signalapp/noise-java
signalapp/noise-java
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: signalapp:master
Branches Tags
signalapp:master
signalapp:defer_nonce_increment_upstream
signalapp:github-actions
signalapp:gh-pages
signalapp:noise-java-0.1.1
signalapp:noise-java-0.1.0
...
pull from: signalapp:gh-pages
Branches Tags
signalapp:master
signalapp:defer_nonce_increment_upstream
signalapp:github-actions
signalapp:gh-pages
signalapp:noise-java-0.1.1
signalapp:noise-java-0.1.0

No commits in common. "master" and "gh-pages" have entirely different histories.
master ... gh-pages

73 changed files with 5339 additions and 32962 deletions
Show Stats Expand all files Collapse all files

24
.github/workflows/test.yml vendored
View File

@ -1,24 +0,0 @@
name: Build/test
on: [push]
jobs:
test:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-22.04]
java: [8, 11, 17, 21]
fail-fast: false
name: JDK ${{ matrix.java }}
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Set up JDK
uses: actions/setup-java@9704b39bf258b59bc04b50fa2dd55e9ed76b47a8 # v4.1.0
with:
java-version: ${{ matrix.java }}
distribution: 'temurin'
cache: maven
- name: Test with Maven
run: mvn verify -B --file pom.xml

8
.gitignore vendored
View File

@ -1,8 +0,0 @@
target
.classpath
.metadata
.project
doc
*.class
*.iml
.idea/

19
LICENSE.txt
View File

@ -1,19 +0,0 @@
Copyright (C) 2016 Southern Storm Software, Pty Ltd.
Permission is hereby granted, free of charge, to any person obtaining a
copy of this software and associated documentation files (the "Software"),
to deal in the Software without restriction, including without limitation
the rights to use, copy, modify, merge, publish, distribute, sublicense,
and/or sell copies of the Software, and to permit persons to whom the
Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included
in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
DEALINGS IN THE SOFTWARE.

48
README.md
View File

@ -1,48 +0,0 @@
This project is a fork of https://github.com/rweather/noise-java. The goal of
this fork is to make Noise-Java available via common artifact repositories like
[Maven Central](https://search.maven.org/). Substantive changes will be offered
as pull requests upstream wherever possible.
To avoid namespace collisions, the group identifier in this project's POM has
been changed to `org.signal.forks`, though package names within the artifact
have not changed.
The original README continues below.
----
Noise-Java Library
==================
Noise-Java is a plain Java implementation of the
[Noise Protocol](http://noiseprotocol.org), intended as a
reference implementation. The code is distributed under the
terms of the MIT license.
This library is written in plain Java, making use of the Java Cryptography
Extension (JCE) to provide cryptographic primitives and infrastructure.
When a primitive is not supported by the platform's JDK, Noise-Java provides
a fallback implementation in plain Java.
The following algorithms are commonly available in standard JDK's and
Noise-Java will try to use them if present:
* SHA-256
* SHA-512
* AES/CTR/NoPadding
Some JDK installations restrict the use of 256-bit AES keys. You may need to
install the "Unlimited Strength Policy Files" for your JDK to get around this
restriction. Alternatively, the plain Java fallback implementation of AESGCM
in Noise-Java does not have any such restrictions.
If you have better implementations of the cryptographic primitives
available, you can modify the createDH(), createCipher(), and
createHash() functions in the "Noise" class to integrate your versions.
The [package documentation](https://rweather.github.io/noise-java/index.html)
contains more information on the classes in the Noise-Java library.
For more information on this library, to report bugs, to contribute,
or to suggest improvements, please contact the author Rhys Weatherley via
[email](mailto:rhys.weatherley@gmail.com).

24
allclasses-frame.html Normal file
View File

@ -0,0 +1,24 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!-- NewPage -->
<html lang="en">
<head>
<!-- Generated by javadoc (version 1.7.0_111) on Sun Oct 09 08:50:35 AEST 2016 -->
<title>All Classes (Noise-Java)</title>
<meta name="date" content="2016-10-09">
<link rel="stylesheet" type="text/css" href="stylesheet.css" title="Style">
</head>
<body>
<h1 class="bar">All Classes</h1>
<div class="indexContainer">
<ul>
<li><a href="com/southernstorm/noise/protocol/CipherState.html" title="interface in com.southernstorm.noise.protocol" target="classFrame"><i>CipherState</i></a></li>
<li><a href="com/southernstorm/noise/protocol/CipherStatePair.html" title="class in com.southernstorm.noise.protocol" target="classFrame">CipherStatePair</a></li>
<li><a href="com/southernstorm/noise/protocol/Destroyable.html" title="interface in com.southernstorm.noise.protocol" target="classFrame"><i>Destroyable</i></a></li>
<li><a href="com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol" target="classFrame"><i>DHState</i></a></li>
<li><a href="com/southernstorm/noise/protocol/DHStateHybrid.html" title="interface in com.southernstorm.noise.protocol" target="classFrame"><i>DHStateHybrid</i></a></li>
<li><a href="com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol" target="classFrame">HandshakeState</a></li>
<li><a href="com/southernstorm/noise/protocol/Noise.html" title="class in com.southernstorm.noise.protocol" target="classFrame">Noise</a></li>
</ul>
</div>
</body>
</html>

24
allclasses-noframe.html Normal file
View File

@ -0,0 +1,24 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!-- NewPage -->
<html lang="en">
<head>
<!-- Generated by javadoc (version 1.7.0_111) on Sun Oct 09 08:50:35 AEST 2016 -->
<title>All Classes (Noise-Java)</title>
<meta name="date" content="2016-10-09">
<link rel="stylesheet" type="text/css" href="stylesheet.css" title="Style">
</head>
<body>
<h1 class="bar">All Classes</h1>
<div class="indexContainer">
<ul>
<li><a href="com/southernstorm/noise/protocol/CipherState.html" title="interface in com.southernstorm.noise.protocol"><i>CipherState</i></a></li>
<li><a href="com/southernstorm/noise/protocol/CipherStatePair.html" title="class in com.southernstorm.noise.protocol">CipherStatePair</a></li>
<li><a href="com/southernstorm/noise/protocol/Destroyable.html" title="interface in com.southernstorm.noise.protocol"><i>Destroyable</i></a></li>
<li><a href="com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol"><i>DHState</i></a></li>
<li><a href="com/southernstorm/noise/protocol/DHStateHybrid.html" title="interface in com.southernstorm.noise.protocol"><i>DHStateHybrid</i></a></li>
<li><a href="com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol">HandshakeState</a></li>
<li><a href="com/southernstorm/noise/protocol/Noise.html" title="class in com.southernstorm.noise.protocol">Noise</a></li>
</ul>
</div>
</body>
</html>

426
com/southernstorm/noise/protocol/CipherState.html Normal file
View File

@ -0,0 +1,426 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!-- NewPage -->
<html lang="en">
<head>
<!-- Generated by javadoc (version 1.7.0_111) on Sun Oct 09 08:50:35 AEST 2016 -->
<title>CipherState (Noise-Java)</title>
<meta name="date" content="2016-10-09">
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="Style">
</head>
<body>
<script type="text/javascript"><!--
if (location.href.indexOf('is-external=true') == -1) {
parent.document.title="CipherState (Noise-Java)";
}
//-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
<!-- ========= START OF TOP NAVBAR ======= -->
<div class="topNav"><a name="navbar_top">
<!-- -->
</a><a href="#skip-navbar_top" title="Skip navigation links"></a><a name="navbar_top_firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../com/southernstorm/noise/protocol/package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../index-all.html">Index</a></li>
<li><a href="../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList">
<li>Prev Class</li>
<li><a href="../../../../com/southernstorm/noise/protocol/CipherStatePair.html" title="class in com.southernstorm.noise.protocol"><span class="strong">Next Class</span></a></li>
</ul>
<ul class="navList">
<li><a href="../../../../index.html?com/southernstorm/noise/protocol/CipherState.html" target="_top">Frames</a></li>
<li><a href="CipherState.html" target="_top">No Frames</a></li>
</ul>
<ul class="navList" id="allclasses_navbar_top">
<li><a href="../../../../allclasses-noframe.html">All Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_top");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li>Nested&nbsp;|&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li>Constr&nbsp;|&nbsp;</li>
<li><a href="#method_summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li>Constr&nbsp;|&nbsp;</li>
<li><a href="#method_detail">Method</a></li>
</ul>
</div>
<a name="skip-navbar_top">
<!-- -->
</a></div>
<!-- ========= END OF TOP NAVBAR ========= -->
<!-- ======== START OF CLASS DATA ======== -->
<div class="header">
<div class="subTitle">com.southernstorm.noise.protocol</div>
<h2 title="Interface CipherState" class="title">Interface CipherState</h2>
</div>
<div class="contentContainer">
<div class="description">
<ul class="blockList">
<li class="blockList">
<dl>
<dt>All Superinterfaces:</dt>
<dd><a href="../../../../com/southernstorm/noise/protocol/Destroyable.html" title="interface in com.southernstorm.noise.protocol">Destroyable</a></dd>
</dl>
<hr>
<br>
<pre>public interface <span class="strong">CipherState</span>
extends <a href="../../../../com/southernstorm/noise/protocol/Destroyable.html" title="interface in com.southernstorm.noise.protocol">Destroyable</a></pre>
<div class="block">Interface to an authenticated cipher for use in the Noise protocol.
CipherState objects are used to encrypt or decrypt data during a
session. Once the handshake has completed, HandshakeState.split()
will create two CipherState objects for encrypting packets sent to
the other party, and decrypting packets received from the other party.</div>
</li>
</ul>
</div>
<div class="summary">
<ul class="blockList">
<li class="blockList">
<!-- ========== METHOD SUMMARY =========== -->
<ul class="blockList">
<li class="blockList"><a name="method_summary">
<!-- -->
</a>
<h3>Method Summary</h3>
<table class="overviewSummary" border="0" cellpadding="3" cellspacing="0" summary="Method Summary table, listing methods, and an explanation">
<caption><span>Methods</span><span class="tabEnd">&nbsp;</span></caption>
<tr>
<th class="colFirst" scope="col">Modifier and Type</th>
<th class="colLast" scope="col">Method and Description</th>
</tr>
<tr class="altColor">
<td class="colFirst"><code>int</code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/CipherState.html#decryptWithAd(byte[],%20byte[],%20int,%20byte[],%20int,%20int)">decryptWithAd</a></strong>(byte[]&nbsp;ad,
byte[]&nbsp;ciphertext,
int&nbsp;ciphertextOffset,
byte[]&nbsp;plaintext,
int&nbsp;plaintextOffset,
int&nbsp;length)</code>
<div class="block">Decrypts a ciphertext buffer using the cipher and a block of associated data.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>int</code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/CipherState.html#encryptWithAd(byte[],%20byte[],%20int,%20byte[],%20int,%20int)">encryptWithAd</a></strong>(byte[]&nbsp;ad,
byte[]&nbsp;plaintext,
int&nbsp;plaintextOffset,
byte[]&nbsp;ciphertext,
int&nbsp;ciphertextOffset,
int&nbsp;length)</code>
<div class="block">Encrypts a plaintext buffer using the cipher and a block of associated data.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code><a href="../../../../com/southernstorm/noise/protocol/CipherState.html" title="interface in com.southernstorm.noise.protocol">CipherState</a></code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/CipherState.html#fork(byte[],%20int)">fork</a></strong>(byte[]&nbsp;key,
int&nbsp;offset)</code>
<div class="block">Creates a new instance of this cipher and initializes it with a key.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>java.lang.String</code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/CipherState.html#getCipherName()">getCipherName</a></strong>()</code>
<div class="block">Gets the Noise protocol name for this cipher.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>int</code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/CipherState.html#getKeyLength()">getKeyLength</a></strong>()</code>
<div class="block">Gets the length of the key values for this cipher.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>int</code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/CipherState.html#getMACLength()">getMACLength</a></strong>()</code>
<div class="block">Gets the length of the MAC values for this cipher.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>boolean</code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/CipherState.html#hasKey()">hasKey</a></strong>()</code>
<div class="block">Determine if this cipher object has been configured with a key.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/CipherState.html#initializeKey(byte[],%20int)">initializeKey</a></strong>(byte[]&nbsp;key,
int&nbsp;offset)</code>
<div class="block">Initializes the key on this cipher object.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/CipherState.html#setNonce(long)">setNonce</a></strong>(long&nbsp;nonce)</code>
<div class="block">Sets the nonce value.</div>
</td>
</tr>
</table>
<ul class="blockList">
<li class="blockList"><a name="methods_inherited_from_class_com.southernstorm.noise.protocol.Destroyable">
<!-- -->
</a>
<h3>Methods inherited from interface&nbsp;com.southernstorm.noise.protocol.<a href="../../../../com/southernstorm/noise/protocol/Destroyable.html" title="interface in com.southernstorm.noise.protocol">Destroyable</a></h3>
<code><a href="../../../../com/southernstorm/noise/protocol/Destroyable.html#destroy()">destroy</a></code></li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
<div class="details">
<ul class="blockList">
<li class="blockList">
<!-- ============ METHOD DETAIL ========== -->
<ul class="blockList">
<li class="blockList"><a name="method_detail">
<!-- -->
</a>
<h3>Method Detail</h3>
<a name="getCipherName()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>getCipherName</h4>
<pre>java.lang.String&nbsp;getCipherName()</pre>
<div class="block">Gets the Noise protocol name for this cipher.</div>
<dl><dt><span class="strong">Returns:</span></dt><dd>The cipher name.</dd></dl>
</li>
</ul>
<a name="getKeyLength()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>getKeyLength</h4>
<pre>int&nbsp;getKeyLength()</pre>
<div class="block">Gets the length of the key values for this cipher.</div>
<dl><dt><span class="strong">Returns:</span></dt><dd>The length of the key in bytes; usually 32.</dd></dl>
</li>
</ul>
<a name="getMACLength()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>getMACLength</h4>
<pre>int&nbsp;getMACLength()</pre>
<div class="block">Gets the length of the MAC values for this cipher.</div>
<dl><dt><span class="strong">Returns:</span></dt><dd>The length of MAC values in bytes, or zero if the
key has not yet been initialized.</dd></dl>
</li>
</ul>
<a name="initializeKey(byte[], int)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>initializeKey</h4>
<pre>void&nbsp;initializeKey(byte[]&nbsp;key,
int&nbsp;offset)</pre>
<div class="block">Initializes the key on this cipher object.</div>
<dl><dt><span class="strong">Parameters:</span></dt><dd><code>key</code> - Points to a buffer that contains the key.</dd><dd><code>offset</code> - The offset of the key in the key buffer.
The key buffer must contain at least getKeyLength() bytes
starting at offset.</dd><dt><span class="strong">See Also:</span></dt><dd><a href="../../../../com/southernstorm/noise/protocol/CipherState.html#hasKey()"><code>hasKey()</code></a></dd></dl>
</li>
</ul>
<a name="hasKey()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>hasKey</h4>
<pre>boolean&nbsp;hasKey()</pre>
<div class="block">Determine if this cipher object has been configured with a key.</div>
<dl><dt><span class="strong">Returns:</span></dt><dd>true if this cipher object has a key; false if the
key has not yet been set with initializeKey().</dd><dt><span class="strong">See Also:</span></dt><dd><a href="../../../../com/southernstorm/noise/protocol/CipherState.html#initializeKey(byte[],%20int)"><code>initializeKey(byte[], int)</code></a></dd></dl>
</li>
</ul>
<a name="encryptWithAd(byte[], byte[], int, byte[], int, int)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>encryptWithAd</h4>
<pre>int&nbsp;encryptWithAd(byte[]&nbsp;ad,
byte[]&nbsp;plaintext,
int&nbsp;plaintextOffset,
byte[]&nbsp;ciphertext,
int&nbsp;ciphertextOffset,
int&nbsp;length)
throws javax.crypto.ShortBufferException</pre>
<div class="block">Encrypts a plaintext buffer using the cipher and a block of associated data.</div>
<dl><dt><span class="strong">Parameters:</span></dt><dd><code>ad</code> - The associated data, or null if there is none.</dd><dd><code>plaintext</code> - The buffer containing the plaintext to encrypt.</dd><dd><code>plaintextOffset</code> - The offset within the plaintext buffer of the
first byte or plaintext data.</dd><dd><code>ciphertext</code> - The buffer to place the ciphertext in. This can
be the same as the plaintext buffer.</dd><dd><code>ciphertextOffset</code> - The first offset within the ciphertext buffer
to place the ciphertext and the MAC tag.</dd><dd><code>length</code> - The length of the plaintext.</dd>
<dt><span class="strong">Returns:</span></dt><dd>The length of the ciphertext plus the MAC tag, or -1 if the
ciphertext buffer is not large enough to hold the result.</dd>
<dt><span class="strong">Throws:</span></dt>
<dd><code>javax.crypto.ShortBufferException</code> - The ciphertext buffer does not have
enough space to hold the ciphertext plus MAC.</dd>
<dd><code>java.lang.IllegalStateException</code> - The nonce has wrapped around.
The plaintext and ciphertext buffers can be the same for in-place
encryption. In that case, plaintextOffset must be identical to
ciphertextOffset.
There must be enough space in the ciphertext buffer to accomodate
length + getMACLength() bytes of data starting at ciphertextOffset.</dd></dl>
</li>
</ul>
<a name="decryptWithAd(byte[], byte[], int, byte[], int, int)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>decryptWithAd</h4>
<pre>int&nbsp;decryptWithAd(byte[]&nbsp;ad,
byte[]&nbsp;ciphertext,
int&nbsp;ciphertextOffset,
byte[]&nbsp;plaintext,
int&nbsp;plaintextOffset,
int&nbsp;length)
throws javax.crypto.ShortBufferException,
javax.crypto.BadPaddingException</pre>
<div class="block">Decrypts a ciphertext buffer using the cipher and a block of associated data.</div>
<dl><dt><span class="strong">Parameters:</span></dt><dd><code>ad</code> - The associated data, or null if there is none.</dd><dd><code>ciphertext</code> - The buffer containing the ciphertext to decrypt.</dd><dd><code>ciphertextOffset</code> - The offset within the ciphertext buffer of
the first byte of ciphertext data.</dd><dd><code>plaintext</code> - The buffer to place the plaintext in. This can be
the same as the ciphertext buffer.</dd><dd><code>plaintextOffset</code> - The first offset within the plaintext buffer
to place the plaintext.</dd><dd><code>length</code> - The length of the incoming ciphertext plus the MAC tag.</dd>
<dt><span class="strong">Returns:</span></dt><dd>The length of the plaintext with the MAC tag stripped off.</dd>
<dt><span class="strong">Throws:</span></dt>
<dd><code>javax.crypto.ShortBufferException</code> - The plaintext buffer does not have
enough space to store the decrypted data.</dd>
<dd><code>javax.crypto.BadPaddingException</code> - The MAC value failed to verify.</dd>
<dd><code>java.lang.IllegalStateException</code> - The nonce has wrapped around.
The plaintext and ciphertext buffers can be the same for in-place
decryption. In that case, ciphertextOffset must be identical to
plaintextOffset.</dd></dl>
</li>
</ul>
<a name="fork(byte[], int)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>fork</h4>
<pre><a href="../../../../com/southernstorm/noise/protocol/CipherState.html" title="interface in com.southernstorm.noise.protocol">CipherState</a>&nbsp;fork(byte[]&nbsp;key,
int&nbsp;offset)</pre>
<div class="block">Creates a new instance of this cipher and initializes it with a key.</div>
<dl><dt><span class="strong">Parameters:</span></dt><dd><code>key</code> - The buffer containing the key.</dd><dd><code>offset</code> - The offset into the key buffer of the first key byte.</dd>
<dt><span class="strong">Returns:</span></dt><dd>A new CipherState of the same class as this one.</dd></dl>
</li>
</ul>
<a name="setNonce(long)">
<!-- -->
</a>
<ul class="blockListLast">
<li class="blockList">
<h4>setNonce</h4>
<pre>void&nbsp;setNonce(long&nbsp;nonce)</pre>
<div class="block">Sets the nonce value.</div>
<dl><dt><span class="strong">Parameters:</span></dt><dd><code>nonce</code> - The new nonce value, which must be greater than or equal
to the current value.
This function is intended for testing purposes only. If the nonce
value goes backwards then security may be compromised.</dd></dl>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
</div>
<!-- ========= END OF CLASS DATA ========= -->
<!-- ======= START OF BOTTOM NAVBAR ====== -->
<div class="bottomNav"><a name="navbar_bottom">
<!-- -->
</a><a href="#skip-navbar_bottom" title="Skip navigation links"></a><a name="navbar_bottom_firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../com/southernstorm/noise/protocol/package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../index-all.html">Index</a></li>
<li><a href="../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList">
<li>Prev Class</li>
<li><a href="../../../../com/southernstorm/noise/protocol/CipherStatePair.html" title="class in com.southernstorm.noise.protocol"><span class="strong">Next Class</span></a></li>
</ul>
<ul class="navList">
<li><a href="../../../../index.html?com/southernstorm/noise/protocol/CipherState.html" target="_top">Frames</a></li>
<li><a href="CipherState.html" target="_top">No Frames</a></li>
</ul>
<ul class="navList" id="allclasses_navbar_bottom">
<li><a href="../../../../allclasses-noframe.html">All Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_bottom");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li>Nested&nbsp;|&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li>Constr&nbsp;|&nbsp;</li>
<li><a href="#method_summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li>Constr&nbsp;|&nbsp;</li>
<li><a href="#method_detail">Method</a></li>
</ul>
</div>
<a name="skip-navbar_bottom">
<!-- -->
</a></div>
<!-- ======== END OF BOTTOM NAVBAR ======= -->
</body>
</html>

360
com/southernstorm/noise/protocol/CipherStatePair.html Normal file
View File

@ -0,0 +1,360 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!-- NewPage -->
<html lang="en">
<head>
<!-- Generated by javadoc (version 1.7.0_111) on Sun Oct 09 08:50:35 AEST 2016 -->
<title>CipherStatePair (Noise-Java)</title>
<meta name="date" content="2016-10-09">
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="Style">
</head>
<body>
<script type="text/javascript"><!--
if (location.href.indexOf('is-external=true') == -1) {
parent.document.title="CipherStatePair (Noise-Java)";
}
//-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
<!-- ========= START OF TOP NAVBAR ======= -->
<div class="topNav"><a name="navbar_top">
<!-- -->
</a><a href="#skip-navbar_top" title="Skip navigation links"></a><a name="navbar_top_firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../com/southernstorm/noise/protocol/package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../index-all.html">Index</a></li>
<li><a href="../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList">
<li><a href="../../../../com/southernstorm/noise/protocol/CipherState.html" title="interface in com.southernstorm.noise.protocol"><span class="strong">Prev Class</span></a></li>
<li><a href="../../../../com/southernstorm/noise/protocol/Destroyable.html" title="interface in com.southernstorm.noise.protocol"><span class="strong">Next Class</span></a></li>
</ul>
<ul class="navList">
<li><a href="../../../../index.html?com/southernstorm/noise/protocol/CipherStatePair.html" target="_top">Frames</a></li>
<li><a href="CipherStatePair.html" target="_top">No Frames</a></li>
</ul>
<ul class="navList" id="allclasses_navbar_top">
<li><a href="../../../../allclasses-noframe.html">All Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_top");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li>Nested&nbsp;|&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="#constructor_summary">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="#method_summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="#constructor_detail">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="#method_detail">Method</a></li>
</ul>
</div>
<a name="skip-navbar_top">
<!-- -->
</a></div>
<!-- ========= END OF TOP NAVBAR ========= -->
<!-- ======== START OF CLASS DATA ======== -->
<div class="header">
<div class="subTitle">com.southernstorm.noise.protocol</div>
<h2 title="Class CipherStatePair" class="title">Class CipherStatePair</h2>
</div>
<div class="contentContainer">
<ul class="inheritance">
<li>java.lang.Object</li>
<li>
<ul class="inheritance">
<li>com.southernstorm.noise.protocol.CipherStatePair</li>
</ul>
</li>
</ul>
<div class="description">
<ul class="blockList">
<li class="blockList">
<dl>
<dt>All Implemented Interfaces:</dt>
<dd><a href="../../../../com/southernstorm/noise/protocol/Destroyable.html" title="interface in com.southernstorm.noise.protocol">Destroyable</a></dd>
</dl>
<hr>
<br>
<pre>public final class <span class="strong">CipherStatePair</span>
extends java.lang.Object
implements <a href="../../../../com/southernstorm/noise/protocol/Destroyable.html" title="interface in com.southernstorm.noise.protocol">Destroyable</a></pre>
<div class="block">Class that contains a pair of CipherState objects.
CipherState pairs typically arise when HandshakeState.split() is called.</div>
</li>
</ul>
</div>
<div class="summary">
<ul class="blockList">
<li class="blockList">
<!-- ======== CONSTRUCTOR SUMMARY ======== -->
<ul class="blockList">
<li class="blockList"><a name="constructor_summary">
<!-- -->
</a>
<h3>Constructor Summary</h3>
<table class="overviewSummary" border="0" cellpadding="3" cellspacing="0" summary="Constructor Summary table, listing constructors, and an explanation">
<caption><span>Constructors</span><span class="tabEnd">&nbsp;</span></caption>
<tr>
<th class="colOne" scope="col">Constructor and Description</th>
</tr>
<tr class="altColor">
<td class="colOne"><code><strong><a href="../../../../com/southernstorm/noise/protocol/CipherStatePair.html#CipherStatePair(com.southernstorm.noise.protocol.CipherState,%20com.southernstorm.noise.protocol.CipherState)">CipherStatePair</a></strong>(<a href="../../../../com/southernstorm/noise/protocol/CipherState.html" title="interface in com.southernstorm.noise.protocol">CipherState</a>&nbsp;sender,
<a href="../../../../com/southernstorm/noise/protocol/CipherState.html" title="interface in com.southernstorm.noise.protocol">CipherState</a>&nbsp;receiver)</code>
<div class="block">Constructs a pair of CipherState objects.</div>
</td>
</tr>
</table>
</li>
</ul>
<!-- ========== METHOD SUMMARY =========== -->
<ul class="blockList">
<li class="blockList"><a name="method_summary">
<!-- -->
</a>
<h3>Method Summary</h3>
<table class="overviewSummary" border="0" cellpadding="3" cellspacing="0" summary="Method Summary table, listing methods, and an explanation">
<caption><span>Methods</span><span class="tabEnd">&nbsp;</span></caption>
<tr>
<th class="colFirst" scope="col">Modifier and Type</th>
<th class="colLast" scope="col">Method and Description</th>
</tr>
<tr class="altColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/CipherStatePair.html#destroy()">destroy</a></strong>()</code>
<div class="block">Destroys all sensitive state in the current object.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code><a href="../../../../com/southernstorm/noise/protocol/CipherState.html" title="interface in com.southernstorm.noise.protocol">CipherState</a></code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/CipherStatePair.html#getReceiver()">getReceiver</a></strong>()</code>
<div class="block">Gets the CipherState to use to receive packets from the remote party.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code><a href="../../../../com/southernstorm/noise/protocol/CipherState.html" title="interface in com.southernstorm.noise.protocol">CipherState</a></code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/CipherStatePair.html#getSender()">getSender</a></strong>()</code>
<div class="block">Gets the CipherState to use to send packets to the remote party.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/CipherStatePair.html#receiverOnly()">receiverOnly</a></strong>()</code>
<div class="block">Destroys the sending CipherState and retains only the receiving CipherState.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/CipherStatePair.html#senderOnly()">senderOnly</a></strong>()</code>
<div class="block">Destroys the receiving CipherState and retains only the sending CipherState.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/CipherStatePair.html#swap()">swap</a></strong>()</code>
<div class="block">Swaps the sender and receiver.</div>
</td>
</tr>
</table>
<ul class="blockList">
<li class="blockList"><a name="methods_inherited_from_class_java.lang.Object">
<!-- -->
</a>
<h3>Methods inherited from class&nbsp;java.lang.Object</h3>
<code>clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait</code></li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
<div class="details">
<ul class="blockList">
<li class="blockList">
<!-- ========= CONSTRUCTOR DETAIL ======== -->
<ul class="blockList">
<li class="blockList"><a name="constructor_detail">
<!-- -->
</a>
<h3>Constructor Detail</h3>
<a name="CipherStatePair(com.southernstorm.noise.protocol.CipherState, com.southernstorm.noise.protocol.CipherState)">
<!-- -->
</a>
<ul class="blockListLast">
<li class="blockList">
<h4>CipherStatePair</h4>
<pre>public&nbsp;CipherStatePair(<a href="../../../../com/southernstorm/noise/protocol/CipherState.html" title="interface in com.southernstorm.noise.protocol">CipherState</a>&nbsp;sender,
<a href="../../../../com/southernstorm/noise/protocol/CipherState.html" title="interface in com.southernstorm.noise.protocol">CipherState</a>&nbsp;receiver)</pre>
<div class="block">Constructs a pair of CipherState objects.</div>
<dl><dt><span class="strong">Parameters:</span></dt><dd><code>sender</code> - The CipherState to use to send packets to the remote party.</dd><dd><code>receiver</code> - The CipherState to use to receive packets from the remote party.</dd></dl>
</li>
</ul>
</li>
</ul>
<!-- ============ METHOD DETAIL ========== -->
<ul class="blockList">
<li class="blockList"><a name="method_detail">
<!-- -->
</a>
<h3>Method Detail</h3>
<a name="getSender()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>getSender</h4>
<pre>public&nbsp;<a href="../../../../com/southernstorm/noise/protocol/CipherState.html" title="interface in com.southernstorm.noise.protocol">CipherState</a>&nbsp;getSender()</pre>
<div class="block">Gets the CipherState to use to send packets to the remote party.</div>
<dl><dt><span class="strong">Returns:</span></dt><dd>The sending CipherState.</dd></dl>
</li>
</ul>
<a name="getReceiver()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>getReceiver</h4>
<pre>public&nbsp;<a href="../../../../com/southernstorm/noise/protocol/CipherState.html" title="interface in com.southernstorm.noise.protocol">CipherState</a>&nbsp;getReceiver()</pre>
<div class="block">Gets the CipherState to use to receive packets from the remote party.</div>
<dl><dt><span class="strong">Returns:</span></dt><dd>The receiving CipherState.</dd></dl>
</li>
</ul>
<a name="senderOnly()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>senderOnly</h4>
<pre>public&nbsp;void&nbsp;senderOnly()</pre>
<div class="block">Destroys the receiving CipherState and retains only the sending CipherState.
This function is intended for use with one-way handshake patterns.</div>
</li>
</ul>
<a name="receiverOnly()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>receiverOnly</h4>
<pre>public&nbsp;void&nbsp;receiverOnly()</pre>
<div class="block">Destroys the sending CipherState and retains only the receiving CipherState.
This function is intended for use with one-way handshake patterns.</div>
</li>
</ul>
<a name="swap()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>swap</h4>
<pre>public&nbsp;void&nbsp;swap()</pre>
<div class="block">Swaps the sender and receiver.</div>
</li>
</ul>
<a name="destroy()">
<!-- -->
</a>
<ul class="blockListLast">
<li class="blockList">
<h4>destroy</h4>
<pre>public&nbsp;void&nbsp;destroy()</pre>
<div class="block"><strong>Description copied from interface:&nbsp;<code><a href="../../../../com/southernstorm/noise/protocol/Destroyable.html#destroy()">Destroyable</a></code></strong></div>
<div class="block">Destroys all sensitive state in the current object.</div>
<dl>
<dt><strong>Specified by:</strong></dt>
<dd><code><a href="../../../../com/southernstorm/noise/protocol/Destroyable.html#destroy()">destroy</a></code>&nbsp;in interface&nbsp;<code><a href="../../../../com/southernstorm/noise/protocol/Destroyable.html" title="interface in com.southernstorm.noise.protocol">Destroyable</a></code></dd>
</dl>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
</div>
<!-- ========= END OF CLASS DATA ========= -->
<!-- ======= START OF BOTTOM NAVBAR ====== -->
<div class="bottomNav"><a name="navbar_bottom">
<!-- -->
</a><a href="#skip-navbar_bottom" title="Skip navigation links"></a><a name="navbar_bottom_firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../com/southernstorm/noise/protocol/package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../index-all.html">Index</a></li>
<li><a href="../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList">
<li><a href="../../../../com/southernstorm/noise/protocol/CipherState.html" title="interface in com.southernstorm.noise.protocol"><span class="strong">Prev Class</span></a></li>
<li><a href="../../../../com/southernstorm/noise/protocol/Destroyable.html" title="interface in com.southernstorm.noise.protocol"><span class="strong">Next Class</span></a></li>
</ul>
<ul class="navList">
<li><a href="../../../../index.html?com/southernstorm/noise/protocol/CipherStatePair.html" target="_top">Frames</a></li>
<li><a href="CipherStatePair.html" target="_top">No Frames</a></li>
</ul>
<ul class="navList" id="allclasses_navbar_bottom">
<li><a href="../../../../allclasses-noframe.html">All Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_bottom");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li>Nested&nbsp;|&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="#constructor_summary">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="#method_summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="#constructor_detail">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="#method_detail">Method</a></li>
</ul>
</div>
<a name="skip-navbar_bottom">
<!-- -->
</a></div>
<!-- ======== END OF BOTTOM NAVBAR ======= -->
</body>
</html>

502
com/southernstorm/noise/protocol/DHState.html Normal file
View File

@ -0,0 +1,502 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!-- NewPage -->
<html lang="en">
<head>
<!-- Generated by javadoc (version 1.7.0_111) on Sun Oct 09 08:50:35 AEST 2016 -->
<title>DHState (Noise-Java)</title>
<meta name="date" content="2016-10-09">
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="Style">
</head>
<body>
<script type="text/javascript"><!--
if (location.href.indexOf('is-external=true') == -1) {
parent.document.title="DHState (Noise-Java)";
}
//-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
<!-- ========= START OF TOP NAVBAR ======= -->
<div class="topNav"><a name="navbar_top">
<!-- -->
</a><a href="#skip-navbar_top" title="Skip navigation links"></a><a name="navbar_top_firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../com/southernstorm/noise/protocol/package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../index-all.html">Index</a></li>
<li><a href="../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList">
<li><a href="../../../../com/southernstorm/noise/protocol/Destroyable.html" title="interface in com.southernstorm.noise.protocol"><span class="strong">Prev Class</span></a></li>
<li><a href="../../../../com/southernstorm/noise/protocol/DHStateHybrid.html" title="interface in com.southernstorm.noise.protocol"><span class="strong">Next Class</span></a></li>
</ul>
<ul class="navList">
<li><a href="../../../../index.html?com/southernstorm/noise/protocol/DHState.html" target="_top">Frames</a></li>
<li><a href="DHState.html" target="_top">No Frames</a></li>
</ul>
<ul class="navList" id="allclasses_navbar_top">
<li><a href="../../../../allclasses-noframe.html">All Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_top");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li>Nested&nbsp;|&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li>Constr&nbsp;|&nbsp;</li>
<li><a href="#method_summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li>Constr&nbsp;|&nbsp;</li>
<li><a href="#method_detail">Method</a></li>
</ul>
</div>
<a name="skip-navbar_top">
<!-- -->
</a></div>
<!-- ========= END OF TOP NAVBAR ========= -->
<!-- ======== START OF CLASS DATA ======== -->
<div class="header">
<div class="subTitle">com.southernstorm.noise.protocol</div>
<h2 title="Interface DHState" class="title">Interface DHState</h2>
</div>
<div class="contentContainer">
<div class="description">
<ul class="blockList">
<li class="blockList">
<dl>
<dt>All Superinterfaces:</dt>
<dd><a href="../../../../com/southernstorm/noise/protocol/Destroyable.html" title="interface in com.southernstorm.noise.protocol">Destroyable</a></dd>
</dl>
<dl>
<dt>All Known Subinterfaces:</dt>
<dd><a href="../../../../com/southernstorm/noise/protocol/DHStateHybrid.html" title="interface in com.southernstorm.noise.protocol">DHStateHybrid</a></dd>
</dl>
<hr>
<br>
<pre>public interface <span class="strong">DHState</span>
extends <a href="../../../../com/southernstorm/noise/protocol/Destroyable.html" title="interface in com.southernstorm.noise.protocol">Destroyable</a></pre>
<div class="block">Interface to a Diffie-Hellman algorithm for the Noise protocol.</div>
</li>
</ul>
</div>
<div class="summary">
<ul class="blockList">
<li class="blockList">
<!-- ========== METHOD SUMMARY =========== -->
<ul class="blockList">
<li class="blockList"><a name="method_summary">
<!-- -->
</a>
<h3>Method Summary</h3>
<table class="overviewSummary" border="0" cellpadding="3" cellspacing="0" summary="Method Summary table, listing methods, and an explanation">
<caption><span>Methods</span><span class="tabEnd">&nbsp;</span></caption>
<tr>
<th class="colFirst" scope="col">Modifier and Type</th>
<th class="colLast" scope="col">Method and Description</th>
</tr>
<tr class="altColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/DHState.html#calculate(byte[],%20int,%20com.southernstorm.noise.protocol.DHState)">calculate</a></strong>(byte[]&nbsp;sharedKey,
int&nbsp;offset,
<a href="../../../../com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol">DHState</a>&nbsp;publicDH)</code>
<div class="block">Performs a Diffie-Hellman calculation with this object as the private key.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/DHState.html#clearKey()">clearKey</a></strong>()</code>
<div class="block">Clears the key pair.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/DHState.html#copyFrom(com.southernstorm.noise.protocol.DHState)">copyFrom</a></strong>(<a href="../../../../com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol">DHState</a>&nbsp;other)</code>
<div class="block">Copies the key values from another DH object of the same type.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/DHState.html#generateKeyPair()">generateKeyPair</a></strong>()</code>
<div class="block">Generates a new random keypair.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>java.lang.String</code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/DHState.html#getDHName()">getDHName</a></strong>()</code>
<div class="block">Gets the Noise protocol name for this Diffie-Hellman algorithm.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/DHState.html#getPrivateKey(byte[],%20int)">getPrivateKey</a></strong>(byte[]&nbsp;key,
int&nbsp;offset)</code>
<div class="block">Gets the private key associated with this object.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>int</code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/DHState.html#getPrivateKeyLength()">getPrivateKeyLength</a></strong>()</code>
<div class="block">Gets the length of private keys for this algorithm.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/DHState.html#getPublicKey(byte[],%20int)">getPublicKey</a></strong>(byte[]&nbsp;key,
int&nbsp;offset)</code>
<div class="block">Gets the public key associated with this object.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>int</code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/DHState.html#getPublicKeyLength()">getPublicKeyLength</a></strong>()</code>
<div class="block">Gets the length of public keys for this algorithm.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>int</code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/DHState.html#getSharedKeyLength()">getSharedKeyLength</a></strong>()</code>
<div class="block">Gets the length of shared keys for this algorithm.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>boolean</code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/DHState.html#hasPrivateKey()">hasPrivateKey</a></strong>()</code>
<div class="block">Determine if this object contains a private key.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>boolean</code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/DHState.html#hasPublicKey()">hasPublicKey</a></strong>()</code>
<div class="block">Determine if this object contains a public key.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>boolean</code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/DHState.html#isNullPublicKey()">isNullPublicKey</a></strong>()</code>
<div class="block">Determine if the public key in this object is the special null value.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/DHState.html#setPrivateKey(byte[],%20int)">setPrivateKey</a></strong>(byte[]&nbsp;key,
int&nbsp;offset)</code>
<div class="block">Sets the private key for this object.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/DHState.html#setPublicKey(byte[],%20int)">setPublicKey</a></strong>(byte[]&nbsp;key,
int&nbsp;offset)</code>
<div class="block">Sets the public key for this object.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/DHState.html#setToNullPublicKey()">setToNullPublicKey</a></strong>()</code>
<div class="block">Sets this object to the null public key and clears the private key.</div>
</td>
</tr>
</table>
<ul class="blockList">
<li class="blockList"><a name="methods_inherited_from_class_com.southernstorm.noise.protocol.Destroyable">
<!-- -->
</a>
<h3>Methods inherited from interface&nbsp;com.southernstorm.noise.protocol.<a href="../../../../com/southernstorm/noise/protocol/Destroyable.html" title="interface in com.southernstorm.noise.protocol">Destroyable</a></h3>
<code><a href="../../../../com/southernstorm/noise/protocol/Destroyable.html#destroy()">destroy</a></code></li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
<div class="details">
<ul class="blockList">
<li class="blockList">
<!-- ============ METHOD DETAIL ========== -->
<ul class="blockList">
<li class="blockList"><a name="method_detail">
<!-- -->
</a>
<h3>Method Detail</h3>
<a name="getDHName()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>getDHName</h4>
<pre>java.lang.String&nbsp;getDHName()</pre>
<div class="block">Gets the Noise protocol name for this Diffie-Hellman algorithm.</div>
<dl><dt><span class="strong">Returns:</span></dt><dd>The algorithm name.</dd></dl>
</li>
</ul>
<a name="getPublicKeyLength()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>getPublicKeyLength</h4>
<pre>int&nbsp;getPublicKeyLength()</pre>
<div class="block">Gets the length of public keys for this algorithm.</div>
<dl><dt><span class="strong">Returns:</span></dt><dd>The length of public keys in bytes.</dd></dl>
</li>
</ul>
<a name="getPrivateKeyLength()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>getPrivateKeyLength</h4>
<pre>int&nbsp;getPrivateKeyLength()</pre>
<div class="block">Gets the length of private keys for this algorithm.</div>
<dl><dt><span class="strong">Returns:</span></dt><dd>The length of private keys in bytes.</dd></dl>
</li>
</ul>
<a name="getSharedKeyLength()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>getSharedKeyLength</h4>
<pre>int&nbsp;getSharedKeyLength()</pre>
<div class="block">Gets the length of shared keys for this algorithm.</div>
<dl><dt><span class="strong">Returns:</span></dt><dd>The length of shared keys in bytes.</dd></dl>
</li>
</ul>
<a name="generateKeyPair()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>generateKeyPair</h4>
<pre>void&nbsp;generateKeyPair()</pre>
<div class="block">Generates a new random keypair.</div>
</li>
</ul>
<a name="getPublicKey(byte[], int)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>getPublicKey</h4>
<pre>void&nbsp;getPublicKey(byte[]&nbsp;key,
int&nbsp;offset)</pre>
<div class="block">Gets the public key associated with this object.</div>
<dl><dt><span class="strong">Parameters:</span></dt><dd><code>key</code> - The buffer to copy the public key to.</dd><dd><code>offset</code> - The first offset in the key buffer to copy to.</dd></dl>
</li>
</ul>
<a name="setPublicKey(byte[], int)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>setPublicKey</h4>
<pre>void&nbsp;setPublicKey(byte[]&nbsp;key,
int&nbsp;offset)</pre>
<div class="block">Sets the public key for this object.</div>
<dl><dt><span class="strong">Parameters:</span></dt><dd><code>key</code> - The buffer containing the public key.</dd><dd><code>offset</code> - The first offset in the buffer that contains the key.
If this object previously held a key pair, then this function
will change it into a public key only object.</dd></dl>
</li>
</ul>
<a name="getPrivateKey(byte[], int)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>getPrivateKey</h4>
<pre>void&nbsp;getPrivateKey(byte[]&nbsp;key,
int&nbsp;offset)</pre>
<div class="block">Gets the private key associated with this object.</div>
<dl><dt><span class="strong">Parameters:</span></dt><dd><code>key</code> - The buffer to copy the private key to.</dd><dd><code>offset</code> - The first offset in the key buffer to copy to.</dd></dl>
</li>
</ul>
<a name="setPrivateKey(byte[], int)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>setPrivateKey</h4>
<pre>void&nbsp;setPrivateKey(byte[]&nbsp;key,
int&nbsp;offset)</pre>
<div class="block">Sets the private key for this object.</div>
<dl><dt><span class="strong">Parameters:</span></dt><dd><code>key</code> - The buffer containing the [rivate key.</dd><dd><code>offset</code> - The first offset in the buffer that contains the key.
If this object previously held only a public key, then
this function will change it into a key pair.</dd></dl>
</li>
</ul>
<a name="setToNullPublicKey()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>setToNullPublicKey</h4>
<pre>void&nbsp;setToNullPublicKey()</pre>
<div class="block">Sets this object to the null public key and clears the private key.</div>
</li>
</ul>
<a name="clearKey()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>clearKey</h4>
<pre>void&nbsp;clearKey()</pre>
<div class="block">Clears the key pair.</div>
</li>
</ul>
<a name="hasPublicKey()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>hasPublicKey</h4>
<pre>boolean&nbsp;hasPublicKey()</pre>
<div class="block">Determine if this object contains a public key.</div>
<dl><dt><span class="strong">Returns:</span></dt><dd>Returns true if this object contains a public key,
or false if the public key has not yet been set.</dd></dl>
</li>
</ul>
<a name="hasPrivateKey()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>hasPrivateKey</h4>
<pre>boolean&nbsp;hasPrivateKey()</pre>
<div class="block">Determine if this object contains a private key.</div>
<dl><dt><span class="strong">Returns:</span></dt><dd>Returns true if this object contains a private key,
or false if the private key has not yet been set.</dd></dl>
</li>
</ul>
<a name="isNullPublicKey()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>isNullPublicKey</h4>
<pre>boolean&nbsp;isNullPublicKey()</pre>
<div class="block">Determine if the public key in this object is the special null value.</div>
<dl><dt><span class="strong">Returns:</span></dt><dd>Returns true if the public key is the special null value,
or false otherwise.</dd></dl>
</li>
</ul>
<a name="calculate(byte[], int, com.southernstorm.noise.protocol.DHState)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>calculate</h4>
<pre>void&nbsp;calculate(byte[]&nbsp;sharedKey,
int&nbsp;offset,
<a href="../../../../com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol">DHState</a>&nbsp;publicDH)</pre>
<div class="block">Performs a Diffie-Hellman calculation with this object as the private key.</div>
<dl><dt><span class="strong">Parameters:</span></dt><dd><code>sharedKey</code> - Buffer to put the shared key into.</dd><dd><code>offset</code> - Offset of the first byte for the shared key.</dd><dd><code>publicDH</code> - Object that contains the public key for the calculation.</dd>
<dt><span class="strong">Throws:</span></dt>
<dd><code>java.lang.IllegalArgumentException</code> - The publicDH object is not the same
type as this object, or one of the objects does not contain a valid key.</dd></dl>
</li>
</ul>
<a name="copyFrom(com.southernstorm.noise.protocol.DHState)">
<!-- -->
</a>
<ul class="blockListLast">
<li class="blockList">
<h4>copyFrom</h4>
<pre>void&nbsp;copyFrom(<a href="../../../../com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol">DHState</a>&nbsp;other)</pre>
<div class="block">Copies the key values from another DH object of the same type.</div>
<dl><dt><span class="strong">Parameters:</span></dt><dd><code>other</code> - The other DH object to copy from</dd>
<dt><span class="strong">Throws:</span></dt>
<dd><code>java.lang.IllegalStateException</code> - The other DH object does not have
the same type as this object.</dd></dl>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
</div>
<!-- ========= END OF CLASS DATA ========= -->
<!-- ======= START OF BOTTOM NAVBAR ====== -->
<div class="bottomNav"><a name="navbar_bottom">
<!-- -->
</a><a href="#skip-navbar_bottom" title="Skip navigation links"></a><a name="navbar_bottom_firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../com/southernstorm/noise/protocol/package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../index-all.html">Index</a></li>
<li><a href="../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList">
<li><a href="../../../../com/southernstorm/noise/protocol/Destroyable.html" title="interface in com.southernstorm.noise.protocol"><span class="strong">Prev Class</span></a></li>
<li><a href="../../../../com/southernstorm/noise/protocol/DHStateHybrid.html" title="interface in com.southernstorm.noise.protocol"><span class="strong">Next Class</span></a></li>
</ul>
<ul class="navList">
<li><a href="../../../../index.html?com/southernstorm/noise/protocol/DHState.html" target="_top">Frames</a></li>
<li><a href="DHState.html" target="_top">No Frames</a></li>
</ul>
<ul class="navList" id="allclasses_navbar_bottom">
<li><a href="../../../../allclasses-noframe.html">All Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_bottom");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li>Nested&nbsp;|&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li>Constr&nbsp;|&nbsp;</li>
<li><a href="#method_summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li>Constr&nbsp;|&nbsp;</li>
<li><a href="#method_detail">Method</a></li>
</ul>
</div>
<a name="skip-navbar_bottom">
<!-- -->
</a></div>
<!-- ======== END OF BOTTOM NAVBAR ======= -->
</body>
</html>

273
com/southernstorm/noise/protocol/DHStateHybrid.html Normal file
View File

@ -0,0 +1,273 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!-- NewPage -->
<html lang="en">
<head>
<!-- Generated by javadoc (version 1.7.0_111) on Sun Oct 09 08:50:35 AEST 2016 -->
<title>DHStateHybrid (Noise-Java)</title>
<meta name="date" content="2016-10-09">
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="Style">
</head>
<body>
<script type="text/javascript"><!--
if (location.href.indexOf('is-external=true') == -1) {
parent.document.title="DHStateHybrid (Noise-Java)";
}
//-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
<!-- ========= START OF TOP NAVBAR ======= -->
<div class="topNav"><a name="navbar_top">
<!-- -->
</a><a href="#skip-navbar_top" title="Skip navigation links"></a><a name="navbar_top_firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../com/southernstorm/noise/protocol/package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../index-all.html">Index</a></li>
<li><a href="../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList">
<li><a href="../../../../com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol"><span class="strong">Prev Class</span></a></li>
<li><a href="../../../../com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol"><span class="strong">Next Class</span></a></li>
</ul>
<ul class="navList">
<li><a href="../../../../index.html?com/southernstorm/noise/protocol/DHStateHybrid.html" target="_top">Frames</a></li>
<li><a href="DHStateHybrid.html" target="_top">No Frames</a></li>
</ul>
<ul class="navList" id="allclasses_navbar_top">
<li><a href="../../../../allclasses-noframe.html">All Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_top");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li>Nested&nbsp;|&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li>Constr&nbsp;|&nbsp;</li>
<li><a href="#method_summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li>Constr&nbsp;|&nbsp;</li>
<li><a href="#method_detail">Method</a></li>
</ul>
</div>
<a name="skip-navbar_top">
<!-- -->
</a></div>
<!-- ========= END OF TOP NAVBAR ========= -->
<!-- ======== START OF CLASS DATA ======== -->
<div class="header">
<div class="subTitle">com.southernstorm.noise.protocol</div>
<h2 title="Interface DHStateHybrid" class="title">Interface DHStateHybrid</h2>
</div>
<div class="contentContainer">
<div class="description">
<ul class="blockList">
<li class="blockList">
<dl>
<dt>All Superinterfaces:</dt>
<dd><a href="../../../../com/southernstorm/noise/protocol/Destroyable.html" title="interface in com.southernstorm.noise.protocol">Destroyable</a>, <a href="../../../../com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol">DHState</a></dd>
</dl>
<hr>
<br>
<pre>public interface <span class="strong">DHStateHybrid</span>
extends <a href="../../../../com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol">DHState</a></pre>
<div class="block">Additional API for DH objects that need special handling for
hybrid operations.</div>
</li>
</ul>
</div>
<div class="summary">
<ul class="blockList">
<li class="blockList">
<!-- ========== METHOD SUMMARY =========== -->
<ul class="blockList">
<li class="blockList"><a name="method_summary">
<!-- -->
</a>
<h3>Method Summary</h3>
<table class="overviewSummary" border="0" cellpadding="3" cellspacing="0" summary="Method Summary table, listing methods, and an explanation">
<caption><span>Methods</span><span class="tabEnd">&nbsp;</span></caption>
<tr>
<th class="colFirst" scope="col">Modifier and Type</th>
<th class="colLast" scope="col">Method and Description</th>
</tr>
<tr class="altColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/DHStateHybrid.html#copyFrom(com.southernstorm.noise.protocol.DHState,%20com.southernstorm.noise.protocol.DHState)">copyFrom</a></strong>(<a href="../../../../com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol">DHState</a>&nbsp;other,
<a href="../../../../com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol">DHState</a>&nbsp;remote)</code>
<div class="block">Copies the key values from another DH object of the same type.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/DHStateHybrid.html#generateKeyPair(com.southernstorm.noise.protocol.DHState)">generateKeyPair</a></strong>(<a href="../../../../com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol">DHState</a>&nbsp;remote)</code>
<div class="block">Generates a new random keypair relative to the parameters
in another object.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/DHStateHybrid.html#specifyPeer(com.southernstorm.noise.protocol.DHState)">specifyPeer</a></strong>(<a href="../../../../com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol">DHState</a>&nbsp;local)</code>
<div class="block">Specifies the local peer object prior to setting a public key
on a remote object.</div>
</td>
</tr>
</table>
<ul class="blockList">
<li class="blockList"><a name="methods_inherited_from_class_com.southernstorm.noise.protocol.DHState">
<!-- -->
</a>
<h3>Methods inherited from interface&nbsp;com.southernstorm.noise.protocol.<a href="../../../../com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol">DHState</a></h3>
<code><a href="../../../../com/southernstorm/noise/protocol/DHState.html#calculate(byte[],%20int,%20com.southernstorm.noise.protocol.DHState)">calculate</a>, <a href="../../../../com/southernstorm/noise/protocol/DHState.html#clearKey()">clearKey</a>, <a href="../../../../com/southernstorm/noise/protocol/DHState.html#copyFrom(com.southernstorm.noise.protocol.DHState)">copyFrom</a>, <a href="../../../../com/southernstorm/noise/protocol/DHState.html#generateKeyPair()">generateKeyPair</a>, <a href="../../../../com/southernstorm/noise/protocol/DHState.html#getDHName()">getDHName</a>, <a href="../../../../com/southernstorm/noise/protocol/DHState.html#getPrivateKey(byte[],%20int)">getPrivateKey</a>, <a href="../../../../com/southernstorm/noise/protocol/DHState.html#getPrivateKeyLength()">getPrivateKeyLength</a>, <a href="../../../../com/southernstorm/noise/protocol/DHState.html#getPublicKey(byte[],%20int)">getPublicKey</a>, <a href="../../../../com/southernstorm/noise/protocol/DHState.html#getPublicKeyLength()">getPublicKeyLength</a>, <a href="../../../../com/southernstorm/noise/protocol/DHState.html#getSharedKeyLength()">getSharedKeyLength</a>, <a href="../../../../com/southernstorm/noise/protocol/DHState.html#hasPrivateKey()">hasPrivateKey</a>, <a href="../../../../com/southernstorm/noise/protocol/DHState.html#hasPublicKey()">hasPublicKey</a>, <a href="../../../../com/southernstorm/noise/protocol/DHState.html#isNullPublicKey()">isNullPublicKey</a>, <a href="../../../../com/southernstorm/noise/protocol/DHState.html#setPrivateKey(byte[],%20int)">setPrivateKey</a>, <a href="../../../../com/southernstorm/noise/protocol/DHState.html#setPublicKey(byte[],%20int)">setPublicKey</a>, <a href="../../../../com/southernstorm/noise/protocol/DHState.html#setToNullPublicKey()">setToNullPublicKey</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a name="methods_inherited_from_class_com.southernstorm.noise.protocol.Destroyable">
<!-- -->
</a>
<h3>Methods inherited from interface&nbsp;com.southernstorm.noise.protocol.<a href="../../../../com/southernstorm/noise/protocol/Destroyable.html" title="interface in com.southernstorm.noise.protocol">Destroyable</a></h3>
<code><a href="../../../../com/southernstorm/noise/protocol/Destroyable.html#destroy()">destroy</a></code></li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
<div class="details">
<ul class="blockList">
<li class="blockList">
<!-- ============ METHOD DETAIL ========== -->
<ul class="blockList">
<li class="blockList"><a name="method_detail">
<!-- -->
</a>
<h3>Method Detail</h3>
<a name="generateKeyPair(com.southernstorm.noise.protocol.DHState)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>generateKeyPair</h4>
<pre>void&nbsp;generateKeyPair(<a href="../../../../com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol">DHState</a>&nbsp;remote)</pre>
<div class="block">Generates a new random keypair relative to the parameters
in another object.</div>
<dl><dt><span class="strong">Parameters:</span></dt><dd><code>remote</code> - The remote party in this communication to obtain parameters.</dd>
<dt><span class="strong">Throws:</span></dt>
<dd><code>java.lang.IllegalStateException</code> - The other or remote DH object does not have
the same type as this object.</dd></dl>
</li>
</ul>
<a name="copyFrom(com.southernstorm.noise.protocol.DHState, com.southernstorm.noise.protocol.DHState)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>copyFrom</h4>
<pre>void&nbsp;copyFrom(<a href="../../../../com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol">DHState</a>&nbsp;other,
<a href="../../../../com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol">DHState</a>&nbsp;remote)</pre>
<div class="block">Copies the key values from another DH object of the same type.</div>
<dl><dt><span class="strong">Parameters:</span></dt><dd><code>other</code> - The other DH object to copy from</dd><dd><code>remote</code> - The remote party in this communication to obtain parameters.</dd>
<dt><span class="strong">Throws:</span></dt>
<dd><code>java.lang.IllegalStateException</code> - The other or remote DH object does not have
the same type as this object.</dd></dl>
</li>
</ul>
<a name="specifyPeer(com.southernstorm.noise.protocol.DHState)">
<!-- -->
</a>
<ul class="blockListLast">
<li class="blockList">
<h4>specifyPeer</h4>
<pre>void&nbsp;specifyPeer(<a href="../../../../com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol">DHState</a>&nbsp;local)</pre>
<div class="block">Specifies the local peer object prior to setting a public key
on a remote object.</div>
<dl><dt><span class="strong">Parameters:</span></dt><dd><code>local</code> - The local peer object.</dd></dl>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
</div>
<!-- ========= END OF CLASS DATA ========= -->
<!-- ======= START OF BOTTOM NAVBAR ====== -->
<div class="bottomNav"><a name="navbar_bottom">
<!-- -->
</a><a href="#skip-navbar_bottom" title="Skip navigation links"></a><a name="navbar_bottom_firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../com/southernstorm/noise/protocol/package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../index-all.html">Index</a></li>
<li><a href="../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList">
<li><a href="../../../../com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol"><span class="strong">Prev Class</span></a></li>
<li><a href="../../../../com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol"><span class="strong">Next Class</span></a></li>
</ul>
<ul class="navList">
<li><a href="../../../../index.html?com/southernstorm/noise/protocol/DHStateHybrid.html" target="_top">Frames</a></li>
<li><a href="DHStateHybrid.html" target="_top">No Frames</a></li>
</ul>
<ul class="navList" id="allclasses_navbar_bottom">
<li><a href="../../../../allclasses-noframe.html">All Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_bottom");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li>Nested&nbsp;|&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li>Constr&nbsp;|&nbsp;</li>
<li><a href="#method_summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li>Constr&nbsp;|&nbsp;</li>
<li><a href="#method_detail">Method</a></li>
</ul>
</div>
<a name="skip-navbar_bottom">
<!-- -->
</a></div>
<!-- ======== END OF BOTTOM NAVBAR ======= -->
</body>
</html>

223
com/southernstorm/noise/protocol/Destroyable.html Normal file
View File

@ -0,0 +1,223 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!-- NewPage -->
<html lang="en">
<head>
<!-- Generated by javadoc (version 1.7.0_111) on Sun Oct 09 08:50:35 AEST 2016 -->
<title>Destroyable (Noise-Java)</title>
<meta name="date" content="2016-10-09">
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="Style">
</head>
<body>
<script type="text/javascript"><!--
if (location.href.indexOf('is-external=true') == -1) {
parent.document.title="Destroyable (Noise-Java)";
}
//-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
<!-- ========= START OF TOP NAVBAR ======= -->
<div class="topNav"><a name="navbar_top">
<!-- -->
</a><a href="#skip-navbar_top" title="Skip navigation links"></a><a name="navbar_top_firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../com/southernstorm/noise/protocol/package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../index-all.html">Index</a></li>
<li><a href="../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList">
<li><a href="../../../../com/southernstorm/noise/protocol/CipherStatePair.html" title="class in com.southernstorm.noise.protocol"><span class="strong">Prev Class</span></a></li>
<li><a href="../../../../com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol"><span class="strong">Next Class</span></a></li>
</ul>
<ul class="navList">
<li><a href="../../../../index.html?com/southernstorm/noise/protocol/Destroyable.html" target="_top">Frames</a></li>
<li><a href="Destroyable.html" target="_top">No Frames</a></li>
</ul>
<ul class="navList" id="allclasses_navbar_top">
<li><a href="../../../../allclasses-noframe.html">All Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_top");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li>Nested&nbsp;|&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li>Constr&nbsp;|&nbsp;</li>
<li><a href="#method_summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li>Constr&nbsp;|&nbsp;</li>
<li><a href="#method_detail">Method</a></li>
</ul>
</div>
<a name="skip-navbar_top">
<!-- -->
</a></div>
<!-- ========= END OF TOP NAVBAR ========= -->
<!-- ======== START OF CLASS DATA ======== -->
<div class="header">
<div class="subTitle">com.southernstorm.noise.protocol</div>
<h2 title="Interface Destroyable" class="title">Interface Destroyable</h2>
</div>
<div class="contentContainer">
<div class="description">
<ul class="blockList">
<li class="blockList">
<dl>
<dt>All Known Subinterfaces:</dt>
<dd><a href="../../../../com/southernstorm/noise/protocol/CipherState.html" title="interface in com.southernstorm.noise.protocol">CipherState</a>, <a href="../../../../com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol">DHState</a>, <a href="../../../../com/southernstorm/noise/protocol/DHStateHybrid.html" title="interface in com.southernstorm.noise.protocol">DHStateHybrid</a></dd>
</dl>
<dl>
<dt>All Known Implementing Classes:</dt>
<dd><a href="../../../../com/southernstorm/noise/protocol/CipherStatePair.html" title="class in com.southernstorm.noise.protocol">CipherStatePair</a>, <a href="../../../../com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol">HandshakeState</a></dd>
</dl>
<hr>
<br>
<pre>public interface <span class="strong">Destroyable</span></pre>
<div class="block">Interface for objects that implement destroying.
Applications that use the Noise protocol can inadvertently leave
sensitive data in the heap if steps are not taken to clean up.
This interface can be implemented by objects that know how to
securely clean up after themselves.
The Noise.destroy() function can help with destroying byte arrays
that hold sensitive values.</div>
</li>
</ul>
</div>
<div class="summary">
<ul class="blockList">
<li class="blockList">
<!-- ========== METHOD SUMMARY =========== -->
<ul class="blockList">
<li class="blockList"><a name="method_summary">
<!-- -->
</a>
<h3>Method Summary</h3>
<table class="overviewSummary" border="0" cellpadding="3" cellspacing="0" summary="Method Summary table, listing methods, and an explanation">
<caption><span>Methods</span><span class="tabEnd">&nbsp;</span></caption>
<tr>
<th class="colFirst" scope="col">Modifier and Type</th>
<th class="colLast" scope="col">Method and Description</th>
</tr>
<tr class="altColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/Destroyable.html#destroy()">destroy</a></strong>()</code>
<div class="block">Destroys all sensitive state in the current object.</div>
</td>
</tr>
</table>
</li>
</ul>
</li>
</ul>
</div>
<div class="details">
<ul class="blockList">
<li class="blockList">
<!-- ============ METHOD DETAIL ========== -->
<ul class="blockList">
<li class="blockList"><a name="method_detail">
<!-- -->
</a>
<h3>Method Detail</h3>
<a name="destroy()">
<!-- -->
</a>
<ul class="blockListLast">
<li class="blockList">
<h4>destroy</h4>
<pre>void&nbsp;destroy()</pre>
<div class="block">Destroys all sensitive state in the current object.</div>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
</div>
<!-- ========= END OF CLASS DATA ========= -->
<!-- ======= START OF BOTTOM NAVBAR ====== -->
<div class="bottomNav"><a name="navbar_bottom">
<!-- -->
</a><a href="#skip-navbar_bottom" title="Skip navigation links"></a><a name="navbar_bottom_firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../com/southernstorm/noise/protocol/package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../index-all.html">Index</a></li>
<li><a href="../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList">
<li><a href="../../../../com/southernstorm/noise/protocol/CipherStatePair.html" title="class in com.southernstorm.noise.protocol"><span class="strong">Prev Class</span></a></li>
<li><a href="../../../../com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol"><span class="strong">Next Class</span></a></li>
</ul>
<ul class="navList">
<li><a href="../../../../index.html?com/southernstorm/noise/protocol/Destroyable.html" target="_top">Frames</a></li>
<li><a href="Destroyable.html" target="_top">No Frames</a></li>
</ul>
<ul class="navList" id="allclasses_navbar_bottom">
<li><a href="../../../../allclasses-noframe.html">All Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_bottom");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li>Nested&nbsp;|&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li>Constr&nbsp;|&nbsp;</li>
<li><a href="#method_summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li>Constr&nbsp;|&nbsp;</li>
<li><a href="#method_detail">Method</a></li>
</ul>
</div>
<a name="skip-navbar_bottom">
<!-- -->
</a></div>
<!-- ======== END OF BOTTOM NAVBAR ======= -->
</body>
</html>

1024
com/southernstorm/noise/protocol/HandshakeState.html Normal file
View File

File diff suppressed because it is too large Load Diff

388
com/southernstorm/noise/protocol/Noise.html Normal file
View File

@ -0,0 +1,388 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!-- NewPage -->
<html lang="en">
<head>
<!-- Generated by javadoc (version 1.7.0_111) on Sun Oct 09 08:50:35 AEST 2016 -->
<title>Noise (Noise-Java)</title>
<meta name="date" content="2016-10-09">
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="Style">
</head>
<body>
<script type="text/javascript"><!--
if (location.href.indexOf('is-external=true') == -1) {
parent.document.title="Noise (Noise-Java)";
}
//-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
<!-- ========= START OF TOP NAVBAR ======= -->
<div class="topNav"><a name="navbar_top">
<!-- -->
</a><a href="#skip-navbar_top" title="Skip navigation links"></a><a name="navbar_top_firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../com/southernstorm/noise/protocol/package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../index-all.html">Index</a></li>
<li><a href="../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList">
<li><a href="../../../../com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol"><span class="strong">Prev Class</span></a></li>
<li>Next Class</li>
</ul>
<ul class="navList">
<li><a href="../../../../index.html?com/southernstorm/noise/protocol/Noise.html" target="_top">Frames</a></li>
<li><a href="Noise.html" target="_top">No Frames</a></li>
</ul>
<ul class="navList" id="allclasses_navbar_top">
<li><a href="../../../../allclasses-noframe.html">All Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_top");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li>Nested&nbsp;|&nbsp;</li>
<li><a href="#field_summary">Field</a>&nbsp;|&nbsp;</li>
<li><a href="#constructor_summary">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="#method_summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li><a href="#field_detail">Field</a>&nbsp;|&nbsp;</li>
<li><a href="#constructor_detail">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="#method_detail">Method</a></li>
</ul>
</div>
<a name="skip-navbar_top">
<!-- -->
</a></div>
<!-- ========= END OF TOP NAVBAR ========= -->
<!-- ======== START OF CLASS DATA ======== -->
<div class="header">
<div class="subTitle">com.southernstorm.noise.protocol</div>
<h2 title="Class Noise" class="title">Class Noise</h2>
</div>
<div class="contentContainer">
<ul class="inheritance">
<li>java.lang.Object</li>
<li>
<ul class="inheritance">
<li>com.southernstorm.noise.protocol.Noise</li>
</ul>
</li>
</ul>
<div class="description">
<ul class="blockList">
<li class="blockList">
<hr>
<br>
<pre>public final class <span class="strong">Noise</span>
extends java.lang.Object</pre>
<div class="block">Utility functions for the Noise protocol library.</div>
</li>
</ul>
</div>
<div class="summary">
<ul class="blockList">
<li class="blockList">
<!-- =========== FIELD SUMMARY =========== -->
<ul class="blockList">
<li class="blockList"><a name="field_summary">
<!-- -->
</a>
<h3>Field Summary</h3>
<table class="overviewSummary" border="0" cellpadding="3" cellspacing="0" summary="Field Summary table, listing fields, and an explanation">
<caption><span>Fields</span><span class="tabEnd">&nbsp;</span></caption>
<tr>
<th class="colFirst" scope="col">Modifier and Type</th>
<th class="colLast" scope="col">Field and Description</th>
</tr>
<tr class="altColor">
<td class="colFirst"><code>static int</code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/Noise.html#MAX_PACKET_LEN">MAX_PACKET_LEN</a></strong></code>
<div class="block">Maximum length for Noise packets.</div>
</td>
</tr>
</table>
</li>
</ul>
<!-- ======== CONSTRUCTOR SUMMARY ======== -->
<ul class="blockList">
<li class="blockList"><a name="constructor_summary">
<!-- -->
</a>
<h3>Constructor Summary</h3>
<table class="overviewSummary" border="0" cellpadding="3" cellspacing="0" summary="Constructor Summary table, listing constructors, and an explanation">
<caption><span>Constructors</span><span class="tabEnd">&nbsp;</span></caption>
<tr>
<th class="colOne" scope="col">Constructor and Description</th>
</tr>
<tr class="altColor">
<td class="colOne"><code><strong><a href="../../../../com/southernstorm/noise/protocol/Noise.html#Noise()">Noise</a></strong>()</code>&nbsp;</td>
</tr>
</table>
</li>
</ul>
<!-- ========== METHOD SUMMARY =========== -->
<ul class="blockList">
<li class="blockList"><a name="method_summary">
<!-- -->
</a>
<h3>Method Summary</h3>
<table class="overviewSummary" border="0" cellpadding="3" cellspacing="0" summary="Method Summary table, listing methods, and an explanation">
<caption><span>Methods</span><span class="tabEnd">&nbsp;</span></caption>
<tr>
<th class="colFirst" scope="col">Modifier and Type</th>
<th class="colLast" scope="col">Method and Description</th>
</tr>
<tr class="altColor">
<td class="colFirst"><code>static <a href="../../../../com/southernstorm/noise/protocol/CipherState.html" title="interface in com.southernstorm.noise.protocol">CipherState</a></code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/Noise.html#createCipher(java.lang.String)">createCipher</a></strong>(java.lang.String&nbsp;name)</code>
<div class="block">Creates a cipher object from its Noise protocol name.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>static <a href="../../../../com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol">DHState</a></code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/Noise.html#createDH(java.lang.String)">createDH</a></strong>(java.lang.String&nbsp;name)</code>
<div class="block">Creates a Diffie-Hellman object from its Noise protocol name.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>static java.security.MessageDigest</code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/Noise.html#createHash(java.lang.String)">createHash</a></strong>(java.lang.String&nbsp;name)</code>
<div class="block">Creates a hash object from its Noise protocol name.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>static void</code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/Noise.html#random(byte[])">random</a></strong>(byte[]&nbsp;data)</code>
<div class="block">Generates random data using the system random number generator.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>static void</code></td>
<td class="colLast"><code><strong><a href="../../../../com/southernstorm/noise/protocol/Noise.html#setForceFallbacks(boolean)">setForceFallbacks</a></strong>(boolean&nbsp;force)</code>
<div class="block">Force the use of plain Java fallback crypto implementations.</div>
</td>
</tr>
</table>
<ul class="blockList">
<li class="blockList"><a name="methods_inherited_from_class_java.lang.Object">
<!-- -->
</a>
<h3>Methods inherited from class&nbsp;java.lang.Object</h3>
<code>clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait</code></li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
<div class="details">
<ul class="blockList">
<li class="blockList">
<!-- ============ FIELD DETAIL =========== -->
<ul class="blockList">
<li class="blockList"><a name="field_detail">
<!-- -->
</a>
<h3>Field Detail</h3>
<a name="MAX_PACKET_LEN">
<!-- -->
</a>
<ul class="blockListLast">
<li class="blockList">
<h4>MAX_PACKET_LEN</h4>
<pre>public static final&nbsp;int MAX_PACKET_LEN</pre>
<div class="block">Maximum length for Noise packets.</div>
<dl><dt><span class="strong">See Also:</span></dt><dd><a href="../../../../constant-values.html#com.southernstorm.noise.protocol.Noise.MAX_PACKET_LEN">Constant Field Values</a></dd></dl>
</li>
</ul>
</li>
</ul>
<!-- ========= CONSTRUCTOR DETAIL ======== -->
<ul class="blockList">
<li class="blockList"><a name="constructor_detail">
<!-- -->
</a>
<h3>Constructor Detail</h3>
<a name="Noise()">
<!-- -->
</a>
<ul class="blockListLast">
<li class="blockList">
<h4>Noise</h4>
<pre>public&nbsp;Noise()</pre>
</li>
</ul>
</li>
</ul>
<!-- ============ METHOD DETAIL ========== -->
<ul class="blockList">
<li class="blockList"><a name="method_detail">
<!-- -->
</a>
<h3>Method Detail</h3>
<a name="random(byte[])">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>random</h4>
<pre>public static&nbsp;void&nbsp;random(byte[]&nbsp;data)</pre>
<div class="block">Generates random data using the system random number generator.</div>
<dl><dt><span class="strong">Parameters:</span></dt><dd><code>data</code> - The data buffer to fill with random data.</dd></dl>
</li>
</ul>
<a name="setForceFallbacks(boolean)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>setForceFallbacks</h4>
<pre>public static&nbsp;void&nbsp;setForceFallbacks(boolean&nbsp;force)</pre>
<div class="block">Force the use of plain Java fallback crypto implementations.</div>
<dl><dt><span class="strong">Parameters:</span></dt><dd><code>force</code> - Set to true for force fallbacks, false to
try to use the system implementation before falling back.
This function is intended for testing purposes to toggle between
the system JCA/JCE implementations and the plain Java fallback
reference implementations.</dd></dl>
</li>
</ul>
<a name="createDH(java.lang.String)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>createDH</h4>
<pre>public static&nbsp;<a href="../../../../com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol">DHState</a>&nbsp;createDH(java.lang.String&nbsp;name)
throws java.security.NoSuchAlgorithmException</pre>
<div class="block">Creates a Diffie-Hellman object from its Noise protocol name.</div>
<dl><dt><span class="strong">Parameters:</span></dt><dd><code>name</code> - The name of the DH algorithm; e.g. "25519", "448", etc.</dd>
<dt><span class="strong">Returns:</span></dt><dd>The Diffie-Hellman object if the name is recognized.</dd>
<dt><span class="strong">Throws:</span></dt>
<dd><code>java.security.NoSuchAlgorithmException</code> - The name is not recognized as a
valid Noise protocol name, or there is no cryptography provider
in the system that implements the algorithm.</dd></dl>
</li>
</ul>
<a name="createCipher(java.lang.String)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>createCipher</h4>
<pre>public static&nbsp;<a href="../../../../com/southernstorm/noise/protocol/CipherState.html" title="interface in com.southernstorm.noise.protocol">CipherState</a>&nbsp;createCipher(java.lang.String&nbsp;name)
throws java.security.NoSuchAlgorithmException</pre>
<div class="block">Creates a cipher object from its Noise protocol name.</div>
<dl><dt><span class="strong">Parameters:</span></dt><dd><code>name</code> - The name of the cipher algorithm; e.g. "AESGCM", "ChaChaPoly", etc.</dd>
<dt><span class="strong">Returns:</span></dt><dd>The cipher object if the name is recognized.</dd>
<dt><span class="strong">Throws:</span></dt>
<dd><code>java.security.NoSuchAlgorithmException</code> - The name is not recognized as a
valid Noise protocol name, or there is no cryptography provider
in the system that implements the algorithm.</dd></dl>
</li>
</ul>
<a name="createHash(java.lang.String)">
<!-- -->
</a>
<ul class="blockListLast">
<li class="blockList">
<h4>createHash</h4>
<pre>public static&nbsp;java.security.MessageDigest&nbsp;createHash(java.lang.String&nbsp;name)
throws java.security.NoSuchAlgorithmException</pre>
<div class="block">Creates a hash object from its Noise protocol name.</div>
<dl><dt><span class="strong">Parameters:</span></dt><dd><code>name</code> - The name of the hash algorithm; e.g. "SHA256", "BLAKE2s", etc.</dd>
<dt><span class="strong">Returns:</span></dt><dd>The hash object if the name is recognized.</dd>
<dt><span class="strong">Throws:</span></dt>
<dd><code>java.security.NoSuchAlgorithmException</code> - The name is not recognized as a
valid Noise protocol name, or there is no cryptography provider
in the system that implements the algorithm.</dd></dl>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
</div>
<!-- ========= END OF CLASS DATA ========= -->
<!-- ======= START OF BOTTOM NAVBAR ====== -->
<div class="bottomNav"><a name="navbar_bottom">
<!-- -->
</a><a href="#skip-navbar_bottom" title="Skip navigation links"></a><a name="navbar_bottom_firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../com/southernstorm/noise/protocol/package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../index-all.html">Index</a></li>
<li><a href="../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList">
<li><a href="../../../../com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol"><span class="strong">Prev Class</span></a></li>
<li>Next Class</li>
</ul>
<ul class="navList">
<li><a href="../../../../index.html?com/southernstorm/noise/protocol/Noise.html" target="_top">Frames</a></li>
<li><a href="Noise.html" target="_top">No Frames</a></li>
</ul>
<ul class="navList" id="allclasses_navbar_bottom">
<li><a href="../../../../allclasses-noframe.html">All Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_bottom");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li>Nested&nbsp;|&nbsp;</li>
<li><a href="#field_summary">Field</a>&nbsp;|&nbsp;</li>
<li><a href="#constructor_summary">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="#method_summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li><a href="#field_detail">Field</a>&nbsp;|&nbsp;</li>
<li><a href="#constructor_detail">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="#method_detail">Method</a></li>
</ul>
</div>
<a name="skip-navbar_bottom">
<!-- -->
</a></div>
<!-- ======== END OF BOTTOM NAVBAR ======= -->
</body>
</html>

28
com/southernstorm/noise/protocol/package-frame.html Normal file
View File

@ -0,0 +1,28 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!-- NewPage -->
<html lang="en">
<head>
<!-- Generated by javadoc (version 1.7.0_111) on Sun Oct 09 08:50:35 AEST 2016 -->
<title>com.southernstorm.noise.protocol (Noise-Java)</title>
<meta name="date" content="2016-10-09">
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="Style">
</head>
<body>
<h1 class="bar"><a href="../../../../com/southernstorm/noise/protocol/package-summary.html" target="classFrame">com.southernstorm.noise.protocol</a></h1>
<div class="indexContainer">
<h2 title="Interfaces">Interfaces</h2>
<ul title="Interfaces">
<li><a href="CipherState.html" title="interface in com.southernstorm.noise.protocol" target="classFrame"><i>CipherState</i></a></li>
<li><a href="Destroyable.html" title="interface in com.southernstorm.noise.protocol" target="classFrame"><i>Destroyable</i></a></li>
<li><a href="DHState.html" title="interface in com.southernstorm.noise.protocol" target="classFrame"><i>DHState</i></a></li>
<li><a href="DHStateHybrid.html" title="interface in com.southernstorm.noise.protocol" target="classFrame"><i>DHStateHybrid</i></a></li>
</ul>
<h2 title="Classes">Classes</h2>
<ul title="Classes">
<li><a href="CipherStatePair.html" title="class in com.southernstorm.noise.protocol" target="classFrame">CipherStatePair</a></li>
<li><a href="HandshakeState.html" title="class in com.southernstorm.noise.protocol" target="classFrame">HandshakeState</a></li>
<li><a href="Noise.html" title="class in com.southernstorm.noise.protocol" target="classFrame">Noise</a></li>
</ul>
</div>
</body>
</html>

190
com/southernstorm/noise/protocol/package-summary.html Normal file
View File

@ -0,0 +1,190 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!-- NewPage -->
<html lang="en">
<head>
<!-- Generated by javadoc (version 1.7.0_111) on Sun Oct 09 08:50:35 AEST 2016 -->
<title>com.southernstorm.noise.protocol (Noise-Java)</title>
<meta name="date" content="2016-10-09">
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="Style">
</head>
<body>
<script type="text/javascript"><!--
if (location.href.indexOf('is-external=true') == -1) {
parent.document.title="com.southernstorm.noise.protocol (Noise-Java)";
}
//-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
<!-- ========= START OF TOP NAVBAR ======= -->
<div class="topNav"><a name="navbar_top">
<!-- -->
</a><a href="#skip-navbar_top" title="Skip navigation links"></a><a name="navbar_top_firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../com/southernstorm/noise/protocol/package-summary.html">Package</a></li>
<li>Class</li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../index-all.html">Index</a></li>
<li><a href="../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList">
<li>Prev Package</li>
<li>Next Package</li>
</ul>
<ul class="navList">
<li><a href="../../../../index.html?com/southernstorm/noise/protocol/package-summary.html" target="_top">Frames</a></li>
<li><a href="package-summary.html" target="_top">No Frames</a></li>
</ul>
<ul class="navList" id="allclasses_navbar_top">
<li><a href="../../../../allclasses-noframe.html">All Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_top");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
</div>
<a name="skip-navbar_top">
<!-- -->
</a></div>
<!-- ========= END OF TOP NAVBAR ========= -->
<div class="header">
<h1 title="Package" class="title">Package&nbsp;com.southernstorm.noise.protocol</h1>
<div class="docSummary">
<div class="block">Provides classes for communicating via the Noise protocol.</div>
</div>
<p>See:&nbsp;<a href="#package_description">Description</a></p>
</div>
<div class="contentContainer">
<ul class="blockList">
<li class="blockList">
<table class="packageSummary" border="0" cellpadding="3" cellspacing="0" summary="Interface Summary table, listing interfaces, and an explanation">
<caption><span>Interface Summary</span><span class="tabEnd">&nbsp;</span></caption>
<tr>
<th class="colFirst" scope="col">Interface</th>
<th class="colLast" scope="col">Description</th>
</tr>
<tbody>
<tr class="altColor">
<td class="colFirst"><a href="../../../../com/southernstorm/noise/protocol/CipherState.html" title="interface in com.southernstorm.noise.protocol">CipherState</a></td>
<td class="colLast">
<div class="block">Interface to an authenticated cipher for use in the Noise protocol.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><a href="../../../../com/southernstorm/noise/protocol/Destroyable.html" title="interface in com.southernstorm.noise.protocol">Destroyable</a></td>
<td class="colLast">
<div class="block">Interface for objects that implement destroying.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><a href="../../../../com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol">DHState</a></td>
<td class="colLast">
<div class="block">Interface to a Diffie-Hellman algorithm for the Noise protocol.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><a href="../../../../com/southernstorm/noise/protocol/DHStateHybrid.html" title="interface in com.southernstorm.noise.protocol">DHStateHybrid</a></td>
<td class="colLast">
<div class="block">Additional API for DH objects that need special handling for
hybrid operations.</div>
</td>
</tr>
</tbody>
</table>
</li>
<li class="blockList">
<table class="packageSummary" border="0" cellpadding="3" cellspacing="0" summary="Class Summary table, listing classes, and an explanation">
<caption><span>Class Summary</span><span class="tabEnd">&nbsp;</span></caption>
<tr>
<th class="colFirst" scope="col">Class</th>
<th class="colLast" scope="col">Description</th>
</tr>
<tbody>
<tr class="altColor">
<td class="colFirst"><a href="../../../../com/southernstorm/noise/protocol/CipherStatePair.html" title="class in com.southernstorm.noise.protocol">CipherStatePair</a></td>
<td class="colLast">
<div class="block">Class that contains a pair of CipherState objects.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><a href="../../../../com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol">HandshakeState</a></td>
<td class="colLast">
<div class="block">Interface to a Noise handshake.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><a href="../../../../com/southernstorm/noise/protocol/Noise.html" title="class in com.southernstorm.noise.protocol">Noise</a></td>
<td class="colLast">
<div class="block">Utility functions for the Noise protocol library.</div>
</td>
</tr>
</tbody>
</table>
</li>
</ul>
<a name="package_description">
<!-- -->
</a>
<h2 title="Package com.southernstorm.noise.protocol Description">Package com.southernstorm.noise.protocol Description</h2>
<div class="block">Provides classes for communicating via the Noise protocol.
Reference: http://noiseprotocol.org</div>
</div>
<!-- ======= START OF BOTTOM NAVBAR ====== -->
<div class="bottomNav"><a name="navbar_bottom">
<!-- -->
</a><a href="#skip-navbar_bottom" title="Skip navigation links"></a><a name="navbar_bottom_firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../com/southernstorm/noise/protocol/package-summary.html">Package</a></li>
<li>Class</li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../index-all.html">Index</a></li>
<li><a href="../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList">
<li>Prev Package</li>
<li>Next Package</li>
</ul>
<ul class="navList">
<li><a href="../../../../index.html?com/southernstorm/noise/protocol/package-summary.html" target="_top">Frames</a></li>
<li><a href="package-summary.html" target="_top">No Frames</a></li>
</ul>
<ul class="navList" id="allclasses_navbar_bottom">
<li><a href="../../../../allclasses-noframe.html">All Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_bottom");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
</div>
<a name="skip-navbar_bottom">
<!-- -->
</a></div>
<!-- ======== END OF BOTTOM NAVBAR ======= -->
</body>
</html>

135
com/southernstorm/noise/protocol/package-tree.html Normal file
View File

@ -0,0 +1,135 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!-- NewPage -->
<html lang="en">
<head>
<!-- Generated by javadoc (version 1.7.0_111) on Sun Oct 09 08:50:35 AEST 2016 -->
<title>com.southernstorm.noise.protocol Class Hierarchy (Noise-Java)</title>
<meta name="date" content="2016-10-09">
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="Style">
</head>
<body>
<script type="text/javascript"><!--
if (location.href.indexOf('is-external=true') == -1) {
parent.document.title="com.southernstorm.noise.protocol Class Hierarchy (Noise-Java)";
}
//-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
<!-- ========= START OF TOP NAVBAR ======= -->
<div class="topNav"><a name="navbar_top">
<!-- -->
</a><a href="#skip-navbar_top" title="Skip navigation links"></a><a name="navbar_top_firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../com/southernstorm/noise/protocol/package-summary.html">Package</a></li>
<li>Class</li>
<li class="navBarCell1Rev">Tree</li>
<li><a href="../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../index-all.html">Index</a></li>
<li><a href="../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList">
<li>Prev</li>
<li>Next</li>
</ul>
<ul class="navList">
<li><a href="../../../../index.html?com/southernstorm/noise/protocol/package-tree.html" target="_top">Frames</a></li>
<li><a href="package-tree.html" target="_top">No Frames</a></li>
</ul>
<ul class="navList" id="allclasses_navbar_top">
<li><a href="../../../../allclasses-noframe.html">All Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_top");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
</div>
<a name="skip-navbar_top">
<!-- -->
</a></div>
<!-- ========= END OF TOP NAVBAR ========= -->
<div class="header">
<h1 class="title">Hierarchy For Package com.southernstorm.noise.protocol</h1>
</div>
<div class="contentContainer">
<h2 title="Class Hierarchy">Class Hierarchy</h2>
<ul>
<li type="circle">java.lang.Object
<ul>
<li type="circle">com.southernstorm.noise.protocol.<a href="../../../../com/southernstorm/noise/protocol/CipherStatePair.html" title="class in com.southernstorm.noise.protocol"><span class="strong">CipherStatePair</span></a> (implements com.southernstorm.noise.protocol.<a href="../../../../com/southernstorm/noise/protocol/Destroyable.html" title="interface in com.southernstorm.noise.protocol">Destroyable</a>)</li>
<li type="circle">com.southernstorm.noise.protocol.<a href="../../../../com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol"><span class="strong">HandshakeState</span></a> (implements com.southernstorm.noise.protocol.<a href="../../../../com/southernstorm/noise/protocol/Destroyable.html" title="interface in com.southernstorm.noise.protocol">Destroyable</a>)</li>
<li type="circle">com.southernstorm.noise.protocol.<a href="../../../../com/southernstorm/noise/protocol/Noise.html" title="class in com.southernstorm.noise.protocol"><span class="strong">Noise</span></a></li>
</ul>
</li>
</ul>
<h2 title="Interface Hierarchy">Interface Hierarchy</h2>
<ul>
<li type="circle">com.southernstorm.noise.protocol.<a href="../../../../com/southernstorm/noise/protocol/Destroyable.html" title="interface in com.southernstorm.noise.protocol"><span class="strong">Destroyable</span></a>
<ul>
<li type="circle">com.southernstorm.noise.protocol.<a href="../../../../com/southernstorm/noise/protocol/CipherState.html" title="interface in com.southernstorm.noise.protocol"><span class="strong">CipherState</span></a></li>
<li type="circle">com.southernstorm.noise.protocol.<a href="../../../../com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol"><span class="strong">DHState</span></a>
<ul>
<li type="circle">com.southernstorm.noise.protocol.<a href="../../../../com/southernstorm/noise/protocol/DHStateHybrid.html" title="interface in com.southernstorm.noise.protocol"><span class="strong">DHStateHybrid</span></a></li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
<!-- ======= START OF BOTTOM NAVBAR ====== -->
<div class="bottomNav"><a name="navbar_bottom">
<!-- -->
</a><a href="#skip-navbar_bottom" title="Skip navigation links"></a><a name="navbar_bottom_firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../com/southernstorm/noise/protocol/package-summary.html">Package</a></li>
<li>Class</li>
<li class="navBarCell1Rev">Tree</li>
<li><a href="../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../index-all.html">Index</a></li>
<li><a href="../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList">
<li>Prev</li>
<li>Next</li>
</ul>
<ul class="navList">
<li><a href="../../../../index.html?com/southernstorm/noise/protocol/package-tree.html" target="_top">Frames</a></li>
<li><a href="package-tree.html" target="_top">No Frames</a></li>
</ul>
<ul class="navList" id="allclasses_navbar_bottom">
<li><a href="../../../../allclasses-noframe.html">All Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_bottom");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
</div>
<a name="skip-navbar_bottom">
<!-- -->
</a></div>
<!-- ======== END OF BOTTOM NAVBAR ======= -->
</body>
</html>

208
constant-values.html Normal file
View File

@ -0,0 +1,208 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!-- NewPage -->
<html lang="en">
<head>
<!-- Generated by javadoc (version 1.7.0_111) on Sun Oct 09 08:50:35 AEST 2016 -->
<title>Constant Field Values (Noise-Java)</title>
<meta name="date" content="2016-10-09">
<link rel="stylesheet" type="text/css" href="stylesheet.css" title="Style">
</head>
<body>
<script type="text/javascript"><!--
if (location.href.indexOf('is-external=true') == -1) {
parent.document.title="Constant Field Values (Noise-Java)";
}
//-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
<!-- ========= START OF TOP NAVBAR ======= -->
<div class="topNav"><a name="navbar_top">
<!-- -->
</a><a href="#skip-navbar_top" title="Skip navigation links"></a><a name="navbar_top_firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="com/southernstorm/noise/protocol/package-summary.html">Package</a></li>
<li>Class</li>
<li><a href="com/southernstorm/noise/protocol/package-tree.html">Tree</a></li>
<li><a href="deprecated-list.html">Deprecated</a></li>
<li><a href="index-all.html">Index</a></li>
<li><a href="help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList">
<li>Prev</li>
<li>Next</li>
</ul>
<ul class="navList">
<li><a href="index.html?constant-values.html" target="_top">Frames</a></li>
<li><a href="constant-values.html" target="_top">No Frames</a></li>
</ul>
<ul class="navList" id="allclasses_navbar_top">
<li><a href="allclasses-noframe.html">All Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_top");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
</div>
<a name="skip-navbar_top">
<!-- -->
</a></div>
<!-- ========= END OF TOP NAVBAR ========= -->
<div class="header">
<h1 title="Constant Field Values" class="title">Constant Field Values</h1>
<h2 title="Contents">Contents</h2>
<ul>
<li><a href="#com.southernstorm">com.southernstorm.*</a></li>
</ul>
</div>
<div class="constantValuesContainer"><a name="com.southernstorm">
<!-- -->
</a>
<h2 title="com.southernstorm">com.southernstorm.*</h2>
<ul class="blockList">
<li class="blockList">
<table border="0" cellpadding="3" cellspacing="0" summary="Constant Field Values table, listing constant fields, and values">
<caption><span>com.southernstorm.noise.protocol.<a href="com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol">HandshakeState</a></span><span class="tabEnd">&nbsp;</span></caption>
<tr>
<th class="colFirst" scope="col">Modifier and Type</th>
<th scope="col">Constant Field</th>
<th class="colLast" scope="col">Value</th>
</tr>
<tbody>
<tr class="altColor">
<td class="colFirst"><a name="com.southernstorm.noise.protocol.HandshakeState.COMPLETE">
<!-- -->
</a><code>public&nbsp;static&nbsp;final&nbsp;int</code></td>
<td><code><a href="com/southernstorm/noise/protocol/HandshakeState.html#COMPLETE">COMPLETE</a></code></td>
<td class="colLast"><code>5</code></td>
</tr>
<tr class="rowColor">
<td class="colFirst"><a name="com.southernstorm.noise.protocol.HandshakeState.FAILED">
<!-- -->
</a><code>public&nbsp;static&nbsp;final&nbsp;int</code></td>
<td><code><a href="com/southernstorm/noise/protocol/HandshakeState.html#FAILED">FAILED</a></code></td>
<td class="colLast"><code>3</code></td>
</tr>
<tr class="altColor">
<td class="colFirst"><a name="com.southernstorm.noise.protocol.HandshakeState.INITIATOR">
<!-- -->
</a><code>public&nbsp;static&nbsp;final&nbsp;int</code></td>
<td><code><a href="com/southernstorm/noise/protocol/HandshakeState.html#INITIATOR">INITIATOR</a></code></td>
<td class="colLast"><code>1</code></td>
</tr>
<tr class="rowColor">
<td class="colFirst"><a name="com.southernstorm.noise.protocol.HandshakeState.NO_ACTION">
<!-- -->
</a><code>public&nbsp;static&nbsp;final&nbsp;int</code></td>
<td><code><a href="com/southernstorm/noise/protocol/HandshakeState.html#NO_ACTION">NO_ACTION</a></code></td>
<td class="colLast"><code>0</code></td>
</tr>
<tr class="altColor">
<td class="colFirst"><a name="com.southernstorm.noise.protocol.HandshakeState.READ_MESSAGE">
<!-- -->
</a><code>public&nbsp;static&nbsp;final&nbsp;int</code></td>
<td><code><a href="com/southernstorm/noise/protocol/HandshakeState.html#READ_MESSAGE">READ_MESSAGE</a></code></td>
<td class="colLast"><code>2</code></td>
</tr>
<tr class="rowColor">
<td class="colFirst"><a name="com.southernstorm.noise.protocol.HandshakeState.RESPONDER">
<!-- -->
</a><code>public&nbsp;static&nbsp;final&nbsp;int</code></td>
<td><code><a href="com/southernstorm/noise/protocol/HandshakeState.html#RESPONDER">RESPONDER</a></code></td>
<td class="colLast"><code>2</code></td>
</tr>
<tr class="altColor">
<td class="colFirst"><a name="com.southernstorm.noise.protocol.HandshakeState.SPLIT">
<!-- -->
</a><code>public&nbsp;static&nbsp;final&nbsp;int</code></td>
<td><code><a href="com/southernstorm/noise/protocol/HandshakeState.html#SPLIT">SPLIT</a></code></td>
<td class="colLast"><code>4</code></td>
</tr>
<tr class="rowColor">
<td class="colFirst"><a name="com.southernstorm.noise.protocol.HandshakeState.WRITE_MESSAGE">
<!-- -->
</a><code>public&nbsp;static&nbsp;final&nbsp;int</code></td>
<td><code><a href="com/southernstorm/noise/protocol/HandshakeState.html#WRITE_MESSAGE">WRITE_MESSAGE</a></code></td>
<td class="colLast"><code>1</code></td>
</tr>
</tbody>
</table>
</li>
<li class="blockList">
<table border="0" cellpadding="3" cellspacing="0" summary="Constant Field Values table, listing constant fields, and values">
<caption><span>com.southernstorm.noise.protocol.<a href="com/southernstorm/noise/protocol/Noise.html" title="class in com.southernstorm.noise.protocol">Noise</a></span><span class="tabEnd">&nbsp;</span></caption>
<tr>
<th class="colFirst" scope="col">Modifier and Type</th>
<th scope="col">Constant Field</th>
<th class="colLast" scope="col">Value</th>
</tr>
<tbody>
<tr class="altColor">
<td class="colFirst"><a name="com.southernstorm.noise.protocol.Noise.MAX_PACKET_LEN">
<!-- -->
</a><code>public&nbsp;static&nbsp;final&nbsp;int</code></td>
<td><code><a href="com/southernstorm/noise/protocol/Noise.html#MAX_PACKET_LEN">MAX_PACKET_LEN</a></code></td>
<td class="colLast"><code>65535</code></td>
</tr>
</tbody>
</table>
</li>
</ul>
</div>
<!-- ======= START OF BOTTOM NAVBAR ====== -->
<div class="bottomNav"><a name="navbar_bottom">
<!-- -->
</a><a href="#skip-navbar_bottom" title="Skip navigation links"></a><a name="navbar_bottom_firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="com/southernstorm/noise/protocol/package-summary.html">Package</a></li>
<li>Class</li>
<li><a href="com/southernstorm/noise/protocol/package-tree.html">Tree</a></li>
<li><a href="deprecated-list.html">Deprecated</a></li>
<li><a href="index-all.html">Index</a></li>
<li><a href="help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList">
<li>Prev</li>
<li>Next</li>
</ul>
<ul class="navList">
<li><a href="index.html?constant-values.html" target="_top">Frames</a></li>
<li><a href="constant-values.html" target="_top">No Frames</a></li>
</ul>
<ul class="navList" id="allclasses_navbar_bottom">
<li><a href="allclasses-noframe.html">All Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_bottom");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
</div>
<a name="skip-navbar_bottom">
<!-- -->
</a></div>
<!-- ======== END OF BOTTOM NAVBAR ======= -->
</body>
</html>

111
deprecated-list.html Normal file
View File

@ -0,0 +1,111 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!-- NewPage -->
<html lang="en">
<head>
<!-- Generated by javadoc (version 1.7.0_111) on Sun Oct 09 08:50:35 AEST 2016 -->
<title>Deprecated List (Noise-Java)</title>
<meta name="date" content="2016-10-09">
<link rel="stylesheet" type="text/css" href="stylesheet.css" title="Style">
</head>
<body>
<script type="text/javascript"><!--
if (location.href.indexOf('is-external=true') == -1) {
parent.document.title="Deprecated List (Noise-Java)";
}
//-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
<!-- ========= START OF TOP NAVBAR ======= -->
<div class="topNav"><a name="navbar_top">
<!-- -->
</a><a href="#skip-navbar_top" title="Skip navigation links"></a><a name="navbar_top_firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="com/southernstorm/noise/protocol/package-summary.html">Package</a></li>
<li>Class</li>
<li><a href="com/southernstorm/noise/protocol/package-tree.html">Tree</a></li>
<li class="navBarCell1Rev">Deprecated</li>
<li><a href="index-all.html">Index</a></li>
<li><a href="help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList">
<li>Prev</li>
<li>Next</li>
</ul>
<ul class="navList">
<li><a href="index.html?deprecated-list.html" target="_top">Frames</a></li>
<li><a href="deprecated-list.html" target="_top">No Frames</a></li>
</ul>
<ul class="navList" id="allclasses_navbar_top">
<li><a href="allclasses-noframe.html">All Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_top");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
</div>
<a name="skip-navbar_top">
<!-- -->
</a></div>
<!-- ========= END OF TOP NAVBAR ========= -->
<div class="header">
<h1 title="Deprecated API" class="title">Deprecated API</h1>
<h2 title="Contents">Contents</h2>
</div>
<!-- ======= START OF BOTTOM NAVBAR ====== -->
<div class="bottomNav"><a name="navbar_bottom">
<!-- -->
</a><a href="#skip-navbar_bottom" title="Skip navigation links"></a><a name="navbar_bottom_firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="com/southernstorm/noise/protocol/package-summary.html">Package</a></li>
<li>Class</li>
<li><a href="com/southernstorm/noise/protocol/package-tree.html">Tree</a></li>
<li class="navBarCell1Rev">Deprecated</li>
<li><a href="index-all.html">Index</a></li>
<li><a href="help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList">
<li>Prev</li>
<li>Next</li>
</ul>
<ul class="navList">
<li><a href="index.html?deprecated-list.html" target="_top">Frames</a></li>
<li><a href="deprecated-list.html" target="_top">No Frames</a></li>
</ul>
<ul class="navList" id="allclasses_navbar_bottom">
<li><a href="allclasses-noframe.html">All Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_bottom");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
</div>
<a name="skip-navbar_bottom">
<!-- -->
</a></div>
<!-- ======== END OF BOTTOM NAVBAR ======= -->
</body>
</html>

208
help-doc.html Normal file
View File

@ -0,0 +1,208 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!-- NewPage -->
<html lang="en">
<head>
<!-- Generated by javadoc (version 1.7.0_111) on Sun Oct 09 08:50:35 AEST 2016 -->
<title>API Help (Noise-Java)</title>
<meta name="date" content="2016-10-09">
<link rel="stylesheet" type="text/css" href="stylesheet.css" title="Style">
</head>
<body>
<script type="text/javascript"><!--
if (location.href.indexOf('is-external=true') == -1) {
parent.document.title="API Help (Noise-Java)";
}
//-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
<!-- ========= START OF TOP NAVBAR ======= -->
<div class="topNav"><a name="navbar_top">
<!-- -->
</a><a href="#skip-navbar_top" title="Skip navigation links"></a><a name="navbar_top_firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="com/southernstorm/noise/protocol/package-summary.html">Package</a></li>
<li>Class</li>
<li><a href="com/southernstorm/noise/protocol/package-tree.html">Tree</a></li>
<li><a href="deprecated-list.html">Deprecated</a></li>
<li><a href="index-all.html">Index</a></li>
<li class="navBarCell1Rev">Help</li>
</ul>
</div>
<div class="subNav">
<ul class="navList">
<li>Prev</li>
<li>Next</li>
</ul>
<ul class="navList">
<li><a href="index.html?help-doc.html" target="_top">Frames</a></li>
<li><a href="help-doc.html" target="_top">No Frames</a></li>
</ul>
<ul class="navList" id="allclasses_navbar_top">
<li><a href="allclasses-noframe.html">All Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_top");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
</div>
<a name="skip-navbar_top">
<!-- -->
</a></div>
<!-- ========= END OF TOP NAVBAR ========= -->
<div class="header">
<h1 class="title">How This API Document Is Organized</h1>
<div class="subTitle">This API (Application Programming Interface) document has pages corresponding to the items in the navigation bar, described as follows.</div>
</div>
<div class="contentContainer">
<ul class="blockList">
<li class="blockList">
<h2>Package</h2>
<p>Each package has a page that contains a list of its classes and interfaces, with a summary for each. This page can contain six categories:</p>
<ul>
<li>Interfaces (italic)</li>
<li>Classes</li>
<li>Enums</li>
<li>Exceptions</li>
<li>Errors</li>
<li>Annotation Types</li>
</ul>
</li>
<li class="blockList">
<h2>Class/Interface</h2>
<p>Each class, interface, nested class and nested interface has its own separate page. Each of these pages has three sections consisting of a class/interface description, summary tables, and detailed member descriptions:</p>
<ul>
<li>Class inheritance diagram</li>
<li>Direct Subclasses</li>
<li>All Known Subinterfaces</li>
<li>All Known Implementing Classes</li>
<li>Class/interface declaration</li>
<li>Class/interface description</li>
</ul>
<ul>
<li>Nested Class Summary</li>
<li>Field Summary</li>
<li>Constructor Summary</li>
<li>Method Summary</li>
</ul>
<ul>
<li>Field Detail</li>
<li>Constructor Detail</li>
<li>Method Detail</li>
</ul>
<p>Each summary entry contains the first sentence from the detailed description for that item. The summary entries are alphabetical, while the detailed descriptions are in the order they appear in the source code. This preserves the logical groupings established by the programmer.</p>
</li>
<li class="blockList">
<h2>Annotation Type</h2>
<p>Each annotation type has its own separate page with the following sections:</p>
<ul>
<li>Annotation Type declaration</li>
<li>Annotation Type description</li>
<li>Required Element Summary</li>
<li>Optional Element Summary</li>
<li>Element Detail</li>
</ul>
</li>
<li class="blockList">
<h2>Enum</h2>
<p>Each enum has its own separate page with the following sections:</p>
<ul>
<li>Enum declaration</li>
<li>Enum description</li>
<li>Enum Constant Summary</li>
<li>Enum Constant Detail</li>
</ul>
</li>
<li class="blockList">
<h2>Tree (Class Hierarchy)</h2>
<p>There is a <a href="overview-tree.html">Class Hierarchy</a> page for all packages, plus a hierarchy for each package. Each hierarchy page contains a list of classes and a list of interfaces. The classes are organized by inheritance structure starting with <code>java.lang.Object</code>. The interfaces do not inherit from <code>java.lang.Object</code>.</p>
<ul>
<li>When viewing the Overview page, clicking on "Tree" displays the hierarchy for all packages.</li>
<li>When viewing a particular package, class or interface page, clicking "Tree" displays the hierarchy for only that package.</li>
</ul>
</li>
<li class="blockList">
<h2>Deprecated API</h2>
<p>The <a href="deprecated-list.html">Deprecated API</a> page lists all of the API that have been deprecated. A deprecated API is not recommended for use, generally due to improvements, and a replacement API is usually given. Deprecated APIs may be removed in future implementations.</p>
</li>
<li class="blockList">
<h2>Index</h2>
<p>The <a href="index-all.html">Index</a> contains an alphabetic list of all classes, interfaces, constructors, methods, and fields.</p>
</li>
<li class="blockList">
<h2>Prev/Next</h2>
<p>These links take you to the next or previous class, interface, package, or related page.</p>
</li>
<li class="blockList">
<h2>Frames/No Frames</h2>
<p>These links show and hide the HTML frames. All pages are available with or without frames.</p>
</li>
<li class="blockList">
<h2>All Classes</h2>
<p>The <a href="allclasses-noframe.html">All Classes</a> link shows all classes and interfaces except non-static nested types.</p>
</li>
<li class="blockList">
<h2>Serialized Form</h2>
<p>Each serializable or externalizable class has a description of its serialization fields and methods. This information is of interest to re-implementors, not to developers using the API. While there is no link in the navigation bar, you can get to this information by going to any serialized class and clicking "Serialized Form" in the "See also" section of the class description.</p>
</li>
<li class="blockList">
<h2>Constant Field Values</h2>
<p>The <a href="constant-values.html">Constant Field Values</a> page lists the static final fields and their values.</p>
</li>
</ul>
<em>This help file applies to API documentation generated using the standard doclet.</em></div>
<!-- ======= START OF BOTTOM NAVBAR ====== -->
<div class="bottomNav"><a name="navbar_bottom">
<!-- -->
</a><a href="#skip-navbar_bottom" title="Skip navigation links"></a><a name="navbar_bottom_firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="com/southernstorm/noise/protocol/package-summary.html">Package</a></li>
<li>Class</li>
<li><a href="com/southernstorm/noise/protocol/package-tree.html">Tree</a></li>
<li><a href="deprecated-list.html">Deprecated</a></li>
<li><a href="index-all.html">Index</a></li>
<li class="navBarCell1Rev">Help</li>
</ul>
</div>
<div class="subNav">
<ul class="navList">
<li>Prev</li>
<li>Next</li>
</ul>
<ul class="navList">
<li><a href="index.html?help-doc.html" target="_top">Frames</a></li>
<li><a href="help-doc.html" target="_top">No Frames</a></li>
</ul>
<ul class="navList" id="allclasses_navbar_bottom">
<li><a href="allclasses-noframe.html">All Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_bottom");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
</div>
<a name="skip-navbar_bottom">
<!-- -->
</a></div>
<!-- ======== END OF BOTTOM NAVBAR ======= -->
</body>
</html>

529
index-all.html Normal file
View File

@ -0,0 +1,529 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!-- NewPage -->
<html lang="en">
<head>
<!-- Generated by javadoc (version 1.7.0_111) on Sun Oct 09 08:50:35 AEST 2016 -->
<title>Index (Noise-Java)</title>
<meta name="date" content="2016-10-09">
<link rel="stylesheet" type="text/css" href="./stylesheet.css" title="Style">
</head>
<body>
<script type="text/javascript"><!--
if (location.href.indexOf('is-external=true') == -1) {
parent.document.title="Index (Noise-Java)";
}
//-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
<!-- ========= START OF TOP NAVBAR ======= -->
<div class="topNav"><a name="navbar_top">
<!-- -->
</a><a href="#skip-navbar_top" title="Skip navigation links"></a><a name="navbar_top_firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="./com/southernstorm/noise/protocol/package-summary.html">Package</a></li>
<li>Class</li>
<li><a href="./com/southernstorm/noise/protocol/package-tree.html">Tree</a></li>
<li><a href="./deprecated-list.html">Deprecated</a></li>
<li class="navBarCell1Rev">Index</li>
<li><a href="./help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList">
<li>Prev</li>
<li>Next</li>
</ul>
<ul class="navList">
<li><a href="./index.html?index-all.html" target="_top">Frames</a></li>
<li><a href="index-all.html" target="_top">No Frames</a></li>
</ul>
<ul class="navList" id="allclasses_navbar_top">
<li><a href="./allclasses-noframe.html">All Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_top");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
</div>
<a name="skip-navbar_top">
<!-- -->
</a></div>
<!-- ========= END OF TOP NAVBAR ========= -->
<div class="contentContainer"><a href="#_C_">C</a>&nbsp;<a href="#_D_">D</a>&nbsp;<a href="#_E_">E</a>&nbsp;<a href="#_F_">F</a>&nbsp;<a href="#_G_">G</a>&nbsp;<a href="#_H_">H</a>&nbsp;<a href="#_I_">I</a>&nbsp;<a href="#_M_">M</a>&nbsp;<a href="#_N_">N</a>&nbsp;<a href="#_R_">R</a>&nbsp;<a href="#_S_">S</a>&nbsp;<a href="#_W_">W</a>&nbsp;<a name="_C_">
<!-- -->
</a>
<h2 class="title">C</h2>
<dl>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/DHState.html#calculate(byte[],%20int,%20com.southernstorm.noise.protocol.DHState)">calculate(byte[], int, DHState)</a></span> - Method in interface com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol">DHState</a></dt>
<dd>
<div class="block">Performs a Diffie-Hellman calculation with this object as the private key.</div>
</dd>
<dt><a href="./com/southernstorm/noise/protocol/CipherState.html" title="interface in com.southernstorm.noise.protocol"><span class="strong">CipherState</span></a> - Interface in <a href="./com/southernstorm/noise/protocol/package-summary.html">com.southernstorm.noise.protocol</a></dt>
<dd>
<div class="block">Interface to an authenticated cipher for use in the Noise protocol.</div>
</dd>
<dt><a href="./com/southernstorm/noise/protocol/CipherStatePair.html" title="class in com.southernstorm.noise.protocol"><span class="strong">CipherStatePair</span></a> - Class in <a href="./com/southernstorm/noise/protocol/package-summary.html">com.southernstorm.noise.protocol</a></dt>
<dd>
<div class="block">Class that contains a pair of CipherState objects.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/CipherStatePair.html#CipherStatePair(com.southernstorm.noise.protocol.CipherState,%20com.southernstorm.noise.protocol.CipherState)">CipherStatePair(CipherState, CipherState)</a></span> - Constructor for class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/CipherStatePair.html" title="class in com.southernstorm.noise.protocol">CipherStatePair</a></dt>
<dd>
<div class="block">Constructs a pair of CipherState objects.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/DHState.html#clearKey()">clearKey()</a></span> - Method in interface com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol">DHState</a></dt>
<dd>
<div class="block">Clears the key pair.</div>
</dd>
<dt><a href="./com/southernstorm/noise/protocol/package-summary.html">com.southernstorm.noise.protocol</a> - package com.southernstorm.noise.protocol</dt>
<dd>
<div class="block">Provides classes for communicating via the Noise protocol.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/HandshakeState.html#COMPLETE">COMPLETE</a></span> - Static variable in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol">HandshakeState</a></dt>
<dd>
<div class="block">The handshake is complete and the data session ciphers
have been split() out successfully.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/DHState.html#copyFrom(com.southernstorm.noise.protocol.DHState)">copyFrom(DHState)</a></span> - Method in interface com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol">DHState</a></dt>
<dd>
<div class="block">Copies the key values from another DH object of the same type.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/DHStateHybrid.html#copyFrom(com.southernstorm.noise.protocol.DHState,%20com.southernstorm.noise.protocol.DHState)">copyFrom(DHState, DHState)</a></span> - Method in interface com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/DHStateHybrid.html" title="interface in com.southernstorm.noise.protocol">DHStateHybrid</a></dt>
<dd>
<div class="block">Copies the key values from another DH object of the same type.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/Noise.html#createCipher(java.lang.String)">createCipher(String)</a></span> - Static method in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/Noise.html" title="class in com.southernstorm.noise.protocol">Noise</a></dt>
<dd>
<div class="block">Creates a cipher object from its Noise protocol name.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/Noise.html#createDH(java.lang.String)">createDH(String)</a></span> - Static method in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/Noise.html" title="class in com.southernstorm.noise.protocol">Noise</a></dt>
<dd>
<div class="block">Creates a Diffie-Hellman object from its Noise protocol name.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/Noise.html#createHash(java.lang.String)">createHash(String)</a></span> - Static method in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/Noise.html" title="class in com.southernstorm.noise.protocol">Noise</a></dt>
<dd>
<div class="block">Creates a hash object from its Noise protocol name.</div>
</dd>
</dl>
<a name="_D_">
<!-- -->
</a>
<h2 class="title">D</h2>
<dl>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/CipherState.html#decryptWithAd(byte[],%20byte[],%20int,%20byte[],%20int,%20int)">decryptWithAd(byte[], byte[], int, byte[], int, int)</a></span> - Method in interface com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/CipherState.html" title="interface in com.southernstorm.noise.protocol">CipherState</a></dt>
<dd>
<div class="block">Decrypts a ciphertext buffer using the cipher and a block of associated data.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/CipherStatePair.html#destroy()">destroy()</a></span> - Method in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/CipherStatePair.html" title="class in com.southernstorm.noise.protocol">CipherStatePair</a></dt>
<dd>&nbsp;</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/Destroyable.html#destroy()">destroy()</a></span> - Method in interface com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/Destroyable.html" title="interface in com.southernstorm.noise.protocol">Destroyable</a></dt>
<dd>
<div class="block">Destroys all sensitive state in the current object.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/HandshakeState.html#destroy()">destroy()</a></span> - Method in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol">HandshakeState</a></dt>
<dd>&nbsp;</dd>
<dt><a href="./com/southernstorm/noise/protocol/Destroyable.html" title="interface in com.southernstorm.noise.protocol"><span class="strong">Destroyable</span></a> - Interface in <a href="./com/southernstorm/noise/protocol/package-summary.html">com.southernstorm.noise.protocol</a></dt>
<dd>
<div class="block">Interface for objects that implement destroying.</div>
</dd>
<dt><a href="./com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol"><span class="strong">DHState</span></a> - Interface in <a href="./com/southernstorm/noise/protocol/package-summary.html">com.southernstorm.noise.protocol</a></dt>
<dd>
<div class="block">Interface to a Diffie-Hellman algorithm for the Noise protocol.</div>
</dd>
<dt><a href="./com/southernstorm/noise/protocol/DHStateHybrid.html" title="interface in com.southernstorm.noise.protocol"><span class="strong">DHStateHybrid</span></a> - Interface in <a href="./com/southernstorm/noise/protocol/package-summary.html">com.southernstorm.noise.protocol</a></dt>
<dd>
<div class="block">Additional API for DH objects that need special handling for
hybrid operations.</div>
</dd>
</dl>
<a name="_E_">
<!-- -->
</a>
<h2 class="title">E</h2>
<dl>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/CipherState.html#encryptWithAd(byte[],%20byte[],%20int,%20byte[],%20int,%20int)">encryptWithAd(byte[], byte[], int, byte[], int, int)</a></span> - Method in interface com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/CipherState.html" title="interface in com.southernstorm.noise.protocol">CipherState</a></dt>
<dd>
<div class="block">Encrypts a plaintext buffer using the cipher and a block of associated data.</div>
</dd>
</dl>
<a name="_F_">
<!-- -->
</a>
<h2 class="title">F</h2>
<dl>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/HandshakeState.html#FAILED">FAILED</a></span> - Static variable in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol">HandshakeState</a></dt>
<dd>
<div class="block">The handshake has failed due to some kind of error.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/HandshakeState.html#fallback()">fallback()</a></span> - Method in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol">HandshakeState</a></dt>
<dd>
<div class="block">Falls back to the "XXfallback" handshake pattern.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/HandshakeState.html#fallback(java.lang.String)">fallback(String)</a></span> - Method in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol">HandshakeState</a></dt>
<dd>
<div class="block">Falls back to another handshake pattern.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/CipherState.html#fork(byte[],%20int)">fork(byte[], int)</a></span> - Method in interface com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/CipherState.html" title="interface in com.southernstorm.noise.protocol">CipherState</a></dt>
<dd>
<div class="block">Creates a new instance of this cipher and initializes it with a key.</div>
</dd>
</dl>
<a name="_G_">
<!-- -->
</a>
<h2 class="title">G</h2>
<dl>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/DHState.html#generateKeyPair()">generateKeyPair()</a></span> - Method in interface com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol">DHState</a></dt>
<dd>
<div class="block">Generates a new random keypair.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/DHStateHybrid.html#generateKeyPair(com.southernstorm.noise.protocol.DHState)">generateKeyPair(DHState)</a></span> - Method in interface com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/DHStateHybrid.html" title="interface in com.southernstorm.noise.protocol">DHStateHybrid</a></dt>
<dd>
<div class="block">Generates a new random keypair relative to the parameters
in another object.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/HandshakeState.html#getAction()">getAction()</a></span> - Method in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol">HandshakeState</a></dt>
<dd>
<div class="block">Gets the next action that the application should perform for
the handshake part of the protocol.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/CipherState.html#getCipherName()">getCipherName()</a></span> - Method in interface com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/CipherState.html" title="interface in com.southernstorm.noise.protocol">CipherState</a></dt>
<dd>
<div class="block">Gets the Noise protocol name for this cipher.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/DHState.html#getDHName()">getDHName()</a></span> - Method in interface com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol">DHState</a></dt>
<dd>
<div class="block">Gets the Noise protocol name for this Diffie-Hellman algorithm.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/HandshakeState.html#getFixedEphemeralKey()">getFixedEphemeralKey()</a></span> - Method in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol">HandshakeState</a></dt>
<dd>
<div class="block">Gets the DHState object containing a fixed local ephemeral
key value for this handshake.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/HandshakeState.html#getFixedHybridKey()">getFixedHybridKey()</a></span> - Method in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol">HandshakeState</a></dt>
<dd>
<div class="block">Gets the DHState object containing a fixed local hybrid
key value for this handshake.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/HandshakeState.html#getHandshakeHash()">getHandshakeHash()</a></span> - Method in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol">HandshakeState</a></dt>
<dd>
<div class="block">Gets the current value of the handshake hash.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/CipherState.html#getKeyLength()">getKeyLength()</a></span> - Method in interface com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/CipherState.html" title="interface in com.southernstorm.noise.protocol">CipherState</a></dt>
<dd>
<div class="block">Gets the length of the key values for this cipher.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/HandshakeState.html#getLocalKeyPair()">getLocalKeyPair()</a></span> - Method in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol">HandshakeState</a></dt>
<dd>
<div class="block">Gets the keypair object for the local static key.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/CipherState.html#getMACLength()">getMACLength()</a></span> - Method in interface com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/CipherState.html" title="interface in com.southernstorm.noise.protocol">CipherState</a></dt>
<dd>
<div class="block">Gets the length of the MAC values for this cipher.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/DHState.html#getPrivateKey(byte[],%20int)">getPrivateKey(byte[], int)</a></span> - Method in interface com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol">DHState</a></dt>
<dd>
<div class="block">Gets the private key associated with this object.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/DHState.html#getPrivateKeyLength()">getPrivateKeyLength()</a></span> - Method in interface com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol">DHState</a></dt>
<dd>
<div class="block">Gets the length of private keys for this algorithm.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/HandshakeState.html#getProtocolName()">getProtocolName()</a></span> - Method in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol">HandshakeState</a></dt>
<dd>
<div class="block">Gets the name of the Noise protocol.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/DHState.html#getPublicKey(byte[],%20int)">getPublicKey(byte[], int)</a></span> - Method in interface com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol">DHState</a></dt>
<dd>
<div class="block">Gets the public key associated with this object.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/DHState.html#getPublicKeyLength()">getPublicKeyLength()</a></span> - Method in interface com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol">DHState</a></dt>
<dd>
<div class="block">Gets the length of public keys for this algorithm.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/CipherStatePair.html#getReceiver()">getReceiver()</a></span> - Method in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/CipherStatePair.html" title="class in com.southernstorm.noise.protocol">CipherStatePair</a></dt>
<dd>
<div class="block">Gets the CipherState to use to receive packets from the remote party.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/HandshakeState.html#getRemotePublicKey()">getRemotePublicKey()</a></span> - Method in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol">HandshakeState</a></dt>
<dd>
<div class="block">Gets the public key object for the remote static key.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/HandshakeState.html#getRole()">getRole()</a></span> - Method in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol">HandshakeState</a></dt>
<dd>
<div class="block">Gets the role for this handshake.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/CipherStatePair.html#getSender()">getSender()</a></span> - Method in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/CipherStatePair.html" title="class in com.southernstorm.noise.protocol">CipherStatePair</a></dt>
<dd>
<div class="block">Gets the CipherState to use to send packets to the remote party.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/DHState.html#getSharedKeyLength()">getSharedKeyLength()</a></span> - Method in interface com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol">DHState</a></dt>
<dd>
<div class="block">Gets the length of shared keys for this algorithm.</div>
</dd>
</dl>
<a name="_H_">
<!-- -->
</a>
<h2 class="title">H</h2>
<dl>
<dt><a href="./com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol"><span class="strong">HandshakeState</span></a> - Class in <a href="./com/southernstorm/noise/protocol/package-summary.html">com.southernstorm.noise.protocol</a></dt>
<dd>
<div class="block">Interface to a Noise handshake.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/HandshakeState.html#HandshakeState(java.lang.String,%20int)">HandshakeState(String, int)</a></span> - Constructor for class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol">HandshakeState</a></dt>
<dd>
<div class="block">Creates a new Noise handshake.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/CipherState.html#hasKey()">hasKey()</a></span> - Method in interface com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/CipherState.html" title="interface in com.southernstorm.noise.protocol">CipherState</a></dt>
<dd>
<div class="block">Determine if this cipher object has been configured with a key.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/HandshakeState.html#hasLocalKeyPair()">hasLocalKeyPair()</a></span> - Method in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol">HandshakeState</a></dt>
<dd>
<div class="block">Determine if this handshake has already been configured
with a local static key.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/HandshakeState.html#hasPreSharedKey()">hasPreSharedKey()</a></span> - Method in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol">HandshakeState</a></dt>
<dd>
<div class="block">Determine if this object has already been configured with a
pre-shared key.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/DHState.html#hasPrivateKey()">hasPrivateKey()</a></span> - Method in interface com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol">DHState</a></dt>
<dd>
<div class="block">Determine if this object contains a private key.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/DHState.html#hasPublicKey()">hasPublicKey()</a></span> - Method in interface com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol">DHState</a></dt>
<dd>
<div class="block">Determine if this object contains a public key.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/HandshakeState.html#hasRemotePublicKey()">hasRemotePublicKey()</a></span> - Method in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol">HandshakeState</a></dt>
<dd>
<div class="block">Determine if this handshake has already been configured
with a remote static key.</div>
</dd>
</dl>
<a name="_I_">
<!-- -->
</a>
<h2 class="title">I</h2>
<dl>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/CipherState.html#initializeKey(byte[],%20int)">initializeKey(byte[], int)</a></span> - Method in interface com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/CipherState.html" title="interface in com.southernstorm.noise.protocol">CipherState</a></dt>
<dd>
<div class="block">Initializes the key on this cipher object.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/HandshakeState.html#INITIATOR">INITIATOR</a></span> - Static variable in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol">HandshakeState</a></dt>
<dd>
<div class="block">Enumerated value that indicates that the handshake object
is handling the initiator role.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/DHState.html#isNullPublicKey()">isNullPublicKey()</a></span> - Method in interface com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol">DHState</a></dt>
<dd>
<div class="block">Determine if the public key in this object is the special null value.</div>
</dd>
</dl>
<a name="_M_">
<!-- -->
</a>
<h2 class="title">M</h2>
<dl>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/Noise.html#MAX_PACKET_LEN">MAX_PACKET_LEN</a></span> - Static variable in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/Noise.html" title="class in com.southernstorm.noise.protocol">Noise</a></dt>
<dd>
<div class="block">Maximum length for Noise packets.</div>
</dd>
</dl>
<a name="_N_">
<!-- -->
</a>
<h2 class="title">N</h2>
<dl>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/HandshakeState.html#needsLocalKeyPair()">needsLocalKeyPair()</a></span> - Method in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol">HandshakeState</a></dt>
<dd>
<div class="block">Determine if this handshake requires a local static key.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/HandshakeState.html#needsPreSharedKey()">needsPreSharedKey()</a></span> - Method in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol">HandshakeState</a></dt>
<dd>
<div class="block">Determine if this handshake needs a pre-shared key value
and one has not been configured yet.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/HandshakeState.html#needsRemotePublicKey()">needsRemotePublicKey()</a></span> - Method in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol">HandshakeState</a></dt>
<dd>
<div class="block">Determine if this handshake requires a remote static key.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/HandshakeState.html#NO_ACTION">NO_ACTION</a></span> - Static variable in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol">HandshakeState</a></dt>
<dd>
<div class="block">No action is required of the application yet because the
handshake has not started.</div>
</dd>
<dt><a href="./com/southernstorm/noise/protocol/Noise.html" title="class in com.southernstorm.noise.protocol"><span class="strong">Noise</span></a> - Class in <a href="./com/southernstorm/noise/protocol/package-summary.html">com.southernstorm.noise.protocol</a></dt>
<dd>
<div class="block">Utility functions for the Noise protocol library.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/Noise.html#Noise()">Noise()</a></span> - Constructor for class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/Noise.html" title="class in com.southernstorm.noise.protocol">Noise</a></dt>
<dd>&nbsp;</dd>
</dl>
<a name="_R_">
<!-- -->
</a>
<h2 class="title">R</h2>
<dl>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/Noise.html#random(byte[])">random(byte[])</a></span> - Static method in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/Noise.html" title="class in com.southernstorm.noise.protocol">Noise</a></dt>
<dd>
<div class="block">Generates random data using the system random number generator.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/HandshakeState.html#READ_MESSAGE">READ_MESSAGE</a></span> - Static variable in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol">HandshakeState</a></dt>
<dd>
<div class="block">The HandshakeState expects the application to read the
next message payload from the handshake.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/HandshakeState.html#readMessage(byte[],%20int,%20int,%20byte[],%20int)">readMessage(byte[], int, int, byte[], int)</a></span> - Method in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol">HandshakeState</a></dt>
<dd>
<div class="block">Reads a message payload during the handshake.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/CipherStatePair.html#receiverOnly()">receiverOnly()</a></span> - Method in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/CipherStatePair.html" title="class in com.southernstorm.noise.protocol">CipherStatePair</a></dt>
<dd>
<div class="block">Destroys the sending CipherState and retains only the receiving CipherState.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/HandshakeState.html#RESPONDER">RESPONDER</a></span> - Static variable in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol">HandshakeState</a></dt>
<dd>
<div class="block">Enumerated value that indicates that the handshake object
is handling the responder role.</div>
</dd>
</dl>
<a name="_S_">
<!-- -->
</a>
<h2 class="title">S</h2>
<dl>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/CipherStatePair.html#senderOnly()">senderOnly()</a></span> - Method in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/CipherStatePair.html" title="class in com.southernstorm.noise.protocol">CipherStatePair</a></dt>
<dd>
<div class="block">Destroys the receiving CipherState and retains only the sending CipherState.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/Noise.html#setForceFallbacks(boolean)">setForceFallbacks(boolean)</a></span> - Static method in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/Noise.html" title="class in com.southernstorm.noise.protocol">Noise</a></dt>
<dd>
<div class="block">Force the use of plain Java fallback crypto implementations.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/CipherState.html#setNonce(long)">setNonce(long)</a></span> - Method in interface com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/CipherState.html" title="interface in com.southernstorm.noise.protocol">CipherState</a></dt>
<dd>
<div class="block">Sets the nonce value.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/HandshakeState.html#setPreSharedKey(byte[],%20int,%20int)">setPreSharedKey(byte[], int, int)</a></span> - Method in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol">HandshakeState</a></dt>
<dd>
<div class="block">Sets the pre-shared key for this handshake.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/DHState.html#setPrivateKey(byte[],%20int)">setPrivateKey(byte[], int)</a></span> - Method in interface com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol">DHState</a></dt>
<dd>
<div class="block">Sets the private key for this object.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/HandshakeState.html#setPrologue(byte[],%20int,%20int)">setPrologue(byte[], int, int)</a></span> - Method in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol">HandshakeState</a></dt>
<dd>
<div class="block">Sets the prologue for this handshake.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/DHState.html#setPublicKey(byte[],%20int)">setPublicKey(byte[], int)</a></span> - Method in interface com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol">DHState</a></dt>
<dd>
<div class="block">Sets the public key for this object.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/DHState.html#setToNullPublicKey()">setToNullPublicKey()</a></span> - Method in interface com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol">DHState</a></dt>
<dd>
<div class="block">Sets this object to the null public key and clears the private key.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/DHStateHybrid.html#specifyPeer(com.southernstorm.noise.protocol.DHState)">specifyPeer(DHState)</a></span> - Method in interface com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/DHStateHybrid.html" title="interface in com.southernstorm.noise.protocol">DHStateHybrid</a></dt>
<dd>
<div class="block">Specifies the local peer object prior to setting a public key
on a remote object.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/HandshakeState.html#SPLIT">SPLIT</a></span> - Static variable in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol">HandshakeState</a></dt>
<dd>
<div class="block">The handshake is over and the application is expected to call
split() and begin data session communications.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/HandshakeState.html#split()">split()</a></span> - Method in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol">HandshakeState</a></dt>
<dd>
<div class="block">Splits the transport encryption CipherState objects out of
this HandshakeState object once the handshake completes.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/HandshakeState.html#split(byte[],%20int,%20int)">split(byte[], int, int)</a></span> - Method in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol">HandshakeState</a></dt>
<dd>
<div class="block">Splits the transport encryption CipherState objects out of
this HandshakeObject after mixing in a secondary symmetric key.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/HandshakeState.html#start()">start()</a></span> - Method in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol">HandshakeState</a></dt>
<dd>
<div class="block">Starts the handshake running.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/CipherStatePair.html#swap()">swap()</a></span> - Method in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/CipherStatePair.html" title="class in com.southernstorm.noise.protocol">CipherStatePair</a></dt>
<dd>
<div class="block">Swaps the sender and receiver.</div>
</dd>
</dl>
<a name="_W_">
<!-- -->
</a>
<h2 class="title">W</h2>
<dl>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/HandshakeState.html#WRITE_MESSAGE">WRITE_MESSAGE</a></span> - Static variable in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol">HandshakeState</a></dt>
<dd>
<div class="block">The HandshakeState expects the application to write the
next message payload for the handshake.</div>
</dd>
<dt><span class="strong"><a href="./com/southernstorm/noise/protocol/HandshakeState.html#writeMessage(byte[],%20int,%20byte[],%20int,%20int)">writeMessage(byte[], int, byte[], int, int)</a></span> - Method in class com.southernstorm.noise.protocol.<a href="./com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol">HandshakeState</a></dt>
<dd>
<div class="block">Writes a message payload during the handshake.</div>
</dd>
</dl>
<a href="#_C_">C</a>&nbsp;<a href="#_D_">D</a>&nbsp;<a href="#_E_">E</a>&nbsp;<a href="#_F_">F</a>&nbsp;<a href="#_G_">G</a>&nbsp;<a href="#_H_">H</a>&nbsp;<a href="#_I_">I</a>&nbsp;<a href="#_M_">M</a>&nbsp;<a href="#_N_">N</a>&nbsp;<a href="#_R_">R</a>&nbsp;<a href="#_S_">S</a>&nbsp;<a href="#_W_">W</a>&nbsp;</div>
<!-- ======= START OF BOTTOM NAVBAR ====== -->
<div class="bottomNav"><a name="navbar_bottom">
<!-- -->
</a><a href="#skip-navbar_bottom" title="Skip navigation links"></a><a name="navbar_bottom_firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="./com/southernstorm/noise/protocol/package-summary.html">Package</a></li>
<li>Class</li>
<li><a href="./com/southernstorm/noise/protocol/package-tree.html">Tree</a></li>
<li><a href="./deprecated-list.html">Deprecated</a></li>
<li class="navBarCell1Rev">Index</li>
<li><a href="./help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList">
<li>Prev</li>
<li>Next</li>
</ul>
<ul class="navList">
<li><a href="./index.html?index-all.html" target="_top">Frames</a></li>
<li><a href="index-all.html" target="_top">No Frames</a></li>
</ul>
<ul class="navList" id="allclasses_navbar_bottom">
<li><a href="./allclasses-noframe.html">All Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_bottom");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
</div>
<a name="skip-navbar_bottom">
<!-- -->
</a></div>
<!-- ======== END OF BOTTOM NAVBAR ======= -->
</body>
</html>

71
index.html Normal file
View File

@ -0,0 +1,71 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd">
<!-- NewPage -->
<html lang="en">
<head>
<!-- Generated by javadoc on Sun Oct 09 08:50:35 AEST 2016 -->
<title>Noise-Java</title>
<script type="text/javascript">
targetPage = "" + window.location.search;
if (targetPage != "" && targetPage != "undefined")
targetPage = targetPage.substring(1);
if (targetPage.indexOf(":") != -1 || (targetPage != "" && !validURL(targetPage)))
targetPage = "undefined";
function validURL(url) {
try {
url = decodeURIComponent(url);
}
catch (error) {
return false;
}
var pos = url.indexOf(".html");
if (pos == -1 || pos != url.length - 5)
return false;
var allowNumber = false;
var allowSep = false;
var seenDot = false;
for (var i = 0; i < url.length - 5; i++) {
var ch = url.charAt(i);
if ('a' <= ch && ch <= 'z' ||
'A' <= ch && ch <= 'Z' ||
ch == '$' ||
ch == '_' ||
ch.charCodeAt(0) > 127) {
allowNumber = true;
allowSep = true;
} else if ('0' <= ch && ch <= '9'
|| ch == '-') {
if (!allowNumber)
return false;
} else if (ch == '/' || ch == '.') {
if (!allowSep)
return false;
allowNumber = false;
allowSep = false;
if (ch == '.')
seenDot = true;
if (ch == '/' && seenDot)
return false;
} else {
return false;
}
}
return true;
}
function loadFrames() {
if (targetPage != "" && targetPage != "undefined")
top.classFrame.location = top.targetPage;
}
</script>
</head>
<frameset cols="20%,80%" title="Documentation frame" onload="top.loadFrames()">
<frame src="allclasses-frame.html" name="packageFrame" title="All classes and interfaces (except non-static nested types)">
<frame src="com/southernstorm/noise/protocol/package-summary.html" name="classFrame" title="Package, class and interface descriptions" scrolling="yes">
<noframes>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
<h2>Frame Alert</h2>
<p>This document is designed to be viewed using the frames feature. If you see this message, you are using a non-frame-capable web client. Link to <a href="com/southernstorm/noise/protocol/package-summary.html">Non-frame version</a>.</p>
</noframes>
</frameset>
</html>

140
overview-tree.html Normal file
View File

@ -0,0 +1,140 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!-- NewPage -->
<html lang="en">
<head>
<!-- Generated by javadoc (version 1.7.0_111) on Sun Oct 09 08:50:35 AEST 2016 -->
<title>Class Hierarchy (Noise-Java)</title>
<meta name="date" content="2016-10-09">
<link rel="stylesheet" type="text/css" href="stylesheet.css" title="Style">
</head>
<body>
<script type="text/javascript"><!--
if (location.href.indexOf('is-external=true') == -1) {
parent.document.title="Class Hierarchy (Noise-Java)";
}
//-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
<!-- ========= START OF TOP NAVBAR ======= -->
<div class="topNav"><a name="navbar_top">
<!-- -->
</a><a href="#skip-navbar_top" title="Skip navigation links"></a><a name="navbar_top_firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="com/southernstorm/noise/protocol/package-summary.html">Package</a></li>
<li>Class</li>
<li class="navBarCell1Rev">Tree</li>
<li><a href="deprecated-list.html">Deprecated</a></li>
<li><a href="index-all.html">Index</a></li>
<li><a href="help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList">
<li>Prev</li>
<li>Next</li>
</ul>
<ul class="navList">
<li><a href="index.html?overview-tree.html" target="_top">Frames</a></li>
<li><a href="overview-tree.html" target="_top">No Frames</a></li>
</ul>
<ul class="navList" id="allclasses_navbar_top">
<li><a href="allclasses-noframe.html">All Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_top");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
</div>
<a name="skip-navbar_top">
<!-- -->
</a></div>
<!-- ========= END OF TOP NAVBAR ========= -->
<div class="header">
<h1 class="title">Hierarchy For All Packages</h1>
<span class="strong">Package Hierarchies:</span>
<ul class="horizontal">
<li><a href="com/southernstorm/noise/protocol/package-tree.html">com.southernstorm.noise.protocol</a></li>
</ul>
</div>
<div class="contentContainer">
<h2 title="Class Hierarchy">Class Hierarchy</h2>
<ul>
<li type="circle">java.lang.Object
<ul>
<li type="circle">com.southernstorm.noise.protocol.<a href="com/southernstorm/noise/protocol/CipherStatePair.html" title="class in com.southernstorm.noise.protocol"><span class="strong">CipherStatePair</span></a> (implements com.southernstorm.noise.protocol.<a href="com/southernstorm/noise/protocol/Destroyable.html" title="interface in com.southernstorm.noise.protocol">Destroyable</a>)</li>
<li type="circle">com.southernstorm.noise.protocol.<a href="com/southernstorm/noise/protocol/HandshakeState.html" title="class in com.southernstorm.noise.protocol"><span class="strong">HandshakeState</span></a> (implements com.southernstorm.noise.protocol.<a href="com/southernstorm/noise/protocol/Destroyable.html" title="interface in com.southernstorm.noise.protocol">Destroyable</a>)</li>
<li type="circle">com.southernstorm.noise.protocol.<a href="com/southernstorm/noise/protocol/Noise.html" title="class in com.southernstorm.noise.protocol"><span class="strong">Noise</span></a></li>
</ul>
</li>
</ul>
<h2 title="Interface Hierarchy">Interface Hierarchy</h2>
<ul>
<li type="circle">com.southernstorm.noise.protocol.<a href="com/southernstorm/noise/protocol/Destroyable.html" title="interface in com.southernstorm.noise.protocol"><span class="strong">Destroyable</span></a>
<ul>
<li type="circle">com.southernstorm.noise.protocol.<a href="com/southernstorm/noise/protocol/CipherState.html" title="interface in com.southernstorm.noise.protocol"><span class="strong">CipherState</span></a></li>
<li type="circle">com.southernstorm.noise.protocol.<a href="com/southernstorm/noise/protocol/DHState.html" title="interface in com.southernstorm.noise.protocol"><span class="strong">DHState</span></a>
<ul>
<li type="circle">com.southernstorm.noise.protocol.<a href="com/southernstorm/noise/protocol/DHStateHybrid.html" title="interface in com.southernstorm.noise.protocol"><span class="strong">DHStateHybrid</span></a></li>
</ul>
</li>
<li type="circle">com.southernstorm.noise.protocol.<a href="com/southernstorm/noise/protocol/DHStateHybrid.html" title="interface in com.southernstorm.noise.protocol"><span class="strong">DHStateHybrid</span></a></li>
</ul>
</li>
</ul>
</div>
<!-- ======= START OF BOTTOM NAVBAR ====== -->
<div class="bottomNav"><a name="navbar_bottom">
<!-- -->
</a><a href="#skip-navbar_bottom" title="Skip navigation links"></a><a name="navbar_bottom_firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="com/southernstorm/noise/protocol/package-summary.html">Package</a></li>
<li>Class</li>
<li class="navBarCell1Rev">Tree</li>
<li><a href="deprecated-list.html">Deprecated</a></li>
<li><a href="index-all.html">Index</a></li>
<li><a href="help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList">
<li>Prev</li>
<li>Next</li>
</ul>
<ul class="navList">
<li><a href="index.html?overview-tree.html" target="_top">Frames</a></li>
<li><a href="overview-tree.html" target="_top">No Frames</a></li>
</ul>
<ul class="navList" id="allclasses_navbar_bottom">
<li><a href="allclasses-noframe.html">All Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_bottom");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
</div>
<a name="skip-navbar_bottom">
<!-- -->
</a></div>
<!-- ======== END OF BOTTOM NAVBAR ======= -->
</body>
</html>

1
package-list Normal file
View File

@ -0,0 +1 @@
com.southernstorm.noise.protocol

166
pom.xml
View File

@ -1,166 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.signal.forks</groupId>
<artifactId>noise-java</artifactId>
<version>0.1.2-SNAPSHOT</version>
<name>Noise-Java</name>
<description>Plain Java implementation of the Noise protocol</description>
<inceptionYear>2016</inceptionYear>
<url>https://github.com/signalapp/noise-java</url>
<scm>
<connection>scm:git:https://github.com/signalapp/noise-java.git</connection>
<developerConnection>scm:git:git@github.com:signalapp/noise-java.git</developerConnection>
<url>https://github.com/signalapp/noise-java</url>
<tag>HEAD</tag>
</scm>
<developers>
<developer>
<id>rweather</id>
<name>Rhys Weatherley</name>
<email>rhys.weatherley@gmail.com</email>
<url>https://github.com/rweather/</url>
<roles>
<role>developer</role>
</roles>
</developer>
</developers>
<licenses>
<license>
<name>The MIT License (MIT)</name>
<url>http://opensource.org/licenses/MIT</url>
<distribution>repo</distribution>
</license>
</licenses>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties>
<dependencies>
<dependency>
<groupId>org.junit.jupiter</groupId>
<artifactId>junit-jupiter</artifactId>
<version>5.10.2</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
<version>2.3.0</version>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>3.3.0</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>3.0.0-M5</version>
</plugin>
</plugins>
</pluginManagement>
<plugins>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.7.0</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<configuration>
<source>8</source>
<excludePackageNames>com.southernstorm.noise.crypto</excludePackageNames>
<windowtitle>Noise-Java</windowtitle>
</configuration>
<executions>
<execution>
<id>attach-javadocs</id>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
<version>2.2.1</version>
<executions>
<execution>
<id>attach-sources</id>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<version>1.6.13</version>
<extensions>true</extensions>
<configuration>
<serverId>ossrh</serverId>
<nexusUrl>https://oss.sonatype.org/</nexusUrl>
<autoReleaseAfterClose>false</autoReleaseAfterClose>
</configuration>
</plugin>
</plugins>
</build>
<profiles>
<profile>
<id>release-sign-artifacts</id>
<activation>
<property>
<name>performRelease</name>
<value>true</value>
</property>
</activation>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>3.0.1</version>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
</profiles>
</project>

BIN
resources/background.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.3 KiB

BIN
resources/tab.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 291 B

BIN
resources/titlebar.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 10 KiB

BIN
resources/titlebar_end.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 849 B

2
src/.gitignore vendored
View File

@ -1,2 +0,0 @@
.settings
bin

243
src/main/java/com/southernstorm/noise/crypto/Blake2bMessageDigest.java
View File

@ -1,243 +0,0 @@
/*
* Copyright (C) 2016 Southern Storm Software, Pty Ltd.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
package com.southernstorm.noise.crypto;
import java.security.DigestException;
import java.security.MessageDigest;
import java.util.Arrays;
import com.southernstorm.noise.protocol.Destroyable;
/**
* Fallback implementation of BLAKE2b for the Noise library.
*
* This implementation only supports message digesting with an output
* length of 64 bytes and a limit of 2^64 - 1 bytes of input.
* Keyed hashing and variable-length digests are not supported.
*/
public class Blake2bMessageDigest extends MessageDigest implements Destroyable {
private long[] h;
private byte[] block;
private long[] m;
private long[] v;
private long length;
private int posn;
/**
* Constructs a new BLAKE2b message digest object.
*/
public Blake2bMessageDigest() {
super("BLAKE2B-512");
h = new long [8];
block = new byte [128];
m = new long [16];
v = new long [16];
engineReset();
}
@Override
protected byte[] engineDigest() {
byte[] digest = new byte [64];
try {
engineDigest(digest, 0, 64);
} catch (DigestException e) {
// Shouldn't happen, but just in case.
Arrays.fill(digest, (byte)0);
}
return digest;
}
@Override
protected int engineDigest(byte[] buf, int offset, int len) throws DigestException
{
if (len < 64)
throw new DigestException("Invalid digest length for BLAKE2b");
Arrays.fill(block, posn, 128, (byte)0);
transform(-1);
for (int index = 0; index < 8; ++index) {
long value = h[index];
buf[offset++] = (byte)value;
buf[offset++] = (byte)(value >> 8);
buf[offset++] = (byte)(value >> 16);
buf[offset++] = (byte)(value >> 24);
buf[offset++] = (byte)(value >> 32);
buf[offset++] = (byte)(value >> 40);
buf[offset++] = (byte)(value >> 48);
buf[offset++] = (byte)(value >> 56);
}
return 32;
}
@Override
protected int engineGetDigestLength() {
return 64;
}
@Override
protected void engineReset() {
h[0] = 0x6a09e667f3bcc908L ^ 0x01010040;
h[1] = 0xbb67ae8584caa73bL;
h[2] = 0x3c6ef372fe94f82bL;
h[3] = 0xa54ff53a5f1d36f1L;
h[4] = 0x510e527fade682d1L;
h[5] = 0x9b05688c2b3e6c1fL;
h[6] = 0x1f83d9abfb41bd6bL;
h[7] = 0x5be0cd19137e2179L;
length = 0;
posn = 0;
}
@Override
protected void engineUpdate(byte input) {
if (posn >= 128) {
transform(0);
posn = 0;
}
block[posn++] = input;
++length;
}
@Override
protected void engineUpdate(byte[] input, int offset, int len) {
while (len > 0) {
if (posn >= 128) {
transform(0);
posn = 0;
}
int temp = (128 - posn);
if (temp > len)
temp = len;
System.arraycopy(input, offset, block, posn, temp);
posn += temp;
length += temp;
offset += temp;
len -= temp;
}
}
// Permutation on the message input state for BLAKE2b.
static final byte[][] sigma = {
{ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15},
{14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3},
{11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4},
{ 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8},
{ 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13},
{ 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9},
{12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11},
{13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10},
{ 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5},
{10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0},
{ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15},
{14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3},
};
private void transform(long f0)
{
int index;
int offset;
// Unpack the input block from little-endian into host-endian.
for (index = 0, offset = 0; index < 16; ++index, offset += 8) {
m[index] = (block[offset] & 0xFFL) |
((block[offset + 1] & 0xFFL) << 8) |
((block[offset + 2] & 0xFFL) << 16) |
((block[offset + 3] & 0xFFL) << 24) |
((block[offset + 4] & 0xFFL) << 32) |
((block[offset + 5] & 0xFFL) << 40) |
((block[offset + 6] & 0xFFL) << 48) |
((block[offset + 7] & 0xFFL) << 56);
}
// Format the block to be hashed.
for (index = 0; index < 8; ++index)
v[index] = h[index];
v[8] = 0x6a09e667f3bcc908L;
v[9] = 0xbb67ae8584caa73bL;
v[10] = 0x3c6ef372fe94f82bL;
v[11] = 0xa54ff53a5f1d36f1L;
v[12] = 0x510e527fade682d1L ^ length;
v[13] = 0x9b05688c2b3e6c1fL;
v[14] = 0x1f83d9abfb41bd6bL ^ f0;
v[15] = 0x5be0cd19137e2179L;
// Perform the 12 BLAKE2b rounds.
for (index = 0; index < 12; ++index) {
// Column round.
quarterRound(0, 4, 8, 12, 0, index);
quarterRound(1, 5, 9, 13, 1, index);
quarterRound(2, 6, 10, 14, 2, index);
quarterRound(3, 7, 11, 15, 3, index);
// Diagonal round.
quarterRound(0, 5, 10, 15, 4, index);
quarterRound(1, 6, 11, 12, 5, index);
quarterRound(2, 7, 8, 13, 6, index);
quarterRound(3, 4, 9, 14, 7, index);
}
// Combine the new and old hash values.
for (index = 0; index < 8; ++index)
h[index] ^= (v[index] ^ v[index + 8]);
}
private static long rightRotate32(long v)
{
return v << 32 | (v >>> 32);
}
private static long rightRotate24(long v)
{
return v << 40 | (v >>> 24);
}
private static long rightRotate16(long v)
{
return v << 48 | (v >>> 16);
}
private static long rightRotate63(long v)
{
return v << 1 | (v >>> 63);
}
private void quarterRound(int a, int b, int c, int d, int i, int row)
{
v[a] += v[b] + m[sigma[row][2 * i]];
v[d] = rightRotate32(v[d] ^ v[a]);
v[c] += v[d];
v[b] = rightRotate24(v[b] ^ v[c]);
v[a] += v[b] + m[sigma[row][2 * i + 1]];
v[d] = rightRotate16(v[d] ^ v[a]);
v[c] += v[d];
v[b] = rightRotate63(v[b] ^ v[c]);
}
@Override
public void destroy() {
Arrays.fill(h, (long)0);
Arrays.fill(block, (byte)0);
Arrays.fill(m, (long)0);
Arrays.fill(v, (long)0);
}
}

233
src/main/java/com/southernstorm/noise/crypto/Blake2sMessageDigest.java
View File

@ -1,233 +0,0 @@
/*
* Copyright (C) 2016 Southern Storm Software, Pty Ltd.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
package com.southernstorm.noise.crypto;
import java.security.DigestException;
import java.security.MessageDigest;
import java.util.Arrays;
import com.southernstorm.noise.protocol.Destroyable;
/**
* Fallback implementation of BLAKE2s for the Noise library.
*
* This implementation only supports message digesting with an output
* length of 32 bytes. Keyed hashing and variable-length digests are
* not supported.
*/
public class Blake2sMessageDigest extends MessageDigest implements Destroyable {
private int[] h;
private byte[] block;
private int[] m;
private int[] v;
private long length;
private int posn;
/**
* Constructs a new BLAKE2s message digest object.
*/
public Blake2sMessageDigest() {
super("BLAKE2S-256");
h = new int [8];
block = new byte [64];
m = new int [16];
v = new int [16];
engineReset();
}
@Override
protected byte[] engineDigest() {
byte[] digest = new byte [32];
try {
engineDigest(digest, 0, 32);
} catch (DigestException e) {
// Shouldn't happen, but just in case.
Arrays.fill(digest, (byte)0);
}
return digest;
}
@Override
protected int engineDigest(byte[] buf, int offset, int len) throws DigestException
{
if (len < 32)
throw new DigestException("Invalid digest length for BLAKE2s");
Arrays.fill(block, posn, 64, (byte)0);
transform(-1);
for (int index = 0; index < 8; ++index) {
int value = h[index];
buf[offset++] = (byte)value;
buf[offset++] = (byte)(value >> 8);
buf[offset++] = (byte)(value >> 16);
buf[offset++] = (byte)(value >> 24);
}
return 32;
}
@Override
protected int engineGetDigestLength() {
return 32;
}
@Override
protected void engineReset() {
h[0] = 0x6A09E667 ^ 0x01010020;
h[1] = 0xBB67AE85;
h[2] = 0x3C6EF372;
h[3] = 0xA54FF53A;
h[4] = 0x510E527F;
h[5] = 0x9B05688C;
h[6] = 0x1F83D9AB;
h[7] = 0x5BE0CD19;
length = 0;
posn = 0;
}
@Override
protected void engineUpdate(byte input) {
if (posn >= 64) {
transform(0);
posn = 0;
}
block[posn++] = input;
++length;
}
@Override
protected void engineUpdate(byte[] input, int offset, int len) {
while (len > 0) {
if (posn >= 64) {
transform(0);
posn = 0;
}
int temp = (64 - posn);
if (temp > len)
temp = len;
System.arraycopy(input, offset, block, posn, temp);
posn += temp;
length += temp;
offset += temp;
len -= temp;
}
}
// Permutation on the message input state for BLAKE2s.
static final byte[][] sigma = {
{ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15},
{14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3},
{11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4},
{ 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8},
{ 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13},
{ 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9},
{12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11},
{13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10},
{ 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5},
{10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0}
};
private void transform(int f0)
{
int index;
int offset;
// Unpack the input block from little-endian into host-endian.
for (index = 0, offset = 0; index < 16; ++index, offset += 4) {
m[index] = (block[offset] & 0xFF) |
((block[offset + 1] & 0xFF) << 8) |
((block[offset + 2] & 0xFF) << 16) |
((block[offset + 3] & 0xFF) << 24);
}
// Format the block to be hashed.
for (index = 0; index < 8; ++index)
v[index] = h[index];
v[8] = 0x6A09E667;
v[9] = 0xBB67AE85;
v[10] = 0x3C6EF372;
v[11] = 0xA54FF53A;
v[12] = 0x510E527F ^ (int)length;
v[13] = 0x9B05688C ^ (int)(length >> 32);
v[14] = 0x1F83D9AB ^ f0;
v[15] = 0x5BE0CD19;
// Perform the 10 BLAKE2s rounds.
for (index = 0; index < 10; ++index) {
// Column round.
quarterRound(0, 4, 8, 12, 0, index);
quarterRound(1, 5, 9, 13, 1, index);
quarterRound(2, 6, 10, 14, 2, index);
quarterRound(3, 7, 11, 15, 3, index);
// Diagonal round.
quarterRound(0, 5, 10, 15, 4, index);
quarterRound(1, 6, 11, 12, 5, index);
quarterRound(2, 7, 8, 13, 6, index);
quarterRound(3, 4, 9, 14, 7, index);
}
// Combine the new and old hash values.
for (index = 0; index < 8; ++index)
h[index] ^= (v[index] ^ v[index + 8]);
}
private static int rightRotate16(int v)
{
return v << 16 | (v >>> 16);
}
private static int rightRotate12(int v)
{
return v << 20 | (v >>> 12);
}
private static int rightRotate8(int v)
{
return v << 24 | (v >>> 8);
}
private static int rightRotate7(int v)
{
return v << 25 | (v >>> 7);
}
private void quarterRound(int a, int b, int c, int d, int i, int row)
{
v[a] += v[b] + m[sigma[row][2 * i]];
v[d] = rightRotate16(v[d] ^ v[a]);
v[c] += v[d];
v[b] = rightRotate12(v[b] ^ v[c]);
v[a] += v[b] + m[sigma[row][2 * i + 1]];
v[d] = rightRotate8(v[d] ^ v[a]);
v[c] += v[d];
v[b] = rightRotate7(v[b] ^ v[c]);
}
@Override
public void destroy() {
Arrays.fill(h, (int)0);
Arrays.fill(block, (byte)0);
Arrays.fill(m, (int)0);
Arrays.fill(v, (int)0);
}
}

200
src/main/java/com/southernstorm/noise/crypto/ChaChaCore.java
View File

@ -1,200 +0,0 @@
/*
* Copyright (C) 2016 Southern Storm Software, Pty Ltd.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
package com.southernstorm.noise.crypto;
/**
* Implementation of the ChaCha20 core hash transformation.
*/
public final class ChaChaCore {
private ChaChaCore() {}
/**
* Hashes an input block with ChaCha20.
*
* @param output The output block, which must contain at least 16
* elements and must not overlap with the input.
* @param input The input block, which must contain at least 16
* elements.
*/
public static void hash(int[] output, int[] input)
{
int index;
// Copy the input to the output to start with.
for (index = 0; index < 16; ++index)
output[index] = input[index];
// Perform the 20 ChaCha rounds in groups of two.
for (index = 0; index < 20; index += 2) {
// Column round.
quarterRound(output, 0, 4, 8, 12);
quarterRound(output, 1, 5, 9, 13);
quarterRound(output, 2, 6, 10, 14);
quarterRound(output, 3, 7, 11, 15);
// Diagonal round.
quarterRound(output, 0, 5, 10, 15);
quarterRound(output, 1, 6, 11, 12);
quarterRound(output, 2, 7, 8, 13);
quarterRound(output, 3, 4, 9, 14);
}
// Add the input block to the output.
for (index = 0; index < 16; ++index)
output[index] += input[index];
}
private static int char4(char c1, char c2, char c3, char c4)
{
return (((int)c1) & 0xFF) | ((((int)c2) & 0xFF) << 8) | ((((int)c3) & 0xFF) << 16) | ((((int)c4) & 0xFF) << 24);
}
private static int fromLittleEndian(byte[] key, int offset)
{
return (key[offset] & 0xFF) | ((key[offset + 1] & 0xFF) << 8) | ((key[offset + 2] & 0xFF) << 16) | ((key[offset + 3] & 0xFF) << 24);
}
/**
* Initializes a ChaCha20 block with a 128-bit key.
*
* @param output The output block, which must consist of at
* least 16 words.
* @param key The buffer containing the key.
* @param offset Offset of the key in the buffer.
*/
public static void initKey128(int[] output, byte[] key, int offset)
{
output[0] = char4('e', 'x', 'p', 'a');
output[1] = char4('n', 'd', ' ', '1');
output[2] = char4('6', '-', 'b', 'y');
output[3] = char4('t', 'e', ' ', 'k');
output[4] = fromLittleEndian(key, offset);
output[5] = fromLittleEndian(key, offset + 4);
output[6] = fromLittleEndian(key, offset + 8);
output[7] = fromLittleEndian(key, offset + 12);
output[8] = output[4];
output[9] = output[5];
output[10] = output[6];
output[11] = output[7];
output[12] = 0;
output[13] = 0;
output[14] = 0;
output[15] = 0;
}
/**
* Initializes a ChaCha20 block with a 256-bit key.
*
* @param output The output block, which must consist of at
* least 16 words.
* @param key The buffer containing the key.
* @param offset Offset of the key in the buffer.
*/
public static void initKey256(int[] output, byte[] key, int offset)
{
output[0] = char4('e', 'x', 'p', 'a');
output[1] = char4('n', 'd', ' ', '3');
output[2] = char4('2', '-', 'b', 'y');
output[3] = char4('t', 'e', ' ', 'k');
output[4] = fromLittleEndian(key, offset);
output[5] = fromLittleEndian(key, offset + 4);
output[6] = fromLittleEndian(key, offset + 8);
output[7] = fromLittleEndian(key, offset + 12);
output[8] = fromLittleEndian(key, offset + 16);
output[9] = fromLittleEndian(key, offset + 20);
output[10] = fromLittleEndian(key, offset + 24);
output[11] = fromLittleEndian(key, offset + 28);
output[12] = 0;
output[13] = 0;
output[14] = 0;
output[15] = 0;
}
/**
* Initializes the 64-bit initialization vector in a ChaCha20 block.
*
* @param output The output block, which must consist of at
* least 16 words and must have been initialized by initKey256()
* or initKey128().
* @param iv The 64-bit initialization vector value.
*
* The counter portion of the output block is set to zero.
*/
public static void initIV(int[] output, long iv)
{
output[12] = 0;
output[13] = 0;
output[14] = (int)iv;
output[15] = (int)(iv >> 32);
}
/**
* Initializes the 64-bit initialization vector and counter in a ChaCha20 block.
*
* @param output The output block, which must consist of at
* least 16 words and must have been initialized by initKey256()
* or initKey128().
* @param iv The 64-bit initialization vector value.
* @param counter The 64-bit counter value.
*/
public static void initIV(int[] output, long iv, long counter)
{
output[12] = (int)counter;
output[13] = (int)(counter >> 32);
output[14] = (int)iv;
output[15] = (int)(iv >> 32);
}
private static int leftRotate16(int v)
{
return v << 16 | (v >>> 16);
}
private static int leftRotate12(int v)
{
return v << 12 | (v >>> 20);
}
private static int leftRotate8(int v)
{
return v << 8 | (v >>> 24);
}
private static int leftRotate7(int v)
{
return v << 7 | (v >>> 25);
}
private static void quarterRound(int[] v, int a, int b, int c, int d)
{
v[a] += v[b];
v[d] = leftRotate16(v[d] ^ v[a]);
v[c] += v[d];
v[b] = leftRotate12(v[b] ^ v[c]);
v[a] += v[b];
v[d] = leftRotate8(v[d] ^ v[a]);
v[c] += v[d];
v[b] = leftRotate7(v[b] ^ v[c]);
}
}

531
src/main/java/com/southernstorm/noise/crypto/Curve25519.java
View File

@ -1,531 +0,0 @@
/*
* Copyright (C) 2016 Southern Storm Software, Pty Ltd.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
package com.southernstorm.noise.crypto;
import java.util.Arrays;
/**
* Implementation of the Curve25519 elliptic curve algorithm.
*
* This implementation is based on that from arduinolibs:
* https://github.com/rweather/arduinolibs
*
* Differences in this version are due to using 26-bit limbs for the
* representation instead of the 8/16/32-bit limbs in the original.
*
* References: http://cr.yp.to/ecdh.html, RFC 7748
*/
public final class Curve25519 {
// Numbers modulo 2^255 - 19 are broken up into ten 26-bit words.
private static final int NUM_LIMBS_255BIT = 10;
private static final int NUM_LIMBS_510BIT = 20;
private int[] x_1;
private int[] x_2;
private int[] x_3;
private int[] z_2;
private int[] z_3;
private int[] A;
private int[] B;
private int[] C;
private int[] D;
private int[] E;
private int[] AA;
private int[] BB;
private int[] DA;
private int[] CB;
private long[] t1;
private int[] t2;
/**
* Constructs the temporary state holder for Curve25519 evaluation.
*/
private Curve25519()
{
// Allocate memory for all of the temporary variables we will need.
x_1 = new int [NUM_LIMBS_255BIT];
x_2 = new int [NUM_LIMBS_255BIT];
x_3 = new int [NUM_LIMBS_255BIT];
z_2 = new int [NUM_LIMBS_255BIT];
z_3 = new int [NUM_LIMBS_255BIT];
A = new int [NUM_LIMBS_255BIT];
B = new int [NUM_LIMBS_255BIT];
C = new int [NUM_LIMBS_255BIT];
D = new int [NUM_LIMBS_255BIT];
E = new int [NUM_LIMBS_255BIT];
AA = new int [NUM_LIMBS_255BIT];
BB = new int [NUM_LIMBS_255BIT];
DA = new int [NUM_LIMBS_255BIT];
CB = new int [NUM_LIMBS_255BIT];
t1 = new long [NUM_LIMBS_510BIT];
t2 = new int [NUM_LIMBS_510BIT];
}
/**
* Destroy all sensitive data in this object.
*/
private void destroy() {
// Destroy all temporary variables.
Arrays.fill(x_1, 0);
Arrays.fill(x_2, 0);
Arrays.fill(x_3, 0);
Arrays.fill(z_2, 0);
Arrays.fill(z_3, 0);
Arrays.fill(A, 0);
Arrays.fill(B, 0);
Arrays.fill(C, 0);
Arrays.fill(D, 0);
Arrays.fill(E, 0);
Arrays.fill(AA, 0);
Arrays.fill(BB, 0);
Arrays.fill(DA, 0);
Arrays.fill(CB, 0);
Arrays.fill(t1, 0L);
Arrays.fill(t2, 0);
}
/**
* Reduces a number modulo 2^255 - 19 where it is known that the
* number can be reduced with only 1 trial subtraction.
*
* @param x The number to reduce, and the result.
*/
private void reduceQuick(int[] x)
{
int index, carry;
// Perform a trial subtraction of (2^255 - 19) from "x" which is
// equivalent to adding 19 and subtracting 2^255. We add 19 here;
// the subtraction of 2^255 occurs in the next step.
carry = 19;
for (index = 0; index < NUM_LIMBS_255BIT; ++index) {
carry += x[index];
t2[index] = carry & 0x03FFFFFF;
carry >>= 26;
}
// If there was a borrow, then the original "x" is the correct answer.
// If there was no borrow, then "t2" is the correct answer. Select the
// correct answer but do it in a way that instruction timing will not
// reveal which value was selected. Borrow will occur if bit 21 of
// "t2" is zero. Turn the bit into a selection mask.
int mask = -((t2[NUM_LIMBS_255BIT - 1] >> 21) & 0x01);
int nmask = ~mask;
t2[NUM_LIMBS_255BIT - 1] &= 0x001FFFFF;
for (index = 0; index < NUM_LIMBS_255BIT; ++index)
x[index] = (x[index] & nmask) | (t2[index] & mask);
}
/**
* Reduce a number modulo 2^255 - 19.
*
* @param result The result.
* @param x The value to be reduced. This array will be
* modified during the reduction.
* @param size The number of limbs in the high order half of x.
*/
private void reduce(int[] result, int[] x, int size)
{
int index, limb, carry;
// Calculate (x mod 2^255) + ((x / 2^255) * 19) which will
// either produce the answer we want or it will produce a
// value of the form "answer + j * (2^255 - 19)". There are
// 5 left-over bits in the top-most limb of the bottom half.
carry = 0;
limb = x[NUM_LIMBS_255BIT - 1] >> 21;
x[NUM_LIMBS_255BIT - 1] &= 0x001FFFFF;
for (index = 0; index < size; ++index) {
limb += x[NUM_LIMBS_255BIT + index] << 5;
carry += (limb & 0x03FFFFFF) * 19 + x[index];
x[index] = carry & 0x03FFFFFF;
limb >>= 26;
carry >>= 26;
}
if (size < NUM_LIMBS_255BIT) {
// The high order half of the number is short; e.g. for mulA24().
// Propagate the carry through the rest of the low order part.
for (index = size; index < NUM_LIMBS_255BIT; ++index) {
carry += x[index];
x[index] = carry & 0x03FFFFFF;
carry >>= 26;
}
}
// The "j" value may still be too large due to the final carry-out.
// We must repeat the reduction. If we already have the answer,
// then this won't do any harm but we must still do the calculation
// to preserve the overall timing. The "j" value will be between
// 0 and 19, which means that the carry we care about is in the
// top 5 bits of the highest limb of the bottom half.
carry = (x[NUM_LIMBS_255BIT - 1] >> 21) * 19;
x[NUM_LIMBS_255BIT - 1] &= 0x001FFFFF;
for (index = 0; index < NUM_LIMBS_255BIT; ++index) {
carry += x[index];
result[index] = carry & 0x03FFFFFF;
carry >>= 26;
}
// At this point "x" will either be the answer or it will be the
// answer plus (2^255 - 19). Perform a trial subtraction to
// complete the reduction process.
reduceQuick(result);
}
/**
* Multiplies two numbers modulo 2^255 - 19.
*
* @param result The result.
* @param x The first number to multiply.
* @param y The second number to multiply.
*/
private void mul(int[] result, int[] x, int[] y)
{
int i, j;
// Multiply the two numbers to create the intermediate result.
long v = x[0];
for (i = 0; i < NUM_LIMBS_255BIT; ++i) {
t1[i] = v * y[i];
}
for (i = 1; i < NUM_LIMBS_255BIT; ++i) {
v = x[i];
for (j = 0; j < (NUM_LIMBS_255BIT - 1); ++j) {
t1[i + j] += v * y[j];
}
t1[i + NUM_LIMBS_255BIT - 1] = v * y[NUM_LIMBS_255BIT - 1];
}
// Propagate carries and convert back into 26-bit words.
v = t1[0];
t2[0] = ((int)v) & 0x03FFFFFF;
for (i = 1; i < NUM_LIMBS_510BIT; ++i) {
v = (v >> 26) + t1[i];
t2[i] = ((int)v) & 0x03FFFFFF;
}
// Reduce the result modulo 2^255 - 19.
reduce(result, t2, NUM_LIMBS_255BIT);
}
/**
* Squares a number modulo 2^255 - 19.
*
* @param result The result.
* @param x The number to square.
*/
private void square(int[] result, int[] x)
{
mul(result, x, x);
}
/**
* Multiplies a number by the a24 constant, modulo 2^255 - 19.
*
* @param result The result.
* @param x The number to multiply by a24.
*/
private void mulA24(int[] result, int[] x)
{
long a24 = 121665;
long carry = 0;
int index;
for (index = 0; index < NUM_LIMBS_255BIT; ++index) {
carry += a24 * x[index];
t2[index] = ((int)carry) & 0x03FFFFFF;
carry >>= 26;
}
t2[NUM_LIMBS_255BIT] = ((int)carry) & 0x03FFFFFF;
reduce(result, t2, 1);
}
/**
* Adds two numbers modulo 2^255 - 19.
*
* @param result The result.
* @param x The first number to add.
* @param y The second number to add.
*/
private void add(int[] result, int[] x, int[] y)
{
int index, carry;
carry = x[0] + y[0];
result[0] = carry & 0x03FFFFFF;
for (index = 1; index < NUM_LIMBS_255BIT; ++index) {
carry = (carry >> 26) + x[index] + y[index];
result[index] = carry & 0x03FFFFFF;
}
reduceQuick(result);
}
/**
* Subtracts two numbers modulo 2^255 - 19.
*
* @param result The result.
* @param x The first number to subtract.
* @param y The second number to subtract.
*/
private void sub(int[] result, int[] x, int[] y)
{
int index, borrow;
// Subtract y from x to generate the intermediate result.
borrow = 0;
for (index = 0; index < NUM_LIMBS_255BIT; ++index) {
borrow = x[index] - y[index] - ((borrow >> 26) & 0x01);
result[index] = borrow & 0x03FFFFFF;
}
// If we had a borrow, then the result has gone negative and we
// have to add 2^255 - 19 to the result to make it positive again.
// The top bits of "borrow" will be all 1's if there is a borrow
// or it will be all 0's if there was no borrow. Easiest is to
// conditionally subtract 19 and then mask off the high bits.
borrow = result[0] - ((-((borrow >> 26) & 0x01)) & 19);
result[0] = borrow & 0x03FFFFFF;
for (index = 1; index < NUM_LIMBS_255BIT; ++index) {
borrow = result[index] - ((borrow >> 26) & 0x01);
result[index] = borrow & 0x03FFFFFF;
}
result[NUM_LIMBS_255BIT - 1] &= 0x001FFFFF;
}
/**
* Conditional swap of two values.
*
* @param select Set to 1 to swap, 0 to leave as-is.
* @param x The first value.
* @param y The second value.
*/
private static void cswap(int select, int[] x, int[] y)
{
int dummy;
select = -select;
for (int index = 0; index < NUM_LIMBS_255BIT; ++index) {
dummy = select & (x[index] ^ y[index]);
x[index] ^= dummy;
y[index] ^= dummy;
}
}
/**
* Raise x to the power of (2^250 - 1).
*
* @param result The result. Must not overlap with x.
* @param x The argument.
*/
private void pow250(int[] result, int[] x)
{
int i, j;
// The big-endian hexadecimal expansion of (2^250 - 1) is:
// 03FFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
//
// The naive implementation needs to do 2 multiplications per 1 bit and
// 1 multiplication per 0 bit. We can improve upon this by creating a
// pattern 0000000001 ... 0000000001. If we square and multiply the
// pattern by itself we can turn the pattern into the partial results
// 0000000011 ... 0000000011, 0000000111 ... 0000000111, etc.
// This averages out to about 1.1 multiplications per 1 bit instead of 2.
// Build a pattern of 250 bits in length of repeated copies of 0000000001.
square(A, x);
for (j = 0; j < 9; ++j)
square(A, A);
mul(result, A, x);
for (i = 0; i < 23; ++i) {
for (j = 0; j < 10; ++j)
square(A, A);
mul(result, result, A);
}
// Multiply bit-shifted versions of the 0000000001 pattern into
// the result to "fill in" the gaps in the pattern.
square(A, result);
mul(result, result, A);
for (j = 0; j < 8; ++j) {
square(A, A);
mul(result, result, A);
}
}
/**
* Computes the reciprocal of a number modulo 2^255 - 19.
*
* @param result The result. Must not overlap with x.
* @param x The argument.
*/
private void recip(int[] result, int[] x)
{
// The reciprocal is the same as x ^ (p - 2) where p = 2^255 - 19.
// The big-endian hexadecimal expansion of (p - 2) is:
// 7FFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFEB
// Start with the 250 upper bits of the expansion of (p - 2).
pow250(result, x);
// Deal with the 5 lowest bits of (p - 2), 01011, from highest to lowest.
square(result, result);
square(result, result);
mul(result, result, x);
square(result, result);
square(result, result);
mul(result, result, x);
square(result, result);
mul(result, result, x);
}
/**
* Evaluates the curve for every bit in a secret key.
*
* @param s The 32-byte secret key.
*/
private void evalCurve(byte[] s)
{
int sposn = 31;
int sbit = 6;
int svalue = s[sposn] | 0x40;
int swap = 0;
int select;
// Iterate over all 255 bits of "s" from the highest to the lowest.
// We ignore the high bit of the 256-bit representation of "s".
for (;;) {
// Conditional swaps on entry to this bit but only if we
// didn't swap on the previous bit.
select = (svalue >> sbit) & 0x01;
swap ^= select;
cswap(swap, x_2, x_3);
cswap(swap, z_2, z_3);
swap = select;
// Evaluate the curve.
add(A, x_2, z_2); // A = x_2 + z_2
square(AA, A); // AA = A^2
sub(B, x_2, z_2); // B = x_2 - z_2
square(BB, B); // BB = B^2
sub(E, AA, BB); // E = AA - BB
add(C, x_3, z_3); // C = x_3 + z_3
sub(D, x_3, z_3); // D = x_3 - z_3
mul(DA, D, A); // DA = D * A
mul(CB, C, B); // CB = C * B
add(x_3, DA, CB); // x_3 = (DA + CB)^2
square(x_3, x_3);
sub(z_3, DA, CB); // z_3 = x_1 * (DA - CB)^2
square(z_3, z_3);
mul(z_3, z_3, x_1);
mul(x_2, AA, BB); // x_2 = AA * BB
mulA24(z_2, E); // z_2 = E * (AA + a24 * E)
add(z_2, z_2, AA);
mul(z_2, z_2, E);
// Move onto the next lower bit of "s".
if (sbit > 0) {
--sbit;
} else if (sposn == 0) {
break;
} else if (sposn == 1) {
--sposn;
svalue = s[sposn] & 0xF8;
sbit = 7;
} else {
--sposn;
svalue = s[sposn];
sbit = 7;
}
}
// Final conditional swaps.
cswap(swap, x_2, x_3);
cswap(swap, z_2, z_3);
}
/**
* Evaluates the Curve25519 curve.
*
* @param result Buffer to place the result of the evaluation into.
* @param offset Offset into the result buffer.
* @param privateKey The private key to use in the evaluation.
* @param publicKey The public key to use in the evaluation, or null
* if the base point of the curve should be used.
*/
public static void eval(byte[] result, int offset, byte[] privateKey, byte[] publicKey)
{
Curve25519 state = new Curve25519();
try {
// Unpack the public key value. If null, use 9 as the base point.
Arrays.fill(state.x_1, 0);
if (publicKey != null) {
// Convert the input value from little-endian into 26-bit limbs.
for (int index = 0; index < 32; ++index) {
int bit = (index * 8) % 26;
int word = (index * 8) / 26;
int value = publicKey[index] & 0xFF;
if (bit <= (26 - 8)) {
state.x_1[word] |= value << bit;
} else {
state.x_1[word] |= value << bit;
state.x_1[word] &= 0x03FFFFFF;
state.x_1[word + 1] |= value >> (26 - bit);
}
}
// Just in case, we reduce the number modulo 2^255 - 19 to
// make sure that it is in range of the field before we start.
// This eliminates values between 2^255 - 19 and 2^256 - 1.
state.reduceQuick(state.x_1);
state.reduceQuick(state.x_1);
} else {
state.x_1[0] = 9;
}
// Initialize the other temporary variables.
Arrays.fill(state.x_2, 0); // x_2 = 1
state.x_2[0] = 1;
Arrays.fill(state.z_2, 0); // z_2 = 0
System.arraycopy(state.x_1, 0, state.x_3, 0, state.x_1.length); // x_3 = x_1
Arrays.fill(state.z_3, 0); // z_3 = 1
state.z_3[0] = 1;
// Evaluate the curve for every bit of the private key.
state.evalCurve(privateKey);
// Compute x_2 * (z_2 ^ (p - 2)) where p = 2^255 - 19.
state.recip(state.z_3, state.z_2);
state.mul(state.x_2, state.x_2, state.z_3);
// Convert x_2 into little-endian in the result buffer.
for (int index = 0; index < 32; ++index) {
int bit = (index * 8) % 26;
int word = (index * 8) / 26;
if (bit <= (26 - 8))
result[offset + index] = (byte)(state.x_2[word] >> bit);
else
result[offset + index] = (byte)((state.x_2[word] >> bit) | (state.x_2[word + 1] << (26 - bit)));
}
} finally {
// Clean up all temporary state before we exit.
state.destroy();
}
}
}

622
src/main/java/com/southernstorm/noise/crypto/Curve448.java
View File

@ -1,622 +0,0 @@
/*
* Copyright (C) 2016 Southern Storm Software, Pty Ltd.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
/*
Portions of this code were extracted from the p448/arch_32 field
arithmetic implementation in Ed448-Goldilocks and converted from
C into Java. The LICENSE.txt file for the imported code follows:
----
The MIT License (MIT)
Copyright (c) 2011 Stanford University.
Copyright (c) 2014 Cryptography Research, Inc.
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
----
*/
package com.southernstorm.noise.crypto;
import java.util.Arrays;
/**
* Implementation of the Curve448 elliptic curve algorithm.
*
* Reference: RFC 7748
*/
public final class Curve448 {
// Numbers modulo 2^448 - 2^224 - 1 are broken up into sixteen 28-bit words.
private int[] x_1;
private int[] x_2;
private int[] x_3;
private int[] z_2;
private int[] z_3;
private int[] A;
private int[] B;
private int[] C;
private int[] D;
private int[] E;
private int[] AA;
private int[] BB;
private int[] DA;
private int[] CB;
private int[] aa;
private int[] bb;
/**
* Constructs the temporary state holder for Curve448 evaluation.
*/
private Curve448()
{
// Allocate memory for all of the temporary variables we will need.
x_1 = new int [16];
x_2 = new int [16];
x_3 = new int [16];
z_2 = new int [16];
z_3 = new int [16];
A = new int [16];
B = new int [16];
C = new int [16];
D = new int [16];
E = new int [16];
AA = new int [16];
BB = new int [16];
DA = new int [16];
CB = new int [16];
aa = new int [8];
bb = new int [8];
}
/**
* Destroy all sensitive data in this object.
*/
private void destroy() {
// Destroy all temporary variables.
Arrays.fill(x_1, 0);
Arrays.fill(x_2, 0);
Arrays.fill(x_3, 0);
Arrays.fill(z_2, 0);
Arrays.fill(z_3, 0);
Arrays.fill(A, 0);
Arrays.fill(B, 0);
Arrays.fill(C, 0);
Arrays.fill(D, 0);
Arrays.fill(E, 0);
Arrays.fill(AA, 0);
Arrays.fill(BB, 0);
Arrays.fill(DA, 0);
Arrays.fill(CB, 0);
Arrays.fill(aa, 0);
Arrays.fill(bb, 0);
}
/* Beginning of code imported from Ed448-Goldilocks */
private static long widemul_32(int a, int b)
{
return ((long)a) * b;
}
// p448_mul()
private void mul(int[] c, int[] a, int[] b)
{
long accum0 = 0, accum1 = 0, accum2 = 0;
int mask = (1<<28) - 1;
int i,j;
for (i=0; i<8; i++) {
aa[i] = a[i] + a[i+8];
bb[i] = b[i] + b[i+8];
}
for (j=0; j<8; j++) {
accum2 = 0;
for (i=0; i<=j; i++) {
accum2 += widemul_32(a[j-i],b[i]);
accum1 += widemul_32(aa[j-i],bb[i]);
accum0 += widemul_32(a[8+j-i], b[8+i]);
}
accum1 -= accum2;
accum0 += accum2;
accum2 = 0;
for (; i<8; i++) {
accum0 -= widemul_32(a[8+j-i], b[i]);
accum2 += widemul_32(aa[8+j-i], bb[i]);
accum1 += widemul_32(a[16+j-i], b[8+i]);
}
accum1 += accum2;
accum0 += accum2;
c[j] = ((int)(accum0)) & mask;
c[j+8] = ((int)(accum1)) & mask;
accum0 >>>= 28;
accum1 >>>= 28;
}
accum0 += accum1;
accum0 += c[8];
accum1 += c[0];
c[8] = ((int)(accum0)) & mask;
c[0] = ((int)(accum1)) & mask;
accum0 >>>= 28;
accum1 >>>= 28;
c[9] += ((int)(accum0));
c[1] += ((int)(accum1));
}
// p448_mulw()
private static void mulw(int[] c, int[] a, long b)
{
int bhi = (int)(b>>28), blo = ((int)b) & ((1<<28)-1);
long accum0, accum8;
int mask = (1<<28) - 1;
int i;
accum0 = widemul_32(blo, a[0]);
accum8 = widemul_32(blo, a[8]);
accum0 += widemul_32(bhi, a[15]);
accum8 += widemul_32(bhi, a[15] + a[7]);
c[0] = ((int)accum0) & mask; accum0 >>>= 28;
c[8] = ((int)accum8) & mask; accum8 >>>= 28;
for (i=1; i<8; i++) {
accum0 += widemul_32(blo, a[i]);
accum8 += widemul_32(blo, a[i+8]);
accum0 += widemul_32(bhi, a[i-1]);
accum8 += widemul_32(bhi, a[i+7]);
c[i] = ((int)accum0) & mask; accum0 >>>= 28;
c[i+8] = ((int)accum8) & mask; accum8 >>>= 28;
}
accum0 += accum8 + c[8];
c[8] = ((int)accum0) & mask;
c[9] += accum0 >>> 28;
accum8 += c[0];
c[0] = ((int)accum8) & mask;
c[1] += accum8 >>> 28;
}
// p448_weak_reduce
private static void weak_reduce(int[] a)
{
int mask = (1<<28) - 1;
int tmp = a[15] >>> 28;
int i;
a[8] += tmp;
for (i=15; i>0; i--) {
a[i] = (a[i] & mask) + (a[i-1]>>>28);
}
a[0] = (a[0] & mask) + tmp;
}
// p448_strong_reduce
private static void strong_reduce(int[] a)
{
int mask = (1<<28) - 1;
/* first, clear high */
a[8] += a[15]>>>28;
a[0] += a[15]>>>28;
a[15] &= mask;
/* now the total is less than 2^448 - 2^(448-56) + 2^(448-56+8) < 2p */
/* compute total_value - p. No need to reduce mod p. */
long scarry = 0;
int i;
for (i=0; i<16; i++) {
scarry = scarry + (a[i] & 0xFFFFFFFFL) - ((i==8)?mask-1:mask);
a[i] = (int)(scarry & mask);
scarry >>= 28;
}
/* uncommon case: it was >= p, so now scarry = 0 and this = x
* common case: it was < p, so now scarry = -1 and this = x - p + 2^448
* so let's add back in p. will carry back off the top for 2^448.
*/
int scarry_mask = (int)(scarry & mask);
long carry = 0;
/* add it back */
for (i=0; i<16; i++) {
carry = carry + (a[i] & 0xFFFFFFFFL) + ((i==8)?(scarry_mask&~1):scarry_mask);
a[i] = (int)(carry & mask);
carry >>>= 28;
}
}
// field_add()
private static void add(int[] out, int[] a, int[] b)
{
for (int i = 0; i < 16; ++i)
out[i] = a[i] + b[i];
weak_reduce(out);
}
// field_sub()
private static void sub(int[] out, int[] a, int[] b)
{
int i;
// p448_sub_RAW(out, a, b)
for (i = 0; i < 16; ++i)
out[i] = a[i] - b[i];
// p448_bias(out, 2)
int co1 = ((1 << 28) - 1) * 2;
int co2 = co1 - 2;
for (i = 0; i < 16; ++i) {
if (i != 8)
out[i] += co1;
else
out[i] += co2;
}
weak_reduce(out);
}
// p448_serialize()
private static void serialize(byte[] serial, int offset, int[] x)
{
int i,j;
for (i=0; i<8; i++) {
long limb = x[2*i] + (((long)x[2*i+1])<<28);
for (j=0; j<7; j++) {
serial[offset+7*i+j] = (byte)limb;
limb >>= 8;
}
}
}
private static int is_zero(int x)
{
long xx = x & 0xFFFFFFFFL;
xx--;
return (int)(xx >> 32);
}
// p448_deserialize()
private static int deserialize(int[] x, byte[] serial, int offset)
{
int i,j;
for (i=0; i<8; i++) {
long out = 0;
for (j=0; j<7; j++) {
out |= (serial[offset+7*i+j] & 0xFFL)<<(8*j);
}
x[2*i] = ((int)out) & ((1<<28)-1);
x[2*i+1] = (int)(out >>> 28);
}
/* Check for reduction.
*
* The idea is to create a variable ge which is all ones (rather, 56 ones)
* if and only if the low $i$ words of $x$ are >= those of p.
*
* Remember p = little_endian(1111,1111,1111,1111,1110,1111,1111,1111)
*/
int ge = -1, mask = (1<<28)-1;
for (i=0; i<8; i++) {
ge &= x[i];
}
/* At this point, ge = 1111 iff bottom are all 1111. Now propagate if 1110, or set if 1111 */
ge = (ge & (x[8] + 1)) | is_zero(x[8] ^ mask);
/* Propagate the rest */
for (i=9; i<16; i++) {
ge &= x[i];
}
return ~is_zero(ge ^ mask);
}
/* End of code imported from Ed448-Goldilocks */
/**
* Squares a number modulo 2^448 - 2^224 - 1.
*
* @param result The result.
* @param x The number to square.
*/
private void square(int[] result, int[] x)
{
mul(result, x, x);
}
/**
* Conditional swap of two values.
*
* @param select Set to 1 to swap, 0 to leave as-is.
* @param x The first value.
* @param y The second value.
*/
private static void cswap(int select, int[] x, int[] y)
{
int dummy;
select = -select;
for (int index = 0; index < 16; ++index) {
dummy = select & (x[index] ^ y[index]);
x[index] ^= dummy;
y[index] ^= dummy;
}
}
/**
* Computes the reciprocal of a number modulo 2^448 - 2^224 - 1.
*
* @param result The result. Must not overlap with z_2.
* @param z_2 The argument.
*/
private void recip(int[] result, int[] z_2)
{
int posn;
/* Compute z_2 ^ (p - 2)
The value p - 2 is: FF...FEFF...FD, which from highest to lowest is
223 one bits, followed by a zero bit, followed by 222 one bits,
followed by another zero bit, and a final one bit.
The naive implementation that squares for every bit and multiplies
for every 1 bit requires 893 multiplications. The following can
do the same operation in 483 multiplications. The basic idea is to
create bit patterns and then "shift" them into position. We start
with a 4 bit pattern 1111, which we can square 4 times to get
11110000 and then multiply by the 1111 pattern to get 11111111.
We then repeat that to turn 11111111 into 1111111111111111, etc.
*/
square(B, z_2); /* Set A to a 4 bit pattern */
mul(A, B, z_2);
square(B, A);
mul(A, B, z_2);
square(B, A);
mul(A, B, z_2);
square(B, A); /* Set C to a 6 bit pattern */
mul(C, B, z_2);
square(B, C);
mul(C, B, z_2);
square(B, C); /* Set A to a 8 bit pattern */
mul(A, B, z_2);
square(B, A);
mul(A, B, z_2);
square(E, A); /* Set E to a 16 bit pattern */
square(B, E);
for (posn = 1; posn < 4; ++posn) {
square(E, B);
square(B, E);
}
mul(E, B, A);
square(AA, E); /* Set AA to a 32 bit pattern */
square(B, AA);
for (posn = 1; posn < 8; ++posn) {
square(AA, B);
square(B, AA);
}
mul(AA, B, E);
square(BB, AA); /* Set BB to a 64 bit pattern */
square(B, BB);
for (posn = 1; posn < 16; ++posn) {
square(BB, B);
square(B, BB);
}
mul(BB, B, AA);
square(DA, BB); /* Set DA to a 128 bit pattern */
square(B, DA);
for (posn = 1; posn < 32; ++posn) {
square(DA, B);
square(B, DA);
}
mul(DA, B, BB);
square(CB, DA); /* Set CB to a 192 bit pattern */
square(B, CB); /* 192 = 128 + 64 */
for (posn = 1; posn < 32; ++posn) {
square(CB, B);
square(B, CB);
}
mul(CB, B, BB);
square(DA, CB); /* Set DA to a 208 bit pattern */
square(B, DA); /* 208 = 128 + 64 + 16 */
for (posn = 1; posn < 8; ++posn) {
square(DA, B);
square(B, DA);
}
mul(DA, B, E);
square(CB, DA); /* Set CB to a 216 bit pattern */
square(B, CB); /* 216 = 128 + 64 + 16 + 8 */
for (posn = 1; posn < 4; ++posn) {
square(CB, B);
square(B, CB);
}
mul(CB, B, A);
square(DA, CB); /* Set DA to a 222 bit pattern */
square(B, DA); /* 222 = 128 + 64 + 16 + 8 + 6 */
for (posn = 1; posn < 3; ++posn) {
square(DA, B);
square(B, DA);
}
mul(DA, B, C);
square(CB, DA); /* Set CB to a 224 bit pattern */
mul(B, CB, z_2); /* CB = DA|1|0 */
square(CB, B);
square(BB, CB); /* Set BB to a 446 bit pattern */
square(B, BB); /* BB = DA|1|0|DA */
for (posn = 1; posn < 111; ++posn) {
square(BB, B);
square(B, BB);
}
mul(BB, B, DA);
square(B, BB); /* Set result to a 448 bit pattern */
square(BB, B); /* result = DA|1|0|DA|01 */
mul(result, BB, z_2);
}
/**
* Evaluates the curve for every bit in a secret key.
*
* @param s The 56-byte secret key.
*/
private void evalCurve(byte[] s)
{
int sposn = 55;
int sbit = 7;
int svalue = s[sposn] | 0x80;
int swap = 0;
int select;
// Iterate over all 448 bits of "s" from the highest to the lowest.
for (;;) {
// Conditional swaps on entry to this bit but only if we
// didn't swap on the previous bit.
select = (svalue >> sbit) & 0x01;
swap ^= select;
cswap(swap, x_2, x_3);
cswap(swap, z_2, z_3);
swap = select;
// Evaluate the curve.
add(A, x_2, z_2); // A = x_2 + z_2
square(AA, A); // AA = A^2
sub(B, x_2, z_2); // B = x_2 - z_2
square(BB, B); // BB = B^2
sub(E, AA, BB); // E = AA - BB
add(C, x_3, z_3); // C = x_3 + z_3
sub(D, x_3, z_3); // D = x_3 - z_3
mul(DA, D, A); // DA = D * A
mul(CB, C, B); // CB = C * B
add(z_2, DA, CB); // x_3 = (DA + CB)^2
square(x_3, z_2);
sub(z_2, DA, CB); // z_3 = x_1 * (DA - CB)^2
square(x_2, z_2);
mul(z_3, x_1, x_2);
mul(x_2, AA, BB); // x_2 = AA * BB
mulw(z_2, E, 39081); // z_2 = E * (AA + a24 * E)
add(A, AA, z_2);
mul(z_2, E, A);
// Move onto the next lower bit of "s".
if (sbit > 0) {
--sbit;
} else if (sposn == 0) {
break;
} else if (sposn == 1) {
--sposn;
svalue = s[sposn] & 0xFC;
sbit = 7;
} else {
--sposn;
svalue = s[sposn];
sbit = 7;
}
}
// Final conditional swaps.
cswap(swap, x_2, x_3);
cswap(swap, z_2, z_3);
}
/**
* Evaluates the Curve448 curve.
*
* @param result Buffer to place the result of the evaluation into.
* @param offset Offset into the result buffer.
* @param privateKey The private key to use in the evaluation.
* @param publicKey The public key to use in the evaluation, or null
* if the base point of the curve should be used.
* @return Returns true if the curve evaluation was successful,
* false if the publicKey value is out of range.
*/
public static boolean eval(byte[] result, int offset, byte[] privateKey, byte[] publicKey)
{
Curve448 state = new Curve448();
int success = -1;
try {
// Unpack the public key value. If null, use 5 as the base point.
Arrays.fill(state.x_1, 0);
if (publicKey != null) {
// Convert the input value from little-endian into 28-bit limbs.
// It is possible that the public key is out of range. If so,
// delay reporting that state until the function completes.
success = deserialize(state.x_1, publicKey, 0);
} else {
state.x_1[0] = 5;
}
// Initialize the other temporary variables.
Arrays.fill(state.x_2, 0); // x_2 = 1
state.x_2[0] = 1;
Arrays.fill(state.z_2, 0); // z_2 = 0
System.arraycopy(state.x_1, 0, state.x_3, 0, state.x_1.length); // x_3 = x_1
Arrays.fill(state.z_3, 0); // z_3 = 1
state.z_3[0] = 1;
// Evaluate the curve for every bit of the private key.
state.evalCurve(privateKey);
// Compute x_2 * (z_2 ^ (p - 2)) where p = 2^448 - 2^224 - 1.
state.recip(state.z_3, state.z_2);
state.mul(state.x_1, state.x_2, state.z_3);
// Convert x_2 into little-endian in the result buffer.
strong_reduce(state.x_1);
serialize(result, offset, state.x_1);
} finally {
// Clean up all temporary state before we exit.
state.destroy();
}
return (success & 0x01) != 0;
}
}

204
src/main/java/com/southernstorm/noise/crypto/GHASH.java
View File

@ -1,204 +0,0 @@
/*
* Copyright (C) 2016 Southern Storm Software, Pty Ltd.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
package com.southernstorm.noise.crypto;
import java.util.Arrays;
import com.southernstorm.noise.protocol.Destroyable;
/**
* Implementation of the GHASH primitive for GCM.
*/
public final class GHASH implements Destroyable {
private long[] H;
private byte[] Y;
int posn;
/**
* Constructs a new GHASH object.
*/
public GHASH()
{
H = new long [2];
Y = new byte [16];
posn = 0;
}
/**
* Resets this GHASH object with a new key.
*
* @param key The key, which must contain at least 16 bytes.
* @param offset The offset of the first key byte.
*/
public void reset(byte[] key, int offset)
{
H[0] = readBigEndian(key, offset);
H[1] = readBigEndian(key, offset + 8);
Arrays.fill(Y, (byte)0);
posn = 0;
}
/**
* Resets the GHASH object but retains the previous key.
*/
public void reset()
{
Arrays.fill(Y, (byte)0);
posn = 0;
}
/**
* Updates this GHASH object with more data.
*
* @param data Buffer containing the data.
* @param offset Offset of the first data byte in the buffer.
* @param length The number of bytes from the buffer to hash.
*/
public void update(byte[] data, int offset, int length)
{
while (length > 0) {
int size = 16 - posn;
if (size > length)
size = length;
for (int index = 0; index < size; ++index)
Y[posn + index] ^= data[offset + index];
posn += size;
length -= size;
offset += size;
if (posn == 16) {
GF128_mul(Y, H);
posn = 0;
}
}
}
/**
* Finishes the GHASH process and returns the tag.
*
* @param tag Buffer to receive the tag.
* @param offset Offset of the first byte of the tag.
* @param length The length of the tag, which must be less
* than or equal to 16.
*/
public void finish(byte[] tag, int offset, int length)
{
pad();
System.arraycopy(Y, 0, tag, offset, length);
}
/**
* Pads the input to a 16-byte boundary.
*/
public void pad()
{
if (posn != 0) {
// Padding involves XOR'ing the rest of state->Y with zeroes,
// which does nothing. Immediately process the next chunk.
GF128_mul(Y, H);
posn = 0;
}
}
/**
* Pads the input to a 16-byte boundary and then adds a block
* containing the AD and data lengths.
*
* @param adLen Length of the associated data in bytes.
* @param dataLen Length of the data in bytes.
*/
public void pad(long adLen, long dataLen)
{
byte[] temp = new byte [16];
try {
pad();
writeBigEndian(temp, 0, adLen * 8);
writeBigEndian(temp, 8, dataLen * 8);
update(temp, 0, 16);
} finally {
Arrays.fill(temp, (byte)0);
}
}
@Override
public void destroy() {
Arrays.fill(H, 0L);
Arrays.fill(Y, (byte)0);
}
private static long readBigEndian(byte[] buf, int offset)
{
return ((buf[offset] & 0xFFL) << 56) |
((buf[offset + 1] & 0xFFL) << 48) |
((buf[offset + 2] & 0xFFL) << 40) |
((buf[offset + 3] & 0xFFL) << 32) |
((buf[offset + 4] & 0xFFL) << 24) |
((buf[offset + 5] & 0xFFL) << 16) |
((buf[offset + 6] & 0xFFL) << 8) |
(buf[offset + 7] & 0xFFL);
}
private static void writeBigEndian(byte[] buf, int offset, long value)
{
buf[offset] = (byte)(value >> 56);
buf[offset + 1] = (byte)(value >> 48);
buf[offset + 2] = (byte)(value >> 40);
buf[offset + 3] = (byte)(value >> 32);
buf[offset + 4] = (byte)(value >> 24);
buf[offset + 5] = (byte)(value >> 16);
buf[offset + 6] = (byte)(value >> 8);
buf[offset + 7] = (byte)value;
}
private static void GF128_mul(byte[] Y, long[] H)
{
long Z0 = 0; // Z = 0
long Z1 = 0;
long V0 = H[0]; // V = H
long V1 = H[1];
// Multiply Z by V for the set bits in Y, starting at the top.
// This is a very simple bit by bit version that may not be very
// fast but it should be resistant to cache timing attacks.
for (int posn = 0; posn < 16; ++posn) {
int value = Y[posn] & 0xFF;
for (int bit = 7; bit >= 0; --bit) {
// Extract the high bit of "value" and turn it into a mask.
long mask = -((long)((value >> bit) & 0x01));
// XOR V with Z if the bit is 1.
Z0 ^= (V0 & mask);
Z1 ^= (V1 & mask);
// Rotate V right by 1 bit.
mask = ((~(V1 & 0x01)) + 1) & 0xE100000000000000L;
V1 = (V1 >>> 1) | (V0 << 63);
V0 = (V0 >>> 1) ^ mask;
}
}
// We have finished the block so copy Z into Y and byte-swap.
writeBigEndian(Y, 0, Z0);
writeBigEndian(Y, 8, Z1);
}
}

1605
src/main/java/com/southernstorm/noise/crypto/NewHope.java
View File

File diff suppressed because it is too large Load Diff

982
src/main/java/com/southernstorm/noise/crypto/NewHopeTor.java
View File

@ -1,982 +0,0 @@
/*
* Based on the public domain C reference code for New Hope.
* This Java version is also placed into the public domain.
*
* Original authors: Erdem Alkim, Léo Ducas, Thomas Pöppelmann, Peter Schwabe
* Java port: Rhys Weatherley
*/
package com.southernstorm.noise.crypto;
import java.util.Arrays;
/**
* New Hope key exchange algorithm, "torref" variant.
*
* This version of New Hope implements the alternative constant-time
* method for generating the public "a" value for anonymity networks
* like Tor. It is not binary-compatible with the standard New Hope
* implementation in the NewHope class.
*
* Reference: https://cryptojedi.org/papers/newhope-20160803.pdf
*
* @see NewHope
*/
public class NewHopeTor extends NewHope {
public NewHopeTor() {}
@Override
protected void uniform(char[] coeffs, byte[] seed)
{
long[] state = new long [25];
int nblocks=16;
byte[] buf = new byte [SHAKE128_RATE*nblocks];
char[] x = new char [buf.length / 2];
try {
shake128_absorb(state, seed, 0, SEEDBYTES);
do
{
shake128_squeezeblocks(buf, 0, nblocks, state);
for (int i = buf.length - 2; i >= 0; i -= 2)
{
x[i / 2] = (char)((buf[i] & 0xff) | ((buf[i+1] & 0xff) << 8));
}
}
while (discardtopoly(coeffs, x));
} finally {
Arrays.fill(state, 0);
Arrays.fill(buf, (byte)0);
Arrays.fill(x, (char)0);
}
}
private static boolean discardtopoly(char[] coeffs, char[] x)
{
int i, r=0;
for(i=0;i<16;i++)
batcher84(x, i);
// Check whether we're safe:
for(i=1008;i<1024;i++)
r |= 61444 - x[i];
if((r >>= 31) != 0) return true;
// If we are, copy coefficients to polynomial:
for(i=0;i<PARAM_N;i++)
coeffs[i] = x[i];
return false;
}
private static void batcher84(char[] x, int offset)
{
int c, t;
c = 61444 - x[offset + 0]; t = (x[offset + 0] ^ x[offset + 16]) & (c >> 31); x[offset + 0] ^= t; x[offset + 16] ^= t;
c = 61444 - x[offset + 32]; t = (x[offset + 32] ^ x[offset + 48]) & (c >> 31); x[offset + 32] ^= t; x[offset + 48] ^= t;
c = 61444 - x[offset + 0]; t = (x[offset + 0] ^ x[offset + 32]) & (c >> 31); x[offset + 0] ^= t; x[offset + 32] ^= t;
c = 61444 - x[offset + 16]; t = (x[offset + 16] ^ x[offset + 48]) & (c >> 31); x[offset + 16] ^= t; x[offset + 48] ^= t;
c = 61444 - x[offset + 16]; t = (x[offset + 16] ^ x[offset + 32]) & (c >> 31); x[offset + 16] ^= t; x[offset + 32] ^= t;
c = 61444 - x[offset + 64]; t = (x[offset + 64] ^ x[offset + 80]) & (c >> 31); x[offset + 64] ^= t; x[offset + 80] ^= t;
c = 61444 - x[offset + 96]; t = (x[offset + 96] ^ x[offset + 112]) & (c >> 31); x[offset + 96] ^= t; x[offset + 112] ^= t;
c = 61444 - x[offset + 64]; t = (x[offset + 64] ^ x[offset + 96]) & (c >> 31); x[offset + 64] ^= t; x[offset + 96] ^= t;
c = 61444 - x[offset + 80]; t = (x[offset + 80] ^ x[offset + 112]) & (c >> 31); x[offset + 80] ^= t; x[offset + 112] ^= t;
c = 61444 - x[offset + 80]; t = (x[offset + 80] ^ x[offset + 96]) & (c >> 31); x[offset + 80] ^= t; x[offset + 96] ^= t;
c = 61444 - x[offset + 0]; t = (x[offset + 0] ^ x[offset + 64]) & (c >> 31); x[offset + 0] ^= t; x[offset + 64] ^= t;
c = 61444 - x[offset + 32]; t = (x[offset + 32] ^ x[offset + 96]) & (c >> 31); x[offset + 32] ^= t; x[offset + 96] ^= t;
c = 61444 - x[offset + 32]; t = (x[offset + 32] ^ x[offset + 64]) & (c >> 31); x[offset + 32] ^= t; x[offset + 64] ^= t;
c = 61444 - x[offset + 16]; t = (x[offset + 16] ^ x[offset + 80]) & (c >> 31); x[offset + 16] ^= t; x[offset + 80] ^= t;
c = 61444 - x[offset + 48]; t = (x[offset + 48] ^ x[offset + 112]) & (c >> 31); x[offset + 48] ^= t; x[offset + 112] ^= t;
c = 61444 - x[offset + 48]; t = (x[offset + 48] ^ x[offset + 80]) & (c >> 31); x[offset + 48] ^= t; x[offset + 80] ^= t;
c = 61444 - x[offset + 16]; t = (x[offset + 16] ^ x[offset + 32]) & (c >> 31); x[offset + 16] ^= t; x[offset + 32] ^= t;
c = 61444 - x[offset + 48]; t = (x[offset + 48] ^ x[offset + 64]) & (c >> 31); x[offset + 48] ^= t; x[offset + 64] ^= t;
c = 61444 - x[offset + 80]; t = (x[offset + 80] ^ x[offset + 96]) & (c >> 31); x[offset + 80] ^= t; x[offset + 96] ^= t;
c = 61444 - x[offset + 128]; t = (x[offset + 128] ^ x[offset + 144]) & (c >> 31); x[offset + 128] ^= t; x[offset + 144] ^= t;
c = 61444 - x[offset + 160]; t = (x[offset + 160] ^ x[offset + 176]) & (c >> 31); x[offset + 160] ^= t; x[offset + 176] ^= t;
c = 61444 - x[offset + 128]; t = (x[offset + 128] ^ x[offset + 160]) & (c >> 31); x[offset + 128] ^= t; x[offset + 160] ^= t;
c = 61444 - x[offset + 144]; t = (x[offset + 144] ^ x[offset + 176]) & (c >> 31); x[offset + 144] ^= t; x[offset + 176] ^= t;
c = 61444 - x[offset + 144]; t = (x[offset + 144] ^ x[offset + 160]) & (c >> 31); x[offset + 144] ^= t; x[offset + 160] ^= t;
c = 61444 - x[offset + 192]; t = (x[offset + 192] ^ x[offset + 208]) & (c >> 31); x[offset + 192] ^= t; x[offset + 208] ^= t;
c = 61444 - x[offset + 224]; t = (x[offset + 224] ^ x[offset + 240]) & (c >> 31); x[offset + 224] ^= t; x[offset + 240] ^= t;
c = 61444 - x[offset + 192]; t = (x[offset + 192] ^ x[offset + 224]) & (c >> 31); x[offset + 192] ^= t; x[offset + 224] ^= t;
c = 61444 - x[offset + 208]; t = (x[offset + 208] ^ x[offset + 240]) & (c >> 31); x[offset + 208] ^= t; x[offset + 240] ^= t;
c = 61444 - x[offset + 208]; t = (x[offset + 208] ^ x[offset + 224]) & (c >> 31); x[offset + 208] ^= t; x[offset + 224] ^= t;
c = 61444 - x[offset + 128]; t = (x[offset + 128] ^ x[offset + 192]) & (c >> 31); x[offset + 128] ^= t; x[offset + 192] ^= t;
c = 61444 - x[offset + 160]; t = (x[offset + 160] ^ x[offset + 224]) & (c >> 31); x[offset + 160] ^= t; x[offset + 224] ^= t;
c = 61444 - x[offset + 160]; t = (x[offset + 160] ^ x[offset + 192]) & (c >> 31); x[offset + 160] ^= t; x[offset + 192] ^= t;
c = 61444 - x[offset + 144]; t = (x[offset + 144] ^ x[offset + 208]) & (c >> 31); x[offset + 144] ^= t; x[offset + 208] ^= t;
c = 61444 - x[offset + 176]; t = (x[offset + 176] ^ x[offset + 240]) & (c >> 31); x[offset + 176] ^= t; x[offset + 240] ^= t;
c = 61444 - x[offset + 176]; t = (x[offset + 176] ^ x[offset + 208]) & (c >> 31); x[offset + 176] ^= t; x[offset + 208] ^= t;
c = 61444 - x[offset + 144]; t = (x[offset + 144] ^ x[offset + 160]) & (c >> 31); x[offset + 144] ^= t; x[offset + 160] ^= t;
c = 61444 - x[offset + 176]; t = (x[offset + 176] ^ x[offset + 192]) & (c >> 31); x[offset + 176] ^= t; x[offset + 192] ^= t;
c = 61444 - x[offset + 208]; t = (x[offset + 208] ^ x[offset + 224]) & (c >> 31); x[offset + 208] ^= t; x[offset + 224] ^= t;
c = 61444 - x[offset + 0]; t = (x[offset + 0] ^ x[offset + 128]) & (c >> 31); x[offset + 0] ^= t; x[offset + 128] ^= t;
c = 61444 - x[offset + 64]; t = (x[offset + 64] ^ x[offset + 192]) & (c >> 31); x[offset + 64] ^= t; x[offset + 192] ^= t;
c = 61444 - x[offset + 64]; t = (x[offset + 64] ^ x[offset + 128]) & (c >> 31); x[offset + 64] ^= t; x[offset + 128] ^= t;
c = 61444 - x[offset + 32]; t = (x[offset + 32] ^ x[offset + 160]) & (c >> 31); x[offset + 32] ^= t; x[offset + 160] ^= t;
c = 61444 - x[offset + 96]; t = (x[offset + 96] ^ x[offset + 224]) & (c >> 31); x[offset + 96] ^= t; x[offset + 224] ^= t;
c = 61444 - x[offset + 96]; t = (x[offset + 96] ^ x[offset + 160]) & (c >> 31); x[offset + 96] ^= t; x[offset + 160] ^= t;
c = 61444 - x[offset + 32]; t = (x[offset + 32] ^ x[offset + 64]) & (c >> 31); x[offset + 32] ^= t; x[offset + 64] ^= t;
c = 61444 - x[offset + 96]; t = (x[offset + 96] ^ x[offset + 128]) & (c >> 31); x[offset + 96] ^= t; x[offset + 128] ^= t;
c = 61444 - x[offset + 160]; t = (x[offset + 160] ^ x[offset + 192]) & (c >> 31); x[offset + 160] ^= t; x[offset + 192] ^= t;
c = 61444 - x[offset + 16]; t = (x[offset + 16] ^ x[offset + 144]) & (c >> 31); x[offset + 16] ^= t; x[offset + 144] ^= t;
c = 61444 - x[offset + 80]; t = (x[offset + 80] ^ x[offset + 208]) & (c >> 31); x[offset + 80] ^= t; x[offset + 208] ^= t;
c = 61444 - x[offset + 80]; t = (x[offset + 80] ^ x[offset + 144]) & (c >> 31); x[offset + 80] ^= t; x[offset + 144] ^= t;
c = 61444 - x[offset + 48]; t = (x[offset + 48] ^ x[offset + 176]) & (c >> 31); x[offset + 48] ^= t; x[offset + 176] ^= t;
c = 61444 - x[offset + 112]; t = (x[offset + 112] ^ x[offset + 240]) & (c >> 31); x[offset + 112] ^= t; x[offset + 240] ^= t;
c = 61444 - x[offset + 112]; t = (x[offset + 112] ^ x[offset + 176]) & (c >> 31); x[offset + 112] ^= t; x[offset + 176] ^= t;
c = 61444 - x[offset + 48]; t = (x[offset + 48] ^ x[offset + 80]) & (c >> 31); x[offset + 48] ^= t; x[offset + 80] ^= t;
c = 61444 - x[offset + 112]; t = (x[offset + 112] ^ x[offset + 144]) & (c >> 31); x[offset + 112] ^= t; x[offset + 144] ^= t;
c = 61444 - x[offset + 176]; t = (x[offset + 176] ^ x[offset + 208]) & (c >> 31); x[offset + 176] ^= t; x[offset + 208] ^= t;
c = 61444 - x[offset + 16]; t = (x[offset + 16] ^ x[offset + 32]) & (c >> 31); x[offset + 16] ^= t; x[offset + 32] ^= t;
c = 61444 - x[offset + 48]; t = (x[offset + 48] ^ x[offset + 64]) & (c >> 31); x[offset + 48] ^= t; x[offset + 64] ^= t;
c = 61444 - x[offset + 80]; t = (x[offset + 80] ^ x[offset + 96]) & (c >> 31); x[offset + 80] ^= t; x[offset + 96] ^= t;
c = 61444 - x[offset + 112]; t = (x[offset + 112] ^ x[offset + 128]) & (c >> 31); x[offset + 112] ^= t; x[offset + 128] ^= t;
c = 61444 - x[offset + 144]; t = (x[offset + 144] ^ x[offset + 160]) & (c >> 31); x[offset + 144] ^= t; x[offset + 160] ^= t;
c = 61444 - x[offset + 176]; t = (x[offset + 176] ^ x[offset + 192]) & (c >> 31); x[offset + 176] ^= t; x[offset + 192] ^= t;
c = 61444 - x[offset + 208]; t = (x[offset + 208] ^ x[offset + 224]) & (c >> 31); x[offset + 208] ^= t; x[offset + 224] ^= t;
c = 61444 - x[offset + 256]; t = (x[offset + 256] ^ x[offset + 272]) & (c >> 31); x[offset + 256] ^= t; x[offset + 272] ^= t;
c = 61444 - x[offset + 288]; t = (x[offset + 288] ^ x[offset + 304]) & (c >> 31); x[offset + 288] ^= t; x[offset + 304] ^= t;
c = 61444 - x[offset + 256]; t = (x[offset + 256] ^ x[offset + 288]) & (c >> 31); x[offset + 256] ^= t; x[offset + 288] ^= t;
c = 61444 - x[offset + 272]; t = (x[offset + 272] ^ x[offset + 304]) & (c >> 31); x[offset + 272] ^= t; x[offset + 304] ^= t;
c = 61444 - x[offset + 272]; t = (x[offset + 272] ^ x[offset + 288]) & (c >> 31); x[offset + 272] ^= t; x[offset + 288] ^= t;
c = 61444 - x[offset + 320]; t = (x[offset + 320] ^ x[offset + 336]) & (c >> 31); x[offset + 320] ^= t; x[offset + 336] ^= t;
c = 61444 - x[offset + 352]; t = (x[offset + 352] ^ x[offset + 368]) & (c >> 31); x[offset + 352] ^= t; x[offset + 368] ^= t;
c = 61444 - x[offset + 320]; t = (x[offset + 320] ^ x[offset + 352]) & (c >> 31); x[offset + 320] ^= t; x[offset + 352] ^= t;
c = 61444 - x[offset + 336]; t = (x[offset + 336] ^ x[offset + 368]) & (c >> 31); x[offset + 336] ^= t; x[offset + 368] ^= t;
c = 61444 - x[offset + 336]; t = (x[offset + 336] ^ x[offset + 352]) & (c >> 31); x[offset + 336] ^= t; x[offset + 352] ^= t;
c = 61444 - x[offset + 256]; t = (x[offset + 256] ^ x[offset + 320]) & (c >> 31); x[offset + 256] ^= t; x[offset + 320] ^= t;
c = 61444 - x[offset + 288]; t = (x[offset + 288] ^ x[offset + 352]) & (c >> 31); x[offset + 288] ^= t; x[offset + 352] ^= t;
c = 61444 - x[offset + 288]; t = (x[offset + 288] ^ x[offset + 320]) & (c >> 31); x[offset + 288] ^= t; x[offset + 320] ^= t;
c = 61444 - x[offset + 272]; t = (x[offset + 272] ^ x[offset + 336]) & (c >> 31); x[offset + 272] ^= t; x[offset + 336] ^= t;
c = 61444 - x[offset + 304]; t = (x[offset + 304] ^ x[offset + 368]) & (c >> 31); x[offset + 304] ^= t; x[offset + 368] ^= t;
c = 61444 - x[offset + 304]; t = (x[offset + 304] ^ x[offset + 336]) & (c >> 31); x[offset + 304] ^= t; x[offset + 336] ^= t;
c = 61444 - x[offset + 272]; t = (x[offset + 272] ^ x[offset + 288]) & (c >> 31); x[offset + 272] ^= t; x[offset + 288] ^= t;
c = 61444 - x[offset + 304]; t = (x[offset + 304] ^ x[offset + 320]) & (c >> 31); x[offset + 304] ^= t; x[offset + 320] ^= t;
c = 61444 - x[offset + 336]; t = (x[offset + 336] ^ x[offset + 352]) & (c >> 31); x[offset + 336] ^= t; x[offset + 352] ^= t;
c = 61444 - x[offset + 384]; t = (x[offset + 384] ^ x[offset + 400]) & (c >> 31); x[offset + 384] ^= t; x[offset + 400] ^= t;
c = 61444 - x[offset + 416]; t = (x[offset + 416] ^ x[offset + 432]) & (c >> 31); x[offset + 416] ^= t; x[offset + 432] ^= t;
c = 61444 - x[offset + 384]; t = (x[offset + 384] ^ x[offset + 416]) & (c >> 31); x[offset + 384] ^= t; x[offset + 416] ^= t;
c = 61444 - x[offset + 400]; t = (x[offset + 400] ^ x[offset + 432]) & (c >> 31); x[offset + 400] ^= t; x[offset + 432] ^= t;
c = 61444 - x[offset + 400]; t = (x[offset + 400] ^ x[offset + 416]) & (c >> 31); x[offset + 400] ^= t; x[offset + 416] ^= t;
c = 61444 - x[offset + 448]; t = (x[offset + 448] ^ x[offset + 464]) & (c >> 31); x[offset + 448] ^= t; x[offset + 464] ^= t;
c = 61444 - x[offset + 480]; t = (x[offset + 480] ^ x[offset + 496]) & (c >> 31); x[offset + 480] ^= t; x[offset + 496] ^= t;
c = 61444 - x[offset + 448]; t = (x[offset + 448] ^ x[offset + 480]) & (c >> 31); x[offset + 448] ^= t; x[offset + 480] ^= t;
c = 61444 - x[offset + 464]; t = (x[offset + 464] ^ x[offset + 496]) & (c >> 31); x[offset + 464] ^= t; x[offset + 496] ^= t;
c = 61444 - x[offset + 464]; t = (x[offset + 464] ^ x[offset + 480]) & (c >> 31); x[offset + 464] ^= t; x[offset + 480] ^= t;
c = 61444 - x[offset + 384]; t = (x[offset + 384] ^ x[offset + 448]) & (c >> 31); x[offset + 384] ^= t; x[offset + 448] ^= t;
c = 61444 - x[offset + 416]; t = (x[offset + 416] ^ x[offset + 480]) & (c >> 31); x[offset + 416] ^= t; x[offset + 480] ^= t;
c = 61444 - x[offset + 416]; t = (x[offset + 416] ^ x[offset + 448]) & (c >> 31); x[offset + 416] ^= t; x[offset + 448] ^= t;
c = 61444 - x[offset + 400]; t = (x[offset + 400] ^ x[offset + 464]) & (c >> 31); x[offset + 400] ^= t; x[offset + 464] ^= t;
c = 61444 - x[offset + 432]; t = (x[offset + 432] ^ x[offset + 496]) & (c >> 31); x[offset + 432] ^= t; x[offset + 496] ^= t;
c = 61444 - x[offset + 432]; t = (x[offset + 432] ^ x[offset + 464]) & (c >> 31); x[offset + 432] ^= t; x[offset + 464] ^= t;
c = 61444 - x[offset + 400]; t = (x[offset + 400] ^ x[offset + 416]) & (c >> 31); x[offset + 400] ^= t; x[offset + 416] ^= t;
c = 61444 - x[offset + 432]; t = (x[offset + 432] ^ x[offset + 448]) & (c >> 31); x[offset + 432] ^= t; x[offset + 448] ^= t;
c = 61444 - x[offset + 464]; t = (x[offset + 464] ^ x[offset + 480]) & (c >> 31); x[offset + 464] ^= t; x[offset + 480] ^= t;
c = 61444 - x[offset + 256]; t = (x[offset + 256] ^ x[offset + 384]) & (c >> 31); x[offset + 256] ^= t; x[offset + 384] ^= t;
c = 61444 - x[offset + 320]; t = (x[offset + 320] ^ x[offset + 448]) & (c >> 31); x[offset + 320] ^= t; x[offset + 448] ^= t;
c = 61444 - x[offset + 320]; t = (x[offset + 320] ^ x[offset + 384]) & (c >> 31); x[offset + 320] ^= t; x[offset + 384] ^= t;
c = 61444 - x[offset + 288]; t = (x[offset + 288] ^ x[offset + 416]) & (c >> 31); x[offset + 288] ^= t; x[offset + 416] ^= t;
c = 61444 - x[offset + 352]; t = (x[offset + 352] ^ x[offset + 480]) & (c >> 31); x[offset + 352] ^= t; x[offset + 480] ^= t;
c = 61444 - x[offset + 352]; t = (x[offset + 352] ^ x[offset + 416]) & (c >> 31); x[offset + 352] ^= t; x[offset + 416] ^= t;
c = 61444 - x[offset + 288]; t = (x[offset + 288] ^ x[offset + 320]) & (c >> 31); x[offset + 288] ^= t; x[offset + 320] ^= t;
c = 61444 - x[offset + 352]; t = (x[offset + 352] ^ x[offset + 384]) & (c >> 31); x[offset + 352] ^= t; x[offset + 384] ^= t;
c = 61444 - x[offset + 416]; t = (x[offset + 416] ^ x[offset + 448]) & (c >> 31); x[offset + 416] ^= t; x[offset + 448] ^= t;
c = 61444 - x[offset + 272]; t = (x[offset + 272] ^ x[offset + 400]) & (c >> 31); x[offset + 272] ^= t; x[offset + 400] ^= t;
c = 61444 - x[offset + 336]; t = (x[offset + 336] ^ x[offset + 464]) & (c >> 31); x[offset + 336] ^= t; x[offset + 464] ^= t;
c = 61444 - x[offset + 336]; t = (x[offset + 336] ^ x[offset + 400]) & (c >> 31); x[offset + 336] ^= t; x[offset + 400] ^= t;
c = 61444 - x[offset + 304]; t = (x[offset + 304] ^ x[offset + 432]) & (c >> 31); x[offset + 304] ^= t; x[offset + 432] ^= t;
c = 61444 - x[offset + 368]; t = (x[offset + 368] ^ x[offset + 496]) & (c >> 31); x[offset + 368] ^= t; x[offset + 496] ^= t;
c = 61444 - x[offset + 368]; t = (x[offset + 368] ^ x[offset + 432]) & (c >> 31); x[offset + 368] ^= t; x[offset + 432] ^= t;
c = 61444 - x[offset + 304]; t = (x[offset + 304] ^ x[offset + 336]) & (c >> 31); x[offset + 304] ^= t; x[offset + 336] ^= t;
c = 61444 - x[offset + 368]; t = (x[offset + 368] ^ x[offset + 400]) & (c >> 31); x[offset + 368] ^= t; x[offset + 400] ^= t;
c = 61444 - x[offset + 432]; t = (x[offset + 432] ^ x[offset + 464]) & (c >> 31); x[offset + 432] ^= t; x[offset + 464] ^= t;
c = 61444 - x[offset + 272]; t = (x[offset + 272] ^ x[offset + 288]) & (c >> 31); x[offset + 272] ^= t; x[offset + 288] ^= t;
c = 61444 - x[offset + 304]; t = (x[offset + 304] ^ x[offset + 320]) & (c >> 31); x[offset + 304] ^= t; x[offset + 320] ^= t;
c = 61444 - x[offset + 336]; t = (x[offset + 336] ^ x[offset + 352]) & (c >> 31); x[offset + 336] ^= t; x[offset + 352] ^= t;
c = 61444 - x[offset + 368]; t = (x[offset + 368] ^ x[offset + 384]) & (c >> 31); x[offset + 368] ^= t; x[offset + 384] ^= t;
c = 61444 - x[offset + 400]; t = (x[offset + 400] ^ x[offset + 416]) & (c >> 31); x[offset + 400] ^= t; x[offset + 416] ^= t;
c = 61444 - x[offset + 432]; t = (x[offset + 432] ^ x[offset + 448]) & (c >> 31); x[offset + 432] ^= t; x[offset + 448] ^= t;
c = 61444 - x[offset + 464]; t = (x[offset + 464] ^ x[offset + 480]) & (c >> 31); x[offset + 464] ^= t; x[offset + 480] ^= t;
c = 61444 - x[offset + 0]; t = (x[offset + 0] ^ x[offset + 256]) & (c >> 31); x[offset + 0] ^= t; x[offset + 256] ^= t;
c = 61444 - x[offset + 128]; t = (x[offset + 128] ^ x[offset + 384]) & (c >> 31); x[offset + 128] ^= t; x[offset + 384] ^= t;
c = 61444 - x[offset + 128]; t = (x[offset + 128] ^ x[offset + 256]) & (c >> 31); x[offset + 128] ^= t; x[offset + 256] ^= t;
c = 61444 - x[offset + 64]; t = (x[offset + 64] ^ x[offset + 320]) & (c >> 31); x[offset + 64] ^= t; x[offset + 320] ^= t;
c = 61444 - x[offset + 192]; t = (x[offset + 192] ^ x[offset + 448]) & (c >> 31); x[offset + 192] ^= t; x[offset + 448] ^= t;
c = 61444 - x[offset + 192]; t = (x[offset + 192] ^ x[offset + 320]) & (c >> 31); x[offset + 192] ^= t; x[offset + 320] ^= t;
c = 61444 - x[offset + 64]; t = (x[offset + 64] ^ x[offset + 128]) & (c >> 31); x[offset + 64] ^= t; x[offset + 128] ^= t;
c = 61444 - x[offset + 192]; t = (x[offset + 192] ^ x[offset + 256]) & (c >> 31); x[offset + 192] ^= t; x[offset + 256] ^= t;
c = 61444 - x[offset + 320]; t = (x[offset + 320] ^ x[offset + 384]) & (c >> 31); x[offset + 320] ^= t; x[offset + 384] ^= t;
c = 61444 - x[offset + 32]; t = (x[offset + 32] ^ x[offset + 288]) & (c >> 31); x[offset + 32] ^= t; x[offset + 288] ^= t;
c = 61444 - x[offset + 160]; t = (x[offset + 160] ^ x[offset + 416]) & (c >> 31); x[offset + 160] ^= t; x[offset + 416] ^= t;
c = 61444 - x[offset + 160]; t = (x[offset + 160] ^ x[offset + 288]) & (c >> 31); x[offset + 160] ^= t; x[offset + 288] ^= t;
c = 61444 - x[offset + 96]; t = (x[offset + 96] ^ x[offset + 352]) & (c >> 31); x[offset + 96] ^= t; x[offset + 352] ^= t;
c = 61444 - x[offset + 224]; t = (x[offset + 224] ^ x[offset + 480]) & (c >> 31); x[offset + 224] ^= t; x[offset + 480] ^= t;
c = 61444 - x[offset + 224]; t = (x[offset + 224] ^ x[offset + 352]) & (c >> 31); x[offset + 224] ^= t; x[offset + 352] ^= t;
c = 61444 - x[offset + 96]; t = (x[offset + 96] ^ x[offset + 160]) & (c >> 31); x[offset + 96] ^= t; x[offset + 160] ^= t;
c = 61444 - x[offset + 224]; t = (x[offset + 224] ^ x[offset + 288]) & (c >> 31); x[offset + 224] ^= t; x[offset + 288] ^= t;
c = 61444 - x[offset + 352]; t = (x[offset + 352] ^ x[offset + 416]) & (c >> 31); x[offset + 352] ^= t; x[offset + 416] ^= t;
c = 61444 - x[offset + 32]; t = (x[offset + 32] ^ x[offset + 64]) & (c >> 31); x[offset + 32] ^= t; x[offset + 64] ^= t;
c = 61444 - x[offset + 96]; t = (x[offset + 96] ^ x[offset + 128]) & (c >> 31); x[offset + 96] ^= t; x[offset + 128] ^= t;
c = 61444 - x[offset + 160]; t = (x[offset + 160] ^ x[offset + 192]) & (c >> 31); x[offset + 160] ^= t; x[offset + 192] ^= t;
c = 61444 - x[offset + 224]; t = (x[offset + 224] ^ x[offset + 256]) & (c >> 31); x[offset + 224] ^= t; x[offset + 256] ^= t;
c = 61444 - x[offset + 288]; t = (x[offset + 288] ^ x[offset + 320]) & (c >> 31); x[offset + 288] ^= t; x[offset + 320] ^= t;
c = 61444 - x[offset + 352]; t = (x[offset + 352] ^ x[offset + 384]) & (c >> 31); x[offset + 352] ^= t; x[offset + 384] ^= t;
c = 61444 - x[offset + 416]; t = (x[offset + 416] ^ x[offset + 448]) & (c >> 31); x[offset + 416] ^= t; x[offset + 448] ^= t;
c = 61444 - x[offset + 16]; t = (x[offset + 16] ^ x[offset + 272]) & (c >> 31); x[offset + 16] ^= t; x[offset + 272] ^= t;
c = 61444 - x[offset + 144]; t = (x[offset + 144] ^ x[offset + 400]) & (c >> 31); x[offset + 144] ^= t; x[offset + 400] ^= t;
c = 61444 - x[offset + 144]; t = (x[offset + 144] ^ x[offset + 272]) & (c >> 31); x[offset + 144] ^= t; x[offset + 272] ^= t;
c = 61444 - x[offset + 80]; t = (x[offset + 80] ^ x[offset + 336]) & (c >> 31); x[offset + 80] ^= t; x[offset + 336] ^= t;
c = 61444 - x[offset + 208]; t = (x[offset + 208] ^ x[offset + 464]) & (c >> 31); x[offset + 208] ^= t; x[offset + 464] ^= t;
c = 61444 - x[offset + 208]; t = (x[offset + 208] ^ x[offset + 336]) & (c >> 31); x[offset + 208] ^= t; x[offset + 336] ^= t;
c = 61444 - x[offset + 80]; t = (x[offset + 80] ^ x[offset + 144]) & (c >> 31); x[offset + 80] ^= t; x[offset + 144] ^= t;
c = 61444 - x[offset + 208]; t = (x[offset + 208] ^ x[offset + 272]) & (c >> 31); x[offset + 208] ^= t; x[offset + 272] ^= t;
c = 61444 - x[offset + 336]; t = (x[offset + 336] ^ x[offset + 400]) & (c >> 31); x[offset + 336] ^= t; x[offset + 400] ^= t;
c = 61444 - x[offset + 48]; t = (x[offset + 48] ^ x[offset + 304]) & (c >> 31); x[offset + 48] ^= t; x[offset + 304] ^= t;
c = 61444 - x[offset + 176]; t = (x[offset + 176] ^ x[offset + 432]) & (c >> 31); x[offset + 176] ^= t; x[offset + 432] ^= t;
c = 61444 - x[offset + 176]; t = (x[offset + 176] ^ x[offset + 304]) & (c >> 31); x[offset + 176] ^= t; x[offset + 304] ^= t;
c = 61444 - x[offset + 112]; t = (x[offset + 112] ^ x[offset + 368]) & (c >> 31); x[offset + 112] ^= t; x[offset + 368] ^= t;
c = 61444 - x[offset + 240]; t = (x[offset + 240] ^ x[offset + 496]) & (c >> 31); x[offset + 240] ^= t; x[offset + 496] ^= t;
c = 61444 - x[offset + 240]; t = (x[offset + 240] ^ x[offset + 368]) & (c >> 31); x[offset + 240] ^= t; x[offset + 368] ^= t;
c = 61444 - x[offset + 112]; t = (x[offset + 112] ^ x[offset + 176]) & (c >> 31); x[offset + 112] ^= t; x[offset + 176] ^= t;
c = 61444 - x[offset + 240]; t = (x[offset + 240] ^ x[offset + 304]) & (c >> 31); x[offset + 240] ^= t; x[offset + 304] ^= t;
c = 61444 - x[offset + 368]; t = (x[offset + 368] ^ x[offset + 432]) & (c >> 31); x[offset + 368] ^= t; x[offset + 432] ^= t;
c = 61444 - x[offset + 48]; t = (x[offset + 48] ^ x[offset + 80]) & (c >> 31); x[offset + 48] ^= t; x[offset + 80] ^= t;
c = 61444 - x[offset + 112]; t = (x[offset + 112] ^ x[offset + 144]) & (c >> 31); x[offset + 112] ^= t; x[offset + 144] ^= t;
c = 61444 - x[offset + 176]; t = (x[offset + 176] ^ x[offset + 208]) & (c >> 31); x[offset + 176] ^= t; x[offset + 208] ^= t;
c = 61444 - x[offset + 240]; t = (x[offset + 240] ^ x[offset + 272]) & (c >> 31); x[offset + 240] ^= t; x[offset + 272] ^= t;
c = 61444 - x[offset + 304]; t = (x[offset + 304] ^ x[offset + 336]) & (c >> 31); x[offset + 304] ^= t; x[offset + 336] ^= t;
c = 61444 - x[offset + 368]; t = (x[offset + 368] ^ x[offset + 400]) & (c >> 31); x[offset + 368] ^= t; x[offset + 400] ^= t;
c = 61444 - x[offset + 432]; t = (x[offset + 432] ^ x[offset + 464]) & (c >> 31); x[offset + 432] ^= t; x[offset + 464] ^= t;
c = 61444 - x[offset + 16]; t = (x[offset + 16] ^ x[offset + 32]) & (c >> 31); x[offset + 16] ^= t; x[offset + 32] ^= t;
c = 61444 - x[offset + 48]; t = (x[offset + 48] ^ x[offset + 64]) & (c >> 31); x[offset + 48] ^= t; x[offset + 64] ^= t;
c = 61444 - x[offset + 80]; t = (x[offset + 80] ^ x[offset + 96]) & (c >> 31); x[offset + 80] ^= t; x[offset + 96] ^= t;
c = 61444 - x[offset + 112]; t = (x[offset + 112] ^ x[offset + 128]) & (c >> 31); x[offset + 112] ^= t; x[offset + 128] ^= t;
c = 61444 - x[offset + 144]; t = (x[offset + 144] ^ x[offset + 160]) & (c >> 31); x[offset + 144] ^= t; x[offset + 160] ^= t;
c = 61444 - x[offset + 176]; t = (x[offset + 176] ^ x[offset + 192]) & (c >> 31); x[offset + 176] ^= t; x[offset + 192] ^= t;
c = 61444 - x[offset + 208]; t = (x[offset + 208] ^ x[offset + 224]) & (c >> 31); x[offset + 208] ^= t; x[offset + 224] ^= t;
c = 61444 - x[offset + 240]; t = (x[offset + 240] ^ x[offset + 256]) & (c >> 31); x[offset + 240] ^= t; x[offset + 256] ^= t;
c = 61444 - x[offset + 272]; t = (x[offset + 272] ^ x[offset + 288]) & (c >> 31); x[offset + 272] ^= t; x[offset + 288] ^= t;
c = 61444 - x[offset + 304]; t = (x[offset + 304] ^ x[offset + 320]) & (c >> 31); x[offset + 304] ^= t; x[offset + 320] ^= t;
c = 61444 - x[offset + 336]; t = (x[offset + 336] ^ x[offset + 352]) & (c >> 31); x[offset + 336] ^= t; x[offset + 352] ^= t;
c = 61444 - x[offset + 368]; t = (x[offset + 368] ^ x[offset + 384]) & (c >> 31); x[offset + 368] ^= t; x[offset + 384] ^= t;
c = 61444 - x[offset + 400]; t = (x[offset + 400] ^ x[offset + 416]) & (c >> 31); x[offset + 400] ^= t; x[offset + 416] ^= t;
c = 61444 - x[offset + 432]; t = (x[offset + 432] ^ x[offset + 448]) & (c >> 31); x[offset + 432] ^= t; x[offset + 448] ^= t;
c = 61444 - x[offset + 464]; t = (x[offset + 464] ^ x[offset + 480]) & (c >> 31); x[offset + 464] ^= t; x[offset + 480] ^= t;
c = 61444 - x[offset + 512]; t = (x[offset + 512] ^ x[offset + 528]) & (c >> 31); x[offset + 512] ^= t; x[offset + 528] ^= t;
c = 61444 - x[offset + 544]; t = (x[offset + 544] ^ x[offset + 560]) & (c >> 31); x[offset + 544] ^= t; x[offset + 560] ^= t;
c = 61444 - x[offset + 512]; t = (x[offset + 512] ^ x[offset + 544]) & (c >> 31); x[offset + 512] ^= t; x[offset + 544] ^= t;
c = 61444 - x[offset + 528]; t = (x[offset + 528] ^ x[offset + 560]) & (c >> 31); x[offset + 528] ^= t; x[offset + 560] ^= t;
c = 61444 - x[offset + 528]; t = (x[offset + 528] ^ x[offset + 544]) & (c >> 31); x[offset + 528] ^= t; x[offset + 544] ^= t;
c = 61444 - x[offset + 576]; t = (x[offset + 576] ^ x[offset + 592]) & (c >> 31); x[offset + 576] ^= t; x[offset + 592] ^= t;
c = 61444 - x[offset + 608]; t = (x[offset + 608] ^ x[offset + 624]) & (c >> 31); x[offset + 608] ^= t; x[offset + 624] ^= t;
c = 61444 - x[offset + 576]; t = (x[offset + 576] ^ x[offset + 608]) & (c >> 31); x[offset + 576] ^= t; x[offset + 608] ^= t;
c = 61444 - x[offset + 592]; t = (x[offset + 592] ^ x[offset + 624]) & (c >> 31); x[offset + 592] ^= t; x[offset + 624] ^= t;
c = 61444 - x[offset + 592]; t = (x[offset + 592] ^ x[offset + 608]) & (c >> 31); x[offset + 592] ^= t; x[offset + 608] ^= t;
c = 61444 - x[offset + 512]; t = (x[offset + 512] ^ x[offset + 576]) & (c >> 31); x[offset + 512] ^= t; x[offset + 576] ^= t;
c = 61444 - x[offset + 544]; t = (x[offset + 544] ^ x[offset + 608]) & (c >> 31); x[offset + 544] ^= t; x[offset + 608] ^= t;
c = 61444 - x[offset + 544]; t = (x[offset + 544] ^ x[offset + 576]) & (c >> 31); x[offset + 544] ^= t; x[offset + 576] ^= t;
c = 61444 - x[offset + 528]; t = (x[offset + 528] ^ x[offset + 592]) & (c >> 31); x[offset + 528] ^= t; x[offset + 592] ^= t;
c = 61444 - x[offset + 560]; t = (x[offset + 560] ^ x[offset + 624]) & (c >> 31); x[offset + 560] ^= t; x[offset + 624] ^= t;
c = 61444 - x[offset + 560]; t = (x[offset + 560] ^ x[offset + 592]) & (c >> 31); x[offset + 560] ^= t; x[offset + 592] ^= t;
c = 61444 - x[offset + 528]; t = (x[offset + 528] ^ x[offset + 544]) & (c >> 31); x[offset + 528] ^= t; x[offset + 544] ^= t;
c = 61444 - x[offset + 560]; t = (x[offset + 560] ^ x[offset + 576]) & (c >> 31); x[offset + 560] ^= t; x[offset + 576] ^= t;
c = 61444 - x[offset + 592]; t = (x[offset + 592] ^ x[offset + 608]) & (c >> 31); x[offset + 592] ^= t; x[offset + 608] ^= t;
c = 61444 - x[offset + 640]; t = (x[offset + 640] ^ x[offset + 656]) & (c >> 31); x[offset + 640] ^= t; x[offset + 656] ^= t;
c = 61444 - x[offset + 672]; t = (x[offset + 672] ^ x[offset + 688]) & (c >> 31); x[offset + 672] ^= t; x[offset + 688] ^= t;
c = 61444 - x[offset + 640]; t = (x[offset + 640] ^ x[offset + 672]) & (c >> 31); x[offset + 640] ^= t; x[offset + 672] ^= t;
c = 61444 - x[offset + 656]; t = (x[offset + 656] ^ x[offset + 688]) & (c >> 31); x[offset + 656] ^= t; x[offset + 688] ^= t;
c = 61444 - x[offset + 656]; t = (x[offset + 656] ^ x[offset + 672]) & (c >> 31); x[offset + 656] ^= t; x[offset + 672] ^= t;
c = 61444 - x[offset + 704]; t = (x[offset + 704] ^ x[offset + 720]) & (c >> 31); x[offset + 704] ^= t; x[offset + 720] ^= t;
c = 61444 - x[offset + 736]; t = (x[offset + 736] ^ x[offset + 752]) & (c >> 31); x[offset + 736] ^= t; x[offset + 752] ^= t;
c = 61444 - x[offset + 704]; t = (x[offset + 704] ^ x[offset + 736]) & (c >> 31); x[offset + 704] ^= t; x[offset + 736] ^= t;
c = 61444 - x[offset + 720]; t = (x[offset + 720] ^ x[offset + 752]) & (c >> 31); x[offset + 720] ^= t; x[offset + 752] ^= t;
c = 61444 - x[offset + 720]; t = (x[offset + 720] ^ x[offset + 736]) & (c >> 31); x[offset + 720] ^= t; x[offset + 736] ^= t;
c = 61444 - x[offset + 640]; t = (x[offset + 640] ^ x[offset + 704]) & (c >> 31); x[offset + 640] ^= t; x[offset + 704] ^= t;
c = 61444 - x[offset + 672]; t = (x[offset + 672] ^ x[offset + 736]) & (c >> 31); x[offset + 672] ^= t; x[offset + 736] ^= t;
c = 61444 - x[offset + 672]; t = (x[offset + 672] ^ x[offset + 704]) & (c >> 31); x[offset + 672] ^= t; x[offset + 704] ^= t;
c = 61444 - x[offset + 656]; t = (x[offset + 656] ^ x[offset + 720]) & (c >> 31); x[offset + 656] ^= t; x[offset + 720] ^= t;
c = 61444 - x[offset + 688]; t = (x[offset + 688] ^ x[offset + 752]) & (c >> 31); x[offset + 688] ^= t; x[offset + 752] ^= t;
c = 61444 - x[offset + 688]; t = (x[offset + 688] ^ x[offset + 720]) & (c >> 31); x[offset + 688] ^= t; x[offset + 720] ^= t;
c = 61444 - x[offset + 656]; t = (x[offset + 656] ^ x[offset + 672]) & (c >> 31); x[offset + 656] ^= t; x[offset + 672] ^= t;
c = 61444 - x[offset + 688]; t = (x[offset + 688] ^ x[offset + 704]) & (c >> 31); x[offset + 688] ^= t; x[offset + 704] ^= t;
c = 61444 - x[offset + 720]; t = (x[offset + 720] ^ x[offset + 736]) & (c >> 31); x[offset + 720] ^= t; x[offset + 736] ^= t;
c = 61444 - x[offset + 512]; t = (x[offset + 512] ^ x[offset + 640]) & (c >> 31); x[offset + 512] ^= t; x[offset + 640] ^= t;
c = 61444 - x[offset + 576]; t = (x[offset + 576] ^ x[offset + 704]) & (c >> 31); x[offset + 576] ^= t; x[offset + 704] ^= t;
c = 61444 - x[offset + 576]; t = (x[offset + 576] ^ x[offset + 640]) & (c >> 31); x[offset + 576] ^= t; x[offset + 640] ^= t;
c = 61444 - x[offset + 544]; t = (x[offset + 544] ^ x[offset + 672]) & (c >> 31); x[offset + 544] ^= t; x[offset + 672] ^= t;
c = 61444 - x[offset + 608]; t = (x[offset + 608] ^ x[offset + 736]) & (c >> 31); x[offset + 608] ^= t; x[offset + 736] ^= t;
c = 61444 - x[offset + 608]; t = (x[offset + 608] ^ x[offset + 672]) & (c >> 31); x[offset + 608] ^= t; x[offset + 672] ^= t;
c = 61444 - x[offset + 544]; t = (x[offset + 544] ^ x[offset + 576]) & (c >> 31); x[offset + 544] ^= t; x[offset + 576] ^= t;
c = 61444 - x[offset + 608]; t = (x[offset + 608] ^ x[offset + 640]) & (c >> 31); x[offset + 608] ^= t; x[offset + 640] ^= t;
c = 61444 - x[offset + 672]; t = (x[offset + 672] ^ x[offset + 704]) & (c >> 31); x[offset + 672] ^= t; x[offset + 704] ^= t;
c = 61444 - x[offset + 528]; t = (x[offset + 528] ^ x[offset + 656]) & (c >> 31); x[offset + 528] ^= t; x[offset + 656] ^= t;
c = 61444 - x[offset + 592]; t = (x[offset + 592] ^ x[offset + 720]) & (c >> 31); x[offset + 592] ^= t; x[offset + 720] ^= t;
c = 61444 - x[offset + 592]; t = (x[offset + 592] ^ x[offset + 656]) & (c >> 31); x[offset + 592] ^= t; x[offset + 656] ^= t;
c = 61444 - x[offset + 560]; t = (x[offset + 560] ^ x[offset + 688]) & (c >> 31); x[offset + 560] ^= t; x[offset + 688] ^= t;
c = 61444 - x[offset + 624]; t = (x[offset + 624] ^ x[offset + 752]) & (c >> 31); x[offset + 624] ^= t; x[offset + 752] ^= t;
c = 61444 - x[offset + 624]; t = (x[offset + 624] ^ x[offset + 688]) & (c >> 31); x[offset + 624] ^= t; x[offset + 688] ^= t;
c = 61444 - x[offset + 560]; t = (x[offset + 560] ^ x[offset + 592]) & (c >> 31); x[offset + 560] ^= t; x[offset + 592] ^= t;
c = 61444 - x[offset + 624]; t = (x[offset + 624] ^ x[offset + 656]) & (c >> 31); x[offset + 624] ^= t; x[offset + 656] ^= t;
c = 61444 - x[offset + 688]; t = (x[offset + 688] ^ x[offset + 720]) & (c >> 31); x[offset + 688] ^= t; x[offset + 720] ^= t;
c = 61444 - x[offset + 528]; t = (x[offset + 528] ^ x[offset + 544]) & (c >> 31); x[offset + 528] ^= t; x[offset + 544] ^= t;
c = 61444 - x[offset + 560]; t = (x[offset + 560] ^ x[offset + 576]) & (c >> 31); x[offset + 560] ^= t; x[offset + 576] ^= t;
c = 61444 - x[offset + 592]; t = (x[offset + 592] ^ x[offset + 608]) & (c >> 31); x[offset + 592] ^= t; x[offset + 608] ^= t;
c = 61444 - x[offset + 624]; t = (x[offset + 624] ^ x[offset + 640]) & (c >> 31); x[offset + 624] ^= t; x[offset + 640] ^= t;
c = 61444 - x[offset + 656]; t = (x[offset + 656] ^ x[offset + 672]) & (c >> 31); x[offset + 656] ^= t; x[offset + 672] ^= t;
c = 61444 - x[offset + 688]; t = (x[offset + 688] ^ x[offset + 704]) & (c >> 31); x[offset + 688] ^= t; x[offset + 704] ^= t;
c = 61444 - x[offset + 720]; t = (x[offset + 720] ^ x[offset + 736]) & (c >> 31); x[offset + 720] ^= t; x[offset + 736] ^= t;
c = 61444 - x[offset + 768]; t = (x[offset + 768] ^ x[offset + 784]) & (c >> 31); x[offset + 768] ^= t; x[offset + 784] ^= t;
c = 61444 - x[offset + 800]; t = (x[offset + 800] ^ x[offset + 816]) & (c >> 31); x[offset + 800] ^= t; x[offset + 816] ^= t;
c = 61444 - x[offset + 768]; t = (x[offset + 768] ^ x[offset + 800]) & (c >> 31); x[offset + 768] ^= t; x[offset + 800] ^= t;
c = 61444 - x[offset + 784]; t = (x[offset + 784] ^ x[offset + 816]) & (c >> 31); x[offset + 784] ^= t; x[offset + 816] ^= t;
c = 61444 - x[offset + 784]; t = (x[offset + 784] ^ x[offset + 800]) & (c >> 31); x[offset + 784] ^= t; x[offset + 800] ^= t;
c = 61444 - x[offset + 832]; t = (x[offset + 832] ^ x[offset + 848]) & (c >> 31); x[offset + 832] ^= t; x[offset + 848] ^= t;
c = 61444 - x[offset + 864]; t = (x[offset + 864] ^ x[offset + 880]) & (c >> 31); x[offset + 864] ^= t; x[offset + 880] ^= t;
c = 61444 - x[offset + 832]; t = (x[offset + 832] ^ x[offset + 864]) & (c >> 31); x[offset + 832] ^= t; x[offset + 864] ^= t;
c = 61444 - x[offset + 848]; t = (x[offset + 848] ^ x[offset + 880]) & (c >> 31); x[offset + 848] ^= t; x[offset + 880] ^= t;
c = 61444 - x[offset + 848]; t = (x[offset + 848] ^ x[offset + 864]) & (c >> 31); x[offset + 848] ^= t; x[offset + 864] ^= t;
c = 61444 - x[offset + 768]; t = (x[offset + 768] ^ x[offset + 832]) & (c >> 31); x[offset + 768] ^= t; x[offset + 832] ^= t;
c = 61444 - x[offset + 800]; t = (x[offset + 800] ^ x[offset + 864]) & (c >> 31); x[offset + 800] ^= t; x[offset + 864] ^= t;
c = 61444 - x[offset + 800]; t = (x[offset + 800] ^ x[offset + 832]) & (c >> 31); x[offset + 800] ^= t; x[offset + 832] ^= t;
c = 61444 - x[offset + 784]; t = (x[offset + 784] ^ x[offset + 848]) & (c >> 31); x[offset + 784] ^= t; x[offset + 848] ^= t;
c = 61444 - x[offset + 816]; t = (x[offset + 816] ^ x[offset + 880]) & (c >> 31); x[offset + 816] ^= t; x[offset + 880] ^= t;
c = 61444 - x[offset + 816]; t = (x[offset + 816] ^ x[offset + 848]) & (c >> 31); x[offset + 816] ^= t; x[offset + 848] ^= t;
c = 61444 - x[offset + 784]; t = (x[offset + 784] ^ x[offset + 800]) & (c >> 31); x[offset + 784] ^= t; x[offset + 800] ^= t;
c = 61444 - x[offset + 816]; t = (x[offset + 816] ^ x[offset + 832]) & (c >> 31); x[offset + 816] ^= t; x[offset + 832] ^= t;
c = 61444 - x[offset + 848]; t = (x[offset + 848] ^ x[offset + 864]) & (c >> 31); x[offset + 848] ^= t; x[offset + 864] ^= t;
c = 61444 - x[offset + 896]; t = (x[offset + 896] ^ x[offset + 912]) & (c >> 31); x[offset + 896] ^= t; x[offset + 912] ^= t;
c = 61444 - x[offset + 928]; t = (x[offset + 928] ^ x[offset + 944]) & (c >> 31); x[offset + 928] ^= t; x[offset + 944] ^= t;
c = 61444 - x[offset + 896]; t = (x[offset + 896] ^ x[offset + 928]) & (c >> 31); x[offset + 896] ^= t; x[offset + 928] ^= t;
c = 61444 - x[offset + 912]; t = (x[offset + 912] ^ x[offset + 944]) & (c >> 31); x[offset + 912] ^= t; x[offset + 944] ^= t;
c = 61444 - x[offset + 912]; t = (x[offset + 912] ^ x[offset + 928]) & (c >> 31); x[offset + 912] ^= t; x[offset + 928] ^= t;
c = 61444 - x[offset + 960]; t = (x[offset + 960] ^ x[offset + 976]) & (c >> 31); x[offset + 960] ^= t; x[offset + 976] ^= t;
c = 61444 - x[offset + 992]; t = (x[offset + 992] ^ x[offset + 1008]) & (c >> 31); x[offset + 992] ^= t; x[offset + 1008] ^= t;
c = 61444 - x[offset + 960]; t = (x[offset + 960] ^ x[offset + 992]) & (c >> 31); x[offset + 960] ^= t; x[offset + 992] ^= t;
c = 61444 - x[offset + 976]; t = (x[offset + 976] ^ x[offset + 1008]) & (c >> 31); x[offset + 976] ^= t; x[offset + 1008] ^= t;
c = 61444 - x[offset + 976]; t = (x[offset + 976] ^ x[offset + 992]) & (c >> 31); x[offset + 976] ^= t; x[offset + 992] ^= t;
c = 61444 - x[offset + 896]; t = (x[offset + 896] ^ x[offset + 960]) & (c >> 31); x[offset + 896] ^= t; x[offset + 960] ^= t;
c = 61444 - x[offset + 928]; t = (x[offset + 928] ^ x[offset + 992]) & (c >> 31); x[offset + 928] ^= t; x[offset + 992] ^= t;
c = 61444 - x[offset + 928]; t = (x[offset + 928] ^ x[offset + 960]) & (c >> 31); x[offset + 928] ^= t; x[offset + 960] ^= t;
c = 61444 - x[offset + 912]; t = (x[offset + 912] ^ x[offset + 976]) & (c >> 31); x[offset + 912] ^= t; x[offset + 976] ^= t;
c = 61444 - x[offset + 944]; t = (x[offset + 944] ^ x[offset + 1008]) & (c >> 31); x[offset + 944] ^= t; x[offset + 1008] ^= t;
c = 61444 - x[offset + 944]; t = (x[offset + 944] ^ x[offset + 976]) & (c >> 31); x[offset + 944] ^= t; x[offset + 976] ^= t;
c = 61444 - x[offset + 912]; t = (x[offset + 912] ^ x[offset + 928]) & (c >> 31); x[offset + 912] ^= t; x[offset + 928] ^= t;
c = 61444 - x[offset + 944]; t = (x[offset + 944] ^ x[offset + 960]) & (c >> 31); x[offset + 944] ^= t; x[offset + 960] ^= t;
c = 61444 - x[offset + 976]; t = (x[offset + 976] ^ x[offset + 992]) & (c >> 31); x[offset + 976] ^= t; x[offset + 992] ^= t;
c = 61444 - x[offset + 768]; t = (x[offset + 768] ^ x[offset + 896]) & (c >> 31); x[offset + 768] ^= t; x[offset + 896] ^= t;
c = 61444 - x[offset + 832]; t = (x[offset + 832] ^ x[offset + 960]) & (c >> 31); x[offset + 832] ^= t; x[offset + 960] ^= t;
c = 61444 - x[offset + 832]; t = (x[offset + 832] ^ x[offset + 896]) & (c >> 31); x[offset + 832] ^= t; x[offset + 896] ^= t;
c = 61444 - x[offset + 800]; t = (x[offset + 800] ^ x[offset + 928]) & (c >> 31); x[offset + 800] ^= t; x[offset + 928] ^= t;
c = 61444 - x[offset + 864]; t = (x[offset + 864] ^ x[offset + 992]) & (c >> 31); x[offset + 864] ^= t; x[offset + 992] ^= t;
c = 61444 - x[offset + 864]; t = (x[offset + 864] ^ x[offset + 928]) & (c >> 31); x[offset + 864] ^= t; x[offset + 928] ^= t;
c = 61444 - x[offset + 800]; t = (x[offset + 800] ^ x[offset + 832]) & (c >> 31); x[offset + 800] ^= t; x[offset + 832] ^= t;
c = 61444 - x[offset + 864]; t = (x[offset + 864] ^ x[offset + 896]) & (c >> 31); x[offset + 864] ^= t; x[offset + 896] ^= t;
c = 61444 - x[offset + 928]; t = (x[offset + 928] ^ x[offset + 960]) & (c >> 31); x[offset + 928] ^= t; x[offset + 960] ^= t;
c = 61444 - x[offset + 784]; t = (x[offset + 784] ^ x[offset + 912]) & (c >> 31); x[offset + 784] ^= t; x[offset + 912] ^= t;
c = 61444 - x[offset + 848]; t = (x[offset + 848] ^ x[offset + 976]) & (c >> 31); x[offset + 848] ^= t; x[offset + 976] ^= t;
c = 61444 - x[offset + 848]; t = (x[offset + 848] ^ x[offset + 912]) & (c >> 31); x[offset + 848] ^= t; x[offset + 912] ^= t;
c = 61444 - x[offset + 816]; t = (x[offset + 816] ^ x[offset + 944]) & (c >> 31); x[offset + 816] ^= t; x[offset + 944] ^= t;
c = 61444 - x[offset + 880]; t = (x[offset + 880] ^ x[offset + 1008]) & (c >> 31); x[offset + 880] ^= t; x[offset + 1008] ^= t;
c = 61444 - x[offset + 880]; t = (x[offset + 880] ^ x[offset + 944]) & (c >> 31); x[offset + 880] ^= t; x[offset + 944] ^= t;
c = 61444 - x[offset + 816]; t = (x[offset + 816] ^ x[offset + 848]) & (c >> 31); x[offset + 816] ^= t; x[offset + 848] ^= t;
c = 61444 - x[offset + 880]; t = (x[offset + 880] ^ x[offset + 912]) & (c >> 31); x[offset + 880] ^= t; x[offset + 912] ^= t;
c = 61444 - x[offset + 944]; t = (x[offset + 944] ^ x[offset + 976]) & (c >> 31); x[offset + 944] ^= t; x[offset + 976] ^= t;
c = 61444 - x[offset + 784]; t = (x[offset + 784] ^ x[offset + 800]) & (c >> 31); x[offset + 784] ^= t; x[offset + 800] ^= t;
c = 61444 - x[offset + 816]; t = (x[offset + 816] ^ x[offset + 832]) & (c >> 31); x[offset + 816] ^= t; x[offset + 832] ^= t;
c = 61444 - x[offset + 848]; t = (x[offset + 848] ^ x[offset + 864]) & (c >> 31); x[offset + 848] ^= t; x[offset + 864] ^= t;
c = 61444 - x[offset + 880]; t = (x[offset + 880] ^ x[offset + 896]) & (c >> 31); x[offset + 880] ^= t; x[offset + 896] ^= t;
c = 61444 - x[offset + 912]; t = (x[offset + 912] ^ x[offset + 928]) & (c >> 31); x[offset + 912] ^= t; x[offset + 928] ^= t;
c = 61444 - x[offset + 944]; t = (x[offset + 944] ^ x[offset + 960]) & (c >> 31); x[offset + 944] ^= t; x[offset + 960] ^= t;
c = 61444 - x[offset + 976]; t = (x[offset + 976] ^ x[offset + 992]) & (c >> 31); x[offset + 976] ^= t; x[offset + 992] ^= t;
c = 61444 - x[offset + 512]; t = (x[offset + 512] ^ x[offset + 768]) & (c >> 31); x[offset + 512] ^= t; x[offset + 768] ^= t;
c = 61444 - x[offset + 640]; t = (x[offset + 640] ^ x[offset + 896]) & (c >> 31); x[offset + 640] ^= t; x[offset + 896] ^= t;
c = 61444 - x[offset + 640]; t = (x[offset + 640] ^ x[offset + 768]) & (c >> 31); x[offset + 640] ^= t; x[offset + 768] ^= t;
c = 61444 - x[offset + 576]; t = (x[offset + 576] ^ x[offset + 832]) & (c >> 31); x[offset + 576] ^= t; x[offset + 832] ^= t;
c = 61444 - x[offset + 704]; t = (x[offset + 704] ^ x[offset + 960]) & (c >> 31); x[offset + 704] ^= t; x[offset + 960] ^= t;
c = 61444 - x[offset + 704]; t = (x[offset + 704] ^ x[offset + 832]) & (c >> 31); x[offset + 704] ^= t; x[offset + 832] ^= t;
c = 61444 - x[offset + 576]; t = (x[offset + 576] ^ x[offset + 640]) & (c >> 31); x[offset + 576] ^= t; x[offset + 640] ^= t;
c = 61444 - x[offset + 704]; t = (x[offset + 704] ^ x[offset + 768]) & (c >> 31); x[offset + 704] ^= t; x[offset + 768] ^= t;
c = 61444 - x[offset + 832]; t = (x[offset + 832] ^ x[offset + 896]) & (c >> 31); x[offset + 832] ^= t; x[offset + 896] ^= t;
c = 61444 - x[offset + 544]; t = (x[offset + 544] ^ x[offset + 800]) & (c >> 31); x[offset + 544] ^= t; x[offset + 800] ^= t;
c = 61444 - x[offset + 672]; t = (x[offset + 672] ^ x[offset + 928]) & (c >> 31); x[offset + 672] ^= t; x[offset + 928] ^= t;
c = 61444 - x[offset + 672]; t = (x[offset + 672] ^ x[offset + 800]) & (c >> 31); x[offset + 672] ^= t; x[offset + 800] ^= t;
c = 61444 - x[offset + 608]; t = (x[offset + 608] ^ x[offset + 864]) & (c >> 31); x[offset + 608] ^= t; x[offset + 864] ^= t;
c = 61444 - x[offset + 736]; t = (x[offset + 736] ^ x[offset + 992]) & (c >> 31); x[offset + 736] ^= t; x[offset + 992] ^= t;
c = 61444 - x[offset + 736]; t = (x[offset + 736] ^ x[offset + 864]) & (c >> 31); x[offset + 736] ^= t; x[offset + 864] ^= t;
c = 61444 - x[offset + 608]; t = (x[offset + 608] ^ x[offset + 672]) & (c >> 31); x[offset + 608] ^= t; x[offset + 672] ^= t;
c = 61444 - x[offset + 736]; t = (x[offset + 736] ^ x[offset + 800]) & (c >> 31); x[offset + 736] ^= t; x[offset + 800] ^= t;
c = 61444 - x[offset + 864]; t = (x[offset + 864] ^ x[offset + 928]) & (c >> 31); x[offset + 864] ^= t; x[offset + 928] ^= t;
c = 61444 - x[offset + 544]; t = (x[offset + 544] ^ x[offset + 576]) & (c >> 31); x[offset + 544] ^= t; x[offset + 576] ^= t;
c = 61444 - x[offset + 608]; t = (x[offset + 608] ^ x[offset + 640]) & (c >> 31); x[offset + 608] ^= t; x[offset + 640] ^= t;
c = 61444 - x[offset + 672]; t = (x[offset + 672] ^ x[offset + 704]) & (c >> 31); x[offset + 672] ^= t; x[offset + 704] ^= t;
c = 61444 - x[offset + 736]; t = (x[offset + 736] ^ x[offset + 768]) & (c >> 31); x[offset + 736] ^= t; x[offset + 768] ^= t;
c = 61444 - x[offset + 800]; t = (x[offset + 800] ^ x[offset + 832]) & (c >> 31); x[offset + 800] ^= t; x[offset + 832] ^= t;
c = 61444 - x[offset + 864]; t = (x[offset + 864] ^ x[offset + 896]) & (c >> 31); x[offset + 864] ^= t; x[offset + 896] ^= t;
c = 61444 - x[offset + 928]; t = (x[offset + 928] ^ x[offset + 960]) & (c >> 31); x[offset + 928] ^= t; x[offset + 960] ^= t;
c = 61444 - x[offset + 528]; t = (x[offset + 528] ^ x[offset + 784]) & (c >> 31); x[offset + 528] ^= t; x[offset + 784] ^= t;
c = 61444 - x[offset + 656]; t = (x[offset + 656] ^ x[offset + 912]) & (c >> 31); x[offset + 656] ^= t; x[offset + 912] ^= t;
c = 61444 - x[offset + 656]; t = (x[offset + 656] ^ x[offset + 784]) & (c >> 31); x[offset + 656] ^= t; x[offset + 784] ^= t;
c = 61444 - x[offset + 592]; t = (x[offset + 592] ^ x[offset + 848]) & (c >> 31); x[offset + 592] ^= t; x[offset + 848] ^= t;
c = 61444 - x[offset + 720]; t = (x[offset + 720] ^ x[offset + 976]) & (c >> 31); x[offset + 720] ^= t; x[offset + 976] ^= t;
c = 61444 - x[offset + 720]; t = (x[offset + 720] ^ x[offset + 848]) & (c >> 31); x[offset + 720] ^= t; x[offset + 848] ^= t;
c = 61444 - x[offset + 592]; t = (x[offset + 592] ^ x[offset + 656]) & (c >> 31); x[offset + 592] ^= t; x[offset + 656] ^= t;
c = 61444 - x[offset + 720]; t = (x[offset + 720] ^ x[offset + 784]) & (c >> 31); x[offset + 720] ^= t; x[offset + 784] ^= t;
c = 61444 - x[offset + 848]; t = (x[offset + 848] ^ x[offset + 912]) & (c >> 31); x[offset + 848] ^= t; x[offset + 912] ^= t;
c = 61444 - x[offset + 560]; t = (x[offset + 560] ^ x[offset + 816]) & (c >> 31); x[offset + 560] ^= t; x[offset + 816] ^= t;
c = 61444 - x[offset + 688]; t = (x[offset + 688] ^ x[offset + 944]) & (c >> 31); x[offset + 688] ^= t; x[offset + 944] ^= t;
c = 61444 - x[offset + 688]; t = (x[offset + 688] ^ x[offset + 816]) & (c >> 31); x[offset + 688] ^= t; x[offset + 816] ^= t;
c = 61444 - x[offset + 624]; t = (x[offset + 624] ^ x[offset + 880]) & (c >> 31); x[offset + 624] ^= t; x[offset + 880] ^= t;
c = 61444 - x[offset + 752]; t = (x[offset + 752] ^ x[offset + 1008]) & (c >> 31); x[offset + 752] ^= t; x[offset + 1008] ^= t;
c = 61444 - x[offset + 752]; t = (x[offset + 752] ^ x[offset + 880]) & (c >> 31); x[offset + 752] ^= t; x[offset + 880] ^= t;
c = 61444 - x[offset + 624]; t = (x[offset + 624] ^ x[offset + 688]) & (c >> 31); x[offset + 624] ^= t; x[offset + 688] ^= t;
c = 61444 - x[offset + 752]; t = (x[offset + 752] ^ x[offset + 816]) & (c >> 31); x[offset + 752] ^= t; x[offset + 816] ^= t;
c = 61444 - x[offset + 880]; t = (x[offset + 880] ^ x[offset + 944]) & (c >> 31); x[offset + 880] ^= t; x[offset + 944] ^= t;
c = 61444 - x[offset + 560]; t = (x[offset + 560] ^ x[offset + 592]) & (c >> 31); x[offset + 560] ^= t; x[offset + 592] ^= t;
c = 61444 - x[offset + 624]; t = (x[offset + 624] ^ x[offset + 656]) & (c >> 31); x[offset + 624] ^= t; x[offset + 656] ^= t;
c = 61444 - x[offset + 688]; t = (x[offset + 688] ^ x[offset + 720]) & (c >> 31); x[offset + 688] ^= t; x[offset + 720] ^= t;
c = 61444 - x[offset + 752]; t = (x[offset + 752] ^ x[offset + 784]) & (c >> 31); x[offset + 752] ^= t; x[offset + 784] ^= t;
c = 61444 - x[offset + 816]; t = (x[offset + 816] ^ x[offset + 848]) & (c >> 31); x[offset + 816] ^= t; x[offset + 848] ^= t;
c = 61444 - x[offset + 880]; t = (x[offset + 880] ^ x[offset + 912]) & (c >> 31); x[offset + 880] ^= t; x[offset + 912] ^= t;
c = 61444 - x[offset + 944]; t = (x[offset + 944] ^ x[offset + 976]) & (c >> 31); x[offset + 944] ^= t; x[offset + 976] ^= t;
c = 61444 - x[offset + 528]; t = (x[offset + 528] ^ x[offset + 544]) & (c >> 31); x[offset + 528] ^= t; x[offset + 544] ^= t;
c = 61444 - x[offset + 560]; t = (x[offset + 560] ^ x[offset + 576]) & (c >> 31); x[offset + 560] ^= t; x[offset + 576] ^= t;
c = 61444 - x[offset + 592]; t = (x[offset + 592] ^ x[offset + 608]) & (c >> 31); x[offset + 592] ^= t; x[offset + 608] ^= t;
c = 61444 - x[offset + 624]; t = (x[offset + 624] ^ x[offset + 640]) & (c >> 31); x[offset + 624] ^= t; x[offset + 640] ^= t;
c = 61444 - x[offset + 656]; t = (x[offset + 656] ^ x[offset + 672]) & (c >> 31); x[offset + 656] ^= t; x[offset + 672] ^= t;
c = 61444 - x[offset + 688]; t = (x[offset + 688] ^ x[offset + 704]) & (c >> 31); x[offset + 688] ^= t; x[offset + 704] ^= t;
c = 61444 - x[offset + 720]; t = (x[offset + 720] ^ x[offset + 736]) & (c >> 31); x[offset + 720] ^= t; x[offset + 736] ^= t;
c = 61444 - x[offset + 752]; t = (x[offset + 752] ^ x[offset + 768]) & (c >> 31); x[offset + 752] ^= t; x[offset + 768] ^= t;
c = 61444 - x[offset + 784]; t = (x[offset + 784] ^ x[offset + 800]) & (c >> 31); x[offset + 784] ^= t; x[offset + 800] ^= t;
c = 61444 - x[offset + 816]; t = (x[offset + 816] ^ x[offset + 832]) & (c >> 31); x[offset + 816] ^= t; x[offset + 832] ^= t;
c = 61444 - x[offset + 848]; t = (x[offset + 848] ^ x[offset + 864]) & (c >> 31); x[offset + 848] ^= t; x[offset + 864] ^= t;
c = 61444 - x[offset + 880]; t = (x[offset + 880] ^ x[offset + 896]) & (c >> 31); x[offset + 880] ^= t; x[offset + 896] ^= t;
c = 61444 - x[offset + 912]; t = (x[offset + 912] ^ x[offset + 928]) & (c >> 31); x[offset + 912] ^= t; x[offset + 928] ^= t;
c = 61444 - x[offset + 944]; t = (x[offset + 944] ^ x[offset + 960]) & (c >> 31); x[offset + 944] ^= t; x[offset + 960] ^= t;
c = 61444 - x[offset + 976]; t = (x[offset + 976] ^ x[offset + 992]) & (c >> 31); x[offset + 976] ^= t; x[offset + 992] ^= t;
c = 61444 - x[offset + 0]; t = (x[offset + 0] ^ x[offset + 512]) & (c >> 31); x[offset + 0] ^= t; x[offset + 512] ^= t;
c = 61444 - x[offset + 256]; t = (x[offset + 256] ^ x[offset + 768]) & (c >> 31); x[offset + 256] ^= t; x[offset + 768] ^= t;
c = 61444 - x[offset + 256]; t = (x[offset + 256] ^ x[offset + 512]) & (c >> 31); x[offset + 256] ^= t; x[offset + 512] ^= t;
c = 61444 - x[offset + 128]; t = (x[offset + 128] ^ x[offset + 640]) & (c >> 31); x[offset + 128] ^= t; x[offset + 640] ^= t;
c = 61444 - x[offset + 384]; t = (x[offset + 384] ^ x[offset + 896]) & (c >> 31); x[offset + 384] ^= t; x[offset + 896] ^= t;
c = 61444 - x[offset + 384]; t = (x[offset + 384] ^ x[offset + 640]) & (c >> 31); x[offset + 384] ^= t; x[offset + 640] ^= t;
c = 61444 - x[offset + 128]; t = (x[offset + 128] ^ x[offset + 256]) & (c >> 31); x[offset + 128] ^= t; x[offset + 256] ^= t;
c = 61444 - x[offset + 384]; t = (x[offset + 384] ^ x[offset + 512]) & (c >> 31); x[offset + 384] ^= t; x[offset + 512] ^= t;
c = 61444 - x[offset + 640]; t = (x[offset + 640] ^ x[offset + 768]) & (c >> 31); x[offset + 640] ^= t; x[offset + 768] ^= t;
c = 61444 - x[offset + 64]; t = (x[offset + 64] ^ x[offset + 576]) & (c >> 31); x[offset + 64] ^= t; x[offset + 576] ^= t;
c = 61444 - x[offset + 320]; t = (x[offset + 320] ^ x[offset + 832]) & (c >> 31); x[offset + 320] ^= t; x[offset + 832] ^= t;
c = 61444 - x[offset + 320]; t = (x[offset + 320] ^ x[offset + 576]) & (c >> 31); x[offset + 320] ^= t; x[offset + 576] ^= t;
c = 61444 - x[offset + 192]; t = (x[offset + 192] ^ x[offset + 704]) & (c >> 31); x[offset + 192] ^= t; x[offset + 704] ^= t;
c = 61444 - x[offset + 448]; t = (x[offset + 448] ^ x[offset + 960]) & (c >> 31); x[offset + 448] ^= t; x[offset + 960] ^= t;
c = 61444 - x[offset + 448]; t = (x[offset + 448] ^ x[offset + 704]) & (c >> 31); x[offset + 448] ^= t; x[offset + 704] ^= t;
c = 61444 - x[offset + 192]; t = (x[offset + 192] ^ x[offset + 320]) & (c >> 31); x[offset + 192] ^= t; x[offset + 320] ^= t;
c = 61444 - x[offset + 448]; t = (x[offset + 448] ^ x[offset + 576]) & (c >> 31); x[offset + 448] ^= t; x[offset + 576] ^= t;
c = 61444 - x[offset + 704]; t = (x[offset + 704] ^ x[offset + 832]) & (c >> 31); x[offset + 704] ^= t; x[offset + 832] ^= t;
c = 61444 - x[offset + 64]; t = (x[offset + 64] ^ x[offset + 128]) & (c >> 31); x[offset + 64] ^= t; x[offset + 128] ^= t;
c = 61444 - x[offset + 192]; t = (x[offset + 192] ^ x[offset + 256]) & (c >> 31); x[offset + 192] ^= t; x[offset + 256] ^= t;
c = 61444 - x[offset + 320]; t = (x[offset + 320] ^ x[offset + 384]) & (c >> 31); x[offset + 320] ^= t; x[offset + 384] ^= t;
c = 61444 - x[offset + 448]; t = (x[offset + 448] ^ x[offset + 512]) & (c >> 31); x[offset + 448] ^= t; x[offset + 512] ^= t;
c = 61444 - x[offset + 576]; t = (x[offset + 576] ^ x[offset + 640]) & (c >> 31); x[offset + 576] ^= t; x[offset + 640] ^= t;
c = 61444 - x[offset + 704]; t = (x[offset + 704] ^ x[offset + 768]) & (c >> 31); x[offset + 704] ^= t; x[offset + 768] ^= t;
c = 61444 - x[offset + 832]; t = (x[offset + 832] ^ x[offset + 896]) & (c >> 31); x[offset + 832] ^= t; x[offset + 896] ^= t;
c = 61444 - x[offset + 32]; t = (x[offset + 32] ^ x[offset + 544]) & (c >> 31); x[offset + 32] ^= t; x[offset + 544] ^= t;
c = 61444 - x[offset + 288]; t = (x[offset + 288] ^ x[offset + 800]) & (c >> 31); x[offset + 288] ^= t; x[offset + 800] ^= t;
c = 61444 - x[offset + 288]; t = (x[offset + 288] ^ x[offset + 544]) & (c >> 31); x[offset + 288] ^= t; x[offset + 544] ^= t;
c = 61444 - x[offset + 160]; t = (x[offset + 160] ^ x[offset + 672]) & (c >> 31); x[offset + 160] ^= t; x[offset + 672] ^= t;
c = 61444 - x[offset + 416]; t = (x[offset + 416] ^ x[offset + 928]) & (c >> 31); x[offset + 416] ^= t; x[offset + 928] ^= t;
c = 61444 - x[offset + 416]; t = (x[offset + 416] ^ x[offset + 672]) & (c >> 31); x[offset + 416] ^= t; x[offset + 672] ^= t;
c = 61444 - x[offset + 160]; t = (x[offset + 160] ^ x[offset + 288]) & (c >> 31); x[offset + 160] ^= t; x[offset + 288] ^= t;
c = 61444 - x[offset + 416]; t = (x[offset + 416] ^ x[offset + 544]) & (c >> 31); x[offset + 416] ^= t; x[offset + 544] ^= t;
c = 61444 - x[offset + 672]; t = (x[offset + 672] ^ x[offset + 800]) & (c >> 31); x[offset + 672] ^= t; x[offset + 800] ^= t;
c = 61444 - x[offset + 96]; t = (x[offset + 96] ^ x[offset + 608]) & (c >> 31); x[offset + 96] ^= t; x[offset + 608] ^= t;
c = 61444 - x[offset + 352]; t = (x[offset + 352] ^ x[offset + 864]) & (c >> 31); x[offset + 352] ^= t; x[offset + 864] ^= t;
c = 61444 - x[offset + 352]; t = (x[offset + 352] ^ x[offset + 608]) & (c >> 31); x[offset + 352] ^= t; x[offset + 608] ^= t;
c = 61444 - x[offset + 224]; t = (x[offset + 224] ^ x[offset + 736]) & (c >> 31); x[offset + 224] ^= t; x[offset + 736] ^= t;
c = 61444 - x[offset + 480]; t = (x[offset + 480] ^ x[offset + 992]) & (c >> 31); x[offset + 480] ^= t; x[offset + 992] ^= t;
c = 61444 - x[offset + 480]; t = (x[offset + 480] ^ x[offset + 736]) & (c >> 31); x[offset + 480] ^= t; x[offset + 736] ^= t;
c = 61444 - x[offset + 224]; t = (x[offset + 224] ^ x[offset + 352]) & (c >> 31); x[offset + 224] ^= t; x[offset + 352] ^= t;
c = 61444 - x[offset + 480]; t = (x[offset + 480] ^ x[offset + 608]) & (c >> 31); x[offset + 480] ^= t; x[offset + 608] ^= t;
c = 61444 - x[offset + 736]; t = (x[offset + 736] ^ x[offset + 864]) & (c >> 31); x[offset + 736] ^= t; x[offset + 864] ^= t;
c = 61444 - x[offset + 96]; t = (x[offset + 96] ^ x[offset + 160]) & (c >> 31); x[offset + 96] ^= t; x[offset + 160] ^= t;
c = 61444 - x[offset + 224]; t = (x[offset + 224] ^ x[offset + 288]) & (c >> 31); x[offset + 224] ^= t; x[offset + 288] ^= t;
c = 61444 - x[offset + 352]; t = (x[offset + 352] ^ x[offset + 416]) & (c >> 31); x[offset + 352] ^= t; x[offset + 416] ^= t;
c = 61444 - x[offset + 480]; t = (x[offset + 480] ^ x[offset + 544]) & (c >> 31); x[offset + 480] ^= t; x[offset + 544] ^= t;
c = 61444 - x[offset + 608]; t = (x[offset + 608] ^ x[offset + 672]) & (c >> 31); x[offset + 608] ^= t; x[offset + 672] ^= t;
c = 61444 - x[offset + 736]; t = (x[offset + 736] ^ x[offset + 800]) & (c >> 31); x[offset + 736] ^= t; x[offset + 800] ^= t;
c = 61444 - x[offset + 864]; t = (x[offset + 864] ^ x[offset + 928]) & (c >> 31); x[offset + 864] ^= t; x[offset + 928] ^= t;
c = 61444 - x[offset + 32]; t = (x[offset + 32] ^ x[offset + 64]) & (c >> 31); x[offset + 32] ^= t; x[offset + 64] ^= t;
c = 61444 - x[offset + 96]; t = (x[offset + 96] ^ x[offset + 128]) & (c >> 31); x[offset + 96] ^= t; x[offset + 128] ^= t;
c = 61444 - x[offset + 160]; t = (x[offset + 160] ^ x[offset + 192]) & (c >> 31); x[offset + 160] ^= t; x[offset + 192] ^= t;
c = 61444 - x[offset + 224]; t = (x[offset + 224] ^ x[offset + 256]) & (c >> 31); x[offset + 224] ^= t; x[offset + 256] ^= t;
c = 61444 - x[offset + 288]; t = (x[offset + 288] ^ x[offset + 320]) & (c >> 31); x[offset + 288] ^= t; x[offset + 320] ^= t;
c = 61444 - x[offset + 352]; t = (x[offset + 352] ^ x[offset + 384]) & (c >> 31); x[offset + 352] ^= t; x[offset + 384] ^= t;
c = 61444 - x[offset + 416]; t = (x[offset + 416] ^ x[offset + 448]) & (c >> 31); x[offset + 416] ^= t; x[offset + 448] ^= t;
c = 61444 - x[offset + 480]; t = (x[offset + 480] ^ x[offset + 512]) & (c >> 31); x[offset + 480] ^= t; x[offset + 512] ^= t;
c = 61444 - x[offset + 544]; t = (x[offset + 544] ^ x[offset + 576]) & (c >> 31); x[offset + 544] ^= t; x[offset + 576] ^= t;
c = 61444 - x[offset + 608]; t = (x[offset + 608] ^ x[offset + 640]) & (c >> 31); x[offset + 608] ^= t; x[offset + 640] ^= t;
c = 61444 - x[offset + 672]; t = (x[offset + 672] ^ x[offset + 704]) & (c >> 31); x[offset + 672] ^= t; x[offset + 704] ^= t;
c = 61444 - x[offset + 736]; t = (x[offset + 736] ^ x[offset + 768]) & (c >> 31); x[offset + 736] ^= t; x[offset + 768] ^= t;
c = 61444 - x[offset + 800]; t = (x[offset + 800] ^ x[offset + 832]) & (c >> 31); x[offset + 800] ^= t; x[offset + 832] ^= t;
c = 61444 - x[offset + 864]; t = (x[offset + 864] ^ x[offset + 896]) & (c >> 31); x[offset + 864] ^= t; x[offset + 896] ^= t;
c = 61444 - x[offset + 928]; t = (x[offset + 928] ^ x[offset + 960]) & (c >> 31); x[offset + 928] ^= t; x[offset + 960] ^= t;
c = 61444 - x[offset + 16]; t = (x[offset + 16] ^ x[offset + 528]) & (c >> 31); x[offset + 16] ^= t; x[offset + 528] ^= t;
c = 61444 - x[offset + 272]; t = (x[offset + 272] ^ x[offset + 784]) & (c >> 31); x[offset + 272] ^= t; x[offset + 784] ^= t;
c = 61444 - x[offset + 272]; t = (x[offset + 272] ^ x[offset + 528]) & (c >> 31); x[offset + 272] ^= t; x[offset + 528] ^= t;
c = 61444 - x[offset + 144]; t = (x[offset + 144] ^ x[offset + 656]) & (c >> 31); x[offset + 144] ^= t; x[offset + 656] ^= t;
c = 61444 - x[offset + 400]; t = (x[offset + 400] ^ x[offset + 912]) & (c >> 31); x[offset + 400] ^= t; x[offset + 912] ^= t;
c = 61444 - x[offset + 400]; t = (x[offset + 400] ^ x[offset + 656]) & (c >> 31); x[offset + 400] ^= t; x[offset + 656] ^= t;
c = 61444 - x[offset + 144]; t = (x[offset + 144] ^ x[offset + 272]) & (c >> 31); x[offset + 144] ^= t; x[offset + 272] ^= t;
c = 61444 - x[offset + 400]; t = (x[offset + 400] ^ x[offset + 528]) & (c >> 31); x[offset + 400] ^= t; x[offset + 528] ^= t;
c = 61444 - x[offset + 656]; t = (x[offset + 656] ^ x[offset + 784]) & (c >> 31); x[offset + 656] ^= t; x[offset + 784] ^= t;
c = 61444 - x[offset + 80]; t = (x[offset + 80] ^ x[offset + 592]) & (c >> 31); x[offset + 80] ^= t; x[offset + 592] ^= t;
c = 61444 - x[offset + 336]; t = (x[offset + 336] ^ x[offset + 848]) & (c >> 31); x[offset + 336] ^= t; x[offset + 848] ^= t;
c = 61444 - x[offset + 336]; t = (x[offset + 336] ^ x[offset + 592]) & (c >> 31); x[offset + 336] ^= t; x[offset + 592] ^= t;
c = 61444 - x[offset + 208]; t = (x[offset + 208] ^ x[offset + 720]) & (c >> 31); x[offset + 208] ^= t; x[offset + 720] ^= t;
c = 61444 - x[offset + 464]; t = (x[offset + 464] ^ x[offset + 976]) & (c >> 31); x[offset + 464] ^= t; x[offset + 976] ^= t;
c = 61444 - x[offset + 464]; t = (x[offset + 464] ^ x[offset + 720]) & (c >> 31); x[offset + 464] ^= t; x[offset + 720] ^= t;
c = 61444 - x[offset + 208]; t = (x[offset + 208] ^ x[offset + 336]) & (c >> 31); x[offset + 208] ^= t; x[offset + 336] ^= t;
c = 61444 - x[offset + 464]; t = (x[offset + 464] ^ x[offset + 592]) & (c >> 31); x[offset + 464] ^= t; x[offset + 592] ^= t;
c = 61444 - x[offset + 720]; t = (x[offset + 720] ^ x[offset + 848]) & (c >> 31); x[offset + 720] ^= t; x[offset + 848] ^= t;
c = 61444 - x[offset + 80]; t = (x[offset + 80] ^ x[offset + 144]) & (c >> 31); x[offset + 80] ^= t; x[offset + 144] ^= t;
c = 61444 - x[offset + 208]; t = (x[offset + 208] ^ x[offset + 272]) & (c >> 31); x[offset + 208] ^= t; x[offset + 272] ^= t;
c = 61444 - x[offset + 336]; t = (x[offset + 336] ^ x[offset + 400]) & (c >> 31); x[offset + 336] ^= t; x[offset + 400] ^= t;
c = 61444 - x[offset + 464]; t = (x[offset + 464] ^ x[offset + 528]) & (c >> 31); x[offset + 464] ^= t; x[offset + 528] ^= t;
c = 61444 - x[offset + 592]; t = (x[offset + 592] ^ x[offset + 656]) & (c >> 31); x[offset + 592] ^= t; x[offset + 656] ^= t;
c = 61444 - x[offset + 720]; t = (x[offset + 720] ^ x[offset + 784]) & (c >> 31); x[offset + 720] ^= t; x[offset + 784] ^= t;
c = 61444 - x[offset + 848]; t = (x[offset + 848] ^ x[offset + 912]) & (c >> 31); x[offset + 848] ^= t; x[offset + 912] ^= t;
c = 61444 - x[offset + 48]; t = (x[offset + 48] ^ x[offset + 560]) & (c >> 31); x[offset + 48] ^= t; x[offset + 560] ^= t;
c = 61444 - x[offset + 304]; t = (x[offset + 304] ^ x[offset + 816]) & (c >> 31); x[offset + 304] ^= t; x[offset + 816] ^= t;
c = 61444 - x[offset + 304]; t = (x[offset + 304] ^ x[offset + 560]) & (c >> 31); x[offset + 304] ^= t; x[offset + 560] ^= t;
c = 61444 - x[offset + 176]; t = (x[offset + 176] ^ x[offset + 688]) & (c >> 31); x[offset + 176] ^= t; x[offset + 688] ^= t;
c = 61444 - x[offset + 432]; t = (x[offset + 432] ^ x[offset + 944]) & (c >> 31); x[offset + 432] ^= t; x[offset + 944] ^= t;
c = 61444 - x[offset + 432]; t = (x[offset + 432] ^ x[offset + 688]) & (c >> 31); x[offset + 432] ^= t; x[offset + 688] ^= t;
c = 61444 - x[offset + 176]; t = (x[offset + 176] ^ x[offset + 304]) & (c >> 31); x[offset + 176] ^= t; x[offset + 304] ^= t;
c = 61444 - x[offset + 432]; t = (x[offset + 432] ^ x[offset + 560]) & (c >> 31); x[offset + 432] ^= t; x[offset + 560] ^= t;
c = 61444 - x[offset + 688]; t = (x[offset + 688] ^ x[offset + 816]) & (c >> 31); x[offset + 688] ^= t; x[offset + 816] ^= t;
c = 61444 - x[offset + 112]; t = (x[offset + 112] ^ x[offset + 624]) & (c >> 31); x[offset + 112] ^= t; x[offset + 624] ^= t;
c = 61444 - x[offset + 368]; t = (x[offset + 368] ^ x[offset + 880]) & (c >> 31); x[offset + 368] ^= t; x[offset + 880] ^= t;
c = 61444 - x[offset + 368]; t = (x[offset + 368] ^ x[offset + 624]) & (c >> 31); x[offset + 368] ^= t; x[offset + 624] ^= t;
c = 61444 - x[offset + 240]; t = (x[offset + 240] ^ x[offset + 752]) & (c >> 31); x[offset + 240] ^= t; x[offset + 752] ^= t;
c = 61444 - x[offset + 496]; t = (x[offset + 496] ^ x[offset + 1008]) & (c >> 31); x[offset + 496] ^= t; x[offset + 1008] ^= t;
c = 61444 - x[offset + 496]; t = (x[offset + 496] ^ x[offset + 752]) & (c >> 31); x[offset + 496] ^= t; x[offset + 752] ^= t;
c = 61444 - x[offset + 240]; t = (x[offset + 240] ^ x[offset + 368]) & (c >> 31); x[offset + 240] ^= t; x[offset + 368] ^= t;
c = 61444 - x[offset + 496]; t = (x[offset + 496] ^ x[offset + 624]) & (c >> 31); x[offset + 496] ^= t; x[offset + 624] ^= t;
c = 61444 - x[offset + 752]; t = (x[offset + 752] ^ x[offset + 880]) & (c >> 31); x[offset + 752] ^= t; x[offset + 880] ^= t;
c = 61444 - x[offset + 112]; t = (x[offset + 112] ^ x[offset + 176]) & (c >> 31); x[offset + 112] ^= t; x[offset + 176] ^= t;
c = 61444 - x[offset + 240]; t = (x[offset + 240] ^ x[offset + 304]) & (c >> 31); x[offset + 240] ^= t; x[offset + 304] ^= t;
c = 61444 - x[offset + 368]; t = (x[offset + 368] ^ x[offset + 432]) & (c >> 31); x[offset + 368] ^= t; x[offset + 432] ^= t;
c = 61444 - x[offset + 496]; t = (x[offset + 496] ^ x[offset + 560]) & (c >> 31); x[offset + 496] ^= t; x[offset + 560] ^= t;
c = 61444 - x[offset + 624]; t = (x[offset + 624] ^ x[offset + 688]) & (c >> 31); x[offset + 624] ^= t; x[offset + 688] ^= t;
c = 61444 - x[offset + 752]; t = (x[offset + 752] ^ x[offset + 816]) & (c >> 31); x[offset + 752] ^= t; x[offset + 816] ^= t;
c = 61444 - x[offset + 880]; t = (x[offset + 880] ^ x[offset + 944]) & (c >> 31); x[offset + 880] ^= t; x[offset + 944] ^= t;
c = 61444 - x[offset + 48]; t = (x[offset + 48] ^ x[offset + 80]) & (c >> 31); x[offset + 48] ^= t; x[offset + 80] ^= t;
c = 61444 - x[offset + 112]; t = (x[offset + 112] ^ x[offset + 144]) & (c >> 31); x[offset + 112] ^= t; x[offset + 144] ^= t;
c = 61444 - x[offset + 176]; t = (x[offset + 176] ^ x[offset + 208]) & (c >> 31); x[offset + 176] ^= t; x[offset + 208] ^= t;
c = 61444 - x[offset + 240]; t = (x[offset + 240] ^ x[offset + 272]) & (c >> 31); x[offset + 240] ^= t; x[offset + 272] ^= t;
c = 61444 - x[offset + 304]; t = (x[offset + 304] ^ x[offset + 336]) & (c >> 31); x[offset + 304] ^= t; x[offset + 336] ^= t;
c = 61444 - x[offset + 368]; t = (x[offset + 368] ^ x[offset + 400]) & (c >> 31); x[offset + 368] ^= t; x[offset + 400] ^= t;
c = 61444 - x[offset + 432]; t = (x[offset + 432] ^ x[offset + 464]) & (c >> 31); x[offset + 432] ^= t; x[offset + 464] ^= t;
c = 61444 - x[offset + 496]; t = (x[offset + 496] ^ x[offset + 528]) & (c >> 31); x[offset + 496] ^= t; x[offset + 528] ^= t;
c = 61444 - x[offset + 560]; t = (x[offset + 560] ^ x[offset + 592]) & (c >> 31); x[offset + 560] ^= t; x[offset + 592] ^= t;
c = 61444 - x[offset + 624]; t = (x[offset + 624] ^ x[offset + 656]) & (c >> 31); x[offset + 624] ^= t; x[offset + 656] ^= t;
c = 61444 - x[offset + 688]; t = (x[offset + 688] ^ x[offset + 720]) & (c >> 31); x[offset + 688] ^= t; x[offset + 720] ^= t;
c = 61444 - x[offset + 752]; t = (x[offset + 752] ^ x[offset + 784]) & (c >> 31); x[offset + 752] ^= t; x[offset + 784] ^= t;
c = 61444 - x[offset + 816]; t = (x[offset + 816] ^ x[offset + 848]) & (c >> 31); x[offset + 816] ^= t; x[offset + 848] ^= t;
c = 61444 - x[offset + 880]; t = (x[offset + 880] ^ x[offset + 912]) & (c >> 31); x[offset + 880] ^= t; x[offset + 912] ^= t;
c = 61444 - x[offset + 944]; t = (x[offset + 944] ^ x[offset + 976]) & (c >> 31); x[offset + 944] ^= t; x[offset + 976] ^= t;
c = 61444 - x[offset + 16]; t = (x[offset + 16] ^ x[offset + 32]) & (c >> 31); x[offset + 16] ^= t; x[offset + 32] ^= t;
c = 61444 - x[offset + 48]; t = (x[offset + 48] ^ x[offset + 64]) & (c >> 31); x[offset + 48] ^= t; x[offset + 64] ^= t;
c = 61444 - x[offset + 80]; t = (x[offset + 80] ^ x[offset + 96]) & (c >> 31); x[offset + 80] ^= t; x[offset + 96] ^= t;
c = 61444 - x[offset + 112]; t = (x[offset + 112] ^ x[offset + 128]) & (c >> 31); x[offset + 112] ^= t; x[offset + 128] ^= t;
c = 61444 - x[offset + 144]; t = (x[offset + 144] ^ x[offset + 160]) & (c >> 31); x[offset + 144] ^= t; x[offset + 160] ^= t;
c = 61444 - x[offset + 176]; t = (x[offset + 176] ^ x[offset + 192]) & (c >> 31); x[offset + 176] ^= t; x[offset + 192] ^= t;
c = 61444 - x[offset + 208]; t = (x[offset + 208] ^ x[offset + 224]) & (c >> 31); x[offset + 208] ^= t; x[offset + 224] ^= t;
c = 61444 - x[offset + 240]; t = (x[offset + 240] ^ x[offset + 256]) & (c >> 31); x[offset + 240] ^= t; x[offset + 256] ^= t;
c = 61444 - x[offset + 272]; t = (x[offset + 272] ^ x[offset + 288]) & (c >> 31); x[offset + 272] ^= t; x[offset + 288] ^= t;
c = 61444 - x[offset + 304]; t = (x[offset + 304] ^ x[offset + 320]) & (c >> 31); x[offset + 304] ^= t; x[offset + 320] ^= t;
c = 61444 - x[offset + 336]; t = (x[offset + 336] ^ x[offset + 352]) & (c >> 31); x[offset + 336] ^= t; x[offset + 352] ^= t;
c = 61444 - x[offset + 368]; t = (x[offset + 368] ^ x[offset + 384]) & (c >> 31); x[offset + 368] ^= t; x[offset + 384] ^= t;
c = 61444 - x[offset + 400]; t = (x[offset + 400] ^ x[offset + 416]) & (c >> 31); x[offset + 400] ^= t; x[offset + 416] ^= t;
c = 61444 - x[offset + 432]; t = (x[offset + 432] ^ x[offset + 448]) & (c >> 31); x[offset + 432] ^= t; x[offset + 448] ^= t;
c = 61444 - x[offset + 464]; t = (x[offset + 464] ^ x[offset + 480]) & (c >> 31); x[offset + 464] ^= t; x[offset + 480] ^= t;
c = 61444 - x[offset + 496]; t = (x[offset + 496] ^ x[offset + 512]) & (c >> 31); x[offset + 496] ^= t; x[offset + 512] ^= t;
c = 61444 - x[offset + 528]; t = (x[offset + 528] ^ x[offset + 544]) & (c >> 31); x[offset + 528] ^= t; x[offset + 544] ^= t;
c = 61444 - x[offset + 560]; t = (x[offset + 560] ^ x[offset + 576]) & (c >> 31); x[offset + 560] ^= t; x[offset + 576] ^= t;
c = 61444 - x[offset + 592]; t = (x[offset + 592] ^ x[offset + 608]) & (c >> 31); x[offset + 592] ^= t; x[offset + 608] ^= t;
c = 61444 - x[offset + 624]; t = (x[offset + 624] ^ x[offset + 640]) & (c >> 31); x[offset + 624] ^= t; x[offset + 640] ^= t;
c = 61444 - x[offset + 656]; t = (x[offset + 656] ^ x[offset + 672]) & (c >> 31); x[offset + 656] ^= t; x[offset + 672] ^= t;
c = 61444 - x[offset + 688]; t = (x[offset + 688] ^ x[offset + 704]) & (c >> 31); x[offset + 688] ^= t; x[offset + 704] ^= t;
c = 61444 - x[offset + 720]; t = (x[offset + 720] ^ x[offset + 736]) & (c >> 31); x[offset + 720] ^= t; x[offset + 736] ^= t;
c = 61444 - x[offset + 752]; t = (x[offset + 752] ^ x[offset + 768]) & (c >> 31); x[offset + 752] ^= t; x[offset + 768] ^= t;
c = 61444 - x[offset + 784]; t = (x[offset + 784] ^ x[offset + 800]) & (c >> 31); x[offset + 784] ^= t; x[offset + 800] ^= t;
c = 61444 - x[offset + 816]; t = (x[offset + 816] ^ x[offset + 832]) & (c >> 31); x[offset + 816] ^= t; x[offset + 832] ^= t;
c = 61444 - x[offset + 848]; t = (x[offset + 848] ^ x[offset + 864]) & (c >> 31); x[offset + 848] ^= t; x[offset + 864] ^= t;
c = 61444 - x[offset + 880]; t = (x[offset + 880] ^ x[offset + 896]) & (c >> 31); x[offset + 880] ^= t; x[offset + 896] ^= t;
c = 61444 - x[offset + 912]; t = (x[offset + 912] ^ x[offset + 928]) & (c >> 31); x[offset + 912] ^= t; x[offset + 928] ^= t;
c = 61444 - x[offset + 944]; t = (x[offset + 944] ^ x[offset + 960]) & (c >> 31); x[offset + 944] ^= t; x[offset + 960] ^= t;
c = 61444 - x[offset + 976]; t = (x[offset + 976] ^ x[offset + 992]) & (c >> 31); x[offset + 976] ^= t; x[offset + 992] ^= t;
c = 61444 - x[offset + 1024]; t = (x[offset + 1024] ^ x[offset + 1040]) & (c >> 31); x[offset + 1024] ^= t; x[offset + 1040] ^= t;
c = 61444 - x[offset + 1056]; t = (x[offset + 1056] ^ x[offset + 1072]) & (c >> 31); x[offset + 1056] ^= t; x[offset + 1072] ^= t;
c = 61444 - x[offset + 1024]; t = (x[offset + 1024] ^ x[offset + 1056]) & (c >> 31); x[offset + 1024] ^= t; x[offset + 1056] ^= t;
c = 61444 - x[offset + 1040]; t = (x[offset + 1040] ^ x[offset + 1072]) & (c >> 31); x[offset + 1040] ^= t; x[offset + 1072] ^= t;
c = 61444 - x[offset + 1040]; t = (x[offset + 1040] ^ x[offset + 1056]) & (c >> 31); x[offset + 1040] ^= t; x[offset + 1056] ^= t;
c = 61444 - x[offset + 1088]; t = (x[offset + 1088] ^ x[offset + 1104]) & (c >> 31); x[offset + 1088] ^= t; x[offset + 1104] ^= t;
c = 61444 - x[offset + 1120]; t = (x[offset + 1120] ^ x[offset + 1136]) & (c >> 31); x[offset + 1120] ^= t; x[offset + 1136] ^= t;
c = 61444 - x[offset + 1088]; t = (x[offset + 1088] ^ x[offset + 1120]) & (c >> 31); x[offset + 1088] ^= t; x[offset + 1120] ^= t;
c = 61444 - x[offset + 1104]; t = (x[offset + 1104] ^ x[offset + 1136]) & (c >> 31); x[offset + 1104] ^= t; x[offset + 1136] ^= t;
c = 61444 - x[offset + 1104]; t = (x[offset + 1104] ^ x[offset + 1120]) & (c >> 31); x[offset + 1104] ^= t; x[offset + 1120] ^= t;
c = 61444 - x[offset + 1024]; t = (x[offset + 1024] ^ x[offset + 1088]) & (c >> 31); x[offset + 1024] ^= t; x[offset + 1088] ^= t;
c = 61444 - x[offset + 1056]; t = (x[offset + 1056] ^ x[offset + 1120]) & (c >> 31); x[offset + 1056] ^= t; x[offset + 1120] ^= t;
c = 61444 - x[offset + 1056]; t = (x[offset + 1056] ^ x[offset + 1088]) & (c >> 31); x[offset + 1056] ^= t; x[offset + 1088] ^= t;
c = 61444 - x[offset + 1040]; t = (x[offset + 1040] ^ x[offset + 1104]) & (c >> 31); x[offset + 1040] ^= t; x[offset + 1104] ^= t;
c = 61444 - x[offset + 1072]; t = (x[offset + 1072] ^ x[offset + 1136]) & (c >> 31); x[offset + 1072] ^= t; x[offset + 1136] ^= t;
c = 61444 - x[offset + 1072]; t = (x[offset + 1072] ^ x[offset + 1104]) & (c >> 31); x[offset + 1072] ^= t; x[offset + 1104] ^= t;
c = 61444 - x[offset + 1040]; t = (x[offset + 1040] ^ x[offset + 1056]) & (c >> 31); x[offset + 1040] ^= t; x[offset + 1056] ^= t;
c = 61444 - x[offset + 1072]; t = (x[offset + 1072] ^ x[offset + 1088]) & (c >> 31); x[offset + 1072] ^= t; x[offset + 1088] ^= t;
c = 61444 - x[offset + 1104]; t = (x[offset + 1104] ^ x[offset + 1120]) & (c >> 31); x[offset + 1104] ^= t; x[offset + 1120] ^= t;
c = 61444 - x[offset + 1152]; t = (x[offset + 1152] ^ x[offset + 1168]) & (c >> 31); x[offset + 1152] ^= t; x[offset + 1168] ^= t;
c = 61444 - x[offset + 1184]; t = (x[offset + 1184] ^ x[offset + 1200]) & (c >> 31); x[offset + 1184] ^= t; x[offset + 1200] ^= t;
c = 61444 - x[offset + 1152]; t = (x[offset + 1152] ^ x[offset + 1184]) & (c >> 31); x[offset + 1152] ^= t; x[offset + 1184] ^= t;
c = 61444 - x[offset + 1168]; t = (x[offset + 1168] ^ x[offset + 1200]) & (c >> 31); x[offset + 1168] ^= t; x[offset + 1200] ^= t;
c = 61444 - x[offset + 1168]; t = (x[offset + 1168] ^ x[offset + 1184]) & (c >> 31); x[offset + 1168] ^= t; x[offset + 1184] ^= t;
c = 61444 - x[offset + 1216]; t = (x[offset + 1216] ^ x[offset + 1232]) & (c >> 31); x[offset + 1216] ^= t; x[offset + 1232] ^= t;
c = 61444 - x[offset + 1248]; t = (x[offset + 1248] ^ x[offset + 1264]) & (c >> 31); x[offset + 1248] ^= t; x[offset + 1264] ^= t;
c = 61444 - x[offset + 1216]; t = (x[offset + 1216] ^ x[offset + 1248]) & (c >> 31); x[offset + 1216] ^= t; x[offset + 1248] ^= t;
c = 61444 - x[offset + 1232]; t = (x[offset + 1232] ^ x[offset + 1264]) & (c >> 31); x[offset + 1232] ^= t; x[offset + 1264] ^= t;
c = 61444 - x[offset + 1232]; t = (x[offset + 1232] ^ x[offset + 1248]) & (c >> 31); x[offset + 1232] ^= t; x[offset + 1248] ^= t;
c = 61444 - x[offset + 1152]; t = (x[offset + 1152] ^ x[offset + 1216]) & (c >> 31); x[offset + 1152] ^= t; x[offset + 1216] ^= t;
c = 61444 - x[offset + 1184]; t = (x[offset + 1184] ^ x[offset + 1248]) & (c >> 31); x[offset + 1184] ^= t; x[offset + 1248] ^= t;
c = 61444 - x[offset + 1184]; t = (x[offset + 1184] ^ x[offset + 1216]) & (c >> 31); x[offset + 1184] ^= t; x[offset + 1216] ^= t;
c = 61444 - x[offset + 1168]; t = (x[offset + 1168] ^ x[offset + 1232]) & (c >> 31); x[offset + 1168] ^= t; x[offset + 1232] ^= t;
c = 61444 - x[offset + 1200]; t = (x[offset + 1200] ^ x[offset + 1264]) & (c >> 31); x[offset + 1200] ^= t; x[offset + 1264] ^= t;
c = 61444 - x[offset + 1200]; t = (x[offset + 1200] ^ x[offset + 1232]) & (c >> 31); x[offset + 1200] ^= t; x[offset + 1232] ^= t;
c = 61444 - x[offset + 1168]; t = (x[offset + 1168] ^ x[offset + 1184]) & (c >> 31); x[offset + 1168] ^= t; x[offset + 1184] ^= t;
c = 61444 - x[offset + 1200]; t = (x[offset + 1200] ^ x[offset + 1216]) & (c >> 31); x[offset + 1200] ^= t; x[offset + 1216] ^= t;
c = 61444 - x[offset + 1232]; t = (x[offset + 1232] ^ x[offset + 1248]) & (c >> 31); x[offset + 1232] ^= t; x[offset + 1248] ^= t;
c = 61444 - x[offset + 1024]; t = (x[offset + 1024] ^ x[offset + 1152]) & (c >> 31); x[offset + 1024] ^= t; x[offset + 1152] ^= t;
c = 61444 - x[offset + 1088]; t = (x[offset + 1088] ^ x[offset + 1216]) & (c >> 31); x[offset + 1088] ^= t; x[offset + 1216] ^= t;
c = 61444 - x[offset + 1088]; t = (x[offset + 1088] ^ x[offset + 1152]) & (c >> 31); x[offset + 1088] ^= t; x[offset + 1152] ^= t;
c = 61444 - x[offset + 1056]; t = (x[offset + 1056] ^ x[offset + 1184]) & (c >> 31); x[offset + 1056] ^= t; x[offset + 1184] ^= t;
c = 61444 - x[offset + 1120]; t = (x[offset + 1120] ^ x[offset + 1248]) & (c >> 31); x[offset + 1120] ^= t; x[offset + 1248] ^= t;
c = 61444 - x[offset + 1120]; t = (x[offset + 1120] ^ x[offset + 1184]) & (c >> 31); x[offset + 1120] ^= t; x[offset + 1184] ^= t;
c = 61444 - x[offset + 1056]; t = (x[offset + 1056] ^ x[offset + 1088]) & (c >> 31); x[offset + 1056] ^= t; x[offset + 1088] ^= t;
c = 61444 - x[offset + 1120]; t = (x[offset + 1120] ^ x[offset + 1152]) & (c >> 31); x[offset + 1120] ^= t; x[offset + 1152] ^= t;
c = 61444 - x[offset + 1184]; t = (x[offset + 1184] ^ x[offset + 1216]) & (c >> 31); x[offset + 1184] ^= t; x[offset + 1216] ^= t;
c = 61444 - x[offset + 1040]; t = (x[offset + 1040] ^ x[offset + 1168]) & (c >> 31); x[offset + 1040] ^= t; x[offset + 1168] ^= t;
c = 61444 - x[offset + 1104]; t = (x[offset + 1104] ^ x[offset + 1232]) & (c >> 31); x[offset + 1104] ^= t; x[offset + 1232] ^= t;
c = 61444 - x[offset + 1104]; t = (x[offset + 1104] ^ x[offset + 1168]) & (c >> 31); x[offset + 1104] ^= t; x[offset + 1168] ^= t;
c = 61444 - x[offset + 1072]; t = (x[offset + 1072] ^ x[offset + 1200]) & (c >> 31); x[offset + 1072] ^= t; x[offset + 1200] ^= t;
c = 61444 - x[offset + 1136]; t = (x[offset + 1136] ^ x[offset + 1264]) & (c >> 31); x[offset + 1136] ^= t; x[offset + 1264] ^= t;
c = 61444 - x[offset + 1136]; t = (x[offset + 1136] ^ x[offset + 1200]) & (c >> 31); x[offset + 1136] ^= t; x[offset + 1200] ^= t;
c = 61444 - x[offset + 1072]; t = (x[offset + 1072] ^ x[offset + 1104]) & (c >> 31); x[offset + 1072] ^= t; x[offset + 1104] ^= t;
c = 61444 - x[offset + 1136]; t = (x[offset + 1136] ^ x[offset + 1168]) & (c >> 31); x[offset + 1136] ^= t; x[offset + 1168] ^= t;
c = 61444 - x[offset + 1200]; t = (x[offset + 1200] ^ x[offset + 1232]) & (c >> 31); x[offset + 1200] ^= t; x[offset + 1232] ^= t;
c = 61444 - x[offset + 1040]; t = (x[offset + 1040] ^ x[offset + 1056]) & (c >> 31); x[offset + 1040] ^= t; x[offset + 1056] ^= t;
c = 61444 - x[offset + 1072]; t = (x[offset + 1072] ^ x[offset + 1088]) & (c >> 31); x[offset + 1072] ^= t; x[offset + 1088] ^= t;
c = 61444 - x[offset + 1104]; t = (x[offset + 1104] ^ x[offset + 1120]) & (c >> 31); x[offset + 1104] ^= t; x[offset + 1120] ^= t;
c = 61444 - x[offset + 1136]; t = (x[offset + 1136] ^ x[offset + 1152]) & (c >> 31); x[offset + 1136] ^= t; x[offset + 1152] ^= t;
c = 61444 - x[offset + 1168]; t = (x[offset + 1168] ^ x[offset + 1184]) & (c >> 31); x[offset + 1168] ^= t; x[offset + 1184] ^= t;
c = 61444 - x[offset + 1200]; t = (x[offset + 1200] ^ x[offset + 1216]) & (c >> 31); x[offset + 1200] ^= t; x[offset + 1216] ^= t;
c = 61444 - x[offset + 1232]; t = (x[offset + 1232] ^ x[offset + 1248]) & (c >> 31); x[offset + 1232] ^= t; x[offset + 1248] ^= t;
c = 61444 - x[offset + 1280]; t = (x[offset + 1280] ^ x[offset + 1296]) & (c >> 31); x[offset + 1280] ^= t; x[offset + 1296] ^= t;
c = 61444 - x[offset + 1312]; t = (x[offset + 1312] ^ x[offset + 1328]) & (c >> 31); x[offset + 1312] ^= t; x[offset + 1328] ^= t;
c = 61444 - x[offset + 1280]; t = (x[offset + 1280] ^ x[offset + 1312]) & (c >> 31); x[offset + 1280] ^= t; x[offset + 1312] ^= t;
c = 61444 - x[offset + 1296]; t = (x[offset + 1296] ^ x[offset + 1328]) & (c >> 31); x[offset + 1296] ^= t; x[offset + 1328] ^= t;
c = 61444 - x[offset + 1296]; t = (x[offset + 1296] ^ x[offset + 1312]) & (c >> 31); x[offset + 1296] ^= t; x[offset + 1312] ^= t;
c = 61444 - x[offset + 1296]; t = (x[offset + 1296] ^ x[offset + 1312]) & (c >> 31); x[offset + 1296] ^= t; x[offset + 1312] ^= t;
c = 61444 - x[offset + 1296]; t = (x[offset + 1296] ^ x[offset + 1312]) & (c >> 31); x[offset + 1296] ^= t; x[offset + 1312] ^= t;
c = 61444 - x[offset + 1024]; t = (x[offset + 1024] ^ x[offset + 1280]) & (c >> 31); x[offset + 1024] ^= t; x[offset + 1280] ^= t;
c = 61444 - x[offset + 1152]; t = (x[offset + 1152] ^ x[offset + 1280]) & (c >> 31); x[offset + 1152] ^= t; x[offset + 1280] ^= t;
c = 61444 - x[offset + 1088]; t = (x[offset + 1088] ^ x[offset + 1152]) & (c >> 31); x[offset + 1088] ^= t; x[offset + 1152] ^= t;
c = 61444 - x[offset + 1216]; t = (x[offset + 1216] ^ x[offset + 1280]) & (c >> 31); x[offset + 1216] ^= t; x[offset + 1280] ^= t;
c = 61444 - x[offset + 1056]; t = (x[offset + 1056] ^ x[offset + 1312]) & (c >> 31); x[offset + 1056] ^= t; x[offset + 1312] ^= t;
c = 61444 - x[offset + 1184]; t = (x[offset + 1184] ^ x[offset + 1312]) & (c >> 31); x[offset + 1184] ^= t; x[offset + 1312] ^= t;
c = 61444 - x[offset + 1120]; t = (x[offset + 1120] ^ x[offset + 1184]) & (c >> 31); x[offset + 1120] ^= t; x[offset + 1184] ^= t;
c = 61444 - x[offset + 1248]; t = (x[offset + 1248] ^ x[offset + 1312]) & (c >> 31); x[offset + 1248] ^= t; x[offset + 1312] ^= t;
c = 61444 - x[offset + 1056]; t = (x[offset + 1056] ^ x[offset + 1088]) & (c >> 31); x[offset + 1056] ^= t; x[offset + 1088] ^= t;
c = 61444 - x[offset + 1120]; t = (x[offset + 1120] ^ x[offset + 1152]) & (c >> 31); x[offset + 1120] ^= t; x[offset + 1152] ^= t;
c = 61444 - x[offset + 1184]; t = (x[offset + 1184] ^ x[offset + 1216]) & (c >> 31); x[offset + 1184] ^= t; x[offset + 1216] ^= t;
c = 61444 - x[offset + 1248]; t = (x[offset + 1248] ^ x[offset + 1280]) & (c >> 31); x[offset + 1248] ^= t; x[offset + 1280] ^= t;
c = 61444 - x[offset + 1040]; t = (x[offset + 1040] ^ x[offset + 1296]) & (c >> 31); x[offset + 1040] ^= t; x[offset + 1296] ^= t;
c = 61444 - x[offset + 1168]; t = (x[offset + 1168] ^ x[offset + 1296]) & (c >> 31); x[offset + 1168] ^= t; x[offset + 1296] ^= t;
c = 61444 - x[offset + 1104]; t = (x[offset + 1104] ^ x[offset + 1168]) & (c >> 31); x[offset + 1104] ^= t; x[offset + 1168] ^= t;
c = 61444 - x[offset + 1232]; t = (x[offset + 1232] ^ x[offset + 1296]) & (c >> 31); x[offset + 1232] ^= t; x[offset + 1296] ^= t;
c = 61444 - x[offset + 1072]; t = (x[offset + 1072] ^ x[offset + 1328]) & (c >> 31); x[offset + 1072] ^= t; x[offset + 1328] ^= t;
c = 61444 - x[offset + 1200]; t = (x[offset + 1200] ^ x[offset + 1328]) & (c >> 31); x[offset + 1200] ^= t; x[offset + 1328] ^= t;
c = 61444 - x[offset + 1136]; t = (x[offset + 1136] ^ x[offset + 1200]) & (c >> 31); x[offset + 1136] ^= t; x[offset + 1200] ^= t;
c = 61444 - x[offset + 1264]; t = (x[offset + 1264] ^ x[offset + 1328]) & (c >> 31); x[offset + 1264] ^= t; x[offset + 1328] ^= t;
c = 61444 - x[offset + 1072]; t = (x[offset + 1072] ^ x[offset + 1104]) & (c >> 31); x[offset + 1072] ^= t; x[offset + 1104] ^= t;
c = 61444 - x[offset + 1136]; t = (x[offset + 1136] ^ x[offset + 1168]) & (c >> 31); x[offset + 1136] ^= t; x[offset + 1168] ^= t;
c = 61444 - x[offset + 1200]; t = (x[offset + 1200] ^ x[offset + 1232]) & (c >> 31); x[offset + 1200] ^= t; x[offset + 1232] ^= t;
c = 61444 - x[offset + 1264]; t = (x[offset + 1264] ^ x[offset + 1296]) & (c >> 31); x[offset + 1264] ^= t; x[offset + 1296] ^= t;
c = 61444 - x[offset + 1040]; t = (x[offset + 1040] ^ x[offset + 1056]) & (c >> 31); x[offset + 1040] ^= t; x[offset + 1056] ^= t;
c = 61444 - x[offset + 1072]; t = (x[offset + 1072] ^ x[offset + 1088]) & (c >> 31); x[offset + 1072] ^= t; x[offset + 1088] ^= t;
c = 61444 - x[offset + 1104]; t = (x[offset + 1104] ^ x[offset + 1120]) & (c >> 31); x[offset + 1104] ^= t; x[offset + 1120] ^= t;
c = 61444 - x[offset + 1136]; t = (x[offset + 1136] ^ x[offset + 1152]) & (c >> 31); x[offset + 1136] ^= t; x[offset + 1152] ^= t;
c = 61444 - x[offset + 1168]; t = (x[offset + 1168] ^ x[offset + 1184]) & (c >> 31); x[offset + 1168] ^= t; x[offset + 1184] ^= t;
c = 61444 - x[offset + 1200]; t = (x[offset + 1200] ^ x[offset + 1216]) & (c >> 31); x[offset + 1200] ^= t; x[offset + 1216] ^= t;
c = 61444 - x[offset + 1232]; t = (x[offset + 1232] ^ x[offset + 1248]) & (c >> 31); x[offset + 1232] ^= t; x[offset + 1248] ^= t;
c = 61444 - x[offset + 1264]; t = (x[offset + 1264] ^ x[offset + 1280]) & (c >> 31); x[offset + 1264] ^= t; x[offset + 1280] ^= t;
c = 61444 - x[offset + 1296]; t = (x[offset + 1296] ^ x[offset + 1312]) & (c >> 31); x[offset + 1296] ^= t; x[offset + 1312] ^= t;
c = 61444 - x[offset + 1152]; t = (x[offset + 1152] ^ x[offset + 1280]) & (c >> 31); x[offset + 1152] ^= t; x[offset + 1280] ^= t;
c = 61444 - x[offset + 1088]; t = (x[offset + 1088] ^ x[offset + 1152]) & (c >> 31); x[offset + 1088] ^= t; x[offset + 1152] ^= t;
c = 61444 - x[offset + 1216]; t = (x[offset + 1216] ^ x[offset + 1280]) & (c >> 31); x[offset + 1216] ^= t; x[offset + 1280] ^= t;
c = 61444 - x[offset + 1184]; t = (x[offset + 1184] ^ x[offset + 1312]) & (c >> 31); x[offset + 1184] ^= t; x[offset + 1312] ^= t;
c = 61444 - x[offset + 1120]; t = (x[offset + 1120] ^ x[offset + 1184]) & (c >> 31); x[offset + 1120] ^= t; x[offset + 1184] ^= t;
c = 61444 - x[offset + 1248]; t = (x[offset + 1248] ^ x[offset + 1312]) & (c >> 31); x[offset + 1248] ^= t; x[offset + 1312] ^= t;
c = 61444 - x[offset + 1056]; t = (x[offset + 1056] ^ x[offset + 1088]) & (c >> 31); x[offset + 1056] ^= t; x[offset + 1088] ^= t;
c = 61444 - x[offset + 1120]; t = (x[offset + 1120] ^ x[offset + 1152]) & (c >> 31); x[offset + 1120] ^= t; x[offset + 1152] ^= t;
c = 61444 - x[offset + 1184]; t = (x[offset + 1184] ^ x[offset + 1216]) & (c >> 31); x[offset + 1184] ^= t; x[offset + 1216] ^= t;
c = 61444 - x[offset + 1248]; t = (x[offset + 1248] ^ x[offset + 1280]) & (c >> 31); x[offset + 1248] ^= t; x[offset + 1280] ^= t;
c = 61444 - x[offset + 1168]; t = (x[offset + 1168] ^ x[offset + 1296]) & (c >> 31); x[offset + 1168] ^= t; x[offset + 1296] ^= t;
c = 61444 - x[offset + 1104]; t = (x[offset + 1104] ^ x[offset + 1168]) & (c >> 31); x[offset + 1104] ^= t; x[offset + 1168] ^= t;
c = 61444 - x[offset + 1232]; t = (x[offset + 1232] ^ x[offset + 1296]) & (c >> 31); x[offset + 1232] ^= t; x[offset + 1296] ^= t;
c = 61444 - x[offset + 1200]; t = (x[offset + 1200] ^ x[offset + 1328]) & (c >> 31); x[offset + 1200] ^= t; x[offset + 1328] ^= t;
c = 61444 - x[offset + 1136]; t = (x[offset + 1136] ^ x[offset + 1200]) & (c >> 31); x[offset + 1136] ^= t; x[offset + 1200] ^= t;
c = 61444 - x[offset + 1264]; t = (x[offset + 1264] ^ x[offset + 1328]) & (c >> 31); x[offset + 1264] ^= t; x[offset + 1328] ^= t;
c = 61444 - x[offset + 1072]; t = (x[offset + 1072] ^ x[offset + 1104]) & (c >> 31); x[offset + 1072] ^= t; x[offset + 1104] ^= t;
c = 61444 - x[offset + 1136]; t = (x[offset + 1136] ^ x[offset + 1168]) & (c >> 31); x[offset + 1136] ^= t; x[offset + 1168] ^= t;
c = 61444 - x[offset + 1200]; t = (x[offset + 1200] ^ x[offset + 1232]) & (c >> 31); x[offset + 1200] ^= t; x[offset + 1232] ^= t;
c = 61444 - x[offset + 1264]; t = (x[offset + 1264] ^ x[offset + 1296]) & (c >> 31); x[offset + 1264] ^= t; x[offset + 1296] ^= t;
c = 61444 - x[offset + 1040]; t = (x[offset + 1040] ^ x[offset + 1056]) & (c >> 31); x[offset + 1040] ^= t; x[offset + 1056] ^= t;
c = 61444 - x[offset + 1072]; t = (x[offset + 1072] ^ x[offset + 1088]) & (c >> 31); x[offset + 1072] ^= t; x[offset + 1088] ^= t;
c = 61444 - x[offset + 1104]; t = (x[offset + 1104] ^ x[offset + 1120]) & (c >> 31); x[offset + 1104] ^= t; x[offset + 1120] ^= t;
c = 61444 - x[offset + 1136]; t = (x[offset + 1136] ^ x[offset + 1152]) & (c >> 31); x[offset + 1136] ^= t; x[offset + 1152] ^= t;
c = 61444 - x[offset + 1168]; t = (x[offset + 1168] ^ x[offset + 1184]) & (c >> 31); x[offset + 1168] ^= t; x[offset + 1184] ^= t;
c = 61444 - x[offset + 1200]; t = (x[offset + 1200] ^ x[offset + 1216]) & (c >> 31); x[offset + 1200] ^= t; x[offset + 1216] ^= t;
c = 61444 - x[offset + 1232]; t = (x[offset + 1232] ^ x[offset + 1248]) & (c >> 31); x[offset + 1232] ^= t; x[offset + 1248] ^= t;
c = 61444 - x[offset + 1264]; t = (x[offset + 1264] ^ x[offset + 1280]) & (c >> 31); x[offset + 1264] ^= t; x[offset + 1280] ^= t;
c = 61444 - x[offset + 1296]; t = (x[offset + 1296] ^ x[offset + 1312]) & (c >> 31); x[offset + 1296] ^= t; x[offset + 1312] ^= t;
c = 61444 - x[offset + 0]; t = (x[offset + 0] ^ x[offset + 1024]) & (c >> 31); x[offset + 0] ^= t; x[offset + 1024] ^= t;
c = 61444 - x[offset + 512]; t = (x[offset + 512] ^ x[offset + 1024]) & (c >> 31); x[offset + 512] ^= t; x[offset + 1024] ^= t;
c = 61444 - x[offset + 256]; t = (x[offset + 256] ^ x[offset + 1280]) & (c >> 31); x[offset + 256] ^= t; x[offset + 1280] ^= t;
c = 61444 - x[offset + 768]; t = (x[offset + 768] ^ x[offset + 1280]) & (c >> 31); x[offset + 768] ^= t; x[offset + 1280] ^= t;
c = 61444 - x[offset + 256]; t = (x[offset + 256] ^ x[offset + 512]) & (c >> 31); x[offset + 256] ^= t; x[offset + 512] ^= t;
c = 61444 - x[offset + 768]; t = (x[offset + 768] ^ x[offset + 1024]) & (c >> 31); x[offset + 768] ^= t; x[offset + 1024] ^= t;
c = 61444 - x[offset + 128]; t = (x[offset + 128] ^ x[offset + 1152]) & (c >> 31); x[offset + 128] ^= t; x[offset + 1152] ^= t;
c = 61444 - x[offset + 640]; t = (x[offset + 640] ^ x[offset + 1152]) & (c >> 31); x[offset + 640] ^= t; x[offset + 1152] ^= t;
c = 61444 - x[offset + 384]; t = (x[offset + 384] ^ x[offset + 640]) & (c >> 31); x[offset + 384] ^= t; x[offset + 640] ^= t;
c = 61444 - x[offset + 896]; t = (x[offset + 896] ^ x[offset + 1152]) & (c >> 31); x[offset + 896] ^= t; x[offset + 1152] ^= t;
c = 61444 - x[offset + 128]; t = (x[offset + 128] ^ x[offset + 256]) & (c >> 31); x[offset + 128] ^= t; x[offset + 256] ^= t;
c = 61444 - x[offset + 384]; t = (x[offset + 384] ^ x[offset + 512]) & (c >> 31); x[offset + 384] ^= t; x[offset + 512] ^= t;
c = 61444 - x[offset + 640]; t = (x[offset + 640] ^ x[offset + 768]) & (c >> 31); x[offset + 640] ^= t; x[offset + 768] ^= t;
c = 61444 - x[offset + 896]; t = (x[offset + 896] ^ x[offset + 1024]) & (c >> 31); x[offset + 896] ^= t; x[offset + 1024] ^= t;
c = 61444 - x[offset + 1152]; t = (x[offset + 1152] ^ x[offset + 1280]) & (c >> 31); x[offset + 1152] ^= t; x[offset + 1280] ^= t;
c = 61444 - x[offset + 64]; t = (x[offset + 64] ^ x[offset + 1088]) & (c >> 31); x[offset + 64] ^= t; x[offset + 1088] ^= t;
c = 61444 - x[offset + 576]; t = (x[offset + 576] ^ x[offset + 1088]) & (c >> 31); x[offset + 576] ^= t; x[offset + 1088] ^= t;
c = 61444 - x[offset + 320]; t = (x[offset + 320] ^ x[offset + 576]) & (c >> 31); x[offset + 320] ^= t; x[offset + 576] ^= t;
c = 61444 - x[offset + 832]; t = (x[offset + 832] ^ x[offset + 1088]) & (c >> 31); x[offset + 832] ^= t; x[offset + 1088] ^= t;
c = 61444 - x[offset + 192]; t = (x[offset + 192] ^ x[offset + 1216]) & (c >> 31); x[offset + 192] ^= t; x[offset + 1216] ^= t;
c = 61444 - x[offset + 704]; t = (x[offset + 704] ^ x[offset + 1216]) & (c >> 31); x[offset + 704] ^= t; x[offset + 1216] ^= t;
c = 61444 - x[offset + 448]; t = (x[offset + 448] ^ x[offset + 704]) & (c >> 31); x[offset + 448] ^= t; x[offset + 704] ^= t;
c = 61444 - x[offset + 960]; t = (x[offset + 960] ^ x[offset + 1216]) & (c >> 31); x[offset + 960] ^= t; x[offset + 1216] ^= t;
c = 61444 - x[offset + 192]; t = (x[offset + 192] ^ x[offset + 320]) & (c >> 31); x[offset + 192] ^= t; x[offset + 320] ^= t;
c = 61444 - x[offset + 448]; t = (x[offset + 448] ^ x[offset + 576]) & (c >> 31); x[offset + 448] ^= t; x[offset + 576] ^= t;
c = 61444 - x[offset + 704]; t = (x[offset + 704] ^ x[offset + 832]) & (c >> 31); x[offset + 704] ^= t; x[offset + 832] ^= t;
c = 61444 - x[offset + 960]; t = (x[offset + 960] ^ x[offset + 1088]) & (c >> 31); x[offset + 960] ^= t; x[offset + 1088] ^= t;
c = 61444 - x[offset + 64]; t = (x[offset + 64] ^ x[offset + 128]) & (c >> 31); x[offset + 64] ^= t; x[offset + 128] ^= t;
c = 61444 - x[offset + 192]; t = (x[offset + 192] ^ x[offset + 256]) & (c >> 31); x[offset + 192] ^= t; x[offset + 256] ^= t;
c = 61444 - x[offset + 320]; t = (x[offset + 320] ^ x[offset + 384]) & (c >> 31); x[offset + 320] ^= t; x[offset + 384] ^= t;
c = 61444 - x[offset + 448]; t = (x[offset + 448] ^ x[offset + 512]) & (c >> 31); x[offset + 448] ^= t; x[offset + 512] ^= t;
c = 61444 - x[offset + 576]; t = (x[offset + 576] ^ x[offset + 640]) & (c >> 31); x[offset + 576] ^= t; x[offset + 640] ^= t;
c = 61444 - x[offset + 704]; t = (x[offset + 704] ^ x[offset + 768]) & (c >> 31); x[offset + 704] ^= t; x[offset + 768] ^= t;
c = 61444 - x[offset + 832]; t = (x[offset + 832] ^ x[offset + 896]) & (c >> 31); x[offset + 832] ^= t; x[offset + 896] ^= t;
c = 61444 - x[offset + 960]; t = (x[offset + 960] ^ x[offset + 1024]) & (c >> 31); x[offset + 960] ^= t; x[offset + 1024] ^= t;
c = 61444 - x[offset + 1088]; t = (x[offset + 1088] ^ x[offset + 1152]) & (c >> 31); x[offset + 1088] ^= t; x[offset + 1152] ^= t;
c = 61444 - x[offset + 1216]; t = (x[offset + 1216] ^ x[offset + 1280]) & (c >> 31); x[offset + 1216] ^= t; x[offset + 1280] ^= t;
c = 61444 - x[offset + 32]; t = (x[offset + 32] ^ x[offset + 1056]) & (c >> 31); x[offset + 32] ^= t; x[offset + 1056] ^= t;
c = 61444 - x[offset + 544]; t = (x[offset + 544] ^ x[offset + 1056]) & (c >> 31); x[offset + 544] ^= t; x[offset + 1056] ^= t;
c = 61444 - x[offset + 288]; t = (x[offset + 288] ^ x[offset + 1312]) & (c >> 31); x[offset + 288] ^= t; x[offset + 1312] ^= t;
c = 61444 - x[offset + 800]; t = (x[offset + 800] ^ x[offset + 1312]) & (c >> 31); x[offset + 800] ^= t; x[offset + 1312] ^= t;
c = 61444 - x[offset + 288]; t = (x[offset + 288] ^ x[offset + 544]) & (c >> 31); x[offset + 288] ^= t; x[offset + 544] ^= t;
c = 61444 - x[offset + 800]; t = (x[offset + 800] ^ x[offset + 1056]) & (c >> 31); x[offset + 800] ^= t; x[offset + 1056] ^= t;
c = 61444 - x[offset + 160]; t = (x[offset + 160] ^ x[offset + 1184]) & (c >> 31); x[offset + 160] ^= t; x[offset + 1184] ^= t;
c = 61444 - x[offset + 672]; t = (x[offset + 672] ^ x[offset + 1184]) & (c >> 31); x[offset + 672] ^= t; x[offset + 1184] ^= t;
c = 61444 - x[offset + 416]; t = (x[offset + 416] ^ x[offset + 672]) & (c >> 31); x[offset + 416] ^= t; x[offset + 672] ^= t;
c = 61444 - x[offset + 928]; t = (x[offset + 928] ^ x[offset + 1184]) & (c >> 31); x[offset + 928] ^= t; x[offset + 1184] ^= t;
c = 61444 - x[offset + 160]; t = (x[offset + 160] ^ x[offset + 288]) & (c >> 31); x[offset + 160] ^= t; x[offset + 288] ^= t;
c = 61444 - x[offset + 416]; t = (x[offset + 416] ^ x[offset + 544]) & (c >> 31); x[offset + 416] ^= t; x[offset + 544] ^= t;
c = 61444 - x[offset + 672]; t = (x[offset + 672] ^ x[offset + 800]) & (c >> 31); x[offset + 672] ^= t; x[offset + 800] ^= t;
c = 61444 - x[offset + 928]; t = (x[offset + 928] ^ x[offset + 1056]) & (c >> 31); x[offset + 928] ^= t; x[offset + 1056] ^= t;
c = 61444 - x[offset + 1184]; t = (x[offset + 1184] ^ x[offset + 1312]) & (c >> 31); x[offset + 1184] ^= t; x[offset + 1312] ^= t;
c = 61444 - x[offset + 96]; t = (x[offset + 96] ^ x[offset + 1120]) & (c >> 31); x[offset + 96] ^= t; x[offset + 1120] ^= t;
c = 61444 - x[offset + 608]; t = (x[offset + 608] ^ x[offset + 1120]) & (c >> 31); x[offset + 608] ^= t; x[offset + 1120] ^= t;
c = 61444 - x[offset + 352]; t = (x[offset + 352] ^ x[offset + 608]) & (c >> 31); x[offset + 352] ^= t; x[offset + 608] ^= t;
c = 61444 - x[offset + 864]; t = (x[offset + 864] ^ x[offset + 1120]) & (c >> 31); x[offset + 864] ^= t; x[offset + 1120] ^= t;
c = 61444 - x[offset + 224]; t = (x[offset + 224] ^ x[offset + 1248]) & (c >> 31); x[offset + 224] ^= t; x[offset + 1248] ^= t;
c = 61444 - x[offset + 736]; t = (x[offset + 736] ^ x[offset + 1248]) & (c >> 31); x[offset + 736] ^= t; x[offset + 1248] ^= t;
c = 61444 - x[offset + 480]; t = (x[offset + 480] ^ x[offset + 736]) & (c >> 31); x[offset + 480] ^= t; x[offset + 736] ^= t;
c = 61444 - x[offset + 992]; t = (x[offset + 992] ^ x[offset + 1248]) & (c >> 31); x[offset + 992] ^= t; x[offset + 1248] ^= t;
c = 61444 - x[offset + 224]; t = (x[offset + 224] ^ x[offset + 352]) & (c >> 31); x[offset + 224] ^= t; x[offset + 352] ^= t;
c = 61444 - x[offset + 480]; t = (x[offset + 480] ^ x[offset + 608]) & (c >> 31); x[offset + 480] ^= t; x[offset + 608] ^= t;
c = 61444 - x[offset + 736]; t = (x[offset + 736] ^ x[offset + 864]) & (c >> 31); x[offset + 736] ^= t; x[offset + 864] ^= t;
c = 61444 - x[offset + 992]; t = (x[offset + 992] ^ x[offset + 1120]) & (c >> 31); x[offset + 992] ^= t; x[offset + 1120] ^= t;
c = 61444 - x[offset + 96]; t = (x[offset + 96] ^ x[offset + 160]) & (c >> 31); x[offset + 96] ^= t; x[offset + 160] ^= t;
c = 61444 - x[offset + 224]; t = (x[offset + 224] ^ x[offset + 288]) & (c >> 31); x[offset + 224] ^= t; x[offset + 288] ^= t;
c = 61444 - x[offset + 352]; t = (x[offset + 352] ^ x[offset + 416]) & (c >> 31); x[offset + 352] ^= t; x[offset + 416] ^= t;
c = 61444 - x[offset + 480]; t = (x[offset + 480] ^ x[offset + 544]) & (c >> 31); x[offset + 480] ^= t; x[offset + 544] ^= t;
c = 61444 - x[offset + 608]; t = (x[offset + 608] ^ x[offset + 672]) & (c >> 31); x[offset + 608] ^= t; x[offset + 672] ^= t;
c = 61444 - x[offset + 736]; t = (x[offset + 736] ^ x[offset + 800]) & (c >> 31); x[offset + 736] ^= t; x[offset + 800] ^= t;
c = 61444 - x[offset + 864]; t = (x[offset + 864] ^ x[offset + 928]) & (c >> 31); x[offset + 864] ^= t; x[offset + 928] ^= t;
c = 61444 - x[offset + 992]; t = (x[offset + 992] ^ x[offset + 1056]) & (c >> 31); x[offset + 992] ^= t; x[offset + 1056] ^= t;
c = 61444 - x[offset + 1120]; t = (x[offset + 1120] ^ x[offset + 1184]) & (c >> 31); x[offset + 1120] ^= t; x[offset + 1184] ^= t;
c = 61444 - x[offset + 1248]; t = (x[offset + 1248] ^ x[offset + 1312]) & (c >> 31); x[offset + 1248] ^= t; x[offset + 1312] ^= t;
c = 61444 - x[offset + 32]; t = (x[offset + 32] ^ x[offset + 64]) & (c >> 31); x[offset + 32] ^= t; x[offset + 64] ^= t;
c = 61444 - x[offset + 96]; t = (x[offset + 96] ^ x[offset + 128]) & (c >> 31); x[offset + 96] ^= t; x[offset + 128] ^= t;
c = 61444 - x[offset + 160]; t = (x[offset + 160] ^ x[offset + 192]) & (c >> 31); x[offset + 160] ^= t; x[offset + 192] ^= t;
c = 61444 - x[offset + 224]; t = (x[offset + 224] ^ x[offset + 256]) & (c >> 31); x[offset + 224] ^= t; x[offset + 256] ^= t;
c = 61444 - x[offset + 288]; t = (x[offset + 288] ^ x[offset + 320]) & (c >> 31); x[offset + 288] ^= t; x[offset + 320] ^= t;
c = 61444 - x[offset + 352]; t = (x[offset + 352] ^ x[offset + 384]) & (c >> 31); x[offset + 352] ^= t; x[offset + 384] ^= t;
c = 61444 - x[offset + 416]; t = (x[offset + 416] ^ x[offset + 448]) & (c >> 31); x[offset + 416] ^= t; x[offset + 448] ^= t;
c = 61444 - x[offset + 480]; t = (x[offset + 480] ^ x[offset + 512]) & (c >> 31); x[offset + 480] ^= t; x[offset + 512] ^= t;
c = 61444 - x[offset + 544]; t = (x[offset + 544] ^ x[offset + 576]) & (c >> 31); x[offset + 544] ^= t; x[offset + 576] ^= t;
c = 61444 - x[offset + 608]; t = (x[offset + 608] ^ x[offset + 640]) & (c >> 31); x[offset + 608] ^= t; x[offset + 640] ^= t;
c = 61444 - x[offset + 672]; t = (x[offset + 672] ^ x[offset + 704]) & (c >> 31); x[offset + 672] ^= t; x[offset + 704] ^= t;
c = 61444 - x[offset + 736]; t = (x[offset + 736] ^ x[offset + 768]) & (c >> 31); x[offset + 736] ^= t; x[offset + 768] ^= t;
c = 61444 - x[offset + 800]; t = (x[offset + 800] ^ x[offset + 832]) & (c >> 31); x[offset + 800] ^= t; x[offset + 832] ^= t;
c = 61444 - x[offset + 864]; t = (x[offset + 864] ^ x[offset + 896]) & (c >> 31); x[offset + 864] ^= t; x[offset + 896] ^= t;
c = 61444 - x[offset + 928]; t = (x[offset + 928] ^ x[offset + 960]) & (c >> 31); x[offset + 928] ^= t; x[offset + 960] ^= t;
c = 61444 - x[offset + 992]; t = (x[offset + 992] ^ x[offset + 1024]) & (c >> 31); x[offset + 992] ^= t; x[offset + 1024] ^= t;
c = 61444 - x[offset + 1056]; t = (x[offset + 1056] ^ x[offset + 1088]) & (c >> 31); x[offset + 1056] ^= t; x[offset + 1088] ^= t;
c = 61444 - x[offset + 1120]; t = (x[offset + 1120] ^ x[offset + 1152]) & (c >> 31); x[offset + 1120] ^= t; x[offset + 1152] ^= t;
c = 61444 - x[offset + 1184]; t = (x[offset + 1184] ^ x[offset + 1216]) & (c >> 31); x[offset + 1184] ^= t; x[offset + 1216] ^= t;
c = 61444 - x[offset + 1248]; t = (x[offset + 1248] ^ x[offset + 1280]) & (c >> 31); x[offset + 1248] ^= t; x[offset + 1280] ^= t;
c = 61444 - x[offset + 16]; t = (x[offset + 16] ^ x[offset + 1040]) & (c >> 31); x[offset + 16] ^= t; x[offset + 1040] ^= t;
c = 61444 - x[offset + 528]; t = (x[offset + 528] ^ x[offset + 1040]) & (c >> 31); x[offset + 528] ^= t; x[offset + 1040] ^= t;
c = 61444 - x[offset + 272]; t = (x[offset + 272] ^ x[offset + 1296]) & (c >> 31); x[offset + 272] ^= t; x[offset + 1296] ^= t;
c = 61444 - x[offset + 784]; t = (x[offset + 784] ^ x[offset + 1296]) & (c >> 31); x[offset + 784] ^= t; x[offset + 1296] ^= t;
c = 61444 - x[offset + 272]; t = (x[offset + 272] ^ x[offset + 528]) & (c >> 31); x[offset + 272] ^= t; x[offset + 528] ^= t;
c = 61444 - x[offset + 784]; t = (x[offset + 784] ^ x[offset + 1040]) & (c >> 31); x[offset + 784] ^= t; x[offset + 1040] ^= t;
c = 61444 - x[offset + 144]; t = (x[offset + 144] ^ x[offset + 1168]) & (c >> 31); x[offset + 144] ^= t; x[offset + 1168] ^= t;
c = 61444 - x[offset + 656]; t = (x[offset + 656] ^ x[offset + 1168]) & (c >> 31); x[offset + 656] ^= t; x[offset + 1168] ^= t;
c = 61444 - x[offset + 400]; t = (x[offset + 400] ^ x[offset + 656]) & (c >> 31); x[offset + 400] ^= t; x[offset + 656] ^= t;
c = 61444 - x[offset + 912]; t = (x[offset + 912] ^ x[offset + 1168]) & (c >> 31); x[offset + 912] ^= t; x[offset + 1168] ^= t;
c = 61444 - x[offset + 144]; t = (x[offset + 144] ^ x[offset + 272]) & (c >> 31); x[offset + 144] ^= t; x[offset + 272] ^= t;
c = 61444 - x[offset + 400]; t = (x[offset + 400] ^ x[offset + 528]) & (c >> 31); x[offset + 400] ^= t; x[offset + 528] ^= t;
c = 61444 - x[offset + 656]; t = (x[offset + 656] ^ x[offset + 784]) & (c >> 31); x[offset + 656] ^= t; x[offset + 784] ^= t;
c = 61444 - x[offset + 912]; t = (x[offset + 912] ^ x[offset + 1040]) & (c >> 31); x[offset + 912] ^= t; x[offset + 1040] ^= t;
c = 61444 - x[offset + 1168]; t = (x[offset + 1168] ^ x[offset + 1296]) & (c >> 31); x[offset + 1168] ^= t; x[offset + 1296] ^= t;
c = 61444 - x[offset + 80]; t = (x[offset + 80] ^ x[offset + 1104]) & (c >> 31); x[offset + 80] ^= t; x[offset + 1104] ^= t;
c = 61444 - x[offset + 592]; t = (x[offset + 592] ^ x[offset + 1104]) & (c >> 31); x[offset + 592] ^= t; x[offset + 1104] ^= t;
c = 61444 - x[offset + 336]; t = (x[offset + 336] ^ x[offset + 592]) & (c >> 31); x[offset + 336] ^= t; x[offset + 592] ^= t;
c = 61444 - x[offset + 848]; t = (x[offset + 848] ^ x[offset + 1104]) & (c >> 31); x[offset + 848] ^= t; x[offset + 1104] ^= t;
c = 61444 - x[offset + 208]; t = (x[offset + 208] ^ x[offset + 1232]) & (c >> 31); x[offset + 208] ^= t; x[offset + 1232] ^= t;
c = 61444 - x[offset + 720]; t = (x[offset + 720] ^ x[offset + 1232]) & (c >> 31); x[offset + 720] ^= t; x[offset + 1232] ^= t;
c = 61444 - x[offset + 464]; t = (x[offset + 464] ^ x[offset + 720]) & (c >> 31); x[offset + 464] ^= t; x[offset + 720] ^= t;
c = 61444 - x[offset + 976]; t = (x[offset + 976] ^ x[offset + 1232]) & (c >> 31); x[offset + 976] ^= t; x[offset + 1232] ^= t;
c = 61444 - x[offset + 208]; t = (x[offset + 208] ^ x[offset + 336]) & (c >> 31); x[offset + 208] ^= t; x[offset + 336] ^= t;
c = 61444 - x[offset + 464]; t = (x[offset + 464] ^ x[offset + 592]) & (c >> 31); x[offset + 464] ^= t; x[offset + 592] ^= t;
c = 61444 - x[offset + 720]; t = (x[offset + 720] ^ x[offset + 848]) & (c >> 31); x[offset + 720] ^= t; x[offset + 848] ^= t;
c = 61444 - x[offset + 976]; t = (x[offset + 976] ^ x[offset + 1104]) & (c >> 31); x[offset + 976] ^= t; x[offset + 1104] ^= t;
c = 61444 - x[offset + 80]; t = (x[offset + 80] ^ x[offset + 144]) & (c >> 31); x[offset + 80] ^= t; x[offset + 144] ^= t;
c = 61444 - x[offset + 208]; t = (x[offset + 208] ^ x[offset + 272]) & (c >> 31); x[offset + 208] ^= t; x[offset + 272] ^= t;
c = 61444 - x[offset + 336]; t = (x[offset + 336] ^ x[offset + 400]) & (c >> 31); x[offset + 336] ^= t; x[offset + 400] ^= t;
c = 61444 - x[offset + 464]; t = (x[offset + 464] ^ x[offset + 528]) & (c >> 31); x[offset + 464] ^= t; x[offset + 528] ^= t;
c = 61444 - x[offset + 592]; t = (x[offset + 592] ^ x[offset + 656]) & (c >> 31); x[offset + 592] ^= t; x[offset + 656] ^= t;
c = 61444 - x[offset + 720]; t = (x[offset + 720] ^ x[offset + 784]) & (c >> 31); x[offset + 720] ^= t; x[offset + 784] ^= t;
c = 61444 - x[offset + 848]; t = (x[offset + 848] ^ x[offset + 912]) & (c >> 31); x[offset + 848] ^= t; x[offset + 912] ^= t;
c = 61444 - x[offset + 976]; t = (x[offset + 976] ^ x[offset + 1040]) & (c >> 31); x[offset + 976] ^= t; x[offset + 1040] ^= t;
c = 61444 - x[offset + 1104]; t = (x[offset + 1104] ^ x[offset + 1168]) & (c >> 31); x[offset + 1104] ^= t; x[offset + 1168] ^= t;
c = 61444 - x[offset + 1232]; t = (x[offset + 1232] ^ x[offset + 1296]) & (c >> 31); x[offset + 1232] ^= t; x[offset + 1296] ^= t;
c = 61444 - x[offset + 48]; t = (x[offset + 48] ^ x[offset + 1072]) & (c >> 31); x[offset + 48] ^= t; x[offset + 1072] ^= t;
c = 61444 - x[offset + 560]; t = (x[offset + 560] ^ x[offset + 1072]) & (c >> 31); x[offset + 560] ^= t; x[offset + 1072] ^= t;
c = 61444 - x[offset + 304]; t = (x[offset + 304] ^ x[offset + 1328]) & (c >> 31); x[offset + 304] ^= t; x[offset + 1328] ^= t;
c = 61444 - x[offset + 816]; t = (x[offset + 816] ^ x[offset + 1328]) & (c >> 31); x[offset + 816] ^= t; x[offset + 1328] ^= t;
c = 61444 - x[offset + 304]; t = (x[offset + 304] ^ x[offset + 560]) & (c >> 31); x[offset + 304] ^= t; x[offset + 560] ^= t;
c = 61444 - x[offset + 816]; t = (x[offset + 816] ^ x[offset + 1072]) & (c >> 31); x[offset + 816] ^= t; x[offset + 1072] ^= t;
c = 61444 - x[offset + 176]; t = (x[offset + 176] ^ x[offset + 1200]) & (c >> 31); x[offset + 176] ^= t; x[offset + 1200] ^= t;
c = 61444 - x[offset + 688]; t = (x[offset + 688] ^ x[offset + 1200]) & (c >> 31); x[offset + 688] ^= t; x[offset + 1200] ^= t;
c = 61444 - x[offset + 432]; t = (x[offset + 432] ^ x[offset + 688]) & (c >> 31); x[offset + 432] ^= t; x[offset + 688] ^= t;
c = 61444 - x[offset + 944]; t = (x[offset + 944] ^ x[offset + 1200]) & (c >> 31); x[offset + 944] ^= t; x[offset + 1200] ^= t;
c = 61444 - x[offset + 176]; t = (x[offset + 176] ^ x[offset + 304]) & (c >> 31); x[offset + 176] ^= t; x[offset + 304] ^= t;
c = 61444 - x[offset + 432]; t = (x[offset + 432] ^ x[offset + 560]) & (c >> 31); x[offset + 432] ^= t; x[offset + 560] ^= t;
c = 61444 - x[offset + 688]; t = (x[offset + 688] ^ x[offset + 816]) & (c >> 31); x[offset + 688] ^= t; x[offset + 816] ^= t;
c = 61444 - x[offset + 944]; t = (x[offset + 944] ^ x[offset + 1072]) & (c >> 31); x[offset + 944] ^= t; x[offset + 1072] ^= t;
c = 61444 - x[offset + 1200]; t = (x[offset + 1200] ^ x[offset + 1328]) & (c >> 31); x[offset + 1200] ^= t; x[offset + 1328] ^= t;
c = 61444 - x[offset + 112]; t = (x[offset + 112] ^ x[offset + 1136]) & (c >> 31); x[offset + 112] ^= t; x[offset + 1136] ^= t;
c = 61444 - x[offset + 624]; t = (x[offset + 624] ^ x[offset + 1136]) & (c >> 31); x[offset + 624] ^= t; x[offset + 1136] ^= t;
c = 61444 - x[offset + 368]; t = (x[offset + 368] ^ x[offset + 624]) & (c >> 31); x[offset + 368] ^= t; x[offset + 624] ^= t;
c = 61444 - x[offset + 880]; t = (x[offset + 880] ^ x[offset + 1136]) & (c >> 31); x[offset + 880] ^= t; x[offset + 1136] ^= t;
c = 61444 - x[offset + 240]; t = (x[offset + 240] ^ x[offset + 1264]) & (c >> 31); x[offset + 240] ^= t; x[offset + 1264] ^= t;
c = 61444 - x[offset + 752]; t = (x[offset + 752] ^ x[offset + 1264]) & (c >> 31); x[offset + 752] ^= t; x[offset + 1264] ^= t;
c = 61444 - x[offset + 496]; t = (x[offset + 496] ^ x[offset + 752]) & (c >> 31); x[offset + 496] ^= t; x[offset + 752] ^= t;
c = 61444 - x[offset + 1008]; t = (x[offset + 1008] ^ x[offset + 1264]) & (c >> 31); x[offset + 1008] ^= t; x[offset + 1264] ^= t;
c = 61444 - x[offset + 240]; t = (x[offset + 240] ^ x[offset + 368]) & (c >> 31); x[offset + 240] ^= t; x[offset + 368] ^= t;
c = 61444 - x[offset + 496]; t = (x[offset + 496] ^ x[offset + 624]) & (c >> 31); x[offset + 496] ^= t; x[offset + 624] ^= t;
c = 61444 - x[offset + 752]; t = (x[offset + 752] ^ x[offset + 880]) & (c >> 31); x[offset + 752] ^= t; x[offset + 880] ^= t;
c = 61444 - x[offset + 1008]; t = (x[offset + 1008] ^ x[offset + 1136]) & (c >> 31); x[offset + 1008] ^= t; x[offset + 1136] ^= t;
c = 61444 - x[offset + 112]; t = (x[offset + 112] ^ x[offset + 176]) & (c >> 31); x[offset + 112] ^= t; x[offset + 176] ^= t;
c = 61444 - x[offset + 240]; t = (x[offset + 240] ^ x[offset + 304]) & (c >> 31); x[offset + 240] ^= t; x[offset + 304] ^= t;
c = 61444 - x[offset + 368]; t = (x[offset + 368] ^ x[offset + 432]) & (c >> 31); x[offset + 368] ^= t; x[offset + 432] ^= t;
c = 61444 - x[offset + 496]; t = (x[offset + 496] ^ x[offset + 560]) & (c >> 31); x[offset + 496] ^= t; x[offset + 560] ^= t;
c = 61444 - x[offset + 624]; t = (x[offset + 624] ^ x[offset + 688]) & (c >> 31); x[offset + 624] ^= t; x[offset + 688] ^= t;
c = 61444 - x[offset + 752]; t = (x[offset + 752] ^ x[offset + 816]) & (c >> 31); x[offset + 752] ^= t; x[offset + 816] ^= t;
c = 61444 - x[offset + 880]; t = (x[offset + 880] ^ x[offset + 944]) & (c >> 31); x[offset + 880] ^= t; x[offset + 944] ^= t;
c = 61444 - x[offset + 1008]; t = (x[offset + 1008] ^ x[offset + 1072]) & (c >> 31); x[offset + 1008] ^= t; x[offset + 1072] ^= t;
c = 61444 - x[offset + 1136]; t = (x[offset + 1136] ^ x[offset + 1200]) & (c >> 31); x[offset + 1136] ^= t; x[offset + 1200] ^= t;
c = 61444 - x[offset + 1264]; t = (x[offset + 1264] ^ x[offset + 1328]) & (c >> 31); x[offset + 1264] ^= t; x[offset + 1328] ^= t;
c = 61444 - x[offset + 48]; t = (x[offset + 48] ^ x[offset + 80]) & (c >> 31); x[offset + 48] ^= t; x[offset + 80] ^= t;
c = 61444 - x[offset + 112]; t = (x[offset + 112] ^ x[offset + 144]) & (c >> 31); x[offset + 112] ^= t; x[offset + 144] ^= t;
c = 61444 - x[offset + 176]; t = (x[offset + 176] ^ x[offset + 208]) & (c >> 31); x[offset + 176] ^= t; x[offset + 208] ^= t;
c = 61444 - x[offset + 240]; t = (x[offset + 240] ^ x[offset + 272]) & (c >> 31); x[offset + 240] ^= t; x[offset + 272] ^= t;
c = 61444 - x[offset + 304]; t = (x[offset + 304] ^ x[offset + 336]) & (c >> 31); x[offset + 304] ^= t; x[offset + 336] ^= t;
c = 61444 - x[offset + 368]; t = (x[offset + 368] ^ x[offset + 400]) & (c >> 31); x[offset + 368] ^= t; x[offset + 400] ^= t;
c = 61444 - x[offset + 432]; t = (x[offset + 432] ^ x[offset + 464]) & (c >> 31); x[offset + 432] ^= t; x[offset + 464] ^= t;
c = 61444 - x[offset + 496]; t = (x[offset + 496] ^ x[offset + 528]) & (c >> 31); x[offset + 496] ^= t; x[offset + 528] ^= t;
c = 61444 - x[offset + 560]; t = (x[offset + 560] ^ x[offset + 592]) & (c >> 31); x[offset + 560] ^= t; x[offset + 592] ^= t;
c = 61444 - x[offset + 624]; t = (x[offset + 624] ^ x[offset + 656]) & (c >> 31); x[offset + 624] ^= t; x[offset + 656] ^= t;
c = 61444 - x[offset + 688]; t = (x[offset + 688] ^ x[offset + 720]) & (c >> 31); x[offset + 688] ^= t; x[offset + 720] ^= t;
c = 61444 - x[offset + 752]; t = (x[offset + 752] ^ x[offset + 784]) & (c >> 31); x[offset + 752] ^= t; x[offset + 784] ^= t;
c = 61444 - x[offset + 816]; t = (x[offset + 816] ^ x[offset + 848]) & (c >> 31); x[offset + 816] ^= t; x[offset + 848] ^= t;
c = 61444 - x[offset + 880]; t = (x[offset + 880] ^ x[offset + 912]) & (c >> 31); x[offset + 880] ^= t; x[offset + 912] ^= t;
c = 61444 - x[offset + 944]; t = (x[offset + 944] ^ x[offset + 976]) & (c >> 31); x[offset + 944] ^= t; x[offset + 976] ^= t;
c = 61444 - x[offset + 1008]; t = (x[offset + 1008] ^ x[offset + 1040]) & (c >> 31); x[offset + 1008] ^= t; x[offset + 1040] ^= t;
c = 61444 - x[offset + 1072]; t = (x[offset + 1072] ^ x[offset + 1104]) & (c >> 31); x[offset + 1072] ^= t; x[offset + 1104] ^= t;
c = 61444 - x[offset + 1136]; t = (x[offset + 1136] ^ x[offset + 1168]) & (c >> 31); x[offset + 1136] ^= t; x[offset + 1168] ^= t;
c = 61444 - x[offset + 1200]; t = (x[offset + 1200] ^ x[offset + 1232]) & (c >> 31); x[offset + 1200] ^= t; x[offset + 1232] ^= t;
c = 61444 - x[offset + 1264]; t = (x[offset + 1264] ^ x[offset + 1296]) & (c >> 31); x[offset + 1264] ^= t; x[offset + 1296] ^= t;
c = 61444 - x[offset + 16]; t = (x[offset + 16] ^ x[offset + 32]) & (c >> 31); x[offset + 16] ^= t; x[offset + 32] ^= t;
c = 61444 - x[offset + 48]; t = (x[offset + 48] ^ x[offset + 64]) & (c >> 31); x[offset + 48] ^= t; x[offset + 64] ^= t;
c = 61444 - x[offset + 80]; t = (x[offset + 80] ^ x[offset + 96]) & (c >> 31); x[offset + 80] ^= t; x[offset + 96] ^= t;
c = 61444 - x[offset + 112]; t = (x[offset + 112] ^ x[offset + 128]) & (c >> 31); x[offset + 112] ^= t; x[offset + 128] ^= t;
c = 61444 - x[offset + 144]; t = (x[offset + 144] ^ x[offset + 160]) & (c >> 31); x[offset + 144] ^= t; x[offset + 160] ^= t;
c = 61444 - x[offset + 176]; t = (x[offset + 176] ^ x[offset + 192]) & (c >> 31); x[offset + 176] ^= t; x[offset + 192] ^= t;
c = 61444 - x[offset + 208]; t = (x[offset + 208] ^ x[offset + 224]) & (c >> 31); x[offset + 208] ^= t; x[offset + 224] ^= t;
c = 61444 - x[offset + 240]; t = (x[offset + 240] ^ x[offset + 256]) & (c >> 31); x[offset + 240] ^= t; x[offset + 256] ^= t;
c = 61444 - x[offset + 272]; t = (x[offset + 272] ^ x[offset + 288]) & (c >> 31); x[offset + 272] ^= t; x[offset + 288] ^= t;
c = 61444 - x[offset + 304]; t = (x[offset + 304] ^ x[offset + 320]) & (c >> 31); x[offset + 304] ^= t; x[offset + 320] ^= t;
c = 61444 - x[offset + 336]; t = (x[offset + 336] ^ x[offset + 352]) & (c >> 31); x[offset + 336] ^= t; x[offset + 352] ^= t;
c = 61444 - x[offset + 368]; t = (x[offset + 368] ^ x[offset + 384]) & (c >> 31); x[offset + 368] ^= t; x[offset + 384] ^= t;
c = 61444 - x[offset + 400]; t = (x[offset + 400] ^ x[offset + 416]) & (c >> 31); x[offset + 400] ^= t; x[offset + 416] ^= t;
c = 61444 - x[offset + 432]; t = (x[offset + 432] ^ x[offset + 448]) & (c >> 31); x[offset + 432] ^= t; x[offset + 448] ^= t;
c = 61444 - x[offset + 464]; t = (x[offset + 464] ^ x[offset + 480]) & (c >> 31); x[offset + 464] ^= t; x[offset + 480] ^= t;
c = 61444 - x[offset + 496]; t = (x[offset + 496] ^ x[offset + 512]) & (c >> 31); x[offset + 496] ^= t; x[offset + 512] ^= t;
c = 61444 - x[offset + 528]; t = (x[offset + 528] ^ x[offset + 544]) & (c >> 31); x[offset + 528] ^= t; x[offset + 544] ^= t;
c = 61444 - x[offset + 560]; t = (x[offset + 560] ^ x[offset + 576]) & (c >> 31); x[offset + 560] ^= t; x[offset + 576] ^= t;
c = 61444 - x[offset + 592]; t = (x[offset + 592] ^ x[offset + 608]) & (c >> 31); x[offset + 592] ^= t; x[offset + 608] ^= t;
c = 61444 - x[offset + 624]; t = (x[offset + 624] ^ x[offset + 640]) & (c >> 31); x[offset + 624] ^= t; x[offset + 640] ^= t;
c = 61444 - x[offset + 656]; t = (x[offset + 656] ^ x[offset + 672]) & (c >> 31); x[offset + 656] ^= t; x[offset + 672] ^= t;
c = 61444 - x[offset + 688]; t = (x[offset + 688] ^ x[offset + 704]) & (c >> 31); x[offset + 688] ^= t; x[offset + 704] ^= t;
c = 61444 - x[offset + 720]; t = (x[offset + 720] ^ x[offset + 736]) & (c >> 31); x[offset + 720] ^= t; x[offset + 736] ^= t;
c = 61444 - x[offset + 752]; t = (x[offset + 752] ^ x[offset + 768]) & (c >> 31); x[offset + 752] ^= t; x[offset + 768] ^= t;
c = 61444 - x[offset + 784]; t = (x[offset + 784] ^ x[offset + 800]) & (c >> 31); x[offset + 784] ^= t; x[offset + 800] ^= t;
c = 61444 - x[offset + 816]; t = (x[offset + 816] ^ x[offset + 832]) & (c >> 31); x[offset + 816] ^= t; x[offset + 832] ^= t;
c = 61444 - x[offset + 848]; t = (x[offset + 848] ^ x[offset + 864]) & (c >> 31); x[offset + 848] ^= t; x[offset + 864] ^= t;
c = 61444 - x[offset + 880]; t = (x[offset + 880] ^ x[offset + 896]) & (c >> 31); x[offset + 880] ^= t; x[offset + 896] ^= t;
c = 61444 - x[offset + 912]; t = (x[offset + 912] ^ x[offset + 928]) & (c >> 31); x[offset + 912] ^= t; x[offset + 928] ^= t;
c = 61444 - x[offset + 944]; t = (x[offset + 944] ^ x[offset + 960]) & (c >> 31); x[offset + 944] ^= t; x[offset + 960] ^= t;
c = 61444 - x[offset + 976]; t = (x[offset + 976] ^ x[offset + 992]) & (c >> 31); x[offset + 976] ^= t; x[offset + 992] ^= t;
c = 61444 - x[offset + 1008]; t = (x[offset + 1008] ^ x[offset + 1024]) & (c >> 31); x[offset + 1008] ^= t; x[offset + 1024] ^= t;
c = 61444 - x[offset + 1040]; t = (x[offset + 1040] ^ x[offset + 1056]) & (c >> 31); x[offset + 1040] ^= t; x[offset + 1056] ^= t;
c = 61444 - x[offset + 1072]; t = (x[offset + 1072] ^ x[offset + 1088]) & (c >> 31); x[offset + 1072] ^= t; x[offset + 1088] ^= t;
c = 61444 - x[offset + 1104]; t = (x[offset + 1104] ^ x[offset + 1120]) & (c >> 31); x[offset + 1104] ^= t; x[offset + 1120] ^= t;
c = 61444 - x[offset + 1136]; t = (x[offset + 1136] ^ x[offset + 1152]) & (c >> 31); x[offset + 1136] ^= t; x[offset + 1152] ^= t;
c = 61444 - x[offset + 1168]; t = (x[offset + 1168] ^ x[offset + 1184]) & (c >> 31); x[offset + 1168] ^= t; x[offset + 1184] ^= t;
c = 61444 - x[offset + 1200]; t = (x[offset + 1200] ^ x[offset + 1216]) & (c >> 31); x[offset + 1200] ^= t; x[offset + 1216] ^= t;
c = 61444 - x[offset + 1232]; t = (x[offset + 1232] ^ x[offset + 1248]) & (c >> 31); x[offset + 1232] ^= t; x[offset + 1248] ^= t;
c = 61444 - x[offset + 1264]; t = (x[offset + 1264] ^ x[offset + 1280]) & (c >> 31); x[offset + 1264] ^= t; x[offset + 1280] ^= t;
c = 61444 - x[offset + 1296]; t = (x[offset + 1296] ^ x[offset + 1312]) & (c >> 31); x[offset + 1296] ^= t; x[offset + 1312] ^= t;
}
}

327
src/main/java/com/southernstorm/noise/crypto/Poly1305.java
View File

@ -1,327 +0,0 @@
/*
* Copyright (C) 2016 Southern Storm Software, Pty Ltd.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
package com.southernstorm.noise.crypto;
import java.util.Arrays;
import com.southernstorm.noise.protocol.Destroyable;
/**
* Simple implementation of the Poly1305 message authenticator.
*/
public final class Poly1305 implements Destroyable {
// The 130-bit intermediate values are broken up into five 26-bit words.
private byte[] nonce;
private byte[] block;
private int[] h;
private int[] r;
private int[] c;
private long[] t;
private int posn;
/**
* Constructs a new Poly1305 message authenticator.
*/
public Poly1305()
{
nonce = new byte [16];
block = new byte [16];
h = new int [5];
r = new int [5];
c = new int [5];
t = new long [10];
posn = 0;
}
/**
* Resets the message authenticator with a new key.
*
* @param key The buffer containing the 32 byte key.
* @param offset The offset into the buffer of the first key byte.
*/
public void reset(byte[] key, int offset)
{
System.arraycopy(key, offset + 16, nonce, 0, 16);
Arrays.fill(h, 0);
posn = 0;
// Convert the first 16 bytes of the key into a 130-bit
// "r" value while masking off the bits that we don't need.
r[0] = ((key[offset] & 0xFF)) |
((key[offset + 1] & 0xFF) << 8) |
((key[offset + 2] & 0xFF) << 16) |
((key[offset + 3] & 0x03) << 24);
r[1] = ((key[offset + 3] & 0x0C) >> 2) |
((key[offset + 4] & 0xFC) << 6) |
((key[offset + 5] & 0xFF) << 14) |
((key[offset + 6] & 0x0F) << 22);
r[2] = ((key[offset + 6] & 0xF0) >> 4) |
((key[offset + 7] & 0x0F) << 4) |
((key[offset + 8] & 0xFC) << 12) |
((key[offset + 9] & 0x3F) << 20);
r[3] = ((key[offset + 9] & 0xC0) >> 6) |
((key[offset + 10] & 0xFF) << 2) |
((key[offset + 11] & 0x0F) << 10) |
((key[offset + 12] & 0xFC) << 18);
r[4] = ((key[offset + 13] & 0xFF)) |
((key[offset + 14] & 0xFF) << 8) |
((key[offset + 15] & 0x0F) << 16);
}
/**
* Updates the message authenticator with more input data.
*
* @param data The buffer containing the input data.
* @param offset The offset of the first byte of input.
* @param length The number of bytes of input.
*/
public void update(byte[] data, int offset, int length)
{
while (length > 0) {
if (posn == 0 && length >= 16) {
// We can process the chunk directly out of the input buffer.
processChunk(data, offset, false);
offset += 16;
length -= 16;
} else {
// Collect up partial bytes in the block buffer.
int temp = 16 - posn;
if (temp > length)
temp = length;
System.arraycopy(data, offset, block, posn, temp);
offset += temp;
length -= temp;
posn += temp;
if (posn >= 16) {
processChunk(block, 0, false);
posn = 0;
}
}
}
}
/**
* Pads the input with zeroes to a multiple of 16 bytes.
*/
public void pad()
{
if (posn != 0) {
Arrays.fill(block, posn, 16, (byte)0);
processChunk(block, 0, false);
posn = 0;
}
}
/**
* Finishes the message authenticator and returns the 16-byte token.
*
* @param token The buffer to receive the token.
* @param offset The offset of the token in the buffer.
*/
public void finish(byte[] token, int offset)
{
// Pad and flush the final chunk.
if (posn != 0) {
block[posn] = (byte)1;
Arrays.fill(block, posn + 1, 16, (byte)0);
processChunk(block, 0, true);
}
// At this point, processChunk() has left h as a partially reduced
// result that is less than (2^130 - 5) * 6. Perform one more
// reduction and a trial subtraction to produce the final result.
// Multiply the high bits of h by 5 and add them to the 130 low bits.
int carry = (h[4] >> 26) * 5 + h[0];
h[0] = carry & 0x03FFFFFF;
carry = (carry >> 26) + h[1];
h[1] = carry & 0x03FFFFFF;
carry = (carry >> 26) + h[2];
h[2] = carry & 0x03FFFFFF;
carry = (carry >> 26) + h[3];
h[3] = carry & 0x03FFFFFF;
h[4] = (carry >> 26) + (h[4] & 0x03FFFFFF);
// Subtract (2^130 - 5) from h by computing c = h + 5 - 2^130.
// The "minus 2^130" step is implicit.
carry = 5 + h[0];
c[0] = carry & 0x03FFFFFF;
carry = (carry >> 26) + h[1];
c[1] = carry & 0x03FFFFFF;
carry = (carry >> 26) + h[2];
c[2] = carry & 0x03FFFFFF;
carry = (carry >> 26) + h[3];
c[3] = carry & 0x03FFFFFF;
c[4] = (carry >> 26) + h[4];
// Borrow occurs if bit 2^130 of the previous c result is zero.
// Carefully turn this into a selection mask so we can select either
// h or c as the final result.
int mask = -((c[4] >> 26) & 0x01);
int nmask = ~mask;
h[0] = (h[0] & nmask) | (c[0] & mask);
h[1] = (h[1] & nmask) | (c[1] & mask);
h[2] = (h[2] & nmask) | (c[2] & mask);
h[3] = (h[3] & nmask) | (c[3] & mask);
h[4] = (h[4] & nmask) | (c[4] & mask);
// Convert h into little-endian in the block buffer.
block[0] = (byte)(h[0]);
block[1] = (byte)(h[0] >> 8);
block[2] = (byte)(h[0] >> 16);
block[3] = (byte)((h[0] >> 24) | (h[1] << 2));
block[4] = (byte)(h[1] >> 6);
block[5] = (byte)(h[1] >> 14);
block[6] = (byte)((h[1] >> 22) | (h[2] << 4));
block[7] = (byte)(h[2] >> 4);
block[8] = (byte)(h[2] >> 12);
block[9] = (byte)((h[2] >> 20) | (h[3] << 6));
block[10] = (byte)(h[3] >> 2);
block[11] = (byte)(h[3] >> 10);
block[12] = (byte)(h[3] >> 18);
block[13] = (byte)(h[4]);
block[14] = (byte)(h[4] >> 8);
block[15] = (byte)(h[4] >> 16);
// Add the nonce and write the final result to the token.
carry = (nonce[0] & 0xFF) + (block[0] & 0xFF);
token[offset] = (byte)carry;
for (int x = 1; x < 16; ++x) {
carry = (carry >> 8) + (nonce[x] & 0xFF) + (block[x] & 0xFF);
token[offset + x] = (byte)carry;
}
}
/**
* Processes the next chunk of input data.
*
* @param chunk Buffer containing the input data chunk.
* @param offset Offset of the first byte of the 16-byte chunk.
* @param finalChunk Set to true if this is the final chunk.
*/
private void processChunk(byte[] chunk, int offset, boolean finalChunk)
{
int x;
// Unpack the 128-bit chunk into a 130-bit value in "c".
c[0] = ((chunk[offset] & 0xFF)) |
((chunk[offset + 1] & 0xFF) << 8) |
((chunk[offset + 2] & 0xFF) << 16) |
((chunk[offset + 3] & 0x03) << 24);
c[1] = ((chunk[offset + 3] & 0xFC) >> 2) |
((chunk[offset + 4] & 0xFF) << 6) |
((chunk[offset + 5] & 0xFF) << 14) |
((chunk[offset + 6] & 0x0F) << 22);
c[2] = ((chunk[offset + 6] & 0xF0) >> 4) |
((chunk[offset + 7] & 0xFF) << 4) |
((chunk[offset + 8] & 0xFF) << 12) |
((chunk[offset + 9] & 0x3F) << 20);
c[3] = ((chunk[offset + 9] & 0xC0) >> 6) |
((chunk[offset + 10] & 0xFF) << 2) |
((chunk[offset + 11] & 0xFF) << 10) |
((chunk[offset + 12] & 0xFF) << 18);
c[4] = ((chunk[offset + 13] & 0xFF)) |
((chunk[offset + 14] & 0xFF) << 8) |
((chunk[offset + 15] & 0xFF) << 16);
if (!finalChunk)
c[4] |= (1 << 24);
// Compute h = ((h + c) * r) mod (2^130 - 5)
// Start with h += c. We assume that h is less than (2^130 - 5) * 6
// and that c is less than 2^129, so the result will be less than 2^133.
h[0] += c[0];
h[1] += c[1];
h[2] += c[2];
h[3] += c[3];
h[4] += c[4];
// Multiply h by r. We know that r is less than 2^124 because the
// top 4 bits were AND-ed off by reset(). That makes h * r less
// than 2^257. Which is less than the (2^130 - 6)^2 we want for
// the modulo reduction step that follows. The intermediate limbs
// are 52 bits in size, which allows us to collect up carries in the
// extra bits of the 64 bit longs and propagate them later.
long hv = h[0];
t[0] = hv * r[0];
t[1] = hv * r[1];
t[2] = hv * r[2];
t[3] = hv * r[3];
t[4] = hv * r[4];
for (x = 1; x < 5; ++x) {
hv = h[x];
t[x] += hv * r[0];
t[x + 1] += hv * r[1];
t[x + 2] += hv * r[2];
t[x + 3] += hv * r[3];
t[x + 4] = hv * r[4];
}
// Propagate carries to convert the t limbs from 52-bit back to 26-bit.
// The low bits are placed into h and the high bits are placed into c.
h[0] = ((int)t[0]) & 0x03FFFFFF;
hv = t[1] + (t[0] >> 26);
h[1] = ((int)hv) & 0x03FFFFFF;
hv = t[2] + (hv >> 26);
h[2] = ((int)hv) & 0x03FFFFFF;
hv = t[3] + (hv >> 26);
h[3] = ((int)hv) & 0x03FFFFFF;
hv = t[4] + (hv >> 26);
h[4] = ((int)hv) & 0x03FFFFFF;
hv = t[5] + (hv >> 26);
c[0] = ((int)hv) & 0x03FFFFFF;
hv = t[6] + (hv >> 26);
c[1] = ((int)hv) & 0x03FFFFFF;
hv = t[7] + (hv >> 26);
c[2] = ((int)hv) & 0x03FFFFFF;
hv = t[8] + (hv >> 26);
c[3] = ((int)hv) & 0x03FFFFFF;
hv = t[9] + (hv >> 26);
c[4] = ((int)hv);
// Reduce h * r modulo (2^130 - 5) by multiplying the high 130 bits by 5
// and adding them to the low 130 bits. This will leave the result at
// most 5 subtractions away from the answer we want.
int carry = h[0] + c[0] * 5;
h[0] = carry & 0x03FFFFFF;
carry = (carry >> 26) + h[1] + c[1] * 5;
h[1] = carry & 0x03FFFFFF;
carry = (carry >> 26) + h[2] + c[2] * 5;
h[2] = carry & 0x03FFFFFF;
carry = (carry >> 26) + h[3] + c[3] * 5;
h[3] = carry & 0x03FFFFFF;
carry = (carry >> 26) + h[4] + c[4] * 5;
h[4] = carry;
}
@Override
public void destroy() {
Arrays.fill(nonce, (byte)0);
Arrays.fill(block, (byte)0);
Arrays.fill(h, (int)0);
Arrays.fill(r, (int)0);
Arrays.fill(c, (int)0);
Arrays.fill(t, (long)0);
}
}

1099
src/main/java/com/southernstorm/noise/crypto/RijndaelAES.java
View File

File diff suppressed because it is too large Load Diff

244
src/main/java/com/southernstorm/noise/crypto/SHA256MessageDigest.java
View File

@ -1,244 +0,0 @@
/*
* Copyright (C) 2016 Southern Storm Software, Pty Ltd.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
package com.southernstorm.noise.crypto;
import java.security.DigestException;
import java.security.MessageDigest;
import java.util.Arrays;
import com.southernstorm.noise.protocol.Destroyable;
/**
* Fallback implementation of SHA256.
*/
public class SHA256MessageDigest extends MessageDigest implements Destroyable {
private int[] h;
private byte[] block;
private int[] w;
private long length;
private int posn;
/**
* Constructs a new SHA256 message digest object.
*/
public SHA256MessageDigest() {
super("SHA-256");
h = new int [8];
block = new byte [64];
w = new int [64];
engineReset();
}
@Override
public void destroy() {
Arrays.fill(h, (int)0);
Arrays.fill(block, (byte)0);
Arrays.fill(w, (int)0);
}
private static void writeBE32(byte[] buf, int offset, int value)
{
buf[offset] = (byte)(value >> 24);
buf[offset + 1] = (byte)(value >> 16);
buf[offset + 2] = (byte)(value >> 8);
buf[offset + 3] = (byte)value;
}
@Override
protected byte[] engineDigest() {
byte[] digest = new byte [32];
try {
engineDigest(digest, 0, 32);
} catch (DigestException e) {
// Shouldn't happen, but just in case.
Arrays.fill(digest, (byte)0);
}
return digest;
}
@Override
protected int engineDigest(byte[] buf, int offset, int len) throws DigestException
{
if (len < 32)
throw new DigestException("Invalid digest length for SHA256");
if (posn <= (64 - 9)) {
block[posn] = (byte)0x80;
Arrays.fill(block, posn + 1, 64 - 8, (byte)0);
} else {
block[posn] = (byte)0x80;
Arrays.fill(block, posn + 1, 64, (byte)0);
transform(block, 0);
Arrays.fill(block, 0, 64 - 8, (byte)0);
}
writeBE32(block, 64 - 8, (int)(length >> 32));
writeBE32(block, 64 - 4, (int)length);
transform(block, 0);
posn = 0;
for (int index = 0; index < 8; ++index)
writeBE32(buf, offset + index * 4, h[index]);
return 32;
}
@Override
protected int engineGetDigestLength() {
return 32;
}
@Override
protected void engineReset() {
h[0] = 0x6A09E667;
h[1] = 0xBB67AE85;
h[2] = 0x3C6EF372;
h[3] = 0xA54FF53A;
h[4] = 0x510E527F;
h[5] = 0x9B05688C;
h[6] = 0x1F83D9AB;
h[7] = 0x5BE0CD19;
length = 0;
posn = 0;
}
@Override
protected void engineUpdate(byte input) {
block[posn++] = input;
length += 8;
if (posn >= 64) {
transform(block, 0);
posn = 0;
}
}
@Override
protected void engineUpdate(byte[] input, int offset, int len) {
while (len > 0) {
if (posn == 0 && len >= 64) {
transform(input, offset);
offset += 64;
len -= 64;
length += 64 * 8;
} else {
int temp = 64 - posn;
if (temp > len)
temp = len;
System.arraycopy(input, offset, block, posn, temp);
posn += temp;
length += temp * 8;
if (posn >= 64) {
transform(block, 0);
posn = 0;
}
offset += temp;
len -= temp;
}
}
}
private static final int[] k = {
0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
};
private static int rightRotate(int value, int n)
{
return (value >>> n) | (value << (32 - n));
}
private void transform(byte[] m, int offset)
{
int a, b, c, d, e, f, g, h;
int temp1, temp2;
int index;
// Initialize working variables to the current hash value.
a = this.h[0];
b = this.h[1];
c = this.h[2];
d = this.h[3];
e = this.h[4];
f = this.h[5];
g = this.h[6];
h = this.h[7];
// Convert the 16 input message words from big endian to host byte order.
for (index = 0; index < 16; ++index) {
w[index] = ((m[offset] & 0xFF) << 24) |
((m[offset + 1] & 0xFF) << 16) |
((m[offset + 2] & 0xFF) << 8) |
(m[offset + 3] & 0xFF);
offset += 4;
}
// Extend the first 16 words to 64.
for (index = 16; index < 64; ++index) {
w[index] = w[index - 16] + w[index - 7] +
(rightRotate(w[index - 15], 7) ^
rightRotate(w[index - 15], 18) ^
(w[index - 15] >>> 3)) +
(rightRotate(w[index - 2], 17) ^
rightRotate(w[index - 2], 19) ^
(w[index - 2] >>> 10));
}
// Compression function main loop.
for (index = 0; index < 64; ++index) {
temp1 = (h) + k[index] + w[index] +
(rightRotate((e), 6) ^ rightRotate((e), 11) ^ rightRotate((e), 25)) +
(((e) & (f)) ^ ((~(e)) & (g)));
temp2 = (rightRotate((a), 2) ^ rightRotate((a), 13) ^ rightRotate((a), 22)) +
(((a) & (b)) ^ ((a) & (c)) ^ ((b) & (c)));
h = g;
g = f;
f = e;
e = d + temp1;
d = c;
c = b;
b = a;
a = temp1 + temp2;
}
// Add the compressed chunk to the current hash value.
this.h[0] += a;
this.h[1] += b;
this.h[2] += c;
this.h[3] += d;
this.h[4] += e;
this.h[5] += f;
this.h[6] += g;
this.h[7] += h;
}
}

265
src/main/java/com/southernstorm/noise/crypto/SHA512MessageDigest.java
View File

@ -1,265 +0,0 @@
/*
* Copyright (C) 2016 Southern Storm Software, Pty Ltd.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
package com.southernstorm.noise.crypto;
import java.security.DigestException;
import java.security.MessageDigest;
import java.util.Arrays;
import com.southernstorm.noise.protocol.Destroyable;
/**
* Fallback implementation of SHA512.
*
* Note: This implementation is limited to a maximum 2^56 - 1 bytes of input.
* That is, we don't bother trying to implement 128-bit length values.
*/
public class SHA512MessageDigest extends MessageDigest implements Destroyable {
private long[] h;
private byte[] block;
private long[] w;
private long length;
private int posn;
/**
* Constructs a new SHA512 message digest object.
*/
public SHA512MessageDigest() {
super("SHA-512");
h = new long [8];
block = new byte [128];
w = new long [80];
engineReset();
}
@Override
public void destroy() {
Arrays.fill(h, (long)0);
Arrays.fill(block, (byte)0);
Arrays.fill(w, (long)0);
}
private static void writeBE64(byte[] buf, int offset, long value)
{
buf[offset] = (byte)(value >> 56);
buf[offset + 1] = (byte)(value >> 48);
buf[offset + 2] = (byte)(value >> 40);
buf[offset + 3] = (byte)(value >> 32);
buf[offset + 4] = (byte)(value >> 24);
buf[offset + 5] = (byte)(value >> 16);
buf[offset + 6] = (byte)(value >> 8);
buf[offset + 7] = (byte)value;
}
@Override
protected byte[] engineDigest() {
byte[] digest = new byte [64];
try {
engineDigest(digest, 0, 64);
} catch (DigestException e) {
// Shouldn't happen, but just in case.
Arrays.fill(digest, (byte)0);
}
return digest;
}
@Override
protected int engineDigest(byte[] buf, int offset, int len) throws DigestException
{
if (len < 64)
throw new DigestException("Invalid digest length for SHA512");
if (posn <= (128 - 17)) {
block[posn] = (byte)0x80;
Arrays.fill(block, posn + 1, 128 - 8, (byte)0);
} else {
block[posn] = (byte)0x80;
Arrays.fill(block, posn + 1, 128, (byte)0);
transform(block, 0);
Arrays.fill(block, 0, 128 - 8, (byte)0);
}
writeBE64(block, 128 - 8, length);
transform(block, 0);
posn = 0;
for (int index = 0; index < 8; ++index)
writeBE64(buf, offset + index * 8, h[index]);
return 64;
}
@Override
protected int engineGetDigestLength() {
return 64;
}
@Override
protected void engineReset() {
h[0] = 0x6a09e667f3bcc908L;
h[1] = 0xbb67ae8584caa73bL;
h[2] = 0x3c6ef372fe94f82bL;
h[3] = 0xa54ff53a5f1d36f1L;
h[4] = 0x510e527fade682d1L;
h[5] = 0x9b05688c2b3e6c1fL;
h[6] = 0x1f83d9abfb41bd6bL;
h[7] = 0x5be0cd19137e2179L;
length = 0;
posn = 0;
}
@Override
protected void engineUpdate(byte input) {
block[posn++] = input;
length += 8;
if (posn >= 128) {
transform(block, 0);
posn = 0;
}
}
@Override
protected void engineUpdate(byte[] input, int offset, int len) {
while (len > 0) {
if (posn == 0 && len >= 128) {
transform(input, offset);
offset += 128;
len -= 128;
length += 128 * 8;
} else {
int temp = 128 - posn;
if (temp > len)
temp = len;
System.arraycopy(input, offset, block, posn, temp);
posn += temp;
length += temp * 8;
if (posn >= 128) {
transform(block, 0);
posn = 0;
}
offset += temp;
len -= temp;
}
}
}
private static final long[] k = {
0x428A2F98D728AE22L, 0x7137449123EF65CDL, 0xB5C0FBCFEC4D3B2FL,
0xE9B5DBA58189DBBCL, 0x3956C25BF348B538L, 0x59F111F1B605D019L,
0x923F82A4AF194F9BL, 0xAB1C5ED5DA6D8118L, 0xD807AA98A3030242L,
0x12835B0145706FBEL, 0x243185BE4EE4B28CL, 0x550C7DC3D5FFB4E2L,
0x72BE5D74F27B896FL, 0x80DEB1FE3B1696B1L, 0x9BDC06A725C71235L,
0xC19BF174CF692694L, 0xE49B69C19EF14AD2L, 0xEFBE4786384F25E3L,
0x0FC19DC68B8CD5B5L, 0x240CA1CC77AC9C65L, 0x2DE92C6F592B0275L,
0x4A7484AA6EA6E483L, 0x5CB0A9DCBD41FBD4L, 0x76F988DA831153B5L,
0x983E5152EE66DFABL, 0xA831C66D2DB43210L, 0xB00327C898FB213FL,
0xBF597FC7BEEF0EE4L, 0xC6E00BF33DA88FC2L, 0xD5A79147930AA725L,
0x06CA6351E003826FL, 0x142929670A0E6E70L, 0x27B70A8546D22FFCL,
0x2E1B21385C26C926L, 0x4D2C6DFC5AC42AEDL, 0x53380D139D95B3DFL,
0x650A73548BAF63DEL, 0x766A0ABB3C77B2A8L, 0x81C2C92E47EDAEE6L,
0x92722C851482353BL, 0xA2BFE8A14CF10364L, 0xA81A664BBC423001L,
0xC24B8B70D0F89791L, 0xC76C51A30654BE30L, 0xD192E819D6EF5218L,
0xD69906245565A910L, 0xF40E35855771202AL, 0x106AA07032BBD1B8L,
0x19A4C116B8D2D0C8L, 0x1E376C085141AB53L, 0x2748774CDF8EEB99L,
0x34B0BCB5E19B48A8L, 0x391C0CB3C5C95A63L, 0x4ED8AA4AE3418ACBL,
0x5B9CCA4F7763E373L, 0x682E6FF3D6B2B8A3L, 0x748F82EE5DEFB2FCL,
0x78A5636F43172F60L, 0x84C87814A1F0AB72L, 0x8CC702081A6439ECL,
0x90BEFFFA23631E28L, 0xA4506CEBDE82BDE9L, 0xBEF9A3F7B2C67915L,
0xC67178F2E372532BL, 0xCA273ECEEA26619CL, 0xD186B8C721C0C207L,
0xEADA7DD6CDE0EB1EL, 0xF57D4F7FEE6ED178L, 0x06F067AA72176FBAL,
0x0A637DC5A2C898A6L, 0x113F9804BEF90DAEL, 0x1B710B35131C471BL,
0x28DB77F523047D84L, 0x32CAAB7B40C72493L, 0x3C9EBE0A15C9BEBCL,
0x431D67C49C100D4CL, 0x4CC5D4BECB3E42B6L, 0x597F299CFC657E2AL,
0x5FCB6FAB3AD6FAECL, 0x6C44198C4A475817L
};
private static long rightRotate(long value, int n)
{
return (value >>> n) | (value << (64 - n));
}
private void transform(byte[] m, int offset)
{
long a, b, c, d, e, f, g, h;
long temp1, temp2;
int index;
// Initialize working variables to the current hash value.
a = this.h[0];
b = this.h[1];
c = this.h[2];
d = this.h[3];
e = this.h[4];
f = this.h[5];
g = this.h[6];
h = this.h[7];
// Convert the 16 input message words from big endian to host byte order.
for (index = 0; index < 16; ++index) {
w[index] = ((m[offset] & 0xFFL) << 56) |
((m[offset + 1] & 0xFFL) << 48) |
((m[offset + 2] & 0xFFL) << 40) |
((m[offset + 3] & 0xFFL) << 32) |
((m[offset + 4] & 0xFFL) << 24) |
((m[offset + 5] & 0xFFL) << 16) |
((m[offset + 6] & 0xFFL) << 8) |
(m[offset + 7] & 0xFFL);
offset += 8;
}
// Extend the first 16 words to 80.
for (index = 16; index < 80; ++index) {
w[index] = w[index - 16] + w[index - 7] +
(rightRotate(w[index - 15], 1) ^
rightRotate(w[index - 15], 8) ^
(w[index - 15] >>> 7)) +
(rightRotate(w[index - 2], 19) ^
rightRotate(w[index - 2], 61) ^
(w[index - 2] >>> 6));
}
// Compression function main loop.
for (index = 0; index < 80; ++index) {
temp1 = (h) + k[index] + w[index] +
(rightRotate((e), 14) ^ rightRotate((e), 18) ^ rightRotate((e), 41)) +
(((e) & (f)) ^ ((~(e)) & (g)));
temp2 = (rightRotate((a), 28) ^ rightRotate((a), 34) ^ rightRotate((a), 39)) +
(((a) & (b)) ^ ((a) & (c)) ^ ((b) & (c)));
h = g;
g = f;
f = e;
e = d + temp1;
d = c;
c = b;
b = a;
a = temp1 + temp2;
}
// Add the compressed chunk to the current hash value.
this.h[0] += a;
this.h[1] += b;
this.h[2] += c;
this.h[3] += d;
this.h[4] += e;
this.h[5] += f;
this.h[6] += g;
this.h[7] += h;
}
}

12
src/main/java/com/southernstorm/noise/crypto/package-info.java
View File

@ -1,12 +0,0 @@
/**
* Fallback implementations of cryptographic primitives.
*
* This package provides plain Java implementations of the
* cryptographic primitives that Noise requires which do not
* normally come with standard JDK's.
*
* Applications that use Noise won't normally use these classes
* directly.
*/
package com.southernstorm.noise.crypto;

266
src/main/java/com/southernstorm/noise/protocol/AESGCMFallbackCipherState.java
View File

@ -1,266 +0,0 @@
/*
* Copyright (C) 2016 Southern Storm Software, Pty Ltd.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
package com.southernstorm.noise.protocol;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.ShortBufferException;
import com.southernstorm.noise.crypto.GHASH;
import com.southernstorm.noise.crypto.RijndaelAES;
/**
* Fallback implementation of "AESGCM" on platforms where
* the JCA/JCE does not have a suitable GCM or CTR provider.
*/
class AESGCMFallbackCipherState implements CipherState {
private RijndaelAES aes;
private long n;
private byte[] iv;
private byte[] enciv;
private byte[] hashKey;
private GHASH ghash;
private boolean haskey;
/**
* Constructs a new cipher state for the "AESGCM" algorithm.
*/
public AESGCMFallbackCipherState()
{
aes = new RijndaelAES();
n = 0;
iv = new byte [16];
enciv = new byte [16];
hashKey = new byte [16];
ghash = new GHASH();
haskey = false;
}
@Override
public void destroy() {
aes.destroy();
ghash.destroy();
Noise.destroy(hashKey);
Noise.destroy(iv);
Noise.destroy(enciv);
}
@Override
public String getCipherName() {
return "AESGCM";
}
@Override
public int getKeyLength() {
return 32;
}
@Override
public int getMACLength() {
return haskey ? 16 : 0;
}
@Override
public void initializeKey(byte[] key, int offset) {
// Set up the AES key.
aes.setupEnc(key, offset, 256);
haskey = true;
// Generate the hashing key by encrypting a block of zeroes.
Arrays.fill(hashKey, (byte)0);
aes.encrypt(hashKey, 0, hashKey, 0);
ghash.reset(hashKey, 0);
// Reset the nonce.
n = 0;
}
@Override
public boolean hasKey() {
return haskey;
}
/**
* Set up to encrypt or decrypt the next packet.
*
* @param ad The associated data for the packet.
*/
private void setup(byte[] ad)
{
// Check for nonce wrap-around.
if (n == -1L)
throw new IllegalStateException("Nonce has wrapped around");
// Format the counter/IV block.
iv[0] = 0;
iv[1] = 0;
iv[2] = 0;
iv[3] = 0;
iv[4] = (byte)(n >> 56);
iv[5] = (byte)(n >> 48);
iv[6] = (byte)(n >> 40);
iv[7] = (byte)(n >> 32);
iv[8] = (byte)(n >> 24);
iv[9] = (byte)(n >> 16);
iv[10] = (byte)(n >> 8);
iv[11] = (byte)n;
iv[12] = 0;
iv[13] = 0;
iv[14] = 0;
iv[15] = 1;
// Encrypt a block of zeroes to generate the hash key to XOR
// the GHASH tag with at the end of the encrypt/decrypt operation.
Arrays.fill(hashKey, (byte)0);
aes.encrypt(iv, 0, hashKey, 0);
// Initialize the GHASH with the associated data value.
ghash.reset();
if (ad != null) {
ghash.update(ad, 0, ad.length);
ghash.pad();
}
}
/**
* Encrypts a block in CTR mode.
*
* @param plaintext The plaintext to encrypt.
* @param plaintextOffset Offset of the first plaintext byte.
* @param ciphertext The resulting ciphertext.
* @param ciphertextOffset Offset of the first ciphertext byte.
* @param length The number of bytes to encrypt.
*
* This function can also be used to decrypt.
*/
private void encryptCTR(byte[] plaintext, int plaintextOffset, byte[] ciphertext, int ciphertextOffset, int length)
{
while (length > 0) {
// Increment the IV and encrypt it to get the next keystream block.
if (++(iv[15]) == 0)
if (++(iv[14]) == 0)
if (++(iv[13]) == 0)
++(iv[12]);
aes.encrypt(iv, 0, enciv, 0);
// XOR the keystream block with the plaintext to create the ciphertext.
int temp = length;
if (temp > 16)
temp = 16;
for (int index = 0; index < temp; ++index)
ciphertext[ciphertextOffset + index] = (byte)(plaintext[plaintextOffset + index] ^ enciv[index]);
// Advance to the next block.
plaintextOffset += temp;
ciphertextOffset += temp;
length -= temp;
}
}
@Override
public int encryptWithAd(byte[] ad, byte[] plaintext, int plaintextOffset,
byte[] ciphertext, int ciphertextOffset, int length)
throws ShortBufferException {
int space;
if (ciphertextOffset < 0 || ciphertextOffset > ciphertext.length)
throw new IllegalArgumentException();
if (length < 0 || plaintextOffset < 0 || plaintextOffset > plaintext.length || length > plaintext.length || (plaintext.length - plaintextOffset) < length)
throw new IllegalArgumentException();
space = ciphertext.length - ciphertextOffset;
if (!haskey) {
// The key is not set yet - return the plaintext as-is.
if (length > space)
throw new ShortBufferException();
if (plaintext != ciphertext || plaintextOffset != ciphertextOffset)
System.arraycopy(plaintext, plaintextOffset, ciphertext, ciphertextOffset, length);
return length;
}
if (space < 16 || length > (space - 16))
throw new ShortBufferException();
setup(ad);
encryptCTR(plaintext, plaintextOffset, ciphertext, ciphertextOffset, length);
ghash.update(ciphertext, ciphertextOffset, length);
ghash.pad(ad != null ? ad.length : 0, length);
ghash.finish(ciphertext, ciphertextOffset + length, 16);
for (int index = 0; index < 16; ++index)
ciphertext[ciphertextOffset + length + index] ^= hashKey[index];
n += 1;
return length + 16;
}
@Override
public int decryptWithAd(byte[] ad, byte[] ciphertext,
int ciphertextOffset, byte[] plaintext, int plaintextOffset,
int length) throws ShortBufferException, BadPaddingException {
int space;
if (ciphertextOffset < 0 || ciphertextOffset > ciphertext.length)
throw new IllegalArgumentException();
else
space = ciphertext.length - ciphertextOffset;
if (length > space)
throw new ShortBufferException();
if (length < 0 || plaintextOffset < 0 || plaintextOffset > plaintext.length || length > ciphertext.length || (ciphertext.length - ciphertextOffset) < length)
throw new IllegalArgumentException();
space = plaintext.length - plaintextOffset;
if (!haskey) {
// The key is not set yet - return the ciphertext as-is.
if (length > space)
throw new ShortBufferException();
if (plaintext != ciphertext || plaintextOffset != ciphertextOffset)
System.arraycopy(ciphertext, ciphertextOffset, plaintext, plaintextOffset, length);
return length;
}
if (length < 16)
Noise.throwBadTagException();
int dataLen = length - 16;
if (dataLen > space)
throw new ShortBufferException();
setup(ad);
ghash.update(ciphertext, ciphertextOffset, dataLen);
ghash.pad(ad != null ? ad.length : 0, dataLen);
ghash.finish(enciv, 0, 16);
int temp = 0;
for (int index = 0; index < 16; ++index)
temp |= (hashKey[index] ^ enciv[index] ^ ciphertext[ciphertextOffset + dataLen + index]);
if ((temp & 0xFF) != 0)
Noise.throwBadTagException();
encryptCTR(ciphertext, ciphertextOffset, plaintext, plaintextOffset, dataLen);
n += 1;
return dataLen;
}
@Override
public CipherState fork(byte[] key, int offset) {
CipherState cipher;
cipher = new AESGCMFallbackCipherState();
cipher.initializeKey(key, offset);
return cipher;
}
@Override
public void setNonce(long nonce) {
n = nonce;
}
}

336
src/main/java/com/southernstorm/noise/protocol/AESGCMOnCtrCipherState.java
View File

@ -1,336 +0,0 @@
/*
* Copyright (C) 2016 Southern Storm Software, Pty Ltd.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
package com.southernstorm.noise.protocol;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import com.southernstorm.noise.crypto.GHASH;
/**
* Emulates the "AESGCM" cipher for Noise using the "AES/CTR/NoPadding"
* transformation from JCA/JCE.
*
* This class is used on platforms that don't have "AES/GCM/NoPadding",
* but which do have the older "AES/CTR/NoPadding".
*/
class AESGCMOnCtrCipherState implements CipherState {
private Cipher cipher;
private SecretKeySpec keySpec;
private long n;
private byte[] iv;
private byte[] hashKey;
private GHASH ghash;
/**
* Constructs a new cipher state for the "AESGCM" algorithm.
*
* @throws NoSuchAlgorithmException The system does not have a
* provider for this algorithm.
*/
public AESGCMOnCtrCipherState() throws NoSuchAlgorithmException
{
try {
cipher = Cipher.getInstance("AES/CTR/NoPadding");
} catch (NoSuchPaddingException e) {
// AES/CTR is available, but not the unpadded version? Huh?
throw new NoSuchAlgorithmException("AES/CTR/NoPadding not available", e);
}
keySpec = null;
n = 0;
iv = new byte [16];
hashKey = new byte [16];
ghash = new GHASH();
// Try to set a 256-bit key on the cipher. Some JCE's are
// configured to disallow 256-bit AES if an extra policy
// file has not been installed.
try {
SecretKeySpec spec = new SecretKeySpec(new byte [32], "AES");
IvParameterSpec params = new IvParameterSpec(iv);
cipher.init(Cipher.ENCRYPT_MODE, spec, params);
} catch (InvalidKeyException e) {
throw new NoSuchAlgorithmException("AES/CTR/NoPadding does not support 256-bit keys", e);
} catch (InvalidAlgorithmParameterException e) {
throw new NoSuchAlgorithmException("AES/CTR/NoPadding does not support 256-bit keys", e);
}
}
@Override
public void destroy() {
// There doesn't seem to be a standard API to clean out a Cipher.
// So we instead set the key and IV to all-zeroes to hopefully
// destroy the sensitive data in the cipher instance.
ghash.destroy();
Noise.destroy(hashKey);
Noise.destroy(iv);
keySpec = new SecretKeySpec(new byte [32], "AES");
IvParameterSpec params = new IvParameterSpec(iv);
try {
cipher.init(Cipher.ENCRYPT_MODE, keySpec, params);
} catch (InvalidKeyException e) {
// Shouldn't happen.
} catch (InvalidAlgorithmParameterException e) {
// Shouldn't happen.
}
}
@Override
public String getCipherName() {
return "AESGCM";
}
@Override
public int getKeyLength() {
return 32;
}
@Override
public int getMACLength() {
return keySpec != null ? 16 : 0;
}
@Override
public void initializeKey(byte[] key, int offset) {
// Set the encryption key.
keySpec = new SecretKeySpec(key, offset, 32, "AES");
// Generate the hashing key by encrypting a block of zeroes.
Arrays.fill(iv, (byte)0);
Arrays.fill(hashKey, (byte)0);
try {
cipher.init(Cipher.ENCRYPT_MODE, keySpec, new IvParameterSpec(iv));
} catch (InvalidKeyException e) {
// Shouldn't happen.
throw new IllegalStateException(e);
} catch (InvalidAlgorithmParameterException e) {
// Shouldn't happen.
throw new IllegalStateException(e);
}
try {
int result = cipher.update(hashKey, 0, 16, hashKey, 0);
cipher.doFinal(hashKey, result);
} catch (ShortBufferException e) {
// Shouldn't happen.
throw new IllegalStateException(e);
} catch (IllegalBlockSizeException e) {
// Shouldn't happen.
throw new IllegalStateException(e);
} catch (BadPaddingException e) {
// Shouldn't happen.
throw new IllegalStateException(e);
}
ghash.reset(hashKey, 0);
// Reset the nonce.
n = 0;
}
@Override
public boolean hasKey() {
return keySpec != null;
}
/**
* Set up to encrypt or decrypt the next packet.
*
* @param ad The associated data for the packet.
*/
private void setup(byte[] ad) throws InvalidKeyException, InvalidAlgorithmParameterException
{
// Check for nonce wrap-around.
if (n == -1L)
throw new IllegalStateException("Nonce has wrapped around");
// Format the counter/IV block for AES/CTR/NoPadding.
iv[0] = 0;
iv[1] = 0;
iv[2] = 0;
iv[3] = 0;
iv[4] = (byte)(n >> 56);
iv[5] = (byte)(n >> 48);
iv[6] = (byte)(n >> 40);
iv[7] = (byte)(n >> 32);
iv[8] = (byte)(n >> 24);
iv[9] = (byte)(n >> 16);
iv[10] = (byte)(n >> 8);
iv[11] = (byte)n;
iv[12] = 0;
iv[13] = 0;
iv[14] = 0;
iv[15] = 1;
// Initialize the CTR mode cipher with the key and IV.
cipher.init(Cipher.ENCRYPT_MODE, keySpec, new IvParameterSpec(iv));
// Encrypt a block of zeroes to generate the hash key to XOR
// the GHASH tag with at the end of the encrypt/decrypt operation.
Arrays.fill(hashKey, (byte)0);
try {
cipher.update(hashKey, 0, 16, hashKey, 0);
} catch (ShortBufferException e) {
// Shouldn't happen.
throw new IllegalStateException(e);
}
// Initialize the GHASH with the associated data value.
ghash.reset();
if (ad != null) {
ghash.update(ad, 0, ad.length);
ghash.pad();
}
}
@Override
public int encryptWithAd(byte[] ad, byte[] plaintext, int plaintextOffset,
byte[] ciphertext, int ciphertextOffset, int length)
throws ShortBufferException {
int space;
if (ciphertextOffset < 0 || ciphertextOffset > ciphertext.length)
throw new IllegalArgumentException();
if (length < 0 || plaintextOffset < 0 || plaintextOffset > plaintext.length || length > plaintext.length || (plaintext.length - plaintextOffset) < length)
throw new IllegalArgumentException();
space = ciphertext.length - ciphertextOffset;
if (keySpec == null) {
// The key is not set yet - return the plaintext as-is.
if (length > space)
throw new ShortBufferException();
if (plaintext != ciphertext || plaintextOffset != ciphertextOffset)
System.arraycopy(plaintext, plaintextOffset, ciphertext, ciphertextOffset, length);
return length;
}
if (space < 16 || length > (space - 16))
throw new ShortBufferException();
try {
setup(ad);
int result = cipher.update(plaintext, plaintextOffset, length, ciphertext, ciphertextOffset);
cipher.doFinal(ciphertext, ciphertextOffset + result);
} catch (InvalidKeyException e) {
// Shouldn't happen.
throw new IllegalStateException(e);
} catch (InvalidAlgorithmParameterException e) {
// Shouldn't happen.
throw new IllegalStateException(e);
} catch (IllegalBlockSizeException e) {
// Shouldn't happen.
throw new IllegalStateException(e);
} catch (BadPaddingException e) {
// Shouldn't happen.
throw new IllegalStateException(e);
}
ghash.update(ciphertext, ciphertextOffset, length);
ghash.pad(ad != null ? ad.length : 0, length);
ghash.finish(ciphertext, ciphertextOffset + length, 16);
for (int index = 0; index < 16; ++index)
ciphertext[ciphertextOffset + length + index] ^= hashKey[index];
n += 1;
return length + 16;
}
@Override
public int decryptWithAd(byte[] ad, byte[] ciphertext,
int ciphertextOffset, byte[] plaintext, int plaintextOffset,
int length) throws ShortBufferException, BadPaddingException {
int space;
if (ciphertextOffset < 0 || ciphertextOffset > ciphertext.length)
throw new IllegalArgumentException();
else
space = ciphertext.length - ciphertextOffset;
if (length > space)
throw new ShortBufferException();
if (length < 0 || plaintextOffset < 0 || plaintextOffset > plaintext.length || length > ciphertext.length || (ciphertext.length - ciphertextOffset) < length)
throw new IllegalArgumentException();
space = plaintext.length - plaintextOffset;
if (keySpec == null) {
// The key is not set yet - return the ciphertext as-is.
if (length > space)
throw new ShortBufferException();
if (plaintext != ciphertext || plaintextOffset != ciphertextOffset)
System.arraycopy(ciphertext, ciphertextOffset, plaintext, plaintextOffset, length);
return length;
}
if (length < 16)
Noise.throwBadTagException();
int dataLen = length - 16;
if (dataLen > space)
throw new ShortBufferException();
try {
setup(ad);
} catch (InvalidKeyException e) {
// Shouldn't happen.
throw new IllegalStateException(e);
} catch (InvalidAlgorithmParameterException e) {
// Shouldn't happen.
throw new IllegalStateException(e);
}
ghash.update(ciphertext, ciphertextOffset, dataLen);
ghash.pad(ad != null ? ad.length : 0, dataLen);
ghash.finish(iv, 0, 16);
int temp = 0;
for (int index = 0; index < 16; ++index)
temp |= (hashKey[index] ^ iv[index] ^ ciphertext[ciphertextOffset + dataLen + index]);
if ((temp & 0xFF) != 0)
Noise.throwBadTagException();
try {
int result = cipher.update(ciphertext, ciphertextOffset, dataLen, plaintext, plaintextOffset);
cipher.doFinal(plaintext, plaintextOffset + result);
} catch (IllegalBlockSizeException e) {
// Shouldn't happen.
throw new IllegalStateException(e);
} catch (BadPaddingException e) {
// Shouldn't happen.
throw new IllegalStateException(e);
}
n += 1;
return dataLen;
}
@Override
public CipherState fork(byte[] key, int offset) {
CipherState cipher;
try {
cipher = new AESGCMOnCtrCipherState();
} catch (NoSuchAlgorithmException e) {
// Shouldn't happen.
return null;
}
cipher.initializeKey(key, offset);
return cipher;
}
@Override
public void setNonce(long nonce) {
n = nonce;
}
}

292
src/main/java/com/southernstorm/noise/protocol/ChaChaPolyCipherState.java
View File

@ -1,292 +0,0 @@
/*
* Copyright (C) 2016 Southern Storm Software, Pty Ltd.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
package com.southernstorm.noise.protocol;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.ShortBufferException;
import com.southernstorm.noise.crypto.ChaChaCore;
import com.southernstorm.noise.crypto.Poly1305;
/**
* Implements the ChaChaPoly cipher for Noise.
*/
class ChaChaPolyCipherState implements CipherState {
private Poly1305 poly;
private int[] input;
private int[] output;
private byte[] polyKey;
long n;
private boolean haskey;
/**
* Constructs a new cipher state for the "ChaChaPoly" algorithm.
*/
public ChaChaPolyCipherState()
{
poly = new Poly1305();
input = new int [16];
output = new int [16];
polyKey = new byte [32];
n = 0;
haskey = false;
}
@Override
public void destroy() {
poly.destroy();
Arrays.fill(input, 0);
Arrays.fill(output, 0);
Noise.destroy(polyKey);
}
@Override
public String getCipherName() {
return "ChaChaPoly";
}
@Override
public int getKeyLength() {
return 32;
}
@Override
public int getMACLength() {
return haskey ? 16 : 0;
}
@Override
public void initializeKey(byte[] key, int offset) {
ChaChaCore.initKey256(input, key, offset);
n = 0;
haskey = true;
}
@Override
public boolean hasKey() {
return haskey;
}
/**
* XOR's the output of ChaCha20 with a byte buffer.
*
* @param input The input byte buffer.
* @param inputOffset The offset of the first input byte.
* @param output The output byte buffer (can be the same as the input).
* @param outputOffset The offset of the first output byte.
* @param length The number of bytes to XOR between 1 and 64.
* @param block The ChaCha20 output block.
*/
private static void xorBlock(byte[] input, int inputOffset, byte[] output, int outputOffset, int length, int[] block)
{
int posn = 0;
int value;
while (length >= 4) {
value = block[posn++];
output[outputOffset] = (byte)(input[inputOffset] ^ value);
output[outputOffset + 1] = (byte)(input[inputOffset + 1] ^ (value >> 8));
output[outputOffset + 2] = (byte)(input[inputOffset + 2] ^ (value >> 16));
output[outputOffset + 3] = (byte)(input[inputOffset + 3] ^ (value >> 24));
inputOffset += 4;
outputOffset += 4;
length -= 4;
}
if (length == 3) {
value = block[posn];
output[outputOffset] = (byte)(input[inputOffset] ^ value);
output[outputOffset + 1] = (byte)(input[inputOffset + 1] ^ (value >> 8));
output[outputOffset + 2] = (byte)(input[inputOffset + 2] ^ (value >> 16));
} else if (length == 2) {
value = block[posn];
output[outputOffset] = (byte)(input[inputOffset] ^ value);
output[outputOffset + 1] = (byte)(input[inputOffset + 1] ^ (value >> 8));
} else if (length == 1) {
value = block[posn];
output[outputOffset] = (byte)(input[inputOffset] ^ value);
}
}
/**
* Set up to encrypt or decrypt the next packet.
*
* @param ad The associated data for the packet.
*/
private void setup(byte[] ad)
{
if (n == -1L)
throw new IllegalStateException("Nonce has wrapped around");
ChaChaCore.initIV(input, n);
ChaChaCore.hash(output, input);
Arrays.fill(polyKey, (byte)0);
xorBlock(polyKey, 0, polyKey, 0, 32, output);
poly.reset(polyKey, 0);
if (ad != null) {
poly.update(ad, 0, ad.length);
poly.pad();
}
if (++(input[12]) == 0)
++(input[13]);
}
/**
* Puts a 64-bit integer into a buffer in little-endian order.
*
* @param output The output buffer.
* @param offset The offset into the output buffer.
* @param value The 64-bit integer value.
*/
private static void putLittleEndian64(byte[] output, int offset, long value)
{
output[offset] = (byte)value;
output[offset + 1] = (byte)(value >> 8);
output[offset + 2] = (byte)(value >> 16);
output[offset + 3] = (byte)(value >> 24);
output[offset + 4] = (byte)(value >> 32);
output[offset + 5] = (byte)(value >> 40);
output[offset + 6] = (byte)(value >> 48);
output[offset + 7] = (byte)(value >> 56);
}
/**
* Finishes up the authentication tag for a packet.
*
* @param ad The associated data.
* @param length The length of the plaintext data.
*/
private void finish(byte[] ad, int length)
{
poly.pad();
putLittleEndian64(polyKey, 0, ad != null ? ad.length : 0);
putLittleEndian64(polyKey, 8, length);
poly.update(polyKey, 0, 16);
poly.finish(polyKey, 0);
}
/**
* Encrypts or decrypts a buffer of bytes for the active packet.
*
* @param plaintext The plaintext data to be encrypted.
* @param plaintextOffset The offset to the first plaintext byte.
* @param ciphertext The ciphertext data that results from encryption.
* @param ciphertextOffset The offset to the first ciphertext byte.
* @param length The number of bytes to encrypt.
*/
private void encrypt(byte[] plaintext, int plaintextOffset,
byte[] ciphertext, int ciphertextOffset, int length) {
while (length > 0) {
int tempLen = 64;
if (tempLen > length)
tempLen = length;
ChaChaCore.hash(output, input);
xorBlock(plaintext, plaintextOffset, ciphertext, ciphertextOffset, tempLen, output);
if (++(input[12]) == 0)
++(input[13]);
plaintextOffset += tempLen;
ciphertextOffset += tempLen;
length -= tempLen;
}
}
@Override
public int encryptWithAd(byte[] ad, byte[] plaintext, int plaintextOffset,
byte[] ciphertext, int ciphertextOffset, int length) throws ShortBufferException {
int space;
if (ciphertextOffset < 0 || ciphertextOffset > ciphertext.length)
throw new IllegalArgumentException();
if (length < 0 || plaintextOffset < 0 || plaintextOffset > plaintext.length || length > plaintext.length || (plaintext.length - plaintextOffset) < length)
throw new IllegalArgumentException();
space = ciphertext.length - ciphertextOffset;
if (!haskey) {
// The key is not set yet - return the plaintext as-is.
if (length > space)
throw new ShortBufferException();
if (plaintext != ciphertext || plaintextOffset != ciphertextOffset)
System.arraycopy(plaintext, plaintextOffset, ciphertext, ciphertextOffset, length);
return length;
}
if (space < 16 || length > (space - 16))
throw new ShortBufferException();
setup(ad);
encrypt(plaintext, plaintextOffset, ciphertext, ciphertextOffset, length);
poly.update(ciphertext, ciphertextOffset, length);
finish(ad, length);
System.arraycopy(polyKey, 0, ciphertext, ciphertextOffset + length, 16);
n += 1;
return length + 16;
}
@Override
public int decryptWithAd(byte[] ad, byte[] ciphertext,
int ciphertextOffset, byte[] plaintext, int plaintextOffset,
int length) throws ShortBufferException, BadPaddingException {
int space;
if (ciphertextOffset < 0 || ciphertextOffset > ciphertext.length)
throw new IllegalArgumentException();
else
space = ciphertext.length - ciphertextOffset;
if (length > space)
throw new ShortBufferException();
if (length < 0 || plaintextOffset < 0 || plaintextOffset > plaintext.length || length > ciphertext.length || (ciphertext.length - ciphertextOffset) < length)
throw new IllegalArgumentException();
space = plaintext.length - plaintextOffset;
if (!haskey) {
// The key is not set yet - return the ciphertext as-is.
if (length > space)
throw new ShortBufferException();
if (plaintext != ciphertext || plaintextOffset != ciphertextOffset)
System.arraycopy(ciphertext, ciphertextOffset, plaintext, plaintextOffset, length);
return length;
}
if (length < 16)
Noise.throwBadTagException();
int dataLen = length - 16;
if (dataLen > space)
throw new ShortBufferException();
setup(ad);
poly.update(ciphertext, ciphertextOffset, dataLen);
finish(ad, dataLen);
int temp = 0;
for (int index = 0; index < 16; ++index)
temp |= (polyKey[index] ^ ciphertext[ciphertextOffset + dataLen + index]);
if ((temp & 0xFF) != 0)
Noise.throwBadTagException();
encrypt(ciphertext, ciphertextOffset, plaintext, plaintextOffset, dataLen);
n += 1;
return dataLen;
}
@Override
public CipherState fork(byte[] key, int offset) {
CipherState cipher = new ChaChaPolyCipherState();
cipher.initializeKey(key, offset);
return cipher;
}
@Override
public void setNonce(long nonce) {
n = nonce;
}
}

162
src/main/java/com/southernstorm/noise/protocol/CipherState.java
View File

@ -1,162 +0,0 @@
/*
* Copyright (C) 2016 Southern Storm Software, Pty Ltd.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
package com.southernstorm.noise.protocol;
import javax.crypto.BadPaddingException;
import javax.crypto.ShortBufferException;
/**
* Interface to an authenticated cipher for use in the Noise protocol.
*
* CipherState objects are used to encrypt or decrypt data during a
* session. Once the handshake has completed, HandshakeState.split()
* will create two CipherState objects for encrypting packets sent to
* the other party, and decrypting packets received from the other party.
*/
public interface CipherState extends Destroyable {
/**
* Gets the Noise protocol name for this cipher.
*
* @return The cipher name.
*/
String getCipherName();
/**
* Gets the length of the key values for this cipher.
*
* @return The length of the key in bytes; usually 32.
*/
int getKeyLength();
/**
* Gets the length of the MAC values for this cipher.
*
* @return The length of MAC values in bytes, or zero if the
* key has not yet been initialized.
*/
int getMACLength();
/**
* Initializes the key on this cipher object.
*
* @param key Points to a buffer that contains the key.
* @param offset The offset of the key in the key buffer.
*
* The key buffer must contain at least getKeyLength() bytes
* starting at offset.
*
* @see #hasKey()
*/
void initializeKey(byte[] key, int offset);
/**
* Determine if this cipher object has been configured with a key.
*
* @return true if this cipher object has a key; false if the
* key has not yet been set with initializeKey().
*
* @see #initializeKey(byte[], int)
*/
boolean hasKey();
/**
* Encrypts a plaintext buffer using the cipher and a block of associated data.
*
* @param ad The associated data, or null if there is none.
* @param plaintext The buffer containing the plaintext to encrypt.
* @param plaintextOffset The offset within the plaintext buffer of the
* first byte or plaintext data.
* @param ciphertext The buffer to place the ciphertext in. This can
* be the same as the plaintext buffer.
* @param ciphertextOffset The first offset within the ciphertext buffer
* to place the ciphertext and the MAC tag.
* @param length The length of the plaintext.
* @return The length of the ciphertext plus the MAC tag, or -1 if the
* ciphertext buffer is not large enough to hold the result.
*
* @throws ShortBufferException The ciphertext buffer does not have
* enough space to hold the ciphertext plus MAC.
*
* @throws IllegalStateException The nonce has wrapped around.
*
* @throws IllegalArgumentException One of the parameters is out of range.
*
* The plaintext and ciphertext buffers can be the same for in-place
* encryption. In that case, plaintextOffset must be identical to
* ciphertextOffset.
*
* There must be enough space in the ciphertext buffer to accomodate
* length + getMACLength() bytes of data starting at ciphertextOffset.
*/
int encryptWithAd(byte[] ad, byte[] plaintext, int plaintextOffset, byte[] ciphertext, int ciphertextOffset, int length) throws ShortBufferException;
/**
* Decrypts a ciphertext buffer using the cipher and a block of associated data.
*
* @param ad The associated data, or null if there is none.
* @param ciphertext The buffer containing the ciphertext to decrypt.
* @param ciphertextOffset The offset within the ciphertext buffer of
* the first byte of ciphertext data.
* @param plaintext The buffer to place the plaintext in. This can be
* the same as the ciphertext buffer.
* @param plaintextOffset The first offset within the plaintext buffer
* to place the plaintext.
* @param length The length of the incoming ciphertext plus the MAC tag.
* @return The length of the plaintext with the MAC tag stripped off.
*
* @throws ShortBufferException The plaintext buffer does not have
* enough space to store the decrypted data.
*
* @throws BadPaddingException The MAC value failed to verify.
*
* @throws IllegalStateException The nonce has wrapped around.
*
* @throws IllegalArgumentException One of the parameters is out of range.
*
* The plaintext and ciphertext buffers can be the same for in-place
* decryption. In that case, ciphertextOffset must be identical to
* plaintextOffset.
*/
int decryptWithAd(byte[] ad, byte[] ciphertext, int ciphertextOffset, byte[] plaintext, int plaintextOffset, int length) throws ShortBufferException, BadPaddingException;
/**
* Creates a new instance of this cipher and initializes it with a key.
*
* @param key The buffer containing the key.
* @param offset The offset into the key buffer of the first key byte.
* @return A new CipherState of the same class as this one.
*/
CipherState fork(byte[] key, int offset);
/**
* Sets the nonce value.
*
* @param nonce The new nonce value, which must be greater than or equal
* to the current value.
*
* This function is intended for testing purposes only. If the nonce
* value goes backwards then security may be compromised.
*/
void setNonce(long nonce);
}

106
src/main/java/com/southernstorm/noise/protocol/CipherStatePair.java
View File

@ -1,106 +0,0 @@
/*
* Copyright (C) 2016 Southern Storm Software, Pty Ltd.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
package com.southernstorm.noise.protocol;
/**
* Class that contains a pair of CipherState objects.
*
* CipherState pairs typically arise when HandshakeState.split() is called.
*/
public final class CipherStatePair implements Destroyable {
private CipherState send;
private CipherState recv;
/**
* Constructs a pair of CipherState objects.
*
* @param sender The CipherState to use to send packets to the remote party.
* @param receiver The CipherState to use to receive packets from the remote party.
*/
public CipherStatePair(CipherState sender, CipherState receiver)
{
send = sender;
recv = receiver;
}
/**
* Gets the CipherState to use to send packets to the remote party.
*
* @return The sending CipherState.
*/
public CipherState getSender() {
return send;
}
/**
* Gets the CipherState to use to receive packets from the remote party.
*
* @return The receiving CipherState.
*/
public CipherState getReceiver() {
return recv;
}
/**
* Destroys the receiving CipherState and retains only the sending CipherState.
*
* This function is intended for use with one-way handshake patterns.
*/
public void senderOnly()
{
if (recv != null) {
recv.destroy();
recv = null;
}
}
/**
* Destroys the sending CipherState and retains only the receiving CipherState.
*
* This function is intended for use with one-way handshake patterns.
*/
public void receiverOnly()
{
if (send != null) {
send.destroy();
send = null;
}
}
/**
* Swaps the sender and receiver.
*/
public void swap()
{
CipherState temp = send;
send = recv;
recv = temp;
}
@Override
public void destroy() {
senderOnly();
receiverOnly();
}
}

156
src/main/java/com/southernstorm/noise/protocol/Curve25519DHState.java
View File

@ -1,156 +0,0 @@
/*
* Copyright (C) 2016 Southern Storm Software, Pty Ltd.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
package com.southernstorm.noise.protocol;
import java.util.Arrays;
import com.southernstorm.noise.crypto.Curve25519;
/**
* Implementation of the Curve25519 algorithm for the Noise protocol.
*/
class Curve25519DHState implements DHState {
private byte[] publicKey;
private byte[] privateKey;
private int mode;
/**
* Constructs a new Diffie-Hellman object for Curve25519.
*/
public Curve25519DHState()
{
publicKey = new byte [32];
privateKey = new byte [32];
mode = 0;
}
@Override
public void destroy() {
clearKey();
}
@Override
public String getDHName() {
return "25519";
}
@Override
public int getPublicKeyLength() {
return 32;
}
@Override
public int getPrivateKeyLength() {
return 32;
}
@Override
public int getSharedKeyLength() {
return 32;
}
@Override
public void generateKeyPair() {
Noise.random(privateKey);
Curve25519.eval(publicKey, 0, privateKey, null);
mode = 0x03;
}
@Override
public void getPublicKey(byte[] key, int offset) {
System.arraycopy(publicKey, 0, key, offset, 32);
}
@Override
public void setPublicKey(byte[] key, int offset) {
System.arraycopy(key, offset, publicKey, 0, 32);
Arrays.fill(privateKey, (byte)0);
mode = 0x01;
}
@Override
public void getPrivateKey(byte[] key, int offset) {
System.arraycopy(privateKey, 0, key, offset, 32);
}
@Override
public void setPrivateKey(byte[] key, int offset) {
System.arraycopy(key, offset, privateKey, 0, 32);
Curve25519.eval(publicKey, 0, privateKey, null);
mode = 0x03;
}
@Override
public void setToNullPublicKey() {
Arrays.fill(publicKey, (byte)0);
Arrays.fill(privateKey, (byte)0);
mode = 0x01;
}
@Override
public void clearKey() {
Noise.destroy(publicKey);
Noise.destroy(privateKey);
mode = 0;
}
@Override
public boolean hasPublicKey() {
return (mode & 0x01) != 0;
}
@Override
public boolean hasPrivateKey() {
return (mode & 0x02) != 0;
}
@Override
public boolean isNullPublicKey() {
if ((mode & 0x01) == 0)
return false;
int temp = 0;
for (int index = 0; index < 32; ++index)
temp |= publicKey[index];
return temp == 0;
}
@Override
public void calculate(byte[] sharedKey, int offset, DHState publicDH) {
if (!(publicDH instanceof Curve25519DHState))
throw new IllegalArgumentException("Incompatible DH algorithms");
Curve25519.eval(sharedKey, offset, privateKey, ((Curve25519DHState)publicDH).publicKey);
}
@Override
public void copyFrom(DHState other) {
if (!(other instanceof Curve25519DHState))
throw new IllegalStateException("Mismatched DH key objects");
if (other == this)
return;
Curve25519DHState dh = (Curve25519DHState)other;
System.arraycopy(dh.privateKey, 0, privateKey, 0, 32);
System.arraycopy(dh.publicKey, 0, publicKey, 0, 32);
mode = dh.mode;
}
}

156
src/main/java/com/southernstorm/noise/protocol/Curve448DHState.java
View File

@ -1,156 +0,0 @@
/*
* Copyright (C) 2016 Southern Storm Software, Pty Ltd.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
package com.southernstorm.noise.protocol;
import java.util.Arrays;
import com.southernstorm.noise.crypto.Curve448;
/**
* Implementation of the Curve448 algorithm for the Noise protocol.
*/
class Curve448DHState implements DHState {
private byte[] publicKey;
private byte[] privateKey;
private int mode;
/**
* Constructs a new Diffie-Hellman object for Curve448.
*/
public Curve448DHState()
{
publicKey = new byte [56];
privateKey = new byte [56];
mode = 0;
}
@Override
public void destroy() {
clearKey();
}
@Override
public String getDHName() {
return "448";
}
@Override
public int getPublicKeyLength() {
return 56;
}
@Override
public int getPrivateKeyLength() {
return 56;
}
@Override
public int getSharedKeyLength() {
return 56;
}
@Override
public void generateKeyPair() {
Noise.random(privateKey);
Curve448.eval(publicKey, 0, privateKey, null);
mode = 0x03;
}
@Override
public void getPublicKey(byte[] key, int offset) {
System.arraycopy(publicKey, 0, key, offset, 56);
}
@Override
public void setPublicKey(byte[] key, int offset) {
System.arraycopy(key, offset, publicKey, 0, 56);
Arrays.fill(privateKey, (byte)0);
mode = 0x01;
}
@Override
public void getPrivateKey(byte[] key, int offset) {
System.arraycopy(privateKey, 0, key, offset, 56);
}
@Override
public void setPrivateKey(byte[] key, int offset) {
System.arraycopy(key, offset, privateKey, 0, 56);
Curve448.eval(publicKey, 0, privateKey, null);
mode = 0x03;
}
@Override
public void setToNullPublicKey() {
Arrays.fill(publicKey, (byte)0);
Arrays.fill(privateKey, (byte)0);
mode = 0x01;
}
@Override
public void clearKey() {
Noise.destroy(publicKey);
Noise.destroy(privateKey);
mode = 0;
}
@Override
public boolean hasPublicKey() {
return (mode & 0x01) != 0;
}
@Override
public boolean hasPrivateKey() {
return (mode & 0x02) != 0;
}
@Override
public boolean isNullPublicKey() {
if ((mode & 0x01) == 0)
return false;
int temp = 0;
for (int index = 0; index < 56; ++index)
temp |= publicKey[index];
return temp == 0;
}
@Override
public void calculate(byte[] sharedKey, int offset, DHState publicDH) {
if (!(publicDH instanceof Curve448DHState))
throw new IllegalArgumentException("Incompatible DH algorithms");
Curve448.eval(sharedKey, offset, privateKey, ((Curve448DHState)publicDH).publicKey);
}
@Override
public void copyFrom(DHState other) {
if (!(other instanceof Curve448DHState))
throw new IllegalStateException("Mismatched DH key objects");
if (other == this)
return;
Curve448DHState dh = (Curve448DHState)other;
System.arraycopy(dh.privateKey, 0, privateKey, 0, 56);
System.arraycopy(dh.publicKey, 0, publicKey, 0, 56);
mode = dh.mode;
}
}

156
src/main/java/com/southernstorm/noise/protocol/DHState.java
View File

@ -1,156 +0,0 @@
/*
* Copyright (C) 2016 Southern Storm Software, Pty Ltd.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
package com.southernstorm.noise.protocol;
/**
* Interface to a Diffie-Hellman algorithm for the Noise protocol.
*/
public interface DHState extends Destroyable {
/**
* Gets the Noise protocol name for this Diffie-Hellman algorithm.
*
* @return The algorithm name.
*/
String getDHName();
/**
* Gets the length of public keys for this algorithm.
*
* @return The length of public keys in bytes.
*/
int getPublicKeyLength();
/**
* Gets the length of private keys for this algorithm.
*
* @return The length of private keys in bytes.
*/
int getPrivateKeyLength();
/**
* Gets the length of shared keys for this algorithm.
*
* @return The length of shared keys in bytes.
*/
int getSharedKeyLength();
/**
* Generates a new random keypair.
*/
void generateKeyPair();
/**
* Gets the public key associated with this object.
*
* @param key The buffer to copy the public key to.
* @param offset The first offset in the key buffer to copy to.
*/
void getPublicKey(byte[] key, int offset);
/**
* Sets the public key for this object.
*
* @param key The buffer containing the public key.
* @param offset The first offset in the buffer that contains the key.
*
* If this object previously held a key pair, then this function
* will change it into a public key only object.
*/
void setPublicKey(byte[] key, int offset);
/**
* Gets the private key associated with this object.
*
* @param key The buffer to copy the private key to.
* @param offset The first offset in the key buffer to copy to.
*/
void getPrivateKey(byte[] key, int offset);
/**
* Sets the private key for this object.
*
* @param key The buffer containing the [rivate key.
* @param offset The first offset in the buffer that contains the key.
*
* If this object previously held only a public key, then
* this function will change it into a key pair.
*/
void setPrivateKey(byte[] key, int offset);
/**
* Sets this object to the null public key and clears the private key.
*/
void setToNullPublicKey();
/**
* Clears the key pair.
*/
void clearKey();
/**
* Determine if this object contains a public key.
*
* @return Returns true if this object contains a public key,
* or false if the public key has not yet been set.
*/
boolean hasPublicKey();
/**
* Determine if this object contains a private key.
*
* @return Returns true if this object contains a private key,
* or false if the private key has not yet been set.
*/
boolean hasPrivateKey();
/**
* Determine if the public key in this object is the special null value.
*
* @return Returns true if the public key is the special null value,
* or false otherwise.
*/
boolean isNullPublicKey();
/**
* Performs a Diffie-Hellman calculation with this object as the private key.
*
* @param sharedKey Buffer to put the shared key into.
* @param offset Offset of the first byte for the shared key.
* @param publicDH Object that contains the public key for the calculation.
*
* @throws IllegalArgumentException The publicDH object is not the same
* type as this object, or one of the objects does not contain a valid key.
*/
void calculate(byte[] sharedKey, int offset, DHState publicDH);
/**
* Copies the key values from another DH object of the same type.
*
* @param other The other DH object to copy from
*
* @throws IllegalStateException The other DH object does not have
* the same type as this object.
*/
void copyFrom(DHState other);
}

60
src/main/java/com/southernstorm/noise/protocol/DHStateHybrid.java
View File

@ -1,60 +0,0 @@
/*
* Copyright (C) 2016 Southern Storm Software, Pty Ltd.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
package com.southernstorm.noise.protocol;
/**
* Additional API for DH objects that need special handling for
* hybrid operations.
*/
public interface DHStateHybrid extends DHState {
/**
* Generates a new random keypair relative to the parameters
* in another object.
*
* @param remote The remote party in this communication to obtain parameters.
*
* @throws IllegalStateException The other or remote DH object does not have
* the same type as this object.
*/
void generateKeyPair(DHState remote);
/**
* Copies the key values from another DH object of the same type.
*
* @param other The other DH object to copy from
* @param remote The remote party in this communication to obtain parameters.
*
* @throws IllegalStateException The other or remote DH object does not have
* the same type as this object.
*/
void copyFrom(DHState other, DHState remote);
/**
* Specifies the local peer object prior to setting a public key
* on a remote object.
*
* @param local The local peer object.
*/
void specifyPeer(DHState local);
}

43
src/main/java/com/southernstorm/noise/protocol/Destroyable.java
View File

@ -1,43 +0,0 @@
/*
* Copyright (C) 2016 Southern Storm Software, Pty Ltd.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
package com.southernstorm.noise.protocol;
/**
* Interface for objects that implement destroying.
*
* Applications that use the Noise protocol can inadvertently leave
* sensitive data in the heap if steps are not taken to clean up.
*
* This interface can be implemented by objects that know how to
* securely clean up after themselves.
*
* The Noise.destroy() function can help with destroying byte arrays
* that hold sensitive values.
*/
public interface Destroyable {
/**
* Destroys all sensitive state in the current object.
*/
void destroy();
}

1260
src/main/java/com/southernstorm/noise/protocol/HandshakeState.java
View File

File diff suppressed because it is too large Load Diff

340
src/main/java/com/southernstorm/noise/protocol/NewHopeDHState.java
View File

@ -1,340 +0,0 @@
/*
* Copyright (C) 2016 Southern Storm Software, Pty Ltd.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
package com.southernstorm.noise.protocol;
import java.util.Arrays;
import com.southernstorm.noise.crypto.NewHope;
import com.southernstorm.noise.crypto.NewHopeTor;
/**
* Implementation of the New Hope post-quantum algorithm for the Noise protocol.
*/
final class NewHopeDHState implements DHStateHybrid {
enum KeyType
{
None,
AlicePrivate,
AlicePublic,
BobPrivate,
BobPublic,
BobCalculated;
}
private NewHopeTor nh;
private byte[] publicKey;
private byte[] privateKey;
private KeyType keyType;
/**
* Special version of NewHopeTor that allows explicit random data
* to be specified for test vectors.
*/
private class NewHopeWithPrivateKey extends NewHopeTor {
byte[] randomData;
public NewHopeWithPrivateKey(byte[] randomData)
{
this.randomData = randomData;
}
@Override
protected void randombytes(byte[] buffer)
{
System.arraycopy(randomData, 0, buffer, 0, buffer.length);
}
}
/**
* Constructs a new key exchange object for New Hope.
*/
public NewHopeDHState() {
nh = null;
publicKey = null;
privateKey = null;
keyType = KeyType.None;
}
private boolean isAlice() {
return keyType == KeyType.AlicePrivate || keyType == KeyType.AlicePublic;
}
@Override
public void destroy() {
clearKey();
}
@Override
public String getDHName() {
return "NewHope";
}
@Override
public int getPublicKeyLength() {
if (isAlice())
return NewHope.SENDABYTES;
else
return NewHope.SENDBBYTES;
}
@Override
public int getPrivateKeyLength() {
// New Hope doesn't have private keys in the same sense as
// Curve25519 and Curve448. Instead return the number of
// random bytes that we need to generate each key type.
if (isAlice())
return 64;
else
return 32;
}
@Override
public int getSharedKeyLength() {
return NewHope.SHAREDBYTES;
}
@Override
public void generateKeyPair() {
clearKey();
keyType = KeyType.AlicePrivate;
nh = new NewHopeTor();
publicKey = new byte [NewHope.SENDABYTES];
nh.keygen(publicKey, 0);
}
@Override
public void generateKeyPair(DHState remote) {
if (remote == null) {
// No remote public key, so always generate in Alice mode.
generateKeyPair();
return;
} else if (!(remote instanceof NewHopeDHState)) {
throw new IllegalStateException("Mismatched DH objects");
}
NewHopeDHState r = (NewHopeDHState)remote;
if (r.isAlice() && r.publicKey != null) {
// We have a remote public key for Alice, so generate in Bob mode.
clearKey();
keyType = KeyType.BobCalculated;
nh = new NewHopeTor();
publicKey = new byte [NewHope.SENDBBYTES];
privateKey = new byte [NewHope.SHAREDBYTES];
nh.sharedb(privateKey, 0, publicKey, 0, r.publicKey, 0);
} else {
generateKeyPair();
}
}
@Override
public void getPublicKey(byte[] key, int offset) {
if (publicKey != null)
System.arraycopy(publicKey, 0, key, offset, getPublicKeyLength());
else
Arrays.fill(key, 0, getPublicKeyLength(), (byte)0);
}
@Override
public void setPublicKey(byte[] key, int offset) {
if (publicKey != null)
Noise.destroy(publicKey);
publicKey = new byte [getPublicKeyLength()];
System.arraycopy(key, 0, publicKey, 0, publicKey.length);
}
@Override
public void getPrivateKey(byte[] key, int offset) {
if (privateKey != null)
System.arraycopy(privateKey, 0, key, offset, getPrivateKeyLength());
else
Arrays.fill(key, 0, getPrivateKeyLength(), (byte)0);
}
@Override
public void setPrivateKey(byte[] key, int offset) {
clearKey();
// Guess the key type from the length of the test data.
if (offset == 0 && key.length == 64)
keyType = KeyType.AlicePrivate;
else
keyType = KeyType.BobPrivate;
privateKey = new byte [getPrivateKeyLength()];
System.arraycopy(key, 0, privateKey, 0, privateKey.length);
}
@Override
public void setToNullPublicKey() {
// Null public keys are not supported by New Hope.
// Destroy the current values but otherwise ignore.
clearKey();
}
@Override
public void clearKey() {
if (nh != null) {
nh.destroy();
nh = null;
}
if (publicKey != null) {
Noise.destroy(publicKey);
publicKey = null;
}
if (privateKey != null) {
Noise.destroy(privateKey);
privateKey = null;
}
keyType = KeyType.None;
}
@Override
public boolean hasPublicKey() {
return publicKey != null;
}
@Override
public boolean hasPrivateKey() {
return privateKey != null;
}
@Override
public boolean isNullPublicKey() {
return false;
}
@Override
public void calculate(byte[] sharedKey, int offset, DHState publicDH) {
if (!(publicDH instanceof NewHopeDHState))
throw new IllegalArgumentException("Incompatible DH algorithms");
NewHopeDHState other = (NewHopeDHState)publicDH;
if (keyType == KeyType.AlicePrivate) {
// Compute the shared key for Alice.
nh.shareda(sharedKey, 0, other.publicKey, 0);
} else if (keyType == KeyType.BobCalculated) {
// The shared key for Bob was already computed when the key was generated.
System.arraycopy(privateKey, 0, sharedKey, 0, NewHope.SHAREDBYTES);
} else {
throw new IllegalStateException("Cannot calculate with this DH object");
}
}
@Override
public void copyFrom(DHState other) {
if (!(other instanceof NewHopeDHState))
throw new IllegalStateException("Mismatched DH key objects");
if (other == this)
return;
NewHopeDHState dh = (NewHopeDHState)other;
clearKey();
switch (dh.keyType) {
case None:
break;
case AlicePrivate:
if (dh.privateKey != null) {
keyType = KeyType.AlicePrivate;
privateKey = new byte [dh.privateKey.length];
System.arraycopy(dh.privateKey, 0, privateKey, 0, privateKey.length);
} else {
throw new IllegalStateException("Cannot copy generated key for Alice");
}
break;
case BobPrivate:
case BobCalculated:
throw new IllegalStateException("Cannot copy private key for Bob without public key for Alice");
case AlicePublic:
case BobPublic:
keyType = dh.keyType;
publicKey = new byte [dh.publicKey.length];
System.arraycopy(dh.publicKey, 0, publicKey, 0, publicKey.length);
break;
}
}
@Override
public void copyFrom(DHState other, DHState remote) {
if (remote == null) {
copyFrom(other);
return;
}
if (!(other instanceof NewHopeDHState) || !(remote instanceof NewHopeDHState))
throw new IllegalStateException("Mismatched DH key objects");
if (other == this)
return;
NewHopeDHState dh = (NewHopeDHState)other;
NewHopeDHState remotedh = (NewHopeDHState)remote;
clearKey();
switch (dh.keyType) {
case None:
break;
case AlicePrivate:
if (dh.privateKey != null) {
// Generate Alice's public and private key now.
keyType = KeyType.AlicePrivate;
nh = new NewHopeWithPrivateKey(dh.privateKey);
publicKey = new byte [NewHope.SENDABYTES];
nh.keygen(publicKey, 0);
} else {
throw new IllegalStateException("Cannot copy generated key for Alice");
}
break;
case BobPrivate:
if (dh.privateKey != null && remotedh.keyType == KeyType.AlicePublic) {
// Now we know the public key for Alice, we can calculate Bob's public and shared keys.
keyType = KeyType.BobCalculated;
nh = new NewHopeWithPrivateKey(dh.privateKey);
publicKey = new byte [NewHope.SENDBBYTES];
privateKey = new byte [NewHope.SHAREDBYTES];
nh.sharedb(privateKey, 0, publicKey, 0, remotedh.publicKey, 0);
} else {
throw new IllegalStateException("Cannot copy private key for Bob without public key for Alice");
}
break;
case BobCalculated:
throw new IllegalStateException("Cannot copy generated key for Bob");
case AlicePublic:
case BobPublic:
keyType = dh.keyType;
publicKey = new byte [dh.publicKey.length];
System.arraycopy(dh.publicKey, 0, publicKey, 0, publicKey.length);
break;
}
}
@Override
public void specifyPeer(DHState local) {
if (!(local instanceof NewHopeDHState))
return;
clearKey();
if (((NewHopeDHState)local).keyType == KeyType.AlicePrivate)
keyType = KeyType.BobPublic;
else
keyType = KeyType.AlicePublic;
}
}

237
src/main/java/com/southernstorm/noise/protocol/Noise.java
View File

@ -1,237 +0,0 @@
/*
* Copyright (C) 2016 Southern Storm Software, Pty Ltd.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
package com.southernstorm.noise.protocol;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import com.southernstorm.noise.crypto.Blake2bMessageDigest;
import com.southernstorm.noise.crypto.Blake2sMessageDigest;
import com.southernstorm.noise.crypto.SHA256MessageDigest;
import com.southernstorm.noise.crypto.SHA512MessageDigest;
/**
* Utility functions for the Noise protocol library.
*/
public final class Noise {
/**
* Maximum length for Noise packets.
*/
public static final int MAX_PACKET_LEN = 65535;
private static SecureRandom random = new SecureRandom();
/**
* Generates random data using the system random number generator.
*
* @param data The data buffer to fill with random data.
*/
public static void random(byte[] data)
{
random.nextBytes(data);
}
private static boolean forceFallbacks = false;
/**
* Force the use of plain Java fallback crypto implementations.
*
* @param force Set to true for force fallbacks, false to
* try to use the system implementation before falling back.
*
* This function is intended for testing purposes to toggle between
* the system JCA/JCE implementations and the plain Java fallback
* reference implementations.
*/
public static void setForceFallbacks(boolean force)
{
forceFallbacks = force;
}
/**
* Creates a Diffie-Hellman object from its Noise protocol name.
*
* @param name The name of the DH algorithm; e.g. "25519", "448", etc.
*
* @return The Diffie-Hellman object if the name is recognized.
*
* @throws NoSuchAlgorithmException The name is not recognized as a
* valid Noise protocol name, or there is no cryptography provider
* in the system that implements the algorithm.
*/
public static DHState createDH(String name) throws NoSuchAlgorithmException
{
if (name.equals("25519"))
return new Curve25519DHState();
if (name.equals("448"))
return new Curve448DHState();
if (name.equals("NewHope"))
return new NewHopeDHState();
throw new NoSuchAlgorithmException("Unknown Noise DH algorithm name: " + name);
}
/**
* Creates a cipher object from its Noise protocol name.
*
* @param name The name of the cipher algorithm; e.g. "AESGCM", "ChaChaPoly", etc.
*
* @return The cipher object if the name is recognized.
*
* @throws NoSuchAlgorithmException The name is not recognized as a
* valid Noise protocol name, or there is no cryptography provider
* in the system that implements the algorithm.
*/
public static CipherState createCipher(String name) throws NoSuchAlgorithmException
{
if (name.equals("AESGCM")) {
if (forceFallbacks)
return new AESGCMFallbackCipherState();
// "AES/GCM/NoPadding" exists in some recent JDK's but it is flaky
// to use and not easily back-portable to older Android versions.
// We instead emulate AESGCM on top of "AES/CTR/NoPadding".
try {
return new AESGCMOnCtrCipherState();
} catch (NoSuchAlgorithmException e1) {
// Could not find anything useful in the JCA/JCE so
// use the pure Java fallback implementation instead.
return new AESGCMFallbackCipherState();
}
} else if (name.equals("ChaChaPoly")) {
return new ChaChaPolyCipherState();
}
throw new NoSuchAlgorithmException("Unknown Noise cipher algorithm name: " + name);
}
/**
* Creates a hash object from its Noise protocol name.
*
* @param name The name of the hash algorithm; e.g. "SHA256", "BLAKE2s", etc.
*
* @return The hash object if the name is recognized.
*
* @throws NoSuchAlgorithmException The name is not recognized as a
* valid Noise protocol name, or there is no cryptography provider
* in the system that implements the algorithm.
*/
public static MessageDigest createHash(String name) throws NoSuchAlgorithmException
{
// Look for a JCA/JCE provider first and if that doesn't work,
// use the fallback implementations in this library instead.
// The only algorithm that is required to be implemented by a
// JDK is "SHA-256", although "SHA-512" is fairly common as well.
if (name.equals("SHA256")) {
if (forceFallbacks)
return new SHA256MessageDigest();
try {
return MessageDigest.getInstance("SHA-256");
} catch (NoSuchAlgorithmException e) {
return new SHA256MessageDigest();
}
} else if (name.equals("SHA512")) {
if (forceFallbacks)
return new SHA512MessageDigest();
try {
return MessageDigest.getInstance("SHA-512");
} catch (NoSuchAlgorithmException e) {
return new SHA512MessageDigest();
}
} else if (name.equals("BLAKE2b")) {
// Bouncy Castle registers the BLAKE2b variant we
// want under the name "BLAKE2B-512".
if (forceFallbacks)
return new Blake2bMessageDigest();
try {
return MessageDigest.getInstance("BLAKE2B-512");
} catch (NoSuchAlgorithmException e) {
return new Blake2bMessageDigest();
}
} else if (name.equals("BLAKE2s")) {
// Bouncy Castle doesn't currently (June 2016) have an
// implementation of BLAKE2s, but look for the most
// obvious provider name in case one is added in the future.
if (forceFallbacks)
return new Blake2sMessageDigest();
try {
return MessageDigest.getInstance("BLAKE2S-256");
} catch (NoSuchAlgorithmException e) {
return new Blake2sMessageDigest();
}
}
throw new NoSuchAlgorithmException("Unknown Noise hash algorithm name: " + name);
}
// The rest of this class consists of internal utility functions
// that are not part of the public API.
/**
* Destroys the contents of a byte array.
*
* @param array The array whose contents should be destroyed.
*/
static void destroy(byte[] array)
{
Arrays.fill(array, (byte)0);
}
/**
* Makes a copy of part of an array.
*
* @param data The buffer containing the data to copy.
* @param offset Offset of the first byte to copy.
* @param length The number of bytes to copy.
*
* @return A new array with a copy of the sub-array.
*/
static byte[] copySubArray(byte[] data, int offset, int length)
{
byte[] copy = new byte [length];
System.arraycopy(data, offset, copy, 0, length);
return copy;
}
/**
* Throws an instance of AEADBadTagException.
*
* @throws BadPaddingException The AEAD exception.
*
* If the underlying JDK does not have the AEADBadTagException
* class, then this function will instead throw an instance of
* the superclass BadPaddingException.
*/
static void throwBadTagException() throws BadPaddingException
{
try {
Class<?> c = Class.forName("javax.crypto.AEADBadTagException");
throw (BadPaddingException)(c.newInstance());
} catch (ClassNotFoundException e) {
} catch (InstantiationException e) {
} catch (IllegalAccessException e) {
}
throw new BadPaddingException();
}
}

835
src/main/java/com/southernstorm/noise/protocol/Pattern.java
View File

@ -1,835 +0,0 @@
/*
* Copyright (C) 2016 Southern Storm Software, Pty Ltd.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
package com.southernstorm.noise.protocol;
/**
* Information about all supported handshake patterns.
*/
class Pattern {
private Pattern() {}
// Token codes.
public static final short S = 1;
public static final short E = 2;
public static final short EE = 3;
public static final short ES = 4;
public static final short SE = 5;
public static final short SS = 6;
public static final short F = 7;
public static final short FF = 8;
public static final short FLIP_DIR = 255;
// Pattern flag bits.
public static final short FLAG_LOCAL_STATIC = 0x0001;
public static final short FLAG_LOCAL_EPHEMERAL = 0x0002;
public static final short FLAG_LOCAL_REQUIRED = 0x0004;
public static final short FLAG_LOCAL_EPHEM_REQ = 0x0008;
public static final short FLAG_LOCAL_HYBRID = 0x0010;
public static final short FLAG_LOCAL_HYBRID_REQ = 0x0020;
public static final short FLAG_REMOTE_STATIC = 0x0100;
public static final short FLAG_REMOTE_EPHEMERAL = 0x0200;
public static final short FLAG_REMOTE_REQUIRED = 0x0400;
public static final short FLAG_REMOTE_EPHEM_REQ = 0x0800;
public static final short FLAG_REMOTE_HYBRID = 0x1000;
public static final short FLAG_REMOTE_HYBRID_REQ = 0x2000;
private static final short[] noise_pattern_N = {
FLAG_LOCAL_EPHEMERAL |
FLAG_REMOTE_STATIC |
FLAG_REMOTE_REQUIRED,
E,
ES
};
private static final short[] noise_pattern_K = {
FLAG_LOCAL_STATIC |
FLAG_LOCAL_EPHEMERAL |
FLAG_LOCAL_REQUIRED |
FLAG_REMOTE_STATIC |
FLAG_REMOTE_REQUIRED,
E,
ES,
SS
};
private static final short[] noise_pattern_X = {
FLAG_LOCAL_STATIC |
FLAG_LOCAL_EPHEMERAL |
FLAG_REMOTE_STATIC |
FLAG_REMOTE_REQUIRED,
E,
ES,
S,
SS
};
private static final short[] noise_pattern_NN = {
FLAG_LOCAL_EPHEMERAL |
FLAG_REMOTE_EPHEMERAL,
E,
FLIP_DIR,
E,
EE
};
private static final short[] noise_pattern_NK = {
FLAG_LOCAL_EPHEMERAL |
FLAG_REMOTE_STATIC |
FLAG_REMOTE_EPHEMERAL |
FLAG_REMOTE_REQUIRED,
E,
ES,
FLIP_DIR,
E,
EE
};
private static final short[] noise_pattern_NX = {
FLAG_LOCAL_EPHEMERAL |
FLAG_REMOTE_STATIC |
FLAG_REMOTE_EPHEMERAL,
E,
FLIP_DIR,
E,
EE,
S,
ES
};
private static final short[] noise_pattern_XN = {
FLAG_LOCAL_STATIC |
FLAG_LOCAL_EPHEMERAL |
FLAG_REMOTE_EPHEMERAL,
E,
FLIP_DIR,
E,
EE,
FLIP_DIR,
S,
SE
};
private static final short[] noise_pattern_XK = {
FLAG_LOCAL_STATIC |
FLAG_LOCAL_EPHEMERAL |
FLAG_REMOTE_STATIC |
FLAG_REMOTE_EPHEMERAL |
FLAG_REMOTE_REQUIRED,
E,
ES,
FLIP_DIR,
E,
EE,
FLIP_DIR,
S,
SE
};
private static final short[] noise_pattern_XX = {
FLAG_LOCAL_STATIC |
FLAG_LOCAL_EPHEMERAL |
FLAG_REMOTE_STATIC |
FLAG_REMOTE_EPHEMERAL,
E,
FLIP_DIR,
E,
EE,
S,
ES,
FLIP_DIR,
S,
SE
};
private static final short[] noise_pattern_KN = {
FLAG_LOCAL_STATIC |
FLAG_LOCAL_EPHEMERAL |
FLAG_LOCAL_REQUIRED |
FLAG_REMOTE_EPHEMERAL,
E,
FLIP_DIR,
E,
EE,
SE
};
private static final short[] noise_pattern_KK = {
FLAG_LOCAL_STATIC |
FLAG_LOCAL_EPHEMERAL |
FLAG_LOCAL_REQUIRED |
FLAG_REMOTE_STATIC |
FLAG_REMOTE_EPHEMERAL |
FLAG_REMOTE_REQUIRED,
E,
ES,
SS,
FLIP_DIR,
E,
EE,
SE
};
private static final short[] noise_pattern_KX = {
FLAG_LOCAL_STATIC |
FLAG_LOCAL_EPHEMERAL |
FLAG_LOCAL_REQUIRED |
FLAG_REMOTE_STATIC |
FLAG_REMOTE_EPHEMERAL,
E,
FLIP_DIR,
E,
EE,
SE,
S,
ES
};
private static final short[] noise_pattern_IN = {
FLAG_LOCAL_STATIC |
FLAG_LOCAL_EPHEMERAL |
FLAG_REMOTE_EPHEMERAL,
E,
S,
FLIP_DIR,
E,
EE,
SE
};
private static final short[] noise_pattern_IK = {
FLAG_LOCAL_STATIC |
FLAG_LOCAL_EPHEMERAL |
FLAG_REMOTE_STATIC |
FLAG_REMOTE_EPHEMERAL |
FLAG_REMOTE_REQUIRED,
E,
ES,
S,
SS,
FLIP_DIR,
E,
EE,
SE
};
private static final short[] noise_pattern_IX = {
FLAG_LOCAL_STATIC |
FLAG_LOCAL_EPHEMERAL |
FLAG_REMOTE_STATIC |
FLAG_REMOTE_EPHEMERAL,
E,
S,
FLIP_DIR,
E,
EE,
SE,
S,
ES
};
private static final short[] noise_pattern_XXfallback = {
FLAG_LOCAL_STATIC |
FLAG_LOCAL_EPHEMERAL |
FLAG_REMOTE_STATIC |
FLAG_REMOTE_EPHEMERAL |
FLAG_REMOTE_EPHEM_REQ,
E,
EE,
S,
SE,
FLIP_DIR,
S,
ES
};
private static final short[] noise_pattern_Xnoidh = {
FLAG_LOCAL_STATIC |
FLAG_LOCAL_EPHEMERAL |
FLAG_REMOTE_STATIC |
FLAG_REMOTE_REQUIRED,
E,
S,
ES,
SS
};
private static final short[] noise_pattern_NXnoidh = {
FLAG_LOCAL_EPHEMERAL |
FLAG_REMOTE_STATIC |
FLAG_REMOTE_EPHEMERAL,
E,
FLIP_DIR,
E,
S,
EE,
ES
};
private static final short[] noise_pattern_XXnoidh = {
FLAG_LOCAL_STATIC |
FLAG_LOCAL_EPHEMERAL |
FLAG_REMOTE_STATIC |
FLAG_REMOTE_EPHEMERAL,
E,
FLIP_DIR,
E,
S,
EE,
ES,
FLIP_DIR,
S,
SE
};
private static final short[] noise_pattern_KXnoidh = {
FLAG_LOCAL_STATIC |
FLAG_LOCAL_EPHEMERAL |
FLAG_LOCAL_REQUIRED |
FLAG_REMOTE_STATIC |
FLAG_REMOTE_EPHEMERAL,
E,
FLIP_DIR,
E,
S,
EE,
SE,
ES
};
private static final short[] noise_pattern_IKnoidh = {
FLAG_LOCAL_STATIC |
FLAG_LOCAL_EPHEMERAL |
FLAG_REMOTE_STATIC |
FLAG_REMOTE_EPHEMERAL |
FLAG_REMOTE_REQUIRED,
E,
S,
ES,
SS,
FLIP_DIR,
E,
EE,
SE
};
private static final short[] noise_pattern_IXnoidh = {
FLAG_LOCAL_STATIC |
FLAG_LOCAL_EPHEMERAL |
FLAG_REMOTE_STATIC |
FLAG_REMOTE_EPHEMERAL,
E,
S,
FLIP_DIR,
E,
S,
EE,
SE,
ES
};
private static final short[] noise_pattern_NNhfs = {
FLAG_LOCAL_EPHEMERAL |
FLAG_LOCAL_HYBRID |
FLAG_REMOTE_EPHEMERAL |
FLAG_REMOTE_HYBRID,
E,
F,
FLIP_DIR,
E,
F,
EE,
FF
};
private static final short[] noise_pattern_NKhfs = {
FLAG_LOCAL_EPHEMERAL |
FLAG_LOCAL_HYBRID |
FLAG_REMOTE_STATIC |
FLAG_REMOTE_EPHEMERAL |
FLAG_REMOTE_HYBRID |
FLAG_REMOTE_REQUIRED,
E,
F,
ES,
FLIP_DIR,
E,
F,
EE,
FF
};
private static final short[] noise_pattern_NXhfs = {
FLAG_LOCAL_EPHEMERAL |
FLAG_LOCAL_HYBRID |
FLAG_REMOTE_STATIC |
FLAG_REMOTE_EPHEMERAL |
FLAG_REMOTE_HYBRID,
E,
F,
FLIP_DIR,
E,
F,
EE,
FF,
S,
ES
};
private static final short[] noise_pattern_XNhfs = {
FLAG_LOCAL_STATIC |
FLAG_LOCAL_EPHEMERAL |
FLAG_LOCAL_HYBRID |
FLAG_REMOTE_EPHEMERAL |
FLAG_REMOTE_HYBRID,
E,
F,
FLIP_DIR,
E,
F,
EE,
FF,
FLIP_DIR,
S,
SE
};
private static final short[] noise_pattern_XKhfs = {
FLAG_LOCAL_STATIC |
FLAG_LOCAL_EPHEMERAL |
FLAG_LOCAL_HYBRID |
FLAG_REMOTE_STATIC |
FLAG_REMOTE_EPHEMERAL |
FLAG_REMOTE_HYBRID |
FLAG_REMOTE_REQUIRED,
E,
F,
ES,
FLIP_DIR,
E,
F,
EE,
FF,
FLIP_DIR,
S,
SE
};
private static final short[] noise_pattern_XXhfs = {
FLAG_LOCAL_STATIC |
FLAG_LOCAL_EPHEMERAL |
FLAG_LOCAL_HYBRID |
FLAG_REMOTE_STATIC |
FLAG_REMOTE_EPHEMERAL |
FLAG_REMOTE_HYBRID,
E,
F,
FLIP_DIR,
E,
F,
EE,
FF,
S,
ES,
FLIP_DIR,
S,
SE
};
private static final short[] noise_pattern_KNhfs = {
FLAG_LOCAL_STATIC |
FLAG_LOCAL_EPHEMERAL |
FLAG_LOCAL_REQUIRED |
FLAG_LOCAL_HYBRID |
FLAG_REMOTE_EPHEMERAL |
FLAG_REMOTE_HYBRID,
E,
F,
FLIP_DIR,
E,
F,
EE,
FF,
SE
};
private static final short[] noise_pattern_KKhfs = {
FLAG_LOCAL_STATIC |
FLAG_LOCAL_EPHEMERAL |
FLAG_LOCAL_REQUIRED |
FLAG_LOCAL_HYBRID |
FLAG_REMOTE_STATIC |
FLAG_REMOTE_EPHEMERAL |
FLAG_REMOTE_HYBRID |
FLAG_REMOTE_REQUIRED,
E,
F,
ES,
SS,
FLIP_DIR,
E,
F,
EE,
FF,
SE
};
private static final short[] noise_pattern_KXhfs = {
FLAG_LOCAL_STATIC |
FLAG_LOCAL_EPHEMERAL |
FLAG_LOCAL_REQUIRED |
FLAG_LOCAL_HYBRID |
FLAG_REMOTE_STATIC |
FLAG_REMOTE_EPHEMERAL |
FLAG_REMOTE_HYBRID,
E,
F,
FLIP_DIR,
E,
F,
EE,
FF,
SE,
S,
ES
};
private static final short[] noise_pattern_INhfs = {
FLAG_LOCAL_STATIC |
FLAG_LOCAL_EPHEMERAL |
FLAG_LOCAL_HYBRID |
FLAG_REMOTE_EPHEMERAL |
FLAG_REMOTE_HYBRID,
E,
F,
S,
FLIP_DIR,
E,
F,
EE,
FF,
SE
};
private static final short[] noise_pattern_IKhfs = {
FLAG_LOCAL_STATIC |
FLAG_LOCAL_EPHEMERAL |
FLAG_LOCAL_HYBRID |
FLAG_REMOTE_STATIC |
FLAG_REMOTE_EPHEMERAL |
FLAG_REMOTE_HYBRID |
FLAG_REMOTE_REQUIRED,
E,
F,
ES,
S,
SS,
FLIP_DIR,
E,
F,
EE,
FF,
SE
};
private static final short[] noise_pattern_IXhfs = {
FLAG_LOCAL_STATIC |
FLAG_LOCAL_EPHEMERAL |
FLAG_LOCAL_HYBRID |
FLAG_REMOTE_STATIC |
FLAG_REMOTE_EPHEMERAL |
FLAG_REMOTE_HYBRID,
E,
F,
S,
FLIP_DIR,
E,
F,
EE,
FF,
SE,
S,
ES
};
private static final short[] noise_pattern_XXfallback_hfs = {
FLAG_LOCAL_STATIC |
FLAG_LOCAL_EPHEMERAL |
FLAG_LOCAL_HYBRID |
FLAG_REMOTE_STATIC |
FLAG_REMOTE_EPHEMERAL |
FLAG_REMOTE_EPHEM_REQ |
FLAG_REMOTE_HYBRID |
FLAG_REMOTE_HYBRID_REQ,
E,
F,
EE,
FF,
S,
SE,
FLIP_DIR,
S,
ES
};
private static final short[] noise_pattern_NXnoidh_hfs = {
FLAG_LOCAL_EPHEMERAL |
FLAG_LOCAL_HYBRID |
FLAG_REMOTE_STATIC |
FLAG_REMOTE_EPHEMERAL |
FLAG_REMOTE_HYBRID,
E,
F,
FLIP_DIR,
E,
F,
S,
EE,
FF,
ES
};
private static final short[] noise_pattern_XXnoidh_hfs = {
FLAG_LOCAL_STATIC |
FLAG_LOCAL_EPHEMERAL |
FLAG_LOCAL_HYBRID |
FLAG_REMOTE_STATIC |
FLAG_REMOTE_EPHEMERAL |
FLAG_REMOTE_HYBRID,
E,
F,
FLIP_DIR,
E,
F,
S,
EE,
FF,
ES,
FLIP_DIR,
S,
SE
};
private static final short[] noise_pattern_KXnoidh_hfs = {
FLAG_LOCAL_STATIC |
FLAG_LOCAL_EPHEMERAL |
FLAG_LOCAL_REQUIRED |
FLAG_LOCAL_HYBRID |
FLAG_REMOTE_STATIC |
FLAG_REMOTE_EPHEMERAL |
FLAG_REMOTE_HYBRID,
E,
F,
FLIP_DIR,
E,
F,
S,
EE,
FF,
SE,
ES
};
private static final short[] noise_pattern_IKnoidh_hfs = {
FLAG_LOCAL_STATIC |
FLAG_LOCAL_EPHEMERAL |
FLAG_LOCAL_HYBRID |
FLAG_REMOTE_STATIC |
FLAG_REMOTE_EPHEMERAL |
FLAG_REMOTE_EPHEMERAL |
FLAG_REMOTE_HYBRID,
E,
F,
S,
ES,
SS,
FLIP_DIR,
E,
F,
EE,
FF,
SE
};
private static final short[] noise_pattern_IXnoidh_hfs = {
FLAG_LOCAL_STATIC |
FLAG_LOCAL_EPHEMERAL |
FLAG_LOCAL_HYBRID |
FLAG_REMOTE_STATIC |
FLAG_REMOTE_EPHEMERAL |
FLAG_REMOTE_HYBRID,
E,
F,
S,
FLIP_DIR,
E,
F,
S,
EE,
FF,
SE,
ES
};
/**
* Look up the description information for a pattern.
*
* @param name The name of the pattern.
* @return The pattern description or null.
*/
public static short[] lookup(String name)
{
if (name.equals("N"))
return noise_pattern_N;
else if (name.equals("K"))
return noise_pattern_K;
else if (name.equals("X"))
return noise_pattern_X;
else if (name.equals("NN"))
return noise_pattern_NN;
else if (name.equals("NK"))
return noise_pattern_NK;
else if (name.equals("NX"))
return noise_pattern_NX;
else if (name.equals("XN"))
return noise_pattern_XN;
else if (name.equals("XK"))
return noise_pattern_XK;
else if (name.equals("XX"))
return noise_pattern_XX;
else if (name.equals("KN"))
return noise_pattern_KN;
else if (name.equals("KK"))
return noise_pattern_KK;
else if (name.equals("KX"))
return noise_pattern_KX;
else if (name.equals("IN"))
return noise_pattern_IN;
else if (name.equals("IK"))
return noise_pattern_IK;
else if (name.equals("IX"))
return noise_pattern_IX;
else if (name.equals("XXfallback"))
return noise_pattern_XXfallback;
else if (name.equals("Xnoidh"))
return noise_pattern_Xnoidh;
else if (name.equals("NXnoidh"))
return noise_pattern_NXnoidh;
else if (name.equals("XXnoidh"))
return noise_pattern_XXnoidh;
else if (name.equals("KXnoidh"))
return noise_pattern_KXnoidh;
else if (name.equals("IKnoidh"))
return noise_pattern_IKnoidh;
else if (name.equals("IXnoidh"))
return noise_pattern_IXnoidh;
else if (name.equals("NNhfs"))
return noise_pattern_NNhfs;
else if (name.equals("NKhfs"))
return noise_pattern_NKhfs;
else if (name.equals("NXhfs"))
return noise_pattern_NXhfs;
else if (name.equals("XNhfs"))
return noise_pattern_XNhfs;
else if (name.equals("XKhfs"))
return noise_pattern_XKhfs;
else if (name.equals("XXhfs"))
return noise_pattern_XXhfs;
else if (name.equals("KNhfs"))
return noise_pattern_KNhfs;
else if (name.equals("KKhfs"))
return noise_pattern_KKhfs;
else if (name.equals("KXhfs"))
return noise_pattern_KXhfs;
else if (name.equals("INhfs"))
return noise_pattern_INhfs;
else if (name.equals("IKhfs"))
return noise_pattern_IKhfs;
else if (name.equals("IXhfs"))
return noise_pattern_IXhfs;
else if (name.equals("XXfallback+hfs"))
return noise_pattern_XXfallback_hfs;
else if (name.equals("NXnoidh+hfs"))
return noise_pattern_NXnoidh_hfs;
else if (name.equals("XXnoidh+hfs"))
return noise_pattern_XXnoidh_hfs;
else if (name.equals("KXnoidh+hfs"))
return noise_pattern_KXnoidh_hfs;
else if (name.equals("IKnoidh+hfs"))
return noise_pattern_IKnoidh_hfs;
else if (name.equals("IXnoidh+hfs"))
return noise_pattern_IXnoidh_hfs;
return null;
}
/**
* Reverses the local and remote flags for a pattern.
*
* @param flags The flags, assuming that the initiator is "local".
* @return The reversed flags, with the responder now being "local".
*/
public static short reverseFlags(short flags)
{
return (short)(((flags >> 8) & 0x00FF) | ((flags << 8) & 0xFF00));
}
}

484
src/main/java/com/southernstorm/noise/protocol/SymmetricState.java
View File

@ -1,484 +0,0 @@
/*
* Copyright (C) 2016 Southern Storm Software, Pty Ltd.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
package com.southernstorm.noise.protocol;
import java.io.UnsupportedEncodingException;
import java.security.DigestException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.ShortBufferException;
/**
* Symmetric state for helping manage a Noise handshake.
*/
class SymmetricState implements Destroyable {
private String name;
private CipherState cipher;
private MessageDigest hash;
private byte[] ck;
private byte[] h;
private byte[] prev_h;
/**
* Constructs a new symmetric state object.
*
* @param protocolName The name of the Noise protocol, which is assumed to be valid.
* @param cipherName The name of the cipher within protocolName.
* @param hashName The name of the hash within protocolName.
*
* @throws NoSuchAlgorithmException The cipher or hash algorithm in the
* protocol name is not supported.
*/
public SymmetricState(String protocolName, String cipherName, String hashName) throws NoSuchAlgorithmException
{
name = protocolName;
cipher = Noise.createCipher(cipherName);
hash = Noise.createHash(hashName);
int hashLength = hash.getDigestLength();
ck = new byte [hashLength];
h = new byte [hashLength];
prev_h = new byte [hashLength];
byte[] protocolNameBytes;
try {
protocolNameBytes = protocolName.getBytes("UTF-8");
} catch (UnsupportedEncodingException e) {
// If UTF-8 is not supported, then we are definitely in trouble!
throw new UnsupportedOperationException("UTF-8 encoding is not supported");
}
if (protocolNameBytes.length <= hashLength) {
System.arraycopy(protocolNameBytes, 0, h, 0, protocolNameBytes.length);
Arrays.fill(h, protocolNameBytes.length, h.length, (byte)0);
} else {
hashOne(protocolNameBytes, 0, protocolNameBytes.length, h, 0, h.length);
}
System.arraycopy(h, 0, ck, 0, hashLength);
}
/**
* Gets the name of the Noise protocol.
*
* @return The protocol name.
*/
public String getProtocolName()
{
return name;
}
/**
* Gets the length of MAC values in the current state.
*
* @return The length of the MAC value for the underlying cipher
* or zero if the cipher has not yet been initialized with a key.
*/
public int getMACLength()
{
return cipher.getMACLength();
}
/**
* Mixes data into the chaining key.
*
* @param data The buffer containing the data to mix in.
* @param offset The offset of the first data byte to mix in.
* @param length The number of bytes to mix in.
*/
public void mixKey(byte[] data, int offset, int length)
{
int keyLength = cipher.getKeyLength();
byte[] tempKey = new byte [keyLength];
try {
hkdf(ck, 0, ck.length, data, offset, length, ck, 0, ck.length, tempKey, 0, keyLength);
cipher.initializeKey(tempKey, 0);
} finally {
Noise.destroy(tempKey);
}
}
/**
* Mixes data into the handshake hash.
*
* @param data The buffer containing the data to mix in.
* @param offset The offset of the first data byte to mix in.
* @param length The number of bytes to mix in.
*/
public void mixHash(byte[] data, int offset, int length)
{
hashTwo(h, 0, h.length, data, offset, length, h, 0, h.length);
}
/**
* Mixes a pre-shared key into the chaining key and handshake hash.
*
* @param key The pre-shared key value.
*/
public void mixPreSharedKey(byte[] key)
{
byte[] temp = new byte [hash.getDigestLength()];
try {
hkdf(ck, 0, ck.length, key, 0, key.length, ck, 0, ck.length, temp, 0, temp.length);
mixHash(temp, 0, temp.length);
} finally {
Noise.destroy(temp);
}
}
/**
* Mixes a pre-supplied public key into the handshake hash.
*
* @param dh The object containing the public key.
*/
public void mixPublicKey(DHState dh)
{
byte[] temp = new byte [dh.getPublicKeyLength()];
try {
dh.getPublicKey(temp, 0);
mixHash(temp, 0, temp.length);
} finally {
Noise.destroy(temp);
}
}
/**
* Mixes a pre-supplied public key into the chaining key.
*
* @param dh The object containing the public key.
*/
public void mixPublicKeyIntoCK(DHState dh)
{
byte[] temp = new byte [dh.getPublicKeyLength()];
try {
dh.getPublicKey(temp, 0);
mixKey(temp, 0, temp.length);
} finally {
Noise.destroy(temp);
}
}
/**
* Encrypts a block of plaintext and mixes the ciphertext into the handshake hash.
*
* @param plaintext The buffer containing the plaintext to encrypt.
* @param plaintextOffset The offset within the plaintext buffer of the
* first byte or plaintext data.
* @param ciphertext The buffer to place the ciphertext in. This can
* be the same as the plaintext buffer.
* @param ciphertextOffset The first offset within the ciphertext buffer
* to place the ciphertext and the MAC tag.
* @param length The length of the plaintext.
* @return The length of the ciphertext plus the MAC tag.
*
* @throws ShortBufferException There is not enough space in the
* ciphertext buffer for the encrypted data plus MAC value.
*
* The plaintext and ciphertext buffers can be the same for in-place
* encryption. In that case, plaintextOffset must be identical to
* ciphertextOffset.
*
* There must be enough space in the ciphertext buffer to accomodate
* length + getMACLength() bytes of data starting at ciphertextOffset.
*/
public int encryptAndHash(byte[] plaintext, int plaintextOffset, byte[] ciphertext, int ciphertextOffset, int length) throws ShortBufferException
{
int ciphertextLength = cipher.encryptWithAd(h, plaintext, plaintextOffset, ciphertext, ciphertextOffset, length);
mixHash(ciphertext, ciphertextOffset, ciphertextLength);
return ciphertextLength;
}
/**
* Decrypts a block of ciphertext and mixes it into the handshake hash.
*
* @param ciphertext The buffer containing the ciphertext to decrypt.
* @param ciphertextOffset The offset within the ciphertext buffer of
* the first byte of ciphertext data.
* @param plaintext The buffer to place the plaintext in. This can be
* the same as the ciphertext buffer.
* @param plaintextOffset The first offset within the plaintext buffer
* to place the plaintext.
* @param length The length of the incoming ciphertext plus the MAC tag.
* @return The length of the plaintext with the MAC tag stripped off.
*
* @throws ShortBufferException There is not enough space in the plaintext
* buffer for the decrypted data.
*
* @throws BadPaddingException The MAC value failed to verify.
*
* The plaintext and ciphertext buffers can be the same for in-place
* decryption. In that case, ciphertextOffset must be identical to
* plaintextOffset.
*/
public int decryptAndHash(byte[] ciphertext, int ciphertextOffset, byte[] plaintext, int plaintextOffset, int length) throws ShortBufferException, BadPaddingException
{
System.arraycopy(h, 0, prev_h, 0, h.length);
mixHash(ciphertext, ciphertextOffset, length);
return cipher.decryptWithAd(prev_h, ciphertext, ciphertextOffset, plaintext, plaintextOffset, length);
}
/**
* Splits the symmetric state into two ciphers for session encryption.
*
* @return The pair of ciphers for sending and receiving.
*/
public CipherStatePair split()
{
return split(new byte[0], 0, 0);
}
/**
* Splits the symmetric state into two ciphers for session encryption,
* and optionally mixes in a secondary symmetric key.
*
* @param secondaryKey The buffer containing the secondary key.
* @param offset The offset of the first secondary key byte.
* @param length The length of the secondary key in bytes, which
* must be either 0 or 32.
* @return The pair of ciphers for sending and receiving.
*
* @throws IllegalArgumentException The length is not 0 or 32.
*/
public CipherStatePair split(byte[] secondaryKey, int offset, int length)
{
if (length != 0 && length != 32)
throw new IllegalArgumentException("Secondary keys must be 0 or 32 bytes in length");
int keyLength = cipher.getKeyLength();
byte[] k1 = new byte [keyLength];
byte[] k2 = new byte [keyLength];
try {
hkdf(ck, 0, ck.length, secondaryKey, offset, length, k1, 0, k1.length, k2, 0, k2.length);
CipherState c1 = null;
CipherState c2 = null;
CipherStatePair pair = null;
try {
c1 = cipher.fork(k1, 0);
c2 = cipher.fork(k2, 0);
pair = new CipherStatePair(c1, c2);
} finally {
if (c1 == null || c2 == null || pair == null) {
// Could not create some of the objects. Clean up the others
// to avoid accidental leakage of k1 or k2.
if (c1 != null)
c1.destroy();
if (c2 != null)
c2.destroy();
pair = null;
}
}
return pair;
} finally {
Noise.destroy(k1);
Noise.destroy(k2);
}
}
/**
* Gets the current value of the handshake hash.
*
* @return The handshake hash. This must not be modified by the caller.
*
* The handshake hash value is only of use to the application after
* split() has been called.
*/
public byte[] getHandshakeHash()
{
return h;
}
@Override
public void destroy() {
if (cipher != null) {
cipher.destroy();
cipher = null;
}
if (hash != null) {
// The built-in fallback implementations are destroyable.
// JCA/JCE implementations aren't, so try reset() instead.
if (hash instanceof Destroyable)
((Destroyable)hash).destroy();
else
hash.reset();
hash = null;
}
if (ck != null) {
Noise.destroy(ck);
ck = null;
}
if (h != null) {
Noise.destroy(h);
h = null;
}
if (prev_h != null) {
Noise.destroy(prev_h);
prev_h = null;
}
}
/**
* Hashes a single data buffer.
*
* @param data The buffer containing the data to hash.
* @param offset Offset into the data buffer of the first byte to hash.
* @param length Length of the data to be hashed.
* @param output The buffer to receive the output hash value.
* @param outputOffset Offset into the output buffer to place the hash value.
* @param outputLength The length of the hash output.
*
* The output buffer can be the same as the input data buffer.
*/
private void hashOne(byte[] data, int offset, int length, byte[] output, int outputOffset, int outputLength)
{
hash.reset();
hash.update(data, offset, length);
try {
hash.digest(output, outputOffset, outputLength);
} catch (DigestException e) {
Arrays.fill(output, outputOffset, outputLength, (byte)0);
}
}
/**
* Hashes two data buffers.
*
* @param data1 The buffer containing the first data to hash.
* @param offset1 Offset into the first data buffer of the first byte to hash.
* @param length1 Length of the first data to be hashed.
* @param data2 The buffer containing the second data to hash.
* @param offset2 Offset into the second data buffer of the first byte to hash.
* @param length2 Length of the second data to be hashed.
* @param output The buffer to receive the output hash value.
* @param outputOffset Offset into the output buffer to place the hash value.
* @param outputLength The length of the hash output.
*
* The output buffer can be same as either of the input buffers.
*/
private void hashTwo(byte[] data1, int offset1, int length1,
byte[] data2, int offset2, int length2,
byte[] output, int outputOffset, int outputLength)
{
hash.reset();
hash.update(data1, offset1, length1);
hash.update(data2, offset2, length2);
try {
hash.digest(output, outputOffset, outputLength);
} catch (DigestException e) {
Arrays.fill(output, outputOffset, outputLength, (byte)0);
}
}
/**
* Computes a HMAC value using key and data values.
*
* @param key The buffer that contains the key.
* @param keyOffset The offset of the key in the key buffer.
* @param keyLength The length of the key in bytes.
* @param data The buffer that contains the data.
* @param dataOffset The offset of the data in the data buffer.
* @param dataLength The length of the data in bytes.
* @param output The output buffer to place the HMAC value in.
* @param outputOffset Offset into the output buffer for the HMAC value.
* @param outputLength The length of the HMAC output.
*/
private void hmac(byte[] key, int keyOffset, int keyLength,
byte[] data, int dataOffset, int dataLength,
byte[] output, int outputOffset, int outputLength)
{
// In all of the algorithms of interest to us, the block length
// is twice the size of the hash length.
int hashLength = hash.getDigestLength();
int blockLength = hashLength * 2;
byte[] block = new byte [blockLength];
int index;
try {
if (keyLength <= blockLength) {
System.arraycopy(key, keyOffset, block, 0, keyLength);
Arrays.fill(block, keyLength, blockLength, (byte)0);
} else {
hash.reset();
hash.update(key, keyOffset, keyLength);
hash.digest(block, 0, hashLength);
Arrays.fill(block, hashLength, blockLength, (byte)0);
}
for (index = 0; index < blockLength; ++index)
block[index] ^= (byte)0x36;
hash.reset();
hash.update(block, 0, blockLength);
hash.update(data, dataOffset, dataLength);
hash.digest(output, outputOffset, hashLength);
for (index = 0; index < blockLength; ++index)
block[index] ^= (byte)(0x36 ^ 0x5C);
hash.reset();
hash.update(block, 0, blockLength);
hash.update(output, outputOffset, hashLength);
hash.digest(output, outputOffset, outputLength);
} catch (DigestException e) {
Arrays.fill(output, outputOffset, outputLength, (byte)0);
} finally {
Noise.destroy(block);
}
}
/**
* Computes a HKDF value.
*
* @param key The buffer that contains the key.
* @param keyOffset The offset of the key in the key buffer.
* @param keyLength The length of the key in bytes.
* @param data The buffer that contains the data.
* @param dataOffset The offset of the data in the data buffer.
* @param dataLength The length of the data in bytes.
* @param output1 The first output buffer.
* @param output1Offset Offset into the first output buffer.
* @param output1Length Length of the first output which can be
* less than the hash length.
* @param output2 The second output buffer.
* @param output2Offset Offset into the second output buffer.
* @param output2Length Length of the second output which can be
* less than the hash length.
*/
private void hkdf(byte[] key, int keyOffset, int keyLength,
byte[] data, int dataOffset, int dataLength,
byte[] output1, int output1Offset, int output1Length,
byte[] output2, int output2Offset, int output2Length)
{
int hashLength = hash.getDigestLength();
byte[] tempKey = new byte [hashLength];
byte[] tempHash = new byte [hashLength + 1];
try {
hmac(key, keyOffset, keyLength, data, dataOffset, dataLength, tempKey, 0, hashLength);
tempHash[0] = (byte)0x01;
hmac(tempKey, 0, hashLength, tempHash, 0, 1, tempHash, 0, hashLength);
System.arraycopy(tempHash, 0, output1, output1Offset, output1Length);
tempHash[hashLength] = (byte)0x02;
hmac(tempKey, 0, hashLength, tempHash, 0, hashLength + 1, tempHash, 0, hashLength);
System.arraycopy(tempHash, 0, output2, output2Offset, output2Length);
} finally {
Noise.destroy(tempKey);
Noise.destroy(tempHash);
}
}
}

7
src/main/java/com/southernstorm/noise/protocol/package-info.java
View File

@ -1,7 +0,0 @@
/**
* Provides classes for communicating via the Noise protocol.
*
* Reference: http://noiseprotocol.org
*/
package com.southernstorm.noise.protocol;

2
src/test/java/.gitignore vendored
View File

@ -1,2 +0,0 @@
.settings
bin

371
src/test/java/com/southernstorm/json/JsonReader.java
View File

@ -1,371 +0,0 @@
/*
* Copyright (C) 2013 Southern Storm Software, Pty Ltd.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
package com.southernstorm.json;
import java.io.IOException;
import java.io.Reader;
/**
* Recursive-descent parser for JSON streams.
*
* Intentionally compatible with android.util.JsonReader.
*/
public class JsonReader implements AutoCloseable {
private Reader in;
private JsonToken token;
private boolean lenient;
private boolean booleanValue;
private String stringValue;
private int ungetCh;
public JsonReader(Reader in) {
this.in = in;
this.token = JsonToken.READ_FIRST;
this.lenient = false;
this.ungetCh = -2;
}
public void beginArray() throws IOException {
expectNext(JsonToken.BEGIN_ARRAY, "JSON begin array expected");
}
public void beginObject() throws IOException {
expectNext(JsonToken.BEGIN_OBJECT, "JSON begin object expected");
}
@Override
public void close() throws IOException {
in.close();
}
public void endArray() throws IOException {
expectNext(JsonToken.END_ARRAY, "JSON end array expected");
}
public void endObject() throws IOException {
expectNext(JsonToken.END_OBJECT, "JSON end array expected");
}
public boolean hasNext() throws IOException {
if (this.token == JsonToken.READ_FIRST)
nextToken();
while (this.token == JsonToken.COMMA)
nextToken(); // Very lenient - multiple separating commas allowed.
return this.token != JsonToken.END_ARRAY
&& this.token != JsonToken.END_OBJECT;
}
public boolean isLenient() {
return this.lenient;
}
public void setLenient(boolean lenient) {
// Lenient mode as described in the Android documentation is not implemented.
this.lenient = lenient;
}
public boolean nextBoolean() throws IOException, IllegalStateException {
if (this.token == JsonToken.READ_FIRST)
nextToken();
if (this.token != JsonToken.BOOLEAN)
throw new IllegalStateException("JSON boolean value expected");
boolean value = booleanValue;
nextToken();
return value;
}
public double nextDouble() throws IOException, IllegalStateException, NumberFormatException {
if (this.token == JsonToken.READ_FIRST)
nextToken();
double value;
if (this.token == JsonToken.STRING || token == JsonToken.NUMBER) {
value = Double.parseDouble(stringValue);
} else {
throw new IllegalStateException("JSON double value expected");
}
nextToken();
return value;
}
public int nextInt() throws IOException, IllegalStateException, NumberFormatException {
if (this.token == JsonToken.READ_FIRST)
nextToken();
int value;
if (this.token == JsonToken.STRING || this.token == JsonToken.NUMBER) {
value = Integer.parseInt(stringValue);
} else {
throw new IllegalStateException("JSON int value expected");
}
nextToken();
return value;
}
public long nextLong() throws IOException, IllegalStateException, NumberFormatException {
if (this.token == JsonToken.READ_FIRST)
nextToken();
long value;
if (this.token == JsonToken.STRING || this.token == JsonToken.NUMBER) {
value = Long.parseLong(stringValue);
} else {
throw new MalformedJsonException("JSON long value expected");
}
nextToken();
return value;
}
public String nextName() throws IOException, IllegalStateException {
if (this.token == JsonToken.READ_FIRST)
nextToken();
if (this.token != JsonToken.NAME)
throw new IllegalStateException("JSON property name expected");
String value = stringValue;
nextToken();
return value;
}
public void nextNull() throws IOException, IllegalStateException {
if (this.token == JsonToken.READ_FIRST)
nextToken();
if (this.token != JsonToken.NULL)
throw new IllegalStateException("JSON null value expected");
nextToken();
}
public String nextString() throws IOException, IllegalStateException {
if (this.token == JsonToken.READ_FIRST)
nextToken();
String value;
if (this.token == JsonToken.STRING || this.token == JsonToken.NUMBER)
value = stringValue;
else if (this.token == JsonToken.BOOLEAN)
value = Boolean.toString(booleanValue);
else if (this.token == JsonToken.NULL)
value = null;
else
throw new IllegalStateException("JSON string value expected");
nextToken();
return value;
}
public JsonToken peek() throws IOException {
if (this.token == JsonToken.READ_FIRST)
nextToken();
return this.token;
}
public void skipValue() throws IOException {
switch (peek()) {
case BEGIN_ARRAY:
beginArray();
while (hasNext())
skipValue();
endArray();
break;
case BEGIN_OBJECT:
beginObject();
while (hasNext()) {
nextName();
skipValue();
}
endObject();
break;
case END_DOCUMENT:
break;
default:
nextToken();
break;
}
}
private void parseNumber(int ch) throws IOException {
StringBuilder builder = new StringBuilder();
builder.append((char)ch);
ch = in.read();
while ((ch >= '0' && ch <= '9') || ch == '-' || ch == '+' || ch == 'e' || ch == 'E' || ch == '.') {
builder.append((char)ch);
ch = in.read();
}
ungetCh = ch;
stringValue = builder.toString();
}
private void parseString() throws IOException {
StringBuilder builder = new StringBuilder();
int ch = in.read();
outer: while (ch != '"') {
if (ch == -1) {
ungetCh = ch;
break;
} else if (ch == '\\') {
ch = in.read();
if (ch == 'b')
builder.append('\u0008');
else if (ch == 'f')
builder.append('\u000C');
else if (ch == 'n')
builder.append('\n');
else if (ch == 'r')
builder.append('\r');
else if (ch == 't')
builder.append('\t');
else if (ch != 'u')
builder.append((char)ch);
else if (ch == -1) {
ungetCh = ch;
break;
} else {
int value = 0;
int digits = 0;
while (digits < 4) {
ch = in.read();
if (ch >= '0' && ch <= '9')
value = value * 16 + (ch - '0');
else if (ch >= 'A' && ch <= 'F')
value = value * 16 + (ch - 'A' + 10);
else if (ch >= 'a' && ch <= 'f')
value = value * 16 + (ch - 'a' + 10);
else {
builder.append((char)value);
continue outer;
}
++digits;
}
builder.append((char)value);
}
} else {
builder.append((char)ch);
}
ch = in.read();
}
stringValue = builder.toString();
}
private boolean checkForColon() throws IOException {
int ch = ungetCh;
if (ch == -2)
ch = in.read();
while (ch == ' ' || ch == '\t' || ch == '\r' || ch == '\n')
ch = in.read();
if (ch == ':') {
ungetCh = -2;
return true;
} else {
ungetCh = ch;
return false;
}
}
private void checkNamedToken(String name) throws IOException {
int index = 1;
int ch = in.read();
for (; index < name.length(); ++index) {
if (ch != name.charAt(index))
break;
ch = in.read();
}
if (index < name.length() || (ch >= 'a' && ch <= 'z')
|| (ch >= 'A' && ch <= 'Z') || (ch >= '0' && ch <= '9')
|| ch == '_') {
throw new MalformedJsonException("Invalid keyword, expected: '"
+ name + "'");
}
ungetCh = ch;
}
private void nextToken() throws IOException {
int ch = ungetCh;
if (ch == -2)
ch = in.read();
while (ch == ' ' || ch == '\t' || ch == '\r' || ch == '\n')
ch = in.read();
ungetCh = -2;
switch (ch) {
case -1:
token = JsonToken.END_DOCUMENT;
ungetCh = -1;
break;
case '{':
token = JsonToken.BEGIN_OBJECT;
break;
case '}':
token = JsonToken.END_OBJECT;
break;
case '[':
token = JsonToken.BEGIN_ARRAY;
break;
case ']':
token = JsonToken.END_ARRAY;
break;
case ',':
token = JsonToken.COMMA;
break;
case '-':
case '0':
case '1':
case '2':
case '3':
case '4':
case '5':
case '6':
case '7':
case '8':
case '9':
parseNumber(ch);
token = JsonToken.NUMBER;
break;
case '"':
parseString();
if (checkForColon())
token = JsonToken.NAME;
else
token = JsonToken.STRING;
break;
case 'n':
checkNamedToken("null");
token = JsonToken.NULL;
break;
case 't':
checkNamedToken("true");
token = JsonToken.BOOLEAN;
booleanValue = true;
break;
case 'f':
checkNamedToken("false");
token = JsonToken.BOOLEAN;
booleanValue = false;
break;
default:
throw new MalformedJsonException(
"Invalid character in JSON stream: '" + (char) ch + "'");
}
}
private void expectNext(JsonToken token, String message) throws IOException {
if (this.token == JsonToken.READ_FIRST)
nextToken();
if (this.token != token)
throw new MalformedJsonException(message);
nextToken();
}
}

45
src/test/java/com/southernstorm/json/JsonToken.java
View File

@ -1,45 +0,0 @@
/*
* Copyright (C) 2013 Southern Storm Software, Pty Ltd.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
package com.southernstorm.json;
/**
* Types of JSON tokens.
*
* Intentionally compatible with android.util.JsonToken.
*/
public enum JsonToken {
BEGIN_ARRAY,
BEGIN_OBJECT,
BOOLEAN,
END_ARRAY,
END_DOCUMENT,
END_OBJECT,
NAME,
NULL,
NUMBER,
STRING,
// Internal to this implementation of JsonReader - not part of the public interface.
READ_FIRST,
COMMA
}

35
src/test/java/com/southernstorm/json/MalformedJsonException.java
View File

@ -1,35 +0,0 @@
/*
* Copyright (C) 2013 Southern Storm Software, Pty Ltd.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
package com.southernstorm.json;
import java.io.IOException;
public class MalformedJsonException extends IOException {
private static final long serialVersionUID = -1645564375062756336L;
public MalformedJsonException(String detailMessage) {
super(detailMessage);
}
}

191
src/test/java/com/southernstorm/noise/tests/CipherStateTests.java
View File

@ -1,191 +0,0 @@
/*
* Copyright (C) 2016 Southern Storm Software, Pty Ltd.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
package com.southernstorm.noise.tests;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.ShortBufferException;
import com.southernstorm.noise.protocol.CipherState;
import com.southernstorm.noise.protocol.Noise;
import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.*;
/**
* Perform tests on the cipher algorithms used by Noise.
*/
public class CipherStateTests {
private void testCipher(String name, int keyLen, int macLen,
String key, long nonce, String ad,
String plaintext, String ciphertext,
String mac, boolean forceFallbacks) throws NoSuchAlgorithmException, ShortBufferException, BadPaddingException {
byte[] keyBytes = TestUtils.stringToData(key);
byte[] adBytes = TestUtils.stringToData(ad);
byte[] plaintextBytes = TestUtils.stringToData(plaintext);
byte[] ciphertextBytes;
if (ciphertext.length() > 0)
ciphertextBytes = TestUtils.stringToData(ciphertext + mac.substring(2));
else
ciphertextBytes = TestUtils.stringToData(mac);
final byte[] plaintextBuffer = new byte[plaintextBytes.length];
final byte[] ciphertextBuffer = new byte[ciphertextBytes.length];
// Create the cipher object and check its properties.
Noise.setForceFallbacks(forceFallbacks);
final CipherState cipher = Noise.createCipher(name);
assertEquals(name, cipher.getCipherName());
assertEquals(keyLen, cipher.getKeyLength());
assertEquals(0, cipher.getMACLength()); // Key has not been set yet.
// Try to encrypt. Because the key is not set yet, this will
// return the plaintext as-is.
Arrays.fill(plaintextBuffer, (byte)0xAA);
assertEquals(plaintextBytes.length, cipher.encryptWithAd(adBytes, plaintextBytes, 0, plaintextBuffer, 0, plaintextBytes.length));
assertArrayEquals(plaintextBytes, plaintextBuffer);
// Try to decrypt. Will return the ciphertext and MAC as-is.
Arrays.fill(ciphertextBuffer, (byte)0xAA);
assertEquals(ciphertextBytes.length, cipher.decryptWithAd(adBytes, ciphertextBytes, 0, ciphertextBuffer, 0, ciphertextBytes.length));
// Set the key and fast-forward the nonce.
cipher.initializeKey(keyBytes, 0);
cipher.setNonce(nonce);
assertEquals(macLen, cipher.getMACLength());
// Encrypt the data.
Arrays.fill(ciphertextBuffer, (byte)0xAA);
assertEquals(ciphertextBytes.length, cipher.encryptWithAd(adBytes, plaintextBytes, 0, ciphertextBuffer, 0, plaintextBytes.length));
assertArrayEquals(ciphertextBytes, ciphertextBuffer);
// Try to decrypt. The MAC check should fail because the internal
// nonce was incremented and no longer matches the parameter.
assertThrows(BadPaddingException.class, () ->
cipher.decryptWithAd(adBytes, ciphertextBytes, 0, ciphertextBuffer, 0, ciphertextBytes.length));
// Fast-forward the nonce to just before the rollover. We will be able
// to encrypt one more block, and then the next request will be rejected.
cipher.setNonce(-2L);
try {
Arrays.fill(ciphertextBuffer, (byte)0xAA);
cipher.encryptWithAd(adBytes, plaintextBytes, 0, ciphertextBuffer, 0, plaintextBytes.length);
assertThrows(IllegalStateException.class, () ->
cipher.encryptWithAd(adBytes, plaintextBytes, 0, ciphertextBuffer, 0, plaintextBytes.length));
} catch (ShortBufferException e) {
fail("Buffer should have been big enough");
}
// Reset the key and then we can reset the nonce.
cipher.initializeKey(keyBytes, 0);
cipher.setNonce(nonce);
assertEquals(macLen, cipher.getMACLength());
// Decrypt the test ciphertext and MAC.
Arrays.fill(plaintextBuffer, (byte)0xAA);
assertEquals(plaintextBytes.length, cipher.decryptWithAd(adBytes, ciphertextBytes, 0, plaintextBuffer, 0, ciphertextBytes.length));
assertArrayEquals(plaintextBytes, plaintextBuffer);
// Fast-forward the nonce to just before the rollover. We will be able
// to decrypt one more block, and then the next request will be rejected.
cipher.setNonce(-2L);
Arrays.fill(plaintextBuffer, (byte)0xAA);
assertThrows(BadPaddingException.class, () ->
cipher.decryptWithAd(adBytes, ciphertextBytes, 0, plaintextBuffer, 0, ciphertextBytes.length));
cipher.setNonce(-1L);
assertThrows(IllegalStateException.class, () ->
cipher.decryptWithAd(adBytes, ciphertextBytes, 0, plaintextBuffer, 0, ciphertextBytes.length));
}
private void testCipher(String name, int keyLen, int macLen,
String key, long nonce, String ad,
String plaintext, String ciphertext,
String mac) throws ShortBufferException, NoSuchAlgorithmException, BadPaddingException {
testCipher(name, keyLen, macLen, key, nonce, ad, plaintext, ciphertext, mac, true);
testCipher(name, keyLen, macLen, key, nonce, ad, plaintext, ciphertext, mac, false);
}
@Test
public void AESGCM() throws ShortBufferException, NoSuchAlgorithmException, BadPaddingException {
/* Test vectors for AES in GCM mode from Appendix B of:
http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
We can only use a few of the vectors because most of the IV's in the
revised specification don't match what we need here */
// AESGCM - gcm-revised-spec.pdf, test case #13.
testCipher
("AESGCM", 32, 16,
"0x0000000000000000000000000000000000000000000000000000000000000000",
0,
"",
"",
"",
"0x530f8afbc74536b9a963b4f1c4cb738b");
// AESGCM - gcm-revised-spec.pdf, test case #14.
testCipher
("AESGCM", 32, 16,
"0x0000000000000000000000000000000000000000000000000000000000000000",
0,
"",
"0x00000000000000000000000000000000",
"0xcea7403d4d606b6e074ec5d3baf39d18",
"0xd0d1c8a799996bf0265b98b5d48ab919");
}
@Test
public void ChaChaPoly() throws ShortBufferException, NoSuchAlgorithmException, BadPaddingException {
// ChaChaPoly test vectors from Appendix A.5 of RFC 7539.
testCipher
("ChaChaPoly", 32, 16,
"0x1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0",
0x0807060504030201L,
"0xf33388860000000000004e91",
"0x496e7465726e65742d4472616674732061726520647261667420646f63756d65" +
"6e74732076616c696420666f722061206d6178696d756d206f6620736978206d" +
"6f6e74687320616e64206d617920626520757064617465642c207265706c6163" +
"65642c206f72206f62736f6c65746564206279206f7468657220646f63756d65" +
"6e747320617420616e792074696d652e20497420697320696e617070726f7072" +
"6961746520746f2075736520496e7465726e65742d4472616674732061732072" +
"65666572656e6365206d6174657269616c206f7220746f206369746520746865" +
"6d206f74686572207468616e206173202fe2809c776f726b20696e2070726f67" +
"726573732e2fe2809d",
"0x64a0861575861af460f062c79be643bd5e805cfd345cf389f108670ac76c8cb2" +
"4c6cfc18755d43eea09ee94e382d26b0bdb7b73c321b0100d4f03b7f355894cf" +
"332f830e710b97ce98c8a84abd0b948114ad176e008d33bd60f982b1ff37c855" +
"9797a06ef4f0ef61c186324e2b3506383606907b6a7c02b0f9f6157b53c867e4" +
"b9166c767b804d46a59b5216cde7a4e99040c5a40433225ee282a1b0a06c523e" +
"af4534d7f83fa1155b0047718cbc546a0d072b04b3564eea1b422273f548271a" +
"0bb2316053fa76991955ebd63159434ecebb4e466dae5a1073a6727627097a10" +
"49e617d91d361094fa68f0ff77987130305beaba2eda04df997b714d6c6f2c29" +
"a6ad5cb4022b02709b",
"0xeead9d67890cbb22392336fea1851f38");
}
}

61
src/test/java/com/southernstorm/noise/tests/Curve25519Tests.java
View File

@ -1,61 +0,0 @@
/*
* Copyright (C) 2016 Southern Storm Software, Pty Ltd.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
package com.southernstorm.noise.tests;
import java.util.Arrays;
import com.southernstorm.noise.crypto.Curve25519;
import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
public class Curve25519Tests {
@Test
public void curve25519() {
// Test vectors from section 6.1 of RFC 7748.
byte[] alicePrivate = TestUtils.stringToData("0x77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a");
byte[] alicePublic = TestUtils.stringToData("0x8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a");
byte[] bobPrivate = TestUtils.stringToData("0x5dab087e624a8a4b79e17f8b83800ee66f3bb1292618b6fd1c2f8b27ff88e0eb");
byte[] bobPublic = TestUtils.stringToData("0xde9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f");
byte[] sharedSecret = TestUtils.stringToData("0x4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742");
byte[] output = new byte [32];
// Test derivation of public keys from private keys.
Arrays.fill(output, (byte)0xAA);
Curve25519.eval(output, 0, alicePrivate, null);
assertArrayEquals(alicePublic, output);
Arrays.fill(output, (byte)0xAA);
Curve25519.eval(output, 0, bobPrivate, null);
assertArrayEquals(bobPublic, output);
// Test creation of the shared secret in both directions.
Arrays.fill(output, (byte)0xAA);
Curve25519.eval(output, 0, alicePrivate, bobPublic);
assertArrayEquals(sharedSecret, output);
Arrays.fill(output, (byte)0xAA);
Curve25519.eval(output, 0, bobPrivate, alicePublic);
assertArrayEquals(sharedSecret, output);
}
}

61
src/test/java/com/southernstorm/noise/tests/Curve448Tests.java
View File

@ -1,61 +0,0 @@
/*
* Copyright (C) 2016 Southern Storm Software, Pty Ltd.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
package com.southernstorm.noise.tests;
import java.util.Arrays;
import com.southernstorm.noise.crypto.Curve448;
import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
public class Curve448Tests {
@Test
public void curve448() {
// Test vectors from section 6.2 of RFC 7748.
byte[] alicePrivate = TestUtils.stringToData("0x9a8f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a598726b");
byte[] alicePublic = TestUtils.stringToData("0x9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0");
byte[] bobPrivate = TestUtils.stringToData("0x1c306a7ac2a0e2e0990b294470cba339e6453772b075811d8fad0d1d6927c120bb5ee8972b0d3e21374c9c921b09d1b0366f10b65173992d");
byte[] bobPublic = TestUtils.stringToData("0x3eb7a829b0cd20f5bcfc0b599b6feccf6da4627107bdb0d4f345b43027d8b972fc3e34fb4232a13ca706dcb57aec3dae07bdc1c67bf33609");
byte[] sharedSecret = TestUtils.stringToData("0x07fff4181ac6cc95ec1c16a94a0f74d12da232ce40a77552281d282bb60c0b56fd2464c335543936521c24403085d59a449a5037514a879d");
byte[] output = new byte [56];
// Test derivation of public keys from private keys.
Arrays.fill(output, (byte)0xAA);
Curve448.eval(output, 0, alicePrivate, null);
assertArrayEquals(alicePublic, output);
Arrays.fill(output, (byte)0xAA);
Curve448.eval(output, 0, bobPrivate, null);
assertArrayEquals(bobPublic, output);
// Test creation of the shared secret in both directions.
Arrays.fill(output, (byte)0xAA);
Curve448.eval(output, 0, alicePrivate, bobPublic);
assertArrayEquals(sharedSecret, output);
Arrays.fill(output, (byte)0xAA);
Curve448.eval(output, 0, bobPrivate, alicePublic);
assertArrayEquals(sharedSecret, output);
}
}

77
src/test/java/com/southernstorm/noise/tests/GHASHTests.java
View File

@ -1,77 +0,0 @@
/*
* Copyright (C) 2016 Southern Storm Software, Pty Ltd.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
package com.southernstorm.noise.tests;
import java.util.Arrays;
import com.southernstorm.noise.crypto.GHASH;
import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
public class GHASHTests {
private void testGHASH(String key, String data, String hash)
{
byte[] keyBytes = TestUtils.stringToData(key);
byte[] dataBytes = TestUtils.stringToData(data);
byte[] hashBytes = TestUtils.stringToData(hash);
byte[] tag = new byte [16];
GHASH ghash = new GHASH();
ghash.reset(keyBytes, 0);
ghash.update(dataBytes, 0, dataBytes.length);
Arrays.fill(tag, (byte)0xAA);
ghash.finish(tag, 0, 16);
assertArrayEquals(hashBytes, tag);
ghash.reset();
ghash.update(dataBytes, 0, dataBytes.length / 3);
ghash.update(dataBytes, dataBytes.length / 3, dataBytes.length - (dataBytes.length / 3));
Arrays.fill(tag, (byte)0xAA);
ghash.finish(tag, 0, 16);
assertArrayEquals(hashBytes, tag);
}
@Test
public void ghash() {
// Test vectors from Appendix B of:
// http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
testGHASH("0x66e94bd4ef8a2c3b884cfa59ca342b2e",
"0x00000000000000000000000000000000",
"0x00000000000000000000000000000000");
testGHASH("0x66e94bd4ef8a2c3b884cfa59ca342b2e",
"0x0388dace60b6a392f328c2b971b2fe7800000000000000000000000000000080",
"0xf38cbb1ad69223dcc3457ae5b6b0f885");
testGHASH("0xb83b533708bf535d0aa6e52980d53b78",
"0x42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f598500000000000000000000000000000200",
"0x7f1b32b81b820d02614f8895ac1d4eac");
testGHASH("0xb83b533708bf535d0aa6e52980d53b78",
"0xfeedfacedeadbeeffeedfacedeadbeefabaddad200000000000000000000000042831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e0910000000000000000000000a000000000000001e0",
"0x698e57f70e6ecc7fd9463b7260a9ae5f");
}
}

104
src/test/java/com/southernstorm/noise/tests/HashTests.java
View File

@ -1,104 +0,0 @@
/*
* Copyright (C) 2016 Southern Storm Software, Pty Ltd.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
package com.southernstorm.noise.tests;
import java.security.DigestException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import com.southernstorm.noise.protocol.Noise;
import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
/**
* Perform tests on the hash algorithms used by Noise.
*/
public class HashTests {
private void testHash(MessageDigest digest, String input, String hash) throws DigestException {
byte[] inputBytes = TestUtils.stringToData(input);
byte[] hashBytes = TestUtils.stringToData(hash);
byte[] result = new byte [digest.getDigestLength()];
// Hash the entire input in one request.
digest.reset();
digest.update(inputBytes);
digest.digest(result, 0, result.length);
assertArrayEquals(hashBytes, result);
// Hash the input in pieces to test split requests.
digest.reset();
digest.update(inputBytes, 0, inputBytes.length / 2);
digest.update(inputBytes, inputBytes.length / 2, inputBytes.length - (inputBytes.length / 2));
digest.digest(result, 0, result.length);
assertArrayEquals(hashBytes, result);
}
private void testHash(String name, String input, String hash) throws NoSuchAlgorithmException, DigestException {
MessageDigest digest = null;
Noise.setForceFallbacks(true);
try {
digest = Noise.createHash(name);
} finally {
Noise.setForceFallbacks(false);
}
testHash(digest, input, hash);
Noise.setForceFallbacks(false);
digest = Noise.createHash(name);
testHash(digest, input, hash);
}
@Test
public void blake2b() throws DigestException, NoSuchAlgorithmException {
testHash("BLAKE2b", "", "0x786a02f742015903c6c6fd852552d272912f4740e15847618a86e217f71f5419d25e1031afee585313896444934eb04b903a685b1448b755d56f701afe9be2ce");
testHash("BLAKE2b", "abc", "0xba80a53f981c4d0d6a2797b69f12f6e94c212f14685ac4b74b12bb6fdbffa2d17d87c5392aab792dc252d5de4533cc9518d38aa8dbf1925ab92386edd4009923");
testHash("BLAKE2b", "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", "0x7285ff3e8bd768d69be62b3bf18765a325917fa9744ac2f582a20850bc2b1141ed1b3e4528595acc90772bdf2d37dc8a47130b44f33a02e8730e5ad8e166e888");
testHash("BLAKE2b", "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", "0xce741ac5930fe346811175c5227bb7bfcd47f42612fae46c0809514f9e0e3a11ee1773287147cdeaeedff50709aa716341fe65240f4ad6777d6bfaf9726e5e52");
}
@Test
public void blake2s() throws DigestException, NoSuchAlgorithmException {
testHash("BLAKE2s", "", "0x69217a3079908094e11121d042354a7c1f55b6482ca1a51e1b250dfd1ed0eef9");
testHash("BLAKE2s", "abc", "0x508c5e8c327c14e2e1a72ba34eeb452f37458b209ed63a294d999b4c86675982");
testHash("BLAKE2s", "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", "0x6f4df5116a6f332edab1d9e10ee87df6557beab6259d7663f3bcd5722c13f189");
testHash("BLAKE2s", "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", "0x358dd2ed0780d4054e76cb6f3a5bce2841e8e2f547431d4d09db21b66d941fc7");
}
@Test
public void sha256() throws DigestException, NoSuchAlgorithmException {
testHash("SHA256", "", "0xe3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855");
testHash("SHA256", "abc", "0xba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad");
testHash("SHA256", "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", "0x248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1");
}
@Test
public void sha512() throws DigestException, NoSuchAlgorithmException {
testHash("SHA512", "", "0xcf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e");
testHash("SHA512", "abc", "0xddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f");
testHash("SHA512", "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", "0x8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909");
}
}

69
src/test/java/com/southernstorm/noise/tests/Poly1305Tests.java
View File

@ -1,69 +0,0 @@
/*
* Copyright (C) 2016 Southern Storm Software, Pty Ltd.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
package com.southernstorm.noise.tests;
import java.util.Arrays;
import com.southernstorm.noise.crypto.Poly1305;
import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
/**
* Perform tests on the Poly1305 implementation in isolation from ChaChaPoly.
*/
public class Poly1305Tests {
private void testPoly1305(String key, String data, String hash)
{
byte[] keyBytes = TestUtils.stringToData(key);
byte[] dataBytes = TestUtils.stringToData(data);
byte[] hashBytes = TestUtils.stringToData(hash);
byte[] token = new byte [16];
// Authenticate the data in one hit.
Poly1305 poly = new Poly1305();
poly.reset(keyBytes, 0);
poly.update(dataBytes, 0, dataBytes.length);
poly.finish(token, 0);
assertArrayEquals(hashBytes, token);
// Break the data up into chunks to test multiple calls to update().
Arrays.fill(token, (byte)0xDD);
poly.reset(keyBytes, 0);
poly.update(dataBytes, 0, dataBytes.length / 2);
poly.update(dataBytes, dataBytes.length / 2, dataBytes.length - (dataBytes.length / 2));
poly.finish(token, 0);
assertArrayEquals(hashBytes, token);
}
@Test
public void poly1305() {
// Test vectors from the Poly1305 specification.
testPoly1305("0x851fc40c3467ac0be05cc20404f3f700580b3b0f9447bb1e69d095b5928b6dbc", "0xf3f6", "0xf4c633c3044fc145f84f335cb81953de");
testPoly1305("0xa0f3080000f46400d0c7e9076c834403dd3fab2251f11ac759f0887129cc2ee7", "", "0xdd3fab2251f11ac759f0887129cc2ee7");
testPoly1305("0x48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef", "0x663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136", "0x0ee1c16bb73f0f4fd19881753c01cdbe");
testPoly1305("0x12976a08c4426d0ce8a82407c4f4820780f8c20aa71202d1e29179cbcb555a57", "0xab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9", "0x5154ad0d2cb26e01274fc51148491f1b");
}
}

67
src/test/java/com/southernstorm/noise/tests/RijndaelAESTests.java
View File

@ -1,67 +0,0 @@
/*
* Copyright (C) 2016 Southern Storm Software, Pty Ltd.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
package com.southernstorm.noise.tests;
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
import java.util.Arrays;
import com.southernstorm.noise.crypto.RijndaelAES;
import org.junit.jupiter.api.Test;
/**
* AES test cases to verify the fallback RijndaelAES implementation.
*/
public class RijndaelAESTests {
private void testECB(String key, String plaintext, String ciphertext)
{
byte[] keyBytes = TestUtils.stringToData(key);
byte[] plaintextBytes = TestUtils.stringToData(plaintext);
byte[] ciphertextBytes = TestUtils.stringToData(ciphertext);
byte[] block = new byte [16];
RijndaelAES aes = new RijndaelAES();
Arrays.fill(block, (byte)0xAA);
aes.setupEnc(keyBytes, 0, keyBytes.length * 8);
aes.encrypt(plaintextBytes, 0, block, 0);
assertArrayEquals(ciphertextBytes, block);
Arrays.fill(block, (byte)0xAA);
aes.setupDec(keyBytes, 0, keyBytes.length * 8);
aes.decrypt(ciphertextBytes, 0, block, 0);
assertArrayEquals(plaintextBytes, block);
aes.destroy();
}
@Test
public void rijndael()
{
// ECB test vectors from the FIPS specification.
testECB("0x000102030405060708090A0B0C0D0E0F", "0x00112233445566778899AABBCCDDEEFF", "0x69C4E0D86A7B0430D8CDB78070B4C55A");
testECB("0x000102030405060708090A0B0C0D0E0F1011121314151617", "0x00112233445566778899AABBCCDDEEFF", "0xDDA97CA4864CDFE06EAF70A0EC0D7191");
testECB("0x000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", "0x00112233445566778899AABBCCDDEEFF", "0x8EA2B7CA516745BFEAFC49904B496089");
}
}

54
src/test/java/com/southernstorm/noise/tests/TestUtils.java
View File

@ -1,54 +0,0 @@
/*
* Copyright (C) 2016 Southern Storm Software, Pty Ltd.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
package com.southernstorm.noise.tests;
import java.io.UnsupportedEncodingException;
import javax.xml.bind.DatatypeConverter;
public class TestUtils {
/**
* Convert a string into a binary byte array.
*
* @param data The string data to convert.
* @return The binary version of the data.
*
* If the string starts with "0x", then the remainder of the string is
* interpreted as hexadecimal. Otherwise the string is interpreted
* as a literal string (e.g. "abc") and converted with the UTF-8 encoding.
*/
public static byte[] stringToData(String data)
{
if (data.startsWith("0x")) {
return DatatypeConverter.parseHexBinary(data.substring(2));
} else {
try {
return data.getBytes("UTF-8");
} catch (UnsupportedEncodingException e) {
return new byte [0];
}
}
}
}

411
src/test/java/com/southernstorm/noise/tests/VectorTests.java
View File

@ -1,411 +0,0 @@
/*
* Copyright (C) 2016 Southern Storm Software, Pty Ltd.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
package com.southernstorm.noise.tests;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.List;
import java.util.stream.Stream;
import javax.crypto.BadPaddingException;
import javax.crypto.ShortBufferException;
import javax.xml.bind.DatatypeConverter;
import com.southernstorm.json.JsonReader;
import com.southernstorm.noise.protocol.CipherState;
import com.southernstorm.noise.protocol.CipherStatePair;
import com.southernstorm.noise.protocol.HandshakeState;
import org.junit.jupiter.api.Named;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.Arguments;
import org.junit.jupiter.params.provider.MethodSource;
import static org.junit.jupiter.api.Assertions.*;
/**
* Executes Noise vector tests in JSON format.
*/
public class VectorTests {
/**
* Information about a handshake or transport message.
*/
private static class TestMessage
{
public byte[] payload;
public byte[] ciphertext;
}
/**
* Information about a Noise test vector that was parsed from a JSON stream.
*/
private static class TestVector
{
public String name;
public String pattern;
public String dh;
public String hybrid;
public String cipher;
public String hash;
public String fallback_pattern;
public byte[] init_prologue;
public byte[] init_ephemeral;
public byte[] init_hybrid;
public byte[] init_static;
public byte[] init_remote_static;
public byte[] init_psk;
public byte[] init_ssk;
public byte[] resp_prologue;
public byte[] resp_ephemeral;
public byte[] resp_hybrid;
public byte[] resp_static;
public byte[] resp_remote_static;
public byte[] resp_psk;
public byte[] resp_ssk;
public byte[] handshake_hash;
public boolean failure_expected;
public boolean fallback_expected;
public TestMessage[] messages;
public void addMessage(TestMessage msg)
{
TestMessage[] newMessages;
if (messages != null) {
newMessages = new TestMessage [messages.length + 1];
System.arraycopy(messages, 0, newMessages, 0, messages.length);
newMessages[messages.length] = msg;
} else {
newMessages = new TestMessage [1];
newMessages[0] = msg;
}
messages = newMessages;
}
}
private void assertSubArrayEquals(String msg, byte[] expected, byte[] actual)
{
for (int index = 0; index < expected.length; ++index)
assertEquals(expected[index], actual[index], msg + "[" + index + "]");
}
@ParameterizedTest
@MethodSource
void testVectors(TestVector vec) throws ShortBufferException, BadPaddingException, NoSuchAlgorithmException
{
HandshakeState initiator = new HandshakeState(vec.name, HandshakeState.INITIATOR);
HandshakeState responder = new HandshakeState(vec.name, HandshakeState.RESPONDER);
assertEquals(HandshakeState.INITIATOR, initiator.getRole());
assertEquals(HandshakeState.RESPONDER, responder.getRole());
assertEquals(vec.name, initiator.getProtocolName());
assertEquals(vec.name, responder.getProtocolName());
// Set all keys and special values that we need.
if (vec.init_prologue != null)
initiator.setPrologue(vec.init_prologue, 0, vec.init_prologue.length);
if (vec.init_static != null)
initiator.getLocalKeyPair().setPrivateKey(vec.init_static, 0);
if (vec.init_remote_static != null)
initiator.getRemotePublicKey().setPublicKey(vec.init_remote_static, 0);
if (vec.init_hybrid != null)
initiator.getFixedHybridKey().setPrivateKey(vec.init_hybrid, 0);
if (vec.init_ephemeral != null)
initiator.getFixedEphemeralKey().setPrivateKey(vec.init_ephemeral, 0);
if (vec.init_psk != null)
initiator.setPreSharedKey(vec.init_psk, 0, vec.init_psk.length);
if (vec.resp_prologue != null)
responder.setPrologue(vec.resp_prologue, 0, vec.resp_prologue.length);
if (vec.resp_static != null)
responder.getLocalKeyPair().setPrivateKey(vec.resp_static, 0);
if (vec.resp_remote_static != null)
responder.getRemotePublicKey().setPublicKey(vec.resp_remote_static, 0);
if (vec.resp_ephemeral != null) {
// Note: The test data contains responder ephemeral keys for one-way
// patterns which doesn't actually make sense. Ignore those keys.
if (vec.pattern.length() != 1)
responder.getFixedEphemeralKey().setPrivateKey(vec.resp_ephemeral, 0);
}
if (vec.resp_hybrid != null)
responder.getFixedHybridKey().setPrivateKey(vec.resp_hybrid, 0);
if (vec.resp_psk != null)
responder.setPreSharedKey(vec.resp_psk, 0, vec.resp_psk.length);
// Start both sides of the handshake.
assertEquals(HandshakeState.NO_ACTION, initiator.getAction());
assertEquals(HandshakeState.NO_ACTION, responder.getAction());
initiator.start();
responder.start();
assertEquals(HandshakeState.WRITE_MESSAGE, initiator.getAction());
assertEquals(HandshakeState.READ_MESSAGE, responder.getAction());
// Work through the messages one by one until both sides "split".
int role = HandshakeState.INITIATOR;
int index = 0;
boolean isOneWay = (vec.pattern.length() == 1);
boolean fallback = vec.fallback_expected;
byte[] message = new byte [8192];
byte[] plaintext = new byte [8192];
for (; index < vec.messages.length; ++index) {
final HandshakeState send, recv;
if (initiator.getAction() == HandshakeState.SPLIT &&
responder.getAction() == HandshakeState.SPLIT) {
break;
}
if (role == HandshakeState.INITIATOR) {
// Send on the initiator, receive on the responder.
send = initiator;
recv = responder;
if (!isOneWay)
role = HandshakeState.RESPONDER;
} else {
// Send on the responder, receive on the initiator.
send = responder;
recv = initiator;
role = HandshakeState.INITIATOR;
}
assertEquals(HandshakeState.WRITE_MESSAGE, send.getAction());
assertEquals(HandshakeState.READ_MESSAGE, recv.getAction());
TestMessage msg = vec.messages[index];
int len = send.writeMessage(message, 0, msg.payload, 0, msg.payload.length);
assertEquals(msg.ciphertext.length, len);
assertSubArrayEquals(index + ": ciphertext", msg.ciphertext, message);
if (fallback) {
// Perform a read on the responder, which will fail.
assertThrows(BadPaddingException.class, () -> recv.readMessage(message, 0, len, plaintext, 0),
"read should have triggered fallback");
// Look up the pattern to fall back to.
String pattern = vec.fallback_pattern;
if (pattern == null)
pattern = "XXfallback";
// Initiate fallback on both sides.
initiator.fallback(pattern);
responder.fallback(pattern);
// Restart the protocols.
initiator.start();
responder.start();
// Only need to fallback once.
fallback = false;
} else {
int plen = recv.readMessage(message, 0, len, plaintext, 0);
assertEquals(msg.payload.length, plen);
assertSubArrayEquals(index + ": payload", msg.payload, plaintext);
}
}
if (vec.fallback_expected) {
// The roles will have reversed during the handshake.
assertEquals(HandshakeState.RESPONDER, initiator.getRole());
assertEquals(HandshakeState.INITIATOR, responder.getRole());
} else {
assertEquals(HandshakeState.INITIATOR, initiator.getRole());
assertEquals(HandshakeState.RESPONDER, responder.getRole());
}
// Handshake finished. Check the handshake hash values.
if (vec.handshake_hash != null) {
assertArrayEquals(vec.handshake_hash, initiator.getHandshakeHash());
assertArrayEquals(vec.handshake_hash, responder.getHandshakeHash());
}
// Split the two sides to get the transport ciphers.
CipherStatePair initPair;
CipherStatePair respPair;
assertEquals(HandshakeState.SPLIT, initiator.getAction());
assertEquals(HandshakeState.SPLIT, responder.getAction());
if (vec.init_ssk != null)
initPair = initiator.split(vec.init_ssk, 0, vec.init_ssk.length);
else
initPair = initiator.split();
if (vec.resp_ssk != null)
respPair = responder.split(vec.resp_ssk, 0, vec.resp_ssk.length);
else
respPair = responder.split();
assertEquals(HandshakeState.COMPLETE, initiator.getAction());
assertEquals(HandshakeState.COMPLETE, responder.getAction());
// Now handle the data transport.
CipherState csend, crecv;
for (; index < vec.messages.length; ++index) {
TestMessage msg = vec.messages[index];
if (role == HandshakeState.INITIATOR) {
// Send on the initiator, receive on the responder.
csend = initPair.getSender();
crecv = respPair.getReceiver();
if (!isOneWay)
role = HandshakeState.RESPONDER;
} else {
// Send on the responder, receive on the initiator.
csend = respPair.getSender();
crecv = initPair.getReceiver();
role = HandshakeState.INITIATOR;
}
int len = csend.encryptWithAd(null, msg.payload, 0, message, 0, msg.payload.length);
assertEquals(msg.ciphertext.length, len);
assertSubArrayEquals(index + ": ciphertext", msg.ciphertext, message);
int plen = crecv.decryptWithAd(null, message, 0, plaintext, 0, len);
assertEquals(msg.payload.length, plen);
assertSubArrayEquals(index + ": payload", msg.payload, plaintext);
}
// Clean up.
initiator.destroy();
responder.destroy();
initPair.destroy();
respPair.destroy();
}
private static Stream<Arguments> testVectors() throws IOException {
try (InputStream testVectorInputStream = VectorTests.class.getResourceAsStream("test-vectors.json")) {
if (testVectorInputStream == null) {
throw new IOException("Could not load test vectors");
}
return loadTestVectors(testVectorInputStream).stream()
.map(testVector -> Arguments.of(Named.of(testVector.name, testVector)));
}
}
private static TestVector getNextVector(final JsonReader reader) throws IOException
{
boolean res = true;
// Parse the contents of the test vector.
TestVector vec = new TestVector();
while (reader.hasNext()) {
String name = reader.nextName();
if (name.equals("name"))
vec.name = reader.nextString();
else if (name.equals("pattern"))
vec.pattern = reader.nextString();
else if (name.equals("dh"))
vec.dh = reader.nextString();
else if (name.equals("hybrid"))
vec.hybrid = reader.nextString();
else if (name.equals("cipher"))
vec.cipher = reader.nextString();
else if (name.equals("hash"))
vec.hash = reader.nextString();
else if (name.equals("fallback_pattern"))
vec.fallback_pattern = reader.nextString();
else if (name.equals("init_prologue"))
vec.init_prologue = DatatypeConverter.parseHexBinary(reader.nextString());
else if (name.equals("init_ephemeral"))
vec.init_ephemeral = DatatypeConverter.parseHexBinary(reader.nextString());
else if (name.equals("init_hybrid_ephemeral"))
vec.init_hybrid = DatatypeConverter.parseHexBinary(reader.nextString());
else if (name.equals("init_static"))
vec.init_static = DatatypeConverter.parseHexBinary(reader.nextString());
else if (name.equals("init_remote_static"))
vec.init_remote_static = DatatypeConverter.parseHexBinary(reader.nextString());
else if (name.equals("init_psk"))
vec.init_psk = DatatypeConverter.parseHexBinary(reader.nextString());
else if (name.equals("init_ssk"))
vec.init_ssk = DatatypeConverter.parseHexBinary(reader.nextString());
else if (name.equals("resp_prologue"))
vec.resp_prologue = DatatypeConverter.parseHexBinary(reader.nextString());
else if (name.equals("resp_ephemeral"))
vec.resp_ephemeral = DatatypeConverter.parseHexBinary(reader.nextString());
else if (name.equals("resp_hybrid_ephemeral"))
vec.resp_hybrid = DatatypeConverter.parseHexBinary(reader.nextString());
else if (name.equals("resp_static"))
vec.resp_static = DatatypeConverter.parseHexBinary(reader.nextString());
else if (name.equals("resp_remote_static"))
vec.resp_remote_static = DatatypeConverter.parseHexBinary(reader.nextString());
else if (name.equals("resp_psk"))
vec.resp_psk = DatatypeConverter.parseHexBinary(reader.nextString());
else if (name.equals("resp_ssk"))
vec.resp_ssk = DatatypeConverter.parseHexBinary(reader.nextString());
else if (name.equals("handshake_hash"))
vec.handshake_hash = DatatypeConverter.parseHexBinary(reader.nextString());
else if (name.equals("fail"))
vec.failure_expected = reader.nextBoolean();
else if (name.equals("fallback"))
vec.fallback_expected = reader.nextBoolean();
else if (name.equals("messages")) {
reader.beginArray();
while (reader.hasNext()) {
TestMessage msg = new TestMessage();
reader.beginObject();
while (reader.hasNext()) {
name = reader.nextName();
if (name.equals("payload"))
msg.payload = DatatypeConverter.parseHexBinary(reader.nextString());
else if (name.equals("ciphertext"))
msg.ciphertext = DatatypeConverter.parseHexBinary(reader.nextString());
else
reader.skipValue();
}
vec.addMessage(msg);
reader.endObject();
}
reader.endArray();
} else {
reader.skipValue();
}
}
// Format the complete protocol name.
String protocolName = "Noise";
if (vec.init_psk != null || vec.resp_psk != null)
protocolName += "PSK";
String dh = vec.dh;
if (vec.hybrid != null)
dh = dh + "+" + vec.hybrid;
protocolName += "_" + vec.pattern + "_" + dh + "_" + vec.cipher + "_" + vec.hash;
if (vec.name == null)
vec.name = protocolName;
return vec;
}
private static List<TestVector> loadTestVectors(InputStream jsonInputStream) throws IOException {
List<TestVector> testVectors = new ArrayList<>();
try (JsonReader jsonReader = new JsonReader(new BufferedReader(new InputStreamReader(jsonInputStream)))) {
jsonReader.beginObject();
while (jsonReader.hasNext()) {
String name = jsonReader.nextName();
if (name.equals("vectors")) {
jsonReader.beginArray();
while (jsonReader.hasNext()) {
jsonReader.beginObject();
testVectors.add(getNextVector(jsonReader));
jsonReader.endObject();
}
jsonReader.endArray();
} else {
jsonReader.skipValue();
}
}
jsonReader.endObject();
}
return testVectors;
}
}

19684
src/test/resources/com/southernstorm/noise/tests/test-vectors.json
View File

File diff suppressed because it is too large Load Diff

474
stylesheet.css Normal file
View File

@ -0,0 +1,474 @@
/* Javadoc style sheet */
/*
Overall document style
*/
body {
background-color:#ffffff;
color:#353833;
font-family:Arial, Helvetica, sans-serif;
font-size:76%;
margin:0;
}
a:link, a:visited {
text-decoration:none;
color:#4c6b87;
}
a:hover, a:focus {
text-decoration:none;
color:#bb7a2a;
}
a:active {
text-decoration:none;
color:#4c6b87;
}
a[name] {
color:#353833;
}
a[name]:hover {
text-decoration:none;
color:#353833;
}
pre {
font-size:1.3em;
}
h1 {
font-size:1.8em;
}
h2 {
font-size:1.5em;
}
h3 {
font-size:1.4em;
}
h4 {
font-size:1.3em;
}
h5 {
font-size:1.2em;
}
h6 {
font-size:1.1em;
}
ul {
list-style-type:disc;
}
code, tt {
font-size:1.2em;
}
dt code {
font-size:1.2em;
}
table tr td dt code {
font-size:1.2em;
vertical-align:top;
}
sup {
font-size:.6em;
}
/*
Document title and Copyright styles
*/
.clear {
clear:both;
height:0px;
overflow:hidden;
}
.aboutLanguage {
float:right;
padding:0px 21px;
font-size:.8em;
z-index:200;
margin-top:-7px;
}
.legalCopy {
margin-left:.5em;
}
.bar a, .bar a:link, .bar a:visited, .bar a:active {
color:#FFFFFF;
text-decoration:none;
}
.bar a:hover, .bar a:focus {
color:#bb7a2a;
}
.tab {
background-color:#0066FF;
background-image:url(resources/titlebar.gif);
background-position:left top;
background-repeat:no-repeat;
color:#ffffff;
padding:8px;
width:5em;
font-weight:bold;
}
/*
Navigation bar styles
*/
.bar {
background-image:url(resources/background.gif);
background-repeat:repeat-x;
color:#FFFFFF;
padding:.8em .5em .4em .8em;
height:auto;/*height:1.8em;*/
font-size:1em;
margin:0;
}
.topNav {
background-image:url(resources/background.gif);
background-repeat:repeat-x;
color:#FFFFFF;
float:left;
padding:0;
width:100%;
clear:right;
height:2.8em;
padding-top:10px;
overflow:hidden;
}
.bottomNav {
margin-top:10px;
background-image:url(resources/background.gif);
background-repeat:repeat-x;
color:#FFFFFF;
float:left;
padding:0;
width:100%;
clear:right;
height:2.8em;
padding-top:10px;
overflow:hidden;
}
.subNav {
background-color:#dee3e9;
border-bottom:1px solid #9eadc0;
float:left;
width:100%;
overflow:hidden;
}
.subNav div {
clear:left;
float:left;
padding:0 0 5px 6px;
}
ul.navList, ul.subNavList {
float:left;
margin:0 25px 0 0;
padding:0;
}
ul.navList li{
list-style:none;
float:left;
padding:3px 6px;
}
ul.subNavList li{
list-style:none;
float:left;
font-size:90%;
}
.topNav a:link, .topNav a:active, .topNav a:visited, .bottomNav a:link, .bottomNav a:active, .bottomNav a:visited {
color:#FFFFFF;
text-decoration:none;
}
.topNav a:hover, .bottomNav a:hover {
text-decoration:none;
color:#bb7a2a;
}
.navBarCell1Rev {
background-image:url(resources/tab.gif);
background-color:#a88834;
color:#FFFFFF;
margin: auto 5px;
border:1px solid #c9aa44;
}
/*
Page header and footer styles
*/
.header, .footer {
clear:both;
margin:0 20px;
padding:5px 0 0 0;
}
.indexHeader {
margin:10px;
position:relative;
}
.indexHeader h1 {
font-size:1.3em;
}
.title {
color:#2c4557;
margin:10px 0;
}
.subTitle {
margin:5px 0 0 0;
}
.header ul {
margin:0 0 25px 0;
padding:0;
}
.footer ul {
margin:20px 0 5px 0;
}
.header ul li, .footer ul li {
list-style:none;
font-size:1.2em;
}
/*
Heading styles
*/
div.details ul.blockList ul.blockList ul.blockList li.blockList h4, div.details ul.blockList ul.blockList ul.blockListLast li.blockList h4 {
background-color:#dee3e9;
border-top:1px solid #9eadc0;
border-bottom:1px solid #9eadc0;
margin:0 0 6px -8px;
padding:2px 5px;
}
ul.blockList ul.blockList ul.blockList li.blockList h3 {
background-color:#dee3e9;
border-top:1px solid #9eadc0;
border-bottom:1px solid #9eadc0;
margin:0 0 6px -8px;
padding:2px 5px;
}
ul.blockList ul.blockList li.blockList h3 {
padding:0;
margin:15px 0;
}
ul.blockList li.blockList h2 {
padding:0px 0 20px 0;
}
/*
Page layout container styles
*/
.contentContainer, .sourceContainer, .classUseContainer, .serializedFormContainer, .constantValuesContainer {
clear:both;
padding:10px 20px;
position:relative;
}
.indexContainer {
margin:10px;
position:relative;
font-size:1.0em;
}
.indexContainer h2 {
font-size:1.1em;
padding:0 0 3px 0;
}
.indexContainer ul {
margin:0;
padding:0;
}
.indexContainer ul li {
list-style:none;
}
.contentContainer .description dl dt, .contentContainer .details dl dt, .serializedFormContainer dl dt {
font-size:1.1em;
font-weight:bold;
margin:10px 0 0 0;
color:#4E4E4E;
}
.contentContainer .description dl dd, .contentContainer .details dl dd, .serializedFormContainer dl dd {
margin:10px 0 10px 20px;
}
.serializedFormContainer dl.nameValue dt {
margin-left:1px;
font-size:1.1em;
display:inline;
font-weight:bold;
}
.serializedFormContainer dl.nameValue dd {
margin:0 0 0 1px;
font-size:1.1em;
display:inline;
}
/*
List styles
*/
ul.horizontal li {
display:inline;
font-size:0.9em;
}
ul.inheritance {
margin:0;
padding:0;
}
ul.inheritance li {
display:inline;
list-style:none;
}
ul.inheritance li ul.inheritance {
margin-left:15px;
padding-left:15px;
padding-top:1px;
}
ul.blockList, ul.blockListLast {
margin:10px 0 10px 0;
padding:0;
}
ul.blockList li.blockList, ul.blockListLast li.blockList {
list-style:none;
margin-bottom:25px;
}
ul.blockList ul.blockList li.blockList, ul.blockList ul.blockListLast li.blockList {
padding:0px 20px 5px 10px;
border:1px solid #9eadc0;
background-color:#f9f9f9;
}
ul.blockList ul.blockList ul.blockList li.blockList, ul.blockList ul.blockList ul.blockListLast li.blockList {
padding:0 0 5px 8px;
background-color:#ffffff;
border:1px solid #9eadc0;
border-top:none;
}
ul.blockList ul.blockList ul.blockList ul.blockList li.blockList {
margin-left:0;
padding-left:0;
padding-bottom:15px;
border:none;
border-bottom:1px solid #9eadc0;
}
ul.blockList ul.blockList ul.blockList ul.blockList li.blockListLast {
list-style:none;
border-bottom:none;
padding-bottom:0;
}
table tr td dl, table tr td dl dt, table tr td dl dd {
margin-top:0;
margin-bottom:1px;
}
/*
Table styles
*/
.contentContainer table, .classUseContainer table, .constantValuesContainer table {
border-bottom:1px solid #9eadc0;
width:100%;
}
.contentContainer ul li table, .classUseContainer ul li table, .constantValuesContainer ul li table {
width:100%;
}
.contentContainer .description table, .contentContainer .details table {
border-bottom:none;
}
.contentContainer ul li table th.colOne, .contentContainer ul li table th.colFirst, .contentContainer ul li table th.colLast, .classUseContainer ul li table th, .constantValuesContainer ul li table th, .contentContainer ul li table td.colOne, .contentContainer ul li table td.colFirst, .contentContainer ul li table td.colLast, .classUseContainer ul li table td, .constantValuesContainer ul li table td{
vertical-align:top;
padding-right:20px;
}
.contentContainer ul li table th.colLast, .classUseContainer ul li table th.colLast,.constantValuesContainer ul li table th.colLast,
.contentContainer ul li table td.colLast, .classUseContainer ul li table td.colLast,.constantValuesContainer ul li table td.colLast,
.contentContainer ul li table th.colOne, .classUseContainer ul li table th.colOne,
.contentContainer ul li table td.colOne, .classUseContainer ul li table td.colOne {
padding-right:3px;
}
.overviewSummary caption, .packageSummary caption, .contentContainer ul.blockList li.blockList caption, .summary caption, .classUseContainer caption, .constantValuesContainer caption {
position:relative;
text-align:left;
background-repeat:no-repeat;
color:#FFFFFF;
font-weight:bold;
clear:none;
overflow:hidden;
padding:0px;
margin:0px;
}
caption a:link, caption a:hover, caption a:active, caption a:visited {
color:#FFFFFF;
}
.overviewSummary caption span, .packageSummary caption span, .contentContainer ul.blockList li.blockList caption span, .summary caption span, .classUseContainer caption span, .constantValuesContainer caption span {
white-space:nowrap;
padding-top:8px;
padding-left:8px;
display:block;
float:left;
background-image:url(resources/titlebar.gif);
height:18px;
}
.overviewSummary .tabEnd, .packageSummary .tabEnd, .contentContainer ul.blockList li.blockList .tabEnd, .summary .tabEnd, .classUseContainer .tabEnd, .constantValuesContainer .tabEnd {
width:10px;
background-image:url(resources/titlebar_end.gif);
background-repeat:no-repeat;
background-position:top right;
position:relative;
float:left;
}
ul.blockList ul.blockList li.blockList table {
margin:0 0 12px 0px;
width:100%;
}
.tableSubHeadingColor {
background-color: #EEEEFF;
}
.altColor {
background-color:#eeeeef;
}
.rowColor {
background-color:#ffffff;
}
.overviewSummary td, .packageSummary td, .contentContainer ul.blockList li.blockList td, .summary td, .classUseContainer td, .constantValuesContainer td {
text-align:left;
padding:3px 3px 3px 7px;
}
th.colFirst, th.colLast, th.colOne, .constantValuesContainer th {
background:#dee3e9;
border-top:1px solid #9eadc0;
border-bottom:1px solid #9eadc0;
text-align:left;
padding:3px 3px 3px 7px;
}
td.colOne a:link, td.colOne a:active, td.colOne a:visited, td.colOne a:hover, td.colFirst a:link, td.colFirst a:active, td.colFirst a:visited, td.colFirst a:hover, td.colLast a:link, td.colLast a:active, td.colLast a:visited, td.colLast a:hover, .constantValuesContainer td a:link, .constantValuesContainer td a:active, .constantValuesContainer td a:visited, .constantValuesContainer td a:hover {
font-weight:bold;
}
td.colFirst, th.colFirst {
border-left:1px solid #9eadc0;
white-space:nowrap;
}
td.colLast, th.colLast {
border-right:1px solid #9eadc0;
}
td.colOne, th.colOne {
border-right:1px solid #9eadc0;
border-left:1px solid #9eadc0;
}
table.overviewSummary {
padding:0px;
margin-left:0px;
}
table.overviewSummary td.colFirst, table.overviewSummary th.colFirst,
table.overviewSummary td.colOne, table.overviewSummary th.colOne {
width:25%;
vertical-align:middle;
}
table.packageSummary td.colFirst, table.overviewSummary th.colFirst {
width:25%;
vertical-align:middle;
}
/*
Content styles
*/
.description pre {
margin-top:0;
}
.deprecatedContent {
margin:0;
padding:10px 0;
}
.docSummary {
padding:0;
}
/*
Formatting effect styles
*/
.sourceLineNo {
color:green;
padding:0 30px 0 0;
}
h1.hidden {
visibility:hidden;
overflow:hidden;
font-size:.9em;
}
.block {
display:block;
margin:3px 0 0 0;
}
.strong {
font-weight:bold;
}