//package com.cscn; // // //import javacard.framework.JCSystem; // //import static com.cscn.Zuc256Util.L1; //import static com.cscn.Zuc256Util.L2; //import static com.cscn.Zuc256Util.add31; //import static com.cscn.Zuc256Util.add32; //import static com.cscn.Zuc256Util.add64; //import static com.cscn.Zuc256Util.and64_7FFFFFFF_to32; //import static com.cscn.Zuc256Util.create_64b_from_32b; //import static com.cscn.Zuc256Util.makeU31; //import static com.cscn.Zuc256Util.makeU32; //import static com.cscn.Zuc256Util.rot31; //import static com.cscn.Zuc256Util.shr32u1; //import static com.cscn.Zuc256Util.shr64u_31; //import static com.cscn.Zuc256Util.xor32; // ///** // * ZUC-256 核心:状态初始化、密钥字生成、密钥流生成。 // */ //public class Zuc256Core { // // private Zuc256Core() {} // // /** 初始化状态(Key + IV) */ // public static void initState(Zuc256State state, byte[] key32, byte[] iv) { // zuc256SetMacKey(state, key32, iv, (short)0); // } // // /** 生成单个密钥字 */ // public static void zuc256GenerateKeyword(Zuc256State state, short[] out) { //// int[] LFSR = state.LFSR; //// int R1 = state.R1; //// int R2 = state.R2; //// int X0, X1, X2, X3; //// int W1, W2, U, V; //// int Z; // // short[] LFSR_hi = state.LFSR_hi; // short[] LFSR_lo = state.LFSR_lo; // // // 工作寄存器(32位值的临时 out32 缓冲,全用short[2])[lo, hi] // short[] X0 = JCSystem.makeTransientShortArray((short)2, JCSystem.MEMORY_TYPE_TRANSIENT_RESET); // short[] X1 = JCSystem.makeTransientShortArray((short)2, JCSystem.MEMORY_TYPE_TRANSIENT_RESET); // short[] X2 = JCSystem.makeTransientShortArray((short)2, JCSystem.MEMORY_TYPE_TRANSIENT_RESET); // short[] X3 = JCSystem.makeTransientShortArray((short)2, JCSystem.MEMORY_TYPE_TRANSIENT_RESET); // // short[] R1 = JCSystem.makeTransientShortArray((short)2, JCSystem.MEMORY_TYPE_TRANSIENT_RESET); // short[] R2 = JCSystem.makeTransientShortArray((short)2, JCSystem.MEMORY_TYPE_TRANSIENT_RESET); // short[] W1 = JCSystem.makeTransientShortArray((short)2, JCSystem.MEMORY_TYPE_TRANSIENT_RESET); // short[] W2 = JCSystem.makeTransientShortArray((short)2, JCSystem.MEMORY_TYPE_TRANSIENT_RESET); // short[] U = JCSystem.makeTransientShortArray((short)2, JCSystem.MEMORY_TYPE_TRANSIENT_RESET); // short[] V = JCSystem.makeTransientShortArray((short)2, JCSystem.MEMORY_TYPE_TRANSIENT_RESET); // short[] Z = JCSystem.makeTransientShortArray((short)2, JCSystem.MEMORY_TYPE_TRANSIENT_RESET); // short[] TMP0 = JCSystem.makeTransientShortArray((short)2, JCSystem.MEMORY_TYPE_TRANSIENT_RESET); // short[] TMP1 = JCSystem.makeTransientShortArray((short)2, JCSystem.MEMORY_TYPE_TRANSIENT_RESET); // short[] TMP2 = JCSystem.makeTransientShortArray((short)2, JCSystem.MEMORY_TYPE_TRANSIENT_RESET); // // // 载入 R1,R2 // R1[0] = state.R1_lo; // R1[1] = state.R1_hi; // R2[0] = state.R2_lo; // R2[1] = state.R2_hi; // // // // BitReconstruction4 // short c15 = (short)((LFSR_lo[15] & (short)0x8000) >>> 15); // 左移产生的进位 // X0[1] = (short)(((LFSR_hi[15] & (short)0x7FFF) << 1) | (short)(c15 & 0x0001)); // hi // X0[0] = LFSR_lo[14]; // lo // // // X1 = ((L11 & 0xFFFF) << 16) | (L9 >>> 15) // X1[1] = LFSR_lo[11]; // X1[0] = (short)((((LFSR_lo[9] & (short)0x8000) >>> 15) & 0X0001) | (LFSR_hi[9] << 1)); // // // X2 = ((L7 & 0xFFFF) << 16) | (L5 >>> 15) // X2[1] = LFSR_lo[7]; // X2[0] = (short)((((LFSR_lo[5] & (short)0x8000) >>> 15) & 0X0001) | (LFSR_hi[5] << 1)); // // // X3 = ((L2 & 0xFFFF) << 16) | (L0 >>> 15) // X3[1] = LFSR_lo[2]; // X3[0] = (short)((((LFSR_lo[0] & (short)0x8000) >>> 15) & 0X0001) | (LFSR_hi[0] << 1)); // // // // // ---- 输入:X0,X1,X2,X3,R1,R2 均为 short[2]; 输出:Z,W1,W2,U,V ---- // // // Z = X3 ^ ((X0 ^ R1) + R2) // xor32(X0[0], X0[1], R1[0], R1[1], TMP0); // TMP0 = X0 ^ R1 // add32(TMP0[0], TMP0[1], R2[0], R2[1], TMP1); // TMP1 = TMP0 + R2 // xor32(X3[0], X3[1], TMP1[0], TMP1[1], Z); // Z = X3 ^ TMP1 // // // F_(X1, X2) // // W1 = R1 + X1 // add32(R1[0], R1[1], X1[0], X1[1], W1); // // // W2 = R2 ^ X2 // xor32(R2[0], R2[1], X2[0], X2[1], W2); // // // U = L1((W1 << 16) | (W2 >>> 16)) // // (W1<<16): lo=0, hi=W1_lo // // (W2>>>16): lo=W2_hi, hi=0 // // OR 结果: lo=W2_hi, hi=W1_lo // L1(W2[1], W1[0], U); // // // V = L2((W2 << 16) | (W1 >>> 16)) // // (W2<<16): lo=0, hi=W2_lo // // (W1>>>16): lo=W1_hi, hi=0 // // OR 结果: lo=W1_hi, hi=W2_lo // L2(W1[1], W2[0], V); // // //// R1 = makeU32(Zuc256Tables.S0[(U >>> 24) & 0xFF], //// Zuc256Tables.S1[(U >>> 16) & 0xFF], //// Zuc256Tables.S0[(U >>> 8) & 0xFF], //// Zuc256Tables.S1[U & 0xFF]); // makeU32( // (short)(Zuc256Tables.S0[((U[1] >>> 8) & 0xFF)] & 0xFF), // (U >>> 24) & 0xFF // (short)(Zuc256Tables.S1[(U[1] & 0xFF)] & 0xFF), // (U >>> 16) & 0xFF // (short)(Zuc256Tables.S0[((U[0] >>> 8) & 0xFF)] & 0xFF), // (U >>> 8) & 0xFF // (short)(Zuc256Tables.S1[(U[0] & 0xFF)] & 0xFF), // (U >>> 0) & 0xFF // R1); // //// R2 = makeU32(Zuc256Tables.S0[(V >>> 24) & 0xFF], //// Zuc256Tables.S1[(V >>> 16) & 0xFF], //// Zuc256Tables.S0[(V >>> 8) & 0xFF], //// Zuc256Tables.S1[V & 0xFF]); // makeU32( // (short)(Zuc256Tables.S0[((V[1] >>> 8) & 0xFF)] & 0xFF), // (V >>> 24) & 0xFF // (short)(Zuc256Tables.S1[(V[1] & 0xFF)] & 0xFF), // (V >>> 16) & 0xFF // (short)(Zuc256Tables.S0[((V[0] >>> 8) & 0xFF)] & 0xFF), // (V >>> 8) & 0xFF // (short)(Zuc256Tables.S1[(V[0] & 0xFF)] & 0xFF), // (V >>> 0) & 0xFF // R2); // // // //// // LFSRWithWorkMode //// long a = LFSR[0]; //// a += (long)LFSR[0] << 8; //// a += (long)LFSR[4] << 20; //// a += (long)LFSR[10] << 21; //// a += (long)LFSR[13] << 17; //// a += (long)LFSR[15] << 15; // // ---- 先准备累加器 A (64位) ---- // short[] A = JCSystem.makeTransientShortArray((short)4, JCSystem.MEMORY_TYPE_TRANSIENT_RESET); // 64位累加器,初始全0 // A[0] = 0; A[1] = 0; A[2] = 0; A[3] = 0; // // // 临时缓冲 // short[] tmp32 = JCSystem.makeTransientShortArray((short)2, JCSystem.MEMORY_TYPE_TRANSIENT_RESET);; // 保存一个32位数 (lo,hi) // short[] tmp64 = JCSystem.makeTransientShortArray((short)4, JCSystem.MEMORY_TYPE_TRANSIENT_RESET);; // 保存移位后的64位数 // // // a = LFSR[0] // tmp32[0] = state.LFSR_lo[0]; // tmp32[1] = state.LFSR_hi[0]; // create_64b_from_32b(tmp64, tmp32, (short)0); // add64(A, tmp64); // // // a += (LFSR[0] << 8) // create_64b_from_32b(tmp64, tmp32, (short)8); // add64(A, tmp64); // // // a += (LFSR[4] << 20) // tmp32[0] = state.LFSR_lo[4]; // tmp32[1] = state.LFSR_hi[4]; // create_64b_from_32b(tmp64, tmp32, (short)20); // add64(A, tmp64); // // // a += (LFSR[10] << 21) // tmp32[0] = state.LFSR_lo[10]; // tmp32[1] = state.LFSR_hi[10]; // create_64b_from_32b(tmp64, tmp32, (short)21); // add64(A, tmp64); // // // a += (LFSR[13] << 17) // tmp32[0] = state.LFSR_lo[13]; // tmp32[1] = state.LFSR_hi[13]; // create_64b_from_32b(tmp64, tmp32, (short)17); // add64(A, tmp64); // // // a += (LFSR[15] << 15) // tmp32[0] = state.LFSR_lo[15]; // tmp32[1] = state.LFSR_hi[15]; // create_64b_from_32b(tmp64, tmp32, (short)15); // add64(A, tmp64); // //// a = (a & 0x7FFFFFFF) + (a >>> 31); // // ---- 第一次折叠:a = (a & 0x7FFFFFFF) + (a >>> 31) ---- // short[] low31 = JCSystem.makeTransientShortArray((short)4, JCSystem.MEMORY_TYPE_TRANSIENT_RESET); // short[] r31 = JCSystem.makeTransientShortArray((short)4, JCSystem.MEMORY_TYPE_TRANSIENT_RESET); // // and64_7FFFFFFF_to32(A, low31); // low31 = A & 0x7FFFFFFF // shr64u_31(A, r31); // r31 = A >>> 31 // // A[0]=0; A[1]=0; A[2]=0; A[3]=0; // add64(A, low31); // add64(A, r31); //// int v = (int) ((a & 0x7FFFFFFF) + (a >>> 31)); // // ---- 第二次折叠,得到 v(32位)---- // short[] low31b = JCSystem.makeTransientShortArray((short)4, JCSystem.MEMORY_TYPE_TRANSIENT_RESET); // short[] r31b = JCSystem.makeTransientShortArray((short)4, JCSystem.MEMORY_TYPE_TRANSIENT_RESET); // short[] v64 = JCSystem.makeTransientShortArray((short)4, JCSystem.MEMORY_TYPE_TRANSIENT_RESET); // // and64_7FFFFFFF_to32(A, low31b); // shr64u_31(A, r31b); // // v64[0]=0; v64[1]=0; v64[2]=0; v64[3]=0; // add64(v64, low31b); // add64(v64, r31b); // // // v = 32位,取 v64 的低两段 // short v_lo = v64[0]; // short v_hi = (short)(v64[1] & 0x7FFF); // 只保留31位 // //// System.arraycopy(LFSR, 1, LFSR, 0, 15); // // LFSR_lo 向左移 // for (short i = 0; i < (short)15; i++) { // state.LFSR_lo[i] = state.LFSR_lo[(short)(i + 1)]; // } // // LFSR_hi 向左移 // for (short i = 0; i < (short)15; i++) { // state.LFSR_hi[i] = state.LFSR_hi[(short)(i + 1)]; // } // //// LFSR[15] = v; // // ---- 写回 LFSR[15] ---- // state.LFSR_lo[15] = v_lo; // state.LFSR_hi[15] = v_hi; // //// state.R1 = R1; //// state.R2 = R2; // state.R1_lo = R1[0]; // state.R1_hi = R1[1]; // // state.R2_lo = R2[0]; // state.R2_hi = R2[1]; // // //// return Z; // out[0] = Z[0]; // out[1] = Z[1]; // // } // // // 生成指定长度的密钥流 // public static void zuc256GenerateKeystream(Zuc256State state, // short nwords, // short[] keystream_hi, // short[] keystream_lo) { // // 临时存放一个 32 位关键字 // short[] tmp = JCSystem.makeTransientShortArray((short)2, JCSystem.MEMORY_TYPE_TRANSIENT_RESET); // for (short i = 0; i < nwords; i++) { // // 生成一个关键字 -> tmp[0]=lo, tmp[1]=hi // zuc256GenerateKeyword(state, tmp); // // 存入输出数组 // keystream_lo[i] = tmp[0]; // keystream_hi[i] = tmp[1]; // } // } // // // // // // 初始化MAC密钥 // private static void zuc256SetMacKey(Zuc256State state, byte[] K, byte[] IV, short macbits) { // short[] D = JCSystem.makeTransientShortArray(Zuc256Tables.D_COLS, JCSystem.MEMORY_TYPE_TRANSIENT_RESET); // short[] TMP = JCSystem.makeTransientShortArray((short)2, JCSystem.MEMORY_TYPE_TRANSIENT_RESET); // short[] X0 = JCSystem.makeTransientShortArray((short)2, JCSystem.MEMORY_TYPE_TRANSIENT_RESET); // short[] X1 = JCSystem.makeTransientShortArray((short)2, JCSystem.MEMORY_TYPE_TRANSIENT_RESET); // short[] X2 = JCSystem.makeTransientShortArray((short)2, JCSystem.MEMORY_TYPE_TRANSIENT_RESET); // short[] R1 = JCSystem.makeTransientShortArray((short)2, JCSystem.MEMORY_TYPE_TRANSIENT_RESET); // short[] R2 = JCSystem.makeTransientShortArray((short)2, JCSystem.MEMORY_TYPE_TRANSIENT_RESET); // short[] W = JCSystem.makeTransientShortArray((short)2, JCSystem.MEMORY_TYPE_TRANSIENT_RESET); // short[] W1 = JCSystem.makeTransientShortArray((short)2, JCSystem.MEMORY_TYPE_TRANSIENT_RESET); // short[] W2 = JCSystem.makeTransientShortArray((short)2, JCSystem.MEMORY_TYPE_TRANSIENT_RESET); // short[] U = JCSystem.makeTransientShortArray((short)2, JCSystem.MEMORY_TYPE_TRANSIENT_RESET); // short[] V = JCSystem.makeTransientShortArray((short)2, JCSystem.MEMORY_TYPE_TRANSIENT_RESET); // short[] T = JCSystem.makeTransientShortArray((short)2, JCSystem.MEMORY_TYPE_TRANSIENT_RESET); // short[] T2 = JCSystem.makeTransientShortArray((short)2, JCSystem.MEMORY_TYPE_TRANSIENT_RESET); // // //// int IV17 = (IV[17] & 0xFF) >> 2; //// int IV18 = ((IV[17] & 0x03) << 4) | ((IV[18] & 0xFF) >> 4); //// int IV19 = ((IV[18] & 0x0F) << 2) | ((IV[19] & 0xFF) >> 6); //// int IV20 = IV[19] & 0x3F; //// int IV21 = (IV[20] & 0xFF) >> 2; //// int IV22 = ((IV[20] & 0x03) << 4) | ((IV[21] & 0xFF) >> 4); //// int IV23 = ((IV[21] & 0x0F) << 2) | ((IV[22] & 0xFF) >> 6); //// int IV24 = IV[22] & 0x3F; // // IV 拆分 // short IV17 = (short)((IV[17] & 0xFF) >>> 2); // short IV18 = (short)(((IV[17] & 0x03) << 4) | ((IV[18] & 0xFF) >>> 4)); // short IV19 = (short)(((IV[18] & 0x0F) << 2) | ((IV[19] & 0xFF) >>> 6)); // short IV20 = (short)(IV[19] & 0x3F); // short IV21 = (short)((IV[20] & 0xFF) >>> 2); // short IV22 = (short)(((IV[20] & 0x03) << 4) | ((IV[21] & 0xFF) >>> 4)); // short IV23 = (short)(((IV[21] & 0x0F) << 2) | ((IV[22] & 0xFF) >>> 6)); // short IV24 = (short)(IV[22] & 0x3F); // //// D = (macbits / 32 < 3) ? Zuc256Tables.ZUC256_D[macbits / 32] : Zuc256Tables.ZUC256_D[3]; // short row = (short)((macbits / 32) < 3 ? (macbits / 32) : 3); // Zuc256Tables.getDRow(row, D, (short)0); // Zuc256Tables.getDRow(row, D, (short)0); // // // short[] tmp = JCSystem.makeTransientShortArray((short)2, JCSystem.MEMORY_TYPE_TRANSIENT_RESET); // 临时存储 makeU31 输出 (lo,hi) // // // 逐项装载 LFSR //// LFSR[0] = makeU31(K[0] & 0xFF, D[0], K[21] & 0xFF, K[16] & 0xFF); // makeU31((short)(K[0] & 0xFF), (short)D[0], (short)(K[21] & 0xFF), (short)(K[16] & 0xFF), tmp); // state.LFSR_lo[0] = tmp[0]; state.LFSR_hi[0] = tmp[1]; // //// LFSR[1] = makeU31(K[1] & 0xFF, D[1], K[22] & 0xFF, K[17] & 0xFF); // makeU31((short)(K[1] & 0xFF), (short)D[1], (short)(K[22] & 0xFF), (short)(K[17] & 0xFF), tmp); // state.LFSR_lo[1] = tmp[0]; state.LFSR_hi[1] = tmp[1]; // //// LFSR[2] = makeU31(K[2] & 0xFF, D[2], K[23] & 0xFF, K[18] & 0xFF); // makeU31((short)(K[2] & 0xFF), (short)D[2], (short)(K[23] & 0xFF), (short)(K[18] & 0xFF), tmp); // state.LFSR_lo[2] = tmp[0]; state.LFSR_hi[2] = tmp[1]; // //// LFSR[3] = makeU31(K[3] & 0xFF, D[3], K[24] & 0xFF, K[19] & 0xFF); // makeU31((short)(K[3] & 0xFF), (short)D[3], (short)(K[24] & 0xFF), (short)(K[19] & 0xFF), tmp); // state.LFSR_lo[3] = tmp[0]; state.LFSR_hi[3] = tmp[1]; // //// LFSR[4] = makeU31(K[4] & 0xFF, D[4], K[25] & 0xFF, K[20] & 0xFF); // makeU31((short)(K[4] & 0xFF), (short)D[4], (short)(K[25] & 0xFF), (short)(K[20] & 0xFF), tmp); // state.LFSR_lo[4] = tmp[0]; state.LFSR_hi[4] = tmp[1]; // //// LFSR[5] = makeU31(IV[0] & 0xFF, (D[5] | IV17), K[5] & 0xFF, K[26] & 0xFF); // makeU31((short)(IV[0] & 0xFF), (short)(D[5] | IV17), (short)(K[5] & 0xFF), (short)(K[26] & 0xFF), tmp); // state.LFSR_lo[5] = tmp[0]; state.LFSR_hi[5] = tmp[1]; // //// LFSR[6] = makeU31(IV[1] & 0xFF, (D[6] | IV18), K[6] & 0xFF, K[27] & 0xFF); // makeU31((short)(IV[1] & 0xFF), (short)(D[6] | IV18), (short)(K[6] & 0xFF), (short)(K[27] & 0xFF), tmp); // state.LFSR_lo[6] = tmp[0]; state.LFSR_hi[6] = tmp[1]; // //// LFSR[7] = makeU31(IV[10] & 0xFF, (D[7] | IV19), K[7] & 0xFF, IV[2] & 0xFF); // makeU31((short)(IV[10] & 0xFF), (short)(D[7] | IV19), (short)(K[7] & 0xFF), (short)(IV[2] & 0xFF), tmp); // state.LFSR_lo[7] = tmp[0]; state.LFSR_hi[7] = tmp[1]; // //// LFSR[8] = makeU31(K[8] & 0xFF, (D[8] | IV20), IV[3] & 0xFF, IV[11] & 0xFF); // makeU31((short)(K[8] & 0xFF), (short)(D[8] | IV20), (short)(IV[3] & 0xFF), (short)(IV[11] & 0xFF), tmp); // state.LFSR_lo[8] = tmp[0]; state.LFSR_hi[8] = tmp[1]; // //// LFSR[9] = makeU31(K[9] & 0xFF, (D[9] | IV21), IV[12] & 0xFF, IV[4] & 0xFF); // makeU31((short)(K[9] & 0xFF), (short)(D[9] | IV21), (short)(IV[12] & 0xFF), (short)(IV[4] & 0xFF), tmp); // state.LFSR_lo[9] = tmp[0]; state.LFSR_hi[9] = tmp[1]; // //// LFSR[10] = makeU31(IV[5] & 0xFF, (D[10] | IV22), K[10] & 0xFF, K[28] & 0xFF); // makeU31((short)(IV[5] & 0xFF), (short)(D[10] | IV22), (short)(K[10] & 0xFF), (short)(K[28] & 0xFF), tmp); // state.LFSR_lo[10] = tmp[0]; state.LFSR_hi[10] = tmp[1]; // //// LFSR[11] = makeU31(K[11] & 0xFF, (D[11] | IV23), IV[6] & 0xFF, IV[13] & 0xFF); // makeU31((short)(K[11] & 0xFF), (short)(D[11] | IV23), (short)(IV[6] & 0xFF), (short)(IV[13] & 0xFF), tmp); // state.LFSR_lo[11] = tmp[0]; state.LFSR_hi[11] = tmp[1]; // //// LFSR[12] = makeU31(K[12] & 0xFF, (D[12] | IV24), IV[7] & 0xFF, IV[14] & 0xFF); // makeU31((short)(K[12] & 0xFF), (short)(D[12] | IV24), (short)(IV[7] & 0xFF), (short)(IV[14] & 0xFF), tmp); // state.LFSR_lo[12] = tmp[0]; state.LFSR_hi[12] = tmp[1]; // //// LFSR[13] = makeU31(K[13] & 0xFF, D[13], IV[15] & 0xFF, IV[8] & 0xFF); // makeU31((short)(K[13] & 0xFF), (short)D[13], (short)(IV[15] & 0xFF), (short)(IV[8] & 0xFF), tmp); // state.LFSR_lo[13] = tmp[0]; state.LFSR_hi[13] = tmp[1]; // //// LFSR[14] = makeU31(K[14] & 0xFF, (D[14] | (K[31] >>> 4)), IV[16] & 0xFF, IV[9] & 0xFF); // makeU31((short)(K[14] & 0xFF), (short)(D[14] | ((K[31] & 0xFF) >>> 4)), (short)(IV[16] & 0xFF), (short)(IV[9] & 0xFF), tmp); // state.LFSR_lo[14] = tmp[0]; state.LFSR_hi[14] = tmp[1]; // //// LFSR[15] = makeU31(K[15] & 0xFF, (D[15] | (K[31] & 0x0F)), K[30] & 0xFF, K[29] & 0xFF); // makeU31((short)(K[15] & 0xFF), (short)(D[15] | (K[31] & 0x0F)), (short)(K[30] & 0xFF), (short)(K[29] & 0xFF), tmp); // state.LFSR_lo[15] = tmp[0]; state.LFSR_hi[15] = tmp[1]; // // // short c15_2 = 0; // for (short i = 0; i < 32; i++) { // // BitReconstruction3 //// X0 = ((LFSR[15] & 0x7FFF8000) << 1) | (LFSR[14] & 0xFFFF); // // X0 = ((L15 & 0x7FFF8000)<<1) | (L14 & 0xFFFF) // c15_2 = (short)((state.LFSR_lo[15] & (short)0x8000) >>> 15); // X0[1] = (short)(((state.LFSR_hi[15] & (short)0x7FFF) << 1) | (short)(c15_2 & 0x0001)); // X0[0] = state.LFSR_lo[14]; // //// X1 = ((LFSR[11] & 0xFFFF) << 16) | (LFSR[9] >>> 15); // // X1 = ((L11 & 0xFFFF)<<16) | (L9>>>15) // X1[1] = state.LFSR_lo[11]; // X1[0] = (short)((((state.LFSR_lo[9] & (short)0x8000) >>> 15) & 0X0001) | (state.LFSR_hi[9] << 1)); // //// X2 = ((LFSR[7] & 0xFFFF) << 16) | (LFSR[5] >>> 15); // // X2 = ((L7 & 0xFFFF)<<16) | (L5>>>15) // X2[1] = state.LFSR_lo[7]; // X2[0] = (short)((((state.LFSR_lo[5] & (short)0x8000) >>> 15) & 0X0001) | (state.LFSR_hi[5] << 1)); // // // // // F(X0, X1, X2) // // W = (X0 ^ R1) + R2 // xor32(X0[0], X0[1], R1[0], R1[1], TMP); // add32(TMP[0], TMP[1], R2[0], R2[1], W); // // // W1 = R1 + X1 // add32(R1[0], R1[1], X1[0], X1[1], W1); // // // W2 = R2 ^ X2 // xor32(R2[0], R2[1], X2[0], X2[1], W2); // // // U = L1((W1<<16) | (W2>>>16)) // L1(W2[1], W1[0], U); // // // V = L2((W2<<16) | (W1>>>16)) // L2(W1[1], W2[0], V); // //// R1 = makeU32(Zuc256Tables.S0[(U >>> 24) & 0xFF], //// Zuc256Tables.S1[(U >>> 16) & 0xFF], //// Zuc256Tables.S0[(U >>> 8) & 0xFF], //// Zuc256Tables.S1[U & 0xFF]); //// //// R2 = makeU32(Zuc256Tables.S0[(V >>> 24) & 0xFF], //// Zuc256Tables.S1[(V >>> 16) & 0xFF], //// Zuc256Tables.S0[(V >>> 8) & 0xFF], //// Zuc256Tables.S1[V & 0xFF]); // // 更新 R1,R2 // makeU32( // (short)(Zuc256Tables.S0[((U[1] >>> 8) & 0xFF)] & 0xFF), // (short)(Zuc256Tables.S1[(U[1] & 0xFF)] & 0xFF), // (short)(Zuc256Tables.S0[((U[0] >>> 8) & 0xFF)] & 0xFF), // (short)(Zuc256Tables.S1[(U[0] & 0xFF)] & 0xFF), // R1); // // makeU32( // (short)(Zuc256Tables.S0[((V[1] >>> 8) & 0xFF)] & 0xFF), // (short)(Zuc256Tables.S1[(V[1] & 0xFF)] & 0xFF), // (short)(Zuc256Tables.S0[((V[0] >>> 8) & 0xFF)] & 0xFF), // (short)(Zuc256Tables.S1[(V[0] & 0xFF)] & 0xFF), // R2); // // // LFSRWithInitialisationMode(W >> 1) //// int v = LFSR[0]; // V[0] = state.LFSR_lo[0]; // V[1] = state.LFSR_hi[0]; // // // v = add31(v, rot31(state.LFSR[0], 8)) // rot31(state.LFSR_lo[0], state.LFSR_hi[0], (short)8, T); // add31(V[0], V[1], T[0], T[1], V); // //// v = add31(v, rot31(state.LFSR[4], 20)); // rot31(state.LFSR_lo[4], state.LFSR_hi[4], (short)20, T); // add31(V[0], V[1], T[0], T[1], V); // //// v = add31(v, rot31(state.LFSR[10], 21)); // rot31(state.LFSR_lo[10], state.LFSR_hi[10], (short)21, T); // add31(V[0], V[1], T[0], T[1], V); // //// v = add31(v, rot31(state.LFSR[13], 17)); // rot31(state.LFSR_lo[13], state.LFSR_hi[13], (short)17, T); // add31(V[0], V[1], T[0], T[1], V); // //// v = add31(v, rot31(state.LFSR[15], 15)); // rot31(state.LFSR_lo[15], state.LFSR_hi[15], (short)15, T); // add31(V[0], V[1], T[0], T[1], V); // //// v = add31(v, W >>> 1); // shr32u1(W[0], W[1], T2); // T2[0]=lo, T2[1]=hi(无符号>>>1) // T2[1] = (short)(T2[1] & (short)0xFFFF); // 只保留31位 // add31(V[0], V[1], T2[0], T2[1], V); // // // System.arraycopy(state.LFSR, 1, state.LFSR, 0, 15) //// 相当于 System.arraycopy(state.LFSR_lo, 1, state.LFSR_lo, 0, 15); // for (short j = 0; j < (short)15; j++) { // state.LFSR_lo[j] = state.LFSR_lo[(short)(j + 1)]; // } //// 相当于 System.arraycopy(state.LFSR_hi, 1, state.LFSR_hi, 0, 15); // for (short j = 0; j < (short)15; j++) { // state.LFSR_hi[j] = state.LFSR_hi[(short)(j + 1)]; // } // //// state.LFSR[15] = v; // state.LFSR_lo[15] = V[0]; // state.LFSR_hi[15] = (short)(V[1] & 0x7FFF); // } // // // BitReconstruction2 //// X1 = ((LFSR[11] & 0xFFFF) << 16) | (LFSR[9] >>> 15); // X1[1] = state.LFSR_lo[11]; // X1[0] = (short)((((state.LFSR_lo[9] & (short)0x8000) >>> 15) & 0X0001) | (state.LFSR_hi[9] << 1)); // //// X2 = ((LFSR[7] & 0xFFFF) << 16) | (LFSR[5] >>> 15); // X2[1] = state.LFSR_lo[7]; // X2[0] = (short)((((state.LFSR_lo[5] & (short)0x8000) >>> 15) & 0X0001) | (state.LFSR_hi[5] << 1)); // // // F_(X1, X2) //// W1 = R1 + X1; // add32(R1[0], R1[1], X1[0], X1[1], W1); // W1 = R1 + X1 //// W2 = R2 ^ X2; // xor32(R2[0], R2[1], X2[0], X2[1], W2); // W2 = R2 ^ X2 // //// U = L1((W1 << 16) | (W2 >>> 16)); // // U = L1((W1<<16)|(W2>>>16)) → lo=W2_hi, hi=W1_lo // L1(W2[1], W1[0], U); // //// V = L2((W2 << 16) | (W1 >>> 16)); // // V = L2((W2<<16)|(W1>>>16)) → lo=W1_hi, hi=W2_lo // L2(W1[1], W2[0], V); // //// R1 = makeU32(Zuc256Tables.S0[(U >>> 24) & 0xFF], //// Zuc256Tables.S1[(U >>> 16) & 0xFF], //// Zuc256Tables.S0[(U >>> 8) & 0xFF], //// Zuc256Tables.S1[U & 0xFF]); // makeU32( // (short)(Zuc256Tables.S0[((U[1] >>> 8) & 0xFF)] & 0xFF), // (short)(Zuc256Tables.S1[(U[1] & 0xFF)] & 0xFF), // (short)(Zuc256Tables.S0[((U[0] >>> 8) & 0xFF)] & 0xFF), // (short)(Zuc256Tables.S1[(U[0] & 0xFF)] & 0xFF), // R1); // //// R2 = makeU32(Zuc256Tables.S0[(V >>> 24) & 0xFF], //// Zuc256Tables.S1[(V >>> 16) & 0xFF], //// Zuc256Tables.S0[(V >>> 8) & 0xFF], //// Zuc256Tables.S1[V & 0xFF]); // makeU32( // (short)(Zuc256Tables.S0[((V[1] >>> 8) & 0xFF)] & 0xFF), // (short)(Zuc256Tables.S1[(V[1] & 0xFF)] & 0xFF), // (short)(Zuc256Tables.S0[((V[0] >>> 8) & 0xFF)] & 0xFF), // (short)(Zuc256Tables.S1[(V[0] & 0xFF)] & 0xFF), // R2); // // // ---- LFSRWithWorkMode ---- // short[] A = JCSystem.makeTransientShortArray((short)4, JCSystem.MEMORY_TYPE_TRANSIENT_RESET);; // 64位累加器 // short[] tmp32 = JCSystem.makeTransientShortArray((short)2, JCSystem.MEMORY_TYPE_TRANSIENT_RESET);; // short[] tmp64 = JCSystem.makeTransientShortArray((short)4, JCSystem.MEMORY_TYPE_TRANSIENT_RESET);; // // // LFSRWithWorkMode //// long a = LFSR[0]; // tmp32[0] = state.LFSR_lo[0]; // tmp32[1] = state.LFSR_hi[0]; // create_64b_from_32b(tmp64, tmp32, (short)0); add64(A, tmp64); // //// a += (long)LFSR[0] << 8; // create_64b_from_32b(tmp64, tmp32, (short)8); add64(A, tmp64); // //// a += (long)LFSR[4] << 20; // tmp32[0] = state.LFSR_lo[4]; tmp32[1] = state.LFSR_hi[4]; // create_64b_from_32b(tmp64, tmp32, (short)20); add64(A, tmp64); // //// a += (long)LFSR[10] << 21; // tmp32[0] = state.LFSR_lo[10]; tmp32[1] = state.LFSR_hi[10]; // create_64b_from_32b(tmp64, tmp32, (short)21); add64(A, tmp64); // //// a += (long)LFSR[13] << 17; // tmp32[0] = state.LFSR_lo[13]; tmp32[1] = state.LFSR_hi[13]; // create_64b_from_32b(tmp64, tmp32, (short)17); add64(A, tmp64); // //// a += (long)LFSR[15] << 15; // tmp32[0] = state.LFSR_lo[15]; tmp32[1] = state.LFSR_hi[15]; // create_64b_from_32b(tmp64, tmp32, (short)15); add64(A, tmp64); // //// a = (a & 0x7FFFFFFF) + (a >>> 31); // short[] low31 = JCSystem.makeTransientShortArray((short)4, JCSystem.MEMORY_TYPE_TRANSIENT_RESET);; // short[] r31 = JCSystem.makeTransientShortArray((short)4, JCSystem.MEMORY_TYPE_TRANSIENT_RESET);; // and64_7FFFFFFF_to32(A, low31); // shr64u_31(A, r31); // // short[] v64 = JCSystem.makeTransientShortArray((short)4, JCSystem.MEMORY_TYPE_TRANSIENT_RESET);; // add64(v64, low31); // add64(v64, r31); // //// int v = (int) ((a & 0x7FFFFFFF) + (a >>> 31)); // and64_7FFFFFFF_to32(v64, low31); // shr64u_31(v64, r31); // short[] vv = JCSystem.makeTransientShortArray((short)4, JCSystem.MEMORY_TYPE_TRANSIENT_RESET);; // add64(vv, low31); // add64(vv, r31); // // short v_lo = vv[0]; // short v_hi = (short)(vv[1] & 0x7FFF); // //// LFSR左移 //// System.arraycopy(LFSR, 1, LFSR, 0, 15); // // LFSR_lo 向左移 // for (short i = 0; i < (short)15; i++) { // state.LFSR_lo[i] = state.LFSR_lo[(short)(i + 1)]; // } // // LFSR_hi 向左移 // for (short i = 0; i < (short)15; i++) { // state.LFSR_hi[i] = state.LFSR_hi[(short)(i + 1)]; // } // //// LFSR[15] = v; // state.LFSR_lo[15] = v_lo; // state.LFSR_hi[15] = v_hi; // // state.R1_lo = R1[0]; state.R1_hi = R1[1]; // state.R2_lo = R2[0]; state.R2_hi = R2[1]; // } //} //