yydcaib
/
KGC_TEST
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add kgc demo

This commit is contained in:
www-git-cn 2024-04-28 17:22:38 +08:00
parent e7877a6226
commit 9ae943083c
631 changed files with 168318 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
.DS_Store vendored Normal file
View File

Binary file not shown.

0
.vs/CMake Overview Normal file
View File

BIN
.vs/KGC/FileContentIndex/1f7c3579-20ab-4e7f-802d-bf403df89daf.vsidx Normal file
View File

Binary file not shown.

BIN
.vs/KGC/FileContentIndex/2d65281a-80f8-4373-afa1-d467ad0689d1.vsidx Normal file
View File

Binary file not shown.

BIN
.vs/KGC/FileContentIndex/402dcfbd-fffe-4c37-a38f-1ce47ee68ce0.vsidx Normal file
View File

Binary file not shown.

BIN
.vs/KGC/FileContentIndex/72627c78-8166-4040-a5eb-525354373247.vsidx Normal file
View File

Binary file not shown.

0
.vs/KGC/FileContentIndex/read.lock Normal file
View File

BIN
.vs/KGC/v17/.suo Normal file
View File

Binary file not shown.

BIN
.vs/KGC/v17/Browse.VC.db Normal file
View File

Binary file not shown.

BIN
.vs/KGC/v17/ipch/AutoPCH/8504fe4dc05b7cb1/UTILS.ipch Normal file
View File

Binary file not shown.

BIN
.vs/KGC/v17/ipch/AutoPCH/aaf84237246deadb/MAIN.ipch Normal file
View File

Binary file not shown.

BIN
.vs/KGC/v17/ipch/AutoPCH/b6d261708b0fd737/KGC.ipch Normal file
View File

Binary file not shown.

BIN
.vs/KGC/v17/ipch/AutoPCH/c7528dccf1137267/MAIN.ipch Normal file
View File

Binary file not shown.

BIN
.vs/KGC/v17/ipch/AutoPCH/e0ab2bceadaf748b/MAIN.ipch Normal file
View File

Binary file not shown.

BIN
.vs/KGC/v17/ipch/AutoPCH/f2d4fc7b85a9752f/SIGN.ipch Normal file
View File

Binary file not shown.

3
.vs/ProjectSettings.json Normal file
View File

@ -0,0 +1,3 @@
{
"CurrentProjectSetting": "x86-Debug"
}

6
.vs/VSWorkspaceState.json Normal file
View File

@ -0,0 +1,6 @@
{
"ExpandedNodes": [
""
],
"PreviewInSolutionExplorer": false
}

BIN
.vs/cmake.db Normal file
View File

Binary file not shown.

12
.vs/launch.vs.json Normal file
View File

@ -0,0 +1,12 @@
{
"version": "0.2.1",
"defaults": {},
"configurations": [
{
"type": "default",
"project": "CMakeLists.txt",
"projectTarget": "KGC_demo.exe",
"name": "KGC_demo.exe"
}
]
}

BIN
.vs/slnx.sqlite Normal file
View File

Binary file not shown.

100
CMakeLists.txt Normal file
View File

@ -0,0 +1,100 @@
cmake_minimum_required(VERSION 3.21.0)
project(KGC)
include(GNUInstallDirs)
set(MIRACL_INSTALL_INCLUDEDIR ${CMAKE_CURRENT_BINARY_DIR}/output/include)
set(MIRACL_INSTALL_LIBDIR ${CMAKE_CURRENT_BINARY_DIR}/output/temp)
set(MIRACL_INSTALL_BINDIR ${CMAKE_CURRENT_BINARY_DIR}/output/temp)
add_subdirectory(miracl)
aux_source_directory(. APP_SRC)
# KGC Miracl
add_library(${PROJECT_NAME} STATIC ${APP_SRC})
target_link_libraries(${PROJECT_NAME} PUBLIC Miracl)
target_include_directories(${PROJECT_NAME} PUBLIC
include
${CMAKE_CURRENT_SOURCE_DIR}
)
file(GLOB_RECURSE MIRACL_HEADER_FILES ${CMAKE_CURRENT_BINARY_DIR}/miracl/*.h)
file(COPY ${MIRACL_HEADER_FILES} DESTINATION "${CMAKE_CURRENT_BINARY_DIR}/output/include")
file(GLOB HEADER_FILES ${CMAKE_CURRENT_SOURCE_DIR}/*.h)
file(COPY ${HEADER_FILES} DESTINATION "${CMAKE_CURRENT_BINARY_DIR}/output/include")
if(EXISTS "${CMAKE_CURRENT_BINARY_DIR}/output/lib/lib${PROJECT_NAME}All.a" OR "${CMAKE_CURRENT_BINARY_DIR}/output/lib/lib${PROJECT_NAME}All.lib")
if(MSVC)
file(REMOVE ${CMAKE_CURRENT_BINARY_DIR}/output/lib/lib${PROJECT_NAME}All.lib)
else()
file(REMOVE ${CMAKE_CURRENT_BINARY_DIR}/output/lib/lib${PROJECT_NAME}All.a)
endif()
endif()
if(APPLE)
add_custom_command(OUTPUT lib${PROJECT_NAME}All
COMMAND ${CMAKE_COMMAND} -E make_directory "${CMAKE_CURRENT_BINARY_DIR}/output/lib"
COMMAND libtool -static -o "${CMAKE_CURRENT_BINARY_DIR}/output/lib/lib${PROJECT_NAME}All.a" $<TARGET_FILE:${PROJECT_NAME}> $<TARGET_FILE:Miracl>
DEPENDS ${PROJECT_NAME} Miracl)
elseif(MSVC)
add_custom_command(OUTPUT lib${PROJECT_NAME}All
COMMAND ${CMAKE_COMMAND} -E make_directory "${CMAKE_CURRENT_BINARY_DIR}/output/lib"
COMMAND lib.exe "-OUT:${CMAKE_CURRENT_BINARY_DIR}/output/lib/lib${PROJECT_NAME}All.lib" $<TARGET_FILE:${PROJECT_NAME}> $<TARGET_FILE:Miracl>
DEPENDS ${PROJECT_NAME} Miracl)
elseif(WIN32)
add_custom_command(OUTPUT lib${PROJECT_NAME}All
COMMAND ${CMAKE_COMMAND} -E make_directory "${CMAKE_CURRENT_BINARY_DIR}/output/temp"
COMMAND ${CMAKE_COMMAND} -E make_directory "${CMAKE_CURRENT_BINARY_DIR}/output/lib"
COMMAND ${CMAKE_COMMAND} -E copy $<TARGET_FILE:${PROJECT_NAME}> $<TARGET_FILE:Miracl> "${CMAKE_CURRENT_BINARY_DIR}/output/temp"
COMMAND cd "${CMAKE_CURRENT_BINARY_DIR}/output/temp"
COMMAND ${CMAKE_AR} x "${CMAKE_CURRENT_BINARY_DIR}/output/temp/libMiracl.a"
COMMAND ${CMAKE_AR} x "${CMAKE_CURRENT_BINARY_DIR}/output/temp/lib${PROJECT_NAME}.a"
COMMAND ${CMAKE_AR} crs "${CMAKE_CURRENT_BINARY_DIR}/output/lib/lib${PROJECT_NAME}All.a" "${CMAKE_CURRENT_BINARY_DIR}/output/temp/*.obj"
DEPENDS ${PROJECT_NAME} Miracl
)
else()
add_custom_command(OUTPUT lib${PROJECT_NAME}All
COMMAND ${CMAKE_COMMAND} -E make_directory "${CMAKE_CURRENT_BINARY_DIR}/output/temp"
COMMAND ${CMAKE_COMMAND} -E make_directory "${CMAKE_CURRENT_BINARY_DIR}/output/lib"
COMMAND ${CMAKE_COMMAND} -E copy $<TARGET_FILE:${PROJECT_NAME}> $<TARGET_FILE:Miracl> "${CMAKE_CURRENT_BINARY_DIR}/output/temp"
COMMAND cd "${CMAKE_CURRENT_BINARY_DIR}/output/temp"
COMMAND ${CMAKE_AR} x "${CMAKE_CURRENT_BINARY_DIR}/output/temp/libMiracl.a"
COMMAND ${CMAKE_AR} x "${CMAKE_CURRENT_BINARY_DIR}/output/temp/lib${PROJECT_NAME}.a"
COMMAND ${CMAKE_AR} crs "${CMAKE_CURRENT_BINARY_DIR}/output/lib/lib${PROJECT_NAME}All.a" "${CMAKE_CURRENT_BINARY_DIR}/output/temp/*.o"
DEPENDS ${PROJECT_NAME} Miracl
)
endif()
add_custom_target(${PROJECT_NAME}All ALL DEPENDS lib${PROJECT_NAME}All)
if(KGC_INSTALL_BINDIR)
set(CMAKE_INSTALL_BINDIR ${KGC_INSTALL_BINDIR})
endif()
if(KGC_INSTALL_LIBDIR)
set(CMAKE_INSTALL_LIBDIR ${KGC_INSTALL_LIBDIR})
endif()
if(KGC_INSTALL_INCLUDEDIR)
set(CMAKE_INSTALL_INCLUDEDIR ${KGC_INSTALL_INCLUDEDIR})
endif()
install(TARGETS ${PROJECT_NAME}
RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}
ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}
)
if(MSVC)
install(FILES "${CMAKE_CURRENT_BINARY_DIR}/output/lib/lib${PROJECT_NAME}All.lib"
DESTINATION ${CMAKE_INSTALL_LIBDIR})
else()
install(FILES "${CMAKE_CURRENT_BINARY_DIR}/output/lib/lib${PROJECT_NAME}All.a"
DESTINATION ${CMAKE_INSTALL_LIBDIR})
endif()
file(GLOB HEADER_FILES ${CMAKE_CURRENT_BINARY_DIR}/output/include/*.h)
install(FILES ${HEADER_FILES} DESTINATION ${CMAKE_INSTALL_INCLUDEDIR})

418
CMakeLists.txt.user Normal file
View File

@ -0,0 +1,418 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE QtCreatorProject>
<!-- Written by QtCreator 13.0.0, 2024-04-28T16:42:20. -->
<qtcreator>
<data>
<variable>EnvironmentId</variable>
<value type="QByteArray">{7795ecad-0ea3-4fc2-a933-fbc01bf1ad55}</value>
</data>
<data>
<variable>ProjectExplorer.Project.ActiveTarget</variable>
<value type="qlonglong">0</value>
</data>
<data>
<variable>ProjectExplorer.Project.EditorSettings</variable>
<valuemap type="QVariantMap">
<value type="bool" key="EditorConfiguration.AutoIndent">true</value>
<value type="bool" key="EditorConfiguration.AutoSpacesForTabs">false</value>
<value type="bool" key="EditorConfiguration.CamelCaseNavigation">true</value>
<valuemap type="QVariantMap" key="EditorConfiguration.CodeStyle.0">
<value type="QString" key="language">Cpp</value>
<valuemap type="QVariantMap" key="value">
<value type="QByteArray" key="CurrentPreferences">CppGlobal</value>
</valuemap>
</valuemap>
<valuemap type="QVariantMap" key="EditorConfiguration.CodeStyle.1">
<value type="QString" key="language">QmlJS</value>
<valuemap type="QVariantMap" key="value">
<value type="QByteArray" key="CurrentPreferences">QmlJSGlobal</value>
</valuemap>
</valuemap>
<value type="qlonglong" key="EditorConfiguration.CodeStyle.Count">2</value>
<value type="QByteArray" key="EditorConfiguration.Codec">UTF-8</value>
<value type="bool" key="EditorConfiguration.ConstrainTooltips">false</value>
<value type="int" key="EditorConfiguration.IndentSize">4</value>
<value type="bool" key="EditorConfiguration.KeyboardTooltips">false</value>
<value type="int" key="EditorConfiguration.MarginColumn">80</value>
<value type="bool" key="EditorConfiguration.MouseHiding">true</value>
<value type="bool" key="EditorConfiguration.MouseNavigation">true</value>
<value type="int" key="EditorConfiguration.PaddingMode">1</value>
<value type="int" key="EditorConfiguration.PreferAfterWhitespaceComments">0</value>
<value type="bool" key="EditorConfiguration.PreferSingleLineComments">false</value>
<value type="bool" key="EditorConfiguration.ScrollWheelZooming">true</value>
<value type="bool" key="EditorConfiguration.ShowMargin">false</value>
<value type="int" key="EditorConfiguration.SmartBackspaceBehavior">2</value>
<value type="bool" key="EditorConfiguration.SmartSelectionChanging">true</value>
<value type="bool" key="EditorConfiguration.SpacesForTabs">true</value>
<value type="int" key="EditorConfiguration.TabKeyBehavior">0</value>
<value type="int" key="EditorConfiguration.TabSize">8</value>
<value type="bool" key="EditorConfiguration.UseGlobal">true</value>
<value type="bool" key="EditorConfiguration.UseIndenter">false</value>
<value type="int" key="EditorConfiguration.Utf8BomBehavior">1</value>
<value type="bool" key="EditorConfiguration.addFinalNewLine">true</value>
<value type="bool" key="EditorConfiguration.cleanIndentation">true</value>
<value type="bool" key="EditorConfiguration.cleanWhitespace">true</value>
<value type="QString" key="EditorConfiguration.ignoreFileTypes">*.md, *.MD, Makefile</value>
<value type="bool" key="EditorConfiguration.inEntireDocument">false</value>
<value type="bool" key="EditorConfiguration.skipTrailingWhitespace">true</value>
<value type="bool" key="EditorConfiguration.tintMarginArea">true</value>
</valuemap>
</data>
<data>
<variable>ProjectExplorer.Project.PluginSettings</variable>
<valuemap type="QVariantMap">
<valuemap type="QVariantMap" key="AutoTest.ActiveFrameworks">
<value type="bool" key="AutoTest.Framework.Boost">true</value>
<value type="bool" key="AutoTest.Framework.CTest">false</value>
<value type="bool" key="AutoTest.Framework.Catch">true</value>
<value type="bool" key="AutoTest.Framework.GTest">true</value>
<value type="bool" key="AutoTest.Framework.QtQuickTest">true</value>
<value type="bool" key="AutoTest.Framework.QtTest">true</value>
</valuemap>
<valuemap type="QVariantMap" key="AutoTest.CheckStates"/>
<value type="int" key="AutoTest.RunAfterBuild">0</value>
<value type="bool" key="AutoTest.UseGlobal">true</value>
<valuemap type="QVariantMap" key="ClangTools">
<value type="bool" key="ClangTools.AnalyzeOpenFiles">true</value>
<value type="bool" key="ClangTools.BuildBeforeAnalysis">true</value>
<value type="QString" key="ClangTools.DiagnosticConfig">Builtin.DefaultTidyAndClazy</value>
<value type="int" key="ClangTools.ParallelJobs">2</value>
<value type="bool" key="ClangTools.PreferConfigFile">true</value>
<valuelist type="QVariantList" key="ClangTools.SelectedDirs"/>
<valuelist type="QVariantList" key="ClangTools.SelectedFiles"/>
<valuelist type="QVariantList" key="ClangTools.SuppressedDiagnostics"/>
<value type="bool" key="ClangTools.UseGlobalSettings">true</value>
</valuemap>
</valuemap>
</data>
<data>
<variable>ProjectExplorer.Project.Target.0</variable>
<valuemap type="QVariantMap">
<value type="QString" key="DeviceType">Desktop</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.DefaultDisplayName">Desktop Qt 6.5.3 MinGW 64-bit</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.DisplayName">Desktop Qt 6.5.3 MinGW 64-bit</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.Id">qt.qt6.653.win64_mingw_kit</value>
<value type="qlonglong" key="ProjectExplorer.Target.ActiveBuildConfiguration">0</value>
<value type="qlonglong" key="ProjectExplorer.Target.ActiveDeployConfiguration">0</value>
<value type="qlonglong" key="ProjectExplorer.Target.ActiveRunConfiguration">0</value>
<valuemap type="QVariantMap" key="ProjectExplorer.Target.BuildConfiguration.0">
<value type="QString" key="CMake.Build.Type">Debug</value>
<value type="int" key="CMake.Configure.BaseEnvironment">2</value>
<value type="bool" key="CMake.Configure.ClearSystemEnvironment">false</value>
<valuelist type="QVariantList" key="CMake.Configure.UserEnvironmentChanges"/>
<value type="QString" key="CMake.Initial.Parameters">-DCMAKE_GENERATOR:STRING=Ninja
-DCMAKE_BUILD_TYPE:STRING=Debug
-DCMAKE_PROJECT_INCLUDE_BEFORE:FILEPATH=%{BuildConfig:BuildDirectory:NativeFilePath}/.qtc/package-manager/auto-setup.cmake
-DQT_QMAKE_EXECUTABLE:FILEPATH=%{Qt:qmakeExecutable}
-DCMAKE_PREFIX_PATH:PATH=%{Qt:QT_INSTALL_PREFIX}
-DCMAKE_C_COMPILER:FILEPATH=%{Compiler:Executable:C}
-DCMAKE_CXX_COMPILER:FILEPATH=%{Compiler:Executable:Cxx}
-DCMAKE_CXX_FLAGS_INIT:STRING=%{Qt:QML_DEBUG_FLAG}</value>
<value type="int" key="EnableQmlDebugging">0</value>
<value type="QString" key="ProjectExplorer.BuildConfiguration.BuildDirectory">C:\KGC\build\Desktop_Qt_6_5_3_MinGW_64_bit-Debug</value>
<valuemap type="QVariantMap" key="ProjectExplorer.BuildConfiguration.BuildStepList.0">
<valuemap type="QVariantMap" key="ProjectExplorer.BuildStepList.Step.0">
<value type="QString" key="CMakeProjectManager.MakeStep.BuildPreset"></value>
<valuelist type="QVariantList" key="CMakeProjectManager.MakeStep.BuildTargets">
<value type="QString">all</value>
</valuelist>
<value type="bool" key="CMakeProjectManager.MakeStep.ClearSystemEnvironment">false</value>
<valuelist type="QVariantList" key="CMakeProjectManager.MakeStep.UserEnvironmentChanges"/>
<value type="bool" key="ProjectExplorer.BuildStep.Enabled">true</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.DisplayName">构建</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.Id">CMakeProjectManager.MakeStep</value>
</valuemap>
<value type="qlonglong" key="ProjectExplorer.BuildStepList.StepsCount">1</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.DefaultDisplayName">构建</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.DisplayName">构建</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.Id">ProjectExplorer.BuildSteps.Build</value>
</valuemap>
<valuemap type="QVariantMap" key="ProjectExplorer.BuildConfiguration.BuildStepList.1">
<valuemap type="QVariantMap" key="ProjectExplorer.BuildStepList.Step.0">
<value type="QString" key="CMakeProjectManager.MakeStep.BuildPreset"></value>
<valuelist type="QVariantList" key="CMakeProjectManager.MakeStep.BuildTargets">
<value type="QString">clean</value>
</valuelist>
<value type="bool" key="CMakeProjectManager.MakeStep.ClearSystemEnvironment">false</value>
<valuelist type="QVariantList" key="CMakeProjectManager.MakeStep.UserEnvironmentChanges"/>
<value type="bool" key="ProjectExplorer.BuildStep.Enabled">true</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.DisplayName">构建</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.Id">CMakeProjectManager.MakeStep</value>
</valuemap>
<value type="qlonglong" key="ProjectExplorer.BuildStepList.StepsCount">1</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.DefaultDisplayName">清除</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.DisplayName">清除</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.Id">ProjectExplorer.BuildSteps.Clean</value>
</valuemap>
<value type="int" key="ProjectExplorer.BuildConfiguration.BuildStepListCount">2</value>
<value type="bool" key="ProjectExplorer.BuildConfiguration.ClearSystemEnvironment">false</value>
<valuelist type="QVariantList" key="ProjectExplorer.BuildConfiguration.CustomParsers"/>
<value type="bool" key="ProjectExplorer.BuildConfiguration.ParseStandardOutput">false</value>
<valuelist type="QVariantList" key="ProjectExplorer.BuildConfiguration.UserEnvironmentChanges"/>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.DisplayName">Debug</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.Id">CMakeProjectManager.CMakeBuildConfiguration</value>
</valuemap>
<valuemap type="QVariantMap" key="ProjectExplorer.Target.BuildConfiguration.1">
<value type="QString" key="CMake.Build.Type">Release</value>
<value type="int" key="CMake.Configure.BaseEnvironment">2</value>
<value type="bool" key="CMake.Configure.ClearSystemEnvironment">false</value>
<valuelist type="QVariantList" key="CMake.Configure.UserEnvironmentChanges"/>
<value type="QString" key="CMake.Initial.Parameters">-DCMAKE_GENERATOR:STRING=Ninja
-DCMAKE_BUILD_TYPE:STRING=Release
-DCMAKE_PROJECT_INCLUDE_BEFORE:FILEPATH=%{BuildConfig:BuildDirectory:NativeFilePath}/.qtc/package-manager/auto-setup.cmake
-DQT_QMAKE_EXECUTABLE:FILEPATH=%{Qt:qmakeExecutable}
-DCMAKE_PREFIX_PATH:PATH=%{Qt:QT_INSTALL_PREFIX}
-DCMAKE_C_COMPILER:FILEPATH=%{Compiler:Executable:C}
-DCMAKE_CXX_COMPILER:FILEPATH=%{Compiler:Executable:Cxx}
-DCMAKE_CXX_FLAGS_INIT:STRING=%{Qt:QML_DEBUG_FLAG}</value>
<value type="QString" key="ProjectExplorer.BuildConfiguration.BuildDirectory">C:\KGC\build\Desktop_Qt_6_5_3_MinGW_64_bit-Release</value>
<valuemap type="QVariantMap" key="ProjectExplorer.BuildConfiguration.BuildStepList.0">
<valuemap type="QVariantMap" key="ProjectExplorer.BuildStepList.Step.0">
<value type="QString" key="CMakeProjectManager.MakeStep.BuildPreset"></value>
<valuelist type="QVariantList" key="CMakeProjectManager.MakeStep.BuildTargets">
<value type="QString">all</value>
</valuelist>
<value type="bool" key="CMakeProjectManager.MakeStep.ClearSystemEnvironment">false</value>
<valuelist type="QVariantList" key="CMakeProjectManager.MakeStep.UserEnvironmentChanges"/>
<value type="bool" key="ProjectExplorer.BuildStep.Enabled">true</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.Id">CMakeProjectManager.MakeStep</value>
</valuemap>
<value type="qlonglong" key="ProjectExplorer.BuildStepList.StepsCount">1</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.DefaultDisplayName">构建</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.DisplayName">构建</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.Id">ProjectExplorer.BuildSteps.Build</value>
</valuemap>
<valuemap type="QVariantMap" key="ProjectExplorer.BuildConfiguration.BuildStepList.1">
<valuemap type="QVariantMap" key="ProjectExplorer.BuildStepList.Step.0">
<value type="QString" key="CMakeProjectManager.MakeStep.BuildPreset"></value>
<valuelist type="QVariantList" key="CMakeProjectManager.MakeStep.BuildTargets">
<value type="QString">clean</value>
</valuelist>
<value type="bool" key="CMakeProjectManager.MakeStep.ClearSystemEnvironment">false</value>
<valuelist type="QVariantList" key="CMakeProjectManager.MakeStep.UserEnvironmentChanges"/>
<value type="bool" key="ProjectExplorer.BuildStep.Enabled">true</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.Id">CMakeProjectManager.MakeStep</value>
</valuemap>
<value type="qlonglong" key="ProjectExplorer.BuildStepList.StepsCount">1</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.DefaultDisplayName">清除</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.DisplayName">清除</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.Id">ProjectExplorer.BuildSteps.Clean</value>
</valuemap>
<value type="int" key="ProjectExplorer.BuildConfiguration.BuildStepListCount">2</value>
<value type="bool" key="ProjectExplorer.BuildConfiguration.ClearSystemEnvironment">false</value>
<valuelist type="QVariantList" key="ProjectExplorer.BuildConfiguration.CustomParsers"/>
<value type="bool" key="ProjectExplorer.BuildConfiguration.ParseStandardOutput">false</value>
<valuelist type="QVariantList" key="ProjectExplorer.BuildConfiguration.UserEnvironmentChanges"/>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.DisplayName">Release</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.Id">CMakeProjectManager.CMakeBuildConfiguration</value>
</valuemap>
<valuemap type="QVariantMap" key="ProjectExplorer.Target.BuildConfiguration.2">
<value type="QString" key="CMake.Build.Type">RelWithDebInfo</value>
<value type="int" key="CMake.Configure.BaseEnvironment">2</value>
<value type="bool" key="CMake.Configure.ClearSystemEnvironment">false</value>
<valuelist type="QVariantList" key="CMake.Configure.UserEnvironmentChanges"/>
<value type="QString" key="CMake.Initial.Parameters">-DCMAKE_GENERATOR:STRING=Ninja
-DCMAKE_BUILD_TYPE:STRING=RelWithDebInfo
-DCMAKE_PROJECT_INCLUDE_BEFORE:FILEPATH=%{BuildConfig:BuildDirectory:NativeFilePath}/.qtc/package-manager/auto-setup.cmake
-DQT_QMAKE_EXECUTABLE:FILEPATH=%{Qt:qmakeExecutable}
-DCMAKE_PREFIX_PATH:PATH=%{Qt:QT_INSTALL_PREFIX}
-DCMAKE_C_COMPILER:FILEPATH=%{Compiler:Executable:C}
-DCMAKE_CXX_COMPILER:FILEPATH=%{Compiler:Executable:Cxx}
-DCMAKE_CXX_FLAGS_INIT:STRING=%{Qt:QML_DEBUG_FLAG}</value>
<value type="QString" key="ProjectExplorer.BuildConfiguration.BuildDirectory">C:\KGC\build\Desktop_Qt_6_5_3_MinGW_64_bit-RelWithDebInfo</value>
<valuemap type="QVariantMap" key="ProjectExplorer.BuildConfiguration.BuildStepList.0">
<valuemap type="QVariantMap" key="ProjectExplorer.BuildStepList.Step.0">
<value type="QString" key="CMakeProjectManager.MakeStep.BuildPreset"></value>
<valuelist type="QVariantList" key="CMakeProjectManager.MakeStep.BuildTargets">
<value type="QString">all</value>
</valuelist>
<value type="bool" key="CMakeProjectManager.MakeStep.ClearSystemEnvironment">false</value>
<valuelist type="QVariantList" key="CMakeProjectManager.MakeStep.UserEnvironmentChanges"/>
<value type="bool" key="ProjectExplorer.BuildStep.Enabled">true</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.Id">CMakeProjectManager.MakeStep</value>
</valuemap>
<value type="qlonglong" key="ProjectExplorer.BuildStepList.StepsCount">1</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.DefaultDisplayName">构建</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.DisplayName">构建</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.Id">ProjectExplorer.BuildSteps.Build</value>
</valuemap>
<valuemap type="QVariantMap" key="ProjectExplorer.BuildConfiguration.BuildStepList.1">
<valuemap type="QVariantMap" key="ProjectExplorer.BuildStepList.Step.0">
<value type="QString" key="CMakeProjectManager.MakeStep.BuildPreset"></value>
<valuelist type="QVariantList" key="CMakeProjectManager.MakeStep.BuildTargets">
<value type="QString">clean</value>
</valuelist>
<value type="bool" key="CMakeProjectManager.MakeStep.ClearSystemEnvironment">false</value>
<valuelist type="QVariantList" key="CMakeProjectManager.MakeStep.UserEnvironmentChanges"/>
<value type="bool" key="ProjectExplorer.BuildStep.Enabled">true</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.Id">CMakeProjectManager.MakeStep</value>
</valuemap>
<value type="qlonglong" key="ProjectExplorer.BuildStepList.StepsCount">1</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.DefaultDisplayName">清除</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.DisplayName">清除</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.Id">ProjectExplorer.BuildSteps.Clean</value>
</valuemap>
<value type="int" key="ProjectExplorer.BuildConfiguration.BuildStepListCount">2</value>
<value type="bool" key="ProjectExplorer.BuildConfiguration.ClearSystemEnvironment">false</value>
<valuelist type="QVariantList" key="ProjectExplorer.BuildConfiguration.CustomParsers"/>
<value type="bool" key="ProjectExplorer.BuildConfiguration.ParseStandardOutput">false</value>
<valuelist type="QVariantList" key="ProjectExplorer.BuildConfiguration.UserEnvironmentChanges"/>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.DisplayName">Release with Debug Information</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.Id">CMakeProjectManager.CMakeBuildConfiguration</value>
</valuemap>
<valuemap type="QVariantMap" key="ProjectExplorer.Target.BuildConfiguration.3">
<value type="QString" key="CMake.Build.Type">RelWithDebInfo</value>
<value type="int" key="CMake.Configure.BaseEnvironment">2</value>
<value type="bool" key="CMake.Configure.ClearSystemEnvironment">false</value>
<valuelist type="QVariantList" key="CMake.Configure.UserEnvironmentChanges"/>
<value type="QString" key="CMake.Initial.Parameters">-DCMAKE_GENERATOR:STRING=Ninja
-DCMAKE_BUILD_TYPE:STRING=RelWithDebInfo
-DCMAKE_PROJECT_INCLUDE_BEFORE:FILEPATH=%{BuildConfig:BuildDirectory:NativeFilePath}/.qtc/package-manager/auto-setup.cmake
-DQT_QMAKE_EXECUTABLE:FILEPATH=%{Qt:qmakeExecutable}
-DCMAKE_PREFIX_PATH:PATH=%{Qt:QT_INSTALL_PREFIX}
-DCMAKE_C_COMPILER:FILEPATH=%{Compiler:Executable:C}
-DCMAKE_CXX_COMPILER:FILEPATH=%{Compiler:Executable:Cxx}
-DCMAKE_CXX_FLAGS_INIT:STRING=%{Qt:QML_DEBUG_FLAG}</value>
<value type="int" key="EnableQmlDebugging">0</value>
<value type="QString" key="ProjectExplorer.BuildConfiguration.BuildDirectory">C:\KGC\build\Desktop_Qt_6_5_3_MinGW_64_bit-Profile</value>
<valuemap type="QVariantMap" key="ProjectExplorer.BuildConfiguration.BuildStepList.0">
<valuemap type="QVariantMap" key="ProjectExplorer.BuildStepList.Step.0">
<value type="QString" key="CMakeProjectManager.MakeStep.BuildPreset"></value>
<valuelist type="QVariantList" key="CMakeProjectManager.MakeStep.BuildTargets">
<value type="QString">all</value>
</valuelist>
<value type="bool" key="CMakeProjectManager.MakeStep.ClearSystemEnvironment">false</value>
<valuelist type="QVariantList" key="CMakeProjectManager.MakeStep.UserEnvironmentChanges"/>
<value type="bool" key="ProjectExplorer.BuildStep.Enabled">true</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.Id">CMakeProjectManager.MakeStep</value>
</valuemap>
<value type="qlonglong" key="ProjectExplorer.BuildStepList.StepsCount">1</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.DefaultDisplayName">构建</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.DisplayName">构建</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.Id">ProjectExplorer.BuildSteps.Build</value>
</valuemap>
<valuemap type="QVariantMap" key="ProjectExplorer.BuildConfiguration.BuildStepList.1">
<valuemap type="QVariantMap" key="ProjectExplorer.BuildStepList.Step.0">
<value type="QString" key="CMakeProjectManager.MakeStep.BuildPreset"></value>
<valuelist type="QVariantList" key="CMakeProjectManager.MakeStep.BuildTargets">
<value type="QString">clean</value>
</valuelist>
<value type="bool" key="CMakeProjectManager.MakeStep.ClearSystemEnvironment">false</value>
<valuelist type="QVariantList" key="CMakeProjectManager.MakeStep.UserEnvironmentChanges"/>
<value type="bool" key="ProjectExplorer.BuildStep.Enabled">true</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.Id">CMakeProjectManager.MakeStep</value>
</valuemap>
<value type="qlonglong" key="ProjectExplorer.BuildStepList.StepsCount">1</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.DefaultDisplayName">清除</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.DisplayName">清除</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.Id">ProjectExplorer.BuildSteps.Clean</value>
</valuemap>
<value type="int" key="ProjectExplorer.BuildConfiguration.BuildStepListCount">2</value>
<value type="bool" key="ProjectExplorer.BuildConfiguration.ClearSystemEnvironment">false</value>
<valuelist type="QVariantList" key="ProjectExplorer.BuildConfiguration.CustomParsers"/>
<value type="bool" key="ProjectExplorer.BuildConfiguration.ParseStandardOutput">false</value>
<valuelist type="QVariantList" key="ProjectExplorer.BuildConfiguration.UserEnvironmentChanges"/>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.DisplayName">Profile</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.Id">CMakeProjectManager.CMakeBuildConfiguration</value>
</valuemap>
<valuemap type="QVariantMap" key="ProjectExplorer.Target.BuildConfiguration.4">
<value type="QString" key="CMake.Build.Type">MinSizeRel</value>
<value type="int" key="CMake.Configure.BaseEnvironment">2</value>
<value type="bool" key="CMake.Configure.ClearSystemEnvironment">false</value>
<valuelist type="QVariantList" key="CMake.Configure.UserEnvironmentChanges"/>
<value type="QString" key="CMake.Initial.Parameters">-DCMAKE_GENERATOR:STRING=Ninja
-DCMAKE_BUILD_TYPE:STRING=MinSizeRel
-DCMAKE_PROJECT_INCLUDE_BEFORE:FILEPATH=%{BuildConfig:BuildDirectory:NativeFilePath}/.qtc/package-manager/auto-setup.cmake
-DQT_QMAKE_EXECUTABLE:FILEPATH=%{Qt:qmakeExecutable}
-DCMAKE_PREFIX_PATH:PATH=%{Qt:QT_INSTALL_PREFIX}
-DCMAKE_C_COMPILER:FILEPATH=%{Compiler:Executable:C}
-DCMAKE_CXX_COMPILER:FILEPATH=%{Compiler:Executable:Cxx}
-DCMAKE_CXX_FLAGS_INIT:STRING=%{Qt:QML_DEBUG_FLAG}</value>
<value type="QString" key="ProjectExplorer.BuildConfiguration.BuildDirectory">C:\KGC\build\Desktop_Qt_6_5_3_MinGW_64_bit-MinSizeRel</value>
<valuemap type="QVariantMap" key="ProjectExplorer.BuildConfiguration.BuildStepList.0">
<valuemap type="QVariantMap" key="ProjectExplorer.BuildStepList.Step.0">
<value type="QString" key="CMakeProjectManager.MakeStep.BuildPreset"></value>
<valuelist type="QVariantList" key="CMakeProjectManager.MakeStep.BuildTargets">
<value type="QString">all</value>
</valuelist>
<value type="bool" key="CMakeProjectManager.MakeStep.ClearSystemEnvironment">false</value>
<valuelist type="QVariantList" key="CMakeProjectManager.MakeStep.UserEnvironmentChanges"/>
<value type="bool" key="ProjectExplorer.BuildStep.Enabled">true</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.Id">CMakeProjectManager.MakeStep</value>
</valuemap>
<value type="qlonglong" key="ProjectExplorer.BuildStepList.StepsCount">1</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.DefaultDisplayName">构建</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.DisplayName">构建</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.Id">ProjectExplorer.BuildSteps.Build</value>
</valuemap>
<valuemap type="QVariantMap" key="ProjectExplorer.BuildConfiguration.BuildStepList.1">
<valuemap type="QVariantMap" key="ProjectExplorer.BuildStepList.Step.0">
<value type="QString" key="CMakeProjectManager.MakeStep.BuildPreset"></value>
<valuelist type="QVariantList" key="CMakeProjectManager.MakeStep.BuildTargets">
<value type="QString">clean</value>
</valuelist>
<value type="bool" key="CMakeProjectManager.MakeStep.ClearSystemEnvironment">false</value>
<valuelist type="QVariantList" key="CMakeProjectManager.MakeStep.UserEnvironmentChanges"/>
<value type="bool" key="ProjectExplorer.BuildStep.Enabled">true</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.Id">CMakeProjectManager.MakeStep</value>
</valuemap>
<value type="qlonglong" key="ProjectExplorer.BuildStepList.StepsCount">1</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.DefaultDisplayName">清除</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.DisplayName">清除</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.Id">ProjectExplorer.BuildSteps.Clean</value>
</valuemap>
<value type="int" key="ProjectExplorer.BuildConfiguration.BuildStepListCount">2</value>
<value type="bool" key="ProjectExplorer.BuildConfiguration.ClearSystemEnvironment">false</value>
<valuelist type="QVariantList" key="ProjectExplorer.BuildConfiguration.CustomParsers"/>
<value type="bool" key="ProjectExplorer.BuildConfiguration.ParseStandardOutput">false</value>
<valuelist type="QVariantList" key="ProjectExplorer.BuildConfiguration.UserEnvironmentChanges"/>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.DisplayName">Minimum Size Release</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.Id">CMakeProjectManager.CMakeBuildConfiguration</value>
</valuemap>
<value type="qlonglong" key="ProjectExplorer.Target.BuildConfigurationCount">5</value>
<valuemap type="QVariantMap" key="ProjectExplorer.Target.DeployConfiguration.0">
<valuemap type="QVariantMap" key="ProjectExplorer.BuildConfiguration.BuildStepList.0">
<value type="qlonglong" key="ProjectExplorer.BuildStepList.StepsCount">0</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.DefaultDisplayName">部署</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.DisplayName">部署</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.Id">ProjectExplorer.BuildSteps.Deploy</value>
</valuemap>
<value type="int" key="ProjectExplorer.BuildConfiguration.BuildStepListCount">1</value>
<valuemap type="QVariantMap" key="ProjectExplorer.DeployConfiguration.CustomData"/>
<value type="bool" key="ProjectExplorer.DeployConfiguration.CustomDataEnabled">false</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.Id">ProjectExplorer.DefaultDeployConfiguration</value>
</valuemap>
<value type="qlonglong" key="ProjectExplorer.Target.DeployConfigurationCount">1</value>
<valuemap type="QVariantMap" key="ProjectExplorer.Target.RunConfiguration.0">
<value type="bool" key="Analyzer.Perf.Settings.UseGlobalSettings">true</value>
<value type="bool" key="Analyzer.QmlProfiler.Settings.UseGlobalSettings">true</value>
<value type="int" key="Analyzer.Valgrind.Callgrind.CostFormat">0</value>
<value type="bool" key="Analyzer.Valgrind.Settings.UseGlobalSettings">true</value>
<valuelist type="QVariantList" key="CustomOutputParsers"/>
<value type="int" key="PE.EnvironmentAspect.Base">2</value>
<valuelist type="QVariantList" key="PE.EnvironmentAspect.Changes"/>
<value type="bool" key="PE.EnvironmentAspect.PrintOnRun">false</value>
<value type="QString" key="PerfRecordArgsId">-e cpu-cycles --call-graph &quot;dwarf,4096&quot; -F 250</value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.DisplayName"></value>
<value type="QString" key="ProjectExplorer.ProjectConfiguration.Id">ProjectExplorer.CustomExecutableRunConfiguration</value>
<value type="QString" key="ProjectExplorer.RunConfiguration.BuildKey"></value>
<value type="bool" key="ProjectExplorer.RunConfiguration.Customized">false</value>
<value type="bool" key="RunConfiguration.UseCppDebuggerAuto">true</value>
<value type="bool" key="RunConfiguration.UseQmlDebuggerAuto">true</value>
</valuemap>
<value type="qlonglong" key="ProjectExplorer.Target.RunConfigurationCount">1</value>
</valuemap>
</data>
<data>
<variable>ProjectExplorer.Project.TargetCount</variable>
<value type="qlonglong">1</value>
</data>
<data>
<variable>ProjectExplorer.Project.Updater.FileVersion</variable>
<value type="int">22</value>
</data>
<data>
<variable>Version</variable>
<value type="int">22</value>
</data>
</qtcreator>

61
CMakeSettings.json Normal file
View File

@ -0,0 +1,61 @@
{
"configurations": [
{
"name": "x64-Debug",
"generator": "Ninja",
"configurationType": "Debug",
"inheritEnvironments": [ "msvc_x64_x64" ],
"buildRoot": "${projectDir}\\out\\build\\${name}",
"installRoot": "${projectDir}\\out\\install\\${name}",
"cmakeCommandArgs": "",
"buildCommandArgs": "",
"ctestCommandArgs": ""
},
{
"name": "x86-Debug",
"generator": "Ninja",
"configurationType": "Debug",
"buildRoot": "${projectDir}\\out\\build\\${name}",
"installRoot": "${projectDir}\\out\\install\\${name}",
"cmakeCommandArgs": "",
"buildCommandArgs": "",
"ctestCommandArgs": "",
"inheritEnvironments": [ "msvc_x86" ]
},
{
"name": "Mingw64-Release",
"generator": "Ninja",
"configurationType": "RelWithDebInfo",
"buildRoot": "${projectDir}\\out\\build\\${name}",
"installRoot": "${projectDir}\\out\\install\\${name}",
"cmakeCommandArgs": "",
"buildCommandArgs": "-v",
"ctestCommandArgs": "",
"inheritEnvironments": [ "mingw_64" ],
"environments": [
{
"MINGW64_ROOT": "C:/msys64/mingw64",
"BIN_ROOT": "${env.MINGW64_ROOT}/bin",
"FLAVOR": "x86_64-w64-mingw32",
"TOOLSET_VERSION": "9.1.0",
"PATH": "${env.MINGW64_ROOT}/bin;${env.MINGW64_ROOT}/../usr/local/bin;${env.MINGW64_ROOT}/../usr/bin;${env.MINGW64_ROOT}/../bin;${env.PATH}",
"INCLUDE": "${env.INCLUDE};${env.MINGW64_ROOT}/include/c++/${env.TOOLSET_VERSION};${env.MINGW64_ROOT}/include/c++/${env.TOOLSET_VERSION}/tr1;${env.MINGW64_ROOT}/include/c++/${env.TOOLSET_VERSION}/${env.FLAVOR}",
"environment": "mingw_64"
}
],
"variables": [
{
"name": "CMAKE_C_COMPILER",
"value": "${env.BIN_ROOT}/gcc.exe",
"type": "STRING"
},
{
"name": "CMAKE_CXX_COMPILER",
"value": "${env.BIN_ROOT}/g++.exe",
"type": "STRING"
}
],
"intelliSenseMode": "linux-gcc-x64"
}
]
}

69
ecurve.cpp Normal file
View File

@ -0,0 +1,69 @@
#include "ecurve.h"
// 使用的椭圆曲线(SECP256K1)公开参数
char Q[] = "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F"; // 有限域的模q
char A[] = "0000000000000000000000000000000000000000000000000000000000000000"; // 曲线方程系数a
char B[] = "0000000000000000000000000000000000000000000000000000000000000007"; // 曲线方程系数b
char X[] = "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798"; // 基点P的x坐标
char Y[] = "483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8"; // 基点P的y坐标
char P_N[] = "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141"; // 基点P的阶令nP=O的最小整数
bool setupEcurve(ECC_PARAMS *params)
{
// 初始化变量
(*params).a = mirvar(0);
(*params).b = mirvar(0);
(*params).q = mirvar(0);
(*params).p = mirvar(0);
(*params).P_x = mirvar(0);
(*params).P_y = mirvar(0);
(*params).P = epoint_init();
// 赋值
cinstr((*params).a, A);
cinstr((*params).b, B);
cinstr((*params).q, Q);
cinstr((*params).p, P_N);
cinstr((*params).P_x, X);
cinstr((*params).P_y, Y);
// 椭圆曲线方程初始化
ecurve_init((*params).a, (*params).b, (*params).q, MR_PROJECTIVE);
// 设置点坐标(P_x,P_y)为点P此函数同时能判断P是否在上面初始化成功的椭圆曲线上
if (!epoint_set((*params).P_x, (*params).P_y, 0, (*params).P))
{
freeEcurve(params);
return false;
}
// 判断P是否是阶为p的基点判断依据基点乘以阶为无穷远点
bool bRv = false;
epoint *P_test = epoint_init();
ecurve_mult((*params).p, (*params).P, P_test);
if (point_at_infinity(P_test))
{
bRv = true;
}
else
{
freeEcurve(params);
bRv = false;
}
epoint_free(P_test);
return bRv;
}
void freeEcurve(ECC_PARAMS *params)
{
mirkill((*params).a);
mirkill((*params).b);
mirkill((*params).q);
mirkill((*params).p);
mirkill((*params).P_x);
mirkill((*params).P_y);
epoint_free((*params).P);
}

25
ecurve.h Normal file
View File

@ -0,0 +1,25 @@
#ifndef __ECURVE_H__
#define __ECURVE_H__
extern "C"
{
#include "miracl.h"
#include "mirdef.h"
}
typedef struct ecc_params
{
big a; // 椭圆曲线方程系数a
big b; // 椭圆曲线方程系数b
big q; // 模
big p; // 阶
big P_x; // 基点横坐标
big P_y; // 基点纵坐标
epoint *P; // 基点
} ECC_PARAMS;
bool setupEcurve(ECC_PARAMS *params);
void freeEcurve(ECC_PARAMS *params);
#endif // ecurve.h

8
generator_cgo/.idea/.gitignore vendored Normal file
View File

@ -0,0 +1,8 @@
# Default ignored files
/shelf/
/workspace.xml
# Editor-based HTTP Client requests
/httpRequests/
# Datasource local storage ignored files
/dataSources/
/dataSources.local.xml

1
generator_cgo/.idea/.name Normal file
View File

@ -0,0 +1 @@
main.go

9
generator_cgo/.idea/cgo.iml Normal file
View File

@ -0,0 +1,9 @@
<?xml version="1.0" encoding="UTF-8"?>
<module type="WEB_MODULE" version="4">
<component name="Go" enabled="true" />
<component name="NewModuleRootManager">
<content url="file://$MODULE_DIR$" />
<orderEntry type="inheritedJdk" />
<orderEntry type="sourceFolder" forTests="false" />
</component>
</module>

8
generator_cgo/.idea/modules.xml Normal file
View File

@ -0,0 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="ProjectModuleManager">
<modules>
<module fileurl="file://$PROJECT_DIR$/.idea/cgo.iml" filepath="$PROJECT_DIR$/.idea/cgo.iml" />
</modules>
</component>
</project>

18
generator_cgo/.vscode/tasks.json vendored Normal file
View File

@ -0,0 +1,18 @@
{
"version": "2.0.0",
"tasks": [
{
"type": "go",
"label": "go: build package",
"command": "build",
"args": [
"${fileDirname}"
],
"problemMatcher": [
"$go"
],
"group": "build",
"detail": "cd c:\\Users\\25761\\Desktop\\cgo; go build ${fileDirname}"
}
]
}

3
generator_cgo/go.mod Normal file
View File

@ -0,0 +1,3 @@
module example.com/m/v2
go 1.20

0
generator_cgo/go.sum Normal file
View File

451
generator_cgo/include/big.h Normal file
View File

@ -0,0 +1,451 @@
/***************************************************************************
*
Copyright 2013 CertiVox UK Ltd. *
*
This file is part of CertiVox MIRACL Crypto SDK. *
*
The CertiVox MIRACL Crypto SDK provides developers with an *
extensive and efficient set of cryptographic functions. *
For further information about its features and functionalities please *
refer to http://www.certivox.com *
*
* The CertiVox MIRACL Crypto SDK is free software: you can *
redistribute it and/or modify it under the terms of the *
GNU Affero General Public License as published by the *
Free Software Foundation, either version 3 of the License, *
or (at your option) any later version. *
*
* The CertiVox MIRACL Crypto SDK is distributed in the hope *
that it will be useful, but WITHOUT ANY WARRANTY; without even the *
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
See the GNU Affero General Public License for more details. *
*
* You should have received a copy of the GNU Affero General Public *
License along with CertiVox MIRACL Crypto SDK. *
If not, see <http://www.gnu.org/licenses/>. *
*
You can be released from the requirements of the license by purchasing *
a commercial license. Buying such a license is mandatory as soon as you *
develop commercial activities involving the CertiVox MIRACL Crypto SDK *
without disclosing the source code of your own applications, or shipping *
the CertiVox MIRACL Crypto SDK with a closed source product. *
*
***************************************************************************/
/*
*
* MIRACL C++ Header file big.h
*
* AUTHOR : N.Coghlan
* Modified by M.Scott
*
* PURPOSE : Definition of class Big
*
* Bigs are normally created on the heap, but by defining BIGS=m
* on the compiler command line, Bigs are instead mostly created from the
* stack. Note that m must be same or less than the n in the main program
* with for example
*
* Miracl precison(n,0);
*
* where n is the (fixed) size in words of each Big.
*
* This may be faster, as C++ tends to create and destroy lots of
* temporaries. Especially recommended if m is small. Do not use
* for program development
*
* However Bigs created from a string are always allocated from the heap.
* This is useful for creating large read-only constants which are larger
* than m.
*
* NOTE:- I/O conversion
*
* To convert a hex character string to a Big
*
* Big x;
* char c[100];
*
* mip->IOBASE=16;
* x=c;
*
* To convert a Big to a hex character string
*
* mip->IOBASE=16;
* c << x;
*
* To convert to/from pure binary, see the from_binary()
* and to_binary() friend functions.
*
* int len;
* char c[100];
* ...
* Big x=from_binary(len,c); // creates Big x from len bytes of binary in c
*
* len=to_binary(x,100,c,FALSE); // converts Big x to len bytes binary in c[100]
* len=to_binary(x,100,c,TRUE); // converts Big x to len bytes binary in c[100]
* // (right justified with leading zeros)
*/
#ifndef BIG_H
#define BIG_H
#include <cstdlib>
//#include <cmath>
#include <cstdio>
#include "mirdef.h"
#ifdef MR_CPP
#include "miracl.h"
#else
extern "C"
{
#include "miracl.h"
}
#endif
#ifndef MR_NO_STANDARD_IO
#include <iostream>
using std::istream;
using std::ostream;
#endif
#ifndef MIRACL_CLASS
#define MIRACL_CLASS
#ifdef __cplusplus
#ifdef MR_GENERIC_MT
#error "The generic method isn't supported for C++, its C only"
#endif
#endif
class Miracl
{ /* dummy class to initialise MIRACL - MUST be called before any Bigs *
* are created. This could be a problem for static/global data declared *
* in modules other than the main module */
miracl *mr;
public:
Miracl(int nd,mr_small nb=0)
{mr=mirsys(nd,nb);
#ifdef MR_FLASH
mr->RPOINT=TRUE;
#endif
}
miracl *operator&() {return mr;}
~Miracl() {mirexit();}
};
#endif
/*
#ifdef BIGS
#define MR_INIT_BIG memset(mem,0,mr_big_reserve(1,BIGS)); fn=(big)mirvar_mem_variable(mem,0,BIGS);
#else
#define MR_INIT_BIG mem=(char *)memalloc(1); fn=(big)mirvar_mem(mem,0);
#endif
*/
#ifdef BIGS
#define MR_INIT_BIG fn=&b; b.w=a; b.len=0; for (int i=0;i<BIGS;i++) a[i]=0;
#else
#define MR_INIT_BIG fn=mirvar(0);
#endif
class Big
{
big fn;
/*
#ifdef BIGS
char mem[mr_big_reserve(1,BIGS)];
#else
char *mem;
#endif
*/
#ifdef BIGS
mr_small a[BIGS];
bigtype b;
#endif
public:
Big() {MR_INIT_BIG }
Big(int j) {MR_INIT_BIG convert(j,fn); }
Big(unsigned int j) {MR_INIT_BIG uconvert(j,fn); }
Big(long lg) {MR_INIT_BIG lgconv(lg,fn);}
Big(unsigned long lg) {MR_INIT_BIG ulgconv(lg,fn);}
#ifdef MR_UTYPE_NOT_INT_OR_LONG
Big(mr_utype ut) {MR_INIT_BIG tconvert(ut,fn);}
#endif
#ifdef mr_dltype
#ifndef MR_DLTYPE_IS_INT
#ifndef MR_DLTYPE_IS_LONG
Big(mr_dltype dl) {MR_INIT_BIG dlconv(dl,fn);}
#endif
#endif
#endif
#ifndef MR_SIMPLE_IO
#ifdef MR_SIMPLE_BASE
Big(char* s) {MR_INIT_BIG instr(fn,s);}
#else
Big(char* s) {MR_INIT_BIG cinstr(fn,s);}
#endif
#endif
Big(big& c) {MR_INIT_BIG copy(c,fn);}
Big(const Big& c) {MR_INIT_BIG copy(c.fn,fn);}
Big(big* c) { fn=*c; }
Big& operator=(int i) {convert(i,fn); return *this;}
Big& operator=(long lg){lgconv(lg,fn); return *this;}
#ifdef MR_UTYPE_NOT_INT_OR_LONG
Big& operator=(mr_utype ut){tconvert(ut,fn); return *this;}
#endif
#ifdef mr_dltype
#ifndef MR_DLTYPE_IS_INT
#ifndef MR_DLTYPE_IS_LONG
Big& operator=(mr_dltype dl){dlconv(dl,fn); return *this;}
#endif
#endif
#endif
Big& operator=(mr_small s) {fn->len=1; fn->w[0]=s; return *this;}
Big& operator=(const Big& b) {copy(b.fn,fn); return *this;}
Big& operator=(big& b) {copy(b,fn); return *this;}
Big& operator=(big* b) {fn=*b; return *this;}
#ifndef MR_SIMPLE_IO
#ifdef MR_SIMPLE_BASE
Big& operator=(char* s){instr(fn,s);return *this;}
#else
Big& operator=(char* s){cinstr(fn,s);return *this;}
#endif
#endif
Big& operator++() {incr(fn,1,fn); return *this;}
Big& operator--() {decr(fn,1,fn); return *this;}
Big& operator+=(int i) {incr(fn,i,fn); return *this;}
Big& operator+=(const Big& b){add(fn,b.fn,fn); return *this;}
Big& operator-=(int i) {decr(fn,i,fn); return *this;}
Big& operator-=(const Big& b) {subtract(fn,b.fn,fn); return *this;}
Big& operator*=(int i) {premult(fn,i,fn); return *this;}
Big& operator*=(const Big& b) {multiply(fn,b.fn,fn); return *this;}
Big& operator/=(int i) {subdiv(fn,i,fn); return *this;}
Big& operator/=(const Big& b) {divide(fn,b.fn,fn); return *this;}
Big& operator%=(int i) {convert(subdiv(fn,i,fn),fn); return *this;}
Big& operator%=(const Big& b) {divide(fn,b.fn,b.fn); return *this;}
Big& operator<<=(int i) {sftbit(fn,i,fn); return *this;}
Big& operator>>=(int i) {sftbit(fn,-i,fn); return *this;}
Big& shift(int n) {mr_shift(fn,n,fn); return *this;}
mr_small& operator[](int i) {return fn->w[i];}
void negate() const;
BOOL iszero() const;
BOOL isone() const;
int get(int index) { int m; m=getdig(fn,index); return m; }
void set(int index,int n) { putdig(n,fn,index);}
int len() const;
big getbig() const;
friend class Flash;
friend Big operator-(const Big&);
friend Big operator+(const Big&,int);
friend Big operator+(int,const Big&);
friend Big operator+(const Big&,const Big&);
friend Big operator-(const Big&, int);
friend Big operator-(int,const Big&);
friend Big operator-(const Big&,const Big&);
friend Big operator*(const Big&, int);
friend Big operator*(int,const Big&);
friend Big operator*(const Big&,const Big&);
friend BOOL fmth(int n,const Big&,const Big&,Big&); // fast mult - top half
friend Big operator/(const Big&,int);
friend Big operator/(const Big&,const Big&);
friend int operator%(const Big&, int);
friend Big operator%(const Big&, const Big&);
friend Big operator<<(const Big&, int);
friend Big operator>>(const Big&, int);
friend BOOL operator<=(const Big& b1,const Big& b2)
{if (mr_compare(b1.fn,b2.fn)<=0) return TRUE; else return FALSE;}
friend BOOL operator>=(const Big& b1,const Big& b2)
{if (mr_compare(b1.fn,b2.fn)>=0) return TRUE; else return FALSE;}
friend BOOL operator==(const Big& b1,const Big& b2)
{if (mr_compare(b1.fn,b2.fn)==0) return TRUE; else return FALSE;}
friend BOOL operator!=(const Big& b1,const Big& b2)
{if (mr_compare(b1.fn,b2.fn)!=0) return TRUE; else return FALSE;}
friend BOOL operator<(const Big& b1,const Big& b2)
{if (mr_compare(b1.fn,b2.fn)<0) return TRUE; else return FALSE;}
friend BOOL operator>(const Big& b1,const Big& b2)
{if (mr_compare(b1.fn,b2.fn)>0) return TRUE; else return FALSE;}
friend Big from_binary(int,char *);
friend int to_binary(const Big& b,int max,char *ptr,BOOL justify=FALSE)
{
return big_to_bytes(max,b.fn,ptr,justify);
}
//friend int to_binary(const Big&,int,char *,BOOL justify=FALSE);
friend Big modmult(const Big&,const Big&,const Big&);
friend Big mad(const Big&,const Big&,const Big&,const Big&,Big&);
friend Big norm(const Big&);
friend Big sqrt(const Big&);
friend Big root(const Big&,int);
friend Big gcd(const Big&,const Big&);
friend void set_zzn3(int cnr,Big& sru) {get_mip()->cnr=cnr; nres(sru.fn,get_mip()->sru);}
friend int recode(const Big& e,int t,int w,int i) {return recode(e.fn,t,w,i);}
#ifndef MR_FP
friend Big land(const Big&,const Big&); // logical AND
friend Big lxor(const Big&,const Big&); // logical XOR
#endif
friend Big pow(const Big&,int); // x^m
friend Big pow(const Big&, int, const Big&); // x^m mod n
friend Big pow(int, const Big&, const Big&); // x^m mod n
friend Big pow(const Big&, const Big&, const Big&); // x^m mod n
friend Big pow(const Big&, const Big&, const Big&, const Big&, const Big&);
// x^m.y^k mod n
friend Big pow(int,Big *,Big *,Big); // x[0]^m[0].x[1].m[1]... mod n
friend Big luc(const Big& b1,const Big& b2, const Big& b3, Big *b4=NULL)
{
Big z; if (b4!=NULL) lucas(b1.fn,b2.fn,b3.fn,b4->fn,z.fn);
else lucas(b1.fn,b2.fn,b3.fn,z.fn,z.fn);
return z;
}
//friend Big luc(const Big& ,const Big&, const Big&, Big *b4=NULL);
friend Big moddiv(const Big&,const Big&,const Big&);
friend Big inverse(const Big&, const Big&);
friend void multi_inverse(int,Big*,const Big&,Big *);
#ifndef MR_NO_RAND
friend Big rand(const Big&); // 0 < rand < parameter
friend Big rand(int,int); // (digits,base) e.g. (32,16)
friend Big randbits(int); // n random bits
friend Big strong_rand(csprng *,const Big&);
friend Big strong_rand(csprng *,int,int);
#endif
friend Big abs(const Big&);
// This next only works if MIRACL is using a binary base...
friend int bit(const Big& b,int i) {return mr_testbit(b.fn,i);}
friend int bits(const Big& b) {return logb2(b.fn);}
friend int ham(const Big& b) {return hamming(b.fn);}
friend int jacobi(const Big& b1,const Big& b2) {return jack(b1.fn,b2.fn);}
friend int toint(const Big& b) {return size(b.fn);}
friend BOOL prime(const Big& b) {return isprime(b.fn);}
friend Big nextprime(const Big&);
friend Big nextsafeprime(int type,int subset,const Big&);
friend Big trial_divide(const Big& b);
friend BOOL small_factors(const Big& b);
friend BOOL perfect_power(const Big& b);
friend Big sqrt(const Big&,const Big&);
friend void ecurve(const Big&,const Big&,const Big&,int);
friend BOOL ecurve2(int,int,int,int,const Big&,const Big&,BOOL,int);
friend BOOL is_on_curve(const Big&);
friend void modulo(const Big&);
friend BOOL modulo(int,int,int,int,BOOL);
friend Big get_modulus(void);
friend int window(const Big& x,int i,int* nbs,int *nzs,int window_size=5)
{
return mr_window(x.fn,i,nbs,nzs,window_size);
}
//friend int window(const Big&,int,int*,int*,int window_size=5);
friend int naf_window(const Big& x,const Big& x3,int i,int* nbs,int* nzs,int store=11)
{
return mr_naf_window(x.fn,x3.fn,i,nbs,nzs,store);
}
//friend int naf_window(const Big&,const Big&,int,int*,int*,int store=11);
friend void jsf(const Big&,const Big&,Big&,Big&,Big&,Big&);
/* Montgomery stuff */
friend Big nres(const Big&);
friend Big redc(const Big&);
/*
friend Big nres_negate(const Big&);
friend Big nres_modmult(const Big&,const Big&);
friend Big nres_premult(const Big&,int);
friend Big nres_pow(const Big&,const Big&);
friend Big nres_pow2(const Big&,const Big&,const Big&,const Big&);
friend Big nres_pown(int,Big *,Big *);
friend Big nres_luc(const Big&,const Big&,Big *b3=NULL);
friend Big nres_sqrt(const Big&);
friend Big nres_modadd(const Big&,const Big&);
friend Big nres_modsub(const Big&,const Big&);
friend Big nres_moddiv(const Big&,const Big&);
*/
/* these are faster.... */
/*
friend void nres_modmult(Big& a,const Big& b,Big& c)
{nres_modmult(a.fn,b.fn,c.fn);}
friend void nres_modadd(Big& a,const Big& b,Big& c)
{nres_modadd(a.fn,b.fn,c.fn);}
friend void nres_modsub(Big& a,const Big& b,Big& c)
{nres_modsub(a.fn,b.fn,c.fn);}
friend void nres_negate(Big& a,Big& b)
{nres_negate(a.fn,b.fn);}
friend void nres_premult(Big& a,int b,Big& c)
{nres_premult(a.fn,b,c.fn);}
friend void nres_moddiv(Big & a,const Big& b,Big& c)
{nres_moddiv(a.fn,b.fn,c.fn);}
*/
friend Big shift(const Big&b,int n);
friend int length(const Big&b);
/* Note that when inputting text as a number the CR is NOT *
* included in the text, unlike C I/O which does include CR. */
#ifndef MR_NO_STANDARD_IO
friend istream& operator>>(istream&, Big&);
friend ostream& operator<<(ostream&, const Big&);
friend ostream& otfloat(ostream&,const Big&,int);
#endif
// output Big to a String
friend char * operator<<(char * s,const Big&);
~Big() {
// zero(fn);
#ifndef BIGS
mr_free(fn);
#endif
}
};
extern BOOL modulo(int,int,int,int,BOOL);
extern Big get_modulus(void);
extern Big rand(int,int);
extern Big strong_rand(csprng *,int,int);
extern Big from_binary(int,char *);
//extern int to_binary(const Big&,int,char *,BOOL);
using namespace std;
#endif

36
generator_cgo/include/brick.h Normal file
View File

@ -0,0 +1,36 @@
/*
* MIRACL C++ Header file brick.h
*
* AUTHOR : M. Scott
*
* PURPOSE : Definition of class Brick
* Comb method for fast exponentiation with
* precomputation
* NOTE : Must be used in conjunction with big.cpp
*
*/
#ifndef BRICK_H
#define BRICK_H
#include "big.h"
class Brick
{
BOOL created;
brick b;
public:
Brick(Big g,Big n,int window,int nb)
{brick_init(&b,g.getbig(),n.getbig(),window,nb); created=TRUE;}
Brick(brick *bb) { b=*bb; created=FALSE; }
brick *get(void) {return &b;}
Big pow(Big &e) {Big w; pow_brick(&b,e.getbig(),w.getbig()); return w;}
~Brick() {if (created) brick_end(&b);}
};
#endif

39
generator_cgo/include/crt.h Normal file
View File

@ -0,0 +1,39 @@
/*
* MIRACL C++ Header file crt.h
*
* AUTHOR : M. Scott
*
* PURPOSE : Definition of class Crt (Chinese Remainder Thereom)
* NOTE : Must be used in conjunction with big.cpp
* Can be used with either Big or utype moduli
*/
#ifndef CRT_H
#define CRT_H
#include "big.h"
#define MR_CRT_BIG 0
#define MR_CRT_SMALL 1
class Crt
{
big_chinese bc;
small_chinese sc;
int type;
public:
Crt(int,Big *);
Crt(int,mr_utype *);
Big eval(Big *);
Big eval(mr_utype *);
~Crt()
{ /* destructor */
if (type==MR_CRT_BIG) crt_end(&bc);
if (type==MR_CRT_SMALL) scrt_end(&sc);
}
};
#endif

37
generator_cgo/include/ebrick.h Normal file
View File

@ -0,0 +1,37 @@
/*
* MIRACL C++ Header file ebrick.h
*
* AUTHOR : M. Scott
*
* PURPOSE : Definition of class EBrick
* Brickell et al's method for fast exponentiation with
* precomputation - elliptic curve version GF(p)
* NOTE : Must be used in conjunction with big.cpp
*
*/
#ifndef EBRICK_H
#define EBRICK_H
#include "big.h"
class EBrick
{
BOOL created;
ebrick B;
public:
EBrick(Big x,Big y,Big a,Big b,Big n,int window,int nb)
{ebrick_init(&B,x.getbig(),y.getbig(),a.getbig(),b.getbig(),n.getbig(),window,nb);
created=TRUE;}
EBrick(ebrick *b) {B=*b; created=FALSE;} /* set structure */
ebrick *get(void) {return &B;} /* get address of structure */
int mul(Big &e,Big &x,Big &y) {int d=mul_brick(&B,e.getbig(),x.getbig(),y.getbig()); return d;}
~EBrick() {if (created) ebrick_end(&B);}
};
#endif

36
generator_cgo/include/ebrick2.h Normal file
View File

@ -0,0 +1,36 @@
/*
* MIRACL C++ Header file ebrick2.h
*
* AUTHOR : M. Scott
*
* PURPOSE : Definition of class EBrick2
* Brickell et al's method for fast exponentiation with
* precomputation - elliptic curve version GF(2^m)
* NOTE : Must be used in conjunction with big.cpp
*/
#ifndef EBRICK2_H
#define EBRICK2_H
#include "big.h"
class EBrick2
{
BOOL created;
ebrick2 B;
public:
EBrick2(Big x,Big y,Big a2,Big a6,int m,int a,int b,int c,int window,int nb)
{ebrick2_init(&B,x.getbig(),y.getbig(),a2.getbig(),a6.getbig(),m,a,b,c,window,nb);
created=TRUE;}
EBrick2(ebrick2 *b) {B=*b; created=FALSE;} /* set structure */
ebrick2 *get(void) {return &B;} /* get address of structure */
int mul(Big &e,Big &x,Big &y) {int d=mul2_brick(&B,e.getbig(),x.getbig(),y.getbig()); return d;}
~EBrick2() {if (created) ebrick2_end(&B);}
};
#endif

146
generator_cgo/include/ec2.h Normal file
View File

@ -0,0 +1,146 @@
/***************************************************************************
*
Copyright 2013 CertiVox UK Ltd. *
*
This file is part of CertiVox MIRACL Crypto SDK. *
*
The CertiVox MIRACL Crypto SDK provides developers with an *
extensive and efficient set of cryptographic functions. *
For further information about its features and functionalities please *
refer to http://www.certivox.com *
*
* The CertiVox MIRACL Crypto SDK is free software: you can *
redistribute it and/or modify it under the terms of the *
GNU Affero General Public License as published by the *
Free Software Foundation, either version 3 of the License, *
or (at your option) any later version. *
*
* The CertiVox MIRACL Crypto SDK is distributed in the hope *
that it will be useful, but WITHOUT ANY WARRANTY; without even the *
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
See the GNU Affero General Public License for more details. *
*
* You should have received a copy of the GNU Affero General Public *
License along with CertiVox MIRACL Crypto SDK. *
If not, see <http://www.gnu.org/licenses/>. *
*
You can be released from the requirements of the license by purchasing *
a commercial license. Buying such a license is mandatory as soon as you *
develop commercial activities involving the CertiVox MIRACL Crypto SDK *
without disclosing the source code of your own applications, or shipping *
the CertiVox MIRACL Crypto SDK with a closed source product. *
*
***************************************************************************/
/*
* MIRACL C++ Header file ec2.h
*
* AUTHOR : M. Scott
*
* PURPOSE : Definition of class EC2 (Arithmetic on an Elliptic Curve,
* over GF(2^m)
*
* NOTE : Must be used in conjunction with ec2.cpp and big.cpp
* The active curve is set dynamically (via the Big ecurve2()
* routine) - so beware the pitfalls implicit in declaring
* static or global EC2's (which are initialised before the
* curve is set!). Uninitialised data is OK
*/
#ifndef EC2_H
#define EC2_H
#include <cstring>
#include "big.h"
#ifdef GF2MS
#define MR_INIT_EC2 memset(mem,0,mr_ecp_reserve(1,GF2MS)); p=(epoint *)epoint_init_mem_variable(mem,0,GF2MS);
#else
#define MR_INIT_EC2 mem=(char *)ecp_memalloc(1); p=(epoint *)epoint_init_mem(mem,0);
#endif
class EC2
{
epoint *p;
#ifdef GF2MS
char mem[mr_ecp_reserve(1,GF2MS)];
#else
char *mem;
#endif
public:
EC2() { MR_INIT_EC2}
EC2(const Big &x,const Big& y) {MR_INIT_EC2
epoint2_set(x.getbig(),y.getbig(),0,p); }
// This next constructor restores a point on the curve from "compressed"
// data, that is the full x co-ordinate, and the LSB of y/x (0 or 1)
EC2(const Big& x,int cb) {MR_INIT_EC2
epoint2_set(x.getbig(),x.getbig(),cb,p); }
EC2(const EC2 &b) {MR_INIT_EC2 epoint2_copy(b.p,p);}
epoint *get_point() const;
EC2& operator=(const EC2& b) {epoint2_copy(b.p,p);return *this;}
EC2& operator+=(const EC2& b) {ecurve2_add(b.p,p); return *this;}
EC2& operator-=(const EC2& b) {ecurve2_sub(b.p,p); return *this;}
// Multiplication of a point by an integer.
EC2& operator*=(const Big& k) {ecurve2_mult(k.getbig(),p,p); return *this;}
big add(const EC2& b) {return ecurve2_add(b.p,p); }
// returns line slope as a big
big sub(const EC2& b) {return ecurve2_sub(b.p,p); }
void clear() {epoint2_set(NULL,NULL,0,p);}
BOOL set(const Big& x,const Big& y) {return epoint2_set(x.getbig(),y.getbig(),0,p);}
int get(Big& x,Big& y) const;
BOOL iszero() const;
// This gets the point in compressed form. Return value is LSB of y-coordinate
int get(Big& x) const;
void getx(Big &x) const;
void getxy(Big &x,Big& y) const;
void getxyz(Big &x,Big &y,Big& z) const;
// point compression
// This sets the point from compressed form. cb is LSB of y/x
BOOL set(const Big& x,int cb=0) {return epoint2_set(x.getbig(),x.getbig(),cb,p);}
friend EC2 operator-(const EC2&);
friend void multi_add(int,EC2 *,EC2 *);
friend EC2 mul(const Big&, const EC2&, const Big&, const EC2&);
friend EC2 mul(int, const Big *, EC2 *);
friend void normalise(EC2 &e) {epoint2_norm(e.p);}
friend BOOL operator==(const EC2& a,const EC2& b)
{return epoint2_comp(a.p,b.p);}
friend BOOL operator!=(const EC2& a,const EC2& b)
{return (!epoint2_comp(a.p,b.p));}
friend EC2 operator*(const Big &,const EC2&);
#ifndef MR_NO_STANDARD_IO
friend ostream& operator<<(ostream&,const EC2&);
#endif
~EC2()
{
#ifndef GF2MS
mr_free(mem);
#endif
}
};
#endif

159
generator_cgo/include/ecn.h Normal file
View File

@ -0,0 +1,159 @@
/***************************************************************************
*
Copyright 2013 CertiVox UK Ltd. *
*
This file is part of CertiVox MIRACL Crypto SDK. *
*
The CertiVox MIRACL Crypto SDK provides developers with an *
extensive and efficient set of cryptographic functions. *
For further information about its features and functionalities please *
refer to http://www.certivox.com *
*
* The CertiVox MIRACL Crypto SDK is free software: you can *
redistribute it and/or modify it under the terms of the *
GNU Affero General Public License as published by the *
Free Software Foundation, either version 3 of the License, *
or (at your option) any later version. *
*
* The CertiVox MIRACL Crypto SDK is distributed in the hope *
that it will be useful, but WITHOUT ANY WARRANTY; without even the *
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
See the GNU Affero General Public License for more details. *
*
* You should have received a copy of the GNU Affero General Public *
License along with CertiVox MIRACL Crypto SDK. *
If not, see <http://www.gnu.org/licenses/>. *
*
You can be released from the requirements of the license by purchasing *
a commercial license. Buying such a license is mandatory as soon as you *
develop commercial activities involving the CertiVox MIRACL Crypto SDK *
without disclosing the source code of your own applications, or shipping *
the CertiVox MIRACL Crypto SDK with a closed source product. *
*
***************************************************************************/
/*
*
* MIRACL C++ Header file ecn.h
*
* AUTHOR : M. Scott
*
* PURPOSE : Definition of class ECn (Arithmetic on an Elliptic Curve,
* mod n)
*
* NOTE : Must be used in conjunction with ecn.cpp and big.cpp
* The active curve is set dynamically (via the Big ecurve()
* routine) - so beware the pitfalls implicit in declaring
* static or global ECn's (which are initialised before the
* curve is set!). Uninitialised data is OK
*
*/
#ifndef ECN_H
#define ECN_H
#include <cstring>
#include "big.h"
#ifdef ZZNS
#define MR_INIT_ECN memset(mem,0,mr_ecp_reserve(1,ZZNS)); p=(epoint *)epoint_init_mem_variable(mem,0,ZZNS);
#else
#define MR_INIT_ECN mem=(char *)ecp_memalloc(1); p=(epoint *)epoint_init_mem(mem,0);
#endif
class ECn
{
epoint *p;
#ifdef ZZNS
char mem[mr_ecp_reserve(1,ZZNS)];
#else
char *mem;
#endif
public:
ECn() {MR_INIT_ECN }
ECn(const Big &x,const Big& y) {MR_INIT_ECN
epoint_set(x.getbig(),y.getbig(),0,p); }
// This next constructor restores a point on the curve from "compressed"
// data, that is the full x co-ordinate, and the LSB of y (0 or 1)
#ifndef MR_SUPPORT_COMPRESSION
ECn(const Big& x,int cb) {MR_INIT_ECN
epoint_set(x.getbig(),x.getbig(),cb,p); }
#endif
ECn(const ECn &b) {MR_INIT_ECN epoint_copy(b.p,p);}
epoint *get_point() const;
int get_status() {return p->marker;}
ECn& operator=(const ECn& b) {epoint_copy(b.p,p);return *this;}
ECn& operator+=(const ECn& b) {ecurve_add(b.p,p); return *this;}
int add(const ECn&,big *,big *ex1=NULL,big *ex2=NULL) const;
// returns line slope as a big
int sub(const ECn&,big *,big *ex1=NULL,big *ex2=NULL) const;
ECn& operator-=(const ECn& b) {ecurve_sub(b.p,p); return *this;}
// Multiplication of a point by an integer.
ECn& operator*=(const Big& k) {ecurve_mult(k.getbig(),p,p); return *this;}
void clear() {epoint_set(NULL,NULL,0,p);}
BOOL set(const Big& x,const Big& y) {return epoint_set(x.getbig(),y.getbig(),0,p);}
#ifndef MR_AFFINE_ONLY
// use with care if at all
void setz(const Big& z) {nres(z.getbig(),p->Z); p->marker=MR_EPOINT_GENERAL;}
#endif
BOOL iszero() const;
int get(Big& x,Big& y) const;
// This gets the point in compressed form. Return value is LSB of y-coordinate
int get(Big& x) const;
// get raw coordinates
void getx(Big &x) const;
void getxy(Big &x,Big &y) const;
void getxyz(Big &x,Big &y,Big &z) const;
// point compression
// This sets the point from compressed form. cb is LSB of y coordinate
#ifndef MR_SUPPORT_COMPRESSION
BOOL set(const Big& x,int cb=0) {return epoint_set(x.getbig(),x.getbig(),cb,p);}
#endif
friend ECn operator-(const ECn&);
friend void multi_add(int,ECn *,ECn *);
friend void double_add(ECn&,ECn&,ECn&,ECn&,big&,big&);
friend ECn mul(const Big&, const ECn&, const Big&, const ECn&);
friend ECn mul(int, const Big *, ECn *);
friend void normalise(ECn &e) {epoint_norm(e.p);}
friend void multi_norm(int,ECn *);
friend BOOL operator==(const ECn& a,const ECn& b)
{return epoint_comp(a.p,b.p);}
friend BOOL operator!=(const ECn& a,const ECn& b)
{return (!epoint_comp(a.p,b.p));}
friend ECn operator*(const Big &,const ECn&);
#ifndef MR_NO_STANDARD_IO
friend ostream& operator<<(ostream&,const ECn&);
#endif
~ECn() {
#ifndef ZZNS
mr_free(mem);
#endif
}
};
#endif

22
generator_cgo/include/ecnzzn.h Normal file
View File

@ -0,0 +1,22 @@
//
// Utility functions to force an ECn to be created from 2 or 3 ZZn
// And to extract an ECn into ZZns
//
#ifndef ECNZZN_H
#define ECNZZN_H
#include "zzn.h"
#include "ecn.h"
#ifndef MR_AFFINE_ONLY
extern void force(ZZn&,ZZn&,ZZn&,ECn&);
extern void extract(ECn&,ZZn&,ZZn&,ZZn&);
#endif
extern void force(ZZn&,ZZn&,ECn&);
extern void extract(ECn&,ZZn&,ZZn&);
#endif

70
generator_cgo/include/ecurve.cpp Normal file
View File

@ -0,0 +1,70 @@
#include "ecurve.h"
#include <stdbool.h>
// 使用的椭圆曲线(SECP256K1)公开参数
char Q[] = "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F"; // 有限域的模q
char A[] = "0000000000000000000000000000000000000000000000000000000000000000"; // 曲线方程系数a
char B[] = "0000000000000000000000000000000000000000000000000000000000000007"; // 曲线方程系数b
char X[] = "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798"; // 基点P的x坐标
char Y[] = "483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8"; // 基点P的y坐标
char P_N[] = "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141"; // 基点P的阶令nP=O的最小整数
bool setupEcurve(ECC_PARAMS *params)
{
// 初始化变量
(*params).a = mirvar(0);
(*params).b = mirvar(0);
(*params).q = mirvar(0);
(*params).p = mirvar(0);
(*params).P_x = mirvar(0);
(*params).P_y = mirvar(0);
(*params).P = epoint_init();
// 赋值
cinstr((*params).a, A);
cinstr((*params).b, B);
cinstr((*params).q, Q);
cinstr((*params).p, P_N);
cinstr((*params).P_x, X);
cinstr((*params).P_y, Y);
// 椭圆曲线方程初始化
ecurve_init((*params).a, (*params).b, (*params).q, MR_PROJECTIVE);
// 设置点坐标(P_x,P_y)为点P此函数同时能判断P是否在上面初始化成功的椭圆曲线上
if (!epoint_set((*params).P_x, (*params).P_y, 0, (*params).P))
{
freeEcurve(params);
return false;
}
// 判断P是否是阶为p的基点判断依据基点乘以阶为无穷远点
bool bRv = false;
epoint *P_test = epoint_init();
ecurve_mult((*params).p, (*params).P, P_test);
if (point_at_infinity(P_test))
{
bRv = true;
}
else
{
freeEcurve(params);
bRv = false;
}
epoint_free(P_test);
return bRv;
}
void freeEcurve(ECC_PARAMS *params)
{
mirkill((*params).a);
mirkill((*params).b);
mirkill((*params).q);
mirkill((*params).p);
mirkill((*params).P_x);
mirkill((*params).P_y);
epoint_free((*params).P);
}

23
generator_cgo/include/ecurve.h Normal file
View File

@ -0,0 +1,23 @@
#ifndef __ECURVE_H__
#define __ECURVE_H__
#include "miracl.h"
#include "mirdef.h"
#include <stdbool.h>
typedef struct ecc_params
{
big a; // 椭圆曲线方程系数a
big b; // 椭圆曲线方程系数b
big q; // 模
big p; // 阶
big P_x; // 基点横坐标
big P_y; // 基点纵坐标
epoint *P; // 基点
} ECC_PARAMS;
bool setupEcurve(ECC_PARAMS *params);
void freeEcurve(ECC_PARAMS *params);
#endif // ecurve.h

163
generator_cgo/include/flash.h Normal file
View File

@ -0,0 +1,163 @@
/*
* MIRACL C++ Header file flash.h
*
* AUTHOR : N.Coghlan
* Modified by M.Scott
*
* PURPOSE : Definition of class Flash
*
*/
#ifndef FLASH_H
#define FLASH_H
#include "big.h"
#ifdef MR_FLASH
#ifdef BIGS
#define MR_FINIT_BIG fn=&b; b.w=a; b.len=0; for (int i=0;i<BIGS;i++) a[i]=0;
#else
#define MR_FINIT_BIG fn=mirvar(0);
#endif
class Flash
{ /* Flash Class Definitions */
flash fn; /* pointer to actual data */
#ifdef BIGS
mr_small a[BIGS];
bigtype b;
#endif
public:
Flash() {MR_FINIT_BIG}
Flash(int j) {MR_FINIT_BIG convert(j,fn); }
Flash(unsigned int j) {MR_FINIT_BIG uconvert(j,fn); }
Flash(int x,int y) {MR_FINIT_BIG fconv(x,y,fn); }
#ifdef mr_dltype
#ifndef MR_DLTYPE_IS_INT
Flash(mr_dltype dl) {MR_FINIT_BIG dlconv(dl,fn);}
#endif
#else
Flash(long lg) {MR_FINIT_BIG lgconv(lg,fn);}
#endif
Flash(double d) {MR_FINIT_BIG dconv(d,fn);}
Flash(const Flash& f) {MR_FINIT_BIG copy(f.fn, fn);}
Flash(const Big& c) {MR_FINIT_BIG copy(c.fn, fn);}
Flash(const Big& n,const Big& d) {MR_FINIT_BIG mround(n.fn,d.fn,fn);}
Flash(char* s) {MR_FINIT_BIG cinstr(fn,s);}
Flash& operator=(int i) {convert(i,fn); return *this;}
#ifdef mr_dltype
#ifndef MR_DLTYPE_IS_INT
Flash& operator=(mr_dltype dl){dlconv(dl,fn); return *this;}
#endif
#else
Flash& operator=(long lg){lgconv(lg,fn); return *this;}
#endif
Flash& operator=(double& d) {dconv(d,fn); return *this;}
Flash& operator=(const Flash& f) {copy(f.fn, fn); return *this;}
Flash& operator=(const Big& b) {copy(b.fn, fn); return *this;}
Flash& operator=(char* s) {cinstr(fn,s);return *this;}
Flash& operator++() {fincr(fn,1,1,fn); return *this;}
Flash& operator--() {fincr(fn,-1,1,fn); return *this;}
Flash& operator+=(const Flash& f) {fadd(fn,f.fn,fn); return *this;}
Flash& operator-=(const Flash& f) {fsub(fn,f.fn,fn); return *this;}
Flash& operator*=(const Flash& f) {fmul(fn,f.fn,fn); return *this;}
Flash& operator*=(int n) {fpmul(fn,n,1,fn); return *this;}
Flash& operator/=(const Flash& f) {fdiv(fn,f.fn,fn); return *this;}
Flash& operator/=(int n) {fpmul(fn,1,n,fn); return *this;}
Flash& operator%=(const Flash& f) {fmodulo(fn,f.fn,fn); return *this;}
Big trunc(Flash *rem=NULL);
Big num(void);
Big den(void);
BOOL iszero() const;
friend Flash operator-(const Flash&); /* unary - */
/* binary ops */
friend Flash operator+(const Flash&, const Flash&);
friend Flash operator-(const Flash&, const Flash&);
friend Flash operator*(const Flash&, const Flash&);
friend Flash operator/(const Flash&, const Flash&);
friend Flash operator%(const Flash&,const Flash&);
/* relational ops */
friend BOOL operator<=(const Flash& f1, const Flash& f2)
{if (fcomp(f1.fn,f2.fn) <= 0) return TRUE; else return FALSE;}
friend BOOL operator>=(const Flash& f1, const Flash& f2)
{if (fcomp(f1.fn,f2.fn) >= 0) return TRUE; else return FALSE;}
friend BOOL operator==(const Flash& f1, const Flash& f2)
{if (fcomp(f1.fn,f2.fn) == 0) return TRUE; else return FALSE;}
friend BOOL operator!=(const Flash& f1, const Flash& f2)
{if (fcomp(f1.fn,f2.fn) != 0) return TRUE; else return FALSE;}
friend BOOL operator<(const Flash& f1, const Flash& f2)
{if (fcomp(f1.fn,f2.fn) < 0) return TRUE; else return FALSE;}
friend BOOL operator>(const Flash& f1, const Flash& f2)
{if (fcomp(f1.fn,f2.fn) > 0) return TRUE; else return FALSE;}
friend Flash inverse(const Flash&);
friend Flash pi(void);
friend Flash cos(const Flash&);
friend Flash sin(const Flash&);
friend Flash tan(const Flash&);
friend Flash acos(const Flash&);
friend Flash asin(const Flash&);
friend Flash atan(const Flash&);
friend Flash cosh(const Flash&);
friend Flash sinh(const Flash&);
friend Flash tanh(const Flash&);
friend Flash acosh(const Flash&);
friend Flash asinh(const Flash&);
friend Flash atanh(const Flash&);
friend Flash log(const Flash&);
friend Flash exp(const Flash&);
friend Flash pow(const Flash&,const Flash&);
friend Flash sqrt(const Flash&);
friend Flash nroot(const Flash&,int);
friend Flash fabs(const Flash&);
friend double todouble(const Flash& f) { return fdsize(f.fn);}
#ifndef MR_NO_STANDARD_IO
friend istream& operator>>(istream&, Flash&);
friend ostream& operator<<(ostream&, const Flash&);
#endif
#ifdef BIGS
~Flash() { }
#else
~Flash() {mirkill(fn);}
#endif
};
extern Flash pi(void);
#endif
#endif

94
generator_cgo/include/floating.h Normal file
View File

@ -0,0 +1,94 @@
/*
* MIRACL C++ Header file float.h
*
* AUTHOR : M.Scott
*
* PURPOSE : Definition of class Float
*
*/
#ifndef FLOAT_H
#define FLOAT_H
#include <cmath>
#include "big.h"
extern void setprecision(int);
class Float
{
int e; // exponent
Big m; // mantissa
public:
Float() { }
Float(int i) {m=i; e=1;}
Float(const Float& f) {e=f.e; m=f.m; }
Float(const Big &b) {m=b; e=length(b);}
Float(const Big &b,int ex) {m=b; e=ex;}
Float(double);
Big trunc(Float *rem=NULL);
void negate() const;
BOOL iszero() const;
BOOL isone() const;
int sign() const;
Float& operator=(double);
BOOL add(const Float&);
Float& operator+=(const Float&);
BOOL sub(const Float&);
Float& operator-=(const Float&);
Float& operator*=(const Float&);
Float& operator*=(int);
Float& operator/=(const Float&);
Float& operator/=(int);
Float& operator=(const Float&);
friend Float reciprocal(const Float&);
friend double todouble(const Float&);
friend Float makefloat(int,int);
friend Float operator-(const Float&);
friend Float operator+(const Float&,const Float&);
friend Float operator-(const Float&,const Float&);
friend Float operator*(const Float&,const Float&);
friend Float operator*(const Float&,int);
friend Float operator*(int,const Float&);
friend Float operator/(const Float&,const Float&);
friend Float operator/(const Float&,int);
friend Float sqrt(const Float&);
friend Float nroot(const Float&,int);
friend Float exp(const Float&);
friend Float sin(const Float&);
friend Float cos(const Float&);
friend Float pow(const Float&,int);
friend Float fpi(void);
friend Big trunc(const Float&);
friend int norm(int,Float&);
friend Float fabs(const Float&);
/* relational ops */
friend int fcomp(const Float&,const Float&);
friend BOOL operator<=(const Float& f1, const Float& f2)
{if (fcomp(f1,f2) <= 0) return TRUE; else return FALSE;}
friend BOOL operator>=(const Float& f1, const Float& f2)
{if (fcomp(f1,f2) >= 0) return TRUE; else return FALSE;}
friend BOOL operator==(const Float& f1, const Float& f2)
{if (fcomp(f1,f2) == 0) return TRUE; else return FALSE;}
friend BOOL operator!=(const Float& f1, const Float& f2)
{if (fcomp(f1,f2) != 0) return TRUE; else return FALSE;}
friend BOOL operator<(const Float& f1, const Float& f2)
{if (fcomp(f1,f2) < 0) return TRUE; else return FALSE;}
friend BOOL operator>(const Float& f1, const Float& f2)
{if (fcomp(f1,f2) > 0) return TRUE; else return FALSE;}
friend ostream& operator<<(ostream&,const Float&);
~Float() { }
};
extern Float fpi(void);
extern Float makefloat(int,int);
#endif

171
generator_cgo/include/gf2m.h Normal file
View File

@ -0,0 +1,171 @@
/***************************************************************************
*
Copyright 2013 CertiVox UK Ltd. *
*
This file is part of CertiVox MIRACL Crypto SDK. *
*
The CertiVox MIRACL Crypto SDK provides developers with an *
extensive and efficient set of cryptographic functions. *
For further information about its features and functionalities please *
refer to http://www.certivox.com *
*
* The CertiVox MIRACL Crypto SDK is free software: you can *
redistribute it and/or modify it under the terms of the *
GNU Affero General Public License as published by the *
Free Software Foundation, either version 3 of the License, *
or (at your option) any later version. *
*
* The CertiVox MIRACL Crypto SDK is distributed in the hope *
that it will be useful, but WITHOUT ANY WARRANTY; without even the *
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
See the GNU Affero General Public License for more details. *
*
* You should have received a copy of the GNU Affero General Public *
License along with CertiVox MIRACL Crypto SDK. *
If not, see <http://www.gnu.org/licenses/>. *
*
You can be released from the requirements of the license by purchasing *
a commercial license. Buying such a license is mandatory as soon as you *
develop commercial activities involving the CertiVox MIRACL Crypto SDK *
without disclosing the source code of your own applications, or shipping *
the CertiVox MIRACL Crypto SDK with a closed source product. *
*
***************************************************************************/
/*
* MIRACL C++ Header file gf2m.h
*
* AUTHOR : M.Scott
*
* PURPOSE : Definition of class GF2m (Arithmetic in the field GF(2^m)
*
* NOTE: : The field basis is set dynamically via the modulo() routine.
* Must be used with big.h and big.cpp
*/
#ifndef GF2M_H
#define GF2M_H
#include "big.h"
/*
#ifdef GF2MS
#define MR_INIT_GF2M memset(mem,0,mr_big_reserve(1,GF2MS)); fn=(big)mirvar_mem_variable(mem,0,GF2MS);
#define MR_CLONE_GF2M(x) fn->len=x->len; for (int i=0;i<GF2MS;i++) fn->w[i]=x->w[i];
#define MR_ZERO_GF2M {fn->len=0; for (int i=0;i<GF2MS;i++) fn->w[i]=0;}
#else
#define MR_INIT_GF2M mem=(char *)memalloc(1); fn=(big)mirvar_mem(mem,0);
#define MR_CLONE_GF2M(x) copy(x,fn);
#define MR_ZERO_GF2M zero(fn);
#endif
*/
#ifdef GF2MS
#define MR_INIT_GF2M fn=&b; b.w=a; b.len=GF2MS;
#define MR_CLONE_GF2M(x) b.len=x->len; for (int i=0;i<GF2MS;i++) a[i]=x->w[i];
#define MR_ZERO_GF2M {b.len=0; for (int i=0;i<GF2MS;i++) a[i]=0;}
#else
#define MR_INIT_GF2M fn=mirvar(0);
#define MR_CLONE_GF2M(x) copy(x,fn);
#define MR_ZERO_GF2M zero(fn);
#endif
class GF2m
{
big fn;
/*
#ifdef GF2MS
char mem[mr_big_reserve(1,GF2MS)];
#else
char *mem;
#endif
*/
#ifdef GF2MS
mr_small a[GF2MS];
bigtype b;
#endif
public:
GF2m() {MR_INIT_GF2M MR_ZERO_GF2M}
GF2m(int j) {MR_INIT_GF2M if (j==0) MR_ZERO_GF2M else {convert(j,fn); reduce2(fn,fn);}}
GF2m(const Big& c) {MR_INIT_GF2M reduce2(c.getbig(),fn); } /* Big -> GF2m */
GF2m(big& c) {MR_INIT_GF2M MR_CLONE_GF2M(c)}
GF2m(const GF2m& c) {MR_INIT_GF2M MR_CLONE_GF2M(c.fn)}
GF2m(char *s) {MR_INIT_GF2M cinstr(fn,s); reduce2(fn,fn);}
GF2m& operator=(const GF2m& c) {MR_CLONE_GF2M(c.fn) return *this;}
GF2m& operator=(big c) {MR_CLONE_GF2M(c) return *this;}
GF2m& operator=(int i) {if (i==0) MR_ZERO_GF2M else {convert(i,fn); reduce2(fn,fn);} return *this;}
GF2m& operator=(const Big& b) { reduce2(b.getbig(),fn); return *this; }
GF2m& operator=(char *s) { cinstr(fn,s); reduce2(fn,fn); return *this;}
GF2m& operator++() {incr2(fn,1,fn); return *this; }
GF2m& operator+=(const GF2m& c)
{
#ifdef GF2MS
for (int i=0;i<GF2MS;i++)
fn->w[i]^=c.fn->w[i];
fn->len=GF2MS;
if (fn->w[GF2MS-1]==0) mr_lzero(fn);
#else
add2(fn,c.fn,fn);
#endif
return *this;
}
GF2m& operator+=(int i) {incr2(fn,i,fn); return *this; }
GF2m& operator*=(const GF2m& b) {modmult2(fn,b.fn,fn); return *this;}
GF2m& square() {modsquare2(fn,fn); return *this;}
GF2m& inverse() {inverse2(fn,fn); return *this;}
BOOL quadratic(GF2m& b) {return quad2(fn,b.fn);}
int degree() {return degree2(fn);}
BOOL iszero() const;
BOOL isone() const;
operator Big() {return (Big)fn;} /* GF2m -> Big */
friend big getbig(GF2m& z) {return z.fn;}
friend int trace(GF2m & z) {return trace2(z.fn);}
GF2m& operator/=(const GF2m&);
friend GF2m operator+(const GF2m&,const GF2m&);
friend GF2m operator+(const GF2m&,int);
friend GF2m operator*(const GF2m&,const GF2m&);
friend GF2m operator/(const GF2m&,const GF2m&);
friend BOOL operator==(const GF2m& b1,const GF2m& b2)
{ if (mr_compare(b1.fn,b2.fn)==0) return TRUE; else return FALSE;}
friend BOOL operator!=(const GF2m& b1,const GF2m& b2)
{ if (mr_compare(b1.fn,b2.fn)!=0) return TRUE; else return FALSE;}
friend GF2m square(const GF2m&);
friend GF2m inverse(const GF2m&);
friend GF2m pow(const GF2m&,int);
friend GF2m sqrt(const GF2m&);
friend GF2m halftrace(const GF2m&);
friend GF2m quad(const GF2m&);
#ifndef MR_NO_RAND
friend GF2m random2(void);
#endif
friend GF2m gcd(const GF2m&,const GF2m&);
friend void kar2x2(const GF2m*,const GF2m*,GF2m*);
friend void kar3x3(const GF2m*,const GF2m*,GF2m*);
friend int degree(const GF2m& x) {return degree2(x.fn);}
~GF2m()
{
// zero(fn);
#ifndef GF2MS
mr_free(fn);
#endif
}
};
#ifndef MR_NO_RAND
extern GF2m random2(void);
#endif
#endif

61
generator_cgo/include/hash.cpp Normal file
View File

@ -0,0 +1,61 @@
#include <string.h>
#include "hash.h"
#include "ecurve.h"
#include "utils.h"
void hash1(char *ID, epoint *Q, epoint *PK_pub, big p, big h_1_big)
{
// 计算hash值H_1(ID, R, PK_pub)
//hash1(ID, Q, PK_pub)
sha256 sh;
char h_1[33] = {0};
shs256_init(&sh);
sha256_update_string(sh, ID, strlen(ID));
sha256_update_point(sh, Q);
sha256_update_point(sh, PK_pub);
shs256_hash(&sh, h_1);
bytes_to_big(32, h_1, h_1_big);
power(h_1_big, 1, p, h_1_big); // mod p
}
void hash2(char *ID, epoint *X, big p, big h_2_big)
{
// 计算hash值H_2(ID, X)
sha256 sh;
char h_2[33] = {0};
shs256_init(&sh);
sha256_update_string(sh, ID, strlen(ID));
sha256_update_point(sh, X);
shs256_hash(&sh, h_2);
bytes_to_big(32, h_2, h_2_big);
power(h_2_big, 1, p, h_2_big); // mod p
}
void hash3(
char *ID,
char *msg,
epoint *Q,
epoint *U,
epoint *PK_pub,
big p,
big h_3_big
)
{
sha256 sh;
char h_3[33] = {0};
shs256_init(&sh);
sha256_update_string(sh, ID, strlen(ID));
sha256_update_string(sh, msg, strlen(msg));
sha256_update_point(sh, Q);
sha256_update_point(sh, U);
sha256_update_point(sh, PK_pub);
shs256_hash(&sh, h_3);
bytes_to_big(32, h_3, h_3_big);
power(h_3_big, 1, p, h_3_big); // mod p
}

24
generator_cgo/include/hash.h Normal file
View File

@ -0,0 +1,24 @@
#ifndef __HASH_H__
#define __HASH_H__
#include "miracl.h"
#include "mirdef.h"
//hash1(ID, Q, PK_pub, h_1_big)
void hash1(char *ID, epoint *Q, epoint *PK_pub, big p, big h_1_big);
//hash2(ID, X, h_2_big)
void hash2(char *ID, epoint *X, big p, big h_2_big);
//hash3(ID, msg, Q, U, PK_pub, h_3_big)
void hash3(
char *ID,
char *msg,
epoint *Q,
epoint *U,
epoint *PK_pub,
big p,
big h_3_big
);
#endif

84
generator_cgo/include/kgc.cpp Normal file
View File

@ -0,0 +1,84 @@
#include <string.h>
#include "kgc.h"
#include "hash.h"
void genKGCkey(ECC_PARAMS *params, big msk, epoint *PK_pub)
{
bigrand((*params).p, msk); // 产生小于p的随机数
ecurve_mult(msk, (*params).P, PK_pub);
}
bool genPPK_std(
ECC_PARAMS *params,
big msk, // KGC私钥
epoint *PK_pub, // KGC公钥
char ID[], // 输入用户ID
big d, // 输出部分私钥
epoint *Q, // 产生的用户公钥
epoint *X) // 输入用户秘密值
{
// 产生随机数r,计算R=rP
epoint *R_A = epoint_init();
big r = mirvar(0);
bigrand((*params).p, r);
ecurve_mult(r, (*params).P, R_A);
//计算h_2 = H_2(ID,X)
big h_2_big = mirvar(0);
hash2(ID, X, (*params).p, h_2_big);
//计算h_2 * X
epoint *h2X = epoint_init();
ecurve_mult(h_2_big, X, h2X);
//计算Q = R + h_2 * X
ecurve_add(R_A, Q);
ecurve_add(h2X, Q);
//计算h_1 = H_1(ID,Q,PK_pub)
big h_1_big = mirvar(0);
hash1(ID, Q, PK_pub, (*params).p, h_1_big);
// 计算d = r + msk * h_1 mod p
big tmp = mirvar(0);
multiply(msk, h_1_big, tmp);
add(r, tmp, d);
power(d, 1, (*params).p, d); // mod p
//计算h_1 * PK_pub
epoint *h1PK = epoint_init();
ecurve_mult(h_1_big, PK_pub, h1PK);
// 用d * P = Q - h2 * X + h1 * PK_pub验证一下(d,Q)是否正确
// 点的减法 pa = pa - a Function: void ecurve_sub(p,pa)
epoint *left = epoint_init();
ecurve_mult(d, (*params).P, left);
epoint *right = epoint_init();
ecurve_add(Q, right);
ecurve_sub(h2X, right);
ecurve_add(h1PK, right);
bool bRv = false;
if (epoint_comp(left, right))
{
bRv = true;
}
else
{
bRv = false;
}
mirkill(r);
mirkill(h_1_big);
mirkill(h_2_big);
mirkill(tmp);
epoint_free(R_A);
epoint_free(left);
epoint_free(right);
epoint_free(h1PK);
epoint_free(h2X);
return bRv;
}

22
generator_cgo/include/kgc.h Normal file
View File

@ -0,0 +1,22 @@
#ifndef __KGC_H__
#define __KGC_H__
#include "ecurve.h"
#include "miracl.h"
#include "mirdef.h"
#include <stdbool.h>
void genKGCkey(ECC_PARAMS *params, big msk, epoint *PK_pub);
_Bool genPPK_std(
ECC_PARAMS *params,
big msk,
epoint *PK_pub,
char ID[],
big d,
epoint *Q,
epoint *X
);
#endif

1563
generator_cgo/include/miracl.h Normal file
View File

File diff suppressed because it is too large Load Diff

15
generator_cgo/include/mirdef.h Normal file
View File

@ -0,0 +1,15 @@
/*
* MIRACL compiler/hardware definitions - mirdef.h
*/
#define MR_LITTLE_ENDIAN
#define MIRACL 64
#define mr_utype long long
#define mr_unsign64 unsigned long long
#define MR_IBITS 32
#define MR_LBITS 64
#define mr_unsign32 unsigned int
#define MR_FLASH 52
#define MAXBASE ((mr_small)1<<(MIRACL-1))
#define MR_BITSINCHAR 8

107
generator_cgo/include/sign.cpp Normal file
View File

@ -0,0 +1,107 @@
#include <string.h>
#include "sign.h"
#include "hash.h"
#include "utils.h"
void getFullkey(
ECC_PARAMS *params,
char *ID, // 用户ID
big d, // 用户部分私钥
big x, // 用户秘密值
epoint *X, // 用户公钥
big sa // 用户完整私钥
)
{
// 计算hash值H_2(ID, X)
big h_2_big = mirvar(0);
hash2(ID, X, (*params).p, h_2_big);
// 计算sa = d + h_2*x mod p
big tmp = mirvar(0);
multiply(x, h_2_big, tmp);
add(d, tmp, sa);
power(sa, 1, (*params).p, sa); // mod p
mirkill(h_2_big);
mirkill(tmp);
}
void sign_Thumbur(
ECC_PARAMS *params,
char *ID, // 用户ID
char *msg, // 签名消息
big sa, // 输入用户完整私钥
epoint *Q, // 输入用户完整公钥
epoint *U, // 输出签名的随机数变换
epoint *PK_pub, //输入KGC的公钥
big v // 输出签名的计算值
)
{
// 产生随机数u,计算U=uP
big u = mirvar(0);
bigrand((*params).p, u);
ecurve_mult(u, (*params).P, U);
// 计算hash值H_3(ID, msg, Q, U, PK_pub)
big h_3_big = mirvar(0);
hash3(ID, msg, Q, U, PK_pub, (*params).p, h_3_big);
// 计算签名值 v = u + h_3*sa
big tmp = mirvar(0);
multiply(sa, h_3_big, tmp);
add(u, tmp, v);
power(v, 1, (*params).p, v); // mod p
outbig(v, "v");
mirkill(u);
mirkill(h_3_big);
mirkill(tmp);
}
bool verify_Thumbur(
ECC_PARAMS *params,
char *ID,
char *msg,
epoint *Q,
epoint *PK_pub,
epoint *U,
big v
)
{
// 计算hash值H_1(ID, Q, PK_pub)
big h_1_big = mirvar(0);
hash1(ID, Q, PK_pub, (*params).p, h_1_big);
// 计算hash值H_3(ID, msg, Q, U, PK_pub)
big h_3_big = mirvar(0);
hash3(ID, msg, Q, U, PK_pub, (*params).p, h_3_big);
// 验签等式 v*P = U + h_3(Q + h_1*P_pub)
// 等式左边:
epoint *left = epoint_init();
ecurve_mult(v, (*params).P, left);
// 等式右边:
epoint *tmp_p = epoint_init();
ecurve_mult(h_1_big, PK_pub, tmp_p);
ecurve_add(Q, tmp_p);
ecurve_mult(h_3_big, tmp_p, tmp_p);
ecurve_add(U, tmp_p);
bool bRv = false;
if (epoint_comp(left, tmp_p))
{
bRv = true;
}
else
{
bRv = false;
}
mirkill(h_1_big);
mirkill(h_3_big);
epoint_free(left);
epoint_free(tmp_p);
return bRv;
}

39
generator_cgo/include/sign.h Normal file
View File

@ -0,0 +1,39 @@
#ifndef __SIGN_H__
#define __SIGN_H__
#include "ecurve.h"
#include "miracl.h"
#include "mirdef.h"
#include <stdbool.h>
void getFullkey(
ECC_PARAMS *params,
char *ID, // 用户ID
big d, // 用户部分私钥
big x, // 用户秘密值
epoint *X, // 用户公钥
big sa // 用户完整私钥
);
void sign_Thumbur(
ECC_PARAMS *params,
char *ID, // 用户ID
char *msg, // 签名消息
big sa, // 用户完整私钥
epoint *Q, // 用户完整公钥
epoint *U, // 输出签名的随机数变换
epoint *PK_pub, //kgc公钥
big v // 输出签名的计算值
);
bool verify_Thumbur(
ECC_PARAMS *params,
char *ID,
char *msg,
epoint *Q,
epoint *PK_pub,
epoint *U,
big v
);
#endif

76
generator_cgo/include/utils.cpp Normal file
View File

@ -0,0 +1,76 @@
#include <stdio.h>
#include <time.h>
#include <string.h>
#include "utils.h"
#include "ecurve.h"
#include "kgc.h"
//将big大数类型转为char*类型
void outbig(big num, char *val_name)
{
char out_str[257] = {0};
cotstr(num, out_str);
printf("\nchar str_%s[] = \"%s\";", val_name, out_str);
}
//将big大数类型转为char*类型
void outpoint(epoint *PO, char *val_name)
{
char out_str[257] = {0};
big PO_x = mirvar(0);
big PO_y = mirvar(0);
epoint_get(PO, PO_x, PO_y);
cotstr(PO_x, out_str);
printf("\nchar str_%s_x[]= \"%s\";", val_name, out_str);
cotstr(PO_y, out_str);
printf("\nchar str_%s_y[]= \"%s\";", val_name, out_str);
}
// 设置随机数种子
void setRandSeed()
{
time_t seed;
time(&seed); // 用系统时间做种子
irand((long)seed);
return;
}
//
void sha256_update_string(sha256 sh, const char *data, long data_len)
{
for (long i = 0; i < data_len; i++)
{
shs256_process(&sh, data[i]);
}
}
void sha256_update_point(sha256 sh, epoint *point)
{
big point_x = mirvar(0);
big point_y = mirvar(0);
char point_x_string[256] = {0};
char point_y_string[256] = {0};
epoint_get(point, point_x, point_y);
cotstr(point_x, point_x_string);
cotstr(point_y, point_y_string);
for (unsigned int i = 0; i < strlen(point_x_string); i++)
{
shs256_process(&sh, point_x_string[i]);
}
for (unsigned int i = 0; i < strlen(point_y_string); i++)
{
shs256_process(&sh, point_y_string[i]);
}
mirkill(point_x);
mirkill(point_y);
}
//用户产生秘密值x以及与基点点乘后的X
void genSecret(ECC_PARAMS *params, big x, epoint *X)
{
bigrand((*params).p, x); //产生小于阶p的big值
ecurve_mult(x, (*params).P, X);
}

24
generator_cgo/include/utils.h Normal file
View File

@ -0,0 +1,24 @@
#ifndef __UNTILS_H__
#define __UNTILS_H__
#include "miracl.h"
#include "mirdef.h"
#include "ecurve.h"
void outbig(big num, char *val_name);
void outpoint(epoint *PO, char *val_name);
void setRandSeed();
void sha256_update_string(sha256 sh, const char *data, long data_len);
void sha256_update_point(sha256 sh, epoint *point);
void genSecret(ECC_PARAMS *params, big x, epoint *X);
bool Setup();
#endif

219
generator_cgo/include/zzn.h Normal file
View File

@ -0,0 +1,219 @@
/***************************************************************************
*
Copyright 2013 CertiVox UK Ltd. *
*
This file is part of CertiVox MIRACL Crypto SDK. *
*
The CertiVox MIRACL Crypto SDK provides developers with an *
extensive and efficient set of cryptographic functions. *
For further information about its features and functionalities please *
refer to http://www.certivox.com *
*
* The CertiVox MIRACL Crypto SDK is free software: you can *
redistribute it and/or modify it under the terms of the *
GNU Affero General Public License as published by the *
Free Software Foundation, either version 3 of the License, *
or (at your option) any later version. *
*
* The CertiVox MIRACL Crypto SDK is distributed in the hope *
that it will be useful, but WITHOUT ANY WARRANTY; without even the *
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
See the GNU Affero General Public License for more details. *
*
* You should have received a copy of the GNU Affero General Public *
License along with CertiVox MIRACL Crypto SDK. *
If not, see <http://www.gnu.org/licenses/>. *
*
You can be released from the requirements of the license by purchasing *
a commercial license. Buying such a license is mandatory as soon as you *
develop commercial activities involving the CertiVox MIRACL Crypto SDK *
without disclosing the source code of your own applications, or shipping *
the CertiVox MIRACL Crypto SDK with a closed source product. *
*
***************************************************************************/
/*
*
* MIRACL C++ Header file zzn.h
*
* AUTHOR : M. Scott
*
* PURPOSE : Definition of class ZZn (Arithmetic mod n), using
* Montgomery's Method for modular multiplication
* NOTE : Must be used in conjunction with zzn.cpp
* The modulus n is always set dynamically (via the modulo()
* routine) - so beware the pitfalls implicit in declaring
* static or global ZZn's (which are initialised before n is
* set!). Uninitialised data is OK
*/
#ifndef ZZN_H
#define ZZN_H
#include "big.h"
/*
#ifdef ZZNS
#define MR_INIT_ZZN memset(mem,0,mr_big_reserve(1,ZZNS)); fn=(big)mirvar_mem_variable(mem,0,ZZNS);
#define MR_CLONE_ZZN(x) fn->len=x->len; for (int i=0;i<ZZNS;i++) fn->w[i]=x->w[i];
#define MR_ZERO_ZZN {fn->len=0; for (int i=0;i<ZZNS;i++) fn->w[i]=0;}
#else
#define MR_INIT_ZZN mem=(char *)memalloc(1); fn=(big)mirvar_mem(mem,0);
#define MR_CLONE_ZZN(x) copy(x,fn);
#define MR_ZERO_ZZN zero(fn);
#endif
*/
#ifdef ZZNS
#ifdef MR_COMBA
#define UZZNS ZZNS
#else
#define UZZNS ZZNS+1 // one extra required in case of carry overflow in addition
#endif
#endif
#ifdef ZZNS
#define MR_INIT_ZZN fn=&b; b.w=a; b.len=UZZNS;
#define MR_CLONE_ZZN(x) b.len=x->len; for (int i=0;i<UZZNS;i++) a[i]=x->w[i];
#define MR_ZERO_ZZN {b.len=0; for (int i=0;i<UZZNS;i++) a[i]=0;}
#else
#define MR_INIT_ZZN fn=mirvar(0);
#define MR_CLONE_ZZN(x) copy(x,fn);
#define MR_ZERO_ZZN zero(fn);
#endif
class ZZn
{
big fn;
#ifdef ZZNS
mr_small a[UZZNS];
bigtype b;
#endif
/*
#ifdef ZZNS
char mem[mr_big_reserve(1,ZZNS)];
#else
char *mem;
#endif
*/
public:
ZZn() {MR_INIT_ZZN MR_ZERO_ZZN}
ZZn(int i) {MR_INIT_ZZN if (i==0) MR_ZERO_ZZN else {convert(i,fn); nres(fn,fn);} }
ZZn(const Big& c) {MR_INIT_ZZN nres(c.getbig(),fn); } /* Big -> ZZn */
ZZn(big& c) {MR_INIT_ZZN MR_CLONE_ZZN(c);}
ZZn(const ZZn& c) {MR_INIT_ZZN MR_CLONE_ZZN(c.fn);}
ZZn(char* s) {MR_INIT_ZZN cinstr(fn,s); nres(fn,fn);}
ZZn& operator=(const ZZn& c) {MR_CLONE_ZZN(c.fn) return *this;}
ZZn& operator=(big c) {MR_CLONE_ZZN(c) return *this; }
ZZn& operator=(int i) {if (i==0) MR_ZERO_ZZN else {convert(i,fn); nres(fn,fn);} return *this;}
ZZn& operator=(char* s){cinstr(fn,s); nres(fn,fn); return *this;}
/* Use fast in-line code */
ZZn& operator++()
{nres_modadd(fn,get_mip()->one,fn);return *this;}
ZZn& operator--()
{nres_modsub(fn,get_mip()->one,fn);return *this;}
ZZn& operator+=(int i)
{ZZn inc=i; nres_modadd(fn,inc.fn,fn);return *this;}
ZZn& operator-=(int i)
{ZZn dec=i; nres_modsub(fn,dec.fn,fn); return *this;}
ZZn& operator+=(const ZZn& b)
{nres_modadd(fn,b.fn,fn); return *this;}
ZZn& operator-=(const ZZn& b)
{nres_modsub(fn,b.fn,fn); return *this;}
ZZn& operator*=(const ZZn& b)
{nres_modmult(fn,b.fn,fn); return *this;}
ZZn& operator*=(int i)
{nres_premult(fn,i,fn); return *this;}
ZZn& negate()
{nres_negate(fn,fn); return *this;}
BOOL iszero() const;
operator Big() {Big c; redc(fn,c.getbig()); return c;} /* ZZn -> Big */
friend big getbig(ZZn& z) {return z.fn;}
ZZn& operator/=(const ZZn& b) {nres_moddiv(fn,b.fn,fn); return *this;}
ZZn& operator/=(int);
friend ZZn operator-(const ZZn&);
friend ZZn operator+(const ZZn&,int);
friend ZZn operator+(int, const ZZn&);
friend ZZn operator+(const ZZn&, const ZZn&);
friend ZZn operator-(const ZZn&, int);
friend ZZn operator-(int, const ZZn&);
friend ZZn operator-(const ZZn&, const ZZn&);
friend ZZn operator*(const ZZn&,int);
friend ZZn operator*(int, const ZZn&);
friend ZZn operator*(const ZZn&, const ZZn&);
friend ZZn operator/(const ZZn&, int);
friend ZZn operator/(int, const ZZn&);
friend ZZn operator/(const ZZn&, const ZZn&);
friend BOOL operator==(const ZZn& b1,const ZZn& b2)
{ if (mr_compare(b1.fn,b2.fn)==0) return TRUE; else return FALSE;}
friend BOOL operator!=(const ZZn& b1,const ZZn& b2)
{ if (mr_compare(b1.fn,b2.fn)!=0) return TRUE; else return FALSE;}
friend ZZn one(void);
friend ZZn pow( const ZZn&, const Big&);
friend ZZn pow( const ZZn&,int);
friend ZZn powl(const ZZn&, const Big&);
friend ZZn pow( const ZZn&, const Big&, const ZZn&, const Big&);
friend ZZn pow( int,ZZn *,Big *);
friend int jacobi(const ZZn&);
#ifndef MR_NO_RAND
friend ZZn randn(void); // random number < modulus
#endif
friend BOOL qr(const ZZn&); // test for quadratic residue
friend BOOL qnr(const ZZn&); // test for quadratic non-residue
friend ZZn getA(void); // get A parameter of elliptic curve
friend ZZn getB(void); // get B parameter of elliptic curve
friend ZZn sqrt(const ZZn&); // only works if modulus is prime
friend ZZn luc( const ZZn& b1, const Big& b2, ZZn* b3=NULL)
{
ZZn z; if (b3!=NULL) nres_lucas(b1.fn,b2.getbig(),b3->fn,z.fn);
else nres_lucas(b1.fn,b2.getbig(),z.fn,z.fn);
return z;
}
//friend ZZn luc( const ZZn&, const Big&, ZZn* b3=NULL);
big getzzn(void) const;
#ifndef MR_NO_STANDARD_IO
friend ostream& operator<<(ostream&,const ZZn&);
#endif
~ZZn()
{
// MR_ZERO_ZZN // slower but safer
#ifndef ZZNS
mr_free(fn);
#endif
}
};
#ifndef MR_NO_RAND
extern ZZn randn(void);
#endif
extern ZZn getA(void);
extern ZZn getB(void);
extern ZZn one(void);
#endif

BIN
generator_cgo/lib/libKGC.a Normal file
View File

Binary file not shown.

BIN
generator_cgo/lib/libKGCAll.a Normal file
View File

Binary file not shown.

BIN
generator_cgo/lib/libMiracl.a Normal file
View File

Binary file not shown.

112
generator_cgo/main.go Normal file
View File

@ -0,0 +1,112 @@
package main
/*
#cgo CFLAGS: -I./include
#cgo LDFLAGS: -L./lib -lKGCAll
#include "miracl.h"
#include "mirdef.h"
#include "hash.h"
#include "kgc.h"
#include "utils.h"
#include "ecurve.h"
#include "sign.h"
#include "utils.cpp"
#include "ecurve.cpp"
#include "hash.cpp"
#include "sign.cpp"
#include "kgc.cpp"
#include <stdio.h>
#include <stdlib.h>
#include <stdbool.h>
char* IDA = "1234567890111213141516171819202122232425"; // 发送者ID
char* IDB = "1448579437597582757693565726417498574267"; // 接受者ID
char* M = "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD";
char* msk = "msk";
char* PKP = "PK_pub";
char* Public = "P_P";
char* QA = "Q_A";
char* dA = "d_A";
char* xA = "x_A";
char* XA = "X_A";
char* saA = "sa_A";
*/
import "C"
import "fmt"
func main() {
mip := C.mirsys(512, 16) // 初始化MIRACL系统512位16进制数
mip.IOBASE = 16 // 设置大整数为16进制
a := C.mirvar(0)
C.mirkill(a)
C.setRandSeed()
// 建立椭圆曲线
var params C.ECC_PARAMS
if !C.setupEcurve(&params) {
fmt.Println("ecurve setup failed")
C.mirexit()
panic("椭圆曲线建立失败!")
}
C.setRandSeed() // 随机数种子
//初始化参数
msk := C.mirvar(0) //私钥
PK_pub := C.epoint_init() //公钥
d_A := C.mirvar(0) //用户A产生的部分私钥
x_A := C.mirvar(0) //用户产生的秘密值
X_A := C.epoint_init()
sa_A := C.mirvar(0) //用户完整私钥
Q_A := C.epoint_init() //用户完整公钥
val := C.mirvar(0) //用户返回的签名值
U := C.epoint_init() //随机点值
// 产生KGC密钥对: msk, PK_pub
C.genKGCkey(&params, msk, PK_pub)
C.outbig(msk, C.msk)
C.outpoint((&params).P, C.Public)
C.outpoint(PK_pub, C.PKP)
// 产生用户A的秘密值
C.genSecret(&params, x_A, X_A)
C.outbig(x_A, C.xA)
C.outpoint(X_A, C.XA)
// 产生用户A的部分私钥和用户的完整公钥
if !C.genPPK_std(&params, msk, PK_pub, C.IDA, d_A, Q_A, X_A) {
fmt.Println("Generate PPK for IDA failed.")
goto error
}
C.outbig(d_A, C.dA)
C.outpoint(Q_A, C.QA)
// 输出完整的用户私钥
C.getFullkey(&params, C.IDA, d_A, x_A, X_A, sa_A)
C.outbig(sa_A, C.saA)
// 签名Gowri Thumbur方案
C.sign_Thumbur(&params, C.IDA, C.M, sa_A, Q_A, U, PK_pub, val)
// 验签
if C.verify_Thumbur(&params, C.IDA, C.M, Q_A, PK_pub, U, val) {
fmt.Println("\nsignature valid.")
} else {
fmt.Println("\nverify failed.")
}
error:
C.mirkill(msk)
C.mirkill(d_A)
C.mirkill(x_A)
C.mirkill(sa_A)
C.epoint_free(PK_pub)
C.epoint_free(X_A)
C.epoint_free(Q_A)
C.epoint_free(U)
C.freeEcurve(&params)
C.mirexit() // 退出MIRACL系统
}

19
generator_cgo/params.txt Normal file
View File

@ -0,0 +1,19 @@
char str_msk[] = "6D5DB11261A93275CD69A813F6CA4FE84A5613B346D27AFEFAF3D63D0DF307A7";
char str_P_P_x[]= "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798";
char str_P_P_y[]= "483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8";
char str_PK_pub_x[]= "6C723EBEDA3B3FF230BEFEB870DBCF38271F609A09E949FA06E512C74FEB4E76";
char str_PK_pub_y[]= "5FAE4EB8F8B38B401C231D4EB682E53977A62663169B1B1908F4906E4758DD7C";
char str_x_A[] = "80A80E35FB678995DE03E0DE6DCA75651D48D57C82923C4F8097A7CF80FFDC0F";
char str_X_A_x[]= "3E9FD587517E568102447F7BFDA9955EAFF9F8984DE497813269546ADAB30D8A";
char str_X_A_y[]= "3AC044504324E5FD14D16FC396133EE7FD4B4743E0F4F3245BF69F3634CD74F4";
char str_d_A[] = "37F0619702B66C78D898A2135FAF59AFF5439BBA388FB114CEDA6180FF8E395C";
char str_sa_A[] = "6A7C930DDCFE3B505D5AD7824B63ABA9110883D261CE67C04AF01E395E248766";
char str_Q_A_x[]= "6E87706053DD52225354602E031A1D025115B54B8C600D3C47AB66749D0852DC";
char str_Q_A_y[]= "71C165DCBF5E07903517A5AAB4919104229A1E65D6D57C23B95147ED79BA23E4";
char str_v[] = "33979BEB2B89412DEA04EC7DD07FF8F98792F490A6A519AE64766BAE30B7874A";
signature valid.
用户IDchar* IDA = "1234567890111213141516171819202122232425";
用户私钥char str_sa_A[] = "6A7C930DDCFE3B505D5AD7824B63ABA9110883D261CE67C04AF01E395E248766";
用户公钥char str_Q_A_x[]= "6E87706053DD52225354602E031A1D025115B54B8C600D3C47AB66749D0852DC";
char str_Q_A_y[]= "71C165DCBF5E07903517A5AAB4919104229A1E65D6D57C23B95147ED79BA23E4";

61
hash.cpp Normal file
View File

@ -0,0 +1,61 @@
#include <string.h>
#include "hash.h"
#include "ecurve.h"
#include "utils.h"
void hash1(char *ID, epoint *Q, epoint *PK_pub, big p, big h_1_big)
{
// 计算hash值H_1(ID, R, PK_pub)
//hash1(ID, Q, PK_pub)
sha256 sh;
char h_1[33] = {0};
shs256_init(&sh);
sha256_update_string(sh, ID, strlen(ID));
sha256_update_point(sh, Q);
sha256_update_point(sh, PK_pub);
shs256_hash(&sh, h_1);
bytes_to_big(32, h_1, h_1_big);
power(h_1_big, 1, p, h_1_big); // mod p
}
void hash2(char *ID, epoint *X, big p, big h_2_big)
{
// 计算hash值H_2(ID, X)
sha256 sh;
char h_2[33] = {0};
shs256_init(&sh);
sha256_update_string(sh, ID, strlen(ID));
sha256_update_point(sh, X);
shs256_hash(&sh, h_2);
bytes_to_big(32, h_2, h_2_big);
power(h_2_big, 1, p, h_2_big); // mod p
}
void hash3(
char *ID,
char *msg,
epoint *Q,
epoint *U,
epoint *PK_pub,
big p,
big h_3_big
)
{
sha256 sh;
char h_3[33] = {0};
shs256_init(&sh);
sha256_update_string(sh, ID, strlen(ID));
sha256_update_string(sh, msg, strlen(msg));
sha256_update_point(sh, Q);
sha256_update_point(sh, U);
sha256_update_point(sh, PK_pub);
shs256_hash(&sh, h_3);
bytes_to_big(32, h_3, h_3_big);
power(h_3_big, 1, p, h_3_big); // mod p
}

27
hash.h Normal file
View File

@ -0,0 +1,27 @@
#ifndef __HASH_H__
#define __HASH_H__
extern "C"
{
#include "miracl.h"
#include "mirdef.h"
}
//hash1(ID, Q, PK_pub, h_1_big)
void hash1(char *ID, epoint *Q, epoint *PK_pub, big p, big h_1_big);
//hash2(ID, X, h_2_big)
void hash2(char *ID, epoint *X, big p, big h_2_big);
//hash3(ID, msg, Q, U, PK_pub, h_3_big)
void hash3(
char *ID,
char *msg,
epoint *Q,
epoint *U,
epoint *PK_pub,
big p,
big h_3_big
);
#endif

84
kgc.cpp Normal file
View File

@ -0,0 +1,84 @@
#include <string.h>
#include "kgc.h"
#include "hash.h"
void genKGCkey(ECC_PARAMS *params, big msk, epoint *PK_pub)
{
bigrand((*params).p, msk); // 产生小于p的随机数
ecurve_mult(msk, (*params).P, PK_pub);
}
bool genPPK_std(
ECC_PARAMS *params,
big msk, // KGC私钥
epoint *PK_pub, // KGC公钥
char ID[], // 输入用户ID
big d, // 输出部分私钥
epoint *Q, // 产生的用户公钥
epoint *X) // 输入用户秘密值
{
// 产生随机数r,计算R=rP
epoint *R_A = epoint_init();
big r = mirvar(0);
bigrand((*params).p, r);
ecurve_mult(r, (*params).P, R_A);
//计算h_2 = H_2(ID,X)
big h_2_big = mirvar(0);
hash2(ID, X, (*params).p, h_2_big);
//计算h_2 * X
epoint *h2X = epoint_init();
ecurve_mult(h_2_big, X, h2X);
//计算Q = R + h_2 * X
ecurve_add(R_A, Q);
ecurve_add(h2X, Q);
//计算h_1 = H_1(ID,Q,PK_pub)
big h_1_big = mirvar(0);
hash1(ID, Q, PK_pub, (*params).p, h_1_big);
// 计算d = r + msk * h_1 mod p
big tmp = mirvar(0);
multiply(msk, h_1_big, tmp);
add(r, tmp, d);
power(d, 1, (*params).p, d); // mod p
//计算h_1 * PK_pub
epoint *h1PK = epoint_init();
ecurve_mult(h_1_big, PK_pub, h1PK);
// 用d * P = Q - h2 * X + h1 * PK_pub验证一下(d,Q)是否正确
// 点的减法 pa = pa - a Function: void ecurve_sub(p,pa)
epoint *left = epoint_init();
ecurve_mult(d, (*params).P, left);
epoint *right = epoint_init();
ecurve_add(Q, right);
ecurve_sub(h2X, right);
ecurve_add(h1PK, right);
bool bRv = false;
if (epoint_comp(left, right))
{
bRv = true;
}
else
{
bRv = false;
}
mirkill(r);
mirkill(h_1_big);
mirkill(h_2_big);
mirkill(tmp);
epoint_free(R_A);
epoint_free(left);
epoint_free(right);
epoint_free(h1PK);
epoint_free(h2X);
return bRv;
}

19
kgc.h Normal file
View File

@ -0,0 +1,19 @@
#ifndef __KGC_H__
#define __KGC_H__
#include "ecurve.h"
void genKGCkey(ECC_PARAMS *params, big msk, epoint *PK_pub);
bool genPPK_std(
ECC_PARAMS *params,
big msk,
epoint *PK_pub,
char ID[],
big d,
epoint *Q,
epoint *X
);
#endif

BIN
miracl/.DS_Store vendored Normal file
View File

Binary file not shown.

104
miracl/CMakeLists.txt Normal file
View File

@ -0,0 +1,104 @@
cmake_minimum_required(VERSION 3.21)
project(Miracl)
include(GNUInstallDirs)
set(SOURCE_FILES source/mrcore.c source/mrarth0.c source/mrarth1.c
source/mrarth2.c source/mralloc.c source/mrsmall.c source/mrio1.c
source/mrio2.c source/mrgcd.c source/mrjack.c source/mrxgcd.c
source/mrarth3.c source/mrbits.c source/mrrand.c source/mrprime.c
source/mrcrt.c source/mrscrt.c source/mrmonty.c source/mrpower.c
source/mrsroot.c source/mrcurve.c source/mrfast.c source/mrshs.c
source/mrshs256.c source/mrshs512.c source/mrsha3.c source/mrfpe.c
source/mraes.c source/mrgcm.c source/mrlucas.c source/mrzzn2.c
source/mrzzn2b.c source/mrzzn3.c source/mrzzn4.c source/mrecn2.c
source/mrstrong.c source/mrbrick.c source/mrebrick.c source/mrec2m.c
source/mrgf2m.c source/mrflash.c source/mrfrnd.c source/mrdouble.c
source/mrround.c source/mrbuild.c source/mrflsh1.c source/mrpi.c
source/mrflsh2.c source/mrflsh3.c source/mrflsh4.c)
if(CMAKE_SIZEOF_VOID_P EQUAL 8) # X64 or aarch64
message(STATUS "MIRACL: 64-bit build")
set(MIRDEF_SUFFIX "h64")
if(MSVC)
set(MRMULDV_SUFFIX "w64")
set(DIR_FLAG "win64")
elseif(MINGW)
set(MIRDEF_SUFFIX "mgwn")
set(DIR_FLAG "win64")
set(MRMULDV_SUFFIX "g64")
else()
if(APPLE)
set(DIR_FLAG "macOS")
set(CMAKE_OSX_ARCHITECTURES "x86_64" CACHE STRING "" FORCE)
elseif(WIN32)
set(DIR_FLAG "win64")
else()
set(DIR_FLAG "linux64")
endif()
set(MRMULDV_SUFFIX "g64")
endif()
else()
message(STATUS "MIRACL: 32-bit build")
set(MIRDEF_SUFFIX "h32")
if(MSVC)
set(MRMULDV_SUFFIX "c")
set(DIR_FLAG "win32")
else()
if(APPLE)
set(DIR_FLAG "OSX")
set(CMAKE_OSX_ARCHITECTURES "x86_64" CACHE STRING "" FORCE)
elseif(WIN32)
set(DIR_FLAG "win32")
else()
set(DIR_FLAG "linux32")
endif()
set(MRMULDV_SUFFIX "gcc")
endif()
endif()
file(GLOB HEADER_FILES RELATIVE ${CMAKE_CURRENT_SOURCE_DIR}/include include/*.h)
foreach(HEADER_FILE ${HEADER_FILES})
file(COPY ${CMAKE_CURRENT_SOURCE_DIR}/include/${HEADER_FILE} DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/${DIR_FLAG}/include)
list(APPEND SOURCE_FILES ${CMAKE_CURRENT_BINARY_DIR}/${DIR_FLAG}/include/${HEADER_FILE})
endforeach()
file(COPY "${CMAKE_CURRENT_SOURCE_DIR}/include/mirdef.${MIRDEF_SUFFIX}"
DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/${DIR_FLAG}/include)
file(RENAME ${CMAKE_CURRENT_BINARY_DIR}/${DIR_FLAG}/include/mirdef.${MIRDEF_SUFFIX}
${CMAKE_CURRENT_BINARY_DIR}/${DIR_FLAG}/include/mirdef.h)
list(APPEND SOURCE_FILES "${CMAKE_CURRENT_BINARY_DIR}/${DIR_FLAG}/include/mirdef.h")
file(COPY "${CMAKE_CURRENT_SOURCE_DIR}/source/mrmuldv.${MRMULDV_SUFFIX}"
DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/${DIR_FLAG}/source)
file(RENAME ${CMAKE_CURRENT_BINARY_DIR}/${DIR_FLAG}/source/mrmuldv.${MRMULDV_SUFFIX}
${CMAKE_CURRENT_BINARY_DIR}/${DIR_FLAG}/source/mrmuldv.c)
list(APPEND SOURCE_FILES "${CMAKE_CURRENT_BINARY_DIR}/${DIR_FLAG}/source/mrmuldv.c")
#
add_library(${PROJECT_NAME} STATIC ${SOURCE_FILES})
target_include_directories(${PROJECT_NAME} PUBLIC
    ${CMAKE_CURRENT_BINARY_DIR}/${DIR_FLAG}/include
)
if(MIRACL_INSTALL_BINDIR)
set(CMAKE_INSTALL_BINDIR ${MIRACL_INSTALL_BINDIR})
endif()
if(MIRACL_INSTALL_LIBDIR)
set(CMAKE_INSTALL_LIBDIR ${MIRACL_INSTALL_LIBDIR})
endif()
if(MIRACL_INSTALL_INCLUDEDIR)
set(CMAKE_INSTALL_INCLUDEDIR ${MIRACL_INSTALL_INCLUDEDIR})
endif()
install(TARGETS ${PROJECT_NAME}
RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}
ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}
)
file(GLOB HEADER_FILES ${CMAKE_CURRENT_BINARY_DIR}/${DIR_FLAG}/include/*.h)
install(FILES ${HEADER_FILES} DESTINATION ${CMAKE_INSTALL_INCLUDEDIR})

72
miracl/README.md Normal file
View File

@ -0,0 +1,72 @@
MIRACL
======
What is MIRACL?
Multiprecision Integer and Rational Arithmetic Cryptographic Library the MIRACL Crypto SDK is a C software library that is widely regarded by developers as the gold standard open source SDK for elliptic curve cryptography (ECC).
Why is it different?
While many other cryptographic SDKs are focused on PC use, MIRACL also enables developers to build security into highly constrained environments, including embedded, mobile apps and SCADA.
Full documentation can be accessed here:
<ul type="disc">
<li><a href="docs/miracl-user-manual/">About the MIRACL Crypto SDK: Introduction to installation</li>
<li><a href="docs/miracl-explained/">MIRACL Explained: Licensing and reference manual</a></li>
</ul>
<h2>MIRACL enables</h2>
<ul type="disc">
<li>Reduced program code</li>
<li>Greatly simplified program development</li>
<li>Developer-designed APIs</li>
<li>Rapid implementation, using inline code wrappers, example programs and other innovations</li>
</ul>
These unique qualities are the reason MIRACL, and the solutions and services built using it, are in use in hundreds of organizations across the world, including BAE Systems, Hitachi, Intel, Panasonic, Toyota and many others.
<h2>Features and Benefits: why MIRACL is the right choice</h2>
MIRACL delivers a wide and unique range of benefits, enabling developers to secure even the most constrained environments quickly, easily and effectively. It features, amongst others:
<ul type="disc">
<li>An inline C++ wrapper greatly simplifying program development</li>
<li>Over 25 example programs in C and C++, covering a wide range of applications, to give development a head start</li>
<li>Optimization of both embedded processors and RAM, to help developers overcome device and memory constraints</li>
<li>Compatibility with industry security technologies including AES encryption, RSA public key cryptography, Diffie-Hellman key exchange, DSA digital signature, and others</li>
<li>A set of tools that enable any new number-theoretic technique to be implemented quickly</li>
</ul>
The MIRACL library consists of well over 100 routines that cover all aspects of multi-precision arithmetic. Two new data-types are defined - big for large integers and flash (short for floating-slash) for large rational numbers. The large integer routines are based on Knuths algorithms, described in Chapter 4 of his classic work The Art of Computer Programming. Floating-slash arithmetic, which works with rounded fractions, was originally proposed by D. Matula and P. Kornerup. All routines have been thoroughly optimised for speed and efficiency, while at the same time remaining standard, portable C. However optional fast assembly language alternatives for certain time-critical routines are also included, particularly for the popular Intel 80x86 range of processors. A C++ interface is also provided. Full source code is included.
<h2>Bug Tracker</h2>
MIRACL Ltd. uses JIRA for bug and feature tracking which is integrated with our development system.   If you find a bug, you should report bugs into the <a href="https://sdlc.certivox.com/browse/MIRACL">MIRACL bug tracker&nbsp;</a>.  You can check that the bug hasn't already been reported by searching for it. If you find the bug already reported, you can add a comment of your own about it, or change its status to &quot;Confirmed&quot;. If the bug hasn't been reported, you can file a new bug report.</p>
<h2>Community</h2>
MIRACL Ltd. is most of all a community of like-minded information security professionals who believe that cryptography is a necessary tool to advance individual freedom and safeguard privacy. MIRACL Ltd. acts on that belief by providing tools that can be used to secure information, guard privacy and advance individual freedom.<br />
Anyone who uses MIRACL Ltd. code or services is part of this global community, and we invite you to help shape MIRACL to better meet your needs. To make it yours!<br />
Keep track of development and community news.</p>
<ul type="disc">
<li>Follow @MIRACL on <a href="https://twitter.com/MIRACL">https://twitter.com/MIRACL</a></li>
<li>Read our <a href="https://miracl.com/crypto-research-with-miracl-labs/">blog </a> for the latest security and crypto news first </li>
<li>Have a question that's not a feature request or bug report? <u><a href="https://miracl.com/contact-miracl/">Contact Us.</a></u></li>
</ul>
<h2>Contributing:</h2>
MIRACL Ltd. provides an Open Source suite of solutions for data security.  The MIRACL Ltd. team firmly believes that our solutions and the organizations and users who benefit by them all derive value from active contributions from the community.<br />
You can contribute to help shape and improve our MIRACL Ltd. products.  If you have ideas and suggestions on new features and improvements that you would like to see and help bring to MIRACL Ltd., please fork the public available code on GitHub.
<h2>Authors:</strong></h2>
<strong>MIRACL Ltd.</strong></p>
<ul>
<li><a href="https://miracl.com/">https://miracl.com/</a></li>
<li><a href="https://github.com/miracl">https://github.com/miracl</a></li>
<li><a href="https://twitter.com/MIRACL">https://twitter.com/miracl</a></li>
<li><a href="https://www.linkedin.com/company/miracl/">https://www.linkedin.com/company/miracl/</a></li>
</ul>
<h2>Copyright and License:</strong></h2>
<p>© 2018 MIRACL UK Ltd., All Rights Reserved.</p>
<p>MIRACL SDK provides developers with an extensive and efficient set of cryptographic functions. For further information about its features and functionalities please refer to https://miracl.com.</p>
<p>MIRACL SDK is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.</p>
<p>MIRACL SDK is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.</p>
<p>You can be released from the requirements of the license by purchasing a commercial license. Buying such a license is mandatory as soon as you develop commercial activities involving MIRACL without disclosing the source code of your own applications, or shipping MIRACL with a closed source product.</P>
<p>For full details regarding our MIRACL Ltd. terms of service please refer to the following links:</p>
<ul>
<li><a href="https://miracl.com/privacy-policy/">Privacy Policy</a></li>
<li><a href="https://miracl.com/gdpr-privacy-policy/">GDPR Data Protection Policy</a></li>
</ul>

22
miracl/aesgcm.txt Normal file
View File

@ -0,0 +1,22 @@
There is a new simple implementation of the AES-GCM Encryption/Authentication mode.
See new module mrgcm.c
To test uncomment example program at the bottom of mrgcm.c and link with mraes.c
This version is not the fastest possible, but it does use only
a small amount of memory. Only 2k bytes of RAM are required for
precomputed tables.
Some restrictions..
1. Only for use with AES
2. 96-bit IV only supported
3. Returned tag is always 128-bits. Truncate at your own risk.
4. The order of function calls must follow some rules
Typical sequence of calls..
1. call gcm_init
2. call gcm_add_header any number of times, as long as length of header is multiple of 16 bytes (block size)
3. call gcm_add_header one last time with any length of header
4. call gcm_add_cipher any number of times, as long as length of cipher/plaintext is multiple of 16 bytes
5. call gcm_add_cipher one last time with any length of cipher/plaintext
6. call gcm_finish to extract the tag.
See full description at http://www.mindspring.com/~dmcgrew/gcm-nist-6.pdf

187
miracl/amd64.txt Normal file
View File

@ -0,0 +1,187 @@
AMD64 processor now fully supported using Intel GCC Compiler
Use a header file like
#define MR_LITTLE_ENDIAN
#define MIRACL 64
#define mr_utype long
#define MR_IBITS 32
#define MR_LBITS 64
#define mr_unsign32 unsigned int
#define mr_unsign64 unsigned long
#define MR_FLASH 52
#define MAXBASE ((mr_small)1<<(MIRACL-1))
#define BITSINCHAR 8
and use assembly language file mrmuldv.s64
Note that the above header file assumes an LP64-compatible compiler.
For an LLP64 compiler, change mr_utype to a 64-bit "long long" or __int64
To build the miracl library, extract below into a file "amd64" and execute
bash amd64
-------------------------------
rm miracl.a
gcc -c -m64 -O2 mrcore.c
gcc -c -m64 -O2 mrarth0.c
gcc -c -m64 -O2 mrarth1.c
gcc -c -m64 -O2 mrarth2.c
gcc -c -m64 -O2 mralloc.c
gcc -c -m64 -O2 mrsmall.c
gcc -c -m64 -O2 mrio1.c
gcc -c -m64 -O2 mrio2.c
gcc -c -m64 -O2 mrgcd.c
gcc -c -m64 -O2 mrjack.c
gcc -c -m64 -O2 mrxgcd.c
gcc -c -m64 -O2 mrarth3.c
gcc -c -m64 -O2 mrbits.c
gcc -c -m64 -O2 mrrand.c
gcc -c -m64 -O2 mrprime.c
gcc -c -m64 -O2 mrcrt.c
gcc -c -m64 -O2 mrscrt.c
gcc -c -m64 -O2 mrmonty.c
gcc -c -m64 -O2 mrpower.c
gcc -c -m64 -O2 mrsroot.c
gcc -c -m64 -O2 mrcurve.c
gcc -c -m64 -O2 mrfast.c
gcc -c -m64 -O2 mrshs.c
gcc -c -m64 -O2 mrshs256.c
gcc -c -m64 -O2 mrshs512.c
gcc -c -m64 -O2 mrsha3.c
gcc -c -m64 -O2 mrfpe.c
gcc -c -m64 -O2 mraes.c
gcc -c -m64 -O2 mrgcm.c
gcc -c -m64 -O2 mrlucas.c
gcc -c -m64 -O2 mrzzn2.c
gcc -c -m64 -O2 mrzzn2b.c
gcc -c -m64 -O2 mrzzn3.c
gcc -c -m64 -O2 mrzzn4.c
gcc -c -m64 -O2 mrecn2.c
gcc -c -m64 -O2 mrstrong.c
gcc -c -m64 -O2 mrbrick.c
gcc -c -m64 -O2 mrebrick.c
gcc -c -m64 -O2 mrec2m.c
gcc -c -m64 -O2 mrgf2m.c
gcc -c -m64 -O2 mrflash.c
gcc -c -m64 -O2 mrfrnd.c
gcc -c -m64 -O2 mrdouble.c
gcc -c -m64 -O2 mrround.c
gcc -c -m64 -O2 mrbuild.c
gcc -c -m64 -O2 mrflsh1.c
gcc -c -m64 -O2 mrpi.c
gcc -c -m64 -O2 mrflsh2.c
gcc -c -m64 -O2 mrflsh3.c
gcc -c -m64 -O2 mrflsh4.c
cp mrmuldv.g64 mrmuldv.c
gcc -c -m64 -O2 mrmuldv.c
ar rc miracl.a mrcore.o mrarth0.o mrarth1.o mrarth2.o mralloc.o mrsmall.o mrzzn2.o mrzzn3.o
ar r miracl.a mrio1.o mrio2.o mrjack.o mrgcd.o mrxgcd.o mrarth3.o mrbits.o mrecn2.o mrzzn4.o
ar r miracl.a mrrand.o mrprime.o mrcrt.o mrscrt.o mrmonty.o mrcurve.o mrsroot.o mrzzn2b.o
ar r miracl.a mrpower.o mrfast.o mrshs.o mrshs256.o mraes.o mrlucas.o mrstrong.o mrgcm.o
ar r miracl.a mrflash.o mrfrnd.o mrdouble.o mrround.o mrbuild.o
ar r miracl.a mrflsh1.o mrpi.o mrflsh2.o mrflsh3.o mrflsh4.o
ar r miracl.a mrbrick.o mrebrick.o mrec2m.o mrgf2m.o mrmuldv.o mrshs512.o mrsha3.o mrfpe.o
gcc -I. -O2 factor.c miracl.a -lm -o factor
rm mr*.o
----------------------------------------------------
There is also a macro file amd64.mcs - see kcmcomba.txt and makemcs.txt
For example use the following to build a very fast version of ake12t.cpp
( But first change
Miracl precision(8,0);
to
Miracl precision(4,0);
And execute
mex 4 amd64 mrcomba
to create the module mrcomba.c )
/*
AMD64 mirdef.h file
optimized for a 256 (=4x64) bit modulus, using COMBA method
*/
#define MR_LITTLE_ENDIAN
#define MIRACL 64
#define mr_utype long
#define MR_IBITS 32
#define MR_LBITS 64
#define mr_unsign32 unsigned int
#define mr_unsign64 unsigned long
#define MR_ALWAYS_BINARY
#define MAXBASE ((mr_small)1<<(MIRACL-1))
#define MR_BITSINCHAR 8
#define MR_COMBA 4
rm *.exe
rm *.lib
rm miracl.a
gcc -I. -c -O2 mrcore.c
gcc -I. -c -O2 mrarth0.c
gcc -I. -c -O2 mrarth1.c
gcc -I. -c -O2 mrarth2.c
gcc -I. -c -O2 mralloc.c
gcc -I. -c -O2 mrsmall.c
gcc -I. -c -O2 mrio1.c
gcc -I. -c -O2 mrio2.c
gcc -I. -c -O2 mrgcd.c
gcc -I. -c -O2 mrjack.c
gcc -I. -c -O2 mrxgcd.c
gcc -I. -c -O2 mrarth3.c
gcc -I. -c -O2 mrbits.c
gcc -I. -c -O2 mrrand.c
gcc -I. -c -O2 mrprime.c
gcc -I. -c -O2 mrcrt.c
gcc -I. -c -O2 mrscrt.c
gcc -I. -c -O2 mrmonty.c
gcc -I. -c -O2 mrpower.c
gcc -I. -c -O2 mrsroot.c
gcc -I. -c -O2 mrcurve.c
gcc -I. -c -O2 mrfast.c
gcc -I. -c -O2 mrshs.c
gcc -I. -c -O2 mrshs256.c
gcc -I. -c -O2 mrshs512.c
gcc -I. -c -O2 mraes.c
gcc -I. -c -O2 mrgcm.c
gcc -I. -c -O2 mrlucas.c
gcc -I. -c -O2 mrzzn2.c
gcc -I. -c -O2 mrstrong.c
gcc -I. -c -O2 mrbrick.c
gcc -I. -c -O2 mrebrick.c
gcc -I. -c -O2 mrec2m.c
gcc -I. -c -O2 mrgf2m.c
gcc -I. -c -O2 mrecn2.c
gcc -I. -c -O2 mrzzn4.c
gcc -I. -c -O2 mrzzn2b.c
gcc -I. -c -O2 mrcomba.c
as mrmuldv.s64 -o mrmuldv.o
ar rc miracl.a mrcore.o mrarth0.o mrarth1.o mrarth2.o mralloc.o mrsmall.o mrzzn2.o
ar r miracl.a mrio1.o mrio2.o mrjack.o mrgcd.o mrxgcd.o mrarth3.o mrbits.o mrgcm.o
ar r miracl.a mrrand.o mrprime.o mrcrt.o mrscrt.o mrmonty.o mrcurve.o mrsroot.o
ar r miracl.a mrpower.o mrfast.o mrshs.o mrshs256.o mraes.o mrlucas.o mrstrong.o
ar r miracl.a mrbrick.o mrebrick.o mrec2m.o mrgf2m.o mrmuldv.o mrshs512.o mrcomba.o
ar r miracl.a mrecn2.o mrzzn4.o mrzzn2b.o
rm mr*.o
g++ -I. -c -O2 -DZZNS=4 zzn.cpp
g++ -I. -c -O2 -DZZNS=4 big.cpp
g++ -I. -c -O2 -DZZNS=4 zzn12a.cpp
g++ -I. -c -O2 -DZZNS=4 zzn4.cpp
g++ -I. -c -O2 -DZZNS=4 zzn2.cpp
g++ -I. -c -O2 -DZZNS=4 ecn2.cpp
g++ -I. -c -O2 -DZZNS=4 ecn.cpp
g++ -I. -O2 -DZZNS=4 ake12bnx.cpp zzn12a.o zzn4.o zzn2.o ecn2.o ecn.o zzn.o big.o miracl.a -o ake12bnx

219
miracl/arm.txt Normal file
View File

@ -0,0 +1,219 @@
If developing for the ARM, or indeed any other new processor, you should
first build a C-only library.
For the ARM, this mirdef.h header would be appropriate for an integer-
only build of the library.
--------------------------------------
/*
* MIRACL compiler/hardware definitions - mirdef.h
*/
#define MIRACL 32
#define MR_LITTLE_ENDIAN
/* or possibly
#define MR_BIG_ENDIAN
*/
#define mr_utype int
#define MR_IBITS 32
#define MR_LBITS 32
#define mr_dltype long long
#define mr_unsign32 unsigned int
#define mr_unsign64 unsigned long long
#define MAXBASE ((mr_small)1<<(MIRACL-1))
#define MR_NOASM
---------------------------------------------
Assuming that the mirdef.h, miracl.h and mr*.c files are all in the same
directory, then a suitable batch file for building a MIRACL library might
look like this:-
-------------------------------
armcc -I. -c -O2 mrcore.c
armcc -I. -c -O2 mrarth0.c
armcc -I. -c -O2 mrarth1.c
armcc -I. -c -O2 mrarth2.c
armcc -I. -c -O2 mralloc.c
armcc -I. -c -O2 mrsmall.c
armcc -I. -c -O2 mrio1.c
armcc -I. -c -O2 mrio2.c
armcc -I. -c -O2 mrgcd.c
armcc -I. -c -O2 mrjack.c
armcc -I. -c -O2 mrbits.c
armcc -I. -c -O2 mrxgcd.c
armcc -I. -c -O2 mrarth3.c
armcc -I. -c -O2 mrrand.c
armcc -I. -c -O2 mrprime.c
armcc -I. -c -O2 mrcrt.c
armcc -I. -c -O2 mrscrt.c
armcc -I. -c -O2 mrmonty.c
armcc -I. -c -O2 mrpower.c
armcc -I. -c -O2 mrsroot.c
armcc -I. -c -O2 mrcurve.c
armcc -I. -c -O2 mrfast.c
armcc -I. -c -O2 mrshs.c
armcc -I. -c -O2 mrshs256.c
armcc -I. -c -O2 mrshs512.c
armcc -I. -c -O2 mraes.c
armcc -I. -c -O2 mrgcm.c
armcc -I. -c -O2 mrlucas.c
armcc -I. -c -O2 mrstrong.c
armcc -I. -c -O2 mrbrick.c
armcc -I. -c -O2 mrebrick.c
armcc -I. -c -O2 mrgf2m.c
armcc -I. -c -O2 mrec2m.c
armcc -I. -c -O2 mrzzn2.c
armcc -I. -c -O2 mrzzn2b.c
armcc -I. -c -O2 mrzzn3.c
armcc -I. -c -O2 mrecn2.c
armar -rc miracl.a mrcore.o mrarth0.o mrarth1.o mrarth2.o mralloc.o mrsmall.o
armar -r miracl.a mrio1.o mrio2.o mrjack.o mrgcd.o mrxgcd.o mrarth3.o mrgcm.o
armar -r miracl.a mrrand.o mrprime.o mrcrt.o mrscrt.o mrmonty.o mrcurve.o
armar -r miracl.a mrfast.o mrshs.o mraes.o mrlucas.o mrstrong.o mrbrick.o
armar -r miracl.a mrebrick.o mrec2m.o mrgf2m.o mrpower.o mrsroot.o mrzzn2b.o
armar -r miracl.a mrshs256.o mrshs512.o mrbits.o mrzzn2.o mrzzn3.o mrecn2.o
del mr*.o
armcc -I. -c pk-demo.c
armlink pk-demo.o miracl.a -o pk-demo.axf
--------------------------------------------
This may be fast enough for you. If its not you can use the assembly language
macros provided in arm.mcs or gccarm.mcs for greater speed. See kcmcomba.txt.
For faster RSA and DH implementations replace the MR_NOASM definition with
MR_KCM n (where n is usually 4, 8 or 16 - experiment. n*MIRACL must divide the
modulus size in bits exactly, which it will for standard moduli of 1024 bit
for example). Compile and run the utility mex.c
c:\miracl>mex n arm mrkcm
(Yes its the same n). Rebuild the MIRACL library, but this time include the
modules mrkcm.c and mrmuldv.c (you can find the latter in mrmuldv.ccc This
standard C version will do.)
For fast GF(p) elliptic curves, replace MR_NOASM with MR_COMBA n. This time
32*n is exactly the size of p in bits (assuming 32-bit processor).
This approach is also optimal for 1024-bit RSA decryption using the Chinese
Remainder Theorem. Set n=16 (512=16*32)
c:\miracl>mex n arm mrcomba
Rebuild the MIRACL library, but this time include the modules mrcomba.c and
mrmuldv.c.
Still not fast enough? If the prime p is of a "special" form for an Elliptic
curve, define in mirdef.h MR_SPECIAL. Edit mrcomba.tpl to insert "special" code
for modular reduction - its quite easy and you will find examples there
already. Run mex as before, and rebuild MIRACL again.
See ecdhp32.c for a worked example.
For processors other than the ARM, the basic procedure is the same. A C-only
build is always possible. To go faster you will need to create a .mcs file
for your processor, and then you can proceed as above.
An alternative is to do a C-only build and then go in and optimise the
generated assembly language. The time-critical routines are usually
multiply() and redc() which can be found in mrarth2.c and mrmonty.c
This will probably not be as fast as the highly optimised approach outlined
above.
NOTE: There is a nasty ARM compiler bug in the version I am using. It can
cause problems, if for example using the C-only macros from c.mcs or c1.mcs
Use this program to illustrate the bug, or to see if your Compiler is
affected.
/* Short program to illustrate ARM compiler bug
works fine with -O0, gets wrong answer for -O1 and -O2 optimization
Answer should be 0xffffffff00000001 but it gets 0x1
*/
#include <stdio.h>
int main()
{
unsigned long long x;
unsigned long a,b;
a=0;
b=0xFFFFFFFF;
x=(unsigned long long)a-b;
printf("x= %llx\n",x);
return 0;
}
Another problem may arise with systems that do not fully support unsigned long
long arithmetic (you may be getting linker errors with names like __udivdi3
functions not found). In this case for a C only build delete the #define
MR_NOASM from mirdef.h and use the blakely-sloan versions of mrmuldiv and
mrmuldvm with the standard versions of mrmuldvd and mrmuldvd2 (from
mrmuldv.ccc) to create a file mrmuldv.c which should then be included in the
library. Also insert an #undef mr_dltype at the start of mrxgcd.c
If using GCC under winARM to build ARM application, try this example
/* Header mirdef.h */
#define MIRACL 32
#define MR_LITTLE_ENDIAN
#define mr_utype int
#define MR_IBITS 32
#define MR_LBITS 32
#define mr_dltype long long
#define mr_unsign32 unsigned int
#define mr_unsign64 unsigned long long
#define MAXBASE ((mr_small)1<<(MIRACL-1))
#define MR_COMBA 6
#define MR_STATIC 6
#define MR_ALWAYS_BINARY
#define MR_STRIPPED_DOWN
#define MR_GENERIC_MT
#define MR_SPECIAL
#define MR_NO_STANDARD_IO
#define MR_NO_FILE_IO
/* batch file */
mex 6 gccarm mrcomba
copy mrmuldv.ccc mrmuldv.c
arm-elf-gcc -I. -c -O2 mrcore.c
arm-elf-gcc -I. -c -O2 mrarth0.c
arm-elf-gcc -I. -c -O2 mrarth1.c
arm-elf-gcc -I. -c -O2 mrarth2.c
arm-elf-gcc -I. -c -O2 mrsmall.c
arm-elf-gcc -I. -c -O2 mrjack.c
arm-elf-gcc -I. -c -O2 mrbits.c
arm-elf-gcc -I. -c -O2 mrxgcd.c
arm-elf-gcc -I. -c -O2 mrmonty.c
arm-elf-gcc -I. -c -O2 mrsroot.c
arm-elf-gcc -I. -c -O2 mrcurve.c
arm-elf-gcc -I. -c -O2 mrlucas.c
arm-elf-gcc -I. -c -O2 mrebrick.c
arm-elf-gcc -I. -O2 -c mrcomba.c
arm-elf-gcc -I. -c -O2 mrmuldv.c
arm-elf-ar -rc miracl.a mrcore.o mrarth0.o mrarth1.o mrarth2.o mrsmall.o
arm-elf-ar -r miracl.a mrjack.o mrxgcd.o
arm-elf-ar -r miracl.a mrmonty.o mrcurve.o
arm-elf-ar -r miracl.a mrebrick.o mrsroot.o mrlucas.o
arm-elf-ar -r miracl.a mrbits.o mrcomba.o mrmuldv.o
del mr*.o
arm-elf-gcc -I. --debug -c ecdhp.c
arm-elf-ld ecdhp.o miracl.a libgcc.a -lc -lm -o ecdhp.axf

14
miracl/blackfin.txt Normal file
View File

@ -0,0 +1,14 @@
A good starting point with this processor is the example program ecdh2m.c
This runs "out-of-the-box", with no modifications required, on the
VisualDSP++ simulator. Takes about 17 Million clock cycles (release mode)
to complete both sides of a Diffie-Hellman key exchange using C-only code.
The Blackfin is a 16/32 bit processor. For GF(2^m) applications it is best
considered 32-bit, but over GF(p) it is probably best to consider it as a
16-bit processor.
There is a macro file blackfin.mcs which can be used to build the application
ecdhp16.c using VisualDSP++. Takes about 9 Million clock cycles to complete
both sides of a Diffie-Hellman key exchange.

40
miracl/borland.txt Normal file
View File

@ -0,0 +1,40 @@
You have just downloaded the "free" and excellent Borland Compiler from
www.borland.com, and you want to compile the MIRACL library and create some
applications. If so, read on....
If you have the TASM assembler (which is not free) then unzip all the MIRACL
files into one directory, read the comments at the start of bc32doit.bat
and if happy execute the batch file. Some example commands to build some
representative applications are at the end of the batch file.
If you don't have TASM then you can still build a C-only library (which will
be slower). Proceed as follows..
1. Unzip MIRACL into a single directory - do not tick the Use Folder Names
box if using WinZip
2. Use this header for mirdef.h. Note that Borland now supports a 64-bit data
type called __int64 (compatible with Microsoft C)
#define MIRACL 32
#define MR_LITTLE_ENDIAN
#define mr_utype int
#define MR_IBITS 32
#define MR_LBITS 32
#define mr_unsign32 unsigned int
#define mr_dltype __int64
#define mr_unsign64 unsigned __int64
#define MR_NOASM
#define MR_FLASH 52
#define MAXBASE ((mr_small)1<<(MIRACL-1))
3. Copy all the miracl header files into the directory where Borland C
puts its standard headers. This may be c:\borland\bcc55\include
4. Edit bc32doit.bat. Read the comments at the start. Remove all -B compiler
flags (these invoke TASM, and you haven't got TASM).
Delete all references to mrmuldv.c
5. Run the batch file.

1086
miracl/config.c Normal file
View File

File diff suppressed because it is too large Load Diff

9
miracl/cpp.txt Normal file
View File

@ -0,0 +1,9 @@
Although MIRACL is a C library, it can also be built as an entirely C++ library.
This can be quite convenient for general purpose use. Some of the common
C++ modules like big.cpp can now be included into the library.
On 64-bit Windows using Microsoft C++, build using the batch file ms64doit_cpp.bat
On 64-bit Linux build using "bash linux64_cpp"
The same approach can be adopted on other platforms.

22
miracl/cygwin.txt Normal file
View File

@ -0,0 +1,22 @@
It is quite easy to build MIRACL to work with Cygwin.
Basically follow the intructions in linux.txt, except first
(1) Copy mrmuldv.gcc to mrmuldv.c, and
(2) Change the file linux to replace the line
as mrmuldv.s -o mrmuldv.o
with the line
gcc -O2 -c mrmuldv.c
Then build the library and applications as usual with
$bash linux
(Make sure that the file "linux" has the correct Unix file format
for CR/LF - not Windows format)

96
miracl/devcpp.txt Normal file
View File

@ -0,0 +1,96 @@
To build an example application using the Dev-CPP development tool on a PC
Use this mirdef.h
/*
* MIRACL compiler/hardware definitions - mirdef.h
*/
#define MR_LITTLE_ENDIAN
#define MIRACL 32
#define mr_utype int
#define MR_IBITS 32
#define MR_LBITS 32
#define mr_unsign32 unsigned int
#define mr_dltype long long
#define mr_unsign64 unsigned long long
#define MR_NOASM
#define MR_FLASH 52
#define MR_ALWAYS_BINARY
#define MAXBASE ((mr_small)1<<(MIRACL-1))
#define MR_BITSINCHAR 8
Create a "Static Library" C project called miracl, and "Add to Project" this
mirdef.h, miracl.h, and all of these files
mrcore.c
mrarth0.c
mrarth1.c
mrarth2.c
mrsmall.c
mrio1.c
mrio2.c
mrgcd.c
mrjack.c
mrxgcd.c
mrarth3.c
mrbits.c
mrrand.c
mrprime.c
mrcrt.c
mrscrt.c
mrmonty.c
mrpower.c
mrsroot.c
mrlucas.c
mrshs.c
mrshs256.c
mraes.c
mrgcm.c
mrstrong.c
mrcurve.c
mrbrick.c
mrebrick.c
mrzzn2.c
mrzzn2b.c
mrzzn3.c
mrecn2.c
mrfast.c
mralloc.c
mrshs512.c
mrflash.c
mrfrnd.c
mrdouble.c
mrround.c
mrbuild.c
mrflsh1.c
mrpi.c
mrflsh2.c
mrflsh3.c
mrflsh4.c
mrec2m.c
mrgf2m.c
Compile this project to create the static library file miracl.a
Close this project, and open a new C++ console application called demo.
Remove the default main program main.cpp from the project, and "Add to Project" the files
big.h
big.cpp
ecn.h
ecn.cpp
pk-demo.cpp
Now click on "Project Options", and click on the "Parameters" Tab.
Then click on "Add Library or Object", and find the miracl.a file created earlier.
Now compile and run the program. One problem - it runs very fast and then exits. So
edit pk-demo.cpp and and just before the final "return 0;" statement add the line "cin >> ia;"
Now try again...

BIN
miracl/docs/.DS_Store vendored Normal file
View File

Binary file not shown.

8
miracl/docs/README.md Normal file
View File

@ -0,0 +1,8 @@
Crypto Library overview
---
Multiprecision Integer and Rational Arithmetic C Library (MIRACL) the MIRACL Crypto SDK is a C software library that is widely regarded by developers as the gold standard open source SDK for elliptic curve cryptography (ECC).
The MIRACL library consists of well over 100 routines that cover all aspects of multi-precision arithmetic. Two new data-types are defined - big for large integers and flash (short for floating-slash) for large rational numbers. The large integer routines are based on Knuths algorithms, described in Chapter 4 of his classic work The Art of Computer Programming. Floating-slash arithmetic, which works with rounded fractions, was originally proposed by D. Matula and P. Kornerup.
All routines have been thoroughly optimised for speed and efficiency, while at the same time remaining standard, portable C. However optional fast assembly language alternatives for certain time-critical routines are also included, particularly for the popular Intel 80x86 range of processors. A C++ interface is also provided along with full source code.

67
miracl/docs/miracl-explained/README.md Normal file
View File

@ -0,0 +1,67 @@
* What Is Miracl
* [Security Advisory](security-advisory.md)
* [Benchmarks](benchmarks.md)
* [Miracl Standard Curves](miracl-standard-curves.md)
* [IEEE 1363](ieee-1363.md)
* [Elliptic Curves](elliptic-curves.md)
* [Licensing](licensing.md)
* Reference Manual
* [Low Level Routines](reference-manual/low-level-routines.md)
* [Advanced Arithmetic Routines](reference-manual/advanced-arithmetic-routines.md)
* [Montgomery Arithmetic Routines](reference-manual/montgomery-arithmetic-routines.md)
* [ZZn2 Arithmetic Routines](reference-manual/zzn2-arithmetic-routines.md)
* [Encryption Routines](reference-manual/encryption-routines.md)
* [Elliptic Curve Routines](reference-manual/elliptic-curve-routines.md)
* [Floating Slash Routines](reference-manual/floating-slash-routines.md)
* [Structure Reference](reference-manual/structure-reference.md)
What is Miracl?
---
![Miracl Logo](images/miracl.png)
Multiprecision Integer and Rational Arithmetic C Library the MIRACL Crypto SDK is a C software library that is widely regarded by developers as the golden standard open source SDK for elliptic curve cryptography (ECC).
Device or memory constraints? No problem. While there are many libraries that support Cryptography on a PC, MIRACL does more by securing embedded-devices and mobile smart devices like no other SDK in the global market today. For developers who have found other cryptographic libraries ill suited for these constrained platforms, MIRACL is your answer. MIRACL has support for even the most constrained environments imaginable. In this mode of operation, all memory can be allocated exclusively from the stack so that no fragmenting of precious RAM resources is required. New configuration options further reduce the amount of program code.
MIRACL is particularly adept at methods based on Elliptic Curves, and the new paradigm of Pairing-Based Cryptography.
MIRACL is easy to use, and includes an inline C++ wrapper, which greatly simplifies program development. MIRACL comes with multiple example programs (25+ of them) that cover a wide range of applications, and most are provided in both C and C++ versions.
MIRACL's special purpose macro assembler feature facilitates the achievement of best possible performance from your embedded processor with an automatically generated Assembly Language engine. Use your compiler to compile and run a simple configuration program, which proceeds with user interaction to generate optimal settings for your environment.
AES encryption, RSA public key cryptography, Diffie-Hellman Key exchange and DSA digital signature are all just a few procedure calls away. MIRACL is the gold standard for Elliptic Curve Cryptography over GF(p) and GF(2m) and supports even more esoteric Elliptic Curves and Lucas function based schemes.
Unlike other Cryptographic libraries, MIRACL does not merely provide an opaque interface to a pre-determined set of cryptographic methods, but rather a set of tools that enable any new number-theoretic technique to be implemented quickly so that you, the developer, is free to design your own cryptographic API.
MIRACL comes with a secure channel to connect with the CertiVox Key Management Service out of the box, so your application can get the enhanced security agility of on-board key management right from the get go. Download MIRACL, learn the code or talk to a solution specialist today to make the most of your MIRACL.
And yes, MIRACL supports mainframes, too! (Is that really such a big deal?)
## Why is it different?
While many other cryptographic SDKs are focused on PC use, MIRACL also enables developers to build security into highly constrained environments, including embedded, mobile apps and SCADA.
## MIRACL enables:
- reduced program code
- greatly simplified program development
- developer-designed APIs
- rapid implementation, using inline code wrappers, example programs and other innovations.
These unique qualities are the reason MIRACL, and the solutions and services built using it, are in use in hundreds of organisations across the world, including BAE Systems, Hitachi, Intel, Panasonic, Toyota and many others.
## Features and Benefits: why MIRACL is the right choice
MIRACL delivers a wide and unique range of benefits, enabling developers to secure even the most constrained environments quickly, easily and effectively. It features, amongst others:
- an inline C++ wrapper greatly simplifying program development
- over 25 example programs in C and C++, covering a wide range of applications, to give development a head start
- optimization of both embedded processors and RAM, to help developers overcome device and memory constraints
- compatibility with industry security technologies including AES encryption, RSA public key cryptography, Diffie-Hellman key exchange, DSA digital signature, and others
- a set of tools that enable any new number-theoretic technique to be implemented quickly.
MIRACL also supports a wide range of platforms, including, among others:
![Logos](images/logos.png)

472
miracl/docs/miracl-explained/benchmarks.md Normal file
View File

@ -0,0 +1,472 @@
* [What Is Miracl](README.md)
* [Security Advisory](security-advisory.md)
* Benchmarks
* [Miracl Standard Curves](miracl-standard-curves.md)
* [IEEE 1363](ieee-1363.md)
* [Elliptic Curves](elliptic-curves.md)
* [Licensing](licensing.md)
* Reference Manual
* [Low Level Routines](reference-manual/low-level-routines.md)
* [Advanced Arithmetic Routines](reference-manual/advanced-arithmetic-routines.md)
* [Montgomery Arithmetic Routines](reference-manual/montgomery-arithmetic-routines.md)
* [ZZn2 Arithmetic Routines](reference-manual/zzn2-arithmetic-routines.md)
* [Encryption Routines](reference-manual/encryption-routines.md)
* [Elliptic Curve Routines](reference-manual/elliptic-curve-routines.md)
* [Floating Slash Routines](reference-manual/floating-slash-routines.md)
* [Structure Reference](reference-manual/structure-reference.md)
Benchmarks
---
* [Overview](#overview)
* [Output of the BMARK Program](#output)
* [Elliptic Curve Point Multiplication](#curve)
* [Pairing-Based Crypto](#pairing)
## Overview <a id="overview"></a>
**Performance is the biggest single issue for implementors, and MIRACL allows a variety of techniques (algorithmic tricks and/or assembly language) to be used to squeeze maximum performance from a particular environment. So use MIRACL in your cryptographic API for a performance boost - you may not need that expensive Cryptographic accelerator!**
This diagram below shows timings for modular exponentiation, that is the calculation of xy mod n, for x, y and n all the same size in-bits - the size shown along the horizontal axis. The exponent y is chosen at random. This is the bottleneck calculation in many cryptographic protocols. Five different methods are implemented for the Intel 80x86/Pentium family. Timings on the horizontal axes are correct in seconds for 8192-bit exponentiation. For 4096-bits divide by 8, for 2048-bits divide by 8 again, etc. For a paper describing the methods in more details see [timings.doc](miracl-explained/timings.doc ':ignore').
The following timings were obtained using the Borland C/C++ Compiler/assembler, for modular exponentiation.
Times in milliseconds for optimal technique:
| | 512-bits | 1024-bits | 2048-bits | 4096-bits |
|--------------------|----------|-----------|-----------|-----------|
| 33MHz 80486DX | 370 | 2833 | 17833 | 111000 |
| 60MHz Pentium | 48 | 353 | 2452 | 18500 |
| 180MHz Pentium Pro | 12 | 90 | 564 | 3551 |
| 233MHz Pentium II | 10 | 80 | 510 | 3250 |
**On a 233 Mhz Pentium II - Best times (without precomputation)**
- A 1024-bit RSA decryption/signature takes 20ms. <sup>*</sup>
- A 2048-bit RSA decryption takes 160 ms. <sup>+</sup>
- A 1024-bit (160-bit exponent) DSS verification takes 16ms. <sup>+</sup>
- A 2048-bit (256-bit exponent) DSS verification takes 79ms <sup>+</sup>
- A 160-bit Elliptic Curve ECS verification takes 11 ms. <sup>*</sup>
- A 256-bit Elliptic Curve ECS verification takes 26ms. <sup>*</sup>
- A 192-bit Elliptic Curve ECS verification takes 9ms (NIST Standard Curve - Special Modulus) <sup>*</sup>
- A 224-bit Elliptic Curve ECS verification takes 13ms (NIST Standard Curve - Special Modulus) <sup>*</sup>
**On 80MHz ARM7TDMI - Best times (without precomputation)**
- A 1024-bit RSA decryption/signature takes 120ms <sup>*</sup>
- A 192-bit Elliptic Curve point multiplication takes 38ms (NIST Standard Curve - Special Modulus) <sup>*</sup>
- A 224-bit Elliptic Curve point multiplication takes 53ms (NIST Standard Curve - Special Modulus) <sup>*</sup>
MIRACL contains fast experimental implementations of [Identity-Based Encryption](http://crypto.stanford.edu/ibe/).
Timings include all number theoretic components of encrypt/decrypt processing. The most time-consuming component is the calculation of the Tate Pairing. The discrete logarithm-bit-length security of a pairing-based system is a function of the product of the _security multiplier k and the-bit length of the base field. In these cases k=2 and the base field is 512-bits, for 1024-bit security.
**On a 1GHz Pentium III**
- A 1024-bit IBE encrypt takes 35ms <sup>*</sup>
- A 1024-bit IBE decrypt takes 27ms <sup>*</sup>
- A 1024-bit IBE encrypt takes 22ms (with precomputation) <sup>*</sup>
- A 1024-bit IBE decrypt takes 17ms (with precomputation) <sup>*</sup>
- A 1024-bit Tate pairing takes 20ms <sup>*</sup>
- A 1024-bit Tate pairing takes 8.6ms (with precomputation) <sup>*</sup>
<sup>* - Using Comba Method for modular multiplication</sup><br />
<sup>+ - Using KCM Method for modular multiplication</sup>
## Output of the BMARK program <a id="output"></a>
Below is the output of the BMARK program, on a single core of a 2.4GHz Intel i5 520 processor, compiled with GCC, with standard /O2 compiler optimisation.
> This is for the standard version of MIRACL, with no special optimizations.
- MIRACL 64-bit version
- Little Endian processor
- Using some assembly language
- No special optimizations
- Precomputation uses fixed Window size = 8
- So 256 values are precomputed and stored
> No optimizations/assembly language apply to GF(2^m) Elliptic Curves.<br />Times are elapsed real-times - so make sure nothing else is running!
Modular exponentiation benchmarks calculating g^e mod p. From these figures it should be possible to roughly estimate the time required for your favourite PK algorithm, RSA, DSA, DH, etc.
**Key**
- R random base-bits/random exponent-bits
- V random base-bits/(small exponent e)
- S (small base g) /random exponent-bits
- P exponentiation with precomputation (fixed base g)
- D double exponentiation g^e.a^b mod p
- F3 = 257, F4 = 65537
- RSA - Rivest-Shamir-Adleman
- DH - Diffie Hellman Key exchange
- DSA - Digital Signature Algorithm
**512-bit prime**
- R - 54945 iterations of 512/ 160 0.18 ms per iteration
- D - 45015 iterations of 512/ 160 0.22 ms per iteration
- R - 18292 iterations of 512/ 512 0.55 ms per iteration
- S - 67125 iterations of g=3/ 160 0.15 ms per iteration
- P - 281436 iterations of 512/ 160 0.04 ms per iteration
**1024-bit RSA decryption**
1.09 ms
**512-bit DH 160-bit exponent**
- Offline, no precomputation 0.18 ms
- Offline, small base 0.15 ms
- Offline, w. precomputation 0.04 ms
- Online 0.18 ms
**512-bit DSA 160-bit exponent**
- Signature no precomputation 0.18 ms
- Signature w. precomputation 0.04 ms
- Verification 0.22 ms
**1024-bit prime**
- R - 17875 iterations of 1024/ 160 0.56 ms per iteration
- D - 14859 iterations of 1024/ 160 0.67 ms per iteration
- V - 1163058 iterations of 1024/e= 3 0.01 ms per iteration
- V - 154892 iterations of 1024/e=F4 0.06 ms per iteration
- S - 22799 iterations of g=3/ 160 0.44 ms per iteration
- P - 89730 iterations of 1024/ 160 0.11 ms per iteration
**2048-bit RSA decryption**
6.62 ms
**1024-bit RSA encryption e=3**
0.01 ms
**1024-bit RSA encryption e=65537**
0.06 ms
**1024-bit DH 160-bit exponent**
- Offline, no precomputation 0.56 ms
- Offline, small base 0.44 ms
- Offline, w. precomputation 0.11 ms
- Online 0.56 ms
**1024-bit DSA 160-bit exponent**
- Signature no precomputation 0.56 ms
- Signature w. precomputation 0.11 ms
- Verification 0.67 ms
**2048-bit prime**
- R - 2982 iterations of 2048/ 256 3.35 ms per iteration
- D - 2335 iterations of 2048/ 256 4.28 ms per iteration
- R - 398 iterations of 2048/2048 25.13 ms per iteration
- V - 366871 iterations of 2048/e= 3 0.03 ms per iteration
- V - 48125 iterations of 2048/e=F4 0.21 ms per iteration
- S - 4223 iterations of g=3/ 256 2.37 ms per iteration
- P - 15500 iterations of 2048/ 256 0.65 ms per iteration
**2048-bit RSA encryption e=3**
0.03 ms
**2048-bit RSA encryption e=65537**
0.21 ms
**2048-bit DH 256-bit exponent**
- Offline, no precomputation 3.35 ms
- Offline, small base 2.37 ms
- Offline, w. precomputation 0.65 ms
- Online 3.35 ms
**2048-bit DSA 256-bit exponent**
- Signature no precomputation 3.35 ms
- Signature w. precomputation 0.65 ms
- Verification 4.28 ms
## Elliptic Curve Point Multiplication <a id="curve"></a>
Elliptic Curve point multiplication benchmarks calculating r.P
From these figures it should be possible to roughly estimate the time required for your favourite EC PK algorithm, ECDSA, ECDH, etc.
**Key**
- ER - Elliptic Curve point multiplication r.P
- ED - Elliptic Curve double multiplication r.P + s.Q
- EP - Elliptic Curve multiplication with precomputation
- EC - Elliptic curve GF(p) - p of no special form
- ECDH - Diffie Hellman Key exchange
- ECDSA - Digital Signature Algorithm
**160-bit GF(p) Elliptic Curve**
- ER - 22280 iterations 0.45 ms per iteration
- ED - 17217 iterations 0.58 ms per iteration
- EP - 96332 iterations 0.10 ms per iteration
**160-bit ECDH**
- Offline, no precomputation 0.45 ms
- Offline, w. precomputation 0.10 ms
- Online 0.45 ms
**160-bit ECDSA**
- Signature no precomputation 0.45 ms
- Signature w. precomputation 0.10 ms
- Verification 0.58 ms
**192-bit GF(p) Elliptic Curve**
- ER - 17095 iterations 0.58 ms per iteration
- ED - 12936 iterations 0.77 ms per iteration
- EP - 74904 iterations 0.13 ms per iteration
**192-bit ECDH**
- Offline, no precomputation 0.58 ms
- Offline, w. precomputation 0.13 ms
- Online 0.58 ms
**192-bit ECDSA**
- Signature no precomputation 0.58 ms
- Signature w. precomputation 0.13 ms
- Verification 0.77 ms
**224-bit GF(p) Elliptic Curve**
- ER - 11832 iterations 0.85 ms per iteration
- ED - 9486 iterations 1.05 ms per iteration
- EP - 52869 iterations 0.19 ms per iteration
**224-bit ECDH**
- Offline, no precomputation 0.85 ms
- Offline, w. precomputation 0.19 ms
- Online 0.85 ms
**224-bit ECDSA**
- Signature no precomputation 0.85 ms
- Signature w. precomputation 0.19 ms
- Verification 1.05 ms
**256-bit GF(p) Elliptic Curve**
- ER - 9410 iterations 1.06 ms per iteration
- ED - 7124 iterations 1.40 ms per iteration
- EP - 41546 iterations 0.24 ms per iteration
**256-bit ECDH**
- Offline, no precomputation 1.06 ms
- Offline, w. precomputation 0.24 ms
- Online 1.06 ms
**256-bit ECDSA**
- Signature no precomputation 1.06 ms
- Signature w. precomputation 0.24 ms
- Verification 1.40 ms
**163-bit GF(2^m) Elliptic Curve**
- ER - 27160 iterations 0.37 ms per iteration
- ED - 20689 iterations 0.48 ms per iteration
- EP - 107712 iterations 0.09 ms per iteration
**163-bit ECDH**
- Offline, no precomputation 0.37 ms
- Offline, w. precomputation 0.09 ms
- Online 0.37 ms
**163-bit ECDSA**
- Signature no precomputation 0.37 ms
- Signature w. precomputation 0.09 ms
- Verification 0.48 ms
**163-bit GF(2^m) Koblitz Elliptic Curve**
- ER - 43413 iterations 0.23 ms per iteration
- ED - 23882 iterations 0.42 ms per iteration
- EP - 111239 iterations 0.09 ms per iteration
**163-bit ECDH**
- Offline, no precomputation 0.23 ms
- Offline, w. precomputation 0.09 ms
- Online 0.23 ms
**163-bit ECDSA**
- Signature no precomputation 0.23 ms
- Signature w. precomputation 0.09 ms
- Verification 0.42 ms
**233-bit GF(2^m) Elliptic Curve**
- ER - 16703 iterations 0.60 ms per iteration
- ED - 12460 iterations 0.80 ms per iteration
- EP - 62551 iterations 0.16 ms per iteration
**233-bit ECDH**
- Offline, no precomputation 0.60 ms
- Offline, w. precomputation 0.16 ms
- Online 0.60 ms
**233-bit ECDSA**
- Signature no precomputation 0.60 ms
- Signature w. precomputation 0.16 ms
- Verification 0.80 ms
**233-bit GF(2^m) Koblitz Elliptic Curve**
- ER - 27404 iterations 0.36 ms per iteration
- ED - 13872 iterations 0.72 ms per iteration
- EP - 62887 iterations 0.16 ms per iteration
**233-bit ECDH**
- Offline, no precomputation 0.36 ms
- Offline, w. precomputation 0.16 ms
- Online 0.36 ms
**233-bit ECDSA**
- Signature no precomputation 0.36 ms
- Signature w. precomputation 0.16 ms
- Verification 0.72 ms
**283-bit GF(2^m) Elliptic Curve**
- ER - 9870 iterations 1.01 ms per iteration
- ED - 7095 iterations 1.41 ms per iteration
- EP - 37435 iterations 0.27 ms per iteration
**283-bit ECDH**
- Offline, no precomputation 1.01 ms
- Offline, w. precomputation 0.27 ms
- Online 1.01 ms
**283-bit ECDSA**
- Signature no precomputation 1.01 ms
- Signature w. precomputation 0.27 ms
- Verification 1.41 ms
**283-bit GF(2^m) Koblitz Elliptic Curve**
- ER - 19687 iterations 0.51 ms per iteration
- ED - 8968 iterations 1.12 ms per iteration
- EP - 37505 iterations 0.27 ms per iteration
**283-bit ECDH**
- Offline, no precomputation 0.51 ms
- Offline, w. precomputation 0.27 ms
- Online 0.51 ms
**283-bit ECDSA**
- Signature no precomputation 0.51 ms
- Signature w. precomputation 0.27 ms
- Verification 1.12 ms
**571-bit GF(2^m) Elliptic Curve**
- ER - 2227 iterations 4.49 ms per iteration
- ED - 1504 iterations 6.65 ms per iteration
- EP - 8231 iterations 1.21 ms per iteration
**571-bit ECDH**
- Offline, no precomputation 4.49 ms
- Offline, w. precomputation 1.21 ms
- Online 4.49 ms
**571-bit ECDSA**
- Signature no precomputation 4.49 ms
- Signature w. precomputation 1.21 ms
- Verification 6.65 ms
**571-bit GF(2^m) Koblitz Elliptic Curve**
- ER - 5035 iterations 1.99 ms per iteration
- ED - 2242 iterations 4.46 ms per iteration
- EP - 8247 iterations 1.21 ms per iteration
**571-bit ECDH**
- Offline, no precomputation 1.99 ms
- Offline, w. precomputation 1.21 ms
- Online 1.99 ms
**571-bit ECDSA**
- Signature no precomputation 1.99 ms
- Signature w. precomputation 1.21 ms
- Verification 4.46 ms
## Pairing-Based Crypto <a id="pairing"></a>
Processor: 2.4 GHz Intel i5 520M.<br />
AES refers to equivalent AES-bits of security. For example 128-bits refers to AES with a 128-bit key.<br />
For G1, G2 and GT precomputation, 8-bit windows are used.<br />
All timings are in milli-seconds. Maximum optimization applied.<br />
"One More" refers to the cost of one more pairing in a multi-pairing. The (p) means that precomputation is used.<br />
**+Timings for Type-1 pairings G1 X G1 = GT+**
These pairing friendly curves are used, where _k_ is the embedding degree:
- SSP - Super-singular Curve over GF(_p_) (512-bit modulus _p_, _k_=2)
- SSP - Super-singular Curve over GF(_p_) (1536-bit modulus _p_, _k_=2)
- SS2 - Supersingular Curve over GF(2^_m_) (_m_=379, _k_=4)
- SS2 - Supersingular Curve over GF(2^_m_) (_m_=1223, _k_=4)
| AES/Curve | 80/SSP | 80/SS2 | 128/SSP | 128/SSP |
|--------------|--------|--------|---------|---------|
| G1 mul | 1.49 | 0.38 | 13.57 | 2.57 |
| G1 mul (p) | 0.30 | - | 3.01 | - |
| Pairing | 3.34 | 1.18 | 40.95 | 19.00 |
| Pairing (p) | 1.65 | - | 25.22 | - |
| GT pow | 0.36 | 0.29 | 3.76 | 2.09 |
| GT Pow (p) | 0.08 | - | 0.78 | - |
| One More | 2.29 | 1.01 | 20.80 | 17.80 |
| One More (p) | 0.60 | - | 5.31 | - |
**+Timings for Type-3 pairings G2 X G1 = GT+**
These pairing friendly curves are used, where _k_ is the embedding degree:
- CP - Cocks-Pinch Curve over GF(_p_) (512-bit modulus _p_, _k_=2)<br />
- MNT - MNT Curve over GF(_p_) (160-bit modulus _p_, _k_=6)<br />
- BN - Barreto-Naehrig Curve over GF(_p_) (256-bit modulus _p_, k=12)<br />
- KSS - Kachisa-Schaefer-Scott Curve over GF(_p_) (512-bit modulus _p_, _k_=18)<br />
- BLS - Barreto-Lynn-Scott Curve over GF(_p_) (640-bit modulus _p_, _k_=24)
| AES/Curve | 80/CP | 80/MNT | 128/BN | 192/KSS | 256/BLS |
|--------------|-------|--------|--------|---------|---------|
| G1 mul | 0.51 | 0.19 | 0.22 | 0.7 | 1.26 |
| G1 mul (p) | 0.1 | 0.04 | 0.07 | 0.24 | 0.43 |
| G2 mul | 0.51 | 1.15 | 0.44 | 5.53 | 16.04 |
| G2 mul(p) | 0.1 | 0.35 | 0.19 | 2.81 | 5.44 |
| Pairing | 1.14 | 1.9 | 2.32 | 20.55 | 33.91 |
| Pairing (p) | 0.58 | 0.69 | 2.09 | 18.05 | 30.45 |
| GT pow | 0.12 | 0.24 | 0.95 | 6.2 | 24.87 |
| GT pow (p) | 0.03 | 0.08 | 0.43 | 2.73 | 6.47 |
| One More | 0.81 | 1.57 | 0.75 | 4.65 | 6.59 |
| One More (p) | 0.23 | 0.34 | 0.41 | 2.38 | 3.42Ę |

88
miracl/docs/miracl-explained/elliptic-curves.md Normal file
View File

@ -0,0 +1,88 @@
* [What Is Miracl](README.md)
* [Security Advisory](security-advisory.md)
* [Benchmarks](benchmarks.md)
* [Miracl Standard Curves](miracl-standard-curves.md)
* [IEEE 1363](ieee-1363.md)
* Elliptic Curves
* [Licensing](licensing.md)
* Reference Manual
* [Low Level Routines](reference-manual/low-level-routines.md)
* [Advanced Arithmetic Routines](reference-manual/advanced-arithmetic-routines.md)
* [Montgomery Arithmetic Routines](reference-manual/montgomery-arithmetic-routines.md)
* [ZZn2 Arithmetic Routines](reference-manual/zzn2-arithmetic-routines.md)
* [Encryption Routines](reference-manual/encryption-routines.md)
* [Elliptic Curve Routines](reference-manual/elliptic-curve-routines.md)
* [Floating Slash Routines](reference-manual/floating-slash-routines.md)
* [Structure Reference](reference-manual/structure-reference.md)
Elliptic Curves
---
These curves use the standard Weierstrass parameterisation, and are of the form:
**y<sup>2</sup> = x<sup>3</sup> +Ax +B mod p**
...where p is a prime congruent to 3 mod 4, and A is fixed at -3. A quarter of all randomly generated curves can be transformed into this form.The former condition makes it easier to find points on the curve, and the latter make calculations on the curve somewhat faster.
The motivation is provide a set of curves which, within the limitations mentioned above, are otherwise in no way special. It is thought that by using such curves the user is safe against cryptanalytic advances, except in a circumstance where the whole premise behind Elliptic Curve cryptography collapses and a sub-exponential solution is found for the most general discrete logarithm problem in the elliptic curve setting.
Each curve is with respect to a prime p which is n bits in length. In each case the number of points q on the curve is itself a prime. The prime p is found as the first prime congruent to 3 mod 4 which is found by incrementing a number n bits in length, formed from the first n bits of the mathematical constant pi=3.141592.... The parameter B is formed from the first n bits of the mathematical constant e=2.71828...., incremented until q is prime.
**ssc-160**
```
n=160
B=993193335754933797118314178888153828594854512705
p=1147860701762054730346201299935827782113538756127
q=1147860701762054730346200648614608152209809891831
```
**ssc-192**
```
n=192
B=4265732895672588129268258440977714335632089762934383523494
p=4930024174431634640599033341057067222865862716297522433299
q=4930024174431634640599033341125441632693811654341940586403
```
**ssc-224**
```
n=224
B=18321183280385145938884990414875229336370193019939570227257813318147
p=21174292597673270169193562049053717791882423761323585056162680913631
q=21174292597673270169193562049053723134442099121024262551089688143309
```
**ssc-256**
```
n=256
B=78688883013276200091698248537162581920209762369847930022367595957783191893217
p=90942894222941581070058735694432465663348344332098107489693037779484723616779
q=90942894222941581070058735694432465663288414616171509431879910319924502217783
```
**ssc-288**
```
n=288
B=337966179100791213208996178567593129982221810838428315939365373128820605838874928979766
p=390596756491121423614434954606695289304724084762108334731724254341779347664665278286219
q=390596756491121423614434954606695289304724116479393090921502092797686514928150248753237
```
**ssc-320**
```
n=320
B=1451553686391976948456801799936788618707919738968947956999929796583121697128874465400872041660580
p=1677600295053042228788960243555000810201048522356787237681776606087928304667951345024875097229491
q=1677600295053042228788960243555000810201048522357873106251579120122685384485967275546948559607409
```
**ssc-384**
```
n=384
B=2677643936212245379258831955273195965014103242523976013961762903324499451740187144031703534071217029867094433378961
p=30946263300823101954888425259784296108860594177929936231961025381527827855583154673559277957637088071546809309873019
q=30946263300823101954888425259784296108860594177929936231959195086011429040851460901626189237585847628753659044398489
```
**ssc-512**
```
n=512
B=9111550163858012281440901732746538838772262590143654133938674743542107885492015390851248618042056679983385207705625699101049041930943171450852516780927629
p=10530467723362659054861705371139847026313999328372313651398671272025951445569024729948471343061931586610942824229083371331823229156399790385588443550959087
q=10530467723362659054861705371139847026313999328372313651398671272025951445569144524507377363887941433449823713742916287342504795006316114468040283111710577
```
These curves may be used freely without restriction.

42
miracl/docs/miracl-explained/ieee-1363.md Normal file
View File

@ -0,0 +1,42 @@
* [What Is Miracl](README.md)
* [Security Advisory](security-advisory.md)
* [Benchmarks](benchmarks.md)
* [Miracl Standard Curves](miracl-standard-curves.md)
* IEEE 1363
* [Elliptic Curves](elliptic-curves.md)
* [Licensing](licensing.md)
* Reference Manual
* [Low Level Routines](reference-manual/low-level-routines.md)
* [Advanced Arithmetic Routines](reference-manual/advanced-arithmetic-routines.md)
* [Montgomery Arithmetic Routines](reference-manual/montgomery-arithmetic-routines.md)
* [ZZn2 Arithmetic Routines](reference-manual/zzn2-arithmetic-routines.md)
* [Encryption Routines](reference-manual/encryption-routines.md)
* [Elliptic Curve Routines](reference-manual/elliptic-curve-routines.md)
* [Floating Slash Routines](reference-manual/floating-slash-routines.md)
* [Structure Reference](reference-manual/structure-reference.md)
IEEE 1363
---
The IEEE P1363 standard for Public key Cryptography [P1363](http://grouper.ieee.org/groups/1363/) is now complete. A fully multi-threaded IEEE 1363 "wrapper" for MIRACL is available which implements all the cryptographic primitives in this popular standard. It also supports point compression for elliptic curves, and precomputation for faster Digital Signature. GF(p) and GF(2<sup>m</sup>) curves are treated separately. The implemented primitives (some from P1363a) are:
| DLSVDP-DH | DLSVDP-DHC | DLSVDP-MQV | DLSVDP-MQVC |
|--------------|--------------|------------|-------------|
| DLSP-NR | DLVP-NR | DLSP-DSA | DLVP-DSA |
| ECSVDP-DH | ECSVDP-DHC | ECSVDP-MQV | ECSVDP-MQVC |
| ECSP-NR | ECVP-NR | ECSP-DSA | ECVP-DSA |
| IFEP-RSA | IFDP-RSA | IFSP-RSA1 | IFVP-RSA1 |
| IFSP-RSA2 | IFVP-RSA2 | IFSP-RW | IFVP-RW |
| DLPSP-NR2/PV | DLSP-NR2 | DLVP-NR2 | DLSP-PV |
| DLVP-PV | ECPSP-NR2/PV | ECSP-NR2 | ECVP-NR2 |
| ECSP-PV | ECVP-PV | | |
The following message encoding and auxiliary functions are also implemented (some from P1363a):
| MGF1 | EMSA1/2/3/4 (PSS) | EMSR1/2/3 (PSS-R) |
|-------------|-------------------|-------------------|
| EME1 (OAEP) | KDF1 | KDF2 |
| MAC1 (HMAC) | AES_CBC_IV0 | |
Full instructions for evaluation and deployment can be found at the head of the [p1363.c](https://github.com/CertiVox/MIRACL/blob/master/source/p1363/p1363.c) file. These include full instructions for the creation of a Win32/.NET compatible IEEE 1363 Dynamic Link Library (DLL), so that IEEE 1363 functionality can be easily integrated into your Win32/.NET application. A test program implements instances of signature and encryption schemes ECDSA, IFSSA, IFSSR, DLSSR, DLSSR-PV and ECIES.

BIN
miracl/docs/miracl-explained/images/logos.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 102 KiB

BIN
miracl/docs/miracl-explained/images/miracl.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 22 KiB

37
miracl/docs/miracl-explained/licensing.md Normal file
View File

@ -0,0 +1,37 @@
* [What Is Miracl](README.md)
* [Security Advisory](security-advisory.md)
* [Benchmarks](benchmarks.md)
* [Miracl Standard Curves](miracl-standard-curves.md)
* [IEEE 1363](ieee-1363.md)
* [Elliptic Curves](elliptic-curves.md)
* Licensing
* Reference Manual
* [Low Level Routines](reference-manual/low-level-routines.md)
* [Advanced Arithmetic Routines](reference-manual/advanced-arithmetic-routines.md)
* [Montgomery Arithmetic Routines](reference-manual/montgomery-arithmetic-routines.md)
* [ZZn2 Arithmetic Routines](reference-manual/zzn2-arithmetic-routines.md)
* [Encryption Routines](reference-manual/encryption-routines.md)
* [Elliptic Curve Routines](reference-manual/elliptic-curve-routines.md)
* [Floating Slash Routines](reference-manual/floating-slash-routines.md)
* [Structure Reference](reference-manual/structure-reference.md)
Licensing
---
MIRACL has been under continuous development since 1988. It is currently licensed to hundreds of leading companies in the United States, Brazil, Britain, Germany, France, Switzerland, South Africa and Australia. Its cryptographic runtimes can be found in chips, operating systems and software applications in industries ranging from defense and intelligence to financial services and software as a service companies.
## What's the license for MIRACL?
MIRACL licenses are offered according to a dual licensing scheme. The FOSS license applicable to cryptographic implementations is the Affero GPL (AGPL) License, version 3. MIRACL is offered as a standard commercial license with any subscription to the CertiVox Key Management Service. Companies that are not comfortable with AGPL and are using MIRACL without a subscription to the CertiVox Key Management Service can acquire a commercial license for use of the software from by contacting <sales@miracl.com>.
## Why is AGPL sometimes incompatible with commercial software?
From a purely theoretical viewpoint, there is no incompatibility between AGPL and commercial applications. One may be running a commercial service while making the source code open and available to third-parties. Of course, things are likely different in practice. AGPL employs so-called 'strong copyleft' for example: the demand that all the software linked against free software (free in GNU/FSF sense) is also free software and freely available. GNU Public License is the most famous of such 'strong copyleft' FOSS licenses. The GPL copyleft clause triggers when an application is distributed outside of company boundaries. The GPL license was created at a time when the web did not exist, let alone the possibility to use applications remotely through a web browser. Because of this, companies could deploy GPL code commercially on a web server without betraying the letter, but arguably betraying the spirit of the GPL. This is called the ASP loophole. This is the context in which Affero was designed. The basic idea is that making AGPL software available through a web server constitutes distribution, and this is enough to trigger the strong copyleft provisions that many are already familiar with because of GPL. In other words, all of the software that links to the AGPL library must also be released with a compatible Free or Open-Source license. Commercial companies or applications developed that are deployed in the financial services, national defense or intelligence industries are unlikely to want to have to disclose and distribute the source code with which they use MIRACL. If that is the case, closed source licenses are available that do not require the company, application or organization to disclose the source code with which it uses MIRACL. This is called selling/buying a GPL exception in GNU parlance (others simply call this 'dual licensing').
## If I use the AGPL license, will I need to open-source my code?
Yes, you will. Exactly like regular GPL, linking your code to GPL code creates derivative work (in the copyright sense of the term) and this is enough to trigger the 'copyleft' provisions. FSF is adamant on this interpretation and so is CertiVox.
Q: What's the price of a commercial license and / or support from CertiVox?
CertiVox issues a commercial license for MIRACL when a subscription to the CertiVox Key Management Service is issued. Additionally, CertiVox will offer enhanced developer support for MIRACL, which will optionally include cryptographic design consulting. CertiVox will publish publicly available pricing for both in the next few weeks. If you need a commercial license and / or support immediately, please contact <sales@miracl.com>.

88
miracl/docs/miracl-explained/miracl-standard-curves.md Normal file
View File

@ -0,0 +1,88 @@
* [What Is Miracl](README.md)
* [Security Advisory](security-advisory.md)
* [Benchmarks](benchmarks.md)
* Miracl Standard Curves
* [IEEE 1363](ieee-1363.md)
* [Elliptic Curves](elliptic-curves.md)
* [Licensing](licensing.md)
* Reference Manual
* [Low Level Routines](reference-manual/low-level-routines.md)
* [Advanced Arithmetic Routines](reference-manual/advanced-arithmetic-routines.md)
* [Montgomery Arithmetic Routines](reference-manual/montgomery-arithmetic-routines.md)
* [ZZn2 Arithmetic Routines](reference-manual/zzn2-arithmetic-routines.md)
* [Encryption Routines](reference-manual/encryption-routines.md)
* [Elliptic Curve Routines](reference-manual/elliptic-curve-routines.md)
* [Floating Slash Routines](reference-manual/floating-slash-routines.md)
* [Structure Reference](reference-manual/structure-reference.md)
MIRACL Standard Curves
---
These curves use the standard Weierstrass parameterisation, and are of the form:
**y<sup>2</sup> = x<sup>3</sup> +Ax +B mod p**
...where *p* is a prime congruent to 3 mod 4, and A is fixed at -3. A quarter of all randomly generated curves can be transformed into this form.The former condition makes it easier to find points on the curve, and the latter make calculations on the curve somewhat faster.
The motivation is provide a set of curves which, within the limitations mentioned above, are otherwise in no way special. It is thought that by using such curves the user is safe against cryptanalytic advances, except in a circumstance where the whole premise behind Elliptic Curve cryptography collapses and a sub-exponential solution is found for the most general discrete logarithm problem in the elliptic curve setting.
Each curve is with respect to a prime p which is n bits in length. In each case the number of points q on the curve is itself a prime. The prime p is found as the first prime congruent to 3 mod 4 which is found by incrementing a number n bits in length, formed from the first n bits of the mathematical constant pi=3.141592.... The parameter B is formed from the first n bits of the mathematical constant e=2.71828...., incremented until q is prime.
**ssc-160**
```
n=160
B=993193335754933797118314178888153828594854512705
p=1147860701762054730346201299935827782113538756127
q=1147860701762054730346200648614608152209809891831
```
**ssc-192**
```
n=192
B=4265732895672588129268258440977714335632089762934383523494
p=4930024174431634640599033341057067222865862716297522433299
q=4930024174431634640599033341125441632693811654341940586403
```
**ssc-224**
```
n=224
B=18321183280385145938884990414875229336370193019939570227257813318147
p=21174292597673270169193562049053717791882423761323585056162680913631
q=21174292597673270169193562049053723134442099121024262551089688143309
```
**ssc-256**
```
n=256
B=78688883013276200091698248537162581920209762369847930022367595957783191893217
p=90942894222941581070058735694432465663348344332098107489693037779484723616779
q=90942894222941581070058735694432465663288414616171509431879910319924502217783
```
**ssc-288**
```
n=288
B=337966179100791213208996178567593129982221810838428315939365373128820605838874928979766
p=390596756491121423614434954606695289304724084762108334731724254341779347664665278286219
q=390596756491121423614434954606695289304724116479393090921502092797686514928150248753237
```
**ssc-320**
```
n=320
B=1451553686391976948456801799936788618707919738968947956999929796583121697128874465400872041660580
p=1677600295053042228788960243555000810201048522356787237681776606087928304667951345024875097229491
q=1677600295053042228788960243555000810201048522357873106251579120122685384485967275546948559607409
```
**ssc-384**
```
n=384
B=26776439362122453792588319552731959650141032425239760139617629033244994517401871440317035340712170298670944533378961
p=30946263300823101954888425259784296108860594177929936231961025381527827855583154673559277957637088071546809309873019
q=30946263300823101954888425259784296108860594177929936231959195086011429040851460901626189237585847628753659044398489
```
**ssc-512**
```
n=512
B=9111550163858012281440901732746538838772262590143654133938674743542107885492015390851248618042056679983385207705625699101049041930943171450852516780927629
p=10530467723362659054861705371139847026313999328372313651398671272025951445569024729948471343061931586610942824229083371331823229156399790385588443550959087
q=10530467723362659054861705371139847026313999328372313651398671272025951445569144524507377363887941433449823713742916287342504795006316114468040283111710577
```
These curves may be used freely without restriction.

637
miracl/docs/miracl-explained/reference-manual/advanced-arithmetic-routines.md Normal file
View File

@ -0,0 +1,637 @@
* [What Is Miracl](../README.md)
* [Security Advisory](../security-advisory.md)
* [Benchmarks](../benchmarks.md)
* [Miracl Standard Curves](../miracl-standard-curves.md)
* [IEEE 1363](../ieee-1363.md)
* [Elliptic Curves](../elliptic-curves.md)
* [Licensing](../licensing.md)
* Reference Manual
* [Low Level Routines](low-level-routines.md)
* Advanced Arithmetic Routines
* [Montgomery Arithmetic Routines](montgomery-arithmetic-routines.md)
* [ZZn2 Arithmetic Routines](zzn2-arithmetic-routines.md)
* [Encryption Routines](encryption-routines.md)
* [Elliptic Curve Routines](elliptic-curve-routines.md)
* [Floating Slash Routines](floating-slash-routines.md)
* [Structure Reference](structure-reference.md)
Advanced Arithmetic Routines
---
In these routines a big parameter can also be used wherever a flash is specified, but not vice versa. Further information may be gleaned from the (lightly) commented source code. An asterisk after
the name indicates that the function does not take a mip parameter if MR_GENERIC_MT is defined in
mirdef.h.
## void bigdig (int n, int b, big x)
Generates a big random number of given length. Uses the built-in simple random number generator initialised
by irand().
**Parameters:**
←n<br />
←b<br />
→x A big random number n digits long to base b
**Precondition:**
The base b must be printable, that is 2 <= b <= 256
**Example:**
```
// This generates a 100 decimal digit random number
bigdig(100, 10, x);
```
## void bigrand (big w, big x)
Generates a big random number. Uses the built-in simple random number generator initialised by irand().
**Parameters:**
←w<br />
→x A big random number in the range 0 <= x < w
## void brick_end* (brick * b)
Cleans up after an application of the Comb method.
**Parameters:**
←b A pointer to the current instance.
## BOOL brick_init (brick * b, big g, big n, int window, int nb)
Initialises an instance of the Comb method for modular exponentiation with precomputation. Internally
memory is allocated for 2w big numbers which will be precomputed and stored. For bigger w more space
is required, but the exponentiation is quicker. Try w = 8.
**Parameters:**
←→b A pointer to the current instance<br />
←g The fixed generator<br />
←n The modulus<br />
←window The window size w<br />
←nb The maximum number of bits to be used in the exponent
**Returns:**
TRUE if successful, otherwise FALSE
> If MR_STATIC is defined in mirdef.h, then the g parameter in this function is replaced by an mr_small pointer to a precomputed table. In this case the function returns a void.
## void crt (big_chinese * c, big * u, big x)
Applies the Chinese Remainder Theorem.
**Parameters:**
←c A pointer to the current instance<br />
←u An array of big remainders<br />
→x The big number which yields the given remainders u when it is divided by the big moduli specified
in a prior call to crt_init()
**Precondition:**
The routine crt_init() must be called first.
## void crt_end* (big_chinese * c)
Cleans up after an application of the Chinese Remainder Theorem.
**Parameters:**
←c A pointer to the current instance.
## BOOL crt_init (big_chinese * c, int r, big * moduli)
Initialises an instance of the Chinese Remainder Theorem. Some internal workspace is allocated.
**Parameters:**
→c A pointer to the current instance<br />
←r The number of co-prime moduli<br />
←moduli An array of at least two big moduli
**Returns:**
TRUE if successful, otherwise FALSE.
## int egcd (big x, big y, big z)
Calculates the Greatest Common Divisor of two big numbers.
**Parameters:**
←x<br />
←y<br />
←z = gcd(x,y)
**Returns:**
GCD as integer, if possible, otherwise MR_TOOBIG.
## void expb2 (int n, big x)
Calculates 2 to the power of an integer as a big.
**Parameters:**
←n<br />
→x = 2n
**Example:**
```
// This calculates and prints out the largest known prime number
// (on a true 32-bit computer with lots of memory!)
expb2(1398269, x);
decr(x, 1, x);
mip->IOBASE = 10;
cotnum(x, stdout);
```
### void expint (int b, int n, big x)
Calculates an integer to the power of an integer as a big.
**Parameters:**
←b<br />
←n<br />
→x = bn
### void fft_mult (big x, big y, big z)
Multiplies two big numbers, using the Fast Fourier Method. See [Pollard71].
**Parameters:**
←x<br />
←y<br />
→z = xy
> Should only be used on a 32-bit computer when x and y are ver large, at least 1000 decimal digits.
### void gprime (int maxp)
Generates all prime numbers up to a certain limit into the instance array miracl::PRIMES, terminated by
zero. This array is used internally by the routines isprime() and nxprime().
**Parameters:**
←maxp A positive integer indicating the maximum prime number to be generated. If maxp = 0 the
miracl::PRIMES array is deleted.
### int hamming (big x)
Calculates the hamming weight of a big number (in fact the number of 1's in its binary representation).
**Parameters:**
←x
**Returns:**
Hamming weight of x.
### mr_small invers* (mr_small x, mr_small y)
Calculates the inverse of an integer modulus a co-prime integer.
**Parameters:**
←x<br />
←y
**Returns:**
x1 (mod y)
> Result unpredictable if x and y not co-prime.
### BOOL isprime (big x)
Tests whether or not a big number is prime using a probabilistic primality test. The number is assumed
to be prime if it passes this test miracl::NTRY times, where miracl::NTRY is an instance variable with a
default initialisation in routine mirsys().
**Parameters:**
←x
**Returns:**
TRUE if x is (almost certainly) prime, otherwise FALSE
> This routine first test divides x by the list of small primes stored in the instance array miracl::PRIMES.
> The testing of larger primes will be significantly faster in many cases if this list is increased. See
> **gprime()**. By default only the small primes less than 1000 are used.
### int jac (mr_small x, mr_small n)
Calculates the value of the Jacobi symbol. See [Reisel].
**Parameters:**
←x<br />
←n
**Returns:**
The value of (x | n) as +1 or -1, or 0 if symbol undefined
> See also: **jack**
### int jack (big U, big V)
Calculates the value of the Jacobi symbol. See [Reisel].
**Parameters:**
←U<br />
←V
**Returns:**
The value of (U | V) as +1 or -1, or 0 if symbol undefined
> See also: **jac**
### int logb2 (big x)
Calculates the approximate integer log to the base 2 of a big number (in fact the number of bits in it).
**Parameters:**
←x
**Returns:**
Number of bits in x
### void lucas (big p, big r, big n, big vp, big v)
Performs Lucas modular exponentiation. Uses Montgomery arithmetic internally. This function can be
speeded up further for particular moduli, by invoking special assembly language routines to implement
Montgomery arithmetic. See powmod().
**Parameters:**
←p The base<br />
←r The exponent<br />
←n The modulus<br />
→vp = Vr1(p) (mod n)<br />
→v = Vr(p) (mod n)
> Only v is returned if v and vp are not distinct. The "sister" Lucas function Ur(p) can, if required, be calculated as Ur(p) * [pVr(p) 2Vr1(p)]/(p2 4) (mod n)
**Precondition:**
The value of n must be odd.
### BOOL multi_inverse (int m, big * x, big n, big * w)
Finds the modular inverses of many numbers simultaneously, exploiting Montgomery's observation that
x1 = y(xy)1, y1 = x(xy)1. This will be quicker, as modular inverses are slow to calculate, and this
way only one is required.
**Parameters:**
←m The number of inverses required<br />
←x An array of m numbers whose inverses are required<br />
←n The modulus<br />
→w The resulting array of inverses
**Returns:**
TRUE if successful, otherwise FALSE
**Precondition:**
The parameters x and w must be distinct.
### BOOL nroot (big x, int n, big w)
Extracts lower approximation to a root of a big number.
**Parameters:**
←x A big number<br />
←n A positive integer<br />
→w = [nx]
**Returns:**
TRUE if the root is exact, otherwise FALSE
**Precondition:**
The value of n must be positive. If x is negative, then n must be odd
> See also: **sqroot, nres_sqroot**
### BOOL nxprime (big w, big x)
Finds next prime number.
**Parameters:**
←w<br />
←x The next prime number greater than w
**Returns:**
TRUE if successful, otherwise FALSE
> See also: **nxsafeprime**
### BOOL nxsafeprime (int type, int subset, big w, big p)
Finds next safe prime number greater than w. A safe prime number p is defined here to be one for which
q = (p 1)/2 (type=0) or q = (p + 1)/2 (type=1) is also prime.
**Parameters:**
←type The type of safe prime as above<br />
←subset If subset = 1, then the search is restricted so that the value of the prime q is congruent to 1
mod 4. If subset = 3, then the search is restricted so that the value of q is congruent to 3 mod 4.
If subset = 0 then there is no condition on q: it can be either 1 or 3 mod 4<br />
←w<br />
→p
**Returns:**
TRUE if successful, otherwise FALSE
> See also: **nxprime**
### void pow_brick (brick * b, big e, big w)
Carries out a modular exponentiation, using the precomputed values stored in the brick structure.
**Parameters:**
←b A pointer to the current instance<br />
←e A big exponent<br />
→w = ge (mod n), where g and n are specified in the initial call to brick_init()
**Precondition:**
Must be preceded by a call to brick_init().
### void power (big x, long n, big z, big w)
Raises a big number to an integer power.
**Parameters:**
←x A big number<br />
←n A positive integer<br />
←z A big number<br />
→w = xn (mod z)
**Precondition:**
The value of n must be positive.
### int powltr (int x, big y, big n, big w)
Raises an int to the power of a big number modulus another big number. Uses Left-to-Right binary
method, and will be somewhat faster than powmod() for small x. Uses Montgomery arithmetic internally
if the modulus n is odd.
**Parameters:**
←x<br />
←y<br />
←n<br />
→w = xy (mod n)
**Returns:**
The result expressed as an integer, if possible. Otherwise the value MR_TOOBIG
**Precondition:**
The value of y must be positive. The parameters x and n must be distinct.
### void powmod (big x, big y, big n, big w)
Raises a big number to a big power modulus another big. Uses a sophisticated 5-bit sliding window technique,
which is close to optimal for popular modulus sizes (such as 512 or 1024 bits). Uses Montgomery
arithmetic internally if the modulus n is odd.
This function can be speeded up further for particular moduli, by invoking special assembly language
routines (ir your compiler allows it). A KCM Modular Multiplier will be automatically invoked if MR_-
KCM has been defined in mirdef.h and has been set to an appropriate size. Alternatively a Comba modular
multiplier will be used if MR_COMBA is so defined, and the modulus is of the specified size. Experimental
coprocessor code will be called if MR_PENTIUM is defined. Only one of these conditionals should be
defined.
**Parameters:**
←x<br />
←y<br />
←n<br />
→w = xy (mod n)
**Precondition:**
The value of y must be positive. The parameters x and n must be distinct.
### void powmod2 (big x, big y, big a, big b, big n, big w)
Calculates the product of two modular exponentiations. This is quicker than doing two separate exponentiations,
and is useful for certain cryptographic protocols. Uses 2-bit sliding window.
**Parameters:**
←x<br />
←y<br />
←a<br />
←b<br />
←n<br />
→w = xy ab (mod n)
**Precondition:**
The values of y and b must be positive. The parameters n and w must be distinct. The modulus n must
be odd.
### void powmodn (int n, big * x, big * y, big p, big w)
Calculates the product of n modular exponentiations. This is quicker than doing n separate exponentiations,
and is useful for certain cryptographic protocols. Extra memory is allocated internally for this function.
**Parameters:**
←n<br />
←x<br />
←y<br />
←p<br />
→w = x[0]y[0]x[1]y[1] · · · x[n 1]y[n1) (mod p)
**Precondition:**
The values of y[ ] must be positive. The parameters p and w must be distinct. The modulus p must be
odd. The underlying number base must be a power of 2.
### void scrt (small_chinese * c, mr_utype * u, big x)
Applies Chinese Remainder Theorem (for small prime moduli).
**Parameters:**
←c A pointer to the current instance of the Chinese Remainder Theorem<br />
←u An array of remainders<br />
→x The big number which yields the given integer remainders u[ ] when it is divided by the integer
moduli specified in a prior call to scrt_init()
**Precondition:**
The routine scrt_init() must be called first.
### void scrt_end* (small_chinese * c)
Cleans up after an application of the Chinese Remainder Theorem.
**Parameters:**
←c A pointer to the current instance of the Chinese Remainder Theorem.
### BOOL scrt_init (small_chinese * c, int r, mr_utype * moduli)
Initialises an instance of the Chinese Remainder Theorem. Some internal workspace is allocated.
**Parameters:**
→c A pointer to the current instance<br />
←r The number of co-prime moduli<br />
←moduli An array of at least two integer moduli
**Returns:**
TRUE if successful, otherwise FALSE.
### void sftbit (big x, int n, big z)
Shifts a big integer left or right by a number of bits.
**Parameters:**
←x<br />
←n If positive shifts to the left, if negative shifts to the right<br />
→z = x shifted by n bits
### mr_small smul* (mr_small x, mr_small y, mr_small n)
Multiplies two integers mod a third.
**Parameters:**
←x<br />
←y<br />
←n
**Returns:**
xy (mod n)
### mr_small spmd* (mr_small x, mr_small n, mr_small m)
Raises an integer to an integer power modulo a third.
**Parameters:**
←x<br />
←n<br />
←m
**Returns:**
xn (mod m)
### mr_small sqrmp* (mr_small x, mr_small m)
Calculates the square root of an integer modulo an integer prime number.
**Parameters:**
←x<br />
←m A prime number
**Returns:**
x (mod m), or 0 if root does not exist
**Precondition:**
p must be prime, otherwise the result is unpredictable
> See also: **sqroot**
### BOOL sqroot (big x, big p, big w)
Calculates the square root of a big integer mod a big integer prime.
**Parameters:**
←x<br />
←p<br />
→w =x (mod p) if the square root exists, otherwise w = 0. Note that the "other" square root
may be found by subtracting w from p
**Returns:**
TRUE if the square root exists, FALSE otherwise
**Precondition:**
The number p must be prime
> This routine is particularly efficient if p = 3 (mod 4).
### int trial_division (big x, big y)
Dual purpose trial division routine. If x and y are the same big variable then trial division by the small
prime numbers in the instance array miracl::PRIMES is attempted to determine the primality status of the
big number. If x and y are distinct then, after trial division, the unfactored part of x is returned in y.
**Parameters:**
←x<br />
←→y
**Returns:**
If x and y are the same, then a return value of 0 means that the big number is definitely not prime, a
return value of 1 means that it definitely is prime, while a return value of 2 means that it is possibly
prime (and that perhaps further testing should be carried out). If x and y are distinct, then a return value
of 1 means that x is smooth, that it is completely factored by trial division (and y is the largest prime
factor). A return value of 2 means that the unfactored part y is possibly prime.
### int xgcd (big x, big y, big xd, big yd, big z)
Calculates extended Greatest Common Divisor of two big numbers. Can be used to calculate modular
inverses. Note that this routine is much slower than a mad() operation on numbers of similar size.
**Parameters:**
←x<br />
→y<br />
→xd<br />
→yd<br />
→z = gcd(x, y) = (x * xd) + (y * yd)
**Returns:**
GCD as integer, if possible, otherwise MR_TOOBIG
**Precondition:**
If xd and yd are not distinct, only xd is returned. The GCD is only returned if z distinct from both xd
and yd
**Example:**
```
xgcd(x, p, x, x, x,); // x = 1/x mod p (p is prime)
```

637
miracl/docs/miracl-explained/reference-manual/elliptic-curve-routines.md Normal file
View File

@ -0,0 +1,637 @@
* [What Is Miracl](../README.md)
* [Security Advisory](../security-advisory.md)
* [Benchmarks](../benchmarks.md)
* [Miracl Standard Curves](../miracl-standard-curves.md)
* [IEEE 1363](../ieee-1363.md)
* [Elliptic Curves](../elliptic-curves.md)
* [Licensing](../licensing.md)
* Reference Manual
* [Low Level Routines](low-level-routines.md)
* [Advanced Arithmetic Routines](advanced-arithmetic-routines.md)
* [Montgomery Arithmetic Routines](montgomery-arithmetic-routines.md)
* [ZZn2 Arithmetic Routines](zzn2-arithmetic-routines.md)
* [Encryption Routines](encryption-routines.md)
* Elliptic Curve Routines
* [Floating Slash Routines](floating-slash-routines.md)
* [Structure Reference](structure-reference.md)
Elliptic Curve Routines
---
In these routines a big parameter can also be used wherever a flash is specified, but not vice versa. Further information may be gleaned from the (lightly) commented source code. An asterisk after
the name indicates that the function does not take a mip parameter if MR_GENERIC_MT is defined in
mirdef.h.
## void ebrick2_end* (ebrick2 * B)
Cleans up after an application of the Comb for GF(2m) elliptic curves.
**Parameters:**
←→B A pointer to the current instance
## BOOL ebrick2_init (ebrick2 * B, big x, big y, big a2, big a6, int m, int a, int b, int c, int window, int nb)
Initialises an instance of the Comb method for GF(2m) elliptic curve multiplication with precomputation.
The field is defined with respect to the trinomial basis tm+ta+1 or the pentanomial basis tm+ta+tb+tc+1.
Internally memory is allocated for 2w elliptic curve points which will be precomputed and sotred. For
bigger w more space is required, but the exponentiation is quicker. Try w = 8.
**Parameters:**
←B A pointer to the current instance<br />
←x x coordinate of the fixed point<br />
←y y coordinate of the fixed point<br />
←a2 The a2 coefficient of the curve y2 + xy = x3 + a2x2 + a6<br />
←a6 the a6 coefficient of the curve y2 + xy = x3 + a2x2 + a6<br />
←m<br />
←a<br />
←b<br />
←c<br />
←window The size w of the window<br />
←nb The maximum number of bits to be used in the exponent
**Returns:**
TRUE if successful, otherwise FALSE
> If MR_STATIC is defined in mirdef.h, then the x and y parameters in this function are replaced by a single mr_small * pointer to a precomputed table. In this case the function returns a void.
## void ebrick_end* (ebrick * B)
Cleans up after an application of the Comb for GF(p) elliptic curves.
**Parameters:**
←→B A pointer to the current instance
## BOOL ebrick_init (ebrick * B, big x, big y, big a, big b, big n, int window, int nb)
Initialises an instance of the Comb method for GF(p) elliptic curve multiplication with precomputation.
Internally memory is allocated for 2w elliptic curve points which will be precomputed and stored. For
bigger w more space is required, but the exponentiation is quicker. Try w = 8.
**Parameters:**
→B A pointer to the current instance<br />
←x x coordinate of the fixed point<br />
←y y coordinate of the fixed point<br />
←a The a coefficient of the curve y2 = x3 + ax + b<br />
←b The b coefficient of the curve y2 = x3 + ax + b<br />
←n The modulus<br />
←window The size w of the window<br />
←nb The maximum number of bits to be used in the exponent
**Returns:**
TRUE if successful, otherwise FALSE
> If MR_STATIC is defined in mirdef.h, then the x and y parameters in this function are replaced by a single mr_small * pointer to a precomputed table. In this case the function returns a void.
## big ecurve2_add (epoint * p, epoint * pa)
Adds two points on a GF(2m) elliptic curve using the special rule for addition. Note that if pa = p, then a
different duplication rule is used. Addition is quicker if p is normalised.
**Parameters:**
←p<br />
←→pa = pa + p
**Returns:**
An ephemeral pointer to the sline slope if curve is super-singular
**Precondition:**
The input points must actually be on the current active curve.
## BOOL ecurve2_init (int m, int a, int b, int c, big a2, big a6, BOOL check, int type)
Initialises the internal parameters of the current active GF(2m) elliptic curve. The curve is assumed to be
of the form y2 + xy = x3 + Ax2 + B. The field is defined with respect to the trinomial basis tm + ta + 1
or the pentanomial basis tm+ta+tb+tc+1. This routine can be called subsequently with the parameters
of a different curve.
**Parameters:**
←m<br />
←a<br />
←b<br />
←c<br />
←a2 The A coefficient on the elliptic curve equation<br />
←a6 The B coefficient on the elliptic curve equation<br />
←check If TRUE a check is made that the specified basis is irreducible. If FALSE, this basis validity
check, which is time-consuming, is supressed<br />
←type Either MR_PROJECTIVE or MR_AFFINE, specifying whether projective or affine coordinates
should be used internally. Normally the former is faster
**Returns:**
TRUE if parameters make sense, otherwise FALSE
> Allocated memory will be freed when the current instance of MIRACL is terminated by a call to mirexit(). Only one elliptic curve, GF(p) or GF(2m) may be active within a single MIRACL instance.
## void ecurve2_mult (big e, epoint * pa, epoint * pt)
Multiplies a point on a GF(2m) elliptic curve by an integer. Uses the addition/subtraction method.
**Parameters:**
←e<br />
←pa<br />
→pt = e × pa
**Precondition:**
The point pa must be on the active curve.
## void ecurve2_mult2 (big e, epoint * p, big ea, epoint * pa, epoint * pt)
Calculates the point e × p + ea × pa on a GF(2m) elliptic curve. This is quicker than doing two separate
multiplications and an addition. Useful for certain cryptosystems.
**Parameters:**
←e<br />
←p<br />
←ea<br />
←pa<br />
→pt = e × p + ea × pa
**Precondition:**
The points p and pa must be on the active curve.
## void ecurve2_multi_add (int m, epoint ** x, epoint ** w)
Simultaneously adds pairs of points on the active GF(2m) curve. This is much quicker than adding them individually, but only when using affine coordinates.
**Parameters:**
←m<br />
←x<br />
→w w[i] = w[i] + x[i] for i = 0 to m - 1
> Only useful when using affine coordinates.
> See also: **ecurve2_init**
## void ecurve2_multn (int n, big * y, epoint ** x, epoint * w)
Calculates the point x[0]y[0] + x[1]y[1] + . . . + x[n 1]y[n 1]) on a GF(2m) elliptic curve, for n >= 2.
**Parameters:**
←n<br />
←y an array of n big numbers<br />
←x an array of n elliptic curve points<br />
→w = x[0]y[0] + x[1]y[1] + . . . + x[n 1]y[n 1])
**Precondition:**
The points must be on the active curve. The y[] values must all be positive. The underlying number
base must be a power of 2.
## big ecurve2_sub (epoint * p, epoint * pa)
Subtracts two points on a GF(2m) elliptic curve. Actually negates p and adds it to pa. Subtraction is quicker
if p is normalised.
**Parameters:**
←p<br />
←→ pa = pa p
**Returns:**
An ephemeral pointer to the sline slope
**Precondition:**
The input points must actually be on the current active curve.
## big ecurve_add (epoint * p, epoint * pa)
Adds two points on a GF(p) elliptic curve using the special rule for addition. Note that if pa = p, then a
different duplication rule is used. Addition is quicker if p is normalised.
**Parameters:**
←p<br />
←→pa = pa + p
**Returns:**
An ephemeral pointer to the sline slope
**Precondition:**
The input points must actually be on the current active curve.
## void ecurve_init (big a, big b, big p, int type)
Initialises the internal parameters of the current active GF(p) elliptic curve. The curve is assumed to be
of the form y2 = x3 + Ax + B (mod p), the so-called Weierstrass model. This routine can be called
subsequently with the parameters of a different curve.
**Parameters:**
←a The A coefficient of the elliptic curve<br />
←b The B coefficient of the elliptic curve<br />
←p The modulus<br />
→type Either MR_PROJECTIVE or MR_AFFINE, specifying whether projective or affine coordinates
should be used internally. Normally the former is faster
> Allocated memory will be freed when the current instance of MIRACL is terminated by a call to mirexit(). Only one elliptic curve, GF(p) or GF(2m) may be active within a single MIRACL instance.
## void ecurve_mult (big e, epoint * pa, epoint * pt)
Multiplies a point on a GF(p) elliptic curve by an integer. Uses the addition/subtraction method.
**Parameters:**
←e<br />
←pa<br />
→pt = e × pa
**Precondition:**
The point pa must be on the active curve.
## void ecurve_mult2 (big e, epoint * p, big ea, epoint * pa, epoint * pt)
Calculates the point e × p + ea × pa on a GF(p) elliptic curve. This is quicker than doing two separate
multiplications and an addition. Useful for certain cryptosystems.
**Parameters:**
←e<br />
←p<br />
←ea<br />
←pa<br />
→pt = e × p + ea × pa
**Precondition:**
The points p and pa must be on the active curve.
## void ecurve_multi_add (int m, epoint ** x, epoint ** w)
Simultaneously adds pairs of points on the active GF(p) curve. This is much quicker than adding them
individually, but only when using affine coordinates.
**Parameters:**
←m<br />
←x<br />
→w w[i] = w[i] + x[i] for i = 0 to m - 1
> Only useful when using affine coordinates.
> See also: **ecurve_init, nres_multi_inverse**
## void ecurve_multn (int n, big * y, epoint ** x, epoint * w)
Calculates the point x[0]y[0] + x[1] * y[1] + . . . + x[n 1]y[n 1] on a GF(p) elliptic curve, for n >= 2.
**Parameters:**
←n<br />
←y An array of n big numbers<br />
←x An array of n elliptic curve points<br />
→w = x[0]y[0] + x[1]y[1] + . . . + x[n 1]y[n 1]
**Precondition:**
The points must be on the active curve. The y[] values must all be positive. The underlying number
base must be a power of 2.
## big ecurve_sub (epoint * p, epoint * pa)
Subtracts two points on a GF(p) elliptic curve. Actually negates p and adds it to pa. Subtraction is quicker
if p is normalised.
**Parameters:**
←p<br />
←→pa = pa p
**Returns:**
An ephemeral pointer to the sline slope
**Precondition:**
The input points must actually be on the current active curve.
## BOOL epoint2_comp (epoint * a, epoint * b)
Compares two points on the current active GF(2m) elliptic curve.
**Parameters:**
←a<br />
←b
**Returns:**
TRUE if the points are the same, otherwise FALSE.
## void epoint2_copy* (epoint * a, epoint * b)
Copies one point to another on a GF(2m) elliptic curve.
**Parameters:**
←a<br />
←b = a
## int epoint2_get (epoint * p, big x, big y)
Normalises a point and extracts its (x,y) coordinates on the active GF(2m) elliptic curve.
**Parameters:**
←p<br />
→x<br />
→y
**Returns:**
The least significant bit of y. Note that it is possible to reconstruct a point from its x coordinate and
just the least significant bit of y. Often such a 'compressed' description of a point is useful
**Precondition:**
The point p must be on the active curve
> If x and y are not distinct variables on entry then only the value of x is returned.
**Example:**
```
i = epoint2_get(p, x, x); // extract x coordinate and lsb of y/x
```
## void epoint2_getxyz (epoint * p, big x, big y, big z)
Extracts the raw (x,y,z) coordinates of a point on the active GF(2m) elliptic curve.
**Parameters:**
←p<br />
→x<br />
→y<br />
→z
**Precondition:**
The point p must be on the active curve
> If any of x, y, z is NULL then that coordinate is not returned.
## BOOL epoint2_norm (epoint * p)
Normalises a point on the current active GF(2m) elliptic curve. This sets the z coordinate to 1. Point
addition is quicker when adding a normalised point. This function does nothing if affine coordinates are
being used (in which case there is no z coordinate).
**Parameters:**
←p A point on the current active elliptic curve
**Returns:**
TRUE if successful, otherwise FALSE.
## BOOL epoint2_set (big x, big y, int cb, epoint * p)
Sets a point on the current active GF(2m) elliptic curve (if possible).
**Parameters:**
←x The x coordinate of the point<br />
←y The y coordinate of the point
←cb If x and y are not distinct variables then x only is passed to the function, and cb is taken as the
least significant bit of y. In this case the full value of y is reconstructed internally. This is known
as 'point decompression' (and is a bit time-consuming, requiring the extraction of a modular
square root)<br />
→p = (x,y)
**Returns:**
TRUE if the point exists on the current active elliptic curve, otherwise FALSE
**Example:**
```
p = epoint_init();
epoint2_set(x, x, 1, p); // decompress p
```
## BOOL epoint_comp (epoint * a, epoint * b)
Compares two points on the current active GF(p) elliptic curve.
**Parameters:**
←a<br />
←b
**Returns:**
TRUE if the points are the same, otherwise FALSE.
## void epoint_copy* (epoint * a, epoint * b)
Copies one point to another on a GF(p) elliptic curve.
**Parameters:**
←a<br />
←b = a
## void epoint_free* (epoint * p)
Frees memory associated with a point on a GF(p) elliptic curve.
**Parameters:**
←p
## int epoint_get (epoint * p, big x, big y)
Normalises a point and extracts its (x,y) coordinates on the active GF(p) elliptic curve.
**Parameters:**
←p<br />
→x<br />
→y
**Returns:**
The least significant bit of y. Note that it is possible to reconstruct a point from its x coordinate and
just the least significant bit of y. Often such a 'compressed' description of a point is useful
**Precondition:**
The point p must be on the active curve
> If x and y are not distinct variables on entry then only the value of x is returned.
**Example:**
```
i = epoint_get(p, x, x); // extract x coordinate and lsb of y
```
## void epoint_getxyz (epoint * p, big x, big y, big z)
Extracts the raw (x,y,z) coordinates of a point on the active GF(p) elliptic curve.
**Parameters:**
←p<br />
→x<br />
→y<br />
→z
**Precondition:**
The point p must be on the active curve
> If any of x, y, z is NULL then that coordinate is not returned.
## epoint* epoint_init (void)
Assigns memory to a point on a GF(p) elliptic curve, and initialises it to the 'point at infinity'
**Returns:**
A pointer to an elliptic curve point (in fact a pointer to a structure allocated from the heap)
> It is the C programmer's responsibility to ensure that all elliptic curve points initialised by a call to this function are ultimately freed by a call to epoint_free(). If not a memory leak will result.
## epoint* epoint_init_mem (char * mem, int index)
Initialises memory for an elliptic curve point from a pre-allocated byte array mem. This array may be
created from the heap by a call to ecp_memalloc(), or in some other way. This is quicker than multiple
calls to epoint_init().
**Parameters:**
←mem<br />
←index An index into mem. Each index should be unique
**Returns:**
An initialised elliptic curve point
**Precondition:**
Sufficient memory must have been allocated and pointed to by mem.
## BOOL epoint_norm (epoint * p)
Normalises a point on the current active GF(p) elliptic curve. This sets the z coordinate to 1. Point addition is quicker when adding a normalised point. This function does nothing if affine coordinates are being used (in which case there is no z coordinate).
**Parameters:**
←p A point on the current active elliptic curve
**Returns:**
TRUE if successful, otherwise FALSE.
## BOOL epoint_set (big x, big y, int cb, epoint * p)
Sets a point on the current active GF(p) elliptic curve (if possible).
**Parameters:**
←x The x coordinate of the point<br />
←y The y coordinate of the point<br />
←cb If x and y are not distinct variables then x only is passed to the function, and cb is taken as the
least significant bit of y. In this case the full value of y is reconstructed internally. This is known
as 'point decompression' (and is a bit time-consuming, requiring the extraction of a modular
square root)<br />
→p = (x,y)
**Returns:**
TRUE if the point exists on the current active elliptic curve, otherwise FALSE
**Example:**
```
p = epoint_init();
epoint_set(x, x, 1, p); // decompress p
```
## BOOL epoint_x (big x)
Tests to see if the parameter x is a valid coordinate of a point on the curve. It is faster to test an x coordinate
first in this way, rather than trying to directly set it on the curve by calling epoint_set(), as it avoids an
expensive modular square root.
**Parameters:**
←x The integer coordinate x
**Returns:**
TRUE if x is the coordinate of a curve point, otherwise FALSE.
## int mul2_brick (ebrick2 * B, big e, big x, big y)
Carries out a GF(2m) elliptic curve multiplication using the precomputed values stored in the ebrick structure.
**Parameters:**
←B A pointer to the current instance<br />
←e A big exponent<br />
→x The x coordinate of e × G, where G is specified in the initial call to ebrick2_init()<br />
→y The y coordinate of e × G, where G is specified in the initial call to ebrick2_init()
**Returns:**
The least significant bit of y
> If x and y are not distinct variables, only x is returned.
**Precondition:**
Must be preceded by a call to ebrick2_init().
## int mul_brick (ebrick * B, big e, big x, big y)
Carries out a GF(p) elliptic curve multiplication using the precomputed values stored in the ebrick structure.
**Parameters:**
←B A pointer to the current instance<br />
←e A big exponent<br />
→x The x coordinate of eG (mod n), where G and n are specified in the initial call to ebrick_init()<br />
→y The y coordinate of eG (mod n), where G and n are specified in the initial call to ebrick_init()
**Returns:**
The least significant bit of y
> If x and y are not distinct variables, only x is returned.
**Precondition:**
Must be preceded by a call to ebrick_init().
## BOOL point_at_infinity* (epoint * p)
Tests if an elliptic curve point is the 'point at infinity'.
**Parameters:**
←p An elliptic curve point
**Returns:**
TRUE if p is the point at infinity, otherwise FALSE
**Precondition:**
The point must be initialised.

293
miracl/docs/miracl-explained/reference-manual/encryption-routines.md Normal file
View File

@ -0,0 +1,293 @@
* [What Is Miracl](../README.md)
* [Security Advisory](../security-advisory.md)
* [Benchmarks](../benchmarks.md)
* [Miracl Standard Curves](../miracl-standard-curves.md)
* [IEEE 1363](../ieee-1363.md)
* [Elliptic Curves](../elliptic-curves.md)
* [Licensing](../licensing.md)
* Reference Manual
* [Low Level Routines](low-level-routines.md)
* [Advanced Arithmetic Routines](advanced-arithmetic-routines.md)
* [Montgomery Arithmetic Routines](montgomery-arithmetic-routines.md)
* [ZZn2 Arithmetic Routines](zzn2-arithmetic-routines.md)
* Encryption Routines
* [Elliptic Curve Routines](elliptic-curve-routines.md)
* [Floating Slash Routines](floating-slash-routines.md)
* [Structure Reference](structure-reference.md)
Encryption Routines
---
In these routines a big parameter can also be used wherever a flash is specified, but not vice versa. Further information may be gleaned from the (lightly) commented source code. An asterisk after
the name indicates that the function does not take a mip parameter if MR_GENERIC_MT is defined in
mirdef.h.
## mr_unsign32 aes_decrypt* (aes * a, char * buff)
Decrypts a 16 or n byte input buffer in situ. If the mode of operation is as a block cipher (MR_ECB or
MR_CBC) then 16 bytes will be decrypted. If the mode of operation is as a stream cipher (MR_CFBn,
MR_OFBn or MR_PCFBn) then n bytes will be decrypted.
**Parameters:**
←a Pointer to an initialised instance of an aes structured defined in miracl.h<br />
←→buff Pointer to the buffer of bytes to be decrypted
**Returns:**
If MR_CFBn and MR_PCFBn modes then n byte(s) that were shifted off the end of the input register
as result of decrypting the n input byte(s), otherwise 0.
**Precondition:**
Must be preceded by call to aes_init()
## mr_unsign32 aes_encrypt* (aes * a, char * buff)
Encrypts a 16 or n byte input buffer in situ. If the mode of operation is as a block cipher (MR_ECB or
MR_CBC) then 16 bytes will be encrypted. If the mode of operation is as a stream cipher (MR_CFBn,
MR_OFBn or MR_PCFBn) then n bytes will be encrypted.
**Parameters:**
←a Pointer to an initialised instance of an aes structure defined in miracl.h<br />
←→buff Pointer to the buffer of bytes to be encrypted
**Returns:**
In MR_CFBn and MR_PCFBn modes the n byte(s) that were shifted off the end of the input register
as result of encrypting the n input byte(s), otherwise 0.
**Precondition:**
Must be preceded by a call to aes_init().
## void aes_end* (aes * a)
Ends an AES encryption session, and de-allocates the memory associated with it. The internal session key
data is destroyed.
**Parameters:**
←→a Pointer to an initialised instance of an aes structured defined in miracl.h
## void aes_getreg* (aes * a, char * ir)
Reads the current contents of the input chaining register associated with this instance of the AES. This is the register initialised by the IV in the calls to aes_init() and aes_reset().
**Parameters:**
←a Pointer to an instance of the aes structured, defined in miracl.h<br />
→ir A character array to hold the extracted 16-byte data
**Precondition:**
Must be preceded by a call to aes_init().
## BOOL aes_init* (aes * a, int mode, int nk, char * key, char * iv)
Initialises an Encryption/Decryption session using the Advanced Encryption Standard (AES). This is a
block cipher system that encrypts data in 128-bit blocks using a key of 128, 192 or 256 bits. See [Stinson] for more background on block ciphers.
**Parameters:**
→a Pointer to an instance of the aes structure defined in miracl.h<br />
←mode The mode of operation to be used: MR_ECB (Electronic Code Book), MR_CBC (Cipher
Block Chaining), MR_CFBn (Cipher Feed-Back where n is 1, 2 or 4), MR_PCFBn (error Propagating
Cipher Feed-Back where n is 1, 2 or 4) or MR_OFBn (Output Feed-Back where n is 1,
2, 4, 8 or 16). The value of n indicates the number of bytes to be processed in each application.
For more information on Modes of Operation, see [Stinson]. MR_PCFBn is an invention of our
own [Scott93]<br />
←nk The size of the key in bytes. It can be either 16, 24 or 32<br />
←key A pointer to the key<br />
←iv A pointer to the Initialisation Vector (IV). A 16-byte initialisation vector should be specified for
all modes other than MR_ECB, in which case it can be NULL
**Returns:**
TRUE if successful, otherwise FALSE.
## void aes_reset* (aes * a, int mode, char * iv)
Resets the AES structure.
**Parameters:**
←a Pointer to an instance of the aes structure defined in miracl.h<br />
←mode an Indication of the new mode of operation<br />
←iv A pointer to a (possibly new) initialisation vector
## void shs256_hash* (sha256 * sh, char hash[32])
Generates a 32 byte (256 bit) hash value into the provided array.
**Parameters:**
←sh Pointer to the current instance<br />
→hash Pointer to array to be filled
## void shs256_init* (sha256 * sh)
Initialises an instance of the Secure Hash Algorithm (SHA-256). Must be called before new use.
**Parameters:**
→sh Pointer to an instance of a structure defined in miracl.h
## void shs256_process* (sha256 * sh, int byte)
Processes a single byte. Typically called many times to provide input to the hashing process. The hash
value of all the processed bytes can be retrieved by a subsequent call to shs256_hash().
**Parameters:**
←sh Pointer to the current instance<br />
←byte Character to be processed
## void shs384_hash* (sha384 * sh, char hash[48])
Generates a 48 byte (384 bit) hash value into the provided array.
**Parameters:**
←sh Pointer to the current instance<br />
→hash Pointer to array to be filled
## void shs384_init* (sha384 * sh)
Initialises an instance of the Secure Hash Algorithm (SHA-384). Must be called before new use.
**Parameters:**
! sh Pointer to an instance of a structure defined in miracl.h
**Precondition:**
The SHA-384 algorithm is only available if 64-bit data-type is defined.
## void shs384_process* (sha384 * sh, int byte)
Processes a single byte. Typically called many times to provide input to the hashing process. The hash
value of all the processed bytes can be retrieved by a subsequent call to shs384_hash().
**Parameters:**
←sh Pointer to the current instance<br />
←byte Character to be processed
## void shs512_hash* (sha512 * sh, char hash[64])
Generates a 64 byte (512 bit) hash value into the provided array.
**Parameters:**
←sh Pointer to the current instance<br />
→hash Pointer to array to be filled
## void shs512_init* (sha512 * sh)
Initialises an instance of the Secure Hash Algorithm (SHA-512). Must be called before new use.
**Parameters:**
→sh Pointer to an instance of a structure defined in miracl.h.
**Precondition:**
The SHA-512algorithm is only available if 64-bit data-type is defined.
## void shs512_process* (sha512 * sh, int byte)
Processes a single byte. Typically called many times to provide input to the hashing process. The hash
value of all the processed bytes can be retrieved by a subsequent call to shs512_hash().
**Parameters:**
←sh Pointer to the current instance<br />
←byte Character to be processed
## void shs_hash* (sha * sh, char hash[20])
Generates a twenty byte (160 bit) hash value into the provided array.
**Parameters:**
←sh Pointer to the current instance<br />
→hash Pointer to array to be filled
## void shs_init* (sha * sh)
Initialises an instance of the Secure Hash Algorithm (SHA-1). Must be called before new use.
**Parameters:**
→sh Pointer to an instance of a structure defined in miracl.h
## void shs_process* (sha * sh, int byte)
Processes a single byte. Typically called many times to provide input to the hashing process. The hash
value of all the processed bytes can be retrieved by a subsequent call to shs_hash().
**Parameters:**
←sh Pointer to the current instance<br />
←byte Character to be processed
## void strong_bigdig (csprng * rng, int n, int b, big x)
Generates a big random number of given length from the cryptographically strong generator rng.
**Parameters:**
←rng A pointer to the random number generator<br />
←n<br />
←b<br />
→x Big random number n digits long to base b
**Precondition:**
The base b must be printable, that is 2 <= b <= 256
## void strong_bigrand (csprng * rng, big w, big x)
Generates a cryptographically strong random big number x using the random number generator rng wuch
that 0 <= x < w
**Parameters:**
←rng A pointer to the current instance<br />
←w<br />
→x
## void strong_init* (csprng * rng, int rawlen, char * raw, mr_unsign32 tod)
Initialises the cryptographically strong random number generator rng. The array raw (of length rawlen)
and the time-of-day value tod are the two sources used together to seed the generator. The former might be provided from random keystrokes, the latter from an internal clock. Subsequent calls to strong_rng() will provide random bytes.
**Parameters:**
→rng<br />
←rawlen<br />
←raw An array of length rawlen<br />
←tod A 32-bit time-of-day value
## void strong_kill* (csprng * rng)
Kills the internal state of the random number generator rng
**Parameters:**
←rng A pointer to a random number generator
## int strong_rng* (csprng * rng)
Generates a sequence of cryptographically strong random bytes.
**Parameters:**
←rng A pointer to a random number generator
**Returns:**
A random byte.

446
miracl/docs/miracl-explained/reference-manual/floating-slash-routines.md Normal file
View File

@ -0,0 +1,446 @@
* [What Is Miracl](../README.md)
* [Security Advisory](../security-advisory.md)
* [Benchmarks](../benchmarks.md)
* [Miracl Standard Curves](../miracl-standard-curves.md)
* [IEEE 1363](../ieee-1363.md)
* [Elliptic Curves](../elliptic-curves.md)
* [Licensing](../licensing.md)
* Reference Manual
* [Low Level Routines](low-level-routines.md)
* [Advanced Arithmetic Routines](advanced-arithmetic-routines.md)
* [Montgomery Arithmetic Routines](montgomery-arithmetic-routines.md)
* [ZZn2 Arithmetic Routines](zzn2-arithmetic-routines.md)
* [Encryption Routines](encryption-routines.md)
* [Elliptic Curve Routines](elliptic-curve-routines.md)
* Floating Slash Routines
* [Structure Reference](structure-reference.md)
Floating Slash Routines
---
In these routines a big parameter can also be used wherever a flash is specified, but not vice versa. Further information may be gleaned from the (lightly) commented source code. An asterisk after
the name indicates that the function does not take a mip parameter if MR_GENERIC_MT is defined in
mirdef.h.
## void build (flash x, int(*)(_MIPT_ big, int) gen)
Uses supplied generator of regular continued fraction expansion to build up a flash number x, rounded if
necessary.
**Parameters:**
→x The flash number created<br />
←gen The generator function
**Example:**
```
int phi(flash w, int n)
{
// rcf generator for golden ratio //
return 1;
}
...
build(x, phi);
...
// This will calculate the golden ratio (1 + sqrt(5)) / 2 in x -- very quickly!
```
## void dconv (double d, flash w)
Converts a double to flash format.
**Parameters:**
←d<br />
→w The flash equivalent of d
## void denom (flash x, big y)
Extracts the denominator of a flash number.
**Parameters:**
←x<br />
→y The denominator of x
## void facos (flash x, flash y)
Calculates arc-cosine of a flash number, using fasin().
**Parameters:**
←x<br />
→y = arccos(x)
**Precondition:**
|x| must be less than or equal to 1.
## void facosh (flash x, flash y)
Calculates hyperbolic arc-cosine of a flash number.
**Parameters:**
←x<br />
→y = arccosh(x)
**Precondition:**
|x| must be greater than or equal to 1.
## void fadd (flash x, flash y, flash z)
Adds two flash numbers.
**Parameters:**
←x<br />
←y<br />
→z = x + y
## void fasin (flash x, flash y)
Calculates arc-sin of a flash number, using fatan().
**Parameters:**
←x<br />
→y = arcsin(x)
**Precondition:**
|x| must be less than or equal to 1.
## void fasinh (flash x, flash y)
Calculates hyperbolic arc-sin of a flash number.
**Parameters:**
←x<br />
→y = arcsinh(x)
## void fatan (flash x, flash y)
Calculates the arc-tangent of a flash number, using an O(n2.5) method based on Newton's iteration.
**Parameters:**
←x<br />
→y = arctan(x)
### void fatanh (flash x, flash y)
Calculates the hyperbolic arc-tangent of a flash number.
**Parameters:**
←x<br />
→y = arctanh(x)
**Precondition:**
x2 must be less than 1
### int fcomp (flash x, flash y)
Compares two flash numbers.
**Parameters:**
←x<br />
←y
**Returns:**
-1 if y > x, +1 if x > y and 0 if x = y
### void fconv (int n, int d, flash x)
Converts a simple fraction to flash format.
**Parameters:**
←n<br />
←d<br />
→x = n/d
### void fcos (flash x, flash y)
Calculates cosine of a given flash angle, using ftan().
**Parameters:**
←x<br />
→y = cos(x)
### void fcosh (flash x, flash y)
Calculates hyperbolic cosine of a given flash angle.
**Parameters:**
←x<br />
→y = cosh(x)
### void fdiv (flash x, flash y, flash z)
Divides two flash numbers.
**Parameters:**
←x<br />
←y<br />
→z = x/y
### double fdsize (flash w)
Converts a flash number to double format.
**Parameters:**
←w
**Returns:**
The value of the parameter x as a double
**Precondition:**
The value of x must be representable as a double.
### void fexp (flash x, flash y)
Calculates the exponential of a flash number using O(n2.5) method.
**Parameters:**
←x<br />
→y = ex
### void fincr (flash x, int n, int d, flash y)
Add a simple fraction to a flash number.
**Parameters:**
←x<br />
←n<br />
←d<br />
→y = x + n/d
**Example:**
```
// This subtracts two-thirds from the value of x
fincr(x, -2, 3, x);
```
### void flog (flash x, flash y)
Calculates the natural log of a flash number using O(n2.5) method.
**Parameters:**
←x<br />
→y = log(x)
### void flop (flash x, flash y, int * op, flash z)
Performs primitive flash operation. Used internally. See source listing comments for more details.
**Parameters:**
←x<br />
←y<br />
←op<br />
→z = Fn(x,y), where the function performed depends on the parameter op.
### void fmodulo (flash x, flash y, flash z)
Finds the remainder when one flash number is divided by another.
**Parameters:**
←x<br />
←y<br />
→z = x (mod y)
### void fmul (flash x, flash y, flash z)
Multiplies two flash numbers.
**Parameters:**
←x<br />
←y<br />
→z = xy
### void fpack (big n, big d, flash x)
Forms a flash number from big numerator and denominator.
**Parameters:**
←n<br />
←d<br />
→x = n/d
**Precondition:**
The denominator must be non-zero. Flash variable x and big variable d must be distinct. The resulting
flash variable must not be too big for the representation.
### void fpi (flash pi)
Calculates π using Gauss-Legendre O(n2 log n) method. Note that on subsequent calls to this routine, π is
immediately available, as it is stored internally. (This routine is disappointingly slow. There appears to be
no simple way to calculate a rational approximation to π quickly).
**Parameters:**
→pi =π
> Internally allocated memory is freed when the current MIRACL instance is ended by a call to mirexit().
### void fpmul (flash x, int n, int d, flash y)
Multiplies a flash number by a simple fraction.
**Parameters:**
←x<br />
←n<br />
←d<br />
→y = xn/d
### void fpower (flash x, int n, flash w)
Raises a flash number to an integer power.
**Parameters:**
←x<br />
←n<br />
→w = xn
### void fpowf (flash x, flash y, flash z)
Raises a flash number to a flash power.
**Parameters:**
←x<br />
←y<br />
→z = xy
### void frand (flash x)
Generates a random flash number.
**Parameters:**
→x A flash random number in the range 0 < x < 1
### void frecip (flash x, flash y)
Calculates reciprocal of a flash number.
**Parameters:**
←x<br />
→y = 1/x
### BOOL froot (flash x, int n, flash w)
Calculates n-th root of a flash number using Newton's O(n2) method.
**Parameters:**
←x<br />
←n<br />
→w = nx
**Returns:**
TRUE for exact root, otherwise FALSE.
### void fsin (flash x, flash y)
Calculates sine of a given flash angle. Uses ftan().
**Parameters:**
←x<br />
→y = sin(x)
### void fsinh (flash x, flash y)
Calculates hyperbolic sine of a given flash angle.
**Parameters:**
←x<br />
→y = sinh(x)
### void fsub (flash x, flash y, flash z)
Subtracts two flash numbers.
**Parameters:**
←x<br />
←y<br />
→z = x y
### void ftan (flash x, flash y)
Calculates the tan of a given flash angle, using an O(n2.5) method.
**Parameters:**
←x<br />
→y = tan(x)
### void ftanh (flash x, flash y)
Calculates the hyperbolic tan of a given flash angle.
**Parameters:**
←x<br />
→y = tanh(x)
### void ftrunc (flash x, big y, flash z)
Separates a flash number to a big number and a flash remainder.
**Parameters:**
←x<br />
→y = int(x)<br />
→z The fractional remainder. If y is the same as z, only int(x) is returned
### void mround (big num, big den, flash z)
Forms a rounded flash number from big numerator and denominator. If rounding takes place the instance
variable EXACT is set to FALSE. EXACT Is initialised to TRUE in routine mirsys(). This routine is used
internally.
**Parameters:**
←num<br />
←den<br />
→z = R(num/dem)--- the flash number num/dem is rounded if necessary to fit the representation
**Precondition:**
The denominator must be non-zero.
### void numer (flash x, big y)
Extracts the numerator of a flash number.
**Parameters:**
←x<br />
→y the numerator of x

880
miracl/docs/miracl-explained/reference-manual/low-level-routines.md Normal file
View File

@ -0,0 +1,880 @@
* [What Is Miracl](../README.md)
* [Security Advisory](../security-advisory.md)
* [Benchmarks](../benchmarks.md)
* [Miracl Standard Curves](../miracl-standard-curves.md)
* [IEEE 1363](../ieee-1363.md)
* [Elliptic Curves](../elliptic-curves.md)
* [Licensing](../licensing.md)
* Reference Manual
* Low Level Routines
* [Advanced Arithmetic Routines](advanced-arithmetic-routines.md)
* [Montgomery Arithmetic Routines](montgomery-arithmetic-routines.md)
* [ZZn2 Arithmetic Routines](zzn2-arithmetic-routines.md)
* [Encryption Routines](encryption-routines.md)
* [Elliptic Curve Routines](elliptic-curve-routines.md)
* [Floating Slash Routines](floating-slash-routines.md)
* [Structure Reference](structure-reference.md)
Low Level Routines
---
In these routines a big parameter can also be used wherever a flash is specified, but not vice versa. Further information may be gleaned from the (lightly) commented source code. An asterisk after
the name indicates that the function does not take a mip parameter if MR_GENERIC_MT is defined in
mirdef.h.
## void absol* (flash x, flash y)
Gives absolute value of a big or flash number.
**Parameters:**
←|x The number whose absolute value is to be computed<br />
→y = |x|
## void add (big x, big y, big z)
Adds two big numbers.
**Parameters:**
←x<br />
→y<br />
→z = x + y
**Example:**
```
add(x, x, x); // This doubles the value of x
```
## int big_to_bytes (int max, big x, char * ptr, BOOL justify)
Converts a positive big number into a binary octet string. Error checking is carried out to ensure that the
function does not write beyond the limits of ptr if `max > 0`. If `max = 0`, no checking is carried out. If `max > 0 and justify = TRUE`, the output is right-justified, otherwise leading zeros are supressed.
**Parameters:**
←max Maximum number of octets to be written in ptr<br />
←x The original big number<br />
→ptr Destination of the binary octet string<br />
→justify If TRUE, the output is right-justified, otherwise leading zeros are supressed.
**Returns:**
The number of bytes generated in ptr. If justify = TRUE then the return value is max.
**Precondition:**
max must be greater than 0 if justify = TRUE
## void bigbits (int n, big x)
Generates a big random number of given length. Uses the built-in simple random number generator initialised
by irand().
**Parameters:**
←n The desired length of the random big number<br />
→x The random number
## mr_small brand (void)
Generates random integer number.
**Returns:**
A random integer number.
**Precondition:**
First use must be preceded by an initial call to irand().
> This generator is not cryptographically strong. For cryptographic applications, use the strong_rng() routine.
## void bytes_to_big (int len, char * ptr, big x)
Converts a binary octet string to a big number. Binary to big conversion.
**Parameters:**
←len Length of ptr<br />
←ptr Byte array of the binary octet string<br />
→x Big result
**Example:**
```
#include <stdio.h>
#include "miracl.h"
int main()
{
int i, len;
miracl *mip = mirsys(100, 0);
big x, y;
char b[200]; // b needs space allocated to it
x = mirvar(0); // all big variables need to be "mirvar"ed
y = mirvar(0);
expb2(100, x);
incr(x, 3, x); // x = 2^100 + 3
len = big_to_bytes(200, x, b, FALSE);
// Now b contains big number x in raw binary
// It is len bytes in length
// now print out the raw binary number b in hex
for (i = 0; i < len; i++) printf("%02x", b[i]);
printf("n");
// now convert it back to big format, and print it out again
bytes_to_big(len, b, y);
mip->IOBASE = 16;
cotnum(y, stdout);
return 0;
}
```
## int cinnum (flash x, FILE * filep)
Inputs a flash/big number from the keyboard or a file, using as number base the current value of the instance variable miracl::IOBASE. Flash numbers can be entered using either a slash '/' to indicate numerator and denominator, or with a radix point.
**Parameters:**
→x Big/flash number
←filep File descriptor. For input from the keyboard specify stdin, otherwise as the descriptor of
some other opened file.
> To force input of a fixed number of bytes, set the instance variable miracl::INPLEN to the required number, just before calling cinnum().
**Example:**
```
mip->IOBASE = 256;
mip->INPLEN = 14; // this inputs 14 bytes from fp and
cinnum(x, fp); // converts them into big number x
```
## int cinstr (flash x, char * string)
Inputs a flash/big number from a character string, using as number base the current value of the instance
variable miracl::IOBASE. Flash numbers can be input using a slash '/' to indicate numerator and denominator,
or with a radix point.
**Parameters:**
→x<br />
←string
**Returns:**
The number of input characters.
**Example:**
```
// input large hex number into big x
mip->IOBASE = 16;
cinstr(x, "AF12398065BFE4C96DB723A");
```
## int compare* (big x, big y)
Compares two big numbers.
**Parameters:**
←x<br />
→y
**Returns:**
+1 if x > y; 0 if x = y; -1 if x < y
## void convert (int n, big x)
Converts an integer number to big number format.
**Parameters:**
←n<br />
→x
## void copy* (flash x, flash y)
Copies a big/flash number to another.
**Parameters:**
←x<br />
→y= x
**Parameters:**If x and y are the same variable, no operation is performed.
## int cotnum (flash x, FILE * filep)
Outputs a big/flash number to the screen or to a file, using as number base the value currently assigned to
the instance variable miracl::IOBASE. A flash number will be converted to radix-point representation if
the instance variable miracl::RPOINT = ON. Otherwise it will output as a fraction.
**Parameters:**
←x Big/flash number to be output<br />
→filep File descriptor. If stdout then output will be to the screen, otherwise to the file opened with
descriptor filep.
**Returns:**
Number of output characters.
**Example:**
```
// This outputs x in hex, to the file associated with fp
mip->IOBASE = 16;
cotnum(x, fp);
```
## int cotstr (flash x, char * string)
Outputs a big/flash number to the specified string, using as number base the value currently assigned to the
instance variable miracl::IOBASE. A flash number will be converted to radix-point representation if the
instance variable miracl::RPOINT = ON. Otherwise it will be output as a fraction.
**Parameters:**
←x<br />
→string
**Returns:**
Number of output characters.
> There is nothing to prevent this routine from overflowing the limits of the user supplied
> character array string, causing obscure runtime problems. It is the programmer's responsibility to
> ensure that string is big enough to contain the number output to it. Alternatively use the internally
> declared instance string miracl::IOBUFF, which is of size miracl::IOBSIZ. If this array overflows a
> MIRACL error will be flagged.
## void decr (big x, int n, big z)
Decrements a big number by an integer amount.
**Parameters:**
←x<br />
←n<br />
→z = x n
## void divide (big x, big y, big z)
Divides one big number by another: z = x/y, x = x (mod y). The quotient only is returned if x and z
are the same, the remainder only if y and z are the same.
**Parameters:**
←→x<br />
→y<br />
→z
**Precondition:**
Parameters x and y must be different, and y must be non-zero.
> See also: **normalise()**
## BOOL divisible (big x, big y)
Tests a big number for divisibility by another.
**Parameters:**
←x<br />
→y
**Returns:**
TRUE if y divides x exactly, otherwise FALSE.
**Precondition:**
The parameter y must be non-zero.
## void* ecp_memalloc (int num)
Reserves space for a number elliptic curve points in one heap access. Individual points can subsequently
be initialised from this memory by calling epoint_init_mem().
**Parameters:**
←num The number of elliptic curve points to reserve space for.
**Returns:**
A pointer to the allocated memory.
## void ecp_memkill (char * mem, int num)
Deletes and sets to zero the memory previously allocated by ecp_memalloc().
**Parameters:**
→mem Pointer to the memory to be erased and deleted<br />
←num The size of the memory in elliptic curve points
**Precondition:**
Must be preceded by a call to ecp_memalloc().
## int exsign* (flash x)
Extracts the sign of a big/flash number.
**Parameters:**
←x A big/flash number
**Returns:**
The sign of x, i.e. -1 if x is negative, +1 if x is zero or positive.
## miracl* get_mip ()
Gets the current Miracl Instance Pointer.
**Returns:**
The mip (Miracl Instance Pointer) for the current thread.
**Precondition:**
This function does not exist if MR_GENERIC_MT is defined.
## int getdig (big x, int i)
Extracts a digit from a big number.
**Parameters:**
←x A big number<br />
→i The position of the digit to be extracted from x
**Returns:**
The value of the requested digit.
> Returns rubbish if required digit does not exist.
## unsigned int igcd* (unsigned int x, unsigned int y)
Calculates the Greatest Common Divisor of two integers using Euclid's Method.
**Parameters:**
←x<br />
←y
**Returns:**
The GCD of x and y.
## void incr (big x, int n, big z)
Increments a big number.
**Parameters:**
←x<br />
←n<br />
→z = x + n
**Example:**
```
incr(x, 2, x); // This increments x by 2
```
## BOOL init_big_from_rom (big x, int len, const mr_small * rom, int romsize, int * romptr)
Initialises a big variable from ROM memory.
**Parameters:**
→rx A big number<br />
←len Length of the big number in computer words<br />
←rom Address of ROM memory which stores up to romsize computer words<br />
←romsize<br />
←→romptr A pointer into ROM. This pointer is incremented internally as ROM memory is accessed
to fill x
**Returns:**
TRUE if successful, or FALSE if an attempt is made to read beyond the end of the ROM.
## BOOL init_point_from_rom (epoint * P, int len, const mr_small * rom, int romsize, int * romptr)
Initialises an elliptic curve point from ROM memory.
**Parameters:**
→P An elliptic curve point<br />
←len Length of the two big coordinates of P, in computer words<br />
←rom Address of ROM memory which stores up to romsize computer words<br />
←romsize<br />
←→romptr A pointer into ROM. This pointer is incremented internally as ROM memory is accessed
to fill P
**Returns:**
TRUE if successful, or FALSE if an attempt is made to read beyond the end of the ROM.
## int innum (flash x, FILE * filep)
Inputs a big/flash number from a file or the keyboard, using as number base the value specified in the
initial call to mirsys(). Flash numbers can be entered using either a slash '/' to indicate numerator and
denominator, or with a radix point.
**Parameters:**
→x A big/flash number<br />
←filep A file descriptor. For input from the keyboard specify stdin, otherwise the descriptor of
some other opened file.
**Returns:**
The number of characters input.
**Precondition:**
The number base specified in mirsys() must be less than or equal to 256. If not use cinnum() instead.
> For fastest inputting of ASCII text to a big number, and if a full-width base is possible, use mirsys(...,256) initially. This has the same effect as specifying mirsys(...,0), except that now ASCII bytes may be input directly via innum(x, fp) without the time-consuming change of base implicit in the use of cinnum().
## void insign* (int s, flash x)
Forces a big/flash number to a particular sign.
**Parameters:**
←s The sign the big/flash is to take<br />
→x = s|x|
**Example:**
```
insign(PLUS, x); // force x to be positive
```
## int instr (flash x, char * string)
Inputs a big or flash number from a character string, using as number base the value specified in the
initial call to mirsys(). Flash numbers can be entered using either a slash '/' to indicate numerator and
denominator, or with a radix point.
**Parameters:**
→x<br />
←string
**Returns:**
The number of characters input.
**Precondition:**
The number base specified in mirsys() must be less than or equal to 256. If not use cinstr() instead.
## void irand (mr_unsign32 seed)
Initialises internal random number system. Long integer types are used internally to yield a generator with
maximum period.
**Parameters:**
←seed A seed used to start off the random number generator.
## void lgconv (long n, big x)
Converts a long integer to big number format.
**Parameters:**
←n<br />
→x
## void mad (big x, big y, big z, big w, big q, big r)
Multiplies, adds and divides big numbers. The initial product is stored in a double-length internal variable
to avoid the possibility of overflow at this stage.
**Parameters:**
←x<br />
←y<br />
←z<br />
←w<br />
→q = (xy + z)/w<br />
→r The remainder
> If w and q are not distinct variables then only the remainder is returned; if q and r are not distinct then only the quotient is returned. The addition of z is not done if x and z (or y and z) are the same.
**Precondition:**
Parameters w and r must be distinct. The value of w must not be zero.
**Example:**
```
mad(x, x, x, w, x, x,); // x = x^2 / w
```
## void* memalloc (int num)
Reserves space for big/flash variables in one heap access. Individual big/flash variables can subsequently
be initialised from this memory by calling mirvar_mem().
**Parameters:**
←num The number of big/flash variables to reserve space for.
**Returns:**
A pointer to the allocated memory
## void memkill (char * mem, int len)
Deletes and sets to zero the memory previously allocated by memalloc().
**Parameters:**
→mem A pointer to the memory to be erased and deleted<br />
←len The size of that memory in bigs
**Precondition:**
Must be preceded by a call to memalloc()
## void mirexit (void)
Cleans up after the current instance of MIRACL, and frees all internal variables. A subsequent call to
mirsys() will re-initialise the MIRACL system.
**Precondition:**
Must be called after mirsys().
## void mirkill* (big x)
Securely kills off a big/flash number by zeroising it, and freeing its memory.
**Parameters:**
←x.
## miracl* mirsys (int nd, mr_small nb)
Initialises the MIRACL system for the current program thread, as described below. Must be called before
attempting to use any other MIRACL routines
1. The error tracing mechanism is initialised.
2. The number of computer words to use for each big/flash number is calculated from nd and nb.
3. Sixteen big work variables (four of them double length) are initialised.
4. Certain instance variables are given default initial values.
5. The random number generator is started by calling irand(0L).
**Parameters:**
←nd The number of digits to use for each big/flash variable. If negative, it is taken as indicating the
size of big/flash numbers in 8-bit bytes<br />
→nb The number base
**Returns:**
The Miracl Instance Pointer, via which all instance variables can be accessed, or NULL if there was
not enough memory to create an instance
**Precondition:**
The number base nb should normally be greater than 1 and less than or equal to MAXBASE. A base of
0 implies that the 'full-width' number base should be used. The number of digits nd must be less than
a certain maximum, depending on the underlying type mr_utype and on whether or not MR_FLASH
is defined
**Example:**
```
// This initialises the MIRACL system to use 500 decimal digits for each
// big or flash number
miracl *mip = mirsys(500, 10);
```
## flash mirvar (int iv)
Initialises a big/flash variable by reserving a suitable number of memory locations for it. This memory may
be released by a subsequent call to the function mirkill().
**Parameters:**
←iv An integer initial value for the big/flash number
**Returns:**
A pointer to the reserved memory
**Example:**
```
flash x;
x = mirvar(8); // Creates a flash variable x = 8
```
## flash mirvar_mem (char * mem, int index)
Initialises memory for a big/flash variable from a pre-allocated byte array mem. This array may be created
from the heap by a call to memalloc(), or in some other way. This is quicker than multiple calls to mirvar().
**Parameters:**
←mem A pointer to the pre-allocated array<br />
←index An index into that array. Each index should be unique
**Returns:**
An initialised big/flash variable
**Precondition:**
Sufficient memory must have been allocated and pointed to by mem.
## void multiply (big x, big y, big z)
Multiplies two big numbers.
**Parameters:**
←x<br />
←y<br />
→z = xy
## void negify* (flash x, flash y)
Negates a big/flash number.
**Parameters:**
←x<br />
→y = - x
> negify(x,x) is valid and sets x = - x
## mr_small normalise (big x, big y)
Multiplies a big number such that its most significant word is greater than half the number base. If such
a number is used as a divisor by divide(), the division will be carried out faster. If many divisions by the
same divisor are required, it makes sense to normalise the divisor just once beforehand.
**Parameters:**
←x<br />
→y = nx
**Returns:**
n, the normalising multiplier
> Use with care. Used internally.
## int numdig (big x)
Determines the number of digits in a big number.
**Parameters:**
←x
**Returns:**
The number of digits in x.
## int otnum (flash x, FILE * filep)
Outputs a big/flash number to the screen or to a file, using as number base the value specified in the initial
call to mirsys(). A flash number will be converted to radix-point representation if the instance variable
miracl::RPOINT = ON. Otherwise it will be output as a fraction.
**Parameters:**
←x A big/flash number<br />
←filep A file descriptor. If stdout then output will be to the screen, otherwise to the file opened with descriptor filep
**Returns:**
Number of output characters
**Precondition:**
The number base specified in mirsys() must be less than or equal to 256. If not, use cotnum() instead.
## int otstr (flash x, char * string)
Outputs a big or flash number to the specified string, using as number base the value specified in the initial
call to mirsys(). A flash number will be converted to radix-point representation if the instance variable
miracl::RPOINT = ON. Otherwise it will be output as a fraction.
**Parameters:**
←x A big/flash number<br />
→string A representation of x
**Returns:**
Number of output characters
**Precondition:**
The number base specified in mirsys() must be less than or equal to 256. If not, use cotstr() instead
> There is nothing to prevent this routine from overflowing the limits of the user supplied
> character array string, causing obscure runtime problems. It is the programmer's responsibility to
> ensure that string is big enough to contain the number output to it. Alternatively use the internally
> declared instance string miracl::IOBUFF, which is of size miracl::IOBSIZ. If this array overflows a
> MIRACL error will be flagged.
## void premult (big x, int n, big z)
Multiplies a big number by an integer.
**Parameters:**
←x<br />
←n<br />
→z = nx
## void putdig (int n, big x, int i)
Sets a digit of a big number to a given value.
**Parameters:**
←n The new value for the digit<br />
→x A big number<br />
←i A digit position
**Precondition:**
The digit indicated must exist.
## int remain (big x, int n)
Finds the integer remainder, when a big number is divided by an integer.
**Parameters:**
←x<br />
←n
**Returns:**
The integer remainder.
## void set_io_buffer_size (int len)
Sets the size of the input/output buffer. By default this is set to 1024, but programs that need to handle very
large numbers may require a larger I/O buffer.
**Parameters:**
←len The size of I/O buffer required
> Destroys the current contents of the I/O buffer.
## void set_user_function (BOOL(*)(void) user)
Supplies a user-specified function, which is periodically called during some of the more time-consuming
MIRACL functions, particularly those involved in modular exponentiation and in finding large prime numbers.
The supplied function must take no parameters and return a BOOL value. Normally this should be
TRUE. If FALSE then MIRACL will attempt to abort its current operation. In this case the function should
continue to return FALSE until control is returned to the calling program. The user-supplied function
should normally include only a few instructions, and no loops, otherwise it may adversely impact the speed
of MIRACL functions
Once MIRACL is initialised, this function may be called multiple times with a new supplied function. If
no longer required, call with a NULL parameter.
**Parameters:**
←user A pointer to a user-supplied function, or NULL if not required
**Example:**
```
// Windows Message Pump
static BOOL idle()
{
MSG msg;
if (PeekMessage(&msg, NULL, 0, 0, PM_NOREMOVE))
{
if (msg.message != WM_QUIT)
{
if (PeekMessage(&msg, NULL, 0, 0, PM_REMOVE))
{
// do a Message Pump
TranslateMessage(&msg);
DispatchMessage(&msg);
}
}
else
return FALSE;
}
return TRUE;
}
...
set_user_function(idle);
```
## int size* (big x)
Tries to convert big number to a simple integer. Also useful for testing the sign of big/flash variable as in:
if (size(x) < 0) ...
**Parameters:**
←x A big number
**Returns:**
The value of x as an integer. If this is not possible (because x is too big) it returns the value plus or
minus MR_TOOBIG.
## int subdiv (big x, int n, big z)
Divides a big number by an integer
**Parameters:**
←x<br />
←n<br />
→z = x/n
**Returns:**
The integer remainder
**Precondition:**
The value of n must not be zero.
## BOOL subdivisible (big x, int n)
Tests a big number for divisibility by an integer.
**Parameters:**
←x<br />
←n
**Returns:**
TRUE if n divides x exactly, otherwise FALSE
**Precondition:**
The value of n must not be zero.
## void subtract (big x, big y, big z)
Subtracts two big numbers.
**Parameters:**
←x<br />
←y<br />
→z = x y
## void zero* (flash x)
Sets a big/flash number to zero.
**Parameters:**
→x

349
miracl/docs/miracl-explained/reference-manual/montgomery-arithmetic-routines.md Normal file
View File

@ -0,0 +1,349 @@
* [What Is Miracl](../README.md)
* [Security Advisory](../security-advisory.md)
* [Benchmarks](../benchmarks.md)
* [Miracl Standard Curves](../miracl-standard-curves.md)
* [IEEE 1363](../ieee-1363.md)
* [Elliptic Curves](../elliptic-curves.md)
* [Licensing](../licensing.md)
* Reference Manual
* [Low Level Routines](low-level-routines.md)
* [Advanced Arithmetic Routines](advanced-arithmetic-routines.md)
* Montgomery Arithmetic Routines
* [ZZn2 Arithmetic Routines](zzn2-arithmetic-routines.md)
* [Encryption Routines](encryption-routines.md)
* [Elliptic Curve Routines](elliptic-curve-routines.md)
* [Floating Slash Routines](floating-slash-routines.md)
* [Structure Reference](structure-reference.md)
Montgomery Arithmetic Routines
---
In these routines a big parameter can also be used wherever a flash is specified, but not vice versa. Further information may be gleaned from the (lightly) commented source code. An asterisk after
the name indicates that the function does not take a mip parameter if MR_GENERIC_MT is defined in
mirdef.h.
## void nres (big x, big y)
Converts a big number to n-residue form.
**Parameters:**
←x<br />
→y the n-residue form of x
**Precondition:**
Must be preceded by call to prepare_monty()
> See also: **redc**
## void nres_dotprod (int m, big * x, big * y, big w)
Finds the dot product of two arrays of n-residues. So-called "lazy" reduction is used, in that the sum of
products is only reduced once with respect to the Montgomery modulus. This is quicker---nearly twice as fast.
**Parameters:**
←m<br />
←x An array of m n-residues<br />
←y An array of m n-residues<br />
→w =Σxiyi (mod n), where n is the current Montgomery modulus
**Precondition:**
Must be preceded by call to prepare_monty().
## void nres_double_modadd (big x, big y, big w)
Adds two double length bigs modulo pR, where R = 2n and n is the smallest multiple of the word-length
of the underlying MIRACL type, such that R > p. This is required for lazy reduction.
**Parameters:**
←x<br />
←y<br />
→w = a + b (mod pR)
## void nres_double_modsub (big x, big y, big w)
Subtracts two double length bigs modulo pR, where R = 2n and n is the smallest multiple of the wordlength
of the underlying MIRACL type, such that R > p. This is required for lazy reduction.
**Parameters:**
←x<br />
←y<br />
→w = a b (mod pR)
## void nres_lazy (big a0, big a1, big b0, big b1, big r, big i)
Uses the method of lazy reduction combined with Karatsuba's method to multiply two zzn2 variables.
Requires just 3 multiplications and two modular reductions.
**Parameters:**
←a0<br />
←a1<br />
←b0<br />
←b1<br />
→r = the "real part" of (a0 + a1i)(b0 + b1i)<br />
→i = the "imaginary part" of (a0 + a1i)(b0 + b1i)
## void nres_lucas (big p, big r, big vp, big v)
Modular Lucas exponentiation of an n-residue.
**Parameters:**
←p An n-residue<br />
←r A big exponent<br />
→vp = Vr1(p) (mod n) where n is the current Montgomery modulus<br />
→v = Vr(p) (mod n) where n is the current Montgomery modulus
> Only v is returned if v and vp are the same big variable.
**Precondition:**
Must be preceded by call to prepare_monty() and conversion of the first parameter to n-residue form.
Note that the exponent is not converted to n-residue form
> See also: **lucas**
## void nres_modadd (big x, big y, big w)
Modular addition of two n-residues.
**Parameters:**
←x<br />
←y<br />
→w = x + y (mod n), where n is the current Montgomery modulus
**Precondition:**
Must be preceded by a call to prepare_monty().
## int nres_moddiv (big x, big y, big w)
Modular division of two n-residues.
**Parameters:**
←x<br />
←y<br />
→w = x/y (mod n), where n is the current Montgomery modulus
**Returns:**
GCD of y and n as an integer, if possible, or MR_TOOBIG. Should be 1 for a valid result
**Precondition:**
Must be preceded by call to prepare_monty() and conversion of parameters to n-residue form. Parameters
x and y must be distinct.
## void nres_modmult (big x, big y, big w)
Modular multiplication of two n-residues. Note that this routine will invoke a KCM Modular Multiplier if
MR_KCM has been defined in mirdef.h and set to an appropriate size for the current modulus, or a Comba
fixed size modular multiplier if MR_COMBA is defined as exactly the size of the modulus.
**Parameters:**
←x<br />
←y<br />
→w = xy (mod n), where n is the current Montgomery modulus
**Precondition:**
Must be preceded by call to prepare_month() and conversion of parameters to n-residue form.
### void nres_modsub (big x, big y, big w)
Modular subtraction of two n-residues.
**Parameters:**
←x<br />
←y<br />
→w = x y (mod n), where n is the current Montgomery modulus
**Precondition:**
Must be preceded by a call to prepare_monty().
### BOOL nres_multi_inverse (int m, big * x, big * w)
Finds the modular inverses of many numbers simultaneously, exploiting Montgomery's observation that
x1 = y(xy)1, y1 = x(xy)1. This will be quicker, as modular inverses are slow to calculate, and this
way only one is required.
**Parameters:**
←m The number of inverses required<br />
←x An array of m n-residues whose inverses are wanted<br />
→w An array with the inverses of za x
**Returns:**
TRUE if successful, otherwise FALSE
**Precondition:**
The parameters x and w must be distinct.
### void nres_negate (big x, big w)
Modular negation.
**Parameters:**
←x An n-residue number<br />
→w = x (mod n), where n is the current Montgomery modulus
**Precondition:**
Must be preceded by a call to prepare_monty().
### void nres_powltr (int x, big y, big w)
Modular exponentiation of an n-residue.
**Parameters:**
←x<br />
←y<br />
→w = xy (mod n), where n is the current Montgomery modulus
**Precondition:**
Must be preceded by call to prepare_monty(). Note that the small integer x and the exponent are not
converted to n-residue form.
### void nres_powmod (big x, big y, big w)
Modular exponentiation of an n-residue.
**Parameters:**
←x An n-reside number, the base<br />
←y A big number, the exponent<br />
→w = xy (mod n), where n is the current Montgomery modulus
**Precondition:**
Must be preceded by call to prepare_monty() and conversion of the first parameter to n-residue form.
Note that the exponent is not converted to n-residue form
> See also: **nres_powltr, nres_powmod2**
**Example:**
```
prepare_monty(n);
...
nres(x, y); // convert to n-residue form
nres_powmod(y, e, z);
redc(z, w); // convert back to normal form
```
### void nres_powmod2 (big x, big y, big a, big b, big w)
Calculates the product of two modular exponentiations involving n-residues.
**Parameters:**
←x An n-residue number<br />
←y A big integer<br />
←a An n-residue number<br />
←b A big integer<br />
→w = xy ab (mod n), where n is the current Montgomery modulus
**Precondition:**
Must be preceded by call to prepare_monty() and conversion of the appropriate parameters to n-residue
form. Note that the exponents are not converted to n-residue form
> See also: **nres_powltr, nres_powmod**
### void nres_powmodn (int n, big * x, big * y, big w)
Calculates the product of n modular exponentiations involving n-residues. Extra memory is allocated
internally by this function.
**Parameters:**
←n The number of n-residue numbers<br />
←x An array of n n-residue numbers<br />
←y An array of n big integers<br />
→w = x[0]y[0]x[1]y[1] · · · x[n 1]y[n1) (mod p), where p is the current Montgomery modulus
**Precondition:**
Must be preceded by call to prepare_monty() and conversion of the appropriate parameters to n-residue
form. Note that the exponents are not converted to n-residue forms.
### void nres_premult (big x, int k, big w)
Multiplies an n-residue by a small integer.
**Parameters:**
←x<br />
←k<br />
→w = kx (mod n), where n is the current Montgomery modulus
**Precondition:**
Must be preceded by call to prepare_monty() and conversion of the first parameter to n-residue form.
Note that the small integer is not converted to n-residue form
> See also: **nres_modmult**
### BOOL nres_sqroot (big x, big w)
Calculates the square root of an n-residue mod a prime modulus.
**Parameters:**
←x<br />
→w =x (mod n), where n is the current Montgomery modulus
**Returns:**
TRUE if the square root exists, otherwise FALSE
**Precondition:**
Must be preceded by call to prepare_monty() and conversion of the first parameter to n-residue form.
### mr_small prepare_monty (big n)
Prepares a Montgomery modulus for use. Each call to this function replaces the previous modulus (if any).
**Parameters:**
←n A big number which is to be the Montgomery modulus
**Returns:**
None
**Precondition:**
The parameter n must be positive and odd. Allocated memory is freed when the current instance of
MIRACL is terminated by a call to mirexit().
### void redc (big x, big y)
Converts an n-residue back to normal form.
**Parameters:**
←x an n-residue<br />
→y the normal form of the n-residue x
**Precondition:**
Must be preceded by call to prepare_monty()
> See also: **nres**

48
miracl/docs/miracl-explained/reference-manual/structure-reference.md Normal file
View File

@ -0,0 +1,48 @@
* [What Is Miracl](../README.md)
* [Security Advisory](../security-advisory.md)
* [Benchmarks](../benchmarks.md)
* [Miracl Standard Curves](../miracl-standard-curves.md)
* [IEEE 1363](../ieee-1363.md)
* [Elliptic Curves](../elliptic-curves.md)
* [Licensing](../licensing.md)
* Reference Manual
* [Low Level Routines](low-level-routines.md)
* [Advanced Arithmetic Routines](advanced-arithmetic-routines.md)
* [Montgomery Arithmetic Routines](montgomery-arithmetic-routines.md)
* [ZZn2 Arithmetic Routines](zzn2-arithmetic-routines.md)
* [Encryption Routines](encryption-routines.md)
* [Elliptic Curve Routines](elliptic-curve-routines.md)
* [Floating Slash Routines](floating-slash-routines.md)
* Structure Reference
MIRACL Structure Reference
---
## MIRACL Instance Pointer
`#include <miracl.h>`
## Field Documentation
`BOOL ERCON` - errors by default generate an error message and immediately abort the program. Alternatively by setting mip->ERCON=TRUE error control is left to the user.
`int ERNUM` - number of the last error that occurred.
`BOOL EXACT` - initialised to TRUE. Set to FALSE if any rounding takes place during flash arithmetic.
`int INPLEN` - length of input string. Must be used when inputting binary data.
`int IOBASE` - the 'printable' number base to be used for input and output. May be changed at will within a program. Must be greater than or equal to 2 and less than or equal to 256.
`int IOBSIZ` size of I/O buffer.
`char* IOBUFF` input/output buffer.
`int NTRY` - number of iterations used in probabilistic primality test by isprime(). Initialised to 6.
`int* PRIMES` pointer to a table of small prime numbers.
`BOOL RPOINT` - if set to ON numbers are output with a radix point. Otherwise they are output as fractions (the default).
`BOOL TRACER` - if set to ON causes debug information to be printed out, tracing the progress of all subsequent calls to MIRACL routines. Initialised to OFF.

544
miracl/docs/miracl-explained/reference-manual/zzn2-arithmetic-routines.md Normal file
View File

@ -0,0 +1,544 @@
* [What Is Miracl](../README.md)
* [Security Advisory](../security-advisory.md)
* [Benchmarks](../benchmarks.md)
* [Miracl Standard Curves](../miracl-standard-curves.md)
* [IEEE 1363](../ieee-1363.md)
* [Elliptic Curves](../elliptic-curves.md)
* [Licensing](../licensing.md)
* Reference Manual
* [Low Level Routines](low-level-routines.md)
* [Advanced Arithmetic Routines](advanced-arithmetic-routines.md)
* [Montgomery Arithmetic Routines](montgomery-arithmetic-routines.md)
* ZZn2 Arithmetic Routines
* [Encryption Routines](encryption-routines.md)
* [Elliptic Curve Routines](elliptic-curve-routines.md)
* [Floating Slash Routines](floating-slash-routines.md)
* [Structure Reference](structure-reference.md)
ZZn2 Arithmetic Routines
---
In these routines a big parameter can also be used wherever a flash is specified, but not vice versa. Further information may be gleaned from the (lightly) commented source code. An asterisk after
the name indicates that the function does not take a mip parameter if MR_GENERIC_MT is defined in
mirdef.h.
## void zzn2_add (zzn2 * x, zzn2 * y, zzn2 * w)
Adds two zzn2 variables.
**Parameters:**
←x<br />
←y<br />
→w = x + y
## BOOL zzn2_compare* (zzn2 * x, zzn2 * y)
Compares two zzn2 variables for equality.
**Parameters:**
←x<br />
←y
**Returns:**
TRUE if x = y, otherwise FALSE.
## void zzn2_conj (zzn2 *x, zzn2 *w)
Finds the conjugate of a zzn2.
**Parameters:**
←x<br />
→w If x = a + bi, then w = a - bi
## void zzn2_copy* (zzn2 * x, zzn2 * w)
Copies one zzn2 to another.
**Parameters:**
←x<br />
→w = x
## void zzn2_from_big (big x, zzn2 * w)
Creates a zzn2 from a big integer. This is converted internally into n-residue format.
**Parameters:**
←x<br />
→w = x
## void zzn2_from_bigs (big x, big y, zzn2 * w)
Creates a zzn2 from two big integers. These are converted internally into n-residue format.
**Parameters:**
←x<br />
←y<br />
→w = x + yi
## void zzn2_from_int (int i, zzn2 * w)
Converts an integer to zzn2 format.
**Parameters:**
←i<br />
→w = i
> See also: **zzn2_from_ints**
## void zzn2_from_ints (int i, int j, zzn2 * w)
Creates a zzn2 from two integers.
**Parameters:**
←i<br />
←j<br />
→w = i + j i
> See also: **zzn2_from_int**
## void zzn2_from_zzn (big x, zzn2 * w)
Creates a zzn2 from a big already in n-residue format.
**Parameters:**
←x<br />
→w = x
### void zzn2_from_zzns (big x, big y, zzn2 * w)
Creates a zzn2 from two bigs already in n-residue format.
**Parameters:**
←x<br />
←y<br />
→w = x + y i
> See also: **zzn2_from_zzn**
### void zzn2_imul (zzn2 * x, int y, zzn2 * w)
Multiplies a zzn2 variable by an integer.
**Parameters:**
←x<br />
←y<br />
→w = xy
### void zzn2_inv (zzn2 * w)
In-place inversion of a zzn2 variable.
**Parameters:**
←→w = 1 / w
### BOOL zzn2_isunity (zzn2 * x)
Tests a zzn2 value for equality to one.
**Parameters:**
←x
**Returns:**
TRUE if x is one, otherwise FALSE.
### BOOL zzn2_iszero* (zzn2 * x)
Tests a zzn2 value for equality to zero.
**Parameters:**
←x
**Returns:**
TRUE if x is zero, otherwise FALSE.
### void zzn2_mul (zzn2 * x, zzn2 * y, zzn2 * w)
Multiplies two zzn2 variables. If x and y are the same variable, a faster squaring method is used.
**Parameters:**
←x<br />
←y<br />
→w = xy
### void zzn2_negate (zzn2 * x, zzn2 * w)
Negates a zzn2
**Parameters:**
←x<br />
→w = -x
### void zzn2_sadd (zzn2 * x, big y, zzn2 * w)
Adds a big in n-residue format to a zzn2.
**Parameters:**
←x<br />
←y<br />
→w = x + y
### void zzn2_smul (zzn2 * x, big y, zzn2 * w)
Multiplies a zzn2 variable by a big in n-residue.
**Parameters:**
←x<br />
←y<br />
→w = xy
### void zzn2_ssub (zzn2 * x, big y, zzn2 * w)
Subtracts a big in n-residue format from a zzn2.
**Parameters:**
←x<br />
←y<br />
→w = x - y
### void zzn2_sub (zzn2 * x, zzn2 * y, zzn2 * w)
Subtracts two zzn2 variables.
**Parameters:**
←x<br />
←y<br />
→w = x - y
### void zzn2_timesi (zzn2 * u)
In-place multiplication of a zzn2 by i, the imaginary square root of the quadratic non-residue.
**Parameters:**
←→u If u = a + bi then on exit u = i2b + ai
### void zzn2_zero* (zzn2 * w)
Sets a zzn2 variable to zero.
**Parameters:**
→w = 0
## Encryption Routines <a id="encryption"></a>
**Functions**
- mr_unsign32 aes_decrypt* (aes *a, char *buff)
- mr_unsign32 aes_encrypt* (aes *a, char *buff)
- void aes_end* (aes *a)
- void aes_getreg* (aes *a, char *ir)
- BOOL aes_init* (aes *a, int mode, int nk, char *key, char *iv)
- void aes_reset* (aes *a, int mode, char *iv)
- void shs256_hash* (sha256 *sh, char hash[32])
- void shs256_init* (sha256 *sh)
- void shs256_process* (sha256 *sh, int byte)
- void shs384_hash* (sha384 *sh, char hash[48])
- void shs384_init* (sha384 *sh)
- void shs384_process* (sha384 *sh, int byte)
- void shs512_hash* (sha512 *sh, char hash[64])
- void shs512_init* (sha512 *sh)
- void shs512_process* (sha512 *sh, int byte)
- void shs_hash* (sha *sh, char hash[20])
- void shs_init* (sha *sh)
- void shs_process* (sha *sh, int byte)
- void strong_bigdig (csprng *rng, int n, int b, big x)
- void strong_bigrand (csprng *rng, big w, big x)
- void strong_init* (csprng *rng, int rawlen, char *raw, mr_unsign32 tod)
- void strong_kill* (csprng *rng)
- int strong_rng* (csprng *rng)
## mr_unsign32 aes_decrypt* (aes * a, char * buff)
Decrypts a 16 or n byte input buffer in situ. If the mode of operation is as a block cipher (MR_ECB or
MR_CBC) then 16 bytes will be decrypted. If the mode of operation is as a stream cipher (MR_CFBn,
MR_OFBn or MR_PCFBn) then n bytes will be decrypted.
**Parameters:**
←a Pointer to an initialised instance of an aes structured defined in miracl.h<br />
←→buff Pointer to the buffer of bytes to be decrypted
**Returns:**
If MR_CFBn and MR_PCFBn modes then n byte(s) that were shifted off the end of the input register
as result of decrypting the n input byte(s), otherwise 0
**Precondition:**
Must be preceded by call to aes_init().
## mr_unsign32 aes_encrypt* (aes * a, char * buff)
Encrypts a 16 or n byte input buffer in situ. If the mode of operation is as a block cipher (MR_ECB or
MR_CBC) then 16 bytes will be encrypted. If the mode of operation is as a stream cipher (MR_CFBn,
MR_OFBn or MR_PCFBn) then n bytes will be encrypted.
**Parameters:**
←a Pointer to an initialised instance of an aes structure defined in miracl.h<br />
←→buff Pointer to the buffer of bytes to be encrypted
**Returns:**
In MR_CFBn and MR_PCFBn modes the n byte(s) that were shifted off the end of the input register
as result of encrypting the n input byte(s), otherwise 0
**Precondition:**
Must be preceded by a call to aes_init().
## void aes_end* (aes * a)
Ends an AES encryption session, and de-allocates the memory associated with it. The internal session key
data is destroyed.
**Parameters:**
←→a Pointer to an initialised instance of an aes structured defined in miracl.h
## void aes_getreg* (aes * a, char * ir)
Reads the current contents of the input chaining register associated with this instance of the AES. This is
the register initialised by the IV in the calls to aes_init() and aes_reset().
**Parameters:**
←a Pointer to an instance of the aes structured, defined in miracl.h<br />
→ir A character array to hold the extracted 16-byte data
**Precondition:**
Must be preceded by a call to aes_init().
## BOOL aes_init* (aes * a, int mode, int nk, char * key, char * iv)
Initialises an Encryption/Decryption session using the Advanced Encryption Standard (AES). This is a
block cipher system that encrypts data in 128-bit blocks using a key of 128, 192 or 256 bits. See [Stinson]
for more background on block ciphers.
**Parameters:**
→a Pointer to an instance of the aes structure defined in miracl.h<br />
←mode The mode of operation to be used: MR_ECB (Electronic Code Book), MR_CBC (Cipher
Block Chaining), MR_CFBn (Cipher Feed-Back where n is 1, 2 or 4), MR_PCFBn (error Propagating
Cipher Feed-Back where n is 1, 2 or 4) or MR_OFBn (Output Feed-Back where n is 1,
2, 4, 8 or 16). The value of n indicates the number of bytes to be processed in each application.
For more information on Modes of Operation, see [Stinson]. MR_PCFBn is an invention of our
own [Scott93]<br />
←nk The size of the key in bytes. It can be either 16, 24 or 32<br />
←key A pointer to the key<br />
←iv A pointer to the Initialisation Vector (IV). A 16-byte initialisation vector should be specified for
all modes other than MR_ECB, in which case it can be NULL
**Returns:**
TRUE if successful, otherwise FALSE.
## void aes_reset* (aes * a, int mode, char * iv)
Resets the AES structure.
**Parameters:**
←a Pointer to an instance of the aes structure defined in miracl.h<br />
←mode an Indication of the new mode of operation<br />
←iv A pointer to a (possibly new) initialisation vector
## void shs256_hash* (sha256 * sh, char hash[32])
Generates a 32 byte (256 bit) hash value into the provided array.
**Parameters:**
←sh Pointer to the current instance<br />
→hash Pointer to array to be filled
## void shs256_init* (sha256 * sh)
Initialises an instance of the Secure Hash Algorithm (SHA-256). Must be called before new use.
**Parameters:**
→sh Pointer to an instance of a structure defined in miracl.h
## void shs256_process* (sha256 * sh, int byte)
Processes a single byte. Typically called many times to provide input to the hashing process. The hash
value of all the processed bytes can be retrieved by a subsequent call to shs256_hash().
**Parameters:**
←sh Pointer to the current instance<br />
←byte Character to be processed
### void shs384_hash* (sha384 * sh, char hash[48])
Generates a 48 byte (384 bit) hash value into the provided array.
**Parameters:**
←sh Pointer to the current instance<br />
→hash Pointer to array to be filled
### void shs384_init* (sha384 * sh)
Initialises an instance of the Secure Hash Algorithm (SHA-384). Must be called before new use.
**Parameters:**
! sh Pointer to an instance of a structure defined in miracl.h
**Precondition:**
The SHA-384 algorithm is only available if 64-bit data-type is defined.
### void shs384_process* (sha384 * sh, int byte)
Processes a single byte. Typically called many times to provide input to the hashing process. The hash
value of all the processed bytes can be retrieved by a subsequent call to shs384_hash().
**Parameters:**
←sh Pointer to the current instance<br />
←byte Character to be processed
### void shs512_hash* (sha512 * sh, char hash[64])
Generates a 64 byte (512 bit) hash value into the provided array.
**Parameters:**
←sh Pointer to the current instance<br />
→hash Pointer to array to be filled
### void shs512_init* (sha512 * sh)
Initialises an instance of the Secure Hash Algorithm (SHA-512). Must be called before new use.
**Parameters:**
→sh Pointer to an instance of a structure defined in miracl.h
**Precondition:**
The SHA-512algorithm is only available if 64-bit data-type is defined.
### void shs512_process* (sha512 * sh, int byte)
Processes a single byte. Typically called many times to provide input to the hashing process. The hash
value of all the processed bytes can be retrieved by a subsequent call to shs512_hash().
**Parameters:**
←sh Pointer to the current instance<br />
←byte Character to be processed
### void shs_hash* (sha * sh, char hash[20])
Generates a twenty byte (160 bit) hash value into the provided array.
**Parameters:**
←sh Pointer to the current instance<br />
→hash Pointer to array to be filled
### void shs_init* (sha * sh)
Initialises an instance of the Secure Hash Algorithm (SHA-1). Must be called before new use.
**Parameters:**
→sh Pointer to an instance of a structure defined in miracl.h
### void shs_process* (sha * sh, int byte)
Processes a single byte. Typically called many times to provide input to the hashing process. The hash
value of all the processed bytes can be retrieved by a subsequent call to shs_hash().
**Parameters:**
←sh Pointer to the current instance<br />
←byte Character to be processed
### void strong_bigdig (csprng * rng, int n, int b, big x)
Generates a big random number of given length from the cryptographically strong generator rng.
**Parameters:**
←rng A pointer to the random number generator<br />
←n<br />
←b<br />
→x Big random number n digits long to base b
**Precondition:**
The base b must be printable, that is 2 <= b <= 256
### void strong_bigrand (csprng * rng, big w, big x)
Generates a cryptographically strong random big number x using the random number generator rng wuch
that 0 <= x < w.
**Parameters:**
←rng A pointer to the current instance<br />
←w<br />
→x
### void strong_init* (csprng * rng, int rawlen, char * raw, mr_unsign32 tod)
Initialises the cryptographically strong random number generator rng. The array raw (of length rawlen)
and the time-of-day value tod are the two sources used together to seed the generator. The former might be
provided from random keystrokes, the latter from an internal clock. Subsequent calls to strong_rng() will
provide random bytes.
**Parameters:**
→rng<br />
←rawlen<br />
←raw An array of length rawlen<br />
←tod A 32-bit time-of-day value
### void strong_kill* (csprng * rng)
Kills the internal state of the random number generator rng.
**Parameters:**
←rng A pointer to a random number generator
### int strong_rng* (csprng * rng)
Generates a sequence of cryptographically strong random bytes.
**Parameters:**
←rng A pointer to a random number generator
**Returns:**
A random byte.

40
miracl/docs/miracl-explained/security-advisory.md Normal file
View File

@ -0,0 +1,40 @@
* [What Is Miracl](README.md)
* Security Advisory
* [Benchmarks](benchmarks.md)
* [Miracl Standard Curves](miracl-standard-curves.md)
* [IEEE 1363](ieee-1363.md)
* [Elliptic Curves](elliptic-curves.md)
* [Licensing](licensing.md)
* Reference Manual
* [Low Level Routines](reference-manual/low-level-routines.md)
* [Advanced Arithmetic Routines](reference-manual/advanced-arithmetic-routines.md)
* [Montgomery Arithmetic Routines](reference-manual/montgomery-arithmetic-routines.md)
* [ZZn2 Arithmetic Routines](reference-manual/zzn2-arithmetic-routines.md)
* [Encryption Routines](reference-manual/encryption-routines.md)
* [Elliptic Curve Routines](reference-manual/elliptic-curve-routines.md)
* [Floating Slash Routines](reference-manual/floating-slash-routines.md)
* [Structure Reference](reference-manual/structure-reference.md)
Security Advisory
---
If you found an issue with MIRACL, cryptographically or in its implementation, we would appreciate your help to make our code and services better.
## How MIRACL approaches security issues
- MIRACL will not take any legal or intimidating action for reporting security vulnerabilities. We ask you however to be responsible and avoid destroying, tampering or doing any action that might hamper the service or disclose private information of others.
- We will make an effort to respond as fast as possible, and will usually acknowledge the issue within that day. However, we will need to reproduce the issue, and this can take more time. Once we do start trying to reproduce the issue, we will contact you to let you we are working on it. If we can't reproduce it, we will contact you to try to get more information. This is where we would really appreciate your help!
- Once we figure out the issue, we'll come up with a plan to fix it. We will communicate with you our plans and keep you involved during the whole process. We know it's important to you that the issue is fixed promptly. It's important for us too. Depending on severity, turnaround is between 6 hours and 2 days.
- Once the issue is fixed, we'll deploy the patch and inform our customers. Before publishing details about the vulnerability however, we try to wait 2-5 days to allow everyone to patch depending on the severity of the issue.
- As soon as we can, we will publicly post details of the issue on our Blog. If you wish to be named we will contact you to ask for your approval. If you want to remain anonymous, we'll also respect that.
- We appreciate you disclose the issue in a responsible manner. At this point we don't offer cash prices or rewards, but we usually follow-on with you and send you a reward or a freebie.
## Contact us
Please send all issues to <support@miracl.com>.

BIN
miracl/docs/miracl-explained/timings.doc Normal file
View File

Binary file not shown.

46
miracl/docs/miracl-user-manual/README.md Normal file
View File

@ -0,0 +1,46 @@
* Intro
* [Installation](installation.md)
* [The UI](the-ui.md)
* [Internal Rep](internal-rep.md)
* [Implementation](implementation.md)
* [Floating Slash Nums](floating-slash-nums.md)
* [The C++ Interface](the-cpp-interface.md)
* [Example Programs](example-progs.md)
* [The MIRACL Routines](miracl-explained/reference-manual/low-level-routines.md)
* [Instance Variables](instance-variables.md)
* [MIRACL Error Messages](miracl-error-messages.md)
* [Hardware Compiler Interface](hardware-compiler-interface.md)
* [Bibliography](bibliography.md)
Intro
---
Remember when as a naive young computer user, you received delivery of your brand new state-of-the-art micro; remember your anticipation at the prospect of the computer power now available at your fingertips; remember recalling all those articles which promised that todays microcomputers are as powerful as yesterdays mainframes. Remember then slowly and laboriously typing in your first program, to calculate, say, 1000! (i.e. 1000 ´ 999 ´ 998... ´1) - a calculation unimaginable by hand.
```
10 LET X=1
20 FOR I=1 TO 1000
30 X=X*I
40 NEXT I
50 PRINT X
60 END
RUN
```
After a few seconds the result appeared:
`Too big at line 30`
Remember your disappointment.
Now try the MIRACL approach. MIRACL is a portable C library which implements multiprecision integer and rational data-types, and provides the routines to perform basic arithmetic on them.
Run the program **fact** from the distribution media, and type in 1000. There is your answer - a 2568 digit number.
Now compile and run the program **roots**, and ask it to calculate the square root of 2. Virtually instantly your computer comes back with the value correct to 100+ decimal places. Now thats what I call computing!
Next run the Public Key Cryptography program **enciph**. When it asks the name of a file to be enciphered press return. When it asks for an output filename, type FRED followed by return. Now type in any message, finishing with CONTROL-Z. Your message has been thoroughly enciphered in the file FRED.BLG (type it out and see). Now run deciph, and type in FRED. Press return for the requested output filename. Your original message appears on the screen.
This type of encipherment, based as it is on the difficulty of factoring large numbers, offers much greater security and flexibility than more traditional methods.
A useful demonstration of the power of MIRACL is given by the program **ratcalc**, a powerful scientific calculator - accurate to 36 decimal places and with the unusual ability to handle fractions directly.

105
miracl/docs/miracl-user-manual/bibliography.md Normal file
View File

@ -0,0 +1,105 @@
* [Intro](README.md)
* [Installation](installation.md)
* [The UI](the-ui.md)
* [Internal Rep](internal-rep.md)
* [Implementation](implementation.md)
* [Floating Slash Nums](floating-slash-nums.md)
* [The C++ Interface](the-cpp-interface.md)
* [Example Programs](example-progs.md)
* [The MIRACL Routines](miracl-explained/reference-manual/low-level-routines.md)
* [Instance Variables](instance-variables.md)
* [MIRACL Error Messages](miracl-error-messages.md)
* [Hardware Compiler Interface](hardware-compiler-interface.md)
* Bibliography
Bibliography
---
[Blake] BLAKE, SEROUSSI, and SMART. Elliptic Curves in Cryptography, London Mathematical Society Lecture Notes Series 265, Cambridge University Press. ISBN 0 521 65374 6, July 1999.
[Brassard] BRASSARD, G. Modern Cryptology. Lecture Notes in Computer Science, Vol. 325. Springer-Verlag 1988.
[Brent76] BRENT, R.P. Fast Multiprecision Evaluation of Elementary Functions. J. ACM, 23, 2 (April 1976), 242-251.
[Brent78] BRENT, R.P. A Fortran Multiprecision Arithmetic Package. ACM Trans. Math. Software 4,1 (March 1978), 57-81.
[Brick] BRICKELL, E, et al, Fast Exponentiation with Precomputation, Proc. Eurocrypt 1992, Springer-Verlag 1993.
[Cherry] CHERRY, L. and MORRIS, R. BC - An Arbitrary Precision Desk-Calculator Language. in ULTRIX-32 Supplementary Documents Vol. 1 General Users. Digital Equipment Corporation 1984.
[Comba] COMBA, P.G. Exponentiation Cryptosystems on the IBM PC. IBM Systems Journal, 29,4 (1990), pp 526-538.
[CS] CRAMER, R. and SHOUP, V. A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack Proc. Crypto 1998, Springer-Verlag 1999.
[DSS] Digital Signature Standard, Communications of the ACM, July 1992, Vol. 35 No. 7.
[Gruen] GRUENBERGER, F. Computer Recreations. Scientific American, April 1984.
[Jurisic] JURISIC, A and MENEZES A.H. Elliptic Curves and Cryptography, Dr. Dobbs Journal, #264, April 1997.
[Knuth73] KNUTH, D.E. The Art of Computer Programming, Vol 1: Fundamental Algorithms. Addison-Wesley, Reading, Mass., 1973.
[Knuth81] KNUTH, D.E. The Art of Computer Programming, Vol 2: Seminumerical Algorithms. Addison-Wesley, Reading, Mass., 1981.
[Korn83] KORNERUP, P. and MATULA, D.W. Finite Precision Rational Arithmetic: An Arithmetic Unit. IEEE Trans. Comput., C-32, 4 (April 1983), 378-387.
[Korn85] KORNERUP, P. and MATULA, D.W. Finite Precision Lexicographic Continued Fraction Number Systems. Proc. 7th Sym. on Comp. Arithmetic, IEEE Cat. \#85CH2146-9, 1985, 207-214.
[LimLee] LIM, C.H. and LEE, P.J. A Key Recovery Attack on Discrete Log-based Schemes Using a Prime Order Subgroup. Advances in Cryptology, Crypto '97, Springer-Verlag 1998.
[Marsaglia] MARSAGLIA, G.M. and ZAMAN, A. A New Class of Random Number Generators. The Annals of Applied Probability, Vol. 1, 3, 1991, 462-480.
[Matula85] MATULA, D.W. and KORNERUP, P. Finite Precision Rational Arithmetic: Slash Number Systems. IEEE Trans. Comput., C-34, 1 (January 1985), 3-18.
[Maurer] MAURER, U.M. and YACOBI, Y. Non-Interactive Public Key Cryptography. Advances in Cryptography, Eurocrypt '91, Springer Verlag, 1992.
[Menezes] MENEZES, A.J. Elliptic Curve Public key Cryptosystems, Kluwer Academic Publishers, 1993.
[HAC] Handbook of Applied Cryptography, CRC Press, 2001.
[McCurley] McCURLEY, K.S. A Key Distribution System Equivalent to Factoring. J. Cryptology, Vol. 1. No. 2, 1988.
[Monty85] MONTGOMERY, P. Modular Multiplication Without Trial Division. Math. Comput., 44, (April 1985), 519-521.
[Monty87] MONTGOMERY, P. Speeding the Pollard and Elliptic Curve Methods. Math. Comput., 48, (January 1987), 243-264.
[Morrison] MORRISON, M.A. and BRILLHART, J. A Method of Factoring and the Factorization of F7. Math. Comput., 29, 129 (January 1975), 183-205.
[Pollard71] POLLARD, J.M. Fast Fourier Transform in a Finite Field. Math. Comput., 25, 114 (April 1971), 365-374.
[Pollard78] POLLARD, J.M. Monte Carlo Methods for Index Computation (mod p). Math. Comp. Vol. 32, No. 143, pp 918-924, 1978.
[Pomerance] POMERANCE, C. The Quadratic Sieve Factoring Algorithm. In Advances in Cryptology, Lecture Notes in Computer Science, Vol. 209, Springer-Verlag, 1985, 169-182.
[Reisel] REISEL, H. Prime Numbers and Computer methods for Factorisation. Birkhauser 1987.
[Richter] RICHTER, J. Advanced Windows. Microsoft Press.
[RSA] RIVEST, R., SHAMIR, A. and ADLEMAN, L. A Method for obtaining Digital Signatures and Public-Key Cryptosystems. Comm. ACM, 21,2 (February 1978), 120-126.
[Rubin] RUBIN, P. Personal Communication.
[Sch] SCHOOF, R. Elliptic Curves Over Finite Fields and the Computation of Square Roots mod p. Math. Comp. Vol. 44, No. 170. April 1985, pp 483-494.
[Scott89a] SCOTT, M.P.J. Fast rounding in multiprecision floating-slash arithmetic. IEEE Transactions on Computers, July 1989, 1049-1052.
[Scott89b] SCOTT, M.P.J. On Using Full Integer Precision in C. Dublin City University Working Paper CA 0589, 1989.
[Scott89c] SCOTT, M.P.J. Factoring Large Integers on Small Computers. National Institute for Higher Education Working Paper CA 0189, 1989.
[Scott92] SCOTT, M.P.J. and SHAFA'AMRY, M. Implementing an Identity-based Key Exchange algorithm. Available from ftp.computing.dcu.ie /pub/crypto/ID-based_key_exchange.ps .
[Scott93] SCOTT, M.P.J. Novel Chaining Methods for Block Ciphers, Dublin City University, School of Computer Applications Working Paper CA-1993.
[Scott96] SCOTT, M.P.J. Comparison of methods for modular multiplication on 32-bit Intel 80x86 processors. Available from ftp.computing.dcu.ie /pub/crypto/timings.ps .
[Shoup] SHOUP, V. A New Polynomial Factorisation Algorithm and Its Implementation. Jl. Symbolic Computation, 1996.
[Stinson] STINSON, D.R. Cryptography, Theory and practice. CRC Press, 1995.
[Silverman] SILVERMAN, R.D. The Multiple Polynomial Quadratic Sieve, Math. Comp. 48, 177, (January 1987), 329-339.
[Walmsley] WALMSLEY, M., Multi-Threaded Programming in C++. Springer-Verlag 1999.
[WeiDai] DAI , W. Personal Communication.

514
miracl/docs/miracl-user-manual/docs.md Normal file
View File

@ -0,0 +1,514 @@
Elliptic Curve Routines
---
In these routines a big parameter can also be used wherever a flash is specified, but not visa-versa. Further information may be gleaned from the (lightly) commented source code. An asterisk after the name indicates that the function does not take a *mip* parameter if MR_GENERIC_MT is defined in *mirdef.h* .
## ebrick_init
Function:
BOOL ebrick_init(binst,x,y,a,b,n,w,nb)
ebrick *binst;
big x,y;
big a,b,n;
int w,nb;
| Module | Description | Parameters | Return value |Restrictions|
|-----------|-----------------------|----------------------------------------------|------|------|
|mrebrick.c|Initialises an instance of the Comb method for GF(p) elliptic curve multiplication with precomputation. Internally memory is allocated for 2<sup>w</sup> elliptic curve points which will be precomputed and stored. For bigger w more space is required, but the exponentiation is quicker. Try w=8.|A pointer to the current instance binst, the fixed point G=(x,y) on the curve y<sup>2</sup> =x<sup>3</sup> + ax + b, the modulus n, and the maximum number of bits to be used in the exponent nb.|TRUE if all went well, FALSE if there was a problem.|Note: If MR_STATIC is defined in mirdef.h, then the x and y parameters in this function are replaced by a single mr_small * pointer to a precomputed table. In this case the function returns a void.|
## ebrick2_init
Function:
BOOL ebrick2_init(binst,x,y,A,B,m,a,b,c,nb)
ebrick2 *binst;
big x,y;
big A,B;
int m,a,b,c,nb;
| Module | Description | Parameters | Return value | Restrictions |
|-----------|-----------------------|----------------------------------------------|------|------|
|mrec2m.c|Initialises an instance of the Comb method for GF(2<sup>m</sup>) elliptic curve multiplication with precomputation. The field is defined with respect to the trinomial basis t<sup>m</sup>+t<sup>a</sup>+1 or the pentanomial basis t<sup>m</sup>+t<sup>a</sup>+t<sup>b</sup>+t<sup>c</sup>+1. Internally memory is allocated for 2<sup>w</sup> elliptic curve points which will be precomputed and stored. For bigger w more space is required, but the exponentiation is quicker. Try w=8.|A pointer to the current instance binst, the fixed point G=(x,y) on the curve y<sup>2</sup> + xy = x<sup>3</sup> + Ax<sup>2</sup> + B, the field parameters m, a, b, c, and the maximum number of bits to be used in the exponent nb. Set b = 0 for a trinomial basis.|TRUE if all went well, FALSE if there was a problem.|Note: If MR_STATIC is defined in mirdef.h, then the x and y parameters in this function are replaced by a single mr_small * pointer to a precomputed table. In this case the function returns a void.|
## ebrick_end *
Function:
void ebrick_end(binst)
ebrick *binst
| Module | Description | Parameters | Return value | Restrictions |
|-----------|-----------------------|----------------------------------------------|------|------|
mrebrick.c|Cleans up after an application of the Comb for GF(p) elliptic curves|A pointer to the current instance|None |None|
## ebrick2_end *
Function:
void ebrick2_end(binst)
ebrick2 *binst
| Module | Description | Parameters | Return value | Restrictions |
|-----------|-----------------------|----------------------------------------------|------|------|
|mrec2m.c|Cleans up after an application of the Comb method for GF(2<sup>m</sup>) elliptic curves.|A pointer to the current instance|None |None|
## ecurve_add
Function:
void ecurve_add(p,pa)
epoint *p,*pa;
| Module | Description | Parameters | Return value | Restrictions |
|-----------|-----------------------|----------------------------------------------|------|------|
|mrcurve.c|Adds two points on a GF(p) elliptic curve using the special rule for addition. Note that if pa=p, then a different duplication rule is used. Addition is quicker if p is normalised.|Two points on the current active curve, pa and p. On exit pa=pa+p.|None|The input points must actually be on the current active curve.|
## ecurve2_add
Function:
void ecurve2_add(p,pa)
epoint *p,*pa;
| Module | Description | Parameters | Return value | Restrictions |
|-----------|-----------------------|----------------------------------------------|------|------|
|mrec2m.c|Adds two points on a GF(2<sup>m</sup>) elliptic curve using the special rule for addition. Note that if pa=p, then a different duplication rule is used. Addition is quicker if p is normalised.|Two points on the current active curve, pa and p. On exit pa=pa+p.|None|The input points must actually be on the current active curve.|
## ecurve_init
Function:
void ecurve_init(A,B,p,type)
big A,B,p;
int type;
| Module | Description | Parameters | Return value | Restrictions |
|-----------|-----------------------|----------------------------------------------|------|------|
|mrcurve.c|Initialises the internal parameters of the current active GF(p) elliptic curve. The curve is assumed to be of the form y<sup>2</sup> =x<sup>3</sup> + Ax + B mod p, the so-called Weierstrass model. This routine can be called subsequently with the parameters of a different curve.|Three big numbers A, B and p. The type parameter must be either MR_PROJECTIVE or MR_AFFINE, and specifies whether projective or affine co-ordinates should be used internally. Normally the former is faster.|None|Allocated memory will be freed when the current instance of MIRACL is terminated by a call to mirexit. However only one elliptic curve, GF(p) or GF(2<sup>m</sup>) may be active within a single MIRACL instance. In addition, a call to a function like powmod will overwrite the stored modulus. This can be restored by a repeat call to ecurve_init|
## ecurve2_init
Function:
BOOL ecurve2_init(m,a,b,c,A,B,check,type)
big A,B;
int m,a,b,c,type;
BOOL check;
| Module | Description | Parameters | Return value | Restrictions |
|-----------|-----------------------|----------------------------------------------|------|------|
|mrec2m.c|Initialises the internal parameters of the current active elliptic curve. The curve is assumed to be of the form y<sup>2</sup> + xy =x<sup>3</sup> + Ax<sup>2</sup> + B . The field is defined with respect to the trinomial basis t<sup>m</sup>+t<sup>a</sup>+1 or the pentanomial basis t<sup>m</sup>+t<sup>a</sup>+t<sup>b</sup>+t<sup>c</sup>+1. This routine can be called subsequently with the parameters of a different curve.|The fixed point G=(x,y) on the curve y<sup>2</sup> + xy = x<sup>3</sup> + Ax<sup>2</sup> + B, the field parameters m, a, b, c. Set b = 0 for a trinomial basis. The type parameter must be either MR_PROJECTIVE or MR_AFFINE, and specifies whether projective or affine co-ordinates should be used internally. Normally the former is faster. If check is TRUE a check is made that the specified basis is irreducible. If FALSE, this basis validity check, which is time-consuming, is suppressed.|TRUE if parameters make sense, otherwise FALSE.|Allocated memory will be freed when the current instance of MIRACL is terminated by a call to mirexit. However only one elliptic curve, GF(p) or GF(2<sup>m</sup>) may be active within a single MIRACL instance.|
## ecurve_mult
Function:
void ecurve_mult(k,p,pa)
big k;
epoint *p,*pa;
| Module | Description | Parameters | Return value | Restrictions |
|-----------|-----------------------|----------------------------------------------|------|------|
|mrcurve.c|Multiplies a point on a GP(p) elliptic curve by an integer. Uses the addition/subtraction method.|A big number k, and two points p and pa. On exit pa=k*p.|None|The point p must be on the active curve.|
## ecurve2_mult
Function:
void ecurve2_mult(k,p,pa)
big k;
epoint *p,*pa;
| Module | Description | Parameters | Return value | Restrictions |
|-----------|-----------------------|----------------------------------------------|------|------|
|mrec2m.c|Multiplies a point on a GF(2<sup>m</sup>) elliptic curve by an integer. Uses the addition/subtraction method.|A big number k, and two points p and pa. On exit pa=k*p.|None|The point p must be on the active curve.|
## ecurve_mult2
Function:
void ecurve_mult2(k1,p1,k2,p2,pa)
big k1,k2;
epoint *p1,*p2,*pa;
| Module | Description | Parameters | Return value | Restrictions |
|-----------|-----------------------|----------------------------------------------|------|------|
|mrcurve.c|Calculates the point k1.p1+k2.p2 on a GF(p) elliptic curve. This is quicker than doing two separate multiplications and an addition. Useful for certain cryptosystems. (See ecsver.c for example)|Two big integers k1 and k2, and three points p1, p2 and pa. On exit pa = k1.p1+k2.p2|None|The points p1 and p2 must be on the active curve.|
## ecurve2_mult2
Function:
void ecurve2_mult2(k1,p1,k2,p2,pa)
big k1,k2;
epoint *p1,*p2,*pa;
| Module | Description | Parameters | Return value | Restrictions |
|-----------|-----------------------|----------------------------------------------|------|------|
|mrec2m.c|Calculates the point k1.p1+k2.p2 on a GF(2<sup>m</sup>) elliptic curve. This is quicker than doing two separate multiplications and an addition. Useful for certain cryptosystems. (See ecsver2.c for example)|Two big integers k1 and k2, and three points p1, p2 and pa. On exit pa = k1.p1+k2.p2|None|The points p1 and p2 must be on the active curve.|
## ecurve_multi_add
Function:
void ecurve_multi_add(m,x,w)
int m;
epoint x,w;
| Module | Description | Parameters | Return value | Restrictions |
|-----------|-----------------------|----------------------------------------------|------|------|
|mrcurve.c|Simultaneously adds pairs of points on the active GF(p) curve. This is much quicker than adding them individually, but only when using Affine co-ordinates.|An integer m and two arrays of points w and x. On exit w[i]=w[i]+x[i] for i =0 to m-1|None|Only useful when using Affine co-ordinates. See also: ecurve_init and nres_multi_inverse, which is used internally.|
## ecurve2_multi_add
Function:
void ecurve2_multi_add(m,x,w)
int m;
epoint x,w;
| Module | Description | Parameters | Return value | Restrictions |See also|
|-----------|-----------------------|----------------------------------------------|------|------|
|mrec2m.c|Simultaneously adds pairs of points on the active GF(2<sup>m</sup>) curve. This is much quicker than adding them individually, but only when using Affine co-ordinates.|An integer m and two arrays of points w and x. On exit w[i]=w[i]+x[i] for i =0 to m-1|None|Only useful when using Affine co-ordinates.|See also: ecurve2_init|
## ecurve_multn
Function:
void ecurve_multn(n,k,p,pa)
int n;
big *k;
epoint p;
| Module | Description | Parameters | Return value | Restrictions |
|-----------|-----------------------|----------------------------------------------|------|------|
|mrcurve.c|Calculates the point k[0].p[0] + k[1].p[1] + … + k[n-1].p[n-1] on a GF(p) elliptic curve, for n>2.| An integer n, an array of n big numbers k[], and an array of n points. The result is returned in pa.|None|The points must be on the active curve. The k[] values must all be positive. The underlying number base must be a power of 2.|
## ecurve2_multn
Function:
void ecurve2_multn(n,k,p,pa)
int n;
big *k;
epoint p;
| Module | Description | Parameters | Return value | Restrictions |
|-----------|-----------------------|----------------------------------------------|------|------|
|mrec2<sup>m</sup>.c|Calculates the point k[0].p[0] + k[1].p[1] + … + k[n-1].p[n-1] on a GF(2<sup>m</sup>) elliptic curve, for n>2.| An integer n, an array of n big numbers k[], and an array of n points. The result is returned in pa.|None|The points must be on the active curve. The k[] values must all be positive. The underlying number base must be a power of 2.|
## ecurve_sub
Function:
void ecurve_sub(p,pa)
epoint *p,*pa;
| Module | Description | Parameters | Return value | Restrictions |
|-----------|-----------------------|----------------------------------------------|------|------|
|mrcurve.c|Subtracts two points on a GF(p) elliptic curve. Actually negates p and adds it to pa. Subtraction is quicker if p is normalised.|Two points on the current active curve, pa and p. On exit pa = pa-p.|None|The input points must actually be on the current active curve.|
## ecurve2_sub
Function:
void ecurve2_sub(p,pa)
epoint *p,*pa;
| Module | Description | Parameters | Return value | Restrictions |
|-----------|-----------------------|----------------------------------------------|------|------|
|mrec2m.c|Subtracts two points on a GF(2<sup>m</sup>) elliptic curve. Actually negates p and adds it to pa. Subtraction is quicker if p is normalised.|Two points on the current active curve, pa and p. On exit pa = pa-p.|None| The input points must actually be on the current active curve.
## epoint_comp
Function:
BOOL epoint_comp(p1,p2) epoint *p1,*p2;
| Module | Description | Parameters | Return value | Restrictions |
|-----------|-----------------------|----------------------------------------------|------|------|
|mrcurve.c|Compares two points on the current active GF(p) elliptic curve.|Two points p1 and p2.|TRUE if the points are the same, otherwise FALSE. |None|
## epoint2_comp
Function: BOOL epoint2_comp(p1,p2)
epoint *p1,*p2;
| Module | Description | Parameters | Return value | Restrictions |
|-----------|-----------------------|----------------------------------------------|------|------|
|mrec2m.c|Compares two points on the current active GF(2<sup>m</sup>) elliptic curve.|Two points p1 and p2.|TRUE if the points are the same, otherwise FALSE. |None|
## epoint_copy *
Function: void epoint_copy(p1,p2)
epoint *p1,*p2;
| Module | Description | Parameters | Return value | Restrictions |
|-----------|-----------------------|----------------------------------------------|------|------|
|mrcurve.c|Copies one point to another on a GF(p) elliptic curve.|Two points p1 and p2. On exit p2=p1.|None |None|
## epoint2_copy *
Function:
void epoint2_copy(p1,p2)
epoint *p1,*p2;
| Module | Description | Parameters | Return value | Restrictions |
|-----------|-----------------------|----------------------------------------------|------|------|
|mrec2m.c|Copies one point to another on a GF(2<sup>m</sup>) elliptic curve.|Two points p1 and p2. On exit p2=p1.|None |None|
## epoint_free *
Function:
void epoint_free(p) epoint *p;
| Module | Description | Parameters | Return value | Restrictions |
|-----------|-----------------------|----------------------------------------------|------|------|
|mrcore.c|Frees memory associated with a point on a GF(p) elliptic curve.|A point p.|None |None|
## epoint_get
Function:
int epoint_get(p,x,y)
epoint *p;
big x,y;
| Module | Description | Parameters | Return value | Restrictions |
|-----------|-----------------------|----------------------------------------------|------|------|
|mrcurve.c|Normalises a point and extracts its (x,y) co-ordinates on the active GF(p) elliptic curve.|A point p, and two big integers x and y. If x and y are not distinct variables on entry then only the value of x is returned.|The least significant bit of y. Note that it is possible to reconstruct a point from its x co-ordinate and just the least significant bit of y. Often such a "compressed" description of a point is useful. |The point p must be on the active curve.
Example:
i=epoint_get(p,x,x);| /* extract x co-ordinate and lsb of y */
## epoint_getxyz
Function:
void epoint_getxyz(p,x,y,z)
epoint *p;
big x,y,z;
| Module | Description | Parameters | Return value | Restrictions |
|-----------|-----------------------|----------------------------------------------|------|------|
|mrcurve.c|Extracts the raw (x,y,z) co-ordinates of a point on the active GF(p) elliptic curve.|A point p, and three big integers x, y and z. If any of these is NULL that coordinate is not returned.|None| The point p must be on the active curve.
## epoint2_get
Function: int epoint2_get(p,x,y)
epoint *p;
big x,y;
| Module | Description | Parameters | Return value | Restrictions |
|-----------|-----------------------|----------------------------------------------|------|------|
|mrec2m.c|Normalises a point and extracts its (x,y) co-ordinates on the active GF(2<sup>m</sup>) elliptic curve.|A point p, and two big integers x and y. If x and y are not distinct variables on entry then only the value of x is returned.|The least significant bit of y/x. Note that it is possible to reconstruct a point from its x co-ordinate and just the least significant bit of y/x. Often such a "compressed" description of a point is useful.| The point p must be on the active curve.
Example:
i=epoint_get(p,x,x);| /* extract x co-ordinate and lsb of y/x */
## epoint2_getxyz
Function:
void epoint2_getxyz(p,x,y,z)
epoint *p;
big x,y,z;
| Module | Description | Parameters | Return value | Restrictions |
|-----------|-----------------------|----------------------------------------------|------|------|
|mrcurve.c|Extracts the raw (x,y,z) co-ordinates of a point on the active GF(2<sup>m</sup>) elliptic curve.|A point p, and three big integers x, y and z. If any of these is NULL that coordinate is not returned.|None| The point p must be on the active curve.
## epoint_init
Function: epoint* epoint_init()
| Module | Description | Parameters | Return value | Restrictions |
|-----------|-----------------------|----------------------------------------------|------|------|
|mrcore.c|Assigns memory to a point on a GF(p) elliptic curve, and initialises it to the "point at infinity".|None|A point p (in fact a pointer to a structure allocated from the heap).| It is the C programmers responsibility to ensure that all elliptic curve points initialised by a call to this function, are ultimately freed by a call to epoint_free. If not a memory leak will result.
## epoint_init_mem
Function:
epoint* epoint_init_mem(mem,index)
char *mem;
int index;
| Module | Description | Parameters | Return value | Restrictions |
|-----------|-----------------------|----------------------------------------------|------|------|
|mrcore.c|Initialises memory for an elliptic curve point from a pre-allocated byte array mem. This array may be created from the heap by a call to ecp_memalloc, or in some other way. This is quicker than multiple calls to epoint_init|A pointer to the pre-allocated array mem, and an index into that array. Each index should be unique.|An initialised elliptic curve point.| Sufficient memory must have been allocated and pointed to by mem.
## epoint_norm
Function:
BOOL epoint_norm(p)
epoint *p;
| Module | Description | Parameters | Return value |
|-----------|-----------------------|----------------------------------------------|------|------|
|mrcurve.c|Normalises a point on the current active GF(p) elliptic curve. This sets the z coordinate to 1. Point addition is quicker when adding a normalised point. This function does nothing if affine coordinates are being used (in which case there is no z co-ordinate)|A point on the current active elliptic curve.|TRUE if successful.|
## epoint2_norm
Function:
BOOL epoint2_norm(p)
epoint *p;
| Module | Description | Parameters | Return value |
|-----------|-----------------------|----------------------------------------------|------|------|
|mrec2m.c|Normalises a point on the current active GF(2<sup>m</sup>) elliptic curve. This sets the z coordinate to 1. Point addition is quicker when adding a normalised point. This function does nothing if affine coordinates are being used (in which case there is no z co-ordinate)|A point on the current active elliptic curve.|TRUE if successful.|
## epoint_set
Function:
BOOL epoint_set(x,y,lsb,p)
big x,y;
int lsb;
epoint *p;
| Module | Description | Parameters | Return value | Restrictions |
|-----------|-----------------------|----------------------------------------------|------|------|
|mrcurve.c|Sets a point on the current active GF(p) elliptic curve (if possible).|The integer co-ordinates x and y of the point p. If x and y are not distinct variables then x only is passed to the function, and lsb is taken as the least significant bit of y. In this case the full value of y is reconstructed internally. This is known as "point decompression" (and is a bit time-consuming, requiring the extraction of a modular square root). On exit p=(x,y).|TRUE if the point exists on the current active point, otherwise FALSE. |None|
Example:
p=epoint_init();
epoint_set(x,x,1,p); /* decompress p */
## epoint2_set
Function:
BOOL epoint2_set(x,y,lsb,p)
big x,y;
int lsb;
epoint *p;
| Module | Description | Parameters | Return value | Restrictions |
|-----------|-----------------------|----------------------------------------------|------|------|
|mrec2m.c|Sets a point on the current active GF(2<sup>m</sup>) elliptic curve (if possible).|The integer co-ordinates x and y of the point p. If x and y are not distinct variables then x only is passed to the function, and lsb is taken as the least significant bit of y/x. In this case the full value of y is reconstructed internally. This is known as "point decompression" (and is a bit time-consuming, requiring the extraction of a field square root). On exit p=(x,y).|TRUE if the point exists on the current active point, otherwise FALSE. |None|
Example:
p=epoint_init();
epoint2_set(x,x,1,p); /* decompress p */
## epoint_x
Function:
BOOL epoint_x(x)
big x;
| Module | Description | Parameters | Return value | Restrictions |
|-----------|-----------------------|----------------------------------------------|------|------|
|mrcurve.c| Tests to see if the parameter x is a valid co-ordinate of a point on the curve. It is faster to test an x co-ordinate first in this way, rather than trying to directly set it on the curve by calling epoint_set, as it avoids an expensive modular square root.|The integer coordinate x.|TRUE if x is the coordinate of a curve point, otherwise FALSE |None|
## mul_brick
Function:
int mul_brick(binst,e,x,y)
ebrick *binst;
big e,x,y;
| Module | Description | Parameters | Return value | Restrictions |
|-----------|-----------------------|----------------------------------------------|------|------|
|mrebrick.c|Carries out a GF(p) elliptic curve multiplication using the precomputed values stored in the ebrick structure.|A pointer to the current instance, a big exponent e and a big number w. On exit (x,y) = e.G mod n, where G and n are specified in the initial call to ebrick_init. If x and y are not distinct variables, only x is returned.|The least significant bit of y.| Must be preceded by a call to ebrick_init.
## mul2_brick
Function:
int mul2_brick(binst,e,x,y)
ebrick2 *binst;
big e,x,y;
| Module | Description | Parameters | Return value | Restrictions |
|-----------|-----------------------|----------------------------------------------|------|------|
|mrec2m.c|Carries out a GF(2<sup>m</sup>) elliptic curve multiplication using the precomputed values stored in the ebrick2 structure.|A pointer to the current instance, a big exponent e and a big number w. On exit (x,y) = e.G, where G is specified in the initial call to ebrick2_init. If x and y are not distinct variables, only x is returned.|The least significant bit of y/x.| Must be preceded by a call to ebrick2_init.
## point_at_infinity *
Function:
BOOL point_at_infinity(p)
epoint *p;
| Module | Description | Parameters | Return value | Restrictions |
|-----------|-----------------------|----------------------------------------------|------|------|
|mrcore.c|Tests if an elliptic curve point is the "point at infinity".|An elliptic curve point p.|TRUE if p is the point-at-infinity, otherwise FALSE.| The point must be initialised.

Some files were not shown because too many files have changed in this diff Show More