diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2020-01-30 18:56:56 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2020-01-30 18:56:56 +0700 |
| commit | 29608e519f8e5a364a2cd9ab7915bc0614bcc326 (patch) | |
| tree | 2b88453cdfc2d7657066d7fdadbee89be5309454 /crypto/src/math | |
| parent | Improve ChaCha20Poly1305 tests (diff) | |
| download | BouncyCastle.NET-ed25519-29608e519f8e5a364a2cd9ab7915bc0614bcc326.tar.xz | |
Port of X25519/X448 field updates from bc-java
Diffstat (limited to 'crypto/src/math')
| -rw-r--r-- | crypto/src/math/ec/rfc7748/X25519Field.cs | 37 | ||||
| -rw-r--r-- | crypto/src/math/ec/rfc7748/X448Field.cs | 27 |
2 files changed, 39 insertions, 25 deletions
diff --git a/crypto/src/math/ec/rfc7748/X25519Field.cs b/crypto/src/math/ec/rfc7748/X25519Field.cs index 3a06941dd..6843e274a 100644 --- a/crypto/src/math/ec/rfc7748/X25519Field.cs +++ b/crypto/src/math/ec/rfc7748/X25519Field.cs @@ -49,6 +49,11 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748 int z0 = z[0], z1 = z[1], z2 = z[2], z3 = z[3], z4 = z[4]; int z5 = z[5], z6 = z[6], z7 = z[7], z8 = z[8], z9 = z[9]; + z2 += (z1 >> 26); z1 &= M26; + z4 += (z3 >> 26); z3 &= M26; + z7 += (z6 >> 26); z6 &= M26; + z9 += (z8 >> 26); z8 &= M26; + z3 += (z2 >> 25); z2 &= M25; z5 += (z4 >> 25); z4 &= M25; z8 += (z7 >> 25); z7 &= M25; @@ -439,22 +444,22 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748 Mul(t, x, rz); } - private static void Reduce(int[] z, int c) - { - int z9 = z[9], t = z9; - z9 = t & M24; t >>= 24; - t += c; - t *= 19; - t += z[0]; z[0] = t & M26; t >>= 26; - t += z[1]; z[1] = t & M26; t >>= 26; - t += z[2]; z[2] = t & M25; t >>= 25; - t += z[3]; z[3] = t & M26; t >>= 26; - t += z[4]; z[4] = t & M25; t >>= 25; - t += z[5]; z[5] = t & M26; t >>= 26; - t += z[6]; z[6] = t & M26; t >>= 26; - t += z[7]; z[7] = t & M25; t >>= 25; - t += z[8]; z[8] = t & M26; t >>= 26; - t += z9; z[9] = t; + private static void Reduce(int[] z, int x) + { + int t = z[9], z9 = t & M24; + t = (t >> 24) + x; + + long cc = t * 19; + cc += z[0]; z[0] = (int)cc & M26; cc >>= 26; + cc += z[1]; z[1] = (int)cc & M26; cc >>= 26; + cc += z[2]; z[2] = (int)cc & M25; cc >>= 25; + cc += z[3]; z[3] = (int)cc & M26; cc >>= 26; + cc += z[4]; z[4] = (int)cc & M25; cc >>= 25; + cc += z[5]; z[5] = (int)cc & M26; cc >>= 26; + cc += z[6]; z[6] = (int)cc & M26; cc >>= 26; + cc += z[7]; z[7] = (int)cc & M25; cc >>= 25; + cc += z[8]; z[8] = (int)cc & M26; cc >>= 26; + z[9] = z9 + (int)cc; } public static void Sqr(int[] x, int[] z) diff --git a/crypto/src/math/ec/rfc7748/X448Field.cs b/crypto/src/math/ec/rfc7748/X448Field.cs index 14c9b4879..240518cde 100644 --- a/crypto/src/math/ec/rfc7748/X448Field.cs +++ b/crypto/src/math/ec/rfc7748/X448Field.cs @@ -45,6 +45,11 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748 uint z0 = z[0], z1 = z[1], z2 = z[2], z3 = z[3], z4 = z[4], z5 = z[5], z6 = z[6], z7 = z[7]; uint z8 = z[8], z9 = z[9], z10 = z[10], z11 = z[11], z12 = z[12], z13 = z[13], z14 = z[14], z15 = z[15]; + z1 += (z0 >> 28); z0 &= M28; + z5 += (z4 >> 28); z4 &= M28; + z9 += (z8 >> 28); z8 &= M28; + z13 += (z12 >> 28); z12 &= M28; + z2 += (z1 >> 28); z1 &= M28; z6 += (z5 >> 28); z5 &= M28; z10 += (z9 >> 28); z9 &= M28; @@ -647,18 +652,22 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748 Mul(t, x222, z); } - private static void Reduce(uint[] z, int c) + private static void Reduce(uint[] z, int x) { - uint z15 = z[15]; - long t = z15; - z15 &= M28; - t = (t >> 28) + c; - z[8] += (uint)t; - for (int i = 0; i < 15; ++i) + uint u = z[15], z15 = u & M28; + int t = (int)(u >> 28) + x; + + long cc = t; + for (int i = 0; i < 8; ++i) + { + cc += z[i]; z[i] = (uint)cc & M28; cc >>= 28; + } + cc += t; + for (int i = 8; i < 15; ++i) { - t += z[i]; z[i] = (uint)t & M28; t >>= 28; + cc += z[i]; z[i] = (uint)cc & M28; cc >>= 28; } - z[15] = z15 + (uint)t; + z[15] = z15 + (uint)cc; } public static void Sqr(uint[] x, uint[] z) |