diff options
Diffstat (limited to 'crypto/src/math/ec/rfc8032/Ed448.cs')
| -rw-r--r-- | crypto/src/math/ec/rfc8032/Ed448.cs | 49 |
1 files changed, 29 insertions, 20 deletions
diff --git a/crypto/src/math/ec/rfc8032/Ed448.cs b/crypto/src/math/ec/rfc8032/Ed448.cs index 08b64ddf2..aff9b5460 100644 --- a/crypto/src/math/ec/rfc8032/Ed448.cs +++ b/crypto/src/math/ec/rfc8032/Ed448.cs @@ -52,7 +52,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 public static readonly int SignatureSize = PointBytes + ScalarBytes; // "SigEd448" - private static readonly byte[] Dom4Prefix = new byte[]{ 0x53, 0x69, 0x67, 0x45, 0x64, 0x34, 0x34, 0x38 }; + private static readonly byte[] Dom4Prefix = { 0x53, 0x69, 0x67, 0x45, 0x64, 0x34, 0x34, 0x38 }; private static readonly uint[] P = { 0xFFFFFFFFU, 0xFFFFFFFFU, 0xFFFFFFFFU, 0xFFFFFFFFU, 0xFFFFFFFFU, 0xFFFFFFFFU, 0xFFFFFFFFU, 0xFFFFFFFEU, 0xFFFFFFFFU, 0xFFFFFFFFU, 0xFFFFFFFFU, 0xFFFFFFFFU, 0xFFFFFFFFU, @@ -73,7 +73,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 0x03AC222BU, 0x0304DB8EU, 0x083EE319U, 0x05E5DB0BU, 0x0ECA503BU, 0x0B1C6539U, 0x078A8DCEU, 0x02D256BCU, 0x04A8B05EU, 0x0BD9FD57U, 0x0A1C3CB8U }; - private const int C_d = -39081; + private const uint C_d = 39081U; //private const int WnafWidth = 6; private const int WnafWidth225 = 5; @@ -118,7 +118,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 byte[] result = new byte[ScalarBytes * 2]; Codec.Encode32(t, 0, t.Length, result, 0); - return Scalar448.Reduce(result); + return Scalar448.Reduce912(result); } private static bool CheckContextVar(byte[] ctx) @@ -136,12 +136,13 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 F.Sqr(p.y, v); F.Mul(u, v, t); F.Add(u, v, u); - F.Mul(t, -C_d, t); + F.Mul(t, C_d, t); F.SubOne(t); F.Add(t, u, t); F.Normalize(t); + F.Normalize(v); - return F.IsZero(t); + return F.IsZero(t) & ~F.IsZero(v); } private static int CheckPoint(PointProjective p) @@ -158,12 +159,14 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 F.Add(u, v, u); F.Mul(u, w, u); F.Sqr(w, w); - F.Mul(t, -C_d, t); + F.Mul(t, C_d, t); F.Sub(t, w, t); F.Add(t, u, t); F.Normalize(t); + F.Normalize(v); + F.Normalize(w); - return F.IsZero(t); + return F.IsZero(t) & ~F.IsZero(v) & ~F.IsZero(w); } #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER @@ -310,7 +313,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 uint[] v = F.Create(); F.Sqr(r.y, u); - F.Mul(u, (uint)-C_d, v); + F.Mul(u, C_d, v); F.Negate(u, u); F.AddOne(u); F.AddOne(v); @@ -545,7 +548,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 d.BlockUpdate(m, mOff, mLen); d.OutputFinal(h, 0, h.Length); - byte[] r = Scalar448.Reduce(h); + byte[] r = Scalar448.Reduce912(h); byte[] R = new byte[PointBytes]; ScalarMultBaseEncoded(r, R, 0); @@ -555,7 +558,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 d.BlockUpdate(m, mOff, mLen); d.OutputFinal(h, 0, h.Length); - byte[] k = Scalar448.Reduce(h); + byte[] k = Scalar448.Reduce912(h); byte[] S = CalculateS(r, k, s); Array.Copy(R, 0, sig, sigOff, PointBytes); @@ -644,7 +647,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 d.OutputFinal(h); Span<byte> k = stackalloc byte[ScalarBytes]; - Scalar448.Reduce(h, k); + Scalar448.Reduce912(h, k); Span<uint> nA = stackalloc uint[ScalarUints]; Scalar448.Decode(k, nA); @@ -683,7 +686,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 d.BlockUpdate(m, mOff, mLen); d.OutputFinal(h, 0, h.Length); - byte[] k = Scalar448.Reduce(h); + byte[] k = Scalar448.Reduce912(h); uint[] nA = new uint[ScalarUints]; Scalar448.Decode(k, nA); @@ -740,7 +743,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 d.OutputFinal(h); Span<byte> k = stackalloc byte[ScalarBytes]; - Scalar448.Reduce(h, k); + Scalar448.Reduce912(h, k); Span<uint> nA = stackalloc uint[ScalarUints]; Scalar448.Decode(k, nA); @@ -778,7 +781,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 d.BlockUpdate(m, mOff, mLen); d.OutputFinal(h, 0, h.Length); - byte[] k = Scalar448.Reduce(h); + byte[] k = Scalar448.Reduce912(h); uint[] nA = new uint[ScalarUints]; Scalar448.Decode(k, nA); @@ -868,7 +871,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 F.Normalize(p.y); F.Normalize(p.z); - return F.IsZeroVar(p.x) && F.AreEqualVar(p.y, p.z); + return F.IsZeroVar(p.x) && !F.IsZeroVar(p.y) && F.AreEqualVar(p.y, p.z); } private static void PointAdd(ref PointAffine p, ref PointProjective r, ref PointTemp t) @@ -885,7 +888,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 F.Mul(p.x, r.x, c); F.Mul(p.y, r.y, d); F.Mul(c, d, e); - F.Mul(e, -C_d, e); + F.Mul(e, C_d, e); //F.Apm(b, e, f, g); F.Add(b, e, f); F.Sub(b, e, g); @@ -920,7 +923,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 F.Mul(p.x, r.x, c); F.Mul(p.y, r.y, d); F.Mul(c, d, e); - F.Mul(e, -C_d, e); + F.Mul(e, C_d, e); //F.Apm(b, e, f, g); F.Add(b, e, f); F.Sub(b, e, g); @@ -965,7 +968,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 F.Mul(p.x, r.x, c); F.Mul(p.y, r.y, d); F.Mul(c, d, e); - F.Mul(e, -C_d, e); + F.Mul(e, C_d, e); //F.Apm(b, e, nf, ng); F.Add(b, e, nf); F.Sub(b, e, ng); @@ -1011,7 +1014,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 F.Mul(p.x, r.x, c); F.Mul(p.y, r.y, d); F.Mul(c, d, e); - F.Mul(e, -C_d, e); + F.Mul(e, C_d, e); //F.Apm(b, e, nf, ng); F.Add(b, e, nf); F.Sub(b, e, ng); @@ -1149,7 +1152,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 PointCopy(ref p, ref q); Init(out PointProjective d); - PointCopy(ref q, ref d); + PointCopy(ref p, ref d); PointDouble(ref d, ref t); uint[] table = F.CreateTable(count * 3); @@ -1581,6 +1584,12 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 int bit = 225; while (--bit >= 0) { + if (((int)ws_b[bit] | (int)ws_b[225 + bit] | (int)ws_p[bit] | (int)ws_q[bit]) != 0) + break; + } + + for (; bit >= 0; --bit) + { int wb = ws_b[bit]; if (wb != 0) { |