http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/HASH512.js ---------------------------------------------------------------------- diff --git a/version22/js/HASH512.js b/version22/js/HASH512.js deleted file mode 100644 index 5a6f47a..0000000 --- a/version22/js/HASH512.js +++ /dev/null @@ -1,236 +0,0 @@ -/* - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. -*/ - -var HASH512 = function() { - this.length=[]; - this.h=[]; - this.w=[]; - this.init(); -}; - -HASH512.prototype={ - - transform: function() - { /* basic transformation step */ - var a,b,c,d,e,ee,zz,f,g,hh,t1,t2; - var j,r; - for (j=16;j<80;j++) - this.w[j]=HASH512.theta1(this.w[j-2]).add(this.w[j-7]).add(HASH512.theta0(this.w[j-15])).add(this.w[j-16]); - - a=this.h[0].copy(); b=this.h[1].copy(); c=this.h[2].copy(); d=this.h[3].copy(); - e=this.h[4].copy(); f=this.h[5].copy(); g=this.h[6].copy(); hh=this.h[7].copy(); - - for (j=0;j<80;j++) - { /* 80 times - mush it up */ - t1=hh.copy(); - t1.add(HASH512.Sig1(e)).add(HASH512.Ch(e,f,g)).add(HASH512.HK[j]).add(this.w[j]); - - t2=HASH512.Sig0(a); t2.add(HASH512.Maj(a,b,c)); - hh=g; g=f; f=e; - e=d.copy(); e.add(t1); - - d=c; - c=b; - b=a; - a=t1.copy(); a.add(t2); - } - - this.h[0].add(a); this.h[1].add(b); this.h[2].add(c); this.h[3].add(d); - this.h[4].add(e); this.h[5].add(f); this.h[6].add(g); this.h[7].add(hh); - }, - -/* Initialise Hash function */ - init: function() - { /* initialise */ - var i; - for (i=0;i<80;i++) this.w[i]=new UInt64(0,0); - this.length[0]=new UInt64(0,0); this.length[1]=new UInt64(0,0); - this.h[0]=HASH512.H[0].copy(); - this.h[1]=HASH512.H[1].copy(); - this.h[2]=HASH512.H[2].copy(); - this.h[3]=HASH512.H[3].copy(); - this.h[4]=HASH512.H[4].copy(); - this.h[5]=HASH512.H[5].copy(); - this.h[6]=HASH512.H[6].copy(); - this.h[7]=HASH512.H[7].copy(); - }, - -/* process a single byte */ - process: function(byt) - { /* process the next message byte */ - var cnt; - cnt=(this.length[0].bot>>>6)%16; - this.w[cnt].shlb(); - this.w[cnt].bot|=(byt&0xFF); - - var e=new UInt64(0,8); - this.length[0].add(e); - if (this.length[0].top===0 && this.length[0].bot==0) { e=new UInt64(0,1); this.length[1].add(e); } - if ((this.length[0].bot%1024)===0) this.transform(); - }, - -/* process an array of bytes */ - process_array: function(b) - { - for (var i=0;i<b.length;i++) this.process(b[i]); - }, - -/* process a 32-bit integer */ - process_num: function(n) - { - this.process((n>>24)&0xff); - this.process((n>>16)&0xff); - this.process((n>>8)&0xff); - this.process(n&0xff); - }, - - hash: function() - { /* pad message and finish - supply digest */ - var i; - var digest=[]; - var len0,len1; - len0=this.length[0].copy(); - len1=this.length[1].copy(); - this.process(0x80); - while ((this.length[0].bot%1024)!=896) this.process(0); - - this.w[14]=len1; - this.w[15]=len0; - this.transform(); - - for (i=0;i<HASH512.len;i++) - { /* convert to bytes */ - digest[i]=HASH512.R(8*(7-i%8),this.h[i>>>3]).bot&0xff; - } - - this.init(); - return digest; - } -}; - -/* static functions */ -HASH512.S= function(n,x) -{ - if (n==0) return x; - if (n<32) - return new UInt64((x.top>>>n) | (x.bot<<(32-n)), (x.bot>>>n) | (x.top << (32-n))); - else - return new UInt64((x.bot>>>(n-32)) | (x.top << (64-n)),(x.top>>>(n-32)) | (x.bot<<(64-n))); - -}; - -HASH512.R= function(n,x) -{ - if (n==0) return x; - if (n<32) - return new UInt64((x.top>>>n),(x.bot>>>n | (x.top << (32-n)))); - else - return new UInt64(0,x.top >>> (n-32)); -}; - -HASH512.Ch= function(x,y,z) -{ - return new UInt64((x.top&y.top)^(~(x.top)&z.top),(x.bot&y.bot)^(~(x.bot)&z.bot)); -}; - -HASH512.Maj= function(x,y,z) -{ - return new UInt64((x.top&y.top)^(x.top&z.top)^(y.top&z.top),(x.bot&y.bot)^(x.bot&z.bot)^(y.bot&z.bot)); -}; - -HASH512.Sig0= function(x) -{ - var r1=HASH512.S(28,x); - var r2=HASH512.S(34,x); - var r3=HASH512.S(39,x); - return new UInt64(r1.top^r2.top^r3.top,r1.bot^r2.bot^r3.bot); -}; - -HASH512.Sig1= function(x) -{ - var r1=HASH512.S(14,x); - var r2=HASH512.S(18,x); - var r3=HASH512.S(41,x); - return new UInt64(r1.top^r2.top^r3.top,r1.bot^r2.bot^r3.bot); -}; - -HASH512.theta0= function(x) -{ - var r1=HASH512.S(1,x); - var r2=HASH512.S(8,x); - var r3=HASH512.R(7,x); - return new UInt64(r1.top^r2.top^r3.top,r1.bot^r2.bot^r3.bot); -}; - -HASH512.theta1= function(x) -{ - var r1=HASH512.S(19,x); - var r2=HASH512.S(61,x); - var r3=HASH512.R(6,x); - return new UInt64(r1.top^r2.top^r3.top,r1.bot^r2.bot^r3.bot); -}; - -/* constants */ -HASH512.len= 64; - -HASH512.H = [new UInt64(0x6a09e667, 0xf3bcc908), new UInt64(0xbb67ae85, 0x84caa73b), - new UInt64(0x3c6ef372, 0xfe94f82b), new UInt64(0xa54ff53a, 0x5f1d36f1), - new UInt64(0x510e527f, 0xade682d1), new UInt64(0x9b05688c, 0x2b3e6c1f), - new UInt64(0x1f83d9ab, 0xfb41bd6b), new UInt64(0x5be0cd19, 0x137e2179)]; - -HASH512.HK = [new UInt64(0x428a2f98, 0xd728ae22), new UInt64(0x71374491, 0x23ef65cd), - new UInt64(0xb5c0fbcf, 0xec4d3b2f), new UInt64(0xe9b5dba5, 0x8189dbbc), - new UInt64(0x3956c25b, 0xf348b538), new UInt64(0x59f111f1, 0xb605d019), - new UInt64(0x923f82a4, 0xaf194f9b), new UInt64(0xab1c5ed5, 0xda6d8118), - new UInt64(0xd807aa98, 0xa3030242), new UInt64(0x12835b01, 0x45706fbe), - new UInt64(0x243185be, 0x4ee4b28c), new UInt64(0x550c7dc3, 0xd5ffb4e2), - new UInt64(0x72be5d74, 0xf27b896f), new UInt64(0x80deb1fe, 0x3b1696b1), - new UInt64(0x9bdc06a7, 0x25c71235), new UInt64(0xc19bf174, 0xcf692694), - new UInt64(0xe49b69c1, 0x9ef14ad2), new UInt64(0xefbe4786, 0x384f25e3), - new UInt64(0x0fc19dc6, 0x8b8cd5b5), new UInt64(0x240ca1cc, 0x77ac9c65), - new UInt64(0x2de92c6f, 0x592b0275), new UInt64(0x4a7484aa, 0x6ea6e483), - new UInt64(0x5cb0a9dc, 0xbd41fbd4), new UInt64(0x76f988da, 0x831153b5), - new UInt64(0x983e5152, 0xee66dfab), new UInt64(0xa831c66d, 0x2db43210), - new UInt64(0xb00327c8, 0x98fb213f), new UInt64(0xbf597fc7, 0xbeef0ee4), - new UInt64(0xc6e00bf3, 0x3da88fc2), new UInt64(0xd5a79147, 0x930aa725), - new UInt64(0x06ca6351, 0xe003826f), new UInt64(0x14292967, 0x0a0e6e70), - new UInt64(0x27b70a85, 0x46d22ffc), new UInt64(0x2e1b2138, 0x5c26c926), - new UInt64(0x4d2c6dfc, 0x5ac42aed), new UInt64(0x53380d13, 0x9d95b3df), - new UInt64(0x650a7354, 0x8baf63de), new UInt64(0x766a0abb, 0x3c77b2a8), - new UInt64(0x81c2c92e, 0x47edaee6), new UInt64(0x92722c85, 0x1482353b), - new UInt64(0xa2bfe8a1, 0x4cf10364), new UInt64(0xa81a664b, 0xbc423001), - new UInt64(0xc24b8b70, 0xd0f89791), new UInt64(0xc76c51a3, 0x0654be30), - new UInt64(0xd192e819, 0xd6ef5218), new UInt64(0xd6990624, 0x5565a910), - new UInt64(0xf40e3585, 0x5771202a), new UInt64(0x106aa070, 0x32bbd1b8), - new UInt64(0x19a4c116, 0xb8d2d0c8), new UInt64(0x1e376c08, 0x5141ab53), - new UInt64(0x2748774c, 0xdf8eeb99), new UInt64(0x34b0bcb5, 0xe19b48a8), - new UInt64(0x391c0cb3, 0xc5c95a63), new UInt64(0x4ed8aa4a, 0xe3418acb), - new UInt64(0x5b9cca4f, 0x7763e373), new UInt64(0x682e6ff3, 0xd6b2b8a3), - new UInt64(0x748f82ee, 0x5defb2fc), new UInt64(0x78a5636f, 0x43172f60), - new UInt64(0x84c87814, 0xa1f0ab72), new UInt64(0x8cc70208, 0x1a6439ec), - new UInt64(0x90befffa, 0x23631e28), new UInt64(0xa4506ceb, 0xde82bde9), - new UInt64(0xbef9a3f7, 0xb2c67915), new UInt64(0xc67178f2, 0xe372532b), - new UInt64(0xca273ece, 0xea26619c), new UInt64(0xd186b8c7, 0x21c0c207), - new UInt64(0xeada7dd6, 0xcde0eb1e), new UInt64(0xf57d4f7f, 0xee6ed178), - new UInt64(0x06f067aa, 0x72176fba), new UInt64(0x0a637dc5, 0xa2c898a6), - new UInt64(0x113f9804, 0xbef90dae), new UInt64(0x1b710b35, 0x131c471b), - new UInt64(0x28db77f5, 0x23047d84), new UInt64(0x32caab7b, 0x40c72493), - new UInt64(0x3c9ebe0a, 0x15c9bebc), new UInt64(0x431d67c4, 0x9c100d4c), - new UInt64(0x4cc5d4be, 0xcb3e42b6), new UInt64(0x597f299c, 0xfc657e2a), - new UInt64(0x5fcb6fab, 0x3ad6faec), new UInt64(0x6c44198c, 0x4a475817)];
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/MPIN.js ---------------------------------------------------------------------- diff --git a/version22/js/MPIN.js b/version22/js/MPIN.js deleted file mode 100644 index fdd1d80..0000000 --- a/version22/js/MPIN.js +++ /dev/null @@ -1,933 +0,0 @@ -/* - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. -*/ - -/* MPIN API Functions */ - -var MPIN = { - BAD_PARAMS:-11, - INVALID_POINT:-14, - WRONG_ORDER:-18, - BAD_PIN:-19, -/* configure PIN here */ - MAXPIN:10000, /* max PIN */ - PBLEN:14, /* MAXPIN length in bits */ - TS:10, /* 10 for 4 digit PIN, 14 for 6-digit PIN - 2^TS/TS approx = sqrt(MAXPIN) */ - TRAP:200, /* 200 for 4 digit PIN, 2000 for 6-digit PIN - approx 2*sqrt(MAXPIN) */ - EFS:ROM.MODBYTES, - EGS:ROM.MODBYTES, - PAS:16, - - SHA256 : 32, - SHA384 : 48, - SHA512 : 64, - - HASH_TYPE : 32, - - -/* return time in slots since epoch */ - today: function() { - var now=new Date(); - return Math.floor(now.getTime()/(60000*1440)); // for daily tokens - }, - - bytestostring: function(b) - { - var s=""; - var len=b.length; - var ch; - - for (var i=0;i<len;i++) - { - ch=b[i]; - s+=((ch>>>4)&15).toString(16); - s+=(ch&15).toString(16); - - } - return s; - }, - - stringtobytes: function(s) - { - var b=[]; - for (var i=0;i<s.length;i++) - b.push(s.charCodeAt(i)); - return b; - }, - - comparebytes: function(a,b) - { - if (a.length!=b.length) return false; - for (var i=0;i<a.length;i++) - { - if (a[i]!=b[i]) return false; - } - return true; - }, - - mpin_hash: function(sha,c,U) - { - var t=[]; - var w=[]; - var h=[]; - - c.geta().getA().toBytes(w); for (var i=0;i<this.EFS;i++) t[i]=w[i]; - c.geta().getB().toBytes(w); for (var i=this.EFS;i<2*this.EFS;i++) t[i]=w[i-this.EFS]; - c.getb().getA().toBytes(w); for (var i=2*this.EFS;i<3*this.EFS;i++) t[i]=w[i-2*this.EFS]; - c.getb().getB().toBytes(w); for (var i=3*this.EFS;i<4*this.EFS;i++) t[i]=w[i-3*this.EFS]; - - U.getX().toBytes(w); for (var i=4*this.EFS;i<5*this.EFS;i++) t[i]=w[i-4*this.EFS]; - U.getY().toBytes(w); for (var i=5*this.EFS;i<6*this.EFS;i++) t[i]=w[i-5*this.EFS]; - - if (sha==this.SHA256) - { - var H=new HASH256(); - H.process_array(t); - h=H.hash(); - } - if (sha==this.SHA384) - { - var H=new HASH384(); - H.process_array(t); - h=H.hash(); - } - if (sha==this.SHA512) - { - var H=new HASH512(); - H.process_array(t); - h=H.hash(); - } - if (h.length==0) return null; - var R=[]; - for (var i=0;i<this.PAS;i++) R[i]=h[i]; - return R; - }, -/* Hash number (optional) and string to point on curve */ - - hashit: function(sha,n,B) - { - var R=[]; - - if (sha==this.SHA256) - { - var H=new HASH256(); - if (n>0) H.process_num(n); - H.process_array(B); - R=H.hash(); - } - if (sha==this.SHA384) - { - var H=new HASH384(); - if (n>0) H.process_num(n); - H.process_array(B); - R=H.hash(); - } - if (sha==this.SHA512) - { - var H=new HASH512(); - if (n>0) H.process_num(n); - H.process_array(B); - R=H.hash(); - } - if (R.length==0) return null; - var W=[]; - - if (sha>=ROM.MODBYTES) - for (var i=0;i<ROM.MODBYTES;i++) W[i]=R[i]; - else - { - for (var i=0;i<sha;i++) W[i]=R[i]; - for (var i=sha;i<ROM.MODBYTES;i++) W[i]=0; - } - return W; - }, - - mapit: function(h) - { - var q=new BIG(0); q.rcopy(ROM.Modulus); - var x=BIG.fromBytes(h); - x.mod(q); - var P=new ECP(); - while (true) - { - P.setxi(x,0); - if (!P.is_infinity()) break; - x.inc(1); x.norm(); - } - if (ROM.CURVE_PAIRING_TYPE!=ROM.BN_CURVE) - { - var c=new BIG(0); c.rcopy(ROM.CURVE_Cof); - P=P.mul(c); - } - return P; - }, - -/* needed for SOK */ - mapit2: function(h) - { - var q=new BIG(0); q.rcopy(ROM.Modulus); - var x=BIG.fromBytes(h); - var one=new BIG(1); - x.mod(q); - var Q,T,K,X; - while (true) - { - X=new FP2(one,x); - Q=new ECP2(); Q.setx(X); - if (!Q.is_infinity()) break; - x.inc(1); x.norm(); - } -/* Fast Hashing to G2 - Fuentes-Castaneda, Knapp and Rodriguez-Henriquez */ - - var Fa=new BIG(0); Fa.rcopy(ROM.CURVE_Fra); - var Fb=new BIG(0); Fb.rcopy(ROM.CURVE_Frb); - X=new FP2(Fa,Fb); - x=new BIG(0); x.rcopy(ROM.CURVE_Bnx); - - T=new ECP2(); T.copy(Q); - T.mul(x); T.neg(); - K=new ECP2(); K.copy(T); - K.dbl(); K.add(T); K.affine(); - - K.frob(X); - Q.frob(X); Q.frob(X); Q.frob(X); - Q.add(T); Q.add(K); - T.frob(X); T.frob(X); - Q.add(T); - Q.affine(); - return Q; - - }, - -/* these next two functions help to implement elligator squared - http://eprint.iacr.org/2014/043 */ -/* maps a random u to a point on the curve */ - map: function(u,cb) - { - var P=new ECP(); - var x=new BIG(u); - var p=new BIG(0); p.rcopy(ROM.Modulus); - x.mod(p); - while (true) - { - P.setxi(x,cb); - if (!P.is_infinity()) break; - x.inc(1); x.norm(); - } - return P; - }, - -/* returns u derived from P. Random value in range 1 to return value should then be added to u */ - unmap: function(u,P) - { - var s=P.getS(); - var R=new ECP(); - var r=0; - var x=P.getX(); - u.copy(x); - while (true) - { - u.dec(1); u.norm(); - r++; - R.setxi(u,s); //=new ECP(u,s); - if (!R.is_infinity()) break; - } - return r; - }, - -/* these next two functions implement elligator squared - http://eprint.iacr.org/2014/043 */ -/* Elliptic curve point E in format (0x04,x,y} is converted to form {0x0-,u,v} */ -/* Note that u and v are indistinguisible from random strings */ - ENCODING: function(rng,E) - { - var i,rn,m,su,sv; - var T=[]; - - for (i=0;i<this.EFS;i++) T[i]=E[i+1]; - var u=BIG.fromBytes(T); - for (i=0;i<this.EFS;i++) T[i]=E[i+this.EFS+1]; - var v=BIG.fromBytes(T); - - var P=new ECP(0); P.setxy(u,v); - if (P.is_infinity()) return this.INVALID_POINT; - - var p=new BIG(0); p.rcopy(ROM.Modulus); - u=BIG.randomnum(p,rng); - - su=rng.getByte(); if (su<0) su=-su; su%=2; - - var W=this.map(u,su); - P.sub(W); - sv=P.getS(); - rn=this.unmap(v,P); - m=rng.getByte(); if (m<0) m=-m; m%=rn; - v.inc(m+1); - E[0]=(su+2*sv); - u.toBytes(T); - for (i=0;i<this.EFS;i++) E[i+1]=T[i]; - v.toBytes(T); - for (i=0;i<this.EFS;i++) E[i+this.EFS+1]=T[i]; - - return 0; - }, - - DECODING: function(D) - { - var i,su,sv; - var T=[]; - - if ((D[0]&0x04)!==0) return this.INVALID_POINT; - - for (i=0;i<this.EFS;i++) T[i]=D[i+1]; - var u=BIG.fromBytes(T); - for (i=0;i<this.EFS;i++) T[i]=D[i+this.EFS+1]; - var v=BIG.fromBytes(T); - - su=D[0]&1; - sv=(D[0]>>1)&1; - var W=this.map(u,su); - var P=this.map(v,sv); - P.add(W); - u=P.getX(); - v=P.getY(); - D[0]=0x04; - u.toBytes(T); - for (i=0;i<this.EFS;i++) D[i+1]=T[i]; - v.toBytes(T); - for (i=0;i<this.EFS;i++) D[i+this.EFS+1]=T[i]; - - return 0; - }, - -/* R=R1+R2 in group G1 */ - RECOMBINE_G1: function(R1,R2,R) - { - var P=ECP.fromBytes(R1); - var Q=ECP.fromBytes(R2); - - if (P.is_infinity() || Q.is_infinity()) return this.INVALID_POINT; - - P.add(Q); - - P.toBytes(R); - return 0; - }, - -/* W=W1+W2 in group G2 */ - RECOMBINE_G2: function(W1,W2,W) - { - var P=ECP2.fromBytes(W1); - var Q=ECP2.fromBytes(W2); - - if (P.is_infinity() || Q.is_infinity()) return this.INVALID_POINT; - - P.add(Q); - - P.toBytes(W); - return 0; - }, - - HASH_ID: function(sha,ID) - { - return this.hashit(sha,0,ID); - }, - -/* create random secret S */ - RANDOM_GENERATE: function(rng,S) - { - var r=new BIG(0); r.rcopy(ROM.CURVE_Order); - var s=BIG.randomnum(r,rng); - if (ROM.AES_S>0) - { - s.mod2m(2*ROM.AES_S); - } - s.toBytes(S); - return 0; - }, - -/* Extract PIN from TOKEN for identity CID */ - EXTRACT_PIN: function(sha,CID,pin,TOKEN) - { - var P=ECP.fromBytes(TOKEN); - if (P.is_infinity()) return this.INVALID_POINT; - var h=this.hashit(sha,0,CID); - var R=this.mapit(h); - - pin%=this.MAXPIN; - - R=R.pinmul(pin,this.PBLEN); - P.sub(R); - - P.toBytes(TOKEN); - - return 0; - }, - -/* Extract Server Secret SST=S*Q where Q is fixed generator in G2 and S is master secret */ - GET_SERVER_SECRET: function(S,SST) - { - - var A=new BIG(0); - var B=new BIG(0); - A.rcopy(ROM.CURVE_Pxa); B.rcopy(ROM.CURVE_Pxb); - var QX=new FP2(0); QX.bset(A,B); - A.rcopy(ROM.CURVE_Pya); B.rcopy(ROM.CURVE_Pyb); - var QY=new FP2(0); QY.bset(A,B); - - var Q=new ECP2(); - Q.setxy(QX,QY); - - var s=BIG.fromBytes(S); - Q=PAIR.G2mul(Q,s); - Q.toBytes(SST); - return 0; - }, - - TEST_PAIR: function(PR) - { - var G=new ECP(0); - var A=new BIG(0); - var B=new BIG(0); - A.rcopy(ROM.CURVE_Pxa); B.rcopy(ROM.CURVE_Pxb); - var QX=new FP2(0); QX.bset(A,B); - A.rcopy(ROM.CURVE_Pya); B.rcopy(ROM.CURVE_Pyb); - var QY=new FP2(0); QY.bset(A,B); - - var Q=new ECP2(); - Q.setxy(QX,QY); - - var gx=new BIG(0); gx.rcopy(ROM.CURVE_Gx); - var gy=new BIG(0); gy.rcopy(ROM.CURVE_Gy); - G.setxy(gx,gy); - - var g=PAIR.ate(Q,G); - g=PAIR.fexp(g); - g.toBytes(PR); - }, - -/* - W=x*H(G); - if RNG == NULL then X is passed in - if RNG != NULL the X is passed out - if type=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve -*/ - GET_G1_MULTIPLE: function(rng,type,X,G,W) - { - var x; - var r=new BIG(0); r.rcopy(ROM.CURVE_Order); - - if (rng!=null) - { - x=BIG.randomnum(r,rng); - if (ROM.AES_S>0) - { - x.mod2m(2*ROM.AES_S); - } - x.toBytes(X); - } - else - { - x=BIG.fromBytes(X); - } - var P; - if (type==0) - { - P=ECP.fromBytes(G); - if (P.is_infinity()) return INVALID_POINT; - } - else - P=this.mapit(G); - - PAIR.G1mul(P,x).toBytes(W); - return 0; - }, - - -/* Client secret CST=S*H(CID) where CID is client ID and S is master secret */ - GET_CLIENT_SECRET: function(S,CID,CST) - { - return this.GET_G1_MULTIPLE(null,1,S,CID,CST); - }, - -/* Time Permit CTT=S*(date|H(CID)) where S is master secret */ - GET_CLIENT_PERMIT: function(sha,date,S,CID,CTT) - { - var h=this.hashit(sha,date,CID); - var P=this.mapit(h); - - var s=BIG.fromBytes(S); - P=PAIR.G1mul(P,s); - P.toBytes(CTT); - return 0; - }, - -/* Implement step 1 on client side of MPin protocol */ - CLIENT_1: function(sha,date,CLIENT_ID,rng,X,pin,TOKEN,SEC,xID,xCID,PERMIT) - { - var r=new BIG(0); r.rcopy(ROM.CURVE_Order); - // var q=new BIG(0); q.rcopy(ROM.Modulus); - var x; - if (rng!==null) - { - x=BIG.randomnum(r,rng); - if (ROM.AES_S>0) - { - x.mod2m(2*ROM.AES_S); - } - x.toBytes(X); - } - else - { - x=BIG.fromBytes(X); - } - var P,T,W; - - var h=this.hashit(sha,0,CLIENT_ID); - P=this.mapit(h); - T=ECP.fromBytes(TOKEN); - if (T.is_infinity()) return this.INVALID_POINT; - - pin%=this.MAXPIN; - W=P.pinmul(pin,this.PBLEN); - T.add(W); - - if (date!=0) - { - W=ECP.fromBytes(PERMIT); - if (W.is_infinity()) return this.INVALID_POINT; - T.add(W); - h=this.hashit(sha,date,h); - W=this.mapit(h); - if (xID!=null) - { - P=PAIR.G1mul(P,x); - P.toBytes(xID); - W=PAIR.G1mul(W,x); - P.add(W); - } - else - { - P.add(W); - P=PAIR.G1mul(P,x); - } - if (xCID!=null) P.toBytes(xCID); - } - else - { - if (xID!=null) - { - P=PAIR.G1mul(P,x); - P.toBytes(xID); - } - } - - T.toBytes(SEC); - return 0; - }, - -/* Implement step 2 on client side of MPin protocol */ - CLIENT_2: function(X,Y,SEC) - { - var r=new BIG(0); r.rcopy(ROM.CURVE_Order); - var P=ECP.fromBytes(SEC); - if (P.is_infinity()) return this.INVALID_POINT; - - var px=BIG.fromBytes(X); - var py=BIG.fromBytes(Y); - px.add(py); - px.mod(r); - // px.rsub(r); - - P=PAIR.G1mul(P,px); - P.neg(); - P.toBytes(SEC); - //PAIR.G1mul(P,px).toBytes(SEC); - return 0; - }, - -/* Outputs H(CID) and H(T|H(CID)) for time permits. If no time permits set HID=HTID */ - SERVER_1: function(sha,date,CID,HID,HTID) - { - var h=this.hashit(sha,0,CID); - var R,P=this.mapit(h); - - P.toBytes(HID); - if (date!==0) - { - //if (HID!=null) P.toBytes(HID); - h=this.hashit(sha,date,h); - R=this.mapit(h); - P.add(R); - P.toBytes(HTID); - } - //else P.toBytes(HID); - }, - -/* Implement step 1 of MPin protocol on server side */ - SERVER_2: function(date,HID,HTID,Y,SST,xID,xCID,mSEC,E,F) - { - var A=new BIG(0); - var B=new BIG(0); - A.rcopy(ROM.CURVE_Pxa); B.rcopy(ROM.CURVE_Pxb); - var QX=new FP2(0); QX.bset(A,B); - A.rcopy(ROM.CURVE_Pya); B.rcopy(ROM.CURVE_Pyb); - var QY=new FP2(0); QY.bset(A,B); - - var Q=new ECP2(); - Q.setxy(QX,QY); - - var sQ=ECP2.fromBytes(SST); - if (sQ.is_infinity()) return this.INVALID_POINT; - - var R; - if (date!==0) - R=ECP.fromBytes(xCID); - else - { - if (xID==null) return this.BAD_PARAMS; - R=ECP.fromBytes(xID); - } - if (R.is_infinity()) return this.INVALID_POINT; - - var y=BIG.fromBytes(Y); - var P; - - if (date!=0) P=ECP.fromBytes(HTID); - else - { - if (HID==null) return this.BAD_PARAMS; - P=ECP.fromBytes(HID); - } - if (P.is_infinity()) return this.INVALID_POINT; - - P=PAIR.G1mul(P,y); - P.add(R); - R=ECP.fromBytes(mSEC); - if (R.is_infinity()) return this.INVALID_POINT; - - var g=PAIR.ate2(Q,R,sQ,P); - g=PAIR.fexp(g); - - if (!g.isunity()) - { - if (HID!=null && xID!=null && E!=null && F!=null) - { - g.toBytes(E); - if (date!==0) - { - P=ECP.fromBytes(HID); - if (P.is_infinity()) return this.INVALID_POINT; - R=ECP.fromBytes(xID); - if (R.is_infinity()) return this.INVALID_POINT; - - P=PAIR.G1mul(P,y); - P.add(R); - } - g=PAIR.ate(Q,P); - g=PAIR.fexp(g); - - g.toBytes(F); - } - return this.BAD_PIN; - } - return 0; - }, - -/* Pollards kangaroos used to return PIN error */ - KANGAROO: function(E,F) - { - var ge=FP12.fromBytes(E); - var gf=FP12.fromBytes(F); - var distance = []; - var t=new FP12(gf); - var table=[]; - var i,j,m,s,dn,dm,res,steps; - - s=1; - for (m=0;m<this.TS;m++) - { - distance[m]=s; - table[m]=new FP12(t); - s*=2; - t.usqr(); - } - t.one(); - dn=0; - for (j=0;j<this.TRAP;j++) - { - i=t.geta().geta().getA().lastbits(20)%this.TS; - t.mul(table[i]); - dn+=distance[i]; - } - gf.copy(t); gf.conj(); - steps=0; dm=0; - res=0; - while (dm-dn<this.MAXPIN) - { - steps++; - if (steps>4*this.TRAP) break; - i=ge.geta().geta().getA().lastbits(20)%this.TS; - ge.mul(table[i]); - dm+=distance[i]; - if (ge.equals(t)) - { - res=dm-dn; - break; - } - if (ge.equals(gf)) - { - res=dn-dm; - break; - } - - } - if (steps>4*this.TRAP || dm-dn>=this.MAXPIN) {res=0; } // Trap Failed - probable invalid token - return res; - }, - - /* return time since epoch */ - GET_TIME: function() { - var now=new Date(); - return Math.floor(now.getTime()/(1000)); - }, - - /* y = H(time,xCID) */ - GET_Y: function(sha,TimeValue,xCID,Y) - { - var q=new BIG(0); - q.rcopy(ROM.CURVE_Order); - var h=this.hashit(sha,TimeValue,xCID); - var y=BIG.fromBytes(h); - y.mod(q); - if (ROM.AES_S>0) - { - y.mod2m(2*ROM.AES_S); - } - y.toBytes(Y); - return 0; - }, - - /* One pass MPIN Client */ - CLIENT: function(sha,date,CLIENT_ID,rng,X,pin,TOKEN,SEC,xID,xCID,PERMIT,TimeValue,Y) - { - - var rtn=0; - var pID; - if (date == 0) { - pID = xID; - } else { - pID = xCID; - xID = null; - } - - rtn = this.CLIENT_1(sha,date,CLIENT_ID,rng,X,pin,TOKEN,SEC,xID,xCID,PERMIT); - if (rtn != 0) - return rtn; - - this.GET_Y(sha,TimeValue,pID,Y); - - rtn = this.CLIENT_2(X,Y,SEC); - if (rtn != 0) - return rtn; - - return 0; - }, - - /* One pass MPIN Server */ - SERVER: function(sha,date,HID,HTID,Y,SST,xID,xCID,mSEC,E,F,CID,TimeValue) - { - var rtn=0; - var pID; - if (date == 0) { - pID = xID; - } else { - pID = xCID; - } - - this.SERVER_1(sha,date,CID,HID,HTID); - - this.GET_Y(sha,TimeValue,pID,Y); - - rtn = this.SERVER_2(date,HID,HTID,Y,SST,xID,xCID,mSEC,E,F); - if (rtn != 0) - return rtn; - - return 0; - }, - -/* Functions to support M-Pin Full */ - - PRECOMPUTE: function(TOKEN,CID,G1,G2) - { - var P,T; - var g; - - T=ECP.fromBytes(TOKEN); - if (T.is_infinity()) return INVALID_POINT; - - P=this.mapit(CID); - - var A=new BIG(0); - var B=new BIG(0); - A.rcopy(ROM.CURVE_Pxa); B.rcopy(ROM.CURVE_Pxb); - var QX=new FP2(0); QX.bset(A,B); - A.rcopy(ROM.CURVE_Pya); B.rcopy(ROM.CURVE_Pyb); - var QY=new FP2(0); QY.bset(A,B); - - var Q=new ECP2(); - Q.setxy(QX,QY); - - g=PAIR.ate(Q,T); - g=PAIR.fexp(g); - g.toBytes(G1); - - g=PAIR.ate(Q,P); - g=PAIR.fexp(g); - g.toBytes(G2); - - return 0; - }, - -/* Hash the M-Pin transcript - new */ - - HASH_ALL: function(sha,HID,xID,xCID,SEC,Y,R,W) - { - var tlen=0; - var T=[]; - - - for (var i=0;i<HID.length;i++) T[i]=HID[i]; - tlen+=HID.length; - if (xCID!=null) - { - for (var i=0;i<xCID.length;i++) T[i+tlen]=xCID[i]; - tlen+=xCID.length; - } - else - { - for (i=0;i<xID.length;i++) T[i+tlen]=xID[i]; - tlen+=xID.length; - } - for (var i=0;i<SEC.length;i++) T[i+tlen]=SEC[i]; - tlen+=SEC.length; - for (var i=0;i<Y.length;i++) T[i+tlen]=Y[i]; - tlen+=Y.length; - for (var i=0;i<R.length;i++) T[i+tlen]=R[i]; - tlen+=R.length; - for (var i=0;i<W.length;i++) T[i+tlen]=W[i]; - tlen+=W.length; - - return this.hashit(sha,0,T); - }, - -/* calculate common key on client side */ -/* wCID = w.(A+AT) */ - CLIENT_KEY: function(sha,G1,G2,pin,R,X,H,wCID,CK) - { - var t=[]; - - var g1=FP12.fromBytes(G1); - var g2=FP12.fromBytes(G2); - var z=BIG.fromBytes(R); - var x=BIG.fromBytes(X); - var h=BIG.fromBytes(H); - - var W=ECP.fromBytes(wCID); - if (W.is_infinity()) return this.INVALID_POINT; - - W=PAIR.G1mul(W,x); - - var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra); - var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb); - var f=new FP2(fa,fb); //f.bset(fa,fb); - - var r=new BIG(0); r.rcopy(ROM.CURVE_Order); - var q=new BIG(0); q.rcopy(ROM.Modulus); - - z.add(h); - z.mod(r); - - var m=new BIG(q); - m.mod(r); - - var a=new BIG(z); - a.mod(m); - - var b=new BIG(z); - b.div(m); - - g2.pinpow(pin,this.PBLEN); - g1.mul(g2); - - var c=g1.trace(); - g2.copy(g1); - g2.frob(f); - var cp=g2.trace(); - g1.conj(); - g2.mul(g1); - var cpm1=g2.trace(); - g2.mul(g1); - var cpm2=g2.trace(); - - c=c.xtr_pow2(cp,cpm1,cpm2,a,b); - - t=this.mpin_hash(sha,c,W); - - for (var i=0;i<this.PAS;i++) CK[i]=t[i]; - - return 0; - }, - -/* calculate common key on server side */ -/* Z=r.A - no time permits involved */ - - SERVER_KEY: function(sha,Z,SST,W,H,HID,xID,xCID,SK) - { - var t=[]; - - var sQ=ECP2.fromBytes(SST); - if (sQ.is_infinity()) return this.INVALID_POINT; - var R=ECP.fromBytes(Z); - if (R.is_infinity()) return this.INVALID_POINT; - var A=ECP.fromBytes(HID); - if (A.is_infinity()) return this.INVALID_POINT; - - var U; - if (xCID!=null) - U=ECP.fromBytes(xCID); - else - U=ECP.fromBytes(xID); - if (U.is_infinity()) return this.INVALID_POINT; - - var w=BIG.fromBytes(W); - var h=BIG.fromBytes(H); - A=PAIR.G1mul(A,h); - R.add(A); - - U=PAIR.G1mul(U,w); - var g=PAIR.ate(sQ,R); - g=PAIR.fexp(g); - - var c=g.trace(); - - t=this.mpin_hash(sha,c,U); - - for (var i=0;i<this.PAS;i++) SK[i]=t[i]; - - return 0; - } -}; http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/PAIR.js ---------------------------------------------------------------------- diff --git a/version22/js/PAIR.js b/version22/js/PAIR.js deleted file mode 100644 index e7c5878..0000000 --- a/version22/js/PAIR.js +++ /dev/null @@ -1,650 +0,0 @@ -/* - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. -*/ - -var PAIR = { -/* Line function */ - line: function(A,B,Qx,Qy) - { - var P=new ECP2(); - var a,b,c; - var r=new FP12(1); - P.copy(A); - - var ZZ=new FP2(P.getz()); //ZZ.copy(P.getz()); - ZZ.sqr(); - var D; - if (A==B) D=A.dbl(); - else D=A.add(B); - if (D<0) return r; - var Z3=new FP2(A.getz()); //Z3.copy(A.getz()); - c=new FP4(0); - var X,Y,T; - if (D===0) - { /* Addition */ - X=new FP2(B.getx()); //X.copy(B.getx()); - Y=new FP2(B.gety()); //Y.copy(B.gety()); - T=new FP2(P.getz()); //T.copy(P.getz()); - - T.mul(Y); - ZZ.mul(T); - - var NY=new FP2(P.gety()); /*NY.copy(P.gety());*/ NY.neg(); - ZZ.add(NY); - Z3.pmul(Qy); - T.mul(P.getx()); - X.mul(NY); - T.add(X); - a=new FP4(Z3,T); //a.set(Z3,T); - ZZ.neg(); - ZZ.pmul(Qx); - b=new FP4(ZZ); //b.seta(ZZ); - } - else - { /* Doubling */ - X=new FP2(P.getx()); //X.copy(P.getx()); - Y=new FP2(P.gety()); //Y.copy(P.gety()); - T=new FP2(P.getx()); //T.copy(P.getx()); - T.sqr(); - T.imul(3); - - Y.sqr(); - Y.add(Y); - Z3.mul(ZZ); - Z3.pmul(Qy); - - X.mul(T); - X.sub(Y); - a=new FP4(Z3,X); //a.set(Z3,X); - T.neg(); - ZZ.mul(T); - - ZZ.pmul(Qx); - - b=new FP4(ZZ); //b.seta(ZZ); - } - r.set(a,b,c); - return r; - }, - -/* Optimal R-ate pairing */ - ate: function(P,Q) - { - var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra); - var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb); - var f=new FP2(fa,fb); //f.bset(fa,fb); - - var x=new BIG(0); x.rcopy(ROM.CURVE_Bnx); - var n=new BIG(x); //n.copy(x); - var K=new ECP2(); - var lv; - - if (ROM.CURVE_PAIRING_TYPE==ROM.BN_CURVE) - { - n.pmul(6); n.dec(2); - } - else - n.copy(x); - n.norm(); - - P.affine(); - Q.affine(); - var Qx=new FP(Q.getx()); //Qx.copy(Q.getx()); - var Qy=new FP(Q.gety()); //Qy.copy(Q.gety()); - - var A=new ECP2(); - var r=new FP12(1); - - A.copy(P); - var nb=n.nbits(); - - for (var i=nb-2;i>=1;i--) - { - lv=PAIR.line(A,A,Qx,Qy); - - r.smul(lv); - - if (n.bit(i)==1) - { - lv=PAIR.line(A,P,Qx,Qy); - r.smul(lv); - } - r.sqr(); - } - lv=PAIR.line(A,A,Qx,Qy); - r.smul(lv); - if (n.parity()==1) - { - lv=line(A,P,Qx,Qy); - r.smul(lv); - } - -/* R-ate fixup */ - if (ROM.CURVE_PAIRING_TYPE==ROM.BN_CURVE) - { - r.conj(); - K.copy(P); - K.frob(f); - A.neg(); - lv=PAIR.line(A,K,Qx,Qy); - r.smul(lv); - K.frob(f); - K.neg(); - lv=PAIR.line(A,K,Qx,Qy); - r.smul(lv); - } - return r; - }, - -/* Optimal R-ate double pairing e(P,Q).e(R,S) */ - ate2: function(P,Q,R,S) - { - var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra); - var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb); - var f=new FP2(fa,fb); //f.bset(fa,fb); - var x=new BIG(0); x.rcopy(ROM.CURVE_Bnx); - - var n=new BIG(x); //n.copy(x); - var K=new ECP2(); - var lv; - - if (ROM.CURVE_PAIRING_TYPE==ROM.BN_CURVE) - { - n.pmul(6); n.dec(2); - } - else - n.copy(x); - n.norm(); - - P.affine(); - Q.affine(); - R.affine(); - S.affine(); - - var Qx=new FP(Q.getx()); //Qx.copy(Q.getx()); - var Qy=new FP(Q.gety()); //Qy.copy(Q.gety()); - - var Sx=new FP(S.getx()); //Sx.copy(S.getx()); - var Sy=new FP(S.gety()); //Sy.copy(S.gety()); - - var A=new ECP2(); - var B=new ECP2(); - var r=new FP12(1); - - A.copy(P); - B.copy(R); - var nb=n.nbits(); - - for (var i=nb-2;i>=1;i--) - { - lv=PAIR.line(A,A,Qx,Qy); - r.smul(lv); - lv=PAIR.line(B,B,Sx,Sy); - r.smul(lv); - if (n.bit(i)==1) - { - lv=PAIR.line(A,P,Qx,Qy); - r.smul(lv); - lv=PAIR.line(B,R,Sx,Sy); - r.smul(lv); - } - r.sqr(); - } - - lv=PAIR.line(A,A,Qx,Qy); - r.smul(lv); - lv=PAIR.line(B,B,Sx,Sy); - r.smul(lv); - if (n.parity()==1) - { - lv=line(A,P,Qx,Qy); - r.smul(lv); - lv=line(B,R,Sx,Sy); - r.smul(lv); - } - -/* R-ate fixup required for BN curves */ - if (ROM.CURVE_PAIRING_TYPE==ROM.BN_CURVE) - { - r.conj(); - - K.copy(P); - K.frob(f); - A.neg(); - lv=PAIR.line(A,K,Qx,Qy); - r.smul(lv); - K.frob(f); - K.neg(); - lv=PAIR.line(A,K,Qx,Qy); - r.smul(lv); - - K.copy(R); - K.frob(f); - B.neg(); - lv=PAIR.line(B,K,Sx,Sy); - r.smul(lv); - K.frob(f); - K.neg(); - lv=PAIR.line(B,K,Sx,Sy); - r.smul(lv); - } - return r; - }, - -/* final exponentiation - keep separate for multi-pairings and to avoid thrashing stack */ - fexp: function(m) - { - var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra); - var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb); - var f=new FP2(fa,fb); - var x=new BIG(0); x.rcopy(ROM.CURVE_Bnx); - - var r=new FP12(m); //r.copy(m); - -/* Easy part of final exp */ - var lv=new FP12(r); //lv.copy(r); - lv.inverse(); - r.conj(); - r.mul(lv); - lv.copy(r); - r.frob(f); - r.frob(f); - r.mul(lv); - -/* Hard part of final exp */ - if (ROM.CURVE_PAIRING_TYPE==ROM.BN_CURVE) - { - var x0,x1,x2,x3,x4,x5; - lv.copy(r); - lv.frob(f); - x0=new FP12(lv); //x0.copy(lv); - x0.frob(f); - lv.mul(r); - x0.mul(lv); - x0.frob(f); - x1=new FP12(r); //x1.copy(r); - x1.conj(); - - x4=r.pow(x); - - x3=new FP12(x4); //x3.copy(x4); - x3.frob(f); - x2=x4.pow(x); - - x5=new FP12(x2); /*x5.copy(x2);*/ x5.conj(); - lv=x2.pow(x); - - x2.frob(f); - r.copy(x2); r.conj(); - - x4.mul(r); - x2.frob(f); - - r.copy(lv); - r.frob(f); - lv.mul(r); - - lv.usqr(); - lv.mul(x4); - lv.mul(x5); - r.copy(x3); - r.mul(x5); - r.mul(lv); - lv.mul(x2); - r.usqr(); - r.mul(lv); - r.usqr(); - lv.copy(r); - lv.mul(x1); - r.mul(x0); - lv.usqr(); - r.mul(lv); - r.reduce(); - } - else - { - var y0,y1,y2,y3; -// Ghamman & Fouotsa Method - y0=new FP12(r); y0.usqr(); - y1=y0.pow(x); - x.fshr(1); y2=y1.pow(x); x.fshl(1); - y3=new FP12(r); y3.conj(); - y1.mul(y3); - - y1.conj(); - y1.mul(y2); - - y2=y1.pow(x); - - y3=y2.pow(x); - y1.conj(); - y3.mul(y1); - - y1.conj(); - y1.frob(f); y1.frob(f); y1.frob(f); - y2.frob(f); y2.frob(f); - y1.mul(y2); - - y2=y3.pow(x); - y2.mul(y0); - y2.mul(r); - - y1.mul(y2); - y2.copy(y3); y2.frob(f); - y1.mul(y2); - r.copy(y1); - r.reduce(); - - -/* - x0=new FP12(r); - x1=new FP12(r); - lv.copy(r); lv.frob(f); - x3=new FP12(lv); x3.conj(); x1.mul(x3); - lv.frob(f); lv.frob(f); - x1.mul(lv); - - r.copy(r.pow(x)); //r=r.pow(x); - x3.copy(r); x3.conj(); x1.mul(x3); - lv.copy(r); lv.frob(f); - x0.mul(lv); - lv.frob(f); - x1.mul(lv); - lv.frob(f); - x3.copy(lv); x3.conj(); x0.mul(x3); - - r.copy(r.pow(x)); - x0.mul(r); - lv.copy(r); lv.frob(f); lv.frob(f); - x3.copy(lv); x3.conj(); x0.mul(x3); - lv.frob(f); - x1.mul(lv); - - r.copy(r.pow(x)); - lv.copy(r); lv.frob(f); - x3.copy(lv); x3.conj(); x0.mul(x3); - lv.frob(f); - x1.mul(lv); - - r.copy(r.pow(x)); - x3.copy(r); x3.conj(); x0.mul(x3); - lv.copy(r); lv.frob(f); - x1.mul(lv); - - r.copy(r.pow(x)); - x1.mul(r); - - x0.usqr(); - x0.mul(x1); - r.copy(x0); - r.reduce(); */ - } - return r; - } -}; - -/* GLV method */ -PAIR.glv= function(e) -{ - var u=[]; - if (ROM.CURVE_PAIRING_TYPE==ROM.BN_CURVE) - { - var i,j; - var t=new BIG(0); - var q=new BIG(0); q.rcopy(ROM.CURVE_Order); - var v=[]; - - for (i=0;i<2;i++) - { - t.rcopy(ROM.CURVE_W[i]); - var d=BIG.mul(t,e); - v[i]=new BIG(d.div(q)); - u[i]=new BIG(0); - } - u[0].copy(e); - for (i=0;i<2;i++) - for (j=0;j<2;j++) - { - t.rcopy(ROM.CURVE_SB[j][i]); - t.copy(BIG.modmul(v[j],t,q)); - u[i].add(q); - u[i].sub(t); - u[i].mod(q); - } - } - else - { // -(x^2).P = (Beta.x,y) - var q=new BIG(0); q.rcopy(ROM.CURVE_Order); - var x=new BIG(0); x.rcopy(ROM.CURVE_Bnx); - var x2=BIG.smul(x,x); - u[0]=new BIG(e); - u[0].mod(x2); - u[1]=new BIG(e); - u[1].div(x2); - u[1].rsub(q); - } - return u; -}; - -/* Galbraith & Scott Method */ -PAIR.gs= function(e) -{ - var u=[]; - if (ROM.CURVE_PAIRING_TYPE==ROM.BN_CURVE) - { - var i,j; - var t=new BIG(0); - var q=new BIG(0); q.rcopy(ROM.CURVE_Order); - - var v=[]; - - for (i=0;i<4;i++) - { - t.rcopy(ROM.CURVE_WB[i]); - var d=BIG.mul(t,e); - v[i]=new BIG(d.div(q)); - u[i]=new BIG(0); - } - - u[0].copy(e); - for (i=0;i<4;i++) - for (j=0;j<4;j++) - { - t.rcopy(ROM.CURVE_BB[j][i]); - t.copy(BIG.modmul(v[j],t,q)); - u[i].add(q); - u[i].sub(t); - u[i].mod(q); - } - } - else - { - var x=new BIG(0); x.rcopy(ROM.CURVE_Bnx); - var w=new BIG(e); - for (var i=0;i<4;i++) - { - u[i]=new BIG(w); - u[i].mod(x); - w.div(x); - } - } - return u; -}; - -/* Multiply P by e in group G1 */ -PAIR.G1mul= function(P,e) -{ - var R; - if (ROM.USE_GLV) - { - P.affine(); - R=new ECP(); - R.copy(P); - var np,nn; - var Q=new ECP(); - Q.copy(P); - var q=new BIG(0); q.rcopy(ROM.CURVE_Order); - var bcru=new BIG(0); bcru.rcopy(ROM.CURVE_Cru); - var cru=new FP(bcru); - var t=new BIG(0); - var u=PAIR.glv(e); - - Q.getx().mul(cru); - - np=u[0].nbits(); - t.copy(BIG.modneg(u[0],q)); - nn=t.nbits(); - if (nn<np) - { - u[0].copy(t); - R.neg(); - } - - np=u[1].nbits(); - t.copy(BIG.modneg(u[1],q)); - nn=t.nbits(); - if (nn<np) - { - u[1].copy(t); - Q.neg(); - } - - R=R.mul2(u[0],Q,u[1]); - - } - else - { - R=P.mul(e); - } - return R; -}; - -/* Multiply P by e in group G2 */ -PAIR.G2mul= function(P,e) -{ - var R; - if (ROM.USE_GS_G2) - { - var Q=[]; - var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra); - var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb); - var f=new FP2(fa,fb); //f.bset(fa,fb); - var q=new BIG(0); q.rcopy(ROM.CURVE_Order); - - var u=PAIR.gs(e); - var t=new BIG(0); - var i,np,nn; - P.affine(); - Q[0]=new ECP2(); Q[0].copy(P); - for (i=1;i<4;i++) - { - Q[i]=new ECP2(); Q[i].copy(Q[i-1]); - Q[i].frob(f); - } - - for (i=0;i<4;i++) - { - np=u[i].nbits(); - t.copy(BIG.modneg(u[i],q)); - nn=t.nbits(); - if (nn<np) - { - u[i].copy(t); - Q[i].neg(); - } - } - - R=ECP2.mul4(Q,u); - } - else - { - R=P.mul(e); - } - return R; -}; - -/* Note that this method requires a lot of RAM! Better to use compressed XTR method, see FP4.js */ -PAIR.GTpow= function(d,e) -{ - var r; - if (ROM.USE_GS_GT) - { - var g=[]; - var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra); - var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb); - var f=new FP2(fa,fb); - var q=new BIG(0); q.rcopy(ROM.CURVE_Order); - var t=new BIG(0); - var i,np,nn; - var u=PAIR.gs(e); - - g[0]=new FP12(d); - for (i=1;i<4;i++) - { - g[i]=new FP12(0); g[i].copy(g[i-1]); - g[i].frob(f); - } - for (i=0;i<4;i++) - { - np=u[i].nbits(); - t.copy(BIG.modneg(u[i],q)); - nn=t.nbits(); - if (nn<np) - { - u[i].copy(t); - g[i].conj(); - } - } - r=FP12.pow4(g,u); - } - else - { - r=d.pow(e); - } - return r; -}; - -/* test group membership - no longer needed */ -/* with GT-Strong curve, now only check that m!=1, conj(m)*m==1, and m.m^{p^4}=m^{p^2} */ -/* -PAIR.GTmember= function(m) -{ - if (m.isunity()) return false; - var r=new FP12(m); - r.conj(); - r.mul(m); - if (!r.isunity()) return false; - - var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra); - var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb); - var f=new FP2(fa,fb); //f.bset(fa,fb); - - r.copy(m); r.frob(f); r.frob(f); - var w=new FP12(r); w.frob(f); w.frob(f); - w.mul(m); - if (!ROM.GT_STRONG) - { - if (!w.equals(r)) return false; - var x=new BIG(0); x.rcopy(ROM.CURVE_Bnx); - r.copy(m); w=r.pow(x); w=w.pow(x); - r.copy(w); r.sqr(); r.mul(w); r.sqr(); - w.copy(m); w.frob(f); - } - return w.equals(r); -}; -*/ http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/RAND.js ---------------------------------------------------------------------- diff --git a/version22/js/RAND.js b/version22/js/RAND.js deleted file mode 100644 index 9e2dddd..0000000 --- a/version22/js/RAND.js +++ /dev/null @@ -1,148 +0,0 @@ -/* - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. -*/ - -/* - * Cryptographic strong random number generator - * - * Unguessable seed -> SHA -> PRNG internal state -> SHA -> random numbers - * Slow - but secure - * - * See ftp://ftp.rsasecurity.com/pub/pdfs/bull-1.pdf for a justification - */ - -/* Marsaglia & Zaman Random number generator constants */ - - -var RAND=function() -{ -/* Cryptographically strong pseudo-random number generator */ - this.ira=[]; /* random number... */ - this.rndptr=0; /* ...array & pointer */ - this.borrow=0; - this.pool_ptr=0; - this.pool=[]; /* random pool */ - this.clean(); -}; - -RAND.prototype= -{ - NK:21, - NJ:6, - NV:8, - -/* Terminate and clean up */ - clean : function() - { - var i; - for (i=0;i<32;i++) this.pool[i]=0; - for (i=0;i<this.NK;i++) this.ira[i]=0; - this.rndptr=0; - this.borrow=0; - this.pool_ptr=0; - }, - - sbrand: function() - { /* Marsaglia & Zaman random number generator */ - var i,k; - var pdiff,t; /* unsigned 32-bit */ - - this.rndptr++; - if (this.rndptr<this.NK) return this.ira[this.rndptr]; - this.rndptr=0; - for (i=0,k=this.NK-this.NJ;i<this.NK;i++,k++) - { /* calculate next NK values */ - if (k==this.NK) k=0; - t=this.ira[k]>>>0; - pdiff=(t - this.ira[i] - this.borrow)|0; - pdiff>>>=0; /* This is seriously wierd shit. I got to do this to get a proper unsigned comparison... */ - if (pdiff<t) this.borrow=0; - if (pdiff>t) this.borrow=1; - this.ira[i]=(pdiff|0); - } - return this.ira[0]; - }, - - sirand: function(seed) - { - var i,inn; - var t,m=1; - this.borrow=0; - this.rndptr=0; - seed>>>=0; - this.ira[0]^=seed; - - for (i=1;i<this.NK;i++) - { /* fill initialisation vector */ - inn=(this.NV*i)%this.NK; - this.ira[inn]^=m; /* note XOR */ - t=m; - m=(seed-m)|0; - seed=t; - } - - for (i=0;i<10000;i++) this.sbrand(); /* "warm-up" & stir the generator */ - }, - - fill_pool: function() - { - var sh=new HASH256(); - for (var i=0;i<128;i++) sh.process(this.sbrand()); - this.pool=sh.hash(); - this.pool_ptr=0; - }, - -/* Initialize RNG with some real entropy from some external source */ - seed: function(rawlen,raw) - { /* initialise from at least 128 byte string of raw random entropy */ - var i; - var digest=[]; - var b=[]; - var sh=new HASH256(); - this.pool_ptr=0; - for (i=0;i<this.NK;i++) this.ira[i]=0; - if (rawlen>0) - { - for (i=0;i<rawlen;i++) - sh.process(raw[i]); - digest=sh.hash(); - -/* initialise PRNG from distilled randomness */ - for (i=0;i<8;i++) - { - b[0]=digest[4*i]; b[1]=digest[4*i+1]; b[2]=digest[4*i+2]; b[3]=digest[4*i+3]; - this.sirand(RAND.pack(b)); - } - } - this.fill_pool(); - }, - -/* get random byte */ - getByte: function() - { - var r=this.pool[this.pool_ptr++]; - if (this.pool_ptr>=32) this.fill_pool(); - return (r&0xff); - } -}; - -RAND.pack= function(b) -{ /* pack 4 bytes into a 32-bit Word */ - return (((b[3])&0xff)<<24)|((b[2]&0xff)<<16)|((b[1]&0xff)<<8)|(b[0]&0xff); -}; - http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/ROM.js ---------------------------------------------------------------------- diff --git a/version22/js/ROM.js b/version22/js/ROM.js deleted file mode 100644 index dcf2af1..0000000 --- a/version22/js/ROM.js +++ /dev/null @@ -1,716 +0,0 @@ -/* - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. -*/ - -/* Fixed Data in ROM - Field and Curve parameters */ - -var ROM={ - CHUNK: 32, - -/* Field Type */ - NOT_SPECIAL: 0, - PSEUDO_MERSENNE: 1, - GENERALISED_MERSENNE: 2, - MONTGOMERY_FRIENDLY: 3, - -/* Curve Type */ - WEIERSTRASS: 0, - EDWARDS: 1, - MONTGOMERY: 2, - BN_CURVE: 0, - BLS_CURVE: 1, - -/* Finite field support - for RSA, DH etc. */ - FFLEN: 4, /* Defines Finite Field size n = BIGBITS.FFLEN, where FFLEN mustbe power of 2 */ - -/*** Enter Some Field details here ***/ -/* C25519 */ -// MODBITS: 255, /* Number of bits in Modulus */ -// MOD8: 5, /* Modulus mod 8 */ -// BASEBITS: 24, -// AES_S: 0, - -/* NIST Curve */ -/* Brainpool */ -// MODBITS: 256, -// MOD8: 7, -// BASEBITS: 24, -// AES_S: 0 - -/* BN254/BNCX */ - MODBITS: 254, - MOD8: 3, - BASEBITS: 24, - AES_S: 0, - -/* BLS383 */ -// MODBITS: 383, -// MOD8: 3, -// BASEBITS: 23, -// AES_S: 0, - -/* BN454 */ -// MODBITS: 454, -// MOD8: 3, -// BASEBITS: 23, -// AES_S: 128, - -/* BLS455 */ -// MODBITS: 455, -// MOD8: 3, -// BASEBITS: 23, -// AES_S: 128, - -/* MF254 */ -// MODBITS: 254, -// MOD8: 7, -// BASEBITS: 24, - -/* MS255 */ -// MODBITS: 255, -// MOD8: 3, -// BASEBITS: 24, -// AES_S: 0 - -/* MF256 */ -// MODBITS: 256, -// MOD8: 7, -// BASEBITS: 24, -// AES_S: 0 - -/* MS256 */ -// MODBITS: 256, -// MOD8: 3, -// BASEBITS: 24, -// AES_S: 0 - -/* ANSSI */ -// MODBITS: 256, -// MOD8: 3, -// BASEBITS: 24, -// AES_S: 0 - -/* HIFIVE */ -// MODBITS: 336, -// MOD8: 5, -// BASEBITS: 23, -// AES_S: 128 - -/* GOLDILOCKS */ -// MODBITS: 448, -// MOD8: 5, -// BASEBITS: 23, -// AES_S: 0 - -/* C41417 */ -// MODBITS: 414, -// MOD8: 7, -// BASEBITS: 22, -// AES_S: 0 - -/* NIST384 */ -// MODBITS: 384, -// MOD8: 7, -// BASEBITS: 23, -// AES_S: 0 - -/* NIST521 */ -// MODBITS: 521, -// MOD8: 7, -// BASEBITS: 23, -// AES_S: 0 - -/* Specify Field here */ - -/* C25519 */ -// MODTYPE: 1, -// Modulus: [0xFFFFED,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x7FFF], -// MConst: 19, - -/* BNCX */ - MODTYPE:0, - Modulus: [0x1B55B3,0x23EF5C,0xE1BE66,0x18093E,0x3FD6EE,0x66D324,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400], - MConst:0x789E85, - -/* BLS383 */ -// MODTYPE:0, -// Modulus: [0x2D556B,0x556A55,0x75EAB2,0x23AFBA,0x1BB01,0x2BAEA4,0x5CC20F,0x758B67,0x20F99,0x640A63,0x69A3A8,0x6009AA,0x2A7852,0x20B8AA,0x7DD718,0x104054,0x7AC5], -// MConst:0x23D0BD, - -/* HIFIVE */ -// MODTYPE:1, -// Modulus: [0x7FFFFD,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x3FFF], -// MConst: 0x3, - -/* GOLDILOCKS */ -// MODTYPE: 2, -// Modulus: [0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7DFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FF], -// MConst: 0x1, - -/* C41417 */ -// MODTYPE: 1, -// Modulus: [0x3FFFEF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFF], -// MConst: 0x11, - -/* NIST384 */ -// MODTYPE: 0, -// Modulus: [0x7FFFFF,0x1FF,0x0,0x0,0x7FFFF0,0x7FDFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0xFFFF], -// MConst: 0x1, - -/* NIST521 */ -// MODTYPE: 1, -// Modulus: [0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFF], -// MConst: 0x1, - -/* BN254 Curve */ -//MODTYPE:0, -//Modulus: [0x13,0x0,0x13A700,0x0,0x210000,0x861,0x800000,0xBA344D,0x1,0x648240,0x2523], -//MConst:0x9435E5, - -/* BN454 Curve */ -//MODTYPE:0, -//Modulus: [0x13,0x9C00,0x100000,0x700004,0x6006C4,0x4A109,0x514200,0x640000,0x80091,0x803AA,0x36A22,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9090,0x1B000,0x24000,0x12000], -//MConst:0x1435E5, - -/* BLS455 Curve */ -//MODTYPE:0, -//Modulus: [0x2AB,0x300,0x5AAA80,0x59554A,0x589556,0x2374D8,0x2B3A1B,0x6DCCCA,0x14B8B3,0x29F966,0x2F64E5,0x6AB11A,0x63A5B1,0x7ECCB,0x2480C0,0x7CADA,0x2AA00E,0x72AAAE,0x655555,0x2AAAA], -//MConst:0x4017FD, - -/* BNT Curve */ -//MODTYPE:0, -//Modulus: [0xB4A713,0xBBFEEE,0xBABE9D,0x14F464,0x8A5556,0xD5F06E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401], -//MConst:0x14C4E5, - -/* BNT2 */ -//MODTYPE:0, -//Modulus: [0x60A48B,0xDC2BB4,0x51E8B2,0x28F0D6,0xCF93E4,0xD00081,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400], -//MConst:0x505CDD, - -/* NIST Modulus */ -// MODTYPE:0, -// Modulus: [0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x0,0x0,0x0,0x0,0x1,0xFFFF00,0xFFFF], -// MConst:0x1, - -/* MF254 Modulus */ -// MODTYPE:3, -// Modulus: [0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3F80], -// MConst:0x3F81, - -/* MS255 Modulus */ -//MODTYPE:1, -//Modulus: [0xFFFD03,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x7FFF], -//MConst:0x2FD, - -/* MS256 Modulus */ -//MODTYPE:1, -//Modulus: [0xFFFF43,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFF], -//MConst:0xBD, - -/* MF256 Modulus */ -//MODTYPE:3, -//Modulus: [0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFA7], -//MConst:0xFFA8, - -/* Brainpool Modulus */ -// MODTYPE:0, -// Modulus: [0x6E5377,0x481D1F,0x282013,0xD52620,0x3BF623,0x8D726E,0x909D83,0x3E660A,0xEEA9BC,0x57DBA1,0xA9FB], -// MConst:0xFD89B9, - -/* ANSSI Modulus */ -// MODTYPE:0, -// Modulus: [0x6E9C03,0xF353D8,0x6DE8FC,0xABC8CA,0x61ADBC,0x435B39,0xE8CE42,0x10126D,0x3AD58F,0x178C0B,0xF1FD], -// MConst:0x4E1155, - -/* Specify Curve here */ - -/* ED25519 Edwards */ -// CURVETYPE: 1, -// CURVE_A : -1, -// CURVE_B : [0x5978A3,0x4DCA13,0xAB75EB,0x4141D8,0x700A4D,0xE89800,0x797779,0x8CC740,0x6FFE73,0x6CEE2B,0x5203], -// CURVE_Order: [0xF5D3ED,0x631A5C,0xD65812,0xA2F79C,0xDEF9DE,0x14,0x0,0x0,0x0,0x0,0x1000], -// CURVE_Gx: [0x25D51A,0x2D608F,0xB2C956,0x9525A7,0x2CC760,0xDC5C69,0x31FDD6,0xC0A4E2,0x6E53FE,0x36D3CD,0x2169], -// CURVE_Gy: [0x666658,0x666666,0x666666,0x666666,0x666666,0x666666,0x666666,0x666666,0x666666,0x666666,0x6666], - -/* Curve25519 */ -// CURVETYPE: 2, -// CURVE_A : 486662, -// CURVE_B : [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -// CURVE_Order: [0xF5D3ED,0x631A5C,0xD65812,0xA2F79C,0xDEF9DE,0x14,0x0,0x0,0x0,0x0,0x1000], -// CURVE_Gx: [0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -// CURVE_Gy: [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - -/* NIST Curve */ -// CURVETYPE:0, -// CURVE_A : -3, -// CURVE_B : [0xD2604B,0x3C3E27,0xF63BCE,0xCC53B0,0x1D06B0,0x86BC65,0x557698,0xB3EBBD,0x3A93E7,0x35D8AA,0x5AC6], -// CURVE_Order:[0x632551,0xCAC2FC,0x84F3B9,0xA7179E,0xE6FAAD,0xFFFFBC,0xFFFFFF,0xFFFFFF,0x0,0xFFFF00,0xFFFF], -// CURVE_Gx :[0x98C296,0x3945D8,0xA0F4A1,0x2DEB33,0x37D81,0x40F277,0xE563A4,0xF8BCE6,0x2C4247,0xD1F2E1,0x6B17], -// CURVE_Gy :[0xBF51F5,0x406837,0xCECBB6,0x6B315E,0xCE3357,0x9E162B,0x4A7C0F,0x8EE7EB,0x1A7F9B,0x42E2FE,0x4FE3], - -/* MF254 Modulus, Weierstrass Curve */ -//CURVETYPE:0, -//CURVE_A : -3, -//CURVE_B : [0xFFD08D,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3F80], -//CURVE_Order:[0x8DF83F,0x19C4AF,0xC06FA4,0xDA375,0x818BEA,0xFFFFEB,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3F80], -//CURVE_Gx :[0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -//CURVE_Gy :[0xD4EBC,0xDF37F9,0x31AD65,0xF85119,0xB738E3,0x8AEBDF,0x75BD77,0x4AE15A,0x2E5601,0x3FD33B,0x140E], - -/* MF254 Modulus, Edwards Curve */ -//CURVETYPE:1, -//CURVE_A : -1, -//CURVE_B : [0x367B,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -//CURVE_Order:[0x6E98C7,0xD3FEC4,0xB0EAF3,0x8BD62F,0x95306C,0xFFFFEB,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FFFFF,0xFE0], -//CURVE_Gx :[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -//CURVE_Gy :[0x2701E5,0xD0FDAF,0x187C52,0xE3212,0x329A84,0x3F4E36,0xD50236,0x951D00,0xA4C335,0xE690D6,0x19F0], - - -/* MF254 Modulus, Montgomery Curve */ -// CURVETYPE: 2, -// CURVE_A : -55790, -// CURVE_B : [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -// CURVE_Order: [0x6E98C7,0xD3FEC4,0xB0EAF3,0x8BD62F,0x95306C,0xFFFFEB,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FFFFF,0xFE0], -// CURVE_Gx: [0x3,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -// CURVE_Gy: [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - -/* MS255 Modulus, Weierstrass Curve */ -//CURVETYPE:0, -//CURVE_A : -3, -//CURVE_B : [0xFFAB46,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x7FFF], -//CURVE_Order:[0x594AEB,0xAC983C,0xDFAB8F,0x3AD2B3,0x4A3828,0xFFFF86,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x7FFF], -//CURVE_Gx :[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -//CURVE_Gy :[0xCB44BA,0xFF6769,0xD1733,0xDDFDA6,0xB6C78C,0x7D177D,0xF9B2FF,0x921EBF,0xBA7833,0x6AC0ED,0x6F7A], - -/* MS255 Modulus, Edwards Curve */ -//CURVETYPE:1, -//CURVE_A : -1, -//CURVE_B : [0xEA97,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -//CURVE_Order:[0x36EB75,0xD1ED04,0x2EAC49,0xEDA683,0xF1A785,0xFFFFDC,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x1FFF], -//CURVE_Gx :[0x4,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -//CURVE_Gy :[0x8736A0,0x255BD0,0x45BA2A,0xED445A,0x914B8A,0x47E552,0xDD8E0C,0xEC254C,0x7BB545,0x78534A,0x26CB], - -/* MS255 Modulus, Montgomery Curve */ -// CURVETYPE: 2, -// CURVE_A : -240222, -// CURVE_B : [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -// CURVE_Order: [0x36EB75,0xD1ED04,0x2EAC49,0xEDA683,0xF1A785,0xFFFFDC,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x1FFF], -// CURVE_Gx: [0x4,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -// CURVE_Gy: [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - -/* MS256 Modulus, Weierstrass Curve */ -//CURVETYPE:0, -//CURVE_A : -3, -//CURVE_B : [0x25581,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -//CURVE_Order:[0x51A825,0x202947,0x6020AB,0xEA265C,0x3C8275,0xFFFFE4,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFF], -//CURVE_Gx :[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -//CURVE_Gy :[0xB56C77,0x6306C2,0xC10BF4,0x75894E,0x2C2F93,0xDD6BD0,0x6CCEEE,0xFC82C9,0xE466D7,0x1853C1,0x696F], - -/* MS256 Modulus, Edwards Curve */ -//CURVETYPE:1, -//CURVE_A : -1, -//CURVE_B : [0x3BEE,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -//CURVE_Order:[0x22B4AD,0x4E6F11,0x64E5B8,0xD0A6BC,0x6AA55A,0xFFFFBE,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FFF], -//CURVE_Gx :[0xD,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -//CURVE_Gy :[0x1CADBA,0x6FB533,0x3F707F,0x824D30,0x2A6D63,0x46BFBE,0xB39FA0,0xA3D330,0x1276DB,0xB41E2A,0x7D0A], - -/* MS256 Modulus, Montgomery Curve */ -// CURVETYPE: 2, -// CURVE_A : -61370, -// CURVE_B : [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -// CURVE_Order:[0x22B4AD,0x4E6F11,0x64E5B8,0xD0A6BC,0x6AA55A,0xFFFFBE,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FFF], -// CURVE_Gx: [0xb,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -// CURVE_Gy: [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - -/* MF256 Modulus, Weierstrass Curve */ -//CURVETYPE:0, -//CURVE_A : -3, -//CURVE_B : [0x14E6A,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -//CURVE_Order:[0x9857EB,0xC5E1A7,0x4B9D10,0xE6E507,0x517513,0xFFFFFC,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFA7], -//CURVE_Gx :[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -//CURVE_Gy :[0x724D2A,0x954C2B,0x661007,0x8D94DC,0x6947EB,0xAE2895,0x26123D,0x7BABBA,0x1808CE,0x7C87BE,0x2088], - -/* MF256 Modulus, Edwards Curve */ -//CURVETYPE:1, -//CURVE_A : -1, -//CURVE_B : [0x350A,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -//CURVE_Order:[0xEC7BAB,0x2EDED8,0xC966D9,0xB86733,0x54BBAF,0xFFFFB1,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FE9], -//CURVE_Gx :[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -//CURVE_Gy :[0xF3C908,0xA722F2,0x8D7DEA,0x8DFEA6,0xC05E64,0x1AACA0,0xF3DB2C,0xEAEBEE,0xCC4D5A,0xD4F8F8,0xDAD8], - -/* MF256 Modulus, Montgomery Curve */ -// CURVETYPE: 2, -// CURVE_A : -54314, -// CURVE_B : [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -// CURVE_Order:[0xEC7BAB,0x2EDED8,0xC966D9,0xB86733,0x54BBAF,0xFFFFB1,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FE9], -// CURVE_Gx: [0x8,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -// CURVE_Gy: [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - -/* Brainpool */ -// CURVETYPE:0, -// CURVE_A : -3, -// CURVE_B : [0xE92B04,0x8101FE,0x256AE5,0xAF2F49,0x93EBC4,0x76B7BF,0x733D0B,0xFE66A7,0xD84EA4,0x61C430,0x662C], -// CURVE_Order:[0x4856A7,0xE8297,0xF7901E,0xB561A6,0x397AA3,0x8D718C,0x909D83,0x3E660A,0xEEA9BC,0x57DBA1,0xA9FB], -// CURVE_Gx :[0x1305F4,0x91562E,0x2B79A1,0x7AAFBC,0xA142C4,0x6149AF,0xB23A65,0x732213,0xCFE7B7,0xEB3CC1,0xA3E8], -// CURVE_Gy :[0x25C9BE,0xE8F35B,0x1DAB,0x39D027,0xBCB6DE,0x417E69,0xE14644,0x7F7B22,0x39C56D,0x6C8234,0x2D99], - -/* ANSSI */ -// CURVETYPE:0, -// CURVE_A : -3, -// CURVE_B : [0x7BB73F,0xED967B,0x803075,0xE4B1A1,0xEC0C9A,0xC00FDF,0x754A44,0xD4ABA,0x28A930,0x3FCA54,0xEE35], -// CURVE_Order:[0xD655E1,0xD459C6,0x941FFD,0x40D2BF,0xDC67E1,0x435B53,0xE8CE42,0x10126D,0x3AD58F,0x178C0B,0xF1FD], -// CURVE_Gx :[0x8F5CFF,0x7A2DD9,0x164C9,0xAF98B7,0x27D2DC,0x23958C,0x4749D4,0x31183D,0xC139EB,0xD4C356,0xB6B3], -// CURVE_Gy :[0x62CFB,0x5A1554,0xE18311,0xE8E4C9,0x1C307,0xEF8C27,0xF0F3EC,0x1F9271,0xB20491,0xE0F7C8,0x6142], - -/* HIFIVE */ -// CURVETYPE:1, -// CURVE_A : 1, -// CURVE_B : [0x2B67,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -// CURVE_Order:[0x1FA805,0x2B2E7D,0x29ECBE,0x3FC9DD,0xBD6B8,0x530A18,0x45057E,0x3,0x0,0x0,0x0,0x0,0x0,0x0,0x800], -// CURVE_Gx :[0xC,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -// CURVE_Gy :[0x7E8632,0xD0A0B,0x6C4AFB,0x501B2E,0x55650C,0x36DB6B,0x1FBD0D,0x61C08E,0x314B46,0x70A7A3,0x587401,0xC70E0,0x56502E,0x38C2D6,0x303], - -/* GOLDILOCKS */ -// CURVETYPE:1, -// CURVE_A : 1, -// CURVE_B : [0x7F6756,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7DFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FF], -// CURVE_Order:[0x5844F3,0x52556,0x548DE3,0x6E2C7A,0x4C2728,0x52042D,0x6BB58D,0x276DA4,0x23E9C4,0x7EF994,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x1FF], -// CURVE_Gx :[0x555555,0x2AAAAA,0x555555,0x2AAAAA,0x555555,0x2AAAAA,0x555555,0x2AAAAA,0x555555,0x52AAAA,0x2AAAAA,0x555555,0x2AAAAA,0x555555,0x2AAAAA,0x555555,0x2AAAAA,0x555555,0x2AAAAA,0x555], -// CURVE_Gy :[0x1386ED,0x779BD5,0x2F6BAB,0xE6D03,0x4B2BED,0x131777,0x4E8A8C,0x32B2C1,0x44B80D,0x6515B1,0x5F8DB5,0x426EBD,0x7A0358,0x6DDA,0x21B0AC,0x6B1028,0xDB359,0x15AE09,0x17A58D,0x570], - -/* C41417 */ -// CURVETYPE:1, -// CURVE_A : 1, -// CURVE_B : [0xE21,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -// CURVE_Order:[0x6AF79,0x69784,0x1B0E7,0x18F3C6,0x338AD,0xDBC70,0x6022B,0x533DC,0x3CC924,0x3FFFAC,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x7FFF], -// CURVE_Gx :[0xBC595,0x204BCF,0xC4FD3,0x14DF19,0x33FAA8,0x4C069,0x16BA11,0x2AD35B,0x1498A4,0x15FFCD,0x3EC7F,0x27D130,0xD4636,0x9B97F,0x631C3,0x8630,0x144330,0x241450,0x1A334], -// CURVE_Gy :[0x22,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - -/* NIST384 */ -// CURVETYPE:0, -// CURVE_A : -3, -// CURVE_B : [0x6C2AEF,0x11DBA7,0x74AA17,0x51768C,0x6398D8,0x6B58CA,0x5404E1,0xA0447,0x411203,0x5DFD02,0x607671,0x4168C8,0x56BE3F,0x1311C0,0xFB9F9,0x17D3F1,0xB331], -// CURVE_Order:[0x452973,0x32D599,0x6BB3B0,0x45853B,0x20DB24,0x3BEB03,0x7D0DCB,0x31A6C0,0x7FFFC7,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0xFFFF], -// CURVE_Gx :[0x760AB7,0x3C70E4,0x30E951,0x7AA94B,0x2F25DB,0x470AA0,0x20950A,0x7BA0F0,0x1B9859,0x45174F,0x3874ED,0x56BA3,0x71EF32,0x71D638,0x22C14D,0x65115F,0xAA87], -// CURVE_Gy :[0x6A0E5F,0x3AF921,0x75E90C,0x6BF40C,0xB1CE1,0x18014C,0x6D7C2E,0x6D1889,0x147CE9,0x7A5134,0x63D076,0x16E14F,0xBF929,0x6BB3D3,0x98B1B,0x6F254B,0x3617], - -/* NIST521 */ -// CURVETYPE:0, -// CURVE_A : -3, -// CURVE_B : [0x503F00,0x3FA8D6,0x47BD14,0x6961A7,0x3DF883,0x60E6AE,0x4EEC6F,0x29605E,0x137B16,0x23D8FD,0x5864E5,0x84F0A,0x1918EF,0x771691,0x6CC57C,0x392DCC,0x6EA2DA,0x6D0A81,0x688682,0x50FC94,0x18E1C9,0x27D72C,0x1465], -// CURVE_Order:[0x386409,0x6E3D22,0x3AEDBE,0x4CE23D,0x5C9B88,0x3A0776,0x3DC269,0x6600A4,0x166B7F,0x77E5F,0x461A1E,0x7FFFD2,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFF], -// CURVE_Gx :[0x65BD66,0x7C6385,0x6FE5F9,0x2B5214,0xB3C18,0x1BC669,0x68BFEA,0xEE093,0x5928FE,0x6FDFCE,0x52D79,0x69EDD5,0x7606B4,0x3F0515,0x4FED48,0x409C82,0x429C64,0x472B68,0x7B2D98,0x4E6CF1,0x70404E,0x31C0D6,0x31A1], -// CURVE_Gy :[0x516650,0x28ED3F,0x222FA,0x139612,0x47086A,0x6C26A7,0x4FEB41,0x285C80,0x2640C5,0x32BDE8,0x5FB9CA,0x733164,0x517273,0x2F5F7,0x66D11A,0x2224AB,0x5998F5,0x58FA37,0x297ED0,0x22E4,0x9A3BC,0x252D4F,0x460E], - -/* BNCX Curve */ - - CURVETYPE:0, - CURVE_PAIRING_TYPE: 0, - CURVE_A : 0, - CURVE_B : [0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - CURVE_Cof : [0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - CURVE_Order:[0xEB1F6D,0xC0A636,0xCEBE11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400], - CURVE_Bnx:[0xC012B1,0x3,0x4000], - CURVE_Cru:[0x235C97,0x931794,0x5631E0,0x71EF87,0xBDDF64,0x3F1440,0xCA8,0x480000], - CURVE_Fra:[0xC80EA3,0x83355,0x215BD9,0xF173F8,0x677326,0x189868,0x8AACA7,0xAFE18B,0x3A0164,0x82FA6,0x1359], - CURVE_Frb:[0x534710,0x1BBC06,0xC0628D,0x269546,0xD863C7,0x4E3ABB,0xD9CDBC,0xDC53,0x3628A9,0xF7D062,0x10A6], - CURVE_Pxa:[0xD2EC74,0x1CEEE4,0x26C085,0xA03E27,0x7C85BF,0x4BBB90,0xF5C3,0x358B25,0x53B256,0x2D2C70,0x1968], - CURVE_Pxb:[0x29CFE1,0x8E8B2E,0xF47A5,0xC209C3,0x1B97B0,0x9743F8,0x37A8E9,0xA011C9,0x19F64A,0xB9EC3E,0x1466], - CURVE_Pya:[0xBE09F,0xFCEBCF,0xB30CFB,0x847EC1,0x61B33D,0xE20963,0x157DAE,0xD81E22,0x332B8D,0xEDD972,0xA79], - CURVE_Pyb:[0x98EE9D,0x4B2288,0xEBED90,0x69D2ED,0x864EA5,0x3461C2,0x512D8D,0x35C6E4,0xC4C090,0xC39EC,0x616], - CURVE_Gx :[0x1B55B2,0x23EF5C,0xE1BE66,0x18093E,0x3FD6EE,0x66D324,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400], - CURVE_Gy :[0x1], - -// Arrays must be padded! - - CURVE_W:[[0x2FEB83,0x634916,0x120054,0xB4038,0x0,0x60,0x0,0x0,0x0,0x0,0x0],[0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]], - CURVE_SB:[[[0xB010E4,0x63491D,0x128054,0xB4038,0x0,0x60,0x0,0x0,0x0,0x0,0x0], - [0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]], - [[0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - [0xBB33EA,0x5D5D20,0xBCBDBD,0x188CE,0x3FD6EE,0x66D264,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400]]], - CURVE_WB:[[0x7A84B0,0x211856,0xB0401C,0x3C012,0x0,0x20,0x0,0x0,0x0,0x0,0x0], - [0x220475,0xF995BE,0x9A36CD,0xA8CA7F,0x7E94ED,0x2A0DC0,0x870,0x300000,0x0,0x0,0x0], - [0xF10B93,0xFCCAE0,0xCD3B66,0xD4653F,0x3F4A76,0x1506E0,0x438,0x180000,0x0,0x0,0x0], - [0xFAAA11,0x21185D,0xB0C01C,0x3C012,0x0,0x20,0x0,0x0,0x0,0x0,0x0]], - CURVE_BB:[[[0x2B0CBD,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400], - [0x2B0CBC,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400], - [0x2B0CBC,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400], - [0x802562,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]], - [[0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - [0x2B0CBC,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400], - [0x2B0CBD,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400], - [0x2B0CBC,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400]], - [[0x802562,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - [0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - [0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - [0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]], - [[0xC012B2,0x3,0x4000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - [0x4AC2,0xF,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - [0x6AFA0A,0xC0A62F,0xCE3E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400], - [0xC012B2,0x3,0x4000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]]], - -/* BNT Curve */ -/* -CURVETYPE:0, -CURVE_PAIRING_TYPE: 0, -CURVE_A : 0, -CURVE_B : [0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -CURVE_Cof : [0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -CURVE_Order:[0x30210D,0x777E8D,0x363A75,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401], -CURVE_Bnx:[0x4081,0x806000,0x4000], -CURVE_Cru:[0x4FCD87,0x53D5AB,0x1FADEB,0xF2BAB1,0x4C82A5,0x4C976,0x476515,0x4801B1], -CURVE_Fra:[0xC80022,0xD14EAD,0xE359F5,0xD6FACC,0x6C4904,0x3211BE,0xF190A1,0x4F6509,0xBBC439,0xA292C9,0x1328], -CURVE_Frb:[0xECA6F1,0xEAB040,0xD764A7,0x3DF997,0x1E0C51,0xA3DEB0,0x450657,0xAAA6A1,0x5B3D15,0x7E489B,0x10D8], -CURVE_Pxa:[0x8E65BB,0x87E228,0x13BE89,0x1CAA63,0xCC00AD,0x548B7C,0x325041,0xBCC055,0xC1339E,0x3FCD04,0x1448], -CURVE_Pxb:[0xDBE2C0,0x888808,0x853A67,0xF81E34,0x957FE1,0x51B57B,0xA631A,0xDA3FC5,0x4EC302,0x46B338,0x87F], -CURVE_Pya:[0x20CA1D,0x2C47E0,0xF36C20,0x7E8399,0x4CB416,0x9F72C9,0xC6E543,0x4A2C69,0x2B0BD7,0xC29C10,0x14E8], -CURVE_Pyb:[0x6628F2,0x437C71,0xDC6BD8,0x67BCB7,0xA27E1,0x72681D,0xA82C75,0xEDEC18,0x454BD1,0xE2A462,0x17AF], -CURVE_Gx :[0xB4A712,0xBBFEEE,0xBABE9D,0x14F464,0x8A5556,0xD5F06E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401], -CURVE_Gy :[0x1], -CURVE_W:[[0x838403,0x430061,0x838426,0x824199,0x18121,0x60,0x0,0x0,0x0,0x0,0x0],[0x8101,0xC000,0x8001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]], -CURVE_SB:[[[0x840504,0x43C061,0x840427,0x824199,0x18121,0x60,0x0,0x0,0x0,0x0,0x0], - [0x8101,0xC000,0x8001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]], - [[0x8101,0xC000,0x8001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - [0xAC9D0A,0x347E2B,0xB2B64F,0x107131,0x875313,0xD5EFAE,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401]]], -CURVE_WB:[[0x80C080,0x406020,0x80C161,0x80C088,0x8060,0x20,0x0,0x0,0x0,0x0,0x0], - [0x8C4A85,0x390408,0x6C36B5,0xA352DC,0xDEAD2F,0x58868E,0xDA4363,0x300120,0x0,0x0,0x0], - [0x464583,0xDCB204,0x363B5A,0xD1A96E,0x6F5697,0xAC4347,0x6D21B1,0x180090,0x0,0x0,0x0], - [0x814181,0x412020,0x814162,0x80C088,0x8060,0x20,0x0,0x0,0x0,0x0,0x0]], -CURVE_BB:[[[0x2FE08D,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401], - [0x2FE08C,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401], - [0x2FE08C,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401], - [0x8102,0xC000,0x8001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]], - [[0x8101,0xC000,0x8001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - [0x2FE08C,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401], - [0x2FE08D,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401], - [0x2FE08C,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401]], - [[0x8102,0xC000,0x8001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - [0x8101,0xC000,0x8001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - [0x8101,0xC000,0x8001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - [0x8101,0xC000,0x8001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]], - [[0x4082,0x806000,0x4000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - [0x10202,0x18000,0x10002,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - [0x2FA00A,0x76BE8D,0x35BA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401], - [0x4082,0x806000,0x4000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]]], - -*/ - -/* BNT2 Curve */ -/* -CURVETYPE:0, -CURVE_PAIRING_TYPE: 0, -CURVE_A : 0, -CURVE_B : [0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -CURVE_Cof : [0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -CURVE_Order:[0xAA2BF5,0x71A511,0x33D7FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400], -CURVE_Bnx:[0x608205,0x20100,0x4000], -CURVE_Cru:[0x66BD33,0x274448,0xEFB50,0x301647,0x755B77,0xECF236,0xC3617B,0x480006], -CURVE_Fra:[0xAEF062,0x68C973,0xE492B2,0x33C3BC,0xBCC69B,0x7F195B,0xF67FA3,0xBD0A41,0xE8CAB6,0xB8D29,0x124E], -CURVE_Frb:[0xB1B429,0x736240,0x6D5600,0xF52D19,0x12CD48,0x50E726,0x18BBE6,0xFA43DE,0x268FF6,0xF8F517,0x11B1], -CURVE_Pxa:[0x40A3C8,0x92399F,0x784ACC,0xE96611,0x35CDA4,0x61706B,0x7B0569,0x8279D7,0x93C631,0x17CF96,0x16FC], -CURVE_Pxb:[0x549540,0x7A8AD8,0x61055,0xE6F651,0xDB6F7B,0xA95D17,0x565907,0x9C8188,0x597590,0xB500BD,0x1EB5], -CURVE_Pya:[0x220513,0xECC514,0x7B147B,0x860E73,0x844A78,0x35F126,0x51B839,0x9D4DFA,0x1422AA,0xE49876,0x1E8E], -CURVE_Pyb:[0x7CE78E,0x328F57,0x781FB9,0xE26FA5,0x7EB746,0x1FB8E2,0xA93DBC,0xA29D76,0xE33BDB,0xF4CDBA,0x23CE], -CURVE_Gx :[0x60A48A,0xDC2BB4,0x51E8B2,0x28F0D6,0xCF93E4,0xD00081,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400], -CURVE_Gy :[0x1], -CURVE_W:[[0x347083,0x6282A1,0x1D10B7,0x1399E,0x603,0x60,0x0,0x0,0x0,0x0,0x0], - [0xC10409,0x40200,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]], -CURVE_SB:[[[0xF5748C,0x6684A1,0x1D90B7,0x1399E,0x603,0x60,0x0,0x0,0x0,0x0,0x0], - [0xC10409,0x40200,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]], - [[0xC10409,0x40200,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - [0x75BB72,0xF2270,0x16C744,0x267D9A,0xCF87DE,0xCFFFC1,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400]]], -CURVE_WB:[[0x70A224,0x72D48A,0x94592,0x688A,0x201,0x20,0x0,0x0,0x0,0x0,0x0], - [0x30EF19,0x572CF0,0x721D5A,0x763543,0xA39651,0x48A1B9,0x8240FD,0x300004,0x0,0x0,0x0], - [0x48B88F,0x2C96F8,0xB92EAD,0xBB1AA1,0xD1CB28,0xA450DC,0x41207E,0x180002,0x0,0x0,0x0], - [0x31A62D,0x76D68B,0x9C592,0x688A,0x201,0x20,0x0,0x0,0x0,0x0,0x0]], -CURVE_BB:[[[0x49A9F1,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400], - [0x49A9F0,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400], - [0x49A9F0,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400], - [0xC1040A,0x40200,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]], - [[0xC10409,0x40200,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - [0x49A9F0,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400], - [0x49A9F1,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400], - [0x49A9F0,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400]], - [[0xC1040A,0x40200,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - [0xC10409,0x40200,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - [0xC10409,0x40200,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - [0xC10409,0x40200,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]], - [[0x608206,0x20100,0x4000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - [0x820812,0x80401,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - [0xE927EA,0x6DA310,0x3357FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400], - [0x608206,0x20100,0x4000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]]], -*/ - -/* BN254 Curve */ -/* -CURVETYPE:0, -CURVE_PAIRING_TYPE: 0, -CURVE_A : 0, -CURVE_B : [0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -CURVE_Cof : [0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -CURVE_Order:[0xD,0x0,0x10A100,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523], -CURVE_Bnx:[0x1,0x0,0x4080], -CURVE_Cru:[0x7,0x0,0x6CD80,0x0,0x90000,0x249,0x400000,0x49B362], -CURVE_Fra:[0x2A6DE9,0xE6C06F,0xC2E17D,0x4D3F77,0x97492,0x953F85,0x50A846,0xB6499B,0x2E7C8C,0x761921,0x1B37], -CURVE_Frb:[0xD5922A,0x193F90,0x50C582,0xB2C088,0x178B6D,0x6AC8DC,0x2F57B9,0x3EAB2,0xD18375,0xEE691E,0x9EB], -CURVE_Pxa:[0x3FB2B,0x4224C8,0xD91EE,0x4898BF,0x648BBB,0xEDB6A4,0x7E8C61,0xEB8D8C,0x9EB62F,0x10BB51,0x61A], -CURVE_Pxb:[0xD54CF3,0x34C1E7,0xB70D8C,0xAE3784,0x4D746B,0xAA5B1F,0x8C5982,0x310AA7,0x737833,0xAAF9BA,0x516], -CURVE_Pya:[0xCD2B9A,0xE07891,0xBD19F0,0xBDBE09,0xBD0AE6,0x822329,0x96698C,0x9A90E0,0xAF9343,0x97A06B,0x218], -CURVE_Pyb:[0x3ACE9B,0x1AEC6B,0x578A2D,0xD739C9,0x9006FF,0x8D37B0,0x56F5F3,0x8F6D44,0x8B1526,0x2B0E7C,0xEBB], -CURVE_Gx :[0x12,0x0,0x13A700,0x0,0x210000,0x861,0x800000,0xBA344D,0x1,0x648240,0x2523], -CURVE_Gy :[0x1], -CURVE_W:[[0x3,0x0,0x20400,0x0,0x818000,0x61,0x0,0x0,0x0,0x0,0x0],[0x1,0x0,0x8100,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]], -CURVE_SB:[[[0x4,0x0,0x28500,0x0,0x818000,0x61,0x0,0x0,0x0,0x0,0x0],[0x1,0x0,0x8100,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x1,0x0,0x8100,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0xA,0x0,0xE9D00,0x0,0x1E0000,0x79E,0x800000,0xBA344D,0x1,0x648240,0x2523]]], -CURVE_WB:[[0x0,0x0,0x4080,0x0,0x808000,0x20,0x0,0x0,0x0,0x0,0x0],[0x5,0x0,0x54A80,0x0,0x70000,0x1C7,0x800000,0x312241,0x0,0x0,0x0],[0x3,0x0,0x2C580,0x0,0x838000,0xE3,0xC00000,0x189120,0x0,0x0,0x0],[0x1,0x0,0xC180,0x0,0x808000,0x20,0x0,0x0,0x0,0x0,0x0]], -CURVE_BB:[[[0xD,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0xC,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0xC,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0x2,0x0,0x8100,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x1,0x0,0x8100,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0xC,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0xD,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0xC,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523]],[[0x2,0x0,0x8100,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x0,0x8100,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x0,0x8100,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x0,0x8100,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x2,0x0,0x4080,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x2,0x0,0x10200,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0xA,0x0,0x102000,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0x2,0x0,0x4080,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]]], -*/ - -/* BN454 Curve */ -/* -CURVETYPE:0, -CURVE_PAIRING_TYPE: 0, -CURVE_A : 0, - -CURVE_Order:[0xD,0x8400,0x780000,0x100003,0x2006C4,0x49F88,0x513F00,0x610000,0x7C0091,0x7C03A9,0x36A21,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9090,0x1B000,0x24000,0x12000], -CURVE_B: [0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -CURVE_Cof: [0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -CURVE_Gx:[0x12,0x9C00,0x100000,0x700004,0x6006C4,0x4A109,0x514200,0x640000,0x80091,0x803AA,0x36A22,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9090,0x1B000,0x24000,0x12000], -CURVE_Gy:[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], - -CURVE_Bnx:[0x1,0x200,0x0,0x80000,0x100000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -CURVE_Cru:[0x7,0x3600,0x100000,0x580001,0x300121,0x903,0xD9200,0x2D0000,0x480000,0x48006C,0x1B0,0x91B0,0x36000,0x6C000,0x48000,0x0,0x0,0x0,0x0,0x0], -CURVE_Fra:[0x73B0EC,0x393FAA,0x6E0C0B,0x1D485C,0x2EEE6C,0x62FD8F,0x4D280A,0x6E835B,0x2D6A87,0x37B2AC,0x568803,0x7657E5,0x129326,0x3B9C4D,0x67175B,0x159909,0x61CCD9,0x4D0FD7,0x7B1C9E,0x973C], -CURVE_Frb:[0xC4F27,0x475C55,0x21F3F4,0x52B7A7,0x311858,0x21A37A,0x419F5,0x757CA5,0x5A9609,0x5050FD,0x2CE21E,0x1A923A,0xF2CD9,0x6CE3C5,0x33E910,0x6A79CE,0x1EC3B6,0x34A028,0x72361,0x88C3], -CURVE_Pxa:[0x702B14,0x775841,0x6C7EE8,0x786615,0x3C30BE,0x5FFE6D,0x1AD7F3,0x77F16D,0x1FE1E7,0x5DBF8,0x5150DA,0x4BCA41,0x2D66CC,0x197743,0x6ED766,0x57F0B1,0x68F14A,0x2A106C,0x53E035,0xA01E], -CURVE_Pxb:[0x5BF266,0x5A1D88,0x5BA701,0x3C11E1,0x65ACBB,0x378A46,0x91E43,0x7E9723,0x72F769,0x77CD,0x5C7782,0x554A8C,0x7BA9E2,0x7CACCA,0x5CDFA,0x6A92C2,0x4B1E40,0x5D002,0x35A785,0xACA9], -CURVE_Pya:[0x1B15C7,0x56D77C,0x2D24E6,0x2AAE36,0x726024,0x69F6BB,0x194651,0x2338E2,0x7C5DD5,0x44EF51,0x3EAAEA,0x774179,0x300871,0xC9875,0x289B87,0x3D07F0,0x12C528,0x578DB6,0x10011E,0xEB3D], -CURVE_Pyb:[0x571D60,0x4DF6C0,0x63B043,0x3D8946,0x127184,0x4CB8FD,0x349D4E,0x45F387,0x743376,0x4C096,0x6145D7,0x408801,0x4F0B46,0x578BD4,0x432922,0x1F6C8F,0x753F90,0x5935B,0x8D821,0x4BB7], -CURVE_W:[[0x3,0x1000,0x180000,0x400000,0x0,0x181,0x300,0x30000,0xC0000,0xC0000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x400,0x0,0x100000,0x200000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]], -CURVE_SB:[[[0x4,0x1400,0x180000,0x500000,0x200000,0x181,0x300,0x30000,0xC0000,0xC0000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x400,0x0,0x100000,0x200000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x1,0x400,0x0,0x100000,0x200000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0xA,0x7400,0x600000,0x500003,0x2006C3,0x49E07,0x513C00,0x5E0000,0x700091,0x7003A9,0x36A21,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9090,0x1B000,0x24000,0x12000]]], -CURVE_WB:[[0x0,0x200,0x80000,0x80000,0x100000,0x80,0x100,0x10000,0x40000,0x40000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x5,0x2A00,0x700000,0x280000,0x5000C1,0x702,0x90E00,0x200000,0x380000,0x380048,0x120,0x6120,0x24000,0x48000,0x30000,0x0,0x0,0x0,0x0,0x0],[0x3,0x1600,0x380000,0x580000,0x300060,0x381,0x48700,0x100000,0x1C0000,0x1C0024,0x90,0x3090,0x12000,0x24000,0x18000,0x0,0x0,0x0,0x0,0x0],[0x1,0x600,0x80000,0x180000,0x300000,0x80,0x100,0x10000,0x40000,0x40000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]], -CURVE_BB:[[[0xD,0x8200,0x780000,0x80003,0x1006C4,0x49F88,0x513F00,0x610000,0x7C0091,0x7C03A9,0x36A21,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9090,0x1B000,0x24000,0x12000],[0xC,0x8200,0x780000,0x80003,0x1006C4,0x49F88,0x513F00,0x610000,0x7C0091,0x7C03A9,0x36A21,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9090,0x1B000,0x24000,0x12000],[0xC,0x8200,0x780000,0x80003,0x1006C4,0x49F88,0x513F00,0x610000,0x7C0091,0x7C03A9,0x36A21,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9090,0x1B000,0x24000,0x12000],[0x2,0x400,0x0,0x100000,0x200000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x1,0x400,0x0,0x100000,0x200000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0xC,0x8200,0x780000,0x80003,0x1006C4,0x49F88,0x513F00,0x610000,0x7C0091,0x7C03A9,0x36A21,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9090,0x1B000,0x24000,0x12000],[0xD,0x8200,0x780000,0x80003,0x1006C4,0x49F88,0x513F00,0x610000,0x7C0091,0x7C03A9,0x36A21,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9 090,0x1B000,0x24000,0x12000],[0xC,0x8200,0x780000,0x80003,0x1006C4,0x49F88,0x513F00,0x610000,0x7C0091,0x7C03A9,0x36A21,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9090,0x1B000,0x24000,0x12000]],[[0x2,0x400,0x0,0x100000,0x200000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x400,0x0,0x100000,0x200000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x400,0x0,0x100000,0x200000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x400,0x0,0x100000,0x200000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x2,0x200,0x0,0x80000,0x100000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x2,0x800,0x0,0x200000,0x400000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0xA,0x8000,0x780000,0x3,0x6C4,0x49F88,0x513F00,0x610000,0x7C0091,0x7C03A9,0x36A21,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9090,0x1B000,0x24000,0x12000],[0x2,0x200,0x0,0x80000,0x100000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x 0,0x0,0x0,0x0]]], -*/ - -/* BLS455 Curve */ -/* -CURVETYPE:0, -CURVE_PAIRING_TYPE: 1, -CURVE_A : 0, - -CURVE_Order:[0x400001,0xFFFFF,0x70000,0x20000,0xA0000,0x3A200,0x1D400,0x12F00,0x4F00,0x1E20,0xB80,0x1C0,0x80,0x20,0x0,0x0,0x0,0x0,0x0,0x0], -CURVE_B: [0xA,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -CURVE_Cof: [0x3FFAAB,0x2FFF55,0x2DAA55,0x2DAA55,0x2B1555,0x2AD555,0x1555,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -CURVE_Gx:[0x7CEDD1,0xBBBFB,0x3EDB53,0x59D01A,0x5C6F43,0x38E4A6,0x55A95E,0xBF82D,0x611B32,0x6571D9,0xE4AC7,0x5867F4,0x1F342A,0x6CF329,0x47B8C9,0x76D2C8,0x4C56AB,0xBC81,0x57CECC,0xC42], -CURVE_Gy:[0x619B9B,0x7AF34C,0x219013,0x6B7D01,0x1D80A5,0x34926D,0xC8B64,0x477391,0x1C1E96,0x5CB086,0x7D7EC7,0x4A9C00,0x4A9BC8,0x3C711D,0x7503FA,0x6B6FD7,0x43DEB0,0x7130BF,0x6DDFA7,0xCD46], - -CURVE_Bnx:[0x800,0x100,0x80,0x80,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -CURVE_Cru:[0xAA9,0x5FF800,0xAA480,0x7A51BB,0x7A5190,0x1FD921,0x6F7552,0x54595C,0x33A586,0x68D3B6,0x76675E,0x1AA657,0x491731,0x7FCD2B,0x2340BF,0x77ADA,0x2A900E,0x72AAAE,0x655555,0x2AAAA], -CURVE_Fra:[0x2EBF21,0x1F7B94,0x590273,0x399BCC,0x72F54A,0xA930A,0x7E21D5,0x23940C,0x51F853,0x778395,0x13C08A,0x6A1ACA,0x282CD7,0x61EF7,0x3E0634,0x53A2CA,0x5C0016,0x397C75,0x125CFB,0x1CBF5], -CURVE_Frb:[0x51438A,0x60876B,0x1A80C,0x1FB97E,0x65A00C,0x18E1CD,0x2D1846,0x4A38BD,0x42C060,0x3275D0,0x1BA45A,0x9650,0x3B78DA,0x1CDD4,0x667A8C,0x34280F,0x4E9FF7,0x392E38,0x52F85A,0xDEB5], -CURVE_Pxa:[0x41F542,0x3E41E1,0x4011D,0x7C2B3F,0x5D6070,0x7AEECC,0x262ECC,0xEBC03,0x153172,0x6D0BDA,0x1271C7,0x762DB5,0x303D3F,0x2A79D6,0x4193FD,0x31C6F7,0x31B4C4,0x181D34,0x4BEA00,0x17658], -CURVE_Pxb:[0x49F03D,0xDDCCE,0x4BA642,0x2D62F7,0x9A55A,0x5402DD,0x3B3623,0x33DA0D,0x6163E0,0x48A1FC,0x25BD88,0x70E471,0x755066,0x664DD0,0x486521,0x2CD407,0xBEAEE,0x5B7F76,0x7F3819,0x767], -CURVE_Pya:[0x1A77F4,0x6B48B0,0x42A0C8,0x5BD3F0,0x70F367,0x2B73B3,0x1299B5,0x647D06,0xD6EC4,0x7ECBC,0x7B0BBC,0x4CE0D4,0x1C7DC2,0x1F4B59,0x4F2887,0x221922,0x2BB9C5,0x7B9AB,0x76429B,0x11238], -CURVE_Pyb:[0x1FDBA2,0x76DB3C,0x55BD04,0x9ED01,0x7E6309,0x111C54,0x4F66B1,0x2FDE48,0x340158,0x4F9EC3,0x27B5CB,0xD90E4,0x656D80,0xAB1F2,0x487BB8,0x4C7CF4,0x3CFC86,0x256F60,0xF2A0F,0x19A8], - -// not used -CURVE_W:[[],[]], -CURVE_SB:[[[],[]],[[],[]]], -CURVE_WB:[[],[],[],[]], -CURVE_BB:[[[],[],[],[]],[[],[],[],[]],[[],[],[],[]],[[],[],[],[]]], -*/ - - -/* BLS383 Curve */ -/* -CURVETYPE:0, -CURVE_PAIRING_TYPE: 1, -CURVE_A : 0, - -CURVE_Order:[0x7FF001,0x700001,0x6003FF,0x387F3,0x4BFDE0,0xBDBE3,0x127,0x3D18,0x7F910,0x198800,0x190401,0xA,0x0,0x0,0x0,0x0,0x0], -CURVE_B: [0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -CURVE_Cof: [0x52B,0x54000,0x328000,0x555559,0x55560A,0xC0A,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -CURVE_Gx:[0x10786B,0x36691A,0x2B4356,0x71FAA,0x33477C,0xAF173,0x496DCD,0x37B2DF,0x4007BB,0x389ED5,0x3FD5FA,0x7EAC18,0x6EC02E,0x3F11F6,0x262B6E,0x67725E,0xB08], -CURVE_Gy:[0x145DDB,0x34047A,0x5F3017,0x462FF7,0x713F51,0x5654CD,0x3B0D18,0x492FAB,0x19C7A,0x7D2DE6,0x660488,0x30823,0x5BE599,0x215B1E,0x1C4120,0x499BB,0x1F39], - -CURVE_Bnx:[0x40,0x2000,0x44000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], -CURVE_Cru:[0x2155A9,0x5589DB,0x78F68E,0x43B0F2,0x5DF2FE,0x4C64C4,0x37EAB7,0x1AD35E,0x128D30,0x6A246,0x6FAB5A,0x5F9D15,0x24190D,0x756408,0x7DD717,0x104054,0x7AC5], -CURVE_Fra:[0x34508B,0x4B3525,0x4D0CAE,0x503777,0x463DB7,0x3BF78E,0xD072C,0x2AE9A0,0x69D32D,0x282C73,0x1730DB,0xCD9F8,0x6AB98B,0x7DC9B0,0x1CBCC8,0x7D8CC3,0x5A5], -CURVE_Frb:[0x7904E0,0xA352F,0x28DE04,0x537843,0x3B7D49,0x6FB715,0x4FBAE2,0x4AA1C7,0x183C6C,0x3BDDEF,0x5272CD,0x532FB2,0x3FBEC7,0x22EEF9,0x611A4F,0x12B391,0x751F], -CURVE_Pxa:[0x2C9472,0x3310B7,0xDB581,0xEF16E,0x77C4D3,0x119114,0x72430C,0x447E5E,0x1971C6,0x4E53E0,0x710FC5,0x349A9C,0x6B8BF3,0x4B4AC3,0x2FF607,0x3915AB,0x4D50], -CURVE_Pxb:[0x72AB23,0x17AF44,0x73A26D,0x6A7A26,0x47AF19,0x640D46,0x5BDEE4,0xCFD9F,0x53E2A8,0x5CAE3B,0x58D75F,0x515D1D,0x1A1263,0x18F018,0x16EB0A,0x30BE1F,0xEE3], -CURVE_Pya:[0x7BD4FD,0x24612E,0x7F1A07,0x3906FE,0x40B660,0x191341,0x7F2564,0x143D20,0x3CF878,0x4A5C3F,0x53BB9,0x8E118,0x3325E0,0x7102D7,0x170A21,0x42CD0,0x8F4], -CURVE_Pyb:[0x2C4CE6,0x44144A,0x32297,0x3A57FA,0x35907A,0x4891DE,0x5D8290,0x50CCA0,0x2B0FD,0x13FFDF,0x6353A9,0x794D0,0x4997BA,0x6F70DC,0x4AB1F,0x5DD446,0x1DCA], - -// not used -CURVE_W:[[],[]], -CURVE_SB:[[[],[]],[[],[]]], -CURVE_WB:[[],[],[],[]], -CURVE_BB:[[[],[],[],[]],[[],[],[],[]],[[],[],[],[]],[[],[],[],[]]], - -*/ - - USE_GLV: false, - USE_GS_G2: false, - USE_GS_GT: false, - GT_STRONG: false, - - debug: false, - - -// AES constants - - ECB:0, - CBC:1, - CFB1:2, - CFB2:3, - CFB4:5, - OFB1:14, - OFB2:15, - OFB4:17, - OFB8:21, - OFB16:29, - CTR1:30, - CTR2:31, - CTR4:33, - CTR8:37, - CTR16:45, - -// GCM constants - - GCM_ACCEPTING_HEADER:0, - GCM_ACCEPTING_CIPHER:1, - GCM_NOT_ACCEPTING_MORE:2, - GCM_FINISHED:3, - GCM_ENCRYPTING:0, - GCM_DECRYPTING:1 - -}; - -ROM.MODINV=(Math.pow(2,-ROM.BASEBITS)) -ROM.NLEN=(1+(Math.floor((ROM.MODBITS-1)/ROM.BASEBITS))); -ROM.DNLEN=2*ROM.NLEN; -ROM.BMASK=(1<<ROM.BASEBITS)-1; -ROM.MODBYTES=(1+(Math.floor((ROM.MODBITS-1)/8))); -ROM.NEXCESS=(1<<(ROM.CHUNK-ROM.BASEBITS-1)); // 2^(CHUNK-BASEBITS-1) -ROM.FEXCESS=(1<<(ROM.BASEBITS*ROM.NLEN-ROM.MODBITS)); // 2^(BASEBITS*NLEN-MODBITS) -ROM.OMASK=(-1)<<ROM.TBITS; -ROM.TBITS=ROM.MODBITS%ROM.BASEBITS; -ROM.TMASK=(1<<ROM.TBITS)-1; -ROM.BIGBITS=(8*ROM.MODBYTES); - -ROM.FF_BITS=(ROM.BIGBITS*ROM.FFLEN); -ROM.HFLEN=(ROM.FFLEN/2); /* Useful for half-size RSA private key operations */
