http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/c25f9e5c/version22/rust/src/rom32.rs ---------------------------------------------------------------------- diff --git a/version22/rust/src/rom32.rs b/version22/rust/src/rom32.rs new file mode 100644 index 0000000..72f5e00 --- /dev/null +++ b/version22/rust/src/rom32.rs @@ -0,0 +1,349 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +pub type Chunk=i32; +pub type DChunk=i64; +pub const CHUNK:usize=32; + +pub const NOT_SPECIAL:usize =0; +pub const PSEUDO_MERSENNE:usize=1; +pub const MONTGOMERY_FRIENDLY:usize=2; +pub const GENERALISED_MERSENNE:usize=3; +pub const WEIERSTRASS:usize=0; +pub const EDWARDS:usize=1; +pub const MONTGOMERY:usize=2; +pub const BN_CURVE: usize=0; +pub const BLS_CURVE: usize=1; + + +// Curve 25519 +#[cfg(feature = "Ed25519")] +pub const MODBITS: usize = 255; +#[cfg(feature = "Ed25519")] +pub const MOD8: usize = 5; +#[cfg(feature = "Ed25519")] +pub const BASEBITS: usize = 29; +#[cfg(feature = "Ed25519")] +pub const AES_S: usize=0; + +// GOLDILOCKS +#[cfg(feature = "GOLDILOCKS")] +pub const MODBITS: usize=448; +#[cfg(feature = "GOLDILOCKS")] +pub const MOD8: usize=7; +#[cfg(feature = "GOLDILOCKS")] +pub const BASEBITS: usize=29; +#[cfg(feature = "GOLDILOCKS")] +pub const AES_S: usize= 0; + + +// BN254 Curve +#[cfg(feature = "BN254")] +pub const MODBITS:usize = 254; /* Number of bits in Modulus */ +#[cfg(feature = "BN254")] +pub const MOD8:usize = 3; /* Modulus mod 8 */ +#[cfg(feature = "BN254")] +pub const BASEBITS:usize = 29; +#[cfg(feature = "BN254")] +pub const AES_S:usize=0; + +// BLS383 Curve +#[cfg(feature = "BLS383")] +pub const MODBITS:usize = 383; /* Number of bits in Modulus */ +#[cfg(feature = "BLS383")] +pub const MOD8: usize = 3; /* Modulus mod 8 */ +#[cfg(feature = "BLS383")] +pub const BASEBITS:usize = 28; +#[cfg(feature = "BLS383")] +pub const AES_S: usize= 0; + +// BLS455 Curve +#[cfg(feature = "BLS455")] +pub const MODBITS:usize = 455; /* Number of bits in Modulus */ +#[cfg(feature = "BLS455")] +pub const MOD8: usize = 3; /* Modulus mod 8 */ +#[cfg(feature = "BLS455")] +pub const BASEBITS:usize = 29; +#[cfg(feature = "BLS455")] +pub const AES_S: usize= 128; + +//--------------- + +/* RSA/DH modulus length as multiple of BIGBITS */ +pub const FFLEN:usize=4; + +pub const NLEN: usize = (1+((MODBITS-1)/BASEBITS)); +pub const BIG_HEX_STRING_LEN:usize = NLEN * 16 + NLEN - 1; +pub const DNLEN: usize = 2*NLEN; +pub const BMASK: Chunk= ((1<<BASEBITS)-1); +pub const MODBYTES: usize = 1+(MODBITS-1)/8; +pub const NEXCESS:isize = (1<<((CHUNK)-BASEBITS-1)); +pub const FEXCESS:Chunk = ((1 as Chunk)<<(BASEBITS*(NLEN)-MODBITS)); +pub const OMASK:Chunk = (-1)<<(MODBITS%BASEBITS); +pub const TBITS:usize=MODBITS%BASEBITS; // Number of active bits in top word +pub const TMASK:Chunk=(1<<TBITS)-1; +pub const BIGBITS:usize = (MODBYTES*8); +pub const HBITS: usize=(BASEBITS/2); +pub const HMASK: Chunk= ((1<<HBITS)-1); + +/* Finite field support - for RSA, DH etc. */ +pub const FF_BITS:usize=(BIGBITS*FFLEN); /* Finite Field Size in bits - must be 256.2^n */ +pub const HFLEN:usize=(FFLEN/2); /* Useful for half-size RSA private key operations */ + +pub const P_MBITS:usize=(MODBYTES as usize)*8; +pub const P_MB: usize=(P_MBITS%BASEBITS); +pub const P_OMASK:Chunk=((-1)<<(P_MBITS%BASEBITS)); +pub const P_FEXCESS: Chunk=(1<<(BASEBITS*NLEN-P_MBITS)); +pub const P_TBITS: usize=(P_MBITS%BASEBITS); + + +// Curve25519 Modulus +#[cfg(feature = "Ed25519")] +pub const MODTYPE:usize=PSEUDO_MERSENNE; +#[cfg(feature = "Ed25519")] +pub const MODULUS:[Chunk;NLEN]=[0x1FFFFFED,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFFF]; +#[cfg(feature = "Ed25519")] +pub const MCONST:Chunk=19; + +//GOLDILOCKS +#[cfg(feature = "GOLDILOCKS")] +pub const MODTYPE: usize=GENERALISED_MERSENNE; +#[cfg(feature = "GOLDILOCKS")] +pub const MODULUS:[Chunk;NLEN]=[0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FDFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFF]; +#[cfg(feature = "GOLDILOCKS")] +pub const MCONST: Chunk=0x1; + + +// BN254 Curve Modulus +#[cfg(feature = "BN254")] +pub const MODTYPE:usize = NOT_SPECIAL; +#[cfg(feature = "BN254")] +pub const MODULUS:[Chunk;NLEN] = [0x13,0x18000000,0x4E9,0x2000000,0x8612,0x6C00000,0x6E8D1,0x10480000,0x252364]; +#[cfg(feature = "BN254")] +pub const MCONST:Chunk=0x179435E5; + +// BLS383 Curve +#[cfg(feature = "BLS383")] +pub const MODTYPE:usize = NOT_SPECIAL; +#[cfg(feature = "BLS383")] +pub const MODULUS:[Chunk;NLEN] = [0xAAD556B,0xACAAB52,0x5F75D7A,0x1BB0147,0xD5D7520,0xCF73083,0xF99EB16,0x531820,0xA68EA32,0x2C01355,0x552A785,0x5C6105C,0x80A9F7,0x7AC52]; +#[cfg(feature = "BLS383")] +pub const MCONST:Chunk=0x123D0BD; + +// BLS455 Curve +#[cfg(feature = "BLS455")] +pub const MODTYPE:usize = NOT_SPECIAL; +#[cfg(feature = "BLS455")] +pub const MODULUS:[Chunk;NLEN] = [0x2AB,0x1500000C,0xAAA55AA,0xB12AAD6,0x6D1BA6C,0xCCA5674,0x12E2CF6E,0xA9F9662,0x34BD939,0x12D8EAB1,0xFD9978E,0x9240600,0xE0F95B,0xAAB9550,0x55555E5,0xAAAAB]; +#[cfg(feature = "BLS455")] +pub const MCONST:Chunk=0x1F4017FD; + + +// Ed25519 Curve +#[cfg(feature = "Ed25519")] +pub const CURVETYPE:usize=EDWARDS; +#[cfg(feature = "Ed25519")] +pub const CURVE_A:isize = -1; +#[cfg(feature = "Ed25519")] +pub const CURVE_B:[Chunk;NLEN]=[0x135978A3,0xF5A6E50,0x10762ADD,0x149A82,0x1E898007,0x3CBBBC,0x19CE331D,0x1DC56DFF,0x52036C]; +#[cfg(feature = "Ed25519")] +pub const CURVE_ORDER:[Chunk;NLEN]=[0x1CF5D3ED,0x9318D2,0x1DE73596,0x1DF3BD45,0x14D,0x0,0x0,0x0,0x100000]; +#[cfg(feature = "Ed25519")] +pub const CURVE_GX:[Chunk;NLEN]=[0xF25D51A,0xAB16B04,0x969ECB2,0x198EC12A,0xDC5C692,0x1118FEEB,0xFFB0293,0x1A79ADCA,0x216936]; +#[cfg(feature = "Ed25519")] +pub const CURVE_GY:[Chunk;NLEN]=[0x6666658,0x13333333,0x19999999,0xCCCCCCC,0x6666666,0x13333333,0x19999999,0xCCCCCCC,0x666666]; + +// GOLDILOCKS +#[cfg(feature = "GOLDILOCKS")] +pub const CURVETYPE: usize=EDWARDS; +#[cfg(feature = "GOLDILOCKS")] +pub const CURVE_A: isize=1; +#[cfg(feature = "GOLDILOCKS")] +pub const CURVE_ORDER:[Chunk;NLEN]=[0xB5844F3,0x1BC61495,0x1163D548,0x1984E51B,0x3690216,0xDA4D76B,0xFA7113B,0x1FEF9944,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FF]; +#[cfg(feature = "GOLDILOCKS")] +pub const CURVE_B:[Chunk;NLEN]=[0x1FFF6756,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FDFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFF]; +#[cfg(feature = "GOLDILOCKS")] +pub const CURVE_GX:[Chunk;NLEN]=[0x15555555,0xAAAAAAA,0x15555555,0xAAAAAAA,0x15555555,0xAAAAAAA,0x15555555,0x152AAAAA,0xAAAAAAA,0x15555555,0xAAAAAAA,0x15555555,0xAAAAAAA,0x15555555,0xAAAAAAA,0x1555]; +#[cfg(feature = "GOLDILOCKS")] +pub const CURVE_GY:[Chunk;NLEN]=[0xA9386ED,0x1757DE6F,0x13681AF6,0x19657DA3,0x3098BBB,0x12C19D15,0x12E03595,0xE515B18,0x17B7E36D,0x1AC426E,0xDBB5E8,0x10D8560,0x159D6205,0xB8246D9,0x17A58D2B,0x15C0]; + +// BN254 Curve +#[cfg(feature = "BN254")] +pub const CURVETYPE:usize = WEIERSTRASS; +#[cfg(feature = "BN254")] +pub const CURVE_PAIRING_TYPE:usize = BN_CURVE; +#[cfg(feature = "BN254")] +pub const CURVE_A:isize = 0; +#[cfg(feature = "BN254")] +pub const CURVE_B:[Chunk;NLEN]=[0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]; +#[cfg(feature = "BN254")] +pub const CURVE_ORDER:[Chunk;NLEN]=[0xD,0x8000000,0x428,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364]; +#[cfg(feature = "BN254")] +pub const CURVE_GX:[Chunk;NLEN]=[0x12,0x18000000,0x4E9,0x2000000,0x8612,0x6C00000,0x6E8D1,0x10480000,0x252364]; +#[cfg(feature = "BN254")] +pub const CURVE_GY:[Chunk;NLEN]=[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]; + +#[cfg(feature = "BN254")] +pub const CURVE_FRA:[Chunk;NLEN]=[0xF2A6DE9,0xBEF3603,0xFDDF0B8,0x12E9249A,0x953F850,0xDA85423,0x1232D926,0x32425CF,0x1B3776]; +#[cfg(feature = "BN254")] +pub const CURVE_FRB:[Chunk;NLEN]=[0x10D5922A,0xC10C9FC,0x10221431,0xF16DB65,0x16AC8DC1,0x1917ABDC,0xDD40FAA,0xD23DA30,0x9EBEE]; +#[cfg(feature = "BN254")] +pub const CURVE_PXA:[Chunk;NLEN]=[0x803FB2B,0xF721126,0x62FC364,0x9177691,0x1EDB6A46,0x63F4630,0x18BFAE36,0x176A33D6,0x61A10]; +#[cfg(feature = "BN254")] +pub const CURVE_PXB:[Chunk;NLEN]=[0x7D54CF3,0xC61A60F,0xDE12DC3,0x1AE8D75C,0xAA5B1F4,0x13C62CC1,0xCCC42A,0x1F374E6F,0x516AA]; +#[cfg(feature = "BN254")] +pub const CURVE_PYA:[Chunk;NLEN]=[0x11CD2B9A,0xF8703C4,0xF826F46,0x1A15CD7B,0x822329B,0x104B34C6,0xD0E6A43,0x140D75F2,0x21897]; +#[cfg(feature = "BN254")] +pub const CURVE_PYB:[Chunk;NLEN]=[0xB3ACE9B,0x1168D763,0xE7255E2,0xDFFAE,0x18D37B09,0x22B7AF9,0x149A3DB5,0x1CF9162,0xEBB2B]; +#[cfg(feature = "BN254")] +pub const CURVE_BNX:[Chunk;NLEN]=[0x1,0x4000000,0x10,0x0,0x0,0x0,0x0,0x0,0x0]; +#[cfg(feature = "BN254")] +pub const CURVE_COF:[Chunk;NLEN]=[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]; +#[cfg(feature = "BN254")] +pub const CURVE_CRU:[Chunk;NLEN]=[0x7,0xC000000,0x1B3,0x12000000,0x2490,0x11200000,0x126CD,0x0,0x0]; +#[cfg(feature = "BN254")] +pub const CURVE_W:[[Chunk;NLEN];2]=[[0x3,0x0,0x81,0x3000000,0x618,0x0,0x0,0x0,0x0],[0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0]]; +#[cfg(feature = "BN254")] +pub const CURVE_SB:[[[Chunk;NLEN];2];2]=[[[0x4,0x8000000,0xA1,0x3000000,0x618,0x0,0x0,0x0,0x0],[0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0],[0xA,0x8000000,0x3A7,0x1C000000,0x79E1,0x6C00000,0x6E8D1,0x10480000,0x252364]]]; +#[cfg(feature = "BN254")] +pub const CURVE_WB:[[Chunk;NLEN];4]=[[0x0,0x4000000,0x10,0x1000000,0x208,0x0,0x0,0x0,0x0],[0x5,0x14000000,0x152,0xE000000,0x1C70,0xC00000,0xC489,0x0,0x0],[0x3,0xC000000,0xB1,0x7000000,0xE38,0x10600000,0x6244,0x0,0x0],[0x1,0xC000000,0x30,0x1000000,0x208,0x0,0x0,0x0,0x0]]; +#[cfg(feature = "BN254")] +pub const CURVE_BB:[[[Chunk;NLEN];4];4]=[[[0xD,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364],[0xC,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364],[0xC,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364],[0x2,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0],[0xC,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364],[0xD,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364],[0xC,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364]],[[0x2,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x2,0x4000000,0x10,0x0,0x0,0x0,0x0,0x0,0x0],[0x2,0x10000000,0x40,0x0,0x0,0x0,0x0,0x0,0x0],[0xA,0x0,0x408,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364],[0x2,0x4000000,0x10,0x0,0x0,0x0,0x0,0x0,0x0]]]; + +#[cfg(feature = "BN254")] +pub const USE_GLV:bool = true; +#[cfg(feature = "BN254")] +pub const USE_GS_G2:bool = true; +#[cfg(feature = "BN254")] +pub const USE_GS_GT:bool = true; +#[cfg(feature = "BN254")] +pub const GT_STRONG:bool = false; + + + +// BLS383 Curve +#[cfg(feature = "BLS383")] +pub const CURVETYPE:usize = WEIERSTRASS; +#[cfg(feature = "BLS383")] +pub const CURVE_PAIRING_TYPE:usize = BLS_CURVE; +#[cfg(feature = "BLS383")] +pub const CURVE_A:isize = 0; + +#[cfg(feature = "BLS383")] +pub const CURVE_ORDER:[Chunk;NLEN]=[0xFFF001,0xFFF8000,0xFE7800,0xBFDE007,0xC5EDF1C,0x3000049,0x910007A,0xC40007F,0x641004C,0x14,0x0,0x0,0x0,0x0]; +#[cfg(feature = "BLS383")] +pub const CURVE_B:[Chunk;NLEN]=[0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]; +#[cfg(feature = "BLS383")] +pub const CURVE_COF:[Chunk;NLEN]=[0x52B,0x2A00,0xAAB2CA0,0x5560AAA,0x6055,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]; +#[cfg(feature = "BLS383")] +pub const CURVE_GX:[Chunk;NLEN]=[0xD10786B,0xD59B348,0x3F54AD0,0x3477C0E,0x4578B9B,0xBF25B73,0x7BB6F65,0x4F6AC00,0xFF57E9C,0xEFD5830,0xFB6EC02,0xADB9F88,0xEE4BC98,0xB08C]; +#[cfg(feature = "BLS383")] +pub const CURVE_GY:[Chunk;NLEN]=[0xD145DDB,0x5DA023,0x5FEF7CC,0x13F518C,0x2B2A66F,0x56EC346,0xC7A925F,0x96F3019,0x981223E,0x9061047,0x8F5BE59,0x4810AD,0x9337671,0x1F390]; + +#[cfg(feature = "BLS383")] +pub const CURVE_BNX:[Chunk;NLEN]=[0x40,0x100,0x110,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]; +#[cfg(feature = "BLS383")] +pub const CURVE_CRU:[Chunk;NLEN]=[0xDA155A9,0xA3AAC4E,0x61E5E3D,0xDF2FE87,0xE632625,0xBCDFAAD,0xD3035A6,0x5123128,0xBEAD683,0xDBF3A2B,0x424190,0x5C5FAB2,0x80A9F7,0x7AC52]; +#[cfg(feature = "BLS383")] +pub const CURVE_FRA:[Chunk;NLEN]=[0x2B4508B,0x2BA59A9,0x6EEF343,0x63DB7A0,0x1DFBC74,0x40341CB,0x32D55D3,0x1639E9D,0x5CC36D4,0xB19B3F0,0xD86AB98,0xF323EE4,0xB198672,0x5A5F]; +#[cfg(feature = "BLS383")] +pub const CURVE_FRB:[Chunk;NLEN]=[0x7F904E0,0x81051A9,0xF086A37,0xB7D49A6,0xB7DB8AB,0x8F3EEB8,0xC6C9543,0xEEF7983,0x49CB35D,0x7A65F65,0x7CBFBEC,0x693D177,0x5672384,0x751F2]; +#[cfg(feature = "BLS383")] +pub const CURVE_PXA:[Chunk;NLEN]=[0xBAC9472,0x6059885,0xE2DC36D,0x7C4D31D,0x8C88A7,0xBDC90C3,0x1C688FC,0x29F0197,0xC43F167,0x3693539,0x61EB8BF,0xD81E5A5,0x22B56BF,0x4D507]; +#[cfg(feature = "BLS383")] +pub const CURVE_PXB:[Chunk;NLEN]=[0x272AB23,0x9B4BD7A,0xF44DCE8,0x7AF19D4,0x3206A34,0x3F6F7B9,0x2A819FB,0x571DD3E,0x635D7EE,0x3A2BA3B,0xC1A126,0xAC28C78,0x17C3E5B,0xEE36]; +#[cfg(feature = "BLS383")] +pub const CURVE_PYA:[Chunk;NLEN]=[0x77BD4FD,0x81D2309,0xDFDFC6,0xB66072,0xC89A0C,0x41FC959,0x878287A,0x2E1FBCF,0x14EEE65,0x11C230,0x6BB325E,0x2887881,0x859A05C,0x8F40]; +#[cfg(feature = "BLS383")] +pub const CURVE_PYB:[Chunk;NLEN]=[0x52C4CE6,0xA5E20A2,0xAFF40C8,0x5907A74,0x2448EF3,0x41760A4,0xFDA199,0xFFEF82B,0x8D4EA49,0xA0F29A1,0x6E4997B,0xAC7F7B8,0xBA88C12,0x1DCAB]; + +#[cfg(feature = "BLS383")] +pub const CURVE_W:[[Chunk;0];2]=[[],[]]; +#[cfg(feature = "BLS383")] +pub const CURVE_SB:[[[Chunk;0];2];2]=[[[],[]],[[],[]]]; +#[cfg(feature = "BLS383")] +pub const CURVE_WB:[[Chunk;0];4]=[[],[],[],[]]; +#[cfg(feature = "BLS383")] +pub const CURVE_BB:[[[Chunk;0];4];4]=[[[],[],[],[]],[[],[],[],[]],[[],[],[],[]],[[],[],[],[]]]; + + +#[cfg(feature = "BLS383")] +pub const USE_GLV:bool = true; +#[cfg(feature = "BLS383")] +pub const USE_GS_G2:bool = true; +#[cfg(feature = "BLS383")] +pub const USE_GS_GT:bool = true; +#[cfg(feature = "BLS383")] +pub const GT_STRONG:bool = false; + +// BLS455 Curve +#[cfg(feature = "BLS455")] +pub const CURVETYPE:usize = WEIERSTRASS; +#[cfg(feature = "BLS455")] +pub const CURVE_PAIRING_TYPE:usize = BLS_CURVE; +#[cfg(feature = "BLS455")] +pub const CURVE_A:isize = 0; + +#[cfg(feature = "BLS455")] +pub const CURVE_ORDER:[Chunk;NLEN]=[0x1FC00001,0x3FFF,0x10000070,0x1400000,0x1D100,0xF0003A8,0x13C0009,0x1E200,0x180002E0,0x400001,0x4000,0x0,0x0,0x0,0x0,0x0]; +#[cfg(feature = "BLS455")] +pub const CURVE_B:[Chunk;NLEN]=[0xA,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]; +#[cfg(feature = "BLS455")] +pub const CURVE_COF:[Chunk;NLEN]=[0xABFFAAB,0x14AABFFD,0xD52AADA,0x1562AAAB,0x15556AAA,0x2A,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]; +#[cfg(feature = "BLS455")] +pub const CURVE_GX:[Chunk;NLEN]=[0x1DFCEDD1,0x16A62EEF,0xE80D3ED,0xB8DE876,0x179C7253,0x182DAB52,0x46CC85F,0x1E571D9C,0x1E8392B1,0x1A155867,0x19E6527C,0x23DC64E,0xABEDA59,0xF20662B,0x17CECC01,0x310A]; +#[cfg(feature = "BLS455")] +pub const CURVE_GY:[Chunk;NLEN]=[0x6619B9B,0x27EBCD,0x1BE80A19,0x13B014BA,0x191A4936,0x13911916,0x107A5A3B,0x1DCB0863,0x1F5FB1,0xDE44A9C,0x18E23B2A,0x1FA81FD3,0xB0D6DFA,0xC2FE1EF,0xDDFA7E2,0x3351B]; + +#[cfg(feature = "BLS455")] +pub const CURVE_BNX:[Chunk;NLEN]=[0x800,0x1000004,0x40000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]; +#[cfg(feature = "BLS455")] +pub const CURVE_CRU:[Chunk;NLEN]=[0xAA9,0x9017FE0,0x128DD8AA,0x1F4A321E,0x148FEC90,0x195CDEEA,0xE961AA2,0x168D3B66,0xAFD99D7,0xB989AA6,0x1F9A5724,0x91A05FF,0xE0EF5B,0xAAB9548,0x55555E5,0xAAAAB]; +#[cfg(feature = "BLS455")] +pub const CURVE_FRA:[Chunk;NLEN]=[0xA2EBF21,0x4E67DEE,0xCDE6590,0xE5EA94E,0x15454985,0x140CFC43,0x7E14D1C,0x1778395A,0x1944F022,0x166BEA1A,0xC3DEEA0,0x9F031A0,0x16A7459,0x1F1D6E00,0x125CFB72,0x72FD4]; +#[cfg(feature = "BLS455")] +pub const CURVE_FRB:[Chunk;NLEN]=[0x15D1438A,0x1019821D,0x1DCBF01A,0x1CB40187,0x118C70E6,0x18BD5A30,0xB018251,0x13275D08,0xA06E916,0x1C6D0096,0x39BA8ED,0x1F33D460,0x1F768501,0xB8E274F,0x12F85A72,0x37AD6]; +#[cfg(feature = "BLS455")] +pub const CURVE_PXA:[Chunk;NLEN]=[0x10C1F542,0x23AF907,0x159F840,0xBAC0E1F,0x133D7766,0x1C034C5D,0x14C5C875,0x1ED0BDA2,0x16A49C71,0x1E9FF62D,0x14F3ACC0,0x1E0C9FEA,0xC4638DE,0x74D18DA,0xBEA0030,0x5D962]; +#[cfg(feature = "BLS455")] +pub const CURVE_PXB:[Chunk;NLEN]=[0x749F03D,0xC843773,0xB17BCBA,0x1134AB4B,0x8EA016E,0x1A0D766C,0x58F819E,0x48A1FCC,0xE296F62,0x83370E4,0xC9BA1D5,0x1E43290E,0xEE59A80,0x1FDD85F5,0x1F3819B6,0x1D9F]; +#[cfg(feature = "BLS455")] +pub const CURVE_PYA:[Chunk;NLEN]=[0x181A77F4,0x191AD22,0x1E9F842A,0x1E1E6CF6,0xD55B9D9,0x1D062533,0x15BB1323,0x7ECBC1,0x1A9EC2EF,0x1EE14CE0,0x1E96B271,0xA794439,0x1C544324,0xE6AD5DC,0x16429B0F,0x448E3]; +#[cfg(feature = "BLS455")] +pub const CURVE_PYB:[Chunk;NLEN]=[0x1E1FDBA2,0x1A09DB6C,0xF680D5B,0xFCC6122,0xC488E2A,0x1E489ECD,0x1005617E,0x1CF9EC36,0x1C89ED72,0x16C00D90,0x1563E595,0x1243DDC0,0x8698F9E,0x1BD81E7E,0xF2A0F4A,0x66A0]; + +#[cfg(feature = "BLS455")] +pub const CURVE_W:[[Chunk;0];2]=[[],[]]; +#[cfg(feature = "BLS455")] +pub const CURVE_SB:[[[Chunk;0];2];2]=[[[],[]],[[],[]]]; +#[cfg(feature = "BLS455")] +pub const CURVE_WB:[[Chunk;0];4]=[[],[],[],[]]; +#[cfg(feature = "BLS455")] +pub const CURVE_BB:[[[Chunk;0];4];4]=[[[],[],[],[]],[[],[],[],[]],[[],[],[],[]],[[],[],[],[]]]; + + +#[cfg(feature = "BLS455")] +pub const USE_GLV:bool = true; +#[cfg(feature = "BLS455")] +pub const USE_GS_G2:bool = true; +#[cfg(feature = "BLS455")] +pub const USE_GS_GT:bool = true; +#[cfg(feature = "BLS455")] +pub const GT_STRONG:bool = false; +
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/c25f9e5c/version22/rust/src/rom64.rs ---------------------------------------------------------------------- diff --git a/version22/rust/src/rom64.rs b/version22/rust/src/rom64.rs new file mode 100644 index 0000000..fc900ab --- /dev/null +++ b/version22/rust/src/rom64.rs @@ -0,0 +1,348 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +pub type Chunk=i64; +//pub type DChunk=i128; +pub const CHUNK:usize=64; + +pub const NOT_SPECIAL:usize =0; +pub const PSEUDO_MERSENNE:usize=1; +pub const MONTGOMERY_FRIENDLY:usize=2; +pub const GENERALISED_MERSENNE:usize=3; +pub const WEIERSTRASS:usize=0; +pub const EDWARDS:usize=1; +pub const MONTGOMERY:usize=2; +pub const BN_CURVE: usize=0; +pub const BLS_CURVE: usize=1; + + +// Curve 25519 +#[cfg(feature = "Ed25519")] +pub const MODBITS: usize = 255; +#[cfg(feature = "Ed25519")] +pub const MOD8: usize = 5; +#[cfg(feature = "Ed25519")] +pub const BASEBITS: usize = 56; +#[cfg(feature = "Ed25519")] +pub const AES_S: usize=0; + +// GOLDILOCKS +#[cfg(feature = "GOLDILOCKS")] +pub const MODBITS: usize=448; +#[cfg(feature = "GOLDILOCKS")] +pub const MOD8: usize=7; +#[cfg(feature = "GOLDILOCKS")] +pub const BASEBITS: usize=60; +#[cfg(feature = "GOLDILOCKS")] +pub const AES_S: usize= 0; + + +// BN254 Curve +#[cfg(feature = "BN254")] +pub const MODBITS:usize = 254; /* Number of bits in Modulus */ +#[cfg(feature = "BN254")] +pub const MOD8:usize = 3; /* Modulus mod 8 */ +#[cfg(feature = "BN254")] +pub const BASEBITS:usize = 56; +#[cfg(feature = "BN254")] +pub const AES_S:usize=0; + +// BLS383 Curve +#[cfg(feature = "BLS383")] +pub const MODBITS:usize = 383; /* Number of bits in Modulus */ +#[cfg(feature = "BLS383")] +pub const MOD8: usize = 3; /* Modulus mod 8 */ +#[cfg(feature = "BLS383")] +pub const BASEBITS:usize = 56; +#[cfg(feature = "BLS383")] +pub const AES_S: usize= 0; + +// BLS455 Curve +#[cfg(feature = "BLS455")] +pub const MODBITS:usize = 455; /* Number of bits in Modulus */ +#[cfg(feature = "BLS455")] +pub const MOD8: usize = 3; /* Modulus mod 8 */ +#[cfg(feature = "BLS455")] +pub const BASEBITS:usize = 60; +#[cfg(feature = "BLS455")] +pub const AES_S: usize= 128; + +//--------------- + +/* RSA/DH modulus length as multiple of BIGBITS */ +pub const FFLEN:usize=8; + +pub const NLEN: usize = (1+((MODBITS-1)/BASEBITS)); +pub const BIG_HEX_STRING_LEN:usize = NLEN * 16 + NLEN - 1; +pub const DNLEN: usize = 2*NLEN; +pub const BMASK: Chunk= ((1<<BASEBITS)-1); +pub const MODBYTES: usize = 1+(MODBITS-1)/8; +pub const NEXCESS:isize = (1<<((CHUNK)-BASEBITS-1)); +pub const FEXCESS:Chunk = ((1 as Chunk)<<(BASEBITS*(NLEN)-MODBITS)); +pub const OMASK:Chunk = (-1)<<(MODBITS%BASEBITS); +pub const TBITS:usize=MODBITS%BASEBITS; // Number of active bits in top word +pub const TMASK:Chunk=(1<<TBITS)-1; +pub const BIGBITS:usize = (MODBYTES*8); +pub const HBITS: usize=(BASEBITS/2); +pub const HMASK: Chunk= ((1<<HBITS)-1); + +/* Finite field support - for RSA, DH etc. */ +pub const FF_BITS:usize=(BIGBITS*FFLEN); /* Finite Field Size in bits - must be 256.2^n */ +pub const HFLEN:usize=(FFLEN/2); /* Useful for half-size RSA private key operations */ + +pub const P_MBITS:usize=(MODBYTES as usize)*8; +pub const P_MB: usize=(P_MBITS%BASEBITS); +pub const P_OMASK:Chunk=((-1)<<(P_MBITS%BASEBITS)); +pub const P_FEXCESS: Chunk=(1<<(BASEBITS*NLEN-P_MBITS)); +pub const P_TBITS: usize=(P_MBITS%BASEBITS); + + +// Curve25519 Modulus +#[cfg(feature = "Ed25519")] +pub const MODTYPE:usize=PSEUDO_MERSENNE; +#[cfg(feature = "Ed25519")] +pub const MODULUS:[Chunk;NLEN]=[0xFFFFFFFFFFFFED,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0x7FFFFFFF]; +#[cfg(feature = "Ed25519")] +pub const MCONST:Chunk=19; + +//GOLDILOCKS +#[cfg(feature = "GOLDILOCKS")] +pub const MODTYPE: usize=GENERALISED_MERSENNE; +#[cfg(feature = "GOLDILOCKS")] +pub const MODULUS: [Chunk;NLEN]= [0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFEFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFF]; +#[cfg(feature = "GOLDILOCKS")] +pub const MCONST: Chunk=0x1; + +// BN254 Curve Modulus +#[cfg(feature = "BN254")] +pub const MODTYPE:usize = NOT_SPECIAL; +#[cfg(feature = "BN254")] +pub const MODULUS:[Chunk;NLEN] = [0x13,0x13A7,0x80000000086121,0x40000001BA344D,0x25236482]; +#[cfg(feature = "BN254")] +pub const MCONST:Chunk=0x435E50D79435E5; + +// BLS383 Curve +#[cfg(feature = "BLS383")] +pub const MODTYPE:usize = NOT_SPECIAL; +#[cfg(feature = "BLS383")] +pub const MODULUS:[Chunk;NLEN] = [0xACAAB52AAD556B,0x1BB01475F75D7A,0xCF73083D5D7520,0x531820F99EB16,0x2C01355A68EA32,0x5C6105C552A785,0x7AC52080A9F7]; +#[cfg(feature = "BLS383")] +pub const MCONST:Chunk=0xA59AB3B123D0BD; + + +// BLS455 Curve +#[cfg(feature = "BLS455")] +pub const MODTYPE:usize = NOT_SPECIAL; +#[cfg(feature = "BLS455")] +pub const MODULUS:[Chunk;NLEN] = [0xAA00001800002AB,0xC589556B2AA956A,0xB9994ACE86D1BA6,0x3954FCB314B8B3D,0xE3A5B1D56234BD9,0x95B49203003F665,0x57955572AA00E0F,0x555559555]; +#[cfg(feature = "BLS455")] +pub const MCONST:Chunk=0xB3EF8137F4017FD; + + +// Ed25519 Curve +#[cfg(feature = "Ed25519")] +pub const CURVETYPE:usize=EDWARDS; +#[cfg(feature = "Ed25519")] +pub const CURVE_A:isize = -1; +#[cfg(feature = "Ed25519")] +pub const CURVE_B:[Chunk;NLEN]=[0xEB4DCA135978A3,0xA4D4141D8AB75,0x797779E8980070,0x2B6FFE738CC740,0x52036CEE]; +#[cfg(feature = "Ed25519")] +pub const CURVE_ORDER:[Chunk;NLEN]=[0x12631A5CF5D3ED,0xF9DEA2F79CD658,0x14DE,0x0,0x10000000]; +#[cfg(feature = "Ed25519")] +pub const CURVE_GX:[Chunk;NLEN]=[0x562D608F25D51A,0xC7609525A7B2C9,0x31FDD6DC5C692C,0xCD6E53FEC0A4E2,0x216936D3]; +#[cfg(feature = "Ed25519")] +pub const CURVE_GY:[Chunk;NLEN]=[0x66666666666658,0x66666666666666,0x66666666666666,0x66666666666666,0x66666666]; + +// GOLDILOCKS +#[cfg(feature = "GOLDILOCKS")] +pub const CURVETYPE: usize= EDWARDS; +#[cfg(feature = "GOLDILOCKS")] +pub const CURVE_A: isize = 1; +#[cfg(feature = "GOLDILOCKS")] +pub const CURVE_B: [Chunk;NLEN]=[0xFFFFFFFFFFF6756,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFEFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFF]; +#[cfg(feature = "GOLDILOCKS")] +pub const CURVE_ORDER: [Chunk;NLEN]=[0x378C292AB5844F3,0x6CC2728DC58F552,0xEDB49AED6369021,0xFFFF7CCA23E9C44,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0x3FFFFFF]; +#[cfg(feature = "GOLDILOCKS")] +pub const CURVE_GX: [Chunk;NLEN]=[0x555555555555555,0x555555555555555,0x555555555555555,0xAAA955555555555,0xAAAAAAAAAAAAAAA,0xAAAAAAAAAAAAAAA,0xAAAAAAAAAAAAAAA,0xAAAAAAA]; +#[cfg(feature = "GOLDILOCKS")] +pub const CURVE_GY: [Chunk;NLEN]=[0xAEAFBCDEA9386ED,0xBCB2BED1CDA06BD,0x565833A2A3098BB,0x6D728AD8C4B80D6,0x7A035884DD7B7E3,0x205086C2B0036ED,0x34AD7048DB359D6,0xAE05E96]; + + +// BN254 Curve +#[cfg(feature = "BN254")] +pub const CURVETYPE:usize = WEIERSTRASS; +#[cfg(feature = "BN254")] +pub const CURVE_PAIRING_TYPE:usize = BN_CURVE; +#[cfg(feature = "BN254")] +pub const CURVE_A:isize = 0; +#[cfg(feature = "BN254")] +pub const CURVE_B:[Chunk;NLEN]=[0x2,0x0,0x0,0x0,0x0]; +#[cfg(feature = "BN254")] +pub const CURVE_ORDER:[Chunk;NLEN]=[0xD,0x800000000010A1,0x8000000007FF9F,0x40000001BA344D,0x25236482]; +#[cfg(feature = "BN254")] +pub const CURVE_GX:[Chunk;NLEN]=[0x12,0x13A7,0x80000000086121,0x40000001BA344D,0x25236482]; +#[cfg(feature = "BN254")] +pub const CURVE_GY:[Chunk;NLEN]=[0x1,0x0,0x0,0x0,0x0]; + +#[cfg(feature = "BN254")] +pub const CURVE_FRA:[Chunk;NLEN]=[0x7DE6C06F2A6DE9,0x74924D3F77C2E1,0x50A846953F8509,0x212E7C8CB6499B,0x1B377619]; +#[cfg(feature = "BN254")] +pub const CURVE_FRB:[Chunk;NLEN]=[0x82193F90D5922A,0x8B6DB2C08850C5,0x2F57B96AC8DC17,0x1ED1837503EAB2,0x9EBEE69]; +#[cfg(feature = "BN254")] +pub const CURVE_PXA:[Chunk;NLEN]=[0xEE4224C803FB2B,0x8BBB4898BF0D91,0x7E8C61EDB6A464,0x519EB62FEB8D8C,0x61A10BB]; +#[cfg(feature = "BN254")] +pub const CURVE_PXB:[Chunk;NLEN]=[0x8C34C1E7D54CF3,0x746BAE3784B70D,0x8C5982AA5B1F4D,0xBA737833310AA7,0x516AAF9]; +#[cfg(feature = "BN254")] +pub const CURVE_PYA:[Chunk;NLEN]=[0xF0E07891CD2B9A,0xAE6BDBE09BD19,0x96698C822329BD,0x6BAF93439A90E0,0x21897A0]; +#[cfg(feature = "BN254")] +pub const CURVE_PYB:[Chunk;NLEN]=[0x2D1AEC6B3ACE9B,0x6FFD739C9578A,0x56F5F38D37B090,0x7C8B15268F6D44,0xEBB2B0E]; +#[cfg(feature = "BN254")] +pub const CURVE_BNX:[Chunk;NLEN]=[0x80000000000001,0x40,0x0,0x0,0x0]; +#[cfg(feature = "BN254")] +pub const CURVE_COF:[Chunk;NLEN]=[0x1,0x0,0x0,0x0,0x0]; +#[cfg(feature = "BN254")] +pub const CURVE_CRU:[Chunk;NLEN]=[0x80000000000007,0x6CD,0x40000000024909,0x49B362,0x0]; +#[cfg(feature = "BN254")] +pub const CURVE_W:[[Chunk;NLEN];2]=[[0x3,0x80000000000204,0x6181,0x0,0x0],[0x1,0x81,0x0,0x0,0x0]]; +#[cfg(feature = "BN254")] +pub const CURVE_SB:[[[Chunk;NLEN];2];2]=[[[0x4,0x80000000000285,0x6181,0x0,0x0],[0x1,0x81,0x0,0x0,0x0]],[[0x1,0x81,0x0,0x0,0x0],[0xA,0xE9D,0x80000000079E1E,0x40000001BA344D,0x25236482]]]; +#[cfg(feature = "BN254")] +pub const CURVE_WB:[[Chunk;NLEN];4]=[[0x80000000000000,0x80000000000040,0x2080,0x0,0x0],[0x80000000000005,0x54A,0x8000000001C707,0x312241,0x0],[0x80000000000003,0x800000000002C5,0xC000000000E383,0x189120,0x0],[0x80000000000001,0x800000000000C1,0x2080,0x0,0x0]]; +#[cfg(feature = "BN254")] +pub const CURVE_BB:[[[Chunk;NLEN];4];4]=[[[0x8000000000000D,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482],[0x8000000000000C,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482],[0x8000000000000C,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482],[0x2,0x81,0x0,0x0,0x0]],[[0x1,0x81,0x0,0x0,0x0],[0x8000000000000C,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482],[0x8000000000000D,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482],[0x8000000000000C,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482]],[[0x2,0x81,0x0,0x0,0x0],[0x1,0x81,0x0,0x0,0x0],[0x1,0x81,0x0,0x0,0x0],[0x1,0x81,0x0,0x0,0x0]],[[0x80000000000002,0x40,0x0,0x0,0x0],[0x2,0x102,0x0,0x0,0x0],[0xA,0x80000000001020,0x8000000007FF9F,0x40000001BA344D,0x25236482],[0x80000000000002,0x40,0x0,0x0,0x0]]]; + +#[cfg(feature = "BN254")] +pub const USE_GLV:bool = true; +#[cfg(feature = "BN254")] +pub const USE_GS_G2:bool = true; +#[cfg(feature = "BN254")] +pub const USE_GS_GT:bool = true; +#[cfg(feature = "BN254")] +pub const GT_STRONG:bool = false; + +// BLS383 Curve +#[cfg(feature = "BLS383")] +pub const CURVETYPE:usize = WEIERSTRASS; +#[cfg(feature = "BLS383")] +pub const CURVE_PAIRING_TYPE:usize = BLS_CURVE; +#[cfg(feature = "BLS383")] +pub const CURVE_A:isize = 0; + +#[cfg(feature = "BLS383")] +pub const CURVE_ORDER:[Chunk;NLEN]=[0xFFF80000FFF001,0xBFDE0070FE7800,0x3000049C5EDF1C,0xC40007F910007A,0x14641004C,0x0,0x0]; +#[cfg(feature = "BLS383")] +pub const CURVE_B:[Chunk;NLEN]=[0x9,0x0,0x0,0x0,0x0,0x0,0x0]; +#[cfg(feature = "BLS383")] +pub const CURVE_COF:[Chunk;NLEN]=[0x2A00000052B,0x5560AAAAAB2CA0,0x6055,0x0,0x0,0x0,0x0]; +#[cfg(feature = "BLS383")] +pub const CURVE_GX:[Chunk;NLEN]=[0xD59B348D10786B,0x3477C0E3F54AD0,0xBF25B734578B9B,0x4F6AC007BB6F65,0xEFD5830FF57E9C,0xADB9F88FB6EC02,0xB08CEE4BC98]; +#[cfg(feature = "BLS383")] +pub const CURVE_GY:[Chunk;NLEN]=[0x5DA023D145DDB,0x13F518C5FEF7CC,0x56EC3462B2A66F,0x96F3019C7A925F,0x9061047981223E,0x4810AD8F5BE59,0x1F3909337671]; + +#[cfg(feature = "BLS383")] +pub const CURVE_BNX:[Chunk;NLEN]=[0x1000000040,0x110,0x0,0x0,0x0,0x0,0x0]; +#[cfg(feature = "BLS383")] +pub const CURVE_CRU:[Chunk;NLEN]=[0xA3AAC4EDA155A9,0xDF2FE8761E5E3D,0xBCDFAADE632625,0x5123128D3035A6,0xDBF3A2BBEAD683,0x5C5FAB20424190,0x7AC52080A9F7]; +#[cfg(feature = "BLS383")] +pub const CURVE_FRA:[Chunk;NLEN]=[0x2BA59A92B4508B,0x63DB7A06EEF343,0x40341CB1DFBC74,0x1639E9D32D55D3,0xB19B3F05CC36D4,0xF323EE4D86AB98,0x5A5FB198672]; +#[cfg(feature = "BLS383")] +pub const CURVE_FRB:[Chunk;NLEN]=[0x81051A97F904E0,0xB7D49A6F086A37,0x8F3EEB8B7DB8AB,0xEEF7983C6C9543,0x7A65F6549CB35D,0x693D1777CBFBEC,0x751F25672384]; +#[cfg(feature = "BLS383")] +pub const CURVE_PXA:[Chunk;NLEN]=[0x6059885BAC9472,0x7C4D31DE2DC36D,0xBDC90C308C88A7,0x29F01971C688FC,0x3693539C43F167,0xD81E5A561EB8BF,0x4D50722B56BF]; +#[cfg(feature = "BLS383")] +pub const CURVE_PXB:[Chunk;NLEN]=[0x9B4BD7A272AB23,0x7AF19D4F44DCE8,0x3F6F7B93206A34,0x571DD3E2A819FB,0x3A2BA3B635D7EE,0xAC28C780C1A126,0xEE3617C3E5B]; +#[cfg(feature = "BLS383")] +pub const CURVE_PYA:[Chunk;NLEN]=[0x81D230977BD4FD,0xB660720DFDFC6,0x41FC9590C89A0C,0x2E1FBCF878287A,0x11C23014EEE65,0x28878816BB325E,0x8F40859A05C]; +#[cfg(feature = "BLS383")] +pub const CURVE_PYB:[Chunk;NLEN]=[0xA5E20A252C4CE6,0x5907A74AFF40C8,0x41760A42448EF3,0xFFEF82B0FDA199,0xA0F29A18D4EA49,0xAC7F7B86E4997B,0x1DCABBA88C12]; + +#[cfg(feature = "BLS383")] +pub const CURVE_W:[[Chunk;0];2]=[[],[]]; +#[cfg(feature = "BLS383")] +pub const CURVE_SB:[[[Chunk;0];2];2]=[[[],[]],[[],[]]]; +#[cfg(feature = "BLS383")] +pub const CURVE_WB:[[Chunk;0];4]=[[],[],[],[]]; +#[cfg(feature = "BLS383")] +pub const CURVE_BB:[[[Chunk;0];4];4]=[[[],[],[],[]],[[],[],[],[]],[[],[],[],[]],[[],[],[],[]]]; + + +#[cfg(feature = "BLS383")] +pub const USE_GLV:bool = true; +#[cfg(feature = "BLS383")] +pub const USE_GS_G2:bool = true; +#[cfg(feature = "BLS383")] +pub const USE_GS_GT:bool = true; +#[cfg(feature = "BLS383")] +pub const GT_STRONG:bool = false; + + +// BLS455 Curve +#[cfg(feature = "BLS455")] +pub const CURVETYPE:usize = WEIERSTRASS; +#[cfg(feature = "BLS455")] +pub const CURVE_PAIRING_TYPE:usize = BLS_CURVE; +#[cfg(feature = "BLS455")] +pub const CURVE_A:isize = 0; + +#[cfg(feature = "BLS455")] +pub const CURVE_ORDER:[Chunk;NLEN]=[0x7FFFFC00001,0xA00000400001C,0x25E000750001D10,0xE0000F10004F000,0x80000380002,0x10,0x0,0x0]; +#[cfg(feature = "BLS455")] +pub const CURVE_B:[Chunk;NLEN]=[0xA,0x0,0x0,0x0,0x0,0x0,0x0,0x0]; +#[cfg(feature = "BLS455")] +pub const CURVE_COF:[Chunk;NLEN]=[0xA9557FFAABFFAAB,0xAAB15555B54AAB6,0x555556AA,0x0,0x0,0x0,0x0,0x0]; +#[cfg(feature = "BLS455")] +pub const CURVE_GX:[Chunk;NLEN]=[0x6D4C5DDFDFCEDD1,0x35C6F43B3A034FB,0x7F05B56A579C725,0xB1F2B8ECE11B321,0x9F342AB0CFE8392,0xA5911EE32767994,0x3005E40CC56ABED,0x18855F3B]; +#[cfg(feature = "BLS455")] +pub const CURVE_GY:[Chunk;NLEN]=[0x404FD79A6619B9B,0x69D80A5D6FA0286,0xEE722322D91A493,0xB1EE58431C1E968,0xCA9BC8953801F5F,0xDFAFD40FE9E388E,0x9F8985FC3DEB0D6,0x19A8DB77E]; + +#[cfg(feature = "BLS455")] +pub const CURVE_BNX:[Chunk;NLEN]=[0x20000080000800,0x10000,0x0,0x0,0x0,0x0,0x0,0x0]; +#[cfg(feature = "BLS455")] +pub const CURVE_CRU:[Chunk;NLEN]=[0x9202FFC00000AA9,0xFA5190F4A3762A,0x8B2B9BDD548FEC9,0xD7B469DB33A586A,0xC91731354CAFD99,0xF5B48D02FFFE695,0x57955572A900E0E,0x555559555]; +#[cfg(feature = "BLS455")] +pub const CURVE_FRA:[Chunk;NLEN]=[0x9CCFBDCA2EBF21,0x572F54A73379964,0x72819F887545498,0x22BBC1CAD1F8534,0xA82CD7D435944F0,0x4594F818D030F7B,0xEDCBE3ADC0016A7,0x397EA4973]; +#[cfg(feature = "BLS455")] +pub const CURVE_FRB:[Chunk;NLEN]=[0xA033043B5D1438A,0x6E5A00C3F72FC06,0x4717AB46118C70E,0x16993AE842C0609,0x3B78DA012CA06E9,0x501F99EA300E6EA,0x69C971C4E9FF768,0x1BD6B4BE1]; +#[cfg(feature = "BLS455")] +pub const CURVE_PXA:[Chunk;NLEN]=[0x475F20F0C1F542,0x65D6070F8567E10,0xD780698BB33D776,0x71F685ED1531721,0x303D3FEC5B6A49C,0x8DEF064FF553CEB,0xC0E9A31B4C463,0x2ECB12FA8]; +#[cfg(feature = "BLS455")] +pub const CURVE_PXB:[Chunk;NLEN]=[0x99086EE6749F03D,0xE89A55A5AC5EF2E,0x7B41AECD88EA016,0x622450FE6163E06,0x755066E1C8E296F,0xA80F219487326E8,0x66DBFBB0BEAEE59,0xECFFCE0]; +#[cfg(feature = "BLS455")] +pub const CURVE_PYA:[Chunk;NLEN]=[0x83235A4581A77F4,0x9F0F367B7A7E10A,0x8FA0C4A66D55B9D,0xEF03F65E0D6EC4C,0x9C7DC299C1A9EC2,0x32453CA21CFA5AC,0x6C3DCD5ABB9C544,0x22471D90A]; +#[cfg(feature = "BLS455")] +pub const CURVE_PYB:[Chunk;NLEN]=[0xF413B6D9E1FDBA2,0xA7E630913DA0356,0xFBC913D9AC488E2,0x72E7CF61B401585,0x656D801B21C89ED,0xF9E921EEE0558F9,0x3D2B7B03CFC8698,0x33503CA8]; + +#[cfg(feature = "BLS455")] +pub const CURVE_W:[[Chunk;0];2]=[[],[]]; +#[cfg(feature = "BLS455")] +pub const CURVE_SB:[[[Chunk;0];2];2]=[[[],[]],[[],[]]]; +#[cfg(feature = "BLS455")] +pub const CURVE_WB:[[Chunk;0];4]=[[],[],[],[]]; +#[cfg(feature = "BLS455")] +pub const CURVE_BB:[[[Chunk;0];4];4]=[[[],[],[],[]],[[],[],[],[]],[[],[],[],[]],[[],[],[],[]]]; + + +#[cfg(feature = "BLS455")] +pub const USE_GLV:bool = true; +#[cfg(feature = "BLS455")] +pub const USE_GS_G2:bool = true; +#[cfg(feature = "BLS455")] +pub const USE_GS_GT:bool = true; +#[cfg(feature = "BLS455")] +pub const GT_STRONG:bool = false; \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/c25f9e5c/version22/rust/src/rsa.rs ---------------------------------------------------------------------- diff --git a/version22/rust/src/rsa.rs b/version22/rust/src/rsa.rs new file mode 100644 index 0000000..4915816 --- /dev/null +++ b/version22/rust/src/rsa.rs @@ -0,0 +1,372 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +//mod big; +//use big::BIG; +//mod dbig; +//use dbig::DBIG; +//mod ff; +use ff::FF; +//mod big; +//mod dbig; +//mod rom; +use rom; +//mod rand; +use rand::RAND; +//mod hash256; +use hash256::HASH256; +//mod hash384; +use hash384::HASH384; +//mod hash512; +use hash512::HASH512; + +pub const RFS:usize =(rom::MODBYTES as usize)*rom::FFLEN; +pub const SHA256:usize=32; +pub const SHA384:usize=48; +pub const SHA512:usize=64; + +pub const HASH_TYPE:usize=SHA256; + +pub struct RsaPrivateKey { + p:FF, + q:FF, + dp:FF, + dq:FF, + c:FF +} + +pub struct RsaPublicKey { + e: isize, + n: FF +} + +pub fn new_private_key(n: usize) -> RsaPrivateKey { + RsaPrivateKey {p:FF::new_int(n),q:FF::new_int(n),dp:FF::new_int(n),dq:FF::new_int(n),c:FF::new_int(n)} +} + +pub fn new_public_key(m: usize) -> RsaPublicKey { + RsaPublicKey {e:0,n:FF::new_int(m)} +} + +fn hashit(sha: usize,a: Option<&[u8]>,n: isize,w: &mut [u8]) { + if sha==SHA256 { + let mut h=HASH256::new(); + if let Some(x)=a { + h.process_array(x); + } + if n>=0 {h.process_num(n as i32)} + let hs=h.hash(); + for i in 0..sha {w[i]=hs[i]} + } + if sha==SHA384 { + let mut h=HASH384::new(); + if let Some(x)=a { + h.process_array(x); + } + if n>=0 {h.process_num(n as i32)} + let hs=h.hash(); + for i in 0..sha {w[i]=hs[i]} + } + if sha==SHA512 { + let mut h=HASH512::new(); + if let Some(x)=a { + h.process_array(x); + } + if n>=0 {h.process_num(n as i32)} + let hs=h.hash(); + for i in 0..sha {w[i]=hs[i]} + } +} + +pub fn key_pair(rng: &mut RAND,e: isize,prv: &mut RsaPrivateKey,pbc: &mut RsaPublicKey) { /* IEEE1363 A16.11/A16.12 more or less */ + let n=pbc.n.getlen()/2; + let mut t=FF::new_int(n); + let mut p1=FF::new_int(n); + let mut q1=FF::new_int(n); + + loop { + prv.p.random(rng); + while prv.p.lastbits(2)!=3 {prv.p.inc(1)} + while !FF::prime(&prv.p,rng) { + prv.p.inc(4); + } + + p1.copy(&prv.p); + p1.dec(1); + + if p1.cfactor(e) {continue} + break; + } + + loop { + prv.q.random(rng); + while prv.q.lastbits(2)!=3 {prv.q.inc(1)} + while !FF::prime(&prv.q,rng) { + prv.q.inc(4); + } + + q1.copy(&prv.q); + q1.dec(1); + + if q1.cfactor(e) {continue} + + break; + } + + pbc.n=FF::mul(&prv.p,&prv.q); + pbc.e=e; + + t.copy(&p1); + t.shr(); + prv.dp.set(e); + prv.dp.invmodp(&t); + if prv.dp.parity()==0 {prv.dp.add(&t)} + prv.dp.norm(); + + t.copy(&q1); + t.shr(); + prv.dq.set(e); + prv.dq.invmodp(&t); + if prv.dq.parity()==0 {prv.dq.add(&t)} + prv.dq.norm(); + + prv.c.copy(&prv.p); + prv.c.invmodp(&prv.q); +} + +/* Mask Generation Function */ + +pub fn mgf1(sha: usize,z: &[u8],olen: usize,k: &mut [u8]) { + let hlen=sha; + + let mut j=0; + for i in 0..k.len() {k[i]=0} + + let mut cthreshold=olen/hlen; + if olen%hlen!=0 {cthreshold+=1} + for counter in 0..cthreshold { + let mut b:[u8;64]=[0;64]; + hashit(sha,Some(z),counter as isize,&mut b); + + if j+hlen>olen { + for i in 0..(olen%hlen) {k[j]=b[i]; j+=1} + } else { + for i in 0..hlen {k[j]=b[i]; j+=1} + } + } +} + +/* SHAXXX identifier strings */ +const SHA256ID:[u8;19]= [0x30,0x31,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0x04,0x20]; +const SHA384ID:[u8;19]= [0x30,0x41,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,0x05,0x00,0x04,0x30]; +const SHA512ID:[u8;19]= [0x30,0x51,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00,0x04,0x40]; + +pub fn pkcs15(sha: usize,m: &[u8],w: &mut [u8]) -> bool { + let olen=rom::FF_BITS/8; + let hlen=sha; + let idlen=19; + let mut b:[u8;64]=[0;64]; /* Not good */ + + if olen<idlen+hlen+10 {return false} + hashit(sha,Some(m),-1,&mut b); + + for i in 0..w.len() {w[i]=0} + let mut i=0; + w[i]=0; i+=1; + w[i]=1; i+=1; + for _ in 0..olen-idlen-hlen-3 {w[i]=0xff; i+=1} + w[i]=0; i+=1; + + if hlen==SHA256 { + for j in 0..idlen {w[i]=SHA256ID[j]; i+=1} + } + if hlen==SHA384 { + for j in 0..idlen {w[i]=SHA384ID[j]; i+=1} + } + if hlen==SHA512 { + for j in 0..idlen {w[i]=SHA512ID[j]; i+=1} + } + for j in 0..hlen {w[i]=b[j]; i+=1} + + return true; +} + +/* OAEP Message Encoding for Encryption */ +pub fn oaep_encode(sha: usize,m: &[u8],rng: &mut RAND,p: Option<&[u8]>,f: &mut [u8]) -> bool { + let olen=RFS-1; + let mlen=m.len(); + + let hlen=sha; + + let mut seed:[u8;64]=[0;64]; + + let seedlen=hlen; + if mlen>olen-hlen-seedlen-1 {return false} + + let mut dbmask:[u8;RFS]=[0;RFS]; + + hashit(sha,p,-1,f); + let slen=olen-mlen-hlen-seedlen-1; + + for i in 0..slen {f[hlen+i]=0} + f[hlen+slen]=1; + for i in 0..mlen {f[hlen+slen+1+i]=m[i]} + + for i in 0..seedlen {seed[i]=rng.getbyte()} + + mgf1(sha,&seed,olen-seedlen,&mut dbmask); + + for i in 0..olen-seedlen {dbmask[i]^=f[i]} + + mgf1(sha,&dbmask[0..olen-seedlen],seedlen,f); + + for i in 0..seedlen {f[i]^=seed[i]} + + for i in 0..olen-seedlen {f[i+seedlen]=dbmask[i]} + + /* pad to length RFS */ + let d=1; + for i in (d..RFS).rev() { + f[i]=f[i-d]; + } + for i in (0..d).rev() { + f[i]=0; + } + return true; +} + +/* OAEP Message Decoding for Decryption */ +pub fn oaep_decode(sha: usize,p: Option<&[u8]>,f: &mut [u8]) -> usize { + let olen=RFS-1; + + let hlen=sha; + let mut seed:[u8;64]=[0;64]; + let seedlen=hlen; + let mut chash:[u8;64]=[0;64]; + + if olen<seedlen+hlen+1 {return 0} + let mut dbmask:[u8;RFS]=[0;RFS]; + //for i in 0..olen-seedlen {dbmask[i]=0} + + if f.len()<RFS { + let d=RFS-f.len(); + for i in (d..RFS).rev() { + f[i]=f[i-d]; + } + for i in (0..d).rev() { + f[i]=0; + } + } + + hashit(sha,p,-1,&mut chash); + + let x=f[0]; + + for i in seedlen..olen { + dbmask[i-seedlen]=f[i+1]; + } + + mgf1(sha,&dbmask[0..olen-seedlen],seedlen,&mut seed); + for i in 0..seedlen {seed[i]^=f[i+1]} + mgf1(sha,&seed,olen-seedlen,f); + for i in 0..olen-seedlen {dbmask[i]^=f[i]} + + let mut comp=true; + for i in 0..hlen { + if chash[i]!=dbmask[i] {comp=false} + } + + for i in 0..olen-seedlen-hlen { + dbmask[i]=dbmask[i+hlen] + } + + for i in 0..hlen { + seed[i]=0; chash[i]=0 + } + + let mut k=0; + loop { + if k>=olen-seedlen-hlen {return 0} + if dbmask[k]!=0 {break} + k+=1; + } + + let t=dbmask[k]; + if !comp || x!=0 || t!=0x01 { + for i in 0..olen-seedlen {dbmask[i]=0} + return 0; + } + + for i in 0..olen-seedlen-hlen-k-1 { + f[i]=dbmask[i+k+1]; + } + + for i in 0..olen-seedlen {dbmask[i]=0} + + return olen-seedlen-hlen-k-1; +} + +/* destroy the Private Key structure */ +pub fn private_key_kill(prv: &mut RsaPrivateKey) { + prv.p.zero(); + prv.q.zero(); + prv.dp.zero(); + prv.dq.zero(); + prv.c.zero(); +} + +/* RSA encryption with the public key */ +pub fn encrypt(pbc: &RsaPublicKey,f: &[u8],g: &mut [u8]) { + let m=pbc.n.getlen(); + let mut r=FF::new_int(m); + + FF::frombytes(&mut r,f); + r.power(pbc.e,&pbc.n); + r.tobytes(g); +} + +/* RSA decryption with the private key */ +pub fn decrypt(prv: &RsaPrivateKey,g: &[u8],f: &mut [u8]) { + let n=prv.p.getlen(); + let mut r=FF::new_int(2*n); + + FF::frombytes(&mut r,g); + let mut jp=r.dmod(&prv.p); + let mut jq=r.dmod(&prv.q); + + jp.skpow(&prv.dp,&prv.p); + jq.skpow(&prv.dq,&prv.q); + + r.zero(); + r.dscopy(&jp); + jp.rmod(&prv.q); + if FF::comp(&jp,&jq)>0 {jq.add(&prv.q)} + jq.sub(&jp); + jq.norm(); + + let mut t=FF::mul(&prv.c,&jq); + jq=t.dmod(&prv.q); + + t=FF::mul(&jq,&prv.p); + r.add(&t); + r.norm(); + + r.tobytes(f); +} + http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/c25f9e5c/version22/rust/tests/benchtest_ec.rs ---------------------------------------------------------------------- diff --git a/version22/rust/tests/benchtest_ec.rs b/version22/rust/tests/benchtest_ec.rs new file mode 100644 index 0000000..eee1ced --- /dev/null +++ b/version22/rust/tests/benchtest_ec.rs @@ -0,0 +1,185 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +extern crate amcl; + +use amcl::ecdh; +use amcl::ecp; +use amcl::ecp2; +use amcl::fp; +use amcl::fp2; +use amcl::fp4; +use amcl::fp12; +use amcl::big; +use amcl::dbig; +use amcl::rand; +use amcl::hash256; +use amcl::hash384; +use amcl::hash512; +use amcl::aes; +use amcl::rom; +use amcl::ff; +use amcl::rsa; + +use rand::RAND; +use ecp::ECP; +use big::BIG; + +use std::time::Instant; + +const MIN_ITERS:isize=10; +const MIN_TIME: isize=10; + +#[allow(non_snake_case)] +#[test] +fn benchtest_ec() +{ + let mut raw:[u8;100]=[0;100]; + let mut fail=false; + let mut pbc=rsa::new_public_key(rom::FFLEN); + let mut prv=rsa::new_private_key(rom::HFLEN); + let mut c: [u8;rsa::RFS]=[0;rsa::RFS]; + let mut m: [u8;rsa::RFS]=[0;rsa::RFS]; + let mut p: [u8;rsa::RFS]=[0;rsa::RFS]; + + let mut rng=RAND::new(); + rng.clean(); + for i in 0..100 {raw[i]=i as u8} + + rng.seed(100,&raw); + + if rom::CURVETYPE==rom::WEIERSTRASS { + println!("Weierstrass parameterization"); + } + if rom::CURVETYPE==rom::EDWARDS { + println!("Edwards parameterization"); + } + if rom::CURVETYPE==rom::MONTGOMERY { + println!("Montgomery parameterization"); + } + + if rom::MODTYPE==rom::PSEUDO_MERSENNE { + println!("Pseudo-Mersenne Modulus"); + } + if rom::MODTYPE==rom::MONTGOMERY_FRIENDLY { + println!("Montgomery friendly Modulus"); + } + if rom::MODTYPE==rom::GENERALISED_MERSENNE { + println!("Generalised-Mersenne Modulus"); + } + if rom::MODTYPE==rom::NOT_SPECIAL { + println!("Not special Modulus"); + } + + println!("Modulus size {:} bits",rom::MODBITS); + println!("{:} bit build",rom::CHUNK); + + let mut G:ECP; + + let gx=BIG::new_ints(&rom::CURVE_GX); + + if rom::CURVETYPE!=rom::MONTGOMERY { + let gy=BIG::new_ints(&rom::CURVE_GY); + G=ECP::new_bigs(&gx,&gy); + } else { + G=ECP::new_big(&gx); + } + + let mut r=BIG::new_ints(&rom::CURVE_ORDER); + let mut s=BIG::randomnum(&r,&mut rng); + + let mut P=G.mul(&mut r); + if !P.is_infinity() { + println!("FAILURE - rG!=O"); + fail=true; + } + + let start = Instant::now(); + let mut iterations=0; + let mut dur=0 as u64; + while dur<(MIN_TIME as u64)*1000 || iterations<MIN_ITERS { + P=G.mul(&mut s); + iterations+=1; + let elapsed=start.elapsed(); + dur=(elapsed.as_secs() * 1_000) + (elapsed.subsec_nanos() / 1_000_000) as u64; + } + let duration=(dur as f64)/(iterations as f64); + print!("EC mul - {:} iterations ",iterations); + println!(" {:0.2} ms per iteration",duration); + + println!("Generating {:}-bit RSA public/private key pair",rom::FFLEN*rom::BIGBITS); + + + let start = Instant::now(); + let mut iterations=0; + let mut dur=0 as u64; + while dur<(MIN_TIME as u64)*1000 || iterations<MIN_ITERS { + rsa::key_pair(&mut rng,65537,&mut prv,&mut pbc); + iterations+=1; + let elapsed=start.elapsed(); + dur=(elapsed.as_secs() * 1_000) + (elapsed.subsec_nanos() / 1_000_000) as u64; + } + let duration=(dur as f64)/(iterations as f64); + print!("RSA gen - {:} iterations ",iterations); + println!(" {:0.2} ms per iteration",duration); + + for i in 0..rsa::RFS {m[i]=(i%128) as u8;} + + let start = Instant::now(); + let mut iterations=0; + let mut dur=0 as u64; + while dur<(MIN_TIME as u64)*1000 || iterations<MIN_ITERS { + rsa::encrypt(&pbc,&m,&mut c); + iterations+=1; + let elapsed=start.elapsed(); + dur=(elapsed.as_secs() * 1_000) + (elapsed.subsec_nanos() / 1_000_000) as u64; + } + let duration=(dur as f64)/(iterations as f64); + print!("RSA enc - {:} iterations ",iterations); + println!(" {:0.2} ms per iteration",duration); + + let start = Instant::now(); + let mut iterations=0; + let mut dur=0 as u64; + while dur<(MIN_TIME as u64)*1000 || iterations<MIN_ITERS { + rsa::decrypt(&prv,&c,&mut p); + iterations+=1; + let elapsed=start.elapsed(); + dur=(elapsed.as_secs() * 1_000) + (elapsed.subsec_nanos() / 1_000_000) as u64; + } + let duration=(dur as f64)/(iterations as f64); + print!("RSA dec - {:} iterations ",iterations); + println!(" {:0.2} ms per iteration",duration); + + let mut cmp=true; + for i in 0..rsa::RFS { + if p[i]!=m[i] {cmp=false;} + } + + if !cmp { + println!("FAILURE - RSA decryption"); + fail=true; + } + + if !fail { + println!("All tests pass"); + } + + assert!(!fail) +} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/c25f9e5c/version22/rust/tests/benchtest_pair.rs ---------------------------------------------------------------------- diff --git a/version22/rust/tests/benchtest_pair.rs b/version22/rust/tests/benchtest_pair.rs new file mode 100644 index 0000000..67a9035 --- /dev/null +++ b/version22/rust/tests/benchtest_pair.rs @@ -0,0 +1,245 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +extern crate amcl; + +use amcl::mpin; +use amcl::ecp; +use amcl::ecp2; +use amcl::fp; +use amcl::fp2; +use amcl::fp4; +use amcl::fp12; +use amcl::pair; +use amcl::big; +use amcl::dbig; +use amcl::rand; +use amcl::hash256; +use amcl::hash384; +use amcl::hash512; +use amcl::aes; +use amcl::rom; + +use rand::RAND; +use ecp::ECP; +use big::BIG; +use ecp2::ECP2; +use fp2::FP2; + +use std::time::Instant; + +const MIN_ITERS:isize=10; +const MIN_TIME: isize=10; + +#[allow(non_snake_case)] +#[test] +fn benchtest_pair() +{ + let mut raw:[u8;100]=[0;100]; + let mut fail=false; + + let mut rng=RAND::new(); + rng.clean(); + for i in 0..100 {raw[i]=i as u8} + + rng.seed(100,&raw); + + if rom::CURVE_PAIRING_TYPE==rom::BN_CURVE { + println!("BN Pairing-Friendly Curve"); + } + if rom::CURVE_PAIRING_TYPE==rom::BLS_CURVE { + println!("BLS Pairing-Friendly Curve"); + } + + println!("Modulus size {:} bits",rom::MODBITS); + println!("{:} bit build",rom::CHUNK); + + let mut G:ECP; + + let gx=BIG::new_ints(&rom::CURVE_GX); + + let gy=BIG::new_ints(&rom::CURVE_GY); + G=ECP::new_bigs(&gx,&gy); + + let mut r=BIG::new_ints(&rom::CURVE_ORDER); + let mut s=BIG::randomnum(&r,&mut rng); + + let mut P=pair::g1mul(&mut G,&mut r); + + if !P.is_infinity() { + println!("FAILURE - rP!=O"); + fail=true; + } + + let start = Instant::now(); + let mut iterations=0; + let mut dur=0 as u64; + while dur<(MIN_TIME as u64)*1000 || iterations<MIN_ITERS { + P=pair::g1mul(&mut G,&mut s); + iterations+=1; + let elapsed=start.elapsed(); + dur=(elapsed.as_secs() * 1_000) + (elapsed.subsec_nanos() / 1_000_000) as u64; + } + let duration=(dur as f64)/(iterations as f64); + print!("G1 mul - {:} iterations ",iterations); + println!(" {:0.2} ms per iteration",duration); + + let mut Q=ECP2::new_fp2s(&FP2::new_bigs(&BIG::new_ints(&rom::CURVE_PXA),&BIG::new_ints(&rom::CURVE_PXB)),&FP2::new_bigs(&BIG::new_ints(&rom::CURVE_PYA),&BIG::new_ints(&rom::CURVE_PYB))); + + let mut W=pair::g2mul(&mut Q,&mut r); + + if !W.is_infinity() { + println!("FAILURE - rQ!=O"); + fail=true; + } + + let start = Instant::now(); + let mut iterations=0; + let mut dur=0 as u64; + while dur<(MIN_TIME as u64)*1000 || iterations<MIN_ITERS { + W=pair::g2mul(&mut Q,&mut s); + iterations+=1; + let elapsed=start.elapsed(); + dur=(elapsed.as_secs() * 1_000) + (elapsed.subsec_nanos() / 1_000_000) as u64; + } + let duration=(dur as f64)/(iterations as f64); + print!("G2 mul - {:} iterations ",iterations); + println!(" {:0.2} ms per iteration",duration); + + let mut w=pair::ate(&mut Q,&mut P); + w=pair::fexp(&w); + + let mut g=pair::gtpow(&mut w,&mut r); + + if !g.isunity() { + println!("FAILURE - g^r!=1"); + return; + } + + let start = Instant::now(); + let mut iterations=0; + let mut dur=0 as u64; + while dur<(MIN_TIME as u64)*1000 || iterations<MIN_ITERS { + g=pair::gtpow(&mut w,&mut s); + iterations+=1; + let elapsed=start.elapsed(); + dur=(elapsed.as_secs() * 1_000) + (elapsed.subsec_nanos() / 1_000_000) as u64; + } + let duration=(dur as f64)/(iterations as f64); + print!("GT pow - {:} iterations ",iterations); + println!(" {:0.2} ms per iteration",duration); + + + let mut f = FP2::new_bigs(&BIG::new_ints(&rom::CURVE_FRA),&BIG::new_ints(&rom::CURVE_FRB)); + let q=BIG::new_ints(&rom::MODULUS); + + let mut m=BIG::new_copy(&q); + m.rmod(&mut r); + + let mut a=BIG::new_copy(&s); + a.rmod(&mut m); + + let mut b=BIG::new_copy(&s); + b.div(&mut m); + + g.copy(&w); + let mut c=g.trace(); + + g.frob(&mut f); + let cp=g.trace(); + + w.conj(); + g.mul(&mut w); + let cpm1=g.trace(); + g.mul(&mut w); + let cpm2=g.trace(); + + let start = Instant::now(); + let mut iterations=0; + let mut dur=0 as u64; + while dur<(MIN_TIME as u64)*1000 || iterations<MIN_ITERS { + c=c.xtr_pow2(&cp,&cpm1,&cpm2,&mut a,&mut b); + iterations+=1; + let elapsed=start.elapsed(); + dur=(elapsed.as_secs() * 1_000) + (elapsed.subsec_nanos() / 1_000_000) as u64; + } + let duration=(dur as f64)/(iterations as f64); + print!("GT pow (compressed) - {:} iterations ",iterations); + println!(" {:0.2} ms per iteration",duration); + + let start = Instant::now(); + let mut iterations=0; + let mut dur=0 as u64; + while dur<(MIN_TIME as u64)*1000 || iterations<MIN_ITERS { + w=pair::ate(&mut Q,&mut P); + iterations+=1; + let elapsed=start.elapsed(); + dur=(elapsed.as_secs() * 1_000) + (elapsed.subsec_nanos() / 1_000_000) as u64; + } + let duration=(dur as f64)/(iterations as f64); + print!("PAIRing ATE - {:} iterations ",iterations); + println!(" {:0.2} ms per iteration",duration); + + + let start = Instant::now(); + let mut iterations=0; + let mut dur=0 as u64; + while dur<(MIN_TIME as u64)*1000 || iterations<MIN_ITERS { + g=pair::fexp(&w); + iterations+=1; + let elapsed=start.elapsed(); + dur=(elapsed.as_secs() * 1_000) + (elapsed.subsec_nanos() / 1_000_000) as u64; + } + let duration=(dur as f64)/(iterations as f64); + print!("PAIRing FEXP - {:} iterations ",iterations); + println!(" {:0.2} ms per iteration",duration); + + P.copy(&G); + Q.copy(&W); + + P=pair::g1mul(&mut P,&mut s); + g=pair::ate(&mut Q,&mut P); + g=pair::fexp(&g); + + P.copy(&G); + Q=pair::g2mul(&mut Q,&mut s); + w=pair::ate(&mut Q,&mut P); + w=pair::fexp(&w); + + if !g.equals(&mut w) { + println!("FAILURE - e(sQ,p)!=e(Q,sP) "); + fail=true; + } + + Q.copy(&W); + g=pair::ate(&mut Q,&mut P); + g=pair::fexp(&g); + g=pair::gtpow(&mut g,&mut s); + + if !g.equals(&mut w) { + println!("FAILURE - e(sQ,p)!=e(Q,P)^s "); + fail=true; + } + + if !fail { + println!("All tests pass"); + } + + assert!(!fail) +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/c25f9e5c/version22/rust/tests/test_ecdh.rs ---------------------------------------------------------------------- diff --git a/version22/rust/tests/test_ecdh.rs b/version22/rust/tests/test_ecdh.rs new file mode 100644 index 0000000..4623d17 --- /dev/null +++ b/version22/rust/tests/test_ecdh.rs @@ -0,0 +1,180 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +extern crate amcl; + +use amcl::ecdh; +use amcl::ecp; +use amcl::ecp2; +use amcl::fp; +use amcl::fp2; +use amcl::fp4; +use amcl::fp12; +use amcl::big; +use amcl::dbig; +use amcl::rand; +use amcl::hash256; +use amcl::hash384; +use amcl::hash512; +use amcl::aes; +use amcl::rom; +use rand::RAND; + +pub fn printbinary(array: &[u8]) { + for i in 0..array.len() { + print!("{:02X}", array[i]) + } + println!("") +} + +#[test] +fn test_ecdh() +{ + let pw="M0ng00se"; + let pp:&[u8] = b"M0ng00se"; + let sha=ecdh::HASH_TYPE; + let mut salt:[u8;8]=[0;8]; + let mut raw:[u8;100]=[0;100]; + let mut s1:[u8;ecdh::EGS]=[0;ecdh::EGS]; + let mut w0:[u8;2*ecdh::EFS+1]=[0;2*ecdh::EFS+1]; + let mut w1:[u8;2*ecdh::EFS+1]=[0;2*ecdh::EFS+1]; + let mut z0:[u8;ecdh::EFS]=[0;ecdh::EFS]; + let mut z1:[u8;ecdh::EFS]=[0;ecdh::EFS]; + let mut key:[u8;ecdh::EAS]=[0;ecdh::EAS]; + let mut cs: [u8;ecdh::EGS]=[0;ecdh::EGS]; + let mut ds: [u8;ecdh::EGS]=[0;ecdh::EGS]; + let mut m: Vec<u8> = vec![0;32]; // array that could be of any length. So use heap. + let mut p1: [u8;3]=[0;3]; + let mut p2: [u8;4]=[0;4]; + let mut v: [u8;2*ecdh::EFS+1]=[0;2*ecdh::EFS+1]; + let mut t: [u8;12]=[0;12]; + + let mut rng=RAND::new(); + rng.clean(); + for i in 0..100 {raw[i]=i as u8} + + rng.seed(100,&raw); + + for i in 0..8 {salt[i]=(i+1) as u8} // set Salt + + println!("Alice's Passphrase= {}",pw); + + let mut s0:[u8;ecdh::EFS]=[0;ecdh::EGS]; + ecdh::pbkdf2(sha,pp,&salt,1000,ecdh::EGS,&mut s0); + + print!("Alice's private key= 0x"); + printbinary(&s0); + +/* Generate Key pair S/W */ + ecdh::key_pair_generate(None,&mut s0,&mut w0); + + print!("Alice's public key= 0x"); + printbinary(&w0); + + let mut res=ecdh::public_key_validate(true,&w0); + if res!=0 { + println!("ECP Public Key is invalid!"); + return; + } + +/* Random private key for other party */ + ecdh::key_pair_generate(Some(&mut rng),&mut s1,&mut w1); + + print!("Servers private key= 0x"); + printbinary(&s1); + + print!("Servers public key= 0x"); + printbinary(&w1); + + + res=ecdh::public_key_validate(true,&w1); + if res!=0 { + println!("ECP Public Key is invalid!"); + return; + } +/* Calculate common key using DH - IEEE 1363 method */ + + ecdh::ecpsvdp_dh(&s0,&w1,&mut z0); + ecdh::ecpsvdp_dh(&s1,&w0,&mut z1); + + let mut same=true; + for i in 0..ecdh::EFS { + if z0[i]!=z1[i] {same=false} + } + + if !same { + println!("*** ECPSVDP-DH Failed"); + return; + } + + ecdh::kdf2(sha,&z0,None,ecdh::EAS,&mut key); + + print!("Alice's DH Key= 0x"); printbinary(&key); + print!("Servers DH Key= 0x"); printbinary(&key); + + if rom::CURVETYPE!=rom::MONTGOMERY { + + for i in 0..17 {m[i]=i as u8} + + println!("Testing ECIES"); + + p1[0]=0x0; p1[1]=0x1; p1[2]=0x2; + p2[0]=0x0; p2[1]=0x1; p2[2]=0x2; p2[3]=0x3; + + let cc=ecdh::ecies_encrypt(sha,&p1,&p2,&mut rng,&w1,&m[0..17],&mut v,&mut t); + + if let Some(mut c)=cc { + println!("Ciphertext= "); + print!("V= 0x"); printbinary(&v); + print!("C= 0x"); printbinary(&c); + print!("T= 0x"); printbinary(&t); + + + let mm=ecdh::ecies_decrypt(sha,&p1,&p2,&v,&mut c,&t,&s1); + if let Some(rm)=mm { + println!("Decryption succeeded"); + println!("Message is 0x"); printbinary(&rm); + } + else { + println!("*** ECIES Decryption Failed"); + return; + } + } + else { + println!("*** ECIES Encryption Failed"); + return; + } + + println!("Testing ECDSA"); + + if ecdh::ecpsp_dsa(sha,&mut rng,&s0,&m[0..17],&mut cs,&mut ds)!=0 { + println!("***ECDSA Signature Failed"); + return; + } + println!("Signature= "); + print!("C= 0x"); printbinary(&cs); + print!("D= 0x"); printbinary(&ds); + + if ecdh::ecpvp_dsa(sha,&w0,&m[0..17],&cs,&ds)!=0 { + println!("***ECDSA Verification Failed"); + return; + } else {println!("ECDSA Signature/Verification succeeded ")} + } + +} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/c25f9e5c/version22/rust/tests/test_mpin.rs ---------------------------------------------------------------------- diff --git a/version22/rust/tests/test_mpin.rs b/version22/rust/tests/test_mpin.rs new file mode 100644 index 0000000..8900254 --- /dev/null +++ b/version22/rust/tests/test_mpin.rs @@ -0,0 +1,217 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +use std::io; + +extern crate amcl; + +use amcl::mpin; +use amcl::ecp; +use amcl::ecp2; +use amcl::fp; +use amcl::fp2; +use amcl::fp4; +use amcl::fp12; +use amcl::pair; +use amcl::big; +use amcl::dbig; +use amcl::rand; +use amcl::hash256; +use amcl::hash384; +use amcl::hash512; +use amcl::aes; +use amcl::rom; + +use rand::RAND; + +pub fn printbinary(array: &[u8]) { + for i in 0..array.len() { + print!("{:02X}", array[i]) + } + println!("") +} + +#[test] +fn test_mpin() +{ + let mut raw:[u8;100]=[0;100]; + let mut s:[u8;mpin::EGS]=[0;mpin::EGS]; + const RM:usize=rom::MODBYTES as usize; + let mut hcid:[u8;RM]=[0;RM]; + let mut hsid:[u8;RM]=[0;RM]; + + const G1S:usize=2*mpin::EFS+1; /* Group 1 Size */ + const G2S:usize=4*mpin::EFS; /* Group 2 Size */ + const EAS:usize=16; + + let mut sst:[u8;G2S]=[0;G2S]; + let mut token: [u8;G1S]=[0;G1S]; + let mut permit:[u8;G1S]=[0;G1S]; + let mut g1: [u8;12*mpin::EFS]=[0;12*mpin::EFS]; + let mut g2: [u8;12*mpin::EFS]=[0;12*mpin::EFS]; + let mut xid: [u8;G1S]=[0;G1S]; + let mut xcid: [u8;G1S]=[0;G1S]; + let mut x: [u8;mpin::EGS]=[0;mpin::EGS]; + let mut y: [u8;mpin::EGS]=[0;mpin::EGS]; + let mut sec: [u8;G1S]=[0;G1S]; + let mut r: [u8;mpin::EGS]=[0;mpin::EGS]; + let mut z: [u8;G1S]=[0;G1S]; + let mut hid: [u8;G1S]=[0;G1S]; + let mut htid: [u8;G1S]=[0;G1S]; + let mut rhid: [u8;G1S]=[0;G1S]; + let mut w: [u8;mpin::EGS]=[0;mpin::EGS]; + let mut t: [u8;G1S]=[0;G1S]; + let mut e: [u8;12*mpin::EFS]=[0;12*mpin::EFS]; + let mut f: [u8;12*mpin::EFS]=[0;12*mpin::EFS]; + let mut h: [u8;RM]=[0;RM]; + let mut ck: [u8;EAS]=[0;EAS]; + let mut sk: [u8;EAS]=[0;EAS]; + + + let sha=mpin::HASH_TYPE; + let mut rng=RAND::new(); + rng.clean(); + for i in 0..100 {raw[i]=(i+1) as u8} + + rng.seed(100,&raw); + +/* Trusted Authority set-up */ + + mpin::random_generate(&mut rng,&mut s); + print!("Master Secret s: 0x"); printbinary(&s); + +/* Create Client Identity */ + let name= "[email protected]"; + let client_id=name.as_bytes(); + + print!("Client ID= "); printbinary(&client_id); + + + mpin::hash_id(sha,&client_id,&mut hcid); /* Either Client or TA calculates Hash(ID) - you decide! */ + +/* Client and Server are issued secrets by DTA */ + mpin::get_server_secret(&s,&mut sst); + print!("Server Secret SS: 0x"); printbinary(&sst); + + mpin::get_client_secret(&mut s,&hcid,&mut token); + print!("Client Secret CS: 0x"); printbinary(&token); + +/* Client extracts PIN from secret to create Token */ + let pin:i32=1234; + println!("Client extracts PIN= {}",pin); + let mut rtn=mpin::extract_pin(sha,&client_id,pin,&mut token); + if rtn != 0 { + println!("FAILURE: EXTRACT_PIN rtn: {}",rtn); + } + + print!("Client Token TK: 0x"); printbinary(&token); + + if mpin::FULL { + mpin::precompute(&token,&hcid,&mut g1,&mut g2); + } + + let mut date=0; + if mpin::PERMITS { + date=mpin::today(); +/* Client gets "Time Token" permit from DTA */ + mpin::get_client_permit(sha,date,&s,&hcid,&mut permit); + print!("Time Permit TP: 0x"); printbinary(&permit); + +/* This encoding makes Time permit look random - Elligator squared */ + mpin::encoding(&mut rng,&mut permit); + print!("Encoded Time Permit TP: 0x"); printbinary(&permit); + mpin::decoding(&mut permit); + print!("Decoded Time Permit TP: 0x"); printbinary(&permit); + } + + print!("\nPIN= "); let _ =io::Write::flush(&mut io::stdout()); + let mut input_text = String::new(); + let _ = io::stdin().read_line(&mut input_text); + + let pin=input_text.trim().parse::<usize>().unwrap(); + + println!("MPIN Multi Pass"); +/* Send U=x.ID to server, and recreate secret from token and pin */ + rtn=mpin::client_1(sha,date,&client_id,Some(&mut rng),&mut x,pin,&token,&mut sec,Some(&mut xid[..]),Some(&mut xcid[..]),Some(&permit[..])); + if rtn != 0 { + println!("FAILURE: CLIENT_1 rtn: {}",rtn); + } + + if mpin::FULL { + mpin::hash_id(sha,&client_id,&mut hcid); + mpin::get_g1_multiple(Some(&mut rng),1,&mut r,&hcid,&mut z); /* Also Send Z=r.ID to Server, remember random r */ + } + +/* Server calculates H(ID) and H(T|H(ID)) (if time mpin::PERMITS enabled), and maps them to points on the curve HID and HTID resp. */ + + mpin::server_1(sha,date,&client_id,&mut hid,Some(&mut htid[..])); + + + if date!=0 {rhid.clone_from_slice(&htid[..]);} + else {rhid.clone_from_slice(&hid[..]);} + +/* Server generates Random number Y and sends it to Client */ + mpin::random_generate(&mut rng,&mut y); + + if mpin::FULL { + mpin::hash_id(sha,&client_id,&mut hsid); + mpin::get_g1_multiple(Some(&mut rng),0,&mut w,&rhid,&mut t); /* Also send T=w.ID to client, remember random w */ + } + +/* Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC */ + rtn=mpin::client_2(&x,&y,&mut sec); + if rtn != 0 { + println!("FAILURE: CLIENT_2 rtn: {}",rtn); + } + +/* Server Second pass. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error. */ +/* If PIN error not required, set E and F = null */ + + if !mpin::PINERROR { + rtn=mpin::server_2(date,&hid,Some(&htid[..]),&y,&sst,Some(&xid[..]),Some(&xcid[..]),&sec,None,None); + } else { + rtn=mpin::server_2(date,&hid,Some(&htid[..]),&y,&sst,Some(&xid[..]),Some(&xcid[..]),&sec,Some(&mut e),Some(&mut f)); + } + + if rtn == mpin::BAD_PIN { + println!("Server says - Bad Pin. I don't know you. Feck off."); + if mpin::PINERROR { + let err=mpin::kangaroo(&e,&f); + if err!=0 {println!("(Client PIN is out by {})",err)} + } + return; + } else { + println!("Server says - PIN is good! You really are {}",name); + } + + if mpin::FULL { + + let mut pxcid=None; + if mpin::PERMITS {pxcid=Some(&xcid[..])}; + + mpin::hash_all(sha,&hcid,&xid,pxcid,&sec,&y,&z,&t,&mut h); + mpin::client_key(sha,&g1,&g2,pin,&r,&x,&h,&t,&mut ck); + print!("Client Key = 0x"); printbinary(&ck); + + mpin::hash_all(sha,&hsid,&xid,pxcid,&sec,&y,&z,&t,&mut h); + mpin::server_key(sha,&z,&sst,&w,&h,&hid,&xid,pxcid,&mut sk); + print!("Server Key = 0x"); printbinary(&sk); + } + +} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/c25f9e5c/version22/rust/tests/test_rsa.rs ---------------------------------------------------------------------- diff --git a/version22/rust/tests/test_rsa.rs b/version22/rust/tests/test_rsa.rs new file mode 100644 index 0000000..dd63b67 --- /dev/null +++ b/version22/rust/tests/test_rsa.rs @@ -0,0 +1,109 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +extern crate amcl; + +use amcl::ff; +use amcl::big; +use amcl::dbig; +use amcl::rom; +use amcl::rand; +use amcl::hash256; +use amcl::hash384; +use amcl::hash512; +use amcl::rsa; + +use rand::RAND; + +pub fn printbinary(array: &[u8]) { + for i in 0..array.len() { + print!("{:02X}", array[i]); + } + println!(""); +} + +use std::str; +//use std::process; + +#[test] +fn test_rsa() +{ + let sha=rsa::HASH_TYPE; + let message:&[u8] = b"Hello World\n"; + + let mut pbc=rsa::new_public_key(rom::FFLEN); + let mut prv=rsa::new_private_key(rom::HFLEN); + + let mut ml:[u8;rsa::RFS]=[0;rsa::RFS]; + let mut ms:[u8;rsa::RFS]=[0;rsa::RFS]; + let mut c: [u8;rsa::RFS]=[0;rsa::RFS]; + let mut s: [u8;rsa::RFS]=[0;rsa::RFS]; + let mut e: [u8;rsa::RFS]=[0;rsa::RFS]; + + let mut raw:[u8;100]=[0;100]; + + let mut rng=RAND::new(); + + rng.clean(); + for i in 0..100 {raw[i]=i as u8} + + rng.seed(100,&raw); + + println!("Generating public/private key pair"); + rsa::key_pair(&mut rng,65537,&mut prv,&mut pbc); + + println!("Encrypting test string\n"); + rsa::oaep_encode(sha,&message,&mut rng,None,&mut e); /* OAEP encode message M to E */ + + rsa::encrypt(&pbc,&e,&mut c); /* encrypt encoded message */ + print!("Ciphertext= 0x"); printbinary(&c); + + println!("Decrypting test string"); + rsa::decrypt(&prv,&c,&mut ml); + let mlen=rsa::oaep_decode(sha,None,&mut ml); /* OAEP decode message */ + + let mess=str::from_utf8(&ml[0..mlen]).unwrap(); + print!("{}",&mess); + + println!("Signing message"); + rsa::pkcs15(sha,message,&mut c); + + rsa::decrypt(&prv,&c,&mut s); /* create signature in S */ + + print!("Signature= 0x"); printbinary(&s); + + rsa::encrypt(&pbc,&s,&mut ms); + + let mut cmp=true; + if c.len()!=ms.len() { + cmp=false; + } else { + for j in 0..c.len() { + if c[j]!=ms[j] {cmp=false} + } + } + if cmp { + println!("Signature is valid"); + } else { + println!("Signature is INVALID"); + } + + rsa::private_key_kill(&mut prv); +} + http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/c25f9e5c/version22/swift/BenchtestEC.swift ---------------------------------------------------------------------- diff --git a/version22/swift/BenchtestEC.swift b/version22/swift/BenchtestEC.swift new file mode 100644 index 0000000..126873c --- /dev/null +++ b/version22/swift/BenchtestEC.swift @@ -0,0 +1,161 @@ +/* + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + */ + +// +// TestECDH.swift +// +// Created by Michael Scott on 02/07/2015. +// Copyright (c) 2015 Michael Scott. All rights reserved. +// + +import Foundation +//import amcl // comment out for Xcode + +public func BenchtestEC() +{ + let pub=rsa_public_key(Int(ROM.FFLEN)) + let priv=rsa_private_key(Int(ROM.HFLEN)) + var C=[UInt8](repeating: 0,count: RSA.RFS) + var P=[UInt8](repeating: 0,count: RSA.RFS) + var M=[UInt8](repeating: 0,count: RSA.RFS) + let MIN_TIME=10.0 + let MIN_ITERS=10 + + var fail=false; + var RAW=[UInt8](repeating: 0,count: 100) + + let rng=RAND() + rng.clean(); + for i in 0 ..< 100 {RAW[i]=UInt8(i&0xff)} + + rng.seed(100,RAW) + + if ROM.CURVETYPE==ROM.WEIERSTRASS { + print("Weierstrass parameterisation") + } + if ROM.CURVETYPE==ROM.EDWARDS { + print("Edwards parameterisation") + } + if ROM.CURVETYPE==ROM.MONTGOMERY { + print("Montgomery representation") + } + if ROM.MODTYPE==ROM.PSEUDO_MERSENNE { + print("Pseudo-Mersenne Modulus") + } + if ROM.MODTYPE==ROM.MONTGOMERY_FRIENDLY { + print("Montgomery Friendly Modulus") + } + if ROM.MODTYPE==ROM.GENERALISED_MERSENNE { + print("Generalised-Mersenne Modulus") + } + if ROM.MODTYPE==ROM.NOT_SPECIAL { + print("Not special Modulus") + } + print("Modulus size \(ROM.MODBITS) bits") + print("\(ROM.CHUNK) bit build") + + let gx=BIG(ROM.CURVE_Gx); + var s:BIG + var G:ECP + if ROM.CURVETYPE != ROM.MONTGOMERY + { + let gy=BIG(ROM.CURVE_Gy) + G=ECP(gx,gy) + } + else + {G=ECP(gx)} + + let r=BIG(ROM.CURVE_Order) + s=BIG.randomnum(r,rng) + + var W=G.mul(r) + if !W.is_infinity() { + print("FAILURE - rG!=O") + fail=true; + } + + var start=Date() + var iterations=0 + var elapsed=0.0 + while elapsed<MIN_TIME || iterations<MIN_ITERS { + W=G.mul(s) + iterations+=1 + elapsed = -start.timeIntervalSinceNow + } + elapsed=1000.0*elapsed/Double(iterations) + print(String(format: "EC mul - %d iterations",iterations),terminator: ""); + print(String(format: " %.2f ms per iteration",elapsed)) + + print("Generating \(ROM.FFLEN*ROM.BIGBITS) RSA public/private key pair") + + start=Date() + iterations=0 + elapsed=0.0 + while elapsed<MIN_TIME || iterations<MIN_ITERS { + RSA.KEY_PAIR(rng,65537,priv,pub) + iterations+=1 + elapsed = -start.timeIntervalSinceNow + } + elapsed=1000.0*elapsed/Double(iterations) + print(String(format: "RSA gen - %d iterations",iterations),terminator: ""); + print(String(format: " %.2f ms per iteration",elapsed)) + + for i in 0..<RSA.RFS {M[i]=UInt8(i%128)} + + start=Date() + iterations=0 + elapsed=0.0 + while elapsed<MIN_TIME || iterations<MIN_ITERS { + RSA.ENCRYPT(pub,M,&C) + iterations+=1 + elapsed = -start.timeIntervalSinceNow + } + elapsed=1000.0*elapsed/Double(iterations) + print(String(format: "RSA enc - %d iterations",iterations),terminator: ""); + print(String(format: " %.2f ms per iteration",elapsed)) + + start=Date() + iterations=0 + elapsed=0.0 + while elapsed<MIN_TIME || iterations<MIN_ITERS { + RSA.DECRYPT(priv,C,&P) + iterations+=1 + elapsed = -start.timeIntervalSinceNow + } + elapsed=1000.0*elapsed/Double(iterations) + print(String(format: "RSA dec - %d iterations",iterations),terminator: ""); + print(String(format: " %.2f ms per iteration",elapsed)) + + var cmp=true + for i in 0..<RSA.RFS { + if P[i] != M[i] {cmp=false} + } + + if !cmp { + print("FAILURE - RSA decryption") + fail=true; + } + + if !fail { + print("All tests pass") + } +} + +//BenchtestEC() + http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/c25f9e5c/version22/swift/BenchtestPAIR.swift ---------------------------------------------------------------------- diff --git a/version22/swift/BenchtestPAIR.swift b/version22/swift/BenchtestPAIR.swift new file mode 100644 index 0000000..6b60f21 --- /dev/null +++ b/version22/swift/BenchtestPAIR.swift @@ -0,0 +1,206 @@ +/* + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + */ + +// +// TestMPIN.swift +// +// Created by Michael Scott on 08/07/2015. +// Copyright (c) 2015 Michael Scott. All rights reserved. +// + +import Foundation +//import amcl // comment out for Xcode + +public func BenchtestPAIR() +{ + let MIN_TIME=10.0 + let MIN_ITERS=10 + + let rng=RAND() + var fail=false; + + var RAW=[UInt8](repeating: 0,count: 100) + + for i in 0 ..< 100 {RAW[i]=UInt8((i+1)&0xff)} + rng.seed(100,RAW) + + if ROM.CURVE_PAIRING_TYPE==ROM.BN_CURVE { + print("BN Pairing-Friendly Curve") + } + if ROM.CURVE_PAIRING_TYPE==ROM.BLS_CURVE { + print("BLS Pairing-Friendly Curve") + } + print("Modulus size \(ROM.MODBITS) bits") + print("\(ROM.CHUNK) bit build") + + let gx=BIG(ROM.CURVE_Gx); + + let gy=BIG(ROM.CURVE_Gy) + let G=ECP(gx,gy) + + let r=BIG(ROM.CURVE_Order) + let s=BIG.randomnum(r,rng) + + var P=PAIR.G1mul(G,r); + + if !P.is_infinity() { + print("FAILURE - rP!=O") + fail=true + } + + var start=Date() + var iterations=0 + var elapsed=0.0 + while elapsed<MIN_TIME || iterations<MIN_ITERS { + P=PAIR.G1mul(G,s) + iterations+=1 + elapsed = -start.timeIntervalSinceNow + } + elapsed=1000.0*elapsed/Double(iterations) + print(String(format: "G1 mul - %d iterations",iterations),terminator: ""); + print(String(format: " %.2f ms per iteration",elapsed)) + + var Q=ECP2(FP2(BIG(ROM.CURVE_Pxa),BIG(ROM.CURVE_Pxb)),FP2(BIG(ROM.CURVE_Pya),BIG(ROM.CURVE_Pyb))) + + var W=PAIR.G2mul(Q,r) + + if !W.is_infinity() { + print("FAILURE - rQ!=O") + fail=true + } + + start=Date() + iterations=0 + elapsed=0.0 + while elapsed<MIN_TIME || iterations<MIN_ITERS { + W=PAIR.G2mul(Q,s) + iterations+=1 + elapsed = -start.timeIntervalSinceNow + } + elapsed=1000.0*elapsed/Double(iterations) + print(String(format: "G2 mul - %d iterations",iterations),terminator: ""); + print(String(format: " %.2f ms per iteration",elapsed)) + + var w=PAIR.ate(Q,P) + w=PAIR.fexp(w) + + var g=PAIR.GTpow(w,r) + + if !g.isunity() { + print("FAILURE - g^r!=1") + fail=true + } + + start=Date() + iterations=0 + elapsed=0.0 + while elapsed<MIN_TIME || iterations<MIN_ITERS { + g=PAIR.GTpow(w,s) + iterations+=1 + elapsed = -start.timeIntervalSinceNow + } + elapsed=1000.0*elapsed/Double(iterations) + print(String(format: "GT pow - %d iterations",iterations),terminator: ""); + print(String(format: " %.2f ms per iteration",elapsed)) + + let f=FP2(BIG(ROM.CURVE_Fra),BIG(ROM.CURVE_Frb)) + let q=BIG(ROM.Modulus) + + var m=BIG(q) + m.mod(r) + + let a=BIG(s) + a.mod(m) + + let b=BIG(s) + b.div(m) + + g.copy(w) + var c=g.trace() + + g.frob(f) + let cp=g.trace() + + w.conj() + g.mul(w); + let cpm1=g.trace() + + g.mul(w) + let cpm2=g.trace() + + start=Date() + iterations=0 + elapsed=0.0 + while elapsed<MIN_TIME || iterations<MIN_ITERS { + c=c.xtr_pow2(cp,cpm1,cpm2,a,b) + iterations+=1 + elapsed = -start.timeIntervalSinceNow + } + elapsed=1000.0*elapsed/Double(iterations) + print(String(format: "GT pow (compressed) - %d iterations",iterations),terminator: ""); + print(String(format: " %.2f ms per iteration",elapsed)) + + start=Date() + iterations=0 + elapsed=0.0 + while elapsed<MIN_TIME || iterations<MIN_ITERS { + w=PAIR.ate(Q,P) + iterations+=1 + elapsed = -start.timeIntervalSinceNow + } + elapsed=1000.0*elapsed/Double(iterations) + print(String(format: "PAIRing ATE - %d iterations",iterations),terminator: ""); + print(String(format: " %.2f ms per iteration",elapsed)) + + start=Date() + iterations=0 + elapsed=0.0 + while elapsed<MIN_TIME || iterations<MIN_ITERS { + g=PAIR.fexp(w) + iterations+=1 + elapsed = -start.timeIntervalSinceNow + } + elapsed=1000.0*elapsed/Double(iterations) + print(String(format: "PAIRing FEXP - %d iterations",iterations),terminator: ""); + print(String(format: " %.2f ms per iteration",elapsed)) + + P.copy(G) + Q.copy(W) + + P=PAIR.G1mul(P,s) + g=PAIR.ate(Q,P) + g=PAIR.fexp(g) + + P.copy(G) + Q=PAIR.G2mul(Q,s) + w=PAIR.ate(Q,P) + w=PAIR.fexp(w) + + if !g.equals(w) { + print("FAILURE - e(sQ,P)!=e(Q,sP)") + fail=true + } + + if !fail { + print("All tests pass") + } +} + +//BenchtestPAIR() + http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/c25f9e5c/version22/swift/TestECDH.swift ---------------------------------------------------------------------- diff --git a/version22/swift/TestECDH.swift b/version22/swift/TestECDH.swift new file mode 100644 index 0000000..3302d75 --- /dev/null +++ b/version22/swift/TestECDH.swift @@ -0,0 +1,167 @@ +/* + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +*/ + +// +// TestECDH.swift +// +// Created by Michael Scott on 02/07/2015. +// Copyright (c) 2015 Michael Scott. All rights reserved. +// + +import Foundation +//import amcl // comment out for Xcode + +public func TestECDH() +{ + let pp=String("M0ng00se"); + + let EGS=ECDH.EGS + let EFS=ECDH.EFS + let EAS=16 + let sha=ECDH.HASH_TYPE + + var S1=[UInt8](repeating: 0,count: EGS) + var W0=[UInt8](repeating: 0,count: 2*EFS+1) + var W1=[UInt8](repeating: 0,count: 2*EFS+1) + var Z0=[UInt8](repeating: 0,count: EFS) + var Z1=[UInt8](repeating: 0,count: EFS) + var RAW=[UInt8](repeating: 0,count: 100) + var SALT=[UInt8](repeating: 0,count: 8) + var P1=[UInt8](repeating: 0,count: 3) + var P2=[UInt8](repeating: 0,count: 4) + var V=[UInt8](repeating: 0,count: 2*EFS+1) + var M=[UInt8](repeating: 0,count: 17) + var T=[UInt8](repeating: 0,count: 12) + var CS=[UInt8](repeating: 0,count: EGS) + var DS=[UInt8](repeating: 0,count: EGS) + + let rng=RAND() + + rng.clean(); + for i in 0 ..< 100 {RAW[i]=UInt8(i&0xff)} + + rng.seed(100,RAW) + + + for i in 0 ..< 8 {SALT[i]=UInt8(i+1)} // set Salt + + print("Alice's Passphrase= " + pp!) + let PW=[UInt8]( (!pp).utf8) + + /* private key S0 of size EGS bytes derived from Password and Salt */ + + var S0=ECDH.PBKDF2(sha,PW,SALT,1000,EGS) + print("Alice's private key= 0x",terminator: ""); ECDH.printBinary(S0) + + /* Generate Key pair S/W */ + ECDH.KEY_PAIR_GENERATE(nil,&S0,&W0); + + print("Alice's public key= 0x",terminator: ""); ECDH.printBinary(W0) + + var res=ECDH.PUBLIC_KEY_VALIDATE(true,W0); + + if res != 0 + { + print("ECP Public Key is invalid!"); + return; + } + + /* Random private key for other party */ + ECDH.KEY_PAIR_GENERATE(rng,&S1,&W1) + + print("Servers private key= 0x",terminator: ""); ECDH.printBinary(S1) + + print("Servers public key= 0x",terminator: ""); ECDH.printBinary(W1); + + res=ECDH.PUBLIC_KEY_VALIDATE(true,W1) + if res != 0 + { + print("ECP Public Key is invalid!") + return + } + + /* Calculate common key using DH - IEEE 1363 method */ + + ECDH.ECPSVDP_DH(S0,W1,&Z0) + ECDH.ECPSVDP_DH(S1,W0,&Z1) + + var same=true + for i in 0 ..< EFS + { + if Z0[i] != Z1[i] {same=false} + } + + if (!same) + { + print("*** ECPSVDP-DH Failed") + return + } + + let KEY=ECDH.KDF2(sha,Z0,nil,EAS) + + print("Alice's DH Key= 0x",terminator: ""); ECDH.printBinary(KEY) + print("Servers DH Key= 0x",terminator: ""); ECDH.printBinary(KEY) + + if ROM.CURVETYPE != ROM.MONTGOMERY + { + print("Testing ECIES") + + P1[0]=0x0; P1[1]=0x1; P1[2]=0x2 + P2[0]=0x0; P2[1]=0x1; P2[2]=0x2; P2[3]=0x3 + + for i in 0...16 {M[i]=UInt8(i&0xff)} + + let C=ECDH.ECIES_ENCRYPT(sha,P1,P2,rng,W1,M,&V,&T) + + print("Ciphertext= ") + print("V= 0x",terminator: ""); ECDH.printBinary(V) + print("C= 0x",terminator: ""); ECDH.printBinary(C) + print("T= 0x",terminator: ""); ECDH.printBinary(T) + + M=ECDH.ECIES_DECRYPT(sha,P1,P2,V,C,T,S1) + if M.count==0 + { + print("*** ECIES Decryption Failed\n") + return + } + else {print("Decryption succeeded")} + + print("Message is 0x"); ECDH.printBinary(M) + + print("Testing ECDSA") + + if ECDH.ECPSP_DSA(sha,rng,S0,M,&CS,&DS) != 0 + { + print("***ECDSA Signature Failed") + return + } + print("Signature= ") + print("C= 0x",terminator: ""); ECDH.printBinary(CS) + print("D= 0x",terminator: ""); ECDH.printBinary(DS) + + if ECDH.ECPVP_DSA(sha,W0,M,CS,DS) != 0 + { + print("***ECDSA Verification Failed") + return + } + else {print("ECDSA Signature/Verification succeeded ")} + } +} + +//TestECDH() // comment out for Xcode
