http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/MPINAuth.js ---------------------------------------------------------------------- diff --git a/js/MPINAuth.js b/js/MPINAuth.js deleted file mode 100755 index 7cacb65..0000000 --- a/js/MPINAuth.js +++ /dev/null @@ -1,517 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -/* - MIRACL JavaScript M-Pin Authentication Functions - - Provides these functions: - - calculateMPinToken Calculates the MPin Token - - getLocalEntropy Gets an entropy value from the client machine - - initializeRNG Initialize the Random Number Generator - - addShares Add two points on the curve that are originally in hex format - - pass1Request Form the JSON request for pass one of the M-Pin protocol - - pass2Request Form the JSON request for pass two of the M-Pin protocol - - passRequest Form the JSON request for one pass M-Pin protocol - -*/ - -/* - -Run LINT tool; - -jslint MPINAuth.js - -expected output; - -MPINAuth.js - #1 Read only. - MPINAuth = {}; // Line 61, Pos 1 - #2 Unexpected '('. - if (typeof (window) === 'undefined') { // Line 134, Pos 16 - #3 Unexpected 'typeof'. Use '===' to compare directly with undefined. - if (typeof (window) === 'undefined') { // Line 134, Pos 9 - #4 Unexpected '('. - if (typeof (crypto) !== 'undefined') { // Line 139, Pos 16 - #5 Unexpected 'typeof'. Use '===' to compare directly with undefined. - if (typeof (crypto) !== 'undefined') { // Line 139, Pos 9 - -*/ - - -/*global MPIN */ -/*global MPINAuth */ -/*global RAND */ -/*global Uint32Array */ -/*jslint browser: true*/ -/*jslint plusplus: true */ - -MPINAuth = {}; - -// Random Number Generator -MPINAuth.rng = new RAND(); - -// Pass 1 values -MPINAuth.SEC = []; -MPINAuth.X = []; - -// Default value for debug output -MPINAuth.DEBUG = false; - -// Errors -MPINAuth.BAD_HEX = -20; -MPINAuth.BAD_BYTES = -21; - -/* Calculates the MPin Token - - This function convert mpin_id _hex to unicode. It then maps the mpin_id - to a point on the curve, multiplies this value by PIN and then subtracts - it from the client_secret curve point to generate the M-Pin token. - - Args: - - PIN: Four digit PIN - client_secret_hex: Hex encoded client secret - mpin_id_hex: Hex encoded M-Pin ID - - Returns: - - mpin_token_hex: Hex encoded M-Pin Token - -*/ -MPINAuth.calculateMPinToken = function (mpin_id_hex, PIN, client_secret_hex) { - "use strict"; - var client_secret_bytes, mpin_id_bytes, token_hex, error_code; - - client_secret_bytes = []; - mpin_id_bytes = []; - - if (MPINAuth.DEBUG) {console.log("MPINAuth.calculateMPinToken client_secret_hex: " + client_secret_hex); } - if (MPINAuth.DEBUG) {console.log("MPINAuth.calculateMPinToken mpin_id_hex: " + mpin_id_hex); } - if (MPINAuth.DEBUG) {console.log("MPINAuth.calculateMPinToken PIN: " + PIN); } - - client_secret_bytes = MPINAuth.hextobytes(client_secret_hex); - mpin_id_bytes = MPINAuth.hextobytes(mpin_id_hex); - - error_code = MPIN.EXTRACT_PIN(mpin_id_bytes, PIN, client_secret_bytes); - if (error_code !== 0) { - console.log("MPINAuth.calculateMPinToken error_code: " + error_code); - return error_code; - } - token_hex = MPIN.bytestostring(client_secret_bytes); - if (MPINAuth.DEBUG) {console.log("MPINAuth.calculateMPinToken token_hex: " + token_hex); } - return token_hex; -}; - -/* Get local entropy - - This function makes a call to /dev/urandom for a 256 bit value - - Args: - - NA - - Returns: - - entropy_val: 256 bit random value or null - -*/ -MPINAuth.getLocalEntropy = function () { - "use strict"; - var crypto, array, entropy_val, i, hex_val; - if (typeof (window) === 'undefined') { - if (MPINAuth.DEBUG) {console.log("MPINAuth.getLocalEntropy Test mode without browser"); } - return ""; - } - crypto = (window.crypto || window.msCrypto); - if (typeof (crypto) !== 'undefined') { - array = new Uint32Array(8); - crypto.getRandomValues(array); - - entropy_val = ""; - for (i = 0; i < array.length; i++) { - hex_val = array[i].toString(16); - entropy_val = entropy_val + hex_val; - } - if (MPINAuth.DEBUG) {console.log("MPINAuth.getLocalEntropy len(entropy_val): " + entropy_val.length + " entropy_val: " + entropy_val); } - return entropy_val; - } - return ""; -}; - -/* Initialize the Random Number Generator (RNG) - - This function uses an external and, where available, a - local entropy source to initialize a RNG. - - Args: - - seed_value: External seed value for RNGTurn on generation of local entropy - - Returns: - -*/ -MPINAuth.initializeRNG = function (seed_hex) { - "use strict"; - var local_entropy_hex, entropy_hex, entropy_bytes; - local_entropy_hex = MPINAuth.getLocalEntropy(); - entropy_hex = local_entropy_hex + seed_hex; - if (MPINAuth.DEBUG) {console.log("MPINAuth.initializeRNG seed_val_hex: " + seed_hex); } - if (MPINAuth.DEBUG) {console.log("MPINAuth.initializeRNG local_entropy_hex: " + local_entropy_hex); } - if (MPINAuth.DEBUG) {console.log("MPINAuth.initializeRNG entropy_hex: " + entropy_hex); } - - entropy_bytes = MPINAuth.hextobytes(entropy_hex); - - MPINAuth.rng.clean(); - MPINAuth.rng.seed(entropy_bytes.length, entropy_bytes); -}; - -/* Add two points on the curve that are originally in hex format - - This function is used to add client secret or time permits shares. - - Args: - - share1_hex: Hex encoded point on the curve which represents - a time permit or client secret share - share2_hex: Hex encoded point on the curve which represents - a time permit or client secret share - - Returns: - - sum_hex: Hex encoded sum of the shares - -*/ -MPINAuth.addShares = function (share1_hex, share2_hex) { - "use strict"; - var share1_bytes, share2_bytes, sum_bytes, error_code, sum_hex; - - share1_bytes = []; - share2_bytes = []; - sum_bytes = []; - - if (MPINAuth.DEBUG) {console.log("MPINAuth.addShares share1_hex: " + share1_hex); } - if (MPINAuth.DEBUG) {console.log("MPINAuth.addShares share2_hex: " + share2_hex); } - - share1_bytes = MPINAuth.hextobytes(share1_hex); - share2_bytes = MPINAuth.hextobytes(share2_hex); - - error_code = MPIN.RECOMBINE_G1(share1_bytes, share2_bytes, sum_bytes); - if (error_code !== 0) { - console.log("MPINAuth.addShares error_code: " + error_code); - return error_code; - } - sum_hex = MPIN.bytestostring(sum_bytes); - if (MPINAuth.DEBUG) {console.log("MPINAuth.addShares sum_hex: " + sum_hex); } - return sum_hex; -}; - - -/* Form the JSON request for pass one of the M-Pin protocol - - This function assigns to the property X a random value. It assigns to - the property SEC the sum of the client secret and time permit. It also - calculates the values U and UT which are required for M-Pin authentication, - where U = X.(map_to_curve(MPIN_ID)) and UT = X.(map_to_curve(MPIN_ID) + map_to_curve(DATE|sha256(MPIN_ID)) - UT is called the commitment. U is the required for finding the PIN error. - - Args: - - mpin_id_hex: Hex encoded M-Pin ID - token_hex: Hex encoded M-Pin Token - timePermit_hex: Hex encoded Time Permit - PIN: PIN for authentication - epoch_days: The number of epoch days. - X_hex: X value generated externally. This is used for test. - - Returns: - - { - mpin_id: mpin_id_hex, - UT: UT_hex, - U: U_hex, - pass: 1 - } - - where; - - mpin_id: Hex encoded M-Pin ID - UT: Hex encoded X.(map_to_curve(MPIN_ID) + map_to_curve(DATE|sha256(MPIN_ID)) - U: Hex encoded X.(map_to_curve(MPIN_ID)) - pass: Protocol first pass - -*/ -MPINAuth.pass1Request = function (mpin_id_hex, token_hex, timePermit_hex, PIN, epoch_days, X_hex) { - "use strict"; - var UT_hex, U_hex, date, error_code, mpin_id_bytes, token_bytes, timePermit_bytes, U, UT, request; - - mpin_id_bytes = []; - token_bytes = []; - timePermit_bytes = []; - U = []; - UT = []; - request = {}; - - if (MPINAuth.DEBUG) {console.log("MPINAuth.pass1Request mpin_id_hex: " + mpin_id_hex); } - if (MPINAuth.DEBUG) {console.log("MPINAuth.pass1Request token_hex: " + token_hex); } - if (MPINAuth.DEBUG) {console.log("MPINAuth.pass1Request timePermit_hex: " + timePermit_hex); } - if (MPINAuth.DEBUG) {console.log("MPINAuth.pass1Request PIN: " + PIN); } - if (MPINAuth.DEBUG) {console.log("mpinAuth.pass1Request epoch_days: " + epoch_days); } - - // The following is used for test - if (X_hex !== null) { - if (MPINAuth.DEBUG) {console.log("MPINAuth.pass1Request X: " + X_hex); } - MPINAuth.X = MPINAuth.hextobytes(X_hex); - MPINAuth.rng = null; - } - - mpin_id_bytes = MPINAuth.hextobytes(mpin_id_hex); - token_bytes = MPINAuth.hextobytes(token_hex); - timePermit_bytes = MPINAuth.hextobytes(timePermit_hex); - - error_code = MPIN.CLIENT_1(epoch_days, mpin_id_bytes, MPINAuth.rng, MPINAuth.X, PIN, token_bytes, MPINAuth.SEC, U, UT, timePermit_bytes); - if (error_code !== 0) { - console.log("MPINAuth.pass1Request error_code: " + error_code); - return error_code; - } - UT_hex = MPIN.bytestostring(UT); - U_hex = MPIN.bytestostring(U); - - if (MPINAuth.DEBUG) {console.log("MPINAuth.pass1Request MPINAuth.rng: " + MPINAuth.rng); } - if (MPINAuth.DEBUG) {console.log("MPINAuth.pass1Request MPINAuth.X: " + MPIN.bytestostring(MPINAuth.X)); } - if (MPINAuth.DEBUG) {console.log("MPINAuth.pass1Request MPINAuth.SEC: " + MPIN.bytestostring(MPINAuth.SEC)); } - - // Form request - request = { - mpin_id: mpin_id_hex, - UT: UT_hex, - U: U_hex, - pass: 1 - }; - if (MPINAuth.DEBUG) {console.log("MPINAuth.pass1Request request: "); } - if (MPINAuth.DEBUG) {console.dir(request); } - - return request; -}; - - -/* Form the JSON request for pass two of the M-Pin protocol - - This function uses the random value y from the server, property X - and the combined client secret and time permit to calculate - the value V which is sent to the M-Pin server. - - Args: - - y_hex: Random value supplied by server - - Returns: - - { - V: V_hex, - OTP: requestOTP, - WID: accessNumber, - pass: 2 - } - - where; - - V: Value required by the server to authenticate user - OTP: Request OTP: 1 = required - WID: Number required for mobile authentication - pass: Protocol second pass - -*/ -MPINAuth.pass2Request = function (y_hex, requestOTP, accessNumber) { - "use strict"; - - var y_bytes, x_hex, SEC_hex, error_code, V_hex, request; - - request = {}; - - y_bytes = MPINAuth.hextobytes(y_hex); - x_hex = MPIN.bytestostring(MPINAuth.X); - SEC_hex = MPIN.bytestostring(MPINAuth.SEC); - - if (MPINAuth.DEBUG) {console.log("MPINAuth.pass2Request x_hex: " + x_hex); } - if (MPINAuth.DEBUG) {console.log("MPINAuth.pass2Request y_hex: " + y_hex); } - if (MPINAuth.DEBUG) {console.log("MPINAuth.pass2Request SEC_hex: " + SEC_hex); } - - // Compute V - error_code = MPIN.CLIENT_2(MPINAuth.X, y_bytes, MPINAuth.SEC); - if (error_code !== 0) { - console.log("MPINAuth.pass2Request error_code: " + error_code); - return error_code; - } - V_hex = MPIN.bytestostring(MPINAuth.SEC); - - // Form reuest - request = { - V: V_hex, - OTP: requestOTP, - WID: accessNumber, - pass: 2 - }; - if (MPINAuth.DEBUG) {console.log("MPINAuth.pass2Request request: "); } - if (MPINAuth.DEBUG) {console.dir(request); } - - return request; -}; - - -/* Convert a hex representation of a Point to bytes - - This function converts a hex value to a bytes array - - Args: - - hex_value: Hex encoded byte value - - Returns: - - byte_value: Input value in bytes - -*/ -MPINAuth.hextobytes = function (value_hex) { - "use strict"; - var len, byte_value, i; - - len = value_hex.length; - byte_value = []; - - for (i = 0; i < len; i += 2) { - byte_value[(i / 2)] = parseInt(value_hex.substr(i, 2), 16); - } - return byte_value; -}; - - -/* Form the JSON request for single pass M-Pin protocol - - This function performs the client side M-Pin protocol - It also calculates the values U and UT which are required for M-Pin authentication, - where U = X.(map_to_curve(MPIN_ID)) and UT = X.(map_to_curve(MPIN_ID) + map_to_curve(DATE|sha256(MPIN_ID)) - UT is called the commitment. U is the required for finding the PIN error. - - Args: - - mpin_id_hex: Hex encoded M-Pin ID - token_hex: Hex encoded M-Pin Token - timePermit_hex: Hex encoded Time Permit - PIN: PIN for authentication - requestOTP: Reqeuest a One Time Password - accessNumber: Access number for desktop authentication - timeValue: Epoch time - - Returns: - - { - mpin_id: mpin_id_hex, - U: U_hex, - UT: UT_hex, - V: V_hex, - T: timeValue, - OTP: requestOTP, - WID: accessNumber - } - - where; - - mpin_id: Hex encoded M-Pin ID - U: Hex encoded X.(map_to_curve(MPIN_ID)) - UT: Hex encoded X.(map_to_curve(MPIN_ID) + map_to_curve(DATE|sha256(MPIN_ID)) - V: Value required by the server to authenticate user - T: Epoch time - OTP: Request OTP: 1 = required - WID: Number required for mobile authentication - -*/ -MPINAuth.passRequest = function (mpin_id_hex, token_hex, timePermit_hex, PIN, requestOTP, accessNumber, epoch_days, timeValue, X_hex) { - "use strict"; - var X, Y, SEC, UT_hex, U_hex, date, error_code, mpin_id_bytes, token_bytes, timePermit_bytes, U, UT, V_hex, request; - - X = []; - Y = []; - SEC = []; - mpin_id_bytes = []; - token_bytes = []; - timePermit_bytes = []; - U = []; - UT = []; - request = {}; - - if (MPINAuth.DEBUG) {console.log("MPINAuth.passRequest mpin_id_hex: " + mpin_id_hex); } - if (MPINAuth.DEBUG) {console.log("MPINAuth.passRequest token_hex: " + token_hex); } - if (MPINAuth.DEBUG) {console.log("MPINAuth.passRequest timePermit_hex: " + timePermit_hex); } - if (MPINAuth.DEBUG) {console.log("MPINAuth.passRequest PIN: " + PIN); } - if (MPINAuth.DEBUG) {console.log("mpinAuth.passRequest timeValue: " + timeValue); } - - mpin_id_bytes = MPINAuth.hextobytes(mpin_id_hex); - token_bytes = MPINAuth.hextobytes(token_hex); - - if (timePermit_hex === null) { - date = 0; - } else { - timePermit_bytes = MPINAuth.hextobytes(timePermit_hex); - date = epoch_days; - } - if (MPINAuth.DEBUG) {console.log("MPINAuth.passRequest date: " + date); } - - // The following is used for test - if (MPINAuth.DEBUG) {console.log("MPINAuth.passRequest X: " + X_hex); } - if (X_hex !== null) { - X = MPINAuth.hextobytes(X_hex); - MPINAuth.rng = null; - } - - error_code = MPIN.CLIENT(date, mpin_id_bytes, MPINAuth.rng, X, PIN, token_bytes, SEC, U, UT, timePermit_bytes, timeValue, Y); - if (error_code !== 0) { - console.log("MPINAuth.passRequest error_code: " + error_code); - return error_code; - } - UT_hex = MPIN.bytestostring(UT); - U_hex = MPIN.bytestostring(U); - V_hex = MPIN.bytestostring(SEC); - - if (MPINAuth.DEBUG) {console.log("MPINAuth.passRequest MPINAuth.rng: " + MPINAuth.rng); } - if (MPINAuth.DEBUG) {console.log("MPINAuth.passRequest X: " + MPIN.bytestostring(X)); } - if (MPINAuth.DEBUG) {console.log("MPINAuth.passRequest Y: " + MPIN.bytestostring(Y)); } - - // Form request - request = { - mpin_id: mpin_id_hex, - U: U_hex, - UT: UT_hex, - V: V_hex, - T: timeValue, - OTP: requestOTP, - WID: accessNumber - }; - if (MPINAuth.DEBUG) {console.log("MPINAuth.passRequest request: "); } - if (MPINAuth.DEBUG) {console.dir(request); } - - return request; -}; -
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/PAIR.js ---------------------------------------------------------------------- diff --git a/js/PAIR.js b/js/PAIR.js deleted file mode 100755 index e3a0628..0000000 --- a/js/PAIR.js +++ /dev/null @@ -1,506 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -var PAIR = { -/* Line function */ - line: function(A,B,Qx,Qy) - { - var P=new ECP2(); - var a,b,c; - var r=new FP12(1); - P.copy(A); - - var ZZ=new FP2(P.getz()); //ZZ.copy(P.getz()); - ZZ.sqr(); - var D; - if (A==B) D=A.dbl(); - else D=A.add(B); - if (D<0) return r; - var Z3=new FP2(A.getz()); //Z3.copy(A.getz()); - c=new FP4(0); - var X,Y,T; - if (D===0) - { /* Addition */ - X=new FP2(B.getx()); //X.copy(B.getx()); - Y=new FP2(B.gety()); //Y.copy(B.gety()); - T=new FP2(P.getz()); //T.copy(P.getz()); - - T.mul(Y); - ZZ.mul(T); - - var NY=new FP2(P.gety()); /*NY.copy(P.gety());*/ NY.neg(); - ZZ.add(NY); - Z3.pmul(Qy); - T.mul(P.getx()); - X.mul(NY); - T.add(X); - a=new FP4(Z3,T); //a.set(Z3,T); - ZZ.neg(); - ZZ.pmul(Qx); - b=new FP4(ZZ); //b.seta(ZZ); - } - else - { /* Doubling */ - X=new FP2(P.getx()); //X.copy(P.getx()); - Y=new FP2(P.gety()); //Y.copy(P.gety()); - T=new FP2(P.getx()); //T.copy(P.getx()); - T.sqr(); - T.imul(3); - - Y.sqr(); - Y.add(Y); - Z3.mul(ZZ); - Z3.pmul(Qy); - - X.mul(T); - X.sub(Y); - a=new FP4(Z3,X); //a.set(Z3,X); - T.neg(); - ZZ.mul(T); - - ZZ.pmul(Qx); - - b=new FP4(ZZ); //b.seta(ZZ); - } - r.set(a,b,c); - return r; - }, - -/* Optimal R-ate pairing */ - ate: function(P,Q) - { - var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra); - var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb); - var f=new FP2(fa,fb); //f.bset(fa,fb); - - var x=new BIG(0); x.rcopy(ROM.CURVE_Bnx); - var n=new BIG(x); //n.copy(x); - var K=new ECP2(); - var lv; - n.pmul(6); n.dec(2); n.norm(); - P.affine(); - Q.affine(); - var Qx=new FP(Q.getx()); //Qx.copy(Q.getx()); - var Qy=new FP(Q.gety()); //Qy.copy(Q.gety()); - - var A=new ECP2(); - var r=new FP12(1); - - A.copy(P); - var nb=n.nbits(); - - for (var i=nb-2;i>=1;i--) - { - lv=PAIR.line(A,A,Qx,Qy); - - r.smul(lv); - - if (n.bit(i)==1) - { - lv=PAIR.line(A,P,Qx,Qy); - r.smul(lv); - } - r.sqr(); - } - lv=PAIR.line(A,A,Qx,Qy); - r.smul(lv); - -/* R-ate fixup */ - r.conj(); - K.copy(P); - K.frob(f); - A.neg(); - lv=PAIR.line(A,K,Qx,Qy); - r.smul(lv); - K.frob(f); - K.neg(); - lv=PAIR.line(A,K,Qx,Qy); - r.smul(lv); - - return r; - }, - -/* Optimal R-ate double pairing e(P,Q).e(R,S) */ - ate2: function(P,Q,R,S) - { - var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra); - var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb); - var f=new FP2(fa,fb); //f.bset(fa,fb); - var x=new BIG(0); x.rcopy(ROM.CURVE_Bnx); - - var n=new BIG(x); //n.copy(x); - var K=new ECP2(); - var lv; - n.pmul(6); n.dec(2); n.norm(); - P.affine(); - Q.affine(); - R.affine(); - S.affine(); - - var Qx=new FP(Q.getx()); //Qx.copy(Q.getx()); - var Qy=new FP(Q.gety()); //Qy.copy(Q.gety()); - - var Sx=new FP(S.getx()); //Sx.copy(S.getx()); - var Sy=new FP(S.gety()); //Sy.copy(S.gety()); - - var A=new ECP2(); - var B=new ECP2(); - var r=new FP12(1); - - A.copy(P); - B.copy(R); - var nb=n.nbits(); - - for (var i=nb-2;i>=1;i--) - { - lv=PAIR.line(A,A,Qx,Qy); - r.smul(lv); - lv=PAIR.line(B,B,Sx,Sy); - r.smul(lv); - if (n.bit(i)==1) - { - lv=PAIR.line(A,P,Qx,Qy); - r.smul(lv); - lv=PAIR.line(B,R,Sx,Sy); - r.smul(lv); - } - r.sqr(); - } - - lv=PAIR.line(A,A,Qx,Qy); - r.smul(lv); - - lv=PAIR.line(B,B,Sx,Sy); - r.smul(lv); - - -/* R-ate fixup */ - r.conj(); - - K.copy(P); - K.frob(f); - A.neg(); - lv=PAIR.line(A,K,Qx,Qy); - r.smul(lv); - K.frob(f); - K.neg(); - lv=PAIR.line(A,K,Qx,Qy); - r.smul(lv); - - K.copy(R); - K.frob(f); - B.neg(); - lv=PAIR.line(B,K,Sx,Sy); - r.smul(lv); - K.frob(f); - K.neg(); - lv=PAIR.line(B,K,Sx,Sy); - r.smul(lv); - - return r; - }, - -/* final exponentiation - keep separate for multi-pairings and to avoid thrashing stack */ - fexp: function(m) - { - var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra); - var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb); - var f=new FP2(fa,fb); - var x=new BIG(0); x.rcopy(ROM.CURVE_Bnx); - - var r=new FP12(m); //r.copy(m); - var x0,x1,x2,x3,x4,x5; - -/* Easy part of final exp */ - var lv=new FP12(r); //lv.copy(r); - lv.inverse(); - r.conj(); - r.mul(lv); - lv.copy(r); - r.frob(f); - r.frob(f); - r.mul(lv); - -/* Hard part of final exp */ - lv.copy(r); - lv.frob(f); - x0=new FP12(lv); //x0.copy(lv); - x0.frob(f); - lv.mul(r); - x0.mul(lv); - x0.frob(f); - x1=new FP12(r); //x1.copy(r); - x1.conj(); - - x4=r.pow(x); - - x3=new FP12(x4); //x3.copy(x4); - x3.frob(f); - x2=x4.pow(x); - - x5=new FP12(x2); /*x5.copy(x2);*/ x5.conj(); - lv=x2.pow(x); - - x2.frob(f); - r.copy(x2); r.conj(); - - x4.mul(r); - x2.frob(f); - - r.copy(lv); - r.frob(f); - lv.mul(r); - - lv.usqr(); - lv.mul(x4); - lv.mul(x5); - r.copy(x3); - r.mul(x5); - r.mul(lv); - lv.mul(x2); - r.usqr(); - r.mul(lv); - r.usqr(); - lv.copy(r); - lv.mul(x1); - r.mul(x0); - lv.usqr(); - r.mul(lv); - r.reduce(); - return r; - } -}; - -/* GLV method */ -PAIR.glv= function(e) -{ - var i,j; - var t=new BIG(0); - var q=new BIG(0); q.rcopy(ROM.CURVE_Order); - var u=[]; - var v=[]; - for (i=0;i<2;i++) - { - t.rcopy(ROM.CURVE_W[i]); - var d=BIG.mul(t,e); - v[i]=new BIG(d.div(q)); - u[i]=new BIG(0); - } - u[0].copy(e); - for (i=0;i<2;i++) - for (j=0;j<2;j++) - { - t.rcopy(ROM.CURVE_SB[j][i]); - t.copy(BIG.modmul(v[j],t,q)); - u[i].add(q); - u[i].sub(t); - u[i].mod(q); - } - return u; -}; - -/* Galbraith & Scott Method */ -PAIR.gs= function(e) -{ - var i,j; - var t=new BIG(0); - var q=new BIG(0); q.rcopy(ROM.CURVE_Order); - var u=[]; - var v=[]; - - for (i=0;i<4;i++) - { - t.rcopy(ROM.CURVE_WB[i]); - var d=BIG.mul(t,e); - v[i]=new BIG(d.div(q)); - u[i]=new BIG(0); - } - - u[0].copy(e); - for (i=0;i<4;i++) - for (j=0;j<4;j++) - { - t.rcopy(ROM.CURVE_BB[j][i]); - t.copy(BIG.modmul(v[j],t,q)); - u[i].add(q); - u[i].sub(t); - u[i].mod(q); - } - return u; -}; - -/* Multiply P by e in group G1 */ -PAIR.G1mul= function(P,e) -{ - var R; - if (ROM.USE_GLV) - { - P.affine(); - R=new ECP(); - R.copy(P); - var np,nn; - var Q=new ECP(); - Q.copy(P); - var q=new BIG(0); q.rcopy(ROM.CURVE_Order); - var bcru=new BIG(0); bcru.rcopy(ROM.CURVE_Cru); - var cru=new FP(bcru); - var t=new BIG(0); - var u=PAIR.glv(e); - Q.getx().mul(cru); - - np=u[0].nbits(); - t.copy(BIG.modneg(u[0],q)); - nn=t.nbits(); - if (nn<np) - { - u[0].copy(t); - R.neg(); - } - - np=u[1].nbits(); - t.copy(BIG.modneg(u[1],q)); - nn=t.nbits(); - if (nn<np) - { - u[1].copy(t); - Q.neg(); - } - - R=R.mul2(u[0],Q,u[1]); - - } - else - { - R=P.mul(e); - } - return R; -}; - -/* Multiply P by e in group G2 */ -PAIR.G2mul= function(P,e) -{ - var R; - if (ROM.USE_GS_G2) - { - var Q=[]; - var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra); - var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb); - var f=new FP2(fa,fb); //f.bset(fa,fb); - var q=new BIG(0); q.rcopy(ROM.CURVE_Order); - - var u=PAIR.gs(e); - var t=new BIG(0); - var i,np,nn; - P.affine(); - Q[0]=new ECP2(); Q[0].copy(P); - for (i=1;i<4;i++) - { - Q[i]=new ECP2(); Q[i].copy(Q[i-1]); - Q[i].frob(f); - } - - for (i=0;i<4;i++) - { - np=u[i].nbits(); - t.copy(BIG.modneg(u[i],q)); - nn=t.nbits(); - if (nn<np) - { - u[i].copy(t); - Q[i].neg(); - } - } - - R=ECP2.mul4(Q,u); - } - else - { - R=P.mul(e); - } - return R; -}; - -/* Note that this method requires a lot of RAM! Better to use compressed XTR method, see FP4.js */ -PAIR.GTpow= function(d,e) -{ - var r; - if (ROM.USE_GS_GT) - { - var g=[]; - var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra); - var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb); - var f=new FP2(fa,fb); - var q=new BIG(0); q.rcopy(ROM.CURVE_Order); - var t=new BIG(0); - var i,np,nn; - var u=PAIR.gs(e); - - g[0]=new FP12(d); - for (i=1;i<4;i++) - { - g[i]=new FP12(0); g[i].copy(g[i-1]); - g[i].frob(f); - } - for (i=0;i<4;i++) - { - np=u[i].nbits(); - t.copy(BIG.modneg(u[i],q)); - nn=t.nbits(); - if (nn<np) - { - u[i].copy(t); - g[i].conj(); - } - } - r=FP12.pow4(g,u); - } - else - { - r=d.pow(e); - } - return r; -}; - -/* test group membership */ -/* with GT-Strong curve, now only check that m!=1, conj(m)*m==1, and m.m^{p^4}=m^{p^2} */ -PAIR.GTmember= function(m) -{ - if (m.isunity()) return false; - var r=new FP12(m); - r.conj(); - r.mul(m); - if (!r.isunity()) return false; - - var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra); - var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb); - var f=new FP2(fa,fb); //f.bset(fa,fb); - - r.copy(m); r.frob(f); r.frob(f); - var w=new FP12(r); w.frob(f); w.frob(f); - w.mul(m); - if (!ROM.GT_STRONG) - { - if (!w.equals(r)) return false; - var x=new BIG(0); x.rcopy(ROM.CURVE_Bnx); - r.copy(m); w=r.pow(x); w=w.pow(x); - r.copy(w); r.sqr(); r.mul(w); r.sqr(); - w.copy(m); w.frob(f); - } - return w.equals(r); -}; http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/RAND.js ---------------------------------------------------------------------- diff --git a/js/RAND.js b/js/RAND.js deleted file mode 100755 index 30b63d9..0000000 --- a/js/RAND.js +++ /dev/null @@ -1,148 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -/* - * Cryptographic strong random number generator - * - * Unguessable seed -> SHA -> PRNG internal state -> SHA -> random numbers - * Slow - but secure - * - * See ftp://ftp.rsasecurity.com/pub/pdfs/bull-1.pdf for a justification - */ - -/* Marsaglia & Zaman Random number generator constants */ - - -var RAND=function() -{ -/* Cryptographically strong pseudo-random number generator */ - this.ira=[]; /* random number... */ - this.rndptr=0; /* ...array & pointer */ - this.borrow=0; - this.pool_ptr=0; - this.pool=[]; /* random pool */ - this.clean(); -}; - -RAND.prototype= -{ - NK:21, - NJ:6, - NV:8, - -/* Terminate and clean up */ - clean : function() - { - var i; - for (i=0;i<32;i++) this.pool[i]=0; - for (i=0;i<this.NK;i++) this.ira[i]=0; - this.rndptr=0; - this.borrow=0; - this.pool_ptr=0; - }, - - sbrand: function() - { /* Marsaglia & Zaman random number generator */ - var i,k; - var pdiff,t; /* unsigned 32-bit */ - - this.rndptr++; - if (this.rndptr<this.NK) return this.ira[this.rndptr]; - this.rndptr=0; - for (i=0,k=this.NK-this.NJ;i<this.NK;i++,k++) - { /* calculate next NK values */ - if (k==this.NK) k=0; - t=this.ira[k]>>>0; - pdiff=(t - this.ira[i] - this.borrow)|0; - pdiff>>>=0; /* This is seriously wierd shit. I got to do this to get a proper unsigned comparison... */ - if (pdiff<t) this.borrow=0; - if (pdiff>t) this.borrow=1; - this.ira[i]=(pdiff|0); - } - return this.ira[0]; - }, - - sirand: function(seed) - { - var i,inn; - var t,m=1; - this.borrow=0; - this.rndptr=0; - seed>>>=0; - this.ira[0]^=seed; - - for (i=1;i<this.NK;i++) - { /* fill initialisation vector */ - inn=(this.NV*i)%this.NK; - this.ira[inn]^=m; /* note XOR */ - t=m; - m=(seed-m)|0; - seed=t; - } - - for (i=0;i<10000;i++) this.sbrand(); /* "warm-up" & stir the generator */ - }, - - fill_pool: function() - { - var sh=new HASH(); - for (var i=0;i<128;i++) sh.process(this.sbrand()); - this.pool=sh.hash(); - this.pool_ptr=0; - }, - -/* Initialize RNG with some real entropy from some external source */ - seed: function(rawlen,raw) - { /* initialise from at least 128 byte string of raw random entropy */ - var i; - var digest=[]; - var b=[]; - var sh=new HASH(); - this.pool_ptr=0; - for (i=0;i<this.NK;i++) this.ira[i]=0; - if (rawlen>0) - { - for (i=0;i<rawlen;i++) - sh.process(raw[i]); - digest=sh.hash(); - -/* initialise PRNG from distilled randomness */ - for (i=0;i<8;i++) - { - b[0]=digest[4*i]; b[1]=digest[4*i+1]; b[2]=digest[4*i+2]; b[3]=digest[4*i+3]; - this.sirand(RAND.pack(b)); - } - } - this.fill_pool(); - }, - -/* get random byte */ - getByte: function() - { - var r=this.pool[this.pool_ptr++]; - if (this.pool_ptr>=32) this.fill_pool(); - return (r&0xff); - } -}; - -RAND.pack= function(b) -{ /* pack 4 bytes into a 32-bit Word */ - return (((b[3])&0xff)<<24)|((b[2]&0xff)<<16)|((b[1]&0xff)<<8)|(b[0]&0xff); -}; - http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/ROM.js ---------------------------------------------------------------------- diff --git a/js/ROM.js b/js/ROM.js deleted file mode 100755 index 7a91844..0000000 --- a/js/ROM.js +++ /dev/null @@ -1,620 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -/* Fixed Data in ROM - Field and Curve parameters */ - -var ROM={ - NLEN: 11, - BASEBITS: 24, - CHUNK: 32, - MODBYTES: 32, - MODINV: 0.000000059604644775390625, - -/* Field Type */ - NOT_SPECIAL: 0, - PSEUDO_MERSENNE: 1, - MONTGOMERY_FRIENDLY: 3, - -/* Curve Type */ - WEIERSTRASS: 0, - EDWARDS: 1, - MONTGOMERY: 2, - - USE_GLV: false, - USE_GS_G2: false, - USE_GS_GT: true, - GT_STRONG: false, - -/* Finite field support - for RSA, DH etc. */ - FF_BITS: 2048, /* Finite Field Size in bits - must be 256.2^n */ - -/*** Enter Some Field details here ***/ -/* C25519 */ -// MODBITS: 255, /* Number of bits in Modulus */ -// MOD8: 5, /* Modulus mod 8 */ - -/* NIST Curve */ -/* Brainpool */ -// MODBITS: 256, -// MOD8: 7, - -/* BN */ - MODBITS: 254, - MOD8: 3, - -/* MF254 */ -// MODBITS: 254, -// MOD8: 7, - -/* MS255 */ -//MODBITS: 255, -//MOD8: 3, - -/* MF256 */ -// MODBITS: 256, -// MOD8: 7, - -/* MS256 */ -//MODBITS: 256, -//MOD8: 3, - -/* ANSSI */ -// MODBITS: 256, -// MOD8: 3, - - -/* Specify Field here */ - -/* C25519 */ -// MODTYPE: 1, -// Modulus: [0xFFFFED,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x7FFF], -// MConst: 19, - -/* BNCX */ - MODTYPE:0, - Modulus: [0x1B55B3,0x23EF5C,0xE1BE66,0x18093E,0x3FD6EE,0x66D324,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400], - MConst:0x789E85, - -/* BN Curve */ -//MODTYPE:0, -//Modulus: [0x13,0x0,0x13A700,0x0,0x210000,0x861,0x800000,0xBA344D,0x1,0x648240,0x2523], -//MConst:0x9435E5, - -/* BNT Curve */ -//MODTYPE:0, -//Modulus: [0xB4A713,0xBBFEEE,0xBABE9D,0x14F464,0x8A5556,0xD5F06E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401], -//MConst:0x14C4E5, - -/* BNT2 */ -//MODTYPE:0, -//Modulus: [0x60A48B,0xDC2BB4,0x51E8B2,0x28F0D6,0xCF93E4,0xD00081,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400], -//MConst:0x505CDD, - -/* NIST Modulus */ -// MODTYPE:0, -// Modulus: [0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x0,0x0,0x0,0x0,0x1,0xFFFF00,0xFFFF], -// MConst:0x1, - -/* MF254 Modulus */ -// MODTYPE:3, -// Modulus: [0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3F80], -// MConst:0x3F81, - -/* MS255 Modulus */ -//MODTYPE:1, -//Modulus: [0xFFFD03,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x7FFF], -//MConst:0x2FD, - -/* MS256 Modulus */ -//MODTYPE:1, -//Modulus: [0xFFFF43,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFF], -//MConst:0xBD, - -/* MF256 Modulus */ -//MODTYPE:3, -//Modulus: [0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFA7], -//MConst:0xFFA8, - -/* Brainpool Modulus */ -// MODTYPE:0, -// Modulus: [0x6E5377,0x481D1F,0x282013,0xD52620,0x3BF623,0x8D726E,0x909D83,0x3E660A,0xEEA9BC,0x57DBA1,0xA9FB], -// MConst:0xFD89B9, - -/* ANSSI Modulus */ -// MODTYPE:0, -// Modulus: [0x6E9C03,0xF353D8,0x6DE8FC,0xABC8CA,0x61ADBC,0x435B39,0xE8CE42,0x10126D,0x3AD58F,0x178C0B,0xF1FD], -// MConst:0x4E1155, - -/* Specify Curve here */ - -/* ED25519 Edwards */ -// CURVETYPE: 1, -// CURVE_A : -1, -// CURVE_B : [0x5978A3,0x4DCA13,0xAB75EB,0x4141D8,0x700A4D,0xE89800,0x797779,0x8CC740,0x6FFE73,0x6CEE2B,0x5203], -// CURVE_Order: [0xF5D3ED,0x631A5C,0xD65812,0xA2F79C,0xDEF9DE,0x14,0x0,0x0,0x0,0x0,0x1000], -// CURVE_Gx: [0x25D51A,0x2D608F,0xB2C956,0x9525A7,0x2CC760,0xDC5C69,0x31FDD6,0xC0A4E2,0x6E53FE,0x36D3CD,0x2169], -// CURVE_Gy: [0x666658,0x666666,0x666666,0x666666,0x666666,0x666666,0x666666,0x666666,0x666666,0x666666,0x6666], - -/* Curve25519 */ -// CURVETYPE: 2, -// CURVE_A : 486662, -// CURVE_B : [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -// CURVE_Order: [0xF5D3ED,0x631A5C,0xD65812,0xA2F79C,0xDEF9DE,0x14,0x0,0x0,0x0,0x0,0x1000], -// CURVE_Gx: [0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -// CURVE_Gy: [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - -/* NIST Curve */ -// CURVETYPE:0, -// CURVE_A : -3, -// CURVE_B : [0xD2604B,0x3C3E27,0xF63BCE,0xCC53B0,0x1D06B0,0x86BC65,0x557698,0xB3EBBD,0x3A93E7,0x35D8AA,0x5AC6], -// CURVE_Order:[0x632551,0xCAC2FC,0x84F3B9,0xA7179E,0xE6FAAD,0xFFFFBC,0xFFFFFF,0xFFFFFF,0x0,0xFFFF00,0xFFFF], -// CURVE_Gx :[0x98C296,0x3945D8,0xA0F4A1,0x2DEB33,0x37D81,0x40F277,0xE563A4,0xF8BCE6,0x2C4247,0xD1F2E1,0x6B17], -// CURVE_Gy :[0xBF51F5,0x406837,0xCECBB6,0x6B315E,0xCE3357,0x9E162B,0x4A7C0F,0x8EE7EB,0x1A7F9B,0x42E2FE,0x4FE3], - -/* MF254 Modulus, Weierstrass Curve */ -//CURVETYPE:0, -//CURVE_A : -3, -//CURVE_B : [0xFFD08D,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3F80], -//CURVE_Order:[0x8DF83F,0x19C4AF,0xC06FA4,0xDA375,0x818BEA,0xFFFFEB,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3F80], -//CURVE_Gx :[0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -//CURVE_Gy :[0xD4EBC,0xDF37F9,0x31AD65,0xF85119,0xB738E3,0x8AEBDF,0x75BD77,0x4AE15A,0x2E5601,0x3FD33B,0x140E], - -/* MF254 Modulus, Edwards Curve */ -//CURVETYPE:1, -//CURVE_A : -1, -//CURVE_B : [0x367B,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -//CURVE_Order:[0x6E98C7,0xD3FEC4,0xB0EAF3,0x8BD62F,0x95306C,0xFFFFEB,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FFFFF,0xFE0], -//CURVE_Gx :[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -//CURVE_Gy :[0x2701E5,0xD0FDAF,0x187C52,0xE3212,0x329A84,0x3F4E36,0xD50236,0x951D00,0xA4C335,0xE690D6,0x19F0], - - -/* MF254 Modulus, Montgomery Curve */ -// CURVETYPE: 2, -// CURVE_A : -55790, -// CURVE_B : [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -// CURVE_Order: [0x6E98C7,0xD3FEC4,0xB0EAF3,0x8BD62F,0x95306C,0xFFFFEB,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FFFFF,0xFE0], -// CURVE_Gx: [0x3,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -// CURVE_Gy: [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - -/* MS255 Modulus, Weierstrass Curve */ -//CURVETYPE:0, -//CURVE_A : -3, -//CURVE_B : [0xFFAB46,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x7FFF], -//CURVE_Order:[0x594AEB,0xAC983C,0xDFAB8F,0x3AD2B3,0x4A3828,0xFFFF86,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x7FFF], -//CURVE_Gx :[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -//CURVE_Gy :[0xCB44BA,0xFF6769,0xD1733,0xDDFDA6,0xB6C78C,0x7D177D,0xF9B2FF,0x921EBF,0xBA7833,0x6AC0ED,0x6F7A], - -/* MS255 Modulus, Edwards Curve */ -//CURVETYPE:1, -//CURVE_A : -1, -//CURVE_B : [0xEA97,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -//CURVE_Order:[0x36EB75,0xD1ED04,0x2EAC49,0xEDA683,0xF1A785,0xFFFFDC,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x1FFF], -//CURVE_Gx :[0x4,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -//CURVE_Gy :[0x8736A0,0x255BD0,0x45BA2A,0xED445A,0x914B8A,0x47E552,0xDD8E0C,0xEC254C,0x7BB545,0x78534A,0x26CB], - -/* MS255 Modulus, Montgomery Curve */ -// CURVETYPE: 2, -// CURVE_A : -240222, -// CURVE_B : [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -// CURVE_Order: [0x36EB75,0xD1ED04,0x2EAC49,0xEDA683,0xF1A785,0xFFFFDC,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x1FFF], -// CURVE_Gx: [0x4,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -// CURVE_Gy: [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - -/* MS256 Modulus, Weierstrass Curve */ -//CURVETYPE:0, -//CURVE_A : -3, -//CURVE_B : [0x25581,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -//CURVE_Order:[0x51A825,0x202947,0x6020AB,0xEA265C,0x3C8275,0xFFFFE4,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFF], -//CURVE_Gx :[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -//CURVE_Gy :[0xB56C77,0x6306C2,0xC10BF4,0x75894E,0x2C2F93,0xDD6BD0,0x6CCEEE,0xFC82C9,0xE466D7,0x1853C1,0x696F], - -/* MS256 Modulus, Edwards Curve */ -//CURVETYPE:1, -//CURVE_A : -1, -//CURVE_B : [0x3BEE,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -//CURVE_Order:[0x22B4AD,0x4E6F11,0x64E5B8,0xD0A6BC,0x6AA55A,0xFFFFBE,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FFF], -//CURVE_Gx :[0xD,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -//CURVE_Gy :[0x1CADBA,0x6FB533,0x3F707F,0x824D30,0x2A6D63,0x46BFBE,0xB39FA0,0xA3D330,0x1276DB,0xB41E2A,0x7D0A], - -/* MS256 Modulus, Montgomery Curve */ -// CURVETYPE: 2, -// CURVE_A : -61370, -// CURVE_B : [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -// CURVE_Order:[0x22B4AD,0x4E6F11,0x64E5B8,0xD0A6BC,0x6AA55A,0xFFFFBE,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FFF], -// CURVE_Gx: [0xb,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -// CURVE_Gy: [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - -/* MF256 Modulus, Weierstrass Curve */ -//CURVETYPE:0, -//CURVE_A : -3, -//CURVE_B : [0x14E6A,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -//CURVE_Order:[0x9857EB,0xC5E1A7,0x4B9D10,0xE6E507,0x517513,0xFFFFFC,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFA7], -//CURVE_Gx :[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -//CURVE_Gy :[0x724D2A,0x954C2B,0x661007,0x8D94DC,0x6947EB,0xAE2895,0x26123D,0x7BABBA,0x1808CE,0x7C87BE,0x2088], - -/* MF256 Modulus, Edwards Curve */ -//CURVETYPE:1, -//CURVE_A : -1, -//CURVE_B : [0x350A,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -//CURVE_Order:[0xEC7BAB,0x2EDED8,0xC966D9,0xB86733,0x54BBAF,0xFFFFB1,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FE9], -//CURVE_Gx :[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -//CURVE_Gy :[0xF3C908,0xA722F2,0x8D7DEA,0x8DFEA6,0xC05E64,0x1AACA0,0xF3DB2C,0xEAEBEE,0xCC4D5A,0xD4F8F8,0xDAD8], - -/* MF256 Modulus, Montgomery Curve */ -// CURVETYPE: 2, -// CURVE_A : -54314, -// CURVE_B : [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -// CURVE_Order:[0xEC7BAB,0x2EDED8,0xC966D9,0xB86733,0x54BBAF,0xFFFFB1,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FE9], -// CURVE_Gx: [0x8,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -// CURVE_Gy: [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - -/* Brainpool */ -// CURVETYPE:0, -// CURVE_A : -3, -// CURVE_B : [0xE92B04,0x8101FE,0x256AE5,0xAF2F49,0x93EBC4,0x76B7BF,0x733D0B,0xFE66A7,0xD84EA4,0x61C430,0x662C], -// CURVE_Order:[0x4856A7,0xE8297,0xF7901E,0xB561A6,0x397AA3,0x8D718C,0x909D83,0x3E660A,0xEEA9BC,0x57DBA1,0xA9FB], -// CURVE_Gx :[0x1305F4,0x91562E,0x2B79A1,0x7AAFBC,0xA142C4,0x6149AF,0xB23A65,0x732213,0xCFE7B7,0xEB3CC1,0xA3E8], -// CURVE_Gy :[0x25C9BE,0xE8F35B,0x1DAB,0x39D027,0xBCB6DE,0x417E69,0xE14644,0x7F7B22,0x39C56D,0x6C8234,0x2D99], - -/* ANSSI */ -// CURVETYPE:0, -// CURVE_A : -3, -// CURVE_B : [0x7BB73F,0xED967B,0x803075,0xE4B1A1,0xEC0C9A,0xC00FDF,0x754A44,0xD4ABA,0x28A930,0x3FCA54,0xEE35], -// CURVE_Order:[0xD655E1,0xD459C6,0x941FFD,0x40D2BF,0xDC67E1,0x435B53,0xE8CE42,0x10126D,0x3AD58F,0x178C0B,0xF1FD], -// CURVE_Gx :[0x8F5CFF,0x7A2DD9,0x164C9,0xAF98B7,0x27D2DC,0x23958C,0x4749D4,0x31183D,0xC139EB,0xD4C356,0xB6B3], -// CURVE_Gy :[0x62CFB,0x5A1554,0xE18311,0xE8E4C9,0x1C307,0xEF8C27,0xF0F3EC,0x1F9271,0xB20491,0xE0F7C8,0x6142], - - -/* BNCX Curve */ - - CURVETYPE:0, - CURVE_A : 0, - CURVE_B : [0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - CURVE_Order:[0xEB1F6D,0xC0A636,0xCEBE11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400], - CURVE_Bnx:[0xC012B1,0x3,0x4000], - CURVE_Cru:[0x235C97,0x931794,0x5631E0,0x71EF87,0xBDDF64,0x3F1440,0xCA8,0x480000], - CURVE_Fra:[0xC80EA3,0x83355,0x215BD9,0xF173F8,0x677326,0x189868,0x8AACA7,0xAFE18B,0x3A0164,0x82FA6,0x1359], - CURVE_Frb:[0x534710,0x1BBC06,0xC0628D,0x269546,0xD863C7,0x4E3ABB,0xD9CDBC,0xDC53,0x3628A9,0xF7D062,0x10A6], - CURVE_Pxa:[0xD2EC74,0x1CEEE4,0x26C085,0xA03E27,0x7C85BF,0x4BBB90,0xF5C3,0x358B25,0x53B256,0x2D2C70,0x1968], - CURVE_Pxb:[0x29CFE1,0x8E8B2E,0xF47A5,0xC209C3,0x1B97B0,0x9743F8,0x37A8E9,0xA011C9,0x19F64A,0xB9EC3E,0x1466], - CURVE_Pya:[0xBE09F,0xFCEBCF,0xB30CFB,0x847EC1,0x61B33D,0xE20963,0x157DAE,0xD81E22,0x332B8D,0xEDD972,0xA79], - CURVE_Pyb:[0x98EE9D,0x4B2288,0xEBED90,0x69D2ED,0x864EA5,0x3461C2,0x512D8D,0x35C6E4,0xC4C090,0xC39EC,0x616], - CURVE_Gx :[0x1B55B2,0x23EF5C,0xE1BE66,0x18093E,0x3FD6EE,0x66D324,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400], - CURVE_Gy :[0x1], - -// Arrays must be padded! - - CURVE_W:[[0x2FEB83,0x634916,0x120054,0xB4038,0x0,0x60,0x0,0x0,0x0,0x0,0x0],[0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]], - CURVE_SB:[[[0xB010E4,0x63491D,0x128054,0xB4038,0x0,0x60,0x0,0x0,0x0,0x0,0x0], - [0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]], - [[0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - [0xBB33EA,0x5D5D20,0xBCBDBD,0x188CE,0x3FD6EE,0x66D264,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400]]], - CURVE_WB:[[0x7A84B0,0x211856,0xB0401C,0x3C012,0x0,0x20,0x0,0x0,0x0,0x0,0x0], - [0x220475,0xF995BE,0x9A36CD,0xA8CA7F,0x7E94ED,0x2A0DC0,0x870,0x300000,0x0,0x0,0x0], - [0xF10B93,0xFCCAE0,0xCD3B66,0xD4653F,0x3F4A76,0x1506E0,0x438,0x180000,0x0,0x0,0x0], - [0xFAAA11,0x21185D,0xB0C01C,0x3C012,0x0,0x20,0x0,0x0,0x0,0x0,0x0]], - CURVE_BB:[[[0x2B0CBD,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400], - [0x2B0CBC,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400], - [0x2B0CBC,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400], - [0x802562,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]], - [[0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - [0x2B0CBC,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400], - [0x2B0CBD,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400], - [0x2B0CBC,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400]], - [[0x802562,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - [0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - [0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - [0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]], - [[0xC012B2,0x3,0x4000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - [0x4AC2,0xF,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - [0x6AFA0A,0xC0A62F,0xCE3E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400], - [0xC012B2,0x3,0x4000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]]], - -/* BNT Curve */ -/* -CURVETYPE:0, -CURVE_A : 0, -CURVE_B : [0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -CURVE_Order:[0x30210D,0x777E8D,0x363A75,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401], -CURVE_Bnx:[0x4081,0x806000,0x4000], -CURVE_Cru:[0x4FCD87,0x53D5AB,0x1FADEB,0xF2BAB1,0x4C82A5,0x4C976,0x476515,0x4801B1], -CURVE_Fra:[0xC80022,0xD14EAD,0xE359F5,0xD6FACC,0x6C4904,0x3211BE,0xF190A1,0x4F6509,0xBBC439,0xA292C9,0x1328], -CURVE_Frb:[0xECA6F1,0xEAB040,0xD764A7,0x3DF997,0x1E0C51,0xA3DEB0,0x450657,0xAAA6A1,0x5B3D15,0x7E489B,0x10D8], -CURVE_Pxa:[0x8E65BB,0x87E228,0x13BE89,0x1CAA63,0xCC00AD,0x548B7C,0x325041,0xBCC055,0xC1339E,0x3FCD04,0x1448], -CURVE_Pxb:[0xDBE2C0,0x888808,0x853A67,0xF81E34,0x957FE1,0x51B57B,0xA631A,0xDA3FC5,0x4EC302,0x46B338,0x87F], -CURVE_Pya:[0x20CA1D,0x2C47E0,0xF36C20,0x7E8399,0x4CB416,0x9F72C9,0xC6E543,0x4A2C69,0x2B0BD7,0xC29C10,0x14E8], -CURVE_Pyb:[0x6628F2,0x437C71,0xDC6BD8,0x67BCB7,0xA27E1,0x72681D,0xA82C75,0xEDEC18,0x454BD1,0xE2A462,0x17AF], -CURVE_Gx :[0xB4A712,0xBBFEEE,0xBABE9D,0x14F464,0x8A5556,0xD5F06E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401], -CURVE_Gy :[0x1], -CURVE_W:[[0x838403,0x430061,0x838426,0x824199,0x18121,0x60],[0x8101,0xC000,0x8001]], -CURVE_SB:[[[0x840504,0x43C061,0x840427,0x824199,0x18121,0x60],[0x8101,0xC000,0x8001]],[[0x8101,0xC000,0x8001],[0xAC9D0A,0x347E2B,0xB2B64F,0x107131,0x875313,0xD5EFAE,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401]]], -CURVE_WB:[[0x80C080,0x406020,0x80C161,0x80C088,0x8060,0x20],[0x8C4A85,0x390408,0x6C36B5,0xA352DC,0xDEAD2F,0x58868E,0xDA4363,0x300120],[0x464583,0xDCB204,0x363B5A,0xD1A96E,0x6F5697,0xAC4347,0x6D21B1,0x180090],[0x814181,0x412020,0x814162,0x80C088,0x8060,0x20]], -CURVE_BB:[[[0x2FE08D,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],[0x2FE08C,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],[0x2FE08C,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],[0x8102,0xC000,0x8001]],[[0x8101,0xC000,0x8001],[0x2FE08C,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],[0x2FE08D,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],[0x2FE08C,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401]],[[0x8102,0xC000,0x8001],[0x8101,0xC000,0x8001],[0x8101,0xC000,0x8001],[0x8101,0xC000,0x8001]],[[0x4082,0x806000,0x4000],[0x10202,0x18000,0x10002],[0x2FA00A,0x76BE8D,0x35BA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],[0x4082,0x806000,0x4000]]], - -*/ - -/* BNT2 Curve */ -/* -CURVETYPE:0, -CURVE_A : 0, -CURVE_B : [0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -CURVE_Order:[0xAA2BF5,0x71A511,0x33D7FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400], -CURVE_Bnx:[0x608205,0x20100,0x4000], -CURVE_Cru:[0x66BD33,0x274448,0xEFB50,0x301647,0x755B77,0xECF236,0xC3617B,0x480006], -CURVE_Fra:[0xAEF062,0x68C973,0xE492B2,0x33C3BC,0xBCC69B,0x7F195B,0xF67FA3,0xBD0A41,0xE8CAB6,0xB8D29,0x124E], -CURVE_Frb:[0xB1B429,0x736240,0x6D5600,0xF52D19,0x12CD48,0x50E726,0x18BBE6,0xFA43DE,0x268FF6,0xF8F517,0x11B1], -CURVE_Pxa:[0x40A3C8,0x92399F,0x784ACC,0xE96611,0x35CDA4,0x61706B,0x7B0569,0x8279D7,0x93C631,0x17CF96,0x16FC], -CURVE_Pxb:[0x549540,0x7A8AD8,0x61055,0xE6F651,0xDB6F7B,0xA95D17,0x565907,0x9C8188,0x597590,0xB500BD,0x1EB5], -CURVE_Pya:[0x220513,0xECC514,0x7B147B,0x860E73,0x844A78,0x35F126,0x51B839,0x9D4DFA,0x1422AA,0xE49876,0x1E8E], -CURVE_Pyb:[0x7CE78E,0x328F57,0x781FB9,0xE26FA5,0x7EB746,0x1FB8E2,0xA93DBC,0xA29D76,0xE33BDB,0xF4CDBA,0x23CE], -CURVE_Gx :[0x60A48A,0xDC2BB4,0x51E8B2,0x28F0D6,0xCF93E4,0xD00081,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400], -CURVE_Gy :[0x1], -CURVE_W:[[0x347083,0x6282A1,0x1D10B7,0x1399E,0x603,0x60],[0xC10409,0x40200,0x8000]], -CURVE_SB:[[[0xF5748C,0x6684A1,0x1D90B7,0x1399E,0x603,0x60],[0xC10409,0x40200,0x8000]],[[0xC10409,0x40200,0x8000],[0x75BB72,0xF2270,0x16C744,0x267D9A,0xCF87DE,0xCFFFC1,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400]]], -CURVE_WB:[[0x70A224,0x72D48A,0x94592,0x688A,0x201,0x20],[0x30EF19,0x572CF0,0x721D5A,0x763543,0xA39651,0x48A1B9,0x8240FD,0x300004],[0x48B88F,0x2C96F8,0xB92EAD,0xBB1AA1,0xD1CB28,0xA450DC,0x41207E,0x180002],[0x31A62D,0x76D68B,0x9C592,0x688A,0x201,0x20]], -CURVE_BB:[[[0x49A9F1,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],[0x49A9F0,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],[0x49A9F0,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],[0xC1040A,0x40200,0x8000]],[[0xC10409,0x40200,0x8000],[0x49A9F0,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],[0x49A9F1,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],[0x49A9F0,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400]],[[0xC1040A,0x40200,0x8000],[0xC10409,0x40200,0x8000],[0xC10409,0x40200,0x8000],[0xC10409,0x40200,0x8000]],[[0x608206,0x20100,0x4000],[0x820812,0x80401,0x10000],[0xE927EA,0x6DA310,0x3357FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],[0x608206,0x20100,0x4000]]], -*/ - -/* BN Curve */ -/* -CURVETYPE:0, -CURVE_A : 0, -CURVE_B : [0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -CURVE_Order:[0xD,0x0,0x10A100,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523], -CURVE_Bnx:[0x1,0x0,0x4080], -CURVE_Cru:[0x7,0x0,0x6CD80,0x0,0x90000,0x249,0x400000,0x49B362], -CURVE_Fra:[0x2A6DE9,0xE6C06F,0xC2E17D,0x4D3F77,0x97492,0x953F85,0x50A846,0xB6499B,0x2E7C8C,0x761921,0x1B37], -CURVE_Frb:[0xD5922A,0x193F90,0x50C582,0xB2C088,0x178B6D,0x6AC8DC,0x2F57B9,0x3EAB2,0xD18375,0xEE691E,0x9EB], -CURVE_Pxa:[0xFD0CB4,0x2C7935,0x7C2BAB,0xE4FCC5,0xA5E319,0x763B05,0x24F6DF,0x335FB7,0x5EA7EA,0x4D4F5,0x95B], -CURVE_Pxb:[0x962455,0x7D0790,0x5E38A0,0x3D27AA,0x6D86BE,0x47F39D,0x89E057,0x9D42BF,0x8347B4,0xD8A7C0,0x5D4], -CURVE_Pya:[0x8A46C,0xCE687A,0x91F9AD,0xE98A41,0x82B30,0xB1F169,0x4C3784,0xA16D1C,0xE5313F,0x2ABF25,0xABF], -CURVE_Pyb:[0xF306EC,0x88D405,0xA0E6DF,0x6ADD13,0x48207,0x9D6A5C,0x1E4781,0xB38627,0x79DABD,0x9A87E6,0x1876], -CURVE_Gx :[0x12,0x0,0x13A700,0x0,0x210000,0x861,0x800000,0xBA344D,0x1,0x648240,0x2523], -CURVE_Gy :[0x1], -CURVE_W:[[0x3,0x0,0x20400,0x0,0x818000,0x61],[0x1,0x0,0x8100]], -CURVE_SB:[[[0x4,0x0,0x28500,0x0,0x818000,0x61],[0x1,0x0,0x8100]],[[0x1,0x0,0x8100],[0xA,0x0,0xE9D00,0x0,0x1E0000,0x79E,0x800000,0xBA344D,0x1,0x648240,0x2523]]], -CURVE_WB:[[0x0,0x0,0x4080,0x0,0x808000,0x20],[0x5,0x0,0x54A80,0x0,0x70000,0x1C7,0x800000,0x312241],[0x3,0x0,0x2C580,0x0,0x838000,0xE3,0xC00000,0x189120],[0x1,0x0,0xC180,0x0,0x808000,0x20]], -CURVE_BB:[[[0xD,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0xC,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0xC,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0x2,0x0,0x8100]],[[0x1,0x0,0x8100],[0xC,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0xD,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0xC,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523]],[[0x2,0x0,0x8100],[0x1,0x0,0x8100],[0x1,0x0,0x8100],[0x1,0x0,0x8100]],[[0x2,0x0,0x4080],[0x2,0x0,0x10200],[0xA,0x0,0x102000,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0x2,0x0,0x4080]]], - -*/ - - debug: false, - -// HASH constants - - H0:0x6A09E667, - H1:0xBB67AE85, - H2:0x3C6EF372, - H3:0xA54FF53A, - H4:0x510E527F, - H5:0x9B05688C, - H6:0x1F83D9AB, - H7:0x5BE0CD19, - - HK:[0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, - 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, - 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, - 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, - 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, - 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, - 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, - 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2], - -// AES constants - - ECB:0, - CBC:1, - CFB1:2, - CFB2:3, - CFB4:5, - OFB1:14, - OFB2:15, - OFB4:17, - OFB8:21, - OFB16:29, - - InCo:[0xB,0xD,0x9,0xE], /* Inverse Coefficients */ - rco:[1,2,4,8,16,32,64,128,27,54,108,216,171,77,154,47], - - ptab:[ - 1,3,5,15,17,51,85,255,26,46,114,150,161,248,19,53, - 95,225,56,72,216,115,149,164,247,2,6,10,30,34,102,170, - 229,52,92,228,55,89,235,38,106,190,217,112,144,171,230,49, - 83,245,4,12,20,60,68,204,79,209,104,184,211,110,178,205, - 76,212,103,169,224,59,77,215,98,166,241,8,24,40,120,136, - 131,158,185,208,107,189,220,127,129,152,179,206,73,219,118,154, - 181,196,87,249,16,48,80,240,11,29,39,105,187,214,97,163, - 254,25,43,125,135,146,173,236,47,113,147,174,233,32,96,160, - 251,22,58,78,210,109,183,194,93,231,50,86,250,21,63,65, - 195,94,226,61,71,201,64,192,91,237,44,116,156,191,218,117, - 159,186,213,100,172,239,42,126,130,157,188,223,122,142,137,128, - 155,182,193,88,232,35,101,175,234,37,111,177,200,67,197,84, - 252,31,33,99,165,244,7,9,27,45,119,153,176,203,70,202, - 69,207,74,222,121,139,134,145,168,227,62,66,198,81,243,14, - 18,54,90,238,41,123,141,140,143,138,133,148,167,242,13,23, - 57,75,221,124,132,151,162,253,28,36,108,180,199,82,246,1 - ], - ltab:[ - 0,255,25,1,50,2,26,198,75,199,27,104,51,238,223,3, - 100,4,224,14,52,141,129,239,76,113,8,200,248,105,28,193, - 125,194,29,181,249,185,39,106,77,228,166,114,154,201,9,120, - 101,47,138,5,33,15,225,36,18,240,130,69,53,147,218,142, - 150,143,219,189,54,208,206,148,19,92,210,241,64,70,131,56, - 102,221,253,48,191,6,139,98,179,37,226,152,34,136,145,16, - 126,110,72,195,163,182,30,66,58,107,40,84,250,133,61,186, - 43,121,10,21,155,159,94,202,78,212,172,229,243,115,167,87, - 175,88,168,80,244,234,214,116,79,174,233,213,231,230,173,232, - 44,215,117,122,235,22,11,245,89,203,95,176,156,169,81,160, - 127,12,246,111,23,196,73,236,216,67,31,45,164,118,123,183, - 204,187,62,90,251,96,177,134,59,82,161,108,170,85,41,157, - 151,178,135,144,97,190,220,252,188,149,207,205,55,63,91,209, - 83,57,132,60,65,162,109,71,20,42,158,93,86,242,211,171, - 68,17,146,217,35,32,46,137,180,124,184,38,119,153,227,165, - 103,74,237,222,197,49,254,24,13,99,140,128,192,247,112,7 - ], - fbsub:[ - 99,124,119,123,242,107,111,197,48,1,103,43,254,215,171,118, - 202,130,201,125,250,89,71,240,173,212,162,175,156,164,114,192, - 183,253,147,38,54,63,247,204,52,165,229,241,113,216,49,21, - 4,199,35,195,24,150,5,154,7,18,128,226,235,39,178,117, - 9,131,44,26,27,110,90,160,82,59,214,179,41,227,47,132, - 83,209,0,237,32,252,177,91,106,203,190,57,74,76,88,207, - 208,239,170,251,67,77,51,133,69,249,2,127,80,60,159,168, - 81,163,64,143,146,157,56,245,188,182,218,33,16,255,243,210, - 205,12,19,236,95,151,68,23,196,167,126,61,100,93,25,115, - 96,129,79,220,34,42,144,136,70,238,184,20,222,94,11,219, - 224,50,58,10,73,6,36,92,194,211,172,98,145,149,228,121, - 231,200,55,109,141,213,78,169,108,86,244,234,101,122,174,8, - 186,120,37,46,28,166,180,198,232,221,116,31,75,189,139,138, - 112,62,181,102,72,3,246,14,97,53,87,185,134,193,29,158, - 225,248,152,17,105,217,142,148,155,30,135,233,206,85,40,223, - 140,161,137,13,191,230,66,104,65,153,45,15,176,84,187,22 - ], - rbsub:[ - 82,9,106,213,48,54,165,56,191,64,163,158,129,243,215,251, - 124,227,57,130,155,47,255,135,52,142,67,68,196,222,233,203, - 84,123,148,50,166,194,35,61,238,76,149,11,66,250,195,78, - 8,46,161,102,40,217,36,178,118,91,162,73,109,139,209,37, - 114,248,246,100,134,104,152,22,212,164,92,204,93,101,182,146, - 108,112,72,80,253,237,185,218,94,21,70,87,167,141,157,132, - 144,216,171,0,140,188,211,10,247,228,88,5,184,179,69,6, - 208,44,30,143,202,63,15,2,193,175,189,3,1,19,138,107, - 58,145,17,65,79,103,220,234,151,242,207,206,240,180,230,115, - 150,172,116,34,231,173,53,133,226,249,55,232,28,117,223,110, - 71,241,26,113,29,41,197,137,111,183,98,14,170,24,190,27, - 252,86,62,75,198,210,121,32,154,219,192,254,120,205,90,244, - 31,221,168,51,136,7,199,49,177,18,16,89,39,128,236,95, - 96,81,127,169,25,181,74,13,45,229,122,159,147,201,156,239, - 160,224,59,77,174,42,245,176,200,235,187,60,131,83,153,97, - 23,43,4,126,186,119,214,38,225,105,20,99,85,33,12,125 - ], - ftable:[ - 0xa56363c6,0x847c7cf8,0x997777ee,0x8d7b7bf6,0xdf2f2ff,0xbd6b6bd6, - 0xb16f6fde,0x54c5c591,0x50303060,0x3010102,0xa96767ce,0x7d2b2b56, - 0x19fefee7,0x62d7d7b5,0xe6abab4d,0x9a7676ec,0x45caca8f,0x9d82821f, - 0x40c9c989,0x877d7dfa,0x15fafaef,0xeb5959b2,0xc947478e,0xbf0f0fb, - 0xecadad41,0x67d4d4b3,0xfda2a25f,0xeaafaf45,0xbf9c9c23,0xf7a4a453, - 0x967272e4,0x5bc0c09b,0xc2b7b775,0x1cfdfde1,0xae93933d,0x6a26264c, - 0x5a36366c,0x413f3f7e,0x2f7f7f5,0x4fcccc83,0x5c343468,0xf4a5a551, - 0x34e5e5d1,0x8f1f1f9,0x937171e2,0x73d8d8ab,0x53313162,0x3f15152a, - 0xc040408,0x52c7c795,0x65232346,0x5ec3c39d,0x28181830,0xa1969637, - 0xf05050a,0xb59a9a2f,0x907070e,0x36121224,0x9b80801b,0x3de2e2df, - 0x26ebebcd,0x6927274e,0xcdb2b27f,0x9f7575ea,0x1b090912,0x9e83831d, - 0x742c2c58,0x2e1a1a34,0x2d1b1b36,0xb26e6edc,0xee5a5ab4,0xfba0a05b, - 0xf65252a4,0x4d3b3b76,0x61d6d6b7,0xceb3b37d,0x7b292952,0x3ee3e3dd, - 0x712f2f5e,0x97848413,0xf55353a6,0x68d1d1b9,0x0,0x2cededc1, - 0x60202040,0x1ffcfce3,0xc8b1b179,0xed5b5bb6,0xbe6a6ad4,0x46cbcb8d, - 0xd9bebe67,0x4b393972,0xde4a4a94,0xd44c4c98,0xe85858b0,0x4acfcf85, - 0x6bd0d0bb,0x2aefefc5,0xe5aaaa4f,0x16fbfbed,0xc5434386,0xd74d4d9a, - 0x55333366,0x94858511,0xcf45458a,0x10f9f9e9,0x6020204,0x817f7ffe, - 0xf05050a0,0x443c3c78,0xba9f9f25,0xe3a8a84b,0xf35151a2,0xfea3a35d, - 0xc0404080,0x8a8f8f05,0xad92923f,0xbc9d9d21,0x48383870,0x4f5f5f1, - 0xdfbcbc63,0xc1b6b677,0x75dadaaf,0x63212142,0x30101020,0x1affffe5, - 0xef3f3fd,0x6dd2d2bf,0x4ccdcd81,0x140c0c18,0x35131326,0x2fececc3, - 0xe15f5fbe,0xa2979735,0xcc444488,0x3917172e,0x57c4c493,0xf2a7a755, - 0x827e7efc,0x473d3d7a,0xac6464c8,0xe75d5dba,0x2b191932,0x957373e6, - 0xa06060c0,0x98818119,0xd14f4f9e,0x7fdcdca3,0x66222244,0x7e2a2a54, - 0xab90903b,0x8388880b,0xca46468c,0x29eeeec7,0xd3b8b86b,0x3c141428, - 0x79dedea7,0xe25e5ebc,0x1d0b0b16,0x76dbdbad,0x3be0e0db,0x56323264, - 0x4e3a3a74,0x1e0a0a14,0xdb494992,0xa06060c,0x6c242448,0xe45c5cb8, - 0x5dc2c29f,0x6ed3d3bd,0xefacac43,0xa66262c4,0xa8919139,0xa4959531, - 0x37e4e4d3,0x8b7979f2,0x32e7e7d5,0x43c8c88b,0x5937376e,0xb76d6dda, - 0x8c8d8d01,0x64d5d5b1,0xd24e4e9c,0xe0a9a949,0xb46c6cd8,0xfa5656ac, - 0x7f4f4f3,0x25eaeacf,0xaf6565ca,0x8e7a7af4,0xe9aeae47,0x18080810, - 0xd5baba6f,0x887878f0,0x6f25254a,0x722e2e5c,0x241c1c38,0xf1a6a657, - 0xc7b4b473,0x51c6c697,0x23e8e8cb,0x7cdddda1,0x9c7474e8,0x211f1f3e, - 0xdd4b4b96,0xdcbdbd61,0x868b8b0d,0x858a8a0f,0x907070e0,0x423e3e7c, - 0xc4b5b571,0xaa6666cc,0xd8484890,0x5030306,0x1f6f6f7,0x120e0e1c, - 0xa36161c2,0x5f35356a,0xf95757ae,0xd0b9b969,0x91868617,0x58c1c199, - 0x271d1d3a,0xb99e9e27,0x38e1e1d9,0x13f8f8eb,0xb398982b,0x33111122, - 0xbb6969d2,0x70d9d9a9,0x898e8e07,0xa7949433,0xb69b9b2d,0x221e1e3c, - 0x92878715,0x20e9e9c9,0x49cece87,0xff5555aa,0x78282850,0x7adfdfa5, - 0x8f8c8c03,0xf8a1a159,0x80898909,0x170d0d1a,0xdabfbf65,0x31e6e6d7, - 0xc6424284,0xb86868d0,0xc3414182,0xb0999929,0x772d2d5a,0x110f0f1e, - 0xcbb0b07b,0xfc5454a8,0xd6bbbb6d,0x3a16162c - ], - rtable:[ - 0x50a7f451,0x5365417e,0xc3a4171a,0x965e273a,0xcb6bab3b,0xf1459d1f, - 0xab58faac,0x9303e34b,0x55fa3020,0xf66d76ad,0x9176cc88,0x254c02f5, - 0xfcd7e54f,0xd7cb2ac5,0x80443526,0x8fa362b5,0x495ab1de,0x671bba25, - 0x980eea45,0xe1c0fe5d,0x2752fc3,0x12f04c81,0xa397468d,0xc6f9d36b, - 0xe75f8f03,0x959c9215,0xeb7a6dbf,0xda595295,0x2d83bed4,0xd3217458, - 0x2969e049,0x44c8c98e,0x6a89c275,0x78798ef4,0x6b3e5899,0xdd71b927, - 0xb64fe1be,0x17ad88f0,0x66ac20c9,0xb43ace7d,0x184adf63,0x82311ae5, - 0x60335197,0x457f5362,0xe07764b1,0x84ae6bbb,0x1ca081fe,0x942b08f9, - 0x58684870,0x19fd458f,0x876cde94,0xb7f87b52,0x23d373ab,0xe2024b72, - 0x578f1fe3,0x2aab5566,0x728ebb2,0x3c2b52f,0x9a7bc586,0xa50837d3, - 0xf2872830,0xb2a5bf23,0xba6a0302,0x5c8216ed,0x2b1ccf8a,0x92b479a7, - 0xf0f207f3,0xa1e2694e,0xcdf4da65,0xd5be0506,0x1f6234d1,0x8afea6c4, - 0x9d532e34,0xa055f3a2,0x32e18a05,0x75ebf6a4,0x39ec830b,0xaaef6040, - 0x69f715e,0x51106ebd,0xf98a213e,0x3d06dd96,0xae053edd,0x46bde64d, - 0xb58d5491,0x55dc471,0x6fd40604,0xff155060,0x24fb9819,0x97e9bdd6, - 0xcc434089,0x779ed967,0xbd42e8b0,0x888b8907,0x385b19e7,0xdbeec879, - 0x470a7ca1,0xe90f427c,0xc91e84f8,0x0,0x83868009,0x48ed2b32, - 0xac70111e,0x4e725a6c,0xfbff0efd,0x5638850f,0x1ed5ae3d,0x27392d36, - 0x64d90f0a,0x21a65c68,0xd1545b9b,0x3a2e3624,0xb1670a0c,0xfe75793, - 0xd296eeb4,0x9e919b1b,0x4fc5c080,0xa220dc61,0x694b775a,0x161a121c, - 0xaba93e2,0xe52aa0c0,0x43e0223c,0x1d171b12,0xb0d090e,0xadc78bf2, - 0xb9a8b62d,0xc8a91e14,0x8519f157,0x4c0775af,0xbbdd99ee,0xfd607fa3, - 0x9f2601f7,0xbcf5725c,0xc53b6644,0x347efb5b,0x7629438b,0xdcc623cb, - 0x68fcedb6,0x63f1e4b8,0xcadc31d7,0x10856342,0x40229713,0x2011c684, - 0x7d244a85,0xf83dbbd2,0x1132f9ae,0x6da129c7,0x4b2f9e1d,0xf330b2dc, - 0xec52860d,0xd0e3c177,0x6c16b32b,0x99b970a9,0xfa489411,0x2264e947, - 0xc48cfca8,0x1a3ff0a0,0xd82c7d56,0xef903322,0xc74e4987,0xc1d138d9, - 0xfea2ca8c,0x360bd498,0xcf81f5a6,0x28de7aa5,0x268eb7da,0xa4bfad3f, - 0xe49d3a2c,0xd927850,0x9bcc5f6a,0x62467e54,0xc2138df6,0xe8b8d890, - 0x5ef7392e,0xf5afc382,0xbe805d9f,0x7c93d069,0xa92dd56f,0xb31225cf, - 0x3b99acc8,0xa77d1810,0x6e639ce8,0x7bbb3bdb,0x97826cd,0xf418596e, - 0x1b79aec,0xa89a4f83,0x656e95e6,0x7ee6ffaa,0x8cfbc21,0xe6e815ef, - 0xd99be7ba,0xce366f4a,0xd4099fea,0xd67cb029,0xafb2a431,0x31233f2a, - 0x3094a5c6,0xc066a235,0x37bc4e74,0xa6ca82fc,0xb0d090e0,0x15d8a733, - 0x4a9804f1,0xf7daec41,0xe50cd7f,0x2ff69117,0x8dd64d76,0x4db0ef43, - 0x544daacc,0xdf0496e4,0xe3b5d19e,0x1b886a4c,0xb81f2cc1,0x7f516546, - 0x4ea5e9d,0x5d358c01,0x737487fa,0x2e410bfb,0x5a1d67b3,0x52d2db92, - 0x335610e9,0x1347d66d,0x8c61d79a,0x7a0ca137,0x8e14f859,0x893c13eb, - 0xee27a9ce,0x35c961b7,0xede51ce1,0x3cb1477a,0x59dfd29c,0x3f73f255, - 0x79ce1418,0xbf37c773,0xeacdf753,0x5baafd5f,0x146f3ddf,0x86db4478, - 0x81f3afca,0x3ec468b9,0x2c342438,0x5f40a3c2,0x72c31d16,0xc25e2bc, - 0x8b493c28,0x41950dff,0x7101a839,0xdeb30c08,0x9ce4b4d8,0x90c15664, - 0x6184cb7b,0x70b632d5,0x745c6c48,0x4257b8d0 - ], - -// GCM constants - - GCM_ACCEPTING_HEADER:0, - GCM_ACCEPTING_CIPHER:1, - GCM_NOT_ACCEPTING_MORE:2, - GCM_FINISHED:3, - GCM_ENCRYPTING:0, - GCM_DECRYPTING:1 - -}; - -ROM.DNLEN=2*ROM.NLEN; -ROM.MASK=(1<<ROM.BASEBITS)-1; - -ROM.TBITS=ROM.MODBITS%ROM.BASEBITS; -ROM.OMASK=(-1)<<ROM.TBITS; -ROM.TMASK=(1<<ROM.TBITS)-1; - -ROM.NEXCESS=(1<<(ROM.CHUNK-ROM.BASEBITS-1)); // 2^(CHUNK-BASEBITS-1) -ROM.FEXCESS=(1<<(ROM.BASEBITS*ROM.NLEN-ROM.MODBITS)); // 2^(BASEBITS*NLEN-MODBITS) - -ROM.FFLEN=(ROM.FF_BITS/256); -ROM.HFLEN=(ROM.FFLEN/2); /* Useful for half-size RSA private key operations */ http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/RSA.js ---------------------------------------------------------------------- diff --git a/js/RSA.js b/js/RSA.js deleted file mode 100755 index 5b90770..0000000 --- a/js/RSA.js +++ /dev/null @@ -1,331 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -/* RSA API Functions */ - -var rsa_private_key=function(n) -{ - this.p=new FF(n); - this.q=new FF(n); - this.dp=new FF(n); - this.dq=new FF(n); - this.c=new FF(n); -}; - -var rsa_public_key=function(m) -{ - this.e=0; - this.n=new FF(m); -}; - - - -RSA= { - RFS: ROM.MODBYTES*ROM.FFLEN, - - bytestohex: function(b) - { - var s=""; - var len=b.length; - var ch; - - for (var i=0;i<len;i++) - { - ch=b[i]; - s+=((ch>>>4)&15).toString(16); - s+=(ch&15).toString(16); - - } - return s; - }, - - bytestostring: function(b) - { - var s=""; - for (var i=0;i<b.length;i++) - { - s+=String.fromCharCode(b[i]); - } - return s; - }, - - stringtobytes: function(s) - { - var b=[]; - for (var i=0;i<s.length;i++) - b.push(s.charCodeAt(i)); - return b; - }, - - - KEY_PAIR: function(rng,e,PRIV,PUB) - { /* IEEE1363 A16.11/A16.12 more or less */ - - // var m,r,bytes,hbytes,words,err,res=0; - var n=PUB.n.length>>1; - var t = new FF(n); - var p1=new FF(n); - var q1=new FF(n); - - for (;;) - { - - PRIV.p.random(rng); - while (PRIV.p.lastbits(2)!=3) PRIV.p.inc(1); - while (!FF.prime(PRIV.p,rng)) PRIV.p.inc(4); - - p1.copy(PRIV.p); - p1.dec(1); - - if (p1.cfactor(e)) continue; - break; - } - - for (;;) - { - PRIV.q.random(rng); - while (PRIV.q.lastbits(2)!=3) PRIV.q.inc(1); - while (!FF.prime(PRIV.q,rng)) PRIV.q.inc(4); - - q1.copy(PRIV.q); - q1.dec(1); - - if (q1.cfactor(e)) continue; - break; - } - - PUB.n=FF.mul(PRIV.p,PRIV.q); - PUB.e=e; - - t.copy(p1); - t.shr(); - PRIV.dp.set(e); - PRIV.dp.invmodp(t); - if (PRIV.dp.parity()===0) PRIV.dp.add(t); - PRIV.dp.norm(); - - t.copy(q1); - t.shr(); - PRIV.dq.set(e); - PRIV.dq.invmodp(t); - if (PRIV.dq.parity()===0) PRIV.dq.add(t); - PRIV.dq.norm(); - - PRIV.c.copy(PRIV.p); - PRIV.c.invmodp(PRIV.q); - - return; - }, - -/* Mask Generation Function */ - MGF1: function(Z,olen,K) - { - var H=new HASH(); - var i,hlen=H.len; - var B=[]; - - var counter,cthreshold,k=0; - for (i=0;i<K.length;i++) K[i]=0; - - cthreshold=Math.floor(olen/hlen); if (olen%hlen!==0) cthreshold++; - for (counter=0;counter<cthreshold;counter++) - { - H.process_array(Z); H.process_num(counter); - B=H.hash(); - - if (k+hlen>olen) for (i=0;i<olen%hlen;i++) K[k++]=B[i]; - else for (i=0;i<hlen;i++) K[k++]=B[i]; - } - }, - - /* OAEP Message Encoding for Encryption */ - OAEP_ENCODE: function(m,rng,p) - { - var i,slen,olen=RSA.RFS-1; - var mlen=m.length; - var hlen,seedlen; - var f=[]; - - var H=new HASH(); - hlen=H.len; - var SEED=[]; - seedlen=hlen; - if (mlen>olen-hlen-seedlen-1) return null; - - var DBMASK=[]; - - if (p!==null) H.process_array(p); - var h=H.hash(); - for (i=0;i<hlen;i++) f[i]=h[i]; - - slen=olen-mlen-hlen-seedlen-1; - - for (i=0;i<slen;i++) f[hlen+i]=0; - f[hlen+slen]=1; - for (i=0;i<mlen;i++) f[hlen+slen+1+i]=m[i]; - - for (i=0;i<seedlen;i++) SEED[i]=rng.getByte(); - this.MGF1(SEED,olen-seedlen,DBMASK); - - for (i=0;i<olen-seedlen;i++) DBMASK[i]^=f[i]; - this.MGF1(DBMASK,seedlen,f); - - for (i=0;i<seedlen;i++) f[i]^=SEED[i]; - - for (i=0;i<olen-seedlen;i++) f[i+seedlen]=DBMASK[i]; - - /* pad to length RFS */ - var d=1; - for (i=RSA.RFS-1;i>=d;i--) - f[i]=f[i-d]; - for (i=d-1;i>=0;i--) - f[i]=0; - - return f; - }, - - /* OAEP Message Decoding for Decryption */ - OAEP_DECODE: function(p,f) - { - var x,t; - var comp; - var i,k,olen=RSA.RFS-1; - var hlen,seedlen; - - var H=new HASH(); - hlen=H.len; - var SEED=[]; - seedlen=hlen; - var CHASH=[]; - seedlen=hlen=32; - if (olen<seedlen+hlen+1) return null; - var DBMASK=[]; - for (i=0;i<olen-seedlen;i++) DBMASK[i]=0; - - if (f.length<RSA.RFS) - { - var d=RSA.RFS-f.length; - for (i=RFS-1;i>=d;i--) - f[i]=f[i-d]; - for (i=d-1;i>=0;i--) - f[i]=0; - - } - - if (p!==null) H.process_array(p); - var h=H.hash(); - for (i=0;i<hlen;i++) CHASH[i]=h[i]; - - x=f[0]; - - for (i=seedlen;i<olen;i++) - DBMASK[i-seedlen]=f[i+1]; - - this.MGF1(DBMASK,seedlen,SEED); - for (i=0;i<seedlen;i++) SEED[i]^=f[i+1]; - this.MGF1(SEED,olen-seedlen,f); - for (i=0;i<olen-seedlen;i++) DBMASK[i]^=f[i]; - - comp=true; - for (i=0;i<hlen;i++) - { - if (CHASH[i]!=DBMASK[i]) comp=false; - } - - for (i=0;i<olen-seedlen-hlen;i++) - DBMASK[i]=DBMASK[i+hlen]; - - for (i=0;i<hlen;i++) - SEED[i]=CHASH[i]=0; - - for (k=0;;k++) - { - if (k>=olen-seedlen-hlen) return null; - if (DBMASK[k]!==0) break; - } - - t=DBMASK[k]; - if (!comp || x!==0 || t!=0x01) - { - for (i=0;i<olen-seedlen;i++) DBMASK[i]=0; - return null; - } - - var r=[]; - - for (i=0;i<olen-seedlen-hlen-k-1;i++) - r[i]=DBMASK[i+k+1]; - - for (i=0;i<olen-seedlen;i++) DBMASK[i]=0; - - return r; - }, - - /* destroy the Private Key structure */ - PRIVATE_KEY_KILL: function(PRIV) - { - PRIV.p.zero(); - PRIV.q.zero(); - PRIV.dp.zero(); - PRIV.dq.zero(); - PRIV.c.zero(); - }, - - /* RSA encryption with the public key */ - ENCRYPT: function(PUB,F,G) - { - var n=PUB.n.getlen(); - var f=new FF(n); - - FF.fromBytes(f,F); - f.power(PUB.e,PUB.n); - f.toBytes(G); - }, - - /* RSA decryption with the private key */ - DECRYPT: function(PRIV,G,F) - { - var n=PRIV.p.getlen(); - var g=new FF(2*n); - - FF.fromBytes(g,G); - var jp=g.dmod(PRIV.p); - var jq=g.dmod(PRIV.q); - - jp.skpow(PRIV.dp,PRIV.p); - jq.skpow(PRIV.dq,PRIV.q); - - g.zero(); - g.dscopy(jp); - jp.mod(PRIV.q); - if (FF.comp(jp,jq)>0) jq.add(PRIV.q); - jq.sub(jp); - jq.norm(); - - var t=FF.mul(PRIV.c,jq); - jq=t.dmod(PRIV.q); - - t=FF.mul(jq,PRIV.p); - g.add(t); - g.norm(); - - g.toBytes(F); - } - -}; http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/TestECDH.html ---------------------------------------------------------------------- diff --git a/js/TestECDH.html b/js/TestECDH.html deleted file mode 100644 index 6c57021..0000000 --- a/js/TestECDH.html +++ /dev/null @@ -1,137 +0,0 @@ -<!DOCTYPE HTML> -<html> -<head> -<title>JavaScript Test ECC</title> -</head> -<body> -<h1>JavaScript Test ECC Example</h1> -<script type="text/javascript" src="DBIG.js"></script> -<script type="text/javascript" src="BIG.js"></script> -<script type="text/javascript" src="FP.js"></script> -<script type="text/javascript" src="ROM.js"></script> -<script type="text/javascript" src="HASH.js"></script> -<script type="text/javascript" src="RAND.js"></script> -<script type="text/javascript" src="AES.js"></script> -<script type="text/javascript" src="GCM.js"></script> -<script type="text/javascript" src="ECP.js"></script> -<script type="text/javascript" src="ECDH.js"></script> - -<script> -/* test driver and function exerciser for ECDH/ECIES/ECDSA API Functions */ - var i,j=0,res; - var result; - var pp="M0ng00se"; - - var EGS=ECDH.EGS; - var EFS=ECDH.EFS; - var EAS=16; - - var S1=[]; - var W0=[]; - var W1=[]; - var Z0=[]; - var Z1=[]; - var RAW=[]; - var SALT=[]; - var P1=[]; - var P2=[]; - var V=[]; - var M=[]; - var T=new Array(12); // must specify required length - var CS=[]; - var DS=[]; - - var rng=new RAND(); - - rng.clean(); - for (i=0;i<100;i++) RAW[i]=i; - - rng.seed(100,RAW); -//for (j=0;j<100;j++) -//{ - - for (i=0;i<8;i++) SALT[i]=(i+1); // set Salt - - window.document.write("Alice's Passphrase= " + pp + "<br>"); - - var PW=ECDH.stringtobytes(pp); -/* private key S0 of size EGS bytes derived from Password and Salt */ - var S0=ECDH.PBKDF2(PW,SALT,1000,EGS); - - window.document.write("Alice's private key= 0x"+ECDH.bytestostring(S0)+ "<br>"); -/* Generate Key pair S/W */ - ECDH.KEY_PAIR_GENERATE(null,S0,W0); - - window.document.write("Alice's public key= 0x"+ECDH.bytestostring(W0)+ "<br>"); - - res=ECDH.PUBLIC_KEY_VALIDATE(true,W0); - if (res!=0) - alert("ECP Public Key is invalid!"); -/* Random private key for other party */ - ECDH.KEY_PAIR_GENERATE(rng,S1,W1); - - window.document.write("Servers private key= 0x"+ECDH.bytestostring(S1)+ "<br>"); - window.document.write("Servers public key= 0x"+ECDH.bytestostring(W1)+ "<br>"); - - res=ECDH.PUBLIC_KEY_VALIDATE(true,W1); - if (res!=0) - alert("ECP Public Key is invalid!"); - - -/* Calculate common key using DH - IEEE 1363 method */ - - ECDH.ECPSVDP_DH(S0,W1,Z0); - ECDH.ECPSVDP_DH(S1,W0,Z1); - - var same=true; - for (i=0;i<ECDH.EFS;i++) - if (Z0[i]!=Z1[i]) same=false; - - if (!same) - alert("*** ECPSVDP-DH Failed"); - - var KEY=ECDH.KDF1(Z0,ECDH.EAS); - - window.document.write("Alice's DH Key= 0x"+ECDH.bytestostring(KEY)+ "<br>"); - window.document.write("Servers DH Key= 0x"+ECDH.bytestostring(KEY)+ "<br>"); - - window.document.write("Testing ECIES"+ "<br>"); - - P1[0]=0x0; P1[1]=0x1; P1[2]=0x2; - P2[0]=0x0; P2[1]=0x1; P2[2]=0x2; P2[3]=0x3; - - for (i=0;i<=16;i++) M[i]=i; - - var C=ECDH.ECIES_ENCRYPT(P1,P2,rng,W1,M,V,T); - - window.document.write("Ciphertext= "+ "<br>"); - window.document.write("V= 0x"+ECDH.bytestostring(V)+ "<br>"); - window.document.write("C= 0x"+ECDH.bytestostring(C)+ "<br>"); - window.document.write("T= 0x"+ECDH.bytestostring(T)+ "<br>"); - - - M=ECDH.ECIES_DECRYPT(P1,P2,V,C,T,S1); - if (M.length==0) - alert("*** ECIES Decryption Failed "); - else window.document.write("Decryption succeeded"+ "<br>"); - - window.document.write("Message is 0x"+ECDH.bytestostring(M)+ "<br>"); - - - window.document.write("Testing ECDSA"+ "<br>"); - - if (ECDH.ECPSP_DSA(rng,S0,M,CS,DS)!=0) - alert("***ECDSA Signature Failed"); - - window.document.write("Signature= "+ "<br>"); - window.document.write("C= 0x"+ECDH.bytestostring(CS)+ "<br>"); - window.document.write("D= 0x"+ECDH.bytestostring(DS)+ "<br>"); - - if (ECDH.ECPVP_DSA(W0,M,CS,DS)!=0) - alert("***ECDSA Verification Failed"); - else window.document.write("ECDSA Signature/Verification succeeded "+ j+ "<br>"); -//} -//window.document.write("Test Completed Successfully"+ "<br>"); -</script> -</body> -</html> http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/TestECM.html ---------------------------------------------------------------------- diff --git a/js/TestECM.html b/js/TestECM.html deleted file mode 100644 index 2010378..0000000 --- a/js/TestECM.html +++ /dev/null @@ -1,95 +0,0 @@ -<!DOCTYPE HTML> -<html> -<head> -<title>JavaScript Test ECC</title> -</head> -<body> -<h1>JavaScript Test ECC Example</h1> -<script type="text/javascript" src="DBIG.js"></script> -<script type="text/javascript" src="BIG.js"></script> -<script type="text/javascript" src="FP.js"></script> -<script type="text/javascript" src="ROM.js"></script> -<script type="text/javascript" src="HASH.js"></script> -<script type="text/javascript" src="RAND.js"></script> -<script type="text/javascript" src="AES.js"></script> -<script type="text/javascript" src="GCM.js"></script> -<script type="text/javascript" src="ECP.js"></script> -<script type="text/javascript" src="ECDH.js"></script> - -<script> -/* test driver and function exerciser for ECDH API Functions only - for use with Montgpmery curves */ - var i,j=0,res; - var result; - var pp="M0ng00se"; - - var EGS=ECDH.EGS; - var EFS=ECDH.EFS; - var EAS=16; - - var S1=[]; - var W0=[]; - var W1=[]; - var Z0=[]; - var Z1=[]; - var RAW=[]; - var SALT=[]; - - var rng=new RAND(); - - rng.clean(); - for (i=0;i<100;i++) RAW[i]=i; - - rng.seed(100,RAW); -//for (j=0;j<100;j++) -//{ - - for (i=0;i<8;i++) SALT[i]=(i+1); // set Salt - - window.document.write("Alice's Passphrase= " + pp + "<br>"); - - var PW=ECDH.stringtobytes(pp); -/* private key S0 of size EGS bytes derived from Password and Salt */ - var S0=ECDH.PBKDF2(PW,SALT,1000,EGS); - - window.document.write("Alice's private key= 0x"+ECDH.bytestostring(S0)+ "<br>"); -/* Generate Key pair S/W */ - ECDH.KEY_PAIR_GENERATE(null,S0,W0); - - window.document.write("Alice's public key= 0x"+ECDH.bytestostring(W0)+ "<br>"); - - res=ECDH.PUBLIC_KEY_VALIDATE(true,W0); - if (res!=0) - alert("Alice's public Key is invalid!"); -/* Random private key for other party */ - ECDH.KEY_PAIR_GENERATE(rng,S1,W1); - - window.document.write("Servers private key= 0x"+ECDH.bytestostring(S1)+ "<br>"); - window.document.write("Servers public key= 0x"+ECDH.bytestostring(W1)+ "<br>"); - - res=ECDH.PUBLIC_KEY_VALIDATE(true,W1); - if (res!=0) - alert("Server's public Key is invalid!"); - - -/* Calculate common key using DH - IEEE 1363 method */ - - ECDH.ECPSVDP_DH(S0,W1,Z0); - ECDH.ECPSVDP_DH(S1,W0,Z1); - - var same=true; - for (i=0;i<ECDH.EFS;i++) - if (Z0[i]!=Z1[i]) same=false; - - if (!same) - alert("*** ECPSVDP-DH Failed"); - - var KEY=ECDH.KDF1(Z0,ECDH.EAS); - - window.document.write("Alice's DH Key= 0x"+ECDH.bytestostring(KEY)+ "<br>"); - window.document.write("Servers DH Key= 0x"+ECDH.bytestostring(KEY)+ "<br>"); - -//} -//window.document.write("Test Completed Successfully"+ "<br>"); -</script> -</body> -</html> http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/TestMPIN.html ---------------------------------------------------------------------- diff --git a/js/TestMPIN.html b/js/TestMPIN.html deleted file mode 100644 index 790880d..0000000 --- a/js/TestMPIN.html +++ /dev/null @@ -1,310 +0,0 @@ -<!DOCTYPE HTML> -<html> -<head> -<title>JavaScript Test MPIN</title> -</head> -<body> -<h1>JavaScript Test MPIN Example</h1> -<script type="text/javascript" src="DBIG.js"></script> -<script type="text/javascript" src="BIG.js"></script> -<script type="text/javascript" src="FP.js"></script> -<script type="text/javascript" src="ROM.js"></script> -<script type="text/javascript" src="HASH.js"></script> -<script type="text/javascript" src="RAND.js"></script> -<script type="text/javascript" src="AES.js"></script> -<script type="text/javascript" src="GCM.js"></script> -<script type="text/javascript" src="ECP.js"></script> -<script type="text/javascript" src="FP2.js"></script> -<script type="text/javascript" src="ECP2.js"></script> -<script type="text/javascript" src="FP4.js"></script> -<script type="text/javascript" src="FP12.js"></script> -<script type="text/javascript" src="PAIR.js"></script> -<script type="text/javascript" src="MPIN.js"></script> - -<script> -/* test driver and function exerciser for MPIN API Functions */ - - var i,res; - var result; - - var EGS=MPIN.EGS; - var EFS=MPIN.EFS; - var EAS=16; - - var rng=new RAND(); - rng.clean(); - - var RAW=[]; - for (i=0;i<100;i++) RAW[i]=i+1; - rng.seed(100,RAW); - - var G1S=2*EFS+1; /* Group 1 Size */ - var G2S=4*EFS; /* Group 2 Size */ - - var S=[]; - var SST=[]; - var TOKEN = []; - var PERMIT = []; - var SEC = []; - var xID = []; - var xCID = []; - var X= []; - var Y= []; - var E=[]; - var F=[]; - var HCID=[]; - var HID=[]; - var HTID=[]; - - var G1=[]; - var G2=[]; - var R=[]; - var Z=[]; - var W=[]; - var T=[]; - var CK=[]; - var SK=[]; - -/* Set configuration */ - var PERMITS=true; - var PINERROR=true; - var FULL=false; - var ONE_PASS=false; - var TIME_FUNCTIONS=false; - var total_time=0; - var nIter=100 - -/* Trusted Authority set-up */ - MPIN.RANDOM_GENERATE(rng,S); - window.document.write("Master Secret s: 0x"+MPIN.bytestostring(S) + "<br>"); - - /* Create Client Identity */ - var IDstr = "[email protected]"; - var CLIENT_ID = MPIN.stringtobytes(IDstr); - HCID=MPIN.HASH_ID(CLIENT_ID); /* Either Client or TA calculates Hash(ID) - you decide! */ - - window.document.write("Client ID= "+MPIN.bytestostring(CLIENT_ID) + "<br>"); - -/* Client and Server are issued secrets by DTA */ - MPIN.GET_SERVER_SECRET(S,SST); - window.document.write("Server Secret SS: 0x"+MPIN.bytestostring(SST) + "<br>"); - - MPIN.GET_CLIENT_SECRET(S,HCID,TOKEN); - window.document.write("Client Secret CS: 0x"+MPIN.bytestostring(TOKEN) + "<br>"); - -/* Client extracts PIN from secret to create Token */ - var pin=1234; - window.document.write("Client extracts PIN= "+pin + "<br>"); - var rtn=MPIN.EXTRACT_PIN(CLIENT_ID,pin,TOKEN); - if (rtn != 0) - window.document.write("Failed to extract PIN " + "<br>"); - - window.document.write("Client Token TK: 0x"+MPIN.bytestostring(TOKEN) + "<br>"); - - if (FULL) - { - MPIN.PRECOMPUTE(TOKEN,HCID,G1,G2); - } - - var date; - if (PERMITS) - { - date=MPIN.today(); -/* Client gets "Time Token" permit from DTA */ - MPIN.GET_CLIENT_PERMIT(date,S,HCID,PERMIT); - window.document.write("Time Permit TP: 0x"+MPIN.bytestostring(PERMIT) + "<br>"); - -/* This encoding makes Time permit look random - Elligator squared */ - MPIN.ENCODING(rng,PERMIT); - window.document.write("Encoded Time Permit TP: 0x"+MPIN.bytestostring(PERMIT) + "<br>"); - MPIN.DECODING(PERMIT); - window.document.write("Decoded Time Permit TP: 0x"+MPIN.bytestostring(PERMIT) + "<br>"); - } - else date=0; - - - pin=parseInt(prompt("Enter PIN= ")); - -/* Set date=0 and PERMIT=null if time permits not in use - -Client First pass: Inputs CLIENT_ID, optional RNG, pin, TOKEN and PERMIT. Output xID = x.H(CLIENT_ID) and re-combined secret SEC -If PERMITS are is use, then date!=0 and PERMIT is added to secret and xCID = x.(H(CLIENT_ID)+H_T(date|H(CLIENT_ID))) -Random value x is supplied externally if RNG=null, otherwise generated and passed out by RNG - -If Time Permits OFF set xCID = null, HTID=null and use xID and HID only -If Time permits are ON, AND pin error detection is required then all of xID, xCID, HID and HTID are required -If Time permits are ON, AND pin error detection is NOT required, set xID=null, HID=null and use xCID and HTID only. - - -*/ - var pxID=xID; - var pxCID=xCID; - var pHID=HID; - var pHTID=HTID; - var pE=E; - var pF=F; - var pPERMIT=PERMIT; - var prHID; - - if (date!=0) - { - prHID=pHTID; - if (!PINERROR) - { - pxID=null; - pHID=null; - } - } - else - { - prHID=pHID; - pPERMIT=null; - pxCID=null; - pHTID=null; - } - if (!PINERROR) - { - pE=null; - pF=null; - } - - if (ONE_PASS) - { - window.document.write("MPIN Single Pass " + "<br>"); - timeValue = MPIN.GET_TIME(); - window.document.write("Epoch " + timeValue + "<br>"); - if (TIME_FUNCTIONS) - { - var start = new Date().getTime(); - for (i = 0; i < nIter; ++i) { - rtn=MPIN.CLIENT(date,CLIENT_ID,rng,X,pin,TOKEN,SEC,pxID,pxCID,pPERMIT,timeValue,Y); - } - var end = new Date().getTime(); - var t1 = end - start; - total_time = total_time + t1; - var iter_time = t1 / nIter; - var iter_per_sec = nIter / (t1 / 1000); - window.document.write("MPIN.CLIENT: time " + t1 + "ms iteration time " + iter_time + "ms iterations per second " + iter_per_sec + "<br>"); - } - else - { - rtn=MPIN.CLIENT(date,CLIENT_ID,rng,X,pin,TOKEN,SEC,pxID,pxCID,pPERMIT,timeValue,Y); - } - if (rtn != 0) - window.document.write("FAILURE: CLIENT rtn: " + rtn + "<br>"); - - if (FULL) - { - if (TIME_FUNCTIONS) - { - var start = new Date().getTime(); - for (i = 0; i < nIter; ++i) { - HCID=MPIN.HASH_ID(CLIENT_ID); - MPIN.GET_G1_MULTIPLE(rng,1,R,HCID,Z); - } - var end = new Date().getTime(); - var t2 = end - start; - total_time = total_time + t2; - var iter_time = t2 / nIter; - var iter_per_sec = nIter / (t2 / 1000); - window.document.write("MPIN.GET_G1_MULTIPLE: time " + t2 + "ms iteration time " + iter_time + "ms iterations per second " + iter_per_sec + "<br>"); - } - else - { - HCID=MPIN.HASH_ID(CLIENT_ID); - MPIN.GET_G1_MULTIPLE(rng,1,R,HCID,Z); /* Also Send Z=r.ID to Server, remember random r */ - } - } - - rtn=MPIN.SERVER(date,pHID,pHTID,Y,SST,pxID,pxCID,SEC,pE,pF,CLIENT_ID,timeValue); - if (rtn != 0) - window.document.write("FAILURE: SERVER rtn: " + rtn+ "<br>"); - - if (FULL) - { - MPIN.GET_G1_MULTIPLE(rng,0,W,prHID,T); /* Also send T=w.ID to client, remember random w */ - } - } - else - { - window.document.write("MPIN Multi Pass " + "<br>"); - rtn=MPIN.CLIENT_1(date,CLIENT_ID,rng,X,pin,TOKEN,SEC,pxID,pxCID,pPERMIT); - if (rtn != 0) - window.document.write("FAILURE: CLIENT_1 rtn: " + rtn + "<br>"); - - if (FULL) - { - HCID=MPIN.HASH_ID(CLIENT_ID); - MPIN.GET_G1_MULTIPLE(rng,1,R,HCID,Z); /* Also Send Z=r.ID to Server, remember random r */ - } - - /* Server calculates H(ID) and H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. */ - MPIN.SERVER_1(date,CLIENT_ID,pHID,pHTID); - - /* Server generates Random number Y and sends it to Client */ - MPIN.RANDOM_GENERATE(rng,Y); - - if (FULL) - { - MPIN.GET_G1_MULTIPLE(rng,0,W,prHID,T); /* Also send T=w.ID to client, remember random w */ - } - - /* Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC */ - rtn=MPIN.CLIENT_2(X,Y,SEC); - if (rtn != 0) - window.document.write("FAILURE: CLIENT_2 rtn: " + rtn + "<br>"); - /* Server Second pass. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error. */ - /* If PIN error not required, set E and F = NULL */ - rtn=MPIN.SERVER_2(date,pHID,pHTID,Y,SST,pxID,pxCID,SEC,pE,pF); - - if (rtn != 0) - window.document.write("FAILURE: SERVER_1 rtn: " + rtn+ "<br>"); - - } - - - if (rtn == this.MPIN.BAD_PIN) - { - window.document.write("Server says - Bad Pin. I don't know you. Feck off." + "<br>"); - if (PINERROR) - { - var err=MPIN.KANGAROO(E,F); - if (err!=0) window.document.write("(Client PIN is out by "+err + ")<br>"); - } - } - else - { - window.document.write("Server says - PIN is good! You really are "+IDstr + "<br>"); - if (FULL) - { - if (TIME_FUNCTIONS) - { - var start = new Date().getTime(); - for (i = 0; i < nIter; ++i) { - MPIN.CLIENT_KEY(G1,G2,pin,R,X,T,CK); - } - var end = new Date().getTime(); - var t3 = end - start; - total_time = total_time + t3; - var iter_time = t3 / nIter; - var iter_per_sec = nIter / (t3 / 1000); - window.document.write("MPIN.CLIENT_KEY: time " + t1 + "ms iteration time " + iter_time + "ms iterations per second " + iter_per_sec + "<br>"); - } - else - { - MPIN.CLIENT_KEY(G1,G2,pin,R,X,T,CK); - } - window.document.write("Client Key = 0x"+MPIN.bytestostring(CK) + "<br>"); - - MPIN.SERVER_KEY(Z,SST,W,pxID,pxCID,SK); - window.document.write("Server Key = 0x"+MPIN.bytestostring(SK) + "<br>"); - } - } - // var iter_time = total_time / nIter; - // var iter_per_sec = nIter / (total_time / 1000); - // window.document.write("CLIENT: total time " + total_time + "ms iteration time " + iter_time + "ms iterations per second " + iter_per_sec + "<br>"); - - -</script> -</body> -</html>
