diff options
Diffstat (limited to 'core/src/main/java/org/bouncycastle/crypto/digests')
26 files changed, 0 insertions, 8526 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/EncodableDigest.java b/core/src/main/java/org/bouncycastle/crypto/digests/EncodableDigest.java deleted file mode 100644 index d79fece8..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/digests/EncodableDigest.java +++ /dev/null @@ -1,17 +0,0 @@ -package org.bouncycastle.crypto.digests; - -/** - * Encodable digests allow you to download an encoded copy of their internal state. This is useful for the situation where - * you need to generate a signature on an external device and it allows for "sign with last round", so a copy of the - * internal state of the digest, plus the last few blocks of the message are all that needs to be sent, rather than the - * entire message. - */ -public interface EncodableDigest -{ - /** - * Return an encoded byte array for the digest's internal state - * - * @return an encoding of the digests internal state. - */ - byte[] getEncodedState(); -} diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/GOST3411Digest.java b/core/src/main/java/org/bouncycastle/crypto/digests/GOST3411Digest.java deleted file mode 100644 index 2df2d51a..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/digests/GOST3411Digest.java +++ /dev/null @@ -1,362 +0,0 @@ -package org.bouncycastle.crypto.digests; - -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.ExtendedDigest; -import org.bouncycastle.crypto.engines.GOST28147Engine; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithSBox; -import org.bouncycastle.util.Arrays; -import org.bouncycastle.util.Memoable; -import org.bouncycastle.util.Pack; - -/** - * implementation of GOST R 34.11-94 - */ -public class GOST3411Digest - implements ExtendedDigest, Memoable -{ - private static final int DIGEST_LENGTH = 32; - - private byte[] H = new byte[32], L = new byte[32], - M = new byte[32], Sum = new byte[32]; - private byte[][] C = new byte[4][32]; - - private byte[] xBuf = new byte[32]; - private int xBufOff; - private long byteCount; - - private BlockCipher cipher = new GOST28147Engine(); - private byte[] sBox; - - /** - * Standard constructor - */ - public GOST3411Digest() - { - sBox = GOST28147Engine.getSBox("D-A"); - cipher.init(true, new ParametersWithSBox(null, sBox)); - - reset(); - } - - /** - * Constructor to allow use of a particular sbox with GOST28147 - * @see GOST28147Engine#getSBox(String) - */ - public GOST3411Digest(byte[] sBoxParam) - { - sBox = Arrays.clone(sBoxParam); - cipher.init(true, new ParametersWithSBox(null, sBox)); - - reset(); - } - - /** - * Copy constructor. This will copy the state of the provided - * message digest. - */ - public GOST3411Digest(GOST3411Digest t) - { - reset(t); - } - - public String getAlgorithmName() - { - return "GOST3411"; - } - - public int getDigestSize() - { - return DIGEST_LENGTH; - } - - public void update(byte in) - { - xBuf[xBufOff++] = in; - if (xBufOff == xBuf.length) - { - sumByteArray(xBuf); // calc sum M - processBlock(xBuf, 0); - xBufOff = 0; - } - byteCount++; - } - - public void update(byte[] in, int inOff, int len) - { - while ((xBufOff != 0) && (len > 0)) - { - update(in[inOff]); - inOff++; - len--; - } - - while (len > xBuf.length) - { - System.arraycopy(in, inOff, xBuf, 0, xBuf.length); - - sumByteArray(xBuf); // calc sum M - processBlock(xBuf, 0); - inOff += xBuf.length; - len -= xBuf.length; - byteCount += xBuf.length; - } - - // load in the remainder. - while (len > 0) - { - update(in[inOff]); - inOff++; - len--; - } - } - - // (i + 1 + 4(k - 1)) = 8i + k i = 0-3, k = 1-8 - private byte[] K = new byte[32]; - - private byte[] P(byte[] in) - { - for(int k = 0; k < 8; k++) - { - K[4*k] = in[k]; - K[1 + 4*k] = in[ 8 + k]; - K[2 + 4*k] = in[16 + k]; - K[3 + 4*k] = in[24 + k]; - } - - return K; - } - - //A (x) = (x0 ^ x1) || x3 || x2 || x1 - byte[] a = new byte[8]; - private byte[] A(byte[] in) - { - for(int j=0; j<8; j++) - { - a[j]=(byte)(in[j] ^ in[j+8]); - } - - System.arraycopy(in, 8, in, 0, 24); - System.arraycopy(a, 0, in, 24, 8); - - return in; - } - - //Encrypt function, ECB mode - private void E(byte[] key, byte[] s, int sOff, byte[] in, int inOff) - { - cipher.init(true, new KeyParameter(key)); - - cipher.processBlock(in, inOff, s, sOff); - } - - // (in:) n16||..||n1 ==> (out:) n1^n2^n3^n4^n13^n16||n16||..||n2 - short[] wS = new short[16], w_S = new short[16]; - - private void fw(byte[] in) - { - cpyBytesToShort(in, wS); - w_S[15] = (short)(wS[0] ^ wS[1] ^ wS[2] ^ wS[3] ^ wS[12] ^ wS[15]); - System.arraycopy(wS, 1, w_S, 0, 15); - cpyShortToBytes(w_S, in); - } - - // block processing - byte[] S = new byte[32]; - byte[] U = new byte[32], V = new byte[32], W = new byte[32]; - - protected void processBlock(byte[] in, int inOff) - { - System.arraycopy(in, inOff, M, 0, 32); - - //key step 1 - - // H = h3 || h2 || h1 || h0 - // S = s3 || s2 || s1 || s0 - System.arraycopy(H, 0, U, 0, 32); - System.arraycopy(M, 0, V, 0, 32); - for (int j=0; j<32; j++) - { - W[j] = (byte)(U[j]^V[j]); - } - // Encrypt gost28147-ECB - E(P(W), S, 0, H, 0); // s0 = EK0 [h0] - - //keys step 2,3,4 - for (int i=1; i<4; i++) - { - byte[] tmpA = A(U); - for (int j=0; j<32; j++) - { - U[j] = (byte)(tmpA[j] ^ C[i][j]); - } - V = A(A(V)); - for (int j=0; j<32; j++) - { - W[j] = (byte)(U[j]^V[j]); - } - // Encrypt gost28147-ECB - E(P(W), S, i * 8, H, i * 8); // si = EKi [hi] - } - - // x(M, H) = y61(H^y(M^y12(S))) - for(int n = 0; n < 12; n++) - { - fw(S); - } - for(int n = 0; n < 32; n++) - { - S[n] = (byte)(S[n] ^ M[n]); - } - - fw(S); - - for(int n = 0; n < 32; n++) - { - S[n] = (byte)(H[n] ^ S[n]); - } - for(int n = 0; n < 61; n++) - { - fw(S); - } - System.arraycopy(S, 0, H, 0, H.length); - } - - private void finish() - { - Pack.longToLittleEndian(byteCount * 8, L, 0); // get length into L (byteCount * 8 = bitCount) - - while (xBufOff != 0) - { - update((byte)0); - } - - processBlock(L, 0); - processBlock(Sum, 0); - } - - public int doFinal( - byte[] out, - int outOff) - { - finish(); - - System.arraycopy(H, 0, out, outOff, H.length); - - reset(); - - return DIGEST_LENGTH; - } - - /** - * reset the chaining variables to the IV values. - */ - private static final byte[] C2 = { - 0x00,(byte)0xFF,0x00,(byte)0xFF,0x00,(byte)0xFF,0x00,(byte)0xFF, - (byte)0xFF,0x00,(byte)0xFF,0x00,(byte)0xFF,0x00,(byte)0xFF,0x00, - 0x00,(byte)0xFF,(byte)0xFF,0x00,(byte)0xFF,0x00,0x00,(byte)0xFF, - (byte)0xFF,0x00,0x00,0x00,(byte)0xFF,(byte)0xFF,0x00,(byte)0xFF}; - - public void reset() - { - byteCount = 0; - xBufOff = 0; - - for(int i=0; i<H.length; i++) - { - H[i] = 0; // start vector H - } - for(int i=0; i<L.length; i++) - { - L[i] = 0; - } - for(int i=0; i<M.length; i++) - { - M[i] = 0; - } - for(int i=0; i<C[1].length; i++) - { - C[1][i] = 0; // real index C = +1 because index array with 0. - } - for(int i=0; i<C[3].length; i++) - { - C[3][i] = 0; - } - for(int i=0; i<Sum.length; i++) - { - Sum[i] = 0; - } - for(int i = 0; i < xBuf.length; i++) - { - xBuf[i] = 0; - } - - System.arraycopy(C2, 0, C[2], 0, C2.length); - } - - // 256 bitsblock modul -> (Sum + a mod (2^256)) - private void sumByteArray(byte[] in) - { - int carry = 0; - - for (int i = 0; i != Sum.length; i++) - { - int sum = (Sum[i] & 0xff) + (in[i] & 0xff) + carry; - - Sum[i] = (byte)sum; - - carry = sum >>> 8; - } - } - - private void cpyBytesToShort(byte[] S, short[] wS) - { - for(int i=0; i<S.length/2; i++) - { - wS[i] = (short)(((S[i*2+1]<<8)&0xFF00)|(S[i*2]&0xFF)); - } - } - - private void cpyShortToBytes(short[] wS, byte[] S) - { - for(int i=0; i<S.length/2; i++) - { - S[i*2 + 1] = (byte)(wS[i] >> 8); - S[i*2] = (byte)wS[i]; - } - } - - public int getByteLength() - { - return 32; - } - - public Memoable copy() - { - return new GOST3411Digest(this); - } - - public void reset(Memoable other) - { - GOST3411Digest t = (GOST3411Digest)other; - - this.sBox = t.sBox; - cipher.init(true, new ParametersWithSBox(null, sBox)); - - reset(); - - System.arraycopy(t.H, 0, this.H, 0, t.H.length); - System.arraycopy(t.L, 0, this.L, 0, t.L.length); - System.arraycopy(t.M, 0, this.M, 0, t.M.length); - System.arraycopy(t.Sum, 0, this.Sum, 0, t.Sum.length); - System.arraycopy(t.C[1], 0, this.C[1], 0, t.C[1].length); - System.arraycopy(t.C[2], 0, this.C[2], 0, t.C[2].length); - System.arraycopy(t.C[3], 0, this.C[3], 0, t.C[3].length); - System.arraycopy(t.xBuf, 0, this.xBuf, 0, t.xBuf.length); - - this.xBufOff = t.xBufOff; - this.byteCount = t.byteCount; - } -} - - diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/GeneralDigest.java b/core/src/main/java/org/bouncycastle/crypto/digests/GeneralDigest.java deleted file mode 100644 index 29692bad..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/digests/GeneralDigest.java +++ /dev/null @@ -1,155 +0,0 @@ -package org.bouncycastle.crypto.digests; - -import org.bouncycastle.crypto.ExtendedDigest; -import org.bouncycastle.util.Memoable; -import org.bouncycastle.util.Pack; - -/** - * base implementation of MD4 family style digest as outlined in - * "Handbook of Applied Cryptography", pages 344 - 347. - */ -public abstract class GeneralDigest - implements ExtendedDigest, Memoable -{ - private static final int BYTE_LENGTH = 64; - - private final byte[] xBuf = new byte[4]; - private int xBufOff; - - private long byteCount; - - /** - * Standard constructor - */ - protected GeneralDigest() - { - xBufOff = 0; - } - - /** - * Copy constructor. We are using copy constructors in place - * of the Object.clone() interface as this interface is not - * supported by J2ME. - */ - protected GeneralDigest(GeneralDigest t) - { - copyIn(t); - } - - protected GeneralDigest(byte[] encodedState) - { - System.arraycopy(encodedState, 0, xBuf, 0, xBuf.length); - xBufOff = Pack.bigEndianToInt(encodedState, 4); - byteCount = Pack.bigEndianToLong(encodedState, 8); - } - - protected void copyIn(GeneralDigest t) - { - System.arraycopy(t.xBuf, 0, xBuf, 0, t.xBuf.length); - - xBufOff = t.xBufOff; - byteCount = t.byteCount; - } - - public void update( - byte in) - { - xBuf[xBufOff++] = in; - - if (xBufOff == xBuf.length) - { - processWord(xBuf, 0); - xBufOff = 0; - } - - byteCount++; - } - - public void update( - byte[] in, - int inOff, - int len) - { - // - // fill the current word - // - while ((xBufOff != 0) && (len > 0)) - { - update(in[inOff]); - - inOff++; - len--; - } - - // - // process whole words. - // - while (len > xBuf.length) - { - processWord(in, inOff); - - inOff += xBuf.length; - len -= xBuf.length; - byteCount += xBuf.length; - } - - // - // load in the remainder. - // - while (len > 0) - { - update(in[inOff]); - - inOff++; - len--; - } - } - - public void finish() - { - long bitLength = (byteCount << 3); - - // - // add the pad bytes. - // - update((byte)128); - - while (xBufOff != 0) - { - update((byte)0); - } - - processLength(bitLength); - - processBlock(); - } - - public void reset() - { - byteCount = 0; - - xBufOff = 0; - for (int i = 0; i < xBuf.length; i++) - { - xBuf[i] = 0; - } - } - - protected void populateState(byte[] state) - { - System.arraycopy(xBuf, 0, state, 0, xBufOff); - Pack.intToBigEndian(xBufOff, state, 4); - Pack.longToBigEndian(byteCount, state, 8); - } - - public int getByteLength() - { - return BYTE_LENGTH; - } - - protected abstract void processWord(byte[] in, int inOff); - - protected abstract void processLength(long bitLength); - - protected abstract void processBlock(); -} diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/LongDigest.java b/core/src/main/java/org/bouncycastle/crypto/digests/LongDigest.java deleted file mode 100644 index 8ea474b3..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/digests/LongDigest.java +++ /dev/null @@ -1,409 +0,0 @@ -package org.bouncycastle.crypto.digests; - -import org.bouncycastle.crypto.ExtendedDigest; -import org.bouncycastle.util.Memoable; -import org.bouncycastle.util.Pack; - -/** - * Base class for SHA-384 and SHA-512. - */ -public abstract class LongDigest - implements ExtendedDigest, Memoable, EncodableDigest -{ - private static final int BYTE_LENGTH = 128; - - private byte[] xBuf = new byte[8]; - private int xBufOff; - - private long byteCount1; - private long byteCount2; - - protected long H1, H2, H3, H4, H5, H6, H7, H8; - - private long[] W = new long[80]; - private int wOff; - - /** - * Constructor for variable length word - */ - protected LongDigest() - { - xBufOff = 0; - - reset(); - } - - /** - * Copy constructor. We are using copy constructors in place - * of the Object.clone() interface as this interface is not - * supported by J2ME. - */ - protected LongDigest(LongDigest t) - { - copyIn(t); - } - - protected void copyIn(LongDigest t) - { - System.arraycopy(t.xBuf, 0, xBuf, 0, t.xBuf.length); - - xBufOff = t.xBufOff; - byteCount1 = t.byteCount1; - byteCount2 = t.byteCount2; - - H1 = t.H1; - H2 = t.H2; - H3 = t.H3; - H4 = t.H4; - H5 = t.H5; - H6 = t.H6; - H7 = t.H7; - H8 = t.H8; - - System.arraycopy(t.W, 0, W, 0, t.W.length); - wOff = t.wOff; - } - - protected void populateState(byte[] state) - { - System.arraycopy(xBuf, 0, state, 0, xBufOff); - Pack.intToBigEndian(xBufOff, state, 8); - Pack.longToBigEndian(byteCount1, state, 12); - Pack.longToBigEndian(byteCount2, state, 20); - Pack.longToBigEndian(H1, state, 28); - Pack.longToBigEndian(H2, state, 36); - Pack.longToBigEndian(H3, state, 44); - Pack.longToBigEndian(H4, state, 52); - Pack.longToBigEndian(H5, state, 60); - Pack.longToBigEndian(H6, state, 68); - Pack.longToBigEndian(H7, state, 76); - Pack.longToBigEndian(H8, state, 84); - - Pack.intToBigEndian(wOff, state, 92); - for (int i = 0; i < wOff; i++) - { - Pack.longToBigEndian(W[i], state, 96 + (i * 8)); - } - } - - protected void restoreState(byte[] encodedState) - { - xBufOff = Pack.bigEndianToInt(encodedState, 8); - System.arraycopy(encodedState, 0, xBuf, 0, xBufOff); - byteCount1 = Pack.bigEndianToLong(encodedState, 12); - byteCount2 = Pack.bigEndianToLong(encodedState, 20); - - H1 = Pack.bigEndianToLong(encodedState, 28); - H2 = Pack.bigEndianToLong(encodedState, 36); - H3 = Pack.bigEndianToLong(encodedState, 44); - H4 = Pack.bigEndianToLong(encodedState, 52); - H5 = Pack.bigEndianToLong(encodedState, 60); - H6 = Pack.bigEndianToLong(encodedState, 68); - H7 = Pack.bigEndianToLong(encodedState, 76); - H8 = Pack.bigEndianToLong(encodedState, 84); - - wOff = Pack.bigEndianToInt(encodedState, 92); - for (int i = 0; i < wOff; i++) - { - W[i] = Pack.bigEndianToLong(encodedState, 96 + (i * 8)); - } - } - - protected int getEncodedStateSize() - { - return 96 + (wOff * 8); - } - - public void update( - byte in) - { - xBuf[xBufOff++] = in; - - if (xBufOff == xBuf.length) - { - processWord(xBuf, 0); - xBufOff = 0; - } - - byteCount1++; - } - - public void update( - byte[] in, - int inOff, - int len) - { - // - // fill the current word - // - while ((xBufOff != 0) && (len > 0)) - { - update(in[inOff]); - - inOff++; - len--; - } - - // - // process whole words. - // - while (len > xBuf.length) - { - processWord(in, inOff); - - inOff += xBuf.length; - len -= xBuf.length; - byteCount1 += xBuf.length; - } - - // - // load in the remainder. - // - while (len > 0) - { - update(in[inOff]); - - inOff++; - len--; - } - } - - public void finish() - { - adjustByteCounts(); - - long lowBitLength = byteCount1 << 3; - long hiBitLength = byteCount2; - - // - // add the pad bytes. - // - update((byte)128); - - while (xBufOff != 0) - { - update((byte)0); - } - - processLength(lowBitLength, hiBitLength); - - processBlock(); - } - - public void reset() - { - byteCount1 = 0; - byteCount2 = 0; - - xBufOff = 0; - for (int i = 0; i < xBuf.length; i++) - { - xBuf[i] = 0; - } - - wOff = 0; - for (int i = 0; i != W.length; i++) - { - W[i] = 0; - } - } - - public int getByteLength() - { - return BYTE_LENGTH; - } - - protected void processWord( - byte[] in, - int inOff) - { - W[wOff] = Pack.bigEndianToLong(in, inOff); - - if (++wOff == 16) - { - processBlock(); - } - } - - /** - * adjust the byte counts so that byteCount2 represents the - * upper long (less 3 bits) word of the byte count. - */ - private void adjustByteCounts() - { - if (byteCount1 > 0x1fffffffffffffffL) - { - byteCount2 += (byteCount1 >>> 61); - byteCount1 &= 0x1fffffffffffffffL; - } - } - - protected void processLength( - long lowW, - long hiW) - { - if (wOff > 14) - { - processBlock(); - } - - W[14] = hiW; - W[15] = lowW; - } - - protected void processBlock() - { - adjustByteCounts(); - - // - // expand 16 word block into 80 word blocks. - // - for (int t = 16; t <= 79; t++) - { - W[t] = Sigma1(W[t - 2]) + W[t - 7] + Sigma0(W[t - 15]) + W[t - 16]; - } - - // - // set up working variables. - // - long a = H1; - long b = H2; - long c = H3; - long d = H4; - long e = H5; - long f = H6; - long g = H7; - long h = H8; - - int t = 0; - for(int i = 0; i < 10; i ++) - { - // t = 8 * i - h += Sum1(e) + Ch(e, f, g) + K[t] + W[t++]; - d += h; - h += Sum0(a) + Maj(a, b, c); - - // t = 8 * i + 1 - g += Sum1(d) + Ch(d, e, f) + K[t] + W[t++]; - c += g; - g += Sum0(h) + Maj(h, a, b); - - // t = 8 * i + 2 - f += Sum1(c) + Ch(c, d, e) + K[t] + W[t++]; - b += f; - f += Sum0(g) + Maj(g, h, a); - - // t = 8 * i + 3 - e += Sum1(b) + Ch(b, c, d) + K[t] + W[t++]; - a += e; - e += Sum0(f) + Maj(f, g, h); - - // t = 8 * i + 4 - d += Sum1(a) + Ch(a, b, c) + K[t] + W[t++]; - h += d; - d += Sum0(e) + Maj(e, f, g); - - // t = 8 * i + 5 - c += Sum1(h) + Ch(h, a, b) + K[t] + W[t++]; - g += c; - c += Sum0(d) + Maj(d, e, f); - - // t = 8 * i + 6 - b += Sum1(g) + Ch(g, h, a) + K[t] + W[t++]; - f += b; - b += Sum0(c) + Maj(c, d, e); - - // t = 8 * i + 7 - a += Sum1(f) + Ch(f, g, h) + K[t] + W[t++]; - e += a; - a += Sum0(b) + Maj(b, c, d); - } - - H1 += a; - H2 += b; - H3 += c; - H4 += d; - H5 += e; - H6 += f; - H7 += g; - H8 += h; - - // - // reset the offset and clean out the word buffer. - // - wOff = 0; - for (int i = 0; i < 16; i++) - { - W[i] = 0; - } - } - - /* SHA-384 and SHA-512 functions (as for SHA-256 but for longs) */ - private long Ch( - long x, - long y, - long z) - { - return ((x & y) ^ ((~x) & z)); - } - - private long Maj( - long x, - long y, - long z) - { - return ((x & y) ^ (x & z) ^ (y & z)); - } - - private long Sum0( - long x) - { - return ((x << 36)|(x >>> 28)) ^ ((x << 30)|(x >>> 34)) ^ ((x << 25)|(x >>> 39)); - } - - private long Sum1( - long x) - { - return ((x << 50)|(x >>> 14)) ^ ((x << 46)|(x >>> 18)) ^ ((x << 23)|(x >>> 41)); - } - - private long Sigma0( - long x) - { - return ((x << 63)|(x >>> 1)) ^ ((x << 56)|(x >>> 8)) ^ (x >>> 7); - } - - private long Sigma1( - long x) - { - return ((x << 45)|(x >>> 19)) ^ ((x << 3)|(x >>> 61)) ^ (x >>> 6); - } - - /* SHA-384 and SHA-512 Constants - * (represent the first 64 bits of the fractional parts of the - * cube roots of the first sixty-four prime numbers) - */ - static final long K[] = { -0x428a2f98d728ae22L, 0x7137449123ef65cdL, 0xb5c0fbcfec4d3b2fL, 0xe9b5dba58189dbbcL, -0x3956c25bf348b538L, 0x59f111f1b605d019L, 0x923f82a4af194f9bL, 0xab1c5ed5da6d8118L, -0xd807aa98a3030242L, 0x12835b0145706fbeL, 0x243185be4ee4b28cL, 0x550c7dc3d5ffb4e2L, -0x72be5d74f27b896fL, 0x80deb1fe3b1696b1L, 0x9bdc06a725c71235L, 0xc19bf174cf692694L, -0xe49b69c19ef14ad2L, 0xefbe4786384f25e3L, 0x0fc19dc68b8cd5b5L, 0x240ca1cc77ac9c65L, -0x2de92c6f592b0275L, 0x4a7484aa6ea6e483L, 0x5cb0a9dcbd41fbd4L, 0x76f988da831153b5L, -0x983e5152ee66dfabL, 0xa831c66d2db43210L, 0xb00327c898fb213fL, 0xbf597fc7beef0ee4L, -0xc6e00bf33da88fc2L, 0xd5a79147930aa725L, 0x06ca6351e003826fL, 0x142929670a0e6e70L, -0x27b70a8546d22ffcL, 0x2e1b21385c26c926L, 0x4d2c6dfc5ac42aedL, 0x53380d139d95b3dfL, -0x650a73548baf63deL, 0x766a0abb3c77b2a8L, 0x81c2c92e47edaee6L, 0x92722c851482353bL, -0xa2bfe8a14cf10364L, 0xa81a664bbc423001L, 0xc24b8b70d0f89791L, 0xc76c51a30654be30L, -0xd192e819d6ef5218L, 0xd69906245565a910L, 0xf40e35855771202aL, 0x106aa07032bbd1b8L, -0x19a4c116b8d2d0c8L, 0x1e376c085141ab53L, 0x2748774cdf8eeb99L, 0x34b0bcb5e19b48a8L, -0x391c0cb3c5c95a63L, 0x4ed8aa4ae3418acbL, 0x5b9cca4f7763e373L, 0x682e6ff3d6b2b8a3L, -0x748f82ee5defb2fcL, 0x78a5636f43172f60L, 0x84c87814a1f0ab72L, 0x8cc702081a6439ecL, -0x90befffa23631e28L, 0xa4506cebde82bde9L, 0xbef9a3f7b2c67915L, 0xc67178f2e372532bL, -0xca273eceea26619cL, 0xd186b8c721c0c207L, 0xeada7dd6cde0eb1eL, 0xf57d4f7fee6ed178L, -0x06f067aa72176fbaL, 0x0a637dc5a2c898a6L, 0x113f9804bef90daeL, 0x1b710b35131c471bL, -0x28db77f523047d84L, 0x32caab7b40c72493L, 0x3c9ebe0a15c9bebcL, 0x431d67c49c100d4cL, -0x4cc5d4becb3e42b6L, 0x597f299cfc657e2aL, 0x5fcb6fab3ad6faecL, 0x6c44198c4a475817L - }; - -} diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/MD2Digest.java b/core/src/main/java/org/bouncycastle/crypto/digests/MD2Digest.java deleted file mode 100644 index f96b4a15..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/digests/MD2Digest.java +++ /dev/null @@ -1,258 +0,0 @@ -package org.bouncycastle.crypto.digests; - -import org.bouncycastle.crypto.*; -import org.bouncycastle.util.Memoable; - -/** - * implementation of MD2 - * as outlined in RFC1319 by B.Kaliski from RSA Laboratories April 1992 - */ -public class MD2Digest - implements ExtendedDigest, Memoable -{ - private static final int DIGEST_LENGTH = 16; - - /* X buffer */ - private byte[] X = new byte[48]; - private int xOff; - /* M buffer */ - private byte[] M = new byte[16]; - private int mOff; - /* check sum */ - private byte[] C = new byte[16]; - private int COff; - - public MD2Digest() - { - reset(); - } - - public MD2Digest(MD2Digest t) - { - copyIn(t); - } - - private void copyIn(MD2Digest t) - { - System.arraycopy(t.X, 0, X, 0, t.X.length); - xOff = t.xOff; - System.arraycopy(t.M, 0, M, 0, t.M.length); - mOff = t.mOff; - System.arraycopy(t.C, 0, C, 0, t.C.length); - COff = t.COff; - } - - /** - * return the algorithm name - * - * @return the algorithm name - */ - public String getAlgorithmName() - { - return "MD2"; - } - /** - * return the size, in bytes, of the digest produced by this message digest. - * - * @return the size, in bytes, of the digest produced by this message digest. - */ - public int getDigestSize() - { - return DIGEST_LENGTH; - } - /** - * close the digest, producing the final digest value. The doFinal - * call leaves the digest reset. - * - * @param out the array the digest is to be copied into. - * @param outOff the offset into the out array the digest is to start at. - */ - public int doFinal(byte[] out, int outOff) - { - // add padding - byte paddingByte = (byte)(M.length-mOff); - for (int i=mOff;i<M.length;i++) - { - M[i] = paddingByte; - } - //do final check sum - processCheckSum(M); - // do final block process - processBlock(M); - - processBlock(C); - - System.arraycopy(X,xOff,out,outOff,16); - - reset(); - - return DIGEST_LENGTH; - } - /** - * reset the digest back to it's initial state. - */ - public void reset() - { - xOff = 0; - for (int i = 0; i != X.length; i++) - { - X[i] = 0; - } - mOff = 0; - for (int i = 0; i != M.length; i++) - { - M[i] = 0; - } - COff = 0; - for (int i = 0; i != C.length; i++) - { - C[i] = 0; - } - } - /** - * update the message digest with a single byte. - * - * @param in the input byte to be entered. - */ - public void update(byte in) - { - M[mOff++] = in; - - if (mOff == 16) - { - processCheckSum(M); - processBlock(M); - mOff = 0; - } - } - - /** - * update the message digest with a block of bytes. - * - * @param in the byte array containing the data. - * @param inOff the offset into the byte array where the data starts. - * @param len the length of the data. - */ - public void update(byte[] in, int inOff, int len) - { - // - // fill the current word - // - while ((mOff != 0) && (len > 0)) - { - update(in[inOff]); - inOff++; - len--; - } - - // - // process whole words. - // - while (len > 16) - { - System.arraycopy(in,inOff,M,0,16); - processCheckSum(M); - processBlock(M); - len -= 16; - inOff += 16; - } - - // - // load in the remainder. - // - while (len > 0) - { - update(in[inOff]); - inOff++; - len--; - } - } - protected void processCheckSum(byte[] m) - { - int L = C[15]; - for (int i=0;i<16;i++) - { - C[i] ^= S[(m[i] ^ L) & 0xff]; - L = C[i]; - } - } - protected void processBlock(byte[] m) - { - for (int i=0;i<16;i++) - { - X[i+16] = m[i]; - X[i+32] = (byte)(m[i] ^ X[i]); - } - // encrypt block - int t = 0; - - for (int j=0;j<18;j++) - { - for (int k=0;k<48;k++) - { - t = X[k] ^= S[t]; - t = t & 0xff; - } - t = (t + j)%256; - } - } - // 256-byte random permutation constructed from the digits of PI - private static final byte[] S = { - (byte)41,(byte)46,(byte)67,(byte)201,(byte)162,(byte)216,(byte)124, - (byte)1,(byte)61,(byte)54,(byte)84,(byte)161,(byte)236,(byte)240, - (byte)6,(byte)19,(byte)98,(byte)167,(byte)5,(byte)243,(byte)192, - (byte)199,(byte)115,(byte)140,(byte)152,(byte)147,(byte)43,(byte)217, - (byte)188,(byte)76,(byte)130,(byte)202,(byte)30,(byte)155,(byte)87, - (byte)60,(byte)253,(byte)212,(byte)224,(byte)22,(byte)103,(byte)66, - (byte)111,(byte)24,(byte)138,(byte)23,(byte)229,(byte)18,(byte)190, - (byte)78,(byte)196,(byte)214,(byte)218,(byte)158,(byte)222,(byte)73, - (byte)160,(byte)251,(byte)245,(byte)142,(byte)187,(byte)47,(byte)238, - (byte)122,(byte)169,(byte)104,(byte)121,(byte)145,(byte)21,(byte)178, - (byte)7,(byte)63,(byte)148,(byte)194,(byte)16,(byte)137,(byte)11, - (byte)34,(byte)95,(byte)33,(byte)128,(byte)127,(byte)93,(byte)154, - (byte)90,(byte)144,(byte)50,(byte)39,(byte)53,(byte)62,(byte)204, - (byte)231,(byte)191,(byte)247,(byte)151,(byte)3,(byte)255,(byte)25, - (byte)48,(byte)179,(byte)72,(byte)165,(byte)181,(byte)209,(byte)215, - (byte)94,(byte)146,(byte)42,(byte)172,(byte)86,(byte)170,(byte)198, - (byte)79,(byte)184,(byte)56,(byte)210,(byte)150,(byte)164,(byte)125, - (byte)182,(byte)118,(byte)252,(byte)107,(byte)226,(byte)156,(byte)116, - (byte)4,(byte)241,(byte)69,(byte)157,(byte)112,(byte)89,(byte)100, - (byte)113,(byte)135,(byte)32,(byte)134,(byte)91,(byte)207,(byte)101, - (byte)230,(byte)45,(byte)168,(byte)2,(byte)27,(byte)96,(byte)37, - (byte)173,(byte)174,(byte)176,(byte)185,(byte)246,(byte)28,(byte)70, - (byte)97,(byte)105,(byte)52,(byte)64,(byte)126,(byte)15,(byte)85, - (byte)71,(byte)163,(byte)35,(byte)221,(byte)81,(byte)175,(byte)58, - (byte)195,(byte)92,(byte)249,(byte)206,(byte)186,(byte)197,(byte)234, - (byte)38,(byte)44,(byte)83,(byte)13,(byte)110,(byte)133,(byte)40, - (byte)132, 9,(byte)211,(byte)223,(byte)205,(byte)244,(byte)65, - (byte)129,(byte)77,(byte)82,(byte)106,(byte)220,(byte)55,(byte)200, - (byte)108,(byte)193,(byte)171,(byte)250,(byte)36,(byte)225,(byte)123, - (byte)8,(byte)12,(byte)189,(byte)177,(byte)74,(byte)120,(byte)136, - (byte)149,(byte)139,(byte)227,(byte)99,(byte)232,(byte)109,(byte)233, - (byte)203,(byte)213,(byte)254,(byte)59,(byte)0,(byte)29,(byte)57, - (byte)242,(byte)239,(byte)183,(byte)14,(byte)102,(byte)88,(byte)208, - (byte)228,(byte)166,(byte)119,(byte)114,(byte)248,(byte)235,(byte)117, - (byte)75,(byte)10,(byte)49,(byte)68,(byte)80,(byte)180,(byte)143, - (byte)237,(byte)31,(byte)26,(byte)219,(byte)153,(byte)141,(byte)51, - (byte)159,(byte)17,(byte)131,(byte)20 - }; - - public int getByteLength() - { - return 16; - } - - public Memoable copy() - { - return new MD2Digest(this); - } - - public void reset(Memoable other) - { - MD2Digest d = (MD2Digest)other; - - copyIn(d); - } -} - - diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/MD4Digest.java b/core/src/main/java/org/bouncycastle/crypto/digests/MD4Digest.java deleted file mode 100644 index 68532bd2..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/digests/MD4Digest.java +++ /dev/null @@ -1,291 +0,0 @@ -package org.bouncycastle.crypto.digests; - - -import org.bouncycastle.util.Memoable; - -/** - * implementation of MD4 as RFC 1320 by R. Rivest, MIT Laboratory for - * Computer Science and RSA Data Security, Inc. - * <p> - * <b>NOTE</b>: This algorithm is only included for backwards compatability - * with legacy applications, it's not secure, don't use it for anything new! - */ -public class MD4Digest - extends GeneralDigest -{ - private static final int DIGEST_LENGTH = 16; - - private int H1, H2, H3, H4; // IV's - - private int[] X = new int[16]; - private int xOff; - - /** - * Standard constructor - */ - public MD4Digest() - { - reset(); - } - - /** - * Copy constructor. This will copy the state of the provided - * message digest. - */ - public MD4Digest(MD4Digest t) - { - super(t); - - copyIn(t); - } - - private void copyIn(MD4Digest t) - { - super.copyIn(t); - - H1 = t.H1; - H2 = t.H2; - H3 = t.H3; - H4 = t.H4; - - System.arraycopy(t.X, 0, X, 0, t.X.length); - xOff = t.xOff; - } - - public String getAlgorithmName() - { - return "MD4"; - } - - public int getDigestSize() - { - return DIGEST_LENGTH; - } - - protected void processWord( - byte[] in, - int inOff) - { - X[xOff++] = (in[inOff] & 0xff) | ((in[inOff + 1] & 0xff) << 8) - | ((in[inOff + 2] & 0xff) << 16) | ((in[inOff + 3] & 0xff) << 24); - - if (xOff == 16) - { - processBlock(); - } - } - - protected void processLength( - long bitLength) - { - if (xOff > 14) - { - processBlock(); - } - - X[14] = (int)(bitLength & 0xffffffff); - X[15] = (int)(bitLength >>> 32); - } - - private void unpackWord( - int word, - byte[] out, - int outOff) - { - out[outOff] = (byte)word; - out[outOff + 1] = (byte)(word >>> 8); - out[outOff + 2] = (byte)(word >>> 16); - out[outOff + 3] = (byte)(word >>> 24); - } - - public int doFinal( - byte[] out, - int outOff) - { - finish(); - - unpackWord(H1, out, outOff); - unpackWord(H2, out, outOff + 4); - unpackWord(H3, out, outOff + 8); - unpackWord(H4, out, outOff + 12); - - reset(); - - return DIGEST_LENGTH; - } - - /** - * reset the chaining variables to the IV values. - */ - public void reset() - { - super.reset(); - - H1 = 0x67452301; - H2 = 0xefcdab89; - H3 = 0x98badcfe; - H4 = 0x10325476; - - xOff = 0; - - for (int i = 0; i != X.length; i++) - { - X[i] = 0; - } - } - - // - // round 1 left rotates - // - private static final int S11 = 3; - private static final int S12 = 7; - private static final int S13 = 11; - private static final int S14 = 19; - - // - // round 2 left rotates - // - private static final int S21 = 3; - private static final int S22 = 5; - private static final int S23 = 9; - private static final int S24 = 13; - - // - // round 3 left rotates - // - private static final int S31 = 3; - private static final int S32 = 9; - private static final int S33 = 11; - private static final int S34 = 15; - - /* - * rotate int x left n bits. - */ - private int rotateLeft( - int x, - int n) - { - return (x << n) | (x >>> (32 - n)); - } - - /* - * F, G, H and I are the basic MD4 functions. - */ - private int F( - int u, - int v, - int w) - { - return (u & v) | (~u & w); - } - - private int G( - int u, - int v, - int w) - { - return (u & v) | (u & w) | (v & w); - } - - private int H( - int u, - int v, - int w) - { - return u ^ v ^ w; - } - - protected void processBlock() - { - int a = H1; - int b = H2; - int c = H3; - int d = H4; - - // - // Round 1 - F cycle, 16 times. - // - a = rotateLeft(a + F(b, c, d) + X[ 0], S11); - d = rotateLeft(d + F(a, b, c) + X[ 1], S12); - c = rotateLeft(c + F(d, a, b) + X[ 2], S13); - b = rotateLeft(b + F(c, d, a) + X[ 3], S14); - a = rotateLeft(a + F(b, c, d) + X[ 4], S11); - d = rotateLeft(d + F(a, b, c) + X[ 5], S12); - c = rotateLeft(c + F(d, a, b) + X[ 6], S13); - b = rotateLeft(b + F(c, d, a) + X[ 7], S14); - a = rotateLeft(a + F(b, c, d) + X[ 8], S11); - d = rotateLeft(d + F(a, b, c) + X[ 9], S12); - c = rotateLeft(c + F(d, a, b) + X[10], S13); - b = rotateLeft(b + F(c, d, a) + X[11], S14); - a = rotateLeft(a + F(b, c, d) + X[12], S11); - d = rotateLeft(d + F(a, b, c) + X[13], S12); - c = rotateLeft(c + F(d, a, b) + X[14], S13); - b = rotateLeft(b + F(c, d, a) + X[15], S14); - - // - // Round 2 - G cycle, 16 times. - // - a = rotateLeft(a + G(b, c, d) + X[ 0] + 0x5a827999, S21); - d = rotateLeft(d + G(a, b, c) + X[ 4] + 0x5a827999, S22); - c = rotateLeft(c + G(d, a, b) + X[ 8] + 0x5a827999, S23); - b = rotateLeft(b + G(c, d, a) + X[12] + 0x5a827999, S24); - a = rotateLeft(a + G(b, c, d) + X[ 1] + 0x5a827999, S21); - d = rotateLeft(d + G(a, b, c) + X[ 5] + 0x5a827999, S22); - c = rotateLeft(c + G(d, a, b) + X[ 9] + 0x5a827999, S23); - b = rotateLeft(b + G(c, d, a) + X[13] + 0x5a827999, S24); - a = rotateLeft(a + G(b, c, d) + X[ 2] + 0x5a827999, S21); - d = rotateLeft(d + G(a, b, c) + X[ 6] + 0x5a827999, S22); - c = rotateLeft(c + G(d, a, b) + X[10] + 0x5a827999, S23); - b = rotateLeft(b + G(c, d, a) + X[14] + 0x5a827999, S24); - a = rotateLeft(a + G(b, c, d) + X[ 3] + 0x5a827999, S21); - d = rotateLeft(d + G(a, b, c) + X[ 7] + 0x5a827999, S22); - c = rotateLeft(c + G(d, a, b) + X[11] + 0x5a827999, S23); - b = rotateLeft(b + G(c, d, a) + X[15] + 0x5a827999, S24); - - // - // Round 3 - H cycle, 16 times. - // - a = rotateLeft(a + H(b, c, d) + X[ 0] + 0x6ed9eba1, S31); - d = rotateLeft(d + H(a, b, c) + X[ 8] + 0x6ed9eba1, S32); - c = rotateLeft(c + H(d, a, b) + X[ 4] + 0x6ed9eba1, S33); - b = rotateLeft(b + H(c, d, a) + X[12] + 0x6ed9eba1, S34); - a = rotateLeft(a + H(b, c, d) + X[ 2] + 0x6ed9eba1, S31); - d = rotateLeft(d + H(a, b, c) + X[10] + 0x6ed9eba1, S32); - c = rotateLeft(c + H(d, a, b) + X[ 6] + 0x6ed9eba1, S33); - b = rotateLeft(b + H(c, d, a) + X[14] + 0x6ed9eba1, S34); - a = rotateLeft(a + H(b, c, d) + X[ 1] + 0x6ed9eba1, S31); - d = rotateLeft(d + H(a, b, c) + X[ 9] + 0x6ed9eba1, S32); - c = rotateLeft(c + H(d, a, b) + X[ 5] + 0x6ed9eba1, S33); - b = rotateLeft(b + H(c, d, a) + X[13] + 0x6ed9eba1, S34); - a = rotateLeft(a + H(b, c, d) + X[ 3] + 0x6ed9eba1, S31); - d = rotateLeft(d + H(a, b, c) + X[11] + 0x6ed9eba1, S32); - c = rotateLeft(c + H(d, a, b) + X[ 7] + 0x6ed9eba1, S33); - b = rotateLeft(b + H(c, d, a) + X[15] + 0x6ed9eba1, S34); - - H1 += a; - H2 += b; - H3 += c; - H4 += d; - - // - // reset the offset and clean out the word buffer. - // - xOff = 0; - for (int i = 0; i != X.length; i++) - { - X[i] = 0; - } - } - - public Memoable copy() - { - return new MD4Digest(this); - } - - public void reset(Memoable other) - { - MD4Digest d = (MD4Digest)other; - - copyIn(d); - } -} diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/MD5Digest.java b/core/src/main/java/org/bouncycastle/crypto/digests/MD5Digest.java deleted file mode 100644 index ff9cedf0..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/digests/MD5Digest.java +++ /dev/null @@ -1,323 +0,0 @@ -package org.bouncycastle.crypto.digests; - - -import org.bouncycastle.util.Memoable; - -/** - * implementation of MD5 as outlined in "Handbook of Applied Cryptography", pages 346 - 347. - */ -public class MD5Digest - extends GeneralDigest -{ - private static final int DIGEST_LENGTH = 16; - - private int H1, H2, H3, H4; // IV's - - private int[] X = new int[16]; - private int xOff; - - /** - * Standard constructor - */ - public MD5Digest() - { - reset(); - } - - /** - * Copy constructor. This will copy the state of the provided - * message digest. - */ - public MD5Digest(MD5Digest t) - { - super(t); - - copyIn(t); - } - - private void copyIn(MD5Digest t) - { - super.copyIn(t); - - H1 = t.H1; - H2 = t.H2; - H3 = t.H3; - H4 = t.H4; - - System.arraycopy(t.X, 0, X, 0, t.X.length); - xOff = t.xOff; - } - - public String getAlgorithmName() - { - return "MD5"; - } - - public int getDigestSize() - { - return DIGEST_LENGTH; - } - - protected void processWord( - byte[] in, - int inOff) - { - X[xOff++] = (in[inOff] & 0xff) | ((in[inOff + 1] & 0xff) << 8) - | ((in[inOff + 2] & 0xff) << 16) | ((in[inOff + 3] & 0xff) << 24); - - if (xOff == 16) - { - processBlock(); - } - } - - protected void processLength( - long bitLength) - { - if (xOff > 14) - { - processBlock(); - } - - X[14] = (int)(bitLength & 0xffffffff); - X[15] = (int)(bitLength >>> 32); - } - - private void unpackWord( - int word, - byte[] out, - int outOff) - { - out[outOff] = (byte)word; - out[outOff + 1] = (byte)(word >>> 8); - out[outOff + 2] = (byte)(word >>> 16); - out[outOff + 3] = (byte)(word >>> 24); - } - - public int doFinal( - byte[] out, - int outOff) - { - finish(); - - unpackWord(H1, out, outOff); - unpackWord(H2, out, outOff + 4); - unpackWord(H3, out, outOff + 8); - unpackWord(H4, out, outOff + 12); - - reset(); - - return DIGEST_LENGTH; - } - - /** - * reset the chaining variables to the IV values. - */ - public void reset() - { - super.reset(); - - H1 = 0x67452301; - H2 = 0xefcdab89; - H3 = 0x98badcfe; - H4 = 0x10325476; - - xOff = 0; - - for (int i = 0; i != X.length; i++) - { - X[i] = 0; - } - } - - // - // round 1 left rotates - // - private static final int S11 = 7; - private static final int S12 = 12; - private static final int S13 = 17; - private static final int S14 = 22; - - // - // round 2 left rotates - // - private static final int S21 = 5; - private static final int S22 = 9; - private static final int S23 = 14; - private static final int S24 = 20; - - // - // round 3 left rotates - // - private static final int S31 = 4; - private static final int S32 = 11; - private static final int S33 = 16; - private static final int S34 = 23; - - // - // round 4 left rotates - // - private static final int S41 = 6; - private static final int S42 = 10; - private static final int S43 = 15; - private static final int S44 = 21; - - /* - * rotate int x left n bits. - */ - private int rotateLeft( - int x, - int n) - { - return (x << n) | (x >>> (32 - n)); - } - - /* - * F, G, H and I are the basic MD5 functions. - */ - private int F( - int u, - int v, - int w) - { - return (u & v) | (~u & w); - } - - private int G( - int u, - int v, - int w) - { - return (u & w) | (v & ~w); - } - - private int H( - int u, - int v, - int w) - { - return u ^ v ^ w; - } - - private int K( - int u, - int v, - int w) - { - return v ^ (u | ~w); - } - - protected void processBlock() - { - int a = H1; - int b = H2; - int c = H3; - int d = H4; - - // - // Round 1 - F cycle, 16 times. - // - a = rotateLeft(a + F(b, c, d) + X[ 0] + 0xd76aa478, S11) + b; - d = rotateLeft(d + F(a, b, c) + X[ 1] + 0xe8c7b756, S12) + a; - c = rotateLeft(c + F(d, a, b) + X[ 2] + 0x242070db, S13) + d; - b = rotateLeft(b + F(c, d, a) + X[ 3] + 0xc1bdceee, S14) + c; - a = rotateLeft(a + F(b, c, d) + X[ 4] + 0xf57c0faf, S11) + b; - d = rotateLeft(d + F(a, b, c) + X[ 5] + 0x4787c62a, S12) + a; - c = rotateLeft(c + F(d, a, b) + X[ 6] + 0xa8304613, S13) + d; - b = rotateLeft(b + F(c, d, a) + X[ 7] + 0xfd469501, S14) + c; - a = rotateLeft(a + F(b, c, d) + X[ 8] + 0x698098d8, S11) + b; - d = rotateLeft(d + F(a, b, c) + X[ 9] + 0x8b44f7af, S12) + a; - c = rotateLeft(c + F(d, a, b) + X[10] + 0xffff5bb1, S13) + d; - b = rotateLeft(b + F(c, d, a) + X[11] + 0x895cd7be, S14) + c; - a = rotateLeft(a + F(b, c, d) + X[12] + 0x6b901122, S11) + b; - d = rotateLeft(d + F(a, b, c) + X[13] + 0xfd987193, S12) + a; - c = rotateLeft(c + F(d, a, b) + X[14] + 0xa679438e, S13) + d; - b = rotateLeft(b + F(c, d, a) + X[15] + 0x49b40821, S14) + c; - - // - // Round 2 - G cycle, 16 times. - // - a = rotateLeft(a + G(b, c, d) + X[ 1] + 0xf61e2562, S21) + b; - d = rotateLeft(d + G(a, b, c) + X[ 6] + 0xc040b340, S22) + a; - c = rotateLeft(c + G(d, a, b) + X[11] + 0x265e5a51, S23) + d; - b = rotateLeft(b + G(c, d, a) + X[ 0] + 0xe9b6c7aa, S24) + c; - a = rotateLeft(a + G(b, c, d) + X[ 5] + 0xd62f105d, S21) + b; - d = rotateLeft(d + G(a, b, c) + X[10] + 0x02441453, S22) + a; - c = rotateLeft(c + G(d, a, b) + X[15] + 0xd8a1e681, S23) + d; - b = rotateLeft(b + G(c, d, a) + X[ 4] + 0xe7d3fbc8, S24) + c; - a = rotateLeft(a + G(b, c, d) + X[ 9] + 0x21e1cde6, S21) + b; - d = rotateLeft(d + G(a, b, c) + X[14] + 0xc33707d6, S22) + a; - c = rotateLeft(c + G(d, a, b) + X[ 3] + 0xf4d50d87, S23) + d; - b = rotateLeft(b + G(c, d, a) + X[ 8] + 0x455a14ed, S24) + c; - a = rotateLeft(a + G(b, c, d) + X[13] + 0xa9e3e905, S21) + b; - d = rotateLeft(d + G(a, b, c) + X[ 2] + 0xfcefa3f8, S22) + a; - c = rotateLeft(c + G(d, a, b) + X[ 7] + 0x676f02d9, S23) + d; - b = rotateLeft(b + G(c, d, a) + X[12] + 0x8d2a4c8a, S24) + c; - - // - // Round 3 - H cycle, 16 times. - // - a = rotateLeft(a + H(b, c, d) + X[ 5] + 0xfffa3942, S31) + b; - d = rotateLeft(d + H(a, b, c) + X[ 8] + 0x8771f681, S32) + a; - c = rotateLeft(c + H(d, a, b) + X[11] + 0x6d9d6122, S33) + d; - b = rotateLeft(b + H(c, d, a) + X[14] + 0xfde5380c, S34) + c; - a = rotateLeft(a + H(b, c, d) + X[ 1] + 0xa4beea44, S31) + b; - d = rotateLeft(d + H(a, b, c) + X[ 4] + 0x4bdecfa9, S32) + a; - c = rotateLeft(c + H(d, a, b) + X[ 7] + 0xf6bb4b60, S33) + d; - b = rotateLeft(b + H(c, d, a) + X[10] + 0xbebfbc70, S34) + c; - a = rotateLeft(a + H(b, c, d) + X[13] + 0x289b7ec6, S31) + b; - d = rotateLeft(d + H(a, b, c) + X[ 0] + 0xeaa127fa, S32) + a; - c = rotateLeft(c + H(d, a, b) + X[ 3] + 0xd4ef3085, S33) + d; - b = rotateLeft(b + H(c, d, a) + X[ 6] + 0x04881d05, S34) + c; - a = rotateLeft(a + H(b, c, d) + X[ 9] + 0xd9d4d039, S31) + b; - d = rotateLeft(d + H(a, b, c) + X[12] + 0xe6db99e5, S32) + a; - c = rotateLeft(c + H(d, a, b) + X[15] + 0x1fa27cf8, S33) + d; - b = rotateLeft(b + H(c, d, a) + X[ 2] + 0xc4ac5665, S34) + c; - - // - // Round 4 - K cycle, 16 times. - // - a = rotateLeft(a + K(b, c, d) + X[ 0] + 0xf4292244, S41) + b; - d = rotateLeft(d + K(a, b, c) + X[ 7] + 0x432aff97, S42) + a; - c = rotateLeft(c + K(d, a, b) + X[14] + 0xab9423a7, S43) + d; - b = rotateLeft(b + K(c, d, a) + X[ 5] + 0xfc93a039, S44) + c; - a = rotateLeft(a + K(b, c, d) + X[12] + 0x655b59c3, S41) + b; - d = rotateLeft(d + K(a, b, c) + X[ 3] + 0x8f0ccc92, S42) + a; - c = rotateLeft(c + K(d, a, b) + X[10] + 0xffeff47d, S43) + d; - b = rotateLeft(b + K(c, d, a) + X[ 1] + 0x85845dd1, S44) + c; - a = rotateLeft(a + K(b, c, d) + X[ 8] + 0x6fa87e4f, S41) + b; - d = rotateLeft(d + K(a, b, c) + X[15] + 0xfe2ce6e0, S42) + a; - c = rotateLeft(c + K(d, a, b) + X[ 6] + 0xa3014314, S43) + d; - b = rotateLeft(b + K(c, d, a) + X[13] + 0x4e0811a1, S44) + c; - a = rotateLeft(a + K(b, c, d) + X[ 4] + 0xf7537e82, S41) + b; - d = rotateLeft(d + K(a, b, c) + X[11] + 0xbd3af235, S42) + a; - c = rotateLeft(c + K(d, a, b) + X[ 2] + 0x2ad7d2bb, S43) + d; - b = rotateLeft(b + K(c, d, a) + X[ 9] + 0xeb86d391, S44) + c; - - H1 += a; - H2 += b; - H3 += c; - H4 += d; - - // - // reset the offset and clean out the word buffer. - // - xOff = 0; - for (int i = 0; i != X.length; i++) - { - X[i] = 0; - } - } - - public Memoable copy() - { - return new MD5Digest(this); - } - - public void reset(Memoable other) - { - MD5Digest d = (MD5Digest)other; - - copyIn(d); - } -} diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/NonMemoableDigest.java b/core/src/main/java/org/bouncycastle/crypto/digests/NonMemoableDigest.java deleted file mode 100644 index 87a4d249..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/digests/NonMemoableDigest.java +++ /dev/null @@ -1,64 +0,0 @@ -package org.bouncycastle.crypto.digests; - -import org.bouncycastle.crypto.ExtendedDigest; - -/** - * Wrapper removes exposure to the Memoable interface on an ExtendedDigest implementation. - */ -public class NonMemoableDigest - implements ExtendedDigest -{ - private ExtendedDigest baseDigest; - - /** - * Base constructor. - * - * @param baseDigest underlying digest to use. - * @exception IllegalArgumentException if baseDigest is null - */ - public NonMemoableDigest( - ExtendedDigest baseDigest) - { - if (baseDigest == null) - { - throw new IllegalArgumentException("baseDigest must not be null"); - } - - this.baseDigest = baseDigest; - } - - public String getAlgorithmName() - { - return baseDigest.getAlgorithmName(); - } - - public int getDigestSize() - { - return baseDigest.getDigestSize(); - } - - public void update(byte in) - { - baseDigest.update(in); - } - - public void update(byte[] in, int inOff, int len) - { - baseDigest.update(in, inOff, len); - } - - public int doFinal(byte[] out, int outOff) - { - return baseDigest.doFinal(out, outOff); - } - - public void reset() - { - baseDigest.reset(); - } - - public int getByteLength() - { - return baseDigest.getByteLength(); - } -} diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/NullDigest.java b/core/src/main/java/org/bouncycastle/crypto/digests/NullDigest.java deleted file mode 100644 index 6cb0d4ac..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/digests/NullDigest.java +++ /dev/null @@ -1,48 +0,0 @@ -package org.bouncycastle.crypto.digests; - -import java.io.ByteArrayOutputStream; - -import org.bouncycastle.crypto.Digest; - - -public class NullDigest - implements Digest -{ - private ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - public String getAlgorithmName() - { - return "NULL"; - } - - public int getDigestSize() - { - return bOut.size(); - } - - public void update(byte in) - { - bOut.write(in); - } - - public void update(byte[] in, int inOff, int len) - { - bOut.write(in, inOff, len); - } - - public int doFinal(byte[] out, int outOff) - { - byte[] res = bOut.toByteArray(); - - System.arraycopy(res, 0, out, outOff, res.length); - - reset(); - - return res.length; - } - - public void reset() - { - bOut.reset(); - } -}
\ No newline at end of file diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/RIPEMD128Digest.java b/core/src/main/java/org/bouncycastle/crypto/digests/RIPEMD128Digest.java deleted file mode 100644 index ec7fa859..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/digests/RIPEMD128Digest.java +++ /dev/null @@ -1,482 +0,0 @@ -package org.bouncycastle.crypto.digests; - - -import org.bouncycastle.util.Memoable; - -/** - * implementation of RIPEMD128 - */ -public class RIPEMD128Digest - extends GeneralDigest -{ - private static final int DIGEST_LENGTH = 16; - - private int H0, H1, H2, H3; // IV's - - private int[] X = new int[16]; - private int xOff; - - /** - * Standard constructor - */ - public RIPEMD128Digest() - { - reset(); - } - - /** - * Copy constructor. This will copy the state of the provided - * message digest. - */ - public RIPEMD128Digest(RIPEMD128Digest t) - { - super(t); - - copyIn(t); - } - - private void copyIn(RIPEMD128Digest t) - { - super.copyIn(t); - - H0 = t.H0; - H1 = t.H1; - H2 = t.H2; - H3 = t.H3; - - System.arraycopy(t.X, 0, X, 0, t.X.length); - xOff = t.xOff; - } - - public String getAlgorithmName() - { - return "RIPEMD128"; - } - - public int getDigestSize() - { - return DIGEST_LENGTH; - } - - protected void processWord( - byte[] in, - int inOff) - { - X[xOff++] = (in[inOff] & 0xff) | ((in[inOff + 1] & 0xff) << 8) - | ((in[inOff + 2] & 0xff) << 16) | ((in[inOff + 3] & 0xff) << 24); - - if (xOff == 16) - { - processBlock(); - } - } - - protected void processLength( - long bitLength) - { - if (xOff > 14) - { - processBlock(); - } - - X[14] = (int)(bitLength & 0xffffffff); - X[15] = (int)(bitLength >>> 32); - } - - private void unpackWord( - int word, - byte[] out, - int outOff) - { - out[outOff] = (byte)word; - out[outOff + 1] = (byte)(word >>> 8); - out[outOff + 2] = (byte)(word >>> 16); - out[outOff + 3] = (byte)(word >>> 24); - } - - public int doFinal( - byte[] out, - int outOff) - { - finish(); - - unpackWord(H0, out, outOff); - unpackWord(H1, out, outOff + 4); - unpackWord(H2, out, outOff + 8); - unpackWord(H3, out, outOff + 12); - - reset(); - - return DIGEST_LENGTH; - } - - /** - * reset the chaining variables to the IV values. - */ - public void reset() - { - super.reset(); - - H0 = 0x67452301; - H1 = 0xefcdab89; - H2 = 0x98badcfe; - H3 = 0x10325476; - - xOff = 0; - - for (int i = 0; i != X.length; i++) - { - X[i] = 0; - } - } - - /* - * rotate int x left n bits. - */ - private int RL( - int x, - int n) - { - return (x << n) | (x >>> (32 - n)); - } - - /* - * f1,f2,f3,f4 are the basic RIPEMD128 functions. - */ - - /* - * F - */ - private int f1( - int x, - int y, - int z) - { - return x ^ y ^ z; - } - - /* - * G - */ - private int f2( - int x, - int y, - int z) - { - return (x & y) | (~x & z); - } - - /* - * H - */ - private int f3( - int x, - int y, - int z) - { - return (x | ~y) ^ z; - } - - /* - * I - */ - private int f4( - int x, - int y, - int z) - { - return (x & z) | (y & ~z); - } - - private int F1( - int a, - int b, - int c, - int d, - int x, - int s) - { - return RL(a + f1(b, c, d) + x, s); - } - - private int F2( - int a, - int b, - int c, - int d, - int x, - int s) - { - return RL(a + f2(b, c, d) + x + 0x5a827999, s); - } - - private int F3( - int a, - int b, - int c, - int d, - int x, - int s) - { - return RL(a + f3(b, c, d) + x + 0x6ed9eba1, s); - } - - private int F4( - int a, - int b, - int c, - int d, - int x, - int s) - { - return RL(a + f4(b, c, d) + x + 0x8f1bbcdc, s); - } - - private int FF1( - int a, - int b, - int c, - int d, - int x, - int s) - { - return RL(a + f1(b, c, d) + x, s); - } - - private int FF2( - int a, - int b, - int c, - int d, - int x, - int s) - { - return RL(a + f2(b, c, d) + x + 0x6d703ef3, s); - } - - private int FF3( - int a, - int b, - int c, - int d, - int x, - int s) - { - return RL(a + f3(b, c, d) + x + 0x5c4dd124, s); - } - - private int FF4( - int a, - int b, - int c, - int d, - int x, - int s) - { - return RL(a + f4(b, c, d) + x + 0x50a28be6, s); - } - - protected void processBlock() - { - int a, aa; - int b, bb; - int c, cc; - int d, dd; - - a = aa = H0; - b = bb = H1; - c = cc = H2; - d = dd = H3; - - // - // Round 1 - // - a = F1(a, b, c, d, X[ 0], 11); - d = F1(d, a, b, c, X[ 1], 14); - c = F1(c, d, a, b, X[ 2], 15); - b = F1(b, c, d, a, X[ 3], 12); - a = F1(a, b, c, d, X[ 4], 5); - d = F1(d, a, b, c, X[ 5], 8); - c = F1(c, d, a, b, X[ 6], 7); - b = F1(b, c, d, a, X[ 7], 9); - a = F1(a, b, c, d, X[ 8], 11); - d = F1(d, a, b, c, X[ 9], 13); - c = F1(c, d, a, b, X[10], 14); - b = F1(b, c, d, a, X[11], 15); - a = F1(a, b, c, d, X[12], 6); - d = F1(d, a, b, c, X[13], 7); - c = F1(c, d, a, b, X[14], 9); - b = F1(b, c, d, a, X[15], 8); - - // - // Round 2 - // - a = F2(a, b, c, d, X[ 7], 7); - d = F2(d, a, b, c, X[ 4], 6); - c = F2(c, d, a, b, X[13], 8); - b = F2(b, c, d, a, X[ 1], 13); - a = F2(a, b, c, d, X[10], 11); - d = F2(d, a, b, c, X[ 6], 9); - c = F2(c, d, a, b, X[15], 7); - b = F2(b, c, d, a, X[ 3], 15); - a = F2(a, b, c, d, X[12], 7); - d = F2(d, a, b, c, X[ 0], 12); - c = F2(c, d, a, b, X[ 9], 15); - b = F2(b, c, d, a, X[ 5], 9); - a = F2(a, b, c, d, X[ 2], 11); - d = F2(d, a, b, c, X[14], 7); - c = F2(c, d, a, b, X[11], 13); - b = F2(b, c, d, a, X[ 8], 12); - - // - // Round 3 - // - a = F3(a, b, c, d, X[ 3], 11); - d = F3(d, a, b, c, X[10], 13); - c = F3(c, d, a, b, X[14], 6); - b = F3(b, c, d, a, X[ 4], 7); - a = F3(a, b, c, d, X[ 9], 14); - d = F3(d, a, b, c, X[15], 9); - c = F3(c, d, a, b, X[ 8], 13); - b = F3(b, c, d, a, X[ 1], 15); - a = F3(a, b, c, d, X[ 2], 14); - d = F3(d, a, b, c, X[ 7], 8); - c = F3(c, d, a, b, X[ 0], 13); - b = F3(b, c, d, a, X[ 6], 6); - a = F3(a, b, c, d, X[13], 5); - d = F3(d, a, b, c, X[11], 12); - c = F3(c, d, a, b, X[ 5], 7); - b = F3(b, c, d, a, X[12], 5); - - // - // Round 4 - // - a = F4(a, b, c, d, X[ 1], 11); - d = F4(d, a, b, c, X[ 9], 12); - c = F4(c, d, a, b, X[11], 14); - b = F4(b, c, d, a, X[10], 15); - a = F4(a, b, c, d, X[ 0], 14); - d = F4(d, a, b, c, X[ 8], 15); - c = F4(c, d, a, b, X[12], 9); - b = F4(b, c, d, a, X[ 4], 8); - a = F4(a, b, c, d, X[13], 9); - d = F4(d, a, b, c, X[ 3], 14); - c = F4(c, d, a, b, X[ 7], 5); - b = F4(b, c, d, a, X[15], 6); - a = F4(a, b, c, d, X[14], 8); - d = F4(d, a, b, c, X[ 5], 6); - c = F4(c, d, a, b, X[ 6], 5); - b = F4(b, c, d, a, X[ 2], 12); - - // - // Parallel round 1 - // - aa = FF4(aa, bb, cc, dd, X[ 5], 8); - dd = FF4(dd, aa, bb, cc, X[14], 9); - cc = FF4(cc, dd, aa, bb, X[ 7], 9); - bb = FF4(bb, cc, dd, aa, X[ 0], 11); - aa = FF4(aa, bb, cc, dd, X[ 9], 13); - dd = FF4(dd, aa, bb, cc, X[ 2], 15); - cc = FF4(cc, dd, aa, bb, X[11], 15); - bb = FF4(bb, cc, dd, aa, X[ 4], 5); - aa = FF4(aa, bb, cc, dd, X[13], 7); - dd = FF4(dd, aa, bb, cc, X[ 6], 7); - cc = FF4(cc, dd, aa, bb, X[15], 8); - bb = FF4(bb, cc, dd, aa, X[ 8], 11); - aa = FF4(aa, bb, cc, dd, X[ 1], 14); - dd = FF4(dd, aa, bb, cc, X[10], 14); - cc = FF4(cc, dd, aa, bb, X[ 3], 12); - bb = FF4(bb, cc, dd, aa, X[12], 6); - - // - // Parallel round 2 - // - aa = FF3(aa, bb, cc, dd, X[ 6], 9); - dd = FF3(dd, aa, bb, cc, X[11], 13); - cc = FF3(cc, dd, aa, bb, X[ 3], 15); - bb = FF3(bb, cc, dd, aa, X[ 7], 7); - aa = FF3(aa, bb, cc, dd, X[ 0], 12); - dd = FF3(dd, aa, bb, cc, X[13], 8); - cc = FF3(cc, dd, aa, bb, X[ 5], 9); - bb = FF3(bb, cc, dd, aa, X[10], 11); - aa = FF3(aa, bb, cc, dd, X[14], 7); - dd = FF3(dd, aa, bb, cc, X[15], 7); - cc = FF3(cc, dd, aa, bb, X[ 8], 12); - bb = FF3(bb, cc, dd, aa, X[12], 7); - aa = FF3(aa, bb, cc, dd, X[ 4], 6); - dd = FF3(dd, aa, bb, cc, X[ 9], 15); - cc = FF3(cc, dd, aa, bb, X[ 1], 13); - bb = FF3(bb, cc, dd, aa, X[ 2], 11); - - // - // Parallel round 3 - // - aa = FF2(aa, bb, cc, dd, X[15], 9); - dd = FF2(dd, aa, bb, cc, X[ 5], 7); - cc = FF2(cc, dd, aa, bb, X[ 1], 15); - bb = FF2(bb, cc, dd, aa, X[ 3], 11); - aa = FF2(aa, bb, cc, dd, X[ 7], 8); - dd = FF2(dd, aa, bb, cc, X[14], 6); - cc = FF2(cc, dd, aa, bb, X[ 6], 6); - bb = FF2(bb, cc, dd, aa, X[ 9], 14); - aa = FF2(aa, bb, cc, dd, X[11], 12); - dd = FF2(dd, aa, bb, cc, X[ 8], 13); - cc = FF2(cc, dd, aa, bb, X[12], 5); - bb = FF2(bb, cc, dd, aa, X[ 2], 14); - aa = FF2(aa, bb, cc, dd, X[10], 13); - dd = FF2(dd, aa, bb, cc, X[ 0], 13); - cc = FF2(cc, dd, aa, bb, X[ 4], 7); - bb = FF2(bb, cc, dd, aa, X[13], 5); - - // - // Parallel round 4 - // - aa = FF1(aa, bb, cc, dd, X[ 8], 15); - dd = FF1(dd, aa, bb, cc, X[ 6], 5); - cc = FF1(cc, dd, aa, bb, X[ 4], 8); - bb = FF1(bb, cc, dd, aa, X[ 1], 11); - aa = FF1(aa, bb, cc, dd, X[ 3], 14); - dd = FF1(dd, aa, bb, cc, X[11], 14); - cc = FF1(cc, dd, aa, bb, X[15], 6); - bb = FF1(bb, cc, dd, aa, X[ 0], 14); - aa = FF1(aa, bb, cc, dd, X[ 5], 6); - dd = FF1(dd, aa, bb, cc, X[12], 9); - cc = FF1(cc, dd, aa, bb, X[ 2], 12); - bb = FF1(bb, cc, dd, aa, X[13], 9); - aa = FF1(aa, bb, cc, dd, X[ 9], 12); - dd = FF1(dd, aa, bb, cc, X[ 7], 5); - cc = FF1(cc, dd, aa, bb, X[10], 15); - bb = FF1(bb, cc, dd, aa, X[14], 8); - - dd += c + H1; // final result for H0 - - // - // combine the results - // - H1 = H2 + d + aa; - H2 = H3 + a + bb; - H3 = H0 + b + cc; - H0 = dd; - - // - // reset the offset and clean out the word buffer. - // - xOff = 0; - for (int i = 0; i != X.length; i++) - { - X[i] = 0; - } - } - - public Memoable copy() - { - return new RIPEMD128Digest(this); - } - - public void reset(Memoable other) - { - RIPEMD128Digest d = (RIPEMD128Digest)other; - - copyIn(d); - } -} diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/RIPEMD160Digest.java b/core/src/main/java/org/bouncycastle/crypto/digests/RIPEMD160Digest.java deleted file mode 100644 index 20c81e68..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/digests/RIPEMD160Digest.java +++ /dev/null @@ -1,443 +0,0 @@ -package org.bouncycastle.crypto.digests; - - -import org.bouncycastle.util.Memoable; - -/** - * implementation of RIPEMD see, - * http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html - */ -public class RIPEMD160Digest - extends GeneralDigest -{ - private static final int DIGEST_LENGTH = 20; - - private int H0, H1, H2, H3, H4; // IV's - - private int[] X = new int[16]; - private int xOff; - - /** - * Standard constructor - */ - public RIPEMD160Digest() - { - reset(); - } - - /** - * Copy constructor. This will copy the state of the provided - * message digest. - */ - public RIPEMD160Digest(RIPEMD160Digest t) - { - super(t); - - copyIn(t); - } - - private void copyIn(RIPEMD160Digest t) - { - super.copyIn(t); - - H0 = t.H0; - H1 = t.H1; - H2 = t.H2; - H3 = t.H3; - H4 = t.H4; - - System.arraycopy(t.X, 0, X, 0, t.X.length); - xOff = t.xOff; - } - - public String getAlgorithmName() - { - return "RIPEMD160"; - } - - public int getDigestSize() - { - return DIGEST_LENGTH; - } - - protected void processWord( - byte[] in, - int inOff) - { - X[xOff++] = (in[inOff] & 0xff) | ((in[inOff + 1] & 0xff) << 8) - | ((in[inOff + 2] & 0xff) << 16) | ((in[inOff + 3] & 0xff) << 24); - - if (xOff == 16) - { - processBlock(); - } - } - - protected void processLength( - long bitLength) - { - if (xOff > 14) - { - processBlock(); - } - - X[14] = (int)(bitLength & 0xffffffff); - X[15] = (int)(bitLength >>> 32); - } - - private void unpackWord( - int word, - byte[] out, - int outOff) - { - out[outOff] = (byte)word; - out[outOff + 1] = (byte)(word >>> 8); - out[outOff + 2] = (byte)(word >>> 16); - out[outOff + 3] = (byte)(word >>> 24); - } - - public int doFinal( - byte[] out, - int outOff) - { - finish(); - - unpackWord(H0, out, outOff); - unpackWord(H1, out, outOff + 4); - unpackWord(H2, out, outOff + 8); - unpackWord(H3, out, outOff + 12); - unpackWord(H4, out, outOff + 16); - - reset(); - - return DIGEST_LENGTH; - } - - /** - * reset the chaining variables to the IV values. - */ - public void reset() - { - super.reset(); - - H0 = 0x67452301; - H1 = 0xefcdab89; - H2 = 0x98badcfe; - H3 = 0x10325476; - H4 = 0xc3d2e1f0; - - xOff = 0; - - for (int i = 0; i != X.length; i++) - { - X[i] = 0; - } - } - - /* - * rotate int x left n bits. - */ - private int RL( - int x, - int n) - { - return (x << n) | (x >>> (32 - n)); - } - - /* - * f1,f2,f3,f4,f5 are the basic RIPEMD160 functions. - */ - - /* - * rounds 0-15 - */ - private int f1( - int x, - int y, - int z) - { - return x ^ y ^ z; - } - - /* - * rounds 16-31 - */ - private int f2( - int x, - int y, - int z) - { - return (x & y) | (~x & z); - } - - /* - * rounds 32-47 - */ - private int f3( - int x, - int y, - int z) - { - return (x | ~y) ^ z; - } - - /* - * rounds 48-63 - */ - private int f4( - int x, - int y, - int z) - { - return (x & z) | (y & ~z); - } - - /* - * rounds 64-79 - */ - private int f5( - int x, - int y, - int z) - { - return x ^ (y | ~z); - } - - protected void processBlock() - { - int a, aa; - int b, bb; - int c, cc; - int d, dd; - int e, ee; - - a = aa = H0; - b = bb = H1; - c = cc = H2; - d = dd = H3; - e = ee = H4; - - // - // Rounds 1 - 16 - // - // left - a = RL(a + f1(b,c,d) + X[ 0], 11) + e; c = RL(c, 10); - e = RL(e + f1(a,b,c) + X[ 1], 14) + d; b = RL(b, 10); - d = RL(d + f1(e,a,b) + X[ 2], 15) + c; a = RL(a, 10); - c = RL(c + f1(d,e,a) + X[ 3], 12) + b; e = RL(e, 10); - b = RL(b + f1(c,d,e) + X[ 4], 5) + a; d = RL(d, 10); - a = RL(a + f1(b,c,d) + X[ 5], 8) + e; c = RL(c, 10); - e = RL(e + f1(a,b,c) + X[ 6], 7) + d; b = RL(b, 10); - d = RL(d + f1(e,a,b) + X[ 7], 9) + c; a = RL(a, 10); - c = RL(c + f1(d,e,a) + X[ 8], 11) + b; e = RL(e, 10); - b = RL(b + f1(c,d,e) + X[ 9], 13) + a; d = RL(d, 10); - a = RL(a + f1(b,c,d) + X[10], 14) + e; c = RL(c, 10); - e = RL(e + f1(a,b,c) + X[11], 15) + d; b = RL(b, 10); - d = RL(d + f1(e,a,b) + X[12], 6) + c; a = RL(a, 10); - c = RL(c + f1(d,e,a) + X[13], 7) + b; e = RL(e, 10); - b = RL(b + f1(c,d,e) + X[14], 9) + a; d = RL(d, 10); - a = RL(a + f1(b,c,d) + X[15], 8) + e; c = RL(c, 10); - - // right - aa = RL(aa + f5(bb,cc,dd) + X[ 5] + 0x50a28be6, 8) + ee; cc = RL(cc, 10); - ee = RL(ee + f5(aa,bb,cc) + X[14] + 0x50a28be6, 9) + dd; bb = RL(bb, 10); - dd = RL(dd + f5(ee,aa,bb) + X[ 7] + 0x50a28be6, 9) + cc; aa = RL(aa, 10); - cc = RL(cc + f5(dd,ee,aa) + X[ 0] + 0x50a28be6, 11) + bb; ee = RL(ee, 10); - bb = RL(bb + f5(cc,dd,ee) + X[ 9] + 0x50a28be6, 13) + aa; dd = RL(dd, 10); - aa = RL(aa + f5(bb,cc,dd) + X[ 2] + 0x50a28be6, 15) + ee; cc = RL(cc, 10); - ee = RL(ee + f5(aa,bb,cc) + X[11] + 0x50a28be6, 15) + dd; bb = RL(bb, 10); - dd = RL(dd + f5(ee,aa,bb) + X[ 4] + 0x50a28be6, 5) + cc; aa = RL(aa, 10); - cc = RL(cc + f5(dd,ee,aa) + X[13] + 0x50a28be6, 7) + bb; ee = RL(ee, 10); - bb = RL(bb + f5(cc,dd,ee) + X[ 6] + 0x50a28be6, 7) + aa; dd = RL(dd, 10); - aa = RL(aa + f5(bb,cc,dd) + X[15] + 0x50a28be6, 8) + ee; cc = RL(cc, 10); - ee = RL(ee + f5(aa,bb,cc) + X[ 8] + 0x50a28be6, 11) + dd; bb = RL(bb, 10); - dd = RL(dd + f5(ee,aa,bb) + X[ 1] + 0x50a28be6, 14) + cc; aa = RL(aa, 10); - cc = RL(cc + f5(dd,ee,aa) + X[10] + 0x50a28be6, 14) + bb; ee = RL(ee, 10); - bb = RL(bb + f5(cc,dd,ee) + X[ 3] + 0x50a28be6, 12) + aa; dd = RL(dd, 10); - aa = RL(aa + f5(bb,cc,dd) + X[12] + 0x50a28be6, 6) + ee; cc = RL(cc, 10); - - // - // Rounds 16-31 - // - // left - e = RL(e + f2(a,b,c) + X[ 7] + 0x5a827999, 7) + d; b = RL(b, 10); - d = RL(d + f2(e,a,b) + X[ 4] + 0x5a827999, 6) + c; a = RL(a, 10); - c = RL(c + f2(d,e,a) + X[13] + 0x5a827999, 8) + b; e = RL(e, 10); - b = RL(b + f2(c,d,e) + X[ 1] + 0x5a827999, 13) + a; d = RL(d, 10); - a = RL(a + f2(b,c,d) + X[10] + 0x5a827999, 11) + e; c = RL(c, 10); - e = RL(e + f2(a,b,c) + X[ 6] + 0x5a827999, 9) + d; b = RL(b, 10); - d = RL(d + f2(e,a,b) + X[15] + 0x5a827999, 7) + c; a = RL(a, 10); - c = RL(c + f2(d,e,a) + X[ 3] + 0x5a827999, 15) + b; e = RL(e, 10); - b = RL(b + f2(c,d,e) + X[12] + 0x5a827999, 7) + a; d = RL(d, 10); - a = RL(a + f2(b,c,d) + X[ 0] + 0x5a827999, 12) + e; c = RL(c, 10); - e = RL(e + f2(a,b,c) + X[ 9] + 0x5a827999, 15) + d; b = RL(b, 10); - d = RL(d + f2(e,a,b) + X[ 5] + 0x5a827999, 9) + c; a = RL(a, 10); - c = RL(c + f2(d,e,a) + X[ 2] + 0x5a827999, 11) + b; e = RL(e, 10); - b = RL(b + f2(c,d,e) + X[14] + 0x5a827999, 7) + a; d = RL(d, 10); - a = RL(a + f2(b,c,d) + X[11] + 0x5a827999, 13) + e; c = RL(c, 10); - e = RL(e + f2(a,b,c) + X[ 8] + 0x5a827999, 12) + d; b = RL(b, 10); - - // right - ee = RL(ee + f4(aa,bb,cc) + X[ 6] + 0x5c4dd124, 9) + dd; bb = RL(bb, 10); - dd = RL(dd + f4(ee,aa,bb) + X[11] + 0x5c4dd124, 13) + cc; aa = RL(aa, 10); - cc = RL(cc + f4(dd,ee,aa) + X[ 3] + 0x5c4dd124, 15) + bb; ee = RL(ee, 10); - bb = RL(bb + f4(cc,dd,ee) + X[ 7] + 0x5c4dd124, 7) + aa; dd = RL(dd, 10); - aa = RL(aa + f4(bb,cc,dd) + X[ 0] + 0x5c4dd124, 12) + ee; cc = RL(cc, 10); - ee = RL(ee + f4(aa,bb,cc) + X[13] + 0x5c4dd124, 8) + dd; bb = RL(bb, 10); - dd = RL(dd + f4(ee,aa,bb) + X[ 5] + 0x5c4dd124, 9) + cc; aa = RL(aa, 10); - cc = RL(cc + f4(dd,ee,aa) + X[10] + 0x5c4dd124, 11) + bb; ee = RL(ee, 10); - bb = RL(bb + f4(cc,dd,ee) + X[14] + 0x5c4dd124, 7) + aa; dd = RL(dd, 10); - aa = RL(aa + f4(bb,cc,dd) + X[15] + 0x5c4dd124, 7) + ee; cc = RL(cc, 10); - ee = RL(ee + f4(aa,bb,cc) + X[ 8] + 0x5c4dd124, 12) + dd; bb = RL(bb, 10); - dd = RL(dd + f4(ee,aa,bb) + X[12] + 0x5c4dd124, 7) + cc; aa = RL(aa, 10); - cc = RL(cc + f4(dd,ee,aa) + X[ 4] + 0x5c4dd124, 6) + bb; ee = RL(ee, 10); - bb = RL(bb + f4(cc,dd,ee) + X[ 9] + 0x5c4dd124, 15) + aa; dd = RL(dd, 10); - aa = RL(aa + f4(bb,cc,dd) + X[ 1] + 0x5c4dd124, 13) + ee; cc = RL(cc, 10); - ee = RL(ee + f4(aa,bb,cc) + X[ 2] + 0x5c4dd124, 11) + dd; bb = RL(bb, 10); - - // - // Rounds 32-47 - // - // left - d = RL(d + f3(e,a,b) + X[ 3] + 0x6ed9eba1, 11) + c; a = RL(a, 10); - c = RL(c + f3(d,e,a) + X[10] + 0x6ed9eba1, 13) + b; e = RL(e, 10); - b = RL(b + f3(c,d,e) + X[14] + 0x6ed9eba1, 6) + a; d = RL(d, 10); - a = RL(a + f3(b,c,d) + X[ 4] + 0x6ed9eba1, 7) + e; c = RL(c, 10); - e = RL(e + f3(a,b,c) + X[ 9] + 0x6ed9eba1, 14) + d; b = RL(b, 10); - d = RL(d + f3(e,a,b) + X[15] + 0x6ed9eba1, 9) + c; a = RL(a, 10); - c = RL(c + f3(d,e,a) + X[ 8] + 0x6ed9eba1, 13) + b; e = RL(e, 10); - b = RL(b + f3(c,d,e) + X[ 1] + 0x6ed9eba1, 15) + a; d = RL(d, 10); - a = RL(a + f3(b,c,d) + X[ 2] + 0x6ed9eba1, 14) + e; c = RL(c, 10); - e = RL(e + f3(a,b,c) + X[ 7] + 0x6ed9eba1, 8) + d; b = RL(b, 10); - d = RL(d + f3(e,a,b) + X[ 0] + 0x6ed9eba1, 13) + c; a = RL(a, 10); - c = RL(c + f3(d,e,a) + X[ 6] + 0x6ed9eba1, 6) + b; e = RL(e, 10); - b = RL(b + f3(c,d,e) + X[13] + 0x6ed9eba1, 5) + a; d = RL(d, 10); - a = RL(a + f3(b,c,d) + X[11] + 0x6ed9eba1, 12) + e; c = RL(c, 10); - e = RL(e + f3(a,b,c) + X[ 5] + 0x6ed9eba1, 7) + d; b = RL(b, 10); - d = RL(d + f3(e,a,b) + X[12] + 0x6ed9eba1, 5) + c; a = RL(a, 10); - - // right - dd = RL(dd + f3(ee,aa,bb) + X[15] + 0x6d703ef3, 9) + cc; aa = RL(aa, 10); - cc = RL(cc + f3(dd,ee,aa) + X[ 5] + 0x6d703ef3, 7) + bb; ee = RL(ee, 10); - bb = RL(bb + f3(cc,dd,ee) + X[ 1] + 0x6d703ef3, 15) + aa; dd = RL(dd, 10); - aa = RL(aa + f3(bb,cc,dd) + X[ 3] + 0x6d703ef3, 11) + ee; cc = RL(cc, 10); - ee = RL(ee + f3(aa,bb,cc) + X[ 7] + 0x6d703ef3, 8) + dd; bb = RL(bb, 10); - dd = RL(dd + f3(ee,aa,bb) + X[14] + 0x6d703ef3, 6) + cc; aa = RL(aa, 10); - cc = RL(cc + f3(dd,ee,aa) + X[ 6] + 0x6d703ef3, 6) + bb; ee = RL(ee, 10); - bb = RL(bb + f3(cc,dd,ee) + X[ 9] + 0x6d703ef3, 14) + aa; dd = RL(dd, 10); - aa = RL(aa + f3(bb,cc,dd) + X[11] + 0x6d703ef3, 12) + ee; cc = RL(cc, 10); - ee = RL(ee + f3(aa,bb,cc) + X[ 8] + 0x6d703ef3, 13) + dd; bb = RL(bb, 10); - dd = RL(dd + f3(ee,aa,bb) + X[12] + 0x6d703ef3, 5) + cc; aa = RL(aa, 10); - cc = RL(cc + f3(dd,ee,aa) + X[ 2] + 0x6d703ef3, 14) + bb; ee = RL(ee, 10); - bb = RL(bb + f3(cc,dd,ee) + X[10] + 0x6d703ef3, 13) + aa; dd = RL(dd, 10); - aa = RL(aa + f3(bb,cc,dd) + X[ 0] + 0x6d703ef3, 13) + ee; cc = RL(cc, 10); - ee = RL(ee + f3(aa,bb,cc) + X[ 4] + 0x6d703ef3, 7) + dd; bb = RL(bb, 10); - dd = RL(dd + f3(ee,aa,bb) + X[13] + 0x6d703ef3, 5) + cc; aa = RL(aa, 10); - - // - // Rounds 48-63 - // - // left - c = RL(c + f4(d,e,a) + X[ 1] + 0x8f1bbcdc, 11) + b; e = RL(e, 10); - b = RL(b + f4(c,d,e) + X[ 9] + 0x8f1bbcdc, 12) + a; d = RL(d, 10); - a = RL(a + f4(b,c,d) + X[11] + 0x8f1bbcdc, 14) + e; c = RL(c, 10); - e = RL(e + f4(a,b,c) + X[10] + 0x8f1bbcdc, 15) + d; b = RL(b, 10); - d = RL(d + f4(e,a,b) + X[ 0] + 0x8f1bbcdc, 14) + c; a = RL(a, 10); - c = RL(c + f4(d,e,a) + X[ 8] + 0x8f1bbcdc, 15) + b; e = RL(e, 10); - b = RL(b + f4(c,d,e) + X[12] + 0x8f1bbcdc, 9) + a; d = RL(d, 10); - a = RL(a + f4(b,c,d) + X[ 4] + 0x8f1bbcdc, 8) + e; c = RL(c, 10); - e = RL(e + f4(a,b,c) + X[13] + 0x8f1bbcdc, 9) + d; b = RL(b, 10); - d = RL(d + f4(e,a,b) + X[ 3] + 0x8f1bbcdc, 14) + c; a = RL(a, 10); - c = RL(c + f4(d,e,a) + X[ 7] + 0x8f1bbcdc, 5) + b; e = RL(e, 10); - b = RL(b + f4(c,d,e) + X[15] + 0x8f1bbcdc, 6) + a; d = RL(d, 10); - a = RL(a + f4(b,c,d) + X[14] + 0x8f1bbcdc, 8) + e; c = RL(c, 10); - e = RL(e + f4(a,b,c) + X[ 5] + 0x8f1bbcdc, 6) + d; b = RL(b, 10); - d = RL(d + f4(e,a,b) + X[ 6] + 0x8f1bbcdc, 5) + c; a = RL(a, 10); - c = RL(c + f4(d,e,a) + X[ 2] + 0x8f1bbcdc, 12) + b; e = RL(e, 10); - - // right - cc = RL(cc + f2(dd,ee,aa) + X[ 8] + 0x7a6d76e9, 15) + bb; ee = RL(ee, 10); - bb = RL(bb + f2(cc,dd,ee) + X[ 6] + 0x7a6d76e9, 5) + aa; dd = RL(dd, 10); - aa = RL(aa + f2(bb,cc,dd) + X[ 4] + 0x7a6d76e9, 8) + ee; cc = RL(cc, 10); - ee = RL(ee + f2(aa,bb,cc) + X[ 1] + 0x7a6d76e9, 11) + dd; bb = RL(bb, 10); - dd = RL(dd + f2(ee,aa,bb) + X[ 3] + 0x7a6d76e9, 14) + cc; aa = RL(aa, 10); - cc = RL(cc + f2(dd,ee,aa) + X[11] + 0x7a6d76e9, 14) + bb; ee = RL(ee, 10); - bb = RL(bb + f2(cc,dd,ee) + X[15] + 0x7a6d76e9, 6) + aa; dd = RL(dd, 10); - aa = RL(aa + f2(bb,cc,dd) + X[ 0] + 0x7a6d76e9, 14) + ee; cc = RL(cc, 10); - ee = RL(ee + f2(aa,bb,cc) + X[ 5] + 0x7a6d76e9, 6) + dd; bb = RL(bb, 10); - dd = RL(dd + f2(ee,aa,bb) + X[12] + 0x7a6d76e9, 9) + cc; aa = RL(aa, 10); - cc = RL(cc + f2(dd,ee,aa) + X[ 2] + 0x7a6d76e9, 12) + bb; ee = RL(ee, 10); - bb = RL(bb + f2(cc,dd,ee) + X[13] + 0x7a6d76e9, 9) + aa; dd = RL(dd, 10); - aa = RL(aa + f2(bb,cc,dd) + X[ 9] + 0x7a6d76e9, 12) + ee; cc = RL(cc, 10); - ee = RL(ee + f2(aa,bb,cc) + X[ 7] + 0x7a6d76e9, 5) + dd; bb = RL(bb, 10); - dd = RL(dd + f2(ee,aa,bb) + X[10] + 0x7a6d76e9, 15) + cc; aa = RL(aa, 10); - cc = RL(cc + f2(dd,ee,aa) + X[14] + 0x7a6d76e9, 8) + bb; ee = RL(ee, 10); - - // - // Rounds 64-79 - // - // left - b = RL(b + f5(c,d,e) + X[ 4] + 0xa953fd4e, 9) + a; d = RL(d, 10); - a = RL(a + f5(b,c,d) + X[ 0] + 0xa953fd4e, 15) + e; c = RL(c, 10); - e = RL(e + f5(a,b,c) + X[ 5] + 0xa953fd4e, 5) + d; b = RL(b, 10); - d = RL(d + f5(e,a,b) + X[ 9] + 0xa953fd4e, 11) + c; a = RL(a, 10); - c = RL(c + f5(d,e,a) + X[ 7] + 0xa953fd4e, 6) + b; e = RL(e, 10); - b = RL(b + f5(c,d,e) + X[12] + 0xa953fd4e, 8) + a; d = RL(d, 10); - a = RL(a + f5(b,c,d) + X[ 2] + 0xa953fd4e, 13) + e; c = RL(c, 10); - e = RL(e + f5(a,b,c) + X[10] + 0xa953fd4e, 12) + d; b = RL(b, 10); - d = RL(d + f5(e,a,b) + X[14] + 0xa953fd4e, 5) + c; a = RL(a, 10); - c = RL(c + f5(d,e,a) + X[ 1] + 0xa953fd4e, 12) + b; e = RL(e, 10); - b = RL(b + f5(c,d,e) + X[ 3] + 0xa953fd4e, 13) + a; d = RL(d, 10); - a = RL(a + f5(b,c,d) + X[ 8] + 0xa953fd4e, 14) + e; c = RL(c, 10); - e = RL(e + f5(a,b,c) + X[11] + 0xa953fd4e, 11) + d; b = RL(b, 10); - d = RL(d + f5(e,a,b) + X[ 6] + 0xa953fd4e, 8) + c; a = RL(a, 10); - c = RL(c + f5(d,e,a) + X[15] + 0xa953fd4e, 5) + b; e = RL(e, 10); - b = RL(b + f5(c,d,e) + X[13] + 0xa953fd4e, 6) + a; d = RL(d, 10); - - // right - bb = RL(bb + f1(cc,dd,ee) + X[12], 8) + aa; dd = RL(dd, 10); - aa = RL(aa + f1(bb,cc,dd) + X[15], 5) + ee; cc = RL(cc, 10); - ee = RL(ee + f1(aa,bb,cc) + X[10], 12) + dd; bb = RL(bb, 10); - dd = RL(dd + f1(ee,aa,bb) + X[ 4], 9) + cc; aa = RL(aa, 10); - cc = RL(cc + f1(dd,ee,aa) + X[ 1], 12) + bb; ee = RL(ee, 10); - bb = RL(bb + f1(cc,dd,ee) + X[ 5], 5) + aa; dd = RL(dd, 10); - aa = RL(aa + f1(bb,cc,dd) + X[ 8], 14) + ee; cc = RL(cc, 10); - ee = RL(ee + f1(aa,bb,cc) + X[ 7], 6) + dd; bb = RL(bb, 10); - dd = RL(dd + f1(ee,aa,bb) + X[ 6], 8) + cc; aa = RL(aa, 10); - cc = RL(cc + f1(dd,ee,aa) + X[ 2], 13) + bb; ee = RL(ee, 10); - bb = RL(bb + f1(cc,dd,ee) + X[13], 6) + aa; dd = RL(dd, 10); - aa = RL(aa + f1(bb,cc,dd) + X[14], 5) + ee; cc = RL(cc, 10); - ee = RL(ee + f1(aa,bb,cc) + X[ 0], 15) + dd; bb = RL(bb, 10); - dd = RL(dd + f1(ee,aa,bb) + X[ 3], 13) + cc; aa = RL(aa, 10); - cc = RL(cc + f1(dd,ee,aa) + X[ 9], 11) + bb; ee = RL(ee, 10); - bb = RL(bb + f1(cc,dd,ee) + X[11], 11) + aa; dd = RL(dd, 10); - - dd += c + H1; - H1 = H2 + d + ee; - H2 = H3 + e + aa; - H3 = H4 + a + bb; - H4 = H0 + b + cc; - H0 = dd; - - // - // reset the offset and clean out the word buffer. - // - xOff = 0; - for (int i = 0; i != X.length; i++) - { - X[i] = 0; - } - } - - public Memoable copy() - { - return new RIPEMD160Digest(this); - } - - public void reset(Memoable other) - { - RIPEMD160Digest d = (RIPEMD160Digest)other; - - copyIn(d); - } -} diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/RIPEMD256Digest.java b/core/src/main/java/org/bouncycastle/crypto/digests/RIPEMD256Digest.java deleted file mode 100644 index 86746b45..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/digests/RIPEMD256Digest.java +++ /dev/null @@ -1,497 +0,0 @@ -package org.bouncycastle.crypto.digests; - - -import org.bouncycastle.util.Memoable; - -/** - * implementation of RIPEMD256. - * <p> - * <b>note:</b> this algorithm offers the same level of security as RIPEMD128. - */ -public class RIPEMD256Digest - extends GeneralDigest -{ - private static final int DIGEST_LENGTH = 32; - - private int H0, H1, H2, H3, H4, H5, H6, H7; // IV's - - private int[] X = new int[16]; - private int xOff; - - /** - * Standard constructor - */ - public RIPEMD256Digest() - { - reset(); - } - - /** - * Copy constructor. This will copy the state of the provided - * message digest. - */ - public RIPEMD256Digest(RIPEMD256Digest t) - { - super(t); - - copyIn(t); - } - - private void copyIn(RIPEMD256Digest t) - { - super.copyIn(t); - - H0 = t.H0; - H1 = t.H1; - H2 = t.H2; - H3 = t.H3; - H4 = t.H4; - H5 = t.H5; - H6 = t.H6; - H7 = t.H7; - - System.arraycopy(t.X, 0, X, 0, t.X.length); - xOff = t.xOff; - } - - public String getAlgorithmName() - { - return "RIPEMD256"; - } - - public int getDigestSize() - { - return DIGEST_LENGTH; - } - - protected void processWord( - byte[] in, - int inOff) - { - X[xOff++] = (in[inOff] & 0xff) | ((in[inOff + 1] & 0xff) << 8) - | ((in[inOff + 2] & 0xff) << 16) | ((in[inOff + 3] & 0xff) << 24); - - if (xOff == 16) - { - processBlock(); - } - } - - protected void processLength( - long bitLength) - { - if (xOff > 14) - { - processBlock(); - } - - X[14] = (int)(bitLength & 0xffffffff); - X[15] = (int)(bitLength >>> 32); - } - - private void unpackWord( - int word, - byte[] out, - int outOff) - { - out[outOff] = (byte)word; - out[outOff + 1] = (byte)(word >>> 8); - out[outOff + 2] = (byte)(word >>> 16); - out[outOff + 3] = (byte)(word >>> 24); - } - - public int doFinal( - byte[] out, - int outOff) - { - finish(); - - unpackWord(H0, out, outOff); - unpackWord(H1, out, outOff + 4); - unpackWord(H2, out, outOff + 8); - unpackWord(H3, out, outOff + 12); - unpackWord(H4, out, outOff + 16); - unpackWord(H5, out, outOff + 20); - unpackWord(H6, out, outOff + 24); - unpackWord(H7, out, outOff + 28); - - reset(); - - return DIGEST_LENGTH; - } - - /** - * reset the chaining variables to the IV values. - */ - public void reset() - { - super.reset(); - - H0 = 0x67452301; - H1 = 0xefcdab89; - H2 = 0x98badcfe; - H3 = 0x10325476; - H4 = 0x76543210; - H5 = 0xFEDCBA98; - H6 = 0x89ABCDEF; - H7 = 0x01234567; - - xOff = 0; - - for (int i = 0; i != X.length; i++) - { - X[i] = 0; - } - } - - /* - * rotate int x left n bits. - */ - private int RL( - int x, - int n) - { - return (x << n) | (x >>> (32 - n)); - } - - /* - * f1,f2,f3,f4 are the basic RIPEMD128 functions. - */ - - /* - * F - */ - private int f1( - int x, - int y, - int z) - { - return x ^ y ^ z; - } - - /* - * G - */ - private int f2( - int x, - int y, - int z) - { - return (x & y) | (~x & z); - } - - /* - * H - */ - private int f3( - int x, - int y, - int z) - { - return (x | ~y) ^ z; - } - - /* - * I - */ - private int f4( - int x, - int y, - int z) - { - return (x & z) | (y & ~z); - } - - private int F1( - int a, - int b, - int c, - int d, - int x, - int s) - { - return RL(a + f1(b, c, d) + x, s); - } - - private int F2( - int a, - int b, - int c, - int d, - int x, - int s) - { - return RL(a + f2(b, c, d) + x + 0x5a827999, s); - } - - private int F3( - int a, - int b, - int c, - int d, - int x, - int s) - { - return RL(a + f3(b, c, d) + x + 0x6ed9eba1, s); - } - - private int F4( - int a, - int b, - int c, - int d, - int x, - int s) - { - return RL(a + f4(b, c, d) + x + 0x8f1bbcdc, s); - } - - private int FF1( - int a, - int b, - int c, - int d, - int x, - int s) - { - return RL(a + f1(b, c, d) + x, s); - } - - private int FF2( - int a, - int b, - int c, - int d, - int x, - int s) - { - return RL(a + f2(b, c, d) + x + 0x6d703ef3, s); - } - - private int FF3( - int a, - int b, - int c, - int d, - int x, - int s) - { - return RL(a + f3(b, c, d) + x + 0x5c4dd124, s); - } - - private int FF4( - int a, - int b, - int c, - int d, - int x, - int s) - { - return RL(a + f4(b, c, d) + x + 0x50a28be6, s); - } - - protected void processBlock() - { - int a, aa; - int b, bb; - int c, cc; - int d, dd; - int t; - - a = H0; - b = H1; - c = H2; - d = H3; - aa = H4; - bb = H5; - cc = H6; - dd = H7; - - // - // Round 1 - // - - a = F1(a, b, c, d, X[ 0], 11); - d = F1(d, a, b, c, X[ 1], 14); - c = F1(c, d, a, b, X[ 2], 15); - b = F1(b, c, d, a, X[ 3], 12); - a = F1(a, b, c, d, X[ 4], 5); - d = F1(d, a, b, c, X[ 5], 8); - c = F1(c, d, a, b, X[ 6], 7); - b = F1(b, c, d, a, X[ 7], 9); - a = F1(a, b, c, d, X[ 8], 11); - d = F1(d, a, b, c, X[ 9], 13); - c = F1(c, d, a, b, X[10], 14); - b = F1(b, c, d, a, X[11], 15); - a = F1(a, b, c, d, X[12], 6); - d = F1(d, a, b, c, X[13], 7); - c = F1(c, d, a, b, X[14], 9); - b = F1(b, c, d, a, X[15], 8); - - aa = FF4(aa, bb, cc, dd, X[ 5], 8); - dd = FF4(dd, aa, bb, cc, X[14], 9); - cc = FF4(cc, dd, aa, bb, X[ 7], 9); - bb = FF4(bb, cc, dd, aa, X[ 0], 11); - aa = FF4(aa, bb, cc, dd, X[ 9], 13); - dd = FF4(dd, aa, bb, cc, X[ 2], 15); - cc = FF4(cc, dd, aa, bb, X[11], 15); - bb = FF4(bb, cc, dd, aa, X[ 4], 5); - aa = FF4(aa, bb, cc, dd, X[13], 7); - dd = FF4(dd, aa, bb, cc, X[ 6], 7); - cc = FF4(cc, dd, aa, bb, X[15], 8); - bb = FF4(bb, cc, dd, aa, X[ 8], 11); - aa = FF4(aa, bb, cc, dd, X[ 1], 14); - dd = FF4(dd, aa, bb, cc, X[10], 14); - cc = FF4(cc, dd, aa, bb, X[ 3], 12); - bb = FF4(bb, cc, dd, aa, X[12], 6); - - t = a; a = aa; aa = t; - - // - // Round 2 - // - a = F2(a, b, c, d, X[ 7], 7); - d = F2(d, a, b, c, X[ 4], 6); - c = F2(c, d, a, b, X[13], 8); - b = F2(b, c, d, a, X[ 1], 13); - a = F2(a, b, c, d, X[10], 11); - d = F2(d, a, b, c, X[ 6], 9); - c = F2(c, d, a, b, X[15], 7); - b = F2(b, c, d, a, X[ 3], 15); - a = F2(a, b, c, d, X[12], 7); - d = F2(d, a, b, c, X[ 0], 12); - c = F2(c, d, a, b, X[ 9], 15); - b = F2(b, c, d, a, X[ 5], 9); - a = F2(a, b, c, d, X[ 2], 11); - d = F2(d, a, b, c, X[14], 7); - c = F2(c, d, a, b, X[11], 13); - b = F2(b, c, d, a, X[ 8], 12); - - aa = FF3(aa, bb, cc, dd, X[ 6], 9); - dd = FF3(dd, aa, bb, cc, X[ 11], 13); - cc = FF3(cc, dd, aa, bb, X[3], 15); - bb = FF3(bb, cc, dd, aa, X[ 7], 7); - aa = FF3(aa, bb, cc, dd, X[0], 12); - dd = FF3(dd, aa, bb, cc, X[13], 8); - cc = FF3(cc, dd, aa, bb, X[5], 9); - bb = FF3(bb, cc, dd, aa, X[10], 11); - aa = FF3(aa, bb, cc, dd, X[14], 7); - dd = FF3(dd, aa, bb, cc, X[15], 7); - cc = FF3(cc, dd, aa, bb, X[ 8], 12); - bb = FF3(bb, cc, dd, aa, X[12], 7); - aa = FF3(aa, bb, cc, dd, X[ 4], 6); - dd = FF3(dd, aa, bb, cc, X[ 9], 15); - cc = FF3(cc, dd, aa, bb, X[ 1], 13); - bb = FF3(bb, cc, dd, aa, X[ 2], 11); - - t = b; b = bb; bb = t; - - // - // Round 3 - // - a = F3(a, b, c, d, X[ 3], 11); - d = F3(d, a, b, c, X[10], 13); - c = F3(c, d, a, b, X[14], 6); - b = F3(b, c, d, a, X[ 4], 7); - a = F3(a, b, c, d, X[ 9], 14); - d = F3(d, a, b, c, X[15], 9); - c = F3(c, d, a, b, X[ 8], 13); - b = F3(b, c, d, a, X[ 1], 15); - a = F3(a, b, c, d, X[ 2], 14); - d = F3(d, a, b, c, X[ 7], 8); - c = F3(c, d, a, b, X[ 0], 13); - b = F3(b, c, d, a, X[ 6], 6); - a = F3(a, b, c, d, X[13], 5); - d = F3(d, a, b, c, X[11], 12); - c = F3(c, d, a, b, X[ 5], 7); - b = F3(b, c, d, a, X[12], 5); - - aa = FF2(aa, bb, cc, dd, X[ 15], 9); - dd = FF2(dd, aa, bb, cc, X[5], 7); - cc = FF2(cc, dd, aa, bb, X[1], 15); - bb = FF2(bb, cc, dd, aa, X[ 3], 11); - aa = FF2(aa, bb, cc, dd, X[ 7], 8); - dd = FF2(dd, aa, bb, cc, X[14], 6); - cc = FF2(cc, dd, aa, bb, X[ 6], 6); - bb = FF2(bb, cc, dd, aa, X[ 9], 14); - aa = FF2(aa, bb, cc, dd, X[11], 12); - dd = FF2(dd, aa, bb, cc, X[ 8], 13); - cc = FF2(cc, dd, aa, bb, X[12], 5); - bb = FF2(bb, cc, dd, aa, X[ 2], 14); - aa = FF2(aa, bb, cc, dd, X[10], 13); - dd = FF2(dd, aa, bb, cc, X[ 0], 13); - cc = FF2(cc, dd, aa, bb, X[ 4], 7); - bb = FF2(bb, cc, dd, aa, X[13], 5); - - t = c; c = cc; cc = t; - - // - // Round 4 - // - a = F4(a, b, c, d, X[ 1], 11); - d = F4(d, a, b, c, X[ 9], 12); - c = F4(c, d, a, b, X[11], 14); - b = F4(b, c, d, a, X[10], 15); - a = F4(a, b, c, d, X[ 0], 14); - d = F4(d, a, b, c, X[ 8], 15); - c = F4(c, d, a, b, X[12], 9); - b = F4(b, c, d, a, X[ 4], 8); - a = F4(a, b, c, d, X[13], 9); - d = F4(d, a, b, c, X[ 3], 14); - c = F4(c, d, a, b, X[ 7], 5); - b = F4(b, c, d, a, X[15], 6); - a = F4(a, b, c, d, X[14], 8); - d = F4(d, a, b, c, X[ 5], 6); - c = F4(c, d, a, b, X[ 6], 5); - b = F4(b, c, d, a, X[ 2], 12); - - aa = FF1(aa, bb, cc, dd, X[ 8], 15); - dd = FF1(dd, aa, bb, cc, X[ 6], 5); - cc = FF1(cc, dd, aa, bb, X[ 4], 8); - bb = FF1(bb, cc, dd, aa, X[ 1], 11); - aa = FF1(aa, bb, cc, dd, X[ 3], 14); - dd = FF1(dd, aa, bb, cc, X[11], 14); - cc = FF1(cc, dd, aa, bb, X[15], 6); - bb = FF1(bb, cc, dd, aa, X[ 0], 14); - aa = FF1(aa, bb, cc, dd, X[ 5], 6); - dd = FF1(dd, aa, bb, cc, X[12], 9); - cc = FF1(cc, dd, aa, bb, X[ 2], 12); - bb = FF1(bb, cc, dd, aa, X[13], 9); - aa = FF1(aa, bb, cc, dd, X[ 9], 12); - dd = FF1(dd, aa, bb, cc, X[ 7], 5); - cc = FF1(cc, dd, aa, bb, X[10], 15); - bb = FF1(bb, cc, dd, aa, X[14], 8); - - t = d; d = dd; dd = t; - - H0 += a; - H1 += b; - H2 += c; - H3 += d; - H4 += aa; - H5 += bb; - H6 += cc; - H7 += dd; - - // - // reset the offset and clean out the word buffer. - // - xOff = 0; - for (int i = 0; i != X.length; i++) - { - X[i] = 0; - } - } - - public Memoable copy() - { - return new RIPEMD256Digest(this); - } - - public void reset(Memoable other) - { - RIPEMD256Digest d = (RIPEMD256Digest)other; - - copyIn(d); - } -} diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/RIPEMD320Digest.java b/core/src/main/java/org/bouncycastle/crypto/digests/RIPEMD320Digest.java deleted file mode 100644 index 32775e77..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/digests/RIPEMD320Digest.java +++ /dev/null @@ -1,481 +0,0 @@ -package org.bouncycastle.crypto.digests; - - -import org.bouncycastle.util.Memoable; - -/** - * implementation of RIPEMD 320. - * <p> - * <b>Note:</b> this implementation offers the same level of security - * as RIPEMD 160. - */ -public class RIPEMD320Digest - extends GeneralDigest -{ - private static final int DIGEST_LENGTH = 40; - - private int H0, H1, H2, H3, H4, H5, H6, H7, H8, H9; // IV's - - private int[] X = new int[16]; - private int xOff; - - /** - * Standard constructor - */ - public RIPEMD320Digest() - { - reset(); - } - - /** - * Copy constructor. This will copy the state of the provided - * message digest. - */ - public RIPEMD320Digest(RIPEMD320Digest t) - { - super(t); - - doCopy(t); - } - - private void doCopy(RIPEMD320Digest t) - { - super.copyIn(t); - H0 = t.H0; - H1 = t.H1; - H2 = t.H2; - H3 = t.H3; - H4 = t.H4; - H5 = t.H5; - H6 = t.H6; - H7 = t.H7; - H8 = t.H8; - H9 = t.H9; - - System.arraycopy(t.X, 0, X, 0, t.X.length); - xOff = t.xOff; - } - - public String getAlgorithmName() - { - return "RIPEMD320"; - } - - public int getDigestSize() - { - return DIGEST_LENGTH; - } - - protected void processWord( - byte[] in, - int inOff) - { - X[xOff++] = (in[inOff] & 0xff) | ((in[inOff + 1] & 0xff) << 8) - | ((in[inOff + 2] & 0xff) << 16) | ((in[inOff + 3] & 0xff) << 24); - - if (xOff == 16) - { - processBlock(); - } - } - - protected void processLength( - long bitLength) - { - if (xOff > 14) - { - processBlock(); - } - - X[14] = (int)(bitLength & 0xffffffff); - X[15] = (int)(bitLength >>> 32); - } - - private void unpackWord( - int word, - byte[] out, - int outOff) - { - out[outOff] = (byte)word; - out[outOff + 1] = (byte)(word >>> 8); - out[outOff + 2] = (byte)(word >>> 16); - out[outOff + 3] = (byte)(word >>> 24); - } - - public int doFinal( - byte[] out, - int outOff) - { - finish(); - - unpackWord(H0, out, outOff); - unpackWord(H1, out, outOff + 4); - unpackWord(H2, out, outOff + 8); - unpackWord(H3, out, outOff + 12); - unpackWord(H4, out, outOff + 16); - unpackWord(H5, out, outOff + 20); - unpackWord(H6, out, outOff + 24); - unpackWord(H7, out, outOff + 28); - unpackWord(H8, out, outOff + 32); - unpackWord(H9, out, outOff + 36); - - reset(); - - return DIGEST_LENGTH; - } - - /** - * reset the chaining variables to the IV values. - */ - public void reset() - { - super.reset(); - - H0 = 0x67452301; - H1 = 0xefcdab89; - H2 = 0x98badcfe; - H3 = 0x10325476; - H4 = 0xc3d2e1f0; - H5 = 0x76543210; - H6 = 0xFEDCBA98; - H7 = 0x89ABCDEF; - H8 = 0x01234567; - H9 = 0x3C2D1E0F; - - xOff = 0; - - for (int i = 0; i != X.length; i++) - { - X[i] = 0; - } - } - - /* - * rotate int x left n bits. - */ - private int RL( - int x, - int n) - { - return (x << n) | (x >>> (32 - n)); - } - - /* - * f1,f2,f3,f4,f5 are the basic RIPEMD160 functions. - */ - - /* - * rounds 0-15 - */ - private int f1( - int x, - int y, - int z) - { - return x ^ y ^ z; - } - - /* - * rounds 16-31 - */ - private int f2( - int x, - int y, - int z) - { - return (x & y) | (~x & z); - } - - /* - * rounds 32-47 - */ - private int f3( - int x, - int y, - int z) - { - return (x | ~y) ^ z; - } - - /* - * rounds 48-63 - */ - private int f4( - int x, - int y, - int z) - { - return (x & z) | (y & ~z); - } - - /* - * rounds 64-79 - */ - private int f5( - int x, - int y, - int z) - { - return x ^ (y | ~z); - } - - protected void processBlock() - { - int a, aa; - int b, bb; - int c, cc; - int d, dd; - int e, ee; - int t; - - a = H0; - b = H1; - c = H2; - d = H3; - e = H4; - aa = H5; - bb = H6; - cc = H7; - dd = H8; - ee = H9; - - // - // Rounds 1 - 16 - // - // left - a = RL(a + f1(b,c,d) + X[ 0], 11) + e; c = RL(c, 10); - e = RL(e + f1(a,b,c) + X[ 1], 14) + d; b = RL(b, 10); - d = RL(d + f1(e,a,b) + X[ 2], 15) + c; a = RL(a, 10); - c = RL(c + f1(d,e,a) + X[ 3], 12) + b; e = RL(e, 10); - b = RL(b + f1(c,d,e) + X[ 4], 5) + a; d = RL(d, 10); - a = RL(a + f1(b,c,d) + X[ 5], 8) + e; c = RL(c, 10); - e = RL(e + f1(a,b,c) + X[ 6], 7) + d; b = RL(b, 10); - d = RL(d + f1(e,a,b) + X[ 7], 9) + c; a = RL(a, 10); - c = RL(c + f1(d,e,a) + X[ 8], 11) + b; e = RL(e, 10); - b = RL(b + f1(c,d,e) + X[ 9], 13) + a; d = RL(d, 10); - a = RL(a + f1(b,c,d) + X[10], 14) + e; c = RL(c, 10); - e = RL(e + f1(a,b,c) + X[11], 15) + d; b = RL(b, 10); - d = RL(d + f1(e,a,b) + X[12], 6) + c; a = RL(a, 10); - c = RL(c + f1(d,e,a) + X[13], 7) + b; e = RL(e, 10); - b = RL(b + f1(c,d,e) + X[14], 9) + a; d = RL(d, 10); - a = RL(a + f1(b,c,d) + X[15], 8) + e; c = RL(c, 10); - - // right - aa = RL(aa + f5(bb,cc,dd) + X[ 5] + 0x50a28be6, 8) + ee; cc = RL(cc, 10); - ee = RL(ee + f5(aa,bb,cc) + X[14] + 0x50a28be6, 9) + dd; bb = RL(bb, 10); - dd = RL(dd + f5(ee,aa,bb) + X[ 7] + 0x50a28be6, 9) + cc; aa = RL(aa, 10); - cc = RL(cc + f5(dd,ee,aa) + X[ 0] + 0x50a28be6, 11) + bb; ee = RL(ee, 10); - bb = RL(bb + f5(cc,dd,ee) + X[ 9] + 0x50a28be6, 13) + aa; dd = RL(dd, 10); - aa = RL(aa + f5(bb,cc,dd) + X[ 2] + 0x50a28be6, 15) + ee; cc = RL(cc, 10); - ee = RL(ee + f5(aa,bb,cc) + X[11] + 0x50a28be6, 15) + dd; bb = RL(bb, 10); - dd = RL(dd + f5(ee,aa,bb) + X[ 4] + 0x50a28be6, 5) + cc; aa = RL(aa, 10); - cc = RL(cc + f5(dd,ee,aa) + X[13] + 0x50a28be6, 7) + bb; ee = RL(ee, 10); - bb = RL(bb + f5(cc,dd,ee) + X[ 6] + 0x50a28be6, 7) + aa; dd = RL(dd, 10); - aa = RL(aa + f5(bb,cc,dd) + X[15] + 0x50a28be6, 8) + ee; cc = RL(cc, 10); - ee = RL(ee + f5(aa,bb,cc) + X[ 8] + 0x50a28be6, 11) + dd; bb = RL(bb, 10); - dd = RL(dd + f5(ee,aa,bb) + X[ 1] + 0x50a28be6, 14) + cc; aa = RL(aa, 10); - cc = RL(cc + f5(dd,ee,aa) + X[10] + 0x50a28be6, 14) + bb; ee = RL(ee, 10); - bb = RL(bb + f5(cc,dd,ee) + X[ 3] + 0x50a28be6, 12) + aa; dd = RL(dd, 10); - aa = RL(aa + f5(bb,cc,dd) + X[12] + 0x50a28be6, 6) + ee; cc = RL(cc, 10); - - t = a; a = aa; aa = t; - - // - // Rounds 16-31 - // - // left - e = RL(e + f2(a,b,c) + X[ 7] + 0x5a827999, 7) + d; b = RL(b, 10); - d = RL(d + f2(e,a,b) + X[ 4] + 0x5a827999, 6) + c; a = RL(a, 10); - c = RL(c + f2(d,e,a) + X[13] + 0x5a827999, 8) + b; e = RL(e, 10); - b = RL(b + f2(c,d,e) + X[ 1] + 0x5a827999, 13) + a; d = RL(d, 10); - a = RL(a + f2(b,c,d) + X[10] + 0x5a827999, 11) + e; c = RL(c, 10); - e = RL(e + f2(a,b,c) + X[ 6] + 0x5a827999, 9) + d; b = RL(b, 10); - d = RL(d + f2(e,a,b) + X[15] + 0x5a827999, 7) + c; a = RL(a, 10); - c = RL(c + f2(d,e,a) + X[ 3] + 0x5a827999, 15) + b; e = RL(e, 10); - b = RL(b + f2(c,d,e) + X[12] + 0x5a827999, 7) + a; d = RL(d, 10); - a = RL(a + f2(b,c,d) + X[ 0] + 0x5a827999, 12) + e; c = RL(c, 10); - e = RL(e + f2(a,b,c) + X[ 9] + 0x5a827999, 15) + d; b = RL(b, 10); - d = RL(d + f2(e,a,b) + X[ 5] + 0x5a827999, 9) + c; a = RL(a, 10); - c = RL(c + f2(d,e,a) + X[ 2] + 0x5a827999, 11) + b; e = RL(e, 10); - b = RL(b + f2(c,d,e) + X[14] + 0x5a827999, 7) + a; d = RL(d, 10); - a = RL(a + f2(b,c,d) + X[11] + 0x5a827999, 13) + e; c = RL(c, 10); - e = RL(e + f2(a,b,c) + X[ 8] + 0x5a827999, 12) + d; b = RL(b, 10); - - // right - ee = RL(ee + f4(aa,bb,cc) + X[ 6] + 0x5c4dd124, 9) + dd; bb = RL(bb, 10); - dd = RL(dd + f4(ee,aa,bb) + X[11] + 0x5c4dd124, 13) + cc; aa = RL(aa, 10); - cc = RL(cc + f4(dd,ee,aa) + X[ 3] + 0x5c4dd124, 15) + bb; ee = RL(ee, 10); - bb = RL(bb + f4(cc,dd,ee) + X[ 7] + 0x5c4dd124, 7) + aa; dd = RL(dd, 10); - aa = RL(aa + f4(bb,cc,dd) + X[ 0] + 0x5c4dd124, 12) + ee; cc = RL(cc, 10); - ee = RL(ee + f4(aa,bb,cc) + X[13] + 0x5c4dd124, 8) + dd; bb = RL(bb, 10); - dd = RL(dd + f4(ee,aa,bb) + X[ 5] + 0x5c4dd124, 9) + cc; aa = RL(aa, 10); - cc = RL(cc + f4(dd,ee,aa) + X[10] + 0x5c4dd124, 11) + bb; ee = RL(ee, 10); - bb = RL(bb + f4(cc,dd,ee) + X[14] + 0x5c4dd124, 7) + aa; dd = RL(dd, 10); - aa = RL(aa + f4(bb,cc,dd) + X[15] + 0x5c4dd124, 7) + ee; cc = RL(cc, 10); - ee = RL(ee + f4(aa,bb,cc) + X[ 8] + 0x5c4dd124, 12) + dd; bb = RL(bb, 10); - dd = RL(dd + f4(ee,aa,bb) + X[12] + 0x5c4dd124, 7) + cc; aa = RL(aa, 10); - cc = RL(cc + f4(dd,ee,aa) + X[ 4] + 0x5c4dd124, 6) + bb; ee = RL(ee, 10); - bb = RL(bb + f4(cc,dd,ee) + X[ 9] + 0x5c4dd124, 15) + aa; dd = RL(dd, 10); - aa = RL(aa + f4(bb,cc,dd) + X[ 1] + 0x5c4dd124, 13) + ee; cc = RL(cc, 10); - ee = RL(ee + f4(aa,bb,cc) + X[ 2] + 0x5c4dd124, 11) + dd; bb = RL(bb, 10); - - t = b; b = bb; bb = t; - - // - // Rounds 32-47 - // - // left - d = RL(d + f3(e,a,b) + X[ 3] + 0x6ed9eba1, 11) + c; a = RL(a, 10); - c = RL(c + f3(d,e,a) + X[10] + 0x6ed9eba1, 13) + b; e = RL(e, 10); - b = RL(b + f3(c,d,e) + X[14] + 0x6ed9eba1, 6) + a; d = RL(d, 10); - a = RL(a + f3(b,c,d) + X[ 4] + 0x6ed9eba1, 7) + e; c = RL(c, 10); - e = RL(e + f3(a,b,c) + X[ 9] + 0x6ed9eba1, 14) + d; b = RL(b, 10); - d = RL(d + f3(e,a,b) + X[15] + 0x6ed9eba1, 9) + c; a = RL(a, 10); - c = RL(c + f3(d,e,a) + X[ 8] + 0x6ed9eba1, 13) + b; e = RL(e, 10); - b = RL(b + f3(c,d,e) + X[ 1] + 0x6ed9eba1, 15) + a; d = RL(d, 10); - a = RL(a + f3(b,c,d) + X[ 2] + 0x6ed9eba1, 14) + e; c = RL(c, 10); - e = RL(e + f3(a,b,c) + X[ 7] + 0x6ed9eba1, 8) + d; b = RL(b, 10); - d = RL(d + f3(e,a,b) + X[ 0] + 0x6ed9eba1, 13) + c; a = RL(a, 10); - c = RL(c + f3(d,e,a) + X[ 6] + 0x6ed9eba1, 6) + b; e = RL(e, 10); - b = RL(b + f3(c,d,e) + X[13] + 0x6ed9eba1, 5) + a; d = RL(d, 10); - a = RL(a + f3(b,c,d) + X[11] + 0x6ed9eba1, 12) + e; c = RL(c, 10); - e = RL(e + f3(a,b,c) + X[ 5] + 0x6ed9eba1, 7) + d; b = RL(b, 10); - d = RL(d + f3(e,a,b) + X[12] + 0x6ed9eba1, 5) + c; a = RL(a, 10); - - // right - dd = RL(dd + f3(ee,aa,bb) + X[15] + 0x6d703ef3, 9) + cc; aa = RL(aa, 10); - cc = RL(cc + f3(dd,ee,aa) + X[ 5] + 0x6d703ef3, 7) + bb; ee = RL(ee, 10); - bb = RL(bb + f3(cc,dd,ee) + X[ 1] + 0x6d703ef3, 15) + aa; dd = RL(dd, 10); - aa = RL(aa + f3(bb,cc,dd) + X[ 3] + 0x6d703ef3, 11) + ee; cc = RL(cc, 10); - ee = RL(ee + f3(aa,bb,cc) + X[ 7] + 0x6d703ef3, 8) + dd; bb = RL(bb, 10); - dd = RL(dd + f3(ee,aa,bb) + X[14] + 0x6d703ef3, 6) + cc; aa = RL(aa, 10); - cc = RL(cc + f3(dd,ee,aa) + X[ 6] + 0x6d703ef3, 6) + bb; ee = RL(ee, 10); - bb = RL(bb + f3(cc,dd,ee) + X[ 9] + 0x6d703ef3, 14) + aa; dd = RL(dd, 10); - aa = RL(aa + f3(bb,cc,dd) + X[11] + 0x6d703ef3, 12) + ee; cc = RL(cc, 10); - ee = RL(ee + f3(aa,bb,cc) + X[ 8] + 0x6d703ef3, 13) + dd; bb = RL(bb, 10); - dd = RL(dd + f3(ee,aa,bb) + X[12] + 0x6d703ef3, 5) + cc; aa = RL(aa, 10); - cc = RL(cc + f3(dd,ee,aa) + X[ 2] + 0x6d703ef3, 14) + bb; ee = RL(ee, 10); - bb = RL(bb + f3(cc,dd,ee) + X[10] + 0x6d703ef3, 13) + aa; dd = RL(dd, 10); - aa = RL(aa + f3(bb,cc,dd) + X[ 0] + 0x6d703ef3, 13) + ee; cc = RL(cc, 10); - ee = RL(ee + f3(aa,bb,cc) + X[ 4] + 0x6d703ef3, 7) + dd; bb = RL(bb, 10); - dd = RL(dd + f3(ee,aa,bb) + X[13] + 0x6d703ef3, 5) + cc; aa = RL(aa, 10); - - t = c; c = cc; cc = t; - - // - // Rounds 48-63 - // - // left - c = RL(c + f4(d,e,a) + X[ 1] + 0x8f1bbcdc, 11) + b; e = RL(e, 10); - b = RL(b + f4(c,d,e) + X[ 9] + 0x8f1bbcdc, 12) + a; d = RL(d, 10); - a = RL(a + f4(b,c,d) + X[11] + 0x8f1bbcdc, 14) + e; c = RL(c, 10); - e = RL(e + f4(a,b,c) + X[10] + 0x8f1bbcdc, 15) + d; b = RL(b, 10); - d = RL(d + f4(e,a,b) + X[ 0] + 0x8f1bbcdc, 14) + c; a = RL(a, 10); - c = RL(c + f4(d,e,a) + X[ 8] + 0x8f1bbcdc, 15) + b; e = RL(e, 10); - b = RL(b + f4(c,d,e) + X[12] + 0x8f1bbcdc, 9) + a; d = RL(d, 10); - a = RL(a + f4(b,c,d) + X[ 4] + 0x8f1bbcdc, 8) + e; c = RL(c, 10); - e = RL(e + f4(a,b,c) + X[13] + 0x8f1bbcdc, 9) + d; b = RL(b, 10); - d = RL(d + f4(e,a,b) + X[ 3] + 0x8f1bbcdc, 14) + c; a = RL(a, 10); - c = RL(c + f4(d,e,a) + X[ 7] + 0x8f1bbcdc, 5) + b; e = RL(e, 10); - b = RL(b + f4(c,d,e) + X[15] + 0x8f1bbcdc, 6) + a; d = RL(d, 10); - a = RL(a + f4(b,c,d) + X[14] + 0x8f1bbcdc, 8) + e; c = RL(c, 10); - e = RL(e + f4(a,b,c) + X[ 5] + 0x8f1bbcdc, 6) + d; b = RL(b, 10); - d = RL(d + f4(e,a,b) + X[ 6] + 0x8f1bbcdc, 5) + c; a = RL(a, 10); - c = RL(c + f4(d,e,a) + X[ 2] + 0x8f1bbcdc, 12) + b; e = RL(e, 10); - - // right - cc = RL(cc + f2(dd,ee,aa) + X[ 8] + 0x7a6d76e9, 15) + bb; ee = RL(ee, 10); - bb = RL(bb + f2(cc,dd,ee) + X[ 6] + 0x7a6d76e9, 5) + aa; dd = RL(dd, 10); - aa = RL(aa + f2(bb,cc,dd) + X[ 4] + 0x7a6d76e9, 8) + ee; cc = RL(cc, 10); - ee = RL(ee + f2(aa,bb,cc) + X[ 1] + 0x7a6d76e9, 11) + dd; bb = RL(bb, 10); - dd = RL(dd + f2(ee,aa,bb) + X[ 3] + 0x7a6d76e9, 14) + cc; aa = RL(aa, 10); - cc = RL(cc + f2(dd,ee,aa) + X[11] + 0x7a6d76e9, 14) + bb; ee = RL(ee, 10); - bb = RL(bb + f2(cc,dd,ee) + X[15] + 0x7a6d76e9, 6) + aa; dd = RL(dd, 10); - aa = RL(aa + f2(bb,cc,dd) + X[ 0] + 0x7a6d76e9, 14) + ee; cc = RL(cc, 10); - ee = RL(ee + f2(aa,bb,cc) + X[ 5] + 0x7a6d76e9, 6) + dd; bb = RL(bb, 10); - dd = RL(dd + f2(ee,aa,bb) + X[12] + 0x7a6d76e9, 9) + cc; aa = RL(aa, 10); - cc = RL(cc + f2(dd,ee,aa) + X[ 2] + 0x7a6d76e9, 12) + bb; ee = RL(ee, 10); - bb = RL(bb + f2(cc,dd,ee) + X[13] + 0x7a6d76e9, 9) + aa; dd = RL(dd, 10); - aa = RL(aa + f2(bb,cc,dd) + X[ 9] + 0x7a6d76e9, 12) + ee; cc = RL(cc, 10); - ee = RL(ee + f2(aa,bb,cc) + X[ 7] + 0x7a6d76e9, 5) + dd; bb = RL(bb, 10); - dd = RL(dd + f2(ee,aa,bb) + X[10] + 0x7a6d76e9, 15) + cc; aa = RL(aa, 10); - cc = RL(cc + f2(dd,ee,aa) + X[14] + 0x7a6d76e9, 8) + bb; ee = RL(ee, 10); - - t = d; d = dd; dd = t; - - // - // Rounds 64-79 - // - // left - b = RL(b + f5(c,d,e) + X[ 4] + 0xa953fd4e, 9) + a; d = RL(d, 10); - a = RL(a + f5(b,c,d) + X[ 0] + 0xa953fd4e, 15) + e; c = RL(c, 10); - e = RL(e + f5(a,b,c) + X[ 5] + 0xa953fd4e, 5) + d; b = RL(b, 10); - d = RL(d + f5(e,a,b) + X[ 9] + 0xa953fd4e, 11) + c; a = RL(a, 10); - c = RL(c + f5(d,e,a) + X[ 7] + 0xa953fd4e, 6) + b; e = RL(e, 10); - b = RL(b + f5(c,d,e) + X[12] + 0xa953fd4e, 8) + a; d = RL(d, 10); - a = RL(a + f5(b,c,d) + X[ 2] + 0xa953fd4e, 13) + e; c = RL(c, 10); - e = RL(e + f5(a,b,c) + X[10] + 0xa953fd4e, 12) + d; b = RL(b, 10); - d = RL(d + f5(e,a,b) + X[14] + 0xa953fd4e, 5) + c; a = RL(a, 10); - c = RL(c + f5(d,e,a) + X[ 1] + 0xa953fd4e, 12) + b; e = RL(e, 10); - b = RL(b + f5(c,d,e) + X[ 3] + 0xa953fd4e, 13) + a; d = RL(d, 10); - a = RL(a + f5(b,c,d) + X[ 8] + 0xa953fd4e, 14) + e; c = RL(c, 10); - e = RL(e + f5(a,b,c) + X[11] + 0xa953fd4e, 11) + d; b = RL(b, 10); - d = RL(d + f5(e,a,b) + X[ 6] + 0xa953fd4e, 8) + c; a = RL(a, 10); - c = RL(c + f5(d,e,a) + X[15] + 0xa953fd4e, 5) + b; e = RL(e, 10); - b = RL(b + f5(c,d,e) + X[13] + 0xa953fd4e, 6) + a; d = RL(d, 10); - - // right - bb = RL(bb + f1(cc,dd,ee) + X[12], 8) + aa; dd = RL(dd, 10); - aa = RL(aa + f1(bb,cc,dd) + X[15], 5) + ee; cc = RL(cc, 10); - ee = RL(ee + f1(aa,bb,cc) + X[10], 12) + dd; bb = RL(bb, 10); - dd = RL(dd + f1(ee,aa,bb) + X[ 4], 9) + cc; aa = RL(aa, 10); - cc = RL(cc + f1(dd,ee,aa) + X[ 1], 12) + bb; ee = RL(ee, 10); - bb = RL(bb + f1(cc,dd,ee) + X[ 5], 5) + aa; dd = RL(dd, 10); - aa = RL(aa + f1(bb,cc,dd) + X[ 8], 14) + ee; cc = RL(cc, 10); - ee = RL(ee + f1(aa,bb,cc) + X[ 7], 6) + dd; bb = RL(bb, 10); - dd = RL(dd + f1(ee,aa,bb) + X[ 6], 8) + cc; aa = RL(aa, 10); - cc = RL(cc + f1(dd,ee,aa) + X[ 2], 13) + bb; ee = RL(ee, 10); - bb = RL(bb + f1(cc,dd,ee) + X[13], 6) + aa; dd = RL(dd, 10); - aa = RL(aa + f1(bb,cc,dd) + X[14], 5) + ee; cc = RL(cc, 10); - ee = RL(ee + f1(aa,bb,cc) + X[ 0], 15) + dd; bb = RL(bb, 10); - dd = RL(dd + f1(ee,aa,bb) + X[ 3], 13) + cc; aa = RL(aa, 10); - cc = RL(cc + f1(dd,ee,aa) + X[ 9], 11) + bb; ee = RL(ee, 10); - bb = RL(bb + f1(cc,dd,ee) + X[11], 11) + aa; dd = RL(dd, 10); - - // - // do (e, ee) swap as part of assignment. - // - - H0 += a; - H1 += b; - H2 += c; - H3 += d; - H4 += ee; - H5 += aa; - H6 += bb; - H7 += cc; - H8 += dd; - H9 += e; - - // - // reset the offset and clean out the word buffer. - // - xOff = 0; - for (int i = 0; i != X.length; i++) - { - X[i] = 0; - } - } - - public Memoable copy() - { - return new RIPEMD320Digest(this); - } - - public void reset(Memoable other) - { - RIPEMD320Digest d = (RIPEMD320Digest)other; - - doCopy(d); - } -} diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/SHA1Digest.java b/core/src/main/java/org/bouncycastle/crypto/digests/SHA1Digest.java deleted file mode 100644 index 450dda46..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/digests/SHA1Digest.java +++ /dev/null @@ -1,348 +0,0 @@ -package org.bouncycastle.crypto.digests; - -import org.bouncycastle.util.Memoable; -import org.bouncycastle.util.Pack; - -/** - * implementation of SHA-1 as outlined in "Handbook of Applied Cryptography", pages 346 - 349. - * - * It is interesting to ponder why the, apart from the extra IV, the other difference here from MD5 - * is the "endianness" of the word processing! - */ -public class SHA1Digest - extends GeneralDigest - implements EncodableDigest -{ - private static final int DIGEST_LENGTH = 20; - - private int H1, H2, H3, H4, H5; - - private int[] X = new int[80]; - private int xOff; - - /** - * Standard constructor - */ - public SHA1Digest() - { - reset(); - } - - /** - * Copy constructor. This will copy the state of the provided - * message digest. - */ - public SHA1Digest(SHA1Digest t) - { - super(t); - - copyIn(t); - } - - public SHA1Digest(byte[] encodedState) - { - super(encodedState); - - H1 = Pack.bigEndianToInt(encodedState, 16); - H2 = Pack.bigEndianToInt(encodedState, 20); - H3 = Pack.bigEndianToInt(encodedState, 24); - H4 = Pack.bigEndianToInt(encodedState, 28); - H5 = Pack.bigEndianToInt(encodedState, 32); - - xOff = Pack.bigEndianToInt(encodedState, 36); - for (int i = 0; i != xOff; i++) - { - X[i] = Pack.bigEndianToInt(encodedState, 40 + (i * 4)); - } - } - - private void copyIn(SHA1Digest t) - { - H1 = t.H1; - H2 = t.H2; - H3 = t.H3; - H4 = t.H4; - H5 = t.H5; - - System.arraycopy(t.X, 0, X, 0, t.X.length); - xOff = t.xOff; - } - - public String getAlgorithmName() - { - return "SHA-1"; - } - - public int getDigestSize() - { - return DIGEST_LENGTH; - } - - protected void processWord( - byte[] in, - int inOff) - { - // Note: Inlined for performance -// X[xOff] = Pack.bigEndianToInt(in, inOff); - int n = in[ inOff] << 24; - n |= (in[++inOff] & 0xff) << 16; - n |= (in[++inOff] & 0xff) << 8; - n |= (in[++inOff] & 0xff); - X[xOff] = n; - - if (++xOff == 16) - { - processBlock(); - } - } - - protected void processLength( - long bitLength) - { - if (xOff > 14) - { - processBlock(); - } - - X[14] = (int)(bitLength >>> 32); - X[15] = (int)(bitLength & 0xffffffff); - } - - public int doFinal( - byte[] out, - int outOff) - { - finish(); - - Pack.intToBigEndian(H1, out, outOff); - Pack.intToBigEndian(H2, out, outOff + 4); - Pack.intToBigEndian(H3, out, outOff + 8); - Pack.intToBigEndian(H4, out, outOff + 12); - Pack.intToBigEndian(H5, out, outOff + 16); - - reset(); - - return DIGEST_LENGTH; - } - - /** - * reset the chaining variables - */ - public void reset() - { - super.reset(); - - H1 = 0x67452301; - H2 = 0xefcdab89; - H3 = 0x98badcfe; - H4 = 0x10325476; - H5 = 0xc3d2e1f0; - - xOff = 0; - for (int i = 0; i != X.length; i++) - { - X[i] = 0; - } - } - - // - // Additive constants - // - private static final int Y1 = 0x5a827999; - private static final int Y2 = 0x6ed9eba1; - private static final int Y3 = 0x8f1bbcdc; - private static final int Y4 = 0xca62c1d6; - - private int f( - int u, - int v, - int w) - { - return ((u & v) | ((~u) & w)); - } - - private int h( - int u, - int v, - int w) - { - return (u ^ v ^ w); - } - - private int g( - int u, - int v, - int w) - { - return ((u & v) | (u & w) | (v & w)); - } - - protected void processBlock() - { - // - // expand 16 word block into 80 word block. - // - for (int i = 16; i < 80; i++) - { - int t = X[i - 3] ^ X[i - 8] ^ X[i - 14] ^ X[i - 16]; - X[i] = t << 1 | t >>> 31; - } - - // - // set up working variables. - // - int A = H1; - int B = H2; - int C = H3; - int D = H4; - int E = H5; - - // - // round 1 - // - int idx = 0; - - for (int j = 0; j < 4; j++) - { - // E = rotateLeft(A, 5) + f(B, C, D) + E + X[idx++] + Y1 - // B = rotateLeft(B, 30) - E += (A << 5 | A >>> 27) + f(B, C, D) + X[idx++] + Y1; - B = B << 30 | B >>> 2; - - D += (E << 5 | E >>> 27) + f(A, B, C) + X[idx++] + Y1; - A = A << 30 | A >>> 2; - - C += (D << 5 | D >>> 27) + f(E, A, B) + X[idx++] + Y1; - E = E << 30 | E >>> 2; - - B += (C << 5 | C >>> 27) + f(D, E, A) + X[idx++] + Y1; - D = D << 30 | D >>> 2; - - A += (B << 5 | B >>> 27) + f(C, D, E) + X[idx++] + Y1; - C = C << 30 | C >>> 2; - } - - // - // round 2 - // - for (int j = 0; j < 4; j++) - { - // E = rotateLeft(A, 5) + h(B, C, D) + E + X[idx++] + Y2 - // B = rotateLeft(B, 30) - E += (A << 5 | A >>> 27) + h(B, C, D) + X[idx++] + Y2; - B = B << 30 | B >>> 2; - - D += (E << 5 | E >>> 27) + h(A, B, C) + X[idx++] + Y2; - A = A << 30 | A >>> 2; - - C += (D << 5 | D >>> 27) + h(E, A, B) + X[idx++] + Y2; - E = E << 30 | E >>> 2; - - B += (C << 5 | C >>> 27) + h(D, E, A) + X[idx++] + Y2; - D = D << 30 | D >>> 2; - - A += (B << 5 | B >>> 27) + h(C, D, E) + X[idx++] + Y2; - C = C << 30 | C >>> 2; - } - - // - // round 3 - // - for (int j = 0; j < 4; j++) - { - // E = rotateLeft(A, 5) + g(B, C, D) + E + X[idx++] + Y3 - // B = rotateLeft(B, 30) - E += (A << 5 | A >>> 27) + g(B, C, D) + X[idx++] + Y3; - B = B << 30 | B >>> 2; - - D += (E << 5 | E >>> 27) + g(A, B, C) + X[idx++] + Y3; - A = A << 30 | A >>> 2; - - C += (D << 5 | D >>> 27) + g(E, A, B) + X[idx++] + Y3; - E = E << 30 | E >>> 2; - - B += (C << 5 | C >>> 27) + g(D, E, A) + X[idx++] + Y3; - D = D << 30 | D >>> 2; - - A += (B << 5 | B >>> 27) + g(C, D, E) + X[idx++] + Y3; - C = C << 30 | C >>> 2; - } - - // - // round 4 - // - for (int j = 0; j <= 3; j++) - { - // E = rotateLeft(A, 5) + h(B, C, D) + E + X[idx++] + Y4 - // B = rotateLeft(B, 30) - E += (A << 5 | A >>> 27) + h(B, C, D) + X[idx++] + Y4; - B = B << 30 | B >>> 2; - - D += (E << 5 | E >>> 27) + h(A, B, C) + X[idx++] + Y4; - A = A << 30 | A >>> 2; - - C += (D << 5 | D >>> 27) + h(E, A, B) + X[idx++] + Y4; - E = E << 30 | E >>> 2; - - B += (C << 5 | C >>> 27) + h(D, E, A) + X[idx++] + Y4; - D = D << 30 | D >>> 2; - - A += (B << 5 | B >>> 27) + h(C, D, E) + X[idx++] + Y4; - C = C << 30 | C >>> 2; - } - - - H1 += A; - H2 += B; - H3 += C; - H4 += D; - H5 += E; - - // - // reset start of the buffer. - // - xOff = 0; - for (int i = 0; i < 16; i++) - { - X[i] = 0; - } - } - - public Memoable copy() - { - return new SHA1Digest(this); - } - - public void reset(Memoable other) - { - SHA1Digest d = (SHA1Digest)other; - - super.copyIn(d); - copyIn(d); - } - - public byte[] getEncodedState() - { - byte[] state = new byte[40 + xOff * 4]; - - super.populateState(state); - - Pack.intToBigEndian(H1, state, 16); - Pack.intToBigEndian(H2, state, 20); - Pack.intToBigEndian(H3, state, 24); - Pack.intToBigEndian(H4, state, 28); - Pack.intToBigEndian(H5, state, 32); - Pack.intToBigEndian(xOff, state, 36); - - for (int i = 0; i != xOff; i++) - { - Pack.intToBigEndian(X[i], state, 40 + (i * 4)); - } - - return state; - } -} - - - - diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/SHA224Digest.java b/core/src/main/java/org/bouncycastle/crypto/digests/SHA224Digest.java deleted file mode 100644 index 4f2b2842..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/digests/SHA224Digest.java +++ /dev/null @@ -1,356 +0,0 @@ -package org.bouncycastle.crypto.digests; - - -import org.bouncycastle.util.Memoable; -import org.bouncycastle.util.Pack; - - -/** - * SHA-224 as described in RFC 3874 - * <pre> - * block word digest - * SHA-1 512 32 160 - * SHA-224 512 32 224 - * SHA-256 512 32 256 - * SHA-384 1024 64 384 - * SHA-512 1024 64 512 - * </pre> - */ -public class SHA224Digest - extends GeneralDigest - implements EncodableDigest -{ - private static final int DIGEST_LENGTH = 28; - - private int H1, H2, H3, H4, H5, H6, H7, H8; - - private int[] X = new int[64]; - private int xOff; - - /** - * Standard constructor - */ - public SHA224Digest() - { - reset(); - } - - /** - * Copy constructor. This will copy the state of the provided - * message digest. - */ - public SHA224Digest(SHA224Digest t) - { - super(t); - - doCopy(t); - } - - private void doCopy(SHA224Digest t) - { - super.copyIn(t); - - H1 = t.H1; - H2 = t.H2; - H3 = t.H3; - H4 = t.H4; - H5 = t.H5; - H6 = t.H6; - H7 = t.H7; - H8 = t.H8; - - System.arraycopy(t.X, 0, X, 0, t.X.length); - xOff = t.xOff; - } - - public SHA224Digest(byte[] encodedState) - { - super(encodedState); - - H1 = Pack.bigEndianToInt(encodedState, 16); - H2 = Pack.bigEndianToInt(encodedState, 20); - H3 = Pack.bigEndianToInt(encodedState, 24); - H4 = Pack.bigEndianToInt(encodedState, 28); - H5 = Pack.bigEndianToInt(encodedState, 32); - H6 = Pack.bigEndianToInt(encodedState, 36); - H7 = Pack.bigEndianToInt(encodedState, 40); - H8 = Pack.bigEndianToInt(encodedState, 44); - - xOff = Pack.bigEndianToInt(encodedState, 48); - for (int i = 0; i != xOff; i++) - { - X[i] = Pack.bigEndianToInt(encodedState, 52 + (i * 4)); - } - } - - public String getAlgorithmName() - { - return "SHA-224"; - } - - public int getDigestSize() - { - return DIGEST_LENGTH; - } - - protected void processWord( - byte[] in, - int inOff) - { - // Note: Inlined for performance -// X[xOff] = Pack.bigEndianToInt(in, inOff); - int n = in[ inOff] << 24; - n |= (in[++inOff] & 0xff) << 16; - n |= (in[++inOff] & 0xff) << 8; - n |= (in[++inOff] & 0xff); - X[xOff] = n; - - if (++xOff == 16) - { - processBlock(); - } - } - - protected void processLength( - long bitLength) - { - if (xOff > 14) - { - processBlock(); - } - - X[14] = (int)(bitLength >>> 32); - X[15] = (int)(bitLength & 0xffffffff); - } - - public int doFinal( - byte[] out, - int outOff) - { - finish(); - - Pack.intToBigEndian(H1, out, outOff); - Pack.intToBigEndian(H2, out, outOff + 4); - Pack.intToBigEndian(H3, out, outOff + 8); - Pack.intToBigEndian(H4, out, outOff + 12); - Pack.intToBigEndian(H5, out, outOff + 16); - Pack.intToBigEndian(H6, out, outOff + 20); - Pack.intToBigEndian(H7, out, outOff + 24); - - reset(); - - return DIGEST_LENGTH; - } - - /** - * reset the chaining variables - */ - public void reset() - { - super.reset(); - - /* SHA-224 initial hash value - */ - - H1 = 0xc1059ed8; - H2 = 0x367cd507; - H3 = 0x3070dd17; - H4 = 0xf70e5939; - H5 = 0xffc00b31; - H6 = 0x68581511; - H7 = 0x64f98fa7; - H8 = 0xbefa4fa4; - - xOff = 0; - for (int i = 0; i != X.length; i++) - { - X[i] = 0; - } - } - - protected void processBlock() - { - // - // expand 16 word block into 64 word blocks. - // - for (int t = 16; t <= 63; t++) - { - X[t] = Theta1(X[t - 2]) + X[t - 7] + Theta0(X[t - 15]) + X[t - 16]; - } - - // - // set up working variables. - // - int a = H1; - int b = H2; - int c = H3; - int d = H4; - int e = H5; - int f = H6; - int g = H7; - int h = H8; - - - int t = 0; - for(int i = 0; i < 8; i ++) - { - // t = 8 * i - h += Sum1(e) + Ch(e, f, g) + K[t] + X[t]; - d += h; - h += Sum0(a) + Maj(a, b, c); - ++t; - - // t = 8 * i + 1 - g += Sum1(d) + Ch(d, e, f) + K[t] + X[t]; - c += g; - g += Sum0(h) + Maj(h, a, b); - ++t; - - // t = 8 * i + 2 - f += Sum1(c) + Ch(c, d, e) + K[t] + X[t]; - b += f; - f += Sum0(g) + Maj(g, h, a); - ++t; - - // t = 8 * i + 3 - e += Sum1(b) + Ch(b, c, d) + K[t] + X[t]; - a += e; - e += Sum0(f) + Maj(f, g, h); - ++t; - - // t = 8 * i + 4 - d += Sum1(a) + Ch(a, b, c) + K[t] + X[t]; - h += d; - d += Sum0(e) + Maj(e, f, g); - ++t; - - // t = 8 * i + 5 - c += Sum1(h) + Ch(h, a, b) + K[t] + X[t]; - g += c; - c += Sum0(d) + Maj(d, e, f); - ++t; - - // t = 8 * i + 6 - b += Sum1(g) + Ch(g, h, a) + K[t] + X[t]; - f += b; - b += Sum0(c) + Maj(c, d, e); - ++t; - - // t = 8 * i + 7 - a += Sum1(f) + Ch(f, g, h) + K[t] + X[t]; - e += a; - a += Sum0(b) + Maj(b, c, d); - ++t; - } - - H1 += a; - H2 += b; - H3 += c; - H4 += d; - H5 += e; - H6 += f; - H7 += g; - H8 += h; - - // - // reset the offset and clean out the word buffer. - // - xOff = 0; - for (int i = 0; i < 16; i++) - { - X[i] = 0; - } - } - - /* SHA-224 functions */ - private int Ch( - int x, - int y, - int z) - { - return ((x & y) ^ ((~x) & z)); - } - - private int Maj( - int x, - int y, - int z) - { - return ((x & y) ^ (x & z) ^ (y & z)); - } - - private int Sum0( - int x) - { - return ((x >>> 2) | (x << 30)) ^ ((x >>> 13) | (x << 19)) ^ ((x >>> 22) | (x << 10)); - } - - private int Sum1( - int x) - { - return ((x >>> 6) | (x << 26)) ^ ((x >>> 11) | (x << 21)) ^ ((x >>> 25) | (x << 7)); - } - - private int Theta0( - int x) - { - return ((x >>> 7) | (x << 25)) ^ ((x >>> 18) | (x << 14)) ^ (x >>> 3); - } - - private int Theta1( - int x) - { - return ((x >>> 17) | (x << 15)) ^ ((x >>> 19) | (x << 13)) ^ (x >>> 10); - } - - /* SHA-224 Constants - * (represent the first 32 bits of the fractional parts of the - * cube roots of the first sixty-four prime numbers) - */ - static final int K[] = { - 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, - 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, - 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, - 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, - 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, - 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, - 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 - }; - - public Memoable copy() - { - return new SHA224Digest(this); - } - - public void reset(Memoable other) - { - SHA224Digest d = (SHA224Digest)other; - - doCopy(d); - } - - public byte[] getEncodedState() - { - byte[] state = new byte[52 + xOff * 4]; - - super.populateState(state); - - Pack.intToBigEndian(H1, state, 16); - Pack.intToBigEndian(H2, state, 20); - Pack.intToBigEndian(H3, state, 24); - Pack.intToBigEndian(H4, state, 28); - Pack.intToBigEndian(H5, state, 32); - Pack.intToBigEndian(H6, state, 36); - Pack.intToBigEndian(H7, state, 40); - Pack.intToBigEndian(H8, state, 44); - Pack.intToBigEndian(xOff, state, 48); - - for (int i = 0; i != xOff; i++) - { - Pack.intToBigEndian(X[i], state, 52 + (i * 4)); - } - - return state; - } -} - diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/SHA256Digest.java b/core/src/main/java/org/bouncycastle/crypto/digests/SHA256Digest.java deleted file mode 100644 index 600d2343..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/digests/SHA256Digest.java +++ /dev/null @@ -1,360 +0,0 @@ -package org.bouncycastle.crypto.digests; - - -import org.bouncycastle.util.Memoable; -import org.bouncycastle.util.Pack; - - -/** - * FIPS 180-2 implementation of SHA-256. - * - * <pre> - * block word digest - * SHA-1 512 32 160 - * SHA-256 512 32 256 - * SHA-384 1024 64 384 - * SHA-512 1024 64 512 - * </pre> - */ -public class SHA256Digest - extends GeneralDigest - implements EncodableDigest -{ - private static final int DIGEST_LENGTH = 32; - - private int H1, H2, H3, H4, H5, H6, H7, H8; - - private int[] X = new int[64]; - private int xOff; - - /** - * Standard constructor - */ - public SHA256Digest() - { - reset(); - } - - /** - * Copy constructor. This will copy the state of the provided - * message digest. - */ - public SHA256Digest(SHA256Digest t) - { - super(t); - - copyIn(t); - } - - private void copyIn(SHA256Digest t) - { - super.copyIn(t); - - H1 = t.H1; - H2 = t.H2; - H3 = t.H3; - H4 = t.H4; - H5 = t.H5; - H6 = t.H6; - H7 = t.H7; - H8 = t.H8; - - System.arraycopy(t.X, 0, X, 0, t.X.length); - xOff = t.xOff; - } - - public SHA256Digest(byte[] encodedState) - { - super(encodedState); - - H1 = Pack.bigEndianToInt(encodedState, 16); - H2 = Pack.bigEndianToInt(encodedState, 20); - H3 = Pack.bigEndianToInt(encodedState, 24); - H4 = Pack.bigEndianToInt(encodedState, 28); - H5 = Pack.bigEndianToInt(encodedState, 32); - H6 = Pack.bigEndianToInt(encodedState, 36); - H7 = Pack.bigEndianToInt(encodedState, 40); - H8 = Pack.bigEndianToInt(encodedState, 44); - - xOff = Pack.bigEndianToInt(encodedState, 48); - for (int i = 0; i != xOff; i++) - { - X[i] = Pack.bigEndianToInt(encodedState, 52 + (i * 4)); - } - } - - - public String getAlgorithmName() - { - return "SHA-256"; - } - - public int getDigestSize() - { - return DIGEST_LENGTH; - } - - protected void processWord( - byte[] in, - int inOff) - { - // Note: Inlined for performance -// X[xOff] = Pack.bigEndianToInt(in, inOff); - int n = in[inOff] << 24; - n |= (in[++inOff] & 0xff) << 16; - n |= (in[++inOff] & 0xff) << 8; - n |= (in[++inOff] & 0xff); - X[xOff] = n; - - if (++xOff == 16) - { - processBlock(); - } - } - - protected void processLength( - long bitLength) - { - if (xOff > 14) - { - processBlock(); - } - - X[14] = (int)(bitLength >>> 32); - X[15] = (int)(bitLength & 0xffffffff); - } - - public int doFinal( - byte[] out, - int outOff) - { - finish(); - - Pack.intToBigEndian(H1, out, outOff); - Pack.intToBigEndian(H2, out, outOff + 4); - Pack.intToBigEndian(H3, out, outOff + 8); - Pack.intToBigEndian(H4, out, outOff + 12); - Pack.intToBigEndian(H5, out, outOff + 16); - Pack.intToBigEndian(H6, out, outOff + 20); - Pack.intToBigEndian(H7, out, outOff + 24); - Pack.intToBigEndian(H8, out, outOff + 28); - - reset(); - - return DIGEST_LENGTH; - } - - /** - * reset the chaining variables - */ - public void reset() - { - super.reset(); - - /* SHA-256 initial hash value - * The first 32 bits of the fractional parts of the square roots - * of the first eight prime numbers - */ - - H1 = 0x6a09e667; - H2 = 0xbb67ae85; - H3 = 0x3c6ef372; - H4 = 0xa54ff53a; - H5 = 0x510e527f; - H6 = 0x9b05688c; - H7 = 0x1f83d9ab; - H8 = 0x5be0cd19; - - xOff = 0; - for (int i = 0; i != X.length; i++) - { - X[i] = 0; - } - } - - protected void processBlock() - { - // - // expand 16 word block into 64 word blocks. - // - for (int t = 16; t <= 63; t++) - { - X[t] = Theta1(X[t - 2]) + X[t - 7] + Theta0(X[t - 15]) + X[t - 16]; - } - - // - // set up working variables. - // - int a = H1; - int b = H2; - int c = H3; - int d = H4; - int e = H5; - int f = H6; - int g = H7; - int h = H8; - - int t = 0; - for(int i = 0; i < 8; i ++) - { - // t = 8 * i - h += Sum1(e) + Ch(e, f, g) + K[t] + X[t]; - d += h; - h += Sum0(a) + Maj(a, b, c); - ++t; - - // t = 8 * i + 1 - g += Sum1(d) + Ch(d, e, f) + K[t] + X[t]; - c += g; - g += Sum0(h) + Maj(h, a, b); - ++t; - - // t = 8 * i + 2 - f += Sum1(c) + Ch(c, d, e) + K[t] + X[t]; - b += f; - f += Sum0(g) + Maj(g, h, a); - ++t; - - // t = 8 * i + 3 - e += Sum1(b) + Ch(b, c, d) + K[t] + X[t]; - a += e; - e += Sum0(f) + Maj(f, g, h); - ++t; - - // t = 8 * i + 4 - d += Sum1(a) + Ch(a, b, c) + K[t] + X[t]; - h += d; - d += Sum0(e) + Maj(e, f, g); - ++t; - - // t = 8 * i + 5 - c += Sum1(h) + Ch(h, a, b) + K[t] + X[t]; - g += c; - c += Sum0(d) + Maj(d, e, f); - ++t; - - // t = 8 * i + 6 - b += Sum1(g) + Ch(g, h, a) + K[t] + X[t]; - f += b; - b += Sum0(c) + Maj(c, d, e); - ++t; - - // t = 8 * i + 7 - a += Sum1(f) + Ch(f, g, h) + K[t] + X[t]; - e += a; - a += Sum0(b) + Maj(b, c, d); - ++t; - } - - H1 += a; - H2 += b; - H3 += c; - H4 += d; - H5 += e; - H6 += f; - H7 += g; - H8 += h; - - // - // reset the offset and clean out the word buffer. - // - xOff = 0; - for (int i = 0; i < 16; i++) - { - X[i] = 0; - } - } - - /* SHA-256 functions */ - private int Ch( - int x, - int y, - int z) - { - return (x & y) ^ ((~x) & z); - } - - private int Maj( - int x, - int y, - int z) - { - return (x & y) ^ (x & z) ^ (y & z); - } - - private int Sum0( - int x) - { - return ((x >>> 2) | (x << 30)) ^ ((x >>> 13) | (x << 19)) ^ ((x >>> 22) | (x << 10)); - } - - private int Sum1( - int x) - { - return ((x >>> 6) | (x << 26)) ^ ((x >>> 11) | (x << 21)) ^ ((x >>> 25) | (x << 7)); - } - - private int Theta0( - int x) - { - return ((x >>> 7) | (x << 25)) ^ ((x >>> 18) | (x << 14)) ^ (x >>> 3); - } - - private int Theta1( - int x) - { - return ((x >>> 17) | (x << 15)) ^ ((x >>> 19) | (x << 13)) ^ (x >>> 10); - } - - /* SHA-256 Constants - * (represent the first 32 bits of the fractional parts of the - * cube roots of the first sixty-four prime numbers) - */ - static final int K[] = { - 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, - 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, - 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, - 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, - 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, - 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, - 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, - 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 - }; - - public Memoable copy() - { - return new SHA256Digest(this); - } - - public void reset(Memoable other) - { - SHA256Digest d = (SHA256Digest)other; - - copyIn(d); - } - - public byte[] getEncodedState() - { - byte[] state = new byte[52 + xOff * 4]; - - super.populateState(state); - - Pack.intToBigEndian(H1, state, 16); - Pack.intToBigEndian(H2, state, 20); - Pack.intToBigEndian(H3, state, 24); - Pack.intToBigEndian(H4, state, 28); - Pack.intToBigEndian(H5, state, 32); - Pack.intToBigEndian(H6, state, 36); - Pack.intToBigEndian(H7, state, 40); - Pack.intToBigEndian(H8, state, 44); - Pack.intToBigEndian(xOff, state, 48); - - for (int i = 0; i != xOff; i++) - { - Pack.intToBigEndian(X[i], state, 52 + (i * 4)); - } - - return state; - } -} - diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/SHA384Digest.java b/core/src/main/java/org/bouncycastle/crypto/digests/SHA384Digest.java deleted file mode 100644 index fc9fa1e7..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/digests/SHA384Digest.java +++ /dev/null @@ -1,111 +0,0 @@ -package org.bouncycastle.crypto.digests; - -import org.bouncycastle.util.Memoable; -import org.bouncycastle.util.Pack; - - -/** - * FIPS 180-2 implementation of SHA-384. - * - * <pre> - * block word digest - * SHA-1 512 32 160 - * SHA-256 512 32 256 - * SHA-384 1024 64 384 - * SHA-512 1024 64 512 - * </pre> - */ -public class SHA384Digest - extends LongDigest -{ - private static final int DIGEST_LENGTH = 48; - - /** - * Standard constructor - */ - public SHA384Digest() - { - } - - /** - * Copy constructor. This will copy the state of the provided - * message digest. - */ - public SHA384Digest(SHA384Digest t) - { - super(t); - } - - public SHA384Digest(byte[] encodedState) - { - restoreState(encodedState); - } - - public String getAlgorithmName() - { - return "SHA-384"; - } - - public int getDigestSize() - { - return DIGEST_LENGTH; - } - - public int doFinal( - byte[] out, - int outOff) - { - finish(); - - Pack.longToBigEndian(H1, out, outOff); - Pack.longToBigEndian(H2, out, outOff + 8); - Pack.longToBigEndian(H3, out, outOff + 16); - Pack.longToBigEndian(H4, out, outOff + 24); - Pack.longToBigEndian(H5, out, outOff + 32); - Pack.longToBigEndian(H6, out, outOff + 40); - - reset(); - - return DIGEST_LENGTH; - } - - /** - * reset the chaining variables - */ - public void reset() - { - super.reset(); - - /* SHA-384 initial hash value - * The first 64 bits of the fractional parts of the square roots - * of the 9th through 16th prime numbers - */ - H1 = 0xcbbb9d5dc1059ed8l; - H2 = 0x629a292a367cd507l; - H3 = 0x9159015a3070dd17l; - H4 = 0x152fecd8f70e5939l; - H5 = 0x67332667ffc00b31l; - H6 = 0x8eb44a8768581511l; - H7 = 0xdb0c2e0d64f98fa7l; - H8 = 0x47b5481dbefa4fa4l; - } - - public Memoable copy() - { - return new SHA384Digest(this); - } - - public void reset(Memoable other) - { - SHA384Digest d = (SHA384Digest)other; - - super.copyIn(d); - } - - public byte[] getEncodedState() - { - byte[] encoded = new byte[getEncodedStateSize()]; - super.populateState(encoded); - return encoded; - } -} diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/SHA3Digest.java b/core/src/main/java/org/bouncycastle/crypto/digests/SHA3Digest.java deleted file mode 100644 index e13dc614..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/digests/SHA3Digest.java +++ /dev/null @@ -1,547 +0,0 @@ -package org.bouncycastle.crypto.digests; - -import org.bouncycastle.crypto.ExtendedDigest; -import org.bouncycastle.util.Arrays; - -/** - * implementation of SHA-3 based on following KeccakNISTInterface.c from http://keccak.noekeon.org/ - * <p> - * Following the naming conventions used in the C source code to enable easy review of the implementation. - */ -public class SHA3Digest - implements ExtendedDigest -{ - private static long[] KeccakRoundConstants = keccakInitializeRoundConstants(); - - private static int[] KeccakRhoOffsets = keccakInitializeRhoOffsets(); - - private static long[] keccakInitializeRoundConstants() - { - long[] keccakRoundConstants = new long[24]; - byte[] LFSRstate = new byte[1]; - - LFSRstate[0] = 0x01; - int i, j, bitPosition; - - for (i = 0; i < 24; i++) - { - keccakRoundConstants[i] = 0; - for (j = 0; j < 7; j++) - { - bitPosition = (1 << j) - 1; - if (LFSR86540(LFSRstate)) - { - keccakRoundConstants[i] ^= 1L << bitPosition; - } - } - } - - return keccakRoundConstants; - } - - private static boolean LFSR86540(byte[] LFSR) - { - boolean result = (((LFSR[0]) & 0x01) != 0); - if (((LFSR[0]) & 0x80) != 0) - { - LFSR[0] = (byte)(((LFSR[0]) << 1) ^ 0x71); - } - else - { - LFSR[0] <<= 1; - } - - return result; - } - - private static int[] keccakInitializeRhoOffsets() - { - int[] keccakRhoOffsets = new int[25]; - int x, y, t, newX, newY; - - keccakRhoOffsets[(((0) % 5) + 5 * ((0) % 5))] = 0; - x = 1; - y = 0; - for (t = 0; t < 24; t++) - { - keccakRhoOffsets[(((x) % 5) + 5 * ((y) % 5))] = ((t + 1) * (t + 2) / 2) % 64; - newX = (0 * x + 1 * y) % 5; - newY = (2 * x + 3 * y) % 5; - x = newX; - y = newY; - } - - return keccakRhoOffsets; - } - - private byte[] state = new byte[(1600 / 8)]; - private byte[] dataQueue = new byte[(1536 / 8)]; - private int rate; - private int bitsInQueue; - private int fixedOutputLength; - private boolean squeezing; - private int bitsAvailableForSqueezing; - private byte[] chunk; - private byte[] oneByte; - - private void clearDataQueueSection(int off, int len) - { - for (int i = off; i != off + len; i++) - { - dataQueue[i] = 0; - } - } - - public SHA3Digest() - { - init(0); - } - - public SHA3Digest(int bitLength) - { - init(bitLength); - } - - public SHA3Digest(SHA3Digest source) { - System.arraycopy(source.state, 0, this.state, 0, source.state.length); - System.arraycopy(source.dataQueue, 0, this.dataQueue, 0, source.dataQueue.length); - this.rate = source.rate; - this.bitsInQueue = source.bitsInQueue; - this.fixedOutputLength = source.fixedOutputLength; - this.squeezing = source.squeezing; - this.bitsAvailableForSqueezing = source.bitsAvailableForSqueezing; - this.chunk = Arrays.clone(source.chunk); - this.oneByte = Arrays.clone(source.oneByte); - } - - public String getAlgorithmName() - { - return "SHA3-" + fixedOutputLength; - } - - public int getDigestSize() - { - return fixedOutputLength / 8; - } - - public void update(byte in) - { - oneByte[0] = in; - - doUpdate(oneByte, 0, 8L); - } - - public void update(byte[] in, int inOff, int len) - { - doUpdate(in, inOff, len * 8L); - } - - public int doFinal(byte[] out, int outOff) - { - squeeze(out, outOff, fixedOutputLength); - - reset(); - - return getDigestSize(); - } - - public void reset() - { - init(fixedOutputLength); - } - - /** - * Return the size of block that the compression function is applied to in bytes. - * - * @return internal byte length of a block. - */ - public int getByteLength() - { - return rate / 8; - } - - private void init(int bitLength) - { - switch (bitLength) - { - case 0: - case 288: - initSponge(1024, 576); - break; - case 224: - initSponge(1152, 448); - break; - case 256: - initSponge(1088, 512); - break; - case 384: - initSponge(832, 768); - break; - case 512: - initSponge(576, 1024); - break; - default: - throw new IllegalArgumentException("bitLength must be one of 224, 256, 384, or 512."); - } - } - - private void doUpdate(byte[] data, int off, long databitlen) - { - if ((databitlen % 8) == 0) - { - absorb(data, off, databitlen); - } - else - { - absorb(data, off, databitlen - (databitlen % 8)); - - byte[] lastByte = new byte[1]; - - lastByte[0] = (byte)(data[off + (int)(databitlen / 8)] >> (8 - (databitlen % 8))); - absorb(lastByte, off, databitlen % 8); - } - } - - private void initSponge(int rate, int capacity) - { - if (rate + capacity != 1600) - { - throw new IllegalStateException("rate + capacity != 1600"); - } - if ((rate <= 0) || (rate >= 1600) || ((rate % 64) != 0)) - { - throw new IllegalStateException("invalid rate value"); - } - - this.rate = rate; - // this is never read, need to check to see why we want to save it - // this.capacity = capacity; - this.fixedOutputLength = 0; - Arrays.fill(this.state, (byte)0); - Arrays.fill(this.dataQueue, (byte)0); - this.bitsInQueue = 0; - this.squeezing = false; - this.bitsAvailableForSqueezing = 0; - this.fixedOutputLength = capacity / 2; - this.chunk = new byte[rate / 8]; - this.oneByte = new byte[1]; - } - - private void absorbQueue() - { - KeccakAbsorb(state, dataQueue, rate / 8); - - bitsInQueue = 0; - } - - private void absorb(byte[] data, int off, long databitlen) - { - long i, j, wholeBlocks; - - if ((bitsInQueue % 8) != 0) - { - throw new IllegalStateException("attempt to absorb with odd length queue."); - } - if (squeezing) - { - throw new IllegalStateException("attempt to absorb while squeezing."); - } - - i = 0; - while (i < databitlen) - { - if ((bitsInQueue == 0) && (databitlen >= rate) && (i <= (databitlen - rate))) - { - wholeBlocks = (databitlen - i) / rate; - - for (j = 0; j < wholeBlocks; j++) - { - System.arraycopy(data, (int)(off + (i / 8) + (j * chunk.length)), chunk, 0, chunk.length); - -// displayIntermediateValues.displayBytes(1, "Block to be absorbed", curData, rate / 8); - - KeccakAbsorb(state, chunk, chunk.length); - } - - i += wholeBlocks * rate; - } - else - { - int partialBlock = (int)(databitlen - i); - if (partialBlock + bitsInQueue > rate) - { - partialBlock = rate - bitsInQueue; - } - int partialByte = partialBlock % 8; - partialBlock -= partialByte; - System.arraycopy(data, off + (int)(i / 8), dataQueue, bitsInQueue / 8, partialBlock / 8); - - bitsInQueue += partialBlock; - i += partialBlock; - if (bitsInQueue == rate) - { - absorbQueue(); - } - if (partialByte > 0) - { - int mask = (1 << partialByte) - 1; - dataQueue[bitsInQueue / 8] = (byte)(data[off + ((int)(i / 8))] & mask); - bitsInQueue += partialByte; - i += partialByte; - } - } - } - } - - private void padAndSwitchToSqueezingPhase() - { - if (bitsInQueue + 1 == rate) - { - dataQueue[bitsInQueue / 8] |= 1 << (bitsInQueue % 8); - absorbQueue(); - clearDataQueueSection(0, rate / 8); - } - else - { - clearDataQueueSection((bitsInQueue + 7) / 8, rate / 8 - (bitsInQueue + 7) / 8); - dataQueue[bitsInQueue / 8] |= 1 << (bitsInQueue % 8); - } - dataQueue[(rate - 1) / 8] |= 1 << ((rate - 1) % 8); - absorbQueue(); - - -// displayIntermediateValues.displayText(1, "--- Switching to squeezing phase ---"); - - - if (rate == 1024) - { - KeccakExtract1024bits(state, dataQueue); - bitsAvailableForSqueezing = 1024; - } - else - - { - KeccakExtract(state, dataQueue, rate / 64); - bitsAvailableForSqueezing = rate; - } - -// displayIntermediateValues.displayBytes(1, "Block available for squeezing", dataQueue, bitsAvailableForSqueezing / 8); - - squeezing = true; - } - - private void squeeze(byte[] output, int offset, long outputLength) - { - long i; - int partialBlock; - - if (!squeezing) - { - padAndSwitchToSqueezingPhase(); - } - if ((outputLength % 8) != 0) - { - throw new IllegalStateException("outputLength not a multiple of 8"); - } - - i = 0; - while (i < outputLength) - { - if (bitsAvailableForSqueezing == 0) - { - keccakPermutation(state); - - if (rate == 1024) - { - KeccakExtract1024bits(state, dataQueue); - bitsAvailableForSqueezing = 1024; - } - else - - { - KeccakExtract(state, dataQueue, rate / 64); - bitsAvailableForSqueezing = rate; - } - -// displayIntermediateValues.displayBytes(1, "Block available for squeezing", dataQueue, bitsAvailableForSqueezing / 8); - - } - partialBlock = bitsAvailableForSqueezing; - if ((long)partialBlock > outputLength - i) - { - partialBlock = (int)(outputLength - i); - } - - System.arraycopy(dataQueue, (rate - bitsAvailableForSqueezing) / 8, output, offset + (int)(i / 8), partialBlock / 8); - bitsAvailableForSqueezing -= partialBlock; - i += partialBlock; - } - } - - private void fromBytesToWords(long[] stateAsWords, byte[] state) - { - for (int i = 0; i < (1600 / 64); i++) - { - stateAsWords[i] = 0; - int index = i * (64 / 8); - for (int j = 0; j < (64 / 8); j++) - { - stateAsWords[i] |= ((long)state[index + j] & 0xff) << ((8 * j)); - } - } - } - - private void fromWordsToBytes(byte[] state, long[] stateAsWords) - { - for (int i = 0; i < (1600 / 64); i++) - { - int index = i * (64 / 8); - for (int j = 0; j < (64 / 8); j++) - { - state[index + j] = (byte)((stateAsWords[i] >>> ((8 * j))) & 0xFF); - } - } - } - - private void keccakPermutation(byte[] state) - { - long[] longState = new long[state.length / 8]; - - fromBytesToWords(longState, state); - -// displayIntermediateValues.displayStateAsBytes(1, "Input of permutation", longState); - - keccakPermutationOnWords(longState); - -// displayIntermediateValues.displayStateAsBytes(1, "State after permutation", longState); - - fromWordsToBytes(state, longState); - } - - private void keccakPermutationAfterXor(byte[] state, byte[] data, int dataLengthInBytes) - { - int i; - - for (i = 0; i < dataLengthInBytes; i++) - { - state[i] ^= data[i]; - } - - keccakPermutation(state); - } - - private void keccakPermutationOnWords(long[] state) - { - int i; - -// displayIntermediateValues.displayStateAs64bitWords(3, "Same, with lanes as 64-bit words", state); - - for (i = 0; i < 24; i++) - { -// displayIntermediateValues.displayRoundNumber(3, i); - - theta(state); -// displayIntermediateValues.displayStateAs64bitWords(3, "After theta", state); - - rho(state); -// displayIntermediateValues.displayStateAs64bitWords(3, "After rho", state); - - pi(state); -// displayIntermediateValues.displayStateAs64bitWords(3, "After pi", state); - - chi(state); -// displayIntermediateValues.displayStateAs64bitWords(3, "After chi", state); - - iota(state, i); -// displayIntermediateValues.displayStateAs64bitWords(3, "After iota", state); - } - } - - long[] C = new long[5]; - - private void theta(long[] A) - { - for (int x = 0; x < 5; x++) - { - C[x] = 0; - for (int y = 0; y < 5; y++) - { - C[x] ^= A[x + 5 * y]; - } - } - for (int x = 0; x < 5; x++) - { - long dX = ((((C[(x + 1) % 5]) << 1) ^ ((C[(x + 1) % 5]) >>> (64 - 1)))) ^ C[(x + 4) % 5]; - for (int y = 0; y < 5; y++) - { - A[x + 5 * y] ^= dX; - } - } - } - - private void rho(long[] A) - { - for (int x = 0; x < 5; x++) - { - for (int y = 0; y < 5; y++) - { - int index = x + 5 * y; - A[index] = ((KeccakRhoOffsets[index] != 0) ? (((A[index]) << KeccakRhoOffsets[index]) ^ ((A[index]) >>> (64 - KeccakRhoOffsets[index]))) : A[index]); - } - } - } - - long[] tempA = new long[25]; - - private void pi(long[] A) - { - System.arraycopy(A, 0, tempA, 0, tempA.length); - - for (int x = 0; x < 5; x++) - { - for (int y = 0; y < 5; y++) - { - A[y + 5 * ((2 * x + 3 * y) % 5)] = tempA[x + 5 * y]; - } - } - } - - long[] chiC = new long[5]; - - private void chi(long[] A) - { - for (int y = 0; y < 5; y++) - { - for (int x = 0; x < 5; x++) - { - chiC[x] = A[x + 5 * y] ^ ((~A[(((x + 1) % 5) + 5 * y)]) & A[(((x + 2) % 5) + 5 * y)]); - } - for (int x = 0; x < 5; x++) - { - A[x + 5 * y] = chiC[x]; - } - } - } - - private void iota(long[] A, int indexRound) - { - A[(((0) % 5) + 5 * ((0) % 5))] ^= KeccakRoundConstants[indexRound]; - } - - private void KeccakAbsorb(byte[] byteState, byte[] data, int dataInBytes) - { - keccakPermutationAfterXor(byteState, data, dataInBytes); - } - - - private void KeccakExtract1024bits(byte[] byteState, byte[] data) - { - System.arraycopy(byteState, 0, data, 0, 128); - } - - - private void KeccakExtract(byte[] byteState, byte[] data, int laneCount) - { - System.arraycopy(byteState, 0, data, 0, laneCount * 8); - } -} diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/SHA512Digest.java b/core/src/main/java/org/bouncycastle/crypto/digests/SHA512Digest.java deleted file mode 100644 index 644bafad..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/digests/SHA512Digest.java +++ /dev/null @@ -1,114 +0,0 @@ -package org.bouncycastle.crypto.digests; - -import org.bouncycastle.util.Memoable; -import org.bouncycastle.util.Pack; - - -/** - * FIPS 180-2 implementation of SHA-512. - * - * <pre> - * block word digest - * SHA-1 512 32 160 - * SHA-256 512 32 256 - * SHA-384 1024 64 384 - * SHA-512 1024 64 512 - * </pre> - */ -public class SHA512Digest - extends LongDigest -{ - private static final int DIGEST_LENGTH = 64; - - /** - * Standard constructor - */ - public SHA512Digest() - { - } - - /** - * Copy constructor. This will copy the state of the provided - * message digest. - */ - public SHA512Digest(SHA512Digest t) - { - super(t); - } - - public SHA512Digest(byte[] encodedState) - { - restoreState(encodedState); - } - - public String getAlgorithmName() - { - return "SHA-512"; - } - - public int getDigestSize() - { - return DIGEST_LENGTH; - } - - public int doFinal( - byte[] out, - int outOff) - { - finish(); - - Pack.longToBigEndian(H1, out, outOff); - Pack.longToBigEndian(H2, out, outOff + 8); - Pack.longToBigEndian(H3, out, outOff + 16); - Pack.longToBigEndian(H4, out, outOff + 24); - Pack.longToBigEndian(H5, out, outOff + 32); - Pack.longToBigEndian(H6, out, outOff + 40); - Pack.longToBigEndian(H7, out, outOff + 48); - Pack.longToBigEndian(H8, out, outOff + 56); - - reset(); - - return DIGEST_LENGTH; - } - - /** - * reset the chaining variables - */ - public void reset() - { - super.reset(); - - /* SHA-512 initial hash value - * The first 64 bits of the fractional parts of the square roots - * of the first eight prime numbers - */ - H1 = 0x6a09e667f3bcc908L; - H2 = 0xbb67ae8584caa73bL; - H3 = 0x3c6ef372fe94f82bL; - H4 = 0xa54ff53a5f1d36f1L; - H5 = 0x510e527fade682d1L; - H6 = 0x9b05688c2b3e6c1fL; - H7 = 0x1f83d9abfb41bd6bL; - H8 = 0x5be0cd19137e2179L; - } - - public Memoable copy() - { - return new SHA512Digest(this); - } - - public void reset(Memoable other) - { - SHA512Digest d = (SHA512Digest)other; - - copyIn(d); - } - - public byte[] getEncodedState() - { - byte[] encoded = new byte[getEncodedStateSize()]; - super.populateState(encoded); - return encoded; - } -} - diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/SHA512tDigest.java b/core/src/main/java/org/bouncycastle/crypto/digests/SHA512tDigest.java deleted file mode 100644 index d5848b17..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/digests/SHA512tDigest.java +++ /dev/null @@ -1,227 +0,0 @@ -package org.bouncycastle.crypto.digests; - -import org.bouncycastle.util.Memoable; -import org.bouncycastle.util.MemoableResetException; -import org.bouncycastle.util.Pack; - -/** - * FIPS 180-4 implementation of SHA-512/t - */ -public class SHA512tDigest - extends LongDigest -{ - private int digestLength; // non-final due to old flow analyser. - - private long H1t, H2t, H3t, H4t, H5t, H6t, H7t, H8t; - - /** - * Standard constructor - */ - public SHA512tDigest(int bitLength) - { - if (bitLength >= 512) - { - throw new IllegalArgumentException("bitLength cannot be >= 512"); - } - - if (bitLength % 8 != 0) - { - throw new IllegalArgumentException("bitLength needs to be a multiple of 8"); - } - - if (bitLength == 384) - { - throw new IllegalArgumentException("bitLength cannot be 384 use SHA384 instead"); - } - - this.digestLength = bitLength / 8; - - tIvGenerate(digestLength * 8); - - reset(); - } - - /** - * Copy constructor. This will copy the state of the provided - * message digest. - */ - public SHA512tDigest(SHA512tDigest t) - { - super(t); - - this.digestLength = t.digestLength; - - reset(t); - } - - public SHA512tDigest(byte[] encodedState) - { - this(readDigestLength(encodedState)); - restoreState(encodedState); - } - - private static int readDigestLength(byte[] encodedState) - { - return Pack.bigEndianToInt(encodedState, encodedState.length - 4); - } - - public String getAlgorithmName() - { - return "SHA-512/" + Integer.toString(digestLength * 8); - } - - public int getDigestSize() - { - return digestLength; - } - - public int doFinal( - byte[] out, - int outOff) - { - finish(); - - longToBigEndian(H1, out, outOff, digestLength); - longToBigEndian(H2, out, outOff + 8, digestLength - 8); - longToBigEndian(H3, out, outOff + 16, digestLength - 16); - longToBigEndian(H4, out, outOff + 24, digestLength - 24); - longToBigEndian(H5, out, outOff + 32, digestLength - 32); - longToBigEndian(H6, out, outOff + 40, digestLength - 40); - longToBigEndian(H7, out, outOff + 48, digestLength - 48); - longToBigEndian(H8, out, outOff + 56, digestLength - 56); - - reset(); - - return digestLength; - } - - /** - * reset the chaining variables - */ - public void reset() - { - super.reset(); - - /* - * initial hash values use the iv generation algorithm for t. - */ - H1 = H1t; - H2 = H2t; - H3 = H3t; - H4 = H4t; - H5 = H5t; - H6 = H6t; - H7 = H7t; - H8 = H8t; - } - - private void tIvGenerate(int bitLength) - { - H1 = 0x6a09e667f3bcc908L ^ 0xa5a5a5a5a5a5a5a5L; - H2 = 0xbb67ae8584caa73bL ^ 0xa5a5a5a5a5a5a5a5L; - H3 = 0x3c6ef372fe94f82bL ^ 0xa5a5a5a5a5a5a5a5L; - H4 = 0xa54ff53a5f1d36f1L ^ 0xa5a5a5a5a5a5a5a5L; - H5 = 0x510e527fade682d1L ^ 0xa5a5a5a5a5a5a5a5L; - H6 = 0x9b05688c2b3e6c1fL ^ 0xa5a5a5a5a5a5a5a5L; - H7 = 0x1f83d9abfb41bd6bL ^ 0xa5a5a5a5a5a5a5a5L; - H8 = 0x5be0cd19137e2179L ^ 0xa5a5a5a5a5a5a5a5L; - - update((byte)0x53); - update((byte)0x48); - update((byte)0x41); - update((byte)0x2D); - update((byte)0x35); - update((byte)0x31); - update((byte)0x32); - update((byte)0x2F); - - if (bitLength > 100) - { - update((byte)(bitLength / 100 + 0x30)); - bitLength = bitLength % 100; - update((byte)(bitLength / 10 + 0x30)); - bitLength = bitLength % 10; - update((byte)(bitLength + 0x30)); - } - else if (bitLength > 10) - { - update((byte)(bitLength / 10 + 0x30)); - bitLength = bitLength % 10; - update((byte)(bitLength + 0x30)); - } - else - { - update((byte)(bitLength + 0x30)); - } - - finish(); - - H1t = H1; - H2t = H2; - H3t = H3; - H4t = H4; - H5t = H5; - H6t = H6; - H7t = H7; - H8t = H8; - } - - private static void longToBigEndian(long n, byte[] bs, int off, int max) - { - if (max > 0) - { - intToBigEndian((int)(n >>> 32), bs, off, max); - - if (max > 4) - { - intToBigEndian((int)(n & 0xffffffffL), bs, off + 4, max - 4); - } - } - } - - private static void intToBigEndian(int n, byte[] bs, int off, int max) - { - int num = Math.min(4, max); - while (--num >= 0) - { - int shift = 8 * (3 - num); - bs[off + num] = (byte)(n >>> shift); - } - } - - public Memoable copy() - { - return new SHA512tDigest(this); - } - - public void reset(Memoable other) - { - SHA512tDigest t = (SHA512tDigest)other; - - if (this.digestLength != t.digestLength) - { - throw new MemoableResetException("digestLength inappropriate in other"); - } - - super.copyIn(t); - - this.H1t = t.H1t; - this.H2t = t.H2t; - this.H3t = t.H3t; - this.H4t = t.H4t; - this.H5t = t.H5t; - this.H6t = t.H6t; - this.H7t = t.H7t; - this.H8t = t.H8t; - } - - public byte[] getEncodedState() - { - final int baseSize = getEncodedStateSize(); - byte[] encoded = new byte[baseSize + 4]; - populateState(encoded); - Pack.intToBigEndian(digestLength * 8, encoded, baseSize); - return encoded; - } - -} diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/SM3Digest.java b/core/src/main/java/org/bouncycastle/crypto/digests/SM3Digest.java deleted file mode 100644 index 5e90add5..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/digests/SM3Digest.java +++ /dev/null @@ -1,333 +0,0 @@ -package org.bouncycastle.crypto.digests; - -import org.bouncycastle.util.Memoable; -import org.bouncycastle.util.Pack; - -/** - * Implementation of Chinese SM3 digest as described at - * http://tools.ietf.org/html/draft-shen-sm3-hash-00 - * and at .... ( Chinese PDF ) - * <p> - * The specification says "process a bit stream", - * but this is written to process bytes in blocks of 4, - * meaning this will process 32-bit word groups. - * But so do also most other digest specifications, - * including the SHA-256 which was a origin for - * this specification. - */ -public class SM3Digest - extends GeneralDigest -{ - private static final int DIGEST_LENGTH = 32; // bytes - private static final int BLOCK_SIZE = 64 / 4; // of 32 bit ints (16 ints) - - private int[] V = new int[DIGEST_LENGTH / 4]; // in 32 bit ints (8 ints) - private int[] inwords = new int[BLOCK_SIZE]; - private int xOff; - - // Work-bufs used within processBlock() - private int[] W = new int[68]; - private int[] W1 = new int[64]; - - // Round constant T for processBlock() which is 32 bit integer rolled left up to (63 MOD 32) bit positions. - private static final int[] T = new int[64]; - - static - { - for (int i = 0; i < 16; ++i) - { - int t = 0x79CC4519; - T[i] = (t << i) | (t >>> (32 - i)); - } - for (int i = 16; i < 64; ++i) - { - int n = i % 32; - int t = 0x7A879D8A; - T[i] = (t << n) | (t >>> (32 - n)); - } - } - - - /** - * Standard constructor - */ - public SM3Digest() - { - reset(); - } - - /** - * Copy constructor. This will copy the state of the provided - * message digest. - */ - public SM3Digest(SM3Digest t) - { - super(t); - - copyIn(t); - } - - private void copyIn(SM3Digest t) - { - System.arraycopy(t.V, 0, this.V, 0, this.V.length); - System.arraycopy(t.inwords, 0, this.inwords, 0, this.inwords.length); - xOff = t.xOff; - } - - public String getAlgorithmName() - { - return "SM3"; - } - - public int getDigestSize() - { - return DIGEST_LENGTH; - } - - - public Memoable copy() - { - return new SM3Digest(this); - } - - public void reset(Memoable other) - { - SM3Digest d = (SM3Digest)other; - - super.copyIn(d); - copyIn(d); - } - - - /** - * reset the chaining variables - */ - public void reset() - { - super.reset(); - - this.V[0] = 0x7380166F; - this.V[1] = 0x4914B2B9; - this.V[2] = 0x172442D7; - this.V[3] = 0xDA8A0600; - this.V[4] = 0xA96F30BC; - this.V[5] = 0x163138AA; - this.V[6] = 0xE38DEE4D; - this.V[7] = 0xB0FB0E4E; - - this.xOff = 0; - } - - - public int doFinal(byte[] out, - int outOff) - { - finish(); - - Pack.intToBigEndian(this.V[0], out, outOff + 0); - Pack.intToBigEndian(this.V[1], out, outOff + 4); - Pack.intToBigEndian(this.V[2], out, outOff + 8); - Pack.intToBigEndian(this.V[3], out, outOff + 12); - Pack.intToBigEndian(this.V[4], out, outOff + 16); - Pack.intToBigEndian(this.V[5], out, outOff + 20); - Pack.intToBigEndian(this.V[6], out, outOff + 24); - Pack.intToBigEndian(this.V[7], out, outOff + 28); - - reset(); - - return DIGEST_LENGTH; - } - - - protected void processWord(byte[] in, - int inOff) - { - // Note: Inlined for performance - // this.inwords[xOff] = Pack.bigEndianToInt(in, inOff); - int n = (((in[inOff] & 0xff) << 24) | - ((in[++inOff] & 0xff) << 16) | - ((in[++inOff] & 0xff) << 8) | - ((in[++inOff] & 0xff))); - - this.inwords[this.xOff] = n; - ++this.xOff; - - if (this.xOff >= 16) - { - processBlock(); - } - } - - protected void processLength(long bitLength) - { - if (this.xOff > (BLOCK_SIZE - 2)) - { - // xOff == 15 --> can't fit the 64 bit length field at tail.. - this.inwords[this.xOff] = 0; // fill with zero - ++this.xOff; - - processBlock(); - } - // Fill with zero words, until reach 2nd to last slot - while (this.xOff < (BLOCK_SIZE - 2)) - { - this.inwords[this.xOff] = 0; - ++this.xOff; - } - - // Store input data length in BITS - this.inwords[this.xOff++] = (int)(bitLength >>> 32); - this.inwords[this.xOff++] = (int)(bitLength); - } - -/* - -3.4.2. Constants - - - Tj = 79cc4519 when 0 < = j < = 15 - Tj = 7a879d8a when 16 < = j < = 63 - -3.4.3. Boolean function - - - FFj(X;Y;Z) = X XOR Y XOR Z when 0 < = j < = 15 - = (X AND Y) OR (X AND Z) OR (Y AND Z) when 16 < = j < = 63 - - GGj(X;Y;Z) = X XOR Y XOR Z when 0 < = j < = 15 - = (X AND Y) OR (NOT X AND Z) when 16 < = j < = 63 - - The X, Y, Z in the fomular are words!GBP - -3.4.4. Permutation function - - - P0(X) = X XOR (X <<< 9) XOR (X <<< 17) ## ROLL, not SHIFT - P1(X) = X XOR (X <<< 15) XOR (X <<< 23) ## ROLL, not SHIFT - - The X in the fomular are a word. - ----------- - -Each ROLL converted to Java expression: - -ROLL 9 : ((x << 9) | (x >>> (32-9)))) -ROLL 17 : ((x << 17) | (x >>> (32-17))) -ROLL 15 : ((x << 15) | (x >>> (32-15))) -ROLL 23 : ((x << 23) | (x >>> (32-23))) - - */ - - private int P0(final int x) - { - final int r9 = ((x << 9) | (x >>> (32 - 9))); - final int r17 = ((x << 17) | (x >>> (32 - 17))); - return (x ^ r9 ^ r17); - } - - private int P1(final int x) - { - final int r15 = ((x << 15) | (x >>> (32 - 15))); - final int r23 = ((x << 23) | (x >>> (32 - 23))); - return (x ^ r15 ^ r23); - } - - private int FF0(final int x, final int y, final int z) - { - return (x ^ y ^ z); - } - - private int FF1(final int x, final int y, final int z) - { - return ((x & y) | (x & z) | (y & z)); - } - - private int GG0(final int x, final int y, final int z) - { - return (x ^ y ^ z); - } - - private int GG1(final int x, final int y, final int z) - { - return ((x & y) | ((~x) & z)); - } - - - protected void processBlock() - { - for (int j = 0; j < 16; ++j) - { - this.W[j] = this.inwords[j]; - } - for (int j = 16; j < 68; ++j) - { - int wj3 = this.W[j - 3]; - int r15 = ((wj3 << 15) | (wj3 >>> (32 - 15))); - int wj13 = this.W[j - 13]; - int r7 = ((wj13 << 7) | (wj13 >>> (32 - 7))); - this.W[j] = P1(this.W[j - 16] ^ this.W[j - 9] ^ r15) ^ r7 ^ this.W[j - 6]; - } - for (int j = 0; j < 64; ++j) - { - this.W1[j] = this.W[j] ^ this.W[j + 4]; - } - - int A = this.V[0]; - int B = this.V[1]; - int C = this.V[2]; - int D = this.V[3]; - int E = this.V[4]; - int F = this.V[5]; - int G = this.V[6]; - int H = this.V[7]; - - - for (int j = 0; j < 16; ++j) - { - int a12 = ((A << 12) | (A >>> (32 - 12))); - int s1_ = a12 + E + T[j]; - int SS1 = ((s1_ << 7) | (s1_ >>> (32 - 7))); - int SS2 = SS1 ^ a12; - int TT1 = FF0(A, B, C) + D + SS2 + this.W1[j]; - int TT2 = GG0(E, F, G) + H + SS1 + this.W[j]; - D = C; - C = ((B << 9) | (B >>> (32 - 9))); - B = A; - A = TT1; - H = G; - G = ((F << 19) | (F >>> (32 - 19))); - F = E; - E = P0(TT2); - } - - // Different FF,GG functions on rounds 16..63 - for (int j = 16; j < 64; ++j) - { - int a12 = ((A << 12) | (A >>> (32 - 12))); - int s1_ = a12 + E + T[j]; - int SS1 = ((s1_ << 7) | (s1_ >>> (32 - 7))); - int SS2 = SS1 ^ a12; - int TT1 = FF1(A, B, C) + D + SS2 + this.W1[j]; - int TT2 = GG1(E, F, G) + H + SS1 + this.W[j]; - D = C; - C = ((B << 9) | (B >>> (32 - 9))); - B = A; - A = TT1; - H = G; - G = ((F << 19) | (F >>> (32 - 19))); - F = E; - E = P0(TT2); - } - - this.V[0] ^= A; - this.V[1] ^= B; - this.V[2] ^= C; - this.V[3] ^= D; - this.V[4] ^= E; - this.V[5] ^= F; - this.V[6] ^= G; - this.V[7] ^= H; - - this.xOff = 0; - } -} diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/ShortenedDigest.java b/core/src/main/java/org/bouncycastle/crypto/digests/ShortenedDigest.java deleted file mode 100644 index 89033e80..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/digests/ShortenedDigest.java +++ /dev/null @@ -1,80 +0,0 @@ -package org.bouncycastle.crypto.digests; - -import org.bouncycastle.crypto.ExtendedDigest; - -/** - * Wrapper class that reduces the output length of a particular digest to - * only the first n bytes of the digest function. - */ -public class ShortenedDigest - implements ExtendedDigest -{ - private ExtendedDigest baseDigest; - private int length; - - /** - * Base constructor. - * - * @param baseDigest underlying digest to use. - * @param length length in bytes of the output of doFinal. - * @exception IllegalArgumentException if baseDigest is null, or length is greater than baseDigest.getDigestSize(). - */ - public ShortenedDigest( - ExtendedDigest baseDigest, - int length) - { - if (baseDigest == null) - { - throw new IllegalArgumentException("baseDigest must not be null"); - } - - if (length > baseDigest.getDigestSize()) - { - throw new IllegalArgumentException("baseDigest output not large enough to support length"); - } - - this.baseDigest = baseDigest; - this.length = length; - } - - public String getAlgorithmName() - { - return baseDigest.getAlgorithmName() + "(" + length * 8 + ")"; - } - - public int getDigestSize() - { - return length; - } - - public void update(byte in) - { - baseDigest.update(in); - } - - public void update(byte[] in, int inOff, int len) - { - baseDigest.update(in, inOff, len); - } - - public int doFinal(byte[] out, int outOff) - { - byte[] tmp = new byte[baseDigest.getDigestSize()]; - - baseDigest.doFinal(tmp, 0); - - System.arraycopy(tmp, 0, out, outOff, length); - - return length; - } - - public void reset() - { - baseDigest.reset(); - } - - public int getByteLength() - { - return baseDigest.getByteLength(); - } -} diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/SkeinDigest.java b/core/src/main/java/org/bouncycastle/crypto/digests/SkeinDigest.java deleted file mode 100644 index ae1dbd62..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/digests/SkeinDigest.java +++ /dev/null @@ -1,115 +0,0 @@ -package org.bouncycastle.crypto.digests; - -import org.bouncycastle.crypto.ExtendedDigest; -import org.bouncycastle.crypto.engines.ThreefishEngine; -import org.bouncycastle.crypto.params.SkeinParameters; -import org.bouncycastle.util.Memoable; - -/** - * Implementation of the Skein parameterised hash function in 256, 512 and 1024 bit block sizes, - * based on the {@link ThreefishEngine Threefish} tweakable block cipher. - * <p> - * This is the 1.3 version of Skein defined in the Skein hash function submission to the NIST SHA-3 - * competition in October 2010. - * <p> - * Skein was designed by Niels Ferguson - Stefan Lucks - Bruce Schneier - Doug Whiting - Mihir - * Bellare - Tadayoshi Kohno - Jon Callas - Jesse Walker. - * - * @see SkeinEngine - * @see SkeinParameters - */ -public class SkeinDigest - implements ExtendedDigest, Memoable -{ - /** - * 256 bit block size - Skein-256 - */ - public static final int SKEIN_256 = SkeinEngine.SKEIN_256; - /** - * 512 bit block size - Skein-512 - */ - public static final int SKEIN_512 = SkeinEngine.SKEIN_512; - /** - * 1024 bit block size - Skein-1024 - */ - public static final int SKEIN_1024 = SkeinEngine.SKEIN_1024; - - private SkeinEngine engine; - - /** - * Constructs a Skein digest with an internal state size and output size. - * - * @param stateSizeBits the internal state size in bits - one of {@link #SKEIN_256}, {@link #SKEIN_512} or - * {@link #SKEIN_1024}. - * @param digestSizeBits the output/digest size to produce in bits, which must be an integral number of - * bytes. - */ - public SkeinDigest(int stateSizeBits, int digestSizeBits) - { - this.engine = new SkeinEngine(stateSizeBits, digestSizeBits); - init(null); - } - - public SkeinDigest(SkeinDigest digest) - { - this.engine = new SkeinEngine(digest.engine); - } - - public void reset(Memoable other) - { - SkeinDigest d = (SkeinDigest)other; - engine.reset(d.engine); - } - - public Memoable copy() - { - return new SkeinDigest(this); - } - - public String getAlgorithmName() - { - return "Skein-" + (engine.getBlockSize() * 8) + "-" + (engine.getOutputSize() * 8); - } - - public int getDigestSize() - { - return engine.getOutputSize(); - } - - public int getByteLength() - { - return engine.getBlockSize(); - } - - /** - * Optionally initialises the Skein digest with the provided parameters.<br> - * See {@link SkeinParameters} for details on the parameterisation of the Skein hash function. - * - * @param params the parameters to apply to this engine, or <code>null</code> to use no parameters. - */ - public void init(SkeinParameters params) - { - engine.init(params); - } - - public void reset() - { - engine.reset(); - } - - public void update(byte in) - { - engine.update(in); - } - - public void update(byte[] in, int inOff, int len) - { - engine.update(in, inOff, len); - } - - public int doFinal(byte[] out, int outOff) - { - return engine.doFinal(out, outOff); - } - -} diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/SkeinEngine.java b/core/src/main/java/org/bouncycastle/crypto/digests/SkeinEngine.java deleted file mode 100644 index b125dbd6..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/digests/SkeinEngine.java +++ /dev/null @@ -1,817 +0,0 @@ -package org.bouncycastle.crypto.digests; - -import java.util.Enumeration; -import java.util.Hashtable; -import java.util.Vector; - -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.engines.ThreefishEngine; -import org.bouncycastle.crypto.macs.SkeinMac; -import org.bouncycastle.crypto.params.SkeinParameters; -import org.bouncycastle.util.Arrays; -import org.bouncycastle.util.Memoable; - -/** - * Implementation of the Skein family of parameterised hash functions in 256, 512 and 1024 bit block - * sizes, based on the {@link ThreefishEngine Threefish} tweakable block cipher. - * <p> - * This is the 1.3 version of Skein defined in the Skein hash function submission to the NIST SHA-3 - * competition in October 2010. - * <p> - * Skein was designed by Niels Ferguson - Stefan Lucks - Bruce Schneier - Doug Whiting - Mihir - * Bellare - Tadayoshi Kohno - Jon Callas - Jesse Walker. - * <p> - * This implementation is the basis for {@link SkeinDigest} and {@link SkeinMac}, implementing the - * parameter based configuration system that allows Skein to be adapted to multiple applications. <br> - * Initialising the engine with {@link SkeinParameters} allows standard and arbitrary parameters to - * be applied during the Skein hash function. - * <p> - * Implemented: - * <ul> - * <li>256, 512 and 1024 bit internal states.</li> - * <li>Full 96 bit input length.</li> - * <li>Parameters defined in the Skein specification, and arbitrary other pre and post message - * parameters.</li> - * <li>Arbitrary output size in 1 byte intervals.</li> - * </ul> - * <p> - * Not implemented: - * <ul> - * <li>Sub-byte length input (bit padding).</li> - * <li>Tree hashing.</li> - * </ul> - * - * @see SkeinParameters - */ -public class SkeinEngine - implements Memoable -{ - /** - * 256 bit block size - Skein 256 - */ - public static final int SKEIN_256 = ThreefishEngine.BLOCKSIZE_256; - /** - * 512 bit block size - Skein 512 - */ - public static final int SKEIN_512 = ThreefishEngine.BLOCKSIZE_512; - /** - * 1024 bit block size - Skein 1024 - */ - public static final int SKEIN_1024 = ThreefishEngine.BLOCKSIZE_1024; - - // Minimal at present, but more complex when tree hashing is implemented - private static class Configuration - { - private byte[] bytes = new byte[32]; - - public Configuration(long outputSizeBits) - { - // 0..3 = ASCII SHA3 - bytes[0] = (byte)'S'; - bytes[1] = (byte)'H'; - bytes[2] = (byte)'A'; - bytes[3] = (byte)'3'; - - // 4..5 = version number in LSB order - bytes[4] = 1; - bytes[5] = 0; - - // 8..15 = output length - ThreefishEngine.wordToBytes(outputSizeBits, bytes, 8); - } - - public byte[] getBytes() - { - return bytes; - } - - } - - public static class Parameter - { - private int type; - private byte[] value; - - public Parameter(int type, byte[] value) - { - this.type = type; - this.value = value; - } - - public int getType() - { - return type; - } - - public byte[] getValue() - { - return value; - } - - } - - /** - * The parameter type for the Skein key. - */ - private static final int PARAM_TYPE_KEY = 0; - - /** - * The parameter type for the Skein configuration block. - */ - private static final int PARAM_TYPE_CONFIG = 4; - - /** - * The parameter type for the message. - */ - private static final int PARAM_TYPE_MESSAGE = 48; - - /** - * The parameter type for the output transformation. - */ - private static final int PARAM_TYPE_OUTPUT = 63; - - /** - * Precalculated UBI(CFG) states for common state/output combinations without key or other - * pre-message params. - */ - private static final Hashtable INITIAL_STATES = new Hashtable(); - - static - { - // From Appendix C of the Skein 1.3 NIST submission - initialState(SKEIN_256, 128, new long[]{ - 0xe1111906964d7260L, - 0x883daaa77c8d811cL, - 0x10080df491960f7aL, - 0xccf7dde5b45bc1c2L}); - - initialState(SKEIN_256, 160, new long[]{ - 0x1420231472825e98L, - 0x2ac4e9a25a77e590L, - 0xd47a58568838d63eL, - 0x2dd2e4968586ab7dL}); - - initialState(SKEIN_256, 224, new long[]{ - 0xc6098a8c9ae5ea0bL, - 0x876d568608c5191cL, - 0x99cb88d7d7f53884L, - 0x384bddb1aeddb5deL}); - - initialState(SKEIN_256, 256, new long[]{ - 0xfc9da860d048b449L, - 0x2fca66479fa7d833L, - 0xb33bc3896656840fL, - 0x6a54e920fde8da69L}); - - initialState(SKEIN_512, 128, new long[]{ - 0xa8bc7bf36fbf9f52L, - 0x1e9872cebd1af0aaL, - 0x309b1790b32190d3L, - 0xbcfbb8543f94805cL, - 0x0da61bcd6e31b11bL, - 0x1a18ebead46a32e3L, - 0xa2cc5b18ce84aa82L, - 0x6982ab289d46982dL}); - - initialState(SKEIN_512, 160, new long[]{ - 0x28b81a2ae013bd91L, - 0xc2f11668b5bdf78fL, - 0x1760d8f3f6a56f12L, - 0x4fb747588239904fL, - 0x21ede07f7eaf5056L, - 0xd908922e63ed70b8L, - 0xb8ec76ffeccb52faL, - 0x01a47bb8a3f27a6eL}); - - initialState(SKEIN_512, 224, new long[]{ - 0xccd0616248677224L, - 0xcba65cf3a92339efL, - 0x8ccd69d652ff4b64L, - 0x398aed7b3ab890b4L, - 0x0f59d1b1457d2bd0L, - 0x6776fe6575d4eb3dL, - 0x99fbc70e997413e9L, - 0x9e2cfccfe1c41ef7L}); - - initialState(SKEIN_512, 384, new long[]{ - 0xa3f6c6bf3a75ef5fL, - 0xb0fef9ccfd84faa4L, - 0x9d77dd663d770cfeL, - 0xd798cbf3b468fddaL, - 0x1bc4a6668a0e4465L, - 0x7ed7d434e5807407L, - 0x548fc1acd4ec44d6L, - 0x266e17546aa18ff8L}); - - initialState(SKEIN_512, 512, new long[]{ - 0x4903adff749c51ceL, - 0x0d95de399746df03L, - 0x8fd1934127c79bceL, - 0x9a255629ff352cb1L, - 0x5db62599df6ca7b0L, - 0xeabe394ca9d5c3f4L, - 0x991112c71a75b523L, - 0xae18a40b660fcc33L}); - } - - private static void initialState(int blockSize, int outputSize, long[] state) - { - INITIAL_STATES.put(variantIdentifier(blockSize / 8, outputSize / 8), state); - } - - private static Integer variantIdentifier(int blockSizeBytes, int outputSizeBytes) - { - return new Integer((outputSizeBytes << 16) | blockSizeBytes); - } - - private static class UbiTweak - { - /** - * Point at which position might overflow long, so switch to add with carry logic - */ - private static final long LOW_RANGE = Long.MAX_VALUE - Integer.MAX_VALUE; - - /** - * Bit 127 = final - */ - private static final long T1_FINAL = 1L << 63; - - /** - * Bit 126 = first - */ - private static final long T1_FIRST = 1L << 62; - - /** - * UBI uses a 128 bit tweak - */ - private long tweak[] = new long[2]; - - /** - * Whether 64 bit position exceeded - */ - private boolean extendedPosition; - - public UbiTweak() - { - reset(); - } - - public void reset(UbiTweak tweak) - { - this.tweak = Arrays.clone(tweak.tweak, this.tweak); - this.extendedPosition = tweak.extendedPosition; - } - - public void reset() - { - tweak[0] = 0; - tweak[1] = 0; - extendedPosition = false; - setFirst(true); - } - - public void setType(int type) - { - // Bits 120..125 = type - tweak[1] = (tweak[1] & 0xFFFFFFC000000000L) | ((type & 0x3FL) << 56); - } - - public int getType() - { - return (int)((tweak[1] >>> 56) & 0x3FL); - } - - public void setFirst(boolean first) - { - if (first) - { - tweak[1] |= T1_FIRST; - } - else - { - tweak[1] &= ~T1_FIRST; - } - } - - public boolean isFirst() - { - return ((tweak[1] & T1_FIRST) != 0); - } - - public void setFinal(boolean last) - { - if (last) - { - tweak[1] |= T1_FINAL; - } - else - { - tweak[1] &= ~T1_FINAL; - } - } - - public boolean isFinal() - { - return ((tweak[1] & T1_FINAL) != 0); - } - - /** - * Advances the position in the tweak by the specified value. - */ - public void advancePosition(int advance) - { - // Bits 0..95 = position - if (extendedPosition) - { - long[] parts = new long[3]; - parts[0] = tweak[0] & 0xFFFFFFFFL; - parts[1] = (tweak[0] >>> 32) & 0xFFFFFFFFL; - parts[2] = tweak[1] & 0xFFFFFFFFL; - - long carry = advance; - for (int i = 0; i < parts.length; i++) - { - carry += parts[i]; - parts[i] = carry; - carry >>>= 32; - } - tweak[0] = ((parts[1] & 0xFFFFFFFFL) << 32) | (parts[0] & 0xFFFFFFFFL); - tweak[1] = (tweak[1] & 0xFFFFFFFF00000000L) | (parts[2] & 0xFFFFFFFFL); - } - else - { - long position = tweak[0]; - position += advance; - tweak[0] = position; - if (position > LOW_RANGE) - { - extendedPosition = true; - } - } - } - - public long[] getWords() - { - return tweak; - } - - public String toString() - { - return getType() + " first: " + isFirst() + ", final: " + isFinal(); - } - - } - - /** - * The Unique Block Iteration chaining mode. - */ - // TODO: This might be better as methods... - private class UBI - { - private final UbiTweak tweak = new UbiTweak(); - - /** - * Buffer for the current block of message data - */ - private byte[] currentBlock; - - /** - * Offset into the current message block - */ - private int currentOffset; - - /** - * Buffer for message words for feedback into encrypted block - */ - private long[] message; - - public UBI(int blockSize) - { - currentBlock = new byte[blockSize]; - message = new long[currentBlock.length / 8]; - } - - public void reset(UBI ubi) - { - currentBlock = Arrays.clone(ubi.currentBlock, currentBlock); - currentOffset = ubi.currentOffset; - message = Arrays.clone(ubi.message, this.message); - tweak.reset(ubi.tweak); - } - - public void reset(int type) - { - tweak.reset(); - tweak.setType(type); - currentOffset = 0; - } - - public void update(byte[] value, int offset, int len, long[] output) - { - /* - * Buffer complete blocks for the underlying Threefish cipher, only flushing when there - * are subsequent bytes (last block must be processed in doFinal() with final=true set). - */ - int copied = 0; - while (len > copied) - { - if (currentOffset == currentBlock.length) - { - processBlock(output); - tweak.setFirst(false); - currentOffset = 0; - } - - int toCopy = Math.min((len - copied), currentBlock.length - currentOffset); - System.arraycopy(value, offset + copied, currentBlock, currentOffset, toCopy); - copied += toCopy; - currentOffset += toCopy; - tweak.advancePosition(toCopy); - } - } - - private void processBlock(long[] output) - { - threefish.init(true, chain, tweak.getWords()); - for (int i = 0; i < message.length; i++) - { - message[i] = ThreefishEngine.bytesToWord(currentBlock, i * 8); - } - - threefish.processBlock(message, output); - - for (int i = 0; i < output.length; i++) - { - output[i] ^= message[i]; - } - } - - public void doFinal(long[] output) - { - // Pad remainder of current block with zeroes - for (int i = currentOffset; i < currentBlock.length; i++) - { - currentBlock[i] = 0; - } - - tweak.setFinal(true); - processBlock(output); - } - - } - - /** - * Underlying Threefish tweakable block cipher - */ - final ThreefishEngine threefish; - - /** - * Size of the digest output, in bytes - */ - private final int outputSizeBytes; - - /** - * The current chaining/state value - */ - long[] chain; - - /** - * The initial state value - */ - private long[] initialState; - - /** - * The (optional) key parameter - */ - private byte[] key; - - /** - * Parameters to apply prior to the message - */ - private Parameter[] preMessageParameters; - - /** - * Parameters to apply after the message, but prior to output - */ - private Parameter[] postMessageParameters; - - /** - * The current UBI operation - */ - private final UBI ubi; - - /** - * Buffer for single byte update method - */ - private final byte[] singleByte = new byte[1]; - - /** - * Constructs a Skein engine. - * - * @param blockSizeBits the internal state size in bits - one of {@link #SKEIN_256}, {@link #SKEIN_512} or - * {@link #SKEIN_1024}. - * @param outputSizeBits the output/digest size to produce in bits, which must be an integral number of - * bytes. - */ - public SkeinEngine(int blockSizeBits, int outputSizeBits) - { - if (outputSizeBits % 8 != 0) - { - throw new IllegalArgumentException("Output size must be a multiple of 8 bits. :" + outputSizeBits); - } - // TODO: Prevent digest sizes > block size? - this.outputSizeBytes = outputSizeBits / 8; - - this.threefish = new ThreefishEngine(blockSizeBits); - this.ubi = new UBI(threefish.getBlockSize()); - } - - /** - * Creates a SkeinEngine as an exact copy of an existing instance. - */ - public SkeinEngine(SkeinEngine engine) - { - this(engine.getBlockSize() * 8, engine.getOutputSize() * 8); - copyIn(engine); - } - - private void copyIn(SkeinEngine engine) - { - this.ubi.reset(engine.ubi); - this.chain = Arrays.clone(engine.chain, this.chain); - this.initialState = Arrays.clone(engine.initialState, this.initialState); - this.key = Arrays.clone(engine.key, this.key); - this.preMessageParameters = clone(engine.preMessageParameters, this.preMessageParameters); - this.postMessageParameters = clone(engine.postMessageParameters, this.postMessageParameters); - } - - private static Parameter[] clone(Parameter[] data, Parameter[] existing) - { - if (data == null) - { - return null; - } - if ((existing == null) || (existing.length != data.length)) - { - existing = new Parameter[data.length]; - } - System.arraycopy(data, 0, existing, 0, existing.length); - return existing; - } - - public Memoable copy() - { - return new SkeinEngine(this); - } - - public void reset(Memoable other) - { - SkeinEngine s = (SkeinEngine)other; - if ((getBlockSize() != s.getBlockSize()) || (outputSizeBytes != s.outputSizeBytes)) - { - throw new IllegalArgumentException("Incompatible parameters in provided SkeinEngine."); - } - copyIn(s); - } - - public int getOutputSize() - { - return outputSizeBytes; - } - - public int getBlockSize() - { - return threefish.getBlockSize(); - } - - /** - * Initialises the Skein engine with the provided parameters. See {@link SkeinParameters} for - * details on the parameterisation of the Skein hash function. - * - * @param params the parameters to apply to this engine, or <code>null</code> to use no parameters. - */ - public void init(SkeinParameters params) - { - this.chain = null; - this.key = null; - this.preMessageParameters = null; - this.postMessageParameters = null; - - if (params != null) - { - byte[] key = params.getKey(); - if (key.length < 16) - { - throw new IllegalArgumentException("Skein key must be at least 128 bits."); - } - initParams(params.getParameters()); - } - createInitialState(); - - // Initialise message block - ubiInit(PARAM_TYPE_MESSAGE); - } - - private void initParams(Hashtable parameters) - { - Enumeration keys = parameters.keys(); - final Vector pre = new Vector(); - final Vector post = new Vector(); - - while (keys.hasMoreElements()) - { - Integer type = (Integer)keys.nextElement(); - byte[] value = (byte[])parameters.get(type); - - if (type.intValue() == PARAM_TYPE_KEY) - { - this.key = value; - } - else if (type.intValue() < PARAM_TYPE_MESSAGE) - { - pre.addElement(new Parameter(type.intValue(), value)); - } - else - { - post.addElement(new Parameter(type.intValue(), value)); - } - } - preMessageParameters = new Parameter[pre.size()]; - pre.copyInto(preMessageParameters); - sort(preMessageParameters); - - postMessageParameters = new Parameter[post.size()]; - post.copyInto(postMessageParameters); - sort(postMessageParameters); - } - - private static void sort(Parameter[] params) - { - if (params == null) - { - return; - } - // Insertion sort, for Java 1.1 compatibility - for (int i = 1; i < params.length; i++) - { - Parameter param = params[i]; - int hole = i; - while (hole > 0 && param.getType() < params[hole - 1].getType()) - { - params[hole] = params[hole - 1]; - hole = hole - 1; - } - params[hole] = param; - } - } - - /** - * Calculate the initial (pre message block) chaining state. - */ - private void createInitialState() - { - long[] precalc = (long[])INITIAL_STATES.get(variantIdentifier(getBlockSize(), getOutputSize())); - if ((key == null) && (precalc != null)) - { - // Precalculated UBI(CFG) - chain = Arrays.clone(precalc); - } - else - { - // Blank initial state - chain = new long[getBlockSize() / 8]; - - // Process key block - if (key != null) - { - ubiComplete(SkeinParameters.PARAM_TYPE_KEY, key); - } - - // Process configuration block - ubiComplete(PARAM_TYPE_CONFIG, new Configuration(outputSizeBytes * 8).getBytes()); - } - - // Process additional pre-message parameters - if (preMessageParameters != null) - { - for (int i = 0; i < preMessageParameters.length; i++) - { - Parameter param = preMessageParameters[i]; - ubiComplete(param.getType(), param.getValue()); - } - } - initialState = Arrays.clone(chain); - } - - /** - * Reset the engine to the initial state (with the key and any pre-message parameters , ready to - * accept message input. - */ - public void reset() - { - System.arraycopy(initialState, 0, chain, 0, chain.length); - - ubiInit(PARAM_TYPE_MESSAGE); - } - - private void ubiComplete(int type, byte[] value) - { - ubiInit(type); - this.ubi.update(value, 0, value.length, chain); - ubiFinal(); - } - - private void ubiInit(int type) - { - this.ubi.reset(type); - } - - private void ubiFinal() - { - ubi.doFinal(chain); - } - - private void checkInitialised() - { - if (this.ubi == null) - { - throw new IllegalArgumentException("Skein engine is not initialised."); - } - } - - public void update(byte in) - { - singleByte[0] = in; - update(singleByte, 0, 1); - } - - public void update(byte[] in, int inOff, int len) - { - checkInitialised(); - ubi.update(in, inOff, len, chain); - } - - public int doFinal(byte[] out, int outOff) - { - checkInitialised(); - if (out.length < (outOff + outputSizeBytes)) - { - throw new DataLengthException("Output buffer is too short to hold output of " + outputSizeBytes + " bytes"); - } - - // Finalise message block - ubiFinal(); - - // Process additional post-message parameters - if (postMessageParameters != null) - { - for (int i = 0; i < postMessageParameters.length; i++) - { - Parameter param = postMessageParameters[i]; - ubiComplete(param.getType(), param.getValue()); - } - } - - // Perform the output transform - final int blockSize = getBlockSize(); - final int blocksRequired = ((outputSizeBytes + blockSize - 1) / blockSize); - for (int i = 0; i < blocksRequired; i++) - { - final int toWrite = Math.min(blockSize, outputSizeBytes - (i * blockSize)); - output(i, out, outOff + (i * blockSize), toWrite); - } - - reset(); - - return outputSizeBytes; - } - - private void output(long outputSequence, byte[] out, int outOff, int outputBytes) - { - byte[] currentBytes = new byte[8]; - ThreefishEngine.wordToBytes(outputSequence, currentBytes, 0); - - // Output is a sequence of UBI invocations all of which use and preserve the pre-output - // state - long[] outputWords = new long[chain.length]; - ubiInit(PARAM_TYPE_OUTPUT); - this.ubi.update(currentBytes, 0, currentBytes.length, outputWords); - ubi.doFinal(outputWords); - - final int wordsRequired = ((outputBytes + 8 - 1) / 8); - for (int i = 0; i < wordsRequired; i++) - { - int toWrite = Math.min(8, outputBytes - (i * 8)); - if (toWrite == 8) - { - ThreefishEngine.wordToBytes(outputWords[i], out, outOff + (i * 8)); - } - else - { - ThreefishEngine.wordToBytes(outputWords[i], currentBytes, 0); - System.arraycopy(currentBytes, 0, out, outOff + (i * 8), toWrite); - } - } - } - -} diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/TigerDigest.java b/core/src/main/java/org/bouncycastle/crypto/digests/TigerDigest.java deleted file mode 100644 index 2899e305..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/digests/TigerDigest.java +++ /dev/null @@ -1,879 +0,0 @@ -package org.bouncycastle.crypto.digests; - -import org.bouncycastle.crypto.ExtendedDigest; -import org.bouncycastle.util.Memoable; - -/** - * implementation of Tiger based on: - * <a href="http://www.cs.technion.ac.il/~biham/Reports/Tiger"> - * http://www.cs.technion.ac.il/~biham/Reports/Tiger</a> - */ -public class TigerDigest - implements ExtendedDigest, Memoable -{ - private static final int BYTE_LENGTH = 64; - - /* - * S-Boxes. - */ - private static final long[] t1 = { - 0x02AAB17CF7E90C5EL /* 0 */, 0xAC424B03E243A8ECL /* 1 */, - 0x72CD5BE30DD5FCD3L /* 2 */, 0x6D019B93F6F97F3AL /* 3 */, - 0xCD9978FFD21F9193L /* 4 */, 0x7573A1C9708029E2L /* 5 */, - 0xB164326B922A83C3L /* 6 */, 0x46883EEE04915870L /* 7 */, - 0xEAACE3057103ECE6L /* 8 */, 0xC54169B808A3535CL /* 9 */, - 0x4CE754918DDEC47CL /* 10 */, 0x0AA2F4DFDC0DF40CL /* 11 */, - 0x10B76F18A74DBEFAL /* 12 */, 0xC6CCB6235AD1AB6AL /* 13 */, - 0x13726121572FE2FFL /* 14 */, 0x1A488C6F199D921EL /* 15 */, - 0x4BC9F9F4DA0007CAL /* 16 */, 0x26F5E6F6E85241C7L /* 17 */, - 0x859079DBEA5947B6L /* 18 */, 0x4F1885C5C99E8C92L /* 19 */, - 0xD78E761EA96F864BL /* 20 */, 0x8E36428C52B5C17DL /* 21 */, - 0x69CF6827373063C1L /* 22 */, 0xB607C93D9BB4C56EL /* 23 */, - 0x7D820E760E76B5EAL /* 24 */, 0x645C9CC6F07FDC42L /* 25 */, - 0xBF38A078243342E0L /* 26 */, 0x5F6B343C9D2E7D04L /* 27 */, - 0xF2C28AEB600B0EC6L /* 28 */, 0x6C0ED85F7254BCACL /* 29 */, - 0x71592281A4DB4FE5L /* 30 */, 0x1967FA69CE0FED9FL /* 31 */, - 0xFD5293F8B96545DBL /* 32 */, 0xC879E9D7F2A7600BL /* 33 */, - 0x860248920193194EL /* 34 */, 0xA4F9533B2D9CC0B3L /* 35 */, - 0x9053836C15957613L /* 36 */, 0xDB6DCF8AFC357BF1L /* 37 */, - 0x18BEEA7A7A370F57L /* 38 */, 0x037117CA50B99066L /* 39 */, - 0x6AB30A9774424A35L /* 40 */, 0xF4E92F02E325249BL /* 41 */, - 0x7739DB07061CCAE1L /* 42 */, 0xD8F3B49CECA42A05L /* 43 */, - 0xBD56BE3F51382F73L /* 44 */, 0x45FAED5843B0BB28L /* 45 */, - 0x1C813D5C11BF1F83L /* 46 */, 0x8AF0E4B6D75FA169L /* 47 */, - 0x33EE18A487AD9999L /* 48 */, 0x3C26E8EAB1C94410L /* 49 */, - 0xB510102BC0A822F9L /* 50 */, 0x141EEF310CE6123BL /* 51 */, - 0xFC65B90059DDB154L /* 52 */, 0xE0158640C5E0E607L /* 53 */, - 0x884E079826C3A3CFL /* 54 */, 0x930D0D9523C535FDL /* 55 */, - 0x35638D754E9A2B00L /* 56 */, 0x4085FCCF40469DD5L /* 57 */, - 0xC4B17AD28BE23A4CL /* 58 */, 0xCAB2F0FC6A3E6A2EL /* 59 */, - 0x2860971A6B943FCDL /* 60 */, 0x3DDE6EE212E30446L /* 61 */, - 0x6222F32AE01765AEL /* 62 */, 0x5D550BB5478308FEL /* 63 */, - 0xA9EFA98DA0EDA22AL /* 64 */, 0xC351A71686C40DA7L /* 65 */, - 0x1105586D9C867C84L /* 66 */, 0xDCFFEE85FDA22853L /* 67 */, - 0xCCFBD0262C5EEF76L /* 68 */, 0xBAF294CB8990D201L /* 69 */, - 0xE69464F52AFAD975L /* 70 */, 0x94B013AFDF133E14L /* 71 */, - 0x06A7D1A32823C958L /* 72 */, 0x6F95FE5130F61119L /* 73 */, - 0xD92AB34E462C06C0L /* 74 */, 0xED7BDE33887C71D2L /* 75 */, - 0x79746D6E6518393EL /* 76 */, 0x5BA419385D713329L /* 77 */, - 0x7C1BA6B948A97564L /* 78 */, 0x31987C197BFDAC67L /* 79 */, - 0xDE6C23C44B053D02L /* 80 */, 0x581C49FED002D64DL /* 81 */, - 0xDD474D6338261571L /* 82 */, 0xAA4546C3E473D062L /* 83 */, - 0x928FCE349455F860L /* 84 */, 0x48161BBACAAB94D9L /* 85 */, - 0x63912430770E6F68L /* 86 */, 0x6EC8A5E602C6641CL /* 87 */, - 0x87282515337DDD2BL /* 88 */, 0x2CDA6B42034B701BL /* 89 */, - 0xB03D37C181CB096DL /* 90 */, 0xE108438266C71C6FL /* 91 */, - 0x2B3180C7EB51B255L /* 92 */, 0xDF92B82F96C08BBCL /* 93 */, - 0x5C68C8C0A632F3BAL /* 94 */, 0x5504CC861C3D0556L /* 95 */, - 0xABBFA4E55FB26B8FL /* 96 */, 0x41848B0AB3BACEB4L /* 97 */, - 0xB334A273AA445D32L /* 98 */, 0xBCA696F0A85AD881L /* 99 */, - 0x24F6EC65B528D56CL /* 100 */, 0x0CE1512E90F4524AL /* 101 */, - 0x4E9DD79D5506D35AL /* 102 */, 0x258905FAC6CE9779L /* 103 */, - 0x2019295B3E109B33L /* 104 */, 0xF8A9478B73A054CCL /* 105 */, - 0x2924F2F934417EB0L /* 106 */, 0x3993357D536D1BC4L /* 107 */, - 0x38A81AC21DB6FF8BL /* 108 */, 0x47C4FBF17D6016BFL /* 109 */, - 0x1E0FAADD7667E3F5L /* 110 */, 0x7ABCFF62938BEB96L /* 111 */, - 0xA78DAD948FC179C9L /* 112 */, 0x8F1F98B72911E50DL /* 113 */, - 0x61E48EAE27121A91L /* 114 */, 0x4D62F7AD31859808L /* 115 */, - 0xECEBA345EF5CEAEBL /* 116 */, 0xF5CEB25EBC9684CEL /* 117 */, - 0xF633E20CB7F76221L /* 118 */, 0xA32CDF06AB8293E4L /* 119 */, - 0x985A202CA5EE2CA4L /* 120 */, 0xCF0B8447CC8A8FB1L /* 121 */, - 0x9F765244979859A3L /* 122 */, 0xA8D516B1A1240017L /* 123 */, - 0x0BD7BA3EBB5DC726L /* 124 */, 0xE54BCA55B86ADB39L /* 125 */, - 0x1D7A3AFD6C478063L /* 126 */, 0x519EC608E7669EDDL /* 127 */, - 0x0E5715A2D149AA23L /* 128 */, 0x177D4571848FF194L /* 129 */, - 0xEEB55F3241014C22L /* 130 */, 0x0F5E5CA13A6E2EC2L /* 131 */, - 0x8029927B75F5C361L /* 132 */, 0xAD139FABC3D6E436L /* 133 */, - 0x0D5DF1A94CCF402FL /* 134 */, 0x3E8BD948BEA5DFC8L /* 135 */, - 0xA5A0D357BD3FF77EL /* 136 */, 0xA2D12E251F74F645L /* 137 */, - 0x66FD9E525E81A082L /* 138 */, 0x2E0C90CE7F687A49L /* 139 */, - 0xC2E8BCBEBA973BC5L /* 140 */, 0x000001BCE509745FL /* 141 */, - 0x423777BBE6DAB3D6L /* 142 */, 0xD1661C7EAEF06EB5L /* 143 */, - 0xA1781F354DAACFD8L /* 144 */, 0x2D11284A2B16AFFCL /* 145 */, - 0xF1FC4F67FA891D1FL /* 146 */, 0x73ECC25DCB920ADAL /* 147 */, - 0xAE610C22C2A12651L /* 148 */, 0x96E0A810D356B78AL /* 149 */, - 0x5A9A381F2FE7870FL /* 150 */, 0xD5AD62EDE94E5530L /* 151 */, - 0xD225E5E8368D1427L /* 152 */, 0x65977B70C7AF4631L /* 153 */, - 0x99F889B2DE39D74FL /* 154 */, 0x233F30BF54E1D143L /* 155 */, - 0x9A9675D3D9A63C97L /* 156 */, 0x5470554FF334F9A8L /* 157 */, - 0x166ACB744A4F5688L /* 158 */, 0x70C74CAAB2E4AEADL /* 159 */, - 0xF0D091646F294D12L /* 160 */, 0x57B82A89684031D1L /* 161 */, - 0xEFD95A5A61BE0B6BL /* 162 */, 0x2FBD12E969F2F29AL /* 163 */, - 0x9BD37013FEFF9FE8L /* 164 */, 0x3F9B0404D6085A06L /* 165 */, - 0x4940C1F3166CFE15L /* 166 */, 0x09542C4DCDF3DEFBL /* 167 */, - 0xB4C5218385CD5CE3L /* 168 */, 0xC935B7DC4462A641L /* 169 */, - 0x3417F8A68ED3B63FL /* 170 */, 0xB80959295B215B40L /* 171 */, - 0xF99CDAEF3B8C8572L /* 172 */, 0x018C0614F8FCB95DL /* 173 */, - 0x1B14ACCD1A3ACDF3L /* 174 */, 0x84D471F200BB732DL /* 175 */, - 0xC1A3110E95E8DA16L /* 176 */, 0x430A7220BF1A82B8L /* 177 */, - 0xB77E090D39DF210EL /* 178 */, 0x5EF4BD9F3CD05E9DL /* 179 */, - 0x9D4FF6DA7E57A444L /* 180 */, 0xDA1D60E183D4A5F8L /* 181 */, - 0xB287C38417998E47L /* 182 */, 0xFE3EDC121BB31886L /* 183 */, - 0xC7FE3CCC980CCBEFL /* 184 */, 0xE46FB590189BFD03L /* 185 */, - 0x3732FD469A4C57DCL /* 186 */, 0x7EF700A07CF1AD65L /* 187 */, - 0x59C64468A31D8859L /* 188 */, 0x762FB0B4D45B61F6L /* 189 */, - 0x155BAED099047718L /* 190 */, 0x68755E4C3D50BAA6L /* 191 */, - 0xE9214E7F22D8B4DFL /* 192 */, 0x2ADDBF532EAC95F4L /* 193 */, - 0x32AE3909B4BD0109L /* 194 */, 0x834DF537B08E3450L /* 195 */, - 0xFA209DA84220728DL /* 196 */, 0x9E691D9B9EFE23F7L /* 197 */, - 0x0446D288C4AE8D7FL /* 198 */, 0x7B4CC524E169785BL /* 199 */, - 0x21D87F0135CA1385L /* 200 */, 0xCEBB400F137B8AA5L /* 201 */, - 0x272E2B66580796BEL /* 202 */, 0x3612264125C2B0DEL /* 203 */, - 0x057702BDAD1EFBB2L /* 204 */, 0xD4BABB8EACF84BE9L /* 205 */, - 0x91583139641BC67BL /* 206 */, 0x8BDC2DE08036E024L /* 207 */, - 0x603C8156F49F68EDL /* 208 */, 0xF7D236F7DBEF5111L /* 209 */, - 0x9727C4598AD21E80L /* 210 */, 0xA08A0896670A5FD7L /* 211 */, - 0xCB4A8F4309EBA9CBL /* 212 */, 0x81AF564B0F7036A1L /* 213 */, - 0xC0B99AA778199ABDL /* 214 */, 0x959F1EC83FC8E952L /* 215 */, - 0x8C505077794A81B9L /* 216 */, 0x3ACAAF8F056338F0L /* 217 */, - 0x07B43F50627A6778L /* 218 */, 0x4A44AB49F5ECCC77L /* 219 */, - 0x3BC3D6E4B679EE98L /* 220 */, 0x9CC0D4D1CF14108CL /* 221 */, - 0x4406C00B206BC8A0L /* 222 */, 0x82A18854C8D72D89L /* 223 */, - 0x67E366B35C3C432CL /* 224 */, 0xB923DD61102B37F2L /* 225 */, - 0x56AB2779D884271DL /* 226 */, 0xBE83E1B0FF1525AFL /* 227 */, - 0xFB7C65D4217E49A9L /* 228 */, 0x6BDBE0E76D48E7D4L /* 229 */, - 0x08DF828745D9179EL /* 230 */, 0x22EA6A9ADD53BD34L /* 231 */, - 0xE36E141C5622200AL /* 232 */, 0x7F805D1B8CB750EEL /* 233 */, - 0xAFE5C7A59F58E837L /* 234 */, 0xE27F996A4FB1C23CL /* 235 */, - 0xD3867DFB0775F0D0L /* 236 */, 0xD0E673DE6E88891AL /* 237 */, - 0x123AEB9EAFB86C25L /* 238 */, 0x30F1D5D5C145B895L /* 239 */, - 0xBB434A2DEE7269E7L /* 240 */, 0x78CB67ECF931FA38L /* 241 */, - 0xF33B0372323BBF9CL /* 242 */, 0x52D66336FB279C74L /* 243 */, - 0x505F33AC0AFB4EAAL /* 244 */, 0xE8A5CD99A2CCE187L /* 245 */, - 0x534974801E2D30BBL /* 246 */, 0x8D2D5711D5876D90L /* 247 */, - 0x1F1A412891BC038EL /* 248 */, 0xD6E2E71D82E56648L /* 249 */, - 0x74036C3A497732B7L /* 250 */, 0x89B67ED96361F5ABL /* 251 */, - 0xFFED95D8F1EA02A2L /* 252 */, 0xE72B3BD61464D43DL /* 253 */, - 0xA6300F170BDC4820L /* 254 */, 0xEBC18760ED78A77AL /* 255 */, - }; - - private static final long[] t2 = { - 0xE6A6BE5A05A12138L /* 256 */, 0xB5A122A5B4F87C98L /* 257 */, - 0x563C6089140B6990L /* 258 */, 0x4C46CB2E391F5DD5L /* 259 */, - 0xD932ADDBC9B79434L /* 260 */, 0x08EA70E42015AFF5L /* 261 */, - 0xD765A6673E478CF1L /* 262 */, 0xC4FB757EAB278D99L /* 263 */, - 0xDF11C6862D6E0692L /* 264 */, 0xDDEB84F10D7F3B16L /* 265 */, - 0x6F2EF604A665EA04L /* 266 */, 0x4A8E0F0FF0E0DFB3L /* 267 */, - 0xA5EDEEF83DBCBA51L /* 268 */, 0xFC4F0A2A0EA4371EL /* 269 */, - 0xE83E1DA85CB38429L /* 270 */, 0xDC8FF882BA1B1CE2L /* 271 */, - 0xCD45505E8353E80DL /* 272 */, 0x18D19A00D4DB0717L /* 273 */, - 0x34A0CFEDA5F38101L /* 274 */, 0x0BE77E518887CAF2L /* 275 */, - 0x1E341438B3C45136L /* 276 */, 0xE05797F49089CCF9L /* 277 */, - 0xFFD23F9DF2591D14L /* 278 */, 0x543DDA228595C5CDL /* 279 */, - 0x661F81FD99052A33L /* 280 */, 0x8736E641DB0F7B76L /* 281 */, - 0x15227725418E5307L /* 282 */, 0xE25F7F46162EB2FAL /* 283 */, - 0x48A8B2126C13D9FEL /* 284 */, 0xAFDC541792E76EEAL /* 285 */, - 0x03D912BFC6D1898FL /* 286 */, 0x31B1AAFA1B83F51BL /* 287 */, - 0xF1AC2796E42AB7D9L /* 288 */, 0x40A3A7D7FCD2EBACL /* 289 */, - 0x1056136D0AFBBCC5L /* 290 */, 0x7889E1DD9A6D0C85L /* 291 */, - 0xD33525782A7974AAL /* 292 */, 0xA7E25D09078AC09BL /* 293 */, - 0xBD4138B3EAC6EDD0L /* 294 */, 0x920ABFBE71EB9E70L /* 295 */, - 0xA2A5D0F54FC2625CL /* 296 */, 0xC054E36B0B1290A3L /* 297 */, - 0xF6DD59FF62FE932BL /* 298 */, 0x3537354511A8AC7DL /* 299 */, - 0xCA845E9172FADCD4L /* 300 */, 0x84F82B60329D20DCL /* 301 */, - 0x79C62CE1CD672F18L /* 302 */, 0x8B09A2ADD124642CL /* 303 */, - 0xD0C1E96A19D9E726L /* 304 */, 0x5A786A9B4BA9500CL /* 305 */, - 0x0E020336634C43F3L /* 306 */, 0xC17B474AEB66D822L /* 307 */, - 0x6A731AE3EC9BAAC2L /* 308 */, 0x8226667AE0840258L /* 309 */, - 0x67D4567691CAECA5L /* 310 */, 0x1D94155C4875ADB5L /* 311 */, - 0x6D00FD985B813FDFL /* 312 */, 0x51286EFCB774CD06L /* 313 */, - 0x5E8834471FA744AFL /* 314 */, 0xF72CA0AEE761AE2EL /* 315 */, - 0xBE40E4CDAEE8E09AL /* 316 */, 0xE9970BBB5118F665L /* 317 */, - 0x726E4BEB33DF1964L /* 318 */, 0x703B000729199762L /* 319 */, - 0x4631D816F5EF30A7L /* 320 */, 0xB880B5B51504A6BEL /* 321 */, - 0x641793C37ED84B6CL /* 322 */, 0x7B21ED77F6E97D96L /* 323 */, - 0x776306312EF96B73L /* 324 */, 0xAE528948E86FF3F4L /* 325 */, - 0x53DBD7F286A3F8F8L /* 326 */, 0x16CADCE74CFC1063L /* 327 */, - 0x005C19BDFA52C6DDL /* 328 */, 0x68868F5D64D46AD3L /* 329 */, - 0x3A9D512CCF1E186AL /* 330 */, 0x367E62C2385660AEL /* 331 */, - 0xE359E7EA77DCB1D7L /* 332 */, 0x526C0773749ABE6EL /* 333 */, - 0x735AE5F9D09F734BL /* 334 */, 0x493FC7CC8A558BA8L /* 335 */, - 0xB0B9C1533041AB45L /* 336 */, 0x321958BA470A59BDL /* 337 */, - 0x852DB00B5F46C393L /* 338 */, 0x91209B2BD336B0E5L /* 339 */, - 0x6E604F7D659EF19FL /* 340 */, 0xB99A8AE2782CCB24L /* 341 */, - 0xCCF52AB6C814C4C7L /* 342 */, 0x4727D9AFBE11727BL /* 343 */, - 0x7E950D0C0121B34DL /* 344 */, 0x756F435670AD471FL /* 345 */, - 0xF5ADD442615A6849L /* 346 */, 0x4E87E09980B9957AL /* 347 */, - 0x2ACFA1DF50AEE355L /* 348 */, 0xD898263AFD2FD556L /* 349 */, - 0xC8F4924DD80C8FD6L /* 350 */, 0xCF99CA3D754A173AL /* 351 */, - 0xFE477BACAF91BF3CL /* 352 */, 0xED5371F6D690C12DL /* 353 */, - 0x831A5C285E687094L /* 354 */, 0xC5D3C90A3708A0A4L /* 355 */, - 0x0F7F903717D06580L /* 356 */, 0x19F9BB13B8FDF27FL /* 357 */, - 0xB1BD6F1B4D502843L /* 358 */, 0x1C761BA38FFF4012L /* 359 */, - 0x0D1530C4E2E21F3BL /* 360 */, 0x8943CE69A7372C8AL /* 361 */, - 0xE5184E11FEB5CE66L /* 362 */, 0x618BDB80BD736621L /* 363 */, - 0x7D29BAD68B574D0BL /* 364 */, 0x81BB613E25E6FE5BL /* 365 */, - 0x071C9C10BC07913FL /* 366 */, 0xC7BEEB7909AC2D97L /* 367 */, - 0xC3E58D353BC5D757L /* 368 */, 0xEB017892F38F61E8L /* 369 */, - 0xD4EFFB9C9B1CC21AL /* 370 */, 0x99727D26F494F7ABL /* 371 */, - 0xA3E063A2956B3E03L /* 372 */, 0x9D4A8B9A4AA09C30L /* 373 */, - 0x3F6AB7D500090FB4L /* 374 */, 0x9CC0F2A057268AC0L /* 375 */, - 0x3DEE9D2DEDBF42D1L /* 376 */, 0x330F49C87960A972L /* 377 */, - 0xC6B2720287421B41L /* 378 */, 0x0AC59EC07C00369CL /* 379 */, - 0xEF4EAC49CB353425L /* 380 */, 0xF450244EEF0129D8L /* 381 */, - 0x8ACC46E5CAF4DEB6L /* 382 */, 0x2FFEAB63989263F7L /* 383 */, - 0x8F7CB9FE5D7A4578L /* 384 */, 0x5BD8F7644E634635L /* 385 */, - 0x427A7315BF2DC900L /* 386 */, 0x17D0C4AA2125261CL /* 387 */, - 0x3992486C93518E50L /* 388 */, 0xB4CBFEE0A2D7D4C3L /* 389 */, - 0x7C75D6202C5DDD8DL /* 390 */, 0xDBC295D8E35B6C61L /* 391 */, - 0x60B369D302032B19L /* 392 */, 0xCE42685FDCE44132L /* 393 */, - 0x06F3DDB9DDF65610L /* 394 */, 0x8EA4D21DB5E148F0L /* 395 */, - 0x20B0FCE62FCD496FL /* 396 */, 0x2C1B912358B0EE31L /* 397 */, - 0xB28317B818F5A308L /* 398 */, 0xA89C1E189CA6D2CFL /* 399 */, - 0x0C6B18576AAADBC8L /* 400 */, 0xB65DEAA91299FAE3L /* 401 */, - 0xFB2B794B7F1027E7L /* 402 */, 0x04E4317F443B5BEBL /* 403 */, - 0x4B852D325939D0A6L /* 404 */, 0xD5AE6BEEFB207FFCL /* 405 */, - 0x309682B281C7D374L /* 406 */, 0xBAE309A194C3B475L /* 407 */, - 0x8CC3F97B13B49F05L /* 408 */, 0x98A9422FF8293967L /* 409 */, - 0x244B16B01076FF7CL /* 410 */, 0xF8BF571C663D67EEL /* 411 */, - 0x1F0D6758EEE30DA1L /* 412 */, 0xC9B611D97ADEB9B7L /* 413 */, - 0xB7AFD5887B6C57A2L /* 414 */, 0x6290AE846B984FE1L /* 415 */, - 0x94DF4CDEACC1A5FDL /* 416 */, 0x058A5BD1C5483AFFL /* 417 */, - 0x63166CC142BA3C37L /* 418 */, 0x8DB8526EB2F76F40L /* 419 */, - 0xE10880036F0D6D4EL /* 420 */, 0x9E0523C9971D311DL /* 421 */, - 0x45EC2824CC7CD691L /* 422 */, 0x575B8359E62382C9L /* 423 */, - 0xFA9E400DC4889995L /* 424 */, 0xD1823ECB45721568L /* 425 */, - 0xDAFD983B8206082FL /* 426 */, 0xAA7D29082386A8CBL /* 427 */, - 0x269FCD4403B87588L /* 428 */, 0x1B91F5F728BDD1E0L /* 429 */, - 0xE4669F39040201F6L /* 430 */, 0x7A1D7C218CF04ADEL /* 431 */, - 0x65623C29D79CE5CEL /* 432 */, 0x2368449096C00BB1L /* 433 */, - 0xAB9BF1879DA503BAL /* 434 */, 0xBC23ECB1A458058EL /* 435 */, - 0x9A58DF01BB401ECCL /* 436 */, 0xA070E868A85F143DL /* 437 */, - 0x4FF188307DF2239EL /* 438 */, 0x14D565B41A641183L /* 439 */, - 0xEE13337452701602L /* 440 */, 0x950E3DCF3F285E09L /* 441 */, - 0x59930254B9C80953L /* 442 */, 0x3BF299408930DA6DL /* 443 */, - 0xA955943F53691387L /* 444 */, 0xA15EDECAA9CB8784L /* 445 */, - 0x29142127352BE9A0L /* 446 */, 0x76F0371FFF4E7AFBL /* 447 */, - 0x0239F450274F2228L /* 448 */, 0xBB073AF01D5E868BL /* 449 */, - 0xBFC80571C10E96C1L /* 450 */, 0xD267088568222E23L /* 451 */, - 0x9671A3D48E80B5B0L /* 452 */, 0x55B5D38AE193BB81L /* 453 */, - 0x693AE2D0A18B04B8L /* 454 */, 0x5C48B4ECADD5335FL /* 455 */, - 0xFD743B194916A1CAL /* 456 */, 0x2577018134BE98C4L /* 457 */, - 0xE77987E83C54A4ADL /* 458 */, 0x28E11014DA33E1B9L /* 459 */, - 0x270CC59E226AA213L /* 460 */, 0x71495F756D1A5F60L /* 461 */, - 0x9BE853FB60AFEF77L /* 462 */, 0xADC786A7F7443DBFL /* 463 */, - 0x0904456173B29A82L /* 464 */, 0x58BC7A66C232BD5EL /* 465 */, - 0xF306558C673AC8B2L /* 466 */, 0x41F639C6B6C9772AL /* 467 */, - 0x216DEFE99FDA35DAL /* 468 */, 0x11640CC71C7BE615L /* 469 */, - 0x93C43694565C5527L /* 470 */, 0xEA038E6246777839L /* 471 */, - 0xF9ABF3CE5A3E2469L /* 472 */, 0x741E768D0FD312D2L /* 473 */, - 0x0144B883CED652C6L /* 474 */, 0xC20B5A5BA33F8552L /* 475 */, - 0x1AE69633C3435A9DL /* 476 */, 0x97A28CA4088CFDECL /* 477 */, - 0x8824A43C1E96F420L /* 478 */, 0x37612FA66EEEA746L /* 479 */, - 0x6B4CB165F9CF0E5AL /* 480 */, 0x43AA1C06A0ABFB4AL /* 481 */, - 0x7F4DC26FF162796BL /* 482 */, 0x6CBACC8E54ED9B0FL /* 483 */, - 0xA6B7FFEFD2BB253EL /* 484 */, 0x2E25BC95B0A29D4FL /* 485 */, - 0x86D6A58BDEF1388CL /* 486 */, 0xDED74AC576B6F054L /* 487 */, - 0x8030BDBC2B45805DL /* 488 */, 0x3C81AF70E94D9289L /* 489 */, - 0x3EFF6DDA9E3100DBL /* 490 */, 0xB38DC39FDFCC8847L /* 491 */, - 0x123885528D17B87EL /* 492 */, 0xF2DA0ED240B1B642L /* 493 */, - 0x44CEFADCD54BF9A9L /* 494 */, 0x1312200E433C7EE6L /* 495 */, - 0x9FFCC84F3A78C748L /* 496 */, 0xF0CD1F72248576BBL /* 497 */, - 0xEC6974053638CFE4L /* 498 */, 0x2BA7B67C0CEC4E4CL /* 499 */, - 0xAC2F4DF3E5CE32EDL /* 500 */, 0xCB33D14326EA4C11L /* 501 */, - 0xA4E9044CC77E58BCL /* 502 */, 0x5F513293D934FCEFL /* 503 */, - 0x5DC9645506E55444L /* 504 */, 0x50DE418F317DE40AL /* 505 */, - 0x388CB31A69DDE259L /* 506 */, 0x2DB4A83455820A86L /* 507 */, - 0x9010A91E84711AE9L /* 508 */, 0x4DF7F0B7B1498371L /* 509 */, - 0xD62A2EABC0977179L /* 510 */, 0x22FAC097AA8D5C0EL /* 511 */, - }; - - private static final long[] t3 = { - 0xF49FCC2FF1DAF39BL /* 512 */, 0x487FD5C66FF29281L /* 513 */, - 0xE8A30667FCDCA83FL /* 514 */, 0x2C9B4BE3D2FCCE63L /* 515 */, - 0xDA3FF74B93FBBBC2L /* 516 */, 0x2FA165D2FE70BA66L /* 517 */, - 0xA103E279970E93D4L /* 518 */, 0xBECDEC77B0E45E71L /* 519 */, - 0xCFB41E723985E497L /* 520 */, 0xB70AAA025EF75017L /* 521 */, - 0xD42309F03840B8E0L /* 522 */, 0x8EFC1AD035898579L /* 523 */, - 0x96C6920BE2B2ABC5L /* 524 */, 0x66AF4163375A9172L /* 525 */, - 0x2174ABDCCA7127FBL /* 526 */, 0xB33CCEA64A72FF41L /* 527 */, - 0xF04A4933083066A5L /* 528 */, 0x8D970ACDD7289AF5L /* 529 */, - 0x8F96E8E031C8C25EL /* 530 */, 0xF3FEC02276875D47L /* 531 */, - 0xEC7BF310056190DDL /* 532 */, 0xF5ADB0AEBB0F1491L /* 533 */, - 0x9B50F8850FD58892L /* 534 */, 0x4975488358B74DE8L /* 535 */, - 0xA3354FF691531C61L /* 536 */, 0x0702BBE481D2C6EEL /* 537 */, - 0x89FB24057DEDED98L /* 538 */, 0xAC3075138596E902L /* 539 */, - 0x1D2D3580172772EDL /* 540 */, 0xEB738FC28E6BC30DL /* 541 */, - 0x5854EF8F63044326L /* 542 */, 0x9E5C52325ADD3BBEL /* 543 */, - 0x90AA53CF325C4623L /* 544 */, 0xC1D24D51349DD067L /* 545 */, - 0x2051CFEEA69EA624L /* 546 */, 0x13220F0A862E7E4FL /* 547 */, - 0xCE39399404E04864L /* 548 */, 0xD9C42CA47086FCB7L /* 549 */, - 0x685AD2238A03E7CCL /* 550 */, 0x066484B2AB2FF1DBL /* 551 */, - 0xFE9D5D70EFBF79ECL /* 552 */, 0x5B13B9DD9C481854L /* 553 */, - 0x15F0D475ED1509ADL /* 554 */, 0x0BEBCD060EC79851L /* 555 */, - 0xD58C6791183AB7F8L /* 556 */, 0xD1187C5052F3EEE4L /* 557 */, - 0xC95D1192E54E82FFL /* 558 */, 0x86EEA14CB9AC6CA2L /* 559 */, - 0x3485BEB153677D5DL /* 560 */, 0xDD191D781F8C492AL /* 561 */, - 0xF60866BAA784EBF9L /* 562 */, 0x518F643BA2D08C74L /* 563 */, - 0x8852E956E1087C22L /* 564 */, 0xA768CB8DC410AE8DL /* 565 */, - 0x38047726BFEC8E1AL /* 566 */, 0xA67738B4CD3B45AAL /* 567 */, - 0xAD16691CEC0DDE19L /* 568 */, 0xC6D4319380462E07L /* 569 */, - 0xC5A5876D0BA61938L /* 570 */, 0x16B9FA1FA58FD840L /* 571 */, - 0x188AB1173CA74F18L /* 572 */, 0xABDA2F98C99C021FL /* 573 */, - 0x3E0580AB134AE816L /* 574 */, 0x5F3B05B773645ABBL /* 575 */, - 0x2501A2BE5575F2F6L /* 576 */, 0x1B2F74004E7E8BA9L /* 577 */, - 0x1CD7580371E8D953L /* 578 */, 0x7F6ED89562764E30L /* 579 */, - 0xB15926FF596F003DL /* 580 */, 0x9F65293DA8C5D6B9L /* 581 */, - 0x6ECEF04DD690F84CL /* 582 */, 0x4782275FFF33AF88L /* 583 */, - 0xE41433083F820801L /* 584 */, 0xFD0DFE409A1AF9B5L /* 585 */, - 0x4325A3342CDB396BL /* 586 */, 0x8AE77E62B301B252L /* 587 */, - 0xC36F9E9F6655615AL /* 588 */, 0x85455A2D92D32C09L /* 589 */, - 0xF2C7DEA949477485L /* 590 */, 0x63CFB4C133A39EBAL /* 591 */, - 0x83B040CC6EBC5462L /* 592 */, 0x3B9454C8FDB326B0L /* 593 */, - 0x56F56A9E87FFD78CL /* 594 */, 0x2DC2940D99F42BC6L /* 595 */, - 0x98F7DF096B096E2DL /* 596 */, 0x19A6E01E3AD852BFL /* 597 */, - 0x42A99CCBDBD4B40BL /* 598 */, 0xA59998AF45E9C559L /* 599 */, - 0x366295E807D93186L /* 600 */, 0x6B48181BFAA1F773L /* 601 */, - 0x1FEC57E2157A0A1DL /* 602 */, 0x4667446AF6201AD5L /* 603 */, - 0xE615EBCACFB0F075L /* 604 */, 0xB8F31F4F68290778L /* 605 */, - 0x22713ED6CE22D11EL /* 606 */, 0x3057C1A72EC3C93BL /* 607 */, - 0xCB46ACC37C3F1F2FL /* 608 */, 0xDBB893FD02AAF50EL /* 609 */, - 0x331FD92E600B9FCFL /* 610 */, 0xA498F96148EA3AD6L /* 611 */, - 0xA8D8426E8B6A83EAL /* 612 */, 0xA089B274B7735CDCL /* 613 */, - 0x87F6B3731E524A11L /* 614 */, 0x118808E5CBC96749L /* 615 */, - 0x9906E4C7B19BD394L /* 616 */, 0xAFED7F7E9B24A20CL /* 617 */, - 0x6509EADEEB3644A7L /* 618 */, 0x6C1EF1D3E8EF0EDEL /* 619 */, - 0xB9C97D43E9798FB4L /* 620 */, 0xA2F2D784740C28A3L /* 621 */, - 0x7B8496476197566FL /* 622 */, 0x7A5BE3E6B65F069DL /* 623 */, - 0xF96330ED78BE6F10L /* 624 */, 0xEEE60DE77A076A15L /* 625 */, - 0x2B4BEE4AA08B9BD0L /* 626 */, 0x6A56A63EC7B8894EL /* 627 */, - 0x02121359BA34FEF4L /* 628 */, 0x4CBF99F8283703FCL /* 629 */, - 0x398071350CAF30C8L /* 630 */, 0xD0A77A89F017687AL /* 631 */, - 0xF1C1A9EB9E423569L /* 632 */, 0x8C7976282DEE8199L /* 633 */, - 0x5D1737A5DD1F7ABDL /* 634 */, 0x4F53433C09A9FA80L /* 635 */, - 0xFA8B0C53DF7CA1D9L /* 636 */, 0x3FD9DCBC886CCB77L /* 637 */, - 0xC040917CA91B4720L /* 638 */, 0x7DD00142F9D1DCDFL /* 639 */, - 0x8476FC1D4F387B58L /* 640 */, 0x23F8E7C5F3316503L /* 641 */, - 0x032A2244E7E37339L /* 642 */, 0x5C87A5D750F5A74BL /* 643 */, - 0x082B4CC43698992EL /* 644 */, 0xDF917BECB858F63CL /* 645 */, - 0x3270B8FC5BF86DDAL /* 646 */, 0x10AE72BB29B5DD76L /* 647 */, - 0x576AC94E7700362BL /* 648 */, 0x1AD112DAC61EFB8FL /* 649 */, - 0x691BC30EC5FAA427L /* 650 */, 0xFF246311CC327143L /* 651 */, - 0x3142368E30E53206L /* 652 */, 0x71380E31E02CA396L /* 653 */, - 0x958D5C960AAD76F1L /* 654 */, 0xF8D6F430C16DA536L /* 655 */, - 0xC8FFD13F1BE7E1D2L /* 656 */, 0x7578AE66004DDBE1L /* 657 */, - 0x05833F01067BE646L /* 658 */, 0xBB34B5AD3BFE586DL /* 659 */, - 0x095F34C9A12B97F0L /* 660 */, 0x247AB64525D60CA8L /* 661 */, - 0xDCDBC6F3017477D1L /* 662 */, 0x4A2E14D4DECAD24DL /* 663 */, - 0xBDB5E6D9BE0A1EEBL /* 664 */, 0x2A7E70F7794301ABL /* 665 */, - 0xDEF42D8A270540FDL /* 666 */, 0x01078EC0A34C22C1L /* 667 */, - 0xE5DE511AF4C16387L /* 668 */, 0x7EBB3A52BD9A330AL /* 669 */, - 0x77697857AA7D6435L /* 670 */, 0x004E831603AE4C32L /* 671 */, - 0xE7A21020AD78E312L /* 672 */, 0x9D41A70C6AB420F2L /* 673 */, - 0x28E06C18EA1141E6L /* 674 */, 0xD2B28CBD984F6B28L /* 675 */, - 0x26B75F6C446E9D83L /* 676 */, 0xBA47568C4D418D7FL /* 677 */, - 0xD80BADBFE6183D8EL /* 678 */, 0x0E206D7F5F166044L /* 679 */, - 0xE258A43911CBCA3EL /* 680 */, 0x723A1746B21DC0BCL /* 681 */, - 0xC7CAA854F5D7CDD3L /* 682 */, 0x7CAC32883D261D9CL /* 683 */, - 0x7690C26423BA942CL /* 684 */, 0x17E55524478042B8L /* 685 */, - 0xE0BE477656A2389FL /* 686 */, 0x4D289B5E67AB2DA0L /* 687 */, - 0x44862B9C8FBBFD31L /* 688 */, 0xB47CC8049D141365L /* 689 */, - 0x822C1B362B91C793L /* 690 */, 0x4EB14655FB13DFD8L /* 691 */, - 0x1ECBBA0714E2A97BL /* 692 */, 0x6143459D5CDE5F14L /* 693 */, - 0x53A8FBF1D5F0AC89L /* 694 */, 0x97EA04D81C5E5B00L /* 695 */, - 0x622181A8D4FDB3F3L /* 696 */, 0xE9BCD341572A1208L /* 697 */, - 0x1411258643CCE58AL /* 698 */, 0x9144C5FEA4C6E0A4L /* 699 */, - 0x0D33D06565CF620FL /* 700 */, 0x54A48D489F219CA1L /* 701 */, - 0xC43E5EAC6D63C821L /* 702 */, 0xA9728B3A72770DAFL /* 703 */, - 0xD7934E7B20DF87EFL /* 704 */, 0xE35503B61A3E86E5L /* 705 */, - 0xCAE321FBC819D504L /* 706 */, 0x129A50B3AC60BFA6L /* 707 */, - 0xCD5E68EA7E9FB6C3L /* 708 */, 0xB01C90199483B1C7L /* 709 */, - 0x3DE93CD5C295376CL /* 710 */, 0xAED52EDF2AB9AD13L /* 711 */, - 0x2E60F512C0A07884L /* 712 */, 0xBC3D86A3E36210C9L /* 713 */, - 0x35269D9B163951CEL /* 714 */, 0x0C7D6E2AD0CDB5FAL /* 715 */, - 0x59E86297D87F5733L /* 716 */, 0x298EF221898DB0E7L /* 717 */, - 0x55000029D1A5AA7EL /* 718 */, 0x8BC08AE1B5061B45L /* 719 */, - 0xC2C31C2B6C92703AL /* 720 */, 0x94CC596BAF25EF42L /* 721 */, - 0x0A1D73DB22540456L /* 722 */, 0x04B6A0F9D9C4179AL /* 723 */, - 0xEFFDAFA2AE3D3C60L /* 724 */, 0xF7C8075BB49496C4L /* 725 */, - 0x9CC5C7141D1CD4E3L /* 726 */, 0x78BD1638218E5534L /* 727 */, - 0xB2F11568F850246AL /* 728 */, 0xEDFABCFA9502BC29L /* 729 */, - 0x796CE5F2DA23051BL /* 730 */, 0xAAE128B0DC93537CL /* 731 */, - 0x3A493DA0EE4B29AEL /* 732 */, 0xB5DF6B2C416895D7L /* 733 */, - 0xFCABBD25122D7F37L /* 734 */, 0x70810B58105DC4B1L /* 735 */, - 0xE10FDD37F7882A90L /* 736 */, 0x524DCAB5518A3F5CL /* 737 */, - 0x3C9E85878451255BL /* 738 */, 0x4029828119BD34E2L /* 739 */, - 0x74A05B6F5D3CECCBL /* 740 */, 0xB610021542E13ECAL /* 741 */, - 0x0FF979D12F59E2ACL /* 742 */, 0x6037DA27E4F9CC50L /* 743 */, - 0x5E92975A0DF1847DL /* 744 */, 0xD66DE190D3E623FEL /* 745 */, - 0x5032D6B87B568048L /* 746 */, 0x9A36B7CE8235216EL /* 747 */, - 0x80272A7A24F64B4AL /* 748 */, 0x93EFED8B8C6916F7L /* 749 */, - 0x37DDBFF44CCE1555L /* 750 */, 0x4B95DB5D4B99BD25L /* 751 */, - 0x92D3FDA169812FC0L /* 752 */, 0xFB1A4A9A90660BB6L /* 753 */, - 0x730C196946A4B9B2L /* 754 */, 0x81E289AA7F49DA68L /* 755 */, - 0x64669A0F83B1A05FL /* 756 */, 0x27B3FF7D9644F48BL /* 757 */, - 0xCC6B615C8DB675B3L /* 758 */, 0x674F20B9BCEBBE95L /* 759 */, - 0x6F31238275655982L /* 760 */, 0x5AE488713E45CF05L /* 761 */, - 0xBF619F9954C21157L /* 762 */, 0xEABAC46040A8EAE9L /* 763 */, - 0x454C6FE9F2C0C1CDL /* 764 */, 0x419CF6496412691CL /* 765 */, - 0xD3DC3BEF265B0F70L /* 766 */, 0x6D0E60F5C3578A9EL /* 767 */, - }; - - private static final long[] t4 = { - 0x5B0E608526323C55L /* 768 */, 0x1A46C1A9FA1B59F5L /* 769 */, - 0xA9E245A17C4C8FFAL /* 770 */, 0x65CA5159DB2955D7L /* 771 */, - 0x05DB0A76CE35AFC2L /* 772 */, 0x81EAC77EA9113D45L /* 773 */, - 0x528EF88AB6AC0A0DL /* 774 */, 0xA09EA253597BE3FFL /* 775 */, - 0x430DDFB3AC48CD56L /* 776 */, 0xC4B3A67AF45CE46FL /* 777 */, - 0x4ECECFD8FBE2D05EL /* 778 */, 0x3EF56F10B39935F0L /* 779 */, - 0x0B22D6829CD619C6L /* 780 */, 0x17FD460A74DF2069L /* 781 */, - 0x6CF8CC8E8510ED40L /* 782 */, 0xD6C824BF3A6ECAA7L /* 783 */, - 0x61243D581A817049L /* 784 */, 0x048BACB6BBC163A2L /* 785 */, - 0xD9A38AC27D44CC32L /* 786 */, 0x7FDDFF5BAAF410ABL /* 787 */, - 0xAD6D495AA804824BL /* 788 */, 0xE1A6A74F2D8C9F94L /* 789 */, - 0xD4F7851235DEE8E3L /* 790 */, 0xFD4B7F886540D893L /* 791 */, - 0x247C20042AA4BFDAL /* 792 */, 0x096EA1C517D1327CL /* 793 */, - 0xD56966B4361A6685L /* 794 */, 0x277DA5C31221057DL /* 795 */, - 0x94D59893A43ACFF7L /* 796 */, 0x64F0C51CCDC02281L /* 797 */, - 0x3D33BCC4FF6189DBL /* 798 */, 0xE005CB184CE66AF1L /* 799 */, - 0xFF5CCD1D1DB99BEAL /* 800 */, 0xB0B854A7FE42980FL /* 801 */, - 0x7BD46A6A718D4B9FL /* 802 */, 0xD10FA8CC22A5FD8CL /* 803 */, - 0xD31484952BE4BD31L /* 804 */, 0xC7FA975FCB243847L /* 805 */, - 0x4886ED1E5846C407L /* 806 */, 0x28CDDB791EB70B04L /* 807 */, - 0xC2B00BE2F573417FL /* 808 */, 0x5C9590452180F877L /* 809 */, - 0x7A6BDDFFF370EB00L /* 810 */, 0xCE509E38D6D9D6A4L /* 811 */, - 0xEBEB0F00647FA702L /* 812 */, 0x1DCC06CF76606F06L /* 813 */, - 0xE4D9F28BA286FF0AL /* 814 */, 0xD85A305DC918C262L /* 815 */, - 0x475B1D8732225F54L /* 816 */, 0x2D4FB51668CCB5FEL /* 817 */, - 0xA679B9D9D72BBA20L /* 818 */, 0x53841C0D912D43A5L /* 819 */, - 0x3B7EAA48BF12A4E8L /* 820 */, 0x781E0E47F22F1DDFL /* 821 */, - 0xEFF20CE60AB50973L /* 822 */, 0x20D261D19DFFB742L /* 823 */, - 0x16A12B03062A2E39L /* 824 */, 0x1960EB2239650495L /* 825 */, - 0x251C16FED50EB8B8L /* 826 */, 0x9AC0C330F826016EL /* 827 */, - 0xED152665953E7671L /* 828 */, 0x02D63194A6369570L /* 829 */, - 0x5074F08394B1C987L /* 830 */, 0x70BA598C90B25CE1L /* 831 */, - 0x794A15810B9742F6L /* 832 */, 0x0D5925E9FCAF8C6CL /* 833 */, - 0x3067716CD868744EL /* 834 */, 0x910AB077E8D7731BL /* 835 */, - 0x6A61BBDB5AC42F61L /* 836 */, 0x93513EFBF0851567L /* 837 */, - 0xF494724B9E83E9D5L /* 838 */, 0xE887E1985C09648DL /* 839 */, - 0x34B1D3C675370CFDL /* 840 */, 0xDC35E433BC0D255DL /* 841 */, - 0xD0AAB84234131BE0L /* 842 */, 0x08042A50B48B7EAFL /* 843 */, - 0x9997C4EE44A3AB35L /* 844 */, 0x829A7B49201799D0L /* 845 */, - 0x263B8307B7C54441L /* 846 */, 0x752F95F4FD6A6CA6L /* 847 */, - 0x927217402C08C6E5L /* 848 */, 0x2A8AB754A795D9EEL /* 849 */, - 0xA442F7552F72943DL /* 850 */, 0x2C31334E19781208L /* 851 */, - 0x4FA98D7CEAEE6291L /* 852 */, 0x55C3862F665DB309L /* 853 */, - 0xBD0610175D53B1F3L /* 854 */, 0x46FE6CB840413F27L /* 855 */, - 0x3FE03792DF0CFA59L /* 856 */, 0xCFE700372EB85E8FL /* 857 */, - 0xA7BE29E7ADBCE118L /* 858 */, 0xE544EE5CDE8431DDL /* 859 */, - 0x8A781B1B41F1873EL /* 860 */, 0xA5C94C78A0D2F0E7L /* 861 */, - 0x39412E2877B60728L /* 862 */, 0xA1265EF3AFC9A62CL /* 863 */, - 0xBCC2770C6A2506C5L /* 864 */, 0x3AB66DD5DCE1CE12L /* 865 */, - 0xE65499D04A675B37L /* 866 */, 0x7D8F523481BFD216L /* 867 */, - 0x0F6F64FCEC15F389L /* 868 */, 0x74EFBE618B5B13C8L /* 869 */, - 0xACDC82B714273E1DL /* 870 */, 0xDD40BFE003199D17L /* 871 */, - 0x37E99257E7E061F8L /* 872 */, 0xFA52626904775AAAL /* 873 */, - 0x8BBBF63A463D56F9L /* 874 */, 0xF0013F1543A26E64L /* 875 */, - 0xA8307E9F879EC898L /* 876 */, 0xCC4C27A4150177CCL /* 877 */, - 0x1B432F2CCA1D3348L /* 878 */, 0xDE1D1F8F9F6FA013L /* 879 */, - 0x606602A047A7DDD6L /* 880 */, 0xD237AB64CC1CB2C7L /* 881 */, - 0x9B938E7225FCD1D3L /* 882 */, 0xEC4E03708E0FF476L /* 883 */, - 0xFEB2FBDA3D03C12DL /* 884 */, 0xAE0BCED2EE43889AL /* 885 */, - 0x22CB8923EBFB4F43L /* 886 */, 0x69360D013CF7396DL /* 887 */, - 0x855E3602D2D4E022L /* 888 */, 0x073805BAD01F784CL /* 889 */, - 0x33E17A133852F546L /* 890 */, 0xDF4874058AC7B638L /* 891 */, - 0xBA92B29C678AA14AL /* 892 */, 0x0CE89FC76CFAADCDL /* 893 */, - 0x5F9D4E0908339E34L /* 894 */, 0xF1AFE9291F5923B9L /* 895 */, - 0x6E3480F60F4A265FL /* 896 */, 0xEEBF3A2AB29B841CL /* 897 */, - 0xE21938A88F91B4ADL /* 898 */, 0x57DFEFF845C6D3C3L /* 899 */, - 0x2F006B0BF62CAAF2L /* 900 */, 0x62F479EF6F75EE78L /* 901 */, - 0x11A55AD41C8916A9L /* 902 */, 0xF229D29084FED453L /* 903 */, - 0x42F1C27B16B000E6L /* 904 */, 0x2B1F76749823C074L /* 905 */, - 0x4B76ECA3C2745360L /* 906 */, 0x8C98F463B91691BDL /* 907 */, - 0x14BCC93CF1ADE66AL /* 908 */, 0x8885213E6D458397L /* 909 */, - 0x8E177DF0274D4711L /* 910 */, 0xB49B73B5503F2951L /* 911 */, - 0x10168168C3F96B6BL /* 912 */, 0x0E3D963B63CAB0AEL /* 913 */, - 0x8DFC4B5655A1DB14L /* 914 */, 0xF789F1356E14DE5CL /* 915 */, - 0x683E68AF4E51DAC1L /* 916 */, 0xC9A84F9D8D4B0FD9L /* 917 */, - 0x3691E03F52A0F9D1L /* 918 */, 0x5ED86E46E1878E80L /* 919 */, - 0x3C711A0E99D07150L /* 920 */, 0x5A0865B20C4E9310L /* 921 */, - 0x56FBFC1FE4F0682EL /* 922 */, 0xEA8D5DE3105EDF9BL /* 923 */, - 0x71ABFDB12379187AL /* 924 */, 0x2EB99DE1BEE77B9CL /* 925 */, - 0x21ECC0EA33CF4523L /* 926 */, 0x59A4D7521805C7A1L /* 927 */, - 0x3896F5EB56AE7C72L /* 928 */, 0xAA638F3DB18F75DCL /* 929 */, - 0x9F39358DABE9808EL /* 930 */, 0xB7DEFA91C00B72ACL /* 931 */, - 0x6B5541FD62492D92L /* 932 */, 0x6DC6DEE8F92E4D5BL /* 933 */, - 0x353F57ABC4BEEA7EL /* 934 */, 0x735769D6DA5690CEL /* 935 */, - 0x0A234AA642391484L /* 936 */, 0xF6F9508028F80D9DL /* 937 */, - 0xB8E319A27AB3F215L /* 938 */, 0x31AD9C1151341A4DL /* 939 */, - 0x773C22A57BEF5805L /* 940 */, 0x45C7561A07968633L /* 941 */, - 0xF913DA9E249DBE36L /* 942 */, 0xDA652D9B78A64C68L /* 943 */, - 0x4C27A97F3BC334EFL /* 944 */, 0x76621220E66B17F4L /* 945 */, - 0x967743899ACD7D0BL /* 946 */, 0xF3EE5BCAE0ED6782L /* 947 */, - 0x409F753600C879FCL /* 948 */, 0x06D09A39B5926DB6L /* 949 */, - 0x6F83AEB0317AC588L /* 950 */, 0x01E6CA4A86381F21L /* 951 */, - 0x66FF3462D19F3025L /* 952 */, 0x72207C24DDFD3BFBL /* 953 */, - 0x4AF6B6D3E2ECE2EBL /* 954 */, 0x9C994DBEC7EA08DEL /* 955 */, - 0x49ACE597B09A8BC4L /* 956 */, 0xB38C4766CF0797BAL /* 957 */, - 0x131B9373C57C2A75L /* 958 */, 0xB1822CCE61931E58L /* 959 */, - 0x9D7555B909BA1C0CL /* 960 */, 0x127FAFDD937D11D2L /* 961 */, - 0x29DA3BADC66D92E4L /* 962 */, 0xA2C1D57154C2ECBCL /* 963 */, - 0x58C5134D82F6FE24L /* 964 */, 0x1C3AE3515B62274FL /* 965 */, - 0xE907C82E01CB8126L /* 966 */, 0xF8ED091913E37FCBL /* 967 */, - 0x3249D8F9C80046C9L /* 968 */, 0x80CF9BEDE388FB63L /* 969 */, - 0x1881539A116CF19EL /* 970 */, 0x5103F3F76BD52457L /* 971 */, - 0x15B7E6F5AE47F7A8L /* 972 */, 0xDBD7C6DED47E9CCFL /* 973 */, - 0x44E55C410228BB1AL /* 974 */, 0xB647D4255EDB4E99L /* 975 */, - 0x5D11882BB8AAFC30L /* 976 */, 0xF5098BBB29D3212AL /* 977 */, - 0x8FB5EA14E90296B3L /* 978 */, 0x677B942157DD025AL /* 979 */, - 0xFB58E7C0A390ACB5L /* 980 */, 0x89D3674C83BD4A01L /* 981 */, - 0x9E2DA4DF4BF3B93BL /* 982 */, 0xFCC41E328CAB4829L /* 983 */, - 0x03F38C96BA582C52L /* 984 */, 0xCAD1BDBD7FD85DB2L /* 985 */, - 0xBBB442C16082AE83L /* 986 */, 0xB95FE86BA5DA9AB0L /* 987 */, - 0xB22E04673771A93FL /* 988 */, 0x845358C9493152D8L /* 989 */, - 0xBE2A488697B4541EL /* 990 */, 0x95A2DC2DD38E6966L /* 991 */, - 0xC02C11AC923C852BL /* 992 */, 0x2388B1990DF2A87BL /* 993 */, - 0x7C8008FA1B4F37BEL /* 994 */, 0x1F70D0C84D54E503L /* 995 */, - 0x5490ADEC7ECE57D4L /* 996 */, 0x002B3C27D9063A3AL /* 997 */, - 0x7EAEA3848030A2BFL /* 998 */, 0xC602326DED2003C0L /* 999 */, - 0x83A7287D69A94086L /* 1000 */, 0xC57A5FCB30F57A8AL /* 1001 */, - 0xB56844E479EBE779L /* 1002 */, 0xA373B40F05DCBCE9L /* 1003 */, - 0xD71A786E88570EE2L /* 1004 */, 0x879CBACDBDE8F6A0L /* 1005 */, - 0x976AD1BCC164A32FL /* 1006 */, 0xAB21E25E9666D78BL /* 1007 */, - 0x901063AAE5E5C33CL /* 1008 */, 0x9818B34448698D90L /* 1009 */, - 0xE36487AE3E1E8ABBL /* 1010 */, 0xAFBDF931893BDCB4L /* 1011 */, - 0x6345A0DC5FBBD519L /* 1012 */, 0x8628FE269B9465CAL /* 1013 */, - 0x1E5D01603F9C51ECL /* 1014 */, 0x4DE44006A15049B7L /* 1015 */, - 0xBF6C70E5F776CBB1L /* 1016 */, 0x411218F2EF552BEDL /* 1017 */, - 0xCB0C0708705A36A3L /* 1018 */, 0xE74D14754F986044L /* 1019 */, - 0xCD56D9430EA8280EL /* 1020 */, 0xC12591D7535F5065L /* 1021 */, - 0xC83223F1720AEF96L /* 1022 */, 0xC3A0396F7363A51FL /* 1023 */ - }; - - private static final int DIGEST_LENGTH = 24; - - // - // registers - // - private long a, b, c; - private long byteCount; - - // - // buffers - // - private byte[] buf = new byte[8]; - private int bOff = 0; - - private long[] x = new long[8]; - private int xOff = 0; - - /** - * Standard constructor - */ - public TigerDigest() - { - reset(); - } - - /** - * Copy constructor. This will copy the state of the provided - * message digest. - */ - public TigerDigest(TigerDigest t) - { - this.reset(t); - } - - public String getAlgorithmName() - { - return "Tiger"; - } - - public int getDigestSize() - { - return DIGEST_LENGTH; - } - - private void processWord( - byte[] b, - int off) - { - x[xOff++] = ((long)(b[off + 7] & 0xff) << 56) - | ((long)(b[off + 6] & 0xff) << 48) - | ((long)(b[off + 5] & 0xff) << 40) - | ((long)(b[off + 4] & 0xff) << 32) - | ((long)(b[off + 3] & 0xff) << 24) - | ((long)(b[off + 2] & 0xff) << 16) - | ((long)(b[off + 1] & 0xff) << 8) - | ((b[off + 0] & 0xff)); - - if (xOff == x.length) - { - processBlock(); - } - - bOff = 0; - } - - public void update( - byte in) - { - buf[bOff++] = in; - - if (bOff == buf.length) - { - processWord(buf, 0); - } - - byteCount++; - } - - public void update( - byte[] in, - int inOff, - int len) - { - // - // fill the current word - // - while ((bOff != 0) && (len > 0)) - { - update(in[inOff]); - - inOff++; - len--; - } - - // - // process whole words. - // - while (len > 8) - { - processWord(in, inOff); - - inOff += 8; - len -= 8; - byteCount += 8; - } - - // - // load in the remainder. - // - while (len > 0) - { - update(in[inOff]); - - inOff++; - len--; - } - } - - private void roundABC( - long x, - long mul) - { - c ^= x ; - a -= t1[(int)c & 0xff] ^ t2[(int)(c >> 16) & 0xff] - ^ t3[(int)(c >> 32) & 0xff] ^ t4[(int)(c >> 48) & 0xff]; - b += t4[(int)(c >> 8) & 0xff] ^ t3[(int)(c >> 24) & 0xff] - ^ t2[(int)(c >> 40) & 0xff] ^ t1[(int)(c >> 56) & 0xff]; - b *= mul; - } - - private void roundBCA( - long x, - long mul) - { - a ^= x ; - b -= t1[(int)a & 0xff] ^ t2[(int)(a >> 16) & 0xff] - ^ t3[(int)(a >> 32) & 0xff] ^ t4[(int)(a >> 48) & 0xff]; - c += t4[(int)(a >> 8) & 0xff] ^ t3[(int)(a >> 24) & 0xff] - ^ t2[(int)(a >> 40) & 0xff] ^ t1[(int)(a >> 56) & 0xff]; - c *= mul; - } - - private void roundCAB( - long x, - long mul) - { - b ^= x ; - c -= t1[(int)b & 0xff] ^ t2[(int)(b >> 16) & 0xff] - ^ t3[(int)(b >> 32) & 0xff] ^ t4[(int)(b >> 48) & 0xff]; - a += t4[(int)(b >> 8) & 0xff] ^ t3[(int)(b >> 24) & 0xff] - ^ t2[(int)(b >> 40) & 0xff] ^ t1[(int)(b >> 56) & 0xff]; - a *= mul; - } - - private void keySchedule() - { - x[0] -= x[7] ^ 0xA5A5A5A5A5A5A5A5L; - x[1] ^= x[0]; - x[2] += x[1]; - x[3] -= x[2] ^ ((~x[1]) << 19); - x[4] ^= x[3]; - x[5] += x[4]; - x[6] -= x[5] ^ ((~x[4]) >>> 23); - x[7] ^= x[6]; - x[0] += x[7]; - x[1] -= x[0] ^ ((~x[7]) << 19); - x[2] ^= x[1]; - x[3] += x[2]; - x[4] -= x[3] ^ ((~x[2]) >>> 23); - x[5] ^= x[4]; - x[6] += x[5]; - x[7] -= x[6] ^ 0x0123456789ABCDEFL; - } - - private void processBlock() - { - // - // save abc - // - long aa = a; - long bb = b; - long cc = c; - - // - // rounds and schedule - // - roundABC(x[0], 5); - roundBCA(x[1], 5); - roundCAB(x[2], 5); - roundABC(x[3], 5); - roundBCA(x[4], 5); - roundCAB(x[5], 5); - roundABC(x[6], 5); - roundBCA(x[7], 5); - - keySchedule(); - - roundCAB(x[0], 7); - roundABC(x[1], 7); - roundBCA(x[2], 7); - roundCAB(x[3], 7); - roundABC(x[4], 7); - roundBCA(x[5], 7); - roundCAB(x[6], 7); - roundABC(x[7], 7); - - keySchedule(); - - roundBCA(x[0], 9); - roundCAB(x[1], 9); - roundABC(x[2], 9); - roundBCA(x[3], 9); - roundCAB(x[4], 9); - roundABC(x[5], 9); - roundBCA(x[6], 9); - roundCAB(x[7], 9); - - // - // feed forward - // - a ^= aa; - b -= bb; - c += cc; - - // - // clear the x buffer - // - xOff = 0; - for (int i = 0; i != x.length; i++) - { - x[i] = 0; - } - } - - public void unpackWord( - long r, - byte[] out, - int outOff) - { - out[outOff + 7] = (byte)(r >> 56); - out[outOff + 6] = (byte)(r >> 48); - out[outOff + 5] = (byte)(r >> 40); - out[outOff + 4] = (byte)(r >> 32); - out[outOff + 3] = (byte)(r >> 24); - out[outOff + 2] = (byte)(r >> 16); - out[outOff + 1] = (byte)(r >> 8); - out[outOff] = (byte)r; - } - - private void processLength( - long bitLength) - { - x[7] = bitLength; - } - - private void finish() - { - long bitLength = (byteCount << 3); - - update((byte)0x01); - - while (bOff != 0) - { - update((byte)0); - } - - processLength(bitLength); - - processBlock(); - } - - public int doFinal( - byte[] out, - int outOff) - { - finish(); - - unpackWord(a, out, outOff); - unpackWord(b, out, outOff + 8); - unpackWord(c, out, outOff + 16); - - reset(); - - return DIGEST_LENGTH; - } - - /** - * reset the chaining variables - */ - public void reset() - { - a = 0x0123456789ABCDEFL; - b = 0xFEDCBA9876543210L; - c = 0xF096A5B4C3B2E187L; - - xOff = 0; - for (int i = 0; i != x.length; i++) - { - x[i] = 0; - } - - bOff = 0; - for (int i = 0; i != buf.length; i++) - { - buf[i] = 0; - } - - byteCount = 0; - } - - public int getByteLength() - { - return BYTE_LENGTH; - } - - public Memoable copy() - { - return new TigerDigest(this); - } - - public void reset(Memoable other) - { - TigerDigest t = (TigerDigest)other; - - a = t.a; - b = t.b; - c = t.c; - - System.arraycopy(t.x, 0, x, 0, t.x.length); - xOff = t.xOff; - - System.arraycopy(t.buf, 0, buf, 0, t.buf.length); - bOff = t.bOff; - - byteCount = t.byteCount; - } -} diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/WhirlpoolDigest.java b/core/src/main/java/org/bouncycastle/crypto/digests/WhirlpoolDigest.java deleted file mode 100644 index 11e884cd..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/digests/WhirlpoolDigest.java +++ /dev/null @@ -1,409 +0,0 @@ -package org.bouncycastle.crypto.digests; - -import org.bouncycastle.crypto.ExtendedDigest; -import org.bouncycastle.util.Arrays; -import org.bouncycastle.util.Memoable; - - -/** - * Implementation of WhirlpoolDigest, based on Java source published by Barreto - * and Rijmen. - * - */ -public final class WhirlpoolDigest - implements ExtendedDigest, Memoable -{ - private static final int BYTE_LENGTH = 64; - - private static final int DIGEST_LENGTH_BYTES = 512 / 8; - private static final int ROUNDS = 10; - private static final int REDUCTION_POLYNOMIAL = 0x011d; // 2^8 + 2^4 + 2^3 + 2 + 1; - - private static final int[] SBOX = { - 0x18, 0x23, 0xc6, 0xe8, 0x87, 0xb8, 0x01, 0x4f, 0x36, 0xa6, 0xd2, 0xf5, 0x79, 0x6f, 0x91, 0x52, - 0x60, 0xbc, 0x9b, 0x8e, 0xa3, 0x0c, 0x7b, 0x35, 0x1d, 0xe0, 0xd7, 0xc2, 0x2e, 0x4b, 0xfe, 0x57, - 0x15, 0x77, 0x37, 0xe5, 0x9f, 0xf0, 0x4a, 0xda, 0x58, 0xc9, 0x29, 0x0a, 0xb1, 0xa0, 0x6b, 0x85, - 0xbd, 0x5d, 0x10, 0xf4, 0xcb, 0x3e, 0x05, 0x67, 0xe4, 0x27, 0x41, 0x8b, 0xa7, 0x7d, 0x95, 0xd8, - 0xfb, 0xee, 0x7c, 0x66, 0xdd, 0x17, 0x47, 0x9e, 0xca, 0x2d, 0xbf, 0x07, 0xad, 0x5a, 0x83, 0x33, - 0x63, 0x02, 0xaa, 0x71, 0xc8, 0x19, 0x49, 0xd9, 0xf2, 0xe3, 0x5b, 0x88, 0x9a, 0x26, 0x32, 0xb0, - 0xe9, 0x0f, 0xd5, 0x80, 0xbe, 0xcd, 0x34, 0x48, 0xff, 0x7a, 0x90, 0x5f, 0x20, 0x68, 0x1a, 0xae, - 0xb4, 0x54, 0x93, 0x22, 0x64, 0xf1, 0x73, 0x12, 0x40, 0x08, 0xc3, 0xec, 0xdb, 0xa1, 0x8d, 0x3d, - 0x97, 0x00, 0xcf, 0x2b, 0x76, 0x82, 0xd6, 0x1b, 0xb5, 0xaf, 0x6a, 0x50, 0x45, 0xf3, 0x30, 0xef, - 0x3f, 0x55, 0xa2, 0xea, 0x65, 0xba, 0x2f, 0xc0, 0xde, 0x1c, 0xfd, 0x4d, 0x92, 0x75, 0x06, 0x8a, - 0xb2, 0xe6, 0x0e, 0x1f, 0x62, 0xd4, 0xa8, 0x96, 0xf9, 0xc5, 0x25, 0x59, 0x84, 0x72, 0x39, 0x4c, - 0x5e, 0x78, 0x38, 0x8c, 0xd1, 0xa5, 0xe2, 0x61, 0xb3, 0x21, 0x9c, 0x1e, 0x43, 0xc7, 0xfc, 0x04, - 0x51, 0x99, 0x6d, 0x0d, 0xfa, 0xdf, 0x7e, 0x24, 0x3b, 0xab, 0xce, 0x11, 0x8f, 0x4e, 0xb7, 0xeb, - 0x3c, 0x81, 0x94, 0xf7, 0xb9, 0x13, 0x2c, 0xd3, 0xe7, 0x6e, 0xc4, 0x03, 0x56, 0x44, 0x7f, 0xa9, - 0x2a, 0xbb, 0xc1, 0x53, 0xdc, 0x0b, 0x9d, 0x6c, 0x31, 0x74, 0xf6, 0x46, 0xac, 0x89, 0x14, 0xe1, - 0x16, 0x3a, 0x69, 0x09, 0x70, 0xb6, 0xd0, 0xed, 0xcc, 0x42, 0x98, 0xa4, 0x28, 0x5c, 0xf8, 0x86 - }; - - private static final long[] C0 = new long[256]; - private static final long[] C1 = new long[256]; - private static final long[] C2 = new long[256]; - private static final long[] C3 = new long[256]; - private static final long[] C4 = new long[256]; - private static final long[] C5 = new long[256]; - private static final long[] C6 = new long[256]; - private static final long[] C7 = new long[256]; - - private final long[] _rc = new long[ROUNDS + 1]; - - public WhirlpoolDigest() - { - for (int i = 0; i < 256; i++) - { - int v1 = SBOX[i]; - int v2 = maskWithReductionPolynomial(v1 << 1); - int v4 = maskWithReductionPolynomial(v2 << 1); - int v5 = v4 ^ v1; - int v8 = maskWithReductionPolynomial(v4 << 1); - int v9 = v8 ^ v1; - - C0[i] = packIntoLong(v1, v1, v4, v1, v8, v5, v2, v9); - C1[i] = packIntoLong(v9, v1, v1, v4, v1, v8, v5, v2); - C2[i] = packIntoLong(v2, v9, v1, v1, v4, v1, v8, v5); - C3[i] = packIntoLong(v5, v2, v9, v1, v1, v4, v1, v8); - C4[i] = packIntoLong(v8, v5, v2, v9, v1, v1, v4, v1); - C5[i] = packIntoLong(v1, v8, v5, v2, v9, v1, v1, v4); - C6[i] = packIntoLong(v4, v1, v8, v5, v2, v9, v1, v1); - C7[i] = packIntoLong(v1, v4, v1, v8, v5, v2, v9, v1); - - } - - _rc[0] = 0L; - for (int r = 1; r <= ROUNDS; r++) - { - int i = 8 * (r - 1); - _rc[r] = (C0[i ] & 0xff00000000000000L) ^ - (C1[i + 1] & 0x00ff000000000000L) ^ - (C2[i + 2] & 0x0000ff0000000000L) ^ - (C3[i + 3] & 0x000000ff00000000L) ^ - (C4[i + 4] & 0x00000000ff000000L) ^ - (C5[i + 5] & 0x0000000000ff0000L) ^ - (C6[i + 6] & 0x000000000000ff00L) ^ - (C7[i + 7] & 0x00000000000000ffL); - } - - } - - private long packIntoLong(int b7, int b6, int b5, int b4, int b3, int b2, int b1, int b0) - { - return - ((long)b7 << 56) ^ - ((long)b6 << 48) ^ - ((long)b5 << 40) ^ - ((long)b4 << 32) ^ - ((long)b3 << 24) ^ - ((long)b2 << 16) ^ - ((long)b1 << 8) ^ - b0; - } - - /* - * int's are used to prevent sign extension. The values that are really being used are - * actually just 0..255 - */ - private int maskWithReductionPolynomial(int input) - { - int rv = input; - if (rv >= 0x100L) // high bit set - { - rv ^= REDUCTION_POLYNOMIAL; // reduced by the polynomial - } - return rv; - } - - // --------------------------------------------------------------------------------------// - - // -- buffer information -- - private static final int BITCOUNT_ARRAY_SIZE = 32; - private byte[] _buffer = new byte[64]; - private int _bufferPos = 0; - private short[] _bitCount = new short[BITCOUNT_ARRAY_SIZE]; - - // -- internal hash state -- - private long[] _hash = new long[8]; - private long[] _K = new long[8]; // the round key - private long[] _L = new long[8]; - private long[] _block = new long[8]; // mu (buffer) - private long[] _state = new long[8]; // the current "cipher" state - - - - /** - * Copy constructor. This will copy the state of the provided message - * digest. - */ - public WhirlpoolDigest(WhirlpoolDigest originalDigest) - { - reset(originalDigest); - } - - public String getAlgorithmName() - { - return "Whirlpool"; - } - - public int getDigestSize() - { - return DIGEST_LENGTH_BYTES; - } - - public int doFinal(byte[] out, int outOff) - { - // sets out[outOff] .. out[outOff+DIGEST_LENGTH_BYTES] - finish(); - - for (int i = 0; i < 8; i++) - { - convertLongToByteArray(_hash[i], out, outOff + (i * 8)); - } - - reset(); - return getDigestSize(); - } - - /** - * reset the chaining variables - */ - public void reset() - { - // set variables to null, blank, whatever - _bufferPos = 0; - Arrays.fill(_bitCount, (short)0); - Arrays.fill(_buffer, (byte)0); - Arrays.fill(_hash, 0); - Arrays.fill(_K, 0); - Arrays.fill(_L, 0); - Arrays.fill(_block, 0); - Arrays.fill(_state, 0); - } - - // this takes a buffer of information and fills the block - private void processFilledBuffer(byte[] in, int inOff) - { - // copies into the block... - for (int i = 0; i < _state.length; i++) - { - _block[i] = bytesToLongFromBuffer(_buffer, i * 8); - } - processBlock(); - _bufferPos = 0; - Arrays.fill(_buffer, (byte)0); - } - - private long bytesToLongFromBuffer(byte[] buffer, int startPos) - { - long rv = (((buffer[startPos + 0] & 0xffL) << 56) | - ((buffer[startPos + 1] & 0xffL) << 48) | - ((buffer[startPos + 2] & 0xffL) << 40) | - ((buffer[startPos + 3] & 0xffL) << 32) | - ((buffer[startPos + 4] & 0xffL) << 24) | - ((buffer[startPos + 5] & 0xffL) << 16) | - ((buffer[startPos + 6] & 0xffL) << 8) | - ((buffer[startPos + 7]) & 0xffL)); - - return rv; - } - - private void convertLongToByteArray(long inputLong, byte[] outputArray, int offSet) - { - for (int i = 0; i < 8; i++) - { - outputArray[offSet + i] = (byte)((inputLong >> (56 - (i * 8))) & 0xff); - } - } - - protected void processBlock() - { - // buffer contents have been transferred to the _block[] array via - // processFilledBuffer - - // compute and apply K^0 - for (int i = 0; i < 8; i++) - { - _state[i] = _block[i] ^ (_K[i] = _hash[i]); - } - - // iterate over the rounds - for (int round = 1; round <= ROUNDS; round++) - { - for (int i = 0; i < 8; i++) - { - _L[i] = 0; - _L[i] ^= C0[(int)(_K[(i - 0) & 7] >>> 56) & 0xff]; - _L[i] ^= C1[(int)(_K[(i - 1) & 7] >>> 48) & 0xff]; - _L[i] ^= C2[(int)(_K[(i - 2) & 7] >>> 40) & 0xff]; - _L[i] ^= C3[(int)(_K[(i - 3) & 7] >>> 32) & 0xff]; - _L[i] ^= C4[(int)(_K[(i - 4) & 7] >>> 24) & 0xff]; - _L[i] ^= C5[(int)(_K[(i - 5) & 7] >>> 16) & 0xff]; - _L[i] ^= C6[(int)(_K[(i - 6) & 7] >>> 8) & 0xff]; - _L[i] ^= C7[(int)(_K[(i - 7) & 7]) & 0xff]; - } - - System.arraycopy(_L, 0, _K, 0, _K.length); - - _K[0] ^= _rc[round]; - - // apply the round transformation - for (int i = 0; i < 8; i++) - { - _L[i] = _K[i]; - - _L[i] ^= C0[(int)(_state[(i - 0) & 7] >>> 56) & 0xff]; - _L[i] ^= C1[(int)(_state[(i - 1) & 7] >>> 48) & 0xff]; - _L[i] ^= C2[(int)(_state[(i - 2) & 7] >>> 40) & 0xff]; - _L[i] ^= C3[(int)(_state[(i - 3) & 7] >>> 32) & 0xff]; - _L[i] ^= C4[(int)(_state[(i - 4) & 7] >>> 24) & 0xff]; - _L[i] ^= C5[(int)(_state[(i - 5) & 7] >>> 16) & 0xff]; - _L[i] ^= C6[(int)(_state[(i - 6) & 7] >>> 8) & 0xff]; - _L[i] ^= C7[(int)(_state[(i - 7) & 7]) & 0xff]; - } - - // save the current state - System.arraycopy(_L, 0, _state, 0, _state.length); - } - - // apply Miuaguchi-Preneel compression - for (int i = 0; i < 8; i++) - { - _hash[i] ^= _state[i] ^ _block[i]; - } - - } - - public void update(byte in) - { - _buffer[_bufferPos] = in; - - //System.out.println("adding to buffer = "+_buffer[_bufferPos]); - - ++_bufferPos; - - if (_bufferPos == _buffer.length) - { - processFilledBuffer(_buffer, 0); - } - - increment(); - } - - /* - * increment() can be implemented in this way using 2 arrays or - * by having some temporary variables that are used to set the - * value provided by EIGHT[i] and carry within the loop. - * - * not having done any timing, this seems likely to be faster - * at the slight expense of 32*(sizeof short) bytes - */ - private static final short[] EIGHT = new short[BITCOUNT_ARRAY_SIZE]; - static - { - EIGHT[BITCOUNT_ARRAY_SIZE - 1] = 8; - } - - private void increment() - { - int carry = 0; - for (int i = _bitCount.length - 1; i >= 0; i--) - { - int sum = (_bitCount[i] & 0xff) + EIGHT[i] + carry; - - carry = sum >>> 8; - _bitCount[i] = (short)(sum & 0xff); - } - } - - public void update(byte[] in, int inOff, int len) - { - while (len > 0) - { - update(in[inOff]); - ++inOff; - --len; - } - - } - - private void finish() - { - /* - * this makes a copy of the current bit length. at the expense of an - * object creation of 32 bytes rather than providing a _stopCounting - * boolean which was the alternative I could think of. - */ - byte[] bitLength = copyBitLength(); - - _buffer[_bufferPos++] |= 0x80; - - if (_bufferPos == _buffer.length) - { - processFilledBuffer(_buffer, 0); - } - - /* - * Final block contains - * [ ... data .... ][0][0][0][ length ] - * - * if [ length ] cannot fit. Need to create a new block. - */ - if (_bufferPos > 32) - { - while (_bufferPos != 0) - { - update((byte)0); - } - } - - while (_bufferPos <= 32) - { - update((byte)0); - } - - // copy the length information to the final 32 bytes of the - // 64 byte block.... - System.arraycopy(bitLength, 0, _buffer, 32, bitLength.length); - - processFilledBuffer(_buffer, 0); - } - - private byte[] copyBitLength() - { - byte[] rv = new byte[BITCOUNT_ARRAY_SIZE]; - for (int i = 0; i < rv.length; i++) - { - rv[i] = (byte)(_bitCount[i] & 0xff); - } - return rv; - } - - public int getByteLength() - { - return BYTE_LENGTH; - } - - public Memoable copy() - { - return new WhirlpoolDigest(this); - } - - public void reset(Memoable other) - { - WhirlpoolDigest originalDigest = (WhirlpoolDigest)other; - - System.arraycopy(originalDigest._rc, 0, _rc, 0, _rc.length); - - System.arraycopy(originalDigest._buffer, 0, _buffer, 0, _buffer.length); - - this._bufferPos = originalDigest._bufferPos; - System.arraycopy(originalDigest._bitCount, 0, _bitCount, 0, _bitCount.length); - - // -- internal hash state -- - System.arraycopy(originalDigest._hash, 0, _hash, 0, _hash.length); - System.arraycopy(originalDigest._K, 0, _K, 0, _K.length); - System.arraycopy(originalDigest._L, 0, _L, 0, _L.length); - System.arraycopy(originalDigest._block, 0, _block, 0, _block.length); - System.arraycopy(originalDigest._state, 0, _state, 0, _state.length); - } -} |