CurveData(final X9ECParameters params) {
ECCurve curve = params.getCurve();
this.a = curve.getA().toBigInteger().toString(16);
this.b = curve.getB().toBigInteger().toString(16);
this.x = params.getG().getAffineXCoord().toBigInteger().toString(16);
this.y = params.getG().getAffineYCoord().toBigInteger().toString(16);
this.n = params.getN().toString(16);
this.h = params.getH().intValue();
if (curve instanceof ECCurve.Fp) {
this.type = P;
ECCurve.Fp c = (ECCurve.Fp) curve;
this.sfield = c.getQ().toString(16);
} else // if (curve instanceof ECCurve.F2m)
{
this.type = B;
ECCurve.F2m c = (ECCurve.F2m) curve;
int m = c.getM();
int[] ks = new int[] {c.getK1(), c.getK2(), c.getK3()};
BigInteger rp = BigInteger.ONE;
rp = rp.setBit(m);
for (int j = 0; j < ks.length; j++) {
if (ks[j] > 0) {
rp = rp.setBit(ks[j]);
}
}
this.sfield = rp.toString(16);
}
}
/**
* 利用BigInteger对权限进行2的权的和计算
*
* @param rights String型权限编码数组
* @return 2的权的和
*/
public static BigInteger sumRights(String[] rights) {
BigInteger num = new BigInteger("0");
for (int i = 0; i < rights.length; i++) {
num = num.setBit(Integer.parseInt(rights[i]));
}
return num;
}
/**
* Find the number in between the high and the low value with the most zeroes.
*
* @param value the lower bound for the number
* @param highValue the upper bound for the nubmer
* @return the value for the number with the most zeroes between the two bounds
*/
private BigInteger maxZeroes(BigInteger value, BigInteger highValue) {
// Find the highest bit that would be possible to add one to before
// going over the high value.
int i = highValue.xor(value).bitLength();
int j;
while (--i >= 0) {
// If you hit a zero bit...
if (!value.testBit(i)) {
// ...change that bit to a 1.
value = value.setBit(i);
// Create a bit mask to compare with.
byte[] comparatorBytes = value.toByteArray();
Arrays.fill(comparatorBytes, (byte) 0xFF);
BigInteger comparator = new BigInteger(comparatorBytes);
comparator = comparator.shiftLeft(i);
// And the value with the bit mask. Everything after the changed
// bit will be cleared en masse. Way faster than clearing bits
// individually.
value = value.and(comparator);
break;
}
}
return value;
}
/** @tests java.math.BigInteger#negate() */
@TestTargetNew(
level = TestLevel.COMPLETE,
notes = "",
method = "negate",
args = {})
public void test_negate() {
assertTrue("Single negation of zero did not result in zero", zero.negate().equals(zero));
assertTrue(
"Single negation resulted in original nonzero number", !aZillion.negate().equals(aZillion));
assertTrue(
"Double negation did not result in original number",
aZillion.negate().negate().equals(aZillion));
assertTrue("0.neg", zero.negate().equals(zero));
assertTrue("1.neg", one.negate().equals(minusOne));
assertTrue("2.neg", two.negate().equals(minusTwo));
assertTrue("-1.neg", minusOne.negate().equals(one));
assertTrue("-2.neg", minusTwo.negate().equals(two));
assertTrue(
"0x62EB40FEF85AA9EBL*2.neg",
BigInteger.valueOf(0x62EB40FEF85AA9EBL * 2)
.negate()
.equals(BigInteger.valueOf(-0x62EB40FEF85AA9EBL * 2)));
for (int i = 0; i < 200; i++) {
BigInteger midbit = zero.setBit(i);
BigInteger negate = midbit.negate();
assertTrue("negate negate", negate.negate().equals(midbit));
assertTrue("neg fails on bit " + i, midbit.negate().add(midbit).equals(zero));
}
}
public static BigInteger f(final long value) {
BigInteger bigInt = BigInteger.valueOf(value & UNSIGNED_MASK);
if (value < 0) {
bigInt = bigInt.setBit(Long.SIZE - 1);
}
return bigInt;
}
public BigInteger getBigInteger() {
BigInteger bigInt = BigInteger.valueOf(raw & UNSIGNED_MASK);
if (raw < 0) {
bigInt = bigInt.setBit(Long.SIZE - 1);
}
return bigInt;
}
/** @return the rules packed into a single {@link BigInteger} value. */
public final BigInteger getRuleAsBigInt() {
BigInteger r = BigInteger.ZERO;
for (int i = rules.length - 1; i >= 0; i--) {
r = r.shiftLeft(1);
if (rules[i]) {
r = r.setBit(0);
}
}
return r;
}
/** @tests java.math.BigInteger#add(java.math.BigInteger) */
@TestTargetNew(
level = TestLevel.PARTIAL,
notes = "Test is OK, but some cases listed below can be reasonable.",
method = "add",
args = {java.math.BigInteger.class})
public void test_addLjava_math_BigInteger() {
assertTrue(
"Incorrect sum--wanted a zillion",
aZillion.add(aZillion).add(aZillion.negate()).equals(aZillion));
assertTrue("0+0", zero.add(zero).equals(zero));
assertTrue("0+1", zero.add(one).equals(one));
assertTrue("1+0", one.add(zero).equals(one));
assertTrue("1+1", one.add(one).equals(two));
assertTrue("0+(-1)", zero.add(minusOne).equals(minusOne));
assertTrue("(-1)+0", minusOne.add(zero).equals(minusOne));
assertTrue("(-1)+(-1)", minusOne.add(minusOne).equals(minusTwo));
assertTrue("1+(-1)", one.add(minusOne).equals(zero));
assertTrue("(-1)+1", minusOne.add(one).equals(zero));
for (int i = 0; i < 200; i++) {
BigInteger midbit = zero.setBit(i);
assertTrue("add fails to carry on bit " + i, midbit.add(midbit).equals(zero.setBit(i + 1)));
}
BigInteger bi2p3 = bi2.add(bi3);
BigInteger bi3p2 = bi3.add(bi2);
assertTrue("bi2p3=bi3p2", bi2p3.equals(bi3p2));
// BESSER UEBERGREIFENDE TESTS MACHEN IN FORM VON STRESS TEST.
// add large positive + small positive
BigInteger sum = aZillion;
BigInteger increment = one;
for (int i = 0; i < 20; i++) {}
// add large positive + small negative
// add large negative + small positive
// add large negative + small negative
}
/** @com.intel.drl.spec_ref */
public ECFieldF2m(int m, int[] ks) {
this.m = m;
if (this.m <= 0) {
throw new IllegalArgumentException(Messages.getString("security.75")); // $NON-NLS-1$
}
// Defensively copies array parameter
// to prevent subsequent modification.
// NPE as specified if ks is null
this.ks = new int[ks.length];
System.arraycopy(ks, 0, this.ks, 0, this.ks.length);
// no need to check for null already
if (this.ks.length != TPB_MID_LEN && this.ks.length != PPB_MID_LEN) {
// must be either trinomial or pentanomial basis
throw new IllegalArgumentException(Messages.getString("security.78")); // $NON-NLS-1$
}
// trinomial basis:
// check that m > k >= 1, where k is ks[0]
// pentanomial basis:
// check that m > k3 > k2 > k1 >= 1
// and kx in descending order, where
// k3 is ks[0], k2 is ks[1], k1 is ks[2]
boolean checkFailed = false;
int prev = this.m;
for (int i = 0; i < this.ks.length; i++) {
if (this.ks[i] < prev) {
prev = this.ks[i];
continue;
}
checkFailed = true;
break;
}
if (checkFailed || prev < 1) {
throw new IllegalArgumentException(Messages.getString("security.79")); // $NON-NLS-1$
}
// Setup rp using ks:
// bits 0 and m always set
BigInteger rpTmp = BigInteger.ONE.setBit(this.m);
// set remaining bits according to ks
for (int i = 0; i < this.ks.length; i++) {
rpTmp = rpTmp.setBit(this.ks[i]);
}
rp = rpTmp;
}
public static void bitOps(int order) {
int failCount1 = 0, failCount2 = 0, failCount3 = 0;
for (int i = 0; i < size * 5; i++) {
BigInteger x = fetchNumber(order);
BigInteger y;
/* Test setBit and clearBit (and testBit) */
if (x.signum() < 0) {
y = BigInteger.valueOf(-1);
for (int j = 0; j < x.bitLength(); j++) if (!x.testBit(j)) y = y.clearBit(j);
} else {
y = BigInteger.ZERO;
for (int j = 0; j < x.bitLength(); j++) if (x.testBit(j)) y = y.setBit(j);
}
if (!x.equals(y)) failCount1++;
/* Test flipBit (and testBit) */
y = BigInteger.valueOf(x.signum() < 0 ? -1 : 0);
for (int j = 0; j < x.bitLength(); j++) if (x.signum() < 0 ^ x.testBit(j)) y = y.flipBit(j);
if (!x.equals(y)) failCount2++;
}
report("clearBit/testBit", failCount1);
report("flipBit/testBit", failCount2);
for (int i = 0; i < size * 5; i++) {
BigInteger x = fetchNumber(order);
/* Test getLowestSetBit() */
int k = x.getLowestSetBit();
if (x.signum() == 0) {
if (k != -1) failCount3++;
} else {
BigInteger z = x.and(x.negate());
int j;
for (j = 0; j < z.bitLength() && !z.testBit(j); j++) ;
if (k != j) failCount3++;
}
}
report("getLowestSetBit", failCount3);
}
public ZrElement sqrt() {
// Apply the Tonelli-Shanks Algorithm
Element e0 = field.newElement();
Element nqr = field.getNqr();
Element gInv = nqr.duplicate().invert();
// let q be the field.order of the field
// q - 1 = 2^s t, for some t odd
BigInteger t = field.order.subtract(BigInteger.ONE);
int s = BigIntegerUtils.scanOne(t, 0);
t = t.divide(BigInteger.valueOf(2 << (s - 1)));
BigInteger e = BigInteger.ZERO;
BigInteger orderMinusOne = field.order.subtract(BigInteger.ONE);
for (int i = 2; i <= s; i++) {
e0.set(gInv).pow(e);
e0.mul(this).pow(orderMinusOne.divide(BigInteger.valueOf(2 << (i - 1))));
if (!e0.isOne()) e = e.setBit(i - 1);
}
e0.set(gInv).pow(e);
e0.mul(this);
t = t.add(BigInteger.ONE);
t = t.divide(BigIntegerUtils.TWO);
e = e.divide(BigIntegerUtils.TWO);
// TODO(-):
// (suggested by Hovav Shacham) replace next three lines with
// element_pow2_mpz(x, e0, t, nqr, e);
// once sliding windows are implemented for pow2
e0.pow(t);
set(nqr).pow(e).mul(e0);
return this;
}
