You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@milagro.apache.org by br...@apache.org on 2019/01/15 15:19:31 UTC
[26/51] [partial] incubator-milagro-crypto git commit: update code
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/src/gcm.rs
----------------------------------------------------------------------
diff --git a/version22/rust/src/gcm.rs b/version22/rust/src/gcm.rs
deleted file mode 100644
index 32e2749..0000000
--- a/version22/rust/src/gcm.rs
+++ /dev/null
@@ -1,356 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-const GCM_NB:usize=4;
-const GCM_ACCEPTING_HEADER:usize=0;
-const GCM_ACCEPTING_CIPHER:usize=1;
-const GCM_NOT_ACCEPTING_MORE:usize=2;
-const GCM_FINISHED:usize=3;
-const GCM_ENCRYPTING:usize=0;
-const GCM_DECRYPTING:usize=1;
-
-use aes;
-use aes::AES;
-
-pub struct GCM {
- table: [[u32;4];128],
- statex: [u8;16],
- y_0: [u8;16],
-// counter: usize,
- lena:[u32;2],
- lenc:[u32;2],
- status:usize,
- a:AES
-}
-
-impl GCM {
-
- fn pack(b: [u8;4]) -> u32 { /* pack bytes into a 32-bit Word */
- return ((((b[0])&0xff) as u32)<<24)|((((b[1])&0xff) as u32)<<16)|((((b[2])&0xff) as u32)<<8)|(((b[3])&0xff) as u32);
- }
-
- fn unpack(a: u32) -> [u8;4] { /* unpack bytes from a word */
- let b:[u8;4]=[((a>>24)&0xff) as u8,((a>>16)&0xff) as u8,((a>>8)&0xff) as u8,(a&0xff) as u8];
- return b;
- }
-
- fn precompute(&mut self,h: &[u8]) {
- let mut b:[u8;4]=[0;4];
- let mut j=0;
- for i in 0..GCM_NB {
- b[0]=h[j]; b[1]=h[j+1]; b[2]=h[j+2]; b[3]=h[j+3];
- self.table[0][i]=GCM::pack(b);
- j+=4;
- }
- for i in 1..128 {
- let mut c:u32=0;
- for j in 0..GCM_NB {self.table[i][j]=c|(self.table[i-1][j])>>1; c=self.table[i-1][j]<<31;}
- if c != 0 {self.table[i][0]^=0xE1000000} /* irreducible polynomial */
- }
- }
-
- fn gf2mul(&mut self) { /* gf2m mul - Z=H*X mod 2^128 */
- let mut p:[u32;4]=[0;4];
-
- for i in 0..4 {p[i]=0}
- let mut j:usize=8;
- let mut m=0;
- for i in 0..128 {
- j-=1;
- let mut c=((self.statex[m]>>j)&1) as u32; c= (!c) +1;
- for k in 0..GCM_NB {p[k]^=self.table[i][k]&c}
- if j==0 {
- j=8; m+=1;
- if m==16 {break}
- }
- }
- j=0;
- for i in 0..GCM_NB {
- let b=GCM::unpack(p[i]);
- self.statex[j]=b[0]; self.statex[j+1]=b[1]; self.statex[j+2]=b[2]; self.statex[j+3]=b[3];
- j+=4;
- }
- }
-
- fn wrap(&mut self) { /* Finish off GHASH */
- let mut f:[u32;4]=[0;4];
- let mut el:[u8;16]=[0;16];
-
- /* convert lengths from bytes to bits */
- f[0]=(self.lena[0]<<3)|(self.lena[1]&0xE0000000)>>29;
- f[1]=self.lena[1]<<3;
- f[2]=(self.lenc[0]<<3)|(self.lenc[1]&0xE0000000)>>29;
- f[3]=self.lenc[1]<<3;
- let mut j=0;
- for i in 0..GCM_NB {
- let b=GCM::unpack(f[i]);
- el[j]=b[0]; el[j+1]=b[1]; el[j+2]=b[2]; el[j+3]=b[3];
- j+=4;
- }
- for i in 0..16 {self.statex[i]^=el[i]}
- self.gf2mul();
- }
-
- fn ghash(&mut self,plain: &[u8],len: usize) -> bool {
- if self.status==GCM_ACCEPTING_HEADER {self.status=GCM_ACCEPTING_CIPHER}
- if self.status != GCM_ACCEPTING_CIPHER {return false}
-
- let mut j=0;
- while j<len {
- for i in 0..16 {
- if j>=len {break}
- self.statex[i]^=plain[j]; j+=1;
- self.lenc[1]+=1; if self.lenc[1]==0 {self.lenc[0]+=1}
- }
- self.gf2mul();
- }
- if len%16 != 0 {self.status=GCM_NOT_ACCEPTING_MORE}
- return true;
- }
-
- /* Initialize GCM mode */
- pub fn init(&mut self,nk: usize,key: &[u8],niv: usize,iv: &[u8]) { /* iv size niv is usually 12 bytes (96 bits). AES key size nk can be 16,24 or 32 bytes */
- let mut h:[u8;16]=[0;16];
-
- for i in 0..16 {h[i]=0; self.statex[i]=0}
-
- self.a=AES::new();
-
- self.a.init(aes::ECB,nk,key,None);
- self.a.ecb_encrypt(&mut h); /* E(K,0) */
- self.precompute(&h);
-
- self.lena[0]=0;self.lenc[0]=0;self.lena[1]=0;self.lenc[1]=0;
- if niv==12 {
- for i in 0..12 {self.a.f[i]=iv[i]}
- let b=GCM::unpack(1);
- self.a.f[12]=b[0]; self.a.f[13]=b[1]; self.a.f[14]=b[2]; self.a.f[15]=b[3]; /* initialise IV */
- for i in 0..16 {self.y_0[i]=self.a.f[i]}
- } else {
- self.status=GCM_ACCEPTING_CIPHER;
- self.ghash(iv,niv); /* GHASH(H,0,IV) */
- self.wrap();
- for i in 0..16 {self.a.f[i]=self.statex[i];self.y_0[i]=self.a.f[i];self.statex[i]=0}
- self.lena[0]=0;self.lenc[0]=0;self.lena[1]=0;self.lenc[1]=0;
- }
- self.status=GCM_ACCEPTING_HEADER;
- }
-
- pub fn new() -> GCM {
- GCM {
- table:[[0;4];128],
- statex:[0;16],
- y_0:[0;16],
- //counter:0,
- lena:[0;2],
- lenc:[0;2],
- status:0,
- a:AES::new()
- }
- }
-
-/* Add Header data - included but not encrypted */
- pub fn add_header(&mut self,header: &[u8],len: usize) -> bool { /* Add some header. Won't be encrypted, but will be authenticated. len is length of header */
- if self.status != GCM_ACCEPTING_HEADER {return false}
- let mut j=0;
- while j<len {
- for i in 0..16 {
- if j>=len {break}
- self.statex[i]^=header[j]; j+=1;
- self.lena[1]+=1; if self.lena[1]==0 {self.lena[0]+=1}
- }
- self.gf2mul();
- }
- if len%16 != 0 {self.status=GCM_ACCEPTING_CIPHER}
- return true;
- }
-
-/* Add Plaintext - included and encrypted */
- pub fn add_plain(&mut self,cipher: &mut [u8],plain: &[u8],len: usize) -> bool {
- let mut cb:[u8;16]=[0;16];
- let mut b:[u8;4]=[0;4];
-
- let mut counter: u32;
- if self.status == GCM_ACCEPTING_HEADER {self.status=GCM_ACCEPTING_CIPHER}
- if self.status != GCM_ACCEPTING_CIPHER {return false}
-
- let mut j=0;
- while j<len {
- b[0]=self.a.f[12]; b[1]=self.a.f[13]; b[2]=self.a.f[14]; b[3]=self.a.f[15];
- counter=GCM::pack(b);
- counter+=1;
- b=GCM::unpack(counter);
- self.a.f[12]=b[0]; self.a.f[13]=b[1]; self.a.f[14]=b[2]; self.a.f[15]=b[3]; /* increment counter */
- for i in 0..16 {cb[i]=self.a.f[i]}
- self.a.ecb_encrypt(&mut cb); /* encrypt it */
-
- for i in 0..16 {
- if j>=len {break}
- cipher[j]=plain[j]^cb[i];
- self.statex[i]^=cipher[j]; j+=1;
- self.lenc[1]+=1; if self.lenc[1]==0 {self.lenc[0]+=1}
- }
- self.gf2mul()
- }
- if len%16 != 0 {self.status=GCM_NOT_ACCEPTING_MORE}
- return true;
- }
-
-/* Add Ciphertext - decrypts to plaintext */
- pub fn add_cipher(&mut self,plain: &mut [u8],cipher: &[u8],len: usize) -> bool {
- let mut cb:[u8;16]=[0;16];
- let mut b:[u8;4]=[0;4];
-
- let mut counter: u32;
-
- if self.status==GCM_ACCEPTING_HEADER {self.status=GCM_ACCEPTING_CIPHER}
- if self.status != GCM_ACCEPTING_CIPHER {return false}
-
- let mut j=0;
- while j<len {
- b[0]=self.a.f[12]; b[1]=self.a.f[13]; b[2]=self.a.f[14]; b[3]=self.a.f[15];
- counter=GCM::pack(b);
- counter+=1;
- b=GCM::unpack(counter);
- self.a.f[12]=b[0]; self.a.f[13]=b[1]; self.a.f[14]=b[2]; self.a.f[15]=b[3]; /* increment counter */
- for i in 0..16 {cb[i]=self.a.f[i]}
- self.a.ecb_encrypt(&mut cb); /* encrypt it */
- for i in 0..16 {
- if j>=len {break}
- let oc=cipher[j];
- plain[j]=cipher[j]^cb[i];
- self.statex[i]^=oc; j+=1;
- self.lenc[1]+=1; if self.lenc[1]==0 {self.lenc[0]+=1}
- }
- self.gf2mul()
- }
- if len%16 != 0 {self.status=GCM_NOT_ACCEPTING_MORE}
- return true;
- }
-
-/* Finish and extract Tag */
- pub fn finish(&mut self,extract: bool) -> [u8;16] { /* Finish off GHASH and extract tag (MAC) */
- let mut tag:[u8;16]=[0;16];
-
- self.wrap();
- /* extract tag */
- if extract {
- self.a.ecb_encrypt(&mut (self.y_0)); /* E(K,Y0) */
- for i in 0..16 {self.y_0[i]^=self.statex[i]}
- for i in 0..16 {tag[i]=self.y_0[i];self.y_0[i]=0;self.statex[i]=0}
- }
- self.status=GCM_FINISHED;
- self.a.end();
- return tag;
- }
-
- pub fn hex2bytes(hex: &[u8],bin: &mut [u8]) {
- let len=hex.len();
-
- for i in 0..len/2 {
- let mut v:u8;
- let mut c = hex[2*i];
- if c >= b'0' && c <= b'9' {
- v = c - b'0';
- } else if c >= b'A' && c <= b'F' {
- v = c - b'A' + 10;
- } else if c >= b'a' && c <= b'f' {
- v = c - b'a' + 10;
- } else {
- v = 0;
- }
- v <<= 4;
- c = hex[2*i + 1];
- if c >= b'0' && c <= b'9' {
- v += c - b'0';
- } else if c >= b'A' && c <= b'F' {
- v += c - b'A' + 10;
- } else if c >= b'a' && c <= b'f' {
- v += c - b'a' + 10;
- } else {
- v = 0;
- }
- bin[i] = v;
- }
- }
-
-}
-/*
-fn main()
-{
- let kt=b"feffe9928665731c6d6a8f9467308308";
- let mt=b"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39";
- let ht=b"feedfacedeadbeeffeedfacedeadbeefabaddad2";
- let nt=b"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b";
-// Tag should be 619cc5aefffe0bfa462af43c1699d050
-
- let mut gcm=GCM::new();
-
- let len=mt.len()/2;
- let lenh=ht.len()/2;
- let lenk=kt.len()/2;
- let leniv=nt.len()/2;
-
- //let mut t:[u8;16]=[0;16]; // Tag
- let mut k:[u8;16]=[0;16]; // AES Key
- let mut h:[u8;64]=[0;64]; // Header - to be included in Authentication, but not encrypted
- let mut n:[u8;100]=[0;100]; // IV - Initialisation vector
- let mut m:[u8;100]=[0;100]; // Plaintext to be encrypted/authenticated
- let mut c:[u8;100]=[0;100]; // Ciphertext
- let mut p:[u8;100]=[0;100]; // Recovered Plaintext
-
- GCM::hex2bytes(mt,&mut m);
- GCM::hex2bytes(ht,&mut h);
- GCM::hex2bytes(kt,&mut k);
- GCM::hex2bytes(nt,&mut n);
-
- println!("Plaintext=");
- for i in 0..len {print!("{:02x}",m[i])}
- println!("");
-
- gcm.init(lenk,&k,leniv,&n);
-
- gcm.add_header(&h,lenh);
- gcm.add_plain(&mut c,&m,len);
- let mut t=gcm.finish(true);
-
- println!("Ciphertext=");
- for i in 0..len {print!("{:02x}",c[i])}
- println!("");
-
- println!("Tag=");
- for i in 0..16 {print!("{:02x}",t[i])}
- println!("");
-
- gcm.init(lenk,&k,leniv,&n);
-
- gcm.add_header(&h,lenh);
- gcm.add_cipher(&mut p,&c,len);
- t=gcm.finish(true);
-
- println!("Plaintext=");
- for i in 0..len {print!("{:02x}",p[i])}
- println!("");
-
- println!("Tag=");
- for i in 0..16 {print!("{:02x}",t[i])}
- println!("");
-
-}
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/src/hash256.rs
----------------------------------------------------------------------
diff --git a/version22/rust/src/hash256.rs b/version22/rust/src/hash256.rs
deleted file mode 100644
index e2aca06..0000000
--- a/version22/rust/src/hash256.rs
+++ /dev/null
@@ -1,182 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-const HASH256_H0: u32=0x6A09E667;
-const HASH256_H1: u32=0xBB67AE85;
-const HASH256_H2: u32=0x3C6EF372;
-const HASH256_H3: u32=0xA54FF53A;
-const HASH256_H4: u32=0x510E527F;
-const HASH256_H5: u32=0x9B05688C;
-const HASH256_H6: u32=0x1F83D9AB;
-const HASH256_H7: u32=0x5BE0CD19;
-
-const HASH256_K : [u32;64]=[
- 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5,0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5,
- 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3,0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174,
- 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc,0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da,
- 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7,0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967,
- 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13,0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85,
- 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3,0xd192e819,0xd6990624,0xf40e3585,0x106aa070,
- 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5,0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3,
- 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208,0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2];
-
-
-pub struct HASH256 {
- length: [u32;2],
- h: [u32;8],
- w: [u32;64]
-}
-
-impl HASH256 {
- fn s(n: u32,x: u32) -> u32 {
- return ((x)>>n) | ((x)<<(32-n));
- }
- fn r(n: u32,x: u32) -> u32 {
- return (x)>>n;
- }
-
- fn ch(x: u32,y: u32,z: u32) -> u32 {
- return (x&y)^(!(x)&z);
- }
-
- fn maj(x: u32,y: u32,z: u32) -> u32 {
- return (x&y)^(x&z)^(y&z);
- }
- fn sig0(x: u32) -> u32 {
- return HASH256::s(2,x)^HASH256::s(13,x)^HASH256::s(22,x);
- }
-
- fn sig1(x: u32) -> u32 {
- return HASH256::s(6,x)^HASH256::s(11,x)^HASH256::s(25,x);
- }
-
- fn theta0(x: u32) -> u32 {
- return HASH256::s(7,x)^HASH256::s(18,x)^HASH256::r(3,x);
- }
-
- fn theta1(x: u32) -> u32 {
- return HASH256::s(17,x)^HASH256::s(19,x)^HASH256::r(10,x);
- }
-
- fn transform(&mut self) { /* basic transformation step */
- for j in 16..64 {
- self.w[j]=HASH256::theta1(self.w[j-2]).wrapping_add(self.w[j-7]).wrapping_add(HASH256::theta0(self.w[j-15])).wrapping_add(self.w[j-16]);
- }
- let mut a=self.h[0]; let mut b=self.h[1]; let mut c=self.h[2]; let mut d=self.h[3];
- let mut e=self.h[4]; let mut f=self.h[5]; let mut g=self.h[6]; let mut hh=self.h[7];
- for j in 0..64 { /* 64 times - mush it up */
- let t1=hh.wrapping_add(HASH256::sig1(e)).wrapping_add(HASH256::ch(e,f,g)).wrapping_add(HASH256_K[j]).wrapping_add(self.w[j]);
- let t2=HASH256::sig0(a).wrapping_add(HASH256::maj(a,b,c));
- hh=g; g=f; f=e;
- e=d.wrapping_add(t1);
- d=c;
- c=b;
- b=a;
- a=t1.wrapping_add(t2);
- }
- self.h[0] = self.h[0].wrapping_add(a);
- self.h[1] = self.h[1].wrapping_add(b);
- self.h[2] = self.h[2].wrapping_add(c);
- self.h[3] = self.h[3].wrapping_add(d);
- self.h[4] = self.h[4].wrapping_add(e);
- self.h[5] = self.h[5].wrapping_add(f);
- self.h[6] = self.h[6].wrapping_add(g);
- self.h[7] = self.h[7].wrapping_add(hh);
- }
-
-/* Initialise Hash function */
- pub fn init(&mut self) { /* initialise */
- for i in 0..64 {self.w[i]=0}
- self.length[0]=0; self.length[1]=0;
- self.h[0]=HASH256_H0;
- self.h[1]=HASH256_H1;
- self.h[2]=HASH256_H2;
- self.h[3]=HASH256_H3;
- self.h[4]=HASH256_H4;
- self.h[5]=HASH256_H5;
- self.h[6]=HASH256_H6;
- self.h[7]=HASH256_H7;
- }
-
- pub fn new() -> HASH256 {
- let mut nh=HASH256 {
- length: [0;2],
- h: [0;8],
- w: [0;64]
- };
- nh.init();
- return nh;
- }
-
-/* process a single byte */
- pub fn process(&mut self,byt: u8) { /* process the next message byte */
- let cnt=((self.length[0]/32)%16) as usize;
- self.w[cnt]<<=8;
- self.w[cnt]|=(byt&0xFF) as u32;
- self.length[0]+=8;
- if self.length[0]==0 {self.length[1]+=1; self.length[0]=0}
- if (self.length[0]%512)==0 {self.transform()}
- }
-
-/* process an array of bytes */
- pub fn process_array(&mut self,b: &[u8]) {
- for i in 0..b.len() {self.process((b[i]))}
- }
-
-/* process a 32-bit integer */
- pub fn process_num(&mut self,n: i32) {
- self.process(((n>>24)&0xff) as u8);
- self.process(((n>>16)&0xff) as u8);
- self.process(((n>>8)&0xff) as u8);
- self.process((n&0xff) as u8);
- }
-
-/* Generate 32-byte Hash */
- pub fn hash(&mut self) -> [u8;32] { /* pad message and finish - supply digest */
- let mut digest:[u8;32]=[0;32];
- let len0=self.length[0];
- let len1=self.length[1];
- self.process(0x80);
- while (self.length[0]%512)!=448 {self.process(0)}
- self.w[14]=len1;
- self.w[15]=len0;
- self.transform();
- for i in 0..32 { /* convert to bytes */
- digest[i]=((self.h[i/4]>>(8*(3-i%4))) & 0xff) as u8;
- }
- self.init();
- return digest;
- }
-}
-
-//248d6a61 d20638b8 e5c02693 0c3e6039 a33ce459 64ff2167 f6ecedd4 19db06c1
-/*
-fn main() {
- let s = String::from("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq");
- let test = s.into_bytes();
- let mut sh=HASH256::new();
-
- for i in 0..test.len(){
- sh.process(test[i]);
- }
-
- let digest=sh.hash();
- for i in 0..32 {print!("{:02x}",digest[i])}
-}
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/src/hash384.rs
----------------------------------------------------------------------
diff --git a/version22/rust/src/hash384.rs b/version22/rust/src/hash384.rs
deleted file mode 100644
index 2c8fc6f..0000000
--- a/version22/rust/src/hash384.rs
+++ /dev/null
@@ -1,188 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-const HASH384_H0: u64=0xcbbb9d5dc1059ed8;
-const HASH384_H1: u64=0x629a292a367cd507;
-const HASH384_H2: u64=0x9159015a3070dd17;
-const HASH384_H3: u64=0x152fecd8f70e5939;
-const HASH384_H4: u64=0x67332667ffc00b31;
-const HASH384_H5: u64=0x8eb44a8768581511;
-const HASH384_H6: u64=0xdb0c2e0d64f98fa7;
-const HASH384_H7: u64=0x47b5481dbefa4fa4;
-
-const HASH384_K : [u64;80]=[
- 0x428a2f98d728ae22,0x7137449123ef65cd,0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc,
- 0x3956c25bf348b538,0x59f111f1b605d019,0x923f82a4af194f9b,0xab1c5ed5da6d8118,
- 0xd807aa98a3030242,0x12835b0145706fbe,0x243185be4ee4b28c,0x550c7dc3d5ffb4e2,
- 0x72be5d74f27b896f,0x80deb1fe3b1696b1,0x9bdc06a725c71235,0xc19bf174cf692694,
- 0xe49b69c19ef14ad2,0xefbe4786384f25e3,0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65,
- 0x2de92c6f592b0275,0x4a7484aa6ea6e483,0x5cb0a9dcbd41fbd4,0x76f988da831153b5,
- 0x983e5152ee66dfab,0xa831c66d2db43210,0xb00327c898fb213f,0xbf597fc7beef0ee4,
- 0xc6e00bf33da88fc2,0xd5a79147930aa725,0x06ca6351e003826f,0x142929670a0e6e70,
- 0x27b70a8546d22ffc,0x2e1b21385c26c926,0x4d2c6dfc5ac42aed,0x53380d139d95b3df,
- 0x650a73548baf63de,0x766a0abb3c77b2a8,0x81c2c92e47edaee6,0x92722c851482353b,
- 0xa2bfe8a14cf10364,0xa81a664bbc423001,0xc24b8b70d0f89791,0xc76c51a30654be30,
- 0xd192e819d6ef5218,0xd69906245565a910,0xf40e35855771202a,0x106aa07032bbd1b8,
- 0x19a4c116b8d2d0c8,0x1e376c085141ab53,0x2748774cdf8eeb99,0x34b0bcb5e19b48a8,
- 0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb,0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3,
- 0x748f82ee5defb2fc,0x78a5636f43172f60,0x84c87814a1f0ab72,0x8cc702081a6439ec,
- 0x90befffa23631e28,0xa4506cebde82bde9,0xbef9a3f7b2c67915,0xc67178f2e372532b,
- 0xca273eceea26619c,0xd186b8c721c0c207,0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178,
- 0x06f067aa72176fba,0x0a637dc5a2c898a6,0x113f9804bef90dae,0x1b710b35131c471b,
- 0x28db77f523047d84,0x32caab7b40c72493,0x3c9ebe0a15c9bebc,0x431d67c49c100d4c,
- 0x4cc5d4becb3e42b6,0x597f299cfc657e2a,0x5fcb6fab3ad6faec,0x6c44198c4a475817];
-
-
-pub struct HASH384 {
- length: [u64;2],
- h: [u64;8],
- w: [u64;80]
-}
-
-impl HASH384 {
- fn s(n: u64,x: u64) -> u64 {
- return ((x)>>n) | ((x)<<(64-n));
- }
- fn r(n: u64,x: u64) -> u64 {
- return (x)>>n;
- }
-
- fn ch(x: u64,y: u64,z: u64) -> u64 {
- return (x&y)^(!(x)&z);
- }
-
- fn maj(x: u64,y: u64,z: u64) -> u64 {
- return (x&y)^(x&z)^(y&z);
- }
-
- fn sig0(x: u64) -> u64 {
- return HASH384::s(28,x)^HASH384::s(34,x)^HASH384::s(39,x);
- }
-
- fn sig1(x: u64) -> u64 {
- return HASH384::s(14,x)^HASH384::s(18,x)^HASH384::s(41,x);
- }
-
- fn theta0(x: u64) -> u64 {
- return HASH384::s(1,x)^HASH384::s(8,x)^HASH384::r(7,x);
- }
-
- fn theta1(x: u64) -> u64 {
- return HASH384::s(19,x)^HASH384::s(61,x)^HASH384::r(6,x);
- }
-
- fn transform(&mut self) { /* basic transformation step */
- for j in 16..80 {
- self.w[j]=HASH384::theta1(self.w[j-2])+self.w[j-7]+HASH384::theta0(self.w[j-15])+self.w[j-16];
- }
- let mut a=self.h[0]; let mut b=self.h[1]; let mut c=self.h[2]; let mut d=self.h[3];
- let mut e=self.h[4]; let mut f=self.h[5]; let mut g=self.h[6]; let mut hh=self.h[7];
- for j in 0..80 { /* 64 times - mush it up */
- let t1=hh+HASH384::sig1(e)+HASH384::ch(e,f,g)+HASH384_K[j]+self.w[j];
- let t2=HASH384::sig0(a)+HASH384::maj(a,b,c);
- hh=g; g=f; f=e;
- e=d+t1;
- d=c;
- c=b;
- b=a;
- a=t1+t2 ;
- }
- self.h[0]+=a; self.h[1]+=b; self.h[2]+=c; self.h[3]+=d;
- self.h[4]+=e; self.h[5]+=f; self.h[6]+=g; self.h[7]+=hh;
- }
-
-/* Initialise Hash function */
- pub fn init(&mut self) { /* initialise */
- for i in 0..64 {self.w[i]=0}
- self.length[0]=0; self.length[1]=0;
- self.h[0]=HASH384_H0;
- self.h[1]=HASH384_H1;
- self.h[2]=HASH384_H2;
- self.h[3]=HASH384_H3;
- self.h[4]=HASH384_H4;
- self.h[5]=HASH384_H5;
- self.h[6]=HASH384_H6;
- self.h[7]=HASH384_H7;
- }
-
- pub fn new() -> HASH384 {
- let mut nh=HASH384 {
- length: [0;2],
- h: [0;8],
- w: [0;80]
- };
- nh.init();
- return nh;
- }
-
-/* process a single byte */
- pub fn process(&mut self,byt: u8) { /* process the next message byte */
- let cnt=((self.length[0]/64)%16) as usize;
- self.w[cnt]<<=8;
- self.w[cnt]|=(byt&0xFF) as u64;
- self.length[0]+=8;
- if self.length[0]==0 {self.length[1]+=1; self.length[0]=0}
- if (self.length[0]%1024)==0 {self.transform()}
- }
-
-/* process an array of bytes */
- pub fn process_array(&mut self,b: &[u8]) {
- for i in 0..b.len() {self.process((b[i]))}
- }
-
-/* process a 32-bit integer */
- pub fn process_num(&mut self,n: i32) {
- self.process(((n>>24)&0xff) as u8);
- self.process(((n>>16)&0xff) as u8);
- self.process(((n>>8)&0xff) as u8);
- self.process((n&0xff) as u8);
- }
-
-/* Generate 32-byte Hash */
- pub fn hash(&mut self) -> [u8;48] { /* pad message and finish - supply digest */
- let mut digest:[u8;48]=[0;48];
- let len0=self.length[0];
- let len1=self.length[1];
- self.process(0x80);
- while (self.length[0]%1024)!=896 {self.process(0)}
- self.w[14]=len1;
- self.w[15]=len0;
- self.transform();
- for i in 0..48 { /* convert to bytes */
- digest[i]=((self.h[i/8]>>(8*(7-i%8))) & 0xff) as u8;
- }
- self.init();
- return digest;
- }
-}
-
-//09330c33f71147e8 3d192fc782cd1b47 53111b173b3b05d2 2fa08086e3b0f712 fcc7c71a557e2db9 66c3e9fa91746039
-/*
-fn main() {
- let s = String::from("abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu");
- let test = s.into_bytes();
- let mut sh=HASH384::new();
-
- for i in 0..test.len(){
- sh.process(test[i]);
- }
-
- let digest=sh.hash();
- for i in 0..48 {print!("{:02x}",digest[i])}
-} */
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/src/hash512.rs
----------------------------------------------------------------------
diff --git a/version22/rust/src/hash512.rs b/version22/rust/src/hash512.rs
deleted file mode 100644
index a345781..0000000
--- a/version22/rust/src/hash512.rs
+++ /dev/null
@@ -1,189 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-
-const HASH512_H0: u64=0x6a09e667f3bcc908;
-const HASH512_H1: u64=0xbb67ae8584caa73b;
-const HASH512_H2: u64=0x3c6ef372fe94f82b;
-const HASH512_H3: u64=0xa54ff53a5f1d36f1;
-const HASH512_H4: u64=0x510e527fade682d1;
-const HASH512_H5: u64=0x9b05688c2b3e6c1f;
-const HASH512_H6: u64=0x1f83d9abfb41bd6b;
-const HASH512_H7: u64=0x5be0cd19137e2179;
-
-const HASH512_K : [u64;80]=[
- 0x428a2f98d728ae22,0x7137449123ef65cd,0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc,
- 0x3956c25bf348b538,0x59f111f1b605d019,0x923f82a4af194f9b,0xab1c5ed5da6d8118,
- 0xd807aa98a3030242,0x12835b0145706fbe,0x243185be4ee4b28c,0x550c7dc3d5ffb4e2,
- 0x72be5d74f27b896f,0x80deb1fe3b1696b1,0x9bdc06a725c71235,0xc19bf174cf692694,
- 0xe49b69c19ef14ad2,0xefbe4786384f25e3,0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65,
- 0x2de92c6f592b0275,0x4a7484aa6ea6e483,0x5cb0a9dcbd41fbd4,0x76f988da831153b5,
- 0x983e5152ee66dfab,0xa831c66d2db43210,0xb00327c898fb213f,0xbf597fc7beef0ee4,
- 0xc6e00bf33da88fc2,0xd5a79147930aa725,0x06ca6351e003826f,0x142929670a0e6e70,
- 0x27b70a8546d22ffc,0x2e1b21385c26c926,0x4d2c6dfc5ac42aed,0x53380d139d95b3df,
- 0x650a73548baf63de,0x766a0abb3c77b2a8,0x81c2c92e47edaee6,0x92722c851482353b,
- 0xa2bfe8a14cf10364,0xa81a664bbc423001,0xc24b8b70d0f89791,0xc76c51a30654be30,
- 0xd192e819d6ef5218,0xd69906245565a910,0xf40e35855771202a,0x106aa07032bbd1b8,
- 0x19a4c116b8d2d0c8,0x1e376c085141ab53,0x2748774cdf8eeb99,0x34b0bcb5e19b48a8,
- 0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb,0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3,
- 0x748f82ee5defb2fc,0x78a5636f43172f60,0x84c87814a1f0ab72,0x8cc702081a6439ec,
- 0x90befffa23631e28,0xa4506cebde82bde9,0xbef9a3f7b2c67915,0xc67178f2e372532b,
- 0xca273eceea26619c,0xd186b8c721c0c207,0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178,
- 0x06f067aa72176fba,0x0a637dc5a2c898a6,0x113f9804bef90dae,0x1b710b35131c471b,
- 0x28db77f523047d84,0x32caab7b40c72493,0x3c9ebe0a15c9bebc,0x431d67c49c100d4c,
- 0x4cc5d4becb3e42b6,0x597f299cfc657e2a,0x5fcb6fab3ad6faec,0x6c44198c4a475817];
-
-
-pub struct HASH512 {
- length: [u64;2],
- h: [u64;8],
- w: [u64;80]
-}
-
-impl HASH512 {
- fn s(n: u64,x: u64) -> u64 {
- return ((x)>>n) | ((x)<<(64-n));
- }
- fn r(n: u64,x: u64) -> u64 {
- return (x)>>n;
- }
-
- fn ch(x: u64,y: u64,z: u64) -> u64 {
- return (x&y)^(!(x)&z);
- }
-
- fn maj(x: u64,y: u64,z: u64) -> u64 {
- return (x&y)^(x&z)^(y&z);
- }
-
- fn sig0(x: u64) -> u64 {
- return HASH512::s(28,x)^HASH512::s(34,x)^HASH512::s(39,x);
- }
-
- fn sig1(x: u64) -> u64 {
- return HASH512::s(14,x)^HASH512::s(18,x)^HASH512::s(41,x);
- }
-
- fn theta0(x: u64) -> u64 {
- return HASH512::s(1,x)^HASH512::s(8,x)^HASH512::r(7,x);
- }
-
- fn theta1(x: u64) -> u64 {
- return HASH512::s(19,x)^HASH512::s(61,x)^HASH512::r(6,x);
- }
-
- fn transform(&mut self) { /* basic transformation step */
- for j in 16..80 {
- self.w[j]=HASH512::theta1(self.w[j-2])+self.w[j-7]+HASH512::theta0(self.w[j-15])+self.w[j-16];
- }
- let mut a=self.h[0]; let mut b=self.h[1]; let mut c=self.h[2]; let mut d=self.h[3];
- let mut e=self.h[4]; let mut f=self.h[5]; let mut g=self.h[6]; let mut hh=self.h[7];
- for j in 0..80 { /* 64 times - mush it up */
- let t1=hh+HASH512::sig1(e)+HASH512::ch(e,f,g)+HASH512_K[j]+self.w[j];
- let t2=HASH512::sig0(a)+HASH512::maj(a,b,c);
- hh=g; g=f; f=e;
- e=d+t1;
- d=c;
- c=b;
- b=a;
- a=t1+t2 ;
- }
- self.h[0]+=a; self.h[1]+=b; self.h[2]+=c; self.h[3]+=d;
- self.h[4]+=e; self.h[5]+=f; self.h[6]+=g; self.h[7]+=hh;
- }
-
-/* Initialise Hash function */
- pub fn init(&mut self) { /* initialise */
- for i in 0..64 {self.w[i]=0}
- self.length[0]=0; self.length[1]=0;
- self.h[0]=HASH512_H0;
- self.h[1]=HASH512_H1;
- self.h[2]=HASH512_H2;
- self.h[3]=HASH512_H3;
- self.h[4]=HASH512_H4;
- self.h[5]=HASH512_H5;
- self.h[6]=HASH512_H6;
- self.h[7]=HASH512_H7;
- }
-
- pub fn new() -> HASH512 {
- let mut nh=HASH512 {
- length: [0;2],
- h: [0;8],
- w: [0;80]
- };
- nh.init();
- return nh;
- }
-
-/* process a single byte */
- pub fn process(&mut self,byt: u8) { /* process the next message byte */
- let cnt=((self.length[0]/64)%16) as usize;
- self.w[cnt]<<=8;
- self.w[cnt]|=(byt&0xFF) as u64;
- self.length[0]+=8;
- if self.length[0]==0 {self.length[1]+=1; self.length[0]=0}
- if (self.length[0]%1024)==0 {self.transform()}
- }
-
-/* process an array of bytes */
- pub fn process_array(&mut self,b: &[u8]) {
- for i in 0..b.len() {self.process((b[i]))}
- }
-
-/* process a 32-bit integer */
- pub fn process_num(&mut self,n: i32) {
- self.process(((n>>24)&0xff) as u8);
- self.process(((n>>16)&0xff) as u8);
- self.process(((n>>8)&0xff) as u8);
- self.process((n&0xff) as u8);
- }
-
-/* Generate 32-byte Hash */
- pub fn hash(&mut self) -> [u8;64] { /* pad message and finish - supply digest */
- let mut digest:[u8;64]=[0;64];
- let len0=self.length[0];
- let len1=self.length[1];
- self.process(0x80);
- while (self.length[0]%1024)!=896 {self.process(0)}
- self.w[14]=len1;
- self.w[15]=len0;
- self.transform();
- for i in 0..64 { /* convert to bytes */
- digest[i]=((self.h[i/8]>>(8*(7-i%8))) & 0xff) as u8;
- }
- self.init();
- return digest;
- }
-}
-
-//8e959b75dae313da 8cf4f72814fc143f 8f7779c6eb9f7fa1 7299aeadb6889018 501d289e4900f7e4 331b99dec4b5433a c7d329eeb6dd2654 5e96e55b874be909
-/*
-fn main() {
- let s = String::from("abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu");
- let test = s.into_bytes();
- let mut sh=HASH512::new();
-
- for i in 0..test.len(){
- sh.process(test[i]);
- }
-
- let digest=sh.hash();
- for i in 0..64 {print!("{:02x}",digest[i])}
-} */
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/src/lib.rs
----------------------------------------------------------------------
diff --git a/version22/rust/src/lib.rs b/version22/rust/src/lib.rs
deleted file mode 100644
index db9c412..0000000
--- a/version22/rust/src/lib.rs
+++ /dev/null
@@ -1,36 +0,0 @@
-#![allow(dead_code)]
-#![allow(unused_variables)]
-
-pub mod aes;
-pub mod big;
-pub mod dbig;
-pub mod ecdh;
-pub mod ecp;
-pub mod ecp2;
-pub mod ff;
-pub mod fp;
-pub mod fp2;
-pub mod fp4;
-pub mod fp12;
-pub mod pair;
-pub mod mpin;
-pub mod rand;
-pub mod hash256;
-pub mod hash384;
-pub mod hash512;
-pub mod rsa;
-
-#[cfg(target_pointer_width = "32")]
-#[path = "rom32.rs"]
-pub mod rom;
-
-#[cfg(target_pointer_width = "64")]
-#[path = "rom64.rs"]
-pub mod rom;
-
-#[cfg(test)]
-mod tests {
- #[test]
- fn it_works() {
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/src/mpin.rs
----------------------------------------------------------------------
diff --git a/version22/rust/src/mpin.rs b/version22/rust/src/mpin.rs
deleted file mode 100644
index 8644d1a..0000000
--- a/version22/rust/src/mpin.rs
+++ /dev/null
@@ -1,768 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-use std::time::{SystemTime};
-use std::time::UNIX_EPOCH;
-
-use ecp::ECP;
-use fp2::FP2;
-use ecp2::ECP2;
-use fp4::FP4;
-use fp12::FP12;
-use big::BIG;
-use rand::RAND;
-use hash256::HASH256;
-use hash384::HASH384;
-use hash512::HASH512;
-use pair;
-use rom;
-
-/* MPIN API Functions */
-
-/* Configure mode of operation */
-
-pub const PERMITS:bool=true;
-pub const PINERROR:bool=true;
-pub const FULL: bool=true;
-pub const SINGLE_PASS:bool=false;
-
-pub const EFS: usize=rom::MODBYTES as usize;
-pub const EGS: usize=rom::MODBYTES as usize;
-pub const PAS: usize=16;
-pub const BAD_PARAMS: isize=-11;
-pub const INVALID_POINT: isize=-14;
-pub const WRONG_ORDER: isize=-18;
-pub const BAD_PIN: isize=-19;
-pub const SHA256: usize=32;
-pub const SHA384: usize=48;
-pub const SHA512: usize=64;
-
-/* Configure your PIN here */
-
-pub const MAXPIN: i32=10000; /* PIN less than this */
-pub const PBLEN: i32=14; /* Number of bits in PIN */
-pub const TS: usize=10; /* 10 for 4 digit PIN, 14 for 6-digit PIN - 2^TS/TS approx = sqrt(MAXPIN) */
-pub const TRAP:usize=200; /* 200 for 4 digit PIN, 2000 for 6-digit PIN - approx 2*sqrt(MAXPIN) */
-
-pub const HASH_TYPE: usize=SHA256;
-
-#[allow(non_snake_case)]
-fn hash(sha: usize,c: &mut FP4,U: &mut ECP,r: &mut [u8]) -> bool {
- let mut w:[u8;EFS]=[0;EFS];
- let mut t:[u8;6*EFS]=[0;6*EFS];
-
- c.geta().geta().tobytes(&mut w); for i in 0..EFS {t[i]=w[i]}
- c.geta().getb().tobytes(&mut w); for i in EFS..2*EFS {t[i]=w[i-EFS]}
- c.getb().geta().tobytes(&mut w); for i in 2*EFS..3*EFS {t[i]=w[i-2*EFS]}
- c.getb().getb().tobytes(&mut w); for i in 3*EFS..4*EFS {t[i]=w[i-3*EFS]}
-
- U.getx().tobytes(&mut w); for i in 4*EFS..5*EFS {t[i]=w[i-4*EFS]}
- U.gety().tobytes(&mut w); for i in 5*EFS..6*EFS {t[i]=w[i-5*EFS]}
-
- if sha==SHA256 {
- let mut h=HASH256::new();
- h.process_array(&t);
- let sh=h.hash();
- for i in 0..PAS {r[i]=sh[i]}
- return true;
- }
- if sha==SHA384 {
- let mut h=HASH384::new();
- h.process_array(&t);
- let sh=h.hash();
- for i in 0..PAS {r[i]=sh[i]}
- return true;
- }
- if sha==SHA512 {
- let mut h=HASH512::new();
- h.process_array(&t);
- let sh=h.hash();
- for i in 0..PAS {r[i]=sh[i]}
- return true;
- }
- return false;
-
-}
-
-/* Hash number (optional) and string to point on curve */
-
-fn hashit(sha: usize,n: usize,id: &[u8],w: &mut [u8]) -> bool {
- let mut r:[u8;64]=[0;64];
- let mut didit=false;
- if sha==SHA256 {
- let mut h=HASH256::new();
- if n>0 {h.process_num(n as i32)}
- h.process_array(id);
- let hs=h.hash();
- for i in 0..sha {r[i]=hs[i];}
- didit=true;
- }
- if sha==SHA384 {
- let mut h=HASH384::new();
- if n>0 {h.process_num(n as i32)}
- h.process_array(id);
- let hs=h.hash();
- for i in 0..sha {r[i]=hs[i];}
- didit=true;
- }
- if sha==SHA512 {
- let mut h=HASH512::new();
- if n>0 {h.process_num(n as i32)}
- h.process_array(id);
- let hs=h.hash();
- for i in 0..sha {r[i]=hs[i];}
- didit=true;
- }
- if !didit {return false}
-
- let rm=rom::MODBYTES as usize;
-
- if sha>rm {
- for i in 0..rm {w[i]=r[i]}
- } else {
- for i in 0..sha {w[i]=r[i]}
- for i in sha..rm {w[i]=0}
- }
-
- return true;
-}
-
-#[allow(non_snake_case)]
-fn mapit(h: &[u8]) -> ECP {
- let mut q=BIG::new_ints(&rom::MODULUS);
- let mut x=BIG::frombytes(h);
- x.rmod(&mut q);
- let mut P:ECP;
-
- loop {
- P=ECP::new_bigint(&x,0);
- if !P.is_infinity() {break}
- x.inc(1); x.norm();
- }
- if rom::CURVE_PAIRING_TYPE!=rom::BN_CURVE {
- let mut c=BIG::new_ints(&rom::CURVE_COF);
- P=P.mul(&mut c);
- }
- return P;
-}
-
-/* return time in slots since epoch */
-pub fn today() -> usize {
- return (SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs()/(60*1440)) as usize;
-}
-
-/* these next two functions help to implement elligator squared - http://eprint.iacr.org/2014/043 */
-/* maps a random u to a point on the curve */
-#[allow(non_snake_case)]
-fn emap(u: &BIG,cb: isize) -> ECP {
- let mut P:ECP;
- let mut x=BIG::new_copy(u);
- let mut p=BIG::new_ints(&rom::MODULUS);
- x.rmod(&mut p);
- loop {
- P=ECP::new_bigint(&x,cb);
- if !P.is_infinity() {break}
- x.inc(1); x.norm();
- }
- return P;
-}
-
-/* returns u derived from P. Random value in range 1 to return value should then be added to u */
-#[allow(non_snake_case)]
-fn unmap(u: &mut BIG,P: &mut ECP) -> isize {
- let s=P.gets();
- let mut R:ECP;
- let mut r=0;
- let x=P.getx();
- u.copy(&x);
- loop {
- u.dec(1); u.norm();
- r+=1;
- R=ECP::new_bigint(u,s);
- if !R.is_infinity() {break}
- }
- return r as isize;
-}
-
-pub fn hash_id(sha: usize,id: &[u8],w: &mut [u8]) -> bool {
- return hashit(sha,0,id,w);
-}
-
-/* these next two functions implement elligator squared - http://eprint.iacr.org/2014/043 */
-/* Elliptic curve point E in format (0x04,x,y} is converted to form {0x0-,u,v} */
-/* Note that u and v are indistinguisible from random strings */
-#[allow(non_snake_case)]
-pub fn encoding(rng: &mut RAND,e: &mut [u8]) ->isize {
- let mut t:[u8;EFS]=[0;EFS];
-
- for i in 0..EFS {t[i]=e[i+1]}
- let mut u=BIG::frombytes(&t);
- for i in 0..EFS {t[i]=e[i+EFS+1]}
- let mut v=BIG::frombytes(&t);
-
- let mut P=ECP::new_bigs(&u,&v);
- if P.is_infinity() {return INVALID_POINT}
-
- let p=BIG::new_ints(&rom::MODULUS);
- u=BIG::randomnum(&p,rng);
-
- let mut su=rng.getbyte() as isize; /*if (su<0) su=-su;*/ su%=2;
-
- let mut W=emap(&mut u,su);
- P.sub(&mut W);
- let sv=P.gets();
- let rn=unmap(&mut v,&mut P);
- let mut m=rng.getbyte() as isize; /*if (m<0) m=-m;*/ m%=rn;
- v.inc(m+1);
- e[0]=(su+2*sv) as u8;
- u.tobytes(&mut t);
- for i in 0..EFS {e[i+1]=t[i]}
- v.tobytes(&mut t);
- for i in 0..EFS {e[i+EFS+1]=t[i]}
-
- return 0;
-}
-
-#[allow(non_snake_case)]
-pub fn decoding(d: &mut [u8]) -> isize {
- let mut t:[u8;EFS]=[0;EFS];
-
- if (d[0]&0x04)!=0 {return INVALID_POINT}
-
- for i in 0..EFS {t[i]=d[i+1]}
- let mut u=BIG::frombytes(&t);
- for i in 0..EFS {t[i]=d[i+EFS+1]}
- let mut v=BIG::frombytes(&t);
-
- let su=(d[0]&1) as isize;
- let sv=((d[0]>>1)&1) as isize;
- let mut W=emap(&mut u,su);
- let mut P=emap(&mut v,sv);
- P.add(&mut W);
- u=P.getx();
- v=P.gety();
- d[0]=0x04;
- u.tobytes(&mut t);
- for i in 0..EFS {d[i+1]=t[i]}
- v.tobytes(&mut t);
- for i in 0..EFS {d[i+EFS+1]=t[i]}
-
- return 0;
-}
-
-/* R=R1+R2 in group G1 */
-#[allow(non_snake_case)]
-pub fn recombine_g1(r1: &[u8],r2: &[u8],r: &mut [u8]) -> isize {
- let mut P=ECP::frombytes(&r1);
- let mut Q=ECP::frombytes(&r2);
-
- if P.is_infinity() || Q.is_infinity() {return INVALID_POINT}
-
- P.add(&mut Q);
-
- P.tobytes(r);
- return 0;
-}
-
-/* W=W1+W2 in group G2 */
-#[allow(non_snake_case)]
-pub fn recombine_g2(w1: &[u8],w2: &[u8],w: &mut [u8]) -> isize {
- let mut P=ECP2::frombytes(&w1);
- let mut Q=ECP2::frombytes(&w2);
-
- if P.is_infinity() || Q.is_infinity() {return INVALID_POINT}
-
- P.add(&mut Q);
-
- P.tobytes(w);
- return 0;
-}
-
-/* create random secret S */
-pub fn random_generate(rng: &mut RAND,s: &mut [u8]) -> isize {
- let r=BIG::new_ints(&rom::CURVE_ORDER);
- let mut sc=BIG::randomnum(&r,rng);
- if rom::AES_S>0 {
- sc.mod2m(2*rom::AES_S);
- }
- sc.tobytes(s);
- return 0;
-}
-
-/* Extract Server Secret SST=S*Q where Q is fixed generator in G2 and S is master secret */
-#[allow(non_snake_case)]
-pub fn get_server_secret(s: &[u8],sst: &mut [u8]) -> isize {
-
- let mut Q=ECP2::new_fp2s(&FP2::new_bigs(&BIG::new_ints(&rom::CURVE_PXA),&BIG::new_ints(&rom::CURVE_PXB)),&FP2::new_bigs(&BIG::new_ints(&rom::CURVE_PYA),&BIG::new_ints(&rom::CURVE_PYB)));
-
- let mut sc=BIG::frombytes(s);
- Q=pair::g2mul(&mut Q,&mut sc);
- Q.tobytes(sst);
- return 0;
-}
-
-/*
- W=x*H(G);
- if RNG == NULL then X is passed in
- if RNG != NULL the X is passed out
- if type=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve
-*/
-#[allow(non_snake_case)]
-pub fn get_g1_multiple(rng: Option<&mut RAND>,typ: usize,x: &mut [u8],g: &[u8],w: &mut [u8]) -> isize {
- let mut sx:BIG;
- let r=BIG::new_ints(&rom::CURVE_ORDER);
-
- if let Some(mut rd)=rng
- {
- sx=BIG::randomnum(&r,rd);
- if rom::AES_S>0 {
- sx.mod2m(2*rom::AES_S);
- }
- sx.tobytes(x);
- } else {
- sx=BIG::frombytes(x);
- }
- let mut P:ECP;
-
- if typ==0 {
- P=ECP::frombytes(g);
- if P.is_infinity() {return INVALID_POINT}
- } else {
- P=mapit(g)
- }
-
-
-
- pair::g1mul(&mut P,&mut sx).tobytes(w);
- return 0;
-}
-
-
-/* Client secret CST=S*H(CID) where CID is client ID and S is master secret */
-/* CID is hashed externally */
-pub fn get_client_secret(s: &mut [u8],cid: &[u8],cst: &mut [u8]) -> isize {
- return get_g1_multiple(None,1,s,cid,cst);
-}
-
-/* Extract PIN from TOKEN for identity CID */
-#[allow(non_snake_case)]
-pub fn extract_pin(sha: usize,cid: &[u8],pin: i32,token: &mut [u8]) -> isize {
- let mut P=ECP::frombytes(&token);
- const RM:usize=rom::MODBYTES as usize;
- let mut h:[u8;RM]=[0;RM];
- if P.is_infinity() {return INVALID_POINT}
- hashit(sha,0,cid,&mut h);
- let mut R=mapit(&h);
-
- R=R.pinmul(pin%MAXPIN,PBLEN);
- P.sub(&mut R);
-
- P.tobytes(token);
-
- return 0;
-}
-
-/* Functions to support M-Pin Full */
-#[allow(non_snake_case)]
-pub fn precompute(token: &[u8],cid: &[u8],g1: &mut [u8],g2: &mut [u8]) -> isize {
- let mut T=ECP::frombytes(&token);
- if T.is_infinity() {return INVALID_POINT}
-
- let mut P=mapit(&cid);
-
- let mut Q=ECP2::new_fp2s(&FP2::new_bigs(&BIG::new_ints(&rom::CURVE_PXA),&BIG::new_ints(&rom::CURVE_PXB)),&FP2::new_bigs(&BIG::new_ints(&rom::CURVE_PYA),&BIG::new_ints(&rom::CURVE_PYB)));
-
- let mut g=pair::ate(&mut Q,&mut T);
- g=pair::fexp(&g);
- g.tobytes(g1);
-
- g=pair::ate(&mut Q,&mut P);
- g=pair::fexp(&g);
- g.tobytes(g2);
-
- return 0;
-}
-
-/* Time Permit CTT=S*(date|H(CID)) where S is master secret */
-#[allow(non_snake_case)]
-pub fn get_client_permit(sha: usize,date: usize,s: &[u8],cid: &[u8],ctt: &mut [u8]) ->isize {
- const RM:usize=rom::MODBYTES as usize;
- let mut h:[u8;RM]=[0;RM];
- hashit(sha,date,cid,&mut h);
- let mut P=mapit(&h);
-
- let mut sc=BIG::frombytes(s);
- pair::g1mul(&mut P,&mut sc).tobytes(ctt);
- return 0;
-}
-
-/* Implement step 1 on client side of MPin protocol */
-#[allow(non_snake_case)]
-pub fn client_1(sha: usize,date: usize,client_id: &[u8],rng: Option<&mut RAND>,x: &mut [u8],pin: usize,token: &[u8],sec: &mut [u8],xid: Option<&mut [u8]>,xcid: Option<&mut [u8]>,permit: Option<&[u8]>) ->isize {
- let r=BIG::new_ints(&rom::CURVE_ORDER);
-
- let mut sx:BIG;
-
- if let Some(mut rd)=rng
- {
- sx=BIG::randomnum(&r,rd);
- if rom::AES_S>0 {
- sx.mod2m(2*rom::AES_S);
- }
- sx.tobytes(x);
- } else {
- sx=BIG::frombytes(x);
- }
-
- const RM:usize=rom::MODBYTES as usize;
- let mut h:[u8;RM]=[0;RM];
-
- hashit(sha,0,&client_id,&mut h);
- let mut P=mapit(&h);
-
- let mut T=ECP::frombytes(&token);
- if T.is_infinity() {return INVALID_POINT}
-
- let mut W=P.pinmul((pin as i32)%MAXPIN,PBLEN);
- T.add(&mut W);
- if date!=0 {
- if let Some(rpermit)=permit {W=ECP::frombytes(&rpermit);}
- if W.is_infinity() {return INVALID_POINT}
- T.add(&mut W);
- let mut h2:[u8;RM]=[0;RM];
- hashit(sha,date,&h,&mut h2);
- W=mapit(&h2);
- if let Some(mut rxid)=xid {
- P=pair::g1mul(&mut P,&mut sx);
- P.tobytes(&mut rxid);
- W=pair::g1mul(&mut W,&mut sx);
- P.add(&mut W);
- } else {
- P.add(&mut W);
- P=pair::g1mul(&mut P,&mut sx);
- }
- if let Some(mut rxcid)=xcid {P.tobytes(&mut rxcid)}
- } else {
- if let Some(mut rxid)=xid {
- P=pair::g1mul(&mut P,&mut sx);
- P.tobytes(&mut rxid);
- }
- }
-
- T.tobytes(sec);
- return 0;
-}
-
-/* Outputs H(CID) and H(T|H(CID)) for time permits. If no time permits set HID=HTID */
-#[allow(non_snake_case)]
-pub fn server_1(sha: usize,date: usize,cid: &[u8],hid: &mut [u8],htid: Option<&mut [u8]>) {
- const RM:usize=rom::MODBYTES as usize;
- let mut h:[u8;RM]=[0;RM];
-
- hashit(sha,0,cid,&mut h);
-
- let mut P=mapit(&h);
-
- P.tobytes(hid);
- if date!=0 {
- let mut h2:[u8;RM]=[0;RM];
- hashit(sha,date,&h,&mut h2);
- let mut R=mapit(&h2);
- P.add(&mut R);
- if let Some(rhtid)=htid {P.tobytes(rhtid);}
- }
-}
-
-/* Implement step 2 on client side of MPin protocol */
-#[allow(non_snake_case)]
-pub fn client_2(x: &[u8],y: &[u8],sec: &mut [u8]) -> isize {
- let mut r=BIG::new_ints(&rom::CURVE_ORDER);
- let mut P=ECP::frombytes(sec);
- if P.is_infinity() {return INVALID_POINT}
-
- let mut px=BIG::frombytes(x);
- let py=BIG::frombytes(y);
- px.add(&py);
- px.rmod(&mut r);
- //px.rsub(r)
-
- P=pair::g1mul(&mut P,&mut px);
- P.neg();
- P.tobytes(sec);
-
- return 0;
-}
-
-/* return time since epoch */
-pub fn get_time() -> usize {
- return (SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs()) as usize;
-}
-
-/* Generate Y = H(epoch, xCID/xID) */
-pub fn get_y(sha: usize,timevalue: usize,xcid: &[u8],y: &mut [u8]) {
- const RM:usize=rom::MODBYTES as usize;
- let mut h:[u8;RM]=[0;RM];
-
- hashit(sha,timevalue,xcid,&mut h);
-
- let mut sy= BIG::frombytes(&h);
- let mut q=BIG::new_ints(&rom::CURVE_ORDER);
- sy.rmod(&mut q);
- if rom::AES_S>0 {
- sy.mod2m(2*rom::AES_S);
- }
- sy.tobytes(y);
-}
-
-/* Implement step 2 of MPin protocol on server side */
-#[allow(non_snake_case)]
-pub fn server_2(date: usize,hid: &[u8],htid: Option<&[u8]>,y: &[u8],sst: &[u8],xid: Option<&[u8]>,xcid: Option<&[u8]>,msec: &[u8],e: Option<&mut [u8]>,f: Option<&mut [u8]>) -> isize {
-// q:=NewBIGints(Modulus)
- let mut Q=ECP2::new_fp2s(&FP2::new_bigs(&BIG::new_ints(&rom::CURVE_PXA),&BIG::new_ints(&rom::CURVE_PXB)),&FP2::new_bigs(&BIG::new_ints(&rom::CURVE_PYA),&BIG::new_ints(&rom::CURVE_PYB)));
-
- let mut sQ=ECP2::frombytes(&sst);
- if sQ.is_infinity() {return INVALID_POINT}
-
- let mut R:ECP;
- if date!=0 {
- if let Some(rxcid)=xcid {R=ECP::frombytes(&rxcid);}
- else {return BAD_PARAMS}
- } else {
- if let Some(rxid)=xid {R=ECP::frombytes(&rxid)}
- else {return BAD_PARAMS}
- }
- if R.is_infinity() {return INVALID_POINT}
-
- let mut sy=BIG::frombytes(&y);
- let mut P:ECP;
- if date!=0 {
- if let Some(rhtid)=htid {P=ECP::frombytes(&rhtid)}
- else {return BAD_PARAMS}
- } else {
- P=ECP::frombytes(&hid);
- }
-
- if P.is_infinity() {return INVALID_POINT}
-
- P=pair::g1mul(&mut P,&mut sy);
- P.add(&mut R);
- R=ECP::frombytes(&msec);
- if R.is_infinity() {return INVALID_POINT}
-
- let mut g:FP12;
-// FP12 g1=new FP12(0);
-
- g=pair::ate2(&mut Q,&mut R,&mut sQ,&mut P);
- g=pair::fexp(&g);
-
- if !g.isunity() {
-
- if let Some(rxid)=xid {
- if let Some(re)=e {
- if let Some(rf)=f {
-
- g.tobytes(re);
- if date!=0 {
- P=ECP::frombytes(&hid);
- if P.is_infinity() {return INVALID_POINT}
- R=ECP::frombytes(&rxid);
- if R.is_infinity() {return INVALID_POINT}
- P=pair::g1mul(&mut P,&mut sy);
- P.add(&mut R);
- }
- g=pair::ate(&mut Q,&mut P);
- g=pair::fexp(&g);
- g.tobytes(rf);
-
- }
- }
- }
-
- return BAD_PIN;
- }
-
- return 0;
-}
-
-/* Pollards kangaroos used to return PIN error */
-pub fn kangaroo(e: &[u8],f: &[u8]) -> isize {
- let mut ge=FP12::frombytes(e);
- let mut gf=FP12::frombytes(f);
- let mut distance: [isize;TS]=[0;TS];
- let mut t=FP12::new_copy(&gf);
-
- let mut table: [FP12;TS]=[FP12::new();TS];
- let mut s:isize=1;
- for m in 0..TS {
- distance[m]=s;
- table[m]=FP12::new_copy(&t);
- s*=2;
- t.usqr();
- }
- t.one();
- let mut dn:isize=0;
- let mut i:usize;
- for _ in 0..TRAP {
- i=(t.geta().geta().geta().lastbits(20)%(TS as isize)) as usize;
- t.mul(&mut table[i]);
- dn+=distance[i];
- }
- gf.copy(&t); gf.conj();
- let mut steps:usize=0; let mut dm:isize=0;
- let mut res:isize=0;
- while dm-dn<MAXPIN as isize {
- steps+=1;
- if steps>4*TRAP {break}
- i=(ge.geta().geta().geta().lastbits(20)%(TS as isize)) as usize;
- ge.mul(&mut table[i]);
- dm+=distance[i];
- if ge.equals(&mut t) {
- res=dm-dn;
- break;
- }
- if ge.equals(&mut gf) {
- res=dn-dm;
- break;
- }
-
- }
- if steps>4*TRAP || dm-dn>=MAXPIN as isize {res=0 } // Trap Failed - probable invalid token
- return res;
-}
-
-/* Hash the M-Pin transcript - new */
-
-pub fn hash_all(sha: usize,hid: &[u8],xid: &[u8],xcid: Option<&[u8]>,sec: &[u8],y: &[u8],r: &[u8],w: &[u8],h: &mut[u8]) -> bool {
- let mut tlen:usize=0;
- const RM:usize=rom::MODBYTES as usize;
- let mut t: [u8;10*RM+4]=[0;10*RM+4];
-
- for i in 0 .. hid.len() {t[i]=hid[i]}
- tlen+=hid.len();
-
- if let Some(rxcid)=xcid {
- for i in 0..rxcid.len() {t[i+tlen]=rxcid[i]}
- tlen+=rxcid.len();
- } else {
- for i in 0..xid.len() {t[i+tlen]=xid[i]}
- tlen+=xid.len();
- }
-
- for i in 0..sec.len() {t[i+tlen]=sec[i]}
- tlen+=sec.len();
- for i in 0..y.len() {t[i+tlen]=y[i]}
- tlen+=y.len();
- for i in 0..r.len() {t[i+tlen]=r[i]}
- tlen+=r.len();
- for i in 0..w.len() {t[i+tlen]=w[i]}
- tlen+=w.len();
- if tlen!=10*RM+4 {return false}
-
- return hashit(sha,0,&t,h);
-}
-
-/* calculate common key on client side */
-/* wCID = w.(A+AT) */
-#[allow(non_snake_case)]
-pub fn client_key(sha: usize,g1: &[u8],g2: &[u8],pin: usize,r: &[u8],x: &[u8],h: &[u8],wcid: &[u8],ck: &mut [u8]) -> isize {
-
- let mut g1=FP12::frombytes(&g1);
- let mut g2=FP12::frombytes(&g2);
- let mut z=BIG::frombytes(&r);
- let mut x=BIG::frombytes(&x);
- let h=BIG::frombytes(&h);
-
- let mut W=ECP::frombytes(&wcid);
- if W.is_infinity() {return INVALID_POINT}
-
- W=pair::g1mul(&mut W,&mut x);
-
- let mut f=FP2::new_bigs(&BIG::new_ints(&rom::CURVE_FRA),&BIG::new_ints(&rom::CURVE_FRB));
- let mut r=BIG::new_ints(&rom::CURVE_ORDER);
- let q=BIG::new_ints(&rom::MODULUS);
-
- z.add(&h); //new
- z.rmod(&mut r);
-
- let mut m=BIG::new_copy(&q);
- m.rmod(&mut r);
-
- let mut a=BIG::new_copy(&z);
- a.rmod(&mut m);
-
- let mut b=BIG::new_copy(&z);
- b.div(&mut m);
-
- g2.pinpow(pin as i32,PBLEN);
- g1.mul(&mut g2);
-
- let mut c=g1.trace();
- g2.copy(&g1);
- g2.frob(&mut f);
- let cp=g2.trace();
- g1.conj();
- g2.mul(&mut g1);
- let cpm1=g2.trace();
- g2.mul(&mut g1);
- let cpm2=g2.trace();
-
- c=c.xtr_pow2(&cp,&cpm1,&cpm2,&mut a,&mut b);
-
- hash(sha,&mut c,&mut W,ck);
-
- return 0
-}
-
-/* calculate common key on server side */
-/* Z=r.A - no time permits involved */
-#[allow(non_snake_case)]
-pub fn server_key(sha: usize,z: &[u8],sst: &[u8],w: &[u8],h: &[u8],hid: &[u8],xid: &[u8],xcid: Option<&[u8]>,sk: &mut [u8]) -> isize {
- let mut sQ=ECP2::frombytes(&sst);
- if sQ.is_infinity() {return INVALID_POINT}
- let mut R=ECP::frombytes(&z);
- if R.is_infinity() {return INVALID_POINT}
- let mut A=ECP::frombytes(&hid);
- if A.is_infinity() {return INVALID_POINT}
-
- let mut U=ECP::new();
- if let Some(rxcid)=xcid {
- U.copy(&ECP::frombytes(&rxcid));
- } else {
- U.copy(&ECP::frombytes(&xid));
- }
-
- if U.is_infinity() {return INVALID_POINT}
-
- let mut w=BIG::frombytes(&w);
- let mut h=BIG::frombytes(&h);
- A=pair::g1mul(&mut A,&mut h); // new
- R.add(&mut A);
-
- U=pair::g1mul(&mut U,&mut w);
- let mut g=pair::ate(&mut sQ,&mut R);
- g=pair::fexp(&g);
-
- let mut c=g.trace();
-
- hash(sha,&mut c,&mut U,sk);
-
- return 0
-}
-
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/src/pair.rs
----------------------------------------------------------------------
diff --git a/version22/rust/src/pair.rs b/version22/rust/src/pair.rs
deleted file mode 100644
index 9e162db..0000000
--- a/version22/rust/src/pair.rs
+++ /dev/null
@@ -1,674 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-//mod fp;
-use fp::FP;
-//mod ecp;
-use ecp::ECP;
-//mod fp2;
-use fp2::FP2;
-//mod ecp2;
-use ecp2::ECP2;
-//mod fp4;
-use fp4::FP4;
-//mod fp12;
-use fp12::FP12;
-//mod big;
-use big::BIG;
-//mod dbig;
-use dbig::DBIG;
-//mod rand;
-//mod hash256;
-//mod rom;
-use rom;
-
-#[allow(non_snake_case)]
-
-fn linedbl(A: &mut ECP2,qx: &mut FP,qy: &mut FP) -> FP12 {
- let mut P=ECP2::new();
-
- P.copy(A);
- let mut zz=FP2::new_copy(&P.getpz());
- zz.sqr();
- let d=A.dbl();
-
- if d<0 {return FP12::new_int(1)}
-
- let mut z3=FP2::new_copy(&A.getpz());
- let mut a=FP4::new();
- let mut b=FP4::new();
- let c=FP4::new();
-
- let mut x=FP2::new_copy(&P.getpx());
- let mut y=FP2::new_copy(&P.getpy());
- let mut t=FP2::new_copy(&P.getpx());
- t.sqr();
- t.imul(3);
-
- y.sqr();
- y.dbl();
- z3.mul(&mut zz);
- z3.pmul(qy);
-
- x.mul(&mut t);
- x.sub(&y);
- a.copy(&FP4::new_fp2s(&z3,&x));
- t.neg();
- zz.mul(&mut t);
- zz.pmul(qx);
- b.copy(&FP4::new_fp2(&zz));
-
- return FP12::new_fp4s(&a,&b,&c);
-}
-
-#[allow(non_snake_case)]
-fn lineadd(A: &mut ECP2,B: &mut ECP2,qx: &mut FP,qy: &mut FP) -> FP12 {
-
- let mut P=ECP2::new();
-
- P.copy(A);
- let mut zz=FP2::new_copy(&P.getpz());
- zz.sqr();
-
- let d=A.add(B);
- if d<0 {return FP12::new_int(1)}
-
- let mut z3=FP2::new_copy(&A.getpz());
- let mut a=FP4::new();
- let mut b=FP4::new();
- let c=FP4::new();
-
- if d==0 { /* Addition */
- let mut x=FP2::new_copy(&B.getpx());
- let mut y=FP2::new_copy(&B.getpy());
- let mut t=FP2::new_copy(&P.getpz());
- t.mul(&mut y);
- zz.mul(&mut t);
-
- let mut ny=FP2::new_copy(&P.getpy()); ny.neg();
- zz.add(&ny);
- z3.pmul(qy);
- t.mul(&mut P.getpx());
- x.mul(&mut ny);
- t.add(&x);
- a.copy(&FP4::new_fp2s(&z3,&t));
- zz.neg();
- zz.pmul(qx);
- b.copy(&FP4::new_fp2(&zz));
- } else { /* Doubling */
- let mut x=FP2::new_copy(&P.getpx());
- let mut y=FP2::new_copy(&P.getpy());
- let mut t=FP2::new_copy(&P.getpx());
- t.sqr();
- t.imul(3);
-
- y.sqr();
- y.dbl();
- z3.mul(&mut zz);
- z3.pmul(qy);
-
- x.mul(&mut t);
- x.sub(&y);
- a.copy(&FP4::new_fp2s(&z3,&x));
- t.neg();
- zz.mul(&mut t);
- zz.pmul(qx);
- b.copy(&FP4::new_fp2(&zz));
- }
- return FP12::new_fp4s(&a,&b,&c);
-}
-
-#[allow(non_snake_case)]
-/* Optimal R-ate pairing */
-pub fn ate(P: & mut ECP2,Q: &mut ECP) -> FP12 {
- let mut f = FP2::new_bigs(&BIG::new_ints(&rom::CURVE_FRA),&BIG::new_ints(&rom::CURVE_FRB));
- let x = BIG::new_ints(&rom::CURVE_BNX);
- let mut n = BIG::new_copy(&x);
- let mut K = ECP2::new();
-
-
- if rom::CURVE_PAIRING_TYPE == rom::BN_CURVE {
- n.pmul(6); n.dec(2);
- } else {n.copy(&x)}
-
- n.norm();
- P.affine();
- Q.affine();
- let mut qx=FP::new_copy(&Q.getpx());
- let mut qy=FP::new_copy(&Q.getpy());
-
- let mut A=ECP2::new();
- let mut r=FP12::new_int(1);
-
- A.copy(&P);
- let nb=n.nbits();
-
- for i in (1..nb-1).rev() {
- let mut lv=linedbl(&mut A,&mut qx,&mut qy);
- r.smul(&mut lv);
- if n.bit(i)==1 {
-
- lv=lineadd(&mut A,P,&mut qx,&mut qy);
-
- r.smul(&mut lv);
- }
- r.sqr();
- }
-
- let mut lv=linedbl(&mut A,&mut qx,&mut qy);
- r.smul(&mut lv);
-
- if n.parity()==1 {
- lv=lineadd(&mut A,P,&mut qx,&mut qy);
- r.smul(&mut lv);
- }
-
-/* R-ate fixup required for BN curves */
-
- if rom::CURVE_PAIRING_TYPE == rom::BN_CURVE {
- r.conj();
- K.copy(&P);
- K.frob(&mut f);
- A.neg();
- lv=lineadd(&mut A,&mut K,&mut qx,&mut qy);
- r.smul(&mut lv);
- K.frob(&mut f);
- K.neg();
- lv=lineadd(&mut A,&mut K,&mut qx,&mut qy);
- r.smul(&mut lv);
- }
-
- return r;
-}
-
-#[allow(non_snake_case)]
-/* Optimal R-ate double pairing e(P,Q).e(R,S) */
-pub fn ate2(P: &mut ECP2,Q: &mut ECP,R: &mut ECP2,S: &mut ECP) -> FP12 {
- let mut f = FP2::new_bigs(&BIG::new_ints(&rom::CURVE_FRA),&BIG::new_ints(&rom::CURVE_FRB));
- let x = BIG::new_ints(&rom::CURVE_BNX);
- let mut n = BIG::new_copy(&x);
- let mut K = ECP2::new();
-
-
- if rom::CURVE_PAIRING_TYPE == rom::BN_CURVE {
- n.pmul(6); n.dec(2);
- } else {n.copy(&x)}
-
- n.norm();
- P.affine();
- Q.affine();
- R.affine();
- S.affine();
-
- let mut qx=FP::new_copy(&Q.getpx());
- let mut qy=FP::new_copy(&Q.getpy());
-
- let mut sx=FP::new_copy(&S.getpx());
- let mut sy=FP::new_copy(&S.getpy());
-
- let mut A=ECP2::new();
- let mut B=ECP2::new();
- let mut r=FP12::new_int(1);
-
- A.copy(&P);
- B.copy(&R);
- let nb=n.nbits();
-
- for i in (1..nb-1).rev() {
- let mut lv=linedbl(&mut A,&mut qx,&mut qy);
- r.smul(&mut lv);
- lv=linedbl(&mut B,&mut sx,&mut sy);
- r.smul(&mut lv);
-
- if n.bit(i)==1 {
- lv=lineadd(&mut A,P,&mut qx,&mut qy);
- r.smul(&mut lv);
- lv=lineadd(&mut B,R,&mut sx,&mut sy);
- r.smul(&mut lv);
- }
- r.sqr();
- }
-
- let mut lv=linedbl(&mut A,&mut qx,&mut qy);
- r.smul(&mut lv);
- lv=linedbl(&mut B,&mut sx,&mut sy);
- r.smul(&mut lv);
- if n.parity()==1 {
- lv=lineadd(&mut A,P,&mut qx,&mut qy);
- r.smul(&mut lv);
- lv=lineadd(&mut B,R,&mut sx,&mut sy);
- r.smul(&mut lv);
- }
-
-/* R-ate fixup */
- if rom::CURVE_PAIRING_TYPE == rom::BN_CURVE {
- r.conj();
- K.copy(&P);
- K.frob(&mut f);
- A.neg();
- lv=lineadd(&mut A,&mut K,&mut qx,&mut qy);
- r.smul(&mut lv);
- K.frob(&mut f);
- K.neg();
- lv=lineadd(&mut A,&mut K,&mut qx,&mut qy);
- r.smul(&mut lv);
-
- K.copy(&R);
- K.frob(&mut f);
- B.neg();
- lv=lineadd(&mut B,&mut K,&mut sx,&mut sy);
- r.smul(&mut lv);
- K.frob(&mut f);
- K.neg();
- lv=lineadd(&mut B,&mut K,&mut sx,&mut sy);
- r.smul(&mut lv);
- }
-
- return r;
-}
-
-/* final exponentiation - keep separate for multi-pairings and to avoid thrashing stack */
-pub fn fexp(m: &FP12) -> FP12 {
- let mut f = FP2::new_bigs(&BIG::new_ints(&rom::CURVE_FRA),&BIG::new_ints(&rom::CURVE_FRB));
- let mut x = BIG::new_ints(&rom::CURVE_BNX);
- let mut r=FP12::new_copy(m);
-
-/* Easy part of final exp */
- let mut lv=FP12::new_copy(&r);
- lv.inverse();
- r.conj();
-
- r.mul(&mut lv);
- lv.copy(&r);
- r.frob(&mut f);
- r.frob(&mut f);
- r.mul(&mut lv);
-/* Hard part of final exp */
- if rom::CURVE_PAIRING_TYPE == rom::BN_CURVE {
- lv.copy(&r);
- lv.frob(&mut f);
- let mut x0=FP12::new_copy(&lv);
- x0.frob(&mut f);
- lv.mul(&mut r);
- x0.mul(&mut lv);
- x0.frob(&mut f);
- let mut x1=FP12::new_copy(&r);
- x1.conj();
- let mut x4=r.pow(&mut x);
-
- let mut x3=FP12::new_copy(&x4);
- x3.frob(&mut f);
-
- let mut x2=x4.pow(&mut x);
-
- let mut x5=FP12::new_copy(&x2); x5.conj();
- lv=x2.pow(&mut x);
-
- x2.frob(&mut f);
- r.copy(&x2); r.conj();
-
- x4.mul(&mut r);
- x2.frob(&mut f);
-
- r.copy(&lv);
- r.frob(&mut f);
- lv.mul(&mut r);
-
- lv.usqr();
- lv.mul(&mut x4);
- lv.mul(&mut x5);
- r.copy(&x3);
- r.mul(&mut x5);
- r.mul(&mut lv);
- lv.mul(&mut x2);
- r.usqr();
- r.mul(&mut lv);
- r.usqr();
- lv.copy(&r);
- lv.mul(&mut x1);
- r.mul(&mut x0);
- lv.usqr();
- r.mul(&mut lv);
- r.reduce();
- } else {
-
-// Ghamman & Fouotsa Method
-
- let mut y0=FP12::new_copy(&r); y0.usqr();
- let mut y1=y0.pow(&mut x);
- x.fshr(1); let mut y2=y1.pow(&mut x); x.fshl(1);
- let mut y3=FP12::new_copy(&r); y3.conj();
- y1.mul(&mut y3);
-
- y1.conj();
- y1.mul(&mut y2);
-
- y2=y1.pow(&mut x);
-
- y3=y2.pow(&mut x);
- y1.conj();
- y3.mul(&mut y1);
-
- y1.conj();
- y1.frob(&mut f); y1.frob(&mut f); y1.frob(&mut f);
- y2.frob(&mut f); y2.frob(&mut f);
- y1.mul(&mut y2);
-
- y2=y3.pow(&mut x);
- y2.mul(&mut y0);
- y2.mul(&mut r);
-
- y1.mul(&mut y2);
- y2.copy(&y3); y2.frob(&mut f);
- y1.mul(&mut y2);
- r.copy(&y1);
- r.reduce();
-
-
-/*
- let mut x0=FP12::new_copy(&r);
- let mut x1=FP12::new_copy(&r);
- lv.copy(&r); lv.frob(&mut f);
- let mut x3=FP12::new_copy(&lv); x3.conj(); x1.mul(&mut x3);
- lv.frob(&mut f); lv.frob(&mut f);
- x1.mul(&mut lv);
-
- r=r.pow(&mut x); //r=r.pow(x);
- x3.copy(&r); x3.conj(); x1.mul(&mut x3);
- lv.copy(&r); lv.frob(&mut f);
- x0.mul(&mut lv);
- lv.frob(&mut f);
- x1.mul(&mut lv);
- lv.frob(&mut f);
- x3.copy(&lv); x3.conj(); x0.mul(&mut x3);
-
- r=r.pow(&mut x);
- x0.mul(&mut r);
- lv.copy(&r); lv.frob(&mut f); lv.frob(&mut f);
- x3.copy(&lv); x3.conj(); x0.mul(&mut x3);
- lv.frob(&mut f);
- x1.mul(&mut lv);
-
- r=r.pow(&mut x);
- lv.copy(&r); lv.frob(&mut f);
- x3.copy(&lv); x3.conj(); x0.mul(&mut x3);
- lv.frob(&mut f);
- x1.mul(&mut lv);
-
- r=r.pow(&mut x);
- x3.copy(&r); x3.conj(); x0.mul(&mut x3);
- lv.copy(&r); lv.frob(&mut f);
- x1.mul(&mut lv);
-
- r=r.pow(&mut x);
- x1.mul(&mut r);
-
- x0.usqr();
- x0.mul(&mut x1);
- r.copy(&x0);
- r.reduce(); */
- }
- return r;
-}
-
-#[allow(non_snake_case)]
-/* GLV method */
-fn glv(e: &mut BIG) -> [BIG;2] {
- let mut u:[BIG;2]=[BIG::new(),BIG::new()];
- if rom::CURVE_PAIRING_TYPE == rom::BN_CURVE {
- let mut t=BIG::new();
- let q=BIG::new_ints(&rom::CURVE_ORDER);
- let mut v:[BIG;2]=[BIG::new(),BIG::new()];
-
- for i in 0..2 {
- t.copy(&BIG::new_ints(&rom::CURVE_W[i])); // why not just t=new BIG(ROM.CURVE_W[i]);
- let mut d:DBIG = BIG::mul(&mut t,e);
- v[i].copy(&d.div(&q));
- }
- u[0].copy(&e);
- for i in 0..2 {
- for j in 0..2 {
- t=BIG::new_ints(&rom::CURVE_SB[j][i]);
- t=BIG::modmul(&mut v[j],&mut t,&q);
- u[i].add(&q);
- u[i].sub(&t);
- u[i].rmod(&q);
- }
- }
- } else {
- let q=BIG::new_ints(&rom::CURVE_ORDER);
- let x=BIG::new_ints(&rom::CURVE_BNX);
- let x2=BIG::smul(&x,&x);
- u[0].copy(&e);
- u[0].rmod(&x2);
- u[1].copy(&e);
- u[1].div(&x2);
- u[1].rsub(&q);
- }
- return u;
-}
-
-#[allow(non_snake_case)]
-/* Galbraith & Scott Method */
-pub fn gs(e: &mut BIG) -> [BIG;4] {
- let mut u:[BIG;4]=[BIG::new(),BIG::new(),BIG::new(),BIG::new()];
- if rom::CURVE_PAIRING_TYPE == rom::BN_CURVE {
- let mut t=BIG::new();
- let q=BIG::new_ints(&rom::CURVE_ORDER);
-
- let mut v:[BIG;4]=[BIG::new(),BIG::new(),BIG::new(),BIG::new()];
- for i in 0..4 {
- t.copy(&BIG::new_ints(&rom::CURVE_WB[i]));
- let mut d:DBIG=BIG::mul(&mut t,e);
- v[i].copy(&d.div(&q));
- }
- u[0].copy(&e);
- for i in 0..4 {
- for j in 0..4 {
- t=BIG::new_ints(&rom::CURVE_BB[j][i]);
- t=BIG::modmul(&mut v[j],&mut t,&q);
- u[i].add(&q);
- u[i].sub(&t);
- u[i].rmod(&q);
- }
- }
- } else {
- let x=BIG::new_ints(&rom::CURVE_BNX);
- let mut w=BIG::new_copy(&e);
- for i in 0..4 {
- u[i].copy(&w);
- u[i].rmod(&x);
- w.div(&x);
- }
- }
- return u;
-}
-
-#[allow(non_snake_case)]
-/* Multiply P by e in group G1 */
-pub fn g1mul(P: &mut ECP,e: &mut BIG) -> ECP {
- let mut R=ECP::new();
- if rom::USE_GLV {
- P.affine();
- R.copy(P);
- let mut Q=ECP::new();
- Q.copy(P);
- let q=BIG::new_ints(&rom::CURVE_ORDER);
- let mut cru=FP::new_big(&BIG::new_ints(&rom::CURVE_CRU));
- let mut u=glv(e);
- Q.mulx(&mut cru);
-
- let mut np=u[0].nbits();
- let mut t:BIG=BIG::modneg(&mut u[0],&q);
- let mut nn=t.nbits();
- if nn<np {
- u[0].copy(&t);
- R.neg();
- }
-
- np=u[1].nbits();
- t=BIG::modneg(&mut u[1],&q);
- nn=t.nbits();
- if nn<np {
- u[1].copy(&t);
- Q.neg();
- }
-
- R=R.mul2(&u[0],&mut Q,&u[1]);
-
- } else {
- R=P.mul(e);
- }
- return R;
-}
-
-#[allow(non_snake_case)]
-/* Multiply P by e in group G2 */
-pub fn g2mul(P: &mut ECP2,e: &mut BIG) -> ECP2 {
- let mut R=ECP2::new();
- if rom::USE_GS_G2 {
- let mut Q:[ECP2;4]=[ECP2::new(),ECP2::new(),ECP2::new(),ECP2::new()];
- let mut f = FP2::new_bigs(&BIG::new_ints(&rom::CURVE_FRA),&BIG::new_ints(&rom::CURVE_FRB));
- let q=BIG::new_ints(&rom::CURVE_ORDER);
- let mut u=gs(e);
- let mut T=ECP2::new();
-
- let mut t=BIG::new();
- P.affine();
- Q[0].copy(&P);
- for i in 1..4 {
- T.copy(&Q[i-1]);
- Q[i].copy(&T);
- Q[i].frob(&mut f);
- }
- for i in 0..4 {
- let np=u[i].nbits();
- t.copy(&BIG::modneg(&mut u[i],&q));
- let nn=t.nbits();
- if nn<np {
- u[i].copy(&t);
- Q[i].neg();
- }
- }
-
- R.copy(&ECP2::mul4(&mut Q,&u));
-
- } else {
- R.copy(&P.mul(e));
- }
- return R;
-}
-
-/* f=f^e */
-/* Note that this method requires a lot of RAM! Better to use compressed XTR method, see FP4.java */
-pub fn gtpow(d: &mut FP12,e: &mut BIG) -> FP12 {
- let mut r=FP12::new();
- if rom::USE_GS_GT {
- let mut g:[FP12;4]=[FP12::new(),FP12::new(),FP12::new(),FP12::new()];
- let mut f = FP2::new_bigs(&BIG::new_ints(&rom::CURVE_FRA),&BIG::new_ints(&rom::CURVE_FRB));
- let q=BIG::new_ints(&rom::CURVE_ORDER);
- let mut t=BIG::new();
- let mut u=gs(e);
- let mut w=FP12::new();
-
- g[0].copy(&d);
- for i in 1..4 {
- w.copy(&g[i-1]);
- g[i].copy(&w);
- g[i].frob(&mut f);
- }
- for i in 0..4 {
- let np=u[i].nbits();
- t.copy(&BIG::modneg(&mut u[i],&q));
- let nn=t.nbits();
- if nn<np {
- u[i].copy(&t);
- g[i].conj();
- }
- }
- r.copy(&FP12::pow4(&mut g,&u));
- } else {
- r.copy(&d.pow(e));
- }
- return r;
-}
-
-/*
-#[allow(non_snake_case)]
-fn main()
-{
- let mut Q=ECP::new_bigs(&BIG::new_ints(&rom::CURVE_GX),&BIG::new_ints(&rom::CURVE_GY));
- let mut P=ECP2::new_fp2s(&FP2::new_bigs(&BIG::new_ints(&rom::CURVE_PXA),&BIG::new_ints(&rom::CURVE_PXB)),&FP2::new_bigs(&BIG::new_ints(&rom::CURVE_PYA),&BIG::new_ints(&rom::CURVE_PYB)));
-
- let mut r=BIG::new_ints(&rom::CURVE_ORDER);
-
- println!("P= {}",P.tostring());
- println!("Q= {}",Q.tostring());
-
- //m:=NewBIGint(17)
-
- let mut e=ate(&mut P,&mut Q);
- println!("\ne= {}",e.tostring());
-
- e=fexp(&e);
-
- for i in 1..10 {
- e=ate(&mut P,&mut Q);
- e=fexp(&e);
- }
-
-
- // e=GTpow(e,m);
-
- println!("\ne= {}",e.tostring());
-
-
- fmt.Printf("\n");
- GLV:=glv(r)
-
- fmt.Printf("GLV[0]= "+GLV[0].toString())
- fmt.Printf("\n")
-
- fmt.Printf("GLV[0]= "+GLV[1].toString())
- fmt.Printf("\n")
-
- G:=NewECP(); G.copy(Q)
- R:=NewECP2(); R.copy(P)
-
-
- e=ate(R,Q)
- e=fexp(e)
-
- e=GTpow(e,xa)
- fmt.Printf("\ne= "+e.toString());
- fmt.Printf("\n")
-
- R=G2mul(R,xa)
- e=ate(R,G)
- e=fexp(e)
-
- fmt.Printf("\ne= "+e.toString())
- fmt.Printf("\n")
-
- G=G1mul(G,xa)
- e=ate(P,G)
- e=fexp(e)
- fmt.Printf("\ne= "+e.toString())
- fmt.Printf("\n")
-}*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/src/rand.rs
----------------------------------------------------------------------
diff --git a/version22/rust/src/rand.rs b/version22/rust/src/rand.rs
deleted file mode 100644
index 5cf79ac..0000000
--- a/version22/rust/src/rand.rs
+++ /dev/null
@@ -1,147 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-//mod hash256;
-
-use hash256::HASH256;
-
-const RAND_NK: usize=21;
-const RAND_NJ: usize=6;
-const RAND_NV: usize=8;
-
-pub struct RAND {
- ira: [u32;RAND_NK], /* random number... */
- rndptr: usize,
- borrow: u32,
- pool_ptr: usize,
- pool: [u8;32]
-}
-
-impl RAND {
-
- pub fn new() -> RAND {
- RAND {
- ira: [0;RAND_NK],
- rndptr:0,
- borrow: 0,
- pool_ptr:0,
- pool:[0;32]
- }
- }
-
- pub fn clean(&mut self) {
- self.pool_ptr=0; self.rndptr=0;
- for i in 0..32 {self.pool[i]=0}
- for i in 0..RAND_NK {self.ira[i]=0}
- self.borrow=0;
- }
-
- fn sbrand(&mut self) -> u32 { /* Marsaglia & Zaman random number generator */
- self.rndptr+=1;
- if self.rndptr<RAND_NK {return self.ira[self.rndptr]}
- self.rndptr=0;
- let mut k=RAND_NK-RAND_NJ;
- for i in 0..RAND_NK { /* calculate next NK values */
- if k==RAND_NK {k=0}
- let t=self.ira[k];
- let pdiff=t.wrapping_sub(self.ira[i]).wrapping_sub(self.borrow);
- if pdiff<t {self.borrow=0}
- if pdiff>t {self.borrow=1}
- self.ira[i]=pdiff;
- k+=1;
- }
- return self.ira[0];
- }
-
- fn sirand(&mut self,seed: u32) {
- let mut m: u32=1;
- let mut sd=seed;
- self.borrow=0;
- self.rndptr=0;
- self.ira[0]^=sd;
- for i in 1..RAND_NK { /* fill initialisation vector */
- let inn=(RAND_NV*i)%RAND_NK;
- self.ira[inn]^=m; /* note XOR */
- let t=m;
- m=sd.wrapping_sub(m);
- sd=t;
- }
- for _ in 0..10000 {self.sbrand();} /* "warm-up" & stir the generator */
- }
-
- fn fill_pool(&mut self) {
- let mut sh=HASH256::new();
- for _ in 0..128 {sh.process((self.sbrand()&0xff) as u8)}
- let w=sh.hash();
- for i in 0..32 {self.pool[i]=w[i]}
- self.pool_ptr=0;
- }
-
- fn pack(b: [u8;4]) -> u32 { /* pack 4 bytes into a 32-bit Word */
- return ((((b[3] as u32))&0xff)<<24)|(((b[2] as u32)&0xff)<<16)|(((b[1] as u32)&0xff)<<8)|((b[0] as u32)&0xff);
- }
-
-/* Initialize RNG with some real entropy from some external source */
- pub fn seed(&mut self,rawlen: usize,raw: &[u8]) { /* initialise from at least 128 byte string of raw random entropy */
- let mut b: [u8;4]=[0;4];
- let mut sh=HASH256::new();
- self.pool_ptr=0;
-
- for i in 0..RAND_NK {self.ira[i]=0}
- if rawlen>0 {
- for i in 0..rawlen {
- sh.process(raw[i]);
- }
- let digest=sh.hash();
-
-/* initialise PRNG from distilled randomness */
-
- for i in 0..8 {
- b[0]=digest[4*i]; b[1]=digest[4*i+1]; b[2]=digest[4*i+2]; b[3]=digest[4*i+3];
- self.sirand(RAND::pack(b));
- }
- }
- self.fill_pool();
- }
-
-/* get random byte */
- pub fn getbyte(&mut self) -> u8 {
- let r=self.pool[self.pool_ptr];
- self.pool_ptr+=1;
- if self.pool_ptr>=32 {self.fill_pool()}
- return (r&0xff) as u8;
- }
-}
-
-/* test main program */
-/*
-fn main() {
- let mut raw : [u8;100]=[0;100];
- let mut rng=RAND::new();
-
- rng.clean();
- for i in 0..100 {raw[i]=i as u8}
-
- rng.seed(100,&raw);
-
- for _ in 0..1000 {
- print!("{:03} ",rng.getbyte());
- }
-}
-*/