http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/c25f9e5c/version22/js/HASH512.js ---------------------------------------------------------------------- diff --git a/version22/js/HASH512.js b/version22/js/HASH512.js new file mode 100644 index 0000000..5a6f47a --- /dev/null +++ b/version22/js/HASH512.js @@ -0,0 +1,236 @@ +/* + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +*/ + +var HASH512 = function() { + this.length=[]; + this.h=[]; + this.w=[]; + this.init(); +}; + +HASH512.prototype={ + + transform: function() + { /* basic transformation step */ + var a,b,c,d,e,ee,zz,f,g,hh,t1,t2; + var j,r; + for (j=16;j<80;j++) + this.w[j]=HASH512.theta1(this.w[j-2]).add(this.w[j-7]).add(HASH512.theta0(this.w[j-15])).add(this.w[j-16]); + + a=this.h[0].copy(); b=this.h[1].copy(); c=this.h[2].copy(); d=this.h[3].copy(); + e=this.h[4].copy(); f=this.h[5].copy(); g=this.h[6].copy(); hh=this.h[7].copy(); + + for (j=0;j<80;j++) + { /* 80 times - mush it up */ + t1=hh.copy(); + t1.add(HASH512.Sig1(e)).add(HASH512.Ch(e,f,g)).add(HASH512.HK[j]).add(this.w[j]); + + t2=HASH512.Sig0(a); t2.add(HASH512.Maj(a,b,c)); + hh=g; g=f; f=e; + e=d.copy(); e.add(t1); + + d=c; + c=b; + b=a; + a=t1.copy(); a.add(t2); + } + + this.h[0].add(a); this.h[1].add(b); this.h[2].add(c); this.h[3].add(d); + this.h[4].add(e); this.h[5].add(f); this.h[6].add(g); this.h[7].add(hh); + }, + +/* Initialise Hash function */ + init: function() + { /* initialise */ + var i; + for (i=0;i<80;i++) this.w[i]=new UInt64(0,0); + this.length[0]=new UInt64(0,0); this.length[1]=new UInt64(0,0); + this.h[0]=HASH512.H[0].copy(); + this.h[1]=HASH512.H[1].copy(); + this.h[2]=HASH512.H[2].copy(); + this.h[3]=HASH512.H[3].copy(); + this.h[4]=HASH512.H[4].copy(); + this.h[5]=HASH512.H[5].copy(); + this.h[6]=HASH512.H[6].copy(); + this.h[7]=HASH512.H[7].copy(); + }, + +/* process a single byte */ + process: function(byt) + { /* process the next message byte */ + var cnt; + cnt=(this.length[0].bot>>>6)%16; + this.w[cnt].shlb(); + this.w[cnt].bot|=(byt&0xFF); + + var e=new UInt64(0,8); + this.length[0].add(e); + if (this.length[0].top===0 && this.length[0].bot==0) { e=new UInt64(0,1); this.length[1].add(e); } + if ((this.length[0].bot%1024)===0) this.transform(); + }, + +/* process an array of bytes */ + process_array: function(b) + { + for (var i=0;i<b.length;i++) this.process(b[i]); + }, + +/* process a 32-bit integer */ + process_num: function(n) + { + this.process((n>>24)&0xff); + this.process((n>>16)&0xff); + this.process((n>>8)&0xff); + this.process(n&0xff); + }, + + hash: function() + { /* pad message and finish - supply digest */ + var i; + var digest=[]; + var len0,len1; + len0=this.length[0].copy(); + len1=this.length[1].copy(); + this.process(0x80); + while ((this.length[0].bot%1024)!=896) this.process(0); + + this.w[14]=len1; + this.w[15]=len0; + this.transform(); + + for (i=0;i<HASH512.len;i++) + { /* convert to bytes */ + digest[i]=HASH512.R(8*(7-i%8),this.h[i>>>3]).bot&0xff; + } + + this.init(); + return digest; + } +}; + +/* static functions */ +HASH512.S= function(n,x) +{ + if (n==0) return x; + if (n<32) + return new UInt64((x.top>>>n) | (x.bot<<(32-n)), (x.bot>>>n) | (x.top << (32-n))); + else + return new UInt64((x.bot>>>(n-32)) | (x.top << (64-n)),(x.top>>>(n-32)) | (x.bot<<(64-n))); + +}; + +HASH512.R= function(n,x) +{ + if (n==0) return x; + if (n<32) + return new UInt64((x.top>>>n),(x.bot>>>n | (x.top << (32-n)))); + else + return new UInt64(0,x.top >>> (n-32)); +}; + +HASH512.Ch= function(x,y,z) +{ + return new UInt64((x.top&y.top)^(~(x.top)&z.top),(x.bot&y.bot)^(~(x.bot)&z.bot)); +}; + +HASH512.Maj= function(x,y,z) +{ + return new UInt64((x.top&y.top)^(x.top&z.top)^(y.top&z.top),(x.bot&y.bot)^(x.bot&z.bot)^(y.bot&z.bot)); +}; + +HASH512.Sig0= function(x) +{ + var r1=HASH512.S(28,x); + var r2=HASH512.S(34,x); + var r3=HASH512.S(39,x); + return new UInt64(r1.top^r2.top^r3.top,r1.bot^r2.bot^r3.bot); +}; + +HASH512.Sig1= function(x) +{ + var r1=HASH512.S(14,x); + var r2=HASH512.S(18,x); + var r3=HASH512.S(41,x); + return new UInt64(r1.top^r2.top^r3.top,r1.bot^r2.bot^r3.bot); +}; + +HASH512.theta0= function(x) +{ + var r1=HASH512.S(1,x); + var r2=HASH512.S(8,x); + var r3=HASH512.R(7,x); + return new UInt64(r1.top^r2.top^r3.top,r1.bot^r2.bot^r3.bot); +}; + +HASH512.theta1= function(x) +{ + var r1=HASH512.S(19,x); + var r2=HASH512.S(61,x); + var r3=HASH512.R(6,x); + return new UInt64(r1.top^r2.top^r3.top,r1.bot^r2.bot^r3.bot); +}; + +/* constants */ +HASH512.len= 64; + +HASH512.H = [new UInt64(0x6a09e667, 0xf3bcc908), new UInt64(0xbb67ae85, 0x84caa73b), + new UInt64(0x3c6ef372, 0xfe94f82b), new UInt64(0xa54ff53a, 0x5f1d36f1), + new UInt64(0x510e527f, 0xade682d1), new UInt64(0x9b05688c, 0x2b3e6c1f), + new UInt64(0x1f83d9ab, 0xfb41bd6b), new UInt64(0x5be0cd19, 0x137e2179)]; + +HASH512.HK = [new UInt64(0x428a2f98, 0xd728ae22), new UInt64(0x71374491, 0x23ef65cd), + new UInt64(0xb5c0fbcf, 0xec4d3b2f), new UInt64(0xe9b5dba5, 0x8189dbbc), + new UInt64(0x3956c25b, 0xf348b538), new UInt64(0x59f111f1, 0xb605d019), + new UInt64(0x923f82a4, 0xaf194f9b), new UInt64(0xab1c5ed5, 0xda6d8118), + new UInt64(0xd807aa98, 0xa3030242), new UInt64(0x12835b01, 0x45706fbe), + new UInt64(0x243185be, 0x4ee4b28c), new UInt64(0x550c7dc3, 0xd5ffb4e2), + new UInt64(0x72be5d74, 0xf27b896f), new UInt64(0x80deb1fe, 0x3b1696b1), + new UInt64(0x9bdc06a7, 0x25c71235), new UInt64(0xc19bf174, 0xcf692694), + new UInt64(0xe49b69c1, 0x9ef14ad2), new UInt64(0xefbe4786, 0x384f25e3), + new UInt64(0x0fc19dc6, 0x8b8cd5b5), new UInt64(0x240ca1cc, 0x77ac9c65), + new UInt64(0x2de92c6f, 0x592b0275), new UInt64(0x4a7484aa, 0x6ea6e483), + new UInt64(0x5cb0a9dc, 0xbd41fbd4), new UInt64(0x76f988da, 0x831153b5), + new UInt64(0x983e5152, 0xee66dfab), new UInt64(0xa831c66d, 0x2db43210), + new UInt64(0xb00327c8, 0x98fb213f), new UInt64(0xbf597fc7, 0xbeef0ee4), + new UInt64(0xc6e00bf3, 0x3da88fc2), new UInt64(0xd5a79147, 0x930aa725), + new UInt64(0x06ca6351, 0xe003826f), new UInt64(0x14292967, 0x0a0e6e70), + new UInt64(0x27b70a85, 0x46d22ffc), new UInt64(0x2e1b2138, 0x5c26c926), + new UInt64(0x4d2c6dfc, 0x5ac42aed), new UInt64(0x53380d13, 0x9d95b3df), + new UInt64(0x650a7354, 0x8baf63de), new UInt64(0x766a0abb, 0x3c77b2a8), + new UInt64(0x81c2c92e, 0x47edaee6), new UInt64(0x92722c85, 0x1482353b), + new UInt64(0xa2bfe8a1, 0x4cf10364), new UInt64(0xa81a664b, 0xbc423001), + new UInt64(0xc24b8b70, 0xd0f89791), new UInt64(0xc76c51a3, 0x0654be30), + new UInt64(0xd192e819, 0xd6ef5218), new UInt64(0xd6990624, 0x5565a910), + new UInt64(0xf40e3585, 0x5771202a), new UInt64(0x106aa070, 0x32bbd1b8), + new UInt64(0x19a4c116, 0xb8d2d0c8), new UInt64(0x1e376c08, 0x5141ab53), + new UInt64(0x2748774c, 0xdf8eeb99), new UInt64(0x34b0bcb5, 0xe19b48a8), + new UInt64(0x391c0cb3, 0xc5c95a63), new UInt64(0x4ed8aa4a, 0xe3418acb), + new UInt64(0x5b9cca4f, 0x7763e373), new UInt64(0x682e6ff3, 0xd6b2b8a3), + new UInt64(0x748f82ee, 0x5defb2fc), new UInt64(0x78a5636f, 0x43172f60), + new UInt64(0x84c87814, 0xa1f0ab72), new UInt64(0x8cc70208, 0x1a6439ec), + new UInt64(0x90befffa, 0x23631e28), new UInt64(0xa4506ceb, 0xde82bde9), + new UInt64(0xbef9a3f7, 0xb2c67915), new UInt64(0xc67178f2, 0xe372532b), + new UInt64(0xca273ece, 0xea26619c), new UInt64(0xd186b8c7, 0x21c0c207), + new UInt64(0xeada7dd6, 0xcde0eb1e), new UInt64(0xf57d4f7f, 0xee6ed178), + new UInt64(0x06f067aa, 0x72176fba), new UInt64(0x0a637dc5, 0xa2c898a6), + new UInt64(0x113f9804, 0xbef90dae), new UInt64(0x1b710b35, 0x131c471b), + new UInt64(0x28db77f5, 0x23047d84), new UInt64(0x32caab7b, 0x40c72493), + new UInt64(0x3c9ebe0a, 0x15c9bebc), new UInt64(0x431d67c4, 0x9c100d4c), + new UInt64(0x4cc5d4be, 0xcb3e42b6), new UInt64(0x597f299c, 0xfc657e2a), + new UInt64(0x5fcb6fab, 0x3ad6faec), new UInt64(0x6c44198c, 0x4a475817)];
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/c25f9e5c/version22/js/MPIN.js ---------------------------------------------------------------------- diff --git a/version22/js/MPIN.js b/version22/js/MPIN.js new file mode 100644 index 0000000..fdd1d80 --- /dev/null +++ b/version22/js/MPIN.js @@ -0,0 +1,933 @@ +/* + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +*/ + +/* MPIN API Functions */ + +var MPIN = { + BAD_PARAMS:-11, + INVALID_POINT:-14, + WRONG_ORDER:-18, + BAD_PIN:-19, +/* configure PIN here */ + MAXPIN:10000, /* max PIN */ + PBLEN:14, /* MAXPIN length in bits */ + TS:10, /* 10 for 4 digit PIN, 14 for 6-digit PIN - 2^TS/TS approx = sqrt(MAXPIN) */ + TRAP:200, /* 200 for 4 digit PIN, 2000 for 6-digit PIN - approx 2*sqrt(MAXPIN) */ + EFS:ROM.MODBYTES, + EGS:ROM.MODBYTES, + PAS:16, + + SHA256 : 32, + SHA384 : 48, + SHA512 : 64, + + HASH_TYPE : 32, + + +/* return time in slots since epoch */ + today: function() { + var now=new Date(); + return Math.floor(now.getTime()/(60000*1440)); // for daily tokens + }, + + bytestostring: function(b) + { + var s=""; + var len=b.length; + var ch; + + for (var i=0;i<len;i++) + { + ch=b[i]; + s+=((ch>>>4)&15).toString(16); + s+=(ch&15).toString(16); + + } + return s; + }, + + stringtobytes: function(s) + { + var b=[]; + for (var i=0;i<s.length;i++) + b.push(s.charCodeAt(i)); + return b; + }, + + comparebytes: function(a,b) + { + if (a.length!=b.length) return false; + for (var i=0;i<a.length;i++) + { + if (a[i]!=b[i]) return false; + } + return true; + }, + + mpin_hash: function(sha,c,U) + { + var t=[]; + var w=[]; + var h=[]; + + c.geta().getA().toBytes(w); for (var i=0;i<this.EFS;i++) t[i]=w[i]; + c.geta().getB().toBytes(w); for (var i=this.EFS;i<2*this.EFS;i++) t[i]=w[i-this.EFS]; + c.getb().getA().toBytes(w); for (var i=2*this.EFS;i<3*this.EFS;i++) t[i]=w[i-2*this.EFS]; + c.getb().getB().toBytes(w); for (var i=3*this.EFS;i<4*this.EFS;i++) t[i]=w[i-3*this.EFS]; + + U.getX().toBytes(w); for (var i=4*this.EFS;i<5*this.EFS;i++) t[i]=w[i-4*this.EFS]; + U.getY().toBytes(w); for (var i=5*this.EFS;i<6*this.EFS;i++) t[i]=w[i-5*this.EFS]; + + if (sha==this.SHA256) + { + var H=new HASH256(); + H.process_array(t); + h=H.hash(); + } + if (sha==this.SHA384) + { + var H=new HASH384(); + H.process_array(t); + h=H.hash(); + } + if (sha==this.SHA512) + { + var H=new HASH512(); + H.process_array(t); + h=H.hash(); + } + if (h.length==0) return null; + var R=[]; + for (var i=0;i<this.PAS;i++) R[i]=h[i]; + return R; + }, +/* Hash number (optional) and string to point on curve */ + + hashit: function(sha,n,B) + { + var R=[]; + + if (sha==this.SHA256) + { + var H=new HASH256(); + if (n>0) H.process_num(n); + H.process_array(B); + R=H.hash(); + } + if (sha==this.SHA384) + { + var H=new HASH384(); + if (n>0) H.process_num(n); + H.process_array(B); + R=H.hash(); + } + if (sha==this.SHA512) + { + var H=new HASH512(); + if (n>0) H.process_num(n); + H.process_array(B); + R=H.hash(); + } + if (R.length==0) return null; + var W=[]; + + if (sha>=ROM.MODBYTES) + for (var i=0;i<ROM.MODBYTES;i++) W[i]=R[i]; + else + { + for (var i=0;i<sha;i++) W[i]=R[i]; + for (var i=sha;i<ROM.MODBYTES;i++) W[i]=0; + } + return W; + }, + + mapit: function(h) + { + var q=new BIG(0); q.rcopy(ROM.Modulus); + var x=BIG.fromBytes(h); + x.mod(q); + var P=new ECP(); + while (true) + { + P.setxi(x,0); + if (!P.is_infinity()) break; + x.inc(1); x.norm(); + } + if (ROM.CURVE_PAIRING_TYPE!=ROM.BN_CURVE) + { + var c=new BIG(0); c.rcopy(ROM.CURVE_Cof); + P=P.mul(c); + } + return P; + }, + +/* needed for SOK */ + mapit2: function(h) + { + var q=new BIG(0); q.rcopy(ROM.Modulus); + var x=BIG.fromBytes(h); + var one=new BIG(1); + x.mod(q); + var Q,T,K,X; + while (true) + { + X=new FP2(one,x); + Q=new ECP2(); Q.setx(X); + if (!Q.is_infinity()) break; + x.inc(1); x.norm(); + } +/* Fast Hashing to G2 - Fuentes-Castaneda, Knapp and Rodriguez-Henriquez */ + + var Fa=new BIG(0); Fa.rcopy(ROM.CURVE_Fra); + var Fb=new BIG(0); Fb.rcopy(ROM.CURVE_Frb); + X=new FP2(Fa,Fb); + x=new BIG(0); x.rcopy(ROM.CURVE_Bnx); + + T=new ECP2(); T.copy(Q); + T.mul(x); T.neg(); + K=new ECP2(); K.copy(T); + K.dbl(); K.add(T); K.affine(); + + K.frob(X); + Q.frob(X); Q.frob(X); Q.frob(X); + Q.add(T); Q.add(K); + T.frob(X); T.frob(X); + Q.add(T); + Q.affine(); + return Q; + + }, + +/* these next two functions help to implement elligator squared - http://eprint.iacr.org/2014/043 */ +/* maps a random u to a point on the curve */ + map: function(u,cb) + { + var P=new ECP(); + var x=new BIG(u); + var p=new BIG(0); p.rcopy(ROM.Modulus); + x.mod(p); + while (true) + { + P.setxi(x,cb); + if (!P.is_infinity()) break; + x.inc(1); x.norm(); + } + return P; + }, + +/* returns u derived from P. Random value in range 1 to return value should then be added to u */ + unmap: function(u,P) + { + var s=P.getS(); + var R=new ECP(); + var r=0; + var x=P.getX(); + u.copy(x); + while (true) + { + u.dec(1); u.norm(); + r++; + R.setxi(u,s); //=new ECP(u,s); + if (!R.is_infinity()) break; + } + return r; + }, + +/* these next two functions implement elligator squared - http://eprint.iacr.org/2014/043 */ +/* Elliptic curve point E in format (0x04,x,y} is converted to form {0x0-,u,v} */ +/* Note that u and v are indistinguisible from random strings */ + ENCODING: function(rng,E) + { + var i,rn,m,su,sv; + var T=[]; + + for (i=0;i<this.EFS;i++) T[i]=E[i+1]; + var u=BIG.fromBytes(T); + for (i=0;i<this.EFS;i++) T[i]=E[i+this.EFS+1]; + var v=BIG.fromBytes(T); + + var P=new ECP(0); P.setxy(u,v); + if (P.is_infinity()) return this.INVALID_POINT; + + var p=new BIG(0); p.rcopy(ROM.Modulus); + u=BIG.randomnum(p,rng); + + su=rng.getByte(); if (su<0) su=-su; su%=2; + + var W=this.map(u,su); + P.sub(W); + sv=P.getS(); + rn=this.unmap(v,P); + m=rng.getByte(); if (m<0) m=-m; m%=rn; + v.inc(m+1); + E[0]=(su+2*sv); + u.toBytes(T); + for (i=0;i<this.EFS;i++) E[i+1]=T[i]; + v.toBytes(T); + for (i=0;i<this.EFS;i++) E[i+this.EFS+1]=T[i]; + + return 0; + }, + + DECODING: function(D) + { + var i,su,sv; + var T=[]; + + if ((D[0]&0x04)!==0) return this.INVALID_POINT; + + for (i=0;i<this.EFS;i++) T[i]=D[i+1]; + var u=BIG.fromBytes(T); + for (i=0;i<this.EFS;i++) T[i]=D[i+this.EFS+1]; + var v=BIG.fromBytes(T); + + su=D[0]&1; + sv=(D[0]>>1)&1; + var W=this.map(u,su); + var P=this.map(v,sv); + P.add(W); + u=P.getX(); + v=P.getY(); + D[0]=0x04; + u.toBytes(T); + for (i=0;i<this.EFS;i++) D[i+1]=T[i]; + v.toBytes(T); + for (i=0;i<this.EFS;i++) D[i+this.EFS+1]=T[i]; + + return 0; + }, + +/* R=R1+R2 in group G1 */ + RECOMBINE_G1: function(R1,R2,R) + { + var P=ECP.fromBytes(R1); + var Q=ECP.fromBytes(R2); + + if (P.is_infinity() || Q.is_infinity()) return this.INVALID_POINT; + + P.add(Q); + + P.toBytes(R); + return 0; + }, + +/* W=W1+W2 in group G2 */ + RECOMBINE_G2: function(W1,W2,W) + { + var P=ECP2.fromBytes(W1); + var Q=ECP2.fromBytes(W2); + + if (P.is_infinity() || Q.is_infinity()) return this.INVALID_POINT; + + P.add(Q); + + P.toBytes(W); + return 0; + }, + + HASH_ID: function(sha,ID) + { + return this.hashit(sha,0,ID); + }, + +/* create random secret S */ + RANDOM_GENERATE: function(rng,S) + { + var r=new BIG(0); r.rcopy(ROM.CURVE_Order); + var s=BIG.randomnum(r,rng); + if (ROM.AES_S>0) + { + s.mod2m(2*ROM.AES_S); + } + s.toBytes(S); + return 0; + }, + +/* Extract PIN from TOKEN for identity CID */ + EXTRACT_PIN: function(sha,CID,pin,TOKEN) + { + var P=ECP.fromBytes(TOKEN); + if (P.is_infinity()) return this.INVALID_POINT; + var h=this.hashit(sha,0,CID); + var R=this.mapit(h); + + pin%=this.MAXPIN; + + R=R.pinmul(pin,this.PBLEN); + P.sub(R); + + P.toBytes(TOKEN); + + return 0; + }, + +/* Extract Server Secret SST=S*Q where Q is fixed generator in G2 and S is master secret */ + GET_SERVER_SECRET: function(S,SST) + { + + var A=new BIG(0); + var B=new BIG(0); + A.rcopy(ROM.CURVE_Pxa); B.rcopy(ROM.CURVE_Pxb); + var QX=new FP2(0); QX.bset(A,B); + A.rcopy(ROM.CURVE_Pya); B.rcopy(ROM.CURVE_Pyb); + var QY=new FP2(0); QY.bset(A,B); + + var Q=new ECP2(); + Q.setxy(QX,QY); + + var s=BIG.fromBytes(S); + Q=PAIR.G2mul(Q,s); + Q.toBytes(SST); + return 0; + }, + + TEST_PAIR: function(PR) + { + var G=new ECP(0); + var A=new BIG(0); + var B=new BIG(0); + A.rcopy(ROM.CURVE_Pxa); B.rcopy(ROM.CURVE_Pxb); + var QX=new FP2(0); QX.bset(A,B); + A.rcopy(ROM.CURVE_Pya); B.rcopy(ROM.CURVE_Pyb); + var QY=new FP2(0); QY.bset(A,B); + + var Q=new ECP2(); + Q.setxy(QX,QY); + + var gx=new BIG(0); gx.rcopy(ROM.CURVE_Gx); + var gy=new BIG(0); gy.rcopy(ROM.CURVE_Gy); + G.setxy(gx,gy); + + var g=PAIR.ate(Q,G); + g=PAIR.fexp(g); + g.toBytes(PR); + }, + +/* + W=x*H(G); + if RNG == NULL then X is passed in + if RNG != NULL the X is passed out + if type=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve +*/ + GET_G1_MULTIPLE: function(rng,type,X,G,W) + { + var x; + var r=new BIG(0); r.rcopy(ROM.CURVE_Order); + + if (rng!=null) + { + x=BIG.randomnum(r,rng); + if (ROM.AES_S>0) + { + x.mod2m(2*ROM.AES_S); + } + x.toBytes(X); + } + else + { + x=BIG.fromBytes(X); + } + var P; + if (type==0) + { + P=ECP.fromBytes(G); + if (P.is_infinity()) return INVALID_POINT; + } + else + P=this.mapit(G); + + PAIR.G1mul(P,x).toBytes(W); + return 0; + }, + + +/* Client secret CST=S*H(CID) where CID is client ID and S is master secret */ + GET_CLIENT_SECRET: function(S,CID,CST) + { + return this.GET_G1_MULTIPLE(null,1,S,CID,CST); + }, + +/* Time Permit CTT=S*(date|H(CID)) where S is master secret */ + GET_CLIENT_PERMIT: function(sha,date,S,CID,CTT) + { + var h=this.hashit(sha,date,CID); + var P=this.mapit(h); + + var s=BIG.fromBytes(S); + P=PAIR.G1mul(P,s); + P.toBytes(CTT); + return 0; + }, + +/* Implement step 1 on client side of MPin protocol */ + CLIENT_1: function(sha,date,CLIENT_ID,rng,X,pin,TOKEN,SEC,xID,xCID,PERMIT) + { + var r=new BIG(0); r.rcopy(ROM.CURVE_Order); + // var q=new BIG(0); q.rcopy(ROM.Modulus); + var x; + if (rng!==null) + { + x=BIG.randomnum(r,rng); + if (ROM.AES_S>0) + { + x.mod2m(2*ROM.AES_S); + } + x.toBytes(X); + } + else + { + x=BIG.fromBytes(X); + } + var P,T,W; + + var h=this.hashit(sha,0,CLIENT_ID); + P=this.mapit(h); + T=ECP.fromBytes(TOKEN); + if (T.is_infinity()) return this.INVALID_POINT; + + pin%=this.MAXPIN; + W=P.pinmul(pin,this.PBLEN); + T.add(W); + + if (date!=0) + { + W=ECP.fromBytes(PERMIT); + if (W.is_infinity()) return this.INVALID_POINT; + T.add(W); + h=this.hashit(sha,date,h); + W=this.mapit(h); + if (xID!=null) + { + P=PAIR.G1mul(P,x); + P.toBytes(xID); + W=PAIR.G1mul(W,x); + P.add(W); + } + else + { + P.add(W); + P=PAIR.G1mul(P,x); + } + if (xCID!=null) P.toBytes(xCID); + } + else + { + if (xID!=null) + { + P=PAIR.G1mul(P,x); + P.toBytes(xID); + } + } + + T.toBytes(SEC); + return 0; + }, + +/* Implement step 2 on client side of MPin protocol */ + CLIENT_2: function(X,Y,SEC) + { + var r=new BIG(0); r.rcopy(ROM.CURVE_Order); + var P=ECP.fromBytes(SEC); + if (P.is_infinity()) return this.INVALID_POINT; + + var px=BIG.fromBytes(X); + var py=BIG.fromBytes(Y); + px.add(py); + px.mod(r); + // px.rsub(r); + + P=PAIR.G1mul(P,px); + P.neg(); + P.toBytes(SEC); + //PAIR.G1mul(P,px).toBytes(SEC); + return 0; + }, + +/* Outputs H(CID) and H(T|H(CID)) for time permits. If no time permits set HID=HTID */ + SERVER_1: function(sha,date,CID,HID,HTID) + { + var h=this.hashit(sha,0,CID); + var R,P=this.mapit(h); + + P.toBytes(HID); + if (date!==0) + { + //if (HID!=null) P.toBytes(HID); + h=this.hashit(sha,date,h); + R=this.mapit(h); + P.add(R); + P.toBytes(HTID); + } + //else P.toBytes(HID); + }, + +/* Implement step 1 of MPin protocol on server side */ + SERVER_2: function(date,HID,HTID,Y,SST,xID,xCID,mSEC,E,F) + { + var A=new BIG(0); + var B=new BIG(0); + A.rcopy(ROM.CURVE_Pxa); B.rcopy(ROM.CURVE_Pxb); + var QX=new FP2(0); QX.bset(A,B); + A.rcopy(ROM.CURVE_Pya); B.rcopy(ROM.CURVE_Pyb); + var QY=new FP2(0); QY.bset(A,B); + + var Q=new ECP2(); + Q.setxy(QX,QY); + + var sQ=ECP2.fromBytes(SST); + if (sQ.is_infinity()) return this.INVALID_POINT; + + var R; + if (date!==0) + R=ECP.fromBytes(xCID); + else + { + if (xID==null) return this.BAD_PARAMS; + R=ECP.fromBytes(xID); + } + if (R.is_infinity()) return this.INVALID_POINT; + + var y=BIG.fromBytes(Y); + var P; + + if (date!=0) P=ECP.fromBytes(HTID); + else + { + if (HID==null) return this.BAD_PARAMS; + P=ECP.fromBytes(HID); + } + if (P.is_infinity()) return this.INVALID_POINT; + + P=PAIR.G1mul(P,y); + P.add(R); + R=ECP.fromBytes(mSEC); + if (R.is_infinity()) return this.INVALID_POINT; + + var g=PAIR.ate2(Q,R,sQ,P); + g=PAIR.fexp(g); + + if (!g.isunity()) + { + if (HID!=null && xID!=null && E!=null && F!=null) + { + g.toBytes(E); + if (date!==0) + { + P=ECP.fromBytes(HID); + if (P.is_infinity()) return this.INVALID_POINT; + R=ECP.fromBytes(xID); + if (R.is_infinity()) return this.INVALID_POINT; + + P=PAIR.G1mul(P,y); + P.add(R); + } + g=PAIR.ate(Q,P); + g=PAIR.fexp(g); + + g.toBytes(F); + } + return this.BAD_PIN; + } + return 0; + }, + +/* Pollards kangaroos used to return PIN error */ + KANGAROO: function(E,F) + { + var ge=FP12.fromBytes(E); + var gf=FP12.fromBytes(F); + var distance = []; + var t=new FP12(gf); + var table=[]; + var i,j,m,s,dn,dm,res,steps; + + s=1; + for (m=0;m<this.TS;m++) + { + distance[m]=s; + table[m]=new FP12(t); + s*=2; + t.usqr(); + } + t.one(); + dn=0; + for (j=0;j<this.TRAP;j++) + { + i=t.geta().geta().getA().lastbits(20)%this.TS; + t.mul(table[i]); + dn+=distance[i]; + } + gf.copy(t); gf.conj(); + steps=0; dm=0; + res=0; + while (dm-dn<this.MAXPIN) + { + steps++; + if (steps>4*this.TRAP) break; + i=ge.geta().geta().getA().lastbits(20)%this.TS; + ge.mul(table[i]); + dm+=distance[i]; + if (ge.equals(t)) + { + res=dm-dn; + break; + } + if (ge.equals(gf)) + { + res=dn-dm; + break; + } + + } + if (steps>4*this.TRAP || dm-dn>=this.MAXPIN) {res=0; } // Trap Failed - probable invalid token + return res; + }, + + /* return time since epoch */ + GET_TIME: function() { + var now=new Date(); + return Math.floor(now.getTime()/(1000)); + }, + + /* y = H(time,xCID) */ + GET_Y: function(sha,TimeValue,xCID,Y) + { + var q=new BIG(0); + q.rcopy(ROM.CURVE_Order); + var h=this.hashit(sha,TimeValue,xCID); + var y=BIG.fromBytes(h); + y.mod(q); + if (ROM.AES_S>0) + { + y.mod2m(2*ROM.AES_S); + } + y.toBytes(Y); + return 0; + }, + + /* One pass MPIN Client */ + CLIENT: function(sha,date,CLIENT_ID,rng,X,pin,TOKEN,SEC,xID,xCID,PERMIT,TimeValue,Y) + { + + var rtn=0; + var pID; + if (date == 0) { + pID = xID; + } else { + pID = xCID; + xID = null; + } + + rtn = this.CLIENT_1(sha,date,CLIENT_ID,rng,X,pin,TOKEN,SEC,xID,xCID,PERMIT); + if (rtn != 0) + return rtn; + + this.GET_Y(sha,TimeValue,pID,Y); + + rtn = this.CLIENT_2(X,Y,SEC); + if (rtn != 0) + return rtn; + + return 0; + }, + + /* One pass MPIN Server */ + SERVER: function(sha,date,HID,HTID,Y,SST,xID,xCID,mSEC,E,F,CID,TimeValue) + { + var rtn=0; + var pID; + if (date == 0) { + pID = xID; + } else { + pID = xCID; + } + + this.SERVER_1(sha,date,CID,HID,HTID); + + this.GET_Y(sha,TimeValue,pID,Y); + + rtn = this.SERVER_2(date,HID,HTID,Y,SST,xID,xCID,mSEC,E,F); + if (rtn != 0) + return rtn; + + return 0; + }, + +/* Functions to support M-Pin Full */ + + PRECOMPUTE: function(TOKEN,CID,G1,G2) + { + var P,T; + var g; + + T=ECP.fromBytes(TOKEN); + if (T.is_infinity()) return INVALID_POINT; + + P=this.mapit(CID); + + var A=new BIG(0); + var B=new BIG(0); + A.rcopy(ROM.CURVE_Pxa); B.rcopy(ROM.CURVE_Pxb); + var QX=new FP2(0); QX.bset(A,B); + A.rcopy(ROM.CURVE_Pya); B.rcopy(ROM.CURVE_Pyb); + var QY=new FP2(0); QY.bset(A,B); + + var Q=new ECP2(); + Q.setxy(QX,QY); + + g=PAIR.ate(Q,T); + g=PAIR.fexp(g); + g.toBytes(G1); + + g=PAIR.ate(Q,P); + g=PAIR.fexp(g); + g.toBytes(G2); + + return 0; + }, + +/* Hash the M-Pin transcript - new */ + + HASH_ALL: function(sha,HID,xID,xCID,SEC,Y,R,W) + { + var tlen=0; + var T=[]; + + + for (var i=0;i<HID.length;i++) T[i]=HID[i]; + tlen+=HID.length; + if (xCID!=null) + { + for (var i=0;i<xCID.length;i++) T[i+tlen]=xCID[i]; + tlen+=xCID.length; + } + else + { + for (i=0;i<xID.length;i++) T[i+tlen]=xID[i]; + tlen+=xID.length; + } + for (var i=0;i<SEC.length;i++) T[i+tlen]=SEC[i]; + tlen+=SEC.length; + for (var i=0;i<Y.length;i++) T[i+tlen]=Y[i]; + tlen+=Y.length; + for (var i=0;i<R.length;i++) T[i+tlen]=R[i]; + tlen+=R.length; + for (var i=0;i<W.length;i++) T[i+tlen]=W[i]; + tlen+=W.length; + + return this.hashit(sha,0,T); + }, + +/* calculate common key on client side */ +/* wCID = w.(A+AT) */ + CLIENT_KEY: function(sha,G1,G2,pin,R,X,H,wCID,CK) + { + var t=[]; + + var g1=FP12.fromBytes(G1); + var g2=FP12.fromBytes(G2); + var z=BIG.fromBytes(R); + var x=BIG.fromBytes(X); + var h=BIG.fromBytes(H); + + var W=ECP.fromBytes(wCID); + if (W.is_infinity()) return this.INVALID_POINT; + + W=PAIR.G1mul(W,x); + + var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra); + var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb); + var f=new FP2(fa,fb); //f.bset(fa,fb); + + var r=new BIG(0); r.rcopy(ROM.CURVE_Order); + var q=new BIG(0); q.rcopy(ROM.Modulus); + + z.add(h); + z.mod(r); + + var m=new BIG(q); + m.mod(r); + + var a=new BIG(z); + a.mod(m); + + var b=new BIG(z); + b.div(m); + + g2.pinpow(pin,this.PBLEN); + g1.mul(g2); + + var c=g1.trace(); + g2.copy(g1); + g2.frob(f); + var cp=g2.trace(); + g1.conj(); + g2.mul(g1); + var cpm1=g2.trace(); + g2.mul(g1); + var cpm2=g2.trace(); + + c=c.xtr_pow2(cp,cpm1,cpm2,a,b); + + t=this.mpin_hash(sha,c,W); + + for (var i=0;i<this.PAS;i++) CK[i]=t[i]; + + return 0; + }, + +/* calculate common key on server side */ +/* Z=r.A - no time permits involved */ + + SERVER_KEY: function(sha,Z,SST,W,H,HID,xID,xCID,SK) + { + var t=[]; + + var sQ=ECP2.fromBytes(SST); + if (sQ.is_infinity()) return this.INVALID_POINT; + var R=ECP.fromBytes(Z); + if (R.is_infinity()) return this.INVALID_POINT; + var A=ECP.fromBytes(HID); + if (A.is_infinity()) return this.INVALID_POINT; + + var U; + if (xCID!=null) + U=ECP.fromBytes(xCID); + else + U=ECP.fromBytes(xID); + if (U.is_infinity()) return this.INVALID_POINT; + + var w=BIG.fromBytes(W); + var h=BIG.fromBytes(H); + A=PAIR.G1mul(A,h); + R.add(A); + + U=PAIR.G1mul(U,w); + var g=PAIR.ate(sQ,R); + g=PAIR.fexp(g); + + var c=g.trace(); + + t=this.mpin_hash(sha,c,U); + + for (var i=0;i<this.PAS;i++) SK[i]=t[i]; + + return 0; + } +}; http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/c25f9e5c/version22/js/PAIR.js ---------------------------------------------------------------------- diff --git a/version22/js/PAIR.js b/version22/js/PAIR.js new file mode 100644 index 0000000..e7c5878 --- /dev/null +++ b/version22/js/PAIR.js @@ -0,0 +1,650 @@ +/* + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +*/ + +var PAIR = { +/* Line function */ + line: function(A,B,Qx,Qy) + { + var P=new ECP2(); + var a,b,c; + var r=new FP12(1); + P.copy(A); + + var ZZ=new FP2(P.getz()); //ZZ.copy(P.getz()); + ZZ.sqr(); + var D; + if (A==B) D=A.dbl(); + else D=A.add(B); + if (D<0) return r; + var Z3=new FP2(A.getz()); //Z3.copy(A.getz()); + c=new FP4(0); + var X,Y,T; + if (D===0) + { /* Addition */ + X=new FP2(B.getx()); //X.copy(B.getx()); + Y=new FP2(B.gety()); //Y.copy(B.gety()); + T=new FP2(P.getz()); //T.copy(P.getz()); + + T.mul(Y); + ZZ.mul(T); + + var NY=new FP2(P.gety()); /*NY.copy(P.gety());*/ NY.neg(); + ZZ.add(NY); + Z3.pmul(Qy); + T.mul(P.getx()); + X.mul(NY); + T.add(X); + a=new FP4(Z3,T); //a.set(Z3,T); + ZZ.neg(); + ZZ.pmul(Qx); + b=new FP4(ZZ); //b.seta(ZZ); + } + else + { /* Doubling */ + X=new FP2(P.getx()); //X.copy(P.getx()); + Y=new FP2(P.gety()); //Y.copy(P.gety()); + T=new FP2(P.getx()); //T.copy(P.getx()); + T.sqr(); + T.imul(3); + + Y.sqr(); + Y.add(Y); + Z3.mul(ZZ); + Z3.pmul(Qy); + + X.mul(T); + X.sub(Y); + a=new FP4(Z3,X); //a.set(Z3,X); + T.neg(); + ZZ.mul(T); + + ZZ.pmul(Qx); + + b=new FP4(ZZ); //b.seta(ZZ); + } + r.set(a,b,c); + return r; + }, + +/* Optimal R-ate pairing */ + ate: function(P,Q) + { + var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra); + var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb); + var f=new FP2(fa,fb); //f.bset(fa,fb); + + var x=new BIG(0); x.rcopy(ROM.CURVE_Bnx); + var n=new BIG(x); //n.copy(x); + var K=new ECP2(); + var lv; + + if (ROM.CURVE_PAIRING_TYPE==ROM.BN_CURVE) + { + n.pmul(6); n.dec(2); + } + else + n.copy(x); + n.norm(); + + P.affine(); + Q.affine(); + var Qx=new FP(Q.getx()); //Qx.copy(Q.getx()); + var Qy=new FP(Q.gety()); //Qy.copy(Q.gety()); + + var A=new ECP2(); + var r=new FP12(1); + + A.copy(P); + var nb=n.nbits(); + + for (var i=nb-2;i>=1;i--) + { + lv=PAIR.line(A,A,Qx,Qy); + + r.smul(lv); + + if (n.bit(i)==1) + { + lv=PAIR.line(A,P,Qx,Qy); + r.smul(lv); + } + r.sqr(); + } + lv=PAIR.line(A,A,Qx,Qy); + r.smul(lv); + if (n.parity()==1) + { + lv=line(A,P,Qx,Qy); + r.smul(lv); + } + +/* R-ate fixup */ + if (ROM.CURVE_PAIRING_TYPE==ROM.BN_CURVE) + { + r.conj(); + K.copy(P); + K.frob(f); + A.neg(); + lv=PAIR.line(A,K,Qx,Qy); + r.smul(lv); + K.frob(f); + K.neg(); + lv=PAIR.line(A,K,Qx,Qy); + r.smul(lv); + } + return r; + }, + +/* Optimal R-ate double pairing e(P,Q).e(R,S) */ + ate2: function(P,Q,R,S) + { + var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra); + var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb); + var f=new FP2(fa,fb); //f.bset(fa,fb); + var x=new BIG(0); x.rcopy(ROM.CURVE_Bnx); + + var n=new BIG(x); //n.copy(x); + var K=new ECP2(); + var lv; + + if (ROM.CURVE_PAIRING_TYPE==ROM.BN_CURVE) + { + n.pmul(6); n.dec(2); + } + else + n.copy(x); + n.norm(); + + P.affine(); + Q.affine(); + R.affine(); + S.affine(); + + var Qx=new FP(Q.getx()); //Qx.copy(Q.getx()); + var Qy=new FP(Q.gety()); //Qy.copy(Q.gety()); + + var Sx=new FP(S.getx()); //Sx.copy(S.getx()); + var Sy=new FP(S.gety()); //Sy.copy(S.gety()); + + var A=new ECP2(); + var B=new ECP2(); + var r=new FP12(1); + + A.copy(P); + B.copy(R); + var nb=n.nbits(); + + for (var i=nb-2;i>=1;i--) + { + lv=PAIR.line(A,A,Qx,Qy); + r.smul(lv); + lv=PAIR.line(B,B,Sx,Sy); + r.smul(lv); + if (n.bit(i)==1) + { + lv=PAIR.line(A,P,Qx,Qy); + r.smul(lv); + lv=PAIR.line(B,R,Sx,Sy); + r.smul(lv); + } + r.sqr(); + } + + lv=PAIR.line(A,A,Qx,Qy); + r.smul(lv); + lv=PAIR.line(B,B,Sx,Sy); + r.smul(lv); + if (n.parity()==1) + { + lv=line(A,P,Qx,Qy); + r.smul(lv); + lv=line(B,R,Sx,Sy); + r.smul(lv); + } + +/* R-ate fixup required for BN curves */ + if (ROM.CURVE_PAIRING_TYPE==ROM.BN_CURVE) + { + r.conj(); + + K.copy(P); + K.frob(f); + A.neg(); + lv=PAIR.line(A,K,Qx,Qy); + r.smul(lv); + K.frob(f); + K.neg(); + lv=PAIR.line(A,K,Qx,Qy); + r.smul(lv); + + K.copy(R); + K.frob(f); + B.neg(); + lv=PAIR.line(B,K,Sx,Sy); + r.smul(lv); + K.frob(f); + K.neg(); + lv=PAIR.line(B,K,Sx,Sy); + r.smul(lv); + } + return r; + }, + +/* final exponentiation - keep separate for multi-pairings and to avoid thrashing stack */ + fexp: function(m) + { + var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra); + var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb); + var f=new FP2(fa,fb); + var x=new BIG(0); x.rcopy(ROM.CURVE_Bnx); + + var r=new FP12(m); //r.copy(m); + +/* Easy part of final exp */ + var lv=new FP12(r); //lv.copy(r); + lv.inverse(); + r.conj(); + r.mul(lv); + lv.copy(r); + r.frob(f); + r.frob(f); + r.mul(lv); + +/* Hard part of final exp */ + if (ROM.CURVE_PAIRING_TYPE==ROM.BN_CURVE) + { + var x0,x1,x2,x3,x4,x5; + lv.copy(r); + lv.frob(f); + x0=new FP12(lv); //x0.copy(lv); + x0.frob(f); + lv.mul(r); + x0.mul(lv); + x0.frob(f); + x1=new FP12(r); //x1.copy(r); + x1.conj(); + + x4=r.pow(x); + + x3=new FP12(x4); //x3.copy(x4); + x3.frob(f); + x2=x4.pow(x); + + x5=new FP12(x2); /*x5.copy(x2);*/ x5.conj(); + lv=x2.pow(x); + + x2.frob(f); + r.copy(x2); r.conj(); + + x4.mul(r); + x2.frob(f); + + r.copy(lv); + r.frob(f); + lv.mul(r); + + lv.usqr(); + lv.mul(x4); + lv.mul(x5); + r.copy(x3); + r.mul(x5); + r.mul(lv); + lv.mul(x2); + r.usqr(); + r.mul(lv); + r.usqr(); + lv.copy(r); + lv.mul(x1); + r.mul(x0); + lv.usqr(); + r.mul(lv); + r.reduce(); + } + else + { + var y0,y1,y2,y3; +// Ghamman & Fouotsa Method + y0=new FP12(r); y0.usqr(); + y1=y0.pow(x); + x.fshr(1); y2=y1.pow(x); x.fshl(1); + y3=new FP12(r); y3.conj(); + y1.mul(y3); + + y1.conj(); + y1.mul(y2); + + y2=y1.pow(x); + + y3=y2.pow(x); + y1.conj(); + y3.mul(y1); + + y1.conj(); + y1.frob(f); y1.frob(f); y1.frob(f); + y2.frob(f); y2.frob(f); + y1.mul(y2); + + y2=y3.pow(x); + y2.mul(y0); + y2.mul(r); + + y1.mul(y2); + y2.copy(y3); y2.frob(f); + y1.mul(y2); + r.copy(y1); + r.reduce(); + + +/* + x0=new FP12(r); + x1=new FP12(r); + lv.copy(r); lv.frob(f); + x3=new FP12(lv); x3.conj(); x1.mul(x3); + lv.frob(f); lv.frob(f); + x1.mul(lv); + + r.copy(r.pow(x)); //r=r.pow(x); + x3.copy(r); x3.conj(); x1.mul(x3); + lv.copy(r); lv.frob(f); + x0.mul(lv); + lv.frob(f); + x1.mul(lv); + lv.frob(f); + x3.copy(lv); x3.conj(); x0.mul(x3); + + r.copy(r.pow(x)); + x0.mul(r); + lv.copy(r); lv.frob(f); lv.frob(f); + x3.copy(lv); x3.conj(); x0.mul(x3); + lv.frob(f); + x1.mul(lv); + + r.copy(r.pow(x)); + lv.copy(r); lv.frob(f); + x3.copy(lv); x3.conj(); x0.mul(x3); + lv.frob(f); + x1.mul(lv); + + r.copy(r.pow(x)); + x3.copy(r); x3.conj(); x0.mul(x3); + lv.copy(r); lv.frob(f); + x1.mul(lv); + + r.copy(r.pow(x)); + x1.mul(r); + + x0.usqr(); + x0.mul(x1); + r.copy(x0); + r.reduce(); */ + } + return r; + } +}; + +/* GLV method */ +PAIR.glv= function(e) +{ + var u=[]; + if (ROM.CURVE_PAIRING_TYPE==ROM.BN_CURVE) + { + var i,j; + var t=new BIG(0); + var q=new BIG(0); q.rcopy(ROM.CURVE_Order); + var v=[]; + + for (i=0;i<2;i++) + { + t.rcopy(ROM.CURVE_W[i]); + var d=BIG.mul(t,e); + v[i]=new BIG(d.div(q)); + u[i]=new BIG(0); + } + u[0].copy(e); + for (i=0;i<2;i++) + for (j=0;j<2;j++) + { + t.rcopy(ROM.CURVE_SB[j][i]); + t.copy(BIG.modmul(v[j],t,q)); + u[i].add(q); + u[i].sub(t); + u[i].mod(q); + } + } + else + { // -(x^2).P = (Beta.x,y) + var q=new BIG(0); q.rcopy(ROM.CURVE_Order); + var x=new BIG(0); x.rcopy(ROM.CURVE_Bnx); + var x2=BIG.smul(x,x); + u[0]=new BIG(e); + u[0].mod(x2); + u[1]=new BIG(e); + u[1].div(x2); + u[1].rsub(q); + } + return u; +}; + +/* Galbraith & Scott Method */ +PAIR.gs= function(e) +{ + var u=[]; + if (ROM.CURVE_PAIRING_TYPE==ROM.BN_CURVE) + { + var i,j; + var t=new BIG(0); + var q=new BIG(0); q.rcopy(ROM.CURVE_Order); + + var v=[]; + + for (i=0;i<4;i++) + { + t.rcopy(ROM.CURVE_WB[i]); + var d=BIG.mul(t,e); + v[i]=new BIG(d.div(q)); + u[i]=new BIG(0); + } + + u[0].copy(e); + for (i=0;i<4;i++) + for (j=0;j<4;j++) + { + t.rcopy(ROM.CURVE_BB[j][i]); + t.copy(BIG.modmul(v[j],t,q)); + u[i].add(q); + u[i].sub(t); + u[i].mod(q); + } + } + else + { + var x=new BIG(0); x.rcopy(ROM.CURVE_Bnx); + var w=new BIG(e); + for (var i=0;i<4;i++) + { + u[i]=new BIG(w); + u[i].mod(x); + w.div(x); + } + } + return u; +}; + +/* Multiply P by e in group G1 */ +PAIR.G1mul= function(P,e) +{ + var R; + if (ROM.USE_GLV) + { + P.affine(); + R=new ECP(); + R.copy(P); + var np,nn; + var Q=new ECP(); + Q.copy(P); + var q=new BIG(0); q.rcopy(ROM.CURVE_Order); + var bcru=new BIG(0); bcru.rcopy(ROM.CURVE_Cru); + var cru=new FP(bcru); + var t=new BIG(0); + var u=PAIR.glv(e); + + Q.getx().mul(cru); + + np=u[0].nbits(); + t.copy(BIG.modneg(u[0],q)); + nn=t.nbits(); + if (nn<np) + { + u[0].copy(t); + R.neg(); + } + + np=u[1].nbits(); + t.copy(BIG.modneg(u[1],q)); + nn=t.nbits(); + if (nn<np) + { + u[1].copy(t); + Q.neg(); + } + + R=R.mul2(u[0],Q,u[1]); + + } + else + { + R=P.mul(e); + } + return R; +}; + +/* Multiply P by e in group G2 */ +PAIR.G2mul= function(P,e) +{ + var R; + if (ROM.USE_GS_G2) + { + var Q=[]; + var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra); + var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb); + var f=new FP2(fa,fb); //f.bset(fa,fb); + var q=new BIG(0); q.rcopy(ROM.CURVE_Order); + + var u=PAIR.gs(e); + var t=new BIG(0); + var i,np,nn; + P.affine(); + Q[0]=new ECP2(); Q[0].copy(P); + for (i=1;i<4;i++) + { + Q[i]=new ECP2(); Q[i].copy(Q[i-1]); + Q[i].frob(f); + } + + for (i=0;i<4;i++) + { + np=u[i].nbits(); + t.copy(BIG.modneg(u[i],q)); + nn=t.nbits(); + if (nn<np) + { + u[i].copy(t); + Q[i].neg(); + } + } + + R=ECP2.mul4(Q,u); + } + else + { + R=P.mul(e); + } + return R; +}; + +/* Note that this method requires a lot of RAM! Better to use compressed XTR method, see FP4.js */ +PAIR.GTpow= function(d,e) +{ + var r; + if (ROM.USE_GS_GT) + { + var g=[]; + var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra); + var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb); + var f=new FP2(fa,fb); + var q=new BIG(0); q.rcopy(ROM.CURVE_Order); + var t=new BIG(0); + var i,np,nn; + var u=PAIR.gs(e); + + g[0]=new FP12(d); + for (i=1;i<4;i++) + { + g[i]=new FP12(0); g[i].copy(g[i-1]); + g[i].frob(f); + } + for (i=0;i<4;i++) + { + np=u[i].nbits(); + t.copy(BIG.modneg(u[i],q)); + nn=t.nbits(); + if (nn<np) + { + u[i].copy(t); + g[i].conj(); + } + } + r=FP12.pow4(g,u); + } + else + { + r=d.pow(e); + } + return r; +}; + +/* test group membership - no longer needed */ +/* with GT-Strong curve, now only check that m!=1, conj(m)*m==1, and m.m^{p^4}=m^{p^2} */ +/* +PAIR.GTmember= function(m) +{ + if (m.isunity()) return false; + var r=new FP12(m); + r.conj(); + r.mul(m); + if (!r.isunity()) return false; + + var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra); + var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb); + var f=new FP2(fa,fb); //f.bset(fa,fb); + + r.copy(m); r.frob(f); r.frob(f); + var w=new FP12(r); w.frob(f); w.frob(f); + w.mul(m); + if (!ROM.GT_STRONG) + { + if (!w.equals(r)) return false; + var x=new BIG(0); x.rcopy(ROM.CURVE_Bnx); + r.copy(m); w=r.pow(x); w=w.pow(x); + r.copy(w); r.sqr(); r.mul(w); r.sqr(); + w.copy(m); w.frob(f); + } + return w.equals(r); +}; +*/ http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/c25f9e5c/version22/js/RAND.js ---------------------------------------------------------------------- diff --git a/version22/js/RAND.js b/version22/js/RAND.js new file mode 100644 index 0000000..9e2dddd --- /dev/null +++ b/version22/js/RAND.js @@ -0,0 +1,148 @@ +/* + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +*/ + +/* + * Cryptographic strong random number generator + * + * Unguessable seed -> SHA -> PRNG internal state -> SHA -> random numbers + * Slow - but secure + * + * See ftp://ftp.rsasecurity.com/pub/pdfs/bull-1.pdf for a justification + */ + +/* Marsaglia & Zaman Random number generator constants */ + + +var RAND=function() +{ +/* Cryptographically strong pseudo-random number generator */ + this.ira=[]; /* random number... */ + this.rndptr=0; /* ...array & pointer */ + this.borrow=0; + this.pool_ptr=0; + this.pool=[]; /* random pool */ + this.clean(); +}; + +RAND.prototype= +{ + NK:21, + NJ:6, + NV:8, + +/* Terminate and clean up */ + clean : function() + { + var i; + for (i=0;i<32;i++) this.pool[i]=0; + for (i=0;i<this.NK;i++) this.ira[i]=0; + this.rndptr=0; + this.borrow=0; + this.pool_ptr=0; + }, + + sbrand: function() + { /* Marsaglia & Zaman random number generator */ + var i,k; + var pdiff,t; /* unsigned 32-bit */ + + this.rndptr++; + if (this.rndptr<this.NK) return this.ira[this.rndptr]; + this.rndptr=0; + for (i=0,k=this.NK-this.NJ;i<this.NK;i++,k++) + { /* calculate next NK values */ + if (k==this.NK) k=0; + t=this.ira[k]>>>0; + pdiff=(t - this.ira[i] - this.borrow)|0; + pdiff>>>=0; /* This is seriously wierd shit. I got to do this to get a proper unsigned comparison... */ + if (pdiff<t) this.borrow=0; + if (pdiff>t) this.borrow=1; + this.ira[i]=(pdiff|0); + } + return this.ira[0]; + }, + + sirand: function(seed) + { + var i,inn; + var t,m=1; + this.borrow=0; + this.rndptr=0; + seed>>>=0; + this.ira[0]^=seed; + + for (i=1;i<this.NK;i++) + { /* fill initialisation vector */ + inn=(this.NV*i)%this.NK; + this.ira[inn]^=m; /* note XOR */ + t=m; + m=(seed-m)|0; + seed=t; + } + + for (i=0;i<10000;i++) this.sbrand(); /* "warm-up" & stir the generator */ + }, + + fill_pool: function() + { + var sh=new HASH256(); + for (var i=0;i<128;i++) sh.process(this.sbrand()); + this.pool=sh.hash(); + this.pool_ptr=0; + }, + +/* Initialize RNG with some real entropy from some external source */ + seed: function(rawlen,raw) + { /* initialise from at least 128 byte string of raw random entropy */ + var i; + var digest=[]; + var b=[]; + var sh=new HASH256(); + this.pool_ptr=0; + for (i=0;i<this.NK;i++) this.ira[i]=0; + if (rawlen>0) + { + for (i=0;i<rawlen;i++) + sh.process(raw[i]); + digest=sh.hash(); + +/* initialise PRNG from distilled randomness */ + for (i=0;i<8;i++) + { + b[0]=digest[4*i]; b[1]=digest[4*i+1]; b[2]=digest[4*i+2]; b[3]=digest[4*i+3]; + this.sirand(RAND.pack(b)); + } + } + this.fill_pool(); + }, + +/* get random byte */ + getByte: function() + { + var r=this.pool[this.pool_ptr++]; + if (this.pool_ptr>=32) this.fill_pool(); + return (r&0xff); + } +}; + +RAND.pack= function(b) +{ /* pack 4 bytes into a 32-bit Word */ + return (((b[3])&0xff)<<24)|((b[2]&0xff)<<16)|((b[1]&0xff)<<8)|(b[0]&0xff); +}; + http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/c25f9e5c/version22/js/ROM.js ---------------------------------------------------------------------- diff --git a/version22/js/ROM.js b/version22/js/ROM.js new file mode 100644 index 0000000..dcf2af1 --- /dev/null +++ b/version22/js/ROM.js @@ -0,0 +1,716 @@ +/* + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +*/ + +/* Fixed Data in ROM - Field and Curve parameters */ + +var ROM={ + CHUNK: 32, + +/* Field Type */ + NOT_SPECIAL: 0, + PSEUDO_MERSENNE: 1, + GENERALISED_MERSENNE: 2, + MONTGOMERY_FRIENDLY: 3, + +/* Curve Type */ + WEIERSTRASS: 0, + EDWARDS: 1, + MONTGOMERY: 2, + BN_CURVE: 0, + BLS_CURVE: 1, + +/* Finite field support - for RSA, DH etc. */ + FFLEN: 4, /* Defines Finite Field size n = BIGBITS.FFLEN, where FFLEN mustbe power of 2 */ + +/*** Enter Some Field details here ***/ +/* C25519 */ +// MODBITS: 255, /* Number of bits in Modulus */ +// MOD8: 5, /* Modulus mod 8 */ +// BASEBITS: 24, +// AES_S: 0, + +/* NIST Curve */ +/* Brainpool */ +// MODBITS: 256, +// MOD8: 7, +// BASEBITS: 24, +// AES_S: 0 + +/* BN254/BNCX */ + MODBITS: 254, + MOD8: 3, + BASEBITS: 24, + AES_S: 0, + +/* BLS383 */ +// MODBITS: 383, +// MOD8: 3, +// BASEBITS: 23, +// AES_S: 0, + +/* BN454 */ +// MODBITS: 454, +// MOD8: 3, +// BASEBITS: 23, +// AES_S: 128, + +/* BLS455 */ +// MODBITS: 455, +// MOD8: 3, +// BASEBITS: 23, +// AES_S: 128, + +/* MF254 */ +// MODBITS: 254, +// MOD8: 7, +// BASEBITS: 24, + +/* MS255 */ +// MODBITS: 255, +// MOD8: 3, +// BASEBITS: 24, +// AES_S: 0 + +/* MF256 */ +// MODBITS: 256, +// MOD8: 7, +// BASEBITS: 24, +// AES_S: 0 + +/* MS256 */ +// MODBITS: 256, +// MOD8: 3, +// BASEBITS: 24, +// AES_S: 0 + +/* ANSSI */ +// MODBITS: 256, +// MOD8: 3, +// BASEBITS: 24, +// AES_S: 0 + +/* HIFIVE */ +// MODBITS: 336, +// MOD8: 5, +// BASEBITS: 23, +// AES_S: 128 + +/* GOLDILOCKS */ +// MODBITS: 448, +// MOD8: 5, +// BASEBITS: 23, +// AES_S: 0 + +/* C41417 */ +// MODBITS: 414, +// MOD8: 7, +// BASEBITS: 22, +// AES_S: 0 + +/* NIST384 */ +// MODBITS: 384, +// MOD8: 7, +// BASEBITS: 23, +// AES_S: 0 + +/* NIST521 */ +// MODBITS: 521, +// MOD8: 7, +// BASEBITS: 23, +// AES_S: 0 + +/* Specify Field here */ + +/* C25519 */ +// MODTYPE: 1, +// Modulus: [0xFFFFED,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x7FFF], +// MConst: 19, + +/* BNCX */ + MODTYPE:0, + Modulus: [0x1B55B3,0x23EF5C,0xE1BE66,0x18093E,0x3FD6EE,0x66D324,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400], + MConst:0x789E85, + +/* BLS383 */ +// MODTYPE:0, +// Modulus: [0x2D556B,0x556A55,0x75EAB2,0x23AFBA,0x1BB01,0x2BAEA4,0x5CC20F,0x758B67,0x20F99,0x640A63,0x69A3A8,0x6009AA,0x2A7852,0x20B8AA,0x7DD718,0x104054,0x7AC5], +// MConst:0x23D0BD, + +/* HIFIVE */ +// MODTYPE:1, +// Modulus: [0x7FFFFD,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x3FFF], +// MConst: 0x3, + +/* GOLDILOCKS */ +// MODTYPE: 2, +// Modulus: [0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7DFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FF], +// MConst: 0x1, + +/* C41417 */ +// MODTYPE: 1, +// Modulus: [0x3FFFEF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFF], +// MConst: 0x11, + +/* NIST384 */ +// MODTYPE: 0, +// Modulus: [0x7FFFFF,0x1FF,0x0,0x0,0x7FFFF0,0x7FDFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0xFFFF], +// MConst: 0x1, + +/* NIST521 */ +// MODTYPE: 1, +// Modulus: [0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFF], +// MConst: 0x1, + +/* BN254 Curve */ +//MODTYPE:0, +//Modulus: [0x13,0x0,0x13A700,0x0,0x210000,0x861,0x800000,0xBA344D,0x1,0x648240,0x2523], +//MConst:0x9435E5, + +/* BN454 Curve */ +//MODTYPE:0, +//Modulus: [0x13,0x9C00,0x100000,0x700004,0x6006C4,0x4A109,0x514200,0x640000,0x80091,0x803AA,0x36A22,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9090,0x1B000,0x24000,0x12000], +//MConst:0x1435E5, + +/* BLS455 Curve */ +//MODTYPE:0, +//Modulus: [0x2AB,0x300,0x5AAA80,0x59554A,0x589556,0x2374D8,0x2B3A1B,0x6DCCCA,0x14B8B3,0x29F966,0x2F64E5,0x6AB11A,0x63A5B1,0x7ECCB,0x2480C0,0x7CADA,0x2AA00E,0x72AAAE,0x655555,0x2AAAA], +//MConst:0x4017FD, + +/* BNT Curve */ +//MODTYPE:0, +//Modulus: [0xB4A713,0xBBFEEE,0xBABE9D,0x14F464,0x8A5556,0xD5F06E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401], +//MConst:0x14C4E5, + +/* BNT2 */ +//MODTYPE:0, +//Modulus: [0x60A48B,0xDC2BB4,0x51E8B2,0x28F0D6,0xCF93E4,0xD00081,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400], +//MConst:0x505CDD, + +/* NIST Modulus */ +// MODTYPE:0, +// Modulus: [0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x0,0x0,0x0,0x0,0x1,0xFFFF00,0xFFFF], +// MConst:0x1, + +/* MF254 Modulus */ +// MODTYPE:3, +// Modulus: [0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3F80], +// MConst:0x3F81, + +/* MS255 Modulus */ +//MODTYPE:1, +//Modulus: [0xFFFD03,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x7FFF], +//MConst:0x2FD, + +/* MS256 Modulus */ +//MODTYPE:1, +//Modulus: [0xFFFF43,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFF], +//MConst:0xBD, + +/* MF256 Modulus */ +//MODTYPE:3, +//Modulus: [0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFA7], +//MConst:0xFFA8, + +/* Brainpool Modulus */ +// MODTYPE:0, +// Modulus: [0x6E5377,0x481D1F,0x282013,0xD52620,0x3BF623,0x8D726E,0x909D83,0x3E660A,0xEEA9BC,0x57DBA1,0xA9FB], +// MConst:0xFD89B9, + +/* ANSSI Modulus */ +// MODTYPE:0, +// Modulus: [0x6E9C03,0xF353D8,0x6DE8FC,0xABC8CA,0x61ADBC,0x435B39,0xE8CE42,0x10126D,0x3AD58F,0x178C0B,0xF1FD], +// MConst:0x4E1155, + +/* Specify Curve here */ + +/* ED25519 Edwards */ +// CURVETYPE: 1, +// CURVE_A : -1, +// CURVE_B : [0x5978A3,0x4DCA13,0xAB75EB,0x4141D8,0x700A4D,0xE89800,0x797779,0x8CC740,0x6FFE73,0x6CEE2B,0x5203], +// CURVE_Order: [0xF5D3ED,0x631A5C,0xD65812,0xA2F79C,0xDEF9DE,0x14,0x0,0x0,0x0,0x0,0x1000], +// CURVE_Gx: [0x25D51A,0x2D608F,0xB2C956,0x9525A7,0x2CC760,0xDC5C69,0x31FDD6,0xC0A4E2,0x6E53FE,0x36D3CD,0x2169], +// CURVE_Gy: [0x666658,0x666666,0x666666,0x666666,0x666666,0x666666,0x666666,0x666666,0x666666,0x666666,0x6666], + +/* Curve25519 */ +// CURVETYPE: 2, +// CURVE_A : 486662, +// CURVE_B : [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +// CURVE_Order: [0xF5D3ED,0x631A5C,0xD65812,0xA2F79C,0xDEF9DE,0x14,0x0,0x0,0x0,0x0,0x1000], +// CURVE_Gx: [0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +// CURVE_Gy: [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], + +/* NIST Curve */ +// CURVETYPE:0, +// CURVE_A : -3, +// CURVE_B : [0xD2604B,0x3C3E27,0xF63BCE,0xCC53B0,0x1D06B0,0x86BC65,0x557698,0xB3EBBD,0x3A93E7,0x35D8AA,0x5AC6], +// CURVE_Order:[0x632551,0xCAC2FC,0x84F3B9,0xA7179E,0xE6FAAD,0xFFFFBC,0xFFFFFF,0xFFFFFF,0x0,0xFFFF00,0xFFFF], +// CURVE_Gx :[0x98C296,0x3945D8,0xA0F4A1,0x2DEB33,0x37D81,0x40F277,0xE563A4,0xF8BCE6,0x2C4247,0xD1F2E1,0x6B17], +// CURVE_Gy :[0xBF51F5,0x406837,0xCECBB6,0x6B315E,0xCE3357,0x9E162B,0x4A7C0F,0x8EE7EB,0x1A7F9B,0x42E2FE,0x4FE3], + +/* MF254 Modulus, Weierstrass Curve */ +//CURVETYPE:0, +//CURVE_A : -3, +//CURVE_B : [0xFFD08D,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3F80], +//CURVE_Order:[0x8DF83F,0x19C4AF,0xC06FA4,0xDA375,0x818BEA,0xFFFFEB,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3F80], +//CURVE_Gx :[0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +//CURVE_Gy :[0xD4EBC,0xDF37F9,0x31AD65,0xF85119,0xB738E3,0x8AEBDF,0x75BD77,0x4AE15A,0x2E5601,0x3FD33B,0x140E], + +/* MF254 Modulus, Edwards Curve */ +//CURVETYPE:1, +//CURVE_A : -1, +//CURVE_B : [0x367B,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +//CURVE_Order:[0x6E98C7,0xD3FEC4,0xB0EAF3,0x8BD62F,0x95306C,0xFFFFEB,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FFFFF,0xFE0], +//CURVE_Gx :[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +//CURVE_Gy :[0x2701E5,0xD0FDAF,0x187C52,0xE3212,0x329A84,0x3F4E36,0xD50236,0x951D00,0xA4C335,0xE690D6,0x19F0], + + +/* MF254 Modulus, Montgomery Curve */ +// CURVETYPE: 2, +// CURVE_A : -55790, +// CURVE_B : [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +// CURVE_Order: [0x6E98C7,0xD3FEC4,0xB0EAF3,0x8BD62F,0x95306C,0xFFFFEB,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FFFFF,0xFE0], +// CURVE_Gx: [0x3,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +// CURVE_Gy: [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], + +/* MS255 Modulus, Weierstrass Curve */ +//CURVETYPE:0, +//CURVE_A : -3, +//CURVE_B : [0xFFAB46,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x7FFF], +//CURVE_Order:[0x594AEB,0xAC983C,0xDFAB8F,0x3AD2B3,0x4A3828,0xFFFF86,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x7FFF], +//CURVE_Gx :[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +//CURVE_Gy :[0xCB44BA,0xFF6769,0xD1733,0xDDFDA6,0xB6C78C,0x7D177D,0xF9B2FF,0x921EBF,0xBA7833,0x6AC0ED,0x6F7A], + +/* MS255 Modulus, Edwards Curve */ +//CURVETYPE:1, +//CURVE_A : -1, +//CURVE_B : [0xEA97,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +//CURVE_Order:[0x36EB75,0xD1ED04,0x2EAC49,0xEDA683,0xF1A785,0xFFFFDC,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x1FFF], +//CURVE_Gx :[0x4,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +//CURVE_Gy :[0x8736A0,0x255BD0,0x45BA2A,0xED445A,0x914B8A,0x47E552,0xDD8E0C,0xEC254C,0x7BB545,0x78534A,0x26CB], + +/* MS255 Modulus, Montgomery Curve */ +// CURVETYPE: 2, +// CURVE_A : -240222, +// CURVE_B : [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +// CURVE_Order: [0x36EB75,0xD1ED04,0x2EAC49,0xEDA683,0xF1A785,0xFFFFDC,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x1FFF], +// CURVE_Gx: [0x4,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +// CURVE_Gy: [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], + +/* MS256 Modulus, Weierstrass Curve */ +//CURVETYPE:0, +//CURVE_A : -3, +//CURVE_B : [0x25581,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +//CURVE_Order:[0x51A825,0x202947,0x6020AB,0xEA265C,0x3C8275,0xFFFFE4,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFF], +//CURVE_Gx :[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +//CURVE_Gy :[0xB56C77,0x6306C2,0xC10BF4,0x75894E,0x2C2F93,0xDD6BD0,0x6CCEEE,0xFC82C9,0xE466D7,0x1853C1,0x696F], + +/* MS256 Modulus, Edwards Curve */ +//CURVETYPE:1, +//CURVE_A : -1, +//CURVE_B : [0x3BEE,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +//CURVE_Order:[0x22B4AD,0x4E6F11,0x64E5B8,0xD0A6BC,0x6AA55A,0xFFFFBE,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FFF], +//CURVE_Gx :[0xD,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +//CURVE_Gy :[0x1CADBA,0x6FB533,0x3F707F,0x824D30,0x2A6D63,0x46BFBE,0xB39FA0,0xA3D330,0x1276DB,0xB41E2A,0x7D0A], + +/* MS256 Modulus, Montgomery Curve */ +// CURVETYPE: 2, +// CURVE_A : -61370, +// CURVE_B : [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +// CURVE_Order:[0x22B4AD,0x4E6F11,0x64E5B8,0xD0A6BC,0x6AA55A,0xFFFFBE,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FFF], +// CURVE_Gx: [0xb,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +// CURVE_Gy: [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], + +/* MF256 Modulus, Weierstrass Curve */ +//CURVETYPE:0, +//CURVE_A : -3, +//CURVE_B : [0x14E6A,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +//CURVE_Order:[0x9857EB,0xC5E1A7,0x4B9D10,0xE6E507,0x517513,0xFFFFFC,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFA7], +//CURVE_Gx :[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +//CURVE_Gy :[0x724D2A,0x954C2B,0x661007,0x8D94DC,0x6947EB,0xAE2895,0x26123D,0x7BABBA,0x1808CE,0x7C87BE,0x2088], + +/* MF256 Modulus, Edwards Curve */ +//CURVETYPE:1, +//CURVE_A : -1, +//CURVE_B : [0x350A,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +//CURVE_Order:[0xEC7BAB,0x2EDED8,0xC966D9,0xB86733,0x54BBAF,0xFFFFB1,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FE9], +//CURVE_Gx :[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +//CURVE_Gy :[0xF3C908,0xA722F2,0x8D7DEA,0x8DFEA6,0xC05E64,0x1AACA0,0xF3DB2C,0xEAEBEE,0xCC4D5A,0xD4F8F8,0xDAD8], + +/* MF256 Modulus, Montgomery Curve */ +// CURVETYPE: 2, +// CURVE_A : -54314, +// CURVE_B : [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +// CURVE_Order:[0xEC7BAB,0x2EDED8,0xC966D9,0xB86733,0x54BBAF,0xFFFFB1,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FE9], +// CURVE_Gx: [0x8,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +// CURVE_Gy: [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], + +/* Brainpool */ +// CURVETYPE:0, +// CURVE_A : -3, +// CURVE_B : [0xE92B04,0x8101FE,0x256AE5,0xAF2F49,0x93EBC4,0x76B7BF,0x733D0B,0xFE66A7,0xD84EA4,0x61C430,0x662C], +// CURVE_Order:[0x4856A7,0xE8297,0xF7901E,0xB561A6,0x397AA3,0x8D718C,0x909D83,0x3E660A,0xEEA9BC,0x57DBA1,0xA9FB], +// CURVE_Gx :[0x1305F4,0x91562E,0x2B79A1,0x7AAFBC,0xA142C4,0x6149AF,0xB23A65,0x732213,0xCFE7B7,0xEB3CC1,0xA3E8], +// CURVE_Gy :[0x25C9BE,0xE8F35B,0x1DAB,0x39D027,0xBCB6DE,0x417E69,0xE14644,0x7F7B22,0x39C56D,0x6C8234,0x2D99], + +/* ANSSI */ +// CURVETYPE:0, +// CURVE_A : -3, +// CURVE_B : [0x7BB73F,0xED967B,0x803075,0xE4B1A1,0xEC0C9A,0xC00FDF,0x754A44,0xD4ABA,0x28A930,0x3FCA54,0xEE35], +// CURVE_Order:[0xD655E1,0xD459C6,0x941FFD,0x40D2BF,0xDC67E1,0x435B53,0xE8CE42,0x10126D,0x3AD58F,0x178C0B,0xF1FD], +// CURVE_Gx :[0x8F5CFF,0x7A2DD9,0x164C9,0xAF98B7,0x27D2DC,0x23958C,0x4749D4,0x31183D,0xC139EB,0xD4C356,0xB6B3], +// CURVE_Gy :[0x62CFB,0x5A1554,0xE18311,0xE8E4C9,0x1C307,0xEF8C27,0xF0F3EC,0x1F9271,0xB20491,0xE0F7C8,0x6142], + +/* HIFIVE */ +// CURVETYPE:1, +// CURVE_A : 1, +// CURVE_B : [0x2B67,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +// CURVE_Order:[0x1FA805,0x2B2E7D,0x29ECBE,0x3FC9DD,0xBD6B8,0x530A18,0x45057E,0x3,0x0,0x0,0x0,0x0,0x0,0x0,0x800], +// CURVE_Gx :[0xC,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +// CURVE_Gy :[0x7E8632,0xD0A0B,0x6C4AFB,0x501B2E,0x55650C,0x36DB6B,0x1FBD0D,0x61C08E,0x314B46,0x70A7A3,0x587401,0xC70E0,0x56502E,0x38C2D6,0x303], + +/* GOLDILOCKS */ +// CURVETYPE:1, +// CURVE_A : 1, +// CURVE_B : [0x7F6756,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7DFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FF], +// CURVE_Order:[0x5844F3,0x52556,0x548DE3,0x6E2C7A,0x4C2728,0x52042D,0x6BB58D,0x276DA4,0x23E9C4,0x7EF994,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x1FF], +// CURVE_Gx :[0x555555,0x2AAAAA,0x555555,0x2AAAAA,0x555555,0x2AAAAA,0x555555,0x2AAAAA,0x555555,0x52AAAA,0x2AAAAA,0x555555,0x2AAAAA,0x555555,0x2AAAAA,0x555555,0x2AAAAA,0x555555,0x2AAAAA,0x555], +// CURVE_Gy :[0x1386ED,0x779BD5,0x2F6BAB,0xE6D03,0x4B2BED,0x131777,0x4E8A8C,0x32B2C1,0x44B80D,0x6515B1,0x5F8DB5,0x426EBD,0x7A0358,0x6DDA,0x21B0AC,0x6B1028,0xDB359,0x15AE09,0x17A58D,0x570], + +/* C41417 */ +// CURVETYPE:1, +// CURVE_A : 1, +// CURVE_B : [0xE21,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +// CURVE_Order:[0x6AF79,0x69784,0x1B0E7,0x18F3C6,0x338AD,0xDBC70,0x6022B,0x533DC,0x3CC924,0x3FFFAC,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x7FFF], +// CURVE_Gx :[0xBC595,0x204BCF,0xC4FD3,0x14DF19,0x33FAA8,0x4C069,0x16BA11,0x2AD35B,0x1498A4,0x15FFCD,0x3EC7F,0x27D130,0xD4636,0x9B97F,0x631C3,0x8630,0x144330,0x241450,0x1A334], +// CURVE_Gy :[0x22,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], + +/* NIST384 */ +// CURVETYPE:0, +// CURVE_A : -3, +// CURVE_B : [0x6C2AEF,0x11DBA7,0x74AA17,0x51768C,0x6398D8,0x6B58CA,0x5404E1,0xA0447,0x411203,0x5DFD02,0x607671,0x4168C8,0x56BE3F,0x1311C0,0xFB9F9,0x17D3F1,0xB331], +// CURVE_Order:[0x452973,0x32D599,0x6BB3B0,0x45853B,0x20DB24,0x3BEB03,0x7D0DCB,0x31A6C0,0x7FFFC7,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0xFFFF], +// CURVE_Gx :[0x760AB7,0x3C70E4,0x30E951,0x7AA94B,0x2F25DB,0x470AA0,0x20950A,0x7BA0F0,0x1B9859,0x45174F,0x3874ED,0x56BA3,0x71EF32,0x71D638,0x22C14D,0x65115F,0xAA87], +// CURVE_Gy :[0x6A0E5F,0x3AF921,0x75E90C,0x6BF40C,0xB1CE1,0x18014C,0x6D7C2E,0x6D1889,0x147CE9,0x7A5134,0x63D076,0x16E14F,0xBF929,0x6BB3D3,0x98B1B,0x6F254B,0x3617], + +/* NIST521 */ +// CURVETYPE:0, +// CURVE_A : -3, +// CURVE_B : [0x503F00,0x3FA8D6,0x47BD14,0x6961A7,0x3DF883,0x60E6AE,0x4EEC6F,0x29605E,0x137B16,0x23D8FD,0x5864E5,0x84F0A,0x1918EF,0x771691,0x6CC57C,0x392DCC,0x6EA2DA,0x6D0A81,0x688682,0x50FC94,0x18E1C9,0x27D72C,0x1465], +// CURVE_Order:[0x386409,0x6E3D22,0x3AEDBE,0x4CE23D,0x5C9B88,0x3A0776,0x3DC269,0x6600A4,0x166B7F,0x77E5F,0x461A1E,0x7FFFD2,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFF], +// CURVE_Gx :[0x65BD66,0x7C6385,0x6FE5F9,0x2B5214,0xB3C18,0x1BC669,0x68BFEA,0xEE093,0x5928FE,0x6FDFCE,0x52D79,0x69EDD5,0x7606B4,0x3F0515,0x4FED48,0x409C82,0x429C64,0x472B68,0x7B2D98,0x4E6CF1,0x70404E,0x31C0D6,0x31A1], +// CURVE_Gy :[0x516650,0x28ED3F,0x222FA,0x139612,0x47086A,0x6C26A7,0x4FEB41,0x285C80,0x2640C5,0x32BDE8,0x5FB9CA,0x733164,0x517273,0x2F5F7,0x66D11A,0x2224AB,0x5998F5,0x58FA37,0x297ED0,0x22E4,0x9A3BC,0x252D4F,0x460E], + +/* BNCX Curve */ + + CURVETYPE:0, + CURVE_PAIRING_TYPE: 0, + CURVE_A : 0, + CURVE_B : [0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], + CURVE_Cof : [0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], + CURVE_Order:[0xEB1F6D,0xC0A636,0xCEBE11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400], + CURVE_Bnx:[0xC012B1,0x3,0x4000], + CURVE_Cru:[0x235C97,0x931794,0x5631E0,0x71EF87,0xBDDF64,0x3F1440,0xCA8,0x480000], + CURVE_Fra:[0xC80EA3,0x83355,0x215BD9,0xF173F8,0x677326,0x189868,0x8AACA7,0xAFE18B,0x3A0164,0x82FA6,0x1359], + CURVE_Frb:[0x534710,0x1BBC06,0xC0628D,0x269546,0xD863C7,0x4E3ABB,0xD9CDBC,0xDC53,0x3628A9,0xF7D062,0x10A6], + CURVE_Pxa:[0xD2EC74,0x1CEEE4,0x26C085,0xA03E27,0x7C85BF,0x4BBB90,0xF5C3,0x358B25,0x53B256,0x2D2C70,0x1968], + CURVE_Pxb:[0x29CFE1,0x8E8B2E,0xF47A5,0xC209C3,0x1B97B0,0x9743F8,0x37A8E9,0xA011C9,0x19F64A,0xB9EC3E,0x1466], + CURVE_Pya:[0xBE09F,0xFCEBCF,0xB30CFB,0x847EC1,0x61B33D,0xE20963,0x157DAE,0xD81E22,0x332B8D,0xEDD972,0xA79], + CURVE_Pyb:[0x98EE9D,0x4B2288,0xEBED90,0x69D2ED,0x864EA5,0x3461C2,0x512D8D,0x35C6E4,0xC4C090,0xC39EC,0x616], + CURVE_Gx :[0x1B55B2,0x23EF5C,0xE1BE66,0x18093E,0x3FD6EE,0x66D324,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400], + CURVE_Gy :[0x1], + +// Arrays must be padded! + + CURVE_W:[[0x2FEB83,0x634916,0x120054,0xB4038,0x0,0x60,0x0,0x0,0x0,0x0,0x0],[0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]], + CURVE_SB:[[[0xB010E4,0x63491D,0x128054,0xB4038,0x0,0x60,0x0,0x0,0x0,0x0,0x0], + [0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]], + [[0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], + [0xBB33EA,0x5D5D20,0xBCBDBD,0x188CE,0x3FD6EE,0x66D264,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400]]], + CURVE_WB:[[0x7A84B0,0x211856,0xB0401C,0x3C012,0x0,0x20,0x0,0x0,0x0,0x0,0x0], + [0x220475,0xF995BE,0x9A36CD,0xA8CA7F,0x7E94ED,0x2A0DC0,0x870,0x300000,0x0,0x0,0x0], + [0xF10B93,0xFCCAE0,0xCD3B66,0xD4653F,0x3F4A76,0x1506E0,0x438,0x180000,0x0,0x0,0x0], + [0xFAAA11,0x21185D,0xB0C01C,0x3C012,0x0,0x20,0x0,0x0,0x0,0x0,0x0]], + CURVE_BB:[[[0x2B0CBD,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400], + [0x2B0CBC,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400], + [0x2B0CBC,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400], + [0x802562,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]], + [[0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], + [0x2B0CBC,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400], + [0x2B0CBD,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400], + [0x2B0CBC,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400]], + [[0x802562,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], + [0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], + [0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], + [0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]], + [[0xC012B2,0x3,0x4000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], + [0x4AC2,0xF,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], + [0x6AFA0A,0xC0A62F,0xCE3E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400], + [0xC012B2,0x3,0x4000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]]], + +/* BNT Curve */ +/* +CURVETYPE:0, +CURVE_PAIRING_TYPE: 0, +CURVE_A : 0, +CURVE_B : [0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +CURVE_Cof : [0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +CURVE_Order:[0x30210D,0x777E8D,0x363A75,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401], +CURVE_Bnx:[0x4081,0x806000,0x4000], +CURVE_Cru:[0x4FCD87,0x53D5AB,0x1FADEB,0xF2BAB1,0x4C82A5,0x4C976,0x476515,0x4801B1], +CURVE_Fra:[0xC80022,0xD14EAD,0xE359F5,0xD6FACC,0x6C4904,0x3211BE,0xF190A1,0x4F6509,0xBBC439,0xA292C9,0x1328], +CURVE_Frb:[0xECA6F1,0xEAB040,0xD764A7,0x3DF997,0x1E0C51,0xA3DEB0,0x450657,0xAAA6A1,0x5B3D15,0x7E489B,0x10D8], +CURVE_Pxa:[0x8E65BB,0x87E228,0x13BE89,0x1CAA63,0xCC00AD,0x548B7C,0x325041,0xBCC055,0xC1339E,0x3FCD04,0x1448], +CURVE_Pxb:[0xDBE2C0,0x888808,0x853A67,0xF81E34,0x957FE1,0x51B57B,0xA631A,0xDA3FC5,0x4EC302,0x46B338,0x87F], +CURVE_Pya:[0x20CA1D,0x2C47E0,0xF36C20,0x7E8399,0x4CB416,0x9F72C9,0xC6E543,0x4A2C69,0x2B0BD7,0xC29C10,0x14E8], +CURVE_Pyb:[0x6628F2,0x437C71,0xDC6BD8,0x67BCB7,0xA27E1,0x72681D,0xA82C75,0xEDEC18,0x454BD1,0xE2A462,0x17AF], +CURVE_Gx :[0xB4A712,0xBBFEEE,0xBABE9D,0x14F464,0x8A5556,0xD5F06E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401], +CURVE_Gy :[0x1], +CURVE_W:[[0x838403,0x430061,0x838426,0x824199,0x18121,0x60,0x0,0x0,0x0,0x0,0x0],[0x8101,0xC000,0x8001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]], +CURVE_SB:[[[0x840504,0x43C061,0x840427,0x824199,0x18121,0x60,0x0,0x0,0x0,0x0,0x0], + [0x8101,0xC000,0x8001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]], + [[0x8101,0xC000,0x8001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], + [0xAC9D0A,0x347E2B,0xB2B64F,0x107131,0x875313,0xD5EFAE,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401]]], +CURVE_WB:[[0x80C080,0x406020,0x80C161,0x80C088,0x8060,0x20,0x0,0x0,0x0,0x0,0x0], + [0x8C4A85,0x390408,0x6C36B5,0xA352DC,0xDEAD2F,0x58868E,0xDA4363,0x300120,0x0,0x0,0x0], + [0x464583,0xDCB204,0x363B5A,0xD1A96E,0x6F5697,0xAC4347,0x6D21B1,0x180090,0x0,0x0,0x0], + [0x814181,0x412020,0x814162,0x80C088,0x8060,0x20,0x0,0x0,0x0,0x0,0x0]], +CURVE_BB:[[[0x2FE08D,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401], + [0x2FE08C,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401], + [0x2FE08C,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401], + [0x8102,0xC000,0x8001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]], + [[0x8101,0xC000,0x8001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], + [0x2FE08C,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401], + [0x2FE08D,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401], + [0x2FE08C,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401]], + [[0x8102,0xC000,0x8001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], + [0x8101,0xC000,0x8001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], + [0x8101,0xC000,0x8001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], + [0x8101,0xC000,0x8001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]], + [[0x4082,0x806000,0x4000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], + [0x10202,0x18000,0x10002,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], + [0x2FA00A,0x76BE8D,0x35BA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401], + [0x4082,0x806000,0x4000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]]], + +*/ + +/* BNT2 Curve */ +/* +CURVETYPE:0, +CURVE_PAIRING_TYPE: 0, +CURVE_A : 0, +CURVE_B : [0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +CURVE_Cof : [0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +CURVE_Order:[0xAA2BF5,0x71A511,0x33D7FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400], +CURVE_Bnx:[0x608205,0x20100,0x4000], +CURVE_Cru:[0x66BD33,0x274448,0xEFB50,0x301647,0x755B77,0xECF236,0xC3617B,0x480006], +CURVE_Fra:[0xAEF062,0x68C973,0xE492B2,0x33C3BC,0xBCC69B,0x7F195B,0xF67FA3,0xBD0A41,0xE8CAB6,0xB8D29,0x124E], +CURVE_Frb:[0xB1B429,0x736240,0x6D5600,0xF52D19,0x12CD48,0x50E726,0x18BBE6,0xFA43DE,0x268FF6,0xF8F517,0x11B1], +CURVE_Pxa:[0x40A3C8,0x92399F,0x784ACC,0xE96611,0x35CDA4,0x61706B,0x7B0569,0x8279D7,0x93C631,0x17CF96,0x16FC], +CURVE_Pxb:[0x549540,0x7A8AD8,0x61055,0xE6F651,0xDB6F7B,0xA95D17,0x565907,0x9C8188,0x597590,0xB500BD,0x1EB5], +CURVE_Pya:[0x220513,0xECC514,0x7B147B,0x860E73,0x844A78,0x35F126,0x51B839,0x9D4DFA,0x1422AA,0xE49876,0x1E8E], +CURVE_Pyb:[0x7CE78E,0x328F57,0x781FB9,0xE26FA5,0x7EB746,0x1FB8E2,0xA93DBC,0xA29D76,0xE33BDB,0xF4CDBA,0x23CE], +CURVE_Gx :[0x60A48A,0xDC2BB4,0x51E8B2,0x28F0D6,0xCF93E4,0xD00081,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400], +CURVE_Gy :[0x1], +CURVE_W:[[0x347083,0x6282A1,0x1D10B7,0x1399E,0x603,0x60,0x0,0x0,0x0,0x0,0x0], + [0xC10409,0x40200,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]], +CURVE_SB:[[[0xF5748C,0x6684A1,0x1D90B7,0x1399E,0x603,0x60,0x0,0x0,0x0,0x0,0x0], + [0xC10409,0x40200,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]], + [[0xC10409,0x40200,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], + [0x75BB72,0xF2270,0x16C744,0x267D9A,0xCF87DE,0xCFFFC1,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400]]], +CURVE_WB:[[0x70A224,0x72D48A,0x94592,0x688A,0x201,0x20,0x0,0x0,0x0,0x0,0x0], + [0x30EF19,0x572CF0,0x721D5A,0x763543,0xA39651,0x48A1B9,0x8240FD,0x300004,0x0,0x0,0x0], + [0x48B88F,0x2C96F8,0xB92EAD,0xBB1AA1,0xD1CB28,0xA450DC,0x41207E,0x180002,0x0,0x0,0x0], + [0x31A62D,0x76D68B,0x9C592,0x688A,0x201,0x20,0x0,0x0,0x0,0x0,0x0]], +CURVE_BB:[[[0x49A9F1,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400], + [0x49A9F0,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400], + [0x49A9F0,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400], + [0xC1040A,0x40200,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]], + [[0xC10409,0x40200,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], + [0x49A9F0,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400], + [0x49A9F1,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400], + [0x49A9F0,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400]], + [[0xC1040A,0x40200,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], + [0xC10409,0x40200,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], + [0xC10409,0x40200,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], + [0xC10409,0x40200,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]], + [[0x608206,0x20100,0x4000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], + [0x820812,0x80401,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], + [0xE927EA,0x6DA310,0x3357FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400], + [0x608206,0x20100,0x4000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]]], +*/ + +/* BN254 Curve */ +/* +CURVETYPE:0, +CURVE_PAIRING_TYPE: 0, +CURVE_A : 0, +CURVE_B : [0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +CURVE_Cof : [0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +CURVE_Order:[0xD,0x0,0x10A100,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523], +CURVE_Bnx:[0x1,0x0,0x4080], +CURVE_Cru:[0x7,0x0,0x6CD80,0x0,0x90000,0x249,0x400000,0x49B362], +CURVE_Fra:[0x2A6DE9,0xE6C06F,0xC2E17D,0x4D3F77,0x97492,0x953F85,0x50A846,0xB6499B,0x2E7C8C,0x761921,0x1B37], +CURVE_Frb:[0xD5922A,0x193F90,0x50C582,0xB2C088,0x178B6D,0x6AC8DC,0x2F57B9,0x3EAB2,0xD18375,0xEE691E,0x9EB], +CURVE_Pxa:[0x3FB2B,0x4224C8,0xD91EE,0x4898BF,0x648BBB,0xEDB6A4,0x7E8C61,0xEB8D8C,0x9EB62F,0x10BB51,0x61A], +CURVE_Pxb:[0xD54CF3,0x34C1E7,0xB70D8C,0xAE3784,0x4D746B,0xAA5B1F,0x8C5982,0x310AA7,0x737833,0xAAF9BA,0x516], +CURVE_Pya:[0xCD2B9A,0xE07891,0xBD19F0,0xBDBE09,0xBD0AE6,0x822329,0x96698C,0x9A90E0,0xAF9343,0x97A06B,0x218], +CURVE_Pyb:[0x3ACE9B,0x1AEC6B,0x578A2D,0xD739C9,0x9006FF,0x8D37B0,0x56F5F3,0x8F6D44,0x8B1526,0x2B0E7C,0xEBB], +CURVE_Gx :[0x12,0x0,0x13A700,0x0,0x210000,0x861,0x800000,0xBA344D,0x1,0x648240,0x2523], +CURVE_Gy :[0x1], +CURVE_W:[[0x3,0x0,0x20400,0x0,0x818000,0x61,0x0,0x0,0x0,0x0,0x0],[0x1,0x0,0x8100,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]], +CURVE_SB:[[[0x4,0x0,0x28500,0x0,0x818000,0x61,0x0,0x0,0x0,0x0,0x0],[0x1,0x0,0x8100,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x1,0x0,0x8100,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0xA,0x0,0xE9D00,0x0,0x1E0000,0x79E,0x800000,0xBA344D,0x1,0x648240,0x2523]]], +CURVE_WB:[[0x0,0x0,0x4080,0x0,0x808000,0x20,0x0,0x0,0x0,0x0,0x0],[0x5,0x0,0x54A80,0x0,0x70000,0x1C7,0x800000,0x312241,0x0,0x0,0x0],[0x3,0x0,0x2C580,0x0,0x838000,0xE3,0xC00000,0x189120,0x0,0x0,0x0],[0x1,0x0,0xC180,0x0,0x808000,0x20,0x0,0x0,0x0,0x0,0x0]], +CURVE_BB:[[[0xD,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0xC,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0xC,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0x2,0x0,0x8100,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x1,0x0,0x8100,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0xC,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0xD,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0xC,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523]],[[0x2,0x0,0x8100,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x0,0x8100,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x0,0x8100,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x0,0x8100,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x2,0x0,0x4080,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x2,0x0,0x10200,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0xA,0x0,0x102000,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0x2,0x0,0x4080,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]]], +*/ + +/* BN454 Curve */ +/* +CURVETYPE:0, +CURVE_PAIRING_TYPE: 0, +CURVE_A : 0, + +CURVE_Order:[0xD,0x8400,0x780000,0x100003,0x2006C4,0x49F88,0x513F00,0x610000,0x7C0091,0x7C03A9,0x36A21,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9090,0x1B000,0x24000,0x12000], +CURVE_B: [0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +CURVE_Cof: [0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +CURVE_Gx:[0x12,0x9C00,0x100000,0x700004,0x6006C4,0x4A109,0x514200,0x640000,0x80091,0x803AA,0x36A22,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9090,0x1B000,0x24000,0x12000], +CURVE_Gy:[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], + +CURVE_Bnx:[0x1,0x200,0x0,0x80000,0x100000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +CURVE_Cru:[0x7,0x3600,0x100000,0x580001,0x300121,0x903,0xD9200,0x2D0000,0x480000,0x48006C,0x1B0,0x91B0,0x36000,0x6C000,0x48000,0x0,0x0,0x0,0x0,0x0], +CURVE_Fra:[0x73B0EC,0x393FAA,0x6E0C0B,0x1D485C,0x2EEE6C,0x62FD8F,0x4D280A,0x6E835B,0x2D6A87,0x37B2AC,0x568803,0x7657E5,0x129326,0x3B9C4D,0x67175B,0x159909,0x61CCD9,0x4D0FD7,0x7B1C9E,0x973C], +CURVE_Frb:[0xC4F27,0x475C55,0x21F3F4,0x52B7A7,0x311858,0x21A37A,0x419F5,0x757CA5,0x5A9609,0x5050FD,0x2CE21E,0x1A923A,0xF2CD9,0x6CE3C5,0x33E910,0x6A79CE,0x1EC3B6,0x34A028,0x72361,0x88C3], +CURVE_Pxa:[0x702B14,0x775841,0x6C7EE8,0x786615,0x3C30BE,0x5FFE6D,0x1AD7F3,0x77F16D,0x1FE1E7,0x5DBF8,0x5150DA,0x4BCA41,0x2D66CC,0x197743,0x6ED766,0x57F0B1,0x68F14A,0x2A106C,0x53E035,0xA01E], +CURVE_Pxb:[0x5BF266,0x5A1D88,0x5BA701,0x3C11E1,0x65ACBB,0x378A46,0x91E43,0x7E9723,0x72F769,0x77CD,0x5C7782,0x554A8C,0x7BA9E2,0x7CACCA,0x5CDFA,0x6A92C2,0x4B1E40,0x5D002,0x35A785,0xACA9], +CURVE_Pya:[0x1B15C7,0x56D77C,0x2D24E6,0x2AAE36,0x726024,0x69F6BB,0x194651,0x2338E2,0x7C5DD5,0x44EF51,0x3EAAEA,0x774179,0x300871,0xC9875,0x289B87,0x3D07F0,0x12C528,0x578DB6,0x10011E,0xEB3D], +CURVE_Pyb:[0x571D60,0x4DF6C0,0x63B043,0x3D8946,0x127184,0x4CB8FD,0x349D4E,0x45F387,0x743376,0x4C096,0x6145D7,0x408801,0x4F0B46,0x578BD4,0x432922,0x1F6C8F,0x753F90,0x5935B,0x8D821,0x4BB7], +CURVE_W:[[0x3,0x1000,0x180000,0x400000,0x0,0x181,0x300,0x30000,0xC0000,0xC0000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x400,0x0,0x100000,0x200000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]], +CURVE_SB:[[[0x4,0x1400,0x180000,0x500000,0x200000,0x181,0x300,0x30000,0xC0000,0xC0000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x400,0x0,0x100000,0x200000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x1,0x400,0x0,0x100000,0x200000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0xA,0x7400,0x600000,0x500003,0x2006C3,0x49E07,0x513C00,0x5E0000,0x700091,0x7003A9,0x36A21,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9090,0x1B000,0x24000,0x12000]]], +CURVE_WB:[[0x0,0x200,0x80000,0x80000,0x100000,0x80,0x100,0x10000,0x40000,0x40000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x5,0x2A00,0x700000,0x280000,0x5000C1,0x702,0x90E00,0x200000,0x380000,0x380048,0x120,0x6120,0x24000,0x48000,0x30000,0x0,0x0,0x0,0x0,0x0],[0x3,0x1600,0x380000,0x580000,0x300060,0x381,0x48700,0x100000,0x1C0000,0x1C0024,0x90,0x3090,0x12000,0x24000,0x18000,0x0,0x0,0x0,0x0,0x0],[0x1,0x600,0x80000,0x180000,0x300000,0x80,0x100,0x10000,0x40000,0x40000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]], +CURVE_BB:[[[0xD,0x8200,0x780000,0x80003,0x1006C4,0x49F88,0x513F00,0x610000,0x7C0091,0x7C03A9,0x36A21,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9090,0x1B000,0x24000,0x12000],[0xC,0x8200,0x780000,0x80003,0x1006C4,0x49F88,0x513F00,0x610000,0x7C0091,0x7C03A9,0x36A21,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9090,0x1B000,0x24000,0x12000],[0xC,0x8200,0x780000,0x80003,0x1006C4,0x49F88,0x513F00,0x610000,0x7C0091,0x7C03A9,0x36A21,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9090,0x1B000,0x24000,0x12000],[0x2,0x400,0x0,0x100000,0x200000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x1,0x400,0x0,0x100000,0x200000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0xC,0x8200,0x780000,0x80003,0x1006C4,0x49F88,0x513F00,0x610000,0x7C0091,0x7C03A9,0x36A21,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9090,0x1B000,0x24000,0x12000],[0xD,0x8200,0x780000,0x80003,0x1006C4,0x49F88,0x513F00,0x610000,0x7C0091,0x7C03A9,0x36A21,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9 090,0x1B000,0x24000,0x12000],[0xC,0x8200,0x780000,0x80003,0x1006C4,0x49F88,0x513F00,0x610000,0x7C0091,0x7C03A9,0x36A21,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9090,0x1B000,0x24000,0x12000]],[[0x2,0x400,0x0,0x100000,0x200000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x400,0x0,0x100000,0x200000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x400,0x0,0x100000,0x200000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x400,0x0,0x100000,0x200000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x2,0x200,0x0,0x80000,0x100000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x2,0x800,0x0,0x200000,0x400000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0xA,0x8000,0x780000,0x3,0x6C4,0x49F88,0x513F00,0x610000,0x7C0091,0x7C03A9,0x36A21,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9090,0x1B000,0x24000,0x12000],[0x2,0x200,0x0,0x80000,0x100000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x 0,0x0,0x0,0x0]]], +*/ + +/* BLS455 Curve */ +/* +CURVETYPE:0, +CURVE_PAIRING_TYPE: 1, +CURVE_A : 0, + +CURVE_Order:[0x400001,0xFFFFF,0x70000,0x20000,0xA0000,0x3A200,0x1D400,0x12F00,0x4F00,0x1E20,0xB80,0x1C0,0x80,0x20,0x0,0x0,0x0,0x0,0x0,0x0], +CURVE_B: [0xA,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +CURVE_Cof: [0x3FFAAB,0x2FFF55,0x2DAA55,0x2DAA55,0x2B1555,0x2AD555,0x1555,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +CURVE_Gx:[0x7CEDD1,0xBBBFB,0x3EDB53,0x59D01A,0x5C6F43,0x38E4A6,0x55A95E,0xBF82D,0x611B32,0x6571D9,0xE4AC7,0x5867F4,0x1F342A,0x6CF329,0x47B8C9,0x76D2C8,0x4C56AB,0xBC81,0x57CECC,0xC42], +CURVE_Gy:[0x619B9B,0x7AF34C,0x219013,0x6B7D01,0x1D80A5,0x34926D,0xC8B64,0x477391,0x1C1E96,0x5CB086,0x7D7EC7,0x4A9C00,0x4A9BC8,0x3C711D,0x7503FA,0x6B6FD7,0x43DEB0,0x7130BF,0x6DDFA7,0xCD46], + +CURVE_Bnx:[0x800,0x100,0x80,0x80,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +CURVE_Cru:[0xAA9,0x5FF800,0xAA480,0x7A51BB,0x7A5190,0x1FD921,0x6F7552,0x54595C,0x33A586,0x68D3B6,0x76675E,0x1AA657,0x491731,0x7FCD2B,0x2340BF,0x77ADA,0x2A900E,0x72AAAE,0x655555,0x2AAAA], +CURVE_Fra:[0x2EBF21,0x1F7B94,0x590273,0x399BCC,0x72F54A,0xA930A,0x7E21D5,0x23940C,0x51F853,0x778395,0x13C08A,0x6A1ACA,0x282CD7,0x61EF7,0x3E0634,0x53A2CA,0x5C0016,0x397C75,0x125CFB,0x1CBF5], +CURVE_Frb:[0x51438A,0x60876B,0x1A80C,0x1FB97E,0x65A00C,0x18E1CD,0x2D1846,0x4A38BD,0x42C060,0x3275D0,0x1BA45A,0x9650,0x3B78DA,0x1CDD4,0x667A8C,0x34280F,0x4E9FF7,0x392E38,0x52F85A,0xDEB5], +CURVE_Pxa:[0x41F542,0x3E41E1,0x4011D,0x7C2B3F,0x5D6070,0x7AEECC,0x262ECC,0xEBC03,0x153172,0x6D0BDA,0x1271C7,0x762DB5,0x303D3F,0x2A79D6,0x4193FD,0x31C6F7,0x31B4C4,0x181D34,0x4BEA00,0x17658], +CURVE_Pxb:[0x49F03D,0xDDCCE,0x4BA642,0x2D62F7,0x9A55A,0x5402DD,0x3B3623,0x33DA0D,0x6163E0,0x48A1FC,0x25BD88,0x70E471,0x755066,0x664DD0,0x486521,0x2CD407,0xBEAEE,0x5B7F76,0x7F3819,0x767], +CURVE_Pya:[0x1A77F4,0x6B48B0,0x42A0C8,0x5BD3F0,0x70F367,0x2B73B3,0x1299B5,0x647D06,0xD6EC4,0x7ECBC,0x7B0BBC,0x4CE0D4,0x1C7DC2,0x1F4B59,0x4F2887,0x221922,0x2BB9C5,0x7B9AB,0x76429B,0x11238], +CURVE_Pyb:[0x1FDBA2,0x76DB3C,0x55BD04,0x9ED01,0x7E6309,0x111C54,0x4F66B1,0x2FDE48,0x340158,0x4F9EC3,0x27B5CB,0xD90E4,0x656D80,0xAB1F2,0x487BB8,0x4C7CF4,0x3CFC86,0x256F60,0xF2A0F,0x19A8], + +// not used +CURVE_W:[[],[]], +CURVE_SB:[[[],[]],[[],[]]], +CURVE_WB:[[],[],[],[]], +CURVE_BB:[[[],[],[],[]],[[],[],[],[]],[[],[],[],[]],[[],[],[],[]]], +*/ + + +/* BLS383 Curve */ +/* +CURVETYPE:0, +CURVE_PAIRING_TYPE: 1, +CURVE_A : 0, + +CURVE_Order:[0x7FF001,0x700001,0x6003FF,0x387F3,0x4BFDE0,0xBDBE3,0x127,0x3D18,0x7F910,0x198800,0x190401,0xA,0x0,0x0,0x0,0x0,0x0], +CURVE_B: [0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +CURVE_Cof: [0x52B,0x54000,0x328000,0x555559,0x55560A,0xC0A,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +CURVE_Gx:[0x10786B,0x36691A,0x2B4356,0x71FAA,0x33477C,0xAF173,0x496DCD,0x37B2DF,0x4007BB,0x389ED5,0x3FD5FA,0x7EAC18,0x6EC02E,0x3F11F6,0x262B6E,0x67725E,0xB08], +CURVE_Gy:[0x145DDB,0x34047A,0x5F3017,0x462FF7,0x713F51,0x5654CD,0x3B0D18,0x492FAB,0x19C7A,0x7D2DE6,0x660488,0x30823,0x5BE599,0x215B1E,0x1C4120,0x499BB,0x1F39], + +CURVE_Bnx:[0x40,0x2000,0x44000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], +CURVE_Cru:[0x2155A9,0x5589DB,0x78F68E,0x43B0F2,0x5DF2FE,0x4C64C4,0x37EAB7,0x1AD35E,0x128D30,0x6A246,0x6FAB5A,0x5F9D15,0x24190D,0x756408,0x7DD717,0x104054,0x7AC5], +CURVE_Fra:[0x34508B,0x4B3525,0x4D0CAE,0x503777,0x463DB7,0x3BF78E,0xD072C,0x2AE9A0,0x69D32D,0x282C73,0x1730DB,0xCD9F8,0x6AB98B,0x7DC9B0,0x1CBCC8,0x7D8CC3,0x5A5], +CURVE_Frb:[0x7904E0,0xA352F,0x28DE04,0x537843,0x3B7D49,0x6FB715,0x4FBAE2,0x4AA1C7,0x183C6C,0x3BDDEF,0x5272CD,0x532FB2,0x3FBEC7,0x22EEF9,0x611A4F,0x12B391,0x751F], +CURVE_Pxa:[0x2C9472,0x3310B7,0xDB581,0xEF16E,0x77C4D3,0x119114,0x72430C,0x447E5E,0x1971C6,0x4E53E0,0x710FC5,0x349A9C,0x6B8BF3,0x4B4AC3,0x2FF607,0x3915AB,0x4D50], +CURVE_Pxb:[0x72AB23,0x17AF44,0x73A26D,0x6A7A26,0x47AF19,0x640D46,0x5BDEE4,0xCFD9F,0x53E2A8,0x5CAE3B,0x58D75F,0x515D1D,0x1A1263,0x18F018,0x16EB0A,0x30BE1F,0xEE3], +CURVE_Pya:[0x7BD4FD,0x24612E,0x7F1A07,0x3906FE,0x40B660,0x191341,0x7F2564,0x143D20,0x3CF878,0x4A5C3F,0x53BB9,0x8E118,0x3325E0,0x7102D7,0x170A21,0x42CD0,0x8F4], +CURVE_Pyb:[0x2C4CE6,0x44144A,0x32297,0x3A57FA,0x35907A,0x4891DE,0x5D8290,0x50CCA0,0x2B0FD,0x13FFDF,0x6353A9,0x794D0,0x4997BA,0x6F70DC,0x4AB1F,0x5DD446,0x1DCA], + +// not used +CURVE_W:[[],[]], +CURVE_SB:[[[],[]],[[],[]]], +CURVE_WB:[[],[],[],[]], +CURVE_BB:[[[],[],[],[]],[[],[],[],[]],[[],[],[],[]],[[],[],[],[]]], + +*/ + + USE_GLV: false, + USE_GS_G2: false, + USE_GS_GT: false, + GT_STRONG: false, + + debug: false, + + +// AES constants + + ECB:0, + CBC:1, + CFB1:2, + CFB2:3, + CFB4:5, + OFB1:14, + OFB2:15, + OFB4:17, + OFB8:21, + OFB16:29, + CTR1:30, + CTR2:31, + CTR4:33, + CTR8:37, + CTR16:45, + +// GCM constants + + GCM_ACCEPTING_HEADER:0, + GCM_ACCEPTING_CIPHER:1, + GCM_NOT_ACCEPTING_MORE:2, + GCM_FINISHED:3, + GCM_ENCRYPTING:0, + GCM_DECRYPTING:1 + +}; + +ROM.MODINV=(Math.pow(2,-ROM.BASEBITS)) +ROM.NLEN=(1+(Math.floor((ROM.MODBITS-1)/ROM.BASEBITS))); +ROM.DNLEN=2*ROM.NLEN; +ROM.BMASK=(1<<ROM.BASEBITS)-1; +ROM.MODBYTES=(1+(Math.floor((ROM.MODBITS-1)/8))); +ROM.NEXCESS=(1<<(ROM.CHUNK-ROM.BASEBITS-1)); // 2^(CHUNK-BASEBITS-1) +ROM.FEXCESS=(1<<(ROM.BASEBITS*ROM.NLEN-ROM.MODBITS)); // 2^(BASEBITS*NLEN-MODBITS) +ROM.OMASK=(-1)<<ROM.TBITS; +ROM.TBITS=ROM.MODBITS%ROM.BASEBITS; +ROM.TMASK=(1<<ROM.TBITS)-1; +ROM.BIGBITS=(8*ROM.MODBYTES); + +ROM.FF_BITS=(ROM.BIGBITS*ROM.FFLEN); +ROM.HFLEN=(ROM.FFLEN/2); /* Useful for half-size RSA private key operations */
