http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_25519.c ---------------------------------------------------------------------- diff --git a/src/rom_field_25519.c b/src/rom_field_25519.c new file mode 100644 index 0000000..08221dc --- /dev/null +++ b/src/rom_field_25519.c @@ -0,0 +1,25 @@ +#include "arch.h" +#include "fp_25519.h" + +/* Curve 25519 */ + +#if CHUNK==16 +// Base Bits= 13 +const BIG_256_13 Modulus_25519= {0x1FED,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0xFF}; +const BIG_256_13 R2modp_25519= {0x400,0x2D,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; +const chunk MConst_25519= 0x13; +#endif + +#if CHUNK==32 +// Base Bits= 29 +const BIG_256_29 Modulus_25519= {0x1FFFFFED,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFFF}; +const BIG_256_29 R2modp_25519= {0x169000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; +const chunk MConst_25519= 0x13; +#endif + +#if CHUNK==64 +// Base Bits= 56 +const BIG_256_56 Modulus_25519= {0xFFFFFFFFFFFFEDL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0x7FFFFFFFL}; +const BIG_256_56 R2modp_25519= {0xA4000000000000L,0x5L,0x0L,0x0L,0x0L}; +const chunk MConst_25519= 0x13L; +#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_256PME.c ---------------------------------------------------------------------- diff --git a/src/rom_field_256PME.c b/src/rom_field_256PME.c new file mode 100644 index 0000000..49c3705 --- /dev/null +++ b/src/rom_field_256PME.c @@ -0,0 +1,25 @@ +#include "arch.h" +#include "fp_256PME.h" + +/* NUMS 256-bit modulus */ + +#if CHUNK==16 +// Base Bits= 13 +const BIG_256_13 Modulus_256PME= {0x1F43,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FF}; +const BIG_256_13 R2modp_256PME= {0x900,0x45C,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; +const chunk MConst_256PME= 0xBD; +#endif + +#if CHUNK==32 +// Base Bits= 29 +const BIG_256_29 Modulus_256PME= {0x1FFFFF43,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFFFFFF}; +const BIG_256_29 R2modp_256PME= {0x22E2400,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; +const chunk MConst_256PME= 0xBD; +#endif + +#if CHUNK==64 +// Base Bits= 56 +const BIG_256_56 Modulus_256PME= {0xFFFFFFFFFFFF43L,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFL}; +const BIG_256_56 R2modp_256PME= {0x89000000000000L,0x8BL,0x0L,0x0L,0x0L}; +const chunk MConst_256PME= 0xBDL; +#endif http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_256PMW.c ---------------------------------------------------------------------- diff --git a/src/rom_field_256PMW.c b/src/rom_field_256PMW.c new file mode 100644 index 0000000..b4c46a2 --- /dev/null +++ b/src/rom_field_256PMW.c @@ -0,0 +1,24 @@ +#include "arch.h" +#include "fp_256PMW.h" + +/* NUMS 256-bit modulus */ + +#if CHUNK==16 + +#error Not supported + +#endif + +#if CHUNK==32 +// Base Bits= 28 +const BIG_256_28 Modulus_256PMW= {0xFFFFF43,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xF}; +const BIG_256_28 R2modp_256PMW= {0x0,0x8900000,0x8B,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; +const chunk MConst_256PMW= 0xBD; +#endif + +#if CHUNK==64 +// Base Bits= 56 +const BIG_256_56 Modulus_256PMW= {0xFFFFFFFFFFFF43L,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFL}; +const BIG_256_56 R2modp_256PMW= {0x89000000000000L,0x8BL,0x0L,0x0L,0x0L}; +const chunk MConst_256PMW= 0xBDL; +#endif http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_384PM.c ---------------------------------------------------------------------- diff --git a/src/rom_field_384PM.c b/src/rom_field_384PM.c new file mode 100644 index 0000000..a9b79c9 --- /dev/null +++ b/src/rom_field_384PM.c @@ -0,0 +1,24 @@ +#include "arch.h" +#include "fp_384PM.h" + +/* NUMS 384-bit modulus */ + +#if CHUNK==16 + +#error Not supported + +#endif + +#if CHUNK==32 +// Base Bits= 29 +const BIG_384_29 Modulus_384PM= {0x1FFFFEC3,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7F}; +const BIG_384_29 R2modp_384PM= {0x0,0x4448000,0x6,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; +const chunk MConst_384PM= 0x13D; +#endif + +#if CHUNK==64 +// Base Bits= 56 +const BIG_384_56 Modulus_384PM= {0xFFFFFFFFFFFEC3L,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFL}; +const BIG_384_56 R2modp_384PM= {0x188890000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}; +const chunk MConst_384PM= 0x13DL; +#endif http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_512PM.c ---------------------------------------------------------------------- diff --git a/src/rom_field_512PM.c b/src/rom_field_512PM.c new file mode 100644 index 0000000..cbbbf29 --- /dev/null +++ b/src/rom_field_512PM.c @@ -0,0 +1,24 @@ +#include "arch.h" +#include "fp_512PM.h" + +/* NUMS 512-bit modulus */ + +#if CHUNK==16 + +#error Not supported + +#endif + +#if CHUNK==32 +// Base Bits= 29 +const BIG_512_29 Modulus_512PM= {0x1FFFFDC7,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFF}; +const BIG_512_29 R2modp_512PM= {0xB100000,0x278,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; +const chunk MConst_512PM= 0x239; +#endif + +#if CHUNK==64 +// Base Bits= 56 +const BIG_512_56 Modulus_512PM= {0xFFFFFFFFFFFDC7L,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFL}; +const BIG_512_56 R2modp_512PM= {0x0L,0xF0B10000000000L,0x4L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}; +const chunk MConst_512PM= 0x239L; +#endif http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_ANSSI.c ---------------------------------------------------------------------- diff --git a/src/rom_field_ANSSI.c b/src/rom_field_ANSSI.c new file mode 100644 index 0000000..64aabc0 --- /dev/null +++ b/src/rom_field_ANSSI.c @@ -0,0 +1,24 @@ +#include "arch.h" +#include "fp_ANSSI.h" + +/* ANNSI Curve */ + +#if CHUNK==16 + +#error Not supported + +#endif + +#if CHUNK==32 +// Base Bits= 28 +const BIG_256_28 Modulus_ANSSI= {0x86E9C03,0xFCF353D,0x8CA6DE8,0xADBCABC,0x35B3961,0xE8CE424,0xF10126D,0xB3AD58,0x1FD178C,0xF}; +const BIG_256_28 R2modp_ANSSI= {0x288CC9C,0x18D2374,0x646BD2B,0x4929E67,0xD6F7F2D,0x220E6C1,0xABCE02E,0x751B1FD,0x7401B78,0xE}; +const chunk MConst_ANSSI= 0x64E1155; +#endif + +#if CHUNK==64 +// Base Bits= 56 +const BIG_256_56 Modulus_ANSSI= {0xFCF353D86E9C03L,0xADBCABC8CA6DE8L,0xE8CE42435B3961L,0xB3AD58F10126DL,0xF1FD178CL}; +const BIG_256_56 R2modp_ANSSI= {0x18D2374288CC9CL,0x4929E67646BD2BL,0x220E6C1D6F7F2DL,0x751B1FDABCE02EL,0xE7401B78L}; +const chunk MConst_ANSSI= 0x97483A164E1155L; +#endif http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_BLS24.c ---------------------------------------------------------------------- diff --git a/src/rom_field_BLS24.c b/src/rom_field_BLS24.c new file mode 100644 index 0000000..6a44de8 --- /dev/null +++ b/src/rom_field_BLS24.c @@ -0,0 +1,28 @@ +#include "arch.h" +#include "fp_BLS24.h" + +/* Curve BLS24 - Pairing friendly BLS24 curve */ + +#if CHUNK==16 + +#error Not supported + +#endif + +#if CHUNK==32 +// Base Bits= 29 +const BIG_480_29 Modulus_BLS24= {0xA06152B,0x2260B3A,0xB4C36BE,0x5FFC5D0,0xBDB6A64,0x5B78E2E,0x1C1A28CA,0x10E6441B,0x1F244061,0xB4704F0,0x141E5CCD,0x9837504,0x3F2E77E,0xD763740,0x1316EA0E,0xF0079,0x555C}; +const BIG_480_29 R2modp_BLS24= {0x8533EA9,0x6A02789,0x183B24DE,0x1E45ECF8,0xC8F8F37,0x10CAD209,0x4C0C4B8,0x9B1FABD,0xDEBE4C0,0xDC353F9,0x18A18E26,0x10F489BB,0x31206A5,0x19673BBF,0x6BE69F9,0xB091169,0x9CD}; +const chunk MConst_BLS24= 0x95FE7D; +const BIG_480_29 Fra_BLS24= {0x1BF96F1D,0xAE53A55,0x31BFEEB,0x183FF17A,0x6237469,0x12A4F4F1,0x12101FE3,0x16E79D94,0xFF59267,0x5EB4EB4,0x78CC49F,0x274BA33,0x149184F3,0x16C6DCBA,0x1C90B694,0x10F729CE,0x4BBC}; +const BIG_480_29 Frb_BLS24= {0xE0CA60E,0x1740D0E4,0x83037D2,0xDBFD456,0x5B7F5FA,0x1312993D,0xA0A08E6,0x19FEA687,0xF2EADF9,0x55BB63C,0xC91982E,0x70EBAD1,0xF61628B,0x16AF5A85,0x16863379,0xF17D6AA,0x99F}; +#endif + +#if CHUNK==64 +// Base Bits= 56 +const BIG_480_56 Modulus_BLS24= {0x44C1674A06152BL,0xFFE2E82D30DAF8L,0x6F1C5CBDB6A642L,0x3220DF068A328BL,0xE09E1F24406187L,0xBA825079733568L,0x6E803F2E77E4C1L,0x3CCC5BA839AECL,0x555C0078L}; +const BIG_480_56 R2modp_BLS24= {0x6A4A1FE013DF5BL,0xE8E46D4D1BDE65L,0x1F841391F45C67L,0x9148A4516FB28L,0x4398524EDF4C88L,0x41C0E241B6DCE8L,0xE42C208C19411L,0xA7FE6FD73A7B1CL,0xFCCCA76L}; +const chunk MConst_BLS24= 0xBD5D7D8095FE7DL; +const BIG_480_56 Fra_BLS24= {0x5CA74ABBF96F1DL,0x1FF8BD0C6FFBADL,0x49E9E26237469CL,0x3CECA48407F8E5L,0x69D68FF59267B7L,0x5D199E33127CBDL,0xB97549184F313AL,0x4E77242DA52D8DL,0x4BBC87B9L}; +const BIG_480_56 Frb_BLS24= {0xE81A1C8E0CA60EL,0xDFEA2B20C0DF4AL,0x25327A5B7F5FA6L,0xF5343A828239A6L,0x76C78F2EADF9CFL,0x5D68B24660B8ABL,0xB50AF61628B387L,0xB555A18CDE6D5EL,0x99F78BEL}; +#endif http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_BLS381.c ---------------------------------------------------------------------- diff --git a/src/rom_field_BLS381.c b/src/rom_field_BLS381.c new file mode 100644 index 0000000..a31e5bf --- /dev/null +++ b/src/rom_field_BLS381.c @@ -0,0 +1,28 @@ +#include "arch.h" +#include "fp_BLS381.h" + +/* Curve BLS381 - Pairing friendly BLS curve */ + +#if CHUNK==16 + +#error Not supported + +#endif + +#if CHUNK==32 +// Base Bits= 29 +const BIG_384_29 Modulus_BLS381= {0x1FFFAAAB,0xFF7FFFF,0x14FFFFEE,0x17FFFD62,0xF6241EA,0x9507B58,0xAFD9CC3,0x109E70A2,0x1764774B,0x121A5D66,0x12C6E9ED,0x12FFCD34,0x111EA3,0xD}; +const BIG_384_29 R2modp_BLS381= {0x15BEF7AE,0x1031CD0E,0x2DD93E8,0x9226323,0xE6E2CD2,0x11684DAA,0x1170E5DB,0x88E25B1,0x1B366399,0x1C536F47,0xD1F9CBC,0x278B67F,0x1EA66A2B,0xC}; +const chunk MConst_BLS381= 0x1FFCFFFD; +const BIG_384_29 Fra_BLS381= {0x12235FB8,0x83BAF6C,0x19E04F63,0x1D4A7AC7,0xB9C4F67,0x1EBC25D,0x1D3DEC91,0x1FA797AB,0x1F0FD603,0x1016068,0x108C6FAD,0x5760CCF,0x104D3BF0,0xC}; +const BIG_384_29 Frb_BLS381= {0xDDC4AF3,0x7BC5093,0x1B1FB08B,0x1AB5829A,0x3C5F282,0x764B8FB,0xDBFB032,0x10F6D8F6,0x1854A147,0x1118FCFD,0x23A7A40,0xD89C065,0xFC3E2B3,0x0}; +#endif + +#if CHUNK==64 +// Base Bits= 58 +const BIG_384_58 Modulus_BLS381= {0x1FEFFFFFFFFAAABL,0x2FFFFAC54FFFFEEL,0x12A0F6B0F6241EAL,0x213CE144AFD9CC3L,0x2434BACD764774BL,0x25FF9A692C6E9EDL,0x1A0111EA3L}; +const BIG_384_58 R2modp_BLS381= {0x20639A1D5BEF7AEL,0x1244C6462DD93E8L,0x22D09B54E6E2CD2L,0x111C4B63170E5DBL,0x38A6DE8FB366399L,0x4F16CFED1F9CBCL,0x19EA66A2BL}; +const chunk MConst_BLS381= 0x1F3FFFCFFFCFFFDL; +const BIG_384_58 Fra_BLS381= {0x10775ED92235FB8L,0x3A94F58F9E04F63L,0x3D784BAB9C4F67L,0x3F4F2F57D3DEC91L,0x202C0D1F0FD603L,0xAEC199F08C6FADL,0x1904D3BF0L}; +const BIG_384_58 Frb_BLS381= {0xF78A126DDC4AF3L,0x356B0535B1FB08BL,0xEC971F63C5F282L,0x21EDB1ECDBFB032L,0x2231F9FB854A147L,0x1B1380CA23A7A40L,0xFC3E2B3L}; +#endif http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_BLS383.c ---------------------------------------------------------------------- diff --git a/src/rom_field_BLS383.c b/src/rom_field_BLS383.c new file mode 100644 index 0000000..04229cd --- /dev/null +++ b/src/rom_field_BLS383.c @@ -0,0 +1,28 @@ +#include "arch.h" +#include "fp_BLS383.h" + +/* Curve BLS383 - Pairing friendly BLS curve */ + +#if CHUNK==16 + +#error Not supported + +#endif + +#if CHUNK==32 +// Base Bits= 29 +const BIG_384_29 Modulus_BLS383= {0x5AAB0AB,0x11B8EB24,0x19214AF6,0x187E5314,0x124F47A8,0x1C00B4B0,0x1446B0C6,0x59E6CB4,0x4A0AD46,0xFF5494,0x81B6B71,0x956DD6B,0x16556956,0x2A}; +const BIG_384_29 R2modp_BLS383= {0x116907F4,0x405B700,0x1752AC11,0x67A9E7C,0x1941C581,0x1AEA38C4,0xB1E4D22,0xCE841AE,0xA0FC49B,0xB4B1F48,0x13852312,0x1B3FDCED,0x1FECE397,0x26}; +const chunk MConst_BLS383= 0x73435FD; +const BIG_384_29 Fra_BLS383= {0x1311DAC1,0x296B969,0x19DCF806,0x126901FC,0xD8C8A36,0x1A2572A8,0xA1A0959,0x1A47F743,0x110E4C6C,0x1608DA97,0xCE2E7F0,0x4FED178,0xACD5BF0,0x11}; +const BIG_384_29 Frb_BLS383= {0x1298D5EA,0xF2231BA,0x1F4452F0,0x6155117,0x4C2BD72,0x1DB4208,0xA2CA76D,0xB567571,0x139260D9,0xAF679FC,0x1B388380,0x4580BF2,0xB880D66,0x19}; +#endif + +#if CHUNK==64 +// Base Bits= 58 +const BIG_384_58 Modulus_BLS383= {0x2371D6485AAB0ABL,0x30FCA6299214AF6L,0x3801696124F47A8L,0xB3CD969446B0C6L,0x1FEA9284A0AD46L,0x12ADBAD681B6B71L,0x556556956L}; +const BIG_384_58 R2modp_BLS383= {0x80B6E0116907F4L,0xCF53CF9752AC11L,0x35D47189941C581L,0x19D0835CB1E4D22L,0x16963E90A0FC49BL,0x367FB9DB3852312L,0x4DFECE397L}; +const chunk MConst_BLS383= 0x1BC0571073435FDL; +const BIG_384_58 Fra_BLS383= {0x52D72D3311DAC1L,0x24D203F99DCF806L,0x344AE550D8C8A36L,0x348FEE86A1A0959L,0x2C11B52F10E4C6CL,0x9FDA2F0CE2E7F0L,0x22ACD5BF0L}; +const BIG_384_58 Frb_BLS383= {0x1E446375298D5EAL,0xC2AA22FF4452F0L,0x3B684104C2BD72L,0x16ACEAE2A2CA76DL,0x15ECF3F939260D9L,0x8B017E5B388380L,0x32B880D66L}; +#endif http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_BLS461.c ---------------------------------------------------------------------- diff --git a/src/rom_field_BLS461.c b/src/rom_field_BLS461.c new file mode 100644 index 0000000..26da22d --- /dev/null +++ b/src/rom_field_BLS461.c @@ -0,0 +1,28 @@ +#include "arch.h" +#include "fp_BLS461.h" + +/* Curve BLS461 - Pairing friendly BLS curve */ + +#if CHUNK==16 + +#error Not supported + +#endif + +#if CHUNK==32 +// Base Bits= 28 +const BIG_464_28 Modulus_BLS461= {0xAAAAAAB,0xAC0000A,0x54AAAAA,0x5555,0x400020,0x91557F0,0xF26AA,0xFA5C1CC,0xB42A8DF,0x7B14848,0x8BACCA4,0x6F1E32D,0x4935FBD,0x55D6941,0xD5A555A,0x5545554,0x1555}; +const BIG_464_28 R2modp_BLS461= {0xC9B6A33,0x2ECD087,0x3CCB2B1,0xCD461FE,0x8CB5AB2,0xC5B9635,0x5312E92,0xB659F64,0x3B596FA,0x8679006,0xA92E2B3,0x3CE05E3,0x363550F,0x7C07A8E,0x382C083,0x6347FEA,0xBD}; +const chunk MConst_BLS461= 0xFFFFFFD; +const BIG_464_28 Fra_BLS461= {0xB812A3A,0x7117BF9,0x99C400F,0xC6308A5,0x5BF8A1,0x510E075,0x45FA5A6,0xCE4858D,0x770B31A,0xBC2CB04,0xE2FC61E,0xD073588,0x4366190,0x4DFEFA8,0x69E55E2,0x504B7F,0x12E4}; +const BIG_464_28 Frb_BLS461= {0xF298071,0x3AE8410,0xBAE6A9B,0x39D4CAF,0xFE4077E,0x404777A,0xBAF8104,0x2C13C3E,0x3D1F5C5,0xBEE7D44,0xA8B0685,0x9EAADA4,0x5CFE2C,0x7D7999,0x6BBFF78,0x50409D5,0x271}; +#endif + +#if CHUNK==64 +// Base Bits=60 +const BIG_464_60 Modulus_BLS461= {0xAAC0000AAAAAAABL,0x20000555554AAAAL,0x6AA91557F004000L,0xA8DFFA5C1CC00F2L,0xACCA47B14848B42L,0x935FBD6F1E32D8BL,0xD5A555A55D69414L,0x15555545554L}; +const BIG_464_60 R2modp_BLS461= {0x96D08774614DDA8L,0xCD45F539225D5BDL,0xD712EB760C95AB1L,0xB3B687155F30B55L,0xC4E62A05C3F5B81L,0xBA1151676CA3CD0L,0x7EDD8A958F442BEL,0x12B89DD3F91L}; +const chunk MConst_BLS461= 0xC0005FFFFFFFDL; +const BIG_464_60 Fra_BLS461= {0xF7117BF9B812A3AL,0xA1C6308A599C400L,0x5A6510E07505BF8L,0xB31ACE4858D45FAL,0xFC61EBC2CB04770L,0x366190D073588E2L,0x69E55E24DFEFA84L,0x12E40504B7FL}; +const BIG_464_60 Frb_BLS461= {0xB3AE8410F298071L,0x7E39D4CAFBAE6A9L,0x104404777AFE407L,0xF5C52C13C3EBAF8L,0xB0685BEE7D443D1L,0x5CFE2C9EAADA4A8L,0x6BBFF7807D79990L,0x27150409D5L}; +#endif http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_BLS48.c ---------------------------------------------------------------------- diff --git a/src/rom_field_BLS48.c b/src/rom_field_BLS48.c new file mode 100644 index 0000000..2837928 --- /dev/null +++ b/src/rom_field_BLS48.c @@ -0,0 +1,28 @@ +#include "arch.h" +#include "fp_BLS48.h" + +/* Curve BLS48 - Pairing friendly BLS48 curve */ + +#if CHUNK==16 + +#error Not supported + +#endif + +#if CHUNK==32 +// Base Bits= 29 +const BIG_560_29 Modulus_BLS48= {0x1CF6AC0B,0x17B7307F,0x19877E7B,0x12CE0134,0x14228402,0x1BD4C386,0x1DACBB04,0x40410D0,0x25A415,0x980B53E,0xDE6E250,0x15D9AAD6,0x5DA950,0x1029B7A,0x54AB351,0x14AD90CE,0x3729047,0x1FE7E2D9,0x145F610B,0x1F}; +const BIG_560_29 R2modp_BLS48= {0xD59D0FA,0x12F01FD0,0xDE8FD41,0x35AAEE1,0xB937F48,0x50700E8,0x1F50EFCE,0x1019B13C,0x3470A2F,0x11094115,0xF9FB72D,0x6AD10E2,0x1CFD9F8,0x44F4785,0x2B48793,0x1148ED3,0xF609E61,0x1EE34BC7,0x1735D29E,0x0}; +const chunk MConst_BLS48= 0x9DA805D; +const BIG_560_29 Fra_BLS48= {0x1325BF89,0x1311E7EC,0xCD0A56F,0x1A0FD46E,0xE83BCCA,0xCA97DD0,0x18D1D297,0x5F1E137,0x7AB9F2C,0x13FC255F,0x1C9DECEB,0x9DEF4A2,0x3C0F60B,0x1D9909E4,0x1FF27FF7,0x1DBF8208,0x89BB36C,0x40044E0,0x62E01EE,0x5}; +const BIG_560_29 Frb_BLS48= {0x1325BF89,0x1311E7EC,0xCD0A56F,0x1A0FD46E,0xE83BCCA,0xCA97DD0,0x18D1D297,0x5F1E137,0x7AB9F2C,0x13FC255F,0x1C9DECEB,0x9DEF4A2,0x3C0F60B,0x1D9909E4,0x1FF27FF7,0x1DBF8208,0x89BB36C,0x40044E0,0x62E01EE,0x5}; +#endif + +#if CHUNK==64 +// Base Bits= 58 +const BIG_560_58 Modulus_BLS48= {0x2F6E60FFCF6AC0BL,0x259C02699877E7BL,0x37A9870D4228402L,0x80821A1DACBB04L,0x13016A7C025A415L,0x2BB355ACDE6E250L,0x20536F405DA950L,0x295B219C54AB351L,0x3FCFC5B23729047L,0x3F45F610BL}; +const BIG_560_58 R2modp_BLS48= {0x25E03FA0D59D0FAL,0x6B55DC2DE8FD41L,0xA0E01D0B937F48L,0x20336279F50EFCEL,0x2212822A3470A2FL,0xD5A21C4F9FB72DL,0x89E8F0A1CFD9F8L,0x2291DA62B48793L,0x3DC6978EF609E61L,0x1735D29EL}; +const chunk MConst_BLS48= 0x21BFCBCA9DA805DL; +const BIG_560_58 Fra_BLS48= {0x2623CFD9325BF89L,0x341FA8DCCD0A56FL,0x1952FBA0E83BCCAL,0xBE3C26F8D1D297L,0x27F84ABE7AB9F2CL,0x13BDE945C9DECEBL,0x3B3213C83C0F60BL,0x3B7F0411FF27FF7L,0x80089C089BB36CL,0xA62E01EEL}; +const BIG_560_58 Frb_BLS48= {0x2623CFD9325BF89L,0x341FA8DCCD0A56FL,0x1952FBA0E83BCCAL,0xBE3C26F8D1D297L,0x27F84ABE7AB9F2CL,0x13BDE945C9DECEBL,0x3B3213C83C0F60BL,0x3B7F0411FF27FF7L,0x80089C089BB36CL,0xA62E01EEL}; +#endif http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_BN254.c ---------------------------------------------------------------------- diff --git a/src/rom_field_BN254.c b/src/rom_field_BN254.c new file mode 100644 index 0000000..6b06d32 --- /dev/null +++ b/src/rom_field_BN254.c @@ -0,0 +1,33 @@ +#include "arch.h" +#include "fp_BN254.h" + +/* Curve BN254 - Pairing friendly BN curve */ + +/* Nogami's fast curve */ + +#if CHUNK==16 +// Base Bits= 13 +const BIG_256_13 Modulus_BN254= {0x13,0x0,0x0,0x0,0x1A70,0x9,0x0,0x0,0x100,0x309,0x2,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A}; +const BIG_256_13 R2modp_BN254= {0xF32,0x239,0x14DC,0xCE8,0x928,0x11B6,0x130F,0x1183,0x56E,0x1AEE,0x124F,0xD2A,0x7F8,0x1CE6,0x1B50,0x77C,0x3A,0x1A9E,0x1EFD,0x1C}; +const chunk MConst_BN254= 0x15E5; +const BIG_256_13 Fra_BN254= {0xDE9,0x1953,0x101B,0x1BCD,0xE17,0x1BE1,0x14FD,0x1249,0x974,0x1C28,0x54F,0x108D,0x150A,0x4CD,0x12D9,0xF91,0x12E,0x10C9,0xDDD,0x36}; +const BIG_256_13 Frb_BN254= {0x122A,0x6AC,0xFE4,0x432,0xC58,0x428,0xB02,0xDB6,0x178B,0x6E0,0x1AB2,0xF72,0x2F5,0x1559,0x140F,0x106E,0x1ED1,0x1348,0x1AFB,0x13}; +#endif + +#if CHUNK==32 +// Base Bits= 28 +const BIG_256_28 Modulus_BN254= {0x13,0x0,0x13A7,0x0,0x86121,0x8000000,0x1BA344D,0x4000000,0x5236482,0x2}; +const BIG_256_28 R2modp_BN254= {0xF5E7E39,0x2F2A96F,0xB96F13C,0x64E8642,0xC7146,0x9926F7B,0x4DACD24,0x8321E7B,0xD127A2E,0x1}; +const chunk MConst_BN254= 0x79435E5; +const BIG_256_28 Fra_BN254= {0xF2A6DE9,0x7DE6C06,0xF77C2E1,0x74924D3,0x53F8509,0x50A8469,0xCB6499B,0x212E7C8,0xB377619,0x1}; +const BIG_256_28 Frb_BN254= {0xD5922A,0x82193F9,0x8850C5,0x8B6DB2C,0xAC8DC17,0x2F57B96,0x503EAB2,0x1ED1837,0x9EBEE69,0x0}; +#endif + +#if CHUNK==64 +// Base Bits= 56 +const BIG_256_56 Modulus_BN254= {0x13L,0x13A7L,0x80000000086121L,0x40000001BA344DL,0x25236482L}; +const BIG_256_56 R2modp_BN254= {0x2F2A96FF5E7E39L,0x64E8642B96F13CL,0x9926F7B00C7146L,0x8321E7B4DACD24L,0x1D127A2EL}; +const chunk MConst_BN254= 0x435E50D79435E5L; +const BIG_256_56 Fra_BN254= {0x7DE6C06F2A6DE9L,0x74924D3F77C2E1L,0x50A846953F8509L,0x212E7C8CB6499BL,0x1B377619L}; +const BIG_256_56 Frb_BN254= {0x82193F90D5922AL,0x8B6DB2C08850C5L,0x2F57B96AC8DC17L,0x1ED1837503EAB2L,0x9EBEE69L}; +#endif http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_BN254CX.c ---------------------------------------------------------------------- diff --git a/src/rom_field_BN254CX.c b/src/rom_field_BN254CX.c new file mode 100644 index 0000000..9472edb --- /dev/null +++ b/src/rom_field_BN254CX.c @@ -0,0 +1,33 @@ +#include "arch.h" +#include "fp_BN254CX.h" + +/* Curve BN254CX - Pairing friendly BN curve */ + +/* CertiVox BN curve/field */ + +#if CHUNK==16 +// Base Bits= 13 +const BIG_256_13 Modulus_BN254CX= {0x15B3,0xDA,0x1BD7,0xC47,0x1BE6,0x1F70,0x24,0x1DC3,0x1FD6,0x1921,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48}; +const BIG_256_13 R2modp_BN254CX= {0x1527,0x146B,0x12A7,0x1A60,0x1E0A,0x1382,0x2BC,0x1D3F,0xB30,0xA8,0xD19,0x11AB,0x1D40,0x1965,0xD6D,0x643,0x10FF,0x1BC7,0x1E61,0x31}; +const chunk MConst_BN254CX= 0x1E85; +const BIG_256_13 Fra_BN254CX= {0xEA3,0xE40,0xCD5,0x1210,0x15BD,0x1C10,0x5CF,0x4DE,0x773,0x343,0x626,0x194E,0x18AA,0x10C5,0x12BF,0x2C,0x63A,0x17D,0x1642,0x26}; +const BIG_256_13 Frb_BN254CX= {0x710,0x129A,0xF01,0x1A37,0x628,0x360,0x1A55,0x18E4,0x1863,0x15DE,0x138E,0x1B78,0x1D9C,0xE29,0x403,0x515,0x236,0x1E83,0x9BD,0x21}; +#endif + +#if CHUNK==32 +// Base Bits= 28 +const BIG_256_28 Modulus_BN254CX= {0xC1B55B3,0x6623EF5,0x93EE1BE,0xD6EE180,0x6D3243F,0x647A636,0xDB0BDDF,0x8702A0,0x4000000,0x2}; +const BIG_256_28 R2modp_BN254CX= {0x8A0800A,0x466A061,0x43056A3,0x2B3A225,0x9C6600,0x148515B,0x6BDF50,0xEC9EA56,0xC992E66,0x1}; +const chunk MConst_BN254CX= 0x9789E85; +const BIG_256_28 Fra_BN254CX= {0x5C80EA3,0xD908335,0x3F8215B,0x7326F17,0x8986867,0x8AACA71,0x4AFE18B,0xA63A016,0x359082F,0x1}; +const BIG_256_28 Frb_BN254CX= {0x6534710,0x8D1BBC0,0x546C062,0x63C7269,0xE3ABBD8,0xD9CDBC4,0x900DC53,0x623628A,0xA6F7D0,0x1}; +#endif + +#if CHUNK==64 +// Base Bits= 56 +const BIG_256_56 Modulus_BN254CX= {0x6623EF5C1B55B3L,0xD6EE18093EE1BEL,0x647A6366D3243FL,0x8702A0DB0BDDFL,0x24000000L}; +const BIG_256_56 R2modp_BN254CX= {0x466A0618A0800AL,0x2B3A22543056A3L,0x148515B09C6600L,0xEC9EA5606BDF50L,0x1C992E66L}; +const chunk MConst_BN254CX= 0x4E205BF9789E85L; +const BIG_256_56 Fra_BN254CX= {0xD9083355C80EA3L,0x7326F173F8215BL,0x8AACA718986867L,0xA63A0164AFE18BL,0x1359082FL}; +const BIG_256_56 Frb_BN254CX= {0x8D1BBC06534710L,0x63C7269546C062L,0xD9CDBC4E3ABBD8L,0x623628A900DC53L,0x10A6F7D0L}; +#endif http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_BRAINPOOL.c ---------------------------------------------------------------------- diff --git a/src/rom_field_BRAINPOOL.c b/src/rom_field_BRAINPOOL.c new file mode 100644 index 0000000..eb4e7c3 --- /dev/null +++ b/src/rom_field_BRAINPOOL.c @@ -0,0 +1,24 @@ +#include "arch.h" +#include "fp_BRAINPOOL.h" + +/* Brainpool Modulus */ + +#if CHUNK==16 + +#error Not supported + +#endif + +#if CHUNK==32 +// Base Bits= 28 +const BIG_256_28 Modulus_BRAINPOOL= {0xF6E5377,0x13481D1,0x6202820,0xF623D52,0xD726E3B,0x909D838,0xC3E660A,0xA1EEA9B,0x9FB57DB,0xA}; +const BIG_256_28 R2modp_BRAINPOOL= {0xB9A3787,0x9E04F49,0x8F3CF49,0x2931721,0xF1DBC89,0x54E8C3C,0xF7559CA,0xBB411A3,0x773E15F,0x9}; +const chunk MConst_BRAINPOOL= 0xEFD89B9; +#endif + +#if CHUNK==64 +// Base Bits= 56 +const BIG_256_56 Modulus_BRAINPOOL= {0x13481D1F6E5377L,0xF623D526202820L,0x909D838D726E3BL,0xA1EEA9BC3E660AL,0xA9FB57DBL}; +const BIG_256_56 R2modp_BRAINPOOL= {0x9E04F49B9A3787L,0x29317218F3CF49L,0x54E8C3CF1DBC89L,0xBB411A3F7559CAL,0x9773E15FL}; +const chunk MConst_BRAINPOOL= 0xA75590CEFD89B9L; +#endif http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_C41417.c ---------------------------------------------------------------------- diff --git a/src/rom_field_C41417.c b/src/rom_field_C41417.c new file mode 100644 index 0000000..01be04f --- /dev/null +++ b/src/rom_field_C41417.c @@ -0,0 +1,24 @@ +#include "arch.h" +#include "fp_C41417.h" + +/* Curve C41417 */ + +#if CHUNK==16 + +#error Not supported + +#endif + +#if CHUNK==32 +// Base Bits= 29 +const BIG_416_29 Modulus_C41417= {0x1FFFFFEF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFF}; +const BIG_416_29 R2modp_C41417= {0x0,0x242000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; +const chunk MConst_C41417= 0x11; +#endif + +#if CHUNK==64 +// Base Bits= 60 +const BIG_416_60 Modulus_C41417= {0xFFFFFFFFFFFFFEFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0x3FFFFFFFFFFFFFL}; +const BIG_416_60 R2modp_C41417= {0x121000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}; +const chunk MConst_C41417= 0x11L; +#endif http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_FP256BN.c ---------------------------------------------------------------------- diff --git a/src/rom_field_FP256BN.c b/src/rom_field_FP256BN.c new file mode 100644 index 0000000..77abe3a --- /dev/null +++ b/src/rom_field_FP256BN.c @@ -0,0 +1,30 @@ +#include "arch.h" +#include "fp_FP256BN.h" + +/* Curve FP256BN - Pairing friendly BN curve */ + +/* ISO fast curve */ + +#if CHUNK==16 + +#error Not supported + +#endif + +#if CHUNK==32 +// Base Bits= 28 +const BIG_256_28 Modulus_FP256BN= {0xED33013,0x292DDBA,0x80A82D3,0x65FB129,0x49F0CDC,0x5EEE71A,0xD46E5F2,0xFFFCF0C,0xFFFFFFF,0xF}; +const BIG_256_28 R2modp_FP256BN= {0x3B9F8B,0xEDE3363,0xFEC54E8,0x92FFEE9,0x3C55F79,0x13C1C06,0xC0123FA,0xA12F2EA,0xE559B2A,0x8}; +const chunk MConst_FP256BN= 0x537E5E5; +const BIG_256_28 Fra_FP256BN= {0xF943106,0x760328A,0xAB28F74,0x71511E3,0x7CF39A1,0x8DDB086,0x52D1A6E,0xCA786F3,0xD617662,0x3}; +const BIG_256_28 Frb_FP256BN= {0xF3EFF0D,0xB32AB2F,0xD57F35E,0xF4A9F45,0xCCFD33A,0xD113693,0x819CB83,0x3584819,0x29E899D,0xC}; +#endif + +#if CHUNK==64 +// Base Bits= 56 +const BIG_256_56 Modulus_FP256BN= {0x292DDBAED33013L,0x65FB12980A82D3L,0x5EEE71A49F0CDCL,0xFFFCF0CD46E5F2L,0xFFFFFFFFL}; +const BIG_256_56 R2modp_FP256BN= {0xEDE336303B9F8BL,0x92FFEE9FEC54E8L,0x13C1C063C55F79L,0xA12F2EAC0123FAL,0x8E559B2AL}; +const chunk MConst_FP256BN= 0x6C964E0537E5E5L; +const BIG_256_56 Fra_FP256BN= {0x760328AF943106L,0x71511E3AB28F74L,0x8DDB0867CF39A1L,0xCA786F352D1A6EL,0x3D617662L}; +const BIG_256_56 Frb_FP256BN= {0xB32AB2FF3EFF0DL,0xF4A9F45D57F35EL,0xD113693CCFD33AL,0x3584819819CB83L,0xC29E899DL}; +#endif http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_FP512BN.c ---------------------------------------------------------------------- diff --git a/src/rom_field_FP512BN.c b/src/rom_field_FP512BN.c new file mode 100644 index 0000000..fa6657f --- /dev/null +++ b/src/rom_field_FP512BN.c @@ -0,0 +1,30 @@ +#include "arch.h" +#include "fp_FP512BN.h" + +/* Curve FP512BN - Pairing friendly BN curve */ + +/* ISO fast curve */ + +#if CHUNK==16 + +#error Not supported + +#endif + +#if CHUNK==32 +// Base Bits= 29 +const BIG_512_29 Modulus_FP512BN= {0x2ADEF33,0x7594049,0x131919ED,0x14AB9CBE,0x16FE1916,0x12EF5591,0x2E39231,0x3D597D3,0x55146CF,0x88D877A,0x102EF8F0,0x1196A60F,0x1C60BA1D,0x1CF63F80,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFF}; +const BIG_512_29 R2modp_FP512BN= {0xFD68B47,0xFCF5D2C,0x437675A,0x1BBC3FBF,0x1411E413,0x13453559,0x10B5639,0x1C34CE79,0x6D476BF,0xFD05F2B,0x15D17C28,0x6C9F76E,0x1C2375B3,0x78CCE9B,0x15F0AB33,0x1960F32E,0x1A8D44E,0x57A38}; +const chunk MConst_FP512BN= 0x1CCC5C05; +const BIG_512_29 Fra_FP512BN= {0x14B73AB2,0x4B0BD8F,0xABB47D,0x2A29EC4,0x18681E17,0x104069DE,0x12EED67D,0x1553D0A5,0x398E9F8,0x7971034,0xAC9AF23,0x52DEF23,0x14EA18A5,0x1463E345,0x6DE465A,0x17F212B4,0x1AA9CF5B,0xF7B8}; +const BIG_512_29 Frb_FP512BN= {0xDF6B481,0x2A882B9,0x126D6570,0x1208FDFA,0x1E95FAFF,0x2AEEBB2,0xFF4BBB4,0xE81C72D,0x1B85CD6,0xF67746,0x56549CD,0xC68B6EC,0x776A178,0x8925C3B,0x1921B9A5,0x80DED4B,0x55630A4,0x70847}; +#endif + +#if CHUNK==64 +// Base Bits= 60 +const BIG_512_60 Modulus_FP512BN= {0x4EB280922ADEF33L,0x6A55CE5F4C6467BL,0xC65DEAB236FE191L,0xCF1EACBE98B8E48L,0x3C111B0EF455146L,0xA1D8CB5307C0BBEL,0xFFFF9EC7F01C60BL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFL}; +const BIG_512_60 R2modp_FP512BN= {0x1FA6DCEF99812E9L,0xAB3452895A0B74EL,0xC53EA988C079E1EL,0x1E90E033BA630B9L,0xF1EA41C0714D8B0L,0xE72785387509E28L,0xD86794F834DAB00L,0x9757C2ACCD342A1L,0x44ECB079L}; +const chunk MConst_FP512BN= 0x692A189FCCC5C05L; +const BIG_512_60 Fra_FP512BN= {0x49617B1F4B73AB2L,0x71514F6202AED1FL,0xF6080D3BD8681E1L,0xF8AA9E852CBBB59L,0xC8CF2E2068398E9L,0x8A5296F791AB26BL,0x196A8C7C68B4EA1L,0xCF5BBF9095A1B79L,0x1EF71AA9L}; +const BIG_512_60 Frb_FP512BN= {0x5510572DF6B481L,0xF9047EFD49B595CL,0xD055DD765E95FAFL,0xD6740E396BFD2EEL,0x7341ECEE8C1B85CL,0x1786345B7615952L,0xE695124B876776AL,0x30A4406F6A5E486L,0xE108E556L}; +#endif http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_GOLDILOCKS.c ---------------------------------------------------------------------- diff --git a/src/rom_field_GOLDILOCKS.c b/src/rom_field_GOLDILOCKS.c new file mode 100644 index 0000000..1ea0412 --- /dev/null +++ b/src/rom_field_GOLDILOCKS.c @@ -0,0 +1,24 @@ +#include "arch.h" +#include "fp_GOLDILOCKS.h" + +/* Curve GOLDILOCKS */ + +#if CHUNK==16 + +#error Not supported + +#endif + +#if CHUNK==32 +// Base Bits= 29 +const BIG_448_29 Modulus_GOLDILOCKS= {0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FDFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFF}; +const BIG_448_29 R2modp_GOLDILOCKS= {0x0,0x10,0x0,0x0,0x0,0x0,0x0,0x0,0x3000000,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; +const chunk MConst_GOLDILOCKS= 0x1; +#endif + +#if CHUNK==64 +// Base Bits= 58 +const BIG_448_58 Modulus_GOLDILOCKS= {0x3FFFFFFFFFFFFFFL,0x3FFFFFFFFFFFFFFL,0x3FFFFFFFFFFFFFFL,0x3FBFFFFFFFFFFFFL,0x3FFFFFFFFFFFFFFL,0x3FFFFFFFFFFFFFFL,0x3FFFFFFFFFFFFFFL,0x3FFFFFFFFFFL}; +const BIG_448_58 R2modp_GOLDILOCKS= {0x200000000L,0x0L,0x0L,0x0L,0x3000000L,0x0L,0x0L,0x0L}; +const chunk MConst_GOLDILOCKS= 0x1L; +#endif http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_HIFIVE.c ---------------------------------------------------------------------- diff --git a/src/rom_field_HIFIVE.c b/src/rom_field_HIFIVE.c new file mode 100644 index 0000000..15b6d3f --- /dev/null +++ b/src/rom_field_HIFIVE.c @@ -0,0 +1,24 @@ +#include "arch.h" +#include "fp_HIFIVE.h" + +/* Curve HIFIVE */ + +#if CHUNK==16 + +#error Not supported + +#endif + +#if CHUNK==32 +// Base Bits= 29 +const BIG_336_29 Modulus_HIFIVE= {0x1FFFFFFD,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFF}; +const BIG_336_29 R2modp_HIFIVE= {0x9000000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; +const chunk MConst_HIFIVE= 0x3; +#endif + +#if CHUNK==64 +// Base Bits= 60 +const BIG_336_60 Modulus_HIFIVE= {0xFFFFFFFFFFFFFFDL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFL}; +const BIG_336_60 R2modp_HIFIVE= {0x9000000000000L,0x0L,0x0L,0x0L,0x0L,0x0L}; +const chunk MConst_HIFIVE= 0x3L; +#endif http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_NIST256.c ---------------------------------------------------------------------- diff --git a/src/rom_field_NIST256.c b/src/rom_field_NIST256.c new file mode 100644 index 0000000..f50d9f0 --- /dev/null +++ b/src/rom_field_NIST256.c @@ -0,0 +1,25 @@ +#include "arch.h" +#include "fp_NIST256.h" + +/* Curve NIST256 */ + +#if CHUNK==16 + +#error Not supported + +#endif + +#if CHUNK==32 +// Base Bits= 28 +const BIG_256_28 Modulus_NIST256= {0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFF,0x0,0x0,0x1000000,0x0,0xFFFFFFF,0xF}; +const BIG_256_28 R2modp_NIST256= {0x50000,0x300000,0x0,0x0,0xFFFFFFA,0xFFFFFBF,0xFFFFEFF,0xFFFAFFF,0x2FFFF,0x0}; +const chunk MConst_NIST256= 0x1; +#endif + +#if CHUNK==64 +// Base Bits= 56 +const BIG_256_56 Modulus_NIST256= {0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFL,0x0L,0x1000000L,0xFFFFFFFFL}; +const BIG_256_56 R2modp_NIST256= {0x3000000050000L,0x0L,0xFFFFFBFFFFFFFAL,0xFFFAFFFFFFFEFFL,0x2FFFFL}; +const chunk MConst_NIST256= 0x1L; +#endif + http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_NIST384.c ---------------------------------------------------------------------- diff --git a/src/rom_field_NIST384.c b/src/rom_field_NIST384.c new file mode 100644 index 0000000..2a4d6d0 --- /dev/null +++ b/src/rom_field_NIST384.c @@ -0,0 +1,24 @@ +#include "arch.h" +#include "fp_NIST384.h" + +/* Curve NIST384 */ + +#if CHUNK==16 + +#error Not supported + +#endif + +#if CHUNK==32 +// Base Bits= 29 +const BIG_384_29 Modulus_NIST384= {0x1FFFFFFF,0x7,0x0,0x1FFFFE00,0x1FFFEFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7F}; +const BIG_384_29 R2modp_NIST384= {0x0,0x8000,0x1FF80000,0x1FFFFF,0x2000000,0x0,0x0,0x1FFFFFFC,0xF,0x100,0x400,0x0,0x0,0x0}; +const chunk MConst_NIST384= 0x1; +#endif + +#if CHUNK==64 +// Base Bits= 56 +const BIG_384_56 Modulus_NIST384= {0xFFFFFFFFL,0xFFFF0000000000L,0xFFFFFFFFFEFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFL}; +const BIG_384_56 R2modp_NIST384= {0xFE000000010000L,0xFFFFFFL,0x2L,0xFFFFFFFE00L,0x1000000020000L,0x0L,0x0L}; +const chunk MConst_NIST384= 0x100000001L; +#endif http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_NIST521.c ---------------------------------------------------------------------- diff --git a/src/rom_field_NIST521.c b/src/rom_field_NIST521.c new file mode 100644 index 0000000..6eb67ac --- /dev/null +++ b/src/rom_field_NIST521.c @@ -0,0 +1,24 @@ +#include "arch.h" +#include "fp_NIST521.h" + +/* Curve NIST521 */ + +#if CHUNK==16 + +#error Not supported + +#endif + +#if CHUNK==32 +// Base Bits= 28 +const BIG_528_28 Modulus_NIST521= {0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0x1FFFF}; +const BIG_528_28 R2modp_NIST521= {0x400000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; +const chunk MConst_NIST521= 0x1; +#endif + +#if CHUNK==64 +// Base Bits= 60 +const BIG_528_60 Modulus_NIST521= {0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0x1FFFFFFFFFFL}; +const BIG_528_60 R2modp_NIST521= {0x4000000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}; +const chunk MConst_NIST521= 0x1L; +#endif http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_SECP256K1.c ---------------------------------------------------------------------- diff --git a/src/rom_field_SECP256K1.c b/src/rom_field_SECP256K1.c new file mode 100644 index 0000000..4c1e72e --- /dev/null +++ b/src/rom_field_SECP256K1.c @@ -0,0 +1,24 @@ +#include "arch.h" +#include "fp_SECP256K1.h" + +/* Curve SECP256K1 */ + +#if CHUNK==16 + +#error Not supported + +#endif + +#if CHUNK==32 +// Base Bits= 28 +const BIG_256_28 Modulus_SECP256K1= {0xFFFFC2F,0xFFFFFEF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xF}; +const BIG_256_28 R2modp_SECP256K1= {0x0,0xA100000,0x2000E90,0x7A,0x1,0x0,0x0,0x0,0x0,0x0}; +const chunk MConst_SECP256K1= 0x2253531; +#endif + +#if CHUNK==64 +// Base Bits= 56 +const BIG_256_56 Modulus_SECP256K1= {0xFFFFFEFFFFFC2FL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFL}; +const BIG_256_56 R2modp_SECP256K1= {0xA1000000000000L,0x7A2000E90L,0x1L,0x0L,0x0L}; +const chunk MConst_SECP256K1= 0x38091DD2253531L; +#endif http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rsa.c.in ---------------------------------------------------------------------- diff --git a/src/rsa.c.in b/src/rsa.c.in new file mode 100644 index 0000000..6e37231 --- /dev/null +++ b/src/rsa.c.in @@ -0,0 +1,159 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +/* RSA Functions - see main program below */ + +#include <stdio.h> +#include <string.h> +#include <stdlib.h> +#include <time.h> + +#include "rsa_WWW.h" +#include "rsa_support.h" + +/* generate an RSA key pair */ +void RSA_WWW_KEY_PAIR(csprng *RNG,sign32 e,rsa_private_key_WWW *PRIV,rsa_public_key_WWW *PUB,octet *P, octet* Q) +{ + /* IEEE1363 A16.11/A16.12 more or less */ + BIG_XXX t[HFLEN_WWW],p1[HFLEN_WWW],q1[HFLEN_WWW]; + + if (RNG!=NULL) + { + + for (;;) + { + FF_WWW_random(PRIV->p,RNG,HFLEN_WWW); + while (FF_WWW_lastbits(PRIV->p,2)!=3) FF_WWW_inc(PRIV->p,1,HFLEN_WWW); + while (!FF_WWW_prime(PRIV->p,RNG,HFLEN_WWW)) + FF_WWW_inc(PRIV->p,4,HFLEN_WWW); + + FF_WWW_copy(p1,PRIV->p,HFLEN_WWW); + FF_WWW_dec(p1,1,HFLEN_WWW); + + if (FF_WWW_cfactor(p1,e,HFLEN_WWW)) continue; + break; + } + + for (;;) + { + FF_WWW_random(PRIV->q,RNG,HFLEN_WWW); + while (FF_WWW_lastbits(PRIV->q,2)!=3) FF_WWW_inc(PRIV->q,1,HFLEN_WWW); + while (!FF_WWW_prime(PRIV->q,RNG,HFLEN_WWW)) + FF_WWW_inc(PRIV->q,4,HFLEN_WWW); + + FF_WWW_copy(q1,PRIV->q,HFLEN_WWW); + FF_WWW_dec(q1,1,HFLEN_WWW); + if (FF_WWW_cfactor(q1,e,HFLEN_WWW)) continue; + + break; + } + } + else + { + FF_WWW_fromOctet(PRIV->p,P,HFLEN_WWW); + FF_WWW_fromOctet(PRIV->q,Q,HFLEN_WWW); + + FF_WWW_copy(p1,PRIV->p,HFLEN_WWW); + FF_WWW_dec(p1,1,HFLEN_WWW); + + FF_WWW_copy(q1,PRIV->q,HFLEN_WWW); + FF_WWW_dec(q1,1,HFLEN_WWW); + } + + FF_WWW_mul(PUB->n,PRIV->p,PRIV->q,HFLEN_WWW); + PUB->e=e; + + FF_WWW_copy(t,p1,HFLEN_WWW); + FF_WWW_shr(t,HFLEN_WWW); + FF_WWW_init(PRIV->dp,e,HFLEN_WWW); + FF_WWW_invmodp(PRIV->dp,PRIV->dp,t,HFLEN_WWW); + if (FF_WWW_parity(PRIV->dp)==0) FF_WWW_add(PRIV->dp,PRIV->dp,t,HFLEN_WWW); + FF_WWW_norm(PRIV->dp,HFLEN_WWW); + + FF_WWW_copy(t,q1,HFLEN_WWW); + FF_WWW_shr(t,HFLEN_WWW); + FF_WWW_init(PRIV->dq,e,HFLEN_WWW); + FF_WWW_invmodp(PRIV->dq,PRIV->dq,t,HFLEN_WWW); + if (FF_WWW_parity(PRIV->dq)==0) FF_WWW_add(PRIV->dq,PRIV->dq,t,HFLEN_WWW); + FF_WWW_norm(PRIV->dq,HFLEN_WWW); + + FF_WWW_invmodp(PRIV->c,PRIV->p,PRIV->q,HFLEN_WWW); + + return; +} + +/* destroy the Private Key structure */ +void RSA_WWW_PRIVATE_KEY_KILL(rsa_private_key_WWW *PRIV) +{ + FF_WWW_zero(PRIV->p,HFLEN_WWW); + FF_WWW_zero(PRIV->q,HFLEN_WWW); + FF_WWW_zero(PRIV->dp,HFLEN_WWW); + FF_WWW_zero(PRIV->dq,HFLEN_WWW); + FF_WWW_zero(PRIV->c,HFLEN_WWW); +} + +void RSA_WWW_fromOctet(BIG_XXX x[],octet *w) +{ + FF_WWW_fromOctet(x,w,FFLEN_WWW); +} + +/* RSA encryption with the public key */ +void RSA_WWW_ENCRYPT(rsa_public_key_WWW *PUB,octet *F,octet *G) +{ + BIG_XXX f[FFLEN_WWW]; + FF_WWW_fromOctet(f,F,FFLEN_WWW); + + FF_WWW_power(f,f,PUB->e,PUB->n,FFLEN_WWW); + + FF_WWW_toOctet(G,f,FFLEN_WWW); +} + +/* RSA decryption with the private key */ +void RSA_WWW_DECRYPT(rsa_private_key_WWW *PRIV,octet *G,octet *F) +{ + BIG_XXX g[FFLEN_WWW],t[FFLEN_WWW],jp[HFLEN_WWW],jq[HFLEN_WWW]; + + FF_WWW_fromOctet(g,G,FFLEN_WWW); + + FF_WWW_dmod(jp,g,PRIV->p,HFLEN_WWW); + FF_WWW_dmod(jq,g,PRIV->q,HFLEN_WWW); + + FF_WWW_skpow(jp,jp,PRIV->dp,PRIV->p,HFLEN_WWW); + FF_WWW_skpow(jq,jq,PRIV->dq,PRIV->q,HFLEN_WWW); + + FF_WWW_zero(g,FFLEN_WWW); + FF_WWW_copy(g,jp,HFLEN_WWW); + FF_WWW_mod(jp,PRIV->q,HFLEN_WWW); + if (FF_WWW_comp(jp,jq,HFLEN_WWW)>0) + FF_WWW_add(jq,jq,PRIV->q,HFLEN_WWW); + FF_WWW_sub(jq,jq,jp,HFLEN_WWW); + FF_WWW_norm(jq,HFLEN_WWW); + + FF_WWW_mul(t,PRIV->c,jq,HFLEN_WWW); + FF_WWW_dmod(jq,t,PRIV->q,HFLEN_WWW); + + FF_WWW_mul(t,jq,PRIV->p,HFLEN_WWW); + FF_WWW_add(g,t,g,FFLEN_WWW); + FF_WWW_norm(g,FFLEN_WWW); + + FF_WWW_toOctet(F,g,FFLEN_WWW); + + return; +} + http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rsa_support.c ---------------------------------------------------------------------- diff --git a/src/rsa_support.c b/src/rsa_support.c new file mode 100644 index 0000000..a4cfdca --- /dev/null +++ b/src/rsa_support.c @@ -0,0 +1,237 @@ +#include "rsa_support.h" + +#define ROUNDUP(a,b) ((a)-1)/(b)+1 + +/* general purpose hash function w=hash(p|n|x|y) */ +int hashit(int sha,octet *p,int n,octet *w) +{ + int i,c[4],hlen; + hash256 sha256; + hash512 sha512; + char hh[64]; + + switch (sha) + { + case SHA256: + HASH256_init(&sha256); + break; + case SHA384: + HASH384_init(&sha512); + break; + case SHA512: + HASH512_init(&sha512); + break; + } + + hlen=sha; + + if (p!=NULL) for (i=0; i<p->len; i++) + { + switch(sha) + { + case SHA256: + HASH256_process(&sha256,p->val[i]); + break; + case SHA384: + HASH384_process(&sha512,p->val[i]); + break; + case SHA512: + HASH512_process(&sha512,p->val[i]); + break; + } + } + if (n>=0) + { + c[0]=(n>>24)&0xff; + c[1]=(n>>16)&0xff; + c[2]=(n>>8)&0xff; + c[3]=(n)&0xff; + for (i=0; i<4; i++) + { + switch(sha) + { + case SHA256: + HASH256_process(&sha256,c[i]); + break; + case SHA384: + HASH384_process(&sha512,c[i]); + break; + case SHA512: + HASH512_process(&sha512,c[i]); + break; + } + } + } + + switch (sha) + { + case SHA256: + HASH256_hash(&sha256,hh); + break; + case SHA384: + HASH384_hash(&sha512,hh); + break; + case SHA512: + HASH512_hash(&sha512,hh); + break; + } + + OCT_empty(w); + OCT_jbytes(w,hh,hlen); + for (i=0; i<hlen; i++) hh[i]=0; + + return hlen; +} + +/* Mask Generation Function */ + +static void MGF1(int sha,octet *z,int olen,octet *mask) +{ + char h[64]; + octet H= {0,sizeof(h),h}; + int hlen=sha; + int counter,cthreshold; + + OCT_empty(mask); + + cthreshold=ROUNDUP(olen,hlen); + for (counter=0; counter<cthreshold; counter++) + { + hashit(sha,z,counter,&H); + if (mask->len+hlen>olen) OCT_jbytes(mask,H.val,olen%hlen); + else OCT_joctet(mask,&H); + } + OCT_clear(&H); +} + +/* SHAXXX identifier strings */ +const unsigned char SHA256ID[]= {0x30,0x31,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0x04,0x20}; +const unsigned char SHA384ID[]= {0x30,0x41,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,0x05,0x00,0x04,0x30}; +const unsigned char SHA512ID[]= {0x30,0x51,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00,0x04,0x40}; + +/* PKCS 1.5 padding of a message to be signed */ + +int PKCS15(int sha,octet *m,octet *w) +{ + int olen=w->max; + int hlen=sha; + int idlen=19; + char h[64]; + octet H= {0,sizeof(h),h}; + + if (olen<idlen+hlen+10) return 1; + hashit(sha,m,-1,&H); + + OCT_empty(w); + OCT_jbyte(w,0x00,1); + OCT_jbyte(w,0x01,1); + OCT_jbyte(w,0xff,olen-idlen-hlen-3); + OCT_jbyte(w,0x00,1); + + if (hlen==32) OCT_jbytes(w,(char *)SHA256ID,idlen); + if (hlen==48) OCT_jbytes(w,(char *)SHA384ID,idlen); + if (hlen==64) OCT_jbytes(w,(char *)SHA512ID,idlen); + + OCT_joctet(w,&H); + + return 0; +} + +/* OAEP Message Encoding for Encryption */ + +int OAEP_ENCODE(int sha,octet *m,csprng *RNG,octet *p,octet *f) +{ + int slen,olen=f->max-1; + int mlen=m->len; + int hlen,seedlen; + char dbmask[MAX_RSA_BYTES],seed[64]; + octet DBMASK= {0,sizeof(dbmask),dbmask}; + octet SEED= {0,sizeof(seed),seed}; + + hlen=seedlen=sha; + if (mlen>olen-hlen-seedlen-1) return 1; + if (m==f) return 1; /* must be distinct octets */ + + hashit(sha,p,-1,f); + + slen=olen-mlen-hlen-seedlen-1; + + OCT_jbyte(f,0,slen); + OCT_jbyte(f,0x1,1); + OCT_joctet(f,m); + + OCT_rand(&SEED,RNG,seedlen); + + MGF1(sha,&SEED,olen-seedlen,&DBMASK); + + OCT_xor(&DBMASK,f); + MGF1(sha,&DBMASK,seedlen,f); + + OCT_xor(f,&SEED); + + OCT_joctet(f,&DBMASK); + + OCT_pad(f,f->max); + OCT_clear(&SEED); + OCT_clear(&DBMASK); + + return 0; +} + +/* OAEP Message Decoding for Decryption */ + +int OAEP_DECODE(int sha,octet *p,octet *f) +{ + int comp,x,t; + int i,k,olen=f->max-1; + int hlen,seedlen; + char dbmask[MAX_RSA_BYTES],seed[64],chash[64]; + octet DBMASK= {0,sizeof(dbmask),dbmask}; + octet SEED= {0,sizeof(seed),seed}; + octet CHASH= {0,sizeof(chash),chash}; + + seedlen=hlen=sha; + if (olen<seedlen+hlen+1) return 1; + if (!OCT_pad(f,olen+1)) return 1; + hashit(sha,p,-1,&CHASH); + + x=f->val[0]; + for (i=seedlen; i<olen; i++) + DBMASK.val[i-seedlen]=f->val[i+1]; + DBMASK.len=olen-seedlen; + + MGF1(sha,&DBMASK,seedlen,&SEED); + for (i=0; i<seedlen; i++) SEED.val[i]^=f->val[i+1]; + MGF1(sha,&SEED,olen-seedlen,f); + OCT_xor(&DBMASK,f); + + comp=OCT_ncomp(&CHASH,&DBMASK,hlen); + + OCT_shl(&DBMASK,hlen); + + OCT_clear(&SEED); + OCT_clear(&CHASH); + + for (k=0;; k++) + { + if (k>=DBMASK.len) + { + OCT_clear(&DBMASK); + return 1; + } + if (DBMASK.val[k]!=0) break; + } + + t=DBMASK.val[k]; + if (!comp || x!=0 || t!=0x01) + { + OCT_clear(&DBMASK); + return 1; + } + + OCT_shl(&DBMASK,k+1); + OCT_copy(f,&DBMASK); + OCT_clear(&DBMASK); + + return 0; +} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/utils.c ---------------------------------------------------------------------- diff --git a/src/utils.c b/src/utils.c new file mode 100644 index 0000000..1a103f5 --- /dev/null +++ b/src/utils.c @@ -0,0 +1,131 @@ +/** + * @file utils.c + * @author Mike Scott + * @author Kealan McCusker + * @date 28th July 2016 + * @brief AMCL Support functions for M-Pin servers + * + * LICENSE + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +/* AMCL Support functions for M-Pin servers */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include "amcl.h" +#include "utils.h" + +/* Decode hex value */ +void amcl_hex2bin(const char *src, char *dst, int src_len) +{ + int i; + char v,c; + for (i = 0; i < src_len/2; i++) + { + c = src[2*i]; + if (c >= '0' && c <= '9') + { + v = c - '0'; + } + else if (c >= 'A' && c <= 'F') + { + v = c - 'A' + 10; + } + else if (c >= 'a' && c <= 'f') + { + v = c - 'a' + 10; + } + else + { + v = 0; + } + v <<= 4; + c = src[2*i + 1]; + if (c >= '0' && c <= '9') + { + v += c - '0'; + } + else if (c >= 'A' && c <= 'F') + { + v += c - 'A' + 10; + } + else if (c >= 'a' && c <= 'f') + { + v += c - 'a' + 10; + } + else + { + v = 0; + } + dst[i] = v; + } +} + +/* Encode binary string */ +void amcl_bin2hex(char *src, char *dst, int src_len) +{ + int i; + for (i = 0; i < src_len; i++) + { + sprintf(&dst[i*2],"%02x", (unsigned char) src[i]); + } +} + +/* Print encoded binary string in hex */ +void amcl_print_hex(char *src, int src_len) +{ + int i; + for (i = 0; i < src_len; i++) + { + printf("%02x", (unsigned char) src[i]); + } + printf("\n"); +} + +/* Generates a random six digit one time password */ +int generateOTP(csprng* RNG) +{ + int OTP=0; + + int i = 0; + int val = 0; + char byte[6] = {0}; + int mult=1; + + // Generate random 6 digit random value + for (i=0; i<6; i++) + { + byte[i]=RAND_byte(RNG); + val = byte[i]; + OTP = ((abs(val) % 10) * mult) + OTP; + mult = mult * 10; + } + + return OTP; +} + +/* Generate a random Octet */ +void generateRandom(csprng *RNG,octet *randomValue) +{ + int i; + for (i=0; i<randomValue->len; i++) + randomValue->val[i]=RAND_byte(RNG); +} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/version.c ---------------------------------------------------------------------- diff --git a/src/version.c b/src/version.c new file mode 100644 index 0000000..e34fdc3 --- /dev/null +++ b/src/version.c @@ -0,0 +1,136 @@ +/** + * @file version.c + * @author Mike Scott + * @author Kealan McCusker + * @date 28th April 2016 + * @brief AMCL version support function + * + * LICENSE + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +#include "version.h" + +/* AMCL version support function */ + +/* Print version number and information about the build */ +void amcl_version(void) +{ + printf("AMCL Version: %d.%d.%d\n", AMCL_VERSION_MAJOR, AMCL_VERSION_MINOR, AMCL_VERSION_PATCH); + printf("OS: %s\n", OS); + printf("CHUNK: %d\n", CHUNK); + + /* + * Supported curves + * Current choice of Elliptic Curves: + * - NIST256 + * - C25519 + * - ED25519 + * - BRAINPOOL + * - ANSSI + * - NUMS256E + * - NUMS256W + * - NUMS384E + * - NUMS384W + * - NUMS512E + * - NUMS512W + * - HIFIVE + * - GOLDILOCKS + * - NIST384 + * - C41417 + * - NIST521 + * - BN254 + * - BN254CX + * - BLS383 + */ + printf("\nSupported curves:\n"); +#ifdef NIST256_VER + printf("- NIST256\n"); +#endif +#ifdef C25519_VER + printf("- C25519\n"); +#endif +#ifdef ED25519_VER + printf("- ED25519\n"); +#endif +#ifdef BRAINPOOL_VER + printf("- BRAINPOOL\n"); +#endif +#ifdef ANSSI_VER + printf("- ANSSI\n"); +#endif +#ifdef NUMS256E_VER + printf("- NUMS256E\n"); +#endif +#ifdef NUMS256W_VER + printf("- NUMS256W\n"); +#endif +#ifdef NUMS384E_VER + printf("- NUMS384E\n"); +#endif +#ifdef NUMS384W_VER + printf("- NUMS384W\n"); +#endif +#ifdef NUMS512E_VER + printf("- NUMS512E\n"); +#endif +#ifdef NUMS512W_VER + printf("- NUMS512W\n"); +#endif +#ifdef HIFIVE_VER + printf("- HIFIVE\n"); +#endif +#ifdef GOLDILOCKS_VER + printf("- GOLDILOCKS\n"); +#endif +#ifdef NIST384_VER + printf("- NIST384\n"); +#endif +#ifdef C41417_VER + printf("- C41417\n"); +#endif +#ifdef NIST521_VER + printf("- NIST521\n"); +#endif +#ifdef BN254_VER + printf("- BN254\n"); +#endif +#ifdef BN254CX_VER + printf("- BN254CX\n"); +#endif +#ifdef BLS383_VER + printf("- BLS383\n"); +#endif + + /* + * Supported RSA security levels + * Current choice of security levels: 2048, 3072, 4096 + */ + printf("\nRSA security levels:\n"); +#ifdef RSA_SECURITY_LEVEL_2048_VER + printf("- 2048\n"); +#endif +#ifdef RSA_SECURITY_LEVEL_3072_VER + printf("- 3072\n"); +#endif +#ifdef RSA_SECURITY_LEVEL_4096_VER + printf("- 4096\n"); +#endif + +} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/wcc.c.in ---------------------------------------------------------------------- diff --git a/src/wcc.c.in b/src/wcc.c.in new file mode 100644 index 0000000..9dc7b80 --- /dev/null +++ b/src/wcc.c.in @@ -0,0 +1,343 @@ +/** + * @file wcc_ZZZ.c + * @author Mike Scott + * @author Kealan McCusker + * @date 28th April 2016 + * @brief AMCL Wang / Chow Choo (WCC) definitions + * + * LICENSE + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <time.h> +#include "wcc_ZZZ.h" + + +/* Perform sha256 of EC Points and Id. Map to an integer modulo the curve order. */ +void WCC_ZZZ_Hq(int sha, octet *A,octet *B,octet *C,octet *D,octet *h) +{ + BIG_XXX q,hs; + // hv has to store two points in G1, One in G2 and the Id length + char hv[2000]; + octet HV= {0,sizeof(hv),hv}; + char ht[WCC_PFS_ZZZ]; + octet HT= {0,sizeof(ht),ht}; + + BIG_XXX_rcopy(q,CURVE_Order_ZZZ); + +#ifdef DEBUG + printf("WCC_ZZZ_Hq: A: "); + OCT_output(A); + printf("\n"); + printf("WCC_ZZZ_Hq: B: "); + OCT_output(B); + printf("\n"); + printf("WCC_ZZZ_Hq: C: "); + OCT_output(C); + printf("\n"); + printf("WCC_ZZZ_Hq: D: "); + OCT_output(D); + printf("\n"); +#endif + + OCT_joctet(&HV,A); + OCT_joctet(&HV,B); + OCT_joctet(&HV,C); + OCT_joctet(&HV,D); + mhashit(sha,0,&HV,&HT); + + BIG_XXX_fromBytes(hs,HT.val); + BIG_XXX_mod(hs,q); + OCT_clear(&HT); + BIG_XXX_toBytes(h->val,hs); + h->len=WCC_PGS_ZZZ; +} + +/* Calculate a value in G1. VG1 = s*H1(ID) where ID is the identity */ +int WCC_ZZZ_GET_G1_MULTIPLE(octet *S,octet *HID,octet *VG1) +{ + BIG_XXX s; + ECP_ZZZ P; + + ECP_ZZZ_mapit(&P,HID); + + BIG_XXX_fromBytes(s,S->val); + PAIR_ZZZ_G1mul(&P,s); + + ECP_ZZZ_toOctet(VG1,&P); + return 0; +} + +/* Calculate a value in G2. VG2 = s*H2(ID) where ID is the identity */ +int WCC_ZZZ_GET_G2_MULTIPLE(octet *S,octet *HID,octet *VG2) +{ + BIG_XXX s; + ECP2_ZZZ P; + + ECP2_ZZZ_mapit(&P,HID); + + BIG_XXX_fromBytes(s,S->val); + PAIR_ZZZ_G2mul(&P,s); + + ECP2_ZZZ_toOctet(VG2,&P); + return 0; +} + +/* Calculate the sender AES Key */ +int WCC_ZZZ_SENDER_KEY(int sha, octet *xOct, octet *piaOct, octet *pibOct, octet *PbG2Oct, octet *PgG1Oct, octet *AKeyG1Oct, octet *IdBOct, octet *AESKeyOct) +{ + ECP_ZZZ sAG1,PgG1; + ECP2_ZZZ BG2,PbG2; + char hv1[WCC_PFS_ZZZ]; + octet HV1= {0,sizeof(hv1),hv1}; + + // Pairing outputs + FP12_YYY g; + + FP4_YYY c; + BIG_XXX t,x,z,pia,pib; + + char xpgg1[2*WCC_PFS_ZZZ+1]; + octet xPgG1Oct= {0,sizeof(xpgg1), xpgg1}; + + char hv[6*WCC_PFS_ZZZ+1]; + octet HV= {0,sizeof(hv),hv}; + char ht[AESKEY_ZZZ]; + octet HT= {0,sizeof(ht),ht}; + + BIG_XXX_fromBytes(x,xOct->val); + BIG_XXX_fromBytes(pia,piaOct->val); + BIG_XXX_fromBytes(pib,pibOct->val); + + if (!ECP2_ZZZ_fromOctet(&PbG2,PbG2Oct)) + { +#ifdef DEBUG + printf("PbG2Oct Invalid Point: "); + OCT_output(PbG2Oct); + printf("\n"); +#endif + return WCC_INVALID_POINT; + } + + if (!ECP_ZZZ_fromOctet(&PgG1,PgG1Oct)) + { +#ifdef DEBUG + printf("PgG1Oct Invalid Point: "); + OCT_output(PgG1Oct); + printf("\n"); +#endif + return WCC_INVALID_POINT; + } + + mhashit(sha,0,IdBOct,&HV1); + ECP2_ZZZ_mapit(&BG2,&HV1); + + if (!ECP_ZZZ_fromOctet(&sAG1,AKeyG1Oct)) + { +#ifdef DEBUG + printf("AKeyG1Oct Invalid Point: "); + OCT_output(AKeyG1Oct); + printf("\n"); +#endif + return WCC_INVALID_POINT; + } + + // z = x + pia + BIG_XXX_add(z,x,pia); + + // (x+pia).AKeyG1 + PAIR_ZZZ_G1mul(&sAG1,z); + + // pib.BG2 + PAIR_ZZZ_G2mul(&BG2,pib); + + // pib.BG2+PbG2 + ECP2_ZZZ_add(&BG2, &PbG2); + + ECP2_ZZZ_affine(&BG2); + ECP_ZZZ_affine(&sAG1); + + PAIR_ZZZ_ate(&g,&BG2,&sAG1); + PAIR_ZZZ_fexp(&g); + // printf("WCC_ZZZ_SENDER_KEY e(sAG1,BG2) = ");FP12_YYY_output(&g); printf("\n"); + + // x.PgG1 + PAIR_ZZZ_G1mul(&PgG1,x); + ECP_ZZZ_toOctet(&xPgG1Oct,&PgG1); + + // Generate AES Key : K=H(k,x.PgG1) + FP12_YYY_trace(&c,&g); + + HV.len = 4*WCC_PFS_ZZZ; + FP_YYY_redc(t,&(c.a.a)); + BIG_XXX_toBytes(&(HV.val[0]),t); + + FP_YYY_redc(t,&(c.a.b)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ]),t); + + FP_YYY_redc(t,&(c.b.a)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*2]),t); + + FP_YYY_redc(t,&(c.b.b)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*3]),t); + + // Set HV.len to correct value + OCT_joctet(&HV,&xPgG1Oct); + + mhashit(sha,0,&HV,&HT); + + OCT_empty(AESKeyOct); + OCT_jbytes(AESKeyOct,HT.val,AESKEY_ZZZ); + + return 0; +} + +/* Calculate the receiver AES key */ +int WCC_ZZZ_RECEIVER_KEY(int sha, octet *yOct, octet *wOct, octet *piaOct, octet *pibOct, octet *PaG1Oct, octet *PgG1Oct, octet *BKeyG2Oct, octet *IdAOct, octet *AESKeyOct) +{ + ECP_ZZZ AG1,PgG1,PaG1; + ECP2_ZZZ sBG2; + char hv1[WCC_PFS_ZZZ]; + octet HV1= {0,sizeof(hv1),hv1}; + + // Pairing outputs + FP12_YYY g; + + FP4_YYY c; + BIG_XXX t,w,y,pia,pib;; + + char wpag1[2*WCC_PFS_ZZZ+1]; + octet wPaG1Oct= {0,sizeof(wpag1), wpag1}; + + char hv[6*WCC_PFS_ZZZ+1]; + octet HV= {0,sizeof(hv),hv}; + char ht[AESKEY_ZZZ]; + octet HT= {0,sizeof(ht),ht}; + + BIG_XXX_fromBytes(y,yOct->val); + BIG_XXX_fromBytes(w,wOct->val); + BIG_XXX_fromBytes(pia,piaOct->val); + BIG_XXX_fromBytes(pib,pibOct->val); + + if (!ECP_ZZZ_fromOctet(&PaG1,PaG1Oct)) + return WCC_INVALID_POINT; + + if (!ECP_ZZZ_fromOctet(&PgG1,PgG1Oct)) + return WCC_INVALID_POINT; + + mhashit(sha,0,IdAOct,&HV1); + ECP_ZZZ_mapit(&AG1,&HV1); + + if (!ECP2_ZZZ_fromOctet(&sBG2,BKeyG2Oct)) + return WCC_INVALID_POINT; + + // y = y + pib + BIG_XXX_add(y,y,pib); + + // (y+pib).BKeyG2 + PAIR_ZZZ_G2mul(&sBG2,y); + + // pia.AG1 + PAIR_ZZZ_G1mul(&AG1,pia); + + // pia.AG1+PaG1 + ECP_ZZZ_add(&AG1, &PaG1); + + ECP2_ZZZ_affine(&sBG2); + ECP_ZZZ_affine(&AG1); + + PAIR_ZZZ_ate(&g,&sBG2,&AG1); + PAIR_ZZZ_fexp(&g); + // printf("WCC_ZZZ_RECEIVER_KEY e(AG1,sBG2) = ");FP12_YYY_output(&g); printf("\n"); + + // w.PaG1 + PAIR_ZZZ_G1mul(&PaG1,w); + ECP_ZZZ_toOctet(&wPaG1Oct,&PaG1); + + // Generate AES Key: K=H(k,w.PaG1) + FP12_YYY_trace(&c,&g); + + HV.len = 4*WCC_PFS_ZZZ; + FP_YYY_redc(t,&(c.a.a)); + BIG_XXX_toBytes(&(HV.val[0]),t); + + FP_YYY_redc(t,&(c.a.b)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ]),t); + + FP_YYY_redc(t,&(c.b.a)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*2]),t); + + FP_YYY_redc(t,&(c.b.b)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*3]),t); + + // Set HV.len to correct value + OCT_joctet(&HV,&wPaG1Oct); + + mhashit(sha,0,&HV,&HT); + + OCT_empty(AESKeyOct); + OCT_jbytes(AESKeyOct,HT.val,AESKEY_ZZZ); + + return 0; + +} + +/* Generate a random number modulus the group order */ +int WCC_ZZZ_RANDOM_GENERATE(csprng *RNG,octet* S) +{ + BIG_XXX r,s; + BIG_XXX_rcopy(r,CURVE_Order_ZZZ); + BIG_XXX_randomnum(s,r,RNG); + BIG_XXX_toBytes(S->val,s); + S->len=WCC_PGS_ZZZ; + return 0; +} + +/* Add two members from the group G1 */ +int WCC_ZZZ_RECOMBINE_G1(octet *R1,octet *R2,octet *R) +{ + ECP_ZZZ P,T; + int res=0; + if (!ECP_ZZZ_fromOctet(&P,R1)) res=WCC_INVALID_POINT; + if (!ECP_ZZZ_fromOctet(&T,R2)) res=WCC_INVALID_POINT; + if (res==0) + { + ECP_ZZZ_add(&P,&T); + ECP_ZZZ_toOctet(R,&P); + } + return res; +} + +/* Add two members from the group G2 */ +int WCC_ZZZ_RECOMBINE_G2(octet *W1,octet *W2,octet *W) +{ + ECP2_ZZZ Q,T; + int res=0; + if (!ECP2_ZZZ_fromOctet(&Q,W1)) res=WCC_INVALID_POINT; + if (!ECP2_ZZZ_fromOctet(&T,W2)) res=WCC_INVALID_POINT; + if (res==0) + { + ECP2_ZZZ_add(&Q,&T); + ECP2_ZZZ_toOctet(W,&Q); + } + return res; +} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/wcc192.c.in ---------------------------------------------------------------------- diff --git a/src/wcc192.c.in b/src/wcc192.c.in new file mode 100644 index 0000000..127edaa --- /dev/null +++ b/src/wcc192.c.in @@ -0,0 +1,368 @@ +/** + * @file wcc192_ZZZ.c + * @author Mike Scott + * @author Kealan McCusker + * @date 28th April 2016 + * @brief AMCL Wang / Chow Choo (WCC) definitions + * + * LICENSE + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <time.h> +#include "wcc192_ZZZ.h" + + +/* Perform sha256 of EC Points and Id. Map to an integer modulo the curve order. */ +void WCC_ZZZ_Hq(int sha, octet *A,octet *B,octet *C,octet *D,octet *h) +{ + BIG_XXX q,hs; + // hv has to store two points in G1, One in G2 and the Id length + char hv[2000]; + octet HV= {0,sizeof(hv),hv}; + char ht[WCC_PFS_ZZZ]; + octet HT= {0,sizeof(ht),ht}; + + BIG_XXX_rcopy(q,CURVE_Order_ZZZ); + +#ifdef DEBUG + printf("WCC_ZZZ_Hq: A: "); + OCT_output(A); + printf("\n"); + printf("WCC_ZZZ_Hq: B: "); + OCT_output(B); + printf("\n"); + printf("WCC_ZZZ_Hq: C: "); + OCT_output(C); + printf("\n"); + printf("WCC_ZZZ_Hq: D: "); + OCT_output(D); + printf("\n"); +#endif + + OCT_joctet(&HV,A); + OCT_joctet(&HV,B); + OCT_joctet(&HV,C); + OCT_joctet(&HV,D); + mhashit(sha,0,&HV,&HT); + + BIG_XXX_fromBytes(hs,HT.val); + BIG_XXX_mod(hs,q); + OCT_clear(&HT); + BIG_XXX_toBytes(h->val,hs); + h->len=WCC_PGS_ZZZ; +} + +/* Calculate a value in G1. VG1 = s*H1(ID) where ID is the identity */ +int WCC_ZZZ_GET_G1_MULTIPLE(octet *S,octet *HID,octet *VG1) +{ + BIG_XXX s; + ECP_ZZZ P; + + ECP_ZZZ_mapit(&P,HID); + + BIG_XXX_fromBytes(s,S->val); + PAIR_ZZZ_G1mul(&P,s); + + ECP_ZZZ_toOctet(VG1,&P); + return 0; +} + +/* Calculate a value in G2. VG2 = s*H2(ID) where ID is the identity */ +int WCC_ZZZ_GET_G2_MULTIPLE(octet *S,octet *HID,octet *VG2) +{ + BIG_XXX s; + ECP4_ZZZ P; + + ECP4_ZZZ_mapit(&P,HID); + + BIG_XXX_fromBytes(s,S->val); + PAIR_ZZZ_G2mul(&P,s); + + ECP4_ZZZ_toOctet(VG2,&P); + return 0; +} + +/* Calculate the sender AES Key */ +int WCC_ZZZ_SENDER_KEY(int sha, octet *xOct, octet *piaOct, octet *pibOct, octet *PbG2Oct, octet *PgG1Oct, octet *AKeyG1Oct, octet *IdBOct, octet *AESKeyOct) +{ + ECP_ZZZ sAG1,PgG1; + ECP4_ZZZ BG2,PbG2; + char hv1[WCC_PFS_ZZZ]; + octet HV1= {0,sizeof(hv1),hv1}; + + // Pairing outputs + FP24_YYY g; + + FP8_YYY c; + BIG_XXX t,x,z,pia,pib; + + char xpgg1[2*WCC_PFS_ZZZ+1]; + octet xPgG1Oct= {0,sizeof(xpgg1), xpgg1}; + + char hv[10*WCC_PFS_ZZZ+1]; + octet HV= {0,sizeof(hv),hv}; + char ht[AESKEY_ZZZ]; + octet HT= {0,sizeof(ht),ht}; + + BIG_XXX_fromBytes(x,xOct->val); + BIG_XXX_fromBytes(pia,piaOct->val); + BIG_XXX_fromBytes(pib,pibOct->val); + + if (!ECP4_ZZZ_fromOctet(&PbG2,PbG2Oct)) + { +#ifdef DEBUG + printf("PbG2Oct Invalid Point: "); + OCT_output(PbG2Oct); + printf("\n"); +#endif + return WCC_INVALID_POINT; + } + + if (!ECP_ZZZ_fromOctet(&PgG1,PgG1Oct)) + { +#ifdef DEBUG + printf("PgG1Oct Invalid Point: "); + OCT_output(PgG1Oct); + printf("\n"); +#endif + return WCC_INVALID_POINT; + } + + mhashit(sha,0,IdBOct,&HV1); + ECP4_ZZZ_mapit(&BG2,&HV1); + + if (!ECP_ZZZ_fromOctet(&sAG1,AKeyG1Oct)) + { +#ifdef DEBUG + printf("AKeyG1Oct Invalid Point: "); + OCT_output(AKeyG1Oct); + printf("\n"); +#endif + return WCC_INVALID_POINT; + } + + // z = x + pia + BIG_XXX_add(z,x,pia); + + // (x+pia).AKeyG1 + PAIR_ZZZ_G1mul(&sAG1,z); + + // pib.BG2 + PAIR_ZZZ_G2mul(&BG2,pib); + + // pib.BG2+PbG2 + ECP4_ZZZ_add(&BG2, &PbG2); + + ECP4_ZZZ_affine(&BG2); + ECP_ZZZ_affine(&sAG1); + + PAIR_ZZZ_ate(&g,&BG2,&sAG1); + PAIR_ZZZ_fexp(&g); + // printf("WCC_ZZZ_SENDER_KEY e(sAG1,BG2) = ");FP24_YYY_output(&g); printf("\n"); + + // x.PgG1 + PAIR_ZZZ_G1mul(&PgG1,x); + ECP_ZZZ_toOctet(&xPgG1Oct,&PgG1); + + // Generate AES Key : K=H(k,x.PgG1) + FP24_YYY_trace(&c,&g); + + HV.len = 8*WCC_PFS_ZZZ; + FP_YYY_redc(t,&(c.a.a.a)); + BIG_XXX_toBytes(&(HV.val[0]),t); + + FP_YYY_redc(t,&(c.a.a.b)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ]),t); + + FP_YYY_redc(t,&(c.a.b.a)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*2]),t); + + FP_YYY_redc(t,&(c.a.b.b)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*3]),t); + + FP_YYY_redc(t,&(c.b.a.a)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*4]),t); + + FP_YYY_redc(t,&(c.b.a.b)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*5]),t); + + FP_YYY_redc(t,&(c.b.b.a)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*6]),t); + + FP_YYY_redc(t,&(c.b.b.b)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*7]),t); + + // Set HV.len to correct value + OCT_joctet(&HV,&xPgG1Oct); + + mhashit(sha,0,&HV,&HT); + + OCT_empty(AESKeyOct); + OCT_jbytes(AESKeyOct,HT.val,AESKEY_ZZZ); + + return 0; +} + +/* Calculate the receiver AES key */ +int WCC_ZZZ_RECEIVER_KEY(int sha, octet *yOct, octet *wOct, octet *piaOct, octet *pibOct, octet *PaG1Oct, octet *PgG1Oct, octet *BKeyG2Oct, octet *IdAOct, octet *AESKeyOct) +{ + ECP_ZZZ AG1,PgG1,PaG1; + ECP4_ZZZ sBG2; + char hv1[WCC_PFS_ZZZ]; + octet HV1= {0,sizeof(hv1),hv1}; + + // Pairing outputs + FP24_YYY g; + + FP8_YYY c; + BIG_XXX t,w,y,pia,pib;; + + char wpag1[2*WCC_PFS_ZZZ+1]; + octet wPaG1Oct= {0,sizeof(wpag1), wpag1}; + + char hv[10*WCC_PFS_ZZZ+1]; + octet HV= {0,sizeof(hv),hv}; + char ht[AESKEY_ZZZ]; + octet HT= {0,sizeof(ht),ht}; + + BIG_XXX_fromBytes(y,yOct->val); + BIG_XXX_fromBytes(w,wOct->val); + BIG_XXX_fromBytes(pia,piaOct->val); + BIG_XXX_fromBytes(pib,pibOct->val); + + if (!ECP_ZZZ_fromOctet(&PaG1,PaG1Oct)) + return WCC_INVALID_POINT; + + if (!ECP_ZZZ_fromOctet(&PgG1,PgG1Oct)) + return WCC_INVALID_POINT; + + mhashit(sha,0,IdAOct,&HV1); + ECP_ZZZ_mapit(&AG1,&HV1); + + if (!ECP4_ZZZ_fromOctet(&sBG2,BKeyG2Oct)) + return WCC_INVALID_POINT; + + // y = y + pib + BIG_XXX_add(y,y,pib); + + // (y+pib).BKeyG2 + PAIR_ZZZ_G2mul(&sBG2,y); + + // pia.AG1 + PAIR_ZZZ_G1mul(&AG1,pia); + + // pia.AG1+PaG1 + ECP_ZZZ_add(&AG1, &PaG1); + + ECP4_ZZZ_affine(&sBG2); + ECP_ZZZ_affine(&AG1); + + PAIR_ZZZ_ate(&g,&sBG2,&AG1); + PAIR_ZZZ_fexp(&g); + // printf("WCC_ZZZ_RECEIVER_KEY e(AG1,sBG2) = ");FP24_YYY_output(&g); printf("\n"); + + // w.PaG1 + PAIR_ZZZ_G1mul(&PaG1,w); + ECP_ZZZ_toOctet(&wPaG1Oct,&PaG1); + + // Generate AES Key: K=H(k,w.PaG1) + FP24_YYY_trace(&c,&g); + + HV.len = 8*WCC_PFS_ZZZ; + FP_YYY_redc(t,&(c.a.a.a)); + BIG_XXX_toBytes(&(HV.val[0]),t); + + FP_YYY_redc(t,&(c.a.a.b)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ]),t); + + FP_YYY_redc(t,&(c.a.b.a)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*2]),t); + + FP_YYY_redc(t,&(c.a.b.b)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*3]),t); + + FP_YYY_redc(t,&(c.b.a.a)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*4]),t); + + FP_YYY_redc(t,&(c.b.a.b)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*5]),t); + + FP_YYY_redc(t,&(c.b.b.a)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*6]),t); + + FP_YYY_redc(t,&(c.b.b.b)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*7]),t); + + + // Set HV.len to correct value + OCT_joctet(&HV,&wPaG1Oct); + + mhashit(sha,0,&HV,&HT); + + OCT_empty(AESKeyOct); + OCT_jbytes(AESKeyOct,HT.val,AESKEY_ZZZ); + + return 0; + +} + +/* Generate a random number modulus the group order */ +int WCC_ZZZ_RANDOM_GENERATE(csprng *RNG,octet* S) +{ + BIG_XXX r,s; + BIG_XXX_rcopy(r,CURVE_Order_ZZZ); + BIG_XXX_randomnum(s,r,RNG); + BIG_XXX_toBytes(S->val,s); + S->len=WCC_PGS_ZZZ; + return 0; +} + +/* Add two members from the group G1 */ +int WCC_ZZZ_RECOMBINE_G1(octet *R1,octet *R2,octet *R) +{ + ECP_ZZZ P,T; + int res=0; + if (!ECP_ZZZ_fromOctet(&P,R1)) res=WCC_INVALID_POINT; + if (!ECP_ZZZ_fromOctet(&T,R2)) res=WCC_INVALID_POINT; + if (res==0) + { + ECP_ZZZ_add(&P,&T); + ECP_ZZZ_toOctet(R,&P); + } + return res; +} + +/* Add two members from the group G2 */ +int WCC_ZZZ_RECOMBINE_G2(octet *W1,octet *W2,octet *W) +{ + ECP4_ZZZ Q,T; + int res=0; + if (!ECP4_ZZZ_fromOctet(&Q,W1)) res=WCC_INVALID_POINT; + if (!ECP4_ZZZ_fromOctet(&T,W2)) res=WCC_INVALID_POINT; + if (res==0) + { + ECP4_ZZZ_add(&Q,&T); + ECP4_ZZZ_toOctet(W,&Q); + } + return res; +} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/wcc256.c.in ---------------------------------------------------------------------- diff --git a/src/wcc256.c.in b/src/wcc256.c.in new file mode 100644 index 0000000..74c6ed2 --- /dev/null +++ b/src/wcc256.c.in @@ -0,0 +1,413 @@ +/** + * @file wcc256_ZZZ.c + * @author Mike Scott + * @author Kealan McCusker + * @date 28th April 2016 + * @brief AMCL Wang / Chow Choo (WCC) definitions + * + * LICENSE + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <time.h> +#include "wcc256_ZZZ.h" + + +/* Perform sha256 of EC Points and Id. Map to an integer modulo the curve order. */ +void WCC_ZZZ_Hq(int sha, octet *A,octet *B,octet *C,octet *D,octet *h) +{ + BIG_XXX q,hs; + // hv has to store two points in G1, One in G2 and the Id length + char hv[4000]; + octet HV= {0,sizeof(hv),hv}; + char ht[WCC_PFS_ZZZ]; + octet HT= {0,sizeof(ht),ht}; + + BIG_XXX_rcopy(q,CURVE_Order_ZZZ); + +#ifdef DEBUG + printf("WCC_ZZZ_Hq: A: "); + OCT_output(A); + printf("\n"); + printf("WCC_ZZZ_Hq: B: "); + OCT_output(B); + printf("\n"); + printf("WCC_ZZZ_Hq: C: "); + OCT_output(C); + printf("\n"); + printf("WCC_ZZZ_Hq: D: "); + OCT_output(D); + printf("\n"); +#endif + + OCT_joctet(&HV,A); + OCT_joctet(&HV,B); + OCT_joctet(&HV,C); + OCT_joctet(&HV,D); + mhashit(sha,0,&HV,&HT); + + BIG_XXX_fromBytes(hs,HT.val); + BIG_XXX_mod(hs,q); + OCT_clear(&HT); + BIG_XXX_toBytes(h->val,hs); + h->len=WCC_PGS_ZZZ; +} + +/* Calculate a value in G1. VG1 = s*H1(ID) where ID is the identity */ +int WCC_ZZZ_GET_G1_MULTIPLE(octet *S,octet *HID,octet *VG1) +{ + BIG_XXX s; + ECP_ZZZ P; + + ECP_ZZZ_mapit(&P,HID); + + BIG_XXX_fromBytes(s,S->val); + PAIR_ZZZ_G1mul(&P,s); + + ECP_ZZZ_toOctet(VG1,&P); + return 0; +} + +/* Calculate a value in G2. VG2 = s*H2(ID) where ID is the identity */ +int WCC_ZZZ_GET_G2_MULTIPLE(octet *S,octet *HID,octet *VG2) +{ + BIG_XXX s; + ECP8_ZZZ P; + + ECP8_ZZZ_mapit(&P,HID); + + BIG_XXX_fromBytes(s,S->val); + PAIR_ZZZ_G2mul(&P,s); + + ECP8_ZZZ_toOctet(VG2,&P); + return 0; +} + +/* Calculate the sender AES Key */ +int WCC_ZZZ_SENDER_KEY(int sha, octet *xOct, octet *piaOct, octet *pibOct, octet *PbG2Oct, octet *PgG1Oct, octet *AKeyG1Oct, octet *IdBOct, octet *AESKeyOct) +{ + ECP_ZZZ sAG1,PgG1; + ECP8_ZZZ BG2,PbG2; + char hv1[WCC_PFS_ZZZ]; + octet HV1= {0,sizeof(hv1),hv1}; + + // Pairing outputs + FP48_YYY g; + + FP16_YYY c; + BIG_XXX t,x,z,pia,pib; + + char xpgg1[2*WCC_PFS_ZZZ+1]; + octet xPgG1Oct= {0,sizeof(xpgg1), xpgg1}; + + char hv[18*WCC_PFS_ZZZ+1]; + octet HV= {0,sizeof(hv),hv}; + char ht[AESKEY_ZZZ]; + octet HT= {0,sizeof(ht),ht}; + + BIG_XXX_fromBytes(x,xOct->val); + BIG_XXX_fromBytes(pia,piaOct->val); + BIG_XXX_fromBytes(pib,pibOct->val); + + if (!ECP8_ZZZ_fromOctet(&PbG2,PbG2Oct)) + { +#ifdef DEBUG + printf("PbG2Oct Invalid Point: "); + OCT_output(PbG2Oct); + printf("\n"); +#endif + return WCC_INVALID_POINT; + } + + if (!ECP_ZZZ_fromOctet(&PgG1,PgG1Oct)) + { +#ifdef DEBUG + printf("PgG1Oct Invalid Point: "); + OCT_output(PgG1Oct); + printf("\n"); +#endif + return WCC_INVALID_POINT; + } + + mhashit(sha,0,IdBOct,&HV1); + ECP8_ZZZ_mapit(&BG2,&HV1); + + if (!ECP_ZZZ_fromOctet(&sAG1,AKeyG1Oct)) + { +#ifdef DEBUG + printf("AKeyG1Oct Invalid Point: "); + OCT_output(AKeyG1Oct); + printf("\n"); +#endif + return WCC_INVALID_POINT; + } + + // z = x + pia + BIG_XXX_add(z,x,pia); + + // (x+pia).AKeyG1 + PAIR_ZZZ_G1mul(&sAG1,z); + + // pib.BG2 + PAIR_ZZZ_G2mul(&BG2,pib); + + // pib.BG2+PbG2 + ECP8_ZZZ_add(&BG2, &PbG2); + + ECP8_ZZZ_affine(&BG2); + ECP_ZZZ_affine(&sAG1); + + PAIR_ZZZ_ate(&g,&BG2,&sAG1); + PAIR_ZZZ_fexp(&g); + + // x.PgG1 + PAIR_ZZZ_G1mul(&PgG1,x); + ECP_ZZZ_toOctet(&xPgG1Oct,&PgG1); + + // Generate AES Key : K=H(k,x.PgG1) + FP48_YYY_trace(&c,&g); + + HV.len = 16*WCC_PFS_ZZZ; + FP_YYY_redc(t,&(c.a.a.a.a)); + BIG_XXX_toBytes(&(HV.val[0]),t); + + FP_YYY_redc(t,&(c.a.a.a.b)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ]),t); + + FP_YYY_redc(t,&(c.a.a.b.a)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*2]),t); + + FP_YYY_redc(t,&(c.a.a.b.b)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*3]),t); + + FP_YYY_redc(t,&(c.a.b.a.a)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*4]),t); + + FP_YYY_redc(t,&(c.a.b.a.b)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*5]),t); + + FP_YYY_redc(t,&(c.a.b.b.a)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*6]),t); + + FP_YYY_redc(t,&(c.a.b.b.b)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*7]),t); + + FP_YYY_redc(t,&(c.b.a.a.a)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*8]),t); + + FP_YYY_redc(t,&(c.b.a.a.b)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*9]),t); + + FP_YYY_redc(t,&(c.b.a.b.a)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*10]),t); + + FP_YYY_redc(t,&(c.b.a.b.b)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*11]),t); + + FP_YYY_redc(t,&(c.b.b.a.a)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*12]),t); + + FP_YYY_redc(t,&(c.b.b.a.b)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*13]),t); + + FP_YYY_redc(t,&(c.b.b.b.a)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*14]),t); + + FP_YYY_redc(t,&(c.b.b.b.b)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*15]),t); + + // Set HV.len to correct value + OCT_joctet(&HV,&xPgG1Oct); + + mhashit(sha,0,&HV,&HT); + + OCT_empty(AESKeyOct); + OCT_jbytes(AESKeyOct,HT.val,AESKEY_ZZZ); + + return 0; +} + +/* Calculate the receiver AES key */ +int WCC_ZZZ_RECEIVER_KEY(int sha, octet *yOct, octet *wOct, octet *piaOct, octet *pibOct, octet *PaG1Oct, octet *PgG1Oct, octet *BKeyG2Oct, octet *IdAOct, octet *AESKeyOct) +{ + ECP_ZZZ AG1,PgG1,PaG1; + ECP8_ZZZ sBG2; + char hv1[WCC_PFS_ZZZ]; + octet HV1= {0,sizeof(hv1),hv1}; + + // Pairing outputs + FP48_YYY g; + + FP16_YYY c; + BIG_XXX t,w,y,pia,pib;; + + char wpag1[2*WCC_PFS_ZZZ+1]; + octet wPaG1Oct= {0,sizeof(wpag1), wpag1}; + + char hv[18*WCC_PFS_ZZZ+1]; + octet HV= {0,sizeof(hv),hv}; + char ht[AESKEY_ZZZ]; + octet HT= {0,sizeof(ht),ht}; + + BIG_XXX_fromBytes(y,yOct->val); + BIG_XXX_fromBytes(w,wOct->val); + BIG_XXX_fromBytes(pia,piaOct->val); + BIG_XXX_fromBytes(pib,pibOct->val); + + if (!ECP_ZZZ_fromOctet(&PaG1,PaG1Oct)) + return WCC_INVALID_POINT; + + if (!ECP_ZZZ_fromOctet(&PgG1,PgG1Oct)) + return WCC_INVALID_POINT; + + mhashit(sha,0,IdAOct,&HV1); + ECP_ZZZ_mapit(&AG1,&HV1); + + if (!ECP8_ZZZ_fromOctet(&sBG2,BKeyG2Oct)) + return WCC_INVALID_POINT; + + // y = y + pib + BIG_XXX_add(y,y,pib); + + // (y+pib).BKeyG2 + PAIR_ZZZ_G2mul(&sBG2,y); + + // pia.AG1 + PAIR_ZZZ_G1mul(&AG1,pia); + + // pia.AG1+PaG1 + ECP_ZZZ_add(&AG1, &PaG1); + + ECP8_ZZZ_affine(&sBG2); + ECP_ZZZ_affine(&AG1); + + PAIR_ZZZ_ate(&g,&sBG2,&AG1); + PAIR_ZZZ_fexp(&g); + + // w.PaG1 + PAIR_ZZZ_G1mul(&PaG1,w); + ECP_ZZZ_toOctet(&wPaG1Oct,&PaG1); + + // Generate AES Key: K=H(k,w.PaG1) + FP48_YYY_trace(&c,&g); + + HV.len = 16*WCC_PFS_ZZZ; + FP_YYY_redc(t,&(c.a.a.a.a)); + BIG_XXX_toBytes(&(HV.val[0]),t); + + FP_YYY_redc(t,&(c.a.a.a.b)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ]),t); + + FP_YYY_redc(t,&(c.a.a.b.a)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*2]),t); + + FP_YYY_redc(t,&(c.a.a.b.b)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*3]),t); + + FP_YYY_redc(t,&(c.a.b.a.a)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*4]),t); + + FP_YYY_redc(t,&(c.a.b.a.b)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*5]),t); + + FP_YYY_redc(t,&(c.a.b.b.a)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*6]),t); + + FP_YYY_redc(t,&(c.a.b.b.b)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*7]),t); + + FP_YYY_redc(t,&(c.b.a.a.a)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*8]),t); + + FP_YYY_redc(t,&(c.b.a.a.b)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*9]),t); + + FP_YYY_redc(t,&(c.b.a.b.a)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*10]),t); + + FP_YYY_redc(t,&(c.b.a.b.b)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*11]),t); + + FP_YYY_redc(t,&(c.b.b.a.a)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*12]),t); + + FP_YYY_redc(t,&(c.b.b.a.b)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*13]),t); + + FP_YYY_redc(t,&(c.b.b.b.a)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*14]),t); + + FP_YYY_redc(t,&(c.b.b.b.b)); + BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*15]),t); + + // Set HV.len to correct value + OCT_joctet(&HV,&wPaG1Oct); + + mhashit(sha,0,&HV,&HT); + + OCT_empty(AESKeyOct); + OCT_jbytes(AESKeyOct,HT.val,AESKEY_ZZZ); + + return 0; + +} + +/* Generate a random number modulus the group order */ +int WCC_ZZZ_RANDOM_GENERATE(csprng *RNG,octet* S) +{ + BIG_XXX r,s; + BIG_XXX_rcopy(r,CURVE_Order_ZZZ); + BIG_XXX_randomnum(s,r,RNG); + BIG_XXX_toBytes(S->val,s); + S->len=WCC_PGS_ZZZ; + return 0; +} + +/* Add two members from the group G1 */ +int WCC_ZZZ_RECOMBINE_G1(octet *R1,octet *R2,octet *R) +{ + ECP_ZZZ P,T; + int res=0; + if (!ECP_ZZZ_fromOctet(&P,R1)) res=WCC_INVALID_POINT; + if (!ECP_ZZZ_fromOctet(&T,R2)) res=WCC_INVALID_POINT; + if (res==0) + { + ECP_ZZZ_add(&P,&T); + ECP_ZZZ_toOctet(R,&P); + } + return res; +} + +/* Add two members from the group G2 */ +int WCC_ZZZ_RECOMBINE_G2(octet *W1,octet *W2,octet *W) +{ + ECP8_ZZZ Q,T; + int res=0; + if (!ECP8_ZZZ_fromOctet(&Q,W1)) res=WCC_INVALID_POINT; + if (!ECP8_ZZZ_fromOctet(&T,W2)) res=WCC_INVALID_POINT; + if (res==0) + { + ECP8_ZZZ_add(&Q,&T); + ECP8_ZZZ_toOctet(W,&Q); + } + return res; +}
