def __init__(self, t1, t2, t3, t4, bx, bz):
"""
B = 2 * Q where
X(B) = bx/bz
X(Q) = (t3+t4)/(t3-t4)
clobbers t1 and t2, preserves t3 and t4
:param t1: Long10
:param t2: Long10
:param t3: Long10
:param t4: Long10
:param bx: Long10
:param bz: Long10
"""
#print("Mont_Dbl")
if isinstance(t1, Long10) and isinstance(t2, Long10) and isinstance(
t3, Long10) and isinstance(t4, Long10) and isinstance(
bx, Long10) and isinstance(bz, Long10):
sqr(t1, t3)
sqr(t2, t4)
mul(bx, t1, t2)
sub(t2, t1, t2)
mul_small(bz, t2, 121665)
add(t1, t1, bz)
mul(bz, t1, t2)
def __init__(self, t1, t2, t3, t4, ax, az, dx):
"""
A = P + Q where
X(A) = ax/az
X(P) = (t1+t2)/(t1-t2)
X(Q) = (t3+t4)/(t3-t4)
X(P-Q) = dx
clobbers t1 and t2, preserves t3 and t4 */
:param t1: Long10
:param t2: Long10
:param t3: Long10
:param t4: Long10
:param ax: Long10
:param az: Long10
:param dx: Long10
"""
#print("Mont_Add")
if isinstance(t1, Long10) and isinstance(t2, Long10) and isinstance(
t3, Long10) and isinstance(t4, Long10) and isinstance(
ax, Long10) and isinstance(az, Long10) and isinstance(
dx, Long10):
mul(ax, t2, t3)
mul(az, t1, t4)
add(t1, ax, az)
sub(t2, ax, az)
sqr(ax, t1)
sqr(t1, t2)
mul(az, t1, dx)
def __init__(self, t1, t2, ax, az):
"""
y^2 = x^3 + 486662 x^2 + x over GF(2^255-19)
t1 = ax + az
t2 = ax - az */
:param t1: Long10
:param t2: Long10
:param ax: Long10
:param az: Long10
"""
#print("Mont_Prep")
if isinstance(t1, Long10) and isinstance(t2, Long10) and isinstance(ax, Long10) and isinstance(az, Long10):
add(t1, ax, az)
sub(t2, ax, az)
def __init__(self, t, y2, x):
"""
Y^2 = X^3 + 486662 X^2 + X
t is a temporary
:param t: Long10
:param y2: Long10
:param x: Long10
"""
sqr(t, x)
mul_small(y2, x, 486662)
add(t, t, y2)
#print("before",t._0)
t._0 = t._0 + 1
#print("after",t._0)
mul(y2, t, x)
def __init__(self, x, u):
"""
a square root
:param x: Long10
:param u: Long10
:return:
"""
v = Long10()
t1 = Long10()
t2 = Long10()
add(t1, u, u) # t1 = 2u
recip(v, t1, 1) # v = (2u)^((p-5)/8)
sqr(x, v) # x = v^2
mul(t2, t1, x) # t2 = 2uv^2
print(t2.printAll())
t2._0 = t2._0 - 1 # t2 = 2uv^2-1
print(t2.printAll())
mul(t1, v, t2) # t1 = v(2uv^2-1)
mul(x, u, t1) # x = uv(2uv^2-1)
def __init__(self,Y, v, h, P):
"""
:param Y: list[]
:param v: list[]
:param h: list[]
:param P: list[]
"""
BASE_2Y = Long10(39999547, 18689728, 59995525, 1648697, 57546132,24010086, 19059592, 5425144, 63499247, 16420658)
# Y = v abs(P) + h G
d = [] * 32
p = Long10(Long10(), Long10())
s = Long10(Long10(), Long10())
yx = Long10(Long10(), Long10(), Long10())
yz = Long10(Long10(), Long10(), Long10())
t1 = Long10(Long10(), Long10(), Long10())
t2 = Long10(Long10(), Long10(), Long10())
vi = 0
hi = 0
di = 0
nvh= 0
i = None
j = None
k = None
# set p[0] to G and p[1] to P
set(p[0], 9)
unpack(p[1], P)
# set s[0] to P+G and s[1] to P-G
#
# s[0] = (Py^2 + Gy^2 - 2 Py Gy)/(Px - Gx)^2 - Px - Gx - 486662
# s[1] = (Py^2 + Gy^2 + 2 Py Gy)/(Px - Gx)^2 - Px - Gx - 486662
x_to_y2(t1[0], t2[0], p[1]) # t2[0] = Py^2
sqrt(t1[0], t2[0]) # t1[0] = Py or -Py
j = is_negative(t1[0]) # ... check which
t2[0]._0 += 39420360 # t2[0] = Py^2 + Gy^2
mul(t2[1], BASE_2Y, t1[0]) # t2[1] = 2 Py Gy or -2 Py Gy
sub(t1[j], t2[0], t2[1]) # t1[0] = Py^2 + Gy^2 - 2 Py Gy
add(t1[1-j], t2[0], t2[1]) # t1[1] = Py^2 + Gy^2 + 2 Py Gy
cpy(t2[0], p[1]) # t2[0] = Px
t2[0]._0 -= 9; # t2[0] = Px - Gx
sqr(t2[1], t2[0]) # t2[1] = (Px - Gx)^2
recip(t2[0], t2[1], 0) # t2[0] = 1/(Px - Gx)^2
mul(s[0], t1[0], t2[0]) # s[0] = t1[0]/(Px - Gx)^2
sub(s[0], s[0], p[1]) # s[0] = t1[0]/(Px - Gx)^2 - Px
s[0]._0 -= 9 + 486662 # s[0] = X(P+G)
mul(s[1], t1[1], t2[0]) # s[1] = t1[1]/(Px - Gx)^2
sub(s[1], s[1], p[1]) # s[1] = t1[1]/(Px - Gx)^2 - Px
s[1]._0 -= 9 + 486662 # s[1] = X(P-G)
mul_small(s[0], s[0], 1) # reduce s[0]
mul_small(s[1], s[1], 1) # reduce s[1]
# prepare the chain
#
for i in range(32):
vi = (vi >> 8) ^ (v[i] & 0xFF) ^ ((v[i] & 0xFF) << 1)
hi = (hi >> 8) ^ (h[i] & 0xFF) ^ ((h[i] & 0xFF) << 1)
nvh = ~(vi ^ hi)
di = (nvh & (di & 0x80) >> 7) ^ vi
di ^= nvh & (di & 0x01) << 1
di ^= nvh & (di & 0x02) << 1
di ^= nvh & (di & 0x04) << 1
di ^= nvh & (di & 0x08) << 1
di ^= nvh & (di & 0x10) << 1
di ^= nvh & (di & 0x20) << 1
di ^= nvh & (di & 0x40) << 1
#d[i] = (byte)di
d[i] = packl_ctypes(di).value
di = ((nvh & (di & 0x80) << 1) ^ vi) >> 8
# initialize state
#
set(yx[0], 1)
cpy(yx[1], p[di])
cpy(yx[2], s[0])
set(yz[0], 0)
set(yz[1], 1)
set(yz[2], 1)
"""
y[0] is (even)P + (even)G
y[1] is (even)P + (odd)G if current d-bit is 0
y[1] is (odd)P + (even)G if current d-bit is 1
y[2] is (odd)P + (odd)G
"""
vi = 0
hi = 0
# and go for it!
# start last element of 32 list object backward and stop at 0
#
for i in range(31, -1, -1):
vi = (vi << 8) | (v[i] & 0xFF)
hi = (hi << 8) | (h[i] & 0xFF)
di = (di << 8) | (d[i] & 0xFF)
for j in range(7,-1,-1):
mont_prep(t1[0], t2[0], yx[0], yz[0])
mont_prep(t1[1], t2[1], yx[1], yz[1])
mont_prep(t1[2], t2[2], yx[2], yz[2])
k = ((vi ^ vi >> 1) >> j & 1) + ((hi ^ hi >> 1) >> j & 1)
mont_dbl(yx[2], yz[2], t1[k], t2[k], yx[0], yz[0])
k = (di >> j & 2) ^ ((di >> j & 1) << 1)
mont_add(t1[1], t2[1], t1[k], t2[k], yx[1], yz[1], p[di >> j & 1])
mont_add(t1[2], t2[2], t1[0], t2[0], yx[2], yz[2], s[((vi ^ hi) >> j & 2) >> 1])
k = (vi & 1) + (hi & 1)
recip(t1[0], yz[k], 0)
mul(t1[1], yx[k], t1[0])
pack(t1[1], Y)
def __init__(self, Px, s, k, Gx):
"""
:param Px: list[]
:param s: list[]
:param k: list[]
:param Gx: list[]
"""
bit0 = None
bit1 = None
BASE_R2Y = Long10(5744, 8160848, 4790893, 13779497, 35730846, 12541209,
49101323, 30047407, 40071253, 6226132)
ORDER_TIMES_8 = [] * 32
ORDER_TIMES_8.append(packl_ctypes(104).value)
ORDER_TIMES_8.append(packl_ctypes(159).value)
ORDER_TIMES_8.append(packl_ctypes(174).value)
ORDER_TIMES_8.append(packl_ctypes(231).value)
ORDER_TIMES_8.append(packl_ctypes(210).value)
ORDER_TIMES_8.append(packl_ctypes(24).value)
ORDER_TIMES_8.append(packl_ctypes(147).value)
ORDER_TIMES_8.append(packl_ctypes(192).value)
ORDER_TIMES_8.append(packl_ctypes(178).value)
ORDER_TIMES_8.append(packl_ctypes(230).value)
ORDER_TIMES_8.append(packl_ctypes(188).value)
ORDER_TIMES_8.append(packl_ctypes(23).value)
ORDER_TIMES_8.append(packl_ctypes(245).value)
ORDER_TIMES_8.append(packl_ctypes(206).value)
ORDER_TIMES_8.append(packl_ctypes(247).value)
ORDER_TIMES_8.append(packl_ctypes(166).value)
ORDER_TIMES_8.append(packl_ctypes(0).value)
ORDER_TIMES_8.append(packl_ctypes(0).value)
ORDER_TIMES_8.append(packl_ctypes(0).value)
ORDER_TIMES_8.append(packl_ctypes(0).value)
ORDER_TIMES_8.append(packl_ctypes(0).value)
ORDER_TIMES_8.append(packl_ctypes(0).value)
ORDER_TIMES_8.append(packl_ctypes(0).value)
ORDER_TIMES_8.append(packl_ctypes(0).value)
ORDER_TIMES_8.append(packl_ctypes(0).value)
ORDER_TIMES_8.append(packl_ctypes(0).value)
ORDER_TIMES_8.append(packl_ctypes(0).value)
ORDER_TIMES_8.append(packl_ctypes(0).value)
ORDER_TIMES_8.append(packl_ctypes(0).value)
ORDER_TIMES_8.append(packl_ctypes(0).value)
ORDER_TIMES_8.append(packl_ctypes(0).value)
ORDER_TIMES_8.append(packl_ctypes(128).value)
ORDER = [] * 32
ORDER.append(packl_ctypes(237).value)
ORDER.append(packl_ctypes(211).value)
ORDER.append(packl_ctypes(245).value)
ORDER.append(packl_ctypes(92).value)
ORDER.append(packl_ctypes(26).value)
ORDER.append(packl_ctypes(99).value)
ORDER.append(packl_ctypes(18).value)
ORDER.append(packl_ctypes(88).value)
ORDER.append(packl_ctypes(214).value)
ORDER.append(packl_ctypes(156).value)
ORDER.append(packl_ctypes(247).value)
ORDER.append(packl_ctypes(162).value)
ORDER.append(packl_ctypes(222).value)
ORDER.append(packl_ctypes(249).value)
ORDER.append(packl_ctypes(222).value)
ORDER.append(packl_ctypes(20).value)
ORDER.append(packl_ctypes(0).value)
ORDER.append(packl_ctypes(0).value)
ORDER.append(packl_ctypes(0).value)
ORDER.append(packl_ctypes(0).value)
ORDER.append(packl_ctypes(0).value)
ORDER.append(packl_ctypes(0).value)
ORDER.append(packl_ctypes(0).value)
ORDER.append(packl_ctypes(0).value)
ORDER.append(packl_ctypes(0).value)
ORDER.append(packl_ctypes(0).value)
ORDER.append(packl_ctypes(0).value)
ORDER.append(packl_ctypes(0).value)
ORDER.append(packl_ctypes(0).value)
ORDER.append(packl_ctypes(0).value)
ORDER.append(packl_ctypes(0).value)
ORDER.append(packl_ctypes(16).value)
#print("ORDER ", ToHexString(ORDER).getString())
dx = Long10()
t1 = Long10()
t2 = Long10()
t3 = Long10()
t4 = Long10()
x = [Long10(), Long10()]
z = [Long10(), Long10()]
i = 32
j = 0
# unpack the base
if (Gx != None):
unpack(dx, Gx)
else:
mset(dx, 9)
# 0G = point-at-infinity
mset(x[0], 1)
mset(z[0], 0)
# 1G = G
cpy(x[1], dx)
mset(z[1], 1)
#range(10, 0, -1)
for i in range(31, -1, -1):
if (i == 0):
i = 0
for j in range(7, -1, -1):
# swap arguments depending on bit * /
bit1 = int((k[i] & 0xFF) >> j & 1)
bit0 = int(~(k[i] & 0xFF) >> j & 1)
ax = x[bit0]
az = z[bit0]
bx = x[bit1]
bz = z[bit1]
# a' = a + b */
# b' = 2 b */
mont_prep(t1, t2, ax, az)
mont_prep(t3, t4, bx, bz)
mont_add(t1, t2, t3, t4, ax, az, dx)
mont_dbl(t1, t2, t3, t4, bx, bz)
recip(t1, z[0], 0)
mul(dx, x[0], t1)
pack(dx, Px)
if s is not None:
x_to_y2(t2, t1, dx) # t1 = Py ^ 2
recip(t3, z[1], 0) # where Q=P+G...
mul(t2, x[1], t3) # t2 = Qx
add(t2, t2, dx) # t2 = Qx + Px
t2._0 += 9 + 486662 # t2 = Qx + Px + Gx + 486662
dx._0 -= 9 # dx = Px - Gx
sqr(t3, dx) # t3 = (Px - Gx) ^ 2
mul(dx, t2, t3) # dx = t2 (Px - Gx) ^ 2
sub(dx, dx, t1) # dx = t2 (Px - Gx) ^ 2 - Py ^ 2
dx._0 -= 39420360 # dx = t2 (Px - Gx) ^ 2 - Py ^ 2 - Gy ^ 2
mul(t1, dx, BASE_R2Y) # t1 = -Py
if is_negative(t1).value != 0: # sign is 1, so just copy
cpy32(s, k)
else: # sign is -1, so negate *
mula_small(s, ORDER_TIMES_8, 0, k, 32, -1)
# reduce s mod q
# ( is this needed? do it just in case, it's fast anyway) */
#// divmod((dstptr) t1, s, 32, order25519, 32);
# take reciprocal of s mod q
## Ok dobbiamo modificarli in liste
## in quanto all'interno
#temp1 = bytearray()
#temp2 = bytearray()
#temp3 = bytearray()
temp1 = [0] * 32
temp2 = [0] * 64
temp3 = [0] * 64
#for i in range(32):
# temp1.append(0x00)
#for i in range(64):
# temp2.append(0x00)
# temp3.append(0x00)
cpy32(temp1, ORDER)
vediamo = egcd32(temp2, temp3, s, temp1).value
cpy32(s, vediamo)
if s[31] & 0x80 != 0:
mula_small(s, s, 0, ORDER, 32, 1)
else:
print("CORE S --> IS NULL !!!!")