Q[1]); // Q[0]+Q[1]
- ECP2_copy(&T[2],&T[0]);
- ECP2_add(&T[2],&Q[2]); // Q[0]+Q[2]
- ECP2_copy(&T[3],&T[1]);
- ECP2_add(&T[3],&Q[2]); // Q[0]+Q[1]+Q[2]
- ECP2_copy(&T[4],&T[0]);
- ECP2_add(&T[4],&Q[3]); // Q[0]+Q[3]
- ECP2_copy(&T[5],&T[1]);
- ECP2_add(&T[5],&Q[3]); // Q[0]+Q[1]+Q[3]
- ECP2_copy(&T[6],&T[2]);
- ECP2_add(&T[6],&Q[3]); // Q[0]+Q[2]+Q[3]
- ECP2_copy(&T[7],&T[3]);
- ECP2_add(&T[7],&Q[3]); // Q[0]+Q[1]+Q[2]+Q[3]
-
-// Make it odd
- pb=1-BIG_parity(t[0]);
- BIG_inc(t[0],pb);
- BIG_norm(t[0]);
-
-// Number of bits
- BIG_zero(mt);
- for (i=0; i<4; i++)
- {
- BIG_or(mt,mt,t[i]);
- }
- nb=1+BIG_nbits(mt);
-
-// Sign pivot
- s[nb-1]=1;
- for (i=0;i<nb-1;i++)
- {
- BIG_fshr(t[0],1);
- s[i]=2*BIG_parity(t[0])-1;
- }
-
-// Recoded exponent
- for (i=0; i<nb; i++)
- {
- w[i]=0;
- k=1;
- for (j=1; j<4; j++)
- {
- bt=s[i]*BIG_parity(t[j]);
- BIG_fshr(t[j],1);
-
- BIG_dec(t[j],(bt>>1));
- BIG_norm(t[j]);
- w[i]+=bt*k;
- k*=2;
- }
- }
-
-// Main loop
- ECP2_select(P,T,2*w[nb-1]+1);
- for (i=nb-2; i>=0; i--)
- {
- ECP2_select(&W,T,2*w[i]+s[i]);
- ECP2_dbl(P);
- ECP2_add(P,&W);
- }
-
-// apply correction
- ECP2_copy(&W,P);
- ECP2_sub(&W,&Q[0]);
- ECP2_cmove(P,&W,pb);
-
- ECP2_affine(P);
-}
-
-/*
-void ZZZ::ECP2_mul4(ECP2 *P,ECP2 Q[4],BIG u[4])
-{
- int i,j,a[4],nb,pb;
- ECP2 W[8],T,C;
- BIG mt,t[4];
-
- sign8 w[NLEN_XXX*BASEBITS_XXX+1];
-
- for (i=0; i<4; i++)
- {
- BIG_copy(t[i],u[i]);
- ECP2_affine(&Q[i]);
- }
-
- // precompute table
-
- ECP2_copy(&W[0],&Q[0]);
- ECP2_sub(&W[0],&Q[1]); // P-Q
- ECP2_copy(&W[1],&W[0]);
- ECP2_copy(&W[2],&W[0]);
- ECP2_copy(&W[3],&W[0]);
- ECP2_copy(&W[4],&Q[0]);
- ECP2_add(&W[4],&Q[1]); // P+Q
- ECP2_copy(&W[5],&W[4]);
- ECP2_copy(&W[6],&W[4]);
- ECP2_copy(&W[7],&W[4]);
-
- ECP2_copy(&T,&Q[2]);
- ECP2_sub(&T,&Q[3]); // R-S
- ECP2_sub(&W[1],&T);
- ECP2_add(&W[2],&T);
- ECP2_sub(&W[5],&T);
- ECP2_add(&W[6],&T);
- ECP2_copy(&T,&Q[2]);
- ECP2_add(&T,&Q[3]); // R+S
- ECP2_sub(&W[0],&T);
- ECP2_add(&W[3],&T);
- ECP2_sub(&W[4],&T);
- ECP2_add(&W[7],&T);
-
- // if a multiplier u[i] is even add 1 to multiplier, and add Q[i] to correction
- ECP2_inf(&C);
-
- BIG_zero(mt);
- for (i=0; i<4; i++)
- {
-
- pb=BIG_parity(t[i]);
- BIG_inc(t[i],1-pb);
- BIG_norm(t[i]);
- ECP2_copy(&T,&C);
- ECP2_add(&T,&Q[i]);
- ECP2_cmove(&C,&T,1-pb);
-
- BIG_add(mt,mt,t[i]);
- BIG_norm(mt);
- }
-
- nb=1+BIG_nbits(mt);
-
- // convert exponent to signed 1-bit window
- for (j=0; j<nb; j++)
- {
- for (i=0; i<4; i++)
- {
- a[i]=BIG_lastbits(t[i],2)-2;
- BIG_dec(t[i],a[i]);
- BIG_norm(t[i]);
- BIG_fshr(t[i],1);
- }
- w[j]=8*a[0]+4*a[1]+2*a[2]+a[3];
- }
- w[nb]=8*BIG_lastbits(t[0],2)+4*BIG_lastbits(t[1],2)+2*BIG_lastbits(t[2],2)+BIG_lastbits(t[3],2);
-
- ECP2_copy(P,&W[(w[nb]-1)/2]);
- for (i=nb-1; i>=0; i--)
- {
- ECP2_select(&T,W,w[i]);
- ECP2_dbl(P);
- ECP2_add(P,&T);
- }
- ECP2_sub(P,&C); // apply correction
-
- ECP2_affine(P);
-}
-
-*/
-
-/* Map to hash value to point on G2 from random BIG */
-
-void ZZZ::ECP2_mapit(ECP2 *Q,octet *W)
-{
- BIG q,one,x,hv;
- FP Fx,Fy;
- FP2 X;
-#if (PAIRING_FRIENDLY_ZZZ == BN)
- ECP2 T,K;
-#elif (PAIRING_FRIENDLY_ZZZ == BLS)
- ECP2 xQ, x2Q;
-#endif
- BIG_fromBytes(hv,W->val);
- BIG_rcopy(q,Modulus);
- BIG_one(one);
- BIG_mod(hv,q);
-
- for (;;)
- {
- FP2_from_BIGs(&X,one,hv);
- if (ECP2_setx(Q,&X)) break;
- BIG_inc(hv,1);
- }
-
- FP_rcopy(&Fx,Fra);
- FP_rcopy(&Fy,Frb);
- FP2_from_FPs(&X,&Fx,&Fy);
-
-#if SEXTIC_TWIST_ZZZ==M_TYPE
- FP2_inv(&X,&X);
- FP2_norm(&X);
-#endif
-
- BIG_rcopy(x,CURVE_Bnx);
-
-#if (PAIRING_FRIENDLY_ZZZ == BN)
-
- // Faster Hashing to G2 - Fuentes-Castaneda, Knapp and Rodriguez-Henriquez
- // Q -> xQ + F(3xQ) + F(F(xQ)) + F(F(F(Q))).
- ECP2_copy(&T,Q);
- ECP2_mul(&T,x);
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- ECP2_neg(&T); // our x is negative
-#endif
- ECP2_copy(&K,&T);
- ECP2_dbl(&K);
- ECP2_add(&K,&T);
- //ECP2_affine(&K);
-
- ECP2_frob(&K,&X);
- ECP2_frob(Q,&X);
- ECP2_frob(Q,&X);
- ECP2_frob(Q,&X);
- ECP2_add(Q,&T);
- ECP2_add(Q,&K);
- ECP2_frob(&T,&X);
- ECP2_frob(&T,&X);
- ECP2_add(Q,&T);
- ECP2_affine(Q);
-
-#elif (PAIRING_FRIENDLY_ZZZ == BLS)
-
- // Efficient hash maps to G2 on BLS curves - Budroni, Pintore
- // Q -> x2Q -xQ -Q +F(xQ -Q) +F(F(2Q))
-
- ECP2_copy(&xQ,Q);
- ECP2_mul(&xQ,x);
- ECP2_copy(&x2Q,&xQ);
- ECP2_mul(&x2Q,x);
-
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- ECP2_neg(&xQ);
-#endif
-
- ECP2_sub(&x2Q,&xQ);
- ECP2_sub(&x2Q,Q);
-
- ECP2_sub(&xQ,Q);
- ECP2_frob(&xQ,&X);
-
- ECP2_dbl(Q);
- ECP2_frob(Q,&X);
- ECP2_frob(Q,&X);
-
- ECP2_add(Q,&x2Q);
- ECP2_add(Q,&xQ);
-
- ECP2_affine(Q);
-
-#endif
-}
-
-void ZZZ::ECP2_generator(ECP2 *G)
-{
- FP2 wx,wy;
-
- FP_rcopy(&(wx.a),CURVE_Pxa);
- FP_rcopy(&(wx.b),CURVE_Pxb);
- FP_rcopy(&(wy.a),CURVE_Pya);
- FP_rcopy(&(wy.b),CURVE_Pyb);
- ECP2_set(G,&wx,&wy);
-}
-
-/*
-
-int main()
-{
- int i;
- ECP2 G,P;
- ECP2 *W;
- FP2 x,y,w,z,f;
- BIG r,xa,xb,ya,yb;
-
- BIG_rcopy(xa,CURVE_Pxa);
- BIG_rcopy(xb,CURVE_Pxb);
- BIG_rcopy(ya,CURVE_Pya);
- BIG_rcopy(yb,CURVE_Pyb);
-
- FP2_from_BIGs(&x,xa,xb);
- FP2_from_BIGs(&y,ya,yb);
- ECP2_set(&G,&x,&y);
- if (G.inf) printf("Failed to set - point not on curve\n");
- else printf("set success\n");
-
- ECP2_output(&G);
-
-// BIG_copy(r,CURVE_Order);
- BIG_rcopy(r,Modulus);
-
- ECP2_copy(&P,&G);
-
- ECP2_mul(&P,r);
-
- ECP2_output(&P);
-
- FP2_gfc(&f,12);
-
- ECP2_frob(&G,&f);
-
- ECP2_output(&G);
-
- return 0;
-}
-
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/cpp/ecp2.h
----------------------------------------------------------------------
diff --git a/version3/cpp/ecp2.h b/version3/cpp/ecp2.h
deleted file mode 100644
index 9cb5739..0000000
--- a/version3/cpp/ecp2.h
+++ /dev/null
@@ -1,203 +0,0 @@
-#ifndef ECP2_ZZZ_H
-#define ECP2_ZZZ_H
-
-#include "fp2_YYY.h"
-#include "config_curve_ZZZ.h"
-
-using namespace amcl;
-
-
-namespace YYY {
-
-extern const XXX::BIG Fra; /**< real part of BN curve Frobenius Constant */
-extern const XXX::BIG Frb; /**< imaginary part of BN curve Frobenius Constant */
-
-}
-
-namespace ZZZ {
-
-/**
- @brief ECP2 Structure - Elliptic Curve Point over quadratic extension field
-*/
-
-typedef struct
-{
-// int inf; /**< Infinity Flag */
- YYY::FP2 x; /**< x-coordinate of point */
- YYY::FP2 y; /**< y-coordinate of point */
- YYY::FP2 z; /**< z-coordinate of point */
-} ECP2;
-
-
-/* Curve Params - see rom.c */
-extern const int CURVE_A; /**< Elliptic curve A parameter */
-extern const int CURVE_B_I; /**< Elliptic curve B parameter */
-extern const XXX::BIG CURVE_B; /**< Elliptic curve B parameter */
-extern const XXX::BIG CURVE_Order; /**< Elliptic curve group order */
-extern const XXX::BIG CURVE_Cof; /**< Elliptic curve cofactor */
-extern const XXX::BIG CURVE_Bnx; /**< Elliptic curve parameter */
-
-
-/* Generator point on G1 */
-extern const XXX::BIG CURVE_Gx; /**< x-coordinate of generator point in group G1 */
-extern const XXX::BIG CURVE_Gy; /**< y-coordinate of generator point in group G1 */
-
-/* For Pairings only */
-
-/* Generator point on G2 */
-extern const XXX::BIG CURVE_Pxa; /**< real part of x-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pxb; /**< imaginary part of x-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pya; /**< real part of y-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pyb; /**< imaginary part of y-coordinate of generator point in group G2 */
-
-/* ECP2 E(Fp2) prototypes */
-/** @brief Tests for ECP2 point equal to infinity
- *
- @param P ECP2 point to be tested
- @return 1 if infinity, else returns 0
- */
-extern int ECP2_isinf(ECP2 *P);
-/** @brief Copy ECP2 point to another ECP2 point
- *
- @param P ECP2 instance, on exit = Q
- @param Q ECP2 instance to be copied
- */
-extern void ECP2_copy(ECP2 *P,ECP2 *Q);
-/** @brief Set ECP2 to point-at-infinity
- *
- @param P ECP2 instance to be set to infinity
- */
-extern void ECP2_inf(ECP2 *P);
-/** @brief Tests for equality of two ECP2s
- *
- @param P ECP2 instance to be compared
- @param Q ECP2 instance to be compared
- @return 1 if P=Q, else returns 0
- */
-extern int ECP2_equals(ECP2 *P,ECP2 *Q);
-/** @brief Converts an ECP2 point from Projective (x,y,z) coordinates to affine (x,y) coordinates
- *
- @param P ECP2 instance to be converted to affine form
- */
-extern void ECP2_affine(ECP2 *P);
-/** @brief Extract x and y coordinates of an ECP2 point P
- *
- If x=y, returns only x
- @param x FP2 on exit = x coordinate of point
- @param y FP2 on exit = y coordinate of point (unless x=y)
- @param P ECP2 instance (x,y)
- @return -1 if P is point-at-infinity, else 0
- */
-extern int ECP2_get(YYY::FP2 *x,YYY::FP2 *y,ECP2 *P);
-/** @brief Formats and outputs an ECP2 point to the console, converted to affine coordinates
- *
- @param P ECP2 instance to be printed
- */
-extern void ECP2_output(ECP2 *P);
-/** @brief Formats and outputs an ECP2 point to the console, in projective coordinates
- *
- @param P ECP2 instance to be printed
- */
-extern void ECP2_outputxyz(ECP2 *P);
-/** @brief Formats and outputs an ECP2 point to an octet string
- *
- The octet string is created in the form x|y.
- Convert the real and imaginary parts of the x and y coordinates to big-endian base 256 form.
- @param S output octet string
- @param P ECP2 instance to be converted to an octet string
- */
-extern void ECP2_toOctet(octet *S,ECP2 *P);
-/** @brief Creates an ECP2 point from an octet string
- *
- The octet string is in the form x|y
- The real and imaginary parts of the x and y coordinates are in big-endian base 256 form.
- @param P ECP2 instance to be created from the octet string
- @param S input octet string
- return 1 if octet string corresponds to a point on the curve, else 0
- */
-extern int ECP2_fromOctet(ECP2 *P,octet *S);
-/** @brief Calculate Right Hand Side of curve equation y^2=f(x)
- *
- Function f(x)=x^3+Ax+B
- Used internally.
- @param r FP2 value of f(x)
- @param x FP2 instance
- */
-extern void ECP2_rhs(YYY::FP2 *r,YYY::FP2 *x);
-/** @brief Set ECP2 to point(x,y) given x and y
- *
- Point P set to infinity if no such point on the curve.
- @param P ECP2 instance to be set (x,y)
- @param x FP2 x coordinate of point
- @param y FP2 y coordinate of point
- @return 1 if point exists, else 0
- */
-extern int ECP2_set(ECP2 *P,YYY::FP2 *x,YYY::FP2 *y);
-/** @brief Set ECP to point(x,[y]) given x
- *
- Point P set to infinity if no such point on the curve. Otherwise y coordinate is calculated from x.
- @param P ECP instance to be set (x,[y])
- @param x BIG x coordinate of point
- @return 1 if point exists, else 0
- */
-extern int ECP2_setx(ECP2 *P,YYY::FP2 *x);
-/** @brief Negation of an ECP2 point
- *
- @param P ECP2 instance, on exit = -P
- */
-extern void ECP2_neg(ECP2 *P);
-/** @brief Doubles an ECP2 instance P
- *
- @param P ECP2 instance, on exit =2*P
- */
-extern int ECP2_dbl(ECP2 *P);
-/** @brief Adds ECP2 instance Q to ECP2 instance P
- *
- @param P ECP2 instance, on exit =P+Q
- @param Q ECP2 instance to be added to P
- */
-extern int ECP2_add(ECP2 *P,ECP2 *Q);
-/** @brief Subtracts ECP instance Q from ECP2 instance P
- *
- @param P ECP2 instance, on exit =P-Q
- @param Q ECP2 instance to be subtracted from P
- */
-extern void ECP2_sub(ECP2 *P,ECP2 *Q);
-/** @brief Multiplies an ECP2 instance P by a BIG, side-channel resistant
- *
- Uses fixed sized windows.
- @param P ECP2 instance, on exit =b*P
- @param b BIG number multiplier
-
- */
-extern void ECP2_mul(ECP2 *P,XXX::BIG b);
-/** @brief Multiplies an ECP2 instance P by the internal modulus p, using precalculated Frobenius constant f
- *
- Fast point multiplication using Frobenius
- @param P ECP2 instance, on exit = p*P
- @param f FP2 precalculated Frobenius constant
-
- */
-extern void ECP2_frob(ECP2 *P,YYY::FP2 *f);
-/** @brief Calculates P=b[0]*Q[0]+b[1]*Q[1]+b[2]*Q[2]+b[3]*Q[3]
- *
- @param P ECP2 instance, on exit = b[0]*Q[0]+b[1]*Q[1]+b[2]*Q[2]+b[3]*Q[3]
- @param Q ECP2 array of 4 points
- @param b BIG array of 4 multipliers
- */
-extern void ECP2_mul4(ECP2 *P,ECP2 *Q,XXX::BIG *b);
-
-/** @brief Maps random BIG to curve point of correct order
- *
- @param P ECP2 instance of correct order
- @param W OCTET byte array to be mapped
- */
-extern void ECP2_mapit(ECP2 *P,octet *w);
-/** @brief Get Group Generator from ROM
- *
- @param G ECP2 instance
- */
-extern void ECP2_generator(ECP2 *G);
-}
-
-#endif
\ No newline at end of file
[46/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/fp12.c
----------------------------------------------------------------------
diff --git a/version22/c/fp12.c b/version22/c/fp12.c
deleted file mode 100644
index f7d9815..0000000
--- a/version22/c/fp12.c
+++ /dev/null
@@ -1,727 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL Fp^12 functions */
-/* SU=m, m is Stack Usage (no lazy )*/
-/* FP12 elements are of the form a+i.b+i^2.c */
-
-#include "amcl.h"
-
-/* test x==0 ? */
-/* SU= 8 */
-int FP12_iszilch(FP12 *x)
-{
- if (FP4_iszilch(&(x->a)) && FP4_iszilch(&(x->b)) && FP4_iszilch(&(x->c))) return 1;
- return 0;
-}
-
-/* test x==1 ? */
-/* SU= 8 */
-int FP12_isunity(FP12 *x)
-{
- if (FP4_isunity(&(x->a)) && FP4_iszilch(&(x->b)) && FP4_iszilch(&(x->c))) return 1;
- return 0;
-}
-
-/* FP12 copy w=x */
-/* SU= 16 */
-void FP12_copy(FP12 *w,FP12 *x)
-{
- if (x==w) return;
- FP4_copy(&(w->a),&(x->a));
- FP4_copy(&(w->b),&(x->b));
- FP4_copy(&(w->c),&(x->c));
-}
-
-/* FP12 w=1 */
-/* SU= 8 */
-void FP12_one(FP12 *w)
-{
- FP4_one(&(w->a));
- FP4_zero(&(w->b));
- FP4_zero(&(w->c));
-}
-
-/* return 1 if x==y, else 0 */
-/* SU= 16 */
-int FP12_equals(FP12 *x,FP12 *y)
-{
- if (FP4_equals(&(x->a),&(y->a)) && FP4_equals(&(x->b),&(y->b)) && FP4_equals(&(x->b),&(y->b)))
- return 1;
- return 0;
-}
-
-/* Set w=conj(x) */
-/* SU= 8 */
-void FP12_conj(FP12 *w,FP12 *x)
-{
- FP12_copy(w,x);
- FP4_conj(&(w->a),&(w->a));
- FP4_nconj(&(w->b),&(w->b));
- FP4_conj(&(w->c),&(w->c));
-}
-
-/* Create FP12 from FP4 */
-/* SU= 8 */
-void FP12_from_FP4(FP12 *w,FP4 *a)
-{
- FP4_copy(&(w->a),a);
- FP4_zero(&(w->b));
- FP4_zero(&(w->c));
-}
-
-/* Create FP12 from 3 FP4's */
-/* SU= 16 */
-void FP12_from_FP4s(FP12 *w,FP4 *a,FP4 *b,FP4 *c)
-{
- FP4_copy(&(w->a),a);
- FP4_copy(&(w->b),b);
- FP4_copy(&(w->c),c);
-}
-
-/* Granger-Scott Unitary Squaring. This does not benefit from lazy reduction */
-/* SU= 600 */
-void FP12_usqr(FP12 *w,FP12 *x)
-{
- FP4 A,B,C,D;
-
- FP4_copy(&A,&(x->a));
-
- FP4_sqr(&(w->a),&(x->a));
- FP4_add(&D,&(w->a),&(w->a));
- FP4_add(&(w->a),&D,&(w->a));
-
- FP4_norm(&(w->a));
- FP4_nconj(&A,&A);
-
- FP4_add(&A,&A,&A);
- FP4_add(&(w->a),&(w->a),&A);
- FP4_sqr(&B,&(x->c));
- FP4_times_i(&B);
-
- FP4_add(&D,&B,&B);
- FP4_add(&B,&B,&D);
- FP4_norm(&B);
-
- FP4_sqr(&C,&(x->b));
-
- FP4_add(&D,&C,&C);
- FP4_add(&C,&C,&D);
-
- FP4_norm(&C);
- FP4_conj(&(w->b),&(x->b));
- FP4_add(&(w->b),&(w->b),&(w->b));
- FP4_nconj(&(w->c),&(x->c));
-
- FP4_add(&(w->c),&(w->c),&(w->c));
- FP4_add(&(w->b),&B,&(w->b));
- FP4_add(&(w->c),&C,&(w->c));
- FP12_reduce(w); /* reduce here as in pow function repeated squarings would trigger multiple reductions */
-
-}
-
-/* FP12 squaring w=x^2 */
-/* SU= 600 */
-void FP12_sqr(FP12 *w,FP12 *x)
-{
- /* Use Chung-Hasan SQR2 method from http://cacr.uwaterloo.ca/techreports/2006/cacr2006-24.pdf */
-
- FP4 A,B,C,D;
-
- FP4_sqr(&A,&(x->a));
- FP4_mul(&B,&(x->b),&(x->c));
- FP4_add(&B,&B,&B);
- FP4_sqr(&C,&(x->c));
- FP4_mul(&D,&(x->a),&(x->b));
- FP4_add(&D,&D,&D);
- FP4_add(&(w->c),&(x->a),&(x->c));
- FP4_add(&(w->c),&(x->b),&(w->c));
-
- FP4_sqr(&(w->c),&(w->c));
-
- FP4_copy(&(w->a),&A);
-
- FP4_add(&A,&A,&B);
-
- FP4_norm(&A);
-
- FP4_add(&A,&A,&C);
- FP4_add(&A,&A,&D);
-
- FP4_norm(&A);
-
- FP4_neg(&A,&A);
- FP4_times_i(&B);
- FP4_times_i(&C);
-
- FP4_add(&(w->a),&(w->a),&B);
- FP4_add(&(w->b),&C,&D);
- FP4_add(&(w->c),&(w->c),&A);
-
- FP12_norm(w);
-}
-
-/* FP12 full multiplication w=w*y */
-
-
-/* SU= 896 */
-/* FP12 full multiplication w=w*y */
-void FP12_mul(FP12 *w,FP12 *y)
-{
- FP4 z0,z1,z2,z3,t0,t1;
-
- FP4_mul(&z0,&(w->a),&(y->a));
- FP4_mul(&z2,&(w->b),&(y->b)); //
-
- FP4_add(&t0,&(w->a),&(w->b));
- FP4_add(&t1,&(y->a),&(y->b)); //
- FP4_mul(&z1,&t0,&t1);
- FP4_add(&t0,&(w->b),&(w->c));
-
- FP4_add(&t1,&(y->b),&(y->c)); //
- FP4_mul(&z3,&t0,&t1);
-
- FP4_neg(&t0,&z0);
- FP4_neg(&t1,&z2);
-
- FP4_add(&z1,&z1,&t0); // z1=z1-z0
-
- FP4_norm(&z1);
-
- FP4_add(&(w->b),&z1,&t1);
-// z1=z1-z2
- FP4_add(&z3,&z3,&t1); // z3=z3-z2
- FP4_add(&z2,&z2,&t0); // z2=z2-z0
-
- FP4_add(&t0,&(w->a),&(w->c));
-
- FP4_add(&t1,&(y->a),&(y->c));
- FP4_mul(&t0,&t1,&t0);
- FP4_add(&z2,&z2,&t0);
-
- FP4_mul(&t0,&(w->c),&(y->c));
- FP4_neg(&t1,&t0);
-
- FP4_norm(&z2);
- FP4_norm(&z3);
- FP4_norm(&(w->b));
-
- FP4_add(&(w->c),&z2,&t1);
- FP4_add(&z3,&z3,&t1);
- FP4_times_i(&t0);
- FP4_add(&(w->b),&(w->b),&t0);
-
- FP4_times_i(&z3);
- FP4_add(&(w->a),&z0,&z3);
-
- FP12_norm(w);
-}
-
-/* FP12 multiplication w=w*y */
-/* SU= 744 */
-/* catering for special case that arises from special form of ATE pairing line function */
-void FP12_smul(FP12 *w,FP12 *y)
-{
- FP4 z0,z2,z3,t0,t1;
-
- FP4_copy(&z3,&(w->b));
- FP4_mul(&z0,&(w->a),&(y->a));
- FP4_pmul(&z2,&(w->b),&(y->b).a);
- FP4_add(&(w->b),&(w->a),&(w->b));
- FP4_copy(&t1,&(y->a));
- FP2_add(&t1.a,&t1.a,&(y->b).a);
-
- FP4_mul(&(w->b),&(w->b),&t1);
- FP4_add(&z3,&z3,&(w->c));
- FP4_pmul(&z3,&z3,&(y->b).a);
- FP4_neg(&t0,&z0);
- FP4_neg(&t1,&z2);
-
- FP4_add(&(w->b),&(w->b),&t0); // z1=z1-z0
-
- FP4_norm(&(w->b));
-
- FP4_add(&(w->b),&(w->b),&t1); // z1=z1-z2
-
- FP4_add(&z3,&z3,&t1); // z3=z3-z2
- FP4_add(&z2,&z2,&t0); // z2=z2-z0
-
- FP4_add(&t0,&(w->a),&(w->c));
-
- FP4_mul(&t0,&(y->a),&t0);
- FP4_add(&(w->c),&z2,&t0);
-
- FP4_times_i(&z3);
- FP4_add(&(w->a),&z0,&z3);
-
- FP12_norm(w);
-}
-
-/* Set w=1/x */
-/* SU= 600 */
-void FP12_inv(FP12 *w,FP12 *x)
-{
- FP4 f0,f1,f2,f3;
- FP12_norm(x);
-
- FP4_sqr(&f0,&(x->a));
- FP4_mul(&f1,&(x->b),&(x->c));
- FP4_times_i(&f1);
- FP4_sub(&f0,&f0,&f1); /* y.a */
-
- FP4_sqr(&f1,&(x->c));
- FP4_times_i(&f1);
- FP4_mul(&f2,&(x->a),&(x->b));
- FP4_sub(&f1,&f1,&f2); /* y.b */
-
- FP4_sqr(&f2,&(x->b));
- FP4_mul(&f3,&(x->a),&(x->c));
- FP4_sub(&f2,&f2,&f3); /* y.c */
-
- FP4_mul(&f3,&(x->b),&f2);
- FP4_times_i(&f3);
- FP4_mul(&(w->a),&f0,&(x->a));
- FP4_add(&f3,&(w->a),&f3);
- FP4_mul(&(w->c),&f1,&(x->c));
- FP4_times_i(&(w->c));
-
- FP4_add(&f3,&(w->c),&f3);
- FP4_inv(&f3,&f3);
-
- FP4_mul(&(w->a),&f0,&f3);
- FP4_mul(&(w->b),&f1,&f3);
- FP4_mul(&(w->c),&f2,&f3);
-
-}
-
-/* constant time powering by small integer of max length bts */
-
-void FP12_pinpow(FP12 *r,int e,int bts)
-{
- int i,b;
- FP12 R[2];
-
- FP12_one(&R[0]);
- FP12_copy(&R[1],r);
-
- for (i=bts-1; i>=0; i--)
- {
- b=(e>>i)&1;
- FP12_mul(&R[1-b],&R[b]);
- FP12_usqr(&R[b],&R[b]);
- }
- FP12_copy(r,&R[0]);
-}
-
-/* SU= 528 */
-/* set r=a^b */
-/* Note this is simple square and multiply, so not side-channel safe */
-
-void FP12_pow(FP12 *r,FP12 *a,BIG b)
-{
- FP12 w;
- BIG z,zilch;
- int bt;
- BIG_zero(zilch);
- BIG_norm(b);
- BIG_copy(z,b);
- FP12_copy(&w,a);
- FP12_one(r);
-
- while(1)
- {
- bt=BIG_parity(z);
- BIG_shr(z,1);
- if (bt)
- FP12_mul(r,&w);
- if (BIG_comp(z,zilch)==0) break;
- FP12_usqr(&w,&w);
- }
-
- FP12_reduce(r);
-}
-
-/* p=q0^u0.q1^u1.q2^u2.q3^u3 */
-/* Timing attack secure, but not cache attack secure */
-
-void FP12_pow4(FP12 *p,FP12 *q,BIG u[4])
-{
- int i,j,a[4],nb,m;
- FP12 g[8],c,s[2];
- BIG t[4],mt;
- sign8 w[NLEN*BASEBITS+1];
-
- for (i=0; i<4; i++)
- BIG_copy(t[i],u[i]);
-
- FP12_copy(&g[0],&q[0]);
- FP12_conj(&s[0],&q[1]);
- FP12_mul(&g[0],&s[0]); /* P/Q */
- FP12_copy(&g[1],&g[0]);
- FP12_copy(&g[2],&g[0]);
- FP12_copy(&g[3],&g[0]);
- FP12_copy(&g[4],&q[0]);
- FP12_mul(&g[4],&q[1]); /* P*Q */
- FP12_copy(&g[5],&g[4]);
- FP12_copy(&g[6],&g[4]);
- FP12_copy(&g[7],&g[4]);
-
- FP12_copy(&s[1],&q[2]);
- FP12_conj(&s[0],&q[3]);
- FP12_mul(&s[1],&s[0]); /* R/S */
- FP12_conj(&s[0],&s[1]);
- FP12_mul(&g[1],&s[0]);
- FP12_mul(&g[2],&s[1]);
- FP12_mul(&g[5],&s[0]);
- FP12_mul(&g[6],&s[1]);
- FP12_copy(&s[1],&q[2]);
- FP12_mul(&s[1],&q[3]); /* R*S */
- FP12_conj(&s[0],&s[1]);
- FP12_mul(&g[0],&s[0]);
- FP12_mul(&g[3],&s[1]);
- FP12_mul(&g[4],&s[0]);
- FP12_mul(&g[7],&s[1]);
-
- /* if power is even add 1 to power, and add q to correction */
- FP12_one(&c);
-
- BIG_zero(mt);
- for (i=0; i<4; i++)
- {
- if (BIG_parity(t[i])==0)
- {
- BIG_inc(t[i],1);
- BIG_norm(t[i]);
- FP12_mul(&c,&q[i]);
- }
- BIG_add(mt,mt,t[i]);
- BIG_norm(mt);
- }
-
- FP12_conj(&c,&c);
- nb=1+BIG_nbits(mt);
-
- /* convert exponent to signed 1-bit window */
- for (j=0; j<nb; j++)
- {
- for (i=0; i<4; i++)
- {
- a[i]=BIG_lastbits(t[i],2)-2;
- BIG_dec(t[i],a[i]);
- BIG_norm(t[i]);
- BIG_fshr(t[i],1);
- }
- w[j]=8*a[0]+4*a[1]+2*a[2]+a[3];
- }
- w[nb]=8*BIG_lastbits(t[0],2)+4*BIG_lastbits(t[1],2)+2*BIG_lastbits(t[2],2)+BIG_lastbits(t[3],2);
- FP12_copy(p,&g[(w[nb]-1)/2]);
-
- for (i=nb-1; i>=0; i--)
- {
- m=w[i]>>7;
- j=(w[i]^m)-m; /* j=abs(w[i]) */
- j=(j-1)/2;
- FP12_copy(&s[0],&g[j]);
- FP12_conj(&s[1],&g[j]);
- FP12_usqr(p,p);
- FP12_mul(p,&s[m&1]);
- }
- FP12_mul(p,&c); /* apply correction */
- FP12_reduce(p);
-}
-
-/* Set w=w^p using Frobenius */
-/* SU= 160 */
-void FP12_frob(FP12 *w,FP2 *f)
-{
- FP2 f2,f3;
- FP2_sqr(&f2,f); /* f2=f^2 */
- FP2_mul(&f3,&f2,f); /* f3=f^3 */
-
- FP4_frob(&(w->a),&f3);
- FP4_frob(&(w->b),&f3);
- FP4_frob(&(w->c),&f3);
-
- FP4_pmul(&(w->b),&(w->b),f);
- FP4_pmul(&(w->c),&(w->c),&f2);
-}
-
-/* SU= 8 */
-/* normalise all components of w */
-void FP12_norm(FP12 *w)
-{
- FP4_norm(&(w->a));
- FP4_norm(&(w->b));
- FP4_norm(&(w->c));
-}
-
-/* SU= 8 */
-/* reduce all components of w */
-void FP12_reduce(FP12 *w)
-{
- FP4_reduce(&(w->a));
- FP4_reduce(&(w->b));
- FP4_reduce(&(w->c));
-}
-
-/* trace function w=trace(x) */
-/* SU= 8 */
-void FP12_trace(FP4 *w,FP12 *x)
-{
- FP4_imul(w,&(x->a),3);
- FP4_reduce(w);
-}
-
-/* SU= 8 */
-/* Output w in hex */
-void FP12_output(FP12 *w)
-{
- printf("[");
- FP4_output(&(w->a));
- printf(",");
- FP4_output(&(w->b));
- printf(",");
- FP4_output(&(w->c));
- printf("]");
-}
-
-/* SU= 64 */
-/* Convert g to octet string w */
-void FP12_toOctet(octet *W,FP12 *g)
-{
- BIG a;
- W->len=12*MODBYTES;
-
- BIG_copy(a,(*g).a.a.a);
- FP_redc(a);
- BIG_toBytes(&(W->val[0]),a);
- BIG_copy(a,(*g).a.a.b);
- FP_redc(a);
- BIG_toBytes(&(W->val[MODBYTES]),a);
- BIG_copy(a,(*g).a.b.a);
- FP_redc(a);
- BIG_toBytes(&(W->val[2*MODBYTES]),a);
- BIG_copy(a,(*g).a.b.b);
- FP_redc(a);
- BIG_toBytes(&(W->val[3*MODBYTES]),a);
- BIG_copy(a,(*g).b.a.a);
- FP_redc(a);
- BIG_toBytes(&(W->val[4*MODBYTES]),a);
- BIG_copy(a,(*g).b.a.b);
- FP_redc(a);
- BIG_toBytes(&(W->val[5*MODBYTES]),a);
- BIG_copy(a,(*g).b.b.a);
- FP_redc(a);
- BIG_toBytes(&(W->val[6*MODBYTES]),a);
- BIG_copy(a,(*g).b.b.b);
- FP_redc(a);
- BIG_toBytes(&(W->val[7*MODBYTES]),a);
- BIG_copy(a,(*g).c.a.a);
- FP_redc(a);
- BIG_toBytes(&(W->val[8*MODBYTES]),a);
- BIG_copy(a,(*g).c.a.b);
- FP_redc(a);
- BIG_toBytes(&(W->val[9*MODBYTES]),a);
- BIG_copy(a,(*g).c.b.a);
- FP_redc(a);
- BIG_toBytes(&(W->val[10*MODBYTES]),a);
- BIG_copy(a,(*g).c.b.b);
- FP_redc(a);
- BIG_toBytes(&(W->val[11*MODBYTES]),a);
-}
-
-/* SU= 24 */
-/* Restore g from octet string w */
-void FP12_fromOctet(FP12 *g,octet *W)
-{
- BIG_fromBytes((*g).a.a.a,&W->val[0]);
- FP_nres((*g).a.a.a);
- BIG_fromBytes((*g).a.a.b,&W->val[MODBYTES]);
- FP_nres((*g).a.a.b);
- BIG_fromBytes((*g).a.b.a,&W->val[2*MODBYTES]);
- FP_nres((*g).a.b.a);
- BIG_fromBytes((*g).a.b.b,&W->val[3*MODBYTES]);
- FP_nres((*g).a.b.b);
- BIG_fromBytes((*g).b.a.a,&W->val[4*MODBYTES]);
- FP_nres((*g).b.a.a);
- BIG_fromBytes((*g).b.a.b,&W->val[5*MODBYTES]);
- FP_nres((*g).b.a.b);
- BIG_fromBytes((*g).b.b.a,&W->val[6*MODBYTES]);
- FP_nres((*g).b.b.a);
- BIG_fromBytes((*g).b.b.b,&W->val[7*MODBYTES]);
- FP_nres((*g).b.b.b);
- BIG_fromBytes((*g).c.a.a,&W->val[8*MODBYTES]);
- FP_nres((*g).c.a.a);
- BIG_fromBytes((*g).c.a.b,&W->val[9*MODBYTES]);
- FP_nres((*g).c.a.b);
- BIG_fromBytes((*g).c.b.a,&W->val[10*MODBYTES]);
- FP_nres((*g).c.b.a);
- BIG_fromBytes((*g).c.b.b,&W->val[11*MODBYTES]);
- FP_nres((*g).c.b.b);
-}
-
-/*
-int main(){
- FP2 f,w0,w1;
- FP4 t0,t1,t2;
- FP12 w,t,lv;
- BIG a,b;
- BIG p;
-
- //Test w^(P^4) = w mod p^2
-// BIG_randomnum(a);
-// BIG_randomnum(b);
-// BIG_mod(a,Modulus); BIG_mod(b,Modulus);
- BIG_zero(a); BIG_zero(b); BIG_inc(a,1); BIG_inc(b,2); FP_nres(a); FP_nres(b);
- FP2_from_zps(&w0,a,b);
-
-// BIG_randomnum(a); BIG_randomnum(b);
-// BIG_mod(a,Modulus); BIG_mod(b,Modulus);
- BIG_zero(a); BIG_zero(b); BIG_inc(a,3); BIG_inc(b,4); FP_nres(a); FP_nres(b);
- FP2_from_zps(&w1,a,b);
-
- FP4_from_FP2s(&t0,&w0,&w1);
- FP4_reduce(&t0);
-
-// BIG_randomnum(a);
-// BIG_randomnum(b);
-// BIG_mod(a,Modulus); BIG_mod(b,Modulus);
- BIG_zero(a); BIG_zero(b); BIG_inc(a,5); BIG_inc(b,6); FP_nres(a); FP_nres(b);
- FP2_from_zps(&w0,a,b);
-
-// BIG_randomnum(a); BIG_randomnum(b);
-// BIG_mod(a,Modulus); BIG_mod(b,Modulus);
-
- BIG_zero(a); BIG_zero(b); BIG_inc(a,7); BIG_inc(b,8); FP_nres(a); FP_nres(b);
- FP2_from_zps(&w1,a,b);
-
- FP4_from_FP2s(&t1,&w0,&w1);
- FP4_reduce(&t1);
-
-// BIG_randomnum(a);
-// BIG_randomnum(b);
-// BIG_mod(a,Modulus); BIG_mod(b,Modulus);
- BIG_zero(a); BIG_zero(b); BIG_inc(a,9); BIG_inc(b,10); FP_nres(a); FP_nres(b);
- FP2_from_zps(&w0,a,b);
-
-// BIG_randomnum(a); BIG_randomnum(b);
-// BIG_mod(a,Modulus); BIG_mod(b,Modulus);
- BIG_zero(a); BIG_zero(b); BIG_inc(a,11); BIG_inc(b,12); FP_nres(a); FP_nres(b);
- FP2_from_zps(&w1,a,b);
-
- FP4_from_FP2s(&t2,&w0,&w1);
- FP4_reduce(&t2);
-
- FP12_from_FP4s(&w,&t0,&t1,&t2);
-
- FP12_copy(&t,&w);
-
- printf("w= ");
- FP12_output(&w);
- printf("\n");
-
- BIG_rcopy(p,Modulus);
- //BIG_zero(p); BIG_inc(p,7);
-
- FP12_pow(&w,&w,p);
-
- printf("w^p= ");
- FP12_output(&w);
- printf("\n");
-
- FP2_gfc(&f,12);
- FP12_frob(&t,&f);
- printf("w^p= ");
- FP12_output(&t);
- printf("\n");
-
-//exit(0);
-
- FP12_pow(&w,&w,p);
- //printf("w^p^2= ");
- //FP12_output(&w);
- //printf("\n");
- FP12_pow(&w,&w,p);
- //printf("w^p^3= ");
- //FP12_output(&w);
- //printf("\n");
- FP12_pow(&w,&w,p);
- FP12_pow(&w,&w,p);
- FP12_pow(&w,&w,p);
- printf("w^p^6= ");
- FP12_output(&w);
- printf("\n");
- FP12_pow(&w,&w,p);
- FP12_pow(&w,&w,p);
- printf("w^p^8= ");
- FP12_output(&w);
- printf("\n");
- FP12_pow(&w,&w,p);
- FP12_pow(&w,&w,p);
- FP12_pow(&w,&w,p);
- printf("w^p^11= ");
- FP12_output(&w);
- printf("\n");
-
- // BIG_zero(p); BIG_inc(p,7); BIG_norm(p);
- FP12_pow(&w,&w,p);
-
- printf("w^p12= ");
- FP12_output(&w);
- printf("\n");
-//exit(0);
-
- FP12_inv(&t,&w);
- printf("1/w mod p^4 = ");
- FP12_output(&t);
- printf("\n");
-
- FP12_inv(&w,&t);
- printf("1/(1/w) mod p^4 = ");
- FP12_output(&w);
- printf("\n");
-
-
-
- FP12_inv(&lv,&w);
-//printf("w= "); FP12_output(&w); printf("\n");
- FP12_conj(&w,&w);
-//printf("w= "); FP12_output(&w); printf("\n");
-//exit(0);
- FP12_mul(&w,&w,&lv);
-//printf("w= "); FP12_output(&w); printf("\n");
- FP12_copy(&lv,&w);
- FP12_frob(&w,&f);
- FP12_frob(&w,&f);
- FP12_mul(&w,&w,&lv);
-
-//printf("w= "); FP12_output(&w); printf("\n");
-//exit(0);
-
-w.unitary=0;
-FP12_conj(&lv,&w);
- printf("rx= "); FP12_output(&lv); printf("\n");
-FP12_inv(&lv,&w);
- printf("ry= "); FP12_output(&lv); printf("\n");
-
-
- return 0;
-}
-
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/fp2.c
----------------------------------------------------------------------
diff --git a/version22/c/fp2.c b/version22/c/fp2.c
deleted file mode 100644
index 93aa31e..0000000
--- a/version22/c/fp2.c
+++ /dev/null
@@ -1,435 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL Fp^2 functions */
-/* SU=m, m is Stack Usage (no lazy )*/
-
-/* FP2 elements are of the form a+ib, where i is sqrt(-1) */
-
-#include "amcl.h"
-
-/* test x==0 ? */
-/* SU= 8 */
-int FP2_iszilch(FP2 *x)
-{
- FP2_reduce(x);
- if (BIG_iszilch(x->a) && BIG_iszilch(x->b)) return 1;
- return 0;
-}
-
-/* Move b to a if d=1 */
-void FP2_cmove(FP2 *f,FP2 *g,int d)
-{
- BIG_cmove(f->a,g->a,d);
- BIG_cmove(f->b,g->b,d);
-}
-
-/* test x==1 ? */
-/* SU= 48 */
-int FP2_isunity(FP2 *x)
-{
- BIG one;
- FP_one(one);
- FP2_reduce(x);
- if (BIG_comp(x->a,one)==0 && BIG_iszilch(x->b)) return 1;
- return 0;
-}
-
-/* SU= 8 */
-/* Fully reduce a and b mod Modulus */
-void FP2_reduce(FP2 *w)
-{
- FP_reduce(w->a);
- FP_reduce(w->b);
-}
-
-/* return 1 if x==y, else 0 */
-/* SU= 16 */
-int FP2_equals(FP2 *x,FP2 *y)
-{
- FP2_reduce(x);
- FP2_reduce(y);
- if (BIG_comp(x->a,y->a)==0 && BIG_comp(x->b,y->b)==0)
- return 1;
- return 0;
-}
-
-/* Create FP2 from two FPs */
-/* SU= 16 */
-void FP2_from_FPs(FP2 *w,BIG x,BIG y)
-{
- BIG_copy(w->a,x);
- BIG_copy(w->b,y);
-}
-
-/* Create FP2 from two BIGS */
-/* SU= 16 */
-void FP2_from_BIGs(FP2 *w,BIG x,BIG y)
-{
- BIG_copy(w->a,x);
- BIG_copy(w->b,y);
- FP_nres(w->a);
- FP_nres(w->b);
-}
-
-/* Create FP2 from FP */
-/* SU= 8 */
-void FP2_from_FP(FP2 *w,BIG x)
-{
- BIG_copy(w->a,x);
- BIG_zero(w->b);
-}
-
-/* Create FP2 from BIG */
-/* SU= 8 */
-void FP2_from_BIG(FP2 *w,BIG x)
-{
- BIG_copy(w->a,x);
- FP_nres(w->a);
- BIG_zero(w->b);
-}
-
-/* FP2 copy w=x */
-/* SU= 16 */
-void FP2_copy(FP2 *w,FP2 *x)
-{
- if (w==x) return;
- BIG_copy(w->a,x->a);
- BIG_copy(w->b,x->b);
-}
-
-/* FP2 set w=0 */
-/* SU= 8 */
-void FP2_zero(FP2 *w)
-{
- BIG_zero(w->a);
- BIG_zero(w->b);
-}
-
-/* FP2 set w=1 */
-/* SU= 48 */
-void FP2_one(FP2 *w)
-{
- BIG one;
- FP_one(one);
- FP2_from_FP(w,one);
-}
-
-/* Set w=-x */
-/* SU= 88 */
-void FP2_neg(FP2 *w,FP2 *x)
-{
- /* Just one neg! */
- BIG m,t;
- FP2_norm(x);
- FP_add(m,x->a,x->b);
- FP_neg(m,m);
- BIG_norm(m);
- FP_add(t,m,x->b);
- FP_add(w->b,m,x->a);
- BIG_copy(w->a,t);
-}
-
-/* Set w=conj(x) */
-/* SU= 16 */
-void FP2_conj(FP2 *w,FP2 *x)
-{
- BIG_copy(w->a,x->a);
- FP_neg(w->b,x->b);
-}
-
-/* Set w=x+y */
-/* SU= 16 */
-void FP2_add(FP2 *w,FP2 *x,FP2 *y)
-{
- FP_add(w->a,x->a,y->a);
- FP_add(w->b,x->b,y->b);
-}
-
-/* Set w=x-y */
-/* SU= 16 */
-void FP2_sub(FP2 *w,FP2 *x,FP2 *y)
-{
- FP2 m;
- FP2_neg(&m,y);
- FP2_add(w,x,&m);
-}
-
-/* Set w=s*x, where s is FP */
-/* SU= 16 */
-void FP2_pmul(FP2 *w,FP2 *x,BIG s)
-{
- FP_mul(w->a,x->a,s);
- FP_mul(w->b,x->b,s);
-}
-
-/* SU= 16 */
-/* Set w=s*x, where s is int */
-void FP2_imul(FP2 *w,FP2 *x,int s)
-{
- FP_imul(w->a,x->a,s);
- FP_imul(w->b,x->b,s);
-}
-
-/* Set w=x^2 */
-/* SU= 128 */
-void FP2_sqr(FP2 *w,FP2 *x)
-{
- BIG w1,w3,mb;
-
- FP_mul(w3,x->a,x->b); /* norms x */
- FP_add(w1,x->a,x->b); /* w1#2 w1=2 */
- FP_neg(mb,x->b); /* mb#2 mb=1 */
- FP_add(w->a,x->a,mb); /* w2#3 w2=3 */
- FP_mul(w->a,w1,w->a); /* w->a#2 w->a=1 w1&w2=6 w1*w2=2 */
-
- FP_add(w->b,w3,w3); /* w->b#4 w->b=2 */
-
- FP2_norm(w);
-
-}
-
-
-/* Set w=x*y */
-/* SU= 168 */
-void FP2_mul(FP2 *w,FP2 *x,FP2 *y)
-{
- BIG w1,w2,w5,mw;
-
- FP_mul(w1,x->a,y->a); /* norms x */
- FP_mul(w2,x->b,y->b); /* and y */
-
- FP_add(w5,x->a,x->b);
-
- FP_add(w->b,y->a,y->b);
-
- FP_mul(w->b,w->b,w5);
- FP_add(mw,w1,w2);
- FP_neg(mw,mw);
-
- FP_add(w->b,w->b,mw);
- FP_add(mw,w1,mw);
- FP_add(w->a,w1,mw);
-
- FP2_norm(w);
-
-}
-
-/* output FP2 in hex format [a,b] */
-/* SU= 16 */
-void FP2_output(FP2 *w)
-{
- FP2_reduce(w);
- FP_redc(w->a);
- FP_redc(w->b);
- printf("[");
- BIG_output(w->a);
- printf(",");
- BIG_output(w->b);
- printf("]");
- FP_nres(w->a);
- FP_nres(w->b);
-}
-
-/* SU= 8 */
-void FP2_rawoutput(FP2 *w)
-{
- printf("[");
- BIG_rawoutput(w->a);
- printf(",");
- BIG_rawoutput(w->b);
- printf("]");
-}
-
-
-/* Set w=1/x */
-/* SU= 128 */
-void FP2_inv(FP2 *w,FP2 *x)
-{
- BIG m,w1,w2;
- BIG_rcopy(m,Modulus);
- FP2_norm(x);
- FP_sqr(w1,x->a);
- FP_sqr(w2,x->b);
- FP_add(w1,w1,w2);
-
- FP_redc(w1);
- BIG_invmodp(w1,w1,m);
- FP_nres(w1);
- FP_mul(w->a,x->a,w1);
- FP_neg(w1,w1);
- FP_mul(w->b,x->b,w1);
-// FP2_norm(w);
-}
-
-
-/* Set w=x/2 */
-/* SU= 16 */
-void FP2_div2(FP2 *w,FP2 *x)
-{
- FP_div2(w->a,x->a);
- FP_div2(w->b,x->b);
-}
-
-/* Set w*=(1+sqrt(-1)) */
-/* where X^2-(1+sqrt(-1)) is irreducible for FP4, assumes p=3 mod 8 */
-
-/* SU= 128 */
-void FP2_mul_ip(FP2 *w)
-{
- FP2 t;
- BIG z;
-
- FP2_norm(w);
- FP2_copy(&t,w);
-
- BIG_copy(z,w->a);
- FP_neg(w->a,w->b);
- BIG_copy(w->b,z);
-
- FP2_add(w,&t,w);
- FP2_norm(w);
-}
-
-/* Set w/=(1+sqrt(-1)) */
-/* SU= 88 */
-void FP2_div_ip(FP2 *w)
-{
- FP2 t;
- FP2_norm(w);
- FP_add(t.a,w->a,w->b);
- FP_sub(t.b,w->b,w->a);
- FP2_div2(w,&t);
-}
-
-/* SU= 8 */
-/* normalise a and b components of w */
-void FP2_norm(FP2 *w)
-{
- BIG_norm(w->a);
- BIG_norm(w->b);
-}
-
-/* Set w=a^b mod m */
-/* SU= 208 */
-void FP2_pow(FP2 *r,FP2* a,BIG b)
-{
- FP2 w;
- BIG z,one,zilch;
- int bt;
-
- BIG_norm(b);
- BIG_copy(z,b);
- FP2_copy(&w,a);
- FP_one(one);
- BIG_zero(zilch);
- FP2_from_FP(r,one);
- while(1)
- {
- bt=BIG_parity(z);
- BIG_shr(z,1);
- if (bt) FP2_mul(r,r,&w);
- if (BIG_comp(z,zilch)==0) break;
- FP2_sqr(&w,&w);
- }
- FP2_reduce(r);
-}
-
-/* sqrt(a+ib) = sqrt(a+sqrt(a*a-n*b*b)/2)+ib/(2*sqrt(a+sqrt(a*a-n*b*b)/2)) */
-/* returns true if u is QR */
-
-int FP2_sqrt(FP2 *w,FP2 *u)
-{
- BIG w1,w2,q;
- FP2_copy(w,u);
- if (FP2_iszilch(w)) return 1;
-
- BIG_rcopy(q,Modulus);
- FP_sqr(w1,w->b);
- FP_sqr(w2,w->a);
- FP_add(w1,w1,w2);
- if (!FP_qr(w1))
- {
- FP2_zero(w);
- return 0;
- }
- FP_sqrt(w1,w1);
- FP_add(w2,w->a,w1);
- FP_div2(w2,w2);
- if (!FP_qr(w2))
- {
- FP_sub(w2,w->a,w1);
- FP_div2(w2,w2);
- if (!FP_qr(w2))
- {
- FP2_zero(w);
- return 0;
- }
- }
- FP_sqrt(w2,w2);
- BIG_copy(w->a,w2);
- FP_add(w2,w2,w2);
- FP_redc(w2);
- BIG_invmodp(w2,w2,q);
- FP_nres(w2);
- FP_mul(w->b,w->b,w2);
- return 1;
-}
-
-/*
-int main()
-{
- int i;
- FP2 w,z;
- BIG a,b,e;
- BIG pp1,pm1;
- BIG_unity(a); BIG_unity(b);
- FP2_from_BIGs(&w,a,b);
-// for (i=0;i<100;i++)
-// {
-// BIG_randomnum(a); BIG_randomnum(b);
-// BIG_mod(a,Modulus); BIG_mod(b,Modulus);
-// FP2_from_FPs(&w,a,b);
-// FP2_output(&w);
-// FP2_inv(&z,&w);
-// FP2_output(&z);
-// FP2_inv(&z,&z);
-// FP2_output(&z);
-// FP2_output(&w);
-// if (FP2_comp(&w,&z)!=1) printf("error \n");
-// else printf("OK \n");
-// }
-//exit(0);
- printf("w= "); FP2_output(&w); printf("\n");
- BIG_zero(e); BIG_inc(e,27);
- FP2_pow(&w,&w,e);
- FP2_output(&w);
-exit(0);
- BIG_rcopy(pp1,Modulus);
- BIG_rcopy(pm1,Modulus);
- BIG_inc(pp1,1);
- BIG_dec(pm1,1);
- BIG_norm(pp1);
- BIG_norm(pm1);
- FP2_pow(&w,&w,pp1);
- FP2_pow(&w,&w,pm1);
- FP2_output(&w);
-}
-
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/fp4.c
----------------------------------------------------------------------
diff --git a/version22/c/fp4.c b/version22/c/fp4.c
deleted file mode 100644
index f61811f..0000000
--- a/version22/c/fp4.c
+++ /dev/null
@@ -1,651 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL Fp^4 functions */
-/* SU=m, m is Stack Usage (no lazy )*/
-
-/* FP4 elements are of the form a+ib, where i is sqrt(-1+sqrt(-1)) */
-
-#include "amcl.h"
-
-/* test x==0 ? */
-/* SU= 8 */
-int FP4_iszilch(FP4 *x)
-{
- if (FP2_iszilch(&(x->a)) && FP2_iszilch(&(x->b))) return 1;
- return 0;
-}
-
-/* test x==1 ? */
-/* SU= 8 */
-int FP4_isunity(FP4 *x)
-{
- if (FP2_isunity(&(x->a)) && FP2_iszilch(&(x->b))) return 1;
- return 0;
-}
-
-/* test is w real? That is in a+ib test b is zero */
-int FP4_isreal(FP4 *w)
-{
- return FP2_iszilch(&(w->b));
-}
-
-/* return 1 if x==y, else 0 */
-/* SU= 16 */
-int FP4_equals(FP4 *x,FP4 *y)
-{
- if (FP2_equals(&(x->a),&(y->a)) && FP2_equals(&(x->b),&(y->b)))
- return 1;
- return 0;
-}
-
-/* set FP4 from two FP2s */
-/* SU= 16 */
-void FP4_from_FP2s(FP4 *w,FP2 * x,FP2* y)
-{
- FP2_copy(&(w->a), x);
- FP2_copy(&(w->b), y);
-}
-
-/* set FP4 from FP2 */
-/* SU= 8 */
-void FP4_from_FP2(FP4 *w,FP2 *x)
-{
- FP2_copy(&(w->a), x);
- FP2_zero(&(w->b));
-}
-
-/* FP4 copy w=x */
-/* SU= 16 */
-void FP4_copy(FP4 *w,FP4 *x)
-{
- if (w==x) return;
- FP2_copy(&(w->a), &(x->a));
- FP2_copy(&(w->b), &(x->b));
-}
-
-/* FP4 w=0 */
-/* SU= 8 */
-void FP4_zero(FP4 *w)
-{
- FP2_zero(&(w->a));
- FP2_zero(&(w->b));
-}
-
-/* FP4 w=1 */
-/* SU= 8 */
-void FP4_one(FP4 *w)
-{
- FP2_one(&(w->a));
- FP2_zero(&(w->b));
-}
-
-/* Set w=-x */
-/* SU= 160 */
-void FP4_neg(FP4 *w,FP4 *x)
-{
- /* Just one field neg */
- FP2 m,t;
- FP2_add(&m,&(x->a),&(x->b));
- FP2_neg(&m,&m);
- FP2_norm(&m);
- FP2_add(&t,&m,&(x->b));
- FP2_add(&(w->b),&m,&(x->a));
- FP2_copy(&(w->a),&t);
-}
-
-/* Set w=conj(x) */
-/* SU= 16 */
-void FP4_conj(FP4 *w,FP4 *x)
-{
- FP2_copy(&(w->a), &(x->a));
- FP2_neg(&(w->b), &(x->b));
- FP2_norm(&(w->b));
-}
-
-/* Set w=-conj(x) */
-/* SU= 16 */
-void FP4_nconj(FP4 *w,FP4 *x)
-{
- FP2_copy(&(w->b),&(x->b));
- FP2_neg(&(w->a), &(x->a));
- FP2_norm(&(w->a));
-}
-
-/* Set w=x+y */
-/* SU= 16 */
-void FP4_add(FP4 *w,FP4 *x,FP4 *y)
-{
- FP2_add(&(w->a), &(x->a), &(y->a));
- FP2_add(&(w->b), &(x->b), &(y->b));
-}
-
-/* Set w=x-y */
-/* SU= 160 */
-void FP4_sub(FP4 *w,FP4 *x,FP4 *y)
-{
- FP4 my;
- FP4_neg(&my, y);
- FP4_add(w, x, &my);
-
-}
-/* SU= 8 */
-/* reduce all components of w mod Modulus */
-void FP4_reduce(FP4 *w)
-{
- FP2_reduce(&(w->a));
- FP2_reduce(&(w->b));
-}
-
-/* SU= 8 */
-/* normalise all elements of w */
-void FP4_norm(FP4 *w)
-{
- FP2_norm(&(w->a));
- FP2_norm(&(w->b));
-}
-
-/* Set w=s*x, where s is FP2 */
-/* SU= 16 */
-void FP4_pmul(FP4 *w,FP4 *x,FP2 *s)
-{
- FP2_mul(&(w->a),&(x->a),s);
- FP2_mul(&(w->b),&(x->b),s);
-}
-
-/* SU= 16 */
-/* Set w=s*x, where s is int */
-void FP4_imul(FP4 *w,FP4 *x,int s)
-{
- FP2_imul(&(w->a),&(x->a),s);
- FP2_imul(&(w->b),&(x->b),s);
-}
-
-/* Set w=x^2 */
-/* SU= 232 */
-void FP4_sqr(FP4 *w,FP4 *x)
-{
- FP2 t1,t2,t3;
-
- FP2_mul(&t3,&(x->a),&(x->b)); /* norms x */
- FP2_copy(&t2,&(x->b));
- FP2_add(&t1,&(x->a),&(x->b));
- FP2_mul_ip(&t2);
-
- FP2_add(&t2,&(x->a),&t2);
-
- FP2_mul(&(w->a),&t1,&t2);
-
- FP2_copy(&t2,&t3);
- FP2_mul_ip(&t2);
-
- FP2_add(&t2,&t2,&t3);
-
- FP2_neg(&t2,&t2);
- FP2_add(&(w->a),&(w->a),&t2); /* a=(a+b)(a+i^2.b)-i^2.ab-ab = a*a+ib*ib */
- FP2_add(&(w->b),&t3,&t3); /* b=2ab */
-
- FP4_norm(w);
-}
-
-/* Set w=x*y */
-/* SU= 312 */
-void FP4_mul(FP4 *w,FP4 *x,FP4 *y)
-{
-
- FP2 t1,t2,t3,t4;
- FP2_mul(&t1,&(x->a),&(y->a)); /* norms x */
- FP2_mul(&t2,&(x->b),&(y->b)); /* and y */
- FP2_add(&t3,&(y->b),&(y->a));
- FP2_add(&t4,&(x->b),&(x->a));
-
-
- FP2_mul(&t4,&t4,&t3); /* (xa+xb)(ya+yb) */
- FP2_sub(&t4,&t4,&t1);
- FP2_norm(&t4);
-
- FP2_sub(&(w->b),&t4,&t2);
- FP2_mul_ip(&t2);
- FP2_add(&(w->a),&t2,&t1);
-
- FP4_norm(w);
-}
-
-/* output FP4 in format [a,b] */
-/* SU= 8 */
-void FP4_output(FP4 *w)
-{
- printf("[");
- FP2_output(&(w->a));
- printf(",");
- FP2_output(&(w->b));
- printf("]");
-}
-
-/* SU= 8 */
-void FP4_rawoutput(FP4 *w)
-{
- printf("[");
- FP2_rawoutput(&(w->a));
- printf(",");
- FP2_rawoutput(&(w->b));
- printf("]");
-}
-
-/* Set w=1/x */
-/* SU= 160 */
-void FP4_inv(FP4 *w,FP4 *x)
-{
- FP2 t1,t2;
- FP2_sqr(&t1,&(x->a));
- FP2_sqr(&t2,&(x->b));
- FP2_mul_ip(&t2);
- FP2_sub(&t1,&t1,&t2);
- FP2_inv(&t1,&t1);
- FP2_mul(&(w->a),&t1,&(x->a));
- FP2_neg(&t1,&t1);
- FP2_mul(&(w->b),&t1,&(x->b));
-}
-
-/* w*=i where i = sqrt(-1+sqrt(-1)) */
-/* SU= 200 */
-void FP4_times_i(FP4 *w)
-{
- BIG z;
- FP2 s,t;
-
- FP4_norm(w);
- FP2_copy(&t,&(w->b));
-
- FP2_copy(&s,&t);
-
- BIG_copy(z,s.a);
- FP_neg(s.a,s.b);
- BIG_copy(s.b,z);
-
- FP2_add(&t,&t,&s);
- FP2_norm(&t);
-
- FP2_copy(&(w->b),&(w->a));
- FP2_copy(&(w->a),&t);
-}
-
-/* Set w=w^p using Frobenius */
-/* SU= 16 */
-void FP4_frob(FP4 *w,FP2 *f)
-{
- FP2_conj(&(w->a),&(w->a));
- FP2_conj(&(w->b),&(w->b));
- FP2_mul( &(w->b),f,&(w->b));
-}
-
-/* Set r=a^b mod m */
-/* SU= 240 */
-void FP4_pow(FP4 *r,FP4* a,BIG b)
-{
- FP4 w;
- BIG z,zilch;
- int bt;
-
- BIG_zero(zilch);
- BIG_norm(b);
- BIG_copy(z,b);
- FP4_copy(&w,a);
- FP4_one(r);
-
- while(1)
- {
- bt=BIG_parity(z);
- BIG_shr(z,1);
- if (bt) FP4_mul(r,r,&w);
- if (BIG_comp(z,zilch)==0) break;
- FP4_sqr(&w,&w);
- }
- FP4_reduce(r);
-}
-
-/* SU= 304 */
-/* XTR xtr_a function */
-void FP4_xtr_A(FP4 *r,FP4 *w,FP4 *x,FP4 *y,FP4 *z)
-{
- FP4 t1,t2;
-
- FP4_copy(r,x);
-
- FP4_sub(&t1,w,y);
-
- FP4_pmul(&t1,&t1,&(r->a));
- FP4_add(&t2,w,y);
- FP4_pmul(&t2,&t2,&(r->b));
- FP4_times_i(&t2);
-
- FP4_add(r,&t1,&t2);
- FP4_add(r,r,z);
-
- FP4_norm(r);
-}
-
-/* SU= 152 */
-/* XTR xtr_d function */
-void FP4_xtr_D(FP4 *r,FP4 *x)
-{
- FP4 w;
- FP4_copy(r,x);
- FP4_conj(&w,r);
- FP4_add(&w,&w,&w);
- FP4_sqr(r,r);
- FP4_sub(r,r,&w);
- FP4_reduce(r); /* reduce here as multiple calls trigger automatic reductions */
-}
-
-/* SU= 728 */
-/* r=x^n using XTR method on traces of FP12s */
-void FP4_xtr_pow(FP4 *r,FP4 *x,BIG n)
-{
- int i,par,nb;
- BIG v;
- FP2 w;
- FP4 t,a,b,c;
-
- BIG_zero(v);
- BIG_inc(v,3);
- FP2_from_BIG(&w,v);
- FP4_from_FP2(&a,&w);
- FP4_copy(&b,x);
- FP4_xtr_D(&c,x);
-
- BIG_norm(n);
- par=BIG_parity(n);
- BIG_copy(v,n);
- BIG_shr(v,1);
- if (par==0)
- {
- BIG_dec(v,1);
- BIG_norm(v);
- }
-
- nb=BIG_nbits(v);
-
- for (i=nb-1; i>=0; i--)
- {
- if (!BIG_bit(v,i))
- {
- FP4_copy(&t,&b);
- FP4_conj(x,x);
- FP4_conj(&c,&c);
- FP4_xtr_A(&b,&a,&b,x,&c);
- FP4_conj(x,x);
- FP4_xtr_D(&c,&t);
- FP4_xtr_D(&a,&a);
- }
- else
- {
- FP4_conj(&t,&a);
- FP4_xtr_D(&a,&b);
- FP4_xtr_A(&b,&c,&b,x,&t);
- FP4_xtr_D(&c,&c);
- }
- }
- if (par==0) FP4_copy(r,&c);
- else FP4_copy(r,&b);
- FP4_reduce(r);
-}
-
-/* SU= 872 */
-/* r=ck^a.cl^n using XTR double exponentiation method on traces of FP12s. See Stam thesis. */
-void FP4_xtr_pow2(FP4 *r,FP4 *ck,FP4 *cl,FP4 *ckml,FP4 *ckm2l,BIG a,BIG b)
-{
- int i,f2;
- BIG d,e,w;
- FP4 t,cu,cv,cumv,cum2v;
-
- BIG_norm(a);
- BIG_norm(b);
- BIG_copy(e,a);
- BIG_copy(d,b);
- FP4_copy(&cu,ck);
- FP4_copy(&cv,cl);
- FP4_copy(&cumv,ckml);
- FP4_copy(&cum2v,ckm2l);
-
- f2=0;
- while (BIG_parity(d)==0 && BIG_parity(e)==0)
- {
- BIG_shr(d,1);
- BIG_shr(e,1);
- f2++;
- }
- while (BIG_comp(d,e)!=0)
- {
- if (BIG_comp(d,e)>0)
- {
- BIG_imul(w,e,4);
- BIG_norm(w);
- if (BIG_comp(d,w)<=0)
- {
- BIG_copy(w,d);
- BIG_copy(d,e);
- BIG_sub(e,w,e);
- BIG_norm(e);
- FP4_xtr_A(&t,&cu,&cv,&cumv,&cum2v);
- FP4_conj(&cum2v,&cumv);
- FP4_copy(&cumv,&cv);
- FP4_copy(&cv,&cu);
- FP4_copy(&cu,&t);
- }
- else if (BIG_parity(d)==0)
- {
- BIG_shr(d,1);
- FP4_conj(r,&cum2v);
- FP4_xtr_A(&t,&cu,&cumv,&cv,r);
- FP4_xtr_D(&cum2v,&cumv);
- FP4_copy(&cumv,&t);
- FP4_xtr_D(&cu,&cu);
- }
- else if (BIG_parity(e)==1)
- {
- BIG_sub(d,d,e);
- BIG_norm(d);
- BIG_shr(d,1);
- FP4_xtr_A(&t,&cu,&cv,&cumv,&cum2v);
- FP4_xtr_D(&cu,&cu);
- FP4_xtr_D(&cum2v,&cv);
- FP4_conj(&cum2v,&cum2v);
- FP4_copy(&cv,&t);
- }
- else
- {
- BIG_copy(w,d);
- BIG_copy(d,e);
- BIG_shr(d,1);
- BIG_copy(e,w);
- FP4_xtr_D(&t,&cumv);
- FP4_conj(&cumv,&cum2v);
- FP4_conj(&cum2v,&t);
- FP4_xtr_D(&t,&cv);
- FP4_copy(&cv,&cu);
- FP4_copy(&cu,&t);
- }
- }
- if (BIG_comp(d,e)<0)
- {
- BIG_imul(w,d,4);
- BIG_norm(w);
- if (BIG_comp(e,w)<=0)
- {
- BIG_sub(e,e,d);
- BIG_norm(e);
- FP4_xtr_A(&t,&cu,&cv,&cumv,&cum2v);
- FP4_copy(&cum2v,&cumv);
- FP4_copy(&cumv,&cu);
- FP4_copy(&cu,&t);
- }
- else if (BIG_parity(e)==0)
- {
- BIG_copy(w,d);
- BIG_copy(d,e);
- BIG_shr(d,1);
- BIG_copy(e,w);
- FP4_xtr_D(&t,&cumv);
- FP4_conj(&cumv,&cum2v);
- FP4_conj(&cum2v,&t);
- FP4_xtr_D(&t,&cv);
- FP4_copy(&cv,&cu);
- FP4_copy(&cu,&t);
- }
- else if (BIG_parity(d)==1)
- {
- BIG_copy(w,e);
- BIG_copy(e,d);
- BIG_sub(w,w,d);
- BIG_norm(w);
- BIG_copy(d,w);
- BIG_shr(d,1);
- FP4_xtr_A(&t,&cu,&cv,&cumv,&cum2v);
- FP4_conj(&cumv,&cumv);
- FP4_xtr_D(&cum2v,&cu);
- FP4_conj(&cum2v,&cum2v);
- FP4_xtr_D(&cu,&cv);
- FP4_copy(&cv,&t);
- }
- else
- {
- BIG_shr(d,1);
- FP4_conj(r,&cum2v);
- FP4_xtr_A(&t,&cu,&cumv,&cv,r);
- FP4_xtr_D(&cum2v,&cumv);
- FP4_copy(&cumv,&t);
- FP4_xtr_D(&cu,&cu);
- }
- }
- }
- FP4_xtr_A(r,&cu,&cv,&cumv,&cum2v);
- for (i=0; i<f2; i++) FP4_xtr_D(r,r);
- FP4_xtr_pow(r,r,d);
-}
-/*
-int main(){
- FP2 w0,w1,f;
- FP4 w,t;
- FP4 c1,c2,c3,c4,cr;
- BIG a,b;
- BIG e,e1,e2;
- BIG p,md;
-
-
- BIG_rcopy(md,Modulus);
- //Test w^(P^4) = w mod p^2
- BIG_zero(a); BIG_inc(a,27);
- BIG_zero(b); BIG_inc(b,45);
- FP2_from_BIGs(&w0,a,b);
-
- BIG_zero(a); BIG_inc(a,33);
- BIG_zero(b); BIG_inc(b,54);
- FP2_from_BIGs(&w1,a,b);
-
- FP4_from_FP2s(&w,&w0,&w1);
- FP4_reduce(&w);
-
- printf("w= ");
- FP4_output(&w);
- printf("\n");
-
-
- FP4_copy(&t,&w);
-
-
- BIG_copy(p,md);
- FP4_pow(&w,&w,p);
-
- printf("w^p= ");
- FP4_output(&w);
- printf("\n");
-//exit(0);
-
- BIG_rcopy(a,CURVE_Fra);
- BIG_rcopy(b,CURVE_Frb);
- FP2_from_BIGs(&f,a,b);
-
- FP4_frob(&t,&f);
- printf("w^p= ");
- FP4_output(&t);
- printf("\n");
-
- FP4_pow(&w,&w,p);
- FP4_pow(&w,&w,p);
- FP4_pow(&w,&w,p);
- printf("w^p4= ");
- FP4_output(&w);
- printf("\n");
-
-// Test 1/(1/x) = x mod p^4
- FP4_from_FP2s(&w,&w0,&w1);
- printf("Test Inversion \nw= ");
- FP4_output(&w);
- printf("\n");
-
- FP4_inv(&w,&w);
- printf("1/w mod p^4 = ");
- FP4_output(&w);
- printf("\n");
-
- FP4_inv(&w,&w);
- printf("1/(1/w) mod p^4 = ");
- FP4_output(&w);
- printf("\n");
-
- BIG_zero(e); BIG_inc(e,12);
-
-
-
- // FP4_xtr_A(&w,&t,&w,&t,&t);
- FP4_xtr_pow(&w,&w,e);
-
- printf("w^e= ");
- FP4_output(&w);
- printf("\n");
-
-
- BIG_zero(a); BIG_inc(a,37);
- BIG_zero(b); BIG_inc(b,17);
- FP2_from_BIGs(&w0,a,b);
-
- BIG_zero(a); BIG_inc(a,49);
- BIG_zero(b); BIG_inc(b,31);
- FP2_from_BIGs(&w1,a,b);
-
- FP4_from_FP2s(&c1,&w0,&w1);
- FP4_from_FP2s(&c2,&w0,&w1);
- FP4_from_FP2s(&c3,&w0,&w1);
- FP4_from_FP2s(&c4,&w0,&w1);
-
- BIG_zero(e1); BIG_inc(e1,3331);
- BIG_zero(e2); BIG_inc(e2,3372);
-
- FP4_xtr_pow2(&w,&c1,&w,&c2,&c3,e1,e2);
-
- printf("c^e= ");
- FP4_output(&w);
- printf("\n");
-
-
- return 0;
-}
-*/
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/gcm.c
----------------------------------------------------------------------
diff --git a/version22/c/gcm.c b/version22/c/gcm.c
deleted file mode 100644
index 3bd9b8d..0000000
--- a/version22/c/gcm.c
+++ /dev/null
@@ -1,411 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/*
- * Implementation of the AES-GCM Encryption/Authentication
- *
- * Some restrictions..
- * 1. Only for use with AES
- * 2. Returned tag is always 128-bits. Truncate at your own risk.
- * 3. The order of function calls must follow some rules
- *
- * Typical sequence of calls..
- * 1. call GCM_init
- * 2. call GCM_add_header any number of times, as long as length of header is multiple of 16 bytes (block size)
- * 3. call GCM_add_header one last time with any length of header
- * 4. call GCM_add_cipher any number of times, as long as length of cipher/plaintext is multiple of 16 bytes
- * 5. call GCM_add_cipher one last time with any length of cipher/plaintext
- * 6. call GCM_finish to extract the tag.
- *
- * See http://www.mindspring.com/~dmcgrew/gcm-nist-6.pdf
- */
-/* SU=m, m is Stack Usage */
-
-#include <stdlib.h>
-#include <string.h>
-#include "arch.h"
-#include "amcl.h"
-
-#define NB 4
-#define MR_TOBYTE(x) ((uchar)((x)))
-
-static unsign32 pack(const uchar *b)
-{
- /* pack bytes into a 32-bit Word */
- return ((unsign32)b[0]<<24)|((unsign32)b[1]<<16)|((unsign32)b[2]<<8)|(unsign32)b[3];
-}
-
-static void unpack(unsign32 a,uchar *b)
-{
- /* unpack bytes from a word */
- b[3]=MR_TOBYTE(a);
- b[2]=MR_TOBYTE(a>>8);
- b[1]=MR_TOBYTE(a>>16);
- b[0]=MR_TOBYTE(a>>24);
-}
-
-static void precompute(gcm *g,uchar *H)
-{
- /* precompute small 2k bytes gf2m table of x^n.H */
- int i,j;
- unsign32 *last,*next,b;
-
- for (i=j=0; i<NB; i++,j+=4) g->table[0][i]=pack((uchar *)&H[j]);
-
- for (i=1; i<128; i++)
- {
- next=g->table[i];
- last=g->table[i-1];
- b=0;
- for (j=0; j<NB; j++)
- {
- next[j]=b|(last[j])>>1;
- b=last[j]<<31;
- }
- if (b) next[0]^=0xE1000000; /* irreducible polynomial */
- }
-}
-
-/* SU= 32 */
-static void gf2mul(gcm *g)
-{
- /* gf2m mul - Z=H*X mod 2^128 */
- int i,j,m,k;
- unsign32 P[4];
- unsign32 b;
-
- P[0]=P[1]=P[2]=P[3]=0;
- j=8;
- m=0;
- for (i=0; i<128; i++)
- {
- b=(unsign32)(g->stateX[m]>>(--j))&1;
- b=~b+1;
- for (k=0; k<NB; k++) P[k]^=(g->table[i][k]&b);
- if (j==0)
- {
- j=8;
- m++;
- if (m==16) break;
- }
- }
- for (i=j=0; i<NB; i++,j+=4) unpack(P[i],(uchar *)&g->stateX[j]);
-}
-
-/* SU= 32 */
-static void GCM_wrap(gcm *g)
-{
- /* Finish off GHASH */
- int i,j;
- unsign32 F[4];
- uchar L[16];
-
- /* convert lengths from bytes to bits */
- F[0]=(g->lenA[0]<<3)|(g->lenA[1]&0xE0000000)>>29;
- F[1]=g->lenA[1]<<3;
- F[2]=(g->lenC[0]<<3)|(g->lenC[1]&0xE0000000)>>29;
- F[3]=g->lenC[1]<<3;
- for (i=j=0; i<NB; i++,j+=4) unpack(F[i],(uchar *)&L[j]);
-
- for (i=0; i<16; i++) g->stateX[i]^=L[i];
- gf2mul(g);
-}
-
-static int GCM_ghash(gcm *g,char *plain,int len)
-{
- int i,j=0;
- if (g->status==GCM_ACCEPTING_HEADER) g->status=GCM_ACCEPTING_CIPHER;
- if (g->status!=GCM_ACCEPTING_CIPHER) return 0;
-
- while (j<len)
- {
- for (i=0; i<16 && j<len; i++)
- {
- g->stateX[i]^=plain[j++];
- g->lenC[1]++;
- if (g->lenC[1]==0) g->lenC[0]++;
- }
- gf2mul(g);
- }
- if (len%16!=0) g->status=GCM_NOT_ACCEPTING_MORE;
- return 1;
-}
-
-/* SU= 48 */
-/* Initialize GCM mode */
-void GCM_init(gcm* g,int nk,char *key,int niv,char *iv)
-{
- /* iv size niv is usually 12 bytes (96 bits). AES key size nk can be 16,24 or 32 bytes */
- int i;
- uchar H[16];
- for (i=0; i<16; i++)
- {
- H[i]=0;
- g->stateX[i]=0;
- }
-
- AES_init(&(g->a),ECB,nk,key,iv);
- AES_ecb_encrypt(&(g->a),H); /* E(K,0) */
- precompute(g,H);
-
- g->lenA[0]=g->lenC[0]=g->lenA[1]=g->lenC[1]=0;
- if (niv==12)
- {
- for (i=0; i<12; i++) g->a.f[i]=iv[i];
- unpack((unsign32)1,(uchar *)&(g->a.f[12])); /* initialise IV */
- for (i=0; i<16; i++) g->Y_0[i]=g->a.f[i];
- }
- else
- {
- g->status=GCM_ACCEPTING_CIPHER;
- GCM_ghash(g,iv,niv); /* GHASH(H,0,IV) */
- GCM_wrap(g);
- for (i=0; i<16; i++)
- {
- g->a.f[i]=g->stateX[i];
- g->Y_0[i]=g->a.f[i];
- g->stateX[i]=0;
- }
- g->lenA[0]=g->lenC[0]=g->lenA[1]=g->lenC[1]=0;
- }
- g->status=GCM_ACCEPTING_HEADER;
-}
-
-/* SU= 24 */
-/* Add Header data - included but not encrypted */
-int GCM_add_header(gcm* g,char *header,int len)
-{
- /* Add some header. Won't be encrypted, but will be authenticated. len is length of header */
- int i,j=0;
- if (g->status!=GCM_ACCEPTING_HEADER) return 0;
-
- while (j<len)
- {
- for (i=0; i<16 && j<len; i++)
- {
- g->stateX[i]^=header[j++];
- g->lenA[1]++;
- if (g->lenA[1]==0) g->lenA[0]++;
- }
- gf2mul(g);
- }
- if (len%16!=0) g->status=GCM_ACCEPTING_CIPHER;
- return 1;
-}
-
-/* SU= 48 */
-/* Add Plaintext - included and encrypted */
-int GCM_add_plain(gcm *g,char *cipher,char *plain,int len)
-{
- /* Add plaintext to extract ciphertext, len is length of plaintext. */
- int i,j=0;
- unsign32 counter;
- uchar B[16];
- if (g->status==GCM_ACCEPTING_HEADER) g->status=GCM_ACCEPTING_CIPHER;
- if (g->status!=GCM_ACCEPTING_CIPHER) return 0;
-
- while (j<len)
- {
- counter=pack((uchar *)&(g->a.f[12]));
- counter++;
- unpack(counter,(uchar *)&(g->a.f[12])); /* increment counter */
- for (i=0; i<16; i++) B[i]=g->a.f[i];
- AES_ecb_encrypt(&(g->a),B); /* encrypt it */
-
- for (i=0; i<16 && j<len; i++)
- {
- cipher[j]=plain[j]^B[i];
- g->stateX[i]^=cipher[j++];
- g->lenC[1]++;
- if (g->lenC[1]==0) g->lenC[0]++;
- }
- gf2mul(g);
- }
- if (len%16!=0) g->status=GCM_NOT_ACCEPTING_MORE;
- return 1;
-}
-
-/* SU= 48 */
-/* Add Ciphertext - decrypts to plaintext */
-int GCM_add_cipher(gcm *g,char *plain,char *cipher,int len)
-{
- /* Add ciphertext to extract plaintext, len is length of ciphertext. */
- int i,j=0;
- unsign32 counter;
- char oc;
- uchar B[16];
- if (g->status==GCM_ACCEPTING_HEADER) g->status=GCM_ACCEPTING_CIPHER;
- if (g->status!=GCM_ACCEPTING_CIPHER) return 0;
-
- while (j<len)
- {
- counter=pack((uchar *)&(g->a.f[12]));
- counter++;
- unpack(counter,(uchar *)&(g->a.f[12])); /* increment counter */
- for (i=0; i<16; i++) B[i]=g->a.f[i];
- AES_ecb_encrypt(&(g->a),B); /* encrypt it */
- for (i=0; i<16 && j<len; i++)
- {
- oc=cipher[j];
- plain[j]=cipher[j]^B[i];
- g->stateX[i]^=oc;
- j++;
- g->lenC[1]++;
- if (g->lenC[1]==0) g->lenC[0]++;
- }
- gf2mul(g);
- }
- if (len%16!=0) g->status=GCM_NOT_ACCEPTING_MORE;
- return 1;
-}
-
-/* SU= 16 */
-/* Finish and extract Tag */
-void GCM_finish(gcm *g,char *tag)
-{
- /* Finish off GHASH and extract tag (MAC) */
- int i;
-
- GCM_wrap(g);
-
- /* extract tag */
- if (tag!=NULL)
- {
- AES_ecb_encrypt(&(g->a),g->Y_0); /* E(K,Y0) */
- for (i=0; i<16; i++) g->Y_0[i]^=g->stateX[i];
- for (i=0; i<16; i++)
- {
- tag[i]=g->Y_0[i];
- g->Y_0[i]=g->stateX[i]=0;
- }
- }
- g->status=GCM_FINISHED;
- AES_end(&(g->a));
-}
-
-
-// Compile with
-// gcc -O2 gcm.c aes.c -o gcm.exe
-/* SU= 16
-*/
-
-/* static void hex2bytes(char *hex,char *bin) */
-/* { */
-/* int i; */
-/* char v; */
-/* int len=strlen(hex); */
-/* for (i = 0; i < len/2; i++) { */
-/* char c = hex[2*i]; */
-/* if (c >= '0' && c <= '9') { */
-/* v = c - '0'; */
-/* } else if (c >= 'A' && c <= 'F') { */
-/* v = c - 'A' + 10; */
-/* } else if (c >= 'a' && c <= 'f') { */
-/* v = c - 'a' + 10; */
-/* } else { */
-/* v = 0; */
-/* } */
-/* v <<= 4; */
-/* c = hex[2*i + 1]; */
-/* if (c >= '0' && c <= '9') { */
-/* v += c - '0'; */
-/* } else if (c >= 'A' && c <= 'F') { */
-/* v += c - 'A' + 10; */
-/* } else if (c >= 'a' && c <= 'f') { */
-/* v += c - 'a' + 10; */
-/* } else { */
-/* v = 0; */
-/* } */
-/* bin[i] = v; */
-/* } */
-/* } */
-
-/*
-int main()
-{
- int i;
-
-// char* KT="feffe9928665731c6d6a8f9467308308";
-// char* MT="d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39";
-// char* HT="feedfacedeadbeeffeedfacedeadbeefabaddad2";
-// char* NT="cafebabefacedbaddecaf888";
-// Tag should be 5bc94fbc3221a5db94fae95ae7121a47
-// char* NT="9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b";
-// Tag should be 619cc5aefffe0bfa462af43c1699d050
-
- char* KT="6dfb5dc68af6ae2f3242e9184f100918";
- char* MT="47809d16c2c6ec685962c90e53fe1bba";
- char* HT="dd0fa6e494031139d71ee45f00d56fa4";
- char* NT="37d36f5c54d53479d4745dd1";
-
-
- int len=strlen(MT)/2;
- int lenH=strlen(HT)/2;
- int lenK=strlen(KT)/2;
- int lenIV=strlen(NT)/2;
-
- char T[16]; // Tag
- char K[16]; // AES Key
- char H[64]; // Header - to be included in Authentication, but not encrypted
- char N[100]; // IV - Initialisation vector
- char M[100]; // Plaintext to be encrypted/authenticated
- char C[100]; // Ciphertext
- char P[100]; // Recovered Plaintext
-
- gcm g;
-
- hex2bytes(MT, M);
- hex2bytes(HT, H);
- hex2bytes(NT, N);
- hex2bytes(KT, K);
-
- printf("lenK= %d\n",lenK);
-
- printf("Plaintext=\n");
- for (i=0;i<len;i++) printf("%02x",(unsigned char)M[i]);
- printf("\n");
-
- GCM_init(&g,16,K,lenIV,N);
- GCM_add_header(&g,H,lenH);
- GCM_add_plain(&g,C,M,len);
- GCM_finish(&g,T);
-
- printf("Ciphertext=\n");
- for (i=0;i<len;i++) printf("%02x",(unsigned char)C[i]);
- printf("\n");
-
- printf("Tag=\n");
- for (i=0;i<16;i++) printf("%02x",(unsigned char)T[i]);
- printf("\n");
-
- GCM_init(&g,16,K,lenIV,N);
- GCM_add_header(&g,H,lenH);
- GCM_add_cipher(&g,P,C,len);
- GCM_finish(&g,T);
-
- printf("Plaintext=\n");
- for (i=0;i<len;i++) printf("%02x",(unsigned char)P[i]);
- printf("\n");
-
- printf("Tag=\n");
- for (i=0;i<16;i++) printf("%02x",(unsigned char)T[i]);
- printf("\n");
-}
-
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/hash.c
----------------------------------------------------------------------
diff --git a/version22/c/hash.c b/version22/c/hash.c
deleted file mode 100644
index 6e6192d..0000000
--- a/version22/c/hash.c
+++ /dev/null
@@ -1,422 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/*
- * Implementation of the Secure Hashing Algorithm (SHA-256/384/512)
- *
- * Generates a 256/384/512 bit message digest. It should be impossible to come
- * come up with two messages that hash to the same value ("collision free").
- *
- * For use with byte-oriented messages only. Could/Should be speeded
- * up by unwinding loops in HASH_transform(), and assembly patches.
- */
-
-#include "arch.h"
-#include "amcl.h"
-
-
-#define H0_256 0x6A09E667L
-#define H1_256 0xBB67AE85L
-#define H2_256 0x3C6EF372L
-#define H3_256 0xA54FF53AL
-#define H4_256 0x510E527FL
-#define H5_256 0x9B05688CL
-#define H6_256 0x1F83D9ABL
-#define H7_256 0x5BE0CD19L
-
-static const unsign32 K_256[64]=
-{
- 0x428a2f98L,0x71374491L,0xb5c0fbcfL,0xe9b5dba5L,0x3956c25bL,0x59f111f1L,0x923f82a4L,0xab1c5ed5L,
- 0xd807aa98L,0x12835b01L,0x243185beL,0x550c7dc3L,0x72be5d74L,0x80deb1feL,0x9bdc06a7L,0xc19bf174L,
- 0xe49b69c1L,0xefbe4786L,0x0fc19dc6L,0x240ca1ccL,0x2de92c6fL,0x4a7484aaL,0x5cb0a9dcL,0x76f988daL,
- 0x983e5152L,0xa831c66dL,0xb00327c8L,0xbf597fc7L,0xc6e00bf3L,0xd5a79147L,0x06ca6351L,0x14292967L,
- 0x27b70a85L,0x2e1b2138L,0x4d2c6dfcL,0x53380d13L,0x650a7354L,0x766a0abbL,0x81c2c92eL,0x92722c85L,
- 0xa2bfe8a1L,0xa81a664bL,0xc24b8b70L,0xc76c51a3L,0xd192e819L,0xd6990624L,0xf40e3585L,0x106aa070L,
- 0x19a4c116L,0x1e376c08L,0x2748774cL,0x34b0bcb5L,0x391c0cb3L,0x4ed8aa4aL,0x5b9cca4fL,0x682e6ff3L,
- 0x748f82eeL,0x78a5636fL,0x84c87814L,0x8cc70208L,0x90befffaL,0xa4506cebL,0xbef9a3f7L,0xc67178f2L
-};
-
-#define PAD 0x80
-#define ZERO 0
-
-/* functions */
-
-#define S(m,n,x) (((x)>>n) | ((x)<<(m-n)))
-#define R(n,x) ((x)>>n)
-
-#define Ch(x,y,z) ((x&y)^(~(x)&z))
-#define Maj(x,y,z) ((x&y)^(x&z)^(y&z))
-#define Sig0_256(x) (S(32,2,x)^S(32,13,x)^S(32,22,x))
-#define Sig1_256(x) (S(32,6,x)^S(32,11,x)^S(32,25,x))
-#define theta0_256(x) (S(32,7,x)^S(32,18,x)^R(3,x))
-#define theta1_256(x) (S(32,17,x)^S(32,19,x)^R(10,x))
-
-#define Sig0_512(x) (S(64,28,x)^S(64,34,x)^S(64,39,x))
-#define Sig1_512(x) (S(64,14,x)^S(64,18,x)^S(64,41,x))
-#define theta0_512(x) (S(64,1,x)^S(64,8,x)^R(7,x))
-#define theta1_512(x) (S(64,19,x)^S(64,61,x)^R(6,x))
-
-
-/* SU= 72 */
-static void HASH256_transform(hash256 *sh)
-{
- /* basic transformation step */
- unsign32 a,b,c,d,e,f,g,h,t1,t2;
- int j;
- for (j=16; j<64; j++)
- sh->w[j]=theta1_256(sh->w[j-2])+sh->w[j-7]+theta0_256(sh->w[j-15])+sh->w[j-16];
-
- a=sh->h[0];
- b=sh->h[1];
- c=sh->h[2];
- d=sh->h[3];
- e=sh->h[4];
- f=sh->h[5];
- g=sh->h[6];
- h=sh->h[7];
-
- for (j=0; j<64; j++)
- {
- /* 64 times - mush it up */
- t1=h+Sig1_256(e)+Ch(e,f,g)+K_256[j]+sh->w[j];
- t2=Sig0_256(a)+Maj(a,b,c);
- h=g;
- g=f;
- f=e;
- e=d+t1;
- d=c;
- c=b;
- b=a;
- a=t1+t2;
- }
-
- sh->h[0]+=a;
- sh->h[1]+=b;
- sh->h[2]+=c;
- sh->h[3]+=d;
- sh->h[4]+=e;
- sh->h[5]+=f;
- sh->h[6]+=g;
- sh->h[7]+=h;
-}
-
-/* Initialise Hash function */
-void HASH256_init(hash256 *sh)
-{
- /* re-initialise */
- int i;
- for (i=0; i<64; i++) sh->w[i]=0L;
- sh->length[0]=sh->length[1]=0L;
- sh->h[0]=H0_256;
- sh->h[1]=H1_256;
- sh->h[2]=H2_256;
- sh->h[3]=H3_256;
- sh->h[4]=H4_256;
- sh->h[5]=H5_256;
- sh->h[6]=H6_256;
- sh->h[7]=H7_256;
-
- sh->hlen=32;
-}
-
-/* process a single byte */
-void HASH256_process(hash256 *sh,int byte)
-{
- /* process the next message byte */
- int cnt;
-//printf("byt= %x\n",byte);
- cnt=(int)((sh->length[0]/32)%16);
-
- sh->w[cnt]<<=8;
- sh->w[cnt]|=(unsign32)(byte&0xFF);
-
- sh->length[0]+=8;
- if (sh->length[0]==0L)
- {
- sh->length[1]++;
- sh->length[0]=0L;
- }
- if ((sh->length[0]%512)==0) HASH256_transform(sh);
-}
-
-/* SU= 24 */
-/* Generate 32-byte Hash */
-void HASH256_hash(hash256 *sh,char *digest)
-{
- /* pad message and finish - supply digest */
- int i;
- unsign32 len0,len1;
- len0=sh->length[0];
- len1=sh->length[1];
- HASH256_process(sh,PAD);
- while ((sh->length[0]%512)!=448) HASH256_process(sh,ZERO);
- sh->w[14]=len1;
- sh->w[15]=len0;
- HASH256_transform(sh);
- for (i=0; i<sh->hlen; i++)
- {
- /* convert to bytes */
- digest[i]=(char)((sh->h[i/4]>>(8*(3-i%4))) & 0xffL);
- }
- HASH256_init(sh);
-}
-
-
-#define H0_512 0x6a09e667f3bcc908
-#define H1_512 0xbb67ae8584caa73b
-#define H2_512 0x3c6ef372fe94f82b
-#define H3_512 0xa54ff53a5f1d36f1
-#define H4_512 0x510e527fade682d1
-#define H5_512 0x9b05688c2b3e6c1f
-#define H6_512 0x1f83d9abfb41bd6b
-#define H7_512 0x5be0cd19137e2179
-
-#define H8_512 0xcbbb9d5dc1059ed8
-#define H9_512 0x629a292a367cd507
-#define HA_512 0x9159015a3070dd17
-#define HB_512 0x152fecd8f70e5939
-#define HC_512 0x67332667ffc00b31
-#define HD_512 0x8eb44a8768581511
-#define HE_512 0xdb0c2e0d64f98fa7
-#define HF_512 0x47b5481dbefa4fa4
-
-/* */
-
-static const unsign64 K_512[80]=
-{
- 0x428a2f98d728ae22 ,0x7137449123ef65cd ,0xb5c0fbcfec4d3b2f ,0xe9b5dba58189dbbc ,
- 0x3956c25bf348b538 ,0x59f111f1b605d019 ,0x923f82a4af194f9b ,0xab1c5ed5da6d8118 ,
- 0xd807aa98a3030242 ,0x12835b0145706fbe ,0x243185be4ee4b28c ,0x550c7dc3d5ffb4e2 ,
- 0x72be5d74f27b896f ,0x80deb1fe3b1696b1 ,0x9bdc06a725c71235 ,0xc19bf174cf692694 ,
- 0xe49b69c19ef14ad2 ,0xefbe4786384f25e3 ,0x0fc19dc68b8cd5b5 ,0x240ca1cc77ac9c65 ,
- 0x2de92c6f592b0275 ,0x4a7484aa6ea6e483 ,0x5cb0a9dcbd41fbd4 ,0x76f988da831153b5 ,
- 0x983e5152ee66dfab ,0xa831c66d2db43210 ,0xb00327c898fb213f ,0xbf597fc7beef0ee4 ,
- 0xc6e00bf33da88fc2 ,0xd5a79147930aa725 ,0x06ca6351e003826f ,0x142929670a0e6e70 ,
- 0x27b70a8546d22ffc ,0x2e1b21385c26c926 ,0x4d2c6dfc5ac42aed ,0x53380d139d95b3df ,
- 0x650a73548baf63de ,0x766a0abb3c77b2a8 ,0x81c2c92e47edaee6 ,0x92722c851482353b ,
- 0xa2bfe8a14cf10364 ,0xa81a664bbc423001 ,0xc24b8b70d0f89791 ,0xc76c51a30654be30 ,
- 0xd192e819d6ef5218 ,0xd69906245565a910 ,0xf40e35855771202a ,0x106aa07032bbd1b8 ,
- 0x19a4c116b8d2d0c8 ,0x1e376c085141ab53 ,0x2748774cdf8eeb99 ,0x34b0bcb5e19b48a8 ,
- 0x391c0cb3c5c95a63 ,0x4ed8aa4ae3418acb ,0x5b9cca4f7763e373 ,0x682e6ff3d6b2b8a3 ,
- 0x748f82ee5defb2fc ,0x78a5636f43172f60 ,0x84c87814a1f0ab72 ,0x8cc702081a6439ec ,
- 0x90befffa23631e28 ,0xa4506cebde82bde9 ,0xbef9a3f7b2c67915 ,0xc67178f2e372532b ,
- 0xca273eceea26619c ,0xd186b8c721c0c207 ,0xeada7dd6cde0eb1e ,0xf57d4f7fee6ed178 ,
- 0x06f067aa72176fba ,0x0a637dc5a2c898a6 ,0x113f9804bef90dae ,0x1b710b35131c471b ,
- 0x28db77f523047d84 ,0x32caab7b40c72493 ,0x3c9ebe0a15c9bebc ,0x431d67c49c100d4c ,
- 0x4cc5d4becb3e42b6 ,0x597f299cfc657e2a ,0x5fcb6fab3ad6faec ,0x6c44198c4a475817
-};
-
-
-static void HASH512_transform(hash512 *sh)
-{
- /* basic transformation step */
- unsign64 a,b,c,d,e,f,g,h,t1,t2;
- int j;
- for (j=16; j<80; j++)
- sh->w[j]=theta1_512(sh->w[j-2])+sh->w[j-7]+theta0_512(sh->w[j-15])+sh->w[j-16];
-
- a=sh->h[0];
- b=sh->h[1];
- c=sh->h[2];
- d=sh->h[3];
- e=sh->h[4];
- f=sh->h[5];
- g=sh->h[6];
- h=sh->h[7];
-
- for (j=0; j<80; j++)
- {
- /* 80 times - mush it up */
- t1=h+Sig1_512(e)+Ch(e,f,g)+K_512[j]+sh->w[j];
- t2=Sig0_512(a)+Maj(a,b,c);
- h=g;
- g=f;
- f=e;
- e=d+t1;
- d=c;
- c=b;
- b=a;
- a=t1+t2;
- }
- sh->h[0]+=a;
- sh->h[1]+=b;
- sh->h[2]+=c;
- sh->h[3]+=d;
- sh->h[4]+=e;
- sh->h[5]+=f;
- sh->h[6]+=g;
- sh->h[7]+=h;
-}
-
-void HASH384_init(hash384 *sh)
-{
- /* re-initialise */
- int i;
- for (i=0; i<80; i++) sh->w[i]=0;
- sh->length[0]=sh->length[1]=0;
- sh->h[0]=H8_512;
- sh->h[1]=H9_512;
- sh->h[2]=HA_512;
- sh->h[3]=HB_512;
- sh->h[4]=HC_512;
- sh->h[5]=HD_512;
- sh->h[6]=HE_512;
- sh->h[7]=HF_512;
-
- sh->hlen=48;
-
-}
-
-void HASH384_process(hash384 *sh,int byte)
-{
- /* process the next message byte */
- HASH512_process(sh,byte);
-}
-
-void HASH384_hash(hash384 *sh,char *hash)
-{
- /* pad message and finish - supply digest */
- HASH512_hash(sh,hash);
-}
-
-void HASH512_init(hash512 *sh)
-{
- /* re-initialise */
- int i;
-
- for (i=0; i<80; i++) sh->w[i]=0;
- sh->length[0]=sh->length[1]=0;
- sh->h[0]=H0_512;
- sh->h[1]=H1_512;
- sh->h[2]=H2_512;
- sh->h[3]=H3_512;
- sh->h[4]=H4_512;
- sh->h[5]=H5_512;
- sh->h[6]=H6_512;
- sh->h[7]=H7_512;
-
- sh->hlen=64;
-}
-
-void HASH512_process(hash512 *sh,int byte)
-{
- /* process the next message byte */
- int cnt;
-
- cnt=(int)((sh->length[0]/64)%16);
-
- sh->w[cnt]<<=8;
- sh->w[cnt]|=(unsign64)(byte&0xFF);
-
- sh->length[0]+=8;
- if (sh->length[0]==0L)
- {
- sh->length[1]++;
- sh->length[0]=0L;
- }
- if ((sh->length[0]%1024)==0) HASH512_transform(sh);
-}
-
-void HASH512_hash(hash512 *sh,char *hash)
-{
- /* pad message and finish - supply digest */
- int i;
- unsign64 len0,len1;
- len0=sh->length[0];
- len1=sh->length[1];
- HASH512_process(sh,PAD);
- while ((sh->length[0]%1024)!=896) HASH512_process(sh,ZERO);
- sh->w[14]=len1;
- sh->w[15]=len0;
- HASH512_transform(sh);
- for (i=0; i<sh->hlen; i++)
- {
- /* convert to bytes */
- hash[i]=(char)((sh->h[i/8]>>(8*(7-i%8))) & 0xffL);
- }
- HASH512_init(sh);
-}
-
-
-/* test program: should produce digest
-
-160 bit
-
-84983e44 1c3bd26e baae4aa1 f95129e5 e54670f1
-
-256 bit
-
-248d6a61 d20638b8 e5c02693 0c3e6039 a33ce459 64ff2167 f6ecedd4 19db06c1
-
-512 bit
-
-8e959b75dae313da 8cf4f72814fc143f 8f7779c6eb9f7fa1 7299aeadb6889018
-501d289e4900f7e4 331b99dec4b5433a c7d329eeb6dd2654 5e96e55b874be909
-
-384 bit
-
-09330c33f71147e8 3d192fc782cd1b47 53111b173b3b05d2 2fa08086e3b0f712
-fcc7c71a557e2db9 66c3e9fa91746039
-*/
-/*
-#include <stdio.h>
-#include "aracrypt.h"
-
-char test160[]="abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
-char test256[]="abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
-char test512[]="abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
-
-int main()
-{
- char digest[64];
- int i;
- hash160 sh160;
- hash256 sh256;
- hash384 sh384;
- hash512 sh512;
-
- HASH160_init(&sh160);
- for (i=0;test256[i]!=0;i++) HASH160_process(&sh160,test160[i]);
- HASH160_hash(&sh160,digest);
- for (i=0;i<20;i++) printf("%02x",(unsigned char)digest[i]);
- printf("\n");
-
- HASH256_init(&sh256);
- for (i=0;test256[i]!=0;i++) HASH256_process(&sh256,test256[i]);
- HASH256_hash(&sh256,digest);
- for (i=0;i<32;i++) printf("%02x",(unsigned char)digest[i]);
- printf("\n");
-
- HASH384_init(&sh384);
- for (i=0;test512[i]!=0;i++) HASH384_process(&sh384,test512[i]);
- HASH384_hash(&sh384,digest);
- for (i=0;i<48;i++) printf("%02x",(unsigned char)digest[i]);
- printf("\n");
-
- HASH512_init(&sh512);
- for (i=0;test512[i]!=0;i++) HASH512_process(&sh512,test512[i]);
- HASH512_hash(&sh512,digest);
- for (i=0;i<64;i++) printf("%02x",(unsigned char)digest[i]);
- printf("\n");
-
-
- return 0;
-}
-
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/maxstack.c
----------------------------------------------------------------------
diff --git a/version22/c/maxstack.c b/version22/c/maxstack.c
deleted file mode 100644
index 77b2062..0000000
--- a/version22/c/maxstack.c
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/*
- How to determine maximum stack usage
- 1. Compile this file *with no optimization*, for example gcc -c maxstack.c
- 2. Rename your main() function to mymain()
- 3. Compile with normal level of optimization, linking to maxstack.o for example gcc maxstack.o -O3 myprogram.c -o myprogam
- 4. Execute myprogram
- 5. Program runs, at end prints out maximum stack usage
-
- Caveat Code!
- Mike Scott October 2014
-*/
-
-#include <stdio.h>
-
-#define MAXSTACK 65536 /* greater than likely stack requirement */
-
-extern void mymain();
-
-void start()
-{
- char stack[MAXSTACK];
- int i;
- for (i=0; i<MAXSTACK; i++) stack[i]=0x55;
-}
-
-void finish()
-{
- char stack[MAXSTACK];
- int i;
- for (i=0; i<MAXSTACK; i++)
- if (stack[i]!=0x55) break;
- printf("Max Stack usage = %d\n",MAXSTACK-i);
-}
-
-int main()
-{
- start();
-
- mymain();
-
- finish();
- return 0;
-}
[35/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/java/FP2.java
----------------------------------------------------------------------
diff --git a/version22/java/FP2.java b/version22/java/FP2.java
deleted file mode 100644
index 9667db9..0000000
--- a/version22/java/FP2.java
+++ /dev/null
@@ -1,393 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Finite Field arithmetic Fp^2 functions */
-
-/* FP2 elements are of the form a+ib, where i is sqrt(-1) */
-
-public final class FP2 {
- private final FP a;
- private final FP b;
-
-/* reduce components mod Modulus */
- public void reduce()
- {
- a.reduce();
- b.reduce();
- }
-
-/* normalise components of w */
- public void norm()
- {
- a.norm();
- b.norm();
- }
-
-/* test this=0 ? */
- public boolean iszilch() {
- reduce();
- return (a.iszilch() && b.iszilch());
- }
-
- public void cmove(FP2 g,int d)
- {
- a.cmove(g.a,d);
- b.cmove(g.b,d);
- }
-
-/* test this=1 ? */
- public boolean isunity() {
- FP one=new FP(1);
- return (a.equals(one) && b.iszilch());
- }
-
-/* test this=x */
- public boolean equals(FP2 x) {
- return (a.equals(x.a) && b.equals(x.b));
- }
-
-/* Constructors */
- public FP2(int c)
- {
- a=new FP(c);
- b=new FP(0);
- }
-
- public FP2(FP2 x)
- {
- a=new FP(x.a);
- b=new FP(x.b);
- }
-
- public FP2(FP c,FP d)
- {
- a=new FP(c);
- b=new FP(d);
- }
-
- public FP2(BIG c,BIG d)
- {
- a=new FP(c);
- b=new FP(d);
- }
-
- public FP2(FP c)
- {
- a=new FP(c);
- b=new FP(0);
- }
-
- public FP2(BIG c)
- {
- a=new FP(c);
- b=new FP(0);
- }
-/*
- public BIG geta()
- {
- return a.tobig();
- }
-*/
-/* extract a */
- public BIG getA()
- {
- return a.redc();
- }
-
-/* extract b */
- public BIG getB()
- {
- return b.redc();
- }
-
-/* copy this=x */
- public void copy(FP2 x)
- {
- a.copy(x.a);
- b.copy(x.b);
- }
-
-/* set this=0 */
- public void zero()
- {
- a.zero();
- b.zero();
- }
-
-/* set this=1 */
- public void one()
- {
- a.one();
- b.zero();
- }
-
-/* negate this mod Modulus */
- public void neg()
- {
- norm();
- FP m=new FP(a);
- FP t=new FP(0);
-
- m.add(b);
- m.neg();
- m.norm();
- t.copy(m); t.add(b);
- b.copy(m);
- b.add(a);
- a.copy(t);
- }
-
-/* set to a-ib */
- public void conj()
- {
- b.neg();
- }
-
-/* this+=a */
- public void add(FP2 x)
- {
- a.add(x.a);
- b.add(x.b);
- }
-
-/* this-=a */
- public void sub(FP2 x)
- {
- FP2 m=new FP2(x);
- m.neg();
- add(m);
- }
-
-/* this*=s, where s is an FP */
- public void pmul(FP s)
- {
- a.mul(s);
- b.mul(s);
- }
-
-/* this*=i, where i is an int */
- public void imul(int c)
- {
- a.imul(c);
- b.imul(c);
- }
-
-/* this*=this */
- public void sqr()
- {
- norm();
- FP w1=new FP(a);
- FP w3=new FP(a);
- FP mb=new FP(b);
-
- w3.mul(b);
- w1.add(b);
- mb.neg();
- a.add(mb);
- a.mul(w1);
- b.copy(w3); b.add(w3);
- norm();
- }
-
-/* this*=y */
- public void mul(FP2 y)
- {
- norm(); /* This is needed here as {a,b} is not normed before additions */
-
- FP w1=new FP(a);
- FP w2=new FP(b);
- FP w5=new FP(a);
- FP mw=new FP(0);
-
- w1.mul(y.a); // w1=a*y.a - this norms w1 and y.a, NOT a
- w2.mul(y.b); // w2=b*y.b - this norms w2 and y.b, NOT b
- w5.add(b); // w5=a+b
- b.copy(y.a); b.add(y.b); // b=y.a+y.b
-
- b.mul(w5);
- mw.copy(w1); mw.add(w2); mw.neg();
-
- b.add(mw); mw.add(w1);
- a.copy(w1); a.add(mw);
-
- norm();
- }
-
-/* sqrt(a+ib) = sqrt(a+sqrt(a*a-n*b*b)/2)+ib/(2*sqrt(a+sqrt(a*a-n*b*b)/2)) */
-/* returns true if this is QR */
- public boolean sqrt()
- {
- if (iszilch()) return true;
- FP w1=new FP(b);
- FP w2=new FP(a);
- w1.sqr(); w2.sqr(); w1.add(w2);
- if (w1.jacobi()!=1) { zero(); return false; }
- w1=w1.sqrt();
- w2.copy(a); w2.add(w1); w2.div2();
- if (w2.jacobi()!=1)
- {
- w2.copy(a); w2.sub(w1); w2.div2();
- if (w2.jacobi()!=1) { zero(); return false; }
- }
- w2=w2.sqrt();
- a.copy(w2);
- w2.add(w2);
- w2.inverse();
- b.mul(w2);
- return true;
- }
-
-/* output to hex string */
- public String toString()
- {
- return ("["+a.toString()+","+b.toString()+"]");
- }
-
- public String toRawString()
- {
- return ("["+a.toRawString()+","+b.toRawString()+"]");
- }
-
-/* this=1/this */
- public void inverse()
- {
- norm();
- FP w1=new FP(a);
- FP w2=new FP(b);
-
- w1.sqr();
- w2.sqr();
- w1.add(w2);
- w1.inverse();
- a.mul(w1);
- w1.neg();
- b.mul(w1);
- }
-
-/* this/=2 */
- public void div2()
- {
- a.div2();
- b.div2();
- }
-
-/* this*=sqrt(-1) */
- public void times_i()
- {
- // a.norm();
- FP z=new FP(a);
- a.copy(b); a.neg();
- b.copy(z);
- }
-
-/* w*=(1+sqrt(-1)) */
-/* where X*2-(1+sqrt(-1)) is irreducible for FP4, assumes p=3 mod 8 */
- public void mul_ip()
- {
- norm();
- FP2 t=new FP2(this);
- FP z=new FP(a);
- a.copy(b);
- a.neg();
- b.copy(z);
- add(t);
- norm();
- }
-
-/* w/=(1+sqrt(-1)) */
- public void div_ip()
- {
- FP2 t=new FP2(0);
- norm();
- t.a.copy(a); t.a.add(b);
- t.b.copy(b); t.b.sub(a);
- copy(t);
- div2();
- }
-/*
- public FP2 pow(BIG e)
- {
- int bt;
- FP2 r=new FP2(1);
- e.norm();
- norm();
- while (true)
- {
- bt=e.parity();
- e.fshr(1);
- if (bt==1) r.mul(this);
- if (e.iszilch()) break;
- sqr();
- }
-
- r.reduce();
- return r;
- }
-
- public static void main(String[] args) {
- BIG m=new BIG(ROM.Modulus);
- BIG x=new BIG(3);
- BIG e=new BIG(27);
- BIG pp1=new BIG(m);
- BIG pm1=new BIG(m);
- BIG a=new BIG(1);
- BIG b=new BIG(1);
- FP2 w=new FP2(a,b);
- FP2 z=new FP2(w);
-
- byte[] RAW=new byte[100];
-
- RAND rng=new RAND();
- for (int i=0;i<100;i++) RAW[i]=(byte)(i);
-
- rng.seed(100,RAW);
-
- // for (int i=0;i<100;i++)
- // {
- a.randomnum(rng);
- b.randomnum(rng);
-
- w=new FP2(a,b);
- System.out.println("w="+w.toString());
-
- z=new FP2(w);
- z.inverse();
- System.out.println("z="+z.toString());
-
- z.inverse();
- if (!z.equals(w)) System.out.println("Error");
- // }
-
-// System.out.println("m="+m.toString());
-// w.sqr();
-// w.mul(z);
-
- System.out.println("w="+w.toString());
-
-
- pp1.inc(1); pp1.norm();
- pm1.dec(1); pm1.norm();
- System.out.println("p+1="+pp1.toString());
- System.out.println("p-1="+pm1.toString());
- w=w.pow(pp1);
- w=w.pow(pm1);
- System.out.println("w="+w.toString());
- }
-*/
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/java/FP4.java
----------------------------------------------------------------------
diff --git a/version22/java/FP4.java b/version22/java/FP4.java
deleted file mode 100644
index 7d8912a..0000000
--- a/version22/java/FP4.java
+++ /dev/null
@@ -1,584 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Finite Field arithmetic Fp^4 functions */
-
-/* FP4 elements are of the form a+ib, where i is sqrt(-1+sqrt(-1)) */
-
-public final class FP4 {
- private final FP2 a;
- private final FP2 b;
-/* reduce all components of this mod Modulus */
- public void reduce()
- {
- a.reduce();
- b.reduce();
- }
-/* normalise all components of this mod Modulus */
- public void norm()
- {
- a.norm();
- b.norm();
- }
-/* test this==0 ? */
- public boolean iszilch() {
- reduce();
- return (a.iszilch() && b.iszilch());
- }
-/* test this==1 ? */
- public boolean isunity() {
- FP2 one=new FP2(1);
- return (a.equals(one) && b.iszilch());
- }
-
-/* test is w real? That is in a+ib test b is zero */
- public boolean isreal()
- {
- return b.iszilch();
- }
-/* extract real part a */
- public FP2 real()
- {
- return a;
- }
-
- public FP2 geta()
- {
- return a;
- }
-/* extract imaginary part b */
- public FP2 getb()
- {
- return b;
- }
-/* test this=x? */
- public boolean equals(FP4 x)
- {
- return (a.equals(x.a) && b.equals(x.b));
- }
-/* constructors */
- public FP4(int c)
- {
- a=new FP2(c);
- b=new FP2(0);
- }
-
- public FP4(FP4 x)
- {
- a=new FP2(x.a);
- b=new FP2(x.b);
- }
-
- public FP4(FP2 c,FP2 d)
- {
- a=new FP2(c);
- b=new FP2(d);
- }
-
- public FP4(FP2 c)
- {
- a=new FP2(c);
- b=new FP2(0);
- }
-/* copy this=x */
- public void copy(FP4 x)
- {
- a.copy(x.a);
- b.copy(x.b);
- }
-/* set this=0 */
- public void zero()
- {
- a.zero();
- b.zero();
- }
-/* set this=1 */
- public void one()
- {
- a.one();
- b.zero();
- }
-/* set this=-this */
- public void neg()
- {
- FP2 m=new FP2(a);
- FP2 t=new FP2(0);
- m.add(b);
- m.neg();
- m.norm();
- t.copy(m); t.add(b);
- b.copy(m);
- b.add(a);
- a.copy(t);
- }
-/* this=conjugate(this) */
- public void conj()
- {
- b.neg(); b.norm();
- }
-/* this=-conjugate(this) */
- public void nconj()
- {
- a.neg(); a.norm();
- }
-/* this+=x */
- public void add(FP4 x)
- {
- a.add(x.a);
- b.add(x.b);
- }
-/* this-=x */
- public void sub(FP4 x)
- {
- FP4 m=new FP4(x);
- m.neg();
- add(m);
- }
-
-/* this*=s where s is FP2 */
- public void pmul(FP2 s)
- {
- a.mul(s);
- b.mul(s);
- }
-/* this*=c where c is int */
- public void imul(int c)
- {
- a.imul(c);
- b.imul(c);
- }
-/* this*=this */
- public void sqr()
- {
- norm();
-
- FP2 t1=new FP2(a);
- FP2 t2=new FP2(b);
- FP2 t3=new FP2(a);
-
- t3.mul(b);
- t1.add(b);
- t2.mul_ip();
-
- t2.add(a);
- a.copy(t1);
-
- a.mul(t2);
-
- t2.copy(t3);
- t2.mul_ip();
- t2.add(t3);
- t2.neg();
- a.add(t2);
-
- b.copy(t3);
- b.add(t3);
-
- norm();
- }
-/* this*=y */
- public void mul(FP4 y)
- {
- norm();
-
- FP2 t1=new FP2(a);
- FP2 t2=new FP2(b);
- FP2 t3=new FP2(0);
- FP2 t4=new FP2(b);
-
- t1.mul(y.a);
- t2.mul(y.b);
- t3.copy(y.b);
- t3.add(y.a);
- t4.add(a);
-
- t4.mul(t3);
- t4.sub(t1);
- t4.norm();
-
- b.copy(t4);
- b.sub(t2);
- t2.mul_ip();
- a.copy(t2);
- a.add(t1);
-
- norm();
- }
-/* convert this to hex string */
- public String toString()
- {
- return ("["+a.toString()+","+b.toString()+"]");
- }
-
- public String toRawString()
- {
- return ("["+a.toRawString()+","+b.toRawString()+"]");
- }
-
-/* this=1/this */
- public void inverse()
- {
- norm();
-
- FP2 t1=new FP2(a);
- FP2 t2=new FP2(b);
-
- t1.sqr();
- t2.sqr();
- t2.mul_ip();
- t1.sub(t2);
- t1.inverse();
- a.mul(t1);
- t1.neg();
- b.mul(t1);
- }
-
-
-/* this*=i where i = sqrt(-1+sqrt(-1)) */
- public void times_i()
- {
- norm();
- FP2 s=new FP2(b);
- FP2 t=new FP2(b);
- s.times_i();
- t.add(s);
- t.norm();
- b.copy(a);
- a.copy(t);
- }
-
-/* this=this^p using Frobenius */
- public void frob(FP2 f)
- {
- a.conj();
- b.conj();
- b.mul(f);
- }
-
-/* this=this^e */
- public FP4 pow(BIG e)
- {
- norm();
- e.norm();
- FP4 w=new FP4(this);
- BIG z=new BIG(e);
- FP4 r=new FP4(1);
- while (true)
- {
- int bt=z.parity();
- z.fshr(1);
- if (bt==1) r.mul(w);
- if (z.iszilch()) break;
- w.sqr();
- }
- r.reduce();
- return r;
- }
-/* XTR xtr_a function */
- public void xtr_A(FP4 w,FP4 y,FP4 z)
- {
- FP4 r=new FP4(w);
- FP4 t=new FP4(w);
- r.sub(y);
- r.pmul(a);
- t.add(y);
- t.pmul(b);
- t.times_i();
-
- copy(r);
- add(t);
- add(z);
-
- norm();
- }
-
-/* XTR xtr_d function */
- public void xtr_D() {
- FP4 w=new FP4(this);
- sqr(); w.conj();
- w.add(w);
- sub(w);
- reduce();
- }
-
-/* r=x^n using XTR method on traces of FP12s */
- public FP4 xtr_pow(BIG n) {
- FP4 a=new FP4(3);
- FP4 b=new FP4(this);
- FP4 c=new FP4(b);
- c.xtr_D();
- FP4 t=new FP4(0);
- FP4 r=new FP4(0);
-
- n.norm();
- int par=n.parity();
- BIG v=new BIG(n); v.fshr(1);
- if (par==0) {v.dec(1); v.norm();}
-
- int nb=v.nbits();
- for (int i=nb-1;i>=0;i--)
- {
- if (v.bit(i)!=1)
- {
- t.copy(b);
- conj();
- c.conj();
- b.xtr_A(a,this,c);
- conj();
- c.copy(t);
- c.xtr_D();
- a.xtr_D();
- }
- else
- {
- t.copy(a); t.conj();
- a.copy(b);
- a.xtr_D();
- b.xtr_A(c,this,t);
- c.xtr_D();
- }
- }
- if (par==0) r.copy(c);
- else r.copy(b);
- r.reduce();
- return r;
- }
-
-/* r=ck^a.cl^n using XTR double exponentiation method on traces of FP12s. See Stam thesis. */
- public FP4 xtr_pow2(FP4 ck,FP4 ckml,FP4 ckm2l,BIG a,BIG b)
- {
- a.norm(); b.norm();
- BIG e=new BIG(a);
- BIG d=new BIG(b);
- BIG w=new BIG(0);
-
- FP4 cu=new FP4(ck); // can probably be passed in w/o copying
- FP4 cv=new FP4(this);
- FP4 cumv=new FP4(ckml);
- FP4 cum2v=new FP4(ckm2l);
- FP4 r=new FP4(0);
- FP4 t=new FP4(0);
-
- int f2=0;
- while (d.parity()==0 && e.parity()==0)
- {
- d.fshr(1);
- e.fshr(1);
- f2++;
- }
-
- while (BIG.comp(d,e)!=0)
- {
- if (BIG.comp(d,e)>0)
- {
- w.copy(e); w.imul(4); w.norm();
- if (BIG.comp(d,w)<=0)
- {
- w.copy(d); d.copy(e);
- e.rsub(w); e.norm();
-
- t.copy(cv);
- t.xtr_A(cu,cumv,cum2v);
- cum2v.copy(cumv);
- cum2v.conj();
- cumv.copy(cv);
- cv.copy(cu);
- cu.copy(t);
-
- }
- else if (d.parity()==0)
- {
- d.fshr(1);
- r.copy(cum2v); r.conj();
- t.copy(cumv);
- t.xtr_A(cu,cv,r);
- cum2v.copy(cumv);
- cum2v.xtr_D();
- cumv.copy(t);
- cu.xtr_D();
- }
- else if (e.parity()==1)
- {
- d.sub(e); d.norm();
- d.fshr(1);
- t.copy(cv);
- t.xtr_A(cu,cumv,cum2v);
- cu.xtr_D();
- cum2v.copy(cv);
- cum2v.xtr_D();
- cum2v.conj();
- cv.copy(t);
- }
- else
- {
- w.copy(d);
- d.copy(e); d.fshr(1);
- e.copy(w);
- t.copy(cumv);
- t.xtr_D();
- cumv.copy(cum2v); cumv.conj();
- cum2v.copy(t); cum2v.conj();
- t.copy(cv);
- t.xtr_D();
- cv.copy(cu);
- cu.copy(t);
- }
- }
- if (BIG.comp(d,e)<0)
- {
- w.copy(d); w.imul(4); w.norm();
- if (BIG.comp(e,w)<=0)
- {
- e.sub(d); e.norm();
- t.copy(cv);
- t.xtr_A(cu,cumv,cum2v);
- cum2v.copy(cumv);
- cumv.copy(cu);
- cu.copy(t);
- }
- else if (e.parity()==0)
- {
- w.copy(d);
- d.copy(e); d.fshr(1);
- e.copy(w);
- t.copy(cumv);
- t.xtr_D();
- cumv.copy(cum2v); cumv.conj();
- cum2v.copy(t); cum2v.conj();
- t.copy(cv);
- t.xtr_D();
- cv.copy(cu);
- cu.copy(t);
- }
- else if (d.parity()==1)
- {
- w.copy(e);
- e.copy(d);
- w.sub(d); w.norm();
- d.copy(w); d.fshr(1);
- t.copy(cv);
- t.xtr_A(cu,cumv,cum2v);
- cumv.conj();
- cum2v.copy(cu);
- cum2v.xtr_D();
- cum2v.conj();
- cu.copy(cv);
- cu.xtr_D();
- cv.copy(t);
- }
- else
- {
- d.fshr(1);
- r.copy(cum2v); r.conj();
- t.copy(cumv);
- t.xtr_A(cu,cv,r);
- cum2v.copy(cumv);
- cum2v.xtr_D();
- cumv.copy(t);
- cu.xtr_D();
- }
- }
- }
- r.copy(cv);
- r.xtr_A(cu,cumv,cum2v);
- for (int i=0;i<f2;i++)
- r.xtr_D();
- r=r.xtr_pow(d);
- return r;
- }
-
-/*
- public static void main(String[] args) {
- BIG m=new BIG(ROM.Modulus);
- BIG e=new BIG(12);
- BIG a=new BIG(0);
- BIG b=new BIG(0);
-
- a.inc(27); b.inc(45);
-
- FP2 w0=new FP2(a,b);
-
- a.zero(); b.zero();
- a.inc(33); b.inc(54);
-
- FP2 w1=new FP2(a,b);
-
-
- FP4 w=new FP4(w0,w1);
- FP4 t=new FP4(w);
-
- a=new BIG(ROM.CURVE_Fra);
- b=new BIG(ROM.CURVE_Frb);
-
- FP2 f=new FP2(a,b);
-
- System.out.println("w= "+w.toString());
-
- w=w.pow(m);
-
- System.out.println("w^p= "+w.toString());
-
- t.frob(f);
-
-
- System.out.println("w^p= "+t.toString());
-
- w=w.pow(m);
- w=w.pow(m);
- w=w.pow(m);
- System.out.println("w^p4= "+w.toString());
-
-
- System.out.println("Test Inversion");
-
- w=new FP4(w0,w1);
-
- w.inverse();
-
- System.out.println("1/w mod p^4 = "+w.toString());
-
- w.inverse();
-
- System.out.println("1/(1/w) mod p^4 = "+w.toString());
-
- FP4 ww=new FP4(w);
-
- w=w.xtr_pow(e);
- System.out.println("w^e= "+w.toString());
-
-
- a.zero(); b.zero();
- a.inc(37); b.inc(17);
- w0=new FP2(a,b);
- a.zero(); b.zero();
- a.inc(49); b.inc(31);
- w1=new FP2(a,b);
-
- FP4 c1=new FP4(w0,w1);
- FP4 c2=new FP4(w0,w1);
- FP4 c3=new FP4(w0,w1);
-
- BIG e1=new BIG(3331);
- BIG e2=new BIG(3372);
-
- FP4 cr=w.xtr_pow2(c1,c2,c3,e1,e2);
-
- System.out.println("c^e= "+cr.toString());
- } */
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/java/GCM.java
----------------------------------------------------------------------
diff --git a/version22/java/GCM.java b/version22/java/GCM.java
deleted file mode 100644
index 47e5bb2..0000000
--- a/version22/java/GCM.java
+++ /dev/null
@@ -1,374 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-
-/*
- * Implementation of the AES-GCM Encryption/Authentication
- *
- * Some restrictions..
- * 1. Only for use with AES
- * 2. Returned tag is always 128-bits. Truncate at your own risk.
- * 3. The order of function calls must follow some rules
- *
- * Typical sequence of calls..
- * 1. call GCM_init
- * 2. call GCM_add_header any number of times, as long as length of header is multiple of 16 bytes (block size)
- * 3. call GCM_add_header one last time with any length of header
- * 4. call GCM_add_cipher any number of times, as long as length of cipher/plaintext is multiple of 16 bytes
- * 5. call GCM_add_cipher one last time with any length of cipher/plaintext
- * 6. call GCM_finish to extract the tag.
- *
- * See http://www.mindspring.com/~dmcgrew/gcm-nist-6.pdf
- */
-
-public class GCM {
- public static final int NB=4;
- public static final int GCM_ACCEPTING_HEADER=0;
- public static final int GCM_ACCEPTING_CIPHER=1;
- public static final int GCM_NOT_ACCEPTING_MORE=2;
- public static final int GCM_FINISHED=3;
- public static final int GCM_ENCRYPTING=0;
- public static final int GCM_DECRYPTING=1;
-
- private int[][] table=new int[128][4]; /* 2k bytes */
- private byte[] stateX=new byte[16];
- private byte[]Y_0=new byte[16];
- private int counter;
- private int[] lenA=new int[2];
- private int[] lenC=new int[2];
- private int status;
- private AES a=new AES();
-
- private static int pack(byte[] b)
- { /* pack bytes into a 32-bit Word */
- return ((((int)b[0])&0xff)<<24)|(((int)b[1]&0xff)<<16)|(((int)b[2]&0xff)<<8)|((int)b[3]&0xff);
- }
-
- private static byte[] unpack(int a)
- { /* unpack bytes from a word */
- byte [] b=new byte[4];
- b[3]=(byte)(a);
- b[2]=(byte)(a>>>8);
- b[1]=(byte)(a>>>16);
- b[0]=(byte)(a>>>24);
- return b;
- }
-
- private void precompute(byte[] H)
- {
- int i,j,c;
- byte[] b=new byte[4];
-
- for (i=j=0;i<NB;i++,j+=4)
- {
- b[0]=H[j]; b[1]=H[j+1]; b[2]=H[j+2]; b[3]=H[j+3];
- table[0][i]=pack(b);
- }
- for (i=1;i<128;i++)
- {
- c=0;
- for (j=0;j<NB;j++) {table[i][j]=c|(table[i-1][j])>>>1; c=table[i-1][j]<<31;}
- if (c!=0) table[i][0]^=0xE1000000; /* irreducible polynomial */
- }
- }
-
- private void gf2mul()
- { /* gf2m mul - Z=H*X mod 2^128 */
- int i,j,m,k;
- int[] P=new int[4];
- int c;
- byte[] b;//=new byte[4];
-
- P[0]=P[1]=P[2]=P[3]=0;
- j=8; m=0;
- for (i=0;i<128;i++)
- {
- c=(stateX[m]>>>(--j))&1; c=~c+1;
- for (k=0;k<NB;k++) P[k]^=(table[i][k]&c);
- if (j==0)
- {
- j=8; m++;
- if (m==16) break;
- }
- }
- for (i=j=0;i<NB;i++,j+=4)
- {
- b=unpack(P[i]);
- stateX[j]=b[0]; stateX[j+1]=b[1]; stateX[j+2]=b[2]; stateX[j+3]=b[3];
- }
- }
-
- private void wrap()
- { /* Finish off GHASH */
- int i,j;
- int[] F=new int[4];
- byte[] L=new byte[16];
- byte[] b;//=new byte[4];
-
-/* convert lengths from bytes to bits */
- F[0]=(lenA[0]<<3)|(lenA[1]&0xE0000000)>>>29;
- F[1]=lenA[1]<<3;
- F[2]=(lenC[0]<<3)|(lenC[1]&0xE0000000)>>>29;
- F[3]=lenC[1]<<3;
- for (i=j=0;i<NB;i++,j+=4)
- {
- b=unpack(F[i]);
- L[j]=b[0]; L[j+1]=b[1]; L[j+2]=b[2]; L[j+3]=b[3];
- }
- for (i=0;i<16;i++) stateX[i]^=L[i];
- gf2mul();
- }
-
-/* Initialize GCM mode */
- public void init(int nk,byte[] key,int niv,byte[] iv)
- { /* iv size niv is usually 12 bytes (96 bits). AES key size nk can be 16,24 or 32 bytes */
- int i;
- byte[] H=new byte[16];
- byte[] b;//=new byte[4];
-
- for (i=0;i<16;i++) {H[i]=0; stateX[i]=0;}
-
- a.init(AES.ECB,nk,key,iv);
- a.ecb_encrypt(H); /* E(K,0) */
- precompute(H);
-
- lenA[0]=lenC[0]=lenA[1]=lenC[1]=0;
- if (niv==12)
- {
- for (i=0;i<12;i++) a.f[i]=iv[i];
- b=unpack((int)1);
- a.f[12]=b[0]; a.f[13]=b[1]; a.f[14]=b[2]; a.f[15]=b[3]; /* initialise IV */
- for (i=0;i<16;i++) Y_0[i]=a.f[i];
- }
- else
- {
- status=GCM_ACCEPTING_CIPHER;
- ghash(iv,niv); /* GHASH(H,0,IV) */
- wrap();
- for (i=0;i<16;i++) {a.f[i]=stateX[i];Y_0[i]=a.f[i];stateX[i]=0;}
- lenA[0]=lenC[0]=lenA[1]=lenC[1]=0;
- }
- status=GCM_ACCEPTING_HEADER;
- }
-
-/* Add Header data - included but not encrypted */
- public boolean add_header(byte[] header,int len)
- { /* Add some header. Won't be encrypted, but will be authenticated. len is length of header */
- int i,j=0;
- if (status!=GCM_ACCEPTING_HEADER) return false;
-
- while (j<len)
- {
- for (i=0;i<16 && j<len;i++)
- {
- stateX[i]^=header[j++];
- lenA[1]++; if (lenA[1]==0) lenA[0]++;
- }
- gf2mul();
- }
- if (len%16!=0) status=GCM_ACCEPTING_CIPHER;
- return true;
- }
-
- private boolean ghash(byte[] plain,int len)
- {
- int i,j=0;
- int counter;
- // byte[] B=new byte[16];
- // byte[] b=new byte[4];
-
- if (status==GCM_ACCEPTING_HEADER) status=GCM_ACCEPTING_CIPHER;
- if (status!=GCM_ACCEPTING_CIPHER) return false;
-
- while (j<len)
- {
- for (i=0;i<16 && j<len;i++)
- {
- stateX[i]^=plain[j++];
- lenC[1]++; if (lenC[1]==0) lenC[0]++;
- }
- gf2mul();
- }
- if (len%16!=0) status=GCM_NOT_ACCEPTING_MORE;
- return true;
- }
-
-/* Add Plaintext - included and encrypted */
- public byte[] add_plain(byte[] plain,int len)
- {
- int i,j=0;
- int counter;
- byte[] B=new byte[16];
- byte[] b=new byte[4];
- byte[] cipher=new byte[len];
-
- if (status==GCM_ACCEPTING_HEADER) status=GCM_ACCEPTING_CIPHER;
- if (status!=GCM_ACCEPTING_CIPHER) return new byte[0];
-
- while (j<len)
- {
-
- b[0]=a.f[12]; b[1]=a.f[13]; b[2]=a.f[14]; b[3]=a.f[15];
- counter=pack(b);
- counter++;
- b=unpack(counter);
- a.f[12]=b[0]; a.f[13]=b[1]; a.f[14]=b[2]; a.f[15]=b[3]; /* increment counter */
- for (i=0;i<16;i++) B[i]=a.f[i];
- a.ecb_encrypt(B); /* encrypt it */
-
- for (i=0;i<16 && j<len;i++)
- {
- cipher[j]=(byte)(plain[j]^B[i]);
- stateX[i]^=cipher[j++];
- lenC[1]++; if (lenC[1]==0) lenC[0]++;
- }
- gf2mul();
- }
- if (len%16!=0) status=GCM_NOT_ACCEPTING_MORE;
- return cipher;
- }
-
-/* Add Ciphertext - decrypts to plaintext */
- public byte[] add_cipher(byte[] cipher,int len)
- {
- int i,j=0;
- int counter;
- byte[] B=new byte[16];
- byte[] b=new byte[4];
- byte[] plain=new byte[len];
-
- if (status==GCM_ACCEPTING_HEADER) status=GCM_ACCEPTING_CIPHER;
- if (status!=GCM_ACCEPTING_CIPHER) return new byte[0];
-
- while (j<len)
- {
-
- b[0]=a.f[12]; b[1]=a.f[13]; b[2]=a.f[14]; b[3]=a.f[15];
- counter=pack(b);
- counter++;
- b=unpack(counter);
- a.f[12]=b[0]; a.f[13]=b[1]; a.f[14]=b[2]; a.f[15]=b[3]; /* increment counter */
- for (i=0;i<16;i++) B[i]=a.f[i];
- a.ecb_encrypt(B); /* encrypt it */
- for (i=0;i<16 && j<len;i++)
- {
- byte oc=cipher[j];
- plain[j]=(byte)(cipher[j]^B[i]);
- stateX[i]^=oc; j++;
- lenC[1]++; if (lenC[1]==0) lenC[0]++;
- }
- gf2mul();
- }
- if (len%16!=0) status=GCM_NOT_ACCEPTING_MORE;
- return plain;
- }
-
-/* Finish and extract Tag */
- public byte[] finish(boolean extract)
- { /* Finish off GHASH and extract tag (MAC) */
- int i;
- byte[] tag=new byte[16];
-
- wrap();
-/* extract tag */
- if (extract)
- {
- a.ecb_encrypt(Y_0); /* E(K,Y0) */
- for (i=0;i<16;i++) Y_0[i]^=stateX[i];
- for (i=0;i<16;i++) {tag[i]=Y_0[i];Y_0[i]=stateX[i]=0;}
- }
- status=GCM_FINISHED;
- a.end();
- return tag;
- }
-
- public static byte[] hex2bytes(String s) {
- int len = s.length();
- byte[] data = new byte[len / 2];
- for (int i = 0; i < len; i += 2) {
- data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4)
- + Character.digit(s.charAt(i+1), 16));
- }
- return data;
- }
-/*
- public static void main(String[] args) {
- int i;
-
- String KT="feffe9928665731c6d6a8f9467308308";
- String MT="d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39";
- String HT="feedfacedeadbeeffeedfacedeadbeefabaddad2";
-// char* NT="cafebabefacedbaddecaf888";
-// Tag should be 5bc94fbc3221a5db94fae95ae7121a47
- String NT="9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b";
-// Tag should be 619cc5aefffe0bfa462af43c1699d050
-
-
- byte[] T=new byte[16]; // Tag
- byte[] K=new byte[16]; // AES Key
- byte[] H=new byte[64]; // Header - to be included in Authentication, but not encrypted
- byte[] N=new byte[100]; // IV - Initialisation vector
- byte[] M=new byte[100]; // Plaintext to be encrypted/authenticated
- byte[] C=new byte[100]; // Ciphertext
- byte[] P=new byte[100]; // Recovered Plaintext
-
- GCM g=new GCM();
-
- M=hex2bytes(MT);
- H=hex2bytes(HT);
- N=hex2bytes(NT);
- K=hex2bytes(KT);
-
- int len=M.length;
- int lenH=H.length;
- int lenK=K.length;
- int lenIV=N.length;
-
- System.out.format("Plaintext=\n");
- for (i=0;i<len;i++) System.out.format("%02x",M[i]);
- System.out.format("\n");
-
- g.init(16,K,lenIV,N);
- g.add_header(H,lenH);
- C=g.add_plain(M,len);
- T=g.finish(true);
-
- System.out.format("Ciphertext=\n");
- for (i=0;i<len;i++) System.out.format("%02x",C[i]);
- System.out.format("\n");
-
- System.out.format("Tag=\n");
- for (i=0;i<16;i++) System.out.format("%02x",T[i]);
- System.out.format("\n");
-
- g.init(16,K,lenIV,N);
- g.add_header(H,lenH);
- P=g.add_cipher(C,len);
- T=g.finish(true);
-
- System.out.format("Plaintext=\n");
- for (i=0;i<len;i++) System.out.format("%02x",P[i]);
- System.out.format("\n");
-
- System.out.format("Tag=\n");
- for (i=0;i<16;i++) System.out.format("%02x",T[i]);
- System.out.format("\n");
- }
-*/
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/java/HASH256.java
----------------------------------------------------------------------
diff --git a/version22/java/HASH256.java b/version22/java/HASH256.java
deleted file mode 100644
index c1ddbd0..0000000
--- a/version22/java/HASH256.java
+++ /dev/null
@@ -1,216 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/*
- * Implementation of the Secure Hashing Algorithm (SHA-256)
- *
- * Generates a 256 bit message digest. It should be impossible to come
- * come up with two messages that hash to the same value ("collision free").
- *
- * For use with byte-oriented messages only.
- */
-
-public class HASH256 {
- private int[] length=new int[2];
- private int[] h=new int[8];
- private int[] w=new int[80];
-
- public static final int H0=0x6A09E667;
- public static final int H1=0xBB67AE85;
- public static final int H2=0x3C6EF372;
- public static final int H3=0xA54FF53A;
- public static final int H4=0x510E527F;
- public static final int H5=0x9B05688C;
- public static final int H6=0x1F83D9AB;
- public static final int H7=0x5BE0CD19;
-
- public static final int len=32;
-
- public static final int[] K={
- 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5,0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5,
- 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3,0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174,
- 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc,0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da,
- 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7,0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967,
- 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13,0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85,
- 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3,0xd192e819,0xd6990624,0xf40e3585,0x106aa070,
- 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5,0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3,
- 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208,0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2};
-
-
-/* functions */
- private static int S(int n,int x)
- {
- return (((x)>>>n) | ((x)<<(32-n)));
- }
-
- private static int R(int n,int x)
- {
- return ((x)>>>n);
- }
-
- private static int Ch(int x,int y,int z)
- {
- return ((x&y)^(~(x)&z));
- }
-
- private static int Maj(int x,int y,int z)
- {
- return ((x&y)^(x&z)^(y&z));
- }
-
- private static int Sig0(int x)
- {
- return (S(2,x)^S(13,x)^S(22,x));
- }
-
- private static int Sig1(int x)
- {
- return (S(6,x)^S(11,x)^S(25,x));
- }
-
- private static int theta0(int x)
- {
- return (S(7,x)^S(18,x)^R(3,x));
- }
-
- private static int theta1(int x)
- {
- return (S(17,x)^S(19,x)^R(10,x));
- }
-
-
- private void transform()
- { /* basic transformation step */
- int a,b,c,d,e,f,g,hh,t1,t2;
- int j;
- for (j=16;j<64;j++)
- w[j]=theta1(w[j-2])+w[j-7]+theta0(w[j-15])+w[j-16];
- a=h[0]; b=h[1]; c=h[2]; d=h[3];
- e=h[4]; f=h[5]; g=h[6]; hh=h[7];
-
- for (j=0;j<64;j++)
- { /* 64 times - mush it up */
- t1=hh+Sig1(e)+Ch(e,f,g)+K[j]+w[j];
- t2=Sig0(a)+Maj(a,b,c);
- hh=g; g=f; f=e;
- e=d+t1;
- d=c;
- c=b;
- b=a;
- a=t1+t2;
-
- }
- h[0]+=a; h[1]+=b; h[2]+=c; h[3]+=d;
- h[4]+=e; h[5]+=f; h[6]+=g; h[7]+=hh;
- }
-
-/* Initialise Hash function */
- public void init()
- { /* initialise */
- int i;
- for (i=0;i<64;i++) w[i]=0;
- length[0]=length[1]=0;
- h[0]=H0;
- h[1]=H1;
- h[2]=H2;
- h[3]=H3;
- h[4]=H4;
- h[5]=H5;
- h[6]=H6;
- h[7]=H7;
- }
-
-/* Constructor */
- public HASH256()
- {
- init();
- }
-
-/* process a single byte */
- public void process(int byt)
- { /* process the next message byte */
- int cnt;
- cnt=(length[0]/32)%16;
-
- w[cnt]<<=8;
- w[cnt]|=(byt&0xFF);
- length[0]+=8;
- if (length[0]==0) { length[1]++; length[0]=0; }
- if ((length[0]%512)==0) transform();
- }
-
-/* process an array of bytes */
- public void process_array(byte[] b)
- {
- for (int i=0;i<b.length;i++) process((int)b[i]);
- }
-
-/* process a 32-bit integer */
- public void process_num(int n)
- {
- process((n>>24)&0xff);
- process((n>>16)&0xff);
- process((n>>8)&0xff);
- process(n&0xff);
- }
-
-/* Generate 32-byte Hash */
- public byte[] hash()
- { /* pad message and finish - supply digest */
- int i;
- byte[] digest=new byte[32];
- int len0,len1;
- len0=length[0];
- len1=length[1];
- process(0x80);
- while ((length[0]%512)!=448) process(0);
- w[14]=len1;
- w[15]=len0;
- transform();
- for (i=0;i<len;i++)
- { /* convert to bytes */
- digest[i]=(byte)((h[i/4]>>(8*(3-i%4))) & 0xff);
- }
- init();
- return digest;
- }
-
-/* test program: should produce digest */
-
-//248d6a61 d20638b8 e5c02693 0c3e6039 a33ce459 64ff2167 f6ecedd4 19db06c1
-
- public static void main(String[] args) {
- byte[] test="abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq".getBytes();
- byte[] digest;
- int i;
- HASH256 sh=new HASH256();
-
- for (i=0;i<test.length;i++)
- sh.process(test[i]);
-
- digest=sh.hash();
- for (i=0;i<32;i++) System.out.format("%02x",digest[i]);
-
- // for (i=0;i<32;i++) System.out.format("%d ",digest[i]);
-
- System.out.println("");
- }
-}
-
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/java/HASH384.java
----------------------------------------------------------------------
diff --git a/version22/java/HASH384.java b/version22/java/HASH384.java
deleted file mode 100644
index 5422792..0000000
--- a/version22/java/HASH384.java
+++ /dev/null
@@ -1,227 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/*
- * Implementation of the Secure Hashing Algorithm (SHA-512)
- *
- * Generates a 512 bit message digest. It should be impossible to come
- * come up with two messages that hash to the same value ("collision free").
- *
- * For use with byte-oriented messages only.
- */
-
-public class HASH384 {
- private long[] length=new long[2];
- private long[] h=new long[8];
- private long[] w=new long[80];
-
- public static final long H0=0xcbbb9d5dc1059ed8L;
- public static final long H1=0x629a292a367cd507L;
- public static final long H2=0x9159015a3070dd17L;
- public static final long H3=0x152fecd8f70e5939L;
- public static final long H4=0x67332667ffc00b31L;
- public static final long H5=0x8eb44a8768581511L;
- public static final long H6=0xdb0c2e0d64f98fa7L;
- public static final long H7=0x47b5481dbefa4fa4L;
-
- public static final int len=48;
-
- public static final long[] K=
- {0x428a2f98d728ae22L,0x7137449123ef65cdL,0xb5c0fbcfec4d3b2fL,0xe9b5dba58189dbbcL,
- 0x3956c25bf348b538L,0x59f111f1b605d019L,0x923f82a4af194f9bL,0xab1c5ed5da6d8118L,
- 0xd807aa98a3030242L,0x12835b0145706fbeL,0x243185be4ee4b28cL,0x550c7dc3d5ffb4e2L,
- 0x72be5d74f27b896fL,0x80deb1fe3b1696b1L,0x9bdc06a725c71235L,0xc19bf174cf692694L,
- 0xe49b69c19ef14ad2L,0xefbe4786384f25e3L,0x0fc19dc68b8cd5b5L,0x240ca1cc77ac9c65L,
- 0x2de92c6f592b0275L,0x4a7484aa6ea6e483L,0x5cb0a9dcbd41fbd4L,0x76f988da831153b5L,
- 0x983e5152ee66dfabL,0xa831c66d2db43210L,0xb00327c898fb213fL,0xbf597fc7beef0ee4L,
- 0xc6e00bf33da88fc2L,0xd5a79147930aa725L,0x06ca6351e003826fL,0x142929670a0e6e70L,
- 0x27b70a8546d22ffcL,0x2e1b21385c26c926L,0x4d2c6dfc5ac42aedL,0x53380d139d95b3dfL,
- 0x650a73548baf63deL,0x766a0abb3c77b2a8L,0x81c2c92e47edaee6L,0x92722c851482353bL,
- 0xa2bfe8a14cf10364L,0xa81a664bbc423001L,0xc24b8b70d0f89791L,0xc76c51a30654be30L,
- 0xd192e819d6ef5218L,0xd69906245565a910L,0xf40e35855771202aL,0x106aa07032bbd1b8L,
- 0x19a4c116b8d2d0c8L,0x1e376c085141ab53L,0x2748774cdf8eeb99L,0x34b0bcb5e19b48a8L,
- 0x391c0cb3c5c95a63L,0x4ed8aa4ae3418acbL,0x5b9cca4f7763e373L,0x682e6ff3d6b2b8a3L,
- 0x748f82ee5defb2fcL,0x78a5636f43172f60L,0x84c87814a1f0ab72L,0x8cc702081a6439ecL,
- 0x90befffa23631e28L,0xa4506cebde82bde9L,0xbef9a3f7b2c67915L,0xc67178f2e372532bL,
- 0xca273eceea26619cL,0xd186b8c721c0c207L,0xeada7dd6cde0eb1eL,0xf57d4f7fee6ed178L,
- 0x06f067aa72176fbaL,0x0a637dc5a2c898a6L,0x113f9804bef90daeL,0x1b710b35131c471bL,
- 0x28db77f523047d84L,0x32caab7b40c72493L,0x3c9ebe0a15c9bebcL,0x431d67c49c100d4cL,
- 0x4cc5d4becb3e42b6L,0x597f299cfc657e2aL,0x5fcb6fab3ad6faecL,0x6c44198c4a475817L};
-
-/* functions */
- private static long S(int n,long x)
- {
- return (((x)>>>n) | ((x)<<(64-n)));
- }
-
- private static long R(int n,long x)
- {
- return ((x)>>>n);
- }
-
- private static long Ch(long x,long y,long z)
- {
- return ((x&y)^(~(x)&z));
- }
-
- private static long Maj(long x,long y,long z)
- {
- return ((x&y)^(x&z)^(y&z));
- }
-
- private static long Sig0(long x)
- {
- return (S(28,x)^S(34,x)^S(39,x));
- }
-
- private static long Sig1(long x)
- {
- return (S(14,x)^S(18,x)^S(41,x));
- }
-
- private static long theta0(long x)
- {
- return (S(1,x)^S(8,x)^R(7,x));
- }
-
- private static long theta1(long x)
- {
- return (S(19,x)^S(61,x)^R(6,x));
- }
-
- private void transform()
- { /* basic transformation step */
- long a,b,c,d,e,f,g,hh,t1,t2;
- int j;
- for (j=16;j<80;j++)
- w[j]=theta1(w[j-2])+w[j-7]+theta0(w[j-15])+w[j-16];
- a=h[0]; b=h[1]; c=h[2]; d=h[3];
- e=h[4]; f=h[5]; g=h[6]; hh=h[7];
-
- for (j=0;j<80;j++)
- { /* 80 times - mush it up */
- t1=hh+Sig1(e)+Ch(e,f,g)+K[j]+w[j];
- t2=Sig0(a)+Maj(a,b,c);
- hh=g; g=f; f=e;
- e=d+t1;
- d=c;
- c=b;
- b=a;
- a=t1+t2;
-
- }
- h[0]+=a; h[1]+=b; h[2]+=c; h[3]+=d;
- h[4]+=e; h[5]+=f; h[6]+=g; h[7]+=hh;
- }
-
-/* Initialise Hash function */
- public void init()
- { /* initialise */
- int i;
- for (i=0;i<80;i++) w[i]=0L;
- length[0]=length[1]=0L;
- h[0]=H0;
- h[1]=H1;
- h[2]=H2;
- h[3]=H3;
- h[4]=H4;
- h[5]=H5;
- h[6]=H6;
- h[7]=H7;
- }
-
-/* Constructor */
- public HASH384()
- {
- init();
- }
-
-/* process a single byte */
- public void process(int byt)
- { /* process the next message byte */
- int cnt;
- cnt=(int)(length[0]/64)%16;
-
- w[cnt]<<=8;
- w[cnt]|=(byt&0xFF);
- length[0]+=8;
- if (length[0]==0L) { length[1]++; length[0]=0L; }
- if ((length[0]%1024)==0) transform();
- }
-
-/* process an array of bytes */
- public void process_array(byte[] b)
- {
- for (int i=0;i<b.length;i++) process((int)b[i]);
- }
-
-/* process a 32-bit integer */
- public void process_num(int n)
- {
- process((n>>24)&0xff);
- process((n>>16)&0xff);
- process((n>>8)&0xff);
- process(n&0xff);
- }
-
-/* Generate 48-byte Hash */
- public byte[] hash()
- { /* pad message and finish - supply digest */
- int i;
- byte[] digest=new byte[48];
- long len0,len1;
- len0=length[0];
- len1=length[1];
- process(0x80);
- while ((length[0]%1024)!=896) process(0);
- w[14]=len1;
- w[15]=len0;
- transform();
- for (i=0;i<len;i++)
- { /* convert to bytes */
- digest[i]=(byte)((h[i/8]>>(8*(7-i%8))) & 0xffL);
- }
- init();
- return digest;
- }
-
-/* test program: should produce digest */
-
-//09330c33f71147e8 3d192fc782cd1b47 53111b173b3b05d2 2fa08086e3b0f712 fcc7c71a557e2db9 66c3e9fa91746039
-
- public static void main(String[] args) {
-
- byte[] test="abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu".getBytes();
- byte[] digest;
- int i;
- HASH384 sh=new HASH384();
-
- for (i=0;i<test.length;i++)
- sh.process(test[i]);
-
- digest=sh.hash();
- for (i=0;i<48;i++) System.out.format("%02x",digest[i]);
-
- // for (i=0;i<32;i++) System.out.format("%d ",digest[i]);
-
- System.out.println("");
-
- }
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/java/HASH512.java
----------------------------------------------------------------------
diff --git a/version22/java/HASH512.java b/version22/java/HASH512.java
deleted file mode 100644
index 75379e3..0000000
--- a/version22/java/HASH512.java
+++ /dev/null
@@ -1,229 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/*
- * Implementation of the Secure Hashing Algorithm (SHA-512)
- *
- * Generates a 512 bit message digest. It should be impossible to come
- * come up with two messages that hash to the same value ("collision free").
- *
- * For use with byte-oriented messages only.
- */
-
-
-public class HASH512 {
- private long[] length=new long[2];
- private long[] h=new long[8];
- private long[] w=new long[80];
-
- public static final long H0=0x6a09e667f3bcc908L;
- public static final long H1=0xbb67ae8584caa73bL;
- public static final long H2=0x3c6ef372fe94f82bL;
- public static final long H3=0xa54ff53a5f1d36f1L;
- public static final long H4=0x510e527fade682d1L;
- public static final long H5=0x9b05688c2b3e6c1fL;
- public static final long H6=0x1f83d9abfb41bd6bL;
- public static final long H7=0x5be0cd19137e2179L;
-
- public static final int len=64;
-
- public static final long[] K=
- {0x428a2f98d728ae22L,0x7137449123ef65cdL,0xb5c0fbcfec4d3b2fL,0xe9b5dba58189dbbcL,
- 0x3956c25bf348b538L,0x59f111f1b605d019L,0x923f82a4af194f9bL,0xab1c5ed5da6d8118L,
- 0xd807aa98a3030242L,0x12835b0145706fbeL,0x243185be4ee4b28cL,0x550c7dc3d5ffb4e2L,
- 0x72be5d74f27b896fL,0x80deb1fe3b1696b1L,0x9bdc06a725c71235L,0xc19bf174cf692694L,
- 0xe49b69c19ef14ad2L,0xefbe4786384f25e3L,0x0fc19dc68b8cd5b5L,0x240ca1cc77ac9c65L,
- 0x2de92c6f592b0275L,0x4a7484aa6ea6e483L,0x5cb0a9dcbd41fbd4L,0x76f988da831153b5L,
- 0x983e5152ee66dfabL,0xa831c66d2db43210L,0xb00327c898fb213fL,0xbf597fc7beef0ee4L,
- 0xc6e00bf33da88fc2L,0xd5a79147930aa725L,0x06ca6351e003826fL,0x142929670a0e6e70L,
- 0x27b70a8546d22ffcL,0x2e1b21385c26c926L,0x4d2c6dfc5ac42aedL,0x53380d139d95b3dfL,
- 0x650a73548baf63deL,0x766a0abb3c77b2a8L,0x81c2c92e47edaee6L,0x92722c851482353bL,
- 0xa2bfe8a14cf10364L,0xa81a664bbc423001L,0xc24b8b70d0f89791L,0xc76c51a30654be30L,
- 0xd192e819d6ef5218L,0xd69906245565a910L,0xf40e35855771202aL,0x106aa07032bbd1b8L,
- 0x19a4c116b8d2d0c8L,0x1e376c085141ab53L,0x2748774cdf8eeb99L,0x34b0bcb5e19b48a8L,
- 0x391c0cb3c5c95a63L,0x4ed8aa4ae3418acbL,0x5b9cca4f7763e373L,0x682e6ff3d6b2b8a3L,
- 0x748f82ee5defb2fcL,0x78a5636f43172f60L,0x84c87814a1f0ab72L,0x8cc702081a6439ecL,
- 0x90befffa23631e28L,0xa4506cebde82bde9L,0xbef9a3f7b2c67915L,0xc67178f2e372532bL,
- 0xca273eceea26619cL,0xd186b8c721c0c207L,0xeada7dd6cde0eb1eL,0xf57d4f7fee6ed178L,
- 0x06f067aa72176fbaL,0x0a637dc5a2c898a6L,0x113f9804bef90daeL,0x1b710b35131c471bL,
- 0x28db77f523047d84L,0x32caab7b40c72493L,0x3c9ebe0a15c9bebcL,0x431d67c49c100d4cL,
- 0x4cc5d4becb3e42b6L,0x597f299cfc657e2aL,0x5fcb6fab3ad6faecL,0x6c44198c4a475817L};
-
-/* functions */
- private static long S(int n,long x)
- {
- return (((x)>>>n) | ((x)<<(64-n)));
- }
-
- private static long R(int n,long x)
- {
- return ((x)>>>n);
- }
-
- private static long Ch(long x,long y,long z)
- {
- return ((x&y)^(~(x)&z));
- }
-
- private static long Maj(long x,long y,long z)
- {
- return ((x&y)^(x&z)^(y&z));
- }
-
- private static long Sig0(long x)
- {
- return (S(28,x)^S(34,x)^S(39,x));
- }
-
- private static long Sig1(long x)
- {
- return (S(14,x)^S(18,x)^S(41,x));
- }
-
- private static long theta0(long x)
- {
- return (S(1,x)^S(8,x)^R(7,x));
- }
-
- private static long theta1(long x)
- {
- return (S(19,x)^S(61,x)^R(6,x));
- }
-
-
- private void transform()
- { /* basic transformation step */
- long a,b,c,d,e,f,g,hh,t1,t2;
- int j;
- for (j=16;j<80;j++)
- w[j]=theta1(w[j-2])+w[j-7]+theta0(w[j-15])+w[j-16];
- a=h[0]; b=h[1]; c=h[2]; d=h[3];
- e=h[4]; f=h[5]; g=h[6]; hh=h[7];
-
- for (j=0;j<80;j++)
- { /* 80 times - mush it up */
- t1=hh+Sig1(e)+Ch(e,f,g)+K[j]+w[j];
- t2=Sig0(a)+Maj(a,b,c);
- hh=g; g=f; f=e;
- e=d+t1;
- d=c;
- c=b;
- b=a;
- a=t1+t2;
-
- }
- h[0]+=a; h[1]+=b; h[2]+=c; h[3]+=d;
- h[4]+=e; h[5]+=f; h[6]+=g; h[7]+=hh;
- }
-
-/* Initialise Hash function */
- public void init()
- { /* initialise */
- int i;
- for (i=0;i<80;i++) w[i]=0L;
- length[0]=length[1]=0L;
- h[0]=H0;
- h[1]=H1;
- h[2]=H2;
- h[3]=H3;
- h[4]=H4;
- h[5]=H5;
- h[6]=H6;
- h[7]=H7;
- }
-
-/* Constructor */
- public HASH512()
- {
- init();
- }
-
-/* process a single byte */
- public void process(int byt)
- { /* process the next message byte */
- int cnt;
- cnt=(int)(length[0]/64)%16;
-
- w[cnt]<<=8;
- w[cnt]|=(byt&0xFF);
- length[0]+=8;
- if (length[0]==0L) { length[1]++; length[0]=0L; }
- if ((length[0]%1024)==0) transform();
- }
-
-/* process an array of bytes */
- public void process_array(byte[] b)
- {
- for (int i=0;i<b.length;i++) process((int)b[i]);
- }
-
-/* process a 32-bit integer */
- public void process_num(int n)
- {
- process((n>>24)&0xff);
- process((n>>16)&0xff);
- process((n>>8)&0xff);
- process(n&0xff);
- }
-
-/* Generate 64-byte Hash */
- public byte[] hash()
- { /* pad message and finish - supply digest */
- int i;
- byte[] digest=new byte[64];
- long len0,len1;
- len0=length[0];
- len1=length[1];
- process(0x80);
- while ((length[0]%1024)!=896) process(0);
- w[14]=len1;
- w[15]=len0;
- transform();
- for (i=0;i<len;i++)
- { /* convert to bytes */
- digest[i]=(byte)((h[i/8]>>(8*(7-i%8))) & 0xffL);
- }
- init();
- return digest;
- }
-
-/* test program: should produce digest */
-
-//8e959b75dae313da 8cf4f72814fc143f 8f7779c6eb9f7fa1 7299aeadb6889018 501d289e4900f7e4 331b99dec4b5433a c7d329eeb6dd2654 5e96e55b874be909
-
- public static void main(String[] args) {
-
- byte[] test="abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu".getBytes();
- byte[] digest;
- int i;
- HASH512 sh=new HASH512();
-
- for (i=0;i<test.length;i++)
- sh.process(test[i]);
-
- digest=sh.hash();
- for (i=0;i<64;i++) System.out.format("%02x",digest[i]);
-
- // for (i=0;i<32;i++) System.out.format("%d ",digest[i]);
-
- System.out.println("");
-
- }
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/java/MPIN.java
----------------------------------------------------------------------
diff --git a/version22/java/MPIN.java b/version22/java/MPIN.java
deleted file mode 100644
index a2bd094..0000000
--- a/version22/java/MPIN.java
+++ /dev/null
@@ -1,853 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* MPIN API Functions */
-
-import java.util.Date;
-
-public class MPIN
-{
- public static final int EFS=ROM.MODBYTES;
- public static final int EGS=ROM.MODBYTES;
- public static final int PAS=16;
- public static final int INVALID_POINT=-14;
- public static final int BAD_PARAMS=-11;
- public static final int WRONG_ORDER=-18;
- public static final int BAD_PIN=-19;
- public static final int SHA256=32;
- public static final int SHA384=48;
- public static final int SHA512=64;
-
-/* Configure your PIN here */
-
- public static final int MAXPIN=10000; /* PIN less than this */
- public static final int PBLEN=14; /* Number of bits in PIN */
- public static final int TS=10; /* 10 for 4 digit PIN, 14 for 6-digit PIN - 2^TS/TS approx = sqrt(MAXPIN) */
- public static final int TRAP=200; /* 200 for 4 digit PIN, 2000 for 6-digit PIN - approx 2*sqrt(MAXPIN) */
-
- public static final int HASH_TYPE=SHA256;
-
- public static byte[] mpin_hash(int sha,FP4 c,ECP U)
- {
- byte[] w=new byte[EFS];
- byte[] t=new byte[6*EFS];
- byte[] h=null;
- c.geta().getA().toBytes(w); for (int i=0;i<EFS;i++) t[i]=w[i];
- c.geta().getB().toBytes(w); for (int i=EFS;i<2*EFS;i++) t[i]=w[i-EFS];
- c.getb().getA().toBytes(w); for (int i=2*EFS;i<3*EFS;i++) t[i]=w[i-2*EFS];
- c.getb().getB().toBytes(w); for (int i=3*EFS;i<4*EFS;i++) t[i]=w[i-3*EFS];
-
- U.getX().toBytes(w); for (int i=4*EFS;i<5*EFS;i++) t[i]=w[i-4*EFS];
- U.getY().toBytes(w); for (int i=5*EFS;i<6*EFS;i++) t[i]=w[i-5*EFS];
-
- if (sha==SHA256)
- {
- HASH256 H=new HASH256();
- H.process_array(t);
- h=H.hash();
- }
- if (sha==SHA384)
- {
- HASH384 H=new HASH384();
- H.process_array(t);
- h=H.hash();
- }
- if (sha==SHA512)
- {
- HASH512 H=new HASH512();
- H.process_array(t);
- h=H.hash();
- }
- if (h==null) return null;
- byte[] R=new byte[PAS];
- for (int i=0;i<PAS;i++) R[i]=h[i];
- return R;
- }
-
-/* Hash number (optional) and string to array size of Bigs */
-
- public static byte[] hashit(int sha,int n,byte[] B)
- {
- byte[] R=null;
-
- if (sha==SHA256)
- {
- HASH256 H=new HASH256();
- if (n>0) H.process_num(n);
- H.process_array(B);
- R=H.hash();
- }
- if (sha==SHA384)
- {
- HASH384 H=new HASH384();
- if (n>0) H.process_num(n);
- H.process_array(B);
- R=H.hash();
- }
- if (sha==SHA512)
- {
- HASH512 H=new HASH512();
- if (n>0) H.process_num(n);
- H.process_array(B);
- R=H.hash();
- }
- if (R==null) return null;
- byte[] W=new byte[ROM.MODBYTES];
-
- if (sha>=ROM.MODBYTES)
- for (int i=0;i<ROM.MODBYTES;i++) W[i]=R[i];
- else
- {
- for (int i=0;i<sha;i++) W[i]=R[i];
- for (int i=sha;i<ROM.MODBYTES;i++) W[i]=0;
- }
- return W;
- }
-
- public static ECP mapit(byte[] h)
- {
- BIG q=new BIG(ROM.Modulus);
- BIG x=BIG.fromBytes(h);
- x.mod(q);
- ECP P;
- while (true)
- {
- P=new ECP(x,0);
- if (!P.is_infinity()) break;
- x.inc(1); x.norm();
- }
-
- if (ROM.CURVE_PAIRING_TYPE!=ROM.BN_CURVE)
- {
- BIG c=new BIG(ROM.CURVE_Cof);
- P=P.mul(c);
- }
- return P;
- }
-
-/* needed for SOK */
- public static ECP2 mapit2(byte[] h)
- {
- BIG q=new BIG(ROM.Modulus);
- BIG x=BIG.fromBytes(h);
- BIG one=new BIG(1);
- FP2 X;
- ECP2 Q,T,K;
- x.mod(q);
- while (true)
- {
- X=new FP2(one,x);
- Q=new ECP2(X);
- if (!Q.is_infinity()) break;
- x.inc(1); x.norm();
- }
-/* Fast Hashing to G2 - Fuentes-Castaneda, Knapp and Rodriguez-Henriquez */
- BIG Fra=new BIG(ROM.CURVE_Fra);
- BIG Frb=new BIG(ROM.CURVE_Frb);
- X=new FP2(Fra,Frb);
- x=new BIG(ROM.CURVE_Bnx);
-
- T=new ECP2(); T.copy(Q);
- T.mul(x); T.neg();
- K=new ECP2(); K.copy(T);
- K.dbl(); K.add(T); K.affine();
-
- K.frob(X);
- Q.frob(X); Q.frob(X); Q.frob(X);
- Q.add(T); Q.add(K);
- T.frob(X); T.frob(X);
- Q.add(T);
- Q.affine();
- return Q;
- }
-
-/* return time in slots since epoch */
- public static int today() {
- Date date=new Date();
- return (int) (date.getTime()/(1000*60*1440));
- }
-
-/* these next two functions help to implement elligator squared - http://eprint.iacr.org/2014/043 */
-/* maps a random u to a point on the curve */
- public static ECP map(BIG u,int cb)
- {
- ECP P;
- BIG x=new BIG(u);
- BIG p=new BIG(ROM.Modulus);
- x.mod(p);
- while (true)
- {
- P=new ECP(x,cb);
- if (!P.is_infinity()) break;
- x.inc(1); x.norm();
- }
- return P;
- }
-
-/* returns u derived from P. Random value in range 1 to return value should then be added to u */
- public static int unmap(BIG u,ECP P)
- {
- int s=P.getS();
- ECP R;
- int r=0;
- BIG x=P.getX();
- u.copy(x);
- while (true)
- {
- u.dec(1); u.norm();
- r++;
- R=new ECP(u,s);
- if (!R.is_infinity()) break;
- }
- return r;
- }
-
- public static byte[] HASH_ID(int sha,byte[] ID)
- {
- return hashit(sha,0,ID);
- }
-
-
-/* these next two functions implement elligator squared - http://eprint.iacr.org/2014/043 */
-/* Elliptic curve point E in format (0x04,x,y} is converted to form {0x0-,u,v} */
-/* Note that u and v are indistinguisible from random strings */
- public static int ENCODING(RAND rng,byte[] E)
- {
- int rn,m,su,sv;
- byte[] T=new byte[EFS];
-
- for (int i=0;i<EFS;i++) T[i]=E[i+1];
- BIG u=BIG.fromBytes(T);
- for (int i=0;i<EFS;i++) T[i]=E[i+EFS+1];
- BIG v=BIG.fromBytes(T);
-
- ECP P=new ECP(u,v);
- if (P.is_infinity()) return INVALID_POINT;
-
- BIG p=new BIG(ROM.Modulus);
- u=BIG.randomnum(p,rng);
-
- su=rng.getByte(); /*if (su<0) su=-su;*/ su%=2;
-
- ECP W=map(u,su);
- P.sub(W);
- sv=P.getS();
- rn=unmap(v,P);
- m=rng.getByte(); /*if (m<0) m=-m;*/ m%=rn;
- v.inc(m+1);
- E[0]=(byte)(su+2*sv);
- u.toBytes(T);
- for (int i=0;i<EFS;i++) E[i+1]=T[i];
- v.toBytes(T);
- for (int i=0;i<EFS;i++) E[i+EFS+1]=T[i];
-
- return 0;
- }
-
- public static int DECODING(byte[] D)
- {
- int su,sv;
- byte[] T=new byte[EFS];
-
- if ((D[0]&0x04)!=0) return INVALID_POINT;
-
- for (int i=0;i<EFS;i++) T[i]=D[i+1];
- BIG u=BIG.fromBytes(T);
- for (int i=0;i<EFS;i++) T[i]=D[i+EFS+1];
- BIG v=BIG.fromBytes(T);
-
- su=D[0]&1;
- sv=(D[0]>>1)&1;
- ECP W=map(u,su);
- ECP P=map(v,sv);
- P.add(W);
- u=P.getX();
- v=P.getY();
- D[0]=0x04;
- u.toBytes(T);
- for (int i=0;i<EFS;i++) D[i+1]=T[i];
- v.toBytes(T);
- for (int i=0;i<EFS;i++) D[i+EFS+1]=T[i];
-
- return 0;
- }
-
-/* R=R1+R2 in group G1 */
- public static int RECOMBINE_G1(byte[] R1,byte[] R2,byte[] R)
- {
- ECP P=ECP.fromBytes(R1);
- ECP Q=ECP.fromBytes(R2);
-
- if (P.is_infinity() || Q.is_infinity()) return INVALID_POINT;
-
- P.add(Q);
-
- P.toBytes(R);
- return 0;
- }
-
-/* W=W1+W2 in group G2 */
- public static int RECOMBINE_G2(byte[] W1,byte[] W2,byte[] W)
- {
- ECP2 P=ECP2.fromBytes(W1);
- ECP2 Q=ECP2.fromBytes(W2);
-
- if (P.is_infinity() || Q.is_infinity()) return INVALID_POINT;
-
- P.add(Q);
-
- P.toBytes(W);
- return 0;
- }
-
-/* create random secret S */
- public static int RANDOM_GENERATE(RAND rng,byte[] S)
- {
- BIG s;
- BIG r=new BIG(ROM.CURVE_Order);
- s=BIG.randomnum(r,rng);
- if (ROM.AES_S>0)
- {
- s.mod2m(2*ROM.AES_S);
- }
- s.toBytes(S);
- return 0;
- }
-
-/* Extract PIN from TOKEN for identity CID */
- public static int EXTRACT_PIN(int sha,byte[] CID,int pin,byte[] TOKEN)
- {
- ECP P=ECP.fromBytes(TOKEN);
- if (P.is_infinity()) return INVALID_POINT;
- byte[] h=hashit(sha,0,CID);
- ECP R=mapit(h);
-
-
- pin%=MAXPIN;
-
- R=R.pinmul(pin,PBLEN);
- P.sub(R);
-
- P.toBytes(TOKEN);
-
- return 0;
- }
-
-/* Implement step 2 on client side of MPin protocol */
- public static int CLIENT_2(byte[] X,byte[] Y,byte[] SEC)
- {
- BIG r=new BIG(ROM.CURVE_Order);
- ECP P=ECP.fromBytes(SEC);
- if (P.is_infinity()) return INVALID_POINT;
-
- BIG px=BIG.fromBytes(X);
- BIG py=BIG.fromBytes(Y);
- px.add(py);
- px.mod(r);
- // px.rsub(r);
-
- P=PAIR.G1mul(P,px);
- P.neg();
- P.toBytes(SEC);
- return 0;
- }
-
-/* Implement step 1 on client side of MPin protocol */
- public static int CLIENT_1(int sha,int date,byte[] CLIENT_ID,RAND rng,byte[] X,int pin,byte[] TOKEN,byte[] SEC,byte[] xID,byte[] xCID,byte[] PERMIT)
- {
- BIG r=new BIG(ROM.CURVE_Order);
- BIG x;
- if (rng!=null)
- {
- x=BIG.randomnum(r,rng);
- if (ROM.AES_S>0)
- {
- x.mod2m(2*ROM.AES_S);
- }
- x.toBytes(X);
- }
- else
- {
- x=BIG.fromBytes(X);
- }
- ECP P,T,W;
- BIG px;
-// byte[] t=new byte[EFS];
-
- byte[] h=hashit(sha,0,CLIENT_ID);
- P=mapit(h);
-
- T=ECP.fromBytes(TOKEN);
- if (T.is_infinity()) return INVALID_POINT;
-
- pin%=MAXPIN;
- W=P.pinmul(pin,PBLEN);
- T.add(W);
- if (date!=0)
- {
- W=ECP.fromBytes(PERMIT);
- if (W.is_infinity()) return INVALID_POINT;
- T.add(W);
- h=hashit(sha,date,h);
- W=mapit(h);
- if (xID!=null)
- {
- P=PAIR.G1mul(P,x);
- P.toBytes(xID);
- W=PAIR.G1mul(W,x);
- P.add(W);
- }
- else
- {
- P.add(W);
- P=PAIR.G1mul(P,x);
- }
- if (xCID!=null) P.toBytes(xCID);
- }
- else
- {
- if (xID!=null)
- {
- P=PAIR.G1mul(P,x);
- P.toBytes(xID);
- }
- }
-
-
- T.toBytes(SEC);
- return 0;
- }
-
-/* Extract Server Secret SST=S*Q where Q is fixed generator in G2 and S is master secret */
- public static int GET_SERVER_SECRET(byte[] S,byte[] SST)
- {
- ECP2 Q=new ECP2(new FP2(new BIG(ROM.CURVE_Pxa),new BIG(ROM.CURVE_Pxb)),new FP2(new BIG(ROM.CURVE_Pya),new BIG(ROM.CURVE_Pyb)));
-
- BIG s=BIG.fromBytes(S);
- Q=PAIR.G2mul(Q,s);
- Q.toBytes(SST);
- return 0;
- }
-
-/*
- W=x*H(G);
- if RNG == NULL then X is passed in
- if RNG != NULL the X is passed out
- if type=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve
-*/
- public static int GET_G1_MULTIPLE(RAND rng, int type,byte[] X,byte[] G,byte[] W)
- {
- BIG x;
- BIG r=new BIG(ROM.CURVE_Order);
- if (rng!=null)
- {
- x=BIG.randomnum(r,rng);
- if (ROM.AES_S>0)
- {
- x.mod2m(2*ROM.AES_S);
- }
- x.toBytes(X);
- }
- else
- {
- x=BIG.fromBytes(X);
- }
- ECP P;
- if (type==0)
- {
- P=ECP.fromBytes(G);
- if (P.is_infinity()) return INVALID_POINT;
- }
- else
- P=mapit(G);
-
- PAIR.G1mul(P,x).toBytes(W);
- return 0;
- }
-
-/* Client secret CST=S*H(CID) where CID is client ID and S is master secret */
-/* CID is hashed externally */
- public static int GET_CLIENT_SECRET(byte[] S,byte[] CID,byte[] CST)
- {
- return GET_G1_MULTIPLE(null,1,S,CID,CST);
- }
-
-/* Time Permit CTT=S*(date|H(CID)) where S is master secret */
- public static int GET_CLIENT_PERMIT(int sha,int date,byte[] S,byte[] CID,byte[] CTT)
- {
- byte[] h=hashit(sha,date,CID);
- ECP P=mapit(h);
-
- BIG s=BIG.fromBytes(S);
- PAIR.G1mul(P,s).toBytes(CTT);
- return 0;
- }
-
-/* Outputs H(CID) and H(T|H(CID)) for time permits. If no time permits set HID=HTID */
- public static void SERVER_1(int sha,int date,byte[] CID,byte[] HID,byte[] HTID)
- {
- byte[] h=hashit(sha,0,CID);
- ECP R,P=mapit(h);
-
- P.toBytes(HID); // new
- if (date!=0)
- {
- // if (HID!=null) P.toBytes(HID);
- h=hashit(sha,date,h);
- R=mapit(h);
- P.add(R);
- P.toBytes(HTID);
- }
- // else P.toBytes(HID);
- }
-
-/* Implement step 2 of MPin protocol on server side */
- public static int SERVER_2(int date,byte[] HID,byte[] HTID,byte[] Y,byte[] SST,byte[] xID,byte[] xCID,byte[] mSEC,byte[] E,byte[] F)
- {
- BIG q=new BIG(ROM.Modulus);
- ECP2 Q=new ECP2(new FP2(new BIG(ROM.CURVE_Pxa),new BIG(ROM.CURVE_Pxb)),new FP2(new BIG(ROM.CURVE_Pya),new BIG(ROM.CURVE_Pyb)));
-
- ECP2 sQ=ECP2.fromBytes(SST);
- if (sQ.is_infinity()) return INVALID_POINT;
-
- ECP R;
- if (date!=0)
- R=ECP.fromBytes(xCID);
- else
- {
- if (xID==null) return BAD_PARAMS;
- R=ECP.fromBytes(xID);
- }
- if (R.is_infinity()) return INVALID_POINT;
-
- BIG y=BIG.fromBytes(Y);
- ECP P;
- if (date!=0) P=ECP.fromBytes(HTID);
- else
- {
- if (HID==null) return BAD_PARAMS;
- P=ECP.fromBytes(HID);
- }
-
- if (P.is_infinity()) return INVALID_POINT;
-
- P=PAIR.G1mul(P,y);
- P.add(R);
- R=ECP.fromBytes(mSEC);
- if (R.is_infinity()) return INVALID_POINT;
-
- FP12 g;
-
- g=PAIR.ate2(Q,R,sQ,P);
- g=PAIR.fexp(g);
-
- if (!g.isunity())
- {
- if (HID!=null && xID!=null && E!=null && F!=null)
- {
- g.toBytes(E);
- if (date!=0)
- {
- P=ECP.fromBytes(HID);
- if (P.is_infinity()) return INVALID_POINT;
- R=ECP.fromBytes(xID);
- if (R.is_infinity()) return INVALID_POINT;
-
- P=PAIR.G1mul(P,y);
- P.add(R);
- }
- g=PAIR.ate(Q,P);
- g=PAIR.fexp(g);
- g.toBytes(F);
- }
- return BAD_PIN;
- }
-
- return 0;
- }
-
-/* Pollards kangaroos used to return PIN error */
- public static int KANGAROO(byte[] E,byte[] F)
- {
- FP12 ge=FP12.fromBytes(E);
- FP12 gf=FP12.fromBytes(F);
- int[] distance = new int[TS];
- FP12 t=new FP12(gf);
- FP12[] table=new FP12[TS];
- int i,j,m,s,dn,dm,res,steps;
-
- s=1;
- for (m=0;m<TS;m++)
- {
- distance[m]=s;
- table[m]=new FP12(t);
- s*=2;
- t.usqr();
- }
- t.one();
- dn=0;
- for (j=0;j<TRAP;j++)
- {
- i=t.geta().geta().getA().lastbits(20)%TS;
- t.mul(table[i]);
- dn+=distance[i];
- }
- gf.copy(t); gf.conj();
- steps=0; dm=0;
- res=0;
- while (dm-dn<MAXPIN)
- {
- steps++;
- if (steps>4*TRAP) break;
- i=ge.geta().geta().getA().lastbits(20)%TS;
- ge.mul(table[i]);
- dm+=distance[i];
- if (ge.equals(t))
- {
- res=dm-dn;
- break;
- }
- if (ge.equals(gf))
- {
- res=dn-dm;
- break;
- }
-
- }
- if (steps>4*TRAP || dm-dn>=MAXPIN) {res=0; } // Trap Failed - probable invalid token
- return res;
- }
-
-/* Functions to support M-Pin Full */
-
- public static int PRECOMPUTE(byte[] TOKEN,byte[] CID,byte[] G1,byte[] G2)
- {
- ECP P,T;
- FP12 g;
-
- T=ECP.fromBytes(TOKEN);
- if (T.is_infinity()) return INVALID_POINT;
-
- P=mapit(CID);
-
- ECP2 Q=new ECP2(new FP2(new BIG(ROM.CURVE_Pxa),new BIG(ROM.CURVE_Pxb)),new FP2(new BIG(ROM.CURVE_Pya),new BIG(ROM.CURVE_Pyb)));
-
- g=PAIR.ate(Q,T);
- g=PAIR.fexp(g);
- g.toBytes(G1);
-
- g=PAIR.ate(Q,P);
- g=PAIR.fexp(g);
- g.toBytes(G2);
-
- return 0;
- }
-
-/* Hash the M-Pin transcript - new */
-
- public static byte[] HASH_ALL(int sha,byte[] HID,byte[] xID,byte[] xCID,byte[] SEC,byte[] Y,byte[] R,byte[] W)
- {
- int i,tlen=0;
- byte[] T = new byte[10*ROM.MODBYTES+4];
-
- for (i=0;i<HID.length;i++) T[i]=HID[i];
- tlen+=HID.length;
- if (xCID!=null)
- {
- for (i=0;i<xCID.length;i++) T[i+tlen]=xCID[i];
- tlen+=xCID.length;
- }
- else
- {
- for (i=0;i<xID.length;i++) T[i+tlen]=xID[i];
- tlen+=xID.length;
- }
- for (i=0;i<SEC.length;i++) T[i+tlen]=SEC[i];
- tlen+=SEC.length;
- for (i=0;i<Y.length;i++) T[i+tlen]=Y[i];
- tlen+=Y.length;
- for (i=0;i<R.length;i++) T[i+tlen]=R[i];
- tlen+=R.length;
- for (i=0;i<W.length;i++) T[i+tlen]=W[i];
- tlen+=W.length;
-
- return hashit(sha,0,T);
- }
-
-/* calculate common key on client side */
-/* wCID = w.(A+AT) */
- public static int CLIENT_KEY(int sha,byte[] G1,byte[] G2,int pin,byte[] R,byte[] X,byte[] H,byte[] wCID,byte[] CK)
- {
- byte[] t;
-
- FP12 g1=FP12.fromBytes(G1);
- FP12 g2=FP12.fromBytes(G2);
- BIG z=BIG.fromBytes(R);
- BIG x=BIG.fromBytes(X);
- BIG h=BIG.fromBytes(H);
-
- ECP W=ECP.fromBytes(wCID);
- if (W.is_infinity()) return INVALID_POINT;
-
- W=PAIR.G1mul(W,x);
-
- FP2 f=new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb));
- BIG r=new BIG(ROM.CURVE_Order);
- BIG q=new BIG(ROM.Modulus);
-
- z.add(h); //new
- z.mod(r);
-
- BIG m=new BIG(q);
- m.mod(r);
-
- BIG a=new BIG(z);
- a.mod(m);
-
- BIG b=new BIG(z);
- b.div(m);
-
- g2.pinpow(pin,PBLEN);
- g1.mul(g2);
-
- FP4 c=g1.trace();
- g2.copy(g1);
- g2.frob(f);
- FP4 cp=g2.trace();
- g1.conj();
- g2.mul(g1);
- FP4 cpm1=g2.trace();
- g2.mul(g1);
- FP4 cpm2=g2.trace();
-
- c=c.xtr_pow2(cp,cpm1,cpm2,a,b);
-
- t=mpin_hash(sha,c,W);
-
- for (int i=0;i<PAS;i++) CK[i]=t[i];
-
- return 0;
- }
-
-/* calculate common key on server side */
-/* Z=r.A - no time permits involved */
-
- public static int SERVER_KEY(int sha,byte[] Z,byte[] SST,byte[] W,byte[] H,byte[] HID,byte[] xID,byte[] xCID,byte[] SK)
- {
- byte[] t;
-
- ECP2 sQ=ECP2.fromBytes(SST);
- if (sQ.is_infinity()) return INVALID_POINT;
- ECP R=ECP.fromBytes(Z);
- if (R.is_infinity()) return INVALID_POINT;
- ECP A=ECP.fromBytes(HID);
- if (A.is_infinity()) return INVALID_POINT;
-
- ECP U;
- if (xCID!=null)
- U=ECP.fromBytes(xCID);
- else
- U=ECP.fromBytes(xID);
- if (U.is_infinity()) return INVALID_POINT;
-
- BIG w=BIG.fromBytes(W);
- BIG h=BIG.fromBytes(H);
- A=PAIR.G1mul(A,h); // new
- R.add(A);
-
- U=PAIR.G1mul(U,w);
- FP12 g=PAIR.ate(sQ,R);
- g=PAIR.fexp(g);
-
- FP4 c=g.trace();
-
- t=mpin_hash(sha,c,U);
-
- for (int i=0;i<PAS;i++) SK[i]=t[i];
-
- return 0;
- }
-
-/* return time since epoch */
- public static int GET_TIME() {
- Date date=new Date();
- return (int) (date.getTime()/1000);
- }
-
-/* Generate Y = H(epoch, xCID/xID) */
- public static void GET_Y(int sha,int TimeValue,byte[] xCID,byte[] Y)
- {
- byte[] h = hashit(sha,TimeValue,xCID);
- BIG y = BIG.fromBytes(h);
- BIG q=new BIG(ROM.CURVE_Order);
- y.mod(q);
- if (ROM.AES_S>0)
- {
- y.mod2m(2*ROM.AES_S);
- }
- y.toBytes(Y);
- }
-
-/* One pass MPIN Client */
- public static int CLIENT(int sha,int date,byte[] CLIENT_ID,RAND RNG,byte[] X,int pin,byte[] TOKEN,byte[] SEC,byte[] xID,byte[] xCID,byte[] PERMIT, int TimeValue, byte[] Y)
- {
- int rtn=0;
-
- byte[] pID;
- if (date == 0)
- pID = xID;
- else
- pID = xCID;
-
- rtn = CLIENT_1(sha,date,CLIENT_ID,RNG,X,pin,TOKEN,SEC,xID,xCID,PERMIT);
- if (rtn != 0)
- return rtn;
-
- GET_Y(sha,TimeValue,pID,Y);
-
- rtn = CLIENT_2(X,Y,SEC);
- if (rtn != 0)
- return rtn;
-
- return 0;
- }
-
-/* One pass MPIN Server */
- public static int SERVER(int sha,int date,byte[] HID,byte[] HTID,byte[] Y,byte[] SST,byte[] xID,byte[] xCID,byte[] SEC,byte[] E,byte[] F,byte[] CID, int TimeValue)
- {
- int rtn=0;
-
- byte[] pID;
- if (date == 0)
- pID = xID;
- else
- pID = xCID;
-
- SERVER_1(sha,date,CID,HID,HTID);
-
- GET_Y(sha,TimeValue,pID,Y);
-
- rtn = SERVER_2(date,HID,HTID,Y,SST,xID,xCID,SEC,E,F);
- if (rtn != 0)
- return rtn;
-
- return 0;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/java/PAIR.java
----------------------------------------------------------------------
diff --git a/version22/java/PAIR.java b/version22/java/PAIR.java
deleted file mode 100644
index 518f3ae..0000000
--- a/version22/java/PAIR.java
+++ /dev/null
@@ -1,685 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL BN Curve Pairing functions */
-
-public final class PAIR {
-
-/* Line function */
- public static FP12 line(ECP2 A,ECP2 B,FP Qx,FP Qy)
- {
- ECP2 P=new ECP2();
-
- FP4 a,b,c;
- P.copy(A);
- FP2 ZZ=new FP2(P.getz());
- ZZ.sqr();
- int D;
- if (A==B) D=A.dbl(); /* Check this return value in ecp2.c */
- else D=A.add(B);
- if (D<0)
- return new FP12(1);
- FP2 Z3=new FP2(A.getz());
- c=new FP4(0);
- if (D==0)
- { /* Addition */
- FP2 X=new FP2(B.getx());
- FP2 Y=new FP2(B.gety());
- FP2 T=new FP2(P.getz());
- T.mul(Y);
- ZZ.mul(T);
-
- FP2 NY=new FP2(P.gety()); NY.neg();
- ZZ.add(NY);
- Z3.pmul(Qy);
- T.mul(P.getx());
- X.mul(NY);
- T.add(X);
- a=new FP4(Z3,T);
- ZZ.neg();
- ZZ.pmul(Qx);
- b=new FP4(ZZ);
- }
- else
- { /* Doubling */
- FP2 X=new FP2(P.getx());
- FP2 Y=new FP2(P.gety());
- FP2 T=new FP2(P.getx());
- T.sqr();
- T.imul(3);
-
- Y.sqr();
- Y.add(Y);
- Z3.mul(ZZ);
- Z3.pmul(Qy);
-
- X.mul(T);
- X.sub(Y);
- a=new FP4(Z3,X);
- T.neg();
- ZZ.mul(T);
- ZZ.pmul(Qx);
- b=new FP4(ZZ);
- }
- return new FP12(a,b,c);
- }
-
-/* Optimal R-ate pairing */
- public static FP12 ate(ECP2 P,ECP Q)
- {
- FP2 f=new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb));
- BIG x=new BIG(ROM.CURVE_Bnx);
- BIG n=new BIG(x);
- ECP2 K=new ECP2();
- FP12 lv;
-
- if (ROM.CURVE_PAIRING_TYPE==ROM.BN_CURVE)
- {
- n.pmul(6); n.dec(2);
- }
- else
- n.copy(x);
- n.norm();
-
- P.affine();
- Q.affine();
- FP Qx=new FP(Q.getx());
- FP Qy=new FP(Q.gety());
-
- ECP2 A=new ECP2();
- FP12 r=new FP12(1);
-
- A.copy(P);
- int nb=n.nbits();
-
- for (int i=nb-2;i>=1;i--)
- {
- lv=line(A,A,Qx,Qy);
- r.smul(lv);
-
- if (n.bit(i)==1)
- {
- lv=line(A,P,Qx,Qy);
- r.smul(lv);
- }
- r.sqr();
- }
-
- lv=line(A,A,Qx,Qy);
- r.smul(lv);
- if (n.parity()==1)
- {
- lv=line(A,P,Qx,Qy);
- r.smul(lv);
- }
-
-/* R-ate fixup required for BN curves */
- if (ROM.CURVE_PAIRING_TYPE==ROM.BN_CURVE)
- {
- r.conj();
- K.copy(P);
- K.frob(f);
- A.neg();
- lv=line(A,K,Qx,Qy);
- r.smul(lv);
- K.frob(f);
- K.neg();
- lv=line(A,K,Qx,Qy);
- r.smul(lv);
- }
- return r;
- }
-
-/* Optimal R-ate double pairing e(P,Q).e(R,S) */
- public static FP12 ate2(ECP2 P,ECP Q,ECP2 R,ECP S)
- {
- FP2 f=new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb));
- BIG x=new BIG(ROM.CURVE_Bnx);
- BIG n=new BIG(x);
- ECP2 K=new ECP2();
- FP12 lv;
-
- if (ROM.CURVE_PAIRING_TYPE==ROM.BN_CURVE)
- {
- n.pmul(6); n.dec(2);
- }
- else
- n.copy(x);
- n.norm();
-
- P.affine();
- Q.affine();
- R.affine();
- S.affine();
-
- FP Qx=new FP(Q.getx());
- FP Qy=new FP(Q.gety());
- FP Sx=new FP(S.getx());
- FP Sy=new FP(S.gety());
-
- ECP2 A=new ECP2();
- ECP2 B=new ECP2();
- FP12 r=new FP12(1);
-
- A.copy(P);
- B.copy(R);
- int nb=n.nbits();
-
- for (int i=nb-2;i>=1;i--)
- {
- lv=line(A,A,Qx,Qy);
- r.smul(lv);
- lv=line(B,B,Sx,Sy);
- r.smul(lv);
-
- if (n.bit(i)==1)
- {
- lv=line(A,P,Qx,Qy);
- r.smul(lv);
- lv=line(B,R,Sx,Sy);
- r.smul(lv);
- }
- r.sqr();
- }
-
- lv=line(A,A,Qx,Qy);
- r.smul(lv);
- lv=line(B,B,Sx,Sy);
- r.smul(lv);
- if (n.parity()==1)
- {
- lv=line(A,P,Qx,Qy);
- r.smul(lv);
- lv=line(B,R,Sx,Sy);
- r.smul(lv);
- }
-
-/* R-ate fixup required for BN curves */
- if (ROM.CURVE_PAIRING_TYPE==ROM.BN_CURVE)
- {
- r.conj();
- K.copy(P);
- K.frob(f);
- A.neg();
- lv=line(A,K,Qx,Qy);
- r.smul(lv);
- K.frob(f);
- K.neg();
- lv=line(A,K,Qx,Qy);
- r.smul(lv);
-
- K.copy(R);
- K.frob(f);
- B.neg();
- lv=line(B,K,Sx,Sy);
- r.smul(lv);
- K.frob(f);
- K.neg();
- lv=line(B,K,Sx,Sy);
- r.smul(lv);
- }
- return r;
- }
-
-/* final exponentiation - keep separate for multi-pairings and to avoid thrashing stack */
- public static FP12 fexp(FP12 m)
- {
- FP2 f=new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb));
- BIG x=new BIG(ROM.CURVE_Bnx);
- FP12 r=new FP12(m);
-
-/* Easy part of final exp */
- FP12 lv=new FP12(r);
- lv.inverse();
- r.conj();
-
- r.mul(lv);
- lv.copy(r);
- r.frob(f);
- r.frob(f);
- r.mul(lv);
-/* Hard part of final exp */
- if (ROM.CURVE_PAIRING_TYPE==ROM.BN_CURVE)
- {
- FP12 x0,x1,x2,x3,x4,x5;
- lv.copy(r);
- lv.frob(f);
- x0=new FP12(lv);
- x0.frob(f);
- lv.mul(r);
- x0.mul(lv);
- x0.frob(f);
- x1=new FP12(r);
- x1.conj();
- x4=r.pow(x);
-
- x3=new FP12(x4);
- x3.frob(f);
-
- x2=x4.pow(x);
-
- x5=new FP12(x2); x5.conj();
- lv=x2.pow(x);
-
- x2.frob(f);
- r.copy(x2); r.conj();
-
- x4.mul(r);
- x2.frob(f);
-
- r.copy(lv);
- r.frob(f);
- lv.mul(r);
-
- lv.usqr();
- lv.mul(x4);
- lv.mul(x5);
- r.copy(x3);
- r.mul(x5);
- r.mul(lv);
- lv.mul(x2);
- r.usqr();
- r.mul(lv);
- r.usqr();
- lv.copy(r);
- lv.mul(x1);
- r.mul(x0);
- lv.usqr();
- r.mul(lv);
- r.reduce();
- }
- else
- {
-
- FP12 y0,y1,y2,y3;
-// Ghamman & Fouotsa Method
- y0=new FP12(r); y0.usqr();
- y1=y0.pow(x);
- x.fshr(1); y2=y1.pow(x); x.fshl(1);
- y3=new FP12(r); y3.conj();
- y1.mul(y3);
-
- y1.conj();
- y1.mul(y2);
-
- y2=y1.pow(x);
-
- y3=y2.pow(x);
- y1.conj();
- y3.mul(y1);
-
- y1.conj();
- y1.frob(f); y1.frob(f); y1.frob(f);
- y2.frob(f); y2.frob(f);
- y1.mul(y2);
-
- y2=y3.pow(x);
- y2.mul(y0);
- y2.mul(r);
-
- y1.mul(y2);
- y2.copy(y3); y2.frob(f);
- y1.mul(y2);
- r.copy(y1);
- r.reduce();
-
-/*
- x0=new FP12(r);
- x1=new FP12(r);
- lv.copy(r); lv.frob(f);
- x3=new FP12(lv); x3.conj(); x1.mul(x3);
- lv.frob(f); lv.frob(f);
- x1.mul(lv);
-
- r.copy(r.pow(x)); //r=r.pow(x);
- x3.copy(r); x3.conj(); x1.mul(x3);
- lv.copy(r); lv.frob(f);
- x0.mul(lv);
- lv.frob(f);
- x1.mul(lv);
- lv.frob(f);
- x3.copy(lv); x3.conj(); x0.mul(x3);
-
- r.copy(r.pow(x));
- x0.mul(r);
- lv.copy(r); lv.frob(f); lv.frob(f);
- x3.copy(lv); x3.conj(); x0.mul(x3);
- lv.frob(f);
- x1.mul(lv);
-
- r.copy(r.pow(x));
- lv.copy(r); lv.frob(f);
- x3.copy(lv); x3.conj(); x0.mul(x3);
- lv.frob(f);
- x1.mul(lv);
-
- r.copy(r.pow(x));
- x3.copy(r); x3.conj(); x0.mul(x3);
- lv.copy(r); lv.frob(f);
- x1.mul(lv);
-
- r.copy(r.pow(x));
- x1.mul(r);
-
- x0.usqr();
- x0.mul(x1);
- r.copy(x0);
- r.reduce(); */
- }
-
- return r;
- }
-
-/* GLV method */
- public static BIG[] glv(BIG e)
- {
- BIG[] u=new BIG[2];
- if (ROM.CURVE_PAIRING_TYPE==ROM.BN_CURVE)
- {
- int i,j;
- BIG t=new BIG(0);
- BIG q=new BIG(ROM.CURVE_Order);
-
- BIG[] v=new BIG[2];
- for (i=0;i<2;i++)
- {
- t.copy(new BIG(ROM.CURVE_W[i])); // why not just t=new BIG(ROM.CURVE_W[i]);
- DBIG d=BIG.mul(t,e);
- v[i]=new BIG(d.div(q));
- u[i]=new BIG(0);
- }
- u[0].copy(e);
- for (i=0;i<2;i++)
- for (j=0;j<2;j++)
- {
- t.copy(new BIG(ROM.CURVE_SB[j][i]));
- t.copy(BIG.modmul(v[j],t,q));
- u[i].add(q);
- u[i].sub(t);
- u[i].mod(q);
- }
- }
- else
- { // -(x^2).P = (Beta.x,y)
- BIG q=new BIG(ROM.CURVE_Order);
- BIG x=new BIG(ROM.CURVE_Bnx);
- BIG x2=BIG.smul(x,x);
- u[0]=new BIG(e);
- u[0].mod(x2);
- u[1]=new BIG(e);
- u[1].div(x2);
- u[1].rsub(q);
- }
- return u;
- }
-
-/* Galbraith & Scott Method */
- public static BIG[] gs(BIG e)
- {
- BIG[] u=new BIG[4];
- if (ROM.CURVE_PAIRING_TYPE==ROM.BN_CURVE)
- {
- int i,j;
- BIG t=new BIG(0);
- BIG q=new BIG(ROM.CURVE_Order);
- BIG[] v=new BIG[4];
- for (i=0;i<4;i++)
- {
- t.copy(new BIG(ROM.CURVE_WB[i]));
- DBIG d=BIG.mul(t,e);
- v[i]=new BIG(d.div(q));
- u[i]=new BIG(0);
- }
- u[0].copy(e);
- for (i=0;i<4;i++)
- for (j=0;j<4;j++)
- {
- t.copy(new BIG(ROM.CURVE_BB[j][i]));
- t.copy(BIG.modmul(v[j],t,q));
- u[i].add(q);
- u[i].sub(t);
- u[i].mod(q);
- }
- }
- else
- {
- BIG x=new BIG(ROM.CURVE_Bnx);
- BIG w=new BIG(e);
- for (int i=0;i<4;i++)
- {
- u[i]=new BIG(w);
- u[i].mod(x);
- w.div(x);
- }
- }
- return u;
- }
-
-/* Multiply P by e in group G1 */
- public static ECP G1mul(ECP P,BIG e)
- {
- ECP R;
- if (ROM.USE_GLV)
- {
- P.affine();
- R=new ECP();
- R.copy(P);
- int i,np,nn;
- ECP Q=new ECP();
- Q.copy(P);
- BIG q=new BIG(ROM.CURVE_Order);
- FP cru=new FP(new BIG(ROM.CURVE_Cru));
- BIG t=new BIG(0);
- BIG[] u=glv(e);
- Q.getx().mul(cru);
-
- np=u[0].nbits();
- t.copy(BIG.modneg(u[0],q));
- nn=t.nbits();
- if (nn<np)
- {
- u[0].copy(t);
- R.neg();
- }
-
- np=u[1].nbits();
- t.copy(BIG.modneg(u[1],q));
- nn=t.nbits();
- if (nn<np)
- {
- u[1].copy(t);
- Q.neg();
- }
-
- R=R.mul2(u[0],Q,u[1]);
-
- }
- else
- {
- R=P.mul(e);
- }
- return R;
- }
-
-/* Multiply P by e in group G2 */
- public static ECP2 G2mul(ECP2 P,BIG e)
- {
- ECP2 R;
- if (ROM.USE_GS_G2)
- {
- ECP2[] Q=new ECP2[4];
- FP2 f=new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb));
- BIG q=new BIG(ROM.CURVE_Order);
- BIG[] u=gs(e);
-
-
-
- BIG t=new BIG(0);
- int i,np,nn;
- P.affine();
- Q[0]=new ECP2(); Q[0].copy(P);
- for (i=1;i<4;i++)
- {
- Q[i]=new ECP2(); Q[i].copy(Q[i-1]);
- Q[i].frob(f);
- }
- for (i=0;i<4;i++)
- {
- np=u[i].nbits();
- t.copy(BIG.modneg(u[i],q));
- nn=t.nbits();
- if (nn<np)
- {
- u[i].copy(t);
- Q[i].neg();
- }
- }
-
- R=ECP2.mul4(Q,u);
- }
- else
- {
- R=P.mul(e);
- }
- return R;
- }
-
-/* f=f^e */
-/* Note that this method requires a lot of RAM! Better to use compressed XTR method, see FP4.java */
- public static FP12 GTpow(FP12 d,BIG e)
- {
- FP12 r;
- if (ROM.USE_GS_GT)
- {
- FP12[] g=new FP12[4];
- FP2 f=new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb));
- BIG q=new BIG(ROM.CURVE_Order);
- BIG t=new BIG(0);
- int i,np,nn;
- BIG[] u=gs(e);
-
- g[0]=new FP12(d);
- for (i=1;i<4;i++)
- {
- g[i]=new FP12(0); g[i].copy(g[i-1]);
- g[i].frob(f);
- }
- for (i=0;i<4;i++)
- {
- np=u[i].nbits();
- t.copy(BIG.modneg(u[i],q));
- nn=t.nbits();
- if (nn<np)
- {
- u[i].copy(t);
- g[i].conj();
- }
- }
- r=FP12.pow4(g,u);
- }
- else
- {
- r=d.pow(e);
- }
- return r;
- }
-
-/* test group membership - no longer needed */
-/* with GT-Strong curve, now only check that m!=1, conj(m)*m==1, and m.m^{p^4}=m^{p^2} */
-/*
- public static boolean GTmember(FP12 m)
- {
- if (m.isunity()) return false;
- FP12 r=new FP12(m);
- r.conj();
- r.mul(m);
- if (!r.isunity()) return false;
-
- FP2 f=new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb));
-
- r.copy(m); r.frob(f); r.frob(f);
- FP12 w=new FP12(r); w.frob(f); w.frob(f);
- w.mul(m);
- if (!ROM.GT_STRONG)
- {
- if (!w.equals(r)) return false;
- BIG x=new BIG(ROM.CURVE_Bnx);
- r.copy(m); w=r.pow(x); w=w.pow(x);
- r.copy(w); r.sqr(); r.mul(w); r.sqr();
- w.copy(m); w.frob(f);
- }
- return w.equals(r);
- }
-*/
-/*
- public static void main(String[] args) {
- ECP Q=new ECP(new BIG(ROM.CURVE_Gx),new BIG(ROM.CURVE_Gy));
- ECP2 P=new ECP2(new FP2(new BIG(ROM.CURVE_Pxa),new BIG(ROM.CURVE_Pxb)),new FP2(new BIG(ROM.CURVE_Pya),new BIG(ROM.CURVE_Pyb)));
-
- BIG r=new BIG(ROM.CURVE_Order);
- BIG xa=new BIG(ROM.CURVE_Pxa);
-
- System.out.println("P= "+P.toString());
- System.out.println("Q= "+Q.toString());
-
- BIG m=new BIG(17);
-
- FP12 e=ate(P,Q);
- System.out.println("\ne= "+e.toString());
-
- e=fexp(e);
-
- for (int i=1;i<1000;i++)
- {
- e=ate(P,Q);
- e=fexp(e);
- }
- // e=GTpow(e,m);
-
- System.out.println("\ne= "+e.toString());
-
- BIG [] GLV=glv(r);
-
- System.out.println("GLV[0]= "+GLV[0].toString());
- System.out.println("GLV[0]= "+GLV[1].toString());
-
- ECP G=new ECP(); G.copy(Q);
- ECP2 R=new ECP2(); R.copy(P);
-
-
- e=ate(R,Q);
- e=fexp(e);
-
- e=GTpow(e,xa);
- System.out.println("\ne= "+e.toString());
-
-
- R=G2mul(R,xa);
- e=ate(R,G);
- e=fexp(e);
-
- System.out.println("\ne= "+e.toString());
-
- G=G1mul(G,xa);
- e=ate(P,G);
- e=fexp(e);
- System.out.println("\ne= "+e.toString());
- } */
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/java/RAND.java
----------------------------------------------------------------------
diff --git a/version22/java/RAND.java b/version22/java/RAND.java
deleted file mode 100644
index 7494eff..0000000
--- a/version22/java/RAND.java
+++ /dev/null
@@ -1,161 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/*
- * Cryptographic strong random number generator
- *
- * Unguessable seed -> SHA -> PRNG internal state -> SHA -> random numbers
- * Slow - but secure
- *
- * See ftp://ftp.rsasecurity.com/pub/pdfs/bull-1.pdf for a justification
- */
-
-/* Marsaglia & Zaman Random number generator constants */
-
-
-public class RAND {
-/* Cryptographically strong pseudo-random number generator */
-
- private static final int NK=21;
- private static final int NJ=6;
- private static final int NV=8;
- private int[] ira=new int[NK]; /* random number... */
- private int rndptr; /* ...array & pointer */
- private int borrow;
- private int pool_ptr;
- private byte[] pool=new byte[32]; /* random pool */
-
- public RAND()
- {
- clean();
- }
-
- private int sbrand()
- { /* Marsaglia & Zaman random number generator */
- int i,k;
- long pdiff,t;
-
- rndptr++;
- if (rndptr<NK) return ira[rndptr];
- rndptr=0;
- for (i=0,k=NK-NJ;i<NK;i++,k++)
- { /* calculate next NK values */
- if (k==NK) k=0;
- t=((long)ira[k])&0xffffffffL;
- pdiff=(t - (((long)ira[i])&0xffffffffL) - (long)borrow)&0xffffffffL;
- if (pdiff<t) borrow=0;
- if (pdiff>t) borrow=1;
- ira[i]=(int)(pdiff&0xffffffffL);
- }
-
- return ira[0];
- }
-
- public void sirand(int seed)
- {
- int i,in;
- int t,m=1;
- borrow=0;
- rndptr=0;
- ira[0]^=seed;
- for (i=1;i<NK;i++)
- { /* fill initialisation vector */
- in=(NV*i)%NK;
- ira[in]^=m; /* note XOR */
- t=m;
- m=seed-m;
- seed=t;
- }
- for (i=0;i<10000;i++) sbrand(); /* "warm-up" & stir the generator */
- }
-
- private void fill_pool()
- {
- HASH256 sh=new HASH256();
- for (int i=0;i<128;i++) sh.process(sbrand());
- pool=sh.hash();
- pool_ptr=0;
- }
-
- private static int pack(byte[] b)
- { /* pack 4 bytes into a 32-bit Word */
- return ((((int)b[3])&0xff)<<24)|(((int)b[2]&0xff)<<16)|(((int)b[1]&0xff)<<8)|((int)b[0]&0xff);
- }
-
-/* Initialize RNG with some real entropy from some external source */
- public void seed(int rawlen,byte[] raw)
- { /* initialise from at least 128 byte string of raw random entropy */
- int i;
- byte [] digest;
- byte [] b=new byte[4];
- HASH256 sh=new HASH256();
- pool_ptr=0;
- for (i=0;i<NK;i++) ira[i]=0;
- if (rawlen>0)
- {
- for (i=0;i<rawlen;i++)
- sh.process(raw[i]);
- digest=sh.hash();
-
-/* initialise PRNG from distilled randomness */
-
- for (i=0;i<8;i++)
- {
- b[0]=digest[4*i]; b[1]=digest[4*i+1]; b[2]=digest[4*i+2]; b[3]=digest[4*i+3];
- sirand(pack(b));
- }
- }
- fill_pool();
- }
-
-/* Terminate and clean up */
- public void clean()
- { /* kill internal state */
- int i;
- pool_ptr=rndptr=0;
- for (i=0;i<32;i++) pool[i]=0;
- for (i=0;i<NK;i++) ira[i]=0;
- borrow=0;
- }
-
-/* get random byte */
- public int getByte()
- {
- int r;
- r=pool[pool_ptr++];
- if (pool_ptr>=32) fill_pool();
- return (r&0xff);
- }
-
-/* test main program */
-/*
- public static void main(String[] args) {
- int i;
- byte[] raw=new byte[100];
- RAND rng=new RAND();
-
- rng.clean();
- for (i=0;i<100;i++) raw[i]=(byte)i;
-
- rng.seed(100,raw);
-
- for (i=0;i<1000;i++)
- System.out.format("%03d ",rng.getByte());
- } */
-}
[28/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/src/big.rs
----------------------------------------------------------------------
diff --git a/version22/rust/src/big.rs b/version22/rust/src/big.rs
deleted file mode 100644
index 5e3fb1d..0000000
--- a/version22/rust/src/big.rs
+++ /dev/null
@@ -1,1227 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-use std::fmt;
-use std::cmp::Ordering;
-use std::str::SplitWhitespace;
-
-use rom;
-use rom::{Chunk, NLEN};
-
-#[cfg(target_pointer_width = "32")]
-use rom::DChunk;
-
-#[derive(Copy, Clone)]
-pub struct BIG {
- pub w: [Chunk; rom::NLEN]
-}
-
-//mod dbig;
-
-use dbig::DBIG;
-use rand::RAND;
-
-impl fmt::Display for BIG {
- fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
- let mut big = self.clone();
- write!(f, "BIG: [ {} ]", big.tostring())
- }
-}
-
-impl fmt::Debug for BIG {
- fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
- let mut big = self.clone();
- write!(f, "BIG: [ {} ]", big.tostring())
- }
-}
-
-impl PartialEq for BIG {
- fn eq(&self, other: &BIG) -> bool {
- return self.w == other.w;
- }
-}
-
-impl Ord for BIG {
- fn cmp(&self, other: &BIG) -> Ordering {
- let r = BIG::comp(self, other);
- if r > 0 {
- return Ordering::Greater;
- }
- if r < 0 {
- return Ordering::Less;
- }
- return Ordering::Equal;
- }
-}
-
-impl Eq for BIG { }
-
-impl PartialOrd for BIG {
- fn partial_cmp(&self, other: &BIG) -> Option<Ordering> {
- Some(self.cmp(other))
- }
-}
-
-impl BIG {
-
- pub fn new() -> BIG {
- BIG {
- w: [0; rom::NLEN]
- }
- }
-
- pub fn new_int(x:isize) -> BIG {
- let mut s= BIG::new();
- s.w[0]=x as Chunk;
- return s;
- }
-
- pub fn new_ints(a:&[Chunk]) -> BIG {
- let mut s= BIG::new();
- for i in 0..rom::NLEN {s.w[i]=a[i]}
- return s;
- }
-
- pub fn new_copy(y:&BIG) -> BIG {
- let mut s= BIG::new();
- for i in 0..rom::NLEN {s.w[i]=y.w[i]}
- return s;
- }
-
- pub fn new_big(y:&BIG) -> BIG {
- let mut s= BIG::new();
- for i in 0..rom::NLEN {s.w[i]=y.w[i]}
- return s;
- }
-
- pub fn new_dcopy(y:&DBIG) -> BIG {
- let mut s= BIG::new();
- for i in 0..rom::NLEN {s.w[i]=y.w[i]}
- return s;
- }
-
- pub fn get(&self,i:usize) -> Chunk {
- return self.w[i];
- }
-
- pub fn set(&mut self,i:usize,x:Chunk) {
- self.w[i]=x;
- }
-
- pub fn xortop(&mut self,x:Chunk) {
- self.w[rom::NLEN-1]^=x;
- }
-
- pub fn ortop(&mut self,x:Chunk) {
- self.w[rom::NLEN-1]|=x;
- }
-
-/* test for zero */
- pub fn iszilch(&self) -> bool {
- for i in 0 ..rom::NLEN {
- if self.w[i]!=0 {return false}
- }
- return true;
- }
-
-/* set to zero */
- pub fn zero(&mut self) {
- for i in 0 ..rom::NLEN {
- self.w[i]=0
- }
- }
-
-/* Test for equal to one */
- pub fn isunity(&self) -> bool {
- for i in 0 ..rom::NLEN {
- if self.w[i]!=0 {return false}
- }
- if self.w[0]!=1 {return false}
- return true;
- }
-
-/* set to one */
- pub fn one(&mut self) {
- self.w[0]=1;
- for i in 1 ..rom::NLEN {
- self.w[i]=0;
- }
- }
-
-/* Copy from another BIG */
- pub fn copy(&mut self,x: &BIG) {
- for i in 0 ..rom::NLEN {
- self.w[i]=x.w[i]
- }
- }
-
- pub fn dcopy(&mut self,x: &DBIG)
- {
- for i in 0 ..rom::NLEN {self.w[i] = x.w[i]}
- }
-
-/* calculate Field Excess */
- pub fn excess(a:&BIG) -> Chunk {
- return (a.w[rom::NLEN-1]&rom::OMASK)>>(rom::MODBITS%rom::BASEBITS)
- }
-
- pub fn ff_excess(a:&BIG) -> Chunk {
- return (a.w[rom::NLEN-1]&rom::P_OMASK)>>(rom::P_MB)
- }
-
-#[cfg(target_pointer_width = "32")]
- pub fn pexceed(a: &BIG,b: &BIG) -> bool {
- let ea=BIG::excess(a);
- let eb=BIG::excess(b);
- if ((ea+1) as DChunk)*((eb+1) as DChunk) > rom::FEXCESS as DChunk {return true}
- return false
- }
-
-#[cfg(target_pointer_width = "32")]
- pub fn sexceed(a: &BIG) -> bool {
- let ea=BIG::excess(a);
- if ((ea+1) as DChunk)*((ea+1) as DChunk) > rom::FEXCESS as DChunk {return true}
- return false
- }
-
-#[cfg(target_pointer_width = "32")]
- pub fn ff_pexceed(a: &BIG,b: &BIG) -> bool {
- let ea=BIG::ff_excess(a);
- let eb=BIG::ff_excess(b);
- if ((ea+1) as DChunk)*((eb+1) as DChunk) > rom::P_FEXCESS as DChunk {return true}
- return false;
- }
-
-#[cfg(target_pointer_width = "32")]
- pub fn ff_sexceed(a: &BIG) -> bool {
- let ea=BIG::ff_excess(a);
- if ((ea+1) as DChunk)*((ea+1) as DChunk) > rom::P_FEXCESS as DChunk {return true}
- return false;
- }
-
-/* Get top and bottom half of =x*y+c+r */
-#[cfg(target_pointer_width = "32")]
- pub fn muladd(a: Chunk,b: Chunk,c: Chunk,r: Chunk) -> (Chunk,Chunk) {
- let prod:DChunk = (a as DChunk)*(b as DChunk)+(c as DChunk)+(r as DChunk);
- let bot=(prod&(rom::BMASK as DChunk)) as Chunk;
- let top=(prod>>rom::BASEBITS) as Chunk;
- return (top,bot);
- }
-
-#[cfg(target_pointer_width = "64")]
- pub fn pexceed(a: &BIG,b: &BIG) -> bool {
- let ea=BIG::excess(a);
- let eb=BIG::excess(b);
- if (ea+1) > rom::FEXCESS/(eb+1) {return true}
- return false
- }
-
-#[cfg(target_pointer_width = "64")]
- pub fn sexceed(a: &BIG) -> bool {
- let ea=BIG::excess(a);
- if (ea+1) > rom::FEXCESS/(ea+1) {return true}
- return false
- }
-
-#[cfg(target_pointer_width = "64")]
- pub fn ff_pexceed(a: &BIG,b: &BIG) -> bool {
- let ea=BIG::ff_excess(a);
- let eb=BIG::ff_excess(b);
- if (ea+1) > rom::P_FEXCESS/(eb+1) {return true}
- return false;
- }
-
-#[cfg(target_pointer_width = "64")]
- pub fn ff_sexceed(a: &BIG) -> bool {
- let ea=BIG::ff_excess(a);
- if (ea+1) > rom::P_FEXCESS/(ea+1) {return true}
- return false;
- }
-
-#[cfg(target_pointer_width = "64")]
- pub fn muladd(a: Chunk,b: Chunk,c: Chunk,r: Chunk) -> (Chunk,Chunk) {
- let x0=a&rom::HMASK;
- let x1=a>>rom::HBITS;
- let y0=b&rom::HMASK;
- let y1=b>>rom::HBITS;
- let mut bot=x0*y0;
- let mut top=x1*y1;
- let mid=x0*y1+x1*y0;
- let u0=mid&rom::HMASK;
- let u1=mid>>rom::HBITS;
- bot+= u0 <<rom::HBITS;
- bot+=c; bot+=r;
- top+=u1;
- let carry=bot>>rom::BASEBITS;
- bot&=rom::BMASK;
- top+=carry;
- return (top,bot);
- }
-
-/*
-alise BIG - force all digits < 2^rom::BASEBITS */
- pub fn norm(&mut self) -> Chunk
- {
- let mut carry=0 as Chunk;
- for i in 0 ..rom::NLEN-1 {
- let d=self.w[i]+carry;
- self.w[i]=d&rom::BMASK;
- carry=d>>rom::BASEBITS;
- }
- self.w[rom::NLEN-1]+=carry;
- return (self.w[rom::NLEN-1]>>((8*rom::MODBYTES)%rom::BASEBITS)) as Chunk;
- }
-
-/* Conditional swap of two bigs depending on d using XOR - no branches */
- pub fn cswap(&mut self,b: &mut BIG,d: isize) {
- let mut c= d as Chunk;
- c=!(c-1);
- for i in 0 ..rom::NLEN {
- let t=c&(self.w[i]^b.w[i]);
- self.w[i]^=t;
- b.w[i]^=t;
- }
- }
-
- pub fn cmove(&mut self,g:&BIG,d: isize) {
- let b= -d as Chunk;
- for i in 0 ..rom::NLEN {
- self.w[i]^=(self.w[i]^g.w[i])&b;
- }
- }
-
-/* Shift right by less than a word */
- pub fn fshr(&mut self, k: usize) -> isize {
- let n = k;
- let w=self.w[0]&((1<<n)-1); /* shifted out part */
- for i in 0 ..rom::NLEN-1 {
- self.w[i]=(self.w[i]>>k)|((self.w[i+1]<<(rom::BASEBITS-n))&rom::BMASK);
- }
- self.w[rom::NLEN-1]=self.w[rom::NLEN-1]>>k;
- return w as isize;
- }
-
- /* general shift right */
- pub fn shr(&mut self,k:usize) {
- let n=k%rom::BASEBITS;
- let m=k/rom::BASEBITS;
- for i in 0 ..rom::NLEN-m-1 {
- self.w[i]=(self.w[m+i]>>n)|((self.w[m+i+1]<<(rom::BASEBITS-n))&rom::BMASK)
- }
- self.w[rom::NLEN-m-1]=self.w[rom::NLEN-1]>>n;
- for i in rom::NLEN-m ..rom::NLEN
- {self.w[i]=0}
- }
-
-/* Shift right by less than a word */
- pub fn fshl(&mut self,k:usize) -> isize {
- let n=k;
- self.w[rom::NLEN-1]=((self.w[rom::NLEN-1]<<n))|(self.w[rom::NLEN-2]>>(rom::BASEBITS-n));
- for i in (1 ..rom::NLEN-1).rev() {
- self.w[i]=((self.w[i]<<k)&rom::BMASK)|(self.w[i-1]>>(rom::BASEBITS-n));
- }
- self.w[0]=(self.w[0]<<n)&rom::BMASK;
- return (self.w[rom::NLEN-1]>>((8*rom::MODBYTES)%rom::BASEBITS)) as isize /* return excess - only used in ff.c */
- }
-
-/* general shift left */
- pub fn shl(&mut self,k: usize) {
- let n=k%rom::BASEBITS;
- let m=k/rom::BASEBITS;
-
- self.w[rom::NLEN-1]=self.w[rom::NLEN-1-m]<<n;
- if rom::NLEN>=m+2 {self.w[rom::NLEN-1]|=self.w[rom::NLEN-m-2]>>(rom::BASEBITS-n)}
- for i in (m+1 ..rom::NLEN-1).rev() {
- self.w[i]=((self.w[i-m]<<n)&rom::BMASK)|(self.w[i-m-1]>>(rom::BASEBITS-n));
- }
- self.w[m]=(self.w[0]<<n)&rom::BMASK;
- for i in 0 ..m {self.w[i]=0}
- }
-
-/* return number of bits */
- pub fn nbits(&mut self) -> usize {
- let mut k=rom::NLEN-1;
- self.norm();
- while (k as isize)>=0 && self.w[k]==0 {k=k.wrapping_sub(1)}
- if (k as isize) <0 {return 0}
- let mut bts=rom::BASEBITS*k;
- let mut c=self.w[k];
- while c!=0 {c/=2; bts+=1;}
- return bts;
- }
-
-/* Convert to Hex String */
- pub fn tostring(&mut self) -> String {
- let mut s = String::new();
- let mut len=self.nbits();
-
- if len%4==0 {
- len/=4;
- } else {
- len/=4;
- len+=1;
- }
- let mb=(rom::MODBYTES*2) as usize;
- if len<mb {len=mb}
-
- for i in (0 ..len).rev() {
- let mut b=BIG::new_copy(&self);
- b.shr(i*4);
- s=s + &format!("{:X}", b.w[0]&15);
- }
- return s;
- }
-
- pub fn add(&mut self,r:&BIG) {
- for i in 0 ..rom::NLEN {
- self.w[i]+=r.w[i]
- }
- }
-
- pub fn dbl(&mut self) {
- for i in 0 ..rom::NLEN {
- self.w[i]+=self.w[i]
- }
- }
-
-/* return this+x */
- pub fn plus(&self,x: &BIG) -> BIG {
- let mut s=BIG::new();
- for i in 0 ..rom::NLEN {
- s.w[i]=self.w[i]+x.w[i];
- }
- return s;
- }
-
- pub fn inc(&mut self,x:isize) {
- self.norm();
- self.w[0]+=x as Chunk;
- }
-
-// pub fn incl(&mut self,x:Chunk) {
-// self.norm();
-// self.w[0]+=x;
-// }
-
-/* return self-x */
- pub fn minus(&self,x:& BIG) -> BIG {
- let mut d=BIG::new();
- for i in 0 ..rom::NLEN {
- d.w[i]=self.w[i]-x.w[i];
- }
- return d;
- }
-
-/* self-=x */
- pub fn sub(&mut self,x:&BIG) {
- for i in 0 ..rom::NLEN {
- self.w[i]-=x.w[i];
- }
- }
-
-/* reverse subtract this=x-this */
- pub fn rsub(&mut self,x:&BIG) {
- for i in 0 ..rom::NLEN {
- self.w[i]=x.w[i]-self.w[i]
- }
- }
-
-/* self-=x, where x is int */
- pub fn dec(&mut self,x:isize) {
- self.norm();
- self.w[0]-= x as Chunk;
- }
-
-/* self*=x, where x is small int<NEXCESS */
- pub fn imul(&mut self,c: isize) {
- for i in 0 ..rom::NLEN {
- self.w[i]*=c as Chunk;
- }
- }
-
-/* convert this BIG to byte array */
- pub fn tobytearray(&mut self,b: &mut [u8],n:usize) {
- self.norm();
- let mut c=BIG::new_copy(self);
-
- for i in (0 ..(rom::MODBYTES as usize)).rev() {
- b[i+n]=(c.w[0]&0xff) as u8;
- c.fshr(8);
- }
- }
-
-/* convert from byte array to BIG */
- pub fn frombytearray(b: &[u8],n:usize) -> BIG {
- let mut m=BIG::new();
- for i in 0 ..(rom::MODBYTES as usize) {
- m.fshl(8); m.w[0]+=(b[i+n]&0xff) as Chunk;
- }
- return m;
- }
-
- pub fn tobytes(&mut self,b: &mut [u8]) {
- self.tobytearray(b,0)
- }
-
- pub fn frombytes(b: &[u8]) -> BIG {
- return BIG::frombytearray(b,0)
- }
-
- pub fn to_hex(&self) -> String {
- let mut ret: String = String::with_capacity(NLEN * 16 + NLEN - 1);
-
- for i in 0..NLEN {
- if i == NLEN-1 {
- ret.push_str(&format!("{:X}", self.w[i]));
- } else {
- ret.push_str(&format!("{:X} ", self.w[i]));
- }
- }
- return ret;
- }
-
- pub fn from_hex_iter(iter: &mut SplitWhitespace) -> BIG {
- let mut ret:BIG = BIG::new();
- for i in 0..NLEN {
- let v = iter.next();
- match v {
- Some(x) => {
- ret.w[i] = u64::from_str_radix(x, 16).unwrap() as Chunk;
- },
- None => {
- break;
- }
- }
- }
- return ret;
- }
-
- pub fn from_hex(val: String) -> BIG {
- let mut iter = val.split_whitespace();
- return BIG::from_hex_iter(&mut iter);
- }
-
-/* self*=x, where x is >NEXCESS */
- pub fn pmul(&mut self,c: isize) -> Chunk {
- let mut carry=0 as Chunk;
- self.norm();
- for i in 0 ..rom::NLEN {
- let ak=self.w[i];
- let tuple=BIG::muladd(ak,c as Chunk,carry,0 as Chunk);
- carry=tuple.0; self.w[i]=tuple.1;
- }
- return carry;
- }
-
-/* self*=c and catch overflow in DBIG */
- pub fn pxmul(&mut self,c: isize) -> DBIG
- {
- let mut m=DBIG::new();
- let mut carry=0 as Chunk;
- for j in 0 ..rom::NLEN {
- let tuple=BIG::muladd(self.w[j],c as Chunk,carry,m.w[j]);
- carry=tuple.0; m.w[j]=tuple.1;
- }
- m.w[rom::NLEN]=carry;
- return m;
- }
-
-/* divide by 3 */
- pub fn div3(&mut self) -> Chunk
- {
- let mut carry=0 as Chunk;
- self.norm();
- let base=1<<rom::BASEBITS;
- for i in (0 ..rom::NLEN).rev() {
- let ak=carry*base+self.w[i];
- self.w[i]=ak/3;
- carry=ak%3;
- }
- return carry;
- }
-
-/* return a*b where result fits in a BIG */
- pub fn smul(a: &BIG,b: &BIG) -> BIG {
- let mut c=BIG::new();
- for i in 0 ..rom::NLEN {
- let mut carry=0 as Chunk;
- for j in 0 ..rom::NLEN {
- if i+j<rom::NLEN {
- let tuple=BIG::muladd(a.w[i],b.w[j],carry,c.w[i+j]);
- carry=tuple.0; c.w[i+j]=tuple.1;
- }
- }
- }
- return c;
- }
-
-/* Compare a and b, return 0 if a==b, -1 if a<b, +1 if a>b. Inputs must be normalised */
- pub fn comp(a: &BIG,b: &BIG) -> isize {
- for i in (0 ..rom::NLEN).rev() {
- if a.w[i]==b.w[i] {continue}
- if a.w[i]>b.w[i] {return 1}
- else {return -1}
- }
- return 0;
- }
-
-/* set x = x mod 2^m */
- pub fn mod2m(&mut self,m: usize)
- {
- let wd=m/rom::BASEBITS;
- let bt=m%rom::BASEBITS;
- let msk=(1<<bt)-1;
- self.w[wd]&=msk;
- for i in wd+1 ..rom::NLEN {self.w[i]=0}
- }
-
-/* Arazi and Qi inversion mod 256 */
- pub fn invmod256(a: isize) -> isize {
- let mut t1:isize=0;
- let mut c=(a>>1)&1;
- t1+=c;
- t1&=1;
- t1=2-t1;
- t1<<=1;
- let mut u=t1+1;
-
- // i=2
- let mut b=a&3;
- t1=u*b; t1>>=2;
- c=(a>>2)&3;
- let mut t2=(u*c)&3;
- t1+=t2;
- t1*=u; t1&=3;
- t1=4-t1;
- t1<<=2;
- u+=t1;
-
- // i=4
- b=a&15;
- t1=u*b; t1>>=4;
- c=(a>>4)&15;
- t2=(u*c)&15;
- t1+=t2;
- t1*=u; t1&=15;
- t1=16-t1;
- t1<<=4;
- u+=t1;
-
- return u;
- }
-
-/* return parity */
- pub fn parity(&self) -> isize {
- return (self.w[0]%2) as isize;
- }
-
-/* return n-th bit */
- pub fn bit(&self,n: usize) -> isize {
- if (self.w[n/(rom::BASEBITS as usize)]&(1<<(n%rom::BASEBITS)))>0 {return 1;}
- else {return 0;}
- }
-
-/* return n last bits */
- pub fn lastbits(&mut self,n: usize) -> isize
- {
- let msk = ((1<<n)-1) as Chunk;
- self.norm();
- return (self.w[0]&msk) as isize;
- }
-
-/* a=1/a mod 2^256. This is very fast! */
- pub fn invmod2m(&mut self) {
- let mut u=BIG::new();
- let mut b=BIG::new();
- let mut c=BIG::new();
-
- u.inc(BIG::invmod256(self.lastbits(8)));
-
- let mut i=8;
- while i<rom::BIGBITS {
- b.copy(self);
- b.mod2m(i);
- let mut t1=BIG::smul(&u,&b);
- t1.shr(i);
- c.copy(self);
- c.shr(i);
- c.mod2m(i);
-
- let mut t2=BIG::smul(&u,&c);
- t2.mod2m(i);
- t1.add(&t2);
- b=BIG::smul(&t1,&u);
- t1.copy(&b);
- t1.mod2m(i);
-
- t2.one(); t2.shl(i); t1.rsub(&t2); t1.norm();
- t1.shl(i);
- u.add(&t1);
- i<<=1;
- }
- u.mod2m(rom::BIGBITS);
- self.copy(&u);
- self.norm();
- }
-
-/* reduce self mod m */
- pub fn rmod(&mut self,n: &BIG) {
- let mut k=0;
- let mut m=BIG::new_copy(n);
- let mut r=BIG::new();
- self.norm();
- if BIG::comp(self,&m)<0 {return}
- loop {
- m.fshl(1);
- k += 1;
- if BIG::comp(self,&m)<0 {break}
- }
-
- while k>0 {
- m.fshr(1);
-
- r.copy(self);
- r.sub(&m);
- r.norm();
- self.cmove(&r,(1-((r.w[rom::NLEN-1]>>(rom::CHUNK-1))&1)) as isize);
-/*
- if BIG::comp(self,&m)>=0 {
- self.sub(&m);
- self.norm();
- } */
- k -= 1;
- }
- }
-
-/* divide self by m */
- pub fn div(&mut self,n: &BIG) {
- let mut k=0;
- self.norm();
- let mut e=BIG::new_int(1);
- let mut b=BIG::new_copy(self);
- let mut m=BIG::new_copy(n);
- let mut r=BIG::new();
- self.zero();
-
- while BIG::comp(&b,&m)>=0 {
- e.fshl(1);
- m.fshl(1);
- k += 1;
- }
-
- while k>0 {
- m.fshr(1);
- e.fshr(1);
-
- r.copy(&b);
- r.sub(&m);
- r.norm();
- let d=(1-((r.w[rom::NLEN-1]>>(rom::CHUNK-1))&1)) as isize;
- b.cmove(&r,d);
- r.copy(self);
- r.add(&e);
- r.norm();
- self.cmove(&r,d);
-/*
- if BIG::comp(&b,&m)>=0 {
- self.add(&e);
- self.norm();
- b.sub(&m);
- b.norm();
- } */
- k -= 1;
- }
- }
-
-/* get 8*MODBYTES size random number */
- pub fn random(rng: &mut RAND) -> BIG {
- let mut m=BIG::new();
- let mut j=0;
- let mut r:u8=0;
-/* generate random BIG */
- for _ in 0..8*(rom::MODBYTES as usize) {
- if j==0 {
- r=rng.getbyte()
- } else {r>>=1}
-
- let b= (r as Chunk)&1;
- m.shl(1); m.w[0]+=b;// m.inc(b)
- j+=1; j&=7;
- }
- return m;
- }
-
-/* Create random BIG in portable way, one bit at a time */
- pub fn randomnum(q: &BIG,rng: &mut RAND) -> BIG {
- let mut d=DBIG::new();
- let mut j=0;
- let mut r:u8=0;
- for _ in 0..2*(rom::MODBITS as usize) {
- if j==0 {
- r=rng.getbyte();
- } else {r>>=1}
-
- let b= (r as Chunk)&1;
- d.shl(1); d.w[0]+=b; // m.inc(b);
- j+=1; j&=7;
- }
- let m=d.dmod(q);
- return m;
- }
-
-
- /* Jacobi Symbol (this/p). Returns 0, 1 or -1 */
- pub fn jacobi(&mut self,p: &BIG) -> isize {
- let mut m:usize=0;
- let mut t=BIG::new();
- let mut x=BIG::new();
- let mut n=BIG::new();
- let zilch=BIG::new();
- let one=BIG::new_int(1);
- if p.parity()==0 || BIG::comp(self,&zilch)==0 || BIG::comp(p,&one)<=0 {return 0}
- self.norm();
-
- x.copy(self);
- n.copy(p);
- x.rmod(p);
-
- while BIG::comp(&n,&one)>0 {
- if BIG::comp(&x,&zilch)==0 {return 0}
- let n8=n.lastbits(3) as usize;
- let mut k=0;
- while x.parity()==0 {
- k += 1;
- x.shr(1);
- }
- if k%2==1 {m+=(n8*n8-1)/8}
- m+=(n8-1)*((x.lastbits(2) as usize)-1)/4;
- t.copy(&n);
- t.rmod(&x);
- n.copy(&x);
- x.copy(&t);
- m%=2;
-
- }
- if m==0 {return 1}
- else {return -1}
- }
-
-/* self=1/self mod p. Binary method */
- pub fn invmodp(&mut self,p: &BIG) {
- self.rmod(p);
- let mut u=BIG::new_copy(self);
- let mut v=BIG::new_copy(p);
- let mut x1=BIG::new_int(1);
- let mut x2=BIG::new();
- let mut t=BIG::new();
- let one=BIG::new_int(1);
-
- while (BIG::comp(&u,&one) != 0 ) && (BIG::comp(&v,&one) != 0 ) {
- while u.parity()==0 {
- u.shr(1);
- if x1.parity() != 0 {
- x1.add(p);
- x1.norm();
- }
- x1.shr(1);
- }
- while v.parity()==0 {
- v.shr(1);
- if x2.parity() != 0 {
- x2.add(p);
- x2.norm();
- }
- x2.shr(1);
- }
- if BIG::comp(&u,&v)>=0 {
- u.sub(&v);
- u.norm();
- if BIG::comp(&x1,&x2)>=0 {x1.sub(&x2)}
- else
- {
- t.copy(p);
- t.sub(&x2);
- x1.add(&t);
- }
- x1.norm();
- }
- else
- {
- v.sub(&u);
- v.norm();
- if BIG::comp(&x2,&x1)>=0 {x2.sub(&x1)}
- else
- {
- t.copy(p);
- t.sub(&x1);
- x2.add(&t);
- }
- x2.norm();
- }
- }
- if BIG::comp(&u,&one)==0 {self.copy(&x1)}
- else {self.copy(&x2)}
- }
-
- /* return a*b as DBIG */
-#[cfg(target_pointer_width = "32")]
- pub fn mul(a: &BIG,b: &BIG) -> DBIG {
- let mut c=DBIG::new();
- let rm=rom::BMASK as DChunk;
- let rb=rom::BASEBITS;
- // a.norm();
- // b.norm();
-
- let mut d: [DChunk; rom::DNLEN] = [0; rom::DNLEN];
- for i in 0 ..rom::NLEN {
- d[i]=(a.w[i] as DChunk)*(b.w[i] as DChunk);
- }
- let mut s=d[0];
- let mut t=s; c.w[0]=(t&rm) as Chunk;
- let mut co=t>>rb;
- for k in 1 ..rom::NLEN {
- s+=d[k]; t=co+s;
- for i in 1+k/2..k+1
- {t+=((a.w[i]-a.w[k-i]) as DChunk)*((b.w[k-i]-b.w[i]) as DChunk)}
- c.w[k]=(t&rm) as Chunk; co=t>>rb;
- }
- for k in rom::NLEN ..2*rom::NLEN-1 {
- s-=d[k-rom::NLEN]; t=co+s;
- let mut i=1+k/2;
- while i<rom::NLEN {
- t+=((a.w[i]-a.w[k-i]) as DChunk)*((b.w[k-i]-b.w[i]) as DChunk);
- i+=1;
- }
-
- c.w[k]=(t&rm) as Chunk; co=t>>rb;
- }
- c.w[2*rom::NLEN-1]=co as Chunk;
- return c;
- }
-
-/* return a^2 as DBIG */
-#[cfg(target_pointer_width = "32")]
- pub fn sqr(a: &BIG) -> DBIG {
- let mut c=DBIG::new();
- let rm=rom::BMASK as DChunk;
- let rb=rom::BASEBITS;
- // a.norm();
-
- let mut t=(a.w[0] as DChunk)*(a.w[0] as DChunk);
- c.w[0]=(t&rm) as Chunk; let mut co=t>>rb;
- t=(a.w[1] as DChunk)*(a.w[0] as DChunk); t+=t; t+=co;
- c.w[1]=(t&rm) as Chunk; co=t>>rb;
-
- let last=rom::NLEN-(rom::NLEN%2);
- let mut j=2;
- while j<last {
- t=(a.w[j] as DChunk)*(a.w[0] as DChunk); for i in 1 ..(j+1)/2 {t+=(a.w[j-i] as DChunk)*(a.w[i] as DChunk)} ; t+=t; t+=co; t+=(a.w[j/2] as DChunk)*(a.w[j/2] as DChunk);
- c.w[j]=(t&rm) as Chunk; co=t>>rb;
- t=(a.w[j+1] as DChunk)*(a.w[0] as DChunk); for i in 1 ..(j+2)/2 {t+=(a.w[j+1-i] as DChunk)*(a.w[i] as DChunk)} ; t+=t; t+=co;
- c.w[j+1]=(t&rm) as Chunk; co=t>>rb;
- j+=2;
- }
- j=last;
- if rom::NLEN%2==1 {
- t=(a.w[j] as DChunk)*(a.w[0] as DChunk); for i in 1 ..(j+1)/2 {t+=(a.w[j-i] as DChunk)*(a.w[i] as DChunk)} ; t+=t; t+=co; t+=(a.w[j/2] as DChunk)*(a.w[j/2] as DChunk);
- c.w[j]=(t&rm) as Chunk; co=t>>rb; j += 1;
- t=(a.w[rom::NLEN-1] as DChunk)*(a.w[j-rom::NLEN+1] as DChunk); for i in j-rom::NLEN+2 ..(j+1)/2 {t+=(a.w[j-i] as DChunk)*(a.w[i] as DChunk)}; t+=t; t+=co;
- c.w[j]=(t&rm) as Chunk; co=t>>rb; j += 1;
- }
- while j<rom::DNLEN-2 {
- t=(a.w[rom::NLEN-1] as DChunk)*(a.w[j-rom::NLEN+1] as DChunk); for i in j-rom::NLEN+2 ..(j+1)/2 {t+=(a.w[j-i] as DChunk)*(a.w[i] as DChunk)} ; t+=t; t+=co; t+=(a.w[j/2] as DChunk)*(a.w[j/2] as DChunk);
- c.w[j]=(t&rm) as Chunk; co=t>>rb;
- t=(a.w[rom::NLEN-1] as DChunk)*(a.w[j-rom::NLEN+2] as DChunk); for i in j-rom::NLEN+3 ..(j+2)/2 {t+=(a.w[j+1-i] as DChunk)*(a.w[i] as DChunk)} ; t+=t; t+=co;
- c.w[j+1]=(t&rm) as Chunk; co=t>>rb;
- j+=2;
- }
- t=(a.w[rom::NLEN-1] as DChunk)*(a.w[rom::NLEN-1] as DChunk)+co;
- c.w[rom::DNLEN-2]=(t&rm) as Chunk; co=t>>rb;
- c.w[rom::DNLEN-1]=co as Chunk;
-
- return c;
- }
-
-
-#[cfg(target_pointer_width = "32")]
- fn monty(d: &mut DBIG) -> BIG {
- let mut b=BIG::new();
- let md=BIG::new_ints(&rom::MODULUS);
- let rm=rom::BMASK as DChunk;
- let rb=rom::BASEBITS;
-
- let mut dd: [DChunk; rom::NLEN] = [0; rom::NLEN];
- let mut v: [Chunk; rom::NLEN] = [0; rom::NLEN];
-
- b.zero();
-
- let mut t=d.w[0] as DChunk; v[0]=(((t&rm) as Chunk).wrapping_mul(rom::MCONST))&rom::BMASK; t+=(v[0] as DChunk)*(md.w[0] as DChunk); let mut c=(d.w[1] as DChunk)+(t>>rb); let mut s:DChunk=0;
- for k in 1 ..rom::NLEN {
- t=c+s+(v[0] as DChunk)*(md.w[k] as DChunk);
- let mut i=1+k/2;
- while i<k {
- t+=((v[k-i]-v[i]) as DChunk)*((md.w[i]-md.w[k-i]) as DChunk);
- i+=1;
- }
- v[k]=(((t&rm) as Chunk).wrapping_mul(rom::MCONST))&rom::BMASK; t+=(v[k] as DChunk)*(md.w[0] as DChunk); c=(d.w[k+1] as DChunk)+(t>>rb);
- dd[k]=(v[k] as DChunk)*(md.w[k] as DChunk); s+=dd[k];
- }
-
- for k in rom::NLEN ..2*rom::NLEN-1
- {
- t=c+s;
- let mut i=1+k/2;
- while i<rom::NLEN {
- t+=((v[k-i]-v[i]) as DChunk)*((md.w[i]-md.w[k-i]) as DChunk);
- i+=1;
- }
- b.w[k-rom::NLEN]=(t&rm) as Chunk; c=(d.w[k+1] as DChunk)+(t>>rb); s-=dd[k-rom::NLEN+1];
- }
- b.w[rom::NLEN-1]=(c&rm) as Chunk;
- b.norm();
- return b;
- }
-
-
-
-/* return a*b as DBIG */
-#[cfg(target_pointer_width = "64")]
- pub fn mul(a: &BIG,b: &BIG) -> DBIG {
- let mut c=DBIG::new();
- let mut carry;
-
- for i in 0 ..rom::NLEN {
- carry=0;
- for j in 0 ..rom::NLEN {
- let tuple=BIG::muladd(a.w[i],b.w[j],carry,c.w[i+j]);
- carry=tuple.0; c.w[i+j]=tuple.1;
- }
- c.w[rom::NLEN+i]=carry;
- }
- return c;
- }
-
-/* return a^2 as DBIG */
-#[cfg(target_pointer_width = "64")]
- pub fn sqr(a: &BIG) -> DBIG {
- let mut c=DBIG::new();
- let mut carry;
-
- for i in 0 ..rom::NLEN {
- carry=0;
- for j in i+1 ..rom::NLEN {
- let tuple=BIG::muladd(2*a.w[i],a.w[j],carry,c.w[i+j]);
- carry=tuple.0; c.w[i+j]=tuple.1;
- //carry,c.w[i+j]=muladd(2*a.w[i],a.w[j],carry,c.w[i+j])
- //carry=c.muladd(2*a.w[i],a.w[j],carry,i+j)
- }
- c.w[rom::NLEN+i]=carry;
- }
-
- for i in 0 ..rom::NLEN {
- let tuple=BIG::muladd(a.w[i],a.w[i],0,c.w[2*i]);
- c.w[2*i]=tuple.1;
- c.w[2*i+1]+=tuple.0;
- //c.w[2*i+1]+=c.muladd(a.w[i],a.w[i],0,2*i)
- }
- c.norm();
- return c;
- }
-
-#[cfg(target_pointer_width = "64")]
- fn monty(d: &mut DBIG) -> BIG {
- let mut b=BIG::new();
- let md=BIG::new_ints(&rom::MODULUS);
- let mut carry;
- let mut m;
- for i in 0 ..rom::NLEN {
- if rom::MCONST==-1 {
- m=(-d.w[i])&rom::BMASK;
- } else {
- if rom::MCONST==1 {
- m=d.w[i];
- } else {
- m=(rom::MCONST.wrapping_mul(d.w[i]))&rom::BMASK;
- }
- }
-
- carry=0;
- for j in 0 ..rom::NLEN {
- let tuple=BIG::muladd(m,md.w[j],carry,d.w[i+j]);
- carry=tuple.0; d.w[i+j]=tuple.1;
- }
- d.w[rom::NLEN+i]+=carry;
- }
-
- for i in 0 ..rom::NLEN {
- b.w[i]=d.w[rom::NLEN+i];
- }
- b.norm();
- return b;
- }
-
-
-/* reduce a DBIG to a BIG using the appropriate form of the modulus */
-/* dd */
- pub fn modulo(d: &mut DBIG) -> BIG {
-
- if rom::MODTYPE==rom::PSEUDO_MERSENNE {
- let mut b=BIG::new();
- let mut t=d.split(rom::MODBITS);
- b.dcopy(&d);
- let v=t.pmul(rom::MCONST as isize);
- let tw=t.w[rom::NLEN-1];
- t.w[rom::NLEN-1] &= rom::TMASK;
- t.w[0]+=rom::MCONST*((tw>>rom::TBITS)+(v<<(rom::BASEBITS-rom::TBITS)));
-
- b.add(&t);
- b.norm();
- return b;
- }
-
- if rom::MODTYPE==rom::MONTGOMERY_FRIENDLY
- {
- let mut b=BIG::new();
- for i in 0 ..rom::NLEN {
- let x=d.w[i];
-
- let tuple=BIG::muladd(x,rom::MCONST-1,x,d.w[rom::NLEN+i-1]);
- d.w[rom::NLEN+i]+=tuple.0; d.w[rom::NLEN+i-1]=tuple.1;
- }
-
- b.zero();
-
- for i in 0 ..rom::NLEN {
- b.w[i]=d.w[rom::NLEN+i];
- }
- b.norm();
- return b;
- }
-
- if rom::MODTYPE==rom::GENERALISED_MERSENNE
- { // GoldiLocks Only
- let mut b=BIG::new();
- let t=d.split(rom::MODBITS);
- let rm2=(rom::MODBITS/2) as usize;
- b.dcopy(&d);
- b.add(&t);
- let mut dd=DBIG::new_scopy(&t);
- dd.shl(rm2);
-
- let mut tt=dd.split(rom::MODBITS);
- let lo=BIG::new_dcopy(&dd);
- b.add(&tt);
- b.add(&lo);
- b.norm();
- tt.shl(rm2);
- b.add(&tt);
-
- let carry=b.w[rom::NLEN-1]>>rom::TBITS;
- b.w[rom::NLEN-1]&=rom::TMASK;
- b.w[0]+=carry;
-
- b.w[(224/rom::BASEBITS) as usize]+=carry<<(224%rom::BASEBITS);
- b.norm();
- return b;
- }
-
- if rom::MODTYPE==rom::NOT_SPECIAL {
- return BIG::monty(d);
- }
- return BIG::new();
- }
-
- /* return a*b mod m */
- pub fn modmul(a: &mut BIG,b: &mut BIG,m: &BIG) -> BIG {
- a.rmod(m);
- b.rmod(m);
- let mut d=BIG::mul(a,b);
- return d.dmod(m);
- }
-
- /* return a^2 mod m */
- pub fn modsqr(a: &mut BIG,m: &BIG) -> BIG {
- a.rmod(m);
- let mut d=BIG::sqr(a);
- return d.dmod(m);
- }
-
- /* return -a mod m */
- pub fn modneg(a: &mut BIG,m: &BIG) -> BIG {
- a.rmod(m);
- return m.minus(a);
- }
-
- /* return this^e mod m */
- pub fn powmod(&mut self,e: &mut BIG,m: &BIG) -> BIG {
- self.norm();
- e.norm();
- let mut a=BIG::new_int(1);
- let mut z=BIG::new_copy(e);
- let mut s=BIG::new_copy(self);
- loop {
- let bt=z.parity();
- z.fshr(1);
- if bt==1 {a=BIG::modmul(&mut a,&mut s,m)}
- if z.iszilch() {break}
- s=BIG::modsqr(&mut s,m);
- }
- return a;
- }
-
-}
-
-/*
-fn main() {
- let fd: [i32; rom::NLEN as usize] = [1, 2, 3, 4, 5, 6, 7, 8, 9];
- let mut x= BIG::new();
- x.inc(3);
- println!("{}", x.w[0]);
- let mut y= BIG::new_int(7);
- println!("{}", y.w[0]);
- y=BIG::new_copy(&x);
- println!("{}", y.w[0]);
- x.add(&y);
- x.add(&y);
- println!("{}", x.w[0]);
- let mut z= BIG::new_ints(&fd);
- println!("{}", z.w[0]);
- z.shr(3);
- z.norm();
- println!("{:X}", z.w[0]);
-
- println!("{}",z.tostring());
-
- let mut a = BIG::new_int(3);
- let mut m = BIG::new_ints(&MODULUS);
-
- println!("rom::MODULUS= {}",m.tostring());
-
- let mut e = BIG::new_copy(&m);
- e.dec(1); e.norm();
- println!("Exponent= {}",e.tostring());
-// for i in 0..20
-// {
- a=a.powmod(&mut e,&mut m);
-// a.inc(2);
-// }
- println!("Result= {}",a.tostring());
-
-}
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/src/dbig.rs
----------------------------------------------------------------------
diff --git a/version22/rust/src/dbig.rs b/version22/rust/src/dbig.rs
deleted file mode 100644
index 167cfaf..0000000
--- a/version22/rust/src/dbig.rs
+++ /dev/null
@@ -1,249 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-use rom;
-
-use rom::Chunk;
-
-//#[derive(Copy, Clone)]
-pub struct DBIG {
- pub w: [Chunk; rom::DNLEN]
-}
-
-//mod big;
-use big::BIG;
-
-impl DBIG {
- pub fn new() -> DBIG {
- DBIG {
- w: [0; rom::DNLEN as usize]
- }
- }
-
- pub fn new_copy(y:&DBIG) -> DBIG {
- let mut s= DBIG::new();
- for i in 0..rom::NLEN {s.w[i]=y.w[i]}
- return s;
- }
-
- pub fn new_scopy(x:&BIG) -> DBIG {
- let mut b= DBIG::new();
- for i in 0 ..rom::NLEN {
- b.w[i]=x.w[i];
- }
- b.w[rom::NLEN-1]=x.get(rom::NLEN-1)&rom::BMASK; /* top word normalized */
- b.w[rom::NLEN]=x.get(rom::NLEN-1)>>rom::BASEBITS;
-
- for i in rom::NLEN+1 ..rom::DNLEN {b.w[i]=0}
- return b;
- }
-
-/* split DBIG at position n, return higher half, keep lower half */
- pub fn split(&mut self,n: usize) -> BIG
- {
- let mut t=BIG::new();
- let m=n%rom::BASEBITS;
- let mut carry=self.w[rom::DNLEN-1]<<(rom::BASEBITS-m);
-
- for i in (rom::NLEN-1..rom::DNLEN-1).rev() {
- let nw=(self.w[i]>>m)|carry;
- carry= (self.w[i]<<(rom::BASEBITS-m))&rom::BMASK;
- t.set(i-rom::NLEN+1,nw);
- }
- self.w[rom::NLEN-1]&=((1 as Chunk)<<m)-1;
- return t;
- }
-
-/* general shift left */
- pub fn shl(&mut self,k: usize)
- {
- let n=k%rom::BASEBITS;
- let m=k/rom::BASEBITS;
- self.w[rom::DNLEN-1]=((self.w[rom::DNLEN-1-m]<<n))|(self.w[rom::DNLEN-m-2]>>(rom::BASEBITS-n));
- for i in (m+1..rom::DNLEN-1).rev() {
- self.w[i]=((self.w[i-m]<<n)&rom::BMASK)|(self.w[i-m-1]>>(rom::BASEBITS-n));
- }
-
- self.w[m]=(self.w[0]<<n)&rom::BMASK;
- for i in 0 ..m {self.w[i]=0}
- }
-
-/* general shift right */
- pub fn shr(&mut self,k: usize) {
- let n=k%rom::BASEBITS;
- let m=k/rom::BASEBITS;
- for i in 0 ..rom::DNLEN-m-1 {
- self.w[i]=(self.w[m+i]>>n)|((self.w[m+i+1]<<(rom::BASEBITS-n))&rom::BMASK);
- }
- self.w[rom::DNLEN-m-1]=self.w[rom::DNLEN-1]>>n;
- for i in rom::DNLEN - m ..rom::DNLEN {self.w[i]=0}
- }
-
-/* Copy from another DBIG */
- pub fn copy(&mut self,x: &DBIG) {
- for i in 0 ..rom::DNLEN {
- self.w[i]=x.w[i]
- }
- }
-
- pub fn cmove(&mut self,g:&DBIG,d: isize) {
- let b=-d as Chunk;
- for i in 0 ..rom::DNLEN {
- self.w[i]^=(self.w[i]^g.w[i])&b;
- }
- }
-
-/* self-=x */
- pub fn sub(&mut self,x:&DBIG) {
- for i in 0 ..rom::DNLEN {
- self.w[i]-=x.w[i];
- }
- }
-
-/* Compare a and b, return 0 if a==b, -1 if a<b, +1 if a>b. Inputs must be normalised */
- pub fn comp(a: &DBIG,b: &DBIG) -> isize {
- for i in (0 ..rom::DNLEN).rev() {
- if a.w[i]==b.w[i] {continue}
- if a.w[i]>b.w[i] {return 1}
- else {return -1}
- }
- return 0;
- }
-
-/* normalise BIG - force all digits < 2^rom::BASEBITS */
- pub fn norm(&mut self) {
- let mut carry=0 as Chunk;
- for i in 0 ..rom::DNLEN-1 {
- let d=self.w[i]+carry;
- self.w[i]=d&rom::BMASK;
- carry=d>>rom::BASEBITS;
- }
- self.w[rom::DNLEN-1]+=carry
- }
-
-/* reduces self DBIG mod a BIG, and returns the BIG */
- pub fn dmod(&mut self,c: &BIG) -> BIG {
- let mut k=0;
- self.norm();
- let mut m=DBIG::new_scopy(c);
- let mut dr=DBIG::new();
-
- if DBIG::comp(self,&m)<0 {
- let r=BIG::new_dcopy(self);
- return r;
- }
-
- loop {
- m.shl(1);
- k += 1;
- if DBIG::comp(self,&m)<0 {break;}
- }
-
- while k>0 {
- m.shr(1);
-
- dr.copy(self);
- dr.sub(&m);
- dr.norm();
- self.cmove(&dr,(1-((dr.w[rom::DNLEN-1]>>(rom::CHUNK-1))&1)) as isize);
-/*
- if DBIG::comp(self,&m)>=0 {
- self.sub(&m);
- self.norm();
- } */
- k -= 1;
- }
- let r=BIG::new_dcopy(self);
- return r;
- }
-
-/* return this/c */
- pub fn div(&mut self,c: &BIG) -> BIG {
- let mut k=0;
- let mut m=DBIG::new_scopy(c);
- let mut a=BIG::new();
- let mut e=BIG::new_int(1);
- let mut dr=DBIG::new();
- let mut r=BIG::new();
- self.norm();
-
- while DBIG::comp(self,&m)>=0 {
- e.fshl(1);
- m.shl(1);
- k+=1;
- }
-
- while k>0 {
- m.shr(1);
- e.shr(1);
-
- dr.copy(self);
- dr.sub(&m);
- dr.norm();
- let d=(1-((dr.w[rom::DNLEN-1]>>(rom::CHUNK-1))&1)) as isize;
- self.cmove(&dr,d);
- r.copy(&a);
- r.add(&e);
- r.norm();
- a.cmove(&r,d);
-/*
- if DBIG::comp(self,&m)>0 {
- a.add(&e);
- a.norm();
- self.sub(&m);
- self.norm();
- } */
- k-=1;
- }
- return a;
- }
-
-/* return number of bits */
- pub fn nbits(&mut self) -> usize {
- let mut k=rom::DNLEN-1;
- self.norm();
- while (k as isize)>=0 && self.w[k]==0 {k=k-1}
- if (k as isize) <0 {return 0}
- let mut bts=(rom::BASEBITS as usize)*k;
- let mut c=self.w[k];
- while c!=0 {c/=2; bts+=1;}
- return bts;
- }
-
-/* Convert to Hex String */
- pub fn to_string(&mut self) -> String {
- let mut s = String::new();
- let mut len=self.nbits();
-
- if len%4==0 {
- len/=4;
- } else {
- len/=4;
- len+=1;
- }
-
- for i in (0 ..len).rev() {
- let mut b=DBIG::new_copy(&self);
- b.shr(i*4);
- s=s + &format!("{:X}", b.w[0]&15);
- }
- return s;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/src/ecdh.rs
----------------------------------------------------------------------
diff --git a/version22/rust/src/ecdh.rs b/version22/rust/src/ecdh.rs
deleted file mode 100644
index 1511140..0000000
--- a/version22/rust/src/ecdh.rs
+++ /dev/null
@@ -1,585 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-use ecp::ECP;
-use big::BIG;
-use rand::RAND;
-use hash256::HASH256;
-use hash384::HASH384;
-use hash512::HASH512;
-use aes;
-use aes::AES;
-use rom;
-
-
-pub const INVALID_PUBLIC_KEY:isize=-2;
-pub const ERROR: isize=-3;
-pub const INVALID: isize=-4;
-pub const EFS: usize=rom::MODBYTES as usize;
-pub const EGS: usize=rom::MODBYTES as usize;
-pub const EAS: usize=16;
-pub const EBS: usize=16;
-pub const SHA256: usize=32;
-pub const SHA384: usize=48;
-pub const SHA512: usize=64;
-
-pub const HASH_TYPE: usize=SHA512;
-
-#[allow(non_snake_case)]
-
-fn inttobytes(n: usize,b:&mut [u8]) {
- let mut i=b.len();
- let mut m=n;
- while m>0 && i>0 {
- i-=1;
- b[i]=(m&0xff) as u8;
- m/=256;
- }
-}
-
-fn hashit(sha: usize, a: &[u8],n: usize,b: Option<&[u8]>,pad: usize,w: &mut [u8]) {
- let mut r:[u8;64]=[0;64];
- if sha==SHA256 {
- let mut h=HASH256::new();
- h.process_array(a);
- if n>0 {h.process_num(n as i32)}
- if let Some(x) = b {
- h.process_array(x);
- }
- let hs=h.hash();
- for i in 0..sha {r[i]=hs[i];}
- }
- if sha==SHA384 {
- let mut h=HASH384::new();
- h.process_array(a);
- if n>0 {h.process_num(n as i32)}
- if let Some(x) = b {
- h.process_array(x);
- }
- let hs=h.hash();
- for i in 0..sha {r[i]=hs[i];}
- }
- if sha==SHA512 {
- let mut h=HASH512::new();
- h.process_array(a);
- if n>0 {h.process_num(n as i32)}
- if let Some(x) = b {
- h.process_array(x);
- }
- let hs=h.hash();
- for i in 0..sha {r[i]=hs[i];}
- }
-
- if pad==0 {
- for i in 0..sha {w[i]=r[i]}
- } else {
-
- if pad<=sha {
- for i in 0..pad {w[i]=r[i]}
- } else {
- for i in 0..sha {w[i]=r[i]}
- for i in sha..pad {w[i]=0}
- }
- }
-}
-
-/* Key Derivation Functions */
-/* Input octet Z */
-/* Output key of length olen */
-pub fn kdf1(sha: usize,z: &[u8],olen: usize,k: &mut [u8]) {
-/* NOTE: the parameter olen is the length of the output K in bytes */
- let hlen=sha;
- let mut lk=0;
-
- let mut cthreshold=olen/hlen; if olen%hlen!=0 {cthreshold+=1}
-
- for counter in 0..cthreshold {
- let mut b:[u8;64]=[0;64];
- hashit(sha,z,counter,None,0,&mut b);
- if lk+hlen>olen {
- for i in 0..(olen%hlen) {k[lk]=b[i]; lk+=1}
- } else {
- for i in 0..hlen {k[lk]=b[i]; lk+=1}
- }
- }
-}
-
-pub fn kdf2(sha: usize,z: &[u8],p: Option<&[u8]>,olen: usize,k: &mut [u8]) {
-/* NOTE: the parameter olen is the length of the output K in bytes */
- let hlen=sha;
- let mut lk=0;
-
- let mut cthreshold=olen/hlen; if olen%hlen!=0 {cthreshold+=1}
-
- for counter in 1..cthreshold+1 {
- let mut b:[u8;64]=[0;64];
- hashit(sha,z,counter,p,0,&mut b);
- if lk+hlen>olen {
- for i in 0..(olen%hlen) {k[lk]=b[i]; lk+=1}
- } else {
- for i in 0..hlen {k[lk]=b[i]; lk+=1}
- }
- }
-}
-
-/* Password based Key Derivation Function */
-/* Input password p, salt s, and repeat count */
-/* Output key of length olen */
-pub fn pbkdf2(sha: usize,pass: &[u8],salt: &[u8],rep: usize,olen: usize,k: &mut [u8]) {
- let mut d=olen/sha; if olen%sha!=0 {d+=1}
- let mut f:[u8;64]=[0;64];
- let mut u:[u8;64]=[0;64];
- let mut ku:[u8;64]=[0;64];
- let mut s:[u8;36]=[0;36]; // Maximum salt of 32 bytes + 4
- let mut n:[u8;4]=[0;4];
-
- let sl=salt.len();
- let mut kp=0;
- for i in 0..d {
- for j in 0..sl {s[j]=salt[j]}
- inttobytes(i+1,&mut n);
- for j in 0..4 {s[sl+j]=n[j]}
-
- hmac(sha,&s[0..sl+4],pass,sha,&mut f);
-
- for j in 0..sha {u[j]=f[j]}
- for _ in 1..rep {
- hmac(sha,&mut u,pass,sha,&mut ku);
- for k in 0..sha {u[k]=ku[k]; f[k]^=u[k]}
- }
- for j in 0..EFS {if kp<olen {k[kp]=f[j]} kp+=1}
- }
-}
-
-/* Calculate HMAC of m using key k. HMAC is tag of length olen (which is length of tag) */
-pub fn hmac(sha: usize,m: &[u8],k: &[u8],olen: usize,tag: &mut [u8]) -> bool {
- /* Input is from an octet m *
- * olen is requested output length in bytes. k is the key *
- * The output is the calculated tag */
- let mut b:[u8;64]=[0;64]; /* Not good */
- let mut k0:[u8;128]=[0;128];
-// let olen=tag.len(); /* length of HMAC */
-
- if olen<4 /*|| olen>sha */ {return false}
-
- let mut lb=64;
- if sha>32 {lb=128}
-
- for i in 0..lb {k0[i]=0}
-
- if k.len() > lb {
- hashit(sha,k,0,None,0,&mut b);
- for i in 0..sha {k0[i]=b[i]}
- } else {
- for i in 0..k.len() {k0[i]=k[i]}
- }
-
- for i in 0..lb {k0[i]^=0x36}
- hashit(sha,&mut k0[0..lb],0,Some(m),0,&mut b);
-
- for i in 0..lb {k0[i]^=0x6a}
- hashit(sha,&mut k0[0..lb],0,Some(&b[0..sha]),olen,tag);
-
- return true;
-}
-
-/* AES encryption/decryption. Encrypt byte array m using key k and returns ciphertext c */
-pub fn cbc_iv0_encrypt(k: &[u8],m: &[u8]) -> Vec<u8> { /* AES CBC encryption, with Null IV and key K */
- /* Input is from an octet string m, output is to an octet string c */
- /* Input is padded as necessary to make up a full final block */
- let mut a=AES::new();
- let mut fin=false;
- let mut c:Vec<u8>=Vec::new();
-
- let mut buff:[u8;16]=[0;16];
-
- a.init(aes::CBC,k.len(),k,None);
-
- let mut ipt=0;
-// let mut opt=0;
- let mut i;
- loop {
- i=0;
- while i<16 {
- if ipt<m.len() {
- buff[i]=m[ipt]; i+=1; ipt+=1;
- } else {fin=true; break;}
- }
- if fin {break}
- a.encrypt(&mut buff);
- for j in 0..16 {
- c.push(buff[j]);
- //c[opt]=buff[j]; opt+=1;
- }
- }
-
-/* last block, filled up to i-th index */
-
- let padlen=16-i;
- for j in i..16 {buff[j]=padlen as u8}
-
- a.encrypt(&mut buff);
-
- for j in 0..16 {
- c.push(buff[j]);
- //c[opt]=buff[j]; opt+=1;
- }
- a.end();
- return c;
-}
-
-/* returns plaintext if all consistent, else returns null string */
-pub fn cbc_iv0_decrypt(k: &[u8],c: &[u8]) -> Option<Vec<u8>> { /* padding is removed */
- let mut a=AES::new();
- let mut fin=false;
- let mut m:Vec<u8>=Vec::new();
-
- let mut buff:[u8;16]=[0;16];
-
- a.init(aes::CBC,k.len(),k,None);
-
- let mut ipt=0;
- //let mut opt=0;
- let mut i;
-
- if c.len()==0 {return None}
- let mut ch=c[ipt]; ipt+=1;
-
- loop {
- i=0;
- while i<16 {
- buff[i]=ch;
- if ipt>=c.len() {
- fin=true; break;
- } else {ch=c[ipt]; ipt+=1 }
- i+=1;
- }
- a.decrypt(&mut buff);
- if fin {break}
- for j in 0..16 {
- m.push(buff[j]);
- //m[opt]=buff[j]; opt+=1;
- }
- }
-
- a.end();
- let mut bad=false;
- let padlen=buff[15] as usize;
- if i!=15 || padlen<1 || padlen>16 {bad=true}
- if padlen>=2 && padlen<=16 {
- for j in 16-padlen..16 {
- if buff[j]!=padlen as u8 {bad=true}
- }
- }
-
- if !bad {
- for _ in 0..16-padlen {
- m.push(buff[i]);
- //m[opt]=buff[j]; opt+=1;
- }
- }
-
- if bad {return None}
- return Some(m);
-}
-
-/* Calculate a public/private EC GF(p) key pair w,s where W=s.G mod EC(p),
- * where s is the secret key and W is the public key
- * and G is fixed generator.
- * If RNG is NULL then the private key is provided externally in s
- * otherwise it is generated randomly internally */
- #[allow(non_snake_case)]
-pub fn key_pair_generate(rng: Option<&mut RAND>,s: &mut [u8],w: &mut [u8]) -> isize {
- let res=0;
- let mut sc:BIG;
- let mut G:ECP;
-
- let gx=BIG::new_ints(&rom::CURVE_GX);
-
- if rom::CURVETYPE!=rom::MONTGOMERY {
- let gy=BIG::new_ints(&rom::CURVE_GY);
- G=ECP::new_bigs(&gx,&gy);
- } else {
- G=ECP::new_big(&gx);
- }
-
- let r=BIG::new_ints(&rom::CURVE_ORDER);
-
- if let Some(mut x)=rng {
- sc=BIG::randomnum(&r,&mut x);
- } else {
- sc=BIG::frombytes(&s);
- sc.rmod(&r);
- }
-
- if rom::AES_S>0 {
- sc.mod2m(2*rom::AES_S)
- }
- sc.tobytes(s);
-
- let mut WP=G.mul(&mut sc);
-
- WP.tobytes(w);
-
- return res;
-}
-
-/* validate public key. Set full=true for fuller check */
-#[allow(non_snake_case)]
-pub fn public_key_validate(full: bool,w: &[u8]) -> isize {
- let mut WP=ECP::frombytes(w);
- let mut res=0;
-
- let mut r=BIG::new_ints(&rom::CURVE_ORDER);
-
- if WP.is_infinity() {res=INVALID_PUBLIC_KEY}
- if res==0 && full {
- WP=WP.mul(&mut r);
- if !WP.is_infinity() {res=INVALID_PUBLIC_KEY}
- }
- return res;
-}
-
-/* IEEE-1363 Diffie-Hellman online calculation Z=S.WD */
-#[allow(non_snake_case)]
-pub fn ecpsvdp_dh(s: &[u8],wd: &[u8],z: &mut [u8]) -> isize {
- let mut res=0;
- let mut t:[u8;EFS]=[0;EFS];
-
- let mut sc=BIG::frombytes(&s);
-
- let mut W=ECP::frombytes(&wd);
- if W.is_infinity() {res=ERROR}
-
- if res==0 {
- let r=BIG::new_ints(&rom::CURVE_ORDER);
- sc.rmod(&r);
- W=W.mul(&mut sc);
- if W.is_infinity() {
- res=ERROR;
- } else {
- W.getx().tobytes(&mut t);
- for i in 0..EFS {z[i]=t[i]}
- }
- }
- return res;
-}
-
-/* IEEE ECDSA Signature, C and D are signature on F using private key S */
-#[allow(non_snake_case)]
-pub fn ecpsp_dsa(sha: usize,rng: &mut RAND,s: &[u8],f: &[u8],c: &mut [u8],d: &mut [u8]) -> isize {
- let mut t:[u8;EFS]=[0;EFS];
- let mut b:[u8;rom::MODBYTES as usize]=[0;rom::MODBYTES as usize];
-
- hashit(sha,f,0,None,rom::MODBYTES as usize,&mut b);
-
- let gx=BIG::new_ints(&rom::CURVE_GX);
- let gy=BIG::new_ints(&rom::CURVE_GY);
-
- let G=ECP::new_bigs(&gx,&gy);
- let r=BIG::new_ints(&rom::CURVE_ORDER);
-
- let mut sc=BIG::frombytes(s); /* s or &s? */
- let fb=BIG::frombytes(&b);
-
- let mut cb=BIG::new();
- let mut db=BIG::new();
- let mut tb=BIG::new();
- let mut V=ECP::new();
-
- while db.iszilch() {
- let mut u=BIG::randomnum(&r,rng);
- let mut w=BIG::randomnum(&r,rng);
- if rom::AES_S>0 {
- u.mod2m(2*rom::AES_S);
- }
- V.copy(&G);
- V=V.mul(&mut u);
- let vx=V.getx();
- cb.copy(&vx);
- cb.rmod(&r);
- if cb.iszilch() {continue}
-
- tb.copy(&BIG::modmul(&mut u,&mut w,&r));
- u.copy(&tb);
-
- u.invmodp(&r);
- db.copy(&BIG::modmul(&mut sc,&mut cb,&r));
- db.add(&fb);
-
- tb.copy(&BIG::modmul(&mut db,&mut w,&r));
- db.copy(&tb);
-
- tb.copy(&BIG::modmul(&mut u,&mut db,&r));
- db.copy(&tb);
- }
-
- cb.tobytes(&mut t);
- for i in 0..EFS {c[i]=t[i]}
- db.tobytes(&mut t);
- for i in 0..EFS {d[i]=t[i]}
- return 0;
-}
-
-/* IEEE1363 ECDSA Signature Verification. Signature C and D on F is verified using public key W */
-#[allow(non_snake_case)]
-pub fn ecpvp_dsa(sha: usize,w: &[u8],f: &[u8],c: &[u8],d: &[u8]) -> isize {
- let mut res=0;
-
- let mut b:[u8;rom::MODBYTES as usize]=[0;rom::MODBYTES as usize];
-
- hashit(sha,f,0,None,rom::MODBYTES as usize,&mut b);
-
- let gx=BIG::new_ints(&rom::CURVE_GX);
- let gy=BIG::new_ints(&rom::CURVE_GY);
-
- let mut G=ECP::new_bigs(&gx,&gy);
- let r=BIG::new_ints(&rom::CURVE_ORDER);
-
- let mut cb=BIG::frombytes(c); /* c or &c ? */
- let mut db=BIG::frombytes(d); /* d or &d ? */
- let mut fb=BIG::frombytes(&b);
- let mut tb=BIG::new();
-
- if cb.iszilch() || BIG::comp(&cb,&r)>=0 || db.iszilch() || BIG::comp(&db,&r)>=0 {
- res=INVALID;
- }
-
- if res==0 {
- db.invmodp(&r);
- tb.copy(&BIG::modmul(&mut fb,&mut db,&r));
- fb.copy(&tb);
- let h2=BIG::modmul(&mut cb,&mut db,&r);
-
- let mut WP=ECP::frombytes(&w);
- if WP.is_infinity() {
- res=ERROR;
- } else {
- let mut P=ECP::new();
- P.copy(&WP);
-
- P=P.mul2(&h2,&mut G,&fb);
-
- if P.is_infinity() {
- res=INVALID;
- } else {
- db=P.getx();
- db.rmod(&r);
-
- if BIG::comp(&db,&cb)!=0 {res=INVALID}
- }
- }
- }
-
- return res;
-}
-
-/* IEEE1363 ECIES encryption. Encryption of plaintext M uses public key W and produces ciphertext V,C,T */
-#[allow(non_snake_case)]
-pub fn ecies_encrypt(sha: usize,p1: &[u8],p2: &[u8],rng: &mut RAND,w: &[u8],m: &[u8],v: &mut [u8],t: &mut [u8]) -> Option<Vec<u8>> {
- let mut z:[u8;EFS]=[0;EFS];
- let mut k1:[u8;EAS]=[0;EAS];
- let mut k2:[u8;EAS]=[0;EAS];
- let mut u:[u8;EGS]=[0;EGS];
- let mut vz:[u8;3*EFS+1]=[0;3*EFS+1];
- let mut k:[u8;EFS]=[0;EFS];
-
- if key_pair_generate(Some(rng),&mut u,v)!=0 {return None}
- if ecpsvdp_dh(&u,&w,&mut z)!=0 {return None}
-
- for i in 0..2*EFS+1 {vz[i]=v[i]}
- for i in 0..EFS {vz[2*EFS+1+i]=z[i]}
-
-
- kdf2(sha,&vz,Some(p1),EFS,&mut k);
-
- for i in 0..EAS {k1[i]=k[i]; k2[i]=k[EAS+i]}
-
- let mut c=cbc_iv0_encrypt(&k1,m);
-
- let mut l2:[u8;8]=[0;8];
- let p2l=p2.len();
-
- inttobytes(p2l,&mut l2);
-
- for i in 0..p2l {
- c.push(p2[i]);
- }
- for i in 0..8 {
- c.push(l2[i]);
- }
-
- hmac(sha,&c,&k2,t.len(),t);
-
- for _ in 0..p2l+8 {c.pop();}
-
- return Some(c);
-}
-
-/* IEEE1363 ECIES decryption. Decryption of ciphertext V,C,T using private key U outputs plaintext M */
-#[allow(non_snake_case)]
-pub fn ecies_decrypt(sha: usize,p1: &[u8],p2: &[u8],v: &[u8],c: &mut Vec<u8>,t: &[u8],u: &[u8]) -> Option<Vec<u8>> {
- let mut z:[u8;EFS]=[0;EFS];
- let mut k1:[u8;EAS]=[0;EAS];
- let mut k2:[u8;EAS]=[0;EAS];
- let mut vz:[u8;3*EFS+1]=[0;3*EFS+1];
- let mut k:[u8;EFS]=[0;EFS];
-
- let mut tag:[u8;32]=[0;32]; /* 32 is max length of tag */
-
- for i in 0..t.len() {tag[i]=t[i]}
-
- if ecpsvdp_dh(&u,&v,&mut z)!=0 {return None}
-
- for i in 0..2*EFS+1 {vz[i]=v[i]}
- for i in 0..EFS {vz[2*EFS+1+i]=z[i]}
-
- kdf2(sha,&vz,Some(p1),EFS,&mut k);
-
- for i in 0..EAS {k1[i]=k[i]; k2[i]=k[EAS+i]}
-
- let m=cbc_iv0_decrypt(&k1,&c);
-
- if m==None {return None}
-
- let mut l2:[u8;8]=[0;8];
- let p2l=p2.len();
-
- inttobytes(p2l,&mut l2);
-
- for i in 0..p2l {
- c.push(p2[i]);
- }
- for i in 0..8 {
- c.push(l2[i]);
- }
-
- hmac(sha,&c,&k2,t.len(),&mut tag);
-
- for _ in 0..p2l+8 {c.pop();}
-
- let mut same=true;
- for i in 0..t.len() {
- if t[i]!=tag[i] {same=false}
- }
- if !same {return None}
-
- return m;
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/src/ecp.rs
----------------------------------------------------------------------
diff --git a/version22/rust/src/ecp.rs b/version22/rust/src/ecp.rs
deleted file mode 100644
index 69b6c57..0000000
--- a/version22/rust/src/ecp.rs
+++ /dev/null
@@ -1,955 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-use std::fmt;
-use std::str::SplitWhitespace;
-
-#[derive(Copy, Clone)]
-pub struct ECP {
- x:FP,
- y:FP,
- z:FP,
- inf: bool
-}
-
-
-//use rom;
-//mod fp;
-use fp::FP;
-//mod big;
-use big::BIG;
-//mod dbig;
-//use dbig::DBIG;
-//mod rand;
-//mod hash256;
-//mod rom;
-use rom;
-use rom::BIG_HEX_STRING_LEN;
-
-impl fmt::Display for ECP {
- fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
- write!(f, "ECP: [ {}, {}, {}, {} ]", self.inf, self.x, self.y, self.z)
- }
-}
-
-impl fmt::Debug for ECP {
- fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
- write!(f, "ECP: [ {}, {}, {}, {} ]", self.inf, self.x, self.y, self.z)
- }
-}
-
-impl PartialEq for ECP {
- fn eq(&self, other: &ECP) -> bool {
- return (self.inf == other.inf) &&
- (self.x == other.x) &&
- (self.y == other.y) &&
- (self.z == other.z);
- }
-}
-
-#[allow(non_snake_case)]
-impl ECP {
-
- pub fn new() -> ECP {
- ECP {
- x: FP::new(),
- y: FP::new(),
- z: FP::new(),
- inf: true
- }
- }
-
-/* set (x,y) from two BIGs */
- pub fn new_bigs(ix: &BIG,iy: &BIG) -> ECP {
- let mut E=ECP::new();
- E.x.bcopy(ix);
- E.y.bcopy(iy);
- E.z.one();
- let mut rhs=ECP::rhs(&mut E.x);
- if rom::CURVETYPE==rom::MONTGOMERY {
- if rhs.jacobi()==1 {
- E.inf=false;
- } else {E.inf()}
- } else {
- let mut y2=FP::new_copy(&E.y);
- y2.sqr();
- if y2.equals(&mut rhs) {
- E.inf=false
- } else {E.inf()}
- }
- return E;
- }
-
-/* set (x,y) from BIG and a bit */
- pub fn new_bigint(ix: &BIG,s: isize) -> ECP {
- let mut E=ECP::new();
- E.x.bcopy(ix);
- E.z.one();
-
- let mut rhs=ECP::rhs(&mut E.x);
-
- if rhs.jacobi()==1 {
- let mut ny=rhs.sqrt();
- if ny.redc().parity()!=s {ny.neg()}
- E.y.copy(&ny);
- E.inf=false;
- } else {E.inf()}
- return E;
- }
-
-#[allow(non_snake_case)]
-/* set from x - calculate y from curve equation */
- pub fn new_big(ix: &BIG) -> ECP {
- let mut E=ECP::new();
- E.x.bcopy(ix);
- E.z.one();
- let mut rhs=ECP::rhs(&mut E.x);
- if rhs.jacobi()==1 {
- if rom::CURVETYPE!=rom::MONTGOMERY {E.y.copy(&rhs.sqrt())}
- E.inf=false;
- } else {E.inf=true}
- return E;
- }
-
-/* set this=O */
- pub fn inf(&mut self) {
- self.inf=true;
- self.x.zero();
- self.y.one();
- self.z.one();
- }
-
-/* Calculate RHS of curve equation */
- fn rhs(x: &mut FP) -> FP {
- x.norm();
- let mut r=FP::new_copy(x);
- r.sqr();
-
- if rom::CURVETYPE==rom::WEIERSTRASS { // x^3+Ax+B
- let b=FP::new_big(&BIG::new_ints(&rom::CURVE_B));
- r.mul(x);
- if rom::CURVE_A==-3 {
- let mut cx=FP::new_copy(x);
- cx.imul(3);
- cx.neg(); cx.norm();
- r.add(&cx);
- }
- r.add(&b);
- }
- if rom::CURVETYPE==rom::EDWARDS { // (Ax^2-1)/(Bx^2-1)
- let mut b=FP::new_big(&BIG::new_ints(&rom::CURVE_B));
- let one=FP::new_int(1);
- b.mul(&mut r);
- b.sub(&one);
- if rom::CURVE_A==-1 {r.neg()}
- r.sub(&one);
- b.inverse();
- r.mul(&mut b);
- }
- if rom::CURVETYPE==rom::MONTGOMERY { // x^3+Ax^2+x
- let mut x3=FP::new();
- x3.copy(&r);
- x3.mul(x);
- r.imul(rom::CURVE_A);
- r.add(&x3);
- r.add(&x);
- }
- r.reduce();
- return r;
- }
-
-/* test for O point-at-infinity */
- pub fn is_infinity(&mut self) -> bool {
- if rom::CURVETYPE==rom::EDWARDS {
- self.x.reduce(); self.y.reduce(); self.z.reduce();
- return self.x.iszilch() && self.y.equals(&mut self.z);
- } else {return self.inf}
- }
-
-/* Conditional swap of P and Q dependant on d */
- pub fn cswap(&mut self,Q: &mut ECP,d: isize) {
- self.x.cswap(&mut Q.x,d);
- if rom::CURVETYPE!=rom::MONTGOMERY {self.y.cswap(&mut Q.y,d)}
- self.z.cswap(&mut Q.z,d);
- if rom::CURVETYPE!=rom::EDWARDS {
- let mut bd=true;
- if d==0 {bd=false}
- bd=bd&&(self.inf!=Q.inf);
- self.inf=bd!=self.inf;
- Q.inf=bd!=Q.inf;
- }
- }
-
-/* Conditional move of Q to P dependant on d */
- pub fn cmove(&mut self,Q: &ECP,d: isize) {
- self.x.cmove(&Q.x,d);
- if rom::CURVETYPE!=rom::MONTGOMERY {self.y.cmove(&Q.y,d)}
- self.z.cmove(&Q.z,d);
- if rom::CURVETYPE!=rom::EDWARDS {
- let mut bd=true;
- if d==0 {bd=false}
- self.inf=self.inf!=((self.inf!=Q.inf)&&bd);
- }
- }
-
-/* return 1 if b==c, no branching */
- fn teq(b: i32,c: i32) -> isize {
- let mut x=b^c;
- x-=1; // if x=0, x now -1
- return ((x>>31)&1) as isize;
- }
-
-/* this=P */
- pub fn copy(&mut self,P: & ECP) {
- self.x.copy(&P.x);
- if rom::CURVETYPE!=rom::MONTGOMERY {self.y.copy(&P.y)}
- self.z.copy(&P.z);
- self.inf=P.inf;
-}
-
-/* this=-this */
- pub fn neg(&mut self) {
- if self.is_infinity() {return}
- if rom::CURVETYPE==rom::WEIERSTRASS {
- self.y.neg(); self.y.norm();
- }
- if rom::CURVETYPE==rom::EDWARDS {
- self.x.neg(); self.x.norm();
- }
- return;
- }
-/* multiply x coordinate */
- pub fn mulx(&mut self,c: &mut FP) {
- self.x.mul(c);
- }
-
-/* Constant time select from pre-computed table */
- fn selector(&mut self, W: &[ECP],b: i32) { // unsure about &[& syntax. An array of pointers I hope..
- let mut MP=ECP::new();
- let m=b>>31;
- let mut babs=(b^m)-m;
-
- babs=(babs-1)/2;
-
- self.cmove(&W[0],ECP::teq(babs,0)); // conditional move
- self.cmove(&W[1],ECP::teq(babs,1));
- self.cmove(&W[2],ECP::teq(babs,2));
- self.cmove(&W[3],ECP::teq(babs,3));
- self.cmove(&W[4],ECP::teq(babs,4));
- self.cmove(&W[5],ECP::teq(babs,5));
- self.cmove(&W[6],ECP::teq(babs,6));
- self.cmove(&W[7],ECP::teq(babs,7));
-
- MP.copy(self);
- MP.neg();
- self.cmove(&MP,(m&1) as isize);
- }
-
-/* Test P == Q */
- pub fn equals(&mut self,Q: &mut ECP) -> bool {
- if self.is_infinity() && Q.is_infinity() {return true}
- if self.is_infinity() || Q.is_infinity() {return false}
- if rom::CURVETYPE==rom::WEIERSTRASS {
- let mut zs2=FP::new_copy(&self.z); zs2.sqr();
- let mut zo2=FP::new_copy(&Q.z); zo2.sqr();
- let mut zs3=FP::new_copy(&zs2); zs3.mul(&mut self.z);
- let mut zo3=FP::new_copy(&zo2); zo3.mul(&mut Q.z);
- zs2.mul(&mut Q.x);
- zo2.mul(&mut self.x);
- if !zs2.equals(&mut zo2) {return false}
- zs3.mul(&mut Q.y);
- zo3.mul(&mut self.y);
- if !zs3.equals(&mut zo3) {return false}
- } else {
- let mut a=FP::new();
- let mut b=FP::new();
- a.copy(&self.x); a.mul(&mut Q.z); a.reduce();
- b.copy(&Q.x); b.mul(&mut self.z); b.reduce();
- if !a.equals(&mut b) {return false}
- if rom::CURVETYPE==rom::EDWARDS {
- a.copy(&self.y); a.mul(&mut Q.z); a.reduce();
- b.copy(&Q.y); b.mul(&mut self.z); b.reduce();
- if !a.equals(&mut b) {return false}
- }
- }
- return true;
- }
-
-/* set to affine - from (x,y,z) to (x,y) */
- pub fn affine(&mut self) {
- if self.is_infinity() {return}
- let mut one=FP::new_int(1);
- if self.z.equals(&mut one) {return}
- self.z.inverse();
- if rom::CURVETYPE==rom::WEIERSTRASS {
- let mut z2=FP::new_copy(&self.z);
- z2.sqr();
- self.x.mul(&mut z2); self.x.reduce();
- self.y.mul(&mut z2);
- self.y.mul(&mut self.z); self.y.reduce();
- }
- if rom::CURVETYPE==rom::EDWARDS {
- self.x.mul(&mut self.z); self.x.reduce();
- self.y.mul(&mut self.z); self.y.reduce();
- }
- if rom::CURVETYPE==rom::MONTGOMERY {
- self.x.mul(&mut self.z); self.x.reduce();
- }
- self.z.one();
- }
-
-/* extract x as a BIG */
- pub fn getx(&mut self) -> BIG {
- self.affine();
- return self.x.redc();
- }
-
-/* extract y as a BIG */
- pub fn gety(&mut self) -> BIG {
- self.affine();
- return self.y.redc();
- }
-
-/* get sign of Y */
- pub fn gets(&mut self) -> isize {
- self.affine();
- let y=self.gety();
- return y.parity();
- }
-
-/* extract x as an FP */
- pub fn getpx(&self) -> FP {
- let w=FP::new_copy(&self.x);
- return w;
- }
-/* extract y as an FP */
- pub fn getpy(&self) -> FP {
- let w=FP::new_copy(&self.y);
- return w;
- }
-
-/* extract z as an FP */
- pub fn getpz(&self) -> FP {
- let w=FP::new_copy(&self.z);
- return w;
- }
-
-/* convert to byte array */
- pub fn tobytes(&mut self,b: &mut [u8]) {
- let mb=rom::MODBYTES as usize;
- let mut t:[u8;rom::MODBYTES as usize]=[0;rom::MODBYTES as usize];
- if rom::CURVETYPE!=rom::MONTGOMERY {
- b[0]=0x04;
- } else {b[0]=0x02}
-
- self.affine();
- self.x.redc().tobytes(&mut t);
- for i in 0..mb {b[i+1]=t[i]}
- if rom::CURVETYPE!=rom::MONTGOMERY {
- self.y.redc().tobytes(&mut t);
- for i in 0..mb {b[i+mb+1]=t[i]}
- }
- }
-
-/* convert from byte array to point */
- pub fn frombytes(b: &[u8]) -> ECP {
- let mut t:[u8;rom::MODBYTES as usize]=[0;rom::MODBYTES as usize];
- let mb=rom::MODBYTES as usize;
- let p=BIG::new_ints(&rom::MODULUS);
-
- for i in 0..mb {t[i]=b[i+1]}
- let px=BIG::frombytes(&t);
- if BIG::comp(&px,&p)>=0 {return ECP::new()}
-
- if b[0]==0x04 {
- for i in 0..mb {t[i]=b[i+mb+1]}
- let py=BIG::frombytes(&t);
- if BIG::comp(&py,&p)>=0 {return ECP::new()}
- return ECP::new_bigs(&px,&py);
- } else {return ECP::new_big(&px)}
- }
-
- pub fn to_hex(&self) -> String {
- let mut ret: String = String::with_capacity(4 * BIG_HEX_STRING_LEN);
- ret.push_str(&format!("{} {} {} {}", self.inf, self.x.to_hex(), self.y.to_hex(), self.z.to_hex()));
- return ret;
- }
-
- pub fn from_hex_iter(iter: &mut SplitWhitespace) -> ECP {
- let mut ret:ECP = ECP::new();
- if let Some(x) = iter.next() {
- ret.inf = x == "true";
- ret.x = FP::from_hex_iter(iter);
- ret.y = FP::from_hex_iter(iter);
- ret.z = FP::from_hex_iter(iter);
- }
- return ret;
- }
-
- pub fn from_hex(val: String) -> ECP {
- let mut iter = val.split_whitespace();
- return ECP::from_hex_iter(&mut iter);
- }
-
-/* convert to hex string */
- pub fn tostring(&mut self) -> String {
- if self.is_infinity() {return String::from("infinity")}
- self.affine();
- if rom::CURVETYPE==rom::MONTGOMERY {
- return format!("({})",self.x.redc().tostring());
- } else {return format!("({},{})",self.x.redc().tostring(),self.y.redc().tostring())} ;
- }
-
-/* this*=2 */
- pub fn dbl(&mut self) {
- if rom::CURVETYPE==rom::WEIERSTRASS {
- if self.inf {return}
- if self.y.iszilch() {
- self.inf();
- return;
- }
-
- let mut w1=FP::new_copy(&self.x);
- let mut w6=FP::new_copy(&self.z);
- let mut w2=FP::new();
- let mut w3=FP::new_copy(&self.x);
- let mut w8=FP::new_copy(&self.x);
-
- if rom::CURVE_A==-3 {
- w6.sqr();
- w1.copy(&w6);
- w1.neg();
- w3.add(&w1);
-
- w8.add(&w6);
-
- w3.mul(&mut w8);
- w8.copy(&w3);
- w8.imul(3);
- } else {
- w1.sqr();
- w8.copy(&w1);
- w8.imul(3);
- }
-
- w2.copy(&self.y); w2.sqr();
- w3.copy(&self.x); w3.mul(&mut w2);
- w3.imul(4);
- w1.copy(&w3); w1.neg();
- w1.norm();
-
- self.x.copy(&w8); self.x.sqr();
- self.x.add(&w1);
- self.x.add(&w1);
- self.x.norm();
-
- self.z.mul(&mut self.y);
- self.z.dbl();
-
- w2.dbl();
- w2.sqr();
- w2.dbl();
- w3.sub(&self.x);
- self.y.copy(&w8); self.y.mul(&mut w3);
- //w2.norm();
- self.y.sub(&w2);
- self.y.norm();
- self.z.norm();
- }
- if rom::CURVETYPE==rom::EDWARDS {
- let mut c=FP::new_copy(&self.x);
- let mut d=FP::new_copy(&self.y);
- let mut h=FP::new_copy(&self.z);
- let mut j=FP::new();
-
- self.x.mul(&mut self.y); self.x.dbl();
- c.sqr();
- d.sqr();
- if rom::CURVE_A == -1 {c.neg()}
- self.y.copy(&c); self.y.add(&d);
- self.y.norm();
- h.sqr(); h.dbl();
- self.z.copy(&self.y);
- j.copy(&self.y); j.sub(&h);
- self.x.mul(&mut j);
- c.sub(&d);
- self.y.mul(&mut c);
- self.z.mul(&mut j);
-
- self.x.norm();
- self.y.norm();
- self.z.norm();
- }
- if rom::CURVETYPE==rom::MONTGOMERY {
- let mut a=FP::new_copy(&self.x);
- let mut b=FP::new_copy(&self.x);
- let mut aa=FP::new();
- let mut bb=FP::new();
- let mut c=FP::new();
-
- if self.inf {return}
-
- a.add(&self.z);
- aa.copy(&a); aa.sqr();
- b.sub(&self.z);
- bb.copy(&b); bb.sqr();
- c.copy(&aa); c.sub(&bb);
-
- self.x.copy(&aa); self.x.mul(&mut bb);
-
- a.copy(&c); a.imul((rom::CURVE_A+2)/4);
-
- bb.add(&a);
- self.z.copy(&bb); self.z.mul(&mut c);
- self.x.norm();
- self.z.norm();
- }
- return;
- }
-
- /* self+=Q */
- pub fn add(&mut self,Q:&mut ECP)
- {
- if rom::CURVETYPE==rom::WEIERSTRASS {
- if self.inf {
- self.copy(&Q);
- return;
- }
- if Q.inf {return}
-
- let mut aff=false;
-
- let mut one=FP::new_int(1);
- if Q.z.equals(&mut one) {aff=true}
-
- let mut a=FP::new();
- let mut c=FP::new();
- let mut b=FP::new_copy(&self.z);
- let mut d=FP::new_copy(&self.z);
- if !aff {
- a.copy(&Q.z);
- c.copy(&Q.z);
-
- a.sqr(); b.sqr();
- c.mul(&mut a); d.mul(&mut b);
-
- a.mul(&mut self.x);
- c.mul(&mut self.y);
- }
- else
- {
- a.copy(&self.x);
- c.copy(&self.y);
-
- b.sqr();
- d.mul(&mut b);
- }
-
- b.mul(&mut Q.x); b.sub(&a);
- d.mul(&mut Q.y); d.sub(&c);
-
- if b.iszilch()
- {
- if d.iszilch()
- {
- self.dbl();
- return;
- }
- else
- {
- self.inf=true;
- return;
- }
- }
-
- if !aff {self.z.mul(&mut Q.z)}
- self.z.mul(&mut b);
-
- let mut e=FP::new_copy(&b); e.sqr();
- b.mul(&mut e);
- a.mul(&mut e);
-
- e.copy(&a);
- e.add(&a); e.add(&b);
- self.x.copy(&d); self.x.sqr(); self.x.sub(&e);
-
- a.sub(&self.x);
- self.y.copy(&a); self.y.mul(&mut d);
- c.mul(&mut b); self.y.sub(&c);
-
- self.x.norm();
- self.y.norm();
- self.z.norm();
- }
- if rom::CURVETYPE==rom::EDWARDS {
- let mut bb=FP::new_big(&BIG::new_ints(&rom::CURVE_B));
- let mut a=FP::new_copy(&self.z);
- let mut b=FP::new();
- let mut c=FP::new_copy(&self.x);
- let mut d=FP::new_copy(&self.y);
- let mut e=FP::new();
- let mut f=FP::new();
- let mut g=FP::new();
-
- a.mul(&mut Q.z);
- b.copy(&a); b.sqr();
- c.mul(&mut Q.x);
- d.mul(&mut Q.y);
-
- e.copy(&c); e.mul(&mut d); e.mul(&mut bb);
- f.copy(&b); f.sub(&e);
- g.copy(&b); g.add(&e);
-
- if rom::CURVE_A==1 {
- e.copy(&d); e.sub(&c);
- }
- c.add(&d);
-
- b.copy(&self.x); b.add(&self.y);
- d.copy(&Q.x); d.add(&Q.y);
- b.mul(&mut d);
- b.sub(&c);
- b.mul(&mut f);
- self.x.copy(&a); self.x.mul(&mut b);
-
- if rom::CURVE_A==1 {
- c.copy(&e); c.mul(&mut g);
- }
- if rom::CURVE_A == -1 {
- c.mul(&mut g);
- }
- self.y.copy(&a); self.y.mul(&mut c);
- self.z.copy(&f); self.z.mul(&mut g);
- self.x.norm(); self.y.norm(); self.z.norm();
- }
- return;
- }
-
-/* Differential Add for Montgomery curves. this+=Q where W is this-Q and is affine. */
- pub fn dadd(&mut self,Q: &ECP,W: &ECP) {
- let mut a=FP::new_copy(&self.x);
- let mut b=FP::new_copy(&self.x);
- let mut c=FP::new_copy(&Q.x);
- let mut d=FP::new_copy(&Q.x);
- let mut da=FP::new();
- let mut cb=FP::new();
-
- a.add(&self.z);
- b.sub(&self.z);
-
- c.add(&Q.z);
- d.sub(&Q.z);
-
- da.copy(&d); da.mul(&mut a);
- cb.copy(&c); cb.mul(&mut b);
-
- a.copy(&da); a.add(&cb); a.sqr();
- b.copy(&da); b.sub(&cb); b.sqr();
-
- self.x.copy(&a);
- self.z.copy(&W.x); self.z.mul(&mut b);
-
- if self.z.iszilch() {
- self.inf();
- } else {self.inf=false;}
-
- self.x.norm();
- }
-
-/* self-=Q */
- pub fn sub(&mut self,Q:&mut ECP) {
- Q.neg();
- self.add(Q);
- Q.neg();
- }
-
- fn multiaffine(P: &mut [ECP]) {
- let mut t1=FP::new();
- let mut t2=FP::new();
-
- let mut work:[FP;8]=[FP::new(),FP::new(),FP::new(),FP::new(),FP::new(),FP::new(),FP::new(),FP::new()];
- let m=8;
-
- work[0].one();
- work[1].copy(&P[0].z);
-
- for i in 2..m {
- t1.copy(&work[i-1]);
- work[i].copy(&t1);
- work[i].mul(&mut P[i-1].z);
- }
-
- t1.copy(&work[m-1]);
- t1.mul(&mut P[m-1].z);
- t1.inverse();
- t2.copy(&P[m-1].z);
- work[m-1].mul(&mut t1);
-
- let mut i=m-2;
- loop {
- if i==0 {
- work[0].copy(&t1);
- work[0].mul(&mut t2);
- break;
- }
- work[i].mul(&mut t2);
- work[i].mul(&mut t1);
- t2.mul(&mut P[i].z);
- i-=1;
- }
-/* now work[] contains inverses of all Z coordinates */
-
- for i in 0..m {
- P[i].z.one();
- t1.copy(&work[i]);
- t1.sqr();
- P[i].x.mul(&mut t1);
- t1.mul(&mut work[i]);
- P[i].y.mul(&mut t1);
- }
- }
-
-/* constant time multiply by small integer of length bts - use ladder */
- pub fn pinmul(&mut self,e: i32,bts: i32) -> ECP {
- if rom::CURVETYPE==rom::MONTGOMERY {
- return self.mul(&mut BIG::new_int(e as isize));
- } else {
- let mut P=ECP::new();
- let mut R0=ECP::new();
- let mut R1=ECP::new(); R1.copy(&self);
-
- for i in (0..bts).rev() {
- let b=((e>>i)&1) as isize;
- P.copy(&R1);
- P.add(&mut R0);
- R0.cswap(&mut R1,b);
- R1.copy(&P);
- R0.dbl();
- R0.cswap(&mut R1,b);
- }
- P.copy(&R0);
- P.affine();
- return P;
- }
- }
-
-/* return e.self */
-
- pub fn mul(&mut self,e:&mut BIG) -> ECP {
- if e.iszilch() || self.is_infinity() {return ECP::new()}
- let mut P=ECP::new();
- if rom::CURVETYPE==rom::MONTGOMERY {
-/* use Ladder */
- let mut D=ECP::new();
- let mut R0=ECP::new(); R0.copy(&self);
- let mut R1=ECP::new(); R1.copy(&self);
- R1.dbl();
- D.copy(&self); D.affine();
- let nb=e.nbits();
-
- for i in (0..nb-1).rev() {
- let b=e.bit(i);
- P.copy(&R1);
- P.dadd(&mut R0,&D);
- R0.cswap(&mut R1,b);
- R1.copy(&P);
- R0.dbl();
- R0.cswap(&mut R1,b);
- }
- P.copy(&R0)
- } else {
-// fixed size windows
- let mut mt=BIG::new();
- let mut t=BIG::new();
- let mut Q=ECP::new();
- let mut C=ECP::new();
-
- let mut W:[ECP;8]=[ECP::new(),ECP::new(),ECP::new(),ECP::new(),ECP::new(),ECP::new(),ECP::new(),ECP::new()];
-
- const CT:usize=1+(rom::NLEN*(rom::BASEBITS as usize)+3)/4;
- let mut w:[i8;CT]=[0;CT];
-
- self.affine();
-
- Q.copy(&self);
- Q.dbl();
-
- W[0].copy(&self);
-
- for i in 1..8 {
- C.copy(&W[i-1]);
- W[i].copy(&C);
- W[i].add(&mut Q);
- }
-
-// convert the table to affine
- if rom::CURVETYPE==rom::WEIERSTRASS {
- ECP::multiaffine(&mut W);
- }
-
-// make exponent odd - add 2P if even, P if odd
- t.copy(&e);
- let s=t.parity();
- t.inc(1); t.norm(); let ns=t.parity(); mt.copy(&t); mt.inc(1); mt.norm();
- t.cmove(&mt,s);
- Q.cmove(&self,ns);
- C.copy(&Q);
-
- let nb=1+(t.nbits()+3)/4;
-
-// convert exponent to signed 4-bit window
- for i in 0..nb {
- w[i]=(t.lastbits(5)-16) as i8;
- t.dec(w[i] as isize); t.norm();
- t.fshr(4);
- }
- w[nb]=t.lastbits(5) as i8;
-
- P.copy(&W[((w[nb] as usize)-1)/2]);
- for i in (0..nb).rev() {
- Q.selector(&W,w[i] as i32);
- P.dbl();
- P.dbl();
- P.dbl();
- P.dbl();
- P.add(&mut Q);
- }
- P.sub(&mut C); /* apply correction */
- }
- P.affine();
- return P;
- }
-
-/* Return e.this+f.Q */
-
- pub fn mul2(&mut self,e: &BIG,Q: &mut ECP,f: &BIG) -> ECP {
- let mut te=BIG::new();
- let mut tf=BIG::new();
- let mut mt=BIG::new();
- let mut S=ECP::new();
- let mut T=ECP::new();
- let mut C=ECP::new();
-
- let mut W:[ECP;8]=[ECP::new(),ECP::new(),ECP::new(),ECP::new(),ECP::new(),ECP::new(),ECP::new(),ECP::new()];
-
- const CT:usize=1+(rom::NLEN*(rom::BASEBITS as usize)+1)/2;
- let mut w: [i8;CT]=[0;CT];
-
- self.affine();
- Q.affine();
-
- te.copy(e);
- tf.copy(f);
-
-// precompute table
-
- W[1].copy(&self); W[1].sub(Q);
- W[2].copy(&self); W[2].add(Q);
- S.copy(&Q); S.dbl();
- C.copy(&W[1]); W[0].copy(&C); W[0].sub(&mut S); // copy to C is stupid Rust thing..
- C.copy(&W[2]); W[3].copy(&C); W[3].add(&mut S);
- T.copy(&self); T.dbl();
- C.copy(&W[1]); W[5].copy(&C); W[5].add(&mut T);
- C.copy(&W[2]); W[6].copy(&C); W[6].add(&mut T);
- C.copy(&W[5]); W[4].copy(&C); W[4].sub(&mut S);
- C.copy(&W[6]); W[7].copy(&C); W[7].add(&mut S);
-
-// convert the table to affine
- if rom::CURVETYPE==rom::WEIERSTRASS {
- ECP::multiaffine(&mut W);
- }
-
-// if multiplier is odd, add 2, else add 1 to multiplier, and add 2P or P to correction
-
- let mut s=te.parity();
- te.inc(1); te.norm(); let mut ns=te.parity(); mt.copy(&te); mt.inc(1); mt.norm();
- te.cmove(&mt,s);
- T.cmove(&self,ns);
- C.copy(&T);
-
- s=tf.parity();
- tf.inc(1); tf.norm(); ns=tf.parity(); mt.copy(&tf); mt.inc(1); mt.norm();
- tf.cmove(&mt,s);
- S.cmove(&Q,ns);
- C.add(&mut S);
-
- mt.copy(&te); mt.add(&tf); mt.norm();
- let nb=1+(mt.nbits()+1)/2;
-
-// convert exponent to signed 2-bit window
- for i in 0..nb {
- let a=te.lastbits(3)-4;
- te.dec(a); te.norm();
- te.fshr(2);
- let b=tf.lastbits(3)-4;
- tf.dec(b); tf.norm();
- tf.fshr(2);
- w[i]=(4*a+b) as i8;
- }
- w[nb]=(4*te.lastbits(3)+tf.lastbits(3)) as i8;
- S.copy(&W[((w[nb] as usize)-1)/2]);
-
- for i in (0..nb).rev() {
- T.selector(&W,w[i] as i32);
- S.dbl();
- S.dbl();
- S.add(&mut T);
- }
- S.sub(&mut C); /* apply correction */
- S.affine();
- return S;
- }
-
-
-}
-/*
-fn main()
-{
- let mut E=ECP::new();
-
- let mut W:[&ECP;8]=[&ECP::new(),&ECP::new(),&ECP::new(),&ECP::new(),&ECP::new(),&ECP::new(),&ECP::new(),&ECP::new()];
-
- let mut gx=BIG::new_ints(&rom::CURVE_GX);
- let mut gy=BIG::new();
- let mut P=ECP::new();
-
- if rom::CURVETYPE!=rom::MONTGOMERY {gy.copy(&BIG::new_ints(&rom::CURVE_GY))}
- let mut r=BIG::new_ints(&rom::CURVE_ORDER);
-
- //r.dec(7);
-
- println!("gx= {}",gx.tostring());
-
- if rom::CURVETYPE!=rom::MONTGOMERY {
- println!("gy= {}",gy.tostring());
- }
-
- if rom::CURVETYPE!=rom::MONTGOMERY {
- P.copy(&ECP::new_bigs(&gx,&gy))}
- else {P.copy(&ECP::new_big(&gx))}
-
- println!("P= {}",P.tostring());
-
- let mut R=P.mul(&mut r);
- //for i in 0..10000 (R=P.mul(r));
-
- println!("R= {}",R.tostring());
-
-}
-*/
[10/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/newhope.c
----------------------------------------------------------------------
diff --git a/version3/c/newhope.c b/version3/c/newhope.c
deleted file mode 100644
index 2203648..0000000
--- a/version3/c/newhope.c
+++ /dev/null
@@ -1,513 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* NewHope API implementation. Constant time.
-
- LOOK - no if statements!
-
- M.Scott 21/07/2017
-*/
-
-#include "newhope.h"
-
-const sign16 roots[] ={0x2ac8,0x2baf,0x299b,0x685,0x2f04,0x158d,0x2d49,0x24b5,0x1edc,0xab3,0x2a95,0x24d,0x3cb,0x6a8,0x12f9,0x15ba,0x1861,0x2a89,0x1c5c,0xbe6,0xc1e,0x2024,0x207,0x19ce,0x2710,0x1744,0x18bc,0x2cd7,0x396,0x18d5,0x1c45,0xc4,0x21a6,0xe03,0x2b3c,0x2d91,0xc5d,0x432,0x1fbc,0xcae,0x2512,0x2979,0x3b2,0x714,0xb2e,0x1a97,0x1a03,0x1bcd,0x2216,0x2701,0xa,0x263c,0x1179,0x200c,0x2d08,0x1c34,0x291,0x2c99,0x2a5a,0x723,0xb1d,0x1ccc,0x1fb6,0x2f58,0x2bfe,0x1cda,0x2a0,0x5f1,0x2de,0x1fc7,0x1ea8,0x1719,0x2fa7,0x27ec,0x20ff,0x12c0,0x1ac1,0x2232,0x2f9b,0xd3e,0x2aed,0x15f0,0x11e8,0xed0,0x26a,0x1de5,0xa3f,0xf43,0xebf,0x204e,0xac7,0x2d9c,0x5ea,0x25d1,0xb6,0x49c,0x995,0x2555,0x26e2,0x100,0x1878,0x5aa,0x2e10,0x271c,0xcb,0x1b4c,0x2fb8,0x25b7,0x1543,0x2c7b,0x241a,0x2223,0x20ca,0x24ed,0x137,0x1b65,0x1dc2,0x7c7,0x2ec3,0xd0c,0x1169,0x1c7a,0x1ea1,0xf89,0x2199,0x291d,0x1088,0x2046,0x256d,0x2bc7,0x2e9b,0x41f,0x1b55,0x2b38,0xd0,0x2e6a,0x1755,0x6bc,0x2724,0x3ba,0x222e,0x2c5c,0x2da5,0x213c,0x10fe,0x169a,0x15
52,0x5d3,0x300,0x1b5d,0x1342,0x2004,0x256f,0x2039,0x667,0x23b5,0x1123,0xdb,0x2da0,0xe1e,0x2f54,0x2767,0x154a,0x40a,0x11d3,0x2821,0xc09,0x974,0x694,0xfbf,0x27ba,0x132,0x83f,0x2d06,0x10e,0x183f,0x29ae,0x28c3,0x2dc9,0x1144,0x2c70,0x2a4a,0xf3c,0x1e32,0x1171,0x1e43,0xdd4,0x2ddf,0x28d2,0xfac,0x3c4,0x2f19,0x10a6,0x2f7,0xe1d,0x828,0x138f,0x1332,0xfab,0xcf6,0x13f8,0x24a0,0x112d,0x2717,0x6e7,0x1044,0x36e,0xfe8,0x6a,0xba7,0x1d69,0x29ec,0x23b2,0xaee,0x16df,0x1068,0x1a7e,0x253f,0x24c,0xb33,0x2683,0x15ce,0x1ad3,0x1a36,0xc96,0xaea,0x260a,0xce,0x28b1,0xe4f,0x2b11,0x5f8,0x1fc4,0xe77,0x2366,0x11f9,0x153c,0x24eb,0x20cd,0x1398,0x22,0x2b97,0x249b,0x8eb,0x12b2,0x2fe3,0x29c1,0x1b00,0x2663,0xeaa,0x2e06,0xe0,0x1569,0x10f5,0x284e,0xa38,0x201d,0x1c53,0x1681,0x1f6f,0x2f95,0x2fe8,0xacb,0x1680,0x17fd,0x2c39,0x165a,0x10bb,0x29d8,0x2622,0x1196,0x884,0x2a79,0x140e,0x2d80,0x6fa,0x11b2,0x26c4,0x355,0x1054,0x29e9,0x23ed,0xbe3,0x24fa,0x1fb3,0x10ac,0x2919,0x2584,0x10a4,0xe85,0x650,0x1893,0x1dc1,0xd8e,0x12dc,0x2d42,0x284
d,0xfff,0x250f,0xacd,0x13c3,0x6cc,0x1a79,0x1221,0x2614,0x270a,0x1ea,0x155,0x2818,0x222c,0x2e5b,0x25d8,0x1dbf,0x191c,0xb0f,0xdac,0x1082,0x12ef,0x11b6,0xfa8,0x2b72,0x159d,0x209e,0x31b,0x2c7c,0x14f7,0xe09,0x1bb2,0x1ec7,0x2404,0x20ae,0x6ad,0xed6,0x2b70,0x1c7b,0x18d1,0x2732,0x12da,0xd56,0x5c1,0x1648,0x18b7,0x1605,0x1bc4,0x280,0x2ece,0xc,0x1aae,0x1c4,0x1cdb,0x22d6,0x21d8,0x257c,0x51f,0x211b,0xff,0x2ee0,0x2585,0xe1,0x2c35,0x26db,0x2971,0x2208,0x17e1,0x21be,0x135e,0x28d6,0x2891,0x1689,0x2138,0xb86,0x2e3a,0x1204,0x2d10,0x2324,0xf3f,0x2508,0x33d,0xcb2,0x292a,0xe27,0x2e64,0x29f8,0x2d46,0x9b7,0x20eb,0x1b7c,0x9eb,0x2b2a,0x58c,0x27d0,0x121b,0x272e,0x29f6,0x2dbd,0x2697,0x2aac,0xd6f,0x1c67,0x2c5b,0x108d,0x363,0x249d,0x2d5e,0x2fd,0x2cb2,0x1f8f,0x20a4,0xa19,0x2ac9,0x19b1,0x1581,0x17a2,0x29eb,0x1b72,0x13b0,0xee4,0xa8f,0x2315,0x5e6,0x951,0x2e29,0xdad,0x1f2b,0x224e,0x37f,0x1a72,0xa91,0x1407,0x2df9,0x3ad,0x23f7,0x1a24,0x1d2a,0x234b,0x1df3,0x1143,0x7ff,0x1a6d,0x2774,0x2690,0x2ab5,0x586,0x2781,0x2009,0x2fd
d,0x2881,0x399,0x2fb6,0x144,0x137f,0xfa0,0x2e4c,0x1c7f,0x2fac,0xb09,0x1264,0x127b,0x198c,0x2b40,0x230,0x1cf4,0x180b,0xb58,0x144a,0x2aec,0xfb,0x2602,0x14ee,0x783,0x1098,0x23d8,0x203,0xe9,0x108a,0x14b8,0xeec,0xc58,0x1248,0x243c,0x28aa,0x6bf,0x27c4,0x276e,0x19b8,0x1d11,0x2e16,0x472,0x1464,0x24b9,0x662,0x1097,0x2067,0x20d6,0x171c,0x4,0x682,0x17bb,0x1186,0x4f2,0x3ff,0x2a43,0x1dc7,0x1ae5,0x8cc,0x2e7c,0x2ef8,0x2ae0,0x2904,0xed4,0x6c5,0x14ae,0xb72,0x11c3,0x337,0x2da3,0x2916,0x6d8,0x1cf9,0x10ee,0x1800,0x1ae4,0xa0d,0x101b,0x1a8d,0x2e98,0x24cd,0x813,0x1aa4,0x9b9,0x680,0x2349,0x24d1,0x20f8,0xe31,0x249f,0x216b,0x12d9,0x1d21,0x19db,0x191a,0x1dd0,0x5df,0x55c,0x2b86,0x213,0xe9e,0x1ef1,0x268a,0x1d5e,0x1e20,0x28c1,0x1379,0x249,0x19de,0x18b,0x1e41,0x2a1e,0x2612,0x297,0x2e96,0x2102,0x46,0x1b9f,0x1a4d,0x2050,0x1b32,0x568,0x11f7,0x1829,0x870,0x1f4,0x1dca,0x990,0x1df6,0x2b62,0x13ec,0x9f2,0x1260,0x2997,0x1412,0x1e6d,0x1694,0x11ac,0x2d8b,0x276f,0x26f5,0x233e,0x2b44,0x2f5a,0x2d37,0x2cb1,0xc75,0x98d,0x1d56,0x
7ae,0x10e6,0x113f,0x17b8,0xad3,0x737,0x221e,0x1b70,0x1f3e,0x2966,0x18b2,0x4fa,0x2044,0x1312,0x154e,0x2029,0x700,0x1b45,0x27a6,0x226a,0x21bf,0x58d,0x2f11,0x2e02,0x17fc,0x4d2,0x1757,0xcb1,0x2ef1,0x2582,0x1276,0x881,0x2fc0,0x104a,0x670,0x274f,0x2b53,0x19dd,0x752,0x1663,0xcbd,0x2b2b,0x2fc6,0x13b6,0x21e6,0x15f6,0x126b,0x2637,0x1cd9,0x2f50,0xe82,0x5b0,0x24e0,0x1350,0x2f24,0x21f7,0x1a16,0x2f3e,0x167e,0x1f7d,0x28a0,0x16f0,0xe33,0x53b,0x28c5,0x1500,0x2f88,0x26cc,0x2018,0x1604,0x218b,0x2cd1,0x9ee,0x17f3,0x5fd,0x1f5a,0x2d0,0x2b46,0x23cc,0x503,0x1c46,0x1cc3,0x28e2,0x243e,0x122b,0x2e0c,0xe37,0x2611,0x85e,0x9b8,0x1b24,0x762,0x19b6,0x3bc,0x2d50,0x2079,0x18da,0x170a,0x800,0xaa2,0x135a,0x1a15,0x13d1,0xca,0x2113,0x2db9,0xdb2,0x1a5c,0x29a9,0x1488,0x14c1,0x2c9,0x917,0x28e7,0x265c,0xdab,0x2ab9,0x2bc6,0x105b,0x1839,0x219c,0x50,0x11da,0x1802,0xf56,0x2e6,0x2190,0xddb,0x56e,0x9d9,0x1c81,0x1016,0x12d6,0x296f,0x14b4,0x1014,0x1e64,0x1d90,0x89f,0x2bc2,0x2777,0x2819,0x1c65,0x1a41,0x5a2,0x2cd2,0x427,0xd71,0x29c8,
0x1e58,0x53f,0x7c5,0x1dcd,0x4a1,0x1268,0x2597,0x2926,0xee,0x111b,0x1038,0xe6c,0x22dc,0x2f2f,0x441,0x2cfd,0x1cb0,0x6a4,0x2224,0x620,0x5dc,0x16b1,0x2a1d,0x1787,0x20c7,0x641,0xd84,0x1c05,0x2d0d,0x2f52,0x1b8c,0xd7d,0x17e8,0x1589,0xc73,0x151b,0x4e2,0x1ae9,0x1b18,0xb9b,0x949,0x2c60,0x1e7a,0xd5,0x1bdc,0x1f57,0x1753,0x124a,0x559,0xb76,0x2334,0x12d1,0x1de1,0x14b2,0x2faa,0x1697,0x147a,0x5a1,0x2c30,0x1c02,0x1043,0x2ee1,0x2402,0x1cc8,0x2a16,0xff7,0x1364,0x1b9a,0x2a53,0x2f94,0x294c,0x1ee5,0x1a87,0x2141,0xd66,0x953,0x28a3,0x2f30,0x2477,0x18e3,0x1035,0x1fc1,0x1d68,0x2fb3,0x138c,0x2487,0x1bf8,0xd96,0x1018,0x748,0x244e,0x15bd,0x175e,0x2be,0x23d,0x1da,0x176d,0xc17,0x24be,0x2ebb,0x7d8,0x100a,0x759,0x1db4,0x2259,0x23f4,0x2d59,0x2847,0xbf5,0x1cfe,0xa20,0x258,0x1180,0x279c,0x54,0x2abf,0xc5c,0x9f9,0x3d5,0x2ce4,0x165f,0x23d9,0x27b9,0x6f9,0x281a,0x169e,0x627,0x156d,0x1ff8,0x211,0x2e34,0x1724,0x2c2e,0x2790,0x2dd5,0x2bf2,0xdbc,0x2884,0x20a9,0x2390,0x1e1a,0x1b6a,0x5f7,0xab7,0x1333,0x16ab,0x28dd,0x20,0x30f,0x24
b6,0x5c2,0x1ce4,0x1400,0x2669,0x60,0x156c,0xe20,0x26d4,0x26ab,0x1ebb,0x223d,0x5b4,0x2025,0x1e1c,0xaae,0x2e08,0x6cd,0x1677,0x13d9,0x17b5,0x1046,0x1d8c,0x14eb,0x18d8,0x1ce5,0x2478,0x16ae,0xb79,0x23d4,0x684,0x156b,0x567,0x1a,0x29ce,0x83a,0x19e8,0x58e,0x294a,0x1136,0x2319,0x2fba,0x1a29,0x1d,0x1879,0x291b,0x19f6,0x2c2f,0x21c9,0x19bb,0xbbc,0x26f9,0xc22,0x708,0x11a1,0x18d3,0x7f8,0x28f8,0x2427,0x1deb,0xaed,0x26aa,0x2482,0x203b,0x2f05,0x2b82,0x192f,0x2df4,0x8dc,0x2877,0xd5e,0x240e,0x775,0x2dae,0x1d3e,0x20ba,0x215b,0x22d1,0xeba,0xf50,0xaa8,0x184a,0x1f67,0x2e04,0xc6e,0x6dd,0x1a09,0x27f,0x494,0x1426,0xae3,0xe15,0x65f,0x13c4,0x105,0x872,0x2667,0x1ff6,0xd9f,0x2ca1,0x2f39,0x2657,0x23fd,0x2405,0xb73,0x2294,0x1f1e,0x2eba,0x110a,0x2cae,0x141f,0x22cd,0x25d6,0x11c1,0x1c,0x2d8e,0x161a,0x1aa8,0x229e,0x1bf9,0x7cf,0x106d,0x2c40,0xd93,0x255e,0x28c2,0xc1a,0x2f17,0x7ca,0x2f63,0xbf};
-const sign16 iroots[]= {0x2ac8,0x452,0x297c,0x666,0xb4c,0x2b8,0x1a74,0xfd,0x1a47,0x1d08,0x2959,0x2c36,0x2db4,0x56c,0x254e,0x1125,0x2f3d,0x13bc,0x172c,0x2c6b,0x32a,0x1745,0x18bd,0x8f1,0x1633,0x2dfa,0xfdd,0x23e3,0x241b,0x13a5,0x578,0x17a0,0xa9,0x104b,0x1335,0x24e4,0x28de,0x5a7,0x368,0x2d70,0x13cd,0x2f9,0xff5,0x1e88,0x9c5,0x2ff7,0x900,0xdeb,0x1434,0x15fe,0x156a,0x24d3,0x28ed,0x2c4f,0x688,0xaef,0x2353,0x1045,0x2bcf,0x23a4,0x270,0x4c5,0x21fe,0xe5b,0xfbb,0x1f79,0x6e4,0xe68,0x2078,0x1160,0x1387,0x1e98,0x22f5,0x13e,0x283a,0x123f,0x149c,0x2eca,0xb14,0xf37,0xdde,0xbe7,0x386,0x1abe,0xa4a,0x49,0x14b5,0x2f36,0x8e5,0x1f1,0x2a57,0x1789,0x2f01,0x91f,0xaac,0x266c,0x2b65,0x2f4b,0xa30,0x2a17,0x265,0x253a,0xfb3,0x2142,0x20be,0x25c2,0x121c,0x2d97,0x2131,0x1e19,0x1a11,0x514,0x22c3,0x66,0xdcf,0x1540,0x1d41,0xf02,0x815,0x5a,0x18e8,0x1159,0x103a,0x2d23,0x2a10,0x2d61,0x1327,0x403,0x25c9,0x7b3,0x1f0c,0x1a98,0x2f21,0x1fb,0x2157,0x99e,0x1501,0x640,0x1e,0x1d4f,0x2716,0xb66,0x46a,0x2fdf,0x1c69,0xf34,0xb16,0x1ac5,
0x1e08,0xc9b,0x218a,0x103d,0x2a09,0x4f0,0x21b2,0x750,0x2f33,0x9f7,0x2517,0x236b,0x15cb,0x152e,0x1a33,0x97e,0x24ce,0x2db5,0xac2,0x1583,0x1f99,0x1922,0x2513,0xc4f,0x615,0x1298,0x245a,0x2f97,0x2019,0x2c93,0x1fbd,0x291a,0x8ea,0x1ed4,0xb61,0x1c09,0x230b,0x2056,0x1ccf,0x1c72,0x27d9,0x21e4,0x2d0a,0x1f5b,0xe8,0x2c3d,0x2055,0x72f,0x222,0x222d,0x11be,0x1e90,0x11cf,0x20c5,0x5b7,0x391,0x1ebd,0x238,0x73e,0x653,0x17c2,0x2ef3,0x2fb,0x27c2,0x2ecf,0x847,0x2042,0x296d,0x268d,0x23f8,0x7e0,0x1e2e,0x2bf7,0x1ab7,0x89a,0xad,0x21e3,0x261,0x2f26,0x1ede,0xc4c,0x299a,0xfc8,0xa92,0xffd,0x1cbf,0x14a4,0x2d01,0x2a2e,0x1aaf,0x1967,0x1f03,0xec5,0x25c,0x3a5,0xdd3,0x2c47,0x8dd,0x2945,0x18ac,0x197,0x2f31,0x4c9,0x14ac,0x2be2,0x166,0x43a,0xa94,0x1b53,0x293c,0x212d,0x6fd,0x521,0x109,0x185,0x2735,0x151c,0x123a,0x5be,0x2c02,0x2b0f,0x1e7b,0x1846,0x297f,0x2ffd,0x18e5,0xf2b,0xf9a,0x1f6a,0x299f,0xb48,0x1b9d,0x2b8f,0x1eb,0x12f0,0x1649,0x893,0x83d,0x2942,0x757,0xbc5,0x1db9,0x23a9,0x2115,0x1b49,0x1f77,0x2f18,0x2dfe,0xc29,0x1f69,0
x287e,0x1b13,0x9ff,0x2f06,0x515,0x1bb7,0x24a9,0x17f6,0x130d,0x2dd1,0x4c1,0x1675,0x1d86,0x1d9d,0x24f8,0x55,0x1382,0x1b5,0x2061,0x1c82,0x2ebd,0x4b,0x2c68,0x780,0x24,0xff8,0x880,0x2a7b,0x54c,0x971,0x88d,0x1594,0x2802,0x1ebe,0x120e,0xcb6,0x12d7,0x15dd,0xc0a,0x2c54,0x208,0x1bfa,0x2570,0x158f,0x2c82,0xdb3,0x10d6,0x2254,0x1d8,0x26b0,0x2a1b,0xcec,0x2572,0x211d,0x1c51,0x148f,0x616,0x185f,0x1a80,0x1650,0x538,0x25e8,0xf5d,0x1072,0x34f,0x2d04,0x2a3,0xb64,0x2c9e,0x1f74,0x3a6,0x139a,0x2292,0x555,0x96a,0x244,0x60b,0x8d3,0x1de6,0x831,0x2a75,0x4d7,0x2616,0x1485,0xf16,0x264a,0x2bb,0x609,0x19d,0x21da,0x6d7,0x234f,0x2cc4,0xaf9,0x20c2,0xcdd,0x2f1,0x1dfd,0x1c7,0x247b,0xec9,0x1978,0x770,0x72b,0x1ca3,0xe43,0x1820,0xdf9,0x690,0x926,0x3cc,0x2f20,0xa7c,0x121,0x2f02,0xee6,0x2ae2,0xa85,0xe29,0xd2b,0x1326,0x2e3d,0x1553,0x2ff5,0x133,0x2d81,0x143d,0x19fc,0x174a,0x19b9,0x2a40,0x22ab,0x1d27,0x8cf,0x1730,0x1386,0x491,0x212b,0x2954,0xf53,0xbfd,0x113a,0x144f,0x21f8,0x1b0a,0x385,0x2ce6,0xf63,0x1a64,0x48f,0x2059,0x1e4b,0
x1d12,0x1f7f,0x2255,0x24f2,0x16e5,0x1242,0xa29,0x1a6,0xdd5,0x7e9,0x2eac,0x2e17,0x8f7,0x9ed,0x1de0,0x1588,0x2935,0x1c3e,0x2534,0xaf2,0x2002,0x7b4,0x2bf,0x1d25,0x2273,0x1240,0x176e,0x29b1,0x217c,0x1f5d,0xa7d,0x6e8,0x1f55,0x104e,0xb07,0x241e,0xc14,0x618,0x1fad,0x2cac,0x93d,0x1e4f,0x2907,0x281,0x1bf3,0x588,0x277d,0x1e6b,0x9df,0x629,0x1f46,0x19a7,0x3c8,0x1804,0x1981,0x2536,0x19,0x6c,0x1092,0x1980,0x13ae,0xfe4,0x2f42,0x9e,0x2837,0xea,0x23e7,0x73f,0xaa3,0x226e,0x3c1,0x1f94,0x2832,0x1408,0xd63,0x1559,0x19e7,0x273,0x2fe5,0x1e40,0xa2b,0xd34,0x1be2,0x353,0x1ef7,0x147,0x10e3,0xd6d,0x248e,0xbfc,0xc04,0x9aa,0xc8,0x360,0x2262,0x100b,0x99a,0x278f,0x2efc,0x1c3d,0x29a2,0x21ec,0x251e,0x1bdb,0x2b6d,0x2d82,0x15f8,0x2924,0x2393,0x1fd,0x109a,0x17b7,0x2559,0x20b1,0x2147,0xd30,0xea6,0xf47,0x12c3,0x253,0x288c,0xbf3,0x22a3,0x78a,0x2725,0x20d,0x16d2,0x47f,0xfc,0xfc6,0xb7f,0x957,0x2514,0x1216,0xbda,0x709,0x2809,0x172e,0x1e60,0x28f9,0x23df,0x908,0x2445,0x1646,0xe38,0x3d2,0x160b,0x6e6,0x1788,0x2fe4,0x15d8,0x47,0x
ce8,0x1ecb,0x6b7,0x2a73,0x1619,0x27c7,0x633,0x2fe7,0x2a9a,0x1a96,0x297d,0xc2d,0x2488,0x1953,0xb89,0x131c,0x1729,0x1b16,0x1275,0x1fbb,0x184c,0x1c28,0x198a,0x2934,0x1f9,0x2553,0x11e5,0xfdc,0x2a4d,0xdc4,0x1146,0x956,0x92d,0x21e1,0x1a95,0x2fa1,0x998,0x1c01,0x131d,0x2a3f,0xb4b,0x2cf2,0x2fe1,0x724,0x1956,0x1cce,0x254a,0x2a0a,0x1497,0x11e7,0xc71,0xf58,0x77d,0x2245,0x40f,0x22c,0x871,0x3d3,0x18dd,0x1cd,0x2df0,0x1009,0x1a94,0x29da,0x1963,0x7e7,0x2908,0x848,0xc28,0x19a2,0x31d,0x2c2c,0x2608,0x23a5,0x542,0x2fad,0x865,0x1e81,0x2da9,0x25e1,0x1303,0x240c,0x7ba,0x2a8,0xc0d,0xda8,0x124d,0x28a8,0x1ff7,0x2829,0x146,0xb43,0x23ea,0x1894,0x2e27,0x2dc4,0x2d43,0x18a3,0x1a44,0xbb3,0x28b9,0x1fe9,0x226b,0x1409,0xb7a,0x1c75,0x4e,0x1299,0x1040,0x1fcc,0x171e,0xb8a,0xd1,0x75e,0x26ae,0x229b,0xec0,0x157a,0x111c,0x6b5,0x6d,0x5ae,0x1467,0x1c9d,0x200a,0x5eb,0x1339,0xbff,0x120,0x1fbe,0x13ff,0x3d1,0x2a60,0x1b87,0x196a,0x57,0x1b4f,0x1220,0x1d30,0xccd,0x248b,0x2aa8,0x1db7,0x18ae,0x10aa,0x1425,0x2f2c,0x1187,0x3a1,0x26b8,0x2
466,0x14e9,0x1518,0x2b1f,0x1ae6,0x238e,0x1a78,0x1819,0x2284,0x1475,0xaf,0x2f4,0x13fc,0x227d,0x29c0,0xf3a,0x187a,0x5e4,0x1950,0x2a25,0x29e1,0xddd,0x295d,0x1351,0x304,0x2bc0,0xd2,0xd25,0x2195,0x1fc9,0x1ee6,0x2f13,0x6db,0xa6a,0x1d99,0x2b60,0x1234,0x283c,0x2ac2,0x11a9,0x639,0x2290,0x2bda,0x32f,0x2a5f,0x15c0,0x139c,0x7e8,0x88a,0x43f,0x2762,0x1271,0x119d,0x1fed,0x1b4d,0x692,0x1d2b,0x1feb,0x1380,0x2628,0x2a93,0x2226,0xe71,0x2d1b,0x20ab,0x17ff,0x1e27,0x2fb1,0xe65,0x17c8,0x1fa6,0x43b,0x548,0x2256,0x9a5,0x71a,0x26ea,0x2d38,0x1b40,0x1b79,0x658,0x15a5,0x224f,0x248,0xeee,0x2f37,0x1c30,0x15ec,0x1ca7,0x255f,0x2801,0x18f7,0x1727,0xf88,0x2b1,0x2c45,0x164b,0x289f,0x14dd,0x2649,0x27a3,0x9f0,0x21ca,0x1f5,0x1dd6,0xbc3,0x71f,0x133e,0x13bb,0x2afe,0xc35,0x4bb,0x2d31,0x10a7,0x2a04,0x180e,0x2613,0x330,0xe76,0x19fd,0xfe9,0x935,0x79,0x1b01,0x73c,0x2ac6,0x21ce,0x1911,0x761,0x1084,0x1983,0xc3,0x15eb,0xe0a,0xdd,0x1cb1,0xb21,0x2a51,0x217f,0xb1,0x1328,0x9ca,0x1d96,0x1a0b,0xe1b,0x1c4b,0x3b,0x4d6,0x2344,0x199e,0x28af
,0x1624,0x4ae,0x8b2,0x2991,0x1fb7,0x41,0x2780,0x1d8b,0xa7f,0x110,0x2350,0x18aa,0x2b2f,0x1805,0x1ff,0xf0,0x2a74,0xe42,0xd97,0x85b,0x14bc,0x2901,0xfd8,0x1ab3,0x1cef,0xfbd,0x2b07,0x174f,0x69b,0x10c3,0x1491,0xde3,0x28ca,0x252e,0x1849,0x1ec2,0x1f1b,0x2853,0x12ab,0x2674,0x238c,0x350,0x2ca,0xa7,0x4bd,0xcc3,0x90c,0x892,0x276,0x1e55,0x196d,0x1194,0x1bef,0x66a,0x1da1,0x260f,0x1c15,0x49f,0x120b,0x2671,0x1237,0x2e0d,0x2791,0x17d8,0x1e0a,0x2a99,0x14cf,0xfb1,0x15b4,0x1462,0x2fbb,0xeff,0x16b,0x2d6a,0x9ef,0x5e3,0x11c0,0x2e76,0x1623,0x2db8,0x1c88,0x740,0x11e1,0x12a3,0x977,0x1110,0x2163,0x2dee,0x47b,0x2aa5,0x2a22,0x1231,0x16e7,0x1626,0x12e0,0x1d28,0xe96,0xb62,0x21d0,0xf09,0xb30,0xcb8,0x2981,0x2648,0x155d,0x27ee,0xb34,0x169,0x1574,0x1fe6,0x25f4,0x151d,0x1801,0x1f13,0x1308,0x2929,0x6eb,0x25e,0x2cca,0x1e3e,0x248f};
-const sign16 inv= 0xeab;
-const sign16 invpr= 0x2c2a;
-
-#define DEGREE (1<<RLWE_LGN)
-#define WL 32
-
-#define round(a,b) (((a)+((b)/2))/(b))
-
-/* constant time absolute vaue */
-static sign32 nabs(sign32 x)
-{
- sign32 mask=(x>>31);
- return (x+mask)^mask;
-}
-
-/* Montgomery stuff */
-
-static sign32 redc(unsign64 T)
-{
- unsign32 m=(unsign32)T*(unsign32)RLWE_ND;
- return ((unsign64)m*RLWE_PRIME+T)>>WL;
-}
-
-static sign32 nres(unsign32 x)
-{
- return redc((unsign64)x*RLWE_R2MODP);
-}
-
-static sign32 modmul(unsign32 a,unsign32 b)
-{
- return redc((unsign64)a*b);
-}
-
-/* NTT code */
-/* Cooley-Tukey NTT */
-
-static void ntt(sign32 *x)
-{
- int m,i,j,k,t=DEGREE/2;
- sign32 S,U,V,W,q=RLWE_PRIME;
-
-/* Convert to Montgomery form */
- for (j=0;j<DEGREE;j++)
- x[j]=nres(x[j]);
-
- m=1;
- while (m<DEGREE)
- {
- k=0;
- for (i=0;i<m;i++)
- {
- S=roots[m+i];
- for (j=k;j<k+t;j++)
- {
- U=x[j];
- V=modmul(x[j+t],S);
- x[j]=U+V;
- x[j+t]=U+2*q-V;
- }
- k+=2*t;
- }
- t/=2;
- m*=2;
- }
-}
-
-/* Gentleman-Sande INTT */
-
-static void intt(sign32 *x)
-{
- int m,i,j,k,t=1;
- sign32 S,U,V,W,q=RLWE_PRIME;
-
- m=DEGREE/2;
- while (m>1)
- {
- k=0;
- for (i=0;i<m;i++)
- {
- S=iroots[m+i];
- for (j=k;j<k+t;j++)
- {
- U=x[j];
- V=x[j+t];
- x[j]=U+V;
- W=U+DEGREE*q-V;
- x[j+t]=modmul(W,S);
- }
- k+=2*t;
- }
- t*=2;
- m/=2;
- }
-
-/* Last iteration merged with n^-1 */
-
- t=DEGREE/2;
- for (j=0;j<t;j++)
- {
- U=x[j];
- V=x[j+t];
- W=U+DEGREE*q-V;
- x[j+t]=modmul(W,(sign32)invpr);
- x[j]=modmul(U+V,(sign32)inv);
- }
-/* convert back from Montgomery to "normal" form */
- for (j=0;j<DEGREE;j++)
- {
- x[j]=redc(x[j]);
- x[j]-=q;
- x[j]+=(x[j]>>(WL-1))&q;
- }
-}
-
-/* See https://eprint.iacr.org/2016/1157.pdf */
-
-static void NHSEncode(byte *key,sign32 *poly)
-{
- int i,j,b,k,kj,q2;
-
- q2=RLWE_PRIME/2;
- for (i=j=0;i<256;)
- {
- kj=key[j++];
- for (k=0;k<8;k++)
- {
- b=kj&1;
- poly[i]=b*q2;
- poly[i+256]=b*q2;
- poly[i+512]=b*q2;
- poly[i+768]=b*q2;
- kj>>=1;
- i++;
- }
- }
-}
-
-static void NHSDecode(sign32 *poly,byte *key)
-{
- int i,j,k;
- sign32 b,t,q2;
- q2=RLWE_PRIME/2;
- for (i=0;i<32;i++)
- key[i]=0;
-
- for (i=j=0;i<256;)
- {
- for (k=0;k<8;k++)
- {
- t=nabs(poly[i]-q2)+nabs(poly[i+256]-q2)+nabs(poly[i+512]-q2)+nabs(poly[i+768]-q2);
-
- b=t-RLWE_PRIME;
- b=(b>>31)&1;
- key[j]=(key[j]>>1)+(b<<7);
- i++;
- }
- j++;
- }
-}
-
-/* convert 32-byte seed to random polynomial */
-
-static void parse(byte *seed,sign32 *poly)
-{
- int i,j;
- sign32 n;
- byte hash[4*DEGREE];
- sha3 sh;
-
- SHA3_init(&sh,SHAKE128);
- for (i=0;i<32;i++)
- SHA3_process(&sh,seed[i]);
- SHA3_shake(&sh,(char *)hash,4*DEGREE);
-
- for (i=j=0;i<DEGREE;i++)
- {
-
- n=hash[j]&0x7f; n<<=8;
- n+=hash[j+1]; n<<=8;
- n+=hash[j+2]; n<<=8;
- n+=hash[j+3]; j+=4;
- poly[i]=nres(n);
- //poly[i]=modmul(n,RLWE_ONE); // reduce 31-bit random number mod q
- }
-}
-
-/* Compress 14 bits polynomial coefficients into byte array */
-/* 7 bytes is 3x14 */
-
-static void NHSpack(sign32 *poly,byte *array)
-{
- int i,j;
- sign32 a,b,c,d;
-
- for (i=j=0;i<DEGREE; )
- {
- a=poly[i++]; b=poly[i++]; c=poly[i++]; d=poly[i++];
- array[j++]=(byte)(a&0xff);
- array[j++]=(byte)(((a>>8)|(b<<6))&0xff);
- array[j++]=(byte)((b>>2)&0xff);
- array[j++]=(byte)(((b>>10)|(c<<4))&0xff);
- array[j++]=(byte)((c>>4)&0xff);
- array[j++]=(byte)(((c>>12)|(d<<2))&0xff);
- array[j++]=(byte)(d>>6);
- }
-}
-
-static void NHSunpack(byte *array,sign32 *poly)
-{
- int i,j;
- sign32 a,b,c,d,e,f,g;
-
- for (i=j=0;i<DEGREE; )
- {
- a=((sign32)array[j++])&0xff; b=((sign32)array[j++])&0xff; c=((sign32)array[j++])&0xff; d=((sign32)array[j++])&0xff; e=((sign32)array[j++])&0xff; f=((sign32)array[j++])&0xff; g=((sign32)array[j++])&0xff;
- poly[i++]=a|((b&0x3f)<<8);
- poly[i++]=(b>>6)|(c<<2)|((d&0xf)<<10);
- poly[i++]=(d>>4)|(e<<4)|((f&3)<<12);
- poly[i++]=(f>>2)|(g<<6);
- }
-}
-
-
-
-/* See https://eprint.iacr.org/2016/1157.pdf */
-
-static void NHSCompress(sign32 *poly,byte *array)
-{
- int i,j,k,b;
- unsign32 col=0;
-
- for (i=j=0;i<DEGREE;)
- {
- for (k=0;k<8;k++)
- {
- b=round((poly[i]*8),RLWE_PRIME)&7;
- col=(col<<3)+b;
- i++;
- }
- array[j]=col&0xff;
- array[j+1]=(col>>8)&0xff;
- array[j+2]=(col>>16)&0xff;
- j+=3; col=0;
- }
-}
-
-static void NHSDecompress(byte *array,sign32 *poly)
-{
- int i,j,k,b;
- unsign32 col=0;
-
- for (i=j=0;i<DEGREE;)
- {
- col=array[j+2];
- col=(col<<8)+array[j+1];
- col=(col<<8)+array[j];
- j+=3;
- for (k=0;k<8;k++)
- {
- b=(col&0xe00000)>>21; col<<=3;
- poly[i]=round((b*RLWE_PRIME),8);
- i++;
- }
- }
-}
-
-/* generate centered binomial distribution */
-
-static void NHSError(csprng *RNG,sign32 *poly)
-{
- int i,j;
- sign32 n1,n2,r;
- for (i=0;i<DEGREE;i++)
- {
- n1=RAND_byte(RNG)+(RAND_byte(RNG)<<8);
- n2=RAND_byte(RNG)+(RAND_byte(RNG)<<8);
- r=0;
- for (j=0;j<16;j++)
- {
- r+=(n1&1)-(n2&1);
- n1>>=1; n2>>=1;
- }
- poly[i]=(r+RLWE_PRIME);
- }
-}
-
-static void redc_it(sign32 *p)
-{
- int i;
- for (i=0;i<DEGREE;i++)
- p[i]=redc(p[i]);
-}
-
-static void nres_it(sign32 *p)
-{
- int i;
- for (i=0;i<DEGREE;i++)
- p[i]=nres(p[i]);
-}
-
-static void poly_mul(sign32 *p1,sign32 *p2,sign32 *p3)
-{
- int i;
- for (i=0;i<DEGREE;i++)
- p1[i]=modmul(p2[i],p3[i]);
-}
-
-static void poly_add(sign32 *p1,sign32 *p2,sign32 *p3)
-{
- int i;
- for (i=0;i<DEGREE;i++)
- p1[i]=(p2[i]+p3[i]);
-}
-
-static void poly_sub(sign32 *p1,sign32 *p2,sign32 *p3)
-{
- int i;
- for (i=0;i<DEGREE;i++)
- p1[i]=(p2[i]+RLWE_PRIME-p3[i]);
-}
-
-/* reduces inputs < 2q */
-static void poly_soft_reduce(sign32 *poly)
-{
- int i;
- sign32 e;
- for (i=0;i<DEGREE;i++)
- {
- e=poly[i]-RLWE_PRIME;
- poly[i]=e+((e>>(WL-1))&RLWE_PRIME);
- }
-}
-
-/* fully reduces modulo q */
-static void poly_hard_reduce(sign32 *poly)
-{
- int i;
- sign32 e;
- for (i=0;i<DEGREE;i++)
- {
- e=modmul(poly[i],RLWE_ONE);
- e=e-RLWE_PRIME;
- poly[i]=e+((e>>(WL-1))&RLWE_PRIME);
- }
-}
-
-/* API files */
-
-void NHS_SERVER_1(csprng *RNG,octet *SB,octet *S)
-{
- int i;
- byte seed[32],array[1792];
- sign32 s[DEGREE],e[DEGREE],b[DEGREE];
-
- for (i=0;i<32;i++)
- seed[i]=RAND_byte(RNG);
-
- parse(seed,b);
-
- NHSError(RNG,e);
- NHSError(RNG,s);
-
- ntt(s);
- ntt(e);
- poly_mul(b,b,s);
- poly_add(b,b,e);
- poly_hard_reduce(b);
-
- redc_it(b);
- NHSpack(b,array);
-
- OCT_empty(SB);
- OCT_jbytes(SB,(char *)seed,32);
- OCT_jbytes(SB,(char *)array,1792);
-
- poly_hard_reduce(s);
-
- NHSpack(s,array);
- OCT_empty(S);
- OCT_jbytes(S,(char *)array,1792);
-
-}
-
-void NHS_CLIENT(csprng *RNG,octet *SB,octet *UC,octet *KEY)
-{
- int i;
- sha3 sh;
- byte seed[32],array[1792],key[32],cc[384];
- sign32 sd[DEGREE],ed[DEGREE],u[DEGREE],k[DEGREE],c[DEGREE];
- NHSError(RNG,sd);
- NHSError(RNG,ed);
-
- ntt(sd);
- ntt(ed);
-
- for (i=0;i<32;i++)
- seed[i]=SB->val[i];
-
- for (i=0;i<1792;i++)
- array[i]=SB->val[i+32];
-
- parse(seed,u);
-
- poly_mul(u,u,sd);
- poly_add(u,u,ed);
- poly_hard_reduce(u);
-
- for (i=0;i<32;i++)
- key[i]=RAND_byte(RNG);
-
- SHA3_init(&sh,SHA3_HASH256);
- for (i=0;i<32;i++)
- SHA3_process(&sh,key[i]);
- SHA3_hash(&sh,(char *)key);
-
- NHSEncode(key,k);
-
- NHSunpack(array,c);
- nres_it(c);
-
- poly_mul(c,c,sd);
- intt(c);
- NHSError(RNG,ed);
- poly_add(c,c,ed);
- poly_add(c,c,k);
-
- NHSCompress(c,cc);
-
- SHA3_init(&sh,SHA3_HASH256);
- for (i=0;i<32;i++)
- SHA3_process(&sh,key[i]);
- SHA3_hash(&sh,(char *)key);
-
- OCT_empty(KEY);
- OCT_jbytes(KEY,(char *)key,32);
-
- redc_it(u);
- NHSpack(u,array);
-
- OCT_empty(UC);
- OCT_jbytes(UC,(char *)array,1792);
- OCT_jbytes(UC,(char *)cc,384);
-}
-
-void NHS_SERVER_2(octet *S,octet *UC,octet *KEY)
-{
- int i;
- sha3 sh;
- sign32 c[DEGREE],s[DEGREE],k[DEGREE];
- byte array[1792],key[32],cc[384];
-
- for (i=0;i<1792;i++)
- array[i]=UC->val[i];
-
- NHSunpack(array,k);
- nres_it(k);
-
- for (i=0;i<384;i++)
- cc[i]=UC->val[i+1792];
-
- NHSDecompress(cc,c);
-
- for (i=0;i<1792;i++)
- array[i]=S->val[i];
-
- NHSunpack(array,s);
-
- poly_mul(k,k,s);
- intt(k);
- poly_sub(k,c,k);
- poly_soft_reduce(k);
-
- NHSDecode(k,key);
-
- SHA3_init(&sh,SHA3_HASH256);
- for (i=0;i<32;i++)
- SHA3_process(&sh,key[i]);
- SHA3_hash(&sh,(char *)key);
-
- OCT_empty(KEY);
- OCT_jbytes(KEY,(char *)key,32);
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/newhope.h
----------------------------------------------------------------------
diff --git a/version3/c/newhope.h b/version3/c/newhope.h
deleted file mode 100644
index 8e18a9a..0000000
--- a/version3/c/newhope.h
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/* NewHope Simple API */
-
-#ifndef NHS_H
-#define NHS_H
-
-#include "amcl.h"
-
-/** @brief NHS server first pass
- *
- @param RNG Random Number Generator handle
- @param SB seed and polynomial B concatenated - output
- @param S server secret - output
-
- */
-extern void NHS_SERVER_1(csprng *RNG,octet *SB,octet *S);
-/** @brief NHS client pass
- *
- @param RNG Random Number Generator handle
- @param SB seed and polynomial B concatenated - input
- @param UC polynomial U and compressed polynomial c - output
- @param KEY client key
- */
-extern void NHS_CLIENT(csprng *RNG,octet *SB,octet *UC,octet *KEY);
-/** @brief NHS server second pass
- *
- @param S server secret - input
- @param UC polynomial U and compressed polynomial c - input
- @param KEY server key
- */
-extern void NHS_SERVER_2(octet *S,octet *UC,octet *KEY);
-
-#endif
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/oct.c
----------------------------------------------------------------------
diff --git a/version3/c/oct.c b/version3/c/oct.c
deleted file mode 100644
index 545f140..0000000
--- a/version3/c/oct.c
+++ /dev/null
@@ -1,429 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/*** Basic Octet string maintainance routines ***/
-/* SU=m, m is Stack Usage */
-
-#include <string.h>
-#include "amcl.h"
-
-/* Output an octet string (Debug Only) */
-
-/* SU= 16 */
-/* output octet */
-void OCT_output(octet *w)
-{
- int i;
- unsigned char ch;
- for (i=0; i<w->len; i++)
- {
- ch=w->val[i];
- printf("%02x",ch);
- }
- printf("\n");
-}
-
-/* SU= 16 */
-void OCT_output_string(octet *w)
-{
- int i;
- unsigned char ch;
- for (i=0; i<w->len; i++)
- {
- ch=w->val[i];
- printf("%c",ch);
- }
- /* printf("\n"); */
-}
-
-/* Convert C string to octet format - truncates if no room */
-void OCT_jstring(octet *y,char *s)
-{
- int i,j;
- i=y->len;
- j=0;
- while (s[j]!=0 && i<y->max)
- {
- y->val[i]=s[j];
- y->len++;
- i++;
- j++;
- }
-}
-
-/* compare 2 octet strings.
- * If x==y return TRUE, else return FALSE */
-/* SU= 8 */
-int OCT_comp(octet *x,octet *y)
-{
- int i;
- if (x->len>y->len) return 0;
- if (x->len<y->len) return 0;
- for (i=0; i<x->len; i++)
- {
- if (x->val[i]!=y->val[i]) return 0;
- }
- return 1;
-}
-
-/* check are first n bytes the same (in constant time) */
-
-int OCT_ncomp(octet *x,octet *y,int n)
-{
- int i,res=0;
- if (n>y->len || n>x->len) return 0;
- for (i=0; i<n; i++)
- {
- res|=(int)(x->val[i]^y->val[i]);
- }
- if (res==0) return 1;
- return 0;
-}
-
-/* Shift octet to the left by n bytes. Leftmost bytes disappear */
-void OCT_shl(octet *x,int n)
-{
- int i;
- if (n>=x->len)
- {
- x->len=0;
- return;
- }
- x->len-=n;
- for (i=0; i<x->len; i++)
- x->val[i]=x->val[i+n];
-}
-
-/* Append binary string to octet - truncates if no room */
-/* SU= 12 */
-void OCT_jbytes(octet *y,char *b,int len)
-{
- int i,j;
- i=y->len;
- for (j=0; j<len && i<y->max; j++)
- {
- y->val[i]=b[j];
- y->len++;
- i++;
- }
-}
-
-/* Concatenates two octet strings */
-/* SU= 8 */
-void OCT_joctet(octet *y,octet *x)
-{
- /* y=y || x */
- int i,j;
- if (x==NULL) return;
-
- for (i=0; i<x->len; i++)
- {
- j=y->len+i;
- if (j>=y->max)
- {
- y->len=y->max;
- return;
- }
- y->val[j]=x->val[i];
- }
- y->len+=x->len;
-}
-
-/* Append byte to octet rep times */
-/* SU= 8 */
-void OCT_jbyte(octet *y,int ch,int rep)
-{
- int i,j;
- i=y->len;
- for (j=0; j<rep && i<y->max; j++)
- {
- y->val[i]=ch;
- y->len++;
- i++;
- }
-}
-
-/* XOR common bytes of x with y */
-/* SU= 8 */
-void OCT_xor(octet *y,octet *x)
-{
- /* xor first x->len bytes of y */
-
- int i;
- for (i=0; i<x->len && i<y->len; i++)
- {
- y->val[i]^=x->val[i];
- }
-}
-
-/* clear an octet */
-void OCT_empty(octet *w)
-{
- w->len=0;
-}
-
-/* Kill an octet string - Zeroise it for security */
-void OCT_clear(octet *w)
-{
- int i;
- for (i=0; i<w->max; i++) w->val[i]=0;
- w->len=0;
-}
-
-/* appends int x of length len bytes to OCTET string */
-/* SU= 8 */
-void OCT_jint(octet *y,int x,int len)
-{
- int i,n;
- n=y->len+len;
- if (n>y->max || len<=0) return;
- for (i=y->len; i<n; i++) y->val[i]=0;
- y->len=n;
-
- i=y->len;
- while (x>0 && i>0)
- {
- i--;
- y->val[i]=x%256;
- x/=256;
- }
-}
-
-/* Pad an octet to a given length */
-/* SU= 8 */
-int OCT_pad(octet *w,int n)
-{
- int i,d;
- if (w->len>n || n>w->max) return 0;
- if (n==w->len) return 1;
- d=n-w->len;
- for (i=n-1; i>=d; i--)
- w->val[i]=w->val[i-d];
- for (i=d-1; i>=0; i--)
- w->val[i]=0;
- w->len=n;
- return 1;
-}
-
-
-/* Convert an octet string to base64 string */
-/* SU= 56 */
-void OCT_tobase64(char *b,octet *w)
-{
- int i,j,k,rem,last;
- int c,ch[4];
- unsigned char ptr[3];
- rem=w->len%3;
- j=k=0;
- last=4;
- while (j<w->len)
- {
- for (i=0; i<3; i++)
- {
- if (j<w->len) ptr[i]=w->val[j++];
- else
- {
- ptr[i]=0;
- last--;
- }
- }
- ch[0]=(ptr[0]>>2)&0x3f;
- ch[1]=((ptr[0]<<4)|(ptr[1]>>4))&0x3f;
- ch[2]=((ptr[1]<<2)|(ptr[2]>>6))&0x3f;
- ch[3]=ptr[2]&0x3f;
- for (i=0; i<last; i++)
- {
- c=ch[i];
- if (c<26) c+=65;
- if (c>=26 && c<52) c+=71;
- if (c>=52 && c<62) c-=4;
- if (c==62) c='+';
- if (c==63) c='/';
- b[k++]=c;
- }
- }
- if (rem>0) for (i=rem; i<3; i++) b[k++]='=';
- b[k]='\0'; /* dangerous! */
-}
-
-/* SU= 56 */
-void OCT_frombase64(octet *w,char *b)
-{
- int i,j,k,pads,len=(int)strlen(b);
- int c,ch[4],ptr[3];
- /* int lead=1; */
- j=k=0;
- while (j<len && k<w->max)
- {
- pads=0;
- for (i=0; i<4; i++)
- {
- c=80+b[j++];
- if (c<=112) continue; /* ignore white space */
- if (c>144 && c<171) c-=145;
- if (c>176 && c<203) c-=151;
- if (c>127 && c<138) c-=76;
- if (c==123) c=62;
- if (c==127) c=63;
- if (c==141)
- {
- pads++; /* ignore pads '=' */
- continue;
- }
- ch[i]=c;
- }
- ptr[0]=(ch[0]<<2)|(ch[1]>>4);
- ptr[1]=(ch[1]<<4)|(ch[2]>>2);
- ptr[2]=(ch[2]<<6)|ch[3];
- for (i=0; i<3-pads && k<w->max; i++)
- {
- /* don't put in leading zeros */
- /* if (lead && ptr[i]==0) continue; */
- w->val[k++]=ptr[i];
- /* lead=0; */
- }
-
- }
- w->len=k;
-}
-
-/* copy an octet string - truncates if no room */
-/* SU= 16 */
-void OCT_copy(octet *y,octet *x)
-{
- int i;
- OCT_clear(y);
- y->len=x->len;
- if (y->len>y->max) y->len=y->max;
-
- for (i=0; i<y->len; i++)
- y->val[i]=x->val[i];
-}
-
-/* XOR m with all of x */
-void OCT_xorbyte(octet *x,int m)
-{
- int i;
- for (i=0; i<x->len; i++) x->val[i]^=m;
-}
-
-/* truncates x to n bytes and places the rest in y (if y is not NULL) */
-/* SU= 8 */
-void OCT_chop(octet *x,octet *y,int n)
-{
- int i;
- if (n>=x->len)
- {
- if (y!=NULL) y->len=0;
- return;
- }
- if (y!=NULL) y->len=x->len-n;
- x->len=n;
-
- if (y!=NULL)
- {
- for (i=0; i<y->len && i<y->max; i++) y->val[i]=x->val[i+n];
- }
-}
-
-/* set x to len random bytes */
-void OCT_rand(octet *x,csprng *RNG,int len)
-{
- int i;
- if (len>x->max) len=x->max;
- x->len=len;
-
- for (i=0; i<len; i++) x->val[i]=RAND_byte(RNG);
-}
-
-/* Convert an octet to a hex string */
-void OCT_toHex(octet *src,char *dst)
-{
- int i;
- unsigned char ch;
- for (i=0; i<src->len; i++)
- {
- ch=src->val[i];
- sprintf(&dst[i*2],"%02x", ch);
- }
-}
-
-static int char2int(char input)
-{
- if(input >= '0' && input <= '9')
- return input - '0';
- if(input >= 'A' && input <= 'F')
- return input - 'A' + 10;
- if(input >= 'a' && input <= 'f')
- return input - 'a' + 10;
- return 0;
-}
-
-/* Convert from a hex string */
-void OCT_fromHex(octet *dst,char *src)
-{
- int i=0;
- int j=0;
- OCT_clear(dst);
-
- while(src[j]!=0)
- {
- dst->val[i++] = char2int(src[j])*16 + char2int(src[j+1]);
- j += 2;
- }
- dst->len=i;
-}
-
-
-/* Convert an octet to a string */
-void OCT_toStr(octet *src,char *dst)
-{
- int i;
- unsigned char ch;
- for (i=0; i<src->len; i++)
- {
- ch=src->val[i];
- sprintf(&dst[i],"%c", ch);
- }
-}
-
-/* Test program
-#include <stdio.h>
-#include "amcl.h"
-
-char test[]="abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
-
-int main()
-{
- char gm[100],gn[100],t[100];
- octet m={0,sizeof(gm),gm};
- octet n={0,sizeof(gn),gn};
-
- OCT_jbytes(&m,test,strlen(test));
- OCT_output(&m);
-
- OCT_tobase64(t,&m);
- printf(t); printf("\n");
-
- OCT_frombase64(&n,t);
- OCT_output(&n);
-
- return 0;
-}
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/pair.c
----------------------------------------------------------------------
diff --git a/version3/c/pair.c b/version3/c/pair.c
deleted file mode 100644
index 45af60a..0000000
--- a/version3/c/pair.c
+++ /dev/null
@@ -1,1027 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL BN Curve pairing functions */
-
-//#define HAS_MAIN
-
-#include "pair_ZZZ.h"
-
-/* Line function */
-static void PAIR_ZZZ_line(FP12_YYY *v,ECP2_ZZZ *A,ECP2_ZZZ *B,FP_YYY *Qx,FP_YYY *Qy)
-{
- FP2_YYY X1,Y1,T1,T2;
- FP2_YYY XX,YY,ZZ,YZ;
- FP4_YYY a,b,c;
-
- if (A==B)
- {
- /* doubling */
- FP2_YYY_copy(&XX,&(A->x)); //FP2 XX=new FP2(A.getx()); //X
- FP2_YYY_copy(&YY,&(A->y)); //FP2 YY=new FP2(A.gety()); //Y
- FP2_YYY_copy(&ZZ,&(A->z)); //FP2 ZZ=new FP2(A.getz()); //Z
-
-
- FP2_YYY_copy(&YZ,&YY); //FP2 YZ=new FP2(YY); //Y
- FP2_YYY_mul(&YZ,&YZ,&ZZ); //YZ.mul(ZZ); //YZ
- FP2_YYY_sqr(&XX,&XX); //XX.sqr(); //X^2
- FP2_YYY_sqr(&YY,&YY); //YY.sqr(); //Y^2
- FP2_YYY_sqr(&ZZ,&ZZ); //ZZ.sqr(); //Z^2
-
- FP2_YYY_imul(&YZ,&YZ,4); //YZ.imul(4);
- FP2_YYY_neg(&YZ,&YZ); //YZ.neg();
- FP2_YYY_norm(&YZ); //YZ.norm(); //-4YZ
-
- FP2_YYY_imul(&XX,&XX,6); //6X^2
- FP2_YYY_pmul(&XX,&XX,Qx); //6X^2.Xs
-
- FP2_YYY_imul(&ZZ,&ZZ,3*CURVE_B_I_ZZZ); //3Bz^2
-
- FP2_YYY_pmul(&YZ,&YZ,Qy); //-4YZ.Ys
-
-#if SEXTIC_TWIST_ZZZ==D_TYPE
- FP2_YYY_div_ip2(&ZZ); //6(b/i)z^2
-#endif
-#if SEXTIC_TWIST_ZZZ==M_TYPE
- FP2_YYY_mul_ip(&ZZ);
- FP2_YYY_add(&ZZ,&ZZ,&ZZ); // 6biz^2
- FP2_YYY_mul_ip(&YZ);
- FP2_YYY_norm(&YZ);
-#endif
- FP2_YYY_norm(&ZZ); // 6bi.Z^2
-
- FP2_YYY_add(&YY,&YY,&YY); // 2y^2
- FP2_YYY_sub(&ZZ,&ZZ,&YY); //
- FP2_YYY_norm(&ZZ); // 6b.Z^2-2Y^2
-
- FP4_YYY_from_FP2s(&a,&YZ,&ZZ); // -4YZ.Ys | 6b.Z^2-2Y^2 | 6X^2.Xs
-#if SEXTIC_TWIST_ZZZ==D_TYPE
- FP4_YYY_from_FP2(&b,&XX);
- FP4_YYY_zero(&c);
-#endif
-#if SEXTIC_TWIST_ZZZ==M_TYPE
- FP4_YYY_zero(&b);
- FP4_YYY_from_FP2H(&c,&XX);
-#endif
-
- ECP2_ZZZ_dbl(A); //A.dbl();
- }
- else
- {
- /* addition */
-
- FP2_YYY_copy(&X1,&(A->x)); //FP2 X1=new FP2(A.getx()); // X1
- FP2_YYY_copy(&Y1,&(A->y)); //FP2 Y1=new FP2(A.gety()); // Y1
- FP2_YYY_copy(&T1,&(A->z)); //FP2 T1=new FP2(A.getz()); // Z1
-
- FP2_YYY_copy(&T2,&T1); //FP2 T2=new FP2(A.getz()); // Z1
-
- FP2_YYY_mul(&T1,&T1,&(B->y)); //T1.mul(B.gety()); // T1=Z1.Y2
- FP2_YYY_mul(&T2,&T2,&(B->x)); //T2.mul(B.getx()); // T2=Z1.X2
-
- FP2_YYY_sub(&X1,&X1,&T2); //X1.sub(T2);
- FP2_YYY_norm(&X1); //X1.norm(); // X1=X1-Z1.X2
- FP2_YYY_sub(&Y1,&Y1,&T1); //Y1.sub(T1);
- FP2_YYY_norm(&Y1); //Y1.norm(); // Y1=Y1-Z1.Y2
-
- FP2_YYY_copy(&T1,&X1); //T1.copy(X1); // T1=X1-Z1.X2
-
- FP2_YYY_pmul(&X1,&X1,Qy); //X1.pmul(Qy); // X1=(X1-Z1.X2).Ys
-#if SEXTIC_TWIST_ZZZ==M_TYPE
- FP2_YYY_mul_ip(&X1);
- FP2_YYY_norm(&X1);
-#endif
-
- FP2_YYY_mul(&T1,&T1,&(B->y)); //T1.mul(B.gety()); // T1=(X1-Z1.X2).Y2
-
- FP2_YYY_copy(&T2,&Y1); //T2.copy(Y1); // T2=Y1-Z1.Y2
- FP2_YYY_mul(&T2,&T2,&(B->x)); //T2.mul(B.getx()); // T2=(Y1-Z1.Y2).X2
- FP2_YYY_sub(&T2,&T2,&T1); //T2.sub(T1);
- FP2_YYY_norm(&T2); //T2.norm(); // T2=(Y1-Z1.Y2).X2 - (X1-Z1.X2).Y2
- FP2_YYY_pmul(&Y1,&Y1,Qx); //Y1.pmul(Qx);
- FP2_YYY_neg(&Y1,&Y1); //Y1.neg();
- FP2_YYY_norm(&Y1); //Y1.norm(); // Y1=-(Y1-Z1.Y2).Xs
-
- FP4_YYY_from_FP2s(&a,&X1,&T2); // (X1-Z1.X2).Ys | (Y1-Z1.Y2).X2 - (X1-Z1.X2).Y2 | - (Y1-Z1.Y2).Xs
-#if SEXTIC_TWIST_ZZZ==D_TYPE
- FP4_YYY_from_FP2(&b,&Y1); //b=new FP4(Y1);
- FP4_YYY_zero(&c);
-#endif
-#if SEXTIC_TWIST_ZZZ==M_TYPE
- FP4_YYY_zero(&b);
- FP4_YYY_from_FP2H(&c,&Y1); //b=new FP4(Y1);
-#endif
- ECP2_ZZZ_add(A,B); //A.add(B);
- }
-
- FP12_YYY_from_FP4s(v,&a,&b,&c);
-// FP12_YYY_norm(v);
-}
-
-/* Optimal R-ate pairing r=e(P,Q) */
-void PAIR_ZZZ_ate(FP12_YYY *r,ECP2_ZZZ *P1,ECP_ZZZ *Q1)
-{
-
- BIG_XXX x,n,n3;
- FP_YYY Qx,Qy;
- int i,nb,bt;
- ECP2_ZZZ A,NP,P;
- ECP_ZZZ Q;
- FP12_YYY lv;
-#if PAIRING_FRIENDLY_ZZZ==BN
- ECP2_ZZZ KA;
- FP2_YYY X;
-
- FP_YYY_rcopy(&Qx,Fra_YYY);
- FP_YYY_rcopy(&Qy,Frb_YYY);
- FP2_YYY_from_FPs(&X,&Qx,&Qy);
-
-#if SEXTIC_TWIST_ZZZ==M_TYPE
- FP2_YYY_inv(&X,&X);
- FP2_YYY_norm(&X);
-#endif
-#endif
-
- BIG_XXX_rcopy(x,CURVE_Bnx_ZZZ);
-
-#if PAIRING_FRIENDLY_ZZZ==BN
- BIG_XXX_pmul(n,x,6);
-#if SIGN_OF_X_ZZZ==POSITIVEX
- BIG_XXX_inc(n,2);
-#else
- BIG_XXX_dec(n,2);
-#endif
-#else
- BIG_XXX_copy(n,x);
-#endif
-
- BIG_XXX_norm(n);
- BIG_XXX_pmul(n3,n,3);
- BIG_XXX_norm(n3);
-
-// ECP2_ZZZ_affine(P);
-// ECP_ZZZ_affine(Q);
-
- ECP2_ZZZ_copy(&P,P1);
- ECP_ZZZ_copy(&Q,Q1);
-
- ECP2_ZZZ_affine(&P);
- ECP_ZZZ_affine(&Q);
-
- FP_YYY_copy(&Qx,&(Q.x));
- FP_YYY_copy(&Qy,&(Q.y));
-
- ECP2_ZZZ_copy(&A,&P);
- ECP2_ZZZ_copy(&NP,&P); ECP2_ZZZ_neg(&NP);
-
- FP12_YYY_one(r);
- nb=BIG_XXX_nbits(n3); //n
-
- /* Main Miller Loop */
- for (i=nb-2; i>=1; i--) //0
- {
- FP12_YYY_sqr(r,r);
- PAIR_ZZZ_line(&lv,&A,&A,&Qx,&Qy);
- FP12_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
- //bt=BIG_XXX_bit(n,i);
- bt=BIG_XXX_bit(n3,i)-BIG_XXX_bit(n,i);
- if (bt==1)
- {
-
- PAIR_ZZZ_line(&lv,&A,&P,&Qx,&Qy);
- FP12_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
- }
- if (bt==-1)
- {
- //ECP2_ZZZ_neg(P);
- PAIR_ZZZ_line(&lv,&A,&NP,&Qx,&Qy);
- FP12_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
- //ECP2_ZZZ_neg(P);
- }
-
-// FP12_YYY_sqr(r,r);
- }
-
-// PAIR_ZZZ_line(&lv,&A,&A,&Qx,&Qy);
-// FP12_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
-
-// if (BIG_XXX_parity(n))
-// {
- // PAIR_ZZZ_line(&lv,&A,P,&Qx,&Qy);
- // FP12_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
- //}
-
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- FP12_YYY_conj(r,r);
-#endif
-
- /* R-ate fixup required for BN curves */
-#if PAIRING_FRIENDLY_ZZZ==BN
- ECP2_ZZZ_copy(&KA,&P);
- ECP2_ZZZ_frob(&KA,&X);
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- ECP2_ZZZ_neg(&A);
-// FP12_YYY_conj(r,r);
-#endif
- PAIR_ZZZ_line(&lv,&A,&KA,&Qx,&Qy);
- FP12_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
- ECP2_ZZZ_frob(&KA,&X);
- ECP2_ZZZ_neg(&KA);
- PAIR_ZZZ_line(&lv,&A,&KA,&Qx,&Qy);
- FP12_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
-#endif
-}
-
-/* Optimal R-ate double pairing e(P,Q).e(R,S) */
-void PAIR_ZZZ_double_ate(FP12_YYY *r,ECP2_ZZZ *P1,ECP_ZZZ *Q1,ECP2_ZZZ *R1,ECP_ZZZ *S1)
-{
- BIG_XXX x,n,n3;
- FP_YYY Qx,Qy,Sx,Sy;
- int i,nb,bt;
- ECP2_ZZZ A,B,NP,NR,P,R;
- ECP_ZZZ Q,S;
- FP12_YYY lv;
-#if PAIRING_FRIENDLY_ZZZ==BN
- FP2_YYY X;
- ECP2_ZZZ K;
-
- FP_YYY_rcopy(&Qx,Fra_YYY);
- FP_YYY_rcopy(&Qy,Frb_YYY);
- FP2_YYY_from_FPs(&X,&Qx,&Qy);
-
-#if SEXTIC_TWIST_ZZZ==M_TYPE
- FP2_YYY_inv(&X,&X);
- FP2_YYY_norm(&X);
-#endif
-#endif
-
- BIG_XXX_rcopy(x,CURVE_Bnx_ZZZ);
-
-#if PAIRING_FRIENDLY_ZZZ==BN
- BIG_XXX_pmul(n,x,6);
-#if SIGN_OF_X_ZZZ==POSITIVEX
- BIG_XXX_inc(n,2);
-#else
- BIG_XXX_dec(n,2);
-#endif
-#else
- BIG_XXX_copy(n,x);
-#endif
-
- BIG_XXX_norm(n);
- BIG_XXX_pmul(n3,n,3);
- BIG_XXX_norm(n3);
-
- ECP2_ZZZ_copy(&P,P1);
- ECP_ZZZ_copy(&Q,Q1);
-
- ECP2_ZZZ_affine(&P);
- ECP_ZZZ_affine(&Q);
-
- ECP2_ZZZ_copy(&R,R1);
- ECP_ZZZ_copy(&S,S1);
-
- ECP2_ZZZ_affine(&R);
- ECP_ZZZ_affine(&S);
-
- FP_YYY_copy(&Qx,&(Q.x));
- FP_YYY_copy(&Qy,&(Q.y));
-
- FP_YYY_copy(&Sx,&(S.x));
- FP_YYY_copy(&Sy,&(S.y));
-
- ECP2_ZZZ_copy(&A,&P);
- ECP2_ZZZ_copy(&B,&R);
-
- ECP2_ZZZ_copy(&NP,&P); ECP2_ZZZ_neg(&NP);
- ECP2_ZZZ_copy(&NR,&R); ECP2_ZZZ_neg(&NR);
-
-
- FP12_YYY_one(r);
- nb=BIG_XXX_nbits(n3);
-
- /* Main Miller Loop */
- for (i=nb-2; i>=1; i--)
- {
- FP12_YYY_sqr(r,r);
- PAIR_ZZZ_line(&lv,&A,&A,&Qx,&Qy);
- FP12_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
-
- PAIR_ZZZ_line(&lv,&B,&B,&Sx,&Sy);
- FP12_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
-
- bt=BIG_XXX_bit(n3,i)-BIG_XXX_bit(n,i);
- //bt=BIG_XXX_bit(n,i);
- if (bt==1)
- {
- PAIR_ZZZ_line(&lv,&A,&P,&Qx,&Qy);
- FP12_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
-
- PAIR_ZZZ_line(&lv,&B,&R,&Sx,&Sy);
- FP12_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
- }
-
- if (bt==-1)
- {
- //ECP2_ZZZ_neg(P);
- PAIR_ZZZ_line(&lv,&A,&NP,&Qx,&Qy);
- FP12_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
- //ECP2_ZZZ_neg(P);
-
- //ECP2_ZZZ_neg(R);
- PAIR_ZZZ_line(&lv,&B,&NR,&Sx,&Sy);
- FP12_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
- //ECP2_ZZZ_neg(R);
- }
-
- //FP12_YYY_sqr(r,r);
-
- }
-
- // PAIR_ZZZ_line(&lv,&A,&A,&Qx,&Qy);
- // FP12_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
-
- // PAIR_ZZZ_line(&lv,&B,&B,&Sx,&Sy);
- // FP12_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
-
- // if (BIG_XXX_parity(n))
- // {
- // PAIR_ZZZ_line(&lv,&A,P,&Qx,&Qy);
- // FP12_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
-
- // PAIR_ZZZ_line(&lv,&B,R,&Sx,&Sy);
- // FP12_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
- // }
-
- /* R-ate fixup required for BN curves */
-
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- FP12_YYY_conj(r,r);
-#endif
-
-#if PAIRING_FRIENDLY_ZZZ==BN
-
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- //FP12_YYY_conj(r,r);
- ECP2_ZZZ_neg(&A);
- ECP2_ZZZ_neg(&B);
-#endif
-
- ECP2_ZZZ_copy(&K,&P);
- ECP2_ZZZ_frob(&K,&X);
-
- PAIR_ZZZ_line(&lv,&A,&K,&Qx,&Qy);
- FP12_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
- ECP2_ZZZ_frob(&K,&X);
- ECP2_ZZZ_neg(&K);
- PAIR_ZZZ_line(&lv,&A,&K,&Qx,&Qy);
- FP12_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
-
- ECP2_ZZZ_copy(&K,&R);
- ECP2_ZZZ_frob(&K,&X);
-
- PAIR_ZZZ_line(&lv,&B,&K,&Sx,&Sy);
- FP12_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
- ECP2_ZZZ_frob(&K,&X);
- ECP2_ZZZ_neg(&K);
- PAIR_ZZZ_line(&lv,&B,&K,&Sx,&Sy);
- FP12_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
-
-#endif
-}
-
-/* final exponentiation - keep separate for multi-pairings and to avoid thrashing stack */
-void PAIR_ZZZ_fexp(FP12_YYY *r)
-{
- FP2_YYY X;
- BIG_XXX x;
- FP_YYY a,b;
- FP12_YYY t0,y0,y1,y2,y3;
-
- BIG_XXX_rcopy(x,CURVE_Bnx_ZZZ);
- FP_YYY_rcopy(&a,Fra_YYY);
- FP_YYY_rcopy(&b,Frb_YYY);
- FP2_YYY_from_FPs(&X,&a,&b);
-
- /* Easy part of final exp */
-
- FP12_YYY_inv(&t0,r);
- FP12_YYY_conj(r,r);
-
- FP12_YYY_mul(r,&t0);
- FP12_YYY_copy(&t0,r);
-
- FP12_YYY_frob(r,&X);
- FP12_YYY_frob(r,&X);
- FP12_YYY_mul(r,&t0);
-
- /* Hard part of final exp - see Duquesne & Ghamman eprint 2015/192.pdf */
-#if PAIRING_FRIENDLY_ZZZ==BN
- FP12_YYY_pow(&t0,r,x); // t0=f^-u
-#if SIGN_OF_X_ZZZ==POSITIVEX
- FP12_YYY_conj(&t0,&t0);
-#endif
- FP12_YYY_usqr(&y3,&t0); // y3=t0^2
- FP12_YYY_copy(&y0,&t0);
- FP12_YYY_mul(&y0,&y3); // y0=t0*y3
- FP12_YYY_copy(&y2,&y3);
- FP12_YYY_frob(&y2,&X); // y2=y3^p
- FP12_YYY_mul(&y2,&y3); //y2=y2*y3
- FP12_YYY_usqr(&y2,&y2); //y2=y2^2
- FP12_YYY_mul(&y2,&y3); // y2=y2*y3
-
- FP12_YYY_pow(&t0,&y0,x); //t0=y0^-u
-#if SIGN_OF_X_ZZZ==POSITIVEX
- FP12_YYY_conj(&t0,&t0);
-#endif
- FP12_YYY_conj(&y0,r); //y0=~r
- FP12_YYY_copy(&y1,&t0);
- FP12_YYY_frob(&y1,&X);
- FP12_YYY_frob(&y1,&X); //y1=t0^p^2
- FP12_YYY_mul(&y1,&y0); // y1=y0*y1
- FP12_YYY_conj(&t0,&t0); // t0=~t0
- FP12_YYY_copy(&y3,&t0);
- FP12_YYY_frob(&y3,&X); //y3=t0^p
- FP12_YYY_mul(&y3,&t0); // y3=t0*y3
- FP12_YYY_usqr(&t0,&t0); // t0=t0^2
- FP12_YYY_mul(&y1,&t0); // y1=t0*y1
-
- FP12_YYY_pow(&t0,&y3,x); // t0=y3^-u
-#if SIGN_OF_X_ZZZ==POSITIVEX
- FP12_YYY_conj(&t0,&t0);
-#endif
- FP12_YYY_usqr(&t0,&t0); //t0=t0^2
- FP12_YYY_conj(&t0,&t0); //t0=~t0
- FP12_YYY_mul(&y3,&t0); // y3=t0*y3
-
- FP12_YYY_frob(r,&X);
- FP12_YYY_copy(&y0,r);
- FP12_YYY_frob(r,&X);
- FP12_YYY_mul(&y0,r);
- FP12_YYY_frob(r,&X);
- FP12_YYY_mul(&y0,r);
-
- FP12_YYY_usqr(r,&y3); //r=y3^2
- FP12_YYY_mul(r,&y2); //r=y2*r
- FP12_YYY_copy(&y3,r);
- FP12_YYY_mul(&y3,&y0); // y3=r*y0
- FP12_YYY_mul(r,&y1); // r=r*y1
- FP12_YYY_usqr(r,r); // r=r^2
- FP12_YYY_mul(r,&y3); // r=r*y3
- FP12_YYY_reduce(r);
-#else
-// Ghamman & Fouotsa Method
-
- FP12_YYY_usqr(&y0,r);
- FP12_YYY_pow(&y1,&y0,x);
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- FP12_YYY_conj(&y1,&y1);
-#endif
-
-
- BIG_XXX_fshr(x,1);
- FP12_YYY_pow(&y2,&y1,x);
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- FP12_YYY_conj(&y2,&y2);
-#endif
-
-
- BIG_XXX_fshl(x,1); // x must be even
- FP12_YYY_conj(&y3,r);
- FP12_YYY_mul(&y1,&y3);
-
- FP12_YYY_conj(&y1,&y1);
- FP12_YYY_mul(&y1,&y2);
-
- FP12_YYY_pow(&y2,&y1,x);
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- FP12_YYY_conj(&y2,&y2);
-#endif
-
- FP12_YYY_pow(&y3,&y2,x);
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- FP12_YYY_conj(&y3,&y3);
-#endif
- FP12_YYY_conj(&y1,&y1);
- FP12_YYY_mul(&y3,&y1);
-
- FP12_YYY_conj(&y1,&y1);
- FP12_YYY_frob(&y1,&X);
- FP12_YYY_frob(&y1,&X);
- FP12_YYY_frob(&y1,&X);
- FP12_YYY_frob(&y2,&X);
- FP12_YYY_frob(&y2,&X);
- FP12_YYY_mul(&y1,&y2);
-
- FP12_YYY_pow(&y2,&y3,x);
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- FP12_YYY_conj(&y2,&y2);
-#endif
- FP12_YYY_mul(&y2,&y0);
- FP12_YYY_mul(&y2,r);
-
- FP12_YYY_mul(&y1,&y2);
- FP12_YYY_copy(&y2,&y3);
- FP12_YYY_frob(&y2,&X);
- FP12_YYY_mul(&y1,&y2);
- FP12_YYY_copy(r,&y1);
- FP12_YYY_reduce(r);
-
-// Aranha et al method as described by Ghamman & Fouotsa
- /*
- FP12_YYY_usqr(&y0,r); // t0=f^2
- FP12_YYY_conj(&y3,&y0); // t0=f^-2
- FP12_YYY_pow(&t0,r,x); // t5=f^u
- FP12_YYY_usqr(&y1,&t0); // t1=t5^2
- FP12_YYY_mul(&y3,&t0); // t3=t0*t5
-
- FP12_YYY_pow(&y0,&y3,x);
-
- FP12_YYY_pow(&y2,&y0,x);
-
- FP12_YYY_pow(&y4,&y2,x);
-
- FP12_YYY_mul(&y4,&y1);
- FP12_YYY_pow(&y1,&y4,x);
- FP12_YYY_conj(&y3,&y3);
- FP12_YYY_mul(&y1,&y3);
- FP12_YYY_mul(&y1,r);
-
- FP12_YYY_conj(&y3,r);
- FP12_YYY_mul(&y0,r);
- FP12_YYY_frob(&y0,&X); FP12_YYY_frob(&y0,&X); FP12_YYY_frob(&y0,&X);
-
- FP12_YYY_mul(&y4,&y3);
- FP12_YYY_frob(&y4,&X);
-
- FP12_YYY_mul(&t0,&y2);
- FP12_YYY_frob(&t0,&X); FP12_YYY_frob(&t0,&X);
-
- FP12_YYY_mul(&t0,&y0);
- FP12_YYY_mul(&t0,&y4);
- FP12_YYY_mul(&t0,&y1);
- FP12_YYY_copy(r,&t0);
- FP12_YYY_reduce(r);*/
-
-//-----------------------------------
- /*
- FP12_YYY_copy(&y0,r); // y0=r;
- FP12_YYY_copy(&y1,r); // y1=r;
- FP12_YYY_copy(&t0,r); FP12_YYY_frob(&t0,&X); // t0=Frobenius(r,X,1);
- FP12_YYY_conj(&y3,&t0); FP12_YYY_mul(&y1,&y3); // y1*=inverse(t0);
- FP12_YYY_frob(&t0,&X); FP12_YYY_frob(&t0,&X); // t0=Frobenius(t0,X,2);
- FP12_YYY_mul(&y1,&t0); // y1*=t0;
-
- FP12_YYY_pow(r,r,x); // r=pow(r,x);
- FP12_YYY_conj(&y3,r); FP12_YYY_mul(&y1,&y3); // y1*=inverse(r);
- FP12_YYY_copy(&t0,r); FP12_YYY_frob(&t0,&X); // t0=Frobenius(r,X,1);
- FP12_YYY_mul(&y0,&t0); // y0*=t0;
- FP12_YYY_frob(&t0,&X); // t0=Frobenius(t0,X,1);
- FP12_YYY_mul(&y1,&t0); // y1*=t0;
- FP12_YYY_frob(&t0,&X); // t0=Frobenius(t0,X,1);
- FP12_YYY_conj(&y3,&t0); FP12_YYY_mul(&y0,&y3); // y0*=inverse(t0);
-
- FP12_YYY_pow(r,r,x); // r=pow(r,x);
- FP12_YYY_mul(&y0,r); // y0*=r;
- FP12_YYY_copy(&t0,r); FP12_YYY_frob(&t0,&X); FP12_YYY_frob(&t0,&X); // t0=Frobenius(r,X,2);
- FP12_YYY_conj(&y3,&t0); FP12_YYY_mul(&y0,&y3); // y0*=inverse(t0);
- FP12_YYY_frob(&t0,&X); // t0=Frobenius(t0,X,1);
- FP12_YYY_mul(&y1,&t0); // y1*=t0;
-
- FP12_YYY_pow(r,r,x); // r=pow(r,x); // r^x3
- FP12_YYY_copy(&t0,r); FP12_YYY_frob(&t0,&X); // t0=Frobenius(r,X,1);
- FP12_YYY_conj(&y3,&t0); FP12_YYY_mul(&y0,&y3); // y0*=inverse(t0);
- FP12_YYY_frob(&t0,&X); // t0=Frobenius(t0,X,1);
- FP12_YYY_mul(&y1,&t0); // y1*=t0;
-
- FP12_YYY_pow(r,r,x); // r=pow(r,x); // r^x4
- FP12_YYY_conj(&y3,r); FP12_YYY_mul(&y0,&y3); // y0*=inverse(r);
- FP12_YYY_copy(&t0,r); FP12_YYY_frob(&t0,&X); // t0=Frobenius(r,X,1);
- FP12_YYY_mul(&y1,&t0); //y1*=t0;
-
- FP12_YYY_pow(r,r,x); // r=pow(r,x); // r^x5
- FP12_YYY_mul(&y1,r); // y1*=r;
-
- FP12_YYY_usqr(&y0,&y0); // r=y0*y0*y1;
- FP12_YYY_mul(&y0,&y1);
- FP12_YYY_copy(r,&y0);
- FP12_YYY_reduce(r); */
-#endif
-}
-
-#ifdef USE_GLV_ZZZ
-/* GLV method */
-static void glv(BIG_XXX u[2],BIG_XXX e)
-{
-#if PAIRING_FRIENDLY_ZZZ==BN
- int i,j;
- BIG_XXX v[2],t,q;
- DBIG_XXX d;
- BIG_XXX_rcopy(q,CURVE_Order_ZZZ);
- for (i=0; i<2; i++)
- {
- BIG_XXX_rcopy(t,CURVE_W_ZZZ[i]);
-//BIG_XXX_norm(t); BIG_XXX_norm(e);
- BIG_XXX_mul(d,t,e);
- BIG_XXX_ddiv(v[i],d,q);
- BIG_XXX_zero(u[i]);
- }
- BIG_XXX_copy(u[0],e);
- for (i=0; i<2; i++)
- for (j=0; j<2; j++)
- {
- BIG_XXX_rcopy(t,CURVE_SB_ZZZ[j][i]);
- BIG_XXX_modmul(t,v[j],t,q);
- BIG_XXX_add(u[i],u[i],q);
- BIG_XXX_sub(u[i],u[i],t);
- BIG_XXX_mod(u[i],q);
- }
-
-#else
-// -(x^2).P = (Beta.x,y)
-
- BIG_XXX x,x2,q;
- BIG_XXX_rcopy(x,CURVE_Bnx_ZZZ);
- BIG_XXX_smul(x2,x,x);
- BIG_XXX_copy(u[0],e);
- BIG_XXX_mod(u[0],x2);
- BIG_XXX_copy(u[1],e);
- BIG_XXX_sdiv(u[1],x2);
-
- BIG_XXX_rcopy(q,CURVE_Order_ZZZ);
- BIG_XXX_sub(u[1],q,u[1]);
-
-#endif
-
- return;
-}
-#endif // USE_GLV
-
-/* Galbraith & Scott Method */
-static void gs(BIG_XXX u[4],BIG_XXX e)
-{
- int i;
-#if PAIRING_FRIENDLY_ZZZ==BN
- int j;
- BIG_XXX v[4],t,q;
- DBIG_XXX d;
- BIG_XXX_rcopy(q,CURVE_Order_ZZZ);
- for (i=0; i<4; i++)
- {
- BIG_XXX_rcopy(t,CURVE_WB_ZZZ[i]);
-//BIG_XXX_norm(t); BIG_XXX_norm(e);
- BIG_XXX_mul(d,t,e);
- BIG_XXX_ddiv(v[i],d,q);
- BIG_XXX_zero(u[i]);
- }
-
- BIG_XXX_copy(u[0],e);
- for (i=0; i<4; i++)
- for (j=0; j<4; j++)
- {
- BIG_XXX_rcopy(t,CURVE_BB_ZZZ[j][i]);
- BIG_XXX_modmul(t,v[j],t,q);
- BIG_XXX_add(u[i],u[i],q);
- BIG_XXX_sub(u[i],u[i],t);
- BIG_XXX_mod(u[i],q);
- }
-
-#else
-
- BIG_XXX x,w,q;
- BIG_XXX_rcopy(q,CURVE_Order_ZZZ);
- BIG_XXX_rcopy(x,CURVE_Bnx_ZZZ);
- BIG_XXX_copy(w,e);
-
- for (i=0; i<3; i++)
- {
- BIG_XXX_copy(u[i],w);
- BIG_XXX_mod(u[i],x);
- BIG_XXX_sdiv(w,x);
- }
- BIG_XXX_copy(u[3],w);
-
- /* */
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- BIG_XXX_modneg(u[1],u[1],q);
- BIG_XXX_modneg(u[3],u[3],q);
-#endif
-
-#endif
-
-
-
- return;
-}
-
-/* Multiply P by e in group G1 */
-void PAIR_ZZZ_G1mul(ECP_ZZZ *P,BIG_XXX e)
-{
-#ifdef USE_GLV_ZZZ /* Note this method is patented */
- int np,nn;
- ECP_ZZZ Q;
- FP_YYY cru;
- BIG_XXX t,q;
- BIG_XXX u[2];
-
- BIG_XXX_rcopy(q,CURVE_Order_ZZZ);
- glv(u,e);
-
- //ECP_ZZZ_affine(P);
- ECP_ZZZ_copy(&Q,P); ECP_ZZZ_affine(&Q);
- FP_YYY_rcopy(&cru,CURVE_Cru_ZZZ);
- FP_YYY_mul(&(Q.x),&(Q.x),&cru);
-
- /* note that -a.B = a.(-B). Use a or -a depending on which is smaller */
-
- np=BIG_XXX_nbits(u[0]);
- BIG_XXX_modneg(t,u[0],q);
- nn=BIG_XXX_nbits(t);
- if (nn<np)
- {
- BIG_XXX_copy(u[0],t);
- ECP_ZZZ_neg(P);
- }
-
- np=BIG_XXX_nbits(u[1]);
- BIG_XXX_modneg(t,u[1],q);
- nn=BIG_XXX_nbits(t);
- if (nn<np)
- {
- BIG_XXX_copy(u[1],t);
- ECP_ZZZ_neg(&Q);
- }
- BIG_XXX_norm(u[0]);
- BIG_XXX_norm(u[1]);
- ECP_ZZZ_mul2(P,&Q,u[0],u[1]);
-
-#else
- ECP_ZZZ_mul(P,e);
-#endif
-}
-
-/* Multiply P by e in group G2 */
-void PAIR_ZZZ_G2mul(ECP2_ZZZ *P,BIG_XXX e)
-{
-#ifdef USE_GS_G2_ZZZ /* Well I didn't patent it :) */
- int i,np,nn;
- ECP2_ZZZ Q[4];
- FP2_YYY X;
- FP_YYY fx,fy;
- BIG_XXX x,y,u[4];
-
- FP_YYY_rcopy(&fx,Fra_YYY);
- FP_YYY_rcopy(&fy,Frb_YYY);
- FP2_YYY_from_FPs(&X,&fx,&fy);
-
-#if SEXTIC_TWIST_ZZZ==M_TYPE
- FP2_YYY_inv(&X,&X);
- FP2_YYY_norm(&X);
-#endif
-
- BIG_XXX_rcopy(y,CURVE_Order_ZZZ);
- gs(u,e);
-
-
- //ECP2_ZZZ_affine(P);
-
-//printf("PPz= "); FP2_YYY_output(&(P->z)); printf("\n");
-
-//printf("f= "); FP2_YYY_output(&X); printf("\n");
-
- ECP2_ZZZ_copy(&Q[0],P);
- for (i=1; i<4; i++)
- {
- ECP2_ZZZ_copy(&Q[i],&Q[i-1]);
- ECP2_ZZZ_frob(&Q[i],&X);
- }
-//printf("Q[0]= "); ECP2_ZZZ_output(&Q[0]); printf("\n");
-//printf("Q[1]= "); ECP2_ZZZ_output(&Q[1]); printf("\n");
- for (i=0; i<4; i++)
- {
- np=BIG_XXX_nbits(u[i]);
- BIG_XXX_modneg(x,u[i],y);
- nn=BIG_XXX_nbits(x);
- if (nn<np)
- {
- BIG_XXX_copy(u[i],x);
- ECP2_ZZZ_neg(&Q[i]);
- }
- BIG_XXX_norm(u[i]);
- //ECP2_ZZZ_affine(&Q[i]);
- }
-
-
-//printf("Q[2]= "); ECP2_ZZZ_output(&Q[2]); printf("\n");
-//printf("Q[3]= "); ECP2_ZZZ_output(&Q[3]); printf("\n");
-//exit(0);
-
- ECP2_ZZZ_mul4(P,Q,u);
-
-#else
- ECP2_ZZZ_mul(P,e);
-#endif
-}
-
-/* f=f^e */
-void PAIR_ZZZ_GTpow(FP12_YYY *f,BIG_XXX e)
-{
-#ifdef USE_GS_GT_ZZZ /* Note that this option requires a lot of RAM! Maybe better to use compressed XTR method, see fp4.c */
- int i,np,nn;
- FP12_YYY g[4];
- FP2_YYY X;
- BIG_XXX t,q;
- FP_YYY fx,fy;
- BIG_XXX u[4];
-
- FP_YYY_rcopy(&fx,Fra_YYY);
- FP_YYY_rcopy(&fy,Frb_YYY);
- FP2_YYY_from_FPs(&X,&fx,&fy);
-
- BIG_XXX_rcopy(q,CURVE_Order_ZZZ);
- gs(u,e);
-
- FP12_YYY_copy(&g[0],f);
- for (i=1; i<4; i++)
- {
- FP12_YYY_copy(&g[i],&g[i-1]);
- FP12_YYY_frob(&g[i],&X);
- }
-
- for (i=0; i<4; i++)
- {
- np=BIG_XXX_nbits(u[i]);
- BIG_XXX_modneg(t,u[i],q);
- nn=BIG_XXX_nbits(t);
- if (nn<np)
- {
- BIG_XXX_copy(u[i],t);
- FP12_YYY_conj(&g[i],&g[i]);
- }
- BIG_XXX_norm(u[i]);
- }
- FP12_YYY_pow4(f,g,u);
-
-#else
- FP12_YYY_pow(f,f,e);
-#endif
-}
-
-/* test group membership test - no longer needed */
-/* with GT-Strong curve, now only check that m!=1, conj(m)*m==1, and m.m^{p^4}=m^{p^2} */
-
-/*
-int PAIR_ZZZ_GTmember(FP12_YYY *m)
-{
- BIG_XXX a,b;
- FP2_YYY X;
- FP12_YYY r,w;
- if (FP12_YYY_isunity(m)) return 0;
- FP12_YYY_conj(&r,m);
- FP12_YYY_mul(&r,m);
- if (!FP12_YYY_isunity(&r)) return 0;
-
- BIG_XXX_rcopy(a,CURVE_Fra);
- BIG_XXX_rcopy(b,CURVE_Frb);
- FP2_YYY_from_BIGs(&X,a,b);
-
-
- FP12_YYY_copy(&r,m); FP12_YYY_frob(&r,&X); FP12_YYY_frob(&r,&X);
- FP12_YYY_copy(&w,&r); FP12_YYY_frob(&w,&X); FP12_YYY_frob(&w,&X);
- FP12_YYY_mul(&w,m);
-
-
-#ifndef GT_STRONG
- if (!FP12_YYY_equals(&w,&r)) return 0;
-
- BIG_XXX_rcopy(a,CURVE_Bnx);
-
- FP12_YYY_copy(&r,m); FP12_YYY_pow(&w,&r,a); FP12_YYY_pow(&w,&w,a);
- FP12_YYY_sqr(&r,&w); FP12_YYY_mul(&r,&w); FP12_YYY_sqr(&r,&r);
-
- FP12_YYY_copy(&w,m); FP12_YYY_frob(&w,&X);
- #endif
-
- return FP12_YYY_equals(&w,&r);
-}
-
-*/
-
-
-#ifdef HAS_MAIN
-/*
-#if CHOICE==BN254_T
-
-const BIG_XXX TEST_Gx={0x18AFF11A,0xF2EF406,0xAF68220,0x171F2E27,0x6BA0959,0x124C50E0,0x450BE27,0x7003EA8,0x8A914};
-const BIG_XXX TEST_Gy={0x6E010F4,0xA71D07E,0x7ECADA8,0x8260E8E,0x1F79C328,0x17A09412,0xBFAE690,0x1C57CBD1,0x17DF54};
-
-const BIG_XXX TEST_Pxa={0x1047D566,0xD83CD71,0x10322E9D,0x991FA93,0xA282C48,0x18AEBEC8,0xCB05850,0x13B4F669,0x21794A};
-const BIG_XXX TEST_Pxb={0x1E305936,0x16885BF1,0x327060,0xE26F794,0x1547D870,0x1963E5B2,0x1BEBB96C,0x988A33C,0x1A9B47};
-const BIG_XXX TEST_Pya={0x20FF876,0x4427E67,0x18732211,0xE88E45E,0x174D1A7E,0x17D877ED,0x343AB37,0x97EB453,0xB00D5};
-const BIG_XXX TEST_Pyb={0x1D746B7B,0x732F4C2,0x122A49B0,0x16267985,0x235DF56,0x10B1E4D,0x14D8F210,0x17A05C3E,0x5ECF8};
-
-#endif
-
-#if CHOICE==BN254_T2
-
-const BIG_XXX TEST_Gx={0x15488765,0x46790D7,0xD9900A,0x1DFB43F,0x9F2D307,0xC4724E8,0x5678E51,0x15C3E3A7,0x1BEC8E};
-const BIG_XXX TEST_Gy={0x3D3273C,0x1AFA5FF,0x1880A139,0xACD34DF,0x17493067,0x10FA4103,0x1D4C9766,0x1A73F3DB,0x2D148};
-
-const BIG_XXX TEST_Pxa={0xF8DC275,0xAC27FA,0x11815151,0x152691C8,0x5CDEBF1,0x7D5A965,0x1BF70CE3,0x679A1C8,0xD62CF};
-const BIG_XXX TEST_Pxb={0x1D17D7A8,0x6B28DF4,0x174A0389,0xFE67E5F,0x1FA97A3C,0x7F5F473,0xFFB5146,0x4BC19A5,0x227010};
-const BIG_XXX TEST_Pya={0x16CC1F90,0x5284627,0x171B91AB,0x11F843B9,0x1D468755,0x67E279C,0x19FE0EF8,0x1A0CAA6B,0x1CC6CB};
-const BIG_XXX TEST_Pyb={0x1FF0CF2A,0xBC83255,0x6DD6EE8,0xB8B752F,0x13E484EC,0x1809BE81,0x1A648AA1,0x8CEF3F3,0x86EE};
-
-
-#endif
-
-#if CHOICE==BN254
-
-const BIG_XXX TEST_Gx={0x14BEC4670E4EB7,0xEA2973860F6861,0x35C14B2FC3C28F,0x4402A0B63B9473,0x2074A81D};
-const BIG_XXX TEST_Gy={0xC284846631CBEB,0x34A6E8D871B3B,0x89FB94A82B2006,0x87B20038771FC,0x6A41108};
-
-const BIG_XXX TEST_Pxa={0xE4A00F52183C77,0x554E02DF4F8354,0xB65EB5CF1C2F89,0x8B71A87BFCFC9,0x49EEDB1};
-const BIG_XXX TEST_Pxb={0xCFB8FA9AA8845D,0x8A9CC76D966697,0x185BA05BF5EC08,0x76140E87D97226,0x1FB93AB6};
-const BIG_XXX TEST_Pya={0x3644CC1EDF208A,0xA637FB3FF8E257,0x4453DA2BB9E686,0xD14AD3CDF6A1FE,0xCD04A1E};
-const BIG_XXX TEST_Pyb={0x71BD7630A43C14,0x1CAA9F14EA264E,0x3C3C2DFC765DEF,0xCF59D1A1A7D6EE,0x11FF7795};
-
-
-#endif
-*/
-int main()
-{
- int i;
- char byt[32];
- csprng rng;
- BIG_XXX xa,xb,ya,yb,w,a,b,t1,q,u[2],v[4],m,r;
- ECP2_ZZZ P,G;
- ECP_ZZZ Q,R;
- FP12_YYY g,gp;
- FP4_YYY t,c,cp,cpm1,cpm2;
- FP2_YYY x,y,X;
-
-
- BIG_XXX_rcopy(a,CURVE_Fra);
- BIG_XXX_rcopy(b,CURVE_Frb);
- FP2_YYY_from_BIGs(&X,a,b);
-
- BIG_XXX_rcopy(xa,CURVE_Gx);
- BIG_XXX_rcopy(ya,CURVE_Gy);
-
- ECP_ZZZ_set(&Q,xa,ya);
- if (Q.inf) printf("Failed to set - point not on curve\n");
- else printf("G1 set success\n");
-
- printf("Q= ");
- ECP_ZZZ_output(&Q);
- printf("\n");
-
-// BIG_XXX_rcopy(r,CURVE_Order); BIG_XXX_dec(r,7); BIG_XXX_norm(r);
- BIG_XXX_rcopy(xa,CURVE_Pxa);
- BIG_XXX_rcopy(xb,CURVE_Pxb);
- BIG_XXX_rcopy(ya,CURVE_Pya);
- BIG_XXX_rcopy(yb,CURVE_Pyb);
-
- FP2_YYY_from_BIGs(&x,xa,xb);
- FP2_YYY_from_BIGs(&y,ya,yb);
-
- ECP2_ZZZ_set(&P,&x,&y);
- if (P.inf) printf("Failed to set - point not on curve\n");
- else printf("G2 set success\n");
-
- printf("P= ");
- ECP2_ZZZ_output(&P);
- printf("\n");
-
- for (i=0; i<1000; i++ )
- {
-
- PAIR_ZZZ_ate(&g,&P,&Q);
- PAIR_ZZZ_fexp(&g);
-
-// PAIR_ZZZ_GTpow(&g,xa);
-
- }
- printf("g= ");
- FP12_YYY_output(&g);
- printf("\n");
-
-}
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/pair.h
----------------------------------------------------------------------
diff --git a/version3/c/pair.h b/version3/c/pair.h
deleted file mode 100644
index 81b710c..0000000
--- a/version3/c/pair.h
+++ /dev/null
@@ -1,103 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/**
- * @file pair.h
- * @author Mike Scott
- * @brief PAIR Header File
- *
- */
-
-#ifndef PAIR_ZZZ_H
-#define PAIR_ZZZ_H
-
-#include "fp12_YYY.h"
-#include "ecp2_ZZZ.h"
-#include "ecp_ZZZ.h"
-
-/* Pairing constants */
-
-extern const BIG_XXX CURVE_Bnx_ZZZ; /**< BN curve x parameter */
-extern const BIG_XXX CURVE_Cru_ZZZ; /**< BN curve Cube Root of Unity */
-
-extern const BIG_XXX CURVE_W_ZZZ[2]; /**< BN curve constant for GLV decomposition */
-extern const BIG_XXX CURVE_SB_ZZZ[2][2]; /**< BN curve constant for GLV decomposition */
-extern const BIG_XXX CURVE_WB_ZZZ[4]; /**< BN curve constant for GS decomposition */
-extern const BIG_XXX CURVE_BB_ZZZ[4][4]; /**< BN curve constant for GS decomposition */
-
-/* Pairing function prototypes */
-/** @brief Calculate Miller loop for Optimal ATE pairing e(P,Q)
- *
- @param r FP12 result of the pairing calculation e(P,Q)
- @param P ECP2 instance, an element of G2
- @param Q ECP instance, an element of G1
-
- */
-extern void PAIR_ZZZ_ate(FP12_YYY *r,ECP2_ZZZ *P,ECP_ZZZ *Q);
-/** @brief Calculate Miller loop for Optimal ATE double-pairing e(P,Q).e(R,S)
- *
- Faster than calculating two separate pairings
- @param r FP12 result of the pairing calculation e(P,Q).e(R,S), an element of GT
- @param P ECP2 instance, an element of G2
- @param Q ECP instance, an element of G1
- @param R ECP2 instance, an element of G2
- @param S ECP instance, an element of G1
- */
-extern void PAIR_ZZZ_double_ate(FP12_YYY *r,ECP2_ZZZ *P,ECP_ZZZ *Q,ECP2_ZZZ *R,ECP_ZZZ *S);
-/** @brief Final exponentiation of pairing, converts output of Miller loop to element in GT
- *
- Here p is the internal modulus, and r is the group order
- @param x FP12, on exit = x^((p^12-1)/r)
- */
-extern void PAIR_ZZZ_fexp(FP12_YYY *x);
-/** @brief Fast point multiplication of a member of the group G1 by a BIG number
- *
- May exploit endomorphism for speed.
- @param Q ECP member of G1.
- @param b BIG multiplier
-
- */
-extern void PAIR_ZZZ_G1mul(ECP_ZZZ *Q,BIG_XXX b);
-/** @brief Fast point multiplication of a member of the group G2 by a BIG number
- *
- May exploit endomorphism for speed.
- @param P ECP2 member of G1.
- @param b BIG multiplier
-
- */
-extern void PAIR_ZZZ_G2mul(ECP2_ZZZ *P,BIG_XXX b);
-/** @brief Fast raising of a member of GT to a BIG power
- *
- May exploit endomorphism for speed.
- @param x FP12 member of GT.
- @param b BIG exponent
-
- */
-extern void PAIR_ZZZ_GTpow(FP12_YYY *x,BIG_XXX b);
-/** @brief Tests FP12 for membership of GT
- *
- @param x FP12 instance
- @return 1 if x is in GT, else return 0
-
- */
-extern int PAIR_ZZZ_GTmember(FP12_YYY *x);
-
-
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/pair192.c
----------------------------------------------------------------------
diff --git a/version3/c/pair192.c b/version3/c/pair192.c
deleted file mode 100644
index 55cbfe7..0000000
--- a/version3/c/pair192.c
+++ /dev/null
@@ -1,752 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL BLS Curve pairing functions */
-
-//#define HAS_MAIN
-
-#include "pair192_ZZZ.h"
-
-
-/* Line function */
-static void PAIR_ZZZ_line(FP24_YYY *v,ECP4_ZZZ *A,ECP4_ZZZ *B,FP_YYY *Qx,FP_YYY *Qy)
-{
- FP4_YYY X1,Y1,T1,T2;
- FP4_YYY XX,YY,ZZ,YZ;
- FP8_YYY a,b,c;
-
- if (A==B)
- {
- /* doubling */
- FP4_YYY_copy(&XX,&(A->x)); //FP4_YYY XX=new FP4_YYY(A.getx()); //X
- FP4_YYY_copy(&YY,&(A->y)); //FP4_YYY YY=new FP4_YYY(A.gety()); //Y
- FP4_YYY_copy(&ZZ,&(A->z)); //FP4_YYY ZZ=new FP4_YYY(A.getz()); //Z
-
-
- FP4_YYY_copy(&YZ,&YY); //FP4_YYY YZ=new FP4_YYY(YY); //Y
- FP4_YYY_mul(&YZ,&YZ,&ZZ); //YZ.mul(ZZ); //YZ
- FP4_YYY_sqr(&XX,&XX); //XX.sqr(); //X^2
- FP4_YYY_sqr(&YY,&YY); //YY.sqr(); //Y^2
- FP4_YYY_sqr(&ZZ,&ZZ); //ZZ.sqr(); //Z^2
-
- FP4_YYY_imul(&YZ,&YZ,4); //YZ.imul(4);
- FP4_YYY_neg(&YZ,&YZ); //YZ.neg();
- FP4_YYY_norm(&YZ); //YZ.norm(); //-4YZ
-
- FP4_YYY_imul(&XX,&XX,6); //6X^2
- FP4_YYY_qmul(&XX,&XX,Qx); //6X^2.Xs
-
- FP4_YYY_imul(&ZZ,&ZZ,3*CURVE_B_I_ZZZ); //3Bz^2
-
- FP4_YYY_qmul(&YZ,&YZ,Qy); //-4YZ.Ys
-
-#if SEXTIC_TWIST_ZZZ==D_TYPE
- FP4_YYY_div_2i(&ZZ); //6(b/i)z^2
-#endif
-#if SEXTIC_TWIST_ZZZ==M_TYPE
- FP4_YYY_times_i(&ZZ);
- FP4_YYY_add(&ZZ,&ZZ,&ZZ); // 6biz^2
- FP4_YYY_times_i(&YZ);
- FP4_YYY_norm(&YZ);
-#endif
- FP4_YYY_norm(&ZZ); // 6bi.Z^2
-
- FP4_YYY_add(&YY,&YY,&YY); // 2y^2
- FP4_YYY_sub(&ZZ,&ZZ,&YY); //
- FP4_YYY_norm(&ZZ); // 6b.Z^2-2Y^2
-
- FP8_YYY_from_FP4s(&a,&YZ,&ZZ); // -4YZ.Ys | 6b.Z^2-2Y^2 | 6X^2.Xs
-#if SEXTIC_TWIST_ZZZ==D_TYPE
- FP8_YYY_from_FP4(&b,&XX);
- FP8_YYY_zero(&c);
-#endif
-#if SEXTIC_TWIST_ZZZ==M_TYPE
- FP8_YYY_zero(&b);
- FP8_YYY_from_FP4H(&c,&XX);
-#endif
-
- ECP4_ZZZ_dbl(A); //A.dbl();
- }
- else
- {
- /* addition */
-
- FP4_YYY_copy(&X1,&(A->x)); //FP4_YYY X1=new FP4_YYY(A.getx()); // X1
- FP4_YYY_copy(&Y1,&(A->y)); //FP4_YYY Y1=new FP4_YYY(A.gety()); // Y1
- FP4_YYY_copy(&T1,&(A->z)); //FP4_YYY T1=new FP4_YYY(A.getz()); // Z1
-
- FP4_YYY_copy(&T2,&T1); //FP4_YYY T2=new FP4_YYY(A.getz()); // Z1
-
- FP4_YYY_mul(&T1,&T1,&(B->y)); //T1.mul(B.gety()); // T1=Z1.Y2
- FP4_YYY_mul(&T2,&T2,&(B->x)); //T2.mul(B.getx()); // T2=Z1.X2
-
- FP4_YYY_sub(&X1,&X1,&T2); //X1.sub(T2);
- FP4_YYY_norm(&X1); //X1.norm(); // X1=X1-Z1.X2
- FP4_YYY_sub(&Y1,&Y1,&T1); //Y1.sub(T1);
- FP4_YYY_norm(&Y1); //Y1.norm(); // Y1=Y1-Z1.Y2
-
- FP4_YYY_copy(&T1,&X1); //T1.copy(X1); // T1=X1-Z1.X2
-
- FP4_YYY_qmul(&X1,&X1,Qy); //X1.pmul(Qy); // X1=(X1-Z1.X2).Ys
-#if SEXTIC_TWIST_ZZZ==M_TYPE
- FP4_YYY_times_i(&X1);
- FP4_YYY_norm(&X1);
-#endif
-
- FP4_YYY_mul(&T1,&T1,&(B->y)); //T1.mul(B.gety()); // T1=(X1-Z1.X2).Y2
-
- FP4_YYY_copy(&T2,&Y1); //T2.copy(Y1); // T2=Y1-Z1.Y2
- FP4_YYY_mul(&T2,&T2,&(B->x)); //T2.mul(B.getx()); // T2=(Y1-Z1.Y2).X2
- FP4_YYY_sub(&T2,&T2,&T1); //T2.sub(T1);
- FP4_YYY_norm(&T2); //T2.norm(); // T2=(Y1-Z1.Y2).X2 - (X1-Z1.X2).Y2
- FP4_YYY_qmul(&Y1,&Y1,Qx); //Y1.pmul(Qx);
- FP4_YYY_neg(&Y1,&Y1); //Y1.neg();
- FP4_YYY_norm(&Y1); //Y1.norm(); // Y1=-(Y1-Z1.Y2).Xs
-
- FP8_YYY_from_FP4s(&a,&X1,&T2); // (X1-Z1.X2).Ys | (Y1-Z1.Y2).X2 - (X1-Z1.X2).Y2 | - (Y1-Z1.Y2).Xs
-#if SEXTIC_TWIST_ZZZ==D_TYPE
- FP8_YYY_from_FP4(&b,&Y1); //b=new FP4(Y1);
- FP8_YYY_zero(&c);
-#endif
-#if SEXTIC_TWIST_ZZZ==M_TYPE
- FP8_YYY_zero(&b);
- FP8_YYY_from_FP4H(&c,&Y1); //b=new FP4(Y1);
-#endif
- ECP4_ZZZ_add(A,B); //A.add(B);
- }
-
- FP24_YYY_from_FP8s(v,&a,&b,&c);
-}
-
-/* Optimal R-ate pairing r=e(P,Q) */
-void PAIR_ZZZ_ate(FP24_YYY *r,ECP4_ZZZ *P1,ECP_ZZZ *Q1)
-{
- BIG_XXX x,n,n3;
- FP_YYY Qx,Qy;
- int i,j,nb,bt;
- ECP4_ZZZ A,NP,P;
- ECP_ZZZ Q;
- FP24_YYY lv;
-
- BIG_XXX_rcopy(x,CURVE_Bnx_ZZZ);
-
- BIG_XXX_copy(n,x);
-
- //BIG_XXX_norm(n);
- BIG_XXX_pmul(n3,n,3);
- BIG_XXX_norm(n3);
-
- ECP4_ZZZ_copy(&P,P1);
- ECP_ZZZ_copy(&Q,Q1);
-
- ECP4_ZZZ_affine(&P);
- ECP_ZZZ_affine(&Q);
-
-
- FP_YYY_copy(&Qx,&(Q.x));
- FP_YYY_copy(&Qy,&(Q.y));
-
- ECP4_ZZZ_copy(&A,&P);
- ECP4_ZZZ_copy(&NP,&P); ECP4_ZZZ_neg(&NP);
-
- FP24_YYY_one(r);
- nb=BIG_XXX_nbits(n3); // n3
-
- j=0;
- /* Main Miller Loop */
- for (i=nb-2; i>=1; i--)
- {
- j++;
- FP24_YYY_sqr(r,r);
- PAIR_ZZZ_line(&lv,&A,&A,&Qx,&Qy);
- FP24_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
-//printf("r= "); FP24_YYY_output(r); printf("\n");
-//if (j>3) exit(0);
- bt= BIG_XXX_bit(n3,i)-BIG_XXX_bit(n,i); // BIG_XXX_bit(n,i);
- if (bt==1)
- {
-//printf("bt=1\n");
- PAIR_ZZZ_line(&lv,&A,&P,&Qx,&Qy);
- FP24_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
- }
- if (bt==-1)
- {
-//printf("bt=-1\n");
- //ECP4_ZZZ_neg(P);
- PAIR_ZZZ_line(&lv,&A,&NP,&Qx,&Qy);
- FP24_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
- //ECP4_ZZZ_neg(P);
- }
-
- }
-
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- FP24_YYY_conj(r,r);
-#endif
-
-}
-
-/* Optimal R-ate double pairing e(P,Q).e(R,S) */
-void PAIR_ZZZ_double_ate(FP24_YYY *r,ECP4_ZZZ *P1,ECP_ZZZ *Q1,ECP4_ZZZ *R1,ECP_ZZZ *S1)
-{
- BIG_XXX x,n,n3;
- FP_YYY Qx,Qy,Sx,Sy;
- int i,nb,bt;
- ECP4_ZZZ A,B,NP,NR,P,R;
- ECP_ZZZ Q,S;
- FP24_YYY lv;
-
- BIG_XXX_rcopy(x,CURVE_Bnx_ZZZ);
- BIG_XXX_copy(n,x);
-
- //BIG_XXX_norm(n);
- BIG_XXX_pmul(n3,n,3);
- BIG_XXX_norm(n3);
-
- ECP4_ZZZ_copy(&P,P1);
- ECP_ZZZ_copy(&Q,Q1);
-
- ECP4_ZZZ_affine(&P);
- ECP_ZZZ_affine(&Q);
-
- ECP4_ZZZ_copy(&R,R1);
- ECP_ZZZ_copy(&S,S1);
-
- ECP4_ZZZ_affine(&R);
- ECP_ZZZ_affine(&S);
-
-
- FP_YYY_copy(&Qx,&(Q.x));
- FP_YYY_copy(&Qy,&(Q.y));
-
- FP_YYY_copy(&Sx,&(S.x));
- FP_YYY_copy(&Sy,&(S.y));
-
- ECP4_ZZZ_copy(&A,&P);
- ECP4_ZZZ_copy(&B,&R);
- ECP4_ZZZ_copy(&NP,&P); ECP4_ZZZ_neg(&NP);
- ECP4_ZZZ_copy(&NR,&R); ECP4_ZZZ_neg(&NR);
-
-
- FP24_YYY_one(r);
- nb=BIG_XXX_nbits(n3);
-
- /* Main Miller Loop */
- for (i=nb-2; i>=1; i--)
- {
- FP24_YYY_sqr(r,r);
- PAIR_ZZZ_line(&lv,&A,&A,&Qx,&Qy);
- FP24_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
-
- PAIR_ZZZ_line(&lv,&B,&B,&Sx,&Sy);
- FP24_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
-
- bt=BIG_XXX_bit(n3,i)-BIG_XXX_bit(n,i); // bt=BIG_XXX_bit(n,i);
- if (bt==1)
- {
- PAIR_ZZZ_line(&lv,&A,&P,&Qx,&Qy);
- FP24_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
-
- PAIR_ZZZ_line(&lv,&B,&R,&Sx,&Sy);
- FP24_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
- }
- if (bt==-1)
- {
- //ECP4_ZZZ_neg(P);
- PAIR_ZZZ_line(&lv,&A,&NP,&Qx,&Qy);
- FP24_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
- //ECP4_ZZZ_neg(P);
- //ECP4_ZZZ_neg(R);
- PAIR_ZZZ_line(&lv,&B,&NR,&Sx,&Sy);
- FP24_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
- //ECP4_ZZZ_neg(R);
- }
- }
-
-
-
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- FP24_YYY_conj(r,r);
-#endif
-
-}
-
-/* final exponentiation - keep separate for multi-pairings and to avoid thrashing stack */
-
-void PAIR_ZZZ_fexp(FP24_YYY *r)
-{
- FP2_YYY X;
- BIG_XXX x;
- FP_YYY a,b;
- FP24_YYY t0,t1,t2,t3,t4,t5,t6,t7; // could lose one of these - r=t3
-
- BIG_XXX_rcopy(x,CURVE_Bnx_ZZZ);
- FP_YYY_rcopy(&a,Fra_YYY);
- FP_YYY_rcopy(&b,Frb_YYY);
- FP2_YYY_from_FPs(&X,&a,&b);
-
- /* Easy part of final exp - r^(p^12-1)(p^4+1)*/
-
- FP24_YYY_inv(&t0,r);
- FP24_YYY_conj(r,r);
-
- FP24_YYY_mul(r,&t0);
- FP24_YYY_copy(&t0,r);
-
- FP24_YYY_frob(r,&X,4);
-
- FP24_YYY_mul(r,&t0);
-
-// Ghamman & Fouotsa Method - (completely garbled in https://eprint.iacr.org/2016/130)
-
- FP24_YYY_usqr(&t7,r); // t7=f^2
- FP24_YYY_pow(&t1,&t7,x); // t1=t7^u
-
- BIG_XXX_fshr(x,1);
- FP24_YYY_pow(&t2,&t1,x); // t2=t1^(u/2)
- BIG_XXX_fshl(x,1); // x must be even
-
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- FP24_YYY_conj(&t1,&t1);
-#endif
-
- FP24_YYY_conj(&t3,&t1); // t3=1/t1
- FP24_YYY_mul(&t2,&t3); // t2=t1*t3
- FP24_YYY_mul(&t2,r); // t2=t2*f
-
-
- FP24_YYY_pow(&t3,&t2,x); // t3=t2^u
- FP24_YYY_pow(&t4,&t3,x); // t4=t3^u
- FP24_YYY_pow(&t5,&t4,x); // t5=t4^u
-
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- FP24_YYY_conj(&t3,&t3);
- FP24_YYY_conj(&t5,&t5);
-#endif
-
- FP24_YYY_frob(&t3,&X,6);
- FP24_YYY_frob(&t4,&X,5);
-
- FP24_YYY_mul(&t3,&t4); // t3=t3.t4
-
-
- FP24_YYY_pow(&t6,&t5,x); // t6=t5^u
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- FP24_YYY_conj(&t6,&t6);
-#endif
-
-
- FP24_YYY_frob(&t5,&X,4);
- FP24_YYY_mul(&t3,&t5); // ??
-
-
- FP24_YYY_conj(&t0,&t2); // t0=1/t2
- FP24_YYY_mul(&t6,&t0); // t6=t6*t0
-
- FP24_YYY_copy(&t5,&t6);
- FP24_YYY_frob(&t5,&X,3);
-
- FP24_YYY_mul(&t3,&t5); // t3=t3*t5
- FP24_YYY_pow(&t5,&t6,x); // t5=t6^x
- FP24_YYY_pow(&t6,&t5,x); // t6=t5^x
-
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- FP24_YYY_conj(&t5,&t5);
-#endif
-
- FP24_YYY_copy(&t0,&t5);
- FP24_YYY_frob(&t0,&X,2);
- FP24_YYY_mul(&t3,&t0); // t3=t3*t0
- FP24_YYY_copy(&t0,&t6); //
- FP24_YYY_frob(&t0,&X,1);
-
- FP24_YYY_mul(&t3,&t0); // t3=t3*t0
- FP24_YYY_pow(&t5,&t6,x); // t5=t6*x
-
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- FP24_YYY_conj(&t5,&t5);
-#endif
-
- FP24_YYY_frob(&t2,&X,7);
-
- FP24_YYY_mul(&t5,&t7); // t5=t5*t7
- FP24_YYY_mul(&t3,&t2); // t3=t3*t2
- FP24_YYY_mul(&t3,&t5); // t3=t3*t5
-
- FP24_YYY_mul(r,&t3);
- FP24_YYY_reduce(r);
-
-}
-
-#ifdef USE_GLV_ZZZ
-/* GLV method */
-static void glv(BIG_XXX u[2],BIG_XXX e)
-{
-
-// -(x^4).P = (Beta.x,y)
-
- BIG_XXX x,x2,q;
- BIG_XXX_rcopy(x,CURVE_Bnx_ZZZ);
- BIG_XXX_smul(x2,x,x);
- BIG_XXX_smul(x,x2,x2);
- BIG_XXX_copy(u[0],e);
- BIG_XXX_mod(u[0],x);
- BIG_XXX_copy(u[1],e);
- BIG_XXX_sdiv(u[1],x);
-
- BIG_XXX_rcopy(q,CURVE_Order_ZZZ);
- BIG_XXX_sub(u[1],q,u[1]);
-
-
- return;
-}
-#endif // USE_GLV
-
-/* Galbraith & Scott Method */
-static void gs(BIG_XXX u[8],BIG_XXX e)
-{
- int i;
-
- BIG_XXX x,w,q;
- BIG_XXX_rcopy(q,CURVE_Order_ZZZ);
- BIG_XXX_rcopy(x,CURVE_Bnx_ZZZ);
- BIG_XXX_copy(w,e);
-
- for (i=0; i<7; i++)
- {
- BIG_XXX_copy(u[i],w);
- BIG_XXX_mod(u[i],x);
- BIG_XXX_sdiv(w,x);
- }
- BIG_XXX_copy(u[7],w);
-
-/* */
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- BIG_XXX_modneg(u[1],u[1],q);
- BIG_XXX_modneg(u[3],u[3],q);
- BIG_XXX_modneg(u[5],u[5],q);
- BIG_XXX_modneg(u[7],u[7],q);
-#endif
-
-
- return;
-}
-
-/* Multiply P by e in group G1 */
-void PAIR_ZZZ_G1mul(ECP_ZZZ *P,BIG_XXX e)
-{
-#ifdef USE_GLV_ZZZ /* Note this method is patented */
- int np,nn;
- ECP_ZZZ Q;
- FP_YYY cru;
- BIG_XXX t,q;
- BIG_XXX u[2];
-
- BIG_XXX_rcopy(q,CURVE_Order_ZZZ);
- glv(u,e);
-
- // ECP_ZZZ_affine(P);
- ECP_ZZZ_copy(&Q,P); ECP_ZZZ_affine(&Q);
- FP_YYY_rcopy(&cru,CURVE_Cru_ZZZ);
- FP_YYY_mul(&(Q.x),&(Q.x),&cru);
-
- /* note that -a.B = a.(-B). Use a or -a depending on which is smaller */
-
- np=BIG_XXX_nbits(u[0]);
- BIG_XXX_modneg(t,u[0],q);
- nn=BIG_XXX_nbits(t);
- if (nn<np)
- {
- BIG_XXX_copy(u[0],t);
- ECP_ZZZ_neg(P);
- }
-
- np=BIG_XXX_nbits(u[1]);
- BIG_XXX_modneg(t,u[1],q);
- nn=BIG_XXX_nbits(t);
- if (nn<np)
- {
- BIG_XXX_copy(u[1],t);
- ECP_ZZZ_neg(&Q);
- }
- BIG_XXX_norm(u[0]);
- BIG_XXX_norm(u[1]);
- ECP_ZZZ_mul2(P,&Q,u[0],u[1]);
-
-#else
- ECP_ZZZ_mul(P,e);
-#endif
-}
-
-/* Multiply P by e in group G2 */
-void PAIR_ZZZ_G2mul(ECP4_ZZZ *P,BIG_XXX e)
-{
-#ifdef USE_GS_G2_ZZZ /* Well I didn't patent it :) */
- int i,np,nn;
- ECP4_ZZZ Q[8];
- FP2_YYY X[3];
- BIG_XXX x,y,u[8];
-
- ECP4_ZZZ_frob_constants(X);
-
- BIG_XXX_rcopy(y,CURVE_Order_ZZZ);
- gs(u,e);
-
- //ECP4_ZZZ_affine(P);
-
- ECP4_ZZZ_copy(&Q[0],P);
- for (i=1; i<8; i++)
- {
- ECP4_ZZZ_copy(&Q[i],&Q[i-1]);
- ECP4_ZZZ_frob(&Q[i],X,1);
- }
-
- for (i=0; i<8; i++)
- {
- np=BIG_XXX_nbits(u[i]);
- BIG_XXX_modneg(x,u[i],y);
- nn=BIG_XXX_nbits(x);
- if (nn<np)
- {
- BIG_XXX_copy(u[i],x);
- ECP4_ZZZ_neg(&Q[i]);
- }
- BIG_XXX_norm(u[i]);
- //ECP4_ZZZ_affine(&Q[i]);
- }
-
- ECP4_ZZZ_mul8(P,Q,u);
-
-#else
- ECP4_ZZZ_mul(P,e);
-#endif
-}
-
-/* f=f^e */
-void PAIR_ZZZ_GTpow(FP24_YYY *f,BIG_XXX e)
-{
-#ifdef USE_GS_GT_ZZZ /* Note that this option requires a lot of RAM! Maybe better to use compressed XTR method, see FP8.c */
- int i,np,nn;
- FP24_YYY g[8];
- FP2_YYY X;
- BIG_XXX t,q;
- FP_YYY fx,fy;
- BIG_XXX u[8];
-
- FP_YYY_rcopy(&fx,Fra_YYY);
- FP_YYY_rcopy(&fy,Frb_YYY);
- FP2_YYY_from_FPs(&X,&fx,&fy);
-
- BIG_XXX_rcopy(q,CURVE_Order_ZZZ);
- gs(u,e);
-
- FP24_YYY_copy(&g[0],f);
- for (i=1; i<8; i++)
- {
- FP24_YYY_copy(&g[i],&g[i-1]);
- FP24_YYY_frob(&g[i],&X,1);
- }
-
- for (i=0; i<8; i++)
- {
- np=BIG_XXX_nbits(u[i]);
- BIG_XXX_modneg(t,u[i],q);
- nn=BIG_XXX_nbits(t);
- if (nn<np)
- {
- BIG_XXX_copy(u[i],t);
- FP24_YYY_conj(&g[i],&g[i]);
- }
- BIG_XXX_norm(u[i]);
- }
- FP24_YYY_pow8(f,g,u);
-
-#else
- FP24_YYY_pow(f,f,e);
-#endif
-}
-
-/* test group membership test - no longer needed */
-/* with GT-Strong curve, now only check that m!=1, conj(m)*m==1, and m.m^{p^4}=m^{p^2} */
-
-/*
-int PAIR_GTmember(FP24_YYY *m)
-{
- BIG_XXX a,b;
- FP2_YYY X;
- FP24_YYY r,w;
- if (FP24_YYY_isunity(m)) return 0;
- FP24_YYY_conj(&r,m);
- FP24_YYY_mul(&r,m);
- if (!FP24_YYY_isunity(&r)) return 0;
-
- BIG_XXX_rcopy(a,CURVE_Fra);
- BIG_XXX_rcopy(b,CURVE_Frb);
- FP2_YYY from_BIGs(&X,a,b);
-
-
- FP24_YYY_copy(&r,m); FP24_YYY_frob(&r,&X); FP24_YYY_frob(&r,&X);
- FP24_YYY_copy(&w,&r); FP24_YYY_frob(&w,&X); FP24_YYY_frob(&w,&X);
- FP24_YYY_mul(&w,m);
-
-
-#ifndef GT_STRONG
- if (!FP24_YYY_equals(&w,&r)) return 0;
-
- BIG_XXX_rcopy(a,CURVE_Bnx);
-
- FP24_YYY_copy(&r,m); FP24_YYY_pow(&w,&r,a); FP24_YYY_pow(&w,&w,a);
- FP24_YYY_sqr(&r,&w); FP24_YYY_mul(&r,&w); FP24_YYY_sqr(&r,&r);
-
- FP24_YYY_copy(&w,m); FP24_YYY_frob(&w,&X);
- #endif
-
- return FP24_YYY_equals(&w,&r);
-}
-
-*/
-
-
-#ifdef HAS_MAIN
-
-using namespace std;
-using namespace ZZZ;
-
-
-// g++ -O2 pair192_BLS24.cpp ecp4_BLS24.cpp fp24_BLS24.cpp fp8_BLS24.cpp fp4_BLS24.cpp fp2_BLS24.cpp ecp_BLS24.cpp fp_BLS24.cpp big_XXX.cpp rom_curve_BLS24.cpp rom_field_BLS24.cpp rand.cpp hash.cpp oct.cpp -o pair192_BLS24.exe
-
-int main()
-{
- int i;
- char byt[32];
- csprng rng;
- BIG_XXX xa,xb,ya,yb,w,a,b,t1,q,u[2],v[4],m,r,xx,x2,x4,p;
- ECP4_ZZZ P,G;
- ECP_ZZZ Q,R;
- FP24 g,gp;
- FP8_YYY t,c,cp,cpm1,cpm2;
- FP4_YYY X,Y;
- FP2_YYY x,y,f,Aa,Bb;
- FP_YYY cru;
-
- for (i=0;i<32;i++)
- byt[i]=i+9;
- RAND_seed(&rng,32,byt);
-
- BIG_XXX_rcopy(r,CURVE_Order);
- BIG_XXX_rcopy(p,Modulus);
-
-
- BIG_XXX_rcopy(xa,CURVE_Gx);
- BIG_XXX_rcopy(ya,CURVE_Gy);
-
- ECP_set(&Q,xa,ya);
- if (Q.inf) printf("Failed to set - point not on curve\n");
- else printf("G1 set success\n");
-
- printf("Q= ");
- ECP_output(&Q);
- printf("\n");
-
- ECP4_ZZZ_generator(&P);
-
- if (P.inf) printf("Failed to set - point not on curve\n");
- else printf("G2 set success\n");
-
- BIG_XXX_rcopy(a,Fra);
- BIG_XXX_rcopy(b,Frb);
- FP2_YYY from_BIGs(&f,a,b);
-
-
-//exit(0);
-
- PAIR_ate(&g,&P,&Q);
-
- printf("gb= ");
- FP24_output(&g);
- printf("\n");
- PAIR_fexp(&g);
-
- printf("g= ");
- FP24_output(&g);
- printf("\n");
-
- //FP24_pow(&g,&g,r);
-
- // printf("g^r= ");
- //FP24_output(&g);
- //printf("\n");
-
- ECP_copy(&R,&Q);
- ECP4_ZZZ_copy(&G,&P);
-
- ECP4_ZZZ_dbl(&G);
- ECP_dbl(&R);
- ECP_affine(&R);
-
- PAIR_ate(&g,&G,&Q);
- PAIR_fexp(&g);
-
- printf("g1= ");
- FP24_output(&g);
- printf("\n");
-
- PAIR_ate(&g,&P,&R);
- PAIR_fexp(&g);
-
- printf("g2= ");
- FP24_output(&g);
- printf("\n");
-
-
- PAIR_G1mul(&Q,r);
- printf("rQ= ");ECP_output(&Q); printf("\n");
-
- PAIR_G2mul(&P,r);
- printf("rP= ");ECP4_ZZZ_output(&P); printf("\n");
-
- //PAIR_GTpow(&g,r);
- //printf("g^r= ");FP24_output(&g); printf("\n");
-
-
- BIG_XXX_randomnum(w,r,&rng);
-
- FP24_copy(&gp,&g);
-
- PAIR_GTpow(&g,w);
-
- FP24_trace(&t,&g);
-
- printf("g^r= ");FP8_output(&t); printf("\n");
-
- FP24_compow(&t,&gp,w,r);
-
- printf("t(g)= "); FP8_output(&t); printf("\n");
-
-// PAIR_ate(&g,&P,&R);
-// PAIR_fexp(&g);
-
-// printf("g= ");
-// FP24_output(&g);
-// printf("\n");
-
-// PAIR_GTpow(&g,xa);
-}
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/pair192.h
----------------------------------------------------------------------
diff --git a/version3/c/pair192.h b/version3/c/pair192.h
deleted file mode 100644
index 2e50d51..0000000
--- a/version3/c/pair192.h
+++ /dev/null
@@ -1,77 +0,0 @@
-#ifndef PAIR192_ZZZ_H
-#define PAIR192_ZZZ_H
-
-#include "fp24_YYY.h"
-#include "ecp4_ZZZ.h"
-#include "ecp_ZZZ.h"
-
-
-/* Pairing constants */
-
-extern const BIG_XXX CURVE_Bnx_ZZZ; /**< BN curve x parameter */
-extern const BIG_XXX CURVE_Cru_ZZZ; /**< BN curve Cube Root of Unity */
-
-extern const BIG_XXX CURVE_W_ZZZ[2]; /**< BN curve constant for GLV decomposition */
-extern const BIG_XXX CURVE_SB_ZZZ[2][2]; /**< BN curve constant for GLV decomposition */
-extern const BIG_XXX CURVE_WB_ZZZ[4]; /**< BN curve constant for GS decomposition */
-extern const BIG_XXX CURVE_BB_ZZZ[4][4]; /**< BN curve constant for GS decomposition */
-
-/* Pairing function prototypes */
-/** @brief Calculate Miller loop for Optimal ATE pairing e(P,Q)
- *
- @param r FP24 result of the pairing calculation e(P,Q)
- @param P ECP4 instance, an element of G2
- @param Q ECP instance, an element of G1
-
- */
-extern void PAIR_ZZZ_ate(FP24_YYY *r,ECP4_ZZZ *P,ECP_ZZZ *Q);
-/** @brief Calculate Miller loop for Optimal ATE double-pairing e(P,Q).e(R,S)
- *
- Faster than calculating two separate pairings
- @param r FP24 result of the pairing calculation e(P,Q).e(R,S), an element of GT
- @param P ECP4 instance, an element of G2
- @param Q ECP instance, an element of G1
- @param R ECP4 instance, an element of G2
- @param S ECP instance, an element of G1
- */
-extern void PAIR_ZZZ_double_ate(FP24_YYY *r,ECP4_ZZZ *P,ECP_ZZZ *Q,ECP4_ZZZ *R,ECP_ZZZ *S);
-/** @brief Final exponentiation of pairing, converts output of Miller loop to element in GT
- *
- Here p is the internal modulus, and r is the group order
- @param x FP24, on exit = x^((p^12-1)/r)
- */
-extern void PAIR_ZZZ_fexp(FP24_YYY *x);
-/** @brief Fast point multiplication of a member of the group G1 by a BIG number
- *
- May exploit endomorphism for speed.
- @param Q ECP member of G1.
- @param b BIG multiplier
-
- */
-extern void PAIR_ZZZ_G1mul(ECP_ZZZ *Q,BIG_XXX b);
-/** @brief Fast point multiplication of a member of the group G2 by a BIG number
- *
- May exploit endomorphism for speed.
- @param P ECP4 member of G1.
- @param b BIG multiplier
-
- */
-extern void PAIR_ZZZ_G2mul(ECP4_ZZZ *P,BIG_XXX b);
-/** @brief Fast raising of a member of GT to a BIG power
- *
- May exploit endomorphism for speed.
- @param x FP24 member of GT.
- @param b BIG exponent
-
- */
-extern void PAIR_ZZZ_GTpow(FP24_YYY *x,BIG_XXX b);
-/** @brief Tests FP24 for membership of GT
- *
- @param x FP24 instance
- @return 1 if x is in GT, else return 0
-
- */
-extern int PAIR_ZZZ_GTmember(FP24_YYY *x);
-
-
-#endif
[42/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/go/AES.go
----------------------------------------------------------------------
diff --git a/version22/go/AES.go b/version22/go/AES.go
deleted file mode 100644
index 1aeb6d7..0000000
--- a/version22/go/AES.go
+++ /dev/null
@@ -1,634 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AES Encryption */
-
-package main
-
-//import "fmt"
-
-const aes_ECB int=0
-const aes_CBC int=1
-const aes_CFB1 int=2
-const aes_CFB2 int=3
-const aes_CFB4 int=5
-const aes_OFB1 int=14
-const aes_OFB2 int=15
-const aes_OFB4 int=17
-const aes_OFB8 int=21
-const aes_OFB16 int=29
-const aes_CTR1 int=30
-const aes_CTR2 int=31
-const aes_CTR4 int=33
-const aes_CTR8 int=37
-const aes_CTR16 int=45
-
-var aes_InCo = [...]byte {0xB,0xD,0x9,0xE} /* Inverse Coefficients */
-
-var aes_ptab = [...]byte {
- 1, 3, 5, 15, 17, 51, 85, 255, 26, 46, 114, 150, 161, 248, 19, 53,
- 95, 225, 56, 72, 216, 115, 149, 164, 247, 2, 6, 10, 30, 34, 102, 170,
- 229, 52, 92, 228, 55, 89, 235, 38, 106, 190, 217, 112, 144, 171, 230, 49,
- 83, 245, 4, 12, 20, 60, 68, 204, 79, 209, 104, 184, 211, 110, 178, 205,
- 76, 212, 103, 169, 224, 59, 77, 215, 98, 166, 241, 8, 24, 40, 120, 136,
- 131, 158, 185, 208, 107, 189, 220, 127, 129, 152, 179, 206, 73, 219, 118, 154,
- 181, 196, 87, 249, 16, 48, 80, 240, 11, 29, 39, 105, 187, 214, 97, 163,
- 254, 25, 43, 125, 135, 146, 173, 236, 47, 113, 147, 174, 233, 32, 96, 160,
- 251, 22, 58, 78, 210, 109, 183, 194, 93, 231, 50, 86, 250, 21, 63, 65,
- 195, 94, 226, 61, 71, 201, 64, 192, 91, 237, 44, 116, 156, 191, 218, 117,
- 159, 186, 213, 100, 172, 239, 42, 126, 130, 157, 188, 223, 122, 142, 137, 128,
- 155, 182, 193, 88, 232, 35, 101, 175, 234, 37, 111, 177, 200, 67, 197, 84,
- 252, 31, 33, 99, 165, 244, 7, 9, 27, 45, 119, 153, 176, 203, 70, 202,
- 69, 207, 74, 222, 121, 139, 134, 145, 168, 227, 62, 66, 198, 81, 243, 14,
- 18, 54, 90, 238, 41, 123, 141, 140, 143, 138, 133, 148, 167, 242, 13, 23,
- 57, 75, 221, 124, 132, 151, 162, 253, 28, 36, 108, 180, 199, 82, 246, 1}
-
-var aes_ltab = [...]byte {
- 0, 255, 25, 1, 50, 2, 26, 198, 75, 199, 27, 104, 51, 238, 223, 3,
- 100, 4, 224, 14, 52, 141, 129, 239, 76, 113, 8, 200, 248, 105, 28, 193,
- 125, 194, 29, 181, 249, 185, 39, 106, 77, 228, 166, 114, 154, 201, 9, 120,
- 101, 47, 138, 5, 33, 15, 225, 36, 18, 240, 130, 69, 53, 147, 218, 142,
- 150, 143, 219, 189, 54, 208, 206, 148, 19, 92, 210, 241, 64, 70, 131, 56,
- 102, 221, 253, 48, 191, 6, 139, 98, 179, 37, 226, 152, 34, 136, 145, 16,
- 126, 110, 72, 195, 163, 182, 30, 66, 58, 107, 40, 84, 250, 133, 61, 186,
- 43, 121, 10, 21, 155, 159, 94, 202, 78, 212, 172, 229, 243, 115, 167, 87,
- 175, 88, 168, 80, 244, 234, 214, 116, 79, 174, 233, 213, 231, 230, 173, 232,
- 44, 215, 117, 122, 235, 22, 11, 245, 89, 203, 95, 176, 156, 169, 81, 160,
- 127, 12, 246, 111, 23, 196, 73, 236, 216, 67, 31, 45, 164, 118, 123, 183,
- 204, 187, 62, 90, 251, 96, 177, 134, 59, 82, 161, 108, 170, 85, 41, 157,
- 151, 178, 135, 144, 97, 190, 220, 252, 188, 149, 207, 205, 55, 63, 91, 209,
- 83, 57, 132, 60, 65, 162, 109, 71, 20, 42, 158, 93, 86, 242, 211, 171,
- 68, 17, 146, 217, 35, 32, 46, 137, 180, 124, 184, 38, 119, 153, 227, 165,
- 103, 74, 237, 222, 197, 49, 254, 24, 13, 99, 140, 128, 192, 247, 112, 7}
-
-
-var aes_fbsub = [...]byte {
- 99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 171, 118,
- 202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 156, 164, 114, 192,
- 183, 253, 147, 38, 54, 63, 247, 204, 52, 165, 229, 241, 113, 216, 49, 21,
- 4, 199, 35, 195, 24, 150, 5, 154, 7, 18, 128, 226, 235, 39, 178, 117,
- 9, 131, 44, 26, 27, 110, 90, 160, 82, 59, 214, 179, 41, 227, 47, 132,
- 83, 209, 0, 237, 32, 252, 177, 91, 106, 203, 190, 57, 74, 76, 88, 207,
- 208, 239, 170, 251, 67, 77, 51, 133, 69, 249, 2, 127, 80, 60, 159, 168,
- 81, 163, 64, 143, 146, 157, 56, 245, 188, 182, 218, 33, 16, 255, 243, 210,
- 205, 12, 19, 236, 95, 151, 68, 23, 196, 167, 126, 61, 100, 93, 25, 115,
- 96, 129, 79, 220, 34, 42, 144, 136, 70, 238, 184, 20, 222, 94, 11, 219,
- 224, 50, 58, 10, 73, 6, 36, 92, 194, 211, 172, 98, 145, 149, 228, 121,
- 231, 200, 55, 109, 141, 213, 78, 169, 108, 86, 244, 234, 101, 122, 174, 8,
- 186, 120, 37, 46, 28, 166, 180, 198, 232, 221, 116, 31, 75, 189, 139, 138,
- 112, 62, 181, 102, 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158,
- 225, 248, 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223,
- 140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 187, 22}
-
-var aes_rbsub = [...]byte {
- 82, 9, 106, 213, 48, 54, 165, 56, 191, 64, 163, 158, 129, 243, 215, 251,
- 124, 227, 57, 130, 155, 47, 255, 135, 52, 142, 67, 68, 196, 222, 233, 203,
- 84, 123, 148, 50, 166, 194, 35, 61, 238, 76, 149, 11, 66, 250, 195, 78,
- 8, 46, 161, 102, 40, 217, 36, 178, 118, 91, 162, 73, 109, 139, 209, 37,
- 114, 248, 246, 100, 134, 104, 152, 22, 212, 164, 92, 204, 93, 101, 182, 146,
- 108, 112, 72, 80, 253, 237, 185, 218, 94, 21, 70, 87, 167, 141, 157, 132,
- 144, 216, 171, 0, 140, 188, 211, 10, 247, 228, 88, 5, 184, 179, 69, 6,
- 208, 44, 30, 143, 202, 63, 15, 2, 193, 175, 189, 3, 1, 19, 138, 107,
- 58, 145, 17, 65, 79, 103, 220, 234, 151, 242, 207, 206, 240, 180, 230, 115,
- 150, 172, 116, 34, 231, 173, 53, 133, 226, 249, 55, 232, 28, 117, 223, 110,
- 71, 241, 26, 113, 29, 41, 197, 137, 111, 183, 98, 14, 170, 24, 190, 27,
- 252, 86, 62, 75, 198, 210, 121, 32, 154, 219, 192, 254, 120, 205, 90, 244,
- 31, 221, 168, 51, 136, 7, 199, 49, 177, 18, 16, 89, 39, 128, 236, 95,
- 96, 81, 127, 169, 25, 181, 74, 13, 45, 229, 122, 159, 147, 201, 156, 239,
- 160, 224, 59, 77, 174, 42, 245, 176, 200, 235, 187, 60, 131, 83, 153, 97,
- 23, 43, 4, 126, 186, 119, 214, 38, 225, 105, 20, 99, 85, 33, 12, 125}
-
-
-var aes_rco = [...]byte {1,2,4,8,16,32,64,128,27,54,108,216,171,77,154,47}
-
-var aes_ftable = [...]uint32 {
- 0xa56363c6,0x847c7cf8,0x997777ee,0x8d7b7bf6,0xdf2f2ff,0xbd6b6bd6,
- 0xb16f6fde,0x54c5c591,0x50303060,0x3010102,0xa96767ce,0x7d2b2b56,
- 0x19fefee7,0x62d7d7b5,0xe6abab4d,0x9a7676ec,0x45caca8f,0x9d82821f,
- 0x40c9c989,0x877d7dfa,0x15fafaef,0xeb5959b2,0xc947478e,0xbf0f0fb,
- 0xecadad41,0x67d4d4b3,0xfda2a25f,0xeaafaf45,0xbf9c9c23,0xf7a4a453,
- 0x967272e4,0x5bc0c09b,0xc2b7b775,0x1cfdfde1,0xae93933d,0x6a26264c,
- 0x5a36366c,0x413f3f7e,0x2f7f7f5,0x4fcccc83,0x5c343468,0xf4a5a551,
- 0x34e5e5d1,0x8f1f1f9,0x937171e2,0x73d8d8ab,0x53313162,0x3f15152a,
- 0xc040408,0x52c7c795,0x65232346,0x5ec3c39d,0x28181830,0xa1969637,
- 0xf05050a,0xb59a9a2f,0x907070e,0x36121224,0x9b80801b,0x3de2e2df,
- 0x26ebebcd,0x6927274e,0xcdb2b27f,0x9f7575ea,0x1b090912,0x9e83831d,
- 0x742c2c58,0x2e1a1a34,0x2d1b1b36,0xb26e6edc,0xee5a5ab4,0xfba0a05b,
- 0xf65252a4,0x4d3b3b76,0x61d6d6b7,0xceb3b37d,0x7b292952,0x3ee3e3dd,
- 0x712f2f5e,0x97848413,0xf55353a6,0x68d1d1b9,0x0,0x2cededc1,
- 0x60202040,0x1ffcfce3,0xc8b1b179,0xed5b5bb6,0xbe6a6ad4,0x46cbcb8d,
- 0xd9bebe67,0x4b393972,0xde4a4a94,0xd44c4c98,0xe85858b0,0x4acfcf85,
- 0x6bd0d0bb,0x2aefefc5,0xe5aaaa4f,0x16fbfbed,0xc5434386,0xd74d4d9a,
- 0x55333366,0x94858511,0xcf45458a,0x10f9f9e9,0x6020204,0x817f7ffe,
- 0xf05050a0,0x443c3c78,0xba9f9f25,0xe3a8a84b,0xf35151a2,0xfea3a35d,
- 0xc0404080,0x8a8f8f05,0xad92923f,0xbc9d9d21,0x48383870,0x4f5f5f1,
- 0xdfbcbc63,0xc1b6b677,0x75dadaaf,0x63212142,0x30101020,0x1affffe5,
- 0xef3f3fd,0x6dd2d2bf,0x4ccdcd81,0x140c0c18,0x35131326,0x2fececc3,
- 0xe15f5fbe,0xa2979735,0xcc444488,0x3917172e,0x57c4c493,0xf2a7a755,
- 0x827e7efc,0x473d3d7a,0xac6464c8,0xe75d5dba,0x2b191932,0x957373e6,
- 0xa06060c0,0x98818119,0xd14f4f9e,0x7fdcdca3,0x66222244,0x7e2a2a54,
- 0xab90903b,0x8388880b,0xca46468c,0x29eeeec7,0xd3b8b86b,0x3c141428,
- 0x79dedea7,0xe25e5ebc,0x1d0b0b16,0x76dbdbad,0x3be0e0db,0x56323264,
- 0x4e3a3a74,0x1e0a0a14,0xdb494992,0xa06060c,0x6c242448,0xe45c5cb8,
- 0x5dc2c29f,0x6ed3d3bd,0xefacac43,0xa66262c4,0xa8919139,0xa4959531,
- 0x37e4e4d3,0x8b7979f2,0x32e7e7d5,0x43c8c88b,0x5937376e,0xb76d6dda,
- 0x8c8d8d01,0x64d5d5b1,0xd24e4e9c,0xe0a9a949,0xb46c6cd8,0xfa5656ac,
- 0x7f4f4f3,0x25eaeacf,0xaf6565ca,0x8e7a7af4,0xe9aeae47,0x18080810,
- 0xd5baba6f,0x887878f0,0x6f25254a,0x722e2e5c,0x241c1c38,0xf1a6a657,
- 0xc7b4b473,0x51c6c697,0x23e8e8cb,0x7cdddda1,0x9c7474e8,0x211f1f3e,
- 0xdd4b4b96,0xdcbdbd61,0x868b8b0d,0x858a8a0f,0x907070e0,0x423e3e7c,
- 0xc4b5b571,0xaa6666cc,0xd8484890,0x5030306,0x1f6f6f7,0x120e0e1c,
- 0xa36161c2,0x5f35356a,0xf95757ae,0xd0b9b969,0x91868617,0x58c1c199,
- 0x271d1d3a,0xb99e9e27,0x38e1e1d9,0x13f8f8eb,0xb398982b,0x33111122,
- 0xbb6969d2,0x70d9d9a9,0x898e8e07,0xa7949433,0xb69b9b2d,0x221e1e3c,
- 0x92878715,0x20e9e9c9,0x49cece87,0xff5555aa,0x78282850,0x7adfdfa5,
- 0x8f8c8c03,0xf8a1a159,0x80898909,0x170d0d1a,0xdabfbf65,0x31e6e6d7,
- 0xc6424284,0xb86868d0,0xc3414182,0xb0999929,0x772d2d5a,0x110f0f1e,
- 0xcbb0b07b,0xfc5454a8,0xd6bbbb6d,0x3a16162c}
-
-var aes_rtable = [...]uint32 {
- 0x50a7f451,0x5365417e,0xc3a4171a,0x965e273a,0xcb6bab3b,0xf1459d1f,
- 0xab58faac,0x9303e34b,0x55fa3020,0xf66d76ad,0x9176cc88,0x254c02f5,
- 0xfcd7e54f,0xd7cb2ac5,0x80443526,0x8fa362b5,0x495ab1de,0x671bba25,
- 0x980eea45,0xe1c0fe5d,0x2752fc3,0x12f04c81,0xa397468d,0xc6f9d36b,
- 0xe75f8f03,0x959c9215,0xeb7a6dbf,0xda595295,0x2d83bed4,0xd3217458,
- 0x2969e049,0x44c8c98e,0x6a89c275,0x78798ef4,0x6b3e5899,0xdd71b927,
- 0xb64fe1be,0x17ad88f0,0x66ac20c9,0xb43ace7d,0x184adf63,0x82311ae5,
- 0x60335197,0x457f5362,0xe07764b1,0x84ae6bbb,0x1ca081fe,0x942b08f9,
- 0x58684870,0x19fd458f,0x876cde94,0xb7f87b52,0x23d373ab,0xe2024b72,
- 0x578f1fe3,0x2aab5566,0x728ebb2,0x3c2b52f,0x9a7bc586,0xa50837d3,
- 0xf2872830,0xb2a5bf23,0xba6a0302,0x5c8216ed,0x2b1ccf8a,0x92b479a7,
- 0xf0f207f3,0xa1e2694e,0xcdf4da65,0xd5be0506,0x1f6234d1,0x8afea6c4,
- 0x9d532e34,0xa055f3a2,0x32e18a05,0x75ebf6a4,0x39ec830b,0xaaef6040,
- 0x69f715e,0x51106ebd,0xf98a213e,0x3d06dd96,0xae053edd,0x46bde64d,
- 0xb58d5491,0x55dc471,0x6fd40604,0xff155060,0x24fb9819,0x97e9bdd6,
- 0xcc434089,0x779ed967,0xbd42e8b0,0x888b8907,0x385b19e7,0xdbeec879,
- 0x470a7ca1,0xe90f427c,0xc91e84f8,0x0,0x83868009,0x48ed2b32,
- 0xac70111e,0x4e725a6c,0xfbff0efd,0x5638850f,0x1ed5ae3d,0x27392d36,
- 0x64d90f0a,0x21a65c68,0xd1545b9b,0x3a2e3624,0xb1670a0c,0xfe75793,
- 0xd296eeb4,0x9e919b1b,0x4fc5c080,0xa220dc61,0x694b775a,0x161a121c,
- 0xaba93e2,0xe52aa0c0,0x43e0223c,0x1d171b12,0xb0d090e,0xadc78bf2,
- 0xb9a8b62d,0xc8a91e14,0x8519f157,0x4c0775af,0xbbdd99ee,0xfd607fa3,
- 0x9f2601f7,0xbcf5725c,0xc53b6644,0x347efb5b,0x7629438b,0xdcc623cb,
- 0x68fcedb6,0x63f1e4b8,0xcadc31d7,0x10856342,0x40229713,0x2011c684,
- 0x7d244a85,0xf83dbbd2,0x1132f9ae,0x6da129c7,0x4b2f9e1d,0xf330b2dc,
- 0xec52860d,0xd0e3c177,0x6c16b32b,0x99b970a9,0xfa489411,0x2264e947,
- 0xc48cfca8,0x1a3ff0a0,0xd82c7d56,0xef903322,0xc74e4987,0xc1d138d9,
- 0xfea2ca8c,0x360bd498,0xcf81f5a6,0x28de7aa5,0x268eb7da,0xa4bfad3f,
- 0xe49d3a2c,0xd927850,0x9bcc5f6a,0x62467e54,0xc2138df6,0xe8b8d890,
- 0x5ef7392e,0xf5afc382,0xbe805d9f,0x7c93d069,0xa92dd56f,0xb31225cf,
- 0x3b99acc8,0xa77d1810,0x6e639ce8,0x7bbb3bdb,0x97826cd,0xf418596e,
- 0x1b79aec,0xa89a4f83,0x656e95e6,0x7ee6ffaa,0x8cfbc21,0xe6e815ef,
- 0xd99be7ba,0xce366f4a,0xd4099fea,0xd67cb029,0xafb2a431,0x31233f2a,
- 0x3094a5c6,0xc066a235,0x37bc4e74,0xa6ca82fc,0xb0d090e0,0x15d8a733,
- 0x4a9804f1,0xf7daec41,0xe50cd7f,0x2ff69117,0x8dd64d76,0x4db0ef43,
- 0x544daacc,0xdf0496e4,0xe3b5d19e,0x1b886a4c,0xb81f2cc1,0x7f516546,
- 0x4ea5e9d,0x5d358c01,0x737487fa,0x2e410bfb,0x5a1d67b3,0x52d2db92,
- 0x335610e9,0x1347d66d,0x8c61d79a,0x7a0ca137,0x8e14f859,0x893c13eb,
- 0xee27a9ce,0x35c961b7,0xede51ce1,0x3cb1477a,0x59dfd29c,0x3f73f255,
- 0x79ce1418,0xbf37c773,0xeacdf753,0x5baafd5f,0x146f3ddf,0x86db4478,
- 0x81f3afca,0x3ec468b9,0x2c342438,0x5f40a3c2,0x72c31d16,0xc25e2bc,
- 0x8b493c28,0x41950dff,0x7101a839,0xdeb30c08,0x9ce4b4d8,0x90c15664,
- 0x6184cb7b,0x70b632d5,0x745c6c48,0x4257b8d0}
-
-type AES struct {
- Nk int
- Nr int
- mode int
- fkey [60]uint32
- rkey [60]uint32
- f [16]byte
-}
-
-/* Rotates 32-bit word left by 1, 2 or 3 byte */
-
-func aes_ROTL8(x uint32) uint32 {
- return (((x)<<8)|((x)>>24))
-}
-
-func aes_ROTL16(x uint32) uint32 {
- return (((x)<<16)|((x)>>16))
-}
-
-func aes_ROTL24(x uint32) uint32 {
- return (((x)<<24)|((x)>>8))
-}
-
-func aes_pack(b [4]byte) uint32 { /* pack bytes into a 32-bit Word */
- return ((uint32(b[3])&0xff)<<24)|((uint32(b[2])&0xff)<<16)|((uint32(b[1])&0xff)<<8)|(uint32(b[0])&0xff)
-}
-
-func aes_unpack(a uint32) [4]byte { /* unpack bytes from a word */
- var b=[4]byte{byte(a&0xff),byte((a>>8)&0xff),byte((a>>16)&0xff),byte((a>>24)&0xff)}
- return b;
-}
-
-func aes_bmul(x byte,y byte) byte { /* x.y= AntiLog(Log(x) + Log(y)) */
-
- ix:=int(x)&0xff
- iy:=int(y)&0xff
- lx:=int(aes_ltab[ix])&0xff
- ly:=int(aes_ltab[iy])&0xff
-
- if x != 0 && y != 0 {
- return aes_ptab[(lx+ly)%255]
- } else {return byte(0)}
-}
-
-func aes_SubByte(a uint32) uint32 {
- b:=aes_unpack(a)
- b[0]=aes_fbsub[int(b[0])]
- b[1]=aes_fbsub[int(b[1])]
- b[2]=aes_fbsub[int(b[2])]
- b[3]=aes_fbsub[int(b[3])]
- return aes_pack(b);
-}
-
-func aes_product(x uint32,y uint32) byte { /* dot product of two 4-byte arrays */
- xb:=aes_unpack(x)
- yb:=aes_unpack(y)
-
- return (aes_bmul(xb[0],yb[0])^aes_bmul(xb[1],yb[1])^aes_bmul(xb[2],yb[2])^aes_bmul(xb[3],yb[3]))
-}
-
-func aes_InvMixCol(x uint32) uint32 { /* matrix Multiplication */
- var b [4]byte
- m:=aes_pack(aes_InCo)
- b[3]=aes_product(m,x)
- m=aes_ROTL24(m)
- b[2]=aes_product(m,x)
- m=aes_ROTL24(m)
- b[1]=aes_product(m,x)
- m=aes_ROTL24(m)
- b[0]=aes_product(m,x)
- var y=aes_pack(b)
- return y
-}
-
-func aes_increment(f []byte) {
- for i:=0;i<16;i++ {
- f[i]++
- if f[i]!=0 {break}
- }
-}
-
-/* reset cipher */
-func (A *AES) Reset(m int,iv []byte) { /* reset mode, or reset iv */
- A.mode=m;
- for i:=0;i<16;i++ {A.f[i]=0}
- if (A.mode != aes_ECB) && (iv != nil) {
- for i:=0;i<16;i++ {A.f[i]=iv[i]}
- }
-}
-
-func (A *AES) Init(m int,nk int,key []byte,iv []byte) bool {
-/* Key Scheduler. Create expanded encryption key */
- var CipherKey [8]uint32
- var b [4]byte
- nk/=4
- if nk!=4 && nk!=6 && nk!=8 {return false}
- nr:=6+nk
- A.Nk=nk
- A.Nr=nr
- A.Reset(m,iv);
- N:=4*(nr+1)
-
- j:=0
- for i:=0;i<nk;i++ {
- for k:=0;k<4;k++ {b[k]=key[j+k]}
- CipherKey[i]=aes_pack(b);
- j+=4;
- }
- for i:=0;i<nk;i++ {A.fkey[i]=CipherKey[i]}
- j=nk
- for k:=0;j<N;k++ {
- A.fkey[j]=A.fkey[j-nk]^aes_SubByte(aes_ROTL24(A.fkey[j-1]))^uint32(aes_rco[k])
- for i:=1;i<nk && (i+j)<N;i++ {
- A.fkey[i+j]=A.fkey[i+j-nk]^A.fkey[i+j-1]
- }
- j+=nk
- }
-
- /* now for the expanded decrypt key in reverse order */
-
- for j:=0;j<4;j++ {A.rkey[j+N-4]=A.fkey[j]}
- for i:=4;i<N-4;i+=4 {
- k:=N-4-i;
- for j:=0;j<4;j++ {A.rkey[k+j]=aes_InvMixCol(A.fkey[i+j])}
- }
- for j:=N-4;j<N;j++ {A.rkey[j-N+4]=A.fkey[j]}
- return true
-}
-
-func NewAES() *AES {
- var A=new(AES)
- return A
-}
-
-func (A *AES) Getreg() [16]byte {
- var ir [16]byte
- for i:=0;i<16;i++ {ir[i]=A.f[i]}
- return ir
-}
-
- /* Encrypt a single block */
-func (A *AES) ecb_encrypt(buff []byte) {
- var b [4]byte
- var p [4]uint32
- var q [4]uint32
-
- j:=0
- for i:=0;i<4;i++ {
- for k:=0;k<4;k++ {b[k]=buff[j+k]}
- p[i]=aes_pack(b)
- p[i]^=A.fkey[i]
- j+=4
- }
-
- k:=4
-
- /* State alternates between p and q */
- for i:=1;i<A.Nr;i++ {
- q[0]=A.fkey[k]^aes_ftable[int(p[0]&0xff)]^aes_ROTL8(aes_ftable[int((p[1]>>8)&0xff)])^aes_ROTL16(aes_ftable[int((p[2]>>16)&0xff)])^aes_ROTL24(aes_ftable[int((p[3]>>24)&0xff)])
-
- q[1]=A.fkey[k+1]^aes_ftable[int(p[1]&0xff)]^aes_ROTL8(aes_ftable[int((p[2]>>8)&0xff)])^aes_ROTL16(aes_ftable[int((p[3]>>16)&0xff)])^aes_ROTL24(aes_ftable[int((p[0]>>24)&0xff)])
-
- q[2]=A.fkey[k+2]^aes_ftable[int(p[2]&0xff)]^aes_ROTL8(aes_ftable[int((p[3]>>8)&0xff)])^aes_ROTL16(aes_ftable[int((p[0]>>16)&0xff)])^aes_ROTL24(aes_ftable[int((p[1]>>24)&0xff)])
-
- q[3]=A.fkey[k+3]^aes_ftable[int(p[3]&0xff)]^aes_ROTL8(aes_ftable[int((p[0]>>8)&0xff)])^aes_ROTL16(aes_ftable[int((p[1]>>16)&0xff)])^aes_ROTL24(aes_ftable[int((p[2]>>24)&0xff)])
-
- k+=4;
- for j=0;j<4;j++ {
- t:=p[j]; p[j]=q[j]; q[j]=t
- }
- }
-
- /* Last Round */
-
- q[0]=A.fkey[k]^uint32(aes_fbsub[int(p[0]&0xff)])^aes_ROTL8(uint32(aes_fbsub[int((p[1]>>8)&0xff)]))^aes_ROTL16(uint32(aes_fbsub[int((p[2]>>16)&0xff)]))^aes_ROTL24(uint32(aes_fbsub[int((p[3]>>24)&0xff)]))
-
- q[1]=A.fkey[k+1]^uint32(aes_fbsub[int(p[1]&0xff)])^aes_ROTL8(uint32(aes_fbsub[int((p[2]>>8)&0xff)]))^aes_ROTL16(uint32(aes_fbsub[int((p[3]>>16)&0xff)]))^aes_ROTL24(uint32(aes_fbsub[int((p[0]>>24)&0xff)]))
-
- q[2]=A.fkey[k+2]^uint32(aes_fbsub[int(p[2]&0xff)])^aes_ROTL8(uint32(aes_fbsub[int((p[3]>>8)&0xff)]))^aes_ROTL16(uint32(aes_fbsub[int((p[0]>>16)&0xff)]))^aes_ROTL24(uint32(aes_fbsub[int((p[1]>>24)&0xff)]))
-
- q[3]=A.fkey[k+3]^uint32(aes_fbsub[int(p[3]&0xff)])^aes_ROTL8(uint32(aes_fbsub[int((p[0]>>8)&0xff)]))^aes_ROTL16(uint32(aes_fbsub[int((p[1]>>16)&0xff)]))^aes_ROTL24(uint32(aes_fbsub[int((p[2]>>24)&0xff)]))
-
- j=0
- for i:=0;i<4;i++ {
- b=aes_unpack(q[i])
- for k=0;k<4;k++ {buff[j+k]=b[k]}
- j+=4
- }
-}
-
- /* Decrypt a single block */
-func (A *AES) ecb_decrypt(buff []byte) {
- var b [4]byte
- var p [4]uint32
- var q [4]uint32
-
- j:=0
- for i:=0;i<4;i++ {
- for k:=0;k<4;k++ {b[k]=buff[j+k]}
- p[i]=aes_pack(b)
- p[i]^=A.rkey[i]
- j+=4
- }
-
- k:=4
-
- /* State alternates between p and q */
- for i:=1;i<A.Nr;i++ {
-
- q[0]=A.rkey[k]^aes_rtable[int(p[0]&0xff)]^aes_ROTL8(aes_rtable[int((p[3]>>8)&0xff)])^aes_ROTL16(aes_rtable[int((p[2]>>16)&0xff)])^aes_ROTL24(aes_rtable[int((p[1]>>24)&0xff)])
-
- q[1]=A.rkey[k+1]^aes_rtable[int(p[1]&0xff)]^aes_ROTL8(aes_rtable[int((p[0]>>8)&0xff)])^aes_ROTL16(aes_rtable[int((p[3]>>16)&0xff)])^aes_ROTL24(aes_rtable[int((p[2]>>24)&0xff)])
-
-
- q[2]=A.rkey[k+2]^aes_rtable[int(p[2]&0xff)]^aes_ROTL8(aes_rtable[int((p[1]>>8)&0xff)])^aes_ROTL16(aes_rtable[int((p[0]>>16)&0xff)])^aes_ROTL24(aes_rtable[int((p[3]>>24)&0xff)])
-
- q[3]=A.rkey[k+3]^aes_rtable[int(p[3]&0xff)]^aes_ROTL8(aes_rtable[int((p[2]>>8)&0xff)])^aes_ROTL16(aes_rtable[int((p[1]>>16)&0xff)])^aes_ROTL24(aes_rtable[int((p[0]>>24)&0xff)])
-
-
- k+=4;
- for j:=0;j<4;j++ {
- t:=p[j]; p[j]=q[j]; q[j]=t
- }
- }
-
- /* Last Round */
-
- q[0]=A.rkey[k]^uint32(aes_rbsub[int(p[0]&0xff)])^aes_ROTL8(uint32(aes_rbsub[int((p[3]>>8)&0xff)]))^aes_ROTL16(uint32(aes_rbsub[int((p[2]>>16)&0xff)]))^aes_ROTL24(uint32(aes_rbsub[int((p[1]>>24)&0xff)]))
-
- q[1]=A.rkey[k+1]^uint32(aes_rbsub[int(p[1]&0xff)])^aes_ROTL8(uint32(aes_rbsub[int((p[0]>>8)&0xff)]))^aes_ROTL16(uint32(aes_rbsub[int((p[3]>>16)&0xff)]))^aes_ROTL24(uint32(aes_rbsub[int((p[2]>>24)&0xff)]))
-
-
- q[2]=A.rkey[k+2]^uint32(aes_rbsub[int(p[2]&0xff)])^aes_ROTL8(uint32(aes_rbsub[int((p[1]>>8)&0xff)]))^aes_ROTL16(uint32(aes_rbsub[int((p[0]>>16)&0xff)]))^aes_ROTL24(uint32(aes_rbsub[int((p[3]>>24)&0xff)]))
-
- q[3]=A.rkey[k+3]^uint32(aes_rbsub[int((p[3])&0xff)])^aes_ROTL8(uint32(aes_rbsub[int((p[2]>>8)&0xff)]))^aes_ROTL16(uint32(aes_rbsub[int((p[1]>>16)&0xff)]))^aes_ROTL24(uint32(aes_rbsub[int((p[0]>>24)&0xff)]))
-
- j=0
- for i:=0;i<4;i++ {
- b=aes_unpack(q[i]);
- for k:=0;k<4;k++ {buff[j+k]=b[k]}
- j+=4
- }
-}
-
-/* Encrypt using selected mode of operation */
-func (A *AES) Encrypt(buff []byte) uint32 {
- var st [16]byte
-
- // Supported Modes of Operation
-
- var fell_off uint32=0
- switch A.mode {
- case aes_ECB:
- A.ecb_encrypt(buff)
- return 0
- case aes_CBC:
- for j:=0;j<16;j++ {buff[j]^=A.f[j]}
- A.ecb_encrypt(buff)
- for j:=0;j<16;j++ {A.f[j]=buff[j]}
- return 0
-
- case aes_CFB1:
- fallthrough
- case aes_CFB2:
- fallthrough
- case aes_CFB4:
- bytes:=A.mode-aes_CFB1+1
- for j:=0;j<bytes;j++ {fell_off=(fell_off<<8)|uint32(A.f[j])}
- for j:=0;j<16;j++ {st[j]=A.f[j]}
- for j:=bytes;j<16;j++ {A.f[j-bytes]=A.f[j]}
- A.ecb_encrypt(st[:])
- for j:=0;j<bytes;j++ {
- buff[j]^=st[j]
- A.f[16-bytes+j]=buff[j]
- }
- return fell_off
-
- case aes_OFB1:
- fallthrough
- case aes_OFB2:
- fallthrough
- case aes_OFB4:
- fallthrough
- case aes_OFB8:
- fallthrough
- case aes_OFB16:
-
- bytes:=A.mode-aes_OFB1+1
- A.ecb_encrypt(A.f[:])
- for j:=0;j<bytes;j++ {buff[j]^=A.f[j]}
- return 0;
-
- case aes_CTR1:
- fallthrough
- case aes_CTR2:
- fallthrough
- case aes_CTR4:
- fallthrough
- case aes_CTR8:
- fallthrough
- case aes_CTR16:
- bytes:=A.mode-aes_CTR1+1
- for j:=0;j<16;j++ {st[j]=A.f[j]}
- A.ecb_encrypt(st[:])
- for j:=0;j<bytes;j++ {buff[j]^=st[j]}
- aes_increment(A.f[:])
- return 0
-
- default:
- return 0
- }
-}
-
- /* Decrypt using selected mode of operation */
-func (A *AES) Decrypt(buff []byte) uint32 {
-
- var st [16]byte
-
- // Supported Modes of Operation
-
- var fell_off uint32=0
- switch A.mode {
- case aes_ECB:
- A.ecb_decrypt(buff);
- return 0;
- case aes_CBC:
- for j:=0;j<16;j++ {
- st[j]=A.f[j];
- A.f[j]=buff[j];
- }
- A.ecb_decrypt(buff);
- for j:=0;j<16;j++ {
- buff[j]^=st[j];
- st[j]=0
- }
- return 0
- case aes_CFB1:
- fallthrough
- case aes_CFB2:
- fallthrough
- case aes_CFB4:
- bytes:=A.mode-aes_CFB1+1;
- for j:=0;j<bytes;j++ {fell_off=(fell_off<<8)|uint32(A.f[j])}
- for j:=0;j<16;j++ {st[j]=A.f[j]}
- for j:=bytes;j<16;j++ {A.f[j-bytes]=A.f[j]}
- A.ecb_encrypt(st[:])
- for j:=0;j<bytes;j++ {
- A.f[16-bytes+j]=buff[j]
- buff[j]^=st[j]
- }
- return fell_off
- case aes_OFB1:
- fallthrough
- case aes_OFB2:
- fallthrough
- case aes_OFB4:
- fallthrough
- case aes_OFB8:
- fallthrough
- case aes_OFB16:
- bytes:=A.mode-aes_OFB1+1
- A.ecb_encrypt(A.f[:]);
- for j:=0;j<bytes;j++ {buff[j]^=A.f[j]}
- return 0
-
- case aes_CTR1:
- fallthrough
- case aes_CTR2:
- fallthrough
- case aes_CTR4:
- fallthrough
- case aes_CTR8:
- fallthrough
- case aes_CTR16:
- bytes:=A.mode-aes_CTR1+1
- for j:=0;j<16;j++ {st[j]=A.f[j]}
- A.ecb_encrypt(st[:])
- for j:=0;j<bytes;j++ {buff[j]^=st[j]}
- aes_increment(A.f[:])
- return 0
-
- default:
- return 0;
- }
- }
-
-/* Clean up and delete left-overs */
-func (A *AES) End() { // clean up
- for i:=0;i<4*(A.Nr+1);i++ {A.fkey[i]=0; A.rkey[i]=0}
- for i:=0;i<16;i++ {A.f[i]=0}
-}
-/*
-func main() {
- var key [32]byte
- var block [16]byte
- var iv [16]byte
-
- for i:=0;i<32;i++ {key[i]=0}
- key[0]=1
- for i:=0;i<16;i++ {iv[i]=byte(i)}
- for i:=0;i<16;i++ {block[i]=byte(i)}
-
- a:=NewAES()
-
- a.Init(aes_CTR16,32,key[:],iv[:])
- fmt.Printf("Plain= \n")
- for i:=0;i<16;i++ {fmt.Printf("%02X ", block[i]&0xff)}
- fmt.Printf("\n")
-
- a.Encrypt(block[:])
-
- fmt.Printf("Encrypt= \n")
- for i:=0;i<16;i++ {fmt.Printf("%02X ", block[i]&0xff)}
- fmt.Printf("\n")
-
- a.Reset(aes_CTR16,iv[:])
- a.Decrypt(block[:])
-
- fmt.Printf("Decrypt= \n")
- for i:=0;i<16;i++ {fmt.Printf("%02X ", block[i]&0xff)}
- fmt.Printf("\n")
-
- a.End();
-}
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/go/BIG.go
----------------------------------------------------------------------
diff --git a/version22/go/BIG.go b/version22/go/BIG.go
deleted file mode 100644
index 3e0eca5..0000000
--- a/version22/go/BIG.go
+++ /dev/null
@@ -1,850 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL BIG number class */
-
-package main
-
-import "strconv"
-//import "fmt"
-
-
-type BIG struct {
- w [NLEN]Chunk
-}
-
-type DBIG struct {
- w [2*NLEN]Chunk
-}
-
-func (r *BIG) get(i int) Chunk {
- return r.w[i]
-}
-
-func (r *BIG) set(i int,x Chunk) {
- r.w[i]=x
-}
-
-func (r *BIG) xortop(x Chunk) {
- r.w[NLEN-1]^=x
-}
-
-/* calculate Field Excess */
-func EXCESS(a *BIG) Chunk {
- return ((a.w[NLEN-1]&OMASK)>>(MODBITS%BASEBITS))
-}
-
-func FF_EXCESS(a* BIG) Chunk {
- return ((a.w[NLEN-1]&P_OMASK)>>(P_MB))
-}
-
-/* normalise BIG - force all digits < 2^BASEBITS */
-func (r *BIG) norm() Chunk {
- carry:=Chunk(0)
- for i:=0;i<NLEN-1;i++ {
- d:=r.w[i]+carry
- r.w[i]=d&BMASK
- carry=d>>BASEBITS
- }
- r.w[NLEN-1]=(r.w[NLEN-1]+carry)
- return (r.w[NLEN-1]>>((8*MODBYTES)%BASEBITS))
-}
-
-/* Shift right by less than a word */
-func (r *BIG) fshr(k uint) int {
- w:=r.w[0]&((Chunk(1)<<k)-1) /* shifted out part */
- for i:=0;i<NLEN-1;i++ {
- r.w[i]=(r.w[i]>>k)|((r.w[i+1]<<(BASEBITS-k))&BMASK)
- }
- r.w[NLEN-1]=r.w[NLEN-1]>>k
- return int(w)
-}
-
-/* Shift right by less than a word */
-func (r *BIG) fshl(k uint) int {
- r.w[NLEN-1]=((r.w[NLEN-1]<<k))|(r.w[NLEN-2]>>(BASEBITS-k))
- for i:=NLEN-2;i>0;i-- {
- r.w[i]=((r.w[i]<<k)&BMASK)|(r.w[i-1]>>(BASEBITS-k))
- }
- r.w[0]=(r.w[0]<<k)&BMASK
- return int(r.w[NLEN-1]>>((8*MODBYTES)%BASEBITS)) /* return excess - only used in ff.c */
-}
-
-func NewBIG() *BIG {
- b:=new(BIG)
- for i:=0;i<NLEN;i++ {
- b.w[i]=0
- }
- return b
-}
-
-func NewBIGints(x [NLEN]Chunk) *BIG {
- b:=new(BIG)
- for i:=0;i<NLEN;i++ {
- b.w[i]=x[i]
- }
- return b
-}
-
-func NewBIGint(x int) *BIG {
- b:=new(BIG)
- b.w[0]=Chunk(x)
- for i:=1;i<NLEN;i++ {
- b.w[i]=0
- }
- return b
-}
-
-func NewBIGcopy(x *BIG) *BIG {
- b:=new(BIG)
- for i:=0;i<NLEN;i++ {
- b.w[i]=x.w[i]
- }
- return b
-}
-
-func NewBIGdcopy(x *DBIG) *BIG {
- b:=new(BIG)
- for i:=0;i<NLEN;i++ {
- b.w[i]=x.w[i]
- }
- return b
-}
-
-/* test for zero */
-func (r *BIG) iszilch() bool {
- for i:=0;i<NLEN;i++ {
- if r.w[i]!=0 {return false}
- }
- return true;
-}
-
-/* set to zero */
-func (r *BIG) zero() {
- for i:=0;i<NLEN;i++ {
- r.w[i]=0
- }
-}
-
-/* Test for equal to one */
-func (r *BIG) isunity() bool {
- for i:=1;i<NLEN;i++ {
- if r.w[i]!=0 {return false}
- }
- if r.w[0]!=1 {return false}
- return true;
-}
-
-
-/* set to one */
-func (r *BIG) one() {
- r.w[0]=1
- for i:=1;i<NLEN;i++ {
- r.w[i]=0
- }
-}
-
-/* Copy from another BIG */
-func (r *BIG) copy(x *BIG) {
- for i:=0;i<NLEN;i++ {
- r.w[i]=x.w[i]
- }
-}
-
-/* Copy from another DBIG */
-func (r *BIG) dcopy(x *DBIG) {
- for i:=0;i<NLEN;i++ {
- r.w[i]=x.w[i]
- }
-}
-
-/* Conditional swap of two bigs depending on d using XOR - no branches */
-func (r *BIG) cswap(b *BIG,d int) {
- c:=Chunk(d)
- c=^(c-1)
-
- for i:=0;i<NLEN;i++ {
- t:=c&(r.w[i]^b.w[i])
- r.w[i]^=t
- b.w[i]^=t
- }
-}
-
-func (r *BIG) cmove(g *BIG,d int){
- b:=Chunk(-d)
-
- for i:=0;i<NLEN;i++ {
- r.w[i]^=(r.w[i]^g.w[i])&b
- }
-}
-
-/* general shift right */
-func (r *BIG) shr(k uint) {
- n:=(k%BASEBITS)
- m:=int(k/BASEBITS)
- for i:=0;i<NLEN-m-1;i++ {
- r.w[i]=(r.w[m+i]>>n)|((r.w[m+i+1]<<(BASEBITS-n))&BMASK)
- }
- r.w[NLEN-m-1]=r.w[NLEN-1]>>n;
- for i:=NLEN-m;i<NLEN;i++ {r.w[i]=0}
-}
-
-
-/* general shift left */
-func (r *BIG) shl(k uint) {
- n:=k%BASEBITS
- m:=int(k/BASEBITS)
-
- r.w[NLEN-1]=((r.w[NLEN-1-m]<<n))
- if NLEN>=m+2 {r.w[NLEN-1]|=(r.w[NLEN-m-2]>>(BASEBITS-n))}
- for i:=NLEN-2;i>m;i-- {
- r.w[i]=((r.w[i-m]<<n)&BMASK)|(r.w[i-m-1]>>(BASEBITS-n))
- }
- r.w[m]=(r.w[0]<<n)&BMASK;
- for i:=0;i<m;i++ {r.w[i]=0}
-}
-
-/* return number of bits */
-func (r *BIG) nbits() int {
- k:=NLEN-1
- r.norm()
- for (k>=0 && r.w[k]==0) {k--}
- if k<0 {return 0}
- bts:=int(BASEBITS)*k;
- c:=r.w[k];
- for c!=0 {c/=2; bts++}
- return bts
-}
-
-/* Convert to Hex String */
-func (r *BIG) toString() string {
- s:=""
- len:=r.nbits()
-
- if len%4==0 {
- len/=4
- } else {
- len/=4
- len++
-
- }
- MB:=int(MODBYTES*2)
- if len<MB {len=MB}
-
- for i:=len-1;i>=0;i-- {
- b:=NewBIGcopy(r)
-
- b.shr(uint(i*4))
- s+=strconv.FormatInt(int64(b.w[0]&15),16)
- }
- return s
-}
-
-func (r *BIG) add(x *BIG) {
- for i:=0;i<NLEN;i++ {
- r.w[i]=r.w[i]+x.w[i]
- }
-}
-
-/* return this+x */
-func (r *BIG) plus(x *BIG) *BIG {
- s:=new(BIG)
- for i:=0;i<NLEN;i++ {
- s.w[i]=r.w[i]+x.w[i];
- }
- return s;
-}
-
-/* this+=x, where x is int */
-func (r *BIG) inc(x int) {
- r.norm();
- r.w[0]+=Chunk(x);
-}
-
-/* this*=c and catch overflow in DBIG */
-func (r *BIG) pxmul(c int) *DBIG {
- m:=NewDBIG()
- carry:=Chunk(0)
- for j:=0;j<NLEN;j++ {
- carry,m.w[j]=muladd(r.w[j],Chunk(c),carry,m.w[j])
- }
- m.w[NLEN]=carry;
- return m;
-}
-
-/* return this-x */
-func (r *BIG) minus(x *BIG) *BIG {
- d:=new(BIG)
- for i:=0;i<NLEN;i++ {
- d.w[i]=r.w[i]-x.w[i]
- }
- return d;
-}
-
-/* this-=x */
-func (r *BIG) sub(x *BIG) {
- for i:=0;i<NLEN;i++ {
- r.w[i]=r.w[i]-x.w[i]
- }
-}
-
-/* reverse subtract this=x-this */
-func (r *BIG) rsub(x *BIG) {
- for i:=0;i<NLEN;i++ {
- r.w[i]=x.w[i]-r.w[i]
- }
-}
-
-/* this-=x, where x is int */
-func (r *BIG) dec(x int) {
- r.norm();
- r.w[0]-=Chunk(x)
-}
-
-/* this*=x, where x is small int<NEXCESS */
-func (r *BIG) imul(c int) {
- for i:=0;i<NLEN;i++{
- r.w[i]*=Chunk(c)
- }
-}
-
-/* this*=x, where x is >NEXCESS */
-func (r *BIG) pmul(c int) Chunk {
- carry:=Chunk(0)
- r.norm();
- for i:=0;i<NLEN;i++ {
- ak:=r.w[i]
- r.w[i]=0
- carry,r.w[i]=muladd(ak,Chunk(c),carry,r.w[i])
- }
- return carry
-}
-
-/* convert this BIG to byte array */
-func (r *BIG) tobytearray(b []byte,n int) {
- r.norm();
- c:=NewBIGcopy(r)
-
- for i:=int(MODBYTES)-1;i>=0;i-- {
- b[i+n]=byte(c.w[0])
- c.fshr(8)
- }
-}
-
-/* convert from byte array to BIG */
-func frombytearray(b []byte,n int) *BIG {
- m:=NewBIG();
- for i:=0;i<int(MODBYTES);i++ {
- m.fshl(8); m.w[0]+=Chunk(int(b[i+n]&0xff))
- }
- return m
-}
-
-func (r *BIG) toBytes(b []byte) {
- r.tobytearray(b,0)
-}
-
-func fromBytes(b []byte) *BIG {
- return frombytearray(b,0)
-}
-
-/* divide by 3 */
-func (r *BIG) div3() int {
- carry:=Chunk(0)
- r.norm();
- base:=(Chunk(1)<<BASEBITS)
- for i:=NLEN-1;i>=0;i-- {
- ak:=(carry*base+r.w[i])
- r.w[i]=ak/3;
- carry=ak%3;
- }
- return int(carry)
-}
-
-/* return a*b where result fits in a BIG */
-func smul(a *BIG,b *BIG) *BIG {
- carry:=Chunk(0)
- c:=NewBIG()
- for i:=0;i<NLEN;i++ {
- carry=0;
- for j:=0;j<NLEN;j++ {
- if i+j<NLEN {
- carry,c.w[i+j]=muladd(a.w[i],b.w[j],carry,c.w[i+j])
- //carry=c.muladd(a.w[i],b.w[j],carry,i+j)
- }
- }
- }
- return c;
-}
-
-/* reduce a DBIG to a BIG using the appropriate form of the modulus */
-func mod(d *DBIG) *BIG {
- if MODTYPE==PSEUDO_MERSENNE {
- t:=d.split(MODBITS)
- b:=NewBIGdcopy(d)
-
- v:=t.pmul(int(MConst))
- tw:=t.w[NLEN-1]
- t.w[NLEN-1]&=TMASK
- t.w[0]+=(MConst*((tw>>TBITS)+(v<<(BASEBITS-TBITS))))
-
- b.add(t)
- b.norm()
- return b
- }
- if MODTYPE==MONTGOMERY_FRIENDLY {
- for i:=0;i<NLEN;i++ {
- top,bot:=muladd(d.w[i],MConst-1,d.w[i],d.w[NLEN+i-1])
- d.w[NLEN+i-1]=bot
- d.w[NLEN+i]+=top
- //d.w[NLEN+i]+=d.muladd(d.w[i],MConst-1,d.w[i],NLEN+i-1)
- }
- b:=NewBIG()
-
- for i:=0;i<NLEN;i++ {
- b.w[i]=d.w[NLEN+i]
- }
- b.norm()
- return b
- }
-
- if MODTYPE==GENERALISED_MERSENNE { // GoldiLocks only
- t:=d.split(MODBITS)
- b:=NewBIGdcopy(d)
- b.add(t);
- dd:=NewDBIGscopy(t)
- dd.shl(MODBITS/2)
-
- tt:=dd.split(MODBITS)
- lo:=NewBIGdcopy(dd)
- b.add(tt)
- b.add(lo)
- b.norm()
- tt.shl(MODBITS/2)
- b.add(tt)
-
- carry:=b.w[NLEN-1]>>TBITS
- b.w[NLEN-1]&=TMASK
- b.w[0]+=carry
-
- b.w[224/BASEBITS]+=carry<<(224%BASEBITS);
- b.norm()
- return b
- }
-
- if MODTYPE==NOT_SPECIAL {
- md:=NewBIGints(Modulus)
- return monty(md,MConst,d)
- }
- return NewBIG()
-}
-
-/* Compare a and b, return 0 if a==b, -1 if a<b, +1 if a>b. Inputs must be normalised */
-func comp(a *BIG,b *BIG) int {
- for i:=NLEN-1;i>=0;i-- {
- if a.w[i]==b.w[i] {continue}
- if a.w[i]>b.w[i] {
- return 1
- } else {return -1}
- }
- return 0
-}
-
-/* return parity */
-func (r *BIG) parity() int {
- return int(r.w[0]%2)
-}
-
-/* return n-th bit */
-func (r *BIG) bit(n int) int {
- if (r.w[n/int(BASEBITS)]&(Chunk(1)<<(uint(n)%BASEBITS)))>0 {return 1}
- return 0;
-}
-
-/* return n last bits */
-func (r *BIG) lastbits(n int) int {
- msk:=(1<<uint(n))-1;
- r.norm();
- return (int(r.w[0]))&msk
-}
-
-
-/* set x = x mod 2^m */
-func (r *BIG) mod2m(m uint) {
- wd:=int(m/BASEBITS)
- bt:=m%BASEBITS
- msk:=(Chunk(1)<<bt)-1
- r.w[wd]&=msk
- for i:=wd+1;i<NLEN;i++ {r.w[i]=0}
-}
-
-/* Arazi and Qi inversion mod 256 */
-func invmod256(a int) int {
- var t1 int=0
- c:=(a>>1)&1
- t1+=c
- t1&=1
- t1=2-t1
- t1<<=1
- U:=t1+1;
-
-// i=2
- b:=a&3;
- t1=U*b; t1>>=2
- c=(a>>2)&3
- t2:=(U*c)&3
- t1+=t2;
- t1*=U; t1&=3
- t1=4-t1
- t1<<=2
- U+=t1
-
-// i=4
- b=a&15
- t1=U*b; t1>>=4
- c=(a>>4)&15
- t2=(U*c)&15
- t1+=t2
- t1*=U; t1&=15
- t1=16-t1
- t1<<=4
- U+=t1
-
- return U;
-}
-
-/* a=1/a mod 2^256. This is very fast! */
-func (r *BIG) invmod2m() {
- U:=NewBIG()
- b:=NewBIG()
- c:=NewBIG()
-
- U.inc(invmod256(r.lastbits(8)))
-
- for i:=8;i<BIGBITS;i<<=1 {
- ui:=uint(i);
- b.copy(r); b.mod2m(ui)
- t1:=smul(U,b); t1.shr(ui)
- c.copy(r); c.shr(ui); c.mod2m(ui)
-
- t2:=smul(U,c); t2.mod2m(ui)
- t1.add(t2)
- b=smul(t1,U); t1.copy(b)
- t1.mod2m(ui);
-
- t2.one(); t2.shl(ui); t1.rsub(t2); t1.norm()
- t1.shl(ui);
- U.add(t1);
- }
- U.mod2m(8*MODBYTES)
- r.copy(U)
- r.norm()
-}
-
-/* reduce this mod m */
-func (r *BIG) mod(m *BIG) {
- sr:=NewBIG()
- r.norm()
- if comp(r,m)<0 {return}
-
- m.fshl(1); k:=1
-
- for comp(r,m)>=0 {
- m.fshl(1)
- k++;
- }
-
- for k>0 {
- m.fshr(1);
-
- sr.copy(r)
- sr.sub(m)
- sr.norm()
- r.cmove(sr,int(1-((sr.w[NLEN-1]>>uint(CHUNK-1))&1)));
-/*
- if comp(r,m)>=0 {
- r.sub(m)
- r.norm()
- } */
- k--;
- }
-}
-
-/* divide this by m */
-func (r *BIG) div(m *BIG) {
- var d int
- k:=0
- r.norm();
- sr:=NewBIG();
- e:=NewBIGint(1)
- b:=NewBIGcopy(r)
- r.zero();
-
- for (comp(b,m)>=0) {
- e.fshl(1)
- m.fshl(1)
- k++
- }
-
- for k>0 {
- m.fshr(1)
- e.fshr(1)
-
- sr.copy(b);
- sr.sub(m);
- sr.norm();
- d=int(1-((sr.w[NLEN-1]>>uint(CHUNK-1))&1));
- b.cmove(sr,d);
- sr.copy(r);
- sr.add(e);
- sr.norm();
- r.cmove(sr,d);
-/*
- if comp(b,m)>=0 {
- r.add(e)
- r.norm()
- b.sub(m)
- b.norm()
- } */
- k--
- }
-}
-
-/* get 8*MODBYTES size random number */
-func random(rng *RAND) *BIG {
- m:=NewBIG()
- var j int=0
- var r byte=0
-/* generate random BIG */
- for i:=0;i<8*int(MODBYTES);i++ {
- if j==0 {
- r=rng.GetByte()
- } else {r>>=1}
-
- b:=Chunk(int(r&1))
- m.shl(1); m.w[0]+=b// m.inc(b)
- j++; j&=7;
- }
- return m;
-}
-
-/* Create random BIG in portable way, one bit at a time */
-func randomnum(q *BIG,rng *RAND) *BIG {
- d:=NewDBIG();
- var j int=0
- var r byte=0
- for i:=0;i<2*int(MODBITS);i++ {
- if (j==0) {
- r=rng.GetByte();
- } else {r>>=1}
-
- b:=Chunk(int(r&1))
- d.shl(1); d.w[0]+=b// m.inc(b);
- j++; j&=7
- }
- m:=d.mod(q)
- return m;
-}
-
-
-/* return NAF value as +/- 1, 3 or 5. x and x3 should be normed.
-nbs is number of bits processed, and nzs is number of trailing 0s detected */
-/*
-func nafbits(x *BIG,x3 *BIG ,i int) [3]int {
- var n [3]int
- var j int
- nb:=x3.bit(i)-x.bit(i)
-
-
- n[1]=1
- n[0]=0
- if nb==0 {n[0]=0; return n}
- if i==0 {n[0]=nb; return n}
- if nb>0 {
- n[0]=1;
- } else {n[0]=(-1)}
-
- for j=i-1;j>0;j-- {
- n[1]++
- n[0]*=2
- nb=x3.bit(j)-x.bit(j)
- if nb>0 {n[0]+=1}
- if nb<0 {n[0]-=1}
- if (n[0]>5 || n[0] < -5) {break}
- }
-
- if n[0]%2!=0 && j!=0 { // backtrack
- if nb>0 {n[0]=(n[0]-1)/2}
- if nb<0 {n[0]=(n[0]+1)/2}
- n[1]--
- }
- for n[0]%2==0 { // remove trailing zeros
- n[0]/=2
- n[2]++
- n[1]--
- }
- return n;
-}
-*/
-
-/* return a*b mod m */
-func modmul(a,b,m *BIG) *BIG {
- a.mod(m)
- b.mod(m)
- d:=mul(a,b);
- return d.mod(m)
-}
-
-/* return a^2 mod m */
-func modsqr(a,m *BIG) *BIG {
- a.mod(m)
- d:=sqr(a)
- return d.mod(m)
-}
-
-/* return -a mod m */
-func modneg(a,m *BIG) *BIG {
- a.mod(m)
- return m.minus(a)
-}
-
-/* Jacobi Symbol (this/p). Returns 0, 1 or -1 */
-func (r *BIG) jacobi(p *BIG) int {
- m:=0;
- t:=NewBIGint(0)
- x:=NewBIGint(0)
- n:=NewBIGint(0)
- zilch:=NewBIGint(0)
- one:=NewBIGint(1)
- if (p.parity()==0 || comp(r,zilch)==0 || comp(p,one)<=0) {return 0}
- r.norm()
- x.copy(r)
- n.copy(p)
- x.mod(p)
-
- for comp(n,one)>0 {
- if comp(x,zilch)==0 {return 0}
- n8:=n.lastbits(3)
- k:=0
- for x.parity()==0 {
- k++
- x.shr(1)
- }
- if k%2==1 {m+=(n8*n8-1)/8}
- m+=(n8-1)*(x.lastbits(2)-1)/4
- t.copy(n)
- t.mod(x)
- n.copy(x)
- x.copy(t)
- m%=2
-
- }
- if m==0 {return 1}
- return -1
-}
-
-/* this=1/this mod p. Binary method */
-func (r *BIG) invmodp(p *BIG) {
- r.mod(p)
- u:=NewBIGcopy(r)
-
- v:=NewBIGcopy(p)
- x1:=NewBIGint(1)
- x2:=NewBIGint(0)
- t:=NewBIGint(0)
- one:=NewBIGint(1)
- for (comp(u,one)!=0 && comp(v,one)!=0) {
- for u.parity()==0 {
- u.shr(1);
- if x1.parity()!=0 {
- x1.add(p)
- x1.norm()
- }
- x1.shr(1)
- }
- for v.parity()==0 {
- v.shr(1);
- if x2.parity()!=0 {
- x2.add(p)
- x2.norm()
- }
- x2.shr(1)
- }
- if comp(u,v)>=0 {
- u.sub(v)
- u.norm()
- if comp(x1,x2)>=0 {
- x1.sub(x2)
- } else {
- t.copy(p)
- t.sub(x2)
- x1.add(t)
- }
- x1.norm()
- } else {
- v.sub(u)
- v.norm()
- if comp(x2,x1)>=0 {
- x2.sub(x1)
- } else {
- t.copy(p)
- t.sub(x1)
- x2.add(t)
- }
- x2.norm()
- }
- }
- if comp(u,one)==0 {
- r.copy(x1)
- } else {r.copy(x2)}
-}
-
-/* return this^e mod m */
-func (r *BIG) powmod(e *BIG,m *BIG) *BIG {
- r.norm()
- e.norm()
- a:=NewBIGint(1)
- z:=NewBIGcopy(e)
- s:=NewBIGcopy(r)
- for true {
- bt:=z.parity()
- z.fshr(1)
- if bt==1 {a=modmul(a,s,m)}
- if z.iszilch() {break}
- s=modsqr(s,m)
- }
- return a;
-}
-/*
-func main() {
- a := NewBIGint(3)
- m := NewBIGints(Modulus)
-
- fmt.Printf("Modulus= "+m.toString())
- fmt.Printf("\n")
-
-
- e := NewBIGcopy(m);
- e.dec(1); e.norm();
- fmt.Printf("Exponent= "+e.toString())
- fmt.Printf("\n")
- a=a.powmod(e,m);
- fmt.Printf("Result= "+a.toString())
-}
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/go/BenchtestEC.go
----------------------------------------------------------------------
diff --git a/version22/go/BenchtestEC.go b/version22/go/BenchtestEC.go
deleted file mode 100644
index 86510c0..0000000
--- a/version22/go/BenchtestEC.go
+++ /dev/null
@@ -1,154 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Test and benchmark elliptic curve and RSA functions */
-
-package main
-
-import "fmt"
-
-import "time"
-
-const MIN_TIME int=10
-const MIN_ITERS int=10
-
-func main() {
-
- var RAW [100]byte
- var P [RSA_RFS]byte
- var M [RSA_RFS]byte
- var C [RSA_RFS]byte
-
- rng:=NewRAND()
-
- rng.Clean();
- for i:=0;i<100;i++ {RAW[i]=byte(i)}
-
- rng.Seed(100,RAW[:])
-
- pub:=New_rsa_public_key(FFLEN)
- priv:=New_rsa_private_key(HFLEN)
-
- if CURVETYPE==WEIERSTRASS {
- fmt.Printf("Weierstrass parameterization\n")
- }
- if CURVETYPE==EDWARDS {
- fmt.Printf("Edwards parameterization\n")
- }
- if CURVETYPE==MONTGOMERY {
- fmt.Printf("Montgomery parameterization\n")
- }
-
- if MODTYPE==PSEUDO_MERSENNE {
- fmt.Printf("Pseudo-Mersenne Modulus\n")
- }
- if MODTYPE==MONTGOMERY_FRIENDLY {
- fmt.Printf("Montgomery friendly Modulus\n")
- }
- if MODTYPE==GENERALISED_MERSENNE {
- fmt.Printf("Generalised-Mersenne Modulus\n")
- }
- if MODTYPE==NOT_SPECIAL {
- fmt.Printf("Not special Modulus\n")
- }
-
- fmt.Printf("Modulus size %d bits\n",MODBITS)
- fmt.Printf("%d bit build\n",CHUNK)
-
- var s *BIG
- var G *ECP
-
- gx:=NewBIGints(CURVE_Gx)
- if CURVETYPE!=MONTGOMERY {
- gy:=NewBIGints(CURVE_Gy)
- G=NewECPbigs(gx,gy)
- } else {
- G=NewECPbig(gx)
- }
-
- r:=NewBIGints(CURVE_Order)
- s=randomnum(r,rng)
-
- WP:=G.mul(r)
- if !WP.is_infinity() {
- fmt.Printf("FAILURE - rG!=O\n")
- return
- }
-
- start := time.Now()
- iterations:=0
- elapsed:=time.Since(start)
- for (int(elapsed/time.Second))<MIN_TIME || iterations<MIN_ITERS {
- WP=G.mul(s)
- iterations++
- elapsed=time.Since(start)
- }
- dur:=float64(elapsed/time.Millisecond)/float64(iterations)
- fmt.Printf("EC mul - %8d iterations ",iterations)
- fmt.Printf(" %8.2f ms per iteration\n",dur)
-
- fmt.Printf("Generating %d-bit RSA public/private key pair\n",FFLEN*BIGBITS);
-
- start = time.Now()
- iterations=0
- elapsed=time.Since(start)
- for (int(elapsed/time.Second))<MIN_TIME || iterations<MIN_ITERS {
- RSA_KEY_PAIR(rng,65537,priv,pub)
- iterations++
- elapsed=time.Since(start)
- }
- dur=float64(elapsed/time.Millisecond)/float64(iterations)
- fmt.Printf("RSA gen - %8d iterations ",iterations)
- fmt.Printf(" %8.2f ms per iteration\n",dur)
-
- for i:=0;i<RSA_RFS;i++ {M[i]=byte(i%128)};
-
- start = time.Now()
- iterations=0
- elapsed=time.Since(start)
- for (int(elapsed/time.Second))<MIN_TIME || iterations<MIN_ITERS {
- RSA_ENCRYPT(pub,M[:],C[:])
- iterations++
- elapsed=time.Since(start)
- }
- dur=float64(elapsed/time.Millisecond)/float64(iterations)
- fmt.Printf("RSA enc - %8d iterations ",iterations)
- fmt.Printf(" %8.2f ms per iteration\n",dur)
-
- start = time.Now()
- iterations=0
- elapsed=time.Since(start)
- for (int(elapsed/time.Second))<MIN_TIME || iterations<MIN_ITERS {
- RSA_DECRYPT(priv,C[:],P[:])
- iterations++
- elapsed=time.Since(start)
- }
- dur=float64(elapsed/time.Millisecond)/float64(iterations)
- fmt.Printf("RSA dec - %8d iterations ",iterations)
- fmt.Printf(" %8.2f ms per iteration\n",dur)
-
- for i:=0;i<RSA_RFS;i++ {
- if (P[i]!=M[i]) {
- fmt.Printf("FAILURE - RSA decryption\n")
- return
- }
- }
-
- fmt.Printf("All tests pass\n")
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/go/BenchtestPAIR.go
----------------------------------------------------------------------
diff --git a/version22/go/BenchtestPAIR.go b/version22/go/BenchtestPAIR.go
deleted file mode 100644
index bb1f710..0000000
--- a/version22/go/BenchtestPAIR.go
+++ /dev/null
@@ -1,206 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Test and benchmark elliptic curve and RSA functions */
-
-package main
-
-import "fmt"
-
-import "time"
-
-const MIN_TIME int=10
-const MIN_ITERS int=10
-
-func main() {
- var RAW [100]byte
-
- rng:=NewRAND()
-
- rng.Clean();
- for i:=0;i<100;i++ {RAW[i]=byte(i)}
-
- rng.Seed(100,RAW[:])
-
- if CURVE_PAIRING_TYPE==BN_CURVE {
- fmt.Printf("BN Pairing-Friendly Curve\n")
- }
- if CURVE_PAIRING_TYPE==BLS_CURVE {
- fmt.Printf("BLS Pairing-Friendly Curve\n")
- }
-
- fmt.Printf("Modulus size %d bits\n",MODBITS)
- fmt.Printf("%d bit build\n",CHUNK)
-
- G:=NewECPbigs(NewBIGints(CURVE_Gx),NewBIGints(CURVE_Gy))
- r:=NewBIGints(CURVE_Order)
- s:=randomnum(r,rng)
-
- P:=G1mul(G,r)
-
- if !P.is_infinity() {
- fmt.Printf("FAILURE - rP!=O\n");
- return;
- }
-
- start := time.Now()
- iterations:=0
- elapsed:=time.Since(start)
- for (int(elapsed/time.Second))<MIN_TIME || iterations<MIN_ITERS {
- P=G1mul(G,s)
- iterations++
- elapsed=time.Since(start)
- }
- dur:=float64(elapsed/time.Millisecond)/float64(iterations)
- fmt.Printf("G1 mul - %8d iterations ",iterations)
- fmt.Printf(" %8.2f ms per iteration\n",dur)
-
- Q:=NewECP2fp2s(NewFP2bigs(NewBIGints(CURVE_Pxa),NewBIGints(CURVE_Pxb)),NewFP2bigs(NewBIGints(CURVE_Pya),NewBIGints(CURVE_Pyb)))
- W:=G2mul(Q,r)
-
- if !W.is_infinity() {
- fmt.Printf("FAILURE - rQ!=O\n");
- return;
- }
-
- start = time.Now()
- iterations=0
- elapsed=time.Since(start)
- for (int(elapsed/time.Second))<MIN_TIME || iterations<MIN_ITERS {
- W=G2mul(Q,s)
- iterations++
- elapsed=time.Since(start)
- }
- dur=float64(elapsed/time.Millisecond)/float64(iterations)
- fmt.Printf("G2 mul - %8d iterations ",iterations)
- fmt.Printf(" %8.2f ms per iteration\n",dur)
-
- w:=ate(Q,P)
- w=fexp(w)
-
- g:=GTpow(w,r)
-
- if !g.isunity() {
- fmt.Printf("FAILURE - g^r!=1\n");
- return;
- }
-
- start = time.Now()
- iterations=0
- elapsed=time.Since(start)
- for (int(elapsed/time.Second))<MIN_TIME || iterations<MIN_ITERS {
- g=GTpow(w,s)
- iterations++
- elapsed=time.Since(start)
- }
- dur=float64(elapsed/time.Millisecond)/float64(iterations)
- fmt.Printf("GT pow - %8d iterations ",iterations)
- fmt.Printf(" %8.2f ms per iteration\n",dur)
-
- f:=NewFP2bigs(NewBIGints(CURVE_Fra),NewBIGints(CURVE_Frb))
- q:=NewBIGints(Modulus)
-
- m:=NewBIGcopy(q)
- m.mod(r)
-
- a:=NewBIGcopy(s)
- a.mod(m)
-
- b:=NewBIGcopy(s)
- b.div(m)
-
- g.copy(w)
- c:=g.trace()
-
- g.frob(f)
- cp:=g.trace()
-
- w.conj()
- g.mul(w)
- cpm1:=g.trace()
- g.mul(w)
- cpm2:=g.trace()
-
- start = time.Now()
- iterations=0
- elapsed=time.Since(start)
- for (int(elapsed/time.Second))<MIN_TIME || iterations<MIN_ITERS {
- c=c.xtr_pow2(cp,cpm1,cpm2,a,b)
- iterations++
- elapsed=time.Since(start)
- }
- dur=float64(elapsed/time.Millisecond)/float64(iterations)
- fmt.Printf("GT pow (compressed) - %8d iterations ",iterations)
- fmt.Printf(" %8.2f ms per iteration\n",dur)
-
- start = time.Now()
- iterations=0
- elapsed=time.Since(start)
- for (int(elapsed/time.Second))<MIN_TIME || iterations<MIN_ITERS {
- w=ate(Q,P)
- iterations++
- elapsed=time.Since(start)
- }
- dur=float64(elapsed/time.Millisecond)/float64(iterations)
- fmt.Printf("PAIRing ATE - %8d iterations ",iterations)
- fmt.Printf(" %8.2f ms per iteration\n",dur)
-
- start = time.Now()
- iterations=0
- elapsed=time.Since(start)
- for (int(elapsed/time.Second))<MIN_TIME || iterations<MIN_ITERS {
- g=fexp(w)
- iterations++
- elapsed=time.Since(start)
- }
- dur=float64(elapsed/time.Millisecond)/float64(iterations)
- fmt.Printf("PAIRing FEXP - %8d iterations ",iterations)
- fmt.Printf(" %8.2f ms per iteration\n",dur)
-
- P.copy(G)
- Q.copy(W)
-
- P=G1mul(P,s)
-
- g=ate(Q,P)
- g=fexp(g)
-
- P.copy(G)
- Q=G2mul(Q,s)
-
- w=ate(Q,P)
- w=fexp(w)
-
- if !g.equals(w) {
- fmt.Printf("FAILURE - e(sQ,p)!=e(Q,sP) \n")
- return
- }
-
- Q.copy(W);
- g=ate(Q,P)
- g=fexp(g)
- g=GTpow(g,s)
-
- if !g.equals(w) {
- fmt.Printf("FAILURE - e(sQ,p)!=e(Q,P)^s \n")
- return
- }
-
- fmt.Printf("All tests pass\n")
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/go/DBIG.go
----------------------------------------------------------------------
diff --git a/version22/go/DBIG.go b/version22/go/DBIG.go
deleted file mode 100644
index b58b0c0..0000000
--- a/version22/go/DBIG.go
+++ /dev/null
@@ -1,256 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* MiotCL double length DBIG number class */
-
-
-package main
-
-import "strconv"
-//import "fmt"
-
-func NewDBIG() *DBIG {
- b:=new(DBIG)
- for i:=0;i<DNLEN;i++ {
- b.w[i]=0
- }
- return b
-}
-
-func NewDBIGcopy(x *DBIG) *DBIG {
- b:=new(DBIG)
- for i:=0;i<DNLEN;i++ {
- b.w[i]=x.w[i]
- }
- return b
-}
-
-func NewDBIGscopy(x *BIG) *DBIG {
- b:=new(DBIG)
- for i:=0;i<NLEN-1;i++ {
- b.w[i]=x.w[i]
- }
- b.w[NLEN-1]=x.get(NLEN-1)&BMASK /* top word normalized */
- b.w[NLEN]=x.get(NLEN-1)>>BASEBITS
-
- for i:=NLEN+1;i<DNLEN;i++ {b.w[i]=0}
- return b
-}
-
-/* normalise this */
-func (r *DBIG) norm() {
- carry:=Chunk(0)
- for i:=0;i<DNLEN-1;i++ {
- d:=r.w[i]+carry
- r.w[i]=d&BMASK
- carry=d>>BASEBITS
- }
- r.w[DNLEN-1]=(r.w[DNLEN-1]+carry)
-}
-
-/* split DBIG at position n, return higher half, keep lower half */
-func (r *DBIG) split(n uint) *BIG {
- t:=NewBIG()
- m:=n%BASEBITS;
- carry:=r.w[DNLEN-1]<<(BASEBITS-m)
-
- for i:=DNLEN-2;i>=NLEN-1;i-- {
- nw:=(r.w[i]>>m)|carry;
- carry=(r.w[i]<<(BASEBITS-m))&BMASK;
- t.set(i-NLEN+1,nw);
- }
- r.w[NLEN-1]&=((Chunk(1)<<m)-1)
- return t;
-}
-
-func (r *DBIG) cmove(g *DBIG,d int){
- var b=Chunk(-d)
-
- for i:=0;i<DNLEN;i++ {
- r.w[i]^=(r.w[i]^g.w[i])&b
- }
-}
-
-/* Compare a and b, return 0 if a==b, -1 if a<b, +1 if a>b. Inputs must be normalised */
-func dcomp(a *DBIG,b *DBIG) int {
- for i:=DNLEN-1;i>=0;i-- {
- if a.w[i]==b.w[i] {continue}
- if a.w[i]>b.w[i] {
- return 1
- } else {return -1}
- }
- return 0
-}
-
-/* Copy from another BIG */
-func (r *DBIG) copy(x *DBIG) {
- for i:=0;i<DNLEN;i++ {
- r.w[i]=x.w[i]
- }
-}
-
-func (r *DBIG) add(x *DBIG) {
- for i:=0;i<DNLEN;i++ {
- r.w[i]=r.w[i]+x.w[i]
- }
-}
-
-/* this-=x */
-func (r *DBIG) sub(x *DBIG) {
- for i:=0;i<DNLEN;i++ {
- r.w[i]=r.w[i]-x.w[i]
- }
-}
-
-/* general shift left */
-func (r *DBIG) shl(k uint) {
- n:=k%BASEBITS
- m:=int(k/BASEBITS)
-
- r.w[DNLEN-1]=((r.w[DNLEN-1-m]<<n))|(r.w[DNLEN-m-2]>>(BASEBITS-n))
- for i:=DNLEN-2;i>m;i-- {
- r.w[i]=((r.w[i-m]<<n)&BMASK)|(r.w[i-m-1]>>(BASEBITS-n))
- }
- r.w[m]=(r.w[0]<<n)&BMASK;
- for i:=0;i<m;i++ {r.w[i]=0}
-}
-
-/* general shift right */
-func (r *DBIG) shr(k uint) {
- n:=(k%BASEBITS)
- m:=int(k/BASEBITS)
- for i:=0;i<DNLEN-m-1;i++ {
- r.w[i]=(r.w[m+i]>>n)|((r.w[m+i+1]<<(BASEBITS-n))&BMASK)
- }
- r.w[DNLEN-m-1]=r.w[DNLEN-1]>>n;
- for i:=DNLEN-m;i<DNLEN;i++ {r.w[i]=0}
-}
-
-/* reduces this DBIG mod a BIG, and returns the BIG */
-func (r *DBIG) mod(c *BIG) *BIG {
- r.norm()
- m:=NewDBIGscopy(c)
- dr:=NewDBIG();
-
- if dcomp(r,m)<0 {
- return NewBIGdcopy(r)
- }
-
- m.shl(1);
- k:=1;
-
- for dcomp(r,m)>=0 {
- m.shl(1);
- k++;
- }
-
- for k>0 {
- m.shr(1);
-
- dr.copy(r);
- dr.sub(m);
- dr.norm();
- r.cmove(dr,int(1-((dr.w[DNLEN-1]>>uint(CHUNK-1))&1)));
-/*
- if dcomp(r,m)>=0 {
- r.sub(m);
- r.norm();
- } */
- k--;
- }
- return NewBIGdcopy(r)
-}
-
-/* return this/c */
-func (r *DBIG) div(c *BIG) *BIG {
- var d int
- k:=0
- m:=NewDBIGscopy(c)
- a:=NewBIGint(0)
- e:=NewBIGint(1)
- sr:=NewBIG()
- dr:=NewDBIG()
- r.norm()
-
- for dcomp(r,m)>=0 {
- e.fshl(1)
- m.shl(1)
- k++
- }
-
- for k>0 {
- m.shr(1)
- e.shr(1)
-
- dr.copy(r);
- dr.sub(m);
- dr.norm();
- d=int(1-((dr.w[DNLEN-1]>>uint(CHUNK-1))&1));
- r.cmove(dr,d);
- sr.copy(a);
- sr.add(e);
- sr.norm();
- a.cmove(sr,d);
-
-/*
- if dcomp(r,m)>0 {
- a.add(e)
- a.norm()
- r.sub(m)
- r.norm()
- } */
- k--
- }
- return a
-}
-
-/* Convert to Hex String */
-func (r *DBIG) toString() string {
- s:=""
- len:=r.nbits()
-
- if len%4==0 {
- len/=4
- } else {
- len/=4
- len++
-
- }
-
- for i:=len-1;i>=0;i-- {
- b:=NewDBIGcopy(r)
-
- b.shr(uint(i*4))
- s+=strconv.FormatInt(int64(b.w[0]&15),16)
- }
- return s
-}
-
-/* return number of bits */
-func (r *DBIG) nbits() int {
- k:=DNLEN-1
- r.norm()
- for (k>=0 && r.w[k]==0) {k--}
- if k<0 {return 0}
- bts:=int(BASEBITS)*k;
- c:=r.w[k];
- for c!=0 {c/=2; bts++}
- return bts
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/go/ECDH.go
----------------------------------------------------------------------
diff --git a/version22/go/ECDH.go b/version22/go/ECDH.go
deleted file mode 100644
index 9656113..0000000
--- a/version22/go/ECDH.go
+++ /dev/null
@@ -1,547 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Elliptic Curve API high-level functions */
-
-package main
-
-//import "fmt"
-
-const ECDH_INVALID_PUBLIC_KEY int=-2
-const ECDH_ERROR int=-3
-const ECDH_INVALID int=-4
-const ECDH_EFS int=int(MODBYTES)
-const ECDH_EGS int=int(MODBYTES)
-const ECDH_EAS int=16
-const ECDH_EBS int=16
-const ECDH_SHA256 int=32
-const ECDH_SHA384 int=48
-const ECDH_SHA512 int=64
-
-const ECDH_HASH_TYPE int=ECDH_SHA512
-
-/* Convert Integer to n-byte array */
-func inttoBytes(n int,len int) []byte {
- var b []byte
- var i int
- for i=0;i<len;i++ {b=append(b,0)}
- i=len
- for (n>0 && i>0) {
- i--;
- b[i]=byte(n&0xff)
- n/=256
- }
- return b
-}
-
-func ehashit(sha int,A []byte,n int,B []byte,pad int) []byte {
- var R []byte
- if sha==ECDH_SHA256 {
- H:=NewHASH256()
- H.Process_array(A)
- if n>0 {H.Process_num(int32(n))}
- if B!=nil {H.Process_array(B)}
- R=H.Hash()
- }
- if sha==ECDH_SHA384 {
- H:=NewHASH384()
- H.Process_array(A)
- if n>0 {H.Process_num(int32(n))}
- if B!=nil {H.Process_array(B)}
- R=H.Hash()
- }
- if sha==ECDH_SHA512 {
- H:=NewHASH512()
- H.Process_array(A)
- if n>0 {H.Process_num(int32(n))}
- if B!=nil {H.Process_array(B)}
- R=H.Hash()
- }
- if R==nil {return nil}
-
- if pad==0 {return R}
- var W []byte
- for i:=0;i<pad;i++ {W=append(W,0)}
- if pad<=sha {
- for i:=0;i<pad;i++ {W[i]=R[i]}
- } else {
- for i:=0;i<sha;i++ {W[i]=R[i]}
- for i:=sha;i<pad;i++ {W[i]=0}
- }
- return W
-}
-
-/* Key Derivation Functions */
-/* Input octet Z */
-/* Output key of length olen */
-func KDF1(sha int,Z []byte,olen int) []byte {
-/* NOTE: the parameter olen is the length of the output K in bytes */
- hlen:=sha
- var K []byte
- k:=0
-
- for i:=0;i<olen;i++ {K=append(K,0)}
-
- cthreshold:=olen/hlen; if olen%hlen!=0 {cthreshold++}
-
- for counter:=0;counter<cthreshold;counter++ {
- B:=ehashit(sha,Z,counter,nil,0)
- if k+hlen>olen {
- for i:=0;i<olen%hlen;i++ {K[k]=B[i]; k++}
- } else {
- for i:=0;i<hlen;i++ {K[k]=B[i]; k++}
- }
- }
- return K;
-}
-
-func KDF2(sha int,Z []byte,P []byte,olen int) []byte {
-/* NOTE: the parameter olen is the length of the output k in bytes */
- hlen:=sha
- var K []byte
- k:=0
-
- for i:=0;i<olen;i++ {K=append(K,0)}
-
- cthreshold:=olen/hlen; if olen%hlen!=0 {cthreshold++}
-
- for counter:=1;counter<=cthreshold;counter++ {
- B:=ehashit(sha,Z,counter,P,0)
- if k+hlen>olen {
- for i:=0;i<olen%hlen;i++ {K[k]=B[i]; k++}
- } else {
- for i:=0;i<hlen;i++ {K[k]=B[i]; k++}
- }
- }
- return K
-}
-
-/* Password based Key Derivation Function */
-/* Input password p, salt s, and repeat count */
-/* Output key of length olen */
-func PBKDF2(sha int,Pass []byte,Salt []byte,rep int,olen int) []byte {
- d:=olen/sha; if olen%sha!=0 {d++}
-
- var F []byte
- var U []byte
- var S []byte
- var K []byte
-
- for i:=0;i<sha;i++{F=append(F,0); U=append(U,0)}
-
- for i:=1;i<=d;i++ {
- for j:=0;j<len(Salt);j++ {S=append(S,Salt[j])}
- N:=inttoBytes(i,4)
- for j:=0;j<4;j++ {S=append(S,N[j])}
-
- HMAC(sha,S,Pass,F[:])
-
- for j:=0;j<sha;j++ {U[j]=F[j]}
- for j:=2;j<=rep;j++ {
- HMAC(sha,U[:],Pass,U[:]);
- for k:=0;k<sha;k++ {F[k]^=U[k]}
- }
- for j:=0;j<sha;j++ {K=append(K,F[j])}
- }
- var key []byte
- for i:=0;i<olen;i++ {key=append(key,K[i])}
- return key
-}
-
-/* Calculate HMAC of m using key k. HMAC is tag of length olen (which is length of tag) */
-func HMAC(sha int,M []byte,K []byte,tag []byte) int {
- /* Input is from an octet m *
- * olen is requested output length in bytes. k is the key *
- * The output is the calculated tag */
- var B []byte
- b:=64
- if sha>32 {b=128}
-
- var K0 [128]byte
- olen:=len(tag)
-
- if (olen<4 /*|| olen>sha */) {return 0}
-
- for i:=0;i<b;i++ {K0[i]=0}
-
- if len(K) > b {
- B=ehashit(sha,K,0,nil,0)
- for i:=0;i<sha;i++ {K0[i]=B[i]}
- } else {
- for i:=0;i<len(K);i++ {K0[i]=K[i]}
- }
-
- for i:=0;i<b;i++ {K0[i]^=0x36}
- B=ehashit(sha,K0[0:b],0,M,0);
-
- for i:=0;i<b;i++ {K0[i]^=0x6a}
- B=ehashit(sha,K0[0:b],0,B,olen)
-
- for i:=0;i<olen;i++ {tag[i]=B[i]}
-
- return 1
-}
-
-/* AES encryption/decryption. Encrypt byte array M using key K and returns ciphertext */
-func AES_CBC_IV0_ENCRYPT(K []byte,M []byte) []byte { /* AES CBC encryption, with Null IV and key K */
- /* Input is from an octet string M, output is to an octet string C */
- /* Input is padded as necessary to make up a full final block */
- a:=NewAES()
- fin:=false
-
- var buff [16]byte
- var C []byte
-
- a.Init(aes_CBC,len(K),K,nil)
-
- ipt:=0; //opt:=0
- var i int
- for true {
- for i=0;i<16;i++ {
- if ipt<len(M) {
- buff[i]=M[ipt]; ipt++;
- } else {fin=true; break;}
- }
- if fin {break}
- a.Encrypt(buff[:])
- for i=0;i<16;i++ {
- C=append(C,buff[i])
- }
- }
-
-/* last block, filled up to i-th index */
-
- padlen:=16-i
- for j:=i;j<16;j++ {buff[j]=byte(padlen)}
-
- a.Encrypt(buff[:])
-
- for i=0;i<16;i++ {
- C=append(C,buff[i])
- }
- a.End()
- return C
-}
-
-/* returns plaintext if all consistent, else returns null string */
-func AES_CBC_IV0_DECRYPT(K []byte,C []byte) []byte { /* padding is removed */
- a:=NewAES()
- var buff [16]byte
- var MM []byte
- var M []byte
-
- var i int
- ipt:=0; opt:=0
-
- a.Init(aes_CBC,len(K),K,nil);
-
- if len(C)==0 {return nil}
- ch:=C[ipt]; ipt++
-
- fin:=false
-
- for true {
- for i=0;i<16;i++ {
- buff[i]=ch
- if ipt>=len(C) {
- fin=true; break
- } else {ch=C[ipt]; ipt++ }
- }
- a.Decrypt(buff[:])
- if fin {break}
- for i=0;i<16;i++ {
- MM=append(MM,buff[i]); opt++
- }
- }
-
- a.End();
- bad:=false
- padlen:=int(buff[15])
- if (i!=15 || padlen<1 || padlen>16) {bad=true}
- if (padlen>=2 && padlen<=16) {
- for i=16-padlen;i<16;i++ {
- if buff[i]!=byte(padlen) {bad=true}
- }
- }
-
- if !bad {
- for i=0;i<16-padlen;i++ {
- MM=append(MM,buff[i]); opt++
- }
- }
-
- if bad {return nil}
-
- for i=0;i<opt;i++ {M=append(M,MM[i])}
-
- return M;
-}
-
-/* Calculate a public/private EC GF(p) key pair W,S where W=S.G mod EC(p),
- * where S is the secret key and W is the public key
- * and G is fixed generator.
- * If RNG is NULL then the private key is provided externally in S
- * otherwise it is generated randomly internally */
-func ECDH_KEY_PAIR_GENERATE(RNG *RAND,S []byte,W []byte) int {
- res:=0
-// var T [ECDH_EFS]byte
- var s *BIG
- var G *ECP
-
- gx:=NewBIGints(CURVE_Gx)
- if CURVETYPE!=MONTGOMERY {
- gy:=NewBIGints(CURVE_Gy)
- G=NewECPbigs(gx,gy)
- } else {
- G=NewECPbig(gx)
- }
-
- r:=NewBIGints(CURVE_Order)
-
- if RNG==nil {
- s=fromBytes(S)
- s.mod(r)
- } else {
- s=randomnum(r,RNG)
-
- // s.toBytes(T[:])
- // for i:=0;i<ECDH_EGS;i++ {S[i]=T[i]}
- }
-
- if AES_S>0 {
- s.mod2m(2*AES_S)
- }
- s.toBytes(S)
-
- WP:=G.mul(s)
-
- WP.toBytes(W)
-
- return res
-}
-
-/* validate public key. Set full=true for fuller check */
-func ECDH_PUBLIC_KEY_VALIDATE(full bool,W []byte) int {
- WP:=ECP_fromBytes(W)
- res:=0
-
- r:=NewBIGints(CURVE_Order)
-
- if WP.is_infinity() {res=ECDH_INVALID_PUBLIC_KEY}
- if res==0 && full {
- WP=WP.mul(r)
- if !WP.is_infinity() {res=ECDH_INVALID_PUBLIC_KEY}
- }
- return res
-}
-
-/* IEEE-1363 Diffie-Hellman online calculation Z=S.WD */
-func ECPSVDP_DH(S []byte,WD []byte,Z []byte) int {
- res:=0;
- var T [ECDH_EFS]byte
-
- s:=fromBytes(S)
-
- W:=ECP_fromBytes(WD)
- if W.is_infinity() {res=ECDH_ERROR}
-
- if res==0 {
- r:=NewBIGints(CURVE_Order)
- s.mod(r)
- W=W.mul(s)
- if W.is_infinity() {
- res=ECDH_ERROR
- } else {
- W.getX().toBytes(T[:])
- for i:=0;i<ECDH_EFS;i++ {Z[i]=T[i]}
- }
- }
- return res
-}
-
-/* IEEE ECDSA Signature, C and D are signature on F using private key S */
-func ECPSP_DSA(sha int,RNG *RAND,S []byte,F []byte,C []byte,D []byte) int {
- var T [ECDH_EFS]byte
-
- B:=ehashit(sha,F,0,nil,int(MODBYTES));
-
- gx:=NewBIGints(CURVE_Gx)
- gy:=NewBIGints(CURVE_Gy)
-
- G:=NewECPbigs(gx,gy)
- r:=NewBIGints(CURVE_Order)
-
- s:=fromBytes(S)
- f:=fromBytes(B[:])
-
- c:=NewBIGint(0)
- d:=NewBIGint(0)
- V:=NewECP()
-
- for d.iszilch() {
- u:=randomnum(r,RNG);
- w:=randomnum(r,RNG);
- if AES_S>0 {
- u.mod2m(2*AES_S)
- }
- V.copy(G)
- V=V.mul(u)
- vx:=V.getX()
- c.copy(vx)
- c.mod(r);
- if c.iszilch() {continue}
- u.copy(modmul(u,w,r))
- u.invmodp(r)
- d.copy(modmul(s,c,r))
- d.add(f)
- d.copy(modmul(d,w,r))
- d.copy(modmul(u,d,r))
- }
-
- c.toBytes(T[:])
- for i:=0;i<ECDH_EFS;i++ {C[i]=T[i]}
- d.toBytes(T[:])
- for i:=0;i<ECDH_EFS;i++ {D[i]=T[i]}
- return 0
-}
-
-/* IEEE1363 ECDSA Signature Verification. Signature C and D on F is verified using public key W */
-func ECPVP_DSA(sha int,W []byte,F []byte,C []byte,D []byte) int {
- res:=0
-
- B:=ehashit(sha,F,0,nil,int(MODBYTES));
-
- gx:=NewBIGints(CURVE_Gx)
- gy:=NewBIGints(CURVE_Gy)
-
- G:=NewECPbigs(gx,gy)
- r:=NewBIGints(CURVE_Order)
-
- c:=fromBytes(C)
- d:=fromBytes(D)
- f:=fromBytes(B[:])
-
- if (c.iszilch() || comp(c,r)>=0 || d.iszilch() || comp(d,r)>=0) {
- res=ECDH_INVALID;
- }
-
- if res==0 {
- d.invmodp(r)
- f.copy(modmul(f,d,r))
- h2:=modmul(c,d,r)
-
- WP:=ECP_fromBytes(W)
- if WP.is_infinity() {
- res=ECDH_ERROR
- } else {
- P:=NewECP()
- P.copy(WP)
-
- P=P.mul2(h2,G,f)
-
- if P.is_infinity() {
- res=ECDH_INVALID;
- } else {
- d=P.getX()
- d.mod(r)
-
- if comp(d,c)!=0 {res=ECDH_INVALID}
- }
- }
- }
-
- return res
-}
-
-/* IEEE1363 ECIES encryption. Encryption of plaintext M uses public key W and produces ciphertext V,C,T */
-func ECIES_ENCRYPT(sha int,P1 []byte,P2 []byte,RNG *RAND,W []byte,M []byte,V []byte,T []byte) []byte {
- var Z [ECDH_EFS]byte
- var VZ [3*ECDH_EFS+1]byte
- var K1 [ECDH_EAS]byte
- var K2 [ECDH_EAS]byte
- var U [ECDH_EGS]byte
-
- if ECDH_KEY_PAIR_GENERATE(RNG,U[:],V)!=0 {return nil}
- if ECPSVDP_DH(U[:],W,Z[:])!=0 {return nil}
-
- for i:=0;i<2*ECDH_EFS+1;i++ {VZ[i]=V[i]}
- for i:=0;i<ECDH_EFS;i++ {VZ[2*ECDH_EFS+1+i]=Z[i]}
-
-
- K:=KDF2(sha,VZ[:],P1,ECDH_EFS)
-
- for i:=0;i<ECDH_EAS;i++ {K1[i]=K[i]; K2[i]=K[ECDH_EAS+i]}
-
- C:=AES_CBC_IV0_ENCRYPT(K1[:],M)
-
- L2:=inttoBytes(len(P2),8)
-
- var AC []byte
-
- for i:=0;i<len(C);i++ {AC=append(AC,C[i])}
- for i:=0;i<len(P2);i++ {AC=append(AC,P2[i])}
- for i:=0;i<8;i++ {AC=append(AC,L2[i])}
-
- HMAC(sha,AC,K2[:],T)
-
- return C
-}
-
-/* IEEE1363 ECIES decryption. Decryption of ciphertext V,C,T using private key U outputs plaintext M */
-func ECIES_DECRYPT(sha int,P1 []byte,P2 []byte,V []byte,C []byte,T []byte,U []byte) []byte {
- var Z [ECDH_EFS]byte
- var VZ [3*ECDH_EFS+1]byte
- var K1 [ECDH_EAS]byte
- var K2 [ECDH_EAS]byte
-
- var TAG []byte =T[:]
-
- if ECPSVDP_DH(U,V,Z[:])!=0 {return nil}
-
- for i:=0;i<2*ECDH_EFS+1;i++ {VZ[i]=V[i]}
- for i:=0;i<ECDH_EFS;i++ {VZ[2*ECDH_EFS+1+i]=Z[i]}
-
- K:=KDF2(sha,VZ[:],P1,ECDH_EFS)
-
- for i:=0;i<ECDH_EAS;i++ {K1[i]=K[i]; K2[i]=K[ECDH_EAS+i]}
-
- M:=AES_CBC_IV0_DECRYPT(K1[:],C)
-
- if M==nil {return nil}
-
- L2:=inttoBytes(len(P2),8)
-
- var AC []byte
-
- for i:=0;i<len(C);i++ {AC=append(AC,C[i])}
- for i:=0;i<len(P2);i++ {AC=append(AC,P2[i])}
- for i:=0;i<8;i++ {AC=append(AC,L2[i])}
-
- HMAC(sha,AC,K2[:],TAG)
-
- same:=true
- for i:=0;i<len(T);i++ {
- if T[i]!=TAG[i] {same=false}
- }
- if !same {return nil}
-
- return M
-}
-
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/go/ECP.go
----------------------------------------------------------------------
diff --git a/version22/go/ECP.go b/version22/go/ECP.go
deleted file mode 100644
index e33b52b..0000000
--- a/version22/go/ECP.go
+++ /dev/null
@@ -1,893 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-package main
-
-//import "fmt"
-
-/* Elliptic Curve Point Structure */
-
-type ECP struct {
- x *FP
- y *FP
- z *FP
- INF bool
-}
-
-/* Constructors */
-func NewECP() *ECP {
- E:=new(ECP)
- E.x=NewFPint(0)
- E.y=NewFPint(0)
- E.z=NewFPint(0)
- E.INF=true
- return E
-}
-
-/* set (x,y) from two BIGs */
-func NewECPbigs(ix *BIG,iy *BIG) *ECP {
- E:=new(ECP)
- E.x=NewFPbig(ix)
- E.y=NewFPbig(iy)
- E.z=NewFPint(1)
- rhs:=RHS(E.x)
-
- if CURVETYPE==MONTGOMERY {
- if rhs.jacobi()==1 {
- E.INF=false
- } else {E.inf()}
- } else {
- y2:=NewFPcopy(E.y)
- y2.sqr()
- if y2.equals(rhs) {
- E.INF=false
- } else {E.inf()}
- }
- return E
-}
-
-/* set (x,y) from BIG and a bit */
-func NewECPbigint(ix *BIG,s int) *ECP {
- E:=new(ECP)
- E.x=NewFPbig(ix)
- E.y=NewFPint(0)
- rhs:=RHS(E.x)
- E.z=NewFPint(1)
- if rhs.jacobi()==1 {
- ny:=rhs.sqrt()
- if ny.redc().parity()!=s {ny.neg()}
- E.y.copy(ny)
- E.INF=false
- } else {E.inf()}
- return E;
-}
-
-/* set from x - calculate y from curve equation */
-func NewECPbig(ix *BIG) *ECP {
- E:=new(ECP)
- E.x=NewFPbig(ix)
- E.y=NewFPint(0)
- rhs:=RHS(E.x)
- E.z=NewFPint(1)
- if rhs.jacobi()==1 {
- if CURVETYPE!=MONTGOMERY {E.y.copy(rhs.sqrt())}
- E.INF=false
- } else {E.INF=true}
- return E
-}
-
-/* test for O point-at-infinity */
-func (E *ECP) is_infinity() bool {
- if CURVETYPE==EDWARDS {
- E.x.reduce(); E.y.reduce(); E.z.reduce()
- return (E.x.iszilch() && E.y.equals(E.z))
- } else {return E.INF}
-}
-
-/* Conditional swap of P and Q dependant on d */
-func (E *ECP) cswap(Q *ECP,d int) {
- E.x.cswap(Q.x,d)
- if CURVETYPE!=MONTGOMERY {E.y.cswap(Q.y,d)}
- E.z.cswap(Q.z,d)
- if CURVETYPE!=EDWARDS {
- bd:=true
- if d==0 {bd=false}
- bd=bd&&(E.INF!=Q.INF)
- E.INF=(bd!=E.INF)
- Q.INF=(bd!=Q.INF)
- }
-}
-
-/* Conditional move of Q to P dependant on d */
-func (E *ECP) cmove(Q *ECP,d int) {
- E.x.cmove(Q.x,d)
- if CURVETYPE!=MONTGOMERY {E.y.cmove(Q.y,d)}
- E.z.cmove(Q.z,d);
- if CURVETYPE!=EDWARDS {
- bd:=true
- if d==0 {bd=false}
- E.INF=(E.INF!=((E.INF!=Q.INF)&&bd))
- }
-}
-
-/* return 1 if b==c, no branching */
-func teq(b int32,c int32) int {
- x:=b^c
- x-=1 // if x=0, x now -1
- return int((x>>31)&1)
-}
-
-/* this=P */
-func (E *ECP) copy(P *ECP) {
- E.x.copy(P.x);
- if CURVETYPE!=MONTGOMERY {E.y.copy(P.y)}
- E.z.copy(P.z);
- E.INF=P.INF;
-}
-
-/* this=-this */
-func (E *ECP) neg() {
- if E.is_infinity() {return}
- if CURVETYPE==WEIERSTRASS {
- E.y.neg(); E.y.norm()
- }
- if CURVETYPE==EDWARDS {
- E.x.neg(); E.x.norm()
- }
- return;
-}
-
-/* Constant time select from pre-computed table */
-func (E *ECP) selector(W []*ECP,b int32) {
- MP:=NewECP()
- m:=b>>31;
- babs:=(b^m)-m;
-
- babs=(babs-1)/2
-
- E.cmove(W[0],teq(babs,0)) // conditional move
- E.cmove(W[1],teq(babs,1))
- E.cmove(W[2],teq(babs,2))
- E.cmove(W[3],teq(babs,3))
- E.cmove(W[4],teq(babs,4))
- E.cmove(W[5],teq(babs,5))
- E.cmove(W[6],teq(babs,6))
- E.cmove(W[7],teq(babs,7))
-
- MP.copy(E);
- MP.neg()
- E.cmove(MP,int(m&1));
-}
-
-/* set this=O */
-func (E *ECP) inf() {
- E.INF=true;
- E.x.zero()
- E.y.one()
- E.z.one()
-}
-
-/* Test P == Q */
-func( E *ECP) equals(Q *ECP) bool {
- if E.is_infinity() && Q.is_infinity() {return true}
- if E.is_infinity() || Q.is_infinity() {return false}
- if CURVETYPE==WEIERSTRASS {
- zs2:=NewFPcopy(E.z); zs2.sqr()
- zo2:=NewFPcopy(Q.z); zo2.sqr()
- zs3:=NewFPcopy(zs2); zs3.mul(E.z)
- zo3:=NewFPcopy(zo2); zo3.mul(Q.z)
- zs2.mul(Q.x)
- zo2.mul(E.x)
- if !zs2.equals(zo2) {return false}
- zs3.mul(Q.y)
- zo3.mul(E.y)
- if !zs3.equals(zo3) {return false}
- } else {
- a:=NewFPint(0)
- b:=NewFPint(0)
- a.copy(E.x); a.mul(Q.z); a.reduce()
- b.copy(Q.x); b.mul(E.z); b.reduce()
- if !a.equals(b) {return false}
- if CURVETYPE==EDWARDS {
- a.copy(E.y); a.mul(Q.z); a.reduce()
- b.copy(Q.y); b.mul(E.z); b.reduce()
- if !a.equals(b) {return false}
- }
- }
- return true
-}
-
-/* Calculate RHS of curve equation */
-func RHS(x *FP) *FP {
- x.norm()
- r:=NewFPcopy(x)
- r.sqr();
-
- if CURVETYPE==WEIERSTRASS { // x^3+Ax+B
- b:=NewFPbig(NewBIGints(CURVE_B))
- r.mul(x);
- if CURVE_A==-3 {
- cx:=NewFPcopy(x)
- cx.imul(3)
- cx.neg(); cx.norm()
- r.add(cx)
- }
- r.add(b)
- }
- if CURVETYPE==EDWARDS { // (Ax^2-1)/(Bx^2-1)
- b:=NewFPbig(NewBIGints(CURVE_B))
-
- one:=NewFPint(1)
- b.mul(r)
- b.sub(one)
- if CURVE_A==-1 {r.neg()}
- r.sub(one)
- b.inverse()
- r.mul(b)
- }
- if CURVETYPE==MONTGOMERY { // x^3+Ax^2+x
- x3:=NewFPint(0)
- x3.copy(r)
- x3.mul(x)
- r.imul(CURVE_A)
- r.add(x3)
- r.add(x)
- }
- r.reduce()
- return r
-}
-
-/* set to affine - from (x,y,z) to (x,y) */
-func (E *ECP) affine() {
- if E.is_infinity() {return}
- one:=NewFPint(1)
- if E.z.equals(one) {return}
- E.z.inverse()
- if CURVETYPE==WEIERSTRASS {
- z2:=NewFPcopy(E.z)
- z2.sqr()
- E.x.mul(z2); E.x.reduce()
- E.y.mul(z2)
- E.y.mul(E.z); E.y.reduce()
- }
- if CURVETYPE==EDWARDS {
- E.x.mul(E.z); E.x.reduce()
- E.y.mul(E.z); E.y.reduce()
- }
- if CURVETYPE==MONTGOMERY {
- E.x.mul(E.z); E.x.reduce()
- }
- E.z.one()
-}
-
-/* extract x as a BIG */
-func (E *ECP) getX() *BIG {
- E.affine()
- return E.x.redc()
-}
-/* extract y as a BIG */
-func (E *ECP) getY() *BIG {
- E.affine()
- return E.y.redc()
-}
-
-/* get sign of Y */
-func (E *ECP) getS() int {
- E.affine()
- y:=E.getY()
- return y.parity()
-}
-/* extract x as an FP */
-func (E *ECP) getx() *FP {
- return E.x;
-}
-/* extract y as an FP */
-func (E *ECP) gety() *FP {
- return E.y
-}
-/* extract z as an FP */
-func (E *ECP) getz() *FP {
- return E.z
-}
-
-/* convert to byte array */
-func (E *ECP) toBytes(b []byte) {
- var t [int(MODBYTES)]byte
- MB:=int(MODBYTES)
- if CURVETYPE!=MONTGOMERY {
- b[0]=0x04
- } else {b[0]=0x02}
-
- E.affine()
- E.x.redc().toBytes(t[:])
- for i:=0;i<MB;i++ {b[i+1]=t[i]}
- if CURVETYPE!=MONTGOMERY {
- E.y.redc().toBytes(t[:])
- for i:=0;i<MB;i++ {b[i+MB+1]=t[i]}
- }
-}
-
-/* convert from byte array to point */
-func ECP_fromBytes(b []byte) *ECP {
- var t [int(MODBYTES)]byte
- MB:=int(MODBYTES)
- p:=NewBIGints(Modulus)
-
- for i:=0;i<MB;i++ {t[i]=b[i+1]}
- px:=fromBytes(t[:])
- if comp(px,p)>=0 {return NewECP()}
-
- if (b[0]==0x04) {
- for i:=0;i<MB;i++ {t[i]=b[i+MB+1]}
- py:=fromBytes(t[:])
- if comp(py,p)>=0 {return NewECP()}
- return NewECPbigs(px,py)
- } else {return NewECPbig(px)}
-}
-
-/* convert to hex string */
-func (E *ECP) toString() string {
- if E.is_infinity() {return "infinity"}
- E.affine();
- if CURVETYPE==MONTGOMERY {
- return "("+E.x.redc().toString()+")"
- } else {return "("+E.x.redc().toString()+","+E.y.redc().toString()+")"}
-}
-
-/* this*=2 */
-func (E *ECP) dbl() {
- if CURVETYPE==WEIERSTRASS {
- if E.INF {return}
- if E.y.iszilch() {
- E.inf()
- return
- }
-
- w1:=NewFPcopy(E.x);
- w6:=NewFPcopy(E.z);
- w2:=NewFPint(0);
- w3:=NewFPcopy(E.x)
- w8:=NewFPcopy(E.x)
-
- if CURVE_A==-3 {
- w6.sqr()
- w1.copy(w6)
- w1.neg()
- w3.add(w1)
-
- w8.add(w6)
-
- w3.mul(w8)
- w8.copy(w3)
- w8.imul(3)
- } else {
- w1.sqr()
- w8.copy(w1)
- w8.imul(3)
- }
-
- w2.copy(E.y); w2.sqr()
- w3.copy(E.x); w3.mul(w2)
- w3.imul(4)
- w1.copy(w3); w1.neg()
- // w1.norm();
-
-
- E.x.copy(w8); E.x.sqr()
- E.x.add(w1)
- E.x.add(w1)
- // x.reduce();
- E.x.norm()
-
- E.z.mul(E.y)
- E.z.add(E.z)
-
- w2.add(w2)
- w2.sqr()
- w2.add(w2)
- w3.sub(E.x)
- E.y.copy(w8); E.y.mul(w3);
- // w2.norm();
- E.y.sub(w2)
- // y.reduce();
- // z.reduce();
- E.y.norm()
- E.z.norm()
-
- }
- if CURVETYPE==EDWARDS {
- C:=NewFPcopy(E.x)
- D:=NewFPcopy(E.y)
- H:=NewFPcopy(E.z)
- J:=NewFPint(0)
-
- E.x.mul(E.y); E.x.add(E.x)
- C.sqr()
- D.sqr()
- if CURVE_A==-1 {C.neg()}
- E.y.copy(C); E.y.add(D)
- // y.norm();
- H.sqr(); H.add(H)
- E.z.copy(E.y)
- J.copy(E.y); J.sub(H)
- E.x.mul(J)
- C.sub(D)
- E.y.mul(C)
- E.z.mul(J)
-
- E.x.norm()
- E.y.norm()
- E.z.norm()
- }
- if CURVETYPE==MONTGOMERY {
- A:=NewFPcopy(E.x)
- B:=NewFPcopy(E.x)
- AA:=NewFPint(0)
- BB:=NewFPint(0)
- C:=NewFPint(0)
-
- if E.INF {return}
-
- A.add(E.z)
- AA.copy(A); AA.sqr()
- B.sub(E.z)
- BB.copy(B); BB.sqr()
- C.copy(AA); C.sub(BB)
- // C.norm();
-
- E.x.copy(AA); E.x.mul(BB)
-
- A.copy(C); A.imul((CURVE_A+2)/4)
-
- BB.add(A)
- E.z.copy(BB); E.z.mul(C)
- // x.reduce();
- // z.reduce();
- E.x.norm()
- E.z.norm()
- }
- return;
-}
-
-/* this+=Q */
-func (E *ECP) add(Q *ECP) {
- if CURVETYPE==WEIERSTRASS {
- if E.INF {
- E.copy(Q)
- return
- }
- if Q.INF {return}
-
- aff:=false
-
- one:=NewFPint(1)
- if Q.z.equals(one) {aff=true}
-
- var A,C *FP
- B:=NewFPcopy(E.z)
- D:=NewFPcopy(E.z)
- if !aff {
- A=NewFPcopy(Q.z)
- C=NewFPcopy(Q.z)
-
- A.sqr(); B.sqr()
- C.mul(A); D.mul(B)
-
- A.mul(E.x)
- C.mul(E.y)
- } else {
- A=NewFPcopy(E.x)
- C=NewFPcopy(E.y)
-
- B.sqr()
- D.mul(B)
- }
-
- B.mul(Q.x); B.sub(A)
- D.mul(Q.y); D.sub(C)
-
- if B.iszilch() {
- if D.iszilch() {
- E.dbl()
- return
- } else {
- E.INF=true
- return
- }
- }
-
- if !aff {E.z.mul(Q.z)}
- E.z.mul(B)
-
- e:=NewFPcopy(B); e.sqr()
- B.mul(e)
- A.mul(e)
-
- e.copy(A)
- e.add(A); e.add(B)
- E.x.copy(D); E.x.sqr(); E.x.sub(e);
-
- A.sub(E.x);
- E.y.copy(A); E.y.mul(D)
- C.mul(B); E.y.sub(C)
-
- // x.reduce();
- // y.reduce();
- // z.reduce();
- E.x.norm()
- E.y.norm()
- E.z.norm()
- }
- if CURVETYPE==EDWARDS {
- b:=NewFPbig(NewBIGints(CURVE_B))
- A:=NewFPcopy(E.z)
- B:=NewFPint(0)
- C:=NewFPcopy(E.x)
- D:=NewFPcopy(E.y)
- EE:=NewFPint(0)
- F:=NewFPint(0)
- G:=NewFPint(0)
- //H:=NewFPint(0)
- //I:=NewFPint(0)
-
- A.mul(Q.z);
- B.copy(A); B.sqr()
- C.mul(Q.x)
- D.mul(Q.y)
-
- EE.copy(C); EE.mul(D); EE.mul(b)
- F.copy(B); F.sub(EE)
- G.copy(B); G.add(EE)
-
- if CURVE_A==1 {
- EE.copy(D); EE.sub(C)
- }
- C.add(D)
-
- B.copy(E.x); B.add(E.y)
- D.copy(Q.x); D.add(Q.y)
- B.mul(D)
- B.sub(C)
- B.mul(F)
- E.x.copy(A); E.x.mul(B)
-
- if CURVE_A==1 {
- C.copy(EE); C.mul(G)
- }
- if CURVE_A==-1 {
- C.mul(G)
- }
- E.y.copy(A); E.y.mul(C)
- E.z.copy(F); E.z.mul(G)
- // x.reduce(); y.reduce(); z.reduce();
- E.x.norm(); E.y.norm(); E.z.norm()
- }
- return
-}
-
-/* Differential Add for Montgomery curves. this+=Q where W is this-Q and is affine. */
-func (E *ECP) dadd(Q *ECP,W *ECP) {
- A:=NewFPcopy(E.x)
- B:=NewFPcopy(E.x)
- C:=NewFPcopy(Q.x)
- D:=NewFPcopy(Q.x)
- DA:=NewFPint(0)
- CB:=NewFPint(0)
-
- A.add(E.z)
- B.sub(E.z)
-
- C.add(Q.z)
- D.sub(Q.z)
-
- DA.copy(D); DA.mul(A)
- CB.copy(C); CB.mul(B)
-
- A.copy(DA); A.add(CB); A.sqr()
- B.copy(DA); B.sub(CB); B.sqr()
-
- E.x.copy(A)
- E.z.copy(W.x); E.z.mul(B)
-
- if E.z.iszilch() {
- E.inf()
- } else {E.INF=false;}
-
- // x.reduce();
- E.x.norm();
-}
-
-/* this-=Q */
-func (E *ECP) sub(Q *ECP) {
- Q.neg()
- E.add(Q)
- Q.neg()
-}
-
-func multiaffine(m int,P []*ECP) {
- t1:=NewFPint(0)
- t2:=NewFPint(0)
-
- var work []*FP
-
- for i:=0;i<m;i++ {
- work=append(work,NewFPint(0))
- }
-
- work[0].one()
- work[1].copy(P[0].z)
-
- for i:=2;i<m;i++ {
- work[i].copy(work[i-1])
- work[i].mul(P[i-1].z)
- }
-
- t1.copy(work[m-1])
- t1.mul(P[m-1].z)
- t1.inverse()
- t2.copy(P[m-1].z)
- work[m-1].mul(t1)
-
- for i:=m-2;;i-- {
- if i==0 {
- work[0].copy(t1)
- work[0].mul(t2)
- break
- }
- work[i].mul(t2)
- work[i].mul(t1)
- t2.mul(P[i].z)
- }
-/* now work[] contains inverses of all Z coordinates */
-
- for i:=0;i<m;i++ {
- P[i].z.one()
- t1.copy(work[i])
- t1.sqr()
- P[i].x.mul(t1)
- t1.mul(work[i])
- P[i].y.mul(t1)
- }
-}
-
-/* constant time multiply by small integer of length bts - use ladder */
-func (E *ECP) pinmul(e int32,bts int32) *ECP {
- if CURVETYPE==MONTGOMERY {
- return E.mul(NewBIGint(int(e)))
- } else {
- P:=NewECP()
- R0:=NewECP()
- R1:=NewECP(); R1.copy(E)
-
- for i:=bts-1;i>=0;i-- {
- b:=int((e>>uint32(i))&1)
- P.copy(R1)
- P.add(R0)
- R0.cswap(R1,b)
- R1.copy(P)
- R0.dbl()
- R0.cswap(R1,b)
- }
- P.copy(R0)
- P.affine()
- return P
- }
-}
-
-/* return e.this */
-
-func (E *ECP) mul(e *BIG) *ECP {
- if (e.iszilch() || E.is_infinity()) {return NewECP()}
- P:=NewECP()
- if CURVETYPE==MONTGOMERY {
-/* use Ladder */
- D:=NewECP();
- R0:=NewECP(); R0.copy(E)
- R1:=NewECP(); R1.copy(E)
- R1.dbl()
- D.copy(E); D.affine()
- nb:=e.nbits()
- for i:=nb-2;i>=0;i-- {
- b:=int(e.bit(i))
- P.copy(R1)
- P.dadd(R0,D)
- R0.cswap(R1,b)
- R1.copy(P)
- R0.dbl()
- R0.cswap(R1,b)
- }
- P.copy(R0)
- } else {
-// fixed size windows
- mt:=NewBIG()
- t:=NewBIG()
- Q:=NewECP()
- C:=NewECP()
-
- var W []*ECP
- var w [1+(NLEN*int(BASEBITS)+3)/4]int8
-
- E.affine();
-
- Q.copy(E);
- Q.dbl();
-
- W=append(W,NewECP());
- W[0].copy(E);
-
- for i:=1;i<8;i++ {
- W=append(W,NewECP())
- W[i].copy(W[i-1])
- W[i].add(Q)
- }
-
-
-// convert the table to affine
- if CURVETYPE==WEIERSTRASS {
- multiaffine(8,W[:])
- }
-
-
-// make exponent odd - add 2P if even, P if odd
- t.copy(e)
- s:=int(t.parity())
- t.inc(1); t.norm(); ns:=int(t.parity()); mt.copy(t); mt.inc(1); mt.norm()
- t.cmove(mt,s)
- Q.cmove(E,ns)
- C.copy(Q)
-
- nb:=1+(t.nbits()+3)/4
-
-// convert exponent to signed 4-bit window
- for i:=0;i<nb;i++ {
- w[i]=int8(t.lastbits(5)-16)
- t.dec(int(w[i])); t.norm()
- t.fshr(4)
- }
- w[nb]=int8(t.lastbits(5))
-
- P.copy(W[(int(w[nb])-1)/2])
- for i:=nb-1;i>=0;i-- {
- Q.selector(W,int32(w[i]))
- P.dbl()
- P.dbl()
- P.dbl()
- P.dbl()
- P.add(Q)
- }
- P.sub(C) /* apply correction */
- }
- P.affine()
- return P
-}
-
-/* Return e.this+f.Q */
-
-func (E *ECP) mul2(e *BIG,Q *ECP,f *BIG) *ECP {
- te:=NewBIG()
- tf:=NewBIG()
- mt:=NewBIG()
- S:=NewECP()
- T:=NewECP()
- C:=NewECP()
- var W [] *ECP
- //ECP[] W=new ECP[8];
- var w [1+(NLEN*int(BASEBITS)+1)/2]int8
-
- E.affine()
- Q.affine()
-
- te.copy(e)
- tf.copy(f)
-
-// precompute table
- for i:=0;i<8;i++ {
- W=append(W,NewECP())
- }
- W[1].copy(E); W[1].sub(Q)
- W[2].copy(E); W[2].add(Q);
- S.copy(Q); S.dbl();
- W[0].copy(W[1]); W[0].sub(S);
- W[3].copy(W[2]); W[3].add(S);
- T.copy(E); T.dbl();
- W[5].copy(W[1]); W[5].add(T);
- W[6].copy(W[2]); W[6].add(T);
- W[4].copy(W[5]); W[4].sub(S);
- W[7].copy(W[6]); W[7].add(S);
-
-// convert the table to affine
- if CURVETYPE==WEIERSTRASS {
- multiaffine(8,W)
- }
-
-// if multiplier is odd, add 2, else add 1 to multiplier, and add 2P or P to correction
-
- s:=int(te.parity());
- te.inc(1); te.norm(); ns:=int(te.parity()); mt.copy(te); mt.inc(1); mt.norm()
- te.cmove(mt,s)
- T.cmove(E,ns)
- C.copy(T)
-
- s=int(tf.parity())
- tf.inc(1); tf.norm(); ns=int(tf.parity()); mt.copy(tf); mt.inc(1); mt.norm()
- tf.cmove(mt,s)
- S.cmove(Q,ns)
- C.add(S)
-
- mt.copy(te); mt.add(tf); mt.norm()
- nb:=1+(mt.nbits()+1)/2
-
-// convert exponent to signed 2-bit window
- for i:=0;i<nb;i++ {
- a:=(te.lastbits(3)-4)
- te.dec(int(a)); te.norm()
- te.fshr(2)
- b:=(tf.lastbits(3)-4)
- tf.dec(int(b)); tf.norm()
- tf.fshr(2)
- w[i]=int8(4*a+b)
- }
- w[nb]=int8(4*te.lastbits(3)+tf.lastbits(3))
- S.copy(W[(w[nb]-1)/2])
-
- for i:=nb-1;i>=0;i-- {
- T.selector(W,int32(w[i]));
- S.dbl()
- S.dbl()
- S.add(T)
- }
- S.sub(C) /* apply correction */
- S.affine()
- return S
-}
-
-/*
-func main() {
- Gx:=NewBIGints(CURVE_Gx);
- var Gy *BIG
- var P *ECP
-
- if CURVETYPE!=MONTGOMERY {Gy=NewBIGints(CURVE_Gy)}
- r:=NewBIGints(CURVE_Order)
-
- //r.dec(7);
-
- fmt.Printf("Gx= "+Gx.toString())
- fmt.Printf("\n")
-
- if CURVETYPE!=MONTGOMERY {
- fmt.Printf("Gy= "+Gy.toString())
- fmt.Printf("\n")
- }
-
- if CURVETYPE!=MONTGOMERY {
- P=NewECPbigs(Gx,Gy)
- } else {P=NewECPbig(Gx)}
-
- fmt.Printf("P= "+P.toString());
- fmt.Printf("\n")
-
- R:=P.mul(r);
- //for (int i=0;i<10000;i++)
- // R=P.mul(r);
-
- fmt.Printf("R= "+R.toString())
- fmt.Printf("\n")
-}
-*/
\ No newline at end of file
[48/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/arch.h
----------------------------------------------------------------------
diff --git a/version22/c/arch.h b/version22/c/arch.h
deleted file mode 100644
index 21753bd..0000000
--- a/version22/c/arch.h
+++ /dev/null
@@ -1,119 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/* Architecture definition header file */
-
-/**
- * @file arch.h
- * @author Mike Scott
- * @date 23rd February 2016
- * @brief Architecture Header File
- *
- * Specify Processor Architecture
- *
- */
-
-/* NOTE: There is only one user configurable section in this header - see below */
-
-#ifndef ARCH_H
-#define ARCH_H
-
-
-
-
-/*** START OF USER CONFIGURABLE SECTION - set architecture ***/
-
-#ifdef CMAKE
-#define CHUNK @AMCL_CHUNK@ /**< size of chunk in bits = wordlength of computer = 16, 32 or 64. Note not all curve options are supported on 16-bit processors - see rom.c */
-#else
-#define CHUNK 32 /**< size of chunk in bits = wordlength of computer = 16, 32 or 64. Note not all curve options are supported on 16-bit processors - see rom.c */
-#endif
-
-/*** END OF USER CONFIGURABLE SECTION ***/
-
-
-
-/* Create Integer types */
-/* Support for C99? Note for GCC need to explicitly include -std=c99 in command line */
-
-#if __STDC_VERSION__ >= 199901L
-/* C99 code */
-#define C99
-#else
-/* Not C99 code */
-#endif
-
-#ifndef C99 /* You are on your own! These are for Microsoft C */
-#define sign32 __int32 /**< 32-bit signed integer */
-#define sign8 signed char /**< 8-bit signed integer */
-#define unsign32 unsigned __int32 /**< 32-bit unsigned integer */
-#define unsign64 unsigned long long /**< 64-bit unsigned integer */
-#else
-#include <stdint.h>
-#define sign8 int8_t /**< 8-bit signed integer */
-#define sign32 int32_t /**< 32-bit signed integer */
-#define unsign32 uint32_t /**< 32-bit unsigned integer */
-#define unsign64 uint64_t /**< 64-bit unsigned integer */
-#endif
-
-#define uchar unsigned char /**< Unsigned char */
-
-/* Don't mess with anything below this line unless you know what you are doing */
-/* This next is probably OK, but may need changing for non-C99-standard environments */
-
-/* This next is probably OK, but may need changing for non-C99-standard environments */
-
-#if CHUNK==16
-#ifndef C99
-#define chunk __int16 /**< C type corresponding to word length */
-#define dchunk __int32 /**< Always define double length chunk type if available */
-#else
-#define chunk int16_t /**< C type corresponding to word length */
-#define dchunk int32_t /**< Always define double length chunk type if available */
-#endif
-#endif
-
-#if CHUNK == 32
-#ifndef C99
-#define chunk __int32 /**< C type corresponding to word length */
-#define dchunk __int64 /**< Always define double length chunk type if available */
-#else
-#define chunk int32_t /**< C type corresponding to word length */
-#define dchunk int64_t /**< Always define double length chunk type if available */
-#endif
-#endif
-
-#if CHUNK == 64
-
-#ifndef C99
-#define chunk __int64 /**< C type corresponding to word length */
-/**< Note - no 128-bit type available */
-#else
-#define chunk int64_t /**< C type corresponding to word length */
-#ifdef __GNUC__
-#define dchunk __int128 /**< Always define double length chunk type if available - GCC supports 128 bit type ??? */
-#endif
-#endif
-#endif
-
-#ifdef dchunk
-#define COMBA /**< Use COMBA method for faster BN muls, sqrs and reductions */
-#endif
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/benchtest_ec.c
----------------------------------------------------------------------
diff --git a/version22/c/benchtest_ec.c b/version22/c/benchtest_ec.c
deleted file mode 100644
index 5929d0b..0000000
--- a/version22/c/benchtest_ec.c
+++ /dev/null
@@ -1,212 +0,0 @@
-/* Test and benchmark elliptic curve and RSA functions
- First build amcl.a from build_ec batch file
- gcc -O3 benchtest_ec.c amcl.a -o benchtest_ec.exe
-*/
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-
-#include "amcl.h"
-#include "rsa.h"
-
-#define MIN_TIME 10.0
-#define MIN_ITERS 10
-
-int main()
-{
- csprng RNG;
- BIG s,r,x,y;
- ECP P,G;
- FP12 g;
- int i,iterations;
- clock_t start;
- double elapsed;
- char pr[10];
- unsigned long ran;
- rsa_public_key pub;
- rsa_private_key priv;
- char m[RFS],d[RFS],c[RFS];
- octet M= {0,sizeof(m),m};
- octet D= {0,sizeof(d),d};
- octet C= {0,sizeof(c),c};
-
-#if CHOICE==NIST256
- printf("NIST256 Curve\n");
-#endif
-#if CHOICE==C25519
- printf("C25519 Curve\n");
-#endif
-#if CHOICE==BRAINPOOL
- printf("BRAINPOOL Curve\n");
-#endif
-#if CHOICE==ANSSI
- printf("ANSSI Curve\n");
-#endif
-#if CHOICE==MF254
- printf("MF254 Curve\n");
-#endif
-#if CHOICE==MS255
- printf("MS255 Curve\n");
-#endif
-#if CHOICE==MF256
- printf("MF256 Curve\n");
-#endif
-#if CHOICE==MS256
- printf("MS256 Curve\n");
-#endif
-#if CHOICE==HIFIVE
- printf("HIFIVE Curve\n");
-#endif
-#if CHOICE==GOLDILOCKS
- printf("GOLDILOCKS Curve\n");
-#endif
-#if CHOICE==NIST384
- printf("NIST384 Curve\n");
-#endif
-#if CHOICE==C41417
- printf("C41417 Curve\n");
-#endif
-#if CHOICE==NIST521
- printf("NIST521 Curve\n");
-#endif
-
-#if CHOICE==BN254
- printf("BN254 Curve\n");
-#endif
-#if CHOICE==BN454
- printf("BN454 Curve\n");
-#endif
-#if CHOICE==BN646
- printf("BN646 Curve\n");
-#endif
-
-#if CHOICE==BN254_CX
- printf("BN254_CX Curve\n");
-#endif
-#if CHOICE==BN254_T
- printf("BN254_T Curve\n");
-#endif
-#if CHOICE==BN254_T2
- printf("BN254_T2 Curve\n");
-#endif
-#if CHOICE==BLS455
- printf("BLS455 Curve\n");
-#endif
-#if CHOICE==BLS383
- printf("BLS383 Curve\n");
-#endif
-
-#if CURVETYPE==WEIERSTRASS
- printf("Weierstrass parameterization\n");
-#endif
-#if CURVETYPE==EDWARDS
- printf("Edwards parameterization\n");
-#endif
-#if CURVETYPE==MONTGOMERY
- printf("Montgomery parameterization\n");
-#endif
-
-#if CHUNK==16
- printf("16-bit Build\n");
-#endif
-#if CHUNK==32
- printf("32-bit Build\n");
-#endif
-#if CHUNK==64
- printf("64-bit Build\n");
-#endif
-
- time((time_t *)&ran);
- pr[0]=ran;
- pr[1]=ran>>8;
- pr[2]=ran>>16;
- pr[3]=ran>>24;
- for (i=4;i<10;i++) pr[i]=i;
- RAND_seed(&RNG,10,pr);
-
- BIG_rcopy(x,CURVE_Gx);
-#if CURVETYPE!=MONTGOMERY
- BIG_rcopy(y,CURVE_Gy);
- ECP_set(&G,x,y);
-#else
- ECP_set(&G,x);
-#endif
-
- BIG_rcopy(r,CURVE_Order);
- BIG_randomnum(s,r,&RNG);
- ECP_copy(&P,&G);
- ECP_mul(&P,r);
-
- if (!ECP_isinf(&P))
- {
- printf("FAILURE - rG!=O\n");
- return 0;
- }
-
- iterations=0;
- start=clock();
- do {
- ECP_copy(&P,&G);
- ECP_mul(&P,s);
-
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("EC mul - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- printf("Generating %d-bit RSA public/private key pair\n",FFLEN*BIGBITS);
-
- iterations=0;
- start=clock();
- do {
- RSA_KEY_PAIR(&RNG,65537,&priv,&pub,NULL,NULL);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("RSA gen - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- //FF_randomnum(plain,pub.n,&RNG,FFLEN);
-
- M.len=RFS;
- for (i=0;i<RFS;i++) M.val[i]=i%128;
-
- iterations=0;
- start=clock();
- do {
- RSA_ENCRYPT(&pub,&M,&C);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("RSA enc - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- iterations=0;
- start=clock();
- do {
- RSA_DECRYPT(&priv,&C,&D);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("RSA dec - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- for (i=0;i<RFS;i++)
- {
- if (M.val[i]!=D.val[i])
- {
- printf("FAILURE - RSA decryption\n");
- return 0;
- }
- }
-
- printf("All tests pass\n");
-
- return 0;
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/benchtest_pair.c
----------------------------------------------------------------------
diff --git a/version22/c/benchtest_pair.c b/version22/c/benchtest_pair.c
deleted file mode 100644
index c9dcf38..0000000
--- a/version22/c/benchtest_pair.c
+++ /dev/null
@@ -1,257 +0,0 @@
-/* Test and benchmark pairing functions
- First build amcl.a from build_pair batch file
- gcc -O3 benchtest_pair.c amcl.a -o benchtest_pair.exe
-*/
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-
-#include "amcl.h" /* Make sure and select a pairing-friendly curve in here! */
-
-#define MIN_TIME 10.0
-#define MIN_ITERS 10
-
-int main()
-{
- csprng RNG;
- BIG q,s,r,x,y,a,b,m;
- ECP P,G;
- FP2 wx,wy,f;
- FP4 c,cp,cpm1,cpm2,cr;
- ECP2 Q,W;
- FP12 g,w;
- unsigned long ran;
-
- int i,iterations;
- clock_t start;
- double elapsed;
- char pr[10];
-
-#if CHOICE==BN254
- printf("BN254 Curve\n");
-#endif
-#if CHOICE==BN454
- printf("BN454 Curve\n");
-#endif
-#if CHOICE==BN646
- printf("BN646 Curve\n");
-#endif
-
-#if CHOICE==BN254_CX
- printf("BN254_CX Curve\n");
-#endif
-#if CHOICE==BN254_T
- printf("BN254_T Curve\n");
-#endif
-#if CHOICE==BN254_T2
- printf("BN254_T2 Curve\n");
-#endif
-#if CHOICE==BLS455
- printf("BLS455 Curve\n");
-#endif
-#if CHOICE==BLS383
- printf("BLS383 Curve\n");
-#endif
-
-#if CHUNK==16
- printf("16-bit Build\n");
-#endif
-#if CHUNK==32
- printf("32-bit Build\n");
-#endif
-#if CHUNK==64
- printf("64-bit Build\n");
-#endif
-
- time((time_t *)&ran);
- pr[0]=ran;
- pr[1]=ran>>8;
- pr[2]=ran>>16;
- pr[3]=ran>>24;
- for (i=4;i<10;i++) pr[i]=i;
-
- RAND_seed(&RNG,10,pr);
-
- BIG_rcopy(x,CURVE_Gx);
-
- BIG_rcopy(y,CURVE_Gy);
- ECP_set(&G,x,y);
-
-
- BIG_rcopy(r,CURVE_Order);
- BIG_randomnum(s,r,&RNG);
- ECP_copy(&P,&G);
- PAIR_G1mul(&P,r);
-
- if (!ECP_isinf(&P))
- {
- printf("FAILURE - rG!=O\n");
- return 0;
- }
-
- iterations=0;
- start=clock();
- do {
- ECP_copy(&P,&G);
- PAIR_G1mul(&P,s);
-
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("G1 mul - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
-
- BIG_rcopy(wx.a,CURVE_Pxa); FP_nres(wx.a);
- BIG_rcopy(wx.b,CURVE_Pxb); FP_nres(wx.b);
- BIG_rcopy(wy.a,CURVE_Pya); FP_nres(wy.a);
- BIG_rcopy(wy.b,CURVE_Pyb); FP_nres(wy.b);
- ECP2_set(&W,&wx,&wy);
-
- ECP2_copy(&Q,&W);
- ECP2_mul(&Q,r);
-
- if (!ECP2_isinf(&Q))
- {
- printf("FAILURE - rQ!=O\n");
- return 0;
- }
-
- iterations=0;
- start=clock();
- do {
- ECP2_copy(&Q,&W);
- PAIR_G2mul(&Q,s);
-
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("G2 mul - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- PAIR_ate(&w,&Q,&P);
- PAIR_fexp(&w);
-
- FP12_copy(&g,&w);
-
- PAIR_GTpow(&g,r);
-
- if (!FP12_isunity(&g))
- {
- printf("FAILURE - g^r!=1\n");
- return 0;
- }
-
- iterations=0;
- start=clock();
- do {
- FP12_copy(&g,&w);
- PAIR_GTpow(&g,s);
-
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("GT pow - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- BIG_rcopy(a,CURVE_Fra);
- BIG_rcopy(b,CURVE_Frb);
- FP2_from_BIGs(&f,a,b);
-
- BIG_rcopy(q,Modulus);
-
- BIG_copy(m,q);
- BIG_mod(m,r);
-
- BIG_copy(a,s);
- BIG_mod(a,m);
-
- BIG_copy(b,s);
- BIG_sdiv(b,m);
-
- FP12_copy(&g,&w);
- FP12_trace(&c,&g);
-
- FP12_frob(&g,&f);
- FP12_trace(&cp,&g);
-
- FP12_conj(&w,&w);
- FP12_mul(&g,&w);
-
- FP12_trace(&cpm1,&g);
- FP12_mul(&g,&w);
- FP12_trace(&cpm2,&g);
-
- iterations=0;
- start=clock();
- do {
- FP4_xtr_pow2(&cr,&cp,&c,&cpm1,&cpm2,a,b);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("GT pow (compressed) - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- iterations=0;
- start=clock();
- do {
- PAIR_ate(&w,&Q,&P);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("PAIRing ATE - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- iterations=0;
- start=clock();
- do {
- FP12_copy(&g,&w);
- PAIR_fexp(&g);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("PAIRing FEXP - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- ECP_copy(&P,&G);
- ECP2_copy(&Q,&W);
-
- PAIR_G1mul(&P,s);
- PAIR_ate(&g,&Q,&P);
- PAIR_fexp(&g);
-
- ECP_copy(&P,&G);
-
- PAIR_G2mul(&Q,s);
- PAIR_ate(&w,&Q,&P);
- PAIR_fexp(&w);
-
- if (!FP12_equals(&g,&w))
- {
- printf("FAILURE - e(sQ,p)!=e(Q,sP) \n");
- return 0;
- }
-
- ECP2_copy(&Q,&W);
- PAIR_ate(&g,&Q,&P);
- PAIR_fexp(&g);
-
- PAIR_GTpow(&g,s);
-
- if (!FP12_equals(&g,&w))
- {
- printf("FAILURE - e(sQ,p)!=e(Q,P)^s \n");
- return 0;
- }
-
- printf("All tests pass\n");
-
- return 0;
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/big.c
----------------------------------------------------------------------
diff --git a/version22/c/big.c b/version22/c/big.c
deleted file mode 100644
index 1fe6259..0000000
--- a/version22/c/big.c
+++ /dev/null
@@ -1,1525 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/* AMCL basic functions for BIG type */
-/* SU=m, SU is Stack Usage */
-
-#include "amcl.h"
-
-/* Calculates x*y+c+*r */
-
-#ifdef dchunk
-
-/* Method required to calculate x*y+c+r, bottom half in r, top half returned */
-chunk muladd(chunk x,chunk y,chunk c,chunk *r)
-{
- dchunk prod=(dchunk)x*y+c+*r;
- *r=(chunk)prod&BMASK;
- return (chunk)(prod>>BASEBITS);
-}
-
-#else
-
-/* No integer type available that can store double the wordlength */
-/* accumulate partial products */
-
-chunk muladd(chunk x,chunk y,chunk c,chunk *r)
-{
- chunk x0,x1,y0,y1;
- chunk bot,top,mid,carry;
- x0=x&HMASK;
- x1=(x>>HBITS);
- y0=y&HMASK;
- y1=(y>>HBITS);
- bot=x0*y0;
- top=x1*y1;
- mid=x0*y1+x1*y0;
- x0=mid&HMASK1;
- x1=(mid>>HBITS1);
- bot+=x0<<HBITS;
- bot+=*r;
- bot+=c;
-
-#if HDIFF==1
- bot+=(top&HDIFF)<<(BASEBITS-1);
- top>>=HDIFF;
-#endif
-
- top+=x1;
- carry=bot>>BASEBITS;
- bot&=BMASK;
- top+=carry;
-
- *r=bot;
- return top;
-}
-
-#endif
-
-/*
-
-// Alternative non Standard Solution required if no type available that can store double the wordlength
-// The use of compiler intrinsics is permitted
-
-
-#if CHUNK==64
-#ifdef _WIN64
-#include <intrin.h>
-
-static INLINE chunk muladd(chunk x,chunk y,chunk c,chunk *r)
-{
- chunk t,e;
- uchunk b;
- b=_mul128(x,y,&t);
- e=c+*r;
- b+=e;
-// make correction for possible carry to top half
- if (e<0)
- t-=(b>e);
- else
- t+=(b<e);
-
- *r=b&MASK;
- return (chunk)((t<<(CHUNK-BASEBITS)) | (b>>BASEBITS));
-}
-
-#endif
-#endif
-
-*/
-
-/* test a=0? */
-int BIG_iszilch(BIG a)
-{
- int i;
- for (i=0; i<NLEN; i++)
- if (a[i]!=0) return 0;
- return 1;
-}
-
-/* test a=0? */
-int BIG_diszilch(DBIG a)
-{
- int i;
- for (i=0; i<DNLEN; i++)
- if (a[i]!=0) return 0;
- return 1;
-}
-
-/* SU= 56 */
-/* output a */
-void BIG_output(BIG a)
-{
- BIG b;
- int i,len;
- len=BIG_nbits(a);
- if (len%4==0) len/=4;
- else
- {
- len/=4;
- len++;
- }
- if (len<MODBYTES*2) len=MODBYTES*2;
-
- for (i=len-1; i>=0; i--)
- {
- BIG_copy(b,a);
- BIG_shr(b,i*4);
- printf("%01x",(unsigned int) b[0]&15);
- }
-}
-
-/* SU= 16 */
-void BIG_rawoutput(BIG a)
-{
- int i;
- printf("(");
- for (i=0; i<NLEN-1; i++)
-#if CHUNK==64
- printf("%"PRIxMAX",",(uint64_t) a[i]);
- printf("%"PRIxMAX")",(uint64_t) a[NLEN-1]);
-#else
- printf("%x,",(unsigned int) a[i]);
- printf("%x)",(unsigned int) a[NLEN-1]);
-#endif
-}
-/*
-void BIG_rawdoutput(DBIG a)
-{
- int i;
- printf("(");
- for (i=0;i<DNLEN-1;i++)
-#if CHUNK==64
- printf("%llx,",(long long unsigned int) a[i]);
- printf("%llx)",(long long unsigned int) a[DNLEN-1]);
-#else
- printf("%x,",(unsigned int) a[i]);
- printf("%x)",(unsigned int) a[NLEN-1]);
-#endif
-}
-*/
-/* Swap a and b if d=1 */
-void BIG_cswap(BIG a,BIG b,int d)
-{
- int i;
- chunk t,c=d;
- c=~(c-1);
-#ifdef DEBUG_NORM
- for (i=0; i<=NLEN; i++)
-#else
- for (i=0; i<NLEN; i++)
-#endif
- {
- t=c&(a[i]^b[i]);
- a[i]^=t;
- b[i]^=t;
- }
-}
-
-/* Move b to a if d=1 */
-void BIG_cmove(BIG f,BIG g,int d)
-{
- int i;
- chunk b=(chunk)-d;
-#ifdef DEBUG_NORM
- for (i=0; i<=NLEN; i++)
-#else
- for (i=0; i<NLEN; i++)
-#endif
- {
- f[i]^=(f[i]^g[i])&b;
- }
-}
-
-/* Move g to f if d=1 */
-void BIG_dcmove(DBIG f,DBIG g,int d)
-{
- int i;
- chunk b=(chunk)-d;
-#ifdef DEBUG_NORM
- for (i=0; i<=DNLEN; i++)
-#else
- for (i=0; i<DNLEN; i++)
-#endif
- {
- f[i]^=(f[i]^g[i])&b;
- }
-}
-
-/* convert BIG to/from bytes */
-/* SU= 64 */
-void BIG_toBytes(char *b,BIG a)
-{
- int i;
- BIG c;
- BIG_norm(a);
- BIG_copy(c,a);
- for (i=MODBYTES-1; i>=0; i--)
- {
- b[i]=c[0]&0xff;
- BIG_fshr(c,8);
- }
-}
-
-/* SU= 16 */
-void BIG_fromBytes(BIG a,char *b)
-{
- int i;
- BIG_zero(a);
- for (i=0; i<MODBYTES; i++)
- {
- BIG_fshl(a,8);
- a[0]+=(int)(unsigned char)b[i];
- //BIG_inc(a,(int)(unsigned char)b[i]); BIG_norm(a);
- }
-#ifdef DEBUG_NORM
- a[NLEN]=0;
-#endif
-}
-
-void BIG_fromBytesLen(BIG a,char *b,int s)
-{
- int i,len=s;
- BIG_zero(a);
-
- if (s>MODBYTES) s=MODBYTES;
- for (i=0; i<len; i++)
- {
- BIG_fshl(a,8);
- a[0]+=(int)(unsigned char)b[i];
- }
-#ifdef DEBUG_NORM
- a[NLEN]=0;
-#endif
-}
-
-
-
-/* SU= 88 */
-void BIG_doutput(DBIG a)
-{
- DBIG b;
- int i,len;
- BIG_dnorm(a);
- len=BIG_dnbits(a);
- if (len%4==0) len/=4;
- else
- {
- len/=4;
- len++;
- }
-
- for (i=len-1; i>=0; i--)
- {
- BIG_dcopy(b,a);
- BIG_dshr(b,i*4);
- printf("%01x",(unsigned int) b[0]&15);
- }
-}
-
-/* Copy b=a */
-void BIG_copy(BIG b,BIG a)
-{
- int i;
- for (i=0; i<NLEN; i++)
- b[i]=a[i];
-#ifdef DEBUG_NORM
- b[NLEN]=a[NLEN];
-#endif
-}
-
-/* Copy from ROM b=a */
-void BIG_rcopy(BIG b,const BIG a)
-{
- int i;
- for (i=0; i<NLEN; i++)
- b[i]=a[i];
-#ifdef DEBUG_NORM
- b[NLEN]=0;
-#endif
-}
-
-/* double length DBIG copy b=a */
-void BIG_dcopy(DBIG b,DBIG a)
-{
- int i;
- for (i=0; i<DNLEN; i++)
- b[i]=a[i];
-#ifdef DEBUG_NORM
- b[DNLEN]=a[DNLEN];
-#endif
-}
-
-/* Copy BIG to bottom half of DBIG */
-void BIG_dscopy(DBIG b,BIG a)
-{
- int i;
- for (i=0; i<NLEN-1; i++)
- b[i]=a[i];
-
- b[NLEN-1]=a[NLEN-1]&BMASK; /* top word normalized */
- b[NLEN]=a[NLEN-1]>>BASEBITS;
-
- for (i=NLEN+1; i<DNLEN; i++) b[i]=0;
-#ifdef DEBUG_NORM
- b[DNLEN]=a[NLEN];
-#endif
-}
-
-/* Copy BIG to top half of DBIG */
-void BIG_dsucopy(DBIG b,BIG a)
-{
- int i;
- for (i=0; i<NLEN; i++)
- b[i]=0;
- for (i=NLEN; i<DNLEN; i++)
- b[i]=a[i-NLEN];
-#ifdef DEBUG_NORM
- b[DNLEN]=a[NLEN];
-#endif
-}
-
-/* Copy bottom half of DBIG to BIG */
-void BIG_sdcopy(BIG b,DBIG a)
-{
- int i;
- for (i=0; i<NLEN; i++)
- b[i]=a[i];
-#ifdef DEBUG_NORM
- b[NLEN]=a[DNLEN];
-#endif
-}
-
-/* Copy top half of DBIG to BIG */
-void BIG_sducopy(BIG b,DBIG a)
-{
- int i;
- for (i=0; i<NLEN; i++)
- b[i]=a[i+NLEN];
-#ifdef DEBUG_NORM
- b[NLEN]=a[DNLEN];
-#endif
-}
-
-/* Set a=0 */
-void BIG_zero(BIG a)
-{
- int i;
- for (i=0; i<NLEN; i++)
- a[i]=0;
-#ifdef DEBUG_NORM
- a[NLEN]=0;
-#endif
-}
-
-void BIG_dzero(DBIG a)
-{
- int i;
- for (i=0; i<DNLEN; i++)
- a[i]=0;
-#ifdef DEBUG_NORM
- a[DNLEN]=0;
-#endif
-}
-
-/* set a=1 */
-void BIG_one(BIG a)
-{
- int i;
- a[0]=1;
- for (i=1; i<NLEN; i++)
- a[i]=0;
-#ifdef DEBUG_NORM
- a[NLEN]=0;
-#endif
-}
-
-
-
-/* Set c=a+b */
-/* SU= 8 */
-void BIG_add(BIG c,BIG a,BIG b)
-{
- int i;
- for (i=0; i<NLEN; i++)
- c[i]=a[i]+b[i];
-#ifdef DEBUG_NORM
- c[NLEN]=a[NLEN]+b[NLEN]+1;
- if (c[NLEN]>=NEXCESS) printf("add problem - digit overflow %d\n",c[NLEN]);
-#endif
-}
-
-/* Set c=c+d */
-void BIG_inc(BIG c,int d)
-{
- BIG_norm(c);
- c[0]+=(chunk)d;
-#ifdef DEBUG_NORM
- c[NLEN]=1;
-#endif
-}
-
-/* Set c=a-b */
-/* SU= 8 */
-void BIG_sub(BIG c,BIG a,BIG b)
-{
- int i;
- for (i=0; i<NLEN; i++)
- c[i]=a[i]-b[i];
-#ifdef DEBUG_NORM
- c[NLEN]=a[NLEN]+b[NLEN]+1;
- if (c[NLEN]>=NEXCESS) printf("sub problem - digit overflow %d\n",c[NLEN]);
-#endif
-}
-
-/* SU= 8 */
-
-void BIG_dsub(DBIG c,DBIG a,DBIG b)
-{
- int i;
- for (i=0; i<DNLEN; i++)
- c[i]=a[i]-b[i];
-#ifdef DEBUG_NORM
- c[DNLEN]=a[DNLEN]+b[DNLEN]+1;
- if (c[DNLEN]>=NEXCESS) printf("sub problem - digit overflow %d\n",c[DNLEN]);
-#endif
-}
-
-
-/* Set c=c-1 */
-void BIG_dec(BIG c,int d)
-{
- BIG_norm(c);
- c[0]-=(chunk)d;
-#ifdef DEBUG_NORM
- c[NLEN]=1;
-#endif
-}
-
-/* multiplication r=a*c by c<=NEXCESS */
-void BIG_imul(BIG r,BIG a,int c)
-{
- int i;
- for (i=0; i<NLEN; i++) r[i]=a[i]*c;
-#ifdef DEBUG_NORM
- r[NLEN]=(a[NLEN]+1)*c-1;
- if (r[NLEN]>=NEXCESS) printf("int mul problem - digit overflow %d\n",r[NLEN]);
-#endif
-}
-
-/* multiplication r=a*c by larger integer - c<=FEXCESS */
-/* SU= 24 */
-chunk BIG_pmul(BIG r,BIG a,int c)
-{
- int i;
- chunk ak,carry=0;
- BIG_norm(a);
- for (i=0; i<NLEN; i++)
- {
- ak=a[i];
- r[i]=0;
- carry=muladd(ak,(chunk)c,carry,&r[i]);
- }
-#ifdef DEBUG_NORM
- r[NLEN]=0;
-#endif
- return carry;
-}
-
-/* r/=3 */
-/* SU= 16 */
-int BIG_div3(BIG r)
-{
- int i;
- chunk ak,base,carry=0;
- BIG_norm(r);
- base=((chunk)1<<BASEBITS);
- for (i=NLEN-1; i>=0; i--)
- {
- ak=(carry*base+r[i]);
- r[i]=ak/3;
- carry=ak%3;
- }
- return (int)carry;
-}
-
-/* multiplication c=a*b by even larger integer b>FEXCESS, resulting in DBIG */
-/* SU= 24 */
-void BIG_pxmul(DBIG c,BIG a,int b)
-{
- int j;
- chunk carry;
- BIG_dzero(c);
- carry=0;
- for (j=0; j<NLEN; j++)
- carry=muladd(a[j],(chunk)b,carry,&c[j]);
- c[NLEN]=carry;
-#ifdef DEBUG_NORM
- c[DNLEN]=0;
-#endif
-}
-
-/* .. if you know the result will fit in a BIG, c must be distinct from a and b */
-/* SU= 40 */
-void BIG_smul(BIG c,BIG a,BIG b)
-{
- int i,j;
- chunk carry;
- BIG_norm(a);
- BIG_norm(b);
-
- BIG_zero(c);
- for (i=0; i<NLEN; i++)
- {
- carry=0;
- for (j=0; j<NLEN; j++)
- {
- if (i+j<NLEN)
- carry=muladd(a[i],b[j],carry,&c[i+j]);
- }
- }
-#ifdef DEBUG_NORM
- c[NLEN]=0;
-#endif
-}
-
-/* Set c=a*b */
-/* SU= 72 */
-void BIG_mul(DBIG c,BIG a,BIG b)
-{
- int i;
-#ifdef dchunk
- dchunk t,co;
- dchunk s;
- dchunk d[NLEN];
- int k;
-#endif
-
- /* change here - a and b MUST be normed on input */
-
-// BIG_norm(a); /* needed here to prevent overflow from addition of partial products */
-// BIG_norm(b);
-
- /* Faster to Combafy it.. Let the compiler unroll the loops! */
-
-#ifdef COMBA
-
- /* faster psuedo-Karatsuba method */
-#ifdef UNWOUND
-
- /* Insert output of faster.c here */
-
-#else
- for (i=0; i<NLEN; i++)
- d[i]=(dchunk)a[i]*b[i];
-
- s=d[0];
- t=s;
- c[0]=(chunk)t&BMASK;
- co=t>>BASEBITS;
-
- for (k=1; k<NLEN; k++)
- {
- s+=d[k];
- t=co+s;
- for (i=k; i>=1+k/2; i--) t+=(dchunk)(a[i]-a[k-i])*(b[k-i]-b[i]);
- c[k]=(chunk)t&BMASK;
- co=t>>BASEBITS;
- }
- for (k=NLEN; k<2*NLEN-1; k++)
- {
- s-=d[k-NLEN];
- t=co+s;
- for (i=NLEN-1; i>=1+k/2; i--) t+=(dchunk)(a[i]-a[k-i])*(b[k-i]-b[i]);
- c[k]=(chunk)t&BMASK;
- co=t>>BASEBITS;
- }
- c[2*NLEN-1]=(chunk)co;
-
-#endif
-
-#else
- int j;
- chunk carry;
- BIG_dzero(c);
- for (i=0; i<NLEN; i++)
- {
- carry=0;
- for (j=0; j<NLEN; j++)
- carry=muladd(a[i],b[j],carry,&c[i+j]);
-
- c[NLEN+i]=carry;
- }
-
-#endif
-
-#ifdef DEBUG_NORM
- c[DNLEN]=0;
-#endif
-}
-
-/* Set c=a*a */
-/* SU= 80 */
-void BIG_sqr(DBIG c,BIG a)
-{
- int i,j,last;
-#ifdef dchunk
- dchunk t,co;
-#endif
-
- /* change here - a MUST be normed on input */
-// BIG_norm(a);
-
- /* Note 2*a[i] in loop below and extra addition */
-
-#ifdef COMBA
-
-#ifdef UNWOUND
-
- /* Insert output of faster.c here */
-
-#else
-
- t=(dchunk)a[0]*a[0];
- c[0]=(chunk)t&BMASK;
- co=t>>BASEBITS;
- t=(dchunk)a[1]*a[0];
- t+=t;
- t+=co;
- c[1]=(chunk)t&BMASK;
- co=t>>BASEBITS;
-
- last=NLEN-NLEN%2;
- for (j=2; j<last; j+=2)
- {
- t=(dchunk)a[j]*a[0];
- for (i=1; i<(j+1)/2; i++) t+=(dchunk)a[j-i]*a[i];
- t+=t;
- t+=co;
- t+=(dchunk)a[j/2]*a[j/2];
- c[j]=(chunk)t&BMASK;
- co=t>>BASEBITS;
- t=(dchunk)a[j+1]*a[0];
- for (i=1; i<(j+2)/2; i++) t+=(dchunk)a[j+1-i]*a[i];
- t+=t;
- t+=co;
- c[j+1]=(chunk)t&BMASK;
- co=t>>BASEBITS;
- }
- j=last;
-#if NLEN%2==1
- t=(dchunk)a[j]*a[0];
- for (i=1; i<(j+1)/2; i++) t+=(dchunk)a[j-i]*a[i];
- t+=t;
- t+=co;
- t+=(dchunk)a[j/2]*a[j/2];
- c[j]=(chunk)t&BMASK;
- co=t>>BASEBITS;
- j++;
- t=(dchunk)a[NLEN-1]*a[j-NLEN+1];
- for (i=j-NLEN+2; i<(j+1)/2; i++) t+=(dchunk)a[j-i]*a[i];
- t+=t;
- t+=co;
- c[j]=(chunk)t&BMASK;
- co=t>>BASEBITS;
- j++;
-#endif
- for (; j<DNLEN-2; j+=2)
- {
- t=(dchunk)a[NLEN-1]*a[j-NLEN+1];
- for (i=j-NLEN+2; i<(j+1)/2; i++) t+=(dchunk)a[j-i]*a[i];
- t+=t;
- t+=co;
- t+=(dchunk)a[j/2]*a[j/2];
- c[j]=(chunk)t&BMASK;
- co=t>>BASEBITS;
- t=(dchunk)a[NLEN-1]*a[j-NLEN+2];
- for (i=j-NLEN+3; i<(j+2)/2; i++) t+=(dchunk)a[j+1-i]*a[i];
- t+=t;
- t+=co;
- c[j+1]=(chunk)t&BMASK;
- co=t>>BASEBITS;
- }
-
- t=(dchunk)a[NLEN-1]*a[NLEN-1]+co;
- c[DNLEN-2]=(chunk)t&BMASK;
- co=t>>BASEBITS;
- c[DNLEN-1]=(chunk)co;
-#endif
-
-#else
- chunk carry;
- BIG_dzero(c);
- for (i=0; i<NLEN; i++)
- {
- carry=0;
- for (j=i+1; j<NLEN; j++)
- carry=muladd(a[i],a[j],carry,&c[i+j]);
- c[NLEN+i]=carry;
- }
-
- for (i=0; i<DNLEN; i++) c[i]*=2;
-
- for (i=0; i<NLEN; i++)
- c[2*i+1]+=muladd(a[i],a[i],0,&c[2*i]);
-
- BIG_dnorm(c);
-#endif
-
-
-#ifdef DEBUG_NORM
- c[DNLEN]=0;
-#endif
-
-}
-
-/* Montgomery reduction */
-void BIG_monty(BIG a,BIG md,chunk MC,DBIG d)
-{
- int i,k;
-
-#ifdef dchunk
- dchunk t,c,s;
- dchunk dd[NLEN];
- chunk v[NLEN];
-#endif
-
-#ifdef COMBA
-
-#ifdef UNWOUND
-
- /* Insert output of faster.c here */
-
-#else
-
- t=d[0];
- v[0]=((chunk)t*MC)&BMASK;
- t+=(dchunk)v[0]*md[0];
- c=(t>>BASEBITS)+d[1];
- s=0;
-
- for (k=1; k<NLEN; k++)
- {
- t=c+s+(dchunk)v[0]*md[k];
- for (i=k-1; i>k/2; i--) t+=(dchunk)(v[k-i]-v[i])*(md[i]-md[k-i]);
- v[k]=((chunk)t*MC)&BMASK;
- t+=(dchunk)v[k]*md[0];
- c=(t>>BASEBITS)+d[k+1];
- dd[k]=(dchunk)v[k]*md[k];
- s+=dd[k];
- }
- for (k=NLEN; k<2*NLEN-1; k++)
- {
- t=c+s;
- for (i=NLEN-1; i>=1+k/2; i--) t+=(dchunk)(v[k-i]-v[i])*(md[i]-md[k-i]);
- a[k-NLEN]=(chunk)t&BMASK;
- c=(t>>BASEBITS)+d[k+1];
- s-=dd[k-NLEN+1];
- }
- a[NLEN-1]=(chunk)c&BMASK;
-
-#endif
-
-#ifdef DEBUG_NORM
- a[NLEN]=0;
-#endif
-
-#else
- int j;
- chunk m,carry;
- for (i=0; i<NLEN; i++)
- {
- if (MC==-1) m=(-d[i])&BMASK;
- else
- {
- if (MC==1) m=d[i];
- else m=(MC*d[i])&BMASK;
- }
- carry=0;
- for (j=0; j<NLEN; j++)
- carry=muladd(m,md[j],carry,&d[i+j]);
- d[NLEN+i]+=carry;
- }
- BIG_sducopy(a,d);
- BIG_norm(a);
-
-#endif
-}
-
-/* General shift left of a by n bits */
-/* a MUST be normalised */
-/* SU= 32 */
-void BIG_shl(BIG a,int k)
-{
- int i;
- int n=k%BASEBITS;
- int m=k/BASEBITS;
-
-// a[NLEN-1]=((a[NLEN-1-m]<<n))|(a[NLEN-m-2]>>(BASEBITS-n));
-
- a[NLEN-1]=((a[NLEN-1-m]<<n));
- if (NLEN>=m+2) a[NLEN-1]|=(a[NLEN-m-2]>>(BASEBITS-n));
-
- for (i=NLEN-2; i>m; i--)
- a[i]=((a[i-m]<<n)&BMASK)|(a[i-m-1]>>(BASEBITS-n));
- a[m]=(a[0]<<n)&BMASK;
- for (i=0; i<m; i++) a[i]=0;
-
-}
-
-/* Fast shift left of a by n bits, where n less than a word, Return excess (but store it as well) */
-/* a MUST be normalised */
-/* SU= 16 */
-int BIG_fshl(BIG a,int n)
-{
- int i;
-
- a[NLEN-1]=((a[NLEN-1]<<n))|(a[NLEN-2]>>(BASEBITS-n)); /* top word not masked */
- for (i=NLEN-2; i>0; i--)
- a[i]=((a[i]<<n)&BMASK)|(a[i-1]>>(BASEBITS-n));
- a[0]=(a[0]<<n)&BMASK;
-
- return (int)(a[NLEN-1]>>((8*MODBYTES)%BASEBITS)); /* return excess - only used in ff.c */
-}
-
-/* double length left shift of a by k bits - k can be > BASEBITS , a MUST be normalised */
-/* SU= 32 */
-void BIG_dshl(DBIG a,int k)
-{
- int i;
- int n=k%BASEBITS;
- int m=k/BASEBITS;
-
- a[DNLEN-1]=((a[DNLEN-1-m]<<n))|(a[DNLEN-m-2]>>(BASEBITS-n));
-
- for (i=DNLEN-2; i>m; i--)
- a[i]=((a[i-m]<<n)&BMASK)|(a[i-m-1]>>(BASEBITS-n));
- a[m]=(a[0]<<n)&BMASK;
- for (i=0; i<m; i++) a[i]=0;
-
-}
-
-/* General shift rightof a by k bits */
-/* a MUST be normalised */
-/* SU= 32 */
-void BIG_shr(BIG a,int k)
-{
- int i;
- int n=k%BASEBITS;
- int m=k/BASEBITS;
- for (i=0; i<NLEN-m-1; i++)
- a[i]=(a[m+i]>>n)|((a[m+i+1]<<(BASEBITS-n))&BMASK);
- if (NLEN>m) a[NLEN-m-1]=a[NLEN-1]>>n;
- for (i=NLEN-m; i<NLEN; i++) a[i]=0;
-
-}
-
-/* Faster shift right of a by k bits. Return shifted out part */
-/* a MUST be normalised */
-/* SU= 16 */
-int BIG_fshr(BIG a,int k)
-{
- int i;
- chunk r=a[0]&(((chunk)1<<k)-1); /* shifted out part */
- for (i=0; i<NLEN-1; i++)
- a[i]=(a[i]>>k)|((a[i+1]<<(BASEBITS-k))&BMASK);
- a[NLEN-1]=a[NLEN-1]>>k;
- return (int)r;
-}
-
-/* double length right shift of a by k bits - can be > BASEBITS */
-/* SU= 32 */
-void BIG_dshr(DBIG a,int k)
-{
- int i;
- int n=k%BASEBITS;
- int m=k/BASEBITS;
- for (i=0; i<DNLEN-m-1; i++)
- a[i]=(a[m+i]>>n)|((a[m+i+1]<<(BASEBITS-n))&BMASK);
- a[DNLEN-m-1]=a[DNLEN-1]>>n;
- for (i=DNLEN-m; i<DNLEN; i++ ) a[i]=0;
-}
-
-/* Split DBIG d into two BIGs t|b. Split happens at n bits, where n falls into NLEN word */
-/* d MUST be normalised */
-/* SU= 24 */
-chunk BIG_split(BIG t,BIG b,DBIG d,int n)
-{
- int i;
- chunk nw,carry=0;
- int m=n%BASEBITS;
-// BIG_dnorm(d);
-
- if (m==0)
- {
- for (i=0; i<NLEN; i++) b[i]=d[i];
- if (t!=b)
- {
- for (i=NLEN; i<2*NLEN; i++) t[i-NLEN]=d[i];
- carry=t[NLEN-1]>>BASEBITS;
- t[NLEN-1]=t[NLEN-1]&BMASK; /* top word normalized */
- }
- return carry;
- }
-
- for (i=0; i<NLEN-1; i++) b[i]=d[i];
-
- b[NLEN-1]=d[NLEN-1]&(((chunk)1<<m)-1);
-
- if (t!=b)
- {
- carry=(d[DNLEN-1]<<(BASEBITS-m));
- for (i=DNLEN-2; i>=NLEN-1; i--)
- {
- nw=(d[i]>>m)|carry;
- carry=(d[i]<<(BASEBITS-m))&BMASK;
- t[i-NLEN+1]=nw;
- }
- }
-#ifdef DEBUG_NORM
- t[NLEN]=0;
- b[NLEN]=0;
-#endif
- return carry;
-}
-
-/* you gotta keep the sign of carry! Look - no branching! */
-/* Note that sign bit is needed to disambiguate between +ve and -ve values */
-/* normalise BIG - force all digits < 2^BASEBITS */
-chunk BIG_norm(BIG a)
-{
- int i;
- chunk d,carry=0;
- for (i=0; i<NLEN-1; i++)
- {
- d=a[i]+carry;
- a[i]=d&BMASK;
- carry=d>>BASEBITS;
- }
- a[NLEN-1]=(a[NLEN-1]+carry);
-
-#ifdef DEBUG_NORM
- a[NLEN]=0;
-#endif
- return (a[NLEN-1]>>((8*MODBYTES)%BASEBITS)); /* only used in ff.c */
-}
-
-void BIG_dnorm(DBIG a)
-{
- int i;
- chunk d,carry=0;
- for (i=0; i<DNLEN-1; i++)
- {
- d=a[i]+carry;
- a[i]=d&BMASK;
- carry=d>>BASEBITS;
- }
- a[DNLEN-1]=(a[DNLEN-1]+carry);
-#ifdef DEBUG_NORM
- a[DNLEN]=0;
-#endif
-}
-
-/* Compare a and b. Return 1 for a>b, -1 for a<b, 0 for a==b */
-/* a and b MUST be normalised before call */
-int BIG_comp(BIG a,BIG b)
-{
- int i;
- for (i=NLEN-1; i>=0; i--)
- {
- if (a[i]==b[i]) continue;
- if (a[i]>b[i]) return 1;
- else return -1;
- }
- return 0;
-}
-
-int BIG_dcomp(DBIG a,DBIG b)
-{
- int i;
- for (i=DNLEN-1; i>=0; i--)
- {
- if (a[i]==b[i]) continue;
- if (a[i]>b[i]) return 1;
- else return -1;
- }
- return 0;
-}
-
-/* return number of bits in a */
-/* SU= 8 */
-int BIG_nbits(BIG a)
-{
- int bts,k=NLEN-1;
- chunk c;
- BIG_norm(a);
- while (k>=0 && a[k]==0) k--;
- if (k<0) return 0;
- bts=BASEBITS*k;
- c=a[k];
- while (c!=0)
- {
- c/=2;
- bts++;
- }
- return bts;
-}
-
-/* SU= 8, Calculate number of bits in a DBIG - output normalised */
-int BIG_dnbits(DBIG a)
-{
- int bts,k=DNLEN-1;
- chunk c;
- BIG_dnorm(a);
- while (k>=0 && a[k]==0) k--;
- if (k<0) return 0;
- bts=BASEBITS*k;
- c=a[k];
- while (c!=0)
- {
- c/=2;
- bts++;
- }
- return bts;
-}
-
-
-/* Set b=b mod c */
-/* SU= 16 */
-void BIG_mod(BIG b,BIG c)
-{
- int k=0;
- BIG r; /**/
-
- BIG_norm(b);
- if (BIG_comp(b,c)<0)
- return;
- do
- {
- BIG_fshl(c,1);
- k++;
- }
- while (BIG_comp(b,c)>=0);
-
- while (k>0)
- {
- BIG_fshr(c,1);
-
-// constant time...
- BIG_sub(r,b,c);
- BIG_norm(r);
- BIG_cmove(b,r,1-((r[NLEN-1]>>(CHUNK-1))&1));
- /*
- if (BIG_comp(b,c)>=0)
- {
- BIG_sub(b,b,c);
- BIG_norm(b);
- }
- */
- k--;
- }
-}
-
-/* Set a=b mod c, b is destroyed. Slow but rarely used. */
-/* SU= 96 */
-void BIG_dmod(BIG a,DBIG b,BIG c)
-{
- int k=0;
- DBIG m,r;
- BIG_dnorm(b);
- BIG_dscopy(m,c);
-
- if (BIG_dcomp(b,m)<0)
- {
- BIG_sdcopy(a,b);
- return;
- }
-
- do
- {
- BIG_dshl(m,1);
- k++;
- }
- while (BIG_dcomp(b,m)>=0);
-
- while (k>0)
- {
- BIG_dshr(m,1);
-// constant time...
- BIG_dsub(r,b,m);
- BIG_dnorm(r);
- BIG_dcmove(b,r,1-((r[DNLEN-1]>>(CHUNK-1))&1));
- /*
- if (BIG_dcomp(b,m)>=0)
- {
- BIG_dsub(b,b,m);
- BIG_dnorm(b);
- }
- */
- k--;
- }
- BIG_sdcopy(a,b);
-}
-
-/* Set a=b/c, b is destroyed. Slow but rarely used. */
-/* SU= 136 */
-
-void BIG_ddiv(BIG a,DBIG b,BIG c)
-{
- int d,k=0;
- DBIG m,dr;
- BIG e,r;
- BIG_dnorm(b);
- BIG_dscopy(m,c);
-
- BIG_zero(a);
- BIG_zero(e);
- BIG_inc(e,1);
-
- while (BIG_dcomp(b,m)>=0)
- {
- BIG_fshl(e,1);
- BIG_dshl(m,1);
- k++;
- }
-
- while (k>0)
- {
- BIG_dshr(m,1);
- BIG_fshr(e,1);
-
- BIG_dsub(dr,b,m);
- BIG_dnorm(dr);
- d=1-((dr[DNLEN-1]>>(CHUNK-1))&1);
- BIG_dcmove(b,dr,d);
-
- BIG_add(r,a,e);
- BIG_norm(r);
- BIG_cmove(a,r,d);
- /*
- if (BIG_dcomp(b,m)>=0)
- {
- BIG_add(a,a,e);
- BIG_norm(a);
- BIG_dsub(b,b,m);
- BIG_dnorm(b);
- } */
- k--;
- }
-}
-
-/* SU= 136 */
-
-void BIG_sdiv(BIG a,BIG c)
-{
- int d,k=0;
- BIG m,e,b,r;
- BIG_norm(a);
- BIG_copy(b,a);
- BIG_copy(m,c);
-
- BIG_zero(a);
- BIG_zero(e);
- BIG_inc(e,1);
-
- while (BIG_comp(b,m)>=0)
- {
- BIG_fshl(e,1);
- BIG_fshl(m,1);
- k++;
- }
-
- while (k>0)
- {
- BIG_fshr(m,1);
- BIG_fshr(e,1);
-
- BIG_sub(r,b,m);
- BIG_norm(r);
- d=1-((r[NLEN-1]>>(CHUNK-1))&1);
- BIG_cmove(b,r,d);
-
- BIG_add(r,a,e);
- BIG_norm(r);
- BIG_cmove(a,r,d);
- /*
- if (BIG_comp(b,m)>=0)
- {
- BIG_sub(b,b,m);
- BIG_norm(b);
- BIG_add(a,a,e);
- BIG_norm(a);
- } */
- k--;
- }
-}
-
-/* return LSB of a */
-int BIG_parity(BIG a)
-{
- return a[0]%2;
-}
-
-/* return n-th bit of a */
-/* SU= 16 */
-int BIG_bit(BIG a,int n)
-{
- if (a[n/BASEBITS]&((chunk)1<<(n%BASEBITS))) return 1;
- else return 0;
-}
-
-/* return NAF value as +/- 1, 3 or 5. x and x3 should be normed.
-nbs is number of bits processed, and nzs is number of trailing 0s detected */
-/* SU= 32 */
-/*
-int BIG_nafbits(BIG x,BIG x3,int i,int *nbs,int *nzs)
-{
- int j,r,nb;
-
- nb=BIG_bit(x3,i)-BIG_bit(x,i);
- *nbs=1;
- *nzs=0;
- if (nb==0) return 0;
- if (i==0) return nb;
-
- if (nb>0) r=1;
- else r=(-1);
-
- for (j=i-1;j>0;j--)
- {
- (*nbs)++;
- r*=2;
- nb=BIG_bit(x3,j)-BIG_bit(x,j);
- if (nb>0) r+=1;
- if (nb<0) r-=1;
- if (abs(r)>5) break;
- }
-
- if (r%2!=0 && j!=0)
- { // backtrack
- if (nb>0) r=(r-1)/2;
- if (nb<0) r=(r+1)/2;
- (*nbs)--;
- }
-
- while (r%2==0)
- { // remove trailing zeros
- r/=2;
- (*nzs)++;
- (*nbs)--;
- }
- return r;
-}
-*/
-
-/* return last n bits of a, where n is small < BASEBITS */
-/* SU= 16 */
-int BIG_lastbits(BIG a,int n)
-{
- int msk=(1<<n)-1;
- BIG_norm(a);
- return ((int)a[0])&msk;
-}
-
-/* get 8*MODBYTES size random number */
-void BIG_random(BIG m,csprng *rng)
-{
- int i,b,j=0,r=0;
- int len=8*MODBYTES;
-
- BIG_zero(m);
- /* generate random BIG */
- for (i=0; i<len; i++)
- {
- if (j==0) r=RAND_byte(rng);
- else r>>=1;
- b=r&1;
- BIG_shl(m,1);
- m[0]+=b;
- j++;
- j&=7;
- }
-
-#ifdef DEBUG_NORM
- m[NLEN]=0;
-#endif
-}
-
-/* get random BIG from rng, modulo q. Done one bit at a time, so its portable */
-
-void BIG_randomnum(BIG m,BIG q,csprng *rng)
-{
- int i,b,j=0,r=0;
- DBIG d;
- BIG_dzero(d);
- /* generate random DBIG */
- for (i=0; i<2*MODBITS; i++)
- {
- if (j==0) r=RAND_byte(rng);
- else r>>=1;
- b=r&1;
- BIG_dshl(d,1);
- d[0]+=b;
- j++;
- j&=7;
- }
- /* reduce modulo a BIG. Removes bias */
- BIG_dmod(m,d,q);
-#ifdef DEBUG_NORM
- m[NLEN]=0;
-#endif
-}
-
-/* Set r=a*b mod m */
-/* SU= 96 */
-void BIG_modmul(BIG r,BIG a,BIG b,BIG m)
-{
- DBIG d;
- BIG_mod(a,m);
- BIG_mod(b,m);
-//BIG_norm(a); BIG_norm(b);
- BIG_mul(d,a,b);
- BIG_dmod(r,d,m);
-}
-
-/* Set a=a*a mod m */
-/* SU= 88 */
-void BIG_modsqr(BIG r,BIG a,BIG m)
-{
- DBIG d;
- BIG_mod(a,m);
-//BIG_norm(a);
- BIG_sqr(d,a);
- BIG_dmod(r,d,m);
-}
-
-/* Set r=-a mod m */
-/* SU= 16 */
-void BIG_modneg(BIG r,BIG a,BIG m)
-{
- BIG_mod(a,m);
- BIG_sub(r,m,a);
- BIG_mod(r,m);
-}
-
-/* Set a=a/b mod m */
-/* SU= 136 */
-void BIG_moddiv(BIG r,BIG a,BIG b,BIG m)
-{
- DBIG d;
- BIG z;
- BIG_mod(a,m);
- BIG_invmodp(z,b,m);
-//BIG_norm(a); BIG_norm(z);
- BIG_mul(d,a,z);
- BIG_dmod(r,d,m);
-}
-
-/* Get jacobi Symbol (a/p). Returns 0, 1 or -1 */
-/* SU= 216 */
-int BIG_jacobi(BIG a,BIG p)
-{
- int n8,k,m=0;
- BIG t,x,n,zilch,one;
- BIG_one(one);
- BIG_zero(zilch);
- if (BIG_parity(p)==0 || BIG_comp(a,zilch)==0 || BIG_comp(p,one)<=0) return 0;
- BIG_norm(a);
- BIG_copy(x,a);
- BIG_copy(n,p);
- BIG_mod(x,p);
-
- while (BIG_comp(n,one)>0)
- {
- if (BIG_comp(x,zilch)==0) return 0;
- n8=BIG_lastbits(n,3);
- k=0;
- while (BIG_parity(x)==0)
- {
- k++;
- BIG_shr(x,1);
- }
- if (k%2==1) m+=(n8*n8-1)/8;
- m+=(n8-1)*(BIG_lastbits(x,2)-1)/4;
- BIG_copy(t,n);
-
- BIG_mod(t,x);
- BIG_copy(n,x);
- BIG_copy(x,t);
- m%=2;
-
- }
- if (m==0) return 1;
- else return -1;
-}
-
-/* Set r=1/a mod p. Binary method */
-/* SU= 240 */
-void BIG_invmodp(BIG r,BIG a,BIG p)
-{
- BIG u,v,x1,x2,t,one;
- BIG_mod(a,p);
- BIG_copy(u,a);
- BIG_copy(v,p);
- BIG_one(one);
- BIG_copy(x1,one);
- BIG_zero(x2);
-
- while (BIG_comp(u,one)!=0 && BIG_comp(v,one)!=0)
- {
- while (BIG_parity(u)==0)
- {
- BIG_shr(u,1);
- if (BIG_parity(x1)!=0)
- {
- BIG_add(x1,p,x1);
- BIG_norm(x1);
- }
- BIG_shr(x1,1);
- }
- while (BIG_parity(v)==0)
- {
- BIG_shr(v,1);
- if (BIG_parity(x2)!=0)
- {
- BIG_add(x2,p,x2);
- BIG_norm(x2);
- }
- BIG_shr(x2,1);
- }
- if (BIG_comp(u,v)>=0)
- {
- BIG_sub(u,u,v);
- BIG_norm(u);
- if (BIG_comp(x1,x2)>=0) BIG_sub(x1,x1,x2);
- else
- {
- BIG_sub(t,p,x2);
- BIG_add(x1,x1,t);
- }
- BIG_norm(x1);
- }
- else
- {
- BIG_sub(v,v,u);
- BIG_norm(v);
- if (BIG_comp(x2,x1)>=0) BIG_sub(x2,x2,x1);
- else
- {
- BIG_sub(t,p,x1);
- BIG_add(x2,x2,t);
- }
- BIG_norm(x2);
- }
- }
- if (BIG_comp(u,one)==0)
- BIG_copy(r,x1);
- else
- BIG_copy(r,x2);
-}
-
-/* set x = x mod 2^m */
-void BIG_mod2m(BIG x,int m)
-{
- int i,wd,bt;
- chunk msk;
-// if (m>=MODBITS) return;
- wd=m/BASEBITS;
- bt=m%BASEBITS;
- msk=((chunk)1<<bt)-1;
- x[wd]&=msk;
- for (i=wd+1; i<NLEN; i++) x[i]=0;
-}
-
-// new
-/* Convert to DBIG number from byte array of given length */
-void BIG_dfromBytesLen(DBIG a,char *b,int s)
-{
- int i,len=s;
- BIG_dzero(a);
-
- for (i=0; i<len; i++)
- {
- BIG_dshl(a,8);
- a[0]+=(int)(unsigned char)b[i];
- }
-#ifdef DEBUG_NORM
- a[NLEN]=0;
-#endif
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/build_ec
----------------------------------------------------------------------
diff --git a/version22/c/build_ec b/version22/c/build_ec
deleted file mode 100644
index b5dc735..0000000
--- a/version22/c/build_ec
+++ /dev/null
@@ -1,22 +0,0 @@
-
-gcc -std=c99 -c -O3 big.c
-gcc -std=c99 -c -O3 fp.c
-gcc -std=c99 -c -O3 ecp.c
-gcc -std=c99 -c -O3 hash.c
-gcc -std=c99 -c -O3 rand.c
-gcc -std=c99 -c -O3 aes.c
-gcc -std=c99 -c -O3 gcm.c
-gcc -std=c99 -c -O3 oct.c
-gcc -std=c99 -c -O3 rom.c
-
-gcc -std=c99 -c -O3 ff.c
-
-rm amcl.a
-ar rc amcl.a big.o fp.o ecp.o hash.o ff.o
-ar r amcl.a rand.o aes.o gcm.o oct.o rom.o
-
-gcc -std=c99 -O3 testecdh.c ecdh.c randapi.c amcl.a -o testecdh
-gcc -std=c99 -O3 testrsa.c rsa.c randapi.c amcl.a -o testrsa
-gcc -std=c99 -O3 benchtest_ec.c rsa.c amcl.a -o benchtest_ec
-
-rm *.o
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/build_ec.bat
----------------------------------------------------------------------
diff --git a/version22/c/build_ec.bat b/version22/c/build_ec.bat
deleted file mode 100644
index a49fc25..0000000
--- a/version22/c/build_ec.bat
+++ /dev/null
@@ -1,22 +0,0 @@
-
-gcc -std=c99 -c -O3 big.c
-gcc -std=c99 -c -O3 fp.c
-gcc -std=c99 -c -O3 ecp.c
-gcc -std=c99 -c -O3 hash.c
-gcc -std=c99 -c -O3 rand.c
-gcc -std=c99 -c -O3 aes.c
-gcc -std=c99 -c -O3 gcm.c
-gcc -std=c99 -c -O3 oct.c
-gcc -std=c99 -c -O3 rom.c
-
-gcc -std=c99 -c -O3 ff.c
-
-del amcl.a
-ar rc amcl.a big.o fp.o ecp.o hash.o ff.o
-ar r amcl.a rand.o aes.o gcm.o oct.o rom.o
-
-gcc -std=c99 -O3 testecdh.c ecdh.c randapi.c amcl.a -o testecdh.exe
-gcc -std=c99 -O3 testrsa.c rsa.c randapi.c amcl.a -o testrsa.exe
-gcc -std=c99 -O3 benchtest_ec.c rsa.c amcl.a -o benchtest_ec.exe
-
-del *.o
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/build_pair
----------------------------------------------------------------------
diff --git a/version22/c/build_pair b/version22/c/build_pair
deleted file mode 100644
index 6b6bae2..0000000
--- a/version22/c/build_pair
+++ /dev/null
@@ -1,27 +0,0 @@
-
-gcc -std=c99 -c -O3 big.c
-gcc -std=c99 -c -O3 fp.c
-gcc -std=c99 -c -O3 ecp.c
-gcc -std=c99 -c -O3 hash.c
-gcc -std=c99 -c -O3 rand.c
-gcc -std=c99 -c -O3 aes.c
-gcc -std=c99 -c -O3 gcm.c
-gcc -std=c99 -c -O3 oct.c
-gcc -std=c99 -c -O3 rom.c
-
-gcc -std=c99 -c -O3 fp2.c
-gcc -std=c99 -c -O3 ecp2.c
-gcc -std=c99 -c -O3 fp4.c
-gcc -std=c99 -c -O3 fp12.c
-gcc -std=c99 -c -O3 pair.c
-
-rm amcl.a
-ar rc amcl.a big.o fp.o ecp.o hash.o
-ar r amcl.a rand.o aes.o gcm.o oct.o rom.o
-
-ar r amcl.a pair.o fp2.o ecp2.o fp4.o fp12.o
-
-gcc -std=c99 -O3 testmpin.c mpin.c randapi.c amcl.a -o testmpin
-gcc -std=c99 -O3 benchtest_pair.c amcl.a -o benchtest_pair
-
-rm *.o
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/build_pair.bat
----------------------------------------------------------------------
diff --git a/version22/c/build_pair.bat b/version22/c/build_pair.bat
deleted file mode 100644
index 88b5daf..0000000
--- a/version22/c/build_pair.bat
+++ /dev/null
@@ -1,27 +0,0 @@
-
-gcc -std=c99 -c -O3 big.c
-gcc -std=c99 -c -O3 fp.c
-gcc -std=c99 -c -O3 ecp.c
-gcc -std=c99 -c -O3 hash.c
-gcc -std=c99 -c -O3 rand.c
-gcc -std=c99 -c -O3 aes.c
-gcc -std=c99 -c -O3 gcm.c
-gcc -std=c99 -c -O3 oct.c
-gcc -std=c99 -c -O3 rom.c
-
-gcc -std=c99 -c -O3 fp2.c
-gcc -std=c99 -c -O3 ecp2.c
-gcc -std=c99 -c -O3 fp4.c
-gcc -std=c99 -c -O3 fp12.c
-gcc -std=c99 -c -O3 pair.c
-
-del amcl.a
-ar rc amcl.a big.o fp.o ecp.o hash.o
-ar r amcl.a rand.o aes.o gcm.o oct.o rom.o
-
-ar r amcl.a pair.o fp2.o ecp2.o fp4.o fp12.o
-
-gcc -std=c99 -O3 testmpin.c mpin.c randapi.c amcl.a -o testmpin.exe
-gcc -std=c99 -O3 benchtest_pair.c amcl.a -o benchtest_pair.exe
-
-del *.o
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/ca.crt
----------------------------------------------------------------------
diff --git a/version22/c/ca.crt b/version22/c/ca.crt
deleted file mode 100644
index e3ad02f..0000000
--- a/version22/c/ca.crt
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID6zCCAtOgAwIBAgIJALJxywTGMUA7MA0GCSqGSIb3DQEBCwUAMIGLMQswCQYD
-VQQGEwJJRTEQMA4GA1UECAwHSXJlbGFuZDEPMA0GA1UEBwwGRHVibGluMQ8wDQYD
-VQQKDAZNSVJBQ0wxDTALBgNVBAsMBGxhYnMxEzARBgNVBAMMCk1pa2UgU2NvdHQx
-JDAiBgkqhkiG9w0BCQEWFW1pa2Uuc2NvdHRAbWlyYWNsLmNvbTAeFw0xNjA2MzAx
-NzQyNDFaFw0yMTA2MzAxNzQyNDFaMIGLMQswCQYDVQQGEwJJRTEQMA4GA1UECAwH
-SXJlbGFuZDEPMA0GA1UEBwwGRHVibGluMQ8wDQYDVQQKDAZNSVJBQ0wxDTALBgNV
-BAsMBGxhYnMxEzARBgNVBAMMCk1pa2UgU2NvdHQxJDAiBgkqhkiG9w0BCQEWFW1p
-a2Uuc2NvdHRAbWlyYWNsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBAPCTPcPWgiI0ka5Czd0ZzW+gTaMEe9QW7FGu5+9fS6ALrCpdbxdwDX8+OQXZ
-uQJpLYEAIq1pDh3fVQguH/jUM9gQQrS2Lmz3KhXC/J3yv85FRotCGv13ztapMedT
-y2IxzbtPvoQQc+IAlUPX6DtD8JqBoAstrlQUnkMChKztMGR2OERdjNzXmXm+KMMP
-lZzk+EvRwCornVA+SB5QAWj7y/3ISFo0y1WG8ewoQEx3HQYrjXbQP1VTdiLW7dHP
-QP86XKoTMtTBEYWuFhKB9ClCeu4Qqqxqa9UPIVfdro7SoZScCt+OX4KhzLnOCFup
-oLxE+yTDhDpYcCcmI1yglCv9DpMCAwEAAaNQME4wHQYDVR0OBBYEFFH18YEMoxms
-7121N/nQ+Wm3b5smMB8GA1UdIwQYMBaAFFH18YEMoxms7121N/nQ+Wm3b5smMAwG
-A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALCUob0y2O4DSzsqG76yrtCx
-XWxDdgjSkHKzwFK62BzZK5EuCDJrVgCyoLX0SvYvoT9x0wtS+bxJ7TNEGn7Rkp5/
-iSQCUSF7sVRoHqzErk70xVKKDy5FS+zre8k08nJrtRg2u1PmY95NO1SE96BtUVLs
-+8rQuqEX283tqlmqE/SF2+lxOb0WaVrya4oCJfj/XT83pRTcd5w9i7huWltMbKba
-gkmlQ/5q9Ayp/Jh1lLXmxr+/xEbZ2xEop/y+mgVF0vLxap7R5toBA0Yk7vvirlYv
-0hZGqGi5lBc9VeUqm1H/7XCi5xRU3AtJ4QRk4Z1xUa4qAPKfiqlPKd1dVe3Ah3w=
------END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/eccert.pem
----------------------------------------------------------------------
diff --git a/version22/c/eccert.pem b/version22/c/eccert.pem
deleted file mode 100644
index b9dfca5..0000000
--- a/version22/c/eccert.pem
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICqjCCAZICCQCk9jKdJYtnjDANBgkqhkiG9w0BAQsFADCBizELMAkGA1UEBhMC
-SUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEPMA0GA1UECgwG
-TUlSQUNMMQ0wCwYDVQQLDARsYWJzMRMwEQYDVQQDDApNaWtlIFNjb3R0MSQwIgYJ
-KoZIhvcNAQkBFhVtaWtlLnNjb3R0QG1pcmFjbC5jb20wHhcNMTYwNjMwMTc0NjQ4
-WhcNMTYwNzMwMTc0NjQ4WjCBjDELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxh
-bmQxDzANBgNVBAcMBkR1YmxpbjEPMA0GA1UECgwGTUlSQUNMMQ0wCwYDVQQLDARs
-YWJzMRgwFgYDVQQDDA9LZWFsYW4gTWNDdXNrZXIxIDAeBgkqhkiG9w0BCQEWEWtl
-YWxhbkBtaXJhY2wuY29tMDkwFAYHKoZIzj0CAQYJKwYBBAHaRw8BAyEASiRQmhO9
-PP+SqodOhXYrnSlcyAOog63E6a4KLDFvAzEwDQYJKoZIhvcNAQELBQADggEBALBy
-fCM/EhdqWBrEnDHtH2/U8xr1eSylHdcfnDSDR+X6KXH5rIJ/397lZQMHB6QSsEiV
-rWzfFDFPPjDN3xEDsZw09ZTT+L8Wi5P3UKR1gtawQCx3ciKEywAU1CU2dV05gvye
-bqIsbFUyH7jOlj6/1hIx9zaiLcoEex6D55MYQuWo664HF3CNdJFk1k4HF+fclRhy
-l4iryp0F9p0Wl5vyn96kg0NwaBZG860oCWDHZsjRq1JeSSaRf9CKNXWbQwjByeEc
-DphpprqmoVcI60cC0TvZZm1x4y7vjCXLD6uCDw3P7fnSp40yce64+IKUr8/cS+QY
-us58KHdLaLXsojZHL3c=
------END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/ecdh.c
----------------------------------------------------------------------
diff --git a/version22/c/ecdh.c b/version22/c/ecdh.c
deleted file mode 100644
index 74694f7..0000000
--- a/version22/c/ecdh.c
+++ /dev/null
@@ -1,751 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* ECDH/ECIES/ECDSA Functions - see main program below */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <time.h>
-
-#include "ecdh.h"
-
-#define ROUNDUP(a,b) ((a)-1)/(b)+1
-
-/* general purpose hash function w=hash(p|n|x|y) */
-/* pad or truncate ouput to length pad if pad!=0 */
-static void hashit(int sha,octet *p,int n,octet *x,octet *w,int pad)
-{
- int i,c[4],hlen;
- hash256 sha256;
- hash512 sha512;
- char hh[64];
-
- switch (sha)
- {
- case SHA256:
- HASH256_init(&sha256);
- break;
- case SHA384:
- HASH384_init(&sha512);
- break;
- case SHA512:
- HASH512_init(&sha512);
- break;
- }
-
- hlen=sha;
-
- for (i=0; i<p->len; i++)
- {
- switch(sha)
- {
- case SHA256:
- HASH256_process(&sha256,p->val[i]);
- break;
- case SHA384:
- HASH384_process(&sha512,p->val[i]);
- break;
- case SHA512:
- HASH512_process(&sha512,p->val[i]);
- break;
- }
- }
- if (n>0)
- {
- c[0]=(n>>24)&0xff;
- c[1]=(n>>16)&0xff;
- c[2]=(n>>8)&0xff;
- c[3]=(n)&0xff;
- for (i=0; i<4; i++)
- {
- switch(sha)
- {
- case SHA256:
- HASH256_process(&sha256,c[i]);
- break;
- case SHA384:
- HASH384_process(&sha512,c[i]);
- break;
- case SHA512:
- HASH512_process(&sha512,c[i]);
- break;
- }
- }
- }
- if (x!=NULL) for (i=0; i<x->len; i++)
- {
- switch(sha)
- {
- case SHA256:
- HASH256_process(&sha256,x->val[i]);
- break;
- case SHA384:
- HASH384_process(&sha512,x->val[i]);
- break;
- case SHA512:
- HASH512_process(&sha512,x->val[i]);
- break;
- }
- }
-
- switch (sha)
- {
- case SHA256:
- HASH256_hash(&sha256,hh);
- break;
- case SHA384:
- HASH384_hash(&sha512,hh);
- break;
- case SHA512:
- HASH512_hash(&sha512,hh);
- break;
- }
-
- OCT_empty(w);
- if (!pad)
- OCT_jbytes(w,hh,hlen);
- else
- {
- if (pad<=hlen)
- OCT_jbytes(w,hh,pad);
- else
- {
- OCT_jbytes(w,hh,hlen);
- OCT_jbyte(w,0,pad-hlen);
- }
- }
- return;
-}
-
-/* Hash octet p to octet w */
-void HASH(int sha,octet *p,octet *w)
-{
- hashit(sha,p,-1,NULL,w,0);
-}
-
-/* Calculate HMAC of m using key k. HMAC is tag of length olen */
-int HMAC(int sha,octet *m,octet *k,int olen,octet *tag)
-{
- /* Input is from an octet m *
- * olen is requested output length in bytes. k is the key *
- * The output is the calculated tag */
- int hlen,b;
- char h[128],k0[128];
- octet H= {0,sizeof(h),h};
- octet K0= {0,sizeof(k0),k0};
-
- hlen=sha;
- if (hlen>32) b=128;
- else b=64;
-
- if (olen<4 /*|| olen>hlen*/) return 0;
-
- if (k->len > b) hashit(sha,k,-1,NULL,&K0,0);
- else OCT_copy(&K0,k);
-
- OCT_jbyte(&K0,0,b-K0.len);
-
- OCT_xorbyte(&K0,0x36);
-
- hashit(sha,&K0,-1,m,&H,0);
-
- OCT_xorbyte(&K0,0x6a); /* 0x6a = 0x36 ^ 0x5c */
- hashit(sha,&K0,-1,&H,&H,olen);
-
- OCT_empty(tag);
-
- OCT_jbytes(tag,H.val,olen);
-
- return 1;
-}
-
-/* Key Derivation Functions */
-/* Input octet z */
-/* Output key of length olen */
-/*
-void KDF1(octet *z,int olen,octet *key)
-{
- char h[32];
- octet H={0,sizeof(h),h};
- int counter,cthreshold;
- int hlen=32;
-
- OCT_empty(key);
-
- cthreshold=ROUNDUP(olen,hlen);
-
- for (counter=0;counter<cthreshold;counter++)
- {
- hashit(z,counter,NULL,NULL,&H);
- if (key->len+hlen>olen) OCT_jbytes(key,H.val,olen%hlen);
- else OCT_joctet(key,&H);
- }
-}
-*/
-void KDF2(int sha,octet *z,octet *p,int olen,octet *key)
-{
- /* NOTE: the parameter olen is the length of the output k in bytes */
- char h[64];
- octet H= {0,sizeof(h),h};
- int counter,cthreshold;
- int hlen=sha;
-
- OCT_empty(key);
-
- cthreshold=ROUNDUP(olen,hlen);
-
- for (counter=1; counter<=cthreshold; counter++)
- {
- hashit(sha,z,counter,p,&H,0);
- if (key->len+hlen>olen) OCT_jbytes(key,H.val,olen%hlen);
- else OCT_joctet(key,&H);
- }
-
-}
-
-/* Password based Key Derivation Function */
-/* Input password p, salt s, and repeat count */
-/* Output key of length olen */
-void PBKDF2(int sha,octet *p,octet *s,int rep,int olen,octet *key)
-{
- int i,j,len,d=ROUNDUP(olen,sha);
- char f[64],u[64]; /*****/
- octet F= {0,sizeof(f),f};
- octet U= {0,sizeof(u),u};
- OCT_empty(key);
-
- for (i=1; i<=d; i++)
- {
- len=s->len;
- OCT_jint(s,i,4);
-
- HMAC(sha,s,p,sha,&F); /* sha not EFS */
-
- s->len=len;
- OCT_copy(&U,&F);
- for (j=2; j<=rep; j++)
- {
- HMAC(sha,&U,p,sha,&U); /* sha not EFS */
- OCT_xor(&F,&U);
- }
-
- OCT_joctet(key,&F);
- }
-
- OCT_chop(key,NULL,olen);
-}
-
-/* AES encryption/decryption. Encrypt byte array M using key K and returns ciphertext */
-void AES_CBC_IV0_ENCRYPT(octet *k,octet *m,octet *c)
-{
- /* AES CBC encryption, with Null IV and key k */
- /* Input is from an octet string m, output is to an octet string c */
- /* Input is padded as necessary to make up a full final block */
- amcl_aes a;
- int fin;
- int i,j,ipt,opt;
- char buff[16];
- int padlen;
-
- OCT_clear(c);
- if (m->len==0) return;
- AES_init(&a,CBC,k->len,k->val,NULL);
-
- ipt=opt=0;
- fin=0;
- for(;;)
- {
- for (i=0; i<16; i++)
- {
- if (ipt<m->len) buff[i]=m->val[ipt++];
- else
- {
- fin=1;
- break;
- }
- }
- if (fin) break;
- AES_encrypt(&a,buff);
- for (i=0; i<16; i++)
- if (opt<c->max) c->val[opt++]=buff[i];
- }
-
- /* last block, filled up to i-th index */
-
- padlen=16-i;
- for (j=i; j<16; j++) buff[j]=padlen;
- AES_encrypt(&a,buff);
- for (i=0; i<16; i++)
- if (opt<c->max) c->val[opt++]=buff[i];
- AES_end(&a);
- c->len=opt;
-}
-
-/* decrypts and returns TRUE if all consistent, else returns FALSE */
-int AES_CBC_IV0_DECRYPT(octet *k,octet *c,octet *m)
-{
- /* padding is removed */
- amcl_aes a;
- int i,ipt,opt,ch;
- char buff[16];
- int fin,bad;
- int padlen;
- ipt=opt=0;
-
- OCT_clear(m);
- if (c->len==0) return 1;
- ch=c->val[ipt++];
-
- AES_init(&a,CBC,k->len,k->val,NULL);
- fin=0;
-
- for(;;)
- {
- for (i=0; i<16; i++)
- {
- buff[i]=ch;
- if (ipt>=c->len)
- {
- fin=1;
- break;
- }
- else ch=c->val[ipt++];
- }
- AES_decrypt(&a,buff);
- if (fin) break;
- for (i=0; i<16; i++)
- if (opt<m->max) m->val[opt++]=buff[i];
- }
- AES_end(&a);
- bad=0;
- padlen=buff[15];
- if (i!=15 || padlen<1 || padlen>16) bad=1;
- if (padlen>=2 && padlen<=16)
- for (i=16-padlen; i<16; i++) if (buff[i]!=padlen) bad=1;
-
- if (!bad) for (i=0; i<16-padlen; i++)
- if (opt<m->max) m->val[opt++]=buff[i];
-
- m->len=opt;
- if (bad) return 0;
- return 1;
-}
-
-/* Calculate a public/private EC GF(p) key pair. W=S.G mod EC(p),
- * where S is the secret key and W is the public key
- * and G is fixed generator.
- * If RNG is NULL then the private key is provided externally in S
- * otherwise it is generated randomly internally */
-int ECP_KEY_PAIR_GENERATE(csprng *RNG,octet* S,octet *W)
-{
- BIG r,gx,s;
- ECP G;
- int res=0;
- BIG_rcopy(gx,CURVE_Gx);
-
-#if CURVETYPE!=MONTGOMERY
- BIG gy;
- BIG_rcopy(gy,CURVE_Gy);
- ECP_set(&G,gx,gy);
-#else
- ECP_set(&G,gx);
-#endif
-
- BIG_rcopy(r,CURVE_Order);
- if (RNG!=NULL)
- {
- BIG_randomnum(s,r,RNG);
- }
- else
- {
- BIG_fromBytes(s,S->val);
- BIG_mod(s,r);
- }
-
-#ifdef AES_S
- BIG_mod2m(s,2*AES_S);
-// BIG_toBytes(S->val,s);
-#endif
-
- ECP_mul(&G,s);
-#if CURVETYPE!=MONTGOMERY
- ECP_get(gx,gy,&G);
-#else
- ECP_get(gx,&G);
- /*
- ECP_rhs(gy,gx);
- FP_sqrt(gy,gy);
- FP_neg(gy,gy);
- FP_inv(gy,gy);
- FP_mul(r,gx,gy);
- FP_reduce(r);
-
- BIG_zero(gy);
- BIG_inc(gy,486664);
- FP_neg(gy,gy);
- FP_sqrt(gy,gy);
- FP_reduce(gy);
- FP_mul(r,r,gy);
- FP_reduce(r);
-
- printf("x= "); BIG_output(r); printf("\n");
-
- BIG_copy(r,gx);
- BIG_dec(r,1);
- BIG_copy(gy,gx);
- BIG_inc(gy,1);
- FP_inv(gy,gy);
- FP_mul(r,r,gy);
- FP_reduce(r);
-
- printf("y= "); BIG_output(r); printf("\n");
-
- BIG_zero(r);
- BIG_inc(r,121665);
- BIG_zero(gy);
- BIG_inc(gy,121666);
- FP_inv(gy,gy);
- FP_mul(r,r,gy);
- FP_neg(r,r);
- FP_reduce(r);
-
- printf("d= "); BIG_output(r); printf("\n");
- */
-
-#endif
-
- S->len=EGS;
- BIG_toBytes(S->val,s);
-
-#if CURVETYPE!=MONTGOMERY
- W->len=2*EFS+1;
- W->val[0]=4;
- BIG_toBytes(&(W->val[1]),gx);
- BIG_toBytes(&(W->val[EFS+1]),gy);
-#else
- W->len=EFS+1;
- W->val[0]=2;
- BIG_toBytes(&(W->val[1]),gx);
-#endif
-
- return res;
-}
-
-/* validate public key. Set full=true for fuller check */
-int ECP_PUBLIC_KEY_VALIDATE(int full,octet *W)
-{
- BIG q,r,wx;
- ECP WP;
- int valid;
- int res=0;
-
- BIG_rcopy(q,Modulus);
- BIG_rcopy(r,CURVE_Order);
-
- BIG_fromBytes(wx,&(W->val[1]));
- if (BIG_comp(wx,q)>=0) res=ECDH_INVALID_PUBLIC_KEY;
-#if CURVETYPE!=MONTGOMERY
- BIG wy;
- BIG_fromBytes(wy,&(W->val[EFS+1]));
- if (BIG_comp(wy,q)>=0) res=ECDH_INVALID_PUBLIC_KEY;
-#endif
- if (res==0)
- {
-
-#if CURVETYPE!=MONTGOMERY
- valid=ECP_set(&WP,wx,wy);
-#else
- valid=ECP_set(&WP,wx);
-#endif
- if (!valid || ECP_isinf(&WP)) res=ECDH_INVALID_PUBLIC_KEY;
- if (res==0 && full)
- {
-
- ECP_mul(&WP,r);
- if (!ECP_isinf(&WP)) res=ECDH_INVALID_PUBLIC_KEY;
- }
- }
-
- return res;
-}
-
-/* IEEE-1363 Diffie-Hellman online calculation Z=S.WD */
-int ECPSVDP_DH(octet *S,octet *WD,octet *Z)
-{
- BIG r,s,wx;
- int valid;
- ECP W;
- int res=0;
-
- BIG_fromBytes(s,S->val);
-
- BIG_fromBytes(wx,&(WD->val[1]));
-#if CURVETYPE!=MONTGOMERY
- BIG wy;
- BIG_fromBytes(wy,&(WD->val[EFS+1]));
- valid=ECP_set(&W,wx,wy);
-#else
- valid=ECP_set(&W,wx);
-#endif
- if (!valid) res=ECDH_ERROR;
- if (res==0)
- {
- BIG_rcopy(r,CURVE_Order);
- BIG_mod(s,r);
-
- ECP_mul(&W,s);
- if (ECP_isinf(&W)) res=ECDH_ERROR;
- else
- {
-#if CURVETYPE!=MONTGOMERY
- ECP_get(wx,wx,&W);
-#else
- ECP_get(wx,&W);
-#endif
- Z->len=MODBYTES;
- BIG_toBytes(Z->val,wx);
- }
- }
- return res;
-}
-
-#if CURVETYPE!=MONTGOMERY
-
-/* IEEE ECDSA Signature, C and D are signature on F using private key S */
-int ECPSP_DSA(int sha,csprng *RNG,octet *K,octet *S,octet *F,octet *C,octet *D)
-{
- char h[128];
- octet H= {0,sizeof(h),h};
-
- BIG gx,gy,r,s,f,c,d,u,vx,w;
- ECP G,V;
-
- hashit(sha,F,-1,NULL,&H,sha);
- BIG_rcopy(gx,CURVE_Gx);
- BIG_rcopy(gy,CURVE_Gy);
- BIG_rcopy(r,CURVE_Order);
-
- BIG_fromBytes(s,S->val);
-
- int hlen=H.len;
- if (H.len>MODBYTES) hlen=MODBYTES;
- BIG_fromBytesLen(f,H.val,hlen);
-
- ECP_set(&G,gx,gy);
-
- do
- {
- if (RNG!=NULL)
- {
- BIG_randomnum(u,r,RNG);
- BIG_randomnum(w,r,RNG); /* randomize calculation */
- }
- else
- {
- BIG_fromBytes(u,K->val);
- BIG_mod(u,r);
- }
-
-#ifdef AES_S
- BIG_mod2m(u,2*AES_S);
-#endif
- ECP_copy(&V,&G);
- ECP_mul(&V,u);
-
- ECP_get(vx,vx,&V);
-
- BIG_copy(c,vx);
- BIG_mod(c,r);
- if (BIG_iszilch(c)) continue;
- if (RNG!=NULL)
- {
- BIG_modmul(u,u,w,r);
- }
-
- BIG_invmodp(u,u,r);
- BIG_modmul(d,s,c,r);
-
- BIG_add(d,f,d);
- if (RNG!=NULL)
- {
- BIG_modmul(d,d,w,r);
- }
-
- BIG_modmul(d,u,d,r);
-
- }
- while (BIG_iszilch(d));
-
- C->len=D->len=EGS;
-
- BIG_toBytes(C->val,c);
- BIG_toBytes(D->val,d);
-
- return 0;
-}
-
-/* IEEE1363 ECDSA Signature Verification. Signature C and D on F is verified using public key W */
-int ECPVP_DSA(int sha,octet *W,octet *F, octet *C,octet *D)
-{
- char h[128];
- octet H= {0,sizeof(h),h};
-
- BIG r,gx,gy,wx,wy,f,c,d,h2;
- int res=0;
- ECP G,WP;
- int valid;
-
- hashit(sha,F,-1,NULL,&H,sha);
- BIG_rcopy(gx,CURVE_Gx);
- BIG_rcopy(gy,CURVE_Gy);
- BIG_rcopy(r,CURVE_Order);
-
- OCT_shl(C,C->len-MODBYTES);
- OCT_shl(D,D->len-MODBYTES);
-
- BIG_fromBytes(c,C->val);
- BIG_fromBytes(d,D->val);
-
- int hlen=H.len;
- if (hlen>MODBYTES) hlen=MODBYTES;
-
- BIG_fromBytesLen(f,H.val,hlen);
-
- //BIG_fromBytes(f,H.val);
-
- if (BIG_iszilch(c) || BIG_comp(c,r)>=0 || BIG_iszilch(d) || BIG_comp(d,r)>=0)
- res=ECDH_INVALID;
-
- if (res==0)
- {
- BIG_invmodp(d,d,r);
- BIG_modmul(f,f,d,r);
- BIG_modmul(h2,c,d,r);
-
- ECP_set(&G,gx,gy);
-
- BIG_fromBytes(wx,&(W->val[1]));
- BIG_fromBytes(wy,&(W->val[EFS+1]));
-
- valid=ECP_set(&WP,wx,wy);
-
- if (!valid) res=ECDH_ERROR;
- else
- {
- ECP_mul2(&WP,&G,h2,f);
-
- if (ECP_isinf(&WP)) res=ECDH_INVALID;
- else
- {
- ECP_get(d,d,&WP);
- BIG_mod(d,r);
- if (BIG_comp(d,c)!=0) res=ECDH_INVALID;
- }
- }
- }
-
- return res;
-}
-
-/* IEEE1363 ECIES encryption. Encryption of plaintext M uses public key W and produces ciphertext V,C,T */
-void ECP_ECIES_ENCRYPT(int sha,octet *P1,octet *P2,csprng *RNG,octet *W,octet *M,int tlen,octet *V,octet *C,octet *T)
-{
-
- int i,len;
- char z[EFS],vz[3*EFS+1],k[2*EAS],k1[EAS],k2[EAS],l2[8],u[EFS];
- octet Z= {0,sizeof(z),z};
- octet VZ= {0,sizeof(vz),vz};
- octet K= {0,sizeof(k),k};
- octet K1= {0,sizeof(k1),k1};
- octet K2= {0,sizeof(k2),k2};
- octet L2= {0,sizeof(l2),l2};
- octet U= {0,sizeof(u),u};
-
- if (ECP_KEY_PAIR_GENERATE(RNG,&U,V)!=0) return;
- if (ECPSVDP_DH(&U,W,&Z)!=0) return;
-
- OCT_copy(&VZ,V);
- OCT_joctet(&VZ,&Z);
-
- KDF2(sha,&VZ,P1,2*EAS,&K);
-
- K1.len=K2.len=EAS;
- for (i=0; i<EAS; i++)
- {
- K1.val[i]=K.val[i];
- K2.val[i]=K.val[EAS+i];
- }
-
- AES_CBC_IV0_ENCRYPT(&K1,M,C);
-
- OCT_jint(&L2,P2->len,8);
-
- len=C->len;
- OCT_joctet(C,P2);
- OCT_joctet(C,&L2);
- HMAC(sha,C,&K2,tlen,T);
- C->len=len;
-}
-
-/* IEEE1363 ECIES decryption. Decryption of ciphertext V,C,T using private key U outputs plaintext M */
-int ECP_ECIES_DECRYPT(int sha,octet *P1,octet *P2,octet *V,octet *C,octet *T,octet *U,octet *M)
-{
-
- int i,len;
- char z[EFS],vz[3*EFS+1],k[2*EAS],k1[EAS],k2[EAS],l2[8],tag[32];
- octet Z= {0,sizeof(z),z};
- octet VZ= {0,sizeof(vz),vz};
- octet K= {0,sizeof(k),k};
- octet K1= {0,sizeof(k1),k1};
- octet K2= {0,sizeof(k2),k2};
- octet L2= {0,sizeof(l2),l2};
- octet TAG= {0,sizeof(tag),tag};
-
- if (ECPSVDP_DH(U,V,&Z)!=0) return 0;
-
- OCT_copy(&VZ,V);
- OCT_joctet(&VZ,&Z);
-
- KDF2(sha,&VZ,P1,EFS,&K);
-
- K1.len=K2.len=EAS;
- for (i=0; i<EAS; i++)
- {
- K1.val[i]=K.val[i];
- K2.val[i]=K.val[EAS+i];
- }
-
- if (!AES_CBC_IV0_DECRYPT(&K1,C,M)) return 0;
-
- OCT_jint(&L2,P2->len,8);
-
- len=C->len;
- OCT_joctet(C,P2);
- OCT_joctet(C,&L2);
- HMAC(sha,C,&K2,T->len,&TAG);
- C->len=len;
-
- if (!OCT_comp(T,&TAG)) return 0;
-
- return 1;
-
-}
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/ecdh.h
----------------------------------------------------------------------
diff --git a/version22/c/ecdh.h b/version22/c/ecdh.h
deleted file mode 100644
index 7d0536b..0000000
--- a/version22/c/ecdh.h
+++ /dev/null
@@ -1,206 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/**
- * @file ecdh.h
- * @author Mike Scott and Kealan McCusker
- * @date 2nd June 2015
- * @brief ECDH Header file for implementation of standard EC protocols
- *
- * declares functions
- *
- */
-
-#ifndef ECDH_H
-#define ECDH_H
-
-#include "amcl.h"
-
-#define EAS 16 /**< Symmetric Key size - 128 bits */
-#define EGS MODBYTES /**< ECC Group Size in bytes */
-#define EFS MODBYTES /**< ECC Field Size in bytes */
-
-#define HASH_TYPE_ECC SHA256 /**< Hash type */
-
-#define ECDH_OK 0 /**< Function completed without error */
-/*#define ECDH_DOMAIN_ERROR -1*/
-#define ECDH_INVALID_PUBLIC_KEY -2 /**< Public Key is Invalid */
-#define ECDH_ERROR -3 /**< ECDH Internal Error */
-#define ECDH_INVALID -4 /**< ECDH Internal Error */
-/*#define ECDH_DOMAIN_NOT_FOUND -5
-#define ECDH_OUT_OF_MEMORY -6
-#define ECDH_DIV_BY_ZERO -7
-#define ECDH_BAD_ASSUMPTION -8*/
-
-/* ECDH Auxiliary Functions */
-
-
-/** @brief hash an octet into another octet
- *
- @param h is the hash type
- @param I input octet
- @param O output octet - H(I)
- */
-extern void HASH(int h,octet *I,octet *O);
-/** @brief HMAC of message M using key K to create tag of length len in octet tag
- *
- IEEE-1363 MAC1 function. Uses SHA256 internally.
- @param h is the hash type
- @param M input message octet
- @param K input encryption key
- @param len is output desired length of HMAC tag
- @param tag is the output HMAC
- @return 0 for bad parameters, else 1
- */
-extern int HMAC(int h,octet *M,octet *K,int len,octet *tag);
-
-/*extern void KDF1(octet *,int,octet *);*/
-
-/** @brief Key Derivation Function - generates key K from inputs Z and P
- *
- IEEE-1363 KDF2 Key Derivation Function. Uses SHA256 internally.
- @param h is the hash type
- @param Z input octet
- @param P input key derivation parameters - can be NULL
- @param len is output desired length of key
- @param K is the derived key
- */
-extern void KDF2(int h,octet *Z,octet *P,int len,octet *K);
-/** @brief Password Based Key Derivation Function - generates key K from password, salt and repeat counter
- *
- PBKDF2 Password Based Key Derivation Function. Uses SHA256 internally.
- @param h is the hash type
- @param P input password
- @param S input salt
- @param rep Number of times to be iterated.
- @param len is output desired length
- @param K is the derived key
- */
-extern void PBKDF2(int h,octet *P,octet *S,int rep,int len,octet *K);
-/** @brief AES encrypts a plaintext to a ciphtertext
- *
- IEEE-1363 AES_CBC_IV0_ENCRYPT function. Encrypts in CBC mode with a zero IV, padding as necessary to create a full final block.
- @param K AES key
- @param P input plaintext octet
- @param C output ciphertext octet
- */
-extern void AES_CBC_IV0_ENCRYPT(octet *K,octet *P,octet *C);
-/** @brief AES encrypts a plaintext to a ciphtertext
- *
- IEEE-1363 AES_CBC_IV0_DECRYPT function. Decrypts in CBC mode with a zero IV.
- @param K AES key
- @param C input ciphertext octet
- @param P output plaintext octet
- @return 0 if bad input, else 1
- */
-extern int AES_CBC_IV0_DECRYPT(octet *K,octet *C,octet *P);
-
-/* ECDH primitives - support functions */
-/** @brief Generate an ECC public/private key pair
- *
- @param R is a pointer to a cryptographically secure random number generator
- @param s the private key, an output internally randomly generated if R!=NULL, otherwise must be provided as an input
- @param W the output public key, which is s.G, where G is a fixed generator
- @return 0 or an error code
- */
-extern int ECP_KEY_PAIR_GENERATE(csprng *R,octet *s,octet *W);
-/** @brief Validate an ECC public key
- *
- @param f if = 0 just does some simple checks, else tests that W is of the correct order
- @param W the input public key to be validated
- @return 0 if public key is OK, or an error code
- */
-extern int ECP_PUBLIC_KEY_VALIDATE(int f,octet *W);
-
-/* ECDH primitives */
-
-/** @brief Generate Diffie-Hellman shared key
- *
- IEEE-1363 Diffie-Hellman shared secret calculation
- @param s is the input private key,
- @param W the input public key of the other party
- @param K the output shared key, in fact the x-coordinate of s.W
- @return 0 or an error code
- */
-extern int ECPSVDP_DH(octet *s,octet *W,octet *K);
-/*extern int ECPSVDP_DHC(octet *,octet *,int,octet *);*/
-
-/*#if CURVETYPE!=MONTGOMERY */
-/* ECIES functions */
-/*#if CURVETYPE!=MONTGOMERY */
-/* ECIES functions */
-/** @brief ECIES Encryption
- *
- IEEE-1363 ECIES Encryption
- @param h is the hash type
- @param P1 input Key Derivation parameters
- @param P2 input Encoding parameters
- @param R is a pointer to a cryptographically secure random number generator
- @param W the input public key of the recieving party
- @param M is the plaintext message to be encrypted
- @param len the length of the HMAC tag
- @param V component of the output ciphertext
- @param C the output ciphertext
- @param T the output HMAC tag, part of the ciphertext
- */
-extern void ECP_ECIES_ENCRYPT(int h,octet *P1,octet *P2,csprng *R,octet *W,octet *M,int len,octet *V,octet *C,octet *T);
-/** @brief ECIES Decryption
- *
- IEEE-1363 ECIES Decryption
- @param h is the hash type
- @param P1 input Key Derivation parameters
- @param P2 input Encoding parameters
- @param V component of the input ciphertext
- @param C the input ciphertext
- @param T the input HMAC tag, part of the ciphertext
- @param U the input private key for decryption
- @param M the output plaintext message
- @return 1 if successful, else 0
- */
-extern int ECP_ECIES_DECRYPT(int h,octet *P1,octet *P2,octet *V,octet *C,octet *T,octet *U,octet *M);
-
-/* ECDSA functions */
-/** @brief ECDSA Signature
- *
- IEEE-1363 ECDSA Signature
- @param h is the hash type
- @param R is a pointer to a cryptographically secure random number generator
- @param k Ephemeral key. This value is used when R=NULL
- @param s the input private signing key
- @param M the input message to be signed
- @param c component of the output signature
- @param d component of the output signature
-
- */
-extern int ECPSP_DSA(int h,csprng *R,octet *k,octet *s,octet *M,octet *c,octet *d);
-/** @brief ECDSA Signature Verification
- *
- IEEE-1363 ECDSA Signature Verification
- @param h is the hash type
- @param W the input public key
- @param M the input message
- @param c component of the input signature
- @param d component of the input signature
- @return 0 or an error code
- */
-extern int ECPVP_DSA(int h,octet *W,octet *M,octet *c,octet *d);
-/*#endif*/
-
-#endif
-
[22/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/swift/fp12.swift
----------------------------------------------------------------------
diff --git a/version22/swift/fp12.swift b/version22/swift/fp12.swift
deleted file mode 100644
index 8743677..0000000
--- a/version22/swift/fp12.swift
+++ /dev/null
@@ -1,584 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-//
-// fp12.swift
-//
-// Created by Michael Scott on 07/07/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-/* AMCL Fp^12 functions */
-/* FP12 elements are of the form a+i.b+i^2.c */
-
-final class FP12
-{
- private final var a:FP4
- private final var b:FP4
- private final var c:FP4
-
- /* reduce all components of this mod Modulus */
- func reduce()
- {
- a.reduce()
- b.reduce()
- c.reduce()
- }
- /* normalise all components of this */
- func norm()
- {
- a.norm();
- b.norm();
- c.norm();
- }
- /* Constructors */
- init(_ d:FP4)
- {
- a=FP4(d)
- b=FP4(0)
- c=FP4(0)
- }
-
- init(_ d:Int)
- {
- a=FP4(d)
- b=FP4(0)
- c=FP4(0)
- }
-
- init(_ d:FP4,_ e:FP4,_ f:FP4)
- {
- a=FP4(d)
- b=FP4(e)
- c=FP4(f)
- }
-
- init(_ x:FP12)
- {
- a=FP4(x.a)
- b=FP4(x.b)
- c=FP4(x.c)
- }
- /* test x==0 ? */
- func iszilch() -> Bool
- {
- reduce();
- return a.iszilch() && b.iszilch() && c.iszilch()
- }
- /* test x==1 ? */
- func isunity() -> Bool
- {
- let one=FP4(1)
- return a.equals(one) && b.iszilch() && c.iszilch()
- }
- /* return 1 if x==y, else 0 */
- func equals(_ x:FP12) -> Bool
- {
- return a.equals(x.a) && b.equals(x.b) && c.equals(x.c)
- }
- /* extract a from self */
- func geta() -> FP4
- {
- return a
- }
- /* extract b */
- func getb() -> FP4
- {
- return b
- }
- /* extract c */
- func getc() -> FP4
- {
- return c
- }
- /* copy self=x */
- func copy(_ x:FP12)
- {
- a.copy(x.a)
- b.copy(x.b)
- c.copy(x.c)
- }
- /* set self=1 */
- func one()
- {
- a.one()
- b.zero()
- c.zero()
- }
- /* self=conj(self) */
- func conj()
- {
- a.conj()
- b.nconj()
- c.conj()
- }
- /* Granger-Scott Unitary Squaring */
- func usqr()
- {
- let A=FP4(a)
- let B=FP4(c)
- let C=FP4(b)
- let D=FP4(0)
-
- a.sqr()
- D.copy(a); D.add(a)
- a.add(D)
-
- a.norm()
- A.nconj()
-
- A.add(A)
- a.add(A)
- B.sqr()
- B.times_i()
-
- D.copy(B); D.add(B)
- B.add(D)
- B.norm()
-
- C.sqr()
- D.copy(C); D.add(C)
- C.add(D)
- C.norm()
-
- b.conj()
- b.add(b)
- c.nconj()
-
- c.add(c)
- b.add(B)
- c.add(C)
- reduce()
-
- }
- /* Chung-Hasan SQR2 method from http://cacr.uwaterloo.ca/techreports/2006/cacr2006-24.pdf */
- func sqr()
- {
- let A=FP4(a)
- let B=FP4(b)
- let C=FP4(c)
- let D=FP4(a)
-
- A.sqr()
- B.mul(c)
- B.add(B)
- C.sqr()
- D.mul(b)
- D.add(D)
-
- c.add(a)
- c.add(b)
- c.sqr()
-
- a.copy(A)
-
- A.add(B)
- A.norm()
- A.add(C)
- A.add(D)
- A.norm()
-
- A.neg()
- B.times_i()
- C.times_i()
-
- a.add(B)
-
- b.copy(C); b.add(D)
- c.add(A)
-
- norm()
- }
-
- /* FP12 full multiplication this=this*y */
- func mul(_ y:FP12)
- {
- let z0=FP4(a)
- let z1=FP4(0)
- let z2=FP4(b)
- let z3=FP4(0)
- let t0=FP4(a)
- let t1=FP4(y.a)
-
- z0.mul(y.a)
- z2.mul(y.b)
-
- t0.add(b)
- t1.add(y.b)
-
- z1.copy(t0); z1.mul(t1)
- t0.copy(b); t0.add(c)
-
- t1.copy(y.b); t1.add(y.c)
- z3.copy(t0); z3.mul(t1)
-
- t0.copy(z0); t0.neg()
- t1.copy(z2); t1.neg()
-
- z1.add(t0)
- z1.norm()
- b.copy(z1); b.add(t1)
-
- z3.add(t1)
- z2.add(t0)
-
- t0.copy(a); t0.add(c)
- t1.copy(y.a); t1.add(y.c)
- t0.mul(t1)
- z2.add(t0)
-
- t0.copy(c); t0.mul(y.c)
- t1.copy(t0); t1.neg()
-
- z2.norm()
- z3.norm()
- b.norm()
-
- c.copy(z2); c.add(t1)
- z3.add(t1)
- t0.times_i()
- b.add(t0)
-
- z3.times_i()
- a.copy(z0); a.add(z3)
-
- norm()
- }
-
- /* Special case of multiplication arises from special form of ATE pairing line function */
- func smul(_ y:FP12)
- {
- let z0=FP4(a)
- let z2=FP4(b)
- let z3=FP4(b)
- let t0=FP4(0)
- let t1=FP4(y.a)
-
- z0.mul(y.a)
- z2.pmul(y.b.real())
- b.add(a)
- t1.real().add(y.b.real())
-
- b.mul(t1)
- z3.add(c)
- z3.pmul(y.b.real())
-
- t0.copy(z0); t0.neg()
- t1.copy(z2); t1.neg()
-
- b.add(t0)
- b.norm()
-
- b.add(t1)
- z3.add(t1)
- z2.add(t0)
-
- t0.copy(a); t0.add(c)
- t0.mul(y.a)
- c.copy(z2); c.add(t0)
-
- z3.times_i()
- a.copy(z0); a.add(z3)
-
- norm()
- }
- /* self=1/self */
- func inverse()
- {
- let f0=FP4(a)
- let f1=FP4(b)
- let f2=FP4(a)
- let f3=FP4(0)
-
- norm()
- f0.sqr()
- f1.mul(c)
- f1.times_i()
- f0.sub(f1)
-
- f1.copy(c); f1.sqr()
- f1.times_i()
- f2.mul(b)
- f1.sub(f2)
-
- f2.copy(b); f2.sqr()
- f3.copy(a); f3.mul(c)
- f2.sub(f3)
-
- f3.copy(b); f3.mul(f2)
- f3.times_i()
- a.mul(f0)
- f3.add(a)
- c.mul(f1)
- c.times_i()
-
- f3.add(c)
- f3.inverse()
- a.copy(f0); a.mul(f3)
- b.copy(f1); b.mul(f3)
- c.copy(f2); c.mul(f3)
- }
-
- /* self=self^p using Frobenius */
- func frob(_ f:FP2)
- {
- let f2=FP2(f)
- let f3=FP2(f)
-
- f2.sqr()
- f3.mul(f2)
-
- a.frob(f3)
- b.frob(f3)
- c.frob(f3)
-
- b.pmul(f)
- c.pmul(f2)
- }
-
- /* trace function */
- func trace() -> FP4
- {
- let t=FP4(0)
- t.copy(a)
- t.imul(3)
- t.reduce()
- return t
- }
- /* convert from byte array to FP12 */
- static func fromBytes(_ w:[UInt8]) -> FP12
- {
- let RM=Int(ROM.MODBYTES)
- var t=[UInt8](repeating: 0,count: RM)
-
- for i in 0 ..< RM {t[i]=w[i]}
- var a=BIG.fromBytes(t)
- for i in 0 ..< RM {t[i]=w[i+RM]}
- var b=BIG.fromBytes(t)
- var c=FP2(a,b)
-
- for i in 0 ..< RM {t[i]=w[i+2*RM]}
- a=BIG.fromBytes(t)
- for i in 0 ..< RM {t[i]=w[i+3*RM]}
- b=BIG.fromBytes(t)
- var d=FP2(a,b)
-
- let e=FP4(c,d)
-
- for i in 0 ..< RM {t[i]=w[i+4*RM]}
- a=BIG.fromBytes(t)
- for i in 0 ..< RM {t[i]=w[i+5*RM]}
- b=BIG.fromBytes(t)
- c=FP2(a,b)
-
- for i in 0 ..< RM {t[i]=w[i+6*RM]}
- a=BIG.fromBytes(t)
- for i in 0 ..< RM {t[i]=w[i+7*RM]}
- b=BIG.fromBytes(t)
- d=FP2(a,b)
-
- let f=FP4(c,d)
-
-
- for i in 0 ..< RM {t[i]=w[i+8*RM]}
- a=BIG.fromBytes(t)
- for i in 0 ..< RM {t[i]=w[i+9*RM]}
- b=BIG.fromBytes(t)
- c=FP2(a,b)
-
- for i in 0 ..< RM {t[i]=w[i+10*RM]}
- a=BIG.fromBytes(t)
- for i in 0 ..< RM {t[i]=w[i+11*RM]}
- b=BIG.fromBytes(t);
- d=FP2(a,b)
-
- let g=FP4(c,d)
-
- return FP12(e,f,g)
- }
-
- /* convert this to byte array */
- func toBytes(_ w:inout [UInt8])
- {
- let RM=Int(ROM.MODBYTES)
- var t=[UInt8](repeating: 0,count: RM)
-
- a.geta().getA().toBytes(&t)
- for i in 0 ..< RM {w[i]=t[i]}
- a.geta().getB().toBytes(&t)
- for i in 0 ..< RM {w[i+RM]=t[i]}
- a.getb().getA().toBytes(&t)
- for i in 0 ..< RM {w[i+2*RM]=t[i]}
- a.getb().getB().toBytes(&t)
- for i in 0 ..< RM {w[i+3*RM]=t[i]}
-
- b.geta().getA().toBytes(&t)
- for i in 0 ..< RM {w[i+4*RM]=t[i]}
- b.geta().getB().toBytes(&t);
- for i in 0 ..< RM {w[i+5*RM]=t[i]}
- b.getb().getA().toBytes(&t)
- for i in 0 ..< RM {w[i+6*RM]=t[i]}
- b.getb().getB().toBytes(&t)
- for i in 0 ..< RM {w[i+7*RM]=t[i]}
-
- c.geta().getA().toBytes(&t)
- for i in 0 ..< RM {w[i+8*RM]=t[i]}
- c.geta().getB().toBytes(&t)
- for i in 0 ..< RM {w[i+9*RM]=t[i]}
- c.getb().getA().toBytes(&t)
- for i in 0 ..< RM {w[i+10*RM]=t[i]}
- c.getb().getB().toBytes(&t)
- for i in 0 ..< RM {w[i+11*RM]=t[i]}
- }
- /* convert to hex string */
- func toString() -> String
- {
- return ("["+a.toString()+","+b.toString()+","+c.toString()+"]")
- }
-
- /* self=self^e */
- /* Note this is simple square and multiply, so not side-channel safe */
- func pow(_ e:BIG) -> FP12
- {
- norm()
- e.norm()
- let w=FP12(self)
- let z=BIG(e)
- let r=FP12(1)
-
- while (true)
- {
- let bt=z.parity()
- z.fshr(1)
- if bt==1 {r.mul(w)}
- if z.iszilch() {break}
- w.usqr()
- }
- r.reduce()
- return r
- }
- /* constant time powering by small integer of max length bts */
- func pinpow(_ e:Int32,_ bts:Int32)
- {
- var R=[FP12]()
- R.append(FP12(1));
- R.append(FP12(self));
-
- //for var i=bts-1;i>=0;i--
- for i in (0...bts-1).reversed()
- {
- let b=Int((e>>i)&1)
- R[1-b].mul(R[b])
- R[b].usqr()
- }
- copy(R[0]);
- }
-
- /* p=q0^u0.q1^u1.q2^u2.q3^u3 */
- /* Timing attack secure, but not cache attack secure */
-
- static func pow4(_ q:[FP12],_ u:[BIG]) -> FP12
- {
- var a=[Int32](repeating: 0,count: 4)
- var g=[FP12]();
-
- for _ in 0 ..< 8 {g.append(FP12(0))}
- var s=[FP12]();
- for _ in 0 ..< 2 {s.append(FP12(0))}
-
- let c=FP12(1)
- let p=FP12(0)
-
- var t=[BIG]()
- for i in 0 ..< 4
- {t.append(BIG(u[i]))}
-
- let mt=BIG(0);
- var w=[Int8](repeating: 0,count: ROM.NLEN*Int(ROM.BASEBITS)+1)
-
- g[0].copy(q[0]); s[0].copy(q[1]); s[0].conj(); g[0].mul(s[0])
- g[1].copy(g[0])
- g[2].copy(g[0])
- g[3].copy(g[0])
- g[4].copy(q[0]); g[4].mul(q[1])
- g[5].copy(g[4])
- g[6].copy(g[4])
- g[7].copy(g[4])
-
- s[1].copy(q[2]); s[0].copy(q[3]); s[0].conj(); s[1].mul(s[0])
- s[0].copy(s[1]); s[0].conj(); g[1].mul(s[0])
- g[2].mul(s[1])
- g[5].mul(s[0])
- g[6].mul(s[1])
- s[1].copy(q[2]); s[1].mul(q[3])
- s[0].copy(s[1]); s[0].conj(); g[0].mul(s[0])
- g[3].mul(s[1])
- g[4].mul(s[0])
- g[7].mul(s[1])
-
- /* if power is even add 1 to power, and add q to correction */
-
- for i in 0 ..< 4
- {
- if t[i].parity()==0
- {
- t[i].inc(1); t[i].norm()
- c.mul(q[i])
- }
- mt.add(t[i]); mt.norm()
- }
- c.conj();
- let nb=1+mt.nbits();
-
- /* convert exponent to signed 1-bit window */
- for j in 0 ..< nb
- {
- for i in 0 ..< 4
- {
- a[i]=Int32(t[i].lastbits(2)-2)
- t[i].dec(Int(a[i]));
- t[i].norm()
- t[i].fshr(1)
- }
- w[j]=Int8(8*a[0]+4*a[1]+2*a[2]+a[3])
- }
- w[nb]=Int8(8*t[0].lastbits(2)+4*t[1].lastbits(2))
- w[nb]+=Int8(2*t[2].lastbits(2)+t[3].lastbits(2))
- p.copy(g[Int(w[nb]-1)/2])
-
- //for var i=nb-1;i>=0;i--
- for i in (0...nb-1).reversed()
- {
- let m=w[i]>>7
- let j=(w[i]^m)-m /* j=abs(w[i]) */
- let k=Int((j-1)/2)
- s[0].copy(g[k]); s[1].copy(g[k]); s[1].conj()
- p.usqr()
- p.mul(s[Int(m&1)])
- }
- p.mul(c) /* apply correction */
- p.reduce()
- return p
- }
-
-
-
-
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/swift/fp2.swift
----------------------------------------------------------------------
diff --git a/version22/swift/fp2.swift b/version22/swift/fp2.swift
deleted file mode 100644
index cdc1711..0000000
--- a/version22/swift/fp2.swift
+++ /dev/null
@@ -1,329 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-//
-// fp2.swift
-//
-// Created by Michael Scott on 07/07/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-/* Finite Field arithmetic Fp^2 functions */
-
-/* FP2 elements are of the form a+ib, where i is sqrt(-1) */
-
-
-final class FP2
-{
- private var a:FP
- private var b:FP
-
- /* Constructors */
- init(_ c: Int)
- {
- a=FP(c)
- b=FP(0)
- }
-
- init(_ x:FP2)
- {
- a=FP(x.a)
- b=FP(x.b)
- }
-
- init(_ c:FP,_ d:FP)
- {
- a=FP(c)
- b=FP(d)
- }
-
- init(_ c:BIG,_ d:BIG)
- {
- a=FP(c)
- b=FP(d)
- }
-
- init(_ c:FP)
- {
- a=FP(c)
- b=FP(0)
- }
-
- init(_ c:BIG)
- {
- a=FP(c)
- b=FP(0)
- }
-
- /* test this=0 ? */
- func iszilch() -> Bool
- {
- reduce()
- return (a.iszilch() && b.iszilch())
- }
-
- func cmove(_ g:FP2,_ d:Int)
- {
- a.cmove(g.a,d)
- b.cmove(g.b,d)
- }
-
- /* test this=1 ? */
- func isunity() -> Bool
- {
- let one=FP(1)
- return (a.equals(one) && b.iszilch())
- }
-
- /* test this=x */
- func equals(_ x:FP2) -> Bool
- {
- return (a.equals(x.a) && b.equals(x.b));
- }
-
-
- /* reduce components mod Modulus */
- func reduce()
- {
- a.reduce()
- b.reduce()
- }
-
- /* normalise components of w */
- func norm()
- {
- a.norm()
- b.norm()
- }
-
- /* extract a */
- func getA() -> BIG
- {
- return a.redc()
- }
-
- /* extract b */
- func getB() -> BIG
- {
- return b.redc()
- }
-
- /* copy self=x */
- func copy(_ x:FP2)
- {
- a.copy(x.a)
- b.copy(x.b)
- }
-
- /* set self=0 */
- func zero()
- {
- a.zero()
- b.zero()
- }
-
- /* set self=1 */
- func one()
- {
- a.one()
- b.zero()
- }
-
- /* negate self mod Modulus */
- func neg()
- {
- norm();
- let m=FP(a)
- let t=FP(0)
-
- m.add(b)
- m.neg()
- m.norm()
- t.copy(m); t.add(b)
- b.copy(m)
- b.add(a)
- a.copy(t)
- }
-
- /* set to a-ib */
- func conj()
- {
- b.neg()
- }
-
- /* self+=a */
- func add(_ x:FP2)
- {
- a.add(x.a)
- b.add(x.b)
- }
-
- /* self-=a */
- func sub(_ x:FP2)
- {
- let m=FP2(x)
- m.neg()
- add(m)
- }
-
- /* self*=s, where s is an FP */
- func pmul(_ s:FP)
- {
- a.mul(s)
- b.mul(s)
- }
-
- /* self*=i, where i is an int */
- func imul(_ c:Int)
- {
- a.imul(c);
- b.imul(c);
- }
-
- /* self*=self */
- func sqr()
- {
- norm();
-
- let w1=FP(a)
- let w3=FP(a)
- let mb=FP(b)
- w3.mul(b)
- w1.add(b)
- mb.neg()
- a.add(mb)
- a.mul(w1)
- b.copy(w3); b.add(w3)
- norm()
- }
- /* self*=y */
- func mul(_ y:FP2)
- {
- norm(); /* This is needed here as {a,b} is not normed before additions */
-
- let w1=FP(a)
- let w2=FP(b)
- let w5=FP(a)
- let mw=FP(0)
-
- w1.mul(y.a) // w1=a*y.a - this norms w1 and y.a, NOT a
- w2.mul(y.b) // w2=b*y.b - this norms w2 and y.b, NOT b
- w5.add(b) // w5=a+b
- b.copy(y.a); b.add(y.b) // b=y.a+y.b
-
- b.mul(w5)
- mw.copy(w1); mw.add(w2); mw.neg()
-
- b.add(mw); mw.add(w1)
- a.copy(w1); a.add(mw)
-
- norm()
-
- }
-
- /* sqrt(a+ib) = sqrt(a+sqrt(a*a-n*b*b)/2)+ib/(2*sqrt(a+sqrt(a*a-n*b*b)/2)) */
- /* returns true if this is QR */
- func sqrt() -> Bool
- {
- if iszilch() {return true}
- var w1=FP(b)
- var w2=FP(a)
- w1.sqr(); w2.sqr(); w1.add(w2)
- if w1.jacobi() != 1 { zero(); return false; }
- w1=w1.sqrt()
- w2.copy(a); w2.add(w1); w2.div2()
- if w2.jacobi() != 1
- {
- w2.copy(a); w2.sub(w1); w2.div2()
- if w2.jacobi() != 1 { zero(); return false }
- }
- w2=w2.sqrt()
- a.copy(w2)
- w2.add(w2)
- w2.inverse()
- b.mul(w2)
- return true
- }
- /* output to hex string */
- func toString() -> String
- {
- return ("["+a.toString()+","+b.toString()+"]")
- }
-
- func toRawString() -> String
- {
- return ("["+a.toRawString()+","+b.toRawString()+"]")
- }
-
- /* self=1/self */
- func inverse()
- {
- norm();
- let w1=FP(a)
- let w2=FP(b)
-
- w1.sqr()
- w2.sqr()
- w1.add(w2)
- w1.inverse()
- a.mul(w1)
- w1.neg()
- b.mul(w1)
- }
-
- /* self/=2 */
- func div2()
- {
- a.div2();
- b.div2();
- }
-
- /* self*=sqrt(-1) */
- func times_i()
- {
- let z=FP(a)
- a.copy(b); a.neg()
- b.copy(z)
- }
-
- /* w*=(1+sqrt(-1)) */
- /* where X*2-(1+sqrt(-1)) is irreducible for FP4, assumes p=3 mod 8 */
- func mul_ip()
- {
- norm();
- let t=FP2(self)
- let z=FP(a)
- a.copy(b)
- a.neg()
- b.copy(z)
- add(t)
- norm()
- }
- /* w/=(1+sqrt(-1)) */
- func div_ip()
- {
- let t=FP2(0)
- norm()
- t.a.copy(a); t.a.add(b)
- t.b.copy(b); t.b.sub(a)
- copy(t)
- div2()
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/swift/fp4.swift
----------------------------------------------------------------------
diff --git a/version22/swift/fp4.swift b/version22/swift/fp4.swift
deleted file mode 100644
index 3cba394..0000000
--- a/version22/swift/fp4.swift
+++ /dev/null
@@ -1,517 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-//
-// fp4.swift
-//
-// Created by Michael Scott on 07/07/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-/* Finite Field arithmetic Fp^4 functions */
-
-/* FP4 elements are of the form a+ib, where i is sqrt(-1+sqrt(-1)) */
-
-final class FP4 {
- private final var a:FP2
- private final var b:FP2
-
- /* constructors */
- init(_ c:Int)
- {
- a=FP2(c)
- b=FP2(0)
- }
-
- init(_ x:FP4)
- {
- a=FP2(x.a)
- b=FP2(x.b)
- }
-
- init(_ c:FP2,_ d:FP2)
- {
- a=FP2(c)
- b=FP2(d)
- }
-
- init(_ c:FP2)
- {
- a=FP2(c)
- b=FP2(0)
- }
- /* reduce all components of this mod Modulus */
- func reduce()
- {
- a.reduce()
- b.reduce()
- }
- /* normalise all components of this mod Modulus */
- func norm()
- {
- a.norm()
- b.norm()
- }
- /* test this==0 ? */
- func iszilch() -> Bool
- {
- reduce()
- return a.iszilch() && b.iszilch()
- }
- /* test this==1 ? */
- func isunity() -> Bool
- {
- let one=FP2(1);
- return a.equals(one) && b.iszilch()
- }
-
- /* test is w real? That is in a+ib test b is zero */
- func isreal() -> Bool
- {
- return b.iszilch();
- }
- /* extract real part a */
- func real() -> FP2
- {
- return a;
- }
-
- func geta() -> FP2
- {
- return a;
- }
- /* extract imaginary part b */
- func getb() -> FP2
- {
- return b;
- }
- /* test self=x? */
- func equals(_ x:FP4) -> Bool
- {
- return a.equals(x.a) && b.equals(x.b)
- }
- /* copy self=x */
- func copy(_ x:FP4)
- {
- a.copy(x.a)
- b.copy(x.b)
- }
- /* set this=0 */
- func zero()
- {
- a.zero()
- b.zero()
- }
- /* set this=1 */
- func one()
- {
- a.one()
- b.zero()
- }
- /* set self=-self */
- func neg()
- {
- let m=FP2(a)
- let t=FP2(0)
- m.add(b)
- m.neg()
- m.norm()
- t.copy(m); t.add(b)
- b.copy(m)
- b.add(a)
- a.copy(t)
- }
- /* self=conjugate(self) */
- func conj()
- {
- b.neg(); b.norm()
- }
- /* this=-conjugate(this) */
- func nconj()
- {
- a.neg(); a.norm()
- }
- /* self+=x */
- func add(_ x:FP4)
- {
- a.add(x.a)
- b.add(x.b)
- }
- /* self-=x */
- func sub(_ x:FP4)
- {
- let m=FP4(x)
- m.neg()
- add(m)
- }
-
- /* self*=s where s is FP2 */
- func pmul(_ s:FP2)
- {
- a.mul(s)
- b.mul(s)
- }
- /* self*=c where c is int */
- func imul(_ c:Int)
- {
- a.imul(c)
- b.imul(c)
- }
- /* self*=self */
- func sqr()
- {
- norm();
-
- let t1=FP2(a)
- let t2=FP2(b)
- let t3=FP2(a)
-
- t3.mul(b)
- t1.add(b)
- t2.mul_ip()
-
- t2.add(a)
- a.copy(t1)
-
- a.mul(t2)
-
- t2.copy(t3)
- t2.mul_ip()
- t2.add(t3)
- t2.neg()
- a.add(t2)
-
- b.copy(t3)
- b.add(t3)
-
- norm()
- }
- /* self*=y */
- func mul(_ y:FP4)
- {
- norm();
-
- let t1=FP2(a)
- let t2=FP2(b)
- let t3=FP2(0)
- let t4=FP2(b)
-
- t1.mul(y.a)
- t2.mul(y.b)
- t3.copy(y.b)
- t3.add(y.a)
- t4.add(a)
-
- t4.mul(t3)
- t4.sub(t1)
- t4.norm()
-
- b.copy(t4)
- b.sub(t2)
- t2.mul_ip()
- a.copy(t2)
- a.add(t1)
-
- norm()
- }
- /* convert this to hex string */
- func toString() -> String
- {
- return ("["+a.toString()+","+b.toString()+"]")
- }
-
- func toRawString() -> String
- {
- return ("["+a.toRawString()+","+b.toRawString()+"]")
- }
- /* self=1/self */
- func inverse()
- {
- norm();
-
- let t1=FP2(a)
- let t2=FP2(b)
-
- t1.sqr()
- t2.sqr()
- t2.mul_ip()
- t1.sub(t2)
- t1.inverse()
- a.mul(t1)
- t1.neg()
- b.mul(t1)
- }
-
- /* self*=i where i = sqrt(-1+sqrt(-1)) */
- func times_i()
- {
- norm();
- let s=FP2(b)
- let t=FP2(b)
- s.times_i()
- t.add(s)
- t.norm()
- b.copy(a)
- a.copy(t)
- }
-
- /* self=self^p using Frobenius */
- func frob(_ f:FP2)
- {
- a.conj()
- b.conj()
- b.mul(f)
- }
- /* self=self^e */
- func pow(_ e:BIG) -> FP4
- {
- norm()
- e.norm()
- let w=FP4(self)
- let z=BIG(e)
- let r=FP4(1)
- while (true)
- {
- let bt=z.parity()
- z.fshr(1)
- if bt==1 {r.mul(w)}
- if z.iszilch() {break}
- w.sqr()
- }
- r.reduce()
- return r
- }
- /* XTR xtr_a function */
- func xtr_A(_ w:FP4,_ y:FP4,_ z:FP4)
- {
- let r=FP4(w)
- let t=FP4(w)
- r.sub(y)
- r.pmul(a)
- t.add(y)
- t.pmul(b)
- t.times_i()
-
- copy(r)
- add(t)
- add(z)
-
- norm()
- }
- /* XTR xtr_d function */
- func xtr_D()
- {
- let w=FP4(self)
- sqr(); w.conj()
- w.add(w)
- sub(w)
- reduce()
- }
- /* r=x^n using XTR method on traces of FP12s */
- func xtr_pow(_ n:BIG) -> FP4
- {
- let a=FP4(3)
- let b=FP4(self)
- let c=FP4(b)
- c.xtr_D()
- let t=FP4(0)
- let r=FP4(0)
-
- n.norm();
- let par=n.parity()
- let v=BIG(n); v.fshr(1)
- if par==0 {v.dec(1); v.norm()}
-
- let nb=v.nbits()
- //for i in (0...nb-1).reverse()
- var i=nb-1
- //for var i=nb-1;i>=0;i--
- while i>=0
- {
- if (v.bit(UInt(i)) != 1)
- {
- t.copy(b)
- conj()
- c.conj()
- b.xtr_A(a,self,c)
- conj()
- c.copy(t)
- c.xtr_D()
- a.xtr_D()
- }
- else
- {
- t.copy(a); t.conj()
- a.copy(b)
- a.xtr_D()
- b.xtr_A(c,self,t)
- c.xtr_D()
- }
- i-=1
- }
- if par==0 {r.copy(c)}
- else {r.copy(b)}
- r.reduce()
- return r
- }
-
- /* r=ck^a.cl^n using XTR double exponentiation method on traces of FP12s. See Stam thesis. */
- func xtr_pow2(_ ck:FP4,_ ckml:FP4,_ ckm2l:FP4,_ a:BIG,_ b:BIG) -> FP4
- {
- a.norm(); b.norm()
- let e=BIG(a)
- let d=BIG(b)
- let w=BIG(0)
-
- let cu=FP4(ck) // can probably be passed in w/o copying
- let cv=FP4(self)
- let cumv=FP4(ckml)
- let cum2v=FP4(ckm2l)
- var r=FP4(0)
- let t=FP4(0)
-
- var f2:Int=0
- while d.parity()==0 && e.parity()==0
- {
- d.fshr(1);
- e.fshr(1);
- f2 += 1;
- }
-
- while (BIG.comp(d,e) != 0)
- {
- if BIG.comp(d,e)>0
- {
- w.copy(e); w.imul(4); w.norm()
- if BIG.comp(d,w)<=0
- {
- w.copy(d); d.copy(e)
- e.rsub(w); e.norm()
-
- t.copy(cv)
- t.xtr_A(cu,cumv,cum2v)
- cum2v.copy(cumv)
- cum2v.conj()
- cumv.copy(cv)
- cv.copy(cu)
- cu.copy(t)
-
- }
- else if d.parity()==0
- {
- d.fshr(1)
- r.copy(cum2v); r.conj()
- t.copy(cumv)
- t.xtr_A(cu,cv,r)
- cum2v.copy(cumv)
- cum2v.xtr_D()
- cumv.copy(t)
- cu.xtr_D()
- }
- else if e.parity()==1
- {
- d.sub(e); d.norm()
- d.fshr(1)
- t.copy(cv)
- t.xtr_A(cu,cumv,cum2v)
- cu.xtr_D()
- cum2v.copy(cv)
- cum2v.xtr_D()
- cum2v.conj()
- cv.copy(t)
- }
- else
- {
- w.copy(d)
- d.copy(e); d.fshr(1)
- e.copy(w)
- t.copy(cumv)
- t.xtr_D()
- cumv.copy(cum2v); cumv.conj()
- cum2v.copy(t); cum2v.conj()
- t.copy(cv)
- t.xtr_D()
- cv.copy(cu)
- cu.copy(t)
- }
- }
- if BIG.comp(d,e)<0
- {
- w.copy(d); w.imul(4); w.norm()
- if BIG.comp(e,w)<=0
- {
- e.sub(d); e.norm()
- t.copy(cv)
- t.xtr_A(cu,cumv,cum2v)
- cum2v.copy(cumv)
- cumv.copy(cu)
- cu.copy(t)
- }
- else if e.parity()==0
- {
- w.copy(d)
- d.copy(e); d.fshr(1)
- e.copy(w)
- t.copy(cumv)
- t.xtr_D()
- cumv.copy(cum2v); cumv.conj()
- cum2v.copy(t); cum2v.conj()
- t.copy(cv)
- t.xtr_D()
- cv.copy(cu)
- cu.copy(t)
- }
- else if d.parity()==1
- {
- w.copy(e)
- e.copy(d)
- w.sub(d); w.norm()
- d.copy(w); d.fshr(1)
- t.copy(cv)
- t.xtr_A(cu,cumv,cum2v)
- cumv.conj()
- cum2v.copy(cu)
- cum2v.xtr_D()
- cum2v.conj()
- cu.copy(cv)
- cu.xtr_D()
- cv.copy(t)
- }
- else
- {
- d.fshr(1)
- r.copy(cum2v); r.conj()
- t.copy(cumv)
- t.xtr_A(cu,cv,r)
- cum2v.copy(cumv)
- cum2v.xtr_D()
- cumv.copy(t)
- cu.xtr_D()
- }
- }
- }
- r.copy(cv)
- r.xtr_A(cu,cumv,cum2v)
- for _ in 0 ..< f2
- {r.xtr_D()}
- r=r.xtr_pow(d)
- return r
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/swift/gcm.swift
----------------------------------------------------------------------
diff --git a/version22/swift/gcm.swift b/version22/swift/gcm.swift
deleted file mode 100644
index 15a6657..0000000
--- a/version22/swift/gcm.swift
+++ /dev/null
@@ -1,326 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-//
-// gcm.swift
-//
-// Created by Michael Scott on 23/06/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-import Foundation
-
-/*
-* Implementation of the AES-GCM Encryption/Authentication
-*
-* Some restrictions..
-* 1. Only for use with AES
-* 2. Returned tag is always 128-bits. Truncate at your own risk.
-* 3. The order of function calls must follow some rules
-*
-* Typical sequence of calls..
-* 1. call GCM_init
-* 2. call GCM_add_header any number of times, as long as length of header is multiple of 16 bytes (block size)
-* 3. call GCM_add_header one last time with any length of header
-* 4. call GCM_add_cipher any number of times, as long as length of cipher/plaintext is multiple of 16 bytes
-* 5. call GCM_add_cipher one last time with any length of cipher/plaintext
-* 6. call GCM_finish to extract the tag.
-*
-* See http://www.mindspring.com/~dmcgrew/gcm-nist-6.pdf
-*/
-
-final class GCM {
- static let NB:Int=4
- static let GCM_ACCEPTING_HEADER:Int=0
- static let GCM_ACCEPTING_CIPHER:Int=1
- static let GCM_NOT_ACCEPTING_MORE:Int=2
- static let GCM_FINISHED:Int=3
- static let GCM_ENCRYPTING:Int=0
- static let GCM_DECRYPTING:Int=1
-
- private var table=[[UInt32]](repeating: [UInt32](repeating: 0,count: 4),count: 128) /* 2k bytes */
- private var stateX=[UInt8](repeating: 0,count: 16)
- private var Y_0=[UInt8](repeating: 0,count: 16)
-
- private var counter:Int=0
- private var lenA=[UInt32](repeating: 0,count: 2)
- private var lenC=[UInt32](repeating: 0,count: 2)
- private var status:Int=0
- private var a=AES()
-
- private static func pack(_ b: [UInt8]) -> UInt32
- { /* pack bytes into a 32-bit Word */
- var r=((UInt32(b[0])&0xff)<<24)|((UInt32(b[1])&0xff)<<16)
- r = r|((UInt32(b[2])&0xff)<<8)|(UInt32(b[3])&0xff)
- return r
- }
-
- private static func unpack(_ a: UInt32) -> [UInt8]
- { /* unpack bytes from a word */
- let b:[UInt8]=[UInt8((a>>24)&0xff),UInt8((a>>16)&0xff),UInt8((a>>8)&0xff),UInt8(a&0xff)];
- return b
- }
-
- private func precompute(_ H: [UInt8])
- {
- var b=[UInt8](repeating: 0,count: 4)
- var j=0
- for i in 0 ..< GCM.NB
- {
- b[0]=H[j]; b[1]=H[j+1]; b[2]=H[j+2]; b[3]=H[j+3];
- table[0][i]=GCM.pack(b);
- j+=4
- }
- for i in 1 ..< 128
- {
- var c:UInt32=0
- for j in 0 ..< GCM.NB {table[i][j]=c|(table[i-1][j])>>1; c=table[i-1][j]<<31;}
- if c != 0 {table[i][0]^=0xE1000000} /* irreducible polynomial */
- }
- }
-
- private func gf2mul()
- { /* gf2m mul - Z=H*X mod 2^128 */
- var P=[UInt32](repeating: 0,count: 4)
-
- for i in 0 ..< 4 {P[i]=0}
- var j=8; var m=0;
- for i in 0 ..< 128
- {
- j-=1
- var c=UInt32((stateX[m]>>UInt8(j))&1); c = ( ~c ) + 1
- for k in 0 ..< GCM.NB {P[k]^=(table[i][k] & c)}
- if (j==0)
- {
- j=8; m += 1;
- if (m==16) {break}
- }
- }
- j=0
- for i in 0 ..< GCM.NB
- {
- var b=GCM.unpack(P[i])
- stateX[j]=b[0]; stateX[j+1]=b[1]; stateX[j+2]=b[2]; stateX[j+3]=b[3];
- j+=4
- }
- }
- private func wrap()
- { /* Finish off GHASH */
- var F=[UInt32](repeating: 0,count: 4)
- var L=[UInt8](repeating: 0,count: 16)
-
- /* convert lengths from bytes to bits */
- F[0]=(lenA[0]<<3)|(lenA[1]&0xE0000000)>>29
- F[1]=lenA[1]<<3;
- F[2]=(lenC[0]<<3)|(lenC[1]&0xE0000000)>>29
- F[3]=lenC[1]<<3;
- var j=0
- for i in 0 ..< GCM.NB
- {
- var b=GCM.unpack(F[i]);
- L[j]=b[0]; L[j+1]=b[1]; L[j+2]=b[2]; L[j+3]=b[3]
- j+=4
- }
- for i in 0 ..< 16 {stateX[i]^=L[i]}
- gf2mul()
- }
-
- private func ghash(_ plain: [UInt8],_ len: Int) -> Bool
- {
- // var B=[UInt8](count:16,repeatedValue:0)
-
- if status==GCM.GCM_ACCEPTING_HEADER {status=GCM.GCM_ACCEPTING_CIPHER}
- if (status != GCM.GCM_ACCEPTING_CIPHER) {return false}
-
- var j=0;
- while (j<len)
- {
- for i in 0 ..< 16
- {
- stateX[i]^=plain[j];
- j+=1;
- lenC[1]+=1; if lenC[1]==0 {lenC[0]+=1}
- if j>=len {break;}
- }
- gf2mul();
- }
- if len%16 != 0 {status=GCM.GCM_NOT_ACCEPTING_MORE}
- return true;
- }
-
- /* Initialize GCM mode */
- func init_it(_ key: [UInt8],_ niv: Int,_ iv: [UInt8])
- { /* iv size niv is usually 12 bytes (96 bits). AES key size nk can be 16,24 or 32 bytes */
- var H=[UInt8](repeating: 0,count: 16)
-
- for i in 0 ..< 16 {H[i]=0; stateX[i]=0}
-
- a.init_it(AES.ECB,key,iv)
- a.ecb_encrypt(&H); /* E(K,0) */
- precompute(H)
-
- lenA[0]=0;lenC[0]=0;lenA[1]=0;lenC[1]=0;
- if (niv==12)
- {
- for i in 0 ..< 12 {a.f[i]=iv[i]}
- var b=GCM.unpack(UInt32(1))
- a.f[12]=b[0]; a.f[13]=b[1]; a.f[14]=b[2]; a.f[15]=b[3]; /* initialise IV */
- for i in 0 ..< 16 {Y_0[i]=a.f[i]}
- }
- else
- {
- status=GCM.GCM_ACCEPTING_CIPHER;
- ghash(iv,niv) /* GHASH(H,0,IV) */
- wrap()
- for i in 0 ..< 16 {a.f[i]=stateX[i];Y_0[i]=a.f[i];stateX[i]=0}
- lenA[0]=0;lenC[0]=0;lenA[1]=0;lenC[1]=0;
- }
- status=GCM.GCM_ACCEPTING_HEADER;
- }
-
- /* Add Header data - included but not encrypted */
- func add_header(_ header: [UInt8],_ len: Int) -> Bool
- { /* Add some header. Won't be encrypted, but will be authenticated. len is length of header */
- if status != GCM.GCM_ACCEPTING_HEADER {return false}
-
- var j=0
- while (j<len)
- {
- for i in 0 ..< 16
- {
- stateX[i]^=header[j];
- j+=1;
- lenA[1]+=1; if lenA[1]==0 {lenA[0]+=1}
- if j>=len {break}
- }
- gf2mul();
- }
- if len%16 != 0 {status=GCM.GCM_ACCEPTING_CIPHER}
- return true;
- }
- /* Add Plaintext - included and encrypted */
- func add_plain(_ plain: [UInt8],_ len: Int) -> [UInt8]
- {
- var B=[UInt8](repeating: 0,count: 16)
- var b=[UInt8](repeating: 0,count: 4)
-
- var cipher=[UInt8](repeating: 0,count: len)
- var counter:UInt32=0
- if status == GCM.GCM_ACCEPTING_HEADER {status=GCM.GCM_ACCEPTING_CIPHER}
- if status != GCM.GCM_ACCEPTING_CIPHER {return [UInt8]()}
-
- var j=0
- while (j<len)
- {
-
- b[0]=a.f[12]; b[1]=a.f[13]; b[2]=a.f[14]; b[3]=a.f[15];
- counter=GCM.pack(b);
- counter+=1;
- b=GCM.unpack(counter);
- a.f[12]=b[0]; a.f[13]=b[1]; a.f[14]=b[2]; a.f[15]=b[3]; /* increment counter */
- for i in 0 ..< 16 {B[i]=a.f[i]}
- a.ecb_encrypt(&B); /* encrypt it */
-
- for i in 0 ..< 16
- {
- cipher[j]=(plain[j]^B[i]);
- stateX[i]^=cipher[j];
- j+=1;
- lenC[1]+=1; if lenC[1]==0 {lenC[0]+=1}
- if j>=len {break}
- }
- gf2mul();
- }
- if len%16 != 0 {status=GCM.GCM_NOT_ACCEPTING_MORE}
- return cipher;
- }
- /* Add Ciphertext - decrypts to plaintext */
- func add_cipher(_ cipher: [UInt8],_ len: Int) -> [UInt8]
- {
- var B=[UInt8](repeating: 0,count: 16)
- var b=[UInt8](repeating: 0,count: 4)
-
- var plain=[UInt8](repeating: 0,count: len)
- var counter:UInt32=0
-
- if status==GCM.GCM_ACCEPTING_HEADER {status=GCM.GCM_ACCEPTING_CIPHER}
- if status != GCM.GCM_ACCEPTING_CIPHER {return [UInt8]()}
-
- var j=0
- while (j<len)
- {
-
- b[0]=a.f[12]; b[1]=a.f[13]; b[2]=a.f[14]; b[3]=a.f[15];
- counter=GCM.pack(b);
- counter+=1;
- b=GCM.unpack(counter);
- a.f[12]=b[0]; a.f[13]=b[1]; a.f[14]=b[2]; a.f[15]=b[3]; /* increment counter */
- for i in 0 ..< 16 {B[i]=a.f[i]}
- a.ecb_encrypt(&B); /* encrypt it */
- for i in 0 ..< 16
- {
- let oc=cipher[j]
- plain[j]=(cipher[j]^B[i]);
- stateX[i]^=oc;
- j+=1;
- lenC[1]+=1; if lenC[1]==0 {lenC[0]+=1}
- if j>=len {break}
- }
- gf2mul()
- }
- if len%16 != 0 {status=GCM.GCM_NOT_ACCEPTING_MORE}
- return plain;
- }
-
- /* Finish and extract Tag */
- func finish(_ extract: Bool) -> [UInt8]
- { /* Finish off GHASH and extract tag (MAC) */
- var tag=[UInt8](repeating: 0,count: 16)
-
- wrap();
- /* extract tag */
- if (extract)
- {
- a.ecb_encrypt(&Y_0); /* E(K,Y0) */
- for i in 0 ..< 16 {Y_0[i]^=stateX[i]}
- for i in 0 ..< 16 {tag[i]=Y_0[i];Y_0[i]=0;stateX[i]=0;}
- }
- status=GCM.GCM_FINISHED;
- a.end();
- return tag;
- }
-
- static func hex2bytes(_ s: String) -> [UInt8]
- {
- var array=Array(arrayLiteral: s)
- let len=array.count;
- var data=[UInt8](repeating: 0,count: len/2)
-
- var i=0
- while (i<len)
- {
- data[i / 2] = UInt8(strtoul(String(array[i]),nil,16)<<4)+UInt8(strtoul(String(array[i+1]),nil,16))
- i+=2
- }
- return data;
- }
-
-
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/swift/hash256.swift
----------------------------------------------------------------------
diff --git a/version22/swift/hash256.swift b/version22/swift/hash256.swift
deleted file mode 100644
index 6140da5..0000000
--- a/version22/swift/hash256.swift
+++ /dev/null
@@ -1,188 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-//
-// hash256.swift - Implementation of SHA-256
-//
-// Created by Michael Scott on 17/06/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-// SHA256 Implementation
-//
-
-final class HASH256{
-
- private var length=[UInt32](repeating: 0,count: 2)
- private var h=[UInt32](repeating: 0,count: 8)
- private var w=[UInt32](repeating: 0,count: 64)
- static let H0:UInt32=0x6A09E667
- static let H1:UInt32=0xBB67AE85
- static let H2:UInt32=0x3C6EF372
- static let H3:UInt32=0xA54FF53A
- static let H4:UInt32=0x510E527F
- static let H5:UInt32=0x9B05688C
- static let H6:UInt32=0x1F83D9AB
- static let H7:UInt32=0x5BE0CD19
-
- static let len:Int=32
-
- static let K:[UInt32]=[
- 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5,0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5,
- 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3,0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174,
- 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc,0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da,
- 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7,0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967,
- 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13,0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85,
- 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3,0xd192e819,0xd6990624,0xf40e3585,0x106aa070,
- 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5,0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3,
- 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208,0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2]
-
-
- private static func S(_ n: UInt32,_ x: UInt32) -> UInt32
- {
- return ((x>>n)|(x<<(32-n)))
- }
-
- private static func R(_ n: UInt32,_ x: UInt32) -> UInt32
- {
- return (x>>n)
- }
-
- private static func Ch(_ x: UInt32,_ y: UInt32,_ z:UInt32) -> UInt32
- {
- return ((x&y)^(~(x)&z))
- }
-
- private static func Maj(_ x: UInt32,_ y: UInt32,_ z:UInt32) -> UInt32
- {
- return ((x&y)^(x&z)^(y&z))
- }
-
- private static func Sig0(_ x: UInt32) -> UInt32
- {
- return (S(2,x)^S(13,x)^S(22,x))
- }
-
- private static func Sig1(_ x: UInt32) -> UInt32
- {
- return (S(6,x)^S(11,x)^S(25,x))
- }
-
- private static func theta0(_ x: UInt32) -> UInt32
- {
- return (S(7,x)^S(18,x)^R(3,x))
- }
-
- private static func theta1(_ x: UInt32) -> UInt32
- {
- return (S(17,x)^S(19,x)^R(10,x))
- }
-
- private func transform()
- { /* basic transformation step */
- var a,b,c,d,e,f,g,hh,t1,t2 :UInt32
- for j in 16 ..< 64
- {
- w[j]=HASH256.theta1(w[j-2])&+w[j-7]&+HASH256.theta0(w[j-15])&+w[j-16]
- }
- a=h[0]; b=h[1]; c=h[2]; d=h[3]
- e=h[4]; f=h[5]; g=h[6]; hh=h[7]
-
- for j in 0 ..< 64
- { /* 64 times - mush it up */
- t1=hh&+HASH256.Sig1(e)&+HASH256.Ch(e,f,g)&+HASH256.K[j]&+w[j]
- t2=HASH256.Sig0(a)&+HASH256.Maj(a,b,c)
- hh=g; g=f; f=e;
- e=d&+t1;
- d=c;
- c=b;
- b=a;
- a=t1&+t2;
- }
- h[0]=h[0]&+a; h[1]=h[1]&+b; h[2]=h[2]&+c; h[3]=h[3]&+d
- h[4]=h[4]&+e; h[5]=h[5]&+f; h[6]=h[6]&+g; h[7]=h[7]&+hh;
- }
-
- /* Re-Initialise Hash function */
- func init_it()
- { /* initialise */
- for i in 0 ..< 64 {w[i]=0}
- length[0]=0; length[1]=0
- h[0]=HASH256.H0;
- h[1]=HASH256.H1;
- h[2]=HASH256.H2;
- h[3]=HASH256.H3;
- h[4]=HASH256.H4;
- h[5]=HASH256.H5;
- h[6]=HASH256.H6;
- h[7]=HASH256.H7;
- }
-
- init()
- {
- init_it()
- }
-
- /* process a single byte */
- func process(_ byt: UInt8)
- { /* process the next message byte */
- let cnt=Int((length[0]/32)%16)
- w[cnt]<<=8;
- w[cnt]|=(UInt32(byt)&0xFF);
- length[0]+=8;
- if (length[0]==0) { length[1] += 1; length[0]=0 }
- if ((length[0]%512)==0) {transform()}
- }
-
- /* process an array of bytes */
- func process_array(_ b: [UInt8])
- {
- for i in 0 ..< b.count {process((b[i]))}
- }
-
- /* process a 32-bit integer */
- func process_num(_ n:Int32)
- {
- process(UInt8((n>>24)&0xff))
- process(UInt8((n>>16)&0xff))
- process(UInt8((n>>8)&0xff))
- process(UInt8(n&0xff))
- }
-
- /* Generate 32-byte Hash */
- func hash() -> [UInt8]
- { /* pad message and finish - supply digest */
- var digest=[UInt8](repeating: 0,count: 32)
-
- let len0=length[0]
- let len1=length[1]
- process(0x80);
- while ((length[0]%512) != 448) {process(0)}
- w[14]=len1
- w[15]=len0;
- transform()
- for i in 0 ..< HASH256.len
- { /* convert to bytes */
- let r=(8*(3-UInt32(i)%4));
- digest[i]=UInt8((h[i/4]>>r) & 0xff);
- }
- init_it();
- return digest;
- }
-
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/swift/hash384.swift
----------------------------------------------------------------------
diff --git a/version22/swift/hash384.swift b/version22/swift/hash384.swift
deleted file mode 100644
index de89d4c..0000000
--- a/version22/swift/hash384.swift
+++ /dev/null
@@ -1,198 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-//
-// hash384.swift - Implementation of SHA-384
-//
-// Created by Michael Scott on 29/03/2016.
-// Copyright © 2016 Michael Scott. All rights reserved.
-//
-
-import Foundation
-
-final class HASH384{
-
- private var length=[UInt64](repeating: 0,count: 2)
- private var h=[UInt64](repeating: 0,count: 8)
- private var w=[UInt64](repeating: 0,count: 80)
- static let H0:UInt64=0xcbbb9d5dc1059ed8
- static let H1:UInt64=0x629a292a367cd507
- static let H2:UInt64=0x9159015a3070dd17
- static let H3:UInt64=0x152fecd8f70e5939
- static let H4:UInt64=0x67332667ffc00b31
- static let H5:UInt64=0x8eb44a8768581511
- static let H6:UInt64=0xdb0c2e0d64f98fa7
- static let H7:UInt64=0x47b5481dbefa4fa4
-
- static let len:Int=48
-
- static let K:[UInt64]=[
- 0x428a2f98d728ae22,0x7137449123ef65cd,0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc,
- 0x3956c25bf348b538,0x59f111f1b605d019,0x923f82a4af194f9b,0xab1c5ed5da6d8118,
- 0xd807aa98a3030242,0x12835b0145706fbe,0x243185be4ee4b28c,0x550c7dc3d5ffb4e2,
- 0x72be5d74f27b896f,0x80deb1fe3b1696b1,0x9bdc06a725c71235,0xc19bf174cf692694,
- 0xe49b69c19ef14ad2,0xefbe4786384f25e3,0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65,
- 0x2de92c6f592b0275,0x4a7484aa6ea6e483,0x5cb0a9dcbd41fbd4,0x76f988da831153b5,
- 0x983e5152ee66dfab,0xa831c66d2db43210,0xb00327c898fb213f,0xbf597fc7beef0ee4,
- 0xc6e00bf33da88fc2,0xd5a79147930aa725,0x06ca6351e003826f,0x142929670a0e6e70,
- 0x27b70a8546d22ffc,0x2e1b21385c26c926,0x4d2c6dfc5ac42aed,0x53380d139d95b3df,
- 0x650a73548baf63de,0x766a0abb3c77b2a8,0x81c2c92e47edaee6,0x92722c851482353b,
- 0xa2bfe8a14cf10364,0xa81a664bbc423001,0xc24b8b70d0f89791,0xc76c51a30654be30,
- 0xd192e819d6ef5218,0xd69906245565a910,0xf40e35855771202a,0x106aa07032bbd1b8,
- 0x19a4c116b8d2d0c8,0x1e376c085141ab53,0x2748774cdf8eeb99,0x34b0bcb5e19b48a8,
- 0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb,0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3,
- 0x748f82ee5defb2fc,0x78a5636f43172f60,0x84c87814a1f0ab72,0x8cc702081a6439ec,
- 0x90befffa23631e28,0xa4506cebde82bde9,0xbef9a3f7b2c67915,0xc67178f2e372532b,
- 0xca273eceea26619c,0xd186b8c721c0c207,0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178,
- 0x06f067aa72176fba,0x0a637dc5a2c898a6,0x113f9804bef90dae,0x1b710b35131c471b,
- 0x28db77f523047d84,0x32caab7b40c72493,0x3c9ebe0a15c9bebc,0x431d67c49c100d4c,
- 0x4cc5d4becb3e42b6,0x597f299cfc657e2a,0x5fcb6fab3ad6faec,0x6c44198c4a475817]
-
- private static func S(_ n: UInt32,_ x: UInt64) -> UInt64
- {
- return ((x>>UInt64(n))|(x<<(64-UInt64(n))))
- }
-
- private static func R(_ n: UInt32,_ x: UInt64) -> UInt64
- {
- return (x>>UInt64(n))
- }
-
- private static func Ch(_ x: UInt64,_ y: UInt64,_ z:UInt64) -> UInt64
- {
- return ((x&y)^(~(x)&z))
- }
-
- private static func Maj(_ x: UInt64,_ y: UInt64,_ z:UInt64) -> UInt64
- {
- return ((x&y)^(x&z)^(y&z))
- }
-
- private static func Sig0(_ x: UInt64) -> UInt64
- {
- return (S(28,x)^S(34,x)^S(39,x))
- }
-
- private static func Sig1(_ x: UInt64) -> UInt64
- {
- return (S(14,x)^S(18,x)^S(41,x))
- }
-
- private static func theta0(_ x: UInt64) -> UInt64
- {
- return (S(1,x)^S(8,x)^R(7,x))
- }
-
- private static func theta1(_ x: UInt64) -> UInt64
- {
- return (S(19,x)^S(61,x)^R(6,x))
- }
-
- private func transform()
- { /* basic transformation step */
- var a,b,c,d,e,f,g,hh,t1,t2 :UInt64
- for j in 16 ..< 80
- {
- w[j]=HASH384.theta1(w[j-2])&+w[j-7]&+HASH384.theta0(w[j-15])&+w[j-16]
- }
- a=h[0]; b=h[1]; c=h[2]; d=h[3]
- e=h[4]; f=h[5]; g=h[6]; hh=h[7]
-
- for j in 0 ..< 80
- { /* 64 times - mush it up */
- t1=hh&+HASH384.Sig1(e)&+HASH384.Ch(e,f,g)&+HASH384.K[j]&+w[j]
- t2=HASH384.Sig0(a)&+HASH384.Maj(a,b,c)
- hh=g; g=f; f=e;
- e=d&+t1;
- d=c;
- c=b;
- b=a;
- a=t1&+t2;
- }
- h[0]=h[0]&+a; h[1]=h[1]&+b; h[2]=h[2]&+c; h[3]=h[3]&+d
- h[4]=h[4]&+e; h[5]=h[5]&+f; h[6]=h[6]&+g; h[7]=h[7]&+hh;
- }
-
- /* Re-Initialise Hash function */
- func init_it()
- { /* initialise */
- for i in 0 ..< 80 {w[i]=0}
- length[0]=0; length[1]=0
- h[0]=HASH384.H0;
- h[1]=HASH384.H1;
- h[2]=HASH384.H2;
- h[3]=HASH384.H3;
- h[4]=HASH384.H4;
- h[5]=HASH384.H5;
- h[6]=HASH384.H6;
- h[7]=HASH384.H7;
- }
-
- init()
- {
- init_it()
- }
-
- /* process a single byte */
- func process(_ byt: UInt8)
- { /* process the next message byte */
- let cnt=Int((length[0]/64)%16)
- w[cnt]<<=8;
- w[cnt]|=(UInt64(byt)&0xFF);
- length[0]+=8;
- if (length[0]==0) { length[1] += 1; length[0]=0 }
- if ((length[0]%1024)==0) {transform()}
- }
-
- /* process an array of bytes */
- func process_array(_ b: [UInt8])
- {
- for i in 0 ..< b.count {process((b[i]))}
- }
-
- /* process a 32-bit integer */
- func process_num(_ n:Int32)
- {
- process(UInt8((n>>24)&0xff))
- process(UInt8((n>>16)&0xff))
- process(UInt8((n>>8)&0xff))
- process(UInt8(n&0xff))
- }
-
- /* Generate 48-byte Hash */
- func hash() -> [UInt8]
- { /* pad message and finish - supply digest */
- var digest=[UInt8](repeating: 0,count: 48)
-
- let len0=length[0]
- let len1=length[1]
- process(0x80);
- while ((length[0]%1024) != 896) {process(0)}
- w[14]=len1
- w[15]=len0;
- transform()
- for i in 0 ..< HASH384.len
- { /* convert to bytes */
- digest[i]=UInt8((h[i/8]>>(8*(7-UInt64(i)%8))) & 0xff);
- }
- init_it();
- return digest;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/swift/hash512.swift
----------------------------------------------------------------------
diff --git a/version22/swift/hash512.swift b/version22/swift/hash512.swift
deleted file mode 100644
index 634f944..0000000
--- a/version22/swift/hash512.swift
+++ /dev/null
@@ -1,198 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-//
-// hash512.swift - Implementation of SHA-512
-//
-// Created by Michael Scott on 29/03/2016.
-// Copyright © 2016 Michael Scott. All rights reserved.
-//
-
-import Foundation
-
-final class HASH512{
-
- private var length=[UInt64](repeating: 0,count: 2)
- private var h=[UInt64](repeating: 0,count: 8)
- private var w=[UInt64](repeating: 0,count: 80)
- static let H0:UInt64=0x6a09e667f3bcc908
- static let H1:UInt64=0xbb67ae8584caa73b
- static let H2:UInt64=0x3c6ef372fe94f82b
- static let H3:UInt64=0xa54ff53a5f1d36f1
- static let H4:UInt64=0x510e527fade682d1
- static let H5:UInt64=0x9b05688c2b3e6c1f
- static let H6:UInt64=0x1f83d9abfb41bd6b
- static let H7:UInt64=0x5be0cd19137e2179
-
- static let len:Int=64
-
- static let K:[UInt64]=[
- 0x428a2f98d728ae22,0x7137449123ef65cd,0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc,
- 0x3956c25bf348b538,0x59f111f1b605d019,0x923f82a4af194f9b,0xab1c5ed5da6d8118,
- 0xd807aa98a3030242,0x12835b0145706fbe,0x243185be4ee4b28c,0x550c7dc3d5ffb4e2,
- 0x72be5d74f27b896f,0x80deb1fe3b1696b1,0x9bdc06a725c71235,0xc19bf174cf692694,
- 0xe49b69c19ef14ad2,0xefbe4786384f25e3,0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65,
- 0x2de92c6f592b0275,0x4a7484aa6ea6e483,0x5cb0a9dcbd41fbd4,0x76f988da831153b5,
- 0x983e5152ee66dfab,0xa831c66d2db43210,0xb00327c898fb213f,0xbf597fc7beef0ee4,
- 0xc6e00bf33da88fc2,0xd5a79147930aa725,0x06ca6351e003826f,0x142929670a0e6e70,
- 0x27b70a8546d22ffc,0x2e1b21385c26c926,0x4d2c6dfc5ac42aed,0x53380d139d95b3df,
- 0x650a73548baf63de,0x766a0abb3c77b2a8,0x81c2c92e47edaee6,0x92722c851482353b,
- 0xa2bfe8a14cf10364,0xa81a664bbc423001,0xc24b8b70d0f89791,0xc76c51a30654be30,
- 0xd192e819d6ef5218,0xd69906245565a910,0xf40e35855771202a,0x106aa07032bbd1b8,
- 0x19a4c116b8d2d0c8,0x1e376c085141ab53,0x2748774cdf8eeb99,0x34b0bcb5e19b48a8,
- 0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb,0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3,
- 0x748f82ee5defb2fc,0x78a5636f43172f60,0x84c87814a1f0ab72,0x8cc702081a6439ec,
- 0x90befffa23631e28,0xa4506cebde82bde9,0xbef9a3f7b2c67915,0xc67178f2e372532b,
- 0xca273eceea26619c,0xd186b8c721c0c207,0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178,
- 0x06f067aa72176fba,0x0a637dc5a2c898a6,0x113f9804bef90dae,0x1b710b35131c471b,
- 0x28db77f523047d84,0x32caab7b40c72493,0x3c9ebe0a15c9bebc,0x431d67c49c100d4c,
- 0x4cc5d4becb3e42b6,0x597f299cfc657e2a,0x5fcb6fab3ad6faec,0x6c44198c4a475817]
-
- private static func S(_ n: UInt32,_ x: UInt64) -> UInt64
- {
- return ((x>>UInt64(n))|(x<<(64-UInt64(n))))
- }
-
- private static func R(_ n: UInt32,_ x: UInt64) -> UInt64
- {
- return (x>>UInt64(n))
- }
-
- private static func Ch(_ x: UInt64,_ y: UInt64,_ z:UInt64) -> UInt64
- {
- return ((x&y)^(~(x)&z))
- }
-
- private static func Maj(_ x: UInt64,_ y: UInt64,_ z:UInt64) -> UInt64
- {
- return ((x&y)^(x&z)^(y&z))
- }
-
- private static func Sig0(_ x: UInt64) -> UInt64
- {
- return (S(28,x)^S(34,x)^S(39,x))
- }
-
- private static func Sig1(_ x: UInt64) -> UInt64
- {
- return (S(14,x)^S(18,x)^S(41,x))
- }
-
- private static func theta0(_ x: UInt64) -> UInt64
- {
- return (S(1,x)^S(8,x)^R(7,x))
- }
-
- private static func theta1(_ x: UInt64) -> UInt64
- {
- return (S(19,x)^S(61,x)^R(6,x))
- }
-
- private func transform()
- { /* basic transformation step */
- var a,b,c,d,e,f,g,hh,t1,t2 :UInt64
- for j in 16 ..< 80
- {
- w[j]=HASH512.theta1(w[j-2])&+w[j-7]&+HASH512.theta0(w[j-15])&+w[j-16]
- }
- a=h[0]; b=h[1]; c=h[2]; d=h[3]
- e=h[4]; f=h[5]; g=h[6]; hh=h[7]
-
- for j in 0 ..< 80
- { /* 64 times - mush it up */
- t1=hh&+HASH512.Sig1(e)&+HASH512.Ch(e,f,g)&+HASH512.K[j]&+w[j]
- t2=HASH512.Sig0(a)&+HASH512.Maj(a,b,c)
- hh=g; g=f; f=e;
- e=d&+t1;
- d=c;
- c=b;
- b=a;
- a=t1&+t2;
- }
- h[0]=h[0]&+a; h[1]=h[1]&+b; h[2]=h[2]&+c; h[3]=h[3]&+d
- h[4]=h[4]&+e; h[5]=h[5]&+f; h[6]=h[6]&+g; h[7]=h[7]&+hh;
- }
-
- /* Re-Initialise Hash function */
- func init_it()
- { /* initialise */
- for i in 0 ..< 80 {w[i]=0}
- length[0]=0; length[1]=0
- h[0]=HASH512.H0;
- h[1]=HASH512.H1;
- h[2]=HASH512.H2;
- h[3]=HASH512.H3;
- h[4]=HASH512.H4;
- h[5]=HASH512.H5;
- h[6]=HASH512.H6;
- h[7]=HASH512.H7;
- }
-
- init()
- {
- init_it()
- }
-
- /* process a single byte */
- func process(_ byt: UInt8)
- { /* process the next message byte */
- let cnt=Int((length[0]/64)%16)
- w[cnt]<<=8;
- w[cnt]|=(UInt64(byt)&0xFF);
- length[0]+=8;
- if (length[0]==0) { length[1] += 1; length[0]=0 }
- if ((length[0]%1024)==0) {transform()}
- }
-
- /* process an array of bytes */
- func process_array(_ b: [UInt8])
- {
- for i in 0 ..< b.count {process((b[i]))}
- }
-
- /* process a 32-bit integer */
- func process_num(_ n:Int32)
- {
- process(UInt8((n>>24)&0xff))
- process(UInt8((n>>16)&0xff))
- process(UInt8((n>>8)&0xff))
- process(UInt8(n&0xff))
- }
-
- /* Generate 48-byte Hash */
- func hash() -> [UInt8]
- { /* pad message and finish - supply digest */
- var digest=[UInt8](repeating: 0,count: 64)
-
- let len0=length[0]
- let len1=length[1]
- process(0x80);
- while ((length[0]%1024) != 896) {process(0)}
- w[14]=len1
- w[15]=len0;
- transform()
- for i in 0 ..< HASH512.len
- { /* convert to bytes */
- digest[i]=UInt8((h[i/8]>>(8*(7-UInt64(i)%8))) & 0xff);
- }
- init_it();
- return digest;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/swift/main.swift
----------------------------------------------------------------------
diff --git a/version22/swift/main.swift b/version22/swift/main.swift
deleted file mode 100644
index e464a0e..0000000
--- a/version22/swift/main.swift
+++ /dev/null
@@ -1,13 +0,0 @@
-//
-// main.swift
-//
-// Created by Michael Scott on 12/06/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-BenchtestPAIR()
-BenchtestEC()
-TestRSA()
-TestECDH()
-TestMPIN()
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/swift/mpin.swift
----------------------------------------------------------------------
diff --git a/version22/swift/mpin.swift b/version22/swift/mpin.swift
deleted file mode 100644
index c4bc28e..0000000
--- a/version22/swift/mpin.swift
+++ /dev/null
@@ -1,833 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-//
-// mpin.swift
-//
-// Created by Michael Scott on 08/07/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-
-import Foundation
-
-final public class MPIN
-{
- static public let EFS=Int(ROM.MODBYTES)
- static public let EGS=Int(ROM.MODBYTES)
- static public let PAS:Int=16
- static let INVALID_POINT:Int = -14
- static let BAD_PARAMS:Int = -11
- static let WRONG_ORDER:Int = -18
- static public let BAD_PIN:Int = -19
- static public let SHA256=32
- static public let SHA384=48
- static public let SHA512=64
-
- /* Configure your PIN here */
-
- static let MAXPIN:Int32 = 10000 // PIN less than this
- static let PBLEN:Int32 = 14 // Number of bits in PIN
- static let TS:Int = 10 // 10 for 4 digit PIN, 14 for 6-digit PIN - 2^TS/TS approx = sqrt(MAXPIN)
- static let TRAP:Int = 200 // 200 for 4 digit PIN, 2000 for 6-digit PIN - approx 2*sqrt(MAXPIN)
-
- static public let HASH_TYPE=SHA256
-
- private static func mpin_hash(_ sha:Int,_ c: FP4,_ U: ECP) -> [UInt8]
- {
- var w=[UInt8](repeating: 0,count: EFS)
- var t=[UInt8](repeating: 0,count: 6*EFS)
- var h=[UInt8]()
-
- c.geta().getA().toBytes(&w); for i in 0 ..< EFS {t[i]=w[i]}
- c.geta().getB().toBytes(&w); for i in EFS ..< 2*EFS {t[i]=w[i-EFS]}
- c.getb().getA().toBytes(&w); for i in 2*EFS ..< 3*EFS {t[i]=w[i-2*EFS]}
- c.getb().getB().toBytes(&w); for i in 3*EFS ..< 4*EFS {t[i]=w[i-3*EFS]}
-
- U.getX().toBytes(&w); for i in 4*EFS ..< 5*EFS {t[i]=w[i-4*EFS]}
- U.getY().toBytes(&w); for i in 5*EFS ..< 6*EFS {t[i]=w[i-5*EFS]}
-
- if sha==SHA256
- {
- let H=HASH256()
- H.process_array(t)
- h=H.hash()
- }
- if sha==SHA384
- {
- let H=HASH384()
- H.process_array(t)
- h=H.hash()
- }
- if sha==SHA512
- {
- let H=HASH512()
- H.process_array(t)
- h=H.hash()
- }
- if h.isEmpty {return h}
- var R=[UInt8](repeating: 0,count: PAS)
- for i in 0 ..< PAS {R[i]=h[i]}
- return R
- }
-
- // Hash number (optional) and string to point on curve
-
- private static func hashit(_ sha:Int,_ n:Int32,_ ID:[UInt8]) -> [UInt8]
- {
- var R=[UInt8]()
- if sha==SHA256
- {
- let H=HASH256()
- if n != 0 {H.process_num(n)}
- H.process_array(ID)
- R=H.hash()
- }
- if sha==SHA384
- {
- let H=HASH384()
- if n != 0 {H.process_num(n)}
- H.process_array(ID)
- R=H.hash()
- }
- if sha==SHA512
- {
- let H=HASH512()
- if n != 0 {H.process_num(n)}
- H.process_array(ID)
- R=H.hash()
- }
- if R.isEmpty {return R}
- let RM=Int(ROM.MODBYTES)
- var W=[UInt8](repeating: 0,count: RM)
- if sha >= RM
- {
- for i in 0 ..< RM {W[i]=R[i]}
- }
- else
- {
- for i in 0 ..< sha {W[i]=R[i]}
- }
- return W
- }
-
- static func mapit(_ h:[UInt8]) -> ECP
- {
- let q=BIG(ROM.Modulus)
- let x=BIG.fromBytes(h)
- x.mod(q)
- var P=ECP(x,0)
- while (true)
- {
- if !P.is_infinity() {break}
- x.inc(1); x.norm();
- P=ECP(x,0);
- }
- if ROM.CURVE_PAIRING_TYPE != ROM.BN_CURVE {
- let c=BIG(ROM.CURVE_Cof)
- P=P.mul(c)
- }
-
- return P
- }
-
- // needed for SOK
- static func mapit2(_ h:[UInt8]) -> ECP2
- {
- let q=BIG(ROM.Modulus)
- var x=BIG.fromBytes(h)
- let one=BIG(1)
- var Q=ECP2()
- x.mod(q);
- while (true)
- {
- let X=FP2(one,x);
- Q=ECP2(X);
- if !Q.is_infinity() {break}
- x.inc(1); x.norm();
- }
- // Fast Hashing to G2 - Fuentes-Castaneda, Knapp and Rodriguez-Henriquez
- let Fra=BIG(ROM.CURVE_Fra);
- let Frb=BIG(ROM.CURVE_Frb);
- let X=FP2(Fra,Frb);
- x=BIG(ROM.CURVE_Bnx);
-
- let T=ECP2(); T.copy(Q)
- T.mul(x); T.neg()
- let K=ECP2(); K.copy(T)
- K.dbl(); K.add(T); K.affine()
-
- K.frob(X)
- Q.frob(X); Q.frob(X); Q.frob(X)
- Q.add(T); Q.add(K)
- T.frob(X); T.frob(X)
- Q.add(T)
- Q.affine()
- return Q
- }
-
- // return time in slots since epoch
- static public func today() -> Int32
- {
- let date=Date()
- return (Int32(date.timeIntervalSince1970/(60*1440)))
- }
-
- // these next two functions help to implement elligator squared - http://eprint.iacr.org/2014/043
- // maps a random u to a point on the curve
- static func map(_ u:BIG,_ cb:Int) -> ECP
- {
- let x=BIG(u)
- let p=BIG(ROM.Modulus)
- x.mod(p)
- var P=ECP(x,cb)
- while (true)
- {
- if !P.is_infinity() {break}
- x.inc(1); x.norm()
- P=ECP(x,cb)
- }
- return P
- }
-
- // returns u derived from P. Random value in range 1 to return value should then be added to u
- static func unmap(_ u:inout BIG,_ P:ECP) -> Int
- {
- let s=P.getS()
- var r:Int32=0
- let x=P.getX()
- u.copy(x)
- var R=ECP()
- while (true)
- {
- u.dec(1); u.norm()
- r += 1
- R=ECP(u,s)
- if !R.is_infinity() {break}
- }
- return Int(r)
- }
-
- static public func HASH_ID(_ sha:Int,_ ID:[UInt8]) -> [UInt8]
- {
- return hashit(sha,0,ID)
- }
-
- // these next two functions implement elligator squared - http://eprint.iacr.org/2014/043
- // Elliptic curve point E in format (0x04,x,y} is converted to form {0x0-,u,v}
- // Note that u and v are indistinguisible from random strings
- static public func ENCODING(_ rng:RAND,_ E:inout [UInt8]) -> Int
- {
- var T=[UInt8](repeating: 0,count: EFS)
-
- for i in 0 ..< EFS {T[i]=E[i+1]}
- var u=BIG.fromBytes(T);
- for i in 0 ..< EFS {T[i]=E[i+EFS+1]}
- var v=BIG.fromBytes(T)
-
- let P=ECP(u,v);
- if P.is_infinity() {return INVALID_POINT}
-
- let p=BIG(ROM.Modulus)
- u=BIG.randomnum(p,rng)
-
- var su=rng.getByte();
- su%=2
-
- let W=MPIN.map(u,Int(su))
- P.sub(W);
- let sv=P.getS();
- let rn=MPIN.unmap(&v,P)
- let m=rng.getByte();
- let incr=1+Int(m)%rn
- v.inc(incr)
- E[0]=(su+UInt8(2*sv))
- u.toBytes(&T)
- for i in 0 ..< EFS {E[i+1]=T[i]}
- v.toBytes(&T)
- for i in 0 ..< EFS {E[i+EFS+1]=T[i]}
-
- return 0;
- }
-
- static public func DECODING(_ D:inout [UInt8]) -> Int
- {
- var T=[UInt8](repeating: 0,count: EFS)
-
- if (D[0]&0x04) != 0 {return INVALID_POINT}
-
- for i in 0 ..< EFS {T[i]=D[i+1]}
- var u=BIG.fromBytes(T)
- for i in 0 ..< EFS {T[i]=D[i+EFS+1]}
- var v=BIG.fromBytes(T)
-
- let su=D[0]&1
- let sv=(D[0]>>1)&1
- let W=map(u,Int(su))
- let P=map(v,Int(sv))
- P.add(W)
- u=P.getX()
- v=P.getY()
- D[0]=0x04
- u.toBytes(&T);
- for i in 0 ..< EFS {D[i+1]=T[i]}
- v.toBytes(&T)
- for i in 0 ..< EFS {D[i+EFS+1]=T[i]}
-
- return 0
- }
- // R=R1+R2 in group G1
- static public func RECOMBINE_G1(_ R1:[UInt8],_ R2:[UInt8],_ R:inout [UInt8]) -> Int
- {
- let P=ECP.fromBytes(R1)
- let Q=ECP.fromBytes(R2)
-
- if P.is_infinity() || Q.is_infinity() {return INVALID_POINT}
-
- P.add(Q)
-
- P.toBytes(&R)
- return 0;
- }
- // W=W1+W2 in group G2
- static public func RECOMBINE_G2(_ W1:[UInt8],_ W2:[UInt8],_ W:inout [UInt8]) -> Int
- {
- let P=ECP2.fromBytes(W1)
- let Q=ECP2.fromBytes(W2)
-
- if P.is_infinity() || Q.is_infinity() {return INVALID_POINT}
-
- P.add(Q)
-
- P.toBytes(&W)
- return 0
- }
- // create random secret S
- static public func RANDOM_GENERATE(_ rng:RAND,_ S:inout [UInt8]) -> Int
- {
- let r=BIG(ROM.CURVE_Order)
- let s=BIG.randomnum(r,rng)
- if ROM.AES_S>0
- {
- s.mod2m(2*ROM.AES_S)
- }
- s.toBytes(&S);
- return 0;
- }
- // Extract PIN from TOKEN for identity CID
- static public func EXTRACT_PIN(_ sha:Int,_ CID:[UInt8],_ pin:Int32,_ TOKEN:inout [UInt8]) -> Int
- {
- let P=ECP.fromBytes(TOKEN)
- if P.is_infinity() {return INVALID_POINT}
- let h=MPIN.hashit(sha,0,CID)
- var R=MPIN.mapit(h)
-
- R=R.pinmul(pin%MAXPIN,MPIN.PBLEN)
- P.sub(R)
-
- P.toBytes(&TOKEN)
-
- return 0
- }
- // Implement step 2 on client side of MPin protocol
- static public func CLIENT_2(_ X:[UInt8],_ Y:[UInt8],_ SEC:inout [UInt8]) -> Int
- {
- let r=BIG(ROM.CURVE_Order)
- var P=ECP.fromBytes(SEC)
- if P.is_infinity() {return INVALID_POINT}
-
- let px=BIG.fromBytes(X)
- let py=BIG.fromBytes(Y)
- px.add(py)
- px.mod(r)
- // px.rsub(r)
-
- P=PAIR.G1mul(P,px)
- P.neg()
- P.toBytes(&SEC);
- // PAIR.G1mul(P,px).toBytes(&SEC)
- return 0
- }
-
- // Implement step 1 on client side of MPin protocol
- static public func CLIENT_1(_ sha:Int,_ date:Int32,_ CLIENT_ID:[UInt8],_ rng:RAND?,_ X:inout [UInt8],_ pin:Int32,_ TOKEN:[UInt8],_ SEC:inout [UInt8],_ xID:inout [UInt8]?,_ xCID:inout [UInt8]?,_ PERMIT:[UInt8]) -> Int
- {
- let r=BIG(ROM.CURVE_Order)
- // let q=BIG(ROM.Modulus)
- var x:BIG
- if rng != nil
- {
- x=BIG.randomnum(r,rng!)
- if ROM.AES_S>0
- {
- x.mod2m(2*ROM.AES_S)
- }
- x.toBytes(&X);
- }
- else
- {
- x=BIG.fromBytes(X);
- }
- // var t=[UInt8](count:EFS,repeatedValue:0)
-
- var h=MPIN.hashit(sha,0,CLIENT_ID)
- var P=mapit(h);
-
- let T=ECP.fromBytes(TOKEN);
- if T.is_infinity() {return INVALID_POINT}
-
- var W=P.pinmul(pin%MPIN.MAXPIN,MPIN.PBLEN)
- T.add(W)
- if date != 0
- {
- W=ECP.fromBytes(PERMIT)
- if W.is_infinity() {return INVALID_POINT}
- T.add(W);
- h=MPIN.hashit(sha,date,h)
- W=MPIN.mapit(h);
- if xID != nil
- {
- P=PAIR.G1mul(P,x)
- P.toBytes(&xID!)
- W=PAIR.G1mul(W,x)
- P.add(W)
- }
- else
- {
- P.add(W);
- P=PAIR.G1mul(P,x);
- }
- if xCID != nil {P.toBytes(&xCID!)}
- }
- else
- {
- if xID != nil
- {
- P=PAIR.G1mul(P,x)
- P.toBytes(&xID!)
- }
- }
-
-
- T.toBytes(&SEC);
- return 0;
- }
- // Extract Server Secret SST=S*Q where Q is fixed generator in G2 and S is master secret
- static public func GET_SERVER_SECRET(_ S:[UInt8],_ SST:inout [UInt8]) -> Int
- {
- var Q=ECP2(FP2(BIG(ROM.CURVE_Pxa),BIG(ROM.CURVE_Pxb)),FP2(BIG(ROM.CURVE_Pya),BIG(ROM.CURVE_Pyb)))
-
- let s=BIG.fromBytes(S)
- Q=PAIR.G2mul(Q,s)
- Q.toBytes(&SST)
- return 0
- }
-
-
- //W=x*H(G);
- //if RNG == NULL then X is passed in
- //if RNG != NULL the X is passed out
- //if type=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve
-
- static public func GET_G1_MULTIPLE(_ rng:RAND?,_ type:Int,_ X:inout [UInt8],_ G:[UInt8],_ W:inout [UInt8]) -> Int
- {
- var x:BIG
- let r=BIG(ROM.CURVE_Order)
- if rng != nil
- {
- x=BIG.randomnum(r,rng!)
- if ROM.AES_S>0
- {
- x.mod2m(2*ROM.AES_S)
- }
- x.toBytes(&X)
- }
- else
- {
- x=BIG.fromBytes(X);
- }
- var P:ECP
- if type==0
- {
- P=ECP.fromBytes(G)
- if P.is_infinity() {return INVALID_POINT}
- }
- else
- {P=MPIN.mapit(G)}
-
- PAIR.G1mul(P,x).toBytes(&W)
- return 0;
- }
- // Client secret CST=S*H(CID) where CID is client ID and S is master secret
- // CID is hashed externally
- static public func GET_CLIENT_SECRET(_ S:inout [UInt8],_ CID:[UInt8],_ CST:inout [UInt8]) -> Int
- {
- return GET_G1_MULTIPLE(nil,1,&S,CID,&CST)
- }
- // Time Permit CTT=S*(date|H(CID)) where S is master secret
- static public func GET_CLIENT_PERMIT(_ sha:Int,_ date:Int32,_ S:[UInt8],_ CID:[UInt8],_ CTT:inout [UInt8]) -> Int
- {
- let h=MPIN.hashit(sha,date,CID)
- let P=MPIN.mapit(h)
-
- let s=BIG.fromBytes(S)
- PAIR.G1mul(P,s).toBytes(&CTT)
- return 0;
- }
-
- // Outputs H(CID) and H(T|H(CID)) for time permits. If no time permits set HID=HTID
- static public func SERVER_1(_ sha:Int,_ date:Int32,_ CID:[UInt8],_ HID:inout [UInt8],_ HTID:inout [UInt8])
- {
- var h=MPIN.hashit(sha,0,CID)
- let P=MPIN.mapit(h)
-
- P.toBytes(&HID)
- if date != 0
- {
- // if HID != nil {P.toBytes(&HID!)}
- h=hashit(sha,date,h)
- let R=MPIN.mapit(h)
- P.add(R)
- P.toBytes(&HTID)
- }
- //else {P.toBytes(&HID!)}
- }
- // Implement step 2 of MPin protocol on server side
- static public func SERVER_2(_ date:Int32,_ HID:[UInt8]?,_ HTID:[UInt8]?,_ Y:[UInt8],_ SST:[UInt8],_ xID:[UInt8]?,_ xCID:[UInt8]?,_ mSEC:[UInt8],_ E:inout [UInt8]?,_ F:inout [UInt8]?) -> Int
- {
- // _=BIG(ROM.Modulus);
- let Q=ECP2(FP2(BIG(ROM.CURVE_Pxa),BIG(ROM.CURVE_Pxb)),FP2(BIG(ROM.CURVE_Pya),BIG(ROM.CURVE_Pyb)))
- let sQ=ECP2.fromBytes(SST)
- if sQ.is_infinity() {return INVALID_POINT}
-
- var R:ECP
- if date != 0
- {R=ECP.fromBytes(xCID!)}
- else
- {
- if xID==nil {return MPIN.BAD_PARAMS}
- R=ECP.fromBytes(xID!)
- }
- if R.is_infinity() {return INVALID_POINT}
-
- let y=BIG.fromBytes(Y)
- var P:ECP
- if date != 0 {P=ECP.fromBytes(HTID!)}
- else
- {
- if HID==nil {return MPIN.BAD_PARAMS}
- P=ECP.fromBytes(HID!)
- }
-
- if P.is_infinity() {return INVALID_POINT}
-
- P=PAIR.G1mul(P,y)
- P.add(R)
- R=ECP.fromBytes(mSEC)
- if R.is_infinity() {return MPIN.INVALID_POINT}
-
-
- var g=PAIR.ate2(Q,R,sQ,P)
- g=PAIR.fexp(g)
-
- if !g.isunity()
- {
- if HID != nil && xID != nil && E != nil && F != nil
- {
- g.toBytes(&E!)
- if date != 0
- {
- P=ECP.fromBytes(HID!)
- if P.is_infinity() {return MPIN.INVALID_POINT}
- R=ECP.fromBytes(xID!)
- if R.is_infinity() {return MPIN.INVALID_POINT}
-
- P=PAIR.G1mul(P,y);
- P.add(R);
- }
- g=PAIR.ate(Q,P);
- g=PAIR.fexp(g);
- g.toBytes(&F!);
- }
- return MPIN.BAD_PIN;
- }
-
- return 0
- }
- // Pollards kangaroos used to return PIN error
- static public func KANGAROO(_ E:[UInt8],_ F:[UInt8]) -> Int
- {
- let ge=FP12.fromBytes(E)
- let gf=FP12.fromBytes(F)
- var distance=[Int]();
- let t=FP12(gf);
- var table=[FP12]()
-
- var s:Int=1
- for _ in 0 ..< Int(TS)
- {
- distance.append(s)
- table.append(FP12(t))
- s*=2
- t.usqr()
-
- }
- t.one()
- var dn:Int=0
- for _ in 0 ..< TRAP
- {
- let i=Int(t.geta().geta().getA().lastbits(8))%TS
- t.mul(table[i])
- dn+=distance[i]
- }
- gf.copy(t); gf.conj()
- var steps=0; var dm:Int=0
- var res=0;
- while (dm-dn<Int(MAXPIN))
- {
- steps += 1;
- if steps>4*TRAP {break}
- let i=Int(ge.geta().geta().getA().lastbits(8))%TS
- ge.mul(table[i])
- dm+=distance[i]
- if (ge.equals(t))
- {
- res=dm-dn;
- break;
- }
- if (ge.equals(gf))
- {
- res=dn-dm
- break
- }
-
- }
- if steps>4*TRAP || dm-dn>=Int(MAXPIN) {res=0 } // Trap Failed - probable invalid token
- return res
- }
- // Functions to support M-Pin Full
-
- static public func PRECOMPUTE(_ TOKEN:[UInt8],_ CID:[UInt8],_ G1:inout [UInt8],_ G2:inout [UInt8]) -> Int
- {
- let T=ECP.fromBytes(TOKEN);
- if T.is_infinity() {return INVALID_POINT}
-
- let P=MPIN.mapit(CID)
-
- let Q=ECP2(FP2(BIG(ROM.CURVE_Pxa),BIG(ROM.CURVE_Pxb)),FP2(BIG(ROM.CURVE_Pya),BIG(ROM.CURVE_Pyb)))
-
- var g=PAIR.ate(Q,T)
- g=PAIR.fexp(g)
- g.toBytes(&G1)
-
- g=PAIR.ate(Q,P)
- g=PAIR.fexp(g)
- g.toBytes(&G2)
-
- return 0
- }
-
- static public func HASH_ALL(_ sha:Int,_ HID:[UInt8],_ xID:[UInt8]?,_ xCID:[UInt8]?,_ SEC:[UInt8],_ Y:[UInt8],_ R:[UInt8],_ W:[UInt8] ) -> [UInt8]
- {
- var T=[UInt8](repeating: 0,count: 10*EFS+4)
- var tlen=0
-
- for i in 0 ..< HID.count {T[i]=HID[i]}
- tlen+=HID.count
- if xCID != nil {
- for i in 0 ..< xCID!.count {T[i+tlen]=xCID![i]}
- tlen+=xCID!.count
- } else {
- for i in 0 ..< xID!.count {T[i+tlen]=xID![i]}
- tlen+=xID!.count
- }
- for i in 0 ..< SEC.count {T[i+tlen]=SEC[i]}
- tlen+=SEC.count;
- for i in 0 ..< Y.count {T[i+tlen]=Y[i]}
- tlen+=Y.count;
- for i in 0 ..< R.count {T[i+tlen]=R[i]}
- tlen+=R.count;
- for i in 0 ..< W.count {T[i+tlen]=W[i]}
- tlen+=W.count;
-
- return hashit(sha,0,T);
- }
-
- // calculate common key on client side
- // wCID = w.(A+AT)
- static public func CLIENT_KEY(_ sha:Int,_ G1:[UInt8],_ G2:[UInt8],_ pin:Int32,_ R:[UInt8],_ X:[UInt8],_ H:[UInt8],_ wCID:[UInt8],_ CK:inout [UInt8]) -> Int
- {
- let g1=FP12.fromBytes(G1)
- let g2=FP12.fromBytes(G2)
- let z=BIG.fromBytes(R)
- let x=BIG.fromBytes(X)
- let h=BIG.fromBytes(H)
-
- var W=ECP.fromBytes(wCID)
- if W.is_infinity() {return INVALID_POINT}
-
- W=PAIR.G1mul(W,x)
-
- let f=FP2(BIG(ROM.CURVE_Fra),BIG(ROM.CURVE_Frb))
- let r=BIG(ROM.CURVE_Order)
- let q=BIG(ROM.Modulus)
-
- z.add(h) // new
- z.mod(r)
-
- let m=BIG(q)
- m.mod(r)
-
- let a=BIG(z)
- a.mod(m)
-
- let b=BIG(z)
- b.div(m);
-
- g2.pinpow(pin,PBLEN);
- g1.mul(g2);
-
- var c=g1.trace()
- g2.copy(g1)
- g2.frob(f)
- let cp=g2.trace()
- g1.conj()
- g2.mul(g1)
- let cpm1=g2.trace()
- g2.mul(g1)
- let cpm2=g2.trace()
-
- c=c.xtr_pow2(cp,cpm1,cpm2,a,b)
-
- let t=mpin_hash(sha,c,W)
-
- for i in 0 ..< PAS {CK[i]=t[i]}
-
- return 0
- }
- // calculate common key on server side
- // Z=r.A - no time permits involved
-
- static public func SERVER_KEY(_ sha:Int,_ Z:[UInt8],_ SST:[UInt8],_ W:[UInt8],_ H:[UInt8],_ HID:[UInt8],_ xID:[UInt8],_ xCID:[UInt8]?,_ SK:inout [UInt8]) -> Int
- {
- // var t=[UInt8](count:EFS,repeatedValue:0)
-
- let sQ=ECP2.fromBytes(SST)
- if sQ.is_infinity() {return INVALID_POINT}
- let R=ECP.fromBytes(Z)
- if R.is_infinity() {return INVALID_POINT}
- var A=ECP.fromBytes(HID)
- if A.is_infinity() {return INVALID_POINT}
-
- var U:ECP
- if xCID != nil
- {U=ECP.fromBytes(xCID!)}
- else
- {U=ECP.fromBytes(xID)}
-
- if U.is_infinity() {return INVALID_POINT}
-
- let w=BIG.fromBytes(W)
- let h=BIG.fromBytes(H)
- A=PAIR.G1mul(A,h)
- R.add(A)
-
- U=PAIR.G1mul(U,w)
- var g=PAIR.ate(sQ,R)
- g=PAIR.fexp(g)
-
- let c=g.trace()
-
- let t=mpin_hash(sha,c,U)
-
- for i in 0 ..< PAS {SK[i]=t[i]}
-
- return 0
- }
-
- // return time since epoch
- static public func GET_TIME() -> Int32
- {
- let date=Date()
- return (Int32(date.timeIntervalSince1970))
- }
-
- // Generate Y = H(epoch, xCID/xID)
- static public func GET_Y(_ sha:Int,_ TimeValue:Int32,_ xCID:[UInt8],_ Y:inout [UInt8])
- {
- let h = MPIN.hashit(sha,TimeValue,xCID)
- let y = BIG.fromBytes(h)
- let q=BIG(ROM.CURVE_Order)
- y.mod(q)
- if ROM.AES_S>0
- {
- y.mod2m(2*ROM.AES_S)
- }
- y.toBytes(&Y)
- }
- // One pass MPIN Client
- static public func CLIENT(_ sha:Int,_ date:Int32,_ CLIENT_ID:[UInt8],_ RNG:RAND?,_ X:inout [UInt8],_ pin:Int32,_ TOKEN:[UInt8],_ SEC:inout [UInt8],_ xID:inout [UInt8]?,_ xCID:inout [UInt8]?,_ PERMIT:[UInt8],_ TimeValue:Int32,_ Y:inout [UInt8]) -> Int
- {
- var rtn=0
-
- rtn = MPIN.CLIENT_1(sha,date,CLIENT_ID,RNG,&X,pin,TOKEN,&SEC,&xID,&xCID,PERMIT)
-
- if rtn != 0 {return rtn}
-
- if date==0 {MPIN.GET_Y(sha,TimeValue,xID!,&Y)}
- else {MPIN.GET_Y(sha,TimeValue,xCID!,&Y)}
-
- rtn = MPIN.CLIENT_2(X,Y,&SEC)
- if (rtn != 0) {return rtn}
-
- return 0
- }
- // One pass MPIN Server
- static public func SERVER(_ sha:Int,_ date:Int32,_ HID:inout [UInt8],_ HTID:inout [UInt8]?,_ Y:inout [UInt8],_ SST:[UInt8],_ xID:[UInt8]?,_ xCID:[UInt8],_ SEC:[UInt8],_ E:inout [UInt8]?,_ F:inout [UInt8]?,_ CID:[UInt8],_ TimeValue:Int32) -> Int
- {
- var rtn=0
-
- var pID:[UInt8]
- if date == 0
- {pID = xID!}
- else
- {pID = xCID}
-
- SERVER_1(sha,date,CID,&HID,&HTID!);
-
- GET_Y(sha,TimeValue,pID,&Y);
-
- rtn = SERVER_2(date,HID,HTID!,Y,SST,xID,xCID,SEC,&E,&F);
- if rtn != 0 {return rtn}
-
- return 0
- }
-
- static public func printBinary(_ array: [UInt8])
- {
- for i in 0 ..< array.count
- {
- let h=String(format:"%02x",array[i])
- print("\(h)", terminator: "")
- }
- print(" ");
- }
-}
-
-
[06/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/testnhs.c
----------------------------------------------------------------------
diff --git a/version3/c/testnhs.c b/version3/c/testnhs.c
deleted file mode 100644
index dca7925..0000000
--- a/version3/c/testnhs.c
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* test driver and function exerciser for NewHope Functions */
-
-// See https://eprint.iacr.org/2016/1157 (Alkim, Ducas, Popplemann and Schwabe)
-
-/* gcc -O2 testnhs.c amcl.a -o testnhs.exe */
-
-#include <stdio.h>
-#include <time.h>
-#include "newhope.h"
-
-int main()
-{
- int i,ii,j,err;
- unsigned long ran;
- char raw[100];
- csprng SRNG,CRNG;
- RAND_clean(&SRNG); RAND_clean(&CRNG);
- char s[1792],sb[1824],uc[2176],keyA[32],keyB[32];
-
- octet S= {0,sizeof(s),s};
- octet SB= {0,sizeof(sb),sb};
- octet UC= {0,sizeof(uc),uc};
- octet KEYA={0,sizeof(keyA),keyA};
- octet KEYB={0,sizeof(keyB),keyB};
-
-// initialise random number generators
- time((time_t *)&ran);
-
- raw[0]=ran;
- raw[1]=ran>>8;
- raw[2]=ran>>16;
- raw[3]=ran>>24;
-
- for (i=4;i<100;i++) raw[i]=i+1;
- RAND_seed(&SRNG,100,raw);
- for (i=4;i<100;i++) raw[i]=i+2;
- RAND_seed(&CRNG,100,raw);
-// NewHope Simple key exchange
-
- NHS_SERVER_1(&SRNG,&SB,&S);
- NHS_CLIENT(&CRNG,&SB,&UC,&KEYB);
- NHS_SERVER_2(&S,&UC,&KEYA);
-
- printf("Alice key= 0x");
- OCT_output(&KEYA);
- printf("Bob's key= 0x");
- OCT_output(&KEYB);
-
- return 0;
-}
-
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/x509.c
----------------------------------------------------------------------
diff --git a/version3/c/x509.c b/version3/c/x509.c
deleted file mode 100644
index 84f6c53..0000000
--- a/version3/c/x509.c
+++ /dev/null
@@ -1,1097 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL X.509 Functions */
-
-// To run test program, define HAS_MAIN
-// gcc -std=c99 x509.c amcl.a -o x509.exe
-
-//#define HAS_MAIN
-
-#include <stdio.h>
-#include "amcl.h" // for octet support only
-#include "x509.h"
-
-// ASN.1 tags
-
-#define ANY 0x00
-#define SEQ 0x30
-#define OID 0x06
-#define INT 0x02
-#define NUL 0x05
-#define ZER 0x00
-#define UTF 0x0C
-#define UTC 0x17
-#define LOG 0x01
-#define BIT 0x03
-#define OCT 0x04
-#define STR 0x13
-#define SET 0x31
-#define IA5 0x16
-
-// Supported Encryption Methods
-
-#define ECC 1
-#define RSA 2
-
-// Supported Hash functions
-
-#define H256 2
-#define H384 3
-#define H512 4
-
-// Supported Curves
-
-#define NIST256 0 /**< For the NIST 256-bit standard curve - WEIERSTRASS only */
-#define C25519 1 /**< Bernstein's Modulus 2^255-19 - EDWARDS or MONTGOMERY only */
-#define BRAINPOOL 2 /**< For Brainpool 256-bit curve - WEIERSTRASS only */
-#define ANSSI 3 /**< For French 256-bit standard curve - WEIERSTRASS only */
-#define NIST384 10 /**< For the NIST 384-bit standard curve - WEIERSTRASS only */
-#define NIST521 12 /**< For the NIST 521-bit standard curve - WEIERSTRASS only */
-
-
-// Define some OIDs
-
-// Elliptic Curve with SHA256
-static unsigned char eccsha256[8]= {0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,0x02};
-static octet ECCSHA256= {8,sizeof(eccsha256),(char *)eccsha256};
-
-// Elliptic Curve with SHA384
-static unsigned char eccsha384[8]= {0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,0x03};
-static octet ECCSHA384= {8,sizeof(eccsha384),(char *)eccsha384};
-
-// Elliptic Curve with SHA512
-static unsigned char eccsha512[8]= {0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,0x04};
-static octet ECCSHA512= {8,sizeof(eccsha512),(char *)eccsha512};
-
-// EC Public Key
-static unsigned char ecpk[7]= {0x2a,0x86,0x48,0xce,0x3d,0x02,0x01};
-static octet ECPK= {7,sizeof(ecpk),(char *)ecpk};
-
-// C25519 curve
-static unsigned char prime25519[9]= {0x2B,0x06,0x01,0x04,0x01,0xDA,0x47,0x0F,0x01}; /*****/
-static octet PRIME25519= {9,sizeof(prime25519),(char *)prime25519};
-
-// NIST256 curve
-static unsigned char prime256v1[8]= {0x2a,0x86,0x48,0xce,0x3d,0x03,0x01,0x07};
-static octet PRIME256V1= {8,sizeof(prime256v1),(char *)prime256v1};
-
-// NIST384 curve
-static unsigned char secp384r1[5]= {0x2B,0x81,0x04,0x00,0x22};
-static octet SECP384R1= {5,sizeof(secp384r1),(char *)secp384r1};
-
-// NIST521 curve
-static unsigned char secp521r1[5]= {0x2B,0x81,0x04,0x00,0x23};
-static octet SECP521R1= {5,sizeof(secp521r1),(char *)secp521r1};
-
-// RSA Public Key
-static unsigned char rsapk[9]= {0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01};
-static octet RSAPK= {9,sizeof(rsapk),(char *)rsapk};
-
-// RSA with SHA256
-static unsigned char rsasha256[9]= {0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0b};
-static octet RSASHA256= {9,sizeof(rsasha256),(char *)rsasha256};
-
-// RSA with SHA384
-static unsigned char rsasha384[9]= {0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0c};
-static octet RSASHA384= {9,sizeof(rsasha384),(char *)rsasha384};
-
-// RSA with SHA512
-static unsigned char rsasha512[9]= {0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0d};
-static octet RSASHA512= {9,sizeof(rsasha512),(char *)rsasha512};
-
-#ifdef HAS_MAIN
-// countryName
-static unsigned char cn[3]= {0x55,0x04,0x06};
-static octet CN= {3,sizeof(cn),(char *)cn};
-
-// stateName
-// static char sn[3]= {0x55,0x04,0x08};
-// static octet SN= {3,sizeof(sn),sn};
-
-// localName
-// static char ln[3]= {0x55,0x04,0x07};
-// static octet LN= {3,sizeof(ln),ln};
-
-// orgName
-static unsigned char on[3]= {0x55,0x04,0x0A};
-static octet ON= {3,sizeof(on),(char *)on};
-
-// unitName
-// static char un[3]= {0x55,0x04,0x0B};
-// static octet UN= {3,sizeof(un),un};
-
-// myName
-// static char mn[3]= {0x55,0x04,0x03};
-// static octet MN= {3,sizeof(mn),mn};
-
-// emailName
-static unsigned char en[9]= {0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x01};
-static octet EN= {9,sizeof(en),(char *)en};
-#endif // HAS_MAIN
-
-/* Check expected TAG and return ASN.1 field length. If tag=0 skip check. */
-static int getalen(int tag,char *b,int j)
-{
- int len;
-
- if (tag!=0 && (unsigned char)b[j]!=tag) return -1; // not a valid tag
- j++;
-
- if ((unsigned char)b[j]==0x81)
- {
- j++;
- len=(unsigned char)b[j];
- }
- else if ((unsigned char)b[j]==0x82)
- {
- j++;
- len=256*b[j++];
- len+=(unsigned char)b[j];
- }
- else
- {
- len=(unsigned char)b[j];
- if (len>127) return -1;
- }
- return len;
-}
-
-/* jump over length field */
-static int skip(int len)
-{
- if (len<128) return 2;
- if (len>=128 && len<256) return 3;
- return 4;
-}
-
-/* round length up to nearest 8-byte length */
-static int bround(int len)
-{
- if (len%8==0) return len;
- return len+(8-len%8);
-
-}
-
-// Input signed cert as octet, and extract signature
-// Return 0 for failure, ECC for Elliptic Curve signature, RSA for RSA signature
-// Note that signature type is not provided here - its the type of the public key that
-// is used to verify it that matters, and which determines for example the curve to be used!
-
-pktype X509_extract_cert_sig(octet *sc,octet *sig)
-{
- int i,j,k,fin,len,rlen,sj,ex;
- char soid[9];
- octet SOID= {0,sizeof(soid),soid};
- pktype ret;
-
- ret.type=0;
- ret.hash=0;
-
- j=0;
-
- len=getalen(SEQ,sc->val,j); // Check for expected SEQ clause, and get length
- if (len<0) return ret; // if not a SEQ clause, there is a problem, exit
- j+=skip(len); // skip over length to clause contents. Add len to skip clause
-
- if (len+j!=sc->len) return ret;
-
- len=getalen(SEQ,sc->val,j);
- if (len<0) return ret;
- j+=skip(len)+len; // jump over cert to signature OID
-
- len=getalen(SEQ,sc->val,j);
- if (len<0) return ret;
- j+=skip(len);
-
- sj=j+len; // Needed to jump over signature OID
-
-// dive in to extract OID
- len=getalen(OID,sc->val,j);
- if (len<0) return ret;
- j+=skip(len);
-
- fin=j+len;
- SOID.len=len;
- for (i=0; j<fin; j++)
- SOID.val[i++]= sc->val[j];
-
- // check OID here..
-
- if (OCT_comp(&ECCSHA256,&SOID))
- {
- ret.type=ECC;
- ret.hash=H256;
- }
- if (OCT_comp(&ECCSHA384,&SOID))
- {
- ret.type=ECC;
- ret.hash=H384;
- }
- if (OCT_comp(&ECCSHA512,&SOID))
- {
- ret.type=ECC;
- ret.hash=H512;
- }
- if (OCT_comp(&RSASHA256,&SOID))
- {
- ret.type=RSA;
- ret.hash=H256;
- }
- if (OCT_comp(&RSASHA384,&SOID))
- {
- ret.type=RSA;
- ret.hash=H384;
- }
- if (OCT_comp(&RSASHA512,&SOID))
- {
- ret.type=RSA;
- ret.hash=H512;
- }
-
- if (ret.type==0) return ret; // unsupported type
-
- j=sj; // jump out to signature
-
- len=getalen(BIT,sc->val,j);
- if (len<0)
- {
- ret.type=0;
- return ret;
- }
- j+=skip(len);
- j++;
- len--; // skip bit shift (hopefully 0!)
-
- if (ret.type==ECC)
- {
- // signature in the form (r,s)
- len=getalen(SEQ,sc->val,j);
- if (len<0)
- {
- ret.type=0;
- return ret;
- }
- j+=skip(len);
-
- // pick up r part of signature
- len=getalen(INT,sc->val,j);
- if (len<0)
- {
- ret.type=0;
- return ret;
- }
- j+=skip(len);
-
- if (sc->val[j]==0)
- {
- // skip leading zero
- j++;
- len--;
- }
- rlen=bround(len);
-
- ex=rlen-len;
- sig->len=2*rlen;
-
- i=0;
- for (k=0; k<ex; k++)
- sig->val[i++]=0;
-
- fin=j+len;
- for (; j<fin; j++)
- sig->val[i++]= sc->val[j];
-
- // pick up s part of signature
- len=getalen(INT,sc->val,j);
- if (len<0)
- {
- ret.type=0;
- return ret;
- }
- j+=skip(len);
-
- if (sc->val[j]==0)
- {
- // skip leading zeros
- j++;
- len--;
- }
- rlen=bround(len);
- ex=rlen-len;
- for (k=0; k<ex; k++)
- sig->val[i++]=0;
-
- fin=j+len;
- for (; j<fin; j++)
- sig->val[i++]= sc->val[j];
-
- }
- if (ret.type==RSA)
- {
- rlen=bround(len);
- ex=rlen-len;
-
- sig->len=rlen;
- i=0;
- for (k=0; k<ex; k++)
- sig->val[i++]=0;
-
- fin=j+len;
- for (; j<fin; j++)
- sig->val[i++]= sc->val[j];
-
- }
- if (ret.hash==H256) ret.curve=NIST256;
- if (ret.hash==H384) ret.curve=NIST384;
- if (ret.hash==H512) ret.curve=NIST521;
-
- return ret;
-}
-
-// Extract certificate from signed cert
-int X509_extract_cert(octet *sc,octet *cert)
-{
- int i,j,fin,len,k;
-
- j=0;
- len=getalen(SEQ,sc->val,j);
-
- if (len<0) return 0;
- j+=skip(len);
-
- k=j;
-
- len=getalen(SEQ,sc->val,j);
- if (len<0) return 0;
- j+=skip(len);
-
- fin=j+len;
- cert->len=fin-k;
- for (i=k; i<fin; i++) cert->val[i-k]=sc->val[i];
-
- return 1;
-}
-
-// Extract Public Key from inside Certificate
-pktype X509_extract_public_key(octet *c,octet *key)
-{
- int i,j,fin,len,sj;
- char koid[12]; /*****/
- octet KOID= {0,sizeof(koid),koid};
- pktype ret;
-
- ret.type=ret.hash=0;
- ret.curve=-1;
-
- j=0;
-
- len=getalen(SEQ,c->val,j);
- if (len<0) return ret;
- j+=skip(len);
-
- if (len+j!=c->len) return ret;
-
- len=getalen(0,c->val,j);
- if (len<0) return ret;
- j+=skip(len)+len; //jump over version clause
-
- len=getalen(INT,c->val,j);
-
- if (len>0) j+=skip(len)+len; // jump over serial number clause (if there is one)
-
- len=getalen(SEQ,c->val,j);
- if (len<0) return ret;
- j+=skip(len)+len; // jump over signature algorithm
-
- len=getalen(SEQ,c->val,j);
- if (len<0) return ret;
- j+=skip(len)+len; // skip issuer
-
- len=getalen(SEQ,c->val,j);
- if (len<0) return ret;
- j+=skip(len)+len; // skip validity
-
- len=getalen(SEQ,c->val,j);
- if (len<0) return ret;
- j+=skip(len)+len; // skip subject
-
- len=getalen(SEQ,c->val,j);
- if (len<0) return ret;
- j+=skip(len); //
-
- len=getalen(SEQ,c->val,j);
- if (len<0) return ret;
- j+=skip(len);
-
-// ** Maybe dive in and check Public Key OIDs here?
-// ecpublicKey & prime256v1, secp384r1 or secp521r1 for ECC
-// rsapublicKey for RSA
-
- sj=j+len;
-
- len=getalen(OID,c->val,j);
- if (len<0) return ret;
- j+=skip(len);
-
- fin=j+len;
- KOID.len=len;
- for (i=0; j<fin; j++)
- KOID.val[i++]= c->val[j];
-
- ret.type=0;
- if (OCT_comp(&ECPK,&KOID)) ret.type=ECC;
- if (OCT_comp(&RSAPK,&KOID)) ret.type=RSA;
-
- if (ret.type==0) return ret;
-
- if (ret.type==ECC)
- {
- // which elliptic curve?
- len=getalen(OID,c->val,j);
- if (len<0)
- {
- ret.type=0;
- return ret;
- }
- j+=skip(len);
-
- fin=j+len;
- KOID.len=len;
- for (i=0; j<fin; j++)
- KOID.val[i++]= c->val[j];
-
- if (OCT_comp(&PRIME25519,&KOID)) ret.curve=C25519; /*****/
- if (OCT_comp(&PRIME256V1,&KOID)) ret.curve=NIST256;
- if (OCT_comp(&SECP384R1,&KOID)) ret.curve=NIST384;
- if (OCT_comp(&SECP521R1,&KOID)) ret.curve=NIST521;
- }
-
- j=sj; // skip to actual Public Key
-
- len=getalen(BIT,c->val,j);
- if (len<0)
- {
- ret.type=0;
- return ret;
- }
- j+=skip(len); //
- j++;
- len--; // skip bit shift (hopefully 0!)
-
-// extract key
- if (ret.type==ECC)
- {
- key->len=len;
- fin=j+len;
- for (i=0; j<fin; j++)
- key->val[i++]= c->val[j];
-
- }
- if (ret.type==RSA)
- {
- // Key is (modulus,exponent) - assume exponent is 65537
- len=getalen(SEQ,c->val,j);
- if (len<0)
- {
- ret.type=0;
- return ret;
- }
- j+=skip(len); //
-
- len=getalen(INT,c->val,j); // get modulus
- if (len<0)
- {
- ret.type=0;
- return ret;
- }
- j+=skip(len); //
- if (c->val[j]==0)
- {
- j++;
- len--; // remove leading zero
- }
-
- key->len=len;
- fin=j+len;
- for (i=0; j<fin; j++)
- key->val[i++]= c->val[j];
-
- ret.curve=8*len;
- }
- return ret;
-}
-
-// Find pointer to main sections of cert, before extracting individual field
-// Find index to issuer in cert
-int X509_find_issuer(octet *c)
-{
- int j,len;
- j=0;
- len=getalen(SEQ,c->val,j);
- if (len<0) return 0;
- j+=skip(len);
-
- if (len+j!=c->len) return 0;
-
- len=getalen(0,c->val,j);
- if (len<0) return 0;
- j+=skip(len)+len; //jump over version clause
-
- len=getalen(INT,c->val,j);
-
- if (len>0) j+=skip(len)+len; // jump over serial number clause (if there is one)
-
- len=getalen(SEQ,c->val,j);
- if (len<0) return 0;
- j+=skip(len)+len; // jump over signature algorithm
-
- return j;
-}
-
-// Find index to validity period
-int X509_find_validity(octet *c)
-{
- int j,len;
- j=X509_find_issuer(c);
-
- len=getalen(SEQ,c->val,j);
- if (len<0) return 0;
- j+=skip(len)+len; // skip issuer
-
- return j;
-}
-
-// Find index to subject in cert
-int X509_find_subject(octet *c)
-{
- int j,len;
- j=X509_find_validity(c);
-
- len=getalen(SEQ,c->val,j);
- if (len<0) return 0;
- j+=skip(len)+len; // skip validity
-
- return j;
-}
-
-// NOTE: When extracting cert information, we actually return just an index to the data inside the cert, and maybe its length
-// So no memory is assigned to store cert info. It is the callers responsibility to allocate such memory if required, and copy
-// cert information into it.
-
-// Find entity property indicated by SOID, given start of issuer or subject field. Return index in cert, flen=length of field
-
-int X509_find_entity_property(octet *c,octet *SOID,int start,int *flen)
-{
- int i,j,k,fin,len,tlen;
- char foid[50]; /*****/
- octet FOID= {0,sizeof(foid),foid};
-
- j=start;
-
- tlen=getalen(SEQ,c->val,j);
- if (tlen<0) return 0;
- j+=skip(tlen);
-
- for (k=j; j<k+tlen;)
- {
- // search for Owner OID
- len=getalen(SET,c->val,j);
- if (len<0) return 0;
- j+=skip(len);
- len=getalen(SEQ,c->val,j);
- if (len<0) return 0;
- j+=skip(len);
- len=getalen(OID,c->val,j);
- if (len<0) return 0;
- j+=skip(len);
- fin=j+len; // extract OID
- FOID.len=len;
- for (i=0; j<fin; j++)
- FOID.val[i++]= c->val[j];
- len=getalen(ANY,c->val,j); // get text, could be any type
- if (len<0) return 0;
-
- j+=skip(len);
- if (OCT_comp(&FOID,SOID))
- {
- // if its the right one return
- *flen=len;
- return j;
- }
- j+=len; // skip over it
- }
- *flen=0; /*****/
- return 0;
-}
-
-// Find start date of certificate validity period
-int X509_find_start_date(octet *c,int start)
-{
- int j,len;
- j=start;
-
- len=getalen(SEQ,c->val,j);
- if (len<0) return 0;
- j+=skip(len);
-
- len=getalen(UTC,c->val,j);
- if (len<0) return 0;
- j+=skip(len);
- return j;
-}
-
-// Find expiry date of certificate validity period
-int X509_find_expiry_date(octet *c,int start)
-{
- int j,len;
- j=start;
-
- len=getalen(SEQ,c->val,j);
- if (len<0) return 0;
- j+=skip(len);
-
- len=getalen(UTC,c->val,j);
- if (len<0) return 0;
- j+=skip(len)+len;
-
- len=getalen(UTC,c->val,j);
- if (len<0) return 0;
- j+=skip(len);
-
- return j;
-}
-
-void print_out(char *des,octet *c,int index,int len)
-{
- int i;
- printf("%s [",des);
- for (i=0; i<len; i++)
- printf("%c",c->val[index+i]);
- printf("]\n");
-}
-
-void print_date(char *des,octet *c,int index)
-{
- int i=index;
- printf("%s [",des);
- if (i==0) printf("]\n");
- else printf("20%c%c-%c%c-%c%c %c%c:%c%c:%c%c]\n",c->val[i],c->val[i+1],c->val[i+2],c->val[i+3],c->val[i+4],c->val[i+5],c->val[i+6],c->val[i+7],c->val[i+8],c->val[i+9],c->val[i+10],c->val[i+11]);
-}
-
-
-#ifdef HAS_MAIN
-
-/* This simple driver program is hard-wired to support just one elliptic curve and one
- RSA bit length. To change replace the text string NIST256 in the main program to
- another curve and 2048 to some other value, where the curve and the RSA bit length
- are suppported by the library. Of course a more elaborate program could support
- muliple curves simultaneously */
-
-#define CHOICE NIST256
-
-
-
-/* test driver program */
-// Sample Certs. Uncomment one CA cert and one example cert. Note that AMCL library must be built to support given curve.
-// Sample Certs all created using OpenSSL - see http://blog.didierstevens.com/2008/12/30/howto-make-your-own-cert-with-openssl/
-// Note - SSL currently only supports NIST curves. Howevever version 1.1.0 of OpenSSL now supports C25519
-
-#if CHOICE==NIST256
-
-#include "ecdh_NIST256.h"
-#include "rsa_2048.h"
-
-// ** CA is RSA 2048-bit based - for use with NIST256 build of library - assumes use of SHA256 in Certs
-// RSA 2048 Self-Signed CA cert
-char ca_b64[]="MIIDuzCCAqOgAwIBAgIJAP44jcM1MOROMA0GCSqGSIb3DQEBCwUAMHQxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEfMB0GCSqGSIb3DQEJARYQbXNjb3R0QGluZGlnby5pZTAeFw0xNTExMjYwOTUwMzlaFw0yMDExMjUwOTUwMzlaMHQxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEfMB0GCSqGSIb3DQEJARYQbXNjb3R0QGluZGlnby5pZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANUs7/nri9J8zw8rW8JVszXP0ZqeLoQJaq2X28ebm8x5VT3okr9rnBjFjpx0YKQCAFQf8iSOOYuNpDvtZ/YpsjPbk2rg5sLY9G0eUMqrTuZ7moPSxnrXS5evizjD9Z9HqaqeNEYD3sPouPg+lhU1oAUQjUTJVFhEr1x0EnSEYbbrWtY9ZDSuZv+d4NIeqqPOYFd1yZc+LYZyQbAAQqwRLNPZH/rnIykLa6I7w7mGT7H6SBz2O09BtgpTHhalL40ecXa4ZOEze0xwzlc+mEFIrnmdadg3vQrJt42RVbo3LN6RfDIqUZOMOtQW/53pUR1lIpCwVWJTiOpmSEIEqhhjFq0CAwEAAaNQME4wHQYDVR0OBBYEFJrz6LHeT6FcjRahpUC3hAMxKRTCMB8GA1UdIwQYMBaAFJrz6LHeT6FcjRahpUC3hAMxKRTCMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADqkqCYVa3X8XO9Ufu6XIUoZafFPRjSeJXvEIWqlbm7ixJ
Z2FPOvf2eMc5RCZYigNKhsxru5Ojw0lPcpa8DDmEsdZDf7p0vlmf7T7xH9gtoInh4DzgI8HRHFc8R/z2/jLX7nlLoopKX5yp7F1gRACg0pd4tGpQ6EnBNcYZZghFH9UIRDmx+vDlwDCu8vyRPt35orrEiI4XGq/QkvxxAb5YWxQ4i06064ULfyCI7suu3KoobdM1aAaA8zhpOOBXKbq+Wi9IGFe/wiEMHLmfHdt9CBTjIWb//IHji4RT05kCmTVrx97pb7EHafuL3L10mM5cpTyBWKnb4kMFtx9yw+S2U=";
-// an RSA 2048 CA-signed cert
-//char cert_b64[]="MIIDcjCCAloCAQEwDQYJKoZIhvcNAQELBQAwdDELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMR8wHQYJKoZIhvcNAQkBFhBtc2NvdHRAaW5kaWdvLmllMB4XDTE1MTEyNjEwMzQzMFoXDTE3MTEyNTEwMzQzMFowgYkxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xETAPBgNVBAoMCENlcnRpVm94MQ0wCwYDVQQLDARMYWJzMQ0wCwYDVQQDDARNSUtFMSYwJAYJKoZIhvcNAQkBFhdtaWtlLnNjb3R0QGNlcnRpdm94LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIoxaQHFQzfyNChrw+3i7FjRFMHZ4zspkjkAcJW21LdBCqrxU+sdjyBoSFlrlafQOHshbrEP93AKX1bfaYbuV4fzq7OlRaLxaK+b+xrOJdewMI2WZ5OwEzj3onZATISogIoB6dTdzJ41NuxuMqQ/DqOnVrRA0SoIespbQhB8FGHBLw0hJATBzUk+bqOIt0HmnMp2EbYgtuG4lYINU/lD3Qt16SunUukWRLtxqJkioie+dkhP2zm+bOlSVmeQb4Wp8AI14OKkTfkdYC8qCxb5eabg90Q33rQUhNwRQHhHwopZwD/BgodasoSrPfwUlj0awh6y87eMGcik5Q/mjkCk5MCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAFrd7R/67ClkbLhpiX++6QTOa47siUAB9v+Qil9hZfhPNeeM589ixYkD4zH5pOK2B0ea+CXEKkanQ6lXx9KV86yS7fq6Yww7wO0diecusHd0+P82i46Tq0nm8nlsnAuhYoFRUGa2m2D
kB1HSsB0ts8DjzFLySonFjSSLHDU0ox9/uFbJMzipy3ijAA4XM0N4jRrUfrmxpA7DOOsbEbGkvvB7VK9+s9PHE/4dJTwhSteplUnhxVFkkDo/JwaLx4/IEQRlCF3KEQ5s3AwRHnbrIjOY2yONxHBtJEp7QN5aOHruwvMNRNheCBPiQJyLitUsFGr4voANmobkrFgYtu0tRMQ==";
-// an ECC 256 CA-signed cert
-char cert_b64[]="MIICojCCAYoCAQMwDQYJKoZIhvcNAQELBQAwdDELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMR8wHQYJKoZIhvcNAQkBFhBtc2NvdHRAaW5kaWdvLmllMB4XDTE1MTEyNjEzNDcyOVoXDTE3MTEyNTEzNDcyOVowgYQxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xETAPBgNVBAoMCENlcnRpdm94MQ0wCwYDVQQLDARMYWJzMQ8wDQYDVQQDDAZtc2NvdHQxHzAdBgkqhkiG9w0BCQEWEG1zY290dEBpbmRpZ28uaWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATO2iZiQZsXxzwBKnufKfZcsctNXZ4PmfJm638PmX9DQ3Xdb+nD5VxiOakNcB9xf5im8CriiOF5Z/7yPGyzUMbdMA0GCSqGSIb3DQEBCwUAA4IBAQAK5fMgGCCiPts8hMUZvYDpu8hd7qtPKPBc10QUccHb7PGrhqf/Ex2Gpj1aaURmx7SGZG0HX97LtkdW8KQpEoyaa60r7cjVA589TznxXKSGg5ggVoFJNpuZUm7VcolLjwIgTxtGbPzrvVMiZ4cl4PwFePXVKTl4f8XkOFX5gLmVSuCf729lEBmpx3IzqGmTjmnBixaApUElOKVeL7hiUKP3TqMUxZN+QNJBq4Mh9K9h4Sks2oneLwBwhMqQvpmcOb/7SucJn5N0IgJoGaMbfX0oCJJID1NSbagUSbFD1XciR2Ng9VtvnRP+htmEQ7jtww8phFdrWt5M5zPGOHUppqDx";
-
-// ** CA is ECC 256 based - for use with NIST256 build of library
-// ECC 256 Self-Signed CA cert
-//char ca_b64[]="MIIB7TCCAZOgAwIBAgIJANp4nGS/VYj2MAoGCCqGSM49BAMCMFMxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0xNTExMjYxMzI0MTBaFw0yMDExMjUxMzI0MTBaMFMxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPb6IjYNKyfbEtL1aafzW1jrn6ALn3PnGm7AyX+pcvwG0GKmb3Z/uHzhT4GysNE0/GB1n4Y/mrORQIm2X98rRs6jUDBOMB0GA1UdDgQWBBSfXUNkgJVklIhuXq4DCnVYhsdzwDAfBgNVHSMEGDAWgBSfXUNkgJVklIhuXq4DCnVYhsdzwDAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0gAMEUCIQDrZJ1tshwTl/jabU2i49EOgbWe0ZgE3QZywJclf5IVwwIgVmz79AAf7e098lyrOKYAqbwjHVyMZGfmkNNGIuIhp/Q=";
-// an ECC 256 CA-signed cert
-//char cert_b64[]="MIIBvjCCAWQCAQEwCgYIKoZIzj0EAwIwUzELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMB4XDTE1MTEyNjEzMjc1N1oXDTE3MTEyNTEzMjc1N1owgYIxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xETAPBgNVBAoMCENlcnRpdm94MQ0wCwYDVQQLDARMYWJzMQ0wCwYDVQQDDARtaWtlMR8wHQYJKoZIhvcNAQkBFhBtc2NvdHRAaW5kaWdvLmllMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEY42H52TfWMLueKB1o2Sq8uKaKErbHJ2GRAxrnJdNxex0hxZF5FUx7664BbPUolKhpvKTnJxDq5/gMqXzpKgR6DAKBggqhkjOPQQDAgNIADBFAiEA0ew08Xg32g7BwheslVKwXo9XRRx4kygYha1+cn0tvaUCIEKCEwnosZlAckjcZt8aHN5zslE9K9Y7XxTErTstthKc";
-// an RSA 2048 CA-signed cert
-//char cert_b64[]="MIICiDCCAi4CAQIwCgYIKoZIzj0EAwIwUzELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMB4XDTE1MTEyNjEzMzcwNVoXDTE3MTEyNTEzMzcwNVowgYExCzAJBgNVBAYTAklFMQ8wDQYDVQQIDAZJZWxhbmQxDzANBgNVBAcMBkR1YmxpbjERMA8GA1UECgwIQ2VydGl2b3gxDTALBgNVBAsMBExhYnMxDTALBgNVBAMMBE1pa2UxHzAdBgkqhkiG9w0BCQEWEG1zY290dEBpbmRpZ28uaWUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjPBVwmPg8Gwx0+8xekmomptA0BDwS7NUfBetqDqNMNyji0bSe8LAfpciU7NW/HWfUE1lndCqSDDwnMJmwC5e3GAl/Bus+a+z8ruEhWGbn95xrHXFkOawbRlXuS7UcEQCvPr8KQHhNsg4cyV7Hn527CPUl27n+WN8/pANo01cTN/dQaK87naU0Mid09vktlMKSN0zyJOnc5CsaTLs+vCRKJ9sUL3d4IQIA2y7gvrTe+iY/QI26nqhGpNWYyFkAdy9PdHUEnDI6JsfF7jFh37yG7XEgDDA3asp/oi1T1+ZoASj2boL++opdqCzDndeWwzDWAWuvJ9wULd80ti6x737ZAgMBAAEwCgYIKoZIzj0EAwIDSAAwRQIgCDwgl98+9moBo+etaLt8MvB/z5Ti6i9neRTZkvoFl7YCIQDq//M3OB757fepErRzIQo3aFAFYjOooi6WdSqP3XqGIg==";
-
-#endif
-
-#if CHOICE==NIST384
-
-#include "ecdh_NIST384.h"
-#include "rsa_3072.h"
-
-// ** CA is RSA 3072-bit based - for use with NIST384 build of library - assumes use of SHA384 in Certs
-// RSA 3072 Self-Signed CA cert
-char ca_b64[]="MIIElzCCAv+gAwIBAgIJAJA+8OyEeK4FMA0GCSqGSIb3DQEBDAUAMGIxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDENMAsGA1UEAwwETWlrZTAeFw0xNTExMjYxNDQ0MDBaFw0yMDExMjUxNDQ0MDBaMGIxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDENMAsGA1UEAwwETWlrZTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANvNO8ahsanxzqwkp3A3bujwObJoP3xpOiAAxwGbW867wx4EqBjPRZP+Wcm9Du6e4Fx9U7tHrOLocIUUBcRrmxUJ7Z375hX0cV9yuoYPNv0o2klJhB8+i4YXddkOrSmDLV4r46Ytt1/gjImziat6ZJALdd/uIuhaXwjzy1fFqSEBpkzhrFwFP9MG+5CgbRQed+YxZ10l/rjk+h3LKq9UFsxRCMPYhBFgmEKAVTMnbTfNNxawTRCKtK7nxxruGvAEM+k0ge5rvybERQ0NxtizefBSsB3Q6QVZOsRJiyC0HQhE6ZBHn4h3A5nHUZwPeh71KShw3uMPPB3Kp1pb/1Euq8azyXSshEMPivvgcGJSlm2b/xqsyrT1tie82MqB0APYAtbx3i5q8p+rD143NiNO8fzCq/J+EV82rVyvqDxf7AaTdJqDbZmnFRbIcrLcQdigWZdSjc+WxrCeOtebRmRknuUmetsCUPVzGv71PLMUNQ2qEiq8KGWmnMBJYVMl96bPxwIDAQABo1AwTjAdBgNVHQ4EFgQUsSjrHeZ5TNI2tMcQd6wUnFpU8DcwHwYDVR0jBB
gwFoAUsSjrHeZ5TNI2tMcQd6wUnFpU8DcwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQwFAAOCAYEADlnC1gYIHpVf4uSuBpYNHMO324hhGajHNraHYQAoYc0bW4OcKi0732ib5CHDrV3LCxjxF4lxZVo61gatg5LnfJYldXc0vP0GQRcaqC6lXlLb8ZJ0O3oPgZkAqpzc+AQxYW1wFxbzX8EJU0stSwAuxkgs9bwg8tTxIhDutrcjQl3osnAqGDyM+7VAG5QLRMzxiZumyD7s/xBUOa+L6OKXf4QRr/SH/rPU8H+ENaNkv4PApSVzCgTBPOFBIzqEuO4hcQI0laUopsp2kK1w6wYB5oY/rR/O6lNNfB2WEtfdIhdbQru4cUE3boKerM8Mjd21RuerAuK4X8cbDudHIFsaopGSNuzZwPo/bu0OsmZkORxvdjahHJ0G3/6jM6nEDoIy6mXUCGOUOMhGQKCa8TYlZdPKz29QIxk6HA1wCA38MxUo/29Z7oYw27Mx3x8Gcr+UA4vc+oBN3IEzRmhRZKAYQ10MhYPx3NmYGZBDqHvT06oG5hysTCtlVzx0Tm+o01JQ";
-// an RSA 3072 CA-signed cert
-//char cert_b64[]="MIIEWzCCAsMCAQYwDQYJKoZIhvcNAQEMBQAwYjELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ0wCwYDVQQDDARNaWtlMB4XDTE1MTEyNjE0NDY0MloXDTE3MTEyNTE0NDY0MlowgYQxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xETAPBgNVBAoMCENlcnRpdm94MQ0wCwYDVQQLDARMYWJzMQ8wDQYDVQQDDAZtc2NvdHQxHzAdBgkqhkiG9w0BCQEWEG1zY290dEBpbmRpZ28uaWUwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQC6SrDiE4BpTEks1YpX209q8iH0dfvhGO8hi1rGYFYnz+eeiOvPdXiCdIPVPbGwxQGMEnZQV1X0KupYJw3LR2EsXhN4LZBxnQZmDvUXsTU+Ft/CKZUxVoXpNMxzwl70RC6XeUpPxvdPXa78AnfLL/DsOKsxCfNaKYZZ6G53L6Y69+HrCbyM7g2KrZ9/K/FXS1veMpRj9EbA6Mcdv1TUDNK2fTDV952AQO3kC3+PqywdVgPvntraAoQomrni+tcFW7UXe2Sk7DRcF/acBSuo2UtP3m9UWNL+8HOXvtRqmhns55Vj4DxKuPln759UBS7WZ11apCvC3BvCHR/k3WRf9PQWnW2cmT73/kEShvTRi8h7F9RWvYTEF1MuwSVy+l51q8O3rJU4XxnLm/YbtIGXZUf5Rqb0985zQkA+6rip/OSc8X5a3OV3kp38U7tXJ5sqBMg9RdIIz42cmiRLG5NYSj0/T6zjYEdwj3SYEBoPN/7UGSmhu8fdxS7JYPNpOsgeiu8CAwEAATANBgkqhkiG9w0BAQwFAAOCAY
EAyxxEg0hWLFuN2fiukX6vqzSDx5Ac8w1JI4W/bamRd7iDZfHQYqyPDZi9s07I2PcGbByj2oqoyGiIEBLbsljdIEF4D229h2kisn1gA9O+0IM44EgjhBTUoNDgC+SbfJrXlU2GZ1XI3OWjbK7+1wiv0NaBShbbiPgSdjQBP8S+9W7lyyIrZEM1J7maBdepie1BS//DUDmpQzEi0UlB1J+HmQpyZsnT97J9uIPKsK4t2/+iOiknl6iS4GzAQKMLqj2yIBRf/O44ZZ6UZIKLtI4PCVS/8H5Lrg3AC0kr4ZkPAXzefUiTwyLVkqYSxSSTvtb3BpgOxIbmA6juFid0rvUyjN4fuDQkxl3PZyQwIHjpz33HyKrmo4BZ8Dg4JT8LCsQgd0AaD3r0QOS5FdLhkb+rD8EMSsCoOCEtPI6lqLJCrGOQWj7zbcUdPOEsczWMI9hSfK3u/P9+gOUBUFkb0gBIn3WvNuHifIHpsZ5bzbR+SGtu5Tgc7CCCPyNgz1Beb247";
-// an ECC 384 CA-signed cert
-char cert_b64[]="MIIDCDCCAXACAQcwDQYJKoZIhvcNAQEMBQAwYjELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ0wCwYDVQQDDARNaWtlMB4XDTE1MTEyNjE1MzU1M1oXDTE3MTEyNTE1MzU1M1owYDELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEQMA4GA1UECgwHQ2VydGl2bzENMAsGA1UECwwETGFiczENMAsGA1UEAwwEbWlrZTB2MBAGByqGSM49AgEGBSuBBAAiA2IABJ1J+FT5mxxYEM4aYKM0CvZHmh8JFXzoBmzibabrvyTz79+1QOrR+6MEEsKtmJIYPJi+GsQ0PmjF2HmJncM1zeQh7DQYJf2Xc8p5Vjd8//6YREBVfN3UIyrl87MSucy+mjANBgkqhkiG9w0BAQwFAAOCAYEAmuwa64+K1qlCELpcnCyWwMhSb+Zsw0Hh6q/BfxalZhsX1UFEwE9nHoVJcokaEEYF4u4AYXU5rdysRHxYBfgMbohguTT7sJwCfve2JqpqvhQOkGDG1DB4Ho4y7NPPYB2+UMd7JMD0TOcHXdgQ8FtAE0ClD8VkW0gAC0lCrbQbynfLoUjIWqg3w2g79hvdZPgRt208nFiHuezynOaEFePoXl8CxHInsxAnMaJn2fEs5/QH67pwD65mPdNFsvlr0zdzYcceqEmEHpRAXFOQAJtffGjWAGGX/CsghLuqlpdCiTGA1B53XoXKJvArr/kHpTNMsU1NnkQIHZ5n4USCo4QgL6n9nwem7U2mYBYjmxPi5Y3JJnTZz4zUnv0bD0vSwoivnFZox9H6qTAkeIX1ojJ2ujxWHNOMvOFb6nU2gqNZj2vYcO38OIrK9gwM9lm4FF20YBuf
h+WOzQthrHJv0YuQt3NuDQEMkvz+23YvzZlr+e2XqDlMhyR01Kk0MXeLGGcv";
-
-// ** CA is ECC 384 based - - for use with NIST384 build of library - assumes use of SHA384 in Certs
-// ECC 384 Self-Signed CA Cert
-//char ca_b64[]="MIICSTCCAc6gAwIBAgIJAIwHpOFSZLXnMAoGCCqGSM49BAMDMGIxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDENMAsGA1UEAwwEbWlrZTAeFw0xNTExMjYxNTQ0NTlaFw0yMDExMjUxNTQ0NTlaMGIxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDENMAsGA1UEAwwEbWlrZTB2MBAGByqGSM49AgEGBSuBBAAiA2IABOEPMYBqzIn1hJAMZ0aEVxQ08gBF2aSfWtEJtmKj64014w7VfWdeFQSIMP9SjmhatFbAvxep8xgcwbeAobGTqCgUp+0EdFZR1ktKSND/S+UDU1YSNCFRvlNTJ6YmXUkW36NQME4wHQYDVR0OBBYEFDQxIZoKNniNuW91UMJ1KWEjs045MB8GA1UdIwQYMBaAFDQxIZoKNniNuW91UMJ1KWEjs045MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwMDaQAwZgIxANbml6sp5A92qQiCM/OtBf+TbXpSpIO83TuNP9V2lsphp0CEX3KwAuqBXB95m9/xWAIxAOXAT2LqieSbUh4fpxcdaeY01RoGtD2AQch1a6BuIugcQqTfqLcXy7D51R70R729sA==";
-// an ECC 384 CA-signed cert
-//char cert_b64[]="MIICCjCCAZACAQgwCgYIKoZIzj0EAwMwYjELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ0wCwYDVQQDDARtaWtlMB4XDTE1MTEyNjE1NTIxMFoXDTE3MTEyNTE1NTIxMFowgYIxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xETAPBgNVBAoMCENlcnRpdm94MQ0wCwYDVQQLDARMYWJzMQ0wCwYDVQQDDARtaWtlMR8wHQYJKoZIhvcNAQkBFhBtc2NvdHRAaW5kaWdvLmllMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEf2Qm6jH2U+vhAApsMqH9gzGCH8rk+mUwFSD3Uud4NiyPBqrJRC1eetVvr3cYb6ucDTa15km6QKvZZrsRW+Z4ZpryoEE6esmD4XPLrtrOtoxtxFNRhiMmT/M9zcrfMJC5MAoGCCqGSM49BAMDA2gAMGUCMF0x6PAvvnJR3riZdUPC4OWFC2K3eiz3QuLCdFOZVIqX7mkLftdS8BtzusXWMMgFCQIxALJNMKLs39P9wYQHu1C+v9ieltQr20C+WVYxqUvgL/KTdxd9dzc3wseZRDT1CydqOA==";
-// an RSA 3072 CA-signed cert
-//char cert_b64[]="MIIDFjCCAp4CAQkwCgYIKoZIzj0EAwMwYjELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ0wCwYDVQQDDARtaWtlMB4XDTE1MTEyNjE2MTYwNloXDTE3MTEyNTE2MTYwNlowYzELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjERMA8GA1UECgwIQ2VydGl2b3gxDTALBgNVBAsMBGxhYnMxDzANBgNVBAMMBmtlYWxhbjCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAK5QhVjR+UGt3ZWPSGicpviqaOhxXmmvOepdl5Seqr+Iweb3IuEDgtHGwrw/EEgWlKPfS/2LW9ncptdNbVQh7+2rojj7ZtedrAK5p7I9b22f2U3sSHIqjtTT0BjqzL0qEwy/ATqbf93Tcr3yT0Ygh3yzbvn4zodrWQZK8kkN3PQKkiHBCuIxo+8MlTs8d99dl1hbJ84MYZuPmhrkB4oLEAt8+srtL+a4Yd0wPhuCYrLjBnYkD9TlcWLWWh8/iwXiznrY8gQsXSveQNzQjcmHilZrTlTL2dnyI2v7BAXXHSwo6UeES0n064fnYTr3JB0GArMcty6RD3E7xr64HNzzTE2+8cDxufNvU0tq2Z72oZ9cAReHUL5P6mLfORI+AhtCHrXGJch/F07ZX9h8UFpzok8NK5++Q7lHKuezTYRRPlDL5hDB3BUpBwvILdqujcbNil04cuLRBNT/WgqRXEBRjlHLgZaLChFV2VSJ9Z1Uke2lfm5X2O0XPQLhjMSiuvr4HwIDAQABMAoGCCqGSM49BAMDA2YAMGMCLxHSQAYP2EsuIpR4TzDDSIlsw4BBsD7W0ZfH91v9J0j5UWQJD/
yNjMtyA2Qlkq/0AjB+SJQbLgycNJH5SnR/X5wx26/62ln9s0swUtlCYVtNzyEQ3YRHSZbmTbh16RUT7Ak=";
-
-#endif
-
-#if CHOICE==NIST521
-
-#include "ecdh_NIST521.h"
-#include "rsa_4096.h"
-
-// ** CA is ECC 521 based - - for use with NIST521 build of library - assumes use of SHA512 in Certs
-// ECC 521 Self-Signed CA Cert
-char ca_b64[]="MIIC+TCCAlqgAwIBAgIJAKlppiHsRpY8MAoGCCqGSM49BAMEMIGUMQswCQYDVQQGEwJJRTEQMA4GA1UECAwHSXJlbGFuZDEPMA0GA1UEBwwGRHVibGluMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDTALBgNVBAsMBExhYnMxDzANBgNVBAMMBm1zY290dDEfMB0GCSqGSIb3DQEJARYQbXNjb3R0QGluZGlnby5pZTAeFw0xNTEyMDExMzE5MjZaFw0yMDExMzAxMzE5MjZaMIGUMQswCQYDVQQGEwJJRTEQMA4GA1UECAwHSXJlbGFuZDEPMA0GA1UEBwwGRHVibGluMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDTALBgNVBAsMBExhYnMxDzANBgNVBAMMBm1zY290dDEfMB0GCSqGSIb3DQEJARYQbXNjb3R0QGluZGlnby5pZTCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAKUj6Qa4Vr1vyango8XHlLIIEzY9IVppdpGUrMlNfo0Spu+AXGhnluwJTZXOYLi8jSIPEAL7vuwS5H6uPPIz1QWXALRETVYAQfK0pIfPHq+edTHVTXMcAUpdNla2d4LwYO7HpkSQFHd7aaDN3yVhSL2J0LBLgy0wGkEHuyK1O2r0xNu6o1AwTjAdBgNVHQ4EFgQU966PLshKffU/NRCivMmNq8RiRkAwHwYDVR0jBBgwFoAU966PLshKffU/NRCivMmNq8RiRkAwDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDBAOBjAAwgYgCQgHkLczeTWXq5BfY0bsTOSNU8bYy39OhiQ8wr5rlXY0zOg0fDyokueL4dhkXp8FjbIyUfQBY5OMxjtcn2p+cXU+6MwJCAci61REgxZvjpf1X8pGeSsOKa7GhfsfVnbQm+LQmjVmhMHbVRk
Q4h93CENN4MH/86XNozO9USh+ydTislAcXvCb0";
-// an ECC 521 CA-signed cert
-char cert_b64[]="MIICZjCCAccCAQMwCgYIKoZIzj0EAwQwgZQxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDENMAsGA1UECwwETGFiczEPMA0GA1UEAwwGbXNjb3R0MR8wHQYJKoZIhvcNAQkBFhBtc2NvdHRAaW5kaWdvLmllMB4XDTE1MTIwMTEzMjkxN1oXDTE3MTEzMDEzMjkxN1owYTELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjERMA8GA1UECgwIQ2VydGlWb3gxDTALBgNVBAsMBExhYnMxDTALBgNVBAMMBE1pa2UwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAAva/N4kP2LMSGJZ5tvULlfdNx2M/+xYeCrQkuFmY8sG+mdcUAaSx819fztn2jz1nfdTJnuj79AhfUOL8hlTW14BwErp3DnqWa7Y/rpSJP+AsnJ2bZg4yGUDfVy/Q0AQychSzJm2oGRfdliyBIc+2SoQJ/Rf0ZVKVJ5FfRbWUUiKqYUqjAKBggqhkjOPQQDBAOBjAAwgYgCQgFE1Y7d9aBdxpZqROtkdVNG8XBCTSlMX0fISWkSM8ZEiQfYf7YgXzLjk8wHnv04Mv6kmAuV0V1AHs2M0/753CYEfAJCAPZo801McsGe+3jYALrFFw9Wj7KQC/sFEJ7/I+PYyJtrlfTTqmV0IFKdJzjEsk7ic+Gd4Nbs6kIe1GyYbrcyC4wT";
-
-#endif
-
-char io[5000];
-octet IO= {0,sizeof(io),io};
-
-#define MAXMODBYTES 72
-#define MAXFFLEN 16
-
-char sig[MAXMODBYTES*MAXFFLEN];
-octet SIG= {0,sizeof(sig),sig};
-
-char r[MAXMODBYTES];
-octet R= {0,sizeof(r),r};
-
-char s[MAXMODBYTES];
-octet S= {0,sizeof(s),s};
-
-char cakey[MAXMODBYTES*MAXFFLEN];
-octet CAKEY= {0,sizeof(cakey),cakey};
-
-char certkey[MAXMODBYTES*MAXFFLEN];
-octet CERTKEY= {0,sizeof(certkey),certkey};
-
-char h[5000];
-octet H= {0,sizeof(h),h};
-
-char hh[5000];
-octet HH= {0,sizeof(hh),hh};
-
-char hp[RFS_2048];
-octet HP= {0,sizeof(hp),hp};
-
-
-int main()
-{
- int res,len,sha;
- int c,ic;
- rsa_public_key_2048 PK;
- pktype st,ca,pt;
-
- printf("First check signature on self-signed cert and extract CA public key\n");
- OCT_frombase64(&IO,ca_b64);
- printf("CA Self-Signed Cert= \n");
- OCT_output(&IO);
- printf("\n");
-
- st=X509_extract_cert_sig(&IO,&SIG); // returns signature type
-
- if (st.type==0)
- {
- printf("Unable to extract cert signature\n");
- return 0;
- }
-
- if (st.type==ECC)
- {
- OCT_chop(&SIG,&S,SIG.len/2);
- OCT_copy(&R,&SIG);
- printf("ECC SIG= \n");
- OCT_output(&R);
- OCT_output(&S);
- printf("\n");
- }
-
- if (st.type==RSA)
- {
- printf("RSA SIG= \n");
- OCT_output(&SIG);
- printf("\n");
- }
-
- if (st.hash==H256) printf("Hashed with SHA256\n");
- if (st.hash==H384) printf("Hashed with SHA384\n");
- if (st.hash==H512) printf("Hashed with SHA512\n");
-
-// Extract Cert from signed Cert
-
- c=X509_extract_cert(&IO,&H);
-
- printf("\nCert= \n");
- OCT_output(&H);
- printf("\n");
-
-// show some details
- printf("Issuer Details\n");
- ic=X509_find_issuer(&H);
- c=X509_find_entity_property(&H,&ON,ic,&len);
- print_out("owner=",&H,c,len);
- c=X509_find_entity_property(&H,&CN,ic,&len);
- print_out("country=",&H,c,len);
- c=X509_find_entity_property(&H,&EN,ic,&len);
- print_out("email=",&H,c,len);
- printf("\n");
-
- ca=X509_extract_public_key(&H,&CAKEY);
-
- if (ca.type==0)
- {
- printf("Not supported by library\n");
- return 0;
- }
- if (ca.type!=st.type)
- {
- printf("Not self-signed\n");
- }
-
- if (ca.type==ECC)
- {
- printf("EXTRACTED ECC PUBLIC KEY= \n");
- OCT_output(&CAKEY);
- }
- if (ca.type==RSA)
- {
- printf("EXTRACTED RSA PUBLIC KEY= \n");
- OCT_output(&CAKEY);
- }
- printf("\n");
-
-// Cert is self-signed - so check signature
-
- printf("Checking Self-Signed Signature\n");
- if (ca.type==ECC)
- {
- if (ca.curve!=CHOICE)
- {
- printf("Curve is not supported\n");
- return 0;
- }
- res=ECP_NIST256_PUBLIC_KEY_VALIDATE(1,&CAKEY);
- if (res!=0)
- {
- printf("ECP Public Key is invalid!\n");
- return 0;
- }
- else printf("ECP Public Key is Valid\n");
-
- sha=0;
-
- if (st.hash==H256) sha=SHA256;
- if (st.hash==H384) sha=SHA384;
- if (st.hash==H512) sha=SHA512;
- if (st.hash==0)
- {
- printf("Hash Function not supported\n");
- return 0;
- }
-
- if (ECP_NIST256_VP_DSA(sha,&CAKEY,&H,&R,&S)!=0)
- {
- printf("***ECDSA Verification Failed\n");
- return 0;
- }
- else
- printf("ECDSA Signature/Verification succeeded \n");
- }
-
- if (ca.type==RSA)
- {
- if (ca.curve!=2048)
- {
- printf("RSA bit size is not supported\n");
- return 0;
- }
- PK.e=65537; // assuming this!
- RSA_2048_fromOctet(PK.n,&CAKEY);
-
- sha=0;
-
- if (st.hash==H256) sha=SHA256;
- if (st.hash==H384) sha=SHA384;
- if (st.hash==H512) sha=SHA512;
- if (st.hash==0)
- {
- printf("Hash Function not supported\n");
- return 0;
- }
- PKCS15(sha,&H,&HP);
-
- RSA_2048_ENCRYPT(&PK,&SIG,&HH);
-
- if (OCT_comp(&HP,&HH))
- printf("RSA Signature/Verification succeeded \n");
- else
- {
- printf("***RSA Verification Failed\n");
- return 0;
- }
- }
-
- printf("\nNext check CA signature on cert, and extract public key\n");
-
- OCT_frombase64(&IO,cert_b64);
- printf("Example Cert= \n");
- OCT_output(&IO);
- printf("\n");
-
- st=X509_extract_cert_sig(&IO,&SIG);
-
- if (st.type==0)
- {
- printf("Unable to check cert signature\n");
- return 0;
- }
-
- if (st.type==ECC)
- {
- OCT_chop(&SIG,&S,SIG.len/2);
- OCT_copy(&R,&SIG);
- printf("SIG= \n");
- OCT_output(&R);
-
- OCT_output(&S);
-
- printf("\n");
- }
-
- if (st.type==RSA)
- {
- printf("SIG= \n");
- OCT_output(&SIG);
- printf("\n");
- }
-
- c=X509_extract_cert(&IO,&H);
-
- printf("Cert= \n");
- OCT_output(&H);
- printf("\n");
-
- printf("Subject Details\n");
- ic=X509_find_subject(&H);
- c=X509_find_entity_property(&H,&ON,ic,&len);
- print_out("owner=",&H,c,len);
- c=X509_find_entity_property(&H,&CN,ic,&len);
- print_out("country=",&H,c,len);
- c=X509_find_entity_property(&H,&EN,ic,&len);
- print_out("email=",&H,c,len);
- printf("\n");
-
- ic=X509_find_validity(&H);
- c=X509_find_start_date(&H,ic);
- print_date("start date= ",&H,c);
- c=X509_find_expiry_date(&H,ic);
- print_date("expiry date=",&H,c);
- printf("\n");
-
- pt=X509_extract_public_key(&H,&CERTKEY);
-
- if (pt.type==0)
- {
- printf("Not supported by library\n");
- return 0;
- }
-
- if (pt.type==ECC)
- {
- printf("EXTRACTED ECC PUBLIC KEY= \n");
- OCT_output(&CERTKEY);
- }
- if (pt.type==RSA)
- {
- printf("EXTRACTED RSA PUBLIC KEY= \n");
- OCT_output(&CERTKEY);
- }
-
- printf("\n");
-
- /* Check CA signature */
-
- if (ca.type==ECC)
- {
- printf("Checking CA's ECC Signature on Cert\n");
- res=ECP_NIST256_PUBLIC_KEY_VALIDATE(1,&CAKEY);
- if (res!=0)
- printf("ECP Public Key is invalid!\n");
- else printf("ECP Public Key is Valid\n");
-
- sha=0;
-
- if (st.hash==H256) sha=SHA256;
- if (st.hash==H384) sha=SHA384;
- if (st.hash==H512) sha=SHA512;
- if (st.hash==0)
- {
- printf("Hash Function not supported\n");
- return 0;
- }
-
- if (ECP_NIST256_VP_DSA(sha,&CAKEY,&H,&R,&S)!=0)
- printf("***ECDSA Verification Failed\n");
- else
- printf("ECDSA Signature/Verification succeeded \n");
- }
-
- if (ca.type==RSA)
- {
- printf("Checking CA's RSA Signature on Cert\n");
- PK.e=65537; // assuming this!
- RSA_2048_fromOctet(PK.n,&CAKEY);
-
- sha=0;
-
- if (st.hash==H256) sha=SHA256;
- if (st.hash==H384) sha=SHA384;
- if (st.hash==H512) sha=SHA512;
- if (st.hash==0)
- {
- printf("Hash Function not supported\n");
- return 0;
- }
- PKCS15(sha,&H,&HP);
-
- RSA_2048_ENCRYPT(&PK,&SIG,&HH);
-
- if (OCT_comp(&HP,&HH))
- printf("RSA Signature/Verification succeeded \n");
- else
- printf("***RSA Verification Failed\n");
-
- }
-
- return 0;
-}
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/x509.h
----------------------------------------------------------------------
diff --git a/version3/c/x509.h b/version3/c/x509.h
deleted file mode 100644
index 2c4a7b9..0000000
--- a/version3/c/x509.h
+++ /dev/null
@@ -1,109 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL x509 header file */
-
-/**
- * @file x509.h
- * @author Mike Scott
- * @brief X509 function Header File
- *
- */
-
-#ifndef X509_H
-#define X509_H
-
-/**
- * @brief Public key type
- */
-typedef struct
-{
- int type; /**< signature type (ECC or RSA) */
- int hash; /**< hash type */
- int curve; /**< elliptic curve used or RSA key length in bits */
-} pktype;
-
-
-/* X.509 functions */
-/** @brief Extract certificate signature
- *
- @param c an X.509 certificate
- @param s the extracted signature
- @return 0 on failure, or indicator of signature type (ECC or RSA)
-
-*/
-extern pktype X509_extract_cert_sig(octet *c,octet *s);
-/** @brief
- *
- @param sc a signed certificate
- @param c the extracted certificate
- @return 0 on failure
-*/
-extern int X509_extract_cert(octet *sc,octet *c);
-/** @brief
- *
- @param c an X.509 certificate
- @param k the extracted key
- @return 0 on failure, or indicator of public key type (ECC or RSA)
-*/
-extern pktype X509_extract_public_key(octet *c,octet *k);
-/** @brief
- *
- @param c an X.509 certificate
- @return 0 on failure, or pointer to issuer field in cert
-*/
-extern int X509_find_issuer(octet *c);
-/** @brief
- *
- @param c an X.509 certificate
- @return 0 on failure, or pointer to validity field in cert
-*/
-extern int X509_find_validity(octet *c);
-/** @brief
- *
- @param c an X.509 certificate
- @return 0 on failure, or pointer to subject field in cert
-*/
-extern int X509_find_subject(octet *c);
-/** @brief
- *
- @param c an X.509 certificate
- @param S is OID of property we are looking for
- @param s is a pointer to the section of interest in the cert
- @param f is pointer to the length of the property
- @return 0 on failure, or pointer to the property
-*/
-extern int X509_find_entity_property(octet *c,octet *S,int s,int *f);
-/** @brief
- *
- @param c an X.509 certificate
- @param s is a pointer to the start of the validity field
- @return 0 on failure, or pointer to the start date
-*/
-extern int X509_find_start_date(octet *c,int s);
-/** @brief
- *
- @param c an X.509 certificate
- @param s is a pointer to the start of the validity field
- @return 0 on failure, or pointer to the expiry date
-*/
-extern int X509_find_expiry_date(octet *c,int s);
-
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/check.cpp
----------------------------------------------------------------------
diff --git a/version3/check.cpp b/version3/check.cpp
deleted file mode 100644
index 5835644..0000000
--- a/version3/check.cpp
+++ /dev/null
@@ -1,108 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Utility to recommend best choice for BASEBITS
-
-(MINGW build)
-
-g++ -O2 check.cpp big.cpp miracl.a -o check.exe */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "big.h"
-
-using namespace std;
-
-Miracl precision=20;
-
-// calculate maximum excess given base, length in words, length in bits
-int maxxes(int b,int n,int m)
-{
- int mx=n*b-m;
- int tp=m%b;
- if (mx >= tp)
- mx=tp-1;
- return mx;
-}
-
-int main(int argc, char *argv[])
-{
- int p,w,b,n,s,t,e,ex,mx;
- Big lhs,rhs;
-
- argc--; argv++;
-
- if (argc!=2)
- {
- printf("Bad arguments\n");
- printf("check wordlength modulus-length\n");
- printf("Wordlength can be 16, 32 or 64 (or 26 for Javascript)\n");
- printf("Example:\n");
- printf("check 32 256\n");
- printf("Outputs choices for BASEBITS, number of words per Big, and number of spare bits\n");
- printf("Normally choose for minimum words per Big, and maximum excess bits\n");
- printf("Ideally >=5 excess bits for Edwards curves\n");
- printf("Ideally >=10 excess bits for Weierstrass curves\n");
- printf("Ideally >=23 excess bits for pairings\n");
- exit(0);
- }
-
- n=atoi(argv[0]);
- p=atoi(argv[1]); // Number of bits in prime modulus
-
- if (n!=16 && n!=26 && n!=32 && n!=64)
- {
- printf("wordlength must be 16, 32 or 64 (or 26 for Javascript)\n");
- return 0;
- }
-
- rhs=pow((Big)2,2*n-1);
- e=3; // need at least 3 bits to allow adds and subtracts without normalisation
- if (n==26)
- {
- rhs*=2; // no sign bit to worry about in Javascript
- e=1; // not an issue for Javascript
- }
-
- for (b=n-e;b>=n-8;b--)
- {
- if (n==64 && b%2!=0) continue; // insist on even values for 64-bit builds
- w=p/b; if (p%b!=0) w++;
- s=w*b-p;
-
- lhs=(w+2)*pow((Big)2,2*b); // sum of products plus carry plus one for redc
-
- if (lhs>=rhs) {printf("Stability violation for BASEBITS= %d\n",b); continue;}
-
- mx=s;
- if (mx>(n-4)/2)
- mx=(n-4)/2;
-
-// At least 4 bits spare needed for field excess.
- if (mx<4) {printf("Not enough Fp excess for BASEBITS= %d\n",b); continue;}
-// At least 2 spare bits needed for FF excess
- t=b*(1+(p-1)/b) - 8*(1+(p-1)/8);
- if (t<2 || t>=b) {printf("Not enough FF excess for BASEBITS= %d\n",b);}
-
- printf("Solution for BASEBITS= %d, Words Per Big=%d, Max excess= %d\n",b,w,mx);
- }
-
- return 0;
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/cpp/aes.cpp
----------------------------------------------------------------------
diff --git a/version3/cpp/aes.cpp b/version3/cpp/aes.cpp
deleted file mode 100644
index 4d4c325..0000000
--- a/version3/cpp/aes.cpp
+++ /dev/null
@@ -1,706 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-
-/*
- * Implementation of the NIST Advanced Ecryption Standard
- *
- * SU=m, SU is Stack Usage
- */
-
-#include <stdlib.h>
-
-
-#include "arch.h"
-#include "amcl.h"
-
-/* this is fixed */
-#define NB 4
-
-/* Rotates 32-bit word left by 1, 2 or 3 byte */
-
-#define ROTL8(x) (((x)<<8)|((x)>>24))
-#define ROTL16(x) (((x)<<16)|((x)>>16))
-#define ROTL24(x) (((x)<<24)|((x)>>8))
-
-static const uchar InCo[4]= {0xB,0xD,0x9,0xE}; /* Inverse Coefficients */
-
-static const uchar ptab[]=
-{
- 1,3,5,15,17,51,85,255,26,46,114,150,161,248,19,53,
- 95,225,56,72,216,115,149,164,247,2,6,10,30,34,102,170,
- 229,52,92,228,55,89,235,38,106,190,217,112,144,171,230,49,
- 83,245,4,12,20,60,68,204,79,209,104,184,211,110,178,205,
- 76,212,103,169,224,59,77,215,98,166,241,8,24,40,120,136,
- 131,158,185,208,107,189,220,127,129,152,179,206,73,219,118,154,
- 181,196,87,249,16,48,80,240,11,29,39,105,187,214,97,163,
- 254,25,43,125,135,146,173,236,47,113,147,174,233,32,96,160,
- 251,22,58,78,210,109,183,194,93,231,50,86,250,21,63,65,
- 195,94,226,61,71,201,64,192,91,237,44,116,156,191,218,117,
- 159,186,213,100,172,239,42,126,130,157,188,223,122,142,137,128,
- 155,182,193,88,232,35,101,175,234,37,111,177,200,67,197,84,
- 252,31,33,99,165,244,7,9,27,45,119,153,176,203,70,202,
- 69,207,74,222,121,139,134,145,168,227,62,66,198,81,243,14,
- 18,54,90,238,41,123,141,140,143,138,133,148,167,242,13,23,
- 57,75,221,124,132,151,162,253,28,36,108,180,199,82,246,1
-};
-
-static const uchar ltab[]=
-{
- 0,255,25,1,50,2,26,198,75,199,27,104,51,238,223,3,
- 100,4,224,14,52,141,129,239,76,113,8,200,248,105,28,193,
- 125,194,29,181,249,185,39,106,77,228,166,114,154,201,9,120,
- 101,47,138,5,33,15,225,36,18,240,130,69,53,147,218,142,
- 150,143,219,189,54,208,206,148,19,92,210,241,64,70,131,56,
- 102,221,253,48,191,6,139,98,179,37,226,152,34,136,145,16,
- 126,110,72,195,163,182,30,66,58,107,40,84,250,133,61,186,
- 43,121,10,21,155,159,94,202,78,212,172,229,243,115,167,87,
- 175,88,168,80,244,234,214,116,79,174,233,213,231,230,173,232,
- 44,215,117,122,235,22,11,245,89,203,95,176,156,169,81,160,
- 127,12,246,111,23,196,73,236,216,67,31,45,164,118,123,183,
- 204,187,62,90,251,96,177,134,59,82,161,108,170,85,41,157,
- 151,178,135,144,97,190,220,252,188,149,207,205,55,63,91,209,
- 83,57,132,60,65,162,109,71,20,42,158,93,86,242,211,171,
- 68,17,146,217,35,32,46,137,180,124,184,38,119,153,227,165,
- 103,74,237,222,197,49,254,24,13,99,140,128,192,247,112,7
-};
-
-static const uchar fbsub[]=
-{
- 99,124,119,123,242,107,111,197,48,1,103,43,254,215,171,118,
- 202,130,201,125,250,89,71,240,173,212,162,175,156,164,114,192,
- 183,253,147,38,54,63,247,204,52,165,229,241,113,216,49,21,
- 4,199,35,195,24,150,5,154,7,18,128,226,235,39,178,117,
- 9,131,44,26,27,110,90,160,82,59,214,179,41,227,47,132,
- 83,209,0,237,32,252,177,91,106,203,190,57,74,76,88,207,
- 208,239,170,251,67,77,51,133,69,249,2,127,80,60,159,168,
- 81,163,64,143,146,157,56,245,188,182,218,33,16,255,243,210,
- 205,12,19,236,95,151,68,23,196,167,126,61,100,93,25,115,
- 96,129,79,220,34,42,144,136,70,238,184,20,222,94,11,219,
- 224,50,58,10,73,6,36,92,194,211,172,98,145,149,228,121,
- 231,200,55,109,141,213,78,169,108,86,244,234,101,122,174,8,
- 186,120,37,46,28,166,180,198,232,221,116,31,75,189,139,138,
- 112,62,181,102,72,3,246,14,97,53,87,185,134,193,29,158,
- 225,248,152,17,105,217,142,148,155,30,135,233,206,85,40,223,
- 140,161,137,13,191,230,66,104,65,153,45,15,176,84,187,22
-};
-
-static const uchar rbsub[]=
-{
- 82,9,106,213,48,54,165,56,191,64,163,158,129,243,215,251,
- 124,227,57,130,155,47,255,135,52,142,67,68,196,222,233,203,
- 84,123,148,50,166,194,35,61,238,76,149,11,66,250,195,78,
- 8,46,161,102,40,217,36,178,118,91,162,73,109,139,209,37,
- 114,248,246,100,134,104,152,22,212,164,92,204,93,101,182,146,
- 108,112,72,80,253,237,185,218,94,21,70,87,167,141,157,132,
- 144,216,171,0,140,188,211,10,247,228,88,5,184,179,69,6,
- 208,44,30,143,202,63,15,2,193,175,189,3,1,19,138,107,
- 58,145,17,65,79,103,220,234,151,242,207,206,240,180,230,115,
- 150,172,116,34,231,173,53,133,226,249,55,232,28,117,223,110,
- 71,241,26,113,29,41,197,137,111,183,98,14,170,24,190,27,
- 252,86,62,75,198,210,121,32,154,219,192,254,120,205,90,244,
- 31,221,168,51,136,7,199,49,177,18,16,89,39,128,236,95,
- 96,81,127,169,25,181,74,13,45,229,122,159,147,201,156,239,
- 160,224,59,77,174,42,245,176,200,235,187,60,131,83,153,97,
- 23,43,4,126,186,119,214,38,225,105,20,99,85,33,12,125
-};
-
-static const unsign32 rco[]=
-{1,2,4,8,16,32,64,128,27,54,108,216,171,77,154,47};
-
-static const unsign32 ftable[]=
-{
- 0xa56363c6,0x847c7cf8,0x997777ee,0x8d7b7bf6,0xdf2f2ff,0xbd6b6bd6,
- 0xb16f6fde,0x54c5c591,0x50303060,0x3010102,0xa96767ce,0x7d2b2b56,
- 0x19fefee7,0x62d7d7b5,0xe6abab4d,0x9a7676ec,0x45caca8f,0x9d82821f,
- 0x40c9c989,0x877d7dfa,0x15fafaef,0xeb5959b2,0xc947478e,0xbf0f0fb,
- 0xecadad41,0x67d4d4b3,0xfda2a25f,0xeaafaf45,0xbf9c9c23,0xf7a4a453,
- 0x967272e4,0x5bc0c09b,0xc2b7b775,0x1cfdfde1,0xae93933d,0x6a26264c,
- 0x5a36366c,0x413f3f7e,0x2f7f7f5,0x4fcccc83,0x5c343468,0xf4a5a551,
- 0x34e5e5d1,0x8f1f1f9,0x937171e2,0x73d8d8ab,0x53313162,0x3f15152a,
- 0xc040408,0x52c7c795,0x65232346,0x5ec3c39d,0x28181830,0xa1969637,
- 0xf05050a,0xb59a9a2f,0x907070e,0x36121224,0x9b80801b,0x3de2e2df,
- 0x26ebebcd,0x6927274e,0xcdb2b27f,0x9f7575ea,0x1b090912,0x9e83831d,
- 0x742c2c58,0x2e1a1a34,0x2d1b1b36,0xb26e6edc,0xee5a5ab4,0xfba0a05b,
- 0xf65252a4,0x4d3b3b76,0x61d6d6b7,0xceb3b37d,0x7b292952,0x3ee3e3dd,
- 0x712f2f5e,0x97848413,0xf55353a6,0x68d1d1b9,0x0,0x2cededc1,
- 0x60202040,0x1ffcfce3,0xc8b1b179,0xed5b5bb6,0xbe6a6ad4,0x46cbcb8d,
- 0xd9bebe67,0x4b393972,0xde4a4a94,0xd44c4c98,0xe85858b0,0x4acfcf85,
- 0x6bd0d0bb,0x2aefefc5,0xe5aaaa4f,0x16fbfbed,0xc5434386,0xd74d4d9a,
- 0x55333366,0x94858511,0xcf45458a,0x10f9f9e9,0x6020204,0x817f7ffe,
- 0xf05050a0,0x443c3c78,0xba9f9f25,0xe3a8a84b,0xf35151a2,0xfea3a35d,
- 0xc0404080,0x8a8f8f05,0xad92923f,0xbc9d9d21,0x48383870,0x4f5f5f1,
- 0xdfbcbc63,0xc1b6b677,0x75dadaaf,0x63212142,0x30101020,0x1affffe5,
- 0xef3f3fd,0x6dd2d2bf,0x4ccdcd81,0x140c0c18,0x35131326,0x2fececc3,
- 0xe15f5fbe,0xa2979735,0xcc444488,0x3917172e,0x57c4c493,0xf2a7a755,
- 0x827e7efc,0x473d3d7a,0xac6464c8,0xe75d5dba,0x2b191932,0x957373e6,
- 0xa06060c0,0x98818119,0xd14f4f9e,0x7fdcdca3,0x66222244,0x7e2a2a54,
- 0xab90903b,0x8388880b,0xca46468c,0x29eeeec7,0xd3b8b86b,0x3c141428,
- 0x79dedea7,0xe25e5ebc,0x1d0b0b16,0x76dbdbad,0x3be0e0db,0x56323264,
- 0x4e3a3a74,0x1e0a0a14,0xdb494992,0xa06060c,0x6c242448,0xe45c5cb8,
- 0x5dc2c29f,0x6ed3d3bd,0xefacac43,0xa66262c4,0xa8919139,0xa4959531,
- 0x37e4e4d3,0x8b7979f2,0x32e7e7d5,0x43c8c88b,0x5937376e,0xb76d6dda,
- 0x8c8d8d01,0x64d5d5b1,0xd24e4e9c,0xe0a9a949,0xb46c6cd8,0xfa5656ac,
- 0x7f4f4f3,0x25eaeacf,0xaf6565ca,0x8e7a7af4,0xe9aeae47,0x18080810,
- 0xd5baba6f,0x887878f0,0x6f25254a,0x722e2e5c,0x241c1c38,0xf1a6a657,
- 0xc7b4b473,0x51c6c697,0x23e8e8cb,0x7cdddda1,0x9c7474e8,0x211f1f3e,
- 0xdd4b4b96,0xdcbdbd61,0x868b8b0d,0x858a8a0f,0x907070e0,0x423e3e7c,
- 0xc4b5b571,0xaa6666cc,0xd8484890,0x5030306,0x1f6f6f7,0x120e0e1c,
- 0xa36161c2,0x5f35356a,0xf95757ae,0xd0b9b969,0x91868617,0x58c1c199,
- 0x271d1d3a,0xb99e9e27,0x38e1e1d9,0x13f8f8eb,0xb398982b,0x33111122,
- 0xbb6969d2,0x70d9d9a9,0x898e8e07,0xa7949433,0xb69b9b2d,0x221e1e3c,
- 0x92878715,0x20e9e9c9,0x49cece87,0xff5555aa,0x78282850,0x7adfdfa5,
- 0x8f8c8c03,0xf8a1a159,0x80898909,0x170d0d1a,0xdabfbf65,0x31e6e6d7,
- 0xc6424284,0xb86868d0,0xc3414182,0xb0999929,0x772d2d5a,0x110f0f1e,
- 0xcbb0b07b,0xfc5454a8,0xd6bbbb6d,0x3a16162c
-};
-
-static const unsign32 rtable[]=
-{
- 0x50a7f451,0x5365417e,0xc3a4171a,0x965e273a,0xcb6bab3b,0xf1459d1f,
- 0xab58faac,0x9303e34b,0x55fa3020,0xf66d76ad,0x9176cc88,0x254c02f5,
- 0xfcd7e54f,0xd7cb2ac5,0x80443526,0x8fa362b5,0x495ab1de,0x671bba25,
- 0x980eea45,0xe1c0fe5d,0x2752fc3,0x12f04c81,0xa397468d,0xc6f9d36b,
- 0xe75f8f03,0x959c9215,0xeb7a6dbf,0xda595295,0x2d83bed4,0xd3217458,
- 0x2969e049,0x44c8c98e,0x6a89c275,0x78798ef4,0x6b3e5899,0xdd71b927,
- 0xb64fe1be,0x17ad88f0,0x66ac20c9,0xb43ace7d,0x184adf63,0x82311ae5,
- 0x60335197,0x457f5362,0xe07764b1,0x84ae6bbb,0x1ca081fe,0x942b08f9,
- 0x58684870,0x19fd458f,0x876cde94,0xb7f87b52,0x23d373ab,0xe2024b72,
- 0x578f1fe3,0x2aab5566,0x728ebb2,0x3c2b52f,0x9a7bc586,0xa50837d3,
- 0xf2872830,0xb2a5bf23,0xba6a0302,0x5c8216ed,0x2b1ccf8a,0x92b479a7,
- 0xf0f207f3,0xa1e2694e,0xcdf4da65,0xd5be0506,0x1f6234d1,0x8afea6c4,
- 0x9d532e34,0xa055f3a2,0x32e18a05,0x75ebf6a4,0x39ec830b,0xaaef6040,
- 0x69f715e,0x51106ebd,0xf98a213e,0x3d06dd96,0xae053edd,0x46bde64d,
- 0xb58d5491,0x55dc471,0x6fd40604,0xff155060,0x24fb9819,0x97e9bdd6,
- 0xcc434089,0x779ed967,0xbd42e8b0,0x888b8907,0x385b19e7,0xdbeec879,
- 0x470a7ca1,0xe90f427c,0xc91e84f8,0x0,0x83868009,0x48ed2b32,
- 0xac70111e,0x4e725a6c,0xfbff0efd,0x5638850f,0x1ed5ae3d,0x27392d36,
- 0x64d90f0a,0x21a65c68,0xd1545b9b,0x3a2e3624,0xb1670a0c,0xfe75793,
- 0xd296eeb4,0x9e919b1b,0x4fc5c080,0xa220dc61,0x694b775a,0x161a121c,
- 0xaba93e2,0xe52aa0c0,0x43e0223c,0x1d171b12,0xb0d090e,0xadc78bf2,
- 0xb9a8b62d,0xc8a91e14,0x8519f157,0x4c0775af,0xbbdd99ee,0xfd607fa3,
- 0x9f2601f7,0xbcf5725c,0xc53b6644,0x347efb5b,0x7629438b,0xdcc623cb,
- 0x68fcedb6,0x63f1e4b8,0xcadc31d7,0x10856342,0x40229713,0x2011c684,
- 0x7d244a85,0xf83dbbd2,0x1132f9ae,0x6da129c7,0x4b2f9e1d,0xf330b2dc,
- 0xec52860d,0xd0e3c177,0x6c16b32b,0x99b970a9,0xfa489411,0x2264e947,
- 0xc48cfca8,0x1a3ff0a0,0xd82c7d56,0xef903322,0xc74e4987,0xc1d138d9,
- 0xfea2ca8c,0x360bd498,0xcf81f5a6,0x28de7aa5,0x268eb7da,0xa4bfad3f,
- 0xe49d3a2c,0xd927850,0x9bcc5f6a,0x62467e54,0xc2138df6,0xe8b8d890,
- 0x5ef7392e,0xf5afc382,0xbe805d9f,0x7c93d069,0xa92dd56f,0xb31225cf,
- 0x3b99acc8,0xa77d1810,0x6e639ce8,0x7bbb3bdb,0x97826cd,0xf418596e,
- 0x1b79aec,0xa89a4f83,0x656e95e6,0x7ee6ffaa,0x8cfbc21,0xe6e815ef,
- 0xd99be7ba,0xce366f4a,0xd4099fea,0xd67cb029,0xafb2a431,0x31233f2a,
- 0x3094a5c6,0xc066a235,0x37bc4e74,0xa6ca82fc,0xb0d090e0,0x15d8a733,
- 0x4a9804f1,0xf7daec41,0xe50cd7f,0x2ff69117,0x8dd64d76,0x4db0ef43,
- 0x544daacc,0xdf0496e4,0xe3b5d19e,0x1b886a4c,0xb81f2cc1,0x7f516546,
- 0x4ea5e9d,0x5d358c01,0x737487fa,0x2e410bfb,0x5a1d67b3,0x52d2db92,
- 0x335610e9,0x1347d66d,0x8c61d79a,0x7a0ca137,0x8e14f859,0x893c13eb,
- 0xee27a9ce,0x35c961b7,0xede51ce1,0x3cb1477a,0x59dfd29c,0x3f73f255,
- 0x79ce1418,0xbf37c773,0xeacdf753,0x5baafd5f,0x146f3ddf,0x86db4478,
- 0x81f3afca,0x3ec468b9,0x2c342438,0x5f40a3c2,0x72c31d16,0xc25e2bc,
- 0x8b493c28,0x41950dff,0x7101a839,0xdeb30c08,0x9ce4b4d8,0x90c15664,
- 0x6184cb7b,0x70b632d5,0x745c6c48,0x4257b8d0
-};
-
-#define MR_TOBYTE(x) ((uchar)((x)))
-
-static unsign32 pack(const uchar *b)
-{
- /* pack bytes into a 32-bit Word */
- return ((unsign32)b[3]<<24)|((unsign32)b[2]<<16)|((unsign32)b[1]<<8)|(unsign32)b[0];
-}
-
-static void unpack(unsign32 a,uchar *b)
-{
- /* unpack bytes from a word */
- b[0]=MR_TOBYTE(a);
- b[1]=MR_TOBYTE(a>>8);
- b[2]=MR_TOBYTE(a>>16);
- b[3]=MR_TOBYTE(a>>24);
-}
-
-/* SU= 8 */
-static uchar bmul(uchar x,uchar y)
-{
- /* x.y= AntiLog(Log(x) + Log(y)) */
- if (x && y) return ptab[(ltab[x]+ltab[y])%255];
- else return 0;
-}
-
-static unsign32 SubByte(unsign32 a)
-{
- uchar b[4];
- unpack(a,b);
- b[0]=fbsub[b[0]];
- b[1]=fbsub[b[1]];
- b[2]=fbsub[b[2]];
- b[3]=fbsub[b[3]];
- return pack(b);
-}
-
-/* SU= 16 */
-static uchar product(unsign32 x,unsign32 y)
-{
- /* dot product of two 4-byte arrays */
- uchar xb[4],yb[4];
- unpack(x,xb);
- unpack(y,yb);
- return bmul(xb[0],yb[0])^bmul(xb[1],yb[1])^bmul(xb[2],yb[2])^bmul(xb[3],yb[3]);
-}
-
-static unsign32 InvMixCol(unsign32 x)
-{
- /* matrix Multiplication */
- unsign32 y,m;
- uchar b[4];
-
- m=pack(InCo);
- b[3]=product(m,x);
- m=ROTL24(m);
- b[2]=product(m,x);
- m=ROTL24(m);
- b[1]=product(m,x);
- m=ROTL24(m);
- b[0]=product(m,x);
- y=pack(b);
- return y;
-}
-
-/* SU= 8 */
-/* reset cipher */
-void amcl::AES_reset(amcl::aes *a,int mode,char *iv)
-{
- /* reset mode, or reset iv */
- int i;
- a->mode=mode;
- for (i=0; i<4*NB; i++)
- a->f[i]=0;
- if (mode!=ECB && iv!=NULL)
- {
- for (i=0; i<4*NB; i++)
- a->f[i]=iv[i];
- }
-}
-
-void amcl::AES_getreg(amcl::aes *a,char *ir)
-{
- int i;
- for (i=0; i<4*NB; i++) ir[i]=a->f[i];
-}
-
-/* SU= 72 */
-/* Initialise cipher */
-int amcl::AES_init(amcl::aes* a,int mode,int nk,char *key,char *iv)
-{
- /* Key length Nk=16, 24 or 32 bytes */
- /* Key Scheduler. Create expanded encryption key */
- int i,j,k,N,nr;
- unsign32 CipherKey[8];
-
- nk/=4;
-
- if (nk!=4 && nk!=6 && nk!=8) return 0;
-
- nr=6+nk;
-
- a->Nk=nk;
- a->Nr=nr;
-
- AES_reset(a,mode,iv);
-
- N=NB*(nr+1);
-
- for (i=j=0; i<nk; i++,j+=4)
- {
- CipherKey[i]=pack((uchar *)&key[j]);
- }
- for (i=0; i<nk; i++) a->fkey[i]=CipherKey[i];
- for (j=nk,k=0; j<N; j+=nk,k++)
- {
- a->fkey[j]=a->fkey[j-nk]^SubByte(ROTL24(a->fkey[j-1]))^rco[k];
- if (nk<=6)
- {
- for (i=1; i<nk && (i+j)<N; i++)
- a->fkey[i+j]=a->fkey[i+j-nk]^a->fkey[i+j-1];
- }
- else
- {
- for (i=1; i<4 && (i+j)<N; i++)
- a->fkey[i+j]=a->fkey[i+j-nk]^a->fkey[i+j-1];
- if ((j+4)<N) a->fkey[j+4]=a->fkey[j+4-nk]^SubByte(a->fkey[j+3]);
- for (i=5; i<nk && (i+j)<N; i++)
- a->fkey[i+j]=a->fkey[i+j-nk]^a->fkey[i+j-1];
- }
-
- }
- /* now for the expanded decrypt key in reverse order */
-
- for (j=0; j<NB; j++) a->rkey[j+N-NB]=a->fkey[j];
- for (i=NB; i<N-NB; i+=NB)
- {
- k=N-NB-i;
- for (j=0; j<NB; j++) a->rkey[k+j]=InvMixCol(a->fkey[i+j]);
- }
- for (j=N-NB; j<N; j++) a->rkey[j-N+NB]=a->fkey[j];
- return 1;
-}
-
-/* SU= 80 */
-/* Encrypt a single block */
-void amcl::AES_ecb_encrypt(amcl::aes *a,uchar *buff)
-{
- int i,j,k;
- unsign32 p[4],q[4],*x,*y,*t;
-
- for (i=j=0; i<NB; i++,j+=4)
- {
- p[i]=pack((uchar *)&buff[j]);
- p[i]^=a->fkey[i];
- }
-
- k=NB;
- x=p;
- y=q;
-
- /* State alternates between x and y */
- for (i=1; i<a->Nr; i++)
- {
-
- y[0]=a->fkey[k]^ftable[MR_TOBYTE(x[0])]^
- ROTL8(ftable[MR_TOBYTE(x[1]>>8)])^
- ROTL16(ftable[MR_TOBYTE(x[2]>>16)])^
- ROTL24(ftable[x[3]>>24]);
- y[1]=a->fkey[k+1]^ftable[MR_TOBYTE(x[1])]^
- ROTL8(ftable[MR_TOBYTE(x[2]>>8)])^
- ROTL16(ftable[MR_TOBYTE(x[3]>>16)])^
- ROTL24(ftable[x[0]>>24]);
- y[2]=a->fkey[k+2]^ftable[MR_TOBYTE(x[2])]^
- ROTL8(ftable[MR_TOBYTE(x[3]>>8)])^
- ROTL16(ftable[MR_TOBYTE(x[0]>>16)])^
- ROTL24(ftable[x[1]>>24]);
- y[3]=a->fkey[k+3]^ftable[MR_TOBYTE(x[3])]^
- ROTL8(ftable[MR_TOBYTE(x[0]>>8)])^
- ROTL16(ftable[MR_TOBYTE(x[1]>>16)])^
- ROTL24(ftable[x[2]>>24]);
-
- k+=4;
- t=x;
- x=y;
- y=t; /* swap pointers */
- }
-
- /* Last Round */
-
- y[0]=a->fkey[k]^(unsign32)fbsub[MR_TOBYTE(x[0])]^
- ROTL8((unsign32)fbsub[MR_TOBYTE(x[1]>>8)])^
- ROTL16((unsign32)fbsub[MR_TOBYTE(x[2]>>16)])^
- ROTL24((unsign32)fbsub[x[3]>>24]);
- y[1]=a->fkey[k+1]^(unsign32)fbsub[MR_TOBYTE(x[1])]^
- ROTL8((unsign32)fbsub[MR_TOBYTE(x[2]>>8)])^
- ROTL16((unsign32)fbsub[MR_TOBYTE(x[3]>>16)])^
- ROTL24((unsign32)fbsub[x[0]>>24]);
- y[2]=a->fkey[k+2]^(unsign32)fbsub[MR_TOBYTE(x[2])]^
- ROTL8((unsign32)fbsub[MR_TOBYTE(x[3]>>8)])^
- ROTL16((unsign32)fbsub[MR_TOBYTE(x[0]>>16)])^
- ROTL24((unsign32)fbsub[x[1]>>24]);
- y[3]=a->fkey[k+3]^(unsign32)fbsub[MR_TOBYTE(x[3])]^
- ROTL8((unsign32)fbsub[MR_TOBYTE(x[0]>>8)])^
- ROTL16((unsign32)fbsub[MR_TOBYTE(x[1]>>16)])^
- ROTL24((unsign32)fbsub[x[2]>>24]);
-
- for (i=j=0; i<NB; i++,j+=4)
- {
- unpack(y[i],(uchar *)&buff[j]);
- x[i]=y[i]=0; /* clean up stack */
- }
-}
-
-/* SU= 80 */
-/* Decrypt a single block */
-void amcl::AES_ecb_decrypt(amcl::aes *a,uchar *buff)
-{
- int i,j,k;
- unsign32 p[4],q[4],*x,*y,*t;
-
- for (i=j=0; i<NB; i++,j+=4)
- {
- p[i]=pack((uchar *)&buff[j]);
- p[i]^=a->rkey[i];
- }
-
- k=NB;
- x=p;
- y=q;
-
- /* State alternates between x and y */
- for (i=1; i<a->Nr; i++)
- {
- /* Nr is number of rounds. May be odd. */
-
- y[0]=a->rkey[k]^rtable[MR_TOBYTE(x[0])]^
- ROTL8(rtable[MR_TOBYTE(x[3]>>8)])^
- ROTL16(rtable[MR_TOBYTE(x[2]>>16)])^
- ROTL24(rtable[x[1]>>24]);
- y[1]=a->rkey[k+1]^rtable[MR_TOBYTE(x[1])]^
- ROTL8(rtable[MR_TOBYTE(x[0]>>8)])^
- ROTL16(rtable[MR_TOBYTE(x[3]>>16)])^
- ROTL24(rtable[x[2]>>24]);
- y[2]=a->rkey[k+2]^rtable[MR_TOBYTE(x[2])]^
- ROTL8(rtable[MR_TOBYTE(x[1]>>8)])^
- ROTL16(rtable[MR_TOBYTE(x[0]>>16)])^
- ROTL24(rtable[x[3]>>24]);
- y[3]=a->rkey[k+3]^rtable[MR_TOBYTE(x[3])]^
- ROTL8(rtable[MR_TOBYTE(x[2]>>8)])^
- ROTL16(rtable[MR_TOBYTE(x[1]>>16)])^
- ROTL24(rtable[x[0]>>24]);
-
- k+=4;
- t=x;
- x=y;
- y=t; /* swap pointers */
- }
-
-
- /* Last Round */
- y[0]=a->rkey[k]^(unsign32)rbsub[MR_TOBYTE(x[0])]^
- ROTL8((unsign32)rbsub[MR_TOBYTE(x[3]>>8)])^
- ROTL16((unsign32)rbsub[MR_TOBYTE(x[2]>>16)])^
- ROTL24((unsign32)rbsub[x[1]>>24]);
- y[1]=a->rkey[k+1]^(unsign32)rbsub[MR_TOBYTE(x[1])]^
- ROTL8((unsign32)rbsub[MR_TOBYTE(x[0]>>8)])^
- ROTL16((unsign32)rbsub[MR_TOBYTE(x[3]>>16)])^
- ROTL24((unsign32)rbsub[x[2]>>24]);
- y[2]=a->rkey[k+2]^(unsign32)rbsub[MR_TOBYTE(x[2])]^
- ROTL8((unsign32)rbsub[MR_TOBYTE(x[1]>>8)])^
- ROTL16((unsign32)rbsub[MR_TOBYTE(x[0]>>16)])^
- ROTL24((unsign32)rbsub[x[3]>>24]);
- y[3]=a->rkey[k+3]^(unsign32)rbsub[MR_TOBYTE(x[3])]^
- ROTL8((unsign32)rbsub[MR_TOBYTE(x[2]>>8)])^
- ROTL16((unsign32)rbsub[MR_TOBYTE(x[1]>>16)])^
- ROTL24((unsign32)rbsub[x[0]>>24]);
-
- for (i=j=0; i<NB; i++,j+=4)
- {
- unpack(y[i],(uchar *)&buff[j]);
- x[i]=y[i]=0; /* clean up stack */
- }
-
-}
-
-/* simple default increment function */
-static void increment(char *f)
-{
- int i;
- for (i=0; i<16; i++)
- {
- f[i]++;
- if (f[i]!=0) break;
- }
-}
-
-/* SU= 40 */
-/* Encrypt using selected mode of operation */
-unsign32 amcl::AES_encrypt(amcl::aes* a,char *buff)
-{
- int j,bytes;
- char st[16];
- unsign32 fell_off;
-
- /* Supported Modes of Operation */
-
- fell_off=0;
- switch (a->mode)
- {
- case ECB:
- AES_ecb_encrypt(a,(uchar *)buff);
- return 0;
- case CBC:
- for (j=0; j<4*NB; j++) buff[j]^=a->f[j];
- AES_ecb_encrypt(a,(uchar *)buff);
- for (j=0; j<4*NB; j++) a->f[j]=buff[j];
- return 0;
-
- case CFB1:
- case CFB2:
- case CFB4:
- bytes=a->mode-CFB1+1;
- for (j=0; j<bytes; j++) fell_off=(fell_off<<8)|a->f[j];
- for (j=0; j<4*NB; j++) st[j]=a->f[j];
- for (j=bytes; j<4*NB; j++) a->f[j-bytes]=a->f[j];
- AES_ecb_encrypt(a,(uchar *)st);
- for (j=0; j<bytes; j++)
- {
- buff[j]^=st[j];
- a->f[16-bytes+j]=buff[j];
- }
- return fell_off;
-
- case OFB1:
- case OFB2:
- case OFB4:
- case OFB8:
- case OFB16:
-
- bytes=a->mode-OFB1+1;
- AES_ecb_encrypt(a,(uchar *)(a->f));
- for (j=0; j<bytes; j++) buff[j]^=a->f[j];
- return 0;
-
- case CTR1:
- case CTR2:
- case CTR4:
- case CTR8:
- case CTR16:
-
- bytes=a->mode-CTR1+1;
- for (j=0; j<4*NB; j++) st[j]=a->f[j];
- AES_ecb_encrypt(a,(uchar *)st);
- for (j=0; j<bytes; j++) buff[j]^=st[j];
- increment(a->f);
- return 0;
-
- default:
- return 0;
- }
-}
-
-/* SU= 40 */
-/* Decrypt using selected mode of operation */
-unsign32 amcl::AES_decrypt(amcl::aes *a,char *buff)
-{
- int j,bytes;
- char st[16];
- unsign32 fell_off;
-
- /* Supported modes of operation */
- fell_off=0;
- switch (a->mode)
- {
- case ECB:
- AES_ecb_decrypt(a,(uchar *)buff);
- return 0;
- case CBC:
- for (j=0; j<4*NB; j++)
- {
- st[j]=a->f[j];
- a->f[j]=buff[j];
- }
- AES_ecb_decrypt(a,(uchar *)buff);
- for (j=0; j<4*NB; j++)
- {
- buff[j]^=st[j];
- st[j]=0;
- }
- return 0;
- case CFB1:
- case CFB2:
- case CFB4:
- bytes=a->mode-CFB1+1;
- for (j=0; j<bytes; j++) fell_off=(fell_off<<8)|a->f[j];
- for (j=0; j<4*NB; j++) st[j]=a->f[j];
- for (j=bytes; j<4*NB; j++) a->f[j-bytes]=a->f[j];
- AES_ecb_encrypt(a,(uchar *)st);
- for (j=0; j<bytes; j++)
- {
- a->f[16-bytes+j]=buff[j];
- buff[j]^=st[j];
- }
- return fell_off;
- case OFB1:
- case OFB2:
- case OFB4:
- case OFB8:
- case OFB16:
- bytes=a->mode-OFB1+1;
- AES_ecb_encrypt(a,(uchar *)(a->f));
- for (j=0; j<bytes; j++) buff[j]^=a->f[j];
- return 0;
-
- case CTR1:
- case CTR2:
- case CTR4:
- case CTR8:
- case CTR16:
-
- bytes=a->mode-CTR1+1;
- for (j=0; j<4*NB; j++) st[j]=a->f[j];
- AES_ecb_encrypt(a,(uchar *)st);
- for (j=0; j<bytes; j++) buff[j]^=st[j];
- increment(a->f);
- return 0;
-
- default:
- return 0;
- }
-}
-
-/* Clean up and delete left-overs */
-void amcl::AES_end(amcl::aes *a)
-{
- /* clean up */
- int i;
- for (i=0; i<NB*(a->Nr+1); i++)
- a->fkey[i]=a->rkey[i]=0;
- for (i=0; i<4*NB; i++)
- a->f[i]=0;
-}
-
-
-/*
-#include <stdio.h>
-
-#define KK 32
-
-int main()
-{
- int i;
- aes a;
- unsign32 t;
- uchar x,y;
-
- char key[KK];
- char block[16];
- char iv[16];
- for (i=0;i<KK;i++) key[i]=5;
- key[0]=1;
- for (i=0;i<16;i++) iv[i]=i;
- for (i=0;i<16;i++) block[i]=i;
-
- AES_init(&a,CTR16,KK,key,iv);
-
- printf("Plain= ");
- for (i=0;i<16;i++) printf("%02x",block[i]);
- printf("\n");
- AES_encrypt(&a,block);
- printf("Encrypt= ");
- for (i=0;i<16;i++) printf("%02x",(uchar)block[i]);
- printf("\n");
- AES_reset(&a,CTR16,iv);
- AES_decrypt(&a,block);
- printf("Decrypt= ");
- for (i=0;i<16;i++) printf("%02x",(uchar)block[i]);
- printf("\n");
-
- AES_end(&a);
-
- return 0;
-}
-
-*/
-
[38/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/go/ROM64.go
----------------------------------------------------------------------
diff --git a/version22/go/ROM64.go b/version22/go/ROM64.go
deleted file mode 100644
index 438c99f..0000000
--- a/version22/go/ROM64.go
+++ /dev/null
@@ -1,826 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Fixed Data in ROM - Field and Curve parameters */
-
-package main
-
-type Chunk int64
-
-
-/* First the 32/64-bit dependent BIG code */
-/* Note that because of the lack of a 128-bit integer, 32 and 64-bit code needs to be done differently */
-
-func pexceed(a *BIG,b *BIG) bool {
- ea:=EXCESS(a)
- eb:=EXCESS(b)
- if (ea+1)>FEXCESS/(eb+1) {return true}
- return false
-}
-
-func sexceed(a *BIG) bool {
- ea:=EXCESS(a)
- if (ea+1)>FEXCESS/(ea+1) {return true}
- return false
-}
-
-func ff_pexceed(a *BIG,b *BIG) bool {
- ea:=FF_EXCESS(a)
- eb:=FF_EXCESS(b)
- if (ea+1)>P_FEXCESS/(eb+1) {return true}
- return false
-}
-
-func ff_sexceed(a *BIG) bool {
- ea:=FF_EXCESS(a)
- if (ea+1)>P_FEXCESS/(ea+1) {return true}
- return false
-}
-
-/* return a*b as DBIG */
-func mul(a *BIG,b *BIG) *DBIG {
- c:=NewDBIG()
- carry:= Chunk(0)
-// a.norm()
-// b.norm()
-
- for i:=0;i<NLEN;i++ {
- carry=0
- for j:=0;j<NLEN;j++ {
- carry,c.w[i+j]=muladd(a.w[i],b.w[j],carry,c.w[i+j])
- //carry=c.muladd(a.w[i],b.w[j],carry,i+j)
- }
- c.w[NLEN+i]=carry
- }
-
- return c
-}
-
-/* return a^2 as DBIG */
-func sqr(a *BIG) *DBIG {
- c:=NewDBIG()
- carry:= Chunk(0)
-// a.norm()
- for i:=0;i<NLEN;i++ {
- carry=0;
- for j:=i+1;j<NLEN;j++ {
- carry,c.w[i+j]=muladd(2*a.w[i],a.w[j],carry,c.w[i+j])
- //carry=c.muladd(2*a.w[i],a.w[j],carry,i+j)
- }
- c.w[NLEN+i]=carry
- }
-
- for i:=0;i<NLEN;i++ {
- top,bot:=muladd(a.w[i],a.w[i],0,c.w[2*i])
- c.w[2*i]=bot
- c.w[2*i+1]+=top
- //c.w[2*i+1]+=c.muladd(a.w[i],a.w[i],0,2*i)
-
- }
- c.norm()
- return c
-}
-
-func monty(md* BIG, mc Chunk,d* DBIG) *BIG {
- carry:=Chunk(0)
- m:=Chunk(0)
- for i:=0;i<NLEN;i++ {
- if (mc==-1) {
- m=(-d.w[i])&BMASK
- } else {
- if (mc==1) {
- m=d.w[i]
- } else {m=(mc*d.w[i])&BMASK}
- }
-
- carry=0
- for j:=0;j<NLEN;j++ {
- carry,d.w[i+j]=muladd(m,md.w[j],carry,d.w[i+j])
- //carry=d.muladd(m,md.w[j],carry,i+j)
- }
- d.w[NLEN+i]+=carry
- }
-
- b:=NewBIG()
- for i:=0;i<NLEN;i++ {
- b.w[i]=d.w[NLEN+i]
- }
- b.norm()
- return b
-}
-
-/* set this[i]+=x*y+c, and return high part */
-func muladd(a Chunk,b Chunk,c Chunk,r Chunk) (Chunk,Chunk) {
- x0:=a&HMASK
- x1:=(a>>HBITS)
- y0:=b&HMASK;
- y1:=(b>>HBITS)
- bot:=x0*y0
- top:=x1*y1
- mid:=x0*y1+x1*y0
- x0=mid&HMASK;
- x1=(mid>>HBITS)
- bot+=x0<<HBITS; bot+=c; bot+=r
- top+=x1;
- carry:=bot>>BASEBITS
- bot&=BMASK
- top+=carry
- return top,bot
-}
-
-
-/********************************************/
-
-/* Set Curve */
-/* Don't Modify from here... */
-
-const CHUNK int=64 /* Set word size */
-
-const NOT_SPECIAL int=0
-const PSEUDO_MERSENNE int=1
-const MONTGOMERY_FRIENDLY int=2
-const GENERALISED_MERSENNE int=3
-const WEIERSTRASS int=0
-const EDWARDS int=1
-const MONTGOMERY int=2
-const BN_CURVE int=0
-const BLS_CURVE int=1
-
-/* ...to here */
-
-
-/*** Enter Some Field details here ***/
-// Curve 25519
-// const MODBITS uint=255
-// const MOD8 uint=5
-// const BASEBITS uint=56
-// const AES_S uint= 0
-
-// NIST256 or Brainpool
-// const MODBITS uint=256
-// const MOD8 uint=7
-// const BASEBITS uint=56
-// const AES_S uint= 0
-
-// MF254
-// const MODBITS uint=254
-// const MOD8 uint=7
-// const BASEBITS uint=56
-// const AES_S uint= 0
-
-// MS255
-// const MODBITS uint= 255
-// const MOD8 uint= 3
-// const BASEBITS uint=56
-// const AES_S uint= 0
-
-// MF256
-// const MODBITS uint=256
-// const MOD8 uint=7
-// const BASEBITS uint=56
-// const AES_S uint= 0
-
-// MS256
-// const MODBITS uint= 256
-// const MOD8 uint= 3
-// const BASEBITS uint=56
-// const AES_S uint= 0
-
-// ANSSI
-// const MODBITS uint= 256
-// const MOD8 uint= 3
-// const BASEBITS uint=56
-// const AES_S uint= 0
-
-// BN254 Curve
-//const MODBITS uint=254 /* Number of bits in Modulus */
-//const MOD8 uint=3 /* Modulus mod 8 */
-//const BASEBITS uint=56
-//const AES_S uint= 0
-
-// BN454 Curve
-//const MODBITS uint=454 /* Number of bits in Modulus */
-//const MOD8 uint=3 /* Modulus mod 8 */
-//const BASEBITS uint=60
-//const AES_S uint= 128
-
-// BLS383 Curve
-const MODBITS uint=383 /* Number of bits in Modulus */
-const MOD8 uint=3 /* Modulus mod 8 */
-const BASEBITS uint=56
-const AES_S uint= 0
-
-// BLS455 Curve
-//const MODBITS uint=455 /* Number of bits in Modulus */
-//const MOD8 uint=3 /* Modulus mod 8 */
-//const BASEBITS uint=60
-//const AES_S uint= 128
-
-// HIFIVE Curve
-// const MODBITS uint=336
-// const MOD8 uint=5
-// const BASEBITS uint=60
-// const AES_S uint= 128
-
-// GOLDILOCKS
-// const MODBITS uint=448
-// const MOD8 uint=7
-// const BASEBITS uint=60
-// const AES_S uint= 0
-
-// NIST384
-// const MODBITS uint=384
-// const MOD8 uint=7
-// const BASEBITS uint=60
-// const AES_S uint= 0
-
-// C41417
-// const MODBITS uint=414
-// const MOD8 uint=7
-// const BASEBITS uint=60
-// const AES_S uint= 0
-
-// NIST521
-// const MODBITS uint=521
-// const MOD8 uint=7
-// const BASEBITS uint=60
-// const AES_S uint= 0
-
-// BN646 Curve
-// const MODBITS uint=646
-// const MOD8 uint=3
-// const BASEBITS uint=60
-// const AES_S uint= 192
-
-/* RSA/DH modulus length as multiple of BIGBITS */
-const FFLEN int=4
-
-/* Don't Modify from here... */
-const NLEN int=int((1+((MODBITS-1)/BASEBITS)))
-const DNLEN int=2*NLEN
-const BMASK Chunk= ((Chunk(1)<<BASEBITS)-1)
-const MODBYTES uint=(1+(MODBITS-1)/8)
-const HBITS uint=(BASEBITS/2)
-const HMASK Chunk= ((Chunk(1)<<HBITS)-1)
-const NEXCESS int=(1<<(uint(CHUNK)-BASEBITS-1));
-const FEXCESS Chunk=(Chunk(1)<<(BASEBITS*uint(NLEN)-MODBITS))
-const OMASK Chunk= ((Chunk(-1))<<(MODBITS%BASEBITS))
-const TBITS uint=MODBITS%BASEBITS // Number of active bits in top word
-const TMASK Chunk=(Chunk(1)<<TBITS)-1
-const BIGBITS int=int(MODBYTES*8)
-
-/* Finite field support - for RSA, DH etc. */
-const FF_BITS int=(BIGBITS*FFLEN) /* Finite Field Size in bits - must be 256.2^n */
-const HFLEN int=(FFLEN/2) /* Useful for half-size RSA private key operations */
-
-const P_MBITS uint=MODBYTES*8
-const P_MB uint=(P_MBITS%BASEBITS)
-const P_OMASK Chunk=(Chunk(-1)<<(P_MBITS%BASEBITS))
-const P_FEXCESS Chunk=(Chunk(1)<<(BASEBITS*uint(NLEN)-P_MBITS))
-const P_TBITS uint=(P_MBITS%BASEBITS)
-
-/* ...to here */
-
-
-// START SPECIFY FIELD DETAILS HERE
-//*********************************************************************************
-// Curve25519 Modulus
-// const MODTYPE int=PSEUDO_MERSENNE
-// var Modulus = [...]Chunk {0xFFFFFFFFFFFFED,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0x7FFFFFFF}
-// const MConst Chunk=0x13
-
-// NIST-256 Curve
-// const MODTYPE int=NOT_SPECIAL
-// var Modulus = [...]Chunk {0xFFFFFFFFFFFFFF,0xFFFFFFFFFF,0x0,0x1000000,0xFFFFFFFF}
-// const MConst Chunk=0x1
-
-// MF254 Modulus
-// const MODTYPE int=MONTGOMERY_FRIENDLY
-// var Modulus= [...]Chunk {0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0x3F80FFFF}
-// const MConst Chunk=0x3F810000
-
-// MS255 Modulus
-// const MODTYPE int= 1
-// var Modulus= [...]Chunk {0xFFFFFFFFFFFD03,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0x7FFFFFFF}
-// const MConst Chunk=0x2FD
-
-// MF256 Modulus
-// const MODTYPE int= 2
-// var Modulus= [...]Chunk {0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFA7FFFF}
-// const MConst Chunk=0xFFA80000
-
-// MS256 Modulus
-// const MODTYPE int= 1
-// var Modulus= [...]Chunk {0xFFFFFFFFFFFF43,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFF}
-// const MConst Chunk=0xBD
-
-// Brainpool
-// const MODTYPE int= NOT_SPECIAL
-// var Modulus= [...]Chunk {0x13481D1F6E5377,0xF623D526202820,0x909D838D726E3B,0xA1EEA9BC3E660A,0xA9FB57DB}
-// const MConst Chunk =0xA75590CEFD89B9
-
-// ANSSI
-//const MODTYPE int= 0
-// var Modulus= [...]Chunk{0xFCF353D86E9C03,0xADBCABC8CA6DE8,0xE8CE42435B3961,0xB3AD58F10126D,0xF1FD178C}
-// const MConst Chunk=0x97483A164E1155
-
-// BNCX Curve Modulus
-//const MODTYPE int=NOT_SPECIAL
-//var Modulus= [...]Chunk {0x6623EF5C1B55B3,0xD6EE18093EE1BE,0x647A6366D3243F,0x8702A0DB0BDDF,0x24000000}
-//const MConst Chunk=0x4E205BF9789E85
-
-// HIFIVE Curve
-// const MODTYPE int=PSEUDO_MERSENNE
-// var Modulus= [...]Chunk {0xFFFFFFFFFFFFFFD,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFF}
-// const MConst Chunk=0x3
-
-//GOLDILOCKS
-// const MODTYPE int=GENERALISED_MERSENNE
-// var Modulus= [...]Chunk {0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFEFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFF}
-// const MConst Chunk=0x1
-
-// NIST384 Curve Modulus
-// const MODTYPE int=NOT_SPECIAL
-// var Modulus= [...]Chunk {0xFFFFFFFF,0xFFFFFF000000000,0xFFFFFFFFFFFFEFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFF}
-// const MConst Chunk=0x100000001
-
-// C41417 Curve Modulus
-// const MODTYPE int=PSEUDO_MERSENNE
-// var Modulus= [...]Chunk {0xFFFFFFFFFFFFFEF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0x3FFFFFFFFFFFFF}
-// const MConst Chunk=0x11
-
-// NIST521
-// const MODTYPE int=PSEUDO_MERSENNE
-// var Modulus= [...]Chunk {0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0x1FFFFFFFFFF}
-// const MConst Chunk=0x1
-
-// BN646
-// const MODTYPE int=NOT_SPECIAL
-// var Modulus= [...]Chunk {0x2406C08404E013,0x240510420138000,0xE01920840000000,0x601B00000901441,0x400000006C0A206,0xD814423414402,0x6C051024000000,0xD8000000000000,0x9006C,0x240000,0x240000000000}
-// const MConst Chunk=0xCE50F5CF5F615E5
-
-
-// BN254 Curve
-// const MODTYPE int=NOT_SPECIAL
-// var Modulus= [...]Chunk {0x13,0x13A7,0x80000000086121,0x40000001BA344D,0x25236482}
-// const MConst Chunk=0x435E50D79435E5
-
-// BN454 Curve
-// const MODTYPE int=NOT_SPECIAL
-// var Modulus= [...]Chunk {0x4E00000013,0x4E006C4E0000840,0x800014508002508,0x888401D5080091C,0x21C00021D4400DA,0x25B06C01B144009,0xD80000909000,0x240000900}
-// const MConst Chunk=0xF33C46ED79435E5
-
-// BLS383 Curve
- const MODTYPE int=NOT_SPECIAL
- var Modulus= [...]Chunk {0xACAAB52AAD556B,0x1BB01475F75D7A,0xCF73083D5D7520,0x531820F99EB16,0x2C01355A68EA32,0x5C6105C552A785,0x7AC52080A9F7}
- const MConst Chunk=0xA59AB3B123D0BD
-
-// BLS455 Curve
-// const MODTYPE int=NOT_SPECIAL
-// var Modulus= [...]Chunk {0xAA00001800002AB,0xC589556B2AA956A,0xB9994ACE86D1BA6,0x3954FCB314B8B3D,0xE3A5B1D56234BD9,0x95B49203003F665,0x57955572AA00E0F,0x555559555}
-// const MConst Chunk=0xB3EF8137F4017FD
-
-
-// BNT Curve
-// const MODTYPE int=NOT_SPECIAL
-// var Modulus= [...]Chunk {0x9DBBFEEEB4A713,0x555614F464BABE,0x3696F8D5F06E8A,0x6517014EFA0BAB,0x240120DB}
-// const MConst Chunk=0xC5A872D914C4E5
-
-// BNT2 Curve
-// const MODTYPE int=NOT_SPECIAL
-// var Modulus= [...]Chunk {0xB2DC2BB460A48B,0x93E428F0D651E8,0xF3B89D00081CF,0x410F5AADB74E20,0x24000482}
-// const MConst Chunk=0xFE6A47A6505CDD
-
-// START SPECIFY CURVE DETAILS HERE
-//*********************************************************************************
-
-// Ed25519 Curve
-// const CURVETYPE int=EDWARDS
-// const CURVE_A int = -1
-// var CURVE_B = [...]Chunk {0xEB4DCA135978A3,0xA4D4141D8AB75,0x797779E8980070,0x2B6FFE738CC740,0x52036CEE}
-// var CURVE_Order = [...]Chunk {0x12631A5CF5D3ED,0xF9DEA2F79CD658,0x14DE,0x0,0x10000000}
-// var CURVE_Gx = [...]Chunk {0x562D608F25D51A,0xC7609525A7B2C9,0x31FDD6DC5C692C,0xCD6E53FEC0A4E2,0x216936D3}
-// var CURVE_Gy = [...]Chunk {0x66666666666658,0x66666666666666,0x66666666666666,0x66666666666666,0x66666666}
-
-// NIST-256 Curve
-// const CURVETYPE int=WEIERSTRASS
-// const CURVE_A int = -3
-// var CURVE_B = [...]Chunk {0xCE3C3E27D2604B,0x6B0CC53B0F63B,0x55769886BC651D,0xAA3A93E7B3EBBD,0x5AC635D8}
-// var CURVE_Order = [...]Chunk {0xB9CAC2FC632551,0xFAADA7179E84F3,0xFFFFFFFFFFBCE6,0xFFFFFF,0xFFFFFFFF}
-// var CURVE_Gx =[...]Chunk {0xA13945D898C296,0x7D812DEB33A0F4,0xE563A440F27703,0xE12C4247F8BCE6,0x6B17D1F2}
-// var CURVE_Gy =[...]Chunk {0xB6406837BF51F5,0x33576B315ECECB,0x4A7C0F9E162BCE,0xFE1A7F9B8EE7EB,0x4FE342E2}
-
-// MF254 Modulus, Weierstrass Curve w-254-mont
-// const CURVETYPE int= WEIERSTRASS
-// const CURVE_A int = -3
-// var CURVE_B = [...]Chunk {0xFFFFFFFFFFD08D,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0x3F80FFFF}
-// var CURVE_Order=[...]Chunk {0xA419C4AF8DF83F,0x8BEA0DA375C06F,0xFFFFFFFFFFEB81,0xFFFFFFFFFFFFFF,0x3F80FFFF}
-// var CURVE_Gx =[...]Chunk {0x2,0x0,0x0,0x0,0x0}
-// var CURVE_Gy =[...]Chunk {0x65DF37F90D4EBC,0x38E3F8511931AD,0x75BD778AEBDFB7,0x3B2E56014AE15A,0x140E3FD3}
-
-// MF254 Modulus, Edwards Curve ed-254-mont
-// const CURVETYPE int= EDWARDS
-// const CURVE_A int= -1
-// var CURVE_B = [...]Chunk {0x367B,0x0,0x0,0x0,0x0}
-// var CURVE_Order=[...]Chunk {0xF3D3FEC46E98C7,0x306C8BD62FB0EA,0xFFFFFFFFFFEB95,0xFFFFFFFFFFFFFF,0xFE03FFF}
-// var CURVE_Gx =[...]Chunk {0x1,0x0,0x0,0x0,0x0}
-// var CURVE_Gy =[...]Chunk {0x52D0FDAF2701E5,0x9A840E3212187C,0xD502363F4E3632,0xD6A4C335951D00,0x19F0E690}
-
-// MF254 Modulus, Montgomery Curve
-// const CURVETYPE int=MONTGOMERY
-// const CURVE_A int= -55790
-// var CURVE_B = [...]Chunk {0x0,0x0,0x0,0x0,0x0} // not used
-// var CURVE_Order=[...]Chunk {0xF3D3FEC46E98C7,0x306C8BD62FB0EA,0xFFFFFFFFFFEB95,0xFFFFFFFFFFFFFF,0xFE03FFF}
-// var CURVE_Gx =[...]Chunk {0x3,0x0,0x0,0x0,0x0}
-// var CURVE_Gy =[...]Chunk {0x0,0x0,0x0,0x0,0x0} // not used
-
-// MS255 Modulus, Weierstrass Curve
-// const CURVETYPE int= WEIERSTRASS
-// const CURVE_A int= -3
-// var CURVE_B = [...]Chunk {0xFFFFFFFFFFAB46,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0x7FFFFFFF}
-// var CURVE_Order=[...]Chunk {0x8FAC983C594AEB,0x38283AD2B3DFAB,0xFFFFFFFFFF864A,0xFFFFFFFFFFFFFF,0x7FFFFFFF}
-// var CURVE_Gx =[...]Chunk {0x1,0x0,0x0,0x0,0x0};
-// var CURVE_Gy =[...]Chunk {0x33FF6769CB44BA,0xC78CDDFDA60D17,0xF9B2FF7D177DB6,0xEDBA7833921EBF,0x6F7A6AC0}
-
-// MS255 Modulus, Edwards Curve
-// const CURVETYPE int= EDWARDS
-// const CURVE_A int= -1
-// var CURVE_B = [...]Chunk{0xEA97,0x0,0x0,0x0,0x0}
-// var CURVE_Order=[...]Chunk{0x49D1ED0436EB75,0xA785EDA6832EAC,0xFFFFFFFFFFDCF1,0xFFFFFFFFFFFFFF,0x1FFFFFFF}
-// var CURVE_Gx =[...]Chunk{0x4,0x0,0x0,0x0,0x0}
-// var CURVE_Gy =[...]Chunk{0x2A255BD08736A0,0x4B8AED445A45BA,0xDD8E0C47E55291,0x4A7BB545EC254C,0x26CB7853}
-
-// MS255 Modulus, Montgomery Curve
-// const CURVETYPE int=MONTGOMERY
-// const CURVE_A int=-240222
-// var CURVE_B = [...]Chunk {0x0,0x0,0x0,0x0,0x0}
-// var CURVE_Order=[...]Chunk {0x49D1ED0436EB75,0xA785EDA6832EAC,0xFFFFFFFFFFDCF1,0xFFFFFFFFFFFFFF,0x1FFFFFFF}
-// var CURVE_Gx =[...]Chunk {0x4,0x0,0x0,0x0,0x0}
-// var CURVE_Gy =[...]Chunk {0x0,0x0,0x0,0x0,0x0};
-
-// MF256 Modulus, Weierstrass Curve
-// const CURVETYPE int= WEIERSTRASS
-// const CURVE_A int= -3
-// var CURVE_B = [...]Chunk {0x14E6A,0x0,0x0,0x0,0x0}
-// var CURVE_Order=[...]Chunk {0x10C5E1A79857EB,0x7513E6E5074B9D,0xFFFFFFFFFFFC51,0xFFFFFFFFFFFFFF,0xFFA7FFFF}
-// var CURVE_Gx =[...]Chunk {0x1,0x0,0x0,0x0,0x0}
-// var CURVE_Gy =[...]Chunk {0x7954C2B724D2A,0x47EB8D94DC6610,0x26123DAE289569,0xBE1808CE7BABBA,0x20887C87}
-
-// MF256, Edwards Curve
-// const CURVETYPE int= EDWARDS
-// const CURVE_A int= -1
-// var CURVE_B = [...]Chunk {0x350A,0x0,0x0,0x0,0x0}
-// var CURVE_Order=[...]Chunk {0xD92EDED8EC7BAB,0xBBAFB86733C966,0xFFFFFFFFFFB154,0xFFFFFFFFFFFFFF,0x3FE9FFFF}
-// var CURVE_Gx =[...]Chunk {0x1,0x0,0x0,0x0,0x0}
-// var CURVE_Gy =[...]Chunk {0xEAA722F2F3C908,0x5E648DFEA68D7D,0xF3DB2C1AACA0C0,0xF8CC4D5AEAEBEE,0xDAD8D4F8}
-
-// MF256 Modulus, Montgomery Curve
-// const CURVETYPE int=MONTGOMERY
-// const CURVE_A int= -54314
-// var CURVE_B = [...]Chunk {0x0,0x0,0x0,0x0,0x0} // not used
-// var CURVE_Order=[...]Chunk {0xD92EDED8EC7BAB,0xBBAFB86733C966,0xFFFFFFFFFFB154,0xFFFFFFFFFFFFFF,0x3FE9FFFF}
-// var CURVE_Gx =[...]Chunk {0x8,0x0,0x0,0x0,0x0}
-// var CURVE_Gy =[...]Chunk {0x0,0x0,0x0,0x0,0x0} // not used
-
-// MS256, Weierstrass Curve
-// const CURVETYPE int= WEIERSTRASS
-// const CURVE_A int= -3
-// var CURVE_B = [...]Chunk {0x25581,0x0,0x0,0x0,0x0}
-// var CURVE_Order=[...]Chunk {0xAB20294751A825,0x8275EA265C6020,0xFFFFFFFFFFE43C,0xFFFFFFFFFFFFFF,0xFFFFFFFF}
-// var CURVE_Gx =[...]Chunk {0x1,0x0,0x0,0x0,0x0}
-// var CURVE_Gy =[...]Chunk {0xF46306C2B56C77,0x2F9375894EC10B,0x6CCEEEDD6BD02C,0xC1E466D7FC82C9,0x696F1853}
-
-// MS256, Edwards Curve
-// const CURVETYPE int= EDWARDS
-// const CURVE_A int= -1
-// var CURVE_B = [...]Chunk {0x3BEE,0x0,0x0,0x0,0x0}
-// var CURVE_Order=[...]Chunk {0xB84E6F1122B4AD,0xA55AD0A6BC64E5,0xFFFFFFFFFFBE6A,0xFFFFFFFFFFFFFF,0x3FFFFFFF}
-// var CURVE_Gx =[...]Chunk {0xD,0x0,0x0,0x0,0x0}
-// var CURVE_Gy =[...]Chunk {0x7F6FB5331CADBA,0x6D63824D303F70,0xB39FA046BFBE2A,0x2A1276DBA3D330,0x7D0AB41E}
-
-// MS256 Modulus, Montgomery Curve
-// const CURVETYPE int=MONTGOMERY
-// const CURVE_A int=-61370
-// var CURVE_B = [...]Chunk {0x0,0x0,0x0,0x0,0x0} // not used
-// var CURVE_Order= [...]Chunk {0xB84E6F1122B4AD,0xA55AD0A6BC64E5,0xFFFFFFFFFFBE6A,0xFFFFFFFFFFFFFF,0x3FFFFFFF}
-// var CURVE_Gx = [...]Chunk {0xb,0x0,0x0,0x0,0x0}
-// var CURVE_Gy = [...]Chunk {0x0,0x0,0x0,0x0,0x0} // not used
-
-// Brainpool
-// const CURVETYPE int= WEIERSTRASS
-// const CURVE_A int= -3
-// var CURVE_B = [...]Chunk {0xE58101FEE92B04,0xEBC4AF2F49256A,0x733D0B76B7BF93,0x30D84EA4FE66A7,0x662C61C4}
-// var CURVE_Order= [...]Chunk {0x1E0E82974856A7,0x7AA3B561A6F790,0x909D838D718C39,0xA1EEA9BC3E660A,0xA9FB57DB}
-// var CURVE_Gx = [...]Chunk {0xA191562E1305F4,0x42C47AAFBC2B79,0xB23A656149AFA1,0xC1CFE7B7732213,0xA3E8EB3C}
-// var CURVE_Gy = [...]Chunk {0xABE8F35B25C9BE,0xB6DE39D027001D,0xE14644417E69BC,0x3439C56D7F7B22,0x2D996C82}
-
-// ANSSI
-// const CURVETYPE int= WEIERSTRASS
-// const CURVE_A int= -3
-// var CURVE_B = [...]Chunk {0x75ED967B7BB73F,0xC9AE4B1A18030,0x754A44C00FDFEC,0x5428A9300D4ABA,0xEE353FCA}
-// var CURVE_Order=[...]Chunk {0xFDD459C6D655E1,0x67E140D2BF941F,0xE8CE42435B53DC,0xB3AD58F10126D,0xF1FD178C}
-// var CURVE_Gx =[...]Chunk {0xC97A2DD98F5CFF,0xD2DCAF98B70164,0x4749D423958C27,0x56C139EB31183D,0xB6B3D4C3}
-// var CURVE_Gy =[...]Chunk {0x115A1554062CFB,0xC307E8E4C9E183,0xF0F3ECEF8C2701,0xC8B204911F9271,0x6142E0F7}
-
-// HIFIVE
-// const CURVETYPE int= EDWARDS
-// const CURVE_A int= 1
-// var CURVE_B = [...]Chunk {0x2B67,0x0,0x0,0x0,0x0,0x0}
-// var CURVE_Order=[...]Chunk {0xB2F95973E9FA805,0xC0BD6B87F93BAA7,0x71415FA9850,0x0,0x0,0x200000000}
-// var CURVE_Gx =[...]Chunk {0xC,0x0,0x0,0x0,0x0,0x0}
-// var CURVE_Gy =[...]Chunk {0x2BEC68505FE8632,0x5D5650CA0365DB1,0x3811C7EF435B6DB,0x7853D1B14B46C,0x56502E18E1C161D,0xC0DC616B}
-
-// GOLDILOCKS
-// const CURVETYPE int= EDWARDS
-// const CURVE_A int= 1
-// var CURVE_B = [...]Chunk {0xFFFFFFFFFFF6756,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFEFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFF}
-// var CURVE_Order=[...]Chunk {0x378C292AB5844F3,0x6CC2728DC58F552,0xEDB49AED6369021,0xFFFF7CCA23E9C44,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0x3FFFFFF}
-// var CURVE_Gx =[...]Chunk {0x555555555555555,0x555555555555555,0x555555555555555,0xAAA955555555555,0xAAAAAAAAAAAAAAA,0xAAAAAAAAAAAAAAA,0xAAAAAAAAAAAAAAA,0xAAAAAAA}
-// var CURVE_Gy =[...]Chunk {0xAEAFBCDEA9386ED,0xBCB2BED1CDA06BD,0x565833A2A3098BB,0x6D728AD8C4B80D6,0x7A035884DD7B7E3,0x205086C2B0036ED,0x34AD7048DB359D6,0xAE05E96}
-
-// NIST384
-// const CURVETYPE int= WEIERSTRASS
-// const CURVE_A int= -3
-// var CURVE_B = [...]Chunk {0xA85C8EDD3EC2AEF,0x56398D8A2ED19D2,0x4088F5013875AC6,0x9C6EFE814112031,0x56BE3F82D19181D,0xA7E23EE7E4988E0,0xB3312F}
-// var CURVE_Order=[...]Chunk {0xCEC196ACCC52973,0x1A0DB248B0A77AE,0x34D81F4372DDF58,0xFFFFFFFFFFFFC76,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFF}
-// var CURVE_Gx =[...]Chunk {0xA545E3872760AB7,0x2F25DBF55296C3,0x741E082542A3855,0x3B628BA79B9859F,0x71EF320AD746E1D,0x22BE8B05378EB1C,0xAA87CA}
-// var CURVE_Gy =[...]Chunk {0xA431D7C90EA0E5F,0x60B1CE1D7E819D7,0xA3113B5F0B8C00A,0x1DBD289A147CE9D,0x8BF9292DC29F8F4,0x4A96262C6F5D9E9,0x3617DE}
-
-// C41417
-// const CURVETYPE int= EDWARDS
-// const CURVE_A int= 1
-// var CURVE_B = [...]Chunk {0xE21,0x0,0x0,0x0,0x0,0x0,0x0}
-// var CURVE_Order=[...]Chunk {0xB0E71A5E106AF79,0x1C0338AD63CF181,0x414CF706022B36F,0xFFFFFFFFEB3CC92,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0x7FFFFFFFFFFFF}
-// var CURVE_Gx =[...]Chunk {0x4FD3812F3CBC595,0x1A73FAA8537C64C,0x4AB4D6D6BA11130,0x3EC7F57FF35498A,0xE5FCD46369F44C0,0x300218C0631C326,0x1A334905141443}
-// var CURVE_Gy =[...]Chunk {0x22,0x0,0x0,0x0,0x0,0x0,0x0}
-
-// NIST521
-// const CURVETYPE int= WEIERSTRASS
-// const CURVE_A int= -3
-// var CURVE_B = [...]Chunk {0xF451FD46B503F00,0x73DF883D2C34F1E,0x2C0BD3BB1BF0735,0x3951EC7E937B165,0x9918EF109E15619,0x5B99B315F3B8B48,0xB68540EEA2DA72,0x8E1C9A1F929A21A,0x51953EB961}
-// var CURVE_Order=[...]Chunk {0xB6FB71E91386409,0xB5C9B8899C47AEB,0xC0148F709A5D03B,0x8783BF2F966B7FC,0xFFFFFFFFFFA5186,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0x1FFFFFFFFFF}
-// var CURVE_Gx =[...]Chunk {0x97E7E31C2E5BD66,0x48B3C1856A429BF,0xDC127A2FFA8DE33,0x5E77EFE75928FE1,0xF606B4D3DBAA14B,0x39053FB521F828A,0x62395B4429C6481,0x404E9CD9E3ECB6,0xC6858E06B7}
-// var CURVE_Gy =[...]Chunk {0x8BE94769FD16650,0x3C7086A272C2408,0xB9013FAD076135,0x72995EF42640C55,0xD17273E662C97EE,0x49579B446817AFB,0x42C7D1BD998F544,0x9A3BC0045C8A5FB,0x11839296A78}
-
-
-// BN646 Curve
-/*
-const CURVETYPE int=WEIERSTRASS
-const CURVE_PAIRING_TYPE int=BN_CURVE
-const CURVE_A int= 0
-
-var CURVE_Order=[...]Chunk {0x2406C07E04200D,0x2405103F0108000,0xD418607E0000000,0x301B00000901441,0x400000006C0A206,0xD814422E14402,0x6C051024000000,0xD8000000000000,0x9006C,0x240000,0x240000000000}
-var CURVE_B = [...]Chunk {0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}
-var CURVE_Cof = [...]Chunk {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}
-var CURVE_Gx =[...]Chunk {0x2406C08404E012,0x240510420138000,0xE01920840000000,0x601B00000901441,0x400000006C0A206,0xD814423414402,0x6C051024000000,0xD8000000000000,0x9006C,0x240000,0x240000000000}
-var CURVE_Gy =[...]Chunk {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}
-
-var CURVE_Bnx=[...]Chunk {0x1001,0x4000,0x10000000000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}
-var CURVE_Cru=[...]Chunk {0x1202401B007,0xD812006C000,0x480510240000000,0x200480000000360,0x1B01,0x3602403600,0xD800000000,0x0,0x12,0x0,0x0}
-var CURVE_Fra=[...]Chunk {0x76EAD944929A14,0xB7E0A0BE10CDF74,0x4FB8A8A2B93166B,0xECDFC4B0F037D9,0xC27307962815598,0xCF5EF558D2135D8,0x8CE651FD85AF9C3,0x80AF6D02A45219F,0x69B8147979A41A4,0x9577C152A374C5B,0x9FF28B3A478}
-var CURVE_Frb=[...]Chunk {0xFAD1BE73F7245FF,0x6C246F83F06A08B,0x906077E146CE994,0x514D03B4F9FDC68,0x7D8CF86A43F4C6E,0x31791EE96200E29,0x79D9FF04BA5063C,0x8CD092FD5BADE60,0x9647EB8686EBEC7,0x6A883EAD5ECB3A4,0x1A00D74C5B87}
-var CURVE_Pxa=[...]Chunk {0x4233F273CCC5E10,0x6408117FB1B1FFA,0xA7978AC166486AA,0xDA6417BDCFDC1D0,0xDCE981D68FA7F5C,0x4169ED790F45048,0xBA06CCE894F26BE,0xB0C98247FD18141,0x30CE35212F353A6,0xFF9A1B9162B0B9E,0xFD835F078BF}
-var CURVE_Pxb=[...]Chunk {0x837F879267F4BC0,0x443F1581FA770ED,0x8FBA0763CB82027,0xA8F7E5DE4945F11,0x780AAE5D219F786,0xF3BB745205342E9,0xCC0A34FF057013C,0xA6DFAF3E689709E,0xD69FBD8D12B6B79,0x6A1715D9469215D,0x1764FA509C41}
-var CURVE_Pya=[...]Chunk {0xC570D1DCC3FB414,0xD0ABFE7F36161E4,0xABA2F61496C849A,0x4E4A05030CD4F3F,0x70F7CECD5CEF83,0x9D4711CBF491613,0xDF8011EA770418E,0x56548E514EC94EC,0xC9E853DFF35EE42,0x5481ABBAAD13633,0x78D8A63783F}
-var CURVE_Pyb=[...]Chunk {0xAFE3E3DB33908AD,0x7CD4290A506594C,0xFA043D85973EC3F,0xFAC7A642BB5E628,0x71A36A52DA82EE2,0x12C2231EDAE0C76,0x994DF2771091B48,0xCFFF7637B76831C,0xD463BD03DA14916,0x1074F23C580C40,0x12188D99546B}
-var CURVE_W=[2][NLEN]Chunk {{0x6008003,0x30020000,0xC0080060000000,0x300000000000000,0x0,0x600000,0x0,0x0,0x0,0x0,0x0},{0x2001,0x8000,0x20000000000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}
-var CURVE_SB=[2][2][NLEN]Chunk {{{0x600A004,0x30028000,0xC00A0060000000,0x300000000000000,0x0,0x600000,0x0,0x0,0x0,0x0,0x0},{0x2001,0x8000,0x20000000000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x2001,0x8000,0x20000000000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x2406C07803A00A,0x2405103C00E8000,0xC817E0780000000,0x1B00000901441,0x400000006C0A206,0xD814422814402,0x6C051024000000,0xD8000000000000,0x9006C,0x240000,0x240000000000}}}
-var CURVE_WB=[4][NLEN]Chunk {{0x2001000,0x10004000,0x40010020000000,0x100000000000000,0x0,0x200000,0x0,0x0,0x0,0x0,0x0},{0xC01C015005,0x900E0054000,0x3803901C0000000,0xE00300000000240,0x1200,0x2401C02400,0x9000000000,0x0,0xC,0x0,0x0},{0x600E00B003,0x4807002C000,0x1C01D00E0000000,0x700180000000120,0x900,0x1200E01200,0x4800000000,0x0,0x6,0x0,0x0},{0x2003001,0x1000C000,0x40030020000000,0x100000000000000,0x0,0x200000,0x0,0x0,0x0,0x0,0x0}}
-var CURVE_BB=[4][4][NLEN]Chunk {{{0x2406C07E04100D,0x2405103F0104000,0xD418507E0000000,0x301B00000901441,0x400000006C0A206,0xD814422E14402,0x6C051024000000,0xD8000000000000,0x9006C,0x240000,0x240000000000},{0x2406C07E04100C,0x2405103F0104000,0xD418507E0000000,0x301B00000901441,0x400000006C0A206,0xD814422E14402,0x6C051024000000,0xD8000000000000,0x9006C,0x240000,0x240000000000},{0x2406C07E04100C,0x2405103F0104000,0xD418507E0000000,0x301B00000901441,0x400000006C0A206,0xD814422E14402,0x6C051024000000,0xD8000000000000,0x9006C,0x240000,0x240000000000},{0x2002,0x8000,0x20000000000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x2001,0x8000,0x20000000000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x2406C07E04100C,0x2405103F0104000,0xD418507E0000000,0x301B00000901441,0x400000006C0A206,0xD814422E14402,0x6C051024000000,0xD8000000000000,0x9006C,0x240000,0x240000000000},{0x2406C07E04100D,0x2405103F0104000,0xD418507E0000000,0x301B00000901441,0x400000006C0A206,0xD814422E14402,0x6C051024000000,0xD8000000000000,0x9006
C,0x240000,0x240000000000},{0x2406C07E04100C,0x2405103F0104000,0xD418507E0000000,0x301B00000901441,0x400000006C0A206,0xD814422E14402,0x6C051024000000,0xD8000000000000,0x9006C,0x240000,0x240000000000}},{{0x2002,0x8000,0x20000000000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x2001,0x8000,0x20000000000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x2001,0x8000,0x20000000000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x2001,0x8000,0x20000000000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x1002,0x4000,0x10000000000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x4002,0x10000,0x40000000000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x2406C07E04000A,0x2405103F0100000,0xD418407E0000000,0x301B00000901441,0x400000006C0A206,0xD814422E14402,0x6C051024000000,0xD8000000000000,0x9006C,0x240000,0x240000000000},{0x1002,0x4000,0x10000000000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}}
-
-const USE_GLV bool=true
-const USE_GS_G2 bool=true
-const USE_GS_GT bool=true
-const GT_STRONG bool=false
-*/
-// BNCX Curve
-/*
-const CURVETYPE int=WEIERSTRASS
-const CURVE_PAIRING_TYPE int=BN_CURVE
-const CURVE_A int= 0
-var CURVE_B = [...]Chunk {0x2,0x0,0x0,0x0,0x0}
-var CURVE_Cof = [...]Chunk {0x1,0x0,0x0,0x0,0x0}
-
-var CURVE_Order=[...]Chunk {0x11C0A636EB1F6D,0xD6EE0CC906CEBE,0x647A6366D2C43F,0x8702A0DB0BDDF,0x24000000}
-var CURVE_Bnx=[...]Chunk {0x3C012B1,0x40,0x0,0x0,0x0}
-var CURVE_Cru=[...]Chunk {0xE0931794235C97,0xDF6471EF875631,0xCA83F1440BD,0x480000,0x0}
-var CURVE_Fra=[...]Chunk {0xD9083355C80EA3,0x7326F173F8215B,0x8AACA718986867,0xA63A0164AFE18B,0x1359082F}
-var CURVE_Frb=[...]Chunk {0x8D1BBC06534710,0x63C7269546C062,0xD9CDBC4E3ABBD8,0x623628A900DC53,0x10A6F7D0}
-var CURVE_Pxa=[...]Chunk {0x851CEEE4D2EC74,0x85BFA03E2726C0,0xF5C34BBB907C,0x7053B256358B25,0x19682D2C}
-var CURVE_Pxb=[...]Chunk {0xA58E8B2E29CFE1,0x97B0C209C30F47,0x37A8E99743F81B,0x3E19F64AA011C9,0x1466B9EC}
-var CURVE_Pya=[...]Chunk {0xFBFCEBCF0BE09F,0xB33D847EC1B30C,0x157DAEE2096361,0x72332B8DD81E22,0xA79EDD9}
-var CURVE_Pyb=[...]Chunk {0x904B228898EE9D,0x4EA569D2EDEBED,0x512D8D3461C286,0xECC4C09035C6E4,0x6160C39}
-var CURVE_Gx =[...]Chunk {0x6623EF5C1B55B2,0xD6EE18093EE1BE,0x647A6366D3243F,0x8702A0DB0BDDF,0x24000000}
-var CURVE_Gy =[...]Chunk {0x1,0x0,0x0,0x0,0x0}
-var CURVE_W=[2][5]Chunk{{0x546349162FEB83,0xB40381200,0x6000,0x0,0x0},{0x7802561,0x80,0x0,0x0,0x0}}
-var CURVE_SB=[2][2][5]Chunk {{{0x5463491DB010E4,0xB40381280,0x6000,0x0,0x0},{0x7802561,0x80,0x0,0x0,0x0}},{{0x7802561,0x80,0x0,0x0,0x0},{0xBD5D5D20BB33EA,0xD6EE0188CEBCBD,0x647A6366D2643F,0x8702A0DB0BDDF,0x24000000}}}
-var CURVE_WB=[4][5]Chunk {{0x1C2118567A84B0,0x3C012B040,0x2000,0x0,0x0},{0xCDF995BE220475,0x94EDA8CA7F9A36,0x8702A0DC07E,0x300000,0x0},{0x66FCCAE0F10B93,0x4A76D4653FCD3B,0x4381506E03F,0x180000,0x0},{0x1C21185DFAAA11,0x3C012B0C0,0x2000,0x0,0x0}}
-var CURVE_BB=[4][4][5]Chunk {{{0x11C0A6332B0CBD,0xD6EE0CC906CE7E,0x647A6366D2C43F,0x8702A0DB0BDDF,0x24000000},{0x11C0A6332B0CBC,0xD6EE0CC906CE7E,0x647A6366D2C43F,0x8702A0DB0BDDF,0x24000000},{0x11C0A6332B0CBC,0xD6EE0CC906CE7E,0x647A6366D2C43F,0x8702A0DB0BDDF,0x24000000},{0x7802562,0x80,0x0,0x0,0x0}},{{0x7802561,0x80,0x0,0x0,0x0},{0x11C0A6332B0CBC,0xD6EE0CC906CE7E,0x647A6366D2C43F,0x8702A0DB0BDDF,0x24000000},{0x11C0A6332B0CBD,0xD6EE0CC906CE7E,0x647A6366D2C43F,0x8702A0DB0BDDF,0x24000000},{0x11C0A6332B0CBC,0xD6EE0CC906CE7E,0x647A6366D2C43F,0x8702A0DB0BDDF,0x24000000}},{{0x7802562,0x80,0x0,0x0,0x0},{0x7802561,0x80,0x0,0x0,0x0},{0x7802561,0x80,0x0,0x0,0x0},{0x7802561,0x80,0x0,0x0,0x0}},{{0x3C012B2,0x40,0x0,0x0,0x0},{0xF004AC2,0x100,0x0,0x0,0x0},{0x11C0A62F6AFA0A,0xD6EE0CC906CE3E,0x647A6366D2C43F,0x8702A0DB0BDDF,0x24000000},{0x3C012B2,0x40,0x0,0x0,0x0}}}
-
-const USE_GLV bool=true
-const USE_GS_G2 bool=true
-const USE_GS_GT bool=true
-const GT_STRONG bool=true
-
-*/
-// BN254 Curve
-/*
-const CURVETYPE int=WEIERSTRASS
-const CURVE_PAIRING_TYPE int=BN_CURVE
-const CURVE_A int= 0
-var CURVE_B = [...]Chunk {0x2,0x0,0x0,0x0,0x0}
-var CURVE_Cof = [...]Chunk {0x1,0x0,0x0,0x0,0x0}
-var CURVE_Order=[...]Chunk {0xD,0x800000000010A1,0x8000000007FF9F,0x40000001BA344D,0x25236482}
-var CURVE_Bnx=[...]Chunk {0x80000000000001,0x40,0x0,0x0,0x0}
-var CURVE_Cru=[...]Chunk {0x80000000000007,0x6CD,0x40000000024909,0x49B362,0x0}
-var CURVE_Fra=[...]Chunk {0x7DE6C06F2A6DE9,0x74924D3F77C2E1,0x50A846953F8509,0x212E7C8CB6499B,0x1B377619}
-var CURVE_Frb=[...]Chunk {0x82193F90D5922A,0x8B6DB2C08850C5,0x2F57B96AC8DC17,0x1ED1837503EAB2,0x9EBEE69}
-var CURVE_Pxa=[...]Chunk {0xEE4224C803FB2B,0x8BBB4898BF0D91,0x7E8C61EDB6A464,0x519EB62FEB8D8C,0x61A10BB}
-var CURVE_Pxb=[...]Chunk {0x8C34C1E7D54CF3,0x746BAE3784B70D,0x8C5982AA5B1F4D,0xBA737833310AA7,0x516AAF9}
-var CURVE_Pya=[...]Chunk {0xF0E07891CD2B9A,0xAE6BDBE09BD19,0x96698C822329BD,0x6BAF93439A90E0,0x21897A0}
-var CURVE_Pyb=[...]Chunk {0x2D1AEC6B3ACE9B,0x6FFD739C9578A,0x56F5F38D37B090,0x7C8B15268F6D44,0xEBB2B0E}
-var CURVE_Gx =[...]Chunk {0x12,0x13A7,0x80000000086121,0x40000001BA344D,0x25236482}
-var CURVE_Gy =[...]Chunk {0x1,0x0,0x0,0x0,0x0}
-var CURVE_W=[2][5]Chunk {{0x3,0x80000000000204,0x6181,0x0,0x0},{0x1,0x81,0x0,0x0,0x0}}
-var CURVE_SB=[2][2][5]Chunk {{{0x4,0x80000000000285,0x6181,0x0,0x0},{0x1,0x81,0x0,0x0,0x0}},{{0x1,0x81,0x0,0x0,0x0},{0xA,0xE9D,0x80000000079E1E,0x40000001BA344D,0x25236482}}}
-var CURVE_WB=[4][5]Chunk {{0x80000000000000,0x80000000000040,0x2080,0x0,0x0},{0x80000000000005,0x54A,0x8000000001C707,0x312241,0x0},{0x80000000000003,0x800000000002C5,0xC000000000E383,0x189120,0x0},{0x80000000000001,0x800000000000C1,0x2080,0x0,0x0}}
-var CURVE_BB=[4][4][5]Chunk {{{0x8000000000000D,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x8000000000000C,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x8000000000000C,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x2,0x81,0x0,0x0,0x0}},{{0x1,0x81,0x0,0x0,0x0},{0x8000000000000C,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x8000000000000D,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x8000000000000C,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482}},{{0x2,0x81,0x0,0x0,0x0},{0x1,0x81,0x0,0x0,0x0},{0x1,0x81,0x0,0x0,0x0},{0x1,0x81,0x0,0x0,0x0}},{{0x80000000000002,0x40,0x0,0x0,0x0},{0x2,0x102,0x0,0x0,0x0},{0xA,0x80000000001020,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x80000000000002,0x40,0x0,0x0,0x0}}}
-
-const USE_GLV bool=true
-const USE_GS_G2 bool=true
-const USE_GS_GT bool=true
-const GT_STRONG bool=false
-*/
-// BN454 Curve
-/*
-const CURVETYPE int=WEIERSTRASS
-const CURVE_PAIRING_TYPE int=BN_CURVE
-const CURVE_A int= 0
-
-var CURVE_Order=[...]Chunk {0x420000000D,0x42006C4200007E0,0x2000144FC0024FC,0x887E01D4FC0091C,0x21C00021D4400DA,0x25B06C01B144009,0xD80000909000,0x240000900};
-var CURVE_B = [...]Chunk {0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-var CURVE_Cof = [...]Chunk {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-var CURVE_Gx =[...]Chunk {0x4E00000012,0x4E006C4E0000840,0x800014508002508,0x888401D5080091C,0x21C00021D4400DA,0x25B06C01B144009,0xD80000909000,0x240000900};
-var CURVE_Gy =[...]Chunk {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-
-var CURVE_Bnx=[...]Chunk {0x100000001,0x10000010000000,0x0,0x0,0x0,0x0,0x0,0x0};
-var CURVE_Cru=[...]Chunk {0x1B00000007,0x1B00121B0000240,0xA00003648000048,0x6C2400364800005,0x36000012360000,0x12000036000,0x0,0x0};
-var CURVE_Fra=[...]Chunk {0x302DC9FD573B0EC,0x7AEEE6C3A90B9B8,0xD06B734A02B17EC,0xDBD9562D6A87D,0x929326ECAFCB5A2,0x32139C5D6DDCE26,0x7A687EBE1CCD92B,0x12E79EC72};
-var CURVE_Frb=[...]Chunk {0xCFD23AE2A8C4F27,0xD311858A56F4E87,0xAF94A1067D50D1B,0x87A8287EDA9609E,0x8F2CD9352474B38,0xF39CCFA443671E2,0x85A50141EC3B6D4,0x111861C8D};
-var CURVE_Pxa=[...]Chunk {0xFBA3BAC20F02B14,0x6BC30BEF0CC2BB1,0xFE2DA6B5FCEFFF3,0x3682EDFC1FE1E7E,0xAD66CC979483454,0xE163BB5D98CBBA1,0xD55083668F14AAF,0x1403D4F80};
-var CURVE_Pxb=[...]Chunk {0x9C06D0EC45BF266,0x365ACBB7823C36E,0xD2E4624790DBC52,0xE0803BE6F2F769F,0x7BA9E2AA951971D,0x25841737EBE5665,0x142E8014B1E40D5,0x15952D69E};
-var CURVE_Pya=[...]Chunk {0x939AB6BBE1B15C7,0xDF26024555C6CB4,0x671C46519474FB5,0xBAA277A8FC5DD54,0xB00871EE82F2FAA,0xFE0A26E1C64C3A,0x7ABC6DB12C5287A,0x1D67A4004};
-var CURVE_Pyb=[...]Chunk {0xC10E6FB60571D60,0xE9271847B128D8E,0xBE70ED2753A65C7,0x75C2604B7433768,0x4F0B46811003851,0xD91F0CA48ABC5EA,0x842C9ADF53F903E,0x976E2360};
-var CURVE_W=[2][8]Chunk {{0x800000003,0x80000080000060,0x60000000C00000C,0x600000C00000,0x0,0x0,0x0,0x0},{0x200000001,0x20000020000000,0x0,0x0,0x0,0x0,0x0,0x0}};
-var CURVE_SB=[2][2][8]Chunk {{{0xA00000004,0xA00000A0000060,0x60000000C00000C,0x600000C00000,0x0,0x0,0x0,0x0},{0x200000001,0x20000020000000,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x200000001,0x20000020000000,0x0,0x0,0x0,0x0,0x0,0x0},{0x3A0000000A,0x3A006C3A0000780,0xC000144F00024F0,0x887801D4F00091B,0x21C00021D4400DA,0x25B06C01B144009,0xD80000909000,0x240000900}}};
-var CURVE_WB=[4][8]Chunk {{0x100000000,0x10000010000020,0x200000004000004,0x200000400000,0x0,0x0,0x0,0x0},{0x1500000005,0x15000C1500001C0,0x2438000038,0x481C00243800004,0x2400000C240000,0xC000024000,0x0,0x0},{0xB00000003,0xB00060B00000E0,0x121C00001C,0x240E00121C00002,0x12000006120000,0x6000012000,0x0,0x0},{0x300000001,0x30000030000020,0x200000004000004,0x200000400000,0x0,0x0,0x0,0x0}};
-var CURVE_BB=[4][4][8]Chunk {{{0x410000000D,0x41006C4100007E0,0x2000144FC0024FC,0x887E01D4FC0091C,0x21C00021D4400DA,0x25B06C01B144009,0xD80000909000,0x240000900},{0x410000000C,0x41006C4100007E0,0x2000144FC0024FC,0x887E01D4FC0091C,0x21C00021D4400DA,0x25B06C01B144009,0xD80000909000,0x240000900},{0x410000000C,0x41006C4100007E0,0x2000144FC0024FC,0x887E01D4FC0091C,0x21C00021D4400DA,0x25B06C01B144009,0xD80000909000,0x240000900},{0x200000002,0x20000020000000,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x200000001,0x20000020000000,0x0,0x0,0x0,0x0,0x0,0x0},{0x410000000C,0x41006C4100007E0,0x2000144FC0024FC,0x887E01D4FC0091C,0x21C00021D4400DA,0x25B06C01B144009,0xD80000909000,0x240000900},{0x410000000D,0x41006C4100007E0,0x2000144FC0024FC,0x887E01D4FC0091C,0x21C00021D4400DA,0x25B06C01B144009,0xD80000909000,0x240000900},{0x410000000C,0x41006C4100007E0,0x2000144FC0024FC,0x887E01D4FC0091C,0x21C00021D4400DA,0x25B06C01B144009,0xD80000909000,0x240000900}},{{0x200000002,0x20000020000000,0x0,0x0,0x0,0x0,0x0,0x0},{0x200
000001,0x20000020000000,0x0,0x0,0x0,0x0,0x0,0x0},{0x200000001,0x20000020000000,0x0,0x0,0x0,0x0,0x0,0x0},{0x200000001,0x20000020000000,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x100000002,0x10000010000000,0x0,0x0,0x0,0x0,0x0,0x0},{0x400000002,0x40000040000000,0x0,0x0,0x0,0x0,0x0,0x0},{0x400000000A,0x40006C4000007E0,0x2000144FC0024FC,0x887E01D4FC0091C,0x21C00021D4400DA,0x25B06C01B144009,0xD80000909000,0x240000900},{0x100000002,0x10000010000000,0x0,0x0,0x0,0x0,0x0,0x0}}};
-
-const USE_GLV bool=true
-const USE_GS_G2 bool=true
-const USE_GS_GT bool=true
-const GT_STRONG bool=false
-*/
-
-
-// BLS383 Curve
-
-const CURVETYPE int=WEIERSTRASS
-const CURVE_PAIRING_TYPE int=BLS_CURVE
-const CURVE_A int= 0
-
-var CURVE_Order=[...]Chunk {0xFFF80000FFF001,0xBFDE0070FE7800,0x3000049C5EDF1C,0xC40007F910007A,0x14641004C,0x0,0x0};
-var CURVE_B = [...]Chunk {0x9,0x0,0x0,0x0,0x0,0x0,0x0};
-var CURVE_Cof = [...]Chunk {0x2A00000052B,0x5560AAAAAB2CA0,0x6055,0x0,0x0,0x0,0x0};
-var CURVE_Gx =[...]Chunk {0xD59B348D10786B,0x3477C0E3F54AD0,0xBF25B734578B9B,0x4F6AC007BB6F65,0xEFD5830FF57E9C,0xADB9F88FB6EC02,0xB08CEE4BC98};
-var CURVE_Gy =[...]Chunk {0x5DA023D145DDB,0x13F518C5FEF7CC,0x56EC3462B2A66F,0x96F3019C7A925F,0x9061047981223E,0x4810AD8F5BE59,0x1F3909337671};
-
-var CURVE_Bnx=[...]Chunk {0x1000000040,0x110,0x0,0x0,0x0,0x0,0x0};
-var CURVE_Cru=[...]Chunk {0xA3AAC4EDA155A9,0xDF2FE8761E5E3D,0xBCDFAADE632625,0x5123128D3035A6,0xDBF3A2BBEAD683,0x5C5FAB20424190,0x7AC52080A9F7};
-var CURVE_Fra=[...]Chunk {0x2BA59A92B4508B,0x63DB7A06EEF343,0x40341CB1DFBC74,0x1639E9D32D55D3,0xB19B3F05CC36D4,0xF323EE4D86AB98,0x5A5FB198672};
-var CURVE_Frb=[...]Chunk {0x81051A97F904E0,0xB7D49A6F086A37,0x8F3EEB8B7DB8AB,0xEEF7983C6C9543,0x7A65F6549CB35D,0x693D1777CBFBEC,0x751F25672384};
-var CURVE_Pxa=[...]Chunk {0x6059885BAC9472,0x7C4D31DE2DC36D,0xBDC90C308C88A7,0x29F01971C688FC,0x3693539C43F167,0xD81E5A561EB8BF,0x4D50722B56BF};
-var CURVE_Pxb=[...]Chunk {0x9B4BD7A272AB23,0x7AF19D4F44DCE8,0x3F6F7B93206A34,0x571DD3E2A819FB,0x3A2BA3B635D7EE,0xAC28C780C1A126,0xEE3617C3E5B};
-var CURVE_Pya=[...]Chunk {0x81D230977BD4FD,0xB660720DFDFC6,0x41FC9590C89A0C,0x2E1FBCF878287A,0x11C23014EEE65,0x28878816BB325E,0x8F40859A05C};
-var CURVE_Pyb=[...]Chunk {0xA5E20A252C4CE6,0x5907A74AFF40C8,0x41760A42448EF3,0xFFEF82B0FDA199,0xA0F29A18D4EA49,0xAC7F7B86E4997B,0x1DCABBA88C12};
-
-// Not used
-var CURVE_W=[2][7]Chunk {{0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
-var CURVE_SB=[2][2][7]Chunk {{{0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0}}};
-var CURVE_WB=[4][7]Chunk {{0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
-var CURVE_BB=[4][4][7]Chunk {{{0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0}}};
-
-const USE_GLV bool=true
-const USE_GS_G2 bool=true
-const USE_GS_GT bool=true
-const GT_STRONG bool=false
-
-// BLS455 Curve
-/*
-const CURVETYPE int=WEIERSTRASS
-const CURVE_PAIRING_TYPE int=BLS_CURVE
-const CURVE_A int= 0
-
-var CURVE_Order=[...]Chunk {0x7FFFFC00001,0xA00000400001C,0x25E000750001D10,0xE0000F10004F000,0x80000380002,0x10,0x0,0x0};
-var CURVE_B = [...]Chunk {0xA,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-var CURVE_Cof = [...]Chunk {0xA9557FFAABFFAAB,0xAAB15555B54AAB6,0x555556AA,0x0,0x0,0x0,0x0,0x0};
-var CURVE_Gx =[...]Chunk {0x6D4C5DDFDFCEDD1,0x35C6F43B3A034FB,0x7F05B56A579C725,0xB1F2B8ECE11B321,0x9F342AB0CFE8392,0xA5911EE32767994,0x3005E40CC56ABED,0x18855F3B};
-var CURVE_Gy =[...]Chunk {0x404FD79A6619B9B,0x69D80A5D6FA0286,0xEE722322D91A493,0xB1EE58431C1E968,0xCA9BC8953801F5F,0xDFAFD40FE9E388E,0x9F8985FC3DEB0D6,0x19A8DB77E};
-
-var CURVE_Bnx=[...]Chunk {0x20000080000800,0x10000,0x0,0x0,0x0,0x0,0x0,0x0};
-var CURVE_Cru=[...]Chunk {0x9202FFC00000AA9,0xFA5190F4A3762A,0x8B2B9BDD548FEC9,0xD7B469DB33A586A,0xC91731354CAFD99,0xF5B48D02FFFE695,0x57955572A900E0E,0x555559555};
-var CURVE_Fra=[...]Chunk {0x9CCFBDCA2EBF21,0x572F54A73379964,0x72819F887545498,0x22BBC1CAD1F8534,0xA82CD7D435944F0,0x4594F818D030F7B,0xEDCBE3ADC0016A7,0x397EA4973};
-var CURVE_Frb=[...]Chunk {0xA033043B5D1438A,0x6E5A00C3F72FC06,0x4717AB46118C70E,0x16993AE842C0609,0x3B78DA012CA06E9,0x501F99EA300E6EA,0x69C971C4E9FF768,0x1BD6B4BE1};
-var CURVE_Pxa=[...]Chunk {0x475F20F0C1F542,0x65D6070F8567E10,0xD780698BB33D776,0x71F685ED1531721,0x303D3FEC5B6A49C,0x8DEF064FF553CEB,0xC0E9A31B4C463,0x2ECB12FA8};
-var CURVE_Pxb=[...]Chunk {0x99086EE6749F03D,0xE89A55A5AC5EF2E,0x7B41AECD88EA016,0x622450FE6163E06,0x755066E1C8E296F,0xA80F219487326E8,0x66DBFBB0BEAEE59,0xECFFCE0};
-var CURVE_Pya=[...]Chunk {0x83235A4581A77F4,0x9F0F367B7A7E10A,0x8FA0C4A66D55B9D,0xEF03F65E0D6EC4C,0x9C7DC299C1A9EC2,0x32453CA21CFA5AC,0x6C3DCD5ABB9C544,0x22471D90A};
-var CURVE_Pyb=[...]Chunk {0xF413B6D9E1FDBA2,0xA7E630913DA0356,0xFBC913D9AC488E2,0x72E7CF61B401585,0x656D801B21C89ED,0xF9E921EEE0558F9,0x3D2B7B03CFC8698,0x33503CA8};
-
-// Not used
-var CURVE_W=[2][8]Chunk {{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
-var CURVE_SB=[2][2][8]Chunk {{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}};
-var CURVE_WB=[4][8]Chunk {{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
-var CURVE_BB=[4][4][8]Chunk {{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}};
-
-const USE_GLV bool=true
-const USE_GS_G2 bool=true
-const USE_GS_GT bool=true
-const GT_STRONG bool=false
-*/
-// BNT Curve
-/*
-const CURVETYPE int=WEIERSTRASS
-const CURVE_PAIRING_TYPE int=BN_CURVE
-const CURVE_A int= 0
-var CURVE_B = [...]Chunk {0x2,0x0,0x0,0x0,0x0}
-var CURVE_Cof = [...]Chunk {0x1,0x0,0x0,0x0,0x0}
-var CURVE_Order=[...]Chunk {0x75777E8D30210D,0xD43492B2CB363A,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB}
-var CURVE_Bnx=[...]Chunk {0x806000004081,0x40,0x0,0x0,0x0}
-var CURVE_Cru=[...]Chunk {0xEB53D5AB4FCD87,0x82A5F2BAB11FAD,0x47651504C9764C,0x4801B1,0x0}
-var CURVE_Fra=[...]Chunk {0xF5D14EADC80022,0x4904D6FACCE359,0xF190A13211BE6C,0xC9BBC4394F6509,0x1328A292}
-var CURVE_Frb=[...]Chunk {0xA7EAB040ECA6F1,0xC513DF997D764,0x450657A3DEB01E,0x9B5B3D15AAA6A1,0x10D87E48}
-var CURVE_Pxa=[...]Chunk {0x8987E2288E65BB,0xAD1CAA6313BE,0x325041548B7CCC,0x4C1339EBCC055,0x14483FCD}
-var CURVE_Pxb=[...]Chunk {0x67888808DBE2C0,0x7FE1F81E34853A,0xA631A51B57B95,0x384EC302DA3FC5,0x87F46B3}
-var CURVE_Pya=[...]Chunk {0x202C47E020CA1D,0xB4167E8399F36C,0xC6E5439F72C94C,0x102B0BD74A2C69,0x14E8C29C}
-var CURVE_Pyb=[...]Chunk {0xD8437C716628F2,0x27E167BCB7DC6B,0xA82C7572681D0A,0x62454BD1EDEC18,0x17AFE2A4}
-var CURVE_Gx =[...]Chunk {0x9DBBFEEEB4A712,0x555614F464BABE,0x3696F8D5F06E8A,0x6517014EFA0BAB,0x240120DB}
-var CURVE_Gy =[...]Chunk {0x1,0x0,0x0,0x0,0x0}
-var CURVE_W=[2][5]Chunk{{0x26430061838403,0x81218241998384,0x6001,0x0,0x0},{0x100C000008101,0x80,0x0,0x0,0x0}}
-var CURVE_SB=[2][2][5]Chunk {{{0x2743C061840504,0x81218241998404,0x6001,0x0,0x0},{0x100C000008101,0x80,0x0,0x0,0x0}},{{0x100C000008101,0x80,0x0,0x0,0x0},{0x4F347E2BAC9D0A,0x5313107131B2B6,0x3696F8D5EFAE87,0x6517014EFA0BAB,0x240120DB}}}
-var CURVE_WB=[4][5]Chunk {{0x6140602080C080,0x806080C08880C1,0x2000,0x0,0x0},{0xB53904088C4A85,0xAD2FA352DC6C36,0xDA436358868EDE,0x300120,0x0},{0x5ADCB204464583,0x5697D1A96E363B,0x6D21B1AC43476F,0x180090,0x0},{0x62412020814181,0x806080C0888141,0x2000,0x0,0x0}}
-var CURVE_BB=[4][4][5]Chunk {{{0x74F71E8D2FE08D,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x74F71E8D2FE08C,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x74F71E8D2FE08C,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x100C000008102,0x80,0x0,0x0,0x0}},{{0x100C000008101,0x80,0x0,0x0,0x0},{0x74F71E8D2FE08C,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x74F71E8D2FE08D,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x74F71E8D2FE08C,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB}},{{0x100C000008102,0x80,0x0,0x0,0x0},{0x100C000008101,0x80,0x0,0x0,0x0},{0x100C000008101,0x80,0x0,0x0,0x0},{0x100C000008101,0x80,0x0,0x0,0x0}},{{0x806000004082,0x40,0x0,0x0,0x0},{0x2018000010202,0x100,0x0,0x0,0x0},{0x7476BE8D2FA00A,0xD43492B2CB35BA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x806000004082,0x40,0x0,0x0,0x0}}}
-
-const USE_GLV bool=true
-const USE_GS_G2 bool=true
-const USE_GS_GT bool=true
-const GT_STRONG bool=true
-
-*/
-
-// BNT2 Curve
-/*
-const CURVETYPE int=WEIERSTRASS
-const CURVE_PAIRING_TYPE int=BN_CURVE
-const CURVE_A int= 0
-var CURVE_B = [...]Chunk {0x2,0x0,0x0,0x0,0x0}
-var CURVE_Cof = [...]Chunk {0x1,0x0,0x0,0x0,0x0}
-var CURVE_Order=[...]Chunk {0xFB71A511AA2BF5,0x8DE127B73833D7,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482}
-var CURVE_Bnx=[...]Chunk {0x20100608205,0x40,0x0,0x0,0x0}
-var CURVE_Cru=[...]Chunk {0x5027444866BD33,0x5B773016470EFB,0xC3617BECF23675,0x480006,0x0}
-var CURVE_Fra=[...]Chunk {0xB268C973AEF062,0xC69B33C3BCE492,0xF67FA37F195BBC,0x29E8CAB6BD0A41,0x124E0B8D}
-var CURVE_Frb=[...]Chunk {0x736240B1B429,0xCD48F52D196D56,0x18BBE650E72612,0x17268FF6FA43DE,0x11B1F8F5}
-var CURVE_Pxa=[...]Chunk {0xCC92399F40A3C8,0xCDA4E96611784A,0x7B056961706B35,0x9693C6318279D7,0x16FC17CF}
-var CURVE_Pxb=[...]Chunk {0x557A8AD8549540,0x6F7BE6F6510610,0x565907A95D17DB,0xBD5975909C8188,0x1EB5B500}
-var CURVE_Pya=[...]Chunk {0x7BECC514220513,0x4A78860E737B14,0x51B83935F12684,0x761422AA9D4DFA,0x1E8EE498}
-var CURVE_Pyb=[...]Chunk {0xB9328F577CE78E,0xB746E26FA5781F,0xA93DBC1FB8E27E,0xBAE33BDBA29D76,0x23CEF4CD}
-var CURVE_Gx =[...]Chunk {0xB2DC2BB460A48A,0x93E428F0D651E8,0xF3B89D00081CF,0x410F5AADB74E20,0x24000482}
-var CURVE_Gy =[...]Chunk {0x1,0x0,0x0,0x0,0x0}
-var CURVE_W=[2][5]Chunk {{0xB76282A1347083,0x60301399E1D10,0x6000,0x0,0x0},{0x40200C10409,0x80,0x0,0x0,0x0}}
-var CURVE_SB=[2][2][5]Chunk {{{0xB76684A1F5748C,0x60301399E1D90,0x6000,0x0,0x0},{0x40200C10409,0x80,0x0,0x0,0x0}},{{0x40200C10409,0x80,0x0,0x0,0x0},{0x440F227075BB72,0x87DE267D9A16C7,0xF3B89CFFFC1CF,0x410F5AADB74E20,0x24000482}}}
-var CURVE_WB=[4][5]Chunk {{0x9272D48A70A224,0x20100688A0945,0x2000,0x0,0x0},{0x5A572CF030EF19,0x9651763543721D,0x8240FD48A1B9A3,0x300004,0x0},{0xAD2C96F848B88F,0xCB28BB1AA1B92E,0x41207EA450DCD1,0x180002,0x0},{0x9276D68B31A62D,0x20100688A09C5,0x2000,0x0,0x0}}
-var CURVE_BB=[4][4][5]Chunk {{{0xFB6FA41149A9F1,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0xFB6FA41149A9F0,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0xFB6FA41149A9F0,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0x40200C1040A,0x80,0x0,0x0,0x0}},{{0x40200C10409,0x80,0x0,0x0,0x0},{0xFB6FA41149A9F0,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0xFB6FA41149A9F1,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0xFB6FA41149A9F0,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482}},{{0x40200C1040A,0x80,0x0,0x0,0x0},{0x40200C10409,0x80,0x0,0x0,0x0},{0x40200C10409,0x80,0x0,0x0,0x0},{0x40200C10409,0x80,0x0,0x0,0x0}},{{0x20100608206,0x40,0x0,0x0,0x0},{0x80401820812,0x100,0x0,0x0,0x0},{0xFB6DA310E927EA,0x8DE127B7383357,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0x20100608206,0x40,0x0,0x0,0x0}}}
-
-const USE_GLV bool=true
-const USE_GS_G2 bool=true
-const USE_GS_GT bool=true
-const GT_STRONG bool=true
-
-*/
-
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/go/RSA.go
----------------------------------------------------------------------
diff --git a/version22/go/RSA.go b/version22/go/RSA.go
deleted file mode 100644
index b8f22fa..0000000
--- a/version22/go/RSA.go
+++ /dev/null
@@ -1,363 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* RSA API high-level functions */
-
-package main
-
-//import "fmt"
-
-const RSA_RFS int=int(MODBYTES)*FFLEN
-const RSA_SHA256 int=32
-const RSA_SHA384 int=48
-const RSA_SHA512 int=64
-
-const RSA_HASH_TYPE int=RSA_SHA256
-
-
-type rsa_private_key struct {
- p,q,dp,dq,c *FF
-}
-
-func New_rsa_private_key(n int) *rsa_private_key {
- SK:=new(rsa_private_key)
- SK.p=NewFFint(n)
- SK.q=NewFFint(n)
- SK.dp=NewFFint(n)
- SK.dq=NewFFint(n)
- SK.c=NewFFint(n)
- return SK
-}
-
-type rsa_public_key struct {
- e int
- n *FF
-}
-
-func New_rsa_public_key(m int) *rsa_public_key{
- PK:=new(rsa_public_key)
- PK.e=0
- PK.n=NewFFint(m)
- return PK
-}
-
-func hashit(sha int,A []byte,n int) []byte {
- var R []byte
- if sha==RSA_SHA256 {
- H:=NewHASH256()
- if A!=nil {H.Process_array(A)}
- if n>=0 {H.Process_num(int32(n))}
- R=H.Hash()
- }
- if sha==RSA_SHA384 {
- H:=NewHASH384()
- if A!=nil {H.Process_array(A)}
- if n>=0 {H.Process_num(int32(n))}
- R=H.Hash()
- }
- if sha==RSA_SHA512 {
- H:=NewHASH512()
- if A!=nil {H.Process_array(A)}
- if n>=0 {H.Process_num(int32(n))}
- R=H.Hash()
- }
- return R
-}
-
-func RSA_KEY_PAIR(rng *RAND,e int,PRIV *rsa_private_key,PUB *rsa_public_key) { /* IEEE1363 A16.11/A16.12 more or less */
- n:=PUB.n.getlen()/2
- t:=NewFFint(n)
- p1:=NewFFint(n)
- q1:=NewFFint(n)
-
- for true {
- PRIV.p.random(rng)
- for PRIV.p.lastbits(2)!=3 {PRIV.p.inc(1)}
- for !prime(PRIV.p,rng) {
- PRIV.p.inc(4)
- }
-
- p1.copy(PRIV.p)
- p1.dec(1)
-
- if p1.cfactor(e) {continue}
- break;
- }
-
- for true {
- PRIV.q.random(rng);
- for PRIV.q.lastbits(2)!=3 {PRIV.q.inc(1)}
- for !prime(PRIV.q,rng) {
- PRIV.q.inc(4)
- }
-
- q1.copy(PRIV.q);
- q1.dec(1);
-
- if q1.cfactor(e) {continue}
-
- break;
- }
-
- PUB.n=ff_mul(PRIV.p,PRIV.q);
- PUB.e=e;
-
- t.copy(p1)
- t.shr()
- PRIV.dp.set(e)
- PRIV.dp.invmodp(t)
- if PRIV.dp.parity()==0 {PRIV.dp.add(t)}
- PRIV.dp.norm();
-
- t.copy(q1)
- t.shr()
- PRIV.dq.set(e)
- PRIV.dq.invmodp(t)
- if PRIV.dq.parity()==0 {PRIV.dq.add(t)}
- PRIV.dq.norm()
-
- PRIV.c.copy(PRIV.p)
- PRIV.c.invmodp(PRIV.q)
-
-}
-
-/* Mask Generation Function */
-
-func RSA_MGF1(sha int,Z []byte,olen int,K []byte) {
- hlen:=sha
-
- var k int=0
- for i:=0;i<len(K);i++ {K[i]=0}
-
- cthreshold:=olen/hlen
- if olen%hlen!=0 {cthreshold++}
- for counter:=0;counter<cthreshold;counter++ {
- B:=hashit(sha,Z,counter)
-
- if (k+hlen>olen) {
- for i:=0;i<olen%hlen;i++ {K[k]=B[i]; k++}
- } else {
- for i:=0;i<hlen;i++ {K[k]=B[i]; k++}
- }
- }
-}
-
-/* SHAXXX identifier strings */
-var SHA256ID= [...]byte {0x30,0x31,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0x04,0x20}
-var SHA384ID= [...]byte {0x30,0x41,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,0x05,0x00,0x04,0x30};
-var SHA512ID= [...]byte {0x30,0x51,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00,0x04,0x40};
-
-func PKCS15(sha int,m []byte,w []byte) bool {
- olen:=FF_BITS/8
- hlen:=sha
- idlen:=19
-
- if olen<idlen+hlen+10 {return false}
- H:=hashit(sha,m,-1)
-
- for i:=0;i<len(w);i++ {w[i]=0}
- i:=0
- w[i]=0; i++
- w[i]=1; i++
- for j:=0;j<olen-idlen-hlen-3;j++ {w[i]=0xff; i++}
- w[i]=0; i++
-
- if hlen==RSA_SHA256 {
- for j:=0;j<idlen;j++ {w[i]=SHA256ID[j]; i++}
- }
- if hlen==RSA_SHA384 {
- for j:=0;j<idlen;j++ {w[i]=SHA384ID[j]; i++}
- }
- if hlen==RSA_SHA512 {
- for j:=0;j<idlen;j++ {w[i]=SHA512ID[j]; i++}
- }
- for j:=0;j<hlen;j++ {w[i]=H[j]; i++}
-
- return true
-}
-
-
-/* OAEP Message Encoding for Encryption */
-func RSA_OAEP_ENCODE(sha int,m []byte,rng *RAND,p []byte) []byte {
- olen:=RSA_RFS-1
- mlen:=len(m)
- var f [RSA_RFS]byte
-
- hlen:=sha
-
- SEED:=make([]byte,hlen);
-
- seedlen:=hlen
- if (mlen>olen-hlen-seedlen-1) {return nil}
-
- DBMASK:=make([]byte,olen-seedlen)
-
- h:=hashit(sha,p,-1);
-
- for i:=0;i<hlen;i++ {f[i]=h[i]}
-
- slen:=olen-mlen-hlen-seedlen-1
-
- for i:=0;i<slen;i++ {f[hlen+i]=0}
- f[hlen+slen]=1
- for i:=0;i<mlen;i++ {f[hlen+slen+1+i]=m[i]}
-
- for i:=0;i<seedlen;i++ {SEED[i]=rng.GetByte()}
- RSA_MGF1(sha,SEED,olen-seedlen,DBMASK)
-
- for i:=0;i<olen-seedlen;i++ {DBMASK[i]^=f[i]}
-
- RSA_MGF1(sha,DBMASK,seedlen,f[:])
-
- for i:=0;i<seedlen;i++ {f[i]^=SEED[i]}
-
- for i:=0;i<olen-seedlen;i++ {f[i+seedlen]=DBMASK[i]}
-
- /* pad to length RFS */
- d:=1
- for i:=RSA_RFS-1;i>=d;i-- {
- f[i]=f[i-d]
- }
- for i:=d-1;i>=0;i-- {
- f[i]=0
- }
- return f[:]
-}
-
-/* OAEP Message Decoding for Decryption */
-func RSA_OAEP_DECODE(sha int,p []byte,f []byte) [] byte {
- olen:=RSA_RFS-1
-
- hlen:=sha
- SEED:=make([]byte,hlen)
- seedlen:=hlen;
- CHASH:=make([]byte,hlen)
-
- if olen<seedlen+hlen+1 {return nil}
- DBMASK:=make([]byte,olen-seedlen)
- for i:=0;i<olen-seedlen;i++ {DBMASK[i]=0}
-
- if len(f)<RSA_RFS {
- d:=RSA_RFS-len(f)
- for i:=RSA_RFS-1;i>=d;i-- {
- f[i]=f[i-d]
- }
- for i:=d-1;i>=0;i-- {
- f[i]=0
- }
- }
-
- h:=hashit(sha,p,-1)
- for i:=0;i<hlen;i++ {CHASH[i]=h[i]}
-
- x:=f[0]
-
- for i:=seedlen;i<olen;i++ {
- DBMASK[i-seedlen]=f[i+1]
- }
-
- RSA_MGF1(sha,DBMASK,seedlen,SEED)
- for i:=0;i<seedlen;i++ {SEED[i]^=f[i+1]}
- RSA_MGF1(sha,SEED,olen-seedlen,f)
- for i:=0;i<olen-seedlen;i++ {DBMASK[i]^=f[i]}
-
- comp:=true
- for i:=0;i<hlen;i++ {
- if CHASH[i]!=DBMASK[i] {comp=false}
- }
-
- for i:=0;i<olen-seedlen-hlen;i++ {
- DBMASK[i]=DBMASK[i+hlen]
- }
-
- for i:=0;i<hlen;i++ {
- SEED[i]=0; CHASH[i]=0
- }
-
- var k int
- for k=0;;k++ {
- if k>=olen-seedlen-hlen {return nil}
- if DBMASK[k]!=0 {break}
- }
-
- t:=DBMASK[k]
- if (!comp || x!=0 || t!=0x01) {
- for i:=0;i<olen-seedlen;i++ {DBMASK[i]=0}
- return nil
- }
-
- var r = make([]byte,olen-seedlen-hlen-k-1)
-
- for i:=0;i<olen-seedlen-hlen-k-1;i++ {
- r[i]=DBMASK[i+k+1]
- }
-
- for i:=0;i<olen-seedlen;i++ {DBMASK[i]=0}
-
- return r
-}
-
-/* destroy the Private Key structure */
-func RSA_PRIVATE_KEY_KILL(PRIV *rsa_private_key) {
- PRIV.p.zero();
- PRIV.q.zero();
- PRIV.dp.zero();
- PRIV.dq.zero();
- PRIV.c.zero();
-}
-
-/* RSA encryption with the public key */
-func RSA_ENCRYPT(PUB *rsa_public_key,F []byte,G []byte) {
- n:=PUB.n.getlen()
- f:=NewFFint(n)
-
- ff_fromBytes(f,F)
- f.power(PUB.e,PUB.n)
- f.toBytes(G)
-}
-
-/* RSA decryption with the private key */
-func RSA_DECRYPT(PRIV *rsa_private_key,G []byte,F []byte) {
- n:=PRIV.p.getlen()
- g:=NewFFint(2*n)
-
- ff_fromBytes(g,G);
- jp:=g.dmod(PRIV.p)
- jq:=g.dmod(PRIV.q)
-
- jp.skpow(PRIV.dp,PRIV.p)
- jq.skpow(PRIV.dq,PRIV.q)
-
- g.zero()
- g.dscopy(jp)
- jp.mod(PRIV.q)
- if ff_comp(jp,jq)>0 {jq.add(PRIV.q)}
- jq.sub(jp)
- jq.norm()
-
- t:=ff_mul(PRIV.c,jq)
- jq=t.dmod(PRIV.q)
-
- t=ff_mul(jq,PRIV.p)
- g.add(t)
- g.norm()
-
- g.toBytes(F)
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/go/TestECDH.go
----------------------------------------------------------------------
diff --git a/version22/go/TestECDH.go b/version22/go/TestECDH.go
deleted file mode 100644
index c3fbf87..0000000
--- a/version22/go/TestECDH.go
+++ /dev/null
@@ -1,164 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* test driver and function exerciser for ECDH/ECIES/ECDSA API Functions */
-
-package main
-
-import "fmt"
-
-func ECDH_printBinary(array []byte) {
- for i:=0;i<len(array);i++ {
- fmt.Printf("%02x", array[i])
- }
- fmt.Printf("\n")
-}
-
-func main() {
-
-// j:=0
- pp:="M0ng00se"
- res:=0
-
- var sha=ECDH_HASH_TYPE
-
- var S1 [ECDH_EGS]byte
- var W0 [2*ECDH_EFS+1]byte
- var W1 [2*ECDH_EFS+1]byte
- var Z0 [ECDH_EFS]byte
- var Z1 [ECDH_EFS]byte
- var RAW [100]byte
- var SALT [8]byte
- var P1 [3]byte
- var P2 [4]byte
- var V [2*ECDH_EFS+1]byte
- var M [17]byte
- var T [12]byte
- var CS [ECDH_EGS]byte
- var DS [ECDH_EGS]byte
-
- rng:=NewRAND()
-
- rng.Clean();
- for i:=0;i<100;i++ {RAW[i]=byte(i)}
-
- rng.Seed(100,RAW[:])
-
-//for j:=0;j<100;j++ {
-
- for i:=0;i<8;i++ {SALT[i]=byte(i+1)} // set Salt
-
- fmt.Printf("Alice's Passphrase= "+pp)
- fmt.Printf("\n");
- PW:=[]byte(pp)
-
-/* private key S0 of size EGS bytes derived from Password and Salt */
-
- S0:=PBKDF2(sha,PW,SALT[:],1000,ECDH_EGS)
-
- fmt.Printf("Alice's private key= 0x")
- ECDH_printBinary(S0)
-
-/* Generate Key pair S/W */
- ECDH_KEY_PAIR_GENERATE(nil,S0,W0[:])
-
- fmt.Printf("Alice's public key= 0x")
- ECDH_printBinary(W0[:]);
-
- res=ECDH_PUBLIC_KEY_VALIDATE(true,W0[:])
- if res!=0 {
- fmt.Printf("ECP Public Key is invalid!\n")
- return
- }
-
-/* Random private key for other party */
- ECDH_KEY_PAIR_GENERATE(rng,S1[:],W1[:])
-
- fmt.Printf("Servers private key= 0x");
- ECDH_printBinary(S1[:])
-
- fmt.Printf("Servers public key= 0x")
- ECDH_printBinary(W1[:])
-
-
- res=ECDH_PUBLIC_KEY_VALIDATE(true,W1[:])
- if res!=0 {
- fmt.Printf("ECP Public Key is invalid!\n")
- return
- }
-/* Calculate common key using DH - IEEE 1363 method */
-
- ECPSVDP_DH(S0,W1[:],Z0[:])
- ECPSVDP_DH(S1[:],W0[:],Z1[:])
-
- same:=true
- for i:=0;i<ECDH_EFS;i++ {
- if Z0[i]!=Z1[i] {same=false}
- }
-
- if !same {
- fmt.Printf("*** ECPSVDP-DH Failed\n");
- return
- }
-
- KEY:=KDF2(sha,Z0[:],nil,ECDH_EAS);
-
- fmt.Printf("Alice's DH Key= 0x"); ECDH_printBinary(KEY)
- fmt.Printf("Servers DH Key= 0x"); ECDH_printBinary(KEY)
-
- if CURVETYPE!=MONTGOMERY {
- fmt.Printf("Testing ECIES\n");
-
- P1[0]=0x0; P1[1]=0x1; P1[2]=0x2
- P2[0]=0x0; P2[1]=0x1; P2[2]=0x2; P2[3]=0x3
-
- for i:=0;i<=16;i++ {M[i]=byte(i)}
-
- C:=ECIES_ENCRYPT(sha,P1[:],P2[:],rng,W1[:],M[:],V[:],T[:])
-
- fmt.Printf("Ciphertext= \n")
- fmt.Printf("V= 0x"); ECDH_printBinary(V[:])
- fmt.Printf("C= 0x"); ECDH_printBinary(C)
- fmt.Printf("T= 0x"); ECDH_printBinary(T[:])
-
-
- RM:=ECIES_DECRYPT(sha,P1[:],P2[:],V[:],C,T[:],S1[:])
- if RM==nil {
- fmt.Printf("*** ECIES Decryption Failed\n")
- return
- } else {fmt.Printf("Decryption succeeded\n")}
-
- fmt.Printf("Message is 0x"); ECDH_printBinary(RM)
-
- fmt.Printf("Testing ECDSA\n");
-
- if ECPSP_DSA(sha,rng,S0,M[:],CS[:],DS[:])!=0 {
- fmt.Printf("***ECDSA Signature Failed\n")
- return
- }
- fmt.Printf("Signature= \n")
- fmt.Printf("C= 0x"); ECDH_printBinary(CS[:])
- fmt.Printf("D= 0x"); ECDH_printBinary(DS[:])
-
- if ECPVP_DSA(sha,W0[:],M[:],CS[:],DS[:])!=0 {
- fmt.Printf("***ECDSA Verification Failed\n")
- return
- } else {fmt.Printf("ECDSA Signature/Verification succeeded \n")}
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/go/TestMPIN.go
----------------------------------------------------------------------
diff --git a/version22/go/TestMPIN.go b/version22/go/TestMPIN.go
deleted file mode 100644
index 60ca3de..0000000
--- a/version22/go/TestMPIN.go
+++ /dev/null
@@ -1,241 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* test driver and function exerciser for MPIN API Functions */
-
-package main
-
-import "fmt"
-
-func MPIN_printBinary(array []byte) {
- for i:=0;i<len(array);i++ {
- fmt.Printf("%02x", array[i])
- }
- fmt.Printf("\n")
-}
-
-func main() {
-
-
- rng:=NewRAND()
- var raw [100]byte
- for i:=0;i<100;i++ {raw[i]=byte(i+1)}
- rng.Seed(100,raw[:])
-
- var sha=MPIN_HASH_TYPE
-
- const EGS=MPIN_EGS
- const EFS=MPIN_EFS
- const G1S=2*EFS+1 /* Group 1 Size */
- const G2S=4*EFS; /* Group 2 Size */
- const EAS int=16
-
- var S [EGS]byte
- var SST [G2S]byte
- var TOKEN [G1S]byte
- var PERMIT [G1S]byte
- var SEC [G1S]byte
- var xID [G1S]byte
- var xCID [G1S]byte
- var X [EGS]byte
- var Y [EGS]byte
- var E [12*EFS]byte
- var F [12*EFS]byte
- var HID [G1S]byte
- var HTID [G1S]byte
-
- var G1 [12*EFS]byte
- var G2 [12*EFS]byte
- var R [EGS]byte
- var Z [G1S]byte
- var W [EGS]byte
- var T [G1S]byte
- var CK [EAS]byte
- var SK [EAS]byte
-
- var HSID []byte
-
-
-/* Trusted Authority set-up */
-
- MPIN_RANDOM_GENERATE(rng,S[:])
- fmt.Printf("Master Secret s: 0x"); MPIN_printBinary(S[:])
-
- /* Create Client Identity */
- IDstr:= "testUser@miracl.com"
- CLIENT_ID:=[]byte(IDstr)
-
- HCID:=MPIN_HASH_ID(sha,CLIENT_ID) /* Either Client or TA calculates Hash(ID) - you decide! */
-
- fmt.Printf("Client ID= "); MPIN_printBinary(CLIENT_ID)
- fmt.Printf("\n")
-
-/* Client and Server are issued secrets by DTA */
- MPIN_GET_SERVER_SECRET(S[:],SST[:])
- fmt.Printf("Server Secret SS: 0x"); MPIN_printBinary(SST[:])
-
- MPIN_GET_CLIENT_SECRET(S[:],HCID,TOKEN[:])
- fmt.Printf("Client Secret CS: 0x");
- MPIN_printBinary(TOKEN[:])
-
-/* Client extracts PIN from secret to create Token */
- pin:=1234
- fmt.Printf("Client extracts PIN= %d",pin)
- fmt.Printf("\n")
- rtn:=MPIN_EXTRACT_PIN(sha,CLIENT_ID,pin,TOKEN[:])
- if rtn != 0 {
- fmt.Printf("FAILURE: EXTRACT_PIN rtn: %d",rtn);
- fmt.Printf("\n")
- }
-
- fmt.Printf("Client Token TK: 0x")
- MPIN_printBinary(TOKEN[:]);
-
- if FULL {
- MPIN_PRECOMPUTE(TOKEN[:],HCID,G1[:],G2[:])
- }
-
- date:=0
- if PERMITS {
- date=MPIN_today()
-/* Client gets "Time Token" permit from DTA */
- MPIN_GET_CLIENT_PERMIT(sha,date,S[:],HCID,PERMIT[:])
- fmt.Printf("Time Permit TP: 0x"); MPIN_printBinary(PERMIT[:])
-
-/* This encoding makes Time permit look random - Elligator squared */
- MPIN_ENCODING(rng,PERMIT[:])
- fmt.Printf("Encoded Time Permit TP: 0x"); MPIN_printBinary(PERMIT[:])
- MPIN_DECODING(PERMIT[:])
- fmt.Printf("Decoded Time Permit TP: 0x"); MPIN_printBinary(PERMIT[:])
- }
-
- pin=0
- fmt.Printf("\nPIN= ")
- fmt.Scanf("%d",&pin)
-
- pxID:=xID[:]
- pxCID:=xCID[:]
- pHID:=HID[:]
- pHTID:=HTID[:]
- pE:=E[:]
- pF:=F[:]
- pPERMIT:=PERMIT[:]
- var prHID []byte
-
- if date!=0 {
- prHID=pHTID;
- if !PINERROR {
- pxID=nil
- // pHID=nil
- }
- } else {
- prHID=pHID
- pPERMIT=nil
- pxCID=nil
- pHTID=nil
- }
- if !PINERROR {
- pE=nil
- pF=nil
- }
-
- if SINGLE_PASS {
- fmt.Printf("MPIN Single Pass\n")
- timeValue:= MPIN_GET_TIME()
- rtn=MPIN_CLIENT(sha,date,CLIENT_ID,rng,X[:],pin,TOKEN[:],SEC[:],pxID,pxCID,pPERMIT,timeValue,Y[:])
- if rtn != 0 {
- fmt.Printf("FAILURE: CLIENT rtn: %d\n",rtn)
- }
-
- if FULL {
- HCID=MPIN_HASH_ID(sha,CLIENT_ID)
- MPIN_GET_G1_MULTIPLE(rng,1,R[:],HCID,Z[:]) /* Also Send Z=r.ID to Server, remember random r */
- }
-
- rtn=MPIN_SERVER(sha,date,pHID,pHTID,Y[:],SST[:],pxID,pxCID,SEC[:],pE,pF,CLIENT_ID,timeValue)
- if rtn != 0 {
- fmt.Printf("FAILURE: SERVER rtn: %d\n",rtn)
- }
-
- if FULL {
- HSID=MPIN_HASH_ID(sha,CLIENT_ID);
- MPIN_GET_G1_MULTIPLE(rng,0,W[:],prHID,T[:]); /* Also send T=w.ID to client, remember random w */
- }
- } else {
- fmt.Printf("MPIN Multi Pass\n")
- /* Send U=x.ID to server, and recreate secret from token and pin */
- rtn=MPIN_CLIENT_1(sha,date,CLIENT_ID,rng,X[:],pin,TOKEN[:],SEC[:],pxID,pxCID,pPERMIT);
- if rtn != 0 {
- fmt.Printf("FAILURE: CLIENT_1 rtn: %d\n",rtn)
- }
-
- if FULL {
- HCID=MPIN_HASH_ID(sha,CLIENT_ID)
- MPIN_GET_G1_MULTIPLE(rng,1,R[:],HCID,Z[:]) /* Also Send Z=r.ID to Server, remember random r */
- }
-
- /* Server calculates H(ID) and H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. */
- MPIN_SERVER_1(sha,date,CLIENT_ID,pHID,pHTID)
-
- /* Server generates Random number Y and sends it to Client */
- MPIN_RANDOM_GENERATE(rng,Y[:]);
-
- if FULL {
- HSID=MPIN_HASH_ID(sha,CLIENT_ID);
- MPIN_GET_G1_MULTIPLE(rng,0,W[:],prHID,T[:]) /* Also send T=w.ID to client, remember random w */
- }
-
- /* Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC */
- rtn=MPIN_CLIENT_2(X[:],Y[:],SEC[:])
- if rtn != 0 {
- fmt.Printf("FAILURE: CLIENT_2 rtn: %d\n",rtn)
- }
-
- /* Server Second pass. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error. */
- /* If PIN error not required, set E and F = null */
-
- rtn=MPIN_SERVER_2(date,pHID,pHTID,Y[:],SST[:],pxID,pxCID,SEC[:],pE,pF)
-
- if rtn!=0 {
- fmt.Printf("FAILURE: SERVER_1 rtn: %d\n",rtn)
- }
-
- if rtn == MPIN_BAD_PIN {
- fmt.Printf("Server says - Bad Pin. I don't know you. Feck off.\n")
- if PINERROR {
- err:=MPIN_KANGAROO(E[:],F[:])
- if err!=0 {fmt.Printf("(Client PIN is out by %d)\n",err)}
- }
- return
- } else {
- fmt.Printf("Server says - PIN is good! You really are "+IDstr)
- fmt.Printf("\n")
- }
-
- if FULL {
- H:=MPIN_HASH_ALL(sha,HCID[:],pxID,pxCID,SEC[:],Y[:],Z[:],T[:]);
- MPIN_CLIENT_KEY(sha,G1[:],G2[:],pin,R[:],X[:],H[:],T[:],CK[:])
- fmt.Printf("Client Key = 0x"); MPIN_printBinary(CK[:])
-
- H=MPIN_HASH_ALL(sha,HSID[:],pxID,pxCID,SEC[:],Y[:],Z[:],T[:]);
- MPIN_SERVER_KEY(sha,Z[:],SST[:],W[:],H[:],pHID,pxID,pxCID,SK[:])
- fmt.Printf("Server Key = 0x"); MPIN_printBinary(SK[:])
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/go/TestRSA.go
----------------------------------------------------------------------
diff --git a/version22/go/TestRSA.go b/version22/go/TestRSA.go
deleted file mode 100644
index 652fd9a..0000000
--- a/version22/go/TestRSA.go
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* test driver and function exerciser for RSA API Functions */
-
-package main
-
-import "fmt"
-
-func RSA_printBinary(array []byte) {
- for i:=0;i<len(array);i++ {
- fmt.Printf("%02x", array[i])
- }
- fmt.Printf("\n")
-}
-
-func main() {
-
- var sha=RSA_HASH_TYPE
- message:="Hello World\n"
-
- pub:=New_rsa_public_key(FFLEN)
- priv:=New_rsa_private_key(HFLEN)
-
- var ML [RSA_RFS]byte
- var C [RSA_RFS]byte
- var S [RSA_RFS]byte
- var RAW [100]byte
-
- rng:=NewRAND()
-
- rng.Clean();
- for i:=0;i<100;i++ {RAW[i]=byte(i)}
-
- rng.Seed(100,RAW[:]);
-//for (i=0;i<10;i++)
-//{
- fmt.Printf("Generating public/private key pair\n")
- RSA_KEY_PAIR(rng,65537,priv,pub)
-
- M:=[]byte(message)
-
- fmt.Printf("Encrypting test string\n")
- E:=RSA_OAEP_ENCODE(sha,M,rng,nil) /* OAEP encode message M to E */
-
- RSA_ENCRYPT(pub,E,C[:]) /* encrypt encoded message */
- fmt.Printf("Ciphertext= 0x"); RSA_printBinary(C[:])
-
- fmt.Printf("Decrypting test string\n");
- RSA_DECRYPT(priv,C[:],ML[:])
- MS:=RSA_OAEP_DECODE(sha,nil,ML[:]) /* OAEP decode message */
-
- message=string(MS)
- fmt.Printf(message)
-
- fmt.Printf("Signing message\n")
- PKCS15(sha,M,C[:]);
-
- RSA_DECRYPT(priv,C[:],S[:]) /* create signature in S */
-
- fmt.Printf("Signature= 0x"); RSA_printBinary(S[:])
-
- RSA_ENCRYPT(pub,S[:],ML[:])
-
- cmp:=true
- if len(C)!=len(ML) {
- cmp=false
- } else {
- for j:=0;j<len(C);j++ {
- if C[j]!=ML[j] {cmp=false}
- }
- }
- if cmp {
- fmt.Printf("Signature is valid")
- } else {
- fmt.Printf("Signature is INVALID")
- }
-
-
-//}
- RSA_PRIVATE_KEY_KILL(priv)
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/go/readme.txt
----------------------------------------------------------------------
diff --git a/version22/go/readme.txt b/version22/go/readme.txt
deleted file mode 100644
index 054048c..0000000
--- a/version22/go/readme.txt
+++ /dev/null
@@ -1,50 +0,0 @@
-AMCL is very simple to build for Go.
-
-This version supports both 32-bit and 64-bit builds.
-If your processor and operating system are both 64-bit, a 64-bit build
-will probably be best. Otherwise use a 32-bit build.
-
-Next - decide the modulus and curve type you want to use. Edit ROM32.go
-or ROM64.go where indicated. You will probably want to use one of the curves whose
-details are already in there.
-
-Three example API files are provided, TestMPIN.go which
-supports our M-Pin (tm) protocol, TestECDH.go which supports elliptic
-curve key exchange, digital signature and public key crypto, and TestRSA.go
-which supports the RSA method.
-
-In the ROM32.go/ROM64.go file you must provide the curve constants.
-Several examples are provided there, if you are willing to use one of these.
-
-Use ROM32.go for a 32-bit build
-Use ROM64.go for a 64-bit build
-
-To help generate the ROM constants for your own curve some MIRACL helper
-programs are included. The programs bngen.cpp and blsgen.cpp generate ROM
-data for a BN and BLS pairing friendly curves, and the program ecgen.cpp
-generates ROM data for regular EC curves.
-
-The MIRACL based program check.cpp helps choose the best number base for
-big number representation, given the word-length and the size of the modulus.
-
-The program bigtobig.cpp converts a big number to the AMCL
-BIG format.
-
-
-For a quick jumpstart:-
-
-go run TestMPIN.go MPIN.go PAIR.go FP12.go FP4.go FP2.go FP.go BIG.go DBIG.go ECP.go ECP2.go HASH256.go HASH384.go HASH512.go AES.go RAND.go ROM64.go
-
-or
-
-go run TestECDH.go ECDH.go FP.go BIG.go DBIG.go ECP.go HASH256.go HASH384.go HASH512.go AES.go RAND.go ROM64.go
-
-or
-
-go run TestRSA.go RSA.go FF.go BIG.go DBIG.go HASH256.go HASH384.go HASH512.go AES.go RAND.go ROM64.go
-
-also
-
-go run BenchtestEC.go RSA.go FF.go FP.go BIG.go DBIG.go ECP.go HASH256.go HASH384.go HASH512.go AES.go RAND.go ROM64.go
-
-go run BenchtestPAIR.go PAIR.go FP12.go FP4.go FP2.go FP.go BIG.go DBIG.go ECP.go ECP2.go HASH256.go HASH384.go HASH512.go AES.go RAND.go ROM64.go
\ No newline at end of file
[02/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/cpp/ecp4.cpp
----------------------------------------------------------------------
diff --git a/version3/cpp/ecp4.cpp b/version3/cpp/ecp4.cpp
deleted file mode 100644
index 33c60d1..0000000
--- a/version3/cpp/ecp4.cpp
+++ /dev/null
@@ -1,1074 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL Weierstrass elliptic curve functions over FP2 */
-
-//#include <iostream>
-#include "ecp4_ZZZ.h"
-
-using namespace std;
-using namespace XXX;
-using namespace YYY;
-
-int ZZZ::ECP4_isinf(ECP4 *P)
-{
-// if (P->inf) return 1;
- return (FP4_iszilch(&(P->x)) & FP4_iszilch(&(P->z)));
-}
-
-/* Set P=Q */
-void ZZZ::ECP4_copy(ECP4 *P,ECP4 *Q)
-{
-// P->inf=Q->inf;
- FP4_copy(&(P->x),&(Q->x));
- FP4_copy(&(P->y),&(Q->y));
- FP4_copy(&(P->z),&(Q->z));
-}
-
-/* set P to Infinity */
-void ZZZ::ECP4_inf(ECP4 *P)
-{
-// P->inf=1;
- FP4_zero(&(P->x));
- FP4_one(&(P->y));
- FP4_zero(&(P->z));
-}
-
-/* Conditional move Q to P dependant on d */
-static void ECP4_cmove(ZZZ::ECP4 *P,ZZZ::ECP4 *Q,int d)
-{
- FP4_cmove(&(P->x),&(Q->x),d);
- FP4_cmove(&(P->y),&(Q->y),d);
- FP4_cmove(&(P->z),&(Q->z),d);
-// d=~(d-1);
-// P->inf^=(P->inf^Q->inf)&d;
-}
-
-/* return 1 if b==c, no branching */
-static int teq(sign32 b,sign32 c)
-{
- sign32 x=b^c;
- x-=1; // if x=0, x now -1
- return (int)((x>>31)&1);
-}
-
-/* Constant time select from pre-computed table */
-static void ECP4_select(ZZZ::ECP4 *P,ZZZ::ECP4 W[],sign32 b)
-{
- ZZZ::ECP4 MP;
- sign32 m=b>>31;
- sign32 babs=(b^m)-m;
-
- babs=(babs-1)/2;
-
- ECP4_cmove(P,&W[0],teq(babs,0)); // conditional move
- ECP4_cmove(P,&W[1],teq(babs,1));
- ECP4_cmove(P,&W[2],teq(babs,2));
- ECP4_cmove(P,&W[3],teq(babs,3));
- ECP4_cmove(P,&W[4],teq(babs,4));
- ECP4_cmove(P,&W[5],teq(babs,5));
- ECP4_cmove(P,&W[6],teq(babs,6));
- ECP4_cmove(P,&W[7],teq(babs,7));
-
- ECP4_copy(&MP,P);
- ECP4_neg(&MP); // minus P
- ECP4_cmove(P,&MP,(int)(m&1));
-}
-
-/* Make P affine (so z=1) */
-void ZZZ::ECP4_affine(ECP4 *P)
-{
- FP4 one,iz;
- if (ECP4_isinf(P)) return;
-
- FP4_one(&one);
- if (FP4_isunity(&(P->z)))
- {
- FP4_reduce(&(P->x));
- FP4_reduce(&(P->y));
- return;
- }
-
- FP4_inv(&iz,&(P->z));
- FP4_mul(&(P->x),&(P->x),&iz);
- FP4_mul(&(P->y),&(P->y),&iz);
-
- FP4_reduce(&(P->x));
- FP4_reduce(&(P->y));
- FP4_copy(&(P->z),&one);
-}
-
-/* return 1 if P==Q, else 0 */
-/* SU= 312 */
-int ZZZ::ECP4_equals(ECP4 *P,ECP4 *Q)
-{
- FP4 a,b;
- // if (ECP4_isinf(P) && ECP4_isinf(Q)) return 1;
- // if (ECP4_isinf(P) || ECP4_isinf(Q)) return 0;
-
- FP4_mul(&a,&(P->x),&(Q->z));
- FP4_mul(&b,&(Q->x),&(P->z));
- if (!FP4_equals(&a,&b)) return 0;
-
- FP4_mul(&a,&(P->y),&(Q->z));
- FP4_mul(&b,&(Q->y),&(P->z));
- if (!FP4_equals(&a,&b)) return 0;
- return 1;
-
-}
-
-/* extract x, y from point P */
-int ZZZ::ECP4_get(FP4 *x,FP4 *y,ECP4 *P)
-{
- ECP4 W;
- ECP4_copy(&W,P);
- ECP4_affine(&W);
- if (ECP4_isinf(&W)) return -1;
- //ECP4_affine(P);
- FP4_copy(y,&(W.y));
- FP4_copy(x,&(W.x));
- return 0;
-}
-
-/* Output point P */
-void ZZZ::ECP4_output(ECP4 *P)
-{
- FP4 x,y;
- if (ECP4_isinf(P))
- {
- printf("Infinity\n");
- return;
- }
- ECP4_get(&x,&y,P);
- printf("(");
- FP4_output(&x);
- printf(",");
- FP4_output(&y);
- printf(")\n");
-}
-
-/* Convert Q to octet string */
-void ZZZ::ECP4_toOctet(octet *W,ECP4 *Q)
-{
- BIG b;
- FP4 qx,qy;
- FP2 pa,pb;
-
- ECP4_get(&qx,&qy,Q);
-
- FP2_copy(&pa,&(qx.a));
- FP2_copy(&pb,&(qx.b));
-
- FP_redc(b,&(pa.a));
- BIG_toBytes(&(W->val[0]),b);
- FP_redc(b,&(pa.b));
- BIG_toBytes(&(W->val[MODBYTES_XXX]),b);
- FP_redc(b,&(pb.a));
- BIG_toBytes(&(W->val[2*MODBYTES_XXX]),b);
- FP_redc(b,&(pb.b));
- BIG_toBytes(&(W->val[3*MODBYTES_XXX]),b);
-
- FP2_copy(&pa,&(qy.a));
- FP2_copy(&pb,&(qy.b));
-
- FP_redc(b,&(pa.a));
- BIG_toBytes(&(W->val[4*MODBYTES_XXX]),b);
- FP_redc(b,&(pa.b));
- BIG_toBytes(&(W->val[5*MODBYTES_XXX]),b);
- FP_redc(b,&(pb.a));
- BIG_toBytes(&(W->val[6*MODBYTES_XXX]),b);
- FP_redc(b,&(pb.b));
- BIG_toBytes(&(W->val[7*MODBYTES_XXX]),b);
-
- W->len=8*MODBYTES_XXX;
-}
-
-/* restore Q from octet string */
-int ZZZ::ECP4_fromOctet(ECP4 *Q,octet *W)
-{
- BIG b;
- FP4 qx,qy;
- FP2 pa,pb;
-
- BIG_fromBytes(b,&(W->val[0]));
- FP_nres(&(pa.a),b);
- BIG_fromBytes(b,&(W->val[MODBYTES_XXX]));
- FP_nres(&(pa.b),b);
- BIG_fromBytes(b,&(W->val[2*MODBYTES_XXX]));
- FP_nres(&(pb.a),b);
- BIG_fromBytes(b,&(W->val[3*MODBYTES_XXX]));
- FP_nres(&(pb.b),b);
-
- FP2_copy(&(qx.a),&pa);
- FP2_copy(&(qx.b),&pb);
-
- BIG_fromBytes(b,&(W->val[4*MODBYTES_XXX]));
- FP_nres(&(pa.a),b);
- BIG_fromBytes(b,&(W->val[5*MODBYTES_XXX]));
- FP_nres(&(pa.b),b);
- BIG_fromBytes(b,&(W->val[6*MODBYTES_XXX]));
- FP_nres(&(pb.a),b);
- BIG_fromBytes(b,&(W->val[7*MODBYTES_XXX]));
- FP_nres(&(pb.b),b);
-
- FP2_copy(&(qy.a),&pa);
- FP2_copy(&(qy.b),&pb);
-
-
- if (ECP4_set(Q,&qx,&qy)) return 1;
- return 0;
-}
-
-/* Calculate RHS of twisted curve equation x^3+B/i or x^3+Bi*/
-void ZZZ::ECP4_rhs(FP4 *rhs,FP4 *x)
-{
- /* calculate RHS of elliptic curve equation */
- FP4 t;
- FP2 t2;
- BIG b;
- FP4_sqr(&t,x);
-
- FP4_mul(rhs,&t,x);
-
- /* Assuming CURVE_A=0 */
-
- BIG_rcopy(b,CURVE_B);
-
- FP2_from_BIG(&t2,b);
- FP4_from_FP2(&t,&t2);
-
-#if SEXTIC_TWIST_ZZZ == D_TYPE
- FP4_div_i(&t); /* IMPORTANT - here we use the correct SEXTIC twist of the curve */
-#endif
-
-#if SEXTIC_TWIST_ZZZ == M_TYPE
- FP4_times_i(&t); /* IMPORTANT - here we use the correct SEXTIC twist of the curve */
-#endif
-
- FP4_add(rhs,&t,rhs);
- FP4_reduce(rhs);
-}
-
-/* Set P=(x,y). Return 1 if (x,y) is on the curve, else return 0*/
-/* SU= 232 */
-int ZZZ::ECP4_set(ECP4 *P,FP4 *x,FP4 *y)
-{
- FP4 rhs,y2;
-
- FP4_sqr(&y2,y);
- ECP4_rhs(&rhs,x);
-
-//cout << "y2= ";
-//FP4_output(&y2);
-//cout << endl;
-//cout << "rhs= ";
-//FP4_output(&rhs);
-//cout << endl;
-
- if (!FP4_equals(&y2,&rhs))
- {
- ECP4_inf(P);
- //P->inf=1;
- return 0;
- }
-
- //P->inf=0;
- FP4_copy(&(P->x),x);
- FP4_copy(&(P->y),y);
-
- FP4_one(&(P->z));
- return 1;
-}
-
-/* Set P=(x,y). Return 1 if (x,.) is on the curve, else return 0 */
-/* SU= 232 */
-int ZZZ::ECP4_setx(ECP4 *P,FP4 *x)
-{
- FP4 y;
- ECP4_rhs(&y,x);
-
- if (!FP4_sqrt(&y,&y))
- {
- ECP4_inf(P);
- // P->inf=1;
- return 0;
- }
-
- //P->inf=0;
- FP4_copy(&(P->x),x);
- FP4_copy(&(P->y),&y);
- FP4_one(&(P->z));
- return 1;
-}
-
-/* Set P=-P */
-/* SU= 8 */
-void ZZZ::ECP4_neg(ECP4 *P)
-{
-// if (ECP4_isinf(P)) return;
- FP4_norm(&(P->y));
- FP4_neg(&(P->y),&(P->y));
- FP4_norm(&(P->y));
-}
-
-/* R+=R */
-/* return -1 for Infinity, 0 for addition, 1 for doubling */
-int ZZZ::ECP4_dbl(ECP4 *P)
-{
- FP4 t0,t1,t2,t3,iy,x3,y3;
-// if (P->inf) return -1;
-
- FP4_copy(&iy,&(P->y)); //FP4 iy=new FP4(y);
-#if SEXTIC_TWIST_ZZZ==D_TYPE
- FP4_times_i(&iy); //iy.mul_ip();
- //FP4_norm(&iy); //iy.norm();
-#endif
-
- FP4_sqr(&t0,&(P->y)); //t0.sqr();
-#if SEXTIC_TWIST_ZZZ==D_TYPE
- FP4_times_i(&t0); //t0.mul_ip();
-#endif
-
- FP4_mul(&t1,&iy,&(P->z)); //t1.mul(z);
- FP4_sqr(&t2,&(P->z)); //t2.sqr();
-
- FP4_add(&(P->z),&t0,&t0); //z.add(t0);
- FP4_norm(&(P->z)); //z.norm();
- FP4_add(&(P->z),&(P->z),&(P->z)); //z.add(z);
- FP4_add(&(P->z),&(P->z),&(P->z)); //z.add(z);
- FP4_norm(&(P->z)); //z.norm();
-
- FP4_imul(&t2,&t2,3*CURVE_B_I); //t2.imul(3*ROM.CURVE_B_I);
-#if SEXTIC_TWIST_ZZZ==M_TYPE
- FP4_times_i(&t2);
- //FP4_norm(&t2);
-#endif
-
- FP4_mul(&x3,&t2,&(P->z)); //x3.mul(z);
-
- FP4_add(&y3,&t0,&t2); //y3.add(t2);
- FP4_norm(&y3); //y3.norm();
- FP4_mul(&(P->z),&(P->z),&t1); //z.mul(t1);
-
- FP4_add(&t1,&t2,&t2); //t1.add(t2);
- FP4_add(&t2,&t2,&t1); //t2.add(t1);
- FP4_norm(&t2); //t2.norm();
- FP4_sub(&t0,&t0,&t2); //t0.sub(t2);
- FP4_norm(&t0); //t0.norm(); //y^2-9bz^2
- FP4_mul(&y3,&y3,&t0); //y3.mul(t0);
- FP4_add(&(P->y),&y3,&x3); //y3.add(x3); //(y^2+3z*2)(y^2-9z^2)+3b.z^2.8y^2
-
- FP4_mul(&t1,&(P->x),&iy); //t1.mul(iy); //
-
- FP4_norm(&t0); //x.norm();
- FP4_mul(&(P->x),&t0,&t1); //x.mul(t1);
- FP4_add(&(P->x),&(P->x),&(P->x)); //x.add(x); //(y^2-9bz^2)xy2
-
- FP4_norm(&(P->x)); //x.norm();
-
- FP4_norm(&(P->y)); //y.norm();
-
- return 1;
-}
-
-/* Set P+=Q */
-
-int ZZZ::ECP4_add(ECP4 *P,ECP4 *Q)
-{
- FP4 t0,t1,t2,t3,t4,x3,y3,z3;
- int b3=3*CURVE_B_I;
-/* if (Q->inf) return 0;
- if (P->inf)
- {
- ECP4_copy(P,Q);
- return 0;
- }
-*/
- FP4_mul(&t0,&(P->x),&(Q->x)); //t0.mul(Q.x); // x.Q.x
- FP4_mul(&t1,&(P->y),&(Q->y)); //t1.mul(Q.y); // y.Q.y
-
- FP4_mul(&t2,&(P->z),&(Q->z)); //t2.mul(Q.z);
- FP4_add(&t3,&(P->x),&(P->y)); //t3.add(y);
- FP4_norm(&t3); //t3.norm(); //t3=X1+Y1
- FP4_add(&t4,&(Q->x),&(Q->y)); //t4.add(Q.y);
- FP4_norm(&t4); //t4.norm(); //t4=X2+Y2
- FP4_mul(&t3,&t3,&t4); //t3.mul(t4); //t3=(X1+Y1)(X2+Y2)
- FP4_add(&t4,&t0,&t1); //t4.add(t1); //t4=X1.X2+Y1.Y2
-
- FP4_sub(&t3,&t3,&t4); //t3.sub(t4);
- FP4_norm(&t3); //t3.norm();
-#if SEXTIC_TWIST_ZZZ==D_TYPE
- FP4_times_i(&t3); //t3.mul_ip();
- //FP4_norm(&t3); //t3.norm(); //t3=(X1+Y1)(X2+Y2)-(X1.X2+Y1.Y2) = X1.Y2+X2.Y1
-#endif
-
- FP4_add(&t4,&(P->y),&(P->z)); //t4.add(z);
- FP4_norm(&t4); //t4.norm(); //t4=Y1+Z1
-
- FP4_add(&x3,&(Q->y),&(Q->z)); //x3.add(Q.z);
- FP4_norm(&x3); //x3.norm(); //x3=Y2+Z2
-
- FP4_mul(&t4,&t4,&x3); //t4.mul(x3); //t4=(Y1+Z1)(Y2+Z2)
-
- FP4_add(&x3,&t1,&t2); //x3.add(t2); //X3=Y1.Y2+Z1.Z2
-
- FP4_sub(&t4,&t4,&x3); //t4.sub(x3);
- FP4_norm(&t4); //t4.norm();
-#if SEXTIC_TWIST_ZZZ==D_TYPE
- FP4_times_i(&t4); //t4.mul_ip();
- //FP4_norm(&t4); //t4.norm(); //t4=(Y1+Z1)(Y2+Z2) - (Y1.Y2+Z1.Z2) = Y1.Z2+Y2.Z1
-#endif
-
- FP4_add(&x3,&(P->x),&(P->z)); //x3.add(z);
- FP4_norm(&x3); //x3.norm(); // x3=X1+Z1
-
- FP4_add(&y3,&(Q->x),&(Q->z)); //y3.add(Q.z);
- FP4_norm(&y3); //y3.norm(); // y3=X2+Z2
- FP4_mul(&x3,&x3,&y3); //x3.mul(y3); // x3=(X1+Z1)(X2+Z2)
-
- FP4_add(&y3,&t0,&t2); //y3.add(t2); // y3=X1.X2+Z1+Z2
- FP4_sub(&y3,&x3,&y3); //y3.rsub(x3);
- FP4_norm(&y3); //y3.norm(); // y3=(X1+Z1)(X2+Z2) - (X1.X2+Z1.Z2) = X1.Z2+X2.Z1
-#if SEXTIC_TWIST_ZZZ==D_TYPE
- FP4_times_i(&t0); //t0.mul_ip();
- //FP4_norm(&t0); //t0.norm(); // x.Q.x
- FP4_times_i(&t1); //t1.mul_ip();
- //FP4_norm(&t1); //t1.norm(); // y.Q.y
-#endif
-
- FP4_add(&x3,&t0,&t0); //x3.add(t0);
- FP4_add(&t0,&t0,&x3); //t0.add(x3);
- FP4_norm(&t0); //t0.norm();
- FP4_imul(&t2,&t2,b3); //t2.imul(b);
-#if SEXTIC_TWIST_ZZZ==M_TYPE
- FP4_times_i(&t2);
-#endif
-
- FP4_add(&z3,&t1,&t2); //z3.add(t2);
- FP4_norm(&z3); //z3.norm();
- FP4_sub(&t1,&t1,&t2); //t1.sub(t2);
- FP4_norm(&t1); //t1.norm();
- FP4_imul(&y3,&y3,b3); //y3.imul(b);
-#if SEXTIC_TWIST_ZZZ==M_TYPE
- FP4_times_i(&y3);
- //FP4_norm(&y3);
-#endif
-
- FP4_mul(&x3,&y3,&t4); //x3.mul(t4);
-
- FP4_mul(&t2,&t3,&t1); //t2.mul(t1);
- FP4_sub(&(P->x),&t2,&x3); //x3.rsub(t2);
- FP4_mul(&y3,&y3,&t0); //y3.mul(t0);
- FP4_mul(&t1,&t1,&z3); //t1.mul(z3);
- FP4_add(&(P->y),&y3,&t1); //y3.add(t1);
- FP4_mul(&t0,&t0,&t3); //t0.mul(t3);
- FP4_mul(&z3,&z3,&t4); //z3.mul(t4);
- FP4_add(&(P->z),&z3,&t0); //z3.add(t0);
-
-
- FP4_norm(&(P->x)); //x.norm();
- FP4_norm(&(P->y)); //y.norm();
- FP4_norm(&(P->z)); //z.norm();
-
- return 0;
-}
-
-/* Set P-=Q */
-/* SU= 16 */
-void ZZZ::ECP4_sub(ECP4 *P,ECP4 *Q)
-{
- ECP4 NQ;
- ECP4_copy(&NQ,Q);
- ECP4_neg(&NQ);
- //ECP4_neg(Q);
- ECP4_add(P,&NQ);
- //ECP4_neg(Q);
-}
-
-
-void ZZZ::ECP4_reduce(ECP4 *P)
-{
- FP4_reduce(&(P->x));
- FP4_reduce(&(P->y));
- FP4_reduce(&(P->z));
-}
-
-/* P*=e */
-/* SU= 280 */
-void ZZZ::ECP4_mul(ECP4 *P,BIG e)
-{
- /* fixed size windows */
- int i,nb,s,ns;
- BIG mt,t;
- ECP4 Q,W[8],C;
- sign8 w[1+(NLEN_XXX*BASEBITS_XXX+3)/4];
-
- if (ECP4_isinf(P)) return;
- //ECP4_affine(P);
-
- /* precompute table */
-
- ECP4_copy(&Q,P);
- ECP4_dbl(&Q);
- ECP4_copy(&W[0],P);
-
- for (i=1; i<8; i++)
- {
- ECP4_copy(&W[i],&W[i-1]);
- ECP4_add(&W[i],&Q);
- }
-
- /* make exponent odd - add 2P if even, P if odd */
- BIG_copy(t,e);
- s=BIG_parity(t);
- BIG_inc(t,1);
- BIG_norm(t);
- ns=BIG_parity(t);
- BIG_copy(mt,t);
- BIG_inc(mt,1);
- BIG_norm(mt);
- BIG_cmove(t,mt,s);
- ECP4_cmove(&Q,P,ns);
- ECP4_copy(&C,&Q);
-
- nb=1+(BIG_nbits(t)+3)/4;
-
- /* convert exponent to signed 4-bit window */
- for (i=0; i<nb; i++)
- {
- w[i]=BIG_lastbits(t,5)-16;
- BIG_dec(t,w[i]);
- BIG_norm(t);
- BIG_fshr(t,4);
- }
- w[nb]=BIG_lastbits(t,5);
-
- ECP4_copy(P,&W[(w[nb]-1)/2]);
- for (i=nb-1; i>=0; i--)
- {
- ECP4_select(&Q,W,w[i]);
- ECP4_dbl(P);
- ECP4_dbl(P);
- ECP4_dbl(P);
- ECP4_dbl(P);
- ECP4_add(P,&Q);
- }
- ECP4_sub(P,&C); /* apply correction */
- ECP4_affine(P);
-}
-
-// calculate frobenius constants
-void ZZZ::ECP4_frob_constants(FP2 F[3])
-{
- FP fx,fy;
- FP2 X;
-
- FP_rcopy(&fx,Fra);
- FP_rcopy(&fy,Frb);
- FP2_from_FPs(&X,&fx,&fy);
-
- FP2_sqr(&F[0],&X); // FF=F^2=(1+i)^(p-7)/6
- FP2_copy(&F[2],&F[0]);
- FP2_mul_ip(&F[2]); // W=(1+i)^6/6.(1+i)^(p-7)/6 = (1+i)^(p-1)/6
- FP2_norm(&F[2]);
- FP2_sqr(&F[1],&F[2]);
- FP2_mul(&F[2],&F[2],&F[1]); // W=(1+i)^(p-1)/2
-
- FP2_copy(&F[1],&X);
-
-#if SEXTIC_TWIST_ZZZ == M_TYPE
- FP2_mul_ip(&F[1]); // (1+i)^12/12.(1+i)^(p-7)/12 = (1+i)^(p+5)/12
- FP2_inv(&F[1],&F[1]); // (1+i)^-(p+5)/12
- FP2_sqr(&F[0],&F[1]); // (1+i)^-(p+5)/6
-#endif
-
- FP2_mul_ip(&F[0]); // FF=(1+i)^(p-7)/6.(1+i) = (1+i)^(p-1)/6 // (1+i)^6/6.(1+i)^-(p+5)/6 = (1+i)^-(p-1)/6
- FP2_norm(&F[0]);
- FP2_mul(&F[1],&F[1],&F[0]); // FFF = (1+i)^(p-7)/12 . (1+i)^(p-1)/6 = (1+i)^(p-3)/4 // (1+i)^-(p+5)/12 . (1+i)^-(p-1)/6 = (1+i)^-(p+1)/4
-
-}
-
-/* Calculates q^n.P using Frobenius constants */
-void ZZZ::ECP4_frob(ECP4 *P,FP2 F[3],int n)
-{
- int i;
- FP4 X,Y,Z;
-// if (P->inf) return;
-
- //ECP4_get(&X,&Y,P); // F=(1+i)^(p-7)/12
-
- FP4_copy(&X,&(P->x));
- FP4_copy(&Y,&(P->y));
- FP4_copy(&Z,&(P->z));
-
- for (i=0;i<n;i++)
- {
- FP4_frob(&X,&F[2]); // X^p
- FP4_pmul(&X,&X,&F[0]); // X^p.(1+i)^(p-1)/6 // X^p.(1+i)^-(p-1)/6
-
- FP4_frob(&Y,&F[2]); // Y^p
- FP4_pmul(&Y,&Y,&F[1]);
- FP4_times_i(&Y); // Y.p.(1+i)^(p-3)/4.(1+i)^(2/4) = Y^p.(1+i)^(p-1)/4 // (1+i)^-(p+1)/4 .(1+i)^2/4 = Y^p.(1+i)^-(p-1)/4
-
- FP4_frob(&Z,&F[2]);
- }
-
- FP4_copy(&(P->x),&X);
- FP4_copy(&(P->y),&Y);
- FP4_copy(&(P->z),&Z);
-
-
- //ECP4_set(P,&X,&Y);
-}
-
-/* Side channel attack secure */
-// Bos & Costello https://eprint.iacr.org/2013/458.pdf
-// Faz-Hernandez & Longa & Sanchez https://eprint.iacr.org/2013/158.pdf
-
-void ZZZ::ECP4_mul8(ECP4 *P,ECP4 Q[8],BIG u[8])
-{
- int i,j,k,nb,pb1,pb2,bt;
- ECP4 T1[8],T2[8],W;
- BIG mt,t[8];
- sign8 w1[NLEN_XXX*BASEBITS_XXX+1];
- sign8 s1[NLEN_XXX*BASEBITS_XXX+1];
- sign8 w2[NLEN_XXX*BASEBITS_XXX+1];
- sign8 s2[NLEN_XXX*BASEBITS_XXX+1];
- FP2 X[3];
-
- ECP4_frob_constants(X);
-
- for (i=0; i<8; i++)
- {
- //ECP4_affine(&Q[i]);
- BIG_copy(t[i],u[i]);
- }
-// Precomputed table
- ECP4_copy(&T1[0],&Q[0]); // Q[0]
- ECP4_copy(&T1[1],&T1[0]);
- ECP4_add(&T1[1],&Q[1]); // Q[0]+Q[1]
- ECP4_copy(&T1[2],&T1[0]);
- ECP4_add(&T1[2],&Q[2]); // Q[0]+Q[2]
- ECP4_copy(&T1[3],&T1[1]);
- ECP4_add(&T1[3],&Q[2]); // Q[0]+Q[1]+Q[2]
- ECP4_copy(&T1[4],&T1[0]);
- ECP4_add(&T1[4],&Q[3]); // Q[0]+Q[3]
- ECP4_copy(&T1[5],&T1[1]);
- ECP4_add(&T1[5],&Q[3]); // Q[0]+Q[1]+Q[3]
- ECP4_copy(&T1[6],&T1[2]);
- ECP4_add(&T1[6],&Q[3]); // Q[0]+Q[2]+Q[3]
- ECP4_copy(&T1[7],&T1[3]);
- ECP4_add(&T1[7],&Q[3]); // Q[0]+Q[1]+Q[2]+Q[3]
-
-// Use Frobenius
-
- for (i=0;i<8;i++)
- {
- ECP4_copy(&T2[i],&T1[i]);
- ECP4_frob(&T2[i],X,4);
- }
-
-// Make them odd
- pb1=1-BIG_parity(t[0]);
- BIG_inc(t[0],pb1);
- BIG_norm(t[0]);
-
- pb2=1-BIG_parity(t[4]);
- BIG_inc(t[4],pb2);
- BIG_norm(t[4]);
-
-// Number of bits
- BIG_zero(mt);
- for (i=0; i<8; i++)
- {
- BIG_or(mt,mt,t[i]);
- }
- nb=1+BIG_nbits(mt);
-
-// Sign pivot
- s1[nb-1]=1;
- s2[nb-1]=1;
- for (i=0;i<nb-1;i++)
- {
- BIG_fshr(t[0],1);
- s1[i]=2*BIG_parity(t[0])-1;
- BIG_fshr(t[4],1);
- s2[i]=2*BIG_parity(t[4])-1;
- }
-
-
-// Recoded exponents
- for (i=0; i<nb; i++)
- {
- w1[i]=0;
- k=1;
- for (j=1; j<4; j++)
- {
- bt=s1[i]*BIG_parity(t[j]);
- BIG_fshr(t[j],1);
-
- BIG_dec(t[j],(bt>>1));
- BIG_norm(t[j]);
- w1[i]+=bt*k;
- k*=2;
- }
-
- w2[i]=0;
- k=1;
- for (j=5; j<8; j++)
- {
- bt=s2[i]*BIG_parity(t[j]);
- BIG_fshr(t[j],1);
-
- BIG_dec(t[j],(bt>>1));
- BIG_norm(t[j]);
- w2[i]+=bt*k;
- k*=2;
- }
- }
-
-// Main loop
- ECP4_select(P,T1,2*w1[nb-1]+1);
- ECP4_select(&W,T2,2*w2[nb-1]+1);
- ECP4_add(P,&W);
- for (i=nb-2; i>=0; i--)
- {
- ECP4_dbl(P);
- ECP4_select(&W,T1,2*w1[i]+s1[i]);
- ECP4_add(P,&W);
- ECP4_select(&W,T2,2*w2[i]+s2[i]);
- ECP4_add(P,&W);
- }
-
-// apply corrections
- ECP4_copy(&W,P);
- ECP4_sub(&W,&Q[0]);
- ECP4_cmove(P,&W,pb1);
- ECP4_copy(&W,P);
- ECP4_sub(&W,&Q[4]);
- ECP4_cmove(P,&W,pb2);
-
- ECP4_affine(P);
-}
-/*
-void ZZZ::ECP4_mul8(ECP4 *P,ECP4 Q[8],BIG u[8])
-{
- int i,j,a[4],nb,pb;
- ECP4 W[8],Z[8],T,C;
- BIG mt,t[8];
- sign8 w[NLEN_XXX*BASEBITS_XXX+1];
- sign8 z[NLEN_XXX*BASEBITS_XXX+1];
- FP fx,fy;
- FP2 X;
-
- FP_rcopy(&fx,Fra);
- FP_rcopy(&fy,Frb);
- FP2_from_FPs(&X,&fx,&fy);
-
- for (i=0; i<8; i++)
- BIG_copy(t[i],u[i]);
-
- // precompute tables
-
-// 12 add/subs
-
- ECP4_copy(&W[0],&Q[0]);
- ECP4_sub(&W[0],&Q[1]); // P-Q
- ECP4_copy(&W[1],&W[0]);
- ECP4_copy(&W[2],&W[0]);
- ECP4_copy(&W[3],&W[0]);
- ECP4_copy(&W[4],&Q[0]);
- ECP4_add(&W[4],&Q[1]); // P+Q
- ECP4_copy(&W[5],&W[4]);
- ECP4_copy(&W[6],&W[4]);
- ECP4_copy(&W[7],&W[4]);
-
- ECP4_copy(&T,&Q[2]);
- ECP4_sub(&T,&Q[3]); // R-S
- ECP4_sub(&W[1],&T);
- ECP4_add(&W[2],&T);
- ECP4_sub(&W[5],&T);
- ECP4_add(&W[6],&T);
- ECP4_copy(&T,&Q[2]);
- ECP4_add(&T,&Q[3]); // R+S
- ECP4_sub(&W[0],&T);
- ECP4_add(&W[3],&T);
- ECP4_sub(&W[4],&T);
- ECP4_add(&W[7],&T);
-
-
-// Use Frobenius
-
- for (i=0;i<8;i++)
- {
- ECP4_copy(&Z[i],&W[i]);
- ECP4_frob(&Z[i],&X,4);
- }
-
- // if multiplier is even add 1 to multiplier, and add P to correction
- ECP4_inf(&C);
-
- BIG_zero(mt);
- for (i=0; i<8; i++)
- {
- pb=BIG_parity(t[i]);
- BIG_inc(t[i],1-pb);
- BIG_norm(t[i]);
- ECP4_copy(&T,&C);
- ECP4_add(&T,&Q[i]);
- ECP4_cmove(&C,&T,1-pb);
-
-
- BIG_add(mt,mt,t[i]);
- BIG_norm(mt);
- }
-
- nb=1+BIG_nbits(mt);
-
- // convert exponents to signed 1-bit windows
- for (j=0; j<nb; j++)
- {
- for (i=0; i<4; i++)
- {
- a[i]=BIG_lastbits(t[i],2)-2;
- BIG_dec(t[i],a[i]);
- BIG_norm(t[i]);
- BIG_fshr(t[i],1);
- }
- w[j]=8*a[0]+4*a[1]+2*a[2]+a[3];
- }
- w[nb]=8*BIG_lastbits(t[0],2)+4*BIG_lastbits(t[1],2)+2*BIG_lastbits(t[2],2)+BIG_lastbits(t[3],2);
-
-
- for (j=0; j<nb; j++)
- {
- for (i=0; i<4; i++)
- {
- a[i]=BIG_lastbits(t[i+4],2)-2;
- BIG_dec(t[i+4],a[i]);
- BIG_norm(t[i+4]);
- BIG_fshr(t[i+4],1);
- }
- z[j]=8*a[0]+4*a[1]+2*a[2]+a[3];
- }
- z[nb]=8*BIG_lastbits(t[4],2)+4*BIG_lastbits(t[5],2)+2*BIG_lastbits(t[6],2)+BIG_lastbits(t[7],2);
-
-
- ECP4_copy(P,&W[(w[nb]-1)/2]);
- ECP4_add(P,&Z[(z[nb]-1)/2]);
- for (i=nb-1; i>=0; i--)
- {
- ECP4_dbl(P);
- ECP4_select(&T,W,w[i]);
- ECP4_add(P,&T);
- ECP4_select(&T,Z,z[i]);
- ECP4_add(P,&T);
- }
- ECP4_sub(P,&C); // apply correction
- ECP4_reduce(P);
-}
-*/
-/* Map to hash value to point on G2 from random BIG */
-
-void ZZZ::ECP4_mapit(ECP4 *Q,octet *W)
-{
- BIG q,one,x,hv;
- FP2 X[3],T;
- FP4 X4,Y4;
-
- ECP4 xQ, x2Q, x3Q, x4Q;
-
- BIG_fromBytes(hv,W->val);
- BIG_rcopy(q,Modulus);
- BIG_one(one);
- BIG_mod(hv,q);
-
- for (;;)
- {
- FP2_from_BIGs(&T,one,hv); /*******/
- FP4_from_FP2(&X4,&T);
- if (ECP4_setx(Q,&X4)) break;
- BIG_inc(hv,1);
- }
-
- ECP4_frob_constants(X);
-
- BIG_rcopy(x,CURVE_Bnx);
-
- // Efficient hash maps to G2 on BLS24 curves - Budroni, Pintore
- // Q -> x4Q -x3Q -Q + F(x3Q-x2Q) + F(F(x2Q-xQ)) + F(F(F(xQ-Q))) +F(F(F(F(2Q))))
-
- ECP4_copy(&xQ,Q);
- ECP4_mul(&xQ,x);
- ECP4_copy(&x2Q,&xQ);
- ECP4_mul(&x2Q,x);
- ECP4_copy(&x3Q,&x2Q);
- ECP4_mul(&x3Q,x);
- ECP4_copy(&x4Q,&x3Q);
- ECP4_mul(&x4Q,x);
-
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- ECP4_neg(&xQ);
- ECP4_neg(&x3Q);
-#endif
-
- ECP4_sub(&x4Q,&x3Q);
- ECP4_sub(&x4Q,Q);
-
- ECP4_sub(&x3Q,&x2Q);
- ECP4_frob(&x3Q,X,1);
-
- ECP4_sub(&x2Q,&xQ);
- ECP4_frob(&x2Q,X,2);
-
- ECP4_sub(&xQ,Q);
- ECP4_frob(&xQ,X,3);
-
- ECP4_dbl(Q);
- ECP4_frob(Q,X,4);
-
- ECP4_add(Q,&x4Q);
- ECP4_add(Q,&x3Q);
- ECP4_add(Q,&x2Q);
- ECP4_add(Q,&xQ);
-
- ECP4_affine(Q);
-
-}
-
-// ECP$ Get Group Generator
-
-void ZZZ::ECP4_generator(ECP4 *G)
-{
- BIG a,b;
- FP2 Aa,Bb;
- FP4 X,Y;
-
- BIG_rcopy(a,CURVE_Pxaa);
- BIG_rcopy(b,CURVE_Pxab);
- FP2_from_BIGs(&Aa,a,b);
-
- BIG_rcopy(a,CURVE_Pxba);
- BIG_rcopy(b,CURVE_Pxbb);
- FP2_from_BIGs(&Bb,a,b);
-
- FP4_from_FP2s(&X,&Aa,&Bb);
-
- BIG_rcopy(a,CURVE_Pyaa);
- BIG_rcopy(b,CURVE_Pyab);
- FP2_from_BIGs(&Aa,a,b);
-
- BIG_rcopy(a,CURVE_Pyba);
- BIG_rcopy(b,CURVE_Pybb);
- FP2_from_BIGs(&Bb,a,b);
-
- FP4_from_FP2s(&Y,&Aa,&Bb);
-
- ECP4_set(G,&X,&Y);
-}
-
-
-// g++ -O2 ecp4_BLS24.cpp fp4_BLS24.cpp fp2_BLS24.cpp fp_BLS24.cpp big_XXX.cpp rand.cpp hash.cpp rom_field_BLS24.cpp rom_curve_BLS24.cpp oct.cpp -o ecp4_BLS24.exe
-/*
-int main()
-{
- int i;
- ECP4 G,P;
- FP2 Aa,Bb,f;
- FP4 X,Y;
- BIG a,b,r,p;
- char w[100];
- octet W= {0,sizeof(w),w};
-
- ECP4_ggg(&G);
-
- BIG_rcopy(a,Fra);
- BIG_rcopy(b,Frb);
- FP2_from_BIGs(&f,a,b);
-
-
- if (G.inf) cout << "Failed to set - point not on curve" << endl;
- else cout << "set success" << endl;
-
- ECP4_output(&G);
- ECP4_copy(&P,&G);
-
- //ECP4_reduce(&G);
- //ECP4_reduce(&P);
-
- BIG_rcopy(r,CURVE_Order);
- BIG_rcopy(p,Modulus);
-
- BIG_output(r);
- cout << endl;
-
- ECP4_mul(&G,r);
- ECP4_output(&G);
- cout << endl;
-
- ECP4_copy(&G,&P);
-
- cout << "pG = ";
- ECP4_mul(&G,p);
- ECP4_output(&G);
- cout << endl;
-
- cout << "G^p= ";
- ECP4_frob(&P,&f,1);
- ECP4_output(&P);
- cout << endl;
-
-
- for (i=0;i<MODBYTES_XXX;i++)
- {
- W.val[i]=i+11;
- }
- W.len=MODBYTES_XXX;
-
- printf("W= ");
- OCT_output(&W);
- printf("\n");
-
- ECP4_mapit(&P,&W);
-
- cout << "Hash to P= ";
- ECP4_output(&P);
- cout << endl;
-
- ECP4_mul(&P,r);
-
- cout << "rP= ";
- ECP4_output(&P);
- cout << endl;
-
-
-
-// ECP4_dbl(&G);
-// ECP4_output(&G);
-// ECP4_reduce(&G);
-// cout << endl;
-// ECP4_add(&G,&P);
-// ECP4_output(&G);
-// cout << endl;
-
-
- return 0;
-}
-*/
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/cpp/ecp4.h
----------------------------------------------------------------------
diff --git a/version3/cpp/ecp4.h b/version3/cpp/ecp4.h
deleted file mode 100644
index 98b383b..0000000
--- a/version3/cpp/ecp4.h
+++ /dev/null
@@ -1,243 +0,0 @@
-#ifndef ECP4_ZZZ_H
-#define ECP4_ZZZ_H
-
-#include "fp4_YYY.h"
-#include "config_curve_ZZZ.h"
-
-using namespace amcl;
-
-namespace YYY {
-
-extern const XXX::BIG Fra; /**< real part of BN curve Frobenius Constant */
-extern const XXX::BIG Frb; /**< imaginary part of BN curve Frobenius Constant */
-
-}
-
-namespace ZZZ {
-
-/**
- @brief ECP4 Structure - Elliptic Curve Point over quadratic extension field
-*/
-
-typedef struct
-{
-// int inf; /**< Infinity Flag */
- YYY::FP4 x; /**< x-coordinate of point */
- YYY::FP4 y; /**< y-coordinate of point */
- YYY::FP4 z; /**< z-coordinate of point */
-} ECP4;
-
-
-/* Curve Params - see rom.c */
-extern const int CURVE_A; /**< Elliptic curve A parameter */
-extern const int CURVE_B_I; /**< Elliptic curve B parameter */
-extern const XXX::BIG CURVE_B; /**< Elliptic curve B parameter */
-extern const XXX::BIG CURVE_Order; /**< Elliptic curve group order */
-extern const XXX::BIG CURVE_Cof; /**< Elliptic curve cofactor */
-extern const XXX::BIG CURVE_Bnx; /**< Elliptic curve parameter */
-
-
-/* Generator point on G1 */
-extern const XXX::BIG CURVE_Gx; /**< x-coordinate of generator point in group G1 */
-extern const XXX::BIG CURVE_Gy; /**< y-coordinate of generator point in group G1 */
-
-/* For Pairings only */
-
-/* Generator point on G2 */
-extern const XXX::BIG CURVE_Pxaa; /**< real part of x-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pxab; /**< imaginary part of x-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pxba; /**< real part of x-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pxbb; /**< imaginary part of x-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pyaa; /**< real part of y-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pyab; /**< imaginary part of y-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pyba; /**< real part of y-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pybb; /**< imaginary part of y-coordinate of generator point in group G2 */
-
-/* ECP4 E(FP4) prototypes */
-/** @brief Tests for ECP4 point equal to infinity
- *
- @param P ECP4 point to be tested
- @return 1 if infinity, else returns 0
- */
-extern int ECP4_isinf(ECP4 *P);
-/** @brief Copy ECP4 point to another ECP4 point
- *
- @param P ECP4 instance, on exit = Q
- @param Q ECP4 instance to be copied
- */
-extern void ECP4_copy(ECP4 *P,ECP4 *Q);
-/** @brief Set ECP4 to point-at-infinity
- *
- @param P ECP4 instance to be set to infinity
- */
-extern void ECP4_inf(ECP4 *P);
-/** @brief Tests for equality of two ECP4s
- *
- @param P ECP4 instance to be compared
- @param Q ECP4 instance to be compared
- @return 1 if P=Q, else returns 0
- */
-extern int ECP4_equals(ECP4 *P,ECP4 *Q);
-
-/** @brief Converts an ECP4 point from Projective (x,y,z) coordinates to affine (x,y) coordinates
- *
- @param P ECP4 instance to be converted to affine form
- */
-extern void ECP4_affine(ECP4 *P);
-
-
-/** @brief Extract x and y coordinates of an ECP4 point P
- *
- If x=y, returns only x
- @param x FP4 on exit = x coordinate of point
- @param y FP4 on exit = y coordinate of point (unless x=y)
- @param P ECP4 instance (x,y)
- @return -1 if P is point-at-infinity, else 0
- */
-extern int ECP4_get(YYY::FP4 *x,YYY::FP4 *y,ECP4 *P);
-/** @brief Formats and outputs an ECP4 point to the console, converted to affine coordinates
- *
- @param P ECP4 instance to be printed
- */
-extern void ECP4_output(ECP4 *P);
-
-/** @brief Formats and outputs an ECP4 point to an octet string
- *
- The octet string is created in the form x|y.
- Convert the real and imaginary parts of the x and y coordinates to big-endian base 256 form.
- @param S output octet string
- @param P ECP4 instance to be converted to an octet string
- */
-extern void ECP4_toOctet(octet *S,ECP4 *P);
-/** @brief Creates an ECP4 point from an octet string
- *
- The octet string is in the form x|y
- The real and imaginary parts of the x and y coordinates are in big-endian base 256 form.
- @param P ECP4 instance to be created from the octet string
- @param S input octet string
- return 1 if octet string corresponds to a point on the curve, else 0
- */
-extern int ECP4_fromOctet(ECP4 *P,octet *S);
-/** @brief Calculate Right Hand Side of curve equation y^2=f(x)
- *
- Function f(x)=x^3+Ax+B
- Used internally.
- @param r FP4 value of f(x)
- @param x FP4 instance
- */
-extern void ECP4_rhs(YYY::FP4 *r,YYY::FP4 *x);
-/** @brief Set ECP4 to point(x,y) given x and y
- *
- Point P set to infinity if no such point on the curve.
- @param P ECP4 instance to be set (x,y)
- @param x FP4 x coordinate of point
- @param y FP4 y coordinate of point
- @return 1 if point exists, else 0
- */
-extern int ECP4_set(ECP4 *P,YYY::FP4 *x,YYY::FP4 *y);
-/** @brief Set ECP to point(x,[y]) given x
- *
- Point P set to infinity if no such point on the curve. Otherwise y coordinate is calculated from x.
- @param P ECP instance to be set (x,[y])
- @param x BIG x coordinate of point
- @return 1 if point exists, else 0
- */
-extern int ECP4_setx(ECP4 *P,YYY::FP4 *x);
-/** @brief Negation of an ECP4 point
- *
- @param P ECP4 instance, on exit = -P
- */
-extern void ECP4_neg(ECP4 *P);
-
-/** @brief Reduction of an ECP4 point
- *
- @param P ECP4 instance, on exit (x,y) are reduced wrt the modulus
- */
-extern void ECP4_reduce(ECP4 *P);
-
-
-/** @brief Doubles an ECP4 instance P and returns slope
- *
- @param P ECP4 instance, on exit =2*P
- @param lam FP4 instance, slope of line
- */
-//extern int ECP4_sdbl(ECP4 *P,FP4 *lam);
-/** @brief Adds ECP4 instance Q to ECP4 instance P and returns slope
- *
- @param P ECP4 instance, on exit =P+Q
- @param Q ECP4 instance to be added to P
- @param lam FP4 instance, slope of line
- */
-//extern int ECP4_sadd(ECP4 *P,ECP4 *Q,FP4 *lam);
-
-
-/** @brief Doubles an ECP4 instance P
- *
- @param P ECP4 instance, on exit =2*P
- */
-extern int ECP4_dbl(ECP4 *P);
-/** @brief Adds ECP4 instance Q to ECP4 instance P
- *
- @param P ECP4 instance, on exit =P+Q
- @param Q ECP4 instance to be added to P
- */
-extern int ECP4_add(ECP4 *P,ECP4 *Q);
-/** @brief Subtracts ECP instance Q from ECP4 instance P
- *
- @param P ECP4 instance, on exit =P-Q
- @param Q ECP4 instance to be subtracted from P
- */
-extern void ECP4_sub(ECP4 *P,ECP4 *Q);
-/** @brief Multiplies an ECP4 instance P by a BIG, side-channel resistant
- *
- Uses fixed sized windows.
- @param P ECP4 instance, on exit =b*P
- @param b BIG number multiplier
-
- */
-extern void ECP4_mul(ECP4 *P,XXX::BIG b);
-
-/** @brief Calculates required Frobenius constants
- *
- Calculate Frobenius constants
- @param F array of FP2 precalculated constants
-
- */
-extern void ECP4_frob_constants(YYY::FP2 F[3]);
-
-/** @brief Multiplies an ECP4 instance P by the internal modulus p^n, using precalculated Frobenius constants
- *
- Fast point multiplication using Frobenius
- @param P ECP4 instance, on exit = p^n*P
- @param F array of FP2 precalculated Frobenius constant
- @param n power of prime
-
- */
-extern void ECP4_frob(ECP4 *P,YYY::FP2 F[3],int n);
-
-/** @brief Calculates P=Sigma b[i]*Q[i] for i=0 to 7
- *
- @param P ECP4 instance, on exit = Sigma b[i]*Q[i] for i=0 to 7
- @param Q ECP4 array of 4 points
- @param b BIG array of 4 multipliers
- */
-extern void ECP4_mul8(ECP4 *P,ECP4 *Q,XXX::BIG *b);
-
-
-/** @brief Maps random BIG to curve point of correct order
- *
- @param P ECP4 instance of correct order
- @param W OCTET byte array to be mapped
- */
-extern void ECP4_mapit(ECP4 *P,octet *w);
-
-/** @brief Get Group Generator from ROM
- *
- @param G ECP4 instance
- */
-extern void ECP4_generator(ECP4 *G);
-
-
-}
-
-#endif
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/cpp/ecp8.cpp
----------------------------------------------------------------------
diff --git a/version3/cpp/ecp8.cpp b/version3/cpp/ecp8.cpp
deleted file mode 100644
index 48a76c8..0000000
--- a/version3/cpp/ecp8.cpp
+++ /dev/null
@@ -1,1318 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL Weierstrass elliptic curve functions over FP2 */
-
-//#include <iostream>
-#include "ecp8_ZZZ.h"
-
-using namespace std;
-using namespace XXX;
-using namespace YYY;
-
-int ZZZ::ECP8_isinf(ECP8 *P)
-{
-// if (P->inf) return 1;
- return (FP8_iszilch(&(P->x)) & FP8_iszilch(&(P->z)));
-}
-
-/* Set P=Q */
-void ZZZ::ECP8_copy(ECP8 *P,ECP8 *Q)
-{
-// P->inf=Q->inf;
- FP8_copy(&(P->x),&(Q->x));
- FP8_copy(&(P->y),&(Q->y));
- FP8_copy(&(P->z),&(Q->z));
-}
-
-/* set P to Infinity */
-void ZZZ::ECP8_inf(ECP8 *P)
-{
-// P->inf=1;
- FP8_zero(&(P->x));
- FP8_one(&(P->y));
- FP8_zero(&(P->z));
-}
-
-/* Conditional move Q to P dependant on d */
-static void ECP8_cmove(ZZZ::ECP8 *P,ZZZ::ECP8 *Q,int d)
-{
- FP8_cmove(&(P->x),&(Q->x),d);
- FP8_cmove(&(P->y),&(Q->y),d);
- FP8_cmove(&(P->z),&(Q->z),d);
-// d=~(d-1);
-// P->inf^=(P->inf^Q->inf)&d;
-}
-
-/* return 1 if b==c, no branching */
-static int teq(sign32 b,sign32 c)
-{
- sign32 x=b^c;
- x-=1; // if x=0, x now -1
- return (int)((x>>31)&1);
-}
-
-/* Constant time select from pre-computed table */
-static void ECP8_select(ZZZ::ECP8 *P,ZZZ::ECP8 W[],sign32 b)
-{
- ZZZ::ECP8 MP;
- sign32 m=b>>31;
- sign32 babs=(b^m)-m;
-
- babs=(babs-1)/2;
-
- ECP8_cmove(P,&W[0],teq(babs,0)); // conditional move
- ECP8_cmove(P,&W[1],teq(babs,1));
- ECP8_cmove(P,&W[2],teq(babs,2));
- ECP8_cmove(P,&W[3],teq(babs,3));
- ECP8_cmove(P,&W[4],teq(babs,4));
- ECP8_cmove(P,&W[5],teq(babs,5));
- ECP8_cmove(P,&W[6],teq(babs,6));
- ECP8_cmove(P,&W[7],teq(babs,7));
-
- ECP8_copy(&MP,P);
- ECP8_neg(&MP); // minus P
- ECP8_cmove(P,&MP,(int)(m&1));
-}
-
-/* Make P affine (so z=1) */
-void ZZZ::ECP8_affine(ECP8 *P)
-{
- FP8 one,iz;
- if (ECP8_isinf(P)) return;
-
- FP8_one(&one);
- if (FP8_isunity(&(P->z)))
- {
- FP8_reduce(&(P->x));
- FP8_reduce(&(P->y));
- return;
- }
-
- FP8_inv(&iz,&(P->z));
- FP8_mul(&(P->x),&(P->x),&iz);
- FP8_mul(&(P->y),&(P->y),&iz);
-
- FP8_reduce(&(P->x));
- FP8_reduce(&(P->y));
- FP8_copy(&(P->z),&one);
-}
-
-/* return 1 if P==Q, else 0 */
-/* SU= 312 */
-int ZZZ::ECP8_equals(ECP8 *P,ECP8 *Q)
-{
- FP8 a,b;
-// if (ECP8_isinf(P) && ECP8_isinf(Q)) return 1;
-// if (ECP8_isinf(P) || ECP8_isinf(Q)) return 0;
-
- FP8_mul(&a,&(P->x),&(Q->z));
- FP8_mul(&b,&(Q->x),&(P->z));
- if (!FP8_equals(&a,&b)) return 0;
-
- FP8_mul(&a,&(P->y),&(Q->z));
- FP8_mul(&b,&(Q->y),&(P->z));
- if (!FP8_equals(&a,&b)) return 0;
- return 1;
-}
-
-/* extract x, y from point P */
-int ZZZ::ECP8_get(FP8 *x,FP8 *y,ECP8 *P)
-{
- ECP8 W;
- ECP8_copy(&W,P);
- ECP8_affine(&W);
- if (ECP8_isinf(&W)) return -1;
- //ECP8_affine(P);
- FP8_copy(y,&(W.y));
- FP8_copy(x,&(W.x));
- return 0;
-}
-
-/* Output point P */
-void ZZZ::ECP8_output(ECP8 *P)
-{
- FP8 x,y;
- if (ECP8_isinf(P))
- {
- printf("Infinity\n");
- return;
- }
- ECP8_get(&x,&y,P);
- printf("(");
- FP8_output(&x);
- printf(",");
- FP8_output(&y);
- printf(")\n");
-}
-
-/* Convert Q to octet string */
-void ZZZ::ECP8_toOctet(octet *W,ECP8 *Q)
-{
- BIG b;
- FP8 qx,qy;
- FP4 qa,qb;
- FP2 pa,pb;
-
- ECP8_get(&qx,&qy,Q);
-
- FP4_copy(&qa,&(qx.a));
- FP4_copy(&qb,&(qx.b));
-
- FP2_copy(&pa,&(qa.a));
- FP2_copy(&pb,&(qa.b));
-
- FP_redc(b,&(pa.a));
- BIG_toBytes(&(W->val[0]),b);
- FP_redc(b,&(pa.b));
- BIG_toBytes(&(W->val[MODBYTES_XXX]),b);
- FP_redc(b,&(pb.a));
- BIG_toBytes(&(W->val[2*MODBYTES_XXX]),b);
- FP_redc(b,&(pb.b));
- BIG_toBytes(&(W->val[3*MODBYTES_XXX]),b);
-
- FP2_copy(&pa,&(qb.a));
- FP2_copy(&pb,&(qb.b));
-
- FP_redc(b,&(pa.a));
- BIG_toBytes(&(W->val[4*MODBYTES_XXX]),b);
- FP_redc(b,&(pa.b));
- BIG_toBytes(&(W->val[5*MODBYTES_XXX]),b);
- FP_redc(b,&(pb.a));
- BIG_toBytes(&(W->val[6*MODBYTES_XXX]),b);
- FP_redc(b,&(pb.b));
- BIG_toBytes(&(W->val[7*MODBYTES_XXX]),b);
-
-
- FP4_copy(&qa,&(qy.a));
- FP4_copy(&qb,&(qy.b));
-
- FP2_copy(&pa,&(qa.a));
- FP2_copy(&pb,&(qa.b));
-
- FP_redc(b,&(pa.a));
- BIG_toBytes(&(W->val[8*MODBYTES_XXX]),b);
- FP_redc(b,&(pa.b));
- BIG_toBytes(&(W->val[9*MODBYTES_XXX]),b);
- FP_redc(b,&(pb.a));
- BIG_toBytes(&(W->val[10*MODBYTES_XXX]),b);
- FP_redc(b,&(pb.b));
- BIG_toBytes(&(W->val[11*MODBYTES_XXX]),b);
-
- FP2_copy(&pa,&(qb.a));
- FP2_copy(&pb,&(qb.b));
-
- FP_redc(b,&(pa.a));
- BIG_toBytes(&(W->val[12*MODBYTES_XXX]),b);
- FP_redc(b,&(pa.b));
- BIG_toBytes(&(W->val[13*MODBYTES_XXX]),b);
- FP_redc(b,&(pb.a));
- BIG_toBytes(&(W->val[14*MODBYTES_XXX]),b);
- FP_redc(b,&(pb.b));
- BIG_toBytes(&(W->val[15*MODBYTES_XXX]),b);
-
-
- W->len=16*MODBYTES_XXX;
-}
-
-/* restore Q from octet string */
-int ZZZ::ECP8_fromOctet(ECP8 *Q,octet *W)
-{
- BIG b;
- FP8 qx,qy;
- FP4 qa,qb;
- FP2 pa,pb;
-
- BIG_fromBytes(b,&(W->val[0]));
- FP_nres(&(pa.a),b);
- BIG_fromBytes(b,&(W->val[MODBYTES_XXX]));
- FP_nres(&(pa.b),b);
- BIG_fromBytes(b,&(W->val[2*MODBYTES_XXX]));
- FP_nres(&(pb.a),b);
- BIG_fromBytes(b,&(W->val[3*MODBYTES_XXX]));
- FP_nres(&(pb.b),b);
-
- FP2_copy(&(qa.a),&pa);
- FP2_copy(&(qa.b),&pb);
-
- BIG_fromBytes(b,&(W->val[4*MODBYTES_XXX]));
- FP_nres(&(pa.a),b);
- BIG_fromBytes(b,&(W->val[5*MODBYTES_XXX]));
- FP_nres(&(pa.b),b);
- BIG_fromBytes(b,&(W->val[6*MODBYTES_XXX]));
- FP_nres(&(pb.a),b);
- BIG_fromBytes(b,&(W->val[7*MODBYTES_XXX]));
- FP_nres(&(pb.b),b);
-
- FP2_copy(&(qb.a),&pa);
- FP2_copy(&(qb.b),&pb);
-
- FP4_copy(&(qx.a),&qa);
- FP4_copy(&(qx.b),&qb);
-
-
- BIG_fromBytes(b,&(W->val[8*MODBYTES_XXX]));
- FP_nres(&(pa.a),b);
- BIG_fromBytes(b,&(W->val[9*MODBYTES_XXX]));
- FP_nres(&(pa.b),b);
- BIG_fromBytes(b,&(W->val[10*MODBYTES_XXX]));
- FP_nres(&(pb.a),b);
- BIG_fromBytes(b,&(W->val[11*MODBYTES_XXX]));
- FP_nres(&(pb.b),b);
-
- FP2_copy(&(qa.a),&pa);
- FP2_copy(&(qa.b),&pb);
-
- BIG_fromBytes(b,&(W->val[12*MODBYTES_XXX]));
- FP_nres(&(pa.a),b);
- BIG_fromBytes(b,&(W->val[13*MODBYTES_XXX]));
- FP_nres(&(pa.b),b);
- BIG_fromBytes(b,&(W->val[14*MODBYTES_XXX]));
- FP_nres(&(pb.a),b);
- BIG_fromBytes(b,&(W->val[15*MODBYTES_XXX]));
- FP_nres(&(pb.b),b);
-
- FP2_copy(&(qb.a),&pa);
- FP2_copy(&(qb.b),&pb);
-
- FP4_copy(&(qy.a),&qa);
- FP4_copy(&(qy.b),&qb);
-
-
- if (ECP8_set(Q,&qx,&qy)) return 1;
- return 0;
-}
-
-/* Calculate RHS of twisted curve equation x^3+B/i or x^3+Bi*/
-void ZZZ::ECP8_rhs(FP8 *rhs,FP8 *x)
-{
- /* calculate RHS of elliptic curve equation */
- FP8 t;
- FP4 t4;
- FP2 t2;
- BIG b;
- FP8_sqr(&t,x);
-
- FP8_mul(rhs,&t,x);
-
- /* Assuming CURVE_A=0 */
-
- BIG_rcopy(b,CURVE_B);
-
- FP2_from_BIG(&t2,b);
- FP4_from_FP2(&t4,&t2);
- FP8_from_FP4(&t,&t4);
-
-#if SEXTIC_TWIST_ZZZ == D_TYPE
- FP8_div_i(&t); /* IMPORTANT - here we use the correct SEXTIC twist of the curve */
-#endif
-
-#if SEXTIC_TWIST_ZZZ == M_TYPE
- FP8_times_i(&t); /* IMPORTANT - here we use the correct SEXTIC twist of the curve */
-#endif
-
- FP8_add(rhs,&t,rhs);
- FP8_reduce(rhs);
-}
-
-/* Set P=(x,y). Return 1 if (x,y) is on the curve, else return 0*/
-/* SU= 232 */
-int ZZZ::ECP8_set(ECP8 *P,FP8 *x,FP8 *y)
-{
- FP8 rhs,y2;
-
- FP8_sqr(&y2,y);
- ECP8_rhs(&rhs,x);
-
- if (!FP8_equals(&y2,&rhs))
- {
- ECP8_inf(P);
- //P->inf=1;
- return 0;
- }
-
- // P->inf=0;
- FP8_copy(&(P->x),x);
- FP8_copy(&(P->y),y);
- FP8_one(&(P->z));
- return 1;
-}
-
-/* Set P=(x,y). Return 1 if (x,.) is on the curve, else return 0 */
-/* SU= 232 */
-int ZZZ::ECP8_setx(ECP8 *P,FP8 *x)
-{
- FP8 y;
- ECP8_rhs(&y,x);
-
- if (!FP8_sqrt(&y,&y))
- {
- ECP8_inf(P);
- // P->inf=1;
- return 0;
- }
-
-// P->inf=0;
- FP8_copy(&(P->x),x);
- FP8_copy(&(P->y),&y);
- FP8_one(&(P->z));
-
- return 1;
-}
-
-/* Set P=-P */
-/* SU= 8 */
-void ZZZ::ECP8_neg(ECP8 *P)
-{
-// if (ECP8_isinf(P)) return;
- FP8_norm(&(P->y));
- FP8_neg(&(P->y),&(P->y));
- FP8_norm(&(P->y));
-}
-
-
-/* R+=R */
-/* return -1 for Infinity, 0 for addition, 1 for doubling */
-int ZZZ::ECP8_dbl(ECP8 *P)
-{
- FP8 t0,t1,t2,t3,iy,x3,y3;
-// if (P->inf) return -1;
-
- FP8_copy(&iy,&(P->y)); //FP8 iy=new FP8(y);
-#if SEXTIC_TWIST_ZZZ==D_TYPE
- FP8_times_i(&iy); //iy.mul_ip();
- //FP8_norm(&iy); //iy.norm();
-#endif
-
- FP8_sqr(&t0,&(P->y)); //t0.sqr();
-#if SEXTIC_TWIST_ZZZ==D_TYPE
- FP8_times_i(&t0); //t0.mul_ip();
-#endif
-
- FP8_mul(&t1,&iy,&(P->z)); //t1.mul(z);
- FP8_sqr(&t2,&(P->z)); //t2.sqr();
-
- FP8_add(&(P->z),&t0,&t0); //z.add(t0);
- FP8_norm(&(P->z)); //z.norm();
- FP8_add(&(P->z),&(P->z),&(P->z)); //z.add(z);
- FP8_add(&(P->z),&(P->z),&(P->z)); //z.add(z);
- FP8_norm(&(P->z)); //z.norm();
-
- FP8_imul(&t2,&t2,3*CURVE_B_I); //t2.imul(3*ROM.CURVE_B_I);
-#if SEXTIC_TWIST_ZZZ==M_TYPE
- FP8_times_i(&t2);
- //FP8_norm(&t2);
-#endif
-
- FP8_mul(&x3,&t2,&(P->z)); //x3.mul(z);
-
- FP8_add(&y3,&t0,&t2); //y3.add(t2);
- FP8_norm(&y3); //y3.norm();
- FP8_mul(&(P->z),&(P->z),&t1); //z.mul(t1);
-
- FP8_add(&t1,&t2,&t2); //t1.add(t2);
- FP8_add(&t2,&t2,&t1); //t2.add(t1);
- FP8_norm(&t2); //t2.norm();
- FP8_sub(&t0,&t0,&t2); //t0.sub(t2);
- FP8_norm(&t0); //t0.norm(); //y^2-9bz^2
- FP8_mul(&y3,&y3,&t0); //y3.mul(t0);
- FP8_add(&(P->y),&y3,&x3); //y3.add(x3); //(y^2+3z*2)(y^2-9z^2)+3b.z^2.8y^2
-
- FP8_mul(&t1,&(P->x),&iy); //t1.mul(iy); //
-
- FP8_norm(&t0); //x.norm();
- FP8_mul(&(P->x),&t0,&t1); //x.mul(t1);
- FP8_add(&(P->x),&(P->x),&(P->x)); //x.add(x); //(y^2-9bz^2)xy2
-
- FP8_norm(&(P->x)); //x.norm();
-
- FP8_norm(&(P->y)); //y.norm();
-
- return 1;
-}
-
-/* Set P+=Q */
-
-int ZZZ::ECP8_add(ECP8 *P,ECP8 *Q)
-{
- FP8 t0,t1,t2,t3,t4,x3,y3,z3;
- int b3=3*CURVE_B_I;
-/* if (Q->inf) return 0;
- if (P->inf)
- {
- ECP8_copy(P,Q);
- return 0;
- }*/
-
- FP8_mul(&t0,&(P->x),&(Q->x)); //t0.mul(Q.x); // x.Q.x
- FP8_mul(&t1,&(P->y),&(Q->y)); //t1.mul(Q.y); // y.Q.y
-
- FP8_mul(&t2,&(P->z),&(Q->z)); //t2.mul(Q.z);
- FP8_add(&t3,&(P->x),&(P->y)); //t3.add(y);
- FP8_norm(&t3); //t3.norm(); //t3=X1+Y1
- FP8_add(&t4,&(Q->x),&(Q->y)); //t4.add(Q.y);
- FP8_norm(&t4); //t4.norm(); //t4=X2+Y2
- FP8_mul(&t3,&t3,&t4); //t3.mul(t4); //t3=(X1+Y1)(X2+Y2)
- FP8_add(&t4,&t0,&t1); //t4.add(t1); //t4=X1.X2+Y1.Y2
-
- FP8_sub(&t3,&t3,&t4); //t3.sub(t4);
- FP8_norm(&t3); //t3.norm();
-#if SEXTIC_TWIST_ZZZ==D_TYPE
- FP8_times_i(&t3); //t3.mul_ip();
- //FP8_norm(&t3); //t3.norm(); //t3=(X1+Y1)(X2+Y2)-(X1.X2+Y1.Y2) = X1.Y2+X2.Y1
-#endif
-
- FP8_add(&t4,&(P->y),&(P->z)); //t4.add(z);
- FP8_norm(&t4); //t4.norm(); //t4=Y1+Z1
-
- FP8_add(&x3,&(Q->y),&(Q->z)); //x3.add(Q.z);
- FP8_norm(&x3); //x3.norm(); //x3=Y2+Z2
-
- FP8_mul(&t4,&t4,&x3); //t4.mul(x3); //t4=(Y1+Z1)(Y2+Z2)
-
- FP8_add(&x3,&t1,&t2); //x3.add(t2); //X3=Y1.Y2+Z1.Z2
-
- FP8_sub(&t4,&t4,&x3); //t4.sub(x3);
- FP8_norm(&t4); //t4.norm();
-#if SEXTIC_TWIST_ZZZ==D_TYPE
- FP8_times_i(&t4); //t4.mul_ip();
- //FP8_norm(&t4); //t4.norm(); //t4=(Y1+Z1)(Y2+Z2) - (Y1.Y2+Z1.Z2) = Y1.Z2+Y2.Z1
-#endif
-
- FP8_add(&x3,&(P->x),&(P->z)); //x3.add(z);
- FP8_norm(&x3); //x3.norm(); // x3=X1+Z1
-
- FP8_add(&y3,&(Q->x),&(Q->z)); //y3.add(Q.z);
- FP8_norm(&y3); //y3.norm(); // y3=X2+Z2
- FP8_mul(&x3,&x3,&y3); //x3.mul(y3); // x3=(X1+Z1)(X2+Z2)
-
- FP8_add(&y3,&t0,&t2); //y3.add(t2); // y3=X1.X2+Z1+Z2
- FP8_sub(&y3,&x3,&y3); //y3.rsub(x3);
- FP8_norm(&y3); //y3.norm(); // y3=(X1+Z1)(X2+Z2) - (X1.X2+Z1.Z2) = X1.Z2+X2.Z1
-#if SEXTIC_TWIST_ZZZ==D_TYPE
- FP8_times_i(&t0); //t0.mul_ip();
- //FP8_norm(&t0); //t0.norm(); // x.Q.x
- FP8_times_i(&t1); //t1.mul_ip();
- //FP8_norm(&t1); //t1.norm(); // y.Q.y
-#endif
-
- FP8_add(&x3,&t0,&t0); //x3.add(t0);
- FP8_add(&t0,&t0,&x3); //t0.add(x3);
- FP8_norm(&t0); //t0.norm();
- FP8_imul(&t2,&t2,b3); //t2.imul(b);
-#if SEXTIC_TWIST_ZZZ==M_TYPE
- FP8_times_i(&t2);
-#endif
-
- FP8_add(&z3,&t1,&t2); //z3.add(t2);
- FP8_norm(&z3); //z3.norm();
- FP8_sub(&t1,&t1,&t2); //t1.sub(t2);
- FP8_norm(&t1); //t1.norm();
- FP8_imul(&y3,&y3,b3); //y3.imul(b);
-#if SEXTIC_TWIST_ZZZ==M_TYPE
- FP8_times_i(&y3);
- //FP8_norm(&y3);
-#endif
-
- FP8_mul(&x3,&y3,&t4); //x3.mul(t4);
-
- FP8_mul(&t2,&t3,&t1); //t2.mul(t1);
- FP8_sub(&(P->x),&t2,&x3); //x3.rsub(t2);
- FP8_mul(&y3,&y3,&t0); //y3.mul(t0);
- FP8_mul(&t1,&t1,&z3); //t1.mul(z3);
- FP8_add(&(P->y),&y3,&t1); //y3.add(t1);
- FP8_mul(&t0,&t0,&t3); //t0.mul(t3);
- FP8_mul(&z3,&z3,&t4); //z3.mul(t4);
- FP8_add(&(P->z),&z3,&t0); //z3.add(t0);
-
-
- FP8_norm(&(P->x)); //x.norm();
- FP8_norm(&(P->y)); //y.norm();
- FP8_norm(&(P->z)); //z.norm();
-
- return 0;
-}
-
-/* Set P-=Q */
-/* SU= 16 */
-void ZZZ::ECP8_sub(ECP8 *P,ECP8 *Q)
-{
- ECP8 NQ;
- ECP8_copy(&NQ,Q);
- ECP8_neg(&NQ);
- //ECP8_neg(Q);
- ECP8_add(P,&NQ);
- //ECP8_neg(Q);
-}
-
-
-void ZZZ::ECP8_reduce(ECP8 *P)
-{
- FP8_reduce(&(P->x));
- FP8_reduce(&(P->y));
-}
-
-/* P*=e */
-/* SU= 280 */
-void ZZZ::ECP8_mul(ECP8 *P,BIG e)
-{
- /* fixed size windows */
- int i,nb,s,ns;
- BIG mt,t;
- ECP8 Q,W[8],C;
- sign8 w[1+(NLEN_XXX*BASEBITS_XXX+3)/4];
-
- if (ECP8_isinf(P)) return;
- //ECP8_affine(P);
-
- /* precompute table */
-
- ECP8_copy(&Q,P);
- ECP8_dbl(&Q);
- ECP8_copy(&W[0],P);
-
- for (i=1; i<8; i++)
- {
- ECP8_copy(&W[i],&W[i-1]);
- ECP8_add(&W[i],&Q);
- }
-
- /* make exponent odd - add 2P if even, P if odd */
- BIG_copy(t,e);
- s=BIG_parity(t);
- BIG_inc(t,1);
- BIG_norm(t);
- ns=BIG_parity(t);
- BIG_copy(mt,t);
- BIG_inc(mt,1);
- BIG_norm(mt);
- BIG_cmove(t,mt,s);
- ECP8_cmove(&Q,P,ns);
- ECP8_copy(&C,&Q);
-
- nb=1+(BIG_nbits(t)+3)/4;
-
- /* convert exponent to signed 4-bit window */
- for (i=0; i<nb; i++)
- {
- w[i]=BIG_lastbits(t,5)-16;
- BIG_dec(t,w[i]);
- BIG_norm(t);
- BIG_fshr(t,4);
- }
- w[nb]=BIG_lastbits(t,5);
-
- ECP8_copy(P,&W[(w[nb]-1)/2]);
- for (i=nb-1; i>=0; i--)
- {
- ECP8_select(&Q,W,w[i]);
- ECP8_dbl(P);
- ECP8_dbl(P);
- ECP8_dbl(P);
- ECP8_dbl(P);
- ECP8_add(P,&Q);
- }
- ECP8_sub(P,&C); /* apply correction */
- ECP8_affine(P);
-}
-
-void ZZZ::ECP8_frob_constants(FP2 F[3])
-{
- FP fx,fy;
- FP2 X;
-
- FP_rcopy(&fx,Fra);
- FP_rcopy(&fy,Frb);
- FP2_from_FPs(&X,&fx,&fy);
-
-
- FP2_sqr(&F[0],&X); // FF=F^2=(1+i)^(p-19)/12
- FP2_copy(&F[2],&F[0]);
- FP2_mul_ip(&F[2]); // W=(1+i)^12/12.(1+i)^(p-19)/12 = (1+i)^(p-7)/12
- FP2_norm(&F[2]);
- FP2_sqr(&F[1],&F[2]);
- FP2_mul(&F[2],&F[2],&F[1]); // W=(1+i)^(p-7)/4
-
- FP2_mul_ip(&F[2]); // W=(1+i)^4/4.W=(1+i)^(p-7)/4 = (1+i)^(p-3)/4
- FP2_norm(&F[2]);
-
- FP2_copy(&F[1],&X);
-
-#if SEXTIC_TWIST_ZZZ == M_TYPE
- FP2_mul_ip(&F[1]); // (1+i)^24/24.(1+i)^(p-19)/24 = (1+i)^(p+5)/24
- FP2_inv(&F[1],&F[1]); // (1+i)^-(p+5)/24
- FP2_sqr(&F[0],&F[1]); // (1+i)^-(p+5)/12
-#endif
-
-
- FP2_mul_ip(&F[0]); // FF=(1+i)^(p-19)/12.(1+i)^12/12 = (1+i)^(p-7)/12 // FF=(1+i)^12/12.(1+i)^-(p+5)/12 = (1+i)^-(p-7)/12
- FP2_norm(&F[0]);
-
- FP2_mul(&F[1],&F[1],&F[0]); // (1+i)^(p-7)/12 . (1+i)^(p-19)/24 = (1+i)^(p-11)/8 // (1+i)^-(p-7)/12 . (1+i)^-(p+5)/24 = (1+i)^-(p-3)/8
-
-}
-
-/* Calculates q^n.P using Frobenius constant X */
-void ZZZ::ECP8_frob(ECP8 *P,FP2 F[3],int n)
-{
- int i;
- FP8 X,Y,Z;
-
- //if (P->inf) return;
-
- //ECP8_get(&X,&Y,P); // F=(1+i)^(p-19)/24
-
- FP8_copy(&X,&(P->x));
- FP8_copy(&Y,&(P->y));
- FP8_copy(&Z,&(P->z));
-
- for (i=0;i<n;i++)
- {
- FP8_frob(&X,&F[2]); // X^p
- FP8_qmul(&X,&X,&F[0]);
-#if SEXTIC_TWIST_ZZZ == M_TYPE
- FP8_div_i2(&X); // X^p.(1+i)^-(p-1)/12
-#endif
-#if SEXTIC_TWIST_ZZZ == D_TYPE
- FP8_times_i2(&X); // X^p.(1+i)^(p-1)/12
-#endif
-
- FP8_frob(&Y,&F[2]); // Y^p
- FP8_qmul(&Y,&Y,&F[1]);
-#if SEXTIC_TWIST_ZZZ == M_TYPE
- FP8_div_i(&Y); // Y^p.(1+i)^-(p-1)/8
-#endif
-#if SEXTIC_TWIST_ZZZ == D_TYPE
- FP8_times_i2(&Y); FP8_times_i2(&Y); FP8_times_i(&Y); // Y^p.(1+i)^(p-1)/8
-#endif
- FP8_frob(&Z,&F[2]);
- }
-
- FP8_copy(&(P->x),&X);
- FP8_copy(&(P->y),&Y);
- FP8_copy(&(P->z),&Z);
-
-
-// ECP8_set(P,&X,&Y);
-}
-
-/* Side channel attack secure */
-// Bos & Costello https://eprint.iacr.org/2013/458.pdf
-// Faz-Hernandez & Longa & Sanchez https://eprint.iacr.org/2013/158.pdf
-
-void ZZZ::ECP8_mul16(ECP8 *P,ECP8 Q[16],BIG u[16])
-{
- int i,j,k,nb,pb1,pb2,pb3,pb4,bt;
- ECP8 T1[8],T2[8],T3[8],T4[8],W;
- BIG mt,t[16];
- sign8 w1[NLEN_XXX*BASEBITS_XXX+1];
- sign8 s1[NLEN_XXX*BASEBITS_XXX+1];
- sign8 w2[NLEN_XXX*BASEBITS_XXX+1];
- sign8 s2[NLEN_XXX*BASEBITS_XXX+1];
- sign8 w3[NLEN_XXX*BASEBITS_XXX+1];
- sign8 s3[NLEN_XXX*BASEBITS_XXX+1];
- sign8 w4[NLEN_XXX*BASEBITS_XXX+1];
- sign8 s4[NLEN_XXX*BASEBITS_XXX+1];
-
- FP2 X[3];
- ECP8_frob_constants(X);
-
- for (i=0; i<16; i++)
- {
- //ECP8_affine(&Q[i]);
- BIG_copy(t[i],u[i]);
- }
-// Precomputed table
- ECP8_copy(&T1[0],&Q[0]); // Q[0]
- ECP8_copy(&T1[1],&T1[0]);
- ECP8_add(&T1[1],&Q[1]); // Q[0]+Q[1]
- ECP8_copy(&T1[2],&T1[0]);
- ECP8_add(&T1[2],&Q[2]); // Q[0]+Q[2]
- ECP8_copy(&T1[3],&T1[1]);
- ECP8_add(&T1[3],&Q[2]); // Q[0]+Q[1]+Q[2]
- ECP8_copy(&T1[4],&T1[0]);
- ECP8_add(&T1[4],&Q[3]); // Q[0]+Q[3]
- ECP8_copy(&T1[5],&T1[1]);
- ECP8_add(&T1[5],&Q[3]); // Q[0]+Q[1]+Q[3]
- ECP8_copy(&T1[6],&T1[2]);
- ECP8_add(&T1[6],&Q[3]); // Q[0]+Q[2]+Q[3]
- ECP8_copy(&T1[7],&T1[3]);
- ECP8_add(&T1[7],&Q[3]); // Q[0]+Q[1]+Q[2]+Q[3]
-
-// Use Frobenius
-
- for (i=0;i<8;i++)
- {
- ECP8_copy(&T2[i],&T1[i]);
- ECP8_frob(&T2[i],X,4);
-
- ECP8_copy(&T3[i],&T2[i]);
- ECP8_frob(&T3[i],X,4);
-
- ECP8_copy(&T4[i],&T3[i]);
- ECP8_frob(&T4[i],X,4);
- }
-
-// Make them odd
- pb1=1-BIG_parity(t[0]);
- BIG_inc(t[0],pb1);
- BIG_norm(t[0]);
-
- pb2=1-BIG_parity(t[4]);
- BIG_inc(t[4],pb2);
- BIG_norm(t[4]);
-
- pb3=1-BIG_parity(t[8]);
- BIG_inc(t[8],pb3);
- BIG_norm(t[8]);
-
- pb4=1-BIG_parity(t[12]);
- BIG_inc(t[12],pb4);
- BIG_norm(t[12]);
-
-// Number of bits
- BIG_zero(mt);
- for (i=0; i<16; i++)
- {
- BIG_or(mt,mt,t[i]);
- }
- nb=1+BIG_nbits(mt);
-
-// Sign pivot
- s1[nb-1]=1;
- s2[nb-1]=1;
- s3[nb-1]=1;
- s4[nb-1]=1;
- for (i=0;i<nb-1;i++)
- {
- BIG_fshr(t[0],1);
- s1[i]=2*BIG_parity(t[0])-1;
- BIG_fshr(t[4],1);
- s2[i]=2*BIG_parity(t[4])-1;
- BIG_fshr(t[8],1);
- s3[i]=2*BIG_parity(t[8])-1;
- BIG_fshr(t[12],1);
- s4[i]=2*BIG_parity(t[12])-1;
- }
-
-
-// Recoded exponents
- for (i=0; i<nb; i++)
- {
- w1[i]=0;
- k=1;
- for (j=1; j<4; j++)
- {
- bt=s1[i]*BIG_parity(t[j]);
- BIG_fshr(t[j],1);
-
- BIG_dec(t[j],(bt>>1));
- BIG_norm(t[j]);
- w1[i]+=bt*k;
- k*=2;
- }
-
- w2[i]=0;
- k=1;
- for (j=5; j<8; j++)
- {
- bt=s2[i]*BIG_parity(t[j]);
- BIG_fshr(t[j],1);
-
- BIG_dec(t[j],(bt>>1));
- BIG_norm(t[j]);
- w2[i]+=bt*k;
- k*=2;
- }
-
- w3[i]=0;
- k=1;
- for (j=9; j<12; j++)
- {
- bt=s3[i]*BIG_parity(t[j]);
- BIG_fshr(t[j],1);
-
- BIG_dec(t[j],(bt>>1));
- BIG_norm(t[j]);
- w3[i]+=bt*k;
- k*=2;
- }
-
- w4[i]=0;
- k=1;
- for (j=13; j<16; j++)
- {
- bt=s4[i]*BIG_parity(t[j]);
- BIG_fshr(t[j],1);
-
- BIG_dec(t[j],(bt>>1));
- BIG_norm(t[j]);
- w4[i]+=bt*k;
- k*=2;
- }
- }
-
-// Main loop
- ECP8_select(P,T1,2*w1[nb-1]+1);
- ECP8_select(&W,T2,2*w2[nb-1]+1);
- ECP8_add(P,&W);
- ECP8_select(&W,T3,2*w3[nb-1]+1);
- ECP8_add(P,&W);
- ECP8_select(&W,T4,2*w4[nb-1]+1);
- ECP8_add(P,&W);
-
- for (i=nb-2; i>=0; i--)
- {
- ECP8_dbl(P);
- ECP8_select(&W,T1,2*w1[i]+s1[i]);
- ECP8_add(P,&W);
- ECP8_select(&W,T2,2*w2[i]+s2[i]);
- ECP8_add(P,&W);
- ECP8_select(&W,T3,2*w3[i]+s3[i]);
- ECP8_add(P,&W);
- ECP8_select(&W,T4,2*w4[i]+s4[i]);
- ECP8_add(P,&W);
- }
-
-// apply corrections
- ECP8_copy(&W,P);
- ECP8_sub(&W,&Q[0]);
- ECP8_cmove(P,&W,pb1);
- ECP8_copy(&W,P);
- ECP8_sub(&W,&Q[4]);
- ECP8_cmove(P,&W,pb2);
-
- ECP8_copy(&W,P);
- ECP8_sub(&W,&Q[8]);
- ECP8_cmove(P,&W,pb3);
- ECP8_copy(&W,P);
- ECP8_sub(&W,&Q[12]);
- ECP8_cmove(P,&W,pb4);
-
- ECP8_affine(P);
-}
-
-/*
-void ZZZ::ECP8_mul16(ECP8 *P,ECP8 Q[16],BIG u[16])
-{
- int i,j,a[4],nb,pb;
- ECP8 W[8],Z[8],WW[8],ZZ[8],T,C;
- BIG mt,t[16];
- sign8 w[NLEN_XXX*BASEBITS_XXX+1];
- sign8 z[NLEN_XXX*BASEBITS_XXX+1];
- sign8 ww[NLEN_XXX*BASEBITS_XXX+1];
- sign8 zz[NLEN_XXX*BASEBITS_XXX+1];
-
- FP fx,fy;
- FP2 X;
-
- FP_rcopy(&fx,Fra);
- FP_rcopy(&fy,Frb);
- FP2_from_FPs(&X,&fx,&fy);
-
-
- for (i=0; i<16; i++)
- BIG_copy(t[i],u[i]);
-
- // precompute tables
-
-// 12 add/subs
-
- ECP8_copy(&W[0],&Q[0]);
- ECP8_sub(&W[0],&Q[1]); // P-Q
- ECP8_copy(&W[1],&W[0]);
- ECP8_copy(&W[2],&W[0]);
- ECP8_copy(&W[3],&W[0]);
- ECP8_copy(&W[4],&Q[0]);
- ECP8_add(&W[4],&Q[1]); // P+Q
- ECP8_copy(&W[5],&W[4]);
- ECP8_copy(&W[6],&W[4]);
- ECP8_copy(&W[7],&W[4]);
-
- ECP8_copy(&T,&Q[2]);
- ECP8_sub(&T,&Q[3]); // R-S
- ECP8_sub(&W[1],&T);
- ECP8_add(&W[2],&T);
- ECP8_sub(&W[5],&T);
- ECP8_add(&W[6],&T);
- ECP8_copy(&T,&Q[2]);
- ECP8_add(&T,&Q[3]); // R+S
- ECP8_sub(&W[0],&T);
- ECP8_add(&W[3],&T);
- ECP8_sub(&W[4],&T);
- ECP8_add(&W[7],&T);
-
-
-// Use Frobenius
-
- for (i=0;i<8;i++)
- {
- ECP8_copy(&Z[i],&W[i]);
- ECP8_frob(&Z[i],&X,4);
- }
-
- for (i=0;i<8;i++)
- {
- ECP8_copy(&WW[i],&Z[i]);
- ECP8_frob(&WW[i],&X,4);
- }
-
- for (i=0;i<8;i++)
- {
- ECP8_copy(&ZZ[i],&WW[i]);
- ECP8_frob(&ZZ[i],&X,4);
- }
-
- // if multiplier is even add 1 to multiplier, and add P to correction
- ECP8_inf(&C);
-
- BIG_zero(mt);
- for (i=0; i<16; i++)
- {
- pb=BIG_parity(t[i]);
- BIG_inc(t[i],1-pb);
- BIG_norm(t[i]);
- ECP8_copy(&T,&C);
- ECP8_add(&T,&Q[i]);
- ECP8_cmove(&C,&T,1-pb);
-
-
- BIG_add(mt,mt,t[i]);
- BIG_norm(mt);
- }
-
- nb=1+BIG_nbits(mt);
-
- // convert exponents to signed 1-bit windows
- for (j=0; j<nb; j++)
- {
- for (i=0; i<4; i++)
- {
- a[i]=BIG_lastbits(t[i],2)-2;
- BIG_dec(t[i],a[i]);
- BIG_norm(t[i]);
- BIG_fshr(t[i],1);
- }
- w[j]=8*a[0]+4*a[1]+2*a[2]+a[3];
- }
- w[nb]=8*BIG_lastbits(t[0],2)+4*BIG_lastbits(t[1],2)+2*BIG_lastbits(t[2],2)+BIG_lastbits(t[3],2);
-
-
- for (j=0; j<nb; j++)
- {
- for (i=0; i<4; i++)
- {
- a[i]=BIG_lastbits(t[i+4],2)-2;
- BIG_dec(t[i+4],a[i]);
- BIG_norm(t[i+4]);
- BIG_fshr(t[i+4],1);
- }
- z[j]=8*a[0]+4*a[1]+2*a[2]+a[3];
- }
- z[nb]=8*BIG_lastbits(t[4],2)+4*BIG_lastbits(t[5],2)+2*BIG_lastbits(t[6],2)+BIG_lastbits(t[7],2);
-
-
- for (j=0; j<nb; j++)
- {
- for (i=0; i<4; i++)
- {
- a[i]=BIG_lastbits(t[i+8],2)-2;
- BIG_dec(t[i+8],a[i]);
- BIG_norm(t[i+8]);
- BIG_fshr(t[i+8],1);
- }
- ww[j]=8*a[0]+4*a[1]+2*a[2]+a[3];
- }
- ww[nb]=8*BIG_lastbits(t[8],2)+4*BIG_lastbits(t[9],2)+2*BIG_lastbits(t[10],2)+BIG_lastbits(t[11],2);
-
- for (j=0; j<nb; j++)
- {
- for (i=0; i<4; i++)
- {
- a[i]=BIG_lastbits(t[i+12],2)-2;
- BIG_dec(t[i+12],a[i]);
- BIG_norm(t[i+12]);
- BIG_fshr(t[i+12],1);
- }
- zz[j]=8*a[0]+4*a[1]+2*a[2]+a[3];
- }
- zz[nb]=8*BIG_lastbits(t[12],2)+4*BIG_lastbits(t[13],2)+2*BIG_lastbits(t[14],2)+BIG_lastbits(t[15],2);
-
- ECP8_copy(P,&W[(w[nb]-1)/2]);
- ECP8_add(P,&Z[(z[nb]-1)/2]);
- ECP8_add(P,&WW[(ww[nb]-1)/2]);
- ECP8_add(P,&ZZ[(zz[nb]-1)/2]);
- for (i=nb-1; i>=0; i--)
- {
- ECP8_dbl(P);
- ECP8_select(&T,W,w[i]);
- ECP8_add(P,&T);
- ECP8_select(&T,Z,z[i]);
- ECP8_add(P,&T);
- ECP8_select(&T,WW,ww[i]);
- ECP8_add(P,&T);
- ECP8_select(&T,ZZ,zz[i]);
- ECP8_add(P,&T);
-
- }
- ECP8_sub(P,&C); // apply correction
- ECP8_reduce(P);
-}
-*/
-/* Map to hash value to point on G2 from random BIG */
-
-void ZZZ::ECP8_mapit(ECP8 *Q,octet *W)
-{
- BIG q,one,x,hv;
- FP Fx,Fy;
- FP2 T,X[3];
- FP4 X4;
- FP8 X8;
-
- ECP8 xQ, x2Q, x3Q, x4Q , x5Q, x6Q, x7Q, x8Q;
-
- BIG_fromBytes(hv,W->val);
- BIG_rcopy(q,Modulus);
- BIG_one(one);
- BIG_mod(hv,q);
-
- for (;;)
- {
- FP2_from_BIGs(&T,one,hv); /*******/
- FP4_from_FP2(&X4,&T);
- FP8_from_FP4(&X8,&X4);
- if (ECP8_setx(Q,&X8)) break;
- BIG_inc(hv,1);
- }
-
- ECP8_frob_constants(X);
-
- BIG_rcopy(x,CURVE_Bnx);
-
- // Efficient hash maps to G2 on BLS48 curves - Budroni, Pintore
- // Q -> x8Q -x7Q -Q + F(x7Q-x6Q) + F(F(x6Q-x5Q)) +F(F(F(x5Q-x4Q))) +F(F(F(F(x4Q-x3Q)))) + F(F(F(F(F(x3Q-x2Q))))) + F(F(F(F(F(F(x2Q-xQ)))))) + F(F(F(F(F(F(F(xQ-Q))))))) +F(F(F(F(F(F(F(F(2Q))))))))
-
- ECP8_copy(&xQ,Q);
- ECP8_mul(&xQ,x);
- ECP8_copy(&x2Q,&xQ);
- ECP8_mul(&x2Q,x);
- ECP8_copy(&x3Q,&x2Q);
- ECP8_mul(&x3Q,x);
- ECP8_copy(&x4Q,&x3Q);
-
- ECP8_mul(&x4Q,x);
- ECP8_copy(&x5Q,&x4Q);
- ECP8_mul(&x5Q,x);
- ECP8_copy(&x6Q,&x5Q);
- ECP8_mul(&x6Q,x);
- ECP8_copy(&x7Q,&x6Q);
- ECP8_mul(&x7Q,x);
- ECP8_copy(&x8Q,&x7Q);
- ECP8_mul(&x8Q,x);
-
-#if SIGN_OF_X_ZZZ==NEGATIVEX
- ECP8_neg(&xQ);
- ECP8_neg(&x3Q);
- ECP8_neg(&x5Q);
- ECP8_neg(&x7Q);
-#endif
-
- ECP8_sub(&x8Q,&x7Q);
- ECP8_sub(&x8Q,Q);
-
- ECP8_sub(&x7Q,&x6Q);
- ECP8_frob(&x7Q,X,1);
-
- ECP8_sub(&x6Q,&x5Q);
- ECP8_frob(&x6Q,X,2);
-
- ECP8_sub(&x5Q,&x4Q);
- ECP8_frob(&x5Q,X,3);
-
- ECP8_sub(&x4Q,&x3Q);
- ECP8_frob(&x4Q,X,4);
-
- ECP8_sub(&x3Q,&x2Q);
- ECP8_frob(&x3Q,X,5);
-
- ECP8_sub(&x2Q,&xQ);
- ECP8_frob(&x2Q,X,6);
-
- ECP8_sub(&xQ,Q);
- ECP8_frob(&xQ,X,7);
-
- ECP8_dbl(Q);
- ECP8_frob(Q,X,8);
-
-
- ECP8_add(Q,&x8Q);
- ECP8_add(Q,&x7Q);
- ECP8_add(Q,&x6Q);
- ECP8_add(Q,&x5Q);
-
- ECP8_add(Q,&x4Q);
- ECP8_add(Q,&x3Q);
- ECP8_add(Q,&x2Q);
- ECP8_add(Q,&xQ);
-
- ECP8_affine(Q);
-
-}
-
-// ECP$ Get Group Generator
-
-void ZZZ::ECP8_generator(ECP8 *G)
-{
- BIG a,b;
- FP2 Aa,Bb;
- FP4 A,B;
- FP8 X,Y;
-
- BIG_rcopy(a,CURVE_Pxaaa);
- BIG_rcopy(b,CURVE_Pxaab);
- FP2_from_BIGs(&Aa,a,b);
-
- BIG_rcopy(a,CURVE_Pxaba);
- BIG_rcopy(b,CURVE_Pxabb);
- FP2_from_BIGs(&Bb,a,b);
-
- FP4_from_FP2s(&A,&Aa,&Bb);
-
- BIG_rcopy(a,CURVE_Pxbaa);
- BIG_rcopy(b,CURVE_Pxbab);
- FP2_from_BIGs(&Aa,a,b);
-
- BIG_rcopy(a,CURVE_Pxbba);
- BIG_rcopy(b,CURVE_Pxbbb);
- FP2_from_BIGs(&Bb,a,b);
-
- FP4_from_FP2s(&B,&Aa,&Bb);
-
- FP8_from_FP4s(&X,&A,&B);
-
- BIG_rcopy(a,CURVE_Pyaaa);
- BIG_rcopy(b,CURVE_Pyaab);
- FP2_from_BIGs(&Aa,a,b);
-
- BIG_rcopy(a,CURVE_Pyaba);
- BIG_rcopy(b,CURVE_Pyabb);
- FP2_from_BIGs(&Bb,a,b);
-
- FP4_from_FP2s(&A,&Aa,&Bb);
-
- BIG_rcopy(a,CURVE_Pybaa);
- BIG_rcopy(b,CURVE_Pybab);
- FP2_from_BIGs(&Aa,a,b);
-
- BIG_rcopy(a,CURVE_Pybba);
- BIG_rcopy(b,CURVE_Pybbb);
- FP2_from_BIGs(&Bb,a,b);
-
- FP4_from_FP2s(&B,&Aa,&Bb);
-
- FP8_from_FP4s(&Y,&A,&B);
-
- ECP8_set(G,&X,&Y);
-}
-
-
-// g++ -O2 ecp8_BLS48.cpp fp8_BLS48.cpp fp4_BLS48.cpp fp2_BLS48.cpp fp_BLS48.cpp big_B560_29.cpp rand.cpp hash.cpp rom_field_BLS48.cpp rom_curve_BLS48.cpp oct.cpp -o ecp8_BLS48.exe
-/*
-int main()
-{
- int i;
- ECP8 G,P;
- FP2 Aa,Bb,f;
- FP8 X,Y;
- BIG a,b,r,p;
- char w[100];
- octet W= {0,sizeof(w),w};
-
- ECP8_generator(&G);
-
- BIG_rcopy(a,Fra);
- BIG_rcopy(b,Frb);
- FP2_from_BIGs(&f,a,b);
-
- if (G.inf) cout << "Failed to set - point not on curve" << endl;
- else cout << "set success" << endl;
-
- ECP8_output(&G);
- ECP8_copy(&P,&G);
-
- BIG_rcopy(r,CURVE_Order);
- BIG_rcopy(p,Modulus);
-
- BIG_output(r);
- cout << endl;
-
- ECP8_mul(&G,r);
- ECP8_output(&G);
- cout << endl;
-
- ECP8_copy(&G,&P);
-
- cout << "pG = ";
- ECP8_mul(&G,p);
- ECP8_output(&G);
- cout << endl;
-
- cout << "G^p= ";
- ECP8_frob(&P,&f,1);
- ECP8_output(&P);
- cout << endl;
-
-
- for (i=0;i<MODBYTES_XXX;i++)
- {
- W.val[i]=i+11;
- }
- W.len=MODBYTES_XXX;
-
- printf("W= ");
- OCT_output(&W);
- printf("\n");
-
- ECP8_mapit(&P,&W);
-
- cout << "Hash to P= ";
- ECP8_output(&P);
- cout << endl;
-
- ECP8_mul(&P,r);
-
- cout << "rP= ";
- ECP8_output(&P);
- cout << endl;
-
-
-
-// ECP8_dbl(&G);
-// ECP8_output(&G);
-// ECP8_reduce(&G);
-// cout << endl;
-// ECP8_add(&G,&P);
-// ECP8_output(&G);
-// cout << endl;
-
-
- return 0;
-}
-*/
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/cpp/ecp8.h
----------------------------------------------------------------------
diff --git a/version3/cpp/ecp8.h b/version3/cpp/ecp8.h
deleted file mode 100644
index 681f199..0000000
--- a/version3/cpp/ecp8.h
+++ /dev/null
@@ -1,253 +0,0 @@
-#ifndef ECP8_ZZZ_H
-#define ECP8_ZZZ_H
-
-#include "fp8_YYY.h"
-#include "config_curve_ZZZ.h"
-
-using namespace amcl;
-
-namespace YYY {
-
-extern const XXX::BIG Fra; /**< real part of BN curve Frobenius Constant */
-extern const XXX::BIG Frb; /**< imaginary part of BN curve Frobenius Constant */
-
-}
-
-namespace ZZZ {
-
-/**
- @brief ECP8 Structure - Elliptic Curve Point over quadratic extension field
-*/
-
-typedef struct
-{
-// int inf; /**< Infinity Flag */
- YYY::FP8 x; /**< x-coordinate of point */
- YYY::FP8 y; /**< y-coordinate of point */
- YYY::FP8 z; /**< z-coordinate of point */
-} ECP8;
-
-
-/* Curve Params - see rom.c */
-extern const int CURVE_A; /**< Elliptic curve A parameter */
-extern const int CURVE_B_I; /**< Elliptic curve B parameter */
-extern const XXX::BIG CURVE_B; /**< Elliptic curve B parameter */
-extern const XXX::BIG CURVE_Order; /**< Elliptic curve group order */
-extern const XXX::BIG CURVE_Cof; /**< Elliptic curve cofactor */
-extern const XXX::BIG CURVE_Bnx; /**< Elliptic curve parameter */
-
-
-/* Generator point on G1 */
-extern const XXX::BIG CURVE_Gx; /**< x-coordinate of generator point in group G1 */
-extern const XXX::BIG CURVE_Gy; /**< y-coordinate of generator point in group G1 */
-
-/* For Pairings only */
-
-/* Generator point on G2 */
-extern const XXX::BIG CURVE_Pxaaa; /**< real part of x-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pxaab; /**< imaginary part of x-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pxaba; /**< real part of x-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pxabb; /**< imaginary part of x-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pxbaa; /**< real part of x-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pxbab; /**< imaginary part of x-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pxbba; /**< real part of x-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pxbbb; /**< imaginary part of x-coordinate of generator point in group G2 */
-
-extern const XXX::BIG CURVE_Pyaaa; /**< real part of y-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pyaab; /**< imaginary part of y-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pyaba; /**< real part of y-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pyabb; /**< imaginary part of y-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pybaa; /**< real part of y-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pybab; /**< imaginary part of y-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pybba; /**< real part of y-coordinate of generator point in group G2 */
-extern const XXX::BIG CURVE_Pybbb; /**< imaginary part of y-coordinate of generator point in group G2 */
-
-
-/* ECP8 E(FP8) prototypes */
-/** @brief Tests for ECP8 point equal to infinity
- *
- @param P ECP8 point to be tested
- @return 1 if infinity, else returns 0
- */
-extern int ECP8_isinf(ECP8 *P);
-/** @brief Copy ECP8 point to another ECP8 point
- *
- @param P ECP8 instance, on exit = Q
- @param Q ECP8 instance to be copied
- */
-extern void ECP8_copy(ECP8 *P,ECP8 *Q);
-/** @brief Set ECP8 to point-at-infinity
- *
- @param P ECP8 instance to be set to infinity
- */
-extern void ECP8_inf(ECP8 *P);
-/** @brief Tests for equality of two ECP8s
- *
- @param P ECP8 instance to be compared
- @param Q ECP8 instance to be compared
- @return 1 if P=Q, else returns 0
- */
-extern int ECP8_equals(ECP8 *P,ECP8 *Q);
-
-/** @brief Converts an ECP8 point from Projective (x,y,z) coordinates to affine (x,y) coordinates
- *
- @param P ECP8 instance to be converted to affine form
- */
-extern void ECP8_affine(ECP8 *P);
-
-
-/** @brief Extract x and y coordinates of an ECP8 point P
- *
- If x=y, returns only x
- @param x FP8 on exit = x coordinate of point
- @param y FP8 on exit = y coordinate of point (unless x=y)
- @param P ECP8 instance (x,y)
- @return -1 if P is point-at-infinity, else 0
- */
-extern int ECP8_get(YYY::FP8 *x,YYY::FP8 *y,ECP8 *P);
-/** @brief Formats and outputs an ECP8 point to the console, converted to affine coordinates
- *
- @param P ECP8 instance to be printed
- */
-extern void ECP8_output(ECP8 *P);
-
-/** @brief Formats and outputs an ECP8 point to an octet string
- *
- The octet string is created in the form x|y.
- Convert the real and imaginary parts of the x and y coordinates to big-endian base 256 form.
- @param S output octet string
- @param P ECP8 instance to be converted to an octet string
- */
-extern void ECP8_toOctet(octet *S,ECP8 *P);
-/** @brief Creates an ECP8 point from an octet string
- *
- The octet string is in the form x|y
- The real and imaginary parts of the x and y coordinates are in big-endian base 256 form.
- @param P ECP8 instance to be created from the octet string
- @param S input octet string
- return 1 if octet string corresponds to a point on the curve, else 0
- */
-extern int ECP8_fromOctet(ECP8 *P,octet *S);
-/** @brief Calculate Right Hand Side of curve equation y^2=f(x)
- *
- Function f(x)=x^3+Ax+B
- Used internally.
- @param r FP8 value of f(x)
- @param x FP8 instance
- */
-extern void ECP8_rhs(YYY::FP8 *r,YYY::FP8 *x);
-/** @brief Set ECP8 to point(x,y) given x and y
- *
- Point P set to infinity if no such point on the curve.
- @param P ECP8 instance to be set (x,y)
- @param x FP8 x coordinate of point
- @param y FP8 y coordinate of point
- @return 1 if point exists, else 0
- */
-extern int ECP8_set(ECP8 *P,YYY::FP8 *x,YYY::FP8 *y);
-/** @brief Set ECP to point(x,[y]) given x
- *
- Point P set to infinity if no such point on the curve. Otherwise y coordinate is calculated from x.
- @param P ECP instance to be set (x,[y])
- @param x BIG x coordinate of point
- @return 1 if point exists, else 0
- */
-extern int ECP8_setx(ECP8 *P,YYY::FP8 *x);
-/** @brief Negation of an ECP8 point
- *
- @param P ECP8 instance, on exit = -P
- */
-extern void ECP8_neg(ECP8 *P);
-
-/** @brief Reduction of an ECP8 point
- *
- @param P ECP8 instance, on exit (x,y) are reduced wrt the modulus
- */
-extern void ECP8_reduce(ECP8 *P);
-
-
-/** @brief Doubles an ECP8 instance P and returns slope
- *
- @param P ECP8 instance, on exit =2*P
- @param lam FP8 instance, slope of line
- */
-//extern int ECP8_sdbl(ECP8 *P,FP8 *lam);
-/** @brief Adds ECP8 instance Q to ECP8 instance P and returns slope
- *
- @param P ECP8 instance, on exit =P+Q
- @param Q ECP8 instance to be added to P
- @param lam FP8 instance, slope of line
- */
-//extern int ECP8_sadd(ECP8 *P,ECP8 *Q,FP8 *lam);
-
-
-/** @brief Doubles an ECP8 instance P
- *
- @param P ECP8 instance, on exit =2*P
- */
-extern int ECP8_dbl(ECP8 *P);
-/** @brief Adds ECP8 instance Q to ECP8 instance P
- *
- @param P ECP8 instance, on exit =P+Q
- @param Q ECP8 instance to be added to P
- */
-extern int ECP8_add(ECP8 *P,ECP8 *Q);
-/** @brief Subtracts ECP instance Q from ECP8 instance P
- *
- @param P ECP8 instance, on exit =P-Q
- @param Q ECP8 instance to be subtracted from P
- */
-extern void ECP8_sub(ECP8 *P,ECP8 *Q);
-/** @brief Multiplies an ECP8 instance P by a BIG, side-channel resistant
- *
- Uses fixed sized windows.
- @param P ECP8 instance, on exit =b*P
- @param b BIG number multiplier
-
- */
-extern void ECP8_mul(ECP8 *P,XXX::BIG b);
-
-/** @brief Calculates required Frobenius constants
- *
- Calculate Frobenius constants
- @param F array of FP2 precalculated constants
-
- */
-extern void ECP8_frob_constants(YYY::FP2 F[3]);
-
-/** @brief Multiplies an ECP8 instance P by the internal modulus p^n, using precalculated Frobenius constants
- *
- Fast point multiplication using Frobenius
- @param P ECP8 instance, on exit = p^n*P
- @param F array of FP2 precalculated Frobenius constant
- @param n power of prime
-
- */
-extern void ECP8_frob(ECP8 *P,YYY::FP2 F[3],int n);
-
-/** @brief Calculates P=Sigma b[i]*Q[i] for i=0 to 7
- *
- @param P ECP8 instance, on exit = Sigma b[i]*Q[i] for i=0 to 7
- @param Q ECP8 array of 4 points
- @param b BIG array of 4 multipliers
- */
-extern void ECP8_mul16(ECP8 *P,ECP8 *Q,XXX::BIG *b);
-
-
-/** @brief Maps random BIG to curve point of correct order
- *
- @param P ECP8 instance of correct order
- @param W OCTET byte array to be mapped
- */
-extern void ECP8_mapit(ECP8 *P,octet *w);
-
-/** @brief Get Group Generator from ROM
- *
- @param G ECP8 instance
- */
-extern void ECP8_generator(ECP8 *G);
-
-
-}
-
-#endif
\ No newline at end of file
[08/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_curve_BN254.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_curve_BN254.c b/version3/c/rom_curve_BN254.c
deleted file mode 100644
index ea5073d..0000000
--- a/version3/c/rom_curve_BN254.c
+++ /dev/null
@@ -1,80 +0,0 @@
-#include "arch.h"
-#include "ecp_BN254.h"
-
-/* Curve BN254 - Pairing friendly BN curve */
-
-/* Nogami's fast curve */
-
-#if CHUNK==16
-
-const int CURVE_Cof_I_BN254= 1;
-const int CURVE_A_BN254= 0;
-const int CURVE_B_I_BN254= 2;
-const BIG_256_13 CURVE_B_BN254= {0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_256_13 CURVE_Order_BN254= {0xD,0x0,0x0,0x0,0xA10,0x8,0x0,0x0,0x1F80,0x1FFC,0x1,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A};
-const BIG_256_13 CURVE_Gx_BN254= {0x12,0x0,0x0,0x0,0x1A70,0x9,0x0,0x0,0x100,0x309,0x2,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A};
-const BIG_256_13 CURVE_Gy_BN254= {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-
-const BIG_256_13 CURVE_Bnx_BN254= {0x1,0x0,0x0,0x0,0x408,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_256_13 CURVE_Cof_BN254= {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_256_13 CURVE_Cru_BN254= {0x7,0x0,0x0,0x0,0xCD8,0x3,0x0,0x0,0x900,0x1248,0x0,0x0,0x400,0x19B1,0x126,0x0,0x0,0x0,0x0,0x0};
-const BIG_256_13 CURVE_Pxa_BN254= {0x1B2B,0x1F,0x932,0x1C84,0x191E,0x1F86,0x262,0x1769,0x48B,0x1523,0x1B6D,0x18C3,0x7E8,0x6C6,0x1FAE,0x16C5,0x119E,0x5DA,0x684,0xC};
-const BIG_256_13 CURVE_Pxb_BN254= {0xCF3,0x1EAA,0x1079,0x1869,0x10D8,0x25B,0x18DE,0xD75,0xD74,0x18FA,0xA96,0x1305,0x18C5,0x553,0xCC4,0xF06,0x1A73,0x17CD,0x5AA,0xA};
-const BIG_256_13 CURVE_Pya_BN254= {0xB9A,0xE69,0x1E24,0x1C0,0x119F,0x4DE,0x16F8,0x1CD7,0x1D0A,0x194D,0x88,0x1319,0x966,0x870,0xE6A,0x1268,0xBAF,0x1D03,0x625,0x4};
-const BIG_256_13 CURVE_Pyb_BN254= {0xE9B,0x19D6,0x1B1A,0x1A35,0x18A2,0x4AB,0x1CE7,0x1FFA,0x1006,0x1D84,0x34D,0xBE7,0x56F,0x16A2,0x1A3D,0x2A4,0x1C8B,0x1873,0xECA,0x1D};
-const BIG_256_13 CURVE_W_BN254[2]= {{0x3,0x0,0x0,0x0,0x40,0x1,0x0,0x0,0x180,0x30C,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x1,0x0,0x0,0x0,0x810,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
-const BIG_256_13 CURVE_SB_BN254[2][2]= {{{0x4,0x0,0x0,0x0,0x850,0x1,0x0,0x0,0x180,0x30C,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x1,0x0,0x0,0x0,0x810,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x1,0x0,0x0,0x0,0x810,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0xA,0x0,0x0,0x0,0x9D0,0x7,0x0,0x0,0x1E00,0x1CF0,0x1,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A}}};
-const BIG_256_13 CURVE_WB_BN254[4]= {{0x0,0x0,0x0,0x0,0x408,0x0,0x0,0x0,0x80,0x104,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x5,0x0,0x0,0x0,0x14A8,0x2,0x0,0x0,0x700,0xE38,0x0,0x0,0x1800,0x1120,0xC4,0x0,0x0,0x0,0x0,0x0},{0x3,0x0,0x0,0x0,0xC58,0x1,0x0,0x0,0x380,0x71C,0x0,0x0,0xC00,0x890,0x62,0x0,0x0,0x0,0x0,0x0},{0x1,0x0,0x0,0x0,0xC18,0x0,0x0,0x0,0x80,0x104,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
-const BIG_256_13 CURVE_BB_BN254[4][4]= {{{0xD,0x0,0x0,0x0,0x608,0x8,0x0,0x0,0x1F80,0x1FFC,0x1,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A},{0xC,0x0,0x0,0x0,0x608,0x8,0x0,0x0,0x1F80,0x1FFC,0x1,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A},{0xC,0x0,0x0,0x0,0x608,0x8,0x0,0x0,0x1F80,0x1FFC,0x1,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A},{0x2,0x0,0x0,0x0,0x810,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x1,0x0,0x0,0x0,0x810,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0xC,0x0,0x0,0x0,0x608,0x8,0x0,0x0,0x1F80,0x1FFC,0x1,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A},{0xD,0x0,0x0,0x0,0x608,0x8,0x0,0x0,0x1F80,0x1FFC,0x1,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A},{0xC,0x0,0x0,0x0,0x608,0x8,0x0,0x0,0x1F80,0x1FFC,0x1,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A}},{{0x2,0x0,0x0,0x0,0x810,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x1,0x0,0x0,0x0,0x810,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0
},{0x1,0x0,0x0,0x0,0x810,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x1,0x0,0x0,0x0,0x810,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x2,0x0,0x0,0x0,0x408,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x2,0x0,0x0,0x0,0x1020,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0xA,0x0,0x0,0x0,0x200,0x8,0x0,0x0,0x1F80,0x1FFC,0x1,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A},{0x2,0x0,0x0,0x0,0x408,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}};
-
-
-#endif
-
-#if CHUNK==32
-
-const int CURVE_Cof_I_BN254= 1;
-const int CURVE_A_BN254= 0;
-const int CURVE_B_I_BN254= 2;
-const BIG_256_28 CURVE_B_BN254= {0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_256_28 CURVE_Order_BN254= {0xD,0x0,0x10A1,0x8000000,0x7FF9F,0x8000000,0x1BA344D,0x4000000,0x5236482,0x2};
-const BIG_256_28 CURVE_Gx_BN254= {0x12,0x0,0x13A7,0x0,0x86121,0x8000000,0x1BA344D,0x4000000,0x5236482,0x2};
-const BIG_256_28 CURVE_Gy_BN254= {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-
-const BIG_256_28 CURVE_Bnx_BN254= {0x1,0x8000000,0x40,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_256_28 CURVE_Cof_BN254= {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_256_28 CURVE_Cru_BN254= {0x7,0x8000000,0x6CD,0x0,0x24909,0x4000000,0x49B362,0x0,0x0,0x0};
-const BIG_256_28 CURVE_Pxa_BN254= {0x803FB2B,0xEE4224C,0x8BF0D91,0x8BBB489,0xDB6A464,0x7E8C61E,0xFEB8D8C,0x519EB62,0x61A10BB,0x0};
-const BIG_256_28 CURVE_Pxb_BN254= {0x7D54CF3,0x8C34C1E,0x784B70D,0x746BAE3,0xA5B1F4D,0x8C5982A,0x3310AA7,0xBA73783,0x516AAF9,0x0};
-const BIG_256_28 CURVE_Pya_BN254= {0x1CD2B9A,0xF0E0789,0xE09BD19,0xAE6BDB,0x22329BD,0x96698C8,0x39A90E0,0x6BAF934,0x21897A0,0x0};
-const BIG_256_28 CURVE_Pyb_BN254= {0xB3ACE9B,0x2D1AEC6,0x9C9578A,0x6FFD73,0xD37B090,0x56F5F38,0x68F6D44,0x7C8B152,0xEBB2B0E,0x0};
-const BIG_256_28 CURVE_W_BN254[2]= {{0x3,0x0,0x204,0x8000000,0x6181,0x0,0x0,0x0,0x0,0x0},{0x1,0x0,0x81,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
-const BIG_256_28 CURVE_SB_BN254[2][2]= {{{0x4,0x0,0x285,0x8000000,0x6181,0x0,0x0,0x0,0x0,0x0},{0x1,0x0,0x81,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x1,0x0,0x81,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0xA,0x0,0xE9D,0x0,0x79E1E,0x8000000,0x1BA344D,0x4000000,0x5236482,0x2}}};
-const BIG_256_28 CURVE_WB_BN254[4]= {{0x0,0x8000000,0x40,0x8000000,0x2080,0x0,0x0,0x0,0x0,0x0},{0x5,0x8000000,0x54A,0x0,0x1C707,0x8000000,0x312241,0x0,0x0,0x0},{0x3,0x8000000,0x2C5,0x8000000,0xE383,0xC000000,0x189120,0x0,0x0,0x0},{0x1,0x8000000,0xC1,0x8000000,0x2080,0x0,0x0,0x0,0x0,0x0}};
-const BIG_256_28 CURVE_BB_BN254[4][4]= {{{0xD,0x8000000,0x1060,0x8000000,0x7FF9F,0x8000000,0x1BA344D,0x4000000,0x5236482,0x2},{0xC,0x8000000,0x1060,0x8000000,0x7FF9F,0x8000000,0x1BA344D,0x4000000,0x5236482,0x2},{0xC,0x8000000,0x1060,0x8000000,0x7FF9F,0x8000000,0x1BA344D,0x4000000,0x5236482,0x2},{0x2,0x0,0x81,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x1,0x0,0x81,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0xC,0x8000000,0x1060,0x8000000,0x7FF9F,0x8000000,0x1BA344D,0x4000000,0x5236482,0x2},{0xD,0x8000000,0x1060,0x8000000,0x7FF9F,0x8000000,0x1BA344D,0x4000000,0x5236482,0x2},{0xC,0x8000000,0x1060,0x8000000,0x7FF9F,0x8000000,0x1BA344D,0x4000000,0x5236482,0x2}},{{0x2,0x0,0x81,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x1,0x0,0x81,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x1,0x0,0x81,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x1,0x0,0x81,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x2,0x8000000,0x40,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x2,0x0,0x102,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0xA,0x0,0x1020,0x8000000,0x7FF9F,0x8000000,0x1BA344D,0x4000000,0x5236482,0x2},{0x2,0x800
0000,0x40,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}};
-#endif
-
-#if CHUNK==64
-
-const int CURVE_Cof_I_BN254= 1;
-const int CURVE_A_BN254= 0;
-const int CURVE_B_I_BN254= 2;
-const BIG_256_56 CURVE_B_BN254= {0x2L,0x0L,0x0L,0x0L,0x0L};
-const BIG_256_56 CURVE_Order_BN254= {0xDL,0x800000000010A1L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L};
-const BIG_256_56 CURVE_Gx_BN254= {0x12L,0x13A7L,0x80000000086121L,0x40000001BA344DL,0x25236482L};
-const BIG_256_56 CURVE_Gy_BN254= {0x1L,0x0L,0x0L,0x0L,0x0L};
-
-const BIG_256_56 CURVE_Bnx_BN254= {0x80000000000001L,0x40L,0x0L,0x0L,0x0L};
-const BIG_256_56 CURVE_Cof_BN254= {0x1L,0x0L,0x0L,0x0L,0x0L};
-const BIG_256_56 CURVE_Cru_BN254= {0x80000000000007L,0x6CDL,0x40000000024909L,0x49B362L,0x0L};
-const BIG_256_56 CURVE_Pxa_BN254= {0xEE4224C803FB2BL,0x8BBB4898BF0D91L,0x7E8C61EDB6A464L,0x519EB62FEB8D8CL,0x61A10BBL};
-const BIG_256_56 CURVE_Pxb_BN254= {0x8C34C1E7D54CF3L,0x746BAE3784B70DL,0x8C5982AA5B1F4DL,0xBA737833310AA7L,0x516AAF9L};
-const BIG_256_56 CURVE_Pya_BN254= {0xF0E07891CD2B9AL,0xAE6BDBE09BD19L,0x96698C822329BDL,0x6BAF93439A90E0L,0x21897A0L};
-const BIG_256_56 CURVE_Pyb_BN254= {0x2D1AEC6B3ACE9BL,0x6FFD739C9578AL,0x56F5F38D37B090L,0x7C8B15268F6D44L,0xEBB2B0EL};
-const BIG_256_56 CURVE_W_BN254[2]= {{0x3L,0x80000000000204L,0x6181L,0x0L,0x0L},{0x1L,0x81L,0x0L,0x0L,0x0L}};
-const BIG_256_56 CURVE_SB_BN254[2][2]= {{{0x4L,0x80000000000285L,0x6181L,0x0L,0x0L},{0x1L,0x81L,0x0L,0x0L,0x0L}},{{0x1L,0x81L,0x0L,0x0L,0x0L},{0xAL,0xE9DL,0x80000000079E1EL,0x40000001BA344DL,0x25236482L}}};
-const BIG_256_56 CURVE_WB_BN254[4]= {{0x80000000000000L,0x80000000000040L,0x2080L,0x0L,0x0L},{0x80000000000005L,0x54AL,0x8000000001C707L,0x312241L,0x0L},{0x80000000000003L,0x800000000002C5L,0xC000000000E383L,0x189120L,0x0L},{0x80000000000001L,0x800000000000C1L,0x2080L,0x0L,0x0L}};
-const BIG_256_56 CURVE_BB_BN254[4][4]= {{{0x8000000000000DL,0x80000000001060L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L},{0x8000000000000CL,0x80000000001060L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L},{0x8000000000000CL,0x80000000001060L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L},{0x2L,0x81L,0x0L,0x0L,0x0L}},{{0x1L,0x81L,0x0L,0x0L,0x0L},{0x8000000000000CL,0x80000000001060L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L},{0x8000000000000DL,0x80000000001060L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L},{0x8000000000000CL,0x80000000001060L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L}},{{0x2L,0x81L,0x0L,0x0L,0x0L},{0x1L,0x81L,0x0L,0x0L,0x0L},{0x1L,0x81L,0x0L,0x0L,0x0L},{0x1L,0x81L,0x0L,0x0L,0x0L}},{{0x80000000000002L,0x40L,0x0L,0x0L,0x0L},{0x2L,0x102L,0x0L,0x0L,0x0L},{0xAL,0x80000000001020L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L},{0x80000000000002L,0x40L,0x0L,0x0L,0x0L}}};
-
-
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_curve_BN254CX.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_curve_BN254CX.c b/version3/c/rom_curve_BN254CX.c
deleted file mode 100644
index 4b85d21..0000000
--- a/version3/c/rom_curve_BN254CX.c
+++ /dev/null
@@ -1,81 +0,0 @@
-#include "arch.h"
-#include "ecp_BN254CX.h"
-
-/* Curve BN254CX - Pairing friendly BN curve */
-
-/* CertiVox BN curve/field */
-
-
-#if CHUNK==16
-
-const int CURVE_Cof_I_BN254CX= 1;
-const int CURVE_A_BN254CX= 0;
-const int CURVE_B_I_BN254CX= 2;
-const BIG_256_13 CURVE_B_BN254CX= {0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_256_13 CURVE_Order_BN254CX= {0x1F6D,0x1758,0x98D,0x381,0xBE1,0x367,0x1324,0x1DC1,0x1FD6,0x1621,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48};
-const BIG_256_13 CURVE_Gx_BN254CX= {0x15B2,0xDA,0x1BD7,0xC47,0x1BE6,0x1F70,0x24,0x1DC3,0x1FD6,0x1921,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48};
-const BIG_256_13 CURVE_Gy_BN254CX= {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_256_13 CURVE_Bnx_BN254CX= {0x12B1,0x1E00,0x0,0x0,0x400,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_256_13 CURVE_Cof_BN254CX= {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_256_13 CURVE_Cru_BN254CX= {0x1C97,0x11A,0x5E5,0x126,0x31E,0x3AB,0x7BE,0xC8E,0x1DDF,0x205,0xFC5,0x1950,0x0,0x0,0x120,0x0,0x0,0x0,0x0,0x0};
-
-const BIG_256_13 CURVE_Pxa_BN254CX= {0xC74,0x697,0x1BB9,0xA39,0xC08,0x1393,0xF8,0x17F4,0x1C85,0x1C83,0x12EE,0xB86,0x100F,0x592,0x18D6,0x164A,0x1053,0x963,0x1A0B,0x32};
-const BIG_256_13 CURVE_Pxb_BN254CX= {0xFE1,0x114E,0x2CB,0xB1D,0x147A,0x187,0x827,0x1618,0x1B97,0x1FC0,0x5D0,0x11D3,0x137A,0x8E4,0xA80,0x1EC9,0x1E19,0xF61,0x19AE,0x28};
-const BIG_256_13 CURVE_Pya_BN254CX= {0x9F,0x185F,0x1AF3,0x17F9,0x10CF,0xD9,0x11FB,0x7B0,0x1B3,0xB1B,0x1882,0x1B5D,0x157,0xF11,0x1760,0x571,0x1233,0xECB,0x1E7B,0x14};
-const BIG_256_13 CURVE_Pyb_BN254CX= {0xE9D,0x4C7,0x8A2,0x96,0x1ED9,0x16F5,0x74B,0x14AD,0x64E,0xE14,0xD18,0x1B1A,0x512,0x372,0xD7,0x1812,0xCC4,0x1CF,0x583,0xC};
-
-const BIG_256_13 CURVE_W_BN254CX[2]= {{0xB83,0x117F,0x1245,0x8C6,0x5,0x1C09,0xD00,0x1,0x0,0x300,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x561,0x1C01,0x1,0x0,0x800,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
-const BIG_256_13 CURVE_SB_BN254CX[2][2]= {{{0x10E4,0xD80,0x1247,0x8C6,0x805,0x1C09,0xD00,0x1,0x0,0x300,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x561,0x1C01,0x1,0x0,0x800,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x561,0x1C01,0x1,0x0,0x800,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x13EA,0x5D9,0x1748,0x1ABA,0xBDB,0x75E,0x623,0x1DC0,0x1FD6,0x1321,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48}}};
-const BIG_256_13 CURVE_WB_BN254CX[4]= {{0x4B0,0x13D4,0x615,0x1842,0x401,0x958,0xF00,0x0,0x0,0x100,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x475,0x1110,0x56F,0x1BF3,0x36C,0x1FCD,0x329,0x1DB5,0x1E94,0xE03,0xA83,0x10E0,0x0,0x0,0xC0,0x0,0x0,0x0,0x0,0x0},{0xB93,0x788,0x12B8,0xDF9,0x13B6,0x1FE6,0x1194,0xEDA,0x1F4A,0x1701,0x541,0x870,0x0,0x0,0x60,0x0,0x0,0x0,0x0,0x0},{0xA11,0xFD5,0x617,0x1842,0xC01,0x958,0xF00,0x0,0x0,0x100,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
-const BIG_256_13 CURVE_BB_BN254CX[4][4]= {{{0xCBD,0x1958,0x98C,0x381,0x7E1,0x367,0x1324,0x1DC1,0x1FD6,0x1621,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48},{0xCBC,0x1958,0x98C,0x381,0x7E1,0x367,0x1324,0x1DC1,0x1FD6,0x1621,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48},{0xCBC,0x1958,0x98C,0x381,0x7E1,0x367,0x1324,0x1DC1,0x1FD6,0x1621,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48},{0x562,0x1C01,0x1,0x0,0x800,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x561,0x1C01,0x1,0x0,0x800,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0xCBC,0x1958,0x98C,0x381,0x7E1,0x367,0x1324,0x1DC1,0x1FD6,0x1621,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48},{0xCBD,0x1958,0x98C,0x381,0x7E1,0x367,0x1324,0x1DC1,0x1FD6,0x1621,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48},{0xCBC,0x1958,0x98C,0x381,0x7E1,0x367,0x1324,0x1DC1,0x1FD6,0x1621,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48}},{{0x562,0x1
C01,0x1,0x0,0x800,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x561,0x1C01,0x1,0x0,0x800,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x561,0x1C01,0x1,0x0,0x800,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x561,0x1C01,0x1,0x0,0x800,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x12B2,0x1E00,0x0,0x0,0x400,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0xAC2,0x1802,0x3,0x0,0x1000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x1A0A,0x1B57,0x98B,0x381,0x3E1,0x367,0x1324,0x1DC1,0x1FD6,0x1621,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48},{0x12B2,0x1E00,0x0,0x0,0x400,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}};
-#endif
-
-#if CHUNK==32
-
-const int CURVE_Cof_I_BN254CX= 1;
-const int CURVE_A_BN254CX= 0;
-const int CURVE_B_I_BN254CX= 2;
-const BIG_256_28 CURVE_B_BN254CX= {0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_256_28 CURVE_Order_BN254CX= {0x6EB1F6D,0x11C0A63,0x906CEBE,0xD6EE0CC,0x6D2C43F,0x647A636,0xDB0BDDF,0x8702A0,0x4000000,0x2};
-const BIG_256_28 CURVE_Gx_BN254CX= {0xC1B55B2,0x6623EF5,0x93EE1BE,0xD6EE180,0x6D3243F,0x647A636,0xDB0BDDF,0x8702A0,0x4000000,0x2};
-const BIG_256_28 CURVE_Gy_BN254CX= {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_256_28 CURVE_Bnx_BN254CX= {0x3C012B1,0x0,0x40,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_256_28 CURVE_Cof_BN254CX= {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_256_28 CURVE_Cru_BN254CX= {0x4235C97,0xE093179,0xF875631,0xDF6471E,0xF1440BD,0xCA83,0x480000,0x0,0x0,0x0};
-
-const BIG_256_28 CURVE_Pxa_BN254CX= {0x4D2EC74,0x851CEEE,0xE2726C0,0x85BFA03,0xBBB907C,0xF5C34,0x6358B25,0x7053B25,0x9682D2C,0x1};
-const BIG_256_28 CURVE_Pxb_BN254CX= {0xE29CFE1,0xA58E8B2,0x9C30F47,0x97B0C20,0x743F81B,0x37A8E99,0xAA011C9,0x3E19F64,0x466B9EC,0x1};
-const BIG_256_28 CURVE_Pya_BN254CX= {0xF0BE09F,0xFBFCEBC,0xEC1B30C,0xB33D847,0x2096361,0x157DAEE,0xDD81E22,0x72332B8,0xA79EDD9,0x0};
-const BIG_256_28 CURVE_Pyb_BN254CX= {0x898EE9D,0x904B228,0x2EDEBED,0x4EA569D,0x461C286,0x512D8D3,0x35C6E4,0xECC4C09,0x6160C39,0x0};
-
-
-const BIG_256_28 CURVE_W_BN254CX[2]= {{0x62FEB83,0x5463491,0x381200,0xB4,0x6000,0x0,0x0,0x0,0x0,0x0},{0x7802561,0x0,0x80,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
-const BIG_256_28 CURVE_SB_BN254CX[2][2]= {{{0xDB010E4,0x5463491,0x381280,0xB4,0x6000,0x0,0x0,0x0,0x0,0x0},{0x7802561,0x0,0x80,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x7802561,0x0,0x80,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0xBB33EA,0xBD5D5D2,0x8CEBCBD,0xD6EE018,0x6D2643F,0x647A636,0xDB0BDDF,0x8702A0,0x4000000,0x2}}};
-const BIG_256_28 CURVE_WB_BN254CX[4]= {{0x67A84B0,0x1C21185,0x12B040,0x3C,0x2000,0x0,0x0,0x0,0x0,0x0},{0xE220475,0xCDF995B,0xA7F9A36,0x94EDA8C,0xA0DC07E,0x8702,0x300000,0x0,0x0,0x0},{0xF10B93,0x66FCCAE,0x53FCD3B,0x4A76D46,0x506E03F,0x4381,0x180000,0x0,0x0,0x0},{0xDFAAA11,0x1C21185,0x12B0C0,0x3C,0x2000,0x0,0x0,0x0,0x0,0x0}};
-const BIG_256_28 CURVE_BB_BN254CX[4][4]= {{{0x32B0CBD,0x11C0A63,0x906CE7E,0xD6EE0CC,0x6D2C43F,0x647A636,0xDB0BDDF,0x8702A0,0x4000000,0x2},{0x32B0CBC,0x11C0A63,0x906CE7E,0xD6EE0CC,0x6D2C43F,0x647A636,0xDB0BDDF,0x8702A0,0x4000000,0x2},{0x32B0CBC,0x11C0A63,0x906CE7E,0xD6EE0CC,0x6D2C43F,0x647A636,0xDB0BDDF,0x8702A0,0x4000000,0x2},{0x7802562,0x0,0x80,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x7802561,0x0,0x80,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x32B0CBC,0x11C0A63,0x906CE7E,0xD6EE0CC,0x6D2C43F,0x647A636,0xDB0BDDF,0x8702A0,0x4000000,0x2},{0x32B0CBD,0x11C0A63,0x906CE7E,0xD6EE0CC,0x6D2C43F,0x647A636,0xDB0BDDF,0x8702A0,0x4000000,0x2},{0x32B0CBC,0x11C0A63,0x906CE7E,0xD6EE0CC,0x6D2C43F,0x647A636,0xDB0BDDF,0x8702A0,0x4000000,0x2}},{{0x7802562,0x0,0x80,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x7802561,0x0,0x80,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x7802561,0x0,0x80,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x7802561,0x0,0x80,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x3C012B2,0x0,0x40,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0xF004AC2,0x0,0x100,0x0,0x0,0x0,0x
0,0x0,0x0,0x0},{0xF6AFA0A,0x11C0A62,0x906CE3E,0xD6EE0CC,0x6D2C43F,0x647A636,0xDB0BDDF,0x8702A0,0x4000000,0x2},{0x3C012B2,0x0,0x40,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}};
-#endif
-
-#if CHUNK==64
-
-const int CURVE_Cof_I_BN254CX= 1;
-const int CURVE_A_BN254CX= 1;
-const int CURVE_B_I_BN254CX= 2;
-const BIG_256_56 CURVE_B_BN254CX= {0x2L,0x0L,0x0L,0x0L,0x0L};
-const BIG_256_56 CURVE_Order_BN254CX= {0x11C0A636EB1F6DL,0xD6EE0CC906CEBEL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L};
-const BIG_256_56 CURVE_Gx_BN254CX= {0x6623EF5C1B55B2L,0xD6EE18093EE1BEL,0x647A6366D3243FL,0x8702A0DB0BDDFL,0x24000000L};
-const BIG_256_56 CURVE_Gy_BN254CX= {0x1L,0x0L,0x0L,0x0L,0x0L};
-const BIG_256_56 CURVE_Bnx_BN254CX= {0x3C012B1L,0x40L,0x0L,0x0L,0x0L};
-const BIG_256_56 CURVE_Cof_BN254CX= {0x1L,0x0L,0x0L,0x0L,0x0L};
-const BIG_256_56 CURVE_Cru_BN254CX= {0xE0931794235C97L,0xDF6471EF875631L,0xCA83F1440BDL,0x480000L,0x0L};
-
-const BIG_256_56 CURVE_Pxa_BN254CX= {0x851CEEE4D2EC74L,0x85BFA03E2726C0L,0xF5C34BBB907CL,0x7053B256358B25L,0x19682D2CL};
-const BIG_256_56 CURVE_Pxb_BN254CX= {0xA58E8B2E29CFE1L,0x97B0C209C30F47L,0x37A8E99743F81BL,0x3E19F64AA011C9L,0x1466B9ECL};
-const BIG_256_56 CURVE_Pya_BN254CX= {0xFBFCEBCF0BE09FL,0xB33D847EC1B30CL,0x157DAEE2096361L,0x72332B8DD81E22L,0xA79EDD9L};
-const BIG_256_56 CURVE_Pyb_BN254CX= {0x904B228898EE9DL,0x4EA569D2EDEBEDL,0x512D8D3461C286L,0xECC4C09035C6E4L,0x6160C39L};
-
-
-const BIG_256_56 CURVE_W_BN254CX[2]= {{0x546349162FEB83L,0xB40381200L,0x6000L,0x0L,0x0L},{0x7802561L,0x80L,0x0L,0x0L,0x0L}};
-const BIG_256_56 CURVE_SB_BN254CX[2][2]= {{{0x5463491DB010E4L,0xB40381280L,0x6000L,0x0L,0x0L},{0x7802561L,0x80L,0x0L,0x0L,0x0L}},{{0x7802561L,0x80L,0x0L,0x0L,0x0L},{0xBD5D5D20BB33EAL,0xD6EE0188CEBCBDL,0x647A6366D2643FL,0x8702A0DB0BDDFL,0x24000000L}}};
-const BIG_256_56 CURVE_WB_BN254CX[4]= {{0x1C2118567A84B0L,0x3C012B040L,0x2000L,0x0L,0x0L},{0xCDF995BE220475L,0x94EDA8CA7F9A36L,0x8702A0DC07EL,0x300000L,0x0L},{0x66FCCAE0F10B93L,0x4A76D4653FCD3BL,0x4381506E03FL,0x180000L,0x0L},{0x1C21185DFAAA11L,0x3C012B0C0L,0x2000L,0x0L,0x0L}};
-const BIG_256_56 CURVE_BB_BN254CX[4][4]= {{{0x11C0A6332B0CBDL,0xD6EE0CC906CE7EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L},{0x11C0A6332B0CBCL,0xD6EE0CC906CE7EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L},{0x11C0A6332B0CBCL,0xD6EE0CC906CE7EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L},{0x7802562L,0x80L,0x0L,0x0L,0x0L}},{{0x7802561L,0x80L,0x0L,0x0L,0x0L},{0x11C0A6332B0CBCL,0xD6EE0CC906CE7EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L},{0x11C0A6332B0CBDL,0xD6EE0CC906CE7EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L},{0x11C0A6332B0CBCL,0xD6EE0CC906CE7EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L}},{{0x7802562L,0x80L,0x0L,0x0L,0x0L},{0x7802561L,0x80L,0x0L,0x0L,0x0L},{0x7802561L,0x80L,0x0L,0x0L,0x0L},{0x7802561L,0x80L,0x0L,0x0L,0x0L}},{{0x3C012B2L,0x40L,0x0L,0x0L,0x0L},{0xF004AC2L,0x100L,0x0L,0x0L,0x0L},{0x11C0A62F6AFA0AL,0xD6EE0CC906CE3EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L},{0x3C012B2L,0x40L,0x0L,0x0L,0x0L}}};
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_curve_BRAINPOOL.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_curve_BRAINPOOL.c b/version3/c/rom_curve_BRAINPOOL.c
deleted file mode 100644
index ef8bea7..0000000
--- a/version3/c/rom_curve_BRAINPOOL.c
+++ /dev/null
@@ -1,36 +0,0 @@
-#include "arch.h"
-#include "ecp_BRAINPOOL.h"
-
-/* Brainpool Curve */
-/* Note that the original curve has been transformed to an isomorphic curve with A=-3 */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-
-const int CURVE_Cof_I_BRAINPOOL= 1;
-const BIG_256_28 CURVE_Cof_BRAINPOOL= {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const int CURVE_A_BRAINPOOL= -3;
-const int CURVE_B_I_BRAINPOOL= 0;
-const BIG_256_28 CURVE_B_BRAINPOOL= {0xEE92B04,0xE58101F,0xF49256A,0xEBC4AF2,0x6B7BF93,0x733D0B7,0x4FE66A7,0x30D84EA,0x62C61C4,0x6};
-const BIG_256_28 CURVE_Order_BRAINPOOL= {0x74856A7,0x1E0E829,0x1A6F790,0x7AA3B56,0xD718C39,0x909D838,0xC3E660A,0xA1EEA9B,0x9FB57DB,0xA};
-const BIG_256_28 CURVE_Gx_BRAINPOOL= {0xE1305F4,0xA191562,0xFBC2B79,0x42C47AA,0x149AFA1,0xB23A656,0x7732213,0xC1CFE7B,0x3E8EB3C,0xA};
-const BIG_256_28 CURVE_Gy_BRAINPOOL= {0xB25C9BE,0xABE8F35,0x27001D,0xB6DE39D,0x17E69BC,0xE146444,0xD7F7B22,0x3439C56,0xD996C82,0x2};
-#endif
-
-#if CHUNK==64
-
-const int CURVE_Cof_I_BRAINPOOL= 1;
-const BIG_256_56 CURVE_Cof_BRAINPOOL= {0x1L,0x0L,0x0L,0x0L,0x0L};
-const int CURVE_A_BRAINPOOL= -3;
-const int CURVE_B_I_BRAINPOOL= 0;
-const BIG_256_56 CURVE_B_BRAINPOOL= {0xE58101FEE92B04L,0xEBC4AF2F49256AL,0x733D0B76B7BF93L,0x30D84EA4FE66A7L,0x662C61C4L};
-const BIG_256_56 CURVE_Order_BRAINPOOL= {0x1E0E82974856A7L,0x7AA3B561A6F790L,0x909D838D718C39L,0xA1EEA9BC3E660AL,0xA9FB57DBL};
-const BIG_256_56 CURVE_Gx_BRAINPOOL= {0xA191562E1305F4L,0x42C47AAFBC2B79L,0xB23A656149AFA1L,0xC1CFE7B7732213L,0xA3E8EB3CL};
-const BIG_256_56 CURVE_Gy_BRAINPOOL= {0xABE8F35B25C9BEL,0xB6DE39D027001DL,0xE14644417E69BCL,0x3439C56D7F7B22L,0x2D996C82L};
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_curve_C25519.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_curve_C25519.c b/version3/c/rom_curve_C25519.c
deleted file mode 100644
index 1841bd6..0000000
--- a/version3/c/rom_curve_C25519.c
+++ /dev/null
@@ -1,27 +0,0 @@
-#include "arch.h"
-#include "ecp_C25519.h"
-
-/* Curve 25519 */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-const int CURVE_Cof_I_C25519=8;
-const BIG_256_29 CURVE_Cof_C25519= {0x8,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const int CURVE_A_C25519=486662;
-const BIG_256_29 CURVE_Order_C25519= {0x1CF5D3ED,0x9318D2,0x1DE73596,0x1DF3BD45,0x14D,0x0,0x0,0x0,0x100000};
-const BIG_256_29 CURVE_Gx_C25519= {0x9};
-#endif
-
-#if CHUNK==64
-const int CURVE_Cof_I_C25519=8;
-const BIG_256_56 CURVE_Cof_C25519= {0x8,0x0,0x0,0x0,0x0};
-const int CURVE_A_C25519=486662;
-const BIG_256_56 CURVE_Order_C25519= {0x12631A5CF5D3ED,0xF9DEA2F79CD658,0x14DE,0x0,0x10000000};
-const BIG_256_56 CURVE_Gx_C25519= {0x9};
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_curve_C41417.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_curve_C41417.c b/version3/c/rom_curve_C41417.c
deleted file mode 100644
index 457a433..0000000
--- a/version3/c/rom_curve_C41417.c
+++ /dev/null
@@ -1,35 +0,0 @@
-#include "arch.h"
-#include "ecp_C41417.h"
-
-/* Curve C41417 */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-
-const int CURVE_Cof_I_C41417= 8;
-const BIG_416_29 CURVE_Cof_C41417= {0x8,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const int CURVE_A_C41417= 1;
-const int CURVE_B_I_C41417= 3617;
-const BIG_416_29 CURVE_B_C41417= {0xE21,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_416_29 CURVE_Order_C41417= {0x106AF79,0x18738D2F,0x18F3C606,0x1806715A,0x22B36F1,0xA67B830,0xCF32490,0x1FFFFFFD,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1F};
-const BIG_416_29 CURVE_Gx_C41417= {0x13CBC595,0x7E9C097,0x14DF1931,0x14E7F550,0x1A111301,0x15A6B6B5,0xD526292,0x18FEAFFE,0x1F44C03E,0x1E6A31B4,0x70C9B97,0x43180C6,0x1443300,0x19A4828A,0x68};
-const BIG_416_29 CURVE_Gy_C41417= {0x22,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-#endif
-
-#if CHUNK==64
-
-const int CURVE_Cof_I_C41417= 8;
-const BIG_416_60 CURVE_Cof_C41417= {0x8L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
-const int CURVE_A_C41417= 1;
-const int CURVE_B_I_C41417= 3617;
-const BIG_416_60 CURVE_B_C41417= {0xE21L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
-const BIG_416_60 CURVE_Order_C41417= {0xB0E71A5E106AF79L,0x1C0338AD63CF181L,0x414CF706022B36FL,0xFFFFFFFFEB3CC92L,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0x7FFFFFFFFFFFFL};
-const BIG_416_60 CURVE_Gx_C41417= {0x4FD3812F3CBC595L,0x1A73FAA8537C64CL,0x4AB4D6D6BA11130L,0x3EC7F57FF35498AL,0xE5FCD46369F44C0L,0x300218C0631C326L,0x1A334905141443L};
-const BIG_416_60 CURVE_Gy_C41417= {0x22L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_curve_ED25519.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_curve_ED25519.c b/version3/c/rom_curve_ED25519.c
deleted file mode 100644
index 9cda673..0000000
--- a/version3/c/rom_curve_ED25519.c
+++ /dev/null
@@ -1,45 +0,0 @@
-#include "arch.h"
-#include "ecp_ED25519.h"
-
-/* ED25519 */
-
-#if CHUNK==16
-/* Ed25519 Curve */
-
-const int CURVE_Cof_I_ED25519= 8;
-const BIG_256_13 CURVE_Cof_ED25519= {0x8,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const int CURVE_A_ED25519= -1;
-const int CURVE_B_I_ED25519= 0;
-const BIG_256_13 CURVE_B_ED25519= {0x18A3,0x1ACB,0x1284,0x169B,0x175E,0xC55,0x507,0x9A8,0x100A,0x3,0x1A26,0xEF3,0x797,0x3A0,0xE33,0x1FCE,0xB6F,0x771,0xDB,0xA4};
-const BIG_256_13 CURVE_Order_ED25519= {0x13ED,0x7AE,0x697,0x4C6,0x581,0xE6B,0xBDE,0x1BD4,0x1EF9,0xA6,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x20};
-const BIG_256_13 CURVE_Gx_ED25519= {0x151A,0x192E,0x1823,0xC5A,0xC95,0x13D9,0x1496,0xC12,0xCC7,0x349,0x1717,0x1BAD,0x31F,0x1271,0x1B02,0xA7F,0xD6E,0x169E,0x1A4D,0x42};
-const BIG_256_13 CURVE_Gy_ED25519= {0x658,0x1333,0x1999,0xCCC,0x666,0x1333,0x1999,0xCCC,0x666,0x1333,0x1999,0xCCC,0x666,0x1333,0x1999,0xCCC,0x666,0x1333,0x1999,0xCC};
-#endif
-
-#if CHUNK==32
-
-const int CURVE_Cof_I_ED25519= 8;
-const BIG_256_29 CURVE_Cof_ED25519= {0x8,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const int CURVE_A_ED25519= -1;
-const int CURVE_B_I_ED25519= 0;
-const BIG_256_29 CURVE_B_ED25519= {0x135978A3,0xF5A6E50,0x10762ADD,0x149A82,0x1E898007,0x3CBBBC,0x19CE331D,0x1DC56DFF,0x52036C};
-const BIG_256_29 CURVE_Order_ED25519= {0x1CF5D3ED,0x9318D2,0x1DE73596,0x1DF3BD45,0x14D,0x0,0x0,0x0,0x100000};
-const BIG_256_29 CURVE_Gx_ED25519= {0xF25D51A,0xAB16B04,0x969ECB2,0x198EC12A,0xDC5C692,0x1118FEEB,0xFFB0293,0x1A79ADCA,0x216936};
-const BIG_256_29 CURVE_Gy_ED25519= {0x6666658,0x13333333,0x19999999,0xCCCCCCC,0x6666666,0x13333333,0x19999999,0xCCCCCCC,0x666666};
-
-
-#endif
-
-#if CHUNK==64
-
-const int CURVE_Cof_I_ED25519= 8;
-const BIG_256_56 CURVE_Cof_ED25519= {0x8L,0x0L,0x0L,0x0L,0x0L};
-const int CURVE_A_ED25519= -1;
-const int CURVE_B_I_ED25519= 0;
-const BIG_256_56 CURVE_B_ED25519= {0xEB4DCA135978A3L,0xA4D4141D8AB75L,0x797779E8980070L,0x2B6FFE738CC740L,0x52036CEEL};
-const BIG_256_56 CURVE_Order_ED25519= {0x12631A5CF5D3EDL,0xF9DEA2F79CD658L,0x14DEL,0x0L,0x10000000L};
-const BIG_256_56 CURVE_Gx_ED25519= {0x562D608F25D51AL,0xC7609525A7B2C9L,0x31FDD6DC5C692CL,0xCD6E53FEC0A4E2L,0x216936D3L};
-const BIG_256_56 CURVE_Gy_ED25519= {0x66666666666658L,0x66666666666666L,0x66666666666666L,0x66666666666666L,0x66666666L};
-
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_curve_FP256BN.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_curve_FP256BN.c b/version3/c/rom_curve_FP256BN.c
deleted file mode 100644
index cf55157..0000000
--- a/version3/c/rom_curve_FP256BN.c
+++ /dev/null
@@ -1,86 +0,0 @@
-#include "arch.h"
-#include "ecp_FP256BN.h"
-
-/* Curve FP256BN - Pairing friendly BN curve */
-
-/* ISO curve */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-
-const int CURVE_Cof_I_FP256BN= 1;
-const int CURVE_A_FP256BN= 0;
-const int CURVE_B_I_FP256BN= 3;
-const BIG_256_28 CURVE_B_FP256BN= {0x3,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_256_28 CURVE_Order_FP256BN= {0x10B500D,0x2D536CD,0x9921AF6,0x65FB129,0x49E0CDC,0x5EEE71A,0xD46E5F2,0xFFFCF0C,0xFFFFFFF,0xF};
-const BIG_256_28 CURVE_Gx_FP256BN= {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_256_28 CURVE_Gy_FP256BN= {0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-
-const BIG_256_28 CURVE_Bnx_FP256BN= {0xB0A801,0x82F5C03,0x68,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_256_28 CURVE_Cof_FP256BN= {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_256_28 CURVE_Cru_FP256BN= {0x3A1B807,0x1C0A24A,0x32D1EDB,0xD79DF19,0x8659BCD,0x4092101,0x13988E1,0x0,0x0,0x0};
-const BIG_256_28 CURVE_Pxa_FP256BN= {0x9C09EFB,0x2616B68,0xF843CD2,0x539A12B,0x13ACE1C,0x577C289,0x28560F,0xB4C96C2,0xE0C3350,0xF};
-const BIG_256_28 CURVE_Pxb_FP256BN= {0x37E6A2B,0x69ED34A,0x3589D2,0x78E287D,0x3B924DD,0xC637D81,0x4DB5AE1,0x738AC05,0xEA66057,0x4};
-const BIG_256_28 CURVE_Pya_FP256BN= {0xEDC27FF,0x9B481B,0x15848E9,0x24758D6,0xE51EFCB,0x75124E3,0x376770D,0xC542A3B,0x2046E7,0x7};
-const BIG_256_28 CURVE_Pyb_FP256BN= {0xAAD049B,0x1281114,0xA98B3E0,0xBE80821,0x29F8B4C,0x49297EB,0x42EEA6,0xD388C29,0x554E3BC,0x0};
-const BIG_256_28 CURVE_W_FP256BN[2]= {{0xB054003,0xF0036E1,0xE78663A,0xFFFFFFF,0xFFFF,0x0,0x0,0x0,0x0,0x0},{0x1615001,0x5EB806,0xD1,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
-const BIG_256_28 CURVE_SB_FP256BN[2][2]= {{{0xC669004,0xF5EEEE7,0xE78670B,0xFFFFFFF,0xFFFF,0x0,0x0,0x0,0x0,0x0},{0x1615001,0x5EB806,0xD1,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x1615001,0x5EB806,0xD1,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x606100A,0x3D4FFEB,0xB19B4BB,0x65FB129,0x49D0CDC,0x5EEE71A,0xD46E5F2,0xFFFCF0C,0xFFFFFFF,0xF}}};
-const BIG_256_28 CURVE_WB_FP256BN[4]= {{0xD30A800,0x20678F0,0x4D2CC10,0x5555555,0x5555,0x0,0x0,0x0,0x0,0x0},{0xD7DC805,0xD6764C0,0xBC3AD1A,0x8FBEA10,0x4467DE,0x8061601,0xD105EB,0x0,0x0,0x0},{0xF173803,0xACB6061,0x5E1D6C1,0x47DF508,0x82233EF,0xC030B00,0x6882F5,0x0,0x0,0x0},{0xE91F801,0x26530F6,0x4D2CCE1,0x5555555,0x5555,0x0,0x0,0x0,0x0,0x0}};
-const BIG_256_28 CURVE_BB_FP256BN[4][4]= {{{0x5AA80D,0xAA5DACA,0x9921A8D,0x65FB129,0x49E0CDC,0x5EEE71A,0xD46E5F2,0xFFFCF0C,0xFFFFFFF,0xF},
- {0x5AA80C,0xAA5DACA,0x9921A8D,0x65FB129,0x49E0CDC,0x5EEE71A,0xD46E5F2,0xFFFCF0C,0xFFFFFFF,0xF},
- {0x5AA80C,0xAA5DACA,0x9921A8D,0x65FB129,0x49E0CDC,0x5EEE71A,0xD46E5F2,0xFFFCF0C,0xFFFFFFF,0xF},
- {0x1615002,0x5EB806,0xD1,0x0,0x0,0x0,0x0,0x0,0x0,0x0}
- },
- { {0x1615001,0x5EB806,0xD1,0x0,0x0,0x0,0x0,0x0,0x0,0x0},
- {0x5AA80C,0xAA5DACA,0x9921A8D,0x65FB129,0x49E0CDC,0x5EEE71A,0xD46E5F2,0xFFFCF0C,0xFFFFFFF,0xF},
- {0x5AA80D,0xAA5DACA,0x9921A8D,0x65FB129,0x49E0CDC,0x5EEE71A,0xD46E5F2,0xFFFCF0C,0xFFFFFFF,0xF},
- {0x5AA80C,0xAA5DACA,0x9921A8D,0x65FB129,0x49E0CDC,0x5EEE71A,0xD46E5F2,0xFFFCF0C,0xFFFFFFF,0xF}
- },
- { {0x1615002,0x5EB806,0xD1,0x0,0x0,0x0,0x0,0x0,0x0,0x0},
- {0x1615001,0x5EB806,0xD1,0x0,0x0,0x0,0x0,0x0,0x0,0x0},
- {0x1615001,0x5EB806,0xD1,0x0,0x0,0x0,0x0,0x0,0x0,0x0},
- {0x1615001,0x5EB806,0xD1,0x0,0x0,0x0,0x0,0x0,0x0,0x0}
- },
- { {0xB0A802,0x82F5C03,0x68,0x0,0x0,0x0,0x0,0x0,0x0,0x0},
- {0x2C2A002,0xBD700C,0x1A2,0x0,0x0,0x0,0x0,0x0,0x0,0x0},
- {0xFAA000A,0x2767EC6,0x9921A25,0x65FB129,0x49E0CDC,0x5EEE71A,0xD46E5F2,0xFFFCF0C,0xFFFFFFF,0xF},
- {0xB0A802,0x82F5C03,0x68,0x0,0x0,0x0,0x0,0x0,0x0,0x0}
- }
-};
-
-
-
-
-#endif
-
-#if CHUNK==64
-
-const int CURVE_Cof_I_FP256BN= 1;
-const int CURVE_A_FP256BN= 0;
-const int CURVE_B_I_FP256BN= 3;
-const BIG_256_56 CURVE_B_FP256BN= {0x3L,0x0L,0x0L,0x0L,0x0L};
-const BIG_256_56 CURVE_Order_FP256BN= {0x2D536CD10B500DL,0x65FB1299921AF6L,0x5EEE71A49E0CDCL,0xFFFCF0CD46E5F2L,0xFFFFFFFFL};
-const BIG_256_56 CURVE_Gx_FP256BN= {0x1L,0x0L,0x0L,0x0L,0x0L};
-const BIG_256_56 CURVE_Gy_FP256BN= {0x2L,0x0L,0x0L,0x0L,0x0L};
-
-const BIG_256_56 CURVE_Bnx_FP256BN= {0x82F5C030B0A801L,0x68L,0x0L,0x0L,0x0L};
-const BIG_256_56 CURVE_Cof_FP256BN= {0x1L,0x0L,0x0L,0x0L,0x0L};
-const BIG_256_56 CURVE_Cru_FP256BN= {0x1C0A24A3A1B807L,0xD79DF1932D1EDBL,0x40921018659BCDL,0x13988E1L,0x0L};
-const BIG_256_56 CURVE_Pxa_FP256BN= {0x2616B689C09EFBL,0x539A12BF843CD2L,0x577C28913ACE1CL,0xB4C96C2028560FL,0xFE0C3350L};
-const BIG_256_56 CURVE_Pxb_FP256BN= {0x69ED34A37E6A2BL,0x78E287D03589D2L,0xC637D813B924DDL,0x738AC054DB5AE1L,0x4EA66057L};
-const BIG_256_56 CURVE_Pya_FP256BN= {0x9B481BEDC27FFL,0x24758D615848E9L,0x75124E3E51EFCBL,0xC542A3B376770DL,0x702046E7L};
-const BIG_256_56 CURVE_Pyb_FP256BN= {0x1281114AAD049BL,0xBE80821A98B3E0L,0x49297EB29F8B4CL,0xD388C29042EEA6L,0x554E3BCL};
-const BIG_256_56 CURVE_W_FP256BN[2]= {{0xF0036E1B054003L,0xFFFFFFFE78663AL,0xFFFFL,0x0L,0x0L},{0x5EB8061615001L,0xD1L,0x0L,0x0L,0x0L}};
-const BIG_256_56 CURVE_SB_FP256BN[2][2]= {{{0xF5EEEE7C669004L,0xFFFFFFFE78670BL,0xFFFFL,0x0L,0x0L},{0x5EB8061615001L,0xD1L,0x0L,0x0L,0x0L}},{{0x5EB8061615001L,0xD1L,0x0L,0x0L,0x0L},{0x3D4FFEB606100AL,0x65FB129B19B4BBL,0x5EEE71A49D0CDCL,0xFFFCF0CD46E5F2L,0xFFFFFFFFL}}};
-const BIG_256_56 CURVE_WB_FP256BN[4]= {{0x20678F0D30A800L,0x55555554D2CC10L,0x5555L,0x0L,0x0L},{0xD6764C0D7DC805L,0x8FBEA10BC3AD1AL,0x806160104467DEL,0xD105EBL,0x0L},{0xACB6061F173803L,0x47DF5085E1D6C1L,0xC030B0082233EFL,0x6882F5L,0x0L},{0x26530F6E91F801L,0x55555554D2CCE1L,0x5555L,0x0L,0x0L}};
-const BIG_256_56 CURVE_BB_FP256BN[4][4]= {{{0xAA5DACA05AA80DL,0x65FB1299921A8DL,0x5EEE71A49E0CDCL,0xFFFCF0CD46E5F2L,0xFFFFFFFFL},{0xAA5DACA05AA80CL,0x65FB1299921A8DL,0x5EEE71A49E0CDCL,0xFFFCF0CD46E5F2L,0xFFFFFFFFL},{0xAA5DACA05AA80CL,0x65FB1299921A8DL,0x5EEE71A49E0CDCL,0xFFFCF0CD46E5F2L,0xFFFFFFFFL},{0x5EB8061615002L,0xD1L,0x0L,0x0L,0x0L}},{{0x5EB8061615001L,0xD1L,0x0L,0x0L,0x0L},{0xAA5DACA05AA80CL,0x65FB1299921A8DL,0x5EEE71A49E0CDCL,0xFFFCF0CD46E5F2L,0xFFFFFFFFL},{0xAA5DACA05AA80DL,0x65FB1299921A8DL,0x5EEE71A49E0CDCL,0xFFFCF0CD46E5F2L,0xFFFFFFFFL},{0xAA5DACA05AA80CL,0x65FB1299921A8DL,0x5EEE71A49E0CDCL,0xFFFCF0CD46E5F2L,0xFFFFFFFFL}},{{0x5EB8061615002L,0xD1L,0x0L,0x0L,0x0L},{0x5EB8061615001L,0xD1L,0x0L,0x0L,0x0L},{0x5EB8061615001L,0xD1L,0x0L,0x0L,0x0L},{0x5EB8061615001L,0xD1L,0x0L,0x0L,0x0L}},{{0x82F5C030B0A802L,0x68L,0x0L,0x0L,0x0L},{0xBD700C2C2A002L,0x1A2L,0x0L,0x0L,0x0L},{0x2767EC6FAA000AL,0x65FB1299921A25L,0x5EEE71A49E0CDCL,0xFFFCF0CD46E5F2L,0xFFFFFFFFL},{0x82F5C030B0A802L,0x68L
,0x0L,0x0L,0x0L}}};
-
-
-
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_curve_FP512BN.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_curve_FP512BN.c b/version3/c/rom_curve_FP512BN.c
deleted file mode 100644
index fa29e20..0000000
--- a/version3/c/rom_curve_FP512BN.c
+++ /dev/null
@@ -1,87 +0,0 @@
-#include "arch.h"
-#include "ecp_FP512BN.h"
-
-/* Curve FP512BN - Pairing friendly BN curve */
-
-/* ISO curve */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-
-const int CURVE_Cof_I_FP512BN= 1;
-const int CURVE_A_FP512BN= 0;
-const int CURVE_B_I_FP512BN= 3;
-const BIG_512_29 CURVE_B_FP512BN= {0x3,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_512_29 CURVE_Order_FP512BN= {0x119A09ED,0x153252FA,0x1E68AD01,0x627C09,0x79A34A1,0x12EF5593,0x2E39231,0x3D597D3,0x45146CF,0x88D877A,0x102EF8F0,0x1196A60F,0x1C60BA1D,0x1CF63F80,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFF};
-const BIG_512_29 CURVE_Gx_FP512BN= {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_512_29 CURVE_Gy_FP512BN= {0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-
-const BIG_512_29 CURVE_Bnx_FP512BN= {0x1E1BD80F,0x59835DA,0xC3DFC04,0x5EB8061,0x688,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_512_29 CURVE_Cof_FP512BN= {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-
-const BIG_512_29 CURVE_Cru_FP512BN= {0x1C79298A,0x1838B104,0x2C5F052,0x1DCCF337,0x6092AEC,0x4B35F29,0x1EB361E,0x11384EA,0x3074B20,0x17BB08FD,0x3A8B3E3,0xD70D66F,0x3D2A614,0x1CF63EE4,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFF};
-
-const BIG_512_29 CURVE_Pxa_FP512BN= {0xDB646B5,0x183D4B70,0x1CBFFA3,0x11F0E632,0x1C78F221,0x1F10DE5D,0x171B715E,0xF0C6A29,0x10B02453,0xBE63C66,0xE6D5F69,0x166B1E1B,0x4BBBD29,0x179E750F,0x6E9D04,0xC912B10,0x1339E138,0x1D8B2};
-const BIG_512_29 CURVE_Pxb_FP512BN= {0x1A8AE0E9,0xDAE5F7E,0x22446CF,0x1948239B,0x15ADCE40,0xB709C1E,0x18357943,0xE50AA4D,0x19781E22,0x12B35CA6,0x11DAA2C0,0x18D8DDE4,0x5EA656D,0x15F45A41,0xD311A02,0xCFCD913,0x13CBF850,0x240E0};
-const BIG_512_29 CURVE_Pya_FP512BN= {0xDDE67A1,0x12401895,0x17BEE178,0x142F5AC2,0xB7BC5CD,0x92A1404,0x1A3B748C,0x17BD82A7,0x14B6CD18,0xAC34CE,0x1740FB97,0x1ECC15F9,0x17085B1D,0x1D1BA793,0x1BD6AC32,0x18F70525,0xC84C827,0x3780F};
-const BIG_512_29 CURVE_Pyb_FP512BN= {0x84F8E8B,0xC5B8C36,0xFDD85A1,0xB84449,0x19C08DFF,0x56BF713,0x1C5290C4,0x187C5CA0,0x1DA2897F,0x24B0CA0,0x326D8F4,0x2310CF6,0x1021438C,0xFBAEC8F,0xD9030C5,0x1CF06358,0x1CEC8B04,0x28D1D};
-const BIG_512_29 CURVE_W_FP512BN[2]= {{0x9834583,0x887C4BA,0x5A85CFC,0xBF7223A,0xF63FE96,0x1FFFFFFE,0x1FFFFFFF,0x1FFFFFFF,0xFFFFFF,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x1C37B01F,0xB306BB5,0x187BF808,0xBD700C2,0xD10,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
-const BIG_512_29 CURVE_SB_FP512BN[2][2]= {{{0xD4B9564,0x1D575904,0xD2C64F3,0x202177,0xF63F186,0x1FFFFFFE,0x1FFFFFFF,0x1FFFFFFF,0xFFFFFF,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x156259CE,0xA01E744,0x5ECB4F9,0x148B7B47,0x79A2790,0x12EF5593,0x2E39231,0x3D597D3,0x45146CF,0x88D877A,0x102EF8F0,0x1196A60F,0x1C60BA1D,0x1CF63F80,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFF}},{{0x1C37B01F,0xB306BB5,0x187BF808,0xBD700C2,0xD10,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x9834583,0x887C4BA,0x5A85CFC,0xBF7223A,0xF63FE96,0x1FFFFFFE,0x1FFFFFFF,0x1FFFFFFF,0xFFFFFF,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}};
-const BIG_512_29 CURVE_WB_FP512BN[4]= {{0x155A29F0,0x16D59B55,0xF4C305,0x18858C0B,0x5215FBF,0xAAAAAAA,0x15555555,0xAAAAAAA,0x555555,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x2355D4B,0x1758095D,0x1FE13C5F,0x41F83FA,0xBB5E5CF,0x97D4EF1,0xB503D62,0x172C0C9B,0x16315274,0x15E1A9A8,0x859835D,0x2C3DFC0,0x105EB806,0x68,0x0,0x0,0x0,0x0},{0x289AAD,0x1E781F9C,0x60F9C31,0x1505822E,0x15DAF62B,0x4BEA778,0x15A81EB1,0xB96064D,0xB18A93A,0x1AF0D4D4,0x42CC1AE,0x161EFE0,0x82F5C03,0x34,0x0,0x0,0x0,0x0},{0x192279D1,0xBA52F9F,0x878CAFD,0xCAE8B48,0x52152AF,0xAAAAAAA,0x15555555,0xAAAAAAA,0x555555,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
-const BIG_512_29 CURVE_BB_FP512BN[4][4]= {{{0x1E1BD810,0x59835DA,0xC3DFC04,0x5EB8061,0x688,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},
- {0x1E1BD80F,0x59835DA,0xC3DFC04,0x5EB8061,0x688,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},
- {0x1E1BD80F,0x59835DA,0xC3DFC04,0x5EB8061,0x688,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},
- {0x156259CF,0xA01E744,0x5ECB4F9,0x148B7B47,0x79A2790,0x12EF5593,0x2E39231,0x3D597D3,0x45146CF,0x88D877A,0x102EF8F0,0x1196A60F,0x1C60BA1D,0x1CF63F80,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFF}
- },
- { {0x1C37B01F,0xB306BB5,0x187BF808,0xBD700C2,0xD10,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},
- {0x137E31DE,0xF9A1D1F,0x122AB0FD,0x1A76FBA8,0x79A2E18,0x12EF5593,0x2E39231,0x3D597D3,0x45146CF,0x88D877A,0x102EF8F0,0x1196A60F,0x1C60BA1D,0x1CF63F80,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFF},
- {0x137E31DD,0xF9A1D1F,0x122AB0FD,0x1A76FBA8,0x79A2E18,0x12EF5593,0x2E39231,0x3D597D3,0x45146CF,0x88D877A,0x102EF8F0,0x1196A60F,0x1C60BA1D,0x1CF63F80,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFF},
- {0x137E31DE,0xF9A1D1F,0x122AB0FD,0x1A76FBA8,0x79A2E18,0x12EF5593,0x2E39231,0x3D597D3,0x45146CF,0x88D877A,0x102EF8F0,0x1196A60F,0x1C60BA1D,0x1CF63F80,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFF}
- },
- { {0x1C37B01E,0xB306BB5,0x187BF808,0xBD700C2,0xD10,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},
- {0x1C37B01F,0xB306BB5,0x187BF808,0xBD700C2,0xD10,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},
- {0x1C37B01F,0xB306BB5,0x187BF808,0xBD700C2,0xD10,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},
- {0x1C37B01F,0xB306BB5,0x187BF808,0xBD700C2,0xD10,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}
- },
- { {0x137E31DF,0xF9A1D1F,0x122AB0FD,0x1A76FBA8,0x79A2E18,0x12EF5593,0x2E39231,0x3D597D3,0x45146CF,0x88D877A,0x102EF8F0,0x1196A60F,0x1C60BA1D,0x1CF63F80,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFF},
- {0x192AA9AF,0x1ED17B8E,0xD70BCF0,0x8B47A84,0x79A1A80,0x12EF5593,0x2E39231,0x3D597D3,0x45146CF,0x88D877A,0x102EF8F0,0x1196A60F,0x1C60BA1D,0x1CF63F80,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFF},
- {0x1C37B01D,0xB306BB5,0x187BF808,0xBD700C2,0xD10,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},
- {0x137E31DF,0xF9A1D1F,0x122AB0FD,0x1A76FBA8,0x79A2E18,0x12EF5593,0x2E39231,0x3D597D3,0x45146CF,0x88D877A,0x102EF8F0,0x1196A60F,0x1C60BA1D,0x1CF63F80,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFF}
- }
-};
-
-
-#endif
-
-#if CHUNK==64
-
-const int CURVE_Cof_I_FP512BN= 1;
-const int CURVE_A_FP512BN= 0;
-const int CURVE_B_I_FP512BN= 3;
-const BIG_512_60 CURVE_B_FP512BN= {0x3L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
-const BIG_512_60 CURVE_Order_FP512BN= {0x6A64A5F519A09EDL,0x10313E04F9A2B40L,0xC65DEAB2679A34AL,0xCF1EACBE98B8E48L,0x3C111B0EF445146L,0xA1D8CB5307C0BBEL,0xFFFF9EC7F01C60BL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFL};
-const BIG_512_60 CURVE_Gx_FP512BN= {0x1L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
-const BIG_512_60 CURVE_Gy_FP512BN= {0x2L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
-
-const BIG_512_60 CURVE_Bnx_FP512BN= {0xB306BB5E1BD80FL,0x82F5C030B0F7F01L,0x68L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
-const BIG_512_60 CURVE_Cof_FP512BN= {0x1L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
-
-const BIG_512_60 CURVE_Cru_FP512BN= {0xB0716209C79298AL,0xCEE6799B8B17C14L,0x78966BE526092AEL,0x20089C27507ACD8L,0xF8EF7611FA3074BL,0x6146B86B378EA2CL,0xFFFF9EC7DC83D2AL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFL};
-
-const BIG_512_60 CURVE_Pxa_FP512BN= {0xF07A96E0DB646B5L,0x18F87319072FFE8L,0x7BE21BCBBC78F22L,0x537863514DC6DC5L,0xDA57CC78CD0B024L,0xD29B358F0DB9B57L,0x7412F3CEA1E4BBBL,0xE138648958801BAL,0x3B165339L};
-const BIG_512_60 CURVE_Pxb_FP512BN= {0xDB5CBEFDA8AE0E9L,0xCA411CD88911B3L,0xD6E1383D5ADCE4L,0x227285526E0D5E5L,0xB02566B94D9781EL,0x56DC6C6EF2476A8L,0x680ABE8B4825EA6L,0xF85067E6C89B4C4L,0x481C13CBL};
-const BIG_512_60 CURVE_Pya_FP512BN= {0x2480312ADDE67A1L,0xDA17AD615EFB85EL,0x312542808B7BC5CL,0x18BDEC153E8EDD2L,0xE5C158699D4B6CDL,0xB1DF660AFCDD03EL,0xB0CBA374F277085L,0xC827C7B8292EF5AL,0x6F01EC84L};
-const BIG_512_60 CURVE_Pyb_FP512BN= {0x58B7186C84F8E8BL,0xF05C2224BF76168L,0x10AD7EE279C08DFL,0x7FC3E2E50714A43L,0x3D04961941DA289L,0x38C118867B0C9B6L,0xC315F75D91F0214L,0x8B04E7831AC3640L,0x51A3BCECL};
-const BIG_512_60 CURVE_W_FP512BN[2]= {{0x110F89749834583L,0x65FB911D16A173FL,0xFFFFFFFFCF63FE9L,0xFFFFFFFFFFFFFFFL,0xFFFFL,0x0L,0x0L,0x0L,0x0L},{0x1660D76BC37B01FL,0x5EB806161EFE02L,0xD1L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}};
-const BIG_512_60 CURVE_SB_FP512BN[2][2]= {{{0xFAAEB208D4B9564L,0x601010BBB4B193CL,0xFFFFFFFFCF63F18L,0xFFFFFFFFFFFFFFFL,0xFFFFL,0x0L,0x0L,0x0L,0x0L},{0x5403CE8956259CEL,0xA45BDA397B2D3EL,0xC65DEAB2679A279L,0xCF1EACBE98B8E48L,0x3C111B0EF445146L,0xA1D8CB5307C0BBEL,0xFFFF9EC7F01C60BL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFL}},{{0x1660D76BC37B01FL,0x5EB806161EFE02L,0xD1L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x110F89749834583L,0x65FB911D16A173FL,0xFFFFFFFFCF63FE9L,0xFFFFFFFFFFFFFFFL,0xFFFFL,0x0L,0x0L,0x0L,0x0L}}};
-const BIG_512_60 CURVE_WB_FP512BN[4]= {{0x6DAB36AB55A29F0L,0xFC42C60583D30C1L,0x5555555545215FBL,0x555555555555555L,0x5555L,0x0L,0x0L,0x0L,0x0L},{0xEEB012BA2355D4BL,0xF20FC1FD7F84F17L,0x892FA9DE2BB5E5CL,0x74B96064DAD40F5L,0xD76BC3535163152L,0x806161EFE021660L,0xD105EBL,0x0L,0x0L},{0x7CF03F380289AADL,0xBA82C117183E70CL,0xC497D4EF15DAF62L,0x3A5CB0326D6A07AL,0x6BB5E1A9A8B18A9L,0xC030B0F7F010B30L,0x6882F5L,0x0L,0x0L},{0x574A5F3F92279D1L,0xF65745A421E32BFL,0x55555555452152AL,0x555555555555555L,0x5555L,0x0L,0x0L,0x0L,0x0L}};
-const BIG_512_60 CURVE_BB_FP512BN[4][4]= {{{0xB306BB5E1BD810L,0x82F5C030B0F7F01L,0x68L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0xB306BB5E1BD80FL,0x82F5C030B0F7F01L,0x68L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0xB306BB5E1BD80FL,0x82F5C030B0F7F01L,0x68L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x5403CE8956259CFL,0xA45BDA397B2D3EL,0xC65DEAB2679A279L,0xCF1EACBE98B8E48L,0x3C111B0EF445146L,0xA1D8CB5307C0BBEL,0xFFFF9EC7F01C60BL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFL}},{{0x1660D76BC37B01FL,0x5EB806161EFE02L,0xD1L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x5F343A3F37E31DEL,0x8D3B7DD448AAC3FL,0xC65DEAB2679A2E1L,0xCF1EACBE98B8E48L,0x3C111B0EF445146L,0xA1D8CB5307C0BBEL,0xFFFF9EC7F01C60BL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFL},{0x5F343A3F37E31DDL,0x8D3B7DD448AAC3FL,0xC65DEAB2679A2E1L,0xCF1EACBE98B8E48L,0x3C111B0EF445146L,0xA1D8CB5307C0BBEL,0xFFFF9EC7F01C60BL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFL},{0x5F343A3F37E31DEL,0x8D3B7DD448AAC3FL,0xC65DEAB2679A2E1L,0xCF1EACBE98B8E48L,0x3C111B0EF445146L,0xA1D8CB5307C0BBEL,0xFFFF9EC7F01C60BL,0xFFFFFFFFFFFFFFFL,0x
FFFFFFFFL}},{{0x1660D76BC37B01EL,0x5EB806161EFE02L,0xD1L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x1660D76BC37B01FL,0x5EB806161EFE02L,0xD1L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x1660D76BC37B01FL,0x5EB806161EFE02L,0xD1L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x1660D76BC37B01FL,0x5EB806161EFE02L,0xD1L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x5F343A3F37E31DFL,0x8D3B7DD448AAC3FL,0xC65DEAB2679A2E1L,0xCF1EACBE98B8E48L,0x3C111B0EF445146L,0xA1D8CB5307C0BBEL,0xFFFF9EC7F01C60BL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFL},{0x3DA2F71D92AA9AFL,0x45A3D4235C2F3CL,0xC65DEAB2679A1A8L,0xCF1EACBE98B8E48L,0x3C111B0EF445146L,0xA1D8CB5307C0BBEL,0xFFFF9EC7F01C60BL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFL},{0x1660D76BC37B01DL,0x5EB806161EFE02L,0xD1L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x5F343A3F37E31DFL,0x8D3B7DD448AAC3FL,0xC65DEAB2679A2E1L,0xCF1EACBE98B8E48L,0x3C111B0EF445146L,0xA1D8CB5307C0BBEL,0xFFFF9EC7F01C60BL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFL}}};
-
-
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_curve_GOLDILOCKS.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_curve_GOLDILOCKS.c b/version3/c/rom_curve_GOLDILOCKS.c
deleted file mode 100644
index 3b168c8..0000000
--- a/version3/c/rom_curve_GOLDILOCKS.c
+++ /dev/null
@@ -1,37 +0,0 @@
-#include "arch.h"
-#include "ecp_GOLDILOCKS.h"
-
-/* Curve GOLDILOCKS */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-
-const int CURVE_Cof_I_GOLDILOCKS= 4;
-const BIG_448_29 CURVE_Cof_GOLDILOCKS= {0x4,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const int CURVE_A_GOLDILOCKS= 1;
-const int CURVE_B_I_GOLDILOCKS= -39081;
-const BIG_448_29 CURVE_B_GOLDILOCKS= {0x1FFF6756,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FDFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFF};
-const BIG_448_29 CURVE_Order_GOLDILOCKS= {0xB5844F3,0x1BC61495,0x1163D548,0x1984E51B,0x3690216,0xDA4D76B,0xFA7113B,0x1FEF9944,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FF};
-const BIG_448_29 CURVE_Gx_GOLDILOCKS= {0x15555555,0xAAAAAAA,0x15555555,0xAAAAAAA,0x15555555,0xAAAAAAA,0x15555555,0x152AAAAA,0xAAAAAAA,0x15555555,0xAAAAAAA,0x15555555,0xAAAAAAA,0x15555555,0xAAAAAAA,0x1555};
-const BIG_448_29 CURVE_Gy_GOLDILOCKS= {0xA9386ED,0x1757DE6F,0x13681AF6,0x19657DA3,0x3098BBB,0x12C19D15,0x12E03595,0xE515B18,0x17B7E36D,0x1AC426E,0xDBB5E8,0x10D8560,0x159D6205,0xB8246D9,0x17A58D2B,0x15C0};
-
-#endif
-
-#if CHUNK==64
-
-const int CURVE_Cof_I_GOLDILOCKS= 4;
-const BIG_448_58 CURVE_Cof_GOLDILOCKS= {0x4L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
-const int CURVE_A_GOLDILOCKS= 1;
-const int CURVE_B_I_GOLDILOCKS= -39081;
-const BIG_448_58 CURVE_B_GOLDILOCKS= {0x3FFFFFFFFFF6756L,0x3FFFFFFFFFFFFFFL,0x3FFFFFFFFFFFFFFL,0x3FBFFFFFFFFFFFFL,0x3FFFFFFFFFFFFFFL,0x3FFFFFFFFFFFFFFL,0x3FFFFFFFFFFFFFFL,0x3FFFFFFFFFFL};
-const BIG_448_58 CURVE_Order_GOLDILOCKS= {0x378C292AB5844F3L,0x3309CA37163D548L,0x1B49AED63690216L,0x3FDF3288FA7113BL,0x3FFFFFFFFFFFFFFL,0x3FFFFFFFFFFFFFFL,0x3FFFFFFFFFFFFFFL,0xFFFFFFFFFFL};
-const BIG_448_58 CURVE_Gx_GOLDILOCKS= {0x155555555555555L,0x155555555555555L,0x155555555555555L,0x2A5555555555555L,0x2AAAAAAAAAAAAAAL,0x2AAAAAAAAAAAAAAL,0x2AAAAAAAAAAAAAAL,0x2AAAAAAAAAAL};
-const BIG_448_58 CURVE_Gy_GOLDILOCKS= {0x2EAFBCDEA9386EDL,0x32CAFB473681AF6L,0x25833A2A3098BBBL,0x1CA2B6312E03595L,0x35884DD7B7E36DL,0x21B0AC00DBB5E8L,0x17048DB359D6205L,0x2B817A58D2BL};
-#endif
-
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_curve_HIFIVE.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_curve_HIFIVE.c b/version3/c/rom_curve_HIFIVE.c
deleted file mode 100644
index 20a25e5..0000000
--- a/version3/c/rom_curve_HIFIVE.c
+++ /dev/null
@@ -1,37 +0,0 @@
-#include "arch.h"
-#include "ecp_HIFIVE.h"
-
-/* Curve HIFIVE */
-
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-
-const int CURVE_Cof_I_HIFIVE= 8;
-const BIG_336_29 CURVE_Cof_HIFIVE= {0x8,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const int CURVE_A_HIFIVE= 1;
-const int CURVE_B_I_HIFIVE= 11111;
-const BIG_336_29 CURVE_B_HIFIVE= {0x2B67,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_336_29 CURVE_Order_HIFIVE= {0x1E9FA805,0x197CACB9,0x1E4EEA9E,0x17AD70F,0x1FA9850C,0x38A0A,0x0,0x0,0x0,0x0,0x0,0x4000};
-const BIG_336_29 CURVE_Gx_HIFIVE= {0xC,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_336_29 CURVE_Gy_HIFIVE= {0x5FE8632,0x15F63428,0xD976C4,0x1AACA194,0x35B6DB5,0x8E3F7A,0x52D1B0E,0xF0A7A36,0x1C161D00,0x8170C70,0x1185AD59,0x181B};
-#endif
-
-#if CHUNK==64
-
-const int CURVE_Cof_I_HIFIVE= 8;
-const BIG_336_60 CURVE_Cof_HIFIVE= {0x8L,0x0L,0x0L,0x0L,0x0L,0x0L};
-const int CURVE_A_HIFIVE= 1;
-const int CURVE_B_I_HIFIVE= 11111;
-const BIG_336_60 CURVE_B_HIFIVE= {0x2B67L,0x0L,0x0L,0x0L,0x0L,0x0L};
-const BIG_336_60 CURVE_Order_HIFIVE= {0xB2F95973E9FA805L,0xC0BD6B87F93BAA7L,0x71415FA9850L,0x0L,0x0L,0x200000000L};
-const BIG_336_60 CURVE_Gx_HIFIVE= {0xCL,0x0L,0x0L,0x0L,0x0L,0x0L};
-const BIG_336_60 CURVE_Gy_HIFIVE= {0x2BEC68505FE8632L,0x5D5650CA0365DB1L,0x3811C7EF435B6DBL,0x7853D1B14B46CL,0x56502E18E1C161DL,0xC0DC616BL};
-#endif
-
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_curve_NIST256.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_curve_NIST256.c b/version3/c/rom_curve_NIST256.c
deleted file mode 100644
index 2915b4d..0000000
--- a/version3/c/rom_curve_NIST256.c
+++ /dev/null
@@ -1,37 +0,0 @@
-#include "arch.h"
-#include "ecp_NIST256.h"
-
-/* Curve NIST256 */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-
-const int CURVE_Cof_I_NIST256= 1;
-const BIG_256_28 CURVE_Cof_NIST256= {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const int CURVE_A_NIST256= -3;
-const int CURVE_B_I_NIST256= 0;
-const BIG_256_28 CURVE_B_NIST256= {0x7D2604B,0xCE3C3E2,0x3B0F63B,0x6B0CC5,0x6BC651D,0x5576988,0x7B3EBBD,0xAA3A93E,0xAC635D8,0x5};
-const BIG_256_28 CURVE_Order_NIST256= {0xC632551,0xB9CAC2F,0x79E84F3,0xFAADA71,0xFFFBCE6,0xFFFFFFF,0xFFFFFF,0x0,0xFFFFFFF,0xF};
-const BIG_256_28 CURVE_Gx_NIST256= {0x898C296,0xA13945D,0xB33A0F4,0x7D812DE,0xF27703,0xE563A44,0x7F8BCE6,0xE12C424,0xB17D1F2,0x6};
-const BIG_256_28 CURVE_Gy_NIST256= {0x7BF51F5,0xB640683,0x15ECECB,0x33576B3,0xE162BCE,0x4A7C0F9,0xB8EE7EB,0xFE1A7F9,0xFE342E2,0x4};
-
-
-#endif
-
-#if CHUNK==64
-
-const int CURVE_Cof_I_NIST256= 1;
-const BIG_256_56 CURVE_Cof_NIST256= {0x1L,0x0L,0x0L,0x0L,0x0L};
-const int CURVE_A_NIST256= -3;
-const int CURVE_B_I_NIST256= 0;
-const BIG_256_56 CURVE_B_NIST256= {0xCE3C3E27D2604BL,0x6B0CC53B0F63BL,0x55769886BC651DL,0xAA3A93E7B3EBBDL,0x5AC635D8L};
-const BIG_256_56 CURVE_Order_NIST256= {0xB9CAC2FC632551L,0xFAADA7179E84F3L,0xFFFFFFFFFFBCE6L,0xFFFFFFL,0xFFFFFFFFL};
-const BIG_256_56 CURVE_Gx_NIST256= {0xA13945D898C296L,0x7D812DEB33A0F4L,0xE563A440F27703L,0xE12C4247F8BCE6L,0x6B17D1F2L};
-const BIG_256_56 CURVE_Gy_NIST256= {0xB6406837BF51F5L,0x33576B315ECECBL,0x4A7C0F9E162BCEL,0xFE1A7F9B8EE7EBL,0x4FE342E2L};
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_curve_NIST384.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_curve_NIST384.c b/version3/c/rom_curve_NIST384.c
deleted file mode 100644
index d246ec1..0000000
--- a/version3/c/rom_curve_NIST384.c
+++ /dev/null
@@ -1,36 +0,0 @@
-#include "arch.h"
-#include "ecp_NIST384.h"
-
-/* Curve NIST384 */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-
-const int CURVE_Cof_I_NIST384= 1;
-const BIG_384_29 CURVE_Cof_NIST384= {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const int CURVE_A_NIST384= -3;
-const int CURVE_B_I_NIST384= 0;
-const BIG_384_29 CURVE_B_NIST384= {0x13EC2AEF,0x142E476E,0xBB4674A,0xC731B14,0x1875AC65,0x447A809,0x4480C50,0xDDFD028,0x19181D9C,0x1F1FC168,0x623815A,0x47DCFC9,0x1312FA7E,0x59};
-const BIG_384_29 CURVE_Order_NIST384= {0xCC52973,0x760CB56,0xC29DEBB,0x141B6491,0x12DDF581,0x6C0FA1B,0x1FFF1D8D,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7F};
-const BIG_384_29 CURVE_Gx_NIST384= {0x12760AB7,0x12A2F1C3,0x154A5B0E,0x5E4BB7E,0x2A38550,0xF0412A,0xE6167DD,0xC5174F3,0x146E1D3B,0x1799056B,0x3AC71C7,0x1D160A6F,0x87CA22B,0x55};
-const BIG_384_29 CURVE_Gy_NIST384= {0x10EA0E5F,0x1218EBE4,0x1FA0675E,0x1639C3A,0xB8C00A6,0x1889DAF8,0x11F3A768,0x17A51342,0x9F8F41D,0x1C9496E1,0x1767A62F,0xC4C58DE,0x17DE4A9,0x1B};
-#endif
-
-#if CHUNK==64
-
-const int CURVE_Cof_I_NIST384= 1;
-const BIG_384_56 CURVE_Cof_NIST384= {0x1L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
-const int CURVE_A_NIST384= -3;
-const int CURVE_B_I_NIST384= 0;
-const BIG_384_56 CURVE_B_NIST384= {0x85C8EDD3EC2AEFL,0x398D8A2ED19D2AL,0x8F5013875AC656L,0xFE814112031408L,0xF82D19181D9C6EL,0xE7E4988E056BE3L,0xB3312FA7E23EL};
-const BIG_384_56 CURVE_Order_NIST384= {0xEC196ACCC52973L,0xDB248B0A77AECL,0x81F4372DDF581AL,0xFFFFFFFFC7634DL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFL};
-const BIG_384_56 CURVE_Gx_NIST384= {0x545E3872760AB7L,0xF25DBF55296C3AL,0xE082542A385502L,0x8BA79B9859F741L,0x20AD746E1D3B62L,0x5378EB1C71EF3L,0xAA87CA22BE8BL};
-const BIG_384_56 CURVE_Gy_NIST384= {0x431D7C90EA0E5FL,0xB1CE1D7E819D7AL,0x13B5F0B8C00A60L,0x289A147CE9DA31L,0x92DC29F8F41DBDL,0x2C6F5D9E98BF92L,0x3617DE4A9626L};
-#endif
-
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_curve_NIST521.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_curve_NIST521.c b/version3/c/rom_curve_NIST521.c
deleted file mode 100644
index 0262632..0000000
--- a/version3/c/rom_curve_NIST521.c
+++ /dev/null
@@ -1,35 +0,0 @@
-#include "arch.h"
-#include "ecp_NIST521.h"
-
-/* Curve NIST521 */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-
-const int CURVE_Cof_I_NIST521= 1;
-const BIG_528_28 CURVE_Cof_NIST521= {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const int CURVE_A_NIST521= -3;
-const int CURVE_B_I_NIST521= 0;
-const BIG_528_28 CURVE_B_NIST521= {0xB503F00,0x451FD46,0xC34F1EF,0xDF883D2,0xF073573,0xBD3BB1B,0xB1652C0,0xEC7E937,0x6193951,0xF109E15,0x489918E,0x15F3B8B,0x25B99B3,0xEEA2DA7,0xB68540,0x929A21A,0xE1C9A1F,0x3EB9618,0x5195};
-const BIG_528_28 CURVE_Order_NIST521= {0x1386409,0x6FB71E9,0xC47AEBB,0xC9B8899,0x5D03BB5,0x48F709A,0xB7FCC01,0xBF2F966,0x1868783,0xFFFFFA5,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0x1FFFF};
-const BIG_528_28 CURVE_Gx_NIST521= {0x2E5BD66,0x7E7E31C,0xA429BF9,0xB3C1856,0x8DE3348,0x27A2FFA,0x8FE1DC1,0xEFE7592,0x14B5E77,0x4D3DBAA,0x8AF606B,0xB521F82,0x139053F,0x429C648,0x62395B4,0x9E3ECB6,0x404E9CD,0x8E06B70,0xC685};
-const BIG_528_28 CURVE_Gy_NIST521= {0xFD16650,0xBE94769,0x2C24088,0x7086A27,0x761353C,0x13FAD0,0xC550B9,0x5EF4264,0x7EE7299,0x3E662C9,0xFBD1727,0x446817A,0x449579B,0xD998F54,0x42C7D1B,0x5C8A5FB,0xA3BC004,0x296A789,0x11839};
-#endif
-
-#if CHUNK==64
-
-const int CURVE_Cof_I_NIST521= 1;
-const BIG_528_60 CURVE_Cof_NIST521= {0x1L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
-const int CURVE_A_NIST521= -3;
-const int CURVE_B_I_NIST521= 0;
-const BIG_528_60 CURVE_B_NIST521= {0xF451FD46B503F00L,0x73DF883D2C34F1EL,0x2C0BD3BB1BF0735L,0x3951EC7E937B165L,0x9918EF109E15619L,0x5B99B315F3B8B48L,0xB68540EEA2DA72L,0x8E1C9A1F929A21AL,0x51953EB961L};
-const BIG_528_60 CURVE_Order_NIST521= {0xB6FB71E91386409L,0xB5C9B8899C47AEBL,0xC0148F709A5D03BL,0x8783BF2F966B7FCL,0xFFFFFFFFFFA5186L,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0x1FFFFFFFFFFL};
-const BIG_528_60 CURVE_Gx_NIST521= {0x97E7E31C2E5BD66L,0x48B3C1856A429BFL,0xDC127A2FFA8DE33L,0x5E77EFE75928FE1L,0xF606B4D3DBAA14BL,0x39053FB521F828AL,0x62395B4429C6481L,0x404E9CD9E3ECB6L,0xC6858E06B7L};
-const BIG_528_60 CURVE_Gy_NIST521= {0x8BE94769FD16650L,0x3C7086A272C2408L,0xB9013FAD076135L,0x72995EF42640C55L,0xD17273E662C97EEL,0x49579B446817AFBL,0x42C7D1BD998F544L,0x9A3BC0045C8A5FBL,0x11839296A78L};
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_curve_NUMS256E.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_curve_NUMS256E.c b/version3/c/rom_curve_NUMS256E.c
deleted file mode 100644
index 3f040ac..0000000
--- a/version3/c/rom_curve_NUMS256E.c
+++ /dev/null
@@ -1,43 +0,0 @@
-#include "arch.h"
-#include "ecp_NUMS256E.h"
-
-/* NUMS 256-bit Curve - Edwards */
-
-#if CHUNK==16
-
-const int CURVE_Cof_I_NUMS256E= 4;
-const BIG_256_13 CURVE_Cof_NUMS256E= {0x4,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const int CURVE_A_NUMS256E= 1;
-const int CURVE_B_I_NUMS256E= -15342;
-const BIG_256_13 CURVE_B_NUMS256E= {0x355,0x1FFE,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FF};
-const BIG_256_13 CURVE_Order_NUMS256E= {0xAF5,0x16EA,0x43B,0xF63,0x11A4,0x1CD,0x1D65,0x14A5,0x155A,0x20C,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x80};
-const BIG_256_13 CURVE_Gx_NUMS256E= {0x13DA,0x1768,0x40B,0x1D81,0xA0D,0x1AC3,0xC20,0x1DC,0x198A,0x1061,0x6F5,0x1241,0x15F6,0xF1E,0x1734,0x46F,0xAEA,0x7DB,0x1D45,0x114};
-const BIG_256_13 CURVE_Gy_NUMS256E= {0x9E6,0xC54,0x19DE,0xC2D,0x12FA,0x1769,0x215,0x1B02,0x1F61,0x38A,0x4,0xC97,0x1D9A,0xB32,0x1F3A,0x4B8,0x19D9,0x14FE,0x154F,0x89};
-
-#endif
-
-#if CHUNK==32
-
-const int CURVE_Cof_I_NUMS256E= 4;
-const BIG_256_29 CURVE_Cof_NUMS256E= {0x4,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const int CURVE_A_NUMS256E= 1;
-const int CURVE_B_I_NUMS256E= -15342;
-const BIG_256_29 CURVE_B_NUMS256E= {0x1FFFC355,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFFFFFF};
-const BIG_256_29 CURVE_Order_NUMS256E= {0xEDD4AF5,0x123D8C87,0x1650E6C6,0xAB54A5E,0x419,0x0,0x0,0x0,0x400000};
-const BIG_256_29 CURVE_Gx_NUMS256E= {0xEED13DA,0x6F60481,0x20D61A8,0x13141DC6,0x9BD60C3,0x1EAFB490,0xDF73478,0x1F6D5D44,0x8A7514};
-const BIG_256_29 CURVE_Gy_NUMS256E= {0x198A89E6,0x1D30B73B,0x15BB4CB,0x1EC3B021,0x18010715,0x12ECD325,0x171F3A59,0x13FB3B24,0x44D53E};
-
-#endif
-
-#if CHUNK==64
-
-const int CURVE_Cof_I_NUMS256E= 4;
-const BIG_256_56 CURVE_Cof_NUMS256E= {0x4L,0x0L,0x0L,0x0L,0x0L};
-const int CURVE_A_NUMS256E= 1;
-const int CURVE_B_I_NUMS256E= -15342;
-const BIG_256_56 CURVE_B_NUMS256E= {0xFFFFFFFFFFC355L,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFL};
-const BIG_256_56 CURVE_Order_NUMS256E= {0x47B190EEDD4AF5L,0x5AA52F59439B1AL,0x4195L,0x0L,0x40000000L};
-const BIG_256_56 CURVE_Gx_NUMS256E= {0xDEC0902EED13DAL,0x8A0EE3083586A0L,0x5F69209BD60C39L,0x6AEA237DCD1E3DL,0x8A7514FBL};
-const BIG_256_56 CURVE_Gy_NUMS256E= {0xA616E7798A89E6L,0x61D810856ED32FL,0xD9A64B8010715FL,0xD9D925C7CE9665L,0x44D53E9FL};
-
-#endif
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_curve_NUMS256W.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_curve_NUMS256W.c b/version3/c/rom_curve_NUMS256W.c
deleted file mode 100644
index 941d6a5..0000000
--- a/version3/c/rom_curve_NUMS256W.c
+++ /dev/null
@@ -1,34 +0,0 @@
-#include "arch.h"
-#include "ecp_NUMS256W.h"
-
-/* NUMS 256-bit Curve - Weierstrass */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-const int CURVE_Cof_I_NUMS256W= 1;
-const BIG_256_28 CURVE_Cof_NUMS256W= {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const int CURVE_A_NUMS256W= -3;
-const int CURVE_B_I_NUMS256W= 152961;
-const BIG_256_28 CURVE_B_NUMS256W= {0x25581,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_256_28 CURVE_Order_NUMS256W= {0x751A825,0xAB20294,0x65C6020,0x8275EA2,0xFFFE43C,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xF};
-const BIG_256_28 CURVE_Gx_NUMS256W= {0x21AACB1,0x52EE1EB,0x4C73ABC,0x9B0903D,0xB098357,0xA04F42C,0x1297A95,0x5AAADB6,0xC9ED6B6,0xB};
-const BIG_256_28 CURVE_Gy_NUMS256W= {0x184DE9F,0xB5B9CB2,0x10FBB80,0xC3D1153,0x35C955,0xF77E04E,0x673448B,0x3399B6A,0x8FC0F1,0xD};
-
-#endif
-
-#if CHUNK==64
-const int CURVE_Cof_I_NUMS256W= 1;
-const BIG_256_56 CURVE_Cof_NUMS256W= {0x1L,0x0L,0x0L,0x0L,0x0L};
-const int CURVE_A_NUMS256W= -3;
-const int CURVE_B_I_NUMS256W= 152961;
-const BIG_256_56 CURVE_B_NUMS256W= {0x25581L,0x0L,0x0L,0x0L,0x0L};
-const BIG_256_56 CURVE_Order_NUMS256W= {0xAB20294751A825L,0x8275EA265C6020L,0xFFFFFFFFFFE43CL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFL};
-const BIG_256_56 CURVE_Gx_NUMS256W= {0x52EE1EB21AACB1L,0x9B0903D4C73ABCL,0xA04F42CB098357L,0x5AAADB61297A95L,0xBC9ED6B6L};
-const BIG_256_56 CURVE_Gy_NUMS256W= {0xB5B9CB2184DE9FL,0xC3D115310FBB80L,0xF77E04E035C955L,0x3399B6A673448BL,0xD08FC0F1L};
-
-#endif
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_curve_NUMS384E.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_curve_NUMS384E.c b/version3/c/rom_curve_NUMS384E.c
deleted file mode 100644
index 4d9d249..0000000
--- a/version3/c/rom_curve_NUMS384E.c
+++ /dev/null
@@ -1,34 +0,0 @@
-#include "arch.h"
-#include "ecp_NUMS384E.h"
-
-/* NUMS 384-bit Curve - Edwards */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-
-const int CURVE_Cof_I_NUMS384E= 4;
-const BIG_384_29 CURVE_Cof_NUMS384E= {0x4,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const int CURVE_A_NUMS384E= 1;
-const int CURVE_B_I_NUMS384E= -11556;
-const BIG_384_29 CURVE_B_NUMS384E= {0x1FFFD19F,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7F};
-const BIG_384_29 CURVE_Order_NUMS384E= {0x6A3897D,0x5CEE627,0xD721E48,0x8AAB556,0x1E1CF61E,0xD0E5A35,0x1FFF891C,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1F};
-const BIG_384_29 CURVE_Gx_NUMS384E= {0xC206BDE,0x6AA0723,0x116504D4,0x52562CA,0x163406FF,0x1FD47998,0x10015D8F,0x8DCB7C9,0x15B30BF4,0x14D72AED,0x102DA884,0xB524CD9,0x1B111FB4,0x30};
-const BIG_384_29 CURVE_Gy_NUMS384E= {0x10729392,0xC681F0F,0x1B123727,0x561F28D,0x1964B007,0xC7BFB22,0x1D5A0C3E,0xE9E284B,0x1716AD82,0x11D886E,0x1CE2C69,0x134DDD61,0x983E67B,0x41};
-#endif
-
-#if CHUNK==64
-
-const int CURVE_Cof_I_NUMS384E= 4;
-const BIG_384_56 CURVE_Cof_NUMS384E= {0x4L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
-const int CURVE_A_NUMS384E= 1;
-const int CURVE_B_I_NUMS384E= -11556;
-const BIG_384_56 CURVE_B_NUMS384E= {0xFFFFFFFFFFD19FL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFL};
-const BIG_384_56 CURVE_Order_NUMS384E= {0xB9DCC4E6A3897DL,0x555AAB35C87920L,0x1CB46BE1CF61E4L,0xFFFFFFFFE2471AL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0x3FFFFFFFFFFFL};
-const BIG_384_56 CURVE_Gx_NUMS384E= {0xD540E46C206BDEL,0x92B16545941350L,0xA8F33163406FF2L,0xE5BE4C005763FFL,0xE55DB5B30BF446L,0x266CC0B6A2129AL,0x61B111FB45A9L};
-const BIG_384_56 CURVE_Gy_NUMS384E= {0x8D03E1F0729392L,0xB0F946EC48DC9DL,0xF7F645964B0072L,0xF1425F56830F98L,0xB10DD716AD8274L,0xEEB08738B1A423L,0x82983E67B9A6L};
-#endif
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_curve_NUMS384W.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_curve_NUMS384W.c b/version3/c/rom_curve_NUMS384W.c
deleted file mode 100644
index 5d04877..0000000
--- a/version3/c/rom_curve_NUMS384W.c
+++ /dev/null
@@ -1,34 +0,0 @@
-#include "arch.h"
-#include "ecp_NUMS384W.h"
-
-/* NUMS 384-bit Curve - Weierstrass */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-
-const int CURVE_Cof_I_NUMS384W= 1;
-const BIG_384_29 CURVE_Cof_NUMS384W= {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const int CURVE_A_NUMS384W= -3;
-const int CURVE_B_I_NUMS384W= -34568;
-const BIG_384_29 CURVE_B_NUMS384W= {0x1FFF77BB,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7F};
-const BIG_384_29 CURVE_Order_NUMS384W= {0x1B0E61B9,0x26C0FB3,0xDF89E98,0x153A7A98,0x16881BED,0x178F75AE,0x1FFF587A,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7F};
-const BIG_384_29 CURVE_Gx_NUMS384W= {0x98152A,0x1CE5D021,0x18711EFA,0x1DDA201E,0xC742522,0x148D9536,0x7D3CEF4,0x19BF703F,0x60225C1,0x12082F8D,0x12203288,0x2DE3038,0x17956F0B,0x3A};
-const BIG_384_29 CURVE_Gy_NUMS384W= {0x6180716,0x3A5C763,0x1D2B4997,0xD69B77F,0x837EBCD,0x1BE890D,0xE72E482,0xEFF0FEE,0x1EB00469,0x2C267B,0x15F8CF4C,0x3371C71,0xDEE368E,0x56};
-#endif
-
-#if CHUNK==64
-
-const int CURVE_Cof_I_NUMS384W= 1;
-const BIG_384_56 CURVE_Cof_NUMS384W= {0x1L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
-const int CURVE_A_NUMS384W= -3;
-const int CURVE_B_I_NUMS384W= -34568;
-const BIG_384_56 CURVE_B_NUMS384W= {0xFFFFFFFFFF77BBL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFL};
-const BIG_384_56 CURVE_Order_NUMS384W= {0x4D81F67B0E61B9L,0x9D3D4C37E27A60L,0x1EEB5D6881BEDAL,0xFFFFFFFFD61EAFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFL};
-const BIG_384_56 CURVE_Gx_NUMS384W= {0x9CBA042098152AL,0xED100F61C47BEBL,0x1B2A6CC742522EL,0xFB81F9F4F3BD29L,0x5F1A60225C1CDL,0x181C4880CA2241L,0x757956F0B16FL};
-const BIG_384_56 CURVE_Gy_NUMS384W= {0x74B8EC66180716L,0xB4DBBFF4AD265CL,0x7D121A837EBCD6L,0xF87F739CB92083L,0x84CF7EB0046977L,0x8E38D7E33D3005L,0xACDEE368E19BL};
-#endif
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_curve_NUMS512E.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_curve_NUMS512E.c b/version3/c/rom_curve_NUMS512E.c
deleted file mode 100644
index b31b6b5..0000000
--- a/version3/c/rom_curve_NUMS512E.c
+++ /dev/null
@@ -1,33 +0,0 @@
-#include "arch.h"
-#include "ecp_NUMS512E.h"
-
-/* NUMS 512-bit Curve - Edwards */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-const int CURVE_Cof_I_NUMS512E= 4;
-const BIG_512_29 CURVE_Cof_NUMS512E= {0x4,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const int CURVE_A_NUMS512E= 1;
-const int CURVE_B_I_NUMS512E= -78296;
-const BIG_512_29 CURVE_B_NUMS512E= {0x1FFECBEF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFF};
-const BIG_512_29 CURVE_Order_NUMS512E= {0x1BEED46D,0x1A3467A8,0x1BFB3FD9,0xC0AF0DB,0x86F52A4,0xC64B85B,0x6EA78FF,0xDA5F9F2,0x1FB4F063,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFF};
-const BIG_512_29 CURVE_Gx_NUMS512E= {0x19EC57FE,0xDCD594C,0x113C0571,0xA4A84F9,0x104AD0FE,0x4C92B44,0xC3DE2F7,0x9DDC8CE,0x74621C1,0x1139DC0A,0x9E85FAF,0x1B894704,0x1D1E79F4,0x9E29997,0x32DE223,0x16D38F43,0x116D128D,0x6FC71};
-const BIG_512_29 CURVE_Gy_NUMS512E= {0x1E2F5E1,0x136EF606,0x1C7407CC,0xDA71537,0xC1FD026,0x3431576,0x15898068,0x1E5D32C6,0x120CA53,0xC84F41A,0xA4ADAE5,0x104B3A45,0x76F726D,0x1512B772,0x3D5DEA0,0x194E3316,0x1FF39D49,0x3684D};
-#endif
-
-#if CHUNK==64
-
-const int CURVE_Cof_I_NUMS512E= 4;
-const BIG_512_56 CURVE_Cof_NUMS512E= {0x4L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
-const int CURVE_A_NUMS512E= 1;
-const int CURVE_B_I_NUMS512E= -78296;
-const BIG_512_56 CURVE_B_NUMS512E= {0xFFFFFFFFFECBEFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFL};
-const BIG_512_56 CURVE_Order_NUMS512E= {0x468CF51BEED46DL,0x5786DEFECFF67L,0xC970B686F52A46L,0x2FCF91BA9E3FD8L,0xFFFFFFB4F0636DL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0x3FL};
-const BIG_512_56 CURVE_Gx_NUMS512E= {0xB9AB2999EC57FEL,0x25427CC4F015C5L,0x92568904AD0FE5L,0xEE46730F78BDC9L,0x3B81474621C14EL,0xA38227A17EBE27L,0x332FD1E79F4DC4L,0x7A18CB7888D3C5L,0x8E316D128DB69CL,0xDFL};
-const BIG_512_56 CURVE_Gy_NUMS512E= {0x6DDEC0C1E2F5E1L,0xD38A9BF1D01F32L,0x862AECC1FD0266L,0xE9963562601A06L,0x9E834120CA53F2L,0x9D22A92B6B9590L,0x6EE476F726D825L,0x98B0F577A82A25L,0x9BFF39D49CA71L,0x6DL};
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_curve_NUMS512W.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_curve_NUMS512W.c b/version3/c/rom_curve_NUMS512W.c
deleted file mode 100644
index f222aa7..0000000
--- a/version3/c/rom_curve_NUMS512W.c
+++ /dev/null
@@ -1,34 +0,0 @@
-#include "arch.h"
-#include "ecp_NUMS512W.h"
-
-/* NUMS 512-bit Curve - Weierstrass */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-
-const int CURVE_Cof_I_NUMS512W= 1;
-const BIG_512_29 CURVE_Cof_NUMS512W= {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const int CURVE_A_NUMS512W= -3;
-const int CURVE_B_I_NUMS512W= 121243;
-const BIG_512_29 CURVE_B_NUMS512W= {0x1D99B,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_512_29 CURVE_Order_NUMS512W= {0x433555D,0x10A9F9C8,0x1F3490F3,0xD166CC0,0xBDC63B5,0xC76CBE8,0xC6D3F09,0x1F729CF0,0x1F5B3CA4,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFF};
-const BIG_512_29 CURVE_Gx_NUMS512W= {0xCABAE57,0x4143CAC,0x1BD778B7,0x1AC026FA,0x15831D5,0x14312AB,0x167A4DE5,0xA20ED66,0x195021A1,0x129836CF,0x1141B830,0xA03ED0A,0xCAD83BB,0x1E9DA94C,0xDC00A80,0x1527B45,0x1447141D,0x1D601};
-const BIG_512_29 CURVE_Gy_NUMS512W= {0x183527A6,0x1D043B01,0x1F43FA48,0x16B83C99,0x5602CF2,0x1420592D,0x17A70486,0x1B5161DD,0x14A28415,0x3DE8A78,0x3D2C983,0x17797719,0x197DBDEA,0x15D88025,0x1BBB718F,0xAD679C1,0x14CA29AD,0x4A1D2};
-#endif
-
-#if CHUNK==64
-
-const int CURVE_Cof_I_NUMS512W= 1;
-const BIG_512_56 CURVE_Cof_NUMS512W= {0x1L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
-const int CURVE_A_NUMS512W= -3;
-const int CURVE_B_I_NUMS512W= 121243;
-const BIG_512_56 CURVE_B_NUMS512W= {0x1D99BL,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
-const BIG_512_56 CURVE_Order_NUMS512W= {0x153F390433555DL,0x8B36607CD243CEL,0xED97D0BDC63B56L,0x94E7831B4FC258L,0xFFFFFF5B3CA4FBL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFL};
-const BIG_512_56 CURVE_Gx_NUMS512W= {0x8287958CABAE57L,0x60137D6F5DE2DCL,0x86255615831D5DL,0x76B359E937942L,0x6D9F95021A151L,0xF6854506E0C253L,0x5298CAD83BB501L,0xDA2B7002A03D3BL,0xC03447141D0A93L,0x3AL};
-const BIG_512_56 CURVE_Gy_NUMS512W= {0xA08760383527A6L,0x5C1E4CFD0FE923L,0x40B25A5602CF2BL,0x8B0EEDE9C121A8L,0xD14F14A28415DAL,0xBB8C8F4B260C7BL,0x4B97DBDEABBCL,0xCE0EEEDC63EBB1L,0x3A54CA29AD56B3L,0x94L};
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_curve_SECP256K1.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_curve_SECP256K1.c b/version3/c/rom_curve_SECP256K1.c
deleted file mode 100644
index df6c3f0..0000000
--- a/version3/c/rom_curve_SECP256K1.c
+++ /dev/null
@@ -1,39 +0,0 @@
-#include "arch.h"
-#include "ecp_SECP256K1.h"
-
-/* Curve SECP256K1 */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-
-const int CURVE_Cof_I_SECP256K1= 1;
-const BIG_256_28 CURVE_Cof_SECP256K1= {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const int CURVE_A_SECP256K1= 0;
-const int CURVE_B_I_SECP256K1= 7;
-const BIG_256_28 CURVE_B_SECP256K1= {0x7,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const BIG_256_28 CURVE_Order_SECP256K1= {0x364141,0xD25E8CD,0x8A03BBF,0xDCE6AF4,0xFFEBAAE,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xF};
-const BIG_256_28 CURVE_Gx_SECP256K1= {0x6F81798,0xF2815B1,0xE28D959,0xFCDB2DC,0xB07029B,0x95CE870,0xC55A062,0xF9DCBBA,0x9BE667E,0x7};
-const BIG_256_28 CURVE_Gy_SECP256K1= {0xB10D4B8,0x47D08FF,0x554199C,0xB448A68,0x8A8FD17,0xFC0E110,0x55DA4FB,0x26A3C46,0x83ADA77,0x4};
-
-
-
-#endif
-
-#if CHUNK==64
-
-const int CURVE_Cof_I_SECP256K1= 1;
-const BIG_256_56 CURVE_Cof_SECP256K1= {0x1L,0x0L,0x0L,0x0L,0x0L};
-const int CURVE_A_SECP256K1= 0;
-const int CURVE_B_I_SECP256K1= 7;
-const BIG_256_56 CURVE_B_SECP256K1= {0x7L,0x0L,0x0L,0x0L,0x0L};
-const BIG_256_56 CURVE_Order_SECP256K1= {0xD25E8CD0364141L,0xDCE6AF48A03BBFL,0xFFFFFFFFFEBAAEL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFL};
-const BIG_256_56 CURVE_Gx_SECP256K1= {0xF2815B16F81798L,0xFCDB2DCE28D959L,0x95CE870B07029BL,0xF9DCBBAC55A062L,0x79BE667EL};
-const BIG_256_56 CURVE_Gy_SECP256K1= {0x47D08FFB10D4B8L,0xB448A68554199CL,0xFC0E1108A8FD17L,0x26A3C4655DA4FBL,0x483ADA77L};
-
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_25519.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_field_25519.c b/version3/c/rom_field_25519.c
deleted file mode 100644
index 475a743..0000000
--- a/version3/c/rom_field_25519.c
+++ /dev/null
@@ -1,33 +0,0 @@
-#include "arch.h"
-#include "fp_25519.h"
-
-/* Curve 25519 */
-
-#if CHUNK==16
-
-// Base Bits= 13
-const BIG_256_13 Modulus_25519= {0x1FED,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0xFF};
-const BIG_256_13 R2modp_25519= {0x400,0x2D,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const chunk MConst_25519= 0x13;
-
-#endif
-
-#if CHUNK==32
-
-// Base Bits= 29
-const BIG_256_29 Modulus_25519= {0x1FFFFFED,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFFF};
-const BIG_256_29 R2modp_25519= {0x169000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const chunk MConst_25519= 0x13;
-
-
-#endif
-
-#if CHUNK==64
-// Base Bits= 56
-const BIG_256_56 Modulus_25519= {0xFFFFFFFFFFFFEDL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0x7FFFFFFFL};
-const BIG_256_56 R2modp_25519= {0xA4000000000000L,0x5L,0x0L,0x0L,0x0L};
-const chunk MConst_25519= 0x13L;
-
-
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_256PME.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_field_256PME.c b/version3/c/rom_field_256PME.c
deleted file mode 100644
index cf31ee1..0000000
--- a/version3/c/rom_field_256PME.c
+++ /dev/null
@@ -1,28 +0,0 @@
-#include "arch.h"
-#include "fp_256PME.h"
-
-/* NUMS 256-bit modulus */
-
-
-#if CHUNK==16
-// Base Bits= 13
-const BIG_256_13 Modulus_256PME= {0x1F43,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FF};
-const BIG_256_13 R2modp_256PME= {0x900,0x45C,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const chunk MConst_256PME= 0xBD;
-#endif
-
-#if CHUNK==32
-// Base Bits= 29
-const BIG_256_29 Modulus_256PME= {0x1FFFFF43,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFFFFFF};
-const BIG_256_29 R2modp_256PME= {0x22E2400,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const chunk MConst_256PME= 0xBD;
-
-#endif
-
-#if CHUNK==64
-// Base Bits= 56
-const BIG_256_56 Modulus_256PME= {0xFFFFFFFFFFFF43L,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFL};
-const BIG_256_56 R2modp_256PME= {0x89000000000000L,0x8BL,0x0L,0x0L,0x0L};
-const chunk MConst_256PME= 0xBDL;
-
-#endif
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_256PMW.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_field_256PMW.c b/version3/c/rom_field_256PMW.c
deleted file mode 100644
index 2775033..0000000
--- a/version3/c/rom_field_256PMW.c
+++ /dev/null
@@ -1,26 +0,0 @@
-#include "arch.h"
-#include "fp_256PMW.h"
-
-/* NUMS 256-bit modulus */
-
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-// Base Bits= 28
-const BIG_256_28 Modulus_256PMW= {0xFFFFF43,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xF};
-const BIG_256_28 R2modp_256PMW= {0x0,0x8900000,0x8B,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const chunk MConst_256PMW= 0xBD;
-#endif
-
-#if CHUNK==64
-// Base Bits= 56
-const BIG_256_56 Modulus_256PMW= {0xFFFFFFFFFFFF43L,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFL};
-const BIG_256_56 R2modp_256PMW= {0x89000000000000L,0x8BL,0x0L,0x0L,0x0L};
-const chunk MConst_256PMW= 0xBDL;
-
-#endif
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_384PM.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_field_384PM.c b/version3/c/rom_field_384PM.c
deleted file mode 100644
index e692b56..0000000
--- a/version3/c/rom_field_384PM.c
+++ /dev/null
@@ -1,25 +0,0 @@
-#include "arch.h"
-#include "fp_384PM.h"
-
-/* NUMS 384-bit modulus */
-
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-// Base Bits= 29
-const BIG_384_29 Modulus_384PM= {0x1FFFFEC3,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7F};
-const BIG_384_29 R2modp_384PM= {0x0,0x4448000,0x6,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const chunk MConst_384PM= 0x13D;
-#endif
-
-#if CHUNK==64
-// Base Bits= 56
-const BIG_384_56 Modulus_384PM= {0xFFFFFFFFFFFEC3L,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFL};
-const BIG_384_56 R2modp_384PM= {0x188890000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
-const chunk MConst_384PM= 0x13DL;
-#endif
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_512PM.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_field_512PM.c b/version3/c/rom_field_512PM.c
deleted file mode 100644
index d305f50..0000000
--- a/version3/c/rom_field_512PM.c
+++ /dev/null
@@ -1,25 +0,0 @@
-#include "arch.h"
-#include "fp_512PM.h"
-
-/* NUMS 512-bit modulus */
-
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-// Base Bits= 29
-const BIG_512_29 Modulus_512PM= {0x1FFFFDC7,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFF};
-const BIG_512_29 R2modp_512PM= {0xB100000,0x278,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const chunk MConst_512PM= 0x239;
-#endif
-
-#if CHUNK==64
-// Base Bits= 56
-const BIG_512_56 Modulus_512PM= {0xFFFFFFFFFFFDC7L,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFL};
-const BIG_512_56 R2modp_512PM= {0x0L,0xF0B10000000000L,0x4L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
-const chunk MConst_512PM= 0x239L;
-#endif
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_ANSSI.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_field_ANSSI.c b/version3/c/rom_field_ANSSI.c
deleted file mode 100644
index be52634..0000000
--- a/version3/c/rom_field_ANSSI.c
+++ /dev/null
@@ -1,25 +0,0 @@
-#include "arch.h"
-#include "fp_ANSSI.h"
-
-/* ANNSI Curve */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-// Base Bits= 28
-const BIG_256_28 Modulus_ANSSI= {0x86E9C03,0xFCF353D,0x8CA6DE8,0xADBCABC,0x35B3961,0xE8CE424,0xF10126D,0xB3AD58,0x1FD178C,0xF};
-const BIG_256_28 R2modp_ANSSI= {0x288CC9C,0x18D2374,0x646BD2B,0x4929E67,0xD6F7F2D,0x220E6C1,0xABCE02E,0x751B1FD,0x7401B78,0xE};
-const chunk MConst_ANSSI= 0x64E1155;
-#endif
-
-#if CHUNK==64
-// Base Bits= 56
-const BIG_256_56 Modulus_ANSSI= {0xFCF353D86E9C03L,0xADBCABC8CA6DE8L,0xE8CE42435B3961L,0xB3AD58F10126DL,0xF1FD178CL};
-const BIG_256_56 R2modp_ANSSI= {0x18D2374288CC9CL,0x4929E67646BD2BL,0x220E6C1D6F7F2DL,0x751B1FDABCE02EL,0xE7401B78L};
-const chunk MConst_ANSSI= 0x97483A164E1155L;
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_BLS24.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_field_BLS24.c b/version3/c/rom_field_BLS24.c
deleted file mode 100644
index efc25e9..0000000
--- a/version3/c/rom_field_BLS24.c
+++ /dev/null
@@ -1,32 +0,0 @@
-#include "arch.h"
-#include "fp_BLS24.h"
-
-/* Curve BLS24 - Pairing friendly BLS24 curve */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-// Base Bits= 29
-// Base Bits= 29
-const BIG_480_29 Modulus_BLS24= {0xA06152B,0x2260B3A,0xB4C36BE,0x5FFC5D0,0xBDB6A64,0x5B78E2E,0x1C1A28CA,0x10E6441B,0x1F244061,0xB4704F0,0x141E5CCD,0x9837504,0x3F2E77E,0xD763740,0x1316EA0E,0xF0079,0x555C};
-const BIG_480_29 R2modp_BLS24= {0x8533EA9,0x6A02789,0x183B24DE,0x1E45ECF8,0xC8F8F37,0x10CAD209,0x4C0C4B8,0x9B1FABD,0xDEBE4C0,0xDC353F9,0x18A18E26,0x10F489BB,0x31206A5,0x19673BBF,0x6BE69F9,0xB091169,0x9CD};
-const chunk MConst_BLS24= 0x95FE7D;
-const BIG_480_29 Fra_BLS24= {0x1BF96F1D,0xAE53A55,0x31BFEEB,0x183FF17A,0x6237469,0x12A4F4F1,0x12101FE3,0x16E79D94,0xFF59267,0x5EB4EB4,0x78CC49F,0x274BA33,0x149184F3,0x16C6DCBA,0x1C90B694,0x10F729CE,0x4BBC};
-const BIG_480_29 Frb_BLS24= {0xE0CA60E,0x1740D0E4,0x83037D2,0xDBFD456,0x5B7F5FA,0x1312993D,0xA0A08E6,0x19FEA687,0xF2EADF9,0x55BB63C,0xC91982E,0x70EBAD1,0xF61628B,0x16AF5A85,0x16863379,0xF17D6AA,0x99F};
-
-#endif
-
-#if CHUNK==64
-// Base Bits= 56
-const BIG_480_56 Modulus_BLS24= {0x44C1674A06152BL,0xFFE2E82D30DAF8L,0x6F1C5CBDB6A642L,0x3220DF068A328BL,0xE09E1F24406187L,0xBA825079733568L,0x6E803F2E77E4C1L,0x3CCC5BA839AECL,0x555C0078L};
-const BIG_480_56 R2modp_BLS24= {0x6A4A1FE013DF5BL,0xE8E46D4D1BDE65L,0x1F841391F45C67L,0x9148A4516FB28L,0x4398524EDF4C88L,0x41C0E241B6DCE8L,0xE42C208C19411L,0xA7FE6FD73A7B1CL,0xFCCCA76L};
-const chunk MConst_BLS24= 0xBD5D7D8095FE7DL;
-const BIG_480_56 Fra_BLS24= {0x5CA74ABBF96F1DL,0x1FF8BD0C6FFBADL,0x49E9E26237469CL,0x3CECA48407F8E5L,0x69D68FF59267B7L,0x5D199E33127CBDL,0xB97549184F313AL,0x4E77242DA52D8DL,0x4BBC87B9L};
-const BIG_480_56 Frb_BLS24= {0xE81A1C8E0CA60EL,0xDFEA2B20C0DF4AL,0x25327A5B7F5FA6L,0xF5343A828239A6L,0x76C78F2EADF9CFL,0x5D68B24660B8ABL,0xB50AF61628B387L,0xB555A18CDE6D5EL,0x99F78BEL};
-
-
-#endif
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_BLS381.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_field_BLS381.c b/version3/c/rom_field_BLS381.c
deleted file mode 100644
index 39d22e2..0000000
--- a/version3/c/rom_field_BLS381.c
+++ /dev/null
@@ -1,30 +0,0 @@
-#include "arch.h"
-#include "fp_BLS381.h"
-
-/* Curve BLS381 - Pairing friendly BLS curve */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-// Base Bits= 29
-const BIG_384_29 Modulus_BLS381= {0x1FFFAAAB,0xFF7FFFF,0x14FFFFEE,0x17FFFD62,0xF6241EA,0x9507B58,0xAFD9CC3,0x109E70A2,0x1764774B,0x121A5D66,0x12C6E9ED,0x12FFCD34,0x111EA3,0xD};
-const BIG_384_29 R2modp_BLS381= {0x15BEF7AE,0x1031CD0E,0x2DD93E8,0x9226323,0xE6E2CD2,0x11684DAA,0x1170E5DB,0x88E25B1,0x1B366399,0x1C536F47,0xD1F9CBC,0x278B67F,0x1EA66A2B,0xC};
-const chunk MConst_BLS381= 0x1FFCFFFD;
-const BIG_384_29 Fra_BLS381= {0x12235FB8,0x83BAF6C,0x19E04F63,0x1D4A7AC7,0xB9C4F67,0x1EBC25D,0x1D3DEC91,0x1FA797AB,0x1F0FD603,0x1016068,0x108C6FAD,0x5760CCF,0x104D3BF0,0xC};
-const BIG_384_29 Frb_BLS381= {0xDDC4AF3,0x7BC5093,0x1B1FB08B,0x1AB5829A,0x3C5F282,0x764B8FB,0xDBFB032,0x10F6D8F6,0x1854A147,0x1118FCFD,0x23A7A40,0xD89C065,0xFC3E2B3,0x0};
-
-#endif
-
-#if CHUNK==64
-// Base Bits= 58
-const BIG_384_58 Modulus_BLS381= {0x1FEFFFFFFFFAAABL,0x2FFFFAC54FFFFEEL,0x12A0F6B0F6241EAL,0x213CE144AFD9CC3L,0x2434BACD764774BL,0x25FF9A692C6E9EDL,0x1A0111EA3L};
-const BIG_384_58 R2modp_BLS381= {0x20639A1D5BEF7AEL,0x1244C6462DD93E8L,0x22D09B54E6E2CD2L,0x111C4B63170E5DBL,0x38A6DE8FB366399L,0x4F16CFED1F9CBCL,0x19EA66A2BL};
-const chunk MConst_BLS381= 0x1F3FFFCFFFCFFFDL;
-const BIG_384_58 Fra_BLS381= {0x10775ED92235FB8L,0x3A94F58F9E04F63L,0x3D784BAB9C4F67L,0x3F4F2F57D3DEC91L,0x202C0D1F0FD603L,0xAEC199F08C6FADL,0x1904D3BF0L};
-const BIG_384_58 Frb_BLS381= {0xF78A126DDC4AF3L,0x356B0535B1FB08BL,0xEC971F63C5F282L,0x21EDB1ECDBFB032L,0x2231F9FB854A147L,0x1B1380CA23A7A40L,0xFC3E2B3L};
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_BLS383.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_field_BLS383.c b/version3/c/rom_field_BLS383.c
deleted file mode 100644
index b197120..0000000
--- a/version3/c/rom_field_BLS383.c
+++ /dev/null
@@ -1,30 +0,0 @@
-#include "arch.h"
-#include "fp_BLS383.h"
-
-/* Curve BLS383 - Pairing friendly BLS curve */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-// Base Bits= 29
-const BIG_384_29 Modulus_BLS383= {0x5AAB0AB,0x11B8EB24,0x19214AF6,0x187E5314,0x124F47A8,0x1C00B4B0,0x1446B0C6,0x59E6CB4,0x4A0AD46,0xFF5494,0x81B6B71,0x956DD6B,0x16556956,0x2A};
-const BIG_384_29 R2modp_BLS383= {0x116907F4,0x405B700,0x1752AC11,0x67A9E7C,0x1941C581,0x1AEA38C4,0xB1E4D22,0xCE841AE,0xA0FC49B,0xB4B1F48,0x13852312,0x1B3FDCED,0x1FECE397,0x26};
-const chunk MConst_BLS383= 0x73435FD;
-const BIG_384_29 Fra_BLS383= {0x1311DAC1,0x296B969,0x19DCF806,0x126901FC,0xD8C8A36,0x1A2572A8,0xA1A0959,0x1A47F743,0x110E4C6C,0x1608DA97,0xCE2E7F0,0x4FED178,0xACD5BF0,0x11};
-const BIG_384_29 Frb_BLS383= {0x1298D5EA,0xF2231BA,0x1F4452F0,0x6155117,0x4C2BD72,0x1DB4208,0xA2CA76D,0xB567571,0x139260D9,0xAF679FC,0x1B388380,0x4580BF2,0xB880D66,0x19};
-
-#endif
-
-#if CHUNK==64
-// Base Bits= 58
-const BIG_384_58 Modulus_BLS383= {0x2371D6485AAB0ABL,0x30FCA6299214AF6L,0x3801696124F47A8L,0xB3CD969446B0C6L,0x1FEA9284A0AD46L,0x12ADBAD681B6B71L,0x556556956L};
-const BIG_384_58 R2modp_BLS383= {0x80B6E0116907F4L,0xCF53CF9752AC11L,0x35D47189941C581L,0x19D0835CB1E4D22L,0x16963E90A0FC49BL,0x367FB9DB3852312L,0x4DFECE397L};
-const chunk MConst_BLS383= 0x1BC0571073435FDL;
-const BIG_384_58 Fra_BLS383= {0x52D72D3311DAC1L,0x24D203F99DCF806L,0x344AE550D8C8A36L,0x348FEE86A1A0959L,0x2C11B52F10E4C6CL,0x9FDA2F0CE2E7F0L,0x22ACD5BF0L};
-const BIG_384_58 Frb_BLS383= {0x1E446375298D5EAL,0xC2AA22FF4452F0L,0x3B684104C2BD72L,0x16ACEAE2A2CA76DL,0x15ECF3F939260D9L,0x8B017E5B388380L,0x32B880D66L};
-
-#endif
\ No newline at end of file
[13/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/fp4.c
----------------------------------------------------------------------
diff --git a/version3/c/fp4.c b/version3/c/fp4.c
deleted file mode 100644
index 758ddf6..0000000
--- a/version3/c/fp4.c
+++ /dev/null
@@ -1,800 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL Fp^4 functions */
-/* SU=m, m is Stack Usage (no lazy )*/
-
-/* FP4 elements are of the form a+ib, where i is sqrt(-1+sqrt(-1)) */
-
-#include "fp4_YYY.h"
-
-/* test x==0 ? */
-/* SU= 8 */
-int FP4_YYY_iszilch(FP4_YYY *x)
-{
- if (FP2_YYY_iszilch(&(x->a)) && FP2_YYY_iszilch(&(x->b))) return 1;
- return 0;
-}
-
-/* test x==1 ? */
-/* SU= 8 */
-int FP4_YYY_isunity(FP4_YYY *x)
-{
- if (FP2_YYY_isunity(&(x->a)) && FP2_YYY_iszilch(&(x->b))) return 1;
- return 0;
-}
-
-/* test is w real? That is in a+ib test b is zero */
-int FP4_YYY_isreal(FP4_YYY *w)
-{
- return FP2_YYY_iszilch(&(w->b));
-}
-
-/* return 1 if x==y, else 0 */
-/* SU= 16 */
-int FP4_YYY_equals(FP4_YYY *x,FP4_YYY *y)
-{
- if (FP2_YYY_equals(&(x->a),&(y->a)) && FP2_YYY_equals(&(x->b),&(y->b)))
- return 1;
- return 0;
-}
-
-/* set FP4 from two FP2s */
-/* SU= 16 */
-void FP4_YYY_from_FP2s(FP4_YYY *w,FP2_YYY * x,FP2_YYY* y)
-{
- FP2_YYY_copy(&(w->a), x);
- FP2_YYY_copy(&(w->b), y);
-}
-
-/* set FP4 from FP2 */
-/* SU= 8 */
-void FP4_YYY_from_FP2(FP4_YYY *w,FP2_YYY *x)
-{
- FP2_YYY_copy(&(w->a), x);
- FP2_YYY_zero(&(w->b));
-}
-
-/* set high part of FP4 from FP2 */
-/* SU= 8 */
-void FP4_YYY_from_FP2H(FP4_YYY *w,FP2_YYY *x)
-{
- FP2_YYY_copy(&(w->b), x);
- FP2_YYY_zero(&(w->a));
-}
-
-/* FP4 copy w=x */
-/* SU= 16 */
-void FP4_YYY_copy(FP4_YYY *w,FP4_YYY *x)
-{
- if (w==x) return;
- FP2_YYY_copy(&(w->a), &(x->a));
- FP2_YYY_copy(&(w->b), &(x->b));
-}
-
-/* FP4 w=0 */
-/* SU= 8 */
-void FP4_YYY_zero(FP4_YYY *w)
-{
- FP2_YYY_zero(&(w->a));
- FP2_YYY_zero(&(w->b));
-}
-
-/* FP4 w=1 */
-/* SU= 8 */
-void FP4_YYY_one(FP4_YYY *w)
-{
- FP2_YYY_one(&(w->a));
- FP2_YYY_zero(&(w->b));
-}
-
-/* Set w=-x */
-/* SU= 160 */
-void FP4_YYY_neg(FP4_YYY *w,FP4_YYY *x)
-{
- /* Just one field neg */
- FP2_YYY m,t;
- FP4_YYY_norm(x);
- FP2_YYY_add(&m,&(x->a),&(x->b));
-// FP2_YYY_norm(&m);
- FP2_YYY_neg(&m,&m);
-// FP2_YYY_norm(&m);
- FP2_YYY_add(&t,&m,&(x->b));
- FP2_YYY_add(&(w->b),&m,&(x->a));
- FP2_YYY_copy(&(w->a),&t);
- FP4_YYY_norm(w);
-}
-
-/* Set w=conj(x) */
-/* SU= 16 */
-void FP4_YYY_conj(FP4_YYY *w,FP4_YYY *x)
-{
- FP2_YYY_copy(&(w->a), &(x->a));
- FP2_YYY_neg(&(w->b), &(x->b));
- FP4_YYY_norm(w);
-}
-
-/* Set w=-conj(x) */
-/* SU= 16 */
-void FP4_YYY_nconj(FP4_YYY *w,FP4_YYY *x)
-{
- FP2_YYY_copy(&(w->b),&(x->b));
- FP2_YYY_neg(&(w->a), &(x->a));
- FP4_YYY_norm(w);
-}
-
-/* Set w=x+y */
-/* SU= 16 */
-void FP4_YYY_add(FP4_YYY *w,FP4_YYY *x,FP4_YYY *y)
-{
- FP2_YYY_add(&(w->a), &(x->a), &(y->a));
- FP2_YYY_add(&(w->b), &(x->b), &(y->b));
-}
-
-/* Set w=x-y */
-/* Input y MUST be normed */
-void FP4_YYY_sub(FP4_YYY *w,FP4_YYY *x,FP4_YYY *y)
-{
- FP4_YYY my;
-
- FP4_YYY_neg(&my, y);
- FP4_YYY_add(w, x, &my);
-
-}
-/* SU= 8 */
-/* reduce all components of w mod Modulus */
-void FP4_YYY_reduce(FP4_YYY *w)
-{
- FP2_YYY_reduce(&(w->a));
- FP2_YYY_reduce(&(w->b));
-}
-
-/* SU= 8 */
-/* normalise all elements of w */
-void FP4_YYY_norm(FP4_YYY *w)
-{
- FP2_YYY_norm(&(w->a));
- FP2_YYY_norm(&(w->b));
-}
-
-/* Set w=s*x, where s is FP2 */
-/* SU= 16 */
-void FP4_YYY_pmul(FP4_YYY *w,FP4_YYY *x,FP2_YYY *s)
-{
- FP2_YYY_mul(&(w->a),&(x->a),s);
- FP2_YYY_mul(&(w->b),&(x->b),s);
-}
-
-/* Set w=s*x, where s is FP */
-void FP4_YYY_qmul(FP4_YYY *w,FP4_YYY *x,FP_YYY *s)
-{
- FP2_YYY_pmul(&(w->a),&(x->a),s);
- FP2_YYY_pmul(&(w->b),&(x->b),s);
-}
-
-/* SU= 16 */
-/* Set w=s*x, where s is int */
-void FP4_YYY_imul(FP4_YYY *w,FP4_YYY *x,int s)
-{
- FP2_YYY_imul(&(w->a),&(x->a),s);
- FP2_YYY_imul(&(w->b),&(x->b),s);
-}
-
-/* Set w=x^2 */
-/* Input MUST be normed */
-void FP4_YYY_sqr(FP4_YYY *w,FP4_YYY *x)
-{
- FP2_YYY t1,t2,t3;
-
- FP2_YYY_mul(&t3,&(x->a),&(x->b)); /* norms x */
- FP2_YYY_copy(&t2,&(x->b));
- FP2_YYY_add(&t1,&(x->a),&(x->b));
- FP2_YYY_mul_ip(&t2);
-
- FP2_YYY_add(&t2,&(x->a),&t2);
-
- FP2_YYY_norm(&t1); // 2
- FP2_YYY_norm(&t2); // 2
-
- FP2_YYY_mul(&(w->a),&t1,&t2);
-
- FP2_YYY_copy(&t2,&t3);
- FP2_YYY_mul_ip(&t2);
-
- FP2_YYY_add(&t2,&t2,&t3);
-
- FP2_YYY_norm(&t2); // 2
- FP2_YYY_neg(&t2,&t2);
- FP2_YYY_add(&(w->a),&(w->a),&t2); /* a=(a+b)(a+i^2.b)-i^2.ab-ab = a*a+ib*ib */
- FP2_YYY_add(&(w->b),&t3,&t3); /* b=2ab */
-
- FP4_YYY_norm(w);
-}
-
-/* Set w=x*y */
-/* Inputs MUST be normed */
-void FP4_YYY_mul(FP4_YYY *w,FP4_YYY *x,FP4_YYY *y)
-{
-
- FP2_YYY t1,t2,t3,t4;
- FP2_YYY_mul(&t1,&(x->a),&(y->a));
- FP2_YYY_mul(&t2,&(x->b),&(y->b));
-
- FP2_YYY_add(&t3,&(y->b),&(y->a));
- FP2_YYY_add(&t4,&(x->b),&(x->a));
-
- FP2_YYY_norm(&t4); // 2
- FP2_YYY_norm(&t3); // 2
-
- FP2_YYY_mul(&t4,&t4,&t3); /* (xa+xb)(ya+yb) */
-
- FP2_YYY_neg(&t3,&t1); // 1
- FP2_YYY_add(&t4,&t4,&t3); //t4E=3
- FP2_YYY_norm(&t4);
-
- FP2_YYY_neg(&t3,&t2); // 1
- FP2_YYY_add(&(w->b),&t4,&t3); //wbE=3
-
- FP2_YYY_mul_ip(&t2);
- FP2_YYY_add(&(w->a),&t2,&t1);
-
- FP4_YYY_norm(w);
-}
-
-/* output FP4 in format [a,b] */
-/* SU= 8 */
-void FP4_YYY_output(FP4_YYY *w)
-{
- printf("[");
- FP2_YYY_output(&(w->a));
- printf(",");
- FP2_YYY_output(&(w->b));
- printf("]");
-}
-
-/* SU= 8 */
-void FP4_YYY_rawoutput(FP4_YYY *w)
-{
- printf("[");
- FP2_YYY_rawoutput(&(w->a));
- printf(",");
- FP2_YYY_rawoutput(&(w->b));
- printf("]");
-}
-
-/* Set w=1/x */
-/* SU= 160 */
-void FP4_YYY_inv(FP4_YYY *w,FP4_YYY *x)
-{
- FP2_YYY t1,t2;
- FP2_YYY_sqr(&t1,&(x->a));
- FP2_YYY_sqr(&t2,&(x->b));
- FP2_YYY_mul_ip(&t2);
- FP2_YYY_norm(&t2);
- FP2_YYY_sub(&t1,&t1,&t2);
- FP2_YYY_inv(&t1,&t1);
- FP2_YYY_mul(&(w->a),&t1,&(x->a));
- FP2_YYY_neg(&t1,&t1);
- FP2_YYY_norm(&t1);
- FP2_YYY_mul(&(w->b),&t1,&(x->b));
-}
-
-/* w*=i where i = sqrt(-1+sqrt(-1)) */
-/* SU= 200 */
-void FP4_YYY_times_i(FP4_YYY *w)
-{
- FP_YYY z;
- FP2_YYY s,t;
-
-// FP4_YYY_norm(w);
- FP2_YYY_copy(&t,&(w->b));
-
- FP2_YYY_copy(&s,&t);
-
- FP_YYY_copy(&z,&(s.a));
- FP_YYY_neg(&(s.a),&(s.b));
- FP_YYY_copy(&(s.b),&z);
-
- FP2_YYY_add(&t,&t,&s);
-
- FP2_YYY_copy(&(w->b),&(w->a));
- FP2_YYY_copy(&(w->a),&t);
- FP4_YYY_norm(w);
-}
-
-/* Set w=w^p using Frobenius */
-/* SU= 16 */
-void FP4_YYY_frob(FP4_YYY *w,FP2_YYY *f)
-{
- FP2_YYY_conj(&(w->a),&(w->a));
- FP2_YYY_conj(&(w->b),&(w->b));
- FP2_YYY_mul( &(w->b),f,&(w->b));
-}
-
-/* Set r=a^b mod m */
-/* SU= 240 */
-void FP4_YYY_pow(FP4_YYY *r,FP4_YYY* a,BIG_XXX b)
-{
- FP4_YYY w;
- BIG_XXX z,zilch;
- int bt;
-
- BIG_XXX_zero(zilch);
-
- BIG_XXX_copy(z,b);
- BIG_XXX_norm(z);
- FP4_YYY_copy(&w,a);
- FP4_YYY_norm(&w);
- FP4_YYY_one(r);
-
- while(1)
- {
- bt=BIG_XXX_parity(z);
- BIG_XXX_shr(z,1);
- if (bt) FP4_YYY_mul(r,r,&w);
- if (BIG_XXX_comp(z,zilch)==0) break;
- FP4_YYY_sqr(&w,&w);
- }
- FP4_YYY_reduce(r);
-}
-
-/* SU= 304 */
-/* XTR xtr_a function */
-void FP4_YYY_xtr_A(FP4_YYY *r,FP4_YYY *w,FP4_YYY *x,FP4_YYY *y,FP4_YYY *z)
-{
- FP4_YYY t1,t2;
-
- FP4_YYY_copy(r,x);
-//FP4_YYY_norm(y);
- FP4_YYY_sub(&t1,w,y);
- FP4_YYY_norm(&t1);
- FP4_YYY_pmul(&t1,&t1,&(r->a));
- FP4_YYY_add(&t2,w,y);
- FP4_YYY_norm(&t2);
- FP4_YYY_pmul(&t2,&t2,&(r->b));
- FP4_YYY_times_i(&t2);
-
- FP4_YYY_add(r,&t1,&t2);
- FP4_YYY_add(r,r,z);
-
- FP4_YYY_reduce(r);
-}
-
-/* SU= 152 */
-/* XTR xtr_d function */
-void FP4_YYY_xtr_D(FP4_YYY *r,FP4_YYY *x)
-{
- FP4_YYY w;
- FP4_YYY_copy(r,x);
- FP4_YYY_conj(&w,r);
- FP4_YYY_add(&w,&w,&w);
- FP4_YYY_sqr(r,r);
- FP4_YYY_norm(&w);
- FP4_YYY_sub(r,r,&w);
- FP4_YYY_reduce(r); /* reduce here as multiple calls trigger automatic reductions */
-}
-
-/* SU= 728 */
-/* r=x^n using XTR method on traces of FP12s */
-void FP4_YYY_xtr_pow(FP4_YYY *r,FP4_YYY *x,BIG_XXX n)
-{
- int i,par,nb;
- BIG_XXX v;
- FP2_YYY w;
- FP4_YYY t,a,b,c,sf;
-
- BIG_XXX_zero(v);
- BIG_XXX_inc(v,3);
- BIG_XXX_norm(v);
- FP2_YYY_from_BIG(&w,v);
- FP4_YYY_from_FP2(&a,&w);
-
- FP4_YYY_copy(&sf,x);
- FP4_YYY_norm(&sf);
- FP4_YYY_copy(&b,&sf);
- FP4_YYY_xtr_D(&c,&sf);
-
- //BIG_XXX_norm(n);
- par=BIG_XXX_parity(n);
- BIG_XXX_copy(v,n);
- BIG_XXX_norm(v);
- BIG_XXX_shr(v,1);
- if (par==0)
- {
- BIG_XXX_dec(v,1);
- BIG_XXX_norm(v);
- }
-
- nb=BIG_XXX_nbits(v);
- for (i=nb-1; i>=0; i--)
- {
- if (!BIG_XXX_bit(v,i))
- {
- FP4_YYY_copy(&t,&b);
- FP4_YYY_conj(&sf,&sf);
- FP4_YYY_conj(&c,&c);
- FP4_YYY_xtr_A(&b,&a,&b,&sf,&c);
- FP4_YYY_conj(&sf,&sf);
- FP4_YYY_xtr_D(&c,&t);
- FP4_YYY_xtr_D(&a,&a);
- }
- else
- {
- FP4_YYY_conj(&t,&a);
- FP4_YYY_xtr_D(&a,&b);
- FP4_YYY_xtr_A(&b,&c,&b,&sf,&t);
- FP4_YYY_xtr_D(&c,&c);
- }
- }
-
- if (par==0) FP4_YYY_copy(r,&c);
- else FP4_YYY_copy(r,&b);
- FP4_YYY_reduce(r);
-}
-
-/* SU= 872 */
-/* r=ck^a.cl^n using XTR double exponentiation method on traces of FP12s. See Stam thesis. */
-void FP4_YYY_xtr_pow2(FP4_YYY *r,FP4_YYY *ck,FP4_YYY *cl,FP4_YYY *ckml,FP4_YYY *ckm2l,BIG_XXX a,BIG_XXX b)
-{
- int i,f2;
- BIG_XXX d,e,w;
- FP4_YYY t,cu,cv,cumv,cum2v;
-
-
- BIG_XXX_copy(e,a);
- BIG_XXX_copy(d,b);
- BIG_XXX_norm(e);
- BIG_XXX_norm(d);
- FP4_YYY_copy(&cu,ck);
- FP4_YYY_copy(&cv,cl);
- FP4_YYY_copy(&cumv,ckml);
- FP4_YYY_copy(&cum2v,ckm2l);
-
- f2=0;
- while (BIG_XXX_parity(d)==0 && BIG_XXX_parity(e)==0)
- {
- BIG_XXX_shr(d,1);
- BIG_XXX_shr(e,1);
- f2++;
- }
- while (BIG_XXX_comp(d,e)!=0)
- {
- if (BIG_XXX_comp(d,e)>0)
- {
- BIG_XXX_imul(w,e,4);
- BIG_XXX_norm(w);
- if (BIG_XXX_comp(d,w)<=0)
- {
- BIG_XXX_copy(w,d);
- BIG_XXX_copy(d,e);
- BIG_XXX_sub(e,w,e);
- BIG_XXX_norm(e);
- FP4_YYY_xtr_A(&t,&cu,&cv,&cumv,&cum2v);
- FP4_YYY_conj(&cum2v,&cumv);
- FP4_YYY_copy(&cumv,&cv);
- FP4_YYY_copy(&cv,&cu);
- FP4_YYY_copy(&cu,&t);
- }
- else if (BIG_XXX_parity(d)==0)
- {
- BIG_XXX_shr(d,1);
- FP4_YYY_conj(r,&cum2v);
- FP4_YYY_xtr_A(&t,&cu,&cumv,&cv,r);
- FP4_YYY_xtr_D(&cum2v,&cumv);
- FP4_YYY_copy(&cumv,&t);
- FP4_YYY_xtr_D(&cu,&cu);
- }
- else if (BIG_XXX_parity(e)==1)
- {
- BIG_XXX_sub(d,d,e);
- BIG_XXX_norm(d);
- BIG_XXX_shr(d,1);
- FP4_YYY_xtr_A(&t,&cu,&cv,&cumv,&cum2v);
- FP4_YYY_xtr_D(&cu,&cu);
- FP4_YYY_xtr_D(&cum2v,&cv);
- FP4_YYY_conj(&cum2v,&cum2v);
- FP4_YYY_copy(&cv,&t);
- }
- else
- {
- BIG_XXX_copy(w,d);
- BIG_XXX_copy(d,e);
- BIG_XXX_shr(d,1);
- BIG_XXX_copy(e,w);
- FP4_YYY_xtr_D(&t,&cumv);
- FP4_YYY_conj(&cumv,&cum2v);
- FP4_YYY_conj(&cum2v,&t);
- FP4_YYY_xtr_D(&t,&cv);
- FP4_YYY_copy(&cv,&cu);
- FP4_YYY_copy(&cu,&t);
- }
- }
- if (BIG_XXX_comp(d,e)<0)
- {
- BIG_XXX_imul(w,d,4);
- BIG_XXX_norm(w);
- if (BIG_XXX_comp(e,w)<=0)
- {
- BIG_XXX_sub(e,e,d);
- BIG_XXX_norm(e);
- FP4_YYY_xtr_A(&t,&cu,&cv,&cumv,&cum2v);
- FP4_YYY_copy(&cum2v,&cumv);
- FP4_YYY_copy(&cumv,&cu);
- FP4_YYY_copy(&cu,&t);
- }
- else if (BIG_XXX_parity(e)==0)
- {
- BIG_XXX_copy(w,d);
- BIG_XXX_copy(d,e);
- BIG_XXX_shr(d,1);
- BIG_XXX_copy(e,w);
- FP4_YYY_xtr_D(&t,&cumv);
- FP4_YYY_conj(&cumv,&cum2v);
- FP4_YYY_conj(&cum2v,&t);
- FP4_YYY_xtr_D(&t,&cv);
- FP4_YYY_copy(&cv,&cu);
- FP4_YYY_copy(&cu,&t);
- }
- else if (BIG_XXX_parity(d)==1)
- {
- BIG_XXX_copy(w,e);
- BIG_XXX_copy(e,d);
- BIG_XXX_sub(w,w,d);
- BIG_XXX_norm(w);
- BIG_XXX_copy(d,w);
- BIG_XXX_shr(d,1);
- FP4_YYY_xtr_A(&t,&cu,&cv,&cumv,&cum2v);
- FP4_YYY_conj(&cumv,&cumv);
- FP4_YYY_xtr_D(&cum2v,&cu);
- FP4_YYY_conj(&cum2v,&cum2v);
- FP4_YYY_xtr_D(&cu,&cv);
- FP4_YYY_copy(&cv,&t);
- }
- else
- {
- BIG_XXX_shr(d,1);
- FP4_YYY_conj(r,&cum2v);
- FP4_YYY_xtr_A(&t,&cu,&cumv,&cv,r);
- FP4_YYY_xtr_D(&cum2v,&cumv);
- FP4_YYY_copy(&cumv,&t);
- FP4_YYY_xtr_D(&cu,&cu);
- }
- }
- }
- FP4_YYY_xtr_A(r,&cu,&cv,&cumv,&cum2v);
- for (i=0; i<f2; i++) FP4_YYY_xtr_D(r,r);
- FP4_YYY_xtr_pow(r,r,d);
-}
-
-/* Move b to a if d=1 */
-void FP4_YYY_cmove(FP4_YYY *f,FP4_YYY *g,int d)
-{
- FP2_YYY_cmove(&(f->a),&(g->a),d);
- FP2_YYY_cmove(&(f->b),&(g->b),d);
-}
-
-/* New stuff for ECp4 support */
-
-/* Set w=x/2 */
-void FP4_YYY_div2(FP4_YYY *w,FP4_YYY *x)
-{
- FP2_YYY_div2(&(w->a),&(x->a));
- FP2_YYY_div2(&(w->b),&(x->b));
-}
-
-#if CURVE_SECURITY_ZZZ >= 192
-
-/* sqrt(a+xb) = sqrt((a+sqrt(a*a-n*b*b))/2)+x.b/(2*sqrt((a+sqrt(a*a-n*b*b))/2)) */
-/* returns true if x is QR */
-int FP4_YYY_sqrt(FP4_YYY *r,FP4_YYY* x)
-{
- FP2_YYY a,s,t;
-
- FP4_YYY_copy(r,x);
- if (FP4_YYY_iszilch(x))
- return 1;
-
- FP2_YYY_copy(&a,&(x->a));
- FP2_YYY_copy(&s,&(x->b));
-
- if (FP2_YYY_iszilch(&s))
- {
- if (FP2_YYY_sqrt(&t,&a))
- {
- FP4_YYY_from_FP2(r,&t);
- }
- else
- {
- FP2_YYY_div_ip(&a);
- FP2_YYY_sqrt(&t,&a);
- FP4_YYY_from_FP2H(r,&t);
- }
- return 1;
- }
-
- FP2_YYY_sqr(&s,&s); // s*=s
- FP2_YYY_sqr(&a,&a); // a*=a
- FP2_YYY_mul_ip(&s);
- FP2_YYY_norm(&s);
- FP2_YYY_sub(&a,&a,&s); // a-=txx(s)
-
- if (!FP2_YYY_sqrt(&s,&a)) return 0;
-
- //FP2_YYY_sqr(&t,&s);
-
-
- FP2_YYY_copy(&t,&(x->a));
- FP2_YYY_add(&a,&t,&s);
- FP2_YYY_norm(&a);
- FP2_YYY_div2(&a,&a);
-
- if (!FP2_YYY_sqrt(&a,&a))
- {
- FP2_YYY_sub(&a,&t,&s);
- FP2_YYY_norm(&a);
- FP2_YYY_div2(&a,&a);
- if (!FP2_YYY_sqrt(&a,&a)) return 0;
- }
-
- FP2_YYY_copy(&t,&(x->b));
- FP2_YYY_add(&s,&a,&a);
- FP2_YYY_inv(&s,&s);
-
- FP2_YYY_mul(&t,&t,&s);
- FP4_YYY_from_FP2s(r,&a,&t);
-
- return 1;
-
-}
-
-void FP4_YYY_div_i(FP4_YYY *f)
-{
- FP2_YYY u,v;
- FP2_YYY_copy(&u,&(f->a));
- FP2_YYY_copy(&v,&(f->b));
- FP2_YYY_div_ip(&u);
- FP2_YYY_copy(&(f->a),&v);
- FP2_YYY_copy(&(f->b),&u);
-}
-
-void FP4_YYY_div_2i(FP4_YYY *f)
-{
- FP2_YYY u,v;
- FP2_YYY_copy(&u,&(f->a));
- FP2_YYY_copy(&v,&(f->b));
- FP2_YYY_div_ip2(&u);
- FP2_YYY_add(&v,&v,&v);
- FP2_YYY_norm(&v);
- FP2_YYY_copy(&(f->a),&v);
- FP2_YYY_copy(&(f->b),&u);
-}
-
-#endif
-
-
-/*
-int main(){
- FP2_YYY w0,w1,f;
- FP4_YYY w,t;
- FP4_YYY c1,c2,c3,c4,cr;
- BIG_XXX a,b;
- BIG_XXX e,e1,e2;
- BIG_XXX p,md;
-
-
- BIG_XXX_rcopy(md,Modulus);
- //Test w^(P^4) = w mod p^2
- BIG_XXX_zero(a); BIG_XXX_inc(a,27);
- BIG_XXX_zero(b); BIG_XXX_inc(b,45);
- FP2_YYY_from_BIGs(&w0,a,b);
-
- BIG_XXX_zero(a); BIG_XXX_inc(a,33);
- BIG_XXX_zero(b); BIG_XXX_inc(b,54);
- FP2_YYY_from_BIGs(&w1,a,b);
-
- FP4_YYY_from_FP2s(&w,&w0,&w1);
- FP4_YYY_reduce(&w);
-
- printf("w= ");
- FP4_YYY_output(&w);
- printf("\n");
-
-
- FP4_YYY_copy(&t,&w);
-
-
- BIG_XXX_copy(p,md);
- FP4_YYY_pow(&w,&w,p);
-
- printf("w^p= ");
- FP4_YYY_output(&w);
- printf("\n");
-//exit(0);
-
- BIG_XXX_rcopy(a,CURVE_Fra);
- BIG_XXX_rcopy(b,CURVE_Frb);
- FP2_YYY_from_BIGs(&f,a,b);
-
- FP4_YYY_frob(&t,&f);
- printf("w^p= ");
- FP4_YYY_output(&t);
- printf("\n");
-
- FP4_YYY_pow(&w,&w,p);
- FP4_YYY_pow(&w,&w,p);
- FP4_YYY_pow(&w,&w,p);
- printf("w^p4= ");
- FP4_YYY_output(&w);
- printf("\n");
-
-// Test 1/(1/x) = x mod p^4
- FP4_YYY_from_FP2s(&w,&w0,&w1);
- printf("Test Inversion \nw= ");
- FP4_YYY_output(&w);
- printf("\n");
-
- FP4_YYY_inv(&w,&w);
- printf("1/w mod p^4 = ");
- FP4_YYY_output(&w);
- printf("\n");
-
- FP4_YYY_inv(&w,&w);
- printf("1/(1/w) mod p^4 = ");
- FP4_YYY_output(&w);
- printf("\n");
-
- BIG_XXX_zero(e); BIG_XXX_inc(e,12);
-
-
-
- // FP4_YYY_xtr_A(&w,&t,&w,&t,&t);
- FP4_YYY_xtr_pow(&w,&w,e);
-
- printf("w^e= ");
- FP4_YYY_output(&w);
- printf("\n");
-
-
- BIG_XXX_zero(a); BIG_XXX_inc(a,37);
- BIG_XXX_zero(b); BIG_XXX_inc(b,17);
- FP2_YYY_from_BIGs(&w0,a,b);
-
- BIG_XXX_zero(a); BIG_XXX_inc(a,49);
- BIG_XXX_zero(b); BIG_XXX_inc(b,31);
- FP2_YYY_from_BIGs(&w1,a,b);
-
- FP4_YYY_from_FP2s(&c1,&w0,&w1);
- FP4_YYY_from_FP2s(&c2,&w0,&w1);
- FP4_YYY_from_FP2s(&c3,&w0,&w1);
- FP4_YYY_from_FP2s(&c4,&w0,&w1);
-
- BIG_XXX_zero(e1); BIG_XXX_inc(e1,3331);
- BIG_XXX_zero(e2); BIG_XXX_inc(e2,3372);
-
- FP4_YYY_xtr_pow2(&w,&c1,&w,&c2,&c3,e1,e2);
-
- printf("c^e= ");
- FP4_YYY_output(&w);
- printf("\n");
-
-
- return 0;
-}
-*/
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/fp4.h
----------------------------------------------------------------------
diff --git a/version3/c/fp4.h b/version3/c/fp4.h
deleted file mode 100644
index 451ab4a..0000000
--- a/version3/c/fp4.h
+++ /dev/null
@@ -1,305 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/**
- * @file fp4.h
- * @author Mike Scott
- * @brief FP4 Header File
- *
- */
-
-#ifndef FP4_YYY_H
-#define FP4_YYY_H
-
-#include "fp2_YYY.h"
-#include "config_curve_ZZZ.h"
-
-/**
- @brief FP4 Structure - towered over two FP2
-*/
-
-typedef struct
-{
- FP2_YYY a; /**< real part of FP4 */
- FP2_YYY b; /**< imaginary part of FP4 */
-} FP4_YYY;
-
-
-/* FP4 prototypes */
-/** @brief Tests for FP4 equal to zero
- *
- @param x FP4 number to be tested
- @return 1 if zero, else returns 0
- */
-extern int FP4_YYY_iszilch(FP4_YYY *x);
-/** @brief Tests for FP4 equal to unity
- *
- @param x FP4 number to be tested
- @return 1 if unity, else returns 0
- */
-extern int FP4_YYY_isunity(FP4_YYY *x);
-/** @brief Tests for equality of two FP4s
- *
- @param x FP4 instance to be compared
- @param y FP4 instance to be compared
- @return 1 if x=y, else returns 0
- */
-extern int FP4_YYY_equals(FP4_YYY *x,FP4_YYY *y);
-/** @brief Tests for FP4 having only a real part and no imaginary part
- *
- @param x FP4 number to be tested
- @return 1 if real, else returns 0
- */
-extern int FP4_YYY_isreal(FP4_YYY *x);
-/** @brief Initialise FP4 from two FP2s
- *
- @param x FP4 instance to be initialised
- @param a FP2 to form real part of FP4
- @param b FP2 to form imaginary part of FP4
- */
-extern void FP4_YYY_from_FP2s(FP4_YYY *x,FP2_YYY *a,FP2_YYY *b);
-/** @brief Initialise FP4 from single FP2
- *
- Imaginary part is set to zero
- @param x FP4 instance to be initialised
- @param a FP2 to form real part of FP4
- */
-extern void FP4_YYY_from_FP2(FP4_YYY *x,FP2_YYY *a);
-
-/** @brief Initialise FP4 from single FP2
- *
- real part is set to zero
- @param x FP4 instance to be initialised
- @param a FP2 to form imaginary part of FP4
- */
-extern void FP4_YYY_from_FP2H(FP4_YYY *x,FP2_YYY *a);
-
-
-/** @brief Copy FP4 to another FP4
- *
- @param x FP4 instance, on exit = y
- @param y FP4 instance to be copied
- */
-extern void FP4_YYY_copy(FP4_YYY *x,FP4_YYY *y);
-/** @brief Set FP4 to zero
- *
- @param x FP4 instance to be set to zero
- */
-extern void FP4_YYY_zero(FP4_YYY *x);
-/** @brief Set FP4 to unity
- *
- @param x FP4 instance to be set to one
- */
-extern void FP4_YYY_one(FP4_YYY *x);
-/** @brief Negation of FP4
- *
- @param x FP4 instance, on exit = -y
- @param y FP4 instance
- */
-extern void FP4_YYY_neg(FP4_YYY *x,FP4_YYY *y);
-/** @brief Conjugation of FP4
- *
- If y=(a,b) on exit x=(a,-b)
- @param x FP4 instance, on exit = conj(y)
- @param y FP4 instance
- */
-extern void FP4_YYY_conj(FP4_YYY *x,FP4_YYY *y);
-/** @brief Negative conjugation of FP4
- *
- If y=(a,b) on exit x=(-a,b)
- @param x FP4 instance, on exit = -conj(y)
- @param y FP4 instance
- */
-extern void FP4_YYY_nconj(FP4_YYY *x,FP4_YYY *y);
-/** @brief addition of two FP4s
- *
- @param x FP4 instance, on exit = y+z
- @param y FP4 instance
- @param z FP4 instance
- */
-extern void FP4_YYY_add(FP4_YYY *x,FP4_YYY *y,FP4_YYY *z);
-/** @brief subtraction of two FP4s
- *
- @param x FP4 instance, on exit = y-z
- @param y FP4 instance
- @param z FP4 instance
- */
-extern void FP4_YYY_sub(FP4_YYY *x,FP4_YYY *y,FP4_YYY *z);
-/** @brief Multiplication of an FP4 by an FP2
- *
- @param x FP4 instance, on exit = y*a
- @param y FP4 instance
- @param a FP2 multiplier
- */
-extern void FP4_YYY_pmul(FP4_YYY *x,FP4_YYY *y,FP2_YYY *a);
-
-/** @brief Multiplication of an FP4 by an FP
- *
- @param x FP4 instance, on exit = y*a
- @param y FP4 instance
- @param a FP multiplier
- */
-extern void FP4_YYY_qmul(FP4_YYY *x,FP4_YYY *y,FP_YYY *a);
-
-/** @brief Multiplication of an FP4 by a small integer
- *
- @param x FP4 instance, on exit = y*i
- @param y FP4 instance
- @param i an integer
- */
-extern void FP4_YYY_imul(FP4_YYY *x,FP4_YYY *y,int i);
-/** @brief Squaring an FP4
- *
- @param x FP4 instance, on exit = y^2
- @param y FP4 instance
- */
-extern void FP4_YYY_sqr(FP4_YYY *x,FP4_YYY *y);
-/** @brief Multiplication of two FP4s
- *
- @param x FP4 instance, on exit = y*z
- @param y FP4 instance
- @param z FP4 instance
- */
-extern void FP4_YYY_mul(FP4_YYY *x,FP4_YYY *y,FP4_YYY *z);
-/** @brief Inverting an FP4
- *
- @param x FP4 instance, on exit = 1/y
- @param y FP4 instance
- */
-extern void FP4_YYY_inv(FP4_YYY *x,FP4_YYY *y);
-/** @brief Formats and outputs an FP4 to the console
- *
- @param x FP4 instance to be printed
- */
-extern void FP4_YYY_output(FP4_YYY *x);
-/** @brief Formats and outputs an FP4 to the console in raw form (for debugging)
- *
- @param x FP4 instance to be printed
- */
-extern void FP4_YYY_rawoutput(FP4_YYY *x);
-/** @brief multiplies an FP4 instance by irreducible polynomial sqrt(1+sqrt(-1))
- *
- @param x FP4 instance, on exit = sqrt(1+sqrt(-1)*x
- */
-extern void FP4_YYY_times_i(FP4_YYY *x);
-/** @brief Normalises the components of an FP4
- *
- @param x FP4 instance to be normalised
- */
-extern void FP4_YYY_norm(FP4_YYY *x);
-/** @brief Reduces all components of possibly unreduced FP4 mod Modulus
- *
- @param x FP4 instance, on exit reduced mod Modulus
- */
-extern void FP4_YYY_reduce(FP4_YYY *x);
-/** @brief Raises an FP4 to the power of a BIG
- *
- @param x FP4 instance, on exit = y^b
- @param y FP4 instance
- @param b BIG number
- */
-extern void FP4_YYY_pow(FP4_YYY *x,FP4_YYY *y,BIG_XXX b);
-/** @brief Raises an FP4 to the power of the internal modulus p, using the Frobenius
- *
- @param x FP4 instance, on exit = x^p
- @param f FP2 precalculated Frobenius constant
- */
-extern void FP4_YYY_frob(FP4_YYY *x,FP2_YYY *f);
-/** @brief Calculates the XTR addition function r=w*x-conj(x)*y+z
- *
- @param r FP4 instance, on exit = w*x-conj(x)*y+z
- @param w FP4 instance
- @param x FP4 instance
- @param y FP4 instance
- @param z FP4 instance
- */
-extern void FP4_YYY_xtr_A(FP4_YYY *r,FP4_YYY *w,FP4_YYY *x,FP4_YYY *y,FP4_YYY *z);
-/** @brief Calculates the XTR doubling function r=x^2-2*conj(x)
- *
- @param r FP4 instance, on exit = x^2-2*conj(x)
- @param x FP4 instance
- */
-extern void FP4_YYY_xtr_D(FP4_YYY *r,FP4_YYY *x);
-/** @brief Calculates FP4 trace of an FP12 raised to the power of a BIG number
- *
- XTR single exponentiation
- @param r FP4 instance, on exit = trace(w^b)
- @param x FP4 instance, trace of an FP12 w
- @param b BIG number
- */
-extern void FP4_YYY_xtr_pow(FP4_YYY *r,FP4_YYY *x,BIG_XXX b);
-/** @brief Calculates FP4 trace of c^a.d^b, where c and d are derived from FP4 traces of FP12s
- *
- XTR double exponentiation
- Assumes c=tr(x^m), d=tr(x^n), e=tr(x^(m-n)), f=tr(x^(m-2n))
- @param r FP4 instance, on exit = trace(c^a.d^b)
- @param c FP4 instance, trace of an FP12
- @param d FP4 instance, trace of an FP12
- @param e FP4 instance, trace of an FP12
- @param f FP4 instance, trace of an FP12
- @param a BIG number
- @param b BIG number
- */
-extern void FP4_YYY_xtr_pow2(FP4_YYY *r,FP4_YYY *c,FP4_YYY *d,FP4_YYY *e,FP4_YYY *f,BIG_XXX a,BIG_XXX b);
-
-/** @brief Conditional copy of FP4 number
- *
- Conditionally copies second parameter to the first (without branching)
- @param x FP4 instance, set to y if s!=0
- @param y another FP4 instance
- @param s copy only takes place if not equal to 0
- */
-extern void FP4_YYY_cmove(FP4_YYY *x,FP4_YYY *y,int s);
-
-
-/** @brief Calculate square root of an FP4
- *
- Square root
- @param r FP4 instance, on exit = sqrt(x)
- @param x FP4 instance
- @return 1 x is a QR, otherwise 0
- */
-extern int FP4_YYY_sqrt(FP4_YYY *r,FP4_YYY *x);
-
-
-/** @brief Divide FP4 number by QNR
- *
- Divide FP4 by the QNR
- @param x FP4 instance
- */
-extern void FP4_YYY_div_i(FP4_YYY *x);
-
-/** @brief Divide an FP4 by QNR/2
- *
- Divide FP4 by the QNR/2
- @param x FP4 instance
- */
-extern void FP4_YYY_div_2i(FP4_YYY *x);
-
-
-
-/** @brief Divide an FP4 by 2
- *
- @param x FP4 instance, on exit = y/2
- @param y FP4 instance
- */
-extern void FP4_YYY_div2(FP4_YYY *x,FP4_YYY *y);
-
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/fp48.c
----------------------------------------------------------------------
diff --git a/version3/c/fp48.c b/version3/c/fp48.c
deleted file mode 100644
index b980903..0000000
--- a/version3/c/fp48.c
+++ /dev/null
@@ -1,1385 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL Fp^48 functions */
-/* SU=m, m is Stack Usage (no lazy )*/
-/* FP48 elements are of the form a+i.b+i^2.c */
-
-#include "fp48_YYY.h"
-
-/* return 1 if b==c, no branching */
-static int teq(sign32 b,sign32 c)
-{
- sign32 x=b^c;
- x-=1; // if x=0, x now -1
- return (int)((x>>31)&1);
-}
-
-
-/* Constant time select from pre-computed table */
-static void FP48_YYY_select(FP48_YYY *f,FP48_YYY g[],sign32 b)
-{
- FP48_YYY invf;
- sign32 m=b>>31;
- sign32 babs=(b^m)-m;
-
- babs=(babs-1)/2;
-
- FP48_YYY_cmove(f,&g[0],teq(babs,0)); // conditional move
- FP48_YYY_cmove(f,&g[1],teq(babs,1));
- FP48_YYY_cmove(f,&g[2],teq(babs,2));
- FP48_YYY_cmove(f,&g[3],teq(babs,3));
- FP48_YYY_cmove(f,&g[4],teq(babs,4));
- FP48_YYY_cmove(f,&g[5],teq(babs,5));
- FP48_YYY_cmove(f,&g[6],teq(babs,6));
- FP48_YYY_cmove(f,&g[7],teq(babs,7));
-
- FP48_YYY_copy(&invf,f);
- FP48_YYY_conj(&invf,&invf); // 1/f
- FP48_YYY_cmove(f,&invf,(int)(m&1));
-}
-
-
-/* test x==0 ? */
-/* SU= 8 */
-int FP48_YYY_iszilch(FP48_YYY *x)
-{
- if (FP16_YYY_iszilch(&(x->a)) && FP16_YYY_iszilch(&(x->b)) && FP16_YYY_iszilch(&(x->c))) return 1;
- return 0;
-}
-
-/* test x==1 ? */
-/* SU= 8 */
-int FP48_YYY_isunity(FP48_YYY *x)
-{
- if (FP16_YYY_isunity(&(x->a)) && FP16_YYY_iszilch(&(x->b)) && FP16_YYY_iszilch(&(x->c))) return 1;
- return 0;
-}
-
-/* FP48 copy w=x */
-/* SU= 16 */
-void FP48_YYY_copy(FP48_YYY *w,FP48_YYY *x)
-{
- if (x==w) return;
- FP16_YYY_copy(&(w->a),&(x->a));
- FP16_YYY_copy(&(w->b),&(x->b));
- FP16_YYY_copy(&(w->c),&(x->c));
-}
-
-/* FP48 w=1 */
-/* SU= 8 */
-void FP48_YYY_one(FP48_YYY *w)
-{
- FP16_YYY_one(&(w->a));
- FP16_YYY_zero(&(w->b));
- FP16_YYY_zero(&(w->c));
-}
-
-/* return 1 if x==y, else 0 */
-/* SU= 16 */
-int FP48_YYY_equals(FP48_YYY *x,FP48_YYY *y)
-{
- if (FP16_YYY_equals(&(x->a),&(y->a)) && FP16_YYY_equals(&(x->b),&(y->b)) && FP16_YYY_equals(&(x->b),&(y->b)))
- return 1;
- return 0;
-}
-
-/* Set w=conj(x) */
-/* SU= 8 */
-void FP48_YYY_conj(FP48_YYY *w,FP48_YYY *x)
-{
- FP48_YYY_copy(w,x);
- FP16_YYY_conj(&(w->a),&(w->a));
- FP16_YYY_nconj(&(w->b),&(w->b));
- FP16_YYY_conj(&(w->c),&(w->c));
-}
-
-/* Create FP48 from FP16 */
-/* SU= 8 */
-void FP48_YYY_from_FP16(FP48_YYY *w,FP16_YYY *a)
-{
- FP16_YYY_copy(&(w->a),a);
- FP16_YYY_zero(&(w->b));
- FP16_YYY_zero(&(w->c));
-}
-
-/* Create FP48 from 3 FP16's */
-/* SU= 16 */
-void FP48_YYY_from_FP16s(FP48_YYY *w,FP16_YYY *a,FP16_YYY *b,FP16_YYY *c)
-{
- FP16_YYY_copy(&(w->a),a);
- FP16_YYY_copy(&(w->b),b);
- FP16_YYY_copy(&(w->c),c);
-}
-
-/* Granger-Scott Unitary Squaring. This does not benefit from lazy reduction */
-/* SU= 600 */
-void FP48_YYY_usqr(FP48_YYY *w,FP48_YYY *x)
-{
- FP16_YYY A,B,C,D;
-
- FP16_YYY_copy(&A,&(x->a));
-
- FP16_YYY_sqr(&(w->a),&(x->a));
- FP16_YYY_add(&D,&(w->a),&(w->a));
- FP16_YYY_add(&(w->a),&D,&(w->a));
-
- FP16_YYY_norm(&(w->a));
- FP16_YYY_nconj(&A,&A);
-
- FP16_YYY_add(&A,&A,&A);
- FP16_YYY_add(&(w->a),&(w->a),&A);
- FP16_YYY_sqr(&B,&(x->c));
- FP16_YYY_times_i(&B);
-
- FP16_YYY_add(&D,&B,&B);
- FP16_YYY_add(&B,&B,&D);
- FP16_YYY_norm(&B);
-
- FP16_YYY_sqr(&C,&(x->b));
-
- FP16_YYY_add(&D,&C,&C);
- FP16_YYY_add(&C,&C,&D);
-
- FP16_YYY_norm(&C);
- FP16_YYY_conj(&(w->b),&(x->b));
- FP16_YYY_add(&(w->b),&(w->b),&(w->b));
- FP16_YYY_nconj(&(w->c),&(x->c));
-
- FP16_YYY_add(&(w->c),&(w->c),&(w->c));
- FP16_YYY_add(&(w->b),&B,&(w->b));
- FP16_YYY_add(&(w->c),&C,&(w->c));
-
- FP48_YYY_reduce(w); /* reduce here as in pow function repeated squarings would trigger multiple reductions */
-}
-
-/* FP48 squaring w=x^2 */
-/* SU= 600 */
-void FP48_YYY_sqr(FP48_YYY *w,FP48_YYY *x)
-{
- /* Use Chung-Hasan SQR2 method from http://cacr.uwaterloo.ca/techreports/2006/cacr2006-24.pdf */
-
- FP16_YYY A,B,C,D;
-
- FP16_YYY_sqr(&A,&(x->a));
- FP16_YYY_mul(&B,&(x->b),&(x->c));
- FP16_YYY_add(&B,&B,&B);
-FP16_YYY_norm(&B);
- FP16_YYY_sqr(&C,&(x->c));
-
- FP16_YYY_mul(&D,&(x->a),&(x->b));
- FP16_YYY_add(&D,&D,&D);
-
- FP16_YYY_add(&(w->c),&(x->a),&(x->c));
- FP16_YYY_add(&(w->c),&(x->b),&(w->c));
-FP16_YYY_norm(&(w->c));
-
- FP16_YYY_sqr(&(w->c),&(w->c));
-
- FP16_YYY_copy(&(w->a),&A);
- FP16_YYY_add(&A,&A,&B);
-
- FP16_YYY_norm(&A);
-
- FP16_YYY_add(&A,&A,&C);
- FP16_YYY_add(&A,&A,&D);
-
- FP16_YYY_norm(&A);
-
- FP16_YYY_neg(&A,&A);
- FP16_YYY_times_i(&B);
- FP16_YYY_times_i(&C);
-
- FP16_YYY_add(&(w->a),&(w->a),&B);
- FP16_YYY_add(&(w->b),&C,&D);
- FP16_YYY_add(&(w->c),&(w->c),&A);
-
- FP48_YYY_norm(w);
-}
-
-/* FP48 full multiplication w=w*y */
-
-
-/* SU= 896 */
-/* FP48 full multiplication w=w*y */
-void FP48_YYY_mul(FP48_YYY *w,FP48_YYY *y)
-{
- FP16_YYY z0,z1,z2,z3,t0,t1;
-
- FP16_YYY_mul(&z0,&(w->a),&(y->a));
- FP16_YYY_mul(&z2,&(w->b),&(y->b)); //
-
- FP16_YYY_add(&t0,&(w->a),&(w->b));
- FP16_YYY_add(&t1,&(y->a),&(y->b)); //
-
-FP16_YYY_norm(&t0);
-FP16_YYY_norm(&t1);
-
- FP16_YYY_mul(&z1,&t0,&t1);
- FP16_YYY_add(&t0,&(w->b),&(w->c));
- FP16_YYY_add(&t1,&(y->b),&(y->c)); //
-
-FP16_YYY_norm(&t0);
-FP16_YYY_norm(&t1);
-
- FP16_YYY_mul(&z3,&t0,&t1);
-
- FP16_YYY_neg(&t0,&z0);
- FP16_YYY_neg(&t1,&z2);
-
- FP16_YYY_add(&z1,&z1,&t0); // z1=z1-z0
-// FP16_YYY_norm(&z1);
- FP16_YYY_add(&(w->b),&z1,&t1);
-// z1=z1-z2
- FP16_YYY_add(&z3,&z3,&t1); // z3=z3-z2
- FP16_YYY_add(&z2,&z2,&t0); // z2=z2-z0
-
- FP16_YYY_add(&t0,&(w->a),&(w->c));
- FP16_YYY_add(&t1,&(y->a),&(y->c));
-
-FP16_YYY_norm(&t0);
-FP16_YYY_norm(&t1);
-
- FP16_YYY_mul(&t0,&t1,&t0);
- FP16_YYY_add(&z2,&z2,&t0);
-
- FP16_YYY_mul(&t0,&(w->c),&(y->c));
- FP16_YYY_neg(&t1,&t0);
-
- FP16_YYY_add(&(w->c),&z2,&t1);
- FP16_YYY_add(&z3,&z3,&t1);
- FP16_YYY_times_i(&t0);
- FP16_YYY_add(&(w->b),&(w->b),&t0);
-FP16_YYY_norm(&z3);
- FP16_YYY_times_i(&z3);
- FP16_YYY_add(&(w->a),&z0,&z3);
-
- FP48_YYY_norm(w);
-}
-
-/* FP48 multiplication w=w*y */
-/* SU= 744 */
-/* catering for special case that arises from special form of ATE pairing line function */
-void FP48_YYY_smul(FP48_YYY *w,FP48_YYY *y,int type)
-{
- FP16_YYY z0,z1,z2,z3,t0,t1;
-
- if (type==D_TYPE)
- { // y->c is 0
-
- FP16_YYY_copy(&z3,&(w->b));
- FP16_YYY_mul(&z0,&(w->a),&(y->a));
-
- FP16_YYY_pmul(&z2,&(w->b),&(y->b).a);
- FP16_YYY_add(&(w->b),&(w->a),&(w->b));
- FP16_YYY_copy(&t1,&(y->a));
- FP8_YYY_add(&t1.a,&t1.a,&(y->b).a);
-
- FP16_YYY_norm(&t1);
- FP16_YYY_norm(&(w->b));
-
- FP16_YYY_mul(&(w->b),&(w->b),&t1);
- FP16_YYY_add(&z3,&z3,&(w->c));
- FP16_YYY_norm(&z3);
- FP16_YYY_pmul(&z3,&z3,&(y->b).a);
- FP16_YYY_neg(&t0,&z0);
- FP16_YYY_neg(&t1,&z2);
-
- FP16_YYY_add(&(w->b),&(w->b),&t0); // z1=z1-z0
-// FP16_YYY_norm(&(w->b));
- FP16_YYY_add(&(w->b),&(w->b),&t1); // z1=z1-z2
-
- FP16_YYY_add(&z3,&z3,&t1); // z3=z3-z2
- FP16_YYY_add(&z2,&z2,&t0); // z2=z2-z0
-
- FP16_YYY_add(&t0,&(w->a),&(w->c));
-
- FP16_YYY_norm(&t0);
- FP16_YYY_norm(&z3);
-
- FP16_YYY_mul(&t0,&(y->a),&t0);
- FP16_YYY_add(&(w->c),&z2,&t0);
-
- FP16_YYY_times_i(&z3);
- FP16_YYY_add(&(w->a),&z0,&z3);
- }
-
- if (type==M_TYPE)
- { // y->b is zero
- FP16_YYY_mul(&z0,&(w->a),&(y->a));
- FP16_YYY_add(&t0,&(w->a),&(w->b));
- FP16_YYY_norm(&t0);
-
- FP16_YYY_mul(&z1,&t0,&(y->a));
- FP16_YYY_add(&t0,&(w->b),&(w->c));
- FP16_YYY_norm(&t0);
-
- FP16_YYY_pmul(&z3,&t0,&(y->c).b);
- FP16_YYY_times_i(&z3);
-
- FP16_YYY_neg(&t0,&z0);
- FP16_YYY_add(&z1,&z1,&t0); // z1=z1-z0
-
- FP16_YYY_copy(&(w->b),&z1);
-
- FP16_YYY_copy(&z2,&t0);
-
- FP16_YYY_add(&t0,&(w->a),&(w->c));
- FP16_YYY_add(&t1,&(y->a),&(y->c));
-
- FP16_YYY_norm(&t0);
- FP16_YYY_norm(&t1);
-
- FP16_YYY_mul(&t0,&t1,&t0);
- FP16_YYY_add(&z2,&z2,&t0);
-
- FP16_YYY_pmul(&t0,&(w->c),&(y->c).b);
- FP16_YYY_times_i(&t0);
- FP16_YYY_neg(&t1,&t0);
- FP16_YYY_times_i(&t0);
-
- FP16_YYY_add(&(w->c),&z2,&t1);
- FP16_YYY_add(&z3,&z3,&t1);
-
- FP16_YYY_add(&(w->b),&(w->b),&t0);
- FP16_YYY_norm(&z3);
- FP16_YYY_times_i(&z3);
- FP16_YYY_add(&(w->a),&z0,&z3);
- }
- FP48_YYY_norm(w);
-}
-
-/* Set w=1/x */
-/* SU= 600 */
-void FP48_YYY_inv(FP48_YYY *w,FP48_YYY *x)
-{
- FP16_YYY f0,f1,f2,f3;
-// FP48_YYY_norm(x);
-
- FP16_YYY_sqr(&f0,&(x->a));
- FP16_YYY_mul(&f1,&(x->b),&(x->c));
- FP16_YYY_times_i(&f1);
- FP16_YYY_sub(&f0,&f0,&f1); /* y.a */
- FP16_YYY_norm(&f0);
-
- FP16_YYY_sqr(&f1,&(x->c));
- FP16_YYY_times_i(&f1);
- FP16_YYY_mul(&f2,&(x->a),&(x->b));
- FP16_YYY_sub(&f1,&f1,&f2); /* y.b */
- FP16_YYY_norm(&f1);
-
- FP16_YYY_sqr(&f2,&(x->b));
- FP16_YYY_mul(&f3,&(x->a),&(x->c));
- FP16_YYY_sub(&f2,&f2,&f3); /* y.c */
- FP16_YYY_norm(&f2);
-
- FP16_YYY_mul(&f3,&(x->b),&f2);
- FP16_YYY_times_i(&f3);
- FP16_YYY_mul(&(w->a),&f0,&(x->a));
- FP16_YYY_add(&f3,&(w->a),&f3);
- FP16_YYY_mul(&(w->c),&f1,&(x->c));
- FP16_YYY_times_i(&(w->c));
-
-
-
- FP16_YYY_add(&f3,&(w->c),&f3);
- FP16_YYY_norm(&f3);
-
- FP16_YYY_inv(&f3,&f3);
- FP16_YYY_mul(&(w->a),&f0,&f3);
- FP16_YYY_mul(&(w->b),&f1,&f3);
- FP16_YYY_mul(&(w->c),&f2,&f3);
-
-}
-
-/* constant time powering by small integer of max length bts */
-
-void FP48_YYY_pinpow(FP48_YYY *r,int e,int bts)
-{
- int i,b;
- FP48_YYY R[2];
-
- FP48_YYY_one(&R[0]);
- FP48_YYY_copy(&R[1],r);
-
- for (i=bts-1; i>=0; i--)
- {
- b=(e>>i)&1;
- FP48_YYY_mul(&R[1-b],&R[b]);
- FP48_YYY_usqr(&R[b],&R[b]);
- }
- FP48_YYY_copy(r,&R[0]);
-}
-
-/* Compressed powering of unitary elements y=x^(e mod r) */
-
-void FP48_YYY_compow(FP16_YYY *c,FP48_YYY *x,BIG_XXX e,BIG_XXX r)
-{
- FP48_YYY g1,g2;
- FP16_YYY cp,cpm1,cpm2;
- FP2_YYY f;
- BIG_XXX q,a,b,m;
-
- BIG_XXX_rcopy(a,Fra_YYY);
- BIG_XXX_rcopy(b,Frb_YYY);
- FP2_YYY_from_BIGs(&f,a,b);
-
- BIG_XXX_rcopy(q,Modulus_YYY);
-
- FP48_YYY_copy(&g1,x);
- FP48_YYY_copy(&g2,x);
-
- BIG_XXX_copy(m,q);
- BIG_XXX_mod(m,r);
-
- BIG_XXX_copy(a,e);
- BIG_XXX_mod(a,m);
-
- BIG_XXX_copy(b,e);
- BIG_XXX_sdiv(b,m);
-
- FP48_YYY_trace(c,&g1);
-
- if (BIG_XXX_iszilch(b))
- {
- FP16_YYY_xtr_pow(c,c,e);
- return;
- }
-
- FP48_YYY_frob(&g2,&f,1);
- FP48_YYY_trace(&cp,&g2);
- FP48_YYY_conj(&g1,&g1);
- FP48_YYY_mul(&g2,&g1);
- FP48_YYY_trace(&cpm1,&g2);
- FP48_YYY_mul(&g2,&g1);
-
- FP48_YYY_trace(&cpm2,&g2);
-
- FP16_YYY_xtr_pow2(c,&cp,c,&cpm1,&cpm2,a,b);
-
-}
-
-/* Note this is simple square and multiply, so not side-channel safe */
-
-void FP48_YYY_pow(FP48_YYY *r,FP48_YYY *a,BIG_XXX b)
-{
- FP48_YYY w,sf;
- BIG_XXX b1,b3;
- int i,nb,bt;
- BIG_XXX_copy(b1,b);
- BIG_XXX_norm(b1);
- BIG_XXX_pmul(b3,b1,3);
- BIG_XXX_norm(b3);
-
- FP48_YYY_copy(&sf,a);
- FP48_YYY_norm(&sf);
- FP48_YYY_copy(&w,&sf);
-
- nb=BIG_XXX_nbits(b3);
- for (i=nb-2;i>=1;i--)
- {
- FP48_YYY_usqr(&w,&w);
- bt=BIG_XXX_bit(b3,i)-BIG_XXX_bit(b1,i);
- if (bt==1)
- FP48_YYY_mul(&w,&sf);
- if (bt==-1)
- {
- FP48_YYY_conj(&sf,&sf);
- FP48_YYY_mul(&w,&sf);
- FP48_YYY_conj(&sf,&sf);
- }
- }
-
- FP48_YYY_copy(r,&w);
- FP48_YYY_reduce(r);
-}
-
-
-/* SU= 528 */
-/* set r=a^b */
-/* Note this is simple square and multiply, so not side-channel safe
-
-void FP48_YYY_ppow(FP48_YYY *r,FP48_YYY *a,BIG_XXX b)
-{
- FP48_YYY w;
- BIG_XXX z,zilch;
- int bt;
- BIG_XXX_zero(zilch);
- BIG_XXX_norm(b);
- BIG_XXX_copy(z,b);
- FP48_YYY_copy(&w,a);
- FP48_YYY_one(r);
-
- while(1)
- {
- bt=BIG_XXX_parity(z);
- BIG_XXX_shr(z,1);
- if (bt)
- {
- //printf("In mul\n");
- FP48_YYY_mul(r,&w);
- //printf("Out of mul\n");
- }
- if (BIG_XXX_comp(z,zilch)==0) break;
- //printf("In sqr\n");
- FP48_YYY_sqr(&w,&w);
- //printf("Out of sqr\n");
- }
-
- FP48_YYY_reduce(r);
-} */
-
-/* p=q0^u0.q1^u1.q2^u2.q3^u3... */
-/* Side channel attack secure */
-// Bos & Costello https://eprint.iacr.org/2013/458.pdf
-// Faz-Hernandez & Longa & Sanchez https://eprint.iacr.org/2013/158.pdf
-
-void FP48_YYY_pow16(FP48_YYY *p,FP48_YYY *q,BIG_XXX u[16])
-{
- int i,j,k,nb,pb1,pb2,pb3,pb4,bt;
- FP48_YYY g1[8],g2[8],g3[8],g4[8],r;
- BIG_XXX t[16],mt;
- sign8 w1[NLEN_XXX*BASEBITS_XXX+1];
- sign8 s1[NLEN_XXX*BASEBITS_XXX+1];
- sign8 w2[NLEN_XXX*BASEBITS_XXX+1];
- sign8 s2[NLEN_XXX*BASEBITS_XXX+1];
- sign8 w3[NLEN_XXX*BASEBITS_XXX+1];
- sign8 s3[NLEN_XXX*BASEBITS_XXX+1];
- sign8 w4[NLEN_XXX*BASEBITS_XXX+1];
- sign8 s4[NLEN_XXX*BASEBITS_XXX+1];
- FP_YYY fx,fy;
- FP2_YYY X;
-
- FP_YYY_rcopy(&fx,Fra_YYY);
- FP_YYY_rcopy(&fy,Frb_YYY);
- FP2_YYY_from_FPs(&X,&fx,&fy);
-
- for (i=0; i<16; i++)
- BIG_XXX_copy(t[i],u[i]);
-
-// Precomputed table
- FP48_YYY_copy(&g1[0],&q[0]); // q[0]
- FP48_YYY_copy(&g1[1],&g1[0]);
- FP48_YYY_mul(&g1[1],&q[1]); // q[0].q[1]
- FP48_YYY_copy(&g1[2],&g1[0]);
- FP48_YYY_mul(&g1[2],&q[2]); // q[0].q[2]
- FP48_YYY_copy(&g1[3],&g1[1]);
- FP48_YYY_mul(&g1[3],&q[2]); // q[0].q[1].q[2]
- FP48_YYY_copy(&g1[4],&g1[0]);
- FP48_YYY_mul(&g1[4],&q[3]); // q[0].q[3]
- FP48_YYY_copy(&g1[5],&g1[1]);
- FP48_YYY_mul(&g1[5],&q[3]); // q[0].q[1].q[3]
- FP48_YYY_copy(&g1[6],&g1[2]);
- FP48_YYY_mul(&g1[6],&q[3]); // q[0].q[2].q[3]
- FP48_YYY_copy(&g1[7],&g1[3]);
- FP48_YYY_mul(&g1[7],&q[3]); // q[0].q[1].q[2].q[3]
-
-// Use Frobenius
-
- for (i=0;i<8;i++)
- {
- FP48_YYY_copy(&g2[i],&g1[i]);
- FP48_YYY_frob(&g2[i],&X,4);
-
- FP48_YYY_copy(&g3[i],&g2[i]);
- FP48_YYY_frob(&g3[i],&X,4);
-
- FP48_YYY_copy(&g4[i],&g3[i]);
- FP48_YYY_frob(&g4[i],&X,4);
- }
-
-// Make them odd
- pb1=1-BIG_XXX_parity(t[0]);
- BIG_XXX_inc(t[0],pb1);
- BIG_XXX_norm(t[0]);
-
- pb2=1-BIG_XXX_parity(t[4]);
- BIG_XXX_inc(t[4],pb2);
- BIG_XXX_norm(t[4]);
-
- pb3=1-BIG_XXX_parity(t[8]);
- BIG_XXX_inc(t[8],pb3);
- BIG_XXX_norm(t[8]);
-
- pb4=1-BIG_XXX_parity(t[12]);
- BIG_XXX_inc(t[12],pb4);
- BIG_XXX_norm(t[12]);
-
-// Number of bits
- BIG_XXX_zero(mt);
- for (i=0; i<16; i++)
- {
- BIG_XXX_or(mt,mt,t[i]);
- }
- nb=1+BIG_XXX_nbits(mt);
-
-// Sign pivot
- s1[nb-1]=1;
- s2[nb-1]=1;
- s3[nb-1]=1;
- s4[nb-1]=1;
- for (i=0;i<nb-1;i++)
- {
- BIG_XXX_fshr(t[0],1);
- s1[i]=2*BIG_XXX_parity(t[0])-1;
- BIG_XXX_fshr(t[4],1);
- s2[i]=2*BIG_XXX_parity(t[4])-1;
- BIG_XXX_fshr(t[8],1);
- s3[i]=2*BIG_XXX_parity(t[8])-1;
- BIG_XXX_fshr(t[12],1);
- s4[i]=2*BIG_XXX_parity(t[12])-1;
- }
-
-// Recoded exponents
- for (i=0; i<nb; i++)
- {
- w1[i]=0;
- k=1;
- for (j=1; j<4; j++)
- {
- bt=s1[i]*BIG_XXX_parity(t[j]);
- BIG_XXX_fshr(t[j],1);
-
- BIG_XXX_dec(t[j],(bt>>1));
- BIG_XXX_norm(t[j]);
- w1[i]+=bt*k;
- k*=2;
- }
-
- w2[i]=0;
- k=1;
- for (j=5; j<8; j++)
- {
- bt=s2[i]*BIG_XXX_parity(t[j]);
- BIG_XXX_fshr(t[j],1);
-
- BIG_XXX_dec(t[j],(bt>>1));
- BIG_XXX_norm(t[j]);
- w2[i]+=bt*k;
- k*=2;
- }
-
- w3[i]=0;
- k=1;
- for (j=9; j<12; j++)
- {
- bt=s3[i]*BIG_XXX_parity(t[j]);
- BIG_XXX_fshr(t[j],1);
-
- BIG_XXX_dec(t[j],(bt>>1));
- BIG_XXX_norm(t[j]);
- w3[i]+=bt*k;
- k*=2;
- }
-
- w4[i]=0;
- k=1;
- for (j=13; j<16; j++)
- {
- bt=s4[i]*BIG_XXX_parity(t[j]);
- BIG_XXX_fshr(t[j],1);
-
- BIG_XXX_dec(t[j],(bt>>1));
- BIG_XXX_norm(t[j]);
- w4[i]+=bt*k;
- k*=2;
- }
- }
-
-// Main loop
- FP48_YYY_select(p,g1,2*w1[nb-1]+1);
- FP48_YYY_select(&r,g2,2*w2[nb-1]+1);
- FP48_YYY_mul(p,&r);
- FP48_YYY_select(&r,g3,2*w3[nb-1]+1);
- FP48_YYY_mul(p,&r);
- FP48_YYY_select(&r,g4,2*w4[nb-1]+1);
- FP48_YYY_mul(p,&r);
- for (i=nb-2; i>=0; i--)
- {
- FP48_YYY_usqr(p,p);
- FP48_YYY_select(&r,g1,2*w1[i]+s1[i]);
- FP48_YYY_mul(p,&r);
- FP48_YYY_select(&r,g2,2*w2[i]+s2[i]);
- FP48_YYY_mul(p,&r);
- FP48_YYY_select(&r,g3,2*w3[i]+s3[i]);
- FP48_YYY_mul(p,&r);
- FP48_YYY_select(&r,g4,2*w4[i]+s4[i]);
- FP48_YYY_mul(p,&r);
- }
-
-// apply correction
- FP48_YYY_conj(&r,&q[0]);
- FP48_YYY_mul(&r,p);
- FP48_YYY_cmove(p,&r,pb1);
- FP48_YYY_conj(&r,&q[4]);
- FP48_YYY_mul(&r,p);
- FP48_YYY_cmove(p,&r,pb2);
-
- FP48_YYY_conj(&r,&q[8]);
- FP48_YYY_mul(&r,p);
- FP48_YYY_cmove(p,&r,pb3);
- FP48_YYY_conj(&r,&q[12]);
- FP48_YYY_mul(&r,p);
- FP48_YYY_cmove(p,&r,pb4);
-
- FP48_YYY_reduce(p);
-}
-
-/*
-void FP48_YYY_pow16(FP48_YYY *p,FP48_YYY *q,BIG_XXX u[16])
-{
- int i,j,a[4],nb,m;
- FP48_YYY g[8],f[8],gg[8],ff[8],c,s[2];
- BIG_XXX t[16],mt;
- sign8 w[NLEN_XXX*BASEBITS_XXX+1];
- sign8 z[NLEN_XXX*BASEBITS_XXX+1];
- sign8 ww[NLEN_XXX*BASEBITS_XXX+1];
- sign8 zz[NLEN_XXX*BASEBITS_XXX+1];
-
- FP_YYY fx,fy;
- FP2_YYY X;
-
- FP_YYY_rcopy(&fx,Fra_YYY);
- FP_YYY_rcopy(&fy,Frb_YYY);
- FP2_YYY _from_FPs(&X,&fx,&fy);
-
- for (i=0; i<16; i++)
- BIG_XXX_copy(t[i],u[i]);
-
- FP48_YYY_copy(&g[0],&q[0]);
- FP48_YYY_conj(&s[0],&q[1]);
- FP48_YYY_mul(&g[0],&s[0]); // P/Q
- FP48_YYY_copy(&g[1],&g[0]);
- FP48_YYY_copy(&g[2],&g[0]);
- FP48_YYY_copy(&g[3],&g[0]);
- FP48_YYY_copy(&g[4],&q[0]);
- FP48_YYY_mul(&g[4],&q[1]); // P*Q
- FP48_YYY_copy(&g[5],&g[4]);
- FP48_YYY_copy(&g[6],&g[4]);
- FP48_YYY_copy(&g[7],&g[4]);
-
- FP48_YYY_copy(&s[1],&q[2]);
- FP48_YYY_conj(&s[0],&q[3]);
- FP48_YYY_mul(&s[1],&s[0]); // R/S
- FP48_YYY_conj(&s[0],&s[1]);
- FP48_YYY_mul(&g[1],&s[0]);
- FP48_YYY_mul(&g[2],&s[1]);
- FP48_YYY_mul(&g[5],&s[0]);
- FP48_YYY_mul(&g[6],&s[1]);
- FP48_YYY_copy(&s[1],&q[2]);
- FP48_YYY_mul(&s[1],&q[3]); // R*S
- FP48_YYY_conj(&s[0],&s[1]);
- FP48_YYY_mul(&g[0],&s[0]);
- FP48_YYY_mul(&g[3],&s[1]);
- FP48_YYY_mul(&g[4],&s[0]);
- FP48_YYY_mul(&g[7],&s[1]);
-
-// Use Frobenius
-
- for (i=0;i<8;i++)
- {
- FP48_YYY_copy(&f[i],&g[i]);
- FP48_YYY_frob(&f[i],&X,4);
- }
-
- for (i=0;i<8;i++)
- {
- FP48_YYY_copy(&gg[i],&f[i]);
- FP48_YYY_frob(&gg[i],&X,4);
- }
-
- for (i=0;i<8;i++)
- {
- FP48_YYY_copy(&ff[i],&gg[i]);
- FP48_YYY_frob(&ff[i],&X,4);
- }
-
-
- // if power is even add 1 to power, and add q to correction
- FP48_YYY_one(&c);
-
- BIG_XXX_zero(mt);
- for (i=0; i<16; i++)
- {
- if (BIG_XXX_parity(t[i])==0)
- {
- BIG_XXX_inc(t[i],1);
- BIG_XXX_norm(t[i]);
- FP48_YYY_mul(&c,&q[i]);
- }
- BIG_XXX_add(mt,mt,t[i]);
- BIG_XXX_norm(mt);
- }
-
- FP48_YYY_conj(&c,&c);
- nb=1+BIG_XXX_nbits(mt);
-
- // convert exponents to signed 1-bit windows
- for (j=0; j<nb; j++)
- {
- for (i=0; i<4; i++)
- {
- a[i]=BIG_XXX_lastbits(t[i],2)-2;
- BIG_XXX_dec(t[i],a[i]);
- BIG_XXX_norm(t[i]);
- BIG_XXX_fshr(t[i],1);
- }
- w[j]=8*a[0]+4*a[1]+2*a[2]+a[3];
- }
- w[nb]=8*BIG_XXX_lastbits(t[0],2)+4*BIG_XXX_lastbits(t[1],2)+2*BIG_XXX_lastbits(t[2],2)+BIG_XXX_lastbits(t[3],2);
-
-
- for (j=0; j<nb; j++)
- {
- for (i=0; i<4; i++)
- {
- a[i]=BIG_XXX_lastbits(t[i+4],2)-2;
- BIG_XXX_dec(t[i+4],a[i]);
- BIG_XXX_norm(t[i+4]);
- BIG_XXX_fshr(t[i+4],1);
- }
- z[j]=8*a[0]+4*a[1]+2*a[2]+a[3];
- }
- z[nb]=8*BIG_XXX_lastbits(t[4],2)+4*BIG_XXX_lastbits(t[5],2)+2*BIG_XXX_lastbits(t[6],2)+BIG_XXX_lastbits(t[7],2);
-
- for (j=0; j<nb; j++)
- {
- for (i=0; i<4; i++)
- {
- a[i]=BIG_XXX_lastbits(t[i+8],2)-2;
- BIG_XXX_dec(t[i+8],a[i]);
- BIG_XXX_norm(t[i+8]);
- BIG_XXX_fshr(t[i+8],1);
- }
- ww[j]=8*a[0]+4*a[1]+2*a[2]+a[3];
- }
- ww[nb]=8*BIG_XXX_lastbits(t[8],2)+4*BIG_XXX_lastbits(t[9],2)+2*BIG_XXX_lastbits(t[10],2)+BIG_XXX_lastbits(t[11],2);
-
- for (j=0; j<nb; j++)
- {
- for (i=0; i<4; i++)
- {
- a[i]=BIG_XXX_lastbits(t[i+12],2)-2;
- BIG_XXX_dec(t[i+12],a[i]);
- BIG_XXX_norm(t[i+12]);
- BIG_XXX_fshr(t[i+12],1);
- }
- zz[j]=8*a[0]+4*a[1]+2*a[2]+a[3];
- }
- zz[nb]=8*BIG_XXX_lastbits(t[12],2)+4*BIG_XXX_lastbits(t[13],2)+2*BIG_XXX_lastbits(t[14],2)+BIG_XXX_lastbits(t[15],2);
-
- FP48_YYY_copy(p,&g[(w[nb]-1)/2]);
- FP48_YYY_mul(p,&f[(z[nb]-1)/2]);
- FP48_YYY_mul(p,&gg[(ww[nb]-1)/2]);
- FP48_YYY_mul(p,&ff[(zz[nb]-1)/2]);
-
- for (i=nb-1; i>=0; i--)
- {
- FP48_YYY_usqr(p,p);
-
- m=w[i]>>7;
- j=(w[i]^m)-m; // j=abs(w[i])
- j=(j-1)/2;
- FP48_YYY_copy(&s[0],&g[j]);
- FP48_YYY_conj(&s[1],&g[j]);
- FP48_YYY_mul(p,&s[m&1]);
-
- m=z[i]>>7;
- j=(z[i]^m)-m; // j=abs(w[i])
- j=(j-1)/2;
- FP48_YYY_copy(&s[0],&f[j]);
- FP48_YYY_conj(&s[1],&f[j]);
- FP48_YYY_mul(p,&s[m&1]);
-
- m=ww[i]>>7;
- j=(ww[i]^m)-m; // j=abs(w[i])
- j=(j-1)/2;
- FP48_YYY_copy(&s[0],&gg[j]);
- FP48_YYY_conj(&s[1],&gg[j]);
- FP48_YYY_mul(p,&s[m&1]);
-
- m=zz[i]>>7;
- j=(zz[i]^m)-m; // j=abs(w[i])
- j=(j-1)/2;
- FP48_YYY_copy(&s[0],&ff[j]);
- FP48_YYY_conj(&s[1],&ff[j]);
- FP48_YYY_mul(p,&s[m&1]);
-
- }
- FP48_YYY_mul(p,&c); // apply correction
- FP48_YYY_reduce(p);
-}
-*/
-
-/* Set w=w^p using Frobenius */
-/* SU= 160 */
-void FP48_YYY_frob(FP48_YYY *w,FP2_YYY *f,int n)
-{
- int i;
- FP8_YYY X2,X4;
- FP4_YYY F;
- FP2_YYY f3,f2; // f=(1+i)^(p-19)/24
- FP2_YYY_sqr(&f2,f); //
- FP2_YYY_mul(&f3,&f2,f); // f3=f^3=(1+i)^(p-19)/8
-
- FP2_YYY_mul_ip(&f3);
- FP2_YYY_norm(&f3);
- FP2_YYY_mul_ip(&f3); // f3 = (1+i)^16/8.(1+i)^(p-19)/8 = (1+i)^(p-3)/8
- FP2_YYY_norm(&f3);
-
- for (i=0;i<n;i++)
- {
- FP16_YYY_frob(&(w->a),&f3); // a=a^p
- FP16_YYY_frob(&(w->b),&f3); // b=b^p
- FP16_YYY_frob(&(w->c),&f3); // c=c^p
-
- FP16_YYY_qmul(&(w->b),&(w->b),f); FP16_YYY_times_i4(&(w->b)); FP16_YYY_times_i2(&(w->b));
- FP16_YYY_qmul(&(w->c),&(w->c),&f2); FP16_YYY_times_i4(&(w->c)); FP16_YYY_times_i4(&(w->c)); FP16_YYY_times_i4(&(w->c));
-
- }
-}
-
-/* SU= 8 */
-/* normalise all components of w */
-void FP48_YYY_norm(FP48_YYY *w)
-{
- FP16_YYY_norm(&(w->a));
- FP16_YYY_norm(&(w->b));
- FP16_YYY_norm(&(w->c));
-}
-
-/* SU= 8 */
-/* reduce all components of w */
-void FP48_YYY_reduce(FP48_YYY *w)
-{
- FP16_YYY_reduce(&(w->a));
- FP16_YYY_reduce(&(w->b));
- FP16_YYY_reduce(&(w->c));
-}
-
-/* trace function w=trace(x) */
-/* SU= 8 */
-void FP48_YYY_trace(FP16_YYY *w,FP48_YYY *x)
-{
- FP16_YYY_imul(w,&(x->a),3);
- FP16_YYY_reduce(w);
-}
-
-/* SU= 8 */
-/* Output w in hex */
-void FP48_YYY_output(FP48_YYY *w)
-{
- printf("[");
- FP16_YYY_output(&(w->a));
- printf(",");
- FP16_YYY_output(&(w->b));
- printf(",");
- FP16_YYY_output(&(w->c));
- printf("]");
-}
-
-/* Convert g to octet string w */
-void FP48_YYY_toOctet(octet *W,FP48_YYY *g)
-{
- BIG_XXX a;
- W->len=48*MODBYTES_XXX;
-
- FP_YYY_redc(a,&(g->a.a.a.a.a));
- BIG_XXX_toBytes(&(W->val[0]),a);
- FP_YYY_redc(a,&(g->a.a.a.a.b));
- BIG_XXX_toBytes(&(W->val[MODBYTES_XXX]),a);
-
- FP_YYY_redc(a,&(g->a.a.a.b.a));
- BIG_XXX_toBytes(&(W->val[2*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->a.a.a.b.b));
- BIG_XXX_toBytes(&(W->val[3*MODBYTES_XXX]),a);
-
- FP_YYY_redc(a,&(g->a.a.b.a.a));
- BIG_XXX_toBytes(&(W->val[4*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->a.a.b.a.b));
- BIG_XXX_toBytes(&(W->val[5*MODBYTES_XXX]),a);
-
- FP_YYY_redc(a,&(g->a.a.b.b.a));
- BIG_XXX_toBytes(&(W->val[6*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->a.a.b.b.b));
- BIG_XXX_toBytes(&(W->val[7*MODBYTES_XXX]),a);
-
- FP_YYY_redc(a,&(g->a.b.a.a.a));
- BIG_XXX_toBytes(&(W->val[8*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->a.b.a.a.b));
- BIG_XXX_toBytes(&(W->val[9*MODBYTES_XXX]),a);
-
- FP_YYY_redc(a,&(g->a.b.a.b.a));
- BIG_XXX_toBytes(&(W->val[10*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->a.b.a.b.b));
- BIG_XXX_toBytes(&(W->val[11*MODBYTES_XXX]),a);
-
- FP_YYY_redc(a,&(g->a.b.b.a.a));
- BIG_XXX_toBytes(&(W->val[12*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->a.b.b.a.b));
- BIG_XXX_toBytes(&(W->val[13*MODBYTES_XXX]),a);
-
- FP_YYY_redc(a,&(g->a.b.b.b.a));
- BIG_XXX_toBytes(&(W->val[14*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->a.b.b.b.b));
- BIG_XXX_toBytes(&(W->val[15*MODBYTES_XXX]),a);
-
- FP_YYY_redc(a,&(g->b.a.a.a.a));
- BIG_XXX_toBytes(&(W->val[16*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->b.a.a.a.b));
- BIG_XXX_toBytes(&(W->val[17*MODBYTES_XXX]),a);
-
- FP_YYY_redc(a,&(g->b.a.a.b.a));
- BIG_XXX_toBytes(&(W->val[18*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->b.a.a.b.b));
- BIG_XXX_toBytes(&(W->val[19*MODBYTES_XXX]),a);
-
- FP_YYY_redc(a,&(g->b.a.b.a.a));
- BIG_XXX_toBytes(&(W->val[20*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->b.a.b.a.b));
- BIG_XXX_toBytes(&(W->val[21*MODBYTES_XXX]),a);
-
- FP_YYY_redc(a,&(g->b.a.b.b.a));
- BIG_XXX_toBytes(&(W->val[22*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->b.a.b.b.b));
- BIG_XXX_toBytes(&(W->val[23*MODBYTES_XXX]),a);
-
- FP_YYY_redc(a,&(g->b.b.a.a.a));
- BIG_XXX_toBytes(&(W->val[24*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->b.b.a.a.b));
- BIG_XXX_toBytes(&(W->val[25*MODBYTES_XXX]),a);
-
- FP_YYY_redc(a,&(g->b.b.a.b.a));
- BIG_XXX_toBytes(&(W->val[26*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->b.b.a.b.b));
- BIG_XXX_toBytes(&(W->val[27*MODBYTES_XXX]),a);
-
- FP_YYY_redc(a,&(g->b.b.b.a.a));
- BIG_XXX_toBytes(&(W->val[28*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->b.b.b.a.b));
- BIG_XXX_toBytes(&(W->val[29*MODBYTES_XXX]),a);
-
- FP_YYY_redc(a,&(g->b.b.b.b.a));
- BIG_XXX_toBytes(&(W->val[30*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->b.b.b.b.b));
- BIG_XXX_toBytes(&(W->val[31*MODBYTES_XXX]),a);
-
- FP_YYY_redc(a,&(g->c.a.a.a.a));
- BIG_XXX_toBytes(&(W->val[32*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->c.a.a.a.b));
- BIG_XXX_toBytes(&(W->val[33*MODBYTES_XXX]),a);
-
- FP_YYY_redc(a,&(g->c.a.a.b.a));
- BIG_XXX_toBytes(&(W->val[34*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->c.a.a.b.b));
- BIG_XXX_toBytes(&(W->val[35*MODBYTES_XXX]),a);
-
- FP_YYY_redc(a,&(g->c.a.b.a.a));
- BIG_XXX_toBytes(&(W->val[36*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->c.a.b.a.b));
- BIG_XXX_toBytes(&(W->val[37*MODBYTES_XXX]),a);
-
- FP_YYY_redc(a,&(g->c.a.b.b.a));
- BIG_XXX_toBytes(&(W->val[38*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->c.a.b.b.b));
- BIG_XXX_toBytes(&(W->val[39*MODBYTES_XXX]),a);
-
- FP_YYY_redc(a,&(g->c.b.a.a.a));
- BIG_XXX_toBytes(&(W->val[40*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->c.b.a.a.b));
- BIG_XXX_toBytes(&(W->val[41*MODBYTES_XXX]),a);
-
- FP_YYY_redc(a,&(g->c.b.a.b.a));
- BIG_XXX_toBytes(&(W->val[42*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->c.b.a.b.b));
- BIG_XXX_toBytes(&(W->val[43*MODBYTES_XXX]),a);
-
- FP_YYY_redc(a,&(g->c.b.b.a.a));
- BIG_XXX_toBytes(&(W->val[44*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->c.b.b.a.b));
- BIG_XXX_toBytes(&(W->val[45*MODBYTES_XXX]),a);
-
- FP_YYY_redc(a,&(g->c.b.b.b.a));
- BIG_XXX_toBytes(&(W->val[46*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->c.b.b.b.b));
- BIG_XXX_toBytes(&(W->val[47*MODBYTES_XXX]),a);
-
-}
-
-/* Restore g from octet string w */
-void FP48_YYY_fromOctet(FP48_YYY *g,octet *W)
-{
- BIG_XXX b;
-
- BIG_XXX_fromBytes(b,&W->val[0]);
- FP_YYY_nres(&(g->a.a.a.a.a),b);
- BIG_XXX_fromBytes(b,&W->val[MODBYTES_XXX]);
- FP_YYY_nres(&(g->a.a.a.a.b),b);
-
- BIG_XXX_fromBytes(b,&W->val[2*MODBYTES_XXX]);
- FP_YYY_nres(&(g->a.a.a.b.a),b);
- BIG_XXX_fromBytes(b,&W->val[3*MODBYTES_XXX]);
- FP_YYY_nres(&(g->a.a.a.b.b),b);
-
- BIG_XXX_fromBytes(b,&W->val[4*MODBYTES_XXX]);
- FP_YYY_nres(&(g->a.a.b.a.a),b);
- BIG_XXX_fromBytes(b,&W->val[5*MODBYTES_XXX]);
- FP_YYY_nres(&(g->a.a.b.a.b),b);
-
- BIG_XXX_fromBytes(b,&W->val[6*MODBYTES_XXX]);
- FP_YYY_nres(&(g->a.a.b.b.a),b);
- BIG_XXX_fromBytes(b,&W->val[7*MODBYTES_XXX]);
- FP_YYY_nres(&(g->a.a.b.b.b),b);
-
- BIG_XXX_fromBytes(b,&W->val[8*MODBYTES_XXX]);
- FP_YYY_nres(&(g->a.b.a.a.a),b);
- BIG_XXX_fromBytes(b,&W->val[9*MODBYTES_XXX]);
- FP_YYY_nres(&(g->a.b.a.a.b),b);
-
- BIG_XXX_fromBytes(b,&W->val[10*MODBYTES_XXX]);
- FP_YYY_nres(&(g->a.b.a.b.a),b);
- BIG_XXX_fromBytes(b,&W->val[11*MODBYTES_XXX]);
- FP_YYY_nres(&(g->a.b.a.b.b),b);
-
- BIG_XXX_fromBytes(b,&W->val[12*MODBYTES_XXX]);
- FP_YYY_nres(&(g->a.b.b.a.a),b);
- BIG_XXX_fromBytes(b,&W->val[13*MODBYTES_XXX]);
- FP_YYY_nres(&(g->a.b.b.a.b),b);
-
- BIG_XXX_fromBytes(b,&W->val[14*MODBYTES_XXX]);
- FP_YYY_nres(&(g->a.b.b.b.a),b);
- BIG_XXX_fromBytes(b,&W->val[15*MODBYTES_XXX]);
- FP_YYY_nres(&(g->a.b.b.b.b),b);
-
- BIG_XXX_fromBytes(b,&W->val[16*MODBYTES_XXX]);
- FP_YYY_nres(&(g->b.a.a.a.a),b);
- BIG_XXX_fromBytes(b,&W->val[17*MODBYTES_XXX]);
- FP_YYY_nres(&(g->b.a.a.a.b),b);
-
- BIG_XXX_fromBytes(b,&W->val[18*MODBYTES_XXX]);
- FP_YYY_nres(&(g->b.a.a.b.a),b);
- BIG_XXX_fromBytes(b,&W->val[19*MODBYTES_XXX]);
- FP_YYY_nres(&(g->b.a.a.b.b),b);
-
- BIG_XXX_fromBytes(b,&W->val[20*MODBYTES_XXX]);
- FP_YYY_nres(&(g->b.a.b.a.a),b);
- BIG_XXX_fromBytes(b,&W->val[21*MODBYTES_XXX]);
- FP_YYY_nres(&(g->b.a.b.a.b),b);
-
- BIG_XXX_fromBytes(b,&W->val[22*MODBYTES_XXX]);
- FP_YYY_nres(&(g->b.a.b.b.a),b);
- BIG_XXX_fromBytes(b,&W->val[23*MODBYTES_XXX]);
- FP_YYY_nres(&(g->b.a.b.b.b),b);
-
- BIG_XXX_fromBytes(b,&W->val[24*MODBYTES_XXX]);
- FP_YYY_nres(&(g->b.b.a.a.a),b);
- BIG_XXX_fromBytes(b,&W->val[25*MODBYTES_XXX]);
- FP_YYY_nres(&(g->b.b.a.a.b),b);
-
- BIG_XXX_fromBytes(b,&W->val[26*MODBYTES_XXX]);
- FP_YYY_nres(&(g->b.b.a.b.a),b);
- BIG_XXX_fromBytes(b,&W->val[27*MODBYTES_XXX]);
- FP_YYY_nres(&(g->b.b.a.b.b),b);
-
- BIG_XXX_fromBytes(b,&W->val[28*MODBYTES_XXX]);
- FP_YYY_nres(&(g->b.b.b.a.a),b);
- BIG_XXX_fromBytes(b,&W->val[29*MODBYTES_XXX]);
- FP_YYY_nres(&(g->b.b.b.a.b),b);
-
- BIG_XXX_fromBytes(b,&W->val[30*MODBYTES_XXX]);
- FP_YYY_nres(&(g->b.b.b.b.a),b);
- BIG_XXX_fromBytes(b,&W->val[31*MODBYTES_XXX]);
- FP_YYY_nres(&(g->b.b.b.b.b),b);
-
- BIG_XXX_fromBytes(b,&W->val[32*MODBYTES_XXX]);
- FP_YYY_nres(&(g->c.a.a.a.a),b);
- BIG_XXX_fromBytes(b,&W->val[33*MODBYTES_XXX]);
- FP_YYY_nres(&(g->c.a.a.a.b),b);
-
- BIG_XXX_fromBytes(b,&W->val[34*MODBYTES_XXX]);
- FP_YYY_nres(&(g->c.a.a.b.a),b);
- BIG_XXX_fromBytes(b,&W->val[35*MODBYTES_XXX]);
- FP_YYY_nres(&(g->c.a.a.b.b),b);
-
- BIG_XXX_fromBytes(b,&W->val[36*MODBYTES_XXX]);
- FP_YYY_nres(&(g->c.a.b.a.a),b);
- BIG_XXX_fromBytes(b,&W->val[37*MODBYTES_XXX]);
- FP_YYY_nres(&(g->c.a.b.a.b),b);
-
- BIG_XXX_fromBytes(b,&W->val[38*MODBYTES_XXX]);
- FP_YYY_nres(&(g->c.a.b.b.a),b);
- BIG_XXX_fromBytes(b,&W->val[39*MODBYTES_XXX]);
- FP_YYY_nres(&(g->c.a.b.b.b),b);
-
- BIG_XXX_fromBytes(b,&W->val[40*MODBYTES_XXX]);
- FP_YYY_nres(&(g->c.b.a.a.a),b);
- BIG_XXX_fromBytes(b,&W->val[41*MODBYTES_XXX]);
- FP_YYY_nres(&(g->c.b.a.a.b),b);
-
- BIG_XXX_fromBytes(b,&W->val[42*MODBYTES_XXX]);
- FP_YYY_nres(&(g->c.b.a.b.a),b);
- BIG_XXX_fromBytes(b,&W->val[43*MODBYTES_XXX]);
- FP_YYY_nres(&(g->c.b.a.b.b),b);
-
- BIG_XXX_fromBytes(b,&W->val[44*MODBYTES_XXX]);
- FP_YYY_nres(&(g->c.b.b.a.a),b);
- BIG_XXX_fromBytes(b,&W->val[45*MODBYTES_XXX]);
- FP_YYY_nres(&(g->c.b.b.a.b),b);
-
- BIG_XXX_fromBytes(b,&W->val[46*MODBYTES_XXX]);
- FP_YYY_nres(&(g->c.b.b.b.a),b);
- BIG_XXX_fromBytes(b,&W->val[47*MODBYTES_XXX]);
- FP_YYY_nres(&(g->c.b.b.b.b),b);
-
-}
-
-/* Move b to a if d=1 */
-void FP48_YYY_cmove(FP48_YYY *f,FP48_YYY *g,int d)
-{
- FP16_YYY_cmove(&(f->a),&(g->a),d);
- FP16_YYY_cmove(&(f->b),&(g->b),d);
- FP16_YYY_cmove(&(f->c),&(g->c),d);
-}
-
-/*
-using namespace YYY;
-
-int main() {
- int i;
- FP2 f,w0,w1,X;
- FP4 f0,f1;
- FP16_YYY t0,t1,t2;
- FP48 w,t,lv;
- BIG a,b;
- BIG p;
-
-
- char raw[100];
- csprng RNG; // Crypto Strong RNG
-
- for (i=0; i<100; i++) raw[i]=i;
-
- BIG_rcopy(a,Fra_YYY);
- BIG_rcopy(b,Frb_YYY);
- FP2_from_BIGs(&X,a,b);
-
-
-
- RAND_seed(&RNG,100,raw); // initialise strong RNG
-
- BIG_rcopy(p,Modulus);
-
- BIG_randomnum(a,p,&RNG);
- BIG_randomnum(b,p,&RNG);
- FP2_from_BIGs(&w0,a,b);
-
- BIG_randomnum(a,p,&RNG);
- BIG_randomnum(b,p,&RNG);
- FP2_from_BIGs(&w1,a,b);
-
- FP4_from_FP2s(&f0,&w0,&w1);
-
- BIG_randomnum(a,p,&RNG);
- BIG_randomnum(b,p,&RNG);
- FP2_from_BIGs(&w0,a,b);
-
- BIG_randomnum(a,p,&RNG);
- BIG_randomnum(b,p,&RNG);
- FP2_from_BIGs(&w1,a,b);
-
- FP4_from_FP2s(&f1,&w0,&w1);
- FP16_YYY_from_FP4s(&t0,&f0,&f1);
-
- BIG_randomnum(a,p,&RNG);
- BIG_randomnum(b,p,&RNG);
- FP2_from_BIGs(&w0,a,b);
-
- BIG_randomnum(a,p,&RNG);
- BIG_randomnum(b,p,&RNG);
- FP2_from_BIGs(&w1,a,b);
-
- FP4_from_FP2s(&f0,&w0,&w1);
-
- BIG_randomnum(a,p,&RNG);
- BIG_randomnum(b,p,&RNG);
- FP2_from_BIGs(&w0,a,b);
-
- BIG_randomnum(a,p,&RNG);
- BIG_randomnum(b,p,&RNG);
- FP2_from_BIGs(&w1,a,b);
-
- FP4_from_FP2s(&f1,&w0,&w1);
- FP16_YYY_from_FP4s(&t1,&f0,&f1);
-
- BIG_randomnum(a,p,&RNG);
- BIG_randomnum(b,p,&RNG);
- FP2_from_BIGs(&w0,a,b);
-
- BIG_randomnum(a,p,&RNG);
- BIG_randomnum(b,p,&RNG);
- FP2_from_BIGs(&w1,a,b);
-
- FP4_from_FP2s(&f0,&w0,&w1);
-
- BIG_randomnum(a,p,&RNG);
- BIG_randomnum(b,p,&RNG);
- FP2_from_BIGs(&w0,a,b);
-
- BIG_randomnum(a,p,&RNG);
- BIG_randomnum(b,p,&RNG);
- FP2_from_BIGs(&w1,a,b);
-
- FP4_from_FP2s(&f1,&w0,&w1);
- FP16_YYY_from_FP4s(&t2,&f0,&f1);
-
- FP48_from_FP16s(&w,&t0,&t1,&t2);
-
-
- FP48_copy(&t,&w);
-
- printf("w= ");
- FP48_output(&w);
- printf("\n");
-
- FP48_norm(&w);
-
- printf("w^p= ");
- FP48_frob(&w,&X);
- FP48_output(&w);
- printf("\n");
-
-// printf("p.w= ");
-// FP48_ppow(&t,&t,p);
-// FP48_output(&t);
-// printf("\n");
-
- printf("1/w= ");
- FP48_inv(&t,&w);
- FP48_output(&t);
- printf("\n");
-
- printf("w= ");
- FP48_inv(&w,&t);
- FP48_output(&w);
- printf("\n");
-
- return 0;
-}
-
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/fp48.h
----------------------------------------------------------------------
diff --git a/version3/c/fp48.h b/version3/c/fp48.h
deleted file mode 100644
index 75065b5..0000000
--- a/version3/c/fp48.h
+++ /dev/null
@@ -1,196 +0,0 @@
-#ifndef FP48_YYY_H
-#define FP48_YYY_H
-
-#include "fp16_YYY.h"
-
-/**
- @brief FP12 Structure - towered over three FP16
-*/
-
-typedef struct
-{
- FP16_YYY a; /**< first part of FP12 */
- FP16_YYY b; /**< second part of FP12 */
- FP16_YYY c; /**< third part of FP12 */
-} FP48_YYY;
-
-extern const BIG_XXX Fra_YYY; /**< real part of BN curve Frobenius Constant */
-extern const BIG_XXX Frb_YYY; /**< imaginary part of BN curve Frobenius Constant */
-
-/* FP48 prototypes */
-/** @brief Tests for FP48 equal to zero
- *
- @param x FP48 number to be tested
- @return 1 if zero, else returns 0
- */
-extern int FP48_YYY_iszilch(FP48_YYY *x);
-/** @brief Tests for FP48 equal to unity
- *
- @param x FP48 number to be tested
- @return 1 if unity, else returns 0
- */
-extern int FP48_YYY_isunity(FP48_YYY *x);
-/** @brief Copy FP48 to another FP48
- *
- @param x FP48 instance, on exit = y
- @param y FP48 instance to be copied
- */
-extern void FP48_YYY_copy(FP48_YYY *x,FP48_YYY *y);
-/** @brief Set FP48 to unity
- *
- @param x FP48 instance to be set to one
- */
-extern void FP48_YYY_one(FP48_YYY *x);
-/** @brief Tests for equality of two FP48s
- *
- @param x FP48 instance to be compared
- @param y FP48 instance to be compared
- @return 1 if x=y, else returns 0
- */
-extern int FP48_YYY_equals(FP48_YYY *x,FP48_YYY *y);
-/** @brief Conjugation of FP48
- *
- If y=(a,b,c) (where a,b,c are its three FP16 components) on exit x=(conj(a),-conj(b),conj(c))
- @param x FP48 instance, on exit = conj(y)
- @param y FP48 instance
- */
-extern void FP48_YYY_conj(FP48_YYY *x,FP48_YYY *y);
-/** @brief Initialise FP48 from single FP16
- *
- Sets first FP16 component of an FP48, other components set to zero
- @param x FP48 instance to be initialised
- @param a FP16 to form first part of FP48
- */
-extern void FP48_YYY_from_FP16(FP48_YYY *x,FP16_YYY *a);
-/** @brief Initialise FP48 from three FP16s
- *
- @param x FP48 instance to be initialised
- @param a FP16 to form first part of FP48
- @param b FP16 to form second part of FP48
- @param c FP16 to form third part of FP48
- */
-extern void FP48_YYY_from_FP16s(FP48_YYY *x,FP16_YYY *a,FP16_YYY* b,FP16_YYY *c);
-/** @brief Fast Squaring of an FP48 in "unitary" form
- *
- @param x FP48 instance, on exit = y^2
- @param y FP16 instance, must be unitary
- */
-extern void FP48_YYY_usqr(FP48_YYY *x,FP48_YYY *y);
-/** @brief Squaring an FP48
- *
- @param x FP48 instance, on exit = y^2
- @param y FP48 instance
- */
-extern void FP48_YYY_sqr(FP48_YYY *x,FP48_YYY *y);
-/** @brief Fast multiplication of an FP48 by an FP48 that arises from an ATE pairing line function
- *
- Here the multiplier has a special form that can be exploited
- @param x FP48 instance, on exit = x*y
- @param y FP48 instance, of special form
- @param t D_TYPE or M_TYPE twist
- */
-extern void FP48_YYY_smul(FP48_YYY *x,FP48_YYY *y,int t);
-/** @brief Multiplication of two FP48s
- *
- @param x FP48 instance, on exit = x*y
- @param y FP48 instance, the multiplier
- */
-extern void FP48_YYY_mul(FP48_YYY *x,FP48_YYY *y);
-/** @brief Inverting an FP48
- *
- @param x FP48 instance, on exit = 1/y
- @param y FP48 instance
- */
-extern void FP48_YYY_inv(FP48_YYY *x,FP48_YYY *y);
-/** @brief Raises an FP48 to the power of a BIG
- *
- @param r FP48 instance, on exit = y^b
- @param x FP48 instance
- @param b BIG number
- */
-extern void FP48_YYY_pow(FP48_YYY *r,FP48_YYY *x,BIG_XXX b);
-
-//extern void FP48_ppow(FP48 *r,FP48 *x,BIG b);
-
-/** @brief Raises an FP48 instance x to a small integer power, side-channel resistant
- *
- @param x FP48 instance, on exit = x^i
- @param i small integer exponent
- @param b maximum number of bits in exponent
- */
-extern void FP48_YYY_pinpow(FP48_YYY *x,int i,int b);
-
-/** @brief Raises an FP48 instance x to a BIG_XXX power, compressed to FP16
- *
- @param c FP16 instance, on exit = x^(e mod r) as FP16
- @param x FP48 input
- @param e BIG exponent
- @param r BIG group order
- */
-extern void FP48_YYY_compow(FP16_YYY *c,FP48_YYY *x,BIG_XXX e,BIG_XXX r);
-
-/** @brief Calculate Pi x[i]^b[i] for i=0 to 15, side-channel resistant
- *
- @param r FP48 instance, on exit = Pi x[i]^b[i] for i=0 to 15
- @param x FP48 array with 16 FP48s
- @param b BIG array of 16 exponents
- */
-extern void FP48_YYY_pow16(FP48_YYY *r,FP48_YYY *x,BIG_XXX *b);
-
-
-/** @brief Raises an FP48 to the power of the internal modulus p, using the Frobenius
- *
- @param x FP48 instance, on exit = x^p^n
- @param f FP2 precalculated Frobenius constant
- @param n power of p
- */
-extern void FP48_YYY_frob(FP48_YYY *x,FP2_YYY *f,int n);
-
-/** @brief Reduces all components of possibly unreduced FP48 mod Modulus
- *
- @param x FP48 instance, on exit reduced mod Modulus
- */
-extern void FP48_YYY_reduce(FP48_YYY *x);
-/** @brief Normalises the components of an FP48
- *
- @param x FP48 instance to be normalised
- */
-extern void FP48_YYY_norm(FP48_YYY *x);
-/** @brief Formats and outputs an FP48 to the console
- *
- @param x FP48 instance to be printed
- */
-extern void FP48_YYY_output(FP48_YYY *x);
-/** @brief Formats and outputs an FP48 instance to an octet string
- *
- Serializes the components of an FP48 to big-endian base 256 form.
- @param S output octet string
- @param x FP48 instance to be converted to an octet string
- */
-extern void FP48_YYY_toOctet(octet *S,FP48_YYY *x);
-/** @brief Creates an FP48 instance from an octet string
- *
- De-serializes the components of an FP48 to create an FP48 from big-endian base 256 components.
- @param x FP48 instance to be created from an octet string
- @param S input octet string
-
- */
-extern void FP48_YYY_fromOctet(FP48_YYY *x,octet *S);
-/** @brief Calculate the trace of an FP48
- *
- @param t FP16 trace of x, on exit = tr(x)
- @param x FP48 instance
-
- */
-extern void FP48_YYY_trace(FP16_YYY *t,FP48_YYY *x);
-
-/** @brief Conditional copy of FP48 number
- *
- Conditionally copies second parameter to the first (without branching)
- @param x FP48 instance, set to y if s!=0
- @param y another FP48 instance
- @param s copy only takes place if not equal to 0
- */
-extern void FP48_YYY_cmove(FP48_YYY *x,FP48_YYY *y,int s);
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/fp8.c
----------------------------------------------------------------------
diff --git a/version3/c/fp8.c b/version3/c/fp8.c
deleted file mode 100644
index a2349c5..0000000
--- a/version3/c/fp8.c
+++ /dev/null
@@ -1,795 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL Fp^8 functions */
-
-/* FP8 elements are of the form a+ib, where i is sqrt(sqrt(-1+sqrt(-1))) */
-
-#include "fp8_YYY.h"
-
-
-/* test x==0 ? */
-int FP8_YYY_iszilch(FP8_YYY *x)
-{
- if (FP4_YYY_iszilch(&(x->a)) && FP4_YYY_iszilch(&(x->b))) return 1;
- return 0;
-}
-
-/* test x==1 ? */
-int FP8_YYY_isunity(FP8_YYY *x)
-{
- if (FP4_YYY_isunity(&(x->a)) && FP4_YYY_iszilch(&(x->b))) return 1;
- return 0;
-}
-
-/* test is w real? That is in a+ib test b is zero */
-int FP8_YYY_isreal(FP8_YYY *w)
-{
- return FP4_YYY_iszilch(&(w->b));
-}
-
-/* return 1 if x==y, else 0 */
-int FP8_YYY_equals(FP8_YYY *x,FP8_YYY *y)
-{
- if (FP4_YYY_equals(&(x->a),&(y->a)) && FP4_YYY_equals(&(x->b),&(y->b)))
- return 1;
- return 0;
-}
-
-/* set FP8 from two FP4s */
-void FP8_YYY_from_FP4s(FP8_YYY *w,FP4_YYY * x,FP4_YYY* y)
-{
- FP4_YYY_copy(&(w->a), x);
- FP4_YYY_copy(&(w->b), y);
-}
-
-/* set FP8 from FP4 */
-void FP8_YYY_from_FP4(FP8_YYY *w,FP4_YYY *x)
-{
- FP4_YYY_copy(&(w->a), x);
- FP4_YYY_zero(&(w->b));
-}
-
-/* set high part of FP8 from FP4 */
-void FP8_YYY_from_FP4H(FP8_YYY *w,FP4_YYY *x)
-{
- FP4_YYY_copy(&(w->b), x);
- FP4_YYY_zero(&(w->a));
-}
-
-/* FP8 copy w=x */
-void FP8_YYY_copy(FP8_YYY *w,FP8_YYY *x)
-{
- if (w==x) return;
- FP4_YYY_copy(&(w->a), &(x->a));
- FP4_YYY_copy(&(w->b), &(x->b));
-}
-
-/* FP8 w=0 */
-void FP8_YYY_zero(FP8_YYY *w)
-{
- FP4_YYY_zero(&(w->a));
- FP4_YYY_zero(&(w->b));
-}
-
-/* FP8 w=1 */
-void FP8_YYY_one(FP8_YYY *w)
-{
- FP4_YYY_one(&(w->a));
- FP4_YYY_zero(&(w->b));
-}
-
-/* Set w=-x */
-void FP8_YYY_neg(FP8_YYY *w,FP8_YYY *x)
-{
- /* Just one field neg */
- FP4_YYY m,t;
- FP8_YYY_norm(x);
-//printf("Into neg 1\n");
- FP4_YYY_add(&m,&(x->a),&(x->b));
- FP4_YYY_norm(&m);
-//printf("Into neg 2\n");
- FP4_YYY_neg(&m,&m);
-//printf("Into neg 3\n");
- FP4_YYY_add(&t,&m,&(x->b));
-//printf("Into neg 4\n");
- FP4_YYY_add(&(w->b),&m,&(x->a));
-//printf("Into neg 5\n");
- FP4_YYY_copy(&(w->a),&t);
- FP8_YYY_norm(w);
-}
-
-/* Set w=conj(x) */
-void FP8_YYY_conj(FP8_YYY *w,FP8_YYY *x)
-{
- FP4_YYY_copy(&(w->a), &(x->a));
- FP4_YYY_neg(&(w->b), &(x->b));
- FP8_YYY_norm(w);
-}
-
-/* Set w=-conj(x) */
-void FP8_YYY_nconj(FP8_YYY *w,FP8_YYY *x)
-{
- FP4_YYY_copy(&(w->b),&(x->b));
- FP4_YYY_neg(&(w->a), &(x->a));
- FP8_YYY_norm(w);
-}
-
-/* Set w=x+y */
-void FP8_YYY_add(FP8_YYY *w,FP8_YYY *x,FP8_YYY *y)
-{
- FP4_YYY_add(&(w->a), &(x->a), &(y->a));
- FP4_YYY_add(&(w->b), &(x->b), &(y->b));
-}
-
-/* Set w=x-y */
-/* Input y MUST be normed */
-void FP8_YYY_sub(FP8_YYY *w,FP8_YYY *x,FP8_YYY *y)
-{
- FP8_YYY my;
-
- FP8_YYY_neg(&my, y);
- FP8_YYY_add(w, x, &my);
-
-}
-
-/* reduce all components of w mod Modulus */
-void FP8_YYY_reduce(FP8_YYY *w)
-{
- FP4_YYY_reduce(&(w->a));
- FP4_YYY_reduce(&(w->b));
-}
-
-/* normalise all elements of w */
-void FP8_YYY_norm(FP8_YYY *w)
-{
- FP4_YYY_norm(&(w->a));
- FP4_YYY_norm(&(w->b));
-}
-
-/* Set w=s*x, where s is FP4 */
-void FP8_YYY_pmul(FP8_YYY *w,FP8_YYY *x,FP4_YYY *s)
-{
- FP4_YYY_mul(&(w->a),&(x->a),s);
- FP4_YYY_mul(&(w->b),&(x->b),s);
-}
-
-/* Set w=s*x, where s is FP2 */
-void FP8_YYY_qmul(FP8_YYY *w,FP8_YYY *x,FP2_YYY *s)
-{
- FP4_YYY_pmul(&(w->a),&(x->a),s);
- FP4_YYY_pmul(&(w->b),&(x->b),s);
-}
-
-/* Set w=s*x, where s is FP2 */
-void FP8_YYY_tmul(FP8_YYY *w,FP8_YYY *x,FP_YYY *s)
-{
- FP4_YYY_qmul(&(w->a),&(x->a),s);
- FP4_YYY_qmul(&(w->b),&(x->b),s);
-}
-
-/* Set w=s*x, where s is int */
-void FP8_YYY_imul(FP8_YYY *w,FP8_YYY *x,int s)
-{
- FP4_YYY_imul(&(w->a),&(x->a),s);
- FP4_YYY_imul(&(w->b),&(x->b),s);
-}
-
-/* Set w=x^2 */
-/* Input MUST be normed */
-void FP8_YYY_sqr(FP8_YYY *w,FP8_YYY *x)
-{
- FP4_YYY t1,t2,t3;
-
- FP4_YYY_mul(&t3,&(x->a),&(x->b)); /* norms x */
- FP4_YYY_copy(&t2,&(x->b));
- FP4_YYY_add(&t1,&(x->a),&(x->b));
- FP4_YYY_times_i(&t2);
-
- FP4_YYY_add(&t2,&(x->a),&t2);
-
- FP4_YYY_norm(&t1); // 2
- FP4_YYY_norm(&t2); // 2
-
- FP4_YYY_mul(&(w->a),&t1,&t2);
-
- FP4_YYY_copy(&t2,&t3);
- FP4_YYY_times_i(&t2);
-
- FP4_YYY_add(&t2,&t2,&t3);
-
- FP4_YYY_norm(&t2); // 2
- FP4_YYY_neg(&t2,&t2);
- FP4_YYY_add(&(w->a),&(w->a),&t2); /* a=(a+b)(a+i^2.b)-i^2.ab-ab = a*a+ib*ib */
- FP4_YYY_add(&(w->b),&t3,&t3); /* b=2ab */
-
- FP8_YYY_norm(w);
-}
-
-/* Set w=x*y */
-/* Inputs MUST be normed */
-void FP8_YYY_mul(FP8_YYY *w,FP8_YYY *x,FP8_YYY *y)
-{
-
- FP4_YYY t1,t2,t3,t4;
- FP4_YYY_mul(&t1,&(x->a),&(y->a));
- FP4_YYY_mul(&t2,&(x->b),&(y->b));
-
- FP4_YYY_add(&t3,&(y->b),&(y->a));
- FP4_YYY_add(&t4,&(x->b),&(x->a));
-
- FP4_YYY_norm(&t4); // 2
- FP4_YYY_norm(&t3); // 2
-
- FP4_YYY_mul(&t4,&t4,&t3); /* (xa+xb)(ya+yb) */
-
- FP4_YYY_neg(&t3,&t1); // 1
- FP4_YYY_add(&t4,&t4,&t3); //t4E=3
- FP4_YYY_norm(&t4);
-
- FP4_YYY_neg(&t3,&t2); // 1
- FP4_YYY_add(&(w->b),&t4,&t3); //wbE=3
-
- FP4_YYY_times_i(&t2);
- FP4_YYY_add(&(w->a),&t2,&t1);
-
- FP8_YYY_norm(w);
-}
-
-/* output FP8 in format [a,b] */
-void FP8_YYY_output(FP8_YYY *w)
-{
- printf("[");
- FP4_YYY_output(&(w->a));
- printf(",");
- FP4_YYY_output(&(w->b));
- printf("]");
-}
-
-void FP8_YYY_rawoutput(FP8_YYY *w)
-{
- printf("[");
- FP4_YYY_rawoutput(&(w->a));
- printf(",");
- FP4_YYY_rawoutput(&(w->b));
- printf("]");
-}
-
-/* Set w=1/x */
-void FP8_YYY_inv(FP8_YYY *w,FP8_YYY *x)
-{
- FP4_YYY t1,t2;
- FP4_YYY_sqr(&t1,&(x->a));
- FP4_YYY_sqr(&t2,&(x->b));
- FP4_YYY_times_i(&t2);
- FP4_YYY_norm(&t2);
-
- FP4_YYY_sub(&t1,&t1,&t2);
- FP4_YYY_norm(&t1);
-//printf(" in mark 1\n");
- FP4_YYY_inv(&t1,&t1);
-//printf(" in mark 2\n");
- FP4_YYY_mul(&(w->a),&t1,&(x->a));
- FP4_YYY_neg(&t1,&t1);
- FP4_YYY_norm(&t1);
- FP4_YYY_mul(&(w->b),&t1,&(x->b));
-}
-
-/* w*=i where i = sqrt(sqrt(-1+sqrt(-1))) */
-void FP8_YYY_times_i(FP8_YYY *w)
-{
- FP4_YYY s,t;
- FP4_YYY_copy(&s,&(w->b));
- FP4_YYY_copy(&t,&(w->a));
- FP4_YYY_times_i(&s);
- FP4_YYY_copy(&(w->a),&s);
- FP4_YYY_copy(&(w->b),&t);
- FP8_YYY_norm(w);
-}
-
-void FP8_YYY_times_i2(FP8_YYY *w)
-{
- FP4_YYY_times_i(&(w->a));
- FP4_YYY_times_i(&(w->b));
-}
-
-/* Set w=w^p using Frobenius */
-void FP8_YYY_frob(FP8_YYY *w,FP2_YYY *f)
-{ // f=(i+1)^(p-3)/4
- FP2_YYY ff;
- FP2_YYY_sqr(&ff,f); // (i+1)^(p-3)/2
- FP2_YYY_mul_ip(&ff); // (i+1)^(p-1)/2
- FP2_YYY_norm(&ff);
-//printf("in in here 1\n");
- FP4_YYY_frob(&(w->a),&ff);
- FP4_YYY_frob(&(w->b),&ff);
-//printf("in in here 2\n");
- FP4_YYY_pmul(&(w->b),&(w->b),f); // times (1+i)^(p-3)/4
- FP4_YYY_times_i(&(w->b)); // (i+1)^(p-1)/4
-}
-
-/* Set r=a^b mod m */
-void FP8_YYY_pow(FP8_YYY *r,FP8_YYY* a,BIG_XXX b)
-{
- FP8_YYY w;
- BIG_XXX z,zilch;
- int bt;
-
- BIG_XXX_zero(zilch);
-
- BIG_XXX_copy(z,b);
- FP8_YYY_copy(&w,a);
- FP8_YYY_norm(&w);
- FP8_YYY_one(r);
- BIG_XXX_norm(z);
- while(1)
- {
- bt=BIG_XXX_parity(z);
- BIG_XXX_shr(z,1);
- if (bt) FP8_YYY_mul(r,r,&w);
- if (BIG_XXX_comp(z,zilch)==0) break;
- FP8_YYY_sqr(&w,&w);
- }
- FP8_YYY_reduce(r);
-}
-
-#if CURVE_SECURITY_ZZZ == 192
-
-/* XTR xtr_a function */
-void FP8_YYY_xtr_A(FP8_YYY *r,FP8_YYY *w,FP8_YYY *x,FP8_YYY *y,FP8_YYY *z)
-{
- FP8_YYY t1,t2;
-
- FP8_YYY_copy(r,x);
- FP8_YYY_sub(&t1,w,y);
- FP8_YYY_norm(&t1);
- FP8_YYY_pmul(&t1,&t1,&(r->a));
- FP8_YYY_add(&t2,w,y);
- FP8_YYY_norm(&t2);
- FP8_YYY_pmul(&t2,&t2,&(r->b));
- FP8_YYY_times_i(&t2);
-
- FP8_YYY_add(r,&t1,&t2);
- FP8_YYY_add(r,r,z);
-
- FP8_YYY_reduce(r);
-}
-
-/* XTR xtr_d function */
-void FP8_YYY_xtr_D(FP8_YYY *r,FP8_YYY *x)
-{
- FP8_YYY w;
- FP8_YYY_copy(r,x);
- FP8_YYY_conj(&w,r);
- FP8_YYY_add(&w,&w,&w);
- FP8_YYY_sqr(r,r);
- FP8_YYY_norm(&w);
- FP8_YYY_sub(r,r,&w);
- FP8_YYY_reduce(r); /* reduce here as multiple calls trigger automatic reductions */
-}
-
-/* r=x^n using XTR method on traces of FP12s */
-void FP8_YYY_xtr_pow(FP8_YYY *r,FP8_YYY *x,BIG_XXX n)
-{
- int i,par,nb;
- BIG_XXX v;
- FP2_YYY w2;
- FP4_YYY w4;
- FP8_YYY t,a,b,c,sf;
-
- BIG_XXX_zero(v);
- BIG_XXX_inc(v,3);
- BIG_XXX_norm(v);
- FP2_YYY_from_BIG(&w2,v);
- FP4_YYY_from_FP2(&w4,&w2);
- FP8_YYY_from_FP4(&a,&w4);
- FP8_YYY_copy(&sf,x);
- FP8_YYY_norm(&sf);
- FP8_YYY_copy(&b,&sf);
- FP8_YYY_xtr_D(&c,&sf);
-
- par=BIG_XXX_parity(n);
- BIG_XXX_copy(v,n);
- BIG_XXX_norm(v);
- BIG_XXX_shr(v,1);
- if (par==0)
- {
- BIG_XXX_dec(v,1);
- BIG_XXX_norm(v);
- }
-
- nb=BIG_XXX_nbits(v);
- for (i=nb-1; i>=0; i--)
- {
- if (!BIG_XXX_bit(v,i))
- {
- FP8_YYY_copy(&t,&b);
- FP8_YYY_conj(&sf,&sf);
- FP8_YYY_conj(&c,&c);
- FP8_YYY_xtr_A(&b,&a,&b,&sf,&c);
- FP8_YYY_conj(&sf,&sf);
- FP8_YYY_xtr_D(&c,&t);
- FP8_YYY_xtr_D(&a,&a);
- }
- else
- {
- FP8_YYY_conj(&t,&a);
- FP8_YYY_xtr_D(&a,&b);
- FP8_YYY_xtr_A(&b,&c,&b,&sf,&t);
- FP8_YYY_xtr_D(&c,&c);
- }
- }
-
- if (par==0) FP8_YYY_copy(r,&c);
- else FP8_YYY_copy(r,&b);
- FP8_YYY_reduce(r);
-}
-
-/* r=ck^a.cl^n using XTR double exponentiation method on traces of FP12s. See Stam thesis. */
-void FP8_YYY_xtr_pow2(FP8_YYY *r,FP8_YYY *ck,FP8_YYY *cl,FP8_YYY *ckml,FP8_YYY *ckm2l,BIG_XXX a,BIG_XXX b)
-{
- int i,f2;
- BIG_XXX d,e,w;
- FP8_YYY t,cu,cv,cumv,cum2v;
-
-
- BIG_XXX_copy(e,a);
- BIG_XXX_copy(d,b);
- BIG_XXX_norm(e);
- BIG_XXX_norm(d);
- FP8_YYY_copy(&cu,ck);
- FP8_YYY_copy(&cv,cl);
- FP8_YYY_copy(&cumv,ckml);
- FP8_YYY_copy(&cum2v,ckm2l);
-
- f2=0;
- while (BIG_XXX_parity(d)==0 && BIG_XXX_parity(e)==0)
- {
- BIG_XXX_shr(d,1);
- BIG_XXX_shr(e,1);
- f2++;
- }
- while (BIG_XXX_comp(d,e)!=0)
- {
- if (BIG_XXX_comp(d,e)>0)
- {
- BIG_XXX_imul(w,e,4);
- BIG_XXX_norm(w);
- if (BIG_XXX_comp(d,w)<=0)
- {
- BIG_XXX_copy(w,d);
- BIG_XXX_copy(d,e);
- BIG_XXX_sub(e,w,e);
- BIG_XXX_norm(e);
- FP8_YYY_xtr_A(&t,&cu,&cv,&cumv,&cum2v);
- FP8_YYY_conj(&cum2v,&cumv);
- FP8_YYY_copy(&cumv,&cv);
- FP8_YYY_copy(&cv,&cu);
- FP8_YYY_copy(&cu,&t);
- }
- else if (BIG_XXX_parity(d)==0)
- {
- BIG_XXX_shr(d,1);
- FP8_YYY_conj(r,&cum2v);
- FP8_YYY_xtr_A(&t,&cu,&cumv,&cv,r);
- FP8_YYY_xtr_D(&cum2v,&cumv);
- FP8_YYY_copy(&cumv,&t);
- FP8_YYY_xtr_D(&cu,&cu);
- }
- else if (BIG_XXX_parity(e)==1)
- {
- BIG_XXX_sub(d,d,e);
- BIG_XXX_norm(d);
- BIG_XXX_shr(d,1);
- FP8_YYY_xtr_A(&t,&cu,&cv,&cumv,&cum2v);
- FP8_YYY_xtr_D(&cu,&cu);
- FP8_YYY_xtr_D(&cum2v,&cv);
- FP8_YYY_conj(&cum2v,&cum2v);
- FP8_YYY_copy(&cv,&t);
- }
- else
- {
- BIG_XXX_copy(w,d);
- BIG_XXX_copy(d,e);
- BIG_XXX_shr(d,1);
- BIG_XXX_copy(e,w);
- FP8_YYY_xtr_D(&t,&cumv);
- FP8_YYY_conj(&cumv,&cum2v);
- FP8_YYY_conj(&cum2v,&t);
- FP8_YYY_xtr_D(&t,&cv);
- FP8_YYY_copy(&cv,&cu);
- FP8_YYY_copy(&cu,&t);
- }
- }
- if (BIG_XXX_comp(d,e)<0)
- {
- BIG_XXX_imul(w,d,4);
- BIG_XXX_norm(w);
- if (BIG_XXX_comp(e,w)<=0)
- {
- BIG_XXX_sub(e,e,d);
- BIG_XXX_norm(e);
- FP8_YYY_xtr_A(&t,&cu,&cv,&cumv,&cum2v);
- FP8_YYY_copy(&cum2v,&cumv);
- FP8_YYY_copy(&cumv,&cu);
- FP8_YYY_copy(&cu,&t);
- }
- else if (BIG_XXX_parity(e)==0)
- {
- BIG_XXX_copy(w,d);
- BIG_XXX_copy(d,e);
- BIG_XXX_shr(d,1);
- BIG_XXX_copy(e,w);
- FP8_YYY_xtr_D(&t,&cumv);
- FP8_YYY_conj(&cumv,&cum2v);
- FP8_YYY_conj(&cum2v,&t);
- FP8_YYY_xtr_D(&t,&cv);
- FP8_YYY_copy(&cv,&cu);
- FP8_YYY_copy(&cu,&t);
- }
- else if (BIG_XXX_parity(d)==1)
- {
- BIG_XXX_copy(w,e);
- BIG_XXX_copy(e,d);
- BIG_XXX_sub(w,w,d);
- BIG_XXX_norm(w);
- BIG_XXX_copy(d,w);
- BIG_XXX_shr(d,1);
- FP8_YYY_xtr_A(&t,&cu,&cv,&cumv,&cum2v);
- FP8_YYY_conj(&cumv,&cumv);
- FP8_YYY_xtr_D(&cum2v,&cu);
- FP8_YYY_conj(&cum2v,&cum2v);
- FP8_YYY_xtr_D(&cu,&cv);
- FP8_YYY_copy(&cv,&t);
- }
- else
- {
- BIG_XXX_shr(d,1);
- FP8_YYY_conj(r,&cum2v);
- FP8_YYY_xtr_A(&t,&cu,&cumv,&cv,r);
- FP8_YYY_xtr_D(&cum2v,&cumv);
- FP8_YYY_copy(&cumv,&t);
- FP8_YYY_xtr_D(&cu,&cu);
- }
- }
- }
- FP8_YYY_xtr_A(r,&cu,&cv,&cumv,&cum2v);
- for (i=0; i<f2; i++) FP8_YYY_xtr_D(r,r);
- FP8_YYY_xtr_pow(r,r,d);
-}
-
-#endif
-
-
-/* New stuff for ECp8 support */
-
-/* Move b to a if d=1 */
-void FP8_YYY_cmove(FP8_YYY *f,FP8_YYY *g,int d)
-{
- FP4_YYY_cmove(&(f->a),&(g->a),d);
- FP4_YYY_cmove(&(f->b),&(g->b),d);
-}
-
-#if CURVE_SECURITY_ZZZ == 256
-
-/* sqrt(a+xb) = sqrt((a+sqrt(a*a-n*b*b))/2)+x.b/(2*sqrt((a+sqrt(a*a-n*b*b))/2)) */
-/* returns true if x is QR */
-int FP8_YYY_sqrt(FP8_YYY *r,FP8_YYY* x)
-{
- FP4_YYY a,s,t;
-
- FP8_YYY_copy(r,x);
- if (FP8_YYY_iszilch(x))
- return 1;
-
- FP4_YYY_copy(&a,&(x->a));
- FP4_YYY_copy(&s,&(x->b));
-
- if (FP4_YYY_iszilch(&s))
- {
- if (FP4_YYY_sqrt(&t,&a))
- {
- FP8_YYY_from_FP4(r,&t);
- }
- else
- {
- FP4_YYY_div_i(&a);
- FP4_YYY_sqrt(&t,&a);
- FP8_YYY_from_FP4H(r,&t);
- }
- return 1;
- }
-
- FP4_YYY_sqr(&s,&s); // s*=s
- FP4_YYY_sqr(&a,&a); // a*=a
- FP4_YYY_times_i(&s);
- FP4_YYY_norm(&s);
- FP4_YYY_sub(&a,&a,&s); // a-=txx(s)
-
- if (!FP4_YYY_sqrt(&s,&a)) return 0;
-
- FP4_YYY_sqr(&t,&s);
-
-
- FP4_YYY_copy(&t,&(x->a));
- FP4_YYY_add(&a,&t,&s);
- FP4_YYY_norm(&a);
- FP4_YYY_div2(&a,&a);
-
- if (!FP4_YYY_sqrt(&a,&a))
- {
- FP4_YYY_sub(&a,&t,&s);
- FP4_YYY_norm(&a);
- FP4_YYY_div2(&a,&a);
- if (!FP4_YYY_sqrt(&a,&a)) return 0;
- }
-
- FP4_YYY_copy(&t,&(x->b));
- FP4_YYY_add(&s,&a,&a);
- FP4_YYY_inv(&s,&s);
-
- FP4_YYY_mul(&t,&t,&s);
- FP8_YYY_from_FP4s(r,&a,&t);
-
- return 1;
-
-}
-
-
-void FP8_YYY_div_i(FP8_YYY *f)
-{
- FP4_YYY u,v;
- FP4_YYY_copy(&u,&(f->a));
- FP4_YYY_copy(&v,&(f->b));
- FP4_YYY_div_i(&u);
- FP4_YYY_copy(&(f->a),&v);
- FP4_YYY_copy(&(f->b),&u);
-}
-
-void FP8_YYY_div_i2(FP8_YYY *f)
-{
- FP4_YYY_div_i(&(f->a));
- FP4_YYY_div_i(&(f->b));
-}
-
-
-void FP8_YYY_div_2i(FP8_YYY *f)
-{
- FP4_YYY u,v;
- FP4_YYY_copy(&u,&(f->a));
- FP4_YYY_copy(&v,&(f->b));
- FP4_YYY_div_2i(&u);
- FP4_YYY_add(&v,&v,&v);
- FP4_YYY_norm(&v);
- FP4_YYY_copy(&(f->a),&v);
- FP4_YYY_copy(&(f->b),&u);
-}
-
-#endif
-
-/*
-int main(){
- FP2 w0,w1,f;
- FP4 w,t;
- FP4 c1,c2,c3,c4,cr;
- BIG a,b;
- BIG e,e1,e2;
- BIG p,md;
-
-
- BIG_rcopy(md,Modulus);
- //Test w^(P^4) = w mod p^2
- BIG_zero(a); BIG_inc(a,27);
- BIG_zero(b); BIG_inc(b,45);
- FP2_from_BIGs(&w0,a,b);
-
- BIG_zero(a); BIG_inc(a,33);
- BIG_zero(b); BIG_inc(b,54);
- FP2_from_BIGs(&w1,a,b);
-
- FP4_from_FP2s(&w,&w0,&w1);
- FP4_reduce(&w);
-
- printf("w= ");
- FP4_output(&w);
- printf("\n");
-
-
- FP4_copy(&t,&w);
-
-
- BIG_copy(p,md);
- FP4_pow(&w,&w,p);
-
- printf("w^p= ");
- FP4_output(&w);
- printf("\n");
-//exit(0);
-
- BIG_rcopy(a,CURVE_Fra);
- BIG_rcopy(b,CURVE_Frb);
- FP2_from_BIGs(&f,a,b);
-
- FP4_frob(&t,&f);
- printf("w^p= ");
- FP4_output(&t);
- printf("\n");
-
- FP4_pow(&w,&w,p);
- FP4_pow(&w,&w,p);
- FP4_pow(&w,&w,p);
- printf("w^p4= ");
- FP4_output(&w);
- printf("\n");
-
-// Test 1/(1/x) = x mod p^4
- FP4_from_FP2s(&w,&w0,&w1);
- printf("Test Inversion \nw= ");
- FP4_output(&w);
- printf("\n");
-
- FP4_inv(&w,&w);
- printf("1/w mod p^4 = ");
- FP4_output(&w);
- printf("\n");
-
- FP4_inv(&w,&w);
- printf("1/(1/w) mod p^4 = ");
- FP4_output(&w);
- printf("\n");
-
- BIG_zero(e); BIG_inc(e,12);
-
-
-
- // FP4_xtr_A(&w,&t,&w,&t,&t);
- FP4_xtr_pow(&w,&w,e);
-
- printf("w^e= ");
- FP4_output(&w);
- printf("\n");
-
-
- BIG_zero(a); BIG_inc(a,37);
- BIG_zero(b); BIG_inc(b,17);
- FP2_from_BIGs(&w0,a,b);
-
- BIG_zero(a); BIG_inc(a,49);
- BIG_zero(b); BIG_inc(b,31);
- FP2_from_BIGs(&w1,a,b);
-
- FP4_from_FP2s(&c1,&w0,&w1);
- FP4_from_FP2s(&c2,&w0,&w1);
- FP4_from_FP2s(&c3,&w0,&w1);
- FP4_from_FP2s(&c4,&w0,&w1);
-
- BIG_zero(e1); BIG_inc(e1,3331);
- BIG_zero(e2); BIG_inc(e2,3372);
-
- FP4_xtr_pow2(&w,&c1,&w,&c2,&c3,e1,e2);
-
- printf("c^e= ");
- FP4_output(&w);
- printf("\n");
-
-
- return 0;
-}
-*/
-
[24/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/swift/TestMPIN.swift
----------------------------------------------------------------------
diff --git a/version22/swift/TestMPIN.swift b/version22/swift/TestMPIN.swift
deleted file mode 100644
index 8df61ea..0000000
--- a/version22/swift/TestMPIN.swift
+++ /dev/null
@@ -1,259 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-//
-// TestMPIN.swift
-//
-// Created by Michael Scott on 08/07/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-import Foundation
-//import amcl // comment out for Xcode
-
-public func TestMPIN()
-{
- let PERMITS=true
- let PINERROR=true
- let FULL=true
- let SINGLE_PASS=false
-
- let rng=RAND()
-
- var RAW=[UInt8](repeating: 0,count: 100)
-
- for i in 0 ..< 100 {RAW[i]=UInt8((i+1)&0xff)}
- rng.seed(100,RAW)
-
- let EGS=MPIN.EFS
- let EFS=MPIN.EGS
- let G1S=2*EFS+1 // Group 1 Size
- let G2S=4*EFS; // Group 2 Size
- let EAS=MPIN.PAS
-
- let sha=MPIN.HASH_TYPE
-
- var S=[UInt8](repeating: 0,count: EGS)
- var SST=[UInt8](repeating: 0,count: G2S)
- var TOKEN=[UInt8](repeating: 0,count: G1S)
- var PERMIT=[UInt8](repeating: 0,count: G1S)
- var SEC=[UInt8](repeating: 0,count: G1S)
- var xID=[UInt8](repeating: 0,count: G1S)
- var xCID=[UInt8](repeating: 0,count: G1S)
- var X=[UInt8](repeating: 0,count: EGS)
- var Y=[UInt8](repeating: 0,count: EGS)
- var E=[UInt8](repeating: 0,count: 12*EFS)
- var F=[UInt8](repeating: 0,count: 12*EFS)
- var HID=[UInt8](repeating: 0,count: G1S)
- var HTID=[UInt8](repeating: 0,count: G1S)
-
- var G1=[UInt8](repeating: 0,count: 12*EFS)
- var G2=[UInt8](repeating: 0,count: 12*EFS)
- var R=[UInt8](repeating: 0,count: EGS)
- var Z=[UInt8](repeating: 0,count: G1S)
- var W=[UInt8](repeating: 0,count: EGS)
- var T=[UInt8](repeating: 0,count: G1S)
- var CK=[UInt8](repeating: 0,count: EAS)
- var SK=[UInt8](repeating: 0,count: EAS)
-
- var HSID=[UInt8]()
-
- // Trusted Authority set-up
-
- MPIN.RANDOM_GENERATE(rng,&S)
- print("Master Secret s: 0x",terminator: ""); MPIN.printBinary(S)
-
- // Create Client Identity
- let IDstr = "testUser@miracl.com"
- let CLIENT_ID=[UInt8](IDstr.utf8)
-
- var HCID=MPIN.HASH_ID(sha,CLIENT_ID) // Either Client or TA calculates Hash(ID) - you decide!
-
- print("Client ID= "); MPIN.printBinary(CLIENT_ID)
-
- // Client and Server are issued secrets by DTA
- MPIN.GET_SERVER_SECRET(S,&SST);
- print("Server Secret SS: 0x",terminator: ""); MPIN.printBinary(SST);
-
- MPIN.GET_CLIENT_SECRET(&S,HCID,&TOKEN);
- print("Client Secret CS: 0x",terminator: ""); MPIN.printBinary(TOKEN);
-
- // Client extracts PIN from secret to create Token
- var pin:Int32=1234
- print("Client extracts PIN= \(pin)")
- var rtn=MPIN.EXTRACT_PIN(sha,CLIENT_ID,pin,&TOKEN)
- if rtn != 0 {print("FAILURE: EXTRACT_PIN rtn: \(rtn)")}
-
- print("Client Token TK: 0x",terminator: ""); MPIN.printBinary(TOKEN);
-
- if FULL
- {
- MPIN.PRECOMPUTE(TOKEN,HCID,&G1,&G2);
- }
-
- var date:Int32=0
- if (PERMITS)
- {
- date=MPIN.today()
- // Client gets "Time Token" permit from DTA
- MPIN.GET_CLIENT_PERMIT(sha,date,S,HCID,&PERMIT)
- print("Time Permit TP: 0x",terminator: ""); MPIN.printBinary(PERMIT)
-
- // This encoding makes Time permit look random - Elligator squared
- MPIN.ENCODING(rng,&PERMIT);
- print("Encoded Time Permit TP: 0x",terminator: ""); MPIN.printBinary(PERMIT)
- MPIN.DECODING(&PERMIT)
- print("Decoded Time Permit TP: 0x",terminator: ""); MPIN.printBinary(PERMIT)
- }
-
- // ***** NOW ENTER PIN *******
-
- pin=1234
-
- // **************************
-
- // Set date=0 and PERMIT=null if time permits not in use
-
- //Client First pass: Inputs CLIENT_ID, optional RNG, pin, TOKEN and PERMIT. Output xID =x .H(CLIENT_ID) and re-combined secret SEC
- //If PERMITS are is use, then date!=0 and PERMIT is added to secret and xCID = x.(H(CLIENT_ID)+H(date|H(CLIENT_ID)))
- //Random value x is supplied externally if RNG=null, otherwise generated and passed out by RNG
-
- //IMPORTANT: To save space and time..
- //If Time Permits OFF set xCID = null, HTID=null and use xID and HID only
- //If Time permits are ON, AND pin error detection is required then all of xID, xCID, HID and HTID are required
- //If Time permits are ON, AND pin error detection is NOT required, set xID=null, HID=null and use xCID and HTID only.
-
-
- var pxID:[UInt8]?=xID
- var pxCID:[UInt8]?=xCID
- var pHID:[UInt8]=HID
- var pHTID:[UInt8]?=HTID
- var pE:[UInt8]?=E
- var pF:[UInt8]?=F
- var pPERMIT:[UInt8]?=PERMIT
-
- if date != 0
- {
- if (!PINERROR)
- {
- pxID=nil;
- // pHID=nil;
- }
- }
- else
- {
- pPERMIT=nil;
- pxCID=nil;
- pHTID=nil;
- }
- if (!PINERROR)
- {
- pE=nil;
- pF=nil;
- }
-
- if (SINGLE_PASS)
- {
- print("MPIN Single Pass")
- let timeValue = MPIN.GET_TIME()
-
- rtn=MPIN.CLIENT(sha,date,CLIENT_ID,rng,&X,pin,TOKEN,&SEC,&pxID,&pxCID,pPERMIT!,timeValue,&Y)
-
- if rtn != 0 {print("FAILURE: CLIENT rtn: \(rtn)")}
-
- if (FULL)
- {
- HCID=MPIN.HASH_ID(sha,CLIENT_ID);
- MPIN.GET_G1_MULTIPLE(rng,1,&R,HCID,&Z); // Also Send Z=r.ID to Server, remember random r
- }
- rtn=MPIN.SERVER(sha,date,&pHID,&pHTID,&Y,SST,pxID,pxCID!,SEC,&pE,&pF,CLIENT_ID,timeValue)
- if rtn != 0 {print("FAILURE: SERVER rtn: \(rtn)")}
-
- if (FULL)
- { // Also send T=w.ID to client, remember random w
- HSID=MPIN.HASH_ID(sha,CLIENT_ID);
- if date != 0 {MPIN.GET_G1_MULTIPLE(rng,0,&W,pHTID!,&T)}
- else {MPIN.GET_G1_MULTIPLE(rng,0,&W,pHID,&T)}
-
- }
- }
- else
- {
- print("MPIN Multi Pass");
- // Send U=x.ID to server, and recreate secret from token and pin
- rtn=MPIN.CLIENT_1(sha,date,CLIENT_ID,rng,&X,pin,TOKEN,&SEC,&pxID,&pxCID,pPERMIT!)
- if rtn != 0 {print("FAILURE: CLIENT_1 rtn: \(rtn)")}
-
- if (FULL)
- {
- HCID=MPIN.HASH_ID(sha,CLIENT_ID);
- MPIN.GET_G1_MULTIPLE(rng,1,&R,HCID,&Z); // Also Send Z=r.ID to Server, remember random r
- }
-
- // Server calculates H(ID) and H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp.
- MPIN.SERVER_1(sha,date,CLIENT_ID,&pHID,&pHTID!);
-
- // Server generates Random number Y and sends it to Client
- MPIN.RANDOM_GENERATE(rng,&Y);
-
- if (FULL)
- { // Also send T=w.ID to client, remember random w
- HSID=MPIN.HASH_ID(sha,CLIENT_ID);
- if date != 0 {MPIN.GET_G1_MULTIPLE(rng,0,&W,pHTID!,&T)}
- else {MPIN.GET_G1_MULTIPLE(rng,0,&W,pHID,&T)}
- }
-
- // Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC
- rtn=MPIN.CLIENT_2(X,Y,&SEC);
- if rtn != 0 {print("FAILURE: CLIENT_2 rtn: \(rtn)")}
-
- // Server Second pass. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error.
- // If PIN error not required, set E and F = null
-
- rtn=MPIN.SERVER_2(date,pHID,pHTID!,Y,SST,pxID!,pxCID!,SEC,&pE,&pF);
-
- if rtn != 0 {print("FAILURE: SERVER_1 rtn: \(rtn)")}
- }
- if (rtn == MPIN.BAD_PIN)
- {
- print("Server says - Bad Pin. I don't know you. Feck off.\n");
- if (PINERROR)
- {
- let err=MPIN.KANGAROO(pE!,pF!);
- if err != 0 {print("(Client PIN is out by \(err))\n")}
- }
- return;
- }
- else {print("Server says - PIN is good! You really are "+IDstr)}
-
- if (FULL)
- {
- var H=MPIN.HASH_ALL(sha,HCID,pxID!,pxCID!,SEC,Y,Z,T);
- MPIN.CLIENT_KEY(sha,G1,G2,pin,R,X,H,T,&CK);
- print("Client Key = 0x",terminator: ""); MPIN.printBinary(CK)
-
- H=MPIN.HASH_ALL(sha,HSID,pxID!,pxCID!,SEC,Y,Z,T);
- MPIN.SERVER_KEY(sha,Z,SST,W,H,pHID,pxID!,pxCID!,&SK);
- print("Server Key = 0x",terminator: ""); MPIN.printBinary(SK)
- }
-
-}
-
-//TestMPIN() // comment out for Xcode
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/swift/TestRSA.swift
----------------------------------------------------------------------
diff --git a/version22/swift/TestRSA.swift b/version22/swift/TestRSA.swift
deleted file mode 100644
index a2a8dcb..0000000
--- a/version22/swift/TestRSA.swift
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-//
-// TestRSA.swift
-//
-// Created by Michael Scott on 25/06/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-import Foundation
-//import amcl // comment out for Xcode
-
-public func TestRSA()
-{
- let RFS=RSA.RFS
-
- var message="Hello World\n"
-
- let pub=rsa_public_key(Int(ROM.FFLEN))
- let priv=rsa_private_key(Int(ROM.HFLEN))
-
- var ML=[UInt8](repeating: 0,count: RFS)
- var C=[UInt8](repeating: 0,count: RFS)
- var S=[UInt8](repeating: 0,count: RFS)
- var RAW=[UInt8](repeating: 0,count: 100)
-
- let rng=RAND()
-
- rng.clean()
- for i in 0 ..< 100 {RAW[i]=UInt8(i)}
-
- rng.seed(100,RAW)
-
- print("Generating public/private key pair")
- RSA.KEY_PAIR(rng,65537,priv,pub)
-
- let M=[UInt8](message.utf8)
- print("Encrypting test string\n");
- let E=RSA.OAEP_ENCODE(RSA.HASH_TYPE,M,rng,nil); /* OAEP encode message m to e */
-
- RSA.ENCRYPT(pub,E,&C); /* encrypt encoded message */
- print("Ciphertext= 0x", terminator: ""); RSA.printBinary(C)
-
- print("Decrypting test string\n");
- RSA.DECRYPT(priv,C,&ML)
- var MS=RSA.OAEP_DECODE(RSA.HASH_TYPE,nil,&ML) /* OAEP encode message m to e */
-
- message=""
- for i in 0 ..< MS.count
- {
- message+=String(UnicodeScalar(MS[i]))
- }
- print(message);
-
- print("Signing message")
- RSA.PKCS15(RSA.HASH_TYPE,M,&C)
-
- RSA.DECRYPT(priv,C,&S); // create signature in S
- print("Signature= 0x",terminator: ""); RSA.printBinary(S)
-
- RSA.ENCRYPT(pub,S,&ML);
-
- var cmp=true
- if C.count != ML.count {cmp=false}
- else
- {
- for j in 0 ..< C.count
- {
- if C[j] != ML[j] {cmp=false}
- }
- }
-
- if cmp {print("\nSignature is valid\n")}
- else {print("\nSignature is INVALID\n")}
-
-
- RSA.PRIVATE_KEY_KILL(priv);
-}
-
-//TestRSA() // comment out for Xcode
-
-
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/swift/aes.swift
----------------------------------------------------------------------
diff --git a/version22/swift/aes.swift b/version22/swift/aes.swift
deleted file mode 100644
index 0de2980..0000000
--- a/version22/swift/aes.swift
+++ /dev/null
@@ -1,639 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-//
-// aes.swift
-//
-// Created by Michael Scott on 22/06/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-// AES Encryption
-//
-
-final public class AES {
- var mode:Int=0;
- private var fkey=[UInt32](repeating: 0,count: 44)
- private var rkey=[UInt32](repeating: 0,count: 44)
- var f=[UInt8](repeating: 0,count: 16)
-
- static let ECB:Int=0
- static let CBC:Int=1
- static let CFB1:Int=2
- static let CFB2:Int=3
- static let CFB4:Int=5
- static let OFB1:Int=14
- static let OFB2:Int=15
- static let OFB4:Int=17
- static let OFB8:Int=21
- static let OFB16:Int=29
- static let CTR1:Int=30
- static let CTR2:Int=31
- static let CTR4:Int=33
- static let CTR8:Int=37
- static let CTR16:Int=45
-
- static public let KS:Int=16; /* Key Size in bytes */
- static public let BS:Int=16; /* Block Size */
-
- private static let InCo:[UInt8] = [ 0xB,0xD,0x9,0xE] /* Inverse Coefficients */
-
- private static let ptab:[UInt8] =
- [ 1, 3, 5, 15, 17, 51, 85, 255, 26, 46, 114, 150, 161, 248, 19, 53,
- 95, 225, 56, 72, 216, 115, 149, 164, 247, 2, 6, 10, 30, 34, 102, 170,
- 229, 52, 92, 228, 55, 89, 235, 38, 106, 190, 217, 112, 144, 171, 230, 49,
- 83, 245, 4, 12, 20, 60, 68, 204, 79, 209, 104, 184, 211, 110, 178, 205,
- 76, 212, 103, 169, 224, 59, 77, 215, 98, 166, 241, 8, 24, 40, 120, 136,
- 131, 158, 185, 208, 107, 189, 220, 127, 129, 152, 179, 206, 73, 219, 118, 154,
- 181, 196, 87, 249, 16, 48, 80, 240, 11, 29, 39, 105, 187, 214, 97, 163,
- 254, 25, 43, 125, 135, 146, 173, 236, 47, 113, 147, 174, 233, 32, 96, 160,
- 251, 22, 58, 78, 210, 109, 183, 194, 93, 231, 50, 86, 250, 21, 63, 65,
- 195, 94, 226, 61, 71, 201, 64, 192, 91, 237, 44, 116, 156, 191, 218, 117,
- 159, 186, 213, 100, 172, 239, 42, 126, 130, 157, 188, 223, 122, 142, 137, 128,
- 155, 182, 193, 88, 232, 35, 101, 175, 234, 37, 111, 177, 200, 67, 197, 84,
- 252, 31, 33, 99, 165, 244, 7, 9, 27, 45, 119, 153, 176, 203, 70, 202,
- 69, 207, 74, 222, 121, 139, 134, 145, 168, 227, 62, 66, 198, 81, 243, 14,
- 18, 54, 90, 238, 41, 123, 141, 140, 143, 138, 133, 148, 167, 242, 13, 23,
- 57, 75, 221, 124, 132, 151, 162, 253, 28, 36, 108, 180, 199, 82, 246, 1]
-
- private static let ltab:[UInt8] =
- [ 0, 255, 25, 1, 50, 2, 26, 198, 75, 199, 27, 104, 51, 238, 223, 3,
- 100, 4, 224, 14, 52, 141, 129, 239, 76, 113, 8, 200, 248, 105, 28, 193,
- 125, 194, 29, 181, 249, 185, 39, 106, 77, 228, 166, 114, 154, 201, 9, 120,
- 101, 47, 138, 5, 33, 15, 225, 36, 18, 240, 130, 69, 53, 147, 218, 142,
- 150, 143, 219, 189, 54, 208, 206, 148, 19, 92, 210, 241, 64, 70, 131, 56,
- 102, 221, 253, 48, 191, 6, 139, 98, 179, 37, 226, 152, 34, 136, 145, 16,
- 126, 110, 72, 195, 163, 182, 30, 66, 58, 107, 40, 84, 250, 133, 61, 186,
- 43, 121, 10, 21, 155, 159, 94, 202, 78, 212, 172, 229, 243, 115, 167, 87,
- 175, 88, 168, 80, 244, 234, 214, 116, 79, 174, 233, 213, 231, 230, 173, 232,
- 44, 215, 117, 122, 235, 22, 11, 245, 89, 203, 95, 176, 156, 169, 81, 160,
- 127, 12, 246, 111, 23, 196, 73, 236, 216, 67, 31, 45, 164, 118, 123, 183,
- 204, 187, 62, 90, 251, 96, 177, 134, 59, 82, 161, 108, 170, 85, 41, 157,
- 151, 178, 135, 144, 97, 190, 220, 252, 188, 149, 207, 205, 55, 63, 91, 209,
- 83, 57, 132, 60, 65, 162, 109, 71, 20, 42, 158, 93, 86, 242, 211, 171,
- 68, 17, 146, 217, 35, 32, 46, 137, 180, 124, 184, 38, 119, 153, 227, 165,
- 103, 74, 237, 222, 197, 49, 254, 24, 13, 99, 140, 128, 192, 247, 112, 7]
-
- private static let fbsub:[UInt8] =
- [ 99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 171, 118,
- 202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 156, 164, 114, 192,
- 183, 253, 147, 38, 54, 63, 247, 204, 52, 165, 229, 241, 113, 216, 49, 21,
- 4, 199, 35, 195, 24, 150, 5, 154, 7, 18, 128, 226, 235, 39, 178, 117,
- 9, 131, 44, 26, 27, 110, 90, 160, 82, 59, 214, 179, 41, 227, 47, 132,
- 83, 209, 0, 237, 32, 252, 177, 91, 106, 203, 190, 57, 74, 76, 88, 207,
- 208, 239, 170, 251, 67, 77, 51, 133, 69, 249, 2, 127, 80, 60, 159, 168,
- 81, 163, 64, 143, 146, 157, 56, 245, 188, 182, 218, 33, 16, 255, 243, 210,
- 205, 12, 19, 236, 95, 151, 68, 23, 196, 167, 126, 61, 100, 93, 25, 115,
- 96, 129, 79, 220, 34, 42, 144, 136, 70, 238, 184, 20, 222, 94, 11, 219,
- 224, 50, 58, 10, 73, 6, 36, 92, 194, 211, 172, 98, 145, 149, 228, 121,
- 231, 200, 55, 109, 141, 213, 78, 169, 108, 86, 244, 234, 101, 122, 174, 8,
- 186, 120, 37, 46, 28, 166, 180, 198, 232, 221, 116, 31, 75, 189, 139, 138,
- 112, 62, 181, 102, 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158,
- 225, 248, 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223,
- 140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 187, 22]
-
- private static let rbsub:[UInt8] =
- [ 82, 9, 106, 213, 48, 54, 165, 56, 191, 64, 163, 158, 129, 243, 215, 251,
- 124, 227, 57, 130, 155, 47, 255, 135, 52, 142, 67, 68, 196, 222, 233, 203,
- 84, 123, 148, 50, 166, 194, 35, 61, 238, 76, 149, 11, 66, 250, 195, 78,
- 8, 46, 161, 102, 40, 217, 36, 178, 118, 91, 162, 73, 109, 139, 209, 37,
- 114, 248, 246, 100, 134, 104, 152, 22, 212, 164, 92, 204, 93, 101, 182, 146,
- 108, 112, 72, 80, 253, 237, 185, 218, 94, 21, 70, 87, 167, 141, 157, 132,
- 144, 216, 171, 0, 140, 188, 211, 10, 247, 228, 88, 5, 184, 179, 69, 6,
- 208, 44, 30, 143, 202, 63, 15, 2, 193, 175, 189, 3, 1, 19, 138, 107,
- 58, 145, 17, 65, 79, 103, 220, 234, 151, 242, 207, 206, 240, 180, 230, 115,
- 150, 172, 116, 34, 231, 173, 53, 133, 226, 249, 55, 232, 28, 117, 223, 110,
- 71, 241, 26, 113, 29, 41, 197, 137, 111, 183, 98, 14, 170, 24, 190, 27,
- 252, 86, 62, 75, 198, 210, 121, 32, 154, 219, 192, 254, 120, 205, 90, 244,
- 31, 221, 168, 51, 136, 7, 199, 49, 177, 18, 16, 89, 39, 128, 236, 95,
- 96, 81, 127, 169, 25, 181, 74, 13, 45, 229, 122, 159, 147, 201, 156, 239,
- 160, 224, 59, 77, 174, 42, 245, 176, 200, 235, 187, 60, 131, 83, 153, 97,
- 23, 43, 4, 126, 186, 119, 214, 38, 225, 105, 20, 99, 85, 33, 12, 125]
-
- private static let rco:[UInt8] =
- [1,2,4,8,16,32,64,128,27,54,108,216,171,77,154,47]
-
- private static let ftable:[UInt32] =
- [0xa56363c6,0x847c7cf8,0x997777ee,0x8d7b7bf6,0xdf2f2ff,0xbd6b6bd6,
- 0xb16f6fde,0x54c5c591,0x50303060,0x3010102,0xa96767ce,0x7d2b2b56,
- 0x19fefee7,0x62d7d7b5,0xe6abab4d,0x9a7676ec,0x45caca8f,0x9d82821f,
- 0x40c9c989,0x877d7dfa,0x15fafaef,0xeb5959b2,0xc947478e,0xbf0f0fb,
- 0xecadad41,0x67d4d4b3,0xfda2a25f,0xeaafaf45,0xbf9c9c23,0xf7a4a453,
- 0x967272e4,0x5bc0c09b,0xc2b7b775,0x1cfdfde1,0xae93933d,0x6a26264c,
- 0x5a36366c,0x413f3f7e,0x2f7f7f5,0x4fcccc83,0x5c343468,0xf4a5a551,
- 0x34e5e5d1,0x8f1f1f9,0x937171e2,0x73d8d8ab,0x53313162,0x3f15152a,
- 0xc040408,0x52c7c795,0x65232346,0x5ec3c39d,0x28181830,0xa1969637,
- 0xf05050a,0xb59a9a2f,0x907070e,0x36121224,0x9b80801b,0x3de2e2df,
- 0x26ebebcd,0x6927274e,0xcdb2b27f,0x9f7575ea,0x1b090912,0x9e83831d,
- 0x742c2c58,0x2e1a1a34,0x2d1b1b36,0xb26e6edc,0xee5a5ab4,0xfba0a05b,
- 0xf65252a4,0x4d3b3b76,0x61d6d6b7,0xceb3b37d,0x7b292952,0x3ee3e3dd,
- 0x712f2f5e,0x97848413,0xf55353a6,0x68d1d1b9,0x0,0x2cededc1,
- 0x60202040,0x1ffcfce3,0xc8b1b179,0xed5b5bb6,0xbe6a6ad4,0x46cbcb8d,
- 0xd9bebe67,0x4b393972,0xde4a4a94,0xd44c4c98,0xe85858b0,0x4acfcf85,
- 0x6bd0d0bb,0x2aefefc5,0xe5aaaa4f,0x16fbfbed,0xc5434386,0xd74d4d9a,
- 0x55333366,0x94858511,0xcf45458a,0x10f9f9e9,0x6020204,0x817f7ffe,
- 0xf05050a0,0x443c3c78,0xba9f9f25,0xe3a8a84b,0xf35151a2,0xfea3a35d,
- 0xc0404080,0x8a8f8f05,0xad92923f,0xbc9d9d21,0x48383870,0x4f5f5f1,
- 0xdfbcbc63,0xc1b6b677,0x75dadaaf,0x63212142,0x30101020,0x1affffe5,
- 0xef3f3fd,0x6dd2d2bf,0x4ccdcd81,0x140c0c18,0x35131326,0x2fececc3,
- 0xe15f5fbe,0xa2979735,0xcc444488,0x3917172e,0x57c4c493,0xf2a7a755,
- 0x827e7efc,0x473d3d7a,0xac6464c8,0xe75d5dba,0x2b191932,0x957373e6,
- 0xa06060c0,0x98818119,0xd14f4f9e,0x7fdcdca3,0x66222244,0x7e2a2a54,
- 0xab90903b,0x8388880b,0xca46468c,0x29eeeec7,0xd3b8b86b,0x3c141428,
- 0x79dedea7,0xe25e5ebc,0x1d0b0b16,0x76dbdbad,0x3be0e0db,0x56323264,
- 0x4e3a3a74,0x1e0a0a14,0xdb494992,0xa06060c,0x6c242448,0xe45c5cb8,
- 0x5dc2c29f,0x6ed3d3bd,0xefacac43,0xa66262c4,0xa8919139,0xa4959531,
- 0x37e4e4d3,0x8b7979f2,0x32e7e7d5,0x43c8c88b,0x5937376e,0xb76d6dda,
- 0x8c8d8d01,0x64d5d5b1,0xd24e4e9c,0xe0a9a949,0xb46c6cd8,0xfa5656ac,
- 0x7f4f4f3,0x25eaeacf,0xaf6565ca,0x8e7a7af4,0xe9aeae47,0x18080810,
- 0xd5baba6f,0x887878f0,0x6f25254a,0x722e2e5c,0x241c1c38,0xf1a6a657,
- 0xc7b4b473,0x51c6c697,0x23e8e8cb,0x7cdddda1,0x9c7474e8,0x211f1f3e,
- 0xdd4b4b96,0xdcbdbd61,0x868b8b0d,0x858a8a0f,0x907070e0,0x423e3e7c,
- 0xc4b5b571,0xaa6666cc,0xd8484890,0x5030306,0x1f6f6f7,0x120e0e1c,
- 0xa36161c2,0x5f35356a,0xf95757ae,0xd0b9b969,0x91868617,0x58c1c199,
- 0x271d1d3a,0xb99e9e27,0x38e1e1d9,0x13f8f8eb,0xb398982b,0x33111122,
- 0xbb6969d2,0x70d9d9a9,0x898e8e07,0xa7949433,0xb69b9b2d,0x221e1e3c,
- 0x92878715,0x20e9e9c9,0x49cece87,0xff5555aa,0x78282850,0x7adfdfa5,
- 0x8f8c8c03,0xf8a1a159,0x80898909,0x170d0d1a,0xdabfbf65,0x31e6e6d7,
- 0xc6424284,0xb86868d0,0xc3414182,0xb0999929,0x772d2d5a,0x110f0f1e,
- 0xcbb0b07b,0xfc5454a8,0xd6bbbb6d,0x3a16162c]
-
- private static let rtable:[UInt32] =
- [0x50a7f451,0x5365417e,0xc3a4171a,0x965e273a,0xcb6bab3b,0xf1459d1f,
- 0xab58faac,0x9303e34b,0x55fa3020,0xf66d76ad,0x9176cc88,0x254c02f5,
- 0xfcd7e54f,0xd7cb2ac5,0x80443526,0x8fa362b5,0x495ab1de,0x671bba25,
- 0x980eea45,0xe1c0fe5d,0x2752fc3,0x12f04c81,0xa397468d,0xc6f9d36b,
- 0xe75f8f03,0x959c9215,0xeb7a6dbf,0xda595295,0x2d83bed4,0xd3217458,
- 0x2969e049,0x44c8c98e,0x6a89c275,0x78798ef4,0x6b3e5899,0xdd71b927,
- 0xb64fe1be,0x17ad88f0,0x66ac20c9,0xb43ace7d,0x184adf63,0x82311ae5,
- 0x60335197,0x457f5362,0xe07764b1,0x84ae6bbb,0x1ca081fe,0x942b08f9,
- 0x58684870,0x19fd458f,0x876cde94,0xb7f87b52,0x23d373ab,0xe2024b72,
- 0x578f1fe3,0x2aab5566,0x728ebb2,0x3c2b52f,0x9a7bc586,0xa50837d3,
- 0xf2872830,0xb2a5bf23,0xba6a0302,0x5c8216ed,0x2b1ccf8a,0x92b479a7,
- 0xf0f207f3,0xa1e2694e,0xcdf4da65,0xd5be0506,0x1f6234d1,0x8afea6c4,
- 0x9d532e34,0xa055f3a2,0x32e18a05,0x75ebf6a4,0x39ec830b,0xaaef6040,
- 0x69f715e,0x51106ebd,0xf98a213e,0x3d06dd96,0xae053edd,0x46bde64d,
- 0xb58d5491,0x55dc471,0x6fd40604,0xff155060,0x24fb9819,0x97e9bdd6,
- 0xcc434089,0x779ed967,0xbd42e8b0,0x888b8907,0x385b19e7,0xdbeec879,
- 0x470a7ca1,0xe90f427c,0xc91e84f8,0x0,0x83868009,0x48ed2b32,
- 0xac70111e,0x4e725a6c,0xfbff0efd,0x5638850f,0x1ed5ae3d,0x27392d36,
- 0x64d90f0a,0x21a65c68,0xd1545b9b,0x3a2e3624,0xb1670a0c,0xfe75793,
- 0xd296eeb4,0x9e919b1b,0x4fc5c080,0xa220dc61,0x694b775a,0x161a121c,
- 0xaba93e2,0xe52aa0c0,0x43e0223c,0x1d171b12,0xb0d090e,0xadc78bf2,
- 0xb9a8b62d,0xc8a91e14,0x8519f157,0x4c0775af,0xbbdd99ee,0xfd607fa3,
- 0x9f2601f7,0xbcf5725c,0xc53b6644,0x347efb5b,0x7629438b,0xdcc623cb,
- 0x68fcedb6,0x63f1e4b8,0xcadc31d7,0x10856342,0x40229713,0x2011c684,
- 0x7d244a85,0xf83dbbd2,0x1132f9ae,0x6da129c7,0x4b2f9e1d,0xf330b2dc,
- 0xec52860d,0xd0e3c177,0x6c16b32b,0x99b970a9,0xfa489411,0x2264e947,
- 0xc48cfca8,0x1a3ff0a0,0xd82c7d56,0xef903322,0xc74e4987,0xc1d138d9,
- 0xfea2ca8c,0x360bd498,0xcf81f5a6,0x28de7aa5,0x268eb7da,0xa4bfad3f,
- 0xe49d3a2c,0xd927850,0x9bcc5f6a,0x62467e54,0xc2138df6,0xe8b8d890,
- 0x5ef7392e,0xf5afc382,0xbe805d9f,0x7c93d069,0xa92dd56f,0xb31225cf,
- 0x3b99acc8,0xa77d1810,0x6e639ce8,0x7bbb3bdb,0x97826cd,0xf418596e,
- 0x1b79aec,0xa89a4f83,0x656e95e6,0x7ee6ffaa,0x8cfbc21,0xe6e815ef,
- 0xd99be7ba,0xce366f4a,0xd4099fea,0xd67cb029,0xafb2a431,0x31233f2a,
- 0x3094a5c6,0xc066a235,0x37bc4e74,0xa6ca82fc,0xb0d090e0,0x15d8a733,
- 0x4a9804f1,0xf7daec41,0xe50cd7f,0x2ff69117,0x8dd64d76,0x4db0ef43,
- 0x544daacc,0xdf0496e4,0xe3b5d19e,0x1b886a4c,0xb81f2cc1,0x7f516546,
- 0x4ea5e9d,0x5d358c01,0x737487fa,0x2e410bfb,0x5a1d67b3,0x52d2db92,
- 0x335610e9,0x1347d66d,0x8c61d79a,0x7a0ca137,0x8e14f859,0x893c13eb,
- 0xee27a9ce,0x35c961b7,0xede51ce1,0x3cb1477a,0x59dfd29c,0x3f73f255,
- 0x79ce1418,0xbf37c773,0xeacdf753,0x5baafd5f,0x146f3ddf,0x86db4478,
- 0x81f3afca,0x3ec468b9,0x2c342438,0x5f40a3c2,0x72c31d16,0xc25e2bc,
- 0x8b493c28,0x41950dff,0x7101a839,0xdeb30c08,0x9ce4b4d8,0x90c15664,
- 0x6184cb7b,0x70b632d5,0x745c6c48,0x4257b8d0]
-
- /* Rotates 32-bit word left by 1, 2 or 3 byte */
-
- private static func ROTL8(_ x: UInt32) -> UInt32
- {
- return (((x)<<8)|((x)>>24))
- }
-
- private static func ROTL16(_ x: UInt32) -> UInt32
- {
- return (((x)<<16)|((x)>>16))
- }
-
- private static func ROTL24(_ x: UInt32) -> UInt32
- {
- return (((x)<<24)|((x)>>8))
- }
-
- private static func pack(_ b: [UInt8]) -> UInt32
- { /* pack bytes into a 32-bit Word */
- var r=((UInt32(b[3])&0xff)<<24)|((UInt32(b[2])&0xff)<<16)
- r = r|((UInt32(b[1])&0xff)<<8)|(UInt32(b[0])&0xff)
- return r
- }
-
- private static func unpack(_ a: UInt32) -> [UInt8]
- { /* unpack bytes from a word */
- let b:[UInt8]=[UInt8(a&0xff),UInt8((a>>8)&0xff),UInt8((a>>16)&0xff),UInt8((a>>24)&0xff)];
- return b;
- }
-
- private static func bmul(_ x: UInt8,_ y:UInt8) -> UInt8
- { /* x.y= AntiLog(Log(x) + Log(y)) */
-
- let ix=Int(x)&0xff
- let iy=Int(y)&0xff
- let lx=Int(ltab[ix])&0xff
- let ly=Int(ltab[iy])&0xff
-
- if x != 0 && y != 0 {return ptab[(lx+ly)%255]}
- else {return UInt8(0)}
- }
-
- private static func SubByte(_ a: UInt32) -> UInt32
- {
- var b=unpack(a)
- b[0]=fbsub[Int(b[0])]
- b[1]=fbsub[Int(b[1])]
- b[2]=fbsub[Int(b[2])]
- b[3]=fbsub[Int(b[3])]
- return pack(b);
- }
-
- private static func product(_ x: UInt32,_ y: UInt32) -> UInt8
- { /* dot product of two 4-byte arrays */
- var xb=unpack(x);
- var yb=unpack(y);
-
- return (bmul(xb[0],yb[0])^bmul(xb[1],yb[1])^bmul(xb[2],yb[2])^bmul(xb[3],yb[3]))
- }
-
- private static func InvMixCol(_ x: UInt32) -> UInt32
- { /* matrix Multiplication */
- var b=[UInt8](repeating: 0,count: 4)
- var m=pack(InCo);
- b[3]=product(m,x);
- m=ROTL24(m);
- b[2]=product(m,x);
- m=ROTL24(m);
- b[1]=product(m,x);
- m=ROTL24(m);
- b[0]=product(m,x);
- let y=pack(b)
- return y
- }
-
- private static func increment(_ f:inout [UInt8])
- {
- for i in 0 ..< 16
- {
- f[i]+=1
- if f[i] != 0 {break}
- }
- }
-
- /* reset cipher */
- func reset(_ m: Int,_ iv:[UInt8]?)
- { /* reset mode, or reset iv */
- mode=m;
- for i in 0 ..< 16 {f[i]=0}
- if (mode != AES.ECB) && (iv != nil)
- {for i in 0 ..< 16 {f[i]=iv![i]}} /*??*/
- }
-
- func init_it(_ m:Int,_ key:[UInt8],_ iv:[UInt8]?)
- { /* Key=16 bytes */
- /* Key Scheduler. Create expanded encryption key */
- var CipherKey=[UInt32](repeating: 0,count: 4)
- var b=[UInt8](repeating: 0,count: 4)
- let nk=4;
- reset(m,iv);
- let N=44;
-
- var j=0
- for i in 0 ..< nk
- {
- for k in 0 ..< 4 {b[k]=key[j+k]}
- CipherKey[i]=AES.pack(b);
- j+=4;
- }
- for i in 0 ..< nk {fkey[i]=CipherKey[i]}
- j=nk
- var k=0
- while j<N
- {
- fkey[j]=fkey[j-nk]^AES.SubByte(AES.ROTL24(fkey[j-1]))^UInt32(AES.rco[k])
- var i=1
- while i<nk && (i+j)<N
- {
- fkey[i+j]=fkey[i+j-nk]^fkey[i+j-1]
- i+=1
- }
- j+=nk
- k+=1
- }
-
- /* now for the expanded decrypt key in reverse order */
-
- for j in 0 ..< 4 {rkey[j+N-4]=fkey[j]}
- var i=4
- while i<N-4
- {
- let k=N-4-i;
- for j in 0 ..< 4 {rkey[k+j]=AES.InvMixCol(fkey[i+j])}
- i+=4
- }
- for j in N-4 ..< N {rkey[j-N+4]=fkey[j]}
- }
-
- func getreg() -> [UInt8]
- {
- var ir=[UInt8](repeating: 0,count: 16)
- for i in 0 ..< 16 {ir[i]=f[i]}
- return ir;
- }
-
- /* Encrypt a single block */
- func ecb_encrypt(_ buff:inout [UInt8])
- {
- var b=[UInt8](repeating: 0,count: 4)
- var p=[UInt32](repeating: 0,count: 4)
- var q=[UInt32](repeating: 0,count: 4)
-
- var j=0
- for i in 0 ..< 4
- {
- for k in 0 ..< 4 {b[k]=buff[j+k]}
- p[i]=AES.pack(b);
- p[i]^=fkey[i];
- j+=4
- }
-
- var k=4;
-
- /* State alternates between p and q */
- for _ in 1 ..< 10
- {
- q[0]=fkey[k]^AES.ftable[Int(p[0]&0xff)]^AES.ROTL8(AES.ftable[Int((p[1]>>8)&0xff)])^AES.ROTL16(AES.ftable[Int((p[2]>>16)&0xff)])^AES.ROTL24(AES.ftable[Int((p[3]>>24)&0xff)])
-
- q[1]=fkey[k+1]^AES.ftable[Int(p[1]&0xff)]^AES.ROTL8(AES.ftable[Int((p[2]>>8)&0xff)])^AES.ROTL16(AES.ftable[Int((p[3]>>16)&0xff)])^AES.ROTL24(AES.ftable[Int((p[0]>>24)&0xff)])
-
- q[2]=fkey[k+2]^AES.ftable[Int(p[2]&0xff)]^AES.ROTL8(AES.ftable[Int((p[3]>>8)&0xff)])^AES.ROTL16(AES.ftable[Int((p[0]>>16)&0xff)])^AES.ROTL24(AES.ftable[Int((p[1]>>24)&0xff)])
-
- q[3]=fkey[k+3]^AES.ftable[Int(p[3]&0xff)]^AES.ROTL8(AES.ftable[Int((p[0]>>8)&0xff)])^AES.ROTL16(AES.ftable[Int((p[1]>>16)&0xff)])^AES.ROTL24(AES.ftable[Int((p[2]>>24)&0xff)])
-
- k+=4;
- for j in 0 ..< 4
- {
- let t=p[j]; p[j]=q[j]; q[j]=t;
- }
- }
-
- /* Last Round */
-
- q[0]=fkey[k]^UInt32(AES.fbsub[Int(p[0]&0xff)])^AES.ROTL8(UInt32(AES.fbsub[Int((p[1]>>8)&0xff)]))^AES.ROTL16(UInt32(AES.fbsub[Int((p[2]>>16)&0xff)]))^AES.ROTL24(UInt32(AES.fbsub[Int((p[3]>>24)&0xff)]))
-
- q[1]=fkey[k+1]^UInt32(AES.fbsub[Int(p[1]&0xff)])^AES.ROTL8(UInt32(AES.fbsub[Int((p[2]>>8)&0xff)]))^AES.ROTL16(UInt32(AES.fbsub[Int((p[3]>>16)&0xff)]))^AES.ROTL24(UInt32(AES.fbsub[Int((p[0]>>24)&0xff)]))
-
- q[2]=fkey[k+2]^UInt32(AES.fbsub[Int(p[2]&0xff)])^AES.ROTL8(UInt32(AES.fbsub[Int((p[3]>>8)&0xff)]))^AES.ROTL16(UInt32(AES.fbsub[Int((p[0]>>16)&0xff)]))^AES.ROTL24(UInt32(AES.fbsub[Int((p[1]>>24)&0xff)]))
-
- q[3]=fkey[k+3]^UInt32(AES.fbsub[Int((p[3])&0xff)])^AES.ROTL8(UInt32(AES.fbsub[Int((p[0]>>8)&0xff)]))^AES.ROTL16(UInt32(AES.fbsub[Int((p[1]>>16)&0xff)]))^AES.ROTL24(UInt32(AES.fbsub[Int((p[2]>>24)&0xff)]))
-
- j=0
- for i in 0 ..< 4
- {
- b=AES.unpack(q[i])
- for k in 0 ..< 4 {buff[j+k]=b[k]}
- j+=4
- }
- }
-
- /* Decrypt a single block */
- func ecb_decrypt(_ buff:inout [UInt8])
- {
- var b=[UInt8](repeating: 0,count: 4)
- var p=[UInt32](repeating: 0,count: 4)
- var q=[UInt32](repeating: 0,count: 4)
-
- var j=0
- for i in 0 ..< 4
- {
- for k in 0 ..< 4 {b[k]=buff[j+k]}
- p[i]=AES.pack(b);
- p[i]^=rkey[i];
- j+=4
- }
-
- var k=4
-
- /* State alternates between p and q */
- for _ in 1 ..< 10
- {
-
- q[0]=rkey[k]^AES.rtable[Int(p[0]&0xff)]^AES.ROTL8(AES.rtable[Int((p[3]>>8)&0xff)])^AES.ROTL16(AES.rtable[Int((p[2]>>16)&0xff)])^AES.ROTL24(AES.rtable[Int((p[1]>>24)&0xff)])
-
- q[1]=rkey[k+1]^AES.rtable[Int(p[1]&0xff)]^AES.ROTL8(AES.rtable[Int((p[0]>>8)&0xff)])^AES.ROTL16(AES.rtable[Int((p[3]>>16)&0xff)])^AES.ROTL24(AES.rtable[Int((p[2]>>24)&0xff)])
-
-
- q[2]=rkey[k+2]^AES.rtable[Int(p[2]&0xff)]^AES.ROTL8(AES.rtable[Int((p[1]>>8)&0xff)])^AES.ROTL16(AES.rtable[Int((p[0]>>16)&0xff)])^AES.ROTL24(AES.rtable[Int((p[3]>>24)&0xff)])
-
- q[3]=rkey[k+3]^AES.rtable[Int(p[3]&0xff)]^AES.ROTL8(AES.rtable[Int((p[2]>>8)&0xff)])^AES.ROTL16(AES.rtable[Int((p[1]>>16)&0xff)])^AES.ROTL24(AES.rtable[Int((p[0]>>24)&0xff)])
-
-
- k+=4;
- for j in 0 ..< 4
- {
- let t=p[j]; p[j]=q[j]; q[j]=t;
- }
- }
-
- /* Last Round */
-
- q[0]=rkey[k]^UInt32(AES.rbsub[Int(p[0]&0xff)])^AES.ROTL8(UInt32(AES.rbsub[Int((p[3]>>8)&0xff)]))^AES.ROTL16(UInt32(AES.rbsub[Int((p[2]>>16)&0xff)]))^AES.ROTL24(UInt32(AES.rbsub[Int((p[1]>>24)&0xff)]))
-
- q[1]=rkey[k+1]^UInt32(AES.rbsub[Int(p[1]&0xff)])^AES.ROTL8(UInt32(AES.rbsub[Int((p[0]>>8)&0xff)]))^AES.ROTL16(UInt32(AES.rbsub[Int((p[3]>>16)&0xff)]))^AES.ROTL24(UInt32(AES.rbsub[Int((p[2]>>24)&0xff)]))
-
-
- q[2]=rkey[k+2]^UInt32(AES.rbsub[Int(p[2]&0xff)])^AES.ROTL8(UInt32(AES.rbsub[Int((p[1]>>8)&0xff)]))^AES.ROTL16(UInt32(AES.rbsub[Int((p[0]>>16)&0xff)]))^AES.ROTL24(UInt32(AES.rbsub[Int((p[3]>>24)&0xff)]))
-
- q[3]=rkey[k+3]^UInt32(AES.rbsub[Int((p[3])&0xff)])^AES.ROTL8(UInt32(AES.rbsub[Int((p[2]>>8)&0xff)]))^AES.ROTL16(UInt32(AES.rbsub[Int((p[1]>>16)&0xff)]))^AES.ROTL24(UInt32(AES.rbsub[Int((p[0]>>24)&0xff)]))
-
- j=0
- for i in 0 ..< 4
- {
- b=AES.unpack(q[i]);
- for k in 0 ..< 4 {buff[j+k]=b[k]}
- j+=4
- }
- }
-
- /* Encrypt using selected mode of operation */
- func encrypt(_ buff:inout [UInt8]) -> UInt32
- {
- var st=[UInt8](repeating: 0,count: 16)
-
- // Supported Modes of Operation
-
- var fell_off:UInt32=0;
- switch (mode)
- {
- case AES.ECB:
- ecb_encrypt(&buff)
- return 0
- case AES.CBC:
- for j in 0 ..< 16 {buff[j]^=f[j]}
- ecb_encrypt(&buff);
- for j in 0 ..< 16 {f[j]=buff[j]}
- return 0;
-
- case AES.CFB1:
- fallthrough
- case AES.CFB2:
- fallthrough
- case AES.CFB4:
- let bytes=mode-AES.CFB1+1
- for j in 0 ..< bytes {fell_off=(fell_off<<8)|UInt32(f[j])}
- for j in 0 ..< 16 {st[j]=f[j]}
- for j in bytes ..< 16 {f[j-bytes]=f[j]}
- ecb_encrypt(&st);
- for j in 0 ..< bytes
- {
- buff[j]^=st[j];
- f[16-bytes+j]=buff[j];
- }
- return fell_off;
-
- case AES.OFB1:
- fallthrough
- case AES.OFB2:
- fallthrough
- case AES.OFB4:
- fallthrough
- case AES.OFB8:
- fallthrough
- case AES.OFB16:
-
- let bytes=mode-AES.OFB1+1
- ecb_encrypt(&f)
- for j in 0 ..< bytes {buff[j]^=f[j]}
- return 0;
-
- case AES.CTR1:
- fallthrough
- case AES.CTR2:
- fallthrough
- case AES.CTR4:
- fallthrough
- case AES.CTR8:
- fallthrough
- case AES.CTR16:
- let bytes=mode-AES.CTR1+1
- for j in 0 ..< 16 {st[j]=f[j]}
- ecb_encrypt(&st)
- for j in 0 ..< bytes {buff[j]^=st[j]}
- AES.increment(&f)
- return 0
-
- default:
- return 0;
- }
- }
-
- /* Decrypt using selected mode of operation */
- func decrypt(_ buff:inout [UInt8]) -> UInt32
- {
-
- var st=[UInt8](repeating: 0,count: 16)
-
- // Supported Modes of Operation
-
- var fell_off:UInt32=0;
- switch (mode)
- {
- case AES.ECB:
- ecb_decrypt(&buff);
- return 0;
- case AES.CBC:
- for j in 0 ..< 16
- {
- st[j]=f[j];
- f[j]=buff[j];
- }
- ecb_decrypt(&buff);
- for j in 0 ..< 16
- {
- buff[j]^=st[j];
- st[j]=0;
- }
- return 0;
- case AES.CFB1:
- fallthrough
- case AES.CFB2:
- fallthrough
- case AES.CFB4:
- let bytes=mode-AES.CFB1+1;
- for j in 0 ..< bytes {fell_off=(fell_off<<8)|UInt32(f[j])}
- for j in 0 ..< 16 {st[j]=f[j]}
- for j in bytes ..< 16 {f[j-bytes]=f[j]}
- ecb_encrypt(&st);
- for j in 0 ..< bytes
- {
- f[16-bytes+j]=buff[j]
- buff[j]^=st[j]
- }
- return fell_off
- case AES.OFB1:
- fallthrough
- case AES.OFB2:
- fallthrough
- case AES.OFB4:
- fallthrough
- case AES.OFB8:
- fallthrough
- case AES.OFB16:
- let bytes=mode-AES.OFB1+1
- ecb_encrypt(&f);
- for j in 0 ..< bytes {buff[j]^=f[j]}
- return 0;
-
- case AES.CTR1:
- fallthrough
- case AES.CTR2:
- fallthrough
- case AES.CTR4:
- fallthrough
- case AES.CTR8:
- fallthrough
- case AES.CTR16:
- let bytes=mode-AES.CTR1+1
- for j in 0 ..< 16 {st[j]=f[j]}
- ecb_encrypt(&st)
- for j in 0 ..< bytes {buff[j]^=st[j]}
- AES.increment(&f)
- return 0
-
- default:
- return 0;
- }
- }
-
- /* Clean up and delete left-overs */
- func end()
- { // clean up
- for i in 0 ..< 44
- {fkey[i]=0; rkey[i]=0}
- for i in 0 ..< 16
- {f[i]=0}
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/swift/big.swift
----------------------------------------------------------------------
diff --git a/version22/swift/big.swift b/version22/swift/big.swift
deleted file mode 100644
index 11fe17a..0000000
--- a/version22/swift/big.swift
+++ /dev/null
@@ -1,1169 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-//
-// big.swift
-//
-// Created by Michael Scott on 12/06/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-// BIG number class
-//
-
-final class BIG{
- var w=[Chunk](repeating: 0,count: ROM.NLEN)
-/* Constructors */
- init() {
- for i in 0 ..< ROM.NLEN {w[i]=0}
- }
- init(_ x: Int)
- {
- w[0]=Chunk(x);
- for i in 1 ..< ROM.NLEN {w[i]=0}
- }
- init(_ x: BIG)
- {
- for i in 0 ..< ROM.NLEN {w[i]=x.w[i]}
- }
- init(_ x: DBIG)
- {
- for i in 0 ..< ROM.NLEN {w[i]=x.w[i]}
- }
- init(_ x: [Chunk])
- {
- for i in 0 ..< ROM.NLEN {w[i]=x[i]}
- }
- func get(_ i: Int) -> Chunk
- {
- return w[i]
- }
- func set(_ i: Int,_ x: Chunk)
- {
- w[i]=x
- }
- func xortop(_ x: Chunk)
- {
- w[ROM.NLEN-1]^=x
- }
- func ortop(_ x: Chunk)
- {
- w[ROM.NLEN-1]|=x
- }
-/* calculate Field Excess */
- static func EXCESS(_ a: BIG) -> Chunk
- {
- return ((a.w[ROM.NLEN-1] & ROM.OMASK)>>Chunk(ROM.MODBITS%ROM.BASEBITS))
- }
- static func FF_EXCESS(_ a: BIG) -> Chunk
- {
- return ((a.w[ROM.NLEN-1] & ROM.P_OMASK)>>Chunk(ROM.P_MBITS%ROM.BASEBITS))
- }
-#if D32
- static func pexceed(_ a: BIG,_ b : BIG) -> Bool
- {
- let ea=BIG.EXCESS(a)
- let eb=BIG.EXCESS(b)
- if (DChunk(ea)+1)*(DChunk(eb)+1) > DChunk(ROM.FEXCESS) {return true}
- return false;
- }
- static func sexceed(_ a: BIG) -> Bool
- {
- let ea=BIG.EXCESS(a)
- if (DChunk(ea)+1)*(DChunk(ea)+1) > DChunk(ROM.FEXCESS) {return true}
- return false;
- }
-
- static func ff_pexceed(_ a: BIG,_ b : BIG) -> Bool
- {
- let ea=BIG.FF_EXCESS(a)
- let eb=BIG.FF_EXCESS(b)
- if (DChunk(ea)+1)*(DChunk(eb)+1) > DChunk(ROM.P_FEXCESS) {return true}
- return false;
- }
- static func ff_sexceed(_ a: BIG) -> Bool
- {
- let ea=BIG.FF_EXCESS(a)
- if (DChunk(ea)+1)*(DChunk(ea)+1) > DChunk(ROM.P_FEXCESS) {return true}
- return false;
- }
- static func muladd(_ a: Chunk,_ b: Chunk,_ c: Chunk,_ r: Chunk) -> (Chunk,Chunk)
- {
- let prod:DChunk = DChunk(a)*DChunk(b)+DChunk(c)+DChunk(r)
- let bot=Chunk(prod&DChunk(ROM.BMASK))
- let top=Chunk(prod>>DChunk(ROM.BASEBITS))
- return (top,bot)
- }
-#endif
-#if D64
-
- static func pexceed(_ a: BIG,_ b : BIG) -> Bool
- {
- let ea=BIG.EXCESS(a)
- let eb=BIG.EXCESS(b)
- if (ea+1) > ROM.FEXCESS/(eb+1) {return true}
- return false;
- }
- static func sexceed(_ a: BIG) -> Bool
- {
- let ea=BIG.EXCESS(a)
- if (ea+1) > ROM.FEXCESS/(ea+1) {return true}
- return false;
- }
-
- static func ff_pexceed(_ a: BIG,_ b : BIG) -> Bool
- {
- let ea=BIG.FF_EXCESS(a)
- let eb=BIG.FF_EXCESS(b)
- if (ea+1) > ROM.P_FEXCESS/(eb+1) {return true}
- return false;
- }
- static func ff_sexceed(_ a: BIG) -> Bool
- {
- let ea=BIG.FF_EXCESS(a)
- if (ea+1) > ROM.P_FEXCESS/(ea+1) {return true}
- return false;
- }
-
- static func muladd(_ a: Chunk,_ b: Chunk,_ c: Chunk,_ r: Chunk) -> (Chunk,Chunk)
- {
- let x0=a&ROM.HMASK;
- let x1=(a>>Chunk(ROM.HBITS))
- let y0=b&ROM.HMASK;
- let y1=(b>>Chunk(ROM.HBITS))
- var bot=x0*y0
- var top=x1*y1
- let mid=x0*y1+x1*y0
- let u0=mid&ROM.HMASK
- let u1=(mid>>Chunk(ROM.HBITS))
- bot=bot+(u0<<Chunk(ROM.HBITS))
- bot+=c; bot+=r
- top+=u1
- let carry=bot>>Chunk(ROM.BASEBITS)
- bot &= ROM.BMASK
- top+=carry
- return (top,bot)
- }
-
-#endif
- /* test for zero */
- func iszilch() -> Bool
- {
- for i in 0 ..< ROM.NLEN {if w[i] != 0 {return false}}
- return true
- }
-/* set to zero */
- func zero()
- {
- for i in 0 ..< ROM.NLEN {w[i] = 0}
- }
-/* set to one */
- func one()
- {
- w[0]=1
- for i in 1 ..< ROM.NLEN {w[i]=0}
- }
-/* Test for equal to one */
- func isunity() -> Bool
- {
- for i in 1 ..< ROM.NLEN {if w[i] != 0 {return false}}
- if w[0] != 1 {return false}
- return true
- }
-/* Copy from another BIG */
- func copy(_ x: BIG)
- {
- for i in 0 ..< ROM.NLEN {w[i] = x.w[i]}
- }
- func copy(_ x: DBIG)
- {
- for i in 0 ..< ROM.NLEN {w[i] = x.w[i]}
- }
-/* Conditional swap of two bigs depending on d using XOR - no branches */
- func cswap(_ b: BIG,_ d: Int)
- {
- var c = Chunk(d)
- c = ~(c-1)
- for i in 0 ..< ROM.NLEN
- {
- let t=c&(w[i]^b.w[i])
- w[i]^=t
- b.w[i]^=t
- }
- }
- func cmove(_ g: BIG,_ d: Int)
- {
- let b=Chunk(-d)
- for i in 0 ..< ROM.NLEN
- {
- w[i]^=(w[i]^g.w[i])&b;
- }
- }
-/* normalise BIG - force all digits < 2^BASEBITS */
- func norm() -> Chunk
- {
- var carry=Chunk(0);
- for i in 0 ..< ROM.NLEN-1
- {
- let d=w[i]+carry
- w[i]=d&ROM.BMASK
- carry=d>>Chunk(ROM.BASEBITS)
- }
- w[ROM.NLEN-1]+=carry
- return (w[ROM.NLEN-1]>>Chunk((8*ROM.MODBYTES)%ROM.BASEBITS))
- }
-/* Shift right by less than a word */
- func fshr(_ k: UInt) -> Int
- {
- let kw=Chunk(k);
- let r=w[0]&((Chunk(1)<<kw)-1)
- for i in 0 ..< ROM.NLEN-1
- {
- w[i]=(w[i]>>kw)|((w[i+1]<<(Chunk(ROM.BASEBITS)-kw))&ROM.BMASK)
- }
- w[ROM.NLEN-1]>>=kw;
- return Int(r)
- }
-/* general shift right */
- func shr(_ k: UInt)
- {
- let n=k%ROM.BASEBITS
- let m=Int(k/ROM.BASEBITS)
- for i in 0 ..< ROM.NLEN-m-1
- {
- w[i]=(w[m+i]>>Chunk(n))|((w[m+i+1]<<Chunk(ROM.BASEBITS-n))&ROM.BMASK)
- }
- w[ROM.NLEN - m - 1]=w[ROM.NLEN-1]>>Chunk(n)
- for i in ROM.NLEN - m ..< ROM.NLEN {w[i]=0}
- }
-/* Shift right by less than a word */
- func fshl(_ k: Int) -> Int
- {
- let kw=Chunk(k)
- w[ROM.NLEN-1]=((w[ROM.NLEN-1]<<kw))|(w[ROM.NLEN-2]>>(Chunk(ROM.BASEBITS)-kw))
- for i in (1...ROM.NLEN-2).reversed()
- {
- w[i]=((w[i]<<kw)&ROM.BMASK)|(w[i-1]>>(Chunk(ROM.BASEBITS)-kw))
- }
- w[0]=(w[0]<<kw)&ROM.BMASK
- return Int(w[ROM.NLEN-1]>>Chunk((8*ROM.MODBYTES)%ROM.BASEBITS))
- }
-/* general shift left */
- func shl(_ k: UInt)
- {
- let n=k%ROM.BASEBITS
- let m=Int(k/ROM.BASEBITS)
-
- w[ROM.NLEN-1]=(w[ROM.NLEN-1-m]<<Chunk(n))
- if ROM.NLEN>=m+2 {w[ROM.NLEN-1]|=(w[ROM.NLEN-m-2]>>Chunk(ROM.BASEBITS-n))}
- for i in (m+1...ROM.NLEN-2).reversed()
- {
- w[i]=((w[i-m]<<Chunk(n))&ROM.BMASK)|(w[i-m-1]>>Chunk(ROM.BASEBITS-n))
- }
- w[m]=(w[0]<<Chunk(n))&ROM.BMASK
- for i in 0 ..< m {w[i]=0}
- }
-/* return number of bits */
- func nbits() -> Int
- {
- var k=(ROM.NLEN-1)
- norm()
- while k>=0 && w[k]==0 {k -= 1}
- if k<0 {return 0}
- var bts=Int(ROM.BASEBITS)*k
- var c=w[k];
- while c != 0 {c/=2; bts += 1}
- return bts
- }
- func toRawString() -> String
- {
- var s:String="("
- for i in 0 ..< ROM.NLEN-1
- {
- let n=String(w[i],radix:16,uppercase:false)
- s+=n
- s+=","
-
- }
- let n=String(w[ROM.NLEN-1],radix:16,uppercase:false)
- s+=n
- s+=")"
- return s
- }
-/* Convert to Hex String */
- func toString() -> String
- {
- _ = BIG()
- var s:String=""
- var len=nbits()
- if len%4 == 0 {len/=4}
- else {len/=4; len += 1}
- if len<2*Int(ROM.MODBYTES) {len=2*Int(ROM.MODBYTES)}
-
- for i in (0...len-1).reversed()
- {
- let b = BIG(self)
- b.shr(UInt(i*4))
- let n=String(b.w[0]&15,radix:16,uppercase:false)
- s+=n
- }
-
- return s
- }
-/* return this+x */
- func plus(_ x: BIG) -> BIG
- {
- let s=BIG()
- for i in 0 ..< ROM.NLEN
- {
- s.w[i]=w[i]+x.w[i]
- }
- return s
- }
-/* this+=x */
- func add(_ x: BIG)
- {
- for i in 0 ..< ROM.NLEN
- {
- w[i]+=x.w[i]
- }
- }
-/* this+=x, where x is int */
- func inc(_ x: Int) {
- norm();
- w[0]+=Chunk(x);
- }
-/* return this.x */
- func minus(_ x: BIG) -> BIG
- {
- let d=BIG();
- for i in 0 ..< ROM.NLEN
- {
- d.w[i]=w[i]-x.w[i];
- }
- return d;
- }
-/* this-=x */
- func sub(_ x: BIG)
- {
- for i in 0 ..< ROM.NLEN
- {
- w[i]-=x.w[i]
- }
- }
-/* reverse subtract this=x-this */
- func rsub(_ x: BIG)
- {
- for i in 0 ..< ROM.NLEN
- {
- w[i]=x.w[i]-w[i]
- }
- }
-/* this-=x where x is int */
- func dec(_ x: Int) {
- norm();
- w[0]-=Chunk(x);
- }
-/* this*=x, where x is small int<NEXCESS */
- func imul(_ c: Int)
- {
- for i in 0 ..< ROM.NLEN {w[i]*=Chunk(c)}
- }
-/* convert this BIG to byte array */
- func tobytearray(_ b: inout [UInt8],_ n: Int)
- {
- norm();
- let c=BIG(self);
- for i in (0...Int(ROM.MODBYTES)-1).reversed()
- {
- b[i+n]=UInt8(c.w[0]&0xff);
- c.fshr(8);
- }
- }
-/* convert from byte array to BIG */
- static func frombytearray(_ b: [UInt8],_ n: Int) -> BIG
- {
- let m=BIG();
-
- for i in 0 ..< Int(ROM.MODBYTES)
- {
- m.fshl(8)
- m.w[0]+=Chunk(b[i+n])&0xff //(int)b[i+n]&0xff;
- }
- return m;
- }
- func toBytes(_ b: inout [UInt8])
- {
- tobytearray(&b,0)
- }
- static func fromBytes(_ b: [UInt8]) -> BIG
- {
- return frombytearray(b,0)
- }
-/* set this[i]+=x*y+c, and return high part
- func muladd(_ x: Int32,_ y: Int32,_ c: Int32,_ i: Int) -> Int32
- {
- let prod:DChunk = DChunk(x)*DChunk(y)+DChunk(c)+DChunk(w[i])
- w[i]=Int32(prod&DChunk(ROM.BMASK))
- return Int32(prod>>DChunk(ROM.BASEBITS))
- } */
-
-/* this*=x, where x is >NEXCESS */
- func pmul(_ c: Int) -> Chunk
- {
- var carry=Chunk(0);
- norm();
- for i in 0 ..< ROM.NLEN
- {
- let ak=w[i]
- let (top,bot)=BIG.muladd(ak,Chunk(c),carry,Chunk(0))
- carry=top; w[i]=bot;
- //carry=muladd(ak,Chunk(c),carry,i);
-
- }
- return carry;
- }
-/* this*=c and catch overflow in DBIG */
- func pxmul(_ c: Int) -> DBIG
- {
- let m=DBIG()
- var carry=Chunk(0)
- for j in 0 ..< ROM.NLEN
- {
- let (top,bot)=BIG.muladd(w[j],Chunk(c),carry,m.w[j])
- carry=top; m.w[j]=bot
- // carry=m.muladd(w[j],c,carry,j)
- }
- m.w[ROM.NLEN]=carry
- return m;
- }
-/* divide by 3 */
- func div3() -> Chunk
- {
- var carry=Chunk(0)
- norm();
- let base=Chunk(1<<ROM.BASEBITS);
- for i in (0...ROM.NLEN-1).reversed()
- {
- let ak=(carry*base+w[i]);
- w[i]=ak/3;
- carry=ak%3;
- }
- return carry;
- }
-/* return a*b where result fits in a BIG */
- static func smul(_ a: BIG,_ b: BIG) -> BIG
- {
- let c=BIG()
- for i in 0 ..< ROM.NLEN
- {
- var carry=Chunk(0)
- for j in 0 ..< ROM.NLEN
- {
- if (i+j<ROM.NLEN) {
- let (top,bot)=BIG.muladd(a.w[i],b.w[j],carry,c.w[i+j])
- carry=top; c.w[i+j]=bot
- //carry=c.muladd(a.w[i],b.w[j],carry,i+j)
- }
- }
- }
- return c;
- }
-/* Compare a and b, return 0 if a==b, -1 if a<b, +1 if a>b. Inputs must be normalised */
- static func comp(_ a: BIG,_ b: BIG) -> Int
- {
- for i in (0...ROM.NLEN-1).reversed()
- {
- if (a.w[i]==b.w[i]) {continue}
- if (a.w[i]>b.w[i]) {return 1}
- else {return -1}
- }
- return 0;
- }
-/* set x = x mod 2^m */
- func mod2m(_ m: UInt)
- {
- let wd=Int(m/ROM.BASEBITS)
- let bt=m%ROM.BASEBITS
- let msk=Chunk(1<<bt)-1;
- w[wd]&=msk;
- for i in wd+1 ..< ROM.NLEN {w[i]=0}
- }
-/* Arazi and Qi inversion mod 256 */
- static func invmod256(_ a: Int) -> Int
- {
- var t1:Int=0
- var c=(a>>1)&1
- t1+=c
- t1&=1
- t1=2-t1
- t1<<=1
- var U=t1+1
-
- // i=2
- var b=a&3
- t1=U*b; t1>>=2
- c=(a>>2)&3
- var t2=(U*c)&3
- t1+=t2
- t1*=U; t1&=3
- t1=4-t1
- t1<<=2
- U+=t1
-
- // i=4
- b=a&15
- t1=U*b; t1>>=4
- c=(a>>4)&15
- t2=(U*c)&15
- t1+=t2
- t1*=U; t1&=15
- t1=16-t1
- t1<<=4
- U+=t1
-
- return U
- }
-/* return parity */
- func parity() -> Int
- {
- return Int(w[0]%2)
- }
-
-/* return n-th bit */
- func bit(_ n: UInt) -> Int
- {
- if ((w[Int(n/ROM.BASEBITS)]&(1<<Chunk(n%ROM.BASEBITS)))>0) {return 1;}
- else {return 0;}
- }
-
- /* return n last bits */
- func lastbits(_ n: UInt) -> Int
- {
- let msk=(1<<Chunk(n))-1;
- norm();
- return Int((w[0])&msk)
- }
-/* a=1/a mod 2^256. This is very fast! */
- func invmod2m()
- {
- let U=BIG()
- var b=BIG()
- let c=BIG()
-
- U.inc(BIG.invmod256(lastbits(8)))
-
- var i=UInt(8)
- while (i<ROM.BIGBITS)
- {
- b.copy(self)
- b.mod2m(i)
- let t1=BIG.smul(U,b)
- t1.shr(i)
- c.copy(self)
- c.shr(i)
- c.mod2m(i)
-
- let t2=BIG.smul(U,c)
- t2.mod2m(i)
- t1.add(t2)
- b=BIG.smul(t1,U)
- t1.copy(b)
- t1.mod2m(i)
-
- t2.one(); t2.shl(i); t1.rsub(t2); t1.norm()
- t1.shl(i)
- U.add(t1)
- i<<=1
- }
- U.mod2m(ROM.BIGBITS)
- self.copy(U)
- self.norm()
- }
- /* reduce this mod m */
- func mod(_ m: BIG)
- {
- var k=0
- let r=BIG(0)
- norm()
- if (BIG.comp(self,m)<0) {return}
- repeat
- {
- m.fshl(1)
- k += 1
- } while (BIG.comp(self,m)>=0)
-
- while (k>0)
- {
- m.fshr(1)
-
- r.copy(self)
- r.sub(m)
- r.norm()
- cmove(r,Int(1-((r.w[ROM.NLEN-1]>>Chunk(ROM.CHUNK-1))&1)))
-/*
- if (BIG.comp(self,m)>=0)
- {
- sub(m)
- norm()
- } */
- k -= 1
- }
- }
- /* divide this by m */
- func div(_ m: BIG)
- {
- var k=0
- norm()
- let e=BIG(1)
- let b=BIG(self)
- let r=BIG(0)
- zero()
-
- while (BIG.comp(b,m)>=0)
- {
- e.fshl(1)
- m.fshl(1)
- k += 1
- }
-
- while (k>0)
- {
- m.fshr(1)
- e.fshr(1)
-
- r.copy(b)
- r.sub(m)
- r.norm()
- let d=Int(1-((r.w[ROM.NLEN-1]>>Chunk(ROM.CHUNK-1))&1))
- b.cmove(r,d)
- r.copy(self)
- r.add(e)
- r.norm()
- cmove(r,d)
-/*
- if (BIG.comp(b,m)>=0)
- {
- add(e)
- norm()
- b.sub(m)
- b.norm()
- } */
- k -= 1;
- }
- }
- /* get 8*MODBYTES size random number */
- static func random(_ rng: RAND) -> BIG
- {
- let m=BIG();
- var j:Int=0
- var r:UInt8=0
- /* generate random BIG */
- for _ in 0 ..< Int(8*ROM.MODBYTES)
- {
- if (j==0) {r=rng.getByte()}
- else {r>>=1}
-
- let b=Chunk(r&1);
- m.shl(1); m.w[0]+=b;// m.inc(b);
- j += 1; j&=7;
- }
- return m;
- }
-
- /* Create random BIG in portable way, one bit at a time, less than q */
- static func randomnum(_ q: BIG,_ rng: RAND) -> BIG
- {
- let d=DBIG(0);
- var j:Int=0
- var r:UInt8=0
-
- for _ in 0 ..< Int(2*ROM.MODBITS)
- {
- if (j==0) {r=rng.getByte()}
- else {r>>=1}
-
- let b=Chunk(r&1);
- d.shl(1); d.w[0]+=b; // m.inc(b);
- j += 1; j&=7;
- }
- let m=d.mod(q);
- return m;
- }
-
- /* return NAF value as +/- 1, 3 or 5. x and x3 should be normed.
- nbs is number of bits processed, and nzs is number of trailing 0s detected
- static func nafbits(_ x: BIG,_ x3:BIG ,i:Int) -> [Chunk]
- {
- var j:Int
- var n=[Chunk](repeating: 0,count: 3)
- var nb=x3.bit(UInt(i))-x.bit(UInt(i))
- n[1]=1;
- n[0]=0;
- if (nb==0) {n[0]=0; return n}
- if (i==0) {n[0]=Chunk(nb); return n}
- if (nb>0) {n[0]=1}
- else {n[0]=(-1)}
-
- j=i-1
- while (true)
- {
- n[1] += 1
- n[0]*=2
- nb=x3.bit(UInt(j))-x.bit(UInt(j))
- if (nb>0) {n[0]+=1}
- if (nb<0) {n[0]-=1}
- if (n[0]>5 || n[0] < -5) {break}
- j-=1
- if j==0 {break}
- }
-
- if ((n[0]%2 != 0) && (j != 0))
- { /* backtrack */
- if (nb>0) {n[0]=(n[0]-1)/2}
- if (nb<0) {n[0]=(n[0]+1)/2}
- n[1] -= 1;
- }
- while (n[0]%2==0)
- { /* remove trailing zeros */
- n[0]/=2
- n[2] += 1
- n[1] -= 1
- }
- return n;
- } */
-
- /* Jacobi Symbol (this/p). Returns 0, 1 or -1 */
- func jacobi(_ p: BIG) -> Int
- {
- var n8:Int
- var k:Int
- var m:Int=0;
- let t=BIG()
- let x=BIG()
- let n=BIG()
- let zilch=BIG()
- let one=BIG(1)
- if (p.parity()==0 || BIG.comp(self,zilch)==0 || BIG.comp(p,one)<=0) {return 0}
- norm()
- x.copy(self)
- n.copy(p)
- x.mod(p)
-
- while (BIG.comp(n,one)>0)
- {
- if (BIG.comp(x,zilch)==0) {return 0}
- n8=n.lastbits(3)
- k=0
- while (x.parity()==0)
- {
- k += 1
- x.shr(1)
- }
- if (k%2==1) {m+=((n8*n8-1)/8)}
- let w=Int(x.lastbits(2)-1)
- m+=(n8-1)*w/4
- t.copy(n)
- t.mod(x)
- n.copy(x)
- x.copy(t)
- m%=2
-
- }
- if (m==0) {return 1}
- else {return -1}
- }
- /* this=1/this mod p. Binary method */
- func invmodp(_ p: BIG)
- {
- mod(p)
- let u=BIG(self)
- let v=BIG(p)
- let x1=BIG(1)
- let x2=BIG()
- let t=BIG()
- let one=BIG(1)
-
- while ((BIG.comp(u,one) != 0 ) && (BIG.comp(v,one) != 0 ))
- {
- while (u.parity()==0)
- {
- u.shr(1);
- if (x1.parity() != 0 )
- {
- x1.add(p);
- x1.norm();
- }
- x1.shr(1);
- }
- while (v.parity()==0)
- {
- v.shr(1);
- if (x2.parity() != 0 )
- {
- x2.add(p);
- x2.norm();
- }
- x2.shr(1);
- }
- if (BIG.comp(u,v)>=0)
- {
- u.sub(v);
- u.norm();
- if (BIG.comp(x1,x2)>=0) {x1.sub(x2)}
- else
- {
- t.copy(p);
- t.sub(x2);
- x1.add(t);
- }
- x1.norm();
- }
- else
- {
- v.sub(u);
- v.norm();
- if (BIG.comp(x2,x1)>=0) {x2.sub(x1)}
- else
- {
- t.copy(p);
- t.sub(x1);
- x2.add(t);
- }
- x2.norm();
- }
- }
- if (BIG.comp(u,one)==0) {copy(x1)}
- else {copy(x2)}
- }
- /* return a*b as DBIG */
-#if D32
- static func mul(_ a: BIG,_ b:BIG) -> DBIG
- {
- var t:DChunk
- var co:DChunk
- let c=DBIG()
- let RM:DChunk=DChunk(ROM.BMASK);
- let RB:DChunk=DChunk(ROM.BASEBITS)
- // a.norm();
- // b.norm();
-
- var d=[DChunk](repeating: 0,count: ROM.NLEN)
- var s:DChunk
- for i in 0 ..< ROM.NLEN
- {
- d[i]=DChunk(a.w[i])*DChunk(b.w[i]);
- }
- s=d[0]
- t=s; c.w[0]=Chunk(t&RM); co=t>>RB
- for k in 1 ..< ROM.NLEN
- {
- s+=d[k]; t=co+s;
- for i in 1+k/2...k
- {t+=DChunk(a.w[i]-a.w[k-i])*DChunk(b.w[k-i]-b.w[i])}
- c.w[k]=Chunk(t&RM); co=t>>RB
- }
- for k in ROM.NLEN ..< 2*ROM.NLEN-1
- {
- s-=d[k-ROM.NLEN]; t=co+s;
-
- //for var i=ROM.NLEN-1;i>=1+k/2;i--
- var i=1+k/2
- while i<ROM.NLEN
- //for i in 1+k/2...ROM.NLEN-1
- {
- t+=DChunk(a.w[i]-a.w[k-i])*DChunk(b.w[k-i]-b.w[i])
- i+=1
- }
-
- c.w[k]=Chunk(t&RM); co=t>>RB
- }
- c.w[2*ROM.NLEN-1]=Chunk(co);
-
- return c
- }
-
- /* return a^2 as DBIG */
- static func sqr(_ a: BIG) -> DBIG
- {
- var t:DChunk
- var co:DChunk
- let c=DBIG()
- let RM:DChunk=DChunk(ROM.BMASK);
- let RB:DChunk=DChunk(ROM.BASEBITS)
- // a.norm();
-
- t=DChunk(a.w[0])*DChunk(a.w[0])
- c.w[0]=Chunk(t&RM); co=t>>RB
- t=DChunk(a.w[1])*DChunk(a.w[0]); t+=t; t+=co
- c.w[1]=Chunk(t&RM); co=t>>RB
-
- var j:Int
- let last=ROM.NLEN-(ROM.NLEN%2)
- j=2
- //for j=2;j<last;j+=2
- while (j<last)
- {
- t=DChunk(a.w[j])*DChunk(a.w[0]); for i in 1 ..< (j+1)/2 {t+=DChunk(a.w[j-i])*DChunk(a.w[i])} ; t+=t; t+=co; t+=DChunk(a.w[j/2])*DChunk(a.w[j/2])
- c.w[j]=Chunk(t&RM); co=t>>RB
- t=DChunk(a.w[j+1])*DChunk(a.w[0]); for i in 1 ..< (j+2)/2 {t+=DChunk(a.w[j+1-i])*DChunk(a.w[i])} ; t+=t; t+=co
- c.w[j+1]=Chunk(t&RM); co=t>>RB
- j+=2
- }
- j=last
- if (ROM.NLEN%2)==1
- {
- t=DChunk(a.w[j])*DChunk(a.w[0]); for i in 1 ..< (j+1)/2 {t+=DChunk(a.w[j-i])*DChunk(a.w[i])} ; t+=t; t+=co; t+=DChunk(a.w[j/2])*DChunk(a.w[j/2])
- c.w[j]=Chunk(t&RM); co=t>>RB; j += 1
- t=DChunk(a.w[ROM.NLEN-1])*DChunk(a.w[j-ROM.NLEN+1]); for i in j-ROM.NLEN+2 ..< (j+1)/2 {t+=DChunk(a.w[j-i])*DChunk(a.w[i])}; t+=t; t+=co
- c.w[j]=Chunk(t&RM); co=t>>RB; j += 1
- }
- while (j<ROM.DNLEN-2)
- {
- t=DChunk(a.w[ROM.NLEN-1])*DChunk(a.w[j-ROM.NLEN+1]); for i in j-ROM.NLEN+2 ..< (j+1)/2 {t+=DChunk(a.w[j-i])*DChunk(a.w[i])} ; t+=t; t+=co; t+=DChunk(a.w[j/2])*DChunk(a.w[j/2])
- c.w[j]=Chunk(t&RM); co=t>>RB
- t=DChunk(a.w[ROM.NLEN-1])*DChunk(a.w[j-ROM.NLEN+2]); for i in j-ROM.NLEN+3 ..< (j+2)/2 {t+=DChunk(a.w[j+1-i])*DChunk(a.w[i])} ; t+=t; t+=co
- c.w[j+1]=Chunk(t&RM); co=t>>RB
- j+=2
- }
- t=DChunk(a.w[ROM.NLEN-1])*DChunk(a.w[ROM.NLEN-1])+co
- c.w[ROM.DNLEN-2]=Chunk(t&RM); co=t>>RB
- c.w[ROM.DNLEN-1]=Chunk(co)
-
- return c;
- }
- static func monty(_ d:DBIG) -> BIG
- {
- let md=BIG(ROM.Modulus);
- let RM:DChunk=DChunk(ROM.BMASK)
- let RB:DChunk=DChunk(ROM.BASEBITS)
-
-
- var t:DChunk
- var s:DChunk
- var c:DChunk
- var dd=[DChunk](repeating: 0,count: ROM.NLEN)
- var v=[Chunk](repeating: 0,count: ROM.NLEN)
- let b=BIG(0)
-
- t=DChunk(d.w[0]); v[0]=(Chunk(t&RM)&*ROM.MConst)&ROM.BMASK; t+=DChunk(v[0])*DChunk(md.w[0]); c=DChunk(d.w[1])+(t>>RB); s=0
- for k in 1 ..< ROM.NLEN
- {
- t=c+s+DChunk(v[0])*DChunk(md.w[k])
- //for i in 1+k/2...k-1
- //for var i=k-1;i>k/2;i--
- var i=1+k/2
- while i<k
- {
- t+=DChunk(v[k-i]-v[i])*DChunk(md.w[i]-md.w[k-i])
- i+=1
- }
- v[k]=(Chunk(t&RM)&*ROM.MConst)&ROM.BMASK; t+=DChunk(v[k])*DChunk(md.w[0]); c=DChunk(d.w[k+1])+(t>>RB)
- dd[k]=DChunk(v[k])*DChunk(md.w[k]); s+=dd[k]
- }
- for k in ROM.NLEN ..< 2*ROM.NLEN-1
- {
- t=c+s;
- //for i in 1+k/2...ROM.NLEN-1
- //for var i=ROM.NLEN-1;i>=1+k/2;i--
- var i=1+k/2
- while i<ROM.NLEN
- {
- t+=DChunk(v[k-i]-v[i])*DChunk(md.w[i]-md.w[k-i])
- i+=1
- }
- b.w[k-ROM.NLEN]=Chunk(t&RM); c=DChunk(d.w[k+1])+(t>>RB); s-=dd[k-ROM.NLEN+1]
- }
- b.w[ROM.NLEN-1]=Chunk(c&RM)
- b.norm()
- return b;
- }
-#endif
-#if D64
- static func mul(_ a: BIG,_ b:BIG) -> DBIG
- {
- let c=DBIG()
- var carry:Chunk
- for i in 0 ..< ROM.NLEN {
- carry=0
- for j in 0..<ROM.NLEN {
- let (top,bot)=BIG.muladd(a.w[i],b.w[j],carry,c.w[i+j])
- carry=top; c.w[i+j]=bot
- }
- c.w[ROM.NLEN+i]=carry
- }
- return c
- }
- static func sqr(_ a: BIG) -> DBIG
- {
- let c=DBIG()
- var carry:Chunk
- for i in 0 ..< ROM.NLEN {
- carry=0
- for j in i+1 ..< ROM.NLEN {
- let (top,bot)=BIG.muladd(2*a.w[i],a.w[j],carry,c.w[i+j])
- carry=top; c.w[i+j]=bot
- }
- c.w[ROM.NLEN+i]=carry
- }
- for i in 0 ..< ROM.NLEN {
- let (top,bot)=BIG.muladd(a.w[i],a.w[i],Chunk(0),c.w[2*i])
- c.w[2*i]=bot
- c.w[2*i+1]+=top
- }
- c.norm()
- return c
- }
- static func monty(_ d:DBIG) -> BIG
- {
- let b=BIG()
- let md=BIG(ROM.Modulus);
- var carry:Chunk
- var m:Chunk
- for i in 0 ..< ROM.NLEN {
- if ROM.MConst == -1 {
- m=(-d.w[i])&ROM.BMASK
- } else {
- if ROM.MConst == 1 {
- m=d.w[i]
- } else {
- m=(ROM.MConst&*d.w[i])&ROM.BMASK;
- }
- }
- carry=0
- for j in 0 ..< ROM.NLEN {
- let (top,bot)=BIG.muladd(m,md.w[j],carry,d.w[i+j])
- carry=top; d.w[i+j]=bot
- }
- d.w[ROM.NLEN+i]+=carry
- }
- for i in 0 ..< ROM.NLEN {
- b.w[i]=d.w[ROM.NLEN+i]
- }
- b.norm();
- return b
- }
-#endif
- /* reduce a DBIG to a BIG using the appropriate form of the modulus */
- static func mod(_ d: DBIG) -> BIG
- {
-
- if ROM.MODTYPE==ROM.PSEUDO_MERSENNE
- {
- let t=d.split(ROM.MODBITS)
- var b=BIG(d)
- let v=t.pmul(Int(ROM.MConst))
- let tw=t.w[ROM.NLEN-1]
- t.w[ROM.NLEN-1] &= ROM.TMASK
- t.inc(Int(ROM.MConst*((tw>>Chunk(ROM.TBITS))+(v<<Chunk(ROM.BASEBITS-ROM.TBITS)))))
-
- b.add(t)
- b.norm()
- return b
- }
- if ROM.MODTYPE==ROM.MONTGOMERY_FRIENDLY
- {
- for i in 0 ..< ROM.NLEN {
- let (top,bot)=BIG.muladd(d.w[i],ROM.MConst-1,d.w[i],d.w[ROM.NLEN+i-1])
- d.w[ROM.NLEN+i]+=top; d.w[ROM.NLEN+i-1]=bot
- // d.w[ROM.NLEN+i]+=d.muladd(d.w[i],ROM.MConst-1,d.w[i],ROM.NLEN+i-1)
- }
-
- var b=BIG(0);
-
- for i in 0 ..< ROM.NLEN
- {
- b.w[i]=d.w[ROM.NLEN+i]
- }
- b.norm()
- return b;
- }
- if ROM.MODTYPE==ROM.GENERALISED_MERSENNE
- { // GoldiLocks Only
- let t=d.split(ROM.MODBITS)
- let RM2=ROM.MODBITS/2
- var b=BIG(d)
- b.add(t)
- let dd=DBIG(t)
- dd.shl(RM2)
-
- let tt=dd.split(ROM.MODBITS)
- let lo=BIG(dd)
- b.add(tt)
- b.add(lo)
- b.norm()
- tt.shl(RM2)
- b.add(tt)
-
- let carry=b.w[ROM.NLEN-1]>>Chunk(ROM.TBITS)
- b.w[ROM.NLEN-1]&=ROM.TMASK
- b.w[0]+=carry
-
- b.w[Int(224/ROM.BASEBITS)]+=carry<<Chunk(224%ROM.BASEBITS)
- b.norm()
- return b;
- }
- if ROM.MODTYPE==ROM.NOT_SPECIAL
- {
- return BIG.monty(d)
- }
- return BIG(0)
- }
-
- /* return a*b mod m */
- static func modmul(_ a: BIG,_ b :BIG,_ m: BIG) -> BIG
- {
- a.mod(m)
- b.mod(m)
- let d=mul(a,b)
- return d.mod(m)
- }
-
- /* return a^2 mod m */
- static func modsqr(_ a: BIG,_ m: BIG) -> BIG
- {
- a.mod(m)
- let d=sqr(a)
- return d.mod(m)
- }
-
- /* return -a mod m */
- static func modneg(_ a: BIG,_ m: BIG) -> BIG
- {
- a.mod(m)
- return m.minus(a)
- }
-
- /* return this^e mod m */
- func powmod(_ e: BIG,_ m: BIG) -> BIG
- {
- norm();
- e.norm();
- var a=BIG(1)
- let z=BIG(e)
- var s=BIG(self)
- while (true)
- {
- let bt=z.parity();
- z.fshr(1)
- if bt==1 {a=BIG.modmul(a,s,m)}
- if (z.iszilch()) {break}
- s=BIG.modsqr(s,m)
- }
- return a
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/swift/dbig.swift
----------------------------------------------------------------------
diff --git a/version22/swift/dbig.swift b/version22/swift/dbig.swift
deleted file mode 100644
index 8a1ac64..0000000
--- a/version22/swift/dbig.swift
+++ /dev/null
@@ -1,265 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-//
-// dbig.swift
-//
-// Created by Michael Scott on 13/06/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-final class DBIG{
- var w=[Chunk](repeating: 0,count: ROM.DNLEN)
- init() {
- for i in 0 ..< ROM.DNLEN {w[i]=0}
- }
- init(_ x: Int)
- {
- w[0]=Chunk(x);
- for i in 1 ..< ROM.DNLEN {w[i]=0}
- }
- init(_ x: BIG)
- {
- for i in 0 ..< ROM.NLEN {w[i]=x.w[i]}
- w[ROM.NLEN-1]=x.w[ROM.NLEN-1]&ROM.BMASK
- w[ROM.NLEN]=x.w[ROM.NLEN-1]>>Chunk(ROM.BASEBITS)
- for i in ROM.NLEN+1 ..< ROM.DNLEN {w[i]=0}
- }
- init(_ x: DBIG)
- {
- for i in 0 ..< ROM.DNLEN {w[i]=x.w[i]}
- }
- init(_ x: [Chunk])
- {
- for i in 0 ..< ROM.DNLEN {w[i]=x[i]}
- }
-
- func cmove(_ g: DBIG,_ d: Int)
- {
- let b = Chunk(-d)
-
- for i in 0 ..< ROM.DNLEN
- {
- w[i]^=(w[i]^g.w[i])&b;
- }
- }
-
-/* Copy from another DBIG */
- func copy(_ x: DBIG)
- {
- for i in 0 ..< ROM.DNLEN {w[i] = x.w[i]}
- }
-
- /* this-=x */
- func sub(_ x: DBIG)
- {
- for i in 0 ..< ROM.DNLEN
- {
- w[i]-=x.w[i]
- }
- }
-/* func muladd(_ x: Int32,_ y: Int32,_ c: Int32,_ i: Int) -> Int32
- {
- let prod:Int64 = Int64(x)*Int64(y)+Int64(c)+Int64(w[i])
- w[i]=Int32(prod&Int64(ROM.BMASK))
- return Int32(prod>>Int64(ROM.BASEBITS))
- } */
- /* general shift left */
- func shl(_ k: UInt)
- {
- let n=k%ROM.BASEBITS
- let m=Int(k/ROM.BASEBITS)
- w[ROM.DNLEN-1]=((w[ROM.DNLEN-1-m]<<Chunk(n)))|(w[ROM.DNLEN-m-2]>>Chunk(ROM.BASEBITS-n))
- for i in (m+1...ROM.DNLEN-2).reversed()
- // for var i=ROM.DNLEN-2;i>m;i--
- {
- w[i]=((w[i-m]<<Chunk(n))&ROM.BMASK)|(w[i-m-1]>>Chunk(ROM.BASEBITS-n))
- }
- w[m]=(w[0]<<Chunk(n))&ROM.BMASK
- for i in 0 ..< m {w[i]=0}
- }
- /* general shift right */
- func shr(_ k: UInt)
- {
- let n=k%ROM.BASEBITS
- let m=Int(k/ROM.BASEBITS)
- for i in 0 ..< ROM.DNLEN-m-1
- {
- w[i]=(w[m+i]>>Chunk(n))|((w[m+i+1]<<Chunk(ROM.BASEBITS-n))&ROM.BMASK)
- }
- w[ROM.DNLEN - m - 1]=w[ROM.DNLEN-1]>>Chunk(n)
- for i in ROM.DNLEN - m ..< ROM.DNLEN {w[i]=0}
- }
- /* Compare a and b, return 0 if a==b, -1 if a<b, +1 if a>b. Inputs must be normalised */
- static func comp(_ a: DBIG,_ b: DBIG) -> Int
- {
- for i in (0...ROM.DNLEN-1).reversed()
- // for var i=ROM.DNLEN-1;i>=0;i--
- {
- if (a.w[i]==b.w[i]) {continue}
- if (a.w[i]>b.w[i]) {return 1}
- else {return -1}
- }
- return 0;
- }
- /* normalise BIG - force all digits < 2^BASEBITS */
- func norm()
- {
- var carry:Chunk=0
- for i in 0 ..< ROM.DNLEN-1
- {
- let d=w[i]+carry
- w[i]=d&ROM.BMASK
- carry=d>>Chunk(ROM.BASEBITS)
- }
- w[ROM.DNLEN-1]+=carry
- }
- /* reduces this DBIG mod a BIG, and returns the BIG */
- func mod(_ c: BIG) -> BIG
- {
- var k:Int=0
- norm()
- let m=DBIG(c)
- let r=DBIG(0)
-
- if DBIG.comp(self,m)<0 {return BIG(self)}
-
- repeat
- {
- m.shl(1)
- k += 1
- }
- while (DBIG.comp(self,m)>=0);
-
- while (k>0)
- {
- m.shr(1)
-
- r.copy(self)
- r.sub(m)
- r.norm()
- cmove(r,Int(1-((r.w[ROM.DNLEN-1]>>Chunk(ROM.CHUNK-1))&1)))
-/*
-
- if (DBIG.comp(self,m)>=0)
- {
- sub(m)
- norm()
- } */
- k -= 1;
- }
- return BIG(self)
- }
- /* return this/c */
- func div(_ c:BIG) -> BIG
- {
- var k:Int=0
- let m=DBIG(c)
- let a=BIG(0)
- let e=BIG(1)
- let r=BIG(0)
- let dr=DBIG(0)
-
- norm()
-
- while (DBIG.comp(self,m)>=0)
- {
- e.fshl(1)
- m.shl(1)
- k += 1
- }
-
- while (k>0)
- {
- m.shr(1)
- e.shr(1)
-
- dr.copy(self)
- dr.sub(m)
- dr.norm()
- let d=Int(1-((dr.w[ROM.DNLEN-1]>>Chunk(ROM.CHUNK-1))&1))
- cmove(dr,d)
- r.copy(a)
- r.add(e)
- r.norm()
- a.cmove(r,d)
-/*
- if (DBIG.comp(self,m)>0)
- {
- a.add(e)
- a.norm()
- sub(m)
- norm()
- } */
- k -= 1
- }
- return a
- }
-
- /* split DBIG at position n, return higher half, keep lower half */
- func split(_ n: UInt) -> BIG
- {
- let t=BIG(0)
- let m=n%ROM.BASEBITS
- var carry=w[ROM.DNLEN-1]<<Chunk(ROM.BASEBITS-m)
-
- for i in (ROM.NLEN-1...ROM.DNLEN-2).reversed()
- // for var i=ROM.DNLEN-2;i>=ROM.NLEN-1;i--
- {
- let nw=(w[i]>>Chunk(m))|carry;
- carry=(w[i]<<Chunk(ROM.BASEBITS-m))&ROM.BMASK;
- t.set(i-ROM.NLEN+1,nw);
- }
- w[ROM.NLEN-1]&=((1<<Chunk(m))-1);
- return t;
- }
- /* return number of bits */
- func nbits() -> Int
- {
- var k=(ROM.DNLEN-1)
- norm()
- while k>=0 && w[k]==0 {k -= 1}
- if k<0 {return 0}
- var bts=Int(ROM.BASEBITS)*k
- var c=w[k];
- while c != 0 {c/=2; bts+=1}
- return bts
- }
- /* Convert to Hex String */
- func toString() -> String
- {
- _ = DBIG()
- var s:String=""
- var len=nbits()
- if len%4 == 0 {len/=4}
- else {len/=4; len += 1}
-
- for i in (0...len-1).reversed()
- // for var i=len-1;i>=0;i--
- {
- let b = DBIG(self)
- b.shr(UInt(i*4))
- let n=String(b.w[0]&15,radix:16,uppercase:false)
- s+=n
- }
-
- return s
- }
-
-}
[11/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/mpin192.c
----------------------------------------------------------------------
diff --git a/version3/c/mpin192.c b/version3/c/mpin192.c
deleted file mode 100644
index e1f3bce..0000000
--- a/version3/c/mpin192.c
+++ /dev/null
@@ -1,975 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* MPIN Functions */
-
-/* Version 3.0 - supports Time Permits */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "mpin192_ZZZ.h"
-
-#define ROUNDUP(a,b) ((a)-1)/(b)+1
-
-/* Special mpin hashing */
-static void mpin_hash(int sha,FP8_YYY *f, ECP_ZZZ *P,octet *w)
-{
- int i;
- BIG_XXX x,y;
- char h[64];
- hash256 sha256;
- hash512 sha512;
- char t[10*MODBYTES_XXX]; // to hold 10 BIGs
- int hlen=sha;
-
-
- FP_YYY_redc(x,&(f->a.a.a));
- BIG_XXX_toBytes(&t[0],x);
- FP_YYY_redc(x,&(f->a.a.b));
- BIG_XXX_toBytes(&t[MODBYTES_XXX],x);
- FP_YYY_redc(x,&(f->a.b.a));
- BIG_XXX_toBytes(&t[2*MODBYTES_XXX],x);
- FP_YYY_redc(x,&(f->a.b.b));
- BIG_XXX_toBytes(&t[3*MODBYTES_XXX],x);
-
- FP_YYY_redc(x,&(f->b.a.a));
- BIG_XXX_toBytes(&t[4*MODBYTES_XXX],x);
- FP_YYY_redc(x,&(f->b.a.b));
- BIG_XXX_toBytes(&t[5*MODBYTES_XXX],x);
- FP_YYY_redc(x,&(f->b.b.a));
- BIG_XXX_toBytes(&t[6*MODBYTES_XXX],x);
- FP_YYY_redc(x,&(f->b.b.b));
- BIG_XXX_toBytes(&t[7*MODBYTES_XXX],x);
-
- ECP_ZZZ_get(x,y,P);
- BIG_XXX_toBytes(&t[8*MODBYTES_XXX],x);
- BIG_XXX_toBytes(&t[9*MODBYTES_XXX],y);
-
- OCT_empty(w);
- switch (sha)
- {
- case SHA256:
- HASH256_init(&sha256);
- for (i=0; i<10*MODBYTES_XXX; i++) HASH256_process(&sha256,t[i]);
- HASH256_hash(&sha256,h);
- break;
- case SHA384:
- HASH384_init(&sha512);
- for (i=0; i<10*MODBYTES_XXX; i++) HASH384_process(&sha512,t[i]);
- HASH384_hash(&sha512,h);
- break;
- case SHA512:
- HASH512_init(&sha512);
- for (i=0; i<10*MODBYTES_XXX; i++) HASH512_process(&sha512,t[i]);
- HASH512_hash(&sha512,h);
- break;
- }
-
- OCT_jbytes(w,h,AESKEY_ZZZ);
- for (i=0; i<hlen; i++) h[i]=0;
-}
-
-/* these next two functions help to implement elligator squared - http://eprint.iacr.org/2014/043 */
-/* maps a random u to a point on the curve */
-static void map(ECP_ZZZ *P,BIG_XXX u,int cb)
-{
- BIG_XXX x,q;
-
- BIG_XXX_rcopy(q,Modulus_YYY);
- BIG_XXX_copy(x,u);
- BIG_XXX_mod(x,q);
-
- while (!ECP_ZZZ_setx(P,x,cb))
- {
- BIG_XXX_inc(x,1); BIG_XXX_norm(x);
- }
-}
-
-/* returns u derived from P. Random value in range 1 to return value should then be added to u */
-static int unmap(BIG_XXX u,int *cb,ECP_ZZZ *P)
-{
- int s,r=0;
- BIG_XXX x;
-
- s=ECP_ZZZ_get(x,x,P);
- BIG_XXX_copy(u,x);
- do
- {
- BIG_XXX_dec(u,1); BIG_XXX_norm(u);
- r++;
- }
- while (!ECP_ZZZ_setx(P,u,s));
- ECP_ZZZ_setx(P,x,s);
-
- *cb=s;
-
- return r;
-}
-
-/* these next two functions implement elligator squared - http://eprint.iacr.org/2014/043 */
-/* Elliptic curve point E in format (0x04,x,y} is converted to form {0x0-,u,v} */
-/* Note that u and v are indistinguisible from random strings */
-int MPIN_ZZZ_ENCODING(csprng *RNG,octet *E)
-{
- int rn,m,su,sv,res=0;
-
- BIG_XXX q,u,v;
- ECP_ZZZ P,W;
-
- if (!ECP_ZZZ_fromOctet(&P,E)) res=MPIN_INVALID_POINT;
- if (res==0)
- {
- BIG_XXX_rcopy(q,Modulus_YYY);
-
- BIG_XXX_randomnum(u,q,RNG);
-
- su=RAND_byte(RNG);
- if (su<0) su=-su;
- su%=2;
- map(&W,u,su);
- ECP_ZZZ_sub(&P,&W); //ECP_ZZZ_affine(&P);
-
- rn=unmap(v,&sv,&P);
- m=RAND_byte(RNG);
- if (m<0) m=-m;
- m%=rn;
- BIG_XXX_inc(v,m+1);
- E->val[0]=su+2*sv;
- BIG_XXX_toBytes(&(E->val[1]),u);
- BIG_XXX_toBytes(&(E->val[PFS_ZZZ+1]),v);
- }
- return res;
-}
-
-int MPIN_ZZZ_DECODING(octet *D)
-{
- int su,sv;
- BIG_XXX u,v;
- ECP_ZZZ P,W;
- int res=0;
-
- if ((D->val[0]&0x04)!=0) res=MPIN_INVALID_POINT;
- if (res==0)
- {
-
- BIG_XXX_fromBytes(u,&(D->val[1]));
- BIG_XXX_fromBytes(v,&(D->val[PFS_ZZZ+1]));
-
- su=D->val[0]&1;
- sv=(D->val[0]>>1)&1;
- map(&W,u,su);
- map(&P,v,sv);
- ECP_ZZZ_add(&P,&W); //ECP_ZZZ_affine(&P);
- ECP_ZZZ_toOctet(D,&P,false);
- }
-
- return res;
-}
-
-/* R=R1+R2 in group G1 */
-int MPIN_ZZZ_RECOMBINE_G1(octet *R1,octet *R2,octet *R)
-{
- ECP_ZZZ P,T;
- int res=0;
- if (res==0)
- {
- if (!ECP_ZZZ_fromOctet(&P,R1)) res=MPIN_INVALID_POINT;
- if (!ECP_ZZZ_fromOctet(&T,R2)) res=MPIN_INVALID_POINT;
- }
- if (res==0)
- {
- ECP_ZZZ_add(&P,&T); //ECP_ZZZ_affine(&P);
- ECP_ZZZ_toOctet(R,&P,false);
- }
- return res;
-}
-
-/* W=W1+W2 in group G2 */
-int MPIN_ZZZ_RECOMBINE_G2(octet *W1,octet *W2,octet *W)
-{
- ECP4_ZZZ Q,T;
- int res=0;
- if (!ECP4_ZZZ_fromOctet(&Q,W1)) res=MPIN_INVALID_POINT;
- if (!ECP4_ZZZ_fromOctet(&T,W2)) res=MPIN_INVALID_POINT;
- if (res==0)
- {
- ECP4_ZZZ_add(&Q,&T); //ECP4_ZZZ_affine(&Q);
- ECP4_ZZZ_toOctet(W,&Q);
- }
- return res;
-}
-
-/* create random secret S */
-int MPIN_ZZZ_RANDOM_GENERATE(csprng *RNG,octet* S)
-{
- BIG_XXX r,s;
-
- BIG_XXX_rcopy(r,CURVE_Order_ZZZ);
- BIG_XXX_randomnum(s,r,RNG);
-#ifdef AES_S
- BIG_XXX_mod2m(s,2*AES_S);
-#endif
- BIG_XXX_toBytes(S->val,s);
- S->len=MODBYTES_XXX;
- return 0;
-}
-
-/* Extract PIN from TOKEN for identity CID */
-int MPIN_ZZZ_EXTRACT_PIN(int sha,octet *CID,int pin,octet *TOKEN)
-{
- pin%=MAXPIN;
- return MPIN_ZZZ_EXTRACT_FACTOR(sha,CID,pin,PBLEN,TOKEN);
-}
-
-/* Extract a factor < 32 bits for identity CID */
-int MPIN_ZZZ_EXTRACT_FACTOR(int sha,octet *CID,int factor,int facbits,octet *TOKEN)
-{
- ECP_ZZZ P,R;
- int res=0;
- char h[MODBYTES_XXX];
- octet H= {0,sizeof(h),h};
-
- if (!ECP_ZZZ_fromOctet(&P,TOKEN)) res=MPIN_INVALID_POINT;
- if (res==0)
- {
- mhashit(sha,-1,CID,&H);
- ECP_ZZZ_mapit(&R,&H);
-
- ECP_ZZZ_pinmul(&R,factor,facbits);
- ECP_ZZZ_sub(&P,&R); //ECP_ZZZ_affine(&P);
-
- ECP_ZZZ_toOctet(TOKEN,&P,false);
- }
- return res;
-}
-
-/* Extract a factor < 32 bits for identity CID */
-int MPIN_ZZZ_RESTORE_FACTOR(int sha,octet *CID,int factor,int facbits,octet *TOKEN)
-{
- ECP_ZZZ P,R;
- int res=0;
- char h[MODBYTES_XXX];
- octet H= {0,sizeof(h),h};
-
- if (!ECP_ZZZ_fromOctet(&P,TOKEN)) res=MPIN_INVALID_POINT;
- if (res==0)
- {
- mhashit(sha,-1,CID,&H);
- ECP_ZZZ_mapit(&R,&H);
-
- ECP_ZZZ_pinmul(&R,factor,facbits);
- ECP_ZZZ_add(&P,&R); //ECP_ZZZ_affine(&P);
-
- ECP_ZZZ_toOctet(TOKEN,&P,false);
- }
- return res;
-}
-
-/* Implement step 2 on client side of MPin protocol - SEC=-(x+y)*SEC */
-int MPIN_ZZZ_CLIENT_2(octet *X,octet *Y,octet *SEC)
-{
- BIG_XXX px,py,r;
- ECP_ZZZ P;
- int res=0;
- BIG_XXX_rcopy(r,CURVE_Order_ZZZ);
- if (!ECP_ZZZ_fromOctet(&P,SEC)) res=MPIN_INVALID_POINT;
- if (res==0)
- {
- BIG_XXX_fromBytes(px,X->val);
- BIG_XXX_fromBytes(py,Y->val);
- BIG_XXX_add(px,px,py);
- BIG_XXX_mod(px,r);
- // BIG_XXX_sub(px,r,px);
- PAIR_ZZZ_G1mul(&P,px);
- ECP_ZZZ_neg(&P);
- ECP_ZZZ_toOctet(SEC,&P,false);
- }
- return res;
-}
-
-/*
- W=x*H(G);
- if RNG == NULL then X is passed in
- if RNG != NULL the X is passed out
- if type=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve
-*/
-
-int MPIN_ZZZ_GET_G1_MULTIPLE(csprng *RNG,int type,octet *X,octet *G,octet *W)
-{
- ECP_ZZZ P;
- BIG_XXX r,x;
- int res=0;
- if (RNG!=NULL)
- {
- BIG_XXX_rcopy(r,CURVE_Order_ZZZ);
- BIG_XXX_randomnum(x,r,RNG);
-#ifdef AES_S
- BIG_XXX_mod2m(x,2*AES_S);
-#endif
- X->len=MODBYTES_XXX;
- BIG_XXX_toBytes(X->val,x);
- }
- else
- BIG_XXX_fromBytes(x,X->val);
-
- if (type==0)
- {
- if (!ECP_ZZZ_fromOctet(&P,G)) res=MPIN_INVALID_POINT;
- }
- else
- {
- ECP_ZZZ_mapit(&P,G);
- }
-
- if (res==0)
- {
- PAIR_ZZZ_G1mul(&P,x);
- ECP_ZZZ_toOctet(W,&P,false);
- }
- return res;
-}
-
-/*
- if RNG == NULL then X is passed in
- if RNG != NULL the X is passed out
- W=x*G where G is point on the curve
- if type==1 W=(x^-1)G
-*/
-
-int MPIN_ZZZ_GET_G2_MULTIPLE(csprng *RNG,int type,octet *X,octet *G,octet *W)
-{
- ECP4_ZZZ P;
- BIG_XXX r,x;
- int res=0;
- BIG_XXX_rcopy(r,CURVE_Order_ZZZ);
- if (RNG!=NULL)
- {
- BIG_XXX_randomnum(x,r,RNG);
-#ifdef AES_S
- BIG_XXX_mod2m(x,2*AES_S);
-#endif
- X->len=MODBYTES_XXX;
- BIG_XXX_toBytes(X->val,x);
- }
- else
- {
- BIG_XXX_fromBytes(x,X->val);
- if (type==1) BIG_XXX_invmodp(x,x,r);
- }
-
- if (!ECP4_ZZZ_fromOctet(&P,G)) res=MPIN_INVALID_POINT;
-
- if (res==0)
- {
- PAIR_ZZZ_G2mul(&P,x);
- ECP4_ZZZ_toOctet(W,&P);
- }
- return res;
-}
-
-
-
-/* Client secret CST=s*H(CID) where CID is client ID and s is master secret */
-/* CID is hashed externally */
-int MPIN_ZZZ_GET_CLIENT_SECRET(octet *S,octet *CID,octet *CST)
-{
- return MPIN_ZZZ_GET_G1_MULTIPLE(NULL,1,S,CID,CST);
-}
-
-/* Implement step 1 on client side of MPin protocol */
-int MPIN_ZZZ_CLIENT_1(int sha,int date,octet *CLIENT_ID,csprng *RNG,octet *X,int pin,octet *TOKEN,octet *SEC,octet *xID,octet *xCID,octet *PERMIT)
-{
- BIG_XXX r,x;
- ECP_ZZZ P,T,W;
- int res=0;
- char h[MODBYTES_XXX];
- octet H= {0,sizeof(h),h};
-
- BIG_XXX_rcopy(r,CURVE_Order_ZZZ);
- if (RNG!=NULL)
- {
- BIG_XXX_randomnum(x,r,RNG);
-#ifdef AES_S
- BIG_XXX_mod2m(x,2*AES_S);
-#endif
- X->len=MODBYTES_XXX;
- BIG_XXX_toBytes(X->val,x);
- }
- else
- BIG_XXX_fromBytes(x,X->val);
-
- mhashit(sha,-1,CLIENT_ID,&H);
-
- ECP_ZZZ_mapit(&P,&H);
-
- if (!ECP_ZZZ_fromOctet(&T,TOKEN)) res=MPIN_INVALID_POINT;
-
- if (res==0)
- {
- pin%=MAXPIN;
-
- ECP_ZZZ_copy(&W,&P); // W=H(ID)
- ECP_ZZZ_pinmul(&W,pin,PBLEN); // W=alpha.H(ID)
- ECP_ZZZ_add(&T,&W); // T=Token+alpha.H(ID) = s.H(ID)
-
- if (date)
- {
- if (PERMIT!=NULL)
- {
- if (!ECP_ZZZ_fromOctet(&W,PERMIT)) res=MPIN_INVALID_POINT;
- ECP_ZZZ_add(&T,&W); // SEC=s.H(ID)+s.H(T|ID)
- }
- mhashit(sha,date,&H,&H);
-
- ECP_ZZZ_mapit(&W,&H);
- if (xID!=NULL)
- {
- PAIR_ZZZ_G1mul(&P,x); // P=x.H(ID)
- ECP_ZZZ_toOctet(xID,&P,false); // xID
- PAIR_ZZZ_G1mul(&W,x); // W=x.H(T|ID)
- ECP_ZZZ_add(&P,&W); //ECP_ZZZ_affine(&P);
- }
- else
- {
- ECP_ZZZ_add(&P,&W); //ECP_ZZZ_affine(&P);
- PAIR_ZZZ_G1mul(&P,x);
- }
- if (xCID!=NULL) ECP_ZZZ_toOctet(xCID,&P,false); // U
- }
- else
- {
- if (xID!=NULL)
- {
- PAIR_ZZZ_G1mul(&P,x); // P=x.H(ID)
- ECP_ZZZ_toOctet(xID,&P,false); // xID
- }
- }
- }
-
- if (res==0)
- {
- //ECP_ZZZ_affine(&T);
- ECP_ZZZ_toOctet(SEC,&T,false); // V
- }
- return res;
-}
-
-/* Extract Server Secret SST=S*Q where Q is fixed generator in G2 and S is master secret */
-int MPIN_ZZZ_GET_SERVER_SECRET(octet *S,octet *SST)
-{
- BIG_XXX r,s;
- ECP4_ZZZ Q;
- int res=0;
-
- BIG_XXX_rcopy(r,CURVE_Order_ZZZ);
-
- ECP4_ZZZ_generator(&Q);
-
- if (res==0)
- {
- BIG_XXX_fromBytes(s,S->val);
- PAIR_ZZZ_G2mul(&Q,s);
- ECP4_ZZZ_toOctet(SST,&Q);
- }
-
- return res;
-}
-
-
-/* Time Permit CTT=s*H(date|H(CID)) where s is master secret */
-int MPIN_ZZZ_GET_CLIENT_PERMIT(int sha,int date,octet *S,octet *CID,octet *CTT)
-{
- BIG_XXX s;
- ECP_ZZZ P;
- char h[MODBYTES_XXX];
- octet H= {0,sizeof(h),h};
-
- mhashit(sha,date,CID,&H);
-
- ECP_ZZZ_mapit(&P,&H);
-
-//printf("P= "); ECP_ZZZ_output(&P); printf("\n");
-//exit(0);
-
- BIG_XXX_fromBytes(s,S->val);
-
-
-
-//printf("s= "); BIG_XXX_output(s); printf("\n");
- PAIR_ZZZ_G1mul(&P,s);
-//printf("OP= "); ECP_ZZZ_output(&P); printf("\n");
-//
- ECP_ZZZ_toOctet(CTT,&P,false);
- return 0;
-}
-
-// if date=0 only use HID, set HCID=NULL
-// if date and PE, use HID and HCID
-
-/* Outputs H(CID) and H(CID)+H(T|H(CID)) for time permits. If no time permits set HTID=NULL */
-void MPIN_ZZZ_SERVER_1(int sha,int date,octet *CID,octet *HID,octet *HTID)
-{
- char h[MODBYTES_XXX];
- octet H= {0,sizeof(h),h};
- ECP_ZZZ P,R;
- BIG_XXX x;
-
-#ifdef USE_ANONYMOUS
- ECP_ZZZ_mapit(&P,CID);
-#else
- mhashit(sha,-1,CID,&H);
- ECP_ZZZ_mapit(&P,&H);
-#endif
-
- ECP_ZZZ_toOctet(HID,&P,false); // new
-
- if (date)
- {
- // if (HID!=NULL) ECP_ZZZ_toOctet(HID,&P,false);
-#ifdef USE_ANONYMOUS
- mhashit(sha,date,CID,&H);
-#else
- mhashit(sha,date,&H,&H);
-#endif
- ECP_ZZZ_mapit(&R,&H);
- ECP_ZZZ_add(&P,&R); //ECP_ZZZ_affine(&P);
- ECP_ZZZ_toOctet(HTID,&P,false);
- }
- //else ECP_ZZZ_toOctet(HID,&P,false);
-
-}
-
-/* Implement M-Pin on server side */
-int MPIN_ZZZ_SERVER_2(int date,octet *HID,octet *HTID,octet *Y,octet *SST,octet *xID,octet *xCID,octet *mSEC,octet *E,octet *F,octet *Pa)
-{
- BIG_XXX px,py,y;
- FP24_YYY g;
- ECP4_ZZZ Q,sQ;
- ECP_ZZZ P,R;
- int res=0;
-
- ECP4_ZZZ_generator(&Q);
-
- // key-escrow less scheme: use Pa instead of Q in pairing computation
- // Q left for backward compatiblity
- if (Pa!=NULL)
- {
- if (!ECP4_ZZZ_fromOctet(&Q, Pa)) res=MPIN_INVALID_POINT;
- }
-
-
- if (res==0)
- {
- if (!ECP4_ZZZ_fromOctet(&sQ,SST)) res=MPIN_INVALID_POINT;
- }
-
- if (res==0)
- {
- if (date)
- {
- //BIG_XXX_fromBytes(px,&(xCID->val[1]));
- //BIG_XXX_fromBytes(py,&(xCID->val[PFS_ZZZ+1]));
- if (!ECP_ZZZ_fromOctet(&R,xCID)) res=MPIN_INVALID_POINT;
- }
- else
- {
- //BIG_XXX_fromBytes(px,&(xID->val[1]));
- //BIG_XXX_fromBytes(py,&(xID->val[PFS_ZZZ+1]));
- if (!ECP_ZZZ_fromOctet(&R,xID)) res=MPIN_INVALID_POINT;
- }
- //if (!ECP_ZZZ_set(&R,px,py)) res=MPIN_INVALID_POINT; // x(A+AT)
- }
- if (res==0)
- {
- BIG_XXX_fromBytes(y,Y->val);
- if (date)
- {
- if (!ECP_ZZZ_fromOctet(&P,HTID)) res=MPIN_INVALID_POINT;
- }
- else
- {
- if (!ECP_ZZZ_fromOctet(&P,HID)) res=MPIN_INVALID_POINT;
- }
- }
- if (res==0)
- {
- PAIR_ZZZ_G1mul(&P,y); // y(A+AT)
- ECP_ZZZ_add(&P,&R); // x(A+AT)+y(A+T)
- //ECP_ZZZ_affine(&P);
- if (!ECP_ZZZ_fromOctet(&R,mSEC)) res=MPIN_INVALID_POINT; // V
- }
- if (res==0)
- {
-
- PAIR_ZZZ_double_ate(&g,&Q,&R,&sQ,&P);
- PAIR_ZZZ_fexp(&g);
-
- if (!FP24_YYY_isunity(&g))
- {
- if (HID!=NULL && xID!=NULL && E!=NULL && F !=NULL)
- {
- /* xID is set to NULL if there is no way to calculate PIN error */
- FP24_YYY_toOctet(E,&g);
-
- /* Note error is in the PIN, not in the time permit! Hence the need to exclude Time Permit from this check */
-
- if (date)
- {
- if (!ECP_ZZZ_fromOctet(&P,HID)) res=MPIN_INVALID_POINT;
- if (!ECP_ZZZ_fromOctet(&R,xID)) res=MPIN_INVALID_POINT; // U
-
- if (res==0)
- {
- PAIR_ZZZ_G1mul(&P,y); // yA
- ECP_ZZZ_add(&P,&R); // yA+xA
- //ECP_ZZZ_affine(&P);
- }
- }
- if (res==0)
- {
- PAIR_ZZZ_ate(&g,&Q,&P);
- PAIR_ZZZ_fexp(&g);
- FP24_YYY_toOctet(F,&g);
- }
- }
- res=MPIN_BAD_PIN;
- }
- }
-
- return res;
-}
-
-#if MAXPIN==10000
-#define MR_TS 10 /* 2^10/10 approx = sqrt(MAXPIN) */
-#define TRAP 200 /* 2*sqrt(MAXPIN) */
-#endif
-
-#if MAXPIN==1000000
-#define MR_TS 14
-#define TRAP 2000
-#endif
-
-/* Pollards kangaroos used to return PIN error */
-int MPIN_ZZZ_KANGAROO(octet *E,octet *F)
-{
- int i,j,m,s,dn,dm,steps;
- int distance[MR_TS];
- FP24_YYY ge,gf,t,table[MR_TS];
- int res=0;
- // BIG_XXX w;
-
- FP24_YYY_fromOctet(&ge,E);
- FP24_YYY_fromOctet(&gf,F);
-
- FP24_YYY_copy(&t,&gf);
-
- for (s=1,m=0; m<MR_TS; m++)
- {
- distance[m]=s;
- FP24_YYY_copy(&table[m],&t);
- s*=2;
- FP24_YYY_usqr(&t,&t);
- FP24_YYY_reduce(&t);
- }
-
- FP24_YYY_one(&t);
-
- for (dn=0,j=0; j<TRAP; j++)
- {
-
- //BIG_XXX_copy(w,t.a.a.a);
- //FP_YYY_redc(w);
- //i=BIG_XXX_lastbits(w,20)%MR_TS;
-
- i=t.a.a.a.a.g[0]%MR_TS;
-
- FP24_YYY_mul(&t,&table[i]);
- FP24_YYY_reduce(&t);
- dn+=distance[i];
- }
-
- FP24_YYY_conj(&gf,&t);
- steps=0;
- dm=0;
- while (dm-dn<MAXPIN)
- {
- steps++;
- if (steps>4*TRAP) break;
-
- //BIG_XXX_copy(w,ge.a.a.a);
- //FP_YYY_redc(w);
- //i=BIG_XXX_lastbits(w,20)%MR_TS;
-
- i=ge.a.a.a.a.g[0]%MR_TS;
-
- FP24_YYY_mul(&ge,&table[i]);
- FP24_YYY_reduce(&ge);
- dm+=distance[i];
- if (FP24_YYY_equals(&ge,&t))
- {
- res=dm-dn;
- break;
- }
- if (FP24_YYY_equals(&ge,&gf))
- {
- res=dn-dm;
- break;
- }
- }
- if (steps>4*TRAP || dm-dn>=MAXPIN)
- {
- res=0; /* Trap Failed - probable invalid token */
- }
-
- return res;
-}
-
-/* Functions to support M-Pin Full */
-
-int MPIN_ZZZ_PRECOMPUTE(octet *TOKEN,octet *CID,octet *CP,octet *G1,octet *G2)
-{
- ECP_ZZZ P,T;
- ECP4_ZZZ Q;
- FP24_YYY g;
- BIG_XXX x;
- int res=0;
-
- if (!ECP_ZZZ_fromOctet(&T,TOKEN)) res=MPIN_INVALID_POINT;
-
- if (res==0)
- {
- ECP_ZZZ_mapit(&P,CID);
- if (CP!=NULL)
- {
- if (!ECP4_ZZZ_fromOctet(&Q,CP)) res=MPIN_INVALID_POINT;
- }
- else
- {
- ECP4_ZZZ_generator(&Q);
- }
- }
- if (res==0)
- {
- PAIR_ZZZ_ate(&g,&Q,&T);
- PAIR_ZZZ_fexp(&g);
-
- FP24_YYY_toOctet(G1,&g);
- if (G2!=NULL)
- {
- PAIR_ZZZ_ate(&g,&Q,&P);
- PAIR_ZZZ_fexp(&g);
- FP24_YYY_toOctet(G2,&g);
- }
- }
- return res;
-}
-
-/* calculate common key on client side */
-/* wCID = w.(A+AT) */
-int MPIN_ZZZ_CLIENT_KEY(int sha,octet *G1,octet *G2,int pin,octet *R,octet *X,octet *H,octet *wCID,octet *CK)
-{
- FP24_YYY g1,g2;
- FP8_YYY c;//,cp,cpm1,cpm2;
-
- ECP_ZZZ W;
- int res=0;
- BIG_XXX r,z,x,h;//q,m,a,b;
-
- FP24_YYY_fromOctet(&g1,G1);
- FP24_YYY_fromOctet(&g2,G2);
- BIG_XXX_fromBytes(z,R->val);
- BIG_XXX_fromBytes(x,X->val);
- BIG_XXX_fromBytes(h,H->val);
-
- if (!ECP_ZZZ_fromOctet(&W,wCID)) res=MPIN_INVALID_POINT;
-
- if (res==0)
- {
- BIG_XXX_rcopy(r,CURVE_Order_ZZZ);
- BIG_XXX_add(z,z,h); // new
- BIG_XXX_mod(z,r);
-
- FP24_YYY_pinpow(&g2,pin,PBLEN);
- FP24_YYY_mul(&g1,&g2);
-
- PAIR_ZZZ_G1mul(&W,x);
-
- FP24_YYY_compow(&c,&g1,z,r);
- mpin_hash(sha,&c,&W,CK);
-
- }
- return res;
-}
-
-/* calculate common key on server side */
-/* Z=r.A - no time permits involved */
-
-int MPIN_ZZZ_SERVER_KEY(int sha,octet *Z,octet *SST,octet *W,octet *H,octet *HID,octet *xID,octet *xCID,octet *SK)
-{
- int res=0;
- FP24_YYY g;
- FP8_YYY c;
- ECP_ZZZ R,U,A;
- ECP4_ZZZ sQ;
- BIG_XXX w,h;
-
- if (!ECP4_ZZZ_fromOctet(&sQ,SST)) res=MPIN_INVALID_POINT;
- if (!ECP_ZZZ_fromOctet(&R,Z)) res=MPIN_INVALID_POINT;
-
-
- if (!ECP_ZZZ_fromOctet(&A,HID)) res=MPIN_INVALID_POINT;
-
- // new
- if (xCID!=NULL)
- {
- if (!ECP_ZZZ_fromOctet(&U,xCID)) res=MPIN_INVALID_POINT;
- }
- else
- {
- if (!ECP_ZZZ_fromOctet(&U,xID)) res=MPIN_INVALID_POINT;
- }
- BIG_XXX_fromBytes(w,W->val);
- BIG_XXX_fromBytes(h,H->val);
-
-
- PAIR_ZZZ_ate(&g,&sQ,&A);
- PAIR_ZZZ_fexp(&g);
-
- if (res==0)
- {
- PAIR_ZZZ_G1mul(&A,h);
- ECP_ZZZ_add(&R,&A); // new
- //ECP_ZZZ_affine(&R);
- PAIR_ZZZ_ate(&g,&sQ,&R);
- PAIR_ZZZ_fexp(&g);
- PAIR_ZZZ_G1mul(&U,w);
- FP24_YYY_trace(&c,&g);
- mpin_hash(sha,&c,&U,SK);
- }
- return res;
-}
-
-/* Generate Y = H(TimeValue, xCID/xID) */
-void MPIN_ZZZ_GET_Y(int sha,int TimeValue,octet *xCID,octet *Y)
-{
- BIG_XXX q,y;
- char h[MODBYTES_XXX];
- octet H= {0,sizeof(h),h};
-
- mhashit(sha,TimeValue,xCID,&H);
- BIG_XXX_fromBytes(y,H.val);
- BIG_XXX_rcopy(q,CURVE_Order_ZZZ);
- BIG_XXX_mod(y,q);
- BIG_XXX_toBytes(Y->val,y);
- Y->len=PGS_ZZZ;
-}
-
-/* One pass MPIN Client */
-int MPIN_ZZZ_CLIENT(int sha,int date,octet *ID,csprng *RNG,octet *X,int pin,octet *TOKEN,octet *V,octet *U,octet *UT,octet *TP,octet *MESSAGE,int TimeValue,octet *Y)
-{
- int rtn=0;
- char m[M_SIZE_ZZZ];
- octet M= {0,sizeof(m),m};
-
- octet *pID;
- if (date == 0)
- pID = U;
- else
- pID = UT;
-
- rtn = MPIN_ZZZ_CLIENT_1(sha,date,ID,RNG,X,pin,TOKEN,V,U,UT,TP);
- if (rtn != 0)
- return rtn;
-
- OCT_joctet(&M,pID);
- if (MESSAGE!=NULL)
- {
- OCT_joctet(&M,MESSAGE);
- }
-
- MPIN_ZZZ_GET_Y(sha,TimeValue,&M,Y);
-
- rtn = MPIN_ZZZ_CLIENT_2(X,Y,V);
- if (rtn != 0)
- return rtn;
-
- return 0;
-}
-
-/* One pass MPIN Server */
-int MPIN_ZZZ_SERVER(int sha,int date,octet *HID,octet *HTID,octet *Y,octet *sQ,octet *U,octet *UT,octet *V,octet *E,octet *F,octet *ID,octet *MESSAGE,int TimeValue, octet *Pa)
-{
- int rtn=0;
- char m[M_SIZE_ZZZ];
- octet M= {0,sizeof(m),m};
-
- octet *pU;
- if (date == 0)
- pU = U;
- else
- pU = UT;
-
- MPIN_ZZZ_SERVER_1(sha,date,ID,HID,HTID);
-
- OCT_joctet(&M,pU);
- if (MESSAGE!=NULL)
- {
- OCT_joctet(&M,MESSAGE);
- }
-
- MPIN_ZZZ_GET_Y(sha,TimeValue,&M,Y);
-
- rtn = MPIN_ZZZ_SERVER_2(date,HID,HTID,Y,sQ,U,UT,V,E,F,Pa);
- if (rtn != 0)
- return rtn;
-
- return 0;
-}
-
-int MPIN_ZZZ_GET_DVS_KEYPAIR(csprng *R,octet *Z,octet *Pa)
-{
- BIG_XXX z,r;
- ECP4_ZZZ Q;
- int res=0;
-
- BIG_XXX_rcopy(r,CURVE_Order_ZZZ);
-
- if (R!=NULL)
- {
- BIG_XXX_randomnum(z,r,R);
- Z->len=MODBYTES_XXX;
- BIG_XXX_toBytes(Z->val,z);
- }
- else
- BIG_XXX_fromBytes(z,Z->val);
-
- BIG_XXX_invmodp(z,z,r);
-
- ECP4_ZZZ_generator(&Q);
-
- if (res==0)
- {
- PAIR_ZZZ_G2mul(&Q,z);
- ECP4_ZZZ_toOctet(Pa,&Q);
- }
-
- return res;
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/mpin192.h
----------------------------------------------------------------------
diff --git a/version3/c/mpin192.h b/version3/c/mpin192.h
deleted file mode 100644
index 79f562c..0000000
--- a/version3/c/mpin192.h
+++ /dev/null
@@ -1,339 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/**
- * @file mpin.h
- * @author Mike Scott and Kealan McCusker
- * @date 2nd June 2015
- * @brief M-Pin Header file
- *
- * Allows some user configuration
- * defines structures
- * declares functions
- *
- */
-
-#ifndef MPIN_ZZZ_H
-#define MPIN_ZZZ_H
-
-#include "pair192_ZZZ.h"
-#include "pbc_support.h"
-
-/* Field size is assumed to be greater than or equal to group size */
-
-#define PGS_ZZZ MODBYTES_XXX /**< MPIN Group Size */
-#define PFS_ZZZ MODBYTES_XXX /**< MPIN Field Size */
-
-#define MPIN_OK 0 /**< Function completed without error */
-#define MPIN_INVALID_POINT -14 /**< Point is NOT on the curve */
-#define MPIN_BAD_PIN -19 /**< Bad PIN number entered */
-
-#define MAXPIN 10000 /**< max PIN */
-#define PBLEN 14 /**< max length of PIN in bits */
-
-//#define PAS_ZZZ 24 /**< MPIN Symmetric Key Size 192 bits */
-//#define HASH_TYPE_MPIN_ZZZ SHA384 /**< Choose Hash function */
-
-#define MESSAGE_SIZE 256 /**< Signature message size */
-#define M_SIZE_ZZZ (MESSAGE_SIZE+2*PFS_ZZZ+1) /**< Signature message size and G1 size */
-
-
-/* MPIN support functions */
-
-/* MPIN primitives */
-
-
-void MPIN_ZZZ_GET_Y(int h,int t,octet *O,octet *Y);
-/** @brief Extract a PIN number from a client secret
- *
- @param h is the hash type
- @param ID is the input client identity
- @param factor is an input factor
- @param facbits is the number of bits in the factor
- @param CS is the client secret from which the factor is to be extracted
- @return 0 or an error code
- */
-int MPIN_ZZZ_EXTRACT_FACTOR(int h,octet *ID,int factor,int facbits,octet *CS);
-
-/** @brief Extract a PIN number from a client secret
- *
- @param h is the hash type
- @param ID is the input client identity
- @param factor is an input factor
- @param facbits is the number of bits in the factor
- @param CS is the client secret to which the factor is to be added
- @return 0 or an error code
- */
-int MPIN_ZZZ_RESTORE_FACTOR(int h,octet *ID,int factor,int facbits,octet *CS);
-
-
-/** @brief Extract a PIN number from a client secret
- *
- @param h is the hash type
- @param ID is the input client identity
- @param pin is an input PIN number
- @param CS is the client secret from which the PIN is to be extracted
- @return 0 or an error code
- */
-int MPIN_ZZZ_EXTRACT_PIN(int h,octet *ID,int pin,octet *CS);
-
-/** @brief Perform client side of the one-pass version of the M-Pin protocol
- *
- If Time Permits are disabled, set d = 0, and UT is not generated and can be set to NULL.
- If Time Permits are enabled, and PIN error detection is OFF, U is not generated and can be set to NULL.
- If Time Permits are enabled, and PIN error detection is ON, U and UT are both generated.
- @param h is the hash type
- @param d is input date, in days since the epoch. Set to 0 if Time permits disabled
- @param ID is the input client identity
- @param R is a pointer to a cryptographically secure random number generator
- @param x an output internally randomly generated if R!=NULL, otherwise must be provided as an input
- @param pin is the input PIN number
- @param T is the input M-Pin token (the client secret with PIN portion removed)
- @param V is output = -(x+y)(CS+TP), where CS is the reconstructed client secret, and TP is the time permit
- @param U is output = x.H(ID)
- @param UT is output = x.(H(ID)+H(d|H(ID)))
- @param TP is the input time permit
- @param MESSAGE is the message to be signed
- @param t is input epoch time in seconds - a timestamp
- @param y is output H(t|U) or H(t|UT) if Time Permits enabled
- @return 0 or an error code
- */
-int MPIN_ZZZ_CLIENT(int h,int d,octet *ID,csprng *R,octet *x,int pin,octet *T,octet *V,octet *U,octet *UT,octet *TP, octet* MESSAGE, int t, octet *y);
-/** @brief Perform first pass of the client side of the 3-pass version of the M-Pin protocol
- *
- If Time Permits are disabled, set d = 0, and UT is not generated and can be set to NULL.
- If Time Permits are enabled, and PIN error detection is OFF, U is not generated and can be set to NULL.
- If Time Permits are enabled, and PIN error detection is ON, U and UT are both generated.
- @param h is the hash type
- @param d is input date, in days since the epoch. Set to 0 if Time permits disabled
- @param ID is the input client identity
- @param R is a pointer to a cryptographically secure random number generator
- @param x an output internally randomly generated if R!=NULL, otherwise must be provided as an input
- @param pin is the input PIN number
- @param T is the input M-Pin token (the client secret with PIN portion removed)
- @param S is output = CS+TP, where CS=is the reconstructed client secret, and TP is the time permit
- @param U is output = x.H(ID)
- @param UT is output = x.(H(ID)+H(d|H(ID)))
- @param TP is the input time permit
- @return 0 or an error code
- */
-int MPIN_ZZZ_CLIENT_1(int h,int d,octet *ID,csprng *R,octet *x,int pin,octet *T,octet *S,octet *U,octet *UT,octet *TP);
-/** @brief Generate a random group element
- *
- @param R is a pointer to a cryptographically secure random number generator
- @param S is the output random octet
- @return 0 or an error code
- */
-int MPIN_ZZZ_RANDOM_GENERATE(csprng *R,octet *S);
-/** @brief Perform second pass of the client side of the 3-pass version of the M-Pin protocol
- *
- @param x an input, a locally generated random number
- @param y an input random challenge from the server
- @param V on output = -(x+y).V
- @return 0 or an error code
- */
-int MPIN_ZZZ_CLIENT_2(octet *x,octet *y,octet *V);
-/** @brief Perform server side of the one-pass version of the M-Pin protocol
- *
- If Time Permits are disabled, set d = 0, and UT and HTID are not generated and can be set to NULL.
- If Time Permits are enabled, and PIN error detection is OFF, U and HID are not needed and can be set to NULL.
- If Time Permits are enabled, and PIN error detection is ON, U, UT, HID and HTID are all required.
- @param h is the hash type
- @param d is input date, in days since the epoch. Set to 0 if Time permits disabled
- @param HID is output H(ID), a hash of the client ID
- @param HTID is output H(ID)+H(d|H(ID))
- @param y is output H(t|U) or H(t|UT) if Time Permits enabled
- @param SS is the input server secret
- @param U is input from the client = x.H(ID)
- @param UT is input from the client= x.(H(ID)+H(d|H(ID)))
- @param V is an input from the client
- @param E is an output to help the Kangaroos to find the PIN error, or NULL if not required
- @param F is an output to help the Kangaroos to find the PIN error, or NULL if not required
- @param ID is the input claimed client identity
- @param MESSAGE is the message to be signed
- @param t is input epoch time in seconds - a timestamp
- @param Pa is input from the client z.Q or NULL if the key-escrow less scheme is not used
- @return 0 or an error code
- */
-int MPIN_ZZZ_SERVER(int h,int d,octet *HID,octet *HTID,octet *y,octet *SS,octet *U,octet *UT,octet *V,octet *E,octet *F,octet *ID,octet *MESSAGE, int t, octet *Pa);
-/** @brief Perform first pass of the server side of the 3-pass version of the M-Pin protocol
- *
- @param h is the hash type
- @param d is input date, in days since the epoch. Set to 0 if Time permits disabled
- @param ID is the input claimed client identity
- @param HID is output H(ID), a hash of the client ID
- @param HTID is output H(ID)+H(d|H(ID))
- @return 0 or an error code
- */
-void MPIN_ZZZ_SERVER_1(int h,int d,octet *ID,octet *HID,octet *HTID);
-/** @brief Perform third pass on the server side of the 3-pass version of the M-Pin protocol
- *
- If Time Permits are disabled, set d = 0, and UT and HTID are not needed and can be set to NULL.
- If Time Permits are enabled, and PIN error detection is OFF, U and HID are not needed and can be set to NULL.
- If Time Permits are enabled, and PIN error detection is ON, U, UT, HID and HTID are all required.
- @param d is input date, in days since the epoch. Set to 0 if Time permits disabled
- @param HID is input H(ID), a hash of the client ID
- @param HTID is input H(ID)+H(d|H(ID))
- @param y is the input server's randomly generated challenge
- @param SS is the input server secret
- @param U is input from the client = x.H(ID)
- @param UT is input from the client= x.(H(ID)+H(d|H(ID)))
- @param V is an input from the client
- @param E is an output to help the Kangaroos to find the PIN error, or NULL if not required
- @param F is an output to help the Kangaroos to find the PIN error, or NULL if not required
- @param Pa is the input public key from the client, z.Q or NULL if the client uses regular mpin
- @return 0 or an error code
- */
-int MPIN_ZZZ_SERVER_2(int d,octet *HID,octet *HTID,octet *y,octet *SS,octet *U,octet *UT,octet *V,octet *E,octet *F,octet *Pa);
-/** @brief Add two members from the group G1
- *
- @param Q1 an input member of G1
- @param Q2 an input member of G1
- @param Q an output member of G1 = Q1+Q2
- @return 0 or an error code
- */
-int MPIN_ZZZ_RECOMBINE_G1(octet *Q1,octet *Q2,octet *Q);
-/** @brief Add two members from the group G2
- *
- @param P1 an input member of G2
- @param P2 an input member of G2
- @param P an output member of G2 = P1+P2
- @return 0 or an error code
- */
-int MPIN_ZZZ_RECOMBINE_G2(octet *P1,octet *P2,octet *P);
-/** @brief Use Kangaroos to find PIN error
- *
- @param E a member of the group GT
- @param F a member of the group GT = E^e
- @return 0 if Kangaroos failed, or the PIN error e
- */
-int MPIN_ZZZ_KANGAROO(octet *E,octet *F);
-/** @brief Encoding of a Time Permit to make it indistinguishable from a random string
- *
- @param R is a pointer to a cryptographically secure random number generator
- @param TP is the input time permit, obfuscated on output
- @return 0 or an error code
- */
-int MPIN_ZZZ_ENCODING(csprng *R,octet *TP);
-/** @brief Encoding of an obfuscated Time Permit
- *
- @param TP is the input obfuscated time permit, restored on output
- @return 0 or an error code
- */
-int MPIN_ZZZ_DECODING(octet *TP);
-
-/** @brief Find a random multiple of a point in G1
- *
- @param R is a pointer to a cryptographically secure random number generator
- @param type determines type of action to be taken
- @param x an output internally randomly generated if R!=NULL, otherwise must be provided as an input
- @param G if type=0 a point in G1, else an octet to be mapped to G1
- @param W the output =x.G or x.M(G), where M(.) is a mapping
- @return 0 or an error code
- */
-int MPIN_ZZZ_GET_G1_MULTIPLE(csprng *R,int type,octet *x,octet *G,octet *W);
-/** @brief Find a random multiple of a point in G1
- *
- @param R is a pointer to a cryptographically secure random number generator
- @param type determines type of action to betaken
- @param x an output internally randomly generated if R!=NULL, otherwise must be provided as an input
- @param G a point in G2
- @param W the output =x.G or (1/x).G
- @return 0 or an error code
- */
-int MPIN_ZZZ_GET_G2_MULTIPLE(csprng *R,int type,octet *x,octet *G,octet *W);
-
-/** @brief Create a client secret in G1 from a master secret and the client ID
- *
- @param S is an input master secret
- @param ID is the input client identity
- @param CS is the full client secret = s.H(ID)
- @return 0 or an error code
- */
-int MPIN_ZZZ_GET_CLIENT_SECRET(octet *S,octet *ID,octet *CS);
-/** @brief Create a Time Permit in G1 from a master secret and the client ID
- *
- @param h is the hash type
- @param d is input date, in days since the epoch.
- @param S is an input master secret
- @param ID is the input client identity
- @param TP is a Time Permit for the given date = s.H(d|H(ID))
- @return 0 or an error code
- */
-int MPIN_ZZZ_GET_CLIENT_PERMIT(int h,int d,octet *S,octet *ID,octet *TP);
-/** @brief Create a server secret in G2 from a master secret
- *
- @param S is an input master secret
- @param SS is the server secret = s.Q where Q is a fixed generator of G2
- @return 0 or an error code
- */
-int MPIN_ZZZ_GET_SERVER_SECRET(octet *S,octet *SS);
-/* int MPIN_TEST_PAIRING(octet *,octet *); */
-
-/* For M-Pin Full */
-/** @brief Precompute values for use by the client side of M-Pin Full
- *
- @param T is the input M-Pin token (the client secret with PIN portion removed)
- @param ID is the input client identity
- @param CP is Public Key (or NULL)
- @param g1 precomputed output
- @param g2 precomputed output
- @return 0 or an error code
- */
-int MPIN_ZZZ_PRECOMPUTE(octet *T,octet *ID,octet *CP,octet *g1,octet *g2);
-/** @brief Calculate Key on Server side for M-Pin Full
- *
- Uses UT internally for the key calculation, unless not available in which case U is used
- @param h is the hash type
- @param Z is the input Client-side Diffie-Hellman component
- @param SS is the input server secret
- @param w is an input random number generated by the server
- @param p is an input, hash of the protocol transcript
- @param I is the hashed input client ID = H(ID)
- @param U is input from the client = x.H(ID)
- @param UT is input from the client= x.(H(ID)+H(d|H(ID)))
- @param K is the output calculated shared key
- @return 0 or an error code
- */
-int MPIN_ZZZ_SERVER_KEY(int h,octet *Z,octet *SS,octet *w,octet *p,octet *I,octet *U,octet *UT,octet *K);
-/** @brief Calculate Key on Client side for M-Pin Full
- *
- @param h is the hash type
- @param g1 precomputed input
- @param g2 precomputed input
- @param pin is the input PIN number
- @param r is an input, a locally generated random number
- @param x is an input, a locally generated random number
- @param p is an input, hash of the protocol transcript
- @param T is the input Server-side Diffie-Hellman component
- @param K is the output calculated shared key
- @return 0 or an error code
- */
-int MPIN_ZZZ_CLIENT_KEY(int h,octet *g1,octet *g2,int pin,octet *r,octet *x,octet *p,octet *T,octet *K);
-
-/** @brief Generates a random public key for the client z.Q
- *
- @param R is a pointer to a cryptographically secure random number generator
- @param Z an output internally randomly generated if R!=NULL, otherwise it must be provided as an input
- @param Pa the output public key for the client
- */
-int MPIN_ZZZ_GET_DVS_KEYPAIR(csprng *R,octet *Z,octet *Pa);
-
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/mpin256.c
----------------------------------------------------------------------
diff --git a/version3/c/mpin256.c b/version3/c/mpin256.c
deleted file mode 100644
index 47c88d3..0000000
--- a/version3/c/mpin256.c
+++ /dev/null
@@ -1,998 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* MPIN Functions */
-
-/* Version 3.0 - supports Time Permits */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "mpin256_ZZZ.h"
-
-
-#define ROUNDUP(a,b) ((a)-1)/(b)+1
-
-
-/* Special mpin hashing */
-static void mpin_hash(int sha,FP16_YYY *f, ECP_ZZZ *P,octet *w)
-{
- int i;
- BIG_XXX x,y;
- char h[64];
- hash256 sha256;
- hash512 sha512;
- char t[18*MODBYTES_XXX]; // to hold 10 BIGs
- int hlen=sha;
-
- FP_YYY_redc(x,&(f->a.a.a.a));
- BIG_XXX_toBytes(&t[0],x);
- FP_YYY_redc(x,&(f->a.a.a.b));
- BIG_XXX_toBytes(&t[MODBYTES_XXX],x);
-
- FP_YYY_redc(x,&(f->a.a.b.a));
- BIG_XXX_toBytes(&t[2*MODBYTES_XXX],x);
- FP_YYY_redc(x,&(f->a.a.b.b));
- BIG_XXX_toBytes(&t[3*MODBYTES_XXX],x);
-
- FP_YYY_redc(x,&(f->a.b.a.a));
- BIG_XXX_toBytes(&t[4*MODBYTES_XXX],x);
- FP_YYY_redc(x,&(f->a.b.a.b));
- BIG_XXX_toBytes(&t[5*MODBYTES_XXX],x);
-
- FP_YYY_redc(x,&(f->a.b.b.a));
- BIG_XXX_toBytes(&t[6*MODBYTES_XXX],x);
- FP_YYY_redc(x,&(f->a.b.b.b));
- BIG_XXX_toBytes(&t[7*MODBYTES_XXX],x);
-
- FP_YYY_redc(x,&(f->b.a.a.a));
- BIG_XXX_toBytes(&t[8*MODBYTES_XXX],x);
- FP_YYY_redc(x,&(f->b.a.a.b));
- BIG_XXX_toBytes(&t[9*MODBYTES_XXX],x);
-
- FP_YYY_redc(x,&(f->b.a.b.a));
- BIG_XXX_toBytes(&t[10*MODBYTES_XXX],x);
- FP_YYY_redc(x,&(f->b.a.b.b));
- BIG_XXX_toBytes(&t[11*MODBYTES_XXX],x);
-
- FP_YYY_redc(x,&(f->b.b.a.a));
- BIG_XXX_toBytes(&t[12*MODBYTES_XXX],x);
- FP_YYY_redc(x,&(f->b.b.a.b));
- BIG_XXX_toBytes(&t[13*MODBYTES_XXX],x);
-
- FP_YYY_redc(x,&(f->b.b.b.a));
- BIG_XXX_toBytes(&t[14*MODBYTES_XXX],x);
- FP_YYY_redc(x,&(f->b.b.b.b));
- BIG_XXX_toBytes(&t[15*MODBYTES_XXX],x);
-
- ECP_ZZZ_get(x,y,P);
- BIG_XXX_toBytes(&t[16*MODBYTES_XXX],x);
- BIG_XXX_toBytes(&t[17*MODBYTES_XXX],y);
-
- OCT_empty(w);
- switch (sha)
- {
- case SHA256:
- HASH256_init(&sha256);
- for (i=0; i<18*MODBYTES_XXX; i++) HASH256_process(&sha256,t[i]);
- HASH256_hash(&sha256,h);
- break;
- case SHA384:
- HASH384_init(&sha512);
- for (i=0; i<18*MODBYTES_XXX; i++) HASH384_process(&sha512,t[i]);
- HASH384_hash(&sha512,h);
- break;
- case SHA512:
- HASH512_init(&sha512);
- for (i=0; i<18*MODBYTES_XXX; i++) HASH512_process(&sha512,t[i]);
- HASH512_hash(&sha512,h);
- break;
- }
-
- OCT_jbytes(w,h,AESKEY_ZZZ);
- for (i=0; i<hlen; i++) h[i]=0;
-}
-
-/* these next two functions help to implement elligator squared - http://eprint.iacr.org/2014/043 */
-/* maps a random u to a point on the curve */
-static void map(ECP_ZZZ *P,BIG_XXX u,int cb)
-{
- BIG_XXX x,q;
-
- BIG_XXX_rcopy(q,Modulus_YYY);
- BIG_XXX_copy(x,u);
- BIG_XXX_mod(x,q);
-
- while (!ECP_ZZZ_setx(P,x,cb))
- {
- BIG_XXX_inc(x,1); BIG_XXX_norm(x);
- }
-}
-
-/* returns u derived from P. Random value in range 1 to return value should then be added to u */
-static int unmap(BIG_XXX u,int *cb,ECP_ZZZ *P)
-{
- int s,r=0;
- BIG_XXX x;
-
- s=ECP_ZZZ_get(x,x,P);
- BIG_XXX_copy(u,x);
- do
- {
- BIG_XXX_dec(u,1); BIG_XXX_norm(u);
- r++;
- }
- while (!ECP_ZZZ_setx(P,u,s));
- ECP_ZZZ_setx(P,x,s);
-
- *cb=s;
-
- return r;
-}
-
-/* these next two functions implement elligator squared - http://eprint.iacr.org/2014/043 */
-/* Elliptic curve point E in format (0x04,x,y} is converted to form {0x0-,u,v} */
-/* Note that u and v are indistinguisible from random strings */
-int MPIN_ZZZ_ENCODING(csprng *RNG,octet *E)
-{
- int rn,m,su,sv,res=0;
-
- BIG_XXX q,u,v;
- ECP_ZZZ P,W;
-
- if (!ECP_ZZZ_fromOctet(&P,E)) res=MPIN_INVALID_POINT;
- if (res==0)
- {
- BIG_XXX_rcopy(q,Modulus_YYY);
-
- BIG_XXX_randomnum(u,q,RNG);
-
- su=RAND_byte(RNG);
- if (su<0) su=-su;
- su%=2;
- map(&W,u,su);
- ECP_ZZZ_sub(&P,&W); //ECP_ZZZ_affine(&P);
-
- rn=unmap(v,&sv,&P);
- m=RAND_byte(RNG);
- if (m<0) m=-m;
- m%=rn;
- BIG_XXX_inc(v,m+1);
- E->val[0]=su+2*sv;
- BIG_XXX_toBytes(&(E->val[1]),u);
- BIG_XXX_toBytes(&(E->val[PFS_ZZZ+1]),v);
- }
- return res;
-}
-
-int MPIN_ZZZ_DECODING(octet *D)
-{
- int su,sv;
- BIG_XXX u,v;
- ECP_ZZZ P,W;
- int res=0;
-
- if ((D->val[0]&0x04)!=0) res=MPIN_INVALID_POINT;
- if (res==0)
- {
-
- BIG_XXX_fromBytes(u,&(D->val[1]));
- BIG_XXX_fromBytes(v,&(D->val[PFS_ZZZ+1]));
-
- su=D->val[0]&1;
- sv=(D->val[0]>>1)&1;
- map(&W,u,su);
- map(&P,v,sv);
- ECP_ZZZ_add(&P,&W); //ECP_ZZZ_affine(&P);
- ECP_ZZZ_toOctet(D,&P,false);
- }
-
- return res;
-}
-
-/* R=R1+R2 in group G1 */
-int MPIN_ZZZ_RECOMBINE_G1(octet *R1,octet *R2,octet *R)
-{
- ECP_ZZZ P,T;
- int res=0;
- if (res==0)
- {
- if (!ECP_ZZZ_fromOctet(&P,R1)) res=MPIN_INVALID_POINT;
- if (!ECP_ZZZ_fromOctet(&T,R2)) res=MPIN_INVALID_POINT;
- }
- if (res==0)
- {
- ECP_ZZZ_add(&P,&T); //ECP_ZZZ_affine(&P);
- ECP_ZZZ_toOctet(R,&P,false);
- }
- return res;
-}
-
-/* W=W1+W2 in group G2 */
-int MPIN_ZZZ_RECOMBINE_G2(octet *W1,octet *W2,octet *W)
-{
- ECP8_ZZZ Q,T;
- int res=0;
- if (!ECP8_ZZZ_fromOctet(&Q,W1)) res=MPIN_INVALID_POINT;
- if (!ECP8_ZZZ_fromOctet(&T,W2)) res=MPIN_INVALID_POINT;
- if (res==0)
- {
- ECP8_ZZZ_add(&Q,&T); //ECP8_ZZZ_affine(&Q);
- ECP8_ZZZ_toOctet(W,&Q);
- }
- return res;
-}
-
-/* create random secret S */
-int MPIN_ZZZ_RANDOM_GENERATE(csprng *RNG,octet* S)
-{
- BIG_XXX r,s;
-
- BIG_XXX_rcopy(r,CURVE_Order_ZZZ);
- BIG_XXX_randomnum(s,r,RNG);
-#ifdef AES_S
- BIG_XXX_mod2m(s,2*AES_S);
-#endif
- BIG_XXX_toBytes(S->val,s);
- S->len=MODBYTES_XXX;
- return 0;
-}
-
-/* Extract PIN from TOKEN for identity CID */
-int MPIN_ZZZ_EXTRACT_PIN(int sha,octet *CID,int pin,octet *TOKEN)
-{
- pin%=MAXPIN;
- return MPIN_ZZZ_EXTRACT_FACTOR(sha,CID,pin,PBLEN,TOKEN);
-}
-
-/* Extract a factor < 32 bits for identity CID */
-int MPIN_ZZZ_EXTRACT_FACTOR(int sha,octet *CID,int factor,int facbits,octet *TOKEN)
-{
- ECP_ZZZ P,R;
- int res=0;
- char h[MODBYTES_XXX];
- octet H= {0,sizeof(h),h};
-
- if (!ECP_ZZZ_fromOctet(&P,TOKEN)) res=MPIN_INVALID_POINT;
- if (res==0)
- {
- mhashit(sha,-1,CID,&H);
- ECP_ZZZ_mapit(&R,&H);
-
- ECP_ZZZ_pinmul(&R,factor,facbits);
- ECP_ZZZ_sub(&P,&R); //ECP_ZZZ_affine(&P);
-
- ECP_ZZZ_toOctet(TOKEN,&P,false);
- }
- return res;
-}
-
-/* Extract a factor < 32 bits for identity CID */
-int MPIN_ZZZ_RESTORE_FACTOR(int sha,octet *CID,int factor,int facbits,octet *TOKEN)
-{
- ECP_ZZZ P,R;
- int res=0;
- char h[MODBYTES_XXX];
- octet H= {0,sizeof(h),h};
-
- if (!ECP_ZZZ_fromOctet(&P,TOKEN)) res=MPIN_INVALID_POINT;
- if (res==0)
- {
- mhashit(sha,-1,CID,&H);
- ECP_ZZZ_mapit(&R,&H);
-
- ECP_ZZZ_pinmul(&R,factor,facbits);
- ECP_ZZZ_add(&P,&R); //ECP_ZZZ_affine(&P);
-
- ECP_ZZZ_toOctet(TOKEN,&P,false);
- }
- return res;
-}
-
-/* Implement step 2 on client side of MPin protocol - SEC=-(x+y)*SEC */
-int MPIN_ZZZ_CLIENT_2(octet *X,octet *Y,octet *SEC)
-{
- BIG_XXX px,py,r;
- ECP_ZZZ P;
- int res=0;
- BIG_XXX_rcopy(r,CURVE_Order_ZZZ);
- if (!ECP_ZZZ_fromOctet(&P,SEC)) res=MPIN_INVALID_POINT;
- if (res==0)
- {
- BIG_XXX_fromBytes(px,X->val);
- BIG_XXX_fromBytes(py,Y->val);
- BIG_XXX_add(px,px,py);
- BIG_XXX_mod(px,r);
- // BIG_XXX_sub(px,r,px);
- PAIR_ZZZ_G1mul(&P,px);
- ECP_ZZZ_neg(&P);
- ECP_ZZZ_toOctet(SEC,&P,false);
- }
- return res;
-}
-
-/*
- W=x*H(G);
- if RNG == NULL then X is passed in
- if RNG != NULL the X is passed out
- if type=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve
-*/
-
-int MPIN_ZZZ_GET_G1_MULTIPLE(csprng *RNG,int type,octet *X,octet *G,octet *W)
-{
- ECP_ZZZ P;
- BIG_XXX r,x;
- int res=0;
- if (RNG!=NULL)
- {
- BIG_XXX_rcopy(r,CURVE_Order_ZZZ);
- BIG_XXX_randomnum(x,r,RNG);
-#ifdef AES_S
- BIG_XXX_mod2m(x,2*AES_S);
-#endif
- X->len=MODBYTES_XXX;
- BIG_XXX_toBytes(X->val,x);
- }
- else
- BIG_XXX_fromBytes(x,X->val);
-
- if (type==0)
- {
- if (!ECP_ZZZ_fromOctet(&P,G)) res=MPIN_INVALID_POINT;
- }
- else
- {
- ECP_ZZZ_mapit(&P,G);
- }
-
- if (res==0)
- {
- PAIR_ZZZ_G1mul(&P,x);
- ECP_ZZZ_toOctet(W,&P,false);
- }
- return res;
-}
-
-/*
- if RNG == NULL then X is passed in
- if RNG != NULL the X is passed out
- W=x*G where G is point on the curve
- if type==1 W=(x^-1)G
-*/
-
-int MPIN_ZZZ_GET_G2_MULTIPLE(csprng *RNG,int type,octet *X,octet *G,octet *W)
-{
- ECP8_ZZZ P;
- BIG_XXX r,x;
- int res=0;
- BIG_XXX_rcopy(r,CURVE_Order_ZZZ);
- if (RNG!=NULL)
- {
- BIG_XXX_randomnum(x,r,RNG);
-#ifdef AES_S
- BIG_XXX_mod2m(x,2*AES_S);
-#endif
- X->len=MODBYTES_XXX;
- BIG_XXX_toBytes(X->val,x);
- }
- else
- {
- BIG_XXX_fromBytes(x,X->val);
- if (type==1) BIG_XXX_invmodp(x,x,r);
- }
-
- if (!ECP8_ZZZ_fromOctet(&P,G)) res=MPIN_INVALID_POINT;
-
- if (res==0)
- {
- PAIR_ZZZ_G2mul(&P,x);
- ECP8_ZZZ_toOctet(W,&P);
- }
- return res;
-}
-
-
-
-/* Client secret CST=s*H(CID) where CID is client ID and s is master secret */
-/* CID is hashed externally */
-int MPIN_ZZZ_GET_CLIENT_SECRET(octet *S,octet *CID,octet *CST)
-{
- return MPIN_ZZZ_GET_G1_MULTIPLE(NULL,1,S,CID,CST);
-}
-
-/* Implement step 1 on client side of MPin protocol */
-int MPIN_ZZZ_CLIENT_1(int sha,int date,octet *CLIENT_ID,csprng *RNG,octet *X,int pin,octet *TOKEN,octet *SEC,octet *xID,octet *xCID,octet *PERMIT)
-{
- BIG_XXX r,x;
- ECP_ZZZ P,T,W;
- int res=0;
- char h[MODBYTES_XXX];
- octet H= {0,sizeof(h),h};
-
- BIG_XXX_rcopy(r,CURVE_Order_ZZZ);
- if (RNG!=NULL)
- {
- BIG_XXX_randomnum(x,r,RNG);
-#ifdef AES_S
- BIG_XXX_mod2m(x,2*AES_S);
-#endif
- X->len=MODBYTES_XXX;
- BIG_XXX_toBytes(X->val,x);
- }
- else
- BIG_XXX_fromBytes(x,X->val);
-
- mhashit(sha,-1,CLIENT_ID,&H);
-
- ECP_ZZZ_mapit(&P,&H);
-
- if (!ECP_ZZZ_fromOctet(&T,TOKEN)) res=MPIN_INVALID_POINT;
-
- if (res==0)
- {
- pin%=MAXPIN;
-
- ECP_ZZZ_copy(&W,&P); // W=H(ID)
- ECP_ZZZ_pinmul(&W,pin,PBLEN); // W=alpha.H(ID)
- ECP_ZZZ_add(&T,&W); // T=Token+alpha.H(ID) = s.H(ID)
-
- if (date)
- {
- if (PERMIT!=NULL)
- {
- if (!ECP_ZZZ_fromOctet(&W,PERMIT)) res=MPIN_INVALID_POINT;
- ECP_ZZZ_add(&T,&W); // SEC=s.H(ID)+s.H(T|ID)
- }
- mhashit(sha,date,&H,&H);
-
- ECP_ZZZ_mapit(&W,&H);
- if (xID!=NULL)
- {
- PAIR_ZZZ_G1mul(&P,x); // P=x.H(ID)
- ECP_ZZZ_toOctet(xID,&P,false); // xID
- PAIR_ZZZ_G1mul(&W,x); // W=x.H(T|ID)
- ECP_ZZZ_add(&P,&W); //ECP_ZZZ_affine(&P);
- }
- else
- {
- ECP_ZZZ_add(&P,&W); //ECP_ZZZ_affine(&P);
- PAIR_ZZZ_G1mul(&P,x);
- }
- if (xCID!=NULL) ECP_ZZZ_toOctet(xCID,&P,false); // U
- }
- else
- {
- if (xID!=NULL)
- {
- PAIR_ZZZ_G1mul(&P,x); // P=x.H(ID)
- ECP_ZZZ_toOctet(xID,&P,false); // xID
- }
- }
- }
-
- if (res==0)
- {
- //ECP_ZZZ_affine(&T);
- ECP_ZZZ_toOctet(SEC,&T,false); // V
- }
- return res;
-}
-
-/* Extract Server Secret SST=S*Q where Q is fixed generator in G2 and S is master secret */
-int MPIN_ZZZ_GET_SERVER_SECRET(octet *S,octet *SST)
-{
- BIG_XXX r,s;
- ECP8_ZZZ Q;
- int res=0;
-
- BIG_XXX_rcopy(r,CURVE_Order_ZZZ);
-
- ECP8_ZZZ_generator(&Q);
-
- if (res==0)
- {
- BIG_XXX_fromBytes(s,S->val);
- PAIR_ZZZ_G2mul(&Q,s);
- ECP8_ZZZ_toOctet(SST,&Q);
- }
-
- return res;
-}
-
-
-/* Time Permit CTT=s*H(date|H(CID)) where s is master secret */
-int MPIN_ZZZ_GET_CLIENT_PERMIT(int sha,int date,octet *S,octet *CID,octet *CTT)
-{
- BIG_XXX s;
- ECP_ZZZ P;
- char h[MODBYTES_XXX];
- octet H= {0,sizeof(h),h};
-
- mhashit(sha,date,CID,&H);
-
- ECP_ZZZ_mapit(&P,&H);
-
-//printf("P= "); ECP_ZZZ_output(&P); printf("\n");
-//exit(0);
-
- BIG_XXX_fromBytes(s,S->val);
-
-
-
-//printf("s= "); BIG_XXX_output(s); printf("\n");
- PAIR_ZZZ_G1mul(&P,s);
-//printf("OP= "); ECP_ZZZ_output(&P); printf("\n");
-//
- ECP_ZZZ_toOctet(CTT,&P,false);
- return 0;
-}
-
-// if date=0 only use HID, set HCID=NULL
-// if date and PE, use HID and HCID
-
-/* Outputs H(CID) and H(CID)+H(T|H(CID)) for time permits. If no time permits set HTID=NULL */
-void MPIN_ZZZ_SERVER_1(int sha,int date,octet *CID,octet *HID,octet *HTID)
-{
- char h[MODBYTES_XXX];
- octet H= {0,sizeof(h),h};
- ECP_ZZZ P,R;
- BIG_XXX x;
-
-#ifdef USE_ANONYMOUS
- ECP_ZZZ_mapit(&P,CID);
-#else
- mhashit(sha,-1,CID,&H);
- ECP_ZZZ_mapit(&P,&H);
-#endif
-
- ECP_ZZZ_toOctet(HID,&P,false); // new
-
- if (date)
- {
- // if (HID!=NULL) ECP_ZZZ_toOctet(HID,&P,false);
-#ifdef USE_ANONYMOUS
- mhashit(sha,date,CID,&H);
-#else
- mhashit(sha,date,&H,&H);
-#endif
- ECP_ZZZ_mapit(&R,&H);
- ECP_ZZZ_add(&P,&R); //ECP_ZZZ_affine(&P);
- ECP_ZZZ_toOctet(HTID,&P,false);
- }
- //else ECP_ZZZ_toOctet(HID,&P,false);
-
-}
-
-/* Implement M-Pin on server side */
-int MPIN_ZZZ_SERVER_2(int date,octet *HID,octet *HTID,octet *Y,octet *SST,octet *xID,octet *xCID,octet *mSEC,octet *E,octet *F,octet *Pa)
-{
- BIG_XXX px,py,y;
- FP48_YYY g;
- ECP8_ZZZ Q,sQ;
- ECP_ZZZ P,R;
- int res=0;
-
- ECP8_ZZZ_generator(&Q);
-
- // key-escrow less scheme: use Pa instead of Q in pairing computation
- // Q left for backward compatiblity
- if (Pa!=NULL)
- {
- if (!ECP8_ZZZ_fromOctet(&Q, Pa)) res=MPIN_INVALID_POINT;
- }
-
-
- if (res==0)
- {
- if (!ECP8_ZZZ_fromOctet(&sQ,SST)) res=MPIN_INVALID_POINT;
- }
-
- if (res==0)
- {
- if (date)
- {
- //BIG_XXX_fromBytes(px,&(xCID->val[1]));
- //BIG_XXX_fromBytes(py,&(xCID->val[PFS_ZZZ+1]));
- if (!ECP_ZZZ_fromOctet(&R,xCID)) res=MPIN_INVALID_POINT;
- }
- else
- {
- //BIG_XXX_fromBytes(px,&(xID->val[1]));
- //BIG_XXX_fromBytes(py,&(xID->val[PFS_ZZZ+1]));
- if (!ECP_ZZZ_fromOctet(&R,xID)) res=MPIN_INVALID_POINT;
- }
- //if (!ECP_ZZZ_set(&R,px,py)) res=MPIN_INVALID_POINT; // x(A+AT)
- }
- if (res==0)
- {
- BIG_XXX_fromBytes(y,Y->val);
- if (date)
- {
- if (!ECP_ZZZ_fromOctet(&P,HTID)) res=MPIN_INVALID_POINT;
- }
- else
- {
- if (!ECP_ZZZ_fromOctet(&P,HID)) res=MPIN_INVALID_POINT;
- }
- }
- if (res==0)
- {
- PAIR_ZZZ_G1mul(&P,y); // y(A+AT)
- ECP_ZZZ_add(&P,&R); // x(A+AT)+y(A+T)
- //ECP_ZZZ_affine(&P);
- if (!ECP_ZZZ_fromOctet(&R,mSEC)) res=MPIN_INVALID_POINT; // V
- }
- if (res==0)
- {
-
- PAIR_ZZZ_double_ate(&g,&Q,&R,&sQ,&P);
- PAIR_ZZZ_fexp(&g);
-
- if (!FP48_YYY_isunity(&g))
- {
- if (HID!=NULL && xID!=NULL && E!=NULL && F !=NULL)
- {
- /* xID is set to NULL if there is no way to calculate PIN error */
- FP48_YYY_toOctet(E,&g);
-
- /* Note error is in the PIN, not in the time permit! Hence the need to exclude Time Permit from this check */
-
- if (date)
- {
- if (!ECP_ZZZ_fromOctet(&P,HID)) res=MPIN_INVALID_POINT;
- if (!ECP_ZZZ_fromOctet(&R,xID)) res=MPIN_INVALID_POINT; // U
-
- if (res==0)
- {
- PAIR_ZZZ_G1mul(&P,y); // yA
- ECP_ZZZ_add(&P,&R); // yA+xA
- //ECP_ZZZ_affine(&P);
- }
- }
- if (res==0)
- {
- PAIR_ZZZ_ate(&g,&Q,&P);
- PAIR_ZZZ_fexp(&g);
- FP48_YYY_toOctet(F,&g);
- }
- }
- res=MPIN_BAD_PIN;
- }
- }
-
- return res;
-}
-
-#if MAXPIN==10000
-#define MR_TS 10 /* 2^10/10 approx = sqrt(MAXPIN) */
-#define TRAP 200 /* 2*sqrt(MAXPIN) */
-#endif
-
-#if MAXPIN==1000000
-#define MR_TS 14
-#define TRAP 2000
-#endif
-
-/* Pollards kangaroos used to return PIN error */
-int MPIN_ZZZ_KANGAROO(octet *E,octet *F)
-{
- int i,j,m,s,dn,dm,steps;
- int distance[MR_TS];
- FP48_YYY ge,gf,t,table[MR_TS];
- int res=0;
- // BIG_XXX w;
-
- FP48_YYY_fromOctet(&ge,E);
- FP48_YYY_fromOctet(&gf,F);
-
- FP48_YYY_copy(&t,&gf);
-
- for (s=1,m=0; m<MR_TS; m++)
- {
- distance[m]=s;
- FP48_YYY_copy(&table[m],&t);
- s*=2;
- FP48_YYY_usqr(&t,&t);
- FP48_YYY_reduce(&t);
- }
-
- FP48_YYY_one(&t);
-
- for (dn=0,j=0; j<TRAP; j++)
- {
-
- //BIG_XXX_copy(w,t.a.a.a);
- //FP_YYY_redc(w);
- //i=BIG_XXX_lastbits(w,20)%MR_TS;
-
- i=t.a.a.a.a.a.g[0]%MR_TS;
-
- FP48_YYY_mul(&t,&table[i]);
- FP48_YYY_reduce(&t);
- dn+=distance[i];
- }
-
- FP48_YYY_conj(&gf,&t);
- steps=0;
- dm=0;
- while (dm-dn<MAXPIN)
- {
- steps++;
- if (steps>4*TRAP) break;
-
- //BIG_XXX_copy(w,ge.a.a.a);
- //FP_YYY_redc(w);
- //i=BIG_XXX_lastbits(w,20)%MR_TS;
-
- i=ge.a.a.a.a.a.g[0]%MR_TS;
-
- FP48_YYY_mul(&ge,&table[i]);
- FP48_YYY_reduce(&ge);
- dm+=distance[i];
- if (FP48_YYY_equals(&ge,&t))
- {
- res=dm-dn;
- break;
- }
- if (FP48_YYY_equals(&ge,&gf))
- {
- res=dn-dm;
- break;
- }
- }
- if (steps>4*TRAP || dm-dn>=MAXPIN)
- {
- res=0; /* Trap Failed - probable invalid token */
- }
-
- return res;
-}
-
-/* Functions to support M-Pin Full */
-
-int MPIN_ZZZ_PRECOMPUTE(octet *TOKEN,octet *CID,octet *CP,octet *G1,octet *G2)
-{
- ECP_ZZZ P,T;
- ECP8_ZZZ Q;
- FP48_YYY g;
- BIG_XXX x;
- int res=0;
-
- if (!ECP_ZZZ_fromOctet(&T,TOKEN)) res=MPIN_INVALID_POINT;
-
- if (res==0)
- {
- ECP_ZZZ_mapit(&P,CID);
- if (CP!=NULL)
- {
- if (!ECP8_ZZZ_fromOctet(&Q,CP)) res=MPIN_INVALID_POINT;
- }
- else
- {
- ECP8_ZZZ_generator(&Q);
- }
- }
- if (res==0)
- {
- PAIR_ZZZ_ate(&g,&Q,&T);
- PAIR_ZZZ_fexp(&g);
-
- FP48_YYY_toOctet(G1,&g);
- if (G2!=NULL)
- {
- PAIR_ZZZ_ate(&g,&Q,&P);
- PAIR_ZZZ_fexp(&g);
- FP48_YYY_toOctet(G2,&g);
- }
- }
- return res;
-}
-
-/* calculate common key on client side */
-/* wCID = w.(A+AT) */
-int MPIN_ZZZ_CLIENT_KEY(int sha,octet *G1,octet *G2,int pin,octet *R,octet *X,octet *H,octet *wCID,octet *CK)
-{
- FP48_YYY g1,g2;
- FP16_YYY c;//,cp,cpm1,cpm2;
-
- ECP_ZZZ W;
- int res=0;
- BIG_XXX r,z,x,h;//q,m,a,b;
-
- FP48_YYY_fromOctet(&g1,G1);
- FP48_YYY_fromOctet(&g2,G2);
- BIG_XXX_fromBytes(z,R->val);
- BIG_XXX_fromBytes(x,X->val);
- BIG_XXX_fromBytes(h,H->val);
-
- if (!ECP_ZZZ_fromOctet(&W,wCID)) res=MPIN_INVALID_POINT;
-
- if (res==0)
- {
- BIG_XXX_rcopy(r,CURVE_Order_ZZZ);
- BIG_XXX_add(z,z,h); // new
- BIG_XXX_mod(z,r);
-
- FP48_YYY_pinpow(&g2,pin,PBLEN);
- FP48_YYY_mul(&g1,&g2);
-
- PAIR_ZZZ_G1mul(&W,x);
-
- FP48_YYY_compow(&c,&g1,z,r);
- mpin_hash(sha,&c,&W,CK);
-
- }
- return res;
-}
-
-/* calculate common key on server side */
-/* Z=r.A - no time permits involved */
-
-int MPIN_ZZZ_SERVER_KEY(int sha,octet *Z,octet *SST,octet *W,octet *H,octet *HID,octet *xID,octet *xCID,octet *SK)
-{
- int res=0;
- FP48_YYY g;
- FP16_YYY c;
- ECP_ZZZ R,U,A;
- ECP8_ZZZ sQ;
- BIG_XXX w,h;
-
- if (!ECP8_ZZZ_fromOctet(&sQ,SST)) res=MPIN_INVALID_POINT;
- if (!ECP_ZZZ_fromOctet(&R,Z)) res=MPIN_INVALID_POINT;
-
-
- if (!ECP_ZZZ_fromOctet(&A,HID)) res=MPIN_INVALID_POINT;
-
- // new
- if (xCID!=NULL)
- {
- if (!ECP_ZZZ_fromOctet(&U,xCID)) res=MPIN_INVALID_POINT;
- }
- else
- {
- if (!ECP_ZZZ_fromOctet(&U,xID)) res=MPIN_INVALID_POINT;
- }
- BIG_XXX_fromBytes(w,W->val);
- BIG_XXX_fromBytes(h,H->val);
-
-
- PAIR_ZZZ_ate(&g,&sQ,&A);
- PAIR_ZZZ_fexp(&g);
-
- if (res==0)
- {
- PAIR_ZZZ_G1mul(&A,h);
- ECP_ZZZ_add(&R,&A); // new
- //ECP_ZZZ_affine(&R);
- PAIR_ZZZ_ate(&g,&sQ,&R);
- PAIR_ZZZ_fexp(&g);
- PAIR_ZZZ_G1mul(&U,w);
- FP48_YYY_trace(&c,&g);
- mpin_hash(sha,&c,&U,SK);
- }
- return res;
-}
-
-/* Generate Y = H(TimeValue, xCID/xID) */
-void MPIN_ZZZ_GET_Y(int sha,int TimeValue,octet *xCID,octet *Y)
-{
- BIG_XXX q,y;
- char h[MODBYTES_XXX];
- octet H= {0,sizeof(h),h};
-
- mhashit(sha,TimeValue,xCID,&H);
- BIG_XXX_fromBytes(y,H.val);
- BIG_XXX_rcopy(q,CURVE_Order_ZZZ);
- BIG_XXX_mod(y,q);
- BIG_XXX_toBytes(Y->val,y);
- Y->len=PGS_ZZZ;
-}
-
-/* One pass MPIN Client */
-int MPIN_ZZZ_CLIENT(int sha,int date,octet *ID,csprng *RNG,octet *X,int pin,octet *TOKEN,octet *V,octet *U,octet *UT,octet *TP,octet *MESSAGE,int TimeValue,octet *Y)
-{
- int rtn=0;
- char m[M_SIZE_ZZZ];
- octet M= {0,sizeof(m),m};
-
- octet *pID;
- if (date == 0)
- pID = U;
- else
- pID = UT;
-
- rtn = MPIN_ZZZ_CLIENT_1(sha,date,ID,RNG,X,pin,TOKEN,V,U,UT,TP);
- if (rtn != 0)
- return rtn;
-
- OCT_joctet(&M,pID);
- if (MESSAGE!=NULL)
- {
- OCT_joctet(&M,MESSAGE);
- }
-
- MPIN_ZZZ_GET_Y(sha,TimeValue,&M,Y);
-
- rtn = MPIN_ZZZ_CLIENT_2(X,Y,V);
- if (rtn != 0)
- return rtn;
-
- return 0;
-}
-
-/* One pass MPIN Server */
-int MPIN_ZZZ_SERVER(int sha,int date,octet *HID,octet *HTID,octet *Y,octet *sQ,octet *U,octet *UT,octet *V,octet *E,octet *F,octet *ID,octet *MESSAGE,int TimeValue, octet *Pa)
-{
- int rtn=0;
- char m[M_SIZE_ZZZ];
- octet M= {0,sizeof(m),m};
-
- octet *pU;
- if (date == 0)
- pU = U;
- else
- pU = UT;
-
- MPIN_ZZZ_SERVER_1(sha,date,ID,HID,HTID);
-
- OCT_joctet(&M,pU);
- if (MESSAGE!=NULL)
- {
- OCT_joctet(&M,MESSAGE);
- }
-
- MPIN_ZZZ_GET_Y(sha,TimeValue,&M,Y);
-
- rtn = MPIN_ZZZ_SERVER_2(date,HID,HTID,Y,sQ,U,UT,V,E,F,Pa);
- if (rtn != 0)
- return rtn;
-
- return 0;
-}
-
-int MPIN_ZZZ_GET_DVS_KEYPAIR(csprng *R,octet *Z,octet *Pa)
-{
- BIG_XXX z,r;
- ECP8_ZZZ Q;
- int res=0;
-
- BIG_XXX_rcopy(r,CURVE_Order_ZZZ);
-
- if (R!=NULL)
- {
- BIG_XXX_randomnum(z,r,R);
- Z->len=MODBYTES_XXX;
- BIG_XXX_toBytes(Z->val,z);
- }
- else
- BIG_XXX_fromBytes(z,Z->val);
-
- BIG_XXX_invmodp(z,z,r);
-
- ECP8_ZZZ_generator(&Q);
-
- if (res==0)
- {
- PAIR_ZZZ_G2mul(&Q,z);
- ECP8_ZZZ_toOctet(Pa,&Q);
- }
-
- return res;
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/mpin256.h
----------------------------------------------------------------------
diff --git a/version3/c/mpin256.h b/version3/c/mpin256.h
deleted file mode 100644
index 46ba21a..0000000
--- a/version3/c/mpin256.h
+++ /dev/null
@@ -1,339 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/**
- * @file mpin.h
- * @author Mike Scott and Kealan McCusker
- * @date 2nd June 2015
- * @brief M-Pin Header file
- *
- * Allows some user configuration
- * defines structures
- * declares functions
- *
- */
-
-#ifndef MPIN_ZZZ_H
-#define MPIN_ZZZ_H
-
-#include "pair256_ZZZ.h"
-#include "pbc_support.h"
-
-
-/* Field size is assumed to be greater than or equal to group size */
-
-#define PGS_ZZZ MODBYTES_XXX /**< MPIN Group Size */
-#define PFS_ZZZ MODBYTES_XXX /**< MPIN Field Size */
-
-#define MPIN_OK 0 /**< Function completed without error */
-#define MPIN_INVALID_POINT -14 /**< Point is NOT on the curve */
-#define MPIN_BAD_PIN -19 /**< Bad PIN number entered */
-
-#define MAXPIN 10000 /**< max PIN */
-#define PBLEN 14 /**< max length of PIN in bits */
-
-//#define PAS_ZZZ 24 /**< MPIN Symmetric Key Size 192 bits */
-//#define HASH_TYPE_MPIN_ZZZ SHA384 /**< Choose Hash function */
-
-#define MESSAGE_SIZE 256 /**< Signature message size */
-#define M_SIZE_ZZZ (MESSAGE_SIZE+2*PFS_ZZZ+1) /**< Signature message size and G1 size */
-
-/* MPIN support functions */
-
-/* MPIN primitives */
-
-
-void MPIN_ZZZ_GET_Y(int h,int t,octet *O,octet *Y);
-/** @brief Extract a PIN number from a client secret
- *
- @param h is the hash type
- @param ID is the input client identity
- @param factor is an input factor
- @param facbits is the number of bits in the factor
- @param CS is the client secret from which the factor is to be extracted
- @return 0 or an error code
- */
-int MPIN_ZZZ_EXTRACT_FACTOR(int h,octet *ID,int factor,int facbits,octet *CS);
-
-/** @brief Extract a PIN number from a client secret
- *
- @param h is the hash type
- @param ID is the input client identity
- @param factor is an input factor
- @param facbits is the number of bits in the factor
- @param CS is the client secret to which the factor is to be added
- @return 0 or an error code
- */
-int MPIN_ZZZ_RESTORE_FACTOR(int h,octet *ID,int factor,int facbits,octet *CS);
-
-
-/** @brief Extract a PIN number from a client secret
- *
- @param h is the hash type
- @param ID is the input client identity
- @param pin is an input PIN number
- @param CS is the client secret from which the PIN is to be extracted
- @return 0 or an error code
- */
-int MPIN_ZZZ_EXTRACT_PIN(int h,octet *ID,int pin,octet *CS);
-
-/** @brief Perform client side of the one-pass version of the M-Pin protocol
- *
- If Time Permits are disabled, set d = 0, and UT is not generated and can be set to NULL.
- If Time Permits are enabled, and PIN error detection is OFF, U is not generated and can be set to NULL.
- If Time Permits are enabled, and PIN error detection is ON, U and UT are both generated.
- @param h is the hash type
- @param d is input date, in days since the epoch. Set to 0 if Time permits disabled
- @param ID is the input client identity
- @param R is a pointer to a cryptographically secure random number generator
- @param x an output internally randomly generated if R!=NULL, otherwise must be provided as an input
- @param pin is the input PIN number
- @param T is the input M-Pin token (the client secret with PIN portion removed)
- @param V is output = -(x+y)(CS+TP), where CS is the reconstructed client secret, and TP is the time permit
- @param U is output = x.H(ID)
- @param UT is output = x.(H(ID)+H(d|H(ID)))
- @param TP is the input time permit
- @param MESSAGE is the message to be signed
- @param t is input epoch time in seconds - a timestamp
- @param y is output H(t|U) or H(t|UT) if Time Permits enabled
- @return 0 or an error code
- */
-int MPIN_ZZZ_CLIENT(int h,int d,octet *ID,csprng *R,octet *x,int pin,octet *T,octet *V,octet *U,octet *UT,octet *TP, octet* MESSAGE, int t, octet *y);
-/** @brief Perform first pass of the client side of the 3-pass version of the M-Pin protocol
- *
- If Time Permits are disabled, set d = 0, and UT is not generated and can be set to NULL.
- If Time Permits are enabled, and PIN error detection is OFF, U is not generated and can be set to NULL.
- If Time Permits are enabled, and PIN error detection is ON, U and UT are both generated.
- @param h is the hash type
- @param d is input date, in days since the epoch. Set to 0 if Time permits disabled
- @param ID is the input client identity
- @param R is a pointer to a cryptographically secure random number generator
- @param x an output internally randomly generated if R!=NULL, otherwise must be provided as an input
- @param pin is the input PIN number
- @param T is the input M-Pin token (the client secret with PIN portion removed)
- @param S is output = CS+TP, where CS=is the reconstructed client secret, and TP is the time permit
- @param U is output = x.H(ID)
- @param UT is output = x.(H(ID)+H(d|H(ID)))
- @param TP is the input time permit
- @return 0 or an error code
- */
-int MPIN_ZZZ_CLIENT_1(int h,int d,octet *ID,csprng *R,octet *x,int pin,octet *T,octet *S,octet *U,octet *UT,octet *TP);
-/** @brief Generate a random group element
- *
- @param R is a pointer to a cryptographically secure random number generator
- @param S is the output random octet
- @return 0 or an error code
- */
-int MPIN_ZZZ_RANDOM_GENERATE(csprng *R,octet *S);
-/** @brief Perform second pass of the client side of the 3-pass version of the M-Pin protocol
- *
- @param x an input, a locally generated random number
- @param y an input random challenge from the server
- @param V on output = -(x+y).V
- @return 0 or an error code
- */
-int MPIN_ZZZ_CLIENT_2(octet *x,octet *y,octet *V);
-/** @brief Perform server side of the one-pass version of the M-Pin protocol
- *
- If Time Permits are disabled, set d = 0, and UT and HTID are not generated and can be set to NULL.
- If Time Permits are enabled, and PIN error detection is OFF, U and HID are not needed and can be set to NULL.
- If Time Permits are enabled, and PIN error detection is ON, U, UT, HID and HTID are all required.
- @param h is the hash type
- @param d is input date, in days since the epoch. Set to 0 if Time permits disabled
- @param HID is output H(ID), a hash of the client ID
- @param HTID is output H(ID)+H(d|H(ID))
- @param y is output H(t|U) or H(t|UT) if Time Permits enabled
- @param SS is the input server secret
- @param U is input from the client = x.H(ID)
- @param UT is input from the client= x.(H(ID)+H(d|H(ID)))
- @param V is an input from the client
- @param E is an output to help the Kangaroos to find the PIN error, or NULL if not required
- @param F is an output to help the Kangaroos to find the PIN error, or NULL if not required
- @param ID is the input claimed client identity
- @param MESSAGE is the message to be signed
- @param t is input epoch time in seconds - a timestamp
- @param Pa is input from the client z.Q or NULL if the key-escrow less scheme is not used
- @return 0 or an error code
- */
-int MPIN_ZZZ_SERVER(int h,int d,octet *HID,octet *HTID,octet *y,octet *SS,octet *U,octet *UT,octet *V,octet *E,octet *F,octet *ID,octet *MESSAGE, int t, octet *Pa);
-/** @brief Perform first pass of the server side of the 3-pass version of the M-Pin protocol
- *
- @param h is the hash type
- @param d is input date, in days since the epoch. Set to 0 if Time permits disabled
- @param ID is the input claimed client identity
- @param HID is output H(ID), a hash of the client ID
- @param HTID is output H(ID)+H(d|H(ID))
- @return 0 or an error code
- */
-void MPIN_ZZZ_SERVER_1(int h,int d,octet *ID,octet *HID,octet *HTID);
-/** @brief Perform third pass on the server side of the 3-pass version of the M-Pin protocol
- *
- If Time Permits are disabled, set d = 0, and UT and HTID are not needed and can be set to NULL.
- If Time Permits are enabled, and PIN error detection is OFF, U and HID are not needed and can be set to NULL.
- If Time Permits are enabled, and PIN error detection is ON, U, UT, HID and HTID are all required.
- @param d is input date, in days since the epoch. Set to 0 if Time permits disabled
- @param HID is input H(ID), a hash of the client ID
- @param HTID is input H(ID)+H(d|H(ID))
- @param y is the input server's randomly generated challenge
- @param SS is the input server secret
- @param U is input from the client = x.H(ID)
- @param UT is input from the client= x.(H(ID)+H(d|H(ID)))
- @param V is an input from the client
- @param E is an output to help the Kangaroos to find the PIN error, or NULL if not required
- @param F is an output to help the Kangaroos to find the PIN error, or NULL if not required
- @param Pa is the input public key from the client, z.Q or NULL if the client uses regular mpin
- @return 0 or an error code
- */
-int MPIN_ZZZ_SERVER_2(int d,octet *HID,octet *HTID,octet *y,octet *SS,octet *U,octet *UT,octet *V,octet *E,octet *F,octet *Pa);
-/** @brief Add two members from the group G1
- *
- @param Q1 an input member of G1
- @param Q2 an input member of G1
- @param Q an output member of G1 = Q1+Q2
- @return 0 or an error code
- */
-int MPIN_ZZZ_RECOMBINE_G1(octet *Q1,octet *Q2,octet *Q);
-/** @brief Add two members from the group G2
- *
- @param P1 an input member of G2
- @param P2 an input member of G2
- @param P an output member of G2 = P1+P2
- @return 0 or an error code
- */
-int MPIN_ZZZ_RECOMBINE_G2(octet *P1,octet *P2,octet *P);
-/** @brief Use Kangaroos to find PIN error
- *
- @param E a member of the group GT
- @param F a member of the group GT = E^e
- @return 0 if Kangaroos failed, or the PIN error e
- */
-int MPIN_ZZZ_KANGAROO(octet *E,octet *F);
-/** @brief Encoding of a Time Permit to make it indistinguishable from a random string
- *
- @param R is a pointer to a cryptographically secure random number generator
- @param TP is the input time permit, obfuscated on output
- @return 0 or an error code
- */
-int MPIN_ZZZ_ENCODING(csprng *R,octet *TP);
-/** @brief Encoding of an obfuscated Time Permit
- *
- @param TP is the input obfuscated time permit, restored on output
- @return 0 or an error code
- */
-int MPIN_ZZZ_DECODING(octet *TP);
-
-/** @brief Find a random multiple of a point in G1
- *
- @param R is a pointer to a cryptographically secure random number generator
- @param type determines type of action to be taken
- @param x an output internally randomly generated if R!=NULL, otherwise must be provided as an input
- @param G if type=0 a point in G1, else an octet to be mapped to G1
- @param W the output =x.G or x.M(G), where M(.) is a mapping
- @return 0 or an error code
- */
-int MPIN_ZZZ_GET_G1_MULTIPLE(csprng *R,int type,octet *x,octet *G,octet *W);
-/** @brief Find a random multiple of a point in G1
- *
- @param R is a pointer to a cryptographically secure random number generator
- @param type determines type of action to betaken
- @param x an output internally randomly generated if R!=NULL, otherwise must be provided as an input
- @param G a point in G2
- @param W the output =x.G or (1/x).G
- @return 0 or an error code
- */
-int MPIN_ZZZ_GET_G2_MULTIPLE(csprng *R,int type,octet *x,octet *G,octet *W);
-
-/** @brief Create a client secret in G1 from a master secret and the client ID
- *
- @param S is an input master secret
- @param ID is the input client identity
- @param CS is the full client secret = s.H(ID)
- @return 0 or an error code
- */
-int MPIN_ZZZ_GET_CLIENT_SECRET(octet *S,octet *ID,octet *CS);
-/** @brief Create a Time Permit in G1 from a master secret and the client ID
- *
- @param h is the hash type
- @param d is input date, in days since the epoch.
- @param S is an input master secret
- @param ID is the input client identity
- @param TP is a Time Permit for the given date = s.H(d|H(ID))
- @return 0 or an error code
- */
-int MPIN_ZZZ_GET_CLIENT_PERMIT(int h,int d,octet *S,octet *ID,octet *TP);
-/** @brief Create a server secret in G2 from a master secret
- *
- @param S is an input master secret
- @param SS is the server secret = s.Q where Q is a fixed generator of G2
- @return 0 or an error code
- */
-int MPIN_ZZZ_GET_SERVER_SECRET(octet *S,octet *SS);
-/* int MPIN_TEST_PAIRING(octet *,octet *); */
-
-/* For M-Pin Full */
-/** @brief Precompute values for use by the client side of M-Pin Full
- *
- @param T is the input M-Pin token (the client secret with PIN portion removed)
- @param ID is the input client identity
- @param CP is Public Key (or NULL)
- @param g1 precomputed output
- @param g2 precomputed output
- @return 0 or an error code
- */
-int MPIN_ZZZ_PRECOMPUTE(octet *T,octet *ID,octet *CP,octet *g1,octet *g2);
-/** @brief Calculate Key on Server side for M-Pin Full
- *
- Uses UT internally for the key calculation, unless not available in which case U is used
- @param h is the hash type
- @param Z is the input Client-side Diffie-Hellman component
- @param SS is the input server secret
- @param w is an input random number generated by the server
- @param p is an input, hash of the protocol transcript
- @param I is the hashed input client ID = H(ID)
- @param U is input from the client = x.H(ID)
- @param UT is input from the client= x.(H(ID)+H(d|H(ID)))
- @param K is the output calculated shared key
- @return 0 or an error code
- */
-int MPIN_ZZZ_SERVER_KEY(int h,octet *Z,octet *SS,octet *w,octet *p,octet *I,octet *U,octet *UT,octet *K);
-/** @brief Calculate Key on Client side for M-Pin Full
- *
- @param h is the hash type
- @param g1 precomputed input
- @param g2 precomputed input
- @param pin is the input PIN number
- @param r is an input, a locally generated random number
- @param x is an input, a locally generated random number
- @param p is an input, hash of the protocol transcript
- @param T is the input Server-side Diffie-Hellman component
- @param K is the output calculated shared key
- @return 0 or an error code
- */
-int MPIN_ZZZ_CLIENT_KEY(int h,octet *g1,octet *g2,int pin,octet *r,octet *x,octet *p,octet *T,octet *K);
-
-/** @brief Generates a random public key for the client z.Q
- *
- @param R is a pointer to a cryptographically secure random number generator
- @param Z an output internally randomly generated if R!=NULL, otherwise it must be provided as an input
- @param Pa the output public key for the client
- */
-int MPIN_ZZZ_GET_DVS_KEYPAIR(csprng *R,octet *Z,octet *Pa);
-
-#endif
-
[07/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_BLS461.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_field_BLS461.c b/version3/c/rom_field_BLS461.c
deleted file mode 100644
index c2e561a..0000000
--- a/version3/c/rom_field_BLS461.c
+++ /dev/null
@@ -1,31 +0,0 @@
-#include "arch.h"
-#include "fp_BLS461.h"
-
-/* Curve BLS461 - Pairing friendly BLS curve */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-// Base Bits= 28
-const BIG_464_28 Modulus_BLS461= {0xAAAAAAB,0xAC0000A,0x54AAAAA,0x5555,0x400020,0x91557F0,0xF26AA,0xFA5C1CC,0xB42A8DF,0x7B14848,0x8BACCA4,0x6F1E32D,0x4935FBD,0x55D6941,0xD5A555A,0x5545554,0x1555};
-const BIG_464_28 R2modp_BLS461= {0xC9B6A33,0x2ECD087,0x3CCB2B1,0xCD461FE,0x8CB5AB2,0xC5B9635,0x5312E92,0xB659F64,0x3B596FA,0x8679006,0xA92E2B3,0x3CE05E3,0x363550F,0x7C07A8E,0x382C083,0x6347FEA,0xBD};
-const chunk MConst_BLS461= 0xFFFFFFD;
-const BIG_464_28 Fra_BLS461= {0xB812A3A,0x7117BF9,0x99C400F,0xC6308A5,0x5BF8A1,0x510E075,0x45FA5A6,0xCE4858D,0x770B31A,0xBC2CB04,0xE2FC61E,0xD073588,0x4366190,0x4DFEFA8,0x69E55E2,0x504B7F,0x12E4};
-const BIG_464_28 Frb_BLS461= {0xF298071,0x3AE8410,0xBAE6A9B,0x39D4CAF,0xFE4077E,0x404777A,0xBAF8104,0x2C13C3E,0x3D1F5C5,0xBEE7D44,0xA8B0685,0x9EAADA4,0x5CFE2C,0x7D7999,0x6BBFF78,0x50409D5,0x271};
-
-#endif
-
-#if CHUNK==64
-// Base Bits=60
-const BIG_464_60 Modulus_BLS461= {0xAAC0000AAAAAAABL,0x20000555554AAAAL,0x6AA91557F004000L,0xA8DFFA5C1CC00F2L,0xACCA47B14848B42L,0x935FBD6F1E32D8BL,0xD5A555A55D69414L,0x15555545554L};
-const BIG_464_60 R2modp_BLS461= {0x96D08774614DDA8L,0xCD45F539225D5BDL,0xD712EB760C95AB1L,0xB3B687155F30B55L,0xC4E62A05C3F5B81L,0xBA1151676CA3CD0L,0x7EDD8A958F442BEL,0x12B89DD3F91L};
-const chunk MConst_BLS461= 0xC0005FFFFFFFDL;
-const BIG_464_60 Fra_BLS461= {0xF7117BF9B812A3AL,0xA1C6308A599C400L,0x5A6510E07505BF8L,0xB31ACE4858D45FAL,0xFC61EBC2CB04770L,0x366190D073588E2L,0x69E55E24DFEFA84L,0x12E40504B7FL};
-const BIG_464_60 Frb_BLS461= {0xB3AE8410F298071L,0x7E39D4CAFBAE6A9L,0x104404777AFE407L,0xF5C52C13C3EBAF8L,0xB0685BEE7D443D1L,0x5CFE2C9EAADA4A8L,0x6BBFF7807D79990L,0x27150409D5L};
-
-
-#endif
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_BLS48.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_field_BLS48.c b/version3/c/rom_field_BLS48.c
deleted file mode 100644
index 5bf4488..0000000
--- a/version3/c/rom_field_BLS48.c
+++ /dev/null
@@ -1,32 +0,0 @@
-#include "arch.h"
-#include "fp_BLS48.h"
-
-/* Curve BLS48 - Pairing friendly BLS48 curve */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-
-// Base Bits= 29
-const BIG_560_29 Modulus_BLS48= {0x1CF6AC0B,0x17B7307F,0x19877E7B,0x12CE0134,0x14228402,0x1BD4C386,0x1DACBB04,0x40410D0,0x25A415,0x980B53E,0xDE6E250,0x15D9AAD6,0x5DA950,0x1029B7A,0x54AB351,0x14AD90CE,0x3729047,0x1FE7E2D9,0x145F610B,0x1F};
-const BIG_560_29 R2modp_BLS48= {0xD59D0FA,0x12F01FD0,0xDE8FD41,0x35AAEE1,0xB937F48,0x50700E8,0x1F50EFCE,0x1019B13C,0x3470A2F,0x11094115,0xF9FB72D,0x6AD10E2,0x1CFD9F8,0x44F4785,0x2B48793,0x1148ED3,0xF609E61,0x1EE34BC7,0x1735D29E,0x0};
-const chunk MConst_BLS48= 0x9DA805D;
-const BIG_560_29 Fra_BLS48= {0x1325BF89,0x1311E7EC,0xCD0A56F,0x1A0FD46E,0xE83BCCA,0xCA97DD0,0x18D1D297,0x5F1E137,0x7AB9F2C,0x13FC255F,0x1C9DECEB,0x9DEF4A2,0x3C0F60B,0x1D9909E4,0x1FF27FF7,0x1DBF8208,0x89BB36C,0x40044E0,0x62E01EE,0x5};
-const BIG_560_29 Frb_BLS48= {0x1325BF89,0x1311E7EC,0xCD0A56F,0x1A0FD46E,0xE83BCCA,0xCA97DD0,0x18D1D297,0x5F1E137,0x7AB9F2C,0x13FC255F,0x1C9DECEB,0x9DEF4A2,0x3C0F60B,0x1D9909E4,0x1FF27FF7,0x1DBF8208,0x89BB36C,0x40044E0,0x62E01EE,0x5};
-
-#endif
-
-#if CHUNK==64
-
-// Base Bits= 58
-const BIG_560_58 Modulus_BLS48= {0x2F6E60FFCF6AC0BL,0x259C02699877E7BL,0x37A9870D4228402L,0x80821A1DACBB04L,0x13016A7C025A415L,0x2BB355ACDE6E250L,0x20536F405DA950L,0x295B219C54AB351L,0x3FCFC5B23729047L,0x3F45F610BL};
-const BIG_560_58 R2modp_BLS48= {0x25E03FA0D59D0FAL,0x6B55DC2DE8FD41L,0xA0E01D0B937F48L,0x20336279F50EFCEL,0x2212822A3470A2FL,0xD5A21C4F9FB72DL,0x89E8F0A1CFD9F8L,0x2291DA62B48793L,0x3DC6978EF609E61L,0x1735D29EL};
-const chunk MConst_BLS48= 0x21BFCBCA9DA805DL;
-const BIG_560_58 Fra_BLS48= {0x2623CFD9325BF89L,0x341FA8DCCD0A56FL,0x1952FBA0E83BCCAL,0xBE3C26F8D1D297L,0x27F84ABE7AB9F2CL,0x13BDE945C9DECEBL,0x3B3213C83C0F60BL,0x3B7F0411FF27FF7L,0x80089C089BB36CL,0xA62E01EEL};
-const BIG_560_58 Frb_BLS48= {0x2623CFD9325BF89L,0x341FA8DCCD0A56FL,0x1952FBA0E83BCCAL,0xBE3C26F8D1D297L,0x27F84ABE7AB9F2CL,0x13BDE945C9DECEBL,0x3B3213C83C0F60BL,0x3B7F0411FF27FF7L,0x80089C089BB36CL,0xA62E01EEL};
-
-#endif
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_BN254.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_field_BN254.c b/version3/c/rom_field_BN254.c
deleted file mode 100644
index c244a87..0000000
--- a/version3/c/rom_field_BN254.c
+++ /dev/null
@@ -1,37 +0,0 @@
-#include "arch.h"
-#include "fp_BN254.h"
-
-/* Curve BN254 - Pairing friendly BN curve */
-
-/* Nogami's fast curve */
-
-#if CHUNK==16
-
-// Base Bits= 13
-const BIG_256_13 Modulus_BN254= {0x13,0x0,0x0,0x0,0x1A70,0x9,0x0,0x0,0x100,0x309,0x2,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A};
-const BIG_256_13 R2modp_BN254= {0xF32,0x239,0x14DC,0xCE8,0x928,0x11B6,0x130F,0x1183,0x56E,0x1AEE,0x124F,0xD2A,0x7F8,0x1CE6,0x1B50,0x77C,0x3A,0x1A9E,0x1EFD,0x1C};
-const chunk MConst_BN254= 0x15E5;
-const BIG_256_13 Fra_BN254= {0xDE9,0x1953,0x101B,0x1BCD,0xE17,0x1BE1,0x14FD,0x1249,0x974,0x1C28,0x54F,0x108D,0x150A,0x4CD,0x12D9,0xF91,0x12E,0x10C9,0xDDD,0x36};
-const BIG_256_13 Frb_BN254= {0x122A,0x6AC,0xFE4,0x432,0xC58,0x428,0xB02,0xDB6,0x178B,0x6E0,0x1AB2,0xF72,0x2F5,0x1559,0x140F,0x106E,0x1ED1,0x1348,0x1AFB,0x13};
-
-#endif
-
-#if CHUNK==32
-// Base Bits= 28
-const BIG_256_28 Modulus_BN254= {0x13,0x0,0x13A7,0x0,0x86121,0x8000000,0x1BA344D,0x4000000,0x5236482,0x2};
-const BIG_256_28 R2modp_BN254= {0xF5E7E39,0x2F2A96F,0xB96F13C,0x64E8642,0xC7146,0x9926F7B,0x4DACD24,0x8321E7B,0xD127A2E,0x1};
-const chunk MConst_BN254= 0x79435E5;
-const BIG_256_28 Fra_BN254= {0xF2A6DE9,0x7DE6C06,0xF77C2E1,0x74924D3,0x53F8509,0x50A8469,0xCB6499B,0x212E7C8,0xB377619,0x1};
-const BIG_256_28 Frb_BN254= {0xD5922A,0x82193F9,0x8850C5,0x8B6DB2C,0xAC8DC17,0x2F57B96,0x503EAB2,0x1ED1837,0x9EBEE69,0x0};
-
-#endif
-
-#if CHUNK==64
-// Base Bits= 56
-const BIG_256_56 Modulus_BN254= {0x13L,0x13A7L,0x80000000086121L,0x40000001BA344DL,0x25236482L};
-const BIG_256_56 R2modp_BN254= {0x2F2A96FF5E7E39L,0x64E8642B96F13CL,0x9926F7B00C7146L,0x8321E7B4DACD24L,0x1D127A2EL};
-const chunk MConst_BN254= 0x435E50D79435E5L;
-const BIG_256_56 Fra_BN254= {0x7DE6C06F2A6DE9L,0x74924D3F77C2E1L,0x50A846953F8509L,0x212E7C8CB6499BL,0x1B377619L};
-const BIG_256_56 Frb_BN254= {0x82193F90D5922AL,0x8B6DB2C08850C5L,0x2F57B96AC8DC17L,0x1ED1837503EAB2L,0x9EBEE69L};
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_BN254CX.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_field_BN254CX.c b/version3/c/rom_field_BN254CX.c
deleted file mode 100644
index 1209f0c..0000000
--- a/version3/c/rom_field_BN254CX.c
+++ /dev/null
@@ -1,38 +0,0 @@
-#include "arch.h"
-#include "fp_BN254CX.h"
-
-/* Curve BN254CX - Pairing friendly BN curve */
-
-/* CertiVox BN curve/field */
-
-#if CHUNK==16
-
-// Base Bits= 13
-const BIG_256_13 Modulus_BN254CX= {0x15B3,0xDA,0x1BD7,0xC47,0x1BE6,0x1F70,0x24,0x1DC3,0x1FD6,0x1921,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48};
-const BIG_256_13 R2modp_BN254CX= {0x1527,0x146B,0x12A7,0x1A60,0x1E0A,0x1382,0x2BC,0x1D3F,0xB30,0xA8,0xD19,0x11AB,0x1D40,0x1965,0xD6D,0x643,0x10FF,0x1BC7,0x1E61,0x31};
-const chunk MConst_BN254CX= 0x1E85;
-const BIG_256_13 Fra_BN254CX= {0xEA3,0xE40,0xCD5,0x1210,0x15BD,0x1C10,0x5CF,0x4DE,0x773,0x343,0x626,0x194E,0x18AA,0x10C5,0x12BF,0x2C,0x63A,0x17D,0x1642,0x26};
-const BIG_256_13 Frb_BN254CX= {0x710,0x129A,0xF01,0x1A37,0x628,0x360,0x1A55,0x18E4,0x1863,0x15DE,0x138E,0x1B78,0x1D9C,0xE29,0x403,0x515,0x236,0x1E83,0x9BD,0x21};
-
-
-#endif
-
-#if CHUNK==32
-// Base Bits= 28
-const BIG_256_28 Modulus_BN254CX= {0xC1B55B3,0x6623EF5,0x93EE1BE,0xD6EE180,0x6D3243F,0x647A636,0xDB0BDDF,0x8702A0,0x4000000,0x2};
-const BIG_256_28 R2modp_BN254CX= {0x8A0800A,0x466A061,0x43056A3,0x2B3A225,0x9C6600,0x148515B,0x6BDF50,0xEC9EA56,0xC992E66,0x1};
-const chunk MConst_BN254CX= 0x9789E85;
-const BIG_256_28 Fra_BN254CX= {0x5C80EA3,0xD908335,0x3F8215B,0x7326F17,0x8986867,0x8AACA71,0x4AFE18B,0xA63A016,0x359082F,0x1};
-const BIG_256_28 Frb_BN254CX= {0x6534710,0x8D1BBC0,0x546C062,0x63C7269,0xE3ABBD8,0xD9CDBC4,0x900DC53,0x623628A,0xA6F7D0,0x1};
-
-#endif
-
-#if CHUNK==64
-// Base Bits= 56
-const BIG_256_56 Modulus_BN254CX= {0x6623EF5C1B55B3L,0xD6EE18093EE1BEL,0x647A6366D3243FL,0x8702A0DB0BDDFL,0x24000000L};
-const BIG_256_56 R2modp_BN254CX= {0x466A0618A0800AL,0x2B3A22543056A3L,0x148515B09C6600L,0xEC9EA5606BDF50L,0x1C992E66L};
-const chunk MConst_BN254CX= 0x4E205BF9789E85L;
-const BIG_256_56 Fra_BN254CX= {0xD9083355C80EA3L,0x7326F173F8215BL,0x8AACA718986867L,0xA63A0164AFE18BL,0x1359082FL};
-const BIG_256_56 Frb_BN254CX= {0x8D1BBC06534710L,0x63C7269546C062L,0xD9CDBC4E3ABBD8L,0x623628A900DC53L,0x10A6F7D0L};
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_BRAINPOOL.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_field_BRAINPOOL.c b/version3/c/rom_field_BRAINPOOL.c
deleted file mode 100644
index bc73330..0000000
--- a/version3/c/rom_field_BRAINPOOL.c
+++ /dev/null
@@ -1,25 +0,0 @@
-#include "arch.h"
-#include "fp_BRAINPOOL.h"
-
-/* Brainpool Modulus */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-// Base Bits= 28
-const BIG_256_28 Modulus_BRAINPOOL= {0xF6E5377,0x13481D1,0x6202820,0xF623D52,0xD726E3B,0x909D838,0xC3E660A,0xA1EEA9B,0x9FB57DB,0xA};
-const BIG_256_28 R2modp_BRAINPOOL= {0xB9A3787,0x9E04F49,0x8F3CF49,0x2931721,0xF1DBC89,0x54E8C3C,0xF7559CA,0xBB411A3,0x773E15F,0x9};
-const chunk MConst_BRAINPOOL= 0xEFD89B9;
-#endif
-
-#if CHUNK==64
-// Base Bits= 56
-const BIG_256_56 Modulus_BRAINPOOL= {0x13481D1F6E5377L,0xF623D526202820L,0x909D838D726E3BL,0xA1EEA9BC3E660AL,0xA9FB57DBL};
-const BIG_256_56 R2modp_BRAINPOOL= {0x9E04F49B9A3787L,0x29317218F3CF49L,0x54E8C3CF1DBC89L,0xBB411A3F7559CAL,0x9773E15FL};
-const chunk MConst_BRAINPOOL= 0xA75590CEFD89B9L;
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_C41417.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_field_C41417.c b/version3/c/rom_field_C41417.c
deleted file mode 100644
index e28f42c..0000000
--- a/version3/c/rom_field_C41417.c
+++ /dev/null
@@ -1,25 +0,0 @@
-#include "arch.h"
-#include "fp_C41417.h"
-
-/* Curve C41417 */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-// Base Bits= 29
-const BIG_416_29 Modulus_C41417= {0x1FFFFFEF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFF};
-const BIG_416_29 R2modp_C41417= {0x0,0x242000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const chunk MConst_C41417= 0x11;
-#endif
-
-#if CHUNK==64
-// Base Bits= 60
-const BIG_416_60 Modulus_C41417= {0xFFFFFFFFFFFFFEFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0x3FFFFFFFFFFFFFL};
-const BIG_416_60 R2modp_C41417= {0x121000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
-const chunk MConst_C41417= 0x11L;
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_FP256BN.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_field_FP256BN.c b/version3/c/rom_field_FP256BN.c
deleted file mode 100644
index 8174955..0000000
--- a/version3/c/rom_field_FP256BN.c
+++ /dev/null
@@ -1,36 +0,0 @@
-#include "arch.h"
-#include "fp_FP256BN.h"
-
-/* Curve FP256BN - Pairing friendly BN curve */
-
-/* ISO fast curve */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-// Base Bits= 28
-
-const BIG_256_28 Modulus_FP256BN= {0xED33013,0x292DDBA,0x80A82D3,0x65FB129,0x49F0CDC,0x5EEE71A,0xD46E5F2,0xFFFCF0C,0xFFFFFFF,0xF};
-const BIG_256_28 R2modp_FP256BN= {0x3B9F8B,0xEDE3363,0xFEC54E8,0x92FFEE9,0x3C55F79,0x13C1C06,0xC0123FA,0xA12F2EA,0xE559B2A,0x8};
-const chunk MConst_FP256BN= 0x537E5E5;
-const BIG_256_28 Fra_FP256BN= {0xF943106,0x760328A,0xAB28F74,0x71511E3,0x7CF39A1,0x8DDB086,0x52D1A6E,0xCA786F3,0xD617662,0x3};
-const BIG_256_28 Frb_FP256BN= {0xF3EFF0D,0xB32AB2F,0xD57F35E,0xF4A9F45,0xCCFD33A,0xD113693,0x819CB83,0x3584819,0x29E899D,0xC};
-
-
-#endif
-
-#if CHUNK==64
-// Base Bits= 56
-const BIG_256_56 Modulus_FP256BN= {0x292DDBAED33013L,0x65FB12980A82D3L,0x5EEE71A49F0CDCL,0xFFFCF0CD46E5F2L,0xFFFFFFFFL};
-const BIG_256_56 R2modp_FP256BN= {0xEDE336303B9F8BL,0x92FFEE9FEC54E8L,0x13C1C063C55F79L,0xA12F2EAC0123FAL,0x8E559B2AL};
-const chunk MConst_FP256BN= 0x6C964E0537E5E5L;
-const BIG_256_56 Fra_FP256BN= {0x760328AF943106L,0x71511E3AB28F74L,0x8DDB0867CF39A1L,0xCA786F352D1A6EL,0x3D617662L};
-const BIG_256_56 Frb_FP256BN= {0xB32AB2FF3EFF0DL,0xF4A9F45D57F35EL,0xD113693CCFD33AL,0x3584819819CB83L,0xC29E899DL};
-
-
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_FP512BN.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_field_FP512BN.c b/version3/c/rom_field_FP512BN.c
deleted file mode 100644
index e88f66a..0000000
--- a/version3/c/rom_field_FP512BN.c
+++ /dev/null
@@ -1,38 +0,0 @@
-#include "arch.h"
-#include "fp_FP512BN.h"
-
-/* Curve FP512BN - Pairing friendly BN curve */
-
-/* ISO fast curve */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-// Base Bits= 29
-
-const BIG_512_29 Modulus_FP512BN= {0x2ADEF33,0x7594049,0x131919ED,0x14AB9CBE,0x16FE1916,0x12EF5591,0x2E39231,0x3D597D3,0x55146CF,0x88D877A,0x102EF8F0,0x1196A60F,0x1C60BA1D,0x1CF63F80,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFF};
-const BIG_512_29 R2modp_FP512BN= {0xFD68B47,0xFCF5D2C,0x437675A,0x1BBC3FBF,0x1411E413,0x13453559,0x10B5639,0x1C34CE79,0x6D476BF,0xFD05F2B,0x15D17C28,0x6C9F76E,0x1C2375B3,0x78CCE9B,0x15F0AB33,0x1960F32E,0x1A8D44E,0x57A38};
-const chunk MConst_FP512BN= 0x1CCC5C05;
-const BIG_512_29 Fra_FP512BN= {0x14B73AB2,0x4B0BD8F,0xABB47D,0x2A29EC4,0x18681E17,0x104069DE,0x12EED67D,0x1553D0A5,0x398E9F8,0x7971034,0xAC9AF23,0x52DEF23,0x14EA18A5,0x1463E345,0x6DE465A,0x17F212B4,0x1AA9CF5B,0xF7B8};
-const BIG_512_29 Frb_FP512BN= {0xDF6B481,0x2A882B9,0x126D6570,0x1208FDFA,0x1E95FAFF,0x2AEEBB2,0xFF4BBB4,0xE81C72D,0x1B85CD6,0xF67746,0x56549CD,0xC68B6EC,0x776A178,0x8925C3B,0x1921B9A5,0x80DED4B,0x55630A4,0x70847};
-
-
-
-#endif
-
-#if CHUNK==64
-// Base Bits= 60
-
-const BIG_512_60 Modulus_FP512BN= {0x4EB280922ADEF33L,0x6A55CE5F4C6467BL,0xC65DEAB236FE191L,0xCF1EACBE98B8E48L,0x3C111B0EF455146L,0xA1D8CB5307C0BBEL,0xFFFF9EC7F01C60BL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFL};
-const BIG_512_60 R2modp_FP512BN= {0x1FA6DCEF99812E9L,0xAB3452895A0B74EL,0xC53EA988C079E1EL,0x1E90E033BA630B9L,0xF1EA41C0714D8B0L,0xE72785387509E28L,0xD86794F834DAB00L,0x9757C2ACCD342A1L,0x44ECB079L};
-const chunk MConst_FP512BN= 0x692A189FCCC5C05L;
-const BIG_512_60 Fra_FP512BN= {0x49617B1F4B73AB2L,0x71514F6202AED1FL,0xF6080D3BD8681E1L,0xF8AA9E852CBBB59L,0xC8CF2E2068398E9L,0x8A5296F791AB26BL,0x196A8C7C68B4EA1L,0xCF5BBF9095A1B79L,0x1EF71AA9L};
-const BIG_512_60 Frb_FP512BN= {0x5510572DF6B481L,0xF9047EFD49B595CL,0xD055DD765E95FAFL,0xD6740E396BFD2EEL,0x7341ECEE8C1B85CL,0x1786345B7615952L,0xE695124B876776AL,0x30A4406F6A5E486L,0xE108E556L};
-
-
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_GOLDILOCKS.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_field_GOLDILOCKS.c b/version3/c/rom_field_GOLDILOCKS.c
deleted file mode 100644
index 2a1785e..0000000
--- a/version3/c/rom_field_GOLDILOCKS.c
+++ /dev/null
@@ -1,30 +0,0 @@
-#include "arch.h"
-#include "fp_GOLDILOCKS.h"
-
-/* Curve GOLDILOCKS */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-
-// Base Bits= 29
-const BIG_448_29 Modulus_GOLDILOCKS= {0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FDFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFF};
-const BIG_448_29 R2modp_GOLDILOCKS= {0x0,0x10,0x0,0x0,0x0,0x0,0x0,0x0,0x3000000,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const chunk MConst_GOLDILOCKS= 0x1;
-
-#endif
-
-#if CHUNK==64
-// Base Bits= 58
-const BIG_448_58 Modulus_GOLDILOCKS= {0x3FFFFFFFFFFFFFFL,0x3FFFFFFFFFFFFFFL,0x3FFFFFFFFFFFFFFL,0x3FBFFFFFFFFFFFFL,0x3FFFFFFFFFFFFFFL,0x3FFFFFFFFFFFFFFL,0x3FFFFFFFFFFFFFFL,0x3FFFFFFFFFFL};
-const BIG_448_58 R2modp_GOLDILOCKS= {0x200000000L,0x0L,0x0L,0x0L,0x3000000L,0x0L,0x0L,0x0L};
-const chunk MConst_GOLDILOCKS= 0x1L;
-
-
-#endif
-
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_HIFIVE.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_field_HIFIVE.c b/version3/c/rom_field_HIFIVE.c
deleted file mode 100644
index 097dcec..0000000
--- a/version3/c/rom_field_HIFIVE.c
+++ /dev/null
@@ -1,27 +0,0 @@
-#include "arch.h"
-#include "fp_HIFIVE.h"
-
-/* Curve HIFIVE */
-
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-// Base Bits= 29
-const BIG_336_29 Modulus_HIFIVE= {0x1FFFFFFD,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFF};
-const BIG_336_29 R2modp_HIFIVE= {0x9000000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const chunk MConst_HIFIVE= 0x3;
-#endif
-
-#if CHUNK==64
-// Base Bits= 60
-const BIG_336_60 Modulus_HIFIVE= {0xFFFFFFFFFFFFFFDL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFL};
-const BIG_336_60 R2modp_HIFIVE= {0x9000000000000L,0x0L,0x0L,0x0L,0x0L,0x0L};
-const chunk MConst_HIFIVE= 0x3L;
-#endif
-
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_NIST256.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_field_NIST256.c b/version3/c/rom_field_NIST256.c
deleted file mode 100644
index b5a7187..0000000
--- a/version3/c/rom_field_NIST256.c
+++ /dev/null
@@ -1,27 +0,0 @@
-#include "arch.h"
-#include "fp_NIST256.h"
-
-/* Curve NIST256 */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-// Base Bits= 28
-const BIG_256_28 Modulus_NIST256= {0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFF,0x0,0x0,0x1000000,0x0,0xFFFFFFF,0xF};
-const BIG_256_28 R2modp_NIST256= {0x50000,0x300000,0x0,0x0,0xFFFFFFA,0xFFFFFBF,0xFFFFEFF,0xFFFAFFF,0x2FFFF,0x0};
-const chunk MConst_NIST256= 0x1;
-#endif
-
-#if CHUNK==64
-
-// Base Bits= 56
-const BIG_256_56 Modulus_NIST256= {0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFL,0x0L,0x1000000L,0xFFFFFFFFL};
-const BIG_256_56 R2modp_NIST256= {0x3000000050000L,0x0L,0xFFFFFBFFFFFFFAL,0xFFFAFFFFFFFEFFL,0x2FFFFL};
-const chunk MConst_NIST256= 0x1L;
-
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_NIST384.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_field_NIST384.c b/version3/c/rom_field_NIST384.c
deleted file mode 100644
index a739ae3..0000000
--- a/version3/c/rom_field_NIST384.c
+++ /dev/null
@@ -1,27 +0,0 @@
-#include "arch.h"
-#include "fp_NIST384.h"
-
-/* Curve NIST384 */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-// Base Bits= 29
-const BIG_384_29 Modulus_NIST384= {0x1FFFFFFF,0x7,0x0,0x1FFFFE00,0x1FFFEFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7F};
-const BIG_384_29 R2modp_NIST384= {0x0,0x8000,0x1FF80000,0x1FFFFF,0x2000000,0x0,0x0,0x1FFFFFFC,0xF,0x100,0x400,0x0,0x0,0x0};
-const chunk MConst_NIST384= 0x1;
-#endif
-
-#if CHUNK==64
-// Base Bits= 56
-const BIG_384_56 Modulus_NIST384= {0xFFFFFFFFL,0xFFFF0000000000L,0xFFFFFFFFFEFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFL};
-const BIG_384_56 R2modp_NIST384= {0xFE000000010000L,0xFFFFFFL,0x2L,0xFFFFFFFE00L,0x1000000020000L,0x0L,0x0L};
-const chunk MConst_NIST384= 0x100000001L;
-
-#endif
-
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_NIST521.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_field_NIST521.c b/version3/c/rom_field_NIST521.c
deleted file mode 100644
index 048f9ac..0000000
--- a/version3/c/rom_field_NIST521.c
+++ /dev/null
@@ -1,25 +0,0 @@
-#include "arch.h"
-#include "fp_NIST521.h"
-
-/* Curve NIST521 */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-// Base Bits= 28
-const BIG_528_28 Modulus_NIST521= {0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0x1FFFF};
-const BIG_528_28 R2modp_NIST521= {0x400000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const chunk MConst_NIST521= 0x1;
-#endif
-
-#if CHUNK==64
-// Base Bits= 60
-const BIG_528_60 Modulus_NIST521= {0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0x1FFFFFFFFFFL};
-const BIG_528_60 R2modp_NIST521= {0x4000000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
-const chunk MConst_NIST521= 0x1L;
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_SECP256K1.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_field_SECP256K1.c b/version3/c/rom_field_SECP256K1.c
deleted file mode 100644
index 4f80178..0000000
--- a/version3/c/rom_field_SECP256K1.c
+++ /dev/null
@@ -1,28 +0,0 @@
-#include "arch.h"
-#include "fp_SECP256K1.h"
-
-/* Curve SECP256K1 */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-// Base Bits= 28
-const BIG_256_28 Modulus_SECP256K1= {0xFFFFC2F,0xFFFFFEF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xF};
-const BIG_256_28 R2modp_SECP256K1= {0x0,0xA100000,0x2000E90,0x7A,0x1,0x0,0x0,0x0,0x0,0x0};
-const chunk MConst_SECP256K1= 0x2253531;
-
-#endif
-
-#if CHUNK==64
-
-// Base Bits= 56
-const BIG_256_56 Modulus_SECP256K1= {0xFFFFFEFFFFFC2FL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFL};
-const BIG_256_56 R2modp_SECP256K1= {0xA1000000000000L,0x7A2000E90L,0x1L,0x0L,0x0L};
-const chunk MConst_SECP256K1= 0x38091DD2253531L;
-
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rsa.c
----------------------------------------------------------------------
diff --git a/version3/c/rsa.c b/version3/c/rsa.c
deleted file mode 100644
index bbe41b2..0000000
--- a/version3/c/rsa.c
+++ /dev/null
@@ -1,162 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* RSA Functions - see main program below */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <time.h>
-
-#include "rsa_WWW.h"
-#include "rsa_support.h"
-
-/* generate an RSA key pair */
-void RSA_WWW_KEY_PAIR(csprng *RNG,sign32 e,rsa_private_key_WWW *PRIV,rsa_public_key_WWW *PUB,octet *P, octet* Q)
-{
- /* IEEE1363 A16.11/A16.12 more or less */
- BIG_XXX t[HFLEN_WWW],p1[HFLEN_WWW],q1[HFLEN_WWW];
-
- if (RNG!=NULL)
- {
-
- for (;;)
- {
-
- FF_WWW_random(PRIV->p,RNG,HFLEN_WWW);
- while (FF_WWW_lastbits(PRIV->p,2)!=3) FF_WWW_inc(PRIV->p,1,HFLEN_WWW);
- while (!FF_WWW_prime(PRIV->p,RNG,HFLEN_WWW))
- FF_WWW_inc(PRIV->p,4,HFLEN_WWW);
-
- FF_WWW_copy(p1,PRIV->p,HFLEN_WWW);
- FF_WWW_dec(p1,1,HFLEN_WWW);
-
- if (FF_WWW_cfactor(p1,e,HFLEN_WWW)) continue;
- break;
- }
-
- for (;;)
- {
- FF_WWW_random(PRIV->q,RNG,HFLEN_WWW);
- while (FF_WWW_lastbits(PRIV->q,2)!=3) FF_WWW_inc(PRIV->q,1,HFLEN_WWW);
- while (!FF_WWW_prime(PRIV->q,RNG,HFLEN_WWW))
- FF_WWW_inc(PRIV->q,4,HFLEN_WWW);
-
- FF_WWW_copy(q1,PRIV->q,HFLEN_WWW);
- FF_WWW_dec(q1,1,HFLEN_WWW);
- if (FF_WWW_cfactor(q1,e,HFLEN_WWW)) continue;
-
- break;
- }
-
- }
- else
- {
- FF_WWW_fromOctet(PRIV->p,P,HFLEN_WWW);
- FF_WWW_fromOctet(PRIV->q,Q,HFLEN_WWW);
-
- FF_WWW_copy(p1,PRIV->p,HFLEN_WWW);
- FF_WWW_dec(p1,1,HFLEN_WWW);
-
- FF_WWW_copy(q1,PRIV->q,HFLEN_WWW);
- FF_WWW_dec(q1,1,HFLEN_WWW);
- }
-
- FF_WWW_mul(PUB->n,PRIV->p,PRIV->q,HFLEN_WWW);
- PUB->e=e;
-
- FF_WWW_copy(t,p1,HFLEN_WWW);
- FF_WWW_shr(t,HFLEN_WWW);
- FF_WWW_init(PRIV->dp,e,HFLEN_WWW);
- FF_WWW_invmodp(PRIV->dp,PRIV->dp,t,HFLEN_WWW);
- if (FF_WWW_parity(PRIV->dp)==0) FF_WWW_add(PRIV->dp,PRIV->dp,t,HFLEN_WWW);
- FF_WWW_norm(PRIV->dp,HFLEN_WWW);
-
- FF_WWW_copy(t,q1,HFLEN_WWW);
- FF_WWW_shr(t,HFLEN_WWW);
- FF_WWW_init(PRIV->dq,e,HFLEN_WWW);
- FF_WWW_invmodp(PRIV->dq,PRIV->dq,t,HFLEN_WWW);
- if (FF_WWW_parity(PRIV->dq)==0) FF_WWW_add(PRIV->dq,PRIV->dq,t,HFLEN_WWW);
- FF_WWW_norm(PRIV->dq,HFLEN_WWW);
-
- FF_WWW_invmodp(PRIV->c,PRIV->p,PRIV->q,HFLEN_WWW);
-
- return;
-}
-
-/* destroy the Private Key structure */
-void RSA_WWW_PRIVATE_KEY_KILL(rsa_private_key_WWW *PRIV)
-{
- FF_WWW_zero(PRIV->p,HFLEN_WWW);
- FF_WWW_zero(PRIV->q,HFLEN_WWW);
- FF_WWW_zero(PRIV->dp,HFLEN_WWW);
- FF_WWW_zero(PRIV->dq,HFLEN_WWW);
- FF_WWW_zero(PRIV->c,HFLEN_WWW);
-}
-
-void RSA_WWW_fromOctet(BIG_XXX x[],octet *w)
-{
- FF_WWW_fromOctet(x,w,FFLEN_WWW);
-}
-
-/* RSA encryption with the public key */
-void RSA_WWW_ENCRYPT(rsa_public_key_WWW *PUB,octet *F,octet *G)
-{
- BIG_XXX f[FFLEN_WWW];
- FF_WWW_fromOctet(f,F,FFLEN_WWW);
-
- FF_WWW_power(f,f,PUB->e,PUB->n,FFLEN_WWW);
-
- FF_WWW_toOctet(G,f,FFLEN_WWW);
-}
-
-/* RSA decryption with the private key */
-void RSA_WWW_DECRYPT(rsa_private_key_WWW *PRIV,octet *G,octet *F)
-{
- BIG_XXX g[FFLEN_WWW],t[FFLEN_WWW],jp[HFLEN_WWW],jq[HFLEN_WWW];
-
- FF_WWW_fromOctet(g,G,FFLEN_WWW);
-
- FF_WWW_dmod(jp,g,PRIV->p,HFLEN_WWW);
- FF_WWW_dmod(jq,g,PRIV->q,HFLEN_WWW);
-
- FF_WWW_skpow(jp,jp,PRIV->dp,PRIV->p,HFLEN_WWW);
- FF_WWW_skpow(jq,jq,PRIV->dq,PRIV->q,HFLEN_WWW);
-
-
- FF_WWW_zero(g,FFLEN_WWW);
- FF_WWW_copy(g,jp,HFLEN_WWW);
- FF_WWW_mod(jp,PRIV->q,HFLEN_WWW);
- if (FF_WWW_comp(jp,jq,HFLEN_WWW)>0)
- FF_WWW_add(jq,jq,PRIV->q,HFLEN_WWW);
- FF_WWW_sub(jq,jq,jp,HFLEN_WWW);
- FF_WWW_norm(jq,HFLEN_WWW);
-
- FF_WWW_mul(t,PRIV->c,jq,HFLEN_WWW);
- FF_WWW_dmod(jq,t,PRIV->q,HFLEN_WWW);
-
- FF_WWW_mul(t,jq,PRIV->p,HFLEN_WWW);
- FF_WWW_add(g,t,g,FFLEN_WWW);
- FF_WWW_norm(g,FFLEN_WWW);
-
- FF_WWW_toOctet(F,g,FFLEN_WWW);
-
- return;
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rsa.h
----------------------------------------------------------------------
diff --git a/version3/c/rsa.h b/version3/c/rsa.h
deleted file mode 100644
index 4d4c3c1..0000000
--- a/version3/c/rsa.h
+++ /dev/null
@@ -1,110 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/**
- * @file rsa.h
- * @author Mike Scott
- * @brief RSA Header file for implementation of RSA protocol
- *
- * declares functions
- *
- */
-
-#ifndef RSA_WWW_H
-#define RSA_WWW_H
-
-#include "ff_WWW.h"
-#include "rsa_support.h"
-
-/*** START OF USER CONFIGURABLE SECTION - ***/
-
-#define HASH_TYPE_RSA_WWW SHA256 /**< Chosen Hash algorithm */
-
-/*** END OF USER CONFIGURABLE SECTION ***/
-
-#define RFS_WWW MODBYTES_XXX*FFLEN_WWW /**< RSA Public Key Size in bytes */
-
-
-/**
- @brief Integer Factorisation Public Key
-*/
-
-typedef struct
-{
- sign32 e; /**< RSA exponent (typically 65537) */
- BIG_XXX n[FFLEN_WWW]; /**< An array of BIGs to store public key */
-} rsa_public_key_WWW;
-
-/**
- @brief Integer Factorisation Private Key
-*/
-
-typedef struct
-{
- BIG_XXX p[FFLEN_WWW/2]; /**< secret prime p */
- BIG_XXX q[FFLEN_WWW/2]; /**< secret prime q */
- BIG_XXX dp[FFLEN_WWW/2]; /**< decrypting exponent mod (p-1) */
- BIG_XXX dq[FFLEN_WWW/2]; /**< decrypting exponent mod (q-1) */
- BIG_XXX c[FFLEN_WWW/2]; /**< 1/p mod q */
-} rsa_private_key_WWW;
-
-/* RSA Auxiliary Functions */
-
-/** @brief RSA Key Pair Generator
- *
- @param R is a pointer to a cryptographically secure random number generator
- @param e the encryption exponent
- @param PRIV the output RSA private key
- @param PUB the output RSA public key
- @param P Input prime number. Used when R is equal to NULL for testing
- @param Q Inpuy prime number. Used when R is equal to NULL for testing
- */
-extern void RSA_WWW_KEY_PAIR(csprng *R,sign32 e,rsa_private_key_WWW* PRIV,rsa_public_key_WWW* PUB,octet *P, octet* Q);
-
-/** @brief RSA encryption of suitably padded plaintext
- *
- @param PUB the input RSA public key
- @param F is input padded message
- @param G is the output ciphertext
- */
-extern void RSA_WWW_ENCRYPT(rsa_public_key_WWW* PUB,octet *F,octet *G);
-/** @brief RSA decryption of ciphertext
- *
- @param PRIV the input RSA private key
- @param G is the input ciphertext
- @param F is output plaintext (requires unpadding)
-
- */
-extern void RSA_WWW_DECRYPT(rsa_private_key_WWW* PRIV,octet *G,octet *F);
-/** @brief Destroy an RSA private Key
- *
- @param PRIV the input RSA private key. Destroyed on output.
- */
-extern void RSA_WWW_PRIVATE_KEY_KILL(rsa_private_key_WWW *PRIV);
-/** @brief Populates an RSA public key from an octet string
- *
- Creates RSA public key from big-endian base 256 form.
- @param x FF instance to be created from an octet string
- @param S input octet string
- */
-extern void RSA_WWW_fromOctet(BIG_XXX *x,octet *S);
-
-
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rsa_support.c
----------------------------------------------------------------------
diff --git a/version3/c/rsa_support.c b/version3/c/rsa_support.c
deleted file mode 100644
index a4cfdca..0000000
--- a/version3/c/rsa_support.c
+++ /dev/null
@@ -1,237 +0,0 @@
-#include "rsa_support.h"
-
-#define ROUNDUP(a,b) ((a)-1)/(b)+1
-
-/* general purpose hash function w=hash(p|n|x|y) */
-int hashit(int sha,octet *p,int n,octet *w)
-{
- int i,c[4],hlen;
- hash256 sha256;
- hash512 sha512;
- char hh[64];
-
- switch (sha)
- {
- case SHA256:
- HASH256_init(&sha256);
- break;
- case SHA384:
- HASH384_init(&sha512);
- break;
- case SHA512:
- HASH512_init(&sha512);
- break;
- }
-
- hlen=sha;
-
- if (p!=NULL) for (i=0; i<p->len; i++)
- {
- switch(sha)
- {
- case SHA256:
- HASH256_process(&sha256,p->val[i]);
- break;
- case SHA384:
- HASH384_process(&sha512,p->val[i]);
- break;
- case SHA512:
- HASH512_process(&sha512,p->val[i]);
- break;
- }
- }
- if (n>=0)
- {
- c[0]=(n>>24)&0xff;
- c[1]=(n>>16)&0xff;
- c[2]=(n>>8)&0xff;
- c[3]=(n)&0xff;
- for (i=0; i<4; i++)
- {
- switch(sha)
- {
- case SHA256:
- HASH256_process(&sha256,c[i]);
- break;
- case SHA384:
- HASH384_process(&sha512,c[i]);
- break;
- case SHA512:
- HASH512_process(&sha512,c[i]);
- break;
- }
- }
- }
-
- switch (sha)
- {
- case SHA256:
- HASH256_hash(&sha256,hh);
- break;
- case SHA384:
- HASH384_hash(&sha512,hh);
- break;
- case SHA512:
- HASH512_hash(&sha512,hh);
- break;
- }
-
- OCT_empty(w);
- OCT_jbytes(w,hh,hlen);
- for (i=0; i<hlen; i++) hh[i]=0;
-
- return hlen;
-}
-
-/* Mask Generation Function */
-
-static void MGF1(int sha,octet *z,int olen,octet *mask)
-{
- char h[64];
- octet H= {0,sizeof(h),h};
- int hlen=sha;
- int counter,cthreshold;
-
- OCT_empty(mask);
-
- cthreshold=ROUNDUP(olen,hlen);
- for (counter=0; counter<cthreshold; counter++)
- {
- hashit(sha,z,counter,&H);
- if (mask->len+hlen>olen) OCT_jbytes(mask,H.val,olen%hlen);
- else OCT_joctet(mask,&H);
- }
- OCT_clear(&H);
-}
-
-/* SHAXXX identifier strings */
-const unsigned char SHA256ID[]= {0x30,0x31,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0x04,0x20};
-const unsigned char SHA384ID[]= {0x30,0x41,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,0x05,0x00,0x04,0x30};
-const unsigned char SHA512ID[]= {0x30,0x51,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00,0x04,0x40};
-
-/* PKCS 1.5 padding of a message to be signed */
-
-int PKCS15(int sha,octet *m,octet *w)
-{
- int olen=w->max;
- int hlen=sha;
- int idlen=19;
- char h[64];
- octet H= {0,sizeof(h),h};
-
- if (olen<idlen+hlen+10) return 1;
- hashit(sha,m,-1,&H);
-
- OCT_empty(w);
- OCT_jbyte(w,0x00,1);
- OCT_jbyte(w,0x01,1);
- OCT_jbyte(w,0xff,olen-idlen-hlen-3);
- OCT_jbyte(w,0x00,1);
-
- if (hlen==32) OCT_jbytes(w,(char *)SHA256ID,idlen);
- if (hlen==48) OCT_jbytes(w,(char *)SHA384ID,idlen);
- if (hlen==64) OCT_jbytes(w,(char *)SHA512ID,idlen);
-
- OCT_joctet(w,&H);
-
- return 0;
-}
-
-/* OAEP Message Encoding for Encryption */
-
-int OAEP_ENCODE(int sha,octet *m,csprng *RNG,octet *p,octet *f)
-{
- int slen,olen=f->max-1;
- int mlen=m->len;
- int hlen,seedlen;
- char dbmask[MAX_RSA_BYTES],seed[64];
- octet DBMASK= {0,sizeof(dbmask),dbmask};
- octet SEED= {0,sizeof(seed),seed};
-
- hlen=seedlen=sha;
- if (mlen>olen-hlen-seedlen-1) return 1;
- if (m==f) return 1; /* must be distinct octets */
-
- hashit(sha,p,-1,f);
-
- slen=olen-mlen-hlen-seedlen-1;
-
- OCT_jbyte(f,0,slen);
- OCT_jbyte(f,0x1,1);
- OCT_joctet(f,m);
-
- OCT_rand(&SEED,RNG,seedlen);
-
- MGF1(sha,&SEED,olen-seedlen,&DBMASK);
-
- OCT_xor(&DBMASK,f);
- MGF1(sha,&DBMASK,seedlen,f);
-
- OCT_xor(f,&SEED);
-
- OCT_joctet(f,&DBMASK);
-
- OCT_pad(f,f->max);
- OCT_clear(&SEED);
- OCT_clear(&DBMASK);
-
- return 0;
-}
-
-/* OAEP Message Decoding for Decryption */
-
-int OAEP_DECODE(int sha,octet *p,octet *f)
-{
- int comp,x,t;
- int i,k,olen=f->max-1;
- int hlen,seedlen;
- char dbmask[MAX_RSA_BYTES],seed[64],chash[64];
- octet DBMASK= {0,sizeof(dbmask),dbmask};
- octet SEED= {0,sizeof(seed),seed};
- octet CHASH= {0,sizeof(chash),chash};
-
- seedlen=hlen=sha;
- if (olen<seedlen+hlen+1) return 1;
- if (!OCT_pad(f,olen+1)) return 1;
- hashit(sha,p,-1,&CHASH);
-
- x=f->val[0];
- for (i=seedlen; i<olen; i++)
- DBMASK.val[i-seedlen]=f->val[i+1];
- DBMASK.len=olen-seedlen;
-
- MGF1(sha,&DBMASK,seedlen,&SEED);
- for (i=0; i<seedlen; i++) SEED.val[i]^=f->val[i+1];
- MGF1(sha,&SEED,olen-seedlen,f);
- OCT_xor(&DBMASK,f);
-
- comp=OCT_ncomp(&CHASH,&DBMASK,hlen);
-
- OCT_shl(&DBMASK,hlen);
-
- OCT_clear(&SEED);
- OCT_clear(&CHASH);
-
- for (k=0;; k++)
- {
- if (k>=DBMASK.len)
- {
- OCT_clear(&DBMASK);
- return 1;
- }
- if (DBMASK.val[k]!=0) break;
- }
-
- t=DBMASK.val[k];
- if (!comp || x!=0 || t!=0x01)
- {
- OCT_clear(&DBMASK);
- return 1;
- }
-
- OCT_shl(&DBMASK,k+1);
- OCT_copy(f,&DBMASK);
- OCT_clear(&DBMASK);
-
- return 0;
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rsa_support.h
----------------------------------------------------------------------
diff --git a/version3/c/rsa_support.h b/version3/c/rsa_support.h
deleted file mode 100644
index 3bd495f..0000000
--- a/version3/c/rsa_support.h
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/**
- * @file rsa_support.h
- * @author Mike Scott
- * @brief RSA Support Header File
- *
- */
-
-#ifndef RSA_SUPPORT_H
-#define RSA_SUPPORT_H
-
-#include "amcl.h"
-
-#define MAX_RSA_BYTES 512 /**< Maximum of 4096 */
-
-/** @brief PKCS V1.5 padding of a message prior to RSA signature
- *
- @param h is the hash type
- @param M is the input message
- @param W is the output encoding, ready for RSA signature
- @return 1 if OK, else 0
- */
-extern int PKCS15(int h,octet *M,octet *W);
-/** @brief OAEP padding of a message prior to RSA encryption
- *
- @param h is the hash type
- @param M is the input message
- @param R is a pointer to a cryptographically secure random number generator
- @param P are input encoding parameter string (could be NULL)
- @param F is the output encoding, ready for RSA encryption
- @return 1 if OK, else 0
- */
-extern int OAEP_ENCODE(int h,octet *M,csprng *R,octet *P,octet *F);
-/** @brief OAEP unpadding of a message after RSA decryption
- *
- Unpadding is done in-place
- @param h is the hash type
- @param P are input encoding parameter string (could be NULL)
- @param F is input padded message, unpadded on output
- @return 1 if OK, else 0
- */
-extern int OAEP_DECODE(int h,octet *P,octet *F);
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/testall.c
----------------------------------------------------------------------
diff --git a/version3/c/testall.c b/version3/c/testall.c
deleted file mode 100644
index 46b5a96..0000000
--- a/version3/c/testall.c
+++ /dev/null
@@ -1,1627 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* test driver and function exerciser for ECDH/ECIES/ECDSA API Functions */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "ecdh_ED25519.h"
-#include "mpin_BN254.h"
-#include "rsa_2048.h"
-#include "randapi.h"
-
-#if CHUNK==32 || CHUNK==64
-#include "ecdh_NIST256.h"
-#include "ecdh_GOLDILOCKS.h"
-#include "mpin_BLS383.h"
-#include "mpin192_BLS24.h"
-#include "mpin256_BLS48.h"
-#endif
-
-int ecdh_ED25519(csprng *RNG)
-{
- int i,res;
- unsigned long ran;
- char *pp="M0ng00se";
- // These octets are automatically protected against buffer overflow attacks
- // Note salt must be big enough to include an appended word
- // Note ECIES ciphertext C must be big enough to include at least 1 appended block
- // Recall EFS_ED25519 is field size in bytes. So EFS_ED25519=32 for 256-bit curve
- char s0[2*EGS_ED25519],s1[EGS_ED25519],w0[2*EFS_ED25519+1],w1[2*EFS_ED25519+1],z0[EFS_ED25519],z1[EFS_ED25519],key[AESKEY_ED25519],salt[40],pw[40];
- octet S0= {0,sizeof(s0),s0};
- octet S1= {0,sizeof(s1),s1};
- octet W0= {0,sizeof(w0),w0};
- octet W1= {0,sizeof(w1),w1};
- octet Z0= {0,sizeof(z0),z0};
- octet Z1= {0,sizeof(z1),z1};
- octet KEY= {0,sizeof(key),key};
- octet SALT= {0,sizeof(salt),salt};
- octet PW= {0,sizeof(pw),pw};
-
- SALT.len=8;
- for (i=0; i<8; i++) SALT.val[i]=i+1; // set Salt
-
- printf("Alice's Passphrase= %s\n",pp);
-
- OCT_empty(&PW);
- OCT_jstring(&PW,pp); // set Password from string
-
- // private key S0 of size EGS_ED25519 bytes derived from Password and Salt
-
- PBKDF2(HASH_TYPE_ED25519,&PW,&SALT,1000,EGS_ED25519,&S0);
-
- printf("Alices private key= 0x");
- OCT_output(&S0);
-
- // Generate Key pair S/W
-
- ECP_ED25519_KEY_PAIR_GENERATE(NULL,&S0,&W0);
- printf("Alices public key= 0x");
- OCT_output(&W0);
-
- res=ECP_ED25519_PUBLIC_KEY_VALIDATE(&W0);
- if (res!=0)
- {
- printf("ECP Public Key is invalid!\n");
- return 0;
- }
-
- // Random private key for other party
- ECP_ED25519_KEY_PAIR_GENERATE(RNG,&S1,&W1);
- res=ECP_ED25519_PUBLIC_KEY_VALIDATE(&W1);
- if (res!=0)
- {
- printf("ECP Public Key is invalid!\n");
- return 0;
- }
- printf("Servers private key= 0x");
- OCT_output(&S1);
- printf("Servers public key= 0x");
- OCT_output(&W1);
-
- // Calculate common key using DH - IEEE 1363 method
-
- ECP_ED25519_SVDP_DH(&S0,&W1,&Z0);
- ECP_ED25519_SVDP_DH(&S1,&W0,&Z1);
-
- if (!OCT_comp(&Z0,&Z1))
- {
- printf("*** ECPSVDP-DH Failed\n");
- return 0;
- }
-
- KDF2(HASH_TYPE_ED25519,&Z0,NULL,AESKEY_ED25519,&KEY);
-
- printf("Alice's DH Key= 0x");
- OCT_output(&KEY);
- printf("Servers DH Key= 0x");
- OCT_output(&KEY);
-
-#if CURVETYPE_ED25519 != MONTGOMERY
-
- char ds[EGS_ED25519],p1[30],p2[30],v[2*EFS_ED25519+1],m[32],c[64],t[32],cs[EGS_ED25519];
- octet DS= {0,sizeof(ds),ds};
- octet CS= {0,sizeof(cs),cs};
- octet P1= {0,sizeof(p1),p1};
- octet P2= {0,sizeof(p2),p2};
- octet V= {0,sizeof(v),v};
- octet M= {0,sizeof(m),m};
- octet C= {0,sizeof(c),c};
- octet T= {0,sizeof(t),t};
-
- printf("Testing ECIES\n");
-
- P1.len=3;
- P1.val[0]=0x0;
- P1.val[1]=0x1;
- P1.val[2]=0x2;
- P2.len=4;
- P2.val[0]=0x0;
- P2.val[1]=0x1;
- P2.val[2]=0x2;
- P2.val[3]=0x3;
-
- M.len=17;
- for (i=0; i<=16; i++) M.val[i]=i;
-
- ECP_ED25519_ECIES_ENCRYPT(HASH_TYPE_ED25519,&P1,&P2,RNG,&W1,&M,12,&V,&C,&T);
-
- printf("Ciphertext= \n");
- printf("V= 0x");
- OCT_output(&V);
- printf("C= 0x");
- OCT_output(&C);
- printf("T= 0x");
- OCT_output(&T);
-
- if (!ECP_ED25519_ECIES_DECRYPT(HASH_TYPE_ED25519,&P1,&P2,&V,&C,&T,&S1,&M))
- {
- printf("*** ECIES Decryption Failed\n");
- return 0;
- }
- else printf("Decryption succeeded\n");
-
- printf("Message is 0x");
- OCT_output(&M);
-
-
- printf("Testing ECDSA\n");
-
- if (ECP_ED25519_SP_DSA(HASH_TYPE_ED25519,RNG,NULL,&S0,&M,&CS,&DS)!=0)
- {
- printf("***ECDSA Signature Failed\n");
- return 0;
- }
-
- printf("Signature C = 0x");
- OCT_output(&CS);
- printf("Signature D = 0x");
- OCT_output(&DS);
-
- if (ECP_ED25519_VP_DSA(HASH_TYPE_ED25519,&W0,&M,&CS,&DS)!=0)
- {
- printf("***ECDSA Verification Failed\n");
- return 0;
- }
- else
- {
- printf("ECDSA Signature/Verification succeeded\n");
- }
-
-#endif
-
- return 0;
-}
-
-#if CHUNK==32 || CHUNK==64
-int ecdh_NIST256(csprng *RNG)
-{
- int i,res;
- unsigned long ran;
- char *pp="M0ng00se";
- // These octets are automatically protected against buffer overflow attacks
- // Note salt must be big enough to include an appended word
- // Note ECIES ciphertext C must be big enough to include at least 1 appended block
- // Recall EFS_NIST256 is field size in bytes. So EFS_NIST256=32 for 256-bit curve
- char s0[2*EGS_NIST256],s1[EGS_NIST256],w0[2*EFS_NIST256+1],w1[2*EFS_NIST256+1],z0[EFS_NIST256],z1[EFS_NIST256],key[AESKEY_NIST256],salt[40],pw[40];
- octet S0= {0,sizeof(s0),s0};
- octet S1= {0,sizeof(s1),s1};
- octet W0= {0,sizeof(w0),w0};
- octet W1= {0,sizeof(w1),w1};
- octet Z0= {0,sizeof(z0),z0};
- octet Z1= {0,sizeof(z1),z1};
- octet KEY= {0,sizeof(key),key};
- octet SALT= {0,sizeof(salt),salt};
- octet PW= {0,sizeof(pw),pw};
-
- SALT.len=8;
- for (i=0; i<8; i++) SALT.val[i]=i+1; // set Salt
-
- printf("Alice's Passphrase= %s\n",pp);
-
- OCT_empty(&PW);
- OCT_jstring(&PW,pp); // set Password from string
-
- // private key S0 of size EGS_NIST256 bytes derived from Password and Salt
-
- PBKDF2(HASH_TYPE_NIST256,&PW,&SALT,1000,EGS_NIST256,&S0);
-
- printf("Alices private key= 0x");
- OCT_output(&S0);
-
- // Generate Key pair S/W
-
- ECP_NIST256_KEY_PAIR_GENERATE(NULL,&S0,&W0);
- printf("Alices public key= 0x");
- OCT_output(&W0);
-
- res=ECP_NIST256_PUBLIC_KEY_VALIDATE(&W0);
- if (res!=0)
- {
- printf("ECP Public Key is invalid!\n");
- return 0;
- }
-
- // Random private key for other party
- ECP_NIST256_KEY_PAIR_GENERATE(RNG,&S1,&W1);
- res=ECP_NIST256_PUBLIC_KEY_VALIDATE(&W1);
- if (res!=0)
- {
- printf("ECP Public Key is invalid!\n");
- return 0;
- }
- printf("Servers private key= 0x");
- OCT_output(&S1);
- printf("Servers public key= 0x");
- OCT_output(&W1);
-
- // Calculate common key using DH - IEEE 1363 method
-
- ECP_NIST256_SVDP_DH(&S0,&W1,&Z0);
- ECP_NIST256_SVDP_DH(&S1,&W0,&Z1);
-
- if (!OCT_comp(&Z0,&Z1))
- {
- printf("*** ECPSVDP-DH Failed\n");
- return 0;
- }
-
- KDF2(HASH_TYPE_NIST256,&Z0,NULL,AESKEY_NIST256,&KEY);
-
- printf("Alice's DH Key= 0x");
- OCT_output(&KEY);
- printf("Servers DH Key= 0x");
- OCT_output(&KEY);
-
-#if CURVETYPE_NIST256 != MONTGOMERY
-
- char ds[EGS_NIST256],p1[30],p2[30],v[2*EFS_NIST256+1],m[32],c[64],t[32],cs[EGS_NIST256];
- octet DS= {0,sizeof(ds),ds};
- octet CS= {0,sizeof(cs),cs};
- octet P1= {0,sizeof(p1),p1};
- octet P2= {0,sizeof(p2),p2};
- octet V= {0,sizeof(v),v};
- octet M= {0,sizeof(m),m};
- octet C= {0,sizeof(c),c};
- octet T= {0,sizeof(t),t};
-
- printf("Testing ECIES\n");
-
- P1.len=3;
- P1.val[0]=0x0;
- P1.val[1]=0x1;
- P1.val[2]=0x2;
- P2.len=4;
- P2.val[0]=0x0;
- P2.val[1]=0x1;
- P2.val[2]=0x2;
- P2.val[3]=0x3;
-
- M.len=17;
- for (i=0; i<=16; i++) M.val[i]=i;
-
- ECP_NIST256_ECIES_ENCRYPT(HASH_TYPE_NIST256,&P1,&P2,RNG,&W1,&M,12,&V,&C,&T);
-
- printf("Ciphertext= \n");
- printf("V= 0x");
- OCT_output(&V);
- printf("C= 0x");
- OCT_output(&C);
- printf("T= 0x");
- OCT_output(&T);
-
- if (!ECP_NIST256_ECIES_DECRYPT(HASH_TYPE_NIST256,&P1,&P2,&V,&C,&T,&S1,&M))
- {
- printf("*** ECIES Decryption Failed\n");
- return 0;
- }
- else printf("Decryption succeeded\n");
-
- printf("Message is 0x");
- OCT_output(&M);
-
-
- printf("Testing ECDSA\n");
-
- if (ECP_NIST256_SP_DSA(HASH_TYPE_NIST256,RNG,NULL,&S0,&M,&CS,&DS)!=0)
- {
- printf("***ECDSA Signature Failed\n");
- return 0;
- }
-
- printf("Signature C = 0x");
- OCT_output(&CS);
- printf("Signature D = 0x");
- OCT_output(&DS);
-
- if (ECP_NIST256_VP_DSA(HASH_TYPE_NIST256,&W0,&M,&CS,&DS)!=0)
- {
- printf("***ECDSA Verification Failed\n");
- return 0;
- }
- else
- {
- printf("ECDSA Signature/Verification succeeded\n");
- }
-
-#endif
-
- return 0;
-}
-
-int ecdh_GOLDILOCKS(csprng *RNG)
-{
- int i,res;
- unsigned long ran;
- char *pp="M0ng00se";
- // These octets are automatically protected against buffer overflow attacks
- // Note salt must be big enough to include an appended word
- // Note ECIES ciphertext C must be big enough to include at least 1 appended block
- // Recall EFS_GOLDILOCKS is field size in bytes. So EFS_GOLDILOCKS=32 for 256-bit curve
- char s0[2*EGS_GOLDILOCKS],s1[EGS_GOLDILOCKS],w0[2*EFS_GOLDILOCKS+1],w1[2*EFS_GOLDILOCKS+1],z0[EFS_GOLDILOCKS],z1[EFS_GOLDILOCKS],key[AESKEY_GOLDILOCKS],salt[40],pw[40];
- octet S0= {0,sizeof(s0),s0};
- octet S1= {0,sizeof(s1),s1};
- octet W0= {0,sizeof(w0),w0};
- octet W1= {0,sizeof(w1),w1};
- octet Z0= {0,sizeof(z0),z0};
- octet Z1= {0,sizeof(z1),z1};
- octet KEY= {0,sizeof(key),key};
- octet SALT= {0,sizeof(salt),salt};
- octet PW= {0,sizeof(pw),pw};
-
- SALT.len=8;
- for (i=0; i<8; i++) SALT.val[i]=i+1; // set Salt
-
- printf("Alice's Passphrase= %s\n",pp);
-
- OCT_empty(&PW);
- OCT_jstring(&PW,pp); // set Password from string
-
- // private key S0 of size EGS_GOLDILOCKS bytes derived from Password and Salt
-
- PBKDF2(HASH_TYPE_GOLDILOCKS,&PW,&SALT,1000,EGS_GOLDILOCKS,&S0);
-
- printf("Alices private key= 0x");
- OCT_output(&S0);
-
- // Generate Key pair S/W
-
- ECP_GOLDILOCKS_KEY_PAIR_GENERATE(NULL,&S0,&W0);
- printf("Alices public key= 0x");
- OCT_output(&W0);
-
- res=ECP_GOLDILOCKS_PUBLIC_KEY_VALIDATE(&W0);
- if (res!=0)
- {
- printf("ECP Public Key is invalid!\n");
- return 0;
- }
-
- // Random private key for other party
- ECP_GOLDILOCKS_KEY_PAIR_GENERATE(RNG,&S1,&W1);
- res=ECP_GOLDILOCKS_PUBLIC_KEY_VALIDATE(&W1);
- if (res!=0)
- {
- printf("ECP Public Key is invalid!\n");
- return 0;
- }
- printf("Servers private key= 0x");
- OCT_output(&S1);
- printf("Servers public key= 0x");
- OCT_output(&W1);
-
- // Calculate common key using DH - IEEE 1363 method
-
- ECP_GOLDILOCKS_SVDP_DH(&S0,&W1,&Z0);
- ECP_GOLDILOCKS_SVDP_DH(&S1,&W0,&Z1);
-
- if (!OCT_comp(&Z0,&Z1))
- {
- printf("*** ECPSVDP-DH Failed\n");
- return 0;
- }
-
- KDF2(HASH_TYPE_GOLDILOCKS,&Z0,NULL,AESKEY_GOLDILOCKS,&KEY);
-
- printf("Alice's DH Key= 0x");
- OCT_output(&KEY);
- printf("Servers DH Key= 0x");
- OCT_output(&KEY);
-
-#if CURVETYPE_GOLDILOCKS != MONTGOMERY
-
- char ds[EGS_GOLDILOCKS],p1[30],p2[30],v[2*EFS_GOLDILOCKS+1],m[32],c[64],t[32],cs[EGS_GOLDILOCKS];
- octet DS= {0,sizeof(ds),ds};
- octet CS= {0,sizeof(cs),cs};
- octet P1= {0,sizeof(p1),p1};
- octet P2= {0,sizeof(p2),p2};
- octet V= {0,sizeof(v),v};
- octet M= {0,sizeof(m),m};
- octet C= {0,sizeof(c),c};
- octet T= {0,sizeof(t),t};
-
- printf("Testing ECIES\n");
-
- P1.len=3;
- P1.val[0]=0x0;
- P1.val[1]=0x1;
- P1.val[2]=0x2;
- P2.len=4;
- P2.val[0]=0x0;
- P2.val[1]=0x1;
- P2.val[2]=0x2;
- P2.val[3]=0x3;
-
- M.len=17;
- for (i=0; i<=16; i++) M.val[i]=i;
-
- ECP_GOLDILOCKS_ECIES_ENCRYPT(HASH_TYPE_GOLDILOCKS,&P1,&P2,RNG,&W1,&M,12,&V,&C,&T);
-
- printf("Ciphertext= \n");
- printf("V= 0x");
- OCT_output(&V);
- printf("C= 0x");
- OCT_output(&C);
- printf("T= 0x");
- OCT_output(&T);
-
- if (!ECP_GOLDILOCKS_ECIES_DECRYPT(HASH_TYPE_GOLDILOCKS,&P1,&P2,&V,&C,&T,&S1,&M))
- {
- printf("*** ECIES Decryption Failed\n");
- return 0;
- }
- else printf("Decryption succeeded\n");
-
- printf("Message is 0x");
- OCT_output(&M);
-
-
- printf("Testing ECDSA\n");
-
- if (ECP_GOLDILOCKS_SP_DSA(HASH_TYPE_GOLDILOCKS,RNG,NULL,&S0,&M,&CS,&DS)!=0)
- {
- printf("***ECDSA Signature Failed\n");
- return 0;
- }
-
- printf("Signature C = 0x");
- OCT_output(&CS);
- printf("Signature D = 0x");
- OCT_output(&DS);
-
- if (ECP_GOLDILOCKS_VP_DSA(HASH_TYPE_GOLDILOCKS,&W0,&M,&CS,&DS)!=0)
- {
- printf("***ECDSA Verification Failed\n");
- return 0;
- }
- else
- {
- printf("ECDSA Signature/Verification succeeded\n");
- }
-
-#endif
-
- return 0;
-}
-#endif
-
-#define PERMITS // for time permits ON or OFF
-#define PINERROR // For PIN ERROR detection ON or OFF
-#define FULL // for M-Pin Full or M-Pin regular
-
-int mpin_BN254(csprng *RNG)
-{
- int i,pin,rtn,err;
-#ifdef PERMITS
- int date=today();
-#else
- int date=0;
-#endif
- unsigned long ran;
- char x[PGS_BN254],s[PGS_BN254],y[PGS_BN254],client_id[100],sst[4*PFS_BN254],token[2*PFS_BN254+1],sec[2*PFS_BN254+1],permit[2*PFS_BN254+1],xcid[2*PFS_BN254+1],xid[2*PFS_BN254+1],e[12*PFS_BN254],f[12*PFS_BN254];
- char hcid[PFS_BN254],hsid[PFS_BN254],hid[2*PFS_BN254+1],htid[2*PFS_BN254+1],h[PGS_BN254];
-#ifdef FULL
- char r[PGS_BN254],z[2*PFS_BN254+1],w[PGS_BN254],t[2*PFS_BN254+1];
- char g1[12*PFS_BN254],g2[12*PFS_BN254];
- char ck[AESKEY_BN254],sk[AESKEY_BN254];
-#endif
- octet S= {0,sizeof(s),s};
- octet X= {0,sizeof(x),x};
- octet Y= {0,sizeof(y),y};
- octet H= {0,sizeof(h),h};
- octet CLIENT_ID= {0,sizeof(client_id),client_id};
- octet SST= {0,sizeof(sst),sst};
- octet TOKEN= {0,sizeof(token),token};
- octet SEC= {0,sizeof(sec),sec};
- octet PERMIT= {0,sizeof(permit),permit};
- octet xCID= {0,sizeof(xcid),xcid};
- octet xID= {0,sizeof(xid),xid};
- octet HCID= {0,sizeof(hcid),hcid};
- octet HSID= {0,sizeof(hsid),hsid};
- octet HID= {0,sizeof(hid),hid};
- octet HTID= {0,sizeof(htid),htid};
- octet E= {0,sizeof(e),e};
- octet F= {0,sizeof(f),f};
-#ifdef FULL
- octet R= {0,sizeof(r),r};
- octet Z= {0,sizeof(z),z};
- octet W= {0,sizeof(w),w};
- octet T= {0,sizeof(t),t};
- octet G1= {0,sizeof(g1),g1};
- octet G2= {0,sizeof(g2),g2};
- octet SK= {0,sizeof(sk),sk};
- octet CK= {0,sizeof(ck),ck};
-#endif
- octet *pxID,*pxCID,*pHID,*pHTID,*pE,*pF,*pPERMIT,*prHID;
- char idhex[100];
-
- // Trusted Authority set-up
- MPIN_BN254_RANDOM_GENERATE(RNG,&S);
- printf("Master Secret= ");
- OCT_output(&S);
-
- // Create Client Identity
- OCT_jstring(&CLIENT_ID,"testUser@miracl.com");
- HASH_ID(HASH_TYPE_BN254,&CLIENT_ID,&HCID); // Either Client or TA calculates Hash(ID) - you decide!
-
- printf("Client ID Hash= ");
- OCT_output(&HCID);
- printf("\n");
-
- OCT_toHex(&CLIENT_ID,idhex);
- printf("Client ID= %s\n",idhex);// OCT_toHex(&CLIENT_ID); printf("\n");
-
- MPIN_BN254_GET_CLIENT_SECRET(&S,&HCID,&TOKEN);
- printf("Client Secret= ");
- OCT_output(&TOKEN);
-
-// Client and Server are issued secrets by DTA
- MPIN_BN254_GET_SERVER_SECRET(&S,&SST);
- printf("Server Secret= ");
- OCT_output(&SST);
-
-
-
- // Client extracts PIN from secret to create Token
- pin=1234;
- printf("Client extracts PIN= %d\n",pin);
- MPIN_BN254_EXTRACT_PIN(HASH_TYPE_BN254,&CLIENT_ID,pin,&TOKEN);
- printf("Client Token= ");
- OCT_output(&TOKEN);
-
-#ifdef FULL
- MPIN_BN254_PRECOMPUTE(&TOKEN,&HCID,NULL,&G1,&G2);
-#endif
-
-#ifdef PERMITS
- // Client gets "Time Permit" from DTA
- printf("Client gets Time Permit\n");
-
- MPIN_BN254_GET_CLIENT_PERMIT(HASH_TYPE_BN254,date,&S,&HCID,&PERMIT);
- printf("Time Permit= ");
- OCT_output(&PERMIT);
-
- // This encoding makes Time permit look random
- if (MPIN_BN254_ENCODING(RNG,&PERMIT)!=0) printf("Encoding error\n");
- // printf("Encoded Time Permit= "); OCT_output(&PERMIT);
- if (MPIN_BN254_DECODING(&PERMIT)!=0) printf("Decoding error\n");
- // printf("Decoded Time Permit= "); OCT_output(&PERMIT);
-#endif
-
- // MPin Protocol
-
- // Client enters PIN
- printf("\nPIN= ");
- if(scanf("%d",&pin)) {};
- // to avoid silly compile error
- getchar();
-
- // Set date=0 and PERMIT=NULL if time permits not in use
-
- // Client First pass: Inputs CLIENT_ID, optional RNG, pin, TOKEN and PERMIT. Output xID = x.H(CLIENT_ID) and re-combined secret SEC
- // If PERMITS are is use, then date!=0 and PERMIT is added to secret and xCID = x.(H(CLIENT_ID)+H(date|H(CLIENT_ID)))
- // Random value x is supplied externally if RNG=NULL, otherwise generated and passed out by RNG
-
- // HSID - hashed client ID as calculated by the server
- // HCID - hashed client ID as calculated by the client
-
- // IMPORTANT: To save space and time..
- // If Time Permits OFF set xCID = NULL, HTID=NULL and use xID and HID only
- // If Time permits are ON, AND pin error detection is required then all of xID, xCID, HID and HTID are required
- // If Time permits are ON, AND pin error detection is NOT required, set xID=NULL, HID=NULL and use xCID and HTID only.
-
-
-
- pxID=&xID;
- pxCID=&xCID;
- pHID=&HID;
- pHTID=&HTID;
- pE=&E;
- pF=&F;
- pPERMIT=&PERMIT;
-
-#ifdef PERMITS
- prHID=pHTID;
-#ifndef PINERROR
- pxID=NULL;
-// pHID=NULL; //new
-#endif
-#else
- prHID=pHID;
- pPERMIT=NULL;
- pxCID=NULL;
- pHTID=NULL;
-#endif
-#ifndef PINERROR
- pE=NULL;
- pF=NULL;
-#endif
-
- // When set only send hashed IDs to server
- octet *pID;
-#ifdef USE_ANONYMOUS
- pID = &HCID;
-#else
- pID = &CLIENT_ID;
-#endif
-
-#ifdef SINGLE_PASS
- int timeValue;
- printf("MPIN Single Pass\n");
- timeValue = MPIN_BN254_GET_TIME();
-
- rtn=MPIN_BN254_CLIENT(HASH_TYPE_BN254,date,&CLIENT_ID,RNG,&X,pin,&TOKEN,&SEC,pxID,pxCID,pPERMIT,NULL,timeValue,&Y);
-
- if (rtn != 0)
- {
- printf("MPIN_BN254_CLIENT ERROR %d\n", rtn);
- return 1;
- }
-
-#ifdef FULL
- MPIN_BN254_GET_G1_MULTIPLE(RNG,1,&R,&HCID,&Z); // Also Send Z=r.ID to Server, remember random r
-#endif
-
-
- rtn=MPIN_BN254_SERVER(HASH_TYPE_BN254,date,pHID,pHTID,&Y,&SST,pxID,pxCID,&SEC,pE,pF,pID,NULL,timeValue,NULL);
-
-#ifdef FULL
- HASH_ID(HASH_TYPE_BN254,&CLIENT_ID,&HSID); // new
- MPIN_BN254_GET_G1_MULTIPLE(RNG,0,&W,prHID,&T); // Also send T=w.ID to client, remember random w
-#endif
-
-#else // SINGLE_PASS
- printf("MPIN Multi Pass\n");
- if (MPIN_BN254_CLIENT_1(HASH_TYPE_BN254,date,&CLIENT_ID,RNG,&X,pin,&TOKEN,&SEC,pxID,pxCID,pPERMIT)!=0)
- {
- printf("Error from Client side - First Pass\n");
- return 0;
- }
-
- // Send U=x.ID to server, and recreate secret from token and pin
-
-#ifdef FULL
- HASH_ID(HASH_TYPE_BN254,&CLIENT_ID,&HCID);
- MPIN_BN254_GET_G1_MULTIPLE(RNG,1,&R,&HCID,&Z); // Also Send Z=r.ID to Server, remember random r, DH component
-#endif
-
- // Server calculates H(ID) and H(ID)+H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp.
- MPIN_BN254_SERVER_1(HASH_TYPE_BN254,date,pID,pHID,pHTID);
-
- // Server generates Random number Y and sends it to Client
- MPIN_BN254_RANDOM_GENERATE(RNG,&Y);
-
-#ifdef FULL
- HASH_ID(HASH_TYPE_BN254,&CLIENT_ID,&HSID); //new
- MPIN_BN254_GET_G1_MULTIPLE(RNG,0,&W,prHID,&T); // Also send T=w.ID to client, remember random w, DH component
-#endif
-
- // Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC
- if (MPIN_BN254_CLIENT_2(&X,&Y,&SEC)!=0)
- {
- printf("Error from Client side - Second Pass\n");
- return 1;
- }
-
- // Server Second phase. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error.
- // If PIN error not required, set E and F = NULL
- rtn=MPIN_BN254_SERVER_2(date,pHID,pHTID,&Y,&SST,pxID,pxCID,&SEC,pE,pF,NULL);
-#endif // SINGLE_PASS
-
- if (rtn!=0)
- {
- printf("Server says - Bad Pin.\n");
-#ifdef PINERROR
-
- err=MPIN_BN254_KANGAROO(&E,&F);
- if (err) printf("(Client PIN is out by %d)\n",err);
-
-#endif
- return 1;
- }
- else
- {
- printf("Server says - PIN is good! You really are ");
- OCT_output_string(&CLIENT_ID);
- printf(".\n");
- }
-
-#ifdef FULL
-
- HASH_ALL(HASH_TYPE_BN254,&HCID,pxID,pxCID,&SEC,&Y,&Z,&T,&H); // new
- MPIN_BN254_CLIENT_KEY(HASH_TYPE_BN254,&G1,&G2,pin,&R,&X,&H,&T,&CK); // new H
- printf("Client Key = ");
- OCT_output(&CK);
-
- HASH_ALL(HASH_TYPE_BN254,&HSID,pxID,pxCID,&SEC,&Y,&Z,&T,&H);
- MPIN_BN254_SERVER_KEY(HASH_TYPE_BN254,&Z,&SST,&W,&H,pHID,pxID,pxCID,&SK); // new H,pHID
- printf("Server Key = ");
- OCT_output(&SK);
-#endif
- return 0;
-}
-
-#if CHUNK==32 || CHUNK==64
-
-int mpin_BLS383(csprng *RNG)
-{
- int i,pin,rtn,err;
-#ifdef PERMITS
- int date=today();
-#else
- int date=0;
-#endif
- unsigned long ran;
- char x[PGS_BLS383],s[PGS_BLS383],y[PGS_BLS383],client_id[100],sst[4*PFS_BLS383],token[2*PFS_BLS383+1],sec[2*PFS_BLS383+1],permit[2*PFS_BLS383+1],xcid[2*PFS_BLS383+1],xid[2*PFS_BLS383+1],e[12*PFS_BLS383],f[12*PFS_BLS383];
- char hcid[PFS_BLS383],hsid[PFS_BLS383],hid[2*PFS_BLS383+1],htid[2*PFS_BLS383+1],h[PGS_BLS383];
-#ifdef FULL
- char r[PGS_BLS383],z[2*PFS_BLS383+1],w[PGS_BLS383],t[2*PFS_BLS383+1];
- char g1[12*PFS_BLS383],g2[12*PFS_BLS383];
- char ck[AESKEY_BLS383],sk[AESKEY_BLS383];
-#endif
- octet S= {0,sizeof(s),s};
- octet X= {0,sizeof(x),x};
- octet Y= {0,sizeof(y),y};
- octet H= {0,sizeof(h),h};
- octet CLIENT_ID= {0,sizeof(client_id),client_id};
- octet SST= {0,sizeof(sst),sst};
- octet TOKEN= {0,sizeof(token),token};
- octet SEC= {0,sizeof(sec),sec};
- octet PERMIT= {0,sizeof(permit),permit};
- octet xCID= {0,sizeof(xcid),xcid};
- octet xID= {0,sizeof(xid),xid};
- octet HCID= {0,sizeof(hcid),hcid};
- octet HSID= {0,sizeof(hsid),hsid};
- octet HID= {0,sizeof(hid),hid};
- octet HTID= {0,sizeof(htid),htid};
- octet E= {0,sizeof(e),e};
- octet F= {0,sizeof(f),f};
-#ifdef FULL
- octet R= {0,sizeof(r),r};
- octet Z= {0,sizeof(z),z};
- octet W= {0,sizeof(w),w};
- octet T= {0,sizeof(t),t};
- octet G1= {0,sizeof(g1),g1};
- octet G2= {0,sizeof(g2),g2};
- octet SK= {0,sizeof(sk),sk};
- octet CK= {0,sizeof(ck),ck};
-#endif
- octet *pxID,*pxCID,*pHID,*pHTID,*pE,*pF,*pPERMIT,*prHID;
- char idhex[100];
-
- // Trusted Authority set-up
- MPIN_BLS383_RANDOM_GENERATE(RNG,&S);
- printf("Master Secret= ");
- OCT_output(&S);
-
- // Create Client Identity
- OCT_jstring(&CLIENT_ID,"testUser@miracl.com");
- HASH_ID(HASH_TYPE_BLS383,&CLIENT_ID,&HCID); // Either Client or TA calculates Hash(ID) - you decide!
-
- printf("Client ID Hash= ");
- OCT_output(&HCID);
- printf("\n");
-
- OCT_toHex(&CLIENT_ID,idhex);
- printf("Client ID= %s\n",idhex);// OCT_toHex(&CLIENT_ID); printf("\n");
-
- MPIN_BLS383_GET_CLIENT_SECRET(&S,&HCID,&TOKEN);
- printf("Client Secret= ");
- OCT_output(&TOKEN);
-
-// Client and Server are issued secrets by DTA
- MPIN_BLS383_GET_SERVER_SECRET(&S,&SST);
- printf("Server Secret= ");
- OCT_output(&SST);
-
-
-
- // Client extracts PIN from secret to create Token
- pin=1234;
- printf("Client extracts PIN= %d\n",pin);
- MPIN_BLS383_EXTRACT_PIN(HASH_TYPE_BLS383,&CLIENT_ID,pin,&TOKEN);
- printf("Client Token= ");
- OCT_output(&TOKEN);
-
-#ifdef FULL
- MPIN_BLS383_PRECOMPUTE(&TOKEN,&HCID,NULL,&G1,&G2);
-#endif
-
-#ifdef PERMITS
- // Client gets "Time Permit" from DTA
- printf("Client gets Time Permit\n");
-
- MPIN_BLS383_GET_CLIENT_PERMIT(HASH_TYPE_BLS383,date,&S,&HCID,&PERMIT);
- printf("Time Permit= ");
- OCT_output(&PERMIT);
-
- // This encoding makes Time permit look random
- if (MPIN_BLS383_ENCODING(RNG,&PERMIT)!=0) printf("Encoding error\n");
- // printf("Encoded Time Permit= "); OCT_output(&PERMIT);
- if (MPIN_BLS383_DECODING(&PERMIT)!=0) printf("Decoding error\n");
- // printf("Decoded Time Permit= "); OCT_output(&PERMIT);
-#endif
-
- // MPin Protocol
-
- // Client enters PIN
- printf("\nPIN= ");
- if(scanf("%d",&pin)) {};
- // to avoid silly compile error
- getchar();
-
- // Set date=0 and PERMIT=NULL if time permits not in use
-
- // Client First pass: Inputs CLIENT_ID, optional RNG, pin, TOKEN and PERMIT. Output xID = x.H(CLIENT_ID) and re-combined secret SEC
- // If PERMITS are is use, then date!=0 and PERMIT is added to secret and xCID = x.(H(CLIENT_ID)+H(date|H(CLIENT_ID)))
- // Random value x is supplied externally if RNG=NULL, otherwise generated and passed out by RNG
-
- // HSID - hashed client ID as calculated by the server
- // HCID - hashed client ID as calculated by the client
-
- // IMPORTANT: To save space and time..
- // If Time Permits OFF set xCID = NULL, HTID=NULL and use xID and HID only
- // If Time permits are ON, AND pin error detection is required then all of xID, xCID, HID and HTID are required
- // If Time permits are ON, AND pin error detection is NOT required, set xID=NULL, HID=NULL and use xCID and HTID only.
-
-
-
- pxID=&xID;
- pxCID=&xCID;
- pHID=&HID;
- pHTID=&HTID;
- pE=&E;
- pF=&F;
- pPERMIT=&PERMIT;
-
-#ifdef PERMITS
- prHID=pHTID;
-#ifndef PINERROR
- pxID=NULL;
-// pHID=NULL; //new
-#endif
-#else
- prHID=pHID;
- pPERMIT=NULL;
- pxCID=NULL;
- pHTID=NULL;
-#endif
-#ifndef PINERROR
- pE=NULL;
- pF=NULL;
-#endif
-
- // When set only send hashed IDs to server
- octet *pID;
-#ifdef USE_ANONYMOUS
- pID = &HCID;
-#else
- pID = &CLIENT_ID;
-#endif
-
-#ifdef SINGLE_PASS
- int timeValue;
- printf("MPIN Single Pass\n");
- timeValue = MPIN_BLS383_GET_TIME();
-
- rtn=MPIN_BLS383_CLIENT(HASH_TYPE_BLS383,date,&CLIENT_ID,RNG,&X,pin,&TOKEN,&SEC,pxID,pxCID,pPERMIT,NULL,timeValue,&Y);
-
- if (rtn != 0)
- {
- printf("MPIN_BLS383_CLIENT ERROR %d\n", rtn);
- return 1;
- }
-
-#ifdef FULL
- MPIN_BLS383_GET_G1_MULTIPLE(RNG,1,&R,&HCID,&Z); // Also Send Z=r.ID to Server, remember random r
-#endif
-
-
- rtn=MPIN_BLS383_SERVER(HASH_TYPE_BLS383,date,pHID,pHTID,&Y,&SST,pxID,pxCID,&SEC,pE,pF,pID,NULL,timeValue,NULL);
-
-#ifdef FULL
- HASH_ID(HASH_TYPE_BLS383,&CLIENT_ID,&HSID); // new
- MPIN_BLS383_GET_G1_MULTIPLE(RNG,0,&W,prHID,&T); // Also send T=w.ID to client, remember random w
-#endif
-
-#else // SINGLE_PASS
- printf("MPIN Multi Pass\n");
- if (MPIN_BLS383_CLIENT_1(HASH_TYPE_BLS383,date,&CLIENT_ID,RNG,&X,pin,&TOKEN,&SEC,pxID,pxCID,pPERMIT)!=0)
- {
- printf("Error from Client side - First Pass\n");
- return 0;
- }
-
- // Send U=x.ID to server, and recreate secret from token and pin
-
-#ifdef FULL
- HASH_ID(HASH_TYPE_BLS383,&CLIENT_ID,&HCID);
- MPIN_BLS383_GET_G1_MULTIPLE(RNG,1,&R,&HCID,&Z); // Also Send Z=r.ID to Server, remember random r, DH component
-#endif
-
- // Server calculates H(ID) and H(ID)+H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp.
- MPIN_BLS383_SERVER_1(HASH_TYPE_BLS383,date,pID,pHID,pHTID);
-
- // Server generates Random number Y and sends it to Client
- MPIN_BLS383_RANDOM_GENERATE(RNG,&Y);
-
-#ifdef FULL
- HASH_ID(HASH_TYPE_BLS383,&CLIENT_ID,&HSID); //new
- MPIN_BLS383_GET_G1_MULTIPLE(RNG,0,&W,prHID,&T); // Also send T=w.ID to client, remember random w, DH component
-#endif
-
- // Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC
- if (MPIN_BLS383_CLIENT_2(&X,&Y,&SEC)!=0)
- {
- printf("Error from Client side - Second Pass\n");
- return 1;
- }
-
- // Server Second phase. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error.
- // If PIN error not required, set E and F = NULL
- rtn=MPIN_BLS383_SERVER_2(date,pHID,pHTID,&Y,&SST,pxID,pxCID,&SEC,pE,pF,NULL);
-#endif // SINGLE_PASS
-
- if (rtn!=0)
- {
- printf("Server says - Bad Pin.\n");
-#ifdef PINERROR
-
- err=MPIN_BLS383_KANGAROO(&E,&F);
- if (err) printf("(Client PIN is out by %d)\n",err);
-
-#endif
- return 1;
- }
- else
- {
- printf("Server says - PIN is good! You really are ");
- OCT_output_string(&CLIENT_ID);
- printf(".\n");
- }
-
-#ifdef FULL
-
- HASH_ALL(HASH_TYPE_BLS383,&HCID,pxID,pxCID,&SEC,&Y,&Z,&T,&H); // new
- MPIN_BLS383_CLIENT_KEY(HASH_TYPE_BLS383,&G1,&G2,pin,&R,&X,&H,&T,&CK); // new H
- printf("Client Key = ");
- OCT_output(&CK);
-
- HASH_ALL(HASH_TYPE_BLS383,&HSID,pxID,pxCID,&SEC,&Y,&Z,&T,&H);
- MPIN_BLS383_SERVER_KEY(HASH_TYPE_BLS383,&Z,&SST,&W,&H,pHID,pxID,pxCID,&SK); // new H,pHID
- printf("Server Key = ");
- OCT_output(&SK);
-#endif
- return 0;
-}
-
-
-int mpin192_BLS24(csprng *RNG)
-{
- int i,pin,rtn,err;
-#ifdef PERMITS
- int date=today();
-#else
- int date=0;
-#endif
- unsigned long ran;
- char x[PGS_BLS24],s[PGS_BLS24],y[PGS_BLS24],client_id[100],sst[8*PFS_BLS24],token[2*PFS_BLS24+1],sec[2*PFS_BLS24+1],permit[2*PFS_BLS24+1],xcid[2*PFS_BLS24+1],xid[2*PFS_BLS24+1],e[24*PFS_BLS24],f[24*PFS_BLS24];
- char hcid[PFS_BLS24],hsid[PFS_BLS24],hid[2*PFS_BLS24+1],htid[2*PFS_BLS24+1],h[PGS_BLS24];
-#ifdef FULL
- char r[PGS_BLS24],z[2*PFS_BLS24+1],w[PGS_BLS24],t[2*PFS_BLS24+1];
- char g1[24*PFS_BLS24],g2[24*PFS_BLS24];
- char ck[AESKEY_BLS24],sk[AESKEY_BLS24];
-#endif
- octet S= {0,sizeof(s),s};
- octet X= {0,sizeof(x),x};
- octet Y= {0,sizeof(y),y};
- octet H= {0,sizeof(h),h};
- octet CLIENT_ID= {0,sizeof(client_id),client_id};
- octet SST= {0,sizeof(sst),sst};
- octet TOKEN= {0,sizeof(token),token};
- octet SEC= {0,sizeof(sec),sec};
- octet PERMIT= {0,sizeof(permit),permit};
- octet xCID= {0,sizeof(xcid),xcid};
- octet xID= {0,sizeof(xid),xid};
- octet HCID= {0,sizeof(hcid),hcid};
- octet HSID= {0,sizeof(hsid),hsid};
- octet HID= {0,sizeof(hid),hid};
- octet HTID= {0,sizeof(htid),htid};
- octet E= {0,sizeof(e),e};
- octet F= {0,sizeof(f),f};
-#ifdef FULL
- octet R= {0,sizeof(r),r};
- octet Z= {0,sizeof(z),z};
- octet W= {0,sizeof(w),w};
- octet T= {0,sizeof(t),t};
- octet G1= {0,sizeof(g1),g1};
- octet G2= {0,sizeof(g2),g2};
- octet SK= {0,sizeof(sk),sk};
- octet CK= {0,sizeof(ck),ck};
-#endif
- octet *pxID,*pxCID,*pHID,*pHTID,*pE,*pF,*pPERMIT,*prHID;
- char idhex[100];
-
- // Trusted Authority set-up
- MPIN_BLS24_RANDOM_GENERATE(RNG,&S);
- printf("Master Secret= ");
- OCT_output(&S);
-
- // Create Client Identity
- OCT_jstring(&CLIENT_ID,"testUser@miracl.com");
- HASH_ID(HASH_TYPE_BLS24,&CLIENT_ID,&HCID); // Either Client or TA calculates Hash(ID) - you decide!
-
- printf("Client ID Hash= ");
- OCT_output(&HCID);
- printf("\n");
-
- OCT_toHex(&CLIENT_ID,idhex);
- printf("Client ID= %s\n",idhex);// OCT_toHex(&CLIENT_ID); printf("\n");
-
- MPIN_BLS24_GET_CLIENT_SECRET(&S,&HCID,&TOKEN);
- printf("Client Secret= ");
- OCT_output(&TOKEN);
-
-// Client and Server are issued secrets by DTA
- MPIN_BLS24_GET_SERVER_SECRET(&S,&SST);
- printf("Server Secret= ");
- OCT_output(&SST);
-
-
-
- // Client extracts PIN from secret to create Token
- pin=1234;
- printf("Client extracts PIN= %d\n",pin);
- MPIN_BLS24_EXTRACT_PIN(HASH_TYPE_BLS24,&CLIENT_ID,pin,&TOKEN);
- printf("Client Token= ");
- OCT_output(&TOKEN);
-
-#ifdef FULL
- MPIN_BLS24_PRECOMPUTE(&TOKEN,&HCID,NULL,&G1,&G2);
-#endif
-
-#ifdef PERMITS
- // Client gets "Time Permit" from DTA
- printf("Client gets Time Permit\n");
-
- MPIN_BLS24_GET_CLIENT_PERMIT(HASH_TYPE_BLS24,date,&S,&HCID,&PERMIT);
- printf("Time Permit= ");
- OCT_output(&PERMIT);
-
- // This encoding makes Time permit look random
- if (MPIN_BLS24_ENCODING(RNG,&PERMIT)!=0) printf("Encoding error\n");
- // printf("Encoded Time Permit= "); OCT_output(&PERMIT);
- if (MPIN_BLS24_DECODING(&PERMIT)!=0) printf("Decoding error\n");
- // printf("Decoded Time Permit= "); OCT_output(&PERMIT);
-#endif
-
- // MPin Protocol
-
- // Client enters PIN
- printf("\nPIN= ");
- if(scanf("%d",&pin)) {};
- // to avoid silly compile error
- getchar();
-
- // Set date=0 and PERMIT=NULL if time permits not in use
-
- // Client First pass: Inputs CLIENT_ID, optional RNG, pin, TOKEN and PERMIT. Output xID = x.H(CLIENT_ID) and re-combined secret SEC
- // If PERMITS are is use, then date!=0 and PERMIT is added to secret and xCID = x.(H(CLIENT_ID)+H(date|H(CLIENT_ID)))
- // Random value x is supplied externally if RNG=NULL, otherwise generated and passed out by RNG
-
- // HSID - hashed client ID as calculated by the server
- // HCID - hashed client ID as calculated by the client
-
- // IMPORTANT: To save space and time..
- // If Time Permits OFF set xCID = NULL, HTID=NULL and use xID and HID only
- // If Time permits are ON, AND pin error detection is required then all of xID, xCID, HID and HTID are required
- // If Time permits are ON, AND pin error detection is NOT required, set xID=NULL, HID=NULL and use xCID and HTID only.
-
-
-
- pxID=&xID;
- pxCID=&xCID;
- pHID=&HID;
- pHTID=&HTID;
- pE=&E;
- pF=&F;
- pPERMIT=&PERMIT;
-
-#ifdef PERMITS
- prHID=pHTID;
-#ifndef PINERROR
- pxID=NULL;
-// pHID=NULL; //new
-#endif
-#else
- prHID=pHID;
- pPERMIT=NULL;
- pxCID=NULL;
- pHTID=NULL;
-#endif
-#ifndef PINERROR
- pE=NULL;
- pF=NULL;
-#endif
-
- // When set only send hashed IDs to server
- octet *pID;
-#ifdef USE_ANONYMOUS
- pID = &HCID;
-#else
- pID = &CLIENT_ID;
-#endif
-
-#ifdef SINGLE_PASS
- int timeValue;
- printf("MPIN Single Pass\n");
- timeValue = MPIN_BLS24_GET_TIME();
-
- rtn=MPIN_BLS24_CLIENT(HASH_TYPE_BLS24,date,&CLIENT_ID,RNG,&X,pin,&TOKEN,&SEC,pxID,pxCID,pPERMIT,NULL,timeValue,&Y);
-
- if (rtn != 0)
- {
- printf("MPIN_BLS24_CLIENT ERROR %d\n", rtn);
- return 1;
- }
-
-#ifdef FULL
- MPIN_BLS24_GET_G1_MULTIPLE(RNG,1,&R,&HCID,&Z); // Also Send Z=r.ID to Server, remember random r
-#endif
-
-
- rtn=MPIN_BLS24_SERVER(HASH_TYPE_BLS24,date,pHID,pHTID,&Y,&SST,pxID,pxCID,&SEC,pE,pF,pID,NULL,timeValue,NULL);
-
-#ifdef FULL
- HASH_ID(HASH_TYPE_BLS24,&CLIENT_ID,&HSID); // new
- MPIN_BLS24_GET_G1_MULTIPLE(RNG,0,&W,prHID,&T); // Also send T=w.ID to client, remember random w
-#endif
-
-#else // SINGLE_PASS
- printf("MPIN Multi Pass\n");
- if (MPIN_BLS24_CLIENT_1(HASH_TYPE_BLS24,date,&CLIENT_ID,RNG,&X,pin,&TOKEN,&SEC,pxID,pxCID,pPERMIT)!=0)
- {
- printf("Error from Client side - First Pass\n");
- return 0;
- }
-
- // Send U=x.ID to server, and recreate secret from token and pin
-
-#ifdef FULL
- HASH_ID(HASH_TYPE_BLS24,&CLIENT_ID,&HCID);
- MPIN_BLS24_GET_G1_MULTIPLE(RNG,1,&R,&HCID,&Z); // Also Send Z=r.ID to Server, remember random r, DH component
-#endif
-
- // Server calculates H(ID) and H(ID)+H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp.
- MPIN_BLS24_SERVER_1(HASH_TYPE_BLS24,date,pID,pHID,pHTID);
-
- // Server generates Random number Y and sends it to Client
- MPIN_BLS24_RANDOM_GENERATE(RNG,&Y);
-
-#ifdef FULL
- HASH_ID(HASH_TYPE_BLS24,&CLIENT_ID,&HSID); //new
- MPIN_BLS24_GET_G1_MULTIPLE(RNG,0,&W,prHID,&T); // Also send T=w.ID to client, remember random w, DH component
-#endif
-
- // Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC
- if (MPIN_BLS24_CLIENT_2(&X,&Y,&SEC)!=0)
- {
- printf("Error from Client side - Second Pass\n");
- return 1;
- }
-
- // Server Second phase. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error.
- // If PIN error not required, set E and F = NULL
- rtn=MPIN_BLS24_SERVER_2(date,pHID,pHTID,&Y,&SST,pxID,pxCID,&SEC,pE,pF,NULL);
-#endif // SINGLE_PASS
-
- if (rtn!=0)
- {
- printf("Server says - Bad Pin.\n");
-#ifdef PINERROR
-
- err=MPIN_BLS24_KANGAROO(&E,&F);
- if (err) printf("(Client PIN is out by %d)\n",err);
-
-#endif
- return 1;
- }
- else
- {
- printf("Server says - PIN is good! You really are ");
- OCT_output_string(&CLIENT_ID);
- printf(".\n");
- }
-
-#ifdef FULL
-
- HASH_ALL(HASH_TYPE_BLS24,&HCID,pxID,pxCID,&SEC,&Y,&Z,&T,&H); // new
- MPIN_BLS24_CLIENT_KEY(HASH_TYPE_BLS24,&G1,&G2,pin,&R,&X,&H,&T,&CK); // new H
- printf("Client Key = ");
- OCT_output(&CK);
-
- HASH_ALL(HASH_TYPE_BLS24,&HSID,pxID,pxCID,&SEC,&Y,&Z,&T,&H);
- MPIN_BLS24_SERVER_KEY(HASH_TYPE_BLS24,&Z,&SST,&W,&H,pHID,pxID,pxCID,&SK); // new H,pHID
- printf("Server Key = ");
- OCT_output(&SK);
-#endif
- return 0;
-}
-
-
-int mpin256_BLS48(csprng *RNG)
-{
- int i,pin,rtn,err;
-#ifdef PERMITS
- int date=today();
-#else
- int date=0;
-#endif
- unsigned long ran;
- char x[PGS_BLS48],s[PGS_BLS48],y[PGS_BLS48],client_id[100],sst[16*PFS_BLS48],token[2*PFS_BLS48+1],sec[2*PFS_BLS48+1],permit[2*PFS_BLS48+1],xcid[2*PFS_BLS48+1],xid[2*PFS_BLS48+1],e[48*PFS_BLS48],f[48*PFS_BLS48];
- char hcid[PFS_BLS48],hsid[PFS_BLS48],hid[2*PFS_BLS48+1],htid[2*PFS_BLS48+1],h[PGS_BLS48];
-#ifdef FULL
- char r[PGS_BLS48],z[2*PFS_BLS48+1],w[PGS_BLS48],t[2*PFS_BLS48+1];
- char g1[48*PFS_BLS48],g2[48*PFS_BLS48];
- char ck[AESKEY_BLS48],sk[AESKEY_BLS48];
-#endif
- octet S= {0,sizeof(s),s};
- octet X= {0,sizeof(x),x};
- octet Y= {0,sizeof(y),y};
- octet H= {0,sizeof(h),h};
- octet CLIENT_ID= {0,sizeof(client_id),client_id};
- octet SST= {0,sizeof(sst),sst};
- octet TOKEN= {0,sizeof(token),token};
- octet SEC= {0,sizeof(sec),sec};
- octet PERMIT= {0,sizeof(permit),permit};
- octet xCID= {0,sizeof(xcid),xcid};
- octet xID= {0,sizeof(xid),xid};
- octet HCID= {0,sizeof(hcid),hcid};
- octet HSID= {0,sizeof(hsid),hsid};
- octet HID= {0,sizeof(hid),hid};
- octet HTID= {0,sizeof(htid),htid};
- octet E= {0,sizeof(e),e};
- octet F= {0,sizeof(f),f};
-#ifdef FULL
- octet R= {0,sizeof(r),r};
- octet Z= {0,sizeof(z),z};
- octet W= {0,sizeof(w),w};
- octet T= {0,sizeof(t),t};
- octet G1= {0,sizeof(g1),g1};
- octet G2= {0,sizeof(g2),g2};
- octet SK= {0,sizeof(sk),sk};
- octet CK= {0,sizeof(ck),ck};
-#endif
- octet *pxID,*pxCID,*pHID,*pHTID,*pE,*pF,*pPERMIT,*prHID;
- char idhex[100];
-
- // Trusted Authority set-up
- MPIN_BLS48_RANDOM_GENERATE(RNG,&S);
- printf("Master Secret= ");
- OCT_output(&S);
-
- // Create Client Identity
- OCT_jstring(&CLIENT_ID,"testUser@miracl.com");
- HASH_ID(HASH_TYPE_BLS48,&CLIENT_ID,&HCID); // Either Client or TA calculates Hash(ID) - you decide!
-
- printf("Client ID Hash= ");
- OCT_output(&HCID);
- printf("\n");
-
- OCT_toHex(&CLIENT_ID,idhex);
- printf("Client ID= %s\n",idhex);// OCT_toHex(&CLIENT_ID); printf("\n");
-
- MPIN_BLS48_GET_CLIENT_SECRET(&S,&HCID,&TOKEN);
- printf("Client Secret= ");
- OCT_output(&TOKEN);
-
-// Client and Server are issued secrets by DTA
- MPIN_BLS48_GET_SERVER_SECRET(&S,&SST);
- printf("Server Secret= ");
- OCT_output(&SST);
-
-
-
- // Client extracts PIN from secret to create Token
- pin=1234;
- printf("Client extracts PIN= %d\n",pin);
- MPIN_BLS48_EXTRACT_PIN(HASH_TYPE_BLS48,&CLIENT_ID,pin,&TOKEN);
- printf("Client Token= ");
- OCT_output(&TOKEN);
-
-#ifdef FULL
- MPIN_BLS48_PRECOMPUTE(&TOKEN,&HCID,NULL,&G1,&G2);
-#endif
-
-#ifdef PERMITS
- // Client gets "Time Permit" from DTA
- printf("Client gets Time Permit\n");
-
- MPIN_BLS48_GET_CLIENT_PERMIT(HASH_TYPE_BLS48,date,&S,&HCID,&PERMIT);
- printf("Time Permit= ");
- OCT_output(&PERMIT);
-
- // This encoding makes Time permit look random
- if (MPIN_BLS48_ENCODING(RNG,&PERMIT)!=0) printf("Encoding error\n");
- // printf("Encoded Time Permit= "); OCT_output(&PERMIT);
- if (MPIN_BLS48_DECODING(&PERMIT)!=0) printf("Decoding error\n");
- // printf("Decoded Time Permit= "); OCT_output(&PERMIT);
-#endif
-
- // MPin Protocol
-
- // Client enters PIN
- printf("\nPIN= ");
- if(scanf("%d",&pin)) {};
- // to avoid silly compile error
- getchar();
-
- // Set date=0 and PERMIT=NULL if time permits not in use
-
- // Client First pass: Inputs CLIENT_ID, optional RNG, pin, TOKEN and PERMIT. Output xID = x.H(CLIENT_ID) and re-combined secret SEC
- // If PERMITS are is use, then date!=0 and PERMIT is added to secret and xCID = x.(H(CLIENT_ID)+H(date|H(CLIENT_ID)))
- // Random value x is supplied externally if RNG=NULL, otherwise generated and passed out by RNG
-
- // HSID - hashed client ID as calculated by the server
- // HCID - hashed client ID as calculated by the client
-
- // IMPORTANT: To save space and time..
- // If Time Permits OFF set xCID = NULL, HTID=NULL and use xID and HID only
- // If Time permits are ON, AND pin error detection is required then all of xID, xCID, HID and HTID are required
- // If Time permits are ON, AND pin error detection is NOT required, set xID=NULL, HID=NULL and use xCID and HTID only.
-
-
-
- pxID=&xID;
- pxCID=&xCID;
- pHID=&HID;
- pHTID=&HTID;
- pE=&E;
- pF=&F;
- pPERMIT=&PERMIT;
-
-#ifdef PERMITS
- prHID=pHTID;
-#ifndef PINERROR
- pxID=NULL;
-// pHID=NULL; //new
-#endif
-#else
- prHID=pHID;
- pPERMIT=NULL;
- pxCID=NULL;
- pHTID=NULL;
-#endif
-#ifndef PINERROR
- pE=NULL;
- pF=NULL;
-#endif
-
- // When set only send hashed IDs to server
- octet *pID;
-#ifdef USE_ANONYMOUS
- pID = &HCID;
-#else
- pID = &CLIENT_ID;
-#endif
-
-#ifdef SINGLE_PASS
- int timeValue;
- printf("MPIN Single Pass\n");
- timeValue = MPIN_BLS48_GET_TIME();
-
- rtn=MPIN_BLS48_CLIENT(HASH_TYPE_BLS48,date,&CLIENT_ID,RNG,&X,pin,&TOKEN,&SEC,pxID,pxCID,pPERMIT,NULL,timeValue,&Y);
-
- if (rtn != 0)
- {
- printf("MPIN_BLS48_CLIENT ERROR %d\n", rtn);
- return 1;
- }
-
-#ifdef FULL
- MPIN_BLS48_GET_G1_MULTIPLE(RNG,1,&R,&HCID,&Z); // Also Send Z=r.ID to Server, remember random r
-#endif
-
-
- rtn=MPIN_BLS48_SERVER(HASH_TYPE_BLS48,date,pHID,pHTID,&Y,&SST,pxID,pxCID,&SEC,pE,pF,pID,NULL,timeValue,NULL);
-
-#ifdef FULL
- HASH_ID(HASH_TYPE_BLS48,&CLIENT_ID,&HSID); // new
- MPIN_BLS48_GET_G1_MULTIPLE(RNG,0,&W,prHID,&T); // Also send T=w.ID to client, remember random w
-#endif
-
-#else // SINGLE_PASS
- printf("MPIN Multi Pass\n");
- if (MPIN_BLS48_CLIENT_1(HASH_TYPE_BLS48,date,&CLIENT_ID,RNG,&X,pin,&TOKEN,&SEC,pxID,pxCID,pPERMIT)!=0)
- {
- printf("Error from Client side - First Pass\n");
- return 0;
- }
-
- // Send U=x.ID to server, and recreate secret from token and pin
-
-#ifdef FULL
- HASH_ID(HASH_TYPE_BLS48,&CLIENT_ID,&HCID);
- MPIN_BLS48_GET_G1_MULTIPLE(RNG,1,&R,&HCID,&Z); // Also Send Z=r.ID to Server, remember random r, DH component
-#endif
-
- // Server calculates H(ID) and H(ID)+H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp.
- MPIN_BLS48_SERVER_1(HASH_TYPE_BLS48,date,pID,pHID,pHTID);
-
- // Server generates Random number Y and sends it to Client
- MPIN_BLS48_RANDOM_GENERATE(RNG,&Y);
-
-#ifdef FULL
- HASH_ID(HASH_TYPE_BLS48,&CLIENT_ID,&HSID); //new
- MPIN_BLS48_GET_G1_MULTIPLE(RNG,0,&W,prHID,&T); // Also send T=w.ID to client, remember random w, DH component
-#endif
-
- // Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC
- if (MPIN_BLS48_CLIENT_2(&X,&Y,&SEC)!=0)
- {
- printf("Error from Client side - Second Pass\n");
- return 1;
- }
-
- // Server Second phase. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error.
- // If PIN error not required, set E and F = NULL
- rtn=MPIN_BLS48_SERVER_2(date,pHID,pHTID,&Y,&SST,pxID,pxCID,&SEC,pE,pF,NULL);
-#endif // SINGLE_PASS
-
- if (rtn!=0)
- {
- printf("Server says - Bad Pin.\n");
-#ifdef PINERROR
-
- err=MPIN_BLS48_KANGAROO(&E,&F);
- if (err) printf("(Client PIN is out by %d)\n",err);
-
-#endif
- return 1;
- }
- else
- {
- printf("Server says - PIN is good! You really are ");
- OCT_output_string(&CLIENT_ID);
- printf(".\n");
- }
-
-#ifdef FULL
-
- HASH_ALL(HASH_TYPE_BLS48,&HCID,pxID,pxCID,&SEC,&Y,&Z,&T,&H); // new
- MPIN_BLS48_CLIENT_KEY(HASH_TYPE_BLS48,&G1,&G2,pin,&R,&X,&H,&T,&CK); // new H
- printf("Client Key = ");
- OCT_output(&CK);
-
- HASH_ALL(HASH_TYPE_BLS48,&HSID,pxID,pxCID,&SEC,&Y,&Z,&T,&H);
- MPIN_BLS48_SERVER_KEY(HASH_TYPE_BLS48,&Z,&SST,&W,&H,pHID,pxID,pxCID,&SK); // new H,pHID
- printf("Server Key = ");
- OCT_output(&SK);
-#endif
- return 0;
-}
-
-
-#endif
-
-int rsa_2048(csprng *RNG)
-{
- int i;
- unsigned long ran;
- char m[RFS_2048],ml[RFS_2048],c[RFS_2048],e[RFS_2048],s[RFS_2048];
- rsa_public_key_2048 pub;
- rsa_private_key_2048 priv;
-
- octet M= {0,sizeof(m),m};
- octet ML= {0,sizeof(ml),ml};
- octet C= {0,sizeof(c),c};
- octet E= {0,sizeof(e),e};
- octet S= {0,sizeof(s),s};
-
- printf("Generating public/private key pair\n");
- RSA_2048_KEY_PAIR(RNG,65537,&priv,&pub,NULL,NULL);
-
- printf("Encrypting test string\n");
- OCT_jstring(&M,(char *)"Hello World\n");
-
- OAEP_ENCODE(HASH_TYPE_RSA_2048,&M,RNG,NULL,&E); // OAEP encode message m to e
-
- RSA_2048_ENCRYPT(&pub,&E,&C); // encrypt encoded message
- printf("Ciphertext= ");
- OCT_output(&C);
-
- printf("Decrypting test string\n");
- RSA_2048_DECRYPT(&priv,&C,&ML); // ... and then decrypt it
-
- OAEP_DECODE(HASH_TYPE_RSA_2048,NULL,&ML); // decode it
- OCT_output_string(&ML);
-
- printf("Signing message\n");
- PKCS15(HASH_TYPE_RSA_2048,&M,&C);
-
- RSA_2048_DECRYPT(&priv,&C,&S); // create signature in S
-
- printf("Signature= ");
- OCT_output(&S);
-
- RSA_2048_ENCRYPT(&pub,&S,&ML);
-
- if (OCT_comp(&C,&ML)) printf("Signature is valid\n");
- else printf("Signature is INVALID\n");
-
- RSA_2048_PRIVATE_KEY_KILL(&priv);
-
- OCT_clear(&M);
- OCT_clear(&ML); // clean up afterwards
- OCT_clear(&C);
- OCT_clear(&E);
-
- return 0;
-}
-
-
-int main()
-{
- int i,res;
- unsigned long ran;
-
- char raw[100];
- octet RAW= {0,sizeof(raw),raw};
- csprng RNG; // Crypto Strong RNG
-
- time((time_t *)&ran);
-
- RAW.len=100; // fake random seed source
- RAW.val[0]=ran;
- RAW.val[1]=ran>>8;
- RAW.val[2]=ran>>16;
- RAW.val[3]=ran>>24;
- for (i=0; i<100; i++) RAW.val[i]=i;
-
- CREATE_CSPRNG(&RNG,&RAW); // initialise strong RNG
-
- printf("\nTesting MPIN protocols for curve BN254\n");
- mpin_BN254(&RNG);
-
-#if CHUNK!=16
- printf("\nTesting MPIN protocols for curve BLS383\n");
- mpin_BLS383(&RNG);
- printf("\nTesting MPIN protocols for curve BLS24\n");
- mpin192_BLS24(&RNG);
- printf("\nTesting MPIN protocols for curve BLS48\n");
- mpin256_BLS48(&RNG);
-#endif
-
-
- printf("\nTesting ECDH protocols for curve ED25519\n");
- ecdh_ED25519(&RNG);
-#if CHUNK!=16
- printf("\nTesting ECDH protocols for curve NIST256\n");
- ecdh_NIST256(&RNG);
- printf("\nTesting ECDH protocols for curve GOLDILOCKS\n");
- ecdh_GOLDILOCKS(&RNG);
-#endif
- printf("\nTesting RSA protocols for 2048-bit RSA\n");
- rsa_2048(&RNG);
-
- KILL_CSPRNG(&RNG);
-}
-