38b90111 |
1 | #include <stdio.h> |
2 | #include <string.h> |
3 | #include <stdlib.h> |
4 | |
5 | #include <mLib/alloc.h> |
6 | #include <mLib/hex.h> |
7 | #include <mLib/dstr.h> |
8 | |
9 | #include "ec.h" |
10 | #include "mp.h" |
11 | #include "rand.h" |
12 | |
13 | static void puthex(const char *name, mp *x, size_t n) |
14 | { |
15 | dstr d = DSTR_INIT; |
16 | hex_ctx hc; |
17 | char *p; |
18 | |
19 | if (!n) n = mp_octets(x); |
20 | p = xmalloc(n); |
21 | hex_init(&hc); |
22 | hc.indent = ""; |
23 | hc.maxline = 0; |
24 | mp_storeb(x, p, n); |
25 | hex_encode(&hc, p, n, &d); |
26 | hex_encode(&hc, 0, 0, &d); |
27 | printf(" %s 0x", name); |
28 | dstr_write(&d, stdout); |
29 | putchar('\n'); |
30 | dstr_destroy(&d); |
31 | xfree(p); |
32 | } |
33 | |
34 | int main(int argc, char *argv[]) |
35 | { |
36 | ec_curve *c; |
37 | ec_info ei; |
38 | ec pt = EC_INIT; |
39 | qd_parse qd; |
40 | hex_ctx hc; |
41 | dstr d = DSTR_INIT; |
42 | size_t n; |
43 | octet *p; |
44 | mp *x, *y = 0, *yy = 0; |
45 | const char *err; |
46 | |
47 | qd.p = argv[1]; |
48 | qd.e = 0; |
49 | if ((c = ec_curveparse(&qd)) == 0 || !qd_eofp(&qd)) { |
50 | fprintf(stderr, "bad curve: %s\n", qd.e); |
51 | exit(1); |
52 | } |
53 | n = c->f->noctets; |
54 | |
55 | ei.c = c; |
56 | ei.r = mp_readstring(MP_NEW, argv[2], 0, 0); |
57 | ei.h = mp_readstring(MP_NEW, argv[3], 0, 0); |
58 | |
59 | EC_CREATE(&ei.g); |
60 | hex_init(&hc); |
61 | hex_decode(&hc, argv[4], strlen(argv[4]), &d); |
62 | hex_decode(&hc, 0, 0, &d); |
63 | p = (octet *)d.buf; |
64 | if (p[0] == 0) { |
65 | EC_SETINF(&ei.g); |
66 | } else { |
67 | if (d.len < n + 1) { |
68 | fprintf(stderr, "missing x\n"); |
69 | exit(1); |
70 | } |
71 | x = mp_loadb(MP_NEW, p + 1, n); |
72 | if (p[0] & 0x04) { |
73 | if (d.len < 2 * n + 1) { |
74 | fprintf(stderr, "missing y\n"); |
75 | exit(1); |
76 | } |
77 | y = mp_loadb(MP_NEW, p + n + 1, n); |
78 | } |
79 | if (p[0] & 0x02) { |
80 | if (!EC_FIND(c, &pt, x)) { |
81 | fprintf(stderr, "no matching y\n"); |
82 | exit(1); |
83 | } |
84 | yy = MP_COPY(pt.y); |
85 | ec_destroy(&pt); |
86 | switch (F_TYPE(c->f)) { |
87 | case FTY_PRIME: |
88 | if (!MP_ISODD(yy) != !(p[0] & 1)) |
89 | yy = mp_sub(yy, c->f->m, yy); |
90 | break; |
91 | case FTY_BINARY: |
92 | if (MP_ISZERO(x)) |
93 | yy = F_SQRT(c->f, MP_NEW, c->b); |
94 | else { |
95 | mp *xx = F_SQR(c->f, MP_NEW, x); |
96 | mp *b = F_MUL(c->f, MP_NEW, xx, c->a); |
97 | mp *xxx = F_MUL(c->f, MP_NEW, xx, x); |
98 | b = F_ADD(c->f, b, b, xxx); |
99 | b = F_ADD(c->f, b, b, c->b); |
100 | xx = F_INV(c->f, xx, xx); |
101 | b = F_MUL(c->f, b, b, xx); |
102 | mp_drop(xxx); |
103 | mp_drop(xx); |
104 | yy = F_QUADSOLVE(c->f, MP_NEW, b); |
105 | if (!MP_ISODD(yy) != !(p[0] & 1)) |
106 | yy = mp_add(yy, yy, MP_ONE); |
107 | yy = F_MUL(c->f, yy, yy, x); |
108 | } |
109 | break; |
110 | default: |
111 | abort(); |
112 | } |
113 | } |
114 | if (y && yy && !MP_EQ(y, yy)) { |
115 | fprintf(stderr, "inconsistent answers\n"); |
116 | exit(1); |
117 | } |
118 | ei.g.x = x; |
119 | ei.g.y = mp_copy(y ? y : yy); |
120 | mp_drop(y); mp_drop(yy); |
121 | } |
122 | |
123 | if ((err = ec_checkinfo(&ei, &rand_global)) != 0) { |
124 | fprintf(stderr, "bad curve: %s\n", err); |
125 | exit(0); |
126 | } |
127 | puthex("p", ei.c->f->m, 0); |
128 | puthex("a", ei.c->a, c->f->noctets); |
129 | puthex("b", ei.c->b, c->f->noctets); |
130 | puthex("r", ei.r, c->f->noctets); |
131 | printf(" h "); mp_writefile(ei.h, stdout, 10); putchar('\n'); |
132 | puthex("gx", ei.g.x, c->f->noctets); |
133 | puthex("gy", ei.g.y, c->f->noctets); |
134 | ec_freeinfo(&ei); |
135 | dstr_destroy(&d); |
136 | return (0); |
137 | } |