static BOOL bign_keyunwrap(byte *X, byte *d, byte *untoken){
Point q;
REV_PI(X, q);
BigInteger Q = bign_curve256v1::getQ();
byte s0[32];
memcpy(s0, d, sizeof s0);
for (size_t jj = 0; jj < 32; jj += 4) change_endian(s0 + jj);
BigInteger S0(s0, 32);
S0 <<= 128;
S0 %= Q;
byte h_belt[32];
memcpy(h_belt, H, 32);
for (size_t jj = 0; jj <32; jj += 4) change_endian(h_belt + jj);
BigInteger temp2(h_belt, 32);
temp2 %= Q;
byte _qq[32];
memcpy(_qq, d + 32, sizeof _qq);
for (size_t jj = 0; jj < 32; jj += 4) change_endian(_qq + jj);
BigInteger S1(_qq, 32);
if (S1 >= Q) return false;
BigInteger rr = (temp2 + S1) % Q;
BigInteger zero = BigInteger(0);
Point G(zero, bign_curve256v1::getY());
Point R = shamir(G, rr, q, S0);
if (R.x == zero && R.y == zero) return false;
byte toHash[108];
byte bR[64];
PI(bR, R);
belt_hash(toHash, sizeof toHash, h_belt);
for (size_t jj = 0; jj < 32; ++jj) if (h_belt[jj] != bR[jj]) return false;
return true;
}
static BOOL bign_verify(byte *H, byte *_q, byte *S, uint32 size){
Point q;
REV_PI(_q, q);
BigInteger Q = bign_curve256v1::getQ();
byte s0[32];
memcpy(s0, S, sizeof s0);
for (size_t jj = 0; jj < 32; jj += 4) change_endian(s0 + jj);
BigInteger S0(s0, 32);
S0 <<= 128;
S0 %= Q;
byte _qq[32];
memcpy(_qq, S + 32, sizeof _qq);
for (size_t jj = 0; jj < 32; jj += 4) change_endian(_qq + jj);
BigInteger S1(_qq, 32);
if (S1 >= Q) return false;
byte h_belt[32];
memcpy(h_belt, H, 32);
for (size_t jj = 0; jj <32; jj += 4) change_endian(h_belt + jj);
BigInteger temp2(h_belt, 32);
temp2 %= Q;
BigInteger rr = (temp2 + S1) % Q;
BigInteger zero = BigInteger(0);
Point G(zero, bign_curve256v1::getY());
Point R = shamir(G, rr, q, S0);
if (R.x == zero && R.y == zero) return false;
byte toHash[108];
byte bR[64];
PI(bR, R);
memcpy(toHash, OID, sizeof OID);
memcpy(toHash + sizeof OID, bR, sizeof bR);
memcpy(toHash + sizeof OID + sizeof bR, H, 32);
belt_hash(toHash, sizeof toHash, h_belt);
for (size_t jj = 0; jj < 32; ++jj) if (h_belt[jj] != S[jj]) return false;
return true;
}
uint32_t test_belt_hash(const uint8_t* enter, uint32_t enter_len, const uint8_t* result, uint32_t result_len){
belt_hash_state state;
uint8_t belt_result[BELT_HASH_SIZE];
if(result_len != BELT_HASH_BLOCK_LEN)
return 0;
belt_hash_init(&state);
belt_hash(enter, enter_len, &state);
belt_end(belt_result, &state);
return (memcmp(belt_result, result, BELT_HASH_SIZE) == 0);
}
uint32_t test_belt_hash_bytes(const uint8_t* enter, uint32_t enter_len, const uint8_t* result, uint32_t result_len){
belt_hash_state state;
uint8_t belt_result[BELT_HASH_SIZE];
uint32_t i = 0;
if(result_len != BELT_HASH_BLOCK_LEN)
return 0;
belt_hash_init(&state);
for(i = 0; i < enter_len; i += 1)
{
belt_hash(enter + i, 1, &state);
}
belt_end(belt_result, &state);
return (memcmp(belt_result, result, BELT_HASH_SIZE) == 0);
}
static void bign_sign(byte *H, byte *d, byte* to) {
byte rand[32];
gen_rnd_data(rand, 32);
BigInteger k(rand, 32);
BigInteger P = bign_curve256v1::getP();
k %= P;
byte dd[32];
memcpy(dd, d, 32);
for (size_t jj = 0; jj < 32; jj += 4) change_endian(dd + jj);
BigInteger D(dd, 32);
BigInteger Q = bign_curve256v1::getQ();
Point G(BigInteger(0), bign_curve256v1::getY());
Point R = doit(G, k);
byte toHash[108];
byte bR[64];
PI(bR, R);
memcpy(toHash, OID, sizeof OID);
memcpy(toHash + sizeof OID, bR, sizeof bR);
memcpy(toHash + sizeof OID + sizeof bR, H, 32);
byte h_belt[32];
belt_hash(toHash, sizeof toHash, h_belt);
memcpy(to, h_belt, sizeof h_belt);
for (size_t jj = 0; jj <32; jj += 4) change_endian(h_belt + jj);
BigInteger temp1(h_belt, 32);
temp1 <<= 128;
temp1 %= Q;
temp1 *= D %= Q;
memcpy(h_belt, H, 32);
for (size_t jj = 0; jj <32; jj += 4) change_endian(h_belt + jj);
BigInteger temp2(h_belt, 32);
temp2 %= Q;
BigInteger temp3 = (k + Q - temp1 + Q - temp2) % Q;
memcpy(h_belt, temp3.data, 32);
for (size_t jj = 0; jj < 32; jj += 4) change_endian(h_belt + jj);
memcpy(to + 32, h_belt, 32);
}