You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@milagro.apache.org by br...@apache.org on 2018/11/07 23:50:18 UTC
[41/51] [partial] incubator-milagro-crypto git commit: update code
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/wcc.c
----------------------------------------------------------------------
diff --git a/c/wcc.c b/c/wcc.c
deleted file mode 100755
index c1c8a75..0000000
--- a/c/wcc.c
+++ /dev/null
@@ -1,823 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/**
- * @file wcc.c
- * @author Mike Scott and Kealan McCusker
- * @date 28th April 2016
- * @brief Wang / Chow Choo (WCC) definitions
- *
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "wcc.h"
-
-// #define DEBUG
-
-/* general purpose hashing functions */
-static void start_hash(hash *sha)
-{
- HASH_init(sha);
-}
-
-static void add_to_hash(hash *sha,octet *x)
-{
- int i;
- for (i=0;i<x->len;i++)
- {
- /*printf("%d,",(unsigned char)x->val[i]);*/
- HASH_process(sha,x->val[i]);
- }
-}
-
-static void finish_hash(hash *sha,octet *w)
-{
- int i;
- char hh[HASH_BYTES];
- HASH_hash(sha,hh);
-
- OCT_empty(w);
- OCT_jbytes(w,hh,HASH_BYTES);
- for (i=0;i<HASH_BYTES;i++) hh[i]=0;
-}
-
-/* map octet string to point on curve */
-static void mapit(octet *h,ECP *P)
-{
- BIG q,px;
- BIG_fromBytes(px,h->val);
- BIG_rcopy(q,Modulus);
- BIG_mod(px,q);
-
- while (!ECP_setx(P,px,0))
- BIG_inc(px,1);
-}
-
-/* maps to hash value to point on G2 */
-static void mapit2(octet *h,ECP2 *Q)
-{
- BIG q,one,Fx,Fy,x,hv;
- FP2 X;
- ECP2 T,K;
- BIG_fromBytes(hv,h->val);
- BIG_rcopy(q,Modulus);
- BIG_one(one);
- BIG_mod(hv,q);
-
- for (;;)
- {
- FP2_from_BIGs(&X,one,hv);
- if (ECP2_setx(Q,&X)) break;
- BIG_inc(hv,1);
- }
-
- /* Fast Hashing to G2 - Fuentes-Castaneda, Knapp and Rodriguez-Henriquez */
- BIG_rcopy(Fx,CURVE_Fra);
- BIG_rcopy(Fy,CURVE_Frb);
- FP2_from_BIGs(&X,Fx,Fy);
- BIG_rcopy(x,CURVE_Bnx);
-
- ECP2_copy(&T,Q);
- ECP2_mul(&T,x);
- ECP2_neg(&T); /* our x is negative */
- ECP2_copy(&K,&T);
- ECP2_dbl(&K);
- ECP2_add(&K,&T);
- ECP2_affine(&K);
-
- ECP2_frob(&K,&X);
- ECP2_frob(Q,&X); ECP2_frob(Q,&X); ECP2_frob(Q,&X);
- ECP2_add(Q,&T);
- ECP2_add(Q,&K);
- ECP2_frob(&T,&X); ECP2_frob(&T,&X);
- ECP2_add(Q,&T);
- ECP2_affine(Q);
-}
-
-/* Hash number (optional) and octet to octet */
-static void hashit(int n,octet *x,octet *h)
-{
- int i,c[4];
- hash sha;
- char hh[HASH_BYTES];
- BIG px;
-
- HASH_init(&sha);
- if (n>0)
- {
- c[0]=(n>>24)&0xff;
- c[1]=(n>>16)&0xff;
- c[2]=(n>>8)&0xff;
- c[3]=(n)&0xff;
- for (i=0;i<4;i++) HASH_process(&sha,c[i]);
- }
- for (i=0;i<x->len;i++) HASH_process(&sha,x->val[i]);
- HASH_hash(&sha,hh);
- OCT_empty(h);
- OCT_jbytes(h,hh,HASH_BYTES);
- for (i=0;i<HASH_BYTES;i++) hh[i]=0;
-}
-
-
-/*! \brief Hash EC Points and Id to an integer
- *
- * Perform sha256 of EC Points and Id. Map to an integer modulus the
- * curve order
- *
- * <ol>
- * <li> x = toInteger(sha256(A,B,C,D))
- * <li> h = x % q where q is the curve order
- * </ol>
- *
- * @param A EC Point
- * @param B EC Point
- * @param C EC Point
- * @param D Identity
- * @return h Integer
- */
-void WCC_Hq(octet *A,octet *B,octet *C,octet *D,octet *h)
-{
- int i;
- hash sha;
- char hh[HASH_BYTES];
- BIG q,hs;
-
- BIG_rcopy(q,CURVE_Order);
-
-#ifdef DEBUG
- printf("WCC_Hq: A: ");
- OCT_output(A);
- printf("\n");
- printf("WCC_Hq: B: ");
- OCT_output(B);
- printf("\n");
- printf("WCC_Hq: C: ");
- OCT_output(C);
- printf("\n");
- printf("WCC_Hq: D: ");
- OCT_output(D);
- printf("\n");
-#endif
-
- HASH_init(&sha);
- for (i=0;i<A->len;i++) {
- HASH_process(&sha,A->val[i]);
- }
-
- for (i=0;i<B->len;i++) {
- HASH_process(&sha,B->val[i]);
- }
-
- for (i=0;i<C->len;i++) {
- HASH_process(&sha,C->val[i]);
- }
-
- for (i=0;i<D->len;i++) {
- HASH_process(&sha,D->val[i]);
- }
-
- HASH_hash(&sha,hh);
-
- BIG_fromBytes(hs,hh);
- BIG_mod(hs,q);
- for (i=0;i<HASH_BYTES;i++) {
- hh[i]=0;
- }
- BIG_toBytes(h->val,hs);
- h->len=PGS;
-}
-
-/*! \brief Calculate value in G1 multiplied by an integer
- *
- * Calculate a value in G1. VG1 = s*H1(ID) where ID is the identity.
- *
- * <ol>
- * <li> VG1 = s*H1(ID)
- * </ol>
- *
- * @param hashDone ID value is already hashed if set to 1
- * @param S integer modulus curve order
- * @param ID ID value or sha256(ID)
- * @param VG1 EC point VG1 = s*H1(ID)
- * @return rtn Returns 0 if successful or else an error code
- */
-int WCC_GET_G1_MULTIPLE(int hashDone, octet *S,octet *ID,octet *VG1)
-{
- BIG s;
- ECP P;
- char h[HASH_BYTES];
- octet H={0,sizeof(h),h};
-
- if (hashDone) {
- mapit(ID,&P);
- } else {
- hashit(0,ID,&H);
- mapit(&H,&P);
- }
-
- BIG_fromBytes(s,S->val);
- PAIR_G1mul(&P,s);
-
- ECP_toOctet(VG1,&P);
- return 0;
-}
-
-/*! \brief Calculate a value in G1 used for when time permits are enabled
- *
- * Calculate a value in G1 used for when time permits are enabled
- *
- * <ol>
- * <li> VG1 = s*H1(ID) + s*H1(date|sha256(ID))
- * </ol>
- *
- * @param date Epoch days
- * @param S integer modulus curve order
- * @param ID ID value or sha256(ID)
- * @param VG1 EC point in G1
- * @return rtn Returns 0 if successful or else an error code
- */
-int WCC_GET_G1_TPMULT(int date, octet *S,octet *ID,octet *VG1)
-{
- BIG s;
- ECP P,Q;
- char h1[HASH_BYTES];
- octet H1={0,sizeof(h1),h1};
- char h2[HASH_BYTES];
- octet H2={0,sizeof(h2),h2};
-
- // H1(ID)
- hashit(0,ID,&H1);
- mapit(&H1,&P);
-
- // H1(date|sha256(ID))
- hashit(date,&H1,&H2);
- mapit(&H2,&Q);
-
- // P = P + Q
- ECP_add(&P,&Q);
-
- // P = s(P+Q)
- BIG_fromBytes(s,S->val);
- PAIR_G1mul(&P,s);
-
- ECP_toOctet(VG1,&P);
- return 0;
-}
-
-/*! \brief Calculate a value in G2 used for when time permits are enabled
- *
- * Calculate a value in G2 used for when time permits are enabled
- *
- * <ol>
- * <li> VG2 = s*H1(ID) + s*H1(date|sha256(ID))
- * </ol>
- *
- * @param date Epoch days
- * @param S integer modulus curve order
- * @param ID ID value or sha256(ID)
- * @param VG2 EC point in G2
- * @return rtn Returns 0 if successful or else an error code
- */
-int WCC_GET_G2_TPMULT(int date, octet *S,octet *ID,octet *VG2)
-{
- BIG s;
- ECP2 P,Q;
- char h1[HASH_BYTES];
- octet H1={0,sizeof(h1),h1};
- char h2[HASH_BYTES];
- octet H2={0,sizeof(h2),h2};
-
- // H1(ID)
- hashit(0,ID,&H1);
- mapit2(&H1,&P);
-
- // H1(date|sha256(ID))
- hashit(date,&H1,&H2);
- mapit2(&H2,&Q);
-
- // P = P + Q
- ECP2_add(&P,&Q);
-
- // P = s(P+Q)
- BIG_fromBytes(s,S->val);
- PAIR_G2mul(&P,s);
-
- ECP2_toOctet(VG2,&P);
- return 0;
-}
-
-/*! \brief Calculate value in G2 multiplied by an integer
- *
- * Calculate a value in G2. VG2 = s*H2(ID) where ID is the identity.
- *
- * <ol>
- * <li> VG2 = s*H2(ID)
- * </ol>
- *
- * @param hashDone ID is value is already hashed if set to 1
- * @param S integer modulus curve order
- * @param ID ID Value or sha256(ID)
- * @param VG2 EC Point VG2 = s*H2(ID)
- * @return rtn Returns 0 if successful or else an error code
- */
-int WCC_GET_G2_MULTIPLE(int hashDone, octet *S,octet *ID,octet *VG2)
-{
- BIG s;
- ECP2 P;
- char h[HASH_BYTES];
- octet H={0,sizeof(h),h};
-
- if (hashDone) {
- mapit2(ID,&P);
- } else {
- hashit(0,ID,&H);
- mapit2(&H,&P);
- }
-
- BIG_fromBytes(s,S->val);
- PAIR_G2mul(&P,s);
-
- ECP2_toOctet(VG2,&P);
- return 0;
-}
-
-/*! \brief Calculate time permit in G2
- *
- * Calculate time permit in G2.
- *
- * <ol>
- * <li> TPG2=s*H2(date|sha256(ID))
- * </ol>
- *
- * @param date Epoch days
- * @param S Master secret
- * @param HID sha256(ID)
- * @param TPG2 Time Permit in G2
- * @return rtn Returns 0 if successful or else an error code
- */
-int WCC_GET_G2_PERMIT(int date,octet *S,octet *HID,octet *TPG2)
-{
- BIG s;
- ECP2 P;
- char h[HASH_BYTES];
- octet H={0,sizeof(h),h};
-
- hashit(date,HID,&H);
- mapit2(&H,&P);
- BIG_fromBytes(s,S->val);
- PAIR_G2mul(&P,s);
-
- ECP2_toOctet(TPG2,&P);
- return 0;
-}
-
-/*! \brief Calculate the sender AES key
- *
- * Calculate the sender AES Key
- *
- * <ol>
- * <li> j=e((x+pia).AKeyG1,pib.BG2+PbG2)
- * <li> K=H(j,x.PgG1)
- * </ol>
- *
- * @param date Epoch days
- * @param xOct Random x < q where q is the curve order
- * @param piaOct Hq(PaG1,PbG2,PgG1)
- * @param pibOct Hq(PbG2,PaG1,PgG1)
- * @param PbG2Oct y.BG2 where y < q
- * @param PgG1Oct w.AG1 where w < q
- * @param AKeyG1Oct Sender key
- * @param ATPG1Oct Sender time permit
- * @param IdBOct Receiver identity
- * @return AESKeyOct AES key
- * @return rtn Returns 0 if successful or else an error code
- */
-int WCC_SENDER_KEY(int date, octet *xOct, octet *piaOct, octet *pibOct, octet *PbG2Oct, octet *PgG1Oct, octet *AKeyG1Oct, octet *ATPG1Oct, octet *IdBOct, octet *AESKeyOct)
-{
- ECP sAG1,ATPG1,PgG1;
- ECP2 BG2,dateBG2,PbG2;
- char hv1[HASH_BYTES],hv2[HASH_BYTES];
- octet HV1={0,sizeof(hv1),hv1};
- octet HV2={0,sizeof(hv2),hv2};
-
- // Pairing outputs
- FP12 g;
- char pair[12*PFS];
- octet PAIR={0,sizeof(pair),pair};
-
- FP4 c;
- BIG t,x,z,pia,pib;
- char ht[HASH_BYTES];
- octet HT={0,sizeof(ht),ht};
- hash sha;
- char xpgg1[2*PFS+1];
- octet xPgG1Oct={0,sizeof(xpgg1), xpgg1};
-
- BIG_fromBytes(x,xOct->val);
- BIG_fromBytes(pia,piaOct->val);
- BIG_fromBytes(pib,pibOct->val);
-
- if (!ECP2_fromOctet(&PbG2,PbG2Oct)) {
-#ifdef DEBUG
- printf("PbG2Oct Invalid Point: ");
- OCT_output(PbG2Oct);
- printf("\n");
-#endif
- return WCC_INVALID_POINT;
- }
-
- if (!ECP_fromOctet(&PgG1,PgG1Oct)) {
-#ifdef DEBUG
- printf("PgG1Oct Invalid Point: ");
- OCT_output(PgG1Oct);
- printf("\n");
-#endif
- return WCC_INVALID_POINT;
- }
-
- hashit(0,IdBOct,&HV1);
- mapit2(&HV1,&BG2);
-
- if (!ECP_fromOctet(&sAG1,AKeyG1Oct)) {
-#ifdef DEBUG
- printf("AKeyG1Oct Invalid Point: ");
- OCT_output(AKeyG1Oct);
- printf("\n");
-#endif
- return WCC_INVALID_POINT;
- }
-
- // Use time permits
- if (date)
- {
- // calculate e( (s*A+s*H(date|H(AID))) , (B+H(date|H(BID))) )
- if (!ECP_fromOctet(&ATPG1,ATPG1Oct)) {
-#ifdef DEBUG
- printf("ATPG1Oct Invalid Point: ");
- OCT_output(ATPG1Oct);
- printf("\n");
- return WCC_INVALID_POINT;
-#endif
- }
-
- // H2(date|sha256(IdB))
- hashit(date,&HV1,&HV2);
- mapit2(&HV2,&dateBG2);
-
- // sAG1 = sAG1 + ATPG1
- ECP_add(&sAG1, &ATPG1);
- // BG2 = BG2 + H(date|H(IdB))
- ECP2_add(&BG2, &dateBG2);
- }
- // z = x + pia
- BIG_add(z,x,pia);
-
- // (x+pia).AKeyG1
- PAIR_G1mul(&sAG1,z);
-
- // pib.BG2
- PAIR_G2mul(&BG2,pib);
-
- // pib.BG2+PbG2
- ECP2_add(&BG2, &PbG2);
-
- PAIR_ate(&g,&BG2,&sAG1);
- PAIR_fexp(&g);
- // printf("WCC_SENDER_KEY e(sAG1,BG2) = ");FP12_output(&g); printf("\n");
-
- // x.PgG1
- PAIR_G1mul(&PgG1,x);
- ECP_toOctet(&xPgG1Oct,&PgG1);
-
- // Generate AES Key : K=H(k,x.PgG1)
- FP12_trace(&c,&g);
- HT.len=HASH_BYTES;
- start_hash(&sha);
- BIG_copy(t,c.a.a); FP_redc(t); BIG_toBytes(&(HT.val[0]),t);
- add_to_hash(&sha,&HT);
- BIG_copy(t,c.a.b); FP_redc(t); BIG_toBytes(&(HT.val[0]),t);
- add_to_hash(&sha,&HT);
- BIG_copy(t,c.b.a); FP_redc(t); BIG_toBytes(&(HT.val[0]),t);
- add_to_hash(&sha,&HT);
- BIG_copy(t,c.b.b); FP_redc(t); BIG_toBytes(&(HT.val[0]),t);
- add_to_hash(&sha,&HT);
- add_to_hash(&sha,&xPgG1Oct);
- finish_hash(&sha,&HT);
- OCT_empty(AESKeyOct);
- OCT_jbytes(AESKeyOct,HT.val,PAS);
-
- return 0;
-}
-
-/*! \brief Calculate the receiver AES key
- *
- * Calculate time permit in G2.
- *
- * <ol>
- * <li> j=e(pia.AG1+PaG1,(y+pib).BKeyG2)
- * <li> K=H(j,w.PaG1)
- * </ol>
- *
- * @param date Epoch days
- * @param yOct Random y < q where q is the curve order
- * @param wOct Random w < q where q is the curve order
- * @param piaOct Hq(PaG1,PbG2,PgG1)
- * @param pibOct Hq(PbG2,PaG1,PgG1)
- * @param PaG1Oct x.AG1 where x < q
- * @param PgG1Oct w.AG1 where w < q
- * @param BKeyG2Oct Receiver key
- * @param BTPG2Oct Receiver time permit
- * @param IdAOct Sender identity
- * @return AESKeyOct AES key
- * @return rtn Returns 0 if successful or else an error code
- */
-int WCC_RECEIVER_KEY(int date, octet *yOct, octet *wOct, octet *piaOct, octet *pibOct, octet *PaG1Oct, octet *PgG1Oct, octet *BKeyG2Oct,octet *BTPG2Oct, octet *IdAOct, octet *AESKeyOct)
-{
- ECP AG1,dateAG1,PgG1,PaG1;
- ECP2 sBG2,BTPG2;
- char hv1[HASH_BYTES],hv2[HASH_BYTES];
- octet HV1={0,sizeof(hv1),hv1};
- octet HV2={0,sizeof(hv2),hv2};
-
- // Pairing outputs
- FP12 g;
- char pair[12*PFS];
- octet PAIR={0,sizeof(pair),pair};
-
- FP4 c;
- BIG t,w,y,pia,pib;;
- char ht[HASH_BYTES];
- octet HT={0,sizeof(ht),ht};
- hash sha;
- char wpag1[2*PFS+1];
- octet wPaG1Oct={0,sizeof(wpag1), wpag1};
- BIG_fromBytes(y,yOct->val);
- BIG_fromBytes(w,wOct->val);
- BIG_fromBytes(pia,piaOct->val);
- BIG_fromBytes(pib,pibOct->val);
-
- if (!ECP_fromOctet(&PaG1,PaG1Oct))
- return WCC_INVALID_POINT;
-
- if (!ECP_fromOctet(&PgG1,PgG1Oct))
- return WCC_INVALID_POINT;
-
- hashit(0,IdAOct,&HV1);
- mapit(&HV1,&AG1);
-
- if (!ECP2_fromOctet(&sBG2,BKeyG2Oct))
- return WCC_INVALID_POINT;
-
- if (date) {
- // Calculate e( (A+H(date|H(AID))) , (s*B+s*H(date|H(IdB))) )
- if (!ECP2_fromOctet(&BTPG2,BTPG2Oct))
- return WCC_INVALID_POINT;
-
- // H1(date|sha256(AID))
- hashit(date,&HV1,&HV2);
- mapit(&HV2,&dateAG1);
-
- // sBG2 = sBG2 + TPG2
- ECP2_add(&sBG2, &BTPG2);
- // AG1 = AG1 + H(date|H(AID))
- ECP_add(&AG1, &dateAG1);
- }
- // y = y + pib
- BIG_add(y,y,pib);
-
- // (y+pib).BKeyG2
- PAIR_G2mul(&sBG2,y);
-
- // pia.AG1
- PAIR_G1mul(&AG1,pia);
-
- // pia.AG1+PaG1
- ECP_add(&AG1, &PaG1);
-
- PAIR_ate(&g,&sBG2,&AG1);
- PAIR_fexp(&g);
- // printf("WCC_RECEIVER_KEY e(AG1,sBG2) = ");FP12_output(&g); printf("\n");
-
- // w.PaG1
- PAIR_G1mul(&PaG1,w);
- ECP_toOctet(&wPaG1Oct,&PaG1);
-
- // Generate AES Key: K=H(k,w.PaG1)
- FP12_trace(&c,&g);
- HT.len=HASH_BYTES;
- start_hash(&sha);
- BIG_copy(t,c.a.a); FP_redc(t); BIG_toBytes(&(HT.val[0]),t);
- add_to_hash(&sha,&HT);
- BIG_copy(t,c.a.b); FP_redc(t); BIG_toBytes(&(HT.val[0]),t);
- add_to_hash(&sha,&HT);
- BIG_copy(t,c.b.a); FP_redc(t); BIG_toBytes(&(HT.val[0]),t);
- add_to_hash(&sha,&HT);
- BIG_copy(t,c.b.b); FP_redc(t); BIG_toBytes(&(HT.val[0]),t);
- add_to_hash(&sha,&HT);
- add_to_hash(&sha,&wPaG1Oct);
- finish_hash(&sha,&HT);
- OCT_empty(AESKeyOct);
- OCT_jbytes(AESKeyOct,HT.val,PAS);
-
- return 0;
-
-}
-
-/*! \brief Encrypt data using AES GCM
- *
- * AES is run as a block cypher in the GCM mode of operation. The key size is 128 bits.
- * This function will encrypt any data length.
- *
- * @param K 128 bit secret key
- * @param IV 96 bit initialization vector
- * @param H Additional authenticated data (AAD). This data is authenticated, but not encrypted.
- * @param P Plaintext
- * @return C Ciphertext. It is the same length as the plaintext.
- * @return T 128 bit authentication tag.
- */
-void WCC_AES_GCM_ENCRYPT(octet *K,octet *IV,octet *H,octet *P,octet *C,octet *T)
-{
- gcm g;
- GCM_init(&g,K->val,IV->len,IV->val);
- GCM_add_header(&g,H->val,H->len);
- GCM_add_plain(&g,C->val,P->val,P->len);
- C->len=P->len;
- GCM_finish(&g,T->val);
- T->len=16;
-}
-
-/*! \brief Decrypt data using AES GCM
- *
- * AES is run as a block cypher in the GCM mode of operation. The key size is 128 bits.
- * This function will decrypt any data length.
- *
- * @param K 128 bit secret key
- * @param IV 96 bit initialization vector
- * @param H Additional authenticated data (AAD). This data is authenticated, but not encrypted.
- * @param C Ciphertext.
- * @return P Decrypted data. It is the same length as the ciphertext.Plaintext
- * @return T 128 bit authentication tag.
- */
-void WCC_AES_GCM_DECRYPT(octet *K,octet *IV,octet *H,octet *C,octet *P,octet *T)
-{
- gcm g;
- GCM_init(&g,K->val,IV->len,IV->val);
- GCM_add_header(&g,H->val,H->len);
- GCM_add_cipher(&g,P->val,C->val,C->len);
- P->len=C->len;
- GCM_finish(&g,T->val);
- T->len=16;
-}
-
-/*! \brief Get today's date as days from the epoch
- *
- * @return today's date, as number of days elapsed since the epoch
- */
-unsign32 WCC_today(void)
-{
- unsign32 ti=(unsign32)time(NULL);
- return (long)(ti/(60*TIME_SLOT_MINUTES));
-}
-
-/*! \brief Initialise a random number generator
- *
- * @param RNG cryptographically secure random number generator
- * @param SEED random seed value
- */
-void WCC_CREATE_CSPRNG(csprng *RNG,octet *SEED)
-{
- RAND_seed(RNG,SEED->len,SEED->val);
-}
-
-/*! \brief Kill a random number generator
- *
- * Deletes all internal state
- *
- * @param RNG cryptographically secure random number generator
- */
-void WCC_KILL_CSPRNG(csprng *RNG)
-{
- RAND_clean(RNG);
-}
-
-/*! \brief Perform sha256
- *
- * Hash ID
- *
- * @param ID Value to hash
- * @return HID sha256 hashed value
- */
-void WCC_HASH_ID(octet *ID,octet *HID)
-{
- hashit(0,ID,HID);
-}
-
-/*! \brief Generate a random integer
- *
- * Generate a random number modulus the group order
- *
- * @param RNG cryptographically secure random number generator
- * @return S Random integer modulus the group order
- */
-int WCC_RANDOM_GENERATE(csprng *RNG,octet* S)
-{
- BIG r,s;
- BIG_rcopy(r,CURVE_Order);
- BIG_randomnum(s,r,RNG);
- BIG_toBytes(S->val,s);
- S->len=PGS;
- return 0;
-}
-
-
-/*! \brief Calculate time permit in G2
- *
- * Calculate time permit in G2.
- *
- * <ol>
- * <li> TPG1=s*H1(date|sha256(ID))
- * </ol>
- *
- * @param date Epoch days
- * @param S Master secret
- * @param HID sha256(ID)
- * @param TPG1 Time Permit in G1
- * @return rtn Returns 0 if successful or else an error code
- */
-int WCC_GET_G1_PERMIT(int date,octet *S,octet *HID,octet *TPG1)
-{
- BIG s;
- ECP P;
- char h[HASH_BYTES];
- octet H={0,sizeof(h),h};
-
- hashit(date,HID,&H);
- mapit(&H,&P);
- BIG_fromBytes(s,S->val);
- PAIR_G1mul(&P,s);
-
- ECP_toOctet(TPG1,&P);
- return 0;
-}
-
-/*! \brief Add two members from the group G1
- *
- * @param R1 member of G1
- * @param R2 member of G1
- * @return R member of G1 = R1+R2
- * @return Returns 0 if successful or else an error code
- */
-int WCC_RECOMBINE_G1(octet *R1,octet *R2,octet *R)
-{
- ECP P,T;
- int res=0;
- if (!ECP_fromOctet(&P,R1)) res=WCC_INVALID_POINT;
- if (!ECP_fromOctet(&T,R2)) res=WCC_INVALID_POINT;
- if (res==0)
- {
- ECP_add(&P,&T);
- ECP_toOctet(R,&P);
- }
- return res;
-}
-
-/*! \brief Add two members from the group G2
- *
- * @param W1 member of G2
- * @param W2 member of G2
- * @return W member of G2 = W1+W2
- * @return Weturns 0 if successful or else an error code
- */
-int WCC_RECOMBINE_G2(octet *W1,octet *W2,octet *W)
-{
- ECP2 Q,T;
- int res=0;
- if (!ECP2_fromOctet(&Q,W1)) res=WCC_INVALID_POINT;
- if (!ECP2_fromOctet(&T,W2)) res=WCC_INVALID_POINT;
- if (res==0)
- {
- ECP2_add(&Q,&T);
- ECP2_toOctet(W,&Q);
- }
- return res;
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/wcc.h
----------------------------------------------------------------------
diff --git a/c/wcc.h b/c/wcc.h
deleted file mode 100755
index 893fe5d..0000000
--- a/c/wcc.h
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/**
- * @file wcc.h
- * @author Mike Scott and Kealan McCusker
- * @date 28th April 2016
- * @brief Wang / Chow Choo (WCC) header file
- *
- * defines structures
- * declares functions
- *
- */
-
-#ifndef WCC_H
-#define WCC_H
-
-#include "amcl.h"
-
-/* Field size is assumed to be greater than or equal to group size */
-
-#define PGS 32 /* WCC Group Size */
-#define PFS 32 /* WCC Field Size */
-#define PAS 16 /* AES Symmetric Key Size */
-
-#define WCC_OK 0
-#define WCC_INVALID_POINT -51
-
-
-
-#define TIME_SLOT_MINUTES 1440 /* Time Slot = 1 day */
-#define HASH_BYTES 32
-
-/*! \brief Generate a random integer */
-DLL_EXPORT int WCC_RANDOM_GENERATE(csprng *RNG,octet* S);
-
-/*! \brief Hash EC Points and Id to an integer */
-DLL_EXPORT void WCC_Hq(octet *A,octet *B,octet *C,octet *D,octet *h);
-
-/*! \brief Calculate value in G2 multiplied by an integer */
-DLL_EXPORT int WCC_GET_G2_MULTIPLE(int hashDone,octet *S,octet *ID,octet *VG2);
-
-/*! \brief Calculate value in G1 multiplied by an integer */
-DLL_EXPORT int WCC_GET_G1_MULTIPLE(int hashDone,octet *S,octet *ID,octet *VG1);
-
-/*! \brief Calculate a value in G1 used for when time permits are enabled */
-DLL_EXPORT int WCC_GET_G1_TPMULT(int date, octet *S,octet *ID,octet *VG1);
-
-/*! \brief Calculate a value in G2 used for when time permits are enabled */
-DLL_EXPORT int WCC_GET_G2_TPMULT(int date, octet *S,octet *ID,octet *VG2);
-
-/*! \brief Calculate time permit in G2 */
-DLL_EXPORT int WCC_GET_G1_PERMIT(int date,octet *S,octet *HID,octet *G1TP);
-
-/*! \brief Calculate time permit in G2 */
-DLL_EXPORT int WCC_GET_G2_PERMIT(int date,octet *S,octet *HID,octet *G2TP);
-
-/*! \brief Calculate the sender AES key */
-DLL_EXPORT int WCC_SENDER_KEY(int date, octet *xOct, octet *piaOct, octet *pibOct, octet *PbG2Oct, octet *PgG1Oct, octet *AKeyG1Oct, octet *ATPG1Oct, octet *IdBOct, octet *AESKeyOct);
-
-/*! \brief Calculate the receiver AES key */
-DLL_EXPORT int WCC_RECEIVER_KEY(int date, octet *yOct, octet *wOct, octet *piaOct, octet *pibOct, octet *PaG1Oct, octet *PgG1Oct, octet *BKeyG2Oct,octet *BTPG2Oct, octet *IdAOct, octet *AESKeyOct);
-
-/*! \brief Encrypt data using AES GCM */
-DLL_EXPORT void WCC_AES_GCM_ENCRYPT(octet *K,octet *IV,octet *H,octet *P,octet *C,octet *T);
-
-/*! \brief Decrypt data using AES GCM */
-DLL_EXPORT void WCC_AES_GCM_DECRYPT(octet *K,octet *IV,octet *H,octet *C,octet *P,octet *T);
-
-/*! \brief Perform sha256 */
-DLL_EXPORT void WCC_HASH_ID(octet *,octet *);
-
-/*! \brief Add two members from the group G1 */
-DLL_EXPORT int WCC_RECOMBINE_G1(octet *,octet *,octet *);
-
-/*! \brief Add two members from the group G2 */
-DLL_EXPORT int WCC_RECOMBINE_G2(octet *,octet *,octet *);
-
-/*! \brief Get today's date as days from the epoch */
-DLL_EXPORT unsign32 WCC_today(void);
-
-/*! \brief Initialise a random number generator */
-DLL_EXPORT void WCC_CREATE_CSPRNG(csprng *,octet *);
-
-/*! \brief Kill a random number generator */
-DLL_EXPORT void WCC_KILL_CSPRNG(csprng *RNG);
-
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/cmake_uninstall.cmake.in
----------------------------------------------------------------------
diff --git a/cmake_uninstall.cmake.in b/cmake_uninstall.cmake.in
deleted file mode 100644
index f633ef3..0000000
--- a/cmake_uninstall.cmake.in
+++ /dev/null
@@ -1,23 +0,0 @@
-cmake_policy(SET CMP0007 OLD)
-if (NOT EXISTS "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt")
- message(FATAL_ERROR "Cannot find install manifest: \"@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt\"")
-endif(NOT EXISTS "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt")
-
-file(READ "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt" files)
-string(REGEX REPLACE "\n" ";" files "${files}")
-list(REVERSE files)
-foreach (file ${files})
- message(STATUS "Uninstalling \"$ENV{DESTDIR}${file}\"")
- if (EXISTS "$ENV{DESTDIR}${file}")
- execute_process(
- COMMAND @CMAKE_COMMAND@ -E remove "$ENV{DESTDIR}${file}"
- OUTPUT_VARIABLE rm_out
- RESULT_VARIABLE rm_retval
- )
- if(NOT ${rm_retval} EQUAL 0)
- message(FATAL_ERROR "Problem when removing \"$ENV{DESTDIR}${file}\"")
- endif (NOT ${rm_retval} EQUAL 0)
- else (EXISTS "$ENV{DESTDIR}${file}")
- message(STATUS "File \"$ENV{DESTDIR}${file}\" does not exist.")
- endif (EXISTS "$ENV{DESTDIR}${file}")
-endforeach(file)
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/cs/AES.cs
----------------------------------------------------------------------
diff --git a/cs/AES.cs b/cs/AES.cs
deleted file mode 100644
index 1b0d595..0000000
--- a/cs/AES.cs
+++ /dev/null
@@ -1,531 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AES Encryption */
-
-
-public class AES
-{
- internal int mode;
- private int[] fkey = new int[44];
- private int[] rkey = new int[44];
- public sbyte[] f = new sbyte[16];
-
-
- public const int ECB = 0;
- public const int CBC = 1;
- public const int CFB1 = 2;
- public const int CFB2 = 3;
- public const int CFB4 = 5;
- public const int OFB1 = 14;
- public const int OFB2 = 15;
- public const int OFB4 = 17;
- public const int OFB8 = 21;
- public const int OFB16 = 29;
-
- private static readonly sbyte[] InCo = new sbyte[] {(sbyte)0xB,(sbyte)0xD,(sbyte)0x9,(sbyte)0xE}; // Inverse Coefficients
-
- public const int KS = 16; // Key Size in bytes
- public const int BS = 16; // Block Size
-
- private static readonly sbyte[] ptab = new sbyte[] {(sbyte)1,(sbyte)3,(sbyte)5,(sbyte)15,(sbyte)17,(sbyte)51,(sbyte)85,unchecked((sbyte)255),(sbyte)26,(sbyte)46,(sbyte)114,unchecked((sbyte)150),unchecked((sbyte)161),unchecked((sbyte)248),(sbyte)19,(sbyte)53, (sbyte)95,unchecked((sbyte)225),(sbyte)56,(sbyte)72,unchecked((sbyte)216),(sbyte)115,unchecked((sbyte)149),unchecked((sbyte)164),unchecked((sbyte)247),(sbyte)2,(sbyte)6,(sbyte)10,(sbyte)30,(sbyte)34,(sbyte)102,unchecked((sbyte)170), unchecked((sbyte)229),(sbyte)52,(sbyte)92,unchecked((sbyte)228),(sbyte)55,(sbyte)89,unchecked((sbyte)235),(sbyte)38,(sbyte)106,unchecked((sbyte)190),unchecked((sbyte)217),(sbyte)112,unchecked((sbyte)144),unchecked((sbyte)171),unchecked((sbyte)230),(sbyte)49, (sbyte)83,unchecked((sbyte)245),(sbyte)4,(sbyte)12,(sbyte)20,(sbyte)60,(sbyte)68,unchecked((sbyte)204),(sbyte)79,unchecked((sbyte)209),(sbyte)104,unchecked((sbyte)184),unchecked((sbyte)211),(sbyte)110,unchecked((sbyte)178),unchecked((sbyte)205),
(sbyte)76,unchecked((sbyte)212),(sbyte)103,unchecked((sbyte)169),unchecked((sbyte)224),(sbyte)59,(sbyte)77,unchecked((sbyte)215),(sbyte)98,unchecked((sbyte)166),unchecked((sbyte)241),(sbyte)8,(sbyte)24,(sbyte)40,(sbyte)120,unchecked((sbyte)136), unchecked((sbyte)131),unchecked((sbyte)158),unchecked((sbyte)185),unchecked((sbyte)208),(sbyte)107,unchecked((sbyte)189),unchecked((sbyte)220),(sbyte)127,unchecked((sbyte)129),unchecked((sbyte)152),unchecked((sbyte)179),unchecked((sbyte)206),(sbyte)73,unchecked((sbyte)219),(sbyte)118,unchecked((sbyte)154), unchecked((sbyte)181),unchecked((sbyte)196),(sbyte)87,unchecked((sbyte)249),(sbyte)16,(sbyte)48,(sbyte)80,unchecked((sbyte)240),(sbyte)11,(sbyte)29,(sbyte)39,(sbyte)105,unchecked((sbyte)187),unchecked((sbyte)214),(sbyte)97,unchecked((sbyte)163), unchecked((sbyte)254),(sbyte)25,(sbyte)43,(sbyte)125,unchecked((sbyte)135),unchecked((sbyte)146),unchecked((sbyte)173),unchecked((sbyte)236),(sbyte)47,(sbyte)113,unchecked((sbyte)147),unchecked((s
byte)174),unchecked((sbyte)233),(sbyte)32,(sbyte)96,unchecked((sbyte)160), unchecked((sbyte)251),(sbyte)22,(sbyte)58,(sbyte)78,unchecked((sbyte)210),(sbyte)109,unchecked((sbyte)183),unchecked((sbyte)194),(sbyte)93,unchecked((sbyte)231),(sbyte)50,(sbyte)86,unchecked((sbyte)250),(sbyte)21,(sbyte)63,(sbyte)65, unchecked((sbyte)195),(sbyte)94,unchecked((sbyte)226),(sbyte)61,(sbyte)71,unchecked((sbyte)201),(sbyte)64,unchecked((sbyte)192),(sbyte)91,unchecked((sbyte)237),(sbyte)44,(sbyte)116,unchecked((sbyte)156),unchecked((sbyte)191),unchecked((sbyte)218),(sbyte)117, unchecked((sbyte)159),unchecked((sbyte)186),unchecked((sbyte)213),(sbyte)100,unchecked((sbyte)172),unchecked((sbyte)239),(sbyte)42,(sbyte)126,unchecked((sbyte)130),unchecked((sbyte)157),unchecked((sbyte)188),unchecked((sbyte)223),(sbyte)122,unchecked((sbyte)142),unchecked((sbyte)137),unchecked((sbyte)128), unchecked((sbyte)155),unchecked((sbyte)182),unchecked((sbyte)193),(sbyte)88,unchecked((sbyte)232),(sbyte)35,(sbyte)101,un
checked((sbyte)175),unchecked((sbyte)234),(sbyte)37,(sbyte)111,unchecked((sbyte)177),unchecked((sbyte)200),(sbyte)67,unchecked((sbyte)197),(sbyte)84, unchecked((sbyte)252),(sbyte)31,(sbyte)33,(sbyte)99,unchecked((sbyte)165),unchecked((sbyte)244),(sbyte)7,(sbyte)9,(sbyte)27,(sbyte)45,(sbyte)119,unchecked((sbyte)153),unchecked((sbyte)176),unchecked((sbyte)203),(sbyte)70,unchecked((sbyte)202), (sbyte)69,unchecked((sbyte)207),(sbyte)74,unchecked((sbyte)222),(sbyte)121,unchecked((sbyte)139),unchecked((sbyte)134),unchecked((sbyte)145),unchecked((sbyte)168),unchecked((sbyte)227),(sbyte)62,(sbyte)66,unchecked((sbyte)198),(sbyte)81,unchecked((sbyte)243),(sbyte)14, (sbyte)18,(sbyte)54,(sbyte)90,unchecked((sbyte)238),(sbyte)41,(sbyte)123,unchecked((sbyte)141),unchecked((sbyte)140),unchecked((sbyte)143),unchecked((sbyte)138),unchecked((sbyte)133),unchecked((sbyte)148),unchecked((sbyte)167),unchecked((sbyte)242),(sbyte)13,(sbyte)23, (sbyte)57,(sbyte)75,unchecked((sbyte)221),(sbyte)124,unchecked(
(sbyte)132),unchecked((sbyte)151),unchecked((sbyte)162),unchecked((sbyte)253),(sbyte)28,(sbyte)36,(sbyte)108,unchecked((sbyte)180),unchecked((sbyte)199),(sbyte)82,unchecked((sbyte)246),(sbyte)1};
-
- private static readonly sbyte[] ltab = new sbyte[] {(sbyte)0,unchecked((sbyte)255),(sbyte)25,(sbyte)1,(sbyte)50,(sbyte)2,(sbyte)26,unchecked((sbyte)198),(sbyte)75,unchecked((sbyte)199),(sbyte)27,(sbyte)104,(sbyte)51,unchecked((sbyte)238),unchecked((sbyte)223),(sbyte)3, (sbyte)100,(sbyte)4,unchecked((sbyte)224),(sbyte)14,(sbyte)52,unchecked((sbyte)141),unchecked((sbyte)129),unchecked((sbyte)239),(sbyte)76,(sbyte)113,(sbyte)8,unchecked((sbyte)200),unchecked((sbyte)248),(sbyte)105,(sbyte)28,unchecked((sbyte)193), (sbyte)125,unchecked((sbyte)194),(sbyte)29,unchecked((sbyte)181),unchecked((sbyte)249),unchecked((sbyte)185),(sbyte)39,(sbyte)106,(sbyte)77,unchecked((sbyte)228),unchecked((sbyte)166),(sbyte)114,unchecked((sbyte)154),unchecked((sbyte)201),(sbyte)9,(sbyte)120, (sbyte)101,(sbyte)47,unchecked((sbyte)138),(sbyte)5,(sbyte)33,(sbyte)15,unchecked((sbyte)225),(sbyte)36,(sbyte)18,unchecked((sbyte)240),unchecked((sbyte)130),(sbyte)69,(sbyte)53,unchecked((sbyte)147),unchecked((sbyte)218
),unchecked((sbyte)142), unchecked((sbyte)150),unchecked((sbyte)143),unchecked((sbyte)219),unchecked((sbyte)189),(sbyte)54,unchecked((sbyte)208),unchecked((sbyte)206),unchecked((sbyte)148),(sbyte)19,(sbyte)92,unchecked((sbyte)210),unchecked((sbyte)241),(sbyte)64,(sbyte)70,unchecked((sbyte)131),(sbyte)56, (sbyte)102,unchecked((sbyte)221),unchecked((sbyte)253),(sbyte)48,unchecked((sbyte)191),(sbyte)6,unchecked((sbyte)139),(sbyte)98,unchecked((sbyte)179),(sbyte)37,unchecked((sbyte)226),unchecked((sbyte)152),(sbyte)34,unchecked((sbyte)136),unchecked((sbyte)145),(sbyte)16, (sbyte)126,(sbyte)110,(sbyte)72,unchecked((sbyte)195),unchecked((sbyte)163),unchecked((sbyte)182),(sbyte)30,(sbyte)66,(sbyte)58,(sbyte)107,(sbyte)40,(sbyte)84,unchecked((sbyte)250),unchecked((sbyte)133),(sbyte)61,unchecked((sbyte)186), (sbyte)43,(sbyte)121,(sbyte)10,(sbyte)21,unchecked((sbyte)155),unchecked((sbyte)159),(sbyte)94,unchecked((sbyte)202),(sbyte)78,unchecked((sbyte)212),unchecked((sbyte)172),unchecked((sbyt
e)229),unchecked((sbyte)243),(sbyte)115,unchecked((sbyte)167),(sbyte)87, unchecked((sbyte)175),(sbyte)88,unchecked((sbyte)168),(sbyte)80,unchecked((sbyte)244),unchecked((sbyte)234),unchecked((sbyte)214),(sbyte)116,(sbyte)79,unchecked((sbyte)174),unchecked((sbyte)233),unchecked((sbyte)213),unchecked((sbyte)231),unchecked((sbyte)230),unchecked((sbyte)173),unchecked((sbyte)232), (sbyte)44,unchecked((sbyte)215),(sbyte)117,(sbyte)122,unchecked((sbyte)235),(sbyte)22,(sbyte)11,unchecked((sbyte)245),(sbyte)89,unchecked((sbyte)203),(sbyte)95,unchecked((sbyte)176),unchecked((sbyte)156),unchecked((sbyte)169),(sbyte)81,unchecked((sbyte)160), (sbyte)127,(sbyte)12,unchecked((sbyte)246),(sbyte)111,(sbyte)23,unchecked((sbyte)196),(sbyte)73,unchecked((sbyte)236),unchecked((sbyte)216),(sbyte)67,(sbyte)31,(sbyte)45,unchecked((sbyte)164),(sbyte)118,(sbyte)123,unchecked((sbyte)183), unchecked((sbyte)204),unchecked((sbyte)187),(sbyte)62,(sbyte)90,unchecked((sbyte)251),(sbyte)96,unchecked((sbyte)177),unch
ecked((sbyte)134),(sbyte)59,(sbyte)82,unchecked((sbyte)161),(sbyte)108,unchecked((sbyte)170),(sbyte)85,(sbyte)41,unchecked((sbyte)157), unchecked((sbyte)151),unchecked((sbyte)178),unchecked((sbyte)135),unchecked((sbyte)144),(sbyte)97,unchecked((sbyte)190),unchecked((sbyte)220),unchecked((sbyte)252),unchecked((sbyte)188),unchecked((sbyte)149),unchecked((sbyte)207),unchecked((sbyte)205),(sbyte)55,(sbyte)63,(sbyte)91,unchecked((sbyte)209), (sbyte)83,(sbyte)57,unchecked((sbyte)132),(sbyte)60,(sbyte)65,unchecked((sbyte)162),(sbyte)109,(sbyte)71,(sbyte)20,(sbyte)42,unchecked((sbyte)158),(sbyte)93,(sbyte)86,unchecked((sbyte)242),unchecked((sbyte)211),unchecked((sbyte)171), (sbyte)68,(sbyte)17,unchecked((sbyte)146),unchecked((sbyte)217),(sbyte)35,(sbyte)32,(sbyte)46,unchecked((sbyte)137),unchecked((sbyte)180),(sbyte)124,unchecked((sbyte)184),(sbyte)38,(sbyte)119,unchecked((sbyte)153),unchecked((sbyte)227),unchecked((sbyte)165), (sbyte)103,(sbyte)74,unchecked((sbyte)237),unchecked((sbyte)222
),unchecked((sbyte)197),(sbyte)49,unchecked((sbyte)254),(sbyte)24,(sbyte)13,(sbyte)99,unchecked((sbyte)140),unchecked((sbyte)128),unchecked((sbyte)192),unchecked((sbyte)247),(sbyte)112,(sbyte)7};
-
- private static readonly sbyte[] fbsub = new sbyte[] {(sbyte)99,(sbyte)124,(sbyte)119,(sbyte)123,unchecked((sbyte)242),(sbyte)107,(sbyte)111,unchecked((sbyte)197),(sbyte)48,(sbyte)1,(sbyte)103,(sbyte)43,unchecked((sbyte)254),unchecked((sbyte)215),unchecked((sbyte)171),(sbyte)118, unchecked((sbyte)202),unchecked((sbyte)130),unchecked((sbyte)201),(sbyte)125,unchecked((sbyte)250),(sbyte)89,(sbyte)71,unchecked((sbyte)240),unchecked((sbyte)173),unchecked((sbyte)212),unchecked((sbyte)162),unchecked((sbyte)175),unchecked((sbyte)156),unchecked((sbyte)164),(sbyte)114,unchecked((sbyte)192), unchecked((sbyte)183),unchecked((sbyte)253),unchecked((sbyte)147),(sbyte)38,(sbyte)54,(sbyte)63,unchecked((sbyte)247),unchecked((sbyte)204),(sbyte)52,unchecked((sbyte)165),unchecked((sbyte)229),unchecked((sbyte)241),(sbyte)113,unchecked((sbyte)216),(sbyte)49,(sbyte)21, (sbyte)4,unchecked((sbyte)199),(sbyte)35,unchecked((sbyte)195),(sbyte)24,unchecked((sbyte)150),(sbyte)5,unchecked((sbyte)154),(sbyte)7,(sby
te)18,unchecked((sbyte)128),unchecked((sbyte)226),unchecked((sbyte)235),(sbyte)39,unchecked((sbyte)178),(sbyte)117, (sbyte)9,unchecked((sbyte)131),(sbyte)44,(sbyte)26,(sbyte)27,(sbyte)110,(sbyte)90,unchecked((sbyte)160),(sbyte)82,(sbyte)59,unchecked((sbyte)214),unchecked((sbyte)179),(sbyte)41,unchecked((sbyte)227),(sbyte)47,unchecked((sbyte)132), (sbyte)83,unchecked((sbyte)209),(sbyte)0,unchecked((sbyte)237),(sbyte)32,unchecked((sbyte)252),unchecked((sbyte)177),(sbyte)91,(sbyte)106,unchecked((sbyte)203),unchecked((sbyte)190),(sbyte)57,(sbyte)74,(sbyte)76,(sbyte)88,unchecked((sbyte)207), unchecked((sbyte)208),unchecked((sbyte)239),unchecked((sbyte)170),unchecked((sbyte)251),(sbyte)67,(sbyte)77,(sbyte)51,unchecked((sbyte)133),(sbyte)69,unchecked((sbyte)249),(sbyte)2,(sbyte)127,(sbyte)80,(sbyte)60,unchecked((sbyte)159),unchecked((sbyte)168), (sbyte)81,unchecked((sbyte)163),(sbyte)64,unchecked((sbyte)143),unchecked((sbyte)146),unchecked((sbyte)157),(sbyte)56,unchecked((sbyte)245),unchec
ked((sbyte)188),unchecked((sbyte)182),unchecked((sbyte)218),(sbyte)33,(sbyte)16,unchecked((sbyte)255),unchecked((sbyte)243),unchecked((sbyte)210), unchecked((sbyte)205),(sbyte)12,(sbyte)19,unchecked((sbyte)236),(sbyte)95,unchecked((sbyte)151),(sbyte)68,(sbyte)23,unchecked((sbyte)196),unchecked((sbyte)167),(sbyte)126,(sbyte)61,(sbyte)100,(sbyte)93,(sbyte)25,(sbyte)115, (sbyte)96,unchecked((sbyte)129),(sbyte)79,unchecked((sbyte)220),(sbyte)34,(sbyte)42,unchecked((sbyte)144),unchecked((sbyte)136),(sbyte)70,unchecked((sbyte)238),unchecked((sbyte)184),(sbyte)20,unchecked((sbyte)222),(sbyte)94,(sbyte)11,unchecked((sbyte)219), unchecked((sbyte)224),(sbyte)50,(sbyte)58,(sbyte)10,(sbyte)73,(sbyte)6,(sbyte)36,(sbyte)92,unchecked((sbyte)194),unchecked((sbyte)211),unchecked((sbyte)172),(sbyte)98,unchecked((sbyte)145),unchecked((sbyte)149),unchecked((sbyte)228),(sbyte)121, unchecked((sbyte)231),unchecked((sbyte)200),(sbyte)55,(sbyte)109,unchecked((sbyte)141),unchecked((sbyte)213),(sbyte)78,unche
cked((sbyte)169),(sbyte)108,(sbyte)86,unchecked((sbyte)244),unchecked((sbyte)234),(sbyte)101,(sbyte)122,unchecked((sbyte)174),(sbyte)8, unchecked((sbyte)186),(sbyte)120,(sbyte)37,(sbyte)46,(sbyte)28,unchecked((sbyte)166),unchecked((sbyte)180),unchecked((sbyte)198),unchecked((sbyte)232),unchecked((sbyte)221),(sbyte)116,(sbyte)31,(sbyte)75,unchecked((sbyte)189),unchecked((sbyte)139),unchecked((sbyte)138), (sbyte)112,(sbyte)62,unchecked((sbyte)181),(sbyte)102,(sbyte)72,(sbyte)3,unchecked((sbyte)246),(sbyte)14,(sbyte)97,(sbyte)53,(sbyte)87,unchecked((sbyte)185),unchecked((sbyte)134),unchecked((sbyte)193),(sbyte)29,unchecked((sbyte)158), unchecked((sbyte)225),unchecked((sbyte)248),unchecked((sbyte)152),(sbyte)17,(sbyte)105,unchecked((sbyte)217),unchecked((sbyte)142),unchecked((sbyte)148),unchecked((sbyte)155),(sbyte)30,unchecked((sbyte)135),unchecked((sbyte)233),unchecked((sbyte)206),(sbyte)85,(sbyte)40,unchecked((sbyte)223), unchecked((sbyte)140),unchecked((sbyte)161),unchecked((sbyte)1
37),(sbyte)13,unchecked((sbyte)191),unchecked((sbyte)230),(sbyte)66,(sbyte)104,(sbyte)65,unchecked((sbyte)153),(sbyte)45,(sbyte)15,unchecked((sbyte)176),(sbyte)84,unchecked((sbyte)187),(sbyte)22};
-
- private static readonly sbyte[] rbsub = new sbyte[] {(sbyte)82,(sbyte)9,(sbyte)106,unchecked((sbyte)213),(sbyte)48,(sbyte)54,unchecked((sbyte)165),(sbyte)56,unchecked((sbyte)191),(sbyte)64,unchecked((sbyte)163),unchecked((sbyte)158),unchecked((sbyte)129),unchecked((sbyte)243),unchecked((sbyte)215),unchecked((sbyte)251), (sbyte)124,unchecked((sbyte)227),(sbyte)57,unchecked((sbyte)130),unchecked((sbyte)155),(sbyte)47,unchecked((sbyte)255),unchecked((sbyte)135),(sbyte)52,unchecked((sbyte)142),(sbyte)67,(sbyte)68,unchecked((sbyte)196),unchecked((sbyte)222),unchecked((sbyte)233),unchecked((sbyte)203), (sbyte)84,(sbyte)123,unchecked((sbyte)148),(sbyte)50,unchecked((sbyte)166),unchecked((sbyte)194),(sbyte)35,(sbyte)61,unchecked((sbyte)238),(sbyte)76,unchecked((sbyte)149),(sbyte)11,(sbyte)66,unchecked((sbyte)250),unchecked((sbyte)195),(sbyte)78, (sbyte)8,(sbyte)46,unchecked((sbyte)161),(sbyte)102,(sbyte)40,unchecked((sbyte)217),(sbyte)36,unchecked((sbyte)178),(sbyte)118,(sbyte)91,unchecked
((sbyte)162),(sbyte)73,(sbyte)109,unchecked((sbyte)139),unchecked((sbyte)209),(sbyte)37, (sbyte)114,unchecked((sbyte)248),unchecked((sbyte)246),(sbyte)100,unchecked((sbyte)134),(sbyte)104,unchecked((sbyte)152),(sbyte)22,unchecked((sbyte)212),unchecked((sbyte)164),(sbyte)92,unchecked((sbyte)204),(sbyte)93,(sbyte)101,unchecked((sbyte)182),unchecked((sbyte)146), (sbyte)108,(sbyte)112,(sbyte)72,(sbyte)80,unchecked((sbyte)253),unchecked((sbyte)237),unchecked((sbyte)185),unchecked((sbyte)218),(sbyte)94,(sbyte)21,(sbyte)70,(sbyte)87,unchecked((sbyte)167),unchecked((sbyte)141),unchecked((sbyte)157),unchecked((sbyte)132), unchecked((sbyte)144),unchecked((sbyte)216),unchecked((sbyte)171),(sbyte)0,unchecked((sbyte)140),unchecked((sbyte)188),unchecked((sbyte)211),(sbyte)10,unchecked((sbyte)247),unchecked((sbyte)228),(sbyte)88,(sbyte)5,unchecked((sbyte)184),unchecked((sbyte)179),(sbyte)69,(sbyte)6, unchecked((sbyte)208),(sbyte)44,(sbyte)30,unchecked((sbyte)143),unchecked((sbyte)202),(sbyte)63,(s
byte)15,(sbyte)2,unchecked((sbyte)193),unchecked((sbyte)175),unchecked((sbyte)189),(sbyte)3,(sbyte)1,(sbyte)19,unchecked((sbyte)138),(sbyte)107, (sbyte)58,unchecked((sbyte)145),(sbyte)17,(sbyte)65,(sbyte)79,(sbyte)103,unchecked((sbyte)220),unchecked((sbyte)234),unchecked((sbyte)151),unchecked((sbyte)242),unchecked((sbyte)207),unchecked((sbyte)206),unchecked((sbyte)240),unchecked((sbyte)180),unchecked((sbyte)230),(sbyte)115, unchecked((sbyte)150),unchecked((sbyte)172),(sbyte)116,(sbyte)34,unchecked((sbyte)231),unchecked((sbyte)173),(sbyte)53,unchecked((sbyte)133),unchecked((sbyte)226),unchecked((sbyte)249),(sbyte)55,unchecked((sbyte)232),(sbyte)28,(sbyte)117,unchecked((sbyte)223),(sbyte)110, (sbyte)71,unchecked((sbyte)241),(sbyte)26,(sbyte)113,(sbyte)29,(sbyte)41,unchecked((sbyte)197),unchecked((sbyte)137),(sbyte)111,unchecked((sbyte)183),(sbyte)98,(sbyte)14,unchecked((sbyte)170),(sbyte)24,unchecked((sbyte)190),(sbyte)27, unchecked((sbyte)252),(sbyte)86,(sbyte)62,(sbyte)75,unchecked(
(sbyte)198),unchecked((sbyte)210),(sbyte)121,(sbyte)32,unchecked((sbyte)154),unchecked((sbyte)219),unchecked((sbyte)192),unchecked((sbyte)254),(sbyte)120,unchecked((sbyte)205),(sbyte)90,unchecked((sbyte)244), (sbyte)31,unchecked((sbyte)221),unchecked((sbyte)168),(sbyte)51,unchecked((sbyte)136),(sbyte)7,unchecked((sbyte)199),(sbyte)49,unchecked((sbyte)177),(sbyte)18,(sbyte)16,(sbyte)89,(sbyte)39,unchecked((sbyte)128),unchecked((sbyte)236),(sbyte)95, (sbyte)96,(sbyte)81,(sbyte)127,unchecked((sbyte)169),(sbyte)25,unchecked((sbyte)181),(sbyte)74,(sbyte)13,(sbyte)45,unchecked((sbyte)229),(sbyte)122,unchecked((sbyte)159),unchecked((sbyte)147),unchecked((sbyte)201),unchecked((sbyte)156),unchecked((sbyte)239), unchecked((sbyte)160),unchecked((sbyte)224),(sbyte)59,(sbyte)77,unchecked((sbyte)174),(sbyte)42,unchecked((sbyte)245),unchecked((sbyte)176),unchecked((sbyte)200),unchecked((sbyte)235),unchecked((sbyte)187),(sbyte)60,unchecked((sbyte)131),(sbyte)83,unchecked((sbyte)153),(sbyte)97, (sby
te)23,(sbyte)43,(sbyte)4,(sbyte)126,unchecked((sbyte)186),(sbyte)119,unchecked((sbyte)214),(sbyte)38,unchecked((sbyte)225),(sbyte)105,(sbyte)20,(sbyte)99,(sbyte)85,(sbyte)33,(sbyte)12,(sbyte)125};
-
- private static readonly sbyte[] rco = new sbyte[] {(sbyte)1,(sbyte)2,(sbyte)4,(sbyte)8,(sbyte)16,(sbyte)32,(sbyte)64,unchecked((sbyte)128),(sbyte)27,(sbyte)54,(sbyte)108,unchecked((sbyte)216),unchecked((sbyte)171),(sbyte)77,unchecked((sbyte)154),(sbyte)47};
-
- private static readonly int[] ftable = new int[] {unchecked((int)0xa56363c6), unchecked((int)0x847c7cf8), unchecked((int)0x997777ee), unchecked((int)0x8d7b7bf6), 0xdf2f2ff, unchecked((int)0xbd6b6bd6), unchecked((int)0xb16f6fde), 0x54c5c591, 0x50303060, 0x3010102, unchecked((int)0xa96767ce), 0x7d2b2b56, 0x19fefee7, 0x62d7d7b5, unchecked((int)0xe6abab4d), unchecked((int)0x9a7676ec), 0x45caca8f, unchecked((int)0x9d82821f), 0x40c9c989, unchecked((int)0x877d7dfa), 0x15fafaef, unchecked((int)0xeb5959b2), unchecked((int)0xc947478e), 0xbf0f0fb, unchecked((int)0xecadad41), 0x67d4d4b3, unchecked((int)0xfda2a25f), unchecked((int)0xeaafaf45), unchecked((int)0xbf9c9c23), unchecked((int)0xf7a4a453), unchecked((int)0x967272e4), 0x5bc0c09b, unchecked((int)0xc2b7b775), 0x1cfdfde1, unchecked((int)0xae93933d), 0x6a26264c, 0x5a36366c, 0x413f3f7e, 0x2f7f7f5, 0x4fcccc83, 0x5c343468, unchecked((int)0xf4a5a551), 0x34e5e5d1, 0x8f1f1f9, unchecked((int)0x937171e2), 0x73d8d8ab, 0x53313162, 0x3f15152a, 0xc0404
08, 0x52c7c795, 0x65232346, 0x5ec3c39d, 0x28181830, unchecked((int)0xa1969637), 0xf05050a, unchecked((int)0xb59a9a2f), 0x907070e, 0x36121224, unchecked((int)0x9b80801b), 0x3de2e2df, 0x26ebebcd, 0x6927274e, unchecked((int)0xcdb2b27f), unchecked((int)0x9f7575ea), 0x1b090912, unchecked((int)0x9e83831d), 0x742c2c58, 0x2e1a1a34, 0x2d1b1b36, unchecked((int)0xb26e6edc), unchecked((int)0xee5a5ab4), unchecked((int)0xfba0a05b), unchecked((int)0xf65252a4), 0x4d3b3b76, 0x61d6d6b7, unchecked((int)0xceb3b37d), 0x7b292952, 0x3ee3e3dd, 0x712f2f5e, unchecked((int)0x97848413), unchecked((int)0xf55353a6), 0x68d1d1b9, 0x0, 0x2cededc1, 0x60202040, 0x1ffcfce3, unchecked((int)0xc8b1b179), unchecked((int)0xed5b5bb6), unchecked((int)0xbe6a6ad4), 0x46cbcb8d, unchecked((int)0xd9bebe67), 0x4b393972, unchecked((int)0xde4a4a94), unchecked((int)0xd44c4c98), unchecked((int)0xe85858b0), 0x4acfcf85, 0x6bd0d0bb, 0x2aefefc5, unchecked((int)0xe5aaaa4f), 0x16fbfbed, unchecked((int)0xc5434386), unchecked((int)0xd74d4d9a)
, 0x55333366, unchecked((int)0x94858511), unchecked((int)0xcf45458a), 0x10f9f9e9, 0x6020204, unchecked((int)0x817f7ffe), unchecked((int)0xf05050a0), 0x443c3c78, unchecked((int)0xba9f9f25), unchecked((int)0xe3a8a84b), unchecked((int)0xf35151a2), unchecked((int)0xfea3a35d), unchecked((int)0xc0404080), unchecked((int)0x8a8f8f05), unchecked((int)0xad92923f), unchecked((int)0xbc9d9d21), 0x48383870, 0x4f5f5f1, unchecked((int)0xdfbcbc63), unchecked((int)0xc1b6b677), 0x75dadaaf, 0x63212142, 0x30101020, 0x1affffe5, 0xef3f3fd, 0x6dd2d2bf, 0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3, unchecked((int)0xe15f5fbe), unchecked((int)0xa2979735), unchecked((int)0xcc444488), 0x3917172e, 0x57c4c493, unchecked((int)0xf2a7a755), unchecked((int)0x827e7efc), 0x473d3d7a, unchecked((int)0xac6464c8), unchecked((int)0xe75d5dba), 0x2b191932, unchecked((int)0x957373e6), unchecked((int)0xa06060c0), unchecked((int)0x98818119), unchecked((int)0xd14f4f9e), 0x7fdcdca3, 0x66222244, 0x7e2a2a54, unchecked((int)0xab909
03b), unchecked((int)0x8388880b), unchecked((int)0xca46468c), 0x29eeeec7, unchecked((int)0xd3b8b86b), 0x3c141428, 0x79dedea7, unchecked((int)0xe25e5ebc), 0x1d0b0b16, 0x76dbdbad, 0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14, unchecked((int)0xdb494992), 0xa06060c, 0x6c242448, unchecked((int)0xe45c5cb8), 0x5dc2c29f, 0x6ed3d3bd, unchecked((int)0xefacac43), unchecked((int)0xa66262c4), unchecked((int)0xa8919139), unchecked((int)0xa4959531), 0x37e4e4d3, unchecked((int)0x8b7979f2), 0x32e7e7d5, 0x43c8c88b, 0x5937376e, unchecked((int)0xb76d6dda), unchecked((int)0x8c8d8d01), 0x64d5d5b1, unchecked((int)0xd24e4e9c), unchecked((int)0xe0a9a949), unchecked((int)0xb46c6cd8), unchecked((int)0xfa5656ac), 0x7f4f4f3, 0x25eaeacf, unchecked((int)0xaf6565ca), unchecked((int)0x8e7a7af4), unchecked((int)0xe9aeae47), 0x18080810, unchecked((int)0xd5baba6f), unchecked((int)0x887878f0), 0x6f25254a, 0x722e2e5c, 0x241c1c38, unchecked((int)0xf1a6a657), unchecked((int)0xc7b4b473), 0x51c6c697, 0x23e8e8cb, 0x7cdddda
1, unchecked((int)0x9c7474e8), 0x211f1f3e, unchecked((int)0xdd4b4b96), unchecked((int)0xdcbdbd61), unchecked((int)0x868b8b0d), unchecked((int)0x858a8a0f), unchecked((int)0x907070e0), 0x423e3e7c, unchecked((int)0xc4b5b571), unchecked((int)0xaa6666cc), unchecked((int)0xd8484890), 0x5030306, 0x1f6f6f7, 0x120e0e1c, unchecked((int)0xa36161c2), 0x5f35356a, unchecked((int)0xf95757ae), unchecked((int)0xd0b9b969), unchecked((int)0x91868617), 0x58c1c199, 0x271d1d3a, unchecked((int)0xb99e9e27), 0x38e1e1d9, 0x13f8f8eb, unchecked((int)0xb398982b), 0x33111122, unchecked((int)0xbb6969d2), 0x70d9d9a9, unchecked((int)0x898e8e07), unchecked((int)0xa7949433), unchecked((int)0xb69b9b2d), 0x221e1e3c, unchecked((int)0x92878715), 0x20e9e9c9, 0x49cece87, unchecked((int)0xff5555aa), 0x78282850, 0x7adfdfa5, unchecked((int)0x8f8c8c03), unchecked((int)0xf8a1a159), unchecked((int)0x80898909), 0x170d0d1a, unchecked((int)0xdabfbf65), 0x31e6e6d7, unchecked((int)0xc6424284), unchecked((int)0xb86868d0), unchecked((i
nt)0xc3414182), unchecked((int)0xb0999929), 0x772d2d5a, 0x110f0f1e, unchecked((int)0xcbb0b07b), unchecked((int)0xfc5454a8), unchecked((int)0xd6bbbb6d), 0x3a16162c};
-
- private static readonly int[] rtable = new int[] {0x50a7f451, 0x5365417e, unchecked((int)0xc3a4171a), unchecked((int)0x965e273a), unchecked((int)0xcb6bab3b), unchecked((int)0xf1459d1f), unchecked((int)0xab58faac), unchecked((int)0x9303e34b), 0x55fa3020, unchecked((int)0xf66d76ad), unchecked((int)0x9176cc88), 0x254c02f5, unchecked((int)0xfcd7e54f), unchecked((int)0xd7cb2ac5), unchecked((int)0x80443526), unchecked((int)0x8fa362b5), 0x495ab1de, 0x671bba25, unchecked((int)0x980eea45), unchecked((int)0xe1c0fe5d), 0x2752fc3, 0x12f04c81, unchecked((int)0xa397468d), unchecked((int)0xc6f9d36b), unchecked((int)0xe75f8f03), unchecked((int)0x959c9215), unchecked((int)0xeb7a6dbf), unchecked((int)0xda595295), 0x2d83bed4, unchecked((int)0xd3217458), 0x2969e049, 0x44c8c98e, 0x6a89c275, 0x78798ef4, 0x6b3e5899, unchecked((int)0xdd71b927), unchecked((int)0xb64fe1be), 0x17ad88f0, 0x66ac20c9, unchecked((int)0xb43ace7d), 0x184adf63, unchecked((int)0x82311ae5), 0x60335197, 0x457f5362, unchecked((int)0xe0
7764b1), unchecked((int)0x84ae6bbb), 0x1ca081fe, unchecked((int)0x942b08f9), 0x58684870, 0x19fd458f, unchecked((int)0x876cde94), unchecked((int)0xb7f87b52), 0x23d373ab, unchecked((int)0xe2024b72), 0x578f1fe3, 0x2aab5566, 0x728ebb2, 0x3c2b52f, unchecked((int)0x9a7bc586), unchecked((int)0xa50837d3), unchecked((int)0xf2872830), unchecked((int)0xb2a5bf23), unchecked((int)0xba6a0302), 0x5c8216ed, 0x2b1ccf8a, unchecked((int)0x92b479a7), unchecked((int)0xf0f207f3), unchecked((int)0xa1e2694e), unchecked((int)0xcdf4da65), unchecked((int)0xd5be0506), 0x1f6234d1, unchecked((int)0x8afea6c4), unchecked((int)0x9d532e34), unchecked((int)0xa055f3a2), 0x32e18a05, 0x75ebf6a4, 0x39ec830b, unchecked((int)0xaaef6040), 0x69f715e, 0x51106ebd, unchecked((int)0xf98a213e), 0x3d06dd96, unchecked((int)0xae053edd), 0x46bde64d, unchecked((int)0xb58d5491), 0x55dc471, 0x6fd40604, unchecked((int)0xff155060), 0x24fb9819, unchecked((int)0x97e9bdd6), unchecked((int)0xcc434089), 0x779ed967, unchecked((int)0xbd42e8b0),
unchecked((int)0x888b8907), 0x385b19e7, unchecked((int)0xdbeec879), 0x470a7ca1, unchecked((int)0xe90f427c), unchecked((int)0xc91e84f8), 0x0, unchecked((int)0x83868009), 0x48ed2b32, unchecked((int)0xac70111e), 0x4e725a6c, unchecked((int)0xfbff0efd), 0x5638850f, 0x1ed5ae3d, 0x27392d36, 0x64d90f0a, 0x21a65c68, unchecked((int)0xd1545b9b), 0x3a2e3624, unchecked((int)0xb1670a0c), 0xfe75793, unchecked((int)0xd296eeb4), unchecked((int)0x9e919b1b), 0x4fc5c080, unchecked((int)0xa220dc61), 0x694b775a, 0x161a121c, 0xaba93e2, unchecked((int)0xe52aa0c0), 0x43e0223c, 0x1d171b12, 0xb0d090e, unchecked((int)0xadc78bf2), unchecked((int)0xb9a8b62d), unchecked((int)0xc8a91e14), unchecked((int)0x8519f157), 0x4c0775af, unchecked((int)0xbbdd99ee), unchecked((int)0xfd607fa3), unchecked((int)0x9f2601f7), unchecked((int)0xbcf5725c), unchecked((int)0xc53b6644), 0x347efb5b, 0x7629438b, unchecked((int)0xdcc623cb), 0x68fcedb6, 0x63f1e4b8, unchecked((int)0xcadc31d7), 0x10856342, 0x40229713, 0x2011c684, 0x7d244a85,
unchecked((int)0xf83dbbd2), 0x1132f9ae, 0x6da129c7, 0x4b2f9e1d, unchecked((int)0xf330b2dc), unchecked((int)0xec52860d), unchecked((int)0xd0e3c177), 0x6c16b32b, unchecked((int)0x99b970a9), unchecked((int)0xfa489411), 0x2264e947, unchecked((int)0xc48cfca8), 0x1a3ff0a0, unchecked((int)0xd82c7d56), unchecked((int)0xef903322), unchecked((int)0xc74e4987), unchecked((int)0xc1d138d9), unchecked((int)0xfea2ca8c), 0x360bd498, unchecked((int)0xcf81f5a6), 0x28de7aa5, 0x268eb7da, unchecked((int)0xa4bfad3f), unchecked((int)0xe49d3a2c), 0xd927850, unchecked((int)0x9bcc5f6a), 0x62467e54, unchecked((int)0xc2138df6), unchecked((int)0xe8b8d890), 0x5ef7392e, unchecked((int)0xf5afc382), unchecked((int)0xbe805d9f), 0x7c93d069, unchecked((int)0xa92dd56f), unchecked((int)0xb31225cf), 0x3b99acc8, unchecked((int)0xa77d1810), 0x6e639ce8, 0x7bbb3bdb, 0x97826cd, unchecked((int)0xf418596e), 0x1b79aec, unchecked((int)0xa89a4f83), 0x656e95e6, 0x7ee6ffaa, 0x8cfbc21, unchecked((int)0xe6e815ef), unchecked((int)0xd99
be7ba), unchecked((int)0xce366f4a), unchecked((int)0xd4099fea), unchecked((int)0xd67cb029), unchecked((int)0xafb2a431), 0x31233f2a, 0x3094a5c6, unchecked((int)0xc066a235), 0x37bc4e74, unchecked((int)0xa6ca82fc), unchecked((int)0xb0d090e0), 0x15d8a733, 0x4a9804f1, unchecked((int)0xf7daec41), 0xe50cd7f, 0x2ff69117, unchecked((int)0x8dd64d76), 0x4db0ef43, 0x544daacc, unchecked((int)0xdf0496e4), unchecked((int)0xe3b5d19e), 0x1b886a4c, unchecked((int)0xb81f2cc1), 0x7f516546, 0x4ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb, 0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d, unchecked((int)0x8c61d79a), 0x7a0ca137, unchecked((int)0x8e14f859), unchecked((int)0x893c13eb), unchecked((int)0xee27a9ce), 0x35c961b7, unchecked((int)0xede51ce1), 0x3cb1477a, 0x59dfd29c, 0x3f73f255, 0x79ce1418, unchecked((int)0xbf37c773), unchecked((int)0xeacdf753), 0x5baafd5f, 0x146f3ddf, unchecked((int)0x86db4478), unchecked((int)0x81f3afca), 0x3ec468b9, 0x2c342438, 0x5f40a3c2, 0x72c31d16, 0xc25e2bc, unchecked((int)0x8b4
93c28), 0x41950dff, 0x7101a839, unchecked((int)0xdeb30c08), unchecked((int)0x9ce4b4d8), unchecked((int)0x90c15664), 0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0};
-
-
-/* Rotates 32-bit word left by 1, 2 or 3 byte */
-
- private static int ROTL8(int x)
- {
- return (((x) << 8) | ((int)((uint)(x)>>24)));
- }
-
- private static int ROTL16(int x)
- {
- return (((x) << 16) | ((int)((uint)(x)>>16)));
- }
-
- private static int ROTL24(int x)
- {
- return (((x) << 24) | ((int)((uint)(x)>>8)));
- }
-
- private static int pack(sbyte[] b)
- { // pack bytes into a 32-bit Word
- return ((((int)b[3]) & 0xff) << 24) | (((int)b[2] & 0xff) << 16) | (((int)b[1] & 0xff) << 8) | ((int)b[0] & 0xff);
- }
-
- private static sbyte[] unpack(int a)
- { // unpack bytes from a word
- sbyte[] b = new sbyte[4];
- b[0] = (sbyte)(a);
- b[1] = (sbyte)((int)((uint)a >> 8));
- b[2] = (sbyte)((int)((uint)a >> 16));
- b[3] = (sbyte)((int)((uint)a >> 24));
- return b;
- }
-
- private static sbyte bmul(sbyte x, sbyte y)
- { // x.y= AntiLog(Log(x) + Log(y))
-
- int ix = ((int)x) & 0xff;
- int iy = ((int)y) & 0xff;
- int lx = ((int)ltab[ix]) & 0xff;
- int ly = ((int)ltab[iy]) & 0xff;
- if (x != 0 && y != 0)
- {
- return ptab[(lx + ly) % 255];
- }
- else
- {
- return (sbyte)0;
- }
- }
-
- // if (x && y)
-
- private static int SubByte(int a)
- {
- sbyte[] b = unpack(a);
- b[0] = fbsub[(int)b[0] & 0xff];
- b[1] = fbsub[(int)b[1] & 0xff];
- b[2] = fbsub[(int)b[2] & 0xff];
- b[3] = fbsub[(int)b[3] & 0xff];
- return pack(b);
- }
-
- private static sbyte product(int x, int y)
- { // dot product of two 4-byte arrays
- sbyte[] xb; //=new byte[4];
- sbyte[] yb; //=new byte[4];
- xb = unpack(x);
- yb = unpack(y);
-
- return (sbyte)(bmul(xb[0],yb[0]) ^ bmul(xb[1],yb[1]) ^ bmul(xb[2],yb[2]) ^ bmul(xb[3],yb[3]));
- }
-
- private static int InvMixCol(int x)
- { // matrix Multiplication
- int y, m;
- sbyte[] b = new sbyte[4];
-
- m = pack(InCo);
- b[3] = product(m,x);
- m = ROTL24(m);
- b[2] = product(m,x);
- m = ROTL24(m);
- b[1] = product(m,x);
- m = ROTL24(m);
- b[0] = product(m,x);
- y = pack(b);
- return y;
- }
-
-/* reset cipher */
- public virtual void reset(int m, sbyte[] iv)
- { // reset mode, or reset iv
- mode = m;
- for (int i = 0;i < 16;i++)
- {
- f[i] = 0;
- }
- if (mode != ECB && iv != null)
- {
- for (int i = 0;i < 16;i++)
- {
- f[i] = iv[i];
- }
- }
- }
-
- public virtual sbyte[] getreg()
- {
- sbyte[] ir = new sbyte[16];
- for (int i = 0;i < 16;i++)
- {
- ir[i] = f[i];
- }
- return ir;
- }
-
-/* Initialise cipher */
- public virtual void init(int m, sbyte[] key, sbyte[] iv)
- { // Key=16 bytes
- /* Key Scheduler. Create expanded encryption key */
- int i, j, k, N, nk;
- int[] CipherKey = new int[4];
- sbyte[] b = new sbyte[4];
- nk = 4;
- reset(m,iv);
- N = 44;
-
- for (i = j = 0;i < nk;i++,j += 4)
- {
- for (k = 0;k < 4;k++)
- {
- b[k] = key[j + k];
- }
- CipherKey[i] = pack(b);
- }
- for (i = 0;i < nk;i++)
- {
- fkey[i] = CipherKey[i];
- }
- for (j = nk,k = 0;j < N;j += nk,k++)
- {
- fkey[j] = fkey[j - nk] ^ SubByte(ROTL24(fkey[j - 1])) ^ ((int)rco[k]) & 0xff;
- for (i = 1;i < nk && (i + j) < N;i++)
- {
- fkey[i + j] = fkey[i + j - nk] ^ fkey[i + j - 1];
- }
- }
-
- /* now for the expanded decrypt key in reverse order */
-
- for (j = 0;j < 4;j++)
- {
- rkey[j + N - 4] = fkey[j];
- }
- for (i = 4;i < N - 4;i += 4)
- {
- k = N - 4 - i;
- for (j = 0;j < 4;j++)
- {
- rkey[k + j] = InvMixCol(fkey[i + j]);
- }
- }
- for (j = N - 4;j < N;j++)
- {
- rkey[j - N + 4] = fkey[j];
- }
- }
-
-/* Encrypt a single block */
- public virtual void ecb_encrypt(sbyte[] buff)
- {
- int i, j, k;
- int t;
- sbyte[] b = new sbyte[4];
- int[] p = new int[4];
- int[] q = new int[4];
-
- for (i = j = 0;i < 4;i++,j += 4)
- {
- for (k = 0;k < 4;k++)
- {
- b[k] = buff[j + k];
- }
- p[i] = pack(b);
- p[i] ^= fkey[i];
- }
-
- k = 4;
-
-/* State alternates between p and q */
- for (i = 1;i < 10;i++)
- {
- q[0] = fkey[k] ^ ftable[p[0] & 0xff] ^ ROTL8(ftable[((int)((uint)p[1] >> 8)) & 0xff]) ^ ROTL16(ftable[((int)((uint)p[2] >> 16)) & 0xff]) ^ ROTL24(ftable[((int)((uint)p[3] >> 24)) & 0xff]);
- q[1] = fkey[k + 1] ^ ftable[p[1] & 0xff] ^ ROTL8(ftable[((int)((uint)p[2] >> 8)) & 0xff]) ^ ROTL16(ftable[((int)((uint)p[3] >> 16)) & 0xff]) ^ ROTL24(ftable[((int)((uint)p[0] >> 24)) & 0xff]);
- q[2] = fkey[k + 2] ^ ftable[p[2] & 0xff] ^ ROTL8(ftable[((int)((uint)p[3] >> 8)) & 0xff]) ^ ROTL16(ftable[((int)((uint)p[0] >> 16)) & 0xff]) ^ ROTL24(ftable[((int)((uint)p[1] >> 24)) & 0xff]);
- q[3] = fkey[k + 3] ^ ftable[p[3] & 0xff] ^ ROTL8(ftable[((int)((uint)p[0] >> 8)) & 0xff]) ^ ROTL16(ftable[((int)((uint)p[1] >> 16)) & 0xff]) ^ ROTL24(ftable[((int)((uint)p[2] >> 24)) & 0xff]);
-
- k += 4;
- for (j = 0;j < 4;j++)
- {
- t = p[j];
- p[j] = q[j];
- q[j] = t;
- }
- }
-
-/* Last Round */
-
- q[0] = fkey[k] ^ ((int)fbsub[p[0] & 0xff] & 0xff) ^ ROTL8((int)fbsub[((int)((uint)p[1] >> 8)) & 0xff] & 0xff) ^ ROTL16((int)fbsub[((int)((uint)p[2] >> 16)) & 0xff] & 0xff) ^ ROTL24((int)fbsub[((int)((uint)p[3] >> 24)) & 0xff] & 0xff);
-
- q[1] = fkey[k + 1] ^ ((int)fbsub[p[1] & 0xff] & 0xff) ^ ROTL8((int)fbsub[((int)((uint)p[2] >> 8)) & 0xff] & 0xff) ^ ROTL16((int)fbsub[((int)((uint)p[3] >> 16)) & 0xff] & 0xff) ^ ROTL24((int)fbsub[((int)((uint)p[0] >> 24)) & 0xff] & 0xff);
-
- q[2] = fkey[k + 2] ^ ((int)fbsub[p[2] & 0xff] & 0xff) ^ ROTL8((int)fbsub[((int)((uint)p[3] >> 8)) & 0xff] & 0xff) ^ ROTL16((int)fbsub[((int)((uint)p[0] >> 16)) & 0xff] & 0xff) ^ ROTL24((int)fbsub[((int)((uint)p[1] >> 24)) & 0xff] & 0xff);
-
- q[3] = fkey[k + 3] ^ ((int)fbsub[(p[3]) & 0xff] & 0xff) ^ ROTL8((int)fbsub[((int)((uint)p[0] >> 8)) & 0xff] & 0xff) ^ ROTL16((int)fbsub[((int)((uint)p[1] >> 16)) & 0xff] & 0xff) ^ ROTL24((int)fbsub[((int)((uint)p[2] >> 24)) & 0xff] & 0xff);
-
- for (i = j = 0;i < 4;i++,j += 4)
- {
- b = unpack(q[i]);
- for (k = 0;k < 4;k++)
- {
- buff[j + k] = b[k];
- }
- }
- }
-
-/* Decrypt a single block */
- public virtual void ecb_decrypt(sbyte[] buff)
- {
- int i, j, k;
- int t;
- sbyte[] b = new sbyte[4];
- int[] p = new int[4];
- int[] q = new int[4];
-
- for (i = j = 0;i < 4;i++,j += 4)
- {
- for (k = 0;k < 4;k++)
- {
- b[k] = buff[j + k];
- }
- p[i] = pack(b);
- p[i] ^= rkey[i];
- }
-
- k = 4;
-
-/* State alternates between p and q */
- for (i = 1;i < 10;i++)
- {
- q[0] = rkey[k] ^ rtable[p[0] & 0xff] ^ ROTL8(rtable[((int)((uint)p[3] >> 8)) & 0xff]) ^ ROTL16(rtable[((int)((uint)p[2] >> 16)) & 0xff]) ^ ROTL24(rtable[((int)((uint)p[1] >> 24)) & 0xff]);
- q[1] = rkey[k + 1] ^ rtable[p[1] & 0xff] ^ ROTL8(rtable[((int)((uint)p[0] >> 8)) & 0xff]) ^ ROTL16(rtable[((int)((uint)p[3] >> 16)) & 0xff]) ^ ROTL24(rtable[((int)((uint)p[2] >> 24)) & 0xff]);
- q[2] = rkey[k + 2] ^ rtable[p[2] & 0xff] ^ ROTL8(rtable[((int)((uint)p[1] >> 8)) & 0xff]) ^ ROTL16(rtable[((int)((uint)p[0] >> 16)) & 0xff]) ^ ROTL24(rtable[((int)((uint)p[3] >> 24)) & 0xff]);
- q[3] = rkey[k + 3] ^ rtable[p[3] & 0xff] ^ ROTL8(rtable[((int)((uint)p[2] >> 8)) & 0xff]) ^ ROTL16(rtable[((int)((uint)p[1] >> 16)) & 0xff]) ^ ROTL24(rtable[((int)((uint)p[0] >> 24)) & 0xff]);
-
- k += 4;
- for (j = 0;j < 4;j++)
- {
- t = p[j];
- p[j] = q[j];
- q[j] = t;
- }
- }
-
-/* Last Round */
-
- q[0] = rkey[k] ^ ((int)rbsub[p[0] & 0xff] & 0xff) ^ ROTL8((int)rbsub[((int)((uint)p[3] >> 8)) & 0xff] & 0xff) ^ ROTL16((int)rbsub[((int)((uint)p[2] >> 16)) & 0xff] & 0xff) ^ ROTL24((int)rbsub[((int)((uint)p[1] >> 24)) & 0xff] & 0xff);
- q[1] = rkey[k + 1] ^ ((int)rbsub[p[1] & 0xff] & 0xff) ^ ROTL8((int)rbsub[((int)((uint)p[0] >> 8)) & 0xff] & 0xff) ^ ROTL16((int)rbsub[((int)((uint)p[3] >> 16)) & 0xff] & 0xff) ^ ROTL24((int)rbsub[((int)((uint)p[2] >> 24)) & 0xff] & 0xff);
- q[2] = rkey[k + 2] ^ ((int)rbsub[p[2] & 0xff] & 0xff) ^ ROTL8((int)rbsub[((int)((uint)p[1] >> 8)) & 0xff] & 0xff) ^ ROTL16((int)rbsub[((int)((uint)p[0] >> 16)) & 0xff] & 0xff) ^ ROTL24((int)rbsub[((int)((uint)p[3] >> 24)) & 0xff] & 0xff);
- q[3] = rkey[k + 3] ^ ((int)rbsub[p[3] & 0xff] & 0xff) ^ ROTL8((int)rbsub[((int)((uint)p[2] >> 8)) & 0xff] & 0xff) ^ ROTL16((int)rbsub[((int)((uint)p[1] >> 16)) & 0xff] & 0xff) ^ ROTL24((int)rbsub[((int)((uint)p[0] >> 24)) & 0xff] & 0xff);
-
- for (i = j = 0;i < 4;i++,j += 4)
- {
- b = unpack(q[i]);
- for (k = 0;k < 4;k++)
- {
- buff[j + k] = b[k];
- }
- }
-
- }
-
-/* Encrypt using selected mode of operation */
- public virtual int encrypt(sbyte[] buff)
- {
- int j, bytes;
- sbyte[] st = new sbyte[16];
- int fell_off;
-
-// Supported Modes of Operation
-
- fell_off = 0;
- switch (mode)
- {
- case ECB:
- ecb_encrypt(buff);
- return 0;
- case CBC:
- for (j = 0;j < 16;j++)
- {
- buff[j] ^= f[j];
- }
- ecb_encrypt(buff);
- for (j = 0;j < 16;j++)
- {
- f[j] = buff[j];
- }
- return 0;
-
- case CFB1:
- case CFB2:
- case CFB4:
- bytes = mode - CFB1 + 1;
- for (j = 0;j < bytes;j++)
- {
- fell_off = (fell_off << 8) | f[j];
- }
- for (j = 0;j < 16;j++)
- {
- st[j] = f[j];
- }
- for (j = bytes;j < 16;j++)
- {
- f[j - bytes] = f[j];
- }
- ecb_encrypt(st);
- for (j = 0;j < bytes;j++)
- {
- buff[j] ^= st[j];
- f[16 - bytes + j] = buff[j];
- }
- return fell_off;
-
- case OFB1:
- case OFB2:
- case OFB4:
- case OFB8:
- case OFB16:
-
- bytes = mode - OFB1 + 1;
- ecb_encrypt(f);
- for (j = 0;j < bytes;j++)
- {
- buff[j] ^= f[j];
- }
- return 0;
-
- default:
- return 0;
- }
- }
-
-/* Decrypt using selected mode of operation */
- public virtual int decrypt(sbyte[] buff)
- {
- int j, bytes;
- sbyte[] st = new sbyte[16];
- int fell_off;
-
- // Supported modes of operation
- fell_off = 0;
- switch (mode)
- {
- case ECB:
- ecb_decrypt(buff);
- return 0;
- case CBC:
- for (j = 0;j < 16;j++)
- {
- st[j] = f[j];
- f[j] = buff[j];
- }
- ecb_decrypt(buff);
- for (j = 0;j < 16;j++)
- {
- buff[j] ^= st[j];
- st[j] = 0;
- }
- return 0;
- case CFB1:
- case CFB2:
- case CFB4:
- bytes = mode - CFB1 + 1;
- for (j = 0;j < bytes;j++)
- {
- fell_off = (fell_off << 8) | f[j];
- }
- for (j = 0;j < 16;j++)
- {
- st[j] = f[j];
- }
- for (j = bytes;j < 16;j++)
- {
- f[j - bytes] = f[j];
- }
- ecb_encrypt(st);
- for (j = 0;j < bytes;j++)
- {
- f[16 - bytes + j] = buff[j];
- buff[j] ^= st[j];
- }
- return fell_off;
- case OFB1:
- case OFB2:
- case OFB4:
- case OFB8:
- case OFB16:
- bytes = mode - OFB1 + 1;
- ecb_encrypt(f);
- for (j = 0;j < bytes;j++)
- {
- buff[j] ^= f[j];
- }
- return 0;
-
-
- default:
- return 0;
- }
- }
-
-/* Clean up and delete left-overs */
- public virtual void end()
- { // clean up
- int i;
- for (i = 0;i < 44;i++)
- {
- fkey[i] = rkey[i] = 0;
- }
- for (i = 0;i < 16;i++)
- {
- f[i] = 0;
- }
- }
-/*
- public static void main(String[] args) {
- int i;
-
- byte[] key=new byte[16];
- byte[] block=new byte[16];
- byte[] iv=new byte[16];
-
- for (i=0;i<16;i++) key[i]=0;
- key[0]=1;
- for (i=0;i<16;i++) iv[i]=(byte)i;
- for (i=0;i<16;i++) block[i]=(byte)i;
-
- AES a=new AES();
-
- a.init(CBC,key,iv);
- System.out.println("Plain= ");
- for (i=0;i<16;i++) System.out.format("%02X ", block[i]&0xff);
- System.out.println("");
-
- a.encrypt(block);
-
- System.out.println("Encrypt= ");
- for (i=0;i<16;i++) System.out.format("%02X ", block[i]&0xff);
- System.out.println("");
-
- a.reset(CBC,iv);
- a.decrypt(block);
-
- System.out.println("Decrypt= ");
- for (i=0;i<16;i++) System.out.format("%02X ", block[i]&0xff);
- System.out.println("");
-
- a.end();
-
- } */
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/cs/BIG.cs
----------------------------------------------------------------------
diff --git a/cs/BIG.cs b/cs/BIG.cs
deleted file mode 100644
index 40e2e6a..0000000
--- a/cs/BIG.cs
+++ /dev/null
@@ -1,1145 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL BIG number class */
-
-public class BIG
-{
- private long[] w = new long[ROM.NLEN];
-/* Constructors */
- public BIG()
- {
- for (int i = 0;i < ROM.NLEN;i++)
- {
- w[i] = 0;
- }
- }
-
- public BIG(int x)
- {
- w[0] = x;
- for (int i = 1;i < ROM.NLEN;i++)
- {
- w[i] = 0;
- }
- }
-
- public BIG(BIG x)
- {
- for (int i = 0;i < ROM.NLEN;i++)
- {
- w[i] = x.w[i];
- }
- }
-
- public BIG(DBIG x)
- {
- for (int i = 0;i < ROM.NLEN;i++)
- {
- w[i] = x.w[i];
- }
- }
-
- public BIG(long[] x)
- {
- for (int i = 0;i < ROM.NLEN;i++)
- {
- w[i] = x[i];
- }
- }
-
- public virtual long get(int i)
- {
- return w[i];
- }
-
- public virtual void set(int i, long x)
- {
- w[i] = x;
- }
-
- public virtual void xortop(long x)
- {
- w[ROM.NLEN - 1] ^= x;
- }
-
- public virtual void ortop(long x)
- {
- w[ROM.NLEN - 1] |= x;
- }
-
-/* calculate Field Excess */
- public static long EXCESS(BIG a)
- {
- return ((a.w[ROM.NLEN - 1] & ROM.OMASK) >> (ROM.MODBITS % ROM.BASEBITS));
- }
-
-/* test for zero */
- public virtual bool iszilch()
- {
- for (int i = 0;i < ROM.NLEN;i++)
- {
- if (w[i] != 0)
- {
- return false;
- }
- }
- return true;
- }
-
-/* set to zero */
- public virtual void zero()
- {
- for (int i = 0;i < ROM.NLEN;i++)
- {
- w[i] = 0;
- }
- }
-
-/* set to one */
- public virtual void one()
- {
- w[0] = 1;
- for (int i = 1;i < ROM.NLEN;i++)
- {
- w[i] = 0;
- }
- }
-
-/* Test for equal to one */
- public virtual bool isunity()
- {
- for (int i = 1;i < ROM.NLEN;i++)
- {
- if (w[i] != 0)
- {
- return false;
- }
- }
- if (w[0] != 1)
- {
- return false;
- }
- return true;
- }
-
-/* Copy from another BIG */
- public virtual void copy(BIG x)
- {
- for (int i = 0;i < ROM.NLEN;i++)
- {
- w[i] = x.w[i];
- }
- }
-
- public virtual void copy(DBIG x)
- {
- for (int i = 0;i < ROM.NLEN;i++)
- {
- w[i] = x.w[i];
- }
- }
-
-/* Conditional swap of two bigs depending on d using XOR - no branches */
- public virtual void cswap(BIG b, int d)
- {
- int i;
- long t , c = (long)d;
- c = ~(c - 1);
-
- for (i = 0;i < ROM.NLEN;i++)
- {
- t = c & (w[i] ^ b.w[i]);
- w[i] ^= t;
- b.w[i] ^= t;
- }
- }
-
- public virtual void cmove(BIG g, int d)
- {
- int i;
- long b = -d;
-
- for (i = 0;i < ROM.NLEN;i++)
- {
- w[i] ^= (w[i] ^ g.w[i]) & b;
- }
- }
-
-
-/* normalise BIG - force all digits < 2^BASEBITS */
- public virtual long norm()
- {
- long d , carry = 0;
- for (int i = 0;i < ROM.NLEN - 1;i++)
- {
- d = w[i] + carry;
- w[i] = d & ROM.MASK;
- carry = d >> ROM.BASEBITS;
- }
- w[ROM.NLEN - 1] = (w[ROM.NLEN - 1] + carry);
- return (w[ROM.NLEN - 1] >> ((8 * ROM.MODBYTES) % ROM.BASEBITS));
- }
-
-/* Shift right by less than a word */
- public virtual long fshr(int k)
- {
- long r = w[0] & (((long)1 << k) - 1); // shifted out part
- for (int i = 0;i < ROM.NLEN - 1;i++)
- {
- w[i] = (w[i] >> k) | ((w[i + 1] << (ROM.BASEBITS - k)) & ROM.MASK);
- }
- w[ROM.NLEN - 1] = w[ROM.NLEN - 1] >> k;
- return r;
- }
-
-/* general shift right */
- public virtual void shr(int k)
- {
- int n = k % ROM.BASEBITS;
- int m = k / ROM.BASEBITS;
- for (int i = 0;i < ROM.NLEN - m - 1;i++)
- {
- w[i] = (w[m + i] >> n) | ((w[m + i + 1] << (ROM.BASEBITS - n)) & ROM.MASK);
- }
- w[ROM.NLEN - m - 1] = w[ROM.NLEN - 1] >> n;
- for (int i = ROM.NLEN - m;i < ROM.NLEN;i++)
- {
- w[i] = 0;
- }
- }
-
-/* Shift right by less than a word */
- public virtual long fshl(int k)
- {
- w[ROM.NLEN - 1] = ((w[ROM.NLEN - 1] << k)) | (w[ROM.NLEN - 2]>>(ROM.BASEBITS - k));
- for (int i = ROM.NLEN - 2;i > 0;i--)
- {
- w[i] = ((w[i] << k) & ROM.MASK) | (w[i - 1]>>(ROM.BASEBITS - k));
- }
- w[0] = (w[0] << k) & ROM.MASK;
- return (w[ROM.NLEN - 1] >> ((8 * ROM.MODBYTES) % ROM.BASEBITS)); // return excess - only used in ff.c
- }
-
-/* general shift left */
- public virtual void shl(int k)
- {
- int n = k % ROM.BASEBITS;
- int m = k / ROM.BASEBITS;
-
- w[ROM.NLEN - 1] = ((w[ROM.NLEN - 1 - m] << n)) | (w[ROM.NLEN - m - 2]>>(ROM.BASEBITS - n));
- for (int i = ROM.NLEN - 2;i > m;i--)
- {
- w[i] = ((w[i - m] << n) & ROM.MASK) | (w[i - m - 1]>>(ROM.BASEBITS - n));
- }
- w[m] = (w[0] << n) & ROM.MASK;
- for (int i = 0;i < m;i++)
- {
- w[i] = 0;
- }
- }
-
-/* return number of bits */
- public virtual int nbits()
- {
- int bts , k = ROM.NLEN - 1;
- long c;
- norm();
- while (k >= 0 && w[k] == 0)
- {
- k--;
- }
- if (k < 0)
- {
- return 0;
- }
- bts = ROM.BASEBITS * k;
- c = w[k];
- while (c != 0)
- {
- c /= 2;
- bts++;
- }
- return bts;
- }
-
- public virtual string toRawString()
- {
- BIG b = new BIG(this);
- string s = "(";
- for (int i = 0;i < ROM.NLEN - 1;i++)
- {
- s += b.w[i].ToString("x");
- s += ",";
- }
- s += b.w[ROM.NLEN - 1].ToString("x");
- s += ")";
- return s;
- }
-
-/* Convert to Hex String */
- public override string ToString()
- {
- BIG b;
- string s = "";
- int len = nbits();
-
- if (len % 4 == 0)
- {
- len /= 4;
- }
- else
- {
- len /= 4;
- len++;
- }
- if (len < ROM.MODBYTES * 2)
- {
- len = ROM.MODBYTES * 2;
- }
-
- for (int i = len - 1;i >= 0;i--)
- {
- b = new BIG(this);
- b.shr(i * 4);
- s += (b.w[0] & 15).ToString("x");
- }
- return s;
- }
-
-/* return this+x */
- public virtual BIG plus(BIG x)
- {
- BIG s = new BIG(0);
- for (int i = 0;i < ROM.NLEN;i++)
- {
- s.w[i] = w[i] + x.w[i];
- }
- return s;
- }
-
-/* this+=x */
- public virtual void add(BIG x)
- {
- for (int i = 0;i < ROM.NLEN;i++)
- {
- w[i] += x.w[i];
- }
- }
-
-/* this+=x, where x is int */
- public virtual void inc(int x)
- {
- norm();
- w[0] += x;
- }
-
-/* return this.x */
- public virtual BIG minus(BIG x)
- {
- BIG d = new BIG(0);
- for (int i = 0;i < ROM.NLEN;i++)
- {
- d.w[i] = w[i] - x.w[i];
- }
- return d;
- }
-
-/* this-=x */
- public virtual void sub(BIG x)
- {
- for (int i = 0;i < ROM.NLEN;i++)
- {
- w[i] -= x.w[i];
- }
- }
-
-/* reverse subtract this=x-this */
- public virtual void rsub(BIG x)
- {
- for (int i = 0;i < ROM.NLEN;i++)
- {
- w[i] = x.w[i] - w[i];
- }
- }
-
-/* this-=x where x is int */
- public virtual void dec(int x)
- {
- norm();
- w[0] -= (long)x;
- }
-
-/* this*=x, where x is small int<NEXCESS */
- public virtual void imul(int c)
- {
- for (int i = 0;i < ROM.NLEN;i++)
- {
- w[i] *= c;
- }
- }
-
-/* convert this BIG to byte array */
- public virtual void tobytearray(sbyte[] b, int n)
- {
- norm();
- BIG c = new BIG(this);
-
- for (int i = ROM.MODBYTES - 1;i >= 0;i--)
- {
- b[i + n] = (sbyte)c.w[0];
- c.fshr(8);
- }
- }
-
-/* convert from byte array to BIG */
- public static BIG frombytearray(sbyte[] b, int n)
- {
- BIG m = new BIG(0);
-
- for (int i = 0;i < ROM.MODBYTES;i++)
- {
- m.fshl(8);
- m.w[0] += (int)b[i + n] & 0xff;
- //m.inc((int)b[i]&0xff);
- }
- return m;
- }
-
- public virtual void toBytes(sbyte[] b)
- {
- tobytearray(b,0);
- }
-
- public static BIG fromBytes(sbyte[] b)
- {
- return frombytearray(b,0);
- }
-
-
-/* set this[i]+=x*y+c, and return high part */
-
- public virtual long muladd(long a, long b, long c, int i)
- {
- long x0, x1, y0, y1;
- x0 = a & ROM.HMASK;
- x1 = (a >> ROM.HBITS);
- y0 = b & ROM.HMASK;
- y1 = (b >> ROM.HBITS);
- long bot = x0 * y0;
- long top = x1 * y1;
- long mid = x0 * y1 + x1 * y0;
- x0 = mid & ROM.HMASK;
- x1 = (mid >> ROM.HBITS);
- bot += x0 << ROM.HBITS;
- bot += c;
- bot += w[i];
- top += x1;
- long carry = bot >> ROM.BASEBITS;
- bot &= ROM.MASK;
- top += carry;
- w[i] = bot;
- return top;
- }
-
-/* this*=x, where x is >NEXCESS */
- public virtual long pmul(int c)
- {
- long ak , carry = 0;
- norm();
- for (int i = 0;i < ROM.NLEN;i++)
- {
- ak = w[i];
- w[i] = 0;
- carry = muladd(ak,(long)c,carry,i);
- }
- return carry;
- }
-
-/* this*=c and catch overflow in DBIG */
- public virtual DBIG pxmul(int c)
- {
- DBIG m = new DBIG(0);
- long carry = 0;
- for (int j = 0;j < ROM.NLEN;j++)
- {
- carry = m.muladd(w[j],(long)c,carry,j);
- }
- m.w[ROM.NLEN] = carry;
- return m;
- }
-
-/* divide by 3 */
- public virtual int div3()
- {
- long ak , @base , carry = 0;
- norm();
- @base = ((long)1 << ROM.BASEBITS);
- for (int i = ROM.NLEN - 1;i >= 0;i--)
- {
- ak = (carry * @base + w[i]);
- w[i] = ak / 3;
- carry = ak % 3;
- }
- return (int)carry;
- }
-
-/* return a*b where result fits in a BIG */
- public static BIG smul(BIG a, BIG b)
- {
- long carry;
- BIG c = new BIG(0);
- for (int i = 0;i < ROM.NLEN;i++)
- {
- carry = 0;
- for (int j = 0;j < ROM.NLEN;j++)
- {
- if (i + j < ROM.NLEN)
- {
- carry = c.muladd(a.w[i],b.w[j],carry,i + j);
- }
- }
- }
- return c;
- }
-
-/* Compare a and b, return 0 if a==b, -1 if a<b, +1 if a>b. Inputs must be normalised */
- public static int comp(BIG a, BIG b)
- {
- for (int i = ROM.NLEN - 1;i >= 0;i--)
- {
- if (a.w[i] == b.w[i])
- {
- continue;
- }
- if (a.w[i] > b.w[i])
- {
- return 1;
- }
- else
- {
- return -1;
- }
- }
- return 0;
- }
-
-/* set x = x mod 2^m */
- public virtual void mod2m(int m)
- {
- int i, wd, bt;
- long msk;
-
- wd = m / ROM.BASEBITS;
- bt = m % ROM.BASEBITS;
- msk = ((long)1 << bt) - 1;
- w[wd] &= msk;
- for (i = wd + 1;i < ROM.NLEN;i++)
- {
- w[i] = 0;
- }
- }
-
-/* Arazi and Qi inversion mod 256 */
- public static int invmod256(int a)
- {
- int U, t1, t2, b, c;
- t1 = 0;
- c = (a >> 1) & 1;
- t1 += c;
- t1 &= 1;
- t1 = 2 - t1;
- t1 <<= 1;
- U = t1 + 1;
-
-// i=2
- b = a & 3;
- t1 = U * b;
- t1 >>= 2;
- c = (a >> 2) & 3;
- t2 = (U * c) & 3;
- t1 += t2;
- t1 *= U;
- t1 &= 3;
- t1 = 4 - t1;
- t1 <<= 2;
- U += t1;
-
-// i=4
- b = a & 15;
- t1 = U * b;
- t1 >>= 4;
- c = (a >> 4) & 15;
- t2 = (U * c) & 15;
- t1 += t2;
- t1 *= U;
- t1 &= 15;
- t1 = 16 - t1;
- t1 <<= 4;
- U += t1;
-
- return U;
- }
-
-/* a=1/a mod 2^256. This is very fast! */
- public virtual void invmod2m()
- {
- int i;
- BIG U = new BIG(0);
- BIG b = new BIG(0);
- BIG c = new BIG(0);
-
- U.inc(invmod256(lastbits(8)));
-
- for (i = 8;i < 256;i <<= 1)
- {
- b.copy(this);
- b.mod2m(i);
- BIG t1 = BIG.smul(U,b);
- t1.shr(i);
- c.copy(this);
- c.shr(i);
- c.mod2m(i);
-
- BIG t2 = BIG.smul(U,c);
- t2.mod2m(i);
- t1.add(t2);
- b = BIG.smul(t1,U);
- t1.copy(b);
- t1.mod2m(i);
-
- t2.one();
- t2.shl(i);
- t1.rsub(t2);
- t1.norm();
- t1.shl(i);
- U.add(t1);
- }
- this.copy(U);
- }
-
-/* reduce this mod m */
- public virtual void mod(BIG m)
- {
- int k = 0;
-
- norm();
- if (comp(this,m) < 0)
- {
- return;
- }
- do
- {
- m.fshl(1);
- k++;
- } while (comp(this,m) >= 0);
-
- while (k > 0)
- {
- m.fshr(1);
- if (comp(this,m) >= 0)
- {
- sub(m);
- norm();
- }
- k--;
- }
- }
-
-/* divide this by m */
- public virtual void div(BIG m)
- {
- int k = 0;
- norm();
- BIG e = new BIG(1);
- BIG b = new BIG(this);
- zero();
-
- while (comp(b,m) >= 0)
- {
- e.fshl(1);
- m.fshl(1);
- k++;
- }
-
- while (k > 0)
- {
- m.fshr(1);
- e.fshr(1);
- if (comp(b,m) >= 0)
- {
- add(e);
- norm();
- b.sub(m);
- b.norm();
- }
- k--;
- }
- }
-
-/* return parity */
- public virtual int parity()
- {
- return (int)(w[0] % 2);
- }
-
-/* return n-th bit */
- public virtual int bit(int n)
- {
- if ((w[n / ROM.BASEBITS] & ((long)1 << (n % ROM.BASEBITS)))>0)
- {
- return 1;
- }
- else
- {
- return 0;
- }
- }
-
-/* return n last bits */
- public virtual int lastbits(int n)
- {
- int msk = (1 << n) - 1;
- norm();
- return ((int)w[0]) & msk;
- }
-
-/* get 8*MODBYTES size random number */
- public static BIG random(RAND rng)
- {
- BIG m = new BIG(0);
- int i , b , j = 0, r = 0;
-
-/* generate random BIG */
- for (i = 0;i < 8 * ROM.MODBYTES;i++)
- {
- if (j == 0)
- {
- r = rng.Byte;
- }
- else
- {
- r >>= 1;
- }
-
- b = r & 1;
- m.shl(1);
- m.w[0] += b; // m.inc(b);
- j++;
- j &= 7;
- }
- return m;
- }
-
-/* Create random BIG in portable way, one bit at a time */
- public static BIG randomnum(BIG q, RAND rng)
- {
- DBIG d = new DBIG(0);
- int i , b , j = 0, r = 0;
- for (i = 0;i < 2 * ROM.MODBITS;i++)
- {
- if (j == 0)
- {
- r = rng.Byte;
- }
- else
- {
- r >>= 1;
- }
-
- b = r & 1;
- d.shl(1);
- d.w[0] += b; // m.inc(b);
- j++;
- j &= 7;
- }
- BIG m = d.mod(q);
- return m;
- }
-
-/* return NAF value as +/- 1, 3 or 5. x and x3 should be normed.
-nbs is number of bits processed, and nzs is number of trailing 0s detected */
- public static int[] nafbits(BIG x, BIG x3, int i)
- {
- int[] n = new int[3];
- int nb = x3.bit(i) - x.bit(i);
- int j;
- n[1] = 1;
- n[0] = 0;
- if (nb == 0)
- {
- n[0] = 0;
- return n;
- }
- if (i == 0)
- {
- n[0] = nb;
- return n;
- }
- if (nb > 0)
- {
- n[0] = 1;
- }
- else
- {
- n[0] = (-1);
- }
-
- for (j = i - 1;j > 0;j--)
- {
- n[1]++;
- n[0] *= 2;
- nb = x3.bit(j) - x.bit(j);
- if (nb > 0)
- {
- n[0] += 1;
- }
- if (nb < 0)
- {
- n[0] -= 1;
- }
- if (n[0] > 5 || n[0] < -5)
- {
- break;
- }
- }
-
- if (n[0] % 2 != 0 && j != 0)
- { // backtrack
- if (nb > 0)
- {
- n[0] = (n[0] - 1) / 2;
- }
- if (nb < 0)
- {
- n[0] = (n[0] + 1) / 2;
- }
- n[1]--;
- }
- while (n[0] % 2 == 0)
- { // remove trailing zeros
- n[0] /= 2;
- n[2]++;
- n[1]--;
- }
- return n;
- }
-
-/* return a*b as DBIG */
- public static DBIG mul(BIG a, BIG b)
- {
- DBIG c = new DBIG(0);
- long carry;
- a.norm();
- b.norm();
-
- for (int i = 0;i < ROM.NLEN;i++)
- {
- carry = 0;
- for (int j = 0;j < ROM.NLEN;j++)
- {
- carry = c.muladd(a.w[i],b.w[j],carry,i + j);
- }
- c.w[ROM.NLEN + i] = carry;
- }
-
- return c;
- }
-
-/* return a^2 as DBIG */
- public static DBIG sqr(BIG a)
- {
- DBIG c = new DBIG(0);
- long carry;
- a.norm();
- for (int i = 0;i < ROM.NLEN;i++)
- {
- carry = 0;
- for (int j = i + 1;j < ROM.NLEN;j++)
- {
- carry = c.muladd(2 * a.w[i],a.w[j],carry,i + j);
- }
- c.w[ROM.NLEN + i] = carry;
- }
-
- for (int i = 0;i < ROM.NLEN;i++)
- {
- c.w[2 * i + 1] += c.muladd(a.w[i],a.w[i],0,2 * i);
- }
-
- c.norm();
- return c;
- }
-
-/* reduce a DBIG to a BIG using the appropriate form of the modulus */
- public static BIG mod(DBIG d)
- {
- BIG b;
- if (ROM.MODTYPE == ROM.PSEUDO_MERSENNE)
- {
- long v, tw;
- BIG t = d.Split(ROM.MODBITS);
- b = new BIG(d);
- unchecked
- {
- v = t.pmul((int)ROM.MConst);
- }
- tw = t.w[ROM.NLEN - 1];
- t.w[ROM.NLEN - 1] &= ROM.TMASK;
- t.w[0] += (ROM.MConst * ((tw >> ROM.TBITS) + (v << (ROM.BASEBITS - ROM.TBITS))));
-
- b.add(t);
- b.norm();
- }
- if (ROM.MODTYPE == ROM.MONTGOMERY_FRIENDLY)
- {
- for (int i = 0;i < ROM.NLEN;i++)
- {
- d.w[ROM.NLEN + i] += d.muladd(d.w[i],ROM.MConst - 1,d.w[i],ROM.NLEN + i - 1);
- }
-
- b = new BIG(0);
-
- for (int i = 0;i < ROM.NLEN;i++)
- {
- b.w[i] = d.w[ROM.NLEN + i];
- }
- b.norm();
- }
-
- if (ROM.MODTYPE == ROM.NOT_SPECIAL)
- {
- BIG md = new BIG(ROM.Modulus);
- long m, carry;
- for (int i = 0;i < ROM.NLEN;i++)
- {
- if (ROM.MConst == -1)
- {
- m = (-d.w[i]) & ROM.MASK;
- }
- else
- {
- if (ROM.MConst == 1)
- {
- m = d.w[i];
- }
- else
- {
- m = (ROM.MConst * d.w[i]) & ROM.MASK;
- }
- }
-
- carry = 0;
- for (int j = 0;j < ROM.NLEN;j++)
- {
- carry = d.muladd(m,md.w[j],carry,i + j);
- }
- d.w[ROM.NLEN + i] += carry;
- }
-
- b = new BIG(0);
- for (int i = 0;i < ROM.NLEN;i++)
- {
- b.w[i] = d.w[ROM.NLEN + i];
- }
- b.norm();
- }
-
- return b;
- }
-
-/* return a*b mod m */
- public static BIG modmul(BIG a, BIG b, BIG m)
- {
- a.mod(m);
- b.mod(m);
- DBIG d = mul(a,b);
- return d.mod(m);
- }
-
-/* return a^2 mod m */
- public static BIG modsqr(BIG a, BIG m)
- {
- a.mod(m);
- DBIG d = sqr(a);
- return d.mod(m);
- }
-
-/* return -a mod m */
- public static BIG modneg(BIG a, BIG m)
- {
- a.mod(m);
- return m.minus(a);
- }
-
-/* return this^e mod m */
- public virtual BIG powmod(BIG e, BIG m)
- {
- int bt;
- norm();
- e.norm();
- BIG a = new BIG(1);
- BIG z = new BIG(e);
- BIG s = new BIG(this);
- while (true)
- {
- bt = z.parity();
- z.fshr(1);
- if (bt == 1)
- {
- a = modmul(a,s,m);
- }
- if (z.iszilch())
- {
- break;
- }
- s = modsqr(s,m);
- }
- return a;
- }
-
-/* Jacobi Symbol (this/p). Returns 0, 1 or -1 */
- public virtual int jacobi(BIG p)
- {
- int n8 , k , m = 0;
- BIG t = new BIG(0);
- BIG x = new BIG(0);
- BIG n = new BIG(0);
- BIG zilch = new BIG(0);
- BIG one = new BIG(1);
- if (p.parity() == 0 || comp(this,zilch) == 0 || comp(p,one) <= 0)
- {
- return 0;
- }
- norm();
- x.copy(this);
- n.copy(p);
- x.mod(p);
-
- while (comp(n,one) > 0)
- {
- if (comp(x,zilch) == 0)
- {
- return 0;
- }
- n8 = n.lastbits(3);
- k = 0;
- while (x.parity() == 0)
- {
- k++;
- x.shr(1);
- }
- if (k % 2 == 1)
- {
- m += (n8 * n8 - 1) / 8;
- }
- m += (n8 - 1) * (x.lastbits(2) - 1) / 4;
- t.copy(n);
- t.mod(x);
- n.copy(x);
- x.copy(t);
- m %= 2;
-
- }
- if (m == 0)
- {
- return 1;
- }
- else
- {
- return -1;
- }
- }
-
-/* this=1/this mod p. Binary method */
- public virtual void invmodp(BIG p)
- {
- mod(p);
- BIG u = new BIG(this);
-
- BIG v = new BIG(p);
- BIG x1 = new BIG(1);
- BIG x2 = new BIG(0);
- BIG t = new BIG(0);
- BIG one = new BIG(1);
- while (comp(u,one) != 0 && comp(v,one) != 0)
- {
- while (u.parity() == 0)
- {
- u.shr(1);
- if (x1.parity() != 0)
- {
- x1.add(p);
- x1.norm();
- }
- x1.shr(1);
- }
- while (v.parity() == 0)
- {
- v.shr(1);
- if (x2.parity() != 0)
- {
- x2.add(p);
- x2.norm();
- }
- x2.shr(1);
- }
- if (comp(u,v) >= 0)
- {
- u.sub(v);
- u.norm();
- if (comp(x1,x2) >= 0)
- {
- x1.sub(x2);
- }
- else
- {
- t.copy(p);
- t.sub(x2);
- x1.add(t);
- }
- x1.norm();
- }
- else
- {
- v.sub(u);
- v.norm();
- if (comp(x2,x1) >= 0)
- {
- x2.sub(x1);
- }
- else
- {
- t.copy(p);
- t.sub(x1);
- x2.add(t);
- }
- x2.norm();
- }
- }
- if (comp(u,one) == 0)
- {
- copy(x1);
- }
- else
- {
- copy(x2);
- }
- }
-}