diff --git a/crypto/License.html b/crypto/License.html
index cd92d1b0e..0050331dc 100644
--- a/crypto/License.html
+++ b/crypto/License.html
@@ -9,8 +9,8 @@
<h2>The Bouncy Castle Cryptographic C#® API</h2>
<h3>License:</h3>
The Bouncy Castle License<br>
-Copyright (c) 2000-2015 The Legion of the Bouncy Castle Inc.
-(http://www.bouncycastle.org)<br>
+Copyright (c) 2000-2017 The Legion of the Bouncy Castle Inc.
+(https://www.bouncycastle.org)<br>
Permission is hereby granted, free of charge, to any person obtaining a
copy of this software and associated documentation files (the "Software"), to deal in the
Software without restriction, including without limitation the rights to use, copy, modify, merge,
diff --git a/crypto/src/crypto/modes/GOFBBlockCipher.cs b/crypto/src/crypto/modes/GOFBBlockCipher.cs
index a91562549..4299f11a9 100644
--- a/crypto/src/crypto/modes/GOFBBlockCipher.cs
+++ b/crypto/src/crypto/modes/GOFBBlockCipher.cs
@@ -169,7 +169,11 @@ namespace Org.BouncyCastle.Crypto.Modes
}
N3 += C2;
N4 += C1;
- intTobytes(N3, ofbV, 0);
+ if (N4 < C1) // addition is mod (2**32 - 1)
+ {
+ N4++;
+ }
+ intTobytes(N3, ofbV, 0);
intTobytes(N4, ofbV, 4);
cipher.ProcessBlock(ofbV, 0, ofbOutV, 0);
diff --git a/crypto/src/math/ec/custom/sec/SecT163K1Point.cs b/crypto/src/math/ec/custom/sec/SecT163K1Point.cs
index 2e3ba57d0..8693fe1c8 100644
--- a/crypto/src/math/ec/custom/sec/SecT163K1Point.cs
+++ b/crypto/src/math/ec/custom/sec/SecT163K1Point.cs
@@ -131,11 +131,9 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
ECFieldElement Y2 = L2;
ECFieldElement L = Y1.Add(Y2).Divide(X1);
- //X3 = L.Square().Add(L).Add(X1).Add(curve.getA());
X3 = L.Square().Add(L).Add(X1).AddOne();
if (X3.IsZero)
{
- //return new SecT163K1Point(curve, X3, curve.B.sqrt(), IsCompressed);
return new SecT163K1Point(curve, X3, curve.B, IsCompressed);
}
@@ -153,7 +151,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
X3 = AU1.Multiply(AU2);
if (X3.IsZero)
{
- //return new SecT163K1Point(curve, X3, curve.B.sqrt(), IsCompressed);
return new SecT163K1Point(curve, X3, curve.B, IsCompressed);
}
@@ -199,7 +196,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
ECFieldElement T = L1.Square().Add(L1Z1).Add(Z1Sq);
if (T.IsZero)
{
- //return new SecT163K1Point(curve, T, curve.B.sqrt(), withCompression);
return new SecT163K1Point(curve, T, curve.B, IsCompressed);
}
@@ -243,10 +239,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
ECFieldElement Z1Sq = Z1.Square();
ECFieldElement L1Z1 = L1.Multiply(Z1);
- //ECFieldElement T = curve.getA().Multiply(Z1Sq).Add(L1Sq).Add(L1Z1);
ECFieldElement T = Z1Sq.Add(L1Sq).Add(L1Z1);
- ECFieldElement L2plus1 = L2.AddOne();
- //ECFieldElement A = curve.getA().Add(L2plus1).Multiply(Z1Sq).Add(L1Sq).MultiplyPlusProduct(T, X1Sq, Z1Sq);
ECFieldElement A = L2.Multiply(Z1Sq).Add(L1Sq).MultiplyPlusProduct(T, X1Sq, Z1Sq);
ECFieldElement X2Z1Sq = X2.Multiply(Z1Sq);
ECFieldElement B = X2Z1Sq.Add(T).Square();
@@ -261,13 +254,12 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
if (A.IsZero)
{
- //return new SecT163K1Point(curve, A, curve.B.sqrt(), withCompression);
return new SecT163K1Point(curve, A, curve.B, IsCompressed);
}
ECFieldElement X3 = A.Square().Multiply(X2Z1Sq);
ECFieldElement Z3 = A.Multiply(B).Multiply(Z1Sq);
- ECFieldElement L3 = A.Add(B).Square().MultiplyPlusProduct(T, L2plus1, Z3);
+ ECFieldElement L3 = A.Add(B).Square().MultiplyPlusProduct(T, L2.AddOne(), Z3);
return new SecT163K1Point(curve, X3, L3, new ECFieldElement[] { Z3 }, IsCompressed);
}
diff --git a/crypto/src/math/ec/custom/sec/SecT163R2Point.cs b/crypto/src/math/ec/custom/sec/SecT163R2Point.cs
index 07b3f1fd9..69e249739 100644
--- a/crypto/src/math/ec/custom/sec/SecT163R2Point.cs
+++ b/crypto/src/math/ec/custom/sec/SecT163R2Point.cs
@@ -133,7 +133,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
ECFieldElement Y2 = L2;
ECFieldElement L = Y1.Add(Y2).Divide(X1);
- //X3 = L.Square().Add(L).Add(X1).Add(curve.A);
X3 = L.Square().Add(L).Add(X1).AddOne();
if (X3.IsZero)
{
@@ -245,10 +244,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
ECFieldElement Z1Sq = Z1.Square();
ECFieldElement L1Z1 = L1.Multiply(Z1);
- //ECFieldElement T = curve.A.Multiply(Z1Sq).Add(L1Sq).Add(L1Z1);
ECFieldElement T = Z1Sq.Add(L1Sq).Add(L1Z1);
- ECFieldElement L2plus1 = L2.AddOne();
- //ECFieldElement A = curve.A.Add(L2plus1).Multiply(Z1Sq).Add(L1Sq).MultiplyPlusProduct(T, X1Sq, Z1Sq);
ECFieldElement A = L2.Multiply(Z1Sq).Add(L1Sq).MultiplyPlusProduct(T, X1Sq, Z1Sq);
ECFieldElement X2Z1Sq = X2.Multiply(Z1Sq);
ECFieldElement B = X2Z1Sq.Add(T).Square();
@@ -268,7 +264,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
ECFieldElement X3 = A.Square().Multiply(X2Z1Sq);
ECFieldElement Z3 = A.Multiply(B).Multiply(Z1Sq);
- ECFieldElement L3 = A.Add(B).Square().MultiplyPlusProduct(T, L2plus1, Z3);
+ ECFieldElement L3 = A.Add(B).Square().MultiplyPlusProduct(T, L2.AddOne(), Z3);
return new SecT163R2Point(curve, X3, L3, new ECFieldElement[] { Z3 }, IsCompressed);
}
diff --git a/crypto/src/math/ec/custom/sec/SecT233K1Point.cs b/crypto/src/math/ec/custom/sec/SecT233K1Point.cs
index 7e7ee8f0b..9a357ff8f 100644
--- a/crypto/src/math/ec/custom/sec/SecT233K1Point.cs
+++ b/crypto/src/math/ec/custom/sec/SecT233K1Point.cs
@@ -133,11 +133,9 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
ECFieldElement Y2 = L2;
ECFieldElement L = Y1.Add(Y2).Divide(X1);
- //X3 = L.Square().Add(L).Add(X1).Add(curve.A);
X3 = L.Square().Add(L).Add(X1);
if (X3.IsZero)
{
- //return new SecT233K1Point(curve, X3, curve.B.sqrt(), IsCompressed);
return new SecT233K1Point(curve, X3, curve.B, IsCompressed);
}
@@ -155,7 +153,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
X3 = AU1.Multiply(AU2);
if (X3.IsZero)
{
- //return new SecT233K1Point(curve, X3, curve.B.sqrt(), IsCompressed);
return new SecT233K1Point(curve, X3, curve.B, IsCompressed);
}
@@ -209,7 +206,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
if (T.IsZero)
{
- //return new SecT233K1Point(curve, T, curve.B.sqrt(), withCompression);
return new SecT233K1Point(curve, T, curve.B, IsCompressed);
}
@@ -254,10 +250,8 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
ECFieldElement Z1Sq = Z1.Square();
ECFieldElement L1Z1 = L1.Multiply(Z1);
- //ECFieldElement T = curve.A.Multiply(Z1Sq).Add(L1Sq).Add(L1Z1);
ECFieldElement T = L1Sq.Add(L1Z1);
ECFieldElement L2plus1 = L2.AddOne();
- //ECFieldElement A = curve.A.Add(L2plus1).Multiply(Z1Sq).Add(L1Sq).MultiplyPlusProduct(T, X1Sq, Z1Sq);
ECFieldElement A = L2plus1.Multiply(Z1Sq).Add(L1Sq).MultiplyPlusProduct(T, X1Sq, Z1Sq);
ECFieldElement X2Z1Sq = X2.Multiply(Z1Sq);
ECFieldElement B = X2Z1Sq.Add(T).Square();
@@ -274,7 +268,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
if (A.IsZero)
{
- //return new SecT233K1Point(curve, A, curve.B.sqrt(), withCompression);
return new SecT233K1Point(curve, A, curve.B, IsCompressed);
}
diff --git a/crypto/src/math/ec/custom/sec/SecT233R1Point.cs b/crypto/src/math/ec/custom/sec/SecT233R1Point.cs
index ffac89d15..6347051d2 100644
--- a/crypto/src/math/ec/custom/sec/SecT233R1Point.cs
+++ b/crypto/src/math/ec/custom/sec/SecT233R1Point.cs
@@ -131,7 +131,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
ECFieldElement Y2 = L2;
ECFieldElement L = Y1.Add(Y2).Divide(X1);
- //X3 = L.Square().Add(L).Add(X1).Add(curve.A);
X3 = L.Square().Add(L).Add(X1).AddOne();
if (X3.IsZero)
{
@@ -237,10 +236,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
ECFieldElement Z1Sq = Z1.Square();
ECFieldElement L1Z1 = L1.Multiply(Z1);
- //ECFieldElement T = curve.A.Multiply(Z1Sq).Add(L1Sq).Add(L1Z1);
ECFieldElement T = Z1Sq.Add(L1Sq).Add(L1Z1);
- ECFieldElement L2plus1 = L2.AddOne();
- //ECFieldElement A = curve.A.Add(L2plus1).Multiply(Z1Sq).Add(L1Sq).MultiplyPlusProduct(T, X1Sq, Z1Sq);
ECFieldElement A = L2.Multiply(Z1Sq).Add(L1Sq).MultiplyPlusProduct(T, X1Sq, Z1Sq);
ECFieldElement X2Z1Sq = X2.Multiply(Z1Sq);
ECFieldElement B = X2Z1Sq.Add(T).Square();
@@ -260,7 +256,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
ECFieldElement X3 = A.Square().Multiply(X2Z1Sq);
ECFieldElement Z3 = A.Multiply(B).Multiply(Z1Sq);
- ECFieldElement L3 = A.Add(B).Square().MultiplyPlusProduct(T, L2plus1, Z3);
+ ECFieldElement L3 = A.Add(B).Square().MultiplyPlusProduct(T, L2.AddOne(), Z3);
return new SecT233R1Point(curve, X3, L3, new ECFieldElement[] { Z3 }, IsCompressed);
}
diff --git a/crypto/src/math/ec/custom/sec/SecT239K1Point.cs b/crypto/src/math/ec/custom/sec/SecT239K1Point.cs
index ac079ad1e..fbd5117f8 100644
--- a/crypto/src/math/ec/custom/sec/SecT239K1Point.cs
+++ b/crypto/src/math/ec/custom/sec/SecT239K1Point.cs
@@ -131,11 +131,9 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
ECFieldElement Y2 = L2;
ECFieldElement L = Y1.Add(Y2).Divide(X1);
- // X3 = L.Square().Add(L).Add(X1).Add(curve.A);
X3 = L.Square().Add(L).Add(X1);
if (X3.IsZero)
{
- //return new SecT239K1Point(curve, X3, curve.B.sqrt(), IsCompressed);
return new SecT239K1Point(curve, X3, curve.B, IsCompressed);
}
@@ -153,7 +151,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
X3 = AU1.Multiply(AU2);
if (X3.IsZero)
{
- //return new SecT239K1Point(curve, X3, curve.B.sqrt(), IsCompressed);
return new SecT239K1Point(curve, X3, curve.B, IsCompressed);
}
@@ -206,7 +203,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
if (T.IsZero)
{
- //return new SecT239K1Point(curve, T, curve.B.sqrt(), withCompression);
return new SecT239K1Point(curve, T, curve.B, IsCompressed);
}
@@ -251,10 +247,8 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
ECFieldElement Z1Sq = Z1.Square();
ECFieldElement L1Z1 = L1.Multiply(Z1);
- //ECFieldElement T = curve.A.Multiply(Z1Sq).Add(L1Sq).Add(L1Z1);
ECFieldElement T = L1Sq.Add(L1Z1);
ECFieldElement L2plus1 = L2.AddOne();
- //ECFieldElement A = curve.A.Add(L2plus1).Multiply(Z1Sq).Add(L1Sq).MultiplyPlusProduct(T, X1Sq, Z1Sq);
ECFieldElement A = L2plus1.Multiply(Z1Sq).Add(L1Sq).MultiplyPlusProduct(T, X1Sq, Z1Sq);
ECFieldElement X2Z1Sq = X2.Multiply(Z1Sq);
ECFieldElement B = X2Z1Sq.Add(T).Square();
@@ -269,7 +263,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
if (A.IsZero)
{
- //return new SecT239K1Point(curve, A, curve.B.sqrt(), withCompression);
return new SecT239K1Point(curve, A, curve.B, IsCompressed);
}
diff --git a/crypto/src/math/ec/custom/sec/SecT283K1Point.cs b/crypto/src/math/ec/custom/sec/SecT283K1Point.cs
index f85706c63..9856894a1 100644
--- a/crypto/src/math/ec/custom/sec/SecT283K1Point.cs
+++ b/crypto/src/math/ec/custom/sec/SecT283K1Point.cs
@@ -131,11 +131,9 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
ECFieldElement Y2 = L2;
ECFieldElement L = Y1.Add(Y2).Divide(X1);
- //X3 = L.Square().Add(L).Add(X1).Add(curve.A);
X3 = L.Square().Add(L).Add(X1);
if (X3.IsZero)
{
- //return new SecT283K1Point(curve, X3, curve.B.sqrt(), IsCompressed);
return new SecT283K1Point(curve, X3, curve.B, IsCompressed);
}
@@ -153,7 +151,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
X3 = AU1.Multiply(AU2);
if (X3.IsZero)
{
- //return new SecT283K1Point(curve, X3, curve.B.sqrt(), IsCompressed);
return new SecT283K1Point(curve, X3, curve.B, IsCompressed);
}
@@ -205,7 +202,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
if (T.IsZero)
{
- //return new SecT283K1Point(curve, T, curve.B.sqrt(), withCompression);
return new SecT283K1Point(curve, T, curve.B, IsCompressed);
}
@@ -250,10 +246,8 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
ECFieldElement Z1Sq = Z1.Square();
ECFieldElement L1Z1 = L1.Multiply(Z1);
- //ECFieldElement T = curve.A.Multiply(Z1Sq).Add(L1Sq).Add(L1Z1);
ECFieldElement T = L1Sq.Add(L1Z1);
ECFieldElement L2plus1 = L2.AddOne();
- //ECFieldElement A = curve.A.Add(L2plus1).Multiply(Z1Sq).Add(L1Sq).MultiplyPlusProduct(T, X1Sq, Z1Sq);
ECFieldElement A = L2plus1.Multiply(Z1Sq).Add(L1Sq).MultiplyPlusProduct(T, X1Sq, Z1Sq);
ECFieldElement X2Z1Sq = X2.Multiply(Z1Sq);
ECFieldElement B = X2Z1Sq.Add(T).Square();
@@ -268,7 +262,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
if (A.IsZero)
{
- //return new SecT283K1Point(curve, A, curve.B.sqrt(), withCompression);
return new SecT283K1Point(curve, A, curve.B, IsCompressed);
}
diff --git a/crypto/src/math/ec/custom/sec/SecT283R1Point.cs b/crypto/src/math/ec/custom/sec/SecT283R1Point.cs
index 340bbdae6..4c1a7801d 100644
--- a/crypto/src/math/ec/custom/sec/SecT283R1Point.cs
+++ b/crypto/src/math/ec/custom/sec/SecT283R1Point.cs
@@ -131,7 +131,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
ECFieldElement Y2 = L2;
ECFieldElement L = Y1.Add(Y2).Divide(X1);
- //X3 = L.Square().Add(L).Add(X1).Add(curve.A);
X3 = L.Square().Add(L).Add(X1).AddOne();
if (X3.IsZero)
{
@@ -237,10 +236,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
ECFieldElement Z1Sq = Z1.Square();
ECFieldElement L1Z1 = L1.Multiply(Z1);
- //ECFieldElement T = curve.A.Multiply(Z1Sq).Add(L1Sq).Add(L1Z1);
ECFieldElement T = Z1Sq.Add(L1Sq).Add(L1Z1);
- ECFieldElement L2plus1 = L2.AddOne();
- //ECFieldElement A = curve.A.Add(L2plus1).Multiply(Z1Sq).Add(L1Sq).MultiplyPlusProduct(T, X1Sq, Z1Sq);
ECFieldElement A = L2.Multiply(Z1Sq).Add(L1Sq).MultiplyPlusProduct(T, X1Sq, Z1Sq);
ECFieldElement X2Z1Sq = X2.Multiply(Z1Sq);
ECFieldElement B = X2Z1Sq.Add(T).Square();
@@ -260,7 +256,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
ECFieldElement X3 = A.Square().Multiply(X2Z1Sq);
ECFieldElement Z3 = A.Multiply(B).Multiply(Z1Sq);
- ECFieldElement L3 = A.Add(B).Square().MultiplyPlusProduct(T, L2plus1, Z3);
+ ECFieldElement L3 = A.Add(B).Square().MultiplyPlusProduct(T, L2.AddOne(), Z3);
return new SecT283R1Point(curve, X3, L3, new ECFieldElement[] { Z3 }, IsCompressed);
}
diff --git a/crypto/src/math/ec/custom/sec/SecT409K1Point.cs b/crypto/src/math/ec/custom/sec/SecT409K1Point.cs
index 71adc7af2..e67ca9a72 100644
--- a/crypto/src/math/ec/custom/sec/SecT409K1Point.cs
+++ b/crypto/src/math/ec/custom/sec/SecT409K1Point.cs
@@ -131,11 +131,9 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
ECFieldElement Y2 = L2;
ECFieldElement L = Y1.Add(Y2).Divide(X1);
- //X3 = L.Square().Add(L).Add(X1).Add(curve.A);
X3 = L.Square().Add(L).Add(X1);
if (X3.IsZero)
{
- //return new SecT409K1Point(curve, X3, curve.B.sqrt(), IsCompressed);
return new SecT409K1Point(curve, X3, curve.B, IsCompressed);
}
@@ -153,7 +151,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
X3 = AU1.Multiply(AU2);
if (X3.IsZero)
{
- //return new SecT409K1Point(curve, X3, curve.B.sqrt(), IsCompressed);
return new SecT409K1Point(curve, X3, curve.B, IsCompressed);
}
@@ -205,7 +202,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
if (T.IsZero)
{
- //return new SecT409K1Point(curve, T, curve.B.sqrt(), withCompression);
return new SecT409K1Point(curve, T, curve.B, IsCompressed);
}
@@ -250,10 +246,8 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
ECFieldElement Z1Sq = Z1.Square();
ECFieldElement L1Z1 = L1.Multiply(Z1);
- //ECFieldElement T = curve.A.Multiply(Z1Sq).Add(L1Sq).Add(L1Z1);
ECFieldElement T = L1Sq.Add(L1Z1);
ECFieldElement L2plus1 = L2.AddOne();
- //ECFieldElement A = curve.A.Add(L2plus1).Multiply(Z1Sq).Add(L1Sq).MultiplyPlusProduct(T, X1Sq, Z1Sq);
ECFieldElement A = L2plus1.Multiply(Z1Sq).Add(L1Sq).MultiplyPlusProduct(T, X1Sq, Z1Sq);
ECFieldElement X2Z1Sq = X2.Multiply(Z1Sq);
ECFieldElement B = X2Z1Sq.Add(T).Square();
@@ -268,7 +262,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
if (A.IsZero)
{
- //return new SecT409K1Point(curve, A, curve.B.sqrt(), withCompression);
return new SecT409K1Point(curve, A, curve.B, IsCompressed);
}
diff --git a/crypto/src/math/ec/custom/sec/SecT409R1Point.cs b/crypto/src/math/ec/custom/sec/SecT409R1Point.cs
index af69fe656..92f6143dc 100644
--- a/crypto/src/math/ec/custom/sec/SecT409R1Point.cs
+++ b/crypto/src/math/ec/custom/sec/SecT409R1Point.cs
@@ -131,7 +131,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
ECFieldElement Y2 = L2;
ECFieldElement L = Y1.Add(Y2).Divide(X1);
- //X3 = L.Square().Add(L).Add(X1).Add(curve.A);
X3 = L.Square().Add(L).Add(X1).AddOne();
if (X3.IsZero)
{
@@ -237,10 +236,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
ECFieldElement Z1Sq = Z1.Square();
ECFieldElement L1Z1 = L1.Multiply(Z1);
- //ECFieldElement T = curve.A.Multiply(Z1Sq).Add(L1Sq).Add(L1Z1);
ECFieldElement T = Z1Sq.Add(L1Sq).Add(L1Z1);
- ECFieldElement L2plus1 = L2.AddOne();
- //ECFieldElement A = curve.A.Add(L2plus1).Multiply(Z1Sq).Add(L1Sq).MultiplyPlusProduct(T, X1Sq, Z1Sq);
ECFieldElement A = L2.Multiply(Z1Sq).Add(L1Sq).MultiplyPlusProduct(T, X1Sq, Z1Sq);
ECFieldElement X2Z1Sq = X2.Multiply(Z1Sq);
ECFieldElement B = X2Z1Sq.Add(T).Square();
@@ -260,7 +256,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
ECFieldElement X3 = A.Square().Multiply(X2Z1Sq);
ECFieldElement Z3 = A.Multiply(B).Multiply(Z1Sq);
- ECFieldElement L3 = A.Add(B).Square().MultiplyPlusProduct(T, L2plus1, Z3);
+ ECFieldElement L3 = A.Add(B).Square().MultiplyPlusProduct(T, L2.AddOne(), Z3);
return new SecT409R1Point(curve, X3, L3, new ECFieldElement[] { Z3 }, IsCompressed);
}
diff --git a/crypto/src/math/ec/custom/sec/SecT571K1Point.cs b/crypto/src/math/ec/custom/sec/SecT571K1Point.cs
index 62ed7bda0..deaaf0c74 100644
--- a/crypto/src/math/ec/custom/sec/SecT571K1Point.cs
+++ b/crypto/src/math/ec/custom/sec/SecT571K1Point.cs
@@ -131,11 +131,9 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
ECFieldElement Y2 = L2;
ECFieldElement L = Y1.Add(Y2).Divide(X1);
- //X3 = L.Square().Add(L).Add(X1).Add(curve.A);
- X3 = L.Square().Add(L).Add(X1).AddOne();
+ X3 = L.Square().Add(L).Add(X1);
if (X3.IsZero)
{
- //return new SecT571K1Point(curve, X3, curve.B.sqrt(), IsCompressed);
return new SecT571K1Point(curve, X3, curve.B, IsCompressed);
}
@@ -153,7 +151,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
X3 = AU1.Multiply(AU2);
if (X3.IsZero)
{
- //return new SecT571K1Point(curve, X3, curve.B.sqrt(), IsCompressed);
return new SecT571K1Point(curve, X3, curve.B, IsCompressed);
}
@@ -205,7 +202,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
if (T.IsZero)
{
- //return new SecT571K1Point(curve, T, curve.B.sqrt(), withCompression);
return new SecT571K1Point(curve, T, curve.B, IsCompressed);
}
@@ -250,10 +246,8 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
ECFieldElement Z1Sq = Z1.Square();
ECFieldElement L1Z1 = L1.Multiply(Z1);
- //ECFieldElement T = curve.A.Multiply(Z1Sq).Add(L1Sq).Add(L1Z1);
ECFieldElement T = L1Sq.Add(L1Z1);
ECFieldElement L2plus1 = L2.AddOne();
- //ECFieldElement A = curve.A.Add(L2plus1).Multiply(Z1Sq).Add(L1Sq).MultiplyPlusProduct(T, X1Sq, Z1Sq);
ECFieldElement A = L2plus1.Multiply(Z1Sq).Add(L1Sq).MultiplyPlusProduct(T, X1Sq, Z1Sq);
ECFieldElement X2Z1Sq = X2.Multiply(Z1Sq);
ECFieldElement B = X2Z1Sq.Add(T).Square();
@@ -268,7 +262,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
if (A.IsZero)
{
- //return new SecT571K1Point(curve, A, curve.B.sqrt(), withCompression);
return new SecT571K1Point(curve, A, curve.B, IsCompressed);
}
diff --git a/crypto/src/math/ec/custom/sec/SecT571R1Point.cs b/crypto/src/math/ec/custom/sec/SecT571R1Point.cs
index 0cbc98cf3..0d1fc98b6 100644
--- a/crypto/src/math/ec/custom/sec/SecT571R1Point.cs
+++ b/crypto/src/math/ec/custom/sec/SecT571R1Point.cs
@@ -131,11 +131,9 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
ECFieldElement Y2 = L2;
ECFieldElement L = Y1.Add(Y2).Divide(X1);
- //X3 = L.Square().Add(L).Add(X1).Add(curve.A);
X3 = L.Square().Add(L).Add(X1).AddOne();
if (X3.IsZero)
{
- //return new SecT571R1Point(curve, X3, curve.B.sqrt(), IsCompressed);
return new SecT571R1Point(curve, X3, SecT571R1Curve.SecT571R1_B_SQRT, IsCompressed);
}
@@ -153,7 +151,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
X3 = AU1.Multiply(AU2);
if (X3.IsZero)
{
- //return new SecT571R1Point(curve, X3, curve.B.sqrt(), IsCompressed);
return new SecT571R1Point(curve, X3, SecT571R1Curve.SecT571R1_B_SQRT, IsCompressed);
}
@@ -197,7 +194,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
ECFieldElement T = L1.Square().Add(L1Z1).Add(Z1Sq);
if (T.IsZero)
{
- //return new SecT571R1Point(curve, T, curve.B.sqrt(), withCompression);
return new SecT571R1Point(curve, T, SecT571R1Curve.SecT571R1_B_SQRT, IsCompressed);
}
@@ -240,10 +236,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
ECFieldElement Z1Sq = Z1.Square();
ECFieldElement L1Z1 = L1.Multiply(Z1);
- //ECFieldElement T = curve.A.Multiply(Z1Sq).Add(L1Sq).Add(L1Z1);
ECFieldElement T = Z1Sq.Add(L1Sq).Add(L1Z1);
- ECFieldElement L2plus1 = L2.AddOne();
- //ECFieldElement A = curve.A.Add(L2plus1).Multiply(Z1Sq).Add(L1Sq).MultiplyPlusProduct(T, X1Sq, Z1Sq);
ECFieldElement A = L2.Multiply(Z1Sq).Add(L1Sq).MultiplyPlusProduct(T, X1Sq, Z1Sq);
ECFieldElement X2Z1Sq = X2.Multiply(Z1Sq);
ECFieldElement B = X2Z1Sq.Add(T).Square();
@@ -258,13 +251,12 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
if (A.IsZero)
{
- //return new SecT571R1Point(curve, A, curve.B.sqrt(), withCompression);
return new SecT571R1Point(curve, A, SecT571R1Curve.SecT571R1_B_SQRT, IsCompressed);
}
ECFieldElement X3 = A.Square().Multiply(X2Z1Sq);
ECFieldElement Z3 = A.Multiply(B).Multiply(Z1Sq);
- ECFieldElement L3 = A.Add(B).Square().MultiplyPlusProduct(T, L2plus1, Z3);
+ ECFieldElement L3 = A.Add(B).Square().MultiplyPlusProduct(T, L2.AddOne(), Z3);
return new SecT571R1Point(curve, X3, L3, new ECFieldElement[] { Z3 }, IsCompressed);
}
diff --git a/crypto/test/src/crypto/test/GOST28147Test.cs b/crypto/test/src/crypto/test/GOST28147Test.cs
index aa5cce281..bd1e77cd3 100644
--- a/crypto/test/src/crypto/test/GOST28147Test.cs
+++ b/crypto/test/src/crypto/test/GOST28147Test.cs
@@ -37,7 +37,19 @@ namespace Org.BouncyCastle.Crypto.Tests
0xF,0xE,0xD,0xC,0xB,0xA,0x9,0x8,0x7,0x6,0x5,0x4,0x3,0x2,0x1,0x0
};
- static SimpleTest[] tests =
+ static byte[] TestSBox_1 =
+ {
+ 0xE, 0x3, 0xC, 0xD, 0x1, 0xF, 0xA, 0x9, 0xB, 0x6, 0x2, 0x7, 0x5, 0x0, 0x8, 0x4,
+ 0xD, 0x9, 0x0, 0x4, 0x7, 0x1, 0x3, 0xB, 0x6, 0xC, 0x2, 0xA, 0xF, 0xE, 0x5, 0x8,
+ 0x8, 0xB, 0xA, 0x7, 0x1, 0xD, 0x5, 0xC, 0x6, 0x3, 0x9, 0x0, 0xF, 0xE, 0x2, 0x4,
+ 0xD, 0x7, 0xC, 0x9, 0xF, 0x0, 0x5, 0x8, 0xA, 0x2, 0xB, 0x6, 0x4, 0x3, 0x1, 0xE,
+ 0xB, 0x4, 0x6, 0x5, 0x0, 0xF, 0x1, 0xC, 0x9, 0xE, 0xD, 0x8, 0x3, 0x7, 0xA, 0x2,
+ 0xD, 0xF, 0x9, 0x4, 0x2, 0xC, 0x5, 0xA, 0x6, 0x0, 0x3, 0x8, 0x7, 0xE, 0x1, 0xB,
+ 0xF, 0xE, 0x9, 0x5, 0xB, 0x2, 0x1, 0x8, 0x6, 0x0, 0xD, 0x3, 0x4, 0x7, 0xC, 0xA,
+ 0xA, 0x3, 0xE, 0x2, 0x0, 0x1, 0x4, 0x6, 0xB, 0x8, 0xC, 0x7, 0xD, 0x5, 0xF, 0x9
+ };
+
+ static SimpleTest[] tests =
{ new BlockCipherVectorTest(1, new Gost28147Engine(),
new KeyParameter(Hex.Decode("546d203368656c326973652073736e62206167796967747473656865202c3d73")),
input1, output1),
@@ -128,7 +140,38 @@ namespace Org.BouncyCastle.Crypto.Tests
Hex.Decode("1234567890abcdef")), //IV
"bc350e71aa11345709acde", //input message
"1bcc2282707c676fb656dc"), //encrypt message
-
+ new BlockCipherVectorTest(15, new GOfbBlockCipher(new Gost28147Engine()),
+ new ParametersWithIV(
+ new ParametersWithSBox(
+ new KeyParameter(Hex.Decode("0A43145BA8B9E9FF0AEA67D3F26AD87854CED8D9017B3D33ED81301F90FDF993")), //key
+ TestSBox_1), //type, IV, S-box
+ Hex.Decode("8001069080010690")),
+ "094C912C5EFDD703D42118971694580B", //input message
+ "2707B58DF039D1A64460735FFE76D55F"), //encrypt message
+ new BlockCipherVectorTest(16, new GOfbBlockCipher(new Gost28147Engine()),
+ new ParametersWithIV(
+ new ParametersWithSBox(
+ new KeyParameter(Hex.Decode("0A43145BA8B9E9FF0AEA67D3F26AD87854CED8D9017B3D33ED81301F90FDF993")), //key
+ TestSBox_1), //type, S-box
+ Hex.Decode("800107A0800107A0")),
+ "FE780800E0690083F20C010CF00C0329", //input message
+ "9AF623DFF948B413B53171E8D546188D"), //encrypt message
+ new BlockCipherVectorTest(17, new GOfbBlockCipher(new Gost28147Engine()),
+ new ParametersWithIV(
+ new ParametersWithSBox(
+ new KeyParameter(Hex.Decode("0A43145BA8B9E9FF0AEA67D3F26AD87854CED8D9017B3D33ED81301F90FDF993")), //key
+ TestSBox_1), //type, S-box
+ Hex.Decode("8001114080011140")),
+ "D1088FD8C0A86EE8F1DCD1088FE8C058", //input message
+ "62A6B64D12253BCD8241A4BB0CFD3E7C"), //encrypt message
+ new BlockCipherVectorTest(18, new GOfbBlockCipher(new Gost28147Engine()),
+ new ParametersWithIV(
+ new ParametersWithSBox(
+ new KeyParameter(Hex.Decode("0A43145BA8B9E9FF0AEA67D3F26AD87854CED8D9017B3D33ED81301F90FDF993")), //key
+ TestSBox_1), //type, IV, S-box
+ Hex.Decode("80011A3080011A30")),
+ "D431FACD011C502C501B500A12921090", //input message
+ "07313C89D302FF73234B4A0506AB00F3"), //encrypt message
};
private const int Gost28147_KEY_LENGTH = 32;
|
