int main()
{
#ifdef MR_GENERIC_MT
miracl instance;
#endif
big p,A,B,fr,q,delta,t,T;
zzn2 res,Qx,Qy;
epoint *P;
int i,romptr;
#ifndef MR_STATIC
#ifdef MR_GENERIC_MT
miracl *mr_mip=mirsys(&instance,WORDS*NPW,16);
#else
miracl *mr_mip=mirsys(WORDS*NPW,16);
#endif
char *mem=memalloc(_MIPP_ 14);
char *mem1=ecp_memalloc(_MIPP_ 1);
#else
#ifdef MR_GENERIC_MT
miracl *mr_mip=mirsys(&instance,MR_STATIC*NPW,16);
#else
miracl *mr_mip=mirsys(MR_STATIC*NPW,16);
#endif
char mem[MR_BIG_RESERVE(14)]; /* reserve space on the stack for 14 bigs */
char mem1[MR_ECP_RESERVE(1)]; /* reserve space on stack for 1 curve points */
memset(mem,0,MR_BIG_RESERVE(14)); /* clear this memory */
memset(mem1,0,MR_ECP_RESERVE(1));
#endif
p=mirvar_mem(_MIPP_ mem,0);
A=mirvar_mem(_MIPP_ mem,1);
B=mirvar_mem(_MIPP_ mem,2);
T=mirvar_mem(_MIPP_ mem,3);
q=mirvar_mem(_MIPP_ mem,4);
fr=mirvar_mem(_MIPP_ mem,5);
delta=mirvar_mem(_MIPP_ mem,6);
res.a=mirvar_mem(_MIPP_ mem,7);
res.b=mirvar_mem(_MIPP_ mem,8);
t=mirvar_mem(_MIPP_ mem,9);
Qx.a=mirvar_mem(_MIPP_ mem,10);
Qx.b=mirvar_mem(_MIPP_ mem,11);
Qy.a=mirvar_mem(_MIPP_ mem,12);
Qy.b=mirvar_mem(_MIPP_ mem,13);
P=epoint_init_mem(_MIPP_ mem1,0);
convert(_MIPP_ -3,A);
romptr=0;
init_big_from_rom(p,WORDS,romp,ROMSZ,&romptr);
init_big_from_rom(B,WORDS,romp,ROMSZ,&romptr);
init_big_from_rom(q,WORDS,romp,ROMSZ,&romptr);
init_big_from_rom(delta,WORDS,romp,ROMSZ,&romptr);
init_big_from_rom(fr,WORDS,romp,ROMSZ,&romptr);
init_big_from_rom(T,WORDS,romp,ROMSZ,&romptr);
#ifndef MR_NO_STANDARD_IO
printf("ROM size= %d\n",sizeof(romp)+sizeof(Prom));
printf("sizeof(miracl)= %d\n",sizeof(miracl));
#endif
ecurve_init(_MIPP_ A,B,p,MR_PROJECTIVE);
romptr=0;
init_point_from_rom(P,WORDS,Prom,PROMSZ,&romptr);
init_big_from_rom(Qx.a,WORDS,Prom,PROMSZ,&romptr);
init_big_from_rom(Qx.b,WORDS,Prom,PROMSZ,&romptr);
init_big_from_rom(Qy.a,WORDS,Prom,PROMSZ,&romptr);
init_big_from_rom(Qy.b,WORDS,Prom,PROMSZ,&romptr);
#ifdef MR_COUNT_OPS
fpa=fpc=fpx=0;
#endif
ecap(_MIPP_ &Qx,&Qy,P,T,fr,delta,&res);
/*
#ifdef MR_COUNT_OPS
printf("fpc= %d\n",fpc);
printf("fpa= %d\n",fpa);
printf("fpx= %d\n",fpx);
fpa=fpc=fpx=0;
#endif
*/
bigbits(_MIPP_ 160,t);
zzn2_powl(_MIPP_ &res,t,&res);
#ifndef MR_NO_STANDARD_IO
zzn2_out(_MIPP_ "res= ",&res);
#endif
ecurve_mult(_MIPP_ t,P,P);
ecap(_MIPP_ &Qx,&Qy,P,T,fr,delta,&res);
#ifndef MR_NO_STANDARD_IO
zzn2_out(_MIPP_ "res= ",&res);
#endif
#ifndef MR_STATIC
memkill(_MIPP_ mem,14);
ecp_memkill(_MIPP_ mem1,1);
#else
memset(mem,0,MR_BIG_RESERVE(14)); /* clear this stack memory */
memset(mem1,0,MR_ECP_RESERVE(1));
#endif
return 0;
}
int SM9_standard_key_decap(unsigned char *IDB, unsigned char deB[], unsigned char C[], int Klen, unsigned char K[])
{
big h, x, y;
epoint *Cipher;
unsigned char *Z = NULL;
int Zlen, i, num = 0;
zzn12 w;
ecn2 dEB;
//initiate
h = mirvar(0);
x = mirvar(0);
y = mirvar(0);
Cipher = epoint_init();
zzn12_init(&w);
dEB.x.a = mirvar(0);
dEB.x.b = mirvar(0);
dEB.y.a = mirvar(0);
dEB.y.b = mirvar(0);
dEB.z.a = mirvar(0);
dEB.z.b = mirvar(0);
dEB.marker = MR_EPOINT_INFINITY;
bytes_to_big(BNLEN, C, x);
bytes_to_big(BNLEN, C + BNLEN, y);
epoint_set(x, y, 0, Cipher);
bytes128_to_ecn2(deB, &dEB);
//----------Step1:test if C is on G1-----------------
if(Test_Point(Cipher))
return SM9_NOT_VALID_G1;
//----------Step2:calculate w=e(C,deB)-----------------
if(!ecap(dEB, Cipher, para_t, X, &w))
return SM9_MY_ECAP_12A_ERR;
//test if a ZZn12 element is of order q
if(!member(w, para_t, X))
return SM9_MEMBER_ERR;
printf("\n***********************w=e(C,deB):****************************\n");
zzn12_ElementPrint(w);
//----------Step3:K=KDF(C||w'||IDB,klen)------------------------
Zlen = strlen(IDB) + BNLEN * 14;
Z = (char *)malloc(sizeof(char)*(Zlen + 1));
if(Z == NULL)
return SM9_ASK_MEMORY_ERR;
LinkCharZzn12(C, BNLEN * 2, w, Z, BNLEN * 14);
memcpy(Z + BNLEN * 14, IDB, strlen(IDB));
SM3_kdf(Z, Zlen, Klen, K);
//----------------test if K equals 0------------------------
printf("\n******************* K=KDF(C||w||IDB,klen):***********************\n");
for(i = 0; i < Klen; i++)
{
if(K[i] == 0)
num += 1;
printf("%02x", K[i]);
}
if(num == Klen)
return SM9_ERR_K1_ZERO;
free(Z);
return 0;
}
int SM9_standard_key_encap(unsigned char hid[], unsigned char *IDB, unsigned char rand[],
unsigned char Ppub[], unsigned char C[], unsigned char K[], int Klen)
{
big h, x, y, r;
epoint *Ppube, *QB, *Cipher;
unsigned char *Z = NULL;
int Zlen, buf, i, num = 0;
zzn12 g, w;
//initiate
h = mirvar(0);
r = mirvar(0);
x = mirvar(0);
y = mirvar(0);
QB = epoint_init();
Ppube = epoint_init();
Cipher = epoint_init();
zzn12_init(&g);
zzn12_init(&w);
bytes_to_big(BNLEN, Ppub, x);
bytes_to_big(BNLEN, Ppub + BNLEN, y);
epoint_set(x, y, 0, Ppube);
//----------Step1:calculate QB=[H1(IDB||hid,N)]P1+Ppube----------
Zlen = strlen(IDB) + 1;
Z = (char *)malloc(sizeof(char)*(Zlen + 1));
if(Z == NULL)
return SM9_ASK_MEMORY_ERR;
memcpy(Z, IDB, strlen(IDB));
memcpy(Z + strlen(IDB), hid, 1);
buf = SM9_standard_h1(Z, Zlen, N, h);
free(Z);
if(buf)
return buf;
printf("\n************************ H1(IDB||hid,N) ************************\n");
cotnum(h, stdout);
ecurve_mult(h, P1, QB);
ecurve_add(Ppube, QB);
printf("\n*******************QB:=[H1(IDB||hid,N)]P1+Ppube*****************\n");
epoint_get(QB, x, y);
cotnum(x, stdout);
cotnum(y, stdout);
//-------------------- Step2:randnom -------------------
bytes_to_big(BNLEN, rand, r);
printf("\n***********************randnum r: ******************************\n");
cotnum(r, stdout);
//----------------Step3:C=[r]QB------------------------
ecurve_mult(r, QB, Cipher);
epoint_get(Cipher, x, y);
printf("\n*********************** C=[r]QB: ******************************\n");
cotnum(x, stdout);
cotnum(y, stdout);
big_to_bytes(BNLEN, x, C, 1);
big_to_bytes(BNLEN, y, C + BNLEN, 1);
//----------------Step4:g=e(Ppube,P2)------------------------
if(!ecap(P2, Ppube, para_t, X, &g))
return SM9_MY_ECAP_12A_ERR;
//test if a ZZn12 element is of order q
if(!member(g, para_t, X))
return SM9_MEMBER_ERR;
printf("\n***********************g=e(Ppube,P2):****************************\n");
zzn12_ElementPrint(g);
//----------------Step5:w=g^r------------------------
w = zzn12_pow(g, r);
printf("\n************************* w=g^r:*********************************\n");
zzn12_ElementPrint(w);
//----------------Step6:K=KDF(C||w||IDB,klen)------------------------
Zlen = strlen(IDB) + BNLEN * 14;
Z = (char *)malloc(sizeof(char)*(Zlen + 1));
if(Z == NULL)
return SM9_ASK_MEMORY_ERR;
LinkCharZzn12(C, BNLEN * 2, w, Z, BNLEN * 14);
memcpy(Z + BNLEN * 14, IDB, strlen(IDB));
SM3_kdf(Z, Zlen, Klen, K);
free(Z);
//----------------test if K equals 0------------------------
printf("\n******************* K=KDF(C||w||IDB,klen):***********************\n");
for(i = 0; i < Klen; i++)
{
if(K[i] == 0)
num += 1;
printf("%02x", K[i]);
}
if(num == Klen)
return SM9_ERR_K1_ZERO;
return 0;
}
int main()
{
miracl* mip=&precision;
ECn Alice,Bob,sA,sB;
ECn3 B6,Server,sS;
ZZn6 sp,ap,bp;
ZZn6 res;
ZZn2 X;
Big a,b,s,ss,p,q,x,y,B,cf,t,sru,T;
int i,A;
time_t seed;
mip->IOBASE=16;
x="-D285DA0CFEF02F06F812"; // MNT elliptic curve parameters (Thanks to Drew Sutherland)
p=x*x+1;
q=x*x-x+1;
t=x+1;
cf=x*x+x+1;
T=t-1;
// cout << "t-1= " << T << endl;
// cout << "p%24= " << p%24 << endl;
time(&seed);
irand((long)seed);
A=-3;
B="77479D33943B5B1F590B54258B72F316B3261D45";
#ifdef AFFINE
ecurve(A,B,p,MR_AFFINE);
#endif
#ifdef PROJECTIVE
ecurve(A,B,p,MR_PROJECTIVE);
#endif
set_frobenius_constant(X);
sru=pow((ZZn)-2,(p-1)/6); // x^6+2 is irreducible
set_zzn3(-2,sru);
mip->IOBASE=16;
mip->TWIST=MR_QUADRATIC; // map Server to point on twisted curve E(Fp3)
ss=rand(q); // TA's super-secret
cout << "Mapping Server ID to point" << endl;
Server=hash_and_map3((char *)"Server");
cofactor(Server,x,X);
cout << "Mapping Alice & Bob ID's to points" << endl;
Alice=hash_and_map((char *)"Alice");
Bob= hash_and_map((char *)"Robert");
cout << "Alice, Bob and the Server visit Trusted Authority" << endl;
sS=G2_mul(Server,ss,x,X);
sA=ss*Alice;
sB=ss*Bob;
cout << "Alice and Server Key Exchange" << endl;
a=rand(q); // Alice's random number
s=rand(q); // Server's random number
if (!ecap(sA,Server,x,X,res)) cout << "Trouble" << endl;
if (!member(res,x,X))
{
cout << "Wrong group order - aborting" << endl;
exit(0);
}
ap=GT_pow(res,a,x,X);//powu(res,a);
if (!ecap(Alice,sS,x,X,res)) cout << "Trouble" << endl;
if (!member(res,x,X))
{
cout << "Wrong group order - aborting" << endl;
exit(0);
}
sp=GT_pow(res,s,x,X);
cout << "Alice Key= " << H2(powu(sp,a)) << endl;
cout << "Server Key= " << H2(powu(ap,s)) << endl;
cout << "Bob and Server Key Exchange" << endl;
b=rand(q); // Bob's random number
s=rand(q); // Server's random number
if (!ecap(sB,Server,x,X,res)) cout << "Trouble" << endl;
if (!member(res,x,X))
{
cout << "Wrong group order - aborting" << endl;
exit(0);
}
bp=GT_pow(res,b,x,X);
if (!ecap(Bob,sS,x,X,res)) cout << "Trouble" << endl;
if (!member(res,x,X))
{
cout << "Wrong group order - aborting" << endl;
exit(0);
}
sp=GT_pow(res,s,x,X);
cout << "Bob's Key= " << H2(powu(sp,b)) << endl;
cout << "Server Key= " << H2(powu(bp,s)) << endl;
return 0;
}
