You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@milagro.apache.org by br...@apache.org on 2018/11/07 23:49:50 UTC
[13/51] [partial] incubator-milagro-crypto git commit: update code
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/swift/fp12.swift
----------------------------------------------------------------------
diff --git a/swift/fp12.swift b/swift/fp12.swift
deleted file mode 100644
index 05617be..0000000
--- a/swift/fp12.swift
+++ /dev/null
@@ -1,581 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-//
-// fp12.swift
-//
-//
-// Created by Michael Scott on 07/07/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-/* CLINT Fp^12 functions */
-/* FP12 elements are of the form a+i.b+i^2.c */
-
-final class FP12
-{
- private final var a:FP4
- private final var b:FP4
- private final var c:FP4
-
- /* reduce all components of this mod Modulus */
- func reduce()
- {
- a.reduce()
- b.reduce()
- c.reduce()
- }
- /* normalise all components of this */
- func norm()
- {
- a.norm();
- b.norm();
- c.norm();
- }
- /* Constructors */
- init(_ d:FP4)
- {
- a=FP4(d)
- b=FP4(0)
- c=FP4(0)
- }
-
- init(_ d:Int32)
- {
- a=FP4(d)
- b=FP4(0)
- c=FP4(0)
- }
-
- init(_ d:FP4,_ e:FP4,_ f:FP4)
- {
- a=FP4(d)
- b=FP4(e)
- c=FP4(f)
- }
-
- init(_ x:FP12)
- {
- a=FP4(x.a)
- b=FP4(x.b)
- c=FP4(x.c)
- }
- /* test x==0 ? */
- func iszilch() -> Bool
- {
- reduce();
- return a.iszilch() && b.iszilch() && c.iszilch()
- }
- /* test x==1 ? */
- func isunity() -> Bool
- {
- let one=FP4(1)
- return a.equals(one) && b.iszilch() && c.iszilch()
- }
- /* return 1 if x==y, else 0 */
- func equals(x:FP12) -> Bool
- {
- return a.equals(x.a) && b.equals(x.b) && c.equals(x.c)
- }
- /* extract a from self */
- func geta() -> FP4
- {
- return a
- }
- /* extract b */
- func getb() -> FP4
- {
- return b
- }
- /* extract c */
- func getc() -> FP4
- {
- return c
- }
- /* copy self=x */
- func copy(x:FP12)
- {
- a.copy(x.a)
- b.copy(x.b)
- c.copy(x.c)
- }
- /* set self=1 */
- func one()
- {
- a.one()
- b.zero()
- c.zero()
- }
- /* self=conj(self) */
- func conj()
- {
- a.conj()
- b.nconj()
- c.conj()
- }
- /* Granger-Scott Unitary Squaring */
- func usqr()
- {
- let A=FP4(a)
- let B=FP4(c)
- let C=FP4(b)
- let D=FP4(0)
-
- a.sqr()
- D.copy(a); D.add(a)
- a.add(D)
-
- a.norm()
- A.nconj()
-
- A.add(A)
- a.add(A)
- B.sqr()
- B.times_i()
-
- D.copy(B); D.add(B)
- B.add(D)
- B.norm()
-
- C.sqr()
- D.copy(C); D.add(C)
- C.add(D)
- C.norm()
-
- b.conj()
- b.add(b)
- c.nconj()
-
- c.add(c)
- b.add(B)
- c.add(C)
- reduce()
-
- }
- /* Chung-Hasan SQR2 method from http://cacr.uwaterloo.ca/techreports/2006/cacr2006-24.pdf */
- func sqr()
- {
- let A=FP4(a)
- let B=FP4(b)
- let C=FP4(c)
- let D=FP4(a)
-
- A.sqr()
- B.mul(c)
- B.add(B)
- C.sqr()
- D.mul(b)
- D.add(D)
-
- c.add(a)
- c.add(b)
- c.sqr()
-
- a.copy(A)
-
- A.add(B)
- A.norm()
- A.add(C)
- A.add(D)
- A.norm()
-
- A.neg()
- B.times_i()
- C.times_i()
-
- a.add(B)
-
- b.copy(C); b.add(D)
- c.add(A)
-
- norm()
- }
-
- /* FP12 full multiplication this=this*y */
- func mul(y:FP12)
- {
- let z0=FP4(a)
- let z1=FP4(0)
- let z2=FP4(b)
- let z3=FP4(0)
- let t0=FP4(a)
- let t1=FP4(y.a)
-
- z0.mul(y.a)
- z2.mul(y.b)
-
- t0.add(b)
- t1.add(y.b)
-
- z1.copy(t0); z1.mul(t1)
- t0.copy(b); t0.add(c)
-
- t1.copy(y.b); t1.add(y.c)
- z3.copy(t0); z3.mul(t1)
-
- t0.copy(z0); t0.neg()
- t1.copy(z2); t1.neg()
-
- z1.add(t0)
- z1.norm()
- b.copy(z1); b.add(t1)
-
- z3.add(t1)
- z2.add(t0)
-
- t0.copy(a); t0.add(c)
- t1.copy(y.a); t1.add(y.c)
- t0.mul(t1)
- z2.add(t0)
-
- t0.copy(c); t0.mul(y.c)
- t1.copy(t0); t1.neg()
-
- z2.norm()
- z3.norm()
- b.norm()
-
- c.copy(z2); c.add(t1)
- z3.add(t1)
- t0.times_i()
- b.add(t0)
-
- z3.times_i()
- a.copy(z0); a.add(z3)
-
- norm()
- }
-
- /* Special case of multiplication arises from special form of ATE pairing line function */
- func smul(y:FP12)
- {
- let z0=FP4(a)
- let z2=FP4(b)
- let z3=FP4(b)
- let t0=FP4(0)
- let t1=FP4(y.a)
-
- z0.mul(y.a)
- z2.pmul(y.b.real())
- b.add(a)
- t1.real().add(y.b.real())
-
- b.mul(t1)
- z3.add(c)
- z3.pmul(y.b.real())
-
- t0.copy(z0); t0.neg()
- t1.copy(z2); t1.neg()
-
- b.add(t0)
- b.norm()
-
- b.add(t1)
- z3.add(t1)
- z2.add(t0)
-
- t0.copy(a); t0.add(c)
- t0.mul(y.a)
- c.copy(z2); c.add(t0)
-
- z3.times_i()
- a.copy(z0); a.add(z3)
-
- norm()
- }
- /* self=1/self */
- func inverse()
- {
- let f0=FP4(a)
- let f1=FP4(b)
- let f2=FP4(a)
- let f3=FP4(0)
-
- norm()
- f0.sqr()
- f1.mul(c)
- f1.times_i()
- f0.sub(f1)
-
- f1.copy(c); f1.sqr()
- f1.times_i()
- f2.mul(b)
- f1.sub(f2)
-
- f2.copy(b); f2.sqr()
- f3.copy(a); f3.mul(c)
- f2.sub(f3)
-
- f3.copy(b); f3.mul(f2)
- f3.times_i()
- a.mul(f0)
- f3.add(a)
- c.mul(f1)
- c.times_i()
-
- f3.add(c)
- f3.inverse()
- a.copy(f0); a.mul(f3)
- b.copy(f1); b.mul(f3)
- c.copy(f2); c.mul(f3)
- }
-
- /* self=self^p using Frobenius */
- func frob(f:FP2)
- {
- let f2=FP2(f)
- let f3=FP2(f)
-
- f2.sqr()
- f3.mul(f2)
-
- a.frob(f3)
- b.frob(f3)
- c.frob(f3)
-
- b.pmul(f)
- c.pmul(f2)
- }
-
- /* trace function */
- func trace() -> FP4
- {
- let t=FP4(0)
- t.copy(a)
- t.imul(3)
- t.reduce()
- return t
- }
- /* convert from byte array to FP12 */
- static func fromBytes(w:[UInt8]) -> FP12
- {
- let RM=Int(ROM.MODBYTES)
- var t=[UInt8](count:RM,repeatedValue:0)
-
- for var i=0;i<RM;i++ {t[i]=w[i]}
- var a=BIG.fromBytes(t)
- for var i=0;i<RM;i++ {t[i]=w[i+RM]}
- var b=BIG.fromBytes(t)
- var c=FP2(a,b)
-
- for var i=0;i<RM;i++ {t[i]=w[i+2*RM]}
- a=BIG.fromBytes(t)
- for var i=0;i<RM;i++ {t[i]=w[i+3*RM]}
- b=BIG.fromBytes(t)
- var d=FP2(a,b)
-
- let e=FP4(c,d)
-
- for var i=0;i<RM;i++ {t[i]=w[i+4*RM]}
- a=BIG.fromBytes(t)
- for var i=0;i<RM;i++ {t[i]=w[i+5*RM]}
- b=BIG.fromBytes(t)
- c=FP2(a,b)
-
- for var i=0;i<RM;i++ {t[i]=w[i+6*RM]}
- a=BIG.fromBytes(t)
- for var i=0;i<RM;i++ {t[i]=w[i+7*RM]}
- b=BIG.fromBytes(t)
- d=FP2(a,b)
-
- let f=FP4(c,d)
-
-
- for var i=0;i<RM;i++ {t[i]=w[i+8*RM]}
- a=BIG.fromBytes(t)
- for var i=0;i<RM;i++ {t[i]=w[i+9*RM]}
- b=BIG.fromBytes(t)
- c=FP2(a,b)
-
- for var i=0;i<RM;i++ {t[i]=w[i+10*RM]}
- a=BIG.fromBytes(t)
- for var i=0;i<RM;i++ {t[i]=w[i+11*RM]}
- b=BIG.fromBytes(t);
- d=FP2(a,b)
-
- let g=FP4(c,d)
-
- return FP12(e,f,g)
- }
-
- /* convert this to byte array */
- func toBytes(inout w:[UInt8])
- {
- let RM=Int(ROM.MODBYTES)
- var t=[UInt8](count:RM,repeatedValue:0)
-
- a.geta().getA().toBytes(&t)
- for var i=0;i<RM;i++ {w[i]=t[i]}
- a.geta().getB().toBytes(&t)
- for var i=0;i<RM;i++ {w[i+RM]=t[i]}
- a.getb().getA().toBytes(&t)
- for var i=0;i<RM;i++ {w[i+2*RM]=t[i]}
- a.getb().getB().toBytes(&t)
- for var i=0;i<RM;i++ {w[i+3*RM]=t[i]}
-
- b.geta().getA().toBytes(&t)
- for var i=0;i<RM;i++ {w[i+4*RM]=t[i]}
- b.geta().getB().toBytes(&t);
- for var i=0;i<RM;i++ {w[i+5*RM]=t[i]}
- b.getb().getA().toBytes(&t)
- for var i=0;i<RM;i++ {w[i+6*RM]=t[i]}
- b.getb().getB().toBytes(&t)
- for var i=0;i<RM;i++ {w[i+7*RM]=t[i]}
-
- c.geta().getA().toBytes(&t)
- for var i=0;i<RM;i++ {w[i+8*RM]=t[i]}
- c.geta().getB().toBytes(&t)
- for var i=0;i<RM;i++ {w[i+9*RM]=t[i]}
- c.getb().getA().toBytes(&t)
- for var i=0;i<RM;i++ {w[i+10*RM]=t[i]}
- c.getb().getB().toBytes(&t)
- for var i=0;i<RM;i++ {w[i+11*RM]=t[i]}
- }
- /* convert to hex string */
- func toString() -> String
- {
- return ("["+a.toString()+","+b.toString()+","+c.toString()+"]")
- }
-
- /* self=self^e */
- /* Note this is simple square and multiply, so not side-channel safe */
- func pow(e:BIG) -> FP12
- {
- norm()
- e.norm()
- let w=FP12(self)
- let z=BIG(e)
- let r=FP12(1)
-
- while (true)
- {
- let bt=z.parity()
- z.fshr(1)
- if bt==1 {r.mul(w)}
- if z.iszilch() {break}
- w.usqr()
- }
- r.reduce()
- return r
- }
- /* constant time powering by small integer of max length bts */
- func pinpow(e:Int32,_ bts:Int32)
- {
- var R=[FP12]()
- R.append(FP12(1));
- R.append(FP12(self));
-
- for var i=bts-1;i>=0;i--
- {
- let b=Int((e>>i)&1)
- R[1-b].mul(R[b])
- R[b].usqr()
- }
- copy(R[0]);
- }
-
- /* p=q0^u0.q1^u1.q2^u2.q3^u3 */
- /* Timing attack secure, but not cache attack secure */
-
- static func pow4(q:[FP12],_ u:[BIG]) -> FP12
- {
- var a=[Int32](count:4,repeatedValue:0)
- var g=[FP12]();
-
- for var i=0;i<8;i++ {g.append(FP12(0))}
- var s=[FP12]();
- for var i=0;i<2;i++ {s.append(FP12(0))}
-
- let c=FP12(1)
- let p=FP12(0)
-
- var t=[BIG]()
- for var i=0;i<4;i++
- {t.append(BIG(u[i]))}
-
- let mt=BIG(0);
- var w=[Int8](count:ROM.NLEN*Int(ROM.BASEBITS)+1,repeatedValue:0)
-
- g[0].copy(q[0]); s[0].copy(q[1]); s[0].conj(); g[0].mul(s[0])
- g[1].copy(g[0])
- g[2].copy(g[0])
- g[3].copy(g[0])
- g[4].copy(q[0]); g[4].mul(q[1])
- g[5].copy(g[4])
- g[6].copy(g[4])
- g[7].copy(g[4])
-
- s[1].copy(q[2]); s[0].copy(q[3]); s[0].conj(); s[1].mul(s[0])
- s[0].copy(s[1]); s[0].conj(); g[1].mul(s[0])
- g[2].mul(s[1])
- g[5].mul(s[0])
- g[6].mul(s[1])
- s[1].copy(q[2]); s[1].mul(q[3])
- s[0].copy(s[1]); s[0].conj(); g[0].mul(s[0])
- g[3].mul(s[1])
- g[4].mul(s[0])
- g[7].mul(s[1])
-
- /* if power is even add 1 to power, and add q to correction */
-
- for var i=0;i<4;i++
- {
- if t[i].parity()==0
- {
- t[i].inc(1); t[i].norm()
- c.mul(q[i])
- }
- mt.add(t[i]); mt.norm()
- }
- c.conj();
- let nb=1+mt.nbits();
-
- /* convert exponent to signed 1-bit window */
- for var j=0;j<nb;j++
- {
- for var i=0;i<4;i++
- {
- a[i]=(t[i].lastbits(2)-2)
- t[i].dec(a[i]); t[i].norm()
- t[i].fshr(1)
- }
- w[j]=Int8(8*a[0]+4*a[1]+2*a[2]+a[3])
- }
- w[nb]=Int8(8*t[0].lastbits(2)+4*t[1].lastbits(2))
- w[nb]+=Int8(2*t[2].lastbits(2)+t[3].lastbits(2))
- p.copy(g[(w[nb]-1)/2])
-
- for var i=nb-1;i>=0;i--
- {
- let m=w[i]>>7
- let j=(w[i]^m)-m /* j=abs(w[i]) */
- let k=Int((j-1)/2)
- s[0].copy(g[k]); s[1].copy(g[k]); s[1].conj()
- p.usqr()
- p.mul(s[Int(m&1)])
- }
- p.mul(c) /* apply correction */
- p.reduce()
- return p
- }
-
-
-
-
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/swift/fp2.swift
----------------------------------------------------------------------
diff --git a/swift/fp2.swift b/swift/fp2.swift
deleted file mode 100644
index 3682e34..0000000
--- a/swift/fp2.swift
+++ /dev/null
@@ -1,329 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-//
-// fp2.swift
-//
-//
-// Created by Michael Scott on 07/07/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-/* Finite Field arithmetic Fp^2 functions */
-
-/* FP2 elements are of the form a+ib, where i is sqrt(-1) */
-
-
-final class FP2
-{
- private var a:FP
- private var b:FP
-
- /* Constructors */
- init(_ c: Int32)
- {
- a=FP(c)
- b=FP(0)
- }
-
- init(_ x:FP2)
- {
- a=FP(x.a)
- b=FP(x.b)
- }
-
- init(_ c:FP,_ d:FP)
- {
- a=FP(c)
- b=FP(d)
- }
-
- init(_ c:BIG,_ d:BIG)
- {
- a=FP(c)
- b=FP(d)
- }
-
- init(_ c:FP)
- {
- a=FP(c)
- b=FP(0)
- }
-
- init(_ c:BIG)
- {
- a=FP(c)
- b=FP(0)
- }
-
- /* test this=0 ? */
- func iszilch() -> Bool
- {
- reduce()
- return (a.iszilch() && b.iszilch())
- }
-
- func cmove(g:FP2,_ d:Int32)
- {
- a.cmove(g.a,d)
- b.cmove(g.b,d)
- }
-
- /* test this=1 ? */
- func isunity() -> Bool
- {
- let one=FP(1)
- return (a.equals(one) && b.iszilch())
- }
-
- /* test this=x */
- func equals(x:FP2) -> Bool
- {
- return (a.equals(x.a) && b.equals(x.b));
- }
-
-
- /* reduce components mod Modulus */
- func reduce()
- {
- a.reduce()
- b.reduce()
- }
-
- /* normalise components of w */
- func norm()
- {
- a.norm()
- b.norm()
- }
-
- /* extract a */
- func getA() -> BIG
- {
- return a.redc()
- }
-
- /* extract b */
- func getB() -> BIG
- {
- return b.redc()
- }
-
- /* copy self=x */
- func copy(x:FP2)
- {
- a.copy(x.a)
- b.copy(x.b)
- }
-
- /* set self=0 */
- func zero()
- {
- a.zero()
- b.zero()
- }
-
- /* set self=1 */
- func one()
- {
- a.one()
- b.zero()
- }
-
- /* negate self mod Modulus */
- func neg()
- {
- norm();
- let m=FP(a)
- let t=FP(0)
-
- m.add(b)
- m.neg()
- m.norm()
- t.copy(m); t.add(b)
- b.copy(m)
- b.add(a)
- a.copy(t)
- }
-
- /* set to a-ib */
- func conj()
- {
- b.neg()
- }
-
- /* self+=a */
- func add(x:FP2)
- {
- a.add(x.a)
- b.add(x.b)
- }
-
- /* self-=a */
- func sub(x:FP2)
- {
- let m=FP2(x)
- m.neg()
- add(m)
- }
-
- /* self*=s, where s is an FP */
- func pmul(s:FP)
- {
- a.mul(s)
- b.mul(s)
- }
-
- /* self*=i, where i is an int */
- func imul(c:Int32)
- {
- a.imul(c);
- b.imul(c);
- }
-
- /* self*=self */
- func sqr()
- {
- norm();
-
- let w1=FP(a)
- let w3=FP(a)
- let mb=FP(b)
- w3.mul(b)
- w1.add(b)
- mb.neg()
- a.add(mb)
- a.mul(w1)
- b.copy(w3); b.add(w3)
- norm()
- }
- /* self*=y */
- func mul(y:FP2)
- {
- norm(); /* This is needed here as {a,b} is not normed before additions */
-
- let w1=FP(a)
- let w2=FP(b)
- let w5=FP(a)
- let mw=FP(0)
-
- w1.mul(y.a) // w1=a*y.a - this norms w1 and y.a, NOT a
- w2.mul(y.b) // w2=b*y.b - this norms w2 and y.b, NOT b
- w5.add(b) // w5=a+b
- b.copy(y.a); b.add(y.b) // b=y.a+y.b
-
- b.mul(w5)
- mw.copy(w1); mw.add(w2); mw.neg()
-
- b.add(mw); mw.add(w1)
- a.copy(w1); a.add(mw)
-
- norm()
-
- }
-
- /* sqrt(a+ib) = sqrt(a+sqrt(a*a-n*b*b)/2)+ib/(2*sqrt(a+sqrt(a*a-n*b*b)/2)) */
- /* returns true if this is QR */
- func sqrt() -> Bool
- {
- if iszilch() {return true}
- var w1=FP(b)
- var w2=FP(a)
- w1.sqr(); w2.sqr(); w1.add(w2)
- if w1.jacobi() != 1 { zero(); return false; }
- w1=w1.sqrt()
- w2.copy(a); w2.add(w1); w2.div2()
- if w2.jacobi() != 1
- {
- w2.copy(a); w2.sub(w1); w2.div2()
- if w2.jacobi() != 1 { zero(); return false }
- }
- w2=w2.sqrt()
- a.copy(w2)
- w2.add(w2)
- w2.inverse()
- b.mul(w2)
- return true
- }
- /* output to hex string */
- func toString() -> String
- {
- return ("["+a.toString()+","+b.toString()+"]")
- }
-
- func toRawString() -> String
- {
- return ("["+a.toRawString()+","+b.toRawString()+"]")
- }
-
- /* self=1/self */
- func inverse()
- {
- norm();
- let w1=FP(a)
- let w2=FP(b)
-
- w1.sqr()
- w2.sqr()
- w1.add(w2)
- w1.inverse()
- a.mul(w1)
- w1.neg()
- b.mul(w1)
- }
-
- /* self/=2 */
- func div2()
- {
- a.div2();
- b.div2();
- }
-
- /* self*=sqrt(-1) */
- func times_i()
- {
- let z=FP(a)
- a.copy(b); a.neg()
- b.copy(z)
- }
-
- /* w*=(1+sqrt(-1)) */
- /* where X*2-(1+sqrt(-1)) is irreducible for FP4, assumes p=3 mod 8 */
- func mul_ip()
- {
- norm();
- let t=FP2(self)
- let z=FP(a)
- a.copy(b)
- a.neg()
- b.copy(z)
- add(t)
- norm()
- }
- /* w/=(1+sqrt(-1)) */
- func div_ip()
- {
- let t=FP2(0)
- norm()
- t.a.copy(a); t.a.add(b)
- t.b.copy(b); t.b.sub(a)
- copy(t)
- div2()
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/swift/fp4.swift
----------------------------------------------------------------------
diff --git a/swift/fp4.swift b/swift/fp4.swift
deleted file mode 100644
index d86e59c..0000000
--- a/swift/fp4.swift
+++ /dev/null
@@ -1,513 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-//
-// fp4.swift
-//
-//
-// Created by Michael Scott on 07/07/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-/* Finite Field arithmetic Fp^4 functions */
-
-/* FP4 elements are of the form a+ib, where i is sqrt(-1+sqrt(-1)) */
-
-final class FP4 {
- private final var a:FP2
- private final var b:FP2
-
- /* constructors */
- init(_ c:Int32)
- {
- a=FP2(c)
- b=FP2(0)
- }
-
- init(_ x:FP4)
- {
- a=FP2(x.a)
- b=FP2(x.b)
- }
-
- init(_ c:FP2,_ d:FP2)
- {
- a=FP2(c)
- b=FP2(d)
- }
-
- init(_ c:FP2)
- {
- a=FP2(c)
- b=FP2(0)
- }
- /* reduce all components of this mod Modulus */
- func reduce()
- {
- a.reduce()
- b.reduce()
- }
- /* normalise all components of this mod Modulus */
- func norm()
- {
- a.norm()
- b.norm()
- }
- /* test this==0 ? */
- func iszilch() -> Bool
- {
- reduce()
- return a.iszilch() && b.iszilch()
- }
- /* test this==1 ? */
- func isunity() -> Bool
- {
- let one=FP2(1);
- return a.equals(one) && b.iszilch()
- }
-
- /* test is w real? That is in a+ib test b is zero */
- func isreal() -> Bool
- {
- return b.iszilch();
- }
- /* extract real part a */
- func real() -> FP2
- {
- return a;
- }
-
- func geta() -> FP2
- {
- return a;
- }
- /* extract imaginary part b */
- func getb() -> FP2
- {
- return b;
- }
- /* test self=x? */
- func equals(x:FP4) -> Bool
- {
- return a.equals(x.a) && b.equals(x.b)
- }
- /* copy self=x */
- func copy(x:FP4)
- {
- a.copy(x.a)
- b.copy(x.b)
- }
- /* set this=0 */
- func zero()
- {
- a.zero()
- b.zero()
- }
- /* set this=1 */
- func one()
- {
- a.one()
- b.zero()
- }
- /* set self=-self */
- func neg()
- {
- let m=FP2(a)
- let t=FP2(0)
- m.add(b)
- m.neg()
- m.norm()
- t.copy(m); t.add(b)
- b.copy(m)
- b.add(a)
- a.copy(t)
- }
- /* self=conjugate(self) */
- func conj()
- {
- b.neg(); b.norm()
- }
- /* this=-conjugate(this) */
- func nconj()
- {
- a.neg(); a.norm()
- }
- /* self+=x */
- func add(x:FP4)
- {
- a.add(x.a)
- b.add(x.b)
- }
- /* self-=x */
- func sub(x:FP4)
- {
- let m=FP4(x)
- m.neg()
- add(m)
- }
-
- /* self*=s where s is FP2 */
- func pmul(s:FP2)
- {
- a.mul(s)
- b.mul(s)
- }
- /* self*=c where c is int */
- func imul(c:Int32)
- {
- a.imul(c)
- b.imul(c)
- }
- /* self*=self */
- func sqr()
- {
- norm();
-
- let t1=FP2(a)
- let t2=FP2(b)
- let t3=FP2(a)
-
- t3.mul(b)
- t1.add(b)
- t2.mul_ip()
-
- t2.add(a)
- a.copy(t1)
-
- a.mul(t2)
-
- t2.copy(t3)
- t2.mul_ip()
- t2.add(t3)
- t2.neg()
- a.add(t2)
-
- b.copy(t3)
- b.add(t3)
-
- norm()
- }
- /* self*=y */
- func mul(y:FP4)
- {
- norm();
-
- let t1=FP2(a)
- let t2=FP2(b)
- let t3=FP2(0)
- let t4=FP2(b)
-
- t1.mul(y.a)
- t2.mul(y.b)
- t3.copy(y.b)
- t3.add(y.a)
- t4.add(a)
-
- t4.mul(t3)
- t4.sub(t1)
- t4.norm()
-
- b.copy(t4)
- b.sub(t2)
- t2.mul_ip()
- a.copy(t2)
- a.add(t1)
-
- norm()
- }
- /* convert this to hex string */
- func toString() -> String
- {
- return ("["+a.toString()+","+b.toString()+"]")
- }
-
- func toRawString() -> String
- {
- return ("["+a.toRawString()+","+b.toRawString()+"]")
- }
- /* self=1/self */
- func inverse()
- {
- norm();
-
- let t1=FP2(a)
- let t2=FP2(b)
-
- t1.sqr()
- t2.sqr()
- t2.mul_ip()
- t1.sub(t2)
- t1.inverse()
- a.mul(t1)
- t1.neg()
- b.mul(t1)
- }
-
- /* self*=i where i = sqrt(-1+sqrt(-1)) */
- func times_i()
- {
- norm();
- let s=FP2(b)
- let t=FP2(b)
- s.times_i()
- t.add(s)
- t.norm()
- b.copy(a)
- a.copy(t)
- }
-
- /* self=self^p using Frobenius */
- func frob(f:FP2)
- {
- a.conj()
- b.conj()
- b.mul(f)
- }
- /* self=self^e */
- func pow(e:BIG) -> FP4
- {
- norm()
- e.norm()
- let w=FP4(self)
- let z=BIG(e)
- let r=FP4(1)
- while (true)
- {
- let bt=z.parity()
- z.fshr(1)
- if bt==1 {r.mul(w)}
- if z.iszilch() {break}
- w.sqr()
- }
- r.reduce()
- return r
- }
- /* XTR xtr_a function */
- func xtr_A(w:FP4,_ y:FP4,_ z:FP4)
- {
- let r=FP4(w)
- let t=FP4(w)
- r.sub(y)
- r.pmul(a)
- t.add(y)
- t.pmul(b)
- t.times_i()
-
- copy(r)
- add(t)
- add(z)
-
- norm()
- }
- /* XTR xtr_d function */
- func xtr_D()
- {
- let w=FP4(self)
- sqr(); w.conj()
- w.add(w)
- sub(w)
- reduce()
- }
- /* r=x^n using XTR method on traces of FP12s */
- func xtr_pow(n:BIG) -> FP4
- {
- let a=FP4(3)
- let b=FP4(self)
- let c=FP4(b)
- c.xtr_D()
- let t=FP4(0)
- let r=FP4(0)
-
- n.norm();
- let par=n.parity()
- let v=BIG(n); v.fshr(1)
- if par==0 {v.dec(1); v.norm()}
-
- let nb=v.nbits()
- for var i=nb-1;i>=0;i--
- {
- if (v.bit(i) != 1)
- {
- t.copy(b)
- conj()
- c.conj()
- b.xtr_A(a,self,c)
- conj()
- c.copy(t)
- c.xtr_D()
- a.xtr_D()
- }
- else
- {
- t.copy(a); t.conj()
- a.copy(b)
- a.xtr_D()
- b.xtr_A(c,self,t)
- c.xtr_D()
- }
- }
- if par==0 {r.copy(c)}
- else {r.copy(b)}
- r.reduce()
- return r
- }
-
- /* r=ck^a.cl^n using XTR double exponentiation method on traces of FP12s. See Stam thesis. */
- func xtr_pow2(ck:FP4,_ ckml:FP4,_ ckm2l:FP4,_ a:BIG,_ b:BIG) -> FP4
- {
- a.norm(); b.norm()
- let e=BIG(a)
- let d=BIG(b)
- let w=BIG(0)
-
- let cu=FP4(ck) // can probably be passed in w/o copying
- let cv=FP4(self)
- let cumv=FP4(ckml)
- let cum2v=FP4(ckm2l)
- var r=FP4(0)
- let t=FP4(0)
-
- var f2:Int=0
- while d.parity()==0 && e.parity()==0
- {
- d.fshr(1);
- e.fshr(1);
- f2++;
- }
-
- while (BIG.comp(d,e) != 0)
- {
- if BIG.comp(d,e)>0
- {
- w.copy(e); w.imul(4); w.norm()
- if BIG.comp(d,w)<=0
- {
- w.copy(d); d.copy(e)
- e.rsub(w); e.norm()
-
- t.copy(cv)
- t.xtr_A(cu,cumv,cum2v)
- cum2v.copy(cumv)
- cum2v.conj()
- cumv.copy(cv)
- cv.copy(cu)
- cu.copy(t)
-
- }
- else if d.parity()==0
- {
- d.fshr(1)
- r.copy(cum2v); r.conj()
- t.copy(cumv)
- t.xtr_A(cu,cv,r)
- cum2v.copy(cumv)
- cum2v.xtr_D()
- cumv.copy(t)
- cu.xtr_D()
- }
- else if e.parity()==1
- {
- d.sub(e); d.norm()
- d.fshr(1)
- t.copy(cv)
- t.xtr_A(cu,cumv,cum2v)
- cu.xtr_D()
- cum2v.copy(cv)
- cum2v.xtr_D()
- cum2v.conj()
- cv.copy(t)
- }
- else
- {
- w.copy(d)
- d.copy(e); d.fshr(1)
- e.copy(w)
- t.copy(cumv)
- t.xtr_D()
- cumv.copy(cum2v); cumv.conj()
- cum2v.copy(t); cum2v.conj()
- t.copy(cv)
- t.xtr_D()
- cv.copy(cu)
- cu.copy(t)
- }
- }
- if BIG.comp(d,e)<0
- {
- w.copy(d); w.imul(4); w.norm()
- if BIG.comp(e,w)<=0
- {
- e.sub(d); e.norm()
- t.copy(cv)
- t.xtr_A(cu,cumv,cum2v)
- cum2v.copy(cumv)
- cumv.copy(cu)
- cu.copy(t)
- }
- else if e.parity()==0
- {
- w.copy(d)
- d.copy(e); d.fshr(1)
- e.copy(w)
- t.copy(cumv)
- t.xtr_D()
- cumv.copy(cum2v); cumv.conj()
- cum2v.copy(t); cum2v.conj()
- t.copy(cv)
- t.xtr_D()
- cv.copy(cu)
- cu.copy(t)
- }
- else if d.parity()==1
- {
- w.copy(e)
- e.copy(d)
- w.sub(d); w.norm()
- d.copy(w); d.fshr(1)
- t.copy(cv)
- t.xtr_A(cu,cumv,cum2v)
- cumv.conj()
- cum2v.copy(cu)
- cum2v.xtr_D()
- cum2v.conj()
- cu.copy(cv)
- cu.xtr_D()
- cv.copy(t)
- }
- else
- {
- d.fshr(1)
- r.copy(cum2v); r.conj()
- t.copy(cumv)
- t.xtr_A(cu,cv,r)
- cum2v.copy(cumv)
- cum2v.xtr_D()
- cumv.copy(t)
- cu.xtr_D()
- }
- }
- }
- r.copy(cv)
- r.xtr_A(cu,cumv,cum2v)
- for var i=0;i<f2;i++
- {r.xtr_D()}
- r=r.xtr_pow(d)
- return r
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/swift/gcm.swift
----------------------------------------------------------------------
diff --git a/swift/gcm.swift b/swift/gcm.swift
deleted file mode 100644
index 85ee8fd..0000000
--- a/swift/gcm.swift
+++ /dev/null
@@ -1,314 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-//
-// gcm.swift
-//
-//
-// Created by Michael Scott on 23/06/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-import Foundation
-
-/*
-* Implementation of the AES-GCM Encryption/Authentication
-*
-* Some restrictions..
-* 1. Only for use with AES
-* 2. Returned tag is always 128-bits. Truncate at your own risk.
-* 3. The order of function calls must follow some rules
-*
-* Typical sequence of calls..
-* 1. call GCM_init
-* 2. call GCM_add_header any number of times, as long as length of header is multiple of 16 bytes (block size)
-* 3. call GCM_add_header one last time with any length of header
-* 4. call GCM_add_cipher any number of times, as long as length of cipher/plaintext is multiple of 16 bytes
-* 5. call GCM_add_cipher one last time with any length of cipher/plaintext
-* 6. call GCM_finish to extract the tag.
-*
-* See http://www.mindspring.com/~dmcgrew/gcm-nist-6.pdf
-*/
-
-final class GCM {
- static let NB:Int=4
- static let GCM_ACCEPTING_HEADER:Int=0
- static let GCM_ACCEPTING_CIPHER:Int=1
- static let GCM_NOT_ACCEPTING_MORE:Int=2
- static let GCM_FINISHED:Int=3
- static let GCM_ENCRYPTING:Int=0
- static let GCM_DECRYPTING:Int=1
-
- private var table=[[UInt32]](count:128,repeatedValue:[UInt32](count:4,repeatedValue:0)) /* 2k bytes */
- private var stateX=[UInt8](count:16,repeatedValue:0)
- private var Y_0=[UInt8](count:16,repeatedValue:0)
-
- private var counter:Int=0
- private var lenA=[UInt32](count:2,repeatedValue:0)
- private var lenC=[UInt32](count:2,repeatedValue:0)
- private var status:Int=0
- private var a=AES()
-
- private static func pack(b: [UInt8]) -> UInt32
- { /* pack bytes into a 32-bit Word */
- var r=((UInt32(b[0])&0xff)<<24)|((UInt32(b[1])&0xff)<<16)
- r = r|((UInt32(b[2])&0xff)<<8)|(UInt32(b[3])&0xff)
- return r
- }
-
- private static func unpack(a: UInt32) -> [UInt8]
- { /* unpack bytes from a word */
- let b:[UInt8]=[UInt8((a>>24)&0xff),UInt8((a>>16)&0xff),UInt8((a>>8)&0xff),UInt8(a&0xff)];
- return b
- }
-
- private func precompute(H: [UInt8])
- {
- var b=[UInt8](count:4,repeatedValue:0)
- var j=0
- for var i=0;i<GCM.NB;i++
- {
- b[0]=H[j]; b[1]=H[j+1]; b[2]=H[j+2]; b[3]=H[j+3];
- table[0][i]=GCM.pack(b);
- j+=4
- }
- for var i=1;i<128;i++
- {
- var c:UInt32=0
- for var j=0;j<GCM.NB;j++ {table[i][j]=c|(table[i-1][j])>>1; c=table[i-1][j]<<31;}
- if c != 0 {table[i][0]^=0xE1000000} /* irreducible polynomial */
- }
- }
-
- private func gf2mul()
- { /* gf2m mul - Z=H*X mod 2^128 */
- var P=[UInt32](count:4,repeatedValue:0)
-
- for var i=0;i<4;i++ {P[i]=0}
- var j=8; var m=0;
- for var i=0;i<128;i++
- {
- let c=(stateX[m]>>UInt8(--j))&1;
- if c != 0 {for var k=0;k<GCM.NB;k++ {P[k]^=table[i][k]}}
- if (j==0)
- {
- j=8; m++;
- if (m==16) {break}
- }
- }
- j=0
- for var i=0;i<GCM.NB;i++
- {
- var b=GCM.unpack(P[i])
- stateX[j]=b[0]; stateX[j+1]=b[1]; stateX[j+2]=b[2]; stateX[j+3]=b[3];
- j+=4
- }
- }
- private func wrap()
- { /* Finish off GHASH */
- var F=[UInt32](count:4,repeatedValue:0)
- var L=[UInt8](count:16,repeatedValue:0)
-
- /* convert lengths from bytes to bits */
- F[0]=(lenA[0]<<3)|(lenA[1]&0xE0000000)>>29
- F[1]=lenA[1]<<3;
- F[2]=(lenC[0]<<3)|(lenC[1]&0xE0000000)>>29
- F[3]=lenC[1]<<3;
- var j=0
- for var i=0;i<GCM.NB;i++
- {
- var b=GCM.unpack(F[i]);
- L[j]=b[0]; L[j+1]=b[1]; L[j+2]=b[2]; L[j+3]=b[3]
- j+=4
- }
- for var i=0;i<16;i++ {stateX[i]^=L[i]}
- gf2mul()
- }
-
- private func ghash(plain: [UInt8],_ len: Int) -> Bool
- {
- // var B=[UInt8](count:16,repeatedValue:0)
-
- if status==GCM.GCM_ACCEPTING_HEADER {status=GCM.GCM_ACCEPTING_CIPHER}
- if (status != GCM.GCM_ACCEPTING_CIPHER) {return false}
-
- var j=0;
- while (j<len)
- {
- for var i=0;i<16 && j<len;i++
- {
- stateX[i]^=plain[j++];
- lenC[1]++; if lenC[1]==0 {lenC[0]++}
- }
- gf2mul();
- }
- if len%16 != 0 {status=GCM.GCM_NOT_ACCEPTING_MORE}
- return true;
- }
-
- /* Initialize GCM mode */
- func init_it(key: [UInt8],_ niv: Int,_ iv: [UInt8])
- { /* iv size niv is usually 12 bytes (96 bits). AES key size nk can be 16,24 or 32 bytes */
- var H=[UInt8](count:16,repeatedValue:0)
-
- for var i=0;i<16;i++ {H[i]=0; stateX[i]=0}
-
- a.init_it(AES.ECB,key,iv)
- a.ecb_encrypt(&H); /* E(K,0) */
- precompute(H)
-
- lenA[0]=0;lenC[0]=0;lenA[1]=0;lenC[1]=0;
- if (niv==12)
- {
- for var i=0;i<12;i++ {a.f[i]=iv[i]}
- var b=GCM.unpack(UInt32(1))
- a.f[12]=b[0]; a.f[13]=b[1]; a.f[14]=b[2]; a.f[15]=b[3]; /* initialise IV */
- for var i=0;i<16;i++ {Y_0[i]=a.f[i]}
- }
- else
- {
- status=GCM.GCM_ACCEPTING_CIPHER;
- ghash(iv,niv) /* GHASH(H,0,IV) */
- wrap()
- for var i=0;i<16;i++ {a.f[i]=stateX[i];Y_0[i]=a.f[i];stateX[i]=0}
- lenA[0]=0;lenC[0]=0;lenA[1]=0;lenC[1]=0;
- }
- status=GCM.GCM_ACCEPTING_HEADER;
- }
-
- /* Add Header data - included but not encrypted */
- func add_header(header: [UInt8],_ len: Int) -> Bool
- { /* Add some header. Won't be encrypted, but will be authenticated. len is length of header */
- if status != GCM.GCM_ACCEPTING_HEADER {return false}
-
- var j=0
- while (j<len)
- {
- for var i=0;i<16 && j<len;i++
- {
- stateX[i]^=header[j++];
- lenA[1]++; if lenA[1]==0 {lenA[0]++}
- }
- gf2mul();
- }
- if len%16 != 0 {status=GCM.GCM_ACCEPTING_CIPHER}
- return true;
- }
- /* Add Plaintext - included and encrypted */
- func add_plain(plain: [UInt8],_ len: Int) -> [UInt8]
- {
- var B=[UInt8](count:16,repeatedValue:0)
- var b=[UInt8](count:4,repeatedValue:0)
-
- var cipher=[UInt8](count:len,repeatedValue:0)
- var counter:UInt32=0
- if status == GCM.GCM_ACCEPTING_HEADER {status=GCM.GCM_ACCEPTING_CIPHER}
- if status != GCM.GCM_ACCEPTING_CIPHER {return [UInt8]()}
-
- var j=0
- while (j<len)
- {
-
- b[0]=a.f[12]; b[1]=a.f[13]; b[2]=a.f[14]; b[3]=a.f[15];
- counter=GCM.pack(b);
- counter++;
- b=GCM.unpack(counter);
- a.f[12]=b[0]; a.f[13]=b[1]; a.f[14]=b[2]; a.f[15]=b[3]; /* increment counter */
- for var i=0;i<16;i++ {B[i]=a.f[i]}
- a.ecb_encrypt(&B); /* encrypt it */
-
- for var i=0;i<16 && j<len;i++
- {
- cipher[j]=(plain[j]^B[i]);
- stateX[i]^=cipher[j++];
- lenC[1]++; if lenC[1]==0 {lenC[0]++}
- }
- gf2mul();
- }
- if len%16 != 0 {status=GCM.GCM_NOT_ACCEPTING_MORE}
- return cipher;
- }
- /* Add Ciphertext - decrypts to plaintext */
- func add_cipher(cipher: [UInt8],_ len: Int) -> [UInt8]
- {
- var B=[UInt8](count:16,repeatedValue:0)
- var b=[UInt8](count:4,repeatedValue:0)
-
- var plain=[UInt8](count:len,repeatedValue:0)
- var counter:UInt32=0
-
- if status==GCM.GCM_ACCEPTING_HEADER {status=GCM.GCM_ACCEPTING_CIPHER}
- if status != GCM.GCM_ACCEPTING_CIPHER {return [UInt8]()}
-
- var j=0
- while (j<len)
- {
-
- b[0]=a.f[12]; b[1]=a.f[13]; b[2]=a.f[14]; b[3]=a.f[15];
- counter=GCM.pack(b);
- counter++;
- b=GCM.unpack(counter);
- a.f[12]=b[0]; a.f[13]=b[1]; a.f[14]=b[2]; a.f[15]=b[3]; /* increment counter */
- for var i=0;i<16;i++ {B[i]=a.f[i]}
- a.ecb_encrypt(&B); /* encrypt it */
- for var i=0;i<16 && j<len;i++
- {
- plain[j]=(cipher[j]^B[i]);
- stateX[i]^=cipher[j++];
- lenC[1]++; if lenC[1]==0 {lenC[0]++}
- }
- gf2mul()
- }
- if len%16 != 0 {status=GCM.GCM_NOT_ACCEPTING_MORE}
- return plain;
- }
-
- /* Finish and extract Tag */
- func finish(extract: Bool) -> [UInt8]
- { /* Finish off GHASH and extract tag (MAC) */
- var tag=[UInt8](count:16,repeatedValue:0)
-
- wrap();
- /* extract tag */
- if (extract)
- {
- a.ecb_encrypt(&Y_0); /* E(K,Y0) */
- for var i=0;i<16;i++ {Y_0[i]^=stateX[i]}
- for var i=0;i<16;i++ {tag[i]=Y_0[i];Y_0[i]=0;stateX[i]=0;}
- }
- status=GCM.GCM_FINISHED;
- a.end();
- return tag;
- }
-
- static func hex2bytes(s: String) -> [UInt8]
- {
- var array=Array(arrayLiteral: s)
- let len=array.count;
- var data=[UInt8](count:len/2,repeatedValue:0)
-
- for var i=0;i<len;i+=2
- {
- data[i / 2] = UInt8(strtoul(String(array[i]),nil,16)<<4)+UInt8(strtoul(String(array[i+1]),nil,16))
- }
- return data;
- }
-
-
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/swift/hash.swift
----------------------------------------------------------------------
diff --git a/swift/hash.swift b/swift/hash.swift
deleted file mode 100644
index 1768971..0000000
--- a/swift/hash.swift
+++ /dev/null
@@ -1,188 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-//
-// hash.swift
-//
-//
-// Created by Michael Scott on 17/06/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-// SHA256 Implementation
-//
-
-final class HASH{
-
- private var length=[UInt32](count:2,repeatedValue:0)
- private var h=[UInt32](count:8,repeatedValue:0)
- private var w=[UInt32](count:64,repeatedValue:0)
- static let H0:UInt32=0x6A09E667
- static let H1:UInt32=0xBB67AE85
- static let H2:UInt32=0x3C6EF372
- static let H3:UInt32=0xA54FF53A
- static let H4:UInt32=0x510E527F
- static let H5:UInt32=0x9B05688C
- static let H6:UInt32=0x1F83D9AB
- static let H7:UInt32=0x5BE0CD19
-
- static let len:Int=32
-
- static let K:[UInt32]=[
- 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5,0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5,
- 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3,0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174,
- 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc,0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da,
- 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7,0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967,
- 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13,0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85,
- 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3,0xd192e819,0xd6990624,0xf40e3585,0x106aa070,
- 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5,0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3,
- 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208,0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2]
-
-
- private static func S(n: UInt32,_ x: UInt32) -> UInt32
- {
- return ((x>>n)|(x<<(32-n)))
- }
-
- private static func R(n: UInt32,_ x: UInt32) -> UInt32
- {
- return (x>>n)
- }
-
- private static func Ch(x: UInt32,_ y: UInt32,_ z:UInt32) -> UInt32
- {
- return ((x&y)^(~(x)&z))
- }
-
- private static func Maj(x: UInt32,_ y: UInt32,_ z:UInt32) -> UInt32
- {
- return ((x&y)^(x&z)^(y&z))
- }
-
- private static func Sig0(x: UInt32) -> UInt32
- {
- return (S(2,x)^S(13,x)^S(22,x))
- }
-
- private static func Sig1(x: UInt32) -> UInt32
- {
- return (S(6,x)^S(11,x)^S(25,x))
- }
-
- private static func theta0(x: UInt32) -> UInt32
- {
- return (S(7,x)^S(18,x)^R(3,x))
- }
-
- private static func theta1(x: UInt32) -> UInt32
- {
- return (S(17,x)^S(19,x)^R(10,x))
- }
-
- private func transform()
- { /* basic transformation step */
- var a,b,c,d,e,f,g,hh,t1,t2 :UInt32
- var j:Int
- for j=16;j<64;j++
- {
- w[j]=HASH.theta1(w[j-2])&+w[j-7]&+HASH.theta0(w[j-15])&+w[j-16]
- }
- a=h[0]; b=h[1]; c=h[2]; d=h[3]
- e=h[4]; f=h[5]; g=h[6]; hh=h[7]
-
- for j=0;j<64;j++
- { /* 64 times - mush it up */
- t1=hh&+HASH.Sig1(e)&+HASH.Ch(e,f,g)&+HASH.K[j]&+w[j]
- t2=HASH.Sig0(a)&+HASH.Maj(a,b,c)
- hh=g; g=f; f=e;
- e=d&+t1;
- d=c;
- c=b;
- b=a;
- a=t1&+t2;
- }
- h[0]=h[0]&+a; h[1]=h[1]&+b; h[2]=h[2]&+c; h[3]=h[3]&+d
- h[4]=h[4]&+e; h[5]=h[5]&+f; h[6]=h[6]&+g; h[7]=h[7]&+hh;
- }
-
- /* Re-Initialise Hash function */
- func init_it()
- { /* initialise */
- for var i=0;i<64;i++ {w[i]=0}
- length[0]=0; length[1]=0
- h[0]=HASH.H0;
- h[1]=HASH.H1;
- h[2]=HASH.H2;
- h[3]=HASH.H3;
- h[4]=HASH.H4;
- h[5]=HASH.H5;
- h[6]=HASH.H6;
- h[7]=HASH.H7;
- }
-
- init()
- {
- init_it()
- }
-
- /* process a single byte */
- func process(byt: UInt8)
- { /* process the next message byte */
- let cnt=Int((length[0]/32)%16)
- w[cnt]<<=8;
- w[cnt]|=(UInt32(byt)&0xFF);
- length[0]+=8;
- if (length[0]==0) { length[1]++; length[0]=0 }
- if ((length[0]%512)==0) {transform()}
- }
-
- /* process an array of bytes */
- func process_array(b: [UInt8])
- {
- for var i=0;i<b.count;i++ {process((b[i]))}
- }
-
- /* process a 32-bit integer */
- func process_num(n:Int32)
- {
- process(UInt8((n>>24)&0xff))
- process(UInt8((n>>16)&0xff))
- process(UInt8((n>>8)&0xff))
- process(UInt8(n&0xff))
- }
-
- /* Generate 32-byte Hash */
- func hash() -> [UInt8]
- { /* pad message and finish - supply digest */
- var digest=[UInt8](count:32,repeatedValue:0)
-
- let len0=length[0]
- let len1=length[1]
- process(0x80);
- while ((length[0]%512) != 448) {process(0)}
- w[14]=UInt32(len1)
- w[15]=len0;
- transform()
- for var i=0;i<HASH.len;i++
- { /* convert to bytes */
- digest[i]=UInt8((h[i/4]>>(8*(3-UInt32(i)%4))) & 0xff);
- }
- init_it();
- return digest;
- }
-
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/swift/main.swift
----------------------------------------------------------------------
diff --git a/swift/main.swift b/swift/main.swift
deleted file mode 100644
index a9bf70a..0000000
--- a/swift/main.swift
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-//
-// main.swift
-//
-//
-// Created by Michael Scott on 12/06/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-TestRSA()
-TestECDH()
-TestMPIN()
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/swift/mpin.swift
----------------------------------------------------------------------
diff --git a/swift/mpin.swift b/swift/mpin.swift
deleted file mode 100644
index 66c876e..0000000
--- a/swift/mpin.swift
+++ /dev/null
@@ -1,728 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-//
-// mpin.swift
-//
-//
-// Created by Michael Scott on 08/07/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-import Foundation
-
-final public class MPIN
-{
- static public let EFS=Int(ROM.MODBYTES)
- static public let EGS=Int(ROM.MODBYTES)
- static public let PAS:Int=16
- static let INVALID_POINT:Int = -14
- static let BAD_PARAMS:Int = -11
- static let WRONG_ORDER:Int = -18
- static public let BAD_PIN:Int = -19
-
- /* Configure your PIN here */
-
- static let MAXPIN:Int32 = 10000 /* PIN less than this */
- static let PBLEN:Int32 = 14 /* Number of bits in PIN */
- static let TS:Int = 10 /* 10 for 4 digit PIN, 14 for 6-digit PIN - 2^TS/TS approx = sqrt(MAXPIN) */
- static let TRAP:Int = 200 /* 200 for 4 digit PIN, 2000 for 6-digit PIN - approx 2*sqrt(MAXPIN) */
-
- /* Hash number (optional) and string to point on curve */
-
- private static func hashit(n:Int32,_ ID:[UInt8]) -> [UInt8]
- {
- let H=HASH()
- if n != 0 {H.process_num(n)}
- H.process_array(ID)
- let h=H.hash()
- return h
- }
-
- static func mapit(h:[UInt8]) -> ECP
- {
- let q=BIG(ROM.Modulus)
- let x=BIG.fromBytes(h)
- x.mod(q)
- var P=ECP(x,0)
- while (true)
- {
- if !P.is_infinity() {break}
- x.inc(1); x.norm();
- P=ECP(x,0);
- }
- return P
- }
-
- /* needed for SOK */
- static func mapit2(h:[UInt8]) -> ECP2
- {
- let q=BIG(ROM.Modulus)
- var x=BIG.fromBytes(h)
- let one=BIG(1)
- var Q=ECP2()
- x.mod(q);
- while (true)
- {
- let X=FP2(one,x);
- Q=ECP2(X);
- if !Q.is_infinity() {break}
- x.inc(1); x.norm();
- }
- /* Fast Hashing to G2 - Fuentes-Castaneda, Knapp and Rodriguez-Henriquez */
- let Fra=BIG(ROM.CURVE_Fra);
- let Frb=BIG(ROM.CURVE_Frb);
- let X=FP2(Fra,Frb);
- x=BIG(ROM.CURVE_Bnx);
-
- let T=ECP2(); T.copy(Q)
- T.mul(x); T.neg()
- let K=ECP2(); K.copy(T)
- K.dbl(); K.add(T); K.affine()
-
- K.frob(X)
- Q.frob(X); Q.frob(X); Q.frob(X)
- Q.add(T); Q.add(K)
- T.frob(X); T.frob(X)
- Q.add(T)
- Q.affine()
- return Q
- }
-
- /* return time in slots since epoch */
- static public func today() -> Int32
- {
- let date=NSDate()
- return (Int32(date.timeIntervalSince1970/(60*1440)))
- }
-
- /* these next two functions help to implement elligator squared - http://eprint.iacr.org/2014/043 */
- /* maps a random u to a point on the curve */
- static func map(u:BIG,_ cb:Int32) -> ECP
- {
- let x=BIG(u)
- let p=BIG(ROM.Modulus)
- x.mod(p)
- var P=ECP(x,cb)
- while (true)
- {
- if !P.is_infinity() {break}
- x.inc(1); x.norm()
- P=ECP(x,cb)
- }
- return P
- }
-
- /* returns u derived from P. Random value in range 1 to return value should then be added to u */
- static func unmap(inout u:BIG,_ P:ECP) -> Int32
- {
- let s=P.getS()
- var r:Int32=0
- let x=P.getX()
- u.copy(x)
- var R=ECP()
- while (true)
- {
- u.dec(1); u.norm()
- r++
- R=ECP(u,s)
- if !R.is_infinity() {break}
- }
- return r
- }
-
- static public func HASH_ID(ID:[UInt8]) -> [UInt8]
- {
- return hashit(0,ID)
- }
-
- /* these next two functions implement elligator squared - http://eprint.iacr.org/2014/043 */
- /* Elliptic curve point E in format (0x04,x,y} is converted to form {0x0-,u,v} */
- /* Note that u and v are indistinguisible from random strings */
- static public func ENCODING(rng:RAND,inout _ E:[UInt8]) -> Int
- {
- var T=[UInt8](count:EFS,repeatedValue:0)
-
- for var i=0;i<EFS;i++ {T[i]=E[i+1]}
- var u=BIG.fromBytes(T);
- for var i=0;i<EFS;i++ {T[i]=E[i+EFS+1]}
- var v=BIG.fromBytes(T)
-
- let P=ECP(u,v);
- if P.is_infinity() {return INVALID_POINT}
-
- let p=BIG(ROM.Modulus)
- u=BIG.randomnum(p,rng)
-
- var su=rng.getByte();
- su%=2
-
- let W=MPIN.map(u,Int32(su))
- P.sub(W);
- let sv=P.getS();
- let rn=MPIN.unmap(&v,P)
- let m=rng.getByte();
- let incr:Int32=1+Int32(m)%rn
- v.inc(incr)
- E[0]=(su+UInt8(2*sv))
- u.toBytes(&T)
- for var i=0;i<EFS;i++ {E[i+1]=T[i]}
- v.toBytes(&T)
- for var i=0;i<EFS;i++ {E[i+EFS+1]=T[i]}
-
- return 0;
- }
-
- static public func DECODING(inout D:[UInt8]) -> Int
- {
- var T=[UInt8](count:EFS,repeatedValue:0)
-
- if (D[0]&0x04) != 0 {return INVALID_POINT}
-
- for var i=0;i<EFS;i++ {T[i]=D[i+1]}
- var u=BIG.fromBytes(T)
- for var i=0;i<EFS;i++ {T[i]=D[i+EFS+1]}
- var v=BIG.fromBytes(T)
-
- let su=D[0]&1
- let sv=(D[0]>>1)&1
- let W=map(u,Int32(su))
- let P=map(v,Int32(sv))
- P.add(W)
- u=P.getX()
- v=P.getY()
- D[0]=0x04
- u.toBytes(&T);
- for var i=0;i<EFS;i++ {D[i+1]=T[i]}
- v.toBytes(&T)
- for var i=0;i<EFS;i++ {D[i+EFS+1]=T[i]}
-
- return 0
- }
- /* R=R1+R2 in group G1 */
- static public func RECOMBINE_G1(R1:[UInt8],_ R2:[UInt8],inout _ R:[UInt8]) -> Int
- {
- let P=ECP.fromBytes(R1)
- let Q=ECP.fromBytes(R2)
-
- if P.is_infinity() || Q.is_infinity() {return INVALID_POINT}
-
- P.add(Q)
-
- P.toBytes(&R)
- return 0;
- }
- /* W=W1+W2 in group G2 */
- static public func RECOMBINE_G2(W1:[UInt8],_ W2:[UInt8],inout _ W:[UInt8]) -> Int
- {
- let P=ECP2.fromBytes(W1)
- let Q=ECP2.fromBytes(W2)
-
- if P.is_infinity() || Q.is_infinity() {return INVALID_POINT}
-
- P.add(Q)
-
- P.toBytes(&W)
- return 0
- }
- /* create random secret S */
- static public func RANDOM_GENERATE(rng:RAND,inout _ S:[UInt8]) -> Int
- {
- let r=BIG(ROM.CURVE_Order)
- let s=BIG.randomnum(r,rng)
-
- s.toBytes(&S);
- return 0;
- }
- /* Extract PIN from TOKEN for identity CID */
- static public func EXTRACT_PIN(CID:[UInt8],_ pin:Int32,inout _ TOKEN:[UInt8]) -> Int
- {
- let P=ECP.fromBytes(TOKEN)
- if P.is_infinity() {return INVALID_POINT}
- let h=MPIN.hashit(0,CID)
- var R=MPIN.mapit(h)
-
-
- R=R.pinmul(pin%MAXPIN,MPIN.PBLEN)
- P.sub(R)
-
- P.toBytes(&TOKEN)
-
- return 0
- }
- /* Implement step 2 on client side of MPin protocol */
- static public func CLIENT_2(X:[UInt8],_ Y:[UInt8],inout _ SEC:[UInt8]) -> Int
- {
- let r=BIG(ROM.CURVE_Order)
- let P=ECP.fromBytes(SEC)
- if P.is_infinity() {return INVALID_POINT}
-
- let px=BIG.fromBytes(X)
- let py=BIG.fromBytes(Y)
- px.add(py)
- px.mod(r)
- px.rsub(r)
-
- PAIR.G1mul(P,px).toBytes(&SEC)
- return 0
- }
-
- /* Implement step 1 on client side of MPin protocol */
- static public func CLIENT_1(date:Int32,_ CLIENT_ID:[UInt8],_ rng:RAND?,inout _ X:[UInt8],_ pin:Int32,_ TOKEN:[UInt8],inout _ SEC:[UInt8],inout _ xID:[UInt8]?,inout _ xCID:[UInt8]?,_ PERMIT:[UInt8]) -> Int
- {
- let r=BIG(ROM.CURVE_Order)
- // let q=BIG(ROM.Modulus)
- var x:BIG
- if rng != nil
- {
- x=BIG.randomnum(r,rng!)
- x.toBytes(&X);
- }
- else
- {
- x=BIG.fromBytes(X);
- }
- // var t=[UInt8](count:EFS,repeatedValue:0)
-
- var h=MPIN.hashit(0,CLIENT_ID)
- var P=mapit(h);
-
- let T=ECP.fromBytes(TOKEN);
- if T.is_infinity() {return INVALID_POINT}
-
- var W=P.pinmul(pin%MPIN.MAXPIN,MPIN.PBLEN)
- T.add(W)
- if date != 0
- {
- W=ECP.fromBytes(PERMIT)
- if W.is_infinity() {return INVALID_POINT}
- T.add(W);
- h=MPIN.hashit(date,h)
- W=MPIN.mapit(h);
- if xID != nil
- {
- P=PAIR.G1mul(P,x)
- P.toBytes(&xID!)
- W=PAIR.G1mul(W,x)
- P.add(W)
- }
- else
- {
- P.add(W);
- P=PAIR.G1mul(P,x);
- }
- if xCID != nil {P.toBytes(&xCID!)}
- }
- else
- {
- if xID != nil
- {
- P=PAIR.G1mul(P,x)
- P.toBytes(&xID!)
- }
- }
-
-
- T.toBytes(&SEC);
- return 0;
- }
- /* Extract Server Secret SST=S*Q where Q is fixed generator in G2 and S is master secret */
- static public func GET_SERVER_SECRET(S:[UInt8],inout _ SST:[UInt8]) -> Int
- {
- var Q=ECP2(FP2(BIG(ROM.CURVE_Pxa),BIG(ROM.CURVE_Pxb)),FP2(BIG(ROM.CURVE_Pya),BIG(ROM.CURVE_Pyb)))
-
- let s=BIG.fromBytes(S)
- Q=PAIR.G2mul(Q,s)
- Q.toBytes(&SST)
- return 0
- }
-
- /*
- W=x*H(G);
- if RNG == NULL then X is passed in
- if RNG != NULL the X is passed out
- if type=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve
- */
- static public func GET_G1_MULTIPLE(rng:RAND?,_ type:Int,inout _ X:[UInt8],_ G:[UInt8],inout _ W:[UInt8]) -> Int
- {
- var x:BIG
- let r=BIG(ROM.CURVE_Order)
- if rng != nil
- {
- x=BIG.randomnum(r,rng!)
- x.toBytes(&X)
- }
- else
- {
- x=BIG.fromBytes(X);
- }
- var P:ECP
- if type==0
- {
- P=ECP.fromBytes(G)
- if P.is_infinity() {return INVALID_POINT}
- }
- else
- {P=MPIN.mapit(G)}
-
- PAIR.G1mul(P,x).toBytes(&W)
- return 0;
- }
- /* Client secret CST=S*H(CID) where CID is client ID and S is master secret */
- /* CID is hashed externally */
- static public func GET_CLIENT_SECRET(inout S:[UInt8],_ CID:[UInt8],inout _ CST:[UInt8]) -> Int
- {
- return GET_G1_MULTIPLE(nil,1,&S,CID,&CST)
- }
- /* Time Permit CTT=S*(date|H(CID)) where S is master secret */
- static public func GET_CLIENT_PERMIT(date:Int32,_ S:[UInt8],_ CID:[UInt8],inout _ CTT:[UInt8]) -> Int
- {
- let h=MPIN.hashit(date,CID)
- let P=MPIN.mapit(h)
-
- let s=BIG.fromBytes(S)
- PAIR.G1mul(P,s).toBytes(&CTT)
- return 0;
- }
-
- /* Outputs H(CID) and H(T|H(CID)) for time permits. If no time permits set HID=HTID */
- static public func SERVER_1(date:Int32,_ CID:[UInt8],inout _ HID:[UInt8]?,inout _ HTID:[UInt8])
- {
- var h=MPIN.hashit(0,CID)
- let P=MPIN.mapit(h)
-
- if date != 0
- {
- if HID != nil {P.toBytes(&HID!)}
- h=hashit(date,h)
- let R=MPIN.mapit(h)
- P.add(R)
- P.toBytes(&HTID)
- }
- else {P.toBytes(&HID!)}
- }
- /* Implement step 2 of MPin protocol on server side */
- static public func SERVER_2(date:Int32,_ HID:[UInt8]?,_ HTID:[UInt8],_ Y:[UInt8],_ SST:[UInt8],_ xID:[UInt8]?,_ xCID:[UInt8],_ mSEC:[UInt8],inout _ E:[UInt8]?,inout _ F:[UInt8]?) -> Int
- {
- _=BIG(ROM.Modulus);
- let Q=ECP2(FP2(BIG(ROM.CURVE_Pxa),BIG(ROM.CURVE_Pxb)),FP2(BIG(ROM.CURVE_Pya),BIG(ROM.CURVE_Pyb)))
- let sQ=ECP2.fromBytes(SST)
- if sQ.is_infinity() {return INVALID_POINT}
-
- var R:ECP
- if date != 0
- {R=ECP.fromBytes(xCID)}
- else
- {
- if xID==nil {return MPIN.BAD_PARAMS}
- R=ECP.fromBytes(xID!)
- }
- if R.is_infinity() {return INVALID_POINT}
-
- let y=BIG.fromBytes(Y)
- var P:ECP
- if date != 0 {P=ECP.fromBytes(HTID)}
- else
- {
- if HID==nil {return MPIN.BAD_PARAMS}
- P=ECP.fromBytes(HID!)
- }
-
- if P.is_infinity() {return INVALID_POINT}
-
- P=PAIR.G1mul(P,y)
- P.add(R)
- R=ECP.fromBytes(mSEC)
- if R.is_infinity() {return MPIN.INVALID_POINT}
-
-
- var g=PAIR.ate2(Q,R,sQ,P)
- g=PAIR.fexp(g)
-
- if !g.isunity()
- {
- if HID != nil && xID != nil && E != nil && F != nil
- {
- g.toBytes(&E!)
- if date != 0
- {
- P=ECP.fromBytes(HID!)
- if P.is_infinity() {return MPIN.INVALID_POINT}
- R=ECP.fromBytes(xID!)
- if R.is_infinity() {return MPIN.INVALID_POINT}
-
- P=PAIR.G1mul(P,y);
- P.add(R);
- }
- g=PAIR.ate(Q,P);
- g=PAIR.fexp(g);
- g.toBytes(&F!);
- }
- return MPIN.BAD_PIN;
- }
-
- return 0
- }
- /* Pollards kangaroos used to return PIN error */
- static public func KANGAROO(E:[UInt8],_ F:[UInt8]) -> Int
- {
- let ge=FP12.fromBytes(E)
- let gf=FP12.fromBytes(F)
- var distance=[Int]();
- let t=FP12(gf);
- var table=[FP12]()
-
- var s:Int=1
- for var m=0;m<Int(TS);m++
- {
- distance.append(s)
- table.append(FP12(t))
- s*=2
- t.usqr()
-
- }
- t.one()
- var dn:Int=0
- for var j=0;j<TRAP;j++
- {
- let i=Int(t.geta().geta().getA().lastbits(8))%TS
- t.mul(table[i])
- dn+=distance[i]
- }
- gf.copy(t); gf.conj()
- var steps=0; var dm:Int=0
- var res=0;
- while (dm-dn<Int(MAXPIN))
- {
- steps++;
- if steps>4*TRAP {break}
- let i=Int(ge.geta().geta().getA().lastbits(8))%TS
- ge.mul(table[i])
- dm+=distance[i]
- if (ge.equals(t))
- {
- res=dm-dn;
- break;
- }
- if (ge.equals(gf))
- {
- res=dn-dm
- break
- }
-
- }
- if steps>4*TRAP || dm-dn>=Int(MAXPIN) {res=0 } // Trap Failed - probable invalid token
- return res
- }
- /* Functions to support M-Pin Full */
-
- static public func PRECOMPUTE(TOKEN:[UInt8],_ CID:[UInt8],inout _ G1:[UInt8],inout _ G2:[UInt8]) -> Int
- {
- let T=ECP.fromBytes(TOKEN);
- if T.is_infinity() {return INVALID_POINT}
-
- let P=MPIN.mapit(CID)
-
- let Q=ECP2(FP2(BIG(ROM.CURVE_Pxa),BIG(ROM.CURVE_Pxb)),FP2(BIG(ROM.CURVE_Pya),BIG(ROM.CURVE_Pyb)))
-
- var g=PAIR.ate(Q,T)
- g=PAIR.fexp(g)
- g.toBytes(&G1)
-
- g=PAIR.ate(Q,P)
- g=PAIR.fexp(g)
- g.toBytes(&G2)
-
- return 0
- }
-
- /* calculate common key on client side */
- /* wCID = w.(A+AT) */
- static public func CLIENT_KEY(G1:[UInt8],_ G2:[UInt8],_ pin:Int32,_ R:[UInt8],_ X:[UInt8],_ wCID:[UInt8],inout _ CK:[UInt8]) -> Int
- {
- let H=HASH()
- var t=[UInt8](count:EFS,repeatedValue:0)
-
- let g1=FP12.fromBytes(G1)
- let g2=FP12.fromBytes(G2)
- let z=BIG.fromBytes(R)
- let x=BIG.fromBytes(X)
-
- var W=ECP.fromBytes(wCID)
- if W.is_infinity() {return INVALID_POINT}
-
- W=PAIR.G1mul(W,x)
-
- let f=FP2(BIG(ROM.CURVE_Fra),BIG(ROM.CURVE_Frb))
- let r=BIG(ROM.CURVE_Order)
- let q=BIG(ROM.Modulus)
-
- let m=BIG(q)
- m.mod(r)
-
- let a=BIG(z)
- a.mod(m)
-
- let b=BIG(z)
- b.div(m);
-
- g2.pinpow(pin,PBLEN);
- g1.mul(g2);
-
- var c=g1.trace()
- g2.copy(g1)
- g2.frob(f)
- let cp=g2.trace()
- g1.conj()
- g2.mul(g1)
- let cpm1=g2.trace()
- g2.mul(g1)
- let cpm2=g2.trace()
-
- c=c.xtr_pow2(cp,cpm1,cpm2,a,b)
-
- c.geta().getA().toBytes(&t)
- H.process_array(t)
- c.geta().getB().toBytes(&t)
- H.process_array(t)
- c.getb().getA().toBytes(&t)
- H.process_array(t)
- c.getb().getB().toBytes(&t)
- H.process_array(t);
-
- W.getX().toBytes(&t)
- H.process_array(t)
- W.getY().toBytes(&t)
- H.process_array(t)
-
- t=H.hash()
- for var i=0;i<MPIN.PAS;i++ {CK[i]=t[i]}
-
- return 0
- }
- /* calculate common key on server side */
- /* Z=r.A - no time permits involved */
-
- static public func SERVER_KEY(Z:[UInt8],_ SST:[UInt8],_ W:[UInt8],_ xID:[UInt8],_ xCID:[UInt8]?,inout _ SK:[UInt8]) -> Int
- {
- let H=HASH();
- var t=[UInt8](count:EFS,repeatedValue:0)
-
- let sQ=ECP2.fromBytes(SST)
- if sQ.is_infinity() {return INVALID_POINT}
- let R=ECP.fromBytes(Z)
- if R.is_infinity() {return INVALID_POINT}
-
- var U:ECP
- if xCID != nil
- {U=ECP.fromBytes(xCID!)}
- else
- {U=ECP.fromBytes(xID)}
-
- if U.is_infinity() {return INVALID_POINT}
-
- let w=BIG.fromBytes(W)
- U=PAIR.G1mul(U,w)
- var g=PAIR.ate(sQ,R)
- g=PAIR.fexp(g)
-
- let c=g.trace()
- c.geta().getA().toBytes(&t)
- H.process_array(t)
- c.geta().getB().toBytes(&t)
- H.process_array(t)
- c.getb().getA().toBytes(&t)
- H.process_array(t)
- c.getb().getB().toBytes(&t)
- H.process_array(t);
-
- U.getX().toBytes(&t)
- H.process_array(t)
- U.getY().toBytes(&t)
- H.process_array(t)
-
- t=H.hash()
- for var i=0;i<MPIN.PAS;i++ {SK[i]=t[i]}
-
- return 0
- }
-
- /* return time since epoch */
- static public func GET_TIME() -> Int32
- {
- let date=NSDate()
- return (Int32(date.timeIntervalSince1970))
- }
-
- /* Generate Y = H(epoch, xCID/xID) */
- static public func GET_Y(TimeValue:Int32,_ xCID:[UInt8],inout _ Y:[UInt8])
- {
- let h = MPIN.hashit(TimeValue,xCID)
- let y = BIG.fromBytes(h)
- let q=BIG(ROM.CURVE_Order)
- y.mod(q)
- y.toBytes(&Y)
- }
- /* One pass MPIN Client */
- static public func CLIENT(date:Int32,_ CLIENT_ID:[UInt8],_ RNG:RAND?,inout _ X:[UInt8],_ pin:Int32,_ TOKEN:[UInt8],inout _ SEC:[UInt8],inout _ xID:[UInt8]?,inout _ xCID:[UInt8]?,_ PERMIT:[UInt8],_ TimeValue:Int32,inout _ Y:[UInt8]) -> Int
- {
- var rtn=0
-
- rtn = MPIN.CLIENT_1(date,CLIENT_ID,RNG,&X,pin,TOKEN,&SEC,&xID,&xCID,PERMIT)
-
- if rtn != 0 {return rtn}
-
- if date==0 {MPIN.GET_Y(TimeValue,xID!,&Y)}
- else {MPIN.GET_Y(TimeValue,xCID!,&Y)}
-
- rtn = MPIN.CLIENT_2(X,Y,&SEC)
- if (rtn != 0) {return rtn}
-
- return 0
- }
- /* One pass MPIN Server */
- static public func SERVER(date:Int32,inout _ HID:[UInt8]?,inout _ HTID:[UInt8],inout _ Y:[UInt8],_ SST:[UInt8],_ xID:[UInt8]?,_ xCID:[UInt8],_ SEC:[UInt8],inout _ E:[UInt8]?,inout _ F:[UInt8]?,_ CID:[UInt8],_ TimeValue:Int32) -> Int
- {
- var rtn=0
-
- var pID:[UInt8]
- if date == 0
- {pID = xID!}
- else
- {pID = xCID}
-
- SERVER_1(date,CID,&HID,&HTID);
-
- GET_Y(TimeValue,pID,&Y);
-
- rtn = SERVER_2(date,HID,HTID,Y,SST,xID,xCID,SEC,&E,&F);
- if rtn != 0 {return rtn}
-
- return 0
- }
-
- static public func printBinary(array: [UInt8])
- {
- for var i=0;i<array.count;i++
- {
- let h=String(format:"%02x",array[i])
- print("\(h)", terminator: "")
- }
- print(" ");
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/swift/pair.swift
----------------------------------------------------------------------
diff --git a/swift/pair.swift b/swift/pair.swift
deleted file mode 100644
index f768d36..0000000
--- a/swift/pair.swift
+++ /dev/null
@@ -1,501 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-//
-// pair.swift
-//
-//
-// Created by Michael Scott on 07/07/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-/* CLINT BN Curve Pairing functions */
-
-final class PAIR {
-
- /* Line function */
- static func line(A:ECP2,_ B:ECP2,_ Qx:FP,_ Qy:FP) -> FP12
- {
- let P=ECP2()
- var a:FP4
- var b:FP4
- var c:FP4
- P.copy(A);
- let ZZ=FP2(P.getz())
- ZZ.sqr();
- var D:Int
- if A===B {D=A.dbl()} /* Check this return value in clint_ec2.c */
- else {D=A.add(B)}
- if (D<0) {return FP12(1)}
- let Z3=FP2(A.getz())
- c=FP4(0)
- if D==0
- { /* Addition */
- let X=FP2(B.getx())
- let Y=FP2(B.gety())
- let T=FP2(P.getz())
- T.mul(Y)
- ZZ.mul(T)
-
- let NY=FP2(P.gety()); NY.neg()
- ZZ.add(NY)
- Z3.pmul(Qy)
- T.mul(P.getx())
- X.mul(NY)
- T.add(X)
- a=FP4(Z3,T)
- ZZ.neg()
- ZZ.pmul(Qx)
- b=FP4(ZZ)
- }
- else
- { /* Doubling */
- let X=FP2(P.getx())
- let Y=FP2(P.gety())
- let T=FP2(P.getx())
- T.sqr()
- T.imul(3)
-
- Y.sqr()
- Y.add(Y)
- Z3.mul(ZZ)
- Z3.pmul(Qy)
-
- X.mul(T)
- X.sub(Y)
- a=FP4(Z3,X)
- T.neg()
- ZZ.mul(T)
- ZZ.pmul(Qx)
- b=FP4(ZZ)
- }
- return FP12(a,b,c)
- }
- /* Optimal R-ate pairing */
- static func ate(P:ECP2,_ Q:ECP) -> FP12
- {
- let f=FP2(BIG(ROM.CURVE_Fra),BIG(ROM.CURVE_Frb))
- let x=BIG(ROM.CURVE_Bnx)
- let n=BIG(x)
- let K=ECP2()
-
- var lv:FP12
- n.pmul(6); n.dec(2); n.norm()
- P.affine()
- Q.affine()
- let Qx=FP(Q.getx())
- let Qy=FP(Q.gety())
-
- let A=ECP2()
- let r=FP12(1)
-
- A.copy(P)
- let nb=n.nbits()
-
- for var i=nb-2;i>=1;i--
- {
- lv=line(A,A,Qx,Qy)
- r.smul(lv)
-
- if (n.bit(i)==1)
- {
- lv=line(A,P,Qx,Qy)
- r.smul(lv)
- }
- r.sqr()
- }
-
- lv=line(A,A,Qx,Qy)
- r.smul(lv)
-
- /* R-ate fixup */
-
- r.conj()
-
- K.copy(P)
- K.frob(f)
- A.neg()
- lv=line(A,K,Qx,Qy)
- r.smul(lv)
- K.frob(f)
- K.neg()
- lv=line(A,K,Qx,Qy)
- r.smul(lv)
-
- return r
- }
- /* Optimal R-ate double pairing e(P,Q).e(R,S) */
- static func ate2(P:ECP2,_ Q:ECP,_ R:ECP2,_ S:ECP) -> FP12
- {
- let f=FP2(BIG(ROM.CURVE_Fra),BIG(ROM.CURVE_Frb))
- let x=BIG(ROM.CURVE_Bnx)
- let n=BIG(x)
- let K=ECP2()
- var lv:FP12
- n.pmul(6); n.dec(2); n.norm()
- P.affine()
- Q.affine()
- R.affine()
- S.affine()
-
- let Qx=FP(Q.getx())
- let Qy=FP(Q.gety())
- let Sx=FP(S.getx())
- let Sy=FP(S.gety())
-
- let A=ECP2()
- let B=ECP2()
- let r=FP12(1)
-
- A.copy(P)
- B.copy(R)
- let nb=n.nbits()
-
- for var i=nb-2;i>=1;i--
- {
- lv=line(A,A,Qx,Qy)
- r.smul(lv)
- lv=line(B,B,Sx,Sy)
- r.smul(lv)
- if n.bit(i)==1
- {
- lv=line(A,P,Qx,Qy)
- r.smul(lv)
- lv=line(B,R,Sx,Sy)
- r.smul(lv)
- }
- r.sqr()
- }
-
- lv=line(A,A,Qx,Qy)
- r.smul(lv)
-
- lv=line(B,B,Sx,Sy)
- r.smul(lv)
-
- /* R-ate fixup */
- r.conj()
-
- K.copy(P)
- K.frob(f)
- A.neg()
- lv=line(A,K,Qx,Qy)
- r.smul(lv)
- K.frob(f)
- K.neg()
- lv=line(A,K,Qx,Qy)
- r.smul(lv)
-
- K.copy(R)
- K.frob(f)
- B.neg()
- lv=line(B,K,Sx,Sy)
- r.smul(lv)
- K.frob(f)
- K.neg()
- lv=line(B,K,Sx,Sy)
- r.smul(lv)
-
- return r
- }
-
- /* final exponentiation - keep separate for multi-pairings and to avoid thrashing stack */
- static func fexp(m:FP12) -> FP12
- {
- let f=FP2(BIG(ROM.CURVE_Fra),BIG(ROM.CURVE_Frb));
- let x=BIG(ROM.CURVE_Bnx)
- let r=FP12(m)
-
- /* Easy part of final exp */
- var lv=FP12(r)
- lv.inverse()
- r.conj()
-
- r.mul(lv)
- lv.copy(r)
- r.frob(f)
- r.frob(f)
- r.mul(lv)
-
- /* Hard part of final exp */
- lv.copy(r)
- lv.frob(f)
- let x0=FP12(lv)
- x0.frob(f)
- lv.mul(r)
- x0.mul(lv)
- x0.frob(f)
- let x1=FP12(r)
- x1.conj()
- let x4=r.pow(x)
-
- let x3=FP12(x4)
- x3.frob(f)
-
- let x2=x4.pow(x)
-
- let x5=FP12(x2); x5.conj()
- lv=x2.pow(x)
-
- x2.frob(f)
- r.copy(x2); r.conj()
-
- x4.mul(r)
- x2.frob(f)
-
- r.copy(lv)
- r.frob(f)
- lv.mul(r)
-
- lv.usqr()
- lv.mul(x4)
- lv.mul(x5)
- r.copy(x3)
- r.mul(x5)
- r.mul(lv)
- lv.mul(x2)
- r.usqr()
- r.mul(lv)
- r.usqr()
- lv.copy(r)
- lv.mul(x1)
- r.mul(x0)
- lv.usqr()
- r.mul(lv)
- r.reduce()
- return r
- }
-
- /* GLV method */
- static func glv(e:BIG) -> [BIG]
- {
- let t=BIG(0)
- let q=BIG(ROM.CURVE_Order)
- var u=[BIG]();
- var v=[BIG]();
- for var j=0;j<2;j++
- {
- u.append(BIG(0))
- v.append(BIG(0))
- }
-
- for var i=0;i<2;i++
- {
- t.copy(BIG(ROM.CURVE_W[i]))
- let d=BIG.mul(t,e)
- v[i].copy(d.div(q))
- }
- u[0].copy(e);
- for var i=0;i<2;i++
- {
- for var j=0;j<2;j++
- {
- t.copy(BIG(ROM.CURVE_SB[j][i]))
- t.copy(BIG.modmul(v[j],t,q))
- u[i].add(q)
- u[i].sub(t)
- u[i].mod(q)
- }
- }
- return u
- }
- /* Galbraith & Scott Method */
- static func gs(e:BIG) -> [BIG]
- {
- let t=BIG(0)
- let q=BIG(ROM.CURVE_Order)
- var u=[BIG]();
- var v=[BIG]();
- for var j=0;j<4;j++
- {
- u.append(BIG(0))
- v.append(BIG(0))
- }
-
- for var i=0;i<4;i++
- {
- t.copy(BIG(ROM.CURVE_WB[i]))
- let d=BIG.mul(t,e)
- v[i].copy(d.div(q))
- }
- u[0].copy(e);
- for var i=0;i<4;i++
- {
- for var j=0;j<4;j++
- {
- t.copy(BIG(ROM.CURVE_BB[j][i]))
- t.copy(BIG.modmul(v[j],t,q))
- u[i].add(q)
- u[i].sub(t)
- u[i].mod(q)
- }
- }
- return u
- }
-
- /* Multiply P by e in group G1 */
- static func G1mul(P:ECP,_ e:BIG) -> ECP
- {
- var R:ECP
- if (ROM.USE_GLV)
- {
- P.affine()
- R=ECP()
- R.copy(P)
- let Q=ECP()
- Q.copy(P)
- let q=BIG(ROM.CURVE_Order)
- let cru=FP(BIG(ROM.CURVE_Cru))
- let t=BIG(0)
- var u=PAIR.glv(e)
- Q.getx().mul(cru);
-
- var np=u[0].nbits()
- t.copy(BIG.modneg(u[0],q))
- var nn=t.nbits()
- if (nn<np)
- {
- u[0].copy(t)
- R.neg()
- }
-
- np=u[1].nbits()
- t.copy(BIG.modneg(u[1],q))
- nn=t.nbits()
- if (nn<np)
- {
- u[1].copy(t)
- Q.neg()
- }
-
- R=R.mul2(u[0],Q,u[1])
- }
- else
- {
- R=P.mul(e)
- }
- return R
- }
-
- /* Multiply P by e in group G2 */
- static func G2mul(P:ECP2,_ e:BIG) -> ECP2
- {
- var R:ECP2
- if (ROM.USE_GS_G2)
- {
- var Q=[ECP2]()
- let f=FP2(BIG(ROM.CURVE_Fra),BIG(ROM.CURVE_Frb));
- let q=BIG(ROM.CURVE_Order);
- var u=PAIR.gs(e);
-
- let t=BIG(0);
- P.affine()
- Q.append(ECP2())
- Q[0].copy(P);
- for var i=1;i<4;i++
- {
- Q.append(ECP2()); Q[i].copy(Q[i-1]);
- Q[i].frob(f);
- }
- for var i=0;i<4;i++
- {
- let np=u[i].nbits();
- t.copy(BIG.modneg(u[i],q));
- let nn=t.nbits();
- if (nn<np)
- {
- u[i].copy(t);
- Q[i].neg();
- }
- }
-
- R=ECP2.mul4(Q,u);
- }
- else
- {
- R=P.mul(e);
- }
- return R;
- }
- /* f=f^e */
- /* Note that this method requires a lot of RAM! Better to use compressed XTR method, see FP4.java */
- static func GTpow(d:FP12,_ e:BIG) -> FP12
- {
- var r:FP12
- if (ROM.USE_GS_GT)
- {
- var g=[FP12]()
- let f=FP2(BIG(ROM.CURVE_Fra),BIG(ROM.CURVE_Frb))
- let q=BIG(ROM.CURVE_Order)
- let t=BIG(0)
-
- var u=gs(e)
- g.append(FP12(0))
- g[0].copy(d);
- for var i=1;i<4;i++
- {
- g.append(FP12(0)); g[i].copy(g[i-1])
- g[i].frob(f)
- }
- for var i=0;i<4;i++
- {
- let np=u[i].nbits()
- t.copy(BIG.modneg(u[i],q))
- let nn=t.nbits()
- if (nn<np)
- {
- u[i].copy(t)
- g[i].conj()
- }
- }
- r=FP12.pow4(g,u)
- }
- else
- {
- r=d.pow(e)
- }
- return r
- }
- /* test group membership */
- /* with GT-Strong curve, now only check that m!=1, conj(m)*m==1, and m.m^{p^4}=m^{p^2} */
- static func GTmember(m:FP12) -> Bool
- {
- if m.isunity() {return false}
- let r=FP12(m)
- r.conj()
- r.mul(m)
- if !r.isunity() {return false}
-
- let f=FP2(BIG(ROM.CURVE_Fra),BIG(ROM.CURVE_Frb))
-
- r.copy(m); r.frob(f); r.frob(f)
- var w=FP12(r); w.frob(f); w.frob(f)
- w.mul(m)
- if !ROM.GT_STRONG
- {
- if !w.equals(r) {return false}
- let x=BIG(ROM.CURVE_Bnx)
- r.copy(m); w=r.pow(x); w=w.pow(x)
- r.copy(w); r.sqr(); r.mul(w); r.sqr()
- w.copy(m); w.frob(f)
- }
- return w.equals(r)
- }
-
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/swift/rand.swift
----------------------------------------------------------------------
diff --git a/swift/rand.swift b/swift/rand.swift
deleted file mode 100644
index 1026433..0000000
--- a/swift/rand.swift
+++ /dev/null
@@ -1,131 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-//
-// rand.swift
-//
-//
-// Created by Michael Scott on 17/06/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-// Cryptographic strong random number generator
-
-/* Marsaglia & Zaman Random number generator constants */
-final public class RAND {
- private static let NK:Int=21
- private static let NJ:Int=6
- private static let NV:Int=8
- private var ira=[UInt32](count:NK,repeatedValue:0)
- private var rndptr:Int=0
- private var borrow:UInt32=0
- private var pool_ptr:Int=0
- private var pool=[UInt8](count:32,repeatedValue:0)
-
- public func clean()
- {
- pool_ptr=0
- rndptr=0
- for var i=0;i<32;i++ {pool[i]=0}
- for var i=0;i<RAND.NK;i++ {ira[i]=0}
- borrow=0;
- }
-
- public init() {clean()}
-
- private func sbrand() -> UInt32
- { /* Marsaglia & Zaman random number generator */
- rndptr++;
- if rndptr<RAND.NK {return ira[rndptr]}
- rndptr=0;
- var k=RAND.NK-RAND.NJ
- for var i=0;i<RAND.NK;i++
- {
- if k==RAND.NK {k=0}
- let t=ira[k];
- let pdiff=t &- ira[i] &- borrow
- if pdiff<t {borrow=0}
- if pdiff>t {borrow=1}
- ira[i]=pdiff
- k++;
- }
- return ira[0]
- }
-
- func sirand(seed: UInt32)
- {
- var m:UInt32=1
- var s:UInt32=seed
- borrow=0;
- rndptr=0
- ira[0]^=s
- for var i=1;i<RAND.NK;i++
- { /* fill initialisation vector */
- let ipn=(RAND.NV*i)%RAND.NK
- ira[ipn]^=m
- let t=m
- m=s &- m
- s=t
- }
- for var i=0;i<10000;i++ {sbrand()}
- }
-
- private func fill_pool()
- {
- let sh=HASH()
- for var i=0;i<128;i++ {sh.process(UInt8(sbrand()&0xff))}
- pool=sh.hash()
- pool_ptr=0
- }
-
- private func pack(b: [UInt8]) -> UInt32
- {
- return (UInt32(b[3])<<24)|(UInt32(b[2])<<16)|(UInt32(b[1])<<8)|(UInt32(b[0]))
- }
-
-/* Initialize RNG with some real entropy from some external source */
- public func seed(rawlen: Int,_ raw: [UInt8])
- { /* initialise from at least 128 byte string of raw random entropy */
- var digest=[UInt8]()
- var b=[UInt8](count:4, repeatedValue:0)
- let sh=HASH()
- pool_ptr=0
- for var i=0;i<RAND.NK;i++ {ira[i]=0}
- if rawlen>0
- {
- for var i=0;i<rawlen;i++ {sh.process(raw[i])}
- digest=sh.hash()
-
- for var i=0;i<8;i++
- {
- b[0]=digest[4*i]; b[1]=digest[4*i+1]; b[2]=digest[4*i+2]; b[3]=digest[4*i+3]
- sirand(pack(b))
- }
-
- }
- fill_pool()
- }
-
- public func getByte() -> UInt8
- {
- let r=pool[pool_ptr++]
- if pool_ptr>=32 {fill_pool()}
- return r
- }
-
-
-}