diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2014-03-04 15:10:33 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2014-03-04 15:10:33 +0700 |
| commit | c2fe9bb1d2b4d3b8e01642068714c824a3c74581 (patch) | |
| tree | e5a4712684f092946f6439e1e0e0938817313041 | |
| parent | Just use shift methods from Nat class evverywhere (diff) | |
| download | BouncyCastle.NET-ed25519-c2fe9bb1d2b4d3b8e01642068714c824a3c74581.tar.xz | |
Remove some length-specific methods in favour of the Nat class
Add more method variations to Nat Use customized reductions in various fields
| -rw-r--r-- | crypto/src/math/ec/Nat.cs | 209 | ||||
| -rw-r--r-- | crypto/src/math/ec/custom/sec/Curve25519Field.cs | 52 | ||||
| -rw-r--r-- | crypto/src/math/ec/custom/sec/Nat192.cs | 145 | ||||
| -rw-r--r-- | crypto/src/math/ec/custom/sec/Nat224.cs | 145 | ||||
| -rw-r--r-- | crypto/src/math/ec/custom/sec/Nat256.cs | 164 | ||||
| -rw-r--r-- | crypto/src/math/ec/custom/sec/SecP192K1Field.cs | 32 | ||||
| -rw-r--r-- | crypto/src/math/ec/custom/sec/SecP192R1Field.cs | 71 | ||||
| -rw-r--r-- | crypto/src/math/ec/custom/sec/SecP224K1Field.cs | 32 | ||||
| -rw-r--r-- | crypto/src/math/ec/custom/sec/SecP224R1Field.cs | 79 | ||||
| -rw-r--r-- | crypto/src/math/ec/custom/sec/SecP256K1Field.cs | 23 | ||||
| -rw-r--r-- | crypto/src/math/ec/custom/sec/SecP256R1Field.cs | 11 | ||||
| -rw-r--r-- | crypto/src/math/ec/custom/sec/SecP384R1Field.cs | 82 |
12 files changed, 487 insertions, 558 deletions
diff --git a/crypto/src/math/ec/Nat.cs b/crypto/src/math/ec/Nat.cs index 8dbd6780d..17b632f26 100644 --- a/crypto/src/math/ec/Nat.cs +++ b/crypto/src/math/ec/Nat.cs @@ -21,6 +21,52 @@ namespace Org.BouncyCastle.Math.EC return (uint)c; } + public static uint Add33At(int len, uint x, uint[] z, int zPos) + { + Debug.Assert(zPos <= (len - 2)); + ulong c = (ulong)z[zPos + 0] + x; + z[zPos + 0] = (uint)c; + c >>= 32; + c += (ulong)z[zPos + 1] + 1; + z[zPos + 1] = (uint)c; + c >>= 32; + return c == 0 ? 0 : IncAt(len, z, zPos + 2); + } + + public static uint Add33At(int len, uint x, uint[] z, int zOff, int zPos) + { + Debug.Assert(zPos <= (len - 2)); + ulong c = (ulong)z[zOff + zPos] + x; + z[zOff + zPos] = (uint)c; + c >>= 32; + c += (ulong)z[zOff + zPos + 1] + 1; + z[zOff + zPos + 1] = (uint)c; + c >>= 32; + return c == 0 ? 0 : IncAt(len, z, zOff, zPos + 2); + } + + public static uint Add33To(int len, uint x, uint[] z) + { + ulong c = (ulong)z[0] + x; + z[0] = (uint)c; + c >>= 32; + c += (ulong)z[1] + 1; + z[1] = (uint)c; + c >>= 32; + return c == 0 ? 0 : IncAt(len, z, 2); + } + + public static uint Add33To(int len, uint x, uint[] z, int zOff) + { + ulong c = (ulong)z[zOff + 0] + x; + z[zOff + 0] = (uint)c; + c >>= 32; + c += (ulong)z[zOff + 1] + 1; + z[zOff + 1] = (uint)c; + c >>= 32; + return c == 0 ? 0 : IncAt(len, z, zOff, 2); + } + public static uint AddBothTo(int len, uint[] x, uint[] y, uint[] z) { ulong c = 0; @@ -57,6 +103,40 @@ namespace Org.BouncyCastle.Math.EC return c == 0 ? 0 : IncAt(len, z, zPos + 2); } + public static uint AddDWordAt(int len, ulong x, uint[] z, int zOff, int zPos) + { + Debug.Assert(zPos <= (len - 2)); + ulong c = (ulong)z[zOff + zPos] + (x & M); + z[zOff + zPos] = (uint)c; + c >>= 32; + c += (ulong)z[zOff + zPos + 1] + (x >> 32); + z[zOff + zPos + 1] = (uint)c; + c >>= 32; + return c == 0 ? 0 : IncAt(len, z, zOff, zPos + 2); + } + + public static uint AddDWordTo(int len, ulong x, uint[] z) + { + ulong c = (ulong)z[0] + (x & M); + z[0] = (uint)c; + c >>= 32; + c += (ulong)z[1] + (x >> 32); + z[1] = (uint)c; + c >>= 32; + return c == 0 ? 0 : IncAt(len, z, 2); + } + + public static uint AddDWordTo(int len, ulong x, uint[] z, int zOff) + { + ulong c = (ulong)z[zOff + 0] + (x & M); + z[zOff + 0] = (uint)c; + c >>= 32; + c += (ulong)z[zOff + 1] + (x >> 32); + z[zOff + 1] = (uint)c; + c >>= 32; + return c == 0 ? 0 : IncAt(len, z, zOff, 2); + } + public static uint AddTo(int len, uint[] x, uint[] z) { ulong c = 0; @@ -99,6 +179,22 @@ namespace Org.BouncyCastle.Math.EC return c == 0 ? 0 : IncAt(len, z, zOff, zPos + 1); } + public static uint AddWordTo(int len, uint x, uint[] z) + { + ulong c = (ulong)x + z[0]; + z[0] = (uint)c; + c >>= 32; + return c == 0 ? 0 : IncAt(len, z, 1); + } + + public static uint AddWordTo(int len, uint x, uint[] z, int zOff) + { + ulong c = (ulong)x + z[zOff]; + z[zOff] = (uint)c; + c >>= 32; + return c == 0 ? 0 : IncAt(len, z, zOff, 1); + } + public static void Copy(int len, uint[] x, uint[] z) { Array.Copy(x, 0, z, 0, len); @@ -134,10 +230,15 @@ namespace Org.BouncyCastle.Math.EC while (i < len) { uint c = x[i] - 1; - z[i++] = c; + z[i] = c; + ++i; if (c != uint.MaxValue) { - Array.Copy(x, i, z, i, len - i); + while (i < len) + { + z[i] = x[i]; + ++i; + } return 0; } } @@ -244,10 +345,15 @@ namespace Org.BouncyCastle.Math.EC while (i < len) { uint c = x[i] + 1; - z[i++] = c; + z[i] = c; + ++i; if (c != 0) { - Array.Copy(x, i, z, i, len - i); + while (i < len) + { + z[i] = x[i]; + ++i; + } return 0; } } @@ -708,6 +814,51 @@ namespace Org.BouncyCastle.Math.EC } return (int)c; } + public static int Sub33At(int len, uint x, uint[] z, int zPos) + { + Debug.Assert(zPos <= (len - 2)); + long c = (long)z[zPos + 0] - x; + z[zPos + 0] = (uint)c; + c >>= 32; + c += (long)z[zPos + 1] - 1; + z[zPos + 1] = (uint)c; + c >>= 32; + return c == 0 ? 0 : DecAt(len, z, zPos + 2); + } + + public static int Sub33At(int len, uint x, uint[] z, int zOff, int zPos) + { + Debug.Assert(zPos <= (len - 2)); + long c = (long)z[zOff + zPos] - x; + z[zOff + zPos] = (uint)c; + c >>= 32; + c += (long)z[zOff + zPos + 1] - 1; + z[zOff + zPos + 1] = (uint)c; + c >>= 32; + return c == 0 ? 0 : DecAt(len, z, zOff, zPos + 2); + } + + public static int Sub33From(int len, uint x, uint[] z) + { + long c = (long)z[0] - x; + z[0] = (uint)c; + c >>= 32; + c += (long)z[1] - 1; + z[1] = (uint)c; + c >>= 32; + return c == 0 ? 0 : DecAt(len, z, 2); + } + + public static int Sub33From(int len, uint x, uint[] z, int zOff) + { + long c = (long)z[zOff + 0] - x; + z[zOff + 0] = (uint)c; + c >>= 32; + c += (long)z[zOff + 1] - 1; + z[zOff + 1] = (uint)c; + c >>= 32; + return c == 0 ? 0 : DecAt(len, z, zOff, 2); + } public static int SubBothFrom(int len, uint[] x, uint[] y, uint[] z) { @@ -745,6 +896,40 @@ namespace Org.BouncyCastle.Math.EC return c == 0 ? 0 : DecAt(len, z, zPos + 2); } + public static int SubDWordAt(int len, ulong x, uint[] z, int zOff, int zPos) + { + Debug.Assert(zPos <= (len - 2)); + long c = (long)z[zOff + zPos] - (long)(x & M); + z[zOff + zPos] = (uint)c; + c >>= 32; + c += (long)z[zOff + zPos + 1] - (long)(x >> 32); + z[zOff + zPos + 1] = (uint)c; + c >>= 32; + return c == 0 ? 0 : DecAt(len, z, zOff, zPos + 2); + } + + public static int SubDWordFrom(int len, ulong x, uint[] z) + { + long c = (long)z[0] - (long)(x & M); + z[0] = (uint)c; + c >>= 32; + c += (long)z[1] - (long)(x >> 32); + z[1] = (uint)c; + c >>= 32; + return c == 0 ? 0 : DecAt(len, z, 2); + } + + public static int SubDWordFrom(int len, ulong x, uint[] z, int zOff) + { + long c = (long)z[zOff + 0] - (long)(x & M); + z[zOff + 0] = (uint)c; + c >>= 32; + c += (long)z[zOff + 1] - (long)(x >> 32); + z[zOff + 1] = (uint)c; + c >>= 32; + return c == 0 ? 0 : DecAt(len, z, zOff, 2); + } + public static int SubFrom(int len, uint[] x, uint[] z) { long c = 0; @@ -787,6 +972,22 @@ namespace Org.BouncyCastle.Math.EC return c == 0 ? 0 : DecAt(len, z, zOff, zPos + 1); } + public static int SubWordFrom(int len, uint x, uint[] z) + { + long c = (long)z[0] - x; + z[0] = (uint)c; + c >>= 32; + return c == 0 ? 0 : DecAt(len, z, 1); + } + + public static int SubWordFrom(int len, uint x, uint[] z, int zOff) + { + long c = (long)z[zOff + 0] - x; + z[zOff + 0] = (uint)c; + c >>= 32; + return c == 0 ? 0 : DecAt(len, z, zOff, 1); + } + public static BigInteger ToBigInteger(int len, uint[] x) { byte[] bs = new byte[len << 2]; diff --git a/crypto/src/math/ec/custom/sec/Curve25519Field.cs b/crypto/src/math/ec/custom/sec/Curve25519Field.cs index c272cbc38..c2924a2a0 100644 --- a/crypto/src/math/ec/custom/sec/Curve25519Field.cs +++ b/crypto/src/math/ec/custom/sec/Curve25519Field.cs @@ -19,28 +19,25 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec Nat256.Add(x, y, z); if (Nat256.Gte(z, P)) { - Nat256.AddWord(PInv, z, 0); - z[7] &= P7; + AddPInvTo(z); } } public static void AddExt(uint[] xx, uint[] yy, uint[] zz) { - Nat256.AddExt(xx, yy, zz); + Nat.Add(16, xx, yy, zz); if (Nat256.GteExt(zz, PExt)) { - Nat256.SubExt(zz, PExt, zz); + Nat.SubFrom(16, PExt, zz); } } public static void AddOne(uint[] x, uint[] z) { - Nat256.Copy(x, z); - Nat256.Inc(z, 0); + Nat.Inc(8, x, z); if (Nat256.Gte(z, P)) { - Nat256.AddWord(PInv, z, 0); - z[7] &= P7; + AddPInvTo(z); } } @@ -96,11 +93,10 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec uint z07 = z[7]; z[7] = z07 & P7; c += (z07 >> 31) - (xx07 >> 31); - Nat256.AddWord(c * PInv, z, 0); + Nat.AddWordTo(8, c * PInv, z); if (Nat256.Gte(z, P)) { - Nat256.AddWord(PInv, z, 0); - z[7] &= P7; + AddPInvTo(z); } } @@ -131,17 +127,16 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec int c = Nat256.Sub(x, y, z); if (c != 0) { - Nat256.SubWord(PInv, z, 0); - z[7] &= P7; + SubPInvFrom(z); } } public static void SubtractExt(uint[] xx, uint[] yy, uint[] zz) { - int c = Nat256.SubExt(xx, yy, zz); + int c = Nat.Sub(16, xx, yy, zz); if (c != 0) { - Nat256.AddExt(zz, PExt, zz); + Nat.AddTo(16, PExt, zz); } } @@ -150,9 +145,32 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec Nat.ShiftUpBit(8, x, 0, z); if (Nat256.Gte(z, P)) { - Nat256.AddWord(PInv, z, 0); - z[7] &= P7; + AddPInvTo(z); } } + + private static void AddPInvTo(uint[] z) + { + ulong c = (ulong)z[0] + PInv; + z[0] = (uint)c; + c >>= 32; + if (c != 0) + { + Nat.IncAt(7, z, 1); + } + z[7] &= P7; + } + + private static void SubPInvFrom(uint[] z) + { + long c = (long)z[0] - PInv; + z[0] = (uint)c; + c >>= 32; + if (c != 0) + { + Nat.DecAt(7, z, 1); + } + z[7] &= P7; + } } } diff --git a/crypto/src/math/ec/custom/sec/Nat192.cs b/crypto/src/math/ec/custom/sec/Nat192.cs index 1a6e557f8..0ecbc06de 100644 --- a/crypto/src/math/ec/custom/sec/Nat192.cs +++ b/crypto/src/math/ec/custom/sec/Nat192.cs @@ -57,32 +57,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec return (uint)c; } - // TODO Re-write to allow full range for x? - public static uint AddDWord(ulong x, uint[] z, int zOff) - { - Debug.Assert(zOff <= 4); - ulong c = x; - c += (ulong)z[zOff + 0]; - z[zOff + 0] = (uint)c; - c >>= 32; - c += (ulong)z[zOff + 1]; - z[zOff + 1] = (uint)c; - c >>= 32; - return c == 0 ? 0 : Inc(z, zOff + 2); - } - - public static uint AddExt(uint[] xx, uint[] yy, uint[] zz) - { - ulong c = 0; - for (int i = 0; i < 12; ++i) - { - c += (ulong)xx[i] + yy[i]; - zz[i] = (uint)c; - c >>= 32; - } - return (uint)c; - } - public static uint AddTo(uint[] x, uint[] z) { ulong c = 0; @@ -161,24 +135,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec return (uint)c; } - public static uint AddWord(uint x, uint[] z, int zOff) - { - Debug.Assert(zOff <= 5); - ulong c = (ulong)x + z[zOff + 0]; - z[zOff + 0] = (uint)c; - c >>= 32; - return c == 0 ? 0 : Inc(z, zOff + 1); - } - - public static uint AddWordExt(uint x, uint[] zz, int zzOff) - { - Debug.Assert(zzOff <= 11); - ulong c = (ulong)x + zz[zzOff + 0]; - zz[zzOff + 0] = (uint)c; - c >>= 32; - return c == 0 ? 0 : IncExt(zz, zzOff + 1); - } - public static void Copy(uint[] x, uint[] z) { z[0] = x[0]; @@ -199,32 +155,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec return new uint[12]; } - public static int Dec(uint[] z, int zOff) - { - Debug.Assert(zOff <= 6); - for (int i = zOff; i < 6; ++i) - { - if (--z[i] != uint.MaxValue) - { - return 0; - } - } - return -1; - } - - public static int DecExt(uint[] z, int zOff) - { - Debug.Assert(zOff <= 12); - for (int i = zOff; i < 12; ++i) - { - if (--z[i] != uint.MaxValue) - { - return 0; - } - } - return -1; - } - public static bool Diff(uint[] x, int xOff, uint[] y, int yOff, uint[] z, int zOff) { bool pos = Gte(x, xOff, y, yOff); @@ -318,32 +248,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec return true; } - public static uint Inc(uint[] z, int zOff) - { - Debug.Assert(zOff <= 6); - for (int i = zOff; i < 6; ++i) - { - if (++z[i] != uint.MinValue) - { - return 0; - } - } - return 1; - } - - public static uint IncExt(uint[] zz, int zzOff) - { - Debug.Assert(zzOff <= 12); - for (int i = zzOff; i < 12; ++i) - { - if (++zz[i] != uint.MinValue) - { - return 0; - } - } - return 1; - } - public static bool IsOne(uint[] x) { if (x[0] != 1) @@ -654,7 +558,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec c += z[zOff + 3]; z[zOff + 3] = (uint)c; c >>= 32; - return c == 0 ? 0 : Inc(z, zOff + 4); + return c == 0 ? 0 : Nat.IncAt(6, z, zOff, 4); } public static uint Mul33WordAdd(uint x, uint y, uint[] z, int zOff) @@ -671,7 +575,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec c += z[zOff + 2]; z[zOff + 2] = (uint)c; c >>= 32; - return c == 0 ? 0 : Inc(z, zOff + 3); + return c == 0 ? 0 : Nat.IncAt(6, z, zOff, 3); } public static uint MulWordDwordAdd(uint x, ulong y, uint[] z, int zOff) @@ -687,7 +591,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec c += z[zOff + 2]; z[zOff + 2] = (uint)c; c >>= 32; - return c == 0 ? 0 : Inc(z, zOff + 3); + return c == 0 ? 0 : Nat.IncAt(6, z, zOff, 3); } public static uint MulWord(uint x, uint[] y, uint[] z, int zOff) @@ -968,31 +872,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec return (int)c; } - // TODO Re-write to allow full range for x? - public static int SubDWord(ulong x, uint[] z) - { - long c = -(long)x; - c += (long)z[0]; - z[0] = (uint)c; - c >>= 32; - c += (long)z[1]; - z[1] = (uint)c; - c >>= 32; - return c == 0 ? 0 : Dec(z, 2); - } - - public static int SubExt(uint[] xx, uint[] yy, uint[] zz) - { - long c = 0; - for (int i = 0; i < 12; ++i) - { - c += (long)xx[i] - yy[i]; - zz[i] = (uint)c; - c >>= 32; - } - return (int)c; - } - public static int SubFrom(uint[] x, uint[] z) { long c = 0; @@ -1041,24 +920,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec return (int)c; } - public static int SubWord(uint x, uint[] z, int zOff) - { - Debug.Assert(zOff <= 5); - long c = (long)z[zOff + 0] - x; - z[zOff + 0] = (uint)c; - c >>= 32; - return c == 0 ? 0 : Dec(z, zOff + 1); - } - - public static int SubWordExt(uint x, uint[] zz, int zzOff) - { - Debug.Assert(zzOff <= 11); - long c = (long)zz[zzOff + 0] - x; - zz[zzOff + 0] = (uint)c; - c >>= 32; - return c == 0 ? 0 : DecExt(zz, zzOff + 1); - } - public static BigInteger ToBigInteger(uint[] x) { byte[] bs = new byte[24]; diff --git a/crypto/src/math/ec/custom/sec/Nat224.cs b/crypto/src/math/ec/custom/sec/Nat224.cs index 7027f1162..f8021b19a 100644 --- a/crypto/src/math/ec/custom/sec/Nat224.cs +++ b/crypto/src/math/ec/custom/sec/Nat224.cs @@ -117,32 +117,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec return (uint)c; } - // TODO Re-write to allow full range for x? - public static uint AddDWord(ulong x, uint[] z, int zOff) - { - Debug.Assert(zOff <= 5); - ulong c = x; - c += (ulong)z[zOff + 0]; - z[zOff + 0] = (uint)c; - c >>= 32; - c += (ulong)z[zOff + 1]; - z[zOff + 1] = (uint)c; - c >>= 32; - return c == 0 ? 0 : Inc(z, zOff + 2); - } - - public static uint AddExt(uint[] xx, uint[] yy, uint[] zz) - { - ulong c = 0; - for (int i = 0; i < 14; ++i) - { - c += (ulong)xx[i] + yy[i]; - zz[i] = (uint)c; - c >>= 32; - } - return (uint)c; - } - public static uint AddTo(uint[] x, uint[] z) { ulong c = 0; @@ -231,24 +205,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec return (uint)c; } - public static uint AddWord(uint x, uint[] z, int zOff) - { - Debug.Assert(zOff <= 6); - ulong c = (ulong)x + z[zOff + 0]; - z[zOff + 0] = (uint)c; - c >>= 32; - return c == 0 ? 0 : Inc(z, zOff + 1); - } - - public static uint AddWordExt(uint x, uint[] zz, int zzOff) - { - Debug.Assert(zzOff <= 13); - ulong c = (ulong)x + zz[zzOff + 0]; - zz[zzOff + 0] = (uint)c; - c >>= 32; - return c == 0 ? 0 : IncExt(zz, zzOff + 1); - } - public static void Copy(uint[] x, uint[] z) { z[0] = x[0]; @@ -270,32 +226,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec return new uint[14]; } - public static int Dec(uint[] z, int zOff) - { - Debug.Assert(zOff <= 7); - for (int i = zOff; i < 7; ++i) - { - if (--z[i] != uint.MaxValue) - { - return 0; - } - } - return -1; - } - - public static int DecExt(uint[] zz, int zzOff) - { - Debug.Assert(zzOff <= 14); - for (int i = zzOff; i < 14; ++i) - { - if (--zz[i] != uint.MaxValue) - { - return 0; - } - } - return -1; - } - public static bool Diff(uint[] x, int xOff, uint[] y, int yOff, uint[] z, int zOff) { bool pos = Gte(x, xOff, y, yOff); @@ -389,32 +319,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec return true; } - public static uint Inc(uint[] z, int zOff) - { - Debug.Assert(zOff <= 7); - for (int i = zOff; i < 7; ++i) - { - if (++z[i] != uint.MinValue) - { - return 0; - } - } - return 1; - } - - public static uint IncExt(uint[] zz, int zzOff) - { - Debug.Assert(zzOff <= 14); - for (int i = zzOff; i < 14; ++i) - { - if (++zz[i] != uint.MinValue) - { - return 0; - } - } - return 1; - } - public static bool IsOne(uint[] x) { if (x[0] != 1) @@ -806,7 +710,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec c += z[zOff + 3]; z[zOff + 3] = (uint)c; c >>= 32; - return c == 0 ? 0 : Inc(z, zOff + 4); + return c == 0 ? 0 : Nat.IncAt(7, z, zOff, 4); } public static uint Mul33WordAdd(uint x, uint y, uint[] z, int zOff) @@ -823,7 +727,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec c += z[zOff + 2]; z[zOff + 2] = (uint)c; c >>= 32; - return c == 0 ? 0 : Inc(z, zOff + 3); + return c == 0 ? 0 : Nat.IncAt(7, z, zOff, 3); } public static uint MulWordDwordAdd(uint x, ulong y, uint[] z, int zOff) @@ -839,7 +743,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec c += z[zOff + 2]; z[zOff + 2] = (uint)c; c >>= 32; - return c == 0 ? 0 : Inc(z, zOff + 3); + return c == 0 ? 0 : Nat.IncAt(7, z, zOff, 3); } public static uint MulWord(uint x, uint[] y, uint[] z, int zOff) @@ -1167,31 +1071,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec return (int)c; } - // TODO Re-write to allow full range for x? - public static int SubDWord(ulong x, uint[] z) - { - long c = -(long)x; - c += (long)z[0]; - z[0] = (uint)c; - c >>= 32; - c += (long)z[1]; - z[1] = (uint)c; - c >>= 32; - return c == 0 ? 0 : Dec(z, 2); - } - - public static int SubExt(uint[] xx, uint[] yy, uint[] zz) - { - long c = 0; - for (int i = 0; i < 14; ++i) - { - c += (long)xx[i] - yy[i]; - zz[i] = (uint)c; - c >>= 32; - } - return (int)c; - } - public static int SubFrom(uint[] x, uint[] z) { long c = 0; @@ -1246,24 +1125,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec return (int)c; } - public static int SubWord(uint x, uint[] z, int zOff) - { - Debug.Assert(zOff <= 6); - long c = (long)z[zOff + 0] - x; - z[zOff + 0] = (uint)c; - c >>= 32; - return c == 0 ? 0 : Dec(z, zOff + 1); - } - - public static int SubWordExt(uint x, uint[] zz, int zzOff) - { - Debug.Assert(zzOff <= 13); - long c = (long)zz[zzOff + 0] - x; - zz[zzOff + 0] = (uint)c; - c >>= 32; - return c == 0 ? 0 : DecExt(zz, zzOff + 1); - } - public static BigInteger ToBigInteger(uint[] x) { byte[] bs = new byte[28]; diff --git a/crypto/src/math/ec/custom/sec/Nat256.cs b/crypto/src/math/ec/custom/sec/Nat256.cs index f4599b988..9c19f41ba 100644 --- a/crypto/src/math/ec/custom/sec/Nat256.cs +++ b/crypto/src/math/ec/custom/sec/Nat256.cs @@ -69,17 +69,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec return (uint)c; } - public static uint Add33To(uint x, uint[] z) - { - ulong c = (ulong)z[0] + x; - z[0] = (uint)c; - c >>= 32; - c += (ulong)z[1] + 1; - z[1] = (uint)c; - c >>= 32; - return c == 0 ? 0 : Inc(z, 2); - } - public static uint AddBothTo(uint[] x, uint[] y, uint[] z) { ulong c = 0; @@ -140,30 +129,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec return (uint)c; } - public static uint AddDWordAt(ulong x, uint[] z, int zPos) - { - Debug.Assert(zPos <= 6); - ulong c = (ulong)z[zPos + 0] + (x & M); - z[zPos + 0] = (uint)c; - c >>= 32; - c += (ulong)z[zPos + 1] + (x >> 32); - z[zPos + 1] = (uint)c; - c >>= 32; - return c == 0 ? 0 : Inc(z, zPos + 2); - } - - public static uint AddExt(uint[] xx, uint[] yy, uint[] zz) - { - ulong c = 0; - for (int i = 0; i < 16; ++i) - { - c += (ulong)xx[i] + yy[i]; - zz[i] = (uint)c; - c >>= 32; - } - return (uint)c; - } - public static uint AddTo(uint[] x, uint[] z) { ulong c = 0; @@ -262,24 +227,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec return (uint)c; } - public static uint AddWord(uint x, uint[] z, int zOff) - { - Debug.Assert(zOff <= 7); - ulong c = (ulong)x + z[zOff + 0]; - z[zOff + 0] = (uint)c; - c >>= 32; - return c == 0 ? 0 : Inc(z, zOff + 1); - } - - public static uint AddWordExt(uint x, uint[] zz, int zzOff) - { - Debug.Assert(zzOff <= 15); - ulong c = (ulong)x + zz[zzOff + 0]; - zz[zzOff + 0] = (uint)c; - c >>= 32; - return c == 0 ? 0 : IncExt(zz, zzOff + 1); - } - public static void Copy(uint[] x, uint[] z) { z[0] = x[0]; @@ -302,32 +249,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec return new uint[16]; } - public static int Dec(uint[] z, int zOff) - { - Debug.Assert(zOff <= 8); - for (int i = zOff; i < 8; ++i) - { - if (--z[i] != uint.MaxValue) - { - return 0; - } - } - return -1; - } - - public static int DecExt(uint[] zz, int zzOff) - { - Debug.Assert(zzOff <= 16); - for (int i = zzOff; i < 16; ++i) - { - if (--zz[i] != uint.MaxValue) - { - return 0; - } - } - return -1; - } - public static bool Diff(uint[] x, int xOff, uint[] y, int yOff, uint[] z, int zOff) { bool pos = Gte(x, xOff, y, yOff); @@ -421,32 +342,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec return true; } - public static uint Inc(uint[] z, int zOff) - { - Debug.Assert(zOff <= 8); - for (int i = zOff; i < 8; ++i) - { - if (++z[i] != uint.MinValue) - { - return 0; - } - } - return 1; - } - - public static uint IncExt(uint[] zz, int zzOff) - { - Debug.Assert(zzOff <= 16); - for (int i = zzOff; i < 16; ++i) - { - if (++zz[i] != uint.MinValue) - { - return 0; - } - } - return 1; - } - public static bool IsOne(uint[] x) { if (x[0] != 1) @@ -873,7 +768,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec c += z[zOff + 3]; z[zOff + 3] = (uint)c; c >>= 32; - return c == 0 ? 0 : Inc(z, zOff + 4); + return c == 0 ? 0 : Nat.IncAt(8, z, zOff, 4); } public static uint Mul33WordAdd(uint x, uint y, uint[] z, int zOff) @@ -890,7 +785,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec c += z[zOff + 2]; z[zOff + 2] = (uint)c; c >>= 32; - return c == 0 ? 0 : Inc(z, zOff + 3); + return c == 0 ? 0 : Nat.IncAt(8, z, zOff, 3); } public static uint MulWordDwordAdd(uint x, ulong y, uint[] z, int zOff) @@ -906,7 +801,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec c += z[zOff + 2]; z[zOff + 2] = (uint)c; c >>= 32; - return c == 0 ? 0 : Inc(z, zOff + 3); + return c == 0 ? 0 : Nat.IncAt(8, z, zOff, 3); } public static uint MulWord(uint x, uint[] y, uint[] z, int zOff) @@ -1255,17 +1150,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec return (int)c; } - public static int Sub33From(uint x, uint[] z) - { - long c = (long)z[0] - x; - z[0] = (uint)c; - c >>= 32; - c += (long)z[1] - 1; - z[1] = (uint)c; - c >>= 32; - return c == 0 ? 0 : Dec(z, 2); - } - public static int SubBothFrom(uint[] x, uint[] y, uint[] z) { long c = 0; @@ -1296,30 +1180,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec return (int)c; } - public static int SubDWordAt(ulong x, uint[] z, int zPos) - { - Debug.Assert(zPos <= 6); - long c = (long)z[zPos + 0] - (long)(x & M); - z[zPos + 0] = (uint)c; - c >>= 32; - c += (long)z[zPos + 1] - (long)(x >> 32); - z[zPos + 1] = (uint)c; - c >>= 32; - return c == 0 ? 0 : Dec(z, zPos + 2); - } - - public static int SubExt(uint[] xx, uint[] yy, uint[] zz) - { - long c = 0; - for (int i = 0; i < 16; ++i) - { - c += (long)xx[i] - yy[i]; - zz[i] = (uint)c; - c >>= 32; - } - return (int)c; - } - public static int SubFrom(uint[] x, uint[] z) { long c = 0; @@ -1380,24 +1240,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec return (int)c; } - public static int SubWord(uint x, uint[] z, int zOff) - { - Debug.Assert(zOff <= 7); - long c = (long)z[zOff + 0] - x; - z[zOff + 0] = (uint)c; - c >>= 32; - return c == 0 ? 0 : Dec(z, zOff + 1); - } - - public static int SubWordExt(uint x, uint[] zz, int zzOff) - { - Debug.Assert(zzOff <= 15); - long c = (long)zz[zzOff + 0] - x; - zz[zzOff + 0] = (uint)c; - c >>= 32; - return c == 0 ? 0 : DecExt(zz, zzOff + 1); - } - public static BigInteger ToBigInteger(uint[] x) { byte[] bs = new byte[32]; diff --git a/crypto/src/math/ec/custom/sec/SecP192K1Field.cs b/crypto/src/math/ec/custom/sec/SecP192K1Field.cs index 99e4cf999..8ce5619a0 100644 --- a/crypto/src/math/ec/custom/sec/SecP192K1Field.cs +++ b/crypto/src/math/ec/custom/sec/SecP192K1Field.cs @@ -9,9 +9,10 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec internal static readonly uint[] P = new uint[]{ 0xFFFFEE37, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF }; internal static readonly uint[] PExt = new uint[]{ 0x013C4FD1, 0x00002392, 0x00000001, 0x00000000, 0x00000000, 0x00000000, 0xFFFFDC6E, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF }; + private static readonly uint[] PExtInv = new uint[]{ 0xFEC3B02F, 0xFFFFDC6D, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, + 0xFFFFFFFF, 0x00002391, 0x00000002 }; private const uint P5 = 0xFFFFFFFF; private const uint PExt11 = 0xFFFFFFFF; - private const ulong PInv = 0x00000001000011C9L; private const uint PInv33 = 0x11C9; public static void Add(uint[] x, uint[] y, uint[] z) @@ -19,26 +20,28 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec uint c = Nat192.Add(x, y, z); if (c != 0 || (z[5] == P5 && Nat192.Gte(z, P))) { - Nat192.AddDWord(PInv, z, 0); + Nat.Add33To(6, PInv33, z); } } public static void AddExt(uint[] xx, uint[] yy, uint[] zz) { - uint c = Nat192.AddExt(xx, yy, zz); + uint c = Nat.Add(12, xx, yy, zz); if (c != 0 || (zz[11] == PExt11 && Nat192.GteExt(zz, PExt))) { - Nat192.SubExt(zz, PExt, zz); + if (Nat.AddTo(PExtInv.Length, PExtInv, zz) != 0) + { + Nat.IncAt(12, zz, PExtInv.Length); + } } } public static void AddOne(uint[] x, uint[] z) { - Nat192.Copy(x, z); - uint c = Nat192.Inc(z, 0); + uint c = Nat.Inc(6, x, z); if (c != 0 || (z[5] == P5 && Nat192.Gte(z, P))) { - Nat192.AddDWord(PInv, z, 0); + Nat.Add33To(6, PInv33, z); } } @@ -93,7 +96,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec if (c != 0 || (z[5] == P5 && Nat192.Gte(z, P))) { - Nat192.AddDWord(PInv, z, 0); + Nat.Add33To(6, PInv33, z); } } @@ -102,7 +105,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec if ((x != 0 && Nat192.Mul33WordAdd(PInv33, x, z, 0) != 0) || (z[5] == P5 && Nat192.Gte(z, P))) { - Nat192.AddDWord(PInv, z, 0); + Nat.Add33To(6, PInv33, z); } } @@ -133,16 +136,19 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec int c = Nat192.Sub(x, y, z); if (c != 0) { - Nat192.SubDWord(PInv, z); + Nat.Sub33From(6, PInv33, z); } } public static void SubtractExt(uint[] xx, uint[] yy, uint[] zz) { - int c = Nat192.SubExt(xx, yy, zz); + int c = Nat.Sub(12, xx, yy, zz); if (c != 0) { - Nat192.AddExt(zz, PExt, zz); + if (Nat.SubFrom(PExtInv.Length, PExtInv, zz) != 0) + { + Nat.DecAt(12, zz, PExtInv.Length); + } } } @@ -151,7 +157,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec uint c = Nat.ShiftUpBit(6, x, 0, z); if (c != 0 || (z[5] == P5 && Nat192.Gte(z, P))) { - Nat192.AddDWord(PInv, z, 0); + Nat.Add33To(6, PInv33, z); } } } diff --git a/crypto/src/math/ec/custom/sec/SecP192R1Field.cs b/crypto/src/math/ec/custom/sec/SecP192R1Field.cs index 71ccfc4b7..8e2aad5af 100644 --- a/crypto/src/math/ec/custom/sec/SecP192R1Field.cs +++ b/crypto/src/math/ec/custom/sec/SecP192R1Field.cs @@ -9,6 +9,8 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec internal static readonly uint[] P = new uint[]{ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF }; internal static readonly uint[] PExt = new uint[]{ 0x00000001, 0x00000000, 0x00000002, 0x00000000, 0x00000001, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF }; + private static readonly uint[] PExtInv = new uint[]{ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFE, + 0xFFFFFFFF, 0x00000001, 0x00000000, 0x00000002 }; private const uint P5 = 0xFFFFFFFF; private const uint PExt11 = 0xFFFFFFFF; @@ -17,26 +19,28 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec uint c = Nat192.Add(x, y, z); if (c != 0 || (z[5] == P5 && Nat192.Gte(z, P))) { - Nat192.SubFrom(P, z); + AddPInvTo(z); } } public static void AddExt(uint[] xx, uint[] yy, uint[] zz) { - uint c = Nat192.AddExt(xx, yy, zz); + uint c = Nat.Add(12, xx, yy, zz); if (c != 0 || (zz[11] == PExt11 && Nat192.GteExt(zz, PExt))) { - Nat192.SubExt(zz, PExt, zz); + if (Nat.AddTo(PExtInv.Length, PExtInv, zz) != 0) + { + Nat.IncAt(12, zz, PExtInv.Length); + } } } public static void AddOne(uint[] x, uint[] z) { - Nat192.Copy(x, z); - uint c = Nat192.Inc(z, 0); + uint c = Nat.Inc(6, x, z); if (c != 0 || (z[5] == P5 && Nat192.Gte(z, P))) { - Nat192.SubFrom(P, z); + AddPInvTo(z); } } @@ -123,10 +127,10 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec public static void Reduce32(uint x, uint[] z) { - if ((x != 0 && (Nat192.AddWord(x, z, 0) + Nat192.AddWord(x, z, 2) != 0)) + if ((x != 0 && (Nat.AddWordTo(6, x, z) + Nat.AddWordAt(6, x, z, 2) != 0)) || (z[5] == P5 && Nat192.Gte(z, P))) { - Nat192.SubFrom(P, z); + AddPInvTo(z); } } @@ -157,16 +161,19 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec int c = Nat192.Sub(x, y, z); if (c != 0) { - Nat192.AddTo(P, z); + SubPInvFrom(z); } } public static void SubtractExt(uint[] xx, uint[] yy, uint[] zz) { - int c = Nat192.SubExt(xx, yy, zz); + int c = Nat.Sub(12, xx, yy, zz); if (c != 0) { - Nat192.AddExt(zz, PExt, zz); + if (Nat.SubFrom(PExtInv.Length, PExtInv, zz) != 0) + { + Nat.DecAt(12, zz, PExtInv.Length); + } } } @@ -175,7 +182,47 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec uint c = Nat.ShiftUpBit(6, x, 0, z); if (c != 0 || (z[5] == P5 && Nat192.Gte(z, P))) { - Nat192.SubFrom(P, z); + AddPInvTo(z); + } + } + + private static void AddPInvTo(uint[] z) + { + long c = (long)z[0] + 1; + z[0] = (uint)c; + c >>= 32; + if (c != 0) + { + c += (long)z[1]; + z[1] = (uint)c; + c >>= 32; + } + c += (long)z[2] + 1; + z[2] = (uint)c; + c >>= 32; + if (c != 0) + { + Nat.IncAt(6, z, 3); + } + } + + private static void SubPInvFrom(uint[] z) + { + long c = (long)z[0] - 1; + z[0] = (uint)c; + c >>= 32; + if (c != 0) + { + c += (long)z[1]; + z[1] = (uint)c; + c >>= 32; + } + c += (long)z[2] - 1; + z[2] = (uint)c; + c >>= 32; + if (c != 0) + { + Nat.DecAt(6, z, 3); } } } diff --git a/crypto/src/math/ec/custom/sec/SecP224K1Field.cs b/crypto/src/math/ec/custom/sec/SecP224K1Field.cs index 03df35d36..57fd1179a 100644 --- a/crypto/src/math/ec/custom/sec/SecP224K1Field.cs +++ b/crypto/src/math/ec/custom/sec/SecP224K1Field.cs @@ -10,9 +10,10 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec 0xFFFFFFFF }; internal static readonly uint[] PExt = new uint[]{ 0x02C23069, 0x00003526, 0x00000001, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0xFFFFCADA, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF }; + private static readonly uint[] PExtInv = new uint[]{ 0xFD3DCF97, 0xFFFFCAD9, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, + 0xFFFFFFFF, 0xFFFFFFFF, 0x00003525, 0x00000002 }; private const uint P6 = 0xFFFFFFFF; private const uint PExt13 = 0xFFFFFFFF; - private const ulong PInv = 0x0000000100001A93L; private const uint PInv33 = 0x1A93; public static void Add(uint[] x, uint[] y, uint[] z) @@ -20,26 +21,28 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec uint c = Nat224.Add(x, y, z); if (c != 0 || (z[6] == P6 && Nat224.Gte(z, P))) { - Nat224.AddDWord(PInv, z, 0); + Nat.Add33To(7, PInv33, z); } } public static void AddExt(uint[] xx, uint[] yy, uint[] zz) { - uint c = Nat224.AddExt(xx, yy, zz); + uint c = Nat.Add(14, xx, yy, zz); if (c != 0 || (zz[13] == PExt13 && Nat224.GteExt(zz, PExt))) { - Nat224.SubExt(zz, PExt, zz); + if (Nat.AddTo(PExtInv.Length, PExtInv, zz) != 0) + { + Nat.IncAt(14, zz, PExtInv.Length); + } } } public static void AddOne(uint[] x, uint[] z) { - Nat224.Copy(x, z); - uint c = Nat224.Inc(z, 0); + uint c = Nat.Inc(7, x, z); if (c != 0 || (z[6] == P6 && Nat224.Gte(z, P))) { - Nat224.AddDWord(PInv, z, 0); + Nat.Add33To(7, PInv33, z); } } @@ -94,7 +97,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec if (c != 0 || (z[6] == P6 && Nat224.Gte(z, P))) { - Nat224.AddDWord(PInv, z, 0); + Nat.Add33To(7, PInv33, z); } } @@ -103,7 +106,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec if ((x != 0 && Nat224.Mul33WordAdd(PInv33, x, z, 0) != 0) || (z[6] == P6 && Nat224.Gte(z, P))) { - Nat224.AddDWord(PInv, z, 0); + Nat.Add33To(7, PInv33, z); } } @@ -134,16 +137,19 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec int c = Nat224.Sub(x, y, z); if (c != 0) { - Nat224.SubDWord(PInv, z); + Nat.Sub33From(7, PInv33, z); } } public static void SubtractExt(uint[] xx, uint[] yy, uint[] zz) { - int c = Nat224.SubExt(xx, yy, zz); + int c = Nat.Sub(14, xx, yy, zz); if (c != 0) { - Nat224.AddExt(zz, PExt, zz); + if (Nat.SubFrom(PExtInv.Length, PExtInv, zz) != 0) + { + Nat.DecAt(14, zz, PExtInv.Length); + } } } @@ -152,7 +158,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec uint c = Nat.ShiftUpBit(7, x, 0, z); if (c != 0 || (z[6] == P6 && Nat224.Gte(z, P))) { - Nat224.AddDWord(PInv, z, 0); + Nat.Add33To(7, PInv33, z); } } } diff --git a/crypto/src/math/ec/custom/sec/SecP224R1Field.cs b/crypto/src/math/ec/custom/sec/SecP224R1Field.cs index 5447ce697..8ffc9aa65 100644 --- a/crypto/src/math/ec/custom/sec/SecP224R1Field.cs +++ b/crypto/src/math/ec/custom/sec/SecP224R1Field.cs @@ -9,6 +9,8 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec internal static readonly uint[] P = new uint[] { 0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF }; internal static readonly uint[] PExt = new uint[]{ 0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, 0x00000002, 0x00000000, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF }; + private static readonly uint[] PExtInv = new uint[]{ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000001, 0x00000000, + 0x00000000, 0xFFFFFFFF, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000001 }; private const uint P6 = 0xFFFFFFFF; private const uint PExt13 = 0xFFFFFFFF; @@ -17,26 +19,28 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec uint c = Nat224.Add(x, y, z); if (c != 0 || (z[6] == P6 && Nat224.Gte(z, P))) { - Nat224.SubFrom(P, z); + AddPInvTo(z); } } public static void AddExt(uint[] xx, uint[] yy, uint[] zz) { - uint c = Nat224.AddExt(xx, yy, zz); + uint c = Nat.Add(14, xx, yy, zz); if (c != 0 || (zz[13] == PExt13 && Nat224.GteExt(zz, PExt))) { - Nat224.SubExt(zz, PExt, zz); + if (Nat.AddTo(PExtInv.Length, PExtInv, zz) != 0) + { + Nat.IncAt(14, zz, PExtInv.Length); + } } } public static void AddOne(uint[] x, uint[] z) { - Nat224.Copy(x, z); - uint c = Nat224.Inc(z, 0); + uint c = Nat.Inc(7, x, z); if (c != 0 || (z[6] == P6 && Nat224.Gte(z, P))) { - Nat224.SubFrom(P, z); + AddPInvTo(z); } } @@ -121,16 +125,16 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec } else { - Nat224.AddTo(P, z); + SubPInvFrom(z); } } public static void Reduce32(uint x, uint[] z) { - if ((x != 0 && (Nat224.SubWord(x, z, 0) + Nat224.AddWord(x, z, 3) != 0)) + if ((x != 0 && (Nat.SubWordFrom(7, x, z) + Nat.AddWordAt(7, x, z, 3) != 0)) || (z[6] == P6 && Nat224.Gte(z, P))) { - Nat224.SubFrom(P, z); + AddPInvTo(z); } } @@ -161,16 +165,19 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec int c = Nat224.Sub(x, y, z); if (c != 0) { - Nat224.AddTo(P, z); + SubPInvFrom(z); } } public static void SubtractExt(uint[] xx, uint[] yy, uint[] zz) { - int c = Nat224.SubExt(xx, yy, zz); + int c = Nat.Sub(14, xx, yy, zz); if (c != 0) { - Nat224.AddExt(zz, PExt, zz); + if (Nat.SubFrom(PExtInv.Length, PExtInv, zz) != 0) + { + Nat.DecAt(14, zz, PExtInv.Length); + } } } @@ -179,7 +186,53 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec uint c = Nat.ShiftUpBit(7, x, 0, z); if (c != 0 || (z[6] == P6 && Nat224.Gte(z, P))) { - Nat224.SubFrom(P, z); + AddPInvTo(z); + } + } + + private static void AddPInvTo(uint[] z) + { + long c = (long)z[0] - 1; + z[0] = (uint)c; + c >>= 32; + if (c != 0) + { + c += (long)z[1]; + z[1] = (uint)c; + c >>= 32; + c += (long)z[2]; + z[2] = (uint)c; + c >>= 32; + } + c += (long)z[3] + 1; + z[3] = (uint)c; + c >>= 32; + if (c != 0) + { + Nat.IncAt(7, z, 4); + } + } + + private static void SubPInvFrom(uint[] z) + { + long c = (long)z[0] + 1; + z[0] = (uint)c; + c >>= 32; + if (c != 0) + { + c += (long)z[1]; + z[1] = (uint)c; + c >>= 32; + c += (long)z[2]; + z[2] = (uint)c; + c >>= 32; + } + c += (long)z[3] - 1; + z[3] = (uint)c; + c >>= 32; + if (c != 0) + { + Nat.DecAt(7, z, 4); } } } diff --git a/crypto/src/math/ec/custom/sec/SecP256K1Field.cs b/crypto/src/math/ec/custom/sec/SecP256K1Field.cs index 6e834beb3..aa82013b2 100644 --- a/crypto/src/math/ec/custom/sec/SecP256K1Field.cs +++ b/crypto/src/math/ec/custom/sec/SecP256K1Field.cs @@ -22,29 +22,28 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec uint c = Nat256.Add(x, y, z); if (c != 0 || (z[7] == P7 && Nat256.Gte(z, P))) { - Nat256.Add33To(PInv33, z); + Nat.Add33To(8, PInv33, z); } } public static void AddExt(uint[] xx, uint[] yy, uint[] zz) { - uint c = Nat256.AddExt(xx, yy, zz); + uint c = Nat.Add(16, xx, yy, zz); if (c != 0 || (zz[15] == PExt15 && Nat256.GteExt(zz, PExt))) { if (Nat.AddTo(PExtInv.Length, PExtInv, zz) != 0) { - Nat256.IncExt(zz, PExtInv.Length); + Nat.IncAt(16, zz, PExtInv.Length); } } } public static void AddOne(uint[] x, uint[] z) { - Nat256.Copy(x, z); - uint c = Nat256.Inc(z, 0); + uint c = Nat.Inc(8, x, z); if (c != 0 || (z[7] == P7 && Nat256.Gte(z, P))) { - Nat256.Add33To(PInv33, z); + Nat.Add33To(8, PInv33, z); } } @@ -99,7 +98,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec if (c != 0 || (z[7] == P7 && Nat256.Gte(z, P))) { - Nat256.Add33To(PInv33, z); + Nat.Add33To(8, PInv33, z); } } @@ -108,7 +107,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec if ((x != 0 && Nat256.Mul33WordAdd(PInv33, x, z, 0) != 0) || (z[7] == P7 && Nat256.Gte(z, P))) { - Nat256.Add33To(PInv33, z); + Nat.Add33To(8, PInv33, z); } } @@ -139,18 +138,18 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec int c = Nat256.Sub(x, y, z); if (c != 0) { - Nat256.Sub33From(PInv33, z); + Nat.Sub33From(8, PInv33, z); } } public static void SubtractExt(uint[] xx, uint[] yy, uint[] zz) { - int c = Nat256.SubExt(xx, yy, zz); + int c = Nat.Sub(16, xx, yy, zz); if (c != 0) { if (Nat.SubFrom(PExtInv.Length, PExtInv, zz) != 0) { - Nat256.DecExt(zz, PExtInv.Length); + Nat.DecAt(16, zz, PExtInv.Length); } } } @@ -160,7 +159,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec uint c = Nat.ShiftUpBit(8, x, 0, z); if (c != 0 || (z[7] == P7 && Nat256.Gte(z, P))) { - Nat256.Add33To(PInv33, z); + Nat.Add33To(8, PInv33, z); } } } diff --git a/crypto/src/math/ec/custom/sec/SecP256R1Field.cs b/crypto/src/math/ec/custom/sec/SecP256R1Field.cs index 9bcb0e98e..de383046d 100644 --- a/crypto/src/math/ec/custom/sec/SecP256R1Field.cs +++ b/crypto/src/math/ec/custom/sec/SecP256R1Field.cs @@ -26,17 +26,16 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec public static void AddExt(uint[] xx, uint[] yy, uint[] zz) { - uint c = Nat256.AddExt(xx, yy, zz); + uint c = Nat.Add(16, xx, yy, zz); if (c != 0 || Nat256.GteExt(zz, PExt)) { - Nat256.SubExt(zz, PExt, zz); + Nat.SubFrom(16, PExt, zz); } } public static void AddOne(uint[] x, uint[] z) { - Nat256.Copy(x, z); - uint c = Nat256.Inc(z, 0); + uint c = Nat.Inc(8, x, z); if (c != 0 || (z[7] == P7 && Nat256.Gte(z, P))) { Nat256.SubFrom(P, z); @@ -217,10 +216,10 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec public static void SubtractExt(uint[] xx, uint[] yy, uint[] zz) { - int c = Nat256.SubExt(xx, yy, zz); + int c = Nat.Sub(16, xx, yy, zz); if (c != 0) { - Nat256.AddExt(zz, PExt, zz); + Nat.AddTo(16, PExt, zz); } } diff --git a/crypto/src/math/ec/custom/sec/SecP384R1Field.cs b/crypto/src/math/ec/custom/sec/SecP384R1Field.cs index f41c0b8dd..039c18af8 100644 --- a/crypto/src/math/ec/custom/sec/SecP384R1Field.cs +++ b/crypto/src/math/ec/custom/sec/SecP384R1Field.cs @@ -11,7 +11,6 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec internal static readonly uint[] PExt = new uint[]{ 0x00000001, 0xFFFFFFFE, 0x00000000, 0x00000002, 0x00000000, 0xFFFFFFFE, 0x00000000, 0x00000002, 0x00000001, 0x00000000, 0x00000000, 0x00000000, 0xFFFFFFFE, 0x00000001, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF }; - private static readonly uint[] PInv = new uint[]{ 0x00000001, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, 0x00000001 }; private static readonly uint[] PExtInv = new uint[]{ 0xFFFFFFFF, 0x00000001, 0xFFFFFFFF, 0xFFFFFFFD, 0xFFFFFFFF, 0x00000001, 0xFFFFFFFF, 0xFFFFFFFD, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000001, 0xFFFFFFFE, 0xFFFFFFFF, 0x00000001, 0x00000002 }; @@ -23,10 +22,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec uint c = Nat.Add(12, x, y, z); if (c != 0 || (z[11] == P11 && Nat.Gte(12, z, P))) { - if (Nat.AddTo(PInv.Length, PInv, z) != 0) - { - Nat.IncAt(12, z, PInv.Length); - } + AddPInvTo(z); } } @@ -47,10 +43,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec uint c = Nat.Inc(12, x, z); if (c != 0 || (z[11] == P11 && Nat.Gte(12, z, P))) { - if (Nat.AddTo(PInv.Length, PInv, z) != 0) - { - Nat.IncAt(12, z, PInv.Length); - } + AddPInvTo(z); } } @@ -145,9 +138,9 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec { Reduce32((uint)c, z); } - else if (Nat.SubFrom(PInv.Length, PInv, z) != 0) + else { - Nat.DecAt(12, z, PInv.Length); + SubPInvFrom(z); } } @@ -181,10 +174,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec if ((cc != 0 && Nat.IncAt(12, z, 5) != 0) || (z[11] == P11 && Nat.Gte(12, z, P))) { - if (Nat.AddTo(PInv.Length, PInv, z) != 0) - { - Nat.IncAt(12, z, PInv.Length); - } + AddPInvTo(z); } } @@ -215,10 +205,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec int c = Nat.Sub(12, x, y, z); if (c != 0) { - if (Nat.SubFrom(PInv.Length, PInv, z) != 0) - { - Nat.DecAt(12, z, PInv.Length); - } + SubPInvFrom(z); } } @@ -239,10 +226,59 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec uint c = Nat.ShiftUpBit(12, x, 0, z); if (c != 0 || (z[11] == P11 && Nat.Gte(12, z, P))) { - if (Nat.AddTo(PInv.Length, PInv, z) != 0) - { - Nat.IncAt(12, z, PInv.Length); - } + AddPInvTo(z); + } + } + + private static void AddPInvTo(uint[] z) + { + long c = (long)z[0] + 1; + z[0] = (uint)c; + c >>= 32; + c += (long)z[1] - 1; + z[1] = (uint)c; + c >>= 32; + if (c != 0) + { + c += (long)z[2]; + z[2] = (uint)c; + c >>= 32; + } + c += (long)z[3] + 1; + z[3] = (uint)c; + c >>= 32; + c += (long)z[4] + 1; + z[4] = (uint)c; + c >>= 32; + if (c != 0) + { + Nat.IncAt(12, z, 5); + } + } + + private static void SubPInvFrom(uint[] z) + { + long c = (long)z[0] - 1; + z[0] = (uint)c; + c >>= 32; + c += (long)z[1] + 1; + z[1] = (uint)c; + c >>= 32; + if (c != 0) + { + c += (long)z[2]; + z[2] = (uint)c; + c >>= 32; + } + c += (long)z[3] - 1; + z[3] = (uint)c; + c >>= 32; + c += (long)z[4] - 1; + z[4] = (uint)c; + c >>= 32; + if (c != 0) + { + Nat.DecAt(12, z, 5); } } } |