You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@milagro.apache.org by br...@apache.org on 2018/11/07 23:50:03 UTC
[26/51] [partial] incubator-milagro-crypto git commit: update code
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/AES.java
----------------------------------------------------------------------
diff --git a/java64/AES.java b/java64/AES.java
deleted file mode 100755
index 08bb2fe..0000000
--- a/java64/AES.java
+++ /dev/null
@@ -1,648 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-
-/* AES Encryption */
-
-
-public class AES {
- int mode;
- private int[] fkey=new int[44];
- private int[] rkey=new int[44];
- public byte[] f=new byte[16];
-
-
- public static final int ECB=0;
- public static final int CBC=1;
- public static final int CFB1=2;
- public static final int CFB2=3;
- public static final int CFB4=5;
- public static final int OFB1=14;
- public static final int OFB2=15;
- public static final int OFB4=17;
- public static final int OFB8=21;
- public static final int OFB16=29;
-
- private static final byte[] InCo={(byte)0xB,(byte)0xD,(byte)0x9,(byte)0xE}; /* Inverse Coefficients */
-
- public static final int KS=16; /* Key Size in bytes */
- public static final int BS=16; /* Block Size */
-
- private static final byte[] ptab=
- {(byte)1,(byte)3,(byte)5,(byte)15,(byte)17,(byte)51,(byte)85,(byte)255,(byte)26,(byte)46,(byte)114,(byte)150,(byte)161,(byte)248,(byte)19,(byte)53,
- (byte)95,(byte)225,(byte)56,(byte)72,(byte)216,(byte)115,(byte)149,(byte)164,(byte)247,(byte)2,(byte)6,(byte)10,(byte)30,(byte)34,(byte)102,(byte)170,
- (byte)229,(byte)52,(byte)92,(byte)228,(byte)55,(byte)89,(byte)235,(byte)38,(byte)106,(byte)190,(byte)217,(byte)112,(byte)144,(byte)171,(byte)230,(byte)49,
- (byte)83,(byte)245,(byte)4,(byte)12,(byte)20,(byte)60,(byte)68,(byte)204,(byte)79,(byte)209,(byte)104,(byte)184,(byte)211,(byte)110,(byte)178,(byte)205,
- (byte)76,(byte)212,(byte)103,(byte)169,(byte)224,(byte)59,(byte)77,(byte)215,(byte)98,(byte)166,(byte)241,(byte)8,(byte)24,(byte)40,(byte)120,(byte)136,
- (byte)131,(byte)158,(byte)185,(byte)208,(byte)107,(byte)189,(byte)220,(byte)127,(byte)129,(byte)152,(byte)179,(byte)206,(byte)73,(byte)219,(byte)118,(byte)154,
- (byte)181,(byte)196,(byte)87,(byte)249,(byte)16,(byte)48,(byte)80,(byte)240,(byte)11,(byte)29,(byte)39,(byte)105,(byte)187,(byte)214,(byte)97,(byte)163,
- (byte)254,(byte)25,(byte)43,(byte)125,(byte)135,(byte)146,(byte)173,(byte)236,(byte)47,(byte)113,(byte)147,(byte)174,(byte)233,(byte)32,(byte)96,(byte)160,
- (byte)251,(byte)22,(byte)58,(byte)78,(byte)210,(byte)109,(byte)183,(byte)194,(byte)93,(byte)231,(byte)50,(byte)86,(byte)250,(byte)21,(byte)63,(byte)65,
- (byte)195,(byte)94,(byte)226,(byte)61,(byte)71,(byte)201,(byte)64,(byte)192,(byte)91,(byte)237,(byte)44,(byte)116,(byte)156,(byte)191,(byte)218,(byte)117,
- (byte)159,(byte)186,(byte)213,(byte)100,(byte)172,(byte)239,(byte)42,(byte)126,(byte)130,(byte)157,(byte)188,(byte)223,(byte)122,(byte)142,(byte)137,(byte)128,
- (byte)155,(byte)182,(byte)193,(byte)88,(byte)232,(byte)35,(byte)101,(byte)175,(byte)234,(byte)37,(byte)111,(byte)177,(byte)200,(byte)67,(byte)197,(byte)84,
- (byte)252,(byte)31,(byte)33,(byte)99,(byte)165,(byte)244,(byte)7,(byte)9,(byte)27,(byte)45,(byte)119,(byte)153,(byte)176,(byte)203,(byte)70,(byte)202,
- (byte)69,(byte)207,(byte)74,(byte)222,(byte)121,(byte)139,(byte)134,(byte)145,(byte)168,(byte)227,(byte)62,(byte)66,(byte)198,(byte)81,(byte)243,(byte)14,
- (byte)18,(byte)54,(byte)90,(byte)238,(byte)41,(byte)123,(byte)141,(byte)140,(byte)143,(byte)138,(byte)133,(byte)148,(byte)167,(byte)242,(byte)13,(byte)23,
- (byte)57,(byte)75,(byte)221,(byte)124,(byte)132,(byte)151,(byte)162,(byte)253,(byte)28,(byte)36,(byte)108,(byte)180,(byte)199,(byte)82,(byte)246,(byte)1};
-
- private static final byte[] ltab=
- {(byte)0,(byte)255,(byte)25,(byte)1,(byte)50,(byte)2,(byte)26,(byte)198,(byte)75,(byte)199,(byte)27,(byte)104,(byte)51,(byte)238,(byte)223,(byte)3,
- (byte)100,(byte)4,(byte)224,(byte)14,(byte)52,(byte)141,(byte)129,(byte)239,(byte)76,(byte)113,(byte)8,(byte)200,(byte)248,(byte)105,(byte)28,(byte)193,
- (byte)125,(byte)194,(byte)29,(byte)181,(byte)249,(byte)185,(byte)39,(byte)106,(byte)77,(byte)228,(byte)166,(byte)114,(byte)154,(byte)201,(byte)9,(byte)120,
- (byte)101,(byte)47,(byte)138,(byte)5,(byte)33,(byte)15,(byte)225,(byte)36,(byte)18,(byte)240,(byte)130,(byte)69,(byte)53,(byte)147,(byte)218,(byte)142,
- (byte)150,(byte)143,(byte)219,(byte)189,(byte)54,(byte)208,(byte)206,(byte)148,(byte)19,(byte)92,(byte)210,(byte)241,(byte)64,(byte)70,(byte)131,(byte)56,
- (byte)102,(byte)221,(byte)253,(byte)48,(byte)191,(byte)6,(byte)139,(byte)98,(byte)179,(byte)37,(byte)226,(byte)152,(byte)34,(byte)136,(byte)145,(byte)16,
- (byte)126,(byte)110,(byte)72,(byte)195,(byte)163,(byte)182,(byte)30,(byte)66,(byte)58,(byte)107,(byte)40,(byte)84,(byte)250,(byte)133,(byte)61,(byte)186,
- (byte)43,(byte)121,(byte)10,(byte)21,(byte)155,(byte)159,(byte)94,(byte)202,(byte)78,(byte)212,(byte)172,(byte)229,(byte)243,(byte)115,(byte)167,(byte)87,
- (byte)175,(byte)88,(byte)168,(byte)80,(byte)244,(byte)234,(byte)214,(byte)116,(byte)79,(byte)174,(byte)233,(byte)213,(byte)231,(byte)230,(byte)173,(byte)232,
- (byte)44,(byte)215,(byte)117,(byte)122,(byte)235,(byte)22,(byte)11,(byte)245,(byte)89,(byte)203,(byte)95,(byte)176,(byte)156,(byte)169,(byte)81,(byte)160,
- (byte)127,(byte)12,(byte)246,(byte)111,(byte)23,(byte)196,(byte)73,(byte)236,(byte)216,(byte)67,(byte)31,(byte)45,(byte)164,(byte)118,(byte)123,(byte)183,
- (byte)204,(byte)187,(byte)62,(byte)90,(byte)251,(byte)96,(byte)177,(byte)134,(byte)59,(byte)82,(byte)161,(byte)108,(byte)170,(byte)85,(byte)41,(byte)157,
- (byte)151,(byte)178,(byte)135,(byte)144,(byte)97,(byte)190,(byte)220,(byte)252,(byte)188,(byte)149,(byte)207,(byte)205,(byte)55,(byte)63,(byte)91,(byte)209,
- (byte)83,(byte)57,(byte)132,(byte)60,(byte)65,(byte)162,(byte)109,(byte)71,(byte)20,(byte)42,(byte)158,(byte)93,(byte)86,(byte)242,(byte)211,(byte)171,
- (byte)68,(byte)17,(byte)146,(byte)217,(byte)35,(byte)32,(byte)46,(byte)137,(byte)180,(byte)124,(byte)184,(byte)38,(byte)119,(byte)153,(byte)227,(byte)165,
- (byte)103,(byte)74,(byte)237,(byte)222,(byte)197,(byte)49,(byte)254,(byte)24,(byte)13,(byte)99,(byte)140,(byte)128,(byte)192,(byte)247,(byte)112,(byte)7};
-
- private static final byte[] fbsub=
- {(byte)99,(byte)124,(byte)119,(byte)123,(byte)242,(byte)107,(byte)111,(byte)197,(byte)48,(byte)1,(byte)103,(byte)43,(byte)254,(byte)215,(byte)171,(byte)118,
- (byte)202,(byte)130,(byte)201,(byte)125,(byte)250,(byte)89,(byte)71,(byte)240,(byte)173,(byte)212,(byte)162,(byte)175,(byte)156,(byte)164,(byte)114,(byte)192,
- (byte)183,(byte)253,(byte)147,(byte)38,(byte)54,(byte)63,(byte)247,(byte)204,(byte)52,(byte)165,(byte)229,(byte)241,(byte)113,(byte)216,(byte)49,(byte)21,
- (byte)4,(byte)199,(byte)35,(byte)195,(byte)24,(byte)150,(byte)5,(byte)154,(byte)7,(byte)18,(byte)128,(byte)226,(byte)235,(byte)39,(byte)178,(byte)117,
- (byte)9,(byte)131,(byte)44,(byte)26,(byte)27,(byte)110,(byte)90,(byte)160,(byte)82,(byte)59,(byte)214,(byte)179,(byte)41,(byte)227,(byte)47,(byte)132,
- (byte)83,(byte)209,(byte)0,(byte)237,(byte)32,(byte)252,(byte)177,(byte)91,(byte)106,(byte)203,(byte)190,(byte)57,(byte)74,(byte)76,(byte)88,(byte)207,
- (byte)208,(byte)239,(byte)170,(byte)251,(byte)67,(byte)77,(byte)51,(byte)133,(byte)69,(byte)249,(byte)2,(byte)127,(byte)80,(byte)60,(byte)159,(byte)168,
- (byte)81,(byte)163,(byte)64,(byte)143,(byte)146,(byte)157,(byte)56,(byte)245,(byte)188,(byte)182,(byte)218,(byte)33,(byte)16,(byte)255,(byte)243,(byte)210,
- (byte)205,(byte)12,(byte)19,(byte)236,(byte)95,(byte)151,(byte)68,(byte)23,(byte)196,(byte)167,(byte)126,(byte)61,(byte)100,(byte)93,(byte)25,(byte)115,
- (byte)96,(byte)129,(byte)79,(byte)220,(byte)34,(byte)42,(byte)144,(byte)136,(byte)70,(byte)238,(byte)184,(byte)20,(byte)222,(byte)94,(byte)11,(byte)219,
- (byte)224,(byte)50,(byte)58,(byte)10,(byte)73,(byte)6,(byte)36,(byte)92,(byte)194,(byte)211,(byte)172,(byte)98,(byte)145,(byte)149,(byte)228,(byte)121,
- (byte)231,(byte)200,(byte)55,(byte)109,(byte)141,(byte)213,(byte)78,(byte)169,(byte)108,(byte)86,(byte)244,(byte)234,(byte)101,(byte)122,(byte)174,(byte)8,
- (byte)186,(byte)120,(byte)37,(byte)46,(byte)28,(byte)166,(byte)180,(byte)198,(byte)232,(byte)221,(byte)116,(byte)31,(byte)75,(byte)189,(byte)139,(byte)138,
- (byte)112,(byte)62,(byte)181,(byte)102,(byte)72,(byte)3,(byte)246,(byte)14,(byte)97,(byte)53,(byte)87,(byte)185,(byte)134,(byte)193,(byte)29,(byte)158,
- (byte)225,(byte)248,(byte)152,(byte)17,(byte)105,(byte)217,(byte)142,(byte)148,(byte)155,(byte)30,(byte)135,(byte)233,(byte)206,(byte)85,(byte)40,(byte)223,
- (byte)140,(byte)161,(byte)137,(byte)13,(byte)191,(byte)230,(byte)66,(byte)104,(byte)65,(byte)153,(byte)45,(byte)15,(byte)176,(byte)84,(byte)187,(byte)22};
-
- private static final byte[] rbsub=
- {(byte)82,(byte)9,(byte)106,(byte)213,(byte)48,(byte)54,(byte)165,(byte)56,(byte)191,(byte)64,(byte)163,(byte)158,(byte)129,(byte)243,(byte)215,(byte)251,
- (byte)124,(byte)227,(byte)57,(byte)130,(byte)155,(byte)47,(byte)255,(byte)135,(byte)52,(byte)142,(byte)67,(byte)68,(byte)196,(byte)222,(byte)233,(byte)203,
- (byte)84,(byte)123,(byte)148,(byte)50,(byte)166,(byte)194,(byte)35,(byte)61,(byte)238,(byte)76,(byte)149,(byte)11,(byte)66,(byte)250,(byte)195,(byte)78,
- (byte)8,(byte)46,(byte)161,(byte)102,(byte)40,(byte)217,(byte)36,(byte)178,(byte)118,(byte)91,(byte)162,(byte)73,(byte)109,(byte)139,(byte)209,(byte)37,
- (byte)114,(byte)248,(byte)246,(byte)100,(byte)134,(byte)104,(byte)152,(byte)22,(byte)212,(byte)164,(byte)92,(byte)204,(byte)93,(byte)101,(byte)182,(byte)146,
- (byte)108,(byte)112,(byte)72,(byte)80,(byte)253,(byte)237,(byte)185,(byte)218,(byte)94,(byte)21,(byte)70,(byte)87,(byte)167,(byte)141,(byte)157,(byte)132,
- (byte)144,(byte)216,(byte)171,(byte)0,(byte)140,(byte)188,(byte)211,(byte)10,(byte)247,(byte)228,(byte)88,(byte)5,(byte)184,(byte)179,(byte)69,(byte)6,
- (byte)208,(byte)44,(byte)30,(byte)143,(byte)202,(byte)63,(byte)15,(byte)2,(byte)193,(byte)175,(byte)189,(byte)3,(byte)1,(byte)19,(byte)138,(byte)107,
- (byte)58,(byte)145,(byte)17,(byte)65,(byte)79,(byte)103,(byte)220,(byte)234,(byte)151,(byte)242,(byte)207,(byte)206,(byte)240,(byte)180,(byte)230,(byte)115,
- (byte)150,(byte)172,(byte)116,(byte)34,(byte)231,(byte)173,(byte)53,(byte)133,(byte)226,(byte)249,(byte)55,(byte)232,(byte)28,(byte)117,(byte)223,(byte)110,
- (byte)71,(byte)241,(byte)26,(byte)113,(byte)29,(byte)41,(byte)197,(byte)137,(byte)111,(byte)183,(byte)98,(byte)14,(byte)170,(byte)24,(byte)190,(byte)27,
- (byte)252,(byte)86,(byte)62,(byte)75,(byte)198,(byte)210,(byte)121,(byte)32,(byte)154,(byte)219,(byte)192,(byte)254,(byte)120,(byte)205,(byte)90,(byte)244,
- (byte)31,(byte)221,(byte)168,(byte)51,(byte)136,(byte)7,(byte)199,(byte)49,(byte)177,(byte)18,(byte)16,(byte)89,(byte)39,(byte)128,(byte)236,(byte)95,
- (byte)96,(byte)81,(byte)127,(byte)169,(byte)25,(byte)181,(byte)74,(byte)13,(byte)45,(byte)229,(byte)122,(byte)159,(byte)147,(byte)201,(byte)156,(byte)239,
- (byte)160,(byte)224,(byte)59,(byte)77,(byte)174,(byte)42,(byte)245,(byte)176,(byte)200,(byte)235,(byte)187,(byte)60,(byte)131,(byte)83,(byte)153,(byte)97,
- (byte)23,(byte)43,(byte)4,(byte)126,(byte)186,(byte)119,(byte)214,(byte)38,(byte)225,(byte)105,(byte)20,(byte)99,(byte)85,(byte)33,(byte)12,(byte)125};
-
- private static final byte[] rco=
- {(byte)1,(byte)2,(byte)4,(byte)8,(byte)16,(byte)32,(byte)64,(byte)128,(byte)27,(byte)54,(byte)108,(byte)216,(byte)171,(byte)77,(byte)154,(byte)47};
-
- private static final int[] ftable=
- {0xa56363c6,0x847c7cf8,0x997777ee,0x8d7b7bf6,0xdf2f2ff,0xbd6b6bd6,
- 0xb16f6fde,0x54c5c591,0x50303060,0x3010102,0xa96767ce,0x7d2b2b56,
- 0x19fefee7,0x62d7d7b5,0xe6abab4d,0x9a7676ec,0x45caca8f,0x9d82821f,
- 0x40c9c989,0x877d7dfa,0x15fafaef,0xeb5959b2,0xc947478e,0xbf0f0fb,
- 0xecadad41,0x67d4d4b3,0xfda2a25f,0xeaafaf45,0xbf9c9c23,0xf7a4a453,
- 0x967272e4,0x5bc0c09b,0xc2b7b775,0x1cfdfde1,0xae93933d,0x6a26264c,
- 0x5a36366c,0x413f3f7e,0x2f7f7f5,0x4fcccc83,0x5c343468,0xf4a5a551,
- 0x34e5e5d1,0x8f1f1f9,0x937171e2,0x73d8d8ab,0x53313162,0x3f15152a,
- 0xc040408,0x52c7c795,0x65232346,0x5ec3c39d,0x28181830,0xa1969637,
- 0xf05050a,0xb59a9a2f,0x907070e,0x36121224,0x9b80801b,0x3de2e2df,
- 0x26ebebcd,0x6927274e,0xcdb2b27f,0x9f7575ea,0x1b090912,0x9e83831d,
- 0x742c2c58,0x2e1a1a34,0x2d1b1b36,0xb26e6edc,0xee5a5ab4,0xfba0a05b,
- 0xf65252a4,0x4d3b3b76,0x61d6d6b7,0xceb3b37d,0x7b292952,0x3ee3e3dd,
- 0x712f2f5e,0x97848413,0xf55353a6,0x68d1d1b9,0x0,0x2cededc1,
- 0x60202040,0x1ffcfce3,0xc8b1b179,0xed5b5bb6,0xbe6a6ad4,0x46cbcb8d,
- 0xd9bebe67,0x4b393972,0xde4a4a94,0xd44c4c98,0xe85858b0,0x4acfcf85,
- 0x6bd0d0bb,0x2aefefc5,0xe5aaaa4f,0x16fbfbed,0xc5434386,0xd74d4d9a,
- 0x55333366,0x94858511,0xcf45458a,0x10f9f9e9,0x6020204,0x817f7ffe,
- 0xf05050a0,0x443c3c78,0xba9f9f25,0xe3a8a84b,0xf35151a2,0xfea3a35d,
- 0xc0404080,0x8a8f8f05,0xad92923f,0xbc9d9d21,0x48383870,0x4f5f5f1,
- 0xdfbcbc63,0xc1b6b677,0x75dadaaf,0x63212142,0x30101020,0x1affffe5,
- 0xef3f3fd,0x6dd2d2bf,0x4ccdcd81,0x140c0c18,0x35131326,0x2fececc3,
- 0xe15f5fbe,0xa2979735,0xcc444488,0x3917172e,0x57c4c493,0xf2a7a755,
- 0x827e7efc,0x473d3d7a,0xac6464c8,0xe75d5dba,0x2b191932,0x957373e6,
- 0xa06060c0,0x98818119,0xd14f4f9e,0x7fdcdca3,0x66222244,0x7e2a2a54,
- 0xab90903b,0x8388880b,0xca46468c,0x29eeeec7,0xd3b8b86b,0x3c141428,
- 0x79dedea7,0xe25e5ebc,0x1d0b0b16,0x76dbdbad,0x3be0e0db,0x56323264,
- 0x4e3a3a74,0x1e0a0a14,0xdb494992,0xa06060c,0x6c242448,0xe45c5cb8,
- 0x5dc2c29f,0x6ed3d3bd,0xefacac43,0xa66262c4,0xa8919139,0xa4959531,
- 0x37e4e4d3,0x8b7979f2,0x32e7e7d5,0x43c8c88b,0x5937376e,0xb76d6dda,
- 0x8c8d8d01,0x64d5d5b1,0xd24e4e9c,0xe0a9a949,0xb46c6cd8,0xfa5656ac,
- 0x7f4f4f3,0x25eaeacf,0xaf6565ca,0x8e7a7af4,0xe9aeae47,0x18080810,
- 0xd5baba6f,0x887878f0,0x6f25254a,0x722e2e5c,0x241c1c38,0xf1a6a657,
- 0xc7b4b473,0x51c6c697,0x23e8e8cb,0x7cdddda1,0x9c7474e8,0x211f1f3e,
- 0xdd4b4b96,0xdcbdbd61,0x868b8b0d,0x858a8a0f,0x907070e0,0x423e3e7c,
- 0xc4b5b571,0xaa6666cc,0xd8484890,0x5030306,0x1f6f6f7,0x120e0e1c,
- 0xa36161c2,0x5f35356a,0xf95757ae,0xd0b9b969,0x91868617,0x58c1c199,
- 0x271d1d3a,0xb99e9e27,0x38e1e1d9,0x13f8f8eb,0xb398982b,0x33111122,
- 0xbb6969d2,0x70d9d9a9,0x898e8e07,0xa7949433,0xb69b9b2d,0x221e1e3c,
- 0x92878715,0x20e9e9c9,0x49cece87,0xff5555aa,0x78282850,0x7adfdfa5,
- 0x8f8c8c03,0xf8a1a159,0x80898909,0x170d0d1a,0xdabfbf65,0x31e6e6d7,
- 0xc6424284,0xb86868d0,0xc3414182,0xb0999929,0x772d2d5a,0x110f0f1e,
- 0xcbb0b07b,0xfc5454a8,0xd6bbbb6d,0x3a16162c};
-
- private static final int[] rtable=
- {0x50a7f451,0x5365417e,0xc3a4171a,0x965e273a,0xcb6bab3b,0xf1459d1f,
- 0xab58faac,0x9303e34b,0x55fa3020,0xf66d76ad,0x9176cc88,0x254c02f5,
- 0xfcd7e54f,0xd7cb2ac5,0x80443526,0x8fa362b5,0x495ab1de,0x671bba25,
- 0x980eea45,0xe1c0fe5d,0x2752fc3,0x12f04c81,0xa397468d,0xc6f9d36b,
- 0xe75f8f03,0x959c9215,0xeb7a6dbf,0xda595295,0x2d83bed4,0xd3217458,
- 0x2969e049,0x44c8c98e,0x6a89c275,0x78798ef4,0x6b3e5899,0xdd71b927,
- 0xb64fe1be,0x17ad88f0,0x66ac20c9,0xb43ace7d,0x184adf63,0x82311ae5,
- 0x60335197,0x457f5362,0xe07764b1,0x84ae6bbb,0x1ca081fe,0x942b08f9,
- 0x58684870,0x19fd458f,0x876cde94,0xb7f87b52,0x23d373ab,0xe2024b72,
- 0x578f1fe3,0x2aab5566,0x728ebb2,0x3c2b52f,0x9a7bc586,0xa50837d3,
- 0xf2872830,0xb2a5bf23,0xba6a0302,0x5c8216ed,0x2b1ccf8a,0x92b479a7,
- 0xf0f207f3,0xa1e2694e,0xcdf4da65,0xd5be0506,0x1f6234d1,0x8afea6c4,
- 0x9d532e34,0xa055f3a2,0x32e18a05,0x75ebf6a4,0x39ec830b,0xaaef6040,
- 0x69f715e,0x51106ebd,0xf98a213e,0x3d06dd96,0xae053edd,0x46bde64d,
- 0xb58d5491,0x55dc471,0x6fd40604,0xff155060,0x24fb9819,0x97e9bdd6,
- 0xcc434089,0x779ed967,0xbd42e8b0,0x888b8907,0x385b19e7,0xdbeec879,
- 0x470a7ca1,0xe90f427c,0xc91e84f8,0x0,0x83868009,0x48ed2b32,
- 0xac70111e,0x4e725a6c,0xfbff0efd,0x5638850f,0x1ed5ae3d,0x27392d36,
- 0x64d90f0a,0x21a65c68,0xd1545b9b,0x3a2e3624,0xb1670a0c,0xfe75793,
- 0xd296eeb4,0x9e919b1b,0x4fc5c080,0xa220dc61,0x694b775a,0x161a121c,
- 0xaba93e2,0xe52aa0c0,0x43e0223c,0x1d171b12,0xb0d090e,0xadc78bf2,
- 0xb9a8b62d,0xc8a91e14,0x8519f157,0x4c0775af,0xbbdd99ee,0xfd607fa3,
- 0x9f2601f7,0xbcf5725c,0xc53b6644,0x347efb5b,0x7629438b,0xdcc623cb,
- 0x68fcedb6,0x63f1e4b8,0xcadc31d7,0x10856342,0x40229713,0x2011c684,
- 0x7d244a85,0xf83dbbd2,0x1132f9ae,0x6da129c7,0x4b2f9e1d,0xf330b2dc,
- 0xec52860d,0xd0e3c177,0x6c16b32b,0x99b970a9,0xfa489411,0x2264e947,
- 0xc48cfca8,0x1a3ff0a0,0xd82c7d56,0xef903322,0xc74e4987,0xc1d138d9,
- 0xfea2ca8c,0x360bd498,0xcf81f5a6,0x28de7aa5,0x268eb7da,0xa4bfad3f,
- 0xe49d3a2c,0xd927850,0x9bcc5f6a,0x62467e54,0xc2138df6,0xe8b8d890,
- 0x5ef7392e,0xf5afc382,0xbe805d9f,0x7c93d069,0xa92dd56f,0xb31225cf,
- 0x3b99acc8,0xa77d1810,0x6e639ce8,0x7bbb3bdb,0x97826cd,0xf418596e,
- 0x1b79aec,0xa89a4f83,0x656e95e6,0x7ee6ffaa,0x8cfbc21,0xe6e815ef,
- 0xd99be7ba,0xce366f4a,0xd4099fea,0xd67cb029,0xafb2a431,0x31233f2a,
- 0x3094a5c6,0xc066a235,0x37bc4e74,0xa6ca82fc,0xb0d090e0,0x15d8a733,
- 0x4a9804f1,0xf7daec41,0xe50cd7f,0x2ff69117,0x8dd64d76,0x4db0ef43,
- 0x544daacc,0xdf0496e4,0xe3b5d19e,0x1b886a4c,0xb81f2cc1,0x7f516546,
- 0x4ea5e9d,0x5d358c01,0x737487fa,0x2e410bfb,0x5a1d67b3,0x52d2db92,
- 0x335610e9,0x1347d66d,0x8c61d79a,0x7a0ca137,0x8e14f859,0x893c13eb,
- 0xee27a9ce,0x35c961b7,0xede51ce1,0x3cb1477a,0x59dfd29c,0x3f73f255,
- 0x79ce1418,0xbf37c773,0xeacdf753,0x5baafd5f,0x146f3ddf,0x86db4478,
- 0x81f3afca,0x3ec468b9,0x2c342438,0x5f40a3c2,0x72c31d16,0xc25e2bc,
- 0x8b493c28,0x41950dff,0x7101a839,0xdeb30c08,0x9ce4b4d8,0x90c15664,
- 0x6184cb7b,0x70b632d5,0x745c6c48,0x4257b8d0};
-
-
-/* Rotates 32-bit word left by 1, 2 or 3 byte */
-
- private static int ROTL8(int x)
- {
- return (((x)<<8)|((x)>>>24));
- }
-
- private static int ROTL16(int x)
- {
- return (((x)<<16)|((x)>>>16));
- }
-
- private static int ROTL24(int x)
- {
- return (((x)<<24)|((x)>>>8));
- }
-
- private static int pack(byte[] b)
- { /* pack bytes into a 32-bit Word */
- return ((((int)b[3])&0xff)<<24)|(((int)b[2]&0xff)<<16)|(((int)b[1]&0xff)<<8)|((int)b[0]&0xff);
- }
-
- private static byte[] unpack(int a)
- { /* unpack bytes from a word */
- byte [] b=new byte[4];
- b[0]=(byte)(a);
- b[1]=(byte)(a>>>8);
- b[2]=(byte)(a>>>16);
- b[3]=(byte)(a>>>24);
- return b;
- }
-
- private static byte bmul(byte x,byte y)
- { /* x.y= AntiLog(Log(x) + Log(y)) */
-
- int ix=((int)x)&0xff;
- int iy=((int)y)&0xff;
- int lx=((int)ltab[ix])&0xff;
- int ly=((int)ltab[iy])&0xff;
- if (x!=0 && y!=0) return ptab[(lx+ly)%255];
- else return (byte)0;
- }
-
- // if (x && y)
-
- private static int SubByte(int a)
- {
- byte [] b=unpack(a);
- b[0]=fbsub[(int)b[0]&0xff];
- b[1]=fbsub[(int)b[1]&0xff];
- b[2]=fbsub[(int)b[2]&0xff];
- b[3]=fbsub[(int)b[3]&0xff];
- return pack(b);
- }
-
- private static byte product(int x,int y)
- { /* dot product of two 4-byte arrays */
- byte [] xb;//=new byte[4];
- byte [] yb;//=new byte[4];
- xb=unpack(x);
- yb=unpack(y);
-
- return (byte)(bmul(xb[0],yb[0])^bmul(xb[1],yb[1])^bmul(xb[2],yb[2])^bmul(xb[3],yb[3]));
- }
-
- private static int InvMixCol(int x)
- { /* matrix Multiplication */
- int y,m;
- byte [] b=new byte[4];
-
- m=pack(InCo);
- b[3]=product(m,x);
- m=ROTL24(m);
- b[2]=product(m,x);
- m=ROTL24(m);
- b[1]=product(m,x);
- m=ROTL24(m);
- b[0]=product(m,x);
- y=pack(b);
- return y;
- }
-
-/* reset cipher */
- public void reset(int m,byte[] iv)
- { /* reset mode, or reset iv */
- mode=m;
- for (int i=0;i<16;i++)
- f[i]=0;
- if (mode!=ECB && iv!=null)
- for (int i=0;i<16;i++)
- f[i]=iv[i];
- }
-
- public byte[] getreg()
- {
- byte [] ir=new byte[16];
- for (int i=0;i<16;i++) ir[i]=f[i];
- return ir;
- }
-
-/* Initialise cipher */
- public void init(int m,byte[] key,byte[] iv)
- { /* Key=16 bytes */
- /* Key Scheduler. Create expanded encryption key */
- int i,j,k,N,nk;
- int [] CipherKey=new int[4];
- byte [] b=new byte[4];
- nk=4;
- reset(m,iv);
- N=44;
-
- for (i=j=0;i<nk;i++,j+=4)
- {
- for (k=0;k<4;k++) b[k]=key[j+k];
- CipherKey[i]=pack(b);
- }
- for (i=0;i<nk;i++) fkey[i]=CipherKey[i];
- for (j=nk,k=0;j<N;j+=nk,k++)
- {
- fkey[j]=fkey[j-nk]^SubByte(ROTL24(fkey[j-1]))^((int)rco[k])&0xff;
- for (i=1;i<nk && (i+j)<N;i++)
- fkey[i+j]=fkey[i+j-nk]^fkey[i+j-1];
- }
-
- /* now for the expanded decrypt key in reverse order */
-
- for (j=0;j<4;j++) rkey[j+N-4]=fkey[j];
- for (i=4;i<N-4;i+=4)
- {
- k=N-4-i;
- for (j=0;j<4;j++) rkey[k+j]=InvMixCol(fkey[i+j]);
- }
- for (j=N-4;j<N;j++) rkey[j-N+4]=fkey[j];
- }
-
-/* Encrypt a single block */
- public void ecb_encrypt(byte[] buff)
- {
- int i,j,k;
- int t;
- byte [] b=new byte[4];
- int [] p=new int[4];
- int [] q=new int[4];
-
- for (i=j=0;i<4;i++,j+=4)
- {
- for (k=0;k<4;k++) b[k]=buff[j+k];
- p[i]=pack(b);
- p[i]^=fkey[i];
- }
-
- k=4;
-
-/* State alternates between p and q */
- for (i=1;i<10;i++)
- {
- q[0]=fkey[k]^ftable[p[0]&0xff]^
- ROTL8(ftable[(p[1]>>>8)&0xff])^
- ROTL16(ftable[(p[2]>>>16)&0xff])^
- ROTL24(ftable[(p[3]>>>24)&0xff]);
- q[1]=fkey[k+1]^ftable[p[1]&0xff]^
- ROTL8(ftable[(p[2]>>>8)&0xff])^
- ROTL16(ftable[(p[3]>>>16)&0xff])^
- ROTL24(ftable[(p[0]>>>24)&0xff]);
- q[2]=fkey[k+2]^ftable[p[2]&0xff]^
- ROTL8(ftable[(p[3]>>>8)&0xff])^
- ROTL16(ftable[(p[0]>>>16)&0xff])^
- ROTL24(ftable[(p[1]>>>24)&0xff]);
- q[3]=fkey[k+3]^ftable[p[3]&0xff]^
- ROTL8(ftable[(p[0]>>>8)&0xff])^
- ROTL16(ftable[(p[1]>>>16)&0xff])^
- ROTL24(ftable[(p[2]>>>24)&0xff]);
-
- k+=4;
- for (j=0;j<4;j++)
- {
- t=p[j]; p[j]=q[j]; q[j]=t;
- }
- }
-
-/* Last Round */
-
- q[0]=fkey[k]^((int)fbsub[p[0]&0xff]&0xff)^
- ROTL8((int)fbsub[(p[1]>>>8)&0xff]&0xff)^
- ROTL16((int)fbsub[(p[2]>>>16)&0xff]&0xff)^
- ROTL24((int)fbsub[(p[3]>>>24)&0xff]&0xff);
-
- q[1]=fkey[k+1]^((int)fbsub[p[1]&0xff]&0xff)^
- ROTL8((int)fbsub[(p[2]>>>8)&0xff]&0xff)^
- ROTL16((int)fbsub[(p[3]>>>16)&0xff]&0xff)^
- ROTL24((int)fbsub[(p[0]>>>24)&0xff]&0xff);
-
- q[2]=fkey[k+2]^((int)fbsub[p[2]&0xff]&0xff)^
- ROTL8((int)fbsub[(p[3]>>>8)&0xff]&0xff)^
- ROTL16((int)fbsub[(p[0]>>>16)&0xff]&0xff)^
- ROTL24((int)fbsub[(p[1]>>>24)&0xff]&0xff);
-
- q[3]=fkey[k+3]^((int)fbsub[(p[3])&0xff]&0xff)^
- ROTL8((int)fbsub[(p[0]>>>8)&0xff]&0xff)^
- ROTL16((int)fbsub[(p[1]>>>16)&0xff]&0xff)^
- ROTL24((int)fbsub[(p[2]>>>24)&0xff]&0xff);
-
- for (i=j=0;i<4;i++,j+=4)
- {
- b=unpack(q[i]);
- for (k=0;k<4;k++) buff[j+k]=b[k];
- }
- }
-
-/* Decrypt a single block */
- public void ecb_decrypt(byte[] buff)
- {
- int i,j,k;
- int t;
- byte [] b=new byte[4];
- int [] p=new int[4];
- int [] q=new int[4];
-
- for (i=j=0;i<4;i++,j+=4)
- {
- for (k=0;k<4;k++) b[k]=buff[j+k];
- p[i]=pack(b);
- p[i]^=rkey[i];
- }
-
- k=4;
-
-/* State alternates between p and q */
- for (i=1;i<10;i++)
- {
- q[0]=rkey[k]^rtable[p[0]&0xff]^
- ROTL8(rtable[(p[3]>>>8)&0xff])^
- ROTL16(rtable[(p[2]>>>16)&0xff])^
- ROTL24(rtable[(p[1]>>>24)&0xff]);
- q[1]=rkey[k+1]^rtable[p[1]&0xff]^
- ROTL8(rtable[(p[0]>>>8)&0xff])^
- ROTL16(rtable[(p[3]>>>16)&0xff])^
- ROTL24(rtable[(p[2]>>>24)&0xff]);
- q[2]=rkey[k+2]^rtable[p[2]&0xff]^
- ROTL8(rtable[(p[1]>>>8)&0xff])^
- ROTL16(rtable[(p[0]>>>16)&0xff])^
- ROTL24(rtable[(p[3]>>>24)&0xff]);
- q[3]=rkey[k+3]^rtable[p[3]&0xff]^
- ROTL8(rtable[(p[2]>>>8)&0xff])^
- ROTL16(rtable[(p[1]>>>16)&0xff])^
- ROTL24(rtable[(p[0]>>>24)&0xff]);
-
- k+=4;
- for (j=0;j<4;j++)
- {
- t=p[j]; p[j]=q[j]; q[j]=t;
- }
- }
-
-/* Last Round */
-
- q[0]=rkey[k]^((int)rbsub[p[0]&0xff]&0xff)^
- ROTL8((int)rbsub[(p[3]>>>8)&0xff]&0xff)^
- ROTL16((int)rbsub[(p[2]>>>16)&0xff]&0xff)^
- ROTL24((int)rbsub[(p[1]>>>24)&0xff]&0xff);
- q[1]=rkey[k+1]^((int)rbsub[p[1]&0xff]&0xff)^
- ROTL8((int)rbsub[(p[0]>>>8)&0xff]&0xff)^
- ROTL16((int)rbsub[(p[3]>>>16)&0xff]&0xff)^
- ROTL24((int)rbsub[(p[2]>>>24)&0xff]&0xff);
- q[2]=rkey[k+2]^((int)rbsub[p[2]&0xff]&0xff)^
- ROTL8((int)rbsub[(p[1]>>>8)&0xff]&0xff)^
- ROTL16((int)rbsub[(p[0]>>>16)&0xff]&0xff)^
- ROTL24((int)rbsub[(p[3]>>>24)&0xff]&0xff);
- q[3]=rkey[k+3]^((int)rbsub[p[3]&0xff]&0xff)^
- ROTL8((int)rbsub[(p[2]>>>8)&0xff]&0xff)^
- ROTL16((int)rbsub[(p[1]>>>16)&0xff]&0xff)^
- ROTL24((int)rbsub[(p[0]>>>24)&0xff]&0xff);
-
- for (i=j=0;i<4;i++,j+=4)
- {
- b=unpack(q[i]);
- for (k=0;k<4;k++) buff[j+k]=b[k];
- }
-
- }
-
-/* Encrypt using selected mode of operation */
- public int encrypt(byte[] buff)
- {
- int j,bytes;
- byte[] st=new byte[16];
- int fell_off;
-
-// Supported Modes of Operation
-
- fell_off=0;
- switch (mode)
- {
- case ECB:
- ecb_encrypt(buff);
- return 0;
- case CBC:
- for (j=0;j<16;j++) buff[j]^=f[j];
- ecb_encrypt(buff);
- for (j=0;j<16;j++) f[j]=buff[j];
- return 0;
-
- case CFB1:
- case CFB2:
- case CFB4:
- bytes=mode-CFB1+1;
- for (j=0;j<bytes;j++) fell_off=(fell_off<<8)|f[j];
- for (j=0;j<16;j++) st[j]=f[j];
- for (j=bytes;j<16;j++) f[j-bytes]=f[j];
- ecb_encrypt(st);
- for (j=0;j<bytes;j++)
- {
- buff[j]^=st[j];
- f[16-bytes+j]=buff[j];
- }
- return fell_off;
-
- case OFB1:
- case OFB2:
- case OFB4:
- case OFB8:
- case OFB16:
-
- bytes=mode-OFB1+1;
- ecb_encrypt(f);
- for (j=0;j<bytes;j++) buff[j]^=f[j];
- return 0;
-
- default:
- return 0;
- }
- }
-
-/* Decrypt using selected mode of operation */
- public int decrypt(byte[] buff)
- {
- int j,bytes;
- byte[] st=new byte[16];
- int fell_off;
-
- // Supported modes of operation
- fell_off=0;
- switch (mode)
- {
- case ECB:
- ecb_decrypt(buff);
- return 0;
- case CBC:
- for (j=0;j<16;j++)
- {
- st[j]=f[j];
- f[j]=buff[j];
- }
- ecb_decrypt(buff);
- for (j=0;j<16;j++)
- {
- buff[j]^=st[j];
- st[j]=0;
- }
- return 0;
- case CFB1:
- case CFB2:
- case CFB4:
- bytes=mode-CFB1+1;
- for (j=0;j<bytes;j++) fell_off=(fell_off<<8)|f[j];
- for (j=0;j<16;j++) st[j]=f[j];
- for (j=bytes;j<16;j++) f[j-bytes]=f[j];
- ecb_encrypt(st);
- for (j=0;j<bytes;j++)
- {
- f[16-bytes+j]=buff[j];
- buff[j]^=st[j];
- }
- return fell_off;
- case OFB1:
- case OFB2:
- case OFB4:
- case OFB8:
- case OFB16:
- bytes=mode-OFB1+1;
- ecb_encrypt(f);
- for (j=0;j<bytes;j++) buff[j]^=f[j];
- return 0;
-
-
- default:
- return 0;
- }
- }
-
-/* Clean up and delete left-overs */
- public void end()
- { // clean up
- int i;
- for (i=0;i<44;i++)
- fkey[i]=rkey[i]=0;
- for (i=0;i<16;i++)
- f[i]=0;
- }
-/*
- public static void main(String[] args) {
- int i;
-
- byte[] key=new byte[16];
- byte[] block=new byte[16];
- byte[] iv=new byte[16];
-
- for (i=0;i<16;i++) key[i]=0;
- key[0]=1;
- for (i=0;i<16;i++) iv[i]=(byte)i;
- for (i=0;i<16;i++) block[i]=(byte)i;
-
- AES a=new AES();
-
- a.init(CBC,key,iv);
- System.out.println("Plain= ");
- for (i=0;i<16;i++) System.out.format("%02X ", block[i]&0xff);
- System.out.println("");
-
- a.encrypt(block);
-
- System.out.println("Encrypt= ");
- for (i=0;i<16;i++) System.out.format("%02X ", block[i]&0xff);
- System.out.println("");
-
- a.reset(CBC,iv);
- a.decrypt(block);
-
- System.out.println("Decrypt= ");
- for (i=0;i<16;i++) System.out.format("%02X ", block[i]&0xff);
- System.out.println("");
-
- a.end();
-
- } */
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/BIG.java
----------------------------------------------------------------------
diff --git a/java64/BIG.java b/java64/BIG.java
deleted file mode 100755
index 737fd1a..0000000
--- a/java64/BIG.java
+++ /dev/null
@@ -1,902 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL BIG number class */
-
-public class BIG {
- private long[] w=new long[ROM.NLEN];
-/* Constructors */
- public BIG()
- {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]=0;
- }
-
- public BIG(int x)
- {
- w[0]=x;
- for (int i=1;i<ROM.NLEN;i++)
- w[i]=0;
- }
-
- public BIG(BIG x)
- {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]=x.w[i];
- }
-
- public BIG(DBIG x)
- {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]=x.w[i];
- }
-
- public BIG(long[] x)
- {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]=x[i];
- }
-
- public long get(int i)
- {
- return w[i];
- }
-
- public void set(int i,long x)
- {
- w[i]=x;
- }
-
- public void xortop(long x)
- {
- w[ROM.NLEN-1]^=x;
- }
-
- public void ortop(long x)
- {
- w[ROM.NLEN-1]|=x;
- }
-
-/* calculate Field Excess */
- public static long EXCESS(BIG a)
- {
- return ((a.w[ROM.NLEN-1]&ROM.OMASK)>>(ROM.MODBITS%ROM.BASEBITS));
- }
-
-/* test for zero */
- public boolean iszilch() {
- for (int i=0;i<ROM.NLEN;i++)
- if (w[i]!=0) return false;
- return true;
- }
-
-/* set to zero */
- public void zero()
- {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]=0;
- }
-
-/* set to one */
- public void one()
- {
- w[0]=1;
- for (int i=1;i<ROM.NLEN;i++)
- w[i]=0;
- }
-
-/* Test for equal to one */
- public boolean isunity()
- {
- for (int i=1;i<ROM.NLEN;i++)
- if (w[i]!=0) return false;
- if (w[0]!=1) return false;
- return true;
- }
-
-/* Copy from another BIG */
- public void copy(BIG x)
- {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]=x.w[i];
- }
-
- public void copy(DBIG x)
- {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]=x.w[i];
- }
-
-/* Conditional swap of two bigs depending on d using XOR - no branches */
- public void cswap(BIG b,int d)
- {
- int i;
- long t,c=(long)d;
- c=~(c-1);
-
- for (i=0;i<ROM.NLEN;i++)
- {
- t=c&(w[i]^b.w[i]);
- w[i]^=t;
- b.w[i]^=t;
- }
- }
-
- public void cmove(BIG g,int d)
- {
- int i;
- long t,b=-d;
-
- for (i=0;i<ROM.NLEN;i++)
- {
- w[i]^=(w[i]^g.w[i])&b;
- }
- }
-
-
-/* normalise BIG - force all digits < 2^BASEBITS */
- public long norm() {
- long d,carry=0;
- for (int i=0;i<ROM.NLEN-1;i++)
- {
- d=w[i]+carry;
- w[i]=d&ROM.MASK;
- carry=d>>ROM.BASEBITS;
- }
- w[ROM.NLEN-1]=(w[ROM.NLEN-1]+carry);
- return (w[ROM.NLEN-1]>>((8*ROM.MODBYTES)%ROM.BASEBITS));
- }
-
-/* Shift right by less than a word */
- public long fshr(int k) {
- long r=w[0]&(((long)1<<k)-1); /* shifted out part */
- for (int i=0;i<ROM.NLEN-1;i++)
- w[i]=(w[i]>>k)|((w[i+1]<<(ROM.BASEBITS-k))&ROM.MASK);
- w[ROM.NLEN-1]=w[ROM.NLEN-1]>>k;
- return r;
- }
-
-/* general shift right */
- public void shr(int k) {
- int n=k%ROM.BASEBITS;
- int m=k/ROM.BASEBITS;
- for (int i=0;i<ROM.NLEN-m-1;i++)
- w[i]=(w[m+i]>>n)|((w[m+i+1]<<(ROM.BASEBITS-n))&ROM.MASK);
- w[ROM.NLEN-m-1]=w[ROM.NLEN-1]>>n;
- for (int i=ROM.NLEN-m;i<ROM.NLEN;i++) w[i]=0;
- }
-
-/* Shift right by less than a word */
- public long fshl(int k) {
- w[ROM.NLEN-1]=((w[ROM.NLEN-1]<<k))|(w[ROM.NLEN-2]>>(ROM.BASEBITS-k));
- for (int i=ROM.NLEN-2;i>0;i--)
- w[i]=((w[i]<<k)&ROM.MASK)|(w[i-1]>>(ROM.BASEBITS-k));
- w[0]=(w[0]<<k)&ROM.MASK;
- return (w[ROM.NLEN-1]>>((8*ROM.MODBYTES)%ROM.BASEBITS)); /* return excess - only used in ff.c */
- }
-
-/* general shift left */
- public void shl(int k) {
- int n=k%ROM.BASEBITS;
- int m=k/ROM.BASEBITS;
-
- w[ROM.NLEN-1]=((w[ROM.NLEN-1-m]<<n))|(w[ROM.NLEN-m-2]>>(ROM.BASEBITS-n));
- for (int i=ROM.NLEN-2;i>m;i--)
- w[i]=((w[i-m]<<n)&ROM.MASK)|(w[i-m-1]>>(ROM.BASEBITS-n));
- w[m]=(w[0]<<n)&ROM.MASK;
- for (int i=0;i<m;i++) w[i]=0;
- }
-
-/* return number of bits */
- public int nbits() {
- int bts,k=ROM.NLEN-1;
- long c;
- norm();
- while (k>=0 && w[k]==0) k--;
- if (k<0) return 0;
- bts=ROM.BASEBITS*k;
- c=w[k];
- while (c!=0) {c/=2; bts++;}
- return bts;
- }
-
- public String toRawString()
- {
- BIG b=new BIG(this);
- String s="(";
- for (int i=0;i<ROM.NLEN-1;i++)
- {
- s+=Long.toHexString(b.w[i]); s+=",";
- }
- s+=Long.toHexString(b.w[ROM.NLEN-1]); s+=")";
- return s;
- }
-
-/* Convert to Hex String */
- public String toString() {
- BIG b;
- String s="";
- int len=nbits();
-
- if (len%4==0) len/=4;
- else {len/=4; len++;}
- if (len<ROM.MODBYTES*2) len=ROM.MODBYTES*2;
-
- for (int i=len-1;i>=0;i--)
- {
- b=new BIG(this);
- b.shr(i*4);
- s+=Long.toHexString(b.w[0]&15);
- }
- return s;
- }
-
-/* return this+x */
- public BIG plus(BIG x) {
- BIG s=new BIG(0);
- for (int i=0;i<ROM.NLEN;i++)
- s.w[i]=w[i]+x.w[i];
- return s;
- }
-
-/* this+=x */
- public void add(BIG x) {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]+=x.w[i];
- }
-
-/* this+=x, where x is int */
- public void inc(int x) {
- norm();
- w[0]+=x;
- }
-
-/* return this.x */
- public BIG minus(BIG x) {
- BIG d=new BIG(0);
- for (int i=0;i<ROM.NLEN;i++)
- d.w[i]=w[i]-x.w[i];
- return d;
- }
-
-/* this-=x */
- public void sub(BIG x) {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]-=x.w[i];
- }
-
-/* reverse subtract this=x-this */
- public void rsub(BIG x) {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]=x.w[i]-w[i];
- }
-
-/* this-=x where x is int */
- public void dec(int x) {
- norm();
- w[0]-=(long)x;
- }
-
-/* this*=x, where x is small int<NEXCESS */
- public void imul(int c)
- {
- for (int i=0;i<ROM.NLEN;i++) w[i]*=c;
- }
-
-/* convert this BIG to byte array */
- public void tobytearray(byte[] b,int n)
- {
- norm();
- BIG c=new BIG(this);
-
- for (int i=ROM.MODBYTES-1;i>=0;i--)
- {
- b[i+n]=(byte)c.w[0];
- c.fshr(8);
- }
- }
-
-/* convert from byte array to BIG */
- public static BIG frombytearray(byte[] b,int n)
- {
- BIG m=new BIG(0);
-
- for (int i=0;i<ROM.MODBYTES;i++)
- {
- m.fshl(8); m.w[0]+=(int)b[i+n]&0xff;
- //m.inc((int)b[i]&0xff);
- }
- return m;
- }
-
- public void toBytes(byte[] b)
- {
- tobytearray(b,0);
- }
-
- public static BIG fromBytes(byte[] b)
- {
- return frombytearray(b,0);
- }
-
-
-/* set this[i]+=x*y+c, and return high part */
-
- public long muladd(long a,long b,long c,int i)
- {
- long x0,x1,y0,y1;
- x0=a&ROM.HMASK;
- x1=(a>>ROM.HBITS);
- y0=b&ROM.HMASK;
- y1=(b>>ROM.HBITS);
- long bot=x0*y0;
- long top=x1*y1;
- long mid=x0*y1+x1*y0;
- x0=mid&ROM.HMASK;
- x1=(mid>>ROM.HBITS);
- bot+=x0<<ROM.HBITS; bot+=c; bot+=w[i];
- top+=x1;
- long carry=bot>>ROM.BASEBITS;
- bot&=ROM.MASK;
- top+=carry;
- w[i]=bot;
- return top;
- }
-
-/* this*=x, where x is >NEXCESS */
- public long pmul(int c)
- {
- long ak,carry=0;
- norm();
- for (int i=0;i<ROM.NLEN;i++)
- {
- ak=w[i];
- w[i]=0;
- carry=muladd(ak,(long)c,carry,i);
- }
- return carry;
- }
-
-/* this*=c and catch overflow in DBIG */
- public DBIG pxmul(int c)
- {
- DBIG m=new DBIG(0);
- long carry=0;
- for (int j=0;j<ROM.NLEN;j++)
- carry=m.muladd(w[j],(long)c,carry,j);
- m.w[ROM.NLEN]=carry;
- return m;
- }
-
-/* divide by 3 */
- public int div3()
- {
- long ak,base,carry=0;
- norm();
- base=((long)1<<ROM.BASEBITS);
- for (int i=ROM.NLEN-1;i>=0;i--)
- {
- ak=(carry*base+w[i]);
- w[i]=ak/3;
- carry=ak%3;
- }
- return (int)carry;
- }
-
-/* return a*b where result fits in a BIG */
- public static BIG smul(BIG a,BIG b)
- {
- long carry;
- BIG c=new BIG(0);
- for (int i=0;i<ROM.NLEN;i++)
- {
- carry=0;
- for (int j=0;j<ROM.NLEN;j++)
- if (i+j<ROM.NLEN) carry=c.muladd(a.w[i],b.w[j],carry,i+j);
- }
- return c;
- }
-
-/* Compare a and b, return 0 if a==b, -1 if a<b, +1 if a>b. Inputs must be normalised */
- public static int comp(BIG a,BIG b)
- {
- for (int i=ROM.NLEN-1;i>=0;i--)
- {
- if (a.w[i]==b.w[i]) continue;
- if (a.w[i]>b.w[i]) return 1;
- else return -1;
- }
- return 0;
- }
-
-/* set x = x mod 2^m */
- public void mod2m(int m)
- {
- int i,wd,bt;
- long msk;
-
- wd=m/ROM.BASEBITS;
- bt=m%ROM.BASEBITS;
- msk=((long)1<<bt)-1;
- w[wd]&=msk;
- for (i=wd+1;i<ROM.NLEN;i++) w[i]=0;
- }
-
-/* Arazi and Qi inversion mod 256 */
- public static int invmod256(int a)
- {
- int U,t1,t2,b,c;
- t1=0;
- c=(a>>1)&1;
- t1+=c;
- t1&=1;
- t1=2-t1;
- t1<<=1;
- U=t1+1;
-
-// i=2
- b=a&3;
- t1=U*b; t1>>=2;
- c=(a>>2)&3;
- t2=(U*c)&3;
- t1+=t2;
- t1*=U; t1&=3;
- t1=4-t1;
- t1<<=2;
- U+=t1;
-
-// i=4
- b=a&15;
- t1=U*b; t1>>=4;
- c=(a>>4)&15;
- t2=(U*c)&15;
- t1+=t2;
- t1*=U; t1&=15;
- t1=16-t1;
- t1<<=4;
- U+=t1;
-
- return U;
- }
-
-/* a=1/a mod 2^256. This is very fast! */
- public void invmod2m()
- {
- int i;
- BIG U=new BIG(0);
- BIG b=new BIG(0);
- BIG c=new BIG(0);;
-
- U.inc(invmod256(lastbits(8)));
-
- for (i=8;i<256;i<<=1)
- {
- b.copy(this); b.mod2m(i);
- BIG t1=BIG.smul(U,b); t1.shr(i);
- c.copy(this); c.shr(i); c.mod2m(i);
-
- BIG t2=BIG.smul(U,c); t2.mod2m(i);
- t1.add(t2);
- b=BIG.smul(t1,U); t1.copy(b);
- t1.mod2m(i);
-
- t2.one(); t2.shl(i); t1.rsub(t2); t1.norm();
- t1.shl(i);
- U.add(t1);
- }
- this.copy(U);
- }
-
-/* reduce this mod m */
- public void mod(BIG m)
- {
- int k=0;
-
- norm();
- if (comp(this,m)<0) return;
- do
- {
- m.fshl(1);
- k++;
- } while (comp(this,m)>=0);
-
- while (k>0)
- {
- m.fshr(1);
- if (comp(this,m)>=0)
- {
- sub(m);
- norm();
- }
- k--;
- }
- }
-
-/* divide this by m */
- public void div(BIG m)
- {
- int k=0;
- norm();
- BIG e=new BIG(1);
- BIG b=new BIG(this);
- zero();
-
- while (comp(b,m)>=0)
- {
- e.fshl(1);
- m.fshl(1);
- k++;
- }
-
- while (k>0)
- {
- m.fshr(1);
- e.fshr(1);
- if (comp(b,m)>=0)
- {
- add(e);
- norm();
- b.sub(m);
- b.norm();
- }
- k--;
- }
- }
-
-/* return parity */
- public int parity()
- {
- return (int)(w[0]%2);
- }
-
-/* return n-th bit */
- public int bit(int n)
- {
- if ((w[n/ROM.BASEBITS]&((long)1<<(n%ROM.BASEBITS)))>0) return 1;
- else return 0;
- }
-
-/* return n last bits */
- public int lastbits(int n)
- {
- int msk=(1<<n)-1;
- norm();
- return ((int)w[0])&msk;
- }
-
-/* get 8*MODBYTES size random number */
- public static BIG random(RAND rng)
- {
- BIG m=new BIG(0);
- int i,b,j=0,r=0;
-
-/* generate random BIG */
- for (i=0;i<8*ROM.MODBYTES;i++)
- {
- if (j==0) r=rng.getByte();
- else r>>=1;
-
- b=r&1;
- m.shl(1); m.w[0]+=b;// m.inc(b);
- j++; j&=7;
- }
- return m;
- }
-
-/* Create random BIG in portable way, one bit at a time */
- public static BIG randomnum(BIG q,RAND rng)
- {
- DBIG d=new DBIG(0);
- int i,b,j=0,r=0;
- for (i=0;i<2*ROM.MODBITS;i++)
- {
- if (j==0) r=rng.getByte();
- else r>>=1;
-
- b=r&1;
- d.shl(1); d.w[0]+=b;// m.inc(b);
- j++; j&=7;
- }
- BIG m=d.mod(q);
- return m;
- }
-
-/* return NAF value as +/- 1, 3 or 5. x and x3 should be normed.
-nbs is number of bits processed, and nzs is number of trailing 0s detected */
- public static int[] nafbits(BIG x,BIG x3,int i)
- {
- int[] n=new int[3];
- int nb=x3.bit(i)-x.bit(i);
- int j;
- n[1]=1;
- n[0]=0;
- if (nb==0) {n[0]=0; return n;}
- if (i==0) {n[0]=nb; return n;}
- if (nb>0) n[0]=1;
- else n[0]=(-1);
-
- for (j=i-1;j>0;j--)
- {
- n[1]++;
- n[0]*=2;
- nb=x3.bit(j)-x.bit(j);
- if (nb>0) n[0]+=1;
- if (nb<0) n[0]-=1;
- if (n[0]>5 || n[0]<-5) break;
- }
-
- if (n[0]%2!=0 && j!=0)
- { /* backtrack */
- if (nb>0) n[0]=(n[0]-1)/2;
- if (nb<0) n[0]=(n[0]+1)/2;
- n[1]--;
- }
- while (n[0]%2==0)
- { /* remove trailing zeros */
- n[0]/=2;
- n[2]++;
- n[1]--;
- }
- return n;
- }
-
-/* return a*b as DBIG */
- public static DBIG mul(BIG a,BIG b)
- {
- DBIG c=new DBIG(0);
- long carry;
- a.norm();
- b.norm();
-
- for (int i=0;i<ROM.NLEN;i++)
- {
- carry=0;
- for (int j=0;j<ROM.NLEN;j++)
- carry=c.muladd(a.w[i],b.w[j],carry,i+j);
- c.w[ROM.NLEN+i]=carry;
- }
-
- return c;
- }
-
-/* return a^2 as DBIG */
- public static DBIG sqr(BIG a)
- {
- DBIG c=new DBIG(0);
- long carry;
- a.norm();
- for (int i=0;i<ROM.NLEN;i++)
- {
- carry=0;
- for (int j=i+1;j<ROM.NLEN;j++)
- carry=c.muladd(2*a.w[i],a.w[j],carry,i+j);
- c.w[ROM.NLEN+i]=carry;
- }
-
- for (int i=0;i<ROM.NLEN;i++)
- c.w[2*i+1]+=c.muladd(a.w[i],a.w[i],0,2*i);
-
- c.norm();
- return c;
- }
-
-/* reduce a DBIG to a BIG using the appropriate form of the modulus */
- public static BIG mod(DBIG d)
- {
- BIG b;
- if (ROM.MODTYPE==ROM.PSEUDO_MERSENNE)
- {
- long v,tw;
- BIG t=d.split(ROM.MODBITS);
- b=new BIG(d);
-
- v=t.pmul((int)ROM.MConst);
- tw=t.w[ROM.NLEN-1];
- t.w[ROM.NLEN-1]&=ROM.TMASK;
- t.w[0]+=(ROM.MConst*((tw>>ROM.TBITS)+(v<<(ROM.BASEBITS-ROM.TBITS))));
-
- b.add(t);
- b.norm();
- }
- if (ROM.MODTYPE==ROM.MONTGOMERY_FRIENDLY)
- {
- for (int i=0;i<ROM.NLEN;i++)
- d.w[ROM.NLEN+i]+=d.muladd(d.w[i],ROM.MConst-1,d.w[i],ROM.NLEN+i-1);
-
- b=new BIG(0);
-
- for (int i=0;i<ROM.NLEN;i++ )
- b.w[i]=d.w[ROM.NLEN+i];
- b.norm();
- }
-
- if (ROM.MODTYPE==ROM.NOT_SPECIAL)
- {
- BIG md=new BIG(ROM.Modulus);
- long m,carry;
- for (int i=0;i<ROM.NLEN;i++)
- {
- if (ROM.MConst==-1) m=(-d.w[i])&ROM.MASK;
- else
- {
- if (ROM.MConst==1) m=d.w[i];
- else m=(ROM.MConst*d.w[i])&ROM.MASK;
- }
-
- carry=0;
- for (int j=0;j<ROM.NLEN;j++)
- carry=d.muladd(m,md.w[j],carry,i+j);
- d.w[ROM.NLEN+i]+=carry;
- }
-
- b=new BIG(0);
- for (int i=0;i<ROM.NLEN;i++ )
- b.w[i]=d.w[ROM.NLEN+i];
- b.norm();
- }
-
- return b;
- }
-
-/* return a*b mod m */
- public static BIG modmul(BIG a,BIG b,BIG m)
- {
- a.mod(m);
- b.mod(m);
- DBIG d=mul(a,b);
- return d.mod(m);
- }
-
-/* return a^2 mod m */
- public static BIG modsqr(BIG a,BIG m)
- {
- a.mod(m);
- DBIG d=sqr(a);
- return d.mod(m);
- }
-
-/* return -a mod m */
- public static BIG modneg(BIG a,BIG m)
- {
- a.mod(m);
- return m.minus(a);
- }
-
-/* return this^e mod m */
- public BIG powmod(BIG e,BIG m)
- {
- int bt;
- norm();
- e.norm();
- BIG a=new BIG(1);
- BIG z=new BIG(e);
- BIG s=new BIG(this);
- while (true)
- {
- bt=z.parity();
- z.fshr(1);
- if (bt==1) a=modmul(a,s,m);
- if (z.iszilch()) break;
- s=modsqr(s,m);
- }
- return a;
- }
-
-/* Jacobi Symbol (this/p). Returns 0, 1 or -1 */
- public int jacobi(BIG p)
- {
- int n8,k,m=0;
- BIG t=new BIG(0);
- BIG x=new BIG(0);
- BIG n=new BIG(0);
- BIG zilch=new BIG(0);
- BIG one=new BIG(1);
- if (p.parity()==0 || comp(this,zilch)==0 || comp(p,one)<=0) return 0;
- norm();
- x.copy(this);
- n.copy(p);
- x.mod(p);
-
- while (comp(n,one)>0)
- {
- if (comp(x,zilch)==0) return 0;
- n8=n.lastbits(3);
- k=0;
- while (x.parity()==0)
- {
- k++;
- x.shr(1);
- }
- if (k%2==1) m+=(n8*n8-1)/8;
- m+=(n8-1)*(x.lastbits(2)-1)/4;
- t.copy(n);
- t.mod(x);
- n.copy(x);
- x.copy(t);
- m%=2;
-
- }
- if (m==0) return 1;
- else return -1;
- }
-
-/* this=1/this mod p. Binary method */
- public void invmodp(BIG p)
- {
- mod(p);
- BIG u=new BIG(this);
-
- BIG v=new BIG(p);
- BIG x1=new BIG(1);
- BIG x2=new BIG(0);
- BIG t=new BIG(0);
- BIG one=new BIG(1);
- while (comp(u,one)!=0 && comp(v,one)!=0)
- {
- while (u.parity()==0)
- {
- u.shr(1);
- if (x1.parity()!=0)
- {
- x1.add(p);
- x1.norm();
- }
- x1.shr(1);
- }
- while (v.parity()==0)
- {
- v.shr(1);
- if (x2.parity()!=0)
- {
- x2.add(p);
- x2.norm();
- }
- x2.shr(1);
- }
- if (comp(u,v)>=0)
- {
- u.sub(v);
- u.norm();
- if (comp(x1,x2)>=0) x1.sub(x2);
- else
- {
- t.copy(p);
- t.sub(x2);
- x1.add(t);
- }
- x1.norm();
- }
- else
- {
- v.sub(u);
- v.norm();
- if (comp(x2,x1)>=0) x2.sub(x1);
- else
- {
- t.copy(p);
- t.sub(x1);
- x2.add(t);
- }
- x2.norm();
- }
- }
- if (comp(u,one)==0) copy(x1);
- else copy(x2);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/DBIG.java
----------------------------------------------------------------------
diff --git a/java64/DBIG.java b/java64/DBIG.java
deleted file mode 100755
index 02e64ef..0000000
--- a/java64/DBIG.java
+++ /dev/null
@@ -1,307 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL double length DBIG number class */
-
-public class DBIG {
- protected long[] w=new long[ROM.DNLEN];
-
-/* Constructors */
- public DBIG(int x)
- {
- w[0]=x;
- for (int i=1;i<ROM.DNLEN;i++)
- w[i]=0;
- }
-
- public DBIG(DBIG x)
- {
- for (int i=0;i<ROM.DNLEN;i++)
- w[i]=x.w[i];
- }
-
- public DBIG(BIG x)
- {
- for (int i=0;i<ROM.NLEN-1;i++)
- w[i]=x.get(i);
-
- w[ROM.NLEN-1]=x.get(ROM.NLEN-1)&ROM.MASK; /* top word normalized */
- w[ROM.NLEN]=x.get(ROM.NLEN-1)>>ROM.BASEBITS;
-
- for (int i=ROM.NLEN+1;i<ROM.DNLEN;i++) w[i]=0;
- }
-
-/* get and set digits of this */
- public long get(int i)
- {
- return w[i];
- }
-
- public void set(int i,long x)
- {
- w[i]=x;
- }
-
- public void inc(int i,long x)
- {
- w[i]+=x;
- }
-
-/* test this=0? */
- public boolean iszilch() {
- for (int i=0;i<ROM.DNLEN;i++)
- if (w[i]!=0) return false;
- return true;
- }
-
-/* normalise this */
- public void norm() {
- long d,carry=0;
- for (int i=0;i<ROM.DNLEN-1;i++)
- {
- d=w[i]+carry;
- w[i]=d&ROM.MASK;
- carry=d>>ROM.BASEBITS;
- }
- w[ROM.DNLEN-1]=(w[ROM.DNLEN-1]+carry);
- }
-
-/* shift this right by k bits */
- public void shr(int k) {
- int n=k%ROM.BASEBITS;
- int m=k/ROM.BASEBITS;
- for (int i=0;i<ROM.DNLEN-m-1;i++)
- w[i]=(w[m+i]>>n)|((w[m+i+1]<<(ROM.BASEBITS-n))&ROM.MASK);
- w[ROM.DNLEN-m-1]=w[ROM.DNLEN-1]>>n;
- for (int i=ROM.DNLEN-m;i<ROM.DNLEN;i++) w[i]=0;
- }
-
-/* shift this left by k bits */
- public void shl(int k) {
- int n=k%ROM.BASEBITS;
- int m=k/ROM.BASEBITS;
-
- w[ROM.DNLEN-1]=((w[ROM.DNLEN-1-m]<<n))|(w[ROM.DNLEN-m-2]>>(ROM.BASEBITS-n));
- for (int i=ROM.DNLEN-2;i>m;i--)
- w[i]=((w[i-m]<<n)&ROM.MASK)|(w[i-m-1]>>(ROM.BASEBITS-n));
- w[m]=(w[0]<<n)&ROM.MASK;
- for (int i=0;i<m;i++) w[i]=0;
- }
-
-/* return number of bits in this */
- public int nbits() {
- int bts,k=ROM.DNLEN-1;
- long c;
- norm();
- while (w[k]==0 && k>=0) k--;
- if (k<0) return 0;
- bts=ROM.BASEBITS*k;
- c=w[k];
- while (c!=0) {c/=2; bts++;}
- return bts;
- }
-
-/* convert this to string */
- public String toString() {
- DBIG b;
- String s="";
- int len=nbits();
- if (len%4==0) len>>=2; //len/=4;
- else {len>>=2; len++;}
-
- for (int i=len-1;i>=0;i--)
- {
- b=new DBIG(this);
- b.shr(i*4);
- s+=Long.toHexString(b.w[0]&15);
- }
- return s;
- }
-
-/* return this+x */
-/*
- public DBIG plus(DBIG x) {
- DBIG s=new DBIG(0);
- for (int i=0;i<ROM.DNLEN;i++)
- s.w[i]=w[i]+x.w[i];
- return s;
- }
-*/
-/* return this-x */
-/*
- public DBIG minus(DBIG x) {
- DBIG d=new DBIG(0);
- for (int i=0;i<ROM.DNLEN;i++)
- d.w[i]=w[i]-x.w[i];
- return d;
- }
-*/
-/* this+=x */
- public void add(DBIG x) {
- for (int i=0;i<ROM.DNLEN;i++)
- w[i]+=x.w[i];
- }
-
-/* this-=x */
- public void sub(DBIG x) {
- for (int i=0;i<ROM.DNLEN;i++)
- w[i]-=x.w[i];
- }
-
-/* set this[i]+=x*y+c, and return high part */
-/* This is time critical */
-/* What if you knew the bottom half in advance ?? */
- public long muladd(long a,long b,long c,int i)
- {
- long x0,x1,y0,y1;
- x0=a&ROM.HMASK;
- x1=(a>>ROM.HBITS);
- y0=b&ROM.HMASK;
- y1=(b>>ROM.HBITS);
- long bot=x0*y0;
- long top=x1*y1;
- long mid=x0*y1+x1*y0;
- x0=mid&ROM.HMASK;
- x1=(mid>>ROM.HBITS);
- bot+=x0<<ROM.HBITS; bot+=c; bot+=w[i];
- top+=x1;
- long carry=bot>>ROM.BASEBITS;
- bot&=ROM.MASK;
- top+=carry;
- w[i]=bot;
- return top;
- }
-
-/* Compare a and b, return 0 if a==b, -1 if a<b, +1 if a>b. Inputs must be normalised */
- public static int comp(DBIG a,DBIG b)
- {
- for (int i=ROM.DNLEN-1;i>=0;i--)
- {
- if (a.w[i]==b.w[i]) continue;
- if (a.w[i]>b.w[i]) return 1;
- else return -1;
- }
- return 0;
- }
-
-/* reduces this DBIG mod a BIG, and returns the BIG */
- public BIG mod(BIG c)
- {
- int k=0;
- norm();
- DBIG m=new DBIG(c);
-
- if (comp(this,m)<0) return new BIG(this);
-
- do
- {
- m.shl(1);
- k++;
- }
- while (comp(this,m)>=0);
-
- while (k>0)
- {
- m.shr(1);
- if (comp(this,m)>=0)
- {
- sub(m);
- norm();
- }
- k--;
- }
- return new BIG(this);
- }
-
-/* reduces this DBIG mod a DBIG in place */
-/* public void mod(DBIG m)
- {
- int k=0;
- if (comp(this,m)<0) return;
-
- do
- {
- m.shl(1);
- k++;
- }
- while (comp(this,m)>=0);
-
- while (k>0)
- {
- m.shr(1);
- if (comp(this,m)>=0)
- {
- sub(m);
- norm();
- }
- k--;
- }
- return;
-
- }*/
-
-/* return this/c */
- public BIG div(BIG c)
- {
- int k=0;
- DBIG m=new DBIG(c);
- BIG a=new BIG(0);
- BIG e=new BIG(1);
- norm();
-
- while (comp(this,m)>=0)
- {
- e.fshl(1);
- m.shl(1);
- k++;
- }
-
- while (k>0)
- {
- m.shr(1);
- e.shr(1);
- if (comp(this,m)>0)
- {
- a.add(e);
- a.norm();
- sub(m);
- norm();
- }
- k--;
- }
- return a;
- }
-
-/* split DBIG at position n, return higher half, keep lower half */
- public BIG split(int n)
- {
- BIG t=new BIG(0);
- int m=n%ROM.BASEBITS;
- long nw,carry=w[ROM.DNLEN-1]<<(ROM.BASEBITS-m);
-
- for (int i=ROM.DNLEN-2;i>=ROM.NLEN-1;i--)
- {
- nw=(w[i]>>m)|carry;
- carry=(w[i]<<(ROM.BASEBITS-m))&ROM.MASK;
- t.set(i-ROM.NLEN+1,nw);
- }
- w[ROM.NLEN-1]&=(((long)1<<m)-1);
- return t;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/ECDH.java
----------------------------------------------------------------------
diff --git a/java64/ECDH.java b/java64/ECDH.java
deleted file mode 100755
index 35a9a18..0000000
--- a/java64/ECDH.java
+++ /dev/null
@@ -1,528 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Elliptic Curve API high-level functions */
-
-public final class ECDH {
- public static final int INVALID_PUBLIC_KEY=-2;
- public static final int ERROR=-3;
- public static final int INVALID=-4;
- public static final int EFS=ROM.MODBYTES;
- public static final int EGS=ROM.MODBYTES;
- public static final int EAS=AES.KS;
- public static final int EBS=AES.BS;
-
-/* Convert Integer to n-byte array */
- private static byte[] inttoBytes(int n,int len)
- {
- int i;
- byte[] b=new byte[len];
-
- for (i=0;i<len;i++) b[i]=0;
- i=len;
- while (n>0 && i>0)
- {
- i--;
- b[i]=(byte)(n&0xff);
- n/=256;
- }
- return b;
- }
-
-/* Key Derivation Functions */
-/* Input octet Z */
-/* Output key of length olen */
- public static byte[] KDF1(byte[] Z,int olen)
- {
-/* NOTE: the parameter olen is the length of the output K in bytes */
- HASH H=new HASH();
- int hlen=HASH.len;
- byte[] K=new byte[olen];
-
- byte[] B;
- int counter,cthreshold,k=0;
-
- for (int i=0;i<K.length;i++) K[i]=0;
-
- cthreshold=olen/hlen; if (olen%hlen!=0) cthreshold++;
-
- for (counter=0;counter<cthreshold;counter++)
- {
- H.process_array(Z); if (counter>0) H.process_num(counter);
- B=H.hash();
- if (k+hlen>olen) for (int i=0;i<olen%hlen;i++) K[k++]=B[i];
- else for (int i=0;i<hlen;i++) K[k++]=B[i];
- }
- return K;
- }
-
- public static byte[] KDF2(byte[] Z,byte[] P,int olen)
- {
-/* NOTE: the parameter olen is the length of the output k in bytes */
- HASH H=new HASH();
- int hlen=HASH.len;
- byte[] K=new byte[olen];
-
- byte[] B=new byte[hlen];
- int counter,cthreshold,k=0;
-
- for (int i=0;i<K.length;i++) K[i]=0;
-
- cthreshold=olen/hlen; if (olen%hlen!=0) cthreshold++;
-
- for (counter=1;counter<=cthreshold;counter++)
- {
- H.process_array(Z); H.process_num(counter); H.process_array(P);
- B=H.hash();
- if (k+hlen>olen) for (int i=0;i<olen%hlen;i++) K[k++]=B[i];
- else for (int i=0;i<hlen;i++) K[k++]=B[i];
- }
- return K;
- }
-
-/* Password based Key Derivation Function */
-/* Input password p, salt s, and repeat count */
-/* Output key of length olen */
- public static byte[] PBKDF2(byte[] Pass,byte[] Salt,int rep,int olen)
- {
- int i,j,k,len,d,opt;
- d=olen/32; if (olen%32!=0) d++;
- byte[] F=new byte[EFS];
- byte[] U=new byte[EFS];
- byte[] S=new byte[Salt.length+4];
-
- byte[] K=new byte[d*EFS];
- opt=0;
-
- for (i=1;i<=d;i++)
- {
- for (j=0;j<Salt.length;j++) S[j]=Salt[j];
- byte[] N=inttoBytes(i,4);
- for (j=0;j<4;j++) S[Salt.length+j]=N[j];
-
- HMAC(S,Pass,F);
-
- for (j=0;j<EFS;j++) U[j]=F[j];
- for (j=2;j<=rep;j++)
- {
- HMAC(U,Pass,U);
- for (k=0;k<EFS;k++) F[k]^=U[k];
- }
- for (j=0;j<EFS;j++) K[opt++]=F[j];
- }
- byte[] key=new byte[olen];
- for (i=0;i<olen;i++) key[i]=K[i];
- return key;
- }
-
-/* Calculate HMAC of m using key k. HMAC is tag of length olen */
- public static int HMAC(byte[] M,byte[] K,byte[] tag)
- {
- /* Input is from an octet m *
- * olen is requested output length in bytes. k is the key *
- * The output is the calculated tag */
- int b;
- byte[] B;
- byte[] K0=new byte[64];
- int olen=tag.length;
-
- b=K0.length;
- if (olen<4 || olen>HASH.len) return 0;
-
- for (int i=0;i<b;i++) K0[i]=0;
-
- HASH H=new HASH();
-
- if (K.length > b)
- {
- H.process_array(K); B=H.hash();
- for (int i=0;i<32;i++) K0[i]=B[i];
- }
- else
- for (int i=0;i<K.length;i++ ) K0[i]=K[i];
-
- for (int i=0;i<b;i++) K0[i]^=0x36;
- H.process_array(K0); H.process_array(M); B=H.hash();
-
- for (int i=0;i<b;i++) K0[i]^=0x6a;
- H.process_array(K0); H.process_array(B); B=H.hash();
-
- for (int i=0;i<olen;i++) tag[i]=B[i];
-
- return 1;
- }
-
-/* AES encryption/decryption. Encrypt byte array M using key K and returns ciphertext */
- public static byte[] AES_CBC_IV0_ENCRYPT(byte[] K,byte[] M)
- { /* AES CBC encryption, with Null IV and key K */
- /* Input is from an octet string M, output is to an octet string C */
- /* Input is padded as necessary to make up a full final block */
- AES a=new AES();
- boolean fin;
- int i,j,ipt,opt;
- byte[] buff=new byte[16];
- int clen=16+(M.length/16)*16;
-
- byte[] C=new byte[clen];
- int padlen;
-
- a.init(AES.CBC,K,null);
-
- ipt=opt=0;
- fin=false;
- for(;;)
- {
- for (i=0;i<16;i++)
- {
- if (ipt<M.length) buff[i]=M[ipt++];
- else {fin=true; break;}
- }
- if (fin) break;
- a.encrypt(buff);
- for (i=0;i<16;i++)
- C[opt++]=buff[i];
- }
-
-/* last block, filled up to i-th index */
-
- padlen=16-i;
- for (j=i;j<16;j++) buff[j]=(byte)padlen;
-
- a.encrypt(buff);
-
- for (i=0;i<16;i++)
- C[opt++]=buff[i];
- a.end();
- return C;
- }
-
-/* returns plaintext if all consistent, else returns null string */
- public static byte[] AES_CBC_IV0_DECRYPT(byte[] K,byte[] C)
- { /* padding is removed */
- AES a=new AES();
- int i,ipt,opt,ch;
- byte[] buff=new byte[16];
- byte[] MM=new byte[C.length];
- boolean fin,bad;
- int padlen;
- ipt=opt=0;
-
- a.init(AES.CBC,K,null);
-
- if (C.length==0) return new byte[0];
- ch=C[ipt++];
-
- fin=false;
-
- for(;;)
- {
- for (i=0;i<16;i++)
- {
- buff[i]=(byte)ch;
- if (ipt>=C.length) {fin=true; break;}
- else ch=C[ipt++];
- }
- a.decrypt(buff);
- if (fin) break;
- for (i=0;i<16;i++)
- MM[opt++]=buff[i];
- }
-
- a.end();
- bad=false;
- padlen=buff[15];
- if (i!=15 || padlen<1 || padlen>16) bad=true;
- if (padlen>=2 && padlen<=16)
- for (i=16-padlen;i<16;i++) if (buff[i]!=padlen) bad=true;
-
- if (!bad) for (i=0;i<16-padlen;i++)
- MM[opt++]=buff[i];
-
- if (bad) return new byte[0];
-
- byte[] M=new byte[opt];
- for (i=0;i<opt;i++) M[i]=MM[i];
-
- return M;
- }
-
-/* Calculate a public/private EC GF(p) key pair W,S where W=S.G mod EC(p),
- * where S is the secret key and W is the public key
- * and G is fixed generator.
- * If RNG is NULL then the private key is provided externally in S
- * otherwise it is generated randomly internally */
- public static int KEY_PAIR_GENERATE(RAND RNG,byte[] S,byte[] W)
- {
- BIG r,gx,gy,s,wx,wy;
- ECP G,WP;
- int res=0;
- byte[] T=new byte[EFS];
-
- gx=new BIG(ROM.CURVE_Gx);
- if (ROM.CURVETYPE!=ROM.MONTGOMERY)
- {
- gy=new BIG(ROM.CURVE_Gy);
- G=new ECP(gx,gy);
- }
- else
- G=new ECP(gx);
-
- r=new BIG(ROM.CURVE_Order);
-
- if (RNG==null)
- {
- s=BIG.fromBytes(S);
- }
- else
- {
- s=BIG.randomnum(r,RNG);
-
- s.toBytes(T);
- for (int i=0;i<EGS;i++) S[i]=T[i];
- }
-
- WP=G.mul(s);
- WP.toBytes(W);
-
- return res;
- }
-
-/* validate public key. Set full=true for fuller check */
- public static int PUBLIC_KEY_VALIDATE(boolean full,byte[] W)
- {
- BIG r;
- ECP WP=ECP.fromBytes(W);
- int res=0;
-
- r=new BIG(ROM.CURVE_Order);
-
- if (WP.is_infinity()) res=INVALID_PUBLIC_KEY;
- if (res==0 && full)
- {
- WP=WP.mul(r);
- if (!WP.is_infinity()) res=INVALID_PUBLIC_KEY;
- }
- return res;
- }
-
-/* IEEE-1363 Diffie-Hellman online calculation Z=S.WD */
- public static int ECPSVDP_DH(byte[] S,byte[] WD,byte[] Z)
- {
- BIG r,s,wx,wy,z;
- int valid;
- ECP W;
- int res=0;
- byte[] T=new byte[EFS];
-
- s=BIG.fromBytes(S);
-
- W=ECP.fromBytes(WD);
- if (W.is_infinity()) res=ERROR;
-
- if (res==0)
- {
- r=new BIG(ROM.CURVE_Order);
- s.mod(r);
- W=W.mul(s);
- if (W.is_infinity()) res=ERROR;
- else
- {
- W.getX().toBytes(T);
- for (int i=0;i<EFS;i++) Z[i]=T[i];
- }
- }
- return res;
- }
-
-/* IEEE ECDSA Signature, C and D are signature on F using private key S */
- public static int ECPSP_DSA(RAND RNG,byte[] S,byte[] F,byte[] C,byte[] D)
- {
- byte[] T=new byte[EFS];
- BIG gx,gy,r,s,f,c,d,u,vx;
- ECP G,V;
-
- HASH H=new HASH();
- H.process_array(F);
- byte[] B=H.hash();
-
- gx=new BIG(ROM.CURVE_Gx);
- gy=new BIG(ROM.CURVE_Gy);
-
- G=new ECP(gx,gy);
- r=new BIG(ROM.CURVE_Order);
-
- s=BIG.fromBytes(S);
- f=BIG.fromBytes(B);
-
- c=new BIG(0);
- d=new BIG(0);
- V=new ECP();
-
- do {
- u=BIG.randomnum(r,RNG);
-
- V.copy(G);
- V=V.mul(u);
- vx=V.getX();
- c.copy(vx);
- c.mod(r);
- if (c.iszilch()) continue;
- u.invmodp(r);
- d.copy(BIG.modmul(s,c,r));
- d.add(f);
- d.copy(BIG.modmul(u,d,r));
- } while (d.iszilch());
-
- c.toBytes(T);
- for (int i=0;i<EFS;i++) C[i]=T[i];
- d.toBytes(T);
- for (int i=0;i<EFS;i++) D[i]=T[i];
- return 0;
- }
-
-/* IEEE1363 ECDSA Signature Verification. Signature C and D on F is verified using public key W */
- public static int ECPVP_DSA(byte[] W,byte[] F, byte[] C,byte[] D)
- {
- BIG r,gx,gy,f,c,d,h2;
- int res=0;
- ECP G,WP,P;
- int valid;
-
- HASH H=new HASH();
- H.process_array(F);
- byte[] B=H.hash();
-
- gx=new BIG(ROM.CURVE_Gx);
- gy=new BIG(ROM.CURVE_Gy);
-
- G=new ECP(gx,gy);
- r=new BIG(ROM.CURVE_Order);
-
- c=BIG.fromBytes(C);
- d=BIG.fromBytes(D);
- f=BIG.fromBytes(B);
-
- if (c.iszilch() || BIG.comp(c,r)>=0 || d.iszilch() || BIG.comp(d,r)>=0)
- res=INVALID;
-
- if (res==0)
- {
- d.invmodp(r);
- f.copy(BIG.modmul(f,d,r));
- h2=BIG.modmul(c,d,r);
-
- WP=ECP.fromBytes(W);
- if (WP.is_infinity()) res=ERROR;
- else
- {
- P=new ECP();
- P.copy(WP);
- P=P.mul2(h2,G,f);
- if (P.is_infinity()) res=INVALID;
- else
- {
- d=P.getX();
- d.mod(r);
- if (BIG.comp(d,c)!=0) res=INVALID;
- }
- }
- }
-
- return res;
- }
-
-/* IEEE1363 ECIES encryption. Encryption of plaintext M uses public key W and produces ciphertext V,C,T */
- public static byte[] ECIES_ENCRYPT(byte[] P1,byte[] P2,RAND RNG,byte[] W,byte[] M,byte[] V,byte[] T)
- {
- int i,len;
-
- byte[] Z=new byte[EFS];
- byte[] VZ=new byte[3*EFS+1];
- byte[] K1=new byte[EAS];
- byte[] K2=new byte[EAS];
- byte[] U=new byte[EGS];
-
- if (KEY_PAIR_GENERATE(RNG,U,V)!=0) return new byte[0];
- if (ECPSVDP_DH(U,W,Z)!=0) return new byte[0];
-
- for (i=0;i<2*EFS+1;i++) VZ[i]=V[i];
- for (i=0;i<EFS;i++) VZ[2*EFS+1+i]=Z[i];
-
-
- byte[] K=KDF2(VZ,P1,EFS);
-
- for (i=0;i<EAS;i++) {K1[i]=K[i]; K2[i]=K[EAS+i];}
-
- byte[] C=AES_CBC_IV0_ENCRYPT(K1,M);
-
- byte[] L2=inttoBytes(P2.length,8);
-
- byte[] AC=new byte[C.length+P2.length+8];
- for (i=0;i<C.length;i++) AC[i]=C[i];
- for (i=0;i<P2.length;i++) AC[C.length+i]=P2[i];
- for (i=0;i<8;i++) AC[C.length+P2.length+i]=L2[i];
-
- HMAC(AC,K2,T);
-
- return C;
- }
-
-/* IEEE1363 ECIES decryption. Decryption of ciphertext V,C,T using private key U outputs plaintext M */
- public static byte[] ECIES_DECRYPT(byte[] P1,byte[] P2,byte[] V,byte[] C,byte[] T,byte[] U)
- {
-
- int i,len;
-
- byte[] Z=new byte[EFS];
- byte[] VZ=new byte[3*EFS+1];
- byte[] K1=new byte[EAS];
- byte[] K2=new byte[EAS];
- byte[] TAG=new byte[T.length];
-
- if (ECPSVDP_DH(U,V,Z)!=0) return new byte[0];
-
- for (i=0;i<2*EFS+1;i++) VZ[i]=V[i];
- for (i=0;i<EFS;i++) VZ[2*EFS+1+i]=Z[i];
-
- byte[] K=KDF2(VZ,P1,EFS);
-
- for (i=0;i<EAS;i++) {K1[i]=K[i]; K2[i]=K[EAS+i];}
-
- byte[] M=AES_CBC_IV0_DECRYPT(K1,C);
-
- if (M.length==0) return M;
-
- byte[] L2=inttoBytes(P2.length,8);
-
- byte[] AC=new byte[C.length+P2.length+8];
-
- for (i=0;i<C.length;i++) AC[i]=C[i];
- for (i=0;i<P2.length;i++) AC[C.length+i]=P2[i];
- for (i=0;i<8;i++) AC[C.length+P2.length+i]=L2[i];
-
- HMAC(AC,K2,TAG);
-
- boolean same=true;
- for (i=0;i<T.length;i++) if (T[i]!=TAG[i]) same=false;
- if (!same) return new byte[0];
-
- return M;
-
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/ECP.java
----------------------------------------------------------------------
diff --git a/java64/ECP.java b/java64/ECP.java
deleted file mode 100755
index 01db5d8..0000000
--- a/java64/ECP.java
+++ /dev/null
@@ -1,929 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Elliptic Curve Point class */
-
-public final class ECP {
- private FP x;
- private FP y;
- private FP z;
- private boolean INF;
-
-/* Constructor - set to O */
- public ECP() {
- INF=true;
- x=new FP(0);
- y=new FP(1);
- z=new FP(1);
- }
-/* test for O point-at-infinity */
- public boolean is_infinity() {
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- x.reduce(); y.reduce(); z.reduce();
- return (x.iszilch() && y.equals(z));
- }
- else return INF;
- }
-/* Conditional swap of P and Q dependant on d */
- private void cswap(ECP Q,int d)
- {
- x.cswap(Q.x,d);
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) y.cswap(Q.y,d);
- z.cswap(Q.z,d);
- if (ROM.CURVETYPE!=ROM.EDWARDS)
- {
- boolean bd;
- if (d==0) bd=false;
- else bd=true;
- bd=bd&(INF^Q.INF);
- INF^=bd;
- Q.INF^=bd;
- }
- }
-
-/* Conditional move of Q to P dependant on d */
- private void cmove(ECP Q,int d)
- {
- x.cmove(Q.x,d);
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) y.cmove(Q.y,d);
- z.cmove(Q.z,d);
- if (ROM.CURVETYPE!=ROM.EDWARDS)
- {
- boolean bd;
- if (d==0) bd=false;
- else bd=true;
- INF^=(INF^Q.INF)&bd;
- }
- }
-
-/* return 1 if b==c, no branching */
- private static int teq(int b,int c)
- {
- int x=b^c;
- x-=1; // if x=0, x now -1
- return ((x>>31)&1);
- }
-
-/* Constant time select from pre-computed table */
- private void select(ECP W[],int b)
- {
- ECP MP=new ECP();
- int m=b>>31;
- int babs=(b^m)-m;
-
- babs=(babs-1)/2;
-
- cmove(W[0],teq(babs,0)); // conditional move
- cmove(W[1],teq(babs,1));
- cmove(W[2],teq(babs,2));
- cmove(W[3],teq(babs,3));
- cmove(W[4],teq(babs,4));
- cmove(W[5],teq(babs,5));
- cmove(W[6],teq(babs,6));
- cmove(W[7],teq(babs,7));
-
- MP.copy(this);
- MP.neg();
- cmove(MP,(int)(m&1));
- }
-
-
-/* Test P == Q */
- public boolean equals(ECP Q) {
- if (is_infinity() && Q.is_infinity()) return true;
- if (is_infinity() || Q.is_infinity()) return false;
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- {
- FP zs2=new FP(z); zs2.sqr();
- FP zo2=new FP(Q.z); zo2.sqr();
- FP zs3=new FP(zs2); zs3.mul(z);
- FP zo3=new FP(zo2); zo3.mul(Q.z);
- zs2.mul(Q.x);
- zo2.mul(x);
- if (!zs2.equals(zo2)) return false;
- zs3.mul(Q.y);
- zo3.mul(y);
- if (!zs3.equals(zo3)) return false;
- }
- else
- {
- FP a=new FP(0);
- FP b=new FP(0);
- a.copy(x); a.mul(Q.z); a.reduce();
- b.copy(Q.x); b.mul(z); b.reduce();
- if (!a.equals(b)) return false;
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- a.copy(y); a.mul(Q.z); a.reduce();
- b.copy(Q.y); b.mul(z); b.reduce();
- if (!a.equals(b)) return false;
- }
- }
- return true;
- }
-
-/* this=P */
- public void copy(ECP P)
- {
- x.copy(P.x);
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) y.copy(P.y);
- z.copy(P.z);
- INF=P.INF;
- }
-/* this=-this */
- public void neg() {
- if (is_infinity()) return;
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- {
- y.neg(); y.reduce();
- }
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- x.neg(); x.reduce();
- }
- return;
- }
-/* set this=O */
- public void inf() {
- INF=true;
- x.zero();
- y.one();
- z.one();
- // y=new FP(1);
- // z=new FP(1);
- }
-
-/* Calculate RHS of curve equation */
- public static FP RHS(FP x) {
- x.norm();
- FP r=new FP(x);
- r.sqr();
-
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- { // x^3+Ax+B
- FP b=new FP(new BIG(ROM.CURVE_B));
- r.mul(x);
- if (ROM.CURVE_A==-3)
- {
- FP cx=new FP(x);
- cx.imul(3);
- cx.neg(); cx.norm();
- r.add(cx);
- }
- r.add(b);
- }
- if (ROM.CURVETYPE==ROM.EDWARDS)
- { // (Ax^2-1)/(Bx^2-1)
- FP b=new FP(new BIG(ROM.CURVE_B));
-
- FP one=new FP(1);
- b.mul(r);
- b.sub(one);
- if (ROM.CURVE_A==-1) r.neg();
- r.sub(one);
-
- b.inverse();
-
- r.mul(b);
- }
- if (ROM.CURVETYPE==ROM.MONTGOMERY)
- { // x^3+Ax^2+x
- FP x3=new FP(0);
- x3.copy(r);
- x3.mul(x);
- r.imul(ROM.CURVE_A);
- r.add(x3);
- r.add(x);
- }
- r.reduce();
- return r;
- }
-
-/* set (x,y) from two BIGs */
- public ECP(BIG ix,BIG iy) {
- x=new FP(ix);
- y=new FP(iy);
- z=new FP(1);
- FP rhs=RHS(x);
-
- if (ROM.CURVETYPE==ROM.MONTGOMERY)
- {
- if (rhs.jacobi()==1) INF=false;
- else inf();
- }
- else
- {
- FP y2=new FP(y);
- y2.sqr();
- if (y2.equals(rhs)) INF=false;
- else inf();
- }
- }
-/* set (x,y) from BIG and a bit */
- public ECP(BIG ix,int s) {
- x=new FP(ix);
- FP rhs=RHS(x);
- y=new FP(0);
- z=new FP(1);
- if (rhs.jacobi()==1)
- {
- FP ny=rhs.sqrt();
- if (ny.redc().parity()!=s) ny.neg();
- y.copy(ny);
- INF=false;
- }
- else inf();
- }
-
-/* set from x - calculate y from curve equation */
- public ECP(BIG ix) {
- x=new FP(ix);
- FP rhs=RHS(x);
- y=new FP(0);
- z=new FP(1);
- if (rhs.jacobi()==1)
- {
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) y.copy(rhs.sqrt());
- INF=false;
- }
- else INF=true;
- }
-
-/* set to affine - from (x,y,z) to (x,y) */
- public void affine() {
- if (is_infinity()) return;
- FP one=new FP(1);
- if (z.equals(one)) return;
- z.inverse();
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- {
- FP z2=new FP(z);
- z2.sqr();
- x.mul(z2); x.reduce();
- y.mul(z2);
- y.mul(z); y.reduce();
- }
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- x.mul(z); x.reduce();
- y.mul(z); y.reduce();
- }
- if (ROM.CURVETYPE==ROM.MONTGOMERY)
- {
- x.mul(z); x.reduce();
- }
- z.copy(one);
- }
-/* extract x as a BIG */
- public BIG getX()
- {
- affine();
- return x.redc();
- }
-/* extract y as a BIG */
- public BIG getY()
- {
- affine();
- return y.redc();
- }
-
-/* get sign of Y */
- public int getS()
- {
- affine();
- BIG y=getY();
- return y.parity();
- }
-/* extract x as an FP */
- public FP getx()
- {
- return x;
- }
-/* extract y as an FP */
- public FP gety()
- {
- return y;
- }
-/* extract z as an FP */
- public FP getz()
- {
- return z;
- }
-/* convert to byte array */
- public void toBytes(byte[] b)
- {
- byte[] t=new byte[ROM.MODBYTES];
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) b[0]=0x04;
- else b[0]=0x02;
-
- affine();
- x.redc().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) b[i+1]=t[i];
- if (ROM.CURVETYPE!=ROM.MONTGOMERY)
- {
- y.redc().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) b[i+ROM.MODBYTES+1]=t[i];
- }
- }
-/* convert from byte array to point */
- public static ECP fromBytes(byte[] b)
- {
- byte[] t=new byte[ROM.MODBYTES];
- BIG p=new BIG(ROM.Modulus);
-
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=b[i+1];
- BIG px=BIG.fromBytes(t);
- if (BIG.comp(px,p)>=0) return new ECP();
-
- if (b[0]==0x04)
- {
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=b[i+ROM.MODBYTES+1];
- BIG py=BIG.fromBytes(t);
- if (BIG.comp(py,p)>=0) return new ECP();
- return new ECP(px,py);
- }
- else return new ECP(px);
- }
-/* convert to hex string */
- public String toString() {
- if (is_infinity()) return "infinity";
- affine();
- if (ROM.CURVETYPE==ROM.MONTGOMERY) return "("+x.redc().toString()+")";
- else return "("+x.redc().toString()+","+y.redc().toString()+")";
- }
-/* this*=2 */
- public void dbl() {
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- {
- if (INF) return;
- if (y.iszilch())
- {
- inf();
- return;
- }
-
- FP w1=new FP(x);
- FP w6=new FP(z);
- FP w2=new FP(0);
- FP w3=new FP(x);
- FP w8=new FP(x);
-
- if (ROM.CURVE_A==-3)
- {
- w6.sqr();
- w1.copy(w6);
- w1.neg();
- w3.add(w1);
- w8.add(w6);
- w3.mul(w8);
- w8.copy(w3);
- w8.imul(3);
- }
- else
- {
- w1.sqr();
- w8.copy(w1);
- w8.imul(3);
- }
-
- w2.copy(y); w2.sqr();
- w3.copy(x); w3.mul(w2);
- w3.imul(4);
- w1.copy(w3); w1.neg();
- // w1.norm();
-
- x.copy(w8); x.sqr();
- x.add(w1);
- x.add(w1);
- // x.reduce();
- x.norm();
-
- z.mul(y);
- z.add(z);
-
- w2.add(w2);
- w2.sqr();
- w2.add(w2);
- w3.sub(x);
- y.copy(w8); y.mul(w3);
- // w2.norm();
- y.sub(w2);
- // y.reduce();
- // z.reduce();
- y.norm();
- z.norm();
- }
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- FP C=new FP(x);
- FP D=new FP(y);
- FP H=new FP(z);
- FP J=new FP(0);
-
- x.mul(y); x.add(x);
- C.sqr();
- D.sqr();
- if (ROM.CURVE_A==-1) C.neg();
- y.copy(C); y.add(D);
- // y.norm();
- H.sqr(); H.add(H);
- z.copy(y);
- J.copy(y); J.sub(H);
- x.mul(J);
- C.sub(D);
- y.mul(C);
- z.mul(J);
-
- x.norm();
- y.norm();
- z.norm();
- }
- if (ROM.CURVETYPE==ROM.MONTGOMERY)
- {
- FP A=new FP(x);
- FP B=new FP(x);
- FP AA=new FP(0);
- FP BB=new FP(0);
- FP C=new FP(0);
-
- if (INF) return;
-
- A.add(z);
- AA.copy(A); AA.sqr();
- B.sub(z);
- BB.copy(B); BB.sqr();
- C.copy(AA); C.sub(BB);
- // C.norm();
-
- x.copy(AA); x.mul(BB);
-
- A.copy(C); A.imul((ROM.CURVE_A+2)/4);
-
- BB.add(A);
- z.copy(BB); z.mul(C);
- // x.reduce();
- // z.reduce();
- x.norm();
- z.norm();
- }
- return;
- }
-
-/* this+=Q */
- public void add(ECP Q) {
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- {
- if (INF)
- {
- copy(Q);
- return;
- }
- if (Q.INF) return;
-
- boolean aff=false;
-
- FP one=new FP(1);
- if (Q.z.equals(one)) aff=true;
-
- FP A,C;
- FP B=new FP(z);
- FP D=new FP(z);
- if (!aff)
- {
- A=new FP(Q.z);
- C=new FP(Q.z);
-
- A.sqr(); B.sqr();
- C.mul(A); D.mul(B);
-
- A.mul(x);
- C.mul(y);
- }
- else
- {
- A=new FP(x);
- C=new FP(y);
-
- B.sqr();
- D.mul(B);
- }
-
- B.mul(Q.x); B.sub(A);
- D.mul(Q.y); D.sub(C);
-
- if (B.iszilch())
- {
- if (D.iszilch())
- {
- dbl();
- return;
- }
- else
- {
- INF=true;
- return;
- }
- }
-
- if (!aff) z.mul(Q.z);
- z.mul(B);
-
- FP e=new FP(B); e.sqr();
- B.mul(e);
- A.mul(e);
-
- e.copy(A);
- e.add(A); e.add(B);
- x.copy(D); x.sqr(); x.sub(e);
-
- A.sub(x);
- y.copy(A); y.mul(D);
- C.mul(B); y.sub(C);
-
- // x.reduce();
- // y.reduce();
- // z.reduce();
- x.norm();
- y.norm();
- z.norm();
- }
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- FP b=new FP(new BIG(ROM.CURVE_B));
- FP A=new FP(z);
- FP B=new FP(0);
- FP C=new FP(x);
- FP D=new FP(y);
- FP E=new FP(0);
- FP F=new FP(0);
- FP G=new FP(0);
- // FP H=new FP(0);
- // FP I=new FP(0);
-
- A.mul(Q.z);
- B.copy(A); B.sqr();
- C.mul(Q.x);
- D.mul(Q.y);
-
- E.copy(C); E.mul(D); E.mul(b);
- F.copy(B); F.sub(E);
- G.copy(B); G.add(E);
- C.add(D);
-
- if (ROM.CURVE_A==1)
- {
- E.copy(D); D.sub(C);
- }
-
- B.copy(x); B.add(y);
- D.copy(Q.x); D.add(Q.y);
- B.mul(D);
- B.sub(C);
- B.mul(F);
- x.copy(A); x.mul(B);
-
- if (ROM.CURVE_A==1)
- {
- C.copy(E); C.mul(G);
- }
- if (ROM.CURVE_A==-1)
- {
- C.mul(G);
- }
- y.copy(A); y.mul(C);
- z.copy(F); z.mul(G);
- // x.reduce(); y.reduce(); z.reduce();
- x.norm(); y.norm(); z.norm();
- }
- return;
- }
-
-/* Differential Add for Montgomery curves. this+=Q where W is this-Q and is affine. */
- public void dadd(ECP Q,ECP W) {
- FP A=new FP(x);
- FP B=new FP(x);
- FP C=new FP(Q.x);
- FP D=new FP(Q.x);
- FP DA=new FP(0);
- FP CB=new FP(0);
-
- A.add(z);
- B.sub(z);
-
- C.add(Q.z);
- D.sub(Q.z);
-
- DA.copy(D); DA.mul(A);
- CB.copy(C); CB.mul(B);
-
- A.copy(DA); A.add(CB); A.sqr();
- B.copy(DA); B.sub(CB); B.sqr();
-
- x.copy(A);
- z.copy(W.x); z.mul(B);
-
- if (z.iszilch()) inf();
- else INF=false;
-
- // x.reduce();
- x.norm();
- }
-/* this-=Q */
- public void sub(ECP Q) {
- Q.neg();
- add(Q);
- Q.neg();
- }
-
- public static void multiaffine(int m,ECP[] P)
- {
- int i;
- FP t1=new FP(0);
- FP t2=new FP(0);
-
- FP[] work=new FP[m];
-
- for (i=0;i<m;i++)
- work[i]=new FP(0);
-
- work[0].one();
- work[1].copy(P[0].z);
-
- for (i=2;i<m;i++)
- {
- work[i].copy(work[i-1]);
- work[i].mul(P[i-1].z);
- }
-
- t1.copy(work[m-1]);
- t1.mul(P[m-1].z);
- t1.inverse();
- t2.copy(P[m-1].z);
- work[m-1].mul(t1);
-
- for (i=m-2;;i--)
- {
- if (i==0)
- {
- work[0].copy(t1);
- work[0].mul(t2);
- break;
- }
- work[i].mul(t2);
- work[i].mul(t1);
- t2.mul(P[i].z);
- }
-/* now work[] contains inverses of all Z coordinates */
-
- for (i=0;i<m;i++)
- {
- P[i].z.one();
- t1.copy(work[i]);
- t1.sqr();
- P[i].x.mul(t1);
- t1.mul(work[i]);
- P[i].y.mul(t1);
- }
- }
-
-/* constant time multiply by small integer of length bts - use ladder */
- public ECP pinmul(int e,int bts) {
- if (ROM.CURVETYPE==ROM.MONTGOMERY)
- return this.mul(new BIG(e));
- else
- {
- int nb,i,b;
- ECP P=new ECP();
- ECP R0=new ECP();
- ECP R1=new ECP(); R1.copy(this);
-
- for (i=bts-1;i>=0;i--)
- {
- b=(e>>i)&1;
- P.copy(R1);
- P.add(R0);
- R0.cswap(R1,b);
- R1.copy(P);
- R0.dbl();
- R0.cswap(R1,b);
- }
- P.copy(R0);
- P.affine();
- return P;
- }
- }
-
-/* return e.this */
-
- public ECP mul(BIG e) {
- if (e.iszilch() || is_infinity()) return new ECP();
- ECP P=new ECP();
- if (ROM.CURVETYPE==ROM.MONTGOMERY)
- {
-/* use Ladder */
- int nb,i,b;
- ECP D=new ECP();
- ECP R0=new ECP(); R0.copy(this);
- ECP R1=new ECP(); R1.copy(this);
- R1.dbl();
- D.copy(this); D.affine();
- nb=e.nbits();
- for (i=nb-2;i>=0;i--)
- {
- b=e.bit(i);
- P.copy(R1);
- P.dadd(R0,D);
- R0.cswap(R1,b);
- R1.copy(P);
- R0.dbl();
- R0.cswap(R1,b);
- }
- P.copy(R0);
- }
- else
- {
-// fixed size windows
- int i,b,nb,m,s,ns;
- BIG mt=new BIG();
- BIG t=new BIG();
- ECP Q=new ECP();
- ECP C=new ECP();
- ECP[] W=new ECP[8];
- byte[] w=new byte[1+(ROM.NLEN*ROM.BASEBITS+3)/4];
-
- affine();
-
-// precompute table
- Q.copy(this);
- Q.dbl();
- W[0]=new ECP();
- W[0].copy(this);
-
- for (i=1;i<8;i++)
- {
- W[i]=new ECP();
- W[i].copy(W[i-1]);
- W[i].add(Q);
- }
-
-// convert the table to affine
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- multiaffine(8,W);
-
-// make exponent odd - add 2P if even, P if odd
- t.copy(e);
- s=t.parity();
- t.inc(1); t.norm(); ns=t.parity(); mt.copy(t); mt.inc(1); mt.norm();
- t.cmove(mt,s);
- Q.cmove(this,ns);
- C.copy(Q);
-
- nb=1+(t.nbits()+3)/4;
-
-// convert exponent to signed 4-bit window
- for (i=0;i<nb;i++)
- {
- w[i]=(byte)(t.lastbits(5)-16);
- t.dec(w[i]); t.norm();
- t.fshr(4);
- }
- w[nb]=(byte)t.lastbits(5);
-
- P.copy(W[(w[nb]-1)/2]);
- for (i=nb-1;i>=0;i--)
- {
- Q.select(W,w[i]);
- P.dbl();
- P.dbl();
- P.dbl();
- P.dbl();
- P.add(Q);
- }
- P.sub(C); /* apply correction */
- }
- P.affine();
- return P;
- }
-/* Return e.this+f.Q */
-
- public ECP mul2(BIG e,ECP Q,BIG f) {
- BIG te=new BIG();
- BIG tf=new BIG();
- BIG mt=new BIG();
- ECP S=new ECP();
- ECP T=new ECP();
- ECP C=new ECP();
- ECP[] W=new ECP[8];
- byte[] w=new byte[1+(ROM.NLEN*ROM.BASEBITS+1)/2];
- int i,s,ns,nb;
- byte a,b;
-
- affine();
- Q.affine();
-
- te.copy(e);
- tf.copy(f);
-
-// precompute table
- W[1]=new ECP(); W[1].copy(this); W[1].sub(Q);
- W[2]=new ECP(); W[2].copy(this); W[2].add(Q);
- S.copy(Q); S.dbl();
- W[0]=new ECP(); W[0].copy(W[1]); W[0].sub(S);
- W[3]=new ECP(); W[3].copy(W[2]); W[3].add(S);
- T.copy(this); T.dbl();
- W[5]=new ECP(); W[5].copy(W[1]); W[5].add(T);
- W[6]=new ECP(); W[6].copy(W[2]); W[6].add(T);
- W[4]=new ECP(); W[4].copy(W[5]); W[4].sub(S);
- W[7]=new ECP(); W[7].copy(W[6]); W[7].add(S);
-
-// convert the table to affine
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- multiaffine(8,W);
-
-// if multiplier is odd, add 2, else add 1 to multiplier, and add 2P or P to correction
-
- s=te.parity();
- te.inc(1); te.norm(); ns=te.parity(); mt.copy(te); mt.inc(1); mt.norm();
- te.cmove(mt,s);
- T.cmove(this,ns);
- C.copy(T);
-
- s=tf.parity();
- tf.inc(1); tf.norm(); ns=tf.parity(); mt.copy(tf); mt.inc(1); mt.norm();
- tf.cmove(mt,s);
- S.cmove(Q,ns);
- C.add(S);
-
- mt.copy(te); mt.add(tf); mt.norm();
- nb=1+(mt.nbits()+1)/2;
-
-// convert exponent to signed 2-bit window
- for (i=0;i<nb;i++)
- {
- a=(byte)(te.lastbits(3)-4);
- te.dec(a); te.norm();
- te.fshr(2);
- b=(byte)(tf.lastbits(3)-4);
- tf.dec(b); tf.norm();
- tf.fshr(2);
- w[i]=(byte)(4*a+b);
- }
- w[nb]=(byte)(4*te.lastbits(3)+tf.lastbits(3));
- S.copy(W[(w[nb]-1)/2]);
-
- for (i=nb-1;i>=0;i--)
- {
- T.select(W,w[i]);
- S.dbl();
- S.dbl();
- S.add(T);
- }
- S.sub(C); /* apply correction */
- S.affine();
- return S;
- }
-
-/*
- public static void main(String[] args) {
-
- BIG Gx=new BIG(ROM.CURVE_Gx);
- BIG Gy;
- ECP P;
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) Gy=new BIG(ROM.CURVE_Gy);
- BIG r=new BIG(ROM.CURVE_Order);
-
- //r.dec(7);
-
- System.out.println("Gx= "+Gx.toString());
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) System.out.println("Gy= "+Gy.toString());
-
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) P=new ECP(Gx,Gy);
- else P=new ECP(Gx);
-
- System.out.println("P= "+P.toString());
-
- ECP R=P.mul(r);
- //for (int i=0;i<10000;i++)
- // R=P.mul(r);
-
- System.out.println("R= "+R.toString());
- } */
-}
-