diff options
| author | Adam Vartanian <flooey@google.com> | 2017-06-26 15:45:05 +0100 |
|---|---|---|
| committer | Adam Vartanian <flooey@google.com> | 2017-06-26 15:46:34 +0100 |
| commit | 823ad5bac1616941ae772fe6b69560b49c89d7b3 (patch) | |
| tree | 24b263c8c242eb3ef86f60429c056402df23faa9 /bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec | |
| parent | eaf604a467ff401cd0e0f74051ff5afa9e07359d (diff) | |
| download | bouncycastle-823ad5bac1616941ae772fe6b69560b49c89d7b3.tar.gz | |
bouncycastle: Android tree with upstream code for version 1.57
Test: no tests needed, this branch is only for diffing against upstream
Change-Id: I0bfc36b8c07bf4698383ee28ab771907fc1fa7fc
Diffstat (limited to 'bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec')
12 files changed, 312 insertions, 193 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT163K1Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT163K1Point.java index 9c483195..43dfd0a2 100644 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT163K1Point.java +++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT163K1Point.java @@ -147,11 +147,9 @@ public class SecT163K1Point extends AbstractF2m ECFieldElement Y2 = L2; ECFieldElement L = Y1.add(Y2).divide(X1); -// X3 = L.square().add(L).add(X1).add(curve.getA()); X3 = L.square().add(L).add(X1).addOne(); if (X3.isZero()) { -// return new SecT163K1Point(curve, X3, curve.getB().sqrt(), this.withCompression); return new SecT163K1Point(curve, X3, curve.getB(), this.withCompression); } @@ -169,7 +167,6 @@ public class SecT163K1Point extends AbstractF2m X3 = AU1.multiply(AU2); if (X3.isZero()) { -// return new SecT163K1Point(curve, X3, curve.getB().sqrt(), this.withCompression); return new SecT163K1Point(curve, X3, curve.getB(), this.withCompression); } @@ -215,7 +212,6 @@ public class SecT163K1Point extends AbstractF2m ECFieldElement T = L1.square().add(L1Z1).add(Z1Sq); if (T.isZero()) { -// return new SecT163K1Point(curve, T, curve.getB().sqrt(), withCompression); return new SecT163K1Point(curve, T, curve.getB(), withCompression); } @@ -263,10 +259,7 @@ public class SecT163K1Point extends AbstractF2m ECFieldElement Z1Sq = Z1.square(); ECFieldElement L1Z1 = L1.multiply(Z1); -// ECFieldElement T = curve.getA().multiply(Z1Sq).add(L1Sq).add(L1Z1); ECFieldElement T = Z1Sq.add(L1Sq).add(L1Z1); - ECFieldElement L2plus1 = L2.addOne(); -// ECFieldElement A = curve.getA().add(L2plus1).multiply(Z1Sq).add(L1Sq).multiplyPlusProduct(T, X1Sq, Z1Sq); ECFieldElement A = L2.multiply(Z1Sq).add(L1Sq).multiplyPlusProduct(T, X1Sq, Z1Sq); ECFieldElement X2Z1Sq = X2.multiply(Z1Sq); ECFieldElement B = X2Z1Sq.add(T).square(); @@ -283,13 +276,12 @@ public class SecT163K1Point extends AbstractF2m if (A.isZero()) { -// return new SecT163K1Point(curve, A, curve.getB().sqrt(), withCompression); return new SecT163K1Point(curve, A, curve.getB(), withCompression); } ECFieldElement X3 = A.square().multiply(X2Z1Sq); ECFieldElement Z3 = A.multiply(B).multiply(Z1Sq); - ECFieldElement L3 = A.add(B).square().multiplyPlusProduct(T, L2plus1, Z3); + ECFieldElement L3 = A.add(B).square().multiplyPlusProduct(T, L2.addOne(), Z3); return new SecT163K1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); } diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT163R2Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT163R2Point.java index dcadede8..00b6a2ca 100644 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT163R2Point.java +++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT163R2Point.java @@ -147,7 +147,6 @@ public class SecT163R2Point extends AbstractF2m ECFieldElement Y2 = L2; ECFieldElement L = Y1.add(Y2).divide(X1); -// X3 = L.square().add(L).add(X1).add(curve.getA()); X3 = L.square().add(L).add(X1).addOne(); if (X3.isZero()) { @@ -259,10 +258,7 @@ public class SecT163R2Point extends AbstractF2m ECFieldElement Z1Sq = Z1.square(); ECFieldElement L1Z1 = L1.multiply(Z1); -// ECFieldElement T = curve.getA().multiply(Z1Sq).add(L1Sq).add(L1Z1); ECFieldElement T = Z1Sq.add(L1Sq).add(L1Z1); - ECFieldElement L2plus1 = L2.addOne(); -// ECFieldElement A = curve.getA().add(L2plus1).multiply(Z1Sq).add(L1Sq).multiplyPlusProduct(T, X1Sq, Z1Sq); ECFieldElement A = L2.multiply(Z1Sq).add(L1Sq).multiplyPlusProduct(T, X1Sq, Z1Sq); ECFieldElement X2Z1Sq = X2.multiply(Z1Sq); ECFieldElement B = X2Z1Sq.add(T).square(); @@ -284,7 +280,7 @@ public class SecT163R2Point extends AbstractF2m ECFieldElement X3 = A.square().multiply(X2Z1Sq); ECFieldElement Z3 = A.multiply(B).multiply(Z1Sq); - ECFieldElement L3 = A.add(B).square().multiplyPlusProduct(T, L2plus1, Z3); + ECFieldElement L3 = A.add(B).square().multiplyPlusProduct(T, L2.addOne(), Z3); return new SecT163R2Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); } diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT233K1Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT233K1Point.java index 90a9701c..ac29aa39 100644 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT233K1Point.java +++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT233K1Point.java @@ -147,11 +147,9 @@ public class SecT233K1Point extends AbstractF2m ECFieldElement Y2 = L2; ECFieldElement L = Y1.add(Y2).divide(X1); -// X3 = L.square().add(L).add(X1).add(curve.getA()); X3 = L.square().add(L).add(X1); if (X3.isZero()) { -// return new SecT233K1Point(curve, X3, curve.getB().sqrt(), this.withCompression); return new SecT233K1Point(curve, X3, curve.getB(), this.withCompression); } @@ -169,7 +167,6 @@ public class SecT233K1Point extends AbstractF2m X3 = AU1.multiply(AU2); if (X3.isZero()) { -// return new SecT233K1Point(curve, X3, curve.getB().sqrt(), this.withCompression); return new SecT233K1Point(curve, X3, curve.getB(), this.withCompression); } @@ -223,7 +220,6 @@ public class SecT233K1Point extends AbstractF2m if (T.isZero()) { -// return new SecT233K1Point(curve, T, curve.getB().sqrt(), withCompression); return new SecT233K1Point(curve, T, curve.getB(), withCompression); } @@ -272,10 +268,8 @@ public class SecT233K1Point extends AbstractF2m ECFieldElement Z1Sq = Z1.square(); ECFieldElement L1Z1 = L1.multiply(Z1); -// ECFieldElement T = curve.getA().multiply(Z1Sq).add(L1Sq).add(L1Z1); ECFieldElement T = L1Sq.add(L1Z1); ECFieldElement L2plus1 = L2.addOne(); -// ECFieldElement A = curve.getA().add(L2plus1).multiply(Z1Sq).add(L1Sq).multiplyPlusProduct(T, X1Sq, Z1Sq); ECFieldElement A = L2plus1.multiply(Z1Sq).add(L1Sq).multiplyPlusProduct(T, X1Sq, Z1Sq); ECFieldElement X2Z1Sq = X2.multiply(Z1Sq); ECFieldElement B = X2Z1Sq.add(T).square(); @@ -292,7 +286,6 @@ public class SecT233K1Point extends AbstractF2m if (A.isZero()) { -// return new SecT233K1Point(curve, A, curve.getB().sqrt(), withCompression); return new SecT233K1Point(curve, A, curve.getB(), withCompression); } diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT233R1Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT233R1Point.java index 2c01a583..84930943 100644 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT233R1Point.java +++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT233R1Point.java @@ -147,7 +147,6 @@ public class SecT233R1Point extends AbstractF2m ECFieldElement Y2 = L2; ECFieldElement L = Y1.add(Y2).divide(X1); -// X3 = L.square().add(L).add(X1).add(curve.getA()); X3 = L.square().add(L).add(X1).addOne(); if (X3.isZero()) { @@ -259,10 +258,7 @@ public class SecT233R1Point extends AbstractF2m ECFieldElement Z1Sq = Z1.square(); ECFieldElement L1Z1 = L1.multiply(Z1); -// ECFieldElement T = curve.getA().multiply(Z1Sq).add(L1Sq).add(L1Z1); ECFieldElement T = Z1Sq.add(L1Sq).add(L1Z1); - ECFieldElement L2plus1 = L2.addOne(); -// ECFieldElement A = curve.getA().add(L2plus1).multiply(Z1Sq).add(L1Sq).multiplyPlusProduct(T, X1Sq, Z1Sq); ECFieldElement A = L2.multiply(Z1Sq).add(L1Sq).multiplyPlusProduct(T, X1Sq, Z1Sq); ECFieldElement X2Z1Sq = X2.multiply(Z1Sq); ECFieldElement B = X2Z1Sq.add(T).square(); @@ -284,7 +280,7 @@ public class SecT233R1Point extends AbstractF2m ECFieldElement X3 = A.square().multiply(X2Z1Sq); ECFieldElement Z3 = A.multiply(B).multiply(Z1Sq); - ECFieldElement L3 = A.add(B).square().multiplyPlusProduct(T, L2plus1, Z3); + ECFieldElement L3 = A.add(B).square().multiplyPlusProduct(T, L2.addOne(), Z3); return new SecT233R1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); } diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT239K1Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT239K1Point.java index 39384dc2..1de2a290 100644 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT239K1Point.java +++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT239K1Point.java @@ -147,11 +147,9 @@ public class SecT239K1Point extends AbstractF2m ECFieldElement Y2 = L2; ECFieldElement L = Y1.add(Y2).divide(X1); -// X3 = L.square().add(L).add(X1).add(curve.getA()); X3 = L.square().add(L).add(X1); if (X3.isZero()) { -// return new SecT239K1Point(curve, X3, curve.getB().sqrt(), this.withCompression); return new SecT239K1Point(curve, X3, curve.getB(), this.withCompression); } @@ -169,7 +167,6 @@ public class SecT239K1Point extends AbstractF2m X3 = AU1.multiply(AU2); if (X3.isZero()) { -// return new SecT239K1Point(curve, X3, curve.getB().sqrt(), this.withCompression); return new SecT239K1Point(curve, X3, curve.getB(), this.withCompression); } @@ -224,7 +221,6 @@ public class SecT239K1Point extends AbstractF2m if (T.isZero()) { -// return new SecT239K1Point(curve, T, curve.getB().sqrt(), withCompression); return new SecT239K1Point(curve, T, curve.getB(), withCompression); } @@ -273,10 +269,8 @@ public class SecT239K1Point extends AbstractF2m ECFieldElement Z1Sq = Z1.square(); ECFieldElement L1Z1 = L1.multiply(Z1); -// ECFieldElement T = curve.getA().multiply(Z1Sq).add(L1Sq).add(L1Z1); ECFieldElement T = L1Sq.add(L1Z1); ECFieldElement L2plus1 = L2.addOne(); -// ECFieldElement A = curve.getA().add(L2plus1).multiply(Z1Sq).add(L1Sq).multiplyPlusProduct(T, X1Sq, Z1Sq); ECFieldElement A = L2plus1.multiply(Z1Sq).add(L1Sq).multiplyPlusProduct(T, X1Sq, Z1Sq); ECFieldElement X2Z1Sq = X2.multiply(Z1Sq); ECFieldElement B = X2Z1Sq.add(T).square(); @@ -293,7 +287,6 @@ public class SecT239K1Point extends AbstractF2m if (A.isZero()) { -// return new SecT239K1Point(curve, A, curve.getB().sqrt(), withCompression); return new SecT239K1Point(curve, A, curve.getB(), withCompression); } diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT283K1Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT283K1Point.java index f3b704e1..a99936e6 100644 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT283K1Point.java +++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT283K1Point.java @@ -147,11 +147,9 @@ public class SecT283K1Point extends AbstractF2m ECFieldElement Y2 = L2; ECFieldElement L = Y1.add(Y2).divide(X1); -// X3 = L.square().add(L).add(X1).add(curve.getA()); X3 = L.square().add(L).add(X1); if (X3.isZero()) { -// return new SecT283K1Point(curve, X3, curve.getB().sqrt(), this.withCompression); return new SecT283K1Point(curve, X3, curve.getB(), this.withCompression); } @@ -169,7 +167,6 @@ public class SecT283K1Point extends AbstractF2m X3 = AU1.multiply(AU2); if (X3.isZero()) { -// return new SecT283K1Point(curve, X3, curve.getB().sqrt(), this.withCompression); return new SecT283K1Point(curve, X3, curve.getB(), this.withCompression); } @@ -224,7 +221,6 @@ public class SecT283K1Point extends AbstractF2m if (T.isZero()) { -// return new SecT283K1Point(curve, T, curve.getB().sqrt(), withCompression); return new SecT283K1Point(curve, T, curve.getB(), withCompression); } @@ -273,10 +269,8 @@ public class SecT283K1Point extends AbstractF2m ECFieldElement Z1Sq = Z1.square(); ECFieldElement L1Z1 = L1.multiply(Z1); -// ECFieldElement T = curve.getA().multiply(Z1Sq).add(L1Sq).add(L1Z1); ECFieldElement T = L1Sq.add(L1Z1); ECFieldElement L2plus1 = L2.addOne(); -// ECFieldElement A = curve.getA().add(L2plus1).multiply(Z1Sq).add(L1Sq).multiplyPlusProduct(T, X1Sq, Z1Sq); ECFieldElement A = L2plus1.multiply(Z1Sq).add(L1Sq).multiplyPlusProduct(T, X1Sq, Z1Sq); ECFieldElement X2Z1Sq = X2.multiply(Z1Sq); ECFieldElement B = X2Z1Sq.add(T).square(); @@ -293,7 +287,6 @@ public class SecT283K1Point extends AbstractF2m if (A.isZero()) { -// return new SecT283K1Point(curve, A, curve.getB().sqrt(), withCompression); return new SecT283K1Point(curve, A, curve.getB(), withCompression); } diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT283R1Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT283R1Point.java index 7a95a734..0718239c 100644 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT283R1Point.java +++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT283R1Point.java @@ -147,7 +147,6 @@ public class SecT283R1Point extends AbstractF2m ECFieldElement Y2 = L2; ECFieldElement L = Y1.add(Y2).divide(X1); -// X3 = L.square().add(L).add(X1).add(curve.getA()); X3 = L.square().add(L).add(X1).addOne(); if (X3.isZero()) { @@ -259,10 +258,7 @@ public class SecT283R1Point extends AbstractF2m ECFieldElement Z1Sq = Z1.square(); ECFieldElement L1Z1 = L1.multiply(Z1); -// ECFieldElement T = curve.getA().multiply(Z1Sq).add(L1Sq).add(L1Z1); ECFieldElement T = Z1Sq.add(L1Sq).add(L1Z1); - ECFieldElement L2plus1 = L2.addOne(); -// ECFieldElement A = curve.getA().add(L2plus1).multiply(Z1Sq).add(L1Sq).multiplyPlusProduct(T, X1Sq, Z1Sq); ECFieldElement A = L2.multiply(Z1Sq).add(L1Sq).multiplyPlusProduct(T, X1Sq, Z1Sq); ECFieldElement X2Z1Sq = X2.multiply(Z1Sq); ECFieldElement B = X2Z1Sq.add(T).square(); @@ -284,7 +280,7 @@ public class SecT283R1Point extends AbstractF2m ECFieldElement X3 = A.square().multiply(X2Z1Sq); ECFieldElement Z3 = A.multiply(B).multiply(Z1Sq); - ECFieldElement L3 = A.add(B).square().multiplyPlusProduct(T, L2plus1, Z3); + ECFieldElement L3 = A.add(B).square().multiplyPlusProduct(T, L2.addOne(), Z3); return new SecT283R1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); } diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT409K1Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT409K1Point.java index 4204923b..41155f3f 100644 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT409K1Point.java +++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT409K1Point.java @@ -147,11 +147,9 @@ public class SecT409K1Point extends AbstractF2m ECFieldElement Y2 = L2; ECFieldElement L = Y1.add(Y2).divide(X1); -// X3 = L.square().add(L).add(X1).add(curve.getA()); X3 = L.square().add(L).add(X1); if (X3.isZero()) { -// return new SecT409K1Point(curve, X3, curve.getB().sqrt(), this.withCompression); return new SecT409K1Point(curve, X3, curve.getB(), this.withCompression); } @@ -169,7 +167,6 @@ public class SecT409K1Point extends AbstractF2m X3 = AU1.multiply(AU2); if (X3.isZero()) { -// return new SecT409K1Point(curve, X3, curve.getB().sqrt(), this.withCompression); return new SecT409K1Point(curve, X3, curve.getB(), this.withCompression); } @@ -224,7 +221,6 @@ public class SecT409K1Point extends AbstractF2m if (T.isZero()) { -// return new SecT409K1Point(curve, T, curve.getB().sqrt(), withCompression); return new SecT409K1Point(curve, T, curve.getB(), withCompression); } @@ -273,10 +269,8 @@ public class SecT409K1Point extends AbstractF2m ECFieldElement Z1Sq = Z1.square(); ECFieldElement L1Z1 = L1.multiply(Z1); -// ECFieldElement T = curve.getA().multiply(Z1Sq).add(L1Sq).add(L1Z1); ECFieldElement T = L1Sq.add(L1Z1); ECFieldElement L2plus1 = L2.addOne(); -// ECFieldElement A = curve.getA().add(L2plus1).multiply(Z1Sq).add(L1Sq).multiplyPlusProduct(T, X1Sq, Z1Sq); ECFieldElement A = L2plus1.multiply(Z1Sq).add(L1Sq).multiplyPlusProduct(T, X1Sq, Z1Sq); ECFieldElement X2Z1Sq = X2.multiply(Z1Sq); ECFieldElement B = X2Z1Sq.add(T).square(); @@ -293,7 +287,6 @@ public class SecT409K1Point extends AbstractF2m if (A.isZero()) { -// return new SecT409K1Point(curve, A, curve.getB().sqrt(), withCompression); return new SecT409K1Point(curve, A, curve.getB(), withCompression); } diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT409R1Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT409R1Point.java index 078935da..3d3566e2 100644 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT409R1Point.java +++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT409R1Point.java @@ -147,7 +147,6 @@ public class SecT409R1Point extends AbstractF2m ECFieldElement Y2 = L2; ECFieldElement L = Y1.add(Y2).divide(X1); -// X3 = L.square().add(L).add(X1).add(curve.getA()); X3 = L.square().add(L).add(X1).addOne(); if (X3.isZero()) { @@ -259,10 +258,7 @@ public class SecT409R1Point extends AbstractF2m ECFieldElement Z1Sq = Z1.square(); ECFieldElement L1Z1 = L1.multiply(Z1); -// ECFieldElement T = curve.getA().multiply(Z1Sq).add(L1Sq).add(L1Z1); ECFieldElement T = Z1Sq.add(L1Sq).add(L1Z1); - ECFieldElement L2plus1 = L2.addOne(); -// ECFieldElement A = curve.getA().add(L2plus1).multiply(Z1Sq).add(L1Sq).multiplyPlusProduct(T, X1Sq, Z1Sq); ECFieldElement A = L2.multiply(Z1Sq).add(L1Sq).multiplyPlusProduct(T, X1Sq, Z1Sq); ECFieldElement X2Z1Sq = X2.multiply(Z1Sq); ECFieldElement B = X2Z1Sq.add(T).square(); @@ -284,7 +280,7 @@ public class SecT409R1Point extends AbstractF2m ECFieldElement X3 = A.square().multiply(X2Z1Sq); ECFieldElement Z3 = A.multiply(B).multiply(Z1Sq); - ECFieldElement L3 = A.add(B).square().multiplyPlusProduct(T, L2plus1, Z3); + ECFieldElement L3 = A.add(B).square().multiplyPlusProduct(T, L2.addOne(), Z3); return new SecT409R1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); } diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT571Field.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT571Field.java index 68368081..554304b5 100644 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT571Field.java +++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT571Field.java @@ -31,6 +31,14 @@ public class SecT571Field } } + public static void addBothTo(long[] x, long[] y, long[] z) + { + for (int i = 0; i < 9; ++i) + { + z[i] ^= x[i] ^ y[i]; + } + } + private static void addBothTo(long[] x, int xOff, long[] y, int yOff, long[] z, int zOff) { for (int i = 0; i < 9; ++i) @@ -130,6 +138,46 @@ public class SecT571Field addExt(zz, tt, zz); } + public static void multiplyPrecomp(long[] x, long[] precomp, long[] z) + { + long[] tt = Nat576.createExt64(); + implMultiplyPrecomp(x, precomp, tt); + reduce(tt, z); + } + + public static void multiplyPrecompAddToExt(long[] x, long[] precomp, long[] zz) + { + long[] tt = Nat576.createExt64(); + implMultiplyPrecomp(x, precomp, tt); + addExt(zz, tt, zz); + } + + public static long[] precompMultiplicand(long[] x) + { + /* + * Precompute table of all 4-bit products of x (first section) + */ + int len = 9 << 4; + long[] t = new long[len << 1]; + System.arraycopy(x, 0, t, 9, 9); +// reduce5(T0, 9); + int tOff = 0; + for (int i = 7; i > 0; --i) + { + tOff += 18; + Nat.shiftUpBit64(9, t, tOff >>> 1, 0L, t, tOff); + reduce5(t, tOff); + add(t, 9, t, tOff, t, tOff + 9); + } + + /* + * Second section with all 4-bit products of B shifted 4 bits + */ + Nat.shiftUpBits64(len, t, 0, 4, 0L, t, len); + + return t; + } + public static void reduce(long[] xx, long[] z) { long xx09 = xx[9]; @@ -226,27 +274,13 @@ public class SecT571Field // implMulwAcc(x, y[i], zz, i); // } - /* - * Precompute table of all 4-bit products of y - */ - long[] T0 = new long[9 << 4]; - System.arraycopy(y, 0, T0, 9, 9); -// reduce5(T0, 9); - int tOff = 0; - for (int i = 7; i > 0; --i) - { - tOff += 18; - Nat.shiftUpBit64(9, T0, tOff >>> 1, 0L, T0, tOff); - reduce5(T0, tOff); - add(T0, 9, T0, tOff, T0, tOff + 9); - } - - /* - * Second table with all 4-bit products of B shifted 4 bits - */ - long[] T1 = new long[T0.length]; - Nat.shiftUpBits64(T0.length, T0, 0, 4, 0L, T1, 0); + long[] precomp = precompMultiplicand(y); + + implMultiplyPrecomp(x, precomp, zz); + } + protected static void implMultiplyPrecomp(long[] x, long[] precomp, long[] zz) + { int MASK = 0xF; /* @@ -260,7 +294,7 @@ public class SecT571Field int aVal = (int)(x[j] >>> k); int u = aVal & MASK; int v = (aVal >>> 4) & MASK; - addBothTo(T0, 9 * u, T1, 9 * v, zz, j - 1); + addBothTo(precomp, 9 * u, precomp, 9 * (v + 16), zz, j - 1); } Nat.shiftUpBits64(16, zz, 0, 8, 0L); } @@ -272,7 +306,7 @@ public class SecT571Field int aVal = (int)(x[j] >>> k); int u = aVal & MASK; int v = (aVal >>> 4) & MASK; - addBothTo(T0, 9 * u, T1, 9 * v, zz, j); + addBothTo(precomp, 9 * u, precomp, 9 * (v + 16), zz, j); } if (k > 0) { diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT571K1Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT571K1Point.java index c9238cd8..8f1c4cae 100644 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT571K1Point.java +++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT571K1Point.java @@ -5,6 +5,7 @@ import org.bouncycastle.math.ec.ECCurve; import org.bouncycastle.math.ec.ECFieldElement; import org.bouncycastle.math.ec.ECPoint; import org.bouncycastle.math.ec.ECPoint.AbstractF2m; +import org.bouncycastle.math.raw.Nat576; public class SecT571K1Point extends AbstractF2m { @@ -91,8 +92,8 @@ public class SecT571K1Point extends AbstractF2m ECCurve curve = this.getCurve(); - ECFieldElement X1 = this.x; - ECFieldElement X2 = b.getRawXCoord(); + SecT571FieldElement X1 = (SecT571FieldElement)this.x; + SecT571FieldElement X2 = (SecT571FieldElement)b.getRawXCoord(); if (X1.isZero()) { @@ -104,31 +105,49 @@ public class SecT571K1Point extends AbstractF2m return b.add(this); } - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - ECFieldElement L2 = b.getRawYCoord(), Z2 = b.getZCoord(0); + SecT571FieldElement L1 = (SecT571FieldElement)this.y, Z1 = (SecT571FieldElement)this.zs[0]; + SecT571FieldElement L2 = (SecT571FieldElement)b.getRawYCoord(), Z2 = (SecT571FieldElement)b.getZCoord(0); - boolean Z1IsOne = Z1.isOne(); - ECFieldElement U2 = X2, S2 = L2; - if (!Z1IsOne) + long[] t1 = Nat576.create64(); + long[] t2 = Nat576.create64(); + long[] t3 = Nat576.create64(); + long[] t4 = Nat576.create64(); + + long[] Z1Precomp = Z1.isOne() ? null : SecT571Field.precompMultiplicand(Z1.x); + long[] U2, S2; + if (Z1Precomp == null) + { + U2 = X2.x; + S2 = L2.x; + } + else { - U2 = U2.multiply(Z1); - S2 = S2.multiply(Z1); + SecT571Field.multiplyPrecomp(X2.x, Z1Precomp, U2 = t2); + SecT571Field.multiplyPrecomp(L2.x, Z1Precomp, S2 = t4); } - boolean Z2IsOne = Z2.isOne(); - ECFieldElement U1 = X1, S1 = L1; - if (!Z2IsOne) + long[] Z2Precomp = Z2.isOne() ? null : SecT571Field.precompMultiplicand(Z2.x); + long[] U1, S1; + if (Z2Precomp == null) + { + U1 = X1.x; + S1 = L1.x; + } + else { - U1 = U1.multiply(Z2); - S1 = S1.multiply(Z2); + SecT571Field.multiplyPrecomp(X1.x, Z2Precomp, U1 = t1); + SecT571Field.multiplyPrecomp(L1.x, Z2Precomp, S1 = t3); } - ECFieldElement A = S1.add(S2); - ECFieldElement B = U1.add(U2); + long[] A = t3; + SecT571Field.add(S1, S2, A); - if (B.isZero()) + long[] B = t4; + SecT571Field.add(U1, U2, B); + + if (Nat576.isZero64(B)) { - if (A.isZero()) + if (Nat576.isZero64(A)) { return twice(); } @@ -136,55 +155,69 @@ public class SecT571K1Point extends AbstractF2m return curve.getInfinity(); } - ECFieldElement X3, L3, Z3; + SecT571FieldElement X3, L3, Z3; if (X2.isZero()) { // TODO This can probably be optimized quite a bit ECPoint p = this.normalize(); - X1 = p.getXCoord(); + X1 = (SecT571FieldElement)p.getXCoord(); ECFieldElement Y1 = p.getYCoord(); ECFieldElement Y2 = L2; ECFieldElement L = Y1.add(Y2).divide(X1); -// X3 = L.square().add(L).add(X1).add(curve.getA()); - X3 = L.square().add(L).add(X1).addOne(); + X3 = (SecT571FieldElement)L.square().add(L).add(X1); if (X3.isZero()) { -// return new SecT571K1Point(curve, X3, curve.getB().sqrt(), this.withCompression); return new SecT571K1Point(curve, X3, curve.getB(), this.withCompression); } ECFieldElement Y3 = L.multiply(X1.add(X3)).add(X3).add(Y1); - L3 = Y3.divide(X3).add(X3); - Z3 = curve.fromBigInteger(ECConstants.ONE); + L3 = (SecT571FieldElement)Y3.divide(X3).add(X3); + Z3 = (SecT571FieldElement)curve.fromBigInteger(ECConstants.ONE); } else { - B = B.square(); + SecT571Field.square(B, B); + + long[] APrecomp = SecT571Field.precompMultiplicand(A); + + long[] AU1 = t1; + long[] AU2 = t2; - ECFieldElement AU1 = A.multiply(U1); - ECFieldElement AU2 = A.multiply(U2); + SecT571Field.multiplyPrecomp(U1, APrecomp, AU1); + SecT571Field.multiplyPrecomp(U2, APrecomp, AU2); + + X3 = new SecT571FieldElement(t1); + SecT571Field.multiply(AU1, AU2, X3.x); - X3 = AU1.multiply(AU2); if (X3.isZero()) { -// return new SecT571K1Point(curve, X3, curve.getB().sqrt(), this.withCompression); return new SecT571K1Point(curve, X3, curve.getB(), this.withCompression); } - ECFieldElement ABZ2 = A.multiply(B); - if (!Z2IsOne) + Z3 = new SecT571FieldElement(t3); + SecT571Field.multiplyPrecomp(B, APrecomp, Z3.x); + + if (Z2Precomp != null) { - ABZ2 = ABZ2.multiply(Z2); + SecT571Field.multiplyPrecomp(Z3.x, Z2Precomp, Z3.x); } - L3 = AU2.add(B).squarePlusProduct(ABZ2, L1.add(Z1)); + long[] tt = Nat576.createExt64(); + + SecT571Field.add(AU2, B, t4); + SecT571Field.squareAddToExt(t4, tt); + + SecT571Field.add(L1.x, Z1.x, t4); + SecT571Field.multiplyAddToExt(t4, Z3.x, tt); + + L3 = new SecT571FieldElement(t4); + SecT571Field.reduce(tt, L3.x); - Z3 = ABZ2; - if (!Z1IsOne) + if (Z1Precomp != null) { - Z3 = Z3.multiply(Z1); + SecT571Field.multiplyPrecomp(Z3.x, Z1Precomp, Z3.x); } } @@ -224,7 +257,6 @@ public class SecT571K1Point extends AbstractF2m if (T.isZero()) { -// return new SecT571K1Point(curve, T, curve.getB().sqrt(), withCompression); return new SecT571K1Point(curve, T, curve.getB(), withCompression); } @@ -273,10 +305,8 @@ public class SecT571K1Point extends AbstractF2m ECFieldElement Z1Sq = Z1.square(); ECFieldElement L1Z1 = L1.multiply(Z1); -// ECFieldElement T = curve.getA().multiply(Z1Sq).add(L1Sq).add(L1Z1); ECFieldElement T = L1Sq.add(L1Z1); ECFieldElement L2plus1 = L2.addOne(); -// ECFieldElement A = curve.getA().add(L2plus1).multiply(Z1Sq).add(L1Sq).multiplyPlusProduct(T, X1Sq, Z1Sq); ECFieldElement A = L2plus1.multiply(Z1Sq).add(L1Sq).multiplyPlusProduct(T, X1Sq, Z1Sq); ECFieldElement X2Z1Sq = X2.multiply(Z1Sq); ECFieldElement B = X2Z1Sq.add(T).square(); @@ -293,7 +323,6 @@ public class SecT571K1Point extends AbstractF2m if (A.isZero()) { -// return new SecT571K1Point(curve, A, curve.getB().sqrt(), withCompression); return new SecT571K1Point(curve, A, curve.getB(), withCompression); } diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT571R1Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT571R1Point.java index 921828f2..71766d67 100644 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT571R1Point.java +++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT571R1Point.java @@ -5,6 +5,8 @@ import org.bouncycastle.math.ec.ECCurve; import org.bouncycastle.math.ec.ECFieldElement; import org.bouncycastle.math.ec.ECPoint; import org.bouncycastle.math.ec.ECPoint.AbstractF2m; +import org.bouncycastle.math.raw.Nat; +import org.bouncycastle.math.raw.Nat576; public class SecT571R1Point extends AbstractF2m { @@ -91,8 +93,8 @@ public class SecT571R1Point extends AbstractF2m ECCurve curve = this.getCurve(); - ECFieldElement X1 = this.x; - ECFieldElement X2 = b.getRawXCoord(); + SecT571FieldElement X1 = (SecT571FieldElement)this.x; + SecT571FieldElement X2 = (SecT571FieldElement)b.getRawXCoord(); if (X1.isZero()) { @@ -104,31 +106,49 @@ public class SecT571R1Point extends AbstractF2m return b.add(this); } - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - ECFieldElement L2 = b.getRawYCoord(), Z2 = b.getZCoord(0); + SecT571FieldElement L1 = (SecT571FieldElement)this.y, Z1 = (SecT571FieldElement)this.zs[0]; + SecT571FieldElement L2 = (SecT571FieldElement)b.getRawYCoord(), Z2 = (SecT571FieldElement)b.getZCoord(0); - boolean Z1IsOne = Z1.isOne(); - ECFieldElement U2 = X2, S2 = L2; - if (!Z1IsOne) + long[] t1 = Nat576.create64(); + long[] t2 = Nat576.create64(); + long[] t3 = Nat576.create64(); + long[] t4 = Nat576.create64(); + + long[] Z1Precomp = Z1.isOne() ? null : SecT571Field.precompMultiplicand(Z1.x); + long[] U2, S2; + if (Z1Precomp == null) + { + U2 = X2.x; + S2 = L2.x; + } + else { - U2 = U2.multiply(Z1); - S2 = S2.multiply(Z1); + SecT571Field.multiplyPrecomp(X2.x, Z1Precomp, U2 = t2); + SecT571Field.multiplyPrecomp(L2.x, Z1Precomp, S2 = t4); } - boolean Z2IsOne = Z2.isOne(); - ECFieldElement U1 = X1, S1 = L1; - if (!Z2IsOne) + long[] Z2Precomp = Z2.isOne() ? null : SecT571Field.precompMultiplicand(Z2.x); + long[] U1, S1; + if (Z2Precomp == null) + { + U1 = X1.x; + S1 = L1.x; + } + else { - U1 = U1.multiply(Z2); - S1 = S1.multiply(Z2); + SecT571Field.multiplyPrecomp(X1.x, Z2Precomp, U1 = t1); + SecT571Field.multiplyPrecomp(L1.x, Z2Precomp, S1 = t3); } - ECFieldElement A = S1.add(S2); - ECFieldElement B = U1.add(U2); + long[] A = t3; + SecT571Field.add(S1, S2, A); + + long[] B = t4; + SecT571Field.add(U1, U2, B); - if (B.isZero()) + if (Nat576.isZero64(B)) { - if (A.isZero()) + if (Nat576.isZero64(A)) { return twice(); } @@ -136,55 +156,69 @@ public class SecT571R1Point extends AbstractF2m return curve.getInfinity(); } - ECFieldElement X3, L3, Z3; + SecT571FieldElement X3, L3, Z3; if (X2.isZero()) { // TODO This can probably be optimized quite a bit ECPoint p = this.normalize(); - X1 = p.getXCoord(); + X1 = (SecT571FieldElement)p.getXCoord(); ECFieldElement Y1 = p.getYCoord(); ECFieldElement Y2 = L2; ECFieldElement L = Y1.add(Y2).divide(X1); -// X3 = L.square().add(L).add(X1).add(curve.getA()); - X3 = L.square().add(L).add(X1).addOne(); + X3 = (SecT571FieldElement)L.square().add(L).add(X1).addOne(); if (X3.isZero()) { -// return new SecT571R1Point(curve, X3, curve.getB().sqrt(), this.withCompression); return new SecT571R1Point(curve, X3, SecT571R1Curve.SecT571R1_B_SQRT, this.withCompression); } ECFieldElement Y3 = L.multiply(X1.add(X3)).add(X3).add(Y1); - L3 = Y3.divide(X3).add(X3); - Z3 = curve.fromBigInteger(ECConstants.ONE); + L3 = (SecT571FieldElement)Y3.divide(X3).add(X3); + Z3 = (SecT571FieldElement)curve.fromBigInteger(ECConstants.ONE); } else { - B = B.square(); + SecT571Field.square(B, B); + + long[] APrecomp = SecT571Field.precompMultiplicand(A); - ECFieldElement AU1 = A.multiply(U1); - ECFieldElement AU2 = A.multiply(U2); + long[] AU1 = t1; + long[] AU2 = t2; + + SecT571Field.multiplyPrecomp(U1, APrecomp, AU1); + SecT571Field.multiplyPrecomp(U2, APrecomp, AU2); + + X3 = new SecT571FieldElement(t1); + SecT571Field.multiply(AU1, AU2, X3.x); - X3 = AU1.multiply(AU2); if (X3.isZero()) { -// return new SecT571R1Point(curve, X3, curve.getB().sqrt(), this.withCompression); return new SecT571R1Point(curve, X3, SecT571R1Curve.SecT571R1_B_SQRT, this.withCompression); } - ECFieldElement ABZ2 = A.multiply(B); - if (!Z2IsOne) + Z3 = new SecT571FieldElement(t3); + SecT571Field.multiplyPrecomp(B, APrecomp, Z3.x); + + if (Z2Precomp != null) { - ABZ2 = ABZ2.multiply(Z2); + SecT571Field.multiplyPrecomp(Z3.x, Z2Precomp, Z3.x); } - L3 = AU2.add(B).squarePlusProduct(ABZ2, L1.add(Z1)); + long[] tt = Nat576.createExt64(); - Z3 = ABZ2; - if (!Z1IsOne) + SecT571Field.add(AU2, B, t4); + SecT571Field.squareAddToExt(t4, tt); + + SecT571Field.add(L1.x, Z1.x, t4); + SecT571Field.multiplyAddToExt(t4, Z3.x, tt); + + L3 = new SecT571FieldElement(t4); + SecT571Field.reduce(tt, L3.x); + + if (Z1Precomp != null) { - Z3 = Z3.multiply(Z1); + SecT571Field.multiplyPrecomp(Z3.x, Z1Precomp, Z3.x); } } @@ -200,30 +234,66 @@ public class SecT571R1Point extends AbstractF2m ECCurve curve = this.getCurve(); - ECFieldElement X1 = this.x; + SecT571FieldElement X1 = (SecT571FieldElement)this.x; if (X1.isZero()) { // A point with X == 0 is it's own additive inverse return curve.getInfinity(); } - ECFieldElement L1 = this.y, Z1 = this.zs[0]; + SecT571FieldElement L1 = (SecT571FieldElement)this.y, Z1 = (SecT571FieldElement)this.zs[0]; + + long[] t1 = Nat576.create64(); + long[] t2 = Nat576.create64(); + + long[] Z1Precomp = Z1.isOne() ? null : SecT571Field.precompMultiplicand(Z1.x); + long[] L1Z1, Z1Sq; + if (Z1Precomp == null) + { + L1Z1 = L1.x; + Z1Sq = Z1.x; + } + else + { + SecT571Field.multiplyPrecomp(L1.x, Z1Precomp, L1Z1 = t1); + SecT571Field.square(Z1.x, Z1Sq = t2); + } + + long[] T = Nat576.create64(); + SecT571Field.square(L1.x, T); + SecT571Field.addBothTo(L1Z1, Z1Sq, T); - boolean Z1IsOne = Z1.isOne(); - ECFieldElement L1Z1 = Z1IsOne ? L1 : L1.multiply(Z1); - ECFieldElement Z1Sq = Z1IsOne ? Z1 : Z1.square(); - ECFieldElement T = L1.square().add(L1Z1).add(Z1Sq); - if (T.isZero()) + if (Nat576.isZero64(T)) { -// return new SecT571R1Point(curve, T, curve.getB().sqrt(), withCompression); - return new SecT571R1Point(curve, T, SecT571R1Curve.SecT571R1_B_SQRT, withCompression); + return new SecT571R1Point(curve, new SecT571FieldElement(T), SecT571R1Curve.SecT571R1_B_SQRT, withCompression); } - ECFieldElement X3 = T.square(); - ECFieldElement Z3 = Z1IsOne ? T : T.multiply(Z1Sq); + long[] tt = Nat576.createExt64(); + SecT571Field.multiplyAddToExt(T, L1Z1, tt); - ECFieldElement X1Z1 = Z1IsOne ? X1 : X1.multiply(Z1); - ECFieldElement L3 = X1Z1.squarePlusProduct(T, L1Z1).add(X3).add(Z3); + SecT571FieldElement X3 = new SecT571FieldElement(t1); + SecT571Field.square(T, X3.x); + + SecT571FieldElement Z3 = new SecT571FieldElement(T); + if (Z1Precomp != null) + { + SecT571Field.multiply(Z3.x, Z1Sq, Z3.x); + } + + long[] X1Z1; + if (Z1Precomp == null) + { + X1Z1 = X1.x; + } + else + { + SecT571Field.multiplyPrecomp(X1.x, Z1Precomp, X1Z1 = t2); + } + + SecT571Field.squareAddToExt(X1Z1, tt); + SecT571Field.reduce(tt, t2); + SecT571Field.addBothTo(X3.x, Z3.x, t2); + SecT571FieldElement L3 = new SecT571FieldElement(t2); return new SecT571R1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); } @@ -241,38 +311,63 @@ public class SecT571R1Point extends AbstractF2m ECCurve curve = this.getCurve(); - ECFieldElement X1 = this.x; + SecT571FieldElement X1 = (SecT571FieldElement)this.x; if (X1.isZero()) { // A point with X == 0 is it's own additive inverse return b; } - ECFieldElement X2 = b.getRawXCoord(), Z2 = b.getZCoord(0); + SecT571FieldElement X2 = (SecT571FieldElement)b.getRawXCoord(), Z2 = (SecT571FieldElement)b.getZCoord(0); if (X2.isZero() || !Z2.isOne()) { return twice().add(b); } - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - ECFieldElement L2 = b.getRawYCoord(); + SecT571FieldElement L1 = (SecT571FieldElement)this.y, Z1 = (SecT571FieldElement)this.zs[0]; + SecT571FieldElement L2 = (SecT571FieldElement)b.getRawYCoord(); + + long[] t1 = Nat576.create64(); + long[] t2 = Nat576.create64(); + long[] t3 = Nat576.create64(); + long[] t4 = Nat576.create64(); - ECFieldElement X1Sq = X1.square(); - ECFieldElement L1Sq = L1.square(); - ECFieldElement Z1Sq = Z1.square(); - ECFieldElement L1Z1 = L1.multiply(Z1); + long[] X1Sq = t1; + SecT571Field.square(X1.x, X1Sq); -// ECFieldElement T = curve.getA().multiply(Z1Sq).add(L1Sq).add(L1Z1); - ECFieldElement T = Z1Sq.add(L1Sq).add(L1Z1); - ECFieldElement L2plus1 = L2.addOne(); -// ECFieldElement A = curve.getA().add(L2plus1).multiply(Z1Sq).add(L1Sq).multiplyPlusProduct(T, X1Sq, Z1Sq); - ECFieldElement A = L2.multiply(Z1Sq).add(L1Sq).multiplyPlusProduct(T, X1Sq, Z1Sq); - ECFieldElement X2Z1Sq = X2.multiply(Z1Sq); - ECFieldElement B = X2Z1Sq.add(T).square(); + long[] L1Sq = t2; + SecT571Field.square(L1.x, L1Sq); - if (B.isZero()) + long[] Z1Sq = t3; + SecT571Field.square(Z1.x, Z1Sq); + + long[] L1Z1 = t4; + SecT571Field.multiply(L1.x, Z1.x, L1Z1); + + long[] T = L1Z1; + SecT571Field.addBothTo(Z1Sq, L1Sq, T); + + long[] Z1SqPrecomp = SecT571Field.precompMultiplicand(Z1Sq); + + long[] A = t3; + SecT571Field.multiplyPrecomp(L2.x, Z1SqPrecomp, A); + SecT571Field.add(A, L1Sq, A); + + long[] tt = Nat576.createExt64(); + SecT571Field.multiplyAddToExt(A, T, tt); + SecT571Field.multiplyPrecompAddToExt(X1Sq, Z1SqPrecomp, tt); + SecT571Field.reduce(tt, A); + + long[] X2Z1Sq = t1; + SecT571Field.multiplyPrecomp(X2.x, Z1SqPrecomp, X2Z1Sq); + + long[] B = t2; + SecT571Field.add(X2Z1Sq, T, B); + SecT571Field.square(B, B); + + if (Nat576.isZero64(B)) { - if (A.isZero()) + if (Nat576.isZero64(A)) { return b.twice(); } @@ -280,15 +375,28 @@ public class SecT571R1Point extends AbstractF2m return curve.getInfinity(); } - if (A.isZero()) + if (Nat576.isZero64(A)) { -// return new SecT571R1Point(curve, A, curve.getB().sqrt(), withCompression); - return new SecT571R1Point(curve, A, SecT571R1Curve.SecT571R1_B_SQRT, withCompression); + return new SecT571R1Point(curve, new SecT571FieldElement(A), SecT571R1Curve.SecT571R1_B_SQRT, withCompression); } - ECFieldElement X3 = A.square().multiply(X2Z1Sq); - ECFieldElement Z3 = A.multiply(B).multiply(Z1Sq); - ECFieldElement L3 = A.add(B).square().multiplyPlusProduct(T, L2plus1, Z3); + SecT571FieldElement X3 = new SecT571FieldElement(); + SecT571Field.square(A, X3.x); + SecT571Field.multiply(X3.x, X2Z1Sq, X3.x); + + SecT571FieldElement Z3 = new SecT571FieldElement(t1); + SecT571Field.multiply(A, B, Z3.x); + SecT571Field.multiplyPrecomp(Z3.x, Z1SqPrecomp, Z3.x); + + SecT571FieldElement L3 = new SecT571FieldElement(t2); + SecT571Field.add(A, B, L3.x); + SecT571Field.square(L3.x, L3.x); + + Nat.zero64(18, tt); + SecT571Field.multiplyAddToExt(L3.x, T, tt); + SecT571Field.addOne(L2.x, t4); + SecT571Field.multiplyAddToExt(t4, Z3.x, tt); + SecT571Field.reduce(tt, L3.x); return new SecT571R1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); } |