http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/examples-go/timempinWrap.go ---------------------------------------------------------------------- diff --git a/go/examples-go/timempinWrap.go b/go/examples-go/timempinWrap.go deleted file mode 100644 index 520b1a9..0000000 --- a/go/examples-go/timempinWrap.go +++ /dev/null @@ -1,84 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -package main - -import ( - "encoding/hex" - "flag" - "log" - "os" - "runtime/pprof" - "time" - - "git.apache.org/incubator-milagro-crypto.git/go/amcl-go" -) - -// Number of iterations to time functions -const nIter int = 1000 - -var cpuprofile = flag.String("cpuprofile", "", "write cpu profile to file") - -func main() { - flag.Parse() - if *cpuprofile != "" { - f, err := os.Create(*cpuprofile) - if err != nil { - log.Fatal(err) - } - pprof.StartCPUProfile(f) - defer pprof.StopCPUProfile() - } - - // Assign the End-User an ID - IDstr := "[email protected]" - ID := []byte(IDstr) - - // Epoch time in days - date := 16673 - - // Epoch time in seconds - timeValue := 1440594584 - - SSHex := "07f8181687f42ce22ea0dee4ba9df3f2cea67ad2d79e59adc953142556d510831bbd59e9477ac479019887020579aed16af43dc7089ae8c14262e64b5d09740109917efd0618c557fbf7efaa68fb64e8d46b3766bb184dea9bef9638f23bbbeb03aedbc6e4eb9fbd658719aab26b849638690521723c0efb9c8622df2a8efa3c" - SS, _ := hex.DecodeString(SSHex) - UHex := "0403e76a28df08ea591912e0ff84ebf419e21aadf8ec5aed4b0f3cd0fc1cdea14a06f05a3be4f9f2d16530c6b4934da2e3439ea287796faac079d396f8cdb9f565" - U, _ := hex.DecodeString(UHex) - UTHex := "041012e53c991edc9514889de50fb7d893c406dc9bf4c89d46fec9ba408cc5f596226402e7c468c823a28b9003a3944c4600a1b797f10cf01060d3729729212932" - UT, _ := hex.DecodeString(UTHex) - SECHex := "04051b0d3e9dfdb2a378f0ac7056fb264a900d0867e39c334950527d8c460d76132346bf8ed8a419e2eab4ad52a8b7a51d8c09cbcfa4e80bc0487965ece72ab0ce" - SEC, _ := hex.DecodeString(SECHex) - var MESSAGE []byte - // MESSAGE := []byte("test sign message") - - t0 := time.Now() - var rtn int - for i := 0; i < nIter; i++ { - rtn, _, _, _, _, _ = amcl.MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], SEC[:], ID[:], MESSAGE[:]) - } - t1 := time.Now() - log.Printf("Number Iterations: %d Time: %v\n", nIter, t1.Sub(t0)) - - if rtn != 0 { - log.Printf("Authentication failed Error Code %d\n", rtn) - return - } else { - log.Printf("Authenticated ID: %s \n", IDstr) - } -}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/readme.txt ---------------------------------------------------------------------- diff --git a/go/readme.txt b/go/readme.txt deleted file mode 100644 index d27f74d..0000000 --- a/go/readme.txt +++ /dev/null @@ -1,28 +0,0 @@ -AMCL is very simple to build for Go. - -First - decide the modulus and curve type you want to use. Edit ROM.go -where indicated. You will probably want to use one of the curves whose -details are already in there. - -Three example API files are provided, MPIN.go which -supports our M-Pin (tm) protocol, ECDH.go which supports elliptic -curve key exchange, digital signature and public key crypto, and RSA.go -which supports the RSA method. - -In the ROM.go file you must provide the curve constants. Several examples -are provided there, if you are willing to use one of these. - -For a quick jumpstart:- - -export GOPATH=$PWD - -go run ./examples-go/mpin.go - -or - -go run ./examples-go/ecdh.go - -or - -go run ./examples-go/rsa.go - http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java/AES.java ---------------------------------------------------------------------- diff --git a/java/AES.java b/java/AES.java deleted file mode 100755 index 1c9d5b6..0000000 --- a/java/AES.java +++ /dev/null @@ -1,648 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - - -/* AES Encryption */ - - -public class AES { - int mode; - private int[] fkey=new int[44]; - private int[] rkey=new int[44]; - public byte[] f=new byte[16]; - - - public static final int ECB=0; - public static final int CBC=1; - public static final int CFB1=2; - public static final int CFB2=3; - public static final int CFB4=5; - public static final int OFB1=14; - public static final int OFB2=15; - public static final int OFB4=17; - public static final int OFB8=21; - public static final int OFB16=29; - - private static final byte[] InCo={(byte)0xB,(byte)0xD,(byte)0x9,(byte)0xE}; /* Inverse Coefficients */ - - public static final int KS=16; /* Key Size in bytes */ - public static final int BS=16; /* Block Size */ - - private static final byte[] ptab= - {(byte)1,(byte)3,(byte)5,(byte)15,(byte)17,(byte)51,(byte)85,(byte)255,(byte)26,(byte)46,(byte)114,(byte)150,(byte)161,(byte)248,(byte)19,(byte)53, - (byte)95,(byte)225,(byte)56,(byte)72,(byte)216,(byte)115,(byte)149,(byte)164,(byte)247,(byte)2,(byte)6,(byte)10,(byte)30,(byte)34,(byte)102,(byte)170, - (byte)229,(byte)52,(byte)92,(byte)228,(byte)55,(byte)89,(byte)235,(byte)38,(byte)106,(byte)190,(byte)217,(byte)112,(byte)144,(byte)171,(byte)230,(byte)49, - (byte)83,(byte)245,(byte)4,(byte)12,(byte)20,(byte)60,(byte)68,(byte)204,(byte)79,(byte)209,(byte)104,(byte)184,(byte)211,(byte)110,(byte)178,(byte)205, - (byte)76,(byte)212,(byte)103,(byte)169,(byte)224,(byte)59,(byte)77,(byte)215,(byte)98,(byte)166,(byte)241,(byte)8,(byte)24,(byte)40,(byte)120,(byte)136, - (byte)131,(byte)158,(byte)185,(byte)208,(byte)107,(byte)189,(byte)220,(byte)127,(byte)129,(byte)152,(byte)179,(byte)206,(byte)73,(byte)219,(byte)118,(byte)154, - (byte)181,(byte)196,(byte)87,(byte)249,(byte)16,(byte)48,(byte)80,(byte)240,(byte)11,(byte)29,(byte)39,(byte)105,(byte)187,(byte)214,(byte)97,(byte)163, - (byte)254,(byte)25,(byte)43,(byte)125,(byte)135,(byte)146,(byte)173,(byte)236,(byte)47,(byte)113,(byte)147,(byte)174,(byte)233,(byte)32,(byte)96,(byte)160, - (byte)251,(byte)22,(byte)58,(byte)78,(byte)210,(byte)109,(byte)183,(byte)194,(byte)93,(byte)231,(byte)50,(byte)86,(byte)250,(byte)21,(byte)63,(byte)65, - (byte)195,(byte)94,(byte)226,(byte)61,(byte)71,(byte)201,(byte)64,(byte)192,(byte)91,(byte)237,(byte)44,(byte)116,(byte)156,(byte)191,(byte)218,(byte)117, - (byte)159,(byte)186,(byte)213,(byte)100,(byte)172,(byte)239,(byte)42,(byte)126,(byte)130,(byte)157,(byte)188,(byte)223,(byte)122,(byte)142,(byte)137,(byte)128, - (byte)155,(byte)182,(byte)193,(byte)88,(byte)232,(byte)35,(byte)101,(byte)175,(byte)234,(byte)37,(byte)111,(byte)177,(byte)200,(byte)67,(byte)197,(byte)84, - (byte)252,(byte)31,(byte)33,(byte)99,(byte)165,(byte)244,(byte)7,(byte)9,(byte)27,(byte)45,(byte)119,(byte)153,(byte)176,(byte)203,(byte)70,(byte)202, - (byte)69,(byte)207,(byte)74,(byte)222,(byte)121,(byte)139,(byte)134,(byte)145,(byte)168,(byte)227,(byte)62,(byte)66,(byte)198,(byte)81,(byte)243,(byte)14, - (byte)18,(byte)54,(byte)90,(byte)238,(byte)41,(byte)123,(byte)141,(byte)140,(byte)143,(byte)138,(byte)133,(byte)148,(byte)167,(byte)242,(byte)13,(byte)23, - (byte)57,(byte)75,(byte)221,(byte)124,(byte)132,(byte)151,(byte)162,(byte)253,(byte)28,(byte)36,(byte)108,(byte)180,(byte)199,(byte)82,(byte)246,(byte)1}; - - private static final byte[] ltab= - {(byte)0,(byte)255,(byte)25,(byte)1,(byte)50,(byte)2,(byte)26,(byte)198,(byte)75,(byte)199,(byte)27,(byte)104,(byte)51,(byte)238,(byte)223,(byte)3, - (byte)100,(byte)4,(byte)224,(byte)14,(byte)52,(byte)141,(byte)129,(byte)239,(byte)76,(byte)113,(byte)8,(byte)200,(byte)248,(byte)105,(byte)28,(byte)193, - (byte)125,(byte)194,(byte)29,(byte)181,(byte)249,(byte)185,(byte)39,(byte)106,(byte)77,(byte)228,(byte)166,(byte)114,(byte)154,(byte)201,(byte)9,(byte)120, - (byte)101,(byte)47,(byte)138,(byte)5,(byte)33,(byte)15,(byte)225,(byte)36,(byte)18,(byte)240,(byte)130,(byte)69,(byte)53,(byte)147,(byte)218,(byte)142, - (byte)150,(byte)143,(byte)219,(byte)189,(byte)54,(byte)208,(byte)206,(byte)148,(byte)19,(byte)92,(byte)210,(byte)241,(byte)64,(byte)70,(byte)131,(byte)56, - (byte)102,(byte)221,(byte)253,(byte)48,(byte)191,(byte)6,(byte)139,(byte)98,(byte)179,(byte)37,(byte)226,(byte)152,(byte)34,(byte)136,(byte)145,(byte)16, - (byte)126,(byte)110,(byte)72,(byte)195,(byte)163,(byte)182,(byte)30,(byte)66,(byte)58,(byte)107,(byte)40,(byte)84,(byte)250,(byte)133,(byte)61,(byte)186, - (byte)43,(byte)121,(byte)10,(byte)21,(byte)155,(byte)159,(byte)94,(byte)202,(byte)78,(byte)212,(byte)172,(byte)229,(byte)243,(byte)115,(byte)167,(byte)87, - (byte)175,(byte)88,(byte)168,(byte)80,(byte)244,(byte)234,(byte)214,(byte)116,(byte)79,(byte)174,(byte)233,(byte)213,(byte)231,(byte)230,(byte)173,(byte)232, - (byte)44,(byte)215,(byte)117,(byte)122,(byte)235,(byte)22,(byte)11,(byte)245,(byte)89,(byte)203,(byte)95,(byte)176,(byte)156,(byte)169,(byte)81,(byte)160, - (byte)127,(byte)12,(byte)246,(byte)111,(byte)23,(byte)196,(byte)73,(byte)236,(byte)216,(byte)67,(byte)31,(byte)45,(byte)164,(byte)118,(byte)123,(byte)183, - (byte)204,(byte)187,(byte)62,(byte)90,(byte)251,(byte)96,(byte)177,(byte)134,(byte)59,(byte)82,(byte)161,(byte)108,(byte)170,(byte)85,(byte)41,(byte)157, - (byte)151,(byte)178,(byte)135,(byte)144,(byte)97,(byte)190,(byte)220,(byte)252,(byte)188,(byte)149,(byte)207,(byte)205,(byte)55,(byte)63,(byte)91,(byte)209, - (byte)83,(byte)57,(byte)132,(byte)60,(byte)65,(byte)162,(byte)109,(byte)71,(byte)20,(byte)42,(byte)158,(byte)93,(byte)86,(byte)242,(byte)211,(byte)171, - (byte)68,(byte)17,(byte)146,(byte)217,(byte)35,(byte)32,(byte)46,(byte)137,(byte)180,(byte)124,(byte)184,(byte)38,(byte)119,(byte)153,(byte)227,(byte)165, - (byte)103,(byte)74,(byte)237,(byte)222,(byte)197,(byte)49,(byte)254,(byte)24,(byte)13,(byte)99,(byte)140,(byte)128,(byte)192,(byte)247,(byte)112,(byte)7}; - - private static final byte[] fbsub= - {(byte)99,(byte)124,(byte)119,(byte)123,(byte)242,(byte)107,(byte)111,(byte)197,(byte)48,(byte)1,(byte)103,(byte)43,(byte)254,(byte)215,(byte)171,(byte)118, - (byte)202,(byte)130,(byte)201,(byte)125,(byte)250,(byte)89,(byte)71,(byte)240,(byte)173,(byte)212,(byte)162,(byte)175,(byte)156,(byte)164,(byte)114,(byte)192, - (byte)183,(byte)253,(byte)147,(byte)38,(byte)54,(byte)63,(byte)247,(byte)204,(byte)52,(byte)165,(byte)229,(byte)241,(byte)113,(byte)216,(byte)49,(byte)21, - (byte)4,(byte)199,(byte)35,(byte)195,(byte)24,(byte)150,(byte)5,(byte)154,(byte)7,(byte)18,(byte)128,(byte)226,(byte)235,(byte)39,(byte)178,(byte)117, - (byte)9,(byte)131,(byte)44,(byte)26,(byte)27,(byte)110,(byte)90,(byte)160,(byte)82,(byte)59,(byte)214,(byte)179,(byte)41,(byte)227,(byte)47,(byte)132, - (byte)83,(byte)209,(byte)0,(byte)237,(byte)32,(byte)252,(byte)177,(byte)91,(byte)106,(byte)203,(byte)190,(byte)57,(byte)74,(byte)76,(byte)88,(byte)207, - (byte)208,(byte)239,(byte)170,(byte)251,(byte)67,(byte)77,(byte)51,(byte)133,(byte)69,(byte)249,(byte)2,(byte)127,(byte)80,(byte)60,(byte)159,(byte)168, - (byte)81,(byte)163,(byte)64,(byte)143,(byte)146,(byte)157,(byte)56,(byte)245,(byte)188,(byte)182,(byte)218,(byte)33,(byte)16,(byte)255,(byte)243,(byte)210, - (byte)205,(byte)12,(byte)19,(byte)236,(byte)95,(byte)151,(byte)68,(byte)23,(byte)196,(byte)167,(byte)126,(byte)61,(byte)100,(byte)93,(byte)25,(byte)115, - (byte)96,(byte)129,(byte)79,(byte)220,(byte)34,(byte)42,(byte)144,(byte)136,(byte)70,(byte)238,(byte)184,(byte)20,(byte)222,(byte)94,(byte)11,(byte)219, - (byte)224,(byte)50,(byte)58,(byte)10,(byte)73,(byte)6,(byte)36,(byte)92,(byte)194,(byte)211,(byte)172,(byte)98,(byte)145,(byte)149,(byte)228,(byte)121, - (byte)231,(byte)200,(byte)55,(byte)109,(byte)141,(byte)213,(byte)78,(byte)169,(byte)108,(byte)86,(byte)244,(byte)234,(byte)101,(byte)122,(byte)174,(byte)8, - (byte)186,(byte)120,(byte)37,(byte)46,(byte)28,(byte)166,(byte)180,(byte)198,(byte)232,(byte)221,(byte)116,(byte)31,(byte)75,(byte)189,(byte)139,(byte)138, - (byte)112,(byte)62,(byte)181,(byte)102,(byte)72,(byte)3,(byte)246,(byte)14,(byte)97,(byte)53,(byte)87,(byte)185,(byte)134,(byte)193,(byte)29,(byte)158, - (byte)225,(byte)248,(byte)152,(byte)17,(byte)105,(byte)217,(byte)142,(byte)148,(byte)155,(byte)30,(byte)135,(byte)233,(byte)206,(byte)85,(byte)40,(byte)223, - (byte)140,(byte)161,(byte)137,(byte)13,(byte)191,(byte)230,(byte)66,(byte)104,(byte)65,(byte)153,(byte)45,(byte)15,(byte)176,(byte)84,(byte)187,(byte)22}; - - private static final byte[] rbsub= - {(byte)82,(byte)9,(byte)106,(byte)213,(byte)48,(byte)54,(byte)165,(byte)56,(byte)191,(byte)64,(byte)163,(byte)158,(byte)129,(byte)243,(byte)215,(byte)251, - (byte)124,(byte)227,(byte)57,(byte)130,(byte)155,(byte)47,(byte)255,(byte)135,(byte)52,(byte)142,(byte)67,(byte)68,(byte)196,(byte)222,(byte)233,(byte)203, - (byte)84,(byte)123,(byte)148,(byte)50,(byte)166,(byte)194,(byte)35,(byte)61,(byte)238,(byte)76,(byte)149,(byte)11,(byte)66,(byte)250,(byte)195,(byte)78, - (byte)8,(byte)46,(byte)161,(byte)102,(byte)40,(byte)217,(byte)36,(byte)178,(byte)118,(byte)91,(byte)162,(byte)73,(byte)109,(byte)139,(byte)209,(byte)37, - (byte)114,(byte)248,(byte)246,(byte)100,(byte)134,(byte)104,(byte)152,(byte)22,(byte)212,(byte)164,(byte)92,(byte)204,(byte)93,(byte)101,(byte)182,(byte)146, - (byte)108,(byte)112,(byte)72,(byte)80,(byte)253,(byte)237,(byte)185,(byte)218,(byte)94,(byte)21,(byte)70,(byte)87,(byte)167,(byte)141,(byte)157,(byte)132, - (byte)144,(byte)216,(byte)171,(byte)0,(byte)140,(byte)188,(byte)211,(byte)10,(byte)247,(byte)228,(byte)88,(byte)5,(byte)184,(byte)179,(byte)69,(byte)6, - (byte)208,(byte)44,(byte)30,(byte)143,(byte)202,(byte)63,(byte)15,(byte)2,(byte)193,(byte)175,(byte)189,(byte)3,(byte)1,(byte)19,(byte)138,(byte)107, - (byte)58,(byte)145,(byte)17,(byte)65,(byte)79,(byte)103,(byte)220,(byte)234,(byte)151,(byte)242,(byte)207,(byte)206,(byte)240,(byte)180,(byte)230,(byte)115, - (byte)150,(byte)172,(byte)116,(byte)34,(byte)231,(byte)173,(byte)53,(byte)133,(byte)226,(byte)249,(byte)55,(byte)232,(byte)28,(byte)117,(byte)223,(byte)110, - (byte)71,(byte)241,(byte)26,(byte)113,(byte)29,(byte)41,(byte)197,(byte)137,(byte)111,(byte)183,(byte)98,(byte)14,(byte)170,(byte)24,(byte)190,(byte)27, - (byte)252,(byte)86,(byte)62,(byte)75,(byte)198,(byte)210,(byte)121,(byte)32,(byte)154,(byte)219,(byte)192,(byte)254,(byte)120,(byte)205,(byte)90,(byte)244, - (byte)31,(byte)221,(byte)168,(byte)51,(byte)136,(byte)7,(byte)199,(byte)49,(byte)177,(byte)18,(byte)16,(byte)89,(byte)39,(byte)128,(byte)236,(byte)95, - (byte)96,(byte)81,(byte)127,(byte)169,(byte)25,(byte)181,(byte)74,(byte)13,(byte)45,(byte)229,(byte)122,(byte)159,(byte)147,(byte)201,(byte)156,(byte)239, - (byte)160,(byte)224,(byte)59,(byte)77,(byte)174,(byte)42,(byte)245,(byte)176,(byte)200,(byte)235,(byte)187,(byte)60,(byte)131,(byte)83,(byte)153,(byte)97, - (byte)23,(byte)43,(byte)4,(byte)126,(byte)186,(byte)119,(byte)214,(byte)38,(byte)225,(byte)105,(byte)20,(byte)99,(byte)85,(byte)33,(byte)12,(byte)125}; - - private static final byte[] rco= - {(byte)1,(byte)2,(byte)4,(byte)8,(byte)16,(byte)32,(byte)64,(byte)128,(byte)27,(byte)54,(byte)108,(byte)216,(byte)171,(byte)77,(byte)154,(byte)47}; - - private static final int[] ftable= - {0xa56363c6,0x847c7cf8,0x997777ee,0x8d7b7bf6,0xdf2f2ff,0xbd6b6bd6, - 0xb16f6fde,0x54c5c591,0x50303060,0x3010102,0xa96767ce,0x7d2b2b56, - 0x19fefee7,0x62d7d7b5,0xe6abab4d,0x9a7676ec,0x45caca8f,0x9d82821f, - 0x40c9c989,0x877d7dfa,0x15fafaef,0xeb5959b2,0xc947478e,0xbf0f0fb, - 0xecadad41,0x67d4d4b3,0xfda2a25f,0xeaafaf45,0xbf9c9c23,0xf7a4a453, - 0x967272e4,0x5bc0c09b,0xc2b7b775,0x1cfdfde1,0xae93933d,0x6a26264c, - 0x5a36366c,0x413f3f7e,0x2f7f7f5,0x4fcccc83,0x5c343468,0xf4a5a551, - 0x34e5e5d1,0x8f1f1f9,0x937171e2,0x73d8d8ab,0x53313162,0x3f15152a, - 0xc040408,0x52c7c795,0x65232346,0x5ec3c39d,0x28181830,0xa1969637, - 0xf05050a,0xb59a9a2f,0x907070e,0x36121224,0x9b80801b,0x3de2e2df, - 0x26ebebcd,0x6927274e,0xcdb2b27f,0x9f7575ea,0x1b090912,0x9e83831d, - 0x742c2c58,0x2e1a1a34,0x2d1b1b36,0xb26e6edc,0xee5a5ab4,0xfba0a05b, - 0xf65252a4,0x4d3b3b76,0x61d6d6b7,0xceb3b37d,0x7b292952,0x3ee3e3dd, - 0x712f2f5e,0x97848413,0xf55353a6,0x68d1d1b9,0x0,0x2cededc1, - 0x60202040,0x1ffcfce3,0xc8b1b179,0xed5b5bb6,0xbe6a6ad4,0x46cbcb8d, - 0xd9bebe67,0x4b393972,0xde4a4a94,0xd44c4c98,0xe85858b0,0x4acfcf85, - 0x6bd0d0bb,0x2aefefc5,0xe5aaaa4f,0x16fbfbed,0xc5434386,0xd74d4d9a, - 0x55333366,0x94858511,0xcf45458a,0x10f9f9e9,0x6020204,0x817f7ffe, - 0xf05050a0,0x443c3c78,0xba9f9f25,0xe3a8a84b,0xf35151a2,0xfea3a35d, - 0xc0404080,0x8a8f8f05,0xad92923f,0xbc9d9d21,0x48383870,0x4f5f5f1, - 0xdfbcbc63,0xc1b6b677,0x75dadaaf,0x63212142,0x30101020,0x1affffe5, - 0xef3f3fd,0x6dd2d2bf,0x4ccdcd81,0x140c0c18,0x35131326,0x2fececc3, - 0xe15f5fbe,0xa2979735,0xcc444488,0x3917172e,0x57c4c493,0xf2a7a755, - 0x827e7efc,0x473d3d7a,0xac6464c8,0xe75d5dba,0x2b191932,0x957373e6, - 0xa06060c0,0x98818119,0xd14f4f9e,0x7fdcdca3,0x66222244,0x7e2a2a54, - 0xab90903b,0x8388880b,0xca46468c,0x29eeeec7,0xd3b8b86b,0x3c141428, - 0x79dedea7,0xe25e5ebc,0x1d0b0b16,0x76dbdbad,0x3be0e0db,0x56323264, - 0x4e3a3a74,0x1e0a0a14,0xdb494992,0xa06060c,0x6c242448,0xe45c5cb8, - 0x5dc2c29f,0x6ed3d3bd,0xefacac43,0xa66262c4,0xa8919139,0xa4959531, - 0x37e4e4d3,0x8b7979f2,0x32e7e7d5,0x43c8c88b,0x5937376e,0xb76d6dda, - 0x8c8d8d01,0x64d5d5b1,0xd24e4e9c,0xe0a9a949,0xb46c6cd8,0xfa5656ac, - 0x7f4f4f3,0x25eaeacf,0xaf6565ca,0x8e7a7af4,0xe9aeae47,0x18080810, - 0xd5baba6f,0x887878f0,0x6f25254a,0x722e2e5c,0x241c1c38,0xf1a6a657, - 0xc7b4b473,0x51c6c697,0x23e8e8cb,0x7cdddda1,0x9c7474e8,0x211f1f3e, - 0xdd4b4b96,0xdcbdbd61,0x868b8b0d,0x858a8a0f,0x907070e0,0x423e3e7c, - 0xc4b5b571,0xaa6666cc,0xd8484890,0x5030306,0x1f6f6f7,0x120e0e1c, - 0xa36161c2,0x5f35356a,0xf95757ae,0xd0b9b969,0x91868617,0x58c1c199, - 0x271d1d3a,0xb99e9e27,0x38e1e1d9,0x13f8f8eb,0xb398982b,0x33111122, - 0xbb6969d2,0x70d9d9a9,0x898e8e07,0xa7949433,0xb69b9b2d,0x221e1e3c, - 0x92878715,0x20e9e9c9,0x49cece87,0xff5555aa,0x78282850,0x7adfdfa5, - 0x8f8c8c03,0xf8a1a159,0x80898909,0x170d0d1a,0xdabfbf65,0x31e6e6d7, - 0xc6424284,0xb86868d0,0xc3414182,0xb0999929,0x772d2d5a,0x110f0f1e, - 0xcbb0b07b,0xfc5454a8,0xd6bbbb6d,0x3a16162c}; - - private static final int[] rtable= - {0x50a7f451,0x5365417e,0xc3a4171a,0x965e273a,0xcb6bab3b,0xf1459d1f, - 0xab58faac,0x9303e34b,0x55fa3020,0xf66d76ad,0x9176cc88,0x254c02f5, - 0xfcd7e54f,0xd7cb2ac5,0x80443526,0x8fa362b5,0x495ab1de,0x671bba25, - 0x980eea45,0xe1c0fe5d,0x2752fc3,0x12f04c81,0xa397468d,0xc6f9d36b, - 0xe75f8f03,0x959c9215,0xeb7a6dbf,0xda595295,0x2d83bed4,0xd3217458, - 0x2969e049,0x44c8c98e,0x6a89c275,0x78798ef4,0x6b3e5899,0xdd71b927, - 0xb64fe1be,0x17ad88f0,0x66ac20c9,0xb43ace7d,0x184adf63,0x82311ae5, - 0x60335197,0x457f5362,0xe07764b1,0x84ae6bbb,0x1ca081fe,0x942b08f9, - 0x58684870,0x19fd458f,0x876cde94,0xb7f87b52,0x23d373ab,0xe2024b72, - 0x578f1fe3,0x2aab5566,0x728ebb2,0x3c2b52f,0x9a7bc586,0xa50837d3, - 0xf2872830,0xb2a5bf23,0xba6a0302,0x5c8216ed,0x2b1ccf8a,0x92b479a7, - 0xf0f207f3,0xa1e2694e,0xcdf4da65,0xd5be0506,0x1f6234d1,0x8afea6c4, - 0x9d532e34,0xa055f3a2,0x32e18a05,0x75ebf6a4,0x39ec830b,0xaaef6040, - 0x69f715e,0x51106ebd,0xf98a213e,0x3d06dd96,0xae053edd,0x46bde64d, - 0xb58d5491,0x55dc471,0x6fd40604,0xff155060,0x24fb9819,0x97e9bdd6, - 0xcc434089,0x779ed967,0xbd42e8b0,0x888b8907,0x385b19e7,0xdbeec879, - 0x470a7ca1,0xe90f427c,0xc91e84f8,0x0,0x83868009,0x48ed2b32, - 0xac70111e,0x4e725a6c,0xfbff0efd,0x5638850f,0x1ed5ae3d,0x27392d36, - 0x64d90f0a,0x21a65c68,0xd1545b9b,0x3a2e3624,0xb1670a0c,0xfe75793, - 0xd296eeb4,0x9e919b1b,0x4fc5c080,0xa220dc61,0x694b775a,0x161a121c, - 0xaba93e2,0xe52aa0c0,0x43e0223c,0x1d171b12,0xb0d090e,0xadc78bf2, - 0xb9a8b62d,0xc8a91e14,0x8519f157,0x4c0775af,0xbbdd99ee,0xfd607fa3, - 0x9f2601f7,0xbcf5725c,0xc53b6644,0x347efb5b,0x7629438b,0xdcc623cb, - 0x68fcedb6,0x63f1e4b8,0xcadc31d7,0x10856342,0x40229713,0x2011c684, - 0x7d244a85,0xf83dbbd2,0x1132f9ae,0x6da129c7,0x4b2f9e1d,0xf330b2dc, - 0xec52860d,0xd0e3c177,0x6c16b32b,0x99b970a9,0xfa489411,0x2264e947, - 0xc48cfca8,0x1a3ff0a0,0xd82c7d56,0xef903322,0xc74e4987,0xc1d138d9, - 0xfea2ca8c,0x360bd498,0xcf81f5a6,0x28de7aa5,0x268eb7da,0xa4bfad3f, - 0xe49d3a2c,0xd927850,0x9bcc5f6a,0x62467e54,0xc2138df6,0xe8b8d890, - 0x5ef7392e,0xf5afc382,0xbe805d9f,0x7c93d069,0xa92dd56f,0xb31225cf, - 0x3b99acc8,0xa77d1810,0x6e639ce8,0x7bbb3bdb,0x97826cd,0xf418596e, - 0x1b79aec,0xa89a4f83,0x656e95e6,0x7ee6ffaa,0x8cfbc21,0xe6e815ef, - 0xd99be7ba,0xce366f4a,0xd4099fea,0xd67cb029,0xafb2a431,0x31233f2a, - 0x3094a5c6,0xc066a235,0x37bc4e74,0xa6ca82fc,0xb0d090e0,0x15d8a733, - 0x4a9804f1,0xf7daec41,0xe50cd7f,0x2ff69117,0x8dd64d76,0x4db0ef43, - 0x544daacc,0xdf0496e4,0xe3b5d19e,0x1b886a4c,0xb81f2cc1,0x7f516546, - 0x4ea5e9d,0x5d358c01,0x737487fa,0x2e410bfb,0x5a1d67b3,0x52d2db92, - 0x335610e9,0x1347d66d,0x8c61d79a,0x7a0ca137,0x8e14f859,0x893c13eb, - 0xee27a9ce,0x35c961b7,0xede51ce1,0x3cb1477a,0x59dfd29c,0x3f73f255, - 0x79ce1418,0xbf37c773,0xeacdf753,0x5baafd5f,0x146f3ddf,0x86db4478, - 0x81f3afca,0x3ec468b9,0x2c342438,0x5f40a3c2,0x72c31d16,0xc25e2bc, - 0x8b493c28,0x41950dff,0x7101a839,0xdeb30c08,0x9ce4b4d8,0x90c15664, - 0x6184cb7b,0x70b632d5,0x745c6c48,0x4257b8d0}; - - -/* Rotates 32-bit word left by 1, 2 or 3 byte */ - - private static int ROTL8(int x) - { - return (((x)<<8)|((x)>>>24)); - } - - private static int ROTL16(int x) - { - return (((x)<<16)|((x)>>>16)); - } - - private static int ROTL24(int x) - { - return (((x)<<24)|((x)>>>8)); - } - - private static int pack(byte[] b) - { /* pack bytes into a 32-bit Word */ - return ((((int)b[3])&0xff)<<24)|(((int)b[2]&0xff)<<16)|(((int)b[1]&0xff)<<8)|((int)b[0]&0xff); - } - - private static byte[] unpack(int a) - { /* unpack bytes from a word */ - byte [] b=new byte[4]; - b[0]=(byte)(a); - b[1]=(byte)(a>>>8); - b[2]=(byte)(a>>>16); - b[3]=(byte)(a>>>24); - return b; - } - - private static byte bmul(byte x,byte y) - { /* x.y= AntiLog(Log(x) + Log(y)) */ - - int ix=((int)x)&0xff; - int iy=((int)y)&0xff; - int lx=((int)ltab[ix])&0xff; - int ly=((int)ltab[iy])&0xff; - if (x!=0 && y!=0) return ptab[(lx+ly)%255]; - else return (byte)0; - } - - // if (x && y) - - private static int SubByte(int a) - { - byte [] b=unpack(a); - b[0]=fbsub[(int)b[0]&0xff]; - b[1]=fbsub[(int)b[1]&0xff]; - b[2]=fbsub[(int)b[2]&0xff]; - b[3]=fbsub[(int)b[3]&0xff]; - return pack(b); - } - - private static byte product(int x,int y) - { /* dot product of two 4-byte arrays */ - byte [] xb;//=new byte[4]; - byte [] yb;//=new byte[4]; - xb=unpack(x); - yb=unpack(y); - - return (byte)(bmul(xb[0],yb[0])^bmul(xb[1],yb[1])^bmul(xb[2],yb[2])^bmul(xb[3],yb[3])); - } - - private static int InvMixCol(int x) - { /* matrix Multiplication */ - int y,m; - byte [] b=new byte[4]; - - m=pack(InCo); - b[3]=product(m,x); - m=ROTL24(m); - b[2]=product(m,x); - m=ROTL24(m); - b[1]=product(m,x); - m=ROTL24(m); - b[0]=product(m,x); - y=pack(b); - return y; - } - -/* reset cipher */ - public void reset(int m,byte[] iv) - { /* reset mode, or reset iv */ - mode=m; - for (int i=0;i<16;i++) - f[i]=0; - if (mode!=ECB && iv!=null) - for (int i=0;i<16;i++) - f[i]=iv[i]; - } - - public byte[] getreg() - { - byte [] ir=new byte[16]; - for (int i=0;i<16;i++) ir[i]=f[i]; - return ir; - } - -/* Initialise cipher */ - public void init(int m,byte[] key,byte[] iv) - { /* Key=16 bytes */ - /* Key Scheduler. Create expanded encryption key */ - int i,j,k,N,nk; - int [] CipherKey=new int[4]; - byte [] b=new byte[4]; - nk=4; - reset(m,iv); - N=44; - - for (i=j=0;i<nk;i++,j+=4) - { - for (k=0;k<4;k++) b[k]=key[j+k]; - CipherKey[i]=pack(b); - } - for (i=0;i<nk;i++) fkey[i]=CipherKey[i]; - for (j=nk,k=0;j<N;j+=nk,k++) - { - fkey[j]=fkey[j-nk]^SubByte(ROTL24(fkey[j-1]))^((int)rco[k])&0xff; - for (i=1;i<nk && (i+j)<N;i++) - fkey[i+j]=fkey[i+j-nk]^fkey[i+j-1]; - } - - /* now for the expanded decrypt key in reverse order */ - - for (j=0;j<4;j++) rkey[j+N-4]=fkey[j]; - for (i=4;i<N-4;i+=4) - { - k=N-4-i; - for (j=0;j<4;j++) rkey[k+j]=InvMixCol(fkey[i+j]); - } - for (j=N-4;j<N;j++) rkey[j-N+4]=fkey[j]; - } - -/* Encrypt a single block */ - public void ecb_encrypt(byte[] buff) - { - int i,j,k; - int t; - byte [] b=new byte[4]; - int [] p=new int[4]; - int [] q=new int[4]; - - for (i=j=0;i<4;i++,j+=4) - { - for (k=0;k<4;k++) b[k]=buff[j+k]; - p[i]=pack(b); - p[i]^=fkey[i]; - } - - k=4; - -/* State alternates between p and q */ - for (i=1;i<10;i++) - { - q[0]=fkey[k]^ftable[p[0]&0xff]^ - ROTL8(ftable[(p[1]>>>8)&0xff])^ - ROTL16(ftable[(p[2]>>>16)&0xff])^ - ROTL24(ftable[(p[3]>>>24)&0xff]); - q[1]=fkey[k+1]^ftable[p[1]&0xff]^ - ROTL8(ftable[(p[2]>>>8)&0xff])^ - ROTL16(ftable[(p[3]>>>16)&0xff])^ - ROTL24(ftable[(p[0]>>>24)&0xff]); - q[2]=fkey[k+2]^ftable[p[2]&0xff]^ - ROTL8(ftable[(p[3]>>>8)&0xff])^ - ROTL16(ftable[(p[0]>>>16)&0xff])^ - ROTL24(ftable[(p[1]>>>24)&0xff]); - q[3]=fkey[k+3]^ftable[p[3]&0xff]^ - ROTL8(ftable[(p[0]>>>8)&0xff])^ - ROTL16(ftable[(p[1]>>>16)&0xff])^ - ROTL24(ftable[(p[2]>>>24)&0xff]); - - k+=4; - for (j=0;j<4;j++) - { - t=p[j]; p[j]=q[j]; q[j]=t; - } - } - -/* Last Round */ - - q[0]=fkey[k]^((int)fbsub[p[0]&0xff]&0xff)^ - ROTL8((int)fbsub[(p[1]>>>8)&0xff]&0xff)^ - ROTL16((int)fbsub[(p[2]>>>16)&0xff]&0xff)^ - ROTL24((int)fbsub[(p[3]>>>24)&0xff]&0xff); - - q[1]=fkey[k+1]^((int)fbsub[p[1]&0xff]&0xff)^ - ROTL8((int)fbsub[(p[2]>>>8)&0xff]&0xff)^ - ROTL16((int)fbsub[(p[3]>>>16)&0xff]&0xff)^ - ROTL24((int)fbsub[(p[0]>>>24)&0xff]&0xff); - - q[2]=fkey[k+2]^((int)fbsub[p[2]&0xff]&0xff)^ - ROTL8((int)fbsub[(p[3]>>>8)&0xff]&0xff)^ - ROTL16((int)fbsub[(p[0]>>>16)&0xff]&0xff)^ - ROTL24((int)fbsub[(p[1]>>>24)&0xff]&0xff); - - q[3]=fkey[k+3]^((int)fbsub[(p[3])&0xff]&0xff)^ - ROTL8((int)fbsub[(p[0]>>>8)&0xff]&0xff)^ - ROTL16((int)fbsub[(p[1]>>>16)&0xff]&0xff)^ - ROTL24((int)fbsub[(p[2]>>>24)&0xff]&0xff); - - for (i=j=0;i<4;i++,j+=4) - { - b=unpack(q[i]); - for (k=0;k<4;k++) buff[j+k]=b[k]; - } - } - -/* Decrypt a single block */ - public void ecb_decrypt(byte[] buff) - { - int i,j,k; - int t; - byte [] b=new byte[4]; - int [] p=new int[4]; - int [] q=new int[4]; - - for (i=j=0;i<4;i++,j+=4) - { - for (k=0;k<4;k++) b[k]=buff[j+k]; - p[i]=pack(b); - p[i]^=rkey[i]; - } - - k=4; - -/* State alternates between p and q */ - for (i=1;i<10;i++) - { - q[0]=rkey[k]^rtable[p[0]&0xff]^ - ROTL8(rtable[(p[3]>>>8)&0xff])^ - ROTL16(rtable[(p[2]>>>16)&0xff])^ - ROTL24(rtable[(p[1]>>>24)&0xff]); - q[1]=rkey[k+1]^rtable[p[1]&0xff]^ - ROTL8(rtable[(p[0]>>>8)&0xff])^ - ROTL16(rtable[(p[3]>>>16)&0xff])^ - ROTL24(rtable[(p[2]>>>24)&0xff]); - q[2]=rkey[k+2]^rtable[p[2]&0xff]^ - ROTL8(rtable[(p[1]>>>8)&0xff])^ - ROTL16(rtable[(p[0]>>>16)&0xff])^ - ROTL24(rtable[(p[3]>>>24)&0xff]); - q[3]=rkey[k+3]^rtable[p[3]&0xff]^ - ROTL8(rtable[(p[2]>>>8)&0xff])^ - ROTL16(rtable[(p[1]>>>16)&0xff])^ - ROTL24(rtable[(p[0]>>>24)&0xff]); - - k+=4; - for (j=0;j<4;j++) - { - t=p[j]; p[j]=q[j]; q[j]=t; - } - } - -/* Last Round */ - - q[0]=rkey[k]^((int)rbsub[p[0]&0xff]&0xff)^ - ROTL8((int)rbsub[(p[3]>>>8)&0xff]&0xff)^ - ROTL16((int)rbsub[(p[2]>>>16)&0xff]&0xff)^ - ROTL24((int)rbsub[(p[1]>>>24)&0xff]&0xff); - q[1]=rkey[k+1]^((int)rbsub[p[1]&0xff]&0xff)^ - ROTL8((int)rbsub[(p[0]>>>8)&0xff]&0xff)^ - ROTL16((int)rbsub[(p[3]>>>16)&0xff]&0xff)^ - ROTL24((int)rbsub[(p[2]>>>24)&0xff]&0xff); - q[2]=rkey[k+2]^((int)rbsub[p[2]&0xff]&0xff)^ - ROTL8((int)rbsub[(p[1]>>>8)&0xff]&0xff)^ - ROTL16((int)rbsub[(p[0]>>>16)&0xff]&0xff)^ - ROTL24((int)rbsub[(p[3]>>>24)&0xff]&0xff); - q[3]=rkey[k+3]^((int)rbsub[p[3]&0xff]&0xff)^ - ROTL8((int)rbsub[(p[2]>>>8)&0xff]&0xff)^ - ROTL16((int)rbsub[(p[1]>>>16)&0xff]&0xff)^ - ROTL24((int)rbsub[(p[0]>>>24)&0xff]&0xff); - - for (i=j=0;i<4;i++,j+=4) - { - b=unpack(q[i]); - for (k=0;k<4;k++) buff[j+k]=b[k]; - } - - } - -/* Encrypt using selected mode of operation */ - public int encrypt(byte[] buff) - { - int j,bytes; - byte[] st=new byte[16]; - int fell_off; - -// Supported Modes of Operation - - fell_off=0; - switch (mode) - { - case ECB: - ecb_encrypt(buff); - return 0; - case CBC: - for (j=0;j<16;j++) buff[j]^=f[j]; - ecb_encrypt(buff); - for (j=0;j<16;j++) f[j]=buff[j]; - return 0; - - case CFB1: - case CFB2: - case CFB4: - bytes=mode-CFB1+1; - for (j=0;j<bytes;j++) fell_off=(fell_off<<8)|f[j]; - for (j=0;j<16;j++) st[j]=f[j]; - for (j=bytes;j<16;j++) f[j-bytes]=f[j]; - ecb_encrypt(st); - for (j=0;j<bytes;j++) - { - buff[j]^=st[j]; - f[16-bytes+j]=buff[j]; - } - return fell_off; - - case OFB1: - case OFB2: - case OFB4: - case OFB8: - case OFB16: - - bytes=mode-OFB1+1; - ecb_encrypt(f); - for (j=0;j<bytes;j++) buff[j]^=f[j]; - return 0; - - default: - return 0; - } - } - -/* Decrypt using selected mode of operation */ - public int decrypt(byte[] buff) - { - int j,bytes; - byte[] st=new byte[16]; - int fell_off; - - // Supported modes of operation - fell_off=0; - switch (mode) - { - case ECB: - ecb_decrypt(buff); - return 0; - case CBC: - for (j=0;j<16;j++) - { - st[j]=f[j]; - f[j]=buff[j]; - } - ecb_decrypt(buff); - for (j=0;j<16;j++) - { - buff[j]^=st[j]; - st[j]=0; - } - return 0; - case CFB1: - case CFB2: - case CFB4: - bytes=mode-CFB1+1; - for (j=0;j<bytes;j++) fell_off=(fell_off<<8)|f[j]; - for (j=0;j<16;j++) st[j]=f[j]; - for (j=bytes;j<16;j++) f[j-bytes]=f[j]; - ecb_encrypt(st); - for (j=0;j<bytes;j++) - { - f[16-bytes+j]=buff[j]; - buff[j]^=st[j]; - } - return fell_off; - case OFB1: - case OFB2: - case OFB4: - case OFB8: - case OFB16: - bytes=mode-OFB1+1; - ecb_encrypt(f); - for (j=0;j<bytes;j++) buff[j]^=f[j]; - return 0; - - - default: - return 0; - } - } - -/* Clean up and delete left-overs */ - public void end() - { // clean up - int i; - for (i=0;i<44;i++) - fkey[i]=rkey[i]=0; - for (i=0;i<16;i++) - f[i]=0; - } - - public static void main(String[] args) { - int i; - - byte[] key=new byte[16]; - byte[] block=new byte[16]; - byte[] iv=new byte[16]; - - for (i=0;i<16;i++) key[i]=0; - key[0]=1; - for (i=0;i<16;i++) iv[i]=(byte)i; - for (i=0;i<16;i++) block[i]=(byte)i; - - AES a=new AES(); - - a.init(CBC,key,iv); - System.out.println("Plain= "); - for (i=0;i<16;i++) System.out.format("%02X ", block[i]&0xff); - System.out.println(""); - - a.encrypt(block); - - System.out.println("Encrypt= "); - for (i=0;i<16;i++) System.out.format("%02X ", block[i]&0xff); - System.out.println(""); - - a.reset(CBC,iv); - a.decrypt(block); - - System.out.println("Decrypt= "); - for (i=0;i<16;i++) System.out.format("%02X ", block[i]&0xff); - System.out.println(""); - - a.end(); - - } -} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java/BIG.java ---------------------------------------------------------------------- diff --git a/java/BIG.java b/java/BIG.java deleted file mode 100755 index 1a7c884..0000000 --- a/java/BIG.java +++ /dev/null @@ -1,919 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -/* AMCL BIG number class */ - -public class BIG { - private int[] w=new int[ROM.NLEN]; -/* Constructors */ - - public BIG() - { - for (int i=0;i<ROM.NLEN;i++) - w[i]=0; - } - - public BIG(int x) - { - w[0]=x; - for (int i=1;i<ROM.NLEN;i++) - w[i]=0; - } - - public BIG(BIG x) - { - for (int i=0;i<ROM.NLEN;i++) - w[i]=x.w[i]; - } - - public BIG(DBIG x) - { - for (int i=0;i<ROM.NLEN;i++) - w[i]=x.w[i]; - } - - public BIG(int[] x) - { - for (int i=0;i<ROM.NLEN;i++) - w[i]=x[i]; - } - - public int get(int i) - { - return w[i]; - } - - public void set(int i,int x) - { - w[i]=x; - } - - public void xortop(int x) - { - w[ROM.NLEN-1]^=x; - } - - public void ortop(int x) - { - w[ROM.NLEN-1]|=x; - } - -/* calculate Field Excess */ - public static int EXCESS(BIG a) - { - return ((a.w[ROM.NLEN-1]&ROM.OMASK)>>(ROM.MODBITS%ROM.BASEBITS)); - } - -/* test for zero */ - public boolean iszilch() { - for (int i=0;i<ROM.NLEN;i++) - if (w[i]!=0) return false; - return true; - } - -/* set to zero */ - public void zero() - { - for (int i=0;i<ROM.NLEN;i++) - w[i]=0; - } - -/* set to one */ - public void one() - { - w[0]=1; - for (int i=1;i<ROM.NLEN;i++) - w[i]=0; - } - -/* Test for equal to one */ - public boolean isunity() - { - for (int i=1;i<ROM.NLEN;i++) - if (w[i]!=0) return false; - if (w[0]!=1) return false; - return true; - } - -/* Copy from another BIG */ - public void copy(BIG x) - { - for (int i=0;i<ROM.NLEN;i++) - w[i]=x.w[i]; - } - - public void copy(DBIG x) - { - for (int i=0;i<ROM.NLEN;i++) - w[i]=x.w[i]; - } - - -/* Conditional swap of two bigs depending on d using XOR - no branches */ - public void cswap(BIG b,int d) - { - int i; - int t,c=d; - c=~(c-1); - - for (i=0;i<ROM.NLEN;i++) - { - t=c&(w[i]^b.w[i]); - w[i]^=t; - b.w[i]^=t; - } - } - - public void cmove(BIG g,int d) - { - int i; - int t,b=-d; - - for (i=0;i<ROM.NLEN;i++) - { - w[i]^=(w[i]^g.w[i])&b; - } - } - -/* normalise BIG - force all digits < 2^BASEBITS */ - public int norm() { - int d,carry=0; - for (int i=0;i<ROM.NLEN-1;i++) - { - d=w[i]+carry; - w[i]=d&ROM.MASK; - carry=d>>ROM.BASEBITS; - } - w[ROM.NLEN-1]=(w[ROM.NLEN-1]+carry); - - return (w[ROM.NLEN-1]>>((8*ROM.MODBYTES)%ROM.BASEBITS)); - } - -/* Shift right by less than a word */ - public int fshr(int k) { - int r=w[0]&(((int)1<<k)-1); /* shifted out part */ - for (int i=0;i<ROM.NLEN-1;i++) - w[i]=(w[i]>>k)|((w[i+1]<<(ROM.BASEBITS-k))&ROM.MASK); - w[ROM.NLEN-1]=w[ROM.NLEN-1]>>k; - return r; - } - -/* general shift right */ - public void shr(int k) { - int n=k%ROM.BASEBITS; - int m=k/ROM.BASEBITS; - for (int i=0;i<ROM.NLEN-m-1;i++) - w[i]=(w[m+i]>>n)|((w[m+i+1]<<(ROM.BASEBITS-n))&ROM.MASK); - w[ROM.NLEN-m-1]=w[ROM.NLEN-1]>>n; - for (int i=ROM.NLEN-m;i<ROM.NLEN;i++) w[i]=0; - } - -/* Shift right by less than a word */ - public int fshl(int k) { - w[ROM.NLEN-1]=((w[ROM.NLEN-1]<<k))|(w[ROM.NLEN-2]>>(ROM.BASEBITS-k)); - for (int i=ROM.NLEN-2;i>0;i--) - w[i]=((w[i]<<k)&ROM.MASK)|(w[i-1]>>(ROM.BASEBITS-k)); - w[0]=(w[0]<<k)&ROM.MASK; - - return (w[ROM.NLEN-1]>>((8*ROM.MODBYTES)%ROM.BASEBITS)); /* return excess - only used in FF.java */ - } - -/* general shift left */ - public void shl(int k) { - int n=k%ROM.BASEBITS; - int m=k/ROM.BASEBITS; - - w[ROM.NLEN-1]=((w[ROM.NLEN-1-m]<<n))|(w[ROM.NLEN-m-2]>>(ROM.BASEBITS-n)); - for (int i=ROM.NLEN-2;i>m;i--) - w[i]=((w[i-m]<<n)&ROM.MASK)|(w[i-m-1]>>(ROM.BASEBITS-n)); - w[m]=(w[0]<<n)&ROM.MASK; - for (int i=0;i<m;i++) w[i]=0; - } - -/* return number of bits */ - public int nbits() { - int bts,k=ROM.NLEN-1; - int c; - norm(); - while (k>=0 && w[k]==0) k--; - if (k<0) return 0; - bts=ROM.BASEBITS*k; - c=w[k]; - while (c!=0) {c/=2; bts++;} - return bts; - } - - public String toRawString() - { - BIG b=new BIG(this); - String s="("; - for (int i=0;i<ROM.NLEN-1;i++) - { - s+=Integer.toHexString(b.w[i]); s+=","; - } - s+=Integer.toHexString(b.w[ROM.NLEN-1]); s+=")"; - return s; - } - -/* Convert to Hex String */ - public String toString() { - BIG b; - String s=""; - int len=nbits(); - - if (len%4==0) len/=4; - else {len/=4; len++;} - if (len<ROM.MODBYTES*2) len=ROM.MODBYTES*2; - - for (int i=len-1;i>=0;i--) - { - b=new BIG(this); - b.shr(i*4); - s+=Integer.toHexString(b.w[0]&15); - } - return s; - } - -/* return this+x */ - public BIG plus(BIG x) { - BIG s=new BIG(0); - for (int i=0;i<ROM.NLEN;i++) - s.w[i]=w[i]+x.w[i]; - return s; - } - -/* this+=x */ - public void add(BIG x) { - for (int i=0;i<ROM.NLEN;i++) - w[i]+=x.w[i]; - } - -/* this+=x, where x is int */ - public void inc(int x) { - norm(); - w[0]+=x; - } - -/* return this.x */ - public BIG minus(BIG x) { - BIG d=new BIG(0); - for (int i=0;i<ROM.NLEN;i++) - d.w[i]=w[i]-x.w[i]; - return d; - } - -/* this-=x */ - public void sub(BIG x) { - for (int i=0;i<ROM.NLEN;i++) - w[i]-=x.w[i]; - } - -/* reverse subtract this=x-this */ - public void rsub(BIG x) { - for (int i=0;i<ROM.NLEN;i++) - w[i]=x.w[i]-w[i]; - } - -/* this-=x where x is int */ - public void dec(int x) { - norm(); - w[0]-=x; - } - -/* this*=x, where x is small int<NEXCESS */ - public void imul(int c) - { - for (int i=0;i<ROM.NLEN;i++) w[i]*=c; - } - -/* convert this BIG to byte array */ - public void tobytearray(byte[] b,int n) - { - norm(); - BIG c=new BIG(this); - - for (int i=ROM.MODBYTES-1;i>=0;i--) - { - b[i+n]=(byte)c.w[0]; - c.fshr(8); - } - } - -/* convert from byte array to BIG */ - public static BIG frombytearray(byte[] b,int n) - { - BIG m=new BIG(0); - - for (int i=0;i<ROM.MODBYTES;i++) - { - m.fshl(8); m.w[0]+=(int)b[i+n]&0xff; - //m.inc((int)b[i]&0xff); - } - return m; - } - - public void toBytes(byte[] b) - { - tobytearray(b,0); - } - - public static BIG fromBytes(byte[] b) - { - return frombytearray(b,0); - } - -/* set this[i]+=x*y+c, and return high part */ - public int muladd(int x,int y,int c,int i) - { - long prod=(long)x*y+c+w[i]; - w[i]=(int)prod&ROM.MASK; - return (int)(prod>>ROM.BASEBITS); - } - -/* this*=x, where x is >NEXCESS */ - public int pmul(int c) - { - int ak,carry=0; - norm(); - for (int i=0;i<ROM.NLEN;i++) - { - ak=w[i]; - w[i]=0; - carry=muladd(ak,c,carry,i); - } - return carry; - } - -/* this*=c and catch overflow in DBIG */ - public DBIG pxmul(int c) - { - DBIG m=new DBIG(0); - int carry=0; - for (int j=0;j<ROM.NLEN;j++) - carry=m.muladd(w[j],c,carry,j); - m.w[ROM.NLEN]=carry; - return m; - } - -/* divide by 3 */ - public int div3() - { - int ak,base,carry=0; - norm(); - base=((int)1<<ROM.BASEBITS); - for (int i=ROM.NLEN-1;i>=0;i--) - { - ak=(carry*base+w[i]); - w[i]=ak/3; - carry=ak%3; - } - return (int)carry; - } - -/* return a*b where result fits in a BIG */ - public static BIG smul(BIG a,BIG b) - { - int carry; - BIG c=new BIG(0); - for (int i=0;i<ROM.NLEN;i++) - { - carry=0; - for (int j=0;j<ROM.NLEN;j++) - if (i+j<ROM.NLEN) carry=c.muladd(a.w[i],b.w[j],carry,i+j); - } - return c; - } - -/* Compare a and b, return 0 if a==b, -1 if a<b, +1 if a>b. Inputs must be normalised */ - public static int comp(BIG a,BIG b) - { - for (int i=ROM.NLEN-1;i>=0;i--) - { - if (a.w[i]==b.w[i]) continue; - if (a.w[i]>b.w[i]) return 1; - else return -1; - } - return 0; - } - -/* set x = x mod 2^m */ - public void mod2m(int m) - { - int i,wd,bt; - int msk; - - wd=m/ROM.BASEBITS; - bt=m%ROM.BASEBITS; - msk=((int)1<<bt)-1; - w[wd]&=msk; - for (i=wd+1;i<ROM.NLEN;i++) w[i]=0; - } - -/* Arazi and Qi inversion mod 256 */ - public static int invmod256(int a) - { - int U,t1,t2,b,c; - t1=0; - c=(a>>1)&1; - t1+=c; - t1&=1; - t1=2-t1; - t1<<=1; - U=t1+1; - -// i=2 - b=a&3; - t1=U*b; t1>>=2; - c=(a>>2)&3; - t2=(U*c)&3; - t1+=t2; - t1*=U; t1&=3; - t1=4-t1; - t1<<=2; - U+=t1; - -// i=4 - b=a&15; - t1=U*b; t1>>=4; - c=(a>>4)&15; - t2=(U*c)&15; - t1+=t2; - t1*=U; t1&=15; - t1=16-t1; - t1<<=4; - U+=t1; - - return U; - } - -/* a=1/a mod 2^256. This is very fast! */ - public void invmod2m() - { - int i; - BIG U=new BIG(0); - BIG b=new BIG(0); - BIG c=new BIG(0); - - U.inc(invmod256(lastbits(8))); - - for (i=8;i<256;i<<=1) - { - b.copy(this); b.mod2m(i); - BIG t1=BIG.smul(U,b); t1.shr(i); - c.copy(this); c.shr(i); c.mod2m(i); - - BIG t2=BIG.smul(U,c); t2.mod2m(i); - t1.add(t2); - b=BIG.smul(t1,U); t1.copy(b); - t1.mod2m(i); - - t2.one(); t2.shl(i); t1.rsub(t2); t1.norm(); - t1.shl(i); - U.add(t1); - } - this.copy(U); - } - -/* reduce this mod m */ - public void mod(BIG m) - { - int k=0; - - norm(); - if (comp(this,m)<0) return; - do - { - m.fshl(1); - k++; - } while (comp(this,m)>=0); - - while (k>0) - { - m.fshr(1); - if (comp(this,m)>=0) - { - sub(m); - norm(); - } - k--; - } - } - -/* divide this by m */ - public void div(BIG m) - { - int k=0; - norm(); - BIG e=new BIG(1); - BIG b=new BIG(this); - zero(); - - while (comp(b,m)>=0) - { - e.fshl(1); - m.fshl(1); - k++; - } - - while (k>0) - { - m.fshr(1); - e.fshr(1); - if (comp(b,m)>=0) - { - add(e); - norm(); - b.sub(m); - b.norm(); - } - k--; - } - } - -/* return parity */ - public int parity() - { - return w[0]%2; - } - -/* return n-th bit */ - public int bit(int n) - { - if ((w[n/ROM.BASEBITS]&((int)1<<(n%ROM.BASEBITS)))>0) return 1; - else return 0; - } - -/* return n last bits */ - public int lastbits(int n) - { - int msk=(1<<n)-1; - norm(); - return ((int)w[0])&msk; - } - -/* get 8*MODBYTES size random number */ - public static BIG random(RAND rng) - { - BIG m=new BIG(0); - int i,b,j=0,r=0; - -/* generate random BIG */ - for (i=0;i<8*ROM.MODBYTES;i++) - { - if (j==0) r=rng.getByte(); - else r>>=1; - - b=r&1; - m.shl(1); m.w[0]+=b;// m.inc(b); - j++; j&=7; - } - return m; - } - -/* Create random BIG in portable way, one bit at a time */ - public static BIG randomnum(BIG q,RAND rng) - { - DBIG d=new DBIG(0); - int i,b,j=0,r=0; - for (i=0;i<2*ROM.MODBITS;i++) - { - if (j==0) r=rng.getByte(); - else r>>=1; - - b=r&1; - d.shl(1); d.w[0]+=b;// m.inc(b); - j++; j&=7; - } - BIG m=d.mod(q); - return m; - } - -/* return NAF value as +/- 1, 3 or 5. x and x3 should be normed. -nbs is number of bits processed, and nzs is number of trailing 0s detected */ - public static int[] nafbits(BIG x,BIG x3,int i) - { - int[] n=new int[3]; - int nb=x3.bit(i)-x.bit(i); - int j; - n[1]=1; - n[0]=0; - if (nb==0) {n[0]=0; return n;} - if (i==0) {n[0]=nb; return n;} - if (nb>0) n[0]=1; - else n[0]=(-1); - - for (j=i-1;j>0;j--) - { - n[1]++; - n[0]*=2; - nb=x3.bit(j)-x.bit(j); - if (nb>0) n[0]+=1; - if (nb<0) n[0]-=1; - if (n[0]>5 || n[0]<-5) break; - } - - if (n[0]%2!=0 && j!=0) - { /* backtrack */ - if (nb>0) n[0]=(n[0]-1)/2; - if (nb<0) n[0]=(n[0]+1)/2; - n[1]--; - } - while (n[0]%2==0) - { /* remove trailing zeros */ - n[0]/=2; - n[2]++; - n[1]--; - } - return n; - } - -/* return a*b as DBIG */ - public static DBIG mul(BIG a,BIG b) - { - long t,co; - DBIG c=new DBIG(0); - a.norm(); - b.norm(); - - t=(long)a.w[0]*b.w[0]; c.w[0]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS; - t=(long)a.w[1]*b.w[0]+(long)a.w[0]*b.w[1]+co; c.w[1]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS; - t=(long)a.w[2]*b.w[0]+(long)a.w[1]*b.w[1]+(long)a.w[0]*b.w[2]+co; c.w[2]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS; - t=(long)a.w[3]*b.w[0]+(long)a.w[2]*b.w[1]+(long)a.w[1]*b.w[2]+(long)a.w[0]*b.w[3]+co; c.w[3]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS; - t=(long)a.w[4]*b.w[0]+(long)a.w[3]*b.w[1]+(long)a.w[2]*b.w[2]+(long)a.w[1]*b.w[3]+(long)a.w[0]*b.w[4]+co; c.w[4]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS; - t=(long)a.w[5]*b.w[0]+(long)a.w[4]*b.w[1]+(long)a.w[3]*b.w[2]+(long)a.w[2]*b.w[3]+(long)a.w[1]*b.w[4]+(long)a.w[0]*b.w[5]+co; c.w[5]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS; - t=(long)a.w[6]*b.w[0]+(long)a.w[5]*b.w[1]+(long)a.w[4]*b.w[2]+(long)a.w[3]*b.w[3]+(long)a.w[2]*b.w[4]+(long)a.w[1]*b.w[5]+(long)a.w[0]*b.w[6]+co; c.w[6]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS; - t=(long)a.w[7]*b.w[0]+(long)a.w[6]*b.w[1]+(long)a.w[5]*b.w[2]+(long)a.w[4]*b.w[3]+(long)a.w[3]*b.w[4]+(long)a.w[2]*b.w[5]+(long)a.w[1]*b.w[6]+(long)a.w[0]*b.w[7]+co; c.w[7]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS; - t=(long)a.w[8]*b.w[0]+(long)a.w[7]*b.w[1]+(long)a.w[6]*b.w[2]+(long)a.w[5]*b.w[3]+(long)a.w[4]*b.w[4]+(long)a.w[3]*b.w[5]+(long)a.w[2]*b.w[6]+(long)a.w[1]*b.w[7]+(long)a.w[0]*b.w[8]+co; c.w[8]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS; - - t=(long)a.w[8]*b.w[1]+(long)a.w[7]*b.w[2]+(long)a.w[6]*b.w[3]+(long)a.w[5]*b.w[4]+(long)a.w[4]*b.w[5]+(long)a.w[3]*b.w[6]+(long)a.w[2]*b.w[7]+(long)a.w[1]*b.w[8]+co; c.w[9]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS; - t=(long)a.w[8]*b.w[2]+(long)a.w[7]*b.w[3]+(long)a.w[6]*b.w[4]+(long)a.w[5]*b.w[5]+(long)a.w[4]*b.w[6]+(long)a.w[3]*b.w[7]+(long)a.w[2]*b.w[8]+co; c.w[10]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS; - t=(long)a.w[8]*b.w[3]+(long)a.w[7]*b.w[4]+(long)a.w[6]*b.w[5]+(long)a.w[5]*b.w[6]+(long)a.w[4]*b.w[7]+(long)a.w[3]*b.w[8]+co; c.w[11]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS; - t=(long)a.w[8]*b.w[4]+(long)a.w[7]*b.w[5]+(long)a.w[6]*b.w[6]+(long)a.w[5]*b.w[7]+(long)a.w[4]*b.w[8]+co; c.w[12]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS; - t=(long)a.w[8]*b.w[5]+(long)a.w[7]*b.w[6]+(long)a.w[6]*b.w[7]+(long)a.w[5]*b.w[8]+co; c.w[13]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS; - t=(long)a.w[8]*b.w[6]+(long)a.w[7]*b.w[7]+(long)a.w[6]*b.w[8]+co; c.w[14]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS; - t=(long)a.w[8]*b.w[7]+(long)a.w[7]*b.w[8]+co; c.w[15]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS; - - t=(long)a.w[8]*b.w[8]+co; c.w[16]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS; - c.w[17]=(int)co; - - return c; - } - - -/* return a^2 as DBIG */ - public static DBIG sqr(BIG a) - { - long t,co; - DBIG c=new DBIG(0); - a.norm(); - - t=(long)a.w[0]*a.w[0]; c.w[0]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS; - t=(long)a.w[1]*a.w[0]; t+=t; t+=co; c.w[1]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS; - t=(long)a.w[2]*a.w[0]; t+=t; t+=(long)a.w[1]*a.w[1]; t+=co; c.w[2]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS; - t=(long)a.w[3]*a.w[0]+(long)a.w[2]*a.w[1]; t+=t; t+=co; c.w[3]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS; - t=(long)a.w[4]*a.w[0]+(long)a.w[3]*a.w[1]; t+=t; t+=(long)a.w[2]*a.w[2]; t+=co; c.w[4]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS; - t=(long)a.w[5]*a.w[0]+(long)a.w[4]*a.w[1]+(long)a.w[3]*a.w[2]; t+=t; t+=co; c.w[5]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS; - t=(long)a.w[6]*a.w[0]+(long)a.w[5]*a.w[1]+(long)a.w[4]*a.w[2]; t+=t; t+=(long)a.w[3]*a.w[3]; t+=co; c.w[6]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS; - t=(long)a.w[7]*a.w[0]+(long)a.w[6]*a.w[1]+(long)a.w[5]*a.w[2]+(long)a.w[4]*a.w[3]; t+=t; t+=co; c.w[7]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS; - t=(long)a.w[8]*a.w[0]+(long)a.w[7]*a.w[1]+(long)a.w[6]*a.w[2]+(long)a.w[5]*a.w[3]; t+=t; t+=(long)a.w[4]*a.w[4]; t+=co; c.w[8]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS; - t=(long)a.w[8]*a.w[1]+(long)a.w[7]*a.w[2]+(long)a.w[6]*a.w[3]+(long)a.w[5]*a.w[4]; t+=t; t+=co; c.w[9]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS; - t=(long)a.w[8]*a.w[2]+(long)a.w[7]*a.w[3]+(long)a.w[6]*a.w[4]; t+=t; t+=(long)a.w[5]*a.w[5]; t+=co; c.w[10]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS; - t=(long)a.w[8]*a.w[3]+(long)a.w[7]*a.w[4]+(long)a.w[6]*a.w[5]; t+=t; t+=co; c.w[11]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS; - t=(long)a.w[8]*a.w[4]+(long)a.w[7]*a.w[5]; t+=t; t+=(long)a.w[6]*a.w[6]; t+=co; c.w[12]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS; - t=(long)a.w[8]*a.w[5]+(long)a.w[7]*a.w[6]; t+=t; t+=co; c.w[13]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS; - t=(long)a.w[8]*a.w[6]; t+=t; t+=(long)a.w[7]*a.w[7]; t+=co; c.w[14]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS; - t=(long)a.w[8]*a.w[7]; t+=t; t+=co; c.w[15]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS; - t=(long)a.w[8]*a.w[8]+co; c.w[16]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS; - c.w[17]=(int)co; - - return c; - } - -/* reduce a DBIG to a BIG using the appropriate form of the modulus */ - public static BIG mod(DBIG d) - { - BIG b; - if (ROM.MODTYPE==ROM.PSEUDO_MERSENNE) - { - int v,tw; - BIG t=d.split(ROM.MODBITS); - b=new BIG(d); - - v=t.pmul(ROM.MConst); - tw=t.w[ROM.NLEN-1]; - t.w[ROM.NLEN-1]&=ROM.TMASK; - t.inc(ROM.MConst*((tw>>ROM.TBITS)+(v<<(ROM.BASEBITS-ROM.TBITS)))); - - b.add(t); - b.norm(); - } - if (ROM.MODTYPE==ROM.MONTGOMERY_FRIENDLY) - { - for (int i=0;i<ROM.NLEN;i++) - d.w[ROM.NLEN+i]+=d.muladd(d.w[i],ROM.MConst-1,d.w[i],ROM.NLEN+i-1); - - b=new BIG(0); - - for (int i=0;i<ROM.NLEN;i++ ) - b.w[i]=d.w[ROM.NLEN+i]; - b.norm(); - } - - if (ROM.MODTYPE==ROM.NOT_SPECIAL) - { - BIG md=new BIG(ROM.Modulus); - long sum; - int sp; - sum=d.w[0]; - for (int j=0;j<ROM.NLEN;j++) - { - for (int i=0;i<j;i++) sum+=(long)d.w[i]*md.w[j-i]; - sp=((int)sum*ROM.MConst)&ROM.MASK; - d.w[j]=sp; sum+=(long)sp*md.w[0]; - sum=d.w[j+1]+(sum>>ROM.BASEBITS); - } - - for (int j=ROM.NLEN;j<ROM.DNLEN-2;j++) - { - for (int i=j-ROM.NLEN+1;i<ROM.NLEN;i++) sum+=(long)d.w[i]*md.w[j-i]; - d.w[j]=(int)sum&ROM.MASK; - sum=d.w[j+1]+(sum>>ROM.BASEBITS); - } - - sum+=(long)d.w[ROM.NLEN-1]*md.w[ROM.NLEN-1]; - d.w[ROM.DNLEN-2]=(int)sum&ROM.MASK; - sum=d.w[ROM.DNLEN-1]+(sum>>ROM.BASEBITS); - d.w[ROM.DNLEN-1]=(int)sum&ROM.MASK; - - b=new BIG(0); - - for (int i=0;i<ROM.NLEN;i++ ) - b.w[i]=d.w[ROM.NLEN+i]; - b.norm(); - } - - return b; - } - -/* return a*b mod m */ - public static BIG modmul(BIG a,BIG b,BIG m) - { - a.mod(m); - b.mod(m); - DBIG d=mul(a,b); - return d.mod(m); - } - -/* return a^2 mod m */ - public static BIG modsqr(BIG a,BIG m) - { - a.mod(m); - DBIG d=sqr(a); - return d.mod(m); - } - -/* return -a mod m */ - public static BIG modneg(BIG a,BIG m) - { - a.mod(m); - return m.minus(a); - } - -/* return this^e mod m */ - public BIG powmod(BIG e,BIG m) - { - int bt; - norm(); - e.norm(); - BIG a=new BIG(1); - BIG z=new BIG(e); - BIG s=new BIG(this); - while (true) - { - bt=z.parity(); - z.fshr(1); - if (bt==1) a=modmul(a,s,m); - if (z.iszilch()) break; - s=modsqr(s,m); - } - return a; - } - -/* Jacobi Symbol (this/p). Returns 0, 1 or -1 */ - public int jacobi(BIG p) - { - int n8,k,m=0; - BIG t=new BIG(0); - BIG x=new BIG(0); - BIG n=new BIG(0); - BIG zilch=new BIG(0); - BIG one=new BIG(1); - if (p.parity()==0 || comp(this,zilch)==0 || comp(p,one)<=0) return 0; - norm(); - x.copy(this); - n.copy(p); - x.mod(p); - - while (comp(n,one)>0) - { - if (comp(x,zilch)==0) return 0; - n8=n.lastbits(3); - k=0; - while (x.parity()==0) - { - k++; - x.shr(1); - } - if (k%2==1) m+=(n8*n8-1)/8; - m+=(n8-1)*(x.lastbits(2)-1)/4; - t.copy(n); - t.mod(x); - n.copy(x); - x.copy(t); - m%=2; - - } - if (m==0) return 1; - else return -1; - } - -/* this=1/this mod p. Binary method */ - public void invmodp(BIG p) - { - mod(p); - BIG u=new BIG(this); - BIG v=new BIG(p); - BIG x1=new BIG(1); - BIG x2=new BIG(0); - BIG t=new BIG(0); - BIG one=new BIG(1); - - while (comp(u,one)!=0 && comp(v,one)!=0) - { - while (u.parity()==0) - { - u.shr(1); - if (x1.parity()!=0) - { - x1.add(p); - x1.norm(); - } - x1.shr(1); - } - while (v.parity()==0) - { - v.shr(1); - if (x2.parity()!=0) - { - x2.add(p); - x2.norm(); - } - x2.shr(1); - } - if (comp(u,v)>=0) - { - u.sub(v); - u.norm(); - if (comp(x1,x2)>=0) x1.sub(x2); - else - { - t.copy(p); - t.sub(x2); - x1.add(t); - } - x1.norm(); - } - else - { - v.sub(u); - v.norm(); - if (comp(x2,x1)>=0) x2.sub(x1); - else - { - t.copy(p); - t.sub(x1); - x2.add(t); - } - x2.norm(); - } - } - if (comp(u,one)==0) copy(x1); - else copy(x2); - } -} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java/DBIG.java ---------------------------------------------------------------------- diff --git a/java/DBIG.java b/java/DBIG.java deleted file mode 100755 index ee4c993..0000000 --- a/java/DBIG.java +++ /dev/null @@ -1,286 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -/* AMCL double length DBIG number class */ - -public class DBIG { - protected int[] w=new int[ROM.DNLEN]; - -/* Constructors */ - public DBIG(int x) - { - w[0]=x; - for (int i=1;i<ROM.DNLEN;i++) - w[i]=0; - } - - public DBIG(DBIG x) - { - for (int i=0;i<ROM.DNLEN;i++) - w[i]=x.w[i]; - } - - public DBIG(BIG x) - { - for (int i=0;i<ROM.NLEN-1;i++) - w[i]=x.get(i); - - w[ROM.NLEN-1]=x.get(ROM.NLEN-1)&ROM.MASK; /* top word normalized */ - w[ROM.NLEN]=x.get(ROM.NLEN-1)>>ROM.BASEBITS; - - for (int i=ROM.NLEN+1;i<ROM.DNLEN;i++) w[i]=0; - } - -/* get and set digits of this */ - public int get(int i) - { - return w[i]; - } - - public void set(int i,int x) - { - w[i]=x; - } - -/* test this=0? */ - public boolean iszilch() { - for (int i=0;i<ROM.DNLEN;i++) - if (w[i]!=0) return false; - return true; - } - -/* normalise this */ - public void norm() { - int d,carry=0; - for (int i=0;i<ROM.DNLEN-1;i++) - { - d=w[i]+carry; - w[i]=d&ROM.MASK; - carry=d>>ROM.BASEBITS; - } - w[ROM.DNLEN-1]=(w[ROM.DNLEN-1]+carry); - } - -/* shift this right by k bits */ - public void shr(int k) { - int n=k%ROM.BASEBITS; - int m=k/ROM.BASEBITS; - for (int i=0;i<ROM.DNLEN-m-1;i++) - w[i]=(w[m+i]>>n)|((w[m+i+1]<<(ROM.BASEBITS-n))&ROM.MASK); - w[ROM.DNLEN-m-1]=w[ROM.DNLEN-1]>>n; - for (int i=ROM.DNLEN-m;i<ROM.DNLEN;i++) w[i]=0; - } - -/* shift this left by k bits */ - public void shl(int k) { - int n=k%ROM.BASEBITS; - int m=k/ROM.BASEBITS; - - w[ROM.DNLEN-1]=((w[ROM.DNLEN-1-m]<<n))|(w[ROM.DNLEN-m-2]>>(ROM.BASEBITS-n)); - for (int i=ROM.DNLEN-2;i>m;i--) - w[i]=((w[i-m]<<n)&ROM.MASK)|(w[i-m-1]>>(ROM.BASEBITS-n)); - w[m]=(w[0]<<n)&ROM.MASK; - for (int i=0;i<m;i++) w[i]=0; - } - -/* return number of bits in this */ - public int nbits() { - int bts,k=ROM.DNLEN-1; - int c; - norm(); - while (w[k]==0 && k>=0) k--; - if (k<0) return 0; - bts=ROM.BASEBITS*k; - c=w[k]; - while (c!=0) {c/=2; bts++;} - return bts; - } - -/* convert this to string */ - public String toString() { - DBIG b; - String s=""; - int len=nbits(); - if (len%4==0) len>>=2; //len/=4; - else {len>>=2; len++;} - - for (int i=len-1;i>=0;i--) - { - b=new DBIG(this); - b.shr(i*4); - s+=Integer.toHexString(b.w[0]&15); - } - return s; - } - -/* return this+x */ -/* - public DBIG plus(DBIG x) { - DBIG s=new DBIG(0); - for (int i=0;i<ROM.DNLEN;i++) - s.w[i]=w[i]+x.w[i]; - return s; - } -*/ -/* return this-x */ -/* - public DBIG minus(DBIG x) { - DBIG d=new DBIG(0); - for (int i=0;i<ROM.DNLEN;i++) - d.w[i]=w[i]-x.w[i]; - return d; - } -*/ -/* this+=x */ - public void add(DBIG x) { - for (int i=0;i<ROM.DNLEN;i++) - w[i]+=x.w[i]; - } - -/* this-=x */ - public void sub(DBIG x) { - for (int i=0;i<ROM.DNLEN;i++) - w[i]-=x.w[i]; - } - -/* set this[i]+=x*y+c, and return high part */ - public int muladd(int x,int y,int c,int i) - { - long prod=(long)x*y+c+w[i]; - w[i]=(int)prod&ROM.MASK; - return (int)(prod>>ROM.BASEBITS); - } - -/* Compare a and b, return 0 if a==b, -1 if a<b, +1 if a>b. Inputs must be normalised */ - public static int comp(DBIG a,DBIG b) - { - for (int i=ROM.DNLEN-1;i>=0;i--) - { - if (a.w[i]==b.w[i]) continue; - if (a.w[i]>b.w[i]) return 1; - else return -1; - } - return 0; - } - -/* reduces this DBIG mod a BIG, and returns the BIG */ - public BIG mod(BIG c) - { - int k=0; - norm(); - DBIG m=new DBIG(c); - - if (comp(this,m)<0) return new BIG(this); - - do - { - m.shl(1); - k++; - } - while (comp(this,m)>=0); - - while (k>0) - { - m.shr(1); - if (comp(this,m)>=0) - { - sub(m); - norm(); - } - k--; - } - return new BIG(this); - } - -/* reduces this DBIG mod a DBIG in place */ -/* public void mod(DBIG m) - { - int k=0; - if (comp(this,m)<0) return; - - do - { - m.shl(1); - k++; - } - while (comp(this,m)>=0); - - while (k>0) - { - m.shr(1); - if (comp(this,m)>=0) - { - sub(m); - norm(); - } - k--; - } - return; - - }*/ - -/* return this/c */ - public BIG div(BIG c) - { - int k=0; - DBIG m=new DBIG(c); - BIG a=new BIG(0); - BIG e=new BIG(1); - norm(); - - while (comp(this,m)>=0) - { - e.fshl(1); - m.shl(1); - k++; - } - - while (k>0) - { - m.shr(1); - e.shr(1); - if (comp(this,m)>0) - { - a.add(e); - a.norm(); - sub(m); - norm(); - } - k--; - } - return a; - } - -/* split DBIG at position n, return higher half, keep lower half */ - public BIG split(int n) - { - BIG t=new BIG(0); - int nw,m=n%ROM.BASEBITS; - int carry=w[ROM.DNLEN-1]<<(ROM.BASEBITS-m); - - for (int i=ROM.DNLEN-2;i>=ROM.NLEN-1;i--) - { - nw=(w[i]>>m)|carry; - carry=(w[i]<<(ROM.BASEBITS-m))&ROM.MASK; - t.set(i-ROM.NLEN+1,nw); - } - w[ROM.NLEN-1]&=(((int)1<<m)-1); - return t; - } -} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java/ECDH.java ---------------------------------------------------------------------- diff --git a/java/ECDH.java b/java/ECDH.java deleted file mode 100755 index 88c48ba..0000000 --- a/java/ECDH.java +++ /dev/null @@ -1,531 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -/* Elliptic Curve API high-level functions */ - -public final class ECDH { - public static final int INVALID_PUBLIC_KEY=-2; - public static final int ERROR=-3; - public static final int INVALID=-4; - public static final int EFS=ROM.MODBYTES; - public static final int EGS=ROM.MODBYTES; - public static final int EAS=AES.KS; - public static final int EBS=AES.BS; - -/* Convert Integer to n-byte array */ - private static byte[] inttoBytes(int n,int len) - { - int i; - byte[] b=new byte[len]; - - for (i=0;i<len;i++) b[i]=0; - i=len; - while (n>0 && i>0) - { - i--; - b[i]=(byte)(n&0xff); - n/=256; - } - return b; - } - -/* Key Derivation Functions */ -/* Input octet Z */ -/* Output key of length olen */ - public static byte[] KDF1(byte[] Z,int olen) - { -/* NOTE: the parameter olen is the length of the output K in bytes */ - HASH H=new HASH(); - int hlen=HASH.len; - byte[] K=new byte[olen]; - - byte[] B; - int counter,cthreshold,k=0; - - for (int i=0;i<K.length;i++) K[i]=0; - - cthreshold=olen/hlen; if (olen%hlen!=0) cthreshold++; - - for (counter=0;counter<cthreshold;counter++) - { - H.process_array(Z); if (counter>0) H.process_num(counter); - B=H.hash(); - if (k+hlen>olen) for (int i=0;i<olen%hlen;i++) K[k++]=B[i]; - else for (int i=0;i<hlen;i++) K[k++]=B[i]; - } - return K; - } - - public static byte[] KDF2(byte[] Z,byte[] P,int olen) - { -/* NOTE: the parameter olen is the length of the output k in bytes */ - HASH H=new HASH(); - int hlen=HASH.len; - byte[] K=new byte[olen]; - - byte[] B=new byte[hlen]; - int counter,cthreshold,k=0; - - for (int i=0;i<K.length;i++) K[i]=0; - - cthreshold=olen/hlen; if (olen%hlen!=0) cthreshold++; - - for (counter=1;counter<=cthreshold;counter++) - { - H.process_array(Z); H.process_num(counter); H.process_array(P); - B=H.hash(); - if (k+hlen>olen) for (int i=0;i<olen%hlen;i++) K[k++]=B[i]; - else for (int i=0;i<hlen;i++) K[k++]=B[i]; - } - return K; - } - -/* Password based Key Derivation Function */ -/* Input password p, salt s, and repeat count */ -/* Output key of length olen */ - public static byte[] PBKDF2(byte[] Pass,byte[] Salt,int rep,int olen) - { - int i,j,k,len,d,opt; - d=olen/32; if (olen%32!=0) d++; - byte[] F=new byte[EFS]; - byte[] U=new byte[EFS]; - byte[] S=new byte[Salt.length+4]; - - byte[] K=new byte[d*EFS]; - opt=0; - - for (i=1;i<=d;i++) - { - for (j=0;j<Salt.length;j++) S[j]=Salt[j]; - byte[] N=inttoBytes(i,4); - for (j=0;j<4;j++) S[Salt.length+j]=N[j]; - - HMAC(S,Pass,F); - - for (j=0;j<EFS;j++) U[j]=F[j]; - for (j=2;j<=rep;j++) - { - HMAC(U,Pass,U); - for (k=0;k<EFS;k++) F[k]^=U[k]; - } - for (j=0;j<EFS;j++) K[opt++]=F[j]; - } - byte[] key=new byte[olen]; - for (i=0;i<olen;i++) key[i]=K[i]; - return key; - } - -/* Calculate HMAC of m using key k. HMAC is tag of length olen */ - public static int HMAC(byte[] M,byte[] K,byte[] tag) - { - /* Input is from an octet m * - * olen is requested output length in bytes. k is the key * - * The output is the calculated tag */ - int b; - byte[] B; - byte[] K0=new byte[64]; - int olen=tag.length; - - b=K0.length; - if (olen<4 || olen>HASH.len) return 0; - - for (int i=0;i<b;i++) K0[i]=0; - - HASH H=new HASH(); - - if (K.length > b) - { - H.process_array(K); B=H.hash(); - for (int i=0;i<32;i++) K0[i]=B[i]; - } - else - for (int i=0;i<K.length;i++ ) K0[i]=K[i]; - - for (int i=0;i<b;i++) K0[i]^=0x36; - H.process_array(K0); H.process_array(M); B=H.hash(); - - for (int i=0;i<b;i++) K0[i]^=0x6a; - H.process_array(K0); H.process_array(B); B=H.hash(); - - for (int i=0;i<olen;i++) tag[i]=B[i]; - - return 1; - } - -/* AES encryption/decryption. Encrypt byte array M using key K and returns ciphertext */ - public static byte[] AES_CBC_IV0_ENCRYPT(byte[] K,byte[] M) - { /* AES CBC encryption, with Null IV and key K */ - /* Input is from an octet string M, output is to an octet string C */ - /* Input is padded as necessary to make up a full final block */ - AES a=new AES(); - boolean fin; - int i,j,ipt,opt; - byte[] buff=new byte[16]; - int clen=16+(M.length/16)*16; - - byte[] C=new byte[clen]; - int padlen; - - a.init(AES.CBC,K,null); - - ipt=opt=0; - fin=false; - for(;;) - { - for (i=0;i<16;i++) - { - if (ipt<M.length) buff[i]=M[ipt++]; - else {fin=true; break;} - } - if (fin) break; - a.encrypt(buff); - for (i=0;i<16;i++) - C[opt++]=buff[i]; - } - -/* last block, filled up to i-th index */ - - padlen=16-i; - for (j=i;j<16;j++) buff[j]=(byte)padlen; - - a.encrypt(buff); - - for (i=0;i<16;i++) - C[opt++]=buff[i]; - a.end(); - return C; - } - -/* returns plaintext if all consistent, else returns null string */ - public static byte[] AES_CBC_IV0_DECRYPT(byte[] K,byte[] C) - { /* padding is removed */ - AES a=new AES(); - int i,ipt,opt,ch; - byte[] buff=new byte[16]; - byte[] MM=new byte[C.length]; - boolean fin,bad; - int padlen; - ipt=opt=0; - - a.init(AES.CBC,K,null); - - if (C.length==0) return new byte[0]; - ch=C[ipt++]; - - fin=false; - - for(;;) - { - for (i=0;i<16;i++) - { - buff[i]=(byte)ch; - if (ipt>=C.length) {fin=true; break;} - else ch=C[ipt++]; - } - a.decrypt(buff); - if (fin) break; - for (i=0;i<16;i++) - MM[opt++]=buff[i]; - } - - a.end(); - bad=false; - padlen=buff[15]; - if (i!=15 || padlen<1 || padlen>16) bad=true; - if (padlen>=2 && padlen<=16) - for (i=16-padlen;i<16;i++) if (buff[i]!=padlen) bad=true; - - if (!bad) for (i=0;i<16-padlen;i++) - MM[opt++]=buff[i]; - - if (bad) return new byte[0]; - - byte[] M=new byte[opt]; - for (i=0;i<opt;i++) M[i]=MM[i]; - - return M; - } - -/* Calculate a public/private EC GF(p) key pair W,S where W=S.G mod EC(p), - * where S is the secret key and W is the public key - * and G is fixed generator. - * If RNG is NULL then the private key is provided externally in S - * otherwise it is generated randomly internally */ - public static int KEY_PAIR_GENERATE(RAND RNG,byte[] S,byte[] W) - { - BIG r,gx,gy,s,wx,wy; - ECP G,WP; - int res=0; - byte[] T=new byte[EFS]; - - gx=new BIG(ROM.CURVE_Gx); - - if (ROM.CURVETYPE!=ROM.MONTGOMERY) - { - gy=new BIG(ROM.CURVE_Gy); - G=new ECP(gx,gy); - } - else - G=new ECP(gx); - - r=new BIG(ROM.CURVE_Order); - - if (RNG==null) - { - s=BIG.fromBytes(S); - } - else - { - s=BIG.randomnum(r,RNG); - - s.toBytes(T); - for (int i=0;i<EGS;i++) S[i]=T[i]; - } - - WP=G.mul(s); - WP.toBytes(W); - - return res; - } - -/* validate public key. Set full=true for fuller check */ - public static int PUBLIC_KEY_VALIDATE(boolean full,byte[] W) - { - BIG r; - ECP WP=ECP.fromBytes(W); - int res=0; - - r=new BIG(ROM.CURVE_Order); - - if (WP.is_infinity()) res=INVALID_PUBLIC_KEY; - - if (res==0 && full) - { - WP=WP.mul(r); - if (!WP.is_infinity()) res=INVALID_PUBLIC_KEY; - } - return res; - } - -/* IEEE-1363 Diffie-Hellman online calculation Z=S.WD */ - public static int ECPSVDP_DH(byte[] S,byte[] WD,byte[] Z) - { - BIG r,s,wx,wy,z; - int valid; - ECP W; - int res=0; - byte[] T=new byte[EFS]; - - s=BIG.fromBytes(S); - - W=ECP.fromBytes(WD); - if (W.is_infinity()) res=ERROR; - - if (res==0) - { - r=new BIG(ROM.CURVE_Order); - s.mod(r); - - W=W.mul(s); - if (W.is_infinity()) res=ERROR; - else - { - W.getX().toBytes(T); - for (int i=0;i<EFS;i++) Z[i]=T[i]; - } - } - return res; - } - -/* IEEE ECDSA Signature, C and D are signature on F using private key S */ - public static int ECPSP_DSA(RAND RNG,byte[] S,byte[] F,byte[] C,byte[] D) - { - byte[] T=new byte[EFS]; - BIG gx,gy,r,s,f,c,d,u,vx; - ECP G,V; - - HASH H=new HASH(); - H.process_array(F); - byte[] B=H.hash(); - - gx=new BIG(ROM.CURVE_Gx); - gy=new BIG(ROM.CURVE_Gy); - - G=new ECP(gx,gy); - r=new BIG(ROM.CURVE_Order); - - s=BIG.fromBytes(S); - f=BIG.fromBytes(B); - - c=new BIG(0); - d=new BIG(0); - V=new ECP(); - - do { - u=BIG.randomnum(r,RNG); - - V.copy(G); - V=V.mul(u); - vx=V.getX(); - c.copy(vx); - c.mod(r); - if (c.iszilch()) continue; - u.invmodp(r); - d.copy(BIG.modmul(s,c,r)); - d.add(f); - d.copy(BIG.modmul(u,d,r)); - } while (d.iszilch()); - - c.toBytes(T); - for (int i=0;i<EFS;i++) C[i]=T[i]; - d.toBytes(T); - for (int i=0;i<EFS;i++) D[i]=T[i]; - return 0; - } - -/* IEEE1363 ECDSA Signature Verification. Signature C and D on F is verified using public key W */ - public static int ECPVP_DSA(byte[] W,byte[] F, byte[] C,byte[] D) - { - BIG r,gx,gy,f,c,d,h2; - int res=0; - ECP G,WP,P; - int valid; - - HASH H=new HASH(); - H.process_array(F); - byte[] B=H.hash(); - - gx=new BIG(ROM.CURVE_Gx); - gy=new BIG(ROM.CURVE_Gy); - - G=new ECP(gx,gy); - r=new BIG(ROM.CURVE_Order); - - c=BIG.fromBytes(C); - d=BIG.fromBytes(D); - f=BIG.fromBytes(B); - - if (c.iszilch() || BIG.comp(c,r)>=0 || d.iszilch() || BIG.comp(d,r)>=0) - res=INVALID; - - if (res==0) - { - d.invmodp(r); - f.copy(BIG.modmul(f,d,r)); - h2=BIG.modmul(c,d,r); - - WP=ECP.fromBytes(W); - if (WP.is_infinity()) res=ERROR; - else - { - P=new ECP(); - P.copy(WP); - P=P.mul2(h2,G,f); - if (P.is_infinity()) res=INVALID; - else - { - d=P.getX(); - d.mod(r); - if (BIG.comp(d,c)!=0) res=INVALID; - } - } - } - - return res; - } - -/* IEEE1363 ECIES encryption. Encryption of plaintext M uses public key W and produces ciphertext V,C,T */ - public static byte[] ECIES_ENCRYPT(byte[] P1,byte[] P2,RAND RNG,byte[] W,byte[] M,byte[] V,byte[] T) - { - int i,len; - - byte[] Z=new byte[EFS]; - byte[] VZ=new byte[3*EFS+1]; - byte[] K1=new byte[EAS]; - byte[] K2=new byte[EAS]; - byte[] U=new byte[EGS]; - - if (KEY_PAIR_GENERATE(RNG,U,V)!=0) return new byte[0]; - if (ECPSVDP_DH(U,W,Z)!=0) return new byte[0]; - - for (i=0;i<2*EFS+1;i++) VZ[i]=V[i]; - for (i=0;i<EFS;i++) VZ[2*EFS+1+i]=Z[i]; - - - byte[] K=KDF2(VZ,P1,EFS); - - for (i=0;i<EAS;i++) {K1[i]=K[i]; K2[i]=K[EAS+i];} - - byte[] C=AES_CBC_IV0_ENCRYPT(K1,M); - - byte[] L2=inttoBytes(P2.length,8); - - byte[] AC=new byte[C.length+P2.length+8]; - for (i=0;i<C.length;i++) AC[i]=C[i]; - for (i=0;i<P2.length;i++) AC[C.length+i]=P2[i]; - for (i=0;i<8;i++) AC[C.length+P2.length+i]=L2[i]; - - HMAC(AC,K2,T); - - return C; - } - -/* IEEE1363 ECIES decryption. Decryption of ciphertext V,C,T using private key U outputs plaintext M */ - public static byte[] ECIES_DECRYPT(byte[] P1,byte[] P2,byte[] V,byte[] C,byte[] T,byte[] U) - { - - int i,len; - - byte[] Z=new byte[EFS]; - byte[] VZ=new byte[3*EFS+1]; - byte[] K1=new byte[EAS]; - byte[] K2=new byte[EAS]; - byte[] TAG=new byte[T.length]; - - if (ECPSVDP_DH(U,V,Z)!=0) return new byte[0]; - - for (i=0;i<2*EFS+1;i++) VZ[i]=V[i]; - for (i=0;i<EFS;i++) VZ[2*EFS+1+i]=Z[i]; - - byte[] K=KDF2(VZ,P1,EFS); - - for (i=0;i<EAS;i++) {K1[i]=K[i]; K2[i]=K[EAS+i];} - - byte[] M=AES_CBC_IV0_DECRYPT(K1,C); - - if (M.length==0) return M; - - byte[] L2=inttoBytes(P2.length,8); - - byte[] AC=new byte[C.length+P2.length+8]; - - for (i=0;i<C.length;i++) AC[i]=C[i]; - for (i=0;i<P2.length;i++) AC[C.length+i]=P2[i]; - for (i=0;i<8;i++) AC[C.length+P2.length+i]=L2[i]; - - HMAC(AC,K2,TAG); - - boolean same=true; - for (i=0;i<T.length;i++) if (T[i]!=TAG[i]) same=false; - if (!same) return new byte[0]; - - return M; - - } -} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java/ECP.java ---------------------------------------------------------------------- diff --git a/java/ECP.java b/java/ECP.java deleted file mode 100755 index af7fa76..0000000 --- a/java/ECP.java +++ /dev/null @@ -1,920 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -/* Elliptic Curve Point class */ - -public final class ECP { - private FP x; - private FP y; - private FP z; - private boolean INF; - -/* Constructor - set to O */ - public ECP() { - INF=true; - x=new FP(0); - y=new FP(1); - z=new FP(1); - } -/* test for O point-at-infinity */ - public boolean is_infinity() { - if (ROM.CURVETYPE==ROM.EDWARDS) - { - x.reduce(); y.reduce(); z.reduce(); - return (x.iszilch() && y.equals(z)); - } - else return INF; - } -/* Conditional swap of P and Q dependant on d */ - private void cswap(ECP Q,int d) - { - x.cswap(Q.x,d); - if (ROM.CURVETYPE!=ROM.MONTGOMERY) y.cswap(Q.y,d); - z.cswap(Q.z,d); - if (ROM.CURVETYPE!=ROM.EDWARDS) - { - boolean bd; - if (d==0) bd=false; - else bd=true; - bd=bd&(INF^Q.INF); - INF^=bd; - Q.INF^=bd; - } - } - -/* Conditional move of Q to P dependant on d */ - private void cmove(ECP Q,int d) - { - x.cmove(Q.x,d); - if (ROM.CURVETYPE!=ROM.MONTGOMERY) y.cmove(Q.y,d); - z.cmove(Q.z,d); - if (ROM.CURVETYPE!=ROM.EDWARDS) - { - boolean bd; - if (d==0) bd=false; - else bd=true; - INF^=(INF^Q.INF)&bd; - } - } - -/* return 1 if b==c, no branching */ - private static int teq(int b,int c) - { - int x=b^c; - x-=1; // if x=0, x now -1 - return ((x>>31)&1); - } - -/* Constant time select from pre-computed table */ - private void select(ECP W[],int b) - { - ECP MP=new ECP(); - int m=b>>31; - int babs=(b^m)-m; - - babs=(babs-1)/2; - - cmove(W[0],teq(babs,0)); // conditional move - cmove(W[1],teq(babs,1)); - cmove(W[2],teq(babs,2)); - cmove(W[3],teq(babs,3)); - cmove(W[4],teq(babs,4)); - cmove(W[5],teq(babs,5)); - cmove(W[6],teq(babs,6)); - cmove(W[7],teq(babs,7)); - - MP.copy(this); - MP.neg(); - cmove(MP,(int)(m&1)); - } - -/* Test P == Q */ - public boolean equals(ECP Q) { - if (is_infinity() && Q.is_infinity()) return true; - if (is_infinity() || Q.is_infinity()) return false; - if (ROM.CURVETYPE==ROM.WEIERSTRASS) - { - FP zs2=new FP(z); zs2.sqr(); - FP zo2=new FP(Q.z); zo2.sqr(); - FP zs3=new FP(zs2); zs3.mul(z); - FP zo3=new FP(zo2); zo3.mul(Q.z); - zs2.mul(Q.x); - zo2.mul(x); - if (!zs2.equals(zo2)) return false; - zs3.mul(Q.y); - zo3.mul(y); - if (!zs3.equals(zo3)) return false; - } - else - { - FP a=new FP(0); - FP b=new FP(0); - a.copy(x); a.mul(Q.z); a.reduce(); - b.copy(Q.x); b.mul(z); b.reduce(); - if (!a.equals(b)) return false; - if (ROM.CURVETYPE==ROM.EDWARDS) - { - a.copy(y); a.mul(Q.z); a.reduce(); - b.copy(Q.y); b.mul(z); b.reduce(); - if (!a.equals(b)) return false; - } - } - return true; - } - -/* this=P */ - public void copy(ECP P) - { - x.copy(P.x); - if (ROM.CURVETYPE!=ROM.MONTGOMERY) y.copy(P.y); - z.copy(P.z); - INF=P.INF; - } -/* this=-this */ - public void neg() { - if (is_infinity()) return; - if (ROM.CURVETYPE==ROM.WEIERSTRASS) - { - y.neg(); y.norm(); - } - if (ROM.CURVETYPE==ROM.EDWARDS) - { - x.neg(); x.norm(); - } - return; - } -/* set this=O */ - public void inf() { - INF=true; - x.zero(); - y.one(); - z.one(); - // y=new FP(1); - // z=new FP(1); - } - -/* Calculate RHS of curve equation */ - public static FP RHS(FP x) { - x.norm(); - FP r=new FP(x); - r.sqr(); - - if (ROM.CURVETYPE==ROM.WEIERSTRASS) - { // x^3+Ax+B - FP b=new FP(new BIG(ROM.CURVE_B)); - r.mul(x); - if (ROM.CURVE_A==-3) - { - FP cx=new FP(x); - cx.imul(3); - cx.neg(); cx.norm(); - r.add(cx); - } - r.add(b); - } - if (ROM.CURVETYPE==ROM.EDWARDS) - { // (Ax^2-1)/(Bx^2-1) - FP b=new FP(new BIG(ROM.CURVE_B)); - - FP one=new FP(1); - b.mul(r); - b.sub(one); - if (ROM.CURVE_A==-1) r.neg(); - r.sub(one); - - b.inverse(); - - r.mul(b); - } - if (ROM.CURVETYPE==ROM.MONTGOMERY) - { // x^3+Ax^2+x - FP x3=new FP(0); - x3.copy(r); - x3.mul(x); - r.imul(ROM.CURVE_A); - r.add(x3); - r.add(x); - } - r.reduce(); - return r; - } - -/* set (x,y) from two BIGs */ - public ECP(BIG ix,BIG iy) { - x=new FP(ix); - y=new FP(iy); - z=new FP(1); - FP rhs=RHS(x); - - if (ROM.CURVETYPE==ROM.MONTGOMERY) - { - if (rhs.jacobi()==1) INF=false; - else inf(); - } - else - { - FP y2=new FP(y); - y2.sqr(); - if (y2.equals(rhs)) INF=false; - else inf(); - } - } -/* set (x,y) from BIG and a bit */ - public ECP(BIG ix,int s) { - x=new FP(ix); - FP rhs=RHS(x); - y=new FP(0); - z=new FP(1); - if (rhs.jacobi()==1) - { - FP ny=rhs.sqrt(); - if (ny.redc().parity()!=s) ny.neg(); - y.copy(ny); - INF=false; - } - else inf(); - } - -/* set from x - calculate y from curve equation */ - public ECP(BIG ix) { - x=new FP(ix); - FP rhs=RHS(x); - y=new FP(0); - z=new FP(1); - if (rhs.jacobi()==1) - { - if (ROM.CURVETYPE!=ROM.MONTGOMERY) y.copy(rhs.sqrt()); - INF=false; - } - else INF=true; - } - -/* set to affine - from (x,y,z) to (x,y) */ - public void affine() { - if (is_infinity()) return; - FP one=new FP(1); - if (z.equals(one)) return; - z.inverse(); - if (ROM.CURVETYPE==ROM.WEIERSTRASS) - { - FP z2=new FP(z); - z2.sqr(); - x.mul(z2); x.reduce(); - y.mul(z2); - y.mul(z); y.reduce(); - } - if (ROM.CURVETYPE==ROM.EDWARDS) - { - x.mul(z); x.reduce(); - y.mul(z); y.reduce(); - } - if (ROM.CURVETYPE==ROM.MONTGOMERY) - { - x.mul(z); x.reduce(); - } - z.copy(one); - } -/* extract x as a BIG */ - public BIG getX() - { - affine(); - return x.redc(); - } -/* extract y as a BIG */ - public BIG getY() - { - affine(); - return y.redc(); - } - -/* get sign of Y */ - public int getS() - { - affine(); - BIG y=getY(); - return y.parity(); - } -/* extract x as an FP */ - public FP getx() - { - return x; - } -/* extract y as an FP */ - public FP gety() - { - return y; - } -/* extract z as an FP */ - public FP getz() - { - return z; - } -/* convert to byte array */ - public void toBytes(byte[] b) - { - byte[] t=new byte[ROM.MODBYTES]; - if (ROM.CURVETYPE!=ROM.MONTGOMERY) b[0]=0x04; - else b[0]=0x02; - - affine(); - x.redc().toBytes(t); - for (int i=0;i<ROM.MODBYTES;i++) b[i+1]=t[i]; - if (ROM.CURVETYPE!=ROM.MONTGOMERY) - { - y.redc().toBytes(t); - for (int i=0;i<ROM.MODBYTES;i++) b[i+ROM.MODBYTES+1]=t[i]; - } - } -/* convert from byte array to point */ - public static ECP fromBytes(byte[] b) - { - byte[] t=new byte[ROM.MODBYTES]; - BIG p=new BIG(ROM.Modulus); - - for (int i=0;i<ROM.MODBYTES;i++) t[i]=b[i+1]; - BIG px=BIG.fromBytes(t); - if (BIG.comp(px,p)>=0) return new ECP(); - - if (b[0]==0x04) - { - for (int i=0;i<ROM.MODBYTES;i++) t[i]=b[i+ROM.MODBYTES+1]; - BIG py=BIG.fromBytes(t); - if (BIG.comp(py,p)>=0) return new ECP(); - return new ECP(px,py); - } - else return new ECP(px); - } -/* convert to hex string */ - public String toString() { - if (is_infinity()) return "infinity"; - affine(); - if (ROM.CURVETYPE==ROM.MONTGOMERY) return "("+x.redc().toString()+")"; - else return "("+x.redc().toString()+","+y.redc().toString()+")"; - } -/* this*=2 */ - public void dbl() { - if (ROM.CURVETYPE==ROM.WEIERSTRASS) - { - if (INF) return; - if (y.iszilch()) - { - inf(); - return; - } - - FP w1=new FP(x); - FP w6=new FP(z); - FP w2=new FP(0); - FP w3=new FP(x); - FP w8=new FP(x); - - if (ROM.CURVE_A==-3) - { - w6.sqr(); - w1.copy(w6); - w1.neg(); - w3.add(w1); - w8.add(w6); - w3.mul(w8); - w8.copy(w3); - w8.imul(3); - } - else - { - w1.sqr(); - w8.copy(w1); - w8.imul(3); - } - - w2.copy(y); w2.sqr(); - w3.copy(x); w3.mul(w2); - w3.imul(4); - w1.copy(w3); w1.neg(); - w1.norm(); - - x.copy(w8); x.sqr(); - x.add(w1); - x.add(w1); - x.norm(); - - z.mul(y); - z.add(z); - - w2.add(w2); - w2.sqr(); - w2.add(w2); - w3.sub(x); - y.copy(w8); y.mul(w3); - //w2.norm(); - y.sub(w2); - y.norm(); - z.norm(); - } - if (ROM.CURVETYPE==ROM.EDWARDS) - { - FP C=new FP(x); - FP D=new FP(y); - FP H=new FP(z); - FP J=new FP(0); - - x.mul(y); x.add(x); - C.sqr(); - D.sqr(); - if (ROM.CURVE_A==-1) C.neg(); - y.copy(C); y.add(D); - y.norm(); - H.sqr(); H.add(H); - z.copy(y); - J.copy(y); J.sub(H); - x.mul(J); - C.sub(D); - y.mul(C); - z.mul(J); - - x.norm(); - y.norm(); - z.norm(); - } - if (ROM.CURVETYPE==ROM.MONTGOMERY) - { - FP A=new FP(x); - FP B=new FP(x); - FP AA=new FP(0); - FP BB=new FP(0); - FP C=new FP(0); - - if (INF) return; - - A.add(z); - AA.copy(A); AA.sqr(); - B.sub(z); - BB.copy(B); BB.sqr(); - C.copy(AA); C.sub(BB); - //C.norm(); - - x.copy(AA); x.mul(BB); - - A.copy(C); A.imul((ROM.CURVE_A+2)/4); - - BB.add(A); - z.copy(BB); z.mul(C); - x.norm(); - z.norm(); - } - return; - } - -/* this+=Q */ - public void add(ECP Q) { - if (ROM.CURVETYPE==ROM.WEIERSTRASS) - { - if (INF) - { - copy(Q); - return; - } - if (Q.INF) return; - - boolean aff=false; - - FP one=new FP(1); - if (Q.z.equals(one)) aff=true; - - FP A,C; - FP B=new FP(z); - FP D=new FP(z); - if (!aff) - { - A=new FP(Q.z); - C=new FP(Q.z); - - A.sqr(); B.sqr(); - C.mul(A); D.mul(B); - - A.mul(x); - C.mul(y); - } - else - { - A=new FP(x); - C=new FP(y); - - B.sqr(); - D.mul(B); - } - - B.mul(Q.x); B.sub(A); - D.mul(Q.y); D.sub(C); - - if (B.iszilch()) - { - if (D.iszilch()) - { - dbl(); - return; - } - else - { - INF=true; - return; - } - } - - if (!aff) z.mul(Q.z); - z.mul(B); - - FP e=new FP(B); e.sqr(); - B.mul(e); - A.mul(e); - - e.copy(A); - e.add(A); e.add(B); - x.copy(D); x.sqr(); x.sub(e); - - A.sub(x); - y.copy(A); y.mul(D); - C.mul(B); y.sub(C); - - x.norm(); - y.norm(); - z.norm(); - } - if (ROM.CURVETYPE==ROM.EDWARDS) - { - FP b=new FP(new BIG(ROM.CURVE_B)); - FP A=new FP(z); - FP B=new FP(0); - FP C=new FP(x); - FP D=new FP(y); - FP E=new FP(0); - FP F=new FP(0); - FP G=new FP(0); - // FP H=new FP(0); - // FP I=new FP(0); - - A.mul(Q.z); - B.copy(A); B.sqr(); - C.mul(Q.x); - D.mul(Q.y); - - E.copy(C); E.mul(D); E.mul(b); - F.copy(B); F.sub(E); - G.copy(B); G.add(E); - C.add(D); - - if (ROM.CURVE_A==1) - { - E.copy(D); D.sub(C); - } - - B.copy(x); B.add(y); - D.copy(Q.x); D.add(Q.y); - B.mul(D); - B.sub(C); - B.mul(F); - x.copy(A); x.mul(B); - - if (ROM.CURVE_A==1) - { - C.copy(E); C.mul(G); - } - if (ROM.CURVE_A==-1) - { - C.mul(G); - } - y.copy(A); y.mul(C); - z.copy(F); z.mul(G); - x.norm(); y.norm(); z.norm(); - } - return; - } - -/* Differential Add for Montgomery curves. this+=Q where W is this-Q and is affine. */ - public void dadd(ECP Q,ECP W) { - FP A=new FP(x); - FP B=new FP(x); - FP C=new FP(Q.x); - FP D=new FP(Q.x); - FP DA=new FP(0); - FP CB=new FP(0); - - A.add(z); - B.sub(z); - - C.add(Q.z); - D.sub(Q.z); - - DA.copy(D); DA.mul(A); - CB.copy(C); CB.mul(B); - - A.copy(DA); A.add(CB); A.sqr(); - B.copy(DA); B.sub(CB); B.sqr(); - - x.copy(A); - z.copy(W.x); z.mul(B); - - if (z.iszilch()) inf(); - else INF=false; - - x.norm(); - } -/* this-=Q */ - public void sub(ECP Q) { - Q.neg(); - add(Q); - Q.neg(); - } - - public static void multiaffine(int m,ECP[] P) - { - int i; - FP t1=new FP(0); - FP t2=new FP(0); - - FP[] work=new FP[m]; - - for (i=0;i<m;i++) - work[i]=new FP(0); - - work[0].one(); - work[1].copy(P[0].z); - - for (i=2;i<m;i++) - { - work[i].copy(work[i-1]); - work[i].mul(P[i-1].z); - } - - t1.copy(work[m-1]); - t1.mul(P[m-1].z); - t1.inverse(); - t2.copy(P[m-1].z); - work[m-1].mul(t1); - - for (i=m-2;;i--) - { - if (i==0) - { - work[0].copy(t1); - work[0].mul(t2); - break; - } - work[i].mul(t2); - work[i].mul(t1); - t2.mul(P[i].z); - } -/* now work[] contains inverses of all Z coordinates */ - - for (i=0;i<m;i++) - { - P[i].z.one(); - t1.copy(work[i]); - t1.sqr(); - P[i].x.mul(t1); - t1.mul(work[i]); - P[i].y.mul(t1); - } - } - -/* constant time multiply by small integer of length bts - use ladder */ - public ECP pinmul(int e,int bts) { - if (ROM.CURVETYPE==ROM.MONTGOMERY) - return this.mul(new BIG(e)); - else - { - int nb,i,b; - ECP P=new ECP(); - ECP R0=new ECP(); - ECP R1=new ECP(); R1.copy(this); - - for (i=bts-1;i>=0;i--) - { - b=(e>>i)&1; - P.copy(R1); - P.add(R0); - R0.cswap(R1,b); - R1.copy(P); - R0.dbl(); - R0.cswap(R1,b); - } - P.copy(R0); - P.affine(); - return P; - } - } - -/* return e.this */ - - public ECP mul(BIG e) { - if (e.iszilch() || is_infinity()) return new ECP(); - - ECP P=new ECP(); - if (ROM.CURVETYPE==ROM.MONTGOMERY) - { -/* use Ladder */ - int nb,i,b; - ECP D=new ECP(); - ECP R0=new ECP(); R0.copy(this); - ECP R1=new ECP(); R1.copy(this); - R1.dbl(); - D.copy(this); D.affine(); - nb=e.nbits(); - for (i=nb-2;i>=0;i--) - { - b=e.bit(i); - P.copy(R1); - P.dadd(R0,D); - R0.cswap(R1,b); - R1.copy(P); - R0.dbl(); - R0.cswap(R1,b); - } - P.copy(R0); - } - else - { -// fixed size windows - int i,b,nb,m,s,ns; - BIG mt=new BIG(); - BIG t=new BIG(); - ECP Q=new ECP(); - ECP C=new ECP(); - ECP[] W=new ECP[8]; - byte[] w=new byte[1+(ROM.NLEN*ROM.BASEBITS+3)/4]; - - affine(); - -// precompute table - Q.copy(this); - Q.dbl(); - W[0]=new ECP(); - W[0].copy(this); - - for (i=1;i<8;i++) - { - W[i]=new ECP(); - W[i].copy(W[i-1]); - W[i].add(Q); - } - -// convert the table to affine - if (ROM.CURVETYPE==ROM.WEIERSTRASS) - multiaffine(8,W); - -// make exponent odd - add 2P if even, P if odd - t.copy(e); - s=t.parity(); - t.inc(1); t.norm(); ns=t.parity(); mt.copy(t); mt.inc(1); mt.norm(); - t.cmove(mt,s); - Q.cmove(this,ns); - C.copy(Q); - - nb=1+(t.nbits()+3)/4; - -// convert exponent to signed 4-bit window - for (i=0;i<nb;i++) - { - w[i]=(byte)(t.lastbits(5)-16); - t.dec(w[i]); t.norm(); - t.fshr(4); - } - w[nb]=(byte)t.lastbits(5); - - P.copy(W[(w[nb]-1)/2]); - for (i=nb-1;i>=0;i--) - { - Q.select(W,w[i]); - P.dbl(); - P.dbl(); - P.dbl(); - P.dbl(); - P.add(Q); - } - P.sub(C); /* apply correction */ - } - P.affine(); - return P; - } - -/* Return e.this+f.Q */ - - public ECP mul2(BIG e,ECP Q,BIG f) { - BIG te=new BIG(); - BIG tf=new BIG(); - BIG mt=new BIG(); - ECP S=new ECP(); - ECP T=new ECP(); - ECP C=new ECP(); - ECP[] W=new ECP[8]; - byte[] w=new byte[1+(ROM.NLEN*ROM.BASEBITS+1)/2]; - int i,s,ns,nb; - byte a,b; - - affine(); - Q.affine(); - - te.copy(e); - tf.copy(f); - -// precompute table - W[1]=new ECP(); W[1].copy(this); W[1].sub(Q); - W[2]=new ECP(); W[2].copy(this); W[2].add(Q); - S.copy(Q); S.dbl(); - W[0]=new ECP(); W[0].copy(W[1]); W[0].sub(S); - W[3]=new ECP(); W[3].copy(W[2]); W[3].add(S); - T.copy(this); T.dbl(); - W[5]=new ECP(); W[5].copy(W[1]); W[5].add(T); - W[6]=new ECP(); W[6].copy(W[2]); W[6].add(T); - W[4]=new ECP(); W[4].copy(W[5]); W[4].sub(S); - W[7]=new ECP(); W[7].copy(W[6]); W[7].add(S); - -// convert the table to affine - if (ROM.CURVETYPE==ROM.WEIERSTRASS) - multiaffine(8,W); - -// if multiplier is odd, add 2, else add 1 to multiplier, and add 2P or P to correction - - s=te.parity(); - te.inc(1); te.norm(); ns=te.parity(); mt.copy(te); mt.inc(1); mt.norm(); - te.cmove(mt,s); - T.cmove(this,ns); - C.copy(T); - - s=tf.parity(); - tf.inc(1); tf.norm(); ns=tf.parity(); mt.copy(tf); mt.inc(1); mt.norm(); - tf.cmove(mt,s); - S.cmove(Q,ns); - C.add(S); - - mt.copy(te); mt.add(tf); mt.norm(); - nb=1+(mt.nbits()+1)/2; - -// convert exponent to signed 2-bit window - for (i=0;i<nb;i++) - { - a=(byte)(te.lastbits(3)-4); - te.dec(a); te.norm(); - te.fshr(2); - b=(byte)(tf.lastbits(3)-4); - tf.dec(b); tf.norm(); - tf.fshr(2); - w[i]=(byte)(4*a+b); - } - w[nb]=(byte)(4*te.lastbits(3)+tf.lastbits(3)); - S.copy(W[(w[nb]-1)/2]); - - for (i=nb-1;i>=0;i--) - { - T.select(W,w[i]); - S.dbl(); - S.dbl(); - S.add(T); - } - S.sub(C); /* apply correction */ - S.affine(); - return S; - } - -/* - public static void main(String[] args) { - - BIG Gx=new BIG(ROM.CURVE_Gx); - BIG Gy; - ECP P; - if (ROM.CURVETYPE!=ROM.MONTGOMERY) Gy=new BIG(ROM.CURVE_Gy); - BIG r=new BIG(ROM.CURVE_Order); - - //r.dec(7); - - System.out.println("Gx= "+Gx.toString()); - if (ROM.CURVETYPE!=ROM.MONTGOMERY) System.out.println("Gy= "+Gy.toString()); - - if (ROM.CURVETYPE!=ROM.MONTGOMERY) P=new ECP(Gx,Gy); - else P=new ECP(Gx); - - System.out.println("P= "+P.toString()); - - ECP R=P.mul(r); - //for (int i=0;i<10000;i++) - // R=P.mul(r); - - System.out.println("R= "+R.toString()); - } */ -} -
