diff --git a/crypto/src/math/ec/custom/sec/SecT113Field.cs b/crypto/src/math/ec/custom/sec/SecT113Field.cs
index 2e99bdc4c..596d8070b 100644
--- a/crypto/src/math/ec/custom/sec/SecT113Field.cs
+++ b/crypto/src/math/ec/custom/sec/SecT113Field.cs
@@ -1,6 +1,8 @@
using System;
using System.Diagnostics;
#if NETCOREAPP3_0_OR_GREATER
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
using System.Runtime.Intrinsics;
using System.Runtime.Intrinsics.X86;
#endif
@@ -9,18 +11,36 @@ using Org.BouncyCastle.Math.Raw;
namespace Org.BouncyCastle.Math.EC.Custom.Sec
{
- internal class SecT113Field
+ internal static class SecT113Field
{
private const ulong M49 = ulong.MaxValue >> 15;
private const ulong M57 = ulong.MaxValue >> 7;
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Add(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> z)
+#else
public static void Add(ulong[] x, ulong[] y, ulong[] z)
+#endif
{
z[0] = x[0] ^ y[0];
z[1] = x[1] ^ y[1];
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void AddBothTo(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> z)
+#else
+ public static void AddBothTo(ulong[] x, ulong[] y, ulong[] z)
+#endif
+ {
+ z[0] ^= x[0] ^ y[0];
+ z[1] ^= x[1] ^ y[1];
+ }
+
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void AddExt(ReadOnlySpan<ulong> xx, ReadOnlySpan<ulong> yy, Span<ulong> zz)
+#else
public static void AddExt(ulong[] xx, ulong[] yy, ulong[] zz)
+#endif
{
zz[0] = xx[0] ^ yy[0];
zz[1] = xx[1] ^ yy[1];
@@ -28,13 +48,21 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
zz[3] = xx[3] ^ yy[3];
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void AddOne(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void AddOne(ulong[] x, ulong[] z)
+#endif
{
z[0] = x[0] ^ 1UL;
z[1] = x[1];
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void AddTo(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void AddTo(ulong[] x, ulong[] z)
+#endif
{
z[0] ^= x[0];
z[1] ^= x[1];
@@ -45,9 +73,17 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
return Nat.FromBigInteger64(113, x);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void HalfTrace(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void HalfTrace(ulong[] x, ulong[] z)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[4];
+#else
ulong[] tt = Nat128.CreateExt64();
+#endif
Nat128.Copy64(x, z);
for (int i = 1; i < 113; i += 2)
@@ -60,15 +96,24 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
}
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Invert(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void Invert(ulong[] x, ulong[] z)
+#endif
{
if (Nat128.IsZero64(x))
throw new InvalidOperationException();
// Itoh-Tsujii inversion
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> t0 = stackalloc ulong[2];
+ Span<ulong> t1 = stackalloc ulong[2];
+#else
ulong[] t0 = Nat128.Create64();
ulong[] t1 = Nat128.Create64();
+#endif
Square(x, t0);
Multiply(t0, x, t0);
@@ -89,21 +134,50 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
Square(t1, z);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Multiply(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> z)
+#else
public static void Multiply(ulong[] x, ulong[] y, ulong[] z)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[8];
+#else
ulong[] tt = new ulong[8];
+#endif
ImplMultiply(x, y, tt);
Reduce(tt, z);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void MultiplyAddToExt(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> zz)
+#else
public static void MultiplyAddToExt(ulong[] x, ulong[] y, ulong[] zz)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[8];
+#else
ulong[] tt = new ulong[8];
+#endif
ImplMultiply(x, y, tt);
AddExt(zz, tt, zz);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void MultiplyExt(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> zz)
+#else
+ public static void MultiplyExt(ulong[] x, ulong[] y, ulong[] zz)
+#endif
+ {
+ ImplMultiply(x, y, zz);
+ }
+
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Reduce(ReadOnlySpan<ulong> xx, Span<ulong> z)
+#else
public static void Reduce(ulong[] xx, ulong[] z)
+#endif
{
ulong x0 = xx[0], x1 = xx[1], x2 = xx[2], x3 = xx[3];
@@ -125,7 +199,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
z[zOff + 1] = z1 & M49;
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Sqrt(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void Sqrt(ulong[] x, ulong[] z)
+#endif
{
ulong c0 = Interleave.Unshuffle(x[0], x[1], out ulong e0);
@@ -133,30 +211,58 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
z[1] = (c0 >> 7) ^ (c0 >> 59);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Square(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void Square(ulong[] x, ulong[] z)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[4];
+#else
ulong[] tt = Nat128.CreateExt64();
+#endif
ImplSquare(x, tt);
Reduce(tt, z);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void SquareAddToExt(ReadOnlySpan<ulong> x, Span<ulong> zz)
+#else
public static void SquareAddToExt(ulong[] x, ulong[] zz)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[4];
+#else
ulong[] tt = Nat128.CreateExt64();
+#endif
ImplSquare(x, tt);
AddExt(zz, tt, zz);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void SquareExt(ReadOnlySpan<ulong> x, Span<ulong> zz)
+#else
public static void SquareExt(ulong[] x, ulong[] zz)
+#endif
{
ImplSquare(x, zz);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void SquareN(ReadOnlySpan<ulong> x, int n, Span<ulong> z)
+#else
public static void SquareN(ulong[] x, int n, ulong[] z)
+#endif
{
Debug.Assert(n > 0);
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[4];
+#else
ulong[] tt = Nat128.CreateExt64();
+#endif
ImplSquare(x, tt);
Reduce(tt, z);
@@ -167,16 +273,21 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
}
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static uint Trace(ReadOnlySpan<ulong> x)
+#else
public static uint Trace(ulong[] x)
+#endif
{
// Non-zero-trace bits: 0
return (uint)(x[0]) & 1U;
}
- protected static void ImplMultiply(ulong[] x, ulong[] y, ulong[] zz)
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ private static void ImplMultiply(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> zz)
{
#if NETCOREAPP3_0_OR_GREATER
- if (Pclmulqdq.IsSupported)
+ if (Pclmulqdq.IsSupported && BitConverter.IsLittleEndian && Unsafe.SizeOf<Vector128<ulong>>() == 16)
{
var X01 = Vector128.Create(x[0], x[1]);
var Y01 = Vector128.Create(y[0], y[1]);
@@ -186,10 +297,12 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
Pclmulqdq.CarrylessMultiply(X01, Y01, 0x10));
var Z23 = Pclmulqdq.CarrylessMultiply(X01, Y01, 0x11);
- zz[0] = Z01.GetElement(0);
- zz[1] = Z01.GetElement(1) ^ Z12.GetElement(0);
- zz[2] = Z23.GetElement(0) ^ Z12.GetElement(1);
- zz[3] = Z23.GetElement(1);
+ Z01 = Sse2.Xor(Z01, Sse2.ShiftLeftLogical128BitLane(Z12, 8));
+ Z23 = Sse2.Xor(Z23, Sse2.ShiftRightLogical128BitLane(Z12, 8));
+
+ Span<byte> zzBytes = MemoryMarshal.AsBytes(zz);
+ MemoryMarshal.Write(zzBytes[0x00..0x10], ref Z01);
+ MemoryMarshal.Write(zzBytes[0x10..0x20], ref Z23);
return;
}
#endif
@@ -206,6 +319,39 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
g1 = ((g0 >> 57) ^ (g1 << 7)) & M57;
g0 &= M57;
+ Span<ulong> u = zz;
+ Span<ulong> H = stackalloc ulong[6];
+
+ ImplMulw(u, f0, g0, H[0..]); // H(0) 57/56 bits
+ ImplMulw(u, f1, g1, H[2..]); // H(INF) 57/54 bits
+ ImplMulw(u, f0 ^ f1, g0 ^ g1, H[4..]); // H(1) 57/56 bits
+
+ ulong r = H[1] ^ H[2];
+ ulong z0 = H[0],
+ z3 = H[3],
+ z1 = H[4] ^ z0 ^ r,
+ z2 = H[5] ^ z3 ^ r;
+
+ zz[0] = z0 ^ (z1 << 57);
+ zz[1] = (z1 >> 7) ^ (z2 << 50);
+ zz[2] = (z2 >> 14) ^ (z3 << 43);
+ zz[3] = (z3 >> 21);
+ }
+#else
+ private static void ImplMultiply(ulong[] x, ulong[] y, ulong[] zz)
+ {
+ /*
+ * "Three-way recursion" as described in "Batch binary Edwards", Daniel J. Bernstein.
+ */
+
+ ulong f0 = x[0], f1 = x[1];
+ f1 = ((f0 >> 57) ^ (f1 << 7)) & M57;
+ f0 &= M57;
+
+ ulong g0 = y[0], g1 = y[1];
+ g1 = ((g0 >> 57) ^ (g1 << 7)) & M57;
+ g0 &= M57;
+
ulong[] u = zz;
ulong[] H = new ulong[6];
@@ -224,8 +370,13 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
zz[2] = (z2 >> 14) ^ (z3 << 43);
zz[3] = (z3 >> 21);
}
+#endif
- protected static void ImplMulw(ulong[] u, ulong x, ulong y, ulong[] z, int zOff)
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ private static void ImplMulw(Span<ulong> u, ulong x, ulong y, Span<ulong> z)
+#else
+ private static void ImplMulw(ulong[] u, ulong x, ulong y, ulong[] z, int zOff)
+#endif
{
Debug.Assert(x >> 57 == 0);
Debug.Assert(y >> 57 == 0);
@@ -240,14 +391,14 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
u[7] = u[6] ^ y;
uint j = (uint)x;
- ulong g, h = 0, l = u[j & 7];
+ ulong g, h = 0, l = u[(int)j & 7];
int k = 48;
do
{
j = (uint)(x >> k);
- g = u[j & 7]
- ^ u[(j >> 3) & 7] << 3
- ^ u[(j >> 6) & 7] << 6;
+ g = u[(int)j & 7]
+ ^ u[(int)(j >> 3) & 7] << 3
+ ^ u[(int)(j >> 6) & 7] << 6;
l ^= (g << k);
h ^= (g >> -k);
}
@@ -257,11 +408,20 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
Debug.Assert(h >> 49 == 0);
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ z[0] ^= l & M57;
+ z[1] ^= (l >> 57) ^ (h << 7);
+#else
z[zOff ] = l & M57;
z[zOff + 1] = (l >> 57) ^ (h << 7);
+#endif
}
- protected static void ImplSquare(ulong[] x, ulong[] zz)
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ private static void ImplSquare(ReadOnlySpan<ulong> x, Span<ulong> zz)
+#else
+ private static void ImplSquare(ulong[] x, ulong[] zz)
+#endif
{
#if NETCOREAPP3_0_OR_GREATER
if (Bmi2.X64.IsSupported)
@@ -274,7 +434,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
}
#endif
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Interleave.Expand64To128(x[..2], zz[..4]);
+#else
Interleave.Expand64To128(x, 0, 2, zz, 0);
+#endif
}
}
}
diff --git a/crypto/src/math/ec/custom/sec/SecT131Field.cs b/crypto/src/math/ec/custom/sec/SecT131Field.cs
index f84fdd212..743fa6a5d 100644
--- a/crypto/src/math/ec/custom/sec/SecT131Field.cs
+++ b/crypto/src/math/ec/custom/sec/SecT131Field.cs
@@ -1,6 +1,8 @@
using System;
using System.Diagnostics;
#if NETCOREAPP3_0_OR_GREATER
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
using System.Runtime.Intrinsics;
using System.Runtime.Intrinsics.X86;
#endif
@@ -9,21 +11,40 @@ using Org.BouncyCastle.Math.Raw;
namespace Org.BouncyCastle.Math.EC.Custom.Sec
{
- internal class SecT131Field
+ internal static class SecT131Field
{
private const ulong M03 = ulong.MaxValue >> 61;
private const ulong M44 = ulong.MaxValue >> 20;
private static readonly ulong[] ROOT_Z = new ulong[]{ 0x26BC4D789AF13523UL, 0x26BC4D789AF135E2UL, 0x6UL };
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Add(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> z)
+#else
public static void Add(ulong[] x, ulong[] y, ulong[] z)
+#endif
{
z[0] = x[0] ^ y[0];
z[1] = x[1] ^ y[1];
z[2] = x[2] ^ y[2];
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void AddBothTo(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> z)
+#else
+ public static void AddBothTo(ulong[] x, ulong[] y, ulong[] z)
+#endif
+ {
+ z[0] ^= x[0] ^ y[0];
+ z[1] ^= x[1] ^ y[1];
+ z[2] ^= x[2] ^ y[2];
+ }
+
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void AddExt(ReadOnlySpan<ulong> xx, ReadOnlySpan<ulong> yy, Span<ulong> zz)
+#else
public static void AddExt(ulong[] xx, ulong[] yy, ulong[] zz)
+#endif
{
zz[0] = xx[0] ^ yy[0];
zz[1] = xx[1] ^ yy[1];
@@ -32,14 +53,22 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
zz[4] = xx[4] ^ yy[4];
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void AddOne(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void AddOne(ulong[] x, ulong[] z)
+#endif
{
z[0] = x[0] ^ 1UL;
z[1] = x[1];
z[2] = x[2];
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void AddTo(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void AddTo(ulong[] x, ulong[] z)
+#endif
{
z[0] ^= x[0];
z[1] ^= x[1];
@@ -51,9 +80,17 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
return Nat.FromBigInteger64(131, x);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void HalfTrace(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void HalfTrace(ulong[] x, ulong[] z)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[5];
+#else
ulong[] tt = Nat.Create64(5);
+#endif
Nat192.Copy64(x, z);
for (int i = 1; i < 131; i += 2)
@@ -66,15 +103,24 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
}
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Invert(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void Invert(ulong[] x, ulong[] z)
+#endif
{
if (Nat192.IsZero64(x))
throw new InvalidOperationException();
// Itoh-Tsujii inversion
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> t0 = stackalloc ulong[3];
+ Span<ulong> t1 = stackalloc ulong[3];
+#else
ulong[] t0 = Nat192.Create64();
ulong[] t1 = Nat192.Create64();
+#endif
Square(x, t0);
Multiply(t0, x, t0);
@@ -95,21 +141,50 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
Square(t0, z);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Multiply(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> z)
+#else
public static void Multiply(ulong[] x, ulong[] y, ulong[] z)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[8];
+#else
ulong[] tt = new ulong[8];
+#endif
ImplMultiply(x, y, tt);
Reduce(tt, z);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void MultiplyAddToExt(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> zz)
+#else
public static void MultiplyAddToExt(ulong[] x, ulong[] y, ulong[] zz)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[8];
+#else
ulong[] tt = new ulong[8];
+#endif
ImplMultiply(x, y, tt);
AddExt(zz, tt, zz);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void MultiplyExt(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> zz)
+#else
+ public static void MultiplyExt(ulong[] x, ulong[] y, ulong[] zz)
+#endif
+ {
+ ImplMultiply(x, y, zz);
+ }
+
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Reduce(ReadOnlySpan<ulong> xx, Span<ulong> z)
+#else
public static void Reduce(ulong[] xx, ulong[] z)
+#endif
{
ulong x0 = xx[0], x1 = xx[1], x2 = xx[2], x3 = xx[3], x4 = xx[4];
@@ -135,9 +210,17 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
z[zOff + 2] = z2 & M03;
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Sqrt(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void Sqrt(ulong[] x, ulong[] z)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> odd = stackalloc ulong[3];
+#else
ulong[] odd = Nat192.Create64();
+#endif
odd[0] = Interleave.Unshuffle(x[0], x[1], out ulong e0);
odd[1] = Interleave.Unshuffle(x[2] , out ulong e1);
@@ -148,30 +231,58 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
z[1] ^= e1;
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Square(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void Square(ulong[] x, ulong[] z)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[5];
+#else
ulong[] tt = Nat.Create64(5);
+#endif
ImplSquare(x, tt);
Reduce(tt, z);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void SquareAddToExt(ReadOnlySpan<ulong> x, Span<ulong> zz)
+#else
public static void SquareAddToExt(ulong[] x, ulong[] zz)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[5];
+#else
ulong[] tt = Nat.Create64(5);
+#endif
ImplSquare(x, tt);
AddExt(zz, tt, zz);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void SquareExt(ReadOnlySpan<ulong> x, Span<ulong> zz)
+#else
public static void SquareExt(ulong[] x, ulong[] zz)
+#endif
{
ImplSquare(x, zz);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void SquareN(ReadOnlySpan<ulong> x, int n, Span<ulong> z)
+#else
public static void SquareN(ulong[] x, int n, ulong[] z)
+#endif
{
Debug.Assert(n > 0);
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[5];
+#else
ulong[] tt = Nat.Create64(5);
+#endif
ImplSquare(x, tt);
Reduce(tt, z);
@@ -182,13 +293,21 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
}
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static uint Trace(ReadOnlySpan<ulong> x)
+#else
public static uint Trace(ulong[] x)
+#endif
{
// Non-zero-trace bits: 0, 123, 129
return (uint)(x[0] ^ (x[1] >> 59) ^ (x[2] >> 1)) & 1U;
}
- protected static void ImplCompactExt(ulong[] zz)
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ private static void ImplCompactExt(Span<ulong> zz)
+#else
+ private static void ImplCompactExt(ulong[] zz)
+#endif
{
ulong z0 = zz[0], z1 = zz[1], z2 = zz[2], z3 = zz[3], z4 = zz[4], z5 = zz[5];
zz[0] = z0 ^ (z1 << 44);
@@ -201,10 +320,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
zz[5] = 0;
}
- protected static void ImplMultiply(ulong[] x, ulong[] y, ulong[] zz)
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ private static void ImplMultiply(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> zz)
{
#if NETCOREAPP3_0_OR_GREATER
- if (Pclmulqdq.IsSupported)
+ if (Pclmulqdq.IsSupported && BitConverter.IsLittleEndian && Unsafe.SizeOf<Vector128<ulong>>() == 16)
{
var X01 = Vector128.Create(x[0], x[1]);
var X2_ = Vector128.CreateScalar(x[2]);
@@ -221,11 +341,16 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
Pclmulqdq.CarrylessMultiply(X2_, Y01, 0x10));
var Z4_ = Pclmulqdq.CarrylessMultiply(X2_, Y2_, 0x00);
- zz[0] = Z01.GetElement(0);
- zz[1] = Z01.GetElement(1) ^ Z12.GetElement(0);
- zz[2] = Z23.GetElement(0) ^ Z12.GetElement(1);
- zz[3] = Z23.GetElement(1) ^ Z34.GetElement(0);
- zz[4] = Z4_.GetElement(0) ^ Z34.GetElement(1);
+ Z01 = Sse2.Xor(Z01, Sse2.ShiftLeftLogical128BitLane(Z12, 8));
+ Z23 = Sse2.Xor(Z23, Sse2.ShiftRightLogical128BitLane(Z12, 8));
+
+ Z23 = Sse2.Xor(Z23, Sse2.ShiftLeftLogical128BitLane(Z34, 8));
+ Z4_ = Sse2.Xor(Z4_, Sse2.ShiftRightLogical128BitLane(Z34, 8));
+
+ Span<byte> zzBytes = MemoryMarshal.AsBytes(zz);
+ MemoryMarshal.Write(zzBytes[0x00..0x10], ref Z01);
+ MemoryMarshal.Write(zzBytes[0x10..0x20], ref Z23);
+ zz[4] = Z4_.ToScalar();
return;
}
#endif
@@ -244,6 +369,110 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
g1 = ((g0 >> 44) ^ (g1 << 20)) & M44;
g0 &= M44;
+ Span<ulong> u = zz;
+ Span<ulong> H = new ulong[10];
+
+ ImplMulw(u, f0, g0, H[0..]); // H(0) 44/43 bits
+ ImplMulw(u, f2, g2, H[2..]); // H(INF) 44/41 bits
+
+ ulong t0 = f0 ^ f1 ^ f2;
+ ulong t1 = g0 ^ g1 ^ g2;
+
+ ImplMulw(u, t0, t1, H[4..]); // H(1) 44/43 bits
+
+ ulong t2 = (f1 << 1) ^ (f2 << 2);
+ ulong t3 = (g1 << 1) ^ (g2 << 2);
+
+ ImplMulw(u, f0 ^ t2, g0 ^ t3, H[6..]); // H(t) 44/45 bits
+ ImplMulw(u, t0 ^ t2, t1 ^ t3, H[8..]); // H(t + 1) 44/45 bits
+
+ ulong t4 = H[6] ^ H[8];
+ ulong t5 = H[7] ^ H[9];
+
+ Debug.Assert(t5 >> 44 == 0);
+
+ // Calculate V
+ ulong v0 = (t4 << 1) ^ H[6];
+ ulong v1 = t4 ^ (t5 << 1) ^ H[7];
+ ulong v2 = t5;
+
+ // Calculate U
+ ulong u0 = H[0];
+ ulong u1 = H[1] ^ H[0] ^ H[4];
+ ulong u2 = H[1] ^ H[5];
+
+ // Calculate W
+ ulong w0 = u0 ^ v0 ^ (H[2] << 4) ^ (H[2] << 1);
+ ulong w1 = u1 ^ v1 ^ (H[3] << 4) ^ (H[3] << 1);
+ ulong w2 = u2 ^ v2;
+
+ // Propagate carries
+ w1 ^= (w0 >> 44); w0 &= M44;
+ w2 ^= (w1 >> 44); w1 &= M44;
+
+ Debug.Assert((w0 & 1UL) == 0);
+
+ // Divide W by t
+
+ w0 = (w0 >> 1) ^ ((w1 & 1UL) << 43);
+ w1 = (w1 >> 1) ^ ((w2 & 1UL) << 43);
+ w2 = (w2 >> 1);
+
+ // Divide W by (t + 1)
+
+ w0 ^= (w0 << 1);
+ w0 ^= (w0 << 2);
+ w0 ^= (w0 << 4);
+ w0 ^= (w0 << 8);
+ w0 ^= (w0 << 16);
+ w0 ^= (w0 << 32);
+
+ w0 &= M44; w1 ^= (w0 >> 43);
+
+ w1 ^= (w1 << 1);
+ w1 ^= (w1 << 2);
+ w1 ^= (w1 << 4);
+ w1 ^= (w1 << 8);
+ w1 ^= (w1 << 16);
+ w1 ^= (w1 << 32);
+
+ w1 &= M44; w2 ^= (w1 >> 43);
+
+ w2 ^= (w2 << 1);
+ w2 ^= (w2 << 2);
+ w2 ^= (w2 << 4);
+ w2 ^= (w2 << 8);
+ w2 ^= (w2 << 16);
+ w2 ^= (w2 << 32);
+
+ Debug.Assert(w2 >> 42 == 0);
+
+ zz[0] = u0;
+ zz[1] = u1 ^ w0 ^ H[2];
+ zz[2] = u2 ^ w1 ^ w0 ^ H[3];
+ zz[3] = w2 ^ w1;
+ zz[4] = w2 ^ H[2];
+ zz[5] = H[3];
+
+ ImplCompactExt(zz);
+ }
+#else
+ private static void ImplMultiply(ulong[] x, ulong[] y, ulong[] zz)
+ {
+ /*
+ * "Five-way recursion" as described in "Batch binary Edwards", Daniel J. Bernstein.
+ */
+
+ ulong f0 = x[0], f1 = x[1], f2 = x[2];
+ f2 = ((f1 >> 24) ^ (f2 << 40)) & M44;
+ f1 = ((f0 >> 44) ^ (f1 << 20)) & M44;
+ f0 &= M44;
+
+ ulong g0 = y[0], g1 = y[1], g2 = y[2];
+ g2 = ((g1 >> 24) ^ (g2 << 40)) & M44;
+ g1 = ((g0 >> 44) ^ (g1 << 20)) & M44;
+ g0 &= M44;
+
ulong[] u = zz;
ulong[] H = new ulong[10];
@@ -331,8 +560,13 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
ImplCompactExt(zz);
}
+#endif
- protected static void ImplMulw(ulong[] u, ulong x, ulong y, ulong[] z, int zOff)
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ private static void ImplMulw(Span<ulong> u, ulong x, ulong y, Span<ulong> z)
+#else
+ private static void ImplMulw(ulong[] u, ulong x, ulong y, ulong[] z, int zOff)
+#endif
{
Debug.Assert(x >> 45 == 0);
Debug.Assert(y >> 45 == 0);
@@ -347,20 +581,20 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
u[7] = u[6] ^ y;
uint j = (uint)x;
- ulong g, h = 0, l = u[j & 7]
- ^ u[(j >> 3) & 7] << 3
- ^ u[(j >> 6) & 7] << 6
- ^ u[(j >> 9) & 7] << 9
- ^ u[(j >> 12) & 7] << 12;
+ ulong g, h = 0, l = u[(int)j & 7]
+ ^ u[(int)(j >> 3) & 7] << 3
+ ^ u[(int)(j >> 6) & 7] << 6
+ ^ u[(int)(j >> 9) & 7] << 9
+ ^ u[(int)(j >> 12) & 7] << 12;
int k = 30;
do
{
j = (uint)(x >> k);
- g = u[j & 7]
- ^ u[(j >> 3) & 7] << 3
- ^ u[(j >> 6) & 7] << 6
- ^ u[(j >> 9) & 7] << 9
- ^ u[(j >> 12) & 7] << 12;
+ g = u[(int)j & 7]
+ ^ u[(int)(j >> 3) & 7] << 3
+ ^ u[(int)(j >> 6) & 7] << 6
+ ^ u[(int)(j >> 9) & 7] << 9
+ ^ u[(int)(j >> 12) & 7] << 12;
l ^= (g << k);
h ^= (g >> -k);
}
@@ -368,11 +602,20 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
Debug.Assert(h >> 25 == 0);
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ z[0] ^= l & M44;
+ z[1] ^= (l >> 44) ^ (h << 20);
+#else
z[zOff ] = l & M44;
z[zOff + 1] = (l >> 44) ^ (h << 20);
+#endif
}
- protected static void ImplSquare(ulong[] x, ulong[] zz)
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ private static void ImplSquare(ReadOnlySpan<ulong> x, Span<ulong> zz)
+#else
+ private static void ImplSquare(ulong[] x, ulong[] zz)
+#endif
{
zz[4] = Interleave.Expand8to16((byte)x[2]);
@@ -387,7 +630,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
}
#endif
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Interleave.Expand64To128(x[..2], zz[..4]);
+#else
Interleave.Expand64To128(x, 0, 2, zz, 0);
+#endif
}
}
}
diff --git a/crypto/src/math/ec/custom/sec/SecT163Field.cs b/crypto/src/math/ec/custom/sec/SecT163Field.cs
index 1ba747681..d0f09cd8b 100644
--- a/crypto/src/math/ec/custom/sec/SecT163Field.cs
+++ b/crypto/src/math/ec/custom/sec/SecT163Field.cs
@@ -1,6 +1,8 @@
using System;
using System.Diagnostics;
#if NETCOREAPP3_0_OR_GREATER
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
using System.Runtime.Intrinsics;
using System.Runtime.Intrinsics.X86;
#endif
@@ -9,21 +11,40 @@ using Org.BouncyCastle.Math.Raw;
namespace Org.BouncyCastle.Math.EC.Custom.Sec
{
- internal class SecT163Field
+ internal static class SecT163Field
{
private const ulong M35 = ulong.MaxValue >> 29;
private const ulong M55 = ulong.MaxValue >> 9;
private static readonly ulong[] ROOT_Z = new ulong[]{ 0xB6DB6DB6DB6DB6B0UL, 0x492492492492DB6DUL, 0x492492492UL };
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Add(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> z)
+#else
public static void Add(ulong[] x, ulong[] y, ulong[] z)
+#endif
{
z[0] = x[0] ^ y[0];
z[1] = x[1] ^ y[1];
z[2] = x[2] ^ y[2];
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void AddBothTo(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> z)
+#else
+ public static void AddBothTo(ulong[] x, ulong[] y, ulong[] z)
+#endif
+ {
+ z[0] ^= x[0] ^ y[0];
+ z[1] ^= x[1] ^ y[1];
+ z[2] ^= x[2] ^ y[2];
+ }
+
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void AddExt(ReadOnlySpan<ulong> xx, ReadOnlySpan<ulong> yy, Span<ulong> zz)
+#else
public static void AddExt(ulong[] xx, ulong[] yy, ulong[] zz)
+#endif
{
zz[0] = xx[0] ^ yy[0];
zz[1] = xx[1] ^ yy[1];
@@ -33,14 +54,22 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
zz[5] = xx[5] ^ yy[5];
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void AddOne(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void AddOne(ulong[] x, ulong[] z)
+#endif
{
z[0] = x[0] ^ 1UL;
z[1] = x[1];
z[2] = x[2];
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void AddTo(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void AddTo(ulong[] x, ulong[] z)
+#endif
{
z[0] ^= x[0];
z[1] ^= x[1];
@@ -52,9 +81,17 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
return Nat.FromBigInteger64(163, x);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void HalfTrace(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void HalfTrace(ulong[] x, ulong[] z)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[6];
+#else
ulong[] tt = Nat192.CreateExt64();
+#endif
Nat192.Copy64(x, z);
for (int i = 1; i < 163; i += 2)
@@ -67,15 +104,24 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
}
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Invert(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void Invert(ulong[] x, ulong[] z)
+#endif
{
if (Nat192.IsZero64(x))
throw new InvalidOperationException();
// Itoh-Tsujii inversion with bases { 2, 3 }
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> t0 = stackalloc ulong[3];
+ Span<ulong> t1 = stackalloc ulong[3];
+#else
ulong[] t0 = Nat192.Create64();
ulong[] t1 = Nat192.Create64();
+#endif
Square(x, t0);
@@ -108,21 +154,50 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
Multiply(t0, t1, z);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Multiply(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> z)
+#else
public static void Multiply(ulong[] x, ulong[] y, ulong[] z)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[8];
+#else
ulong[] tt = new ulong[8];
+#endif
ImplMultiply(x, y, tt);
Reduce(tt, z);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void MultiplyAddToExt(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> zz)
+#else
public static void MultiplyAddToExt(ulong[] x, ulong[] y, ulong[] zz)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[8];
+#else
ulong[] tt = new ulong[8];
+#endif
ImplMultiply(x, y, tt);
AddExt(zz, tt, zz);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void MultiplyExt(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> zz)
+#else
+ public static void MultiplyExt(ulong[] x, ulong[] y, ulong[] zz)
+#endif
+ {
+ ImplMultiply(x, y, zz);
+ }
+
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Reduce(ReadOnlySpan<ulong> xx, Span<ulong> z)
+#else
public static void Reduce(ulong[] xx, ulong[] z)
+#endif
{
ulong x0 = xx[0], x1 = xx[1], x2 = xx[2], x3 = xx[3], x4 = xx[4], x5 = xx[5];
@@ -148,9 +223,17 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
z[zOff + 2] = z2 & M35;
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Sqrt(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void Sqrt(ulong[] x, ulong[] z)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> odd = stackalloc ulong[3];
+#else
ulong[] odd = Nat192.Create64();
+#endif
odd[0] = Interleave.Unshuffle(x[0], x[1], out ulong e0);
odd[1] = Interleave.Unshuffle(x[2] , out ulong e1);
@@ -161,30 +244,58 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
z[1] ^= e1;
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Square(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void Square(ulong[] x, ulong[] z)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[6];
+#else
ulong[] tt = Nat192.CreateExt64();
+#endif
ImplSquare(x, tt);
Reduce(tt, z);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void SquareAddToExt(ReadOnlySpan<ulong> x, Span<ulong> zz)
+#else
public static void SquareAddToExt(ulong[] x, ulong[] zz)
+#endif
{
- ulong[] tt = Nat192.CreateExt64();
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[6];
+#else
+ ulong[] tt = Nat256.CreateExt64();
+#endif
ImplSquare(x, tt);
AddExt(zz, tt, zz);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void SquareExt(ReadOnlySpan<ulong> x, Span<ulong> zz)
+#else
public static void SquareExt(ulong[] x, ulong[] zz)
+#endif
{
ImplSquare(x, zz);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void SquareN(ReadOnlySpan<ulong> x, int n, Span<ulong> z)
+#else
public static void SquareN(ulong[] x, int n, ulong[] z)
+#endif
{
Debug.Assert(n > 0);
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[6];
+#else
ulong[] tt = Nat192.CreateExt64();
+#endif
ImplSquare(x, tt);
Reduce(tt, z);
@@ -195,13 +306,21 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
}
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static uint Trace(ReadOnlySpan<ulong> x)
+#else
public static uint Trace(ulong[] x)
+#endif
{
// Non-zero-trace bits: 0, 157
return (uint)(x[0] ^ (x[2] >> 29)) & 1U;
}
- protected static void ImplCompactExt(ulong[] zz)
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ private static void ImplCompactExt(Span<ulong> zz)
+#else
+ private static void ImplCompactExt(ulong[] zz)
+#endif
{
ulong z0 = zz[0], z1 = zz[1], z2 = zz[2], z3 = zz[3], z4 = zz[4], z5 = zz[5];
zz[0] = z0 ^ (z1 << 55);
@@ -212,10 +331,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
zz[5] = (z5 >> 45);
}
- protected static void ImplMultiply(ulong[] x, ulong[] y, ulong[] zz)
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ private static void ImplMultiply(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> zz)
{
#if NETCOREAPP3_0_OR_GREATER
- if (Pclmulqdq.IsSupported)
+ if (Pclmulqdq.IsSupported && BitConverter.IsLittleEndian && Unsafe.SizeOf<Vector128<ulong>>() == 16)
{
var X01 = Vector128.Create(x[0], x[1]);
var X2_ = Vector128.CreateScalar(x[2]);
@@ -232,12 +352,16 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
Pclmulqdq.CarrylessMultiply(X2_, Y01, 0x10));
var Z45 = Pclmulqdq.CarrylessMultiply(X2_, Y2_, 0x00);
- zz[0] = Z01.GetElement(0);
- zz[1] = Z01.GetElement(1) ^ Z12.GetElement(0);
- zz[2] = Z23.GetElement(0) ^ Z12.GetElement(1);
- zz[3] = Z23.GetElement(1) ^ Z34.GetElement(0);
- zz[4] = Z45.GetElement(0) ^ Z34.GetElement(1);
- zz[5] = Z45.GetElement(1);
+ Z01 = Sse2.Xor(Z01, Sse2.ShiftLeftLogical128BitLane (Z12, 8));
+ Z23 = Sse2.Xor(Z23, Sse2.ShiftRightLogical128BitLane(Z12, 8));
+
+ Z23 = Sse2.Xor(Z23, Sse2.ShiftLeftLogical128BitLane (Z34, 8));
+ Z45 = Sse2.Xor(Z45, Sse2.ShiftRightLogical128BitLane(Z34, 8));
+
+ Span<byte> zzBytes = MemoryMarshal.AsBytes(zz);
+ MemoryMarshal.Write(zzBytes[0x00..0x10], ref Z01);
+ MemoryMarshal.Write(zzBytes[0x10..0x20], ref Z23);
+ MemoryMarshal.Write(zzBytes[0x20..0x30], ref Z45);
return;
}
#endif
@@ -256,6 +380,110 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
g1 = ((g0 >> 55) ^ (g1 << 9)) & M55;
g0 &= M55;
+ Span<ulong> u = zz;
+ Span<ulong> H = stackalloc ulong[10];
+
+ ImplMulw(u, f0, g0, H[0..]); // H(0) 55/54 bits
+ ImplMulw(u, f2, g2, H[2..]); // H(INF) 55/50 bits
+
+ ulong t0 = f0 ^ f1 ^ f2;
+ ulong t1 = g0 ^ g1 ^ g2;
+
+ ImplMulw(u, t0, t1, H[4..]); // H(1) 55/54 bits
+
+ ulong t2 = (f1 << 1) ^ (f2 << 2);
+ ulong t3 = (g1 << 1) ^ (g2 << 2);
+
+ ImplMulw(u, f0 ^ t2, g0 ^ t3, H[6..]); // H(t) 55/56 bits
+ ImplMulw(u, t0 ^ t2, t1 ^ t3, H[8..]); // H(t + 1) 55/56 bits
+
+ ulong t4 = H[6] ^ H[8];
+ ulong t5 = H[7] ^ H[9];
+
+ Debug.Assert(t5 >> 55 == 0);
+
+ // Calculate V
+ ulong v0 = (t4 << 1) ^ H[6];
+ ulong v1 = t4 ^ (t5 << 1) ^ H[7];
+ ulong v2 = t5;
+
+ // Calculate U
+ ulong u0 = H[0];
+ ulong u1 = H[1] ^ H[0] ^ H[4];
+ ulong u2 = H[1] ^ H[5];
+
+ // Calculate W
+ ulong w0 = u0 ^ v0 ^ (H[2] << 4) ^ (H[2] << 1);
+ ulong w1 = u1 ^ v1 ^ (H[3] << 4) ^ (H[3] << 1);
+ ulong w2 = u2 ^ v2;
+
+ // Propagate carries
+ w1 ^= (w0 >> 55); w0 &= M55;
+ w2 ^= (w1 >> 55); w1 &= M55;
+
+ Debug.Assert((w0 & 1UL) == 0UL);
+
+ // Divide W by t
+
+ w0 = (w0 >> 1) ^ ((w1 & 1UL) << 54);
+ w1 = (w1 >> 1) ^ ((w2 & 1UL) << 54);
+ w2 = (w2 >> 1);
+
+ // Divide W by (t + 1)
+
+ w0 ^= (w0 << 1);
+ w0 ^= (w0 << 2);
+ w0 ^= (w0 << 4);
+ w0 ^= (w0 << 8);
+ w0 ^= (w0 << 16);
+ w0 ^= (w0 << 32);
+
+ w0 &= M55; w1 ^= (w0 >> 54);
+
+ w1 ^= (w1 << 1);
+ w1 ^= (w1 << 2);
+ w1 ^= (w1 << 4);
+ w1 ^= (w1 << 8);
+ w1 ^= (w1 << 16);
+ w1 ^= (w1 << 32);
+
+ w1 &= M55; w2 ^= (w1 >> 54);
+
+ w2 ^= (w2 << 1);
+ w2 ^= (w2 << 2);
+ w2 ^= (w2 << 4);
+ w2 ^= (w2 << 8);
+ w2 ^= (w2 << 16);
+ w2 ^= (w2 << 32);
+
+ Debug.Assert(w2 >> 52 == 0);
+
+ zz[0] = u0;
+ zz[1] = u1 ^ w0 ^ H[2];
+ zz[2] = u2 ^ w1 ^ w0 ^ H[3];
+ zz[3] = w2 ^ w1;
+ zz[4] = w2 ^ H[2];
+ zz[5] = H[3];
+
+ ImplCompactExt(zz);
+ }
+#else
+ private static void ImplMultiply(ulong[] x, ulong[] y, ulong[] zz)
+ {
+ /*
+ * "Five-way recursion" as described in "Batch binary Edwards", Daniel J. Bernstein.
+ */
+
+ ulong f0 = x[0], f1 = x[1], f2 = x[2];
+ f2 = ((f1 >> 46) ^ (f2 << 18));
+ f1 = ((f0 >> 55) ^ (f1 << 9)) & M55;
+ f0 &= M55;
+
+ ulong g0 = y[0], g1 = y[1], g2 = y[2];
+ g2 = ((g1 >> 46) ^ (g2 << 18));
+ g1 = ((g0 >> 55) ^ (g1 << 9)) & M55;
+ g0 &= M55;
+
ulong[] u = zz;
ulong[] H = new ulong[10];
@@ -343,8 +571,13 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
ImplCompactExt(zz);
}
+#endif
- protected static void ImplMulw(ulong[] u, ulong x, ulong y, ulong[] z, int zOff)
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ private static void ImplMulw(Span<ulong> u, ulong x, ulong y, Span<ulong> z)
+#else
+ private static void ImplMulw(ulong[] u, ulong x, ulong y, ulong[] z, int zOff)
+#endif
{
Debug.Assert(x >> 56 == 0);
Debug.Assert(y >> 56 == 0);
@@ -359,14 +592,14 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
u[7] = u[6] ^ y;
uint j = (uint)x;
- ulong g, h = 0, l = u[j & 3];
+ ulong g, h = 0, l = u[(int)j & 3];
int k = 47;
do
{
j = (uint)(x >> k);
- g = u[j & 7]
- ^ u[(j >> 3) & 7] << 3
- ^ u[(j >> 6) & 7] << 6;
+ g = u[(int)j & 7]
+ ^ u[(int)(j >> 3) & 7] << 3
+ ^ u[(int)(j >> 6) & 7] << 6;
l ^= (g << k);
h ^= (g >> -k);
}
@@ -374,11 +607,20 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
Debug.Assert(h >> 47 == 0);
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ z[0] ^= l & M55;
+ z[1] ^= (l >> 55) ^ (h << 9);
+#else
z[zOff ] = l & M55;
z[zOff + 1] = (l >> 55) ^ (h << 9);
+#endif
}
- protected static void ImplSquare(ulong[] x, ulong[] zz)
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ private static void ImplSquare(ReadOnlySpan<ulong> x, Span<ulong> zz)
+#else
+ private static void ImplSquare(ulong[] x, ulong[] zz)
+#endif
{
#if NETCOREAPP3_0_OR_GREATER
if (Bmi2.X64.IsSupported)
@@ -393,7 +635,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
}
#endif
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Interleave.Expand64To128(x[..3], zz[..6]);
+#else
Interleave.Expand64To128(x, 0, 3, zz, 0);
+#endif
}
}
}
diff --git a/crypto/src/math/ec/custom/sec/SecT163K1Point.cs b/crypto/src/math/ec/custom/sec/SecT163K1Point.cs
index 06855c50c..a93f0882b 100644
--- a/crypto/src/math/ec/custom/sec/SecT163K1Point.cs
+++ b/crypto/src/math/ec/custom/sec/SecT163K1Point.cs
@@ -82,7 +82,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
SecT163FieldElement L1 = (SecT163FieldElement)this.RawYCoord, Z1 = (SecT163FieldElement)this.RawZCoords[0];
SecT163FieldElement L2 = (SecT163FieldElement)b.RawYCoord, Z2 = (SecT163FieldElement)b.RawZCoords[0];
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt0 = stackalloc ulong[6];
+#else
ulong[] tt0 = Nat192.CreateExt64();
+#endif
ulong[] t1 = Nat192.Create64();
ulong[] t2 = Nat192.Create64();
ulong[] t3 = Nat192.Create64();
diff --git a/crypto/src/math/ec/custom/sec/SecT193Field.cs b/crypto/src/math/ec/custom/sec/SecT193Field.cs
index 3d9937f75..b610bf554 100644
--- a/crypto/src/math/ec/custom/sec/SecT193Field.cs
+++ b/crypto/src/math/ec/custom/sec/SecT193Field.cs
@@ -9,12 +9,16 @@ using Org.BouncyCastle.Math.Raw;
namespace Org.BouncyCastle.Math.EC.Custom.Sec
{
- internal class SecT193Field
+ internal static class SecT193Field
{
private const ulong M01 = 1UL;
private const ulong M49 = ulong.MaxValue >> 15;
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Add(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> z)
+#else
public static void Add(ulong[] x, ulong[] y, ulong[] z)
+#endif
{
z[0] = x[0] ^ y[0];
z[1] = x[1] ^ y[1];
@@ -22,7 +26,23 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
z[3] = x[3] ^ y[3];
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void AddBothTo(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> z)
+#else
+ public static void AddBothTo(ulong[] x, ulong[] y, ulong[] z)
+#endif
+ {
+ z[0] ^= x[0] ^ y[0];
+ z[1] ^= x[1] ^ y[1];
+ z[2] ^= x[2] ^ y[2];
+ z[3] ^= x[3] ^ y[3];
+ }
+
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void AddExt(ReadOnlySpan<ulong> xx, ReadOnlySpan<ulong> yy, Span<ulong> zz)
+#else
public static void AddExt(ulong[] xx, ulong[] yy, ulong[] zz)
+#endif
{
zz[0] = xx[0] ^ yy[0];
zz[1] = xx[1] ^ yy[1];
@@ -33,7 +53,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
zz[6] = xx[6] ^ yy[6];
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void AddOne(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void AddOne(ulong[] x, ulong[] z)
+#endif
{
z[0] = x[0] ^ 1UL;
z[1] = x[1];
@@ -41,7 +65,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
z[3] = x[3];
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void AddTo(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void AddTo(ulong[] x, ulong[] z)
+#endif
{
z[0] ^= x[0];
z[1] ^= x[1];
@@ -54,9 +82,17 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
return Nat.FromBigInteger64(193, x);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void HalfTrace(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void HalfTrace(ulong[] x, ulong[] z)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[8];
+#else
ulong[] tt = Nat256.CreateExt64();
+#endif
Nat256.Copy64(x, z);
for (int i = 1; i < 193; i += 2)
@@ -69,15 +105,24 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
}
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Invert(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void Invert(ulong[] x, ulong[] z)
+#endif
{
if (Nat256.IsZero64(x))
throw new InvalidOperationException();
// Itoh-Tsujii inversion with bases { 2, 3 }
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> t0 = stackalloc ulong[4];
+ Span<ulong> t1 = stackalloc ulong[4];
+#else
ulong[] t0 = Nat256.Create64();
ulong[] t1 = Nat256.Create64();
+#endif
Square(x, t0);
@@ -112,21 +157,55 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
Multiply(t0, t1, z);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Multiply(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> z)
+#else
public static void Multiply(ulong[] x, ulong[] y, ulong[] z)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[8];
+#else
ulong[] tt = Nat256.CreateExt64();
+#endif
ImplMultiply(x, y, tt);
Reduce(tt, z);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void MultiplyAddToExt(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> zz)
+#else
public static void MultiplyAddToExt(ulong[] x, ulong[] y, ulong[] zz)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[8];
+#else
ulong[] tt = Nat256.CreateExt64();
+#endif
ImplMultiply(x, y, tt);
AddExt(zz, tt, zz);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void MultiplyExt(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> zz)
+#else
+ public static void MultiplyExt(ulong[] x, ulong[] y, ulong[] zz)
+#endif
+ {
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ zz[..8].Fill(0UL);
+#else
+ Array.Clear(zz, 0, 8);
+#endif
+ ImplMultiply(x, y, zz);
+ }
+
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Reduce(ReadOnlySpan<ulong> xx, Span<ulong> z)
+#else
public static void Reduce(ulong[] xx, ulong[] z)
+#endif
{
ulong x0 = xx[0], x1 = xx[1], x2 = xx[2], x3 = xx[3], x4 = xx[4], x5 = xx[5], x6 = xx[6];
@@ -157,7 +236,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
z[zOff + 3] = z3 & M01;
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Sqrt(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void Sqrt(ulong[] x, ulong[] z)
+#endif
{
ulong c0 = Interleave.Unshuffle(x[0], x[1], out ulong e0);
ulong c1 = Interleave.Unshuffle(x[2] , out ulong e1);
@@ -169,30 +252,58 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
z[3] = (c1 >> 31);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Square(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void Square(ulong[] x, ulong[] z)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[8];
+#else
ulong[] tt = Nat256.CreateExt64();
+#endif
ImplSquare(x, tt);
Reduce(tt, z);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void SquareAddToExt(ReadOnlySpan<ulong> x, Span<ulong> zz)
+#else
public static void SquareAddToExt(ulong[] x, ulong[] zz)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[8];
+#else
ulong[] tt = Nat256.CreateExt64();
+#endif
ImplSquare(x, tt);
AddExt(zz, tt, zz);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void SquareExt(ReadOnlySpan<ulong> x, Span<ulong> zz)
+#else
public static void SquareExt(ulong[] x, ulong[] zz)
+#endif
{
ImplSquare(x, zz);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void SquareN(ReadOnlySpan<ulong> x, int n, Span<ulong> z)
+#else
public static void SquareN(ulong[] x, int n, ulong[] z)
+#endif
{
Debug.Assert(n > 0);
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[8];
+#else
ulong[] tt = Nat256.CreateExt64();
+#endif
ImplSquare(x, tt);
Reduce(tt, z);
@@ -203,13 +314,21 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
}
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static uint Trace(ReadOnlySpan<ulong> x)
+#else
public static uint Trace(ulong[] x)
+#endif
{
// Non-zero-trace bits: 0
return (uint)(x[0]) & 1U;
}
- protected static void ImplCompactExt(ulong[] zz)
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ private static void ImplCompactExt(Span<ulong> zz)
+#else
+ private static void ImplCompactExt(ulong[] zz)
+#endif
{
ulong z0 = zz[0], z1 = zz[1], z2 = zz[2], z3 = zz[3], z4 = zz[4], z5 = zz[5], z6 = zz[6], z7 = zz[7];
zz[0] = z0 ^ (z1 << 49);
@@ -224,7 +343,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
zz[7] = 0;
}
- protected static void ImplExpand(ulong[] x, ulong[] z)
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ private static void ImplExpand(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
+ private static void ImplExpand(ulong[] x, ulong[] z)
+#endif
{
ulong x0 = x[0], x1 = x[1], x2 = x[2], x3 = x[3];
z[0] = x0 & M49;
@@ -233,7 +356,8 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
z[3] = ((x2 >> 19) ^ (x3 << 45));
}
- protected static void ImplMultiply(ulong[] x, ulong[] y, ulong[] zz)
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ private static void ImplMultiply(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> zz)
{
#if NETCOREAPP3_0_OR_GREATER
if (Pclmulqdq.IsSupported)
@@ -277,6 +401,56 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
ulong[] u = new ulong[8];
+ ImplMulwAcc(u, f[0], g[0], zz[0..]);
+ ImplMulwAcc(u, f[1], g[1], zz[1..]);
+ ImplMulwAcc(u, f[2], g[2], zz[2..]);
+ ImplMulwAcc(u, f[3], g[3], zz[3..]);
+
+ // U *= (1 - t^n)
+ for (int i = 5; i > 0; --i)
+ {
+ zz[i] ^= zz[i - 1];
+ }
+
+ ImplMulwAcc(u, f[0] ^ f[1], g[0] ^ g[1], zz[1..]);
+ ImplMulwAcc(u, f[2] ^ f[3], g[2] ^ g[3], zz[3..]);
+
+ // V *= (1 - t^2n)
+ for (int i = 7; i > 1; --i)
+ {
+ zz[i] ^= zz[i - 2];
+ }
+
+ // Double-length recursion
+ {
+ ulong c0 = f[0] ^ f[2], c1 = f[1] ^ f[3];
+ ulong d0 = g[0] ^ g[2], d1 = g[1] ^ g[3];
+ ImplMulwAcc(u, c0 ^ c1, d0 ^ d1, zz[3..]);
+ Span<ulong> t = stackalloc ulong[3];
+ ImplMulwAcc(u, c0, d0, t[0..]);
+ ImplMulwAcc(u, c1, d1, t[1..]);
+ ulong t0 = t[0], t1 = t[1], t2 = t[2];
+ zz[2] ^= t0;
+ zz[3] ^= t0 ^ t1;
+ zz[4] ^= t2 ^ t1;
+ zz[5] ^= t2;
+ }
+
+ ImplCompactExt(zz);
+ }
+#else
+ private static void ImplMultiply(ulong[] x, ulong[] y, ulong[] zz)
+ {
+ /*
+ * "Two-level seven-way recursion" as described in "Batch binary Edwards", Daniel J. Bernstein.
+ */
+
+ ulong[] f = new ulong[4], g = new ulong[4];
+ ImplExpand(x, f);
+ ImplExpand(y, g);
+
+ ulong[] u = new ulong[8];
+
ImplMulwAcc(u, f[0], g[0], zz, 0);
ImplMulwAcc(u, f[1], g[1], zz, 1);
ImplMulwAcc(u, f[2], g[2], zz, 2);
@@ -314,8 +488,13 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
ImplCompactExt(zz);
}
+#endif
- protected static void ImplMulwAcc(ulong[] u, ulong x, ulong y, ulong[] z, int zOff)
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ private static void ImplMulwAcc(Span<ulong> u, ulong x, ulong y, Span<ulong> z)
+#else
+ private static void ImplMulwAcc(ulong[] u, ulong x, ulong y, ulong[] z, int zOff)
+#endif
{
Debug.Assert(x >> 49 == 0);
Debug.Assert(y >> 49 == 0);
@@ -330,17 +509,17 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
u[7] = u[6] ^ y;
uint j = (uint)x;
- ulong g, h = 0, l = u[j & 7]
- ^ (u[(j >> 3) & 7] << 3);
+ ulong g, h = 0, l = u[(int)j & 7]
+ ^ (u[(int)(j >> 3) & 7] << 3);
int k = 36;
do
{
j = (uint)(x >> k);
- g = u[j & 7]
- ^ u[(j >> 3) & 7] << 3
- ^ u[(j >> 6) & 7] << 6
- ^ u[(j >> 9) & 7] << 9
- ^ u[(j >> 12) & 7] << 12;
+ g = u[(int)j & 7]
+ ^ u[(int)(j >> 3) & 7] << 3
+ ^ u[(int)(j >> 6) & 7] << 6
+ ^ u[(int)(j >> 9) & 7] << 9
+ ^ u[(int)(j >> 12) & 7] << 12;
l ^= (g << k);
h ^= (g >> -k);
}
@@ -348,13 +527,22 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
Debug.Assert(h >> 33 == 0);
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ z[0] ^= l & M49;
+ z[1] ^= (l >> 49) ^ (h << 15);
+#else
z[zOff ] ^= l & M49;
z[zOff + 1] ^= (l >> 49) ^ (h << 15);
+#endif
}
- protected static void ImplSquare(ulong[] x, ulong[] zz)
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ private static void ImplSquare(ReadOnlySpan<ulong> x, Span<ulong> zz)
+#else
+ private static void ImplSquare(ulong[] x, ulong[] zz)
+#endif
{
- zz[6] = (x[3] & M01);
+ zz[6] = x[3] & M01;
#if NETCOREAPP3_0_OR_GREATER
if (Bmi2.X64.IsSupported)
@@ -369,7 +557,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
}
#endif
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Interleave.Expand64To128(x[..3], zz[..6]);
+#else
Interleave.Expand64To128(x, 0, 3, zz, 0);
+#endif
}
}
}
diff --git a/crypto/src/math/ec/custom/sec/SecT233Field.cs b/crypto/src/math/ec/custom/sec/SecT233Field.cs
index 1e65b6112..00bbc0635 100644
--- a/crypto/src/math/ec/custom/sec/SecT233Field.cs
+++ b/crypto/src/math/ec/custom/sec/SecT233Field.cs
@@ -1,6 +1,7 @@
using System;
using System.Diagnostics;
#if NETCOREAPP3_0_OR_GREATER
+using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Runtime.Intrinsics;
using System.Runtime.Intrinsics.X86;
@@ -119,8 +120,8 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
// Itoh-Tsujii inversion
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
- Span<ulong> t0 = stackalloc ulong[8];
- Span<ulong> t1 = stackalloc ulong[8];
+ Span<ulong> t0 = stackalloc ulong[4];
+ Span<ulong> t1 = stackalloc ulong[4];
#else
ulong[] t0 = Nat256.Create64();
ulong[] t1 = Nat256.Create64();
@@ -377,7 +378,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
private static void ImplMultiply(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> zz)
{
#if NETCOREAPP3_0_OR_GREATER
- if (Pclmulqdq.IsSupported)
+ if (Pclmulqdq.IsSupported && BitConverter.IsLittleEndian && Unsafe.SizeOf<Vector128<ulong>>() == 16)
{
var X01 = Vector128.Create(x[0], x[1]);
var X23 = Vector128.Create(x[2], x[3]);
@@ -461,7 +462,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
ulong c0 = f[0] ^ f[2], c1 = f[1] ^ f[3];
ulong d0 = g[0] ^ g[2], d1 = g[1] ^ g[3];
ImplMulwAcc(u, c0 ^ c1, d0 ^ d1, zz[3..]);
- ulong[] t = new ulong[3];
+ Span<ulong> t = stackalloc ulong[3];
ImplMulwAcc(u, c0, d0, t[0..]);
ImplMulwAcc(u, c1, d1, t[1..]);
ulong t0 = t[0], t1 = t[1], t2 = t[2];
@@ -577,14 +578,15 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
#if NETCOREAPP3_0_OR_GREATER
if (Bmi2.X64.IsSupported)
{
- zz[7] = Bmi2.X64.ParallelBitDeposit(x[3] >> 32, 0x5555555555555555UL);
- zz[6] = Bmi2.X64.ParallelBitDeposit(x[3] , 0x5555555555555555UL);
- zz[5] = Bmi2.X64.ParallelBitDeposit(x[2] >> 32, 0x5555555555555555UL);
- zz[4] = Bmi2.X64.ParallelBitDeposit(x[2] , 0x5555555555555555UL);
- zz[3] = Bmi2.X64.ParallelBitDeposit(x[1] >> 32, 0x5555555555555555UL);
- zz[2] = Bmi2.X64.ParallelBitDeposit(x[1] , 0x5555555555555555UL);
- zz[1] = Bmi2.X64.ParallelBitDeposit(x[0] >> 32, 0x5555555555555555UL);
- zz[0] = Bmi2.X64.ParallelBitDeposit(x[0] , 0x5555555555555555UL);
+ ulong x0 = x[0], x1 = x[1], x2 = x[2], x3 = x[3];
+ zz[7] = Bmi2.X64.ParallelBitDeposit(x3 >> 32, 0x5555555555555555UL);
+ zz[6] = Bmi2.X64.ParallelBitDeposit(x3 , 0x5555555555555555UL);
+ zz[5] = Bmi2.X64.ParallelBitDeposit(x2 >> 32, 0x5555555555555555UL);
+ zz[4] = Bmi2.X64.ParallelBitDeposit(x2 , 0x5555555555555555UL);
+ zz[3] = Bmi2.X64.ParallelBitDeposit(x1 >> 32, 0x5555555555555555UL);
+ zz[2] = Bmi2.X64.ParallelBitDeposit(x1 , 0x5555555555555555UL);
+ zz[1] = Bmi2.X64.ParallelBitDeposit(x0 >> 32, 0x5555555555555555UL);
+ zz[0] = Bmi2.X64.ParallelBitDeposit(x0 , 0x5555555555555555UL);
return;
}
#endif
diff --git a/crypto/src/math/ec/custom/sec/SecT233K1Point.cs b/crypto/src/math/ec/custom/sec/SecT233K1Point.cs
index 0ed107d49..6599c1cc6 100644
--- a/crypto/src/math/ec/custom/sec/SecT233K1Point.cs
+++ b/crypto/src/math/ec/custom/sec/SecT233K1Point.cs
@@ -82,7 +82,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
SecT233FieldElement L1 = (SecT233FieldElement)this.RawYCoord, Z1 = (SecT233FieldElement)this.RawZCoords[0];
SecT233FieldElement L2 = (SecT233FieldElement)b.RawYCoord, Z2 = (SecT233FieldElement)b.RawZCoords[0];
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt0 = stackalloc ulong[8];
+#else
ulong[] tt0 = Nat256.CreateExt64();
+#endif
ulong[] t1 = Nat256.Create64();
ulong[] t2 = Nat256.Create64();
ulong[] t3 = Nat256.Create64();
diff --git a/crypto/src/math/ec/custom/sec/SecT233R1Point.cs b/crypto/src/math/ec/custom/sec/SecT233R1Point.cs
index 44441b22a..c3a51a8bb 100644
--- a/crypto/src/math/ec/custom/sec/SecT233R1Point.cs
+++ b/crypto/src/math/ec/custom/sec/SecT233R1Point.cs
@@ -177,7 +177,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
SecT233FieldElement L1 = (SecT233FieldElement)this.RawYCoord, Z1 = (SecT233FieldElement)this.RawZCoords[0];
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt0 = stackalloc ulong[8];
+#else
ulong[] tt0 = Nat256.CreateExt64();
+#endif
ulong[] _X3 = Nat256.Create64();
ulong[] _L3 = Nat256.Create64();
ulong[] _Z3 = Nat256.Create64();
@@ -198,24 +202,28 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
}
else
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> t1 = stackalloc ulong[4];
+#else
ulong[] t1 = Nat256.Create64();
- ulong[] t2 = Nat256.Create64();
+#endif
SecT233Field.Multiply(L1.x, Z1.x, t1); // L1Z1
SecT233Field.Square(Z1.x, tt0); // Z1Sq
- SecT233Field.Square(L1.x, t2);
- SecT233Field.AddBothTo(t1, tt0, t2); // T
+ SecT233Field.Square(L1.x, _X3);
+ SecT233Field.AddBothTo(t1, tt0, _X3); // T
- if (Nat256.IsZero64(t2))
- return new SecT233R1Point(curve, new SecT233FieldElement(t2), curve.B.Sqrt());
+ if (Nat256.IsZero64(_X3))
+ return new SecT233R1Point(curve, new SecT233FieldElement(_X3), curve.B.Sqrt());
- SecT233Field.Square(t2, _X3);
- SecT233Field.Multiply(t2, tt0, _Z3);
+ SecT233Field.Multiply(_X3, tt0, _Z3);
SecT233Field.Multiply(X1.x, Z1.x, tt0); // X1Z1
SecT233Field.SquareExt(tt0, tt0);
- SecT233Field.MultiplyAddToExt(t2, t1, tt0);
+ SecT233Field.MultiplyAddToExt(_X3, t1, tt0);
+
+ SecT233Field.Square(_X3, _X3);
}
SecT233Field.Reduce(tt0, _L3);
diff --git a/crypto/src/math/ec/custom/sec/SecT239Field.cs b/crypto/src/math/ec/custom/sec/SecT239Field.cs
index d48e1ec2b..b90867b76 100644
--- a/crypto/src/math/ec/custom/sec/SecT239Field.cs
+++ b/crypto/src/math/ec/custom/sec/SecT239Field.cs
@@ -11,12 +11,16 @@ using Org.BouncyCastle.Math.Raw;
namespace Org.BouncyCastle.Math.EC.Custom.Sec
{
- internal class SecT239Field
+ internal static class SecT239Field
{
private const ulong M47 = ulong.MaxValue >> 17;
private const ulong M60 = ulong.MaxValue >> 4;
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Add(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> z)
+#else
public static void Add(ulong[] x, ulong[] y, ulong[] z)
+#endif
{
z[0] = x[0] ^ y[0];
z[1] = x[1] ^ y[1];
@@ -24,7 +28,23 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
z[3] = x[3] ^ y[3];
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void AddBothTo(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> z)
+#else
+ public static void AddBothTo(ulong[] x, ulong[] y, ulong[] z)
+#endif
+ {
+ z[0] ^= x[0] ^ y[0];
+ z[1] ^= x[1] ^ y[1];
+ z[2] ^= x[2] ^ y[2];
+ z[3] ^= x[3] ^ y[3];
+ }
+
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void AddExt(ReadOnlySpan<ulong> xx, ReadOnlySpan<ulong> yy, Span<ulong> zz)
+#else
public static void AddExt(ulong[] xx, ulong[] yy, ulong[] zz)
+#endif
{
zz[0] = xx[0] ^ yy[0];
zz[1] = xx[1] ^ yy[1];
@@ -36,7 +56,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
zz[7] = xx[7] ^ yy[7];
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void AddOne(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void AddOne(ulong[] x, ulong[] z)
+#endif
{
z[0] = x[0] ^ 1UL;
z[1] = x[1];
@@ -44,7 +68,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
z[3] = x[3];
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void AddTo(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void AddTo(ulong[] x, ulong[] z)
+#endif
{
z[0] ^= x[0];
z[1] ^= x[1];
@@ -57,9 +85,17 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
return Nat.FromBigInteger64(239, x);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void HalfTrace(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void HalfTrace(ulong[] x, ulong[] z)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[8];
+#else
ulong[] tt = Nat256.CreateExt64();
+#endif
Nat256.Copy64(x, z);
for (int i = 1; i < 239; i += 2)
@@ -72,15 +108,24 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
}
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Invert(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void Invert(ulong[] x, ulong[] z)
+#endif
{
if (Nat256.IsZero64(x))
throw new InvalidOperationException();
// Itoh-Tsujii inversion
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> t0 = stackalloc ulong[4];
+ Span<ulong> t1 = stackalloc ulong[4];
+#else
ulong[] t0 = Nat256.Create64();
ulong[] t1 = Nat256.Create64();
+#endif
Square(x, t0);
Multiply(t0, x, t0);
@@ -109,21 +154,55 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
Square(t0, z);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Multiply(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> z)
+#else
public static void Multiply(ulong[] x, ulong[] y, ulong[] z)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[8];
+#else
ulong[] tt = Nat256.CreateExt64();
+#endif
ImplMultiply(x, y, tt);
Reduce(tt, z);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void MultiplyAddToExt(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> zz)
+#else
public static void MultiplyAddToExt(ulong[] x, ulong[] y, ulong[] zz)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[8];
+#else
ulong[] tt = Nat256.CreateExt64();
+#endif
ImplMultiply(x, y, tt);
AddExt(zz, tt, zz);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void MultiplyExt(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> zz)
+#else
+ public static void MultiplyExt(ulong[] x, ulong[] y, ulong[] zz)
+#endif
+ {
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ zz[..8].Fill(0UL);
+#else
+ Array.Clear(zz, 0, 8);
+#endif
+ ImplMultiply(x, y, zz);
+ }
+
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Reduce(ReadOnlySpan<ulong> xx, Span<ulong> z)
+#else
public static void Reduce(ulong[] xx, ulong[] z)
+#endif
{
ulong x0 = xx[0], x1 = xx[1], x2 = xx[2], x3 = xx[3];
ulong x4 = xx[4], x5 = xx[5], x6 = xx[6], x7 = xx[7];
@@ -163,7 +242,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
z[zOff + 3] = z3 & M47;
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Sqrt(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void Sqrt(ulong[] x, ulong[] z)
+#endif
{
ulong c0 = Interleave.Unshuffle(x[0], x[1], out ulong e0);
ulong c1 = Interleave.Unshuffle(x[2], x[3], out ulong e1);
@@ -173,9 +256,14 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
c2 = (c0 >> 49) | (c1 << 15);
c1 ^= (c0 << 15);
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[8];
+ Span<int> shifts = stackalloc int[] { 39, 120 };
+#else
ulong[] tt = Nat256.CreateExt64();
-
int[] shifts = { 39, 120 };
+#endif
+
for (int i = 0; i < shifts.Length; ++i)
{
int w = shifts[i] >> 6, s = shifts[i] & 63;
@@ -193,30 +281,58 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
z[1] ^= e1;
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Square(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void Square(ulong[] x, ulong[] z)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[8];
+#else
ulong[] tt = Nat256.CreateExt64();
+#endif
ImplSquare(x, tt);
Reduce(tt, z);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void SquareAddToExt(ReadOnlySpan<ulong> x, Span<ulong> zz)
+#else
public static void SquareAddToExt(ulong[] x, ulong[] zz)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[8];
+#else
ulong[] tt = Nat256.CreateExt64();
+#endif
ImplSquare(x, tt);
AddExt(zz, tt, zz);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void SquareExt(ReadOnlySpan<ulong> x, Span<ulong> zz)
+#else
public static void SquareExt(ulong[] x, ulong[] zz)
+#endif
{
ImplSquare(x, zz);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void SquareN(ReadOnlySpan<ulong> x, int n, Span<ulong> z)
+#else
public static void SquareN(ulong[] x, int n, ulong[] z)
+#endif
{
Debug.Assert(n > 0);
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[8];
+#else
ulong[] tt = Nat256.CreateExt64();
+#endif
ImplSquare(x, tt);
Reduce(tt, z);
@@ -227,13 +343,21 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
}
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static uint Trace(ReadOnlySpan<ulong> x)
+#else
public static uint Trace(ulong[] x)
+#endif
{
// Non-zero-trace bits: 0, 81, 162
return (uint)(x[0] ^ (x[1] >> 17) ^ (x[2] >> 34)) & 1U;
}
- protected static void ImplCompactExt(ulong[] zz)
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ private static void ImplCompactExt(Span<ulong> zz)
+#else
+ private static void ImplCompactExt(ulong[] zz)
+#endif
{
ulong z0 = zz[0], z1 = zz[1], z2 = zz[2], z3 = zz[3], z4 = zz[4], z5 = zz[5], z6 = zz[6], z7 = zz[7];
zz[0] = z0 ^ (z1 << 60);
@@ -246,7 +370,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
zz[7] = (z7 >> 28);
}
- protected static void ImplExpand(ulong[] x, ulong[] z)
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ private static void ImplExpand(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
+ private static void ImplExpand(ulong[] x, ulong[] z)
+#endif
{
ulong x0 = x[0], x1 = x[1], x2 = x[2], x3 = x[3];
z[0] = x0 & M60;
@@ -255,10 +383,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
z[3] = ((x2 >> 52) ^ (x3 << 12));
}
- protected static void ImplMultiply(ulong[] x, ulong[] y, ulong[] zz)
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ private static void ImplMultiply(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> zz)
{
#if NETCOREAPP3_0_OR_GREATER
- if (Pclmulqdq.IsSupported)
+ if (Pclmulqdq.IsSupported && BitConverter.IsLittleEndian && Unsafe.SizeOf<Vector128<ulong>>() == 16)
{
var X01 = Vector128.Create(x[0], x[1]);
var X23 = Vector128.Create(x[2], x[3]);
@@ -272,35 +401,37 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
Pclmulqdq.CarrylessMultiply(X01, Y01, 0x10));
var Z23 = Pclmulqdq.CarrylessMultiply(X01, Y01, 0x11);
+ Z01 = Sse2.Xor(Z01, Sse2.ShiftLeftLogical128BitLane (Z12, 8));
+ Z23 = Sse2.Xor(Z23, Sse2.ShiftRightLogical128BitLane(Z12, 8));
+
var Z45 = Pclmulqdq.CarrylessMultiply(X23, Y23, 0x00);
var Z56 = Sse2.Xor(Pclmulqdq.CarrylessMultiply(X23, Y23, 0x01),
Pclmulqdq.CarrylessMultiply(X23, Y23, 0x10));
var Z67 = Pclmulqdq.CarrylessMultiply(X23, Y23, 0x11);
+ Z45 = Sse2.Xor(Z45, Sse2.ShiftLeftLogical128BitLane (Z56, 8));
+ Z67 = Sse2.Xor(Z67, Sse2.ShiftRightLogical128BitLane(Z56, 8));
+
var K01 = Pclmulqdq.CarrylessMultiply(X03, Y03, 0x00);
var K12 = Sse2.Xor(Pclmulqdq.CarrylessMultiply(X03, Y03, 0x01),
Pclmulqdq.CarrylessMultiply(X03, Y03, 0x10));
var K23 = Pclmulqdq.CarrylessMultiply(X03, Y03, 0x11);
- K01 = Sse2.Xor(K01, Z01);
- K12 = Sse2.Xor(K12, Z12);
- K23 = Sse2.Xor(K23, Z23);
+ var T = Sse2.Xor(Z23, Z45);
- K01 = Sse2.Xor(K01, Z45);
- K12 = Sse2.Xor(K12, Z56);
- K23 = Sse2.Xor(K23, Z67);
+ Z23 = Sse2.Xor(T, Z01);
+ Z45 = Sse2.Xor(T, Z67);
Z23 = Sse2.Xor(Z23, K01);
+ Z23 = Sse2.Xor(Z23, Sse2.ShiftLeftLogical128BitLane (K12, 8));
+ Z45 = Sse2.Xor(Z45, Sse2.ShiftRightLogical128BitLane(K12, 8));
Z45 = Sse2.Xor(Z45, K23);
- zz[0] = Z01.GetElement(0);
- zz[1] = Z01.GetElement(1) ^ Z12.GetElement(0);
- zz[2] = Z23.GetElement(0) ^ Z12.GetElement(1);
- zz[3] = Z23.GetElement(1) ^ K12.GetElement(0);
- zz[4] = Z45.GetElement(0) ^ K12.GetElement(1);
- zz[5] = Z45.GetElement(1) ^ Z56.GetElement(0);
- zz[6] = Z67.GetElement(0) ^ Z56.GetElement(1);
- zz[7] = Z67.GetElement(1);
+ Span<byte> zzBytes = MemoryMarshal.AsBytes(zz);
+ MemoryMarshal.Write(zzBytes[0x00..0x10], ref Z01);
+ MemoryMarshal.Write(zzBytes[0x10..0x20], ref Z23);
+ MemoryMarshal.Write(zzBytes[0x20..0x30], ref Z45);
+ MemoryMarshal.Write(zzBytes[0x30..0x40], ref Z67);
return;
}
#endif
@@ -309,6 +440,56 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
* "Two-level seven-way recursion" as described in "Batch binary Edwards", Daniel J. Bernstein.
*/
+ Span<ulong> f = stackalloc ulong[4], g = stackalloc ulong[4];
+ ImplExpand(x, f);
+ ImplExpand(y, g);
+
+ Span<ulong> u = stackalloc ulong[8];
+
+ ImplMulwAcc(u, f[0], g[0], zz[0..]);
+ ImplMulwAcc(u, f[1], g[1], zz[1..]);
+ ImplMulwAcc(u, f[2], g[2], zz[2..]);
+ ImplMulwAcc(u, f[3], g[3], zz[3..]);
+
+ // U *= (1 - t^n)
+ for (int i = 5; i > 0; --i)
+ {
+ zz[i] ^= zz[i - 1];
+ }
+
+ ImplMulwAcc(u, f[0] ^ f[1], g[0] ^ g[1], zz[1..]);
+ ImplMulwAcc(u, f[2] ^ f[3], g[2] ^ g[3], zz[3..]);
+
+ // V *= (1 - t^2n)
+ for (int i = 7; i > 1; --i)
+ {
+ zz[i] ^= zz[i - 2];
+ }
+
+ // Double-length recursion
+ {
+ ulong c0 = f[0] ^ f[2], c1 = f[1] ^ f[3];
+ ulong d0 = g[0] ^ g[2], d1 = g[1] ^ g[3];
+ ImplMulwAcc(u, c0 ^ c1, d0 ^ d1, zz[3..]);
+ Span<ulong> t = stackalloc ulong[3];
+ ImplMulwAcc(u, c0, d0, t[0..]);
+ ImplMulwAcc(u, c1, d1, t[1..]);
+ ulong t0 = t[0], t1 = t[1], t2 = t[2];
+ zz[2] ^= t0;
+ zz[3] ^= t0 ^ t1;
+ zz[4] ^= t2 ^ t1;
+ zz[5] ^= t2;
+ }
+
+ ImplCompactExt(zz);
+ }
+#else
+ private static void ImplMultiply(ulong[] x, ulong[] y, ulong[] zz)
+ {
+ /*
+ * "Two-level seven-way recursion" as described in "Batch binary Edwards", Daniel J. Bernstein.
+ */
+
ulong[] f = new ulong[4], g = new ulong[4];
ImplExpand(x, f);
ImplExpand(y, g);
@@ -352,8 +533,13 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
ImplCompactExt(zz);
}
+#endif
- protected static void ImplMulwAcc(ulong[] u, ulong x, ulong y, ulong[] z, int zOff)
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ private static void ImplMulwAcc(Span<ulong> u, ulong x, ulong y, Span<ulong> z)
+#else
+ private static void ImplMulwAcc(ulong[] u, ulong x, ulong y, ulong[] z, int zOff)
+#endif
{
Debug.Assert(x >> 60 == 0);
Debug.Assert(y >> 60 == 0);
@@ -368,14 +554,14 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
u[7] = u[6] ^ y;
uint j = (uint)x;
- ulong g, h = 0, l = u[j & 7]
- ^ (u[(j >> 3) & 7] << 3);
+ ulong g, h = 0, l = u[(int)j & 7]
+ ^ (u[(int)(j >> 3) & 7] << 3);
int k = 54;
do
{
j = (uint)(x >> k);
- g = u[j & 7]
- ^ u[(j >> 3) & 7] << 3;
+ g = u[(int)j & 7]
+ ^ u[(int)(j >> 3) & 7] << 3;
l ^= (g << k);
h ^= (g >> -k);
}
@@ -385,28 +571,42 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
Debug.Assert(h >> 55 == 0);
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ z[0] ^= l & M60;
+ z[1] ^= (l >> 60) ^ (h << 4);
+#else
z[zOff ] ^= l & M60;
z[zOff + 1] ^= (l >> 60) ^ (h << 4);
+#endif
}
- protected static void ImplSquare(ulong[] x, ulong[] zz)
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ private static void ImplSquare(ReadOnlySpan<ulong> x, Span<ulong> zz)
+#else
+ private static void ImplSquare(ulong[] x, ulong[] zz)
+#endif
{
#if NETCOREAPP3_0_OR_GREATER
if (Bmi2.X64.IsSupported)
{
- zz[7] = Bmi2.X64.ParallelBitDeposit(x[3] >> 32, 0x5555555555555555UL);
- zz[6] = Bmi2.X64.ParallelBitDeposit(x[3] , 0x5555555555555555UL);
- zz[5] = Bmi2.X64.ParallelBitDeposit(x[2] >> 32, 0x5555555555555555UL);
- zz[4] = Bmi2.X64.ParallelBitDeposit(x[2] , 0x5555555555555555UL);
- zz[3] = Bmi2.X64.ParallelBitDeposit(x[1] >> 32, 0x5555555555555555UL);
- zz[2] = Bmi2.X64.ParallelBitDeposit(x[1] , 0x5555555555555555UL);
- zz[1] = Bmi2.X64.ParallelBitDeposit(x[0] >> 32, 0x5555555555555555UL);
- zz[0] = Bmi2.X64.ParallelBitDeposit(x[0] , 0x5555555555555555UL);
+ ulong x0 = x[0], x1 = x[1], x2 = x[2], x3 = x[3];
+ zz[7] = Bmi2.X64.ParallelBitDeposit(x3 >> 32, 0x5555555555555555UL);
+ zz[6] = Bmi2.X64.ParallelBitDeposit(x3 , 0x5555555555555555UL);
+ zz[5] = Bmi2.X64.ParallelBitDeposit(x2 >> 32, 0x5555555555555555UL);
+ zz[4] = Bmi2.X64.ParallelBitDeposit(x2 , 0x5555555555555555UL);
+ zz[3] = Bmi2.X64.ParallelBitDeposit(x1 >> 32, 0x5555555555555555UL);
+ zz[2] = Bmi2.X64.ParallelBitDeposit(x1 , 0x5555555555555555UL);
+ zz[1] = Bmi2.X64.ParallelBitDeposit(x0 >> 32, 0x5555555555555555UL);
+ zz[0] = Bmi2.X64.ParallelBitDeposit(x0 , 0x5555555555555555UL);
return;
}
#endif
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Interleave.Expand64To128(x[..4], zz[..8]);
+#else
Interleave.Expand64To128(x, 0, 4, zz, 0);
+#endif
}
}
}
diff --git a/crypto/src/math/ec/custom/sec/SecT239K1Point.cs b/crypto/src/math/ec/custom/sec/SecT239K1Point.cs
index a57519d2b..36056744a 100644
--- a/crypto/src/math/ec/custom/sec/SecT239K1Point.cs
+++ b/crypto/src/math/ec/custom/sec/SecT239K1Point.cs
@@ -82,7 +82,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
SecT239FieldElement L1 = (SecT239FieldElement)this.RawYCoord, Z1 = (SecT239FieldElement)this.RawZCoords[0];
SecT239FieldElement L2 = (SecT239FieldElement)b.RawYCoord, Z2 = (SecT239FieldElement)b.RawZCoords[0];
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt0 = stackalloc ulong[8];
+#else
ulong[] tt0 = Nat256.CreateExt64();
+#endif
ulong[] t1 = Nat256.Create64();
ulong[] t2 = Nat256.Create64();
ulong[] t3 = Nat256.Create64();
diff --git a/crypto/src/math/ec/custom/sec/SecT283Field.cs b/crypto/src/math/ec/custom/sec/SecT283Field.cs
index 332e47afe..498a72c81 100644
--- a/crypto/src/math/ec/custom/sec/SecT283Field.cs
+++ b/crypto/src/math/ec/custom/sec/SecT283Field.cs
@@ -1,6 +1,8 @@
using System;
using System.Diagnostics;
#if NETCOREAPP3_0_OR_GREATER
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
using System.Runtime.Intrinsics;
using System.Runtime.Intrinsics.X86;
#endif
@@ -9,7 +11,7 @@ using Org.BouncyCastle.Math.Raw;
namespace Org.BouncyCastle.Math.EC.Custom.Sec
{
- internal class SecT283Field
+ internal static class SecT283Field
{
private const ulong M27 = ulong.MaxValue >> 37;
private const ulong M57 = ulong.MaxValue >> 7;
@@ -17,7 +19,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
private static readonly ulong[] ROOT_Z = new ulong[]{ 0x0C30C30C30C30808UL, 0x30C30C30C30C30C3UL,
0x820820820820830CUL, 0x0820820820820820UL, 0x2082082UL };
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Add(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> z)
+#else
public static void Add(ulong[] x, ulong[] y, ulong[] z)
+#endif
{
z[0] = x[0] ^ y[0];
z[1] = x[1] ^ y[1];
@@ -26,7 +32,24 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
z[4] = x[4] ^ y[4];
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void AddBothTo(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> z)
+#else
+ public static void AddBothTo(ulong[] x, ulong[] y, ulong[] z)
+#endif
+ {
+ z[0] ^= x[0] ^ y[0];
+ z[1] ^= x[1] ^ y[1];
+ z[2] ^= x[2] ^ y[2];
+ z[3] ^= x[3] ^ y[3];
+ z[4] ^= x[4] ^ y[4];
+ }
+
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void AddExt(ReadOnlySpan<ulong> xx, ReadOnlySpan<ulong> yy, Span<ulong> zz)
+#else
public static void AddExt(ulong[] xx, ulong[] yy, ulong[] zz)
+#endif
{
zz[0] = xx[0] ^ yy[0];
zz[1] = xx[1] ^ yy[1];
@@ -39,7 +62,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
zz[8] = xx[8] ^ yy[8];
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void AddOne(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void AddOne(ulong[] x, ulong[] z)
+#endif
{
z[0] = x[0] ^ 1UL;
z[1] = x[1];
@@ -48,7 +75,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
z[4] = x[4];
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void AddTo(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void AddTo(ulong[] x, ulong[] z)
+#endif
{
z[0] ^= x[0];
z[1] ^= x[1];
@@ -62,9 +93,17 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
return Nat.FromBigInteger64(283, x);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void HalfTrace(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void HalfTrace(ulong[] x, ulong[] z)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[9];
+#else
ulong[] tt = Nat.Create64(9);
+#endif
Nat320.Copy64(x, z);
for (int i = 1; i < 283; i += 2)
@@ -77,15 +116,24 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
}
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Invert(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void Invert(ulong[] x, ulong[] z)
+#endif
{
if (Nat320.IsZero64(x))
throw new InvalidOperationException();
// Itoh-Tsujii inversion
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> t0 = stackalloc ulong[5];
+ Span<ulong> t1 = stackalloc ulong[5];
+#else
ulong[] t0 = Nat320.Create64();
ulong[] t1 = Nat320.Create64();
+#endif
Square(x, t0);
Multiply(t0, x, t0);
@@ -112,21 +160,55 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
Square(t1, z);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Multiply(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> z)
+#else
public static void Multiply(ulong[] x, ulong[] y, ulong[] z)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[10];
+#else
ulong[] tt = Nat320.CreateExt64();
+#endif
ImplMultiply(x, y, tt);
Reduce(tt, z);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void MultiplyAddToExt(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> zz)
+#else
public static void MultiplyAddToExt(ulong[] x, ulong[] y, ulong[] zz)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[10];
+#else
ulong[] tt = Nat320.CreateExt64();
+#endif
ImplMultiply(x, y, tt);
AddExt(zz, tt, zz);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void MultiplyExt(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> zz)
+#else
+ public static void MultiplyExt(ulong[] x, ulong[] y, ulong[] zz)
+#endif
+ {
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ zz[..10].Fill(0UL);
+#else
+ Array.Clear(zz, 0, 10);
+#endif
+ ImplMultiply(x, y, zz);
+ }
+
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Reduce(ReadOnlySpan<ulong> xx, Span<ulong> z)
+#else
public static void Reduce(ulong[] xx, ulong[] z)
+#endif
{
ulong x0 = xx[0], x1 = xx[1], x2 = xx[2], x3 = xx[3], x4 = xx[4];
ulong x5 = xx[5], x6 = xx[6], x7 = xx[7], x8 = xx[8];
@@ -158,9 +240,17 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
z[zOff + 4] = z4 & M27;
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Sqrt(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void Sqrt(ulong[] x, ulong[] z)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> odd = stackalloc ulong[5];
+#else
ulong[] odd = Nat320.Create64();
+#endif
odd[0] = Interleave.Unshuffle(x[0], x[1], out ulong e0);
odd[1] = Interleave.Unshuffle(x[2], x[3], out ulong e1);
@@ -173,30 +263,58 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
z[2] ^= e2;
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Square(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void Square(ulong[] x, ulong[] z)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[9];
+#else
ulong[] tt = Nat.Create64(9);
+#endif
ImplSquare(x, tt);
Reduce(tt, z);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void SquareAddToExt(ReadOnlySpan<ulong> x, Span<ulong> zz)
+#else
public static void SquareAddToExt(ulong[] x, ulong[] zz)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[9];
+#else
ulong[] tt = Nat.Create64(9);
+#endif
ImplSquare(x, tt);
AddExt(zz, tt, zz);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void SquareExt(ReadOnlySpan<ulong> x, Span<ulong> zz)
+#else
public static void SquareExt(ulong[] x, ulong[] zz)
+#endif
{
ImplSquare(x, zz);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void SquareN(ReadOnlySpan<ulong> x, int n, Span<ulong> z)
+#else
public static void SquareN(ulong[] x, int n, ulong[] z)
+#endif
{
Debug.Assert(n > 0);
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[9];
+#else
ulong[] tt = Nat.Create64(9);
+#endif
ImplSquare(x, tt);
Reduce(tt, z);
@@ -207,13 +325,21 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
}
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static uint Trace(ReadOnlySpan<ulong> x)
+#else
public static uint Trace(ulong[] x)
+#endif
{
// Non-zero-trace bits: 0, 271
return (uint)(x[0] ^ (x[4] >> 15)) & 1U;
}
- protected static void ImplCompactExt(ulong[] zz)
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ private static void ImplCompactExt(Span<ulong> zz)
+#else
+ private static void ImplCompactExt(ulong[] zz)
+#endif
{
ulong z0 = zz[0], z1 = zz[1], z2 = zz[2], z3 = zz[3], z4 = zz[4];
ulong z5 = zz[5], z6 = zz[6], z7 = zz[7], z8 = zz[8], z9 = zz[9];
@@ -229,7 +355,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
zz[9] = (z9 >> 63); // Zero!
}
- protected static void ImplExpand(ulong[] x, ulong[] z)
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ private static void ImplExpand(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
+ private static void ImplExpand(ulong[] x, ulong[] z)
+#endif
{
ulong x0 = x[0], x1 = x[1], x2 = x[2], x3 = x[3], x4 = x[4];
z[0] = x0 & M57;
@@ -239,7 +369,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
z[4] = ((x3 >> 36) ^ (x4 << 28));
}
- //protected static void AddMs(ulong[] zz, int zOff, ulong[] p, params int[] ms)
+ //private static void AddMs(ulong[] zz, int zOff, ulong[] p, params int[] ms)
//{
// ulong t0 = 0, t1 = 0;
// foreach (int m in ms)
@@ -252,10 +382,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
// zz[zOff + 1] ^= t1;
//}
- protected static void ImplMultiply(ulong[] x, ulong[] y, ulong[] zz)
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ private static void ImplMultiply(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> zz)
{
#if NETCOREAPP3_0_OR_GREATER
- if (Pclmulqdq.IsSupported)
+ if (Pclmulqdq.IsSupported && BitConverter.IsLittleEndian && Unsafe.SizeOf<Vector128<ulong>>() == 16)
{
var X01 = Vector128.Create(x[0], x[1]);
var X23 = Vector128.Create(x[2], x[3]);
@@ -290,16 +421,24 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
Pclmulqdq.CarrylessMultiply(X4_, Y23, 0x10));
var Z89 = Pclmulqdq.CarrylessMultiply(X4_, Y4_, 0x00);
- zz[0] = Z01.GetElement(0);
- zz[1] = Z01.GetElement(1) ^ Z12.GetElement(0);
- zz[2] = Z23.GetElement(0) ^ Z12.GetElement(1);
- zz[3] = Z23.GetElement(1) ^ Z34.GetElement(0);
- zz[4] = Z45.GetElement(0) ^ Z34.GetElement(1);
- zz[5] = Z45.GetElement(1) ^ Z56.GetElement(0);
- zz[6] = Z67.GetElement(0) ^ Z56.GetElement(1);
- zz[7] = Z67.GetElement(1) ^ Z78.GetElement(0);
- zz[8] = Z89.GetElement(0) ^ Z78.GetElement(1);
- zz[9] = Z89.GetElement(1);
+ Z01 = Sse2.Xor(Z01, Sse2.ShiftLeftLogical128BitLane (Z12, 8));
+ Z23 = Sse2.Xor(Z23, Sse2.ShiftRightLogical128BitLane(Z12, 8));
+
+ Z23 = Sse2.Xor(Z23, Sse2.ShiftLeftLogical128BitLane (Z34, 8));
+ Z45 = Sse2.Xor(Z45, Sse2.ShiftRightLogical128BitLane(Z34, 8));
+
+ Z45 = Sse2.Xor(Z45, Sse2.ShiftLeftLogical128BitLane (Z56, 8));
+ Z67 = Sse2.Xor(Z67, Sse2.ShiftRightLogical128BitLane(Z56, 8));
+
+ Z67 = Sse2.Xor(Z67, Sse2.ShiftLeftLogical128BitLane (Z78, 8));
+ Z89 = Sse2.Xor(Z89, Sse2.ShiftRightLogical128BitLane(Z78, 8));
+
+ Span<byte> zzBytes = MemoryMarshal.AsBytes(zz);
+ MemoryMarshal.Write(zzBytes[0x00..0x10], ref Z01);
+ MemoryMarshal.Write(zzBytes[0x10..0x20], ref Z23);
+ MemoryMarshal.Write(zzBytes[0x20..0x30], ref Z45);
+ MemoryMarshal.Write(zzBytes[0x30..0x40], ref Z67);
+ MemoryMarshal.Write(zzBytes[0x40..0x50], ref Z89);
return;
}
#endif
@@ -314,6 +453,131 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
ImplExpand(x, a);
ImplExpand(y, b);
+ Span<ulong> u = zz;
+ Span<ulong> p = stackalloc ulong[26];
+
+ ImplMulw(u, a[0], b[0], p[0..]); // m1
+ ImplMulw(u, a[1], b[1], p[2..]); // m2
+ ImplMulw(u, a[2], b[2], p[4..]); // m3
+ ImplMulw(u, a[3], b[3], p[6..]); // m4
+ ImplMulw(u, a[4], b[4], p[8..]); // m5
+
+ ulong u0 = a[0] ^ a[1], v0 = b[0] ^ b[1];
+ ulong u1 = a[0] ^ a[2], v1 = b[0] ^ b[2];
+ ulong u2 = a[2] ^ a[4], v2 = b[2] ^ b[4];
+ ulong u3 = a[3] ^ a[4], v3 = b[3] ^ b[4];
+
+ ImplMulw(u, u1 ^ a[3], v1 ^ b[3], p[18..]); // m10
+ ImplMulw(u, u2 ^ a[1], v2 ^ b[1], p[20..]); // m11
+
+ ulong A4 = u0 ^ u3 , B4 = v0 ^ v3;
+ ulong A5 = A4 ^ a[2], B5 = B4 ^ b[2];
+
+ ImplMulw(u, A4, B4, p[22..]); // m12
+ ImplMulw(u, A5, B5, p[24..]); // m13
+
+ ImplMulw(u, u0, v0, p[10..]); // m6
+ ImplMulw(u, u1, v1, p[12..]); // m7
+ ImplMulw(u, u2, v2, p[14..]); // m8
+ ImplMulw(u, u3, v3, p[16..]); // m9
+
+
+ // Original method, corresponding to formula (16)
+ //AddMs(zz, 0, p, 1);
+ //AddMs(zz, 1, p, 1, 2, 6);
+ //AddMs(zz, 2, p, 1, 2, 3, 7);
+ //AddMs(zz, 3, p, 1, 3, 4, 5, 8, 10, 12, 13);
+ //AddMs(zz, 4, p, 1, 2, 4, 5, 6, 9, 10, 11, 13);
+ //AddMs(zz, 5, p, 1, 2, 3, 5, 7, 11, 12, 13);
+ //AddMs(zz, 6, p, 3, 4, 5, 8);
+ //AddMs(zz, 7, p, 4, 5, 9);
+ //AddMs(zz, 8, p, 5);
+
+ // Improved method factors out common single-word terms
+ // NOTE: p1,...,p26 in the paper maps to p[0],...,p[25] here
+
+ zz[0] = p[ 0];
+ zz[9] = p[ 9];
+
+ ulong t1 = p[ 0] ^ p[ 1];
+ ulong t2 = t1 ^ p[ 2];
+ ulong t3 = t2 ^ p[10];
+
+ zz[1] = t3;
+
+ ulong t4 = p[ 3] ^ p[ 4];
+ ulong t5 = p[11] ^ p[12];
+ ulong t6 = t4 ^ t5;
+ ulong t7 = t2 ^ t6;
+
+ zz[2] = t7;
+
+ ulong t8 = t1 ^ t4;
+ ulong t9 = p[ 5] ^ p[ 6];
+ ulong t10 = t8 ^ t9;
+ ulong t11 = t10 ^ p[ 8];
+ ulong t12 = p[13] ^ p[14];
+ ulong t13 = t11 ^ t12;
+ ulong t14 = p[18] ^ p[22];
+ ulong t15 = t14 ^ p[24];
+ ulong t16 = t13 ^ t15;
+
+ zz[3] = t16;
+
+ ulong t17 = p[ 7] ^ p[ 8];
+ ulong t18 = t17 ^ p[ 9];
+ ulong t19 = t18 ^ p[17];
+
+ zz[8] = t19;
+
+ ulong t20 = t18 ^ t9;
+ ulong t21 = p[15] ^ p[16];
+ ulong t22 = t20 ^ t21;
+
+ zz[7] = t22;
+
+ ulong t23 = t22 ^ t3;
+ ulong t24 = p[19] ^ p[20];
+ // ulong t25 = p[23] ^ p[24];
+ ulong t25 = p[25] ^ p[24]; // Fixes an error in the paper: p[23] -> p{25]
+ ulong t26 = p[18] ^ p[23];
+ ulong t27 = t24 ^ t25;
+ ulong t28 = t27 ^ t26;
+ ulong t29 = t28 ^ t23;
+
+ zz[4] = t29;
+
+ ulong t30 = t7 ^ t19;
+ ulong t31 = t27 ^ t30;
+ ulong t32 = p[21] ^ p[22];
+ ulong t33 = t31 ^ t32;
+
+ zz[5] = t33;
+
+ ulong t34 = t11 ^ p[0];
+ ulong t35 = t34 ^ p[9];
+ ulong t36 = t35 ^ t12;
+ ulong t37 = t36 ^ p[21];
+ ulong t38 = t37 ^ p[23];
+ ulong t39 = t38 ^ p[25];
+
+ zz[6] = t39;
+
+ ImplCompactExt(zz);
+ }
+#else
+ private static void ImplMultiply(ulong[] x, ulong[] y, ulong[] zz)
+ {
+ /*
+ * Formula (17) from "Some New Results on Binary Polynomial Multiplication",
+ * Murat Cenk and M. Anwar Hasan.
+ *
+ * The formula as given contained an error in the term t25, as noted below
+ */
+ ulong[] a = new ulong[5], b = new ulong[5];
+ ImplExpand(x, a);
+ ImplExpand(y, b);
+
ulong[] u = zz;
ulong[] p = new ulong[26];
@@ -426,8 +690,13 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
ImplCompactExt(zz);
}
+#endif
- protected static void ImplMulw(ulong[] u, ulong x, ulong y, ulong[] z, int zOff)
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ private static void ImplMulw(Span<ulong> u, ulong x, ulong y, Span<ulong> z)
+#else
+ private static void ImplMulw(ulong[] u, ulong x, ulong y, ulong[] z, int zOff)
+#endif
{
Debug.Assert(x >> 57 == 0);
Debug.Assert(y >> 57 == 0);
@@ -442,14 +711,14 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
u[7] = u[6] ^ y;
uint j = (uint)x;
- ulong g, h = 0, l = u[j & 7];
+ ulong g, h = 0, l = u[(int)j & 7];
int k = 48;
do
{
j = (uint)(x >> k);
- g = u[j & 7]
- ^ u[(j >> 3) & 7] << 3
- ^ u[(j >> 6) & 7] << 6;
+ g = u[(int)j & 7]
+ ^ u[(int)(j >> 3) & 7] << 3
+ ^ u[(int)(j >> 6) & 7] << 6;
l ^= (g << k);
h ^= (g >> -k);
}
@@ -459,11 +728,20 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
Debug.Assert(h >> 49 == 0);
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ z[0] ^= l & M57;
+ z[1] ^= (l >> 57) ^ (h << 7);
+#else
z[zOff ] = l & M57;
z[zOff + 1] = (l >> 57) ^ (h << 7);
+#endif
}
- protected static void ImplSquare(ulong[] x, ulong[] zz)
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ private static void ImplSquare(ReadOnlySpan<ulong> x, Span<ulong> zz)
+#else
+ private static void ImplSquare(ulong[] x, ulong[] zz)
+#endif
{
zz[8] = Interleave.Expand32to64((uint)x[4]);
@@ -482,7 +760,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
}
#endif
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Interleave.Expand64To128(x[..4], zz[..8]);
+#else
Interleave.Expand64To128(x, 0, 4, zz, 0);
+#endif
}
}
}
diff --git a/crypto/src/math/ec/custom/sec/SecT283K1Point.cs b/crypto/src/math/ec/custom/sec/SecT283K1Point.cs
index 440c5d348..00f7e1e83 100644
--- a/crypto/src/math/ec/custom/sec/SecT283K1Point.cs
+++ b/crypto/src/math/ec/custom/sec/SecT283K1Point.cs
@@ -82,7 +82,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
SecT283FieldElement L1 = (SecT283FieldElement)this.RawYCoord, Z1 = (SecT283FieldElement)this.RawZCoords[0];
SecT283FieldElement L2 = (SecT283FieldElement)b.RawYCoord, Z2 = (SecT283FieldElement)b.RawZCoords[0];
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt0 = stackalloc ulong[9];
+#else
ulong[] tt0 = Nat.Create64(9);
+#endif
ulong[] t1 = Nat320.Create64();
ulong[] t2 = Nat320.Create64();
ulong[] t3 = Nat320.Create64();
diff --git a/crypto/src/math/ec/custom/sec/SecT409Field.cs b/crypto/src/math/ec/custom/sec/SecT409Field.cs
index c497d0223..6a5afb0dc 100644
--- a/crypto/src/math/ec/custom/sec/SecT409Field.cs
+++ b/crypto/src/math/ec/custom/sec/SecT409Field.cs
@@ -9,12 +9,16 @@ using Org.BouncyCastle.Math.Raw;
namespace Org.BouncyCastle.Math.EC.Custom.Sec
{
- internal class SecT409Field
+ internal static class SecT409Field
{
private const ulong M25 = ulong.MaxValue >> 39;
private const ulong M59 = ulong.MaxValue >> 5;
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Add(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> z)
+#else
public static void Add(ulong[] x, ulong[] y, ulong[] z)
+#endif
{
z[0] = x[0] ^ y[0];
z[1] = x[1] ^ y[1];
@@ -25,7 +29,26 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
z[6] = x[6] ^ y[6];
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void AddBothTo(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> z)
+#else
+ public static void AddBothTo(ulong[] x, ulong[] y, ulong[] z)
+#endif
+ {
+ z[0] ^= x[0] ^ y[0];
+ z[1] ^= x[1] ^ y[1];
+ z[2] ^= x[2] ^ y[2];
+ z[3] ^= x[3] ^ y[3];
+ z[4] ^= x[4] ^ y[4];
+ z[5] ^= x[5] ^ y[5];
+ z[6] ^= x[6] ^ y[6];
+ }
+
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void AddExt(ReadOnlySpan<ulong> xx, ReadOnlySpan<ulong> yy, Span<ulong> zz)
+#else
public static void AddExt(ulong[] xx, ulong[] yy, ulong[] zz)
+#endif
{
for (int i = 0; i < 13; ++i)
{
@@ -33,7 +56,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
}
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void AddOne(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void AddOne(ulong[] x, ulong[] z)
+#endif
{
z[0] = x[0] ^ 1UL;
z[1] = x[1];
@@ -44,7 +71,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
z[6] = x[6];
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void AddTo(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void AddTo(ulong[] x, ulong[] z)
+#endif
{
z[0] ^= x[0];
z[1] ^= x[1];
@@ -60,9 +91,17 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
return Nat.FromBigInteger64(409, x);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void HalfTrace(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void HalfTrace(ulong[] x, ulong[] z)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[13];
+#else
ulong[] tt = Nat.Create64(13);
+#endif
Nat448.Copy64(x, z);
for (int i = 1; i < 409; i += 2)
@@ -75,16 +114,26 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
}
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Invert(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void Invert(ulong[] x, ulong[] z)
+#endif
{
if (Nat448.IsZero64(x))
throw new InvalidOperationException();
// Itoh-Tsujii inversion with bases { 2, 3 }
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> t0 = stackalloc ulong[7];
+ Span<ulong> t1 = stackalloc ulong[7];
+ Span<ulong> t2 = stackalloc ulong[7];
+#else
ulong[] t0 = Nat448.Create64();
ulong[] t1 = Nat448.Create64();
ulong[] t2 = Nat448.Create64();
+#endif
Square(x, t0);
@@ -126,21 +175,55 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
Multiply(t0, t2, z);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Multiply(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> z)
+#else
public static void Multiply(ulong[] x, ulong[] y, ulong[] z)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[14];
+#else
ulong[] tt = Nat448.CreateExt64();
+#endif
ImplMultiply(x, y, tt);
Reduce(tt, z);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void MultiplyAddToExt(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> zz)
+#else
public static void MultiplyAddToExt(ulong[] x, ulong[] y, ulong[] zz)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[14];
+#else
ulong[] tt = Nat448.CreateExt64();
+#endif
ImplMultiply(x, y, tt);
AddExt(zz, tt, zz);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void MultiplyExt(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> zz)
+#else
+ public static void MultiplyExt(ulong[] x, ulong[] y, ulong[] zz)
+#endif
+ {
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ zz[..14].Fill(0UL);
+#else
+ Array.Clear(zz, 0, 10);
+#endif
+ ImplMultiply(x, y, zz);
+ }
+
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Reduce(ReadOnlySpan<ulong> xx, Span<ulong> z)
+#else
public static void Reduce(ulong[] xx, ulong[] z)
+#endif
{
ulong x00 = xx[0], x01 = xx[1], x02 = xx[2], x03 = xx[3];
ulong x04 = xx[4], x05 = xx[5], x06 = xx[6], x07 = xx[7];
@@ -193,7 +276,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
z[zOff + 6] = z6 & M25;
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Sqrt(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void Sqrt(ulong[] x, ulong[] z)
+#endif
{
ulong c0 = Interleave.Unshuffle(x[0], x[1], out ulong e0);
ulong c1 = Interleave.Unshuffle(x[2], x[3], out ulong e1);
@@ -211,30 +298,58 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
Debug.Assert((c3 >> 51) == 0);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Square(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void Square(ulong[] x, ulong[] z)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[13];
+#else
ulong[] tt = Nat.Create64(13);
+#endif
ImplSquare(x, tt);
Reduce(tt, z);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void SquareAddToExt(ReadOnlySpan<ulong> x, Span<ulong> zz)
+#else
public static void SquareAddToExt(ulong[] x, ulong[] zz)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[13];
+#else
ulong[] tt = Nat.Create64(13);
+#endif
ImplSquare(x, tt);
AddExt(zz, tt, zz);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void SquareExt(ReadOnlySpan<ulong> x, Span<ulong> zz)
+#else
public static void SquareExt(ulong[] x, ulong[] zz)
+#endif
{
ImplSquare(x, zz);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void SquareN(ReadOnlySpan<ulong> x, int n, Span<ulong> z)
+#else
public static void SquareN(ulong[] x, int n, ulong[] z)
+#endif
{
Debug.Assert(n > 0);
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[13];
+#else
ulong[] tt = Nat.Create64(13);
+#endif
ImplSquare(x, tt);
Reduce(tt, z);
@@ -245,13 +360,21 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
}
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static uint Trace(ReadOnlySpan<ulong> x)
+#else
public static uint Trace(ulong[] x)
+#endif
{
// Non-zero-trace bits: 0
return (uint)(x[0]) & 1U;
}
- protected static void ImplCompactExt(ulong[] zz)
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ private static void ImplCompactExt(Span<ulong> zz)
+#else
+ private static void ImplCompactExt(ulong[] zz)
+#endif
{
ulong z00 = zz[ 0], z01 = zz[ 1], z02 = zz[ 2], z03 = zz[ 3], z04 = zz[ 4], z05 = zz[ 5], z06 = zz[ 6];
ulong z07 = zz[ 7], z08 = zz[ 8], z09 = zz[ 9], z10 = zz[10], z11 = zz[11], z12 = zz[12], z13 = zz[13];
@@ -272,7 +395,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
//zz[13] = 0;
}
- protected static void ImplExpand(ulong[] x, ulong[] z)
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ private static void ImplExpand(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
+ private static void ImplExpand(ulong[] x, ulong[] z)
+#endif
{
ulong x0 = x[0], x1 = x[1], x2 = x[2], x3 = x[3], x4 = x[4], x5 = x[5], x6 = x[6];
z[0] = x0 & M59;
@@ -284,7 +411,72 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
z[6] = ((x5 >> 34) ^ (x6 << 30));
}
- protected static void ImplMultiply(ulong[] x, ulong[] y, ulong[] zz)
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ private static void ImplMultiply(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> zz)
+ {
+ Span<ulong> a = stackalloc ulong[7], b = stackalloc ulong[7];
+ ImplExpand(x, a);
+ ImplExpand(y, b);
+
+ Span<ulong> u = stackalloc ulong[8];
+ for (int i = 0; i < 7; ++i)
+ {
+ ImplMulwAcc(u, a[i], b[i], zz[(i << 1)..]);
+ }
+
+ ulong v0 = zz[0], v1 = zz[1];
+ v0 ^= zz[ 2]; zz[1] = v0 ^ v1; v1 ^= zz[ 3];
+ v0 ^= zz[ 4]; zz[2] = v0 ^ v1; v1 ^= zz[ 5];
+ v0 ^= zz[ 6]; zz[3] = v0 ^ v1; v1 ^= zz[ 7];
+ v0 ^= zz[ 8]; zz[4] = v0 ^ v1; v1 ^= zz[ 9];
+ v0 ^= zz[10]; zz[5] = v0 ^ v1; v1 ^= zz[11];
+ v0 ^= zz[12]; zz[6] = v0 ^ v1; v1 ^= zz[13];
+
+ ulong w = v0 ^ v1;
+ zz[ 7] = zz[0] ^ w;
+ zz[ 8] = zz[1] ^ w;
+ zz[ 9] = zz[2] ^ w;
+ zz[10] = zz[3] ^ w;
+ zz[11] = zz[4] ^ w;
+ zz[12] = zz[5] ^ w;
+ zz[13] = zz[6] ^ w;
+
+ ImplMulwAcc(u, a[0] ^ a[1], b[0] ^ b[1], zz[ 1..]);
+
+ ImplMulwAcc(u, a[0] ^ a[2], b[0] ^ b[2], zz[ 2..]);
+
+ ImplMulwAcc(u, a[0] ^ a[3], b[0] ^ b[3], zz[ 3..]);
+ ImplMulwAcc(u, a[1] ^ a[2], b[1] ^ b[2], zz[ 3..]);
+
+ ImplMulwAcc(u, a[0] ^ a[4], b[0] ^ b[4], zz[ 4..]);
+ ImplMulwAcc(u, a[1] ^ a[3], b[1] ^ b[3], zz[ 4..]);
+
+ ImplMulwAcc(u, a[0] ^ a[5], b[0] ^ b[5], zz[ 5..]);
+ ImplMulwAcc(u, a[1] ^ a[4], b[1] ^ b[4], zz[ 5..]);
+ ImplMulwAcc(u, a[2] ^ a[3], b[2] ^ b[3], zz[ 5..]);
+
+ ImplMulwAcc(u, a[0] ^ a[6], b[0] ^ b[6], zz[ 6..]);
+ ImplMulwAcc(u, a[1] ^ a[5], b[1] ^ b[5], zz[ 6..]);
+ ImplMulwAcc(u, a[2] ^ a[4], b[2] ^ b[4], zz[ 6..]);
+
+ ImplMulwAcc(u, a[1] ^ a[6], b[1] ^ b[6], zz[ 7..]);
+ ImplMulwAcc(u, a[2] ^ a[5], b[2] ^ b[5], zz[ 7..]);
+ ImplMulwAcc(u, a[3] ^ a[4], b[3] ^ b[4], zz[ 7..]);
+
+ ImplMulwAcc(u, a[2] ^ a[6], b[2] ^ b[6], zz[ 8..]);
+ ImplMulwAcc(u, a[3] ^ a[5], b[3] ^ b[5], zz[ 8..]);
+
+ ImplMulwAcc(u, a[3] ^ a[6], b[3] ^ b[6], zz[ 9..]);
+ ImplMulwAcc(u, a[4] ^ a[5], b[4] ^ b[5], zz[ 9..]);
+
+ ImplMulwAcc(u, a[4] ^ a[6], b[4] ^ b[6], zz[10..]);
+
+ ImplMulwAcc(u, a[5] ^ a[6], b[5] ^ b[6], zz[11..]);
+
+ ImplCompactExt(zz);
+ }
+#else
+ private static void ImplMultiply(ulong[] x, ulong[] y, ulong[] zz)
{
ulong[] a = new ulong[7], b = new ulong[7];
ImplExpand(x, a);
@@ -347,8 +539,13 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
ImplCompactExt(zz);
}
+#endif
- protected static void ImplMulwAcc(ulong[] u, ulong x, ulong y, ulong[] z, int zOff)
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ private static void ImplMulwAcc(Span<ulong> u, ulong x, ulong y, Span<ulong> z)
+#else
+ private static void ImplMulwAcc(ulong[] u, ulong x, ulong y, ulong[] z, int zOff)
+#endif
{
Debug.Assert(x >> 59 == 0);
Debug.Assert(y >> 59 == 0);
@@ -361,8 +558,8 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
var Z = Pclmulqdq.CarrylessMultiply(X, Y, 0x00);
ulong z0 = Z.GetElement(0);
ulong z1 = Z.GetElement(1);
- z[zOff ] ^= z0 & M59;
- z[zOff + 1] ^= (z0 >> 59) ^ (z1 << 5);
+ z[0] ^= z0 & M59;
+ z[1] ^= (z0 >> 59) ^ (z1 << 5);
return;
}
#endif
@@ -377,14 +574,14 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
u[7] = u[6] ^ y;
uint j = (uint)x;
- ulong g, h = 0, l = u[j & 7]
- ^ (u[(j >> 3) & 7] << 3);
+ ulong g, h = 0, l = u[(int)j & 7]
+ ^ (u[(int)(j >> 3) & 7] << 3);
int k = 54;
do
{
j = (uint)(x >> k);
- g = u[j & 7]
- ^ u[(j >> 3) & 7] << 3;
+ g = u[(int)j & 7]
+ ^ u[(int)(j >> 3) & 7] << 3;
l ^= (g << k);
h ^= (g >> -k);
}
@@ -392,11 +589,20 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
Debug.Assert(h >> 53 == 0);
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ z[0] ^= l & M59;
+ z[1] ^= (l >> 59) ^ (h << 5);
+#else
z[zOff ] ^= l & M59;
z[zOff + 1] ^= (l >> 59) ^ (h << 5);
+#endif
}
- protected static void ImplSquare(ulong[] x, ulong[] zz)
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ private static void ImplSquare(ReadOnlySpan<ulong> x, Span<ulong> zz)
+#else
+ private static void ImplSquare(ulong[] x, ulong[] zz)
+#endif
{
zz[12] = Interleave.Expand32to64((uint)x[6]);
@@ -419,7 +625,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
}
#endif
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Interleave.Expand64To128(x[..6], zz[..12]);
+#else
Interleave.Expand64To128(x, 0, 6, zz, 0);
+#endif
}
}
}
diff --git a/crypto/src/math/ec/custom/sec/SecT409K1Point.cs b/crypto/src/math/ec/custom/sec/SecT409K1Point.cs
index 86a02896c..0200de5df 100644
--- a/crypto/src/math/ec/custom/sec/SecT409K1Point.cs
+++ b/crypto/src/math/ec/custom/sec/SecT409K1Point.cs
@@ -82,7 +82,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
SecT409FieldElement L1 = (SecT409FieldElement)this.RawYCoord, Z1 = (SecT409FieldElement)this.RawZCoords[0];
SecT409FieldElement L2 = (SecT409FieldElement)b.RawYCoord, Z2 = (SecT409FieldElement)b.RawZCoords[0];
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt0 = stackalloc ulong[13];
+#else
ulong[] tt0 = Nat.Create64(13);
+#endif
ulong[] t1 = Nat448.Create64();
ulong[] t2 = Nat448.Create64();
ulong[] t3 = Nat448.Create64();
diff --git a/crypto/src/math/ec/custom/sec/SecT571Field.cs b/crypto/src/math/ec/custom/sec/SecT571Field.cs
index b09a86ac3..e970027a5 100644
--- a/crypto/src/math/ec/custom/sec/SecT571Field.cs
+++ b/crypto/src/math/ec/custom/sec/SecT571Field.cs
@@ -9,7 +9,7 @@ using Org.BouncyCastle.Math.Raw;
namespace Org.BouncyCastle.Math.EC.Custom.Sec
{
- internal class SecT571Field
+ internal static class SecT571Field
{
private const ulong M59 = ulong.MaxValue >> 5;
@@ -17,7 +17,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
0xCAF84657C232BE11UL, 0x657C232BE1195F08UL, 0xF84657C2308CAF84UL, 0x7C232BE1195F08CAUL,
0xBE1195F08CAF8465UL, 0x5F08CAF84657C232UL, 0x784657C232BE119UL };
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Add(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> z)
+#else
public static void Add(ulong[] x, ulong[] y, ulong[] z)
+#endif
{
Nat.Xor64(9, x, y, z);
}
@@ -27,7 +31,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
Nat.Xor64(9, x, xOff, y, yOff, z, zOff);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void AddBothTo(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> z)
+#else
public static void AddBothTo(ulong[] x, ulong[] y, ulong[] z)
+#endif
{
for (int i = 0; i < 9; ++i)
{
@@ -43,12 +51,20 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
}
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void AddExt(ReadOnlySpan<ulong> xx, ReadOnlySpan<ulong> yy, Span<ulong> zz)
+#else
public static void AddExt(ulong[] xx, ulong[] yy, ulong[] zz)
+#endif
{
Nat.Xor64(18, xx, yy, zz);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void AddOne(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void AddOne(ulong[] x, ulong[] z)
+#endif
{
z[0] = x[0] ^ 1UL;
for (int i = 1; i < 9; ++i)
@@ -57,7 +73,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
}
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void AddTo(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void AddTo(ulong[] x, ulong[] z)
+#endif
{
Nat.XorTo64(9, x, z);
}
@@ -67,9 +87,17 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
return Nat.FromBigInteger64(571, x);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void HalfTrace(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void HalfTrace(ulong[] x, ulong[] z)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[18];
+#else
ulong[] tt = Nat576.CreateExt64();
+#endif
Nat576.Copy64(x, z);
for (int i = 1; i < 571; i += 2)
@@ -82,16 +110,26 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
}
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Invert(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void Invert(ulong[] x, ulong[] z)
+#endif
{
if (Nat576.IsZero64(x))
throw new InvalidOperationException();
// Itoh-Tsujii inversion with bases { 2, 3, 5 }
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> t0 = stackalloc ulong[9];
+ Span<ulong> t1 = stackalloc ulong[9];
+ Span<ulong> t2 = stackalloc ulong[9];
+#else
ulong[] t0 = Nat576.Create64();
ulong[] t1 = Nat576.Create64();
ulong[] t2 = Nat576.Create64();
+#endif
Square(x, t2);
@@ -133,35 +171,85 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
Multiply(t0, t2, z);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Multiply(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> z)
+#else
public static void Multiply(ulong[] x, ulong[] y, ulong[] z)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[18];
+#else
ulong[] tt = Nat576.CreateExt64();
+#endif
ImplMultiply(x, y, tt);
Reduce(tt, z);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void MultiplyAddToExt(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> zz)
+#else
public static void MultiplyAddToExt(ulong[] x, ulong[] y, ulong[] zz)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[18];
+#else
ulong[] tt = Nat576.CreateExt64();
+#endif
ImplMultiply(x, y, tt);
AddExt(zz, tt, zz);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void MultiplyExt(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> zz)
+#else
+ public static void MultiplyExt(ulong[] x, ulong[] y, ulong[] zz)
+#endif
+ {
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ zz[..18].Fill(0UL);
+#else
+ Array.Clear(zz, 0, 18);
+#endif
+ ImplMultiply(x, y, zz);
+ }
+
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void MultiplyPrecomp(ReadOnlySpan<ulong> x, ulong[] precomp, Span<ulong> z)
+#else
public static void MultiplyPrecomp(ulong[] x, ulong[] precomp, ulong[] z)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[18];
+#else
ulong[] tt = Nat576.CreateExt64();
+#endif
ImplMultiplyPrecomp(x, precomp, tt);
Reduce(tt, z);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void MultiplyPrecompAddToExt(ReadOnlySpan<ulong> x, ulong[] precomp, Span<ulong> zz)
+#else
public static void MultiplyPrecompAddToExt(ulong[] x, ulong[] precomp, ulong[] zz)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[18];
+#else
ulong[] tt = Nat576.CreateExt64();
+#endif
ImplMultiplyPrecomp(x, precomp, tt);
AddExt(zz, tt, zz);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static ulong[] PrecompMultiplicand(ReadOnlySpan<ulong> x)
+#else
public static ulong[] PrecompMultiplicand(ulong[] x)
+#endif
{
#if NETCOREAPP3_0_OR_GREATER
ulong[] z = Nat576.Create64();
@@ -173,7 +261,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
*/
int len = 9 << 4;
ulong[] t = new ulong[len << 1];
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ x[..9].CopyTo(t.AsSpan(9));
+#else
Array.Copy(x, 0, t, 9, 9);
+#endif
//Reduce5(t, 9);
int tOff = 0;
for (int i = 7; i > 0; --i)
@@ -193,7 +285,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
#endif
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Reduce(ReadOnlySpan<ulong> xx, Span<ulong> z)
+#else
public static void Reduce(ulong[] xx, ulong[] z)
+#endif
{
ulong xx09 = xx[9];
ulong u = xx[17], v = xx09;
@@ -225,9 +321,17 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
z[zOff + 8] = z8 & M59;
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Sqrt(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void Sqrt(ulong[] x, ulong[] z)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> evn = stackalloc ulong[9], odd = stackalloc ulong[9];
+#else
ulong[] evn = Nat576.Create64(), odd = Nat576.Create64();
+#endif
odd[0] = Interleave.Unshuffle(x[0], x[1], out evn[0]);
odd[1] = Interleave.Unshuffle(x[2], x[3], out evn[1]);
@@ -239,30 +343,58 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
Add(z, evn, z);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Square(ReadOnlySpan<ulong> x, Span<ulong> z)
+#else
public static void Square(ulong[] x, ulong[] z)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[18];
+#else
ulong[] tt = Nat576.CreateExt64();
+#endif
ImplSquare(x, tt);
Reduce(tt, z);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void SquareAddToExt(ReadOnlySpan<ulong> x, Span<ulong> zz)
+#else
public static void SquareAddToExt(ulong[] x, ulong[] zz)
+#endif
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[18];
+#else
ulong[] tt = Nat576.CreateExt64();
+#endif
ImplSquare(x, tt);
AddExt(zz, tt, zz);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void SquareExt(ReadOnlySpan<ulong> x, Span<ulong> zz)
+#else
public static void SquareExt(ulong[] x, ulong[] zz)
+#endif
{
ImplSquare(x, zz);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void SquareN(ReadOnlySpan<ulong> x, int n, Span<ulong> z)
+#else
public static void SquareN(ulong[] x, int n, ulong[] z)
+#endif
{
Debug.Assert(n > 0);
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[18];
+#else
ulong[] tt = Nat576.CreateExt64();
+#endif
ImplSquare(x, tt);
Reduce(tt, z);
@@ -273,13 +405,103 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
}
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static uint Trace(ReadOnlySpan<ulong> x)
+#else
public static uint Trace(ulong[] x)
+#endif
{
// Non-zero-trace bits: 0, 561, 569
return (uint)(x[0] ^ (x[8] >> 49) ^ (x[8] >> 57)) & 1U;
}
- protected static void ImplMultiply(ulong[] x, ulong[] y, ulong[] zz)
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ private static void ImplMultiply(ReadOnlySpan<ulong> x, ReadOnlySpan<ulong> y, Span<ulong> zz)
+ {
+ //ulong[] precomp = PrecompMultiplicand(y);
+
+ //ImplMultiplyPrecomp(x, precomp, zz);
+
+ ulong[] u = new ulong[16];
+ for (int i = 0; i < 9; ++i)
+ {
+ ImplMulwAcc(u, x[i], y[i], zz[(i << 1)..]);
+ }
+
+ ulong v0 = zz[0], v1 = zz[1];
+ v0 ^= zz[ 2]; zz[1] = v0 ^ v1; v1 ^= zz[ 3];
+ v0 ^= zz[ 4]; zz[2] = v0 ^ v1; v1 ^= zz[ 5];
+ v0 ^= zz[ 6]; zz[3] = v0 ^ v1; v1 ^= zz[ 7];
+ v0 ^= zz[ 8]; zz[4] = v0 ^ v1; v1 ^= zz[ 9];
+ v0 ^= zz[10]; zz[5] = v0 ^ v1; v1 ^= zz[11];
+ v0 ^= zz[12]; zz[6] = v0 ^ v1; v1 ^= zz[13];
+ v0 ^= zz[14]; zz[7] = v0 ^ v1; v1 ^= zz[15];
+ v0 ^= zz[16]; zz[8] = v0 ^ v1; v1 ^= zz[17];
+
+ ulong w = v0 ^ v1;
+ zz[ 9] = zz[0] ^ w;
+ zz[10] = zz[1] ^ w;
+ zz[11] = zz[2] ^ w;
+ zz[12] = zz[3] ^ w;
+ zz[13] = zz[4] ^ w;
+ zz[14] = zz[5] ^ w;
+ zz[15] = zz[6] ^ w;
+ zz[16] = zz[7] ^ w;
+ zz[17] = zz[8] ^ w;
+
+ ImplMulwAcc(u, x[0] ^ x[1], y[0] ^ y[1], zz[ 1..]);
+
+ ImplMulwAcc(u, x[0] ^ x[2], y[0] ^ y[2], zz[ 2..]);
+
+ ImplMulwAcc(u, x[0] ^ x[3], y[0] ^ y[3], zz[ 3..]);
+ ImplMulwAcc(u, x[1] ^ x[2], y[1] ^ y[2], zz[ 3..]);
+
+ ImplMulwAcc(u, x[0] ^ x[4], y[0] ^ y[4], zz[ 4..]);
+ ImplMulwAcc(u, x[1] ^ x[3], y[1] ^ y[3], zz[ 4..]);
+
+ ImplMulwAcc(u, x[0] ^ x[5], y[0] ^ y[5], zz[ 5..]);
+ ImplMulwAcc(u, x[1] ^ x[4], y[1] ^ y[4], zz[ 5..]);
+ ImplMulwAcc(u, x[2] ^ x[3], y[2] ^ y[3], zz[ 5..]);
+
+ ImplMulwAcc(u, x[0] ^ x[6], y[0] ^ y[6], zz[ 6..]);
+ ImplMulwAcc(u, x[1] ^ x[5], y[1] ^ y[5], zz[ 6..]);
+ ImplMulwAcc(u, x[2] ^ x[4], y[2] ^ y[4], zz[ 6..]);
+
+ ImplMulwAcc(u, x[0] ^ x[7], y[0] ^ y[7], zz[ 7..]);
+ ImplMulwAcc(u, x[1] ^ x[6], y[1] ^ y[6], zz[ 7..]);
+ ImplMulwAcc(u, x[2] ^ x[5], y[2] ^ y[5], zz[ 7..]);
+ ImplMulwAcc(u, x[3] ^ x[4], y[3] ^ y[4], zz[ 7..]);
+
+ ImplMulwAcc(u, x[0] ^ x[8], y[0] ^ y[8], zz[ 8..]);
+ ImplMulwAcc(u, x[1] ^ x[7], y[1] ^ y[7], zz[ 8..]);
+ ImplMulwAcc(u, x[2] ^ x[6], y[2] ^ y[6], zz[ 8..]);
+ ImplMulwAcc(u, x[3] ^ x[5], y[3] ^ y[5], zz[ 8..]);
+
+ ImplMulwAcc(u, x[1] ^ x[8], y[1] ^ y[8], zz[ 9..]);
+ ImplMulwAcc(u, x[2] ^ x[7], y[2] ^ y[7], zz[ 9..]);
+ ImplMulwAcc(u, x[3] ^ x[6], y[3] ^ y[6], zz[ 9..]);
+ ImplMulwAcc(u, x[4] ^ x[5], y[4] ^ y[5], zz[ 9..]);
+
+ ImplMulwAcc(u, x[2] ^ x[8], y[2] ^ y[8], zz[10..]);
+ ImplMulwAcc(u, x[3] ^ x[7], y[3] ^ y[7], zz[10..]);
+ ImplMulwAcc(u, x[4] ^ x[6], y[4] ^ y[6], zz[10..]);
+
+ ImplMulwAcc(u, x[3] ^ x[8], y[3] ^ y[8], zz[11..]);
+ ImplMulwAcc(u, x[4] ^ x[7], y[4] ^ y[7], zz[11..]);
+ ImplMulwAcc(u, x[5] ^ x[6], y[5] ^ y[6], zz[11..]);
+
+ ImplMulwAcc(u, x[4] ^ x[8], y[4] ^ y[8], zz[12..]);
+ ImplMulwAcc(u, x[5] ^ x[7], y[5] ^ y[7], zz[12..]);
+
+ ImplMulwAcc(u, x[5] ^ x[8], y[5] ^ y[8], zz[13..]);
+ ImplMulwAcc(u, x[6] ^ x[7], y[6] ^ y[7], zz[13..]);
+
+ ImplMulwAcc(u, x[6] ^ x[8], y[6] ^ y[8], zz[14..]);
+
+ ImplMulwAcc(u, x[7] ^ x[8], y[7] ^ y[8], zz[15..]);
+ }
+#else
+ private static void ImplMultiply(ulong[] x, ulong[] y, ulong[] zz)
{
//ulong[] precomp = PrecompMultiplicand(y);
@@ -363,8 +585,13 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
ImplMulwAcc(u, x[7] ^ x[8], y[7] ^ y[8], zz, 15);
}
+#endif
- protected static void ImplMultiplyPrecomp(ulong[] x, ulong[] precomp, ulong[] zz)
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ private static void ImplMultiplyPrecomp(ReadOnlySpan<ulong> x, ulong[] precomp, Span<ulong> zz)
+#else
+ private static void ImplMultiplyPrecomp(ulong[] x, ulong[] precomp, ulong[] zz)
+#endif
{
#if NETCOREAPP3_0_OR_GREATER
ImplMultiply(x, precomp, zz);
@@ -382,9 +609,17 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
uint aVal = (uint)(x[j] >> k);
uint u = aVal & MASK;
uint v = (aVal >> 4) & MASK;
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ AddBothTo(precomp.AsSpan((int)(9 * u)), precomp.AsSpan((int)(9 * (v + 16))), zz[(j - 1)..]);
+#else
AddBothTo(precomp, (int)(9 * u), precomp, (int)(9 * (v + 16)), zz, j - 1);
+#endif
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Nat.ShiftUpBits64(16, zz, 8, 0UL);
+#else
Nat.ShiftUpBits64(16, zz, 0, 8, 0UL);
+#endif
}
for (int k = 56; k >= 0; k -= 8)
@@ -394,17 +629,29 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
uint aVal = (uint)(x[j] >> k);
uint u = aVal & MASK;
uint v = (aVal >> 4) & MASK;
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ AddBothTo(precomp.AsSpan((int)(9 * u)), precomp.AsSpan((int)(9 * (v + 16))), zz[j..]);
+#else
AddBothTo(precomp, (int)(9 * u), precomp, (int)(9 * (v + 16)), zz, j);
+#endif
}
if (k > 0)
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Nat.ShiftUpBits64(18, zz, 8, 0UL);
+#else
Nat.ShiftUpBits64(18, zz, 0, 8, 0UL);
+#endif
}
}
#endif
- }
+ }
- protected static void ImplMulwAcc(ulong[] u, ulong x, ulong y, ulong[] z, int zOff)
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ private static void ImplMulwAcc(Span<ulong> u, ulong x, ulong y, Span<ulong> z)
+#else
+ private static void ImplMulwAcc(ulong[] u, ulong x, ulong y, ulong[] z, int zOff)
+#endif
{
#if NETCOREAPP3_0_OR_GREATER
if (Pclmulqdq.IsSupported)
@@ -412,8 +659,8 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
var X = Vector128.CreateScalar(x);
var Y = Vector128.CreateScalar(y);
var Z = Pclmulqdq.CarrylessMultiply(X, Y, 0x00);
- z[zOff ] ^= Z.GetElement(0);
- z[zOff + 1] ^= Z.GetElement(1);
+ z[0] ^= Z.GetElement(0);
+ z[1] ^= Z.GetElement(1);
return;
}
#endif
@@ -427,14 +674,14 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
}
uint j = (uint)x;
- ulong g, h = 0, l = u[j & 15]
- ^ u[(j >> 4) & 15] << 4;
+ ulong g, h = 0, l = u[(int)j & 15]
+ ^ u[(int)(j >> 4) & 15] << 4;
int k = 56;
do
{
j = (uint)(x >> k);
- g = u[j & 15]
- ^ u[(j >> 4) & 15] << 4;
+ g = u[(int)j & 15]
+ ^ u[(int)(j >> 4) & 15] << 4;
l ^= (g << k);
h ^= (g >> -k);
}
@@ -448,11 +695,20 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
Debug.Assert(h >> 63 == 0);
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ z[0] ^= l;
+ z[1] ^= h;
+#else
z[zOff ] ^= l;
z[zOff + 1] ^= h;
+#endif
}
- protected static void ImplSquare(ulong[] x, ulong[] zz)
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ private static void ImplSquare(ReadOnlySpan<ulong> x, Span<ulong> zz)
+#else
+ private static void ImplSquare(ulong[] x, ulong[] zz)
+#endif
{
#if NETCOREAPP3_0_OR_GREATER
if (Bmi2.X64.IsSupported)
@@ -479,7 +735,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
}
#endif
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Interleave.Expand64To128(x[..9], zz[..18]);
+#else
Interleave.Expand64To128(x, 0, 9, zz, 0);
+#endif
}
}
}
diff --git a/crypto/src/math/ec/custom/sec/SecT571K1Point.cs b/crypto/src/math/ec/custom/sec/SecT571K1Point.cs
index 95af0629f..0156c6283 100644
--- a/crypto/src/math/ec/custom/sec/SecT571K1Point.cs
+++ b/crypto/src/math/ec/custom/sec/SecT571K1Point.cs
@@ -176,7 +176,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
SecT571Field.MultiplyPrecomp(Z3.x, Z2Precomp, Z3.x);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[18];
+#else
ulong[] tt = Nat576.CreateExt64();
+#endif
SecT571Field.Add(AU2, B, t4);
SecT571Field.SquareExt(t4, tt);
diff --git a/crypto/src/math/ec/custom/sec/SecT571R1Point.cs b/crypto/src/math/ec/custom/sec/SecT571R1Point.cs
index 986885db6..1b519d819 100644
--- a/crypto/src/math/ec/custom/sec/SecT571R1Point.cs
+++ b/crypto/src/math/ec/custom/sec/SecT571R1Point.cs
@@ -176,7 +176,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
SecT571Field.MultiplyPrecomp(Z3.x, Z2Precomp, Z3.x);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[18];
+#else
ulong[] tt = Nat576.CreateExt64();
+#endif
SecT571Field.Add(AU2, B, t4);
SecT571Field.SquareExt(t4, tt);
@@ -237,7 +241,11 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
return new SecT571R1Point(curve, new SecT571FieldElement(T), SecT571R1Curve.SecT571R1_B_SQRT);
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<ulong> tt = stackalloc ulong[18];
+#else
ulong[] tt = Nat576.CreateExt64();
+#endif
SecT571Field.MultiplyAddToExt(T, L1Z1, tt);
SecT571FieldElement X3 = new SecT571FieldElement(t1);
diff --git a/crypto/src/math/raw/Nat128.cs b/crypto/src/math/raw/Nat128.cs
index d336b320a..0705844e7 100644
--- a/crypto/src/math/raw/Nat128.cs
+++ b/crypto/src/math/raw/Nat128.cs
@@ -131,6 +131,14 @@ namespace Org.BouncyCastle.Math.Raw
z[zOff + 1] = x[xOff + 1];
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Copy64(ReadOnlySpan<ulong> x, Span<ulong> z)
+ {
+ z[0] = x[0];
+ z[1] = x[1];
+ }
+#endif
+
public static uint[] Create()
{
return new uint[4];
@@ -270,7 +278,11 @@ namespace Org.BouncyCastle.Math.Raw
return true;
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static bool IsZero64(ReadOnlySpan<ulong> x)
+#else
public static bool IsZero64(ulong[] x)
+#endif
{
for (int i = 0; i < 2; ++i)
{
diff --git a/crypto/src/math/raw/Nat192.cs b/crypto/src/math/raw/Nat192.cs
index 752290747..7c36b21cf 100644
--- a/crypto/src/math/raw/Nat192.cs
+++ b/crypto/src/math/raw/Nat192.cs
@@ -169,6 +169,15 @@ namespace Org.BouncyCastle.Math.Raw
z[zOff + 2] = x[xOff + 2];
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Copy64(ReadOnlySpan<ulong> x, Span<ulong> z)
+ {
+ z[0] = x[0];
+ z[1] = x[1];
+ z[2] = x[2];
+ }
+#endif
+
public static uint[] Create()
{
return new uint[6];
@@ -310,7 +319,11 @@ namespace Org.BouncyCastle.Math.Raw
return true;
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static bool IsZero64(ReadOnlySpan<ulong> x)
+#else
public static bool IsZero64(ulong[] x)
+#endif
{
for (int i = 0; i < 3; ++i)
{
diff --git a/crypto/src/math/raw/Nat320.cs b/crypto/src/math/raw/Nat320.cs
index 0b250aa77..06f7b58cc 100644
--- a/crypto/src/math/raw/Nat320.cs
+++ b/crypto/src/math/raw/Nat320.cs
@@ -25,6 +25,17 @@ namespace Org.BouncyCastle.Math.Raw
z[zOff + 4] = x[xOff + 4];
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Copy64(ReadOnlySpan<ulong> x, Span<ulong> z)
+ {
+ z[0] = x[0];
+ z[1] = x[1];
+ z[2] = x[2];
+ z[3] = x[3];
+ z[4] = x[4];
+ }
+#endif
+
public static ulong[] Create64()
{
return new ulong[5];
@@ -63,7 +74,11 @@ namespace Org.BouncyCastle.Math.Raw
return true;
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static bool IsZero64(ReadOnlySpan<ulong> x)
+#else
public static bool IsZero64(ulong[] x)
+#endif
{
for (int i = 0; i < 5; ++i)
{
diff --git a/crypto/src/math/raw/Nat448.cs b/crypto/src/math/raw/Nat448.cs
index 688f327a4..2da03bf0f 100644
--- a/crypto/src/math/raw/Nat448.cs
+++ b/crypto/src/math/raw/Nat448.cs
@@ -29,6 +29,19 @@ namespace Org.BouncyCastle.Math.Raw
z[zOff + 6] = x[xOff + 6];
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Copy64(ReadOnlySpan<ulong> x, Span<ulong> z)
+ {
+ z[0] = x[0];
+ z[1] = x[1];
+ z[2] = x[2];
+ z[3] = x[3];
+ z[4] = x[4];
+ z[5] = x[5];
+ z[6] = x[6];
+ }
+#endif
+
public static ulong[] Create64()
{
return new ulong[7];
@@ -67,7 +80,11 @@ namespace Org.BouncyCastle.Math.Raw
return true;
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static bool IsZero64(ReadOnlySpan<ulong> x)
+#else
public static bool IsZero64(ulong[] x)
+#endif
{
for (int i = 0; i < 7; ++i)
{
diff --git a/crypto/src/math/raw/Nat576.cs b/crypto/src/math/raw/Nat576.cs
index 174d52bcf..3525a0f05 100644
--- a/crypto/src/math/raw/Nat576.cs
+++ b/crypto/src/math/raw/Nat576.cs
@@ -33,6 +33,21 @@ namespace Org.BouncyCastle.Math.Raw
z[zOff + 8] = x[xOff + 8];
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static void Copy64(ReadOnlySpan<ulong> x, Span<ulong> z)
+ {
+ z[0] = x[0];
+ z[1] = x[1];
+ z[2] = x[2];
+ z[3] = x[3];
+ z[4] = x[4];
+ z[5] = x[5];
+ z[6] = x[6];
+ z[7] = x[7];
+ z[8] = x[8];
+ }
+#endif
+
public static ulong[] Create64()
{
return new ulong[9];
@@ -71,7 +86,11 @@ namespace Org.BouncyCastle.Math.Raw
return true;
}
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ public static bool IsZero64(ReadOnlySpan<ulong> x)
+#else
public static bool IsZero64(ulong[] x)
+#endif
{
for (int i = 0; i < 9; ++i)
{
|
