Skip to content

Commit 2e7fea5

Browse files
dghgitdghgit
committed
Merge remote-tracking branch 'origin/master'
2 parents e7698f3 + 8226026 commit 2e7fea5

File tree

5 files changed

+608
-598
lines changed

5 files changed

+608
-598
lines changed

Diff for: core/src/main/java/org/bouncycastle/math/ec/rfc7748/X25519.java

+51-49
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,8 @@ private Friend() {}
1616
public static final int POINT_SIZE = 32;
1717
public static final int SCALAR_SIZE = 32;
1818

19+
private static class F extends X25519Field {};
20+
1921
private static final int C_A = 486662;
2022
private static final int C_A24 = (C_A + 2)/4;
2123

@@ -65,17 +67,17 @@ public static void generatePublicKey(byte[] k, int kOff, byte[] r, int rOff)
6567

6668
private static void pointDouble(int[] x, int[] z)
6769
{
68-
int[] A = X25519Field.create();
69-
int[] B = X25519Field.create();
70-
71-
X25519Field.apm(x, z, A, B);
72-
X25519Field.sqr(A, A);
73-
X25519Field.sqr(B, B);
74-
X25519Field.mul(A, B, x);
75-
X25519Field.sub(A, B, A);
76-
X25519Field.mul(A, C_A24, z);
77-
X25519Field.add(z, B, z);
78-
X25519Field.mul(z, A, z);
70+
int[] a = F.create();
71+
int[] b = F.create();
72+
73+
F.apm(x, z, a, b);
74+
F.sqr(a, a);
75+
F.sqr(b, b);
76+
F.mul(a, b, x);
77+
F.sub(a, b, a);
78+
F.mul(a, C_A24, z);
79+
F.add(z, b, z);
80+
F.mul(z, a, z);
7981
}
8082

8183
public static void precompute()
@@ -85,47 +87,47 @@ public static void precompute()
8587

8688
public static void scalarMult(byte[] k, int kOff, byte[] u, int uOff, byte[] r, int rOff)
8789
{
88-
int[] n = new int[8]; decodeScalar(k, kOff, n);
90+
int[] n = new int[8]; decodeScalar(k, kOff, n);
8991

90-
int[] x1 = X25519Field.create(); X25519Field.decode(u, uOff, x1);
91-
int[] x2 = X25519Field.create(); X25519Field.copy(x1, 0, x2, 0);
92-
int[] z2 = X25519Field.create(); z2[0] = 1;
93-
int[] x3 = X25519Field.create(); x3[0] = 1;
94-
int[] z3 = X25519Field.create();
92+
int[] x1 = F.create(); F.decode(u, uOff, x1);
93+
int[] x2 = F.create(); F.copy(x1, 0, x2, 0);
94+
int[] z2 = F.create(); z2[0] = 1;
95+
int[] x3 = F.create(); x3[0] = 1;
96+
int[] z3 = F.create();
9597

96-
int[] t1 = X25519Field.create();
97-
int[] t2 = X25519Field.create();
98+
int[] t1 = F.create();
99+
int[] t2 = F.create();
98100

99101
// assert n[7] >>> 30 == 1;
100102

101103
int bit = 254, swap = 1;
102104
do
103105
{
104-
X25519Field.apm(x3, z3, t1, x3);
105-
X25519Field.apm(x2, z2, z3, x2);
106-
X25519Field.mul(t1, x2, t1);
107-
X25519Field.mul(x3, z3, x3);
108-
X25519Field.sqr(z3, z3);
109-
X25519Field.sqr(x2, x2);
110-
111-
X25519Field.sub(z3, x2, t2);
112-
X25519Field.mul(t2, C_A24, z2);
113-
X25519Field.add(z2, x2, z2);
114-
X25519Field.mul(z2, t2, z2);
115-
X25519Field.mul(x2, z3, x2);
116-
117-
X25519Field.apm(t1, x3, x3, z3);
118-
X25519Field.sqr(x3, x3);
119-
X25519Field.sqr(z3, z3);
120-
X25519Field.mul(z3, x1, z3);
106+
F.apm(x3, z3, t1, x3);
107+
F.apm(x2, z2, z3, x2);
108+
F.mul(t1, x2, t1);
109+
F.mul(x3, z3, x3);
110+
F.sqr(z3, z3);
111+
F.sqr(x2, x2);
112+
113+
F.sub(z3, x2, t2);
114+
F.mul(t2, C_A24, z2);
115+
F.add(z2, x2, z2);
116+
F.mul(z2, t2, z2);
117+
F.mul(x2, z3, x2);
118+
119+
F.apm(t1, x3, x3, z3);
120+
F.sqr(x3, x3);
121+
F.sqr(z3, z3);
122+
F.mul(z3, x1, z3);
121123

122124
--bit;
123125

124126
int word = bit >>> 5, shift = bit & 0x1F;
125127
int kt = (n[word] >>> shift) & 1;
126128
swap ^= kt;
127-
X25519Field.cswap(swap, x2, x3);
128-
X25519Field.cswap(swap, z2, z3);
129+
F.cswap(swap, x2, x3);
130+
F.cswap(swap, z2, z3);
129131
swap = kt;
130132
}
131133
while (bit >= 3);
@@ -137,26 +139,26 @@ public static void scalarMult(byte[] k, int kOff, byte[] u, int uOff, byte[] r,
137139
pointDouble(x2, z2);
138140
}
139141

140-
X25519Field.inv(z2, z2);
141-
X25519Field.mul(x2, z2, x2);
142+
F.inv(z2, z2);
143+
F.mul(x2, z2, x2);
142144

143-
X25519Field.normalize(x2);
144-
X25519Field.encode(x2, r, rOff);
145+
F.normalize(x2);
146+
F.encode(x2, r, rOff);
145147
}
146148

147149
public static void scalarMultBase(byte[] k, int kOff, byte[] r, int rOff)
148150
{
149-
int[] y = X25519Field.create();
150-
int[] z = X25519Field.create();
151+
int[] y = F.create();
152+
int[] z = F.create();
151153

152154
Ed25519.scalarMultBaseYZ(Friend.INSTANCE, k, kOff, y, z);
153155

154-
X25519Field.apm(z, y, y, z);
156+
F.apm(z, y, y, z);
155157

156-
X25519Field.inv(z, z);
157-
X25519Field.mul(y, z, y);
158+
F.inv(z, z);
159+
F.mul(y, z, y);
158160

159-
X25519Field.normalize(y);
160-
X25519Field.encode(y, r, rOff);
161+
F.normalize(y);
162+
F.encode(y, r, rOff);
161163
}
162164
}

Diff for: core/src/main/java/org/bouncycastle/math/ec/rfc7748/X448.java

+60-58
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,8 @@ private Friend() {}
1616
public static final int POINT_SIZE = 56;
1717
public static final int SCALAR_SIZE = 56;
1818

19+
private static class F extends X448Field {};
20+
1921
private static final int C_A = 156326;
2022
private static final int C_A24 = (C_A + 2)/4;
2123

@@ -64,19 +66,19 @@ public static void generatePublicKey(byte[] k, int kOff, byte[] r, int rOff)
6466

6567
private static void pointDouble(int[] x, int[] z)
6668
{
67-
int[] A = X448Field.create();
68-
int[] B = X448Field.create();
69-
70-
// X448Field.apm(x, z, A, B);
71-
X448Field.add(x, z, A);
72-
X448Field.sub(x, z, B);
73-
X448Field.sqr(A, A);
74-
X448Field.sqr(B, B);
75-
X448Field.mul(A, B, x);
76-
X448Field.sub(A, B, A);
77-
X448Field.mul(A, C_A24, z);
78-
X448Field.add(z, B, z);
79-
X448Field.mul(z, A, z);
69+
int[] a = F.create();
70+
int[] b = F.create();
71+
72+
// F.apm(x, z, a, b);
73+
F.add(x, z, a);
74+
F.sub(x, z, b);
75+
F.sqr(a, a);
76+
F.sqr(b, b);
77+
F.mul(a, b, x);
78+
F.sub(a, b, a);
79+
F.mul(a, C_A24, z);
80+
F.add(z, b, z);
81+
F.mul(z, a, z);
8082
}
8183

8284
public static void precompute()
@@ -86,54 +88,54 @@ public static void precompute()
8688

8789
public static void scalarMult(byte[] k, int kOff, byte[] u, int uOff, byte[] r, int rOff)
8890
{
89-
int[] n = new int[14]; decodeScalar(k, kOff, n);
91+
int[] n = new int[14]; decodeScalar(k, kOff, n);
9092

91-
int[] x1 = X448Field.create(); X448Field.decode(u, uOff, x1);
92-
int[] x2 = X448Field.create(); X448Field.copy(x1, 0, x2, 0);
93-
int[] z2 = X448Field.create(); z2[0] = 1;
94-
int[] x3 = X448Field.create(); x3[0] = 1;
95-
int[] z3 = X448Field.create();
93+
int[] x1 = F.create(); F.decode(u, uOff, x1);
94+
int[] x2 = F.create(); F.copy(x1, 0, x2, 0);
95+
int[] z2 = F.create(); z2[0] = 1;
96+
int[] x3 = F.create(); x3[0] = 1;
97+
int[] z3 = F.create();
9698

97-
int[] t1 = X448Field.create();
98-
int[] t2 = X448Field.create();
99+
int[] t1 = F.create();
100+
int[] t2 = F.create();
99101

100102
// assert n[13] >>> 31 == 1;
101103

102104
int bit = 447, swap = 1;
103105
do
104106
{
105-
// X448Field.apm(x3, z3, t1, x3);
106-
X448Field.add(x3, z3, t1);
107-
X448Field.sub(x3, z3, x3);
108-
// X448Field.apm(x2, z2, z3, x2);
109-
X448Field.add(x2, z2, z3);
110-
X448Field.sub(x2, z2, x2);
111-
112-
X448Field.mul(t1, x2, t1);
113-
X448Field.mul(x3, z3, x3);
114-
X448Field.sqr(z3, z3);
115-
X448Field.sqr(x2, x2);
116-
117-
X448Field.sub(z3, x2, t2);
118-
X448Field.mul(t2, C_A24, z2);
119-
X448Field.add(z2, x2, z2);
120-
X448Field.mul(z2, t2, z2);
121-
X448Field.mul(x2, z3, x2);
122-
123-
// X448Field.apm(t1, x3, x3, z3);
124-
X448Field.sub(t1, x3, z3);
125-
X448Field.add(t1, x3, x3);
126-
X448Field.sqr(x3, x3);
127-
X448Field.sqr(z3, z3);
128-
X448Field.mul(z3, x1, z3);
107+
// F.apm(x3, z3, t1, x3);
108+
F.add(x3, z3, t1);
109+
F.sub(x3, z3, x3);
110+
// F.apm(x2, z2, z3, x2);
111+
F.add(x2, z2, z3);
112+
F.sub(x2, z2, x2);
113+
114+
F.mul(t1, x2, t1);
115+
F.mul(x3, z3, x3);
116+
F.sqr(z3, z3);
117+
F.sqr(x2, x2);
118+
119+
F.sub(z3, x2, t2);
120+
F.mul(t2, C_A24, z2);
121+
F.add(z2, x2, z2);
122+
F.mul(z2, t2, z2);
123+
F.mul(x2, z3, x2);
124+
125+
// F.apm(t1, x3, x3, z3);
126+
F.sub(t1, x3, z3);
127+
F.add(t1, x3, x3);
128+
F.sqr(x3, x3);
129+
F.sqr(z3, z3);
130+
F.mul(z3, x1, z3);
129131

130132
--bit;
131133

132134
int word = bit >>> 5, shift = bit & 0x1F;
133135
int kt = (n[word] >>> shift) & 1;
134136
swap ^= kt;
135-
X448Field.cswap(swap, x2, x3);
136-
X448Field.cswap(swap, z2, z3);
137+
F.cswap(swap, x2, x3);
138+
F.cswap(swap, z2, z3);
137139
swap = kt;
138140
}
139141
while (bit >= 2);
@@ -145,25 +147,25 @@ public static void scalarMult(byte[] k, int kOff, byte[] u, int uOff, byte[] r,
145147
pointDouble(x2, z2);
146148
}
147149

148-
X448Field.inv(z2, z2);
149-
X448Field.mul(x2, z2, x2);
150+
F.inv(z2, z2);
151+
F.mul(x2, z2, x2);
150152

151-
X448Field.normalize(x2);
152-
X448Field.encode(x2, r, rOff);
153+
F.normalize(x2);
154+
F.encode(x2, r, rOff);
153155
}
154156

155157
public static void scalarMultBase(byte[] k, int kOff, byte[] r, int rOff)
156158
{
157-
int[] x = X448Field.create();
158-
int[] y = X448Field.create();
159+
int[] x = F.create();
160+
int[] y = F.create();
159161

160162
Ed448.scalarMultBaseXY(Friend.INSTANCE, k, kOff, x, y);
161163

162-
X448Field.inv(x, x);
163-
X448Field.mul(x, y, x);
164-
X448Field.sqr(x, x);
164+
F.inv(x, x);
165+
F.mul(x, y, x);
166+
F.sqr(x, x);
165167

166-
X448Field.normalize(x);
167-
X448Field.encode(x, r, rOff);
168+
F.normalize(x);
169+
F.encode(x, r, rOff);
168170
}
169171
}

0 commit comments

Comments
 (0)