summary refs log tree commit diff
path: root/crypto/src/math/ec/rfc8032/Ed448.cs
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2019-08-04 19:07:38 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2019-08-04 19:07:38 +0700
commit022f35026b1945d81c4750cf80626685148ceb35 (patch)
treec29aedda9f8e084270b879f9b166658d038b7eee /crypto/src/math/ec/rfc8032/Ed448.cs
parentImplement promotion for ECPoint precomputations (diff)
downloadBouncyCastle.NET-ed25519-022f35026b1945d81c4750cf80626685148ceb35.tar.xz
EdDSA refactoring
- tighten scalar bounds for wNAF
- provide CMov in field classes
- fix spelling of Straus
Diffstat (limited to 'crypto/src/math/ec/rfc8032/Ed448.cs')
-rw-r--r--crypto/src/math/ec/rfc8032/Ed448.cs22
1 files changed, 8 insertions, 14 deletions
diff --git a/crypto/src/math/ec/rfc8032/Ed448.cs b/crypto/src/math/ec/rfc8032/Ed448.cs
index 597062269..842839396 100644
--- a/crypto/src/math/ec/rfc8032/Ed448.cs
+++ b/crypto/src/math/ec/rfc8032/Ed448.cs
@@ -279,7 +279,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032
 
         private static sbyte[] GetWnaf(uint[] n, int width)
         {
-            Debug.Assert(n[ScalarUints - 1] >> 31 == 0U);
+            Debug.Assert(n[ScalarUints - 1] >> 30 == 0U);
 
             uint[] t = new uint[ScalarUints * 2];
             {
@@ -293,7 +293,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032
                 }
             }
 
-            sbyte[] ws = new sbyte[448];
+            sbyte[] ws = new sbyte[447];
 
             uint pow2 = 1U << width;
             uint mask = pow2 - 1U;
@@ -432,7 +432,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032
             DecodeScalar(k, 0, nA);
 
             PointExt pR = new PointExt();
-            ScalarMultStraussVar(nS, nA, pA, pR);
+            ScalarMultStrausVar(nS, nA, pA, pR);
 
             byte[] check = new byte[PointBytes];
             EncodePoint(pR, check, 0);
@@ -568,9 +568,9 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032
 
             for (int i = 0; i < PrecompPoints; ++i)
             {
-                int mask = ((i ^ index) - 1) >> 31;
-                Nat.CMov(X448Field.Size, mask, precompBase, off, p.x, 0);   off += X448Field.Size;
-                Nat.CMov(X448Field.Size, mask, precompBase, off, p.y, 0);   off += X448Field.Size;
+                int cond = ((i ^ index) - 1) >> 31;
+                X448Field.CMov(cond, precompBase, off, p.x, 0);     off += X448Field.Size;
+                X448Field.CMov(cond, precompBase, off, p.y, 0);     off += X448Field.Size;
             }
         }
 
@@ -1032,7 +1032,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032
             X448Field.Copy(p.y, 0, y, 0);
         }
 
-        private static void ScalarMultStraussVar(uint[] nb, uint[] np, PointExt p, PointExt r)
+        private static void ScalarMultStrausVar(uint[] nb, uint[] np, PointExt p, PointExt r)
         {
             Precompute();
 
@@ -1045,13 +1045,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032
 
             PointSetNeutral(r);
 
-            int bit = 447;
-            while (bit > 0 && ((byte)ws_b[bit] | (byte)ws_p[bit]) == 0)
-            {
-                --bit;
-            }
-
-            for (;;)
+            for (int bit = 446;;)
             {
                 int wb = ws_b[bit];
                 if (wb != 0)