You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@milagro.apache.org by br...@apache.org on 2019/01/15 15:19:34 UTC
[29/51] [partial] incubator-milagro-crypto git commit: update code
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/RSA.js
----------------------------------------------------------------------
diff --git a/version22/js/RSA.js b/version22/js/RSA.js
deleted file mode 100644
index ff27ac6..0000000
--- a/version22/js/RSA.js
+++ /dev/null
@@ -1,392 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/* RSA API Functions */
-
-var rsa_private_key=function(n)
-{
- this.p=new FF(n);
- this.q=new FF(n);
- this.dp=new FF(n);
- this.dq=new FF(n);
- this.c=new FF(n);
-};
-
-var rsa_public_key=function(m)
-{
- this.e=0;
- this.n=new FF(m);
-};
-
-RSA= {
- RFS: ROM.MODBYTES*ROM.FFLEN,
- SHA256 : 32,
- SHA384 : 48,
- SHA512 : 64,
-
- HASH_TYPE:32,
-
-/* SHAXXX identifier strings */
- SHA256ID : [0x30,0x31,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0x04,0x20],
- SHA384ID : [0x30,0x41,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,0x05,0x00,0x04,0x30],
- SHA512ID : [0x30,0x51,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00,0x04,0x40],
-
- bytestohex: function(b)
- {
- var s="";
- var len=b.length;
- var ch;
-
- for (var i=0;i<len;i++)
- {
- ch=b[i];
- s+=((ch>>>4)&15).toString(16);
- s+=(ch&15).toString(16);
-
- }
- return s;
- },
-
- bytestostring: function(b)
- {
- var s="";
- for (var i=0;i<b.length;i++)
- {
- s+=String.fromCharCode(b[i]);
- }
- return s;
- },
-
- stringtobytes: function(s)
- {
- var b=[];
- for (var i=0;i<s.length;i++)
- b.push(s.charCodeAt(i));
- return b;
- },
-
- hashit: function(sha,A,n)
- {
- var R=[];
- if (sha==this.SHA256)
- {
- var H=new HASH256();
- if (A!=null) H.process_array(A);
- if (n>=0) H.process_num(n);
- R=H.hash();
- }
- if (sha==this.SHA384)
- {
- H=new HASH384();
- if (A!=null) H.process_array(A);
- if (n>=0) H.process_num(n);
- R=H.hash();
- }
- if (sha==this.SHA512)
- {
- H=new HASH512();
- if (A!=null) H.process_array(A);
- if (n>=0) H.process_num(n);
- R=H.hash();
- }
- return R;
- },
-
- KEY_PAIR: function(rng,e,PRIV,PUB)
- { /* IEEE1363 A16.11/A16.12 more or less */
-
- // var m,r,bytes,hbytes,words,err,res=0;
- var n=PUB.n.length>>1;
- var t = new FF(n);
- var p1=new FF(n);
- var q1=new FF(n);
-
- for (;;)
- {
-
- PRIV.p.random(rng);
- while (PRIV.p.lastbits(2)!=3) PRIV.p.inc(1);
- while (!FF.prime(PRIV.p,rng)) PRIV.p.inc(4);
-
- p1.copy(PRIV.p);
- p1.dec(1);
-
- if (p1.cfactor(e)) continue;
- break;
- }
-
- for (;;)
- {
- PRIV.q.random(rng);
- while (PRIV.q.lastbits(2)!=3) PRIV.q.inc(1);
- while (!FF.prime(PRIV.q,rng)) PRIV.q.inc(4);
-
- q1.copy(PRIV.q);
- q1.dec(1);
-
- if (q1.cfactor(e)) continue;
- break;
- }
-
- PUB.n=FF.mul(PRIV.p,PRIV.q);
- PUB.e=e;
-
- t.copy(p1);
- t.shr();
- PRIV.dp.set(e);
- PRIV.dp.invmodp(t);
- if (PRIV.dp.parity()===0) PRIV.dp.add(t);
- PRIV.dp.norm();
-
- t.copy(q1);
- t.shr();
- PRIV.dq.set(e);
- PRIV.dq.invmodp(t);
- if (PRIV.dq.parity()===0) PRIV.dq.add(t);
- PRIV.dq.norm();
-
- PRIV.c.copy(PRIV.p);
- PRIV.c.invmodp(PRIV.q);
-
- return;
- },
-
-/* Mask Generation Function */
- MGF1: function(sha,Z,olen,K)
- {
- var i,hlen=sha;
- var B=[];
-
- var counter,cthreshold,k=0;
- for (i=0;i<K.length;i++) K[i]=0;
-
- cthreshold=Math.floor(olen/hlen); if (olen%hlen!==0) cthreshold++;
- for (counter=0;counter<cthreshold;counter++)
- {
- B=this.hashit(sha,Z,counter);
- if (k+hlen>olen) for (i=0;i<olen%hlen;i++) K[k++]=B[i];
- else for (i=0;i<hlen;i++) K[k++]=B[i];
- }
- },
-
- PKCS15: function(sha,m,w)
- {
- var olen=ROM.FF_BITS/8;
- var i,hlen=sha;
- var idlen=19;
-
- if (olen<idlen+hlen+10) return false;
- var H=this.hashit(sha,m,-1);
-
- for (i=0;i<w.length;i++) w[i]=0;
- i=0;
- w[i++]=0;
- w[i++]=1;
- for (var j=0;j<olen-idlen-hlen-3;j++)
- w[i++]=0xff;
- w[i++]=0;
-
-
- if (hlen==this.SHA256) for (var j=0;j<idlen;j++) w[i++]=this.SHA256ID[j];
- if (hlen==this.SHA384) for (var j=0;j<idlen;j++) w[i++]=this.SHA384ID[j];
- if (hlen==this.SHA512) for (var j=0;j<idlen;j++) w[i++]=this.SHA512ID[j];
-
- for (var j=0;j<hlen;j++)
- w[i++]=H[j];
-
- return true;
- },
-
- /* OAEP Message Encoding for Encryption */
- OAEP_ENCODE: function(sha,m,rng,p)
- {
- var i,slen,olen=RSA.RFS-1;
- var mlen=m.length;
- var hlen,seedlen;
- var f=[];
-
- hlen=sha;
- var SEED=[];
- seedlen=hlen;
-
- if (mlen>olen-hlen-seedlen-1) return null;
-
- var DBMASK=[];
-
- var h=this.hashit(sha,p,-1);
- for (i=0;i<hlen;i++) f[i]=h[i];
-
- slen=olen-mlen-hlen-seedlen-1;
-
- for (i=0;i<slen;i++) f[hlen+i]=0;
- f[hlen+slen]=1;
- for (i=0;i<mlen;i++) f[hlen+slen+1+i]=m[i];
-
- for (i=0;i<seedlen;i++) SEED[i]=rng.getByte();
- this.MGF1(sha,SEED,olen-seedlen,DBMASK);
-
- for (i=0;i<olen-seedlen;i++) DBMASK[i]^=f[i];
- this.MGF1(sha,DBMASK,seedlen,f);
-
- for (i=0;i<seedlen;i++) f[i]^=SEED[i];
-
- for (i=0;i<olen-seedlen;i++) f[i+seedlen]=DBMASK[i];
-
- /* pad to length RFS */
- var d=1;
- for (i=RSA.RFS-1;i>=d;i--)
- f[i]=f[i-d];
- for (i=d-1;i>=0;i--)
- f[i]=0;
-
- return f;
- },
-
- /* OAEP Message Decoding for Decryption */
- OAEP_DECODE: function(sha,p,f)
- {
- var x,t;
- var comp;
- var i,k,olen=RSA.RFS-1;
- var hlen,seedlen;
-
- hlen=sha;
- var SEED=[];
- seedlen=hlen;
- var CHASH=[];
- seedlen=hlen=sha;
-
- if (olen<seedlen+hlen+1) return null;
-
- var DBMASK=[];
- for (i=0;i<olen-seedlen;i++) DBMASK[i]=0;
-
- if (f.length<RSA.RFS)
- {
- var d=RSA.RFS-f.length;
- for (i=RFS-1;i>=d;i--)
- f[i]=f[i-d];
- for (i=d-1;i>=0;i--)
- f[i]=0;
-
- }
-
- var h=this.hashit(sha,p,-1);
- for (i=0;i<hlen;i++) CHASH[i]=h[i];
-
- x=f[0];
-
- for (i=seedlen;i<olen;i++)
- DBMASK[i-seedlen]=f[i+1];
-
- this.MGF1(sha,DBMASK,seedlen,SEED);
- for (i=0;i<seedlen;i++) SEED[i]^=f[i+1];
- this.MGF1(sha,SEED,olen-seedlen,f);
- for (i=0;i<olen-seedlen;i++) DBMASK[i]^=f[i];
-
- comp=true;
- for (i=0;i<hlen;i++)
- {
- if (CHASH[i]!=DBMASK[i]) comp=false;
- }
-
- for (i=0;i<olen-seedlen-hlen;i++)
- DBMASK[i]=DBMASK[i+hlen];
-
- for (i=0;i<hlen;i++)
- SEED[i]=CHASH[i]=0;
-
- for (k=0;;k++)
- {
- if (k>=olen-seedlen-hlen) return null;
- if (DBMASK[k]!==0) break;
- }
-
- t=DBMASK[k];
-
- if (!comp || x!==0 || t!=0x01)
- {
- for (i=0;i<olen-seedlen;i++) DBMASK[i]=0;
- return null;
- }
-
- var r=[];
-
- for (i=0;i<olen-seedlen-hlen-k-1;i++)
- r[i]=DBMASK[i+k+1];
-
- for (i=0;i<olen-seedlen;i++) DBMASK[i]=0;
-
- return r;
- },
-
- /* destroy the Private Key structure */
- PRIVATE_KEY_KILL: function(PRIV)
- {
- PRIV.p.zero();
- PRIV.q.zero();
- PRIV.dp.zero();
- PRIV.dq.zero();
- PRIV.c.zero();
- },
-
- /* RSA encryption with the public key */
- ENCRYPT: function(PUB,F,G)
- {
- var n=PUB.n.getlen();
- var f=new FF(n);
-
- FF.fromBytes(f,F);
-
- f.power(PUB.e,PUB.n);
-
- f.toBytes(G);
- },
-
- /* RSA decryption with the private key */
- DECRYPT: function(PRIV,G,F)
- {
- var n=PRIV.p.getlen();
- var g=new FF(2*n);
-
- FF.fromBytes(g,G);
- var jp=g.dmod(PRIV.p);
- var jq=g.dmod(PRIV.q);
-
- jp.skpow(PRIV.dp,PRIV.p);
- jq.skpow(PRIV.dq,PRIV.q);
-
- g.zero();
- g.dscopy(jp);
- jp.mod(PRIV.q);
- if (FF.comp(jp,jq)>0) jq.add(PRIV.q);
- jq.sub(jp);
- jq.norm();
-
- var t=FF.mul(PRIV.c,jq);
- jq=t.dmod(PRIV.q);
-
- t=FF.mul(jq,PRIV.p);
- g.add(t);
- g.norm();
-
- g.toBytes(F);
- }
-
-};
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/TestECDH.html
----------------------------------------------------------------------
diff --git a/version22/js/TestECDH.html b/version22/js/TestECDH.html
deleted file mode 100644
index 1ddf0c2..0000000
--- a/version22/js/TestECDH.html
+++ /dev/null
@@ -1,143 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<head>
-<title>JavaScript Test ECC</title>
-</head>
-<body>
-<h1>JavaScript Test ECC Example</h1>
-<script type="text/javascript" src="DBIG.js"></script>
-<script type="text/javascript" src="BIG.js"></script>
-<script type="text/javascript" src="FP.js"></script>
-<script type="text/javascript" src="ROM.js"></script>
-<script type="text/javascript" src="UInt64.js"></script>
-<script type="text/javascript" src="HASH256.js"></script>
-<script type="text/javascript" src="HASH384.js"></script>
-<script type="text/javascript" src="HASH512.js"></script>
-<script type="text/javascript" src="RAND.js"></script>
-<script type="text/javascript" src="AES.js"></script>
-<script type="text/javascript" src="GCM.js"></script>
-<script type="text/javascript" src="ECP.js"></script>
-<script type="text/javascript" src="ECDH.js"></script>
-
-<script>
-/* test driver and function exerciser for ECDH/ECIES/ECDSA API Functions */
- var i,j=0,res;
- var result;
- var pp="M0ng00se";
-
- var EGS=ECDH.EGS;
- var EFS=ECDH.EFS;
- var EAS=16;
- var sha=ECDH.HASH_TYPE;
-
- var S1=[];
- var W0=[];
- var W1=[];
- var Z0=[];
- var Z1=[];
- var RAW=[];
- var SALT=[];
- var P1=[];
- var P2=[];
- var V=[];
- var M=[];
- var T=new Array(12); // must specify required length
- var CS=[];
- var DS=[];
-
- var rng=new RAND();
-
- rng.clean();
- for (i=0;i<100;i++) RAW[i]=i;
-
- rng.seed(100,RAW);
-//for (j=0;j<100;j++)
-//{
-
- for (i=0;i<8;i++) SALT[i]=(i+1); // set Salt
-
- window.document.write("Alice's Passphrase= " + pp + "<br>");
-
- var PW=ECDH.stringtobytes(pp);
-/* private key S0 of size EGS bytes derived from Password and Salt */
- var S0=ECDH.PBKDF2(sha,PW,SALT,1000,EGS);
-
- window.document.write("Alice's private key= 0x"+ECDH.bytestostring(S0)+ "<br>");
-/* Generate Key pair S/W */
- ECDH.KEY_PAIR_GENERATE(null,S0,W0);
-
- window.document.write("Alice's public key= 0x"+ECDH.bytestostring(W0)+ "<br>");
-
- res=ECDH.PUBLIC_KEY_VALIDATE(true,W0);
- if (res!=0)
- alert("ECP Public Key is invalid!");
-/* Random private key for other party */
- ECDH.KEY_PAIR_GENERATE(rng,S1,W1);
-
- window.document.write("Servers private key= 0x"+ECDH.bytestostring(S1)+ "<br>");
- window.document.write("Servers public key= 0x"+ECDH.bytestostring(W1)+ "<br>");
-
- res=ECDH.PUBLIC_KEY_VALIDATE(true,W1);
- if (res!=0)
- alert("ECP Public Key is invalid!");
-
-
-/* Calculate common key using DH - IEEE 1363 method */
-
- ECDH.ECPSVDP_DH(S0,W1,Z0);
- ECDH.ECPSVDP_DH(S1,W0,Z1);
-
- var same=true;
- for (i=0;i<ECDH.EFS;i++)
- if (Z0[i]!=Z1[i]) same=false;
-
- if (!same)
- alert("*** ECPSVDP-DH Failed");
-
- var KEY=ECDH.KDF2(sha,Z0,null,ECDH.EAS);
-
- window.document.write("Alice's DH Key= 0x"+ECDH.bytestostring(KEY)+ "<br>");
- window.document.write("Servers DH Key= 0x"+ECDH.bytestostring(KEY)+ "<br>");
-
- if (ROM.CURVETYPE!=ROM.MONTGOMERY)
- {
- window.document.write("Testing ECIES"+ "<br>");
-
- P1[0]=0x0; P1[1]=0x1; P1[2]=0x2;
- P2[0]=0x0; P2[1]=0x1; P2[2]=0x2; P2[3]=0x3;
-
- for (i=0;i<=16;i++) M[i]=i;
-
- var C=ECDH.ECIES_ENCRYPT(sha,P1,P2,rng,W1,M,V,T);
-
- window.document.write("Ciphertext= "+ "<br>");
- window.document.write("V= 0x"+ECDH.bytestostring(V)+ "<br>");
- window.document.write("C= 0x"+ECDH.bytestostring(C)+ "<br>");
- window.document.write("T= 0x"+ECDH.bytestostring(T)+ "<br>");
-
-
- M=ECDH.ECIES_DECRYPT(sha,P1,P2,V,C,T,S1);
- if (M.length==0)
- alert("*** ECIES Decryption Failed ");
- else window.document.write("Decryption succeeded"+ "<br>");
-
- window.document.write("Message is 0x"+ECDH.bytestostring(M)+ "<br>");
-
- window.document.write("Testing ECDSA"+ "<br>");
-
- if (ECDH.ECPSP_DSA(sha,rng,S0,M,CS,DS)!=0)
- alert("***ECDSA Signature Failed");
-
- window.document.write("Signature= "+ "<br>");
- window.document.write("C= 0x"+ECDH.bytestostring(CS)+ "<br>");
- window.document.write("D= 0x"+ECDH.bytestostring(DS)+ "<br>");
-
- if (ECDH.ECPVP_DSA(sha,W0,M,CS,DS)!=0)
- alert("***ECDSA Verification Failed");
- else window.document.write("ECDSA Signature/Verification succeeded "+ "<br>");
- }
-//}
-//window.document.write("Test Completed Successfully"+ "<br>");
-</script>
-</body>
-</html>
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/TestMPIN.html
----------------------------------------------------------------------
diff --git a/version22/js/TestMPIN.html b/version22/js/TestMPIN.html
deleted file mode 100644
index 0cb6f67..0000000
--- a/version22/js/TestMPIN.html
+++ /dev/null
@@ -1,330 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<head>
-<title>JavaScript Test MPIN</title>
-</head>
-<body>
-<h1>JavaScript Test MPIN Example</h1>
-<script type="text/javascript" src="DBIG.js"></script>
-<script type="text/javascript" src="BIG.js"></script>
-<script type="text/javascript" src="FP.js"></script>
-<script type="text/javascript" src="ROM.js"></script>
-<script type="text/javascript" src="UInt64.js"></script>
-<script type="text/javascript" src="HASH256.js"></script>
-<script type="text/javascript" src="HASH384.js"></script>
-<script type="text/javascript" src="HASH512.js"></script>
-<script type="text/javascript" src="RAND.js"></script>
-<script type="text/javascript" src="AES.js"></script>
-<script type="text/javascript" src="GCM.js"></script>
-<script type="text/javascript" src="ECP.js"></script>
-<script type="text/javascript" src="FP2.js"></script>
-<script type="text/javascript" src="ECP2.js"></script>
-<script type="text/javascript" src="FP4.js"></script>
-<script type="text/javascript" src="FP12.js"></script>
-<script type="text/javascript" src="PAIR.js"></script>
-<script type="text/javascript" src="MPIN.js"></script>
-
-<script>
-/* test driver and function exerciser for MPIN API Functions */
-
- var i,res;
- var result;
-
- var EGS=MPIN.EGS;
- var EFS=MPIN.EFS;
- var EAS=16;
-
- var sha=MPIN.HASH_TYPE;
-
- var rng=new RAND();
- rng.clean();
-
- var RAW=[];
- for (i=0;i<100;i++) RAW[i]=i+1;
- rng.seed(100,RAW);
-
- var G1S=2*EFS+1; /* Group 1 Size */
- var G2S=4*EFS; /* Group 2 Size */
-
- var S=[];
- var SST=[];
- var TOKEN = [];
- var PERMIT = [];
- var SEC = [];
- var xID = [];
- var xCID = [];
- var X= [];
- var Y= [];
- var E=[];
- var F=[];
- var HCID=[];
- var HID=[];
- var HTID=[];
-
- var G1=[];
- var G2=[];
- var R=[];
- var Z=[];
- var W=[];
- var T=[];
- var CK=[];
- var SK=[];
-
- var HSID=[];
-
-/* Set configuration */
- var PERMITS=true;
- var PINERROR=true;
- var FULL=true;
- var ONE_PASS=false;
- var TIME_FUNCTIONS=false;
- var total_time=0;
- var nIter=100
-/*
- var PR=[];
- pin=parseInt(prompt("Enter PIN= "));
- window.document.write("Test Pairing" + "<br>");
- for (i=0;i<100;i++)
- MPIN.TEST_PAIR(PR);
- window.document.write("Pairing= "+MPIN.bytestostring(PR) + "<br>");
-
- pin=parseInt(prompt("Enter PIN= "));
-*/
-
-/* Trusted Authority set-up */
- MPIN.RANDOM_GENERATE(rng,S);
- window.document.write("Master Secret s: 0x"+MPIN.bytestostring(S) + "<br>");
-
- /* Create Client Identity */
- var IDstr = "testUser@miracl.com";
- var CLIENT_ID = MPIN.stringtobytes(IDstr);
- HCID=MPIN.HASH_ID(sha,CLIENT_ID); /* Either Client or TA calculates Hash(ID) - you decide! */
-
- window.document.write("Client ID= "+MPIN.bytestostring(CLIENT_ID) + "<br>");
-
-/* Client and Server are issued secrets by DTA */
- MPIN.GET_SERVER_SECRET(S,SST);
- window.document.write("Server Secret SS: 0x"+MPIN.bytestostring(SST) + "<br>");
-
- MPIN.GET_CLIENT_SECRET(S,HCID,TOKEN);
- window.document.write("Client Secret CS: 0x"+MPIN.bytestostring(TOKEN) + "<br>");
-
-/* Client extracts PIN from secret to create Token */
- var pin=1234;
- window.document.write("Client extracts PIN= "+pin + "<br>");
- var rtn=MPIN.EXTRACT_PIN(sha,CLIENT_ID,pin,TOKEN);
- if (rtn != 0)
- window.document.write("Failed to extract PIN " + "<br>");
-
- window.document.write("Client Token TK: 0x"+MPIN.bytestostring(TOKEN) + "<br>");
-
- if (FULL)
- {
- MPIN.PRECOMPUTE(TOKEN,HCID,G1,G2);
- }
-
- var date;
- if (PERMITS)
- {
- date=MPIN.today();
-/* Client gets "Time Token" permit from DTA */
- MPIN.GET_CLIENT_PERMIT(sha,date,S,HCID,PERMIT);
- window.document.write("Time Permit TP: 0x"+MPIN.bytestostring(PERMIT) + "<br>");
-
-/* This encoding makes Time permit look random - Elligator squared */
- MPIN.ENCODING(rng,PERMIT);
- window.document.write("Encoded Time Permit TP: 0x"+MPIN.bytestostring(PERMIT) + "<br>");
- MPIN.DECODING(PERMIT);
- window.document.write("Decoded Time Permit TP: 0x"+MPIN.bytestostring(PERMIT) + "<br>");
- }
- else date=0;
-
-
- pin=parseInt(prompt("Enter PIN= "));
-
-/* Set date=0 and PERMIT=null if time permits not in use
-
-Client First pass: Inputs CLIENT_ID, optional RNG, pin, TOKEN and PERMIT. Output xID = x.H(CLIENT_ID) and re-combined secret SEC
-If PERMITS are is use, then date!=0 and PERMIT is added to secret and xCID = x.(H(CLIENT_ID)+H_T(date|H(CLIENT_ID)))
-Random value x is supplied externally if RNG=null, otherwise generated and passed out by RNG
-
-If Time Permits OFF set xCID = null, HTID=null and use xID and HID only
-If Time permits are ON, AND pin error detection is required then all of xID, xCID, HID and HTID are required
-If Time permits are ON, AND pin error detection is NOT required, set xID=null, HID=null and use xCID and HTID only.
-
-
-*/
- var pxID=xID;
- var pxCID=xCID;
- var pHID=HID;
- var pHTID=HTID;
- var pE=E;
- var pF=F;
- var pPERMIT=PERMIT;
- var prHID;
-
- if (date!=0)
- {
- prHID=pHTID;
- if (!PINERROR)
- {
- pxID=null;
- // pHID=null;
- }
- }
- else
- {
- prHID=pHID;
- pPERMIT=null;
- pxCID=null;
- pHTID=null;
- }
- if (!PINERROR)
- {
- pE=null;
- pF=null;
- }
-
- if (ONE_PASS)
- {
- window.document.write("MPIN Single Pass " + "<br>");
- timeValue = MPIN.GET_TIME();
- window.document.write("Epoch " + timeValue + "<br>");
- if (TIME_FUNCTIONS)
- {
- var start = new Date().getTime();
- for (i = 0; i < nIter; ++i) {
- rtn=MPIN.CLIENT(sha,date,CLIENT_ID,rng,X,pin,TOKEN,SEC,pxID,pxCID,pPERMIT,timeValue,Y);
- }
- var end = new Date().getTime();
- var t1 = end - start;
- total_time = total_time + t1;
- var iter_time = t1 / nIter;
- var iter_per_sec = nIter / (t1 / 1000);
- window.document.write("MPIN.CLIENT: time " + t1 + "ms iteration time " + iter_time + "ms iterations per second " + iter_per_sec + "<br>");
- }
- else
- {
- rtn=MPIN.CLIENT(sha,date,CLIENT_ID,rng,X,pin,TOKEN,SEC,pxID,pxCID,pPERMIT,timeValue,Y);
- }
- if (rtn != 0)
- window.document.write("FAILURE: CLIENT rtn: " + rtn + "<br>");
-
- if (FULL)
- {
- if (TIME_FUNCTIONS)
- {
- var start = new Date().getTime();
- for (i = 0; i < nIter; ++i) {
- HCID=MPIN.HASH_ID(sha,CLIENT_ID);
- MPIN.GET_G1_MULTIPLE(rng,1,R,HCID,Z);
- }
- var end = new Date().getTime();
- var t2 = end - start;
- total_time = total_time + t2;
- var iter_time = t2 / nIter;
- var iter_per_sec = nIter / (t2 / 1000);
- window.document.write("MPIN.GET_G1_MULTIPLE: time " + t2 + "ms iteration time " + iter_time + "ms iterations per second " + iter_per_sec + "<br>");
- }
- else
- {
- HCID=MPIN.HASH_ID(sha,CLIENT_ID);
- MPIN.GET_G1_MULTIPLE(rng,1,R,HCID,Z); /* Also Send Z=r.ID to Server, remember random r */
- }
- }
-
- rtn=MPIN.SERVER(sha,date,pHID,pHTID,Y,SST,pxID,pxCID,SEC,pE,pF,CLIENT_ID,timeValue);
- if (rtn != 0)
- window.document.write("FAILURE: SERVER rtn: " + rtn+ "<br>");
-
- if (FULL)
- {
- HSID=MPIN.HASH_ID(sha,CLIENT_ID);
- MPIN.GET_G1_MULTIPLE(rng,0,W,prHID,T); /* Also send T=w.ID to client, remember random w */
- }
- }
- else
- {
- window.document.write("MPIN Multi Pass " + "<br>");
- rtn=MPIN.CLIENT_1(sha,date,CLIENT_ID,rng,X,pin,TOKEN,SEC,pxID,pxCID,pPERMIT);
- if (rtn != 0)
- window.document.write("FAILURE: CLIENT_1 rtn: " + rtn + "<br>");
-
- if (FULL)
- {
- HCID=MPIN.HASH_ID(sha,CLIENT_ID);
- MPIN.GET_G1_MULTIPLE(rng,1,R,HCID,Z); /* Also Send Z=r.ID to Server, remember random r */
- }
-
- /* Server calculates H(ID) and H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. */
- MPIN.SERVER_1(sha,date,CLIENT_ID,pHID,pHTID);
-
- /* Server generates Random number Y and sends it to Client */
- MPIN.RANDOM_GENERATE(rng,Y);
-
- if (FULL)
- {
- HSID=MPIN.HASH_ID(sha,CLIENT_ID);
- MPIN.GET_G1_MULTIPLE(rng,0,W,prHID,T); /* Also send T=w.ID to client, remember random w */
- }
-
- /* Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC */
- rtn=MPIN.CLIENT_2(X,Y,SEC);
- if (rtn != 0)
- window.document.write("FAILURE: CLIENT_2 rtn: " + rtn + "<br>");
- /* Server Second pass. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error. */
- /* If PIN error not required, set E and F = NULL */
- rtn=MPIN.SERVER_2(date,pHID,pHTID,Y,SST,pxID,pxCID,SEC,pE,pF);
-
- if (rtn != 0)
- window.document.write("FAILURE: SERVER_1 rtn: " + rtn+ "<br>");
-
- }
-
-
- if (rtn == this.MPIN.BAD_PIN)
- {
- window.document.write("Server says - Bad Pin. I don't know you. Feck off." + "<br>");
- if (PINERROR)
- {
- var err=MPIN.KANGAROO(E,F);
- if (err!=0) window.document.write("(Client PIN is out by "+err + ")<br>");
- }
- }
- else
- {
- window.document.write("Server says - PIN is good! You really are "+IDstr + "<br>");
- if (FULL)
- {
- if (TIME_FUNCTIONS)
- {
- var start = new Date().getTime();
- for (i = 0; i < nIter; ++i) {
- MPIN.CLIENT_KEY(sha,G1,G2,pin,R,X,T,CK);
- }
- var end = new Date().getTime();
- var t3 = end - start;
- total_time = total_time + t3;
- var iter_time = t3 / nIter;
- var iter_per_sec = nIter / (t3 / 1000);
- window.document.write("MPIN.CLIENT_KEY: time " + t1 + "ms iteration time " + iter_time + "ms iterations per second " + iter_per_sec + "<br>");
- }
- else
- {
- H=MPIN.HASH_ALL(sha,HCID,pxID,pxCID,SEC,Y,Z,T);
- MPIN.CLIENT_KEY(sha,G1,G2,pin,R,X,H,T,CK);
- }
- window.document.write("Client Key = 0x"+MPIN.bytestostring(CK) + "<br>");
- H=MPIN.HASH_ALL(sha,HSID,pxID,pxCID,SEC,Y,Z,T);
- MPIN.SERVER_KEY(sha,Z,SST,W,H,pHID,pxID,pxCID,SK);
- window.document.write("Server Key = 0x"+MPIN.bytestostring(SK) + "<br>");
- }
- }
- // var iter_time = total_time / nIter;
- // var iter_per_sec = nIter / (total_time / 1000);
- // window.document.write("CLIENT: total time " + total_time + "ms iteration time " + iter_time + "ms iterations per second " + iter_per_sec + "<br>");
-
-
-</script>
-</body>
-</html>
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/TestRSA.html
----------------------------------------------------------------------
diff --git a/version22/js/TestRSA.html b/version22/js/TestRSA.html
deleted file mode 100644
index ba650ca..0000000
--- a/version22/js/TestRSA.html
+++ /dev/null
@@ -1,115 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<head>
-<title>JavaScript Test RSA</title>
-</head>
-<body>
-<h1>JavaScript Test RSA Example</h1>
-<script type="text/javascript" src="ROM.js"></script>
-<script type="text/javascript" src="DBIG.js"></script>
-<script type="text/javascript" src="BIG.js"></script>
-<script type="text/javascript" src="UInt64.js"></script>
-<script type="text/javascript" src="HASH256.js"></script>
-<script type="text/javascript" src="HASH384.js"></script>
-<script type="text/javascript" src="HASH512.js"></script>
-<script type="text/javascript" src="RAND.js"></script>
-<script type="text/javascript" src="FF.js"></script>
-<script type="text/javascript" src="RSA.js"></script>
-
-
-<script>
-/* test driver and function exerciser for RSA API Functions */
-
- var i,j=0,res;
- var result;
-
- var RFS=RSA.RFS;
- var sha=RSA.HASH_TYPE;
-
- var message="Hello World\n";
-
- var pub=new rsa_public_key(ROM.FFLEN);
- var priv=new rsa_private_key(ROM.HFLEN);
-
- var ML=[];
- var C=[];
- var S=[];
- var RAW=[];
-
- var rng=new RAND();
- rng.clean();
-
- for (i=0;i<100;i++) RAW[i]=i;
- rng.seed(100,RAW);
-
- var start,end,time;
- start=new Date().getTime();
- window.document.write("Generating public/private key pair (slow!) <br>");
- RSA.KEY_PAIR(rng,65537,priv,pub);
- end=new Date().getTime();
- time=end-start;
- window.document.write("Time in ms= "+time+"<br>");
-
- var M=RSA.stringtobytes(message);
- window.document.write("Encrypting test string <br>");
-
- var E=RSA.OAEP_ENCODE(sha,M,rng,null); /* OAEP encode message m to e */
- window.document.write("Encoding= 0x" + RSA.bytestohex(E) + "<br>");
-
- window.document.write("Public key= 0x"+pub.n.toString() + "<br>");
-
- start=new Date().getTime();
- RSA.ENCRYPT(pub,E,C); /* encrypt encoded message */
- end=new Date().getTime();
- time=end-start;
- window.document.write("Time in ms= "+time+"<br>");
-
- window.document.write("Ciphertext= 0x" + RSA.bytestohex(C) + "<br>");
-
- window.document.write("Decrypting test string <br>");
- start=new Date().getTime();
- RSA.DECRYPT(priv,C,ML);
- end=new Date().getTime();
- time=end-start;
- window.document.write("Time in ms= "+time+"<br>");
-
- var cmp=true;
- if (E.length!=ML.length) cmp=false;
- else
- {
- for (var j=0;j<E.length;j++)
- if (E[j]!=ML[j]) cmp=false;
- }
- if (cmp) window.document.write("Decryption is OK <br>");
- else window.document.write("Decryption Failed <br>");
-
- var MS=RSA.OAEP_DECODE(sha,null,ML); /* OAEP decode message */
- window.document.write("Decoding= 0x" + RSA.bytestohex(MS) + "<br>");
-
- window.document.write("message= "+RSA.bytestostring(MS) + "<br>");
-
-
- window.document.write("Signing message <br>");
- RSA.PKCS15(sha,M,C);
-
- RSA.DECRYPT(priv,C,S); /* create signature in S */
-
- window.document.write("Signature= 0x" + RSA.bytestohex(S) + "<br>");
-
- RSA.ENCRYPT(pub,S,ML);
-
- cmp=true;
- if (C.length!=ML.length) cmp=false;
- else
- {
- for (var j=0;j<C.length;j++)
- if (C[j]!=ML[j]) cmp=false;
- }
- if (cmp) window.document.write("Signature is valid <br>");
- else window.document.write("Signature is INVALID <br>");
-
- RSA.PRIVATE_KEY_KILL(priv);
-
-</script>
-</body>
-</html>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/UInt64.js
----------------------------------------------------------------------
diff --git a/version22/js/UInt64.js b/version22/js/UInt64.js
deleted file mode 100644
index 2d93b9c..0000000
--- a/version22/js/UInt64.js
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/* rudimentary unsigned 64-bit type for SHA384 and SHA512 */
-
-var UInt64 = function(top,bot) {
- this.top=top;
- this.bot=bot;
-};
-
-UInt64.prototype={
- add: function(y)
- {
- var t=(this.bot>>>0)+(y.bot>>>0);
- var low=t >>> 0;
- var high=(this.top>>>0)+(y.top>>>0);
-
- this.bot=low;
- if (low!=t)
- this.top=(high+1)>>>0;
- else
- this.top=high;
-
- return this;
- },
- copy: function()
- {
- var r=new UInt64(this.top,this.bot);
- return r;
- },
- shlb: function()
- {
- var t=this.bot>>>24;
- this.top=t+(this.top<<8);
- this.bot<<=8;
- return this;
- }
-};
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/readme.txt
----------------------------------------------------------------------
diff --git a/version22/js/readme.txt b/version22/js/readme.txt
deleted file mode 100644
index e040021..0000000
--- a/version22/js/readme.txt
+++ /dev/null
@@ -1,41 +0,0 @@
-AMCL is very simple to build for JavaScript.
-
-First - decide the modulus type and curve type you want to use. Edit ROM.js
-where indicated. You might want to use one of the curves whose details are
-already in there.
-
-Three example API files are provided, MPIN.js which
-supports our M-Pin (tm) protocol, ECDH.js which supports elliptic
-curve key exchange, digital signature and public key crypto, and RSA.js
-which supports RSA encryption. The first can be tested using the
-TestMPIN.html driver programs, the second can be tested using TestECDH.html,
-and the third using TestRSA.html
-
-In the ROM.js file you must provide the curve constants. Several examples
-are provided there, if you are willing to use one of these.
-
-To help generate the ROM constants for your own curve some MIRACL helper
-programs are included. The programs bngen.cpp and blsgen.cpp generate ROM
-data for a BN and BLS pairing friendly curves, and the program ecgen.cpp
-generates ROM data for regular EC curves.
-
-The MIRACL based program check.cpp helps choose the best number base for
-big number representation, given the word-length and the size of the modulus.
-
-The program bigtobig.cpp converts a big number to the AMCL
-BIG format.
-
-
-For quick jumpstart:-
-
-Run Chrome browser and navigate to TestECDH.html
-
-or TestMPIN.html
-
-or BenchtestEC.html
-
-or BenchtestPAIR.html
-
-You might need to wait a couple of minutes for the output to appear.
-
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/.gitignore
----------------------------------------------------------------------
diff --git a/version22/rust/.gitignore b/version22/rust/.gitignore
deleted file mode 100644
index fc8bcce..0000000
--- a/version22/rust/.gitignore
+++ /dev/null
@@ -1,5 +0,0 @@
-cargo-registry
-target
-Cargo.lock
-.idea
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/Cargo.toml
----------------------------------------------------------------------
diff --git a/version22/rust/Cargo.toml b/version22/rust/Cargo.toml
deleted file mode 100644
index 2e83270..0000000
--- a/version22/rust/Cargo.toml
+++ /dev/null
@@ -1,24 +0,0 @@
-[package]
-name = "amcl"
-version = "0.1.2"
-authors = [
- "Vyacheslav Gudkov <vy...@dsr-company.com>",
- "Evgeniy Razinkov <ev...@dsr-company.com.ru>"
- ]
-
-description = "The Apache Milagro Cryptographic Library(version 2.2)"
-license = "Apache-2.0"
-repository = "https://github.com/MRJCrunch/amcl"
-[lib]
-name = "amcl"
-path = "src/lib.rs"
-
-[features]
-default = ["BLS383"]
-Ed25519 = []
-GOLDILOCKS = []
-BN254 = []
-BLS383 = []
-BLS455 = []
-
-[dependencies]
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/readme.txt
----------------------------------------------------------------------
diff --git a/version22/rust/readme.txt b/version22/rust/readme.txt
deleted file mode 100644
index 128f665..0000000
--- a/version22/rust/readme.txt
+++ /dev/null
@@ -1,56 +0,0 @@
-AMCL is very simple to build for Rust.
-
-This version supports both 32-bit and 64-bit builds.
-If your processor and operating system are both 64-bit, a 64-bit build
-will probably be best. Otherwise use a 32-bit build.
-
-First - decide the modulus and curve type you want to use. Edit rom32.rs
-or rom64.rs where indicated. You will probably want to use one of the curves
-whose details are already in there. You might want to "raid" the rom
-file from the C version of the library for more curves.
-
-Three example API files are provided, mpin.rs which
-supports our M-Pin (tm) protocol, ecdh.rs which supports elliptic
-curve key exchange, digital signature and public key crypto, and rsa.rs
-which supports the RSA method. The first can be tested using the
-TestMPIN.rs driver program, the second can be tested using TestECDH.rs,
-and the third with TestRSA.rs
-
-
-In the rom32.rs/rom64.rs file you must provide the curve constants. Several
-examples are provided there, if you are willing to use one of these.
-
-To help generate the ROM constants for your own curve some MIRACL helper
-programs are included. The programs bngen.cpp and blsgen.cpp generate ROM
-data for a BN and BLS pairing friendly curves, and the program ecgen.cpp
-generates ROM data for regular EC curves.
-
-The MIRACL based program check.cpp helps choose the best number base for
-big number representation, given the word-length and the size of the modulus.
-
-The program bigtobig.cpp converts a big number to the AMCL
-BIG format.
-
-For a quick jumpstart:-
-
-Copy rom32.rs to rom.rs for a 32-bit build
-
-rustc --cfg D32 -O -A dead_code TestMPIN.rs
-
-or
-
-rustc --cfg D32 -O -A dead_code TestECDH.rs
-
-or
-
-rustc --cfg D32 -O -A dead_code TestRSA.rs
-
-also
-
-rustc --cfg D32 -O -A dead_code BenchtestEC.rs
-
-rustc --cfg D32 -O -A dead_code BenchtestPAIR.rs
-
-
-For a 64-bit build copy rom64.rs to rom.rs, and use instead the
-flag --cfg D64
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/rust/src/aes.rs
----------------------------------------------------------------------
diff --git a/version22/rust/src/aes.rs b/version22/rust/src/aes.rs
deleted file mode 100644
index 5298837..0000000
--- a/version22/rust/src/aes.rs
+++ /dev/null
@@ -1,628 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-pub const ECB: usize=0;
-pub const CBC: usize=1;
-pub const CFB1: usize=2;
-pub const CFB2: usize=3;
-pub const CFB4: usize=5;
-pub const OFB1: usize=14;
-pub const OFB2: usize=15;
-pub const OFB4: usize=17;
-pub const OFB8:usize=21;
-pub const OFB16: usize=29;
-pub const CTR1: usize=30;
-pub const CTR2: usize=31;
-pub const CTR4: usize=33;
-pub const CTR8: usize=37;
-pub const CTR16: usize=45;
-
-const INCO : [u8;4] = [0xB,0xD,0x9,0xE]; /* Inverse Coefficients */
-
-const PTAB : [u8;256] = [
- 1, 3, 5, 15, 17, 51, 85, 255, 26, 46, 114, 150, 161, 248, 19, 53,
- 95, 225, 56, 72, 216, 115, 149, 164, 247, 2, 6, 10, 30, 34, 102, 170,
- 229, 52, 92, 228, 55, 89, 235, 38, 106, 190, 217, 112, 144, 171, 230, 49,
- 83, 245, 4, 12, 20, 60, 68, 204, 79, 209, 104, 184, 211, 110, 178, 205,
- 76, 212, 103, 169, 224, 59, 77, 215, 98, 166, 241, 8, 24, 40, 120, 136,
- 131, 158, 185, 208, 107, 189, 220, 127, 129, 152, 179, 206, 73, 219, 118, 154,
- 181, 196, 87, 249, 16, 48, 80, 240, 11, 29, 39, 105, 187, 214, 97, 163,
- 254, 25, 43, 125, 135, 146, 173, 236, 47, 113, 147, 174, 233, 32, 96, 160,
- 251, 22, 58, 78, 210, 109, 183, 194, 93, 231, 50, 86, 250, 21, 63, 65,
- 195, 94, 226, 61, 71, 201, 64, 192, 91, 237, 44, 116, 156, 191, 218, 117,
- 159, 186, 213, 100, 172, 239, 42, 126, 130, 157, 188, 223, 122, 142, 137, 128,
- 155, 182, 193, 88, 232, 35, 101, 175, 234, 37, 111, 177, 200, 67, 197, 84,
- 252, 31, 33, 99, 165, 244, 7, 9, 27, 45, 119, 153, 176, 203, 70, 202,
- 69, 207, 74, 222, 121, 139, 134, 145, 168, 227, 62, 66, 198, 81, 243, 14,
- 18, 54, 90, 238, 41, 123, 141, 140, 143, 138, 133, 148, 167, 242, 13, 23,
- 57, 75, 221, 124, 132, 151, 162, 253, 28, 36, 108, 180, 199, 82, 246, 1];
-
-const LTAB : [u8;256] = [
- 0, 255, 25, 1, 50, 2, 26, 198, 75, 199, 27, 104, 51, 238, 223, 3,
- 100, 4, 224, 14, 52, 141, 129, 239, 76, 113, 8, 200, 248, 105, 28, 193,
- 125, 194, 29, 181, 249, 185, 39, 106, 77, 228, 166, 114, 154, 201, 9, 120,
- 101, 47, 138, 5, 33, 15, 225, 36, 18, 240, 130, 69, 53, 147, 218, 142,
- 150, 143, 219, 189, 54, 208, 206, 148, 19, 92, 210, 241, 64, 70, 131, 56,
- 102, 221, 253, 48, 191, 6, 139, 98, 179, 37, 226, 152, 34, 136, 145, 16,
- 126, 110, 72, 195, 163, 182, 30, 66, 58, 107, 40, 84, 250, 133, 61, 186,
- 43, 121, 10, 21, 155, 159, 94, 202, 78, 212, 172, 229, 243, 115, 167, 87,
- 175, 88, 168, 80, 244, 234, 214, 116, 79, 174, 233, 213, 231, 230, 173, 232,
- 44, 215, 117, 122, 235, 22, 11, 245, 89, 203, 95, 176, 156, 169, 81, 160,
- 127, 12, 246, 111, 23, 196, 73, 236, 216, 67, 31, 45, 164, 118, 123, 183,
- 204, 187, 62, 90, 251, 96, 177, 134, 59, 82, 161, 108, 170, 85, 41, 157,
- 151, 178, 135, 144, 97, 190, 220, 252, 188, 149, 207, 205, 55, 63, 91, 209,
- 83, 57, 132, 60, 65, 162, 109, 71, 20, 42, 158, 93, 86, 242, 211, 171,
- 68, 17, 146, 217, 35, 32, 46, 137, 180, 124, 184, 38, 119, 153, 227, 165,
- 103, 74, 237, 222, 197, 49, 254, 24, 13, 99, 140, 128, 192, 247, 112, 7];
-
-
-const FBSUB : [u8;256] = [
- 99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 171, 118,
- 202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 156, 164, 114, 192,
- 183, 253, 147, 38, 54, 63, 247, 204, 52, 165, 229, 241, 113, 216, 49, 21,
- 4, 199, 35, 195, 24, 150, 5, 154, 7, 18, 128, 226, 235, 39, 178, 117,
- 9, 131, 44, 26, 27, 110, 90, 160, 82, 59, 214, 179, 41, 227, 47, 132,
- 83, 209, 0, 237, 32, 252, 177, 91, 106, 203, 190, 57, 74, 76, 88, 207,
- 208, 239, 170, 251, 67, 77, 51, 133, 69, 249, 2, 127, 80, 60, 159, 168,
- 81, 163, 64, 143, 146, 157, 56, 245, 188, 182, 218, 33, 16, 255, 243, 210,
- 205, 12, 19, 236, 95, 151, 68, 23, 196, 167, 126, 61, 100, 93, 25, 115,
- 96, 129, 79, 220, 34, 42, 144, 136, 70, 238, 184, 20, 222, 94, 11, 219,
- 224, 50, 58, 10, 73, 6, 36, 92, 194, 211, 172, 98, 145, 149, 228, 121,
- 231, 200, 55, 109, 141, 213, 78, 169, 108, 86, 244, 234, 101, 122, 174, 8,
- 186, 120, 37, 46, 28, 166, 180, 198, 232, 221, 116, 31, 75, 189, 139, 138,
- 112, 62, 181, 102, 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158,
- 225, 248, 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223,
- 140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 187, 22];
-
-const RBSUB : [u8;256] = [
- 82, 9, 106, 213, 48, 54, 165, 56, 191, 64, 163, 158, 129, 243, 215, 251,
- 124, 227, 57, 130, 155, 47, 255, 135, 52, 142, 67, 68, 196, 222, 233, 203,
- 84, 123, 148, 50, 166, 194, 35, 61, 238, 76, 149, 11, 66, 250, 195, 78,
- 8, 46, 161, 102, 40, 217, 36, 178, 118, 91, 162, 73, 109, 139, 209, 37,
- 114, 248, 246, 100, 134, 104, 152, 22, 212, 164, 92, 204, 93, 101, 182, 146,
- 108, 112, 72, 80, 253, 237, 185, 218, 94, 21, 70, 87, 167, 141, 157, 132,
- 144, 216, 171, 0, 140, 188, 211, 10, 247, 228, 88, 5, 184, 179, 69, 6,
- 208, 44, 30, 143, 202, 63, 15, 2, 193, 175, 189, 3, 1, 19, 138, 107,
- 58, 145, 17, 65, 79, 103, 220, 234, 151, 242, 207, 206, 240, 180, 230, 115,
- 150, 172, 116, 34, 231, 173, 53, 133, 226, 249, 55, 232, 28, 117, 223, 110,
- 71, 241, 26, 113, 29, 41, 197, 137, 111, 183, 98, 14, 170, 24, 190, 27,
- 252, 86, 62, 75, 198, 210, 121, 32, 154, 219, 192, 254, 120, 205, 90, 244,
- 31, 221, 168, 51, 136, 7, 199, 49, 177, 18, 16, 89, 39, 128, 236, 95,
- 96, 81, 127, 169, 25, 181, 74, 13, 45, 229, 122, 159, 147, 201, 156, 239,
- 160, 224, 59, 77, 174, 42, 245, 176, 200, 235, 187, 60, 131, 83, 153, 97,
- 23, 43, 4, 126, 186, 119, 214, 38, 225, 105, 20, 99, 85, 33, 12, 125];
-
-const RCO : [u8;16] = [1,2,4,8,16,32,64,128,27,54,108,216,171,77,154,47];
-
-const FTABLE : [u32;256] = [
- 0xa56363c6,0x847c7cf8,0x997777ee,0x8d7b7bf6,0xdf2f2ff,0xbd6b6bd6,
- 0xb16f6fde,0x54c5c591,0x50303060,0x3010102,0xa96767ce,0x7d2b2b56,
- 0x19fefee7,0x62d7d7b5,0xe6abab4d,0x9a7676ec,0x45caca8f,0x9d82821f,
- 0x40c9c989,0x877d7dfa,0x15fafaef,0xeb5959b2,0xc947478e,0xbf0f0fb,
- 0xecadad41,0x67d4d4b3,0xfda2a25f,0xeaafaf45,0xbf9c9c23,0xf7a4a453,
- 0x967272e4,0x5bc0c09b,0xc2b7b775,0x1cfdfde1,0xae93933d,0x6a26264c,
- 0x5a36366c,0x413f3f7e,0x2f7f7f5,0x4fcccc83,0x5c343468,0xf4a5a551,
- 0x34e5e5d1,0x8f1f1f9,0x937171e2,0x73d8d8ab,0x53313162,0x3f15152a,
- 0xc040408,0x52c7c795,0x65232346,0x5ec3c39d,0x28181830,0xa1969637,
- 0xf05050a,0xb59a9a2f,0x907070e,0x36121224,0x9b80801b,0x3de2e2df,
- 0x26ebebcd,0x6927274e,0xcdb2b27f,0x9f7575ea,0x1b090912,0x9e83831d,
- 0x742c2c58,0x2e1a1a34,0x2d1b1b36,0xb26e6edc,0xee5a5ab4,0xfba0a05b,
- 0xf65252a4,0x4d3b3b76,0x61d6d6b7,0xceb3b37d,0x7b292952,0x3ee3e3dd,
- 0x712f2f5e,0x97848413,0xf55353a6,0x68d1d1b9,0x0,0x2cededc1,
- 0x60202040,0x1ffcfce3,0xc8b1b179,0xed5b5bb6,0xbe6a6ad4,0x46cbcb8d,
- 0xd9bebe67,0x4b393972,0xde4a4a94,0xd44c4c98,0xe85858b0,0x4acfcf85,
- 0x6bd0d0bb,0x2aefefc5,0xe5aaaa4f,0x16fbfbed,0xc5434386,0xd74d4d9a,
- 0x55333366,0x94858511,0xcf45458a,0x10f9f9e9,0x6020204,0x817f7ffe,
- 0xf05050a0,0x443c3c78,0xba9f9f25,0xe3a8a84b,0xf35151a2,0xfea3a35d,
- 0xc0404080,0x8a8f8f05,0xad92923f,0xbc9d9d21,0x48383870,0x4f5f5f1,
- 0xdfbcbc63,0xc1b6b677,0x75dadaaf,0x63212142,0x30101020,0x1affffe5,
- 0xef3f3fd,0x6dd2d2bf,0x4ccdcd81,0x140c0c18,0x35131326,0x2fececc3,
- 0xe15f5fbe,0xa2979735,0xcc444488,0x3917172e,0x57c4c493,0xf2a7a755,
- 0x827e7efc,0x473d3d7a,0xac6464c8,0xe75d5dba,0x2b191932,0x957373e6,
- 0xa06060c0,0x98818119,0xd14f4f9e,0x7fdcdca3,0x66222244,0x7e2a2a54,
- 0xab90903b,0x8388880b,0xca46468c,0x29eeeec7,0xd3b8b86b,0x3c141428,
- 0x79dedea7,0xe25e5ebc,0x1d0b0b16,0x76dbdbad,0x3be0e0db,0x56323264,
- 0x4e3a3a74,0x1e0a0a14,0xdb494992,0xa06060c,0x6c242448,0xe45c5cb8,
- 0x5dc2c29f,0x6ed3d3bd,0xefacac43,0xa66262c4,0xa8919139,0xa4959531,
- 0x37e4e4d3,0x8b7979f2,0x32e7e7d5,0x43c8c88b,0x5937376e,0xb76d6dda,
- 0x8c8d8d01,0x64d5d5b1,0xd24e4e9c,0xe0a9a949,0xb46c6cd8,0xfa5656ac,
- 0x7f4f4f3,0x25eaeacf,0xaf6565ca,0x8e7a7af4,0xe9aeae47,0x18080810,
- 0xd5baba6f,0x887878f0,0x6f25254a,0x722e2e5c,0x241c1c38,0xf1a6a657,
- 0xc7b4b473,0x51c6c697,0x23e8e8cb,0x7cdddda1,0x9c7474e8,0x211f1f3e,
- 0xdd4b4b96,0xdcbdbd61,0x868b8b0d,0x858a8a0f,0x907070e0,0x423e3e7c,
- 0xc4b5b571,0xaa6666cc,0xd8484890,0x5030306,0x1f6f6f7,0x120e0e1c,
- 0xa36161c2,0x5f35356a,0xf95757ae,0xd0b9b969,0x91868617,0x58c1c199,
- 0x271d1d3a,0xb99e9e27,0x38e1e1d9,0x13f8f8eb,0xb398982b,0x33111122,
- 0xbb6969d2,0x70d9d9a9,0x898e8e07,0xa7949433,0xb69b9b2d,0x221e1e3c,
- 0x92878715,0x20e9e9c9,0x49cece87,0xff5555aa,0x78282850,0x7adfdfa5,
- 0x8f8c8c03,0xf8a1a159,0x80898909,0x170d0d1a,0xdabfbf65,0x31e6e6d7,
- 0xc6424284,0xb86868d0,0xc3414182,0xb0999929,0x772d2d5a,0x110f0f1e,
- 0xcbb0b07b,0xfc5454a8,0xd6bbbb6d,0x3a16162c];
-
-const RTABLE : [u32;256] = [
- 0x50a7f451,0x5365417e,0xc3a4171a,0x965e273a,0xcb6bab3b,0xf1459d1f,
- 0xab58faac,0x9303e34b,0x55fa3020,0xf66d76ad,0x9176cc88,0x254c02f5,
- 0xfcd7e54f,0xd7cb2ac5,0x80443526,0x8fa362b5,0x495ab1de,0x671bba25,
- 0x980eea45,0xe1c0fe5d,0x2752fc3,0x12f04c81,0xa397468d,0xc6f9d36b,
- 0xe75f8f03,0x959c9215,0xeb7a6dbf,0xda595295,0x2d83bed4,0xd3217458,
- 0x2969e049,0x44c8c98e,0x6a89c275,0x78798ef4,0x6b3e5899,0xdd71b927,
- 0xb64fe1be,0x17ad88f0,0x66ac20c9,0xb43ace7d,0x184adf63,0x82311ae5,
- 0x60335197,0x457f5362,0xe07764b1,0x84ae6bbb,0x1ca081fe,0x942b08f9,
- 0x58684870,0x19fd458f,0x876cde94,0xb7f87b52,0x23d373ab,0xe2024b72,
- 0x578f1fe3,0x2aab5566,0x728ebb2,0x3c2b52f,0x9a7bc586,0xa50837d3,
- 0xf2872830,0xb2a5bf23,0xba6a0302,0x5c8216ed,0x2b1ccf8a,0x92b479a7,
- 0xf0f207f3,0xa1e2694e,0xcdf4da65,0xd5be0506,0x1f6234d1,0x8afea6c4,
- 0x9d532e34,0xa055f3a2,0x32e18a05,0x75ebf6a4,0x39ec830b,0xaaef6040,
- 0x69f715e,0x51106ebd,0xf98a213e,0x3d06dd96,0xae053edd,0x46bde64d,
- 0xb58d5491,0x55dc471,0x6fd40604,0xff155060,0x24fb9819,0x97e9bdd6,
- 0xcc434089,0x779ed967,0xbd42e8b0,0x888b8907,0x385b19e7,0xdbeec879,
- 0x470a7ca1,0xe90f427c,0xc91e84f8,0x0,0x83868009,0x48ed2b32,
- 0xac70111e,0x4e725a6c,0xfbff0efd,0x5638850f,0x1ed5ae3d,0x27392d36,
- 0x64d90f0a,0x21a65c68,0xd1545b9b,0x3a2e3624,0xb1670a0c,0xfe75793,
- 0xd296eeb4,0x9e919b1b,0x4fc5c080,0xa220dc61,0x694b775a,0x161a121c,
- 0xaba93e2,0xe52aa0c0,0x43e0223c,0x1d171b12,0xb0d090e,0xadc78bf2,
- 0xb9a8b62d,0xc8a91e14,0x8519f157,0x4c0775af,0xbbdd99ee,0xfd607fa3,
- 0x9f2601f7,0xbcf5725c,0xc53b6644,0x347efb5b,0x7629438b,0xdcc623cb,
- 0x68fcedb6,0x63f1e4b8,0xcadc31d7,0x10856342,0x40229713,0x2011c684,
- 0x7d244a85,0xf83dbbd2,0x1132f9ae,0x6da129c7,0x4b2f9e1d,0xf330b2dc,
- 0xec52860d,0xd0e3c177,0x6c16b32b,0x99b970a9,0xfa489411,0x2264e947,
- 0xc48cfca8,0x1a3ff0a0,0xd82c7d56,0xef903322,0xc74e4987,0xc1d138d9,
- 0xfea2ca8c,0x360bd498,0xcf81f5a6,0x28de7aa5,0x268eb7da,0xa4bfad3f,
- 0xe49d3a2c,0xd927850,0x9bcc5f6a,0x62467e54,0xc2138df6,0xe8b8d890,
- 0x5ef7392e,0xf5afc382,0xbe805d9f,0x7c93d069,0xa92dd56f,0xb31225cf,
- 0x3b99acc8,0xa77d1810,0x6e639ce8,0x7bbb3bdb,0x97826cd,0xf418596e,
- 0x1b79aec,0xa89a4f83,0x656e95e6,0x7ee6ffaa,0x8cfbc21,0xe6e815ef,
- 0xd99be7ba,0xce366f4a,0xd4099fea,0xd67cb029,0xafb2a431,0x31233f2a,
- 0x3094a5c6,0xc066a235,0x37bc4e74,0xa6ca82fc,0xb0d090e0,0x15d8a733,
- 0x4a9804f1,0xf7daec41,0xe50cd7f,0x2ff69117,0x8dd64d76,0x4db0ef43,
- 0x544daacc,0xdf0496e4,0xe3b5d19e,0x1b886a4c,0xb81f2cc1,0x7f516546,
- 0x4ea5e9d,0x5d358c01,0x737487fa,0x2e410bfb,0x5a1d67b3,0x52d2db92,
- 0x335610e9,0x1347d66d,0x8c61d79a,0x7a0ca137,0x8e14f859,0x893c13eb,
- 0xee27a9ce,0x35c961b7,0xede51ce1,0x3cb1477a,0x59dfd29c,0x3f73f255,
- 0x79ce1418,0xbf37c773,0xeacdf753,0x5baafd5f,0x146f3ddf,0x86db4478,
- 0x81f3afca,0x3ec468b9,0x2c342438,0x5f40a3c2,0x72c31d16,0xc25e2bc,
- 0x8b493c28,0x41950dff,0x7101a839,0xdeb30c08,0x9ce4b4d8,0x90c15664,
- 0x6184cb7b,0x70b632d5,0x745c6c48,0x4257b8d0];
-
-
-pub struct AES {
- nk: usize,
- nr: usize,
- mode: usize,
- fkey: [u32;60],
- rkey: [u32;60],
- pub f: [u8;16]
-}
-
-impl AES {
-
- fn rotl8(x: u32) -> u32 {
- return ((x)<<8)|((x)>>24);
- }
-
- fn rotl16(x: u32) -> u32 {
- return ((x)<<16)|((x)>>16);
- }
-
- fn rotl24(x: u32) -> u32 {
- return ((x)<<24)|((x)>>8);
- }
-
- fn pack(b: [u8;4]) -> u32 { /* pack bytes into a 32-bit Word */
- return ((((b[3])&0xff) as u32)<<24)|((((b[2])&0xff) as u32)<<16)|((((b[1])&0xff) as u32)<<8)|(((b[0])&0xff) as u32);
- }
-
- fn unpack(a: u32) -> [u8;4] { /* unpack bytes from a word */
- let b:[u8;4]=[(a&0xff) as u8,((a>>8)&0xff) as u8,((a>>16)&0xff) as u8,((a>>24)&0xff) as u8];
- return b;
- }
-
- fn bmul(x: u8,y: u8) -> u8 { /* x.y= AntiLog(Log(x) + Log(y)) */
- let ix=(x as usize)&0xff;
- let iy=(y as usize)&0xff;
- let lx=(LTAB[ix] as usize)&0xff;
- let ly=(LTAB[iy] as usize)&0xff;
-
- if x != 0 && y != 0 {
- return PTAB[(lx+ly)%255];
- } else {return 0}
- }
-
- fn subbyte(a: u32) -> u32 {
- let mut b=AES::unpack(a);
- b[0]=FBSUB[b[0] as usize];
- b[1]=FBSUB[b[1] as usize];
- b[2]=FBSUB[b[2] as usize];
- b[3]=FBSUB[b[3] as usize];
- return AES::pack(b);
- }
-
- fn product(x: u32,y: u32) -> u8 { /* dot product of two 4-byte arrays */
- let xb=AES::unpack(x);
- let yb=AES::unpack(y);
-
- return AES::bmul(xb[0],yb[0])^AES::bmul(xb[1],yb[1])^AES::bmul(xb[2],yb[2])^AES::bmul(xb[3],yb[3]);
- }
-
- fn invmixcol(x: u32) -> u32 { /* matrix Multiplication */
- let mut b:[u8;4]=[0;4];
- let mut m=AES::pack(INCO);
- b[3]=AES::product(m,x);
- m=AES::rotl24(m);
- b[2]=AES::product(m,x);
- m=AES::rotl24(m);
- b[1]=AES::product(m,x);
- m=AES::rotl24(m);
- b[0]=AES::product(m,x);
- let y=AES::pack(b);
- return y;
- }
-
- fn increment(f: &mut [u8;16]) {
- for i in 0..16 {
- f[i]+=1;
- if f[i]!=0 {break}
- }
- }
-
- pub fn new() -> AES {
- AES {
- nk:0,
- nr:0,
- mode:0,
- fkey:[0;60],
- rkey:[0;60],
- f:[0;16]
-
- }
- }
-
-/* reset cipher */
- pub fn reset(&mut self,m: usize,iv: Option<[u8;16]>) { /* reset mode, or reset iv */
- self.mode=m;
- for i in 0..16 {self.f[i]=0}
- if self.mode != ECB
- {
- if let Some(x) = iv {
- for i in 0..16 {self.f[i]=x[i]}
- }
- }
- }
-
- pub fn init(&mut self,m: usize,nkey: usize,key: &[u8],iv: Option<[u8;16]>) -> bool {
-/* Key Scheduler. Create expanded encryption key */
- let mut cipherkey:[u32;8]=[0;8];
- let mut b:[u8;4]=[0;4];
- let nk=nkey/4;
- if nk!=4 && nk!=6 && nk!=8 {return false}
- let nr=6+nk;
- self.nk=nk;
- self.nr=nr;
- self.reset(m,iv);
- let n=4*(nr+1);
-
- let mut j=0;
- for i in 0..nk {
- for k in 0..4 {b[k]=key[j+k]}
- cipherkey[i]=AES::pack(b);
- j+=4;
- }
-
- for i in 0..nk {self.fkey[i]=cipherkey[i]}
- j=nk;
- let mut k=0;
- while j<n {
- self.fkey[j]=self.fkey[j-nk]^AES::subbyte(AES::rotl24(self.fkey[j-1]))^(RCO[k] as u32);
- for i in 1..nk {
- if (i+j) >= n {break}
- self.fkey[i+j]=self.fkey[i+j-nk]^self.fkey[i+j-1];
- }
- j+=nk;
- k+=1;
- }
-
- /* now for the expanded decrypt key in reverse order */
-
- for j in 0..4 {self.rkey[j+n-4]=self.fkey[j]}
- let mut i=4;
- while i<n-4 {
- let k=n-4-i;
- for j in 0..4 {self.rkey[k+j]=AES::invmixcol(self.fkey[i+j])}
- i+=4;
- }
- for j in n-4..n {self.rkey[j-n+4]=self.fkey[j]}
- return true;
- }
-
- pub fn getreg(&mut self) -> [u8;16] {
- let mut ir:[u8;16]=[0;16];
- for i in 0..16 {ir[i]=self.f[i]}
- return ir;
- }
-
- /* Encrypt a single block */
- pub fn ecb_encrypt(&mut self,buff: &mut [u8;16]) {
- let mut b:[u8;4]=[0;4];
- let mut p:[u32;4]=[0;4];
- let mut q:[u32;4]=[0;4];
-
- let mut j=0;
- for i in 0..4 {
- for k in 0..4 {b[k]=buff[j+k]}
- p[i]=AES::pack(b);
- p[i]^=self.fkey[i];
- j+=4;
- }
-
- let mut k=4;
-
- /* State alternates between p and q */
- for _ in 1..self.nr {
- q[0]=self.fkey[k]^FTABLE[(p[0]&0xff) as usize]^AES::rotl8(FTABLE[((p[1]>>8)&0xff) as usize])^AES::rotl16(FTABLE[((p[2]>>16)&0xff) as usize])^AES::rotl24(FTABLE[((p[3]>>24)&0xff) as usize]);
-
- q[1]=self.fkey[k+1]^FTABLE[(p[1]&0xff) as usize]^AES::rotl8(FTABLE[((p[2]>>8)&0xff) as usize])^AES::rotl16(FTABLE[((p[3]>>16)&0xff) as usize])^AES::rotl24(FTABLE[((p[0]>>24)&0xff) as usize]);
-
- q[2]=self.fkey[k+2]^FTABLE[(p[2]&0xff) as usize]^AES::rotl8(FTABLE[((p[3]>>8)&0xff) as usize])^AES::rotl16(FTABLE[((p[0]>>16)&0xff) as usize])^AES::rotl24(FTABLE[((p[1]>>24)&0xff) as usize]);
-
- q[3]=self.fkey[k+3]^FTABLE[(p[3]&0xff) as usize]^AES::rotl8(FTABLE[((p[0]>>8)&0xff) as usize])^AES::rotl16(FTABLE[((p[1]>>16)&0xff) as usize])^AES::rotl24(FTABLE[((p[2]>>24)&0xff) as usize]);
-
- k+=4;
- for j in 0..4 {
- let t=p[j]; p[j]=q[j]; q[j]=t;
- }
- }
-
- /* Last Round */
-
- q[0]=self.fkey[k]^(FBSUB[(p[0]&0xff) as usize] as u32)^AES::rotl8((FBSUB[((p[1]>>8)&0xff) as usize]) as u32)^AES::rotl16((FBSUB[((p[2]>>16)&0xff) as usize]) as u32)^AES::rotl24((FBSUB[((p[3]>>24)&0xff) as usize]) as u32);
-
- q[1]=self.fkey[k+1]^(FBSUB[(p[1]&0xff) as usize] as u32)^AES::rotl8((FBSUB[((p[2]>>8)&0xff) as usize]) as u32)^AES::rotl16((FBSUB[((p[3]>>16)&0xff) as usize]) as u32)^AES::rotl24((FBSUB[((p[0]>>24)&0xff) as usize]) as u32);
-
- q[2]=self.fkey[k+2]^(FBSUB[(p[2]&0xff) as usize] as u32)^AES::rotl8((FBSUB[((p[3]>>8)&0xff) as usize]) as u32)^AES::rotl16((FBSUB[((p[0]>>16)&0xff) as usize]) as u32)^AES::rotl24((FBSUB[((p[1]>>24)&0xff) as usize]) as u32);
-
- q[3]=self.fkey[k+3]^(FBSUB[(p[3]&0xff) as usize] as u32)^AES::rotl8((FBSUB[((p[0]>>8)&0xff) as usize]) as u32)^AES::rotl16((FBSUB[((p[1]>>16)&0xff) as usize]) as u32)^AES::rotl24((FBSUB[((p[2]>>24)&0xff) as usize]) as u32);
-
- j=0;
- for i in 0..4 {
- b=AES::unpack(q[i]);
- for k in 0..4 {buff[j+k]=b[k]}
- j+=4;
- }
- }
-
- /* Decrypt a single block */
- pub fn ecb_decrypt(&mut self,buff: &mut [u8;16]) {
- let mut b:[u8;4]=[0;4];
- let mut p:[u32;4]=[0;4];
- let mut q:[u32;4]=[0;4];
-
- let mut j=0;
- for i in 0..4 {
- for k in 0..4 {b[k]=buff[j+k]}
- p[i]=AES::pack(b);
- p[i]^=self.rkey[i];
- j+=4;
- }
-
- let mut k=4;
-
- /* State alternates between p and q */
- for _ in 1..self.nr {
-
- q[0]=self.rkey[k]^RTABLE[(p[0]&0xff) as usize]^AES::rotl8(RTABLE[((p[3]>>8)&0xff) as usize])^AES::rotl16(RTABLE[((p[2]>>16)&0xff) as usize])^AES::rotl24(RTABLE[((p[1]>>24)&0xff) as usize]);
-
- q[1]=self.rkey[k+1]^RTABLE[(p[1]&0xff) as usize]^AES::rotl8(RTABLE[((p[0]>>8)&0xff) as usize])^AES::rotl16(RTABLE[((p[3]>>16)&0xff) as usize])^AES::rotl24(RTABLE[((p[2]>>24)&0xff) as usize]);
-
-
- q[2]=self.rkey[k+2]^RTABLE[(p[2]&0xff) as usize]^AES::rotl8(RTABLE[((p[1]>>8)&0xff) as usize])^AES::rotl16(RTABLE[((p[0]>>16)&0xff) as usize])^AES::rotl24(RTABLE[((p[3]>>24)&0xff) as usize]);
-
- q[3]=self.rkey[k+3]^RTABLE[(p[3]&0xff) as usize]^AES::rotl8(RTABLE[((p[2]>>8)&0xff) as usize])^AES::rotl16(RTABLE[((p[1]>>16)&0xff) as usize])^AES::rotl24(RTABLE[((p[0]>>24)&0xff) as usize]);
-
-
- k+=4;
- for j in 0..4 {
- let t=p[j]; p[j]=q[j]; q[j]=t;
- }
- }
-
- /* Last Round */
-
- q[0]=self.rkey[k]^(RBSUB[(p[0]&0xff) as usize] as u32)^AES::rotl8((RBSUB[((p[3]>>8)&0xff) as usize]) as u32)^AES::rotl16((RBSUB[((p[2]>>16)&0xff) as usize]) as u32)^AES::rotl24((RBSUB[((p[1]>>24)&0xff) as usize]) as u32);
-
- q[1]=self.rkey[k+1]^(RBSUB[(p[1]&0xff) as usize] as u32)^AES::rotl8((RBSUB[((p[0]>>8)&0xff) as usize]) as u32)^AES::rotl16((RBSUB[((p[3]>>16)&0xff) as usize]) as u32)^AES::rotl24((RBSUB[((p[2]>>24)&0xff) as usize]) as u32);
-
-
- q[2]=self.rkey[k+2]^(RBSUB[(p[2]&0xff) as usize] as u32)^AES::rotl8((RBSUB[((p[1]>>8)&0xff) as usize]) as u32)^AES::rotl16((RBSUB[((p[0]>>16)&0xff) as usize]) as u32)^AES::rotl24((RBSUB[((p[3]>>24)&0xff) as usize]) as u32);
-
- q[3]=self.rkey[k+3]^(RBSUB[((p[3])&0xff) as usize] as u32)^AES::rotl8((RBSUB[((p[2]>>8)&0xff) as usize]) as u32)^AES::rotl16((RBSUB[((p[1]>>16)&0xff) as usize]) as u32)^AES::rotl24((RBSUB[((p[0]>>24)&0xff) as usize]) as u32);
-
- j=0;
- for i in 0..4 {
- b=AES::unpack(q[i]);
- for k in 0..4 {buff[j+k]=b[k]}
- j+=4;
- }
- }
-
-/* Encrypt using selected mode of operation */
- pub fn encrypt(&mut self,buff: &mut [u8;16]) -> u32 {
- let mut st:[u8;16]=[0;16];
-
- // Supported Modes of Operation
-
- let mut fell_off: u32=0;
-
- match self.mode {
- ECB => {
- self.ecb_encrypt(buff);
- return 0;
- },
- CBC => {
- for j in 0..16 {buff[j]^=self.f[j]}
- self.ecb_encrypt(buff);
- for j in 0..16 {self.f[j]=buff[j]}
- return 0;
- },
-
- CFB1 | CFB2 | CFB4 => {
- let bytes=self.mode-CFB1+1;
- for j in 0..bytes {fell_off=(fell_off<<8)|(self.f[j] as u32)}
- for j in 0..16 {st[j]=self.f[j]}
- for j in bytes..16 {self.f[j-bytes]=self.f[j]}
- self.ecb_encrypt(&mut st);
- for j in 0..bytes {
- buff[j]^=st[j];
- self.f[16-bytes+j]=buff[j];
- }
- return fell_off;
- },
-
- OFB1 | OFB2 | OFB4 | OFB8 | OFB16 => {
- let bytes=self.mode-OFB1+1;
- for j in 0..16 {st[j]=self.f[j]}
- self.ecb_encrypt(&mut st);
- for j in 0..bytes {buff[j]^=st[j]}
- for j in 0..16 {self.f[j]=st[j]}
-
- //self.ecb_encrypt(&mut (self.f));
- //for j in 0..bytes {buff[j]^=self.f[j]}
- return 0;
- },
-
- CTR1 | CTR2 | CTR4 | CTR8 | CTR16 => {
- let bytes=self.mode-CTR1+1;
- for j in 0..16 {st[j]=self.f[j]}
- self.ecb_encrypt(&mut st);
- for j in 0..bytes {buff[j]^=st[j]}
- AES::increment(&mut (self.f));
- return 0;
- },
-
- _ => {
- return 0;
- }
- }
- }
-
- /* Decrypt using selected mode of operation */
- pub fn decrypt(&mut self,buff: &mut [u8;16]) -> u32 {
-
- let mut st:[u8;16]=[0;16];
-
- // Supported Modes of Operation
-
- let mut fell_off: u32=0;
-
- match self.mode {
- ECB => {
- self.ecb_decrypt(buff);
- return 0;
- },
- CBC => {
- for j in 0..16 {
- st[j]=self.f[j];
- self.f[j]=buff[j];
- }
- self.ecb_decrypt(buff);
- for j in 0..16 {
- buff[j]^=st[j];
- st[j]=0;
- }
- return 0;
- },
- CFB1 | CFB2 | CFB4 => {
- let bytes=self.mode-CFB1+1;
- for j in 0..bytes {fell_off=(fell_off<<8)|(self.f[j] as u32)}
- for j in 0..16 {st[j]=self.f[j]}
- for j in bytes..16 {self.f[j-bytes]=self.f[j]}
- self.ecb_encrypt(&mut st);
- for j in 0..bytes {
- self.f[16-bytes+j]=buff[j];
- buff[j]^=st[j];
- }
- return fell_off;
- },
- OFB1 | OFB2 | OFB4 | OFB8 | OFB16 => {
- let bytes=self.mode-OFB1+1;
- for j in 0..16 {st[j]=self.f[j]}
- self.ecb_encrypt(&mut st);
- for j in 0..bytes {buff[j]^=st[j]}
- for j in 0..16 {self.f[j]=st[j]}
- // self.ecb_encrypt(A.f[:]);
- // for j in 0..bytes {buff[j]^=self.f[j]}
- return 0;
- },
-
- CTR1 | CTR2 | CTR4 | CTR8 | CTR16 => {
- let bytes=self.mode-CTR1+1;
- for j in 0..16 {st[j]=self.f[j]}
- self.ecb_encrypt(&mut st);
- for j in 0..bytes {buff[j]^=st[j]}
- AES::increment(&mut (self.f));
- return 0;
- },
-
- _ => {
- return 0;
- }
- }
- }
-
-/* Clean up and delete left-overs */
- pub fn end(&mut self) { // clean up
- for i in 0..4*(self.nr+1) {self.fkey[i]=0; self.rkey[i]=0}
- for i in 0..16 {self.f[i]=0}
- }
-}
-
-/*
-fn main()
-{
- let mut key:[u8;32]=[0;32];
- let mut block:[u8;16]=[0;16];
- let mut iv: [u8;16] = [0;16];
-
- for i in 0..32 {key[i]=0}
- key[0]=1;
- for i in 0..16 {iv[i]=i as u8}
- for i in 0..16 {block[i]=i as u8}
-
- let mut aes=AES::new();
- aes.init(CTR16,32,&key,Some(iv));
-
- println!("Plain= ");
- for i in 0..16 {print!("{:02x} ",block[i])}
- println!("");
-
- aes.encrypt(&mut block);
-
- println!("Encrypt= ");
- for i in 0..16 {print!("{:02x} ",block[i])}
- println!("");
-
- aes.reset(CTR16,Some(iv));
- aes.decrypt(&mut block);
-
- println!("Decrypt= ");
- for i in 0..16 {print!("{:02x} ",block[i])}
- println!("");
-
- aes.end();
-}
-*/