summary refs log tree commit diff
path: root/crypto/src/math/ec/custom/sec/SecT409Field.cs
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/src/math/ec/custom/sec/SecT409Field.cs')
-rw-r--r--crypto/src/math/ec/custom/sec/SecT409Field.cs107
1 files changed, 72 insertions, 35 deletions
diff --git a/crypto/src/math/ec/custom/sec/SecT409Field.cs b/crypto/src/math/ec/custom/sec/SecT409Field.cs
index 2e5609542..c35d3cef0 100644
--- a/crypto/src/math/ec/custom/sec/SecT409Field.cs
+++ b/crypto/src/math/ec/custom/sec/SecT409Field.cs
@@ -271,9 +271,8 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
             zz[10] = (z10 >> 50) ^ (z11 <<  9);
             zz[11] = (z11 >> 55) ^ (z12 <<  4)
                                  ^ (z13 << 63);
-            zz[12] = (z12 >> 60)
-                   ^ (z13 >> 1);
-            zz[13] = 0;
+            zz[12] = (z13 >>  1);
+            //zz[13] = 0;
         }
 
         protected static void ImplExpand(ulong[] x, ulong[] z)
@@ -294,19 +293,69 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
             ImplExpand(x, a);
             ImplExpand(y, b);
 
+            ulong[] u = new ulong[8];
             for (int i = 0; i < 7; ++i)
             {
-                ImplMulwAcc(a, b[i], zz, i);
+                ImplMulwAcc(u, a[i], b[i], zz, i << 1);
             }
 
+            ulong v0 = zz[0], v1 = zz[1];
+            v0 ^= zz[ 2]; zz[1] = v0 ^ v1; v1 ^= zz[ 3];
+            v0 ^= zz[ 4]; zz[2] = v0 ^ v1; v1 ^= zz[ 5];
+            v0 ^= zz[ 6]; zz[3] = v0 ^ v1; v1 ^= zz[ 7];
+            v0 ^= zz[ 8]; zz[4] = v0 ^ v1; v1 ^= zz[ 9];
+            v0 ^= zz[10]; zz[5] = v0 ^ v1; v1 ^= zz[11];
+            v0 ^= zz[12]; zz[6] = v0 ^ v1; v1 ^= zz[13];
+
+            ulong w = v0 ^ v1;
+            zz[ 7] = zz[0] ^ w;
+            zz[ 8] = zz[1] ^ w;
+            zz[ 9] = zz[2] ^ w;
+            zz[10] = zz[3] ^ w;
+            zz[11] = zz[4] ^ w;
+            zz[12] = zz[5] ^ w;
+            zz[13] = zz[6] ^ w;
+
+            ImplMulwAcc(u, a[0] ^ a[1], b[0] ^ b[1], zz,  1);
+
+            ImplMulwAcc(u, a[0] ^ a[2], b[0] ^ b[2], zz,  2);
+
+            ImplMulwAcc(u, a[0] ^ a[3], b[0] ^ b[3], zz,  3);
+            ImplMulwAcc(u, a[1] ^ a[2], b[1] ^ b[2], zz,  3);
+
+            ImplMulwAcc(u, a[0] ^ a[4], b[0] ^ b[4], zz,  4);
+            ImplMulwAcc(u, a[1] ^ a[3], b[1] ^ b[3], zz,  4);
+
+            ImplMulwAcc(u, a[0] ^ a[5], b[0] ^ b[5], zz,  5);
+            ImplMulwAcc(u, a[1] ^ a[4], b[1] ^ b[4], zz,  5);
+            ImplMulwAcc(u, a[2] ^ a[3], b[2] ^ b[3], zz,  5);
+
+            ImplMulwAcc(u, a[0] ^ a[6], b[0] ^ b[6], zz,  6);
+            ImplMulwAcc(u, a[1] ^ a[5], b[1] ^ b[5], zz,  6);
+            ImplMulwAcc(u, a[2] ^ a[4], b[2] ^ b[4], zz,  6);
+
+            ImplMulwAcc(u, a[1] ^ a[6], b[1] ^ b[6], zz,  7);
+            ImplMulwAcc(u, a[2] ^ a[5], b[2] ^ b[5], zz,  7);
+            ImplMulwAcc(u, a[3] ^ a[4], b[3] ^ b[4], zz,  7);
+
+            ImplMulwAcc(u, a[2] ^ a[6], b[2] ^ b[6], zz,  8);
+            ImplMulwAcc(u, a[3] ^ a[5], b[3] ^ b[5], zz,  8);
+
+            ImplMulwAcc(u, a[3] ^ a[6], b[3] ^ b[6], zz,  9);
+            ImplMulwAcc(u, a[4] ^ a[5], b[4] ^ b[5], zz,  9);
+
+            ImplMulwAcc(u, a[4] ^ a[6], b[4] ^ b[6], zz, 10);
+
+            ImplMulwAcc(u, a[5] ^ a[6], b[5] ^ b[6], zz, 11);
+
             ImplCompactExt(zz);
         }
 
-        protected static void ImplMulwAcc(ulong[] xs, ulong y, ulong[] z, int zOff)
+        protected static void ImplMulwAcc(ulong[] u, ulong x, ulong y, ulong[] z, int zOff)
         {
+            Debug.Assert(x >> 59 == 0);
             Debug.Assert(y >> 59 == 0);
 
-            ulong[] u = new ulong[8];
             //u[0] = 0;
             u[1] = y;
             u[2] = u[1] << 1;
@@ -316,41 +365,29 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
             u[6] = u[3] << 1;
             u[7] = u[6] ^  y;
 
-            for (int i = 0; i < 7; ++i)
+            uint j = (uint)x;
+            ulong g, h = 0, l = u[j & 7]
+                              ^ (u[(j >> 3) & 7] << 3);
+            int k = 54;
+            do
             {
-                ulong x = xs[i];
-
-                Debug.Assert(x >> 59 == 0);
-
-                uint j = (uint)x;
-                ulong g, h = 0, l = u[j & 7]
-                                  ^ (u[(j >> 3) & 7] << 3);
-                int k = 54;
-                do
-                {
-                    j  = (uint)(x >> k);
-                    g  = u[j & 7]
-                       ^ u[(j >> 3) & 7] << 3;
-                    l ^= (g <<  k);
-                    h ^= (g >> -k);
-                }
-                while ((k -= 6) > 0);
-
-                Debug.Assert(h >> 53 == 0);
-
-                z[zOff + i    ] ^= l & M59;
-                z[zOff + i + 1] ^= (l >> 59) ^ (h << 5);
+                j  = (uint)(x >> k);
+                g  = u[j & 7]
+                   ^ u[(j >> 3) & 7] << 3;
+                l ^= (g << k);
+                h ^= (g >> -k);
             }
+            while ((k -= 6) > 0);
+
+            Debug.Assert(h >> 53 == 0);
+
+            z[zOff    ] ^= l & M59;
+            z[zOff + 1] ^= (l >> 59) ^ (h << 5);
         }
 
         protected static void ImplSquare(ulong[] x, ulong[] zz)
         {
-            Interleave.Expand64To128(x[0], zz, 0);
-            Interleave.Expand64To128(x[1], zz, 2);
-            Interleave.Expand64To128(x[2], zz, 4);
-            Interleave.Expand64To128(x[3], zz, 6);
-            Interleave.Expand64To128(x[4], zz, 8);
-            Interleave.Expand64To128(x[5], zz, 10);
+            Interleave.Expand64To128(x, 0, 6, zz, 0);
             zz[12] = Interleave.Expand32to64((uint)x[6]);
         }
     }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-10 00:16:04 +0000