Lines Matching +full:compute +full:-
2 # * Copyright (C) 2017 - This file is part of libecc project
7 # * Jean-Pierre FLORI <jean-pierre.flori@ssi.gouv.fr>
20 # External dependecy for SHA-3
22 # for SHA-3 functions for now
32 ### Ctrl-C handler
51 x0, x1 = x1, x0 - q * x1
52 y0, y1 = y1, y0 - q * y1
64 Compute montgomery coeff r, r^2 and mpinv. pbitlen is the size
70 mpinv = 2**wlen - (modinv(prime, 2**wlen))
75 Compute division coeffs p_normalized, p_shift and p_reciprocal.
82 pshift = int(pbitlen - cnt)
85 prec = B**3 // ((primenorm >> int(pbitlen - 2*wlen)) + 1) - B
92 # write n-1 as 2**s * d
93 # repeatedly try to divide n-1 by 2
95 d = n-1
102 assert(2**s * d == n-1)
108 if pow(a, 2**i * d, n) == n-1:
118 ls = pow(a, (p - 1) // 2, p)
119 return -1 if ls == p - 1 else ls
121 # Tonelli-Shanks algorithm to find square roots
135 s = p - 1
141 while legendre_symbol(n, p) != -1:
162 gs = pow(g, 2 ** (r - m - 1), p)
236 L = ((y2 - y1) * modinv((x2 - x1) % curve.p, curve.p)) % curve.p
237 resx = (pow(L, 2, curve.p) - x1 - x2) % curve.p
238 resy = ((L * (x1 - resx)) - y1) % curve.p
246 return Point(self.curve, self.x, -self.y)
249 return self + (-other)
255 for i in range(getbitlen(scalar), 0, -1):
257 if (scalar >> (i-1)) & 0x1 == 0x1:
351 acc = acc + (ord(bitstring[i]) * (2**(8*(size - 1 - i))))
358 outstr = outstr + chr((a >> (8*(size - 1 - i))) & 0xFF)
367 return ((bytelen-len(bitstring))*"\x00") + bitstring
369 return bitstring + ((bytelen-len(bitstring))*"\x00")
382 … return expand(inttostring(stringtoint(bitstring) >> int(strbitlen - bitlen)), bitlen, "LEFT")
384 mask = (2**bitlen)-1
400 ctx.update(message.encode('latin-1'))
401 digest = ctx.digest().decode('latin-1')
410 ctx.update(message.encode('latin-1'))
411 digest = ctx.digest().decode('latin-1')
420 ctx.update(message.encode('latin-1'))
421 digest = ctx.digest().decode('latin-1')
430 ctx.update(message.encode('latin-1'))
431 digest = ctx.digest().decode('latin-1')
440 ctx.update(message.encode('latin-1'))
441 digest = ctx.digest().decode('latin-1')
450 ctx.update(message.encode('latin-1'))
451 digest = ctx.digest().decode('latin-1')
460 ctx.update(message.encode('latin-1'))
461 digest = ctx.digest().decode('latin-1')
470 ctx.update(message.encode('latin-1'))
471 digest = ctx.digest().decode('latin-1')
477 # *| IUF - ECDSA signature
479 # *| UF 1. Compute h = H(m)
484 # *| F 5. Compute W = (W_x,W_y) = kG
485 # *| F 6. Compute r = W_x mod q
488 # *| F 9. Compute s = k^-1 * (xr + e) mod q
500 # Compute the hash
524 # *| IUF - ECDSA verification
527 # *| UF 2. Compute h = H(m)
530 # *| F 4. Compute e = OS2I(h) mod q
531 # *| F 5. Compute u = (s^-1)e mod q
532 # *| F 6. Compute v = (s^-1)r mod q
533 # *| F 7. Compute W' = uG + vY
535 # *| F 9. Compute r' = W'_x mod q
553 # Compute the hash
573 # *| IUF - ECKCDSA signature
575 # *| IUF 1. Compute h = H(z||m)
579 # *| F 4. Compute W = (W_x,W_y) = kG
580 # *| F 5. Compute r = h(FE2OS(W_x)).
583 # *| F 7. Compute e = OS2I(r XOR h) mod q
584 # *| F 8. Compute s = x(k - e) mod q
596 # Compute the certificate data
606 # Compute the hash
620 s = (privkey.x * (k - e)) % q
626 # *| IUF - ECKCDSA verification
629 # *| - if hsize > bitlen(q), r must be of
631 # *| - if hsize <= bitlen(q), r must be of
634 # *| IUF 3. Compute h = H(z||m)
637 # *| F 5. Compute e = OS2I(r XOR h) mod q
638 # *| F 6. Compute W' = sY + eG, where Y is the public key
639 # *| F 7. Compute r' = h(FE2OS(W'x))
662 # Compute the certificate data
671 # Compute the hash
684 # *| IUF - ECFSDSA signature
687 # *| I 2. Compute W = (W_x,W_y) = kG
688 # *| I 3. Compute r = FE2OS(W_x)||FE2OS(W_y)
690 # *| IUF 5. Compute h = H(r||m)
691 # *| F 6. Compute e = OS2I(h) mod q
692 # *| F 7. Compute s = (k + ex) mod q
722 # *| IUF - ECFSDSA verification
726 # *| IUF 3. Compute h = H(r||m)
727 # *| F 4. Convert h to an integer and then compute e = -h mod q
728 # *| F 5. compute W' = sG + eY, where Y is the public key
729 # *| F 6. Compute r' = FE2OS(W'_x)||FE2OS(W'_y)
752 e = (-stringtoint(h)) % q
761 # NOTE: ISO/IEC 14888-3 standard seems to diverge from the existing implementations
763 # in RFC 7091 and draft-deremin-rfc4491-bis. While in ISO/IEC 14888-3 it is explicitely asked
766 # (this discrepancy is exhibited and confirmed by test vectors present in ISO/IEC 14888-3, and
768 # ISO/IEC 14888-3 algorithm description that must be fixed there.
771 # other implemetations, but keeps the ISO/IEC 14888-3 behavior if forced/asked by the user using
775 # *| IUF - ECRDSA signature
777 # *| UF 1. Compute h = H(m)
779 # *| F 3. Compute W = (W_x,W_y) = kG
780 # *| F 4. Compute r = W_x mod q
782 # *| F 6. Compute e = OS2I(h) mod q. If e is 0, set e to 1.
783 # *| NOTE: here, ISO/IEC 14888-3 and RFCs differ in the way e treated.
784 # *| e = OS2I(h) for ISO/IEC 14888-3, or e = OS2I(reversed(h)) when endianness of h
786 # *| F 7. Compute s = (rx + ke) mod q
799 # Reverse the endianness for Russian standard RFC ECRDSA (contrary to ISO/IEC 14888-3 case)
800 h = h[::-1]
820 # *| IUF - ECRDSA verification
823 # *| F 2. Compute h = H(m)
824 # *| F 3. Compute e = OS2I(h)^-1 mod q
825 # *| NOTE: here, ISO/IEC 14888-3 and RFCs differ in the way e treated.
826 # *| e = OS2I(h) for ISO/IEC 14888-3, or e = OS2I(reversed(h)) when endianness of h
828 # *| F 4. Compute u = es mod q
829 # *| F 4. Compute v = -er mod q
830 # *| F 5. Compute W' = uG + vY = (W'_x, W'_y)
831 # *| F 6. Let's now compute r' = W'_x mod q
852 # Reverse the endianness for Russian standard RFC ECRDSA (contrary to ISO/IEC 14888-3 case)
853 h = h[::-1]
856 v = (-e * r) % q
865 # *| IUF - ECGDSA signature
867 # *| UF 1. Compute h = H(m). If |h| > bitlen(q), set h to bitlen(q)
869 # *| F 2. Convert e = - OS2I(h) mod q
871 # *| F 4. Compute W = (W_x,W_y) = kG
872 # *| F 5. Compute r = W_x mod q
874 # *| F 7. Compute s = x(kr + e) mod q
889 e = (-stringtoint(h)) % q
906 # *| IUF - ECGDSA verification
909 # *| UF 2. Compute h = H(m). If |h| > bitlen(q), set h to bitlen(q)
911 # *| F 3. Compute e = OS2I(h) mod q
912 # *| F 4. Compute u = ((r^-1)e mod q)
913 # *| F 5. Compute v = ((r^-1)s mod q)
914 # *| F 6. Compute W' = uG + vY
915 # *| F 7. Compute r' = W'_x mod q
949 # *| IUF - ECSDSA/ECOSDSA signature
952 # *| I 2. Compute W = kG = (Wx, Wy)
953 # *| IUF 3. Compute r = H(Wx [|| Wy] || m)
954 # *| - In the normal version (ECSDSA), r = h(Wx || Wy || m).
955 # *| - In the optimized version (ECOSDSA), r = h(Wx || m).
956 # *| F 4. Compute e = OS2I(r) mod q
958 # *| F 6. Compute s = (k + ex) mod q.
995 # *| IUF - ECSDSA/ECOSDSA verification
998 # *| I 2. Compute e = -r mod q
1000 # *| I 4. Compute W' = sG + eY
1001 # *| IUF 5. Compute r' = H(W'x [|| W'y] || m)
1002 # *| - In the normal version (ECSDSA), r = h(W'x || W'y || m).
1003 # *| - In the optimized version (ECOSDSA), r = h(W'x || m).
1021 e = (-r) % q
1042 ### Generate self-tests for all the algorithms
1098 …t, err);\n\tret = nn_cmp(out, q, &cmp); EG(ret, err);\n\tret = (cmp >= 0) ? -1 : 0;\nerr:\n\tretur…
1147 …t, err);\n\tret = nn_cmp(out, q, &cmp); EG(ret, err);\n\tret = (cmp >= 0) ? -1 : 0;\nerr:\n\tretur…
1302 # Extract Gx and Gy, see X9.62-1998
1314 # Compressed point: uncompress it, see X9.62-1998 section 4.2.1
1324 gy = prime - beta
1338 hexstr = ("0"*int((2*size)-len(hexstr)))+hexstr
1341 for i in range(0, len(hexstr) - 1, 2):
1409 buff = buff.decode('latin-1')
1421 return enc == s.encode('latin-1')
1453 # Compute the rounded word size for each word size
1466 # Compute some parameters
1470 # Compute p_reciprocal for each word size
1474 # Compute the number of points on the curve
1488 ec_params_string += "#if (WORD_BYTES == 8) /* 64-bit words */\n"
1495 ec_params_string += "#elif (WORD_BYTES == 4) /* 32-bit words */\n"
1502 ec_params_string += "#elif (WORD_BYTES == 2) /* 16-bit words */\n"
1568 " * Compute max bit length of all curves for p and q\n"+\
1593 " * Compute and adapt max name and oid length\n"+\
1622 …mplements elliptic curves and ISO signature algorithms from scratch over Python's multi-precision")
1629 print("-----------------------------------------------------")
1630 …print(sys.argv[0]+" --name=\"YOURCURVENAME\" --prime=... --order=... --a=... --b=... --gx=... --gy…
1648 print("-------------------------------------------------------------")
1649 print(sys.argv[0]+" --name=\"YOURCURVENAME\" --ECfile=... --oid=THEOID")
1654 print("\t $ openssl ecparam -list_curves")
1657 …print("\t $ openssl ecparam -param_enc explicit -outform DER -name brainpoolP320r1 -out brainpool…
1660 print("-----------------------------")
1661 print("\t*All the user defined curves can be removed with the --remove-all toggle.")
1662 … specific named user define curve can be removed with the --remove toggle: in this case the --name…
1666 print("-------------")
1667 …cally generated and added to the library self tests when providing the --add-test-vectors=X toggle…
1668 …ctors will be generated for *each* (curve, sign algorithm, hash algorithm) 3-uplet (beware of comb…
1687 …-all", "name=", "prime=", "a=", "b=", "generator=", "gx=", "gy=", "order=", "cofactor=", "alpha_mo…
1690 print(err) # will print something like "option -a not recognized"
1694 if o in ("-h", "--help"):
1697 elif o in ("--name"):
1702 name = re.sub("\-", "_", name)
1703 elif o in ("--oid="):
1705 elif o in ("--prime"):
1707 elif o in ("--a"):
1709 elif o in ("--b"):
1711 elif o in ("--gx"):
1713 elif o in ("--gy"):
1715 elif o in ("--generator"):
1717 elif o in ("--order"):
1719 elif o in ("--cofactor"):
1721 elif o in ("--alpha_montgomery"):
1723 elif o in ("--gamma_montgomery"):
1725 elif o in ("--alpha_edwards"):
1727 elif o in ("--remove"):
1729 elif o in ("--remove-all"):
1731 elif o in ("--add-test-vectors"):
1733 elif o in ("--ECfile"):
1752 print("--remove option expects a curve name provided with --name")
1763 print("Error: you must provide a curve name with --remove")
1834 (check, derbuf) = buffer_remove_pattern(buf, "-----.*-----")
1850 print("See the help with -h or --help")