Home Explore Help
Register Sign In
Kirin
/
dlzx
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: fa96dd692a
Branches Tags
dlzx
/
vendor
/
simplito
/
elliptic-php
/
lib
/
Curve
/
BaseCurve.php

BaseCurve.php 9.2 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321 
  1. <?php
    2. 

  2. 

  3. namespace Elliptic\Curve;
    4. 

  4. 

  5. use Elliptic\Utils;
    6. 

  6. use \Exception;
    7. 

  7. use BN\BN;
    8. 

  8. 

  9. abstract class BaseCurve
    10. 

  10. {
    11. 

  11.     public $type;
    12. 

  12.     public $p;
    13. 

  13.     public $red;
    14. 

  14.     public $zero;
    15. 

  15.     public $one;
    16. 

  16.     public $two;
    17. 

  17.     public $n;
    18. 

  18.     public $g;
    19. 

  19.     protected $_wnafT1;
    20. 

  20.     protected $_wnafT2;
    21. 

  21.     protected $_wnafT3;
    22. 

  22.     protected $_wnafT4;
    23. 

  23.     public $redN;
    24. 

  24.     public $_maxwellTrick;
    25. 

  25. 

  26.     function __construct($type, $conf)
    27. 

  27.     {
    28. 

  28.         $this->type = $type;
    29. 

  29.         $this->p = new BN($conf["p"], 16);
    30. 

  30. 

  31.         //Use Montgomery, when there is no fast reduction for the prime
    32. 

  32.         $this->red = isset($conf["prime"]) ? BN::red($conf["prime"]) : BN::mont($this->p);
    33. 

  33. 

  34.         //Useful for many curves
    35. 

  35.         $this->zero = (new BN(0))->toRed($this->red);
    36. 

  36.         $this->one = (new BN(1))->toRed($this->red);
    37. 

  37.         $this->two = (new BN(2))->toRed($this->red);
    38. 

  38. 

  39.         //Curve configuration, optional
    40. 

  40.         $this->n = isset($conf["n"]) ? new BN($conf["n"], 16) : null;
    41. 

  41.         $this->g = isset($conf["g"]) ? $this->pointFromJSON($conf["g"], isset($conf["gRed"]) ? $conf["gRed"] : null) : null;
    42. 

  42. 

  43.         //Temporary arrays
    44. 

  44.         $this->_wnafT1 = array(0,0,0,0);
    45. 

  45.         $this->_wnafT2 = array(0,0,0,0);
    46. 

  46.         $this->_wnafT3 = array(0,0,0,0);
    47. 

  47.         $this->_wnafT4 = array(0,0,0,0);
    48. 

  48. 

  49.         //Generalized Greg Maxwell's trick
    50. 

  50.         $adjustCount = $this->n != null ? $this->p->div($this->n) : null;
    51. 

  51.         if( $adjustCount == null || $adjustCount->cmpn(100) > 0 )
    52. 

  52.         {
    53. 

  53.             $this->redN = null;
    54. 

  54.             $this->_maxwellTrick = false;
    55. 

  55.         }
    56. 

  56.         else
    57. 

  57.         {
    58. 

  58.             $this->redN = $this->n->toRed($this->red);
    59. 

  59.             $this->_maxwellTrick = true;
    60. 

  60.         }
    61. 

  61.     }
    62. 

  62. 

  63.     abstract public function point($x, $z);
    64. 

  64.     abstract public function validate($point);
    65. 

  65. 

  66.     public function _fixedNafMul($p, $k)
    67. 

  67.     {
    68. 

  68.         assert(isset($p->precomputed));
    69. 

  69. 

  70.         $doubles = $p->_getDoubles();
    71. 

  71.         $naf = Utils::getNAF($k, 1);
    72. 

  72.         $I = (1 << ($doubles["step"] + 1)) - ($doubles["step"] % 2 == 0 ? 2 : 1);
    73. 

  73.         $I = $I / 3;
    74. 

  74. 

  75.         //Translate to more windowed form
    76. 

  76.         $repr = array();
    77. 

  77.         for($j = 0; $j < count($naf); $j += $doubles["step"])
    78. 

  78.         {
    79. 

  79.             $nafW = 0;
    80. 

  80.             for($k = $j + $doubles["step"] - 1; $k >= $j; $k--)
    81. 

  81.                 $nafW = ($nafW << 1) + (isset($naf[$k]) ? $naf[$k] : 0);
    82. 

  82.             array_push($repr, $nafW);
    83. 

  83.         }
    84. 

  84. 

  85.         $a = $this->jpoint(null, null, null);
    86. 

  86.         $b = $this->jpoint(null, null, null);
    87. 

  87. 

  88.         for($i = $I; $i > 0; $i--)
    89. 

  89.         {
    90. 

  90.             for($j = 0; $j < count($repr); $j++)
    91. 

  91.             {
    92. 

  92.                 $nafW = $repr[$j];
    93. 

  93.                 if ($nafW == $i) {
    94. 

  94.                     $b = $b->mixedAdd($doubles["points"][$j]);
    95. 

  95.                 } else if($nafW == -$i) {
    96. 

  96.                     $b = $b->mixedAdd($doubles["points"][$j]->neg());
    97. 

  97.                 }
    98. 

  98.             }
    99. 

  99.             $a = $a->add($b);
    100. 

  100.         }
    101. 

  101. 

  102.         return $a->toP();
    103. 

  103.     }
    104. 

  104. 

  105.     public function _wnafMul($p, $k)
    106. 

  106.     {
    107. 

  107.         $w = 4;
    108. 

  108. 

  109.         //Precompute window
    110. 

  110.         $nafPoints = $p->_getNAFPoints($w);
    111. 

  111.         $w = $nafPoints["wnd"];
    112. 

  112.         $wnd = $nafPoints["points"];
    113. 

  113. 

  114.         //Get NAF form
    115. 

  115.         $naf = Utils::getNAF($k, $w);
    116. 

  116. 

  117.         //Add `this`*(N+1) for every w-NAF index
    118. 

  118.         $acc = $this->jpoint(null, null, null);
    119. 

  119.         for($i = count($naf) - 1; $i >= 0; $i--)
    120. 

  120.         {
    121. 

  121.             //Count zeros
    122. 

  122.             for($k = 0; $i >= 0 && $naf[$i] == 0; $i--)
    123. 

  123.                 $k++;
    124. 

  124. 

  125.             if($i >= 0)
    126. 

  126.                 $k++;
    127. 

  127.             $acc = $acc->dblp($k);
    128. 

  128. 

  129.             if($i < 0)
    130. 

  130.                 break;
    131. 

  131.             $z = $naf[$i];
    132. 

  132. 

  133.             assert($z != 0);
    134. 

  134. 

  135.             if( $p->type == "affine" )
    136. 

  136.             {
    137. 

  137.                 //J +- P
    138. 

  138.                 if( $z > 0 )
    139. 

  139.                     $acc = $acc->mixedAdd($wnd[($z - 1) >> 1]);
    140. 

  140.                 else
    141. 

  141.                     $acc = $acc->mixedAdd($wnd[(-$z - 1) >> 1]->neg());
    142. 

  142.             }
    143. 

  143.             else
    144. 

  144.             {
    145. 

  145.                 //J +- J
    146. 

  146.                 if( $z > 0 )
    147. 

  147.                     $acc = $acc->add($wnd[($z - 1) >> 1]);
    148. 

  148.                 else
    149. 

  149.                     $acc = $acc->add($wnd[(-$z - 1) >> 1]->neg());
    150. 

  150.             }
    151. 

  151.         }
    152. 

  152.         return $p->type == "affine" ? $acc->toP() : $acc;
    153. 

  153.     }
    154. 

  154. 

  155.     public function _wnafMulAdd($defW, $points, $coeffs, $len, $jacobianResult = false)
    156. 

  156.     {
    157. 

  157.         $wndWidth = &$this->_wnafT1;
    158. 

  158.         $wnd = &$this->_wnafT2;
    159. 

  159.         $naf = &$this->_wnafT3;
    160. 

  160. 

  161.         //Fill all arrays
    162. 

  162.         $max = 0;
    163. 

  163.         for($i = 0; $i < $len; $i++)
    164. 

  164.         {
    165. 

  165.             $p = $points[$i];
    166. 

  166.             $nafPoints = $p->_getNAFPoints($defW);
    167. 

  167.             $wndWidth[$i] = $nafPoints["wnd"];
    168. 

  168.             $wnd[$i] = $nafPoints["points"];
    169. 

  169.         }
    170. 

  170.         //Comb all window NAFs
    171. 

  171.         for($i = $len - 1; $i >= 1; $i -= 2)
    172. 

  172.         {
    173. 

  173.             $a = $i - 1;
    174. 

  174.             $b = $i;
    175. 

  175.             if( $wndWidth[$a] != 1 || $wndWidth[$b] != 1 )
    176. 

  176.             {
    177. 

  177.                 $naf[$a] = Utils::getNAF($coeffs[$a], $wndWidth[$a]);
    178. 

  178.                 $naf[$b] = Utils::getNAF($coeffs[$b], $wndWidth[$b]);
    179. 

  179.                 $max = max(count($naf[$a]), $max);
    180. 

  180.                 $max = max(count($naf[$b]), $max);
    181. 

  181.                 continue;
    182. 

  182.             }
    183. 

  183. 

  184.             $comb = array(
    185. 

  185.                 $points[$a], /* 1 */
    186. 

  186.                 null,        /* 3 */
    187. 

  187.                 null,        /* 5 */
    188. 

  188.                 $points[$b]  /* 7 */
    189. 

  189.             );
    190. 

  190. 

  191.             //Try to avoid Projective points, if possible
    192. 

  192.             if( $points[$a]->y->cmp($points[$b]->y) == 0 )
    193. 

  193.             {
    194. 

  194.                 $comb[1] = $points[$a]->add($points[$b]);
    195. 

  195.                 $comb[2] = $points[$a]->toJ()->mixedAdd($points[$b]->neg());
    196. 

  196.             }
    197. 

  197.             elseif( $points[$a]->y->cmp($points[$b]->y->redNeg()) == 0 )
    198. 

  198.             {
    199. 

  199.                 $comb[1] = $points[$a]->toJ()->mixedAdd($points[$b]);
    200. 

  200.                 $comb[2] = $points[$a]->add($points[$b]->neg());
    201. 

  201.             }
    202. 

  202.             else
    203. 

  203.             {
    204. 

  204.                 $comb[1] = $points[$a]->toJ()->mixedAdd($points[$b]);
    205. 

  205.                 $comb[2] = $points[$a]->toJ()->mixedAdd($points[$b]->neg());
    206. 

  206.             }
    207. 

  207.             
    208. 

  208.             $index = array(
    209. 

  209.                 -3, /* -1 -1 */
    210. 

  210.                 -1, /* -1  0 */
    211. 

  211.                 -5, /* -1  1 */
    212. 

  212.                 -7, /*  0 -1 */
    213. 

  213.                 0,  /*  0  0 */
    214. 

  214.                 7,  /*  0  1 */
    215. 

  215.                 5,  /*  1 -1 */
    216. 

  216.                 1,  /*  1  0 */
    217. 

  217.                 3   /*  1  1 */
    218. 

  218.             );
    219. 

  219. 

  220.             $jsf = Utils::getJSF($coeffs[$a], $coeffs[$b]);
    221. 

  221.             $max = max(count($jsf[0]), $max);
    222. 

  222.             if ($max > 0) {
    223. 

  223.                 $naf[$a] = array_fill(0, $max, 0);
    224. 

  224.                 $naf[$b] = array_fill(0, $max, 0);
    225. 

  225.             } else {
    226. 

  226.                 $naf[$a] = [];
    227. 

  227.                 $naf[$b] = [];
    228. 

  228.             }
    229. 

  229. 

  230.             for($j = 0; $j < $max; $j++)
    231. 

  231.             {
    232. 

  232.                 $ja = isset($jsf[0][$j]) ? $jsf[0][$j] : 0;
    233. 

  233.                 $jb = isset($jsf[1][$j]) ? $jsf[1][$j] : 0;
    234. 

  234. 

  235.                 $naf[$a][$j] = $index[($ja + 1) * 3 + ($jb + 1)];
    236. 

  236.                 $naf[$b][$j] = 0;
    237. 

  237.                 $wnd[$a] = $comb;
    238. 

  238.             }
    239. 

  239.         }
    240. 

  240. 

  241.         $acc = $this->jpoint(null, null, null);
    242. 

  242.         $tmp = &$this->_wnafT4;
    243. 

  243.         for($i = $max; $i >= 0; $i--)
    244. 

  244.         {
    245. 

  245.             $k = 0;
    246. 

  246. 

  247.             while($i >= 0)
    248. 

  248.             {
    249. 

  249.                 $zero = true;
    250. 

  250.                 for($j = 0; $j < $len; $j++)
    251. 

  251.                 {
    252. 

  252.                     $tmp[$j] = isset($naf[$j][$i]) ? $naf[$j][$i] : 0;
    253. 

  253.                     if( $tmp[$j] != 0 )
    254. 

  254.                         $zero = false;
    255. 

  255.                 }
    256. 

  256.                 if( !$zero )
    257. 

  257.                     break;
    258. 

  258.                 $k++;
    259. 

  259.                 $i--;
    260. 

  260.             }
    261. 

  261. 

  262.             if( $i >=0 )
    263. 

  263.                 $k++;
    264. 

  264. 

  265.             $acc = $acc->dblp($k);
    266. 

  266.             if( $i < 0 )
    267. 

  267.                 break;
    268. 

  268. 

  269.             for($j = 0; $j < $len; $j++)
    270. 

  270.             {
    271. 

  271.                 $z = $tmp[$j];
    272. 

  272.                 $p = null;
    273. 

  273.                 if( $z == 0 )
    274. 

  274.                     continue;
    275. 

  275.                 elseif( $z > 0 )
    276. 

  276.                     $p = $wnd[$j][($z - 1) >> 1];
    277. 

  277.                 elseif( $z < 0 )
    278. 

  278.                     $p = $wnd[$j][(-$z - 1) >> 1]->neg();
    279. 

  279. 

  280.                 if( $p->type == "affine" )
    281. 

  281.                     $acc = $acc->mixedAdd($p);
    282. 

  282.                 else
    283. 

  283.                     $acc = $acc->add($p);
    284. 

  284.             }
    285. 

  285.         }
    286. 

  286. 

  287.         //Zeroify references
    288. 

  288.         for($i = 0; $i < $len; $i++)
    289. 

  289.             $wnd[$i] = null;
    290. 

  290. 

  291.         if( $jacobianResult )
    292. 

  292.             return $acc;
    293. 

  293.         else
    294. 

  294.             return $acc->toP();
    295. 

  295.     }
    296. 

  296. 

  297.     public function decodePoint($bytes, $enc = false)
    298. 

  298.     {
    299. 

  299.         $bytes = Utils::toArray($bytes, $enc);
    300. 

  300.         $len = $this->p->byteLength();
    301. 

  301. 

  302.         $count = count($bytes);
    303. 

  303.         //uncompressed, hybrid-odd, hybrid-even
    304. 

  304.         if(($bytes[0] == 0x04 || $bytes[0] == 0x06 || $bytes[0] == 0x07) && ($count - 1) == (2 * $len) )
    305. 

  305.         {
    306. 

  306.             if( $bytes[0] == 0x06 )
    307. 

  307.                 assert($bytes[$count - 1] % 2 == 0);
    308. 

  308.             elseif( $bytes[0] == 0x07 )
    309. 

  309.                 assert($bytes[$count - 1] % 2 == 1);
    310. 

  310. 

  311.             return $this->point(array_slice($bytes, 1, $len), array_slice($bytes, 1 + $len, $len));
    312. 

  312.         }
    313. 

  313. 

  314.         if( ($bytes[0] == 0x02 || $bytes[0] == 0x03) && ($count - 1) == $len )
    315. 

  315.             return $this->pointFromX(array_slice($bytes, 1, $len), $bytes[0] == 0x03);
    316. 

  316. 

  317.         throw new Exception("Unknown point format");
    318. 

  318.     }
    319. 

  319. }
    320. 

  320. 

  321. ?>
    322.