Use Edwards internals for X25519/X448 public key calculations

author: Peter Dettman <peter.dettman@bouncycastle.org> 2018-10-22 12:56:21 +0700
committer: Peter Dettman <peter.dettman@bouncycastle.org> 2018-10-22 12:56:21 +0700
commit: fbc6fd1202d1861d78babb48a374850a15f875b3 (patch)
tree: f3837f6b39c8e260ed685b9c5a7888f76260fb84 /crypto/src/math/ec/rfc8032
parent: Add GeneratePublicKey method for completeness (diff)
download: BouncyCastle.NET-ed25519-fbc6fd1202d1861d78babb48a374850a15f875b3.tar.xz
2 files changed, 24 insertions, 2 deletions
diff --git a/crypto/src/math/ec/rfc8032/Ed25519.cs b/crypto/src/math/ec/rfc8032/Ed25519.cs
index b77853f30..6dc52a865 100644
--- a/crypto/src/math/ec/rfc8032/Ed25519.cs
+++ b/crypto/src/math/ec/rfc8032/Ed25519.cs
@@ -934,6 +934,17 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032
             EncodePoint(p, r, rOff);
         }
 
+        internal static void ScalarMultBaseYZ(byte[] k, int kOff, int[] y, int[] z)
+        {
+            byte[] n = new byte[ScalarBytes];
+            PruneScalar(k, kOff, n);
+
+            PointAccum p = new PointAccum();
+            ScalarMultBase(n, p);
+            X25519Field.Copy(p.y, 0, y, 0);
+            X25519Field.Copy(p.z, 0, z, 0);
+        }
+
         private static void ScalarMultStraussVar(uint[] nb, uint[] np, PointExt p, PointAccum r)
         {
             Precompute();
diff --git a/crypto/src/math/ec/rfc8032/Ed448.cs b/crypto/src/math/ec/rfc8032/Ed448.cs
index 38bdee83e..774052082 100644
--- a/crypto/src/math/ec/rfc8032/Ed448.cs
+++ b/crypto/src/math/ec/rfc8032/Ed448.cs
@@ -676,11 +676,11 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032
 
         private static void PruneScalar(byte[] n, int nOff, byte[] r)
         {
-            Array.Copy(n, nOff, r, 0, ScalarBytes);
+            Array.Copy(n, nOff, r, 0, ScalarBytes - 1);
 
             r[0] &= 0xFC;
             r[ScalarBytes - 2] |= 0x80;
-            r[ScalarBytes - 1] &= 0x00;
+            r[ScalarBytes - 1]  = 0x00;
         }
 
         private static byte[] ReduceScalar(byte[] n)
@@ -1021,6 +1021,17 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032
             EncodePoint(p, r, rOff);
         }
 
+        internal static void ScalarMultBaseXY(byte[] k, int kOff, uint[] x, uint[] y)
+        {
+            byte[] n = new byte[ScalarBytes];
+            PruneScalar(k, kOff, n);
+
+            PointExt p = new PointExt();
+            ScalarMultBase(n, p);
+            X448Field.Copy(p.x, 0, x, 0);
+            X448Field.Copy(p.y, 0, y, 0);
+        }
+
         private static void ScalarMultStraussVar(uint[] nb, uint[] np, PointExt p, PointExt r)
         {
             Precompute();
author	Peter Dettman <peter.dettman@bouncycastle.org>	2018-10-22 12:56:21 +0700
committer	Peter Dettman <peter.dettman@bouncycastle.org>	2018-10-22 12:56:21 +0700
commit	fbc6fd1202d1861d78babb48a374850a15f875b3 (patch)
tree	f3837f6b39c8e260ed685b9c5a7888f76260fb84 /crypto/src/math/ec/rfc8032
parent	Add GeneratePublicKey method for completeness (diff)
download	BouncyCastle.NET-ed25519-fbc6fd1202d1861d78babb48a374850a15f875b3.tar.xz