diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2021-02-10 16:53:47 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2021-02-10 16:53:47 +0700 |
| commit | 332484150c8bcc94dad95b5948d20835d948e831 (patch) | |
| tree | 08c6c76ebdc3855524afc71c082558763b89b614 /crypto/src/math/ec/rfc7748 | |
| parent | Refactor nonce generator init (diff) | |
| download | BouncyCastle.NET-ed25519-332484150c8bcc94dad95b5948d20835d948e831.tar.xz | |
EdDSA public key validation
- per NIST SP 800-186
Diffstat (limited to 'crypto/src/math/ec/rfc7748')
| -rw-r--r-- | crypto/src/math/ec/rfc7748/X25519Field.cs | 34 | ||||
| -rw-r--r-- | crypto/src/math/ec/rfc7748/X448Field.cs | 34 |
2 files changed, 68 insertions, 0 deletions
diff --git a/crypto/src/math/ec/rfc7748/X25519Field.cs b/crypto/src/math/ec/rfc7748/X25519Field.cs index ffede563b..d0b835226 100644 --- a/crypto/src/math/ec/rfc7748/X25519Field.cs +++ b/crypto/src/math/ec/rfc7748/X25519Field.cs @@ -48,6 +48,23 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748 } } + public static int AreEqual(int[] x, int[] y) + { + int d = 0; + for (int i = 0; i < Size; ++i) + { + d |= x[i] ^ y[i]; + } + d |= d >> 16; + d &= 0xFFFF; + return (d - 1) >> 31; + } + + public static bool AreEqualVar(int[] x, int[] y) + { + return 0 != AreEqual(x, y); + } + public static void Carry(int[] z) { int z0 = z[0], z1 = z[1], z2 = z[2], z3 = z[3], z4 = z[4]; @@ -258,6 +275,23 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748 Decode(u, 0, z); } + public static int IsOne(int[] x) + { + int d = x[0] ^ 1; + for (int i = 1; i < Size; ++i) + { + d |= x[i]; + } + d |= d >> 16; + d &= 0xFFFF; + return (d - 1) >> 31; + } + + public static bool IsOneVar(int[] x) + { + return 0 != IsOne(x); + } + public static int IsZero(int[] x) { int d = 0; diff --git a/crypto/src/math/ec/rfc7748/X448Field.cs b/crypto/src/math/ec/rfc7748/X448Field.cs index ef4fd4627..6d8c60e78 100644 --- a/crypto/src/math/ec/rfc7748/X448Field.cs +++ b/crypto/src/math/ec/rfc7748/X448Field.cs @@ -46,6 +46,23 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748 // } //} + public static int AreEqual(uint[] x, uint[] y) + { + uint d = 0; + for (int i = 0; i < Size; ++i) + { + d |= x[i] ^ y[i]; + } + d |= d >> 16; + d &= 0xFFFF; + return ((int)d - 1) >> 31; + } + + public static bool AreEqualVar(uint[] x, uint[] y) + { + return 0 != AreEqual(x, y); + } + public static void Carry(uint[] z) { uint z0 = z[0], z1 = z[1], z2 = z[2], z3 = z[3], z4 = z[4], z5 = z[5], z6 = z[6], z7 = z[7]; @@ -285,6 +302,23 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748 Decode(u, 0, z); } + public static int IsOne(uint[] x) + { + uint d = x[0] ^ 1; + for (int i = 1; i < Size; ++i) + { + d |= x[i]; + } + d |= d >> 16; + d &= 0xFFFF; + return ((int)d - 1) >> 31; + } + + public static bool IsOneVar(uint[] x) + { + return 0 != IsOne(x); + } + public static int IsZero(uint[] x) { uint d = 0; |