From 332484150c8bcc94dad95b5948d20835d948e831 Mon Sep 17 00:00:00 2001
From: Peter Dettman <peter.dettman@bouncycastle.org>
Date: Wed, 10 Feb 2021 16:53:47 +0700
Subject: EdDSA public key validation

- per NIST SP 800-186
---
 crypto/src/math/ec/rfc7748/X25519Field.cs | 34 +++++++++++++++++++++++++++++++
 crypto/src/math/ec/rfc7748/X448Field.cs   | 34 +++++++++++++++++++++++++++++++
 2 files changed, 68 insertions(+)

(limited to 'crypto/src/math/ec/rfc7748')

diff --git a/crypto/src/math/ec/rfc7748/X25519Field.cs b/crypto/src/math/ec/rfc7748/X25519Field.cs
index ffede563b..d0b835226 100644
--- a/crypto/src/math/ec/rfc7748/X25519Field.cs
+++ b/crypto/src/math/ec/rfc7748/X25519Field.cs
@@ -48,6 +48,23 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748
             }
         }
 
+        public static int AreEqual(int[] x, int[] y)
+        {
+            int d = 0;
+            for (int i = 0; i < Size; ++i)
+            {
+                d |= x[i] ^ y[i];
+            }
+            d |= d >> 16;
+            d &= 0xFFFF;
+            return (d - 1) >> 31;
+        }
+
+        public static bool AreEqualVar(int[] x, int[] y)
+        {
+            return 0 != AreEqual(x, y);
+        }
+
         public static void Carry(int[] z)
         {
             int z0 = z[0], z1 = z[1], z2 = z[2], z3 = z[3], z4 = z[4];
@@ -258,6 +275,23 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748
             Decode(u, 0, z);
         }
 
+        public static int IsOne(int[] x)
+        {
+            int d = x[0] ^ 1;
+            for (int i = 1; i < Size; ++i)
+            {
+                d |= x[i];
+            }
+            d |= d >> 16;
+            d &= 0xFFFF;
+            return (d - 1) >> 31;
+        }
+
+        public static bool IsOneVar(int[] x)
+        {
+            return 0 != IsOne(x);
+        }
+
         public static int IsZero(int[] x)
         {
             int d = 0;
diff --git a/crypto/src/math/ec/rfc7748/X448Field.cs b/crypto/src/math/ec/rfc7748/X448Field.cs
index ef4fd4627..6d8c60e78 100644
--- a/crypto/src/math/ec/rfc7748/X448Field.cs
+++ b/crypto/src/math/ec/rfc7748/X448Field.cs
@@ -46,6 +46,23 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748
         //    }
         //}
 
+        public static int AreEqual(uint[] x, uint[] y)
+        {
+            uint d = 0;
+            for (int i = 0; i < Size; ++i)
+            {
+                d |= x[i] ^ y[i];
+            }
+            d |= d >> 16;
+            d &= 0xFFFF;
+            return ((int)d - 1) >> 31;
+        }
+
+        public static bool AreEqualVar(uint[] x, uint[] y)
+        {
+            return 0 != AreEqual(x, y);
+        }
+
         public static void Carry(uint[] z)
         {
             uint z0 = z[0], z1 = z[1], z2 = z[2], z3 = z[3], z4 = z[4], z5 = z[5], z6 = z[6], z7 = z[7];
@@ -285,6 +302,23 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748
             Decode(u, 0, z);
         }
 
+        public static int IsOne(uint[] x)
+        {
+            uint d = x[0] ^ 1;
+            for (int i = 1; i < Size; ++i)
+            {
+                d |= x[i];
+            }
+            d |= d >> 16;
+            d &= 0xFFFF;
+            return ((int)d - 1) >> 31;
+        }
+
+        public static bool IsOneVar(uint[] x)
+        {
+            return 0 != IsOne(x);
+        }
+
         public static int IsZero(uint[] x)
         {
             uint d = 0;
-- 
cgit 1.4.1