charm-crypto-framework 0.61.1__cp313-cp313-macosx_10_13_universal2.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- charm/__init__.py +5 -0
- charm/adapters/__init__.py +0 -0
- charm/adapters/abenc_adapt_hybrid.py +90 -0
- charm/adapters/dabenc_adapt_hybrid.py +145 -0
- charm/adapters/ibenc_adapt_hybrid.py +72 -0
- charm/adapters/ibenc_adapt_identityhash.py +80 -0
- charm/adapters/kpabenc_adapt_hybrid.py +91 -0
- charm/adapters/pkenc_adapt_bchk05.py +121 -0
- charm/adapters/pkenc_adapt_chk04.py +91 -0
- charm/adapters/pkenc_adapt_hybrid.py +98 -0
- charm/adapters/pksig_adapt_naor01.py +89 -0
- charm/config.py +7 -0
- charm/core/__init__.py +0 -0
- charm/core/benchmark/benchmark_util.c +353 -0
- charm/core/benchmark/benchmark_util.h +61 -0
- charm/core/benchmark/benchmarkmodule.c +476 -0
- charm/core/benchmark/benchmarkmodule.h +162 -0
- charm/core/benchmark.cpython-313-darwin.so +0 -0
- charm/core/crypto/AES/AES.c +1464 -0
- charm/core/crypto/AES.cpython-313-darwin.so +0 -0
- charm/core/crypto/DES/DES.c +113 -0
- charm/core/crypto/DES.cpython-313-darwin.so +0 -0
- charm/core/crypto/DES3/DES3.c +26 -0
- charm/core/crypto/DES3.cpython-313-darwin.so +0 -0
- charm/core/crypto/__init__.py +0 -0
- charm/core/crypto/cryptobase/XOR.c +80 -0
- charm/core/crypto/cryptobase/_counter.c +496 -0
- charm/core/crypto/cryptobase/_counter.h +54 -0
- charm/core/crypto/cryptobase/block_template.c +900 -0
- charm/core/crypto/cryptobase/block_template.h +69 -0
- charm/core/crypto/cryptobase/cryptobasemodule.c +220 -0
- charm/core/crypto/cryptobase/libtom/tomcrypt.h +90 -0
- charm/core/crypto/cryptobase/libtom/tomcrypt_argchk.h +44 -0
- charm/core/crypto/cryptobase/libtom/tomcrypt_cfg.h +186 -0
- charm/core/crypto/cryptobase/libtom/tomcrypt_cipher.h +941 -0
- charm/core/crypto/cryptobase/libtom/tomcrypt_custom.h +556 -0
- charm/core/crypto/cryptobase/libtom/tomcrypt_des.c +1912 -0
- charm/core/crypto/cryptobase/libtom/tomcrypt_hash.h +407 -0
- charm/core/crypto/cryptobase/libtom/tomcrypt_mac.h +496 -0
- charm/core/crypto/cryptobase/libtom/tomcrypt_macros.h +435 -0
- charm/core/crypto/cryptobase/libtom/tomcrypt_math.h +534 -0
- charm/core/crypto/cryptobase/libtom/tomcrypt_misc.h +103 -0
- charm/core/crypto/cryptobase/libtom/tomcrypt_pk.h +653 -0
- charm/core/crypto/cryptobase/libtom/tomcrypt_pkcs.h +90 -0
- charm/core/crypto/cryptobase/libtom/tomcrypt_prng.h +199 -0
- charm/core/crypto/cryptobase/stream_template.c +271 -0
- charm/core/crypto/cryptobase/strxor.c +229 -0
- charm/core/crypto/cryptobase.cpython-313-darwin.so +0 -0
- charm/core/engine/__init__.py +5 -0
- charm/core/engine/protocol.py +293 -0
- charm/core/engine/util.py +174 -0
- charm/core/math/__init__.py +0 -0
- charm/core/math/elliptic_curve/ecmodule.c +1986 -0
- charm/core/math/elliptic_curve/ecmodule.h +230 -0
- charm/core/math/elliptic_curve.cpython-313-darwin.so +0 -0
- charm/core/math/elliptic_curve.pyi +63 -0
- charm/core/math/integer/integermodule.c +2539 -0
- charm/core/math/integer/integermodule.h +145 -0
- charm/core/math/integer.cpython-313-darwin.so +0 -0
- charm/core/math/integer.pyi +76 -0
- charm/core/math/pairing/miracl/miracl_config.h +37 -0
- charm/core/math/pairing/miracl/miracl_interface.h +118 -0
- charm/core/math/pairing/miracl/miracl_interface2.h +126 -0
- charm/core/math/pairing/miracl/pairingmodule2.c +2094 -0
- charm/core/math/pairing/miracl/pairingmodule2.h +307 -0
- charm/core/math/pairing/pairingmodule.c +2230 -0
- charm/core/math/pairing/pairingmodule.h +241 -0
- charm/core/math/pairing/relic/pairingmodule3.c +1853 -0
- charm/core/math/pairing/relic/pairingmodule3.h +233 -0
- charm/core/math/pairing/relic/relic_interface.c +1337 -0
- charm/core/math/pairing/relic/relic_interface.h +217 -0
- charm/core/math/pairing/relic/test_relic.c +171 -0
- charm/core/math/pairing.cpython-313-darwin.so +0 -0
- charm/core/math/pairing.pyi +69 -0
- charm/core/utilities/base64.c +248 -0
- charm/core/utilities/base64.h +15 -0
- charm/schemes/__init__.py +0 -0
- charm/schemes/abenc/__init__.py +0 -0
- charm/schemes/abenc/abenc_accountability_jyjxgd20.py +647 -0
- charm/schemes/abenc/abenc_bsw07.py +146 -0
- charm/schemes/abenc/abenc_ca_cpabe_ar17.py +684 -0
- charm/schemes/abenc/abenc_dacmacs_yj14.py +298 -0
- charm/schemes/abenc/abenc_lsw08.py +159 -0
- charm/schemes/abenc/abenc_maabe_rw15.py +236 -0
- charm/schemes/abenc/abenc_maabe_yj14.py +297 -0
- charm/schemes/abenc/abenc_tbpre_lww14.py +309 -0
- charm/schemes/abenc/abenc_unmcpabe_yahk14.py +223 -0
- charm/schemes/abenc/abenc_waters09.py +144 -0
- charm/schemes/abenc/abenc_yct14.py +208 -0
- charm/schemes/abenc/abenc_yllc15.py +178 -0
- charm/schemes/abenc/ac17.py +248 -0
- charm/schemes/abenc/bsw07.py +141 -0
- charm/schemes/abenc/cgw15.py +277 -0
- charm/schemes/abenc/dabe_aw11.py +204 -0
- charm/schemes/abenc/dfa_fe12.py +144 -0
- charm/schemes/abenc/pk_hve08.py +179 -0
- charm/schemes/abenc/waters11.py +143 -0
- charm/schemes/aggrsign_MuSig.py +150 -0
- charm/schemes/aggrsign_bls.py +267 -0
- charm/schemes/blindsig_ps16.py +654 -0
- charm/schemes/chamhash_adm05.py +113 -0
- charm/schemes/chamhash_rsa_hw09.py +100 -0
- charm/schemes/commit/__init__.py +0 -0
- charm/schemes/commit/commit_gs08.py +77 -0
- charm/schemes/commit/commit_pedersen92.py +53 -0
- charm/schemes/encap_bchk05.py +62 -0
- charm/schemes/grpsig/__init__.py +0 -0
- charm/schemes/grpsig/groupsig_bgls04.py +114 -0
- charm/schemes/grpsig/groupsig_bgls04_var.py +115 -0
- charm/schemes/hibenc/__init__.py +0 -0
- charm/schemes/hibenc/hibenc_bb04.py +105 -0
- charm/schemes/hibenc/hibenc_lew11.py +193 -0
- charm/schemes/ibenc/__init__.py +0 -0
- charm/schemes/ibenc/clpkc_rp03.py +119 -0
- charm/schemes/ibenc/ibenc_CW13_z.py +168 -0
- charm/schemes/ibenc/ibenc_bb03.py +94 -0
- charm/schemes/ibenc/ibenc_bf01.py +121 -0
- charm/schemes/ibenc/ibenc_ckrs09.py +120 -0
- charm/schemes/ibenc/ibenc_cllww12_z.py +172 -0
- charm/schemes/ibenc/ibenc_lsw08.py +120 -0
- charm/schemes/ibenc/ibenc_sw05.py +238 -0
- charm/schemes/ibenc/ibenc_waters05.py +144 -0
- charm/schemes/ibenc/ibenc_waters05_z.py +164 -0
- charm/schemes/ibenc/ibenc_waters09.py +107 -0
- charm/schemes/ibenc/ibenc_waters09_z.py +147 -0
- charm/schemes/joye_scheme.py +106 -0
- charm/schemes/lem_scheme.py +207 -0
- charm/schemes/pk_fre_ccv11.py +107 -0
- charm/schemes/pk_vrf.py +127 -0
- charm/schemes/pkenc/__init__.py +0 -0
- charm/schemes/pkenc/pkenc_cs98.py +108 -0
- charm/schemes/pkenc/pkenc_elgamal85.py +122 -0
- charm/schemes/pkenc/pkenc_gm82.py +98 -0
- charm/schemes/pkenc/pkenc_paillier99.py +118 -0
- charm/schemes/pkenc/pkenc_rabin.py +254 -0
- charm/schemes/pkenc/pkenc_rsa.py +186 -0
- charm/schemes/pksig/__init__.py +0 -0
- charm/schemes/pksig/pksig_CW13_z.py +135 -0
- charm/schemes/pksig/pksig_bls04.py +87 -0
- charm/schemes/pksig/pksig_boyen.py +156 -0
- charm/schemes/pksig/pksig_chch.py +97 -0
- charm/schemes/pksig/pksig_chp.py +70 -0
- charm/schemes/pksig/pksig_cl03.py +150 -0
- charm/schemes/pksig/pksig_cl04.py +87 -0
- charm/schemes/pksig/pksig_cllww12_z.py +142 -0
- charm/schemes/pksig/pksig_cyh.py +132 -0
- charm/schemes/pksig/pksig_dsa.py +76 -0
- charm/schemes/pksig/pksig_ecdsa.py +71 -0
- charm/schemes/pksig/pksig_hess.py +104 -0
- charm/schemes/pksig/pksig_hw.py +110 -0
- charm/schemes/pksig/pksig_lamport.py +63 -0
- charm/schemes/pksig/pksig_ps01.py +135 -0
- charm/schemes/pksig/pksig_ps02.py +124 -0
- charm/schemes/pksig/pksig_ps03.py +119 -0
- charm/schemes/pksig/pksig_rsa_hw09.py +206 -0
- charm/schemes/pksig/pksig_schnorr91.py +77 -0
- charm/schemes/pksig/pksig_waters.py +115 -0
- charm/schemes/pksig/pksig_waters05.py +121 -0
- charm/schemes/pksig/pksig_waters09.py +121 -0
- charm/schemes/pre_mg07.py +150 -0
- charm/schemes/prenc/pre_afgh06.py +126 -0
- charm/schemes/prenc/pre_bbs98.py +123 -0
- charm/schemes/prenc/pre_nal16.py +216 -0
- charm/schemes/protocol_a01.py +272 -0
- charm/schemes/protocol_ao00.py +215 -0
- charm/schemes/protocol_cns07.py +274 -0
- charm/schemes/protocol_schnorr91.py +125 -0
- charm/schemes/sigma1.py +64 -0
- charm/schemes/sigma2.py +129 -0
- charm/schemes/sigma3.py +126 -0
- charm/schemes/threshold/__init__.py +59 -0
- charm/schemes/threshold/dkls23_dkg.py +556 -0
- charm/schemes/threshold/dkls23_presign.py +1089 -0
- charm/schemes/threshold/dkls23_sign.py +761 -0
- charm/schemes/threshold/xrpl_wallet.py +967 -0
- charm/test/__init__.py +0 -0
- charm/test/adapters/__init__.py +0 -0
- charm/test/adapters/abenc_adapt_hybrid_test.py +29 -0
- charm/test/adapters/dabenc_adapt_hybrid_test.py +56 -0
- charm/test/adapters/ibenc_adapt_hybrid_test.py +36 -0
- charm/test/adapters/ibenc_adapt_identityhash_test.py +32 -0
- charm/test/adapters/kpabenc_adapt_hybrid_test.py +30 -0
- charm/test/benchmark/abenc_yllc15_bench.py +92 -0
- charm/test/benchmark/benchmark_test.py +148 -0
- charm/test/benchmark_threshold.py +260 -0
- charm/test/conftest.py +38 -0
- charm/test/fuzz/__init__.py +1 -0
- charm/test/fuzz/conftest.py +5 -0
- charm/test/fuzz/fuzz_policy_parser.py +76 -0
- charm/test/fuzz/fuzz_serialization.py +83 -0
- charm/test/schemes/__init__.py +0 -0
- charm/test/schemes/abenc/__init__.py +0 -0
- charm/test/schemes/abenc/abenc_bsw07_test.py +39 -0
- charm/test/schemes/abenc/abenc_dacmacs_yj14_test.py +16 -0
- charm/test/schemes/abenc/abenc_lsw08_test.py +33 -0
- charm/test/schemes/abenc/abenc_maabe_yj14_test.py +16 -0
- charm/test/schemes/abenc/abenc_tbpre_lww14_test.py +16 -0
- charm/test/schemes/abenc/abenc_waters09_test.py +38 -0
- charm/test/schemes/abenc/abenc_yllc15_test.py +74 -0
- charm/test/schemes/chamhash_adm05_test.py +31 -0
- charm/test/schemes/chamhash_rsa_hw09_test.py +29 -0
- charm/test/schemes/commit/__init__.py +0 -0
- charm/test/schemes/commit/commit_gs08_test.py +24 -0
- charm/test/schemes/commit/commit_pedersen92_test.py +26 -0
- charm/test/schemes/dabe_aw11_test.py +45 -0
- charm/test/schemes/encap_bchk05_test.py +21 -0
- charm/test/schemes/grpsig/__init__.py +0 -0
- charm/test/schemes/grpsig/groupsig_bgls04_test.py +35 -0
- charm/test/schemes/grpsig/groupsig_bgls04_var_test.py +39 -0
- charm/test/schemes/hibenc/__init__.py +0 -0
- charm/test/schemes/hibenc/hibenc_bb04_test.py +28 -0
- charm/test/schemes/ibenc/__init__.py +0 -0
- charm/test/schemes/ibenc/ibenc_bb03_test.py +26 -0
- charm/test/schemes/ibenc/ibenc_bf01_test.py +24 -0
- charm/test/schemes/ibenc/ibenc_ckrs09_test.py +25 -0
- charm/test/schemes/ibenc/ibenc_lsw08_test.py +31 -0
- charm/test/schemes/ibenc/ibenc_sw05_test.py +32 -0
- charm/test/schemes/ibenc/ibenc_waters05_test.py +31 -0
- charm/test/schemes/ibenc/ibenc_waters09_test.py +27 -0
- charm/test/schemes/pk_vrf_test.py +29 -0
- charm/test/schemes/pkenc/__init__.py +0 -0
- charm/test/schemes/pkenc_test.py +255 -0
- charm/test/schemes/pksig/__init__.py +0 -0
- charm/test/schemes/pksig_test.py +376 -0
- charm/test/schemes/rsa_alg_test.py +340 -0
- charm/test/schemes/threshold_test.py +1792 -0
- charm/test/serialize/__init__.py +0 -0
- charm/test/serialize/serialize_test.py +40 -0
- charm/test/toolbox/__init__.py +0 -0
- charm/test/toolbox/conversion_test.py +30 -0
- charm/test/toolbox/ecgroup_test.py +53 -0
- charm/test/toolbox/integer_arithmetic_test.py +441 -0
- charm/test/toolbox/paddingschemes_test.py +238 -0
- charm/test/toolbox/policy_parser_stress_test.py +969 -0
- charm/test/toolbox/secretshare_test.py +28 -0
- charm/test/toolbox/symcrypto_test.py +108 -0
- charm/test/toolbox/test_policy_expression.py +16 -0
- charm/test/vectors/__init__.py +1 -0
- charm/test/vectors/test_bls_vectors.py +289 -0
- charm/test/vectors/test_pedersen_vectors.py +315 -0
- charm/test/vectors/test_schnorr_vectors.py +368 -0
- charm/test/zkp_compiler/__init__.py +9 -0
- charm/test/zkp_compiler/benchmark_zkp.py +258 -0
- charm/test/zkp_compiler/test_and_proof.py +240 -0
- charm/test/zkp_compiler/test_batch_verify.py +248 -0
- charm/test/zkp_compiler/test_dleq_proof.py +264 -0
- charm/test/zkp_compiler/test_or_proof.py +231 -0
- charm/test/zkp_compiler/test_proof_serialization.py +121 -0
- charm/test/zkp_compiler/test_range_proof.py +241 -0
- charm/test/zkp_compiler/test_representation_proof.py +325 -0
- charm/test/zkp_compiler/test_schnorr_proof.py +221 -0
- charm/test/zkp_compiler/test_thread_safety.py +169 -0
- charm/test/zkp_compiler/test_zkp_parser.py +139 -0
- charm/toolbox/ABEnc.py +26 -0
- charm/toolbox/ABEncMultiAuth.py +66 -0
- charm/toolbox/ABEnumeric.py +800 -0
- charm/toolbox/Commit.py +24 -0
- charm/toolbox/DFA.py +89 -0
- charm/toolbox/FSA.py +1254 -0
- charm/toolbox/Hash.py +39 -0
- charm/toolbox/IBEnc.py +62 -0
- charm/toolbox/IBSig.py +64 -0
- charm/toolbox/PKEnc.py +66 -0
- charm/toolbox/PKSig.py +56 -0
- charm/toolbox/PREnc.py +32 -0
- charm/toolbox/ZKProof.py +289 -0
- charm/toolbox/__init__.py +0 -0
- charm/toolbox/bitstring.py +49 -0
- charm/toolbox/broadcast.py +220 -0
- charm/toolbox/conversion.py +100 -0
- charm/toolbox/eccurve.py +149 -0
- charm/toolbox/ecgroup.py +143 -0
- charm/toolbox/enum.py +60 -0
- charm/toolbox/hash_module.py +91 -0
- charm/toolbox/integergroup.py +323 -0
- charm/toolbox/iterate.py +22 -0
- charm/toolbox/matrixops.py +76 -0
- charm/toolbox/mpc_utils.py +296 -0
- charm/toolbox/msp.py +175 -0
- charm/toolbox/mta.py +985 -0
- charm/toolbox/node.py +120 -0
- charm/toolbox/ot/__init__.py +22 -0
- charm/toolbox/ot/base_ot.py +374 -0
- charm/toolbox/ot/dpf.py +642 -0
- charm/toolbox/ot/mpfss.py +228 -0
- charm/toolbox/ot/ot_extension.py +589 -0
- charm/toolbox/ot/silent_ot.py +378 -0
- charm/toolbox/paddingschemes.py +423 -0
- charm/toolbox/paddingschemes_test.py +238 -0
- charm/toolbox/pairingcurves.py +85 -0
- charm/toolbox/pairinggroup.py +186 -0
- charm/toolbox/policy_expression_spec.py +70 -0
- charm/toolbox/policytree.py +189 -0
- charm/toolbox/reCompiler.py +346 -0
- charm/toolbox/redundancyschemes.py +65 -0
- charm/toolbox/schemebase.py +188 -0
- charm/toolbox/secretshare.py +104 -0
- charm/toolbox/secretutil.py +174 -0
- charm/toolbox/securerandom.py +73 -0
- charm/toolbox/sigmaprotocol.py +46 -0
- charm/toolbox/specialprimes.py +45 -0
- charm/toolbox/symcrypto.py +279 -0
- charm/toolbox/threshold_sharing.py +553 -0
- charm/toolbox/xmlserialize.py +94 -0
- charm/toolbox/zknode.py +105 -0
- charm/zkp_compiler/__init__.py +89 -0
- charm/zkp_compiler/and_proof.py +460 -0
- charm/zkp_compiler/batch_verify.py +324 -0
- charm/zkp_compiler/dleq_proof.py +423 -0
- charm/zkp_compiler/or_proof.py +305 -0
- charm/zkp_compiler/range_proof.py +417 -0
- charm/zkp_compiler/representation_proof.py +466 -0
- charm/zkp_compiler/schnorr_proof.py +273 -0
- charm/zkp_compiler/thread_safe.py +150 -0
- charm/zkp_compiler/zk_demo.py +489 -0
- charm/zkp_compiler/zkp_factory.py +330 -0
- charm/zkp_compiler/zkp_generator.py +370 -0
- charm/zkp_compiler/zkparser.py +269 -0
- charm_crypto_framework-0.61.1.dist-info/METADATA +337 -0
- charm_crypto_framework-0.61.1.dist-info/RECORD +323 -0
- charm_crypto_framework-0.61.1.dist-info/WHEEL +5 -0
- charm_crypto_framework-0.61.1.dist-info/licenses/LICENSE.txt +165 -0
- charm_crypto_framework-0.61.1.dist-info/top_level.txt +1 -0
|
@@ -0,0 +1,1337 @@
|
|
|
1
|
+
/*
|
|
2
|
+
* Charm-Crypto is a framework for rapidly prototyping cryptosystems.
|
|
3
|
+
*
|
|
4
|
+
* Charm-Crypto is free software; you can redistribute it and/or
|
|
5
|
+
* modify it under the terms of the GNU Lesser General Public
|
|
6
|
+
* License as published by the Free Software Foundation; either
|
|
7
|
+
* version 2.1 of the License, or (at your option) any later version.
|
|
8
|
+
*
|
|
9
|
+
* Charm-Crypto is distributed in the hope that it will be useful,
|
|
10
|
+
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
11
|
+
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
12
|
+
* Lesser General Public License for more details.
|
|
13
|
+
*
|
|
14
|
+
* You should have received a copy of the GNU Lesser General Public License
|
|
15
|
+
* along with Charm-Crypto. If not, see <http://www.gnu.org/licenses/>.
|
|
16
|
+
*
|
|
17
|
+
* Please contact the charm-crypto dev team at support@charm-crypto.com
|
|
18
|
+
* for any questions.
|
|
19
|
+
*/
|
|
20
|
+
|
|
21
|
+
/*
|
|
22
|
+
* @file relic_interface.c
|
|
23
|
+
*
|
|
24
|
+
* @brief charm interface over RELIC's pairing-based crypto module
|
|
25
|
+
*
|
|
26
|
+
* @author jakinye3@jhu.edu
|
|
27
|
+
* @status not complete: modular division operations not working correctly (as of 8/6/12)
|
|
28
|
+
*
|
|
29
|
+
************************************************************************/
|
|
30
|
+
|
|
31
|
+
#include "relic_interface.h"
|
|
32
|
+
|
|
33
|
+
void print_as_hex(uint8_t *data, size_t len)
|
|
34
|
+
{
|
|
35
|
+
size_t i, j;
|
|
36
|
+
|
|
37
|
+
for (i = 0; i < (len - 8); i += 8) {
|
|
38
|
+
printf("%02X%02X%02X%02X%02X%02X%02X%02X ", data[i], data[i+1], data[i+2], data[i+3], data[i+4], data[i+5], data[i+6], data[i+7]);
|
|
39
|
+
}
|
|
40
|
+
|
|
41
|
+
for(j = i; j < len; j++) {
|
|
42
|
+
printf("%02X", data[j]);
|
|
43
|
+
}
|
|
44
|
+
|
|
45
|
+
printf("\n");
|
|
46
|
+
}
|
|
47
|
+
|
|
48
|
+
void fp_write_bin(unsigned char *str, int len, fp_t a) {
|
|
49
|
+
bn_t t;
|
|
50
|
+
|
|
51
|
+
bn_null(t);
|
|
52
|
+
|
|
53
|
+
TRY {
|
|
54
|
+
bn_new(t);
|
|
55
|
+
|
|
56
|
+
fp_prime_back(t, a);
|
|
57
|
+
|
|
58
|
+
bn_write_bin(str, len, t);
|
|
59
|
+
} CATCH_ANY {
|
|
60
|
+
THROW(ERR_CAUGHT);
|
|
61
|
+
}
|
|
62
|
+
FINALLY {
|
|
63
|
+
bn_free(t);
|
|
64
|
+
}
|
|
65
|
+
}
|
|
66
|
+
|
|
67
|
+
void fp_read_bin(fp_t a, const unsigned char *str, int len) {
|
|
68
|
+
bn_t t;
|
|
69
|
+
|
|
70
|
+
bn_null(t);
|
|
71
|
+
|
|
72
|
+
TRY {
|
|
73
|
+
bn_new(t);
|
|
74
|
+
bn_read_bin(t, (unsigned char *) str, len);
|
|
75
|
+
if (bn_is_zero(t)) {
|
|
76
|
+
fp_zero(a);
|
|
77
|
+
} else {
|
|
78
|
+
if (t->used == 1) {
|
|
79
|
+
fp_prime_conv_dig(a, t->dp[0]);
|
|
80
|
+
} else {
|
|
81
|
+
fp_prime_conv(a, t);
|
|
82
|
+
}
|
|
83
|
+
}
|
|
84
|
+
}
|
|
85
|
+
CATCH_ANY {
|
|
86
|
+
THROW(ERR_CAUGHT);
|
|
87
|
+
}
|
|
88
|
+
FINALLY {
|
|
89
|
+
bn_free(t);
|
|
90
|
+
}
|
|
91
|
+
}
|
|
92
|
+
|
|
93
|
+
|
|
94
|
+
int bn_is_one(bn_t a)
|
|
95
|
+
{
|
|
96
|
+
if(a->used == 0) return 0; // false
|
|
97
|
+
else if((a->used == 1) && (a->dp[0] == 1)) return 1; // true
|
|
98
|
+
else return 0; // false
|
|
99
|
+
}
|
|
100
|
+
|
|
101
|
+
status_t pairing_init(void)
|
|
102
|
+
{
|
|
103
|
+
int err_code = core_init();
|
|
104
|
+
if(err_code != STS_OK) return ELEMENT_PAIRING_INIT_FAILED;
|
|
105
|
+
|
|
106
|
+
// conf_print();
|
|
107
|
+
pc_param_set_any(); // see if we can open this up?
|
|
108
|
+
return ELEMENT_OK;
|
|
109
|
+
}
|
|
110
|
+
|
|
111
|
+
status_t pairing_clear(void)
|
|
112
|
+
{
|
|
113
|
+
int err_code = core_clean();
|
|
114
|
+
/* check error */
|
|
115
|
+
if(err_code != STS_OK) return ELEMENT_PAIRING_INIT_FAILED;
|
|
116
|
+
|
|
117
|
+
return ELEMENT_OK;
|
|
118
|
+
}
|
|
119
|
+
|
|
120
|
+
status_t element_init_Zr(element_t e, int init_value)
|
|
121
|
+
{
|
|
122
|
+
// if(e->bn != NULL) bn_free(e->bn);
|
|
123
|
+
bn_inits(e->bn);
|
|
124
|
+
bn_inits(e->order);
|
|
125
|
+
if(init_value == 0) /* default value */
|
|
126
|
+
bn_zero(e->bn);
|
|
127
|
+
else
|
|
128
|
+
bn_set_dig(e->bn, (dig_t) init_value);
|
|
129
|
+
|
|
130
|
+
g1_get_ord(e->order);
|
|
131
|
+
e->isInitialized = TRUE;
|
|
132
|
+
e->type = ZR;
|
|
133
|
+
return ELEMENT_OK;
|
|
134
|
+
}
|
|
135
|
+
|
|
136
|
+
status_t element_init_G1(element_t e)
|
|
137
|
+
{
|
|
138
|
+
// if(e->g1 != NULL) g1_free(e->g1);
|
|
139
|
+
g1_inits(e->g1);
|
|
140
|
+
bn_inits(e->order);
|
|
141
|
+
g1_set_infty(e->g1);
|
|
142
|
+
g1_get_ord(e->order);
|
|
143
|
+
e->isInitialized = TRUE;
|
|
144
|
+
e->type = G1;
|
|
145
|
+
return ELEMENT_OK;
|
|
146
|
+
}
|
|
147
|
+
|
|
148
|
+
status_t element_init_G2(element_t e)
|
|
149
|
+
{
|
|
150
|
+
g2_inits(e->g2);
|
|
151
|
+
g2_set_infty(e->g2);
|
|
152
|
+
bn_inits(e->order);
|
|
153
|
+
g2_get_ord(e->order);
|
|
154
|
+
e->isInitialized = TRUE;
|
|
155
|
+
e->type = G2;
|
|
156
|
+
return ELEMENT_OK;
|
|
157
|
+
}
|
|
158
|
+
|
|
159
|
+
status_t element_init_GT(element_t e)
|
|
160
|
+
{
|
|
161
|
+
gt_inits(e->gt);
|
|
162
|
+
bn_inits(e->order);
|
|
163
|
+
gt_set_unity(e->gt);
|
|
164
|
+
g1_get_ord(e->order);
|
|
165
|
+
e->isInitialized = TRUE;
|
|
166
|
+
e->type = GT;
|
|
167
|
+
return ELEMENT_OK;
|
|
168
|
+
}
|
|
169
|
+
|
|
170
|
+
status_t element_pp_init(element_pp_t e_pp, element_t e)
|
|
171
|
+
{
|
|
172
|
+
int i;
|
|
173
|
+
if(e_pp->isInitialized == TRUE) return ELEMENT_INITIALIZED_ALRDY;
|
|
174
|
+
if(e->isInitialized == FALSE) return ELEMENT_UNINITIALIZED;
|
|
175
|
+
if(e->type == G1) {
|
|
176
|
+
e_pp->t1 = malloc(sizeof(g1_t) * G1_TABLE);
|
|
177
|
+
for (i = 0; i < G1_TABLE; i++) {
|
|
178
|
+
g1_inits(e_pp->t1[i]);
|
|
179
|
+
}
|
|
180
|
+
/* compute the pre-computation table */
|
|
181
|
+
g1_mul_pre(e_pp->t1, e->g1);
|
|
182
|
+
}
|
|
183
|
+
else if(e->type == G2) {
|
|
184
|
+
e_pp->t2 = malloc(sizeof(g2_t) * G2_TABLE);
|
|
185
|
+
for (i = 0; i < G2_TABLE; i++) {
|
|
186
|
+
g2_inits(e_pp->t2[i]);
|
|
187
|
+
}
|
|
188
|
+
/* compute the pre-computation table */
|
|
189
|
+
g2_mul_pre(e_pp->t2, e->g2);
|
|
190
|
+
}
|
|
191
|
+
e_pp->isInitialized = TRUE;
|
|
192
|
+
return ELEMENT_OK;
|
|
193
|
+
}
|
|
194
|
+
|
|
195
|
+
status_t element_pp_clear(element_pp_t e_pp, GroupType type)
|
|
196
|
+
{
|
|
197
|
+
if(e_pp->isInitialized == FALSE) return ELEMENT_UNINITIALIZED;
|
|
198
|
+
if(type == G1) {
|
|
199
|
+
for (int i = 0; i < G1_TABLE; i++) {
|
|
200
|
+
// printf("%d: ", i);
|
|
201
|
+
// g1_print(e_pp->t1[i]);
|
|
202
|
+
g1_free(e_pp->t1[i]);
|
|
203
|
+
}
|
|
204
|
+
}
|
|
205
|
+
else if(type == G2) {
|
|
206
|
+
for (int i = 0; i < G2_TABLE; i++) {
|
|
207
|
+
g2_free(e_pp->t2[i]);
|
|
208
|
+
}
|
|
209
|
+
}
|
|
210
|
+
e_pp->isInitialized = FALSE;
|
|
211
|
+
return ELEMENT_OK;
|
|
212
|
+
}
|
|
213
|
+
|
|
214
|
+
status_t element_pp_pow(element_t o, element_pp_t e_pp, GroupType type, element_t e)
|
|
215
|
+
{
|
|
216
|
+
if(e_pp->isInitialized == FALSE) return ELEMENT_UNINITIALIZED;
|
|
217
|
+
if(e->isInitialized == FALSE) return ELEMENT_UNINITIALIZED;
|
|
218
|
+
|
|
219
|
+
if(o->type == type) {
|
|
220
|
+
if(type == G1 && e->type == ZR) {
|
|
221
|
+
g1_mul_fix(o->g1, e_pp->t1, e->bn);
|
|
222
|
+
}
|
|
223
|
+
else if(type == G2 && e->type == ZR) {
|
|
224
|
+
g2_mul_fix(o->g2, e_pp->t2, e->bn);
|
|
225
|
+
}
|
|
226
|
+
return ELEMENT_OK;
|
|
227
|
+
}
|
|
228
|
+
|
|
229
|
+
return ELEMENT_INVALID_ARG;
|
|
230
|
+
}
|
|
231
|
+
|
|
232
|
+
status_t element_pp_pow_int(element_t o, element_pp_t e_pp, GroupType type, integer_t bn)
|
|
233
|
+
{
|
|
234
|
+
if(e_pp->isInitialized == FALSE) return ELEMENT_UNINITIALIZED;
|
|
235
|
+
LEAVE_IF(bn == NULL, "uninitialized integer.");
|
|
236
|
+
|
|
237
|
+
if(o->type == type) {
|
|
238
|
+
if(type == G1) {
|
|
239
|
+
g1_mul_fix(o->g1, e_pp->t1, bn);
|
|
240
|
+
}
|
|
241
|
+
else if(type == G2) {
|
|
242
|
+
g2_mul_fix(o->g2, e_pp->t2, bn);
|
|
243
|
+
}
|
|
244
|
+
return ELEMENT_OK;
|
|
245
|
+
}
|
|
246
|
+
|
|
247
|
+
return ELEMENT_INVALID_ARG;
|
|
248
|
+
}
|
|
249
|
+
|
|
250
|
+
|
|
251
|
+
status_t element_random(element_t e)
|
|
252
|
+
{
|
|
253
|
+
if(e->isInitialized == TRUE) {
|
|
254
|
+
if(e->type == ZR) {
|
|
255
|
+
bn_t n;
|
|
256
|
+
bn_inits(n);
|
|
257
|
+
g1_get_ord(n);
|
|
258
|
+
|
|
259
|
+
// bn_t t;
|
|
260
|
+
// bn_inits(t);
|
|
261
|
+
// bn_copy(t, e->bn);
|
|
262
|
+
bn_rand(e->bn, BN_POS, bn_bits(n));
|
|
263
|
+
bn_mod(e->bn, e->bn, n);
|
|
264
|
+
bn_free(n);
|
|
265
|
+
}
|
|
266
|
+
else if(e->type == G1) {
|
|
267
|
+
g1_rand(e->g1);
|
|
268
|
+
}
|
|
269
|
+
else if(e->type == G2) {
|
|
270
|
+
g2_rand(e->g2);
|
|
271
|
+
}
|
|
272
|
+
else if(e->type == GT) {
|
|
273
|
+
gt_rand(e->gt);
|
|
274
|
+
}
|
|
275
|
+
return ELEMENT_OK;
|
|
276
|
+
}
|
|
277
|
+
|
|
278
|
+
return ELEMENT_UNINITIALIZED;
|
|
279
|
+
}
|
|
280
|
+
|
|
281
|
+
status_t element_printf(const char *msg, element_t e)
|
|
282
|
+
{
|
|
283
|
+
if(e->isInitialized == TRUE) {
|
|
284
|
+
printf("%s", msg);
|
|
285
|
+
if(e->type == ZR)
|
|
286
|
+
bn_print(e->bn);
|
|
287
|
+
else if(e->type == G1)
|
|
288
|
+
g1_print(e->g1);
|
|
289
|
+
else if(e->type == G2)
|
|
290
|
+
g2_print(e->g2);
|
|
291
|
+
else if(e->type == GT)
|
|
292
|
+
gt_print(e->gt);
|
|
293
|
+
return ELEMENT_OK;
|
|
294
|
+
}
|
|
295
|
+
|
|
296
|
+
return ELEMENT_INVALID_RESULT;
|
|
297
|
+
}
|
|
298
|
+
|
|
299
|
+
//TODO:
|
|
300
|
+
status_t element_to_str(char *data, int len, element_t e)
|
|
301
|
+
{
|
|
302
|
+
if(e->isInitialized == TRUE) {
|
|
303
|
+
int str_len = element_length(e) * 2;
|
|
304
|
+
if(str_len > len) return ELEMENT_INVALID_ARG;
|
|
305
|
+
memset(data, 0, len);
|
|
306
|
+
uint8_t tmp1[str_len+1];
|
|
307
|
+
memset(tmp1, 0, str_len);
|
|
308
|
+
|
|
309
|
+
if(e->type == ZR) {
|
|
310
|
+
bn_write_str(data, str_len, e->bn, DBASE);
|
|
311
|
+
}
|
|
312
|
+
else if(e->type == G1) {
|
|
313
|
+
charm_g1_write_str(e->g1, tmp1, str_len);
|
|
314
|
+
|
|
315
|
+
int dist_y = FP_STR;
|
|
316
|
+
snprintf(data, len, "[%s, %s]", tmp1, &(tmp1[dist_y]));
|
|
317
|
+
}
|
|
318
|
+
else if(e->type == G2) {
|
|
319
|
+
charm_g2_write_str(e->g2, tmp1, str_len);
|
|
320
|
+
|
|
321
|
+
int len2 = FP_STR;
|
|
322
|
+
int dist_x1 = len2, dist_y0 = len2 * 2, dist_y1 = len2 * 3;
|
|
323
|
+
snprintf(data, len, "[%s, %s, %s, %s]", tmp1, &(tmp1[dist_x1]), &(tmp1[dist_y0]), &(tmp1[dist_y1]));
|
|
324
|
+
}
|
|
325
|
+
else if(e->type == GT) {
|
|
326
|
+
charm_gt_write_str(e->gt, tmp1, str_len);
|
|
327
|
+
|
|
328
|
+
int len2 = FP_STR;
|
|
329
|
+
int dist_x01 = len2, dist_x10 = len2 * 2, dist_x11 = len2 * 3,
|
|
330
|
+
dist_x20 = len2 * 4, dist_x21 = len2 * 5, dist_y00 = len2 * 6,
|
|
331
|
+
dist_y01 = len2 * 7, dist_y10 = len2 * 8, dist_y11 = len2 * 9,
|
|
332
|
+
dist_y20 = len2 * 10, dist_y21 = len2 * 11;
|
|
333
|
+
snprintf(data, len, "[%s, %s, %s, %s, %s, %s], [%s, %s, %s, %s, %s, %s]",
|
|
334
|
+
tmp1, &(tmp1[dist_x01]), &(tmp1[dist_x10]), &(tmp1[dist_x11]),
|
|
335
|
+
&(tmp1[dist_x20]), &(tmp1[dist_x21]),
|
|
336
|
+
&(tmp1[dist_y00]), &(tmp1[dist_y01]), &(tmp1[dist_y10]), &(tmp1[dist_y11]),
|
|
337
|
+
&(tmp1[dist_y20]), &(tmp1[dist_y21]));
|
|
338
|
+
}
|
|
339
|
+
}
|
|
340
|
+
return ELEMENT_OK;
|
|
341
|
+
}
|
|
342
|
+
|
|
343
|
+
status_t element_clear(element_t e)
|
|
344
|
+
{
|
|
345
|
+
if(e->isInitialized == TRUE) {
|
|
346
|
+
if(e->type == ZR) {
|
|
347
|
+
bn_free(e->bn);
|
|
348
|
+
bn_null(e->bn);
|
|
349
|
+
}
|
|
350
|
+
else if(e->type == G1) {
|
|
351
|
+
g1_free(e->g1);
|
|
352
|
+
g1_null(e->g1);
|
|
353
|
+
}
|
|
354
|
+
else if(e->type == G2) {
|
|
355
|
+
g2_free(e->g2);
|
|
356
|
+
g2_null(e->g2);
|
|
357
|
+
}
|
|
358
|
+
else if(e->type == GT) {
|
|
359
|
+
gt_free(e->gt);
|
|
360
|
+
gt_null(e->gt);
|
|
361
|
+
}
|
|
362
|
+
else {
|
|
363
|
+
return ELEMENT_INVALID_TYPES;
|
|
364
|
+
}
|
|
365
|
+
bn_free(e->order);
|
|
366
|
+
bn_null(e->order);
|
|
367
|
+
e->isInitialized = FALSE;
|
|
368
|
+
e->type = NONE_G;
|
|
369
|
+
}
|
|
370
|
+
return ELEMENT_OK;
|
|
371
|
+
}
|
|
372
|
+
|
|
373
|
+
status_t element_add(element_t c, element_t a, element_t b)
|
|
374
|
+
{
|
|
375
|
+
GroupType type = a->type;
|
|
376
|
+
EXIT_IF_NOT_SAME(a, b);
|
|
377
|
+
LEAVE_IF(a->isInitialized != TRUE || b->isInitialized != TRUE || c->isInitialized != TRUE, "uninitialized arguments.");
|
|
378
|
+
|
|
379
|
+
if(type == ZR) {
|
|
380
|
+
LEAVE_IF( c->type != ZR, "result initialized but invalid type.");
|
|
381
|
+
bn_add(c->bn, a->bn, b->bn);
|
|
382
|
+
bn_mod(c->bn, c->bn, c->order);
|
|
383
|
+
}
|
|
384
|
+
else if(type == G1) {
|
|
385
|
+
LEAVE_IF( c->type != G1, "result initialized but invalid type.");
|
|
386
|
+
g1_add(c->g1, a->g1, b->g1);
|
|
387
|
+
//g1_norm(c->g1, c->g1);
|
|
388
|
+
}
|
|
389
|
+
else if(type == G2) {
|
|
390
|
+
LEAVE_IF( c->type != G2, "result initialized but invalid type.");
|
|
391
|
+
g2_add(c->g2, a->g2, b->g2);
|
|
392
|
+
//g2_norm(c->g2, c->g2);
|
|
393
|
+
}
|
|
394
|
+
else {
|
|
395
|
+
return ELEMENT_INVALID_TYPES;
|
|
396
|
+
}
|
|
397
|
+
|
|
398
|
+
return ELEMENT_OK;
|
|
399
|
+
}
|
|
400
|
+
|
|
401
|
+
status_t element_sub(element_t c, element_t a, element_t b)
|
|
402
|
+
{
|
|
403
|
+
GroupType type = a->type;
|
|
404
|
+
EXIT_IF_NOT_SAME(a, b);
|
|
405
|
+
LEAVE_IF(a->isInitialized != TRUE || b->isInitialized != TRUE, "uninitialized arguments.");
|
|
406
|
+
LEAVE_IF( c->type != type, "result initialized but invalid type.");
|
|
407
|
+
|
|
408
|
+
if(type == ZR) {
|
|
409
|
+
bn_sub(c->bn, a->bn, b->bn);
|
|
410
|
+
bn_mod(c->bn, c->bn, c->order);
|
|
411
|
+
if(bn_sign(c->bn) == BN_NEG) bn_add(c->bn, c->bn, a->order);
|
|
412
|
+
|
|
413
|
+
}
|
|
414
|
+
else if(type == G1) {
|
|
415
|
+
g1_sub(c->g1, a->g1, b->g1);
|
|
416
|
+
//g1_norm(c->g1, c->g1);
|
|
417
|
+
}
|
|
418
|
+
else if(type == G2) {
|
|
419
|
+
g2_sub(c->g2, a->g2, b->g2);
|
|
420
|
+
//g2_norm(c->g2, c->g2);
|
|
421
|
+
}
|
|
422
|
+
else {
|
|
423
|
+
return ELEMENT_INVALID_TYPES;
|
|
424
|
+
}
|
|
425
|
+
|
|
426
|
+
return ELEMENT_OK;
|
|
427
|
+
}
|
|
428
|
+
|
|
429
|
+
status_t element_mul(element_t c, element_t a, element_t b)
|
|
430
|
+
{
|
|
431
|
+
GroupType type = a->type;
|
|
432
|
+
EXIT_IF_NOT_SAME(a, b);
|
|
433
|
+
LEAVE_IF(a->isInitialized != TRUE || b->isInitialized != TRUE || c->isInitialized != TRUE, "uninitialized arguments.");
|
|
434
|
+
LEAVE_IF( c->type != type, "result initialized but invalid type.");
|
|
435
|
+
|
|
436
|
+
if(type == ZR) {
|
|
437
|
+
bn_mul(c->bn, a->bn, b->bn);
|
|
438
|
+
if(bn_sign(c->bn) == BN_NEG) bn_add(c->bn, c->bn, a->order);
|
|
439
|
+
else {
|
|
440
|
+
bn_mod(c->bn, c->bn, c->order);
|
|
441
|
+
}
|
|
442
|
+
}
|
|
443
|
+
else if(type == G1) {
|
|
444
|
+
g1_add(c->g1, a->g1, b->g1);
|
|
445
|
+
//g1_norm(c->g1, c->g1);
|
|
446
|
+
}
|
|
447
|
+
else if(type == G2) {
|
|
448
|
+
g2_add(c->g2, a->g2, b->g2);
|
|
449
|
+
//g2_norm(c->g2, c->g2);
|
|
450
|
+
}
|
|
451
|
+
else if(type == GT) {
|
|
452
|
+
gt_mul(c->gt, a->gt, b->gt);
|
|
453
|
+
}
|
|
454
|
+
else {
|
|
455
|
+
return ELEMENT_INVALID_TYPES;
|
|
456
|
+
}
|
|
457
|
+
|
|
458
|
+
return ELEMENT_OK;
|
|
459
|
+
}
|
|
460
|
+
|
|
461
|
+
// aka scalar multiplication?
|
|
462
|
+
status_t element_mul_zr(element_t c, element_t a, element_t b)
|
|
463
|
+
{
|
|
464
|
+
GroupType type = a->type;
|
|
465
|
+
// TODO: c (type) = a (type) * b (ZR)
|
|
466
|
+
LEAVE_IF(a->isInitialized != TRUE, "invalid argument.");
|
|
467
|
+
LEAVE_IF(b->type != ZR || b->isInitialized != TRUE, "invalid type.");
|
|
468
|
+
LEAVE_IF(c->isInitialized != TRUE || c->type != type, "result not initialized or invalid type.");
|
|
469
|
+
|
|
470
|
+
if(type == G1) {
|
|
471
|
+
g1_mul(c->g1, a->g1, b->bn);
|
|
472
|
+
}
|
|
473
|
+
else if(type == G2) {
|
|
474
|
+
g2_mul(c->g2, a->g2, b->bn);
|
|
475
|
+
}
|
|
476
|
+
else if(type == GT) {
|
|
477
|
+
gt_exp(c->gt, a->gt, b->bn);
|
|
478
|
+
}
|
|
479
|
+
else {
|
|
480
|
+
return ELEMENT_INVALID_TYPES;
|
|
481
|
+
}
|
|
482
|
+
|
|
483
|
+
return ELEMENT_OK;
|
|
484
|
+
}
|
|
485
|
+
|
|
486
|
+
status_t element_mul_int(element_t c, element_t a, integer_t b)
|
|
487
|
+
{
|
|
488
|
+
GroupType type = a->type;
|
|
489
|
+
LEAVE_IF(a->isInitialized != TRUE, "invalid argument.");
|
|
490
|
+
LEAVE_IF(c->isInitialized != TRUE || c->type != type, "result not initialized or invalid type.");
|
|
491
|
+
|
|
492
|
+
if(type == ZR) {
|
|
493
|
+
bn_mul(c->bn, a->bn, b);
|
|
494
|
+
if(bn_sign(c->bn) == BN_NEG) bn_add(c->bn, c->bn, a->order);
|
|
495
|
+
else {
|
|
496
|
+
bn_mod(c->bn, c->bn, c->order);
|
|
497
|
+
}
|
|
498
|
+
}
|
|
499
|
+
else if(type == G1) {
|
|
500
|
+
g1_mul(c->g1, a->g1, b);
|
|
501
|
+
}
|
|
502
|
+
else if(type == G2) {
|
|
503
|
+
g2_mul(c->g2, a->g2, b);
|
|
504
|
+
}
|
|
505
|
+
else if(type == GT) {
|
|
506
|
+
gt_exp(c->gt, a->gt, b);
|
|
507
|
+
}
|
|
508
|
+
else {
|
|
509
|
+
return ELEMENT_INVALID_TYPES;
|
|
510
|
+
}
|
|
511
|
+
|
|
512
|
+
return ELEMENT_OK;
|
|
513
|
+
}
|
|
514
|
+
|
|
515
|
+
status_t element_div(element_t c, element_t a, element_t b)
|
|
516
|
+
{
|
|
517
|
+
GroupType type = a->type;
|
|
518
|
+
EXIT_IF_NOT_SAME(a, b);
|
|
519
|
+
LEAVE_IF(a->isInitialized != TRUE || b->isInitialized != TRUE || c->isInitialized != TRUE, "uninitialized arguments.");
|
|
520
|
+
LEAVE_IF( c->type != type, "result initialized but invalid type.");
|
|
521
|
+
|
|
522
|
+
if(type == ZR) {
|
|
523
|
+
if(bn_is_zero(b->bn)) return ELEMENT_DIV_ZERO;
|
|
524
|
+
// c = (1 / b) mod order
|
|
525
|
+
element_invert(c, b);
|
|
526
|
+
if(bn_is_one(a->bn)) return ELEMENT_OK;
|
|
527
|
+
// bn_div(c->bn, a->bn, b->bn);
|
|
528
|
+
// bn_mod(c->bn, c->bn, c->order);
|
|
529
|
+
// remainder of ((a * c) / order)
|
|
530
|
+
integer_t s;
|
|
531
|
+
bn_inits(s);
|
|
532
|
+
// c = (a * c) / order (remainder only)
|
|
533
|
+
bn_mul(s, a->bn, c->bn);
|
|
534
|
+
bn_div_rem(s, c->bn, s, a->order);
|
|
535
|
+
// if(bn_sign(c->bn) == BN_NEG) bn_add(c->bn, c->bn, a->order);
|
|
536
|
+
bn_free(s);
|
|
537
|
+
|
|
538
|
+
|
|
539
|
+
}
|
|
540
|
+
else if(type == G1) {
|
|
541
|
+
g1_sub(c->g1, a->g1, b->g1);
|
|
542
|
+
//g1_norm(c->g1, c->g1);
|
|
543
|
+
}
|
|
544
|
+
else if(type == G2) {
|
|
545
|
+
g2_sub(c->g2, a->g2, b->g2);
|
|
546
|
+
//g2_norm(c->g2, c->g2);
|
|
547
|
+
}
|
|
548
|
+
else if(type == GT) {
|
|
549
|
+
gt_t t;
|
|
550
|
+
gt_inits(t);
|
|
551
|
+
gt_inv(t, b->gt);
|
|
552
|
+
gt_mul(c->gt, a->gt, t);
|
|
553
|
+
gt_free(t);
|
|
554
|
+
}
|
|
555
|
+
else {
|
|
556
|
+
return ELEMENT_INVALID_TYPES;
|
|
557
|
+
}
|
|
558
|
+
|
|
559
|
+
return ELEMENT_OK;
|
|
560
|
+
}
|
|
561
|
+
|
|
562
|
+
// int appears on rhs
|
|
563
|
+
status_t element_div_int(element_t c, element_t a, integer_t b)
|
|
564
|
+
{
|
|
565
|
+
GroupType type = a->type;
|
|
566
|
+
EXIT_IF_NOT_SAME(c, a);
|
|
567
|
+
LEAVE_IF( c->isInitialized != TRUE || a->isInitialized != TRUE, "uninitialized arguments.");
|
|
568
|
+
LEAVE_IF( c->type != type, "result initialized but invalid type.");
|
|
569
|
+
|
|
570
|
+
if(type == ZR) {
|
|
571
|
+
if(bn_is_zero(b)) return ELEMENT_DIV_ZERO;
|
|
572
|
+
// if(bn_is_one(a->bn)) {
|
|
573
|
+
// element_set_int(a, b);
|
|
574
|
+
// return element_invert(c, a); // not going to work
|
|
575
|
+
// }
|
|
576
|
+
|
|
577
|
+
integer_t s;
|
|
578
|
+
bn_inits(s);
|
|
579
|
+
// compute c = (1 / b) mod order
|
|
580
|
+
bn_gcd_ext(s, c->bn, NULL, b, a->order);
|
|
581
|
+
if(bn_sign(c->bn) == BN_NEG) bn_add(c->bn, c->bn, a->order);
|
|
582
|
+
if(bn_is_one(a->bn) && bn_sign(a->bn) == BN_POS) {
|
|
583
|
+
bn_free(s);
|
|
584
|
+
return ELEMENT_OK;
|
|
585
|
+
}
|
|
586
|
+
// remainder of ((a * c) / order)
|
|
587
|
+
// c = (a * c) / order (remainder only)
|
|
588
|
+
bn_mul(s, a->bn, c->bn);
|
|
589
|
+
bn_div_rem(s, c->bn, s, a->order);
|
|
590
|
+
// if(bn_sign(c->bn) == BN_NEG) bn_add(c->bn, c->bn, a->order);
|
|
591
|
+
bn_free(s);
|
|
592
|
+
// bn_div(c->bn, a->bn, b);
|
|
593
|
+
// bn_mod(c->bn, c->bn, c->order);
|
|
594
|
+
}
|
|
595
|
+
else if(type == G1 || type == G2 || type == GT) {
|
|
596
|
+
if(bn_is_one(b)) {
|
|
597
|
+
return element_set(c, a);
|
|
598
|
+
}
|
|
599
|
+
// TODO: other cases: b > 1 (ZR)?
|
|
600
|
+
}
|
|
601
|
+
else {
|
|
602
|
+
return ELEMENT_INVALID_TYPES;
|
|
603
|
+
}
|
|
604
|
+
|
|
605
|
+
return ELEMENT_OK;
|
|
606
|
+
}
|
|
607
|
+
|
|
608
|
+
// int appears on lhs (1 / [ZR, G1, G2, GT])
|
|
609
|
+
status_t element_int_div(element_t c, integer_t a, element_t b)
|
|
610
|
+
{
|
|
611
|
+
GroupType type = b->type;
|
|
612
|
+
EXIT_IF_NOT_SAME(c, b);
|
|
613
|
+
LEAVE_IF( c->isInitialized != TRUE || b->isInitialized != TRUE, "uninitialized arguments.");
|
|
614
|
+
LEAVE_IF( c->type != type, "result initialized but invalid type.");
|
|
615
|
+
|
|
616
|
+
if(type == ZR) {
|
|
617
|
+
if(bn_is_zero(b->bn)) return ELEMENT_DIV_ZERO;
|
|
618
|
+
element_invert(c, b);
|
|
619
|
+
if(bn_is_one(a)) return ELEMENT_OK;
|
|
620
|
+
integer_t s;
|
|
621
|
+
bn_inits(s);
|
|
622
|
+
bn_mul(s, a, c->bn);
|
|
623
|
+
bn_div_rem(s, c->bn, s, c->order);
|
|
624
|
+
// if(bn_sign(c->bn) == BN_NEG) bn_add(c->bn, c->bn, c->order);
|
|
625
|
+
bn_free(s);
|
|
626
|
+
// bn_div(c->bn, a, b->bn);
|
|
627
|
+
// bn_mod(c->bn, c->bn, c->order);
|
|
628
|
+
}
|
|
629
|
+
else if(type == G1 || type == G2 || type == GT) {
|
|
630
|
+
if(bn_is_one(a)) {
|
|
631
|
+
element_invert(c, b);
|
|
632
|
+
}
|
|
633
|
+
// TODO: other cases: a > 1 (ZR)?
|
|
634
|
+
}
|
|
635
|
+
|
|
636
|
+
return ELEMENT_OK;
|
|
637
|
+
}
|
|
638
|
+
|
|
639
|
+
|
|
640
|
+
status_t element_neg(element_t c, element_t a)
|
|
641
|
+
{
|
|
642
|
+
GroupType type = a->type;
|
|
643
|
+
EXIT_IF_NOT_SAME(a, c);
|
|
644
|
+
|
|
645
|
+
if(type == ZR) {
|
|
646
|
+
bn_neg(c->bn, a->bn);
|
|
647
|
+
if(bn_sign(c->bn) == BN_NEG) bn_add(c->bn, c->bn, a->order);
|
|
648
|
+
}
|
|
649
|
+
else if(type == G1) {
|
|
650
|
+
g1_neg(c->g1, a->g1);
|
|
651
|
+
}
|
|
652
|
+
else if(type == G2) {
|
|
653
|
+
g2_neg(c->g2, a->g2);
|
|
654
|
+
}
|
|
655
|
+
else if(type == GT) {
|
|
656
|
+
gt_inv(c->gt, a->gt);
|
|
657
|
+
}
|
|
658
|
+
else {
|
|
659
|
+
return ELEMENT_INVALID_TYPES;
|
|
660
|
+
}
|
|
661
|
+
return ELEMENT_OK;
|
|
662
|
+
}
|
|
663
|
+
|
|
664
|
+
status_t element_invert(element_t c, element_t a)
|
|
665
|
+
{
|
|
666
|
+
GroupType type = a->type;
|
|
667
|
+
EXIT_IF_NOT_SAME(a, c);
|
|
668
|
+
|
|
669
|
+
if(type == ZR) {
|
|
670
|
+
bn_t s;
|
|
671
|
+
bn_inits(s);
|
|
672
|
+
// compute c = (1 / a) mod n
|
|
673
|
+
bn_gcd_ext(s, c->bn, NULL, a->bn, a->order);
|
|
674
|
+
if(bn_sign(c->bn) == BN_NEG) bn_add(c->bn, c->bn, a->order);
|
|
675
|
+
bn_free(s);
|
|
676
|
+
}
|
|
677
|
+
else if(type == G1) {
|
|
678
|
+
g1_neg(c->g1, a->g1);
|
|
679
|
+
}
|
|
680
|
+
else if(type == G2) {
|
|
681
|
+
g2_neg(c->g2, a->g2);
|
|
682
|
+
}
|
|
683
|
+
else if(type == GT) {
|
|
684
|
+
gt_inv(c->gt, a->gt);
|
|
685
|
+
}
|
|
686
|
+
else {
|
|
687
|
+
return ELEMENT_INVALID_TYPES;
|
|
688
|
+
}
|
|
689
|
+
return ELEMENT_OK;
|
|
690
|
+
}
|
|
691
|
+
|
|
692
|
+
status_t element_pow_zr(element_t c, element_t a, element_t b)
|
|
693
|
+
{
|
|
694
|
+
GroupType type = a->type;
|
|
695
|
+
// c (type) = a (type) ^ b (ZR)
|
|
696
|
+
LEAVE_IF( c->isInitialized != TRUE || a->isInitialized != TRUE, "uninitialized argument.");
|
|
697
|
+
EXIT_IF_NOT_SAME(c, a);
|
|
698
|
+
LEAVE_IF(a->isInitialized != TRUE, "invalid argument.");
|
|
699
|
+
LEAVE_IF(b->isInitialized != TRUE || b->type != ZR, "invalid type.");
|
|
700
|
+
|
|
701
|
+
if(type == ZR) {
|
|
702
|
+
bn_mxp(c->bn, a->bn, b->bn, a->order);
|
|
703
|
+
}
|
|
704
|
+
else if(type == G1) {
|
|
705
|
+
g1_mul(c->g1, a->g1, b->bn);
|
|
706
|
+
}
|
|
707
|
+
else if(type == G2) {
|
|
708
|
+
g2_mul(c->g2, a->g2, b->bn);
|
|
709
|
+
}
|
|
710
|
+
else if(type == GT) {
|
|
711
|
+
if(bn_is_zero(b->bn))
|
|
712
|
+
gt_set_unity(c->gt); // GT ^ 0 => identity element (not handled by gt_exp)
|
|
713
|
+
else
|
|
714
|
+
gt_exp(c->gt, a->gt, b->bn);
|
|
715
|
+
}
|
|
716
|
+
else {
|
|
717
|
+
return ELEMENT_INVALID_TYPES;
|
|
718
|
+
}
|
|
719
|
+
|
|
720
|
+
return ELEMENT_OK;
|
|
721
|
+
}
|
|
722
|
+
|
|
723
|
+
status_t element_pow_int(element_t c, element_t a, integer_t b)
|
|
724
|
+
{
|
|
725
|
+
GroupType type = a->type;
|
|
726
|
+
// TODO: c (type) = a (type) ^ b (ZR)
|
|
727
|
+
LEAVE_IF( c->isInitialized != TRUE || a->isInitialized != TRUE, "uninitialized argument.");
|
|
728
|
+
EXIT_IF_NOT_SAME(c, a);
|
|
729
|
+
LEAVE_IF(b == NULL, "uninitialized integer.");
|
|
730
|
+
|
|
731
|
+
status_t result = ELEMENT_OK;
|
|
732
|
+
LEAVE_IF( c->type != type, "result initialized but invalid type.");
|
|
733
|
+
|
|
734
|
+
switch(type) {
|
|
735
|
+
case ZR: bn_mxp(c->bn, a->bn, b, a->order);
|
|
736
|
+
break;
|
|
737
|
+
case G1: g1_mul(c->g1, a->g1, b);
|
|
738
|
+
break;
|
|
739
|
+
case G2: g2_mul(c->g2, a->g2, b);
|
|
740
|
+
break;
|
|
741
|
+
case GT: if(bn_is_zero(b)) gt_set_unity(c->gt);
|
|
742
|
+
else gt_exp(c->gt, a->gt, b);
|
|
743
|
+
break;
|
|
744
|
+
default:
|
|
745
|
+
result = ELEMENT_INVALID_TYPES;
|
|
746
|
+
break;
|
|
747
|
+
}
|
|
748
|
+
|
|
749
|
+
return result;
|
|
750
|
+
|
|
751
|
+
}
|
|
752
|
+
|
|
753
|
+
int element_cmp(element_t a, element_t b)
|
|
754
|
+
{
|
|
755
|
+
GroupType type = a->type;
|
|
756
|
+
LEAVE_IF(a->isInitialized != TRUE || b->isInitialized != TRUE, "uninitialized argument.");
|
|
757
|
+
EXIT_IF_NOT_SAME(a, b);
|
|
758
|
+
|
|
759
|
+
switch(type) {
|
|
760
|
+
case ZR: return bn_cmp(a->bn, b->bn);
|
|
761
|
+
case G1: return g1_cmp(a->g1, b->g1);
|
|
762
|
+
case G2: return g2_cmp(a->g2, b->g2);
|
|
763
|
+
case GT: return gt_cmp(a->gt, b->gt);
|
|
764
|
+
default: break;
|
|
765
|
+
}
|
|
766
|
+
|
|
767
|
+
return ELEMENT_INVALID_TYPES;
|
|
768
|
+
}
|
|
769
|
+
|
|
770
|
+
// e = a
|
|
771
|
+
status_t element_set(element_t e, element_t a)
|
|
772
|
+
{
|
|
773
|
+
GroupType type = a->type;
|
|
774
|
+
LEAVE_IF(e->isInitialized != TRUE || a->isInitialized != TRUE, "uninitialized argument.");
|
|
775
|
+
EXIT_IF_NOT_SAME(e, a);
|
|
776
|
+
status_t result = ELEMENT_OK;
|
|
777
|
+
|
|
778
|
+
switch(type) {
|
|
779
|
+
case ZR: bn_copy(e->bn, a->bn);
|
|
780
|
+
break;
|
|
781
|
+
case G1: g1_copy(e->g1, a->g1);
|
|
782
|
+
break;
|
|
783
|
+
case G2: g2_copy(e->g2, a->g2);
|
|
784
|
+
break;
|
|
785
|
+
case GT: gt_copy(e->gt, a->gt);
|
|
786
|
+
break;
|
|
787
|
+
default:
|
|
788
|
+
result = ELEMENT_INVALID_TYPES;
|
|
789
|
+
break;
|
|
790
|
+
}
|
|
791
|
+
|
|
792
|
+
return result;
|
|
793
|
+
}
|
|
794
|
+
|
|
795
|
+
// copy x into e
|
|
796
|
+
status_t element_set_int(element_t e, integer_t x)
|
|
797
|
+
{
|
|
798
|
+
LEAVE_IF(e->isInitialized != TRUE, "uninitialized argument.");
|
|
799
|
+
if(e->type == ZR) {
|
|
800
|
+
bn_copy(e->bn, x);
|
|
801
|
+
return ELEMENT_OK;
|
|
802
|
+
}
|
|
803
|
+
|
|
804
|
+
return ELEMENT_INVALID_TYPES;
|
|
805
|
+
}
|
|
806
|
+
|
|
807
|
+
// x = e (copies for ZR, maps x-coordinate for G1, and not defined for G2 or GT)
|
|
808
|
+
status_t element_to_int(integer_t x, element_t e)
|
|
809
|
+
{
|
|
810
|
+
LEAVE_IF(x == NULL || e->isInitialized != TRUE, "uninitialized argument.");
|
|
811
|
+
|
|
812
|
+
if(e->type == ZR) {
|
|
813
|
+
bn_copy(x, e->bn);
|
|
814
|
+
}
|
|
815
|
+
else if(e->type == G1) {
|
|
816
|
+
fp_prime_back(x, e->g1->x);
|
|
817
|
+
}
|
|
818
|
+
else {
|
|
819
|
+
return ELEMENT_INVALID_TYPES;
|
|
820
|
+
}
|
|
821
|
+
|
|
822
|
+
return ELEMENT_OK;
|
|
823
|
+
}
|
|
824
|
+
|
|
825
|
+
status_t element_set_si(element_t e, unsigned int x)
|
|
826
|
+
{
|
|
827
|
+
LEAVE_IF(e->isInitialized != TRUE, "uninitialized argument.");
|
|
828
|
+
if(e->type == ZR) {
|
|
829
|
+
bn_set_dig(e->bn, x);
|
|
830
|
+
}
|
|
831
|
+
|
|
832
|
+
return ELEMENT_OK;
|
|
833
|
+
}
|
|
834
|
+
|
|
835
|
+
status_t element_from_hash(element_t e, unsigned char *data, int len)
|
|
836
|
+
{
|
|
837
|
+
LEAVE_IF(e->isInitialized == FALSE, "uninitialized argument.");
|
|
838
|
+
GroupType type = e->type;
|
|
839
|
+
status_t result = ELEMENT_OK;
|
|
840
|
+
int digest_len = SHA_LEN;
|
|
841
|
+
unsigned char digest[digest_len + 1];
|
|
842
|
+
memset(digest, 0, digest_len);
|
|
843
|
+
SHA_FUNC(digest, data, len);
|
|
844
|
+
|
|
845
|
+
#ifdef DEBUG
|
|
846
|
+
printf("%s: digest: ", __FUNCTION__);
|
|
847
|
+
print_as_hex(digest, digest_len);
|
|
848
|
+
#endif
|
|
849
|
+
|
|
850
|
+
switch(type) {
|
|
851
|
+
case ZR: bn_read_bin(e->bn, digest, digest_len);
|
|
852
|
+
if(bn_cmp(e->bn, e->order) == CMP_GT) bn_mod(e->bn, e->bn, e->order);
|
|
853
|
+
// bn_print(e->bn);
|
|
854
|
+
break;
|
|
855
|
+
case G1: g1_map(e->g1, digest, digest_len);
|
|
856
|
+
break;
|
|
857
|
+
case G2: g2_map(e->g2, digest, digest_len);
|
|
858
|
+
break;
|
|
859
|
+
default:
|
|
860
|
+
result = ELEMENT_INVALID_TYPES;
|
|
861
|
+
break;
|
|
862
|
+
}
|
|
863
|
+
|
|
864
|
+
return result;
|
|
865
|
+
}
|
|
866
|
+
|
|
867
|
+
int element_length(element_t e)
|
|
868
|
+
{
|
|
869
|
+
|
|
870
|
+
if(e->isInitialized == TRUE) {
|
|
871
|
+
switch(e->type) {
|
|
872
|
+
case ZR: return BN_BYTES + 1; // null bytes included
|
|
873
|
+
case G1: return G1_LEN; // (FP_BYTES * 2) + 2;
|
|
874
|
+
case G2: return G2_LEN; // (FP_BYTES * 4) + 4;
|
|
875
|
+
case GT: return GT_LEN; // (FP_BYTES * 12) + 12;
|
|
876
|
+
default: break;
|
|
877
|
+
}
|
|
878
|
+
}
|
|
879
|
+
return 0;
|
|
880
|
+
}
|
|
881
|
+
|
|
882
|
+
status_t charm_g1_read_bin(g1_t g, uint8_t *data, int data_len)
|
|
883
|
+
{
|
|
884
|
+
if(g == NULL) return ELEMENT_UNINITIALIZED;
|
|
885
|
+
fp_read_bin(g->x, data, FP_BYTES);
|
|
886
|
+
fp_read_bin(g->y, &(data[FP_BYTES + 1]), FP_BYTES);
|
|
887
|
+
fp_zero(g->z);
|
|
888
|
+
fp_set_dig(g->z, 1);
|
|
889
|
+
|
|
890
|
+
return ELEMENT_OK;
|
|
891
|
+
}
|
|
892
|
+
|
|
893
|
+
status_t charm_g1_write_bin(g1_t g, uint8_t *data, int data_len)
|
|
894
|
+
{
|
|
895
|
+
if(g == NULL) return ELEMENT_UNINITIALIZED;
|
|
896
|
+
if(data_len < G1_LEN) return ELEMENT_INVALID_ARG_LEN;
|
|
897
|
+
uint8_t *d = data;
|
|
898
|
+
memset(d, 0, G1_LEN);
|
|
899
|
+
|
|
900
|
+
fp_write_bin(d, FP_BYTES, g->x);
|
|
901
|
+
fp_write_bin(&(d[FP_BYTES + 1]), FP_BYTES, g->y);
|
|
902
|
+
|
|
903
|
+
#ifdef DEBUG
|
|
904
|
+
printf("%s: size for x & y :=> '%d'\n", __FUNCTION__, FP_BYTES);
|
|
905
|
+
|
|
906
|
+
uint8_t *d2 = data;
|
|
907
|
+
int i;
|
|
908
|
+
for(i = 0; i < 2; i++) {
|
|
909
|
+
print_as_hex(d2, FP_BYTES+1);
|
|
910
|
+
d2 = &(d2[FP_BYTES + 1]);
|
|
911
|
+
}
|
|
912
|
+
#endif
|
|
913
|
+
|
|
914
|
+
return ELEMENT_OK;
|
|
915
|
+
}
|
|
916
|
+
|
|
917
|
+
status_t charm_g1_write_str(g1_t g, uint8_t *data, int data_len)
|
|
918
|
+
{
|
|
919
|
+
if(g == NULL) return ELEMENT_UNINITIALIZED;
|
|
920
|
+
if(data_len < G1_LEN*2) return ELEMENT_INVALID_ARG_LEN;
|
|
921
|
+
char *d = (char *) data;
|
|
922
|
+
|
|
923
|
+
int len = FP_BYTES*2+1;
|
|
924
|
+
|
|
925
|
+
fp_write(d, len, g->x, DBASE);
|
|
926
|
+
fp_write(&(d[len]), len, g->y, DBASE);
|
|
927
|
+
|
|
928
|
+
return ELEMENT_OK;
|
|
929
|
+
}
|
|
930
|
+
|
|
931
|
+
|
|
932
|
+
status_t charm_g2_read_bin(g2_t g, uint8_t *data, int data_len)
|
|
933
|
+
{
|
|
934
|
+
if(g == NULL) return ELEMENT_UNINITIALIZED;
|
|
935
|
+
if(data_len < G2_LEN) return ELEMENT_INVALID_ARG_LEN;
|
|
936
|
+
|
|
937
|
+
uint8_t *d = data;
|
|
938
|
+
fp_read_bin(g->x[0], d, FP_BYTES);
|
|
939
|
+
d = &(d[FP_BYTES + 1]);
|
|
940
|
+
fp_read_bin(g->x[1], d, FP_BYTES);
|
|
941
|
+
d = &(d[FP_BYTES + 1]);
|
|
942
|
+
fp_read_bin(g->y[0], d, FP_BYTES);
|
|
943
|
+
d = &(d[FP_BYTES + 1]);
|
|
944
|
+
fp_read_bin(g->y[1], d, FP_BYTES);
|
|
945
|
+
|
|
946
|
+
fp_zero(g->z[0]);
|
|
947
|
+
fp_zero(g->z[1]);
|
|
948
|
+
fp_set_dig(g->z[0], 1);
|
|
949
|
+
|
|
950
|
+
return ELEMENT_OK;
|
|
951
|
+
}
|
|
952
|
+
|
|
953
|
+
status_t charm_g2_write_bin(g2_t g, uint8_t *data, int data_len)
|
|
954
|
+
{
|
|
955
|
+
if(g == NULL) return ELEMENT_UNINITIALIZED;
|
|
956
|
+
// int out_len = (FP_BYTES * 4) + 4;
|
|
957
|
+
if(data_len < G2_LEN) return ELEMENT_INVALID_ARG_LEN;
|
|
958
|
+
uint8_t d[G2_LEN+1];
|
|
959
|
+
memset(d, 0, G2_LEN);
|
|
960
|
+
|
|
961
|
+
fp_write_bin(d, FP_BYTES, g->x[0]);
|
|
962
|
+
uint8_t *d1 = &(d[FP_BYTES + 1]);
|
|
963
|
+
fp_write_bin(d1, FP_BYTES, g->x[1]);
|
|
964
|
+
d1 = &(d1[FP_BYTES + 1]);
|
|
965
|
+
fp_write_bin(d1, FP_BYTES, g->y[0]);
|
|
966
|
+
d1 = &(d1[FP_BYTES + 1]);
|
|
967
|
+
fp_write_bin(d1, FP_BYTES, g->y[1]);
|
|
968
|
+
|
|
969
|
+
memcpy(data, d, data_len);
|
|
970
|
+
|
|
971
|
+
#ifdef DEBUG
|
|
972
|
+
printf("%s: size for x & y :=> '%d'\n", __FUNCTION__, FP_BYTES);
|
|
973
|
+
|
|
974
|
+
uint8_t *d2 = data;
|
|
975
|
+
int i;
|
|
976
|
+
for(i = 0; i < 4; i++) {
|
|
977
|
+
print_as_hex(d2, FP_BYTES+1);
|
|
978
|
+
d2 = &(d2[FP_BYTES + 1]);
|
|
979
|
+
}
|
|
980
|
+
#endif
|
|
981
|
+
memset(d, 0, G2_LEN);
|
|
982
|
+
return ELEMENT_OK;
|
|
983
|
+
}
|
|
984
|
+
|
|
985
|
+
status_t charm_g2_write_str(g2_t g, uint8_t *data, int data_len)
|
|
986
|
+
{
|
|
987
|
+
if(g == NULL) return ELEMENT_UNINITIALIZED;
|
|
988
|
+
int G2_STR = G2_LEN*4;
|
|
989
|
+
if(data_len < G2_STR) return ELEMENT_INVALID_ARG_LEN;
|
|
990
|
+
char *d = (char *) data;
|
|
991
|
+
|
|
992
|
+
int len = FP_BYTES*2 + 1;
|
|
993
|
+
fp_write(d, len, g->x[0], DBASE);
|
|
994
|
+
d += len;
|
|
995
|
+
fp_write(d, len, g->x[1], DBASE);
|
|
996
|
+
d += len;
|
|
997
|
+
fp_write(d, len, g->y[0], DBASE);
|
|
998
|
+
d += len;
|
|
999
|
+
fp_write(d, len, g->y[1], DBASE);
|
|
1000
|
+
|
|
1001
|
+
return ELEMENT_OK;
|
|
1002
|
+
}
|
|
1003
|
+
|
|
1004
|
+
|
|
1005
|
+
status_t charm_gt_read_bin(gt_t g, uint8_t *data, int data_len)
|
|
1006
|
+
{
|
|
1007
|
+
if(g == NULL) return ELEMENT_UNINITIALIZED;
|
|
1008
|
+
if(data_len < GT_LEN) return ELEMENT_INVALID_ARG_LEN;
|
|
1009
|
+
|
|
1010
|
+
uint8_t *d = data;
|
|
1011
|
+
fp_read_bin(g[0][0][0], d, FP_BYTES);
|
|
1012
|
+
d = &(d[FP_BYTES + 1]);
|
|
1013
|
+
fp_read_bin(g[0][0][1], d, FP_BYTES);
|
|
1014
|
+
d = &(d[FP_BYTES + 1]);
|
|
1015
|
+
fp_read_bin(g[0][1][0], d, FP_BYTES);
|
|
1016
|
+
d = &(d[FP_BYTES + 1]);
|
|
1017
|
+
fp_read_bin(g[0][1][1], d, FP_BYTES);
|
|
1018
|
+
d = &(d[FP_BYTES + 1]);
|
|
1019
|
+
fp_read_bin(g[0][2][0], d, FP_BYTES);
|
|
1020
|
+
d = &(d[FP_BYTES + 1]);
|
|
1021
|
+
fp_read_bin(g[0][2][1], d, FP_BYTES);
|
|
1022
|
+
|
|
1023
|
+
d = &(d[FP_BYTES + 1]);
|
|
1024
|
+
fp_read_bin(g[1][0][0], d, FP_BYTES);
|
|
1025
|
+
d = &(d[FP_BYTES + 1]);
|
|
1026
|
+
fp_read_bin(g[1][0][1], d, FP_BYTES);
|
|
1027
|
+
d = &(d[FP_BYTES + 1]);
|
|
1028
|
+
fp_read_bin(g[1][1][0], d, FP_BYTES);
|
|
1029
|
+
d = &(d[FP_BYTES + 1]);
|
|
1030
|
+
fp_read_bin(g[1][1][1], d, FP_BYTES);
|
|
1031
|
+
d = &(d[FP_BYTES + 1]);
|
|
1032
|
+
fp_read_bin(g[1][2][0], d, FP_BYTES);
|
|
1033
|
+
d = &(d[FP_BYTES + 1]);
|
|
1034
|
+
fp_read_bin(g[1][2][1], d, FP_BYTES);
|
|
1035
|
+
|
|
1036
|
+
// fp_zero(g->z[0]);
|
|
1037
|
+
// fp_zero(g->z[1]);
|
|
1038
|
+
// fp_set_dig(g->z[0], 1);
|
|
1039
|
+
|
|
1040
|
+
return ELEMENT_OK;
|
|
1041
|
+
}
|
|
1042
|
+
|
|
1043
|
+
status_t charm_gt_write_bin(gt_t g, uint8_t *data, int data_len)
|
|
1044
|
+
{
|
|
1045
|
+
if(g == NULL) return ELEMENT_UNINITIALIZED;
|
|
1046
|
+
if(data_len < GT_LEN) return ELEMENT_INVALID_ARG_LEN;
|
|
1047
|
+
uint8_t d[GT_LEN+1];
|
|
1048
|
+
uint8_t *d1 = NULL;
|
|
1049
|
+
memset(d, 0, GT_LEN);
|
|
1050
|
+
|
|
1051
|
+
#ifdef DEBUG
|
|
1052
|
+
printf("%s: size for x & y :=> '%d'\n", __FUNCTION__, FP_BYTES);
|
|
1053
|
+
#endif
|
|
1054
|
+
// write the x-coordinate
|
|
1055
|
+
fp_write_bin(d, FP_BYTES, g[0][0][0]);
|
|
1056
|
+
d1 = &(d[FP_BYTES + 1]);
|
|
1057
|
+
fp_write_bin(d1, FP_BYTES, g[0][0][1]);
|
|
1058
|
+
d1 = &(d1[FP_BYTES + 1]);
|
|
1059
|
+
fp_write_bin(d1, FP_BYTES, g[0][1][0]);
|
|
1060
|
+
d1 = &(d1[FP_BYTES + 1]);
|
|
1061
|
+
fp_write_bin(d1, FP_BYTES, g[0][1][1]);
|
|
1062
|
+
d1 = &(d1[FP_BYTES + 1]);
|
|
1063
|
+
fp_write_bin(d1, FP_BYTES, g[0][2][0]);
|
|
1064
|
+
d1 = &(d1[FP_BYTES + 1]);
|
|
1065
|
+
fp_write_bin(d1, FP_BYTES, g[0][2][1]);
|
|
1066
|
+
d1 = &(d1[FP_BYTES + 1]);
|
|
1067
|
+
fp_write_bin(d1, FP_BYTES, g[1][0][0]);
|
|
1068
|
+
d1 = &(d1[FP_BYTES + 1]);
|
|
1069
|
+
fp_write_bin(d1, FP_BYTES, g[1][0][1]);
|
|
1070
|
+
d1 = &(d1[FP_BYTES + 1]);
|
|
1071
|
+
fp_write_bin(d1, FP_BYTES, g[1][1][0]);
|
|
1072
|
+
d1 = &(d1[FP_BYTES + 1]);
|
|
1073
|
+
fp_write_bin(d1, FP_BYTES, g[1][1][1]);
|
|
1074
|
+
d1 = &(d1[FP_BYTES + 1]);
|
|
1075
|
+
fp_write_bin(d1, FP_BYTES, g[1][2][0]);
|
|
1076
|
+
d1 = &(d1[FP_BYTES + 1]);
|
|
1077
|
+
fp_write_bin(d1, FP_BYTES, g[1][2][1]);
|
|
1078
|
+
|
|
1079
|
+
memcpy(data, d, data_len);
|
|
1080
|
+
|
|
1081
|
+
#ifdef DEBUG
|
|
1082
|
+
uint8_t *d2 = data;
|
|
1083
|
+
int i;
|
|
1084
|
+
for(i = 0; i < 12; i++) {
|
|
1085
|
+
print_as_hex(d2, FP_BYTES+1);
|
|
1086
|
+
d2 = &(d2[FP_BYTES + 1]);
|
|
1087
|
+
}
|
|
1088
|
+
#endif
|
|
1089
|
+
memset(d, 0, GT_LEN);
|
|
1090
|
+
return ELEMENT_OK;
|
|
1091
|
+
}
|
|
1092
|
+
|
|
1093
|
+
status_t charm_gt_write_str(gt_t g, uint8_t *data, int data_len)
|
|
1094
|
+
{
|
|
1095
|
+
if(g == NULL) return ELEMENT_UNINITIALIZED;
|
|
1096
|
+
if(data_len < GT_LEN*3) return ELEMENT_INVALID_ARG_LEN;
|
|
1097
|
+
|
|
1098
|
+
int len = FP_BYTES*2 + 1;
|
|
1099
|
+
char *d1 = (char *) data;
|
|
1100
|
+
|
|
1101
|
+
// write the x-coordinate
|
|
1102
|
+
fp_write(d1, len, g[0][0][0], DBASE);
|
|
1103
|
+
d1 += len;
|
|
1104
|
+
fp_write(d1, len, g[0][0][1], DBASE);
|
|
1105
|
+
d1 += len;
|
|
1106
|
+
fp_write(d1, len, g[0][1][0], DBASE);
|
|
1107
|
+
d1 += len;
|
|
1108
|
+
fp_write(d1, len, g[0][1][1], DBASE);
|
|
1109
|
+
d1 += len;
|
|
1110
|
+
fp_write(d1, len, g[0][2][0], DBASE);
|
|
1111
|
+
d1 += len;
|
|
1112
|
+
fp_write(d1, len, g[0][2][1], DBASE);
|
|
1113
|
+
d1 += len;
|
|
1114
|
+
fp_write(d1, len, g[1][0][0], DBASE);
|
|
1115
|
+
d1 += len;
|
|
1116
|
+
fp_write(d1, len, g[1][0][1], DBASE);
|
|
1117
|
+
d1 += len;
|
|
1118
|
+
fp_write(d1, len, g[1][1][0], DBASE);
|
|
1119
|
+
d1 += len;
|
|
1120
|
+
fp_write(d1, len, g[1][1][1], DBASE);
|
|
1121
|
+
d1 += len;
|
|
1122
|
+
fp_write(d1, len, g[1][2][0], DBASE);
|
|
1123
|
+
d1 += len;
|
|
1124
|
+
fp_write(d1, len, g[1][2][1], DBASE);
|
|
1125
|
+
|
|
1126
|
+
return ELEMENT_OK;
|
|
1127
|
+
}
|
|
1128
|
+
|
|
1129
|
+
status_t element_from_bytes(element_t e, unsigned char *data, int data_len)
|
|
1130
|
+
{
|
|
1131
|
+
LEAVE_IF(e->isInitialized != TRUE, "uninitialized argument.");
|
|
1132
|
+
GroupType type = e->type;
|
|
1133
|
+
if(type == ZR) {
|
|
1134
|
+
bn_read_bin(e->bn, data, data_len);
|
|
1135
|
+
}
|
|
1136
|
+
else if(type == G1) {
|
|
1137
|
+
return charm_g1_read_bin(e->g1, data, data_len); // x & y
|
|
1138
|
+
}
|
|
1139
|
+
else if(type == G2) {
|
|
1140
|
+
return charm_g2_read_bin(e->g2, data, data_len); // x1, y1 & x2, y2
|
|
1141
|
+
}
|
|
1142
|
+
else if(type == GT) {
|
|
1143
|
+
return charm_gt_read_bin(e->gt, data, data_len); // x1-6 && y1-6
|
|
1144
|
+
}
|
|
1145
|
+
else {
|
|
1146
|
+
return ELEMENT_INVALID_TYPES;
|
|
1147
|
+
}
|
|
1148
|
+
|
|
1149
|
+
return ELEMENT_OK;
|
|
1150
|
+
}
|
|
1151
|
+
|
|
1152
|
+
status_t element_to_bytes(unsigned char *data, int data_len, element_t e)
|
|
1153
|
+
{
|
|
1154
|
+
LEAVE_IF(e->isInitialized != TRUE, "uninitialized argument.");
|
|
1155
|
+
GroupType type = e->type;
|
|
1156
|
+
if(type == ZR) {
|
|
1157
|
+
bn_write_bin(data, data_len, e->bn);
|
|
1158
|
+
}
|
|
1159
|
+
else if(type == G1) {
|
|
1160
|
+
return charm_g1_write_bin(e->g1, data, data_len); // x & y
|
|
1161
|
+
}
|
|
1162
|
+
else if(type == G2) {
|
|
1163
|
+
return charm_g2_write_bin(e->g2, data, data_len); // x1, y1 & x2, y2
|
|
1164
|
+
}
|
|
1165
|
+
else if(type == GT) {
|
|
1166
|
+
return charm_gt_write_bin(e->gt, data, data_len); // x1-6 && y1-6
|
|
1167
|
+
}
|
|
1168
|
+
else {
|
|
1169
|
+
return ELEMENT_INVALID_TYPES;
|
|
1170
|
+
}
|
|
1171
|
+
|
|
1172
|
+
return ELEMENT_OK;
|
|
1173
|
+
}
|
|
1174
|
+
|
|
1175
|
+
status_t element_to_key(element_t e, uint8_t *data, int data_len, uint8_t label)
|
|
1176
|
+
{
|
|
1177
|
+
LEAVE_IF(e->isInitialized != TRUE, "uninitialized argument.");
|
|
1178
|
+
// adds an extra null byte by default - will use this last byte for the label
|
|
1179
|
+
int d_len = element_length(e), digest_len = SHA_LEN;
|
|
1180
|
+
|
|
1181
|
+
uint8_t d[d_len + 1];
|
|
1182
|
+
memset(d, 0, d_len);
|
|
1183
|
+
// write e to a tmp buf
|
|
1184
|
+
if(d_len > 0 && digest_len <= data_len) {
|
|
1185
|
+
element_to_bytes(d, d_len, e);
|
|
1186
|
+
d[d_len-1] = label;
|
|
1187
|
+
#ifdef DEBUG
|
|
1188
|
+
printf("%s: bytes form....\n", __FUNCTION__);
|
|
1189
|
+
print_as_hex(d, d_len);
|
|
1190
|
+
#endif
|
|
1191
|
+
// hash buf using md_map_sh256 and store data_len bytes in data
|
|
1192
|
+
uint8_t digest[digest_len + 1];
|
|
1193
|
+
memset(digest, 0, digest_len);
|
|
1194
|
+
SHA_FUNC(digest, d, d_len);
|
|
1195
|
+
memcpy(data, digest, digest_len);
|
|
1196
|
+
#ifdef DEBUG
|
|
1197
|
+
printf("%s: digest: ", __FUNCTION__);
|
|
1198
|
+
print_as_hex(data, digest_len);
|
|
1199
|
+
#endif
|
|
1200
|
+
return ELEMENT_OK;
|
|
1201
|
+
}
|
|
1202
|
+
return ELEMENT_INVALID_ARG;
|
|
1203
|
+
}
|
|
1204
|
+
|
|
1205
|
+
/*!
|
|
1206
|
+
* Hash a null-terminated string to a byte array.
|
|
1207
|
+
*
|
|
1208
|
+
* @param input_buf The input buffer.
|
|
1209
|
+
* @param input_len The input buffer length (in bytes).
|
|
1210
|
+
* @param output_buf A pre-allocated output buffer of size hash_len.
|
|
1211
|
+
* @param hash_len Length of the output hash (in bytes). Should be approximately bit size of curve group order.
|
|
1212
|
+
* @param hash_prefix prefix for hash function.
|
|
1213
|
+
*/
|
|
1214
|
+
status_t hash_buffer_to_bytes(uint8_t *input_buf, int input_len, uint8_t *output_buf, int hash_len, uint8_t hash_prefix)
|
|
1215
|
+
{
|
|
1216
|
+
LEAVE_IF(input_buf == NULL || output_buf == NULL, "uninitialized argument.");
|
|
1217
|
+
int i, new_input_len = input_len + 2; // extra byte for prefix
|
|
1218
|
+
uint8_t first_block = 0;
|
|
1219
|
+
uint8_t new_input[new_input_len+1];
|
|
1220
|
+
// printf("orig input => \n");
|
|
1221
|
+
// print_as_hex(input_buf, input_len);
|
|
1222
|
+
|
|
1223
|
+
memset(new_input, 0, new_input_len+1);
|
|
1224
|
+
new_input[0] = first_block; // block number (always 0 by default)
|
|
1225
|
+
new_input[1] = hash_prefix; // set hash prefix
|
|
1226
|
+
memcpy((uint8_t *)(new_input+2), input_buf, input_len); // copy input bytes
|
|
1227
|
+
|
|
1228
|
+
// printf("new input => \n");
|
|
1229
|
+
// print_as_hex(new_input, new_input_len);
|
|
1230
|
+
// prepare output buf
|
|
1231
|
+
memset(output_buf, 0, hash_len);
|
|
1232
|
+
|
|
1233
|
+
if (hash_len <= SHA_LEN) {
|
|
1234
|
+
uint8_t md[SHA_LEN+1];
|
|
1235
|
+
SHA_FUNC(md, new_input, new_input_len);
|
|
1236
|
+
memcpy(output_buf, md, hash_len);
|
|
1237
|
+
}
|
|
1238
|
+
else {
|
|
1239
|
+
// apply variable-size hash technique to get desired size
|
|
1240
|
+
// determine block count.
|
|
1241
|
+
int blocks = (int) ceil(((double) hash_len) / SHA_LEN);
|
|
1242
|
+
//debug("Num blocks needed: %d\n", blocks);
|
|
1243
|
+
uint8_t md[SHA_LEN+1];
|
|
1244
|
+
uint8_t md2[(blocks * SHA_LEN)+1];
|
|
1245
|
+
uint8_t *target_buf = md2;
|
|
1246
|
+
for(i = 0; i < blocks; i++) {
|
|
1247
|
+
/* compute digest = SHA-2( i || prefix || input_buf ) || ... || SHA-2( n-1 || prefix || input_buf ) */
|
|
1248
|
+
target_buf += (i * SHA_LEN);
|
|
1249
|
+
new_input[0] = (uint8_t) i;
|
|
1250
|
+
//debug("input %d => ", i);
|
|
1251
|
+
//print_as_hex(new_input, new_input_len);
|
|
1252
|
+
|
|
1253
|
+
SHA_FUNC(md, new_input, new_input_len);
|
|
1254
|
+
memcpy(target_buf, md, hash_len);
|
|
1255
|
+
//debug("block %d => ", i);
|
|
1256
|
+
//print_as_hex(md, SHA_LEN);
|
|
1257
|
+
memset(md, 0, SHA_LEN);
|
|
1258
|
+
}
|
|
1259
|
+
// copy back to caller
|
|
1260
|
+
memcpy(output_buf, md2, hash_len);
|
|
1261
|
+
}
|
|
1262
|
+
|
|
1263
|
+
return ELEMENT_OK;
|
|
1264
|
+
}
|
|
1265
|
+
|
|
1266
|
+
status_t pairing_apply(element_t et, element_t e1, element_t e2)
|
|
1267
|
+
{
|
|
1268
|
+
LEAVE_IF(e1->isInitialized != TRUE || e2->isInitialized != TRUE || et->isInitialized != TRUE, "uninitialized arguments.");
|
|
1269
|
+
if(e1->type == G1 && e2->type == G2 && et->type == GT) {
|
|
1270
|
+
/* compute optimal ate pairing */
|
|
1271
|
+
pc_map(et->gt, e1->g1, e2->g2);
|
|
1272
|
+
//pp_map_oatep(et->gt, e1->g1, e2->g2);
|
|
1273
|
+
//pp_map_k12(et->gt, e1->g1, e2->g2);
|
|
1274
|
+
return ELEMENT_OK;
|
|
1275
|
+
}
|
|
1276
|
+
return ELEMENT_INVALID_ARG;
|
|
1277
|
+
}
|
|
1278
|
+
|
|
1279
|
+
int element_is_member(element_t e)
|
|
1280
|
+
{
|
|
1281
|
+
LEAVE_IF(e->isInitialized != TRUE, "uninitialized argument.");
|
|
1282
|
+
int result;
|
|
1283
|
+
|
|
1284
|
+
if(e->type == ZR) {
|
|
1285
|
+
if(bn_cmp(e->bn, e->order) <= CMP_EQ)
|
|
1286
|
+
result = TRUE;
|
|
1287
|
+
else
|
|
1288
|
+
result = FALSE;
|
|
1289
|
+
}
|
|
1290
|
+
else if(e->type == G1) {
|
|
1291
|
+
g1_t r;
|
|
1292
|
+
g1_inits(r);
|
|
1293
|
+
|
|
1294
|
+
g1_mul(r, e->g1, e->order);
|
|
1295
|
+
if(g1_is_infty(r) == 1)
|
|
1296
|
+
result = TRUE;
|
|
1297
|
+
else
|
|
1298
|
+
result = FALSE;
|
|
1299
|
+
g1_free(r);
|
|
1300
|
+
}
|
|
1301
|
+
else if(e->type == G2) {
|
|
1302
|
+
g2_t r;
|
|
1303
|
+
g2_inits(r);
|
|
1304
|
+
|
|
1305
|
+
g2_mul(r, e->g2, e->order);
|
|
1306
|
+
if(g2_is_infty(r) == 1)
|
|
1307
|
+
result = TRUE;
|
|
1308
|
+
else
|
|
1309
|
+
result = FALSE;
|
|
1310
|
+
g2_free(r);
|
|
1311
|
+
}
|
|
1312
|
+
else if(e->type == GT) {
|
|
1313
|
+
gt_t r;
|
|
1314
|
+
gt_inits(r);
|
|
1315
|
+
|
|
1316
|
+
gt_exp(r, e->gt, e->order);
|
|
1317
|
+
if(gt_is_unity(r) == 1)
|
|
1318
|
+
result = TRUE;
|
|
1319
|
+
else
|
|
1320
|
+
result = FALSE;
|
|
1321
|
+
gt_free(r);
|
|
1322
|
+
}
|
|
1323
|
+
else {
|
|
1324
|
+
result = ELEMENT_INVALID_ARG;
|
|
1325
|
+
}
|
|
1326
|
+
|
|
1327
|
+
return result;
|
|
1328
|
+
}
|
|
1329
|
+
|
|
1330
|
+
int get_order(integer_t x)
|
|
1331
|
+
{
|
|
1332
|
+
if(x != NULL) {
|
|
1333
|
+
g1_get_ord(x);
|
|
1334
|
+
return TRUE;
|
|
1335
|
+
}
|
|
1336
|
+
return FALSE;
|
|
1337
|
+
}
|