http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/ECP2.java ---------------------------------------------------------------------- diff --git a/java64/ECP2.java b/java64/ECP2.java deleted file mode 100755 index b13c12a..0000000 --- a/java64/ECP2.java +++ /dev/null @@ -1,626 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -/* AMCL Weierstrass elliptic curve functions over FP2 */ - -public final class ECP2 { - private FP2 x; - private FP2 y; - private FP2 z; - private boolean INF; - -/* Constructor - set this=O */ - public ECP2() { - INF=true; - x=new FP2(0); - y=new FP2(1); - z=new FP2(1); - } - -/* Test this=O? */ - public boolean is_infinity() { - return INF; - } -/* copy this=P */ - public void copy(ECP2 P) - { - x.copy(P.x); - y.copy(P.y); - z.copy(P.z); - INF=P.INF; - } -/* set this=O */ - public void inf() { - INF=true; - x.zero(); - y.zero(); - z.zero(); - } - -/* Conditional move of Q to P dependant on d */ - public void cmove(ECP2 Q,int d) - { - x.cmove(Q.x,d); - y.cmove(Q.y,d); - z.cmove(Q.z,d); - - boolean bd; - if (d==0) bd=false; - else bd=true; - INF^=(INF^Q.INF)&bd; - } - -/* return 1 if b==c, no branching */ - public static int teq(int b,int c) - { - int x=b^c; - x-=1; // if x=0, x now -1 - return ((x>>31)&1); - } - -/* Constant time select from pre-computed table */ - public void select(ECP2 W[],int b) - { - ECP2 MP=new ECP2(); - int m=b>>31; - int babs=(b^m)-m; - - babs=(babs-1)/2; - - cmove(W[0],teq(babs,0)); // conditional move - cmove(W[1],teq(babs,1)); - cmove(W[2],teq(babs,2)); - cmove(W[3],teq(babs,3)); - cmove(W[4],teq(babs,4)); - cmove(W[5],teq(babs,5)); - cmove(W[6],teq(babs,6)); - cmove(W[7],teq(babs,7)); - - MP.copy(this); - MP.neg(); - cmove(MP,(int)(m&1)); - } - - -/* Test if P == Q */ - public boolean equals(ECP2 Q) { - if (is_infinity() && Q.is_infinity()) return true; - if (is_infinity() || Q.is_infinity()) return false; - - FP2 zs2=new FP2(z); zs2.sqr(); - FP2 zo2=new FP2(Q.z); zo2.sqr(); - FP2 zs3=new FP2(zs2); zs3.mul(z); - FP2 zo3=new FP2(zo2); zo3.mul(Q.z); - zs2.mul(Q.x); - zo2.mul(x); - if (!zs2.equals(zo2)) return false; - zs3.mul(Q.y); - zo3.mul(y); - if (!zs3.equals(zo3)) return false; - - return true; - } -/* set this=-this */ - public void neg() { - if (is_infinity()) return; - y.neg(); y.reduce(); - return; - } -/* set to Affine - (x,y,z) to (x,y) */ - public void affine() { - if (is_infinity()) return; - FP2 one=new FP2(1); - if (z.equals(one)) return; - z.inverse(); - - FP2 z2=new FP2(z); - z2.sqr(); - x.mul(z2); x.reduce(); - y.mul(z2); - y.mul(z); y.reduce(); - z.copy(one); - } -/* extract affine x as FP2 */ - public FP2 getX() - { - affine(); - return x; - } -/* extract affine y as FP2 */ - public FP2 getY() - { - affine(); - return y; - } -/* extract projective x */ - public FP2 getx() - { - return x; - } -/* extract projective y */ - public FP2 gety() - { - return y; - } -/* extract projective z */ - public FP2 getz() - { - return z; - } -/* convert to byte array */ - public void toBytes(byte[] b) - { - byte[] t=new byte[ROM.MODBYTES]; - affine(); - x.getA().toBytes(t); - for (int i=0;i<ROM.MODBYTES;i++) - b[i]=t[i]; - x.getB().toBytes(t); - for (int i=0;i<ROM.MODBYTES;i++) - b[i+ROM.MODBYTES]=t[i]; - - y.getA().toBytes(t); - for (int i=0;i<ROM.MODBYTES;i++) - b[i+2*ROM.MODBYTES]=t[i]; - y.getB().toBytes(t); - for (int i=0;i<ROM.MODBYTES;i++) - b[i+3*ROM.MODBYTES]=t[i]; - } -/* convert from byte array to point */ - public static ECP2 fromBytes(byte[] b) - { - byte[] t=new byte[ROM.MODBYTES]; - BIG ra; - BIG rb; - - for (int i=0;i<ROM.MODBYTES;i++) t[i]=b[i]; - ra=BIG.fromBytes(t); - for (int i=0;i<ROM.MODBYTES;i++) t[i]=b[i+ROM.MODBYTES]; - rb=BIG.fromBytes(t); - FP2 rx=new FP2(ra,rb); - - for (int i=0;i<ROM.MODBYTES;i++) t[i]=b[i+2*ROM.MODBYTES]; - ra=BIG.fromBytes(t); - for (int i=0;i<ROM.MODBYTES;i++) t[i]=b[i+3*ROM.MODBYTES]; - rb=BIG.fromBytes(t); - FP2 ry=new FP2(ra,rb); - - return new ECP2(rx,ry); - } -/* convert this to hex string */ - public String toString() { - if (is_infinity()) return "infinity"; - affine(); - return "("+x.toString()+","+y.toString()+")"; - } - -/* Calculate RHS of twisted curve equation x^3+B/i */ - public static FP2 RHS(FP2 x) { - x.norm(); - FP2 r=new FP2(x); - r.sqr(); - FP2 b=new FP2(new BIG(ROM.CURVE_B)); - b.div_ip(); - r.mul(x); - r.add(b); - - r.reduce(); - return r; - } -/* construct this from (x,y) - but set to O if not on curve */ - public ECP2(FP2 ix,FP2 iy) { - x=new FP2(ix); - y=new FP2(iy); - z=new FP2(1); - FP2 rhs=RHS(x); - FP2 y2=new FP2(y); - y2.sqr(); - if (y2.equals(rhs)) INF=false; - else {x.zero();INF=true;} - } - -/* construct this from x - but set to O if not on curve */ - public ECP2(FP2 ix) { - x=new FP2(ix); - y=new FP2(1); - z=new FP2(1); - FP2 rhs=RHS(x); - if (rhs.sqrt()) - { - y.copy(rhs); - INF=false; - } - else {x.zero();INF=true;} - } - -/* this+=this */ - public int dbl() { - if (INF) return -1; - if (y.iszilch()) - { - inf(); - return -1; - } - - FP2 w1=new FP2(x); - FP2 w2=new FP2(0); - FP2 w3=new FP2(x); - FP2 w8=new FP2(x); - - w1.sqr(); - w8.copy(w1); - w8.imul(3); - - w2.copy(y); w2.sqr(); - w3.copy(x); w3.mul(w2); - w3.imul(4); - w1.copy(w3); w1.neg(); - // w1.norm(); - - x.copy(w8); x.sqr(); - x.add(w1); - x.add(w1); - x.norm(); - - z.mul(y); - z.add(z); - - w2.add(w2); - w2.sqr(); - w2.add(w2); - w3.sub(x); - y.copy(w8); y.mul(w3); - // w2.norm(); - y.sub(w2); - - y.norm(); - z.norm(); - - return 1; - } -/* this+=Q - return 0 for add, 1 for double, -1 for O */ - public int add(ECP2 Q) { - if (INF) - { - copy(Q); - return -1; - } - if (Q.INF) return -1; - - boolean aff=false; - - if (Q.z.isunity()) aff=true; - - FP2 A,C; - FP2 B=new FP2(z); - FP2 D=new FP2(z); - if (!aff) - { - A=new FP2(Q.z); - C=new FP2(Q.z); - - A.sqr(); B.sqr(); - C.mul(A); D.mul(B); - - A.mul(x); - C.mul(y); - } - else - { - A=new FP2(x); - C=new FP2(y); - - B.sqr(); - D.mul(B); - } - - B.mul(Q.x); B.sub(A); - D.mul(Q.y); D.sub(C); - - if (B.iszilch()) - { - if (D.iszilch()) - { - dbl(); - return 1; - } - else - { - INF=true; - return -1; - } - } - - if (!aff) z.mul(Q.z); - z.mul(B); - - FP2 e=new FP2(B); e.sqr(); - B.mul(e); - A.mul(e); - - e.copy(A); - e.add(A); e.add(B); - x.copy(D); x.sqr(); x.sub(e); - - A.sub(x); - y.copy(A); y.mul(D); - C.mul(B); y.sub(C); - - x.norm(); - y.norm(); - z.norm(); - - return 0; - } - -/* set this-=Q */ - public int sub(ECP2 Q) { - Q.neg(); - int D=add(Q); - Q.neg(); - return D; - } -/* set this*=q, where q is Modulus, using Frobenius */ - public void frob(FP2 X) - { - if (INF) return; - FP2 X2=new FP2(X); - X2.sqr(); - x.conj(); - y.conj(); - z.conj(); - z.reduce(); - x.mul(X2); - y.mul(X2); - y.mul(X); - } - -/* normalises m-array of ECP2 points. Requires work vector of m FP2s */ - - public static void multiaffine(int m,ECP2[] P) - { - int i; - FP2 t1=new FP2(0); - FP2 t2=new FP2(0); - - FP2[] work=new FP2[m]; - work[0]=new FP2(1); - work[1]=new FP2(P[0].z); - for (i=2;i<m;i++) - { - work[i]=new FP2(work[i-1]); - work[i].mul(P[i-1].z); - } - - t1.copy(work[m-1]); t1.mul(P[m-1].z); - - t1.inverse(); - - t2.copy(P[m-1].z); - work[m-1].mul(t1); - - for (i=m-2;;i--) - { - if (i==0) - { - work[0].copy(t1); - work[0].mul(t2); - break; - } - work[i].mul(t2); - work[i].mul(t1); - t2.mul(P[i].z); - } -/* now work[] contains inverses of all Z coordinates */ - - for (i=0;i<m;i++) - { - P[i].z.one(); - t1.copy(work[i]); t1.sqr(); - P[i].x.mul(t1); - t1.mul(work[i]); - P[i].y.mul(t1); - } - } - -/* P*=e */ - public ECP2 mul(BIG e) - { -/* fixed size windows */ - int i,b,nb,m,s,ns; - BIG mt=new BIG(); - BIG t=new BIG(); - ECP2 P=new ECP2(); - ECP2 Q=new ECP2(); - ECP2 C=new ECP2(); - ECP2[] W=new ECP2[8]; - byte[] w=new byte[1+(ROM.NLEN*ROM.BASEBITS+3)/4]; - - if (is_infinity()) return new ECP2(); - - affine(); - -/* precompute table */ - Q.copy(this); - Q.dbl(); - W[0]=new ECP2(); - W[0].copy(this); - - for (i=1;i<8;i++) - { - W[i]=new ECP2(); - W[i].copy(W[i-1]); - W[i].add(Q); - } - -/* convert the table to affine */ - - multiaffine(8,W); - -/* make exponent odd - add 2P if even, P if odd */ - t.copy(e); - s=t.parity(); - t.inc(1); t.norm(); ns=t.parity(); mt.copy(t); mt.inc(1); mt.norm(); - t.cmove(mt,s); - Q.cmove(this,ns); - C.copy(Q); - - nb=1+(t.nbits()+3)/4; -/* convert exponent to signed 4-bit window */ - for (i=0;i<nb;i++) - { - w[i]=(byte)(t.lastbits(5)-16); - t.dec(w[i]); t.norm(); - t.fshr(4); - } - w[nb]=(byte)t.lastbits(5); - - P.copy(W[(w[nb]-1)/2]); - for (i=nb-1;i>=0;i--) - { - Q.select(W,w[i]); - P.dbl(); - P.dbl(); - P.dbl(); - P.dbl(); - P.add(Q); - } - P.sub(C); - P.affine(); - return P; - } - -/* P=u0.Q0+u1*Q1+u2*Q2+u3*Q3 */ - public static ECP2 mul4(ECP2[] Q,BIG[] u) - { - int i,j,nb; - int[] a=new int[4]; - ECP2 T=new ECP2(); - ECP2 C=new ECP2(); - ECP2 P=new ECP2(); - ECP2[] W=new ECP2[8]; - - BIG mt=new BIG(); - BIG[] t=new BIG[4]; - - byte[] w=new byte[ROM.NLEN*ROM.BASEBITS+1]; - - for (i=0;i<4;i++) - { - t[i]=new BIG(u[i]); - Q[i].affine(); - } - -/* precompute table */ - - W[0]=new ECP2(); W[0].copy(Q[0]); W[0].sub(Q[1]); - W[1]=new ECP2(); W[1].copy(W[0]); - W[2]=new ECP2(); W[2].copy(W[0]); - W[3]=new ECP2(); W[3].copy(W[0]); - W[4]=new ECP2(); W[4].copy(Q[0]); W[4].add(Q[1]); - W[5]=new ECP2(); W[5].copy(W[4]); - W[6]=new ECP2(); W[6].copy(W[4]); - W[7]=new ECP2(); W[7].copy(W[4]); - T.copy(Q[2]); T.sub(Q[3]); - W[1].sub(T); - W[2].add(T); - W[5].sub(T); - W[6].add(T); - T.copy(Q[2]); T.add(Q[3]); - W[0].sub(T); - W[3].add(T); - W[4].sub(T); - W[7].add(T); - - multiaffine(8,W); - -/* if multiplier is even add 1 to multiplier, and add P to correction */ - mt.zero(); C.inf(); - for (i=0;i<4;i++) - { - if (t[i].parity()==0) - { - t[i].inc(1); t[i].norm(); - C.add(Q[i]); - } - mt.add(t[i]); mt.norm(); - } - - nb=1+mt.nbits(); - -/* convert exponent to signed 1-bit window */ - for (j=0;j<nb;j++) - { - for (i=0;i<4;i++) - { - a[i]=(byte)(t[i].lastbits(2)-2); - t[i].dec(a[i]); t[i].norm(); - t[i].fshr(1); - } - w[j]=(byte)(8*a[0]+4*a[1]+2*a[2]+a[3]); - } - w[nb]=(byte)(8*t[0].lastbits(2)+4*t[1].lastbits(2)+2*t[2].lastbits(2)+t[3].lastbits(2)); - - P.copy(W[(w[nb]-1)/2]); - for (i=nb-1;i>=0;i--) - { - T.select(W,w[i]); - P.dbl(); - P.add(T); - } - P.sub(C); /* apply correction */ - - P.affine(); - return P; - } - - -/* - public static void main(String[] args) { - BIG r=new BIG(ROM.Modulus); - - BIG Pxa=new BIG(ROM.CURVE_Pxa); - BIG Pxb=new BIG(ROM.CURVE_Pxb); - BIG Pya=new BIG(ROM.CURVE_Pya); - BIG Pyb=new BIG(ROM.CURVE_Pyb); - - BIG Fra=new BIG(ROM.CURVE_Fra); - BIG Frb=new BIG(ROM.CURVE_Frb); - - FP2 f=new FP2(Fra,Frb); - - FP2 Px=new FP2(Pxa,Pxb); - FP2 Py=new FP2(Pya,Pyb); - - ECP2 P=new ECP2(Px,Py); - - System.out.println("P= "+P.toString()); - - P=P.mul(r); - System.out.println("P= "+P.toString()); - - ECP2 Q=new ECP2(Px,Py); - Q.frob(f); - System.out.println("Q= "+Q.toString()); - - - } */ - - -}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/FF.java ---------------------------------------------------------------------- diff --git a/java64/FF.java b/java64/FF.java deleted file mode 100755 index 2e06a52..0000000 --- a/java64/FF.java +++ /dev/null @@ -1,974 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -/* Large Finite Field arithmetic */ -/* AMCL mod p functions */ - -public final class FF { - private final BIG[] v; - private final int length; - - private static final int P_MBITS=ROM.MODBYTES*8; - private static final int P_MB=(P_MBITS%ROM.BASEBITS); - private static final long P_OMASK=((long)(-1)<<(P_MBITS%ROM.BASEBITS)); - private static final long P_FEXCESS=((long)1<<(ROM.BASEBITS*ROM.NLEN-P_MBITS)); - private static final int P_TBITS=(P_MBITS%ROM.BASEBITS); - - public long P_EXCESS() - { - return ((v[length-1].get(ROM.NLEN-1)&P_OMASK)>>(P_MB)); - } - -/* Constructors */ - public FF(int n) - { - v=new BIG[n]; - for (int i=0;i<n;i++) - v[i]=new BIG(0); - length=n; - } - - public FF(long [][] x,int n) - { - v=new BIG[n]; - for (int i=0;i<n;i++) - v[i]=new BIG(x[i]); - length=n; - } - - public int getlen() - { - return length; - } - -/* set to integer */ - public void set(int m) - { - zero(); - v[0].set(0,(long)m); - } - -/* copy from FF b */ - public void copy(FF b) - { - for (int i=0;i<length;i++) - { - v[i].copy(b.v[i]); - } - } - -/* x=y<<n */ - public void dsucopy(FF b) - { - for (int i=0;i<b.length;i++) - { - v[b.length+i].copy(b.v[i]); - v[i].zero(); - } - } - -/* x=y */ - public void dscopy(FF b) - { - for (int i=0;i<b.length;i++) - { - v[i].copy(b.v[i]); - v[b.length+i].zero(); - } - } - -/* x=y>>n */ - public void sducopy(FF b) - { - for (int i=0;i<length;i++) - { - v[i].copy(b.v[length+i]); - } - } - -/* set to zero */ - public void zero() - { - for (int i=0;i<length;i++) - { - v[i].zero(); - } - } - - public void one() - { - v[0].one(); - for (int i=1;i<length;i++) - { - v[i].zero(); - } - } - -/* test equals 0 */ - public boolean iszilch() - { - for (int i=0;i<length;i++) - { - if (!v[i].iszilch()) return false; - } - return true; - } - -/* shift right by 256-bit words */ - public void shrw(int n) - { - for (int i=0;i<n;i++) - { - v[i].copy(v[i+n]); - v[i+n].zero(); - } - } - -/* shift left by 256-bit words */ - public void shlw(int n) - { - for (int i=0;i<n;i++) - { - v[n+i].copy(v[i]); - v[i].zero(); - } - } - -/* extract last bit */ - public int parity() - { - return v[0].parity(); - } - - public int lastbits(int m) - { - return v[0].lastbits(m); - } - -/* compare x and y - must be normalised, and of same length */ - public static int comp(FF a,FF b) - { - int i,j; - for (i=a.length-1;i>=0;i--) - { - j=BIG.comp(a.v[i],b.v[i]); - if (j!=0) return j; - } - return 0; - } - -/* recursive add */ - public void radd(int vp,FF x,int xp,FF y,int yp,int n) - { - for (int i=0;i<n;i++) - { - v[vp+i].copy(x.v[xp+i]); - v[vp+i].add(y.v[yp+i]); - } - } - -/* recursive inc */ - public void rinc(int vp,FF y,int yp,int n) - { - for (int i=0;i<n;i++) - { - v[vp+i].add(y.v[yp+i]); - } - } - -/* recursive sub */ - public void rsub(int vp,FF x,int xp,FF y,int yp,int n) - { - for (int i=0;i<n;i++) - { - v[vp+i].copy(x.v[xp+i]); - v[vp+i].sub(y.v[yp+i]); - } - } - -/* recursive dec */ - public void rdec(int vp,FF y,int yp,int n) - { - for (int i=0;i<n;i++) - { - v[vp+i].sub(y.v[yp+i]); - } - } - -/* simple add */ - public void add(FF b) - { - for (int i=0;i<length;i++) - v[i].add(b.v[i]); - } - -/* simple sub */ - public void sub(FF b) - { - for (int i=0;i<length;i++) - v[i].sub(b.v[i]); - } - -/* reverse sub */ - public void revsub(FF b) - { - for (int i=0;i<length;i++) - v[i].rsub(b.v[i]); - } - -/* increment/decrement by a small integer */ - public void inc(int m) - { - v[0].inc(m); - norm(); - } - - public void dec(int m) - { - v[0].dec(m); - norm(); - } - - /* normalise - but hold any overflow in top part unless n<0 */ - private void rnorm(int vp,int n) - { - boolean trunc=false; - int i; - long carry; - if (n<0) - { /* -v n signals to do truncation */ - n=-n; - trunc=true; - } - for (i=0;i<n-1;i++) - { - carry=v[vp+i].norm(); - v[vp+i].xortop(carry<<P_TBITS); - v[vp+i+1].inc((int)carry); - } - carry=v[vp+n-1].norm(); - if (trunc) - v[vp+n-1].xortop(carry<<P_TBITS); - - } - - public void norm() - { - rnorm(0,length); - } - -/* shift left by one bit */ - public void shl() - { - int i,delay_carry=0; - long carry; - for (i=0;i<length-1;i++) - { - carry=v[i].fshl(1); - v[i].inc(delay_carry); - v[i].xortop(carry<<P_TBITS); - delay_carry=(int)carry; - } - v[length-1].fshl(1); - v[length-1].inc(delay_carry); - } - -/* shift right by one bit */ - - public void shr() - { - int i; - long carry; - for (i=length-1;i>0;i--) - { - carry=v[i].fshr(1); - v[i-1].ortop(carry<<P_TBITS); - } - v[0].fshr(1); - } - -/* Convert to Hex String */ - public String toString() - { - norm(); - String s=""; - for (int i=length-1;i>=0;i--) - { - s+=v[i].toString(); - } - return s; - } - -/* Convert FFs to/from byte arrays */ - public void toBytes(byte[] b) - { - for (int i=0;i<length;i++) - { - v[i].tobytearray(b,(length-i-1)*ROM.MODBYTES); - } - } - - public static void fromBytes(FF x,byte[] b) - { - for (int i=0;i<x.length;i++) - { - x.v[i]=BIG.frombytearray(b,(x.length-i-1)*ROM.MODBYTES); - } - } - -/* in-place swapping using xor - side channel resistant - lengths must be the same */ - private static void cswap(FF a,FF b,int d) - { - for (int i=0;i<a.length;i++) - { - // BIG.cswap(a.v[i],b.v[i],d); - a.v[i].cswap(b.v[i],d); - } - } - -/* z=x*y, t is workspace */ - private void karmul(int vp,FF x,int xp,FF y,int yp,FF t,int tp,int n) - { - int nd2; - if (n==1) - { - DBIG d=BIG.mul(x.v[xp],y.v[yp]); - v[vp+1]=d.split(8*ROM.MODBYTES); - v[vp].copy(d); - return; - } - nd2=n/2; - radd(vp,x,xp,x,xp+nd2,nd2); - //rnorm(vp,nd2); - radd(vp+nd2,y,yp,y,yp+nd2,nd2); - //rnorm(vp+nd2,nd2); - t.karmul(tp,this,vp,this,vp+nd2,t,tp+n,nd2); - karmul(vp,x,xp,y,yp,t,tp+n,nd2); - karmul(vp+n,x,xp+nd2,y,yp+nd2,t,tp+n,nd2); - t.rdec(tp,this,vp,n); - t.rdec(tp,this,vp+n,n); - rinc(vp+nd2,t,tp,n); - rnorm(vp,2*n); - } - - private void karsqr(int vp,FF x,int xp,FF t,int tp,int n) - { - int nd2; - if (n==1) - { - DBIG d=BIG.sqr(x.v[xp]); - v[vp+1].copy(d.split(8*ROM.MODBYTES)); - v[vp].copy(d); - return; - } - - nd2=n/2; - karsqr(vp,x,xp,t,tp+n,nd2); - karsqr(vp+n,x,xp+nd2,t,tp+n,nd2); - t.karmul(tp,x,xp,x,xp+nd2,t,tp+n,nd2); - rinc(vp+nd2,t,tp,n); - rinc(vp+nd2,t,tp,n); - rnorm(vp+nd2,n); - } - - - private void karmul_lower(int vp,FF x,int xp,FF y,int yp,FF t,int tp,int n) - { /* Calculates Least Significant bottom half of x*y */ - int nd2; - if (n==1) - { /* only calculate bottom half of product */ - v[vp].copy(BIG.smul(x.v[xp],y.v[yp])); - return; - } - nd2=n/2; - - karmul(vp,x,xp,y,yp,t,tp+n,nd2); - t.karmul_lower(tp,x,xp+nd2,y,yp,t,tp+n,nd2); - rinc(vp+nd2,t,tp,nd2); - t.karmul_lower(tp,x,xp,y,yp+nd2,t,tp+n,nd2); - rinc(vp+nd2,t,tp,nd2); - rnorm(vp+nd2,-nd2); /* truncate it */ - } - - private void karmul_upper(FF x,FF y,FF t,int n) - { /* Calculates Most Significant upper half of x*y, given lower part */ - int nd2; - - nd2=n/2; - radd(n,x,0,x,nd2,nd2); - radd(n+nd2,y,0,y,nd2,nd2); - - t.karmul(0,this,n+nd2,this,n,t,n,nd2); /* t = (a0+a1)(b0+b1) */ - karmul(n,x,nd2,y,nd2,t,n,nd2); /* z[n]= a1*b1 */ - /* z[0-nd2]=l(a0b0) z[nd2-n]= h(a0b0)+l(t)-l(a0b0)-l(a1b1) */ - t.rdec(0,this,n,n); /* t=t-a1b1 */ - rinc(nd2,this,0,nd2); /* z[nd2-n]+=l(a0b0) = h(a0b0)+l(t)-l(a1b1) */ - rdec(nd2,t,0,nd2); /* z[nd2-n]=h(a0b0)+l(t)-l(a1b1)-l(t-a1b1)=h(a0b0) */ - rnorm(0,-n); /* a0b0 now in z - truncate it */ - t.rdec(0,this,0,n); /* (a0+a1)(b0+b1) - a0b0 */ - rinc(nd2,t,0,n); - - rnorm(nd2,n); - } - - /* z=x*y. Assumes x and y are of same length. */ - public static FF mul(FF x,FF y) - { - int n=x.length; - FF z=new FF(2*n); - FF t=new FF(2*n); - z.karmul(0,x,0,y,0,t,0,n); - return z; - } - -/* return low part of product this*y */ - public void lmul(FF y) - { - int n=length; - FF t=new FF(2*n); - FF x=new FF(n); x.copy(this); - karmul_lower(0,x,0,y,0,t,0,n); - } - -/* Set b=b mod c */ - public void mod(FF c) - { - int k=0; - - norm(); - if (comp(this,c)<0) - return; - do - { - c.shl(); - k++; - } while (comp(this,c)>=0); - - while (k>0) - { - c.shr(); - if (comp(this,c)>=0) - { - sub(c); - norm(); - } - k--; - } - } - - /* z=x^2 */ - public static FF sqr(FF x) - { - int n=x.length; - FF z=new FF(2*n); - FF t=new FF(2*n); - z.karsqr(0,x,0,t,0,n); - return z; - } - -/* return This mod modulus, N is modulus, ND is Montgomery Constant */ - public FF reduce(FF N,FF ND) - { /* fast karatsuba Montgomery reduction */ - int n=N.length; - FF t=new FF(2*n); - FF r=new FF(n); - FF m=new FF(n); - - r.sducopy(this); - m.karmul_lower(0,this,0,ND,0,t,0,n); - karmul_upper(N,m,t,n); - m.sducopy(this); - - r.add(N); - r.sub(m); - r.norm(); - - return r; - - } - -/* Set r=this mod b */ -/* this is of length - 2*n */ -/* r,b is of length - n */ - public FF dmod(FF b) - { - int k,n=b.length; - FF m=new FF(2*n); - FF x=new FF(2*n); - FF r=new FF(n); - - x.copy(this); - x.norm(); - m.dsucopy(b); k=256*n; - - while (k>0) - { - m.shr(); - - if (comp(x,m)>=0) - { - x.sub(m); - x.norm(); - } - k--; - } - - r.copy(x); - r.mod(b); - return r; - } - -/* Set return=1/this mod p. Binary method - a<p on entry */ - - public void invmodp(FF p) - { - int n=p.length; - - FF u=new FF(n); - FF v=new FF(n); - FF x1=new FF(n); - FF x2=new FF(n); - FF t=new FF(n); - FF one=new FF(n); - - one.one(); - u.copy(this); - v.copy(p); - x1.copy(one); - x2.zero(); - - // reduce n in here as well! - while (comp(u,one)!=0 && comp(v,one)!=0) - { - while (u.parity()==0) - { - u.shr(); - if (x1.parity()!=0) - { - x1.add(p); - x1.norm(); - } - x1.shr(); - } - while (v.parity()==0) - { - v.shr(); - if (x2.parity()!=0) - { - x2.add(p); - x2.norm(); - } - x2.shr(); - } - if (comp(u,v)>=0) - { - - u.sub(v); - u.norm(); - if (comp(x1,x2)>=0) x1.sub(x2); - else - { - t.copy(p); - t.sub(x2); - x1.add(t); - } - x1.norm(); - } - else - { - v.sub(u); - v.norm(); - if (comp(x2,x1)>=0) x2.sub(x1); - else - { - t.copy(p); - t.sub(x1); - x2.add(t); - } - x2.norm(); - } - } - if (comp(u,one)==0) - copy(x1); - else - copy(x2); - } - -/* nresidue mod m */ - public void nres(FF m) - { - int n=m.length; - FF d=new FF(2*n); - d.dsucopy(this); - copy(d.dmod(m)); - } - - public void redc(FF m,FF ND) - { - int n=m.length; - FF d=new FF(2*n); - mod(m); - d.dscopy(this); - copy(d.reduce(m,ND)); - mod(m); - } - - private void mod2m(int m) - { - for (int i=m;i<length;i++) - v[i].zero(); - } - - /* U=1/a mod 2^m - Arazi & Qi */ - private FF invmod2m() - { - int i,n=length; - - FF b=new FF(n); - FF c=new FF(n); - FF U=new FF(n); - - FF t; - - U.zero(); - U.v[0].copy(v[0]); - U.v[0].invmod2m(); - - for (i=1;i<n;i<<=1) - { - b.copy(this); b.mod2m(i); - t=mul(U,b); t.shrw(i); b.copy(t); - c.copy(this); c.shrw(i); c.mod2m(i); - c.lmul(U); c.mod2m(i); - - b.add(c); b.norm(); - b.lmul(U); b.mod2m(i); - - c.one(); c.shlw(i); b.revsub(c); b.norm(); - b.shlw(i); - U.add(b); - } - U.norm(); - return U; - } - - public void random(RAND rng) - { - int n=length; - for (int i=0;i<n;i++) - { - v[i].copy(BIG.random(rng)); - } - /* make sure top bit is 1 */ - while (v[n-1].nbits()<ROM.MODBYTES*8) v[n-1].copy(BIG.random(rng)); - } - - /* generate random x */ - public void randomnum(FF p,RAND rng) - { - int n=length; - FF d=new FF(2*n); - - for (int i=0;i<2*n;i++) - { - d.v[i].copy(BIG.random(rng)); - } - copy(d.dmod(p)); - } - - /* this*=y mod p */ - public void modmul(FF y,FF p,FF nd) - { - //FF d=new FF(2*p.length); - long ex=P_EXCESS(); - long ey=y.P_EXCESS(); - if ((ex+1)*(ey+1)+1>=P_FEXCESS) mod(p); - FF d=mul(this,y); - copy(d.reduce(p,nd)); - } - - /* this*=y mod p */ - public void modsqr(FF p,FF nd) - { - //FF d=new FF(2*p.length); - long ex=P_EXCESS(); - if ((ex+1)*(ex+1)+1>=P_FEXCESS) mod(p); - FF d=sqr(this); - copy(d.reduce(p,nd)); - } - - /* this=this^e mod p using side-channel resistant Montgomery Ladder, for large e */ - public void skpow(FF e,FF p) - { - int i,b,n=p.length; - FF R0=new FF(n); - FF R1=new FF(n); - FF ND=p.invmod2m(); - - mod(p); - R0.one(); - R1.copy(this); - R0.nres(p); - R1.nres(p); - - for (i=8*ROM.MODBYTES*n-1;i>=0;i--) - { - b=e.v[i/256].bit(i%256); - copy(R0); - modmul(R1,p,ND); - - cswap(R0,R1,b); - R0.modsqr(p,ND); - - R1.copy(this); - cswap(R0,R1,b); - } - copy(R0); - redc(p,ND); - } - - /* this =this^e mod p using side-channel resistant Montgomery Ladder, for short e */ - public void skpow(BIG e,FF p) - { - int i,b,n=p.length; - FF R0=new FF(n); - FF R1=new FF(n); - FF ND=p.invmod2m(); - - mod(p); - R0.one(); - R1.copy(this); - R0.nres(p); - R1.nres(p); - - for (i=8*ROM.MODBYTES-1;i>=0;i--) - { - b=e.bit(i); - copy(R0); - modmul(R1,p,ND); - - cswap(R0,R1,b); - R0.modsqr(p,ND); - - R1.copy(this); - cswap(R0,R1,b); - } - copy(R0); - redc(p,ND); - } - - /* raise to an integer power - right-to-left method */ - public void power(int e,FF p) - { - int n=p.length; - FF w=new FF(n); - FF ND=p.invmod2m(); - boolean f=true; - - w.copy(this); - w.nres(p); - - if (e==2) - { - copy(w); - modsqr(p,ND); - } - else for (; ; ) - { - if (e%2==1) - { - if (f) copy(w); - else modmul(w,p,ND); - f=false; - } - e>>=1; - if (e==0) break; - w.modsqr(p,ND); - } - redc(p,ND); - } - - /* this=this^e mod p, faster but not side channel resistant */ - public void pow(FF e,FF p) - { - int i,b,n=p.length; - FF w=new FF(n); - FF ND=p.invmod2m(); - - w.copy(this); - one(); - nres(p); - w.nres(p); - for (i=8*ROM.MODBYTES*n-1;i>=0;i--) - { - modsqr(p,ND); - b=e.v[i/256].bit(i%256); - if (b==1) modmul(w,p,ND); - } - redc(p,ND); - } - - /* double exponentiation r=x^e.y^f mod p */ - public void pow2(BIG e,FF y,BIG f,FF p) - { - int i,eb,fb,n=p.length; - FF xn=new FF(n); - FF yn=new FF(n); - FF xy=new FF(n); - FF ND=p.invmod2m(); - - xn.copy(this); - yn.copy(y); - xn.nres(p); - yn.nres(p); - xy.copy(xn); xy.modmul(yn,p,ND); - one(); - nres(p); - - for (i=8*ROM.MODBYTES-1;i>=0;i--) - { - eb=e.bit(i); - fb=f.bit(i); - modsqr(p,ND); - if (eb==1) - { - if (fb==1) modmul(xy,p,ND); - else modmul(xn,p,ND); - } - else - { - if (fb==1) modmul(yn,p,ND); - } - } - redc(p,ND); - } - - private static int igcd(int x,int y) - { /* integer GCD, returns GCD of x and y */ - int r; - if (y==0) return x; - while ((r=x%y)!=0) - {x=y;y=r;} - return y; - } - - /* quick and dirty check for common factor with n */ - public boolean cfactor(int s) - { - int r,n=length; - int g; - - FF x=new FF(n); - FF y=new FF(n); - - y.set(s); - x.copy(this); - x.norm(); - - do - { - x.sub(y); - x.norm(); - while (!x.iszilch() && x.parity()==0) x.shr(); - } - while (comp(x,y)>0); - - g=(int)x.v[0].get(0); - r=igcd(s,g); - if (r>1) return true; - return false; - } - - /* Miller-Rabin test for primality. Slow. */ - public static boolean prime(FF p,RAND rng) - { - int i,j,s=0,n=p.length; - boolean loop; - FF d=new FF(n); - FF x=new FF(n); - FF unity=new FF(n); - FF nm1=new FF(n); - - int sf=4849845; /* 3*5*.. *19 */ - p.norm(); - - if (p.cfactor(sf)) return false; - unity.one(); - nm1.copy(p); - nm1.sub(unity); - nm1.norm(); - d.copy(nm1); - - while (d.parity()==0) - { - d.shr(); - s++; - } - if (s==0) return false; - for (i=0;i<10;i++) - { - x.randomnum(p,rng); - x.pow(d,p); - if (comp(x,unity)==0 || comp(x,nm1)==0) continue; - loop=false; - for (j=1;j<s;j++) - { - x.power(2,p); - if (comp(x,unity)==0) return false; - if (comp(x,nm1)==0) {loop=true; break;} - } - if (loop) continue; - return false; - } - return true; - } - -/* - public static final long[][] P ={{0xAD19A781670957L,0x76A79C00965796L,0xDEFCC5FC9A9717L,0xF02F2940E20E9L,0xBF59E34FL},{0x6894F31844C908L,0x8DADA70E82C79FL,0xFD29F3836046F6L,0x8C1D874D314DD0L,0x46D077BL},{0x3C515217813331L,0x56680FD1CE935BL,0xE55C53EEA8838EL,0x92C2F7E14A4A95L,0xD945E5B1L},{0xACF673E919F5EFL,0x6723E7E7DAB446L,0x6B6FA69B36EB1BL,0xF7D13920ECA300L,0xB5FC2165L}}; - - public static void main(String[] args) { - byte[] raw=new byte[100]; - RAND rng=new RAND(); - - rng.clean(); - for (int i=0;i<100;i++) raw[i]=(byte)i; - - rng.seed(100,raw); - - int n=4; - - FF x=new FF(n); - x.set(3); - - FF p=new FF(P,n); - - if (prime(p,rng)) System.out.println("p is a prime"); - - FF e=new FF(n); - e.copy(p); - e.dec(1); e.norm(); - - System.out.println("e= "+e.toString()); - - x.skpow(e,p); - System.out.println("x= "+x.toString()); - - } */ - -} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/FP.java ---------------------------------------------------------------------- diff --git a/java64/FP.java b/java64/FP.java deleted file mode 100755 index ab99c13..0000000 --- a/java64/FP.java +++ /dev/null @@ -1,324 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -/* Finite Field arithmetic */ -/* AMCL mod p functions */ - -public final class FP { - private final BIG x; - private static BIG p=new BIG(ROM.Modulus); - -/* Constructors */ - public FP(int a) - { - x=new BIG(a); - nres(); - } - - public FP(BIG a) - { - x=new BIG(a); - nres(); - } - - public FP(FP a) - { - x=new BIG(a.x); - } - -/* convert to string */ - public String toString() - { - String s=redc().toString(); - return s; - } - - public String toRawString() - { - String s=x.toRawString(); - return s; - } - -/* convert to Montgomery n-residue form */ - public void nres() - { - if (ROM.MODTYPE!=ROM.PSEUDO_MERSENNE) - { - DBIG d=new DBIG(x); - d.shl(ROM.NLEN*ROM.BASEBITS); - x.copy(d.mod(p)); - } - } - -/* convert back to regular form */ - public BIG redc() - { - if (ROM.MODTYPE!=ROM.PSEUDO_MERSENNE) - { - DBIG d=new DBIG(x); - return BIG.mod(d); - } - else - { - BIG r=new BIG(x); - return r; - } - } - -/* test this=0? */ - public boolean iszilch() { - reduce(); - return x.iszilch(); - } - -/* copy from FP b */ - public void copy(FP b) - { - x.copy(b.x); - } - -/* set this=0 */ - public void zero() - { - x.zero(); - } - -/* set this=1 */ - public void one() - { - x.one(); nres(); - } - -/* normalise this */ - public void norm() - { - x.norm(); - } - -/* swap FPs depending on d */ - public void cswap(FP b,int d) - { - x.cswap(b.x,d); - } - -/* copy FPs depending on d */ - public void cmove(FP b,int d) - { - x.cmove(b.x,d); - } - -/* this*=b mod Modulus */ - public void mul(FP b) - { - long ea=BIG.EXCESS(x); - long eb=BIG.EXCESS(b.x); - - if ((ea+1)*(eb+1)+1>=ROM.FEXCESS) reduce(); - - DBIG d=BIG.mul(x,b.x); - x.copy(BIG.mod(d)); - } - -/* this*=c mod Modulus, where c is a small int */ - public void imul(int c) - { - norm(); - boolean s=false; - if (c<0) - { - c=-c; - s=true; - } - long afx=(BIG.EXCESS(x)+1)*(c+1)+1; - if (c<ROM.NEXCESS && afx<ROM.FEXCESS) - { - x.imul(c); - } - else - { - if (afx<ROM.FEXCESS) x.pmul(c); - else - { - DBIG d=x.pxmul(c); - x.copy(d.mod(p)); - } - } - if (s) neg(); - norm(); - } - - -/* this*=this mod Modulus */ - public void sqr() - { - DBIG d; - long ea=BIG.EXCESS(x); - if ((ea+1)*(ea+1)+1>=ROM.FEXCESS) - reduce(); - - d=BIG.sqr(x); - x.copy(BIG.mod(d)); - } - -/* this+=b */ - public void add(FP b) { - x.add(b.x); - if (BIG.EXCESS(x)+2>=ROM.FEXCESS) reduce(); - } - -/* this = -this mod Modulus */ - public void neg() - { - int sb; - long ov; - BIG m=new BIG(p); - - norm(); - - ov=BIG.EXCESS(x); - sb=1; while(ov!=0) {sb++;ov>>=1;} - - m.fshl(sb); - x.rsub(m); - - if (BIG.EXCESS(x)>=ROM.FEXCESS) reduce(); - } - -/* this-=b */ - public void sub(FP b) - { - FP n=new FP(b); - n.neg(); - this.add(n); - } - -/* this/=2 mod Modulus */ - public void div2() - { - x.norm(); - if (x.parity()==0) - x.fshr(1); - else - { - x.add(p); - x.norm(); - x.fshr(1); - } - } - -/* this=1/this mod Modulus */ - public void inverse() - { - BIG r=redc(); - r.invmodp(p); - x.copy(r); - nres(); - } - -/* return TRUE if this==a */ - public boolean equals(FP a) - { - a.reduce(); - reduce(); - if (BIG.comp(a.x,x)==0) return true; - return false; - } - -/* reduce this mod Modulus */ - public void reduce() - { - x.mod(p); - } - -/* return this^e mod Modulus */ - public FP pow(BIG e) - { - int bt; - FP r=new FP(1); - e.norm(); - x.norm(); - FP m=new FP(this); - while (true) - { - bt=e.parity(); - e.fshr(1); - if (bt==1) r.mul(m); - if (e.iszilch()) break; - m.sqr(); - } - r.x.mod(p); - return r; - } - -/* return sqrt(this) mod Modulus */ - public FP sqrt() - { - reduce(); - BIG b=new BIG(p); - if (ROM.MOD8==5) - { - b.dec(5); b.norm(); b.shr(3); - FP i=new FP(this); i.x.shl(1); - FP v=i.pow(b); - i.mul(v); i.mul(v); - i.x.dec(1); - FP r=new FP(this); - r.mul(v); r.mul(i); - r.reduce(); - return r; - } - else - { - b.inc(1); b.norm(); b.shr(2); - return pow(b); - } - } - -/* return jacobi symbol (this/Modulus) */ - public int jacobi() - { - BIG w=redc(); - return w.jacobi(p); - } -/* - public static void main(String[] args) { - BIG m=new BIG(ROM.Modulus); - BIG x=new BIG(3); - BIG e=new BIG(m); - e.dec(1); - - System.out.println("m= "+m.nbits()); - - - BIG r=x.powmod(e,m); - - System.out.println("m= "+m.toString()); - System.out.println("r= "+r.toString()); - - BIG.cswap(m,r,0); - - System.out.println("m= "+m.toString()); - System.out.println("r= "+r.toString()); - -// FP y=new FP(3); -// FP s=y.pow(e); -// System.out.println("s= "+s.toString()); - - } */ -} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/FP12.java ---------------------------------------------------------------------- diff --git a/java64/FP12.java b/java64/FP12.java deleted file mode 100755 index 1242652..0000000 --- a/java64/FP12.java +++ /dev/null @@ -1,640 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -/* AMCL Fp^12 functions */ -/* FP12 elements are of the form a+i.b+i^2.c */ - -public final class FP12 { - private final FP4 a; - private final FP4 b; - private final FP4 c; -/* reduce all components of this mod Modulus */ - public void reduce() - { - a.reduce(); - b.reduce(); - c.reduce(); - } -/* normalise all components of this */ - public void norm() - { - a.norm(); - b.norm(); - c.norm(); - } -/* test x==0 ? */ - public boolean iszilch() { - reduce(); - return (a.iszilch() && b.iszilch() && c.iszilch()); - } -/* test x==1 ? */ - public boolean isunity() { - FP4 one=new FP4(1); - return (a.equals(one) && b.iszilch() && c.iszilch()); - } -/* return 1 if x==y, else 0 */ - public boolean equals(FP12 x) - { - return (a.equals(x.a) && b.equals(x.b) && c.equals(x.c)); - } -/* extract a from this */ - public FP4 geta() - { - return a; - } -/* extract b */ - public FP4 getb() - { - return b; - } -/* extract c */ - public FP4 getc() - { - return c; - } -/* copy this=x */ - public void copy(FP12 x) - { - a.copy(x.a); - b.copy(x.b); - c.copy(x.c); - } -/* set this=1 */ - public void one() - { - a.one(); - b.zero(); - c.zero(); - } -/* this=conj(this) */ - public void conj() - { - a.conj(); - b.nconj(); - c.conj(); - } -/* Constructors */ - public FP12(FP4 d) - { - a=new FP4(d); - b=new FP4(0); - c=new FP4(0); - } - - public FP12(int d) - { - a=new FP4(d); - b=new FP4(0); - c=new FP4(0); - } - - public FP12(FP4 d,FP4 e,FP4 f) - { - a=new FP4(d); - b=new FP4(e); - c=new FP4(f); - } - - public FP12(FP12 x) - { - a=new FP4(x.a); - b=new FP4(x.b); - c=new FP4(x.c); - } - -/* Granger-Scott Unitary Squaring */ - public void usqr() - { - FP4 A=new FP4(a); - FP4 B=new FP4(c); - FP4 C=new FP4(b); - FP4 D=new FP4(0); - - a.sqr(); - D.copy(a); D.add(a); - a.add(D); - -// a.norm(); - A.nconj(); - - A.add(A); - a.add(A); - B.sqr(); - B.times_i(); - - D.copy(B); D.add(B); - B.add(D); -// B.norm(); - - C.sqr(); - D.copy(C); D.add(C); - C.add(D); -// C.norm(); - - b.conj(); - b.add(b); - c.nconj(); - - c.add(c); - b.add(B); - c.add(C); - reduce(); - - } - -/* Chung-Hasan SQR2 method from http://cacr.uwaterloo.ca/techreports/2006/cacr2006-24.pdf */ - public void sqr() - { - FP4 A=new FP4(a); - FP4 B=new FP4(b); - FP4 C=new FP4(c); - FP4 D=new FP4(a); - - A.sqr(); - B.mul(c); - B.add(B); - C.sqr(); - D.mul(b); - D.add(D); - - c.add(a); - c.add(b); - c.sqr(); - - a.copy(A); - - A.add(B); -// A.norm(); - A.add(C); - A.add(D); -// A.norm(); - - A.neg(); - B.times_i(); - C.times_i(); - - a.add(B); - - b.copy(C); b.add(D); - c.add(A); - norm(); - } - -/* FP12 full multiplication this=this*y */ - public void mul(FP12 y) - { - FP4 z0=new FP4(a); - FP4 z1=new FP4(0); - FP4 z2=new FP4(b); - FP4 z3=new FP4(0); - FP4 t0=new FP4(a); - FP4 t1=new FP4(y.a); - - z0.mul(y.a); - z2.mul(y.b); - - t0.add(b); - t1.add(y.b); - - z1.copy(t0); z1.mul(t1); - t0.copy(b); t0.add(c); - - t1.copy(y.b); t1.add(y.c); - z3.copy(t0); z3.mul(t1); - - t0.copy(z0); t0.neg(); - t1.copy(z2); t1.neg(); - - z1.add(t0); -// z1.norm(); - b.copy(z1); b.add(t1); - - z3.add(t1); - z2.add(t0); - - t0.copy(a); t0.add(c); - t1.copy(y.a); t1.add(y.c); - t0.mul(t1); - z2.add(t0); - - t0.copy(c); t0.mul(y.c); - t1.copy(t0); t1.neg(); - -// z2.norm(); -// z3.norm(); -// b.norm(); - - c.copy(z2); c.add(t1); - z3.add(t1); - t0.times_i(); - b.add(t0); - - z3.times_i(); - a.copy(z0); a.add(z3); - norm(); - } - -/* Special case of multiplication arises from special form of ATE pairing line function */ - public void smul(FP12 y) - { - FP4 z0=new FP4(a); - FP4 z2=new FP4(b); - FP4 z3=new FP4(b); - FP4 t0=new FP4(0); - FP4 t1=new FP4(y.a); - - z0.mul(y.a); - z2.pmul(y.b.real()); - b.add(a); - t1.real().add(y.b.real()); - - b.mul(t1); - z3.add(c); - z3.pmul(y.b.real()); - - t0.copy(z0); t0.neg(); - t1.copy(z2); t1.neg(); - - b.add(t0); -// b.norm(); - - b.add(t1); - z3.add(t1); - z2.add(t0); - - t0.copy(a); t0.add(c); - t0.mul(y.a); - c.copy(z2); c.add(t0); - - z3.times_i(); - a.copy(z0); a.add(z3); - - norm(); - } - -/* this=1/this */ - public void inverse() - { - FP4 f0=new FP4(a); - FP4 f1=new FP4(b); - FP4 f2=new FP4(a); - FP4 f3=new FP4(0); - - norm(); - f0.sqr(); - f1.mul(c); - f1.times_i(); - f0.sub(f1); - - f1.copy(c); f1.sqr(); - f1.times_i(); - f2.mul(b); - f1.sub(f2); - - f2.copy(b); f2.sqr(); - f3.copy(a); f3.mul(c); - f2.sub(f3); - - f3.copy(b); f3.mul(f2); - f3.times_i(); - a.mul(f0); - f3.add(a); - c.mul(f1); - c.times_i(); - - f3.add(c); - f3.inverse(); - a.copy(f0); a.mul(f3); - b.copy(f1); b.mul(f3); - c.copy(f2); c.mul(f3); - } - -/* this=this^p using Frobenius */ - public void frob(FP2 f) - { - FP2 f2=new FP2(f); - FP2 f3=new FP2(f); - - f2.sqr(); - f3.mul(f2); - - a.frob(f3); - b.frob(f3); - c.frob(f3); - - b.pmul(f); - c.pmul(f2); - } - -/* trace function */ - public FP4 trace() - { - FP4 t=new FP4(0); - t.copy(a); - t.imul(3); - t.reduce(); - return t; - } - -/* convert from byte array to FP12 */ - public static FP12 fromBytes(byte[] w) - { - BIG a,b; - FP2 c,d; - FP4 e,f,g; - byte[] t=new byte[ROM.MODBYTES]; - - for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i]; - a=BIG.fromBytes(t); - for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+ROM.MODBYTES]; - b=BIG.fromBytes(t); - c=new FP2(a,b); - - for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+2*ROM.MODBYTES]; - a=BIG.fromBytes(t); - for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+3*ROM.MODBYTES]; - b=BIG.fromBytes(t); - d=new FP2(a,b); - - e=new FP4(c,d); - - - for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+4*ROM.MODBYTES]; - a=BIG.fromBytes(t); - for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+5*ROM.MODBYTES]; - b=BIG.fromBytes(t); - c=new FP2(a,b); - - for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+6*ROM.MODBYTES]; - a=BIG.fromBytes(t); - for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+7*ROM.MODBYTES]; - b=BIG.fromBytes(t); - d=new FP2(a,b); - - f=new FP4(c,d); - - - for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+8*ROM.MODBYTES]; - a=BIG.fromBytes(t); - for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+9*ROM.MODBYTES]; - b=BIG.fromBytes(t); - c=new FP2(a,b); - - for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+10*ROM.MODBYTES]; - a=BIG.fromBytes(t); - for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+11*ROM.MODBYTES]; - b=BIG.fromBytes(t); - d=new FP2(a,b); - - g=new FP4(c,d); - - return new FP12(e,f,g); - } - -/* convert this to byte array */ - public void toBytes(byte[] w) - { - byte[] t=new byte[ROM.MODBYTES]; - a.geta().getA().toBytes(t); - for (int i=0;i<ROM.MODBYTES;i++) w[i]=t[i]; - a.geta().getB().toBytes(t); - for (int i=0;i<ROM.MODBYTES;i++) w[i+ROM.MODBYTES]=t[i]; - a.getb().getA().toBytes(t); - for (int i=0;i<ROM.MODBYTES;i++) w[i+2*ROM.MODBYTES]=t[i]; - a.getb().getB().toBytes(t); - for (int i=0;i<ROM.MODBYTES;i++) w[i+3*ROM.MODBYTES]=t[i]; - - b.geta().getA().toBytes(t); - for (int i=0;i<ROM.MODBYTES;i++) w[i+4*ROM.MODBYTES]=t[i]; - b.geta().getB().toBytes(t); - for (int i=0;i<ROM.MODBYTES;i++) w[i+5*ROM.MODBYTES]=t[i]; - b.getb().getA().toBytes(t); - for (int i=0;i<ROM.MODBYTES;i++) w[i+6*ROM.MODBYTES]=t[i]; - b.getb().getB().toBytes(t); - for (int i=0;i<ROM.MODBYTES;i++) w[i+7*ROM.MODBYTES]=t[i]; - - c.geta().getA().toBytes(t); - for (int i=0;i<ROM.MODBYTES;i++) w[i+8*ROM.MODBYTES]=t[i]; - c.geta().getB().toBytes(t); - for (int i=0;i<ROM.MODBYTES;i++) w[i+9*ROM.MODBYTES]=t[i]; - c.getb().getA().toBytes(t); - for (int i=0;i<ROM.MODBYTES;i++) w[i+10*ROM.MODBYTES]=t[i]; - c.getb().getB().toBytes(t); - for (int i=0;i<ROM.MODBYTES;i++) w[i+11*ROM.MODBYTES]=t[i]; - } - -/* convert to hex string */ - public String toString() - { - return ("["+a.toString()+","+b.toString()+","+c.toString()+"]"); - } - -/* this=this^e */ - public FP12 pow(BIG e) - { - norm(); - e.norm(); - FP12 w=new FP12(this); - BIG z=new BIG(e); - FP12 r=new FP12(1); - - while (true) - { - int bt=z.parity(); - z.fshr(1); - if (bt==1) r.mul(w); - if (z.iszilch()) break; - w.usqr(); - } - r.reduce(); - return r; - } - -/* constant time powering by small integer of max length bts */ - public void pinpow(int e,int bts) - { - int i,b; - FP12 [] R=new FP12[2]; - R[0]=new FP12(1); - R[1]=new FP12(this); - for (i=bts-1;i>=0;i--) - { - b=(e>>i)&1; - R[1-b].mul(R[b]); - R[b].usqr(); - } - this.copy(R[0]); - } - -/* p=q0^u0.q1^u1.q2^u2.q3^u3 */ -/* Timing attack secure, but not cache attack secure */ - - public static FP12 pow4(FP12[] q,BIG[] u) - { - int i,j,nb,m; - int[] a=new int[4]; - FP12 [] g=new FP12[8]; - FP12 [] s=new FP12[2]; - FP12 c=new FP12(1); - FP12 p=new FP12(0); - BIG [] t=new BIG[4]; - BIG mt=new BIG(0); - byte[] w=new byte[ROM.NLEN*ROM.BASEBITS+1]; - - for (i=0;i<4;i++) - t[i]=new BIG(u[i]); - - s[0]=new FP12(0); - s[1]=new FP12(0); - - g[0]=new FP12(q[0]); s[0].copy(q[1]); s[0].conj(); g[0].mul(s[0]); - g[1]=new FP12(g[0]); - g[2]=new FP12(g[0]); - g[3]=new FP12(g[0]); - g[4]=new FP12(q[0]); g[4].mul(q[1]); - g[5]=new FP12(g[4]); - g[6]=new FP12(g[4]); - g[7]=new FP12(g[4]); - - s[1].copy(q[2]); s[0].copy(q[3]); s[0].conj(); s[1].mul(s[0]); - s[0].copy(s[1]); s[0].conj(); g[1].mul(s[0]); - g[2].mul(s[1]); - g[5].mul(s[0]); - g[6].mul(s[1]); - s[1].copy(q[2]); s[1].mul(q[3]); - s[0].copy(s[1]); s[0].conj(); g[0].mul(s[0]); - g[3].mul(s[1]); - g[4].mul(s[0]); - g[7].mul(s[1]); - -/* if power is even add 1 to power, and add q to correction */ - - for (i=0;i<4;i++) - { - if (t[i].parity()==0) - { - t[i].inc(1); t[i].norm(); - c.mul(q[i]); - } - mt.add(t[i]); mt.norm(); - } - c.conj(); - nb=1+mt.nbits(); - -/* convert exponent to signed 1-bit window */ - for (j=0;j<nb;j++) - { - for (i=0;i<4;i++) - { - a[i]=(t[i].lastbits(2)-2); - t[i].dec(a[i]); t[i].norm(); - t[i].fshr(1); - } - w[j]=(byte)(8*a[0]+4*a[1]+2*a[2]+a[3]); - } - w[nb]=(byte)(8*t[0].lastbits(2)+4*t[1].lastbits(2)+2*t[2].lastbits(2)+t[3].lastbits(2)); - p.copy(g[(w[nb]-1)/2]); - - for (i=nb-1;i>=0;i--) - { - m=w[i]>>7; - j=(w[i]^m)-m; /* j=abs(w[i]) */ - j=(j-1)/2; - s[0].copy(g[j]); s[1].copy(g[j]); s[1].conj(); - p.usqr(); - p.mul(s[m&1]); - } - p.mul(c); /* apply correction */ - p.reduce(); - return p; - } - -/* - public static void main(String[] args) { - BIG p=new BIG(ROM.Modulus); - FP2 w0,w1; - BIG a=new BIG(0); - BIG b=new BIG(0); - - a.zero(); b.zero(); a.inc(1); b.inc(2); - w0=new FP2(a,b); - a.zero(); b.zero(); a.inc(3); b.inc(4); - w1=new FP2(a,b); - FP4 t0=new FP4(w0,w1); - - a.zero(); b.zero(); a.inc(5); b.inc(6); - w0=new FP2(a,b); - a.zero(); b.zero(); a.inc(7); b.inc(8); - w1=new FP2(a,b); - FP4 t1=new FP4(w0,w1); - - a.zero(); b.zero(); a.inc(9); b.inc(10); - w0=new FP2(a,b); - a.zero(); b.zero(); a.inc(11); b.inc(12); - w1=new FP2(a,b); - FP4 t2=new FP4(w0,w1); - - FP12 w=new FP12(t0,t1,t2); - FP12 t=new FP12(w); - - System.out.println("w= "+w.toString()); - - a=new BIG(ROM.CURVE_Fra); - b=new BIG(ROM.CURVE_Frb); - - FP2 f=new FP2(a,b); - - w.frob(f); - System.out.println("w= "+w.toString()); - - w=t.pow(p); - - System.out.println("w= "+w.toString()); - - w.inverse(); - - System.out.println("1/w= "+w.toString()); - - w.inverse(); - - System.out.println("w= "+w.toString()); - - t.copy(w); - w.conj(); - t.inverse(); - w.mul(t); - - System.out.println("w^(p^6-1)= "+w.toString()); - - t.copy(w); - w.frob(f); - w.frob(f); - w.mul(t); - - System.out.println("w^(p^6-1)(p^2+1)= "+w.toString()); - - t.copy(w); - - t.inverse(); - w.conj(); - - System.out.println("w= "+w.toString()); - System.out.println("t= "+t.toString()); - } */ -} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/FP2.java ---------------------------------------------------------------------- diff --git a/java64/FP2.java b/java64/FP2.java deleted file mode 100755 index 48e2b7e..0000000 --- a/java64/FP2.java +++ /dev/null @@ -1,391 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -/* Finite Field arithmetic Fp^2 functions */ - -/* FP2 elements are of the form a+ib, where i is sqrt(-1) */ - -public final class FP2 { - private final FP a; - private final FP b; - -/* reduce components mod Modulus */ - public void reduce() - { - a.reduce(); - b.reduce(); - } - -/* normalise components of w */ - public void norm() - { - a.norm(); - b.norm(); - } - -/* test this=0 ? */ - public boolean iszilch() { - reduce(); - return (a.iszilch() && b.iszilch()); - } - - public void cmove(FP2 g,int d) - { - a.cmove(g.a,d); - b.cmove(g.b,d); - } - -/* test this=1 ? */ - public boolean isunity() { - FP one=new FP(1); - return (a.equals(one) && b.iszilch()); - } - -/* test this=x */ - public boolean equals(FP2 x) { - return (a.equals(x.a) && b.equals(x.b)); - } - -/* Constructors */ - public FP2(int c) - { - a=new FP(c); - b=new FP(0); - } - - public FP2(FP2 x) - { - a=new FP(x.a); - b=new FP(x.b); - } - - public FP2(FP c,FP d) - { - a=new FP(c); - b=new FP(d); - } - - public FP2(BIG c,BIG d) - { - a=new FP(c); - b=new FP(d); - } - - public FP2(FP c) - { - a=new FP(c); - b=new FP(0); - } - - public FP2(BIG c) - { - a=new FP(c); - b=new FP(0); - } - -/* extract a */ - public BIG getA() - { - return a.redc(); - } - -/* extract b */ - public BIG getB() - { - return b.redc(); - } - -/* copy this=x */ - public void copy(FP2 x) - { - a.copy(x.a); - b.copy(x.b); - } - -/* set this=0 */ - public void zero() - { - a.zero(); - b.zero(); - } - -/* set this=1 */ - public void one() - { - a.one(); - b.zero(); - } - -/* negate this mod Modulus */ - public void neg() - { - norm(); - FP m=new FP(a); - FP t=new FP(0); - - m.add(b); - m.neg(); - m.norm(); - t.copy(m); t.add(b); - b.copy(m); - b.add(a); - a.copy(t); - } - -/* set to a-ib */ - public void conj() - { - b.neg(); - } - -/* this+=a */ - public void add(FP2 x) - { - a.add(x.a); - b.add(x.b); - } - -/* this-=a */ - public void sub(FP2 x) - { - FP2 m=new FP2(x); - m.neg(); - add(m); - } - -/* this*=s, where s is an FP */ - public void pmul(FP s) - { - a.mul(s); - b.mul(s); - } - -/* this*=i, where i is an int */ - public void imul(int c) - { - a.imul(c); - b.imul(c); - } - -/* this*=this */ - public void sqr() - { - norm(); - FP w1=new FP(a); - FP w3=new FP(a); - FP mb=new FP(b); - - w3.mul(b); - w1.add(b); - mb.neg(); - a.add(mb); - a.mul(w1); - b.copy(w3); b.add(w3); -// reduce(); - norm(); - } - -/* this*=y */ - public void mul(FP2 y) - { - norm(); /* This is needed here as {a,b} is not normed before additions */ - - FP w1=new FP(a); - FP w2=new FP(b); - FP w5=new FP(a); - FP mw=new FP(0); - - w1.mul(y.a); // w1=a*y.a - this norms w1 and y.a, NOT a - w2.mul(y.b); // w2=b*y.b - this norms w2 and y.b, NOT b - w5.add(b); // w5=a+b - b.copy(y.a); b.add(y.b); // b=y.a+y.b - - b.mul(w5); - mw.copy(w1); mw.add(w2); mw.neg(); - - b.add(mw); mw.add(w1); - a.copy(w1); a.add(mw); - -// reduce(); - norm(); - } - - -/* sqrt(a+ib) = sqrt(a+sqrt(a*a-n*b*b)/2)+ib/(2*sqrt(a+sqrt(a*a-n*b*b)/2)) */ -/* returns true if this is QR */ - public boolean sqrt() - { - if (iszilch()) return true; - FP w1=new FP(b); - FP w2=new FP(a); - w1.sqr(); w2.sqr(); w1.add(w2); - if (w1.jacobi()!=1) { zero(); return false; } - w1=w1.sqrt(); - w2.copy(a); w2.add(w1); w2.div2(); - if (w2.jacobi()!=1) - { - w2.copy(a); w2.sub(w1); w2.div2(); - if (w2.jacobi()!=1) { zero(); return false; } - } - w2=w2.sqrt(); - a.copy(w2); - w2.add(w2); - w2.inverse(); - b.mul(w2); - return true; - } - -/* output to hex string */ - public String toString() - { - return ("["+a.toString()+","+b.toString()+"]"); - } - - public String toRawString() - { - return ("["+a.toRawString()+","+b.toRawString()+"]"); - } - -/* this=1/this */ - public void inverse() - { - norm(); - FP w1=new FP(a); - FP w2=new FP(b); - - w1.sqr(); - w2.sqr(); - w1.add(w2); - w1.inverse(); - a.mul(w1); - w1.neg(); - b.mul(w1); - } - -/* this/=2 */ - public void div2() - { - a.div2(); - b.div2(); - } - -/* this*=sqrt(-1) */ - public void times_i() - { - // a.norm(); - FP z=new FP(a); - a.copy(b); a.neg(); - b.copy(z); - } - -/* w*=(1+sqrt(-1)) */ -/* where X*2-(1+sqrt(-1)) is irreducible for FP4, assumes p=3 mod 8 */ - public void mul_ip() - { - norm(); - FP2 t=new FP2(this); - FP z=new FP(a); - a.copy(b); - a.neg(); - b.copy(z); - add(t); - norm(); - } - -/* w/=(1+sqrt(-1)) */ - public void div_ip() - { - FP2 t=new FP2(0); - norm(); - t.a.copy(a); t.a.add(b); - t.b.copy(b); t.b.sub(a); - copy(t); - div2(); - } -/* - public FP2 pow(BIG e) - { - int bt; - FP2 r=new FP2(1); - e.norm(); - norm(); - while (true) - { - bt=e.parity(); - e.fshr(1); - if (bt==1) r.mul(this); - if (e.iszilch()) break; - sqr(); - } - - r.reduce(); - return r; - } - - public static void main(String[] args) { - BIG m=new BIG(ROM.Modulus); - BIG x=new BIG(3); - BIG e=new BIG(27); - BIG pp1=new BIG(m); - BIG pm1=new BIG(m); - BIG a=new BIG(1); - BIG b=new BIG(1); - FP2 w=new FP2(a,b); - FP2 z=new FP2(w); - - byte[] RAW=new byte[100]; - - RAND rng=new RAND(); - for (int i=0;i<100;i++) RAW[i]=(byte)(i); - - rng.seed(100,RAW); - - // for (int i=0;i<100;i++) - // { - a.randomnum(rng); - b.randomnum(rng); - - w=new FP2(a,b); - System.out.println("w="+w.toString()); - - z=new FP2(w); - z.inverse(); - System.out.println("z="+z.toString()); - - z.inverse(); - if (!z.equals(w)) System.out.println("Error"); - // } - -// System.out.println("m="+m.toString()); -// w.sqr(); -// w.mul(z); - - System.out.println("w="+w.toString()); - - - pp1.inc(1); pp1.norm(); - pm1.dec(1); pm1.norm(); - System.out.println("p+1="+pp1.toString()); - System.out.println("p-1="+pm1.toString()); - w=w.pow(pp1); - w=w.pow(pm1); - System.out.println("w="+w.toString()); - } -*/ -} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/FP4.java ---------------------------------------------------------------------- diff --git a/java64/FP4.java b/java64/FP4.java deleted file mode 100755 index 5eaa78d..0000000 --- a/java64/FP4.java +++ /dev/null @@ -1,585 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -/* Finite Field arithmetic Fp^4 functions */ - -/* FP4 elements are of the form a+ib, where i is sqrt(-1+sqrt(-1)) */ - -public final class FP4 { - private final FP2 a; - private final FP2 b; -/* reduce all components of this mod Modulus */ - public void reduce() - { - a.reduce(); - b.reduce(); - } -/* normalise all components of this mod Modulus */ - public void norm() - { - a.norm(); - b.norm(); - } -/* test this==0 ? */ - public boolean iszilch() { - reduce(); - return (a.iszilch() && b.iszilch()); - } -/* test this==1 ? */ - public boolean isunity() { - FP2 one=new FP2(1); - return (a.equals(one) && b.iszilch()); - } - -/* test is w real? That is in a+ib test b is zero */ - public boolean isreal() - { - return b.iszilch(); - } -/* extract real part a */ - public FP2 real() - { - return a; - } - - public FP2 geta() - { - return a; - } -/* extract imaginary part b */ - public FP2 getb() - { - return b; - } -/* test this=x? */ - public boolean equals(FP4 x) - { - return (a.equals(x.a) && b.equals(x.b)); - } -/* constructors */ - public FP4(int c) - { - a=new FP2(c); - b=new FP2(0); - } - - public FP4(FP4 x) - { - a=new FP2(x.a); - b=new FP2(x.b); - } - - public FP4(FP2 c,FP2 d) - { - a=new FP2(c); - b=new FP2(d); - } - - public FP4(FP2 c) - { - a=new FP2(c); - b=new FP2(0); - } -/* copy this=x */ - public void copy(FP4 x) - { - a.copy(x.a); - b.copy(x.b); - } -/* set this=0 */ - public void zero() - { - a.zero(); - b.zero(); - } -/* set this=1 */ - public void one() - { - a.one(); - b.zero(); - } -/* set this=-this */ - public void neg() - { - FP2 m=new FP2(a); - FP2 t=new FP2(0); - m.add(b); - m.neg(); - m.norm(); - t.copy(m); t.add(b); - b.copy(m); - b.add(a); - a.copy(t); - } -/* this=conjugate(this) */ - public void conj() - { - b.neg(); b.norm(); - } -/* this=-conjugate(this) */ - public void nconj() - { - a.neg(); a.norm(); - } -/* this+=x */ - public void add(FP4 x) - { - a.add(x.a); - b.add(x.b); - } -/* this-=x */ - public void sub(FP4 x) - { - FP4 m=new FP4(x); - m.neg(); - add(m); - } - -/* this*=s where s is FP2 */ - public void pmul(FP2 s) - { - a.mul(s); - b.mul(s); - } -/* this*=c where c is int */ - public void imul(int c) - { - a.imul(c); - b.imul(c); - } -/* this*=this */ - public void sqr() - { - norm(); - - FP2 t1=new FP2(a); - FP2 t2=new FP2(b); - FP2 t3=new FP2(a); - - t3.mul(b); - t1.add(b); - t2.mul_ip(); - - t2.add(a); - a.copy(t1); - - a.mul(t2); - - t2.copy(t3); - t2.mul_ip(); - t2.add(t3); - t2.neg(); - a.add(t2); - - b.copy(t3); - b.add(t3); - - norm(); - } -/* this*=y */ - public void mul(FP4 y) - { - norm(); - - FP2 t1=new FP2(a); - FP2 t2=new FP2(b); - FP2 t3=new FP2(0); - FP2 t4=new FP2(b); - - t1.mul(y.a); - t2.mul(y.b); - t3.copy(y.b); - t3.add(y.a); - t4.add(a); - - t4.mul(t3); - t4.sub(t1); -// t4.norm(); - - b.copy(t4); - b.sub(t2); - t2.mul_ip(); - a.copy(t2); - a.add(t1); - - norm(); - } -/* convert this to hex string */ - public String toString() - { - return ("["+a.toString()+","+b.toString()+"]"); - } - - public String toRawString() - { - return ("["+a.toRawString()+","+b.toRawString()+"]"); - } - -/* this=1/this */ - public void inverse() - { - norm(); - - FP2 t1=new FP2(a); - FP2 t2=new FP2(b); - - t1.sqr(); - t2.sqr(); - t2.mul_ip(); - t1.sub(t2); - t1.inverse(); - a.mul(t1); - t1.neg(); - b.mul(t1); - } - - -/* this*=i where i = sqrt(-1+sqrt(-1)) */ - public void times_i() - { - norm(); - FP2 s=new FP2(b); - FP2 t=new FP2(b); - s.times_i(); - t.add(s); -// t.norm(); - b.copy(a); - a.copy(t); - } - -/* this=this^p using Frobenius */ - public void frob(FP2 f) - { - a.conj(); - b.conj(); - b.mul(f); - } - -/* this=this^e */ - public FP4 pow(BIG e) - { - norm(); - e.norm(); - FP4 w=new FP4(this); - BIG z=new BIG(e); - FP4 r=new FP4(1); - while (true) - { - int bt=z.parity(); - z.fshr(1); - if (bt==1) r.mul(w); - if (z.iszilch()) break; - w.sqr(); - } - r.reduce(); - return r; - } -/* XTR xtr_a function */ - public void xtr_A(FP4 w,FP4 y,FP4 z) - { - FP4 r=new FP4(w); - FP4 t=new FP4(w); - r.sub(y); - r.pmul(a); - t.add(y); - t.pmul(b); - t.times_i(); - - copy(r); - add(t); - add(z); - - norm(); - } - -/* XTR xtr_d function */ - public void xtr_D() { - FP4 w=new FP4(this); - sqr(); w.conj(); - w.add(w); - sub(w); - reduce(); - } - -/* r=x^n using XTR method on traces of FP12s */ - public FP4 xtr_pow(BIG n) { - FP4 a=new FP4(3); - FP4 b=new FP4(this); - FP4 c=new FP4(b); - c.xtr_D(); - FP4 t=new FP4(0); - FP4 r=new FP4(0); - - n.norm(); - int par=n.parity(); - BIG v=new BIG(n); v.fshr(1); - if (par==0) {v.dec(1); v.norm();} - - int nb=v.nbits(); - for (int i=nb-1;i>=0;i--) - { - if (v.bit(i)!=1) - { - t.copy(b); - conj(); - c.conj(); - b.xtr_A(a,this,c); - conj(); - c.copy(t); - c.xtr_D(); - a.xtr_D(); - } - else - { - t.copy(a); t.conj(); - a.copy(b); - a.xtr_D(); - b.xtr_A(c,this,t); - c.xtr_D(); - } - } - if (par==0) r.copy(c); - else r.copy(b); - r.reduce(); - return r; - } - -/* r=ck^a.cl^n using XTR double exponentiation method on traces of FP12s. See Stam thesis. */ - public FP4 xtr_pow2(FP4 ck,FP4 ckml,FP4 ckm2l,BIG a,BIG b) - { - a.norm(); b.norm(); - BIG e=new BIG(a); - BIG d=new BIG(b); - BIG w=new BIG(0); - - FP4 cu=new FP4(ck); // can probably be passed in w/o copying - FP4 cv=new FP4(this); - FP4 cumv=new FP4(ckml); - FP4 cum2v=new FP4(ckm2l); - FP4 r=new FP4(0); - FP4 t=new FP4(0); - - int f2=0; - while (d.parity()==0 && e.parity()==0) - { - d.fshr(1); - e.fshr(1); - f2++; - } - - while (BIG.comp(d,e)!=0) - { - if (BIG.comp(d,e)>0) - { - w.copy(e); w.imul(4); w.norm(); - if (BIG.comp(d,w)<=0) - { - w.copy(d); d.copy(e); - e.rsub(w); e.norm(); - - t.copy(cv); - t.xtr_A(cu,cumv,cum2v); - cum2v.copy(cumv); - cum2v.conj(); - cumv.copy(cv); - cv.copy(cu); - cu.copy(t); - - } - else if (d.parity()==0) - { - d.fshr(1); - r.copy(cum2v); r.conj(); - t.copy(cumv); - t.xtr_A(cu,cv,r); - cum2v.copy(cumv); - cum2v.xtr_D(); - cumv.copy(t); - cu.xtr_D(); - } - else if (e.parity()==1) - { - d.sub(e); d.norm(); - d.fshr(1); - t.copy(cv); - t.xtr_A(cu,cumv,cum2v); - cu.xtr_D(); - cum2v.copy(cv); - cum2v.xtr_D(); - cum2v.conj(); - cv.copy(t); - } - else - { - w.copy(d); - d.copy(e); d.fshr(1); - e.copy(w); - t.copy(cumv); - t.xtr_D(); - cumv.copy(cum2v); cumv.conj(); - cum2v.copy(t); cum2v.conj(); - t.copy(cv); - t.xtr_D(); - cv.copy(cu); - cu.copy(t); - } - } - if (BIG.comp(d,e)<0) - { - w.copy(d); w.imul(4); w.norm(); - if (BIG.comp(e,w)<=0) - { - e.sub(d); e.norm(); - t.copy(cv); - t.xtr_A(cu,cumv,cum2v); - cum2v.copy(cumv); - cumv.copy(cu); - cu.copy(t); - } - else if (e.parity()==0) - { - w.copy(d); - d.copy(e); d.fshr(1); - e.copy(w); - t.copy(cumv); - t.xtr_D(); - cumv.copy(cum2v); cumv.conj(); - cum2v.copy(t); cum2v.conj(); - t.copy(cv); - t.xtr_D(); - cv.copy(cu); - cu.copy(t); - } - else if (d.parity()==1) - { - w.copy(e); - e.copy(d); - w.sub(d); w.norm(); - d.copy(w); d.fshr(1); - t.copy(cv); - t.xtr_A(cu,cumv,cum2v); - cumv.conj(); - cum2v.copy(cu); - cum2v.xtr_D(); - cum2v.conj(); - cu.copy(cv); - cu.xtr_D(); - cv.copy(t); - } - else - { - d.fshr(1); - r.copy(cum2v); r.conj(); - t.copy(cumv); - t.xtr_A(cu,cv,r); - cum2v.copy(cumv); - cum2v.xtr_D(); - cumv.copy(t); - cu.xtr_D(); - } - } - } - r.copy(cv); - r.xtr_A(cu,cumv,cum2v); - for (int i=0;i<f2;i++) - r.xtr_D(); - r=r.xtr_pow(d); - return r; - } - -/* - - public static void main(String[] args) { - BIG m=new BIG(ROM.Modulus); - BIG e=new BIG(12); - BIG a=new BIG(0); - BIG b=new BIG(0); - - a.inc(27); b.inc(45); - - FP2 w0=new FP2(a,b); - - a.zero(); b.zero(); - a.inc(33); b.inc(54); - - FP2 w1=new FP2(a,b); - - - FP4 w=new FP4(w0,w1); - FP4 t=new FP4(w); - - a=new BIG(ROM.CURVE_Fra); - b=new BIG(ROM.CURVE_Frb); - - FP2 f=new FP2(a,b); - - System.out.println("w= "+w.toString()); - - w=w.pow(m); - - System.out.println("w^p= "+w.toString()); - - t.frob(f); - - - System.out.println("w^p= "+t.toString()); - - w=w.pow(m); - w=w.pow(m); - w=w.pow(m); - System.out.println("w^p4= "+w.toString()); - - - System.out.println("Test Inversion"); - - w=new FP4(w0,w1); - - w.inverse(); - - System.out.println("1/w mod p^4 = "+w.toString()); - - w.inverse(); - - System.out.println("1/(1/w) mod p^4 = "+w.toString()); - - FP4 ww=new FP4(w); - - w=w.xtr_pow(e); - System.out.println("w^e= "+w.toString()); - - - a.zero(); b.zero(); - a.inc(37); b.inc(17); - w0=new FP2(a,b); - a.zero(); b.zero(); - a.inc(49); b.inc(31); - w1=new FP2(a,b); - - FP4 c1=new FP4(w0,w1); - FP4 c2=new FP4(w0,w1); - FP4 c3=new FP4(w0,w1); - - BIG e1=new BIG(3331); - BIG e2=new BIG(3372); - - FP4 cr=w.xtr_pow2(c1,c2,c3,e1,e2); - - System.out.println("c^e= "+cr.toString()); - } */ -} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/GCM.java ---------------------------------------------------------------------- diff --git a/java64/GCM.java b/java64/GCM.java deleted file mode 100755 index 1422af9..0000000 --- a/java64/GCM.java +++ /dev/null @@ -1,374 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - - - -/* - * Implementation of the AES-GCM Encryption/Authentication - * - * Some restrictions.. - * 1. Only for use with AES - * 2. Returned tag is always 128-bits. Truncate at your own risk. - * 3. The order of function calls must follow some rules - * - * Typical sequence of calls.. - * 1. call GCM_init - * 2. call GCM_add_header any number of times, as long as length of header is multiple of 16 bytes (block size) - * 3. call GCM_add_header one last time with any length of header - * 4. call GCM_add_cipher any number of times, as long as length of cipher/plaintext is multiple of 16 bytes - * 5. call GCM_add_cipher one last time with any length of cipher/plaintext - * 6. call GCM_finish to extract the tag. - * - * See http://www.mindspring.com/~dmcgrew/gcm-nist-6.pdf - */ - -public class GCM { - public static final int NB=4; - public static final int GCM_ACCEPTING_HEADER=0; - public static final int GCM_ACCEPTING_CIPHER=1; - public static final int GCM_NOT_ACCEPTING_MORE=2; - public static final int GCM_FINISHED=3; - public static final int GCM_ENCRYPTING=0; - public static final int GCM_DECRYPTING=1; - - private int[][] table=new int[128][4]; /* 2k bytes */ - private byte[] stateX=new byte[16]; - private byte[]Y_0=new byte[16]; - private int counter; - private int[] lenA=new int[2]; - private int[] lenC=new int[2]; - private int status; - private AES a=new AES(); - - private static int pack(byte[] b) - { /* pack bytes into a 32-bit Word */ - return ((((int)b[0])&0xff)<<24)|(((int)b[1]&0xff)<<16)|(((int)b[2]&0xff)<<8)|((int)b[3]&0xff); - } - - private static byte[] unpack(int a) - { /* unpack bytes from a word */ - byte [] b=new byte[4]; - b[3]=(byte)(a); - b[2]=(byte)(a>>>8); - b[1]=(byte)(a>>>16); - b[0]=(byte)(a>>>24); - return b; - } - - private void precompute(byte[] H) - { - int i,j,c; - byte[] b=new byte[4]; - - for (i=j=0;i<NB;i++,j+=4) - { - b[0]=H[j]; b[1]=H[j+1]; b[2]=H[j+2]; b[3]=H[j+3]; - table[0][i]=pack(b); - } - for (i=1;i<128;i++) - { - c=0; - for (j=0;j<NB;j++) {table[i][j]=c|(table[i-1][j])>>>1; c=table[i-1][j]<<31;} - if (c!=0) table[i][0]^=0xE1000000; /* irreducible polynomial */ - } - } - - private void gf2mul() - { /* gf2m mul - Z=H*X mod 2^128 */ - int i,j,m,k; - int[] P=new int[4]; - int c; - byte[] b;//=new byte[4]; - - P[0]=P[1]=P[2]=P[3]=0; - j=8; m=0; - for (i=0;i<128;i++) - { - c=(stateX[m]>>>(--j))&1; - if (c!=0) for (k=0;k<NB;k++) P[k]^=table[i][k]; - if (j==0) - { - j=8; m++; - if (m==16) break; - } - } - for (i=j=0;i<NB;i++,j+=4) - { - b=unpack(P[i]); - stateX[j]=b[0]; stateX[j+1]=b[1]; stateX[j+2]=b[2]; stateX[j+3]=b[3]; - } - } - - private void wrap() - { /* Finish off GHASH */ - int i,j; - int[] F=new int[4]; - byte[] L=new byte[16]; - byte[] b;//=new byte[4]; - -/* convert lengths from bytes to bits */ - F[0]=(lenA[0]<<3)|(lenA[1]&0xE0000000)>>>29; - F[1]=lenA[1]<<3; - F[2]=(lenC[0]<<3)|(lenC[1]&0xE0000000)>>>29; - F[3]=lenC[1]<<3; - for (i=j=0;i<NB;i++,j+=4) - { - b=unpack(F[i]); - L[j]=b[0]; L[j+1]=b[1]; L[j+2]=b[2]; L[j+3]=b[3]; - } - for (i=0;i<16;i++) stateX[i]^=L[i]; - gf2mul(); - } - -/* Initialize GCM mode */ - public void init(byte[] key,int niv,byte[] iv) - { /* iv size niv is usually 12 bytes (96 bits). AES key size nk can be 16,24 or 32 bytes */ - int i; - byte[] H=new byte[16]; - byte[] b;//=new byte[4]; - - for (i=0;i<16;i++) {H[i]=0; stateX[i]=0;} - - a.init(AES.ECB,key,iv); - a.ecb_encrypt(H); /* E(K,0) */ - precompute(H); - - lenA[0]=lenC[0]=lenA[1]=lenC[1]=0; - if (niv==12) - { - for (i=0;i<12;i++) a.f[i]=iv[i]; - b=unpack((int)1); - a.f[12]=b[0]; a.f[13]=b[1]; a.f[14]=b[2]; a.f[15]=b[3]; /* initialise IV */ - for (i=0;i<16;i++) Y_0[i]=a.f[i]; - } - else - { - status=GCM_ACCEPTING_CIPHER; - ghash(iv,niv); /* GHASH(H,0,IV) */ - wrap(); - for (i=0;i<16;i++) {a.f[i]=stateX[i];Y_0[i]=a.f[i];stateX[i]=0;} - lenA[0]=lenC[0]=lenA[1]=lenC[1]=0; - } - status=GCM_ACCEPTING_HEADER; - } - -/* Add Header data - included but not encrypted */ - public boolean add_header(byte[] header,int len) - { /* Add some header. Won't be encrypted, but will be authenticated. len is length of header */ - int i,j=0; - if (status!=GCM_ACCEPTING_HEADER) return false; - - while (j<len) - { - for (i=0;i<16 && j<len;i++) - { - stateX[i]^=header[j++]; - lenA[1]++; if (lenA[1]==0) lenA[0]++; - } - gf2mul(); - } - if (len%16!=0) status=GCM_ACCEPTING_CIPHER; - return true; - } - - private boolean ghash(byte[] plain,int len) - { - int i,j=0; - int counter; - // byte[] B=new byte[16]; - // byte[] b=new byte[4]; - - if (status==GCM_ACCEPTING_HEADER) status=GCM_ACCEPTING_CIPHER; - if (status!=GCM_ACCEPTING_CIPHER) return false; - - while (j<len) - { - for (i=0;i<16 && j<len;i++) - { - stateX[i]^=plain[j++]; - lenC[1]++; if (lenC[1]==0) lenC[0]++; - } - gf2mul(); - } - if (len%16!=0) status=GCM_NOT_ACCEPTING_MORE; - return true; - } - -/* Add Plaintext - included and encrypted */ - public byte[] add_plain(byte[] plain,int len) - { - int i,j=0; - int counter; - byte[] B=new byte[16]; - byte[] b=new byte[4]; - byte[] cipher=new byte[len]; - - if (status==GCM_ACCEPTING_HEADER) status=GCM_ACCEPTING_CIPHER; - if (status!=GCM_ACCEPTING_CIPHER) return new byte[0]; - - while (j<len) - { - - b[0]=a.f[12]; b[1]=a.f[13]; b[2]=a.f[14]; b[3]=a.f[15]; - counter=pack(b); - counter++; - b=unpack(counter); - a.f[12]=b[0]; a.f[13]=b[1]; a.f[14]=b[2]; a.f[15]=b[3]; /* increment counter */ - for (i=0;i<16;i++) B[i]=a.f[i]; - a.ecb_encrypt(B); /* encrypt it */ - - for (i=0;i<16 && j<len;i++) - { - cipher[j]=(byte)(plain[j]^B[i]); - stateX[i]^=cipher[j++]; - lenC[1]++; if (lenC[1]==0) lenC[0]++; - } - gf2mul(); - } - if (len%16!=0) status=GCM_NOT_ACCEPTING_MORE; - return cipher; - } - -/* Add Ciphertext - decrypts to plaintext */ - public byte[] add_cipher(byte[] cipher,int len) - { - int i,j=0; - int counter; - byte[] B=new byte[16]; - byte[] b=new byte[4]; - byte[] plain=new byte[len]; - - if (status==GCM_ACCEPTING_HEADER) status=GCM_ACCEPTING_CIPHER; - if (status!=GCM_ACCEPTING_CIPHER) return new byte[0]; - - while (j<len) - { - - b[0]=a.f[12]; b[1]=a.f[13]; b[2]=a.f[14]; b[3]=a.f[15]; - counter=pack(b); - counter++; - b=unpack(counter); - a.f[12]=b[0]; a.f[13]=b[1]; a.f[14]=b[2]; a.f[15]=b[3]; /* increment counter */ - for (i=0;i<16;i++) B[i]=a.f[i]; - a.ecb_encrypt(B); /* encrypt it */ - for (i=0;i<16 && j<len;i++) - { - plain[j]=(byte)(cipher[j]^B[i]); - stateX[i]^=cipher[j++]; - lenC[1]++; if (lenC[1]==0) lenC[0]++; - } - gf2mul(); - } - if (len%16!=0) status=GCM_NOT_ACCEPTING_MORE; - return plain; - } - -/* Finish and extract Tag */ - public byte[] finish(boolean extract) - { /* Finish off GHASH and extract tag (MAC) */ - int i; - byte[] tag=new byte[16]; - - wrap(); -/* extract tag */ - if (extract) - { - a.ecb_encrypt(Y_0); /* E(K,Y0) */ - for (i=0;i<16;i++) Y_0[i]^=stateX[i]; - for (i=0;i<16;i++) {tag[i]=Y_0[i];Y_0[i]=stateX[i]=0;} - } - status=GCM_FINISHED; - a.end(); - return tag; - } - - public static byte[] hex2bytes(String s) { - int len = s.length(); - byte[] data = new byte[len / 2]; - for (int i = 0; i < len; i += 2) { - data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4) - + Character.digit(s.charAt(i+1), 16)); - } - return data; - } - -/* - public static void main(String[] args) { - int i; - - String KT="feffe9928665731c6d6a8f9467308308"; - String MT="d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39"; - String HT="feedfacedeadbeeffeedfacedeadbeefabaddad2"; -// char* NT="cafebabefacedbaddecaf888"; -// Tag should be 5bc94fbc3221a5db94fae95ae7121a47 - String NT="9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b"; -// Tag should be 619cc5aefffe0bfa462af43c1699d050 - - - byte[] T=new byte[16]; // Tag - byte[] K=new byte[16]; // AES Key - byte[] H=new byte[64]; // Header - to be included in Authentication, but not encrypted - byte[] N=new byte[100]; // IV - Initialisation vector - byte[] M=new byte[100]; // Plaintext to be encrypted/authenticated - byte[] C=new byte[100]; // Ciphertext - byte[] P=new byte[100]; // Recovered Plaintext - - GCM g=new GCM(); - - M=hex2bytes(MT); - H=hex2bytes(HT); - N=hex2bytes(NT); - K=hex2bytes(KT); - - int len=M.length; - int lenH=H.length; - int lenK=K.length; - int lenIV=N.length; - - System.out.format("Plaintext=\n"); - for (i=0;i<len;i++) System.out.format("%02x",M[i]); - System.out.format("\n"); - - g.init(K,lenIV,N); - g.add_header(H,lenH); - C=g.add_plain(M,len); - T=g.finish(true); - - System.out.format("Ciphertext=\n"); - for (i=0;i<len;i++) System.out.format("%02x",C[i]); - System.out.format("\n"); - - System.out.format("Tag=\n"); - for (i=0;i<16;i++) System.out.format("%02x",T[i]); - System.out.format("\n"); - - g.init(K,lenIV,N); - g.add_header(H,lenH); - P=g.add_cipher(C,len); - T=g.finish(true); - - System.out.format("Plaintext=\n"); - for (i=0;i<len;i++) System.out.format("%02x",P[i]); - System.out.format("\n"); - - System.out.format("Tag=\n"); - for (i=0;i<16;i++) System.out.format("%02x",T[i]); - System.out.format("\n"); - } */ -} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/HASH.java ---------------------------------------------------------------------- diff --git a/java64/HASH.java b/java64/HASH.java deleted file mode 100755 index 8a484c1..0000000 --- a/java64/HASH.java +++ /dev/null @@ -1,215 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -/* - * Implementation of the Secure Hashing Algorithm (SHA-256) - * - * Generates a 256 bit message digest. It should be impossible to come - * come up with two messages that hash to the same value ("collision free"). - * - * For use with byte-oriented messages only. - */ - -public class HASH { - private int[] length=new int[2]; - private int[] h=new int[8]; - private int[] w=new int[64]; - - public static final int H0=0x6A09E667; - public static final int H1=0xBB67AE85; - public static final int H2=0x3C6EF372; - public static final int H3=0xA54FF53A; - public static final int H4=0x510E527F; - public static final int H5=0x9B05688C; - public static final int H6=0x1F83D9AB; - public static final int H7=0x5BE0CD19; - - public static final int len=32; - - public static final int[] K={ - 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5,0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5, - 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3,0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174, - 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc,0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da, - 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7,0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967, - 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13,0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85, - 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3,0xd192e819,0xd6990624,0xf40e3585,0x106aa070, - 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5,0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3, - 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208,0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2}; - - -/* functions */ - private static int S(int n,int x) - { - return (((x)>>>n) | ((x)<<(32-n))); - } - - private static int R(int n,int x) - { - return ((x)>>>n); - } - - private static int Ch(int x,int y,int z) - { - return ((x&y)^(~(x)&z)); - } - - private static int Maj(int x,int y,int z) - { - return ((x&y)^(x&z)^(y&z)); - } - - private static int Sig0(int x) - { - return (S(2,x)^S(13,x)^S(22,x)); - } - - private static int Sig1(int x) - { - return (S(6,x)^S(11,x)^S(25,x)); - } - - private static int theta0(int x) - { - return (S(7,x)^S(18,x)^R(3,x)); - } - - private static int theta1(int x) - { - return (S(17,x)^S(19,x)^R(10,x)); - } - - - private void transform() - { /* basic transformation step */ - int a,b,c,d,e,f,g,hh,t1,t2; - int j; - for (j=16;j<64;j++) - w[j]=theta1(w[j-2])+w[j-7]+theta0(w[j-15])+w[j-16]; - a=h[0]; b=h[1]; c=h[2]; d=h[3]; - e=h[4]; f=h[5]; g=h[6]; hh=h[7]; - - for (j=0;j<64;j++) - { /* 64 times - mush it up */ - t1=hh+Sig1(e)+Ch(e,f,g)+K[j]+w[j]; - t2=Sig0(a)+Maj(a,b,c); - hh=g; g=f; f=e; - e=d+t1; - d=c; - c=b; - b=a; - a=t1+t2; - - } - h[0]+=a; h[1]+=b; h[2]+=c; h[3]+=d; - h[4]+=e; h[5]+=f; h[6]+=g; h[7]+=hh; - } - -/* Initialise Hash function */ - public void init() - { /* initialise */ - int i; - for (i=0;i<64;i++) w[i]=0; - length[0]=length[1]=0; - h[0]=H0; - h[1]=H1; - h[2]=H2; - h[3]=H3; - h[4]=H4; - h[5]=H5; - h[6]=H6; - h[7]=H7; - } - -/* Constructor */ - public HASH() - { - init(); - } - -/* process a single byte */ - public void process(int byt) - { /* process the next message byte */ - int cnt; - cnt=(length[0]/32)%16; - - w[cnt]<<=8; - w[cnt]|=(byt&0xFF); - length[0]+=8; - if (length[0]==0) { length[1]++; length[0]=0; } - if ((length[0]%512)==0) transform(); - } - -/* process an array of bytes */ - public void process_array(byte[] b) - { - for (int i=0;i<b.length;i++) process((int)b[i]); - } - -/* process a 32-bit integer */ - public void process_num(int n) - { - process((n>>24)&0xff); - process((n>>16)&0xff); - process((n>>8)&0xff); - process(n&0xff); - } - -/* Generate 32-byte Hash */ - public byte[] hash() - { /* pad message and finish - supply digest */ - int i; - byte[] digest=new byte[32]; - int len0,len1; - len0=length[0]; - len1=length[1]; - process(0x80); - while ((length[0]%512)!=448) process(0); - w[14]=len1; - w[15]=len0; - transform(); - for (i=0;i<len;i++) - { /* convert to bytes */ - digest[i]=(byte)((h[i/4]>>(8*(3-i%4))) & 0xff); - } - init(); - return digest; - } - -/* test program: should produce digest */ - -//248d6a61 d20638b8 e5c02693 0c3e6039 a33ce459 64ff2167 f6ecedd4 19db06c1 -/* - public static void main(String[] args) { - byte[] test="abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq".getBytes(); - byte[] digest; - int i; - HASH sh=new HASH(); - - for (i=0;i<test.length;i++) - sh.process(test[i]); - - digest=sh.hash(); - for (i=0;i<32;i++) System.out.format("%02x",digest[i]); - - // for (i=0;i<32;i++) System.out.format("%d ",digest[i]); - - System.out.println(""); - } */ -} -
