http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_BLS461.c ---------------------------------------------------------------------- diff --git a/version3/c/rom_field_BLS461.c b/version3/c/rom_field_BLS461.c deleted file mode 100644 index c2e561a..0000000 --- a/version3/c/rom_field_BLS461.c +++ /dev/null @@ -1,31 +0,0 @@ -#include "arch.h" -#include "fp_BLS461.h" - -/* Curve BLS461 - Pairing friendly BLS curve */ - -#if CHUNK==16 - -#error Not supported - -#endif - -#if CHUNK==32 -// Base Bits= 28 -const BIG_464_28 Modulus_BLS461= {0xAAAAAAB,0xAC0000A,0x54AAAAA,0x5555,0x400020,0x91557F0,0xF26AA,0xFA5C1CC,0xB42A8DF,0x7B14848,0x8BACCA4,0x6F1E32D,0x4935FBD,0x55D6941,0xD5A555A,0x5545554,0x1555}; -const BIG_464_28 R2modp_BLS461= {0xC9B6A33,0x2ECD087,0x3CCB2B1,0xCD461FE,0x8CB5AB2,0xC5B9635,0x5312E92,0xB659F64,0x3B596FA,0x8679006,0xA92E2B3,0x3CE05E3,0x363550F,0x7C07A8E,0x382C083,0x6347FEA,0xBD}; -const chunk MConst_BLS461= 0xFFFFFFD; -const BIG_464_28 Fra_BLS461= {0xB812A3A,0x7117BF9,0x99C400F,0xC6308A5,0x5BF8A1,0x510E075,0x45FA5A6,0xCE4858D,0x770B31A,0xBC2CB04,0xE2FC61E,0xD073588,0x4366190,0x4DFEFA8,0x69E55E2,0x504B7F,0x12E4}; -const BIG_464_28 Frb_BLS461= {0xF298071,0x3AE8410,0xBAE6A9B,0x39D4CAF,0xFE4077E,0x404777A,0xBAF8104,0x2C13C3E,0x3D1F5C5,0xBEE7D44,0xA8B0685,0x9EAADA4,0x5CFE2C,0x7D7999,0x6BBFF78,0x50409D5,0x271}; - -#endif - -#if CHUNK==64 -// Base Bits=60 -const BIG_464_60 Modulus_BLS461= {0xAAC0000AAAAAAABL,0x20000555554AAAAL,0x6AA91557F004000L,0xA8DFFA5C1CC00F2L,0xACCA47B14848B42L,0x935FBD6F1E32D8BL,0xD5A555A55D69414L,0x15555545554L}; -const BIG_464_60 R2modp_BLS461= {0x96D08774614DDA8L,0xCD45F539225D5BDL,0xD712EB760C95AB1L,0xB3B687155F30B55L,0xC4E62A05C3F5B81L,0xBA1151676CA3CD0L,0x7EDD8A958F442BEL,0x12B89DD3F91L}; -const chunk MConst_BLS461= 0xC0005FFFFFFFDL; -const BIG_464_60 Fra_BLS461= {0xF7117BF9B812A3AL,0xA1C6308A599C400L,0x5A6510E07505BF8L,0xB31ACE4858D45FAL,0xFC61EBC2CB04770L,0x366190D073588E2L,0x69E55E24DFEFA84L,0x12E40504B7FL}; -const BIG_464_60 Frb_BLS461= {0xB3AE8410F298071L,0x7E39D4CAFBAE6A9L,0x104404777AFE407L,0xF5C52C13C3EBAF8L,0xB0685BEE7D443D1L,0x5CFE2C9EAADA4A8L,0x6BBFF7807D79990L,0x27150409D5L}; - - -#endif \ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_BLS48.c ---------------------------------------------------------------------- diff --git a/version3/c/rom_field_BLS48.c b/version3/c/rom_field_BLS48.c deleted file mode 100644 index 5bf4488..0000000 --- a/version3/c/rom_field_BLS48.c +++ /dev/null @@ -1,32 +0,0 @@ -#include "arch.h" -#include "fp_BLS48.h" - -/* Curve BLS48 - Pairing friendly BLS48 curve */ - -#if CHUNK==16 - -#error Not supported - -#endif - -#if CHUNK==32 - -// Base Bits= 29 -const BIG_560_29 Modulus_BLS48= {0x1CF6AC0B,0x17B7307F,0x19877E7B,0x12CE0134,0x14228402,0x1BD4C386,0x1DACBB04,0x40410D0,0x25A415,0x980B53E,0xDE6E250,0x15D9AAD6,0x5DA950,0x1029B7A,0x54AB351,0x14AD90CE,0x3729047,0x1FE7E2D9,0x145F610B,0x1F}; -const BIG_560_29 R2modp_BLS48= {0xD59D0FA,0x12F01FD0,0xDE8FD41,0x35AAEE1,0xB937F48,0x50700E8,0x1F50EFCE,0x1019B13C,0x3470A2F,0x11094115,0xF9FB72D,0x6AD10E2,0x1CFD9F8,0x44F4785,0x2B48793,0x1148ED3,0xF609E61,0x1EE34BC7,0x1735D29E,0x0}; -const chunk MConst_BLS48= 0x9DA805D; -const BIG_560_29 Fra_BLS48= {0x1325BF89,0x1311E7EC,0xCD0A56F,0x1A0FD46E,0xE83BCCA,0xCA97DD0,0x18D1D297,0x5F1E137,0x7AB9F2C,0x13FC255F,0x1C9DECEB,0x9DEF4A2,0x3C0F60B,0x1D9909E4,0x1FF27FF7,0x1DBF8208,0x89BB36C,0x40044E0,0x62E01EE,0x5}; -const BIG_560_29 Frb_BLS48= {0x1325BF89,0x1311E7EC,0xCD0A56F,0x1A0FD46E,0xE83BCCA,0xCA97DD0,0x18D1D297,0x5F1E137,0x7AB9F2C,0x13FC255F,0x1C9DECEB,0x9DEF4A2,0x3C0F60B,0x1D9909E4,0x1FF27FF7,0x1DBF8208,0x89BB36C,0x40044E0,0x62E01EE,0x5}; - -#endif - -#if CHUNK==64 - -// Base Bits= 58 -const BIG_560_58 Modulus_BLS48= {0x2F6E60FFCF6AC0BL,0x259C02699877E7BL,0x37A9870D4228402L,0x80821A1DACBB04L,0x13016A7C025A415L,0x2BB355ACDE6E250L,0x20536F405DA950L,0x295B219C54AB351L,0x3FCFC5B23729047L,0x3F45F610BL}; -const BIG_560_58 R2modp_BLS48= {0x25E03FA0D59D0FAL,0x6B55DC2DE8FD41L,0xA0E01D0B937F48L,0x20336279F50EFCEL,0x2212822A3470A2FL,0xD5A21C4F9FB72DL,0x89E8F0A1CFD9F8L,0x2291DA62B48793L,0x3DC6978EF609E61L,0x1735D29EL}; -const chunk MConst_BLS48= 0x21BFCBCA9DA805DL; -const BIG_560_58 Fra_BLS48= {0x2623CFD9325BF89L,0x341FA8DCCD0A56FL,0x1952FBA0E83BCCAL,0xBE3C26F8D1D297L,0x27F84ABE7AB9F2CL,0x13BDE945C9DECEBL,0x3B3213C83C0F60BL,0x3B7F0411FF27FF7L,0x80089C089BB36CL,0xA62E01EEL}; -const BIG_560_58 Frb_BLS48= {0x2623CFD9325BF89L,0x341FA8DCCD0A56FL,0x1952FBA0E83BCCAL,0xBE3C26F8D1D297L,0x27F84ABE7AB9F2CL,0x13BDE945C9DECEBL,0x3B3213C83C0F60BL,0x3B7F0411FF27FF7L,0x80089C089BB36CL,0xA62E01EEL}; - -#endif \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_BN254.c ---------------------------------------------------------------------- diff --git a/version3/c/rom_field_BN254.c b/version3/c/rom_field_BN254.c deleted file mode 100644 index c244a87..0000000 --- a/version3/c/rom_field_BN254.c +++ /dev/null @@ -1,37 +0,0 @@ -#include "arch.h" -#include "fp_BN254.h" - -/* Curve BN254 - Pairing friendly BN curve */ - -/* Nogami's fast curve */ - -#if CHUNK==16 - -// Base Bits= 13 -const BIG_256_13 Modulus_BN254= {0x13,0x0,0x0,0x0,0x1A70,0x9,0x0,0x0,0x100,0x309,0x2,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A}; -const BIG_256_13 R2modp_BN254= {0xF32,0x239,0x14DC,0xCE8,0x928,0x11B6,0x130F,0x1183,0x56E,0x1AEE,0x124F,0xD2A,0x7F8,0x1CE6,0x1B50,0x77C,0x3A,0x1A9E,0x1EFD,0x1C}; -const chunk MConst_BN254= 0x15E5; -const BIG_256_13 Fra_BN254= {0xDE9,0x1953,0x101B,0x1BCD,0xE17,0x1BE1,0x14FD,0x1249,0x974,0x1C28,0x54F,0x108D,0x150A,0x4CD,0x12D9,0xF91,0x12E,0x10C9,0xDDD,0x36}; -const BIG_256_13 Frb_BN254= {0x122A,0x6AC,0xFE4,0x432,0xC58,0x428,0xB02,0xDB6,0x178B,0x6E0,0x1AB2,0xF72,0x2F5,0x1559,0x140F,0x106E,0x1ED1,0x1348,0x1AFB,0x13}; - -#endif - -#if CHUNK==32 -// Base Bits= 28 -const BIG_256_28 Modulus_BN254= {0x13,0x0,0x13A7,0x0,0x86121,0x8000000,0x1BA344D,0x4000000,0x5236482,0x2}; -const BIG_256_28 R2modp_BN254= {0xF5E7E39,0x2F2A96F,0xB96F13C,0x64E8642,0xC7146,0x9926F7B,0x4DACD24,0x8321E7B,0xD127A2E,0x1}; -const chunk MConst_BN254= 0x79435E5; -const BIG_256_28 Fra_BN254= {0xF2A6DE9,0x7DE6C06,0xF77C2E1,0x74924D3,0x53F8509,0x50A8469,0xCB6499B,0x212E7C8,0xB377619,0x1}; -const BIG_256_28 Frb_BN254= {0xD5922A,0x82193F9,0x8850C5,0x8B6DB2C,0xAC8DC17,0x2F57B96,0x503EAB2,0x1ED1837,0x9EBEE69,0x0}; - -#endif - -#if CHUNK==64 -// Base Bits= 56 -const BIG_256_56 Modulus_BN254= {0x13L,0x13A7L,0x80000000086121L,0x40000001BA344DL,0x25236482L}; -const BIG_256_56 R2modp_BN254= {0x2F2A96FF5E7E39L,0x64E8642B96F13CL,0x9926F7B00C7146L,0x8321E7B4DACD24L,0x1D127A2EL}; -const chunk MConst_BN254= 0x435E50D79435E5L; -const BIG_256_56 Fra_BN254= {0x7DE6C06F2A6DE9L,0x74924D3F77C2E1L,0x50A846953F8509L,0x212E7C8CB6499BL,0x1B377619L}; -const BIG_256_56 Frb_BN254= {0x82193F90D5922AL,0x8B6DB2C08850C5L,0x2F57B96AC8DC17L,0x1ED1837503EAB2L,0x9EBEE69L}; -#endif - http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_BN254CX.c ---------------------------------------------------------------------- diff --git a/version3/c/rom_field_BN254CX.c b/version3/c/rom_field_BN254CX.c deleted file mode 100644 index 1209f0c..0000000 --- a/version3/c/rom_field_BN254CX.c +++ /dev/null @@ -1,38 +0,0 @@ -#include "arch.h" -#include "fp_BN254CX.h" - -/* Curve BN254CX - Pairing friendly BN curve */ - -/* CertiVox BN curve/field */ - -#if CHUNK==16 - -// Base Bits= 13 -const BIG_256_13 Modulus_BN254CX= {0x15B3,0xDA,0x1BD7,0xC47,0x1BE6,0x1F70,0x24,0x1DC3,0x1FD6,0x1921,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48}; -const BIG_256_13 R2modp_BN254CX= {0x1527,0x146B,0x12A7,0x1A60,0x1E0A,0x1382,0x2BC,0x1D3F,0xB30,0xA8,0xD19,0x11AB,0x1D40,0x1965,0xD6D,0x643,0x10FF,0x1BC7,0x1E61,0x31}; -const chunk MConst_BN254CX= 0x1E85; -const BIG_256_13 Fra_BN254CX= {0xEA3,0xE40,0xCD5,0x1210,0x15BD,0x1C10,0x5CF,0x4DE,0x773,0x343,0x626,0x194E,0x18AA,0x10C5,0x12BF,0x2C,0x63A,0x17D,0x1642,0x26}; -const BIG_256_13 Frb_BN254CX= {0x710,0x129A,0xF01,0x1A37,0x628,0x360,0x1A55,0x18E4,0x1863,0x15DE,0x138E,0x1B78,0x1D9C,0xE29,0x403,0x515,0x236,0x1E83,0x9BD,0x21}; - - -#endif - -#if CHUNK==32 -// Base Bits= 28 -const BIG_256_28 Modulus_BN254CX= {0xC1B55B3,0x6623EF5,0x93EE1BE,0xD6EE180,0x6D3243F,0x647A636,0xDB0BDDF,0x8702A0,0x4000000,0x2}; -const BIG_256_28 R2modp_BN254CX= {0x8A0800A,0x466A061,0x43056A3,0x2B3A225,0x9C6600,0x148515B,0x6BDF50,0xEC9EA56,0xC992E66,0x1}; -const chunk MConst_BN254CX= 0x9789E85; -const BIG_256_28 Fra_BN254CX= {0x5C80EA3,0xD908335,0x3F8215B,0x7326F17,0x8986867,0x8AACA71,0x4AFE18B,0xA63A016,0x359082F,0x1}; -const BIG_256_28 Frb_BN254CX= {0x6534710,0x8D1BBC0,0x546C062,0x63C7269,0xE3ABBD8,0xD9CDBC4,0x900DC53,0x623628A,0xA6F7D0,0x1}; - -#endif - -#if CHUNK==64 -// Base Bits= 56 -const BIG_256_56 Modulus_BN254CX= {0x6623EF5C1B55B3L,0xD6EE18093EE1BEL,0x647A6366D3243FL,0x8702A0DB0BDDFL,0x24000000L}; -const BIG_256_56 R2modp_BN254CX= {0x466A0618A0800AL,0x2B3A22543056A3L,0x148515B09C6600L,0xEC9EA5606BDF50L,0x1C992E66L}; -const chunk MConst_BN254CX= 0x4E205BF9789E85L; -const BIG_256_56 Fra_BN254CX= {0xD9083355C80EA3L,0x7326F173F8215BL,0x8AACA718986867L,0xA63A0164AFE18BL,0x1359082FL}; -const BIG_256_56 Frb_BN254CX= {0x8D1BBC06534710L,0x63C7269546C062L,0xD9CDBC4E3ABBD8L,0x623628A900DC53L,0x10A6F7D0L}; -#endif - http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_BRAINPOOL.c ---------------------------------------------------------------------- diff --git a/version3/c/rom_field_BRAINPOOL.c b/version3/c/rom_field_BRAINPOOL.c deleted file mode 100644 index bc73330..0000000 --- a/version3/c/rom_field_BRAINPOOL.c +++ /dev/null @@ -1,25 +0,0 @@ -#include "arch.h" -#include "fp_BRAINPOOL.h" - -/* Brainpool Modulus */ - -#if CHUNK==16 - -#error Not supported - -#endif - -#if CHUNK==32 -// Base Bits= 28 -const BIG_256_28 Modulus_BRAINPOOL= {0xF6E5377,0x13481D1,0x6202820,0xF623D52,0xD726E3B,0x909D838,0xC3E660A,0xA1EEA9B,0x9FB57DB,0xA}; -const BIG_256_28 R2modp_BRAINPOOL= {0xB9A3787,0x9E04F49,0x8F3CF49,0x2931721,0xF1DBC89,0x54E8C3C,0xF7559CA,0xBB411A3,0x773E15F,0x9}; -const chunk MConst_BRAINPOOL= 0xEFD89B9; -#endif - -#if CHUNK==64 -// Base Bits= 56 -const BIG_256_56 Modulus_BRAINPOOL= {0x13481D1F6E5377L,0xF623D526202820L,0x909D838D726E3BL,0xA1EEA9BC3E660AL,0xA9FB57DBL}; -const BIG_256_56 R2modp_BRAINPOOL= {0x9E04F49B9A3787L,0x29317218F3CF49L,0x54E8C3CF1DBC89L,0xBB411A3F7559CAL,0x9773E15FL}; -const chunk MConst_BRAINPOOL= 0xA75590CEFD89B9L; -#endif - http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_C41417.c ---------------------------------------------------------------------- diff --git a/version3/c/rom_field_C41417.c b/version3/c/rom_field_C41417.c deleted file mode 100644 index e28f42c..0000000 --- a/version3/c/rom_field_C41417.c +++ /dev/null @@ -1,25 +0,0 @@ -#include "arch.h" -#include "fp_C41417.h" - -/* Curve C41417 */ - -#if CHUNK==16 - -#error Not supported - -#endif - -#if CHUNK==32 -// Base Bits= 29 -const BIG_416_29 Modulus_C41417= {0x1FFFFFEF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFF}; -const BIG_416_29 R2modp_C41417= {0x0,0x242000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; -const chunk MConst_C41417= 0x11; -#endif - -#if CHUNK==64 -// Base Bits= 60 -const BIG_416_60 Modulus_C41417= {0xFFFFFFFFFFFFFEFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0x3FFFFFFFFFFFFFL}; -const BIG_416_60 R2modp_C41417= {0x121000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}; -const chunk MConst_C41417= 0x11L; -#endif - http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_FP256BN.c ---------------------------------------------------------------------- diff --git a/version3/c/rom_field_FP256BN.c b/version3/c/rom_field_FP256BN.c deleted file mode 100644 index 8174955..0000000 --- a/version3/c/rom_field_FP256BN.c +++ /dev/null @@ -1,36 +0,0 @@ -#include "arch.h" -#include "fp_FP256BN.h" - -/* Curve FP256BN - Pairing friendly BN curve */ - -/* ISO fast curve */ - -#if CHUNK==16 - -#error Not supported - -#endif - -#if CHUNK==32 -// Base Bits= 28 - -const BIG_256_28 Modulus_FP256BN= {0xED33013,0x292DDBA,0x80A82D3,0x65FB129,0x49F0CDC,0x5EEE71A,0xD46E5F2,0xFFFCF0C,0xFFFFFFF,0xF}; -const BIG_256_28 R2modp_FP256BN= {0x3B9F8B,0xEDE3363,0xFEC54E8,0x92FFEE9,0x3C55F79,0x13C1C06,0xC0123FA,0xA12F2EA,0xE559B2A,0x8}; -const chunk MConst_FP256BN= 0x537E5E5; -const BIG_256_28 Fra_FP256BN= {0xF943106,0x760328A,0xAB28F74,0x71511E3,0x7CF39A1,0x8DDB086,0x52D1A6E,0xCA786F3,0xD617662,0x3}; -const BIG_256_28 Frb_FP256BN= {0xF3EFF0D,0xB32AB2F,0xD57F35E,0xF4A9F45,0xCCFD33A,0xD113693,0x819CB83,0x3584819,0x29E899D,0xC}; - - -#endif - -#if CHUNK==64 -// Base Bits= 56 -const BIG_256_56 Modulus_FP256BN= {0x292DDBAED33013L,0x65FB12980A82D3L,0x5EEE71A49F0CDCL,0xFFFCF0CD46E5F2L,0xFFFFFFFFL}; -const BIG_256_56 R2modp_FP256BN= {0xEDE336303B9F8BL,0x92FFEE9FEC54E8L,0x13C1C063C55F79L,0xA12F2EAC0123FAL,0x8E559B2AL}; -const chunk MConst_FP256BN= 0x6C964E0537E5E5L; -const BIG_256_56 Fra_FP256BN= {0x760328AF943106L,0x71511E3AB28F74L,0x8DDB0867CF39A1L,0xCA786F352D1A6EL,0x3D617662L}; -const BIG_256_56 Frb_FP256BN= {0xB32AB2FF3EFF0DL,0xF4A9F45D57F35EL,0xD113693CCFD33AL,0x3584819819CB83L,0xC29E899DL}; - - -#endif - http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_FP512BN.c ---------------------------------------------------------------------- diff --git a/version3/c/rom_field_FP512BN.c b/version3/c/rom_field_FP512BN.c deleted file mode 100644 index e88f66a..0000000 --- a/version3/c/rom_field_FP512BN.c +++ /dev/null @@ -1,38 +0,0 @@ -#include "arch.h" -#include "fp_FP512BN.h" - -/* Curve FP512BN - Pairing friendly BN curve */ - -/* ISO fast curve */ - -#if CHUNK==16 - -#error Not supported - -#endif - -#if CHUNK==32 -// Base Bits= 29 - -const BIG_512_29 Modulus_FP512BN= {0x2ADEF33,0x7594049,0x131919ED,0x14AB9CBE,0x16FE1916,0x12EF5591,0x2E39231,0x3D597D3,0x55146CF,0x88D877A,0x102EF8F0,0x1196A60F,0x1C60BA1D,0x1CF63F80,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFF}; -const BIG_512_29 R2modp_FP512BN= {0xFD68B47,0xFCF5D2C,0x437675A,0x1BBC3FBF,0x1411E413,0x13453559,0x10B5639,0x1C34CE79,0x6D476BF,0xFD05F2B,0x15D17C28,0x6C9F76E,0x1C2375B3,0x78CCE9B,0x15F0AB33,0x1960F32E,0x1A8D44E,0x57A38}; -const chunk MConst_FP512BN= 0x1CCC5C05; -const BIG_512_29 Fra_FP512BN= {0x14B73AB2,0x4B0BD8F,0xABB47D,0x2A29EC4,0x18681E17,0x104069DE,0x12EED67D,0x1553D0A5,0x398E9F8,0x7971034,0xAC9AF23,0x52DEF23,0x14EA18A5,0x1463E345,0x6DE465A,0x17F212B4,0x1AA9CF5B,0xF7B8}; -const BIG_512_29 Frb_FP512BN= {0xDF6B481,0x2A882B9,0x126D6570,0x1208FDFA,0x1E95FAFF,0x2AEEBB2,0xFF4BBB4,0xE81C72D,0x1B85CD6,0xF67746,0x56549CD,0xC68B6EC,0x776A178,0x8925C3B,0x1921B9A5,0x80DED4B,0x55630A4,0x70847}; - - - -#endif - -#if CHUNK==64 -// Base Bits= 60 - -const BIG_512_60 Modulus_FP512BN= {0x4EB280922ADEF33L,0x6A55CE5F4C6467BL,0xC65DEAB236FE191L,0xCF1EACBE98B8E48L,0x3C111B0EF455146L,0xA1D8CB5307C0BBEL,0xFFFF9EC7F01C60BL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFL}; -const BIG_512_60 R2modp_FP512BN= {0x1FA6DCEF99812E9L,0xAB3452895A0B74EL,0xC53EA988C079E1EL,0x1E90E033BA630B9L,0xF1EA41C0714D8B0L,0xE72785387509E28L,0xD86794F834DAB00L,0x9757C2ACCD342A1L,0x44ECB079L}; -const chunk MConst_FP512BN= 0x692A189FCCC5C05L; -const BIG_512_60 Fra_FP512BN= {0x49617B1F4B73AB2L,0x71514F6202AED1FL,0xF6080D3BD8681E1L,0xF8AA9E852CBBB59L,0xC8CF2E2068398E9L,0x8A5296F791AB26BL,0x196A8C7C68B4EA1L,0xCF5BBF9095A1B79L,0x1EF71AA9L}; -const BIG_512_60 Frb_FP512BN= {0x5510572DF6B481L,0xF9047EFD49B595CL,0xD055DD765E95FAFL,0xD6740E396BFD2EEL,0x7341ECEE8C1B85CL,0x1786345B7615952L,0xE695124B876776AL,0x30A4406F6A5E486L,0xE108E556L}; - - -#endif - http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_GOLDILOCKS.c ---------------------------------------------------------------------- diff --git a/version3/c/rom_field_GOLDILOCKS.c b/version3/c/rom_field_GOLDILOCKS.c deleted file mode 100644 index 2a1785e..0000000 --- a/version3/c/rom_field_GOLDILOCKS.c +++ /dev/null @@ -1,30 +0,0 @@ -#include "arch.h" -#include "fp_GOLDILOCKS.h" - -/* Curve GOLDILOCKS */ - -#if CHUNK==16 - -#error Not supported - -#endif - -#if CHUNK==32 - -// Base Bits= 29 -const BIG_448_29 Modulus_GOLDILOCKS= {0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FDFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFF}; -const BIG_448_29 R2modp_GOLDILOCKS= {0x0,0x10,0x0,0x0,0x0,0x0,0x0,0x0,0x3000000,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; -const chunk MConst_GOLDILOCKS= 0x1; - -#endif - -#if CHUNK==64 -// Base Bits= 58 -const BIG_448_58 Modulus_GOLDILOCKS= {0x3FFFFFFFFFFFFFFL,0x3FFFFFFFFFFFFFFL,0x3FFFFFFFFFFFFFFL,0x3FBFFFFFFFFFFFFL,0x3FFFFFFFFFFFFFFL,0x3FFFFFFFFFFFFFFL,0x3FFFFFFFFFFFFFFL,0x3FFFFFFFFFFL}; -const BIG_448_58 R2modp_GOLDILOCKS= {0x200000000L,0x0L,0x0L,0x0L,0x3000000L,0x0L,0x0L,0x0L}; -const chunk MConst_GOLDILOCKS= 0x1L; - - -#endif - - http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_HIFIVE.c ---------------------------------------------------------------------- diff --git a/version3/c/rom_field_HIFIVE.c b/version3/c/rom_field_HIFIVE.c deleted file mode 100644 index 097dcec..0000000 --- a/version3/c/rom_field_HIFIVE.c +++ /dev/null @@ -1,27 +0,0 @@ -#include "arch.h" -#include "fp_HIFIVE.h" - -/* Curve HIFIVE */ - - -#if CHUNK==16 - -#error Not supported - -#endif - -#if CHUNK==32 -// Base Bits= 29 -const BIG_336_29 Modulus_HIFIVE= {0x1FFFFFFD,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFF}; -const BIG_336_29 R2modp_HIFIVE= {0x9000000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; -const chunk MConst_HIFIVE= 0x3; -#endif - -#if CHUNK==64 -// Base Bits= 60 -const BIG_336_60 Modulus_HIFIVE= {0xFFFFFFFFFFFFFFDL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFL}; -const BIG_336_60 R2modp_HIFIVE= {0x9000000000000L,0x0L,0x0L,0x0L,0x0L,0x0L}; -const chunk MConst_HIFIVE= 0x3L; -#endif - - http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_NIST256.c ---------------------------------------------------------------------- diff --git a/version3/c/rom_field_NIST256.c b/version3/c/rom_field_NIST256.c deleted file mode 100644 index b5a7187..0000000 --- a/version3/c/rom_field_NIST256.c +++ /dev/null @@ -1,27 +0,0 @@ -#include "arch.h" -#include "fp_NIST256.h" - -/* Curve NIST256 */ - -#if CHUNK==16 - -#error Not supported - -#endif - -#if CHUNK==32 -// Base Bits= 28 -const BIG_256_28 Modulus_NIST256= {0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFF,0x0,0x0,0x1000000,0x0,0xFFFFFFF,0xF}; -const BIG_256_28 R2modp_NIST256= {0x50000,0x300000,0x0,0x0,0xFFFFFFA,0xFFFFFBF,0xFFFFEFF,0xFFFAFFF,0x2FFFF,0x0}; -const chunk MConst_NIST256= 0x1; -#endif - -#if CHUNK==64 - -// Base Bits= 56 -const BIG_256_56 Modulus_NIST256= {0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFL,0x0L,0x1000000L,0xFFFFFFFFL}; -const BIG_256_56 R2modp_NIST256= {0x3000000050000L,0x0L,0xFFFFFBFFFFFFFAL,0xFFFAFFFFFFFEFFL,0x2FFFFL}; -const chunk MConst_NIST256= 0x1L; - -#endif - http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_NIST384.c ---------------------------------------------------------------------- diff --git a/version3/c/rom_field_NIST384.c b/version3/c/rom_field_NIST384.c deleted file mode 100644 index a739ae3..0000000 --- a/version3/c/rom_field_NIST384.c +++ /dev/null @@ -1,27 +0,0 @@ -#include "arch.h" -#include "fp_NIST384.h" - -/* Curve NIST384 */ - -#if CHUNK==16 - -#error Not supported - -#endif - -#if CHUNK==32 -// Base Bits= 29 -const BIG_384_29 Modulus_NIST384= {0x1FFFFFFF,0x7,0x0,0x1FFFFE00,0x1FFFEFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7F}; -const BIG_384_29 R2modp_NIST384= {0x0,0x8000,0x1FF80000,0x1FFFFF,0x2000000,0x0,0x0,0x1FFFFFFC,0xF,0x100,0x400,0x0,0x0,0x0}; -const chunk MConst_NIST384= 0x1; -#endif - -#if CHUNK==64 -// Base Bits= 56 -const BIG_384_56 Modulus_NIST384= {0xFFFFFFFFL,0xFFFF0000000000L,0xFFFFFFFFFEFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFL}; -const BIG_384_56 R2modp_NIST384= {0xFE000000010000L,0xFFFFFFL,0x2L,0xFFFFFFFE00L,0x1000000020000L,0x0L,0x0L}; -const chunk MConst_NIST384= 0x100000001L; - -#endif - - http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_NIST521.c ---------------------------------------------------------------------- diff --git a/version3/c/rom_field_NIST521.c b/version3/c/rom_field_NIST521.c deleted file mode 100644 index 048f9ac..0000000 --- a/version3/c/rom_field_NIST521.c +++ /dev/null @@ -1,25 +0,0 @@ -#include "arch.h" -#include "fp_NIST521.h" - -/* Curve NIST521 */ - -#if CHUNK==16 - -#error Not supported - -#endif - -#if CHUNK==32 -// Base Bits= 28 -const BIG_528_28 Modulus_NIST521= {0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0x1FFFF}; -const BIG_528_28 R2modp_NIST521= {0x400000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; -const chunk MConst_NIST521= 0x1; -#endif - -#if CHUNK==64 -// Base Bits= 60 -const BIG_528_60 Modulus_NIST521= {0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0x1FFFFFFFFFFL}; -const BIG_528_60 R2modp_NIST521= {0x4000000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}; -const chunk MConst_NIST521= 0x1L; -#endif - http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_SECP256K1.c ---------------------------------------------------------------------- diff --git a/version3/c/rom_field_SECP256K1.c b/version3/c/rom_field_SECP256K1.c deleted file mode 100644 index 4f80178..0000000 --- a/version3/c/rom_field_SECP256K1.c +++ /dev/null @@ -1,28 +0,0 @@ -#include "arch.h" -#include "fp_SECP256K1.h" - -/* Curve SECP256K1 */ - -#if CHUNK==16 - -#error Not supported - -#endif - -#if CHUNK==32 -// Base Bits= 28 -const BIG_256_28 Modulus_SECP256K1= {0xFFFFC2F,0xFFFFFEF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xF}; -const BIG_256_28 R2modp_SECP256K1= {0x0,0xA100000,0x2000E90,0x7A,0x1,0x0,0x0,0x0,0x0,0x0}; -const chunk MConst_SECP256K1= 0x2253531; - -#endif - -#if CHUNK==64 - -// Base Bits= 56 -const BIG_256_56 Modulus_SECP256K1= {0xFFFFFEFFFFFC2FL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFL}; -const BIG_256_56 R2modp_SECP256K1= {0xA1000000000000L,0x7A2000E90L,0x1L,0x0L,0x0L}; -const chunk MConst_SECP256K1= 0x38091DD2253531L; - -#endif - http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rsa.c ---------------------------------------------------------------------- diff --git a/version3/c/rsa.c b/version3/c/rsa.c deleted file mode 100644 index bbe41b2..0000000 --- a/version3/c/rsa.c +++ /dev/null @@ -1,162 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -/* RSA Functions - see main program below */ - -#include <stdio.h> -#include <string.h> -#include <stdlib.h> -#include <time.h> - -#include "rsa_WWW.h" -#include "rsa_support.h" - -/* generate an RSA key pair */ -void RSA_WWW_KEY_PAIR(csprng *RNG,sign32 e,rsa_private_key_WWW *PRIV,rsa_public_key_WWW *PUB,octet *P, octet* Q) -{ - /* IEEE1363 A16.11/A16.12 more or less */ - BIG_XXX t[HFLEN_WWW],p1[HFLEN_WWW],q1[HFLEN_WWW]; - - if (RNG!=NULL) - { - - for (;;) - { - - FF_WWW_random(PRIV->p,RNG,HFLEN_WWW); - while (FF_WWW_lastbits(PRIV->p,2)!=3) FF_WWW_inc(PRIV->p,1,HFLEN_WWW); - while (!FF_WWW_prime(PRIV->p,RNG,HFLEN_WWW)) - FF_WWW_inc(PRIV->p,4,HFLEN_WWW); - - FF_WWW_copy(p1,PRIV->p,HFLEN_WWW); - FF_WWW_dec(p1,1,HFLEN_WWW); - - if (FF_WWW_cfactor(p1,e,HFLEN_WWW)) continue; - break; - } - - for (;;) - { - FF_WWW_random(PRIV->q,RNG,HFLEN_WWW); - while (FF_WWW_lastbits(PRIV->q,2)!=3) FF_WWW_inc(PRIV->q,1,HFLEN_WWW); - while (!FF_WWW_prime(PRIV->q,RNG,HFLEN_WWW)) - FF_WWW_inc(PRIV->q,4,HFLEN_WWW); - - FF_WWW_copy(q1,PRIV->q,HFLEN_WWW); - FF_WWW_dec(q1,1,HFLEN_WWW); - if (FF_WWW_cfactor(q1,e,HFLEN_WWW)) continue; - - break; - } - - } - else - { - FF_WWW_fromOctet(PRIV->p,P,HFLEN_WWW); - FF_WWW_fromOctet(PRIV->q,Q,HFLEN_WWW); - - FF_WWW_copy(p1,PRIV->p,HFLEN_WWW); - FF_WWW_dec(p1,1,HFLEN_WWW); - - FF_WWW_copy(q1,PRIV->q,HFLEN_WWW); - FF_WWW_dec(q1,1,HFLEN_WWW); - } - - FF_WWW_mul(PUB->n,PRIV->p,PRIV->q,HFLEN_WWW); - PUB->e=e; - - FF_WWW_copy(t,p1,HFLEN_WWW); - FF_WWW_shr(t,HFLEN_WWW); - FF_WWW_init(PRIV->dp,e,HFLEN_WWW); - FF_WWW_invmodp(PRIV->dp,PRIV->dp,t,HFLEN_WWW); - if (FF_WWW_parity(PRIV->dp)==0) FF_WWW_add(PRIV->dp,PRIV->dp,t,HFLEN_WWW); - FF_WWW_norm(PRIV->dp,HFLEN_WWW); - - FF_WWW_copy(t,q1,HFLEN_WWW); - FF_WWW_shr(t,HFLEN_WWW); - FF_WWW_init(PRIV->dq,e,HFLEN_WWW); - FF_WWW_invmodp(PRIV->dq,PRIV->dq,t,HFLEN_WWW); - if (FF_WWW_parity(PRIV->dq)==0) FF_WWW_add(PRIV->dq,PRIV->dq,t,HFLEN_WWW); - FF_WWW_norm(PRIV->dq,HFLEN_WWW); - - FF_WWW_invmodp(PRIV->c,PRIV->p,PRIV->q,HFLEN_WWW); - - return; -} - -/* destroy the Private Key structure */ -void RSA_WWW_PRIVATE_KEY_KILL(rsa_private_key_WWW *PRIV) -{ - FF_WWW_zero(PRIV->p,HFLEN_WWW); - FF_WWW_zero(PRIV->q,HFLEN_WWW); - FF_WWW_zero(PRIV->dp,HFLEN_WWW); - FF_WWW_zero(PRIV->dq,HFLEN_WWW); - FF_WWW_zero(PRIV->c,HFLEN_WWW); -} - -void RSA_WWW_fromOctet(BIG_XXX x[],octet *w) -{ - FF_WWW_fromOctet(x,w,FFLEN_WWW); -} - -/* RSA encryption with the public key */ -void RSA_WWW_ENCRYPT(rsa_public_key_WWW *PUB,octet *F,octet *G) -{ - BIG_XXX f[FFLEN_WWW]; - FF_WWW_fromOctet(f,F,FFLEN_WWW); - - FF_WWW_power(f,f,PUB->e,PUB->n,FFLEN_WWW); - - FF_WWW_toOctet(G,f,FFLEN_WWW); -} - -/* RSA decryption with the private key */ -void RSA_WWW_DECRYPT(rsa_private_key_WWW *PRIV,octet *G,octet *F) -{ - BIG_XXX g[FFLEN_WWW],t[FFLEN_WWW],jp[HFLEN_WWW],jq[HFLEN_WWW]; - - FF_WWW_fromOctet(g,G,FFLEN_WWW); - - FF_WWW_dmod(jp,g,PRIV->p,HFLEN_WWW); - FF_WWW_dmod(jq,g,PRIV->q,HFLEN_WWW); - - FF_WWW_skpow(jp,jp,PRIV->dp,PRIV->p,HFLEN_WWW); - FF_WWW_skpow(jq,jq,PRIV->dq,PRIV->q,HFLEN_WWW); - - - FF_WWW_zero(g,FFLEN_WWW); - FF_WWW_copy(g,jp,HFLEN_WWW); - FF_WWW_mod(jp,PRIV->q,HFLEN_WWW); - if (FF_WWW_comp(jp,jq,HFLEN_WWW)>0) - FF_WWW_add(jq,jq,PRIV->q,HFLEN_WWW); - FF_WWW_sub(jq,jq,jp,HFLEN_WWW); - FF_WWW_norm(jq,HFLEN_WWW); - - FF_WWW_mul(t,PRIV->c,jq,HFLEN_WWW); - FF_WWW_dmod(jq,t,PRIV->q,HFLEN_WWW); - - FF_WWW_mul(t,jq,PRIV->p,HFLEN_WWW); - FF_WWW_add(g,t,g,FFLEN_WWW); - FF_WWW_norm(g,FFLEN_WWW); - - FF_WWW_toOctet(F,g,FFLEN_WWW); - - return; -} - http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rsa.h ---------------------------------------------------------------------- diff --git a/version3/c/rsa.h b/version3/c/rsa.h deleted file mode 100644 index 4d4c3c1..0000000 --- a/version3/c/rsa.h +++ /dev/null @@ -1,110 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -/** - * @file rsa.h - * @author Mike Scott - * @brief RSA Header file for implementation of RSA protocol - * - * declares functions - * - */ - -#ifndef RSA_WWW_H -#define RSA_WWW_H - -#include "ff_WWW.h" -#include "rsa_support.h" - -/*** START OF USER CONFIGURABLE SECTION - ***/ - -#define HASH_TYPE_RSA_WWW SHA256 /**< Chosen Hash algorithm */ - -/*** END OF USER CONFIGURABLE SECTION ***/ - -#define RFS_WWW MODBYTES_XXX*FFLEN_WWW /**< RSA Public Key Size in bytes */ - - -/** - @brief Integer Factorisation Public Key -*/ - -typedef struct -{ - sign32 e; /**< RSA exponent (typically 65537) */ - BIG_XXX n[FFLEN_WWW]; /**< An array of BIGs to store public key */ -} rsa_public_key_WWW; - -/** - @brief Integer Factorisation Private Key -*/ - -typedef struct -{ - BIG_XXX p[FFLEN_WWW/2]; /**< secret prime p */ - BIG_XXX q[FFLEN_WWW/2]; /**< secret prime q */ - BIG_XXX dp[FFLEN_WWW/2]; /**< decrypting exponent mod (p-1) */ - BIG_XXX dq[FFLEN_WWW/2]; /**< decrypting exponent mod (q-1) */ - BIG_XXX c[FFLEN_WWW/2]; /**< 1/p mod q */ -} rsa_private_key_WWW; - -/* RSA Auxiliary Functions */ - -/** @brief RSA Key Pair Generator - * - @param R is a pointer to a cryptographically secure random number generator - @param e the encryption exponent - @param PRIV the output RSA private key - @param PUB the output RSA public key - @param P Input prime number. Used when R is equal to NULL for testing - @param Q Inpuy prime number. Used when R is equal to NULL for testing - */ -extern void RSA_WWW_KEY_PAIR(csprng *R,sign32 e,rsa_private_key_WWW* PRIV,rsa_public_key_WWW* PUB,octet *P, octet* Q); - -/** @brief RSA encryption of suitably padded plaintext - * - @param PUB the input RSA public key - @param F is input padded message - @param G is the output ciphertext - */ -extern void RSA_WWW_ENCRYPT(rsa_public_key_WWW* PUB,octet *F,octet *G); -/** @brief RSA decryption of ciphertext - * - @param PRIV the input RSA private key - @param G is the input ciphertext - @param F is output plaintext (requires unpadding) - - */ -extern void RSA_WWW_DECRYPT(rsa_private_key_WWW* PRIV,octet *G,octet *F); -/** @brief Destroy an RSA private Key - * - @param PRIV the input RSA private key. Destroyed on output. - */ -extern void RSA_WWW_PRIVATE_KEY_KILL(rsa_private_key_WWW *PRIV); -/** @brief Populates an RSA public key from an octet string - * - Creates RSA public key from big-endian base 256 form. - @param x FF instance to be created from an octet string - @param S input octet string - */ -extern void RSA_WWW_fromOctet(BIG_XXX *x,octet *S); - - - -#endif http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rsa_support.c ---------------------------------------------------------------------- diff --git a/version3/c/rsa_support.c b/version3/c/rsa_support.c deleted file mode 100644 index a4cfdca..0000000 --- a/version3/c/rsa_support.c +++ /dev/null @@ -1,237 +0,0 @@ -#include "rsa_support.h" - -#define ROUNDUP(a,b) ((a)-1)/(b)+1 - -/* general purpose hash function w=hash(p|n|x|y) */ -int hashit(int sha,octet *p,int n,octet *w) -{ - int i,c[4],hlen; - hash256 sha256; - hash512 sha512; - char hh[64]; - - switch (sha) - { - case SHA256: - HASH256_init(&sha256); - break; - case SHA384: - HASH384_init(&sha512); - break; - case SHA512: - HASH512_init(&sha512); - break; - } - - hlen=sha; - - if (p!=NULL) for (i=0; i<p->len; i++) - { - switch(sha) - { - case SHA256: - HASH256_process(&sha256,p->val[i]); - break; - case SHA384: - HASH384_process(&sha512,p->val[i]); - break; - case SHA512: - HASH512_process(&sha512,p->val[i]); - break; - } - } - if (n>=0) - { - c[0]=(n>>24)&0xff; - c[1]=(n>>16)&0xff; - c[2]=(n>>8)&0xff; - c[3]=(n)&0xff; - for (i=0; i<4; i++) - { - switch(sha) - { - case SHA256: - HASH256_process(&sha256,c[i]); - break; - case SHA384: - HASH384_process(&sha512,c[i]); - break; - case SHA512: - HASH512_process(&sha512,c[i]); - break; - } - } - } - - switch (sha) - { - case SHA256: - HASH256_hash(&sha256,hh); - break; - case SHA384: - HASH384_hash(&sha512,hh); - break; - case SHA512: - HASH512_hash(&sha512,hh); - break; - } - - OCT_empty(w); - OCT_jbytes(w,hh,hlen); - for (i=0; i<hlen; i++) hh[i]=0; - - return hlen; -} - -/* Mask Generation Function */ - -static void MGF1(int sha,octet *z,int olen,octet *mask) -{ - char h[64]; - octet H= {0,sizeof(h),h}; - int hlen=sha; - int counter,cthreshold; - - OCT_empty(mask); - - cthreshold=ROUNDUP(olen,hlen); - for (counter=0; counter<cthreshold; counter++) - { - hashit(sha,z,counter,&H); - if (mask->len+hlen>olen) OCT_jbytes(mask,H.val,olen%hlen); - else OCT_joctet(mask,&H); - } - OCT_clear(&H); -} - -/* SHAXXX identifier strings */ -const unsigned char SHA256ID[]= {0x30,0x31,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0x04,0x20}; -const unsigned char SHA384ID[]= {0x30,0x41,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,0x05,0x00,0x04,0x30}; -const unsigned char SHA512ID[]= {0x30,0x51,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00,0x04,0x40}; - -/* PKCS 1.5 padding of a message to be signed */ - -int PKCS15(int sha,octet *m,octet *w) -{ - int olen=w->max; - int hlen=sha; - int idlen=19; - char h[64]; - octet H= {0,sizeof(h),h}; - - if (olen<idlen+hlen+10) return 1; - hashit(sha,m,-1,&H); - - OCT_empty(w); - OCT_jbyte(w,0x00,1); - OCT_jbyte(w,0x01,1); - OCT_jbyte(w,0xff,olen-idlen-hlen-3); - OCT_jbyte(w,0x00,1); - - if (hlen==32) OCT_jbytes(w,(char *)SHA256ID,idlen); - if (hlen==48) OCT_jbytes(w,(char *)SHA384ID,idlen); - if (hlen==64) OCT_jbytes(w,(char *)SHA512ID,idlen); - - OCT_joctet(w,&H); - - return 0; -} - -/* OAEP Message Encoding for Encryption */ - -int OAEP_ENCODE(int sha,octet *m,csprng *RNG,octet *p,octet *f) -{ - int slen,olen=f->max-1; - int mlen=m->len; - int hlen,seedlen; - char dbmask[MAX_RSA_BYTES],seed[64]; - octet DBMASK= {0,sizeof(dbmask),dbmask}; - octet SEED= {0,sizeof(seed),seed}; - - hlen=seedlen=sha; - if (mlen>olen-hlen-seedlen-1) return 1; - if (m==f) return 1; /* must be distinct octets */ - - hashit(sha,p,-1,f); - - slen=olen-mlen-hlen-seedlen-1; - - OCT_jbyte(f,0,slen); - OCT_jbyte(f,0x1,1); - OCT_joctet(f,m); - - OCT_rand(&SEED,RNG,seedlen); - - MGF1(sha,&SEED,olen-seedlen,&DBMASK); - - OCT_xor(&DBMASK,f); - MGF1(sha,&DBMASK,seedlen,f); - - OCT_xor(f,&SEED); - - OCT_joctet(f,&DBMASK); - - OCT_pad(f,f->max); - OCT_clear(&SEED); - OCT_clear(&DBMASK); - - return 0; -} - -/* OAEP Message Decoding for Decryption */ - -int OAEP_DECODE(int sha,octet *p,octet *f) -{ - int comp,x,t; - int i,k,olen=f->max-1; - int hlen,seedlen; - char dbmask[MAX_RSA_BYTES],seed[64],chash[64]; - octet DBMASK= {0,sizeof(dbmask),dbmask}; - octet SEED= {0,sizeof(seed),seed}; - octet CHASH= {0,sizeof(chash),chash}; - - seedlen=hlen=sha; - if (olen<seedlen+hlen+1) return 1; - if (!OCT_pad(f,olen+1)) return 1; - hashit(sha,p,-1,&CHASH); - - x=f->val[0]; - for (i=seedlen; i<olen; i++) - DBMASK.val[i-seedlen]=f->val[i+1]; - DBMASK.len=olen-seedlen; - - MGF1(sha,&DBMASK,seedlen,&SEED); - for (i=0; i<seedlen; i++) SEED.val[i]^=f->val[i+1]; - MGF1(sha,&SEED,olen-seedlen,f); - OCT_xor(&DBMASK,f); - - comp=OCT_ncomp(&CHASH,&DBMASK,hlen); - - OCT_shl(&DBMASK,hlen); - - OCT_clear(&SEED); - OCT_clear(&CHASH); - - for (k=0;; k++) - { - if (k>=DBMASK.len) - { - OCT_clear(&DBMASK); - return 1; - } - if (DBMASK.val[k]!=0) break; - } - - t=DBMASK.val[k]; - if (!comp || x!=0 || t!=0x01) - { - OCT_clear(&DBMASK); - return 1; - } - - OCT_shl(&DBMASK,k+1); - OCT_copy(f,&DBMASK); - OCT_clear(&DBMASK); - - return 0; -} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rsa_support.h ---------------------------------------------------------------------- diff --git a/version3/c/rsa_support.h b/version3/c/rsa_support.h deleted file mode 100644 index 3bd495f..0000000 --- a/version3/c/rsa_support.h +++ /dev/null @@ -1,62 +0,0 @@ -/* - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. -*/ - -/** - * @file rsa_support.h - * @author Mike Scott - * @brief RSA Support Header File - * - */ - -#ifndef RSA_SUPPORT_H -#define RSA_SUPPORT_H - -#include "amcl.h" - -#define MAX_RSA_BYTES 512 /**< Maximum of 4096 */ - -/** @brief PKCS V1.5 padding of a message prior to RSA signature - * - @param h is the hash type - @param M is the input message - @param W is the output encoding, ready for RSA signature - @return 1 if OK, else 0 - */ -extern int PKCS15(int h,octet *M,octet *W); -/** @brief OAEP padding of a message prior to RSA encryption - * - @param h is the hash type - @param M is the input message - @param R is a pointer to a cryptographically secure random number generator - @param P are input encoding parameter string (could be NULL) - @param F is the output encoding, ready for RSA encryption - @return 1 if OK, else 0 - */ -extern int OAEP_ENCODE(int h,octet *M,csprng *R,octet *P,octet *F); -/** @brief OAEP unpadding of a message after RSA decryption - * - Unpadding is done in-place - @param h is the hash type - @param P are input encoding parameter string (could be NULL) - @param F is input padded message, unpadded on output - @return 1 if OK, else 0 - */ -extern int OAEP_DECODE(int h,octet *P,octet *F); - -#endif http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/testall.c ---------------------------------------------------------------------- diff --git a/version3/c/testall.c b/version3/c/testall.c deleted file mode 100644 index 46b5a96..0000000 --- a/version3/c/testall.c +++ /dev/null @@ -1,1627 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -/* test driver and function exerciser for ECDH/ECIES/ECDSA API Functions */ - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <time.h> -#include "ecdh_ED25519.h" -#include "mpin_BN254.h" -#include "rsa_2048.h" -#include "randapi.h" - -#if CHUNK==32 || CHUNK==64 -#include "ecdh_NIST256.h" -#include "ecdh_GOLDILOCKS.h" -#include "mpin_BLS383.h" -#include "mpin192_BLS24.h" -#include "mpin256_BLS48.h" -#endif - -int ecdh_ED25519(csprng *RNG) -{ - int i,res; - unsigned long ran; - char *pp="M0ng00se"; - // These octets are automatically protected against buffer overflow attacks - // Note salt must be big enough to include an appended word - // Note ECIES ciphertext C must be big enough to include at least 1 appended block - // Recall EFS_ED25519 is field size in bytes. So EFS_ED25519=32 for 256-bit curve - char s0[2*EGS_ED25519],s1[EGS_ED25519],w0[2*EFS_ED25519+1],w1[2*EFS_ED25519+1],z0[EFS_ED25519],z1[EFS_ED25519],key[AESKEY_ED25519],salt[40],pw[40]; - octet S0= {0,sizeof(s0),s0}; - octet S1= {0,sizeof(s1),s1}; - octet W0= {0,sizeof(w0),w0}; - octet W1= {0,sizeof(w1),w1}; - octet Z0= {0,sizeof(z0),z0}; - octet Z1= {0,sizeof(z1),z1}; - octet KEY= {0,sizeof(key),key}; - octet SALT= {0,sizeof(salt),salt}; - octet PW= {0,sizeof(pw),pw}; - - SALT.len=8; - for (i=0; i<8; i++) SALT.val[i]=i+1; // set Salt - - printf("Alice's Passphrase= %s\n",pp); - - OCT_empty(&PW); - OCT_jstring(&PW,pp); // set Password from string - - // private key S0 of size EGS_ED25519 bytes derived from Password and Salt - - PBKDF2(HASH_TYPE_ED25519,&PW,&SALT,1000,EGS_ED25519,&S0); - - printf("Alices private key= 0x"); - OCT_output(&S0); - - // Generate Key pair S/W - - ECP_ED25519_KEY_PAIR_GENERATE(NULL,&S0,&W0); - printf("Alices public key= 0x"); - OCT_output(&W0); - - res=ECP_ED25519_PUBLIC_KEY_VALIDATE(&W0); - if (res!=0) - { - printf("ECP Public Key is invalid!\n"); - return 0; - } - - // Random private key for other party - ECP_ED25519_KEY_PAIR_GENERATE(RNG,&S1,&W1); - res=ECP_ED25519_PUBLIC_KEY_VALIDATE(&W1); - if (res!=0) - { - printf("ECP Public Key is invalid!\n"); - return 0; - } - printf("Servers private key= 0x"); - OCT_output(&S1); - printf("Servers public key= 0x"); - OCT_output(&W1); - - // Calculate common key using DH - IEEE 1363 method - - ECP_ED25519_SVDP_DH(&S0,&W1,&Z0); - ECP_ED25519_SVDP_DH(&S1,&W0,&Z1); - - if (!OCT_comp(&Z0,&Z1)) - { - printf("*** ECPSVDP-DH Failed\n"); - return 0; - } - - KDF2(HASH_TYPE_ED25519,&Z0,NULL,AESKEY_ED25519,&KEY); - - printf("Alice's DH Key= 0x"); - OCT_output(&KEY); - printf("Servers DH Key= 0x"); - OCT_output(&KEY); - -#if CURVETYPE_ED25519 != MONTGOMERY - - char ds[EGS_ED25519],p1[30],p2[30],v[2*EFS_ED25519+1],m[32],c[64],t[32],cs[EGS_ED25519]; - octet DS= {0,sizeof(ds),ds}; - octet CS= {0,sizeof(cs),cs}; - octet P1= {0,sizeof(p1),p1}; - octet P2= {0,sizeof(p2),p2}; - octet V= {0,sizeof(v),v}; - octet M= {0,sizeof(m),m}; - octet C= {0,sizeof(c),c}; - octet T= {0,sizeof(t),t}; - - printf("Testing ECIES\n"); - - P1.len=3; - P1.val[0]=0x0; - P1.val[1]=0x1; - P1.val[2]=0x2; - P2.len=4; - P2.val[0]=0x0; - P2.val[1]=0x1; - P2.val[2]=0x2; - P2.val[3]=0x3; - - M.len=17; - for (i=0; i<=16; i++) M.val[i]=i; - - ECP_ED25519_ECIES_ENCRYPT(HASH_TYPE_ED25519,&P1,&P2,RNG,&W1,&M,12,&V,&C,&T); - - printf("Ciphertext= \n"); - printf("V= 0x"); - OCT_output(&V); - printf("C= 0x"); - OCT_output(&C); - printf("T= 0x"); - OCT_output(&T); - - if (!ECP_ED25519_ECIES_DECRYPT(HASH_TYPE_ED25519,&P1,&P2,&V,&C,&T,&S1,&M)) - { - printf("*** ECIES Decryption Failed\n"); - return 0; - } - else printf("Decryption succeeded\n"); - - printf("Message is 0x"); - OCT_output(&M); - - - printf("Testing ECDSA\n"); - - if (ECP_ED25519_SP_DSA(HASH_TYPE_ED25519,RNG,NULL,&S0,&M,&CS,&DS)!=0) - { - printf("***ECDSA Signature Failed\n"); - return 0; - } - - printf("Signature C = 0x"); - OCT_output(&CS); - printf("Signature D = 0x"); - OCT_output(&DS); - - if (ECP_ED25519_VP_DSA(HASH_TYPE_ED25519,&W0,&M,&CS,&DS)!=0) - { - printf("***ECDSA Verification Failed\n"); - return 0; - } - else - { - printf("ECDSA Signature/Verification succeeded\n"); - } - -#endif - - return 0; -} - -#if CHUNK==32 || CHUNK==64 -int ecdh_NIST256(csprng *RNG) -{ - int i,res; - unsigned long ran; - char *pp="M0ng00se"; - // These octets are automatically protected against buffer overflow attacks - // Note salt must be big enough to include an appended word - // Note ECIES ciphertext C must be big enough to include at least 1 appended block - // Recall EFS_NIST256 is field size in bytes. So EFS_NIST256=32 for 256-bit curve - char s0[2*EGS_NIST256],s1[EGS_NIST256],w0[2*EFS_NIST256+1],w1[2*EFS_NIST256+1],z0[EFS_NIST256],z1[EFS_NIST256],key[AESKEY_NIST256],salt[40],pw[40]; - octet S0= {0,sizeof(s0),s0}; - octet S1= {0,sizeof(s1),s1}; - octet W0= {0,sizeof(w0),w0}; - octet W1= {0,sizeof(w1),w1}; - octet Z0= {0,sizeof(z0),z0}; - octet Z1= {0,sizeof(z1),z1}; - octet KEY= {0,sizeof(key),key}; - octet SALT= {0,sizeof(salt),salt}; - octet PW= {0,sizeof(pw),pw}; - - SALT.len=8; - for (i=0; i<8; i++) SALT.val[i]=i+1; // set Salt - - printf("Alice's Passphrase= %s\n",pp); - - OCT_empty(&PW); - OCT_jstring(&PW,pp); // set Password from string - - // private key S0 of size EGS_NIST256 bytes derived from Password and Salt - - PBKDF2(HASH_TYPE_NIST256,&PW,&SALT,1000,EGS_NIST256,&S0); - - printf("Alices private key= 0x"); - OCT_output(&S0); - - // Generate Key pair S/W - - ECP_NIST256_KEY_PAIR_GENERATE(NULL,&S0,&W0); - printf("Alices public key= 0x"); - OCT_output(&W0); - - res=ECP_NIST256_PUBLIC_KEY_VALIDATE(&W0); - if (res!=0) - { - printf("ECP Public Key is invalid!\n"); - return 0; - } - - // Random private key for other party - ECP_NIST256_KEY_PAIR_GENERATE(RNG,&S1,&W1); - res=ECP_NIST256_PUBLIC_KEY_VALIDATE(&W1); - if (res!=0) - { - printf("ECP Public Key is invalid!\n"); - return 0; - } - printf("Servers private key= 0x"); - OCT_output(&S1); - printf("Servers public key= 0x"); - OCT_output(&W1); - - // Calculate common key using DH - IEEE 1363 method - - ECP_NIST256_SVDP_DH(&S0,&W1,&Z0); - ECP_NIST256_SVDP_DH(&S1,&W0,&Z1); - - if (!OCT_comp(&Z0,&Z1)) - { - printf("*** ECPSVDP-DH Failed\n"); - return 0; - } - - KDF2(HASH_TYPE_NIST256,&Z0,NULL,AESKEY_NIST256,&KEY); - - printf("Alice's DH Key= 0x"); - OCT_output(&KEY); - printf("Servers DH Key= 0x"); - OCT_output(&KEY); - -#if CURVETYPE_NIST256 != MONTGOMERY - - char ds[EGS_NIST256],p1[30],p2[30],v[2*EFS_NIST256+1],m[32],c[64],t[32],cs[EGS_NIST256]; - octet DS= {0,sizeof(ds),ds}; - octet CS= {0,sizeof(cs),cs}; - octet P1= {0,sizeof(p1),p1}; - octet P2= {0,sizeof(p2),p2}; - octet V= {0,sizeof(v),v}; - octet M= {0,sizeof(m),m}; - octet C= {0,sizeof(c),c}; - octet T= {0,sizeof(t),t}; - - printf("Testing ECIES\n"); - - P1.len=3; - P1.val[0]=0x0; - P1.val[1]=0x1; - P1.val[2]=0x2; - P2.len=4; - P2.val[0]=0x0; - P2.val[1]=0x1; - P2.val[2]=0x2; - P2.val[3]=0x3; - - M.len=17; - for (i=0; i<=16; i++) M.val[i]=i; - - ECP_NIST256_ECIES_ENCRYPT(HASH_TYPE_NIST256,&P1,&P2,RNG,&W1,&M,12,&V,&C,&T); - - printf("Ciphertext= \n"); - printf("V= 0x"); - OCT_output(&V); - printf("C= 0x"); - OCT_output(&C); - printf("T= 0x"); - OCT_output(&T); - - if (!ECP_NIST256_ECIES_DECRYPT(HASH_TYPE_NIST256,&P1,&P2,&V,&C,&T,&S1,&M)) - { - printf("*** ECIES Decryption Failed\n"); - return 0; - } - else printf("Decryption succeeded\n"); - - printf("Message is 0x"); - OCT_output(&M); - - - printf("Testing ECDSA\n"); - - if (ECP_NIST256_SP_DSA(HASH_TYPE_NIST256,RNG,NULL,&S0,&M,&CS,&DS)!=0) - { - printf("***ECDSA Signature Failed\n"); - return 0; - } - - printf("Signature C = 0x"); - OCT_output(&CS); - printf("Signature D = 0x"); - OCT_output(&DS); - - if (ECP_NIST256_VP_DSA(HASH_TYPE_NIST256,&W0,&M,&CS,&DS)!=0) - { - printf("***ECDSA Verification Failed\n"); - return 0; - } - else - { - printf("ECDSA Signature/Verification succeeded\n"); - } - -#endif - - return 0; -} - -int ecdh_GOLDILOCKS(csprng *RNG) -{ - int i,res; - unsigned long ran; - char *pp="M0ng00se"; - // These octets are automatically protected against buffer overflow attacks - // Note salt must be big enough to include an appended word - // Note ECIES ciphertext C must be big enough to include at least 1 appended block - // Recall EFS_GOLDILOCKS is field size in bytes. So EFS_GOLDILOCKS=32 for 256-bit curve - char s0[2*EGS_GOLDILOCKS],s1[EGS_GOLDILOCKS],w0[2*EFS_GOLDILOCKS+1],w1[2*EFS_GOLDILOCKS+1],z0[EFS_GOLDILOCKS],z1[EFS_GOLDILOCKS],key[AESKEY_GOLDILOCKS],salt[40],pw[40]; - octet S0= {0,sizeof(s0),s0}; - octet S1= {0,sizeof(s1),s1}; - octet W0= {0,sizeof(w0),w0}; - octet W1= {0,sizeof(w1),w1}; - octet Z0= {0,sizeof(z0),z0}; - octet Z1= {0,sizeof(z1),z1}; - octet KEY= {0,sizeof(key),key}; - octet SALT= {0,sizeof(salt),salt}; - octet PW= {0,sizeof(pw),pw}; - - SALT.len=8; - for (i=0; i<8; i++) SALT.val[i]=i+1; // set Salt - - printf("Alice's Passphrase= %s\n",pp); - - OCT_empty(&PW); - OCT_jstring(&PW,pp); // set Password from string - - // private key S0 of size EGS_GOLDILOCKS bytes derived from Password and Salt - - PBKDF2(HASH_TYPE_GOLDILOCKS,&PW,&SALT,1000,EGS_GOLDILOCKS,&S0); - - printf("Alices private key= 0x"); - OCT_output(&S0); - - // Generate Key pair S/W - - ECP_GOLDILOCKS_KEY_PAIR_GENERATE(NULL,&S0,&W0); - printf("Alices public key= 0x"); - OCT_output(&W0); - - res=ECP_GOLDILOCKS_PUBLIC_KEY_VALIDATE(&W0); - if (res!=0) - { - printf("ECP Public Key is invalid!\n"); - return 0; - } - - // Random private key for other party - ECP_GOLDILOCKS_KEY_PAIR_GENERATE(RNG,&S1,&W1); - res=ECP_GOLDILOCKS_PUBLIC_KEY_VALIDATE(&W1); - if (res!=0) - { - printf("ECP Public Key is invalid!\n"); - return 0; - } - printf("Servers private key= 0x"); - OCT_output(&S1); - printf("Servers public key= 0x"); - OCT_output(&W1); - - // Calculate common key using DH - IEEE 1363 method - - ECP_GOLDILOCKS_SVDP_DH(&S0,&W1,&Z0); - ECP_GOLDILOCKS_SVDP_DH(&S1,&W0,&Z1); - - if (!OCT_comp(&Z0,&Z1)) - { - printf("*** ECPSVDP-DH Failed\n"); - return 0; - } - - KDF2(HASH_TYPE_GOLDILOCKS,&Z0,NULL,AESKEY_GOLDILOCKS,&KEY); - - printf("Alice's DH Key= 0x"); - OCT_output(&KEY); - printf("Servers DH Key= 0x"); - OCT_output(&KEY); - -#if CURVETYPE_GOLDILOCKS != MONTGOMERY - - char ds[EGS_GOLDILOCKS],p1[30],p2[30],v[2*EFS_GOLDILOCKS+1],m[32],c[64],t[32],cs[EGS_GOLDILOCKS]; - octet DS= {0,sizeof(ds),ds}; - octet CS= {0,sizeof(cs),cs}; - octet P1= {0,sizeof(p1),p1}; - octet P2= {0,sizeof(p2),p2}; - octet V= {0,sizeof(v),v}; - octet M= {0,sizeof(m),m}; - octet C= {0,sizeof(c),c}; - octet T= {0,sizeof(t),t}; - - printf("Testing ECIES\n"); - - P1.len=3; - P1.val[0]=0x0; - P1.val[1]=0x1; - P1.val[2]=0x2; - P2.len=4; - P2.val[0]=0x0; - P2.val[1]=0x1; - P2.val[2]=0x2; - P2.val[3]=0x3; - - M.len=17; - for (i=0; i<=16; i++) M.val[i]=i; - - ECP_GOLDILOCKS_ECIES_ENCRYPT(HASH_TYPE_GOLDILOCKS,&P1,&P2,RNG,&W1,&M,12,&V,&C,&T); - - printf("Ciphertext= \n"); - printf("V= 0x"); - OCT_output(&V); - printf("C= 0x"); - OCT_output(&C); - printf("T= 0x"); - OCT_output(&T); - - if (!ECP_GOLDILOCKS_ECIES_DECRYPT(HASH_TYPE_GOLDILOCKS,&P1,&P2,&V,&C,&T,&S1,&M)) - { - printf("*** ECIES Decryption Failed\n"); - return 0; - } - else printf("Decryption succeeded\n"); - - printf("Message is 0x"); - OCT_output(&M); - - - printf("Testing ECDSA\n"); - - if (ECP_GOLDILOCKS_SP_DSA(HASH_TYPE_GOLDILOCKS,RNG,NULL,&S0,&M,&CS,&DS)!=0) - { - printf("***ECDSA Signature Failed\n"); - return 0; - } - - printf("Signature C = 0x"); - OCT_output(&CS); - printf("Signature D = 0x"); - OCT_output(&DS); - - if (ECP_GOLDILOCKS_VP_DSA(HASH_TYPE_GOLDILOCKS,&W0,&M,&CS,&DS)!=0) - { - printf("***ECDSA Verification Failed\n"); - return 0; - } - else - { - printf("ECDSA Signature/Verification succeeded\n"); - } - -#endif - - return 0; -} -#endif - -#define PERMITS // for time permits ON or OFF -#define PINERROR // For PIN ERROR detection ON or OFF -#define FULL // for M-Pin Full or M-Pin regular - -int mpin_BN254(csprng *RNG) -{ - int i,pin,rtn,err; -#ifdef PERMITS - int date=today(); -#else - int date=0; -#endif - unsigned long ran; - char x[PGS_BN254],s[PGS_BN254],y[PGS_BN254],client_id[100],sst[4*PFS_BN254],token[2*PFS_BN254+1],sec[2*PFS_BN254+1],permit[2*PFS_BN254+1],xcid[2*PFS_BN254+1],xid[2*PFS_BN254+1],e[12*PFS_BN254],f[12*PFS_BN254]; - char hcid[PFS_BN254],hsid[PFS_BN254],hid[2*PFS_BN254+1],htid[2*PFS_BN254+1],h[PGS_BN254]; -#ifdef FULL - char r[PGS_BN254],z[2*PFS_BN254+1],w[PGS_BN254],t[2*PFS_BN254+1]; - char g1[12*PFS_BN254],g2[12*PFS_BN254]; - char ck[AESKEY_BN254],sk[AESKEY_BN254]; -#endif - octet S= {0,sizeof(s),s}; - octet X= {0,sizeof(x),x}; - octet Y= {0,sizeof(y),y}; - octet H= {0,sizeof(h),h}; - octet CLIENT_ID= {0,sizeof(client_id),client_id}; - octet SST= {0,sizeof(sst),sst}; - octet TOKEN= {0,sizeof(token),token}; - octet SEC= {0,sizeof(sec),sec}; - octet PERMIT= {0,sizeof(permit),permit}; - octet xCID= {0,sizeof(xcid),xcid}; - octet xID= {0,sizeof(xid),xid}; - octet HCID= {0,sizeof(hcid),hcid}; - octet HSID= {0,sizeof(hsid),hsid}; - octet HID= {0,sizeof(hid),hid}; - octet HTID= {0,sizeof(htid),htid}; - octet E= {0,sizeof(e),e}; - octet F= {0,sizeof(f),f}; -#ifdef FULL - octet R= {0,sizeof(r),r}; - octet Z= {0,sizeof(z),z}; - octet W= {0,sizeof(w),w}; - octet T= {0,sizeof(t),t}; - octet G1= {0,sizeof(g1),g1}; - octet G2= {0,sizeof(g2),g2}; - octet SK= {0,sizeof(sk),sk}; - octet CK= {0,sizeof(ck),ck}; -#endif - octet *pxID,*pxCID,*pHID,*pHTID,*pE,*pF,*pPERMIT,*prHID; - char idhex[100]; - - // Trusted Authority set-up - MPIN_BN254_RANDOM_GENERATE(RNG,&S); - printf("Master Secret= "); - OCT_output(&S); - - // Create Client Identity - OCT_jstring(&CLIENT_ID,"[email protected]"); - HASH_ID(HASH_TYPE_BN254,&CLIENT_ID,&HCID); // Either Client or TA calculates Hash(ID) - you decide! - - printf("Client ID Hash= "); - OCT_output(&HCID); - printf("\n"); - - OCT_toHex(&CLIENT_ID,idhex); - printf("Client ID= %s\n",idhex);// OCT_toHex(&CLIENT_ID); printf("\n"); - - MPIN_BN254_GET_CLIENT_SECRET(&S,&HCID,&TOKEN); - printf("Client Secret= "); - OCT_output(&TOKEN); - -// Client and Server are issued secrets by DTA - MPIN_BN254_GET_SERVER_SECRET(&S,&SST); - printf("Server Secret= "); - OCT_output(&SST); - - - - // Client extracts PIN from secret to create Token - pin=1234; - printf("Client extracts PIN= %d\n",pin); - MPIN_BN254_EXTRACT_PIN(HASH_TYPE_BN254,&CLIENT_ID,pin,&TOKEN); - printf("Client Token= "); - OCT_output(&TOKEN); - -#ifdef FULL - MPIN_BN254_PRECOMPUTE(&TOKEN,&HCID,NULL,&G1,&G2); -#endif - -#ifdef PERMITS - // Client gets "Time Permit" from DTA - printf("Client gets Time Permit\n"); - - MPIN_BN254_GET_CLIENT_PERMIT(HASH_TYPE_BN254,date,&S,&HCID,&PERMIT); - printf("Time Permit= "); - OCT_output(&PERMIT); - - // This encoding makes Time permit look random - if (MPIN_BN254_ENCODING(RNG,&PERMIT)!=0) printf("Encoding error\n"); - // printf("Encoded Time Permit= "); OCT_output(&PERMIT); - if (MPIN_BN254_DECODING(&PERMIT)!=0) printf("Decoding error\n"); - // printf("Decoded Time Permit= "); OCT_output(&PERMIT); -#endif - - // MPin Protocol - - // Client enters PIN - printf("\nPIN= "); - if(scanf("%d",&pin)) {}; - // to avoid silly compile error - getchar(); - - // Set date=0 and PERMIT=NULL if time permits not in use - - // Client First pass: Inputs CLIENT_ID, optional RNG, pin, TOKEN and PERMIT. Output xID = x.H(CLIENT_ID) and re-combined secret SEC - // If PERMITS are is use, then date!=0 and PERMIT is added to secret and xCID = x.(H(CLIENT_ID)+H(date|H(CLIENT_ID))) - // Random value x is supplied externally if RNG=NULL, otherwise generated and passed out by RNG - - // HSID - hashed client ID as calculated by the server - // HCID - hashed client ID as calculated by the client - - // IMPORTANT: To save space and time.. - // If Time Permits OFF set xCID = NULL, HTID=NULL and use xID and HID only - // If Time permits are ON, AND pin error detection is required then all of xID, xCID, HID and HTID are required - // If Time permits are ON, AND pin error detection is NOT required, set xID=NULL, HID=NULL and use xCID and HTID only. - - - - pxID=&xID; - pxCID=&xCID; - pHID=&HID; - pHTID=&HTID; - pE=&E; - pF=&F; - pPERMIT=&PERMIT; - -#ifdef PERMITS - prHID=pHTID; -#ifndef PINERROR - pxID=NULL; -// pHID=NULL; //new -#endif -#else - prHID=pHID; - pPERMIT=NULL; - pxCID=NULL; - pHTID=NULL; -#endif -#ifndef PINERROR - pE=NULL; - pF=NULL; -#endif - - // When set only send hashed IDs to server - octet *pID; -#ifdef USE_ANONYMOUS - pID = &HCID; -#else - pID = &CLIENT_ID; -#endif - -#ifdef SINGLE_PASS - int timeValue; - printf("MPIN Single Pass\n"); - timeValue = MPIN_BN254_GET_TIME(); - - rtn=MPIN_BN254_CLIENT(HASH_TYPE_BN254,date,&CLIENT_ID,RNG,&X,pin,&TOKEN,&SEC,pxID,pxCID,pPERMIT,NULL,timeValue,&Y); - - if (rtn != 0) - { - printf("MPIN_BN254_CLIENT ERROR %d\n", rtn); - return 1; - } - -#ifdef FULL - MPIN_BN254_GET_G1_MULTIPLE(RNG,1,&R,&HCID,&Z); // Also Send Z=r.ID to Server, remember random r -#endif - - - rtn=MPIN_BN254_SERVER(HASH_TYPE_BN254,date,pHID,pHTID,&Y,&SST,pxID,pxCID,&SEC,pE,pF,pID,NULL,timeValue,NULL); - -#ifdef FULL - HASH_ID(HASH_TYPE_BN254,&CLIENT_ID,&HSID); // new - MPIN_BN254_GET_G1_MULTIPLE(RNG,0,&W,prHID,&T); // Also send T=w.ID to client, remember random w -#endif - -#else // SINGLE_PASS - printf("MPIN Multi Pass\n"); - if (MPIN_BN254_CLIENT_1(HASH_TYPE_BN254,date,&CLIENT_ID,RNG,&X,pin,&TOKEN,&SEC,pxID,pxCID,pPERMIT)!=0) - { - printf("Error from Client side - First Pass\n"); - return 0; - } - - // Send U=x.ID to server, and recreate secret from token and pin - -#ifdef FULL - HASH_ID(HASH_TYPE_BN254,&CLIENT_ID,&HCID); - MPIN_BN254_GET_G1_MULTIPLE(RNG,1,&R,&HCID,&Z); // Also Send Z=r.ID to Server, remember random r, DH component -#endif - - // Server calculates H(ID) and H(ID)+H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. - MPIN_BN254_SERVER_1(HASH_TYPE_BN254,date,pID,pHID,pHTID); - - // Server generates Random number Y and sends it to Client - MPIN_BN254_RANDOM_GENERATE(RNG,&Y); - -#ifdef FULL - HASH_ID(HASH_TYPE_BN254,&CLIENT_ID,&HSID); //new - MPIN_BN254_GET_G1_MULTIPLE(RNG,0,&W,prHID,&T); // Also send T=w.ID to client, remember random w, DH component -#endif - - // Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC - if (MPIN_BN254_CLIENT_2(&X,&Y,&SEC)!=0) - { - printf("Error from Client side - Second Pass\n"); - return 1; - } - - // Server Second phase. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error. - // If PIN error not required, set E and F = NULL - rtn=MPIN_BN254_SERVER_2(date,pHID,pHTID,&Y,&SST,pxID,pxCID,&SEC,pE,pF,NULL); -#endif // SINGLE_PASS - - if (rtn!=0) - { - printf("Server says - Bad Pin.\n"); -#ifdef PINERROR - - err=MPIN_BN254_KANGAROO(&E,&F); - if (err) printf("(Client PIN is out by %d)\n",err); - -#endif - return 1; - } - else - { - printf("Server says - PIN is good! You really are "); - OCT_output_string(&CLIENT_ID); - printf(".\n"); - } - -#ifdef FULL - - HASH_ALL(HASH_TYPE_BN254,&HCID,pxID,pxCID,&SEC,&Y,&Z,&T,&H); // new - MPIN_BN254_CLIENT_KEY(HASH_TYPE_BN254,&G1,&G2,pin,&R,&X,&H,&T,&CK); // new H - printf("Client Key = "); - OCT_output(&CK); - - HASH_ALL(HASH_TYPE_BN254,&HSID,pxID,pxCID,&SEC,&Y,&Z,&T,&H); - MPIN_BN254_SERVER_KEY(HASH_TYPE_BN254,&Z,&SST,&W,&H,pHID,pxID,pxCID,&SK); // new H,pHID - printf("Server Key = "); - OCT_output(&SK); -#endif - return 0; -} - -#if CHUNK==32 || CHUNK==64 - -int mpin_BLS383(csprng *RNG) -{ - int i,pin,rtn,err; -#ifdef PERMITS - int date=today(); -#else - int date=0; -#endif - unsigned long ran; - char x[PGS_BLS383],s[PGS_BLS383],y[PGS_BLS383],client_id[100],sst[4*PFS_BLS383],token[2*PFS_BLS383+1],sec[2*PFS_BLS383+1],permit[2*PFS_BLS383+1],xcid[2*PFS_BLS383+1],xid[2*PFS_BLS383+1],e[12*PFS_BLS383],f[12*PFS_BLS383]; - char hcid[PFS_BLS383],hsid[PFS_BLS383],hid[2*PFS_BLS383+1],htid[2*PFS_BLS383+1],h[PGS_BLS383]; -#ifdef FULL - char r[PGS_BLS383],z[2*PFS_BLS383+1],w[PGS_BLS383],t[2*PFS_BLS383+1]; - char g1[12*PFS_BLS383],g2[12*PFS_BLS383]; - char ck[AESKEY_BLS383],sk[AESKEY_BLS383]; -#endif - octet S= {0,sizeof(s),s}; - octet X= {0,sizeof(x),x}; - octet Y= {0,sizeof(y),y}; - octet H= {0,sizeof(h),h}; - octet CLIENT_ID= {0,sizeof(client_id),client_id}; - octet SST= {0,sizeof(sst),sst}; - octet TOKEN= {0,sizeof(token),token}; - octet SEC= {0,sizeof(sec),sec}; - octet PERMIT= {0,sizeof(permit),permit}; - octet xCID= {0,sizeof(xcid),xcid}; - octet xID= {0,sizeof(xid),xid}; - octet HCID= {0,sizeof(hcid),hcid}; - octet HSID= {0,sizeof(hsid),hsid}; - octet HID= {0,sizeof(hid),hid}; - octet HTID= {0,sizeof(htid),htid}; - octet E= {0,sizeof(e),e}; - octet F= {0,sizeof(f),f}; -#ifdef FULL - octet R= {0,sizeof(r),r}; - octet Z= {0,sizeof(z),z}; - octet W= {0,sizeof(w),w}; - octet T= {0,sizeof(t),t}; - octet G1= {0,sizeof(g1),g1}; - octet G2= {0,sizeof(g2),g2}; - octet SK= {0,sizeof(sk),sk}; - octet CK= {0,sizeof(ck),ck}; -#endif - octet *pxID,*pxCID,*pHID,*pHTID,*pE,*pF,*pPERMIT,*prHID; - char idhex[100]; - - // Trusted Authority set-up - MPIN_BLS383_RANDOM_GENERATE(RNG,&S); - printf("Master Secret= "); - OCT_output(&S); - - // Create Client Identity - OCT_jstring(&CLIENT_ID,"[email protected]"); - HASH_ID(HASH_TYPE_BLS383,&CLIENT_ID,&HCID); // Either Client or TA calculates Hash(ID) - you decide! - - printf("Client ID Hash= "); - OCT_output(&HCID); - printf("\n"); - - OCT_toHex(&CLIENT_ID,idhex); - printf("Client ID= %s\n",idhex);// OCT_toHex(&CLIENT_ID); printf("\n"); - - MPIN_BLS383_GET_CLIENT_SECRET(&S,&HCID,&TOKEN); - printf("Client Secret= "); - OCT_output(&TOKEN); - -// Client and Server are issued secrets by DTA - MPIN_BLS383_GET_SERVER_SECRET(&S,&SST); - printf("Server Secret= "); - OCT_output(&SST); - - - - // Client extracts PIN from secret to create Token - pin=1234; - printf("Client extracts PIN= %d\n",pin); - MPIN_BLS383_EXTRACT_PIN(HASH_TYPE_BLS383,&CLIENT_ID,pin,&TOKEN); - printf("Client Token= "); - OCT_output(&TOKEN); - -#ifdef FULL - MPIN_BLS383_PRECOMPUTE(&TOKEN,&HCID,NULL,&G1,&G2); -#endif - -#ifdef PERMITS - // Client gets "Time Permit" from DTA - printf("Client gets Time Permit\n"); - - MPIN_BLS383_GET_CLIENT_PERMIT(HASH_TYPE_BLS383,date,&S,&HCID,&PERMIT); - printf("Time Permit= "); - OCT_output(&PERMIT); - - // This encoding makes Time permit look random - if (MPIN_BLS383_ENCODING(RNG,&PERMIT)!=0) printf("Encoding error\n"); - // printf("Encoded Time Permit= "); OCT_output(&PERMIT); - if (MPIN_BLS383_DECODING(&PERMIT)!=0) printf("Decoding error\n"); - // printf("Decoded Time Permit= "); OCT_output(&PERMIT); -#endif - - // MPin Protocol - - // Client enters PIN - printf("\nPIN= "); - if(scanf("%d",&pin)) {}; - // to avoid silly compile error - getchar(); - - // Set date=0 and PERMIT=NULL if time permits not in use - - // Client First pass: Inputs CLIENT_ID, optional RNG, pin, TOKEN and PERMIT. Output xID = x.H(CLIENT_ID) and re-combined secret SEC - // If PERMITS are is use, then date!=0 and PERMIT is added to secret and xCID = x.(H(CLIENT_ID)+H(date|H(CLIENT_ID))) - // Random value x is supplied externally if RNG=NULL, otherwise generated and passed out by RNG - - // HSID - hashed client ID as calculated by the server - // HCID - hashed client ID as calculated by the client - - // IMPORTANT: To save space and time.. - // If Time Permits OFF set xCID = NULL, HTID=NULL and use xID and HID only - // If Time permits are ON, AND pin error detection is required then all of xID, xCID, HID and HTID are required - // If Time permits are ON, AND pin error detection is NOT required, set xID=NULL, HID=NULL and use xCID and HTID only. - - - - pxID=&xID; - pxCID=&xCID; - pHID=&HID; - pHTID=&HTID; - pE=&E; - pF=&F; - pPERMIT=&PERMIT; - -#ifdef PERMITS - prHID=pHTID; -#ifndef PINERROR - pxID=NULL; -// pHID=NULL; //new -#endif -#else - prHID=pHID; - pPERMIT=NULL; - pxCID=NULL; - pHTID=NULL; -#endif -#ifndef PINERROR - pE=NULL; - pF=NULL; -#endif - - // When set only send hashed IDs to server - octet *pID; -#ifdef USE_ANONYMOUS - pID = &HCID; -#else - pID = &CLIENT_ID; -#endif - -#ifdef SINGLE_PASS - int timeValue; - printf("MPIN Single Pass\n"); - timeValue = MPIN_BLS383_GET_TIME(); - - rtn=MPIN_BLS383_CLIENT(HASH_TYPE_BLS383,date,&CLIENT_ID,RNG,&X,pin,&TOKEN,&SEC,pxID,pxCID,pPERMIT,NULL,timeValue,&Y); - - if (rtn != 0) - { - printf("MPIN_BLS383_CLIENT ERROR %d\n", rtn); - return 1; - } - -#ifdef FULL - MPIN_BLS383_GET_G1_MULTIPLE(RNG,1,&R,&HCID,&Z); // Also Send Z=r.ID to Server, remember random r -#endif - - - rtn=MPIN_BLS383_SERVER(HASH_TYPE_BLS383,date,pHID,pHTID,&Y,&SST,pxID,pxCID,&SEC,pE,pF,pID,NULL,timeValue,NULL); - -#ifdef FULL - HASH_ID(HASH_TYPE_BLS383,&CLIENT_ID,&HSID); // new - MPIN_BLS383_GET_G1_MULTIPLE(RNG,0,&W,prHID,&T); // Also send T=w.ID to client, remember random w -#endif - -#else // SINGLE_PASS - printf("MPIN Multi Pass\n"); - if (MPIN_BLS383_CLIENT_1(HASH_TYPE_BLS383,date,&CLIENT_ID,RNG,&X,pin,&TOKEN,&SEC,pxID,pxCID,pPERMIT)!=0) - { - printf("Error from Client side - First Pass\n"); - return 0; - } - - // Send U=x.ID to server, and recreate secret from token and pin - -#ifdef FULL - HASH_ID(HASH_TYPE_BLS383,&CLIENT_ID,&HCID); - MPIN_BLS383_GET_G1_MULTIPLE(RNG,1,&R,&HCID,&Z); // Also Send Z=r.ID to Server, remember random r, DH component -#endif - - // Server calculates H(ID) and H(ID)+H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. - MPIN_BLS383_SERVER_1(HASH_TYPE_BLS383,date,pID,pHID,pHTID); - - // Server generates Random number Y and sends it to Client - MPIN_BLS383_RANDOM_GENERATE(RNG,&Y); - -#ifdef FULL - HASH_ID(HASH_TYPE_BLS383,&CLIENT_ID,&HSID); //new - MPIN_BLS383_GET_G1_MULTIPLE(RNG,0,&W,prHID,&T); // Also send T=w.ID to client, remember random w, DH component -#endif - - // Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC - if (MPIN_BLS383_CLIENT_2(&X,&Y,&SEC)!=0) - { - printf("Error from Client side - Second Pass\n"); - return 1; - } - - // Server Second phase. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error. - // If PIN error not required, set E and F = NULL - rtn=MPIN_BLS383_SERVER_2(date,pHID,pHTID,&Y,&SST,pxID,pxCID,&SEC,pE,pF,NULL); -#endif // SINGLE_PASS - - if (rtn!=0) - { - printf("Server says - Bad Pin.\n"); -#ifdef PINERROR - - err=MPIN_BLS383_KANGAROO(&E,&F); - if (err) printf("(Client PIN is out by %d)\n",err); - -#endif - return 1; - } - else - { - printf("Server says - PIN is good! You really are "); - OCT_output_string(&CLIENT_ID); - printf(".\n"); - } - -#ifdef FULL - - HASH_ALL(HASH_TYPE_BLS383,&HCID,pxID,pxCID,&SEC,&Y,&Z,&T,&H); // new - MPIN_BLS383_CLIENT_KEY(HASH_TYPE_BLS383,&G1,&G2,pin,&R,&X,&H,&T,&CK); // new H - printf("Client Key = "); - OCT_output(&CK); - - HASH_ALL(HASH_TYPE_BLS383,&HSID,pxID,pxCID,&SEC,&Y,&Z,&T,&H); - MPIN_BLS383_SERVER_KEY(HASH_TYPE_BLS383,&Z,&SST,&W,&H,pHID,pxID,pxCID,&SK); // new H,pHID - printf("Server Key = "); - OCT_output(&SK); -#endif - return 0; -} - - -int mpin192_BLS24(csprng *RNG) -{ - int i,pin,rtn,err; -#ifdef PERMITS - int date=today(); -#else - int date=0; -#endif - unsigned long ran; - char x[PGS_BLS24],s[PGS_BLS24],y[PGS_BLS24],client_id[100],sst[8*PFS_BLS24],token[2*PFS_BLS24+1],sec[2*PFS_BLS24+1],permit[2*PFS_BLS24+1],xcid[2*PFS_BLS24+1],xid[2*PFS_BLS24+1],e[24*PFS_BLS24],f[24*PFS_BLS24]; - char hcid[PFS_BLS24],hsid[PFS_BLS24],hid[2*PFS_BLS24+1],htid[2*PFS_BLS24+1],h[PGS_BLS24]; -#ifdef FULL - char r[PGS_BLS24],z[2*PFS_BLS24+1],w[PGS_BLS24],t[2*PFS_BLS24+1]; - char g1[24*PFS_BLS24],g2[24*PFS_BLS24]; - char ck[AESKEY_BLS24],sk[AESKEY_BLS24]; -#endif - octet S= {0,sizeof(s),s}; - octet X= {0,sizeof(x),x}; - octet Y= {0,sizeof(y),y}; - octet H= {0,sizeof(h),h}; - octet CLIENT_ID= {0,sizeof(client_id),client_id}; - octet SST= {0,sizeof(sst),sst}; - octet TOKEN= {0,sizeof(token),token}; - octet SEC= {0,sizeof(sec),sec}; - octet PERMIT= {0,sizeof(permit),permit}; - octet xCID= {0,sizeof(xcid),xcid}; - octet xID= {0,sizeof(xid),xid}; - octet HCID= {0,sizeof(hcid),hcid}; - octet HSID= {0,sizeof(hsid),hsid}; - octet HID= {0,sizeof(hid),hid}; - octet HTID= {0,sizeof(htid),htid}; - octet E= {0,sizeof(e),e}; - octet F= {0,sizeof(f),f}; -#ifdef FULL - octet R= {0,sizeof(r),r}; - octet Z= {0,sizeof(z),z}; - octet W= {0,sizeof(w),w}; - octet T= {0,sizeof(t),t}; - octet G1= {0,sizeof(g1),g1}; - octet G2= {0,sizeof(g2),g2}; - octet SK= {0,sizeof(sk),sk}; - octet CK= {0,sizeof(ck),ck}; -#endif - octet *pxID,*pxCID,*pHID,*pHTID,*pE,*pF,*pPERMIT,*prHID; - char idhex[100]; - - // Trusted Authority set-up - MPIN_BLS24_RANDOM_GENERATE(RNG,&S); - printf("Master Secret= "); - OCT_output(&S); - - // Create Client Identity - OCT_jstring(&CLIENT_ID,"[email protected]"); - HASH_ID(HASH_TYPE_BLS24,&CLIENT_ID,&HCID); // Either Client or TA calculates Hash(ID) - you decide! - - printf("Client ID Hash= "); - OCT_output(&HCID); - printf("\n"); - - OCT_toHex(&CLIENT_ID,idhex); - printf("Client ID= %s\n",idhex);// OCT_toHex(&CLIENT_ID); printf("\n"); - - MPIN_BLS24_GET_CLIENT_SECRET(&S,&HCID,&TOKEN); - printf("Client Secret= "); - OCT_output(&TOKEN); - -// Client and Server are issued secrets by DTA - MPIN_BLS24_GET_SERVER_SECRET(&S,&SST); - printf("Server Secret= "); - OCT_output(&SST); - - - - // Client extracts PIN from secret to create Token - pin=1234; - printf("Client extracts PIN= %d\n",pin); - MPIN_BLS24_EXTRACT_PIN(HASH_TYPE_BLS24,&CLIENT_ID,pin,&TOKEN); - printf("Client Token= "); - OCT_output(&TOKEN); - -#ifdef FULL - MPIN_BLS24_PRECOMPUTE(&TOKEN,&HCID,NULL,&G1,&G2); -#endif - -#ifdef PERMITS - // Client gets "Time Permit" from DTA - printf("Client gets Time Permit\n"); - - MPIN_BLS24_GET_CLIENT_PERMIT(HASH_TYPE_BLS24,date,&S,&HCID,&PERMIT); - printf("Time Permit= "); - OCT_output(&PERMIT); - - // This encoding makes Time permit look random - if (MPIN_BLS24_ENCODING(RNG,&PERMIT)!=0) printf("Encoding error\n"); - // printf("Encoded Time Permit= "); OCT_output(&PERMIT); - if (MPIN_BLS24_DECODING(&PERMIT)!=0) printf("Decoding error\n"); - // printf("Decoded Time Permit= "); OCT_output(&PERMIT); -#endif - - // MPin Protocol - - // Client enters PIN - printf("\nPIN= "); - if(scanf("%d",&pin)) {}; - // to avoid silly compile error - getchar(); - - // Set date=0 and PERMIT=NULL if time permits not in use - - // Client First pass: Inputs CLIENT_ID, optional RNG, pin, TOKEN and PERMIT. Output xID = x.H(CLIENT_ID) and re-combined secret SEC - // If PERMITS are is use, then date!=0 and PERMIT is added to secret and xCID = x.(H(CLIENT_ID)+H(date|H(CLIENT_ID))) - // Random value x is supplied externally if RNG=NULL, otherwise generated and passed out by RNG - - // HSID - hashed client ID as calculated by the server - // HCID - hashed client ID as calculated by the client - - // IMPORTANT: To save space and time.. - // If Time Permits OFF set xCID = NULL, HTID=NULL and use xID and HID only - // If Time permits are ON, AND pin error detection is required then all of xID, xCID, HID and HTID are required - // If Time permits are ON, AND pin error detection is NOT required, set xID=NULL, HID=NULL and use xCID and HTID only. - - - - pxID=&xID; - pxCID=&xCID; - pHID=&HID; - pHTID=&HTID; - pE=&E; - pF=&F; - pPERMIT=&PERMIT; - -#ifdef PERMITS - prHID=pHTID; -#ifndef PINERROR - pxID=NULL; -// pHID=NULL; //new -#endif -#else - prHID=pHID; - pPERMIT=NULL; - pxCID=NULL; - pHTID=NULL; -#endif -#ifndef PINERROR - pE=NULL; - pF=NULL; -#endif - - // When set only send hashed IDs to server - octet *pID; -#ifdef USE_ANONYMOUS - pID = &HCID; -#else - pID = &CLIENT_ID; -#endif - -#ifdef SINGLE_PASS - int timeValue; - printf("MPIN Single Pass\n"); - timeValue = MPIN_BLS24_GET_TIME(); - - rtn=MPIN_BLS24_CLIENT(HASH_TYPE_BLS24,date,&CLIENT_ID,RNG,&X,pin,&TOKEN,&SEC,pxID,pxCID,pPERMIT,NULL,timeValue,&Y); - - if (rtn != 0) - { - printf("MPIN_BLS24_CLIENT ERROR %d\n", rtn); - return 1; - } - -#ifdef FULL - MPIN_BLS24_GET_G1_MULTIPLE(RNG,1,&R,&HCID,&Z); // Also Send Z=r.ID to Server, remember random r -#endif - - - rtn=MPIN_BLS24_SERVER(HASH_TYPE_BLS24,date,pHID,pHTID,&Y,&SST,pxID,pxCID,&SEC,pE,pF,pID,NULL,timeValue,NULL); - -#ifdef FULL - HASH_ID(HASH_TYPE_BLS24,&CLIENT_ID,&HSID); // new - MPIN_BLS24_GET_G1_MULTIPLE(RNG,0,&W,prHID,&T); // Also send T=w.ID to client, remember random w -#endif - -#else // SINGLE_PASS - printf("MPIN Multi Pass\n"); - if (MPIN_BLS24_CLIENT_1(HASH_TYPE_BLS24,date,&CLIENT_ID,RNG,&X,pin,&TOKEN,&SEC,pxID,pxCID,pPERMIT)!=0) - { - printf("Error from Client side - First Pass\n"); - return 0; - } - - // Send U=x.ID to server, and recreate secret from token and pin - -#ifdef FULL - HASH_ID(HASH_TYPE_BLS24,&CLIENT_ID,&HCID); - MPIN_BLS24_GET_G1_MULTIPLE(RNG,1,&R,&HCID,&Z); // Also Send Z=r.ID to Server, remember random r, DH component -#endif - - // Server calculates H(ID) and H(ID)+H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. - MPIN_BLS24_SERVER_1(HASH_TYPE_BLS24,date,pID,pHID,pHTID); - - // Server generates Random number Y and sends it to Client - MPIN_BLS24_RANDOM_GENERATE(RNG,&Y); - -#ifdef FULL - HASH_ID(HASH_TYPE_BLS24,&CLIENT_ID,&HSID); //new - MPIN_BLS24_GET_G1_MULTIPLE(RNG,0,&W,prHID,&T); // Also send T=w.ID to client, remember random w, DH component -#endif - - // Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC - if (MPIN_BLS24_CLIENT_2(&X,&Y,&SEC)!=0) - { - printf("Error from Client side - Second Pass\n"); - return 1; - } - - // Server Second phase. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error. - // If PIN error not required, set E and F = NULL - rtn=MPIN_BLS24_SERVER_2(date,pHID,pHTID,&Y,&SST,pxID,pxCID,&SEC,pE,pF,NULL); -#endif // SINGLE_PASS - - if (rtn!=0) - { - printf("Server says - Bad Pin.\n"); -#ifdef PINERROR - - err=MPIN_BLS24_KANGAROO(&E,&F); - if (err) printf("(Client PIN is out by %d)\n",err); - -#endif - return 1; - } - else - { - printf("Server says - PIN is good! You really are "); - OCT_output_string(&CLIENT_ID); - printf(".\n"); - } - -#ifdef FULL - - HASH_ALL(HASH_TYPE_BLS24,&HCID,pxID,pxCID,&SEC,&Y,&Z,&T,&H); // new - MPIN_BLS24_CLIENT_KEY(HASH_TYPE_BLS24,&G1,&G2,pin,&R,&X,&H,&T,&CK); // new H - printf("Client Key = "); - OCT_output(&CK); - - HASH_ALL(HASH_TYPE_BLS24,&HSID,pxID,pxCID,&SEC,&Y,&Z,&T,&H); - MPIN_BLS24_SERVER_KEY(HASH_TYPE_BLS24,&Z,&SST,&W,&H,pHID,pxID,pxCID,&SK); // new H,pHID - printf("Server Key = "); - OCT_output(&SK); -#endif - return 0; -} - - -int mpin256_BLS48(csprng *RNG) -{ - int i,pin,rtn,err; -#ifdef PERMITS - int date=today(); -#else - int date=0; -#endif - unsigned long ran; - char x[PGS_BLS48],s[PGS_BLS48],y[PGS_BLS48],client_id[100],sst[16*PFS_BLS48],token[2*PFS_BLS48+1],sec[2*PFS_BLS48+1],permit[2*PFS_BLS48+1],xcid[2*PFS_BLS48+1],xid[2*PFS_BLS48+1],e[48*PFS_BLS48],f[48*PFS_BLS48]; - char hcid[PFS_BLS48],hsid[PFS_BLS48],hid[2*PFS_BLS48+1],htid[2*PFS_BLS48+1],h[PGS_BLS48]; -#ifdef FULL - char r[PGS_BLS48],z[2*PFS_BLS48+1],w[PGS_BLS48],t[2*PFS_BLS48+1]; - char g1[48*PFS_BLS48],g2[48*PFS_BLS48]; - char ck[AESKEY_BLS48],sk[AESKEY_BLS48]; -#endif - octet S= {0,sizeof(s),s}; - octet X= {0,sizeof(x),x}; - octet Y= {0,sizeof(y),y}; - octet H= {0,sizeof(h),h}; - octet CLIENT_ID= {0,sizeof(client_id),client_id}; - octet SST= {0,sizeof(sst),sst}; - octet TOKEN= {0,sizeof(token),token}; - octet SEC= {0,sizeof(sec),sec}; - octet PERMIT= {0,sizeof(permit),permit}; - octet xCID= {0,sizeof(xcid),xcid}; - octet xID= {0,sizeof(xid),xid}; - octet HCID= {0,sizeof(hcid),hcid}; - octet HSID= {0,sizeof(hsid),hsid}; - octet HID= {0,sizeof(hid),hid}; - octet HTID= {0,sizeof(htid),htid}; - octet E= {0,sizeof(e),e}; - octet F= {0,sizeof(f),f}; -#ifdef FULL - octet R= {0,sizeof(r),r}; - octet Z= {0,sizeof(z),z}; - octet W= {0,sizeof(w),w}; - octet T= {0,sizeof(t),t}; - octet G1= {0,sizeof(g1),g1}; - octet G2= {0,sizeof(g2),g2}; - octet SK= {0,sizeof(sk),sk}; - octet CK= {0,sizeof(ck),ck}; -#endif - octet *pxID,*pxCID,*pHID,*pHTID,*pE,*pF,*pPERMIT,*prHID; - char idhex[100]; - - // Trusted Authority set-up - MPIN_BLS48_RANDOM_GENERATE(RNG,&S); - printf("Master Secret= "); - OCT_output(&S); - - // Create Client Identity - OCT_jstring(&CLIENT_ID,"[email protected]"); - HASH_ID(HASH_TYPE_BLS48,&CLIENT_ID,&HCID); // Either Client or TA calculates Hash(ID) - you decide! - - printf("Client ID Hash= "); - OCT_output(&HCID); - printf("\n"); - - OCT_toHex(&CLIENT_ID,idhex); - printf("Client ID= %s\n",idhex);// OCT_toHex(&CLIENT_ID); printf("\n"); - - MPIN_BLS48_GET_CLIENT_SECRET(&S,&HCID,&TOKEN); - printf("Client Secret= "); - OCT_output(&TOKEN); - -// Client and Server are issued secrets by DTA - MPIN_BLS48_GET_SERVER_SECRET(&S,&SST); - printf("Server Secret= "); - OCT_output(&SST); - - - - // Client extracts PIN from secret to create Token - pin=1234; - printf("Client extracts PIN= %d\n",pin); - MPIN_BLS48_EXTRACT_PIN(HASH_TYPE_BLS48,&CLIENT_ID,pin,&TOKEN); - printf("Client Token= "); - OCT_output(&TOKEN); - -#ifdef FULL - MPIN_BLS48_PRECOMPUTE(&TOKEN,&HCID,NULL,&G1,&G2); -#endif - -#ifdef PERMITS - // Client gets "Time Permit" from DTA - printf("Client gets Time Permit\n"); - - MPIN_BLS48_GET_CLIENT_PERMIT(HASH_TYPE_BLS48,date,&S,&HCID,&PERMIT); - printf("Time Permit= "); - OCT_output(&PERMIT); - - // This encoding makes Time permit look random - if (MPIN_BLS48_ENCODING(RNG,&PERMIT)!=0) printf("Encoding error\n"); - // printf("Encoded Time Permit= "); OCT_output(&PERMIT); - if (MPIN_BLS48_DECODING(&PERMIT)!=0) printf("Decoding error\n"); - // printf("Decoded Time Permit= "); OCT_output(&PERMIT); -#endif - - // MPin Protocol - - // Client enters PIN - printf("\nPIN= "); - if(scanf("%d",&pin)) {}; - // to avoid silly compile error - getchar(); - - // Set date=0 and PERMIT=NULL if time permits not in use - - // Client First pass: Inputs CLIENT_ID, optional RNG, pin, TOKEN and PERMIT. Output xID = x.H(CLIENT_ID) and re-combined secret SEC - // If PERMITS are is use, then date!=0 and PERMIT is added to secret and xCID = x.(H(CLIENT_ID)+H(date|H(CLIENT_ID))) - // Random value x is supplied externally if RNG=NULL, otherwise generated and passed out by RNG - - // HSID - hashed client ID as calculated by the server - // HCID - hashed client ID as calculated by the client - - // IMPORTANT: To save space and time.. - // If Time Permits OFF set xCID = NULL, HTID=NULL and use xID and HID only - // If Time permits are ON, AND pin error detection is required then all of xID, xCID, HID and HTID are required - // If Time permits are ON, AND pin error detection is NOT required, set xID=NULL, HID=NULL and use xCID and HTID only. - - - - pxID=&xID; - pxCID=&xCID; - pHID=&HID; - pHTID=&HTID; - pE=&E; - pF=&F; - pPERMIT=&PERMIT; - -#ifdef PERMITS - prHID=pHTID; -#ifndef PINERROR - pxID=NULL; -// pHID=NULL; //new -#endif -#else - prHID=pHID; - pPERMIT=NULL; - pxCID=NULL; - pHTID=NULL; -#endif -#ifndef PINERROR - pE=NULL; - pF=NULL; -#endif - - // When set only send hashed IDs to server - octet *pID; -#ifdef USE_ANONYMOUS - pID = &HCID; -#else - pID = &CLIENT_ID; -#endif - -#ifdef SINGLE_PASS - int timeValue; - printf("MPIN Single Pass\n"); - timeValue = MPIN_BLS48_GET_TIME(); - - rtn=MPIN_BLS48_CLIENT(HASH_TYPE_BLS48,date,&CLIENT_ID,RNG,&X,pin,&TOKEN,&SEC,pxID,pxCID,pPERMIT,NULL,timeValue,&Y); - - if (rtn != 0) - { - printf("MPIN_BLS48_CLIENT ERROR %d\n", rtn); - return 1; - } - -#ifdef FULL - MPIN_BLS48_GET_G1_MULTIPLE(RNG,1,&R,&HCID,&Z); // Also Send Z=r.ID to Server, remember random r -#endif - - - rtn=MPIN_BLS48_SERVER(HASH_TYPE_BLS48,date,pHID,pHTID,&Y,&SST,pxID,pxCID,&SEC,pE,pF,pID,NULL,timeValue,NULL); - -#ifdef FULL - HASH_ID(HASH_TYPE_BLS48,&CLIENT_ID,&HSID); // new - MPIN_BLS48_GET_G1_MULTIPLE(RNG,0,&W,prHID,&T); // Also send T=w.ID to client, remember random w -#endif - -#else // SINGLE_PASS - printf("MPIN Multi Pass\n"); - if (MPIN_BLS48_CLIENT_1(HASH_TYPE_BLS48,date,&CLIENT_ID,RNG,&X,pin,&TOKEN,&SEC,pxID,pxCID,pPERMIT)!=0) - { - printf("Error from Client side - First Pass\n"); - return 0; - } - - // Send U=x.ID to server, and recreate secret from token and pin - -#ifdef FULL - HASH_ID(HASH_TYPE_BLS48,&CLIENT_ID,&HCID); - MPIN_BLS48_GET_G1_MULTIPLE(RNG,1,&R,&HCID,&Z); // Also Send Z=r.ID to Server, remember random r, DH component -#endif - - // Server calculates H(ID) and H(ID)+H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. - MPIN_BLS48_SERVER_1(HASH_TYPE_BLS48,date,pID,pHID,pHTID); - - // Server generates Random number Y and sends it to Client - MPIN_BLS48_RANDOM_GENERATE(RNG,&Y); - -#ifdef FULL - HASH_ID(HASH_TYPE_BLS48,&CLIENT_ID,&HSID); //new - MPIN_BLS48_GET_G1_MULTIPLE(RNG,0,&W,prHID,&T); // Also send T=w.ID to client, remember random w, DH component -#endif - - // Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC - if (MPIN_BLS48_CLIENT_2(&X,&Y,&SEC)!=0) - { - printf("Error from Client side - Second Pass\n"); - return 1; - } - - // Server Second phase. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error. - // If PIN error not required, set E and F = NULL - rtn=MPIN_BLS48_SERVER_2(date,pHID,pHTID,&Y,&SST,pxID,pxCID,&SEC,pE,pF,NULL); -#endif // SINGLE_PASS - - if (rtn!=0) - { - printf("Server says - Bad Pin.\n"); -#ifdef PINERROR - - err=MPIN_BLS48_KANGAROO(&E,&F); - if (err) printf("(Client PIN is out by %d)\n",err); - -#endif - return 1; - } - else - { - printf("Server says - PIN is good! You really are "); - OCT_output_string(&CLIENT_ID); - printf(".\n"); - } - -#ifdef FULL - - HASH_ALL(HASH_TYPE_BLS48,&HCID,pxID,pxCID,&SEC,&Y,&Z,&T,&H); // new - MPIN_BLS48_CLIENT_KEY(HASH_TYPE_BLS48,&G1,&G2,pin,&R,&X,&H,&T,&CK); // new H - printf("Client Key = "); - OCT_output(&CK); - - HASH_ALL(HASH_TYPE_BLS48,&HSID,pxID,pxCID,&SEC,&Y,&Z,&T,&H); - MPIN_BLS48_SERVER_KEY(HASH_TYPE_BLS48,&Z,&SST,&W,&H,pHID,pxID,pxCID,&SK); // new H,pHID - printf("Server Key = "); - OCT_output(&SK); -#endif - return 0; -} - - -#endif - -int rsa_2048(csprng *RNG) -{ - int i; - unsigned long ran; - char m[RFS_2048],ml[RFS_2048],c[RFS_2048],e[RFS_2048],s[RFS_2048]; - rsa_public_key_2048 pub; - rsa_private_key_2048 priv; - - octet M= {0,sizeof(m),m}; - octet ML= {0,sizeof(ml),ml}; - octet C= {0,sizeof(c),c}; - octet E= {0,sizeof(e),e}; - octet S= {0,sizeof(s),s}; - - printf("Generating public/private key pair\n"); - RSA_2048_KEY_PAIR(RNG,65537,&priv,&pub,NULL,NULL); - - printf("Encrypting test string\n"); - OCT_jstring(&M,(char *)"Hello World\n"); - - OAEP_ENCODE(HASH_TYPE_RSA_2048,&M,RNG,NULL,&E); // OAEP encode message m to e - - RSA_2048_ENCRYPT(&pub,&E,&C); // encrypt encoded message - printf("Ciphertext= "); - OCT_output(&C); - - printf("Decrypting test string\n"); - RSA_2048_DECRYPT(&priv,&C,&ML); // ... and then decrypt it - - OAEP_DECODE(HASH_TYPE_RSA_2048,NULL,&ML); // decode it - OCT_output_string(&ML); - - printf("Signing message\n"); - PKCS15(HASH_TYPE_RSA_2048,&M,&C); - - RSA_2048_DECRYPT(&priv,&C,&S); // create signature in S - - printf("Signature= "); - OCT_output(&S); - - RSA_2048_ENCRYPT(&pub,&S,&ML); - - if (OCT_comp(&C,&ML)) printf("Signature is valid\n"); - else printf("Signature is INVALID\n"); - - RSA_2048_PRIVATE_KEY_KILL(&priv); - - OCT_clear(&M); - OCT_clear(&ML); // clean up afterwards - OCT_clear(&C); - OCT_clear(&E); - - return 0; -} - - -int main() -{ - int i,res; - unsigned long ran; - - char raw[100]; - octet RAW= {0,sizeof(raw),raw}; - csprng RNG; // Crypto Strong RNG - - time((time_t *)&ran); - - RAW.len=100; // fake random seed source - RAW.val[0]=ran; - RAW.val[1]=ran>>8; - RAW.val[2]=ran>>16; - RAW.val[3]=ran>>24; - for (i=0; i<100; i++) RAW.val[i]=i; - - CREATE_CSPRNG(&RNG,&RAW); // initialise strong RNG - - printf("\nTesting MPIN protocols for curve BN254\n"); - mpin_BN254(&RNG); - -#if CHUNK!=16 - printf("\nTesting MPIN protocols for curve BLS383\n"); - mpin_BLS383(&RNG); - printf("\nTesting MPIN protocols for curve BLS24\n"); - mpin192_BLS24(&RNG); - printf("\nTesting MPIN protocols for curve BLS48\n"); - mpin256_BLS48(&RNG); -#endif - - - printf("\nTesting ECDH protocols for curve ED25519\n"); - ecdh_ED25519(&RNG); -#if CHUNK!=16 - printf("\nTesting ECDH protocols for curve NIST256\n"); - ecdh_NIST256(&RNG); - printf("\nTesting ECDH protocols for curve GOLDILOCKS\n"); - ecdh_GOLDILOCKS(&RNG); -#endif - printf("\nTesting RSA protocols for 2048-bit RSA\n"); - rsa_2048(&RNG); - - KILL_CSPRNG(&RNG); -} -
