diff --git a/crypto/src/math/ec/rfc7748/X25519.cs b/crypto/src/math/ec/rfc7748/X25519.cs
index 1d581bb85..bf845d2f5 100644
--- a/crypto/src/math/ec/rfc7748/X25519.cs
+++ b/crypto/src/math/ec/rfc7748/X25519.cs
@@ -12,6 +12,8 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748
public const int PointSize = 32;
public const int ScalarSize = 32;
+ private class F : X25519Field {};
+
private const int C_A = 486662;
private const int C_A24 = (C_A + 2)/4;
@@ -61,17 +63,17 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748
private static void PointDouble(int[] x, int[] z)
{
- int[] A = X25519Field.Create();
- int[] B = X25519Field.Create();
-
- X25519Field.Apm(x, z, A, B);
- X25519Field.Sqr(A, A);
- X25519Field.Sqr(B, B);
- X25519Field.Mul(A, B, x);
- X25519Field.Sub(A, B, A);
- X25519Field.Mul(A, C_A24, z);
- X25519Field.Add(z, B, z);
- X25519Field.Mul(z, A, z);
+ int[] a = F.Create();
+ int[] b = F.Create();
+
+ F.Apm(x, z, a, b);
+ F.Sqr(a, a);
+ F.Sqr(b, b);
+ F.Mul(a, b, x);
+ F.Sub(a, b, a);
+ F.Mul(a, C_A24, z);
+ F.Add(z, b, z);
+ F.Mul(z, a, z);
}
public static void Precompute()
@@ -83,45 +85,45 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748
{
uint[] n = new uint[8]; DecodeScalar(k, kOff, n);
- int[] x1 = X25519Field.Create(); X25519Field.Decode(u, uOff, x1);
- int[] x2 = X25519Field.Create(); X25519Field.Copy(x1, 0, x2, 0);
- int[] z2 = X25519Field.Create(); z2[0] = 1;
- int[] x3 = X25519Field.Create(); x3[0] = 1;
- int[] z3 = X25519Field.Create();
+ int[] x1 = F.Create(); F.Decode(u, uOff, x1);
+ int[] x2 = F.Create(); F.Copy(x1, 0, x2, 0);
+ int[] z2 = F.Create(); z2[0] = 1;
+ int[] x3 = F.Create(); x3[0] = 1;
+ int[] z3 = F.Create();
- int[] t1 = X25519Field.Create();
- int[] t2 = X25519Field.Create();
+ int[] t1 = F.Create();
+ int[] t2 = F.Create();
Debug.Assert(n[7] >> 30 == 1U);
int bit = 254, swap = 1;
do
{
- X25519Field.Apm(x3, z3, t1, x3);
- X25519Field.Apm(x2, z2, z3, x2);
- X25519Field.Mul(t1, x2, t1);
- X25519Field.Mul(x3, z3, x3);
- X25519Field.Sqr(z3, z3);
- X25519Field.Sqr(x2, x2);
-
- X25519Field.Sub(z3, x2, t2);
- X25519Field.Mul(t2, C_A24, z2);
- X25519Field.Add(z2, x2, z2);
- X25519Field.Mul(z2, t2, z2);
- X25519Field.Mul(x2, z3, x2);
-
- X25519Field.Apm(t1, x3, x3, z3);
- X25519Field.Sqr(x3, x3);
- X25519Field.Sqr(z3, z3);
- X25519Field.Mul(z3, x1, z3);
+ F.Apm(x3, z3, t1, x3);
+ F.Apm(x2, z2, z3, x2);
+ F.Mul(t1, x2, t1);
+ F.Mul(x3, z3, x3);
+ F.Sqr(z3, z3);
+ F.Sqr(x2, x2);
+
+ F.Sub(z3, x2, t2);
+ F.Mul(t2, C_A24, z2);
+ F.Add(z2, x2, z2);
+ F.Mul(z2, t2, z2);
+ F.Mul(x2, z3, x2);
+
+ F.Apm(t1, x3, x3, z3);
+ F.Sqr(x3, x3);
+ F.Sqr(z3, z3);
+ F.Mul(z3, x1, z3);
--bit;
int word = bit >> 5, shift = bit & 0x1F;
int kt = (int)(n[word] >> shift) & 1;
swap ^= kt;
- X25519Field.CSwap(swap, x2, x3);
- X25519Field.CSwap(swap, z2, z3);
+ F.CSwap(swap, x2, x3);
+ F.CSwap(swap, z2, z3);
swap = kt;
}
while (bit >= 3);
@@ -133,27 +135,27 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748
PointDouble(x2, z2);
}
- X25519Field.Inv(z2, z2);
- X25519Field.Mul(x2, z2, x2);
+ F.Inv(z2, z2);
+ F.Mul(x2, z2, x2);
- X25519Field.Normalize(x2);
- X25519Field.Encode(x2, r, rOff);
+ F.Normalize(x2);
+ F.Encode(x2, r, rOff);
}
public static void ScalarMultBase(byte[] k, int kOff, byte[] r, int rOff)
{
- int[] y = X25519Field.Create();
- int[] z = X25519Field.Create();
+ int[] y = F.Create();
+ int[] z = F.Create();
Ed25519.ScalarMultBaseYZ(k, kOff, y, z);
- X25519Field.Apm(z, y, y, z);
+ F.Apm(z, y, y, z);
- X25519Field.Inv(z, z);
- X25519Field.Mul(y, z, y);
+ F.Inv(z, z);
+ F.Mul(y, z, y);
- X25519Field.Normalize(y);
- X25519Field.Encode(y, r, rOff);
+ F.Normalize(y);
+ F.Encode(y, r, rOff);
}
}
}
diff --git a/crypto/src/math/ec/rfc7748/X448.cs b/crypto/src/math/ec/rfc7748/X448.cs
index 4f139f23d..061a13163 100644
--- a/crypto/src/math/ec/rfc7748/X448.cs
+++ b/crypto/src/math/ec/rfc7748/X448.cs
@@ -12,6 +12,8 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748
public const int PointSize = 56;
public const int ScalarSize = 56;
+ private class F : X448Field {};
+
private const uint C_A = 156326;
private const uint C_A24 = (C_A + 2)/4;
@@ -60,19 +62,19 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748
private static void PointDouble(uint[] x, uint[] z)
{
- uint[] A = X448Field.Create();
- uint[] B = X448Field.Create();
-
- //X448Field.Apm(x, z, A, B);
- X448Field.Add(x, z, A);
- X448Field.Sub(x, z, B);
- X448Field.Sqr(A, A);
- X448Field.Sqr(B, B);
- X448Field.Mul(A, B, x);
- X448Field.Sub(A, B, A);
- X448Field.Mul(A, C_A24, z);
- X448Field.Add(z, B, z);
- X448Field.Mul(z, A, z);
+ uint[] a = F.Create();
+ uint[] b = F.Create();
+
+ //F.Apm(x, z, a, b);
+ F.Add(x, z, a);
+ F.Sub(x, z, b);
+ F.Sqr(a, a);
+ F.Sqr(b, b);
+ F.Mul(a, b, x);
+ F.Sub(a, b, a);
+ F.Mul(a, C_A24, z);
+ F.Add(z, b, z);
+ F.Mul(z, a, z);
}
public static void Precompute()
@@ -84,52 +86,52 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748
{
uint[] n = new uint[14]; DecodeScalar(k, kOff, n);
- uint[] x1 = X448Field.Create(); X448Field.Decode(u, uOff, x1);
- uint[] x2 = X448Field.Create(); X448Field.Copy(x1, 0, x2, 0);
- uint[] z2 = X448Field.Create(); z2[0] = 1;
- uint[] x3 = X448Field.Create(); x3[0] = 1;
- uint[] z3 = X448Field.Create();
+ uint[] x1 = F.Create(); F.Decode(u, uOff, x1);
+ uint[] x2 = F.Create(); F.Copy(x1, 0, x2, 0);
+ uint[] z2 = F.Create(); z2[0] = 1;
+ uint[] x3 = F.Create(); x3[0] = 1;
+ uint[] z3 = F.Create();
- uint[] t1 = X448Field.Create();
- uint[] t2 = X448Field.Create();
+ uint[] t1 = F.Create();
+ uint[] t2 = F.Create();
Debug.Assert(n[13] >> 31 == 1U);
int bit = 447, swap = 1;
do
{
- //X448Field.Apm(x3, z3, t1, x3);
- X448Field.Add(x3, z3, t1);
- X448Field.Sub(x3, z3, x3);
- //X448Field.Apm(x2, z2, z3, x2);
- X448Field.Add(x2, z2, z3);
- X448Field.Sub(x2, z2, x2);
-
- X448Field.Mul(t1, x2, t1);
- X448Field.Mul(x3, z3, x3);
- X448Field.Sqr(z3, z3);
- X448Field.Sqr(x2, x2);
-
- X448Field.Sub(z3, x2, t2);
- X448Field.Mul(t2, C_A24, z2);
- X448Field.Add(z2, x2, z2);
- X448Field.Mul(z2, t2, z2);
- X448Field.Mul(x2, z3, x2);
-
- //X448Field.Apm(t1, x3, x3, z3);
- X448Field.Sub(t1, x3, z3);
- X448Field.Add(t1, x3, x3);
- X448Field.Sqr(x3, x3);
- X448Field.Sqr(z3, z3);
- X448Field.Mul(z3, x1, z3);
+ //F.Apm(x3, z3, t1, x3);
+ F.Add(x3, z3, t1);
+ F.Sub(x3, z3, x3);
+ //F.Apm(x2, z2, z3, x2);
+ F.Add(x2, z2, z3);
+ F.Sub(x2, z2, x2);
+
+ F.Mul(t1, x2, t1);
+ F.Mul(x3, z3, x3);
+ F.Sqr(z3, z3);
+ F.Sqr(x2, x2);
+
+ F.Sub(z3, x2, t2);
+ F.Mul(t2, C_A24, z2);
+ F.Add(z2, x2, z2);
+ F.Mul(z2, t2, z2);
+ F.Mul(x2, z3, x2);
+
+ //F.Apm(t1, x3, x3, z3);
+ F.Sub(t1, x3, z3);
+ F.Add(t1, x3, x3);
+ F.Sqr(x3, x3);
+ F.Sqr(z3, z3);
+ F.Mul(z3, x1, z3);
--bit;
int word = bit >> 5, shift = bit & 0x1F;
int kt = (int)(n[word] >> shift) & 1;
swap ^= kt;
- X448Field.CSwap(swap, x2, x3);
- X448Field.CSwap(swap, z2, z3);
+ F.CSwap(swap, x2, x3);
+ F.CSwap(swap, z2, z3);
swap = kt;
}
while (bit >= 2);
@@ -141,26 +143,26 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748
PointDouble(x2, z2);
}
- X448Field.Inv(z2, z2);
- X448Field.Mul(x2, z2, x2);
+ F.Inv(z2, z2);
+ F.Mul(x2, z2, x2);
- X448Field.Normalize(x2);
- X448Field.Encode(x2, r, rOff);
+ F.Normalize(x2);
+ F.Encode(x2, r, rOff);
}
public static void ScalarMultBase(byte[] k, int kOff, byte[] r, int rOff)
{
- uint[] x = X448Field.Create();
- uint[] y = X448Field.Create();
+ uint[] x = F.Create();
+ uint[] y = F.Create();
Ed448.ScalarMultBaseXY(k, kOff, x, y);
- X448Field.Inv(x, x);
- X448Field.Mul(x, y, x);
- X448Field.Sqr(x, x);
+ F.Inv(x, x);
+ F.Mul(x, y, x);
+ F.Sqr(x, x);
- X448Field.Normalize(x);
- X448Field.Encode(x, r, rOff);
+ F.Normalize(x);
+ F.Encode(x, r, rOff);
}
}
}
diff --git a/crypto/src/math/ec/rfc7748/X448Field.cs b/crypto/src/math/ec/rfc7748/X448Field.cs
index 4d3be5cda..ef4fd4627 100644
--- a/crypto/src/math/ec/rfc7748/X448Field.cs
+++ b/crypto/src/math/ec/rfc7748/X448Field.cs
@@ -120,6 +120,11 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748
return new uint[Size];
}
+ public static uint[] CreateTable(int n)
+ {
+ return new uint[Size * n];
+ }
+
public static void CSwap(int swap, uint[] a, uint[] b)
{
Debug.Assert(swap >> 1 == 0);
|
