0

The question sounds confusing I suppose, trying to make it more clear.

I'd like to implement a specifing non-leaking map with java card and according to the pseudocode I have, I should implement something like this:

JCArrayInt[] f = new JCArrayInt[2];
f[0] = new JCArrayInt(size);
f[1] = new JCArrayInt(size);
byte[] r = new byte[6];
byte[] help = new byte[6];

help = bit_and(r, 0x000000000001);
return f[help[5]].jcint;

Basically JCArrayInt is acting as twodimensional array consisting of two byte-arrays of size 6 (48 bit unsigned integer).

All I want to do for the bitwise and is to "and" the byte-array r with the constant 0x00...1 and if the result is 1 I am continuing with the bytearray at f[1], otherwise with the byte[] at f[0].

What I do at the moment is that for the return value I simply take the steps shown above. but since this is "hard-coded" I have a bad feeling with f[help[5]].jcint and would like to know a smoother way.

achiever
  • 309
  • 1
  • 16
  • What is the type of your array `f`. Is it `uint8`? Is it always two elements in size? Do you care about endianness? Is `r` a bit array, or always the number `1`? I am a bit confused by your question as you can tell... – Floris Feb 19 '14 at 15:51
  • You could just drop all those zeroes in the mask. `bit_and(r, 1)`, or `0x1` if you really like base 16. –  Feb 19 '14 at 15:52
  • f is just a byte[], don't care about endianness! r is a random bit array of the same size as 0x0...1 – achiever Feb 19 '14 at 16:02
  • You need to care about endianness when you do `bit_and(r, 0x000000000001)` since it is not clear to me what byte in `r` you will be comparing... the constant you are using must be an 8 byte constant (it's bigger than 4), yet `r` is only 6 bytes long. You might be looking at `r[0]` or you might be looking at (non existent) `r[7]`? Am I missing something about the way `bit_and` is implemented? I would probably suggest you decide which element of `r` you actually care about, and just test its LSB: `f[(r[0]&1==0)?0:1]` or something like that. – Floris Feb 19 '14 at 16:20
  • my bitwise_and is implemented in a way (I always deal with 48bit unsigned integer, so 6 byte of size) that I loop through them (r and the constant) and "AND" each element of it – achiever Feb 19 '14 at 16:30
  • as a result of the AND i get either 0x000000000000 or 0x000000000001 => so should I just access the last bit to figure out if I want to access f[0/1] or is there another way? – achiever Feb 19 '14 at 16:46
  • I will simply access the minor bit since all the others are irrelevant - seems to be the easiest and "smooth" enough – achiever Feb 20 '14 at 14:50
  • I haven't got a clue what you are trying to achieve here. Please show us some input and expected output in hexademal bytes. – Maarten Bodewes Feb 21 '14 at 01:27
  • I have updated the question, I hope my issue is now better to understand! – achiever Feb 25 '14 at 13:04

1 Answers1

0

i think you can specify the f1 like this:

final byte[] f1 = new byte[] {(byte) 0x35, (byte) 0xB0,(byte) 0x88,(byte) 0xCC,(byte) 0xE1,(byte) 0x73};

and you can specify the 6-bytes constant like this:

final byte[] constant = new byte[] {(byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x01};

and you can do rotate left like this:

public static byte[] ROTL48 (byte[] data) {
    byte  x = (byte)((data[0] >>> 7) & 0x001);
    short len = (short) (data.length - 1);
    for (short i = 0; i < len; ++i) {
        data[i] = (byte)(((data[i] << 1) & 0x0FE) | ((data[i + 1] >>> 7) & 0x001));
    }
    data[len] = (byte)(((data[len] << 1) & 0x0FE) | x);
    return data;
}

then you can bitwise use this:

for (short i = 1; i < 47; i++) {
    R  = ROTL48(R);
    R1 = Utils.AND(R, constant);
    R  = Utils.XOR(R, Red[R1[5]].jcint);
    Y  = ROTL48(Y);
    Y1 = Utils.AND(Y, constant);
    R  = Utils.XOR(R, Mul[Y1[5]].jcint);}
    return R;
}

dont know if this works for you but this one works for me

JustSomeGuy
  • 3,677
  • 1
  • 23
  • 31
noobie
  • 11
  • 2