diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2023-08-18 10:13:15 +0700 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2023-08-18 10:13:15 +0700 |
commit | 0adfd0489e2ea55522ad6bd9ba1b1afe238cdcbe (patch) | |
tree | ace64a80946b73d485e66e4740dbf0c6e0e60eda /crypto | |
parent | Explicitly set IV to zeros when no ParametersWithIV (diff) | |
download | BouncyCastle.NET-ed25519-0adfd0489e2ea55522ad6bd9ba1b1afe238cdcbe.tar.xz |
Refactoring in Math.EC
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/src/math/ec/rfc7748/X25519Field.cs | 12 | ||||
-rw-r--r-- | crypto/src/math/ec/rfc7748/X448Field.cs | 6 | ||||
-rw-r--r-- | crypto/src/math/ec/rfc8032/Ed25519.cs | 6 | ||||
-rw-r--r-- | crypto/src/math/ec/rfc8032/Ed448.cs | 2 | ||||
-rw-r--r-- | crypto/src/math/ec/rfc8032/Wnaf.cs | 2 | ||||
-rw-r--r-- | crypto/test/src/math/ec/rfc7748/test/X25519Test.cs | 18 | ||||
-rw-r--r-- | crypto/test/src/math/ec/rfc7748/test/X448Test.cs | 14 |
7 files changed, 28 insertions, 32 deletions
diff --git a/crypto/src/math/ec/rfc7748/X25519Field.cs b/crypto/src/math/ec/rfc7748/X25519Field.cs index 079e673a8..47bca9935 100644 --- a/crypto/src/math/ec/rfc7748/X25519Field.cs +++ b/crypto/src/math/ec/rfc7748/X25519Field.cs @@ -24,10 +24,10 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748 private const int M25 = 0x01FFFFFF; private const int M26 = 0x03FFFFFF; - private static readonly uint[] P32 = new uint[]{ 0xFFFFFFEDU, 0xFFFFFFFFU, 0xFFFFFFFFU, 0xFFFFFFFFU, - 0xFFFFFFFFU, 0xFFFFFFFFU, 0xFFFFFFFFU, 0x7FFFFFFFU }; - private static readonly int[] RootNegOne = { 0x020EA0B0, 0x0386C9D2, 0x00478C4E, 0x0035697F, 0x005E8630, - 0x01FBD7A7, 0x0340264F, 0x01F0B2B4, 0x00027E0E, 0x00570649 }; + private static readonly uint[] P32 = { 0xFFFFFFEDU, 0xFFFFFFFFU, 0xFFFFFFFFU, 0xFFFFFFFFU, 0xFFFFFFFFU, + 0xFFFFFFFFU, 0xFFFFFFFFU, 0x7FFFFFFFU }; + private static readonly int[] RootNegOne = { -0x01F15F50, -0x0079362D, 0x00478C4F, 0x0035697F, 0x005E8630, + 0x01FBD7A7, -0x00BFD9B1, -0x000F4D4B, 0x00027E0F, 0x00570649 }; #if NETSTANDARD1_0_OR_GREATER || NETCOREAPP1_0_OR_GREATER [MethodImpl(MethodImplOptions.AggressiveInlining)] @@ -833,7 +833,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748 public static void Normalize(int[] z) { - int x = (z[9] >> 23) & 1; + int x = (z[9] >> (24 - 1)) & 1; Reduce(z, x); Reduce(z, -x); Debug.Assert(z[9] >> 24 == 0); @@ -842,7 +842,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748 #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER public static void Normalize(Span<int> z) { - int x = (z[9] >> 23) & 1; + int x = (z[9] >> (24 - 1)) & 1; Reduce(z, x); Reduce(z, -x); Debug.Assert(z[9] >> 24 == 0); diff --git a/crypto/src/math/ec/rfc7748/X448Field.cs b/crypto/src/math/ec/rfc7748/X448Field.cs index f3fe71114..d6210ddeb 100644 --- a/crypto/src/math/ec/rfc7748/X448Field.cs +++ b/crypto/src/math/ec/rfc7748/X448Field.cs @@ -24,9 +24,9 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748 private const uint M28 = 0x0FFFFFFFU; - private static readonly uint[] P32 = new uint[]{ 0xFFFFFFFFU, 0xFFFFFFFFU, 0xFFFFFFFFU, 0xFFFFFFFFU, - 0xFFFFFFFFU, 0xFFFFFFFFU, 0xFFFFFFFFU, 0xFFFFFFFEU, 0xFFFFFFFFU, 0xFFFFFFFFU, 0xFFFFFFFFU, 0xFFFFFFFFU, - 0xFFFFFFFFU, 0xFFFFFFFFU }; + private static readonly uint[] P32 = { 0xFFFFFFFFU, 0xFFFFFFFFU, 0xFFFFFFFFU, 0xFFFFFFFFU, 0xFFFFFFFFU, + 0xFFFFFFFFU, 0xFFFFFFFFU, 0xFFFFFFFEU, 0xFFFFFFFFU, 0xFFFFFFFFU, 0xFFFFFFFFU, 0xFFFFFFFFU, 0xFFFFFFFFU, + 0xFFFFFFFFU }; #if NETSTANDARD1_0_OR_GREATER || NETCOREAPP1_0_OR_GREATER [MethodImpl(MethodImplOptions.AggressiveInlining)] diff --git a/crypto/src/math/ec/rfc8032/Ed25519.cs b/crypto/src/math/ec/rfc8032/Ed25519.cs index fd2d5fe93..09cc9d433 100644 --- a/crypto/src/math/ec/rfc8032/Ed25519.cs +++ b/crypto/src/math/ec/rfc8032/Ed25519.cs @@ -55,9 +55,9 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 public static readonly int SignatureSize = PointBytes + ScalarBytes; // "SigEd25519 no Ed25519 collisions" - private static readonly byte[] Dom2Prefix = new byte[]{ 0x53, 0x69, 0x67, 0x45, 0x64, 0x32, 0x35, 0x35, 0x31, - 0x39, 0x20, 0x6e, 0x6f, 0x20, 0x45, 0x64, 0x32, 0x35, 0x35, 0x31, 0x39, 0x20, 0x63, 0x6f, 0x6c, 0x6c, 0x69, - 0x73, 0x69, 0x6f, 0x6e, 0x73 }; + private static readonly byte[] Dom2Prefix = { 0x53, 0x69, 0x67, 0x45, 0x64, 0x32, 0x35, 0x35, 0x31, 0x39, 0x20, + 0x6e, 0x6f, 0x20, 0x45, 0x64, 0x32, 0x35, 0x35, 0x31, 0x39, 0x20, 0x63, 0x6f, 0x6c, 0x6c, 0x69, 0x73, 0x69, + 0x6f, 0x6e, 0x73 }; private static readonly uint[] P = { 0xFFFFFFEDU, 0xFFFFFFFFU, 0xFFFFFFFFU, 0xFFFFFFFFU, 0xFFFFFFFFU, 0xFFFFFFFFU, 0xFFFFFFFFU, 0x7FFFFFFFU }; diff --git a/crypto/src/math/ec/rfc8032/Ed448.cs b/crypto/src/math/ec/rfc8032/Ed448.cs index 08b64ddf2..bde1461e6 100644 --- a/crypto/src/math/ec/rfc8032/Ed448.cs +++ b/crypto/src/math/ec/rfc8032/Ed448.cs @@ -52,7 +52,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 public static readonly int SignatureSize = PointBytes + ScalarBytes; // "SigEd448" - private static readonly byte[] Dom4Prefix = new byte[]{ 0x53, 0x69, 0x67, 0x45, 0x64, 0x34, 0x34, 0x38 }; + private static readonly byte[] Dom4Prefix = { 0x53, 0x69, 0x67, 0x45, 0x64, 0x34, 0x34, 0x38 }; private static readonly uint[] P = { 0xFFFFFFFFU, 0xFFFFFFFFU, 0xFFFFFFFFU, 0xFFFFFFFFU, 0xFFFFFFFFU, 0xFFFFFFFFU, 0xFFFFFFFFU, 0xFFFFFFFEU, 0xFFFFFFFFU, 0xFFFFFFFFU, 0xFFFFFFFFU, 0xFFFFFFFFU, 0xFFFFFFFFU, diff --git a/crypto/src/math/ec/rfc8032/Wnaf.cs b/crypto/src/math/ec/rfc8032/Wnaf.cs index 88319f405..209934031 100644 --- a/crypto/src/math/ec/rfc8032/Wnaf.cs +++ b/crypto/src/math/ec/rfc8032/Wnaf.cs @@ -42,7 +42,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 { int word16 = (int)(word >> j); - int skip = Integers.NumberOfTrailingZeros((sign ^ word16) | 0x00010000); + int skip = Integers.NumberOfTrailingZeros((sign ^ word16) | (1 << 16)); if (skip > 0) { j += skip; diff --git a/crypto/test/src/math/ec/rfc7748/test/X25519Test.cs b/crypto/test/src/math/ec/rfc7748/test/X25519Test.cs index 0b242a3c0..6ece6ed4b 100644 --- a/crypto/test/src/math/ec/rfc7748/test/X25519Test.cs +++ b/crypto/test/src/math/ec/rfc7748/test/X25519Test.cs @@ -49,23 +49,19 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748.Tests for (int i = 1; i <= 100; ++i) { // Each party generates an ephemeral private key, ... - Random.NextBytes(kA); - Random.NextBytes(kB); + X25519.GeneratePrivateKey(Random, kA); + X25519.GeneratePrivateKey(Random, kB); // ... publishes their public key, ... - X25519.ScalarMultBase(kA, 0, qA, 0); - X25519.ScalarMultBase(kB, 0, qB, 0); + X25519.GeneratePublicKey(kA, 0, qA, 0); + X25519.GeneratePublicKey(kB, 0, qB, 0); // ... computes the shared secret, ... - X25519.ScalarMult(kA, 0, qB, 0, sA, 0); - X25519.ScalarMult(kB, 0, qA, 0, sB, 0); + bool rA = X25519.CalculateAgreement(kA, 0, qB, 0, sA, 0); + bool rB = X25519.CalculateAgreement(kB, 0, qA, 0, sB, 0); // ... which is the same for both parties. - //Assert.IsTrue(Arrays.AreEqual(sA, sB), "ECDH #" + i); - if (!Arrays.AreEqual(sA, sB)) - { - Console.WriteLine(" " + i); - } + Assert.IsTrue(rA == rB && Arrays.AreEqual(sA, sB), "ECDH #" + i); } } diff --git a/crypto/test/src/math/ec/rfc7748/test/X448Test.cs b/crypto/test/src/math/ec/rfc7748/test/X448Test.cs index 5737ebe7f..97b9de88e 100644 --- a/crypto/test/src/math/ec/rfc7748/test/X448Test.cs +++ b/crypto/test/src/math/ec/rfc7748/test/X448Test.cs @@ -49,19 +49,19 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748.Tests for (int i = 1; i <= 100; ++i) { // Each party generates an ephemeral private key, ... - Random.NextBytes(kA); - Random.NextBytes(kB); + X448.GeneratePrivateKey(Random, kA); + X448.GeneratePrivateKey(Random, kB); // ... publishes their public key, ... - X448.ScalarMultBase(kA, 0, qA, 0); - X448.ScalarMultBase(kB, 0, qB, 0); + X448.GeneratePublicKey(kA, 0, qA, 0); + X448.GeneratePublicKey(kB, 0, qB, 0); // ... computes the shared secret, ... - X448.ScalarMult(kA, 0, qB, 0, sA, 0); - X448.ScalarMult(kB, 0, qA, 0, sB, 0); + bool rA = X448.CalculateAgreement(kA, 0, qB, 0, sA, 0); + bool rB = X448.CalculateAgreement(kB, 0, qA, 0, sB, 0); // ... which is the same for both parties. - Assert.IsTrue(Arrays.AreEqual(sA, sB), "ECDH #" + i); + Assert.IsTrue(rA == rB && Arrays.AreEqual(sA, sB), "ECDH #" + i); } } |