diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2018-10-09 15:12:47 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2018-10-09 15:12:47 +0700 |
| commit | e8d418e901ed82a5b9b58c6fb4a85787b995c363 (patch) | |
| tree | d840f6319134544d0617f10896109d5be2a679f9 /crypto/src/math | |
| parent | Merge branch 'fedelippo-comment' (diff) | |
| download | BouncyCastle.NET-ed25519-e8d418e901ed82a5b9b58c6fb4a85787b995c363.tar.xz | |
Replace MethodImpl with lock
Diffstat (limited to 'crypto/src/math')
| -rw-r--r-- | crypto/src/math/ec/rfc7748/X25519.cs | 80 | ||||
| -rw-r--r-- | crypto/src/math/ec/rfc7748/X448.cs | 88 | ||||
| -rw-r--r-- | crypto/src/math/ec/rfc8032/Ed25519.cs | 132 | ||||
| -rw-r--r-- | crypto/src/math/ec/rfc8032/Ed448.cs | 118 |
4 files changed, 213 insertions, 205 deletions
diff --git a/crypto/src/math/ec/rfc7748/X25519.cs b/crypto/src/math/ec/rfc7748/X25519.cs index 6b6acdecd..d8db2527a 100644 --- a/crypto/src/math/ec/rfc7748/X25519.cs +++ b/crypto/src/math/ec/rfc7748/X25519.cs @@ -1,6 +1,5 @@ using System; using System.Diagnostics; -using System.Runtime.CompilerServices; using Org.BouncyCastle.Utilities; @@ -21,6 +20,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748 private static readonly int[] PsubS_x = { 0x03D48290, 0x02C7804D, 0x01207816, 0x028F5A68, 0x00881ED4, 0x00A2B71D, 0x0217D1B7, 0x014CB523, 0x0088EC1A, 0x0042A264 }; + private static readonly object precompLock = new object(); private static int[] precompBase = null; public static bool CalculateAgreement(byte[] k, int kOff, byte[] u, int uOff, byte[] r, int rOff) @@ -65,63 +65,65 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748 X25519Field.Mul(z, A, z); } - [MethodImpl(MethodImplOptions.Synchronized)] public static void Precompute() { - if (precompBase != null) - return; + lock (precompLock) + { + if (precompBase != null) + return; - precompBase = new int[X25519Field.Size * 252]; + precompBase = new int[X25519Field.Size * 252]; - int[] xs = precompBase; - int[] zs = new int[X25519Field.Size * 251]; + int[] xs = precompBase; + int[] zs = new int[X25519Field.Size * 251]; - int[] x = X25519Field.Create(); x[0] = 9; - int[] z = X25519Field.Create(); z[0] = 1; + int[] x = X25519Field.Create(); x[0] = 9; + int[] z = X25519Field.Create(); z[0] = 1; - int[] n = X25519Field.Create(); - int[] d = X25519Field.Create(); + int[] n = X25519Field.Create(); + int[] d = X25519Field.Create(); - X25519Field.Apm(x, z, n, d); + X25519Field.Apm(x, z, n, d); - int[] c = X25519Field.Create(); X25519Field.Copy(d, 0, c, 0); + int[] c = X25519Field.Create(); X25519Field.Copy(d, 0, c, 0); - int off = 0; - for (;;) - { - X25519Field.Copy(n, 0, xs, off); + int off = 0; + for (; ; ) + { + X25519Field.Copy(n, 0, xs, off); - if (off == (X25519Field.Size * 251)) - break; + if (off == (X25519Field.Size * 251)) + break; - PointDouble(x, z); + PointDouble(x, z); - X25519Field.Apm(x, z, n, d); - X25519Field.Mul(n, c, n); - X25519Field.Mul(c, d, c); + X25519Field.Apm(x, z, n, d); + X25519Field.Mul(n, c, n); + X25519Field.Mul(c, d, c); - X25519Field.Copy(d, 0, zs, off); + X25519Field.Copy(d, 0, zs, off); - off += X25519Field.Size; - } + off += X25519Field.Size; + } - int[] u = X25519Field.Create(); - X25519Field.Inv(c, u); + int[] u = X25519Field.Create(); + X25519Field.Inv(c, u); - for (;;) - { - X25519Field.Copy(xs, off, x, 0); + for (; ; ) + { + X25519Field.Copy(xs, off, x, 0); - X25519Field.Mul(x, u, x); - //X25519Field.Normalize(x); - X25519Field.Copy(x, 0, precompBase, off); + X25519Field.Mul(x, u, x); + //X25519Field.Normalize(x); + X25519Field.Copy(x, 0, precompBase, off); - if (off == 0) - break; + if (off == 0) + break; - off -= X25519Field.Size; - X25519Field.Copy(zs, off, z, 0); - X25519Field.Mul(u, z, u); + off -= X25519Field.Size; + X25519Field.Copy(zs, off, z, 0); + X25519Field.Mul(u, z, u); + } } } diff --git a/crypto/src/math/ec/rfc7748/X448.cs b/crypto/src/math/ec/rfc7748/X448.cs index b93cb24c5..63d34d1cf 100644 --- a/crypto/src/math/ec/rfc7748/X448.cs +++ b/crypto/src/math/ec/rfc7748/X448.cs @@ -1,6 +1,5 @@ using System; using System.Diagnostics; -using System.Runtime.CompilerServices; using Org.BouncyCastle.Utilities; @@ -24,6 +23,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748 0x0643ACE1U, 0x03F1BD65U, 0x084C1F82U, 0x0954459DU, 0x081B9672U, 0x0DD1031CU, 0x0EB7BDACU, 0x03881AFFU, 0x0423ACF0U, 0x05013244U, 0x0F0FAB72U }; + private static readonly object precompLock = new object(); private static uint[] precompBase = null; public static bool CalculateAgreement(byte[] k, int kOff, byte[] u, int uOff, byte[] r, int rOff) @@ -69,67 +69,69 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748 X448Field.Mul(z, A, z); } - [MethodImpl(MethodImplOptions.Synchronized)] public static void Precompute() { - if (precompBase != null) - return; + lock (precompLock) + { + if (precompBase != null) + return; - precompBase = new uint[X448Field.Size * 446]; + precompBase = new uint[X448Field.Size * 446]; - uint[] xs = precompBase; - uint[] zs = new uint[X448Field.Size * 445]; + uint[] xs = precompBase; + uint[] zs = new uint[X448Field.Size * 445]; - uint[] x = X448Field.Create(); x[0] = 5; - uint[] z = X448Field.Create(); z[0] = 1; + uint[] x = X448Field.Create(); x[0] = 5; + uint[] z = X448Field.Create(); z[0] = 1; - uint[] n = X448Field.Create(); - uint[] d = X448Field.Create(); + uint[] n = X448Field.Create(); + uint[] d = X448Field.Create(); - //X448Field.Apm(x, z, n, d); - X448Field.Add(x, z, n); - X448Field.Sub(x, z, d); + //X448Field.Apm(x, z, n, d); + X448Field.Add(x, z, n); + X448Field.Sub(x, z, d); - uint[] c = X448Field.Create(); X448Field.Copy(d, 0, c, 0); + uint[] c = X448Field.Create(); X448Field.Copy(d, 0, c, 0); - int off = 0; - for (;;) - { - X448Field.Copy(n, 0, xs, off); + int off = 0; + for (;;) + { + X448Field.Copy(n, 0, xs, off); - if (off == (X448Field.Size * 445)) - break; + if (off == (X448Field.Size * 445)) + break; - PointDouble(x, z); + PointDouble(x, z); - //X448Field.Apm(x, z, n, d); - X448Field.Add(x, z, n); - X448Field.Sub(x, z, d); - X448Field.Mul(n, c, n); - X448Field.Mul(c, d, c); + //X448Field.Apm(x, z, n, d); + X448Field.Add(x, z, n); + X448Field.Sub(x, z, d); + X448Field.Mul(n, c, n); + X448Field.Mul(c, d, c); - X448Field.Copy(d, 0, zs, off); + X448Field.Copy(d, 0, zs, off); - off += X448Field.Size; - } + off += X448Field.Size; + } - uint[] u = X448Field.Create(); - X448Field.Inv(c, u); + uint[] u = X448Field.Create(); + X448Field.Inv(c, u); - for (;;) - { - X448Field.Copy(xs, off, x, 0); + for (;;) + { + X448Field.Copy(xs, off, x, 0); - X448Field.Mul(x, u, x); - //X448Field.Normalize(x); - X448Field.Copy(x, 0, precompBase, off); + X448Field.Mul(x, u, x); + //X448Field.Normalize(x); + X448Field.Copy(x, 0, precompBase, off); - if (off == 0) - break; + if (off == 0) + break; - off -= X448Field.Size; - X448Field.Copy(zs, off, z, 0); - X448Field.Mul(u, z, u); + off -= X448Field.Size; + X448Field.Copy(zs, off, z, 0); + X448Field.Mul(u, z, u); + } } } diff --git a/crypto/src/math/ec/rfc8032/Ed25519.cs b/crypto/src/math/ec/rfc8032/Ed25519.cs index f9ba1ff97..403f11f50 100644 --- a/crypto/src/math/ec/rfc8032/Ed25519.cs +++ b/crypto/src/math/ec/rfc8032/Ed25519.cs @@ -1,6 +1,5 @@ using System; using System.Diagnostics; -using System.Runtime.CompilerServices; using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Crypto.Digests; @@ -61,6 +60,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 private const int PrecompPoints = 1 << (PrecompTeeth - 1); private const int PrecompMask = PrecompPoints - 1; + private static readonly object precompLock = new object(); // TODO[ed25519] Convert to PointPrecomp private static PointExt[] precompBaseTable = null; private static int[] precompBase = null; @@ -631,98 +631,100 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 X25519Field.Zero(p.t); } - [MethodImpl(MethodImplOptions.Synchronized)] public static void Precompute() { - if (precompBase != null) - return; - - // Precomputed table for the base point in verification ladder + lock (precompLock) { - PointExt b = new PointExt(); - X25519Field.Copy(B_x, 0, b.x, 0); - X25519Field.Copy(B_y, 0, b.y, 0); - PointExtendXY(b); - - precompBaseTable = PointPrecompVar(b, 1 << (WnafWidthBase - 2)); - } + if (precompBase != null) + return; - PointAccum p = new PointAccum(); - X25519Field.Copy(B_x, 0, p.x, 0); - X25519Field.Copy(B_y, 0, p.y, 0); - PointExtendXY(p); + // Precomputed table for the base point in verification ladder + { + PointExt b = new PointExt(); + X25519Field.Copy(B_x, 0, b.x, 0); + X25519Field.Copy(B_y, 0, b.y, 0); + PointExtendXY(b); - precompBase = new int[PrecompBlocks * PrecompPoints * 3 * X25519Field.Size]; + precompBaseTable = PointPrecompVar(b, 1 << (WnafWidthBase - 2)); + } - int off = 0; - for (int b = 0; b < PrecompBlocks; ++b) - { - PointExt[] ds = new PointExt[PrecompTeeth]; + PointAccum p = new PointAccum(); + X25519Field.Copy(B_x, 0, p.x, 0); + X25519Field.Copy(B_y, 0, p.y, 0); + PointExtendXY(p); - PointExt sum = new PointExt(); - PointSetNeutral(sum); + precompBase = new int[PrecompBlocks * PrecompPoints * 3 * X25519Field.Size]; - for (int t = 0; t < PrecompTeeth; ++t) + int off = 0; + for (int b = 0; b < PrecompBlocks; ++b) { - PointExt q = PointCopy(p); - PointAddVar(true, sum, q, sum); - PointDouble(p); + PointExt[] ds = new PointExt[PrecompTeeth]; - ds[t] = PointCopy(p); + PointExt sum = new PointExt(); + PointSetNeutral(sum); - if (b + t != PrecompBlocks + PrecompTeeth - 2) + for (int t = 0; t < PrecompTeeth; ++t) { - for (int s = 1; s < PrecompSpacing; ++s) + PointExt q = PointCopy(p); + PointAddVar(true, sum, q, sum); + PointDouble(p); + + ds[t] = PointCopy(p); + + if (b + t != PrecompBlocks + PrecompTeeth - 2) { - PointDouble(p); + for (int s = 1; s < PrecompSpacing; ++s) + { + PointDouble(p); + } } } - } - PointExt[] points = new PointExt[PrecompPoints]; - int k = 0; - points[k++] = sum; + PointExt[] points = new PointExt[PrecompPoints]; + int k = 0; + points[k++] = sum; - for (int t = 0; t < (PrecompTeeth - 1); ++t) - { - int size = 1 << t; - for (int j = 0; j < size; ++j, ++k) + for (int t = 0; t < (PrecompTeeth - 1); ++t) { - PointAddVar(false, points[k - size], ds[t], points[k] = new PointExt()); + int size = 1 << t; + for (int j = 0; j < size; ++j, ++k) + { + PointAddVar(false, points[k - size], ds[t], points[k] = new PointExt()); + } } - } - Debug.Assert(k == PrecompPoints); + Debug.Assert(k == PrecompPoints); - for (int i = 0; i < PrecompPoints; ++i) - { - PointExt q = points[i]; + for (int i = 0; i < PrecompPoints; ++i) + { + PointExt q = points[i]; - int[] x = X25519Field.Create(); - int[] y = X25519Field.Create(); + int[] x = X25519Field.Create(); + int[] y = X25519Field.Create(); - X25519Field.Add(q.z, q.z, x); - // TODO[ed25519] Batch inversion - X25519Field.Inv(x, y); - X25519Field.Mul(q.x, y, x); - X25519Field.Mul(q.y, y, y); + X25519Field.Add(q.z, q.z, x); + // TODO[ed25519] Batch inversion + X25519Field.Inv(x, y); + X25519Field.Mul(q.x, y, x); + X25519Field.Mul(q.y, y, y); - PointPrecomp r = new PointPrecomp(); - X25519Field.Apm(y, x, r.ypx_h, r.ymx_h); - X25519Field.Mul(x, y, r.xyd); - X25519Field.Mul(r.xyd, C_d4, r.xyd); + PointPrecomp r = new PointPrecomp(); + X25519Field.Apm(y, x, r.ypx_h, r.ymx_h); + X25519Field.Mul(x, y, r.xyd); + X25519Field.Mul(r.xyd, C_d4, r.xyd); - X25519Field.Normalize(r.ypx_h); - X25519Field.Normalize(r.ymx_h); - //X25519Field.Normalize(r.xyd); + X25519Field.Normalize(r.ypx_h); + X25519Field.Normalize(r.ymx_h); + //X25519Field.Normalize(r.xyd); - X25519Field.Copy(r.ypx_h, 0, precompBase, off); off += X25519Field.Size; - X25519Field.Copy(r.ymx_h, 0, precompBase, off); off += X25519Field.Size; - X25519Field.Copy(r.xyd, 0, precompBase, off); off += X25519Field.Size; + X25519Field.Copy(r.ypx_h, 0, precompBase, off); off += X25519Field.Size; + X25519Field.Copy(r.ymx_h, 0, precompBase, off); off += X25519Field.Size; + X25519Field.Copy(r.xyd, 0, precompBase, off); off += X25519Field.Size; + } } - } - Debug.Assert(off == precompBase.Length); + Debug.Assert(off == precompBase.Length); + } } private static void PruneScalar(byte[] n, int nOff, byte[] r) diff --git a/crypto/src/math/ec/rfc8032/Ed448.cs b/crypto/src/math/ec/rfc8032/Ed448.cs index a1f0e93b0..10ebe8f15 100644 --- a/crypto/src/math/ec/rfc8032/Ed448.cs +++ b/crypto/src/math/ec/rfc8032/Ed448.cs @@ -1,6 +1,5 @@ using System; using System.Diagnostics; -using System.Runtime.CompilerServices; using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Crypto.Digests; @@ -70,6 +69,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 private const int PrecompPoints = 1 << (PrecompTeeth - 1); private const int PrecompMask = PrecompPoints - 1; + private static readonly object precompLock = new object(); // TODO[ed448] Convert to PointPrecomp private static PointExt[] precompBaseTable = null; private static uint[] precompBase = null; @@ -463,12 +463,12 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 X448Field.Mul(p.y, r.y, D); X448Field.Mul(C, D, E); X448Field.Mul(E, -C_d, E); - // X448Field.Apm(B, E, F, G); + //X448Field.Apm(B, E, F, G); X448Field.Add(B, E, f); X448Field.Sub(B, E, g); X448Field.Add(r.x, r.y, E); X448Field.Mul(H, E, H); - // X448Field.Apm(D, C, B, E); + //X448Field.Apm(D, C, B, E); X448Field.Add(D, C, b); X448Field.Sub(D, C, e); X448Field.Carry(b); @@ -495,13 +495,13 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 X448Field.Mul(p.y, r.y, D); X448Field.Mul(C, D, E); X448Field.Mul(E, -C_d, E); - // X448Field.Apm(B, E, F, G); + //X448Field.Apm(B, E, F, G); X448Field.Add(B, E, F); X448Field.Sub(B, E, G); X448Field.Add(p.x, p.y, B); X448Field.Add(r.x, r.y, E); X448Field.Mul(B, E, H); - // X448Field.Apm(D, C, B, E); + //X448Field.Apm(D, C, B, E); X448Field.Add(D, C, B); X448Field.Sub(D, C, E); X448Field.Carry(B); @@ -592,78 +592,80 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 X448Field.One(p.z); } - [MethodImpl(MethodImplOptions.Synchronized)] public static void Precompute() { - if (precompBase != null) - return; - - PointExt p = new PointExt(); - X448Field.Copy(B_x, 0, p.x, 0); - X448Field.Copy(B_y, 0, p.y, 0); - PointExtendXY(p); - - precompBaseTable = PointPrecompVar(p, 1 << (WnafWidthBase - 2)); + lock (precompLock) + { + if (precompBase != null) + return; - precompBase = new uint[PrecompBlocks * PrecompPoints * 2 * X448Field.Size]; + PointExt p = new PointExt(); + X448Field.Copy(B_x, 0, p.x, 0); + X448Field.Copy(B_y, 0, p.y, 0); + PointExtendXY(p); - int off = 0; - for (int b = 0; b < PrecompBlocks; ++b) - { - PointExt[] ds = new PointExt[PrecompTeeth]; + precompBaseTable = PointPrecompVar(p, 1 << (WnafWidthBase - 2)); - PointExt sum = new PointExt(); - PointSetNeutral(sum); + precompBase = new uint[PrecompBlocks * PrecompPoints * 2 * X448Field.Size]; - for (int t = 0; t < PrecompTeeth; ++t) + int off = 0; + for (int b = 0; b < PrecompBlocks; ++b) { - PointAddVar(true, p, sum); - PointDouble(p); + PointExt[] ds = new PointExt[PrecompTeeth]; - ds[t] = PointCopy(p); + PointExt sum = new PointExt(); + PointSetNeutral(sum); - if (b + t != PrecompBlocks + PrecompTeeth - 2) + for (int t = 0; t < PrecompTeeth; ++t) { - for (int s = 1; s < PrecompSpacing; ++s) + PointAddVar(true, p, sum); + PointDouble(p); + + ds[t] = PointCopy(p); + + if (b + t != PrecompBlocks + PrecompTeeth - 2) { - PointDouble(p); + for (int s = 1; s < PrecompSpacing; ++s) + { + PointDouble(p); + } } } - } - PointExt[] points = new PointExt[PrecompPoints]; - int k = 0; - points[k++] = sum; + PointExt[] points = new PointExt[PrecompPoints]; + int k = 0; + points[k++] = sum; - for (int t = 0; t < (PrecompTeeth - 1); ++t) - { - int size = 1 << t; - for (int j = 0; j < size; ++j, ++k) + for (int t = 0; t < (PrecompTeeth - 1); ++t) { - points[k] = PointCopy(points[k - size]); - PointAddVar(false, ds[t], points[k]); + int size = 1 << t; + for (int j = 0; j < size; ++j, ++k) + { + points[k] = PointCopy(points[k - size]); + PointAddVar(false, ds[t], points[k]); + } } - } - Debug.Assert(k == PrecompPoints); + Debug.Assert(k == PrecompPoints); - for (int i = 0; i < PrecompPoints; ++i) - { - PointExt q = points[i]; - // TODO[ed448] Batch inversion - X448Field.Inv(q.z, q.z); - X448Field.Mul(q.x, q.z, q.x); - X448Field.Mul(q.y, q.z, q.y); + for (int i = 0; i < PrecompPoints; ++i) + { + PointExt q = points[i]; + // TODO[ed448] Batch inversion + X448Field.Inv(q.z, q.z); + X448Field.Mul(q.x, q.z, q.x); + X448Field.Mul(q.y, q.z, q.y); - // X448Field.Normalize(q.x); - // X448Field.Normalize(q.y); + //X448Field.Normalize(q.x); + //X448Field.Normalize(q.y); - X448Field.Copy(q.x, 0, precompBase, off); off += X448Field.Size; - X448Field.Copy(q.y, 0, precompBase, off); off += X448Field.Size; + X448Field.Copy(q.x, 0, precompBase, off); off += X448Field.Size; + X448Field.Copy(q.y, 0, precompBase, off); off += X448Field.Size; + } } - } - Debug.Assert(off == precompBase.Length); + Debug.Assert(off == precompBase.Length); + } } private static void PruneScalar(byte[] n, int nOff, byte[] r) @@ -731,7 +733,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 x21 += x31 * L4_6; // x21:55/53 x22 += x31 * L4_7; // x22:57/53 - // x30 += (x29 >> 28); x29 &= M28UL; + //x30 += (x29 >> 28); x29 &= M28UL; x14 += x30 * L4_0; // x14:54/-- x15 += x30 * L4_1; // x15:54/53 x16 += x30 * L4_2; // x16:56/-- @@ -751,7 +753,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 x19 += x29 * L4_6; // x19:57/52 x20 += x29 * L4_7; // x20:58/52 - // x28 += (x27 >> 28); x27 &= M28UL; + //x28 += (x27 >> 28); x27 &= M28UL; x12 += x28 * L4_0; // x12:54/-- x13 += x28 * L4_1; // x13:54/53 x14 += x28 * L4_2; // x14:56/-- @@ -771,7 +773,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 x17 += x27 * L4_6; // x17:58/56 x18 += x27 * L4_7; // x18:59/-- - // x26 += (x25 >> 28); x25 &= M28UL; + //x26 += (x25 >> 28); x25 &= M28UL; x10 += x26 * L4_0; // x10:54/-- x11 += x26 * L4_1; // x11:54/53 x12 += x26 * L4_2; // x12:56/-- @@ -948,7 +950,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 Encode56(x10 | (x11 << 28), r, 35); Encode56(x12 | (x13 << 28), r, 42); Encode56(x14 | (x15 << 28), r, 49); - // r[ScalarBytes - 1] = 0; + //r[ScalarBytes - 1] = 0; return r; } |