aZ}      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|(c) Marcel Fourn 20[09..]BSD3'Marcel Fourn (haskell@marcelfourne.de) experimentalGoodNone +return the maximum value storable in a Wordreturn the bitSize of a Word5determine the needed storage for a bitlength in Words%a vector of zeros of requested lengthCa vector of zeros of requested length, but least significant word 1Ca vector of zeros of requested length, but least significant word 2Ca vector of zeros of requested length, but least significant word 3)returning the binary length of an IntegerVwe want word w at position i to result in a word to multiply by, eliminating branching    (c) Marcel Fourn 20[09..]BSD3'Marcel Fourn (haskell@marcelfourne.de)alphaGoodNone0 F2 consist of an exact length of meaningful bits and a representation of those bits in a possibly larger Vector of Words | Note: The vectors use small to large indices, but the Data.Word endianness is of no concern as it is hidden by Data.Bits | This results in indices from 0 to l-1 mapped from left to right across Words | Be careful with those indices! The usage of quotRem with them has caused some headache.  (==) on F2  (+) on F2 (+) on F2 modulo p shift on F2}efind index1 of word containing bit i at index2, return (index1,index2), index from 0 to bitlength - 1 testBit on F2~.fill highest bits over official length with 0sLpolynomial reduction, simple scan TODO: idempotent? not right now -> ERROR!(*) on F2 peasants algorithm'(*) on F2, reduced to stay in the fieldsquaring on F2 TODO: optimize?the power function on F2 for positive exponents, reducing earlyinversion of F2 in the fieldsthis is a chunked converter from Integer into eccrypto native format TODO: implement low-level Integer conversion?sthis is a chunked converter from eccrypto native format into Integer TODO: implement low-level Integer conversion? }~    }~(c) Marcel Fourn 20[14..]BSD3'Marcel Fourn (haskell@marcelfourne.de)betaGoodNone#a simple wrapper to ease transitionmost trivial (==) wrapper(+) in the field(+) in the field(-) in the field(-) in the fieldnegation in the field bitshift wrapper!.modular reduction, a simple wrapper around mod"field multiplication, a * b#field multiplication, a * b  p$simple squaring in the field%the power function in the field&field inversion'conversion wrapper with a limit( a most simple conversion wrapper)a testBit wrapper*$like testBit, but give either 0 or 1 !"#$%&'()* !"#$%&'()* "#!$%&'()* !"#$%&'()*(c) Marcel Fourn 20[14..]BSD3'Marcel Fourn (haskell@marcelfourne.de)alphaGoodNoneST6working on exactly 256 bits7the large prime8curve parameter l9curve parameter d:sqrt (-1) on our curve;wrapper for our hash function</the y coordinate of the base point of the curve>#special form of FPrime, no bits set?&special form of FPrime, lowest bit set@$special form of FPrime, all bits setA;recover the x coordinate from the y coordinate and a signumBOconvert a FPrime to a list of FPrimes, each 0 or 1 depending on the inputs bitsCbase point on the curveDscalar additionEQscalar multiplication, branchfree in k, pattern-matched branch on j (length of k)F5check if Point is on the curve, prevents some attacksG/converts 32 little endian bytes into one FPrimeH7converts one FPrime into exactly 32 little endian bytesI,convert a point on the curve to a ByteStringJ,convert a ByteString to a point on the curveKFmultiply the curve base point by a FPrime, giving a point on the curveMSgenerate a new key pair (secret and derived public key) using some external entropyN_generate a new key pair (secret and derived public key) using the supplied randomness-generatorOPsign with secret key the message, resulting in message appended to the signaturePCsign with secret key the message, resulting in a detached signature&+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOP&+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOP&6789:;<=>?@ABCDEFGHIJKL451230/.-,+MNOP#+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOP(c) Marcel Fourn 20[09..14]BSD3'Marcel Fourn (haskell@marcelfourne.de)betaGoodNone%&09;Udata of Elliptic Curve PointsXEall Elliptic Curves, the parameters being the BitLength L, A, B and P[translate point in internal format to a pair of Integers in affine x and y coordinate | this is intended as interface to other libraries\2generic getter, returning the affine x and y-value]4add an elliptic point onto itself, base for padd a a^add 2 elliptic points_="generic" verify, if generic ECP is on EC via getxA and getyA`Point Multiplication. The implementation is a montgomery ladder, which should be timing-attack-resistant (except for caches...)UVWXYZ[\]^_`abcd UVWXYZ[\]^_` XYZUVW\[^]`_ UVWXYZ[\]^_`abcd(c) Marcel Fourn 20[09..14]BSD3'Marcel Fourn (haskell@marcelfourne.de) experimentalGoodNoneebasic ecdh for testingeeee(c) Marcel Fourn 20[09..14]BSD3'Marcel Fourn (haskell@marcelfourne.de) experimentalGoodNone0f$Datatype for defined Standard CurvesvNIST Prime Curve P-192wNIST Prime Curve P-224xNIST Prime Curve P-256yNIST Prime Curve P-384zNIST Prime Curve P-521{NIST Binary Field Curve K-283|NIST Binary Field Curve B-283fghijklmnopqrstuvwxyz{|fghijklmnopqrstuvwxyz{|fghijklmnopqrstuvwxyz{|fghijklmnopqrstuvwxyz{|      !"#$%&'()*+,-../0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUV=?>WXYZ[\\]^_`abcdefghijklmnopqrstuvwx#eccrypto-0.0-JU87zJggZKFGL4GMWGXOAM Crypto.Common Crypto.F2 Crypto.FiCrypto.ECC.Ed25519.EdDSACrypto.ECC.NIST.BaseCrypto.ECC.NIST.ECDHCrypto.ECC.NIST.StandardCurveswordMaxwordSize sizeinWordszeroonetwothreelog2lentestcondF2eqaddaddrshifttestBitredcmulmulrsquarepowinv fromInteger toInteger$fShowF2FPrimesubsubrnegcondBitMessage Signature SecFPrimeSecKey PubKeyPointPubKey VerifyResultSigOKSigBadPointbqldihbyinfnulleinsalleeinsxrecover listofbitsbPointpaddpmulison getFPrime putFPrime pointtobs bstopointkeyPointagenkeys_simplegenkeyssign sign_detached $fEqPoint $fShowPoint$fEqVerifyResult$fShowVerifyResultECPFECPpECPpF2ECECiECbexportaffinepdouble $fShowECPF$fEqECPF$fShowEC$fEqEC basicecdh StandardCurveStandardCurveF2stdc_lstdc_pstdc_rstdc_bstdc_xpstdc_ypstdcF_lstdcF_pstdcF_rstdcF_astdcF_bstdcF_xpstdcF_ypp192p224p256p384p521k283b283 findindex bleachupperbaseGHC.Realmodisinf