EdDSA refactoring

- tighten scalar bounds for wNAF
- provide CMov in field classes
- fix spelling of Straus

1 files changed, 16 insertions, 4 deletions

diff --git a/crypto/src/math/ec/rfc7748/X448Field.cs b/crypto/src/math/ec/rfc7748/X448Field.cs
index 7cda6ebcc..f1e89e520 100644
--- a/crypto/src/math/ec/rfc7748/X448Field.cs
+++ b/crypto/src/math/ec/rfc7748/X448Field.cs
@@ -1,8 +1,6 @@
 using System;
 using System.Diagnostics;
 
-using Org.BouncyCastle.Math.Raw;
-
 namespace Org.BouncyCastle.Math.EC.Rfc7748
 {
     [CLSCompliantAttribute(false)]
@@ -12,7 +10,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748
 
         private const uint M28 = 0x0FFFFFFFU;
 
-        private X448Field() {}
+        protected X448Field() {}
 
         public static void Add(uint[] x, uint[] y, uint[] z)
         {
@@ -74,6 +72,20 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748
             z[8] = z8; z[9] = z9; z[10] = z10; z[11] = z11; z[12] = z12; z[13] = z13; z[14] = z14; z[15] = z15;
         }
 
+        public static void CMov(int cond, uint[] x, int xOff, uint[] z, int zOff)
+        {
+            Debug.Assert(0 == cond || -1 == cond);
+
+            uint MASK = (uint)cond;
+
+            for (int i = 0; i < Size; ++i)
+            {
+                uint z_i = z[zOff + i], diff = z_i ^ x[xOff + i];
+                z_i ^= (diff & MASK);
+                z[zOff + i] = z_i;
+            }
+        }
+
         public static void CNegate(int negate, uint[] z)
         {
             Debug.Assert(negate >> 1 == 0);
@@ -81,7 +93,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748
             uint[] t = Create();
             Sub(t, z, t);
 
-            Nat.CMov(Size, negate, t, 0, z, 0);
+            CMov(-negate, t, 0, z, 0);
         }
 
         public static void Copy(uint[] x, int xOff, uint[] z, int zOff)