Reduce single-bit extractions from scalars

author: Peter Dettman <peter.dettman@bouncycastle.org> 2018-09-14 18:04:22 +0700
committer: Peter Dettman <peter.dettman@bouncycastle.org> 2018-09-14 18:04:22 +0700
commit: d78d99738fc727f2efea7b99f6bc3cc9a083dca1 (patch)
tree: 22e201dc65a14ad325ab7dddf6a4bb5ab7b47a03 /crypto/src/math/ec/rfc8032/Ed448.cs
parent: RFC 5958: Update PrivateKeyInfo (diff)
download: BouncyCastle.NET-ed25519-d78d99738fc727f2efea7b99f6bc3cc9a083dca1.tar.xz
1 files changed, 3 insertions, 2 deletions
diff --git a/crypto/src/math/ec/rfc8032/Ed448.cs b/crypto/src/math/ec/rfc8032/Ed448.cs
index 0e56b12a8..c1c0788a7 100644
--- a/crypto/src/math/ec/rfc8032/Ed448.cs
+++ b/crypto/src/math/ec/rfc8032/Ed448.cs
@@ -971,8 +971,9 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032
                     uint w = 0;
                     for (int t = 0; t < PrecompTeeth; ++t)
                     {
-                        uint tBit = (n[tPos >> 5] >> (tPos & 0x1F)) & 1U;
-                        w |= tBit << t;
+                        uint tBit = n[tPos >> 5] >> (tPos & 0x1F);
+                        w &= ~(1U << t);
+                        w ^= (tBit << t);
                         tPos += PrecompSpacing;
                     }
author	Peter Dettman <peter.dettman@bouncycastle.org>	2018-09-14 18:04:22 +0700
committer	Peter Dettman <peter.dettman@bouncycastle.org>	2018-09-14 18:04:22 +0700
commit	d78d99738fc727f2efea7b99f6bc3cc9a083dca1 (patch)
tree	22e201dc65a14ad325ab7dddf6a4bb5ab7b47a03 /crypto/src/math/ec/rfc8032/Ed448.cs
parent	RFC 5958: Update PrivateKeyInfo (diff)
download	BouncyCastle.NET-ed25519-d78d99738fc727f2efea7b99f6bc3cc9a083dca1.tar.xz