http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/MPIN.java ---------------------------------------------------------------------- diff --git a/java64/MPIN.java b/java64/MPIN.java deleted file mode 100755 index f8dfef0..0000000 --- a/java64/MPIN.java +++ /dev/null @@ -1,746 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -/* MPIN API Functions */ - -import java.util.Date; - -public class MPIN -{ - public static final int EFS=ROM.MODBYTES; - public static final int EGS=ROM.MODBYTES; - public static final int PAS=16; - public static final int BAD_PARAMS=-11; - public static final int INVALID_POINT=-14; - public static final int WRONG_ORDER=-18; - public static final int BAD_PIN=-19; - -/* Configure your PIN here */ - - public static final int MAXPIN=10000; /* PIN less than this */ - public static final int PBLEN=14; /* Number of bits in PIN */ - public static final int TS=10; /* 10 for 4 digit PIN, 14 for 6-digit PIN - 2^TS/TS approx = sqrt(MAXPIN) */ - public static final int TRAP=200; /* 200 for 4 digit PIN, 2000 for 6-digit PIN - approx 2*sqrt(MAXPIN) */ - -/* Hash number (optional) and string to point on curve */ - - public static byte[] hashit(int n,byte[] ID) - { - HASH H=new HASH(); - if (n!=0) H.process_num(n); - H.process_array(ID); - byte[] h=H.hash(); - return h; - } - - public static ECP mapit(byte[] h) - { - BIG q=new BIG(ROM.Modulus); - BIG x=BIG.fromBytes(h); - x.mod(q); - ECP P; - while (true) - { - P=new ECP(x,0); - if (!P.is_infinity()) break; - x.inc(1); x.norm(); - } - return P; - } - -/* needed for SOK */ - public static ECP2 mapit2(byte[] h) - { - BIG q=new BIG(ROM.Modulus); - BIG x=BIG.fromBytes(h); - BIG one=new BIG(1); - FP2 X; - ECP2 Q,T,K; - x.mod(q); - while (true) - { - X=new FP2(one,x); - Q=new ECP2(X); - if (!Q.is_infinity()) break; - x.inc(1); x.norm(); - } -/* Fast Hashing to G2 - Fuentes-Castaneda, Knapp and Rodriguez-Henriquez */ - BIG Fra=new BIG(ROM.CURVE_Fra); - BIG Frb=new BIG(ROM.CURVE_Frb); - X=new FP2(Fra,Frb); - x=new BIG(ROM.CURVE_Bnx); - - T=new ECP2(); T.copy(Q); - T.mul(x); T.neg(); - K=new ECP2(); K.copy(T); - K.dbl(); K.add(T); K.affine(); - - K.frob(X); - Q.frob(X); Q.frob(X); Q.frob(X); - Q.add(T); Q.add(K); - T.frob(X); T.frob(X); - Q.add(T); - Q.affine(); - return Q; - } - -/* return time in slots since epoch */ - public static int today() { - Date date=new Date(); - return (int) (date.getTime()/(1000*60*1440)); - } - -/* these next two functions help to implement elligator squared - http://eprint.iacr.org/2014/043 */ -/* maps a random u to a point on the curve */ - public static ECP map(BIG u,int cb) - { - ECP P; - BIG x=new BIG(u); - BIG p=new BIG(ROM.Modulus); - x.mod(p); - while (true) - { - P=new ECP(x,cb); - if (!P.is_infinity()) break; - x.inc(1); x.norm(); - } - return P; - } - -/* returns u derived from P. Random value in range 1 to return value should then be added to u */ - public static int unmap(BIG u,ECP P) - { - int s=P.getS(); - ECP R; - int r=0; - BIG x=P.getX(); - u.copy(x); - while (true) - { - u.dec(1); u.norm(); - r++; - R=new ECP(u,s); - if (!R.is_infinity()) break; - } - return r; - } - - public static byte[] HASH_ID(byte[] ID) - { - return hashit(0,ID); - } - - -/* these next two functions implement elligator squared - http://eprint.iacr.org/2014/043 */ -/* Elliptic curve point E in format (0x04,x,y} is converted to form {0x0-,u,v} */ -/* Note that u and v are indistinguisible from random strings */ - public static int ENCODING(RAND rng,byte[] E) - { - int rn,m,su,sv; - byte[] T=new byte[EFS]; - - for (int i=0;i<EFS;i++) T[i]=E[i+1]; - BIG u=BIG.fromBytes(T); - for (int i=0;i<EFS;i++) T[i]=E[i+EFS+1]; - BIG v=BIG.fromBytes(T); - - ECP P=new ECP(u,v); - if (P.is_infinity()) return INVALID_POINT; - - BIG p=new BIG(ROM.Modulus); - u=BIG.randomnum(p,rng); - - su=rng.getByte(); /*if (su<0) su=-su;*/ su%=2; - - ECP W=map(u,su); - P.sub(W); - sv=P.getS(); - rn=unmap(v,P); - m=rng.getByte(); /*if (m<0) m=-m;*/ m%=rn; - v.inc(m+1); - E[0]=(byte)(su+2*sv); - u.toBytes(T); - for (int i=0;i<EFS;i++) E[i+1]=T[i]; - v.toBytes(T); - for (int i=0;i<EFS;i++) E[i+EFS+1]=T[i]; - - return 0; - } - - public static int DECODING(byte[] D) - { - int su,sv; - byte[] T=new byte[EFS]; - - if ((D[0]&0x04)!=0) return INVALID_POINT; - - for (int i=0;i<EFS;i++) T[i]=D[i+1]; - BIG u=BIG.fromBytes(T); - for (int i=0;i<EFS;i++) T[i]=D[i+EFS+1]; - BIG v=BIG.fromBytes(T); - - su=D[0]&1; - sv=(D[0]>>1)&1; - ECP W=map(u,su); - ECP P=map(v,sv); - P.add(W); - u=P.getX(); - v=P.getY(); - D[0]=0x04; - u.toBytes(T); - for (int i=0;i<EFS;i++) D[i+1]=T[i]; - v.toBytes(T); - for (int i=0;i<EFS;i++) D[i+EFS+1]=T[i]; - - return 0; - } - -/* R=R1+R2 in group G1 */ - public static int RECOMBINE_G1(byte[] R1,byte[] R2,byte[] R) - { - ECP P=ECP.fromBytes(R1); - ECP Q=ECP.fromBytes(R2); - - if (P.is_infinity() || Q.is_infinity()) return INVALID_POINT; - - P.add(Q); - - P.toBytes(R); - return 0; - } - -/* W=W1+W2 in group G2 */ - public static int RECOMBINE_G2(byte[] W1,byte[] W2,byte[] W) - { - ECP2 P=ECP2.fromBytes(W1); - ECP2 Q=ECP2.fromBytes(W2); - - if (P.is_infinity() || Q.is_infinity()) return INVALID_POINT; - - P.add(Q); - - P.toBytes(W); - return 0; - } - -/* create random secret S */ - public static int RANDOM_GENERATE(RAND rng,byte[] S) - { - BIG s; - BIG r=new BIG(ROM.CURVE_Order); - s=BIG.randomnum(r,rng); - - s.toBytes(S); - return 0; - } - -/* Extract PIN from TOKEN for identity CID */ - public static int EXTRACT_PIN(byte[] CID,int pin,byte[] TOKEN) - { - ECP P=ECP.fromBytes(TOKEN); - if (P.is_infinity()) return INVALID_POINT; - byte[] h=hashit(0,CID); - ECP R=mapit(h); - - - pin%=MAXPIN; - - R=R.pinmul(pin,PBLEN); - P.sub(R); - - P.toBytes(TOKEN); - - return 0; - } - -/* Implement step 2 on client side of MPin protocol */ - public static int CLIENT_2(byte[] X,byte[] Y,byte[] SEC) - { - BIG r=new BIG(ROM.CURVE_Order); - ECP P=ECP.fromBytes(SEC); - if (P.is_infinity()) return INVALID_POINT; - - BIG px=BIG.fromBytes(X); - BIG py=BIG.fromBytes(Y); - px.add(py); - px.mod(r); - px.rsub(r); - - PAIR.G1mul(P,px).toBytes(SEC); - return 0; - } - -/* Implement step 1 on client side of MPin protocol */ - public static int CLIENT_1(int date,byte[] CLIENT_ID,RAND rng,byte[] X,int pin,byte[] TOKEN,byte[] SEC,byte[] xID,byte[] xCID,byte[] PERMIT) - { - BIG r=new BIG(ROM.CURVE_Order); -// BIG q=new BIG(ROM.Modulus); - BIG x; -// BIG m=new BIG(0); - if (rng!=null) - { - x=BIG.randomnum(r,rng); - x.toBytes(X); - } - else - { - x=BIG.fromBytes(X); - } - ECP P,T,W; - BIG px; -// byte[] t=new byte[EFS]; - - byte[] h=hashit(0,CLIENT_ID); - P=mapit(h); - - T=ECP.fromBytes(TOKEN); - if (T.is_infinity()) return INVALID_POINT; - - pin%=MAXPIN; - W=P.pinmul(pin,PBLEN); - T.add(W); - if (date!=0) - { - W=ECP.fromBytes(PERMIT); - if (W.is_infinity()) return INVALID_POINT; - T.add(W); - h=hashit(date,h); - W=mapit(h); - if (xID!=null) - { - P=PAIR.G1mul(P,x); - P.toBytes(xID); - W=PAIR.G1mul(W,x); - P.add(W); - } - else - { - P.add(W); - P=PAIR.G1mul(P,x); - } - if (xCID!=null) P.toBytes(xCID); - } - else - { - if (xID!=null) - { - P=PAIR.G1mul(P,x); - P.toBytes(xID); - } - } - - - T.toBytes(SEC); - return 0; - } - -/* Extract Server Secret SST=S*Q where Q is fixed generator in G2 and S is master secret */ - public static int GET_SERVER_SECRET(byte[] S,byte[] SST) - { - ECP2 Q=new ECP2(new FP2(new BIG(ROM.CURVE_Pxa),new BIG(ROM.CURVE_Pxb)),new FP2(new BIG(ROM.CURVE_Pya),new BIG(ROM.CURVE_Pyb))); - - BIG s=BIG.fromBytes(S); - Q=PAIR.G2mul(Q,s); - Q.toBytes(SST); - return 0; - } - -/* - W=x*H(G); - if RNG == NULL then X is passed in - if RNG != NULL the X is passed out - if type=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve -*/ - public static int GET_G1_MULTIPLE(RAND rng, int type,byte[] X,byte[] G,byte[] W) - { - BIG x; - BIG r=new BIG(ROM.CURVE_Order); - if (rng!=null) - { - x=BIG.randomnum(r,rng); - x.toBytes(X); - } - else - { - x=BIG.fromBytes(X); - } - ECP P; - if (type==0) - { - P=ECP.fromBytes(G); - if (P.is_infinity()) return INVALID_POINT; - } - else - P=mapit(G); - - PAIR.G1mul(P,x).toBytes(W); - return 0; - } - -/* Client secret CST=S*H(CID) where CID is client ID and S is master secret */ -/* CID is hashed externally */ - public static int GET_CLIENT_SECRET(byte[] S,byte[] CID,byte[] CST) - { - return GET_G1_MULTIPLE(null,1,S,CID,CST); - } - -/* Time Permit CTT=S*(date|H(CID)) where S is master secret */ - public static int GET_CLIENT_PERMIT(int date,byte[] S,byte[] CID,byte[] CTT) - { - byte[] h=hashit(date,CID); - ECP P=mapit(h); - - BIG s=BIG.fromBytes(S); - PAIR.G1mul(P,s).toBytes(CTT); - return 0; - } - -/* Outputs H(CID) and H(T|H(CID)) for time permits. If no time permits set HID=HTID */ - public static void SERVER_1(int date,byte[] CID,byte[] HID,byte[] HTID) - { - byte[] h=hashit(0,CID); - ECP R,P=mapit(h); - - if (date!=0) - { - if (HID!=null) P.toBytes(HID); - h=hashit(date,h); - R=mapit(h); - P.add(R); - P.toBytes(HTID); - } - else P.toBytes(HID); - } - -/* Implement step 2 of MPin protocol on server side */ - public static int SERVER_2(int date,byte[] HID,byte[] HTID,byte[] Y,byte[] SST,byte[] xID,byte[] xCID,byte[] mSEC,byte[] E,byte[] F) - { - BIG q=new BIG(ROM.Modulus); - ECP2 Q=new ECP2(new FP2(new BIG(ROM.CURVE_Pxa),new BIG(ROM.CURVE_Pxb)),new FP2(new BIG(ROM.CURVE_Pya),new BIG(ROM.CURVE_Pyb))); - ECP2 sQ=ECP2.fromBytes(SST); - if (sQ.is_infinity()) return INVALID_POINT; - - ECP R; - if (date!=0) - R=ECP.fromBytes(xCID); - else - { - if (xID==null) return BAD_PARAMS; - R=ECP.fromBytes(xID); - } - if (R.is_infinity()) return INVALID_POINT; - - BIG y=BIG.fromBytes(Y); - ECP P; - if (date!=0) P=ECP.fromBytes(HTID); - else - { - if (HID==null) return BAD_PARAMS; - P=ECP.fromBytes(HID); - } - - if (P.is_infinity()) return INVALID_POINT; - - P=PAIR.G1mul(P,y); - P.add(R); - R=ECP.fromBytes(mSEC); - if (R.is_infinity()) return INVALID_POINT; - - FP12 g; -// FP12 g1=new FP12(0); - - g=PAIR.ate2(Q,R,sQ,P); - g=PAIR.fexp(g); - - if (!g.isunity()) - { - if (HID!=null && xID!=null && E!=null && F!=null) - { - g.toBytes(E); - if (date!=0) - { - P=ECP.fromBytes(HID); - if (P.is_infinity()) return INVALID_POINT; - R=ECP.fromBytes(xID); - if (R.is_infinity()) return INVALID_POINT; - - P=PAIR.G1mul(P,y); - P.add(R); - } - g=PAIR.ate(Q,P); - g=PAIR.fexp(g); - g.toBytes(F); - } - return BAD_PIN; - } - - return 0; - } - -/* Pollards kangaroos used to return PIN error */ - public static int KANGAROO(byte[] E,byte[] F) - { - FP12 ge=FP12.fromBytes(E); - FP12 gf=FP12.fromBytes(F); - int[] distance = new int[TS]; - FP12 t=new FP12(gf); - FP12[] table=new FP12[TS]; - int i,j,m,s,dn,dm,res,steps; - - s=1; - for (m=0;m<TS;m++) - { - distance[m]=s; - table[m]=new FP12(t); - s*=2; - t.usqr(); - } - t.one(); - dn=0; - for (j=0;j<TRAP;j++) - { - i=t.geta().geta().getA().lastbits(8)%TS; - t.mul(table[i]); - dn+=distance[i]; - } - gf.copy(t); gf.conj(); - steps=0; dm=0; - res=0; - while (dm-dn<MAXPIN) - { - steps++; - if (steps>4*TRAP) break; - i=ge.geta().geta().getA().lastbits(8)%TS; - ge.mul(table[i]); - dm+=distance[i]; - if (ge.equals(t)) - { - res=dm-dn; - break; - } - if (ge.equals(gf)) - { - res=dn-dm; - break; - } - - } - if (steps>4*TRAP || dm-dn>=MAXPIN) {res=0; } // Trap Failed - probable invalid token - return res; - } - -/* Functions to support M-Pin Full */ - - public static int PRECOMPUTE(byte[] TOKEN,byte[] CID,byte[] G1,byte[] G2) - { - ECP P,T; - FP12 g; - - T=ECP.fromBytes(TOKEN); - if (T.is_infinity()) return INVALID_POINT; - - P=mapit(CID); - - ECP2 Q=new ECP2(new FP2(new BIG(ROM.CURVE_Pxa),new BIG(ROM.CURVE_Pxb)),new FP2(new BIG(ROM.CURVE_Pya),new BIG(ROM.CURVE_Pyb))); - - g=PAIR.ate(Q,T); - g=PAIR.fexp(g); - g.toBytes(G1); - - g=PAIR.ate(Q,P); - g=PAIR.fexp(g); - g.toBytes(G2); - - return 0; - } - -/* calculate common key on client side */ -/* wCID = w.(A+AT) */ - public static int CLIENT_KEY(byte[] G1,byte[] G2,int pin,byte[] R,byte[] X,byte[] wCID,byte[] CK) - { - HASH H=new HASH(); - byte[] t=new byte[EFS]; - - FP12 g1=FP12.fromBytes(G1); - FP12 g2=FP12.fromBytes(G2); - BIG z=BIG.fromBytes(R); - BIG x=BIG.fromBytes(X); - - ECP W=ECP.fromBytes(wCID); - if (W.is_infinity()) return INVALID_POINT; - - W=PAIR.G1mul(W,x); - - FP2 f=new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb)); - BIG r=new BIG(ROM.CURVE_Order); - BIG q=new BIG(ROM.Modulus); - - BIG m=new BIG(q); - m.mod(r); - - BIG a=new BIG(z); - a.mod(m); - - BIG b=new BIG(z); - b.div(m); - - g2.pinpow(pin,PBLEN); - g1.mul(g2); - - FP4 c=g1.trace(); - g2.copy(g1); - g2.frob(f); - FP4 cp=g2.trace(); - g1.conj(); - g2.mul(g1); - FP4 cpm1=g2.trace(); - g2.mul(g1); - FP4 cpm2=g2.trace(); - - c=c.xtr_pow2(cp,cpm1,cpm2,a,b); - - c.geta().getA().toBytes(t); - H.process_array(t); - c.geta().getB().toBytes(t); - H.process_array(t); - c.getb().getA().toBytes(t); - H.process_array(t); - c.getb().getB().toBytes(t); - H.process_array(t); - - W.getX().toBytes(t); - H.process_array(t); - W.getY().toBytes(t); - H.process_array(t); - - t=H.hash(); - for (int i=0;i<PAS;i++) CK[i]=t[i]; - - return 0; - } - -/* calculate common key on server side */ -/* Z=r.A - no time permits involved */ - - public static int SERVER_KEY(byte[] Z,byte[] SST,byte[] W,byte[] xID,byte[] xCID,byte[] SK) - { - HASH H=new HASH(); - byte[] t=new byte[EFS]; - - ECP2 sQ=ECP2.fromBytes(SST); - if (sQ.is_infinity()) return INVALID_POINT; - ECP R=ECP.fromBytes(Z); - if (R.is_infinity()) return INVALID_POINT; - - ECP U; - if (xCID!=null) - U=ECP.fromBytes(xCID); - else - U=ECP.fromBytes(xID); - if (U.is_infinity()) return INVALID_POINT; - - BIG w=BIG.fromBytes(W); - U=PAIR.G1mul(U,w); - FP12 g=PAIR.ate(sQ,R); - g=PAIR.fexp(g); - - FP4 c=g.trace(); - c.geta().getA().toBytes(t); - H.process_array(t); - c.geta().getB().toBytes(t); - H.process_array(t); - c.getb().getA().toBytes(t); - H.process_array(t); - c.getb().getB().toBytes(t); - H.process_array(t); - - U.getX().toBytes(t); - H.process_array(t); - U.getY().toBytes(t); - H.process_array(t); - - t=H.hash(); - for (int i=0;i<PAS;i++) SK[i]=t[i]; - - return 0; - } - -/* return time since epoch */ - public static int GET_TIME() { - Date date=new Date(); - return (int) (date.getTime()/1000); - } - -/* Generate Y = H(epoch, xCID/xID) */ - public static void GET_Y(int TimeValue,byte[] xCID,byte[] Y) - { - byte[] h = hashit(TimeValue,xCID); - BIG y = BIG.fromBytes(h); - BIG q=new BIG(ROM.CURVE_Order); - y.mod(q); - y.toBytes(Y); - } - -/* One pass MPIN Client */ - public static int CLIENT(int date,byte[] CLIENT_ID,RAND RNG,byte[] X,int pin,byte[] TOKEN,byte[] SEC,byte[] xID,byte[] xCID,byte[] PERMIT, int TimeValue, byte[] Y) - { - int rtn=0; - - byte[] pID; - if (date == 0) - pID = xID; - else - pID = xCID; - - rtn = CLIENT_1(date,CLIENT_ID,RNG,X,pin,TOKEN,SEC,xID,xCID,PERMIT); - if (rtn != 0) - return rtn; - - GET_Y(TimeValue,pID,Y); - - rtn = CLIENT_2(X,Y,SEC); - if (rtn != 0) - return rtn; - - return 0; - } - -/* One pass MPIN Server */ - public static int SERVER(int date,byte[] HID,byte[] HTID,byte[] Y,byte[] SST,byte[] xID,byte[] xCID,byte[] SEC,byte[] E,byte[] F,byte[] CID, int TimeValue) - { - int rtn=0; - - byte[] pID; - if (date == 0) - pID = xID; - else - pID = xCID; - - SERVER_1(date,CID,HID,HTID); - - GET_Y(TimeValue,pID,Y); - - rtn = SERVER_2(date,HID,HTID,Y,SST,xID,xCID,SEC,E,F); - if (rtn != 0) - return rtn; - - return 0; - } - -}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/PAIR.java ---------------------------------------------------------------------- diff --git a/java64/PAIR.java b/java64/PAIR.java deleted file mode 100755 index bc815a9..0000000 --- a/java64/PAIR.java +++ /dev/null @@ -1,537 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -/* AMCL BN Curve Pairing functions */ - -public final class PAIR { - -/* Line function */ - public static FP12 line(ECP2 A,ECP2 B,FP Qx,FP Qy) - { - ECP2 P=new ECP2(); - - FP4 a,b,c; - P.copy(A); - FP2 ZZ=new FP2(P.getz()); - ZZ.sqr(); - int D; - if (A==B) D=A.dbl(); /* Check this return value in amcl_ec2.c */ - else D=A.add(B); - if (D<0) - return new FP12(1); - FP2 Z3=new FP2(A.getz()); - c=new FP4(0); - if (D==0) - { /* Addition */ - FP2 X=new FP2(B.getx()); - FP2 Y=new FP2(B.gety()); - FP2 T=new FP2(P.getz()); - T.mul(Y); - ZZ.mul(T); - - FP2 NY=new FP2(P.gety()); NY.neg(); - ZZ.add(NY); - Z3.pmul(Qy); - T.mul(P.getx()); - X.mul(NY); - T.add(X); - a=new FP4(Z3,T); - ZZ.neg(); - ZZ.pmul(Qx); - b=new FP4(ZZ); - } - else - { /* Doubling */ - FP2 X=new FP2(P.getx()); - FP2 Y=new FP2(P.gety()); - FP2 T=new FP2(P.getx()); - T.sqr(); - T.imul(3); - - Y.sqr(); - Y.add(Y); - Z3.mul(ZZ); - Z3.pmul(Qy); - - X.mul(T); - X.sub(Y); - a=new FP4(Z3,X); - T.neg(); - ZZ.mul(T); - ZZ.pmul(Qx); - b=new FP4(ZZ); - } - return new FP12(a,b,c); - } - -/* Optimal R-ate pairing */ - public static FP12 ate(ECP2 P,ECP Q) - { - FP2 f=new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb)); - BIG x=new BIG(ROM.CURVE_Bnx); - BIG n=new BIG(x); - ECP2 K=new ECP2(); - FP12 lv; - n.pmul(6); n.dec(2); n.norm(); - P.affine(); - Q.affine(); - FP Qx=new FP(Q.getx()); - FP Qy=new FP(Q.gety()); - - ECP2 A=new ECP2(); - FP12 r=new FP12(1); - - A.copy(P); - int nb=n.nbits(); - - for (int i=nb-2;i>=1;i--) - { - lv=line(A,A,Qx,Qy); - r.smul(lv); - - if (n.bit(i)==1) - { - lv=line(A,P,Qx,Qy); - - r.smul(lv); - } - r.sqr(); - } - - lv=line(A,A,Qx,Qy); - r.smul(lv); - -/* R-ate fixup */ - - r.conj(); - - K.copy(P); - K.frob(f); - A.neg(); - lv=line(A,K,Qx,Qy); - r.smul(lv); - K.frob(f); - K.neg(); - lv=line(A,K,Qx,Qy); - r.smul(lv); - - return r; - } - -/* Optimal R-ate double pairing e(P,Q).e(R,S) */ - public static FP12 ate2(ECP2 P,ECP Q,ECP2 R,ECP S) - { - FP2 f=new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb)); - BIG x=new BIG(ROM.CURVE_Bnx); - BIG n=new BIG(x); - ECP2 K=new ECP2(); - FP12 lv; - n.pmul(6); n.dec(2); n.norm(); - P.affine(); - Q.affine(); - R.affine(); - S.affine(); - - FP Qx=new FP(Q.getx()); - FP Qy=new FP(Q.gety()); - FP Sx=new FP(S.getx()); - FP Sy=new FP(S.gety()); - - ECP2 A=new ECP2(); - ECP2 B=new ECP2(); - FP12 r=new FP12(1); - - A.copy(P); - B.copy(R); - int nb=n.nbits(); - - for (int i=nb-2;i>=1;i--) - { - lv=line(A,A,Qx,Qy); - r.smul(lv); - lv=line(B,B,Sx,Sy); - r.smul(lv); - - if (n.bit(i)==1) - { - lv=line(A,P,Qx,Qy); - r.smul(lv); - lv=line(B,R,Sx,Sy); - r.smul(lv); - } - r.sqr(); - } - - lv=line(A,A,Qx,Qy); - r.smul(lv); - - lv=line(B,B,Sx,Sy); - r.smul(lv); - -/* R-ate fixup */ - r.conj(); - - K.copy(P); - K.frob(f); - A.neg(); - lv=line(A,K,Qx,Qy); - r.smul(lv); - K.frob(f); - K.neg(); - lv=line(A,K,Qx,Qy); - r.smul(lv); - - K.copy(R); - K.frob(f); - B.neg(); - lv=line(B,K,Sx,Sy); - r.smul(lv); - K.frob(f); - K.neg(); - lv=line(B,K,Sx,Sy); - r.smul(lv); - - return r; - } - -/* final exponentiation - keep separate for multi-pairings and to avoid thrashing stack */ - public static FP12 fexp(FP12 m) - { - FP2 f=new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb)); - BIG x=new BIG(ROM.CURVE_Bnx); - FP12 r=new FP12(m); - FP12 x0,x1,x2,x3,x4,x5; - -/* Easy part of final exp */ - FP12 lv=new FP12(r); - lv.inverse(); - r.conj(); - - r.mul(lv); - lv.copy(r); - r.frob(f); - r.frob(f); - r.mul(lv); -/* Hard part of final exp */ - lv.copy(r); - lv.frob(f); - x0=new FP12(lv); - x0.frob(f); - lv.mul(r); - x0.mul(lv); - x0.frob(f); - x1=new FP12(r); - x1.conj(); - x4=r.pow(x); - - x3=new FP12(x4); - x3.frob(f); - - x2=x4.pow(x); - - x5=new FP12(x2); x5.conj(); - lv=x2.pow(x); - - x2.frob(f); - r.copy(x2); r.conj(); - - x4.mul(r); - x2.frob(f); - - r.copy(lv); - r.frob(f); - lv.mul(r); - - lv.usqr(); - lv.mul(x4); - lv.mul(x5); - r.copy(x3); - r.mul(x5); - r.mul(lv); - lv.mul(x2); - r.usqr(); - r.mul(lv); - r.usqr(); - lv.copy(r); - lv.mul(x1); - r.mul(x0); - lv.usqr(); - r.mul(lv); - r.reduce(); - return r; - } - -/* GLV method */ - public static BIG[] glv(BIG e) - { - int i,j; - BIG t=new BIG(0); - BIG q=new BIG(ROM.CURVE_Order); - BIG[] u=new BIG[2]; - BIG[] v=new BIG[2]; - for (i=0;i<2;i++) - { - t.copy(new BIG(ROM.CURVE_W[i])); // why not just t=new BIG(ROM.CURVE_W[i]); - DBIG d=BIG.mul(t,e); - v[i]=new BIG(d.div(q)); - u[i]=new BIG(0); - } - u[0].copy(e); - for (i=0;i<2;i++) - for (j=0;j<2;j++) - { - t.copy(new BIG(ROM.CURVE_SB[j][i])); - t.copy(BIG.modmul(v[j],t,q)); - u[i].add(q); - u[i].sub(t); - u[i].mod(q); - } - return u; - } - -/* Galbraith & Scott Method */ - public static BIG[] gs(BIG e) - { - int i,j; - BIG t=new BIG(0); - BIG q=new BIG(ROM.CURVE_Order); - BIG[] u=new BIG[4]; - BIG[] v=new BIG[4]; - for (i=0;i<4;i++) - { - t.copy(new BIG(ROM.CURVE_WB[i])); - DBIG d=BIG.mul(t,e); - v[i]=new BIG(d.div(q)); - u[i]=new BIG(0); - } - u[0].copy(e); - for (i=0;i<4;i++) - for (j=0;j<4;j++) - { - t.copy(new BIG(ROM.CURVE_BB[j][i])); - t.copy(BIG.modmul(v[j],t,q)); - u[i].add(q); - u[i].sub(t); - u[i].mod(q); - } - return u; - } - -/* Multiply P by e in group G1 */ - public static ECP G1mul(ECP P,BIG e) - { - ECP R; - if (ROM.USE_GLV) - { - P.affine(); - R=new ECP(); - R.copy(P); - int i,np,nn; - ECP Q=new ECP(); - Q.copy(P); - BIG q=new BIG(ROM.CURVE_Order); - FP cru=new FP(new BIG(ROM.CURVE_Cru)); - BIG t=new BIG(0); - BIG[] u=glv(e); - Q.getx().mul(cru); - - np=u[0].nbits(); - t.copy(BIG.modneg(u[0],q)); - nn=t.nbits(); - if (nn<np) - { - u[0].copy(t); - R.neg(); - } - - np=u[1].nbits(); - t.copy(BIG.modneg(u[1],q)); - nn=t.nbits(); - if (nn<np) - { - u[1].copy(t); - Q.neg(); - } - - R=R.mul2(u[0],Q,u[1]); - - } - else - { - R=P.mul(e); - } - return R; - } - -/* Multiply P by e in group G2 */ - public static ECP2 G2mul(ECP2 P,BIG e) - { - ECP2 R; - if (ROM.USE_GS_G2) - { - ECP2[] Q=new ECP2[4]; - FP2 f=new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb)); - BIG q=new BIG(ROM.CURVE_Order); - BIG[] u=gs(e); - - BIG t=new BIG(0); - int i,np,nn; - P.affine(); - Q[0]=new ECP2(); Q[0].copy(P); - for (i=1;i<4;i++) - { - Q[i]=new ECP2(); Q[i].copy(Q[i-1]); - Q[i].frob(f); - } - for (i=0;i<4;i++) - { - np=u[i].nbits(); - t.copy(BIG.modneg(u[i],q)); - nn=t.nbits(); - if (nn<np) - { - u[i].copy(t); - Q[i].neg(); - } - } - R=ECP2.mul4(Q,u); - - } - else - { - R=P.mul(e); - } - return R; - } - -/* f=f^e */ -/* Note that this method requires a lot of RAM! Better to use compressed XTR method, see FP4.java */ - public static FP12 GTpow(FP12 d,BIG e) - { - FP12 r; - if (ROM.USE_GS_GT) - { - FP12[] g=new FP12[4]; - FP2 f=new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb)); - BIG q=new BIG(ROM.CURVE_Order); - BIG t=new BIG(0); - int i,np,nn; - BIG[] u=gs(e); - - g[0]=new FP12(d); - for (i=1;i<4;i++) - { - g[i]=new FP12(0); g[i].copy(g[i-1]); - g[i].frob(f); - } - for (i=0;i<4;i++) - { - np=u[i].nbits(); - t.copy(BIG.modneg(u[i],q)); - nn=t.nbits(); - if (nn<np) - { - u[i].copy(t); - g[i].conj(); - } - } - r=FP12.pow4(g,u); - } - else - { - r=d.pow(e); - } - return r; - } - -/* test group membership */ -/* with GT-Strong curve, now only check that m!=1, conj(m)*m==1, and m.m^{p^4}=m^{p^2} */ - public static boolean GTmember(FP12 m) - { - if (m.isunity()) return false; - FP12 r=new FP12(m); - r.conj(); - r.mul(m); - if (!r.isunity()) return false; - - FP2 f=new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb)); - - r.copy(m); r.frob(f); r.frob(f); - FP12 w=new FP12(r); w.frob(f); w.frob(f); - w.mul(m); - if (!ROM.GT_STRONG) - { - if (!w.equals(r)) return false; - BIG x=new BIG(ROM.CURVE_Bnx); - r.copy(m); w=r.pow(x); w=w.pow(x); - r.copy(w); r.sqr(); r.mul(w); r.sqr(); - w.copy(m); w.frob(f); - } - return w.equals(r); - } - - public static void main(String[] args) { - ECP Q=new ECP(new BIG(ROM.CURVE_Gx),new BIG(ROM.CURVE_Gy)); - ECP2 P=new ECP2(new FP2(new BIG(ROM.CURVE_Pxa),new BIG(ROM.CURVE_Pxb)),new FP2(new BIG(ROM.CURVE_Pya),new BIG(ROM.CURVE_Pyb))); - - BIG r=new BIG(ROM.CURVE_Order); - BIG xa=new BIG(ROM.CURVE_Pxa); - - System.out.println("P= "+P.toString()); - System.out.println("Q= "+Q.toString()); - - BIG m=new BIG(17); - - FP12 e=ate(P,Q); - System.out.println("\ne= "+e.toString()); - - e=fexp(e); - // e=GTpow(e,m); - - System.out.println("\ne= "+e.toString()); - - BIG [] GLV=glv(r); - - System.out.println("GLV[0]= "+GLV[0].toString()); - System.out.println("GLV[0]= "+GLV[1].toString()); - - ECP G=new ECP(); G.copy(Q); - ECP2 R=new ECP2(); R.copy(P); - - - e=ate(R,Q); - e=fexp(e); - - e=GTpow(e,xa); - System.out.println("\ne= "+e.toString()); - - - R=G2mul(R,xa); - e=ate(R,G); - e=fexp(e); - - System.out.println("\ne= "+e.toString()); - - G=G1mul(G,xa); - e=ate(P,G); - e=fexp(e); - System.out.println("\ne= "+e.toString()); - } -} - http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/RAND.java ---------------------------------------------------------------------- diff --git a/java64/RAND.java b/java64/RAND.java deleted file mode 100755 index 1bf6be2..0000000 --- a/java64/RAND.java +++ /dev/null @@ -1,161 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -/* - * Cryptographic strong random number generator - * - * Unguessable seed -> SHA -> PRNG internal state -> SHA -> random numbers - * Slow - but secure - * - * See ftp://ftp.rsasecurity.com/pub/pdfs/bull-1.pdf for a justification - */ - -/* Marsaglia & Zaman Random number generator constants */ - - -public class RAND { -/* Cryptographically strong pseudo-random number generator */ - - private static final int NK=21; - private static final int NJ=6; - private static final int NV=8; - private int[] ira=new int[NK]; /* random number... */ - private int rndptr; /* ...array & pointer */ - private int borrow; - private int pool_ptr; - private byte[] pool=new byte[32]; /* random pool */ - - public RAND() - { - clean(); - } - - private int sbrand() - { /* Marsaglia & Zaman random number generator */ - int i,k; - long pdiff,t; - - rndptr++; - if (rndptr<NK) return ira[rndptr]; - rndptr=0; - for (i=0,k=NK-NJ;i<NK;i++,k++) - { /* calculate next NK values */ - if (k==NK) k=0; - t=((long)ira[k])&0xffffffffL; - pdiff=(t - (((long)ira[i])&0xffffffffL) - (long)borrow)&0xffffffffL; - if (pdiff<t) borrow=0; - if (pdiff>t) borrow=1; - ira[i]=(int)(pdiff&0xffffffffL); - } - - return ira[0]; - } - - public void sirand(int seed) - { - int i,in; - int t,m=1; - borrow=0; - rndptr=0; - ira[0]^=seed; - for (i=1;i<NK;i++) - { /* fill initialisation vector */ - in=(NV*i)%NK; - ira[in]^=m; /* note XOR */ - t=m; - m=seed-m; - seed=t; - } - for (i=0;i<10000;i++) sbrand(); /* "warm-up" & stir the generator */ - } - - private void fill_pool() - { - HASH sh=new HASH(); - for (int i=0;i<128;i++) sh.process(sbrand()); - pool=sh.hash(); - pool_ptr=0; - } - - private static int pack(byte[] b) - { /* pack 4 bytes into a 32-bit Word */ - return ((((int)b[3])&0xff)<<24)|(((int)b[2]&0xff)<<16)|(((int)b[1]&0xff)<<8)|((int)b[0]&0xff); - } - -/* Initialize RNG with some real entropy from some external source */ - public void seed(int rawlen,byte[] raw) - { /* initialise from at least 128 byte string of raw random entropy */ - int i; - byte [] digest; - byte [] b=new byte[4]; - HASH sh=new HASH(); - pool_ptr=0; - for (i=0;i<NK;i++) ira[i]=0; - if (rawlen>0) - { - for (i=0;i<rawlen;i++) - sh.process(raw[i]); - digest=sh.hash(); - -/* initialise PRNG from distilled randomness */ - - for (i=0;i<8;i++) - { - b[0]=digest[4*i]; b[1]=digest[4*i+1]; b[2]=digest[4*i+2]; b[3]=digest[4*i+3]; - sirand(pack(b)); - } - } - fill_pool(); - } - -/* Terminate and clean up */ - public void clean() - { /* kill internal state */ - int i; - pool_ptr=rndptr=0; - for (i=0;i<32;i++) pool[i]=0; - for (i=0;i<NK;i++) ira[i]=0; - borrow=0; - } - -/* get random byte */ - public int getByte() - { - int r; - r=pool[pool_ptr++]; - if (pool_ptr>=32) fill_pool(); - return (r&0xff); - } - -/* test main program */ -/* - public static void main(String[] args) { - int i; - byte[] raw=new byte[100]; - RAND rng=new RAND(); - - rng.clean(); - for (i=0;i<100;i++) raw[i]=(byte)i; - - rng.seed(100,raw); - - for (i=0;i<1000;i++) - System.out.format("%03d ",rng.getByte()); - } */ -} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/ROM.java ---------------------------------------------------------------------- diff --git a/java64/ROM.java b/java64/ROM.java deleted file mode 100755 index 4dc4bd4..0000000 --- a/java64/ROM.java +++ /dev/null @@ -1,381 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -/* Fixed Data in ROM - Field and Curve parameters */ - -public class ROM -{ -/* Don't Modify from here... */ - public static final int NOT_SPECIAL=0; - public static final int PSEUDO_MERSENNE=1; - public static final int MONTGOMERY_FRIENDLY=2; - public static final int WEIERSTRASS=0; - public static final int EDWARDS=1; - public static final int MONTGOMERY=2; -/* ...to here */ - -/*** Enter Some Field details here ***/ -// BN Curve - public static final int MODBITS=254; /* Number of bits in Modulus */ - public static final int MOD8=3; /* Modulus mod 8 */ -// Curve 25519 -// public static final int MODBITS=255; -// public static final int MOD8=5; -// NIST256 or Brainpool -// public static final int MODBITS=256; -// public static final int MOD8=7; -// MF254 -// public static final int MODBITS=254; -// public static final int MOD8=7; -// MS255 -//public static final int MODBITS= 255; -//public static final int MOD8= 3; -// MF256 -// public static final int MODBITS=256; -// public static final int MOD8=7; -// MS256 -//public static final int MODBITS= 256; -//public static final int MOD8= 3; -// ANSSI -// public static final int MODBITS= 256; -// public static final int MOD8= 3; - -/* Don't Modify from here... */ - public static final int NLEN=5; - public static final int CHUNK=64; - public static final int DNLEN=2*NLEN; - public static final int BASEBITS=56; - public static final long MASK=(((long)1<<BASEBITS)-1); - public static final int HBITS=BASEBITS/2; - public static final long HMASK=(((long)1<<HBITS)-1); - public static final int MODBYTES=32; - public static final int NEXCESS =((int)1<<(CHUNK-BASEBITS-1)); - public static final long FEXCESS =((long)1<<(BASEBITS*NLEN-MODBITS)); - public static final long OMASK=(long)(-1)<<(MODBITS%BASEBITS); - public static final int TBITS=MODBITS%BASEBITS; // Number of active bits in top word - public static final long TMASK=((long)1<<TBITS)-1; -/* ...to here */ - -/* Finite field support - for RSA, DH etc. */ - public static final int FF_BITS=2048; /* Finite Field Size in bits - must be 256.2^n */ - public static final int FFLEN=(FF_BITS/256); - public static final int HFLEN=(FFLEN/2); /* Useful for half-size RSA private key operations */ - - -// START SPECIFY FIELD DETAILS HERE -//********************************************************************************* -// Curve25519 Modulus -// public static final int MODTYPE=PSEUDO_MERSENNE; -// public static final long[] Modulus= {0xFFFFFFFFFFFFEDL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0x7FFFFFFFL}; -// public static final long MConst=0x13L; - - -// NIST-256 Curve -// public static final int MODTYPE=NOT_SPECIAL; -// public static final long[] Modulus= {0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFL,0x0L,0x1000000L,0xFFFFFFFFL}; -// public static final long MConst=0x1L; - -// MF254 Modulus -// public static final int MODTYPE=MONTGOMERY_FRIENDLY; -// public static final long[] Modulus= {0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0x3F80FFFFL}; -// public static final long MConst=0x3F810000L; - -// MS255 Modulus -//public static final int MODTYPE= 1; -//public static final long[] Modulus= {0xFFFFFFFFFFFD03L,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0x7FFFFFFFL}; -//public static final long MConst=0x2FDL; - -// MS256 Modulus -//public static final int MODTYPE= 1; -//public static final long[] Modulus= {0xFFFFFFFFFFFF43L,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFL}; -//public static final long MConst=0xBDL; - -// MF256 Modulus -//public static final int MODTYPE= 2; -//public static final long[] Modulus= {0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFA7FFFFL}; -//public static final long MConst=0xFFA80000L; - -// Brainpool -// public static final int MODTYPE= NOT_SPECIAL; -// public static final long[] Modulus= {0x13481D1F6E5377L,0xF623D526202820L,0x909D838D726E3BL,0xA1EEA9BC3E660AL,0xA9FB57DBL}; -// public static final long MConst=0xA75590CEFD89B9L; - -// ANSSI -// public static final int MODTYPE= 0; -// public static final long[] Modulus= {0xFCF353D86E9C03L,0xADBCABC8CA6DE8L,0xE8CE42435B3961L,0xB3AD58F10126DL,0xF1FD178CL}; -// public static final long MConst=0x97483A164E1155L; - -// BNCX Curve Modulus -public static final int MODTYPE=NOT_SPECIAL; -public static final long[] Modulus= {0x6623EF5C1B55B3L,0xD6EE18093EE1BEL,0x647A6366D3243FL,0x8702A0DB0BDDFL,0x24000000L}; -public static final long MConst=0x4E205BF9789E85L; - -// BN Curve -//public static final int MODTYPE=NOT_SPECIAL; -//public static final long[] Modulus= {0x13L,0x13A7L,0x80000000086121L,0x40000001BA344DL,0x25236482L}; -//public static final long MConst=0x435E50D79435E5L; - -// BNT Curve -//public static final int MODTYPE=NOT_SPECIAL; -//public static final long[] Modulus= {0x9DBBFEEEB4A713L,0x555614F464BABEL,0x3696F8D5F06E8AL,0x6517014EFA0BABL,0x240120DBL}; -//public static final long MConst=0xC5A872D914C4E5L; - -// BNT2 Curve -//public static final int MODTYPE=NOT_SPECIAL; -//public static final long[] Modulus= {0xB2DC2BB460A48BL,0x93E428F0D651E8L,0xF3B89D00081CFL,0x410F5AADB74E20L,0x24000482L}; -//public static final long MConst=0xFE6A47A6505CDDL; - -// START SPECIFY CURVE DETAILS HERE -//********************************************************************************* - -// Ed25519 Curve -// public static final int CURVETYPE=EDWARDS; -// public static final int CURVE_A = -1; -// public static final long[] CURVE_B = {0xEB4DCA135978A3L,0xA4D4141D8AB75L,0x797779E8980070L,0x2B6FFE738CC740L,0x52036CEEL}; -// public static final long[] CURVE_Order={0x12631A5CF5D3EDL,0xF9DEA2F79CD658L,0x14DEL,0x0L,0x10000000L}; -// public static final long[] CURVE_Gx ={0x562D608F25D51AL,0xC7609525A7B2C9L,0x31FDD6DC5C692CL,0xCD6E53FEC0A4E2L,0x216936D3L}; -// public static final long[] CURVE_Gy ={0x66666666666658L,0x66666666666666L,0x66666666666666L,0x66666666666666L,0x66666666L}; - -// Original Curve25519 -// public static final int CURVETYPE=MONTGOMERY; -// public static final int CURVE_A =486662; -// public static final long[] CURVE_B = {0x0L,0x0L,0x0L,0x0L,0x0L}; // not used -// public static final long[] CURVE_Order={0x12631A5CF5D3EDL,0xF9DEA2F79CD658L,0x14DEL,0x0L,0x10000000L}; -// public static final long[] CURVE_Gx ={0x9L,0x0L,0x0L,0x0L,0x0L}; -// public static final long[] CURVE_Gy ={0x0L,0x0L,0x0L,0x0L,0x0L}; // not used - -// NIST-256 Curve -// public static final int CURVETYPE=WEIERSTRASS; -// public static final int CURVE_A = -3; -// public static final long[] CURVE_B = {0xCE3C3E27D2604BL,0x6B0CC53B0F63BL,0x55769886BC651DL,0xAA3A93E7B3EBBDL,0x5AC635D8L}; -// public static final long[] CURVE_Order={0xB9CAC2FC632551L,0xFAADA7179E84F3L,0xFFFFFFFFFFBCE6L,0xFFFFFFL,0xFFFFFFFFL}; -// public static final long[] CURVE_Gx ={0xA13945D898C296L,0x7D812DEB33A0F4L,0xE563A440F27703L,0xE12C4247F8BCE6L,0x6B17D1F2L}; -// public static final long[] CURVE_Gy ={0xB6406837BF51F5L,0x33576B315ECECBL,0x4A7C0F9E162BCEL,0xFE1A7F9B8EE7EBL,0x4FE342E2L}; - -// MF254 Modulus, Weierstrass Curve w-254-mont -//public static final int CURVETYPE= 0; -//public static final int CURVE_A = -3; -//public static final long[] CURVE_B = {0xFFFFFFFFFFD08DL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0x3F80FFFFL}; -//public static final long[] CURVE_Order={0xA419C4AF8DF83FL,0x8BEA0DA375C06FL,0xFFFFFFFFFFEB81L,0xFFFFFFFFFFFFFFL,0x3F80FFFFL}; -//public static final long[] CURVE_Gx ={0x2L,0x0L,0x0L,0x0L,0x0L}; -//public static final long[] CURVE_Gy ={0x65DF37F90D4EBCL,0x38E3F8511931ADL,0x75BD778AEBDFB7L,0x3B2E56014AE15AL,0x140E3FD3L}; - -// MF254 Modulus, Edwards Curve ed-254-mont -//public static final int CURVETYPE= 1; -//public static final int CURVE_A = -1; -//public static final long[] CURVE_B = {0x367BL,0x0L,0x0L,0x0L,0x0L}; -//public static final long[] CURVE_Order={0xF3D3FEC46E98C7L,0x306C8BD62FB0EAL,0xFFFFFFFFFFEB95L,0xFFFFFFFFFFFFFFL,0xFE03FFFL}; -//public static final long[] CURVE_Gx ={0x1L,0x0L,0x0L,0x0L,0x0L}; -//public static final long[] CURVE_Gy ={0x52D0FDAF2701E5L,0x9A840E3212187CL,0xD502363F4E3632L,0xD6A4C335951D00L,0x19F0E690L}; - -// MF254 Modulus, Montgomery Curve -// public static final int CURVETYPE=MONTGOMERY; -// public static final int CURVE_A =-55790; -// public static final long[] CURVE_B = {0x0L,0x0L,0x0L,0x0L,0x0L}; // not used -// public static final long[] CURVE_Order={0xF3D3FEC46E98C7L,0x306C8BD62FB0EAL,0xFFFFFFFFFFEB95L,0xFFFFFFFFFFFFFFL,0xFE03FFFL}; -// public static final long[] CURVE_Gx ={0x3L,0x0L,0x0L,0x0L,0x0L}; -// public static final long[] CURVE_Gy ={0x0L,0x0L,0x0L,0x0L,0x0L}; // not used - -// MS255 Modulus, Weierstrass Curve -//public static final int CURVETYPE= 0; -//public static final int CURVE_A = -3; -//public static final long[] CURVE_B = {0xFFFFFFFFFFAB46L,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0x7FFFFFFFL}; -//public static final long[] CURVE_Order={0x8FAC983C594AEBL,0x38283AD2B3DFABL,0xFFFFFFFFFF864AL,0xFFFFFFFFFFFFFFL,0x7FFFFFFFL}; -//public static final long[] CURVE_Gx ={0x1L,0x0L,0x0L,0x0L,0x0L}; -//public static final long[] CURVE_Gy ={0x33FF6769CB44BAL,0xC78CDDFDA60D17L,0xF9B2FF7D177DB6L,0xEDBA7833921EBFL,0x6F7A6AC0L}; - -// MS255 Modulus, Edwards Curve -//public static final int CURVETYPE= 1; -//public static final int CURVE_A = -1; -//public static final long[] CURVE_B = {0xEA97L,0x0L,0x0L,0x0L,0x0L}; -//public static final long[] CURVE_Order={0x49D1ED0436EB75L,0xA785EDA6832EACL,0xFFFFFFFFFFDCF1L,0xFFFFFFFFFFFFFFL,0x1FFFFFFFL}; -//public static final long[] CURVE_Gx ={0x4L,0x0L,0x0L,0x0L,0x0L}; -//public static final long[] CURVE_Gy ={0x2A255BD08736A0L,0x4B8AED445A45BAL,0xDD8E0C47E55291L,0x4A7BB545EC254CL,0x26CB7853L}; - -// MS255 Modulus, Montgomery Curve -// public static final int CURVETYPE=MONTGOMERY; -// public static final int CURVE_A =-240222; -// public static final long[] CURVE_B = {0x0L,0x0L,0x0L,0x0L,0x0L}; // not used -// public static final long[] CURVE_Order={0x49D1ED0436EB75L,0xA785EDA6832EACL,0xFFFFFFFFFFDCF1L,0xFFFFFFFFFFFFFFL,0x1FFFFFFFL}; -// public static final long[] CURVE_Gx ={0x4L,0x0L,0x0L,0x0L,0x0L}; -// public static final long[] CURVE_Gy ={0x0L,0x0L,0x0L,0x0L,0x0L}; // not used - -// MS256, Weierstrass Curve -//public static final int CURVETYPE= 0; -//public static final int CURVE_A = -3; -//public static final long[] CURVE_B = {0x25581L,0x0L,0x0L,0x0L,0x0L}; -//public static final long[] CURVE_Order={0xAB20294751A825L,0x8275EA265C6020L,0xFFFFFFFFFFE43CL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFL}; -//public static final long[] CURVE_Gx ={0x1L,0x0L,0x0L,0x0L,0x0L}; -//public static final long[] CURVE_Gy ={0xF46306C2B56C77L,0x2F9375894EC10BL,0x6CCEEEDD6BD02CL,0xC1E466D7FC82C9L,0x696F1853L}; - -// MS256, Edwards Curve -//public static final int CURVETYPE= 1; -//public static final int CURVE_A = -1; -//public static final long[] CURVE_B = {0x3BEEL,0x0L,0x0L,0x0L,0x0L}; -//public static final long[] CURVE_Order={0xB84E6F1122B4ADL,0xA55AD0A6BC64E5L,0xFFFFFFFFFFBE6AL,0xFFFFFFFFFFFFFFL,0x3FFFFFFFL}; -//public static final long[] CURVE_Gx ={0xDL,0x0L,0x0L,0x0L,0x0L}; -//public static final long[] CURVE_Gy ={0x7F6FB5331CADBAL,0x6D63824D303F70L,0xB39FA046BFBE2AL,0x2A1276DBA3D330L,0x7D0AB41EL}; - -// MS256 Modulus, Montgomery Curve -// public static final int CURVETYPE=MONTGOMERY; -// public static final int CURVE_A =-61370; -// public static final long[] CURVE_B = {0x0L,0x0L,0x0L,0x0L,0x0L}; // not used -// public static final long[] CURVE_Order={0xB84E6F1122B4ADL,0xA55AD0A6BC64E5L,0xFFFFFFFFFFBE6AL,0xFFFFFFFFFFFFFFL,0x3FFFFFFFL}; -// public static final long[] CURVE_Gx ={0xbL,0x0L,0x0L,0x0L,0x0L}; -// public static final long[] CURVE_Gy ={0x0L,0x0L,0x0L,0x0L,0x0L}; // not used - -// MF256 Modulus, Weierstrass Curve -//public static final int CURVETYPE= 0; -//public static final int CURVE_A = -3; -//public static final long[] CURVE_B = {0x14E6AL,0x0L,0x0L,0x0L,0x0L}; -//public static final long[] CURVE_Order={0x10C5E1A79857EBL,0x7513E6E5074B9DL,0xFFFFFFFFFFFC51L,0xFFFFFFFFFFFFFFL,0xFFA7FFFFL}; -//public static final long[] CURVE_Gx ={0x1L,0x0L,0x0L,0x0L,0x0L}; -//public static final long[] CURVE_Gy ={0x7954C2B724D2AL,0x47EB8D94DC6610L,0x26123DAE289569L,0xBE1808CE7BABBAL,0x20887C87L}; - -// MF256, Edwards Curve -//public static final int CURVETYPE= 1; -//public static final int CURVE_A = -1; -//public static final long[] CURVE_B = {0x350AL,0x0L,0x0L,0x0L,0x0L}; -//public static final long[] CURVE_Order={0xD92EDED8EC7BABL,0xBBAFB86733C966L,0xFFFFFFFFFFB154L,0xFFFFFFFFFFFFFFL,0x3FE9FFFFL}; -//public static final long[] CURVE_Gx ={0x1L,0x0L,0x0L,0x0L,0x0L}; -//public static final long[] CURVE_Gy ={0xEAA722F2F3C908L,0x5E648DFEA68D7DL,0xF3DB2C1AACA0C0L,0xF8CC4D5AEAEBEEL,0xDAD8D4F8L}; - -// MF256 Modulus, Montgomery Curve -// public static final int CURVETYPE=MONTGOMERY; -// public static final int CURVE_A =-54314; -// public static final long[] CURVE_B = {0x0L,0x0L,0x0L,0x0L,0x0L}; // not used -// public static final long[] CURVE_Order={0xD92EDED8EC7BABL,0xBBAFB86733C966L,0xFFFFFFFFFFB154L,0xFFFFFFFFFFFFFFL,0x3FE9FFFFL}; -// public static final long[] CURVE_Gx ={0x8L,0x0L,0x0L,0x0L,0x0L}; -// public static final long[] CURVE_Gy ={0x0L,0x0L,0x0L,0x0L,0x0L}; // not used - - - -// Brainpool -// public static final int CURVETYPE= 0; -// public static final int CURVE_A = -3; -// public static final long[] CURVE_B = {0xE58101FEE92B04L,0xEBC4AF2F49256AL,0x733D0B76B7BF93L,0x30D84EA4FE66A7L,0x662C61C4L}; -// public static final long[] CURVE_Order={0x1E0E82974856A7L,0x7AA3B561A6F790L,0x909D838D718C39L,0xA1EEA9BC3E660AL,0xA9FB57DBL}; -// public static final long[] CURVE_Gx ={0xA191562E1305F4L,0x42C47AAFBC2B79L,0xB23A656149AFA1L,0xC1CFE7B7732213L,0xA3E8EB3CL}; -// public static final long[] CURVE_Gy ={0xABE8F35B25C9BEL,0xB6DE39D027001DL,0xE14644417E69BCL,0x3439C56D7F7B22L,0x2D996C82L}; - -// ANSSI -// public static final int CURVETYPE= 0; -// public static final int CURVE_A = -3; -// public static final long[] CURVE_B = {0x75ED967B7BB73FL,0xC9AE4B1A18030L,0x754A44C00FDFECL,0x5428A9300D4ABAL,0xEE353FCAL}; -// public static final long[] CURVE_Order={0xFDD459C6D655E1L,0x67E140D2BF941FL,0xE8CE42435B53DCL,0xB3AD58F10126DL,0xF1FD178CL}; -// public static final long[] CURVE_Gx ={0xC97A2DD98F5CFFL,0xD2DCAF98B70164L,0x4749D423958C27L,0x56C139EB31183DL,0xB6B3D4C3L}; -// public static final long[] CURVE_Gy ={0x115A1554062CFBL,0xC307E8E4C9E183L,0xF0F3ECEF8C2701L,0xC8B204911F9271L,0x6142E0F7L}; - -// BNCX Curve - - public static final int CURVETYPE=WEIERSTRASS; - public static final int CURVE_A = 0; - public static final long[] CURVE_B = {0x2L,0x0L,0x0L,0x0L,0x0L}; - public static final long[] CURVE_Order={0x11C0A636EB1F6DL,0xD6EE0CC906CEBEL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L}; - public static final long[] CURVE_Bnx={0x3C012B1L,0x40L,0x0L,0x0L,0x0L}; - public static final long[] CURVE_Cru={0xE0931794235C97L,0xDF6471EF875631L,0xCA83F1440BDL,0x480000L,0x0L}; - public static final long[] CURVE_Fra={0xD9083355C80EA3L,0x7326F173F8215BL,0x8AACA718986867L,0xA63A0164AFE18BL,0x1359082FL}; - public static final long[] CURVE_Frb={0x8D1BBC06534710L,0x63C7269546C062L,0xD9CDBC4E3ABBD8L,0x623628A900DC53L,0x10A6F7D0L}; - public static final long[] CURVE_Pxa={0x851CEEE4D2EC74L,0x85BFA03E2726C0L,0xF5C34BBB907CL,0x7053B256358B25L,0x19682D2CL}; - public static final long[] CURVE_Pxb={0xA58E8B2E29CFE1L,0x97B0C209C30F47L,0x37A8E99743F81BL,0x3E19F64AA011C9L,0x1466B9ECL}; - public static final long[] CURVE_Pya={0xFBFCEBCF0BE09FL,0xB33D847EC1B30CL,0x157DAEE2096361L,0x72332B8DD81E22L,0xA79EDD9L}; - public static final long[] CURVE_Pyb={0x904B228898EE9DL,0x4EA569D2EDEBEDL,0x512D8D3461C286L,0xECC4C09035C6E4L,0x6160C39L}; - public static final long[] CURVE_Gx ={0x6623EF5C1B55B2L,0xD6EE18093EE1BEL,0x647A6366D3243FL,0x8702A0DB0BDDFL,0x24000000L}; - public static final long[] CURVE_Gy ={0x1L,0x0L,0x0L,0x0L,0x0L}; - public static final long[][] CURVE_W={{0x546349162FEB83L,0xB40381200L,0x6000L,0x0L,0x0L},{0x7802561L,0x80L,0x0L,0x0L,0x0L}}; - public static final long[][][] CURVE_SB={{{0x5463491DB010E4L,0xB40381280L,0x6000L,0x0L,0x0L},{0x7802561L,0x80L,0x0L,0x0L,0x0L}},{{0x7802561L,0x80L,0x0L,0x0L,0x0L},{0xBD5D5D20BB33EAL,0xD6EE0188CEBCBDL,0x647A6366D2643FL,0x8702A0DB0BDDFL,0x24000000L}}}; - public static final long[][] CURVE_WB={{0x1C2118567A84B0L,0x3C012B040L,0x2000L,0x0L,0x0L},{0xCDF995BE220475L,0x94EDA8CA7F9A36L,0x8702A0DC07EL,0x300000L,0x0L},{0x66FCCAE0F10B93L,0x4A76D4653FCD3BL,0x4381506E03FL,0x180000L,0x0L},{0x1C21185DFAAA11L,0x3C012B0C0L,0x2000L,0x0L,0x0L}}; - public static final long[][][] CURVE_BB={{{0x11C0A6332B0CBDL,0xD6EE0CC906CE7EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L},{0x11C0A6332B0CBCL,0xD6EE0CC906CE7EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L},{0x11C0A6332B0CBCL,0xD6EE0CC906CE7EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L},{0x7802562L,0x80L,0x0L,0x0L,0x0L}},{{0x7802561L,0x80L,0x0L,0x0L,0x0L},{0x11C0A6332B0CBCL,0xD6EE0CC906CE7EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L},{0x11C0A6332B0CBDL,0xD6EE0CC906CE7EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L},{0x11C0A6332B0CBCL,0xD6EE0CC906CE7EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L}},{{0x7802562L,0x80L,0x0L,0x0L,0x0L},{0x7802561L,0x80L,0x0L,0x0L,0x0L},{0x7802561L,0x80L,0x0L,0x0L,0x0L},{0x7802561L,0x80L,0x0L,0x0L,0x0L}},{{0x3C012B2L,0x40L,0x0L,0x0L,0x0L},{0xF004AC2L,0x100L,0x0L,0x0L,0x0L},{0x11C0A62F6AFA0AL,0xD6EE0CC906CE3EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L},{0x3C012B2L,0x40L,0x0L,0x0L,0x0L}}}; - - public static final boolean USE_GLV =true; - public static final boolean USE_GS_G2 =true; - public static final boolean USE_GS_GT =true; - public static final boolean GT_STRONG=true; - -// BNT Curve -/* -public static final int CURVETYPE=WEIERSTRASS; -public static final int CURVE_A = 0; -public static final long[] CURVE_B = {0x2L,0x0L,0x0L,0x0L,0x0L}; -public static final long[] CURVE_Order={0x75777E8D30210DL,0xD43492B2CB363AL,0x3696F8D5F00E88L,0x6517014EFA0BABL,0x240120DBL}; -public static final long[] CURVE_Bnx={0x806000004081L,0x40L,0x0L,0x0L,0x0L}; -public static final long[] CURVE_Cru={0xEB53D5AB4FCD87L,0x82A5F2BAB11FADL,0x47651504C9764CL,0x4801B1L,0x0L}; -public static final long[] CURVE_Fra={0xF5D14EADC80022L,0x4904D6FACCE359L,0xF190A13211BE6CL,0xC9BBC4394F6509L,0x1328A292L}; -public static final long[] CURVE_Frb={0xA7EAB040ECA6F1L,0xC513DF997D764L,0x450657A3DEB01EL,0x9B5B3D15AAA6A1L,0x10D87E48L}; -public static final long[] CURVE_Pxa={0x8987E2288E65BBL,0xAD1CAA6313BEL,0x325041548B7CCCL,0x4C1339EBCC055L,0x14483FCDL}; -public static final long[] CURVE_Pxb={0x67888808DBE2C0L,0x7FE1F81E34853AL,0xA631A51B57B95L,0x384EC302DA3FC5L,0x87F46B3L}; -public static final long[] CURVE_Pya={0x202C47E020CA1DL,0xB4167E8399F36CL,0xC6E5439F72C94CL,0x102B0BD74A2C69L,0x14E8C29CL}; -public static final long[] CURVE_Pyb={0xD8437C716628F2L,0x27E167BCB7DC6BL,0xA82C7572681D0AL,0x62454BD1EDEC18L,0x17AFE2A4L}; -public static final long[] CURVE_Gx ={0x9DBBFEEEB4A712L,0x555614F464BABEL,0x3696F8D5F06E8AL,0x6517014EFA0BABL,0x240120DBL}; -public static final long[] CURVE_Gy ={0x1L,0x0L,0x0L,0x0L,0x0L}; -public static final long[][] CURVE_W={{0x26430061838403L,0x81218241998384L,0x6001L,0x0L,0x0L},{0x100C000008101L,0x80L,0x0L,0x0L,0x0L}}; -public static final long[][][] CURVE_SB={{{0x2743C061840504L,0x81218241998404L,0x6001L,0x0L,0x0L},{0x100C000008101L,0x80L,0x0L,0x0L,0x0L}},{{0x100C000008101L,0x80L,0x0L,0x0L,0x0L},{0x4F347E2BAC9D0AL,0x5313107131B2B6L,0x3696F8D5EFAE87L,0x6517014EFA0BABL,0x240120DBL}}}; -public static final long[][] CURVE_WB={{0x6140602080C080L,0x806080C08880C1L,0x2000L,0x0L,0x0L},{0xB53904088C4A85L,0xAD2FA352DC6C36L,0xDA436358868EDEL,0x300120L,0x0L},{0x5ADCB204464583L,0x5697D1A96E363BL,0x6D21B1AC43476FL,0x180090L,0x0L},{0x62412020814181L,0x806080C0888141L,0x2000L,0x0L,0x0L}}; -public static final long[][][] CURVE_BB={{{0x74F71E8D2FE08DL,0xD43492B2CB35FAL,0x3696F8D5F00E88L,0x6517014EFA0BABL,0x240120DBL},{0x74F71E8D2FE08CL,0xD43492B2CB35FAL,0x3696F8D5F00E88L,0x6517014EFA0BABL,0x240120DBL},{0x74F71E8D2FE08CL,0xD43492B2CB35FAL,0x3696F8D5F00E88L,0x6517014EFA0BABL,0x240120DBL},{0x100C000008102L,0x80L,0x0L,0x0L,0x0L}},{{0x100C000008101L,0x80L,0x0L,0x0L,0x0L},{0x74F71E8D2FE08CL,0xD43492B2CB35FAL,0x3696F8D5F00E88L,0x6517014EFA0BABL,0x240120DBL},{0x74F71E8D2FE08DL,0xD43492B2CB35FAL,0x3696F8D5F00E88L,0x6517014EFA0BABL,0x240120DBL},{0x74F71E8D2FE08CL,0xD43492B2CB35FAL,0x3696F8D5F00E88L,0x6517014EFA0BABL,0x240120DBL}},{{0x100C000008102L,0x80L,0x0L,0x0L,0x0L},{0x100C000008101L,0x80L,0x0L,0x0L,0x0L},{0x100C000008101L,0x80L,0x0L,0x0L,0x0L},{0x100C000008101L,0x80L,0x0L,0x0L,0x0L}},{{0x806000004082L,0x40L,0x0L,0x0L,0x0L},{0x2018000010202L,0x100L,0x0L,0x0L,0x0L},{0x7476BE8D2FA00AL,0xD43492B2CB35BAL,0x3696F8D5F00E88L,0x6517014EFA0BABL,0x240120DBL},{0x806000004082L,0x40L,0x0L ,0x0L,0x0L}}}; - -*/ - -// BNT2 Curve -/* - public static final int CURVETYPE=WEIERSTRASS; - public static final int CURVE_A = 0; - public static final long[] CURVE_B = {0x2L,0x0L,0x0L,0x0L,0x0L}; - public static final long[] CURVE_Order={0xFB71A511AA2BF5L,0x8DE127B73833D7L,0xF3B89D00021CFL,0x410F5AADB74E20L,0x24000482L}; - public static final long[] CURVE_Bnx={0x20100608205L,0x40L,0x0L,0x0L,0x0L}; - public static final long[] CURVE_Cru={0x5027444866BD33L,0x5B773016470EFBL,0xC3617BECF23675L,0x480006L,0x0L}; - public static final long[] CURVE_Fra={0xB268C973AEF062L,0xC69B33C3BCE492L,0xF67FA37F195BBCL,0x29E8CAB6BD0A41L,0x124E0B8DL}; - public static final long[] CURVE_Frb={0x736240B1B429L,0xCD48F52D196D56L,0x18BBE650E72612L,0x17268FF6FA43DEL,0x11B1F8F5L}; - public static final long[] CURVE_Pxa={0xCC92399F40A3C8L,0xCDA4E96611784AL,0x7B056961706B35L,0x9693C6318279D7L,0x16FC17CFL}; - public static final long[] CURVE_Pxb={0x557A8AD8549540L,0x6F7BE6F6510610L,0x565907A95D17DBL,0xBD5975909C8188L,0x1EB5B500L}; - public static final long[] CURVE_Pya={0x7BECC514220513L,0x4A78860E737B14L,0x51B83935F12684L,0x761422AA9D4DFAL,0x1E8EE498L}; - public static final long[] CURVE_Pyb={0xB9328F577CE78EL,0xB746E26FA5781FL,0xA93DBC1FB8E27EL,0xBAE33BDBA29D76L,0x23CEF4CDL}; - public static final long[] CURVE_Gx ={0xB2DC2BB460A48AL,0x93E428F0D651E8L,0xF3B89D00081CFL,0x410F5AADB74E20L,0x24000482L}; - public static final long[] CURVE_Gy ={0x1L,0x0L,0x0L,0x0L,0x0L}; - public static final long[][] CURVE_W={{0xB76282A1347083L,0x60301399E1D10L,0x6000L,0x0L,0x0L},{0x40200C10409L,0x80L,0x0L,0x0L,0x0L}}; - public static final long[][][] CURVE_SB={{{0xB76684A1F5748CL,0x60301399E1D90L,0x6000L,0x0L,0x0L},{0x40200C10409L,0x80L,0x0L,0x0L,0x0L}},{{0x40200C10409L,0x80L,0x0L,0x0L,0x0L},{0x440F227075BB72L,0x87DE267D9A16C7L,0xF3B89CFFFC1CFL,0x410F5AADB74E20L,0x24000482L}}}; - public static final long[][] CURVE_WB={{0x9272D48A70A224L,0x20100688A0945L,0x2000L,0x0L,0x0L},{0x5A572CF030EF19L,0x9651763543721DL,0x8240FD48A1B9A3L,0x300004L,0x0L},{0xAD2C96F848B88FL,0xCB28BB1AA1B92EL,0x41207EA450DCD1L,0x180002L,0x0L},{0x9276D68B31A62DL,0x20100688A09C5L,0x2000L,0x0L,0x0L}}; - public static final long[][][] CURVE_BB={{{0xFB6FA41149A9F1L,0x8DE127B7383397L,0xF3B89D00021CFL,0x410F5AADB74E20L,0x24000482L},{0xFB6FA41149A9F0L,0x8DE127B7383397L,0xF3B89D00021CFL,0x410F5AADB74E20L,0x24000482L},{0xFB6FA41149A9F0L,0x8DE127B7383397L,0xF3B89D00021CFL,0x410F5AADB74E20L,0x24000482L},{0x40200C1040AL,0x80L,0x0L,0x0L,0x0L}},{{0x40200C10409L,0x80L,0x0L,0x0L,0x0L},{0xFB6FA41149A9F0L,0x8DE127B7383397L,0xF3B89D00021CFL,0x410F5AADB74E20L,0x24000482L},{0xFB6FA41149A9F1L,0x8DE127B7383397L,0xF3B89D00021CFL,0x410F5AADB74E20L,0x24000482L},{0xFB6FA41149A9F0L,0x8DE127B7383397L,0xF3B89D00021CFL,0x410F5AADB74E20L,0x24000482L}},{{0x40200C1040AL,0x80L,0x0L,0x0L,0x0L},{0x40200C10409L,0x80L,0x0L,0x0L,0x0L},{0x40200C10409L,0x80L,0x0L,0x0L,0x0L},{0x40200C10409L,0x80L,0x0L,0x0L,0x0L}},{{0x20100608206L,0x40L,0x0L,0x0L,0x0L},{0x80401820812L,0x100L,0x0L,0x0L,0x0L},{0xFB6DA310E927EAL,0x8DE127B7383357L,0xF3B89D00021CFL,0x410F5AADB74E20L,0x24000482L},{0x20100608206L,0x40L,0x0L,0x0L,0x0L}}}; -*/ - -// BN Curve -/* -public static final int CURVETYPE=WEIERSTRASS; -public static final int CURVE_A = 0; -public static final long[] CURVE_B = {0x2L,0x0L,0x0L,0x0L,0x0L}; -public static final long[] CURVE_Order={0xDL,0x800000000010A1L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L}; -public static final long[] CURVE_Bnx={0x80000000000001L,0x40L,0x0L,0x0L,0x0L}; -public static final long[] CURVE_Cru={0x80000000000007L,0x6CDL,0x40000000024909L,0x49B362L,0x0L}; -public static final long[] CURVE_Fra={0x7DE6C06F2A6DE9L,0x74924D3F77C2E1L,0x50A846953F8509L,0x212E7C8CB6499BL,0x1B377619L}; -public static final long[] CURVE_Frb={0x82193F90D5922AL,0x8B6DB2C08850C5L,0x2F57B96AC8DC17L,0x1ED1837503EAB2L,0x9EBEE69L}; -public static final long[] CURVE_Pxa={0xAB2C7935FD0CB4L,0xE319E4FCC57C2BL,0x24F6DF763B05A5L,0xF55EA7EA335FB7L,0x95B04D4L}; -public static final long[] CURVE_Pxb={0xA07D0790962455L,0x86BE3D27AA5E38L,0x89E05747F39D6DL,0xC08347B49D42BFL,0x5D4D8A7L}; -public static final long[] CURVE_Pya={0xADCE687A08A46CL,0x2B30E98A4191F9L,0x4C3784B1F16908L,0x25E5313FA16D1CL,0xABF2ABFL}; -public static final long[] CURVE_Pyb={0xDF88D405F306ECL,0x82076ADD13A0E6L,0x1E47819D6A5C04L,0xE679DABDB38627L,0x18769A87L}; -public static final long[] CURVE_Gx ={0x12L,0x13A7L,0x80000000086121L,0x40000001BA344DL,0x25236482L}; -public static final long[] CURVE_Gy ={0x1L,0x0L,0x0L,0x0L,0x0L}; -public static final long[][] CURVE_W={{0x3L,0x80000000000204L,0x6181L,0x0L,0x0L},{0x1L,0x81L,0x0L,0x0L,0x0L}}; -public static final long[][][] CURVE_SB={{{0x4L,0x80000000000285L,0x6181L,0x0L,0x0L},{0x1L,0x81L,0x0L,0x0L,0x0L}},{{0x1L,0x81L,0x0L,0x0L,0x0L},{0xAL,0xE9DL,0x80000000079E1EL,0x40000001BA344DL,0x25236482L}}}; -public static final long[][] CURVE_WB={{0x80000000000000L,0x80000000000040L,0x2080L,0x0L,0x0L},{0x80000000000005L,0x54AL,0x8000000001C707L,0x312241L,0x0L},{0x80000000000003L,0x800000000002C5L,0xC000000000E383L,0x189120L,0x0L},{0x80000000000001L,0x800000000000C1L,0x2080L,0x0L,0x0L}}; -public static final long[][][] CURVE_BB={{{0x8000000000000DL,0x80000000001060L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L},{0x8000000000000CL,0x80000000001060L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L},{0x8000000000000CL,0x80000000001060L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L},{0x2L,0x81L,0x0L,0x0L,0x0L}},{{0x1L,0x81L,0x0L,0x0L,0x0L},{0x8000000000000CL,0x80000000001060L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L},{0x8000000000000DL,0x80000000001060L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L},{0x8000000000000CL,0x80000000001060L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L}},{{0x2L,0x81L,0x0L,0x0L,0x0L},{0x1L,0x81L,0x0L,0x0L,0x0L},{0x1L,0x81L,0x0L,0x0L,0x0L},{0x1L,0x81L,0x0L,0x0L,0x0L}},{{0x80000000000002L,0x40L,0x0L,0x0L,0x0L},{0x2L,0x102L,0x0L,0x0L,0x0L},{0xAL,0x80000000001020L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L},{0x80000000000002L,0x40L,0x0L,0x0L,0x0L}}}; - -*/ - -// public static boolean debug=false; - -} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/RSA.java ---------------------------------------------------------------------- diff --git a/java64/RSA.java b/java64/RSA.java deleted file mode 100755 index 4ce597c..0000000 --- a/java64/RSA.java +++ /dev/null @@ -1,319 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -/* RSA API high-level functions */ - -final class rsa_private_key -{ - public FF p,q,dp,dq,c; - - public rsa_private_key(int n) - { - p=new FF(n); - q=new FF(n); - dp=new FF(n); - dq=new FF(n); - c=new FF(n); - } -} - -final class rsa_public_key -{ - public int e; - public FF n; - - public rsa_public_key(int m) - { - e=0; - n=new FF(m); - } -} - -public final class RSA { - - public static final int RFS=ROM.MODBYTES*ROM.FFLEN; - -/* generate an RSA key pair */ - - public static void KEY_PAIR(RAND rng,int e,rsa_private_key PRIV,rsa_public_key PUB) - { /* IEEE1363 A16.11/A16.12 more or less */ - int n=PUB.n.getlen()/2; - FF t = new FF(n); - FF p1=new FF(n); - FF q1=new FF(n); - - for (;;) - { - - PRIV.p.random(rng); - while (PRIV.p.lastbits(2)!=3) PRIV.p.inc(1); - while (!FF.prime(PRIV.p,rng)) - PRIV.p.inc(4); - - p1.copy(PRIV.p); - p1.dec(1); - - if (p1.cfactor(e)) continue; - break; - } - - for (;;) - { - PRIV.q.random(rng); - while (PRIV.q.lastbits(2)!=3) PRIV.q.inc(1); - while (!FF.prime(PRIV.q,rng)) - PRIV.q.inc(4); - - q1.copy(PRIV.q); - q1.dec(1); - - if (q1.cfactor(e)) continue; - - break; - } - - PUB.n=FF.mul(PRIV.p,PRIV.q); - PUB.e=e; - - t.copy(p1); - t.shr(); - PRIV.dp.set(e); - PRIV.dp.invmodp(t); - if (PRIV.dp.parity()==0) PRIV.dp.add(t); - PRIV.dp.norm(); - - t.copy(q1); - t.shr(); - PRIV.dq.set(e); - PRIV.dq.invmodp(t); - if (PRIV.dq.parity()==0) PRIV.dq.add(t); - PRIV.dq.norm(); - - PRIV.c.copy(PRIV.p); - PRIV.c.invmodp(PRIV.q); - - return; - } - -/* Mask Generation Function */ - - public static void MGF1(byte[] Z,int olen,byte[] K) - { - HASH H=new HASH(); - int hlen=HASH.len; - byte[] B=new byte[hlen]; - - int counter,cthreshold,k=0; - for (int i=0;i<K.length;i++) K[i]=0; - - cthreshold=olen/hlen; if (olen%hlen!=0) cthreshold++; - for (counter=0;counter<cthreshold;counter++) - { - H.process_array(Z); H.process_num(counter); - B=H.hash(); - - if (k+hlen>olen) for (int i=0;i<olen%hlen;i++) K[k++]=B[i]; - else for (int i=0;i<hlen;i++) K[k++]=B[i]; - } - } - - public static void printBinary(byte[] array) - { - int i; - for (i=0;i<array.length;i++) - { - System.out.printf("%02x", array[i]); - } - System.out.println(); - } - - /* OAEP Message Encoding for Encryption */ - public static byte[] OAEP_ENCODE(byte[] m,RAND rng,byte[] p) - { - int i,slen,olen=RFS-1; - int mlen=m.length; - int hlen,seedlen; - byte[] f=new byte[RFS]; - - HASH H=new HASH(); - hlen=HASH.len; - byte[] SEED=new byte[hlen]; - seedlen=hlen; - if (mlen>olen-hlen-seedlen-1) return new byte[0]; - - byte[] DBMASK=new byte[olen-seedlen]; - - if (p!=null) H.process_array(p); - byte[] h=H.hash(); - for (i=0;i<hlen;i++) f[i]=h[i]; - - slen=olen-mlen-hlen-seedlen-1; - - for (i=0;i<slen;i++) f[hlen+i]=0; - f[hlen+slen]=1; - for (i=0;i<mlen;i++) f[hlen+slen+1+i]=m[i]; - - for (i=0;i<seedlen;i++) SEED[i]=(byte)rng.getByte(); - MGF1(SEED,olen-seedlen,DBMASK); - - for (i=0;i<olen-seedlen;i++) DBMASK[i]^=f[i]; - MGF1(DBMASK,seedlen,f); - - for (i=0;i<seedlen;i++) f[i]^=SEED[i]; - - for (i=0;i<olen-seedlen;i++) f[i+seedlen]=DBMASK[i]; - - /* pad to length RFS */ - int d=1; - for (i=RFS-1;i>=d;i--) - f[i]=f[i-d]; - for (i=d-1;i>=0;i--) - f[i]=0; - - return f; - } - - /* OAEP Message Decoding for Decryption */ - public static byte[] OAEP_DECODE(byte[] p,byte[] f) - { - int x,t; - boolean comp; - int i,k,olen=RFS-1; - int hlen,seedlen; - - HASH H=new HASH(); - hlen=HASH.len; - byte[] SEED=new byte[hlen]; - seedlen=hlen; - byte[] CHASH=new byte[hlen]; - - if (olen<seedlen+hlen+1) return new byte[0]; - byte[] DBMASK=new byte[olen-seedlen]; - for (i=0;i<olen-seedlen;i++) DBMASK[i]=0; - - if (f.length<RFS) - { - int d=RFS-f.length; - for (i=RFS-1;i>=d;i--) - f[i]=f[i-d]; - for (i=d-1;i>=0;i--) - f[i]=0; - - } - - if (p!=null) H.process_array(p); - byte[] h=H.hash(); - for (i=0;i<hlen;i++) CHASH[i]=h[i]; - - x=f[0]; - - for (i=seedlen;i<olen;i++) - DBMASK[i-seedlen]=f[i+1]; - - MGF1(DBMASK,seedlen,SEED); - for (i=0;i<seedlen;i++) SEED[i]^=f[i+1]; - MGF1(SEED,olen-seedlen,f); - for (i=0;i<olen-seedlen;i++) DBMASK[i]^=f[i]; - - comp=true; - for (i=0;i<hlen;i++) - { - if (CHASH[i]!=DBMASK[i]) comp=false; - } - - for (i=0;i<olen-seedlen-hlen;i++) - DBMASK[i]=DBMASK[i+hlen]; - - for (i=0;i<hlen;i++) - SEED[i]=CHASH[i]=0; - - for (k=0;;k++) - { - if (k>=olen-seedlen-hlen) return new byte[0]; - if (DBMASK[k]!=0) break; - } - - t=DBMASK[k]; - if (!comp || x!=0 || t!=0x01) - { - for (i=0;i<olen-seedlen;i++) DBMASK[i]=0; - return new byte[0]; - } - - byte[] r=new byte[olen-seedlen-hlen-k-1]; - - for (i=0;i<olen-seedlen-hlen-k-1;i++) - r[i]=DBMASK[i+k+1]; - - for (i=0;i<olen-seedlen;i++) DBMASK[i]=0; - - return r; - } - - /* destroy the Private Key structure */ - public static void PRIVATE_KEY_KILL(rsa_private_key PRIV) - { - PRIV.p.zero(); - PRIV.q.zero(); - PRIV.dp.zero(); - PRIV.dq.zero(); - PRIV.c.zero(); - } - - /* RSA encryption with the public key */ - public static void ENCRYPT(rsa_public_key PUB,byte[] F,byte[] G) - { - int n=PUB.n.getlen(); - FF f=new FF(n); - - FF.fromBytes(f,F); - f.power(PUB.e,PUB.n); - f.toBytes(G); - } - - /* RSA decryption with the private key */ - public static void DECRYPT(rsa_private_key PRIV,byte[] G,byte[] F) - { - int n=PRIV.p.getlen(); - FF g=new FF(2*n); - - FF.fromBytes(g,G); - FF jp=g.dmod(PRIV.p); - FF jq=g.dmod(PRIV.q); - - jp.skpow(PRIV.dp,PRIV.p); - jq.skpow(PRIV.dq,PRIV.q); - - g.zero(); - g.dscopy(jp); - jp.mod(PRIV.q); - if (FF.comp(jp,jq)>0) jq.add(PRIV.q); - jq.sub(jp); - jq.norm(); - - FF t=FF.mul(PRIV.c,jq); - jq=t.dmod(PRIV.q); - - t=FF.mul(jq,PRIV.p); - g.add(t); - g.norm(); - - g.toBytes(F); - } -} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/TestECDH.java ---------------------------------------------------------------------- diff --git a/java64/TestECDH.java b/java64/TestECDH.java deleted file mode 100755 index 3027f12..0000000 --- a/java64/TestECDH.java +++ /dev/null @@ -1,175 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -/* test driver and function exerciser for ECDH/ECIES/ECDSA API Functions */ - -public class TestECDH -{ - public static void printBinary(byte[] array) - { - int i; - for (i=0;i<array.length;i++) - { - System.out.printf("%02x", array[i]); - } - System.out.println(); - } - - public static void main(String[] args) - { - int i,j=0,res; - int result; - String pp=new String("M0ng00se"); - - int EGS=ECDH.EGS; - int EFS=ECDH.EFS; - int EAS=AES.KS; - - byte[] S1=new byte[EGS]; - byte[] W0=new byte[2*EFS+1]; - byte[] W1=new byte[2*EFS+1]; - byte[] Z0=new byte[EFS]; - byte[] Z1=new byte[EFS]; - byte[] RAW=new byte[100]; - byte[] SALT=new byte[8]; - byte[] P1=new byte[3]; - byte[] P2=new byte[4]; - byte[] V=new byte[2*EFS+1]; - byte[] M=new byte[17]; - byte[] T=new byte[12]; - byte[] CS=new byte[EGS]; - byte[] DS=new byte[EGS]; - - RAND rng=new RAND(); - - rng.clean(); - for (i=0;i<100;i++) RAW[i]=(byte)(i); - - rng.seed(100,RAW); - -//for (j=0;j<100;j++) -//{ - - for (i=0;i<8;i++) SALT[i]=(byte)(i+1); // set Salt - - System.out.println("Alice's Passphrase= "+pp); - byte[] PW=pp.getBytes(); - -/* private key S0 of size EGS bytes derived from Password and Salt */ - - byte[] S0=ECDH.PBKDF2(PW,SALT,1000,EGS); - - System.out.print("Alice's private key= 0x"); - printBinary(S0); - -/* Generate Key pair S/W */ - ECDH.KEY_PAIR_GENERATE(null,S0,W0); - - System.out.print("Alice's public key= 0x"); - printBinary(W0); - - res=ECDH.PUBLIC_KEY_VALIDATE(true,W0); - if (res!=0) - { - System.out.println("ECP Public Key is invalid!\n"); - return; - } -/* Random private key for other party */ - ECDH.KEY_PAIR_GENERATE(rng,S1,W1); - - System.out.print("Servers private key= 0x"); - printBinary(S1); - - System.out.print("Servers public key= 0x"); - printBinary(W1); - - - res=ECDH.PUBLIC_KEY_VALIDATE(true,W1); - if (res!=0) - { - System.out.print("ECP Public Key is invalid!\n"); - return; - } - -/* Calculate common key using DH - IEEE 1363 method */ - - ECDH.ECPSVDP_DH(S0,W1,Z0); - ECDH.ECPSVDP_DH(S1,W0,Z1); - - boolean same=true; - for (i=0;i<EFS;i++) - if (Z0[i]!=Z1[i]) same=false; - - if (!same) - { - System.out.println("*** ECPSVDP-DH Failed"); - return; - } - - byte[] KEY=ECDH.KDF1(Z0,EAS); - - System.out.print("Alice's DH Key= 0x"); printBinary(KEY); - System.out.print("Servers DH Key= 0x"); printBinary(KEY); - - System.out.println("Testing ECIES"); - - P1[0]=0x0; P1[1]=0x1; P1[2]=0x2; - P2[0]=0x0; P2[1]=0x1; P2[2]=0x2; P2[3]=0x3; - - for (i=0;i<=16;i++) M[i]=(byte)i; - - byte[] C=ECDH.ECIES_ENCRYPT(P1,P2,rng,W1,M,V,T); - - System.out.println("Ciphertext= "); - System.out.print("V= 0x"); printBinary(V); - System.out.print("C= 0x"); printBinary(C); - System.out.print("T= 0x"); printBinary(T); - - - M=ECDH.ECIES_DECRYPT(P1,P2,V,C,T,S1); - if (M.length==0) - { - System.out.println("*** ECIES Decryption Failed\n"); - return; - } - else System.out.println("Decryption succeeded"); - - System.out.print("Message is 0x"); printBinary(M); - - System.out.println("Testing ECDSA"); - - if (ECDH.ECPSP_DSA(rng,S0,M,CS,DS)!=0) - { - System.out.println("***ECDSA Signature Failed"); - return; - } - System.out.println("Signature= "); - System.out.print("C= 0x"); printBinary(CS); - System.out.print("D= 0x"); printBinary(DS); - - if (ECDH.ECPVP_DSA(W0,M,CS,DS)!=0) - { - System.out.println("***ECDSA Verification Failed"); - return; - } - else System.out.println("ECDSA Signature/Verification succeeded "+j); -//} -//System.out.println("Test Completed Successfully"); - } -} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/TestECM.java ---------------------------------------------------------------------- diff --git a/java64/TestECM.java b/java64/TestECM.java deleted file mode 100755 index b0a07a1..0000000 --- a/java64/TestECM.java +++ /dev/null @@ -1,126 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -/* test driver and function exerciser for ECDH API Function only - for use with Montgomery curves */ - -public class TestECM -{ - public static void printBinary(byte[] array) - { - int i; - for (i=0;i<array.length;i++) - { - System.out.printf("%02x", array[i]); - } - System.out.println(); - } - - public static void main(String[] args) - { - int i,j=0,res; - int result; - String pp=new String("M0ng00se"); - - int EGS=ECDH.EGS; - int EFS=ECDH.EFS; - int EAS=AES.KS; - - byte[] S1=new byte[EGS]; - byte[] W0=new byte[2*EFS+1]; - byte[] W1=new byte[2*EFS+1]; - byte[] Z0=new byte[EFS]; - byte[] Z1=new byte[EFS]; - byte[] RAW=new byte[100]; - byte[] SALT=new byte[8]; - - RAND rng=new RAND(); - - rng.clean(); - for (i=0;i<100;i++) RAW[i]=(byte)(i); - - rng.seed(100,RAW); - -//for (j=0;j<100;j++) -//{ - - for (i=0;i<8;i++) SALT[i]=(byte)(i+1); // set Salt - - System.out.println("Alice's Passphrase= "+pp); - byte[] PW=pp.getBytes(); - -/* private key S0 of size EGS bytes derived from Password and Salt */ - - byte[] S0=ECDH.PBKDF2(PW,SALT,1000,EGS); - - System.out.print("Alice's private key= 0x"); - printBinary(S0); - -/* Generate Key pair S/W */ - ECDH.KEY_PAIR_GENERATE(null,S0,W0); - - System.out.print("Alice's public key= 0x"); - printBinary(W0); - - res=ECDH.PUBLIC_KEY_VALIDATE(true,W0); - if (res!=0) - { - System.out.println("Alice's public Key is invalid!\n"); - return; - } -/* Random private key for other party */ - ECDH.KEY_PAIR_GENERATE(rng,S1,W1); - - System.out.print("Servers private key= 0x"); - printBinary(S1); - - System.out.print("Servers public key= 0x"); - printBinary(W1); - - - res=ECDH.PUBLIC_KEY_VALIDATE(true,W1); - if (res!=0) - { - System.out.print("Server's public Key is invalid!\n"); - return; - } - -/* Calculate common key using DH - IEEE 1363 method */ - - ECDH.ECPSVDP_DH(S0,W1,Z0); - ECDH.ECPSVDP_DH(S1,W0,Z1); - - boolean same=true; - for (i=0;i<EFS;i++) - if (Z0[i]!=Z1[i]) same=false; - - if (!same) - { - System.out.println("*** ECPSVDP-DH Failed"); - return; - } - - byte[] KEY=ECDH.KDF1(Z0,EAS); - - System.out.print("Alice's DH Key= 0x"); printBinary(KEY); - System.out.print("Servers DH Key= 0x"); printBinary(KEY); - -//} -//System.out.println("Test Completed Successfully"); - } -} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/TestMPIN.java ---------------------------------------------------------------------- diff --git a/java64/TestMPIN.java b/java64/TestMPIN.java deleted file mode 100755 index f883a57..0000000 --- a/java64/TestMPIN.java +++ /dev/null @@ -1,263 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -/* test driver and function exerciser for MPIN API Functions */ - -import java.util.Date; -import java.util.Scanner; - -public class TestMPIN -{ - static boolean PERMITS=true; - static boolean PINERROR=true; - static boolean FULL=true; - static boolean SINGLE_PASS=false; - - static void printBinary(byte[] array) - { - int i; - for (i=0;i<array.length;i++) - { - System.out.printf("%02x", array[i]); - } - System.out.println(); - } - - public static void main(String[] args) { - RAND rng=new RAND(); - byte[] raw=new byte[100]; - for (int i=0;i<100;i++) raw[i]=(byte)(i+1); - rng.seed(100,raw); - - int EGS=MPIN.EGS; - int EFS=MPIN.EFS; - int G1S=2*EFS+1; /* Group 1 Size */ - int G2S=4*EFS; /* Group 2 Size */ - int EAS=16; - - byte[] S=new byte[EGS]; - byte[] SST = new byte[G2S]; - byte[] TOKEN = new byte[G1S]; - byte[] PERMIT = new byte[G1S]; - byte[] SEC = new byte[G1S]; - byte[] xID = new byte[G1S]; - byte[] xCID = new byte[G1S]; - byte[] X= new byte[EGS]; - byte[] Y= new byte[EGS]; - byte[] E=new byte[12*EFS]; - byte[] F=new byte[12*EFS]; - byte[] HID=new byte[G1S]; - byte[] HTID=new byte[G1S]; - - byte[] G1=new byte[12*EFS]; - byte[] G2=new byte[12*EFS]; - byte[] R=new byte[EGS]; - byte[] Z=new byte[G1S]; - byte[] W=new byte[EGS]; - byte[] T=new byte[G1S]; - byte[] CK=new byte[EAS]; - byte[] SK=new byte[EAS]; - -/* Trusted Authority set-up */ - - MPIN.RANDOM_GENERATE(rng,S); - System.out.print("Master Secret s: 0x"); printBinary(S); - - /* Create Client Identity */ - String IDstr = "[email protected]"; - byte[] CLIENT_ID = IDstr.getBytes(); - - byte[] HCID=MPIN.HASH_ID(CLIENT_ID); /* Either Client or TA calculates Hash(ID) - you decide! */ - - System.out.print("Client ID= "); printBinary(CLIENT_ID); - -/* Client and Server are issued secrets by DTA */ - MPIN.GET_SERVER_SECRET(S,SST); - System.out.print("Server Secret SS: 0x"); printBinary(SST); - - MPIN.GET_CLIENT_SECRET(S,HCID,TOKEN); - System.out.print("Client Secret CS: 0x"); - printBinary(TOKEN); - -/* Client extracts PIN from secret to create Token */ - int pin=1234; - System.out.println("Client extracts PIN= "+pin); - int rtn=MPIN.EXTRACT_PIN(CLIENT_ID,pin,TOKEN); - if (rtn != 0) - System.out.println("FAILURE: EXTRACT_PIN rtn: " + rtn); - - System.out.print("Client Token TK: 0x"); - printBinary(TOKEN); - - if (FULL) - { - MPIN.PRECOMPUTE(TOKEN,HCID,G1,G2); - } - int date; - if (PERMITS) - { - date=MPIN.today(); - System.out.println("Date= "+date); -/* Client gets "Time Token" permit from DTA */ - MPIN.GET_CLIENT_PERMIT(date,S,HCID,PERMIT); - System.out.print("Time Permit TP: 0x"); printBinary(PERMIT); - -/* This encoding makes Time permit look random - Elligator squared */ - MPIN.ENCODING(rng,PERMIT); - System.out.print("Encoded Time Permit TP: 0x"); printBinary(PERMIT); - MPIN.DECODING(PERMIT); - System.out.print("Decoded Time Permit TP: 0x"); printBinary(PERMIT); - } - else date=0; - - System.out.print("\nPIN= "); - Scanner scan=new Scanner(System.in); - pin=scan.nextInt(); - -/* Set date=0 and PERMIT=null if time permits not in use - -Client First pass: Inputs CLIENT_ID, optional RNG, pin, TOKEN and PERMIT. Output xID =x .H(CLIENT_ID) and re-combined secret SEC -If PERMITS are is use, then date!=0 and PERMIT is added to secret and xCID = x.(H(CLIENT_ID)+H(date|H(CLIENT_ID))) -Random value x is supplied externally if RNG=null, otherwise generated and passed out by RNG - -IMPORTANT: To save space and time.. -If Time Permits OFF set xCID = null, HTID=null and use xID and HID only -If Time permits are ON, AND pin error detection is required then all of xID, xCID, HID and HTID are required -If Time permits are ON, AND pin error detection is NOT required, set xID=null, HID=null and use xCID and HTID only. - - -*/ - - byte[] pxID=xID; - byte[] pxCID=xCID; - byte[] pHID=HID; - byte[] pHTID=HTID; - byte[] pE=E; - byte[] pF=F; - byte[] pPERMIT=PERMIT; - byte[] prHID; - - if (date!=0) - { - - prHID=pHTID; - if (!PINERROR) - { - pxID=null; - pHID=null; - } - } - else - { - prHID=pHID; - pPERMIT=null; - pxCID=null; - pHTID=null; - } - if (!PINERROR) - { - pE=null; - pF=null; - } - - if (SINGLE_PASS) - { - System.out.println("MPIN Single Pass"); - int timeValue = MPIN.GET_TIME(); - rtn=MPIN.CLIENT(date,CLIENT_ID,rng,X,pin,TOKEN,SEC,pxID,pxCID,pPERMIT,timeValue,Y); - if (rtn != 0) - System.out.println("FAILURE: CLIENT rtn: " + rtn); - - if (FULL) - { - HCID=MPIN.HASH_ID(CLIENT_ID); - MPIN.GET_G1_MULTIPLE(rng,1,R,HCID,Z); /* Also Send Z=r.ID to Server, remember random r */ - } - - rtn=MPIN.SERVER(date,pHID,pHTID,Y,SST,pxID,pxCID,SEC,pE,pF,CLIENT_ID,timeValue); - if (rtn != 0) - System.out.println("FAILURE: SERVER rtn: " + rtn); - - if (FULL) - { - MPIN.GET_G1_MULTIPLE(rng,0,W,prHID,T); /* Also send T=w.ID to client, remember random w */ - } - } - else - { - System.out.println("MPIN Multi Pass"); - /* Send U=x.ID to server, and recreate secret from token and pin */ - rtn=MPIN.CLIENT_1(date,CLIENT_ID,rng,X,pin,TOKEN,SEC,pxID,pxCID,pPERMIT); - if (rtn != 0) - System.out.println("FAILURE: CLIENT_1 rtn: " + rtn); - - if (FULL) - { - HCID=MPIN.HASH_ID(CLIENT_ID); - MPIN.GET_G1_MULTIPLE(rng,1,R,HCID,Z); /* Also Send Z=r.ID to Server, remember random r */ - } - - /* Server calculates H(ID) and H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. */ - MPIN.SERVER_1(date,CLIENT_ID,pHID,pHTID); - - /* Server generates Random number Y and sends it to Client */ - MPIN.RANDOM_GENERATE(rng,Y); - - if (FULL) - { - MPIN.GET_G1_MULTIPLE(rng,0,W,prHID,T); /* Also send T=w.ID to client, remember random w */ - } - - /* Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC */ - rtn=MPIN.CLIENT_2(X,Y,SEC); - if (rtn != 0) - System.out.println("FAILURE: CLIENT_2 rtn: " + rtn); - - /* Server Second pass. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error. */ - /* If PIN error not required, set E and F = null */ - - rtn=MPIN.SERVER_2(date,pHID,pHTID,Y,SST,pxID,pxCID,SEC,pE,pF); - - if (rtn != 0) - System.out.println("FAILURE: SERVER_1 rtn: " + rtn); - } - - if (rtn == MPIN.BAD_PIN) - { - System.out.println("Server says - Bad Pin. I don't know you. Feck off.\n"); - if (PINERROR) - { - int err=MPIN.KANGAROO(E,F); - if (err!=0) System.out.format("(Client PIN is out by %d)\n",err); - } - return; - } - else System.out.println("Server says - PIN is good! You really are "+IDstr); - - - if (FULL) - { - MPIN.CLIENT_KEY(G1,G2,pin,R,X,T,CK); - System.out.print("Client Key = 0x"); printBinary(CK); - - MPIN.SERVER_KEY(Z,SST,W,pxID,pxCID,SK); - System.out.print("Server Key = 0x"); printBinary(SK); - } - } -} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/TestRSA.java ---------------------------------------------------------------------- diff --git a/java64/TestRSA.java b/java64/TestRSA.java deleted file mode 100755 index 2c30155..0000000 --- a/java64/TestRSA.java +++ /dev/null @@ -1,66 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -/* test driver and function exerciser for RSA API Functions */ - -public class TestRSA -{ - - public static void main(String[] args) - { - int i; - int RFS=RSA.RFS; - - String message="Hello World\n"; - - rsa_public_key pub=new rsa_public_key(ROM.FFLEN); - rsa_private_key priv=new rsa_private_key(ROM.HFLEN); - - byte[] ML=new byte[RFS]; - byte[] C=new byte[RFS]; - byte[] RAW=new byte[100]; - - RAND rng=new RAND(); - - rng.clean(); - for (i=0;i<100;i++) RAW[i]=(byte)(i); - - rng.seed(100,RAW); -//for (i=0;i<10;i++) -//{ - System.out.println("Generating public/private key pair"); - RSA.KEY_PAIR(rng,65537,priv,pub); - - byte[] M=message.getBytes(); - System.out.print("Encrypting test string\n"); - byte[] E=RSA.OAEP_ENCODE(M,rng,null); /* OAEP encode message M to E */ - - RSA.ENCRYPT(pub,E,C); /* encrypt encoded message */ - System.out.print("Ciphertext= 0x"); RSA.printBinary(C); - - System.out.print("Decrypting test string\n"); - RSA.DECRYPT(priv,C,ML); - byte[] MS=RSA.OAEP_DECODE(null,ML); /* OAEP decode message */ - - message=new String(MS); - System.out.print(message); -//} - RSA.PRIVATE_KEY_KILL(priv); - } -} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/readme.txt ---------------------------------------------------------------------- diff --git a/java64/readme.txt b/java64/readme.txt deleted file mode 100644 index c4bd115..0000000 --- a/java64/readme.txt +++ /dev/null @@ -1,32 +0,0 @@ -AMCL is very simple to build for Java. This version is optimal for a 64-bit -Virtual Machine. - -First - decide the modulus type and curve type you want to use. Edit ROM.java -where indicated. You might want to use one of the curves whose details are -already in there. - -Three example API files are provided, MPIN.java which -supports our M-Pin (tm) protocol, ECDH.java which supports elliptic -curve key exchange, digital signature and public key crypto, and RSA.java -which supports the RSA method. The first can be tested using the -TestMPIN.java driver programs, the second can be tested using TestECDH.java -and TestECM.java, and the third with TestRSA.java - -In the ROM.java file you must provide the curve constants. Several examples -are provided there, if you are willing to use one of these. - -To help generate the ROM constants for your own curve some MIRACL helper -programs are included. The program bngen.cpp generates the ROM details for a -BN curve, and the program ecgen.cpp generates the ROM for EC curves. - -The program bigtobig.cpp converts a big number to the AMCL -BIG format. - -Don't forget to delete all .class files before rebuilding projects. - -For a quick jumpstart:- - -del *.class -javac TestMPIN.java -java TestMPIN -
