diff --git a/crypto/src/crypto/ec/CustomNamedCurves.cs b/crypto/src/crypto/ec/CustomNamedCurves.cs
index 7d6b00339..a4b21ab3d 100644
--- a/crypto/src/crypto/ec/CustomNamedCurves.cs
+++ b/crypto/src/crypto/ec/CustomNamedCurves.cs
@@ -156,6 +156,27 @@ namespace Org.BouncyCastle.Crypto.EC
}
/*
+ * secp384r1
+ */
+ internal class Secp384r1Holder
+ : X9ECParametersHolder
+ {
+ private Secp384r1Holder() { }
+
+ internal static readonly X9ECParametersHolder Instance = new Secp384r1Holder();
+
+ protected override X9ECParameters CreateParameters()
+ {
+ byte[] S = Hex.Decode("A335926AA319A27A1D00896A6773A4827ACDAC73");
+ ECCurve curve = ConfigureCurve(new SecP384R1Curve());
+ ECPoint G = curve.DecodePoint(Hex.Decode("04"
+ + "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7"
+ + "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F"));
+ return new X9ECParameters(curve, G, curve.Order, curve.Cofactor, S);
+ }
+ }
+
+ /*
* secp521r1
*/
internal class Secp521r1Holder
@@ -195,11 +216,13 @@ namespace Org.BouncyCastle.Crypto.EC
DefineCurve("secp224r1", SecObjectIdentifiers.SecP224r1, Secp224r1Holder.Instance);
DefineCurve("secp256k1", SecObjectIdentifiers.SecP256k1, Secp256k1Holder.Instance);
DefineCurve("secp256r1", SecObjectIdentifiers.SecP256r1, Secp256r1Holder.Instance);
+ DefineCurve("secp384r1", SecObjectIdentifiers.SecP384r1, Secp384r1Holder.Instance);
DefineCurve("secp521r1", SecObjectIdentifiers.SecP521r1, Secp521r1Holder.Instance);
objIds.Add(Platform.ToLowerInvariant("P-192"), SecObjectIdentifiers.SecP192r1);
objIds.Add(Platform.ToLowerInvariant("P-224"), SecObjectIdentifiers.SecP224r1);
objIds.Add(Platform.ToLowerInvariant("P-256"), SecObjectIdentifiers.SecP256r1);
+ objIds.Add(Platform.ToLowerInvariant("P-384"), SecObjectIdentifiers.SecP384r1);
objIds.Add(Platform.ToLowerInvariant("P-521"), SecObjectIdentifiers.SecP521r1);
}
diff --git a/crypto/src/math/ec/custom/sec/Nat384.cs b/crypto/src/math/ec/custom/sec/Nat384.cs
new file mode 100644
index 000000000..273ee2d65
--- /dev/null
+++ b/crypto/src/math/ec/custom/sec/Nat384.cs
@@ -0,0 +1,46 @@
+using System;
+using System.Diagnostics;
+
+namespace Org.BouncyCastle.Math.EC.Custom.Sec
+{
+ internal abstract class Nat384
+ {
+ public static void Mul(uint[] x, uint[] y, uint[] zz)
+ {
+ Nat192.Mul(x, y, zz);
+ Nat192.Mul(x, 6, y, 6, zz, 12);
+
+ uint c18 = Nat192.AddToEachOther(zz, 6, zz, 12);
+ uint c12 = c18 + Nat192.AddTo(zz, 0, zz, 6, 0);
+ c18 += Nat192.AddTo(zz, 18, zz, 12, c12);
+
+ uint[] dx = Nat192.Create(), dy = Nat192.Create();
+ bool neg = Nat192.Diff(x, 6, x, 0, dx, 0) != Nat192.Diff(y, 6, y, 0, dy, 0);
+
+ uint[] tt = Nat192.CreateExt();
+ Nat192.Mul(dx, dy, tt);
+
+ c18 += neg ? Nat.AddTo(12, tt, 0, zz, 6) : (uint)Nat.SubFrom(12, tt, 0, zz, 6);
+ Nat.AddWordExt(12, c18, zz, 18);
+ }
+
+ public static void Square(uint[] x, uint[] zz)
+ {
+ Nat192.Square(x, zz);
+ Nat192.Square(x, 6, zz, 12);
+
+ uint c18 = Nat192.AddToEachOther(zz, 6, zz, 12);
+ uint c12 = c18 + Nat192.AddTo(zz, 0, zz, 6, 0);
+ c18 += Nat192.AddTo(zz, 18, zz, 12, c12);
+
+ uint[] dx = Nat192.Create();
+ Nat192.Diff(x, 6, x, 0, dx, 0);
+
+ uint[] m = Nat192.CreateExt();
+ Nat192.Square(dx, m);
+
+ c18 += (uint)Nat.SubFrom(12, m, 0, zz, 6);
+ Nat.AddWordExt(12, c18, zz, 18);
+ }
+ }
+}
diff --git a/crypto/src/math/ec/custom/sec/SecP384R1Curve.cs b/crypto/src/math/ec/custom/sec/SecP384R1Curve.cs
new file mode 100644
index 000000000..9366232c6
--- /dev/null
+++ b/crypto/src/math/ec/custom/sec/SecP384R1Curve.cs
@@ -0,0 +1,95 @@
+using System;
+
+using Org.BouncyCastle.Math.Field;
+using Org.BouncyCastle.Utilities.Encoders;
+
+namespace Org.BouncyCastle.Math.EC.Custom.Sec
+{
+ internal class SecP384R1Curve
+ : ECCurve
+ {
+ public static readonly BigInteger q = new BigInteger(1,
+ Hex.Decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF"));
+
+ private const int SecP384R1_DEFAULT_COORDS = COORD_JACOBIAN;
+
+ protected readonly SecP384R1Point m_infinity;
+
+ public SecP384R1Curve()
+ : base(FiniteFields.GetPrimeField(q))
+ {
+ this.m_infinity = new SecP384R1Point(this, null, null);
+
+ this.m_a = FromBigInteger(new BigInteger(1,
+ Hex.Decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC")));
+ this.m_b = FromBigInteger(new BigInteger(1,
+ Hex.Decode("B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF")));
+ this.m_order = new BigInteger(1, Hex.Decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973"));
+ this.m_cofactor = BigInteger.One;
+ this.m_coord = SecP384R1_DEFAULT_COORDS;
+ }
+
+ protected override ECCurve CloneCurve()
+ {
+ return new SecP384R1Curve();
+ }
+
+ public override bool SupportsCoordinateSystem(int coord)
+ {
+ switch (coord)
+ {
+ case COORD_JACOBIAN:
+ return true;
+ default:
+ return false;
+ }
+ }
+
+ public virtual BigInteger Q
+ {
+ get { return q; }
+ }
+
+ public override ECPoint Infinity
+ {
+ get { return m_infinity; }
+ }
+
+ public override int FieldSize
+ {
+ get { return q.BitLength; }
+ }
+
+ public override ECFieldElement FromBigInteger(BigInteger x)
+ {
+ return new SecP384R1FieldElement(x);
+ }
+
+ protected internal override ECPoint CreateRawPoint(ECFieldElement x, ECFieldElement y, bool withCompression)
+ {
+ return new SecP384R1Point(this, x, y, withCompression);
+ }
+
+ protected override ECPoint DecompressPoint(int yTilde, BigInteger X1)
+ {
+ ECFieldElement x = FromBigInteger(X1);
+ ECFieldElement alpha = x.Square().Add(A).Multiply(x).Add(B);
+ ECFieldElement beta = alpha.Sqrt();
+
+ //
+ // if we can't find a sqrt we haven't got a point on the
+ // curve - run!
+ //
+ if (beta == null)
+ throw new ArithmeticException("Invalid point compression");
+
+ if (beta.TestBitZero() != (yTilde == 1))
+ {
+ // Use the other root
+ beta = beta.Negate();
+ }
+
+ return new SecP384R1Point(this, x, beta, true);
+ }
+ }
+}
diff --git a/crypto/src/math/ec/custom/sec/SecP384R1Field.cs b/crypto/src/math/ec/custom/sec/SecP384R1Field.cs
new file mode 100644
index 000000000..8f9094b5b
--- /dev/null
+++ b/crypto/src/math/ec/custom/sec/SecP384R1Field.cs
@@ -0,0 +1,227 @@
+using System;
+using System.Diagnostics;
+
+namespace Org.BouncyCastle.Math.EC.Custom.Sec
+{
+ internal class SecP384R1Field
+ {
+ // 2^384 - 2^128 - 2^96 + 2^32 - 1
+ internal static readonly uint[] P = new uint[]{ 0xFFFFFFFF, 0x00000000, 0x00000000, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF,
+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF };
+ private const uint P11 = 0xFFFFFFFF;
+ private static readonly uint[] PExt = new uint[]{ 0x00000001, 0xFFFFFFFE, 0x00000000, 0x00000002, 0x00000000, 0xFFFFFFFE,
+ 0x00000000, 0x00000002, 0x00000001, 0x00000000, 0x00000000, 0x00000000, 0xFFFFFFFE, 0x00000001, 0x00000000,
+ 0xFFFFFFFE, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF };
+ private const uint PExt23 = 0xFFFFFFFF;
+
+ public static void Add(uint[] x, uint[] y, uint[] z)
+ {
+ uint c = Nat.Add(12, x, y, z);
+ if (c != 0 || (z[11] == P11 && Nat.Gte(12, z, P)))
+ {
+ Nat.Sub(12, z, P, z);
+ }
+ }
+
+ public static void AddExt(uint[] xx, uint[] yy, uint[] zz)
+ {
+ uint c = Nat.Add(24, xx, yy, zz);
+ if (c != 0 || (zz[23] == PExt23 && Nat.Gte(24, zz, PExt)))
+ {
+ Nat.Sub(24, zz, PExt, zz);
+ }
+ }
+
+ public static void AddOne(uint[] x, uint[] z)
+ {
+ Nat.Copy(12, x, z);
+ uint c = Nat.Inc(12, z, 0);
+ if (c != 0 || (z[11] == P11 && Nat.Gte(12, z, P)))
+ {
+ Nat.Sub(12, z, P, z);
+ }
+ }
+
+ public static uint[] FromBigInteger(BigInteger x)
+ {
+ uint[] z = Nat.FromBigInteger(384, x);
+ if (z[11] == P11 && Nat.Gte(12, z, P))
+ {
+ Nat.Sub(12, z, P, z);
+ }
+ return z;
+ }
+
+ public static void Half(uint[] x, uint[] z)
+ {
+ if ((x[0] & 1) == 0)
+ {
+ Nat.ShiftDownBit(12, x, 0, z);
+ }
+ else
+ {
+ uint c = Nat.Add(12, x, P, z);
+ Nat.ShiftDownBit(12, z, c);
+ }
+ }
+
+ public static void Multiply(uint[] x, uint[] y, uint[] z)
+ {
+ uint[] tt = Nat.Create(24);
+ Nat384.Mul(x, y, tt);
+ Reduce(tt, z);
+ }
+
+ public static void Negate(uint[] x, uint[] z)
+ {
+ if (Nat.IsZero(12, x))
+ {
+ Nat.Zero(12, z);
+ }
+ else
+ {
+ Nat.Sub(12, P, x, z);
+ }
+ }
+
+ public static void Reduce(uint[] xx, uint[] z)
+ {
+ long xx12 = xx[12], xx13 = xx[13], xx14 = xx[14], xx15 = xx[15];
+ long xx16 = xx[16], xx17 = xx[17], xx18 = xx[18], xx19 = xx[19];
+ long xx20 = xx[20], xx21 = xx[21], xx22 = xx[22], xx23 = xx[23];
+
+ long cc = 0;
+ cc += (long)xx[0] + xx12 + xx20 + xx21 - xx23;
+ z[0] = (uint)cc;
+ cc >>= 32;
+ cc += (long)xx[1] + xx13 + xx22 + xx23 - xx12 - xx20;
+ z[1] = (uint)cc;
+ cc >>= 32;
+ cc += (long)xx[2] + xx14 + xx23 - xx13 - xx21;
+ z[2] = (uint)cc;
+ cc >>= 32;
+ cc += (long)xx[3] + xx12 + xx15 + xx20 + xx21 - xx14 - xx22 - xx23;
+ z[3] = (uint)cc;
+ cc >>= 32;
+ cc += (long)xx[4] + xx12 + xx13 + xx16 + xx20 + ((xx21 - xx23) << 1) + xx22 - xx15;
+ z[4] = (uint)cc;
+ cc >>= 32;
+ cc += (long)xx[5] + xx13 + xx14 + xx17 + xx21 + (xx22 << 1) + xx23 - xx16;
+ z[5] = (uint)cc;
+ cc >>= 32;
+ cc += (long)xx[6] + xx14 + xx15 + xx18 + xx22 + (xx23 << 1) - xx17;
+ z[6] = (uint)cc;
+ cc >>= 32;
+ cc += (long)xx[7] + xx15 + xx16 + xx19 + xx23 - xx18;
+ z[7] = (uint)cc;
+ cc >>= 32;
+ cc += (long)xx[8] + xx16 + xx17 + xx20 - xx19;
+ z[8] = (uint)cc;
+ cc >>= 32;
+ cc += (long)xx[9] + xx17 + xx18 + xx21 - xx20;
+ z[9] = (uint)cc;
+ cc >>= 32;
+ cc += (long)xx[10] + xx18 + xx19 + xx22 - xx21;
+ z[10] = (uint)cc;
+ cc >>= 32;
+ cc += (long)xx[11] + xx19 + xx20 + xx23 - xx22;
+ z[11] = (uint)cc;
+ cc >>= 32;
+
+ int c = (int)cc;
+ if (c > 0)
+ {
+ Reduce32((uint)c, z);
+ }
+ else
+ {
+ while (c < 0)
+ {
+ c += (int)Nat256.Add(z, P, z);
+ }
+ }
+ }
+
+ public static void Reduce32(uint x, uint[] z)
+ {
+ long xx12 = x;
+
+ long cc = 0;
+ cc += (long)z[0] + xx12;
+ z[0] = (uint)cc;
+ cc >>= 32;
+ cc += (long)z[1] - xx12;
+ z[1] = (uint)cc;
+ cc >>= 32;
+ cc += (long)z[2];
+ z[2] = (uint)cc;
+ cc >>= 32;
+ cc += (long)z[3] + xx12;
+ z[3] = (uint)cc;
+ cc >>= 32;
+ cc += (long)z[4] + xx12;
+ z[4] = (uint)cc;
+ cc >>= 32;
+
+ Debug.Assert(cc >= 0);
+
+ if (cc > 0)
+ {
+ uint c = Nat.AddWord(12, (uint)cc, z, 5);
+ if (c != 0 || (z[11] == P11 && Nat.Gte(12, z, P)))
+ {
+ Nat.Sub(12, z, P, z);
+ }
+ }
+ }
+
+ public static void Square(uint[] x, uint[] z)
+ {
+ uint[] tt = Nat.Create(24);
+ Nat384.Square(x, tt);
+ Reduce(tt, z);
+ }
+
+ public static void SquareN(uint[] x, int n, uint[] z)
+ {
+ Debug.Assert(n > 0);
+
+ uint[] tt = Nat.Create(24);
+ Nat384.Square(x, tt);
+ Reduce(tt, z);
+
+ while (--n > 0)
+ {
+ Nat384.Square(z, tt);
+ Reduce(tt, z);
+ }
+ }
+
+ public static void Subtract(uint[] x, uint[] y, uint[] z)
+ {
+ int c = Nat.Sub(12, x, y, z);
+ if (c != 0)
+ {
+ Nat.Add(12, z, P, z);
+ }
+ }
+
+ public static void SubtractExt(uint[] xx, uint[] yy, uint[] zz)
+ {
+ int c = Nat.Sub(24, xx, yy, zz);
+ if (c != 0)
+ {
+ Nat.Add(24, zz, PExt, zz);
+ }
+ }
+
+ public static void Twice(uint[] x, uint[] z)
+ {
+ uint c = Nat.ShiftUpBit(12, x, 0, z);
+ if (c != 0 || (z[11] == P11 && Nat.Gte(12, z, P)))
+ {
+ Nat.Sub(12, z, P, z);
+ }
+ }
+ }
+}
diff --git a/crypto/src/math/ec/custom/sec/SecP384R1FieldElement.cs b/crypto/src/math/ec/custom/sec/SecP384R1FieldElement.cs
new file mode 100644
index 000000000..bca260de9
--- /dev/null
+++ b/crypto/src/math/ec/custom/sec/SecP384R1FieldElement.cs
@@ -0,0 +1,155 @@
+using System;
+
+using Org.BouncyCastle.Utilities;
+
+namespace Org.BouncyCastle.Math.EC.Custom.Sec
+{
+ internal class SecP384R1FieldElement
+ : ECFieldElement
+ {
+ public static readonly BigInteger Q = SecP384R1Curve.q;
+
+ protected internal readonly uint[] x;
+
+ public SecP384R1FieldElement(BigInteger x)
+ {
+ if (x == null || x.SignValue < 0 || x.CompareTo(Q) >= 0)
+ throw new ArgumentException("value invalid for SecP384R1FieldElement", "x");
+
+ this.x = SecP384R1Field.FromBigInteger(x);
+ }
+
+ public SecP384R1FieldElement()
+ {
+ this.x = Nat.Create(12);
+ }
+
+ protected internal SecP384R1FieldElement(uint[] x)
+ {
+ this.x = x;
+ }
+
+ public override bool IsZero
+ {
+ get { return Nat.IsZero(12, x); }
+ }
+
+ public override bool IsOne
+ {
+ get { return Nat.IsOne(12, x); }
+ }
+
+ public override bool TestBitZero()
+ {
+ return Nat.GetBit(x, 0) == 1;
+ }
+
+ public override BigInteger ToBigInteger()
+ {
+ return Nat.ToBigInteger(12, x);
+ }
+
+ public override string FieldName
+ {
+ get { return "SecP384R1Field"; }
+ }
+
+ public override int FieldSize
+ {
+ get { return Q.BitLength; }
+ }
+
+ public override ECFieldElement Add(ECFieldElement b)
+ {
+ uint[] z = Nat.Create(12);
+ SecP384R1Field.Add(x, ((SecP384R1FieldElement)b).x, z);
+ return new SecP384R1FieldElement(z);
+ }
+
+ public override ECFieldElement AddOne()
+ {
+ uint[] z = Nat.Create(12);
+ SecP384R1Field.AddOne(x, z);
+ return new SecP384R1FieldElement(z);
+ }
+
+ public override ECFieldElement Subtract(ECFieldElement b)
+ {
+ uint[] z = Nat.Create(12);
+ SecP384R1Field.Subtract(x, ((SecP384R1FieldElement)b).x, z);
+ return new SecP384R1FieldElement(z);
+ }
+
+ public override ECFieldElement Multiply(ECFieldElement b)
+ {
+ uint[] z = Nat.Create(12);
+ SecP384R1Field.Multiply(x, ((SecP384R1FieldElement)b).x, z);
+ return new SecP384R1FieldElement(z);
+ }
+
+ public override ECFieldElement Divide(ECFieldElement b)
+ {
+ //return Multiply(b.Invert());
+ uint[] z = Nat.Create(12);
+ Mod.Invert(SecP384R1Field.P, ((SecP384R1FieldElement)b).x, z);
+ SecP384R1Field.Multiply(z, x, z);
+ return new SecP384R1FieldElement(z);
+ }
+
+ public override ECFieldElement Negate()
+ {
+ uint[] z = Nat.Create(12);
+ SecP384R1Field.Negate(x, z);
+ return new SecP384R1FieldElement(z);
+ }
+
+ public override ECFieldElement Square()
+ {
+ uint[] z = Nat.Create(12);
+ SecP384R1Field.Square(x, z);
+ return new SecP384R1FieldElement(z);
+ }
+
+ public override ECFieldElement Invert()
+ {
+ //return new SecP384R1FieldElement(ToBigInteger().ModInverse(Q));
+ uint[] z = Nat.Create(12);
+ Mod.Invert(SecP384R1Field.P, x, z);
+ return new SecP384R1FieldElement(z);
+ }
+
+ /**
+ * return a sqrt root - the routine verifies that the calculation returns the right value - if
+ * none exists it returns null.
+ */
+ public override ECFieldElement Sqrt()
+ {
+ ECFieldElement root = new FpFieldElement(Q, ToBigInteger()).Sqrt();
+ return root == null ? null : new SecP384R1FieldElement(root.ToBigInteger());
+ }
+
+ public override bool Equals(object obj)
+ {
+ return Equals(obj as SecP384R1FieldElement);
+ }
+
+ public override bool Equals(ECFieldElement other)
+ {
+ return Equals(other as SecP384R1FieldElement);
+ }
+
+ public virtual bool Equals(SecP384R1FieldElement other)
+ {
+ if (this == other)
+ return true;
+ if (null == other)
+ return false;
+ return Arrays.AreEqual(x, other.x);
+ }
+
+ public override int GetHashCode()
+ {
+ return Q.GetHashCode() ^ Arrays.GetHashCode(x);
+ }
+ }
+}
diff --git a/crypto/src/math/ec/custom/sec/SecP384R1Point.cs b/crypto/src/math/ec/custom/sec/SecP384R1Point.cs
new file mode 100644
index 000000000..6547df20c
--- /dev/null
+++ b/crypto/src/math/ec/custom/sec/SecP384R1Point.cs
@@ -0,0 +1,287 @@
+using System;
+
+namespace Org.BouncyCastle.Math.EC.Custom.Sec
+{
+ internal class SecP384R1Point
+ : ECPointBase
+ {
+ /**
+ * Create a point which encodes with point compression.
+ *
+ * @param curve
+ * the curve to use
+ * @param x
+ * affine x co-ordinate
+ * @param y
+ * affine y co-ordinate
+ *
+ * @deprecated Use ECCurve.createPoint to construct points
+ */
+ public SecP384R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y)
+ : this(curve, x, y, false)
+ {
+ }
+
+ /**
+ * Create a point that encodes with or without point compresion.
+ *
+ * @param curve
+ * the curve to use
+ * @param x
+ * affine x co-ordinate
+ * @param y
+ * affine y co-ordinate
+ * @param withCompression
+ * if true encode with point compression
+ *
+ * @deprecated per-point compression property will be removed, refer
+ * {@link #getEncoded(bool)}
+ */
+ public SecP384R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, bool withCompression)
+ : base(curve, x, y, withCompression)
+ {
+ if ((x == null) != (y == null))
+ throw new ArgumentException("Exactly one of the field elements is null");
+ }
+
+ internal SecP384R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, bool withCompression)
+ : base(curve, x, y, zs, withCompression)
+ {
+ }
+
+ protected override ECPoint Detach()
+ {
+ return new SecP384R1Point(null, AffineXCoord, AffineYCoord);
+ }
+
+ protected internal override bool CompressionYTilde
+ {
+ get { return this.AffineYCoord.TestBitZero(); }
+ }
+
+ public override ECPoint Add(ECPoint b)
+ {
+ if (this.IsInfinity)
+ return b;
+ if (b.IsInfinity)
+ return this;
+ if (this == b)
+ return Twice();
+
+ ECCurve curve = this.Curve;
+
+ SecP384R1FieldElement X1 = (SecP384R1FieldElement)this.RawXCoord, Y1 = (SecP384R1FieldElement)this.RawYCoord;
+ SecP384R1FieldElement X2 = (SecP384R1FieldElement)b.RawXCoord, Y2 = (SecP384R1FieldElement)b.RawYCoord;
+
+ SecP384R1FieldElement Z1 = (SecP384R1FieldElement)this.RawZCoords[0];
+ SecP384R1FieldElement Z2 = (SecP384R1FieldElement)b.RawZCoords[0];
+
+ uint[] tt1 = Nat.Create(24);
+ uint[] tt2 = Nat.Create(24);
+ uint[] t3 = Nat.Create(12);
+ uint[] t4 = Nat.Create(12);
+
+ bool Z1IsOne = Z1.IsOne;
+ uint[] U2, S2;
+ if (Z1IsOne)
+ {
+ U2 = X2.x;
+ S2 = Y2.x;
+ }
+ else
+ {
+ S2 = t3;
+ SecP384R1Field.Square(Z1.x, S2);
+
+ U2 = tt2;
+ SecP384R1Field.Multiply(S2, X2.x, U2);
+
+ SecP384R1Field.Multiply(S2, Z1.x, S2);
+ SecP384R1Field.Multiply(S2, Y2.x, S2);
+ }
+
+ bool Z2IsOne = Z2.IsOne;
+ uint[] U1, S1;
+ if (Z2IsOne)
+ {
+ U1 = X1.x;
+ S1 = Y1.x;
+ }
+ else
+ {
+ S1 = t4;
+ SecP384R1Field.Square(Z2.x, S1);
+
+ U1 = tt1;
+ SecP384R1Field.Multiply(S1, X1.x, U1);
+
+ SecP384R1Field.Multiply(S1, Z2.x, S1);
+ SecP384R1Field.Multiply(S1, Y1.x, S1);
+ }
+
+ uint[] H = Nat.Create(12);
+ SecP384R1Field.Subtract(U1, U2, H);
+
+ uint[] R = Nat.Create(12);// tt2;
+ SecP384R1Field.Subtract(S1, S2, R);
+
+ // Check if b == this or b == -this
+ if (Nat.IsZero(12, H))
+ {
+ if (Nat.IsZero(12, R))
+ {
+ // this == b, i.e. this must be doubled
+ return this.Twice();
+ }
+
+ // this == -b, i.e. the result is the point at infinity
+ return curve.Infinity;
+ }
+
+ uint[] HSquared = t3;
+ SecP384R1Field.Square(H, HSquared);
+
+ uint[] G = Nat.Create(12);
+ SecP384R1Field.Multiply(HSquared, H, G);
+
+ uint[] V = t3;
+ SecP384R1Field.Multiply(HSquared, U1, V);
+
+ Nat384.Mul(S1, G, tt1);
+
+ SecP384R1FieldElement X3 = new SecP384R1FieldElement(t4);
+ SecP384R1Field.Square(R, X3.x);
+ SecP384R1Field.Add(X3.x, G, X3.x);
+ SecP384R1Field.Subtract(X3.x, V, X3.x);
+ SecP384R1Field.Subtract(X3.x, V, X3.x);
+
+ SecP384R1FieldElement Y3 = new SecP384R1FieldElement(G);
+ SecP384R1Field.Subtract(V, X3.x, Y3.x);
+ Nat384.Mul(Y3.x, R, tt2);
+ SecP384R1Field.SubtractExt(tt2, tt1, tt2);
+ SecP384R1Field.Reduce(tt2, Y3.x);
+
+ SecP384R1FieldElement Z3 = new SecP384R1FieldElement(H);
+ if (!Z1IsOne)
+ {
+ SecP384R1Field.Multiply(Z3.x, Z1.x, Z3.x);
+ }
+ if (!Z2IsOne)
+ {
+ SecP384R1Field.Multiply(Z3.x, Z2.x, Z3.x);
+ }
+
+ ECFieldElement[] zs = new ECFieldElement[] { Z3 };
+
+ return new SecP384R1Point(curve, X3, Y3, zs, IsCompressed);
+ }
+
+ public override ECPoint Twice()
+ {
+ if (this.IsInfinity)
+ return this;
+
+ ECCurve curve = this.Curve;
+
+ SecP384R1FieldElement Y1 = (SecP384R1FieldElement)this.RawYCoord;
+ if (Y1.IsZero)
+ return curve.Infinity;
+
+ SecP384R1FieldElement X1 = (SecP384R1FieldElement)this.RawXCoord, Z1 = (SecP384R1FieldElement)this.RawZCoords[0];
+
+ uint[] t1 = Nat.Create(12);
+ uint[] t2 = Nat.Create(12);
+
+ uint[] Y1Squared = Nat.Create(12);
+ SecP384R1Field.Square(Y1.x, Y1Squared);
+
+ uint[] T = Nat.Create(12);
+ SecP384R1Field.Square(Y1Squared, T);
+
+ bool Z1IsOne = Z1.IsOne;
+
+ uint[] Z1Squared = Z1.x;
+ if (!Z1IsOne)
+ {
+ Z1Squared = t2;
+ SecP384R1Field.Square(Z1.x, Z1Squared);
+ }
+
+ SecP384R1Field.Subtract(X1.x, Z1Squared, t1);
+
+ uint[] M = t2;
+ SecP384R1Field.Add(X1.x, Z1Squared, M);
+ SecP384R1Field.Multiply(M, t1, M);
+ SecP384R1Field.Twice(M, t1);
+ SecP384R1Field.Add(M, t1, M);
+
+ uint[] S = Y1Squared;
+ SecP384R1Field.Multiply(Y1Squared, X1.x, S);
+ uint c = Nat.ShiftUpBits(12, S, 2, 0);
+ SecP384R1Field.Reduce32(c, S);
+
+ c = Nat.ShiftUpBits(12, T, 3, 0, t1);
+ SecP384R1Field.Reduce32(c, t1);
+
+ SecP384R1FieldElement X3 = new SecP384R1FieldElement(T);
+ SecP384R1Field.Square(M, X3.x);
+ SecP384R1Field.Subtract(X3.x, S, X3.x);
+ SecP384R1Field.Subtract(X3.x, S, X3.x);
+
+ SecP384R1FieldElement Y3 = new SecP384R1FieldElement(S);
+ SecP384R1Field.Subtract(S, X3.x, Y3.x);
+ SecP384R1Field.Multiply(Y3.x, M, Y3.x);
+ SecP384R1Field.Subtract(Y3.x, t1, Y3.x);
+
+ SecP384R1FieldElement Z3 = new SecP384R1FieldElement(M);
+ SecP384R1Field.Twice(Y1.x, Z3.x);
+ if (!Z1IsOne)
+ {
+ SecP384R1Field.Multiply(Z3.x, Z1.x, Z3.x);
+ }
+
+ return new SecP384R1Point(curve, X3, Y3, new ECFieldElement[] { Z3 }, IsCompressed);
+ }
+
+ public override ECPoint TwicePlus(ECPoint b)
+ {
+ if (this == b)
+ return ThreeTimes();
+ if (this.IsInfinity)
+ return b;
+ if (b.IsInfinity)
+ return Twice();
+
+ ECFieldElement Y1 = this.RawYCoord;
+ if (Y1.IsZero)
+ return b;
+
+ return Twice().Add(b);
+ }
+
+ public override ECPoint ThreeTimes()
+ {
+ if (this.IsInfinity || this.RawYCoord.IsZero)
+ return this;
+
+ // NOTE: Be careful about recursions between TwicePlus and ThreeTimes
+ return Twice().Add(this);
+ }
+
+ public override ECPoint Subtract(ECPoint b)
+ {
+ if (b.IsInfinity)
+ return this;
+
+ return Add(b.Negate());
+ }
+
+ public override ECPoint Negate()
+ {
+ if (IsInfinity)
+ return this;
+
+ return new SecP384R1Point(Curve, RawXCoord, RawYCoord.Negate(), RawZCoords, IsCompressed);
+ }
+ }
+}
|
