diff options
| author | David Hook <dgh@cryptoworkshop.com> | 2014-03-11 00:25:44 +0400 |
|---|---|---|
| committer | David Hook <dgh@cryptoworkshop.com> | 2014-03-11 00:25:44 +0400 |
| commit | 2a53be10f552694fdd48d70152012c7ea899141c (patch) | |
| tree | cd95f32e5f6e8747446da729d84fb353228c71f3 /core/src/main/java/org | |
| parent | af1a83718375ec22f676a690118d789d3645b7c7 (diff) | |
| parent | 77d8f8487e76e81a612cd40e838cba63f271fcbf (diff) | |
Merge remote-tracking branch 'origin/master'
Diffstat (limited to 'core/src/main/java/org')
16 files changed, 264 insertions, 128 deletions
diff --git a/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192K1Field.java b/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192K1Field.java index 38ec656d..20827e55 100644 --- a/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192K1Field.java +++ b/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192K1Field.java @@ -76,6 +76,18 @@ public class SecP192K1Field reduce(tt, z); } + public static void multiplyAddToExt(int[] x, int[] y, int[] zz) + { + int c = Nat192.mulAddTo(x, y, zz); + if (c != 0 || (zz[11] == PExt11 && Nat.gte(12, zz, PExt))) + { + if (Nat.addTo(PExtInv.length, PExtInv, zz) != 0) + { + Nat.incAt(12, zz, PExtInv.length); + } + } + } + public static void negate(int[] x, int[] z) { if (Nat192.isZero(x)) diff --git a/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192K1Point.java b/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192K1Point.java index 44f8c7fe..d3802086 100644 --- a/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192K1Point.java +++ b/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192K1Point.java @@ -93,8 +93,9 @@ public class SecP192K1Point extends ECPoint SecP192K1FieldElement Z1 = (SecP192K1FieldElement)this.zs[0]; SecP192K1FieldElement Z2 = (SecP192K1FieldElement)b.getZCoord(0); + int c; int[] tt1 = Nat192.createExt(); - int[] tt2 = Nat192.createExt(); + int[] t2 = Nat192.create(); int[] t3 = Nat192.create(); int[] t4 = Nat192.create(); @@ -110,7 +111,7 @@ public class SecP192K1Point extends ECPoint S2 = t3; SecP192K1Field.square(Z1.x, S2); - U2 = tt2; + U2 = t2; SecP192K1Field.multiply(S2, X2.x, U2); SecP192K1Field.multiply(S2, Z1.x, S2); @@ -139,7 +140,7 @@ public class SecP192K1Point extends ECPoint int[] H = Nat192.create(); SecP192K1Field.subtract(U1, U2, H); - int[] R = tt2; + int[] R = t2; SecP192K1Field.subtract(S1, S2, R); // Check if b == this or b == -this @@ -164,19 +165,20 @@ public class SecP192K1Point extends ECPoint int[] V = t3; SecP192K1Field.multiply(HSquared, U1, V); + SecP192K1Field.negate(G, G); Nat192.mul(S1, G, tt1); + c = Nat192.addBothTo(V, V, G); + SecP192K1Field.reduce32(c, G); + SecP192K1FieldElement X3 = new SecP192K1FieldElement(t4); SecP192K1Field.square(R, X3.x); - SecP192K1Field.add(X3.x, G, X3.x); - SecP192K1Field.subtract(X3.x, V, X3.x); - SecP192K1Field.subtract(X3.x, V, X3.x); + SecP192K1Field.subtract(X3.x, G, X3.x); SecP192K1FieldElement Y3 = new SecP192K1FieldElement(G); SecP192K1Field.subtract(V, X3.x, Y3.x); - Nat192.mul(Y3.x, R, tt2); - SecP192K1Field.subtractExt(tt2, tt1, tt2); - SecP192K1Field.reduce(tt2, Y3.x); + SecP192K1Field.multiplyAddToExt(Y3.x, R, tt1); + SecP192K1Field.reduce(tt1, Y3.x); SecP192K1FieldElement Z3 = new SecP192K1FieldElement(H); if (!Z1IsOne) @@ -211,24 +213,25 @@ public class SecP192K1Point extends ECPoint SecP192K1FieldElement X1 = (SecP192K1FieldElement)this.x, Z1 = (SecP192K1FieldElement)this.zs[0]; + int c; + int[] Y1Squared = Nat192.create(); SecP192K1Field.square(Y1.x, Y1Squared); int[] T = Nat192.create(); SecP192K1Field.square(Y1Squared, T); - int[] t1 = Nat192.create(); - SecP192K1Field.square(X1.x, t1); - int[] M = Nat192.create(); - SecP192K1Field.twice(t1, M); - SecP192K1Field.add(M, t1, M); + SecP192K1Field.square(X1.x, M); + c = Nat192.addBothTo(M, M, M); + SecP192K1Field.reduce32(c, M); int[] S = Y1Squared; SecP192K1Field.multiply(Y1Squared, X1.x, S); - int c = Nat.shiftUpBits(6, S, 2, 0); + c = Nat.shiftUpBits(6, S, 2, 0); SecP192K1Field.reduce32(c, S); + int[] t1 = Nat192.create(); c = Nat.shiftUpBits(6, T, 3, 0, t1); SecP192K1Field.reduce32(c, t1); diff --git a/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192R1Field.java b/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192R1Field.java index ed5cce2e..2f77815b 100644 --- a/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192R1Field.java +++ b/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192R1Field.java @@ -77,6 +77,18 @@ public class SecP192R1Field reduce(tt, z); } + public static void multiplyAddToExt(int[] x, int[] y, int[] zz) + { + int c = Nat192.mulAddTo(x, y, zz); + if (c != 0 || (zz[11] == PExt11 && Nat.gte(12, zz, PExt))) + { + if (Nat.addTo(PExtInv.length, PExtInv, zz) != 0) + { + Nat.incAt(12, zz, PExtInv.length); + } + } + } + public static void negate(int[] x, int[] z) { if (Nat192.isZero(x)) @@ -99,7 +111,7 @@ public class SecP192R1Field long cc = 0; cc += (xx[0] & M) + t0; - z[0] = (int)cc; + int z0 = (int)cc; cc >>= 32; cc += (xx[1] & M) + t1; z[1] = (int)cc; @@ -109,7 +121,7 @@ public class SecP192R1Field t1 += xx09; cc += (xx[2] & M) + t0; - z[2] = (int)cc; + long z2 = cc & M; cc >>= 32; cc += (xx[3] & M) + t1; z[3] = (int)cc; @@ -125,7 +137,27 @@ public class SecP192R1Field z[5] = (int)cc; cc >>= 32; - reduce32((int)cc, z); + z2 += cc; + + cc += (z0 & M); + z[0] = (int)cc; + cc >>= 32; + if (cc != 0) + { + cc += (z[1] & M); + z[1] = (int)cc; + z2 += cc >> 32; + } + z[2] = (int)z2; + cc = z2 >> 32; + +// assert cc == 0 || cc == 1; + + if ((cc != 0 && Nat.incAt(6, z, 3) != 0) + || (z[5] == P5 && Nat192.gte(z, P))) + { + addPInvTo(z); + } } public static void reduce32(int x, int[] z) diff --git a/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192R1Point.java b/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192R1Point.java index 49116119..9a629ae4 100644 --- a/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192R1Point.java +++ b/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192R1Point.java @@ -92,8 +92,9 @@ public class SecP192R1Point extends ECPoint SecP192R1FieldElement Z1 = (SecP192R1FieldElement)this.zs[0]; SecP192R1FieldElement Z2 = (SecP192R1FieldElement)b.getZCoord(0); + int c; int[] tt1 = Nat192.createExt(); - int[] tt2 = Nat192.createExt(); + int[] t2 = Nat192.create(); int[] t3 = Nat192.create(); int[] t4 = Nat192.create(); @@ -109,7 +110,7 @@ public class SecP192R1Point extends ECPoint S2 = t3; SecP192R1Field.square(Z1.x, S2); - U2 = tt2; + U2 = t2; SecP192R1Field.multiply(S2, X2.x, U2); SecP192R1Field.multiply(S2, Z1.x, S2); @@ -138,7 +139,7 @@ public class SecP192R1Point extends ECPoint int[] H = Nat192.create(); SecP192R1Field.subtract(U1, U2, H); - int[] R = tt2; + int[] R = t2; SecP192R1Field.subtract(S1, S2, R); // Check if b == this or b == -this @@ -163,19 +164,20 @@ public class SecP192R1Point extends ECPoint int[] V = t3; SecP192R1Field.multiply(HSquared, U1, V); + SecP192R1Field.negate(G, G); Nat192.mul(S1, G, tt1); + c = Nat192.addBothTo(V, V, G); + SecP192R1Field.reduce32(c, G); + SecP192R1FieldElement X3 = new SecP192R1FieldElement(t4); SecP192R1Field.square(R, X3.x); - SecP192R1Field.add(X3.x, G, X3.x); - SecP192R1Field.subtract(X3.x, V, X3.x); - SecP192R1Field.subtract(X3.x, V, X3.x); + SecP192R1Field.subtract(X3.x, G, X3.x); SecP192R1FieldElement Y3 = new SecP192R1FieldElement(G); SecP192R1Field.subtract(V, X3.x, Y3.x); - Nat192.mul(Y3.x, R, tt2); - SecP192R1Field.subtractExt(tt2, tt1, tt2); - SecP192R1Field.reduce(tt2, Y3.x); + SecP192R1Field.multiplyAddToExt(Y3.x, R, tt1); + SecP192R1Field.reduce(tt1, Y3.x); SecP192R1FieldElement Z3 = new SecP192R1FieldElement(H); if (!Z1IsOne) @@ -210,6 +212,7 @@ public class SecP192R1Point extends ECPoint SecP192R1FieldElement X1 = (SecP192R1FieldElement)this.x, Z1 = (SecP192R1FieldElement)this.zs[0]; + int c; int[] t1 = Nat192.create(); int[] t2 = Nat192.create(); @@ -233,12 +236,12 @@ public class SecP192R1Point extends ECPoint int[] M = t2; SecP192R1Field.add(X1.x, Z1Squared, M); SecP192R1Field.multiply(M, t1, M); - SecP192R1Field.twice(M, t1); - SecP192R1Field.add(M, t1, M); + c = Nat192.addBothTo(M, M, M); + SecP192R1Field.reduce32(c, M); int[] S = Y1Squared; SecP192R1Field.multiply(Y1Squared, X1.x, S); - int c = Nat.shiftUpBits(6, S, 2, 0); + c = Nat.shiftUpBits(6, S, 2, 0); SecP192R1Field.reduce32(c, S); c = Nat.shiftUpBits(6, T, 3, 0, t1); diff --git a/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224K1Field.java b/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224K1Field.java index ef752419..0a9eebc8 100644 --- a/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224K1Field.java +++ b/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224K1Field.java @@ -77,6 +77,18 @@ public class SecP224K1Field reduce(tt, z); } + public static void multiplyAddToExt(int[] x, int[] y, int[] zz) + { + int c = Nat224.mulAddTo(x, y, zz); + if (c != 0 || (zz[13] == PExt13 && Nat.gte(14, zz, PExt))) + { + if (Nat.addTo(PExtInv.length, PExtInv, zz) != 0) + { + Nat.incAt(14, zz, PExtInv.length); + } + } + } + public static void negate(int[] x, int[] z) { if (Nat224.isZero(x)) diff --git a/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224K1Point.java b/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224K1Point.java index d5eb8294..6b72dbe7 100644 --- a/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224K1Point.java +++ b/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224K1Point.java @@ -93,8 +93,9 @@ public class SecP224K1Point extends ECPoint SecP224K1FieldElement Z1 = (SecP224K1FieldElement)this.zs[0]; SecP224K1FieldElement Z2 = (SecP224K1FieldElement)b.getZCoord(0); + int c; int[] tt1 = Nat224.createExt(); - int[] tt2 = Nat224.createExt(); + int[] t2 = Nat224.create(); int[] t3 = Nat224.create(); int[] t4 = Nat224.create(); @@ -110,7 +111,7 @@ public class SecP224K1Point extends ECPoint S2 = t3; SecP224K1Field.square(Z1.x, S2); - U2 = tt2; + U2 = t2; SecP224K1Field.multiply(S2, X2.x, U2); SecP224K1Field.multiply(S2, Z1.x, S2); @@ -139,7 +140,7 @@ public class SecP224K1Point extends ECPoint int[] H = Nat224.create(); SecP224K1Field.subtract(U1, U2, H); - int[] R = tt2; + int[] R = t2; SecP224K1Field.subtract(S1, S2, R); // Check if b == this or b == -this @@ -164,19 +165,20 @@ public class SecP224K1Point extends ECPoint int[] V = t3; SecP224K1Field.multiply(HSquared, U1, V); + SecP224K1Field.negate(G, G); Nat224.mul(S1, G, tt1); + c = Nat224.addBothTo(V, V, G); + SecP224K1Field.reduce32(c, G); + SecP224K1FieldElement X3 = new SecP224K1FieldElement(t4); SecP224K1Field.square(R, X3.x); - SecP224K1Field.add(X3.x, G, X3.x); - SecP224K1Field.subtract(X3.x, V, X3.x); - SecP224K1Field.subtract(X3.x, V, X3.x); + SecP224K1Field.subtract(X3.x, G, X3.x); SecP224K1FieldElement Y3 = new SecP224K1FieldElement(G); SecP224K1Field.subtract(V, X3.x, Y3.x); - Nat224.mul(Y3.x, R, tt2); - SecP224K1Field.subtractExt(tt2, tt1, tt2); - SecP224K1Field.reduce(tt2, Y3.x); + SecP224K1Field.multiplyAddToExt(Y3.x, R, tt1); + SecP224K1Field.reduce(tt1, Y3.x); SecP224K1FieldElement Z3 = new SecP224K1FieldElement(H); if (!Z1IsOne) @@ -211,24 +213,25 @@ public class SecP224K1Point extends ECPoint SecP224K1FieldElement X1 = (SecP224K1FieldElement)this.x, Z1 = (SecP224K1FieldElement)this.zs[0]; + int c; + int[] Y1Squared = Nat224.create(); SecP224K1Field.square(Y1.x, Y1Squared); int[] T = Nat224.create(); SecP224K1Field.square(Y1Squared, T); - int[] t1 = Nat224.create(); - SecP224K1Field.square(X1.x, t1); - int[] M = Nat224.create(); - SecP224K1Field.twice(t1, M); - SecP224K1Field.add(M, t1, M); + SecP224K1Field.square(X1.x, M); + c = Nat224.addBothTo(M, M, M); + SecP224K1Field.reduce32(c, M); int[] S = Y1Squared; SecP224K1Field.multiply(Y1Squared, X1.x, S); - int c = Nat.shiftUpBits(7, S, 2, 0); + c = Nat.shiftUpBits(7, S, 2, 0); SecP224K1Field.reduce32(c, S); + int[] t1 = Nat224.create(); c = Nat.shiftUpBits(7, T, 3, 0, t1); SecP224K1Field.reduce32(c, t1); diff --git a/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224R1Field.java b/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224R1Field.java index 1cc25553..d39fb4dd 100644 --- a/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224R1Field.java +++ b/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224R1Field.java @@ -77,6 +77,18 @@ public class SecP224R1Field reduce(tt, z); } + public static void multiplyAddToExt(int[] x, int[] y, int[] zz) + { + int c = Nat224.mulAddTo(x, y, zz); + if (c != 0 || (zz[13] == PExt13 && Nat.gte(14, zz, PExt))) + { + if (Nat.addTo(PExtInv.length, PExtInv, zz) != 0) + { + Nat.incAt(14, zz, PExtInv.length); + } + } + } + public static void negate(int[] x, int[] z) { if (Nat224.isZero(x)) @@ -91,20 +103,17 @@ public class SecP224R1Field public static void reduce(int[] xx, int[] z) { - long xx07 = xx[7] & M, xx08 = xx[8] & M, xx09 = xx[9] & M, xx10 = xx[10] & M; - long xx11 = xx[11] & M, xx12 = xx[12] & M, xx13 = xx[13] & M; - - long t0 = xx07 + xx11; - long t1 = xx08 + xx12; - long t2 = xx09 + xx13; + long xx10 = xx[10] & M, xx11 = xx[11] & M, xx12 = xx[12] & M, xx13 = xx[13] & M; final long n = 1; - t0 -= n; + long t0 = (xx[7] & M) + xx11 - n; + long t1 = (xx[8] & M) + xx12; + long t2 = (xx[9] & M) + xx13; long cc = 0; cc += (xx[0] & M) - t0; - z[0] = (int)cc; + long z0 = cc & M; cc >>= 32; cc += (xx[1] & M) - t1; z[1] = (int)cc; @@ -113,7 +122,7 @@ public class SecP224R1Field z[2] = (int)cc; cc >>= 32; cc += (xx[3] & M) + t0 - xx10; - z[3] = (int)cc; + long z3 = cc & M; cc >>= 32; cc += (xx[4] & M) + t1 - xx11; z[4] = (int)cc; @@ -128,7 +137,30 @@ public class SecP224R1Field // assert cc >= 0; - reduce32((int)cc, z); + z3 += cc; + + z0 -= cc; + z[0] = (int)z0; + cc = z0 >> 32; + if (cc != 0) + { + cc += (z[1] & M); + z[1] = (int)cc; + cc >>= 32; + cc += (z[2] & M); + z[2] = (int)cc; + z3 += cc >> 32; + } + z[3] = (int)z3; + cc = z3 >> 32; + +// assert cc == 0 || cc == 1; + + if ((cc != 0 && Nat.incAt(7, z, 4) != 0) + || (z[6] == P6 && Nat224.gte(z, P))) + { + addPInvTo(z); + } } public static void reduce32(int x, int[] z) diff --git a/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224R1Point.java b/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224R1Point.java index 177b2fec..8b4de02f 100644 --- a/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224R1Point.java +++ b/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224R1Point.java @@ -91,8 +91,9 @@ public class SecP224R1Point extends ECPoint SecP224R1FieldElement Z1 = (SecP224R1FieldElement)this.zs[0]; SecP224R1FieldElement Z2 = (SecP224R1FieldElement)b.getZCoord(0); + int c; int[] tt1 = Nat224.createExt(); - int[] tt2 = Nat224.createExt(); + int[] t2 = Nat224.create(); int[] t3 = Nat224.create(); int[] t4 = Nat224.create(); @@ -108,7 +109,7 @@ public class SecP224R1Point extends ECPoint S2 = t3; SecP224R1Field.square(Z1.x, S2); - U2 = tt2; + U2 = t2; SecP224R1Field.multiply(S2, X2.x, U2); SecP224R1Field.multiply(S2, Z1.x, S2); @@ -137,7 +138,7 @@ public class SecP224R1Point extends ECPoint int[] H = Nat224.create(); SecP224R1Field.subtract(U1, U2, H); - int[] R = tt2; + int[] R = t2; SecP224R1Field.subtract(S1, S2, R); // Check if b == this or b == -this @@ -162,19 +163,20 @@ public class SecP224R1Point extends ECPoint int[] V = t3; SecP224R1Field.multiply(HSquared, U1, V); + SecP224R1Field.negate(G, G); Nat224.mul(S1, G, tt1); + c = Nat224.addBothTo(V, V, G); + SecP224R1Field.reduce32(c, G); + SecP224R1FieldElement X3 = new SecP224R1FieldElement(t4); SecP224R1Field.square(R, X3.x); - SecP224R1Field.add(X3.x, G, X3.x); - SecP224R1Field.subtract(X3.x, V, X3.x); - SecP224R1Field.subtract(X3.x, V, X3.x); + SecP224R1Field.subtract(X3.x, G, X3.x); SecP224R1FieldElement Y3 = new SecP224R1FieldElement(G); SecP224R1Field.subtract(V, X3.x, Y3.x); - Nat224.mul(Y3.x, R, tt2); - SecP224R1Field.subtractExt(tt2, tt1, tt2); - SecP224R1Field.reduce(tt2, Y3.x); + SecP224R1Field.multiplyAddToExt(Y3.x, R, tt1); + SecP224R1Field.reduce(tt1, Y3.x); SecP224R1FieldElement Z3 = new SecP224R1FieldElement(H); if (!Z1IsOne) @@ -208,6 +210,7 @@ public class SecP224R1Point extends ECPoint SecP224R1FieldElement X1 = (SecP224R1FieldElement)this.x, Z1 = (SecP224R1FieldElement)this.zs[0]; + int c; int[] t1 = Nat224.create(); int[] t2 = Nat224.create(); @@ -231,12 +234,12 @@ public class SecP224R1Point extends ECPoint int[] M = t2; SecP224R1Field.add(X1.x, Z1Squared, M); SecP224R1Field.multiply(M, t1, M); - SecP224R1Field.twice(M, t1); - SecP224R1Field.add(M, t1, M); + c = Nat224.addBothTo(M, M, M); + SecP224R1Field.reduce32(c, M); int[] S = Y1Squared; SecP224R1Field.multiply(Y1Squared, X1.x, S); - int c = Nat.shiftUpBits(7, S, 2, 0); + c = Nat.shiftUpBits(7, S, 2, 0); SecP224R1Field.reduce32(c, S); c = Nat.shiftUpBits(7, T, 3, 0, t1); diff --git a/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256K1Field.java b/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256K1Field.java index c09e5bc7..221f505c 100644 --- a/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256K1Field.java +++ b/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256K1Field.java @@ -78,6 +78,18 @@ public class SecP256K1Field reduce(tt, z); } + public static void multiplyAddToExt(int[] x, int[] y, int[] zz) + { + int c = Nat256.mulAddTo(x, y, zz); + if (c != 0 || (zz[15] == PExt15 && Nat.gte(16, zz, PExt))) + { + if (Nat.addTo(PExtInv.length, PExtInv, zz) != 0) + { + Nat.incAt(16, zz, PExtInv.length); + } + } + } + public static void negate(int[] x, int[] z) { if (Nat256.isZero(x)) diff --git a/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256K1Point.java b/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256K1Point.java index d6a42694..9557cb26 100644 --- a/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256K1Point.java +++ b/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256K1Point.java @@ -93,8 +93,9 @@ public class SecP256K1Point extends ECPoint SecP256K1FieldElement Z1 = (SecP256K1FieldElement)this.zs[0]; SecP256K1FieldElement Z2 = (SecP256K1FieldElement)b.getZCoord(0); + int c; int[] tt1 = Nat256.createExt(); - int[] tt2 = Nat256.createExt(); + int[] t2 = Nat256.create(); int[] t3 = Nat256.create(); int[] t4 = Nat256.create(); @@ -110,7 +111,7 @@ public class SecP256K1Point extends ECPoint S2 = t3; SecP256K1Field.square(Z1.x, S2); - U2 = tt2; + U2 = t2; SecP256K1Field.multiply(S2, X2.x, U2); SecP256K1Field.multiply(S2, Z1.x, S2); @@ -139,7 +140,7 @@ public class SecP256K1Point extends ECPoint int[] H = Nat256.create(); SecP256K1Field.subtract(U1, U2, H); - int[] R = tt2; + int[] R = t2; SecP256K1Field.subtract(S1, S2, R); // Check if b == this or b == -this @@ -164,19 +165,20 @@ public class SecP256K1Point extends ECPoint int[] V = t3; SecP256K1Field.multiply(HSquared, U1, V); + SecP256K1Field.negate(G, G); Nat256.mul(S1, G, tt1); + c = Nat256.addBothTo(V, V, G); + SecP256K1Field.reduce32(c, G); + SecP256K1FieldElement X3 = new SecP256K1FieldElement(t4); SecP256K1Field.square(R, X3.x); - SecP256K1Field.add(X3.x, G, X3.x); - SecP256K1Field.subtract(X3.x, V, X3.x); - SecP256K1Field.subtract(X3.x, V, X3.x); + SecP256K1Field.subtract(X3.x, G, X3.x); SecP256K1FieldElement Y3 = new SecP256K1FieldElement(G); SecP256K1Field.subtract(V, X3.x, Y3.x); - Nat256.mul(Y3.x, R, tt2); - SecP256K1Field.subtractExt(tt2, tt1, tt2); - SecP256K1Field.reduce(tt2, Y3.x); + SecP256K1Field.multiplyAddToExt(Y3.x, R, tt1); + SecP256K1Field.reduce(tt1, Y3.x); SecP256K1FieldElement Z3 = new SecP256K1FieldElement(H); if (!Z1IsOne) @@ -211,24 +213,25 @@ public class SecP256K1Point extends ECPoint SecP256K1FieldElement X1 = (SecP256K1FieldElement)this.x, Z1 = (SecP256K1FieldElement)this.zs[0]; + int c; + int[] Y1Squared = Nat256.create(); SecP256K1Field.square(Y1.x, Y1Squared); int[] T = Nat256.create(); SecP256K1Field.square(Y1Squared, T); - int[] t1 = Nat256.create(); - SecP256K1Field.square(X1.x, t1); - int[] M = Nat256.create(); - SecP256K1Field.twice(t1, M); - SecP256K1Field.add(M, t1, M); + SecP256K1Field.square(X1.x, M); + c = Nat256.addBothTo(M, M, M); + SecP256K1Field.reduce32(c, M); int[] S = Y1Squared; SecP256K1Field.multiply(Y1Squared, X1.x, S); - int c = Nat.shiftUpBits(8, S, 2, 0); + c = Nat.shiftUpBits(8, S, 2, 0); SecP256K1Field.reduce32(c, S); + int[] t1 = Nat256.create(); c = Nat.shiftUpBits(8, T, 3, 0, t1); SecP256K1Field.reduce32(c, t1); diff --git a/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256R1Field.java b/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256R1Field.java index 57f26a1b..479f62e7 100644 --- a/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256R1Field.java +++ b/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256R1Field.java @@ -74,6 +74,15 @@ public class SecP256R1Field reduce(tt, z); } + public static void multiplyAddToExt(int[] x, int[] y, int[] zz) + { + int c = Nat256.mulAddTo(x, y, zz); + if (c != 0 || ((zz[15] & PExt15) == PExt15 && Nat.gte(16, zz, PExt))) + { + Nat.subFrom(16, PExt, zz); + } + } + public static void negate(int[] x, int[] z) { if (Nat256.isZero(x)) @@ -91,18 +100,18 @@ public class SecP256R1Field long xx08 = xx[8] & M, xx09 = xx[9] & M, xx10 = xx[10] & M, xx11 = xx[11] & M; long xx12 = xx[12] & M, xx13 = xx[13] & M, xx14 = xx[14] & M, xx15 = xx[15] & M; + final long n = 6; + + xx08 -= n; + long t0 = xx08 + xx09; long t1 = xx09 + xx10; - long t2 = xx10 + xx11; + long t2 = xx10 + xx11 - xx15; long t3 = xx11 + xx12; long t4 = xx12 + xx13; long t5 = xx13 + xx14; long t6 = xx14 + xx15; - final long n = 6; - - t0 -= n; - long cc = 0; cc += (xx[0] & M) + t0 - t3 - t5; z[0] = (int)cc; @@ -110,7 +119,7 @@ public class SecP256R1Field cc += (xx[1] & M) + t1 - t4 - t6; z[1] = (int)cc; cc >>= 32; - cc += (xx[2] & M) + t2 - t5 - xx15; + cc += (xx[2] & M) + t2 - t5; z[2] = (int)cc; cc >>= 32; cc += (xx[3] & M) + (t3 << 1) + xx13 - xx15 - t0; @@ -119,13 +128,13 @@ public class SecP256R1Field cc += (xx[4] & M) + (t4 << 1) + xx14 - t1; z[4] = (int)cc; cc >>= 32; - cc += (xx[5] & M) + (t5 << 1) + xx15 - t2; + cc += (xx[5] & M) + (t5 << 1) - t2; z[5] = (int)cc; cc >>= 32; cc += (xx[6] & M) + (t6 << 1) + t5 - t0; z[6] = (int)cc; cc >>= 32; - cc += (xx[7] & M) + (xx15 << 1) + xx15 + xx08 - t2 - t4 - n; + cc += (xx[7] & M) + (xx15 << 1) + xx08 - t2 - t4; z[7] = (int)cc; cc >>= 32; cc += n; diff --git a/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256R1Point.java b/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256R1Point.java index acabefe3..46683151 100644 --- a/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256R1Point.java +++ b/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256R1Point.java @@ -91,8 +91,9 @@ public class SecP256R1Point extends ECPoint SecP256R1FieldElement Z1 = (SecP256R1FieldElement)this.zs[0]; SecP256R1FieldElement Z2 = (SecP256R1FieldElement)b.getZCoord(0); + int c; int[] tt1 = Nat256.createExt(); - int[] tt2 = Nat256.createExt(); + int[] t2 = Nat256.create(); int[] t3 = Nat256.create(); int[] t4 = Nat256.create(); @@ -108,7 +109,7 @@ public class SecP256R1Point extends ECPoint S2 = t3; SecP256R1Field.square(Z1.x, S2); - U2 = tt2; + U2 = t2; SecP256R1Field.multiply(S2, X2.x, U2); SecP256R1Field.multiply(S2, Z1.x, S2); @@ -137,7 +138,7 @@ public class SecP256R1Point extends ECPoint int[] H = Nat256.create(); SecP256R1Field.subtract(U1, U2, H); - int[] R = tt2; + int[] R = t2; SecP256R1Field.subtract(S1, S2, R); // Check if b == this or b == -this @@ -162,19 +163,20 @@ public class SecP256R1Point extends ECPoint int[] V = t3; SecP256R1Field.multiply(HSquared, U1, V); + SecP256R1Field.negate(G, G); Nat256.mul(S1, G, tt1); + c = Nat256.addBothTo(V, V, G); + SecP256R1Field.reduce32(c, G); + SecP256R1FieldElement X3 = new SecP256R1FieldElement(t4); SecP256R1Field.square(R, X3.x); - SecP256R1Field.add(X3.x, G, X3.x); - SecP256R1Field.subtract(X3.x, V, X3.x); - SecP256R1Field.subtract(X3.x, V, X3.x); + SecP256R1Field.subtract(X3.x, G, X3.x); SecP256R1FieldElement Y3 = new SecP256R1FieldElement(G); SecP256R1Field.subtract(V, X3.x, Y3.x); - Nat256.mul(Y3.x, R, tt2); - SecP256R1Field.subtractExt(tt2, tt1, tt2); - SecP256R1Field.reduce(tt2, Y3.x); + SecP256R1Field.multiplyAddToExt(Y3.x, R, tt1); + SecP256R1Field.reduce(tt1, Y3.x); SecP256R1FieldElement Z3 = new SecP256R1FieldElement(H); if (!Z1IsOne) @@ -208,6 +210,7 @@ public class SecP256R1Point extends ECPoint SecP256R1FieldElement X1 = (SecP256R1FieldElement)this.x, Z1 = (SecP256R1FieldElement)this.zs[0]; + int c; int[] t1 = Nat256.create(); int[] t2 = Nat256.create(); @@ -231,12 +234,12 @@ public class SecP256R1Point extends ECPoint int[] M = t2; SecP256R1Field.add(X1.x, Z1Squared, M); SecP256R1Field.multiply(M, t1, M); - SecP256R1Field.twice(M, t1); - SecP256R1Field.add(M, t1, M); + c = Nat256.addBothTo(M, M, M); + SecP256R1Field.reduce32(c, M); int[] S = Y1Squared; SecP256R1Field.multiply(Y1Squared, X1.x, S); - int c = Nat.shiftUpBits(8, S, 2, 0); + c = Nat.shiftUpBits(8, S, 2, 0); SecP256R1Field.reduce32(c, S); c = Nat.shiftUpBits(8, T, 3, 0, t1); diff --git a/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP384R1Field.java b/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP384R1Field.java index 27b25a7e..82c9aa0a 100644 --- a/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP384R1Field.java +++ b/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP384R1Field.java @@ -94,49 +94,54 @@ public class SecP384R1Field public static void reduce(int[] xx, int[] z) { - long xx12 = xx[12] & M, xx13 = xx[13] & M, xx14 = xx[14] & M, xx15 = xx[15] & M; long xx16 = xx[16] & M, xx17 = xx[17] & M, xx18 = xx[18] & M, xx19 = xx[19] & M; long xx20 = xx[20] & M, xx21 = xx[21] & M, xx22 = xx[22] & M, xx23 = xx[23] & M; final long n = 1; - xx12 -= n; + long t0 = (xx[12] & M) + xx20 - n; + long t1 = (xx[13] & M) + xx22; + long t2 = (xx[14] & M) + xx22 + xx23; + long t3 = (xx[15] & M) + xx23; + long t4 = xx17 + xx21; + long t5 = xx21 - xx23; + long t6 = xx22 - xx23; long cc = 0; - cc += (xx[0] & M) + xx12 + xx20 + xx21 - xx23; + cc += (xx[0] & M) + t0 + t5; z[0] = (int)cc; cc >>= 32; - cc += (xx[1] & M) + xx13 + xx22 + xx23 - xx12 - xx20; + cc += (xx[1] & M) + xx23 - t0 + t1; z[1] = (int)cc; cc >>= 32; - cc += (xx[2] & M) + xx14 + xx23 - xx13 - xx21; + cc += (xx[2] & M) - xx21 - t1 + t2; z[2] = (int)cc; cc >>= 32; - cc += (xx[3] & M) + xx12 + xx15 + xx20 + xx21 - xx14 - xx22 - xx23; + cc += (xx[3] & M) + t0 - t2 + t3 + t5; z[3] = (int)cc; cc >>= 32; - cc += (xx[4] & M) + xx12 + xx13 + xx16 + xx20 + ((xx21 - xx23) << 1) + xx22 - xx15; + cc += (xx[4] & M) + xx16 + xx21 + t0 + t1 - t3 + t5; z[4] = (int)cc; cc >>= 32; - cc += (xx[5] & M) + xx13 + xx14 + xx17 + xx21 + (xx22 << 1) + xx23 - xx16; + cc += (xx[5] & M) - xx16 + t1 + t2 + t4; z[5] = (int)cc; cc >>= 32; - cc += (xx[6] & M) + xx14 + xx15 + xx18 + xx22 + (xx23 << 1) - xx17; + cc += (xx[6] & M) + xx18 - xx17 + t2 + t3; z[6] = (int)cc; cc >>= 32; - cc += (xx[7] & M) + xx15 + xx16 + xx19 + xx23 - xx18; + cc += (xx[7] & M) + xx16 + xx19 - xx18 + t3; z[7] = (int)cc; cc >>= 32; cc += (xx[8] & M) + xx16 + xx17 + xx20 - xx19; z[8] = (int)cc; cc >>= 32; - cc += (xx[9] & M) + xx17 + xx18 + xx21 - xx20; + cc += (xx[9] & M) + xx18 - xx20 + t4; z[9] = (int)cc; cc >>= 32; - cc += (xx[10] & M) + xx18 + xx19 + xx22 - xx21; + cc += (xx[10] & M) + xx18 + xx19 - t5 + t6; z[10] = (int)cc; cc >>= 32; - cc += (xx[11] & M) + xx19 + xx20 + xx23 - xx22; + cc += (xx[11] & M) + xx19 + xx20 - t6; z[11] = (int)cc; cc >>= 32; cc += n; diff --git a/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP384R1Point.java b/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP384R1Point.java index f0076141..f1d79303 100644 --- a/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP384R1Point.java +++ b/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP384R1Point.java @@ -91,6 +91,7 @@ public class SecP384R1Point extends ECPoint SecP384R1FieldElement Z1 = (SecP384R1FieldElement)this.zs[0]; SecP384R1FieldElement Z2 = (SecP384R1FieldElement)b.getZCoord(0); + int c; int[] tt1 = Nat.create(24); int[] tt2 = Nat.create(24); int[] t3 = Nat.create(12); @@ -137,7 +138,7 @@ public class SecP384R1Point extends ECPoint int[] H = Nat.create(12); SecP384R1Field.subtract(U1, U2, H); - int[] R = Nat.create(12);// tt2; + int[] R = Nat.create(12); SecP384R1Field.subtract(S1, S2, R); // Check if b == this or b == -this @@ -162,19 +163,21 @@ public class SecP384R1Point extends ECPoint int[] V = t3; SecP384R1Field.multiply(HSquared, U1, V); + SecP384R1Field.negate(G, G); Nat384.mul(S1, G, tt1); + c = Nat.addBothTo(12, V, V, G); + SecP384R1Field.reduce32(c, G); + SecP384R1FieldElement X3 = new SecP384R1FieldElement(t4); SecP384R1Field.square(R, X3.x); - SecP384R1Field.add(X3.x, G, X3.x); - SecP384R1Field.subtract(X3.x, V, X3.x); - SecP384R1Field.subtract(X3.x, V, X3.x); + SecP384R1Field.subtract(X3.x, G, X3.x); SecP384R1FieldElement Y3 = new SecP384R1FieldElement(G); SecP384R1Field.subtract(V, X3.x, Y3.x); Nat384.mul(Y3.x, R, tt2); - SecP384R1Field.subtractExt(tt2, tt1, tt2); - SecP384R1Field.reduce(tt2, Y3.x); + SecP384R1Field.addExt(tt1, tt2, tt1); + SecP384R1Field.reduce(tt1, Y3.x); SecP384R1FieldElement Z3 = new SecP384R1FieldElement(H); if (!Z1IsOne) @@ -208,6 +211,7 @@ public class SecP384R1Point extends ECPoint SecP384R1FieldElement X1 = (SecP384R1FieldElement)this.x, Z1 = (SecP384R1FieldElement)this.zs[0]; + int c; int[] t1 = Nat.create(12); int[] t2 = Nat.create(12); @@ -231,12 +235,12 @@ public class SecP384R1Point extends ECPoint int[] M = t2; SecP384R1Field.add(X1.x, Z1Squared, M); SecP384R1Field.multiply(M, t1, M); - SecP384R1Field.twice(M, t1); - SecP384R1Field.add(M, t1, M); + c = Nat.addBothTo(12, M, M, M); + SecP384R1Field.reduce32(c, M); int[] S = Y1Squared; SecP384R1Field.multiply(Y1Squared, X1.x, S); - int c = Nat.shiftUpBits(12, S, 2, 0); + c = Nat.shiftUpBits(12, S, 2, 0); SecP384R1Field.reduce32(c, S); c = Nat.shiftUpBits(12, T, 3, 0, t1); diff --git a/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP521R1Field.java b/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP521R1Field.java index a90c08bc..33f4a342 100644 --- a/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP521R1Field.java +++ b/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP521R1Field.java @@ -76,7 +76,7 @@ public class SecP521R1Field int xx32 = xx[32]; int c = Nat.shiftDownBits(16, xx, 16, 9, xx32, z, 0) >>> 23; c += xx32 >>> 9; - c += Nat.add(16, z, xx, z); + c += Nat.addTo(16, xx, z); if (c > P16 || (c == P16 && Nat.eq(16, z, P))) { c += Nat.inc(16, z); @@ -88,7 +88,7 @@ public class SecP521R1Field public static void reduce23(int[] z) { int z16 = z[16]; - int c = Nat.addWordAt(16, z16 >>> 9, z, 0) + (z16 & P16); + int c = Nat.addWordTo(16, z16 >>> 9, z) + (z16 & P16); if (c > P16 || (c == P16 && Nat.eq(16, z, P))) { c += Nat.inc(16, z); diff --git a/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP521R1Point.java b/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP521R1Point.java index 4b4e5b3b..12fcecda 100644 --- a/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP521R1Point.java +++ b/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP521R1Point.java @@ -230,8 +230,8 @@ public class SecP521R1Point extends ECPoint int[] M = t2; SecP521R1Field.add(X1.x, Z1Squared, M); SecP521R1Field.multiply(M, t1, M); - SecP521R1Field.twice(M, t1); - SecP521R1Field.add(M, t1, M); + Nat.addBothTo(17, M, M, M); + SecP521R1Field.reduce23(M); int[] S = Y1Squared; SecP521R1Field.multiply(Y1Squared, X1.x, S); |