aZ}      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|(c) Marcel Fourn 20[09..]BSD3'Marcel Fourn (haskell@marcelfourne.de) experimentalGoodNone +return the maximum value storable in a Wordreturn the bitSize of a Word5determine the needed storage for a bitlength in Words%a vector of zeros of requested lengthCa vector of zeros of requested length, but least significant word 1Ca vector of zeros of requested length, but least significant word 2Ca vector of zeros of requested length, but least significant word 3)returning the binary length of an IntegerVwe want word w at position i to result in a word to multiply by, eliminating branching    (c) Marcel Fourn 20[09..]BSD3'Marcel Fourn (haskell@marcelfourne.de)alphaGoodNone0 F2 consist of an exact length of meaningful bits and a representation of those bits in a possibly larger Vector of Words | Note: The vectors use small to large indices, but the Data.Word endianness is of no concern as it is hidden by Data.Bits | This results in indices from 0 to l-1 mapped from left to right across Words | Be careful with those indices! The usage of quotRem with them has caused some headache.  (==) on F2  (+) on F2 (+) on F2 modulo p shift on F2}efind index1 of word containing bit i at index2, return (index1,index2), index from 0 to bitlength - 1 testBit on F2~.fill highest bits over official length with 0sLpolynomial reduction, simple scan TODO: idempotent? not right now -> ERROR!(*) on F2 peasants algorithm'(*) on F2, reduced to stay in the fieldsquaring on F2 TODO: optimize?the power function on F2 for positive exponents, reducing earlyinversion of F2 in the fieldsthis is a chunked converter from Integer into eccrypto native format TODO: implement low-level Integer conversion?sthis is a chunked converter from eccrypto native format into Integer TODO: implement low-level Integer conversion? }~    }~(c) Marcel Fourn 20[14..]BSD3'Marcel Fourn (haskell@marcelfourne.de)betaGoodNone#a simple wrapper to ease transitionmost trivial (==) wrapper(+) in the field(+) in the field(-) in the field(-) in the fieldnegation in the field bitshift wrapper!.modular reduction, a simple wrapper around mod"field multiplication, a * b#field multiplication, a * b  p$simple squaring in the field%the power function in the field&field inversion'conversion wrapper with a limit( a most simple conversion wrapper)a testBit wrapper*$like testBit, but give either 0 or 1 !"#$%&'()* !"#$%&'()* "#!$%&'()* !"#$%&'()*(c) Marcel Fourn 20[09..14]BSD3'Marcel Fourn (haskell@marcelfourne.de)betaGoodNone%&09;+data of Elliptic Curve Points.Eall Elliptic Curves, the parameters being the BitLength L, A, B and P1translate point in internal format to a pair of Integers in affine x and y coordinate | this is intended as interface to other libraries22generic getter, returning the affine x and y-value34add an elliptic point onto itself, base for padd a a4add 2 elliptic points5="generic" verify, if generic ECP is on EC via getxA and getyA6Point Multiplication. The implementation is a montgomery ladder, which should be timing-attack-resistant (except for caches...)+,-./0123456789: +,-./0123456 ./0+,-214365 +,-./0123456789:(c) Marcel Fourn 20[09..14]BSD3'Marcel Fourn (haskell@marcelfourne.de) experimentalGoodNone;basic ecdh for testing;;;;(c) Marcel Fourn 20[09..14]BSD3'Marcel Fourn (haskell@marcelfourne.de) experimentalGoodNone0<$Datatype for defined Standard CurvesLNIST Prime Curve P-192MNIST Prime Curve P-224NNIST Prime Curve P-256ONIST Prime Curve P-384PNIST Prime Curve P-521QNIST Binary Field Curve K-283RNIST Binary Field Curve B-283<=>?@ABCDEFGHIJKLMNOPQR<=>?@ABCDEFGHIJKLMNOPQR<=>?@ABCDEFGHIJKLMNOPQR<=>?@ABCDEFGHIJKLMNOPQR(c) Marcel Fourn 20[14..]BSD3'Marcel Fourn (haskell@marcelfourne.de)alphaGoodNoneST^working on exactly 256 bits_the large prime`curve parameter lacurve parameter dbsqrt (-1) on our curvecwrapper for our hash functiond/the y coordinate of the base point of the curvef#special form of FPrime, no bits setg&special form of FPrime, lowest bit seth$special form of FPrime, all bits seti;recover the x coordinate from the y coordinate and a signumjOconvert a FPrime to a list of FPrimes, each 0 or 1 depending on the inputs bitskbase point on the curvelscalar additionmQscalar multiplication, branchfree in k, pattern-matched branch on j (length of k)n5check if Point is on the curve, prevents some attackso/converts 32 little endian bytes into one FPrimep7converts one FPrime into exactly 32 little endian bytesq,convert a point on the curve to a ByteStringr,convert a ByteString to a point on the curvesFmultiply the curve base point by a FPrime, giving a point on the curveuSgenerate a new key pair (secret and derived public key) using some external entropyv_generate a new key pair (secret and derived public key) using the supplied randomness-generatorwPsign with secret key the message, resulting in message appended to the signaturexCsign with secret key the message, resulting in a detached signature&STUVWXYZ[\]^_`abcdefghijklmnopqrstuvwx&STUVWXYZ[\]^_`abcdefghijklmnopqrstuvwx&^_`abcdefghijklmnopqrst\]YZ[XWVUTSuvwx#STUVWXYZ[\]^_`abcdefghijklmnopqrstuvwx      !"#$%&'()*+,-./01234566789:;<=>?@ABCDEFGHIJKLMNOPQRSTUUVWXYZ[\]^_`abc.0/defghijklmnopqrstuvwx%eccrypto-0.0.1-KJRoceAx0O9JVY3hVMFG3A Crypto.Common Crypto.F2 Crypto.FiCrypto.ECC.NIST.BaseCrypto.ECC.NIST.ECDHCrypto.ECC.NIST.StandardCurvesCrypto.ECC.Ed25519.EdDSAwordMaxwordSize sizeinWordszeroonetwothreelog2lentestcondF2eqaddaddrshifttestBitredcmulmulrsquarepowinv fromInteger toInteger$fShowF2FPrimesubsubrnegcondBitECPFECPpECPpF2ECECiECbexportaffinepdoublepaddisonpmul $fShowECPF$fEqECPF$fShowEC$fEqEC basicecdh StandardCurveStandardCurveF2stdc_lstdc_pstdc_rstdc_bstdc_xpstdc_ypstdcF_lstdcF_pstdcF_rstdcF_astdcF_bstdcF_xpstdcF_ypp192p224p256p384p521k283b283Message Signature SecFPrimeSecKey PubKeyPointPubKey VerifyResultSigOKSigBadPointbqldihbyinfnulleinsalleeinsxrecover listofbitsbPoint getFPrime putFPrime pointtobs bstopointkeyPointagenkeys_simplegenkeyssign sign_detached $fEqPoint $fShowPoint$fEqVerifyResult$fShowVerifyResult findindex bleachupperbaseGHC.Realmodisinf