diff options
Diffstat (limited to 'bcprov/src/main/java/org/bouncycastle/math/ec/custom')
79 files changed, 0 insertions, 18290 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/djb/Curve25519.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/djb/Curve25519.java deleted file mode 100644 index d9fa6c3b..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/djb/Curve25519.java +++ /dev/null @@ -1,126 +0,0 @@ -package org.bouncycastle.math.ec.custom.djb; - -import java.math.BigInteger; - -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECLookupTable; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.raw.Nat256; -import org.bouncycastle.util.encoders.Hex; - -public class Curve25519 extends ECCurve.AbstractFp -{ - public static final BigInteger q = Nat256.toBigInteger(Curve25519Field.P); - - private static final int Curve25519_DEFAULT_COORDS = COORD_JACOBIAN_MODIFIED; - - protected Curve25519Point infinity; - - public Curve25519() - { - super(q); - - this.infinity = new Curve25519Point(this, null, null); - - this.a = fromBigInteger(new BigInteger(1, - Hex.decode("2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA984914A144"))); - this.b = fromBigInteger(new BigInteger(1, - Hex.decode("7B425ED097B425ED097B425ED097B425ED097B425ED097B4260B5E9C7710C864"))); - this.order = new BigInteger(1, Hex.decode("1000000000000000000000000000000014DEF9DEA2F79CD65812631A5CF5D3ED")); - this.cofactor = BigInteger.valueOf(8); - - this.coord = Curve25519_DEFAULT_COORDS; - } - - protected ECCurve cloneCurve() - { - return new Curve25519(); - } - - public boolean supportsCoordinateSystem(int coord) - { - switch (coord) - { - case COORD_JACOBIAN_MODIFIED: - return true; - default: - return false; - } - } - - public BigInteger getQ() - { - return q; - } - - public int getFieldSize() - { - return q.bitLength(); - } - - public ECFieldElement fromBigInteger(BigInteger x) - { - return new Curve25519FieldElement(x); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, boolean withCompression) - { - return new Curve25519Point(this, x, y, withCompression); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - return new Curve25519Point(this, x, y, zs, withCompression); - } - - public ECPoint getInfinity() - { - return infinity; - } - - public ECLookupTable createCacheSafeLookupTable(ECPoint[] points, int off, final int len) - { - final int FE_INTS = 8; - - final int[] table = new int[len * FE_INTS * 2]; - { - int pos = 0; - for (int i = 0; i < len; ++i) - { - ECPoint p = points[off + i]; - Nat256.copy(((Curve25519FieldElement)p.getRawXCoord()).x, 0, table, pos); pos += FE_INTS; - Nat256.copy(((Curve25519FieldElement)p.getRawYCoord()).x, 0, table, pos); pos += FE_INTS; - } - } - - return new ECLookupTable() - { - public int getSize() - { - return len; - } - - public ECPoint lookup(int index) - { - int[] x = Nat256.create(), y = Nat256.create(); - int pos = 0; - - for (int i = 0; i < len; ++i) - { - int MASK = ((i ^ index) - 1) >> 31; - - for (int j = 0; j < FE_INTS; ++j) - { - x[j] ^= table[pos + j] & MASK; - y[j] ^= table[pos + FE_INTS + j] & MASK; - } - - pos += (FE_INTS * 2); - } - - return createRawPoint(new Curve25519FieldElement(x), new Curve25519FieldElement(y), false); - } - }; - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/djb/Curve25519Field.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/djb/Curve25519Field.java deleted file mode 100644 index 2e8e335d..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/djb/Curve25519Field.java +++ /dev/null @@ -1,254 +0,0 @@ -package org.bouncycastle.math.ec.custom.djb; - -import java.math.BigInteger; - -import org.bouncycastle.math.raw.Nat; -import org.bouncycastle.math.raw.Nat256; - -public class Curve25519Field -{ - private static final long M = 0xFFFFFFFFL; - - // 2^255 - 2^4 - 2^1 - 1 - static final int[] P = new int[]{ 0xFFFFFFED, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, - 0xFFFFFFFF, 0x7FFFFFFF }; - private static final int P7 = 0x7FFFFFFF; - private static final int[] PExt = new int[]{ 0x00000169, 0x00000000, 0x00000000, 0x00000000, 0x00000000, - 0x00000000, 0x00000000, 0x00000000, 0xFFFFFFED, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, - 0xFFFFFFFF, 0x3FFFFFFF }; - private static final int PInv = 0x13; - - public static void add(int[] x, int[] y, int[] z) - { - Nat256.add(x, y, z); - if (Nat256.gte(z, P)) - { - subPFrom(z); - } - } - - public static void addExt(int[] xx, int[] yy, int[] zz) - { - Nat.add(16, xx, yy, zz); - if (Nat.gte(16, zz, PExt)) - { - subPExtFrom(zz); - } - } - - public static void addOne(int[] x, int[] z) - { - Nat.inc(8, x, z); - if (Nat256.gte(z, P)) - { - subPFrom(z); - } - } - - public static int[] fromBigInteger(BigInteger x) - { - int[] z = Nat256.fromBigInteger(x); - while (Nat256.gte(z, P)) - { - Nat256.subFrom(P, z); - } - return z; - } - - public static void half(int[] x, int[] z) - { - if ((x[0] & 1) == 0) - { - Nat.shiftDownBit(8, x, 0, z); - } - else - { - Nat256.add(x, P, z); - Nat.shiftDownBit(8, z, 0); - } - } - - public static void multiply(int[] x, int[] y, int[] z) - { - int[] tt = Nat256.createExt(); - Nat256.mul(x, y, tt); - reduce(tt, z); - } - - public static void multiplyAddToExt(int[] x, int[] y, int[] zz) - { - Nat256.mulAddTo(x, y, zz); - if (Nat.gte(16, zz, PExt)) - { - subPExtFrom(zz); - } - } - - public static void negate(int[] x, int[] z) - { - if (Nat256.isZero(x)) - { - Nat256.zero(z); - } - else - { - Nat256.sub(P, x, z); - } - } - - public static void reduce(int[] xx, int[] z) - { -// assert xx[15] >>> 30 == 0; - - int xx07 = xx[7]; - Nat.shiftUpBit(8, xx, 8, xx07, z, 0); - int c = Nat256.mulByWordAddTo(PInv, xx, z) << 1; - int z7 = z[7]; - c += (z7 >>> 31) - (xx07 >>> 31); - z7 &= P7; - z7 += Nat.addWordTo(7, c * PInv, z); - z[7] = z7; - if (Nat256.gte(z, P)) - { - subPFrom(z); - } - } - - public static void reduce27(int x, int[] z) - { -// assert x >>> 26 == 0; - - int z7 = z[7]; - int c = (x << 1 | z7 >>> 31); - z7 &= P7; - z7 += Nat.addWordTo(7, c * PInv, z); - z[7] = z7; - if (Nat256.gte(z, P)) - { - subPFrom(z); - } - } - - public static void square(int[] x, int[] z) - { - int[] tt = Nat256.createExt(); - Nat256.square(x, tt); - reduce(tt, z); - } - - public static void squareN(int[] x, int n, int[] z) - { -// assert n > 0; - - int[] tt = Nat256.createExt(); - Nat256.square(x, tt); - reduce(tt, z); - - while (--n > 0) - { - Nat256.square(z, tt); - reduce(tt, z); - } - } - - public static void subtract(int[] x, int[] y, int[] z) - { - int c = Nat256.sub(x, y, z); - if (c != 0) - { - addPTo(z); - } - } - - public static void subtractExt(int[] xx, int[] yy, int[] zz) - { - int c = Nat.sub(16, xx, yy, zz); - if (c != 0) - { - addPExtTo(zz); - } - } - - public static void twice(int[] x, int[] z) - { - Nat.shiftUpBit(8, x, 0, z); - if (Nat256.gte(z, P)) - { - subPFrom(z); - } - } - - private static int addPTo(int[] z) - { - long c = (z[0] & M) - PInv; - z[0] = (int)c; - c >>= 32; - if (c != 0) - { - c = Nat.decAt(7, z, 1); - } - c += (z[7] & M) + ((P7 + 1) & M); - z[7] = (int)c; - c >>= 32; - return (int)c; - } - - private static int addPExtTo(int[] zz) - { - long c = (zz[0] & M) + (PExt[0] & M); - zz[0] = (int)c; - c >>= 32; - if (c != 0) - { - c = Nat.incAt(8, zz, 1); - } - c += (zz[8] & M) - PInv; - zz[8] = (int)c; - c >>= 32; - if (c != 0) - { - c = Nat.decAt(15, zz, 9); - } - c += (zz[15] & M) + ((PExt[15] + 1) & M); - zz[15] = (int)c; - c >>= 32; - return (int)c; - } - - private static int subPFrom(int[] z) - { - long c = (z[0] & M) + PInv; - z[0] = (int)c; - c >>= 32; - if (c != 0) - { - c = Nat.incAt(7, z, 1); - } - c += (z[7] & M) - ((P7 + 1) & M); - z[7] = (int)c; - c >>= 32; - return (int)c; - } - - private static int subPExtFrom(int[] zz) - { - long c = (zz[0] & M) - (PExt[0] & M); - zz[0] = (int)c; - c >>= 32; - if (c != 0) - { - c = Nat.decAt(8, zz, 1); - } - c += (zz[8] & M) + PInv; - zz[8] = (int)c; - c >>= 32; - if (c != 0) - { - c = Nat.incAt(15, zz, 9); - } - c += (zz[15] & M) - ((PExt[15] + 1) & M); - zz[15] = (int)c; - c >>= 32; - return (int)c; - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/djb/Curve25519FieldElement.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/djb/Curve25519FieldElement.java deleted file mode 100644 index c8e6120f..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/djb/Curve25519FieldElement.java +++ /dev/null @@ -1,234 +0,0 @@ -package org.bouncycastle.math.ec.custom.djb; - -import java.math.BigInteger; - -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.raw.Mod; -import org.bouncycastle.math.raw.Nat256; -import org.bouncycastle.util.Arrays; - -public class Curve25519FieldElement extends ECFieldElement.AbstractFp -{ - public static final BigInteger Q = Curve25519.q; - - // Calculated as ECConstants.TWO.modPow(Q.shiftRight(2), Q) - private static final int[] PRECOMP_POW2 = new int[]{ 0x4a0ea0b0, 0xc4ee1b27, 0xad2fe478, 0x2f431806, - 0x3dfbd7a7, 0x2b4d0099, 0x4fc1df0b, 0x2b832480 }; - - protected int[] x; - - public Curve25519FieldElement(BigInteger x) - { - if (x == null || x.signum() < 0 || x.compareTo(Q) >= 0) - { - throw new IllegalArgumentException("x value invalid for Curve25519FieldElement"); - } - - this.x = Curve25519Field.fromBigInteger(x); - } - - public Curve25519FieldElement() - { - this.x = Nat256.create(); - } - - protected Curve25519FieldElement(int[] x) - { - this.x = x; - } - - public boolean isZero() - { - return Nat256.isZero(x); - } - - public boolean isOne() - { - return Nat256.isOne(x); - } - - public boolean testBitZero() - { - return Nat256.getBit(x, 0) == 1; - } - - public BigInteger toBigInteger() - { - return Nat256.toBigInteger(x); - } - - public String getFieldName() - { - return "Curve25519Field"; - } - - public int getFieldSize() - { - return Q.bitLength(); - } - - public ECFieldElement add(ECFieldElement b) - { - int[] z = Nat256.create(); - Curve25519Field.add(x, ((Curve25519FieldElement)b).x, z); - return new Curve25519FieldElement(z); - } - - public ECFieldElement addOne() - { - int[] z = Nat256.create(); - Curve25519Field.addOne(x, z); - return new Curve25519FieldElement(z); - } - - public ECFieldElement subtract(ECFieldElement b) - { - int[] z = Nat256.create(); - Curve25519Field.subtract(x, ((Curve25519FieldElement)b).x, z); - return new Curve25519FieldElement(z); - } - - public ECFieldElement multiply(ECFieldElement b) - { - int[] z = Nat256.create(); - Curve25519Field.multiply(x, ((Curve25519FieldElement)b).x, z); - return new Curve25519FieldElement(z); - } - - public ECFieldElement divide(ECFieldElement b) - { -// return multiply(b.invert()); - int[] z = Nat256.create(); - Mod.invert(Curve25519Field.P, ((Curve25519FieldElement)b).x, z); - Curve25519Field.multiply(z, x, z); - return new Curve25519FieldElement(z); - } - - public ECFieldElement negate() - { - int[] z = Nat256.create(); - Curve25519Field.negate(x, z); - return new Curve25519FieldElement(z); - } - - public ECFieldElement square() - { - int[] z = Nat256.create(); - Curve25519Field.square(x, z); - return new Curve25519FieldElement(z); - } - - public ECFieldElement invert() - { -// return new Curve25519FieldElement(toBigInteger().modInverse(Q)); - int[] z = Nat256.create(); - Mod.invert(Curve25519Field.P, x, z); - return new Curve25519FieldElement(z); - } - - /** - * return a sqrt root - the routine verifies that the calculation returns the right value - if - * none exists it returns null. - */ - public ECFieldElement sqrt() - { - /* - * Q == 8m + 5, so we use Pocklington's method for this case. - * - * First, raise this element to the exponent 2^252 - 2^1 (i.e. m + 1) - * - * Breaking up the exponent's binary representation into "repunits", we get: - * { 251 1s } { 1 0s } - * - * Therefore we need an addition chain containing 251 (the lengths of the repunits) - * We use: 1, 2, 3, 4, 7, 11, 15, 30, 60, 120, 131, [251] - */ - - int[] x1 = this.x; - if (Nat256.isZero(x1) || Nat256.isOne(x1)) - { - return this; - } - - int[] x2 = Nat256.create(); - Curve25519Field.square(x1, x2); - Curve25519Field.multiply(x2, x1, x2); - int[] x3 = x2; - Curve25519Field.square(x2, x3); - Curve25519Field.multiply(x3, x1, x3); - int[] x4 = Nat256.create(); - Curve25519Field.square(x3, x4); - Curve25519Field.multiply(x4, x1, x4); - int[] x7 = Nat256.create(); - Curve25519Field.squareN(x4, 3, x7); - Curve25519Field.multiply(x7, x3, x7); - int[] x11 = x3; - Curve25519Field.squareN(x7, 4, x11); - Curve25519Field.multiply(x11, x4, x11); - int[] x15 = x7; - Curve25519Field.squareN(x11, 4, x15); - Curve25519Field.multiply(x15, x4, x15); - int[] x30 = x4; - Curve25519Field.squareN(x15, 15, x30); - Curve25519Field.multiply(x30, x15, x30); - int[] x60 = x15; - Curve25519Field.squareN(x30, 30, x60); - Curve25519Field.multiply(x60, x30, x60); - int[] x120 = x30; - Curve25519Field.squareN(x60, 60, x120); - Curve25519Field.multiply(x120, x60, x120); - int[] x131 = x60; - Curve25519Field.squareN(x120, 11, x131); - Curve25519Field.multiply(x131, x11, x131); - int[] x251 = x11; - Curve25519Field.squareN(x131, 120, x251); - Curve25519Field.multiply(x251, x120, x251); - - int[] t1 = x251; - Curve25519Field.square(t1, t1); - - int[] t2 = x120; - Curve25519Field.square(t1, t2); - - if (Nat256.eq(x1, t2)) - { - return new Curve25519FieldElement(t1); - } - - /* - * If the first guess is incorrect, we multiply by a precomputed power of 2 to get the second guess, - * which is ((4x)^(m + 1))/2 mod Q - */ - Curve25519Field.multiply(t1, PRECOMP_POW2, t1); - - Curve25519Field.square(t1, t2); - - if (Nat256.eq(x1, t2)) - { - return new Curve25519FieldElement(t1); - } - - return null; - } - - public boolean equals(Object other) - { - if (other == this) - { - return true; - } - - if (!(other instanceof Curve25519FieldElement)) - { - return false; - } - - Curve25519FieldElement o = (Curve25519FieldElement)other; - return Nat256.eq(x, o.x); - } - - public int hashCode() - { - return Q.hashCode() ^ Arrays.hashCode(x, 0, 8); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/djb/Curve25519Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/djb/Curve25519Point.java deleted file mode 100644 index b2700e30..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/djb/Curve25519Point.java +++ /dev/null @@ -1,348 +0,0 @@ -package org.bouncycastle.math.ec.custom.djb; - -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.raw.Nat256; - -public class Curve25519Point extends ECPoint.AbstractFp -{ - /** - * Create a point which encodes with point compression. - * - * @param curve the curve to use - * @param x affine x co-ordinate - * @param y affine y co-ordinate - * - * @deprecated Use ECCurve.createPoint to construct points - */ - public Curve25519Point(ECCurve curve, ECFieldElement x, ECFieldElement y) - { - this(curve, x, y, false); - } - - /** - * Create a point that encodes with or without point compresion. - * - * @param curve the curve to use - * @param x affine x co-ordinate - * @param y affine y co-ordinate - * @param withCompression if true encode with point compression - * - * @deprecated per-point compression property will be removed, refer {@link #getEncoded(boolean)} - */ - public Curve25519Point(ECCurve curve, ECFieldElement x, ECFieldElement y, boolean withCompression) - { - super(curve, x, y); - - if ((x == null) != (y == null)) - { - throw new IllegalArgumentException("Exactly one of the field elements is null"); - } - - this.withCompression = withCompression; - } - - Curve25519Point(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - super(curve, x, y, zs); - - this.withCompression = withCompression; - } - - protected ECPoint detach() - { - return new Curve25519Point(null, getAffineXCoord(), getAffineYCoord()); - } - - public ECFieldElement getZCoord(int index) - { - if (index == 1) - { - return getJacobianModifiedW(); - } - - return super.getZCoord(index); - } - - public ECPoint add(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return this; - } - if (this == b) - { - return twice(); - } - - ECCurve curve = this.getCurve(); - - Curve25519FieldElement X1 = (Curve25519FieldElement)this.x, Y1 = (Curve25519FieldElement)this.y, - Z1 = (Curve25519FieldElement)this.zs[0]; - Curve25519FieldElement X2 = (Curve25519FieldElement)b.getXCoord(), Y2 = (Curve25519FieldElement)b.getYCoord(), - Z2 = (Curve25519FieldElement)b.getZCoord(0); - - int c; - int[] tt1 = Nat256.createExt(); - int[] t2 = Nat256.create(); - int[] t3 = Nat256.create(); - int[] t4 = Nat256.create(); - - boolean Z1IsOne = Z1.isOne(); - int[] U2, S2; - if (Z1IsOne) - { - U2 = X2.x; - S2 = Y2.x; - } - else - { - S2 = t3; - Curve25519Field.square(Z1.x, S2); - - U2 = t2; - Curve25519Field.multiply(S2, X2.x, U2); - - Curve25519Field.multiply(S2, Z1.x, S2); - Curve25519Field.multiply(S2, Y2.x, S2); - } - - boolean Z2IsOne = Z2.isOne(); - int[] U1, S1; - if (Z2IsOne) - { - U1 = X1.x; - S1 = Y1.x; - } - else - { - S1 = t4; - Curve25519Field.square(Z2.x, S1); - - U1 = tt1; - Curve25519Field.multiply(S1, X1.x, U1); - - Curve25519Field.multiply(S1, Z2.x, S1); - Curve25519Field.multiply(S1, Y1.x, S1); - } - - int[] H = Nat256.create(); - Curve25519Field.subtract(U1, U2, H); - - int[] R = t2; - Curve25519Field.subtract(S1, S2, R); - - // Check if b == this or b == -this - if (Nat256.isZero(H)) - { - if (Nat256.isZero(R)) - { - // this == b, i.e. this must be doubled - return this.twice(); - } - - // this == -b, i.e. the result is the point at infinity - return curve.getInfinity(); - } - - int[] HSquared = Nat256.create(); - Curve25519Field.square(H, HSquared); - - int[] G = Nat256.create(); - Curve25519Field.multiply(HSquared, H, G); - - int[] V = t3; - Curve25519Field.multiply(HSquared, U1, V); - - Curve25519Field.negate(G, G); - Nat256.mul(S1, G, tt1); - - c = Nat256.addBothTo(V, V, G); - Curve25519Field.reduce27(c, G); - - Curve25519FieldElement X3 = new Curve25519FieldElement(t4); - Curve25519Field.square(R, X3.x); - Curve25519Field.subtract(X3.x, G, X3.x); - - Curve25519FieldElement Y3 = new Curve25519FieldElement(G); - Curve25519Field.subtract(V, X3.x, Y3.x); - Curve25519Field.multiplyAddToExt(Y3.x, R, tt1); - Curve25519Field.reduce(tt1, Y3.x); - - Curve25519FieldElement Z3 = new Curve25519FieldElement(H); - if (!Z1IsOne) - { - Curve25519Field.multiply(Z3.x, Z1.x, Z3.x); - } - if (!Z2IsOne) - { - Curve25519Field.multiply(Z3.x, Z2.x, Z3.x); - } - - int[] Z3Squared = (Z1IsOne && Z2IsOne) ? HSquared : null; - - // TODO If the result will only be used in a subsequent addition, we don't need W3 - Curve25519FieldElement W3 = calculateJacobianModifiedW((Curve25519FieldElement)Z3, Z3Squared); - - ECFieldElement[] zs = new ECFieldElement[]{ Z3, W3 }; - - return new Curve25519Point(curve, X3, Y3, zs, this.withCompression); - } - - public ECPoint twice() - { - if (this.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - ECFieldElement Y1 = this.y; - if (Y1.isZero()) - { - return curve.getInfinity(); - } - - return twiceJacobianModified(true); - } - - public ECPoint twicePlus(ECPoint b) - { - if (this == b) - { - return threeTimes(); - } - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return twice(); - } - - ECFieldElement Y1 = this.y; - if (Y1.isZero()) - { - return b; - } - - return twiceJacobianModified(false).add(b); - } - - public ECPoint threeTimes() - { - if (this.isInfinity()) - { - return this; - } - - ECFieldElement Y1 = this.y; - if (Y1.isZero()) - { - return this; - } - - return twiceJacobianModified(false).add(this); - } - - public ECPoint negate() - { - if (this.isInfinity()) - { - return this; - } - - return new Curve25519Point(this.getCurve(), this.x, this.y.negate(), this.zs, this.withCompression); - } - - protected Curve25519FieldElement calculateJacobianModifiedW(Curve25519FieldElement Z, int[] ZSquared) - { - Curve25519FieldElement a4 = (Curve25519FieldElement)this.getCurve().getA(); - if (Z.isOne()) - { - return a4; - } - - Curve25519FieldElement W = new Curve25519FieldElement(); - if (ZSquared == null) - { - ZSquared = W.x; - Curve25519Field.square(Z.x, ZSquared); - } - Curve25519Field.square(ZSquared, W.x); - Curve25519Field.multiply(W.x, a4.x, W.x); - return W; - } - - protected Curve25519FieldElement getJacobianModifiedW() - { - Curve25519FieldElement W = (Curve25519FieldElement)this.zs[1]; - if (W == null) - { - // NOTE: Rarely, twicePlus will result in the need for a lazy W1 calculation here - this.zs[1] = W = calculateJacobianModifiedW((Curve25519FieldElement)this.zs[0], null); - } - return W; - } - - protected Curve25519Point twiceJacobianModified(boolean calculateW) - { - Curve25519FieldElement X1 = (Curve25519FieldElement)this.x, Y1 = (Curve25519FieldElement)this.y, - Z1 = (Curve25519FieldElement)this.zs[0], W1 = getJacobianModifiedW(); - - int c; - - int[] M = Nat256.create(); - Curve25519Field.square(X1.x, M); - c = Nat256.addBothTo(M, M, M); - c += Nat256.addTo(W1.x, M); - Curve25519Field.reduce27(c, M); - - int[] _2Y1 = Nat256.create(); - Curve25519Field.twice(Y1.x, _2Y1); - - int[] _2Y1Squared = Nat256.create(); - Curve25519Field.multiply(_2Y1, Y1.x, _2Y1Squared); - - int[] S = Nat256.create(); - Curve25519Field.multiply(_2Y1Squared, X1.x, S); - Curve25519Field.twice(S, S); - - int[] _8T = Nat256.create(); - Curve25519Field.square(_2Y1Squared, _8T); - Curve25519Field.twice(_8T, _8T); - - Curve25519FieldElement X3 = new Curve25519FieldElement(_2Y1Squared); - Curve25519Field.square(M, X3.x); - Curve25519Field.subtract(X3.x, S, X3.x); - Curve25519Field.subtract(X3.x, S, X3.x); - - Curve25519FieldElement Y3 = new Curve25519FieldElement(S); - Curve25519Field.subtract(S, X3.x, Y3.x); - Curve25519Field.multiply(Y3.x, M, Y3.x); - Curve25519Field.subtract(Y3.x, _8T, Y3.x); - - Curve25519FieldElement Z3 = new Curve25519FieldElement(_2Y1); - if (!Nat256.isOne(Z1.x)) - { - Curve25519Field.multiply(Z3.x, Z1.x, Z3.x); - } - - Curve25519FieldElement W3 = null; - if (calculateW) - { - W3 = new Curve25519FieldElement(_8T); - Curve25519Field.multiply(W3.x, W1.x, W3.x); - Curve25519Field.twice(W3.x, W3.x); - } - - return new Curve25519Point(this.getCurve(), X3, Y3, new ECFieldElement[]{ Z3, W3 }, this.withCompression); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/djb/package.html b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/djb/package.html deleted file mode 100644 index 344418b9..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/djb/package.html +++ /dev/null @@ -1,7 +0,0 @@ -<html> -<body bgcolor="#ffffff"> -Experimental implementation of curve25519. Note that the curve implementation is in the short-Weierstrass form, -which is not the recommended (nor most suitable) approach. In particular, the input/output conventions are not -compliant with standard implementations, and point conversions would be needed to interoperate. -</body> -</html> diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/gm/SM2P256V1Curve.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/gm/SM2P256V1Curve.java deleted file mode 100644 index e88746f3..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/gm/SM2P256V1Curve.java +++ /dev/null @@ -1,127 +0,0 @@ -package org.bouncycastle.math.ec.custom.gm; - -import java.math.BigInteger; - -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECLookupTable; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.raw.Nat256; -import org.bouncycastle.util.encoders.Hex; - -public class SM2P256V1Curve extends ECCurve.AbstractFp -{ - public static final BigInteger q = new BigInteger(1, - Hex.decode("FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF")); - - private static final int SM2P256V1_DEFAULT_COORDS = COORD_JACOBIAN; - - protected SM2P256V1Point infinity; - - public SM2P256V1Curve() - { - super(q); - - this.infinity = new SM2P256V1Point(this, null, null); - - this.a = fromBigInteger(new BigInteger(1, - Hex.decode("FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFC"))); - this.b = fromBigInteger(new BigInteger(1, - Hex.decode("28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93"))); - this.order = new BigInteger(1, Hex.decode("FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123")); - this.cofactor = BigInteger.valueOf(1); - - this.coord = SM2P256V1_DEFAULT_COORDS; - } - - protected ECCurve cloneCurve() - { - return new SM2P256V1Curve(); - } - - public boolean supportsCoordinateSystem(int coord) - { - switch (coord) - { - case COORD_JACOBIAN: - return true; - default: - return false; - } - } - - public BigInteger getQ() - { - return q; - } - - public int getFieldSize() - { - return q.bitLength(); - } - - public ECFieldElement fromBigInteger(BigInteger x) - { - return new SM2P256V1FieldElement(x); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, boolean withCompression) - { - return new SM2P256V1Point(this, x, y, withCompression); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - return new SM2P256V1Point(this, x, y, zs, withCompression); - } - - public ECPoint getInfinity() - { - return infinity; - } - - public ECLookupTable createCacheSafeLookupTable(ECPoint[] points, int off, final int len) - { - final int FE_INTS = 8; - - final int[] table = new int[len * FE_INTS * 2]; - { - int pos = 0; - for (int i = 0; i < len; ++i) - { - ECPoint p = points[off + i]; - Nat256.copy(((SM2P256V1FieldElement)p.getRawXCoord()).x, 0, table, pos); pos += FE_INTS; - Nat256.copy(((SM2P256V1FieldElement)p.getRawYCoord()).x, 0, table, pos); pos += FE_INTS; - } - } - - return new ECLookupTable() - { - public int getSize() - { - return len; - } - - public ECPoint lookup(int index) - { - int[] x = Nat256.create(), y = Nat256.create(); - int pos = 0; - - for (int i = 0; i < len; ++i) - { - int MASK = ((i ^ index) - 1) >> 31; - - for (int j = 0; j < FE_INTS; ++j) - { - x[j] ^= table[pos + j] & MASK; - y[j] ^= table[pos + FE_INTS + j] & MASK; - } - - pos += (FE_INTS * 2); - } - - return createRawPoint(new SM2P256V1FieldElement(x), new SM2P256V1FieldElement(y), false); - } - }; - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/gm/SM2P256V1Field.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/gm/SM2P256V1Field.java deleted file mode 100644 index 3304d0da..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/gm/SM2P256V1Field.java +++ /dev/null @@ -1,308 +0,0 @@ -package org.bouncycastle.math.ec.custom.gm; - -import java.math.BigInteger; - -import org.bouncycastle.math.raw.Nat; -import org.bouncycastle.math.raw.Nat256; - -public class SM2P256V1Field -{ - private static final long M = 0xFFFFFFFFL; - - // 2^256 - 2^224 - 2^96 + 2^64 - 1 - static final int[] P = new int[]{ 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, - 0xFFFFFFFF, 0xFFFFFFFE }; - static final int[] PExt = new int[]{ 00000001, 0x00000000, 0xFFFFFFFE, 0x00000001, 0x00000001, - 0xFFFFFFFE, 0x00000000, 0x00000002, 0xFFFFFFFE, 0xFFFFFFFD, 0x00000003, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, - 0x00000000, 0xFFFFFFFE }; - private static final int P7s1 = 0xFFFFFFFE >>> 1; - private static final int PExt15s1 = 0xFFFFFFFE >>> 1; - - public static void add(int[] x, int[] y, int[] z) - { - int c = Nat256.add(x, y, z); - if (c != 0 || ((z[7] >>> 1) >= P7s1 && Nat256.gte(z, P))) - { - addPInvTo(z); - } - } - - public static void addExt(int[] xx, int[] yy, int[] zz) - { - int c = Nat.add(16, xx, yy, zz); - if (c != 0 || ((zz[15] >>> 1) >= PExt15s1 && Nat.gte(16, zz, PExt))) - { - Nat.subFrom(16, PExt, zz); - } - } - - public static void addOne(int[] x, int[] z) - { - int c = Nat.inc(8, x, z); - if (c != 0 || ((z[7] >>> 1) >= P7s1 && Nat256.gte(z, P))) - { - addPInvTo(z); - } - } - - public static int[] fromBigInteger(BigInteger x) - { - int[] z = Nat256.fromBigInteger(x); - if ((z[7] >>> 1) >= P7s1 && Nat256.gte(z, P)) - { - Nat256.subFrom(P, z); - } - return z; - } - - public static void half(int[] x, int[] z) - { - if ((x[0] & 1) == 0) - { - Nat.shiftDownBit(8, x, 0, z); - } - else - { - int c = Nat256.add(x, P, z); - Nat.shiftDownBit(8, z, c); - } - } - - public static void multiply(int[] x, int[] y, int[] z) - { - int[] tt = Nat256.createExt(); - Nat256.mul(x, y, tt); - reduce(tt, z); - } - - public static void multiplyAddToExt(int[] x, int[] y, int[] zz) - { - int c = Nat256.mulAddTo(x, y, zz); - if (c != 0 || ((zz[15] >>> 1) >= PExt15s1 && Nat.gte(16, zz, PExt))) - { - Nat.subFrom(16, PExt, zz); - } - } - - public static void negate(int[] x, int[] z) - { - if (Nat256.isZero(x)) - { - Nat256.zero(z); - } - else - { - Nat256.sub(P, x, z); - } - } - - public static void reduce(int[] xx, int[] z) - { - long xx08 = xx[8] & M, xx09 = xx[9] & M, xx10 = xx[10] & M, xx11 = xx[11] & M; - long xx12 = xx[12] & M, xx13 = xx[13] & M, xx14 = xx[14] & M, xx15 = xx[15] & M; - - long t0 = xx08 + xx09; - long t1 = xx10 + xx11; - long t2 = xx12 + xx15; - long t3 = xx13 + xx14; - long t4 = t3 + (xx15 << 1); - - long ts = t0 + t3; - long tt = t1 + t2 + ts; - - long cc = 0; - cc += (xx[0] & M) + tt + xx13 + xx14 + xx15; - z[0] = (int)cc; - cc >>= 32; - cc += (xx[1] & M) + tt - xx08 + xx14 + xx15; - z[1] = (int)cc; - cc >>= 32; - cc += (xx[2] & M) - ts; - z[2] = (int)cc; - cc >>= 32; - cc += (xx[3] & M) + tt - xx09 - xx10 + xx13; - z[3] = (int)cc; - cc >>= 32; - cc += (xx[4] & M) + tt - t1 - xx08 + xx14; - z[4] = (int)cc; - cc >>= 32; - cc += (xx[5] & M) + t4 + xx10; - z[5] = (int)cc; - cc >>= 32; - cc += (xx[6] & M) + xx11 + xx14 + xx15; - z[6] = (int)cc; - cc >>= 32; - cc += (xx[7] & M) + tt + t4 + xx12; - z[7] = (int)cc; - cc >>= 32; - -// assert cc >= 0; - - reduce32((int)cc, z); - } - - public static void reduce32(int x, int[] z) - { - long cc = 0; - - if (x != 0) - { - long xx08 = x & M; - - cc += (z[0] & M) + xx08; - z[0] = (int)cc; - cc >>= 32; - if (cc != 0) - { - cc += (z[1] & M); - z[1] = (int)cc; - cc >>= 32; - } - cc += (z[2] & M) - xx08; - z[2] = (int)cc; - cc >>= 32; - cc += (z[3] & M) + xx08; - z[3] = (int)cc; - cc >>= 32; - if (cc != 0) - { - cc += (z[4] & M); - z[4] = (int)cc; - cc >>= 32; - cc += (z[5] & M); - z[5] = (int)cc; - cc >>= 32; - cc += (z[6] & M); - z[6] = (int)cc; - cc >>= 32; - } - cc += (z[7] & M) + xx08; - z[7] = (int)cc; - cc >>= 32; - -// assert cc == 0 || cc == 1; - } - - if (cc != 0 || ((z[7] >>> 1) >= P7s1 && Nat256.gte(z, P))) - { - addPInvTo(z); - } - } - - public static void square(int[] x, int[] z) - { - int[] tt = Nat256.createExt(); - Nat256.square(x, tt); - reduce(tt, z); - } - - public static void squareN(int[] x, int n, int[] z) - { -// assert n > 0; - - int[] tt = Nat256.createExt(); - Nat256.square(x, tt); - reduce(tt, z); - - while (--n > 0) - { - Nat256.square(z, tt); - reduce(tt, z); - } - } - - public static void subtract(int[] x, int[] y, int[] z) - { - int c = Nat256.sub(x, y, z); - if (c != 0) - { - subPInvFrom(z); - } - } - - public static void subtractExt(int[] xx, int[] yy, int[] zz) - { - int c = Nat.sub(16, xx, yy, zz); - if (c != 0) - { - Nat.addTo(16, PExt, zz); - } - } - - public static void twice(int[] x, int[] z) - { - int c = Nat.shiftUpBit(8, x, 0, z); - if (c != 0 || ((z[7] >>> 1) >= P7s1 && Nat256.gte(z, P))) - { - addPInvTo(z); - } - } - - private static void addPInvTo(int[] z) - { - long c = (z[0] & M) + 1; - z[0] = (int)c; - c >>= 32; - if (c != 0) - { - c += (z[1] & M); - z[1] = (int)c; - c >>= 32; - } - c += (z[2] & M) - 1; - z[2] = (int)c; - c >>= 32; - c += (z[3] & M) + 1; - z[3] = (int)c; - c >>= 32; - if (c != 0) - { - c += (z[4] & M); - z[4] = (int)c; - c >>= 32; - c += (z[5] & M); - z[5] = (int)c; - c >>= 32; - c += (z[6] & M); - z[6] = (int)c; - c >>= 32; - } - c += (z[7] & M) + 1; - z[7] = (int)c; -// c >>= 32; - } - - private static void subPInvFrom(int[] z) - { - long c = (z[0] & M) - 1; - z[0] = (int)c; - c >>= 32; - if (c != 0) - { - c += (z[1] & M); - z[1] = (int)c; - c >>= 32; - } - c += (z[2] & M) + 1; - z[2] = (int)c; - c >>= 32; - c += (z[3] & M) - 1; - z[3] = (int)c; - c >>= 32; - if (c != 0) - { - c += (z[4] & M); - z[4] = (int)c; - c >>= 32; - c += (z[5] & M); - z[5] = (int)c; - c >>= 32; - c += (z[6] & M); - z[6] = (int)c; - c >>= 32; - } - c += (z[7] & M) - 1; - z[7] = (int)c; -// c >>= 32; - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/gm/SM2P256V1FieldElement.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/gm/SM2P256V1FieldElement.java deleted file mode 100644 index 2d5b06e6..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/gm/SM2P256V1FieldElement.java +++ /dev/null @@ -1,210 +0,0 @@ -package org.bouncycastle.math.ec.custom.gm; - -import java.math.BigInteger; - -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.raw.Mod; -import org.bouncycastle.math.raw.Nat256; -import org.bouncycastle.util.Arrays; - -public class SM2P256V1FieldElement extends ECFieldElement.AbstractFp -{ - public static final BigInteger Q = SM2P256V1Curve.q; - - protected int[] x; - - public SM2P256V1FieldElement(BigInteger x) - { - if (x == null || x.signum() < 0 || x.compareTo(Q) >= 0) - { - throw new IllegalArgumentException("x value invalid for SM2P256V1FieldElement"); - } - - this.x = SM2P256V1Field.fromBigInteger(x); - } - - public SM2P256V1FieldElement() - { - this.x = Nat256.create(); - } - - protected SM2P256V1FieldElement(int[] x) - { - this.x = x; - } - - public boolean isZero() - { - return Nat256.isZero(x); - } - - public boolean isOne() - { - return Nat256.isOne(x); - } - - public boolean testBitZero() - { - return Nat256.getBit(x, 0) == 1; - } - - public BigInteger toBigInteger() - { - return Nat256.toBigInteger(x); - } - - public String getFieldName() - { - return "SM2P256V1Field"; - } - - public int getFieldSize() - { - return Q.bitLength(); - } - - public ECFieldElement add(ECFieldElement b) - { - int[] z = Nat256.create(); - SM2P256V1Field.add(x, ((SM2P256V1FieldElement)b).x, z); - return new SM2P256V1FieldElement(z); - } - - public ECFieldElement addOne() - { - int[] z = Nat256.create(); - SM2P256V1Field.addOne(x, z); - return new SM2P256V1FieldElement(z); - } - - public ECFieldElement subtract(ECFieldElement b) - { - int[] z = Nat256.create(); - SM2P256V1Field.subtract(x, ((SM2P256V1FieldElement)b).x, z); - return new SM2P256V1FieldElement(z); - } - - public ECFieldElement multiply(ECFieldElement b) - { - int[] z = Nat256.create(); - SM2P256V1Field.multiply(x, ((SM2P256V1FieldElement)b).x, z); - return new SM2P256V1FieldElement(z); - } - - public ECFieldElement divide(ECFieldElement b) - { -// return multiply(b.invert()); - int[] z = Nat256.create(); - Mod.invert(SM2P256V1Field.P, ((SM2P256V1FieldElement)b).x, z); - SM2P256V1Field.multiply(z, x, z); - return new SM2P256V1FieldElement(z); - } - - public ECFieldElement negate() - { - int[] z = Nat256.create(); - SM2P256V1Field.negate(x, z); - return new SM2P256V1FieldElement(z); - } - - public ECFieldElement square() - { - int[] z = Nat256.create(); - SM2P256V1Field.square(x, z); - return new SM2P256V1FieldElement(z); - } - - public ECFieldElement invert() - { -// return new SM2P256V1FieldElement(toBigInteger().modInverse(Q)); - int[] z = Nat256.create(); - Mod.invert(SM2P256V1Field.P, x, z); - return new SM2P256V1FieldElement(z); - } - - /** - * return a sqrt root - the routine verifies that the calculation returns the right value - if - * none exists it returns null. - */ - public ECFieldElement sqrt() - { - /* - * Raise this element to the exponent 2^254 - 2^222 - 2^94 + 2^62 - * - * Breaking up the exponent's binary representation into "repunits", we get: - * { 31 1s } { 1 0s } { 128 1s } { 31 0s } { 1 1s } { 62 0s} - * - * We use an addition chain for the beginning: [1], 2, 3, 6, 12, [24], 30, [31] - */ - - int[] x1 = this.x; - if (Nat256.isZero(x1) || Nat256.isOne(x1)) - { - return this; - } - - int[] x2 = Nat256.create(); - SM2P256V1Field.square(x1, x2); - SM2P256V1Field.multiply(x2, x1, x2); - int[] x4 = Nat256.create(); - SM2P256V1Field.squareN(x2, 2, x4); - SM2P256V1Field.multiply(x4, x2, x4); - int[] x6 = Nat256.create(); - SM2P256V1Field.squareN(x4, 2, x6); - SM2P256V1Field.multiply(x6, x2, x6); - int[] x12 = x2; - SM2P256V1Field.squareN(x6, 6, x12); - SM2P256V1Field.multiply(x12, x6, x12); - int[] x24 = Nat256.create(); - SM2P256V1Field.squareN(x12, 12, x24); - SM2P256V1Field.multiply(x24, x12, x24); - int[] x30 = x12; - SM2P256V1Field.squareN(x24, 6, x30); - SM2P256V1Field.multiply(x30, x6, x30); - int[] x31 = x6; - SM2P256V1Field.square(x30, x31); - SM2P256V1Field.multiply(x31, x1, x31); - - int[] t1 = x24; - SM2P256V1Field.squareN(x31, 31, t1); - - int[] x62 = x30; - SM2P256V1Field.multiply(t1, x31, x62); - - SM2P256V1Field.squareN(t1, 32, t1); - SM2P256V1Field.multiply(t1, x62, t1); - SM2P256V1Field.squareN(t1, 62, t1); - SM2P256V1Field.multiply(t1, x62, t1); - SM2P256V1Field.squareN(t1, 4, t1); - SM2P256V1Field.multiply(t1, x4, t1); - SM2P256V1Field.squareN(t1, 32, t1); - SM2P256V1Field.multiply(t1, x1, t1); - SM2P256V1Field.squareN(t1, 62, t1); - - int[] t2 = x4; - SM2P256V1Field.square(t1, t2); - - return Nat256.eq(x1, t2) ? new SM2P256V1FieldElement(t1) : null; - } - - public boolean equals(Object other) - { - if (other == this) - { - return true; - } - - if (!(other instanceof SM2P256V1FieldElement)) - { - return false; - } - - SM2P256V1FieldElement o = (SM2P256V1FieldElement)other; - return Nat256.eq(x, o.x); - } - - public int hashCode() - { - return Q.hashCode() ^ Arrays.hashCode(x, 0, 8); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/gm/SM2P256V1Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/gm/SM2P256V1Point.java deleted file mode 100644 index 7cc174a0..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/gm/SM2P256V1Point.java +++ /dev/null @@ -1,308 +0,0 @@ -package org.bouncycastle.math.ec.custom.gm; - -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.raw.Nat; -import org.bouncycastle.math.raw.Nat256; - -public class SM2P256V1Point extends ECPoint.AbstractFp -{ - /** - * Create a point which encodes with point compression. - * - * @param curve - * the curve to use - * @param x - * affine x co-ordinate - * @param y - * affine y co-ordinate - * - * @deprecated Use ECCurve.createPoint to construct points - */ - public SM2P256V1Point(ECCurve curve, ECFieldElement x, ECFieldElement y) - { - this(curve, x, y, false); - } - - /** - * Create a point that encodes with or without point compresion. - * - * @param curve - * the curve to use - * @param x - * affine x co-ordinate - * @param y - * affine y co-ordinate - * @param withCompression - * if true encode with point compression - * - * @deprecated per-point compression property will be removed, refer - * {@link #getEncoded(boolean)} - */ - public SM2P256V1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, boolean withCompression) - { - super(curve, x, y); - - if ((x == null) != (y == null)) - { - throw new IllegalArgumentException("Exactly one of the field elements is null"); - } - - this.withCompression = withCompression; - } - - SM2P256V1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - super(curve, x, y, zs); - - this.withCompression = withCompression; - } - - protected ECPoint detach() - { - return new SM2P256V1Point(null, getAffineXCoord(), getAffineYCoord()); - } - - public ECPoint add(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return this; - } - if (this == b) - { - return twice(); - } - - ECCurve curve = this.getCurve(); - - SM2P256V1FieldElement X1 = (SM2P256V1FieldElement)this.x, Y1 = (SM2P256V1FieldElement)this.y; - SM2P256V1FieldElement X2 = (SM2P256V1FieldElement)b.getXCoord(), Y2 = (SM2P256V1FieldElement)b.getYCoord(); - - SM2P256V1FieldElement Z1 = (SM2P256V1FieldElement)this.zs[0]; - SM2P256V1FieldElement Z2 = (SM2P256V1FieldElement)b.getZCoord(0); - - int c; - int[] tt1 = Nat256.createExt(); - int[] t2 = Nat256.create(); - int[] t3 = Nat256.create(); - int[] t4 = Nat256.create(); - - boolean Z1IsOne = Z1.isOne(); - int[] U2, S2; - if (Z1IsOne) - { - U2 = X2.x; - S2 = Y2.x; - } - else - { - S2 = t3; - SM2P256V1Field.square(Z1.x, S2); - - U2 = t2; - SM2P256V1Field.multiply(S2, X2.x, U2); - - SM2P256V1Field.multiply(S2, Z1.x, S2); - SM2P256V1Field.multiply(S2, Y2.x, S2); - } - - boolean Z2IsOne = Z2.isOne(); - int[] U1, S1; - if (Z2IsOne) - { - U1 = X1.x; - S1 = Y1.x; - } - else - { - S1 = t4; - SM2P256V1Field.square(Z2.x, S1); - - U1 = tt1; - SM2P256V1Field.multiply(S1, X1.x, U1); - - SM2P256V1Field.multiply(S1, Z2.x, S1); - SM2P256V1Field.multiply(S1, Y1.x, S1); - } - - int[] H = Nat256.create(); - SM2P256V1Field.subtract(U1, U2, H); - - int[] R = t2; - SM2P256V1Field.subtract(S1, S2, R); - - // Check if b == this or b == -this - if (Nat256.isZero(H)) - { - if (Nat256.isZero(R)) - { - // this == b, i.e. this must be doubled - return this.twice(); - } - - // this == -b, i.e. the result is the point at infinity - return curve.getInfinity(); - } - - int[] HSquared = t3; - SM2P256V1Field.square(H, HSquared); - - int[] G = Nat256.create(); - SM2P256V1Field.multiply(HSquared, H, G); - - int[] V = t3; - SM2P256V1Field.multiply(HSquared, U1, V); - - SM2P256V1Field.negate(G, G); - Nat256.mul(S1, G, tt1); - - c = Nat256.addBothTo(V, V, G); - SM2P256V1Field.reduce32(c, G); - - SM2P256V1FieldElement X3 = new SM2P256V1FieldElement(t4); - SM2P256V1Field.square(R, X3.x); - SM2P256V1Field.subtract(X3.x, G, X3.x); - - SM2P256V1FieldElement Y3 = new SM2P256V1FieldElement(G); - SM2P256V1Field.subtract(V, X3.x, Y3.x); - SM2P256V1Field.multiplyAddToExt(Y3.x, R, tt1); - SM2P256V1Field.reduce(tt1, Y3.x); - - SM2P256V1FieldElement Z3 = new SM2P256V1FieldElement(H); - if (!Z1IsOne) - { - SM2P256V1Field.multiply(Z3.x, Z1.x, Z3.x); - } - if (!Z2IsOne) - { - SM2P256V1Field.multiply(Z3.x, Z2.x, Z3.x); - } - - ECFieldElement[] zs = new ECFieldElement[]{ Z3 }; - - return new SM2P256V1Point(curve, X3, Y3, zs, this.withCompression); - } - - public ECPoint twice() - { - if (this.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - SM2P256V1FieldElement Y1 = (SM2P256V1FieldElement)this.y; - if (Y1.isZero()) - { - return curve.getInfinity(); - } - - SM2P256V1FieldElement X1 = (SM2P256V1FieldElement)this.x, Z1 = (SM2P256V1FieldElement)this.zs[0]; - - int c; - int[] t1 = Nat256.create(); - int[] t2 = Nat256.create(); - - int[] Y1Squared = Nat256.create(); - SM2P256V1Field.square(Y1.x, Y1Squared); - - int[] T = Nat256.create(); - SM2P256V1Field.square(Y1Squared, T); - - boolean Z1IsOne = Z1.isOne(); - - int[] Z1Squared = Z1.x; - if (!Z1IsOne) - { - Z1Squared = t2; - SM2P256V1Field.square(Z1.x, Z1Squared); - } - - SM2P256V1Field.subtract(X1.x, Z1Squared, t1); - - int[] M = t2; - SM2P256V1Field.add(X1.x, Z1Squared, M); - SM2P256V1Field.multiply(M, t1, M); - c = Nat256.addBothTo(M, M, M); - SM2P256V1Field.reduce32(c, M); - - int[] S = Y1Squared; - SM2P256V1Field.multiply(Y1Squared, X1.x, S); - c = Nat.shiftUpBits(8, S, 2, 0); - SM2P256V1Field.reduce32(c, S); - - c = Nat.shiftUpBits(8, T, 3, 0, t1); - SM2P256V1Field.reduce32(c, t1); - - SM2P256V1FieldElement X3 = new SM2P256V1FieldElement(T); - SM2P256V1Field.square(M, X3.x); - SM2P256V1Field.subtract(X3.x, S, X3.x); - SM2P256V1Field.subtract(X3.x, S, X3.x); - - SM2P256V1FieldElement Y3 = new SM2P256V1FieldElement(S); - SM2P256V1Field.subtract(S, X3.x, Y3.x); - SM2P256V1Field.multiply(Y3.x, M, Y3.x); - SM2P256V1Field.subtract(Y3.x, t1, Y3.x); - - SM2P256V1FieldElement Z3 = new SM2P256V1FieldElement(M); - SM2P256V1Field.twice(Y1.x, Z3.x); - if (!Z1IsOne) - { - SM2P256V1Field.multiply(Z3.x, Z1.x, Z3.x); - } - - return new SM2P256V1Point(curve, X3, Y3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint twicePlus(ECPoint b) - { - if (this == b) - { - return threeTimes(); - } - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return twice(); - } - - ECFieldElement Y1 = this.y; - if (Y1.isZero()) - { - return b; - } - - return twice().add(b); - } - - public ECPoint threeTimes() - { - if (this.isInfinity() || this.y.isZero()) - { - return this; - } - - // NOTE: Be careful about recursions between twicePlus and threeTimes - return twice().add(this); - } - - public ECPoint negate() - { - if (this.isInfinity()) - { - return this; - } - - return new SM2P256V1Point(curve, this.x, this.y.negate(), this.zs, this.withCompression); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/gm/package.html b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/gm/package.html deleted file mode 100644 index 1d0567e6..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/gm/package.html +++ /dev/null @@ -1,5 +0,0 @@ -<html> -<body bgcolor="#ffffff"> -Custom implementation of SM2 EC curve, SM2-P256V1. -</body> -</html> diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP128R1Curve.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP128R1Curve.java deleted file mode 100644 index 59a9993d..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP128R1Curve.java +++ /dev/null @@ -1,127 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECLookupTable; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.raw.Nat128; -import org.bouncycastle.util.encoders.Hex; - -public class SecP128R1Curve extends ECCurve.AbstractFp -{ - public static final BigInteger q = new BigInteger(1, - Hex.decode("FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF")); - - private static final int SecP128R1_DEFAULT_COORDS = COORD_JACOBIAN; - - protected SecP128R1Point infinity; - - public SecP128R1Curve() - { - super(q); - - this.infinity = new SecP128R1Point(this, null, null); - - this.a = fromBigInteger(new BigInteger(1, - Hex.decode("FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC"))); - this.b = fromBigInteger(new BigInteger(1, - Hex.decode("E87579C11079F43DD824993C2CEE5ED3"))); - this.order = new BigInteger(1, Hex.decode("FFFFFFFE0000000075A30D1B9038A115")); - this.cofactor = BigInteger.valueOf(1); - - this.coord = SecP128R1_DEFAULT_COORDS; - } - - protected ECCurve cloneCurve() - { - return new SecP128R1Curve(); - } - - public boolean supportsCoordinateSystem(int coord) - { - switch (coord) - { - case COORD_JACOBIAN: - return true; - default: - return false; - } - } - - public BigInteger getQ() - { - return q; - } - - public int getFieldSize() - { - return q.bitLength(); - } - - public ECFieldElement fromBigInteger(BigInteger x) - { - return new SecP128R1FieldElement(x); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, boolean withCompression) - { - return new SecP128R1Point(this, x, y, withCompression); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - return new SecP128R1Point(this, x, y, zs, withCompression); - } - - public ECPoint getInfinity() - { - return infinity; - } - - public ECLookupTable createCacheSafeLookupTable(ECPoint[] points, int off, final int len) - { - final int FE_INTS = 4; - - final int[] table = new int[len * FE_INTS * 2]; - { - int pos = 0; - for (int i = 0; i < len; ++i) - { - ECPoint p = points[off + i]; - Nat128.copy(((SecP128R1FieldElement)p.getRawXCoord()).x, 0, table, pos); pos += FE_INTS; - Nat128.copy(((SecP128R1FieldElement)p.getRawYCoord()).x, 0, table, pos); pos += FE_INTS; - } - } - - return new ECLookupTable() - { - public int getSize() - { - return len; - } - - public ECPoint lookup(int index) - { - int[] x = Nat128.create(), y = Nat128.create(); - int pos = 0; - - for (int i = 0; i < len; ++i) - { - int MASK = ((i ^ index) - 1) >> 31; - - for (int j = 0; j < FE_INTS; ++j) - { - x[j] ^= table[pos + j] & MASK; - y[j] ^= table[pos + FE_INTS + j] & MASK; - } - - pos += (FE_INTS * 2); - } - - return createRawPoint(new SecP128R1FieldElement(x), new SecP128R1FieldElement(y), false); - } - }; - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP128R1Field.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP128R1Field.java deleted file mode 100644 index f77ba399..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP128R1Field.java +++ /dev/null @@ -1,220 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.raw.Nat; -import org.bouncycastle.math.raw.Nat128; -import org.bouncycastle.math.raw.Nat256; - -public class SecP128R1Field -{ - private static final long M = 0xFFFFFFFFL; - - // 2^128 - 2^97 - 1 - static final int[] P = new int[] { 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFD }; - static final int[] PExt = new int[] { 0x00000001, 0x00000000, 0x00000000, 0x00000004, 0xFFFFFFFE, - 0xFFFFFFFF, 0x00000003, 0xFFFFFFFC }; - private static final int[] PExtInv = new int[]{ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFB, - 0x00000001, 0x00000000, 0xFFFFFFFC, 0x00000003 }; - private static final int P3s1 = 0xFFFFFFFD >>> 1; - private static final int PExt7s1 = 0xFFFFFFFC >>> 1; - - public static void add(int[] x, int[] y, int[] z) - { - int c = Nat128.add(x, y, z); - if (c != 0 || ((z[3] >>> 1) >= P3s1 && Nat128.gte(z, P))) - { - addPInvTo(z); - } - } - - public static void addExt(int[] xx, int[] yy, int[] zz) - { - int c = Nat256.add(xx, yy, zz); - if (c != 0 || ((zz[7] >>> 1) >= PExt7s1 && Nat256.gte(zz, PExt))) - { - Nat.addTo(PExtInv.length, PExtInv, zz); - } - } - - public static void addOne(int[] x, int[] z) - { - int c = Nat.inc(4, x, z); - if (c != 0 || ((z[3] >>> 1) >= P3s1 && Nat128.gte(z, P))) - { - addPInvTo(z); - } - } - - public static int[] fromBigInteger(BigInteger x) - { - int[] z = Nat128.fromBigInteger(x); - if ((z[3] >>> 1) >= P3s1 && Nat128.gte(z, P)) - { - Nat128.subFrom(P, z); - } - return z; - } - - public static void half(int[] x, int[] z) - { - if ((x[0] & 1) == 0) - { - Nat.shiftDownBit(4, x, 0, z); - } - else - { - int c = Nat128.add(x, P, z); - Nat.shiftDownBit(4, z, c); - } - } - - public static void multiply(int[] x, int[] y, int[] z) - { - int[] tt = Nat128.createExt(); - Nat128.mul(x, y, tt); - reduce(tt, z); - } - - public static void multiplyAddToExt(int[] x, int[] y, int[] zz) - { - int c = Nat128.mulAddTo(x, y, zz); - if (c != 0 || ((zz[7] >>> 1) >= PExt7s1 && Nat256.gte(zz, PExt))) - { - Nat.addTo(PExtInv.length, PExtInv, zz); - } - } - - public static void negate(int[] x, int[] z) - { - if (Nat128.isZero(x)) - { - Nat128.zero(z); - } - else - { - Nat128.sub(P, x, z); - } - } - - public static void reduce(int[] xx, int[] z) - { - long x0 = xx[0] & M, x1 = xx[1] & M, x2 = xx[2] & M, x3 = xx[3] & M; - long x4 = xx[4] & M, x5 = xx[5] & M, x6 = xx[6] & M, x7 = xx[7] & M; - - x3 += x7; x6 += (x7 << 1); - x2 += x6; x5 += (x6 << 1); - x1 += x5; x4 += (x5 << 1); - x0 += x4; x3 += (x4 << 1); - - z[0] = (int)x0; x1 += (x0 >>> 32); - z[1] = (int)x1; x2 += (x1 >>> 32); - z[2] = (int)x2; x3 += (x2 >>> 32); - z[3] = (int)x3; - - reduce32((int)(x3 >>> 32), z); - } - - public static void reduce32(int x, int[] z) - { - while (x != 0) - { - long c, x4 = x & M; - - c = (z[0] & M) + x4; - z[0] = (int)c; c >>= 32; - if (c != 0) - { - c += (z[1] & M); - z[1] = (int)c; c >>= 32; - c += (z[2] & M); - z[2] = (int)c; c >>= 32; - } - c += (z[3] & M) + (x4 << 1); - z[3] = (int)c; c >>= 32; - -// assert c >= 0 && c <= 2; - - x = (int)c; - } - } - - public static void square(int[] x, int[] z) - { - int[] tt = Nat128.createExt(); - Nat128.square(x, tt); - reduce(tt, z); - } - - public static void squareN(int[] x, int n, int[] z) - { -// assert n > 0; - - int[] tt = Nat128.createExt(); - Nat128.square(x, tt); - reduce(tt, z); - - while (--n > 0) - { - Nat128.square(z, tt); - reduce(tt, z); - } - } - - public static void subtract(int[] x, int[] y, int[] z) - { - int c = Nat128.sub(x, y, z); - if (c != 0) - { - subPInvFrom(z); - } - } - - public static void subtractExt(int[] xx, int[] yy, int[] zz) - { - int c = Nat.sub(10, xx, yy, zz); - if (c != 0) - { - Nat.subFrom(PExtInv.length, PExtInv, zz); - } - } - - public static void twice(int[] x, int[] z) - { - int c = Nat.shiftUpBit(4, x, 0, z); - if (c != 0 || ((z[3] >>> 1) >= P3s1 && Nat128.gte(z, P))) - { - addPInvTo(z); - } - } - - private static void addPInvTo(int[] z) - { - long c = (z[0] & M) + 1; - z[0] = (int)c; c >>= 32; - if (c != 0) - { - c += (z[1] & M); - z[1] = (int)c; c >>= 32; - c += (z[2] & M); - z[2] = (int)c; c >>= 32; - } - c += (z[3] & M) + 2; - z[3] = (int)c; - } - - private static void subPInvFrom(int[] z) - { - long c = (z[0] & M) - 1; - z[0] = (int)c; c >>= 32; - if (c != 0) - { - c += (z[1] & M); - z[1] = (int)c; c >>= 32; - c += (z[2] & M); - z[2] = (int)c; c >>= 32; - } - c += (z[3] & M) - 2; - z[3] = (int)c; - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP128R1FieldElement.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP128R1FieldElement.java deleted file mode 100644 index 7d490a4b..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP128R1FieldElement.java +++ /dev/null @@ -1,199 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.raw.Mod; -import org.bouncycastle.math.raw.Nat128; -import org.bouncycastle.util.Arrays; - -public class SecP128R1FieldElement extends ECFieldElement.AbstractFp -{ - public static final BigInteger Q = SecP128R1Curve.q; - - protected int[] x; - - public SecP128R1FieldElement(BigInteger x) - { - if (x == null || x.signum() < 0 || x.compareTo(Q) >= 0) - { - throw new IllegalArgumentException("x value invalid for SecP128R1FieldElement"); - } - - this.x = SecP128R1Field.fromBigInteger(x); - } - - public SecP128R1FieldElement() - { - this.x = Nat128.create(); - } - - protected SecP128R1FieldElement(int[] x) - { - this.x = x; - } - - public boolean isZero() - { - return Nat128.isZero(x); - } - - public boolean isOne() - { - return Nat128.isOne(x); - } - - public boolean testBitZero() - { - return Nat128.getBit(x, 0) == 1; - } - - public BigInteger toBigInteger() - { - return Nat128.toBigInteger(x); - } - - public String getFieldName() - { - return "SecP128R1Field"; - } - - public int getFieldSize() - { - return Q.bitLength(); - } - - public ECFieldElement add(ECFieldElement b) - { - int[] z = Nat128.create(); - SecP128R1Field.add(x, ((SecP128R1FieldElement)b).x, z); - return new SecP128R1FieldElement(z); - } - - public ECFieldElement addOne() - { - int[] z = Nat128.create(); - SecP128R1Field.addOne(x, z); - return new SecP128R1FieldElement(z); - } - - public ECFieldElement subtract(ECFieldElement b) - { - int[] z = Nat128.create(); - SecP128R1Field.subtract(x, ((SecP128R1FieldElement)b).x, z); - return new SecP128R1FieldElement(z); - } - - public ECFieldElement multiply(ECFieldElement b) - { - int[] z = Nat128.create(); - SecP128R1Field.multiply(x, ((SecP128R1FieldElement)b).x, z); - return new SecP128R1FieldElement(z); - } - - public ECFieldElement divide(ECFieldElement b) - { -// return multiply(b.invert()); - int[] z = Nat128.create(); - Mod.invert(SecP128R1Field.P, ((SecP128R1FieldElement)b).x, z); - SecP128R1Field.multiply(z, x, z); - return new SecP128R1FieldElement(z); - } - - public ECFieldElement negate() - { - int[] z = Nat128.create(); - SecP128R1Field.negate(x, z); - return new SecP128R1FieldElement(z); - } - - public ECFieldElement square() - { - int[] z = Nat128.create(); - SecP128R1Field.square(x, z); - return new SecP128R1FieldElement(z); - } - - public ECFieldElement invert() - { -// return new SecP128R1FieldElement(toBigInteger().modInverse(Q)); - int[] z = Nat128.create(); - Mod.invert(SecP128R1Field.P, x, z); - return new SecP128R1FieldElement(z); - } - - // D.1.4 91 - /** - * return a sqrt root - the routine verifies that the calculation returns the right value - if - * none exists it returns null. - */ - public ECFieldElement sqrt() - { - /* - * Raise this element to the exponent 2^126 - 2^95 - * - * Breaking up the exponent's binary representation into "repunits", we get: - * { 31 1s } { 95 0s } - * - * Therefore we need an addition chain containing 31 (the length of the repunit) We use: - * 1, 2, 4, 8, 10, 20, 30, [31] - */ - - int[] x1 = this.x; - if (Nat128.isZero(x1) || Nat128.isOne(x1)) - { - return this; - } - - int[] x2 = Nat128.create(); - SecP128R1Field.square(x1, x2); - SecP128R1Field.multiply(x2, x1, x2); - int[] x4 = Nat128.create(); - SecP128R1Field.squareN(x2, 2, x4); - SecP128R1Field.multiply(x4, x2, x4); - int[] x8 = Nat128.create(); - SecP128R1Field.squareN(x4, 4, x8); - SecP128R1Field.multiply(x8, x4, x8); - int[] x10 = x4; - SecP128R1Field.squareN(x8, 2, x10); - SecP128R1Field.multiply(x10, x2, x10); - int[] x20 = x2; - SecP128R1Field.squareN(x10, 10, x20); - SecP128R1Field.multiply(x20, x10, x20); - int[] x30 = x8; - SecP128R1Field.squareN(x20, 10, x30); - SecP128R1Field.multiply(x30, x10, x30); - int[] x31 = x10; - SecP128R1Field.square(x30, x31); - SecP128R1Field.multiply(x31, x1, x31); - - int[] t1 = x31; - SecP128R1Field.squareN(t1, 95, t1); - - int[] t2 = x30; - SecP128R1Field.square(t1, t2); - - return Nat128.eq(x1, t2) ? new SecP128R1FieldElement(t1) : null; - } - - public boolean equals(Object other) - { - if (other == this) - { - return true; - } - - if (!(other instanceof SecP128R1FieldElement)) - { - return false; - } - - SecP128R1FieldElement o = (SecP128R1FieldElement)other; - return Nat128.eq(x, o.x); - } - - public int hashCode() - { - return Q.hashCode() ^ Arrays.hashCode(x, 0, 4); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP128R1Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP128R1Point.java deleted file mode 100644 index b7934da7..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP128R1Point.java +++ /dev/null @@ -1,308 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.raw.Nat; -import org.bouncycastle.math.raw.Nat128; - -public class SecP128R1Point extends ECPoint.AbstractFp -{ - /** - * Create a point which encodes with point compression. - * - * @param curve - * the curve to use - * @param x - * affine x co-ordinate - * @param y - * affine y co-ordinate - * - * @deprecated Use ECCurve.createPoint to construct points - */ - public SecP128R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y) - { - this(curve, x, y, false); - } - - /** - * Create a point that encodes with or without point compresion. - * - * @param curve - * the curve to use - * @param x - * affine x co-ordinate - * @param y - * affine y co-ordinate - * @param withCompression - * if true encode with point compression - * - * @deprecated per-point compression property will be removed, refer - * {@link #getEncoded(boolean)} - */ - public SecP128R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, boolean withCompression) - { - super(curve, x, y); - - if ((x == null) != (y == null)) - { - throw new IllegalArgumentException("Exactly one of the field elements is null"); - } - - this.withCompression = withCompression; - } - - SecP128R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - super(curve, x, y, zs); - - this.withCompression = withCompression; - } - - protected ECPoint detach() - { - return new SecP128R1Point(null, getAffineXCoord(), getAffineYCoord()); - } - - public ECPoint add(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return this; - } - if (this == b) - { - return twice(); - } - - ECCurve curve = this.getCurve(); - - SecP128R1FieldElement X1 = (SecP128R1FieldElement)this.x, Y1 = (SecP128R1FieldElement)this.y; - SecP128R1FieldElement X2 = (SecP128R1FieldElement)b.getXCoord(), Y2 = (SecP128R1FieldElement)b.getYCoord(); - - SecP128R1FieldElement Z1 = (SecP128R1FieldElement)this.zs[0]; - SecP128R1FieldElement Z2 = (SecP128R1FieldElement)b.getZCoord(0); - - int c; - int[] tt1 = Nat128.createExt(); - int[] t2 = Nat128.create(); - int[] t3 = Nat128.create(); - int[] t4 = Nat128.create(); - - boolean Z1IsOne = Z1.isOne(); - int[] U2, S2; - if (Z1IsOne) - { - U2 = X2.x; - S2 = Y2.x; - } - else - { - S2 = t3; - SecP128R1Field.square(Z1.x, S2); - - U2 = t2; - SecP128R1Field.multiply(S2, X2.x, U2); - - SecP128R1Field.multiply(S2, Z1.x, S2); - SecP128R1Field.multiply(S2, Y2.x, S2); - } - - boolean Z2IsOne = Z2.isOne(); - int[] U1, S1; - if (Z2IsOne) - { - U1 = X1.x; - S1 = Y1.x; - } - else - { - S1 = t4; - SecP128R1Field.square(Z2.x, S1); - - U1 = tt1; - SecP128R1Field.multiply(S1, X1.x, U1); - - SecP128R1Field.multiply(S1, Z2.x, S1); - SecP128R1Field.multiply(S1, Y1.x, S1); - } - - int[] H = Nat128.create(); - SecP128R1Field.subtract(U1, U2, H); - - int[] R = t2; - SecP128R1Field.subtract(S1, S2, R); - - // Check if b == this or b == -this - if (Nat128.isZero(H)) - { - if (Nat128.isZero(R)) - { - // this == b, i.e. this must be doubled - return this.twice(); - } - - // this == -b, i.e. the result is the point at infinity - return curve.getInfinity(); - } - - int[] HSquared = t3; - SecP128R1Field.square(H, HSquared); - - int[] G = Nat128.create(); - SecP128R1Field.multiply(HSquared, H, G); - - int[] V = t3; - SecP128R1Field.multiply(HSquared, U1, V); - - SecP128R1Field.negate(G, G); - Nat128.mul(S1, G, tt1); - - c = Nat128.addBothTo(V, V, G); - SecP128R1Field.reduce32(c, G); - - SecP128R1FieldElement X3 = new SecP128R1FieldElement(t4); - SecP128R1Field.square(R, X3.x); - SecP128R1Field.subtract(X3.x, G, X3.x); - - SecP128R1FieldElement Y3 = new SecP128R1FieldElement(G); - SecP128R1Field.subtract(V, X3.x, Y3.x); - SecP128R1Field.multiplyAddToExt(Y3.x, R, tt1); - SecP128R1Field.reduce(tt1, Y3.x); - - SecP128R1FieldElement Z3 = new SecP128R1FieldElement(H); - if (!Z1IsOne) - { - SecP128R1Field.multiply(Z3.x, Z1.x, Z3.x); - } - if (!Z2IsOne) - { - SecP128R1Field.multiply(Z3.x, Z2.x, Z3.x); - } - - ECFieldElement[] zs = new ECFieldElement[]{ Z3 }; - - return new SecP128R1Point(curve, X3, Y3, zs, this.withCompression); - } - - public ECPoint twice() - { - if (this.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - SecP128R1FieldElement Y1 = (SecP128R1FieldElement)this.y; - if (Y1.isZero()) - { - return curve.getInfinity(); - } - - SecP128R1FieldElement X1 = (SecP128R1FieldElement)this.x, Z1 = (SecP128R1FieldElement)this.zs[0]; - - int c; - int[] t1 = Nat128.create(); - int[] t2 = Nat128.create(); - - int[] Y1Squared = Nat128.create(); - SecP128R1Field.square(Y1.x, Y1Squared); - - int[] T = Nat128.create(); - SecP128R1Field.square(Y1Squared, T); - - boolean Z1IsOne = Z1.isOne(); - - int[] Z1Squared = Z1.x; - if (!Z1IsOne) - { - Z1Squared = t2; - SecP128R1Field.square(Z1.x, Z1Squared); - } - - SecP128R1Field.subtract(X1.x, Z1Squared, t1); - - int[] M = t2; - SecP128R1Field.add(X1.x, Z1Squared, M); - SecP128R1Field.multiply(M, t1, M); - c = Nat128.addBothTo(M, M, M); - SecP128R1Field.reduce32(c, M); - - int[] S = Y1Squared; - SecP128R1Field.multiply(Y1Squared, X1.x, S); - c = Nat.shiftUpBits(4, S, 2, 0); - SecP128R1Field.reduce32(c, S); - - c = Nat.shiftUpBits(4, T, 3, 0, t1); - SecP128R1Field.reduce32(c, t1); - - SecP128R1FieldElement X3 = new SecP128R1FieldElement(T); - SecP128R1Field.square(M, X3.x); - SecP128R1Field.subtract(X3.x, S, X3.x); - SecP128R1Field.subtract(X3.x, S, X3.x); - - SecP128R1FieldElement Y3 = new SecP128R1FieldElement(S); - SecP128R1Field.subtract(S, X3.x, Y3.x); - SecP128R1Field.multiply(Y3.x, M, Y3.x); - SecP128R1Field.subtract(Y3.x, t1, Y3.x); - - SecP128R1FieldElement Z3 = new SecP128R1FieldElement(M); - SecP128R1Field.twice(Y1.x, Z3.x); - if (!Z1IsOne) - { - SecP128R1Field.multiply(Z3.x, Z1.x, Z3.x); - } - - return new SecP128R1Point(curve, X3, Y3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint twicePlus(ECPoint b) - { - if (this == b) - { - return threeTimes(); - } - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return twice(); - } - - ECFieldElement Y1 = this.y; - if (Y1.isZero()) - { - return b; - } - - return twice().add(b); - } - - public ECPoint threeTimes() - { - if (this.isInfinity() || this.y.isZero()) - { - return this; - } - - // NOTE: Be careful about recursions between twicePlus and threeTimes - return twice().add(this); - } - - public ECPoint negate() - { - if (this.isInfinity()) - { - return this; - } - - return new SecP128R1Point(curve, this.x, this.y.negate(), this.zs, this.withCompression); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP160K1Curve.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP160K1Curve.java deleted file mode 100644 index 6bc76099..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP160K1Curve.java +++ /dev/null @@ -1,124 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.ec.ECConstants; -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECLookupTable; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.raw.Nat160; -import org.bouncycastle.util.encoders.Hex; - -public class SecP160K1Curve extends ECCurve.AbstractFp -{ - public static final BigInteger q = SecP160R2Curve.q; - - private static final int SECP160K1_DEFAULT_COORDS = COORD_JACOBIAN; - - protected SecP160K1Point infinity; - - public SecP160K1Curve() - { - super(q); - - this.infinity = new SecP160K1Point(this, null, null); - - this.a = fromBigInteger(ECConstants.ZERO); - this.b = fromBigInteger(BigInteger.valueOf(7)); - this.order = new BigInteger(1, Hex.decode("0100000000000000000001B8FA16DFAB9ACA16B6B3")); - this.cofactor = BigInteger.valueOf(1); - this.coord = SECP160K1_DEFAULT_COORDS; - } - - protected ECCurve cloneCurve() - { - return new SecP160K1Curve(); - } - - public boolean supportsCoordinateSystem(int coord) - { - switch (coord) - { - case COORD_JACOBIAN: - return true; - default: - return false; - } - } - - public BigInteger getQ() - { - return q; - } - - public int getFieldSize() - { - return q.bitLength(); - } - - public ECFieldElement fromBigInteger(BigInteger x) - { - return new SecP160R2FieldElement(x); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, boolean withCompression) - { - return new SecP160K1Point(this, x, y, withCompression); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - return new SecP160K1Point(this, x, y, zs, withCompression); - } - - public ECPoint getInfinity() - { - return infinity; - } - - public ECLookupTable createCacheSafeLookupTable(ECPoint[] points, int off, final int len) - { - final int FE_INTS = 5; - - final int[] table = new int[len * FE_INTS * 2]; - { - int pos = 0; - for (int i = 0; i < len; ++i) - { - ECPoint p = points[off + i]; - Nat160.copy(((SecP160R2FieldElement)p.getRawXCoord()).x, 0, table, pos); pos += FE_INTS; - Nat160.copy(((SecP160R2FieldElement)p.getRawYCoord()).x, 0, table, pos); pos += FE_INTS; - } - } - - return new ECLookupTable() - { - public int getSize() - { - return len; - } - - public ECPoint lookup(int index) - { - int[] x = Nat160.create(), y = Nat160.create(); - int pos = 0; - - for (int i = 0; i < len; ++i) - { - int MASK = ((i ^ index) - 1) >> 31; - - for (int j = 0; j < FE_INTS; ++j) - { - x[j] ^= table[pos + j] & MASK; - y[j] ^= table[pos + FE_INTS + j] & MASK; - } - - pos += (FE_INTS * 2); - } - - return createRawPoint(new SecP160R2FieldElement(x), new SecP160R2FieldElement(y), false); - } - }; - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP160K1Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP160K1Point.java deleted file mode 100644 index 37a520a1..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP160K1Point.java +++ /dev/null @@ -1,298 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.raw.Nat; -import org.bouncycastle.math.raw.Nat160; - -public class SecP160K1Point extends ECPoint.AbstractFp -{ - /** - * Create a point which encodes with point compression. - * - * @param curve - * the curve to use - * @param x - * affine x co-ordinate - * @param y - * affine y co-ordinate - * - * @deprecated Use ECCurve.createPoint to construct points - */ - public SecP160K1Point(ECCurve curve, ECFieldElement x, ECFieldElement y) - { - this(curve, x, y, false); - } - - /** - * Create a point that encodes with or without point compresion. - * - * @param curve - * the curve to use - * @param x - * affine x co-ordinate - * @param y - * affine y co-ordinate - * @param withCompression - * if true encode with point compression - * - * @deprecated per-point compression property will be removed, refer - * {@link #getEncoded(boolean)} - */ - public SecP160K1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, boolean withCompression) - { - super(curve, x, y); - - if ((x == null) != (y == null)) - { - throw new IllegalArgumentException("Exactly one of the field elements is null"); - } - - this.withCompression = withCompression; - } - - SecP160K1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, - boolean withCompression) - { - super(curve, x, y, zs); - - this.withCompression = withCompression; - } - - protected ECPoint detach() - { - return new SecP160K1Point(null, getAffineXCoord(), getAffineYCoord()); - } - - // B.3 pg 62 - public ECPoint add(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return this; - } - if (this == b) - { - return twice(); - } - - ECCurve curve = this.getCurve(); - - SecP160R2FieldElement X1 = (SecP160R2FieldElement)this.x, Y1 = (SecP160R2FieldElement)this.y; - SecP160R2FieldElement X2 = (SecP160R2FieldElement)b.getXCoord(), Y2 = (SecP160R2FieldElement)b.getYCoord(); - - SecP160R2FieldElement Z1 = (SecP160R2FieldElement)this.zs[0]; - SecP160R2FieldElement Z2 = (SecP160R2FieldElement)b.getZCoord(0); - - int c; - int[] tt1 = Nat160.createExt(); - int[] t2 = Nat160.create(); - int[] t3 = Nat160.create(); - int[] t4 = Nat160.create(); - - boolean Z1IsOne = Z1.isOne(); - int[] U2, S2; - if (Z1IsOne) - { - U2 = X2.x; - S2 = Y2.x; - } - else - { - S2 = t3; - SecP160R2Field.square(Z1.x, S2); - - U2 = t2; - SecP160R2Field.multiply(S2, X2.x, U2); - - SecP160R2Field.multiply(S2, Z1.x, S2); - SecP160R2Field.multiply(S2, Y2.x, S2); - } - - boolean Z2IsOne = Z2.isOne(); - int[] U1, S1; - if (Z2IsOne) - { - U1 = X1.x; - S1 = Y1.x; - } - else - { - S1 = t4; - SecP160R2Field.square(Z2.x, S1); - - U1 = tt1; - SecP160R2Field.multiply(S1, X1.x, U1); - - SecP160R2Field.multiply(S1, Z2.x, S1); - SecP160R2Field.multiply(S1, Y1.x, S1); - } - - int[] H = Nat160.create(); - SecP160R2Field.subtract(U1, U2, H); - - int[] R = t2; - SecP160R2Field.subtract(S1, S2, R); - - // Check if b == this or b == -this - if (Nat160.isZero(H)) - { - if (Nat160.isZero(R)) - { - // this == b, i.e. this must be doubled - return this.twice(); - } - - // this == -b, i.e. the result is the point at infinity - return curve.getInfinity(); - } - - int[] HSquared = t3; - SecP160R2Field.square(H, HSquared); - - int[] G = Nat160.create(); - SecP160R2Field.multiply(HSquared, H, G); - - int[] V = t3; - SecP160R2Field.multiply(HSquared, U1, V); - - SecP160R2Field.negate(G, G); - Nat160.mul(S1, G, tt1); - - c = Nat160.addBothTo(V, V, G); - SecP160R2Field.reduce32(c, G); - - SecP160R2FieldElement X3 = new SecP160R2FieldElement(t4); - SecP160R2Field.square(R, X3.x); - SecP160R2Field.subtract(X3.x, G, X3.x); - - SecP160R2FieldElement Y3 = new SecP160R2FieldElement(G); - SecP160R2Field.subtract(V, X3.x, Y3.x); - SecP160R2Field.multiplyAddToExt(Y3.x, R, tt1); - SecP160R2Field.reduce(tt1, Y3.x); - - SecP160R2FieldElement Z3 = new SecP160R2FieldElement(H); - if (!Z1IsOne) - { - SecP160R2Field.multiply(Z3.x, Z1.x, Z3.x); - } - if (!Z2IsOne) - { - SecP160R2Field.multiply(Z3.x, Z2.x, Z3.x); - } - - ECFieldElement[] zs = new ECFieldElement[] { Z3 }; - - return new SecP160K1Point(curve, X3, Y3, zs, this.withCompression); - } - - // B.3 pg 62 - public ECPoint twice() - { - if (this.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - SecP160R2FieldElement Y1 = (SecP160R2FieldElement)this.y; - if (Y1.isZero()) - { - return curve.getInfinity(); - } - - SecP160R2FieldElement X1 = (SecP160R2FieldElement)this.x, Z1 = (SecP160R2FieldElement)this.zs[0]; - - int c; - - int[] Y1Squared = Nat160.create(); - SecP160R2Field.square(Y1.x, Y1Squared); - - int[] T = Nat160.create(); - SecP160R2Field.square(Y1Squared, T); - - int[] M = Nat160.create(); - SecP160R2Field.square(X1.x, M); - c = Nat160.addBothTo(M, M, M); - SecP160R2Field.reduce32(c, M); - - int[] S = Y1Squared; - SecP160R2Field.multiply(Y1Squared, X1.x, S); - c = Nat.shiftUpBits(5, S, 2, 0); - SecP160R2Field.reduce32(c, S); - - int[] t1 = Nat160.create(); - c = Nat.shiftUpBits(5, T, 3, 0, t1); - SecP160R2Field.reduce32(c, t1); - - SecP160R2FieldElement X3 = new SecP160R2FieldElement(T); - SecP160R2Field.square(M, X3.x); - SecP160R2Field.subtract(X3.x, S, X3.x); - SecP160R2Field.subtract(X3.x, S, X3.x); - - SecP160R2FieldElement Y3 = new SecP160R2FieldElement(S); - SecP160R2Field.subtract(S, X3.x, Y3.x); - SecP160R2Field.multiply(Y3.x, M, Y3.x); - SecP160R2Field.subtract(Y3.x, t1, Y3.x); - - SecP160R2FieldElement Z3 = new SecP160R2FieldElement(M); - SecP160R2Field.twice(Y1.x, Z3.x); - if (!Z1.isOne()) - { - SecP160R2Field.multiply(Z3.x, Z1.x, Z3.x); - } - - return new SecP160K1Point(curve, X3, Y3, new ECFieldElement[] { Z3 }, this.withCompression); - } - - public ECPoint twicePlus(ECPoint b) - { - if (this == b) - { - return threeTimes(); - } - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return twice(); - } - - ECFieldElement Y1 = this.y; - if (Y1.isZero()) - { - return b; - } - - return twice().add(b); - } - - public ECPoint threeTimes() - { - if (this.isInfinity() || this.y.isZero()) - { - return this; - } - - // NOTE: Be careful about recursions between twicePlus and threeTimes - return twice().add(this); - } - - public ECPoint negate() - { - if (this.isInfinity()) - { - return this; - } - - return new SecP160K1Point(curve, this.x, this.y.negate(), this.zs, this.withCompression); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP160R1Curve.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP160R1Curve.java deleted file mode 100644 index 74cad823..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP160R1Curve.java +++ /dev/null @@ -1,127 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECLookupTable; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.raw.Nat160; -import org.bouncycastle.util.encoders.Hex; - -public class SecP160R1Curve extends ECCurve.AbstractFp -{ - public static final BigInteger q = new BigInteger(1, - Hex.decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF")); - - private static final int SecP160R1_DEFAULT_COORDS = COORD_JACOBIAN; - - protected SecP160R1Point infinity; - - public SecP160R1Curve() - { - super(q); - - this.infinity = new SecP160R1Point(this, null, null); - - this.a = fromBigInteger(new BigInteger(1, - Hex.decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC"))); - this.b = fromBigInteger(new BigInteger(1, - Hex.decode("1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45"))); - this.order = new BigInteger(1, Hex.decode("0100000000000000000001F4C8F927AED3CA752257")); - this.cofactor = BigInteger.valueOf(1); - - this.coord = SecP160R1_DEFAULT_COORDS; - } - - protected ECCurve cloneCurve() - { - return new SecP160R1Curve(); - } - - public boolean supportsCoordinateSystem(int coord) - { - switch (coord) - { - case COORD_JACOBIAN: - return true; - default: - return false; - } - } - - public BigInteger getQ() - { - return q; - } - - public int getFieldSize() - { - return q.bitLength(); - } - - public ECFieldElement fromBigInteger(BigInteger x) - { - return new SecP160R1FieldElement(x); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, boolean withCompression) - { - return new SecP160R1Point(this, x, y, withCompression); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - return new SecP160R1Point(this, x, y, zs, withCompression); - } - - public ECPoint getInfinity() - { - return infinity; - } - - public ECLookupTable createCacheSafeLookupTable(ECPoint[] points, int off, final int len) - { - final int FE_INTS = 5; - - final int[] table = new int[len * FE_INTS * 2]; - { - int pos = 0; - for (int i = 0; i < len; ++i) - { - ECPoint p = points[off + i]; - Nat160.copy(((SecP160R1FieldElement)p.getRawXCoord()).x, 0, table, pos); pos += FE_INTS; - Nat160.copy(((SecP160R1FieldElement)p.getRawYCoord()).x, 0, table, pos); pos += FE_INTS; - } - } - - return new ECLookupTable() - { - public int getSize() - { - return len; - } - - public ECPoint lookup(int index) - { - int[] x = Nat160.create(), y = Nat160.create(); - int pos = 0; - - for (int i = 0; i < len; ++i) - { - int MASK = ((i ^ index) - 1) >> 31; - - for (int j = 0; j < FE_INTS; ++j) - { - x[j] ^= table[pos + j] & MASK; - y[j] ^= table[pos + FE_INTS + j] & MASK; - } - - pos += (FE_INTS * 2); - } - - return createRawPoint(new SecP160R1FieldElement(x), new SecP160R1FieldElement(y), false); - } - }; - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP160R1Field.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP160R1Field.java deleted file mode 100644 index 91ba0e58..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP160R1Field.java +++ /dev/null @@ -1,187 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.raw.Nat; -import org.bouncycastle.math.raw.Nat160; - -public class SecP160R1Field -{ - private static final long M = 0xFFFFFFFFL; - - // 2^160 - 2^31 - 1 - static final int[] P = new int[] { 0x7FFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}; - static final int[] PExt = new int[] { 0x00000001, 0x40000001, 0x00000000, 0x00000000, 0x00000000, - 0xFFFFFFFE, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF }; - private static final int[] PExtInv = new int[]{ 0xFFFFFFFF, 0xBFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, - 0xFFFFFFFF, 0x00000001, 0x00000001 }; - private static final int P4 = 0xFFFFFFFF; - private static final int PExt9 = 0xFFFFFFFF; - private static final int PInv = 0x80000001; - - public static void add(int[] x, int[] y, int[] z) - { - int c = Nat160.add(x, y, z); - if (c != 0 || (z[4] == P4 && Nat160.gte(z, P))) - { - Nat.addWordTo(5, PInv, z); - } - } - - public static void addExt(int[] xx, int[] yy, int[] zz) - { - int c = Nat.add(10, xx, yy, zz); - if (c != 0 || (zz[9] == PExt9 && Nat.gte(10, zz, PExt))) - { - if (Nat.addTo(PExtInv.length, PExtInv, zz) != 0) - { - Nat.incAt(10, zz, PExtInv.length); - } - } - } - - public static void addOne(int[] x, int[] z) - { - int c = Nat.inc(5, x, z); - if (c != 0 || (z[4] == P4 && Nat160.gte(z, P))) - { - Nat.addWordTo(5, PInv, z); - } - } - - public static int[] fromBigInteger(BigInteger x) - { - int[] z = Nat160.fromBigInteger(x); - if (z[4] == P4 && Nat160.gte(z, P)) - { - Nat160.subFrom(P, z); - } - return z; - } - - public static void half(int[] x, int[] z) - { - if ((x[0] & 1) == 0) - { - Nat.shiftDownBit(5, x, 0, z); - } - else - { - int c = Nat160.add(x, P, z); - Nat.shiftDownBit(5, z, c); - } - } - - public static void multiply(int[] x, int[] y, int[] z) - { - int[] tt = Nat160.createExt(); - Nat160.mul(x, y, tt); - reduce(tt, z); - } - - public static void multiplyAddToExt(int[] x, int[] y, int[] zz) - { - int c = Nat160.mulAddTo(x, y, zz); - if (c != 0 || (zz[9] == PExt9 && Nat.gte(10, zz, PExt))) - { - if (Nat.addTo(PExtInv.length, PExtInv, zz) != 0) - { - Nat.incAt(10, zz, PExtInv.length); - } - } - } - - public static void negate(int[] x, int[] z) - { - if (Nat160.isZero(x)) - { - Nat160.zero(z); - } - else - { - Nat160.sub(P, x, z); - } - } - - public static void reduce(int[] xx, int[] z) - { - long x5 = xx[5] & M, x6 = xx[6] & M, x7 = xx[7] & M, x8 = xx[8] & M, x9 = xx[9] & M; - - long c = 0; - c += (xx[0] & M) + x5 + (x5 << 31); - z[0] = (int)c; c >>>= 32; - c += (xx[1] & M) + x6 + (x6 << 31); - z[1] = (int)c; c >>>= 32; - c += (xx[2] & M) + x7 + (x7 << 31); - z[2] = (int)c; c >>>= 32; - c += (xx[3] & M) + x8 + (x8 << 31); - z[3] = (int)c; c >>>= 32; - c += (xx[4] & M) + x9 + (x9 << 31); - z[4] = (int)c; c >>>= 32; - -// assert c >>> 32 == 0; - - reduce32((int)c, z); - } - - public static void reduce32(int x, int[] z) - { - if ((x != 0 && Nat160.mulWordsAdd(PInv, x, z, 0) != 0) - || (z[4] == P4 && Nat160.gte(z, P))) - { - Nat.addWordTo(5, PInv, z); - } - } - - public static void square(int[] x, int[] z) - { - int[] tt = Nat160.createExt(); - Nat160.square(x, tt); - reduce(tt, z); - } - - public static void squareN(int[] x, int n, int[] z) - { -// assert n > 0; - - int[] tt = Nat160.createExt(); - Nat160.square(x, tt); - reduce(tt, z); - - while (--n > 0) - { - Nat160.square(z, tt); - reduce(tt, z); - } - } - - public static void subtract(int[] x, int[] y, int[] z) - { - int c = Nat160.sub(x, y, z); - if (c != 0) - { - Nat.subWordFrom(5, PInv, z); - } - } - - public static void subtractExt(int[] xx, int[] yy, int[] zz) - { - int c = Nat.sub(10, xx, yy, zz); - if (c != 0) - { - if (Nat.subFrom(PExtInv.length, PExtInv, zz) != 0) - { - Nat.decAt(10, zz, PExtInv.length); - } - } - } - - public static void twice(int[] x, int[] z) - { - int c = Nat.shiftUpBit(5, x, 0, z); - if (c != 0 || (z[4] == P4 && Nat160.gte(z, P))) - { - Nat.addWordTo(5, PInv, z); - } - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP160R1FieldElement.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP160R1FieldElement.java deleted file mode 100644 index 9999f481..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP160R1FieldElement.java +++ /dev/null @@ -1,202 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.raw.Mod; -import org.bouncycastle.math.raw.Nat160; -import org.bouncycastle.util.Arrays; - -public class SecP160R1FieldElement extends ECFieldElement.AbstractFp -{ - public static final BigInteger Q = SecP160R1Curve.q; - - protected int[] x; - - public SecP160R1FieldElement(BigInteger x) - { - if (x == null || x.signum() < 0 || x.compareTo(Q) >= 0) - { - throw new IllegalArgumentException("x value invalid for SecP160R1FieldElement"); - } - - this.x = SecP160R1Field.fromBigInteger(x); - } - - public SecP160R1FieldElement() - { - this.x = Nat160.create(); - } - - protected SecP160R1FieldElement(int[] x) - { - this.x = x; - } - - public boolean isZero() - { - return Nat160.isZero(x); - } - - public boolean isOne() - { - return Nat160.isOne(x); - } - - public boolean testBitZero() - { - return Nat160.getBit(x, 0) == 1; - } - - public BigInteger toBigInteger() - { - return Nat160.toBigInteger(x); - } - - public String getFieldName() - { - return "SecP160R1Field"; - } - - public int getFieldSize() - { - return Q.bitLength(); - } - - public ECFieldElement add(ECFieldElement b) - { - int[] z = Nat160.create(); - SecP160R1Field.add(x, ((SecP160R1FieldElement)b).x, z); - return new SecP160R1FieldElement(z); - } - - public ECFieldElement addOne() - { - int[] z = Nat160.create(); - SecP160R1Field.addOne(x, z); - return new SecP160R1FieldElement(z); - } - - public ECFieldElement subtract(ECFieldElement b) - { - int[] z = Nat160.create(); - SecP160R1Field.subtract(x, ((SecP160R1FieldElement)b).x, z); - return new SecP160R1FieldElement(z); - } - - public ECFieldElement multiply(ECFieldElement b) - { - int[] z = Nat160.create(); - SecP160R1Field.multiply(x, ((SecP160R1FieldElement)b).x, z); - return new SecP160R1FieldElement(z); - } - - public ECFieldElement divide(ECFieldElement b) - { -// return multiply(b.invert()); - int[] z = Nat160.create(); - Mod.invert(SecP160R1Field.P, ((SecP160R1FieldElement)b).x, z); - SecP160R1Field.multiply(z, x, z); - return new SecP160R1FieldElement(z); - } - - public ECFieldElement negate() - { - int[] z = Nat160.create(); - SecP160R1Field.negate(x, z); - return new SecP160R1FieldElement(z); - } - - public ECFieldElement square() - { - int[] z = Nat160.create(); - SecP160R1Field.square(x, z); - return new SecP160R1FieldElement(z); - } - - public ECFieldElement invert() - { -// return new SecP160R1FieldElement(toBigInteger().modInverse(Q)); - int[] z = Nat160.create(); - Mod.invert(SecP160R1Field.P, x, z); - return new SecP160R1FieldElement(z); - } - - // D.1.4 91 - /** - * return a sqrt root - the routine verifies that the calculation returns the right value - if - * none exists it returns null. - */ - public ECFieldElement sqrt() - { - /* - * Raise this element to the exponent 2^158 - 2^29 - * - * Breaking up the exponent's binary representation into "repunits", we get: - * { 129 1s } { 29 0s } - * - * Therefore we need an addition chain containing 129 (the length of the repunit) We use: - * 1, 2, 4, 8, 16, 32, 64, 128, [129] - */ - - int[] x1 = this.x; - if (Nat160.isZero(x1) || Nat160.isOne(x1)) - { - return this; - } - - int[] x2 = Nat160.create(); - SecP160R1Field.square(x1, x2); - SecP160R1Field.multiply(x2, x1, x2); - int[] x4 = Nat160.create(); - SecP160R1Field.squareN(x2, 2, x4); - SecP160R1Field.multiply(x4, x2, x4); - int[] x8 = x2; - SecP160R1Field.squareN(x4, 4, x8); - SecP160R1Field.multiply(x8, x4, x8); - int[] x16 = x4; - SecP160R1Field.squareN(x8, 8, x16); - SecP160R1Field.multiply(x16, x8, x16); - int[] x32 = x8; - SecP160R1Field.squareN(x16, 16, x32); - SecP160R1Field.multiply(x32, x16, x32); - int[] x64 = x16; - SecP160R1Field.squareN(x32, 32, x64); - SecP160R1Field.multiply(x64, x32, x64); - int[] x128 = x32; - SecP160R1Field.squareN(x64, 64, x128); - SecP160R1Field.multiply(x128, x64, x128); - int[] x129 = x64; - SecP160R1Field.square(x128, x129); - SecP160R1Field.multiply(x129, x1, x129); - - int[] t1 = x129; - SecP160R1Field.squareN(t1, 29, t1); - - int[] t2 = x128; - SecP160R1Field.square(t1, t2); - - return Nat160.eq(x1, t2) ? new SecP160R1FieldElement(t1) : null; - } - - public boolean equals(Object other) - { - if (other == this) - { - return true; - } - - if (!(other instanceof SecP160R1FieldElement)) - { - return false; - } - - SecP160R1FieldElement o = (SecP160R1FieldElement)other; - return Nat160.eq(x, o.x); - } - - public int hashCode() - { - return Q.hashCode() ^ Arrays.hashCode(x, 0, 5); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP160R1Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP160R1Point.java deleted file mode 100644 index 42aaa777..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP160R1Point.java +++ /dev/null @@ -1,308 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.raw.Nat; -import org.bouncycastle.math.raw.Nat160; - -public class SecP160R1Point extends ECPoint.AbstractFp -{ - /** - * Create a point which encodes with point compression. - * - * @param curve - * the curve to use - * @param x - * affine x co-ordinate - * @param y - * affine y co-ordinate - * - * @deprecated Use ECCurve.createPoint to construct points - */ - public SecP160R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y) - { - this(curve, x, y, false); - } - - /** - * Create a point that encodes with or without point compresion. - * - * @param curve - * the curve to use - * @param x - * affine x co-ordinate - * @param y - * affine y co-ordinate - * @param withCompression - * if true encode with point compression - * - * @deprecated per-point compression property will be removed, refer - * {@link #getEncoded(boolean)} - */ - public SecP160R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, boolean withCompression) - { - super(curve, x, y); - - if ((x == null) != (y == null)) - { - throw new IllegalArgumentException("Exactly one of the field elements is null"); - } - - this.withCompression = withCompression; - } - - SecP160R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - super(curve, x, y, zs); - - this.withCompression = withCompression; - } - - protected ECPoint detach() - { - return new SecP160R1Point(null, getAffineXCoord(), getAffineYCoord()); - } - - public ECPoint add(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return this; - } - if (this == b) - { - return twice(); - } - - ECCurve curve = this.getCurve(); - - SecP160R1FieldElement X1 = (SecP160R1FieldElement)this.x, Y1 = (SecP160R1FieldElement)this.y; - SecP160R1FieldElement X2 = (SecP160R1FieldElement)b.getXCoord(), Y2 = (SecP160R1FieldElement)b.getYCoord(); - - SecP160R1FieldElement Z1 = (SecP160R1FieldElement)this.zs[0]; - SecP160R1FieldElement Z2 = (SecP160R1FieldElement)b.getZCoord(0); - - int c; - int[] tt1 = Nat160.createExt(); - int[] t2 = Nat160.create(); - int[] t3 = Nat160.create(); - int[] t4 = Nat160.create(); - - boolean Z1IsOne = Z1.isOne(); - int[] U2, S2; - if (Z1IsOne) - { - U2 = X2.x; - S2 = Y2.x; - } - else - { - S2 = t3; - SecP160R1Field.square(Z1.x, S2); - - U2 = t2; - SecP160R1Field.multiply(S2, X2.x, U2); - - SecP160R1Field.multiply(S2, Z1.x, S2); - SecP160R1Field.multiply(S2, Y2.x, S2); - } - - boolean Z2IsOne = Z2.isOne(); - int[] U1, S1; - if (Z2IsOne) - { - U1 = X1.x; - S1 = Y1.x; - } - else - { - S1 = t4; - SecP160R1Field.square(Z2.x, S1); - - U1 = tt1; - SecP160R1Field.multiply(S1, X1.x, U1); - - SecP160R1Field.multiply(S1, Z2.x, S1); - SecP160R1Field.multiply(S1, Y1.x, S1); - } - - int[] H = Nat160.create(); - SecP160R1Field.subtract(U1, U2, H); - - int[] R = t2; - SecP160R1Field.subtract(S1, S2, R); - - // Check if b == this or b == -this - if (Nat160.isZero(H)) - { - if (Nat160.isZero(R)) - { - // this == b, i.e. this must be doubled - return this.twice(); - } - - // this == -b, i.e. the result is the point at infinity - return curve.getInfinity(); - } - - int[] HSquared = t3; - SecP160R1Field.square(H, HSquared); - - int[] G = Nat160.create(); - SecP160R1Field.multiply(HSquared, H, G); - - int[] V = t3; - SecP160R1Field.multiply(HSquared, U1, V); - - SecP160R1Field.negate(G, G); - Nat160.mul(S1, G, tt1); - - c = Nat160.addBothTo(V, V, G); - SecP160R1Field.reduce32(c, G); - - SecP160R1FieldElement X3 = new SecP160R1FieldElement(t4); - SecP160R1Field.square(R, X3.x); - SecP160R1Field.subtract(X3.x, G, X3.x); - - SecP160R1FieldElement Y3 = new SecP160R1FieldElement(G); - SecP160R1Field.subtract(V, X3.x, Y3.x); - SecP160R1Field.multiplyAddToExt(Y3.x, R, tt1); - SecP160R1Field.reduce(tt1, Y3.x); - - SecP160R1FieldElement Z3 = new SecP160R1FieldElement(H); - if (!Z1IsOne) - { - SecP160R1Field.multiply(Z3.x, Z1.x, Z3.x); - } - if (!Z2IsOne) - { - SecP160R1Field.multiply(Z3.x, Z2.x, Z3.x); - } - - ECFieldElement[] zs = new ECFieldElement[]{ Z3 }; - - return new SecP160R1Point(curve, X3, Y3, zs, this.withCompression); - } - - public ECPoint twice() - { - if (this.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - SecP160R1FieldElement Y1 = (SecP160R1FieldElement)this.y; - if (Y1.isZero()) - { - return curve.getInfinity(); - } - - SecP160R1FieldElement X1 = (SecP160R1FieldElement)this.x, Z1 = (SecP160R1FieldElement)this.zs[0]; - - int c; - int[] t1 = Nat160.create(); - int[] t2 = Nat160.create(); - - int[] Y1Squared = Nat160.create(); - SecP160R1Field.square(Y1.x, Y1Squared); - - int[] T = Nat160.create(); - SecP160R1Field.square(Y1Squared, T); - - boolean Z1IsOne = Z1.isOne(); - - int[] Z1Squared = Z1.x; - if (!Z1IsOne) - { - Z1Squared = t2; - SecP160R1Field.square(Z1.x, Z1Squared); - } - - SecP160R1Field.subtract(X1.x, Z1Squared, t1); - - int[] M = t2; - SecP160R1Field.add(X1.x, Z1Squared, M); - SecP160R1Field.multiply(M, t1, M); - c = Nat160.addBothTo(M, M, M); - SecP160R1Field.reduce32(c, M); - - int[] S = Y1Squared; - SecP160R1Field.multiply(Y1Squared, X1.x, S); - c = Nat.shiftUpBits(5, S, 2, 0); - SecP160R1Field.reduce32(c, S); - - c = Nat.shiftUpBits(5, T, 3, 0, t1); - SecP160R1Field.reduce32(c, t1); - - SecP160R1FieldElement X3 = new SecP160R1FieldElement(T); - SecP160R1Field.square(M, X3.x); - SecP160R1Field.subtract(X3.x, S, X3.x); - SecP160R1Field.subtract(X3.x, S, X3.x); - - SecP160R1FieldElement Y3 = new SecP160R1FieldElement(S); - SecP160R1Field.subtract(S, X3.x, Y3.x); - SecP160R1Field.multiply(Y3.x, M, Y3.x); - SecP160R1Field.subtract(Y3.x, t1, Y3.x); - - SecP160R1FieldElement Z3 = new SecP160R1FieldElement(M); - SecP160R1Field.twice(Y1.x, Z3.x); - if (!Z1IsOne) - { - SecP160R1Field.multiply(Z3.x, Z1.x, Z3.x); - } - - return new SecP160R1Point(curve, X3, Y3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint twicePlus(ECPoint b) - { - if (this == b) - { - return threeTimes(); - } - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return twice(); - } - - ECFieldElement Y1 = this.y; - if (Y1.isZero()) - { - return b; - } - - return twice().add(b); - } - - public ECPoint threeTimes() - { - if (this.isInfinity() || this.y.isZero()) - { - return this; - } - - // NOTE: Be careful about recursions between twicePlus and threeTimes - return twice().add(this); - } - - public ECPoint negate() - { - if (this.isInfinity()) - { - return this; - } - - return new SecP160R1Point(curve, this.x, this.y.negate(), this.zs, this.withCompression); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP160R2Curve.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP160R2Curve.java deleted file mode 100644 index 01bb2cd5..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP160R2Curve.java +++ /dev/null @@ -1,127 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECLookupTable; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.raw.Nat160; -import org.bouncycastle.util.encoders.Hex; - -public class SecP160R2Curve extends ECCurve.AbstractFp -{ - public static final BigInteger q = new BigInteger(1, - Hex.decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73")); - - private static final int SecP160R2_DEFAULT_COORDS = COORD_JACOBIAN; - - protected SecP160R2Point infinity; - - public SecP160R2Curve() - { - super(q); - - this.infinity = new SecP160R2Point(this, null, null); - - this.a = fromBigInteger(new BigInteger(1, - Hex.decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70"))); - this.b = fromBigInteger(new BigInteger(1, - Hex.decode("B4E134D3FB59EB8BAB57274904664D5AF50388BA"))); - this.order = new BigInteger(1, Hex.decode("0100000000000000000000351EE786A818F3A1A16B")); - this.cofactor = BigInteger.valueOf(1); - - this.coord = SecP160R2_DEFAULT_COORDS; - } - - protected ECCurve cloneCurve() - { - return new SecP160R2Curve(); - } - - public boolean supportsCoordinateSystem(int coord) - { - switch (coord) - { - case COORD_JACOBIAN: - return true; - default: - return false; - } - } - - public BigInteger getQ() - { - return q; - } - - public int getFieldSize() - { - return q.bitLength(); - } - - public ECFieldElement fromBigInteger(BigInteger x) - { - return new SecP160R2FieldElement(x); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, boolean withCompression) - { - return new SecP160R2Point(this, x, y, withCompression); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - return new SecP160R2Point(this, x, y, zs, withCompression); - } - - public ECPoint getInfinity() - { - return infinity; - } - - public ECLookupTable createCacheSafeLookupTable(ECPoint[] points, int off, final int len) - { - final int FE_INTS = 5; - - final int[] table = new int[len * FE_INTS * 2]; - { - int pos = 0; - for (int i = 0; i < len; ++i) - { - ECPoint p = points[off + i]; - Nat160.copy(((SecP160R2FieldElement)p.getRawXCoord()).x, 0, table, pos); pos += FE_INTS; - Nat160.copy(((SecP160R2FieldElement)p.getRawYCoord()).x, 0, table, pos); pos += FE_INTS; - } - } - - return new ECLookupTable() - { - public int getSize() - { - return len; - } - - public ECPoint lookup(int index) - { - int[] x = Nat160.create(), y = Nat160.create(); - int pos = 0; - - for (int i = 0; i < len; ++i) - { - int MASK = ((i ^ index) - 1) >> 31; - - for (int j = 0; j < FE_INTS; ++j) - { - x[j] ^= table[pos + j] & MASK; - y[j] ^= table[pos + FE_INTS + j] & MASK; - } - - pos += (FE_INTS * 2); - } - - return createRawPoint(new SecP160R2FieldElement(x), new SecP160R2FieldElement(y), false); - } - }; - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP160R2Field.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP160R2Field.java deleted file mode 100644 index 70c5e0c9..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP160R2Field.java +++ /dev/null @@ -1,177 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.raw.Nat; -import org.bouncycastle.math.raw.Nat160; - -public class SecP160R2Field -{ - // 2^160 - 2^32 - 2^14 - 2^12 - 2^9 - 2^8 - 2^7 - 2^3 - 2^2 - 1 - static final int[] P = new int[]{ 0xFFFFAC73, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF }; - static final int[] PExt = new int[]{ 0x1B44BBA9, 0x0000A71A, 0x00000001, 0x00000000, 0x00000000, - 0xFFFF58E6, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF }; - private static final int[] PExtInv = new int[]{ 0xE4BB4457, 0xFFFF58E5, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, - 0x0000A719, 0x00000002 }; - private static final int P4 = 0xFFFFFFFF; - private static final int PExt9 = 0xFFFFFFFF; - private static final int PInv33 = 0x538D; - - public static void add(int[] x, int[] y, int[] z) - { - int c = Nat160.add(x, y, z); - if (c != 0 || (z[4] == P4 && Nat160.gte(z, P))) - { - Nat.add33To(5, PInv33, z); - } - } - - public static void addExt(int[] xx, int[] yy, int[] zz) - { - int c = Nat.add(10, xx, yy, zz); - if (c != 0 || (zz[9] == PExt9 && Nat.gte(10, zz, PExt))) - { - if (Nat.addTo(PExtInv.length, PExtInv, zz) != 0) - { - Nat.incAt(10, zz, PExtInv.length); - } - } - } - - public static void addOne(int[] x, int[] z) - { - int c = Nat.inc(5, x, z); - if (c != 0 || (z[4] == P4 && Nat160.gte(z, P))) - { - Nat.add33To(5, PInv33, z); - } - } - - public static int[] fromBigInteger(BigInteger x) - { - int[] z = Nat160.fromBigInteger(x); - if (z[4] == P4 && Nat160.gte(z, P)) - { - Nat160.subFrom(P, z); - } - return z; - } - - public static void half(int[] x, int[] z) - { - if ((x[0] & 1) == 0) - { - Nat.shiftDownBit(5, x, 0, z); - } - else - { - int c = Nat160.add(x, P, z); - Nat.shiftDownBit(5, z, c); - } - } - - public static void multiply(int[] x, int[] y, int[] z) - { - int[] tt = Nat160.createExt(); - Nat160.mul(x, y, tt); - reduce(tt, z); - } - - public static void multiplyAddToExt(int[] x, int[] y, int[] zz) - { - int c = Nat160.mulAddTo(x, y, zz); - if (c != 0 || (zz[9] == PExt9 && Nat.gte(10, zz, PExt))) - { - if (Nat.addTo(PExtInv.length, PExtInv, zz) != 0) - { - Nat.incAt(10, zz, PExtInv.length); - } - } - } - - public static void negate(int[] x, int[] z) - { - if (Nat160.isZero(x)) - { - Nat160.zero(z); - } - else - { - Nat160.sub(P, x, z); - } - } - - public static void reduce(int[] xx, int[] z) - { - long cc = Nat160.mul33Add(PInv33, xx, 5, xx, 0, z, 0); - int c = Nat160.mul33DWordAdd(PInv33, cc, z, 0); - - // assert c == 0 || c == 1; - - if (c != 0 || (z[4] == P4 && Nat160.gte(z, P))) - { - Nat.add33To(5, PInv33, z); - } - } - - public static void reduce32(int x, int[] z) - { - if ((x != 0 && Nat160.mul33WordAdd(PInv33, x, z, 0) != 0) - || (z[4] == P4 && Nat160.gte(z, P))) - { - Nat.add33To(5, PInv33, z); - } - } - - public static void square(int[] x, int[] z) - { - int[] tt = Nat160.createExt(); - Nat160.square(x, tt); - reduce(tt, z); - } - - public static void squareN(int[] x, int n, int[] z) - { -// assert n > 0; - - int[] tt = Nat160.createExt(); - Nat160.square(x, tt); - reduce(tt, z); - - while (--n > 0) - { - Nat160.square(z, tt); - reduce(tt, z); - } - } - - public static void subtract(int[] x, int[] y, int[] z) - { - int c = Nat160.sub(x, y, z); - if (c != 0) - { - Nat.sub33From(5, PInv33, z); - } - } - - public static void subtractExt(int[] xx, int[] yy, int[] zz) - { - int c = Nat.sub(10, xx, yy, zz); - if (c != 0) - { - if (Nat.subFrom(PExtInv.length, PExtInv, zz) != 0) - { - Nat.decAt(10, zz, PExtInv.length); - } - } - } - - public static void twice(int[] x, int[] z) - { - int c = Nat.shiftUpBit(5, x, 0, z); - if (c != 0 || (z[4] == P4 && Nat160.gte(z, P))) - { - Nat.add33To(5, PInv33, z); - } - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP160R2FieldElement.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP160R2FieldElement.java deleted file mode 100644 index 943d2604..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP160R2FieldElement.java +++ /dev/null @@ -1,217 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.raw.Mod; -import org.bouncycastle.math.raw.Nat160; -import org.bouncycastle.util.Arrays; - -public class SecP160R2FieldElement extends ECFieldElement.AbstractFp -{ - public static final BigInteger Q = SecP160R2Curve.q; - - protected int[] x; - - public SecP160R2FieldElement(BigInteger x) - { - if (x == null || x.signum() < 0 || x.compareTo(Q) >= 0) - { - throw new IllegalArgumentException("x value invalid for SecP160R2FieldElement"); - } - - this.x = SecP160R2Field.fromBigInteger(x); - } - - public SecP160R2FieldElement() - { - this.x = Nat160.create(); - } - - protected SecP160R2FieldElement(int[] x) - { - this.x = x; - } - - public boolean isZero() - { - return Nat160.isZero(x); - } - - public boolean isOne() - { - return Nat160.isOne(x); - } - - public boolean testBitZero() - { - return Nat160.getBit(x, 0) == 1; - } - - public BigInteger toBigInteger() - { - return Nat160.toBigInteger(x); - } - - public String getFieldName() - { - return "SecP160R2Field"; - } - - public int getFieldSize() - { - return Q.bitLength(); - } - - public ECFieldElement add(ECFieldElement b) - { - int[] z = Nat160.create(); - SecP160R2Field.add(x, ((SecP160R2FieldElement)b).x, z); - return new SecP160R2FieldElement(z); - } - - public ECFieldElement addOne() - { - int[] z = Nat160.create(); - SecP160R2Field.addOne(x, z); - return new SecP160R2FieldElement(z); - } - - public ECFieldElement subtract(ECFieldElement b) - { - int[] z = Nat160.create(); - SecP160R2Field.subtract(x, ((SecP160R2FieldElement)b).x, z); - return new SecP160R2FieldElement(z); - } - - public ECFieldElement multiply(ECFieldElement b) - { - int[] z = Nat160.create(); - SecP160R2Field.multiply(x, ((SecP160R2FieldElement)b).x, z); - return new SecP160R2FieldElement(z); - } - - public ECFieldElement divide(ECFieldElement b) - { -// return multiply(b.invert()); - int[] z = Nat160.create(); - Mod.invert(SecP160R2Field.P, ((SecP160R2FieldElement)b).x, z); - SecP160R2Field.multiply(z, x, z); - return new SecP160R2FieldElement(z); - } - - public ECFieldElement negate() - { - int[] z = Nat160.create(); - SecP160R2Field.negate(x, z); - return new SecP160R2FieldElement(z); - } - - public ECFieldElement square() - { - int[] z = Nat160.create(); - SecP160R2Field.square(x, z); - return new SecP160R2FieldElement(z); - } - - public ECFieldElement invert() - { -// return new SecP160R2FieldElement(toBigInteger().modInverse(Q)); - int[] z = Nat160.create(); - Mod.invert(SecP160R2Field.P, x, z); - return new SecP160R2FieldElement(z); - } - - // D.1.4 91 - /** - * return a sqrt root - the routine verifies that the calculation returns the right value - if - * none exists it returns null. - */ - public ECFieldElement sqrt() - { - /* - * Raise this element to the exponent 2^158 - 2^30 - 2^12 - 2^10 - 2^7 - 2^6 - 2^5 - 2^1 - 2^0 - * - * Breaking up the exponent's binary representation into "repunits", we get: { 127 1s } { 1 - * 0s } { 17 1s } { 1 0s } { 1 1s } { 1 0s } { 2 1s } { 3 0s } { 3 1s } { 1 0s } { 1 1s } - * - * Therefore we need an addition chain containing 1, 2, 3, 17, 127 (the lengths of the repunits) - * We use: [1], [2], [3], 4, 7, 14, [17], 31, 62, 124, [127] - */ - - int[] x1 = this.x; - if (Nat160.isZero(x1) || Nat160.isOne(x1)) - { - return this; - } - - int[] x2 = Nat160.create(); - SecP160R2Field.square(x1, x2); - SecP160R2Field.multiply(x2, x1, x2); - int[] x3 = Nat160.create(); - SecP160R2Field.square(x2, x3); - SecP160R2Field.multiply(x3, x1, x3); - int[] x4 = Nat160.create(); - SecP160R2Field.square(x3, x4); - SecP160R2Field.multiply(x4, x1, x4); - int[] x7 = Nat160.create(); - SecP160R2Field.squareN(x4, 3, x7); - SecP160R2Field.multiply(x7, x3, x7); - int[] x14 = x4; - SecP160R2Field.squareN(x7, 7, x14); - SecP160R2Field.multiply(x14, x7, x14); - int[] x17 = x7; - SecP160R2Field.squareN(x14, 3, x17); - SecP160R2Field.multiply(x17, x3, x17); - int[] x31 = Nat160.create(); - SecP160R2Field.squareN(x17, 14, x31); - SecP160R2Field.multiply(x31, x14, x31); - int[] x62 = x14; - SecP160R2Field.squareN(x31, 31, x62); - SecP160R2Field.multiply(x62, x31, x62); - int[] x124 = x31; - SecP160R2Field.squareN(x62, 62, x124); - SecP160R2Field.multiply(x124, x62, x124); - int[] x127 = x62; - SecP160R2Field.squareN(x124, 3, x127); - SecP160R2Field.multiply(x127, x3, x127); - - int[] t1 = x127; - SecP160R2Field.squareN(t1, 18, t1); - SecP160R2Field.multiply(t1, x17, t1); - SecP160R2Field.squareN(t1, 2, t1); - SecP160R2Field.multiply(t1, x1, t1); - SecP160R2Field.squareN(t1, 3, t1); - SecP160R2Field.multiply(t1, x2, t1); - SecP160R2Field.squareN(t1, 6, t1); - SecP160R2Field.multiply(t1, x3, t1); - SecP160R2Field.squareN(t1, 2, t1); - SecP160R2Field.multiply(t1, x1, t1); - - int[] t2 = x2; - SecP160R2Field.square(t1, t2); - - return Nat160.eq(x1, t2) ? new SecP160R2FieldElement(t1) : null; - } - - public boolean equals(Object other) - { - if (other == this) - { - return true; - } - - if (!(other instanceof SecP160R2FieldElement)) - { - return false; - } - - SecP160R2FieldElement o = (SecP160R2FieldElement)other; - return Nat160.eq(x, o.x); - } - - public int hashCode() - { - return Q.hashCode() ^ Arrays.hashCode(x, 0, 5); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP160R2Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP160R2Point.java deleted file mode 100644 index 49350b87..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP160R2Point.java +++ /dev/null @@ -1,308 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.raw.Nat; -import org.bouncycastle.math.raw.Nat160; - -public class SecP160R2Point extends ECPoint.AbstractFp -{ - /** - * Create a point which encodes with point compression. - * - * @param curve - * the curve to use - * @param x - * affine x co-ordinate - * @param y - * affine y co-ordinate - * - * @deprecated Use ECCurve.createPoint to construct points - */ - public SecP160R2Point(ECCurve curve, ECFieldElement x, ECFieldElement y) - { - this(curve, x, y, false); - } - - /** - * Create a point that encodes with or without point compresion. - * - * @param curve - * the curve to use - * @param x - * affine x co-ordinate - * @param y - * affine y co-ordinate - * @param withCompression - * if true encode with point compression - * - * @deprecated per-point compression property will be removed, refer - * {@link #getEncoded(boolean)} - */ - public SecP160R2Point(ECCurve curve, ECFieldElement x, ECFieldElement y, boolean withCompression) - { - super(curve, x, y); - - if ((x == null) != (y == null)) - { - throw new IllegalArgumentException("Exactly one of the field elements is null"); - } - - this.withCompression = withCompression; - } - - SecP160R2Point(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - super(curve, x, y, zs); - - this.withCompression = withCompression; - } - - protected ECPoint detach() - { - return new SecP160R2Point(null, getAffineXCoord(), getAffineYCoord()); - } - - public ECPoint add(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return this; - } - if (this == b) - { - return twice(); - } - - ECCurve curve = this.getCurve(); - - SecP160R2FieldElement X1 = (SecP160R2FieldElement)this.x, Y1 = (SecP160R2FieldElement)this.y; - SecP160R2FieldElement X2 = (SecP160R2FieldElement)b.getXCoord(), Y2 = (SecP160R2FieldElement)b.getYCoord(); - - SecP160R2FieldElement Z1 = (SecP160R2FieldElement)this.zs[0]; - SecP160R2FieldElement Z2 = (SecP160R2FieldElement)b.getZCoord(0); - - int c; - int[] tt1 = Nat160.createExt(); - int[] t2 = Nat160.create(); - int[] t3 = Nat160.create(); - int[] t4 = Nat160.create(); - - boolean Z1IsOne = Z1.isOne(); - int[] U2, S2; - if (Z1IsOne) - { - U2 = X2.x; - S2 = Y2.x; - } - else - { - S2 = t3; - SecP160R2Field.square(Z1.x, S2); - - U2 = t2; - SecP160R2Field.multiply(S2, X2.x, U2); - - SecP160R2Field.multiply(S2, Z1.x, S2); - SecP160R2Field.multiply(S2, Y2.x, S2); - } - - boolean Z2IsOne = Z2.isOne(); - int[] U1, S1; - if (Z2IsOne) - { - U1 = X1.x; - S1 = Y1.x; - } - else - { - S1 = t4; - SecP160R2Field.square(Z2.x, S1); - - U1 = tt1; - SecP160R2Field.multiply(S1, X1.x, U1); - - SecP160R2Field.multiply(S1, Z2.x, S1); - SecP160R2Field.multiply(S1, Y1.x, S1); - } - - int[] H = Nat160.create(); - SecP160R2Field.subtract(U1, U2, H); - - int[] R = t2; - SecP160R2Field.subtract(S1, S2, R); - - // Check if b == this or b == -this - if (Nat160.isZero(H)) - { - if (Nat160.isZero(R)) - { - // this == b, i.e. this must be doubled - return this.twice(); - } - - // this == -b, i.e. the result is the point at infinity - return curve.getInfinity(); - } - - int[] HSquared = t3; - SecP160R2Field.square(H, HSquared); - - int[] G = Nat160.create(); - SecP160R2Field.multiply(HSquared, H, G); - - int[] V = t3; - SecP160R2Field.multiply(HSquared, U1, V); - - SecP160R2Field.negate(G, G); - Nat160.mul(S1, G, tt1); - - c = Nat160.addBothTo(V, V, G); - SecP160R2Field.reduce32(c, G); - - SecP160R2FieldElement X3 = new SecP160R2FieldElement(t4); - SecP160R2Field.square(R, X3.x); - SecP160R2Field.subtract(X3.x, G, X3.x); - - SecP160R2FieldElement Y3 = new SecP160R2FieldElement(G); - SecP160R2Field.subtract(V, X3.x, Y3.x); - SecP160R2Field.multiplyAddToExt(Y3.x, R, tt1); - SecP160R2Field.reduce(tt1, Y3.x); - - SecP160R2FieldElement Z3 = new SecP160R2FieldElement(H); - if (!Z1IsOne) - { - SecP160R2Field.multiply(Z3.x, Z1.x, Z3.x); - } - if (!Z2IsOne) - { - SecP160R2Field.multiply(Z3.x, Z2.x, Z3.x); - } - - ECFieldElement[] zs = new ECFieldElement[]{ Z3 }; - - return new SecP160R2Point(curve, X3, Y3, zs, this.withCompression); - } - - public ECPoint twice() - { - if (this.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - SecP160R2FieldElement Y1 = (SecP160R2FieldElement)this.y; - if (Y1.isZero()) - { - return curve.getInfinity(); - } - - SecP160R2FieldElement X1 = (SecP160R2FieldElement)this.x, Z1 = (SecP160R2FieldElement)this.zs[0]; - - int c; - int[] t1 = Nat160.create(); - int[] t2 = Nat160.create(); - - int[] Y1Squared = Nat160.create(); - SecP160R2Field.square(Y1.x, Y1Squared); - - int[] T = Nat160.create(); - SecP160R2Field.square(Y1Squared, T); - - boolean Z1IsOne = Z1.isOne(); - - int[] Z1Squared = Z1.x; - if (!Z1IsOne) - { - Z1Squared = t2; - SecP160R2Field.square(Z1.x, Z1Squared); - } - - SecP160R2Field.subtract(X1.x, Z1Squared, t1); - - int[] M = t2; - SecP160R2Field.add(X1.x, Z1Squared, M); - SecP160R2Field.multiply(M, t1, M); - c = Nat160.addBothTo(M, M, M); - SecP160R2Field.reduce32(c, M); - - int[] S = Y1Squared; - SecP160R2Field.multiply(Y1Squared, X1.x, S); - c = Nat.shiftUpBits(5, S, 2, 0); - SecP160R2Field.reduce32(c, S); - - c = Nat.shiftUpBits(5, T, 3, 0, t1); - SecP160R2Field.reduce32(c, t1); - - SecP160R2FieldElement X3 = new SecP160R2FieldElement(T); - SecP160R2Field.square(M, X3.x); - SecP160R2Field.subtract(X3.x, S, X3.x); - SecP160R2Field.subtract(X3.x, S, X3.x); - - SecP160R2FieldElement Y3 = new SecP160R2FieldElement(S); - SecP160R2Field.subtract(S, X3.x, Y3.x); - SecP160R2Field.multiply(Y3.x, M, Y3.x); - SecP160R2Field.subtract(Y3.x, t1, Y3.x); - - SecP160R2FieldElement Z3 = new SecP160R2FieldElement(M); - SecP160R2Field.twice(Y1.x, Z3.x); - if (!Z1IsOne) - { - SecP160R2Field.multiply(Z3.x, Z1.x, Z3.x); - } - - return new SecP160R2Point(curve, X3, Y3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint twicePlus(ECPoint b) - { - if (this == b) - { - return threeTimes(); - } - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return twice(); - } - - ECFieldElement Y1 = this.y; - if (Y1.isZero()) - { - return b; - } - - return twice().add(b); - } - - public ECPoint threeTimes() - { - if (this.isInfinity() || this.y.isZero()) - { - return this; - } - - // NOTE: Be careful about recursions between twicePlus and threeTimes - return twice().add(this); - } - - public ECPoint negate() - { - if (this.isInfinity()) - { - return this; - } - - return new SecP160R2Point(curve, this.x, this.y.negate(), this.zs, this.withCompression); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT113Field.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT113Field.java deleted file mode 100644 index 17483b02..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT113Field.java +++ /dev/null @@ -1,226 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.raw.Interleave; -import org.bouncycastle.math.raw.Nat128; - -public class SecT113Field -{ - private static final long M49 = -1L >>> 15; - private static final long M57 = -1L >>> 7; - - public static void add(long[] x, long[] y, long[] z) - { - z[0] = x[0] ^ y[0]; - z[1] = x[1] ^ y[1]; - } - - public static void addExt(long[] xx, long[] yy, long[] zz) - { - zz[0] = xx[0] ^ yy[0]; - zz[1] = xx[1] ^ yy[1]; - zz[2] = xx[2] ^ yy[2]; - zz[3] = xx[3] ^ yy[3]; - } - - public static void addOne(long[] x, long[] z) - { - z[0] = x[0] ^ 1L; - z[1] = x[1]; - } - - public static long[] fromBigInteger(BigInteger x) - { - long[] z = Nat128.fromBigInteger64(x); - reduce15(z, 0); - return z; - } - - public static void invert(long[] x, long[] z) - { - if (Nat128.isZero64(x)) - { - throw new IllegalStateException(); - } - - // Itoh-Tsujii inversion - - long[] t0 = Nat128.create64(); - long[] t1 = Nat128.create64(); - - square(x, t0); - multiply(t0, x, t0); - square(t0, t0); - multiply(t0, x, t0); - squareN(t0, 3, t1); - multiply(t1, t0, t1); - square(t1, t1); - multiply(t1, x, t1); - squareN(t1, 7, t0); - multiply(t0, t1, t0); - squareN(t0, 14, t1); - multiply(t1, t0, t1); - squareN(t1, 28, t0); - multiply(t0, t1, t0); - squareN(t0, 56, t1); - multiply(t1, t0, t1); - square(t1, z); - } - - public static void multiply(long[] x, long[] y, long[] z) - { - long[] tt = Nat128.createExt64(); - implMultiply(x, y, tt); - reduce(tt, z); - } - - public static void multiplyAddToExt(long[] x, long[] y, long[] zz) - { - long[] tt = Nat128.createExt64(); - implMultiply(x, y, tt); - addExt(zz, tt, zz); - } - - public static void reduce(long[] xx, long[] z) - { - long x0 = xx[0], x1 = xx[1], x2 = xx[2], x3 = xx[3]; - - x1 ^= (x3 << 15) ^ (x3 << 24); - x2 ^= (x3 >>> 49) ^ (x3 >>> 40); - - x0 ^= (x2 << 15) ^ (x2 << 24); - x1 ^= (x2 >>> 49) ^ (x2 >>> 40); - - long t = x1 >>> 49; - z[0] = x0 ^ t ^ (t << 9); - z[1] = x1 & M49; - } - - public static void reduce15(long[] z, int zOff) - { - long z1 = z[zOff + 1], t = z1 >>> 49; - z[zOff ] ^= t ^ (t << 9); - z[zOff + 1] = z1 & M49; - } - - public static void sqrt(long[] x, long[] z) - { - long u0 = Interleave.unshuffle(x[0]), u1 = Interleave.unshuffle(x[1]); - long e0 = (u0 & 0x00000000FFFFFFFFL) | (u1 << 32); - long c0 = (u0 >>> 32) | (u1 & 0xFFFFFFFF00000000L); - - z[0] = e0 ^ (c0 << 57) ^ (c0 << 5); - z[1] = (c0 >>> 7) ^ (c0 >>> 59); - } - - public static void square(long[] x, long[] z) - { - long[] tt = Nat128.createExt64(); - implSquare(x, tt); - reduce(tt, z); - } - - public static void squareAddToExt(long[] x, long[] zz) - { - long[] tt = Nat128.createExt64(); - implSquare(x, tt); - addExt(zz, tt, zz); - } - - public static void squareN(long[] x, int n, long[] z) - { -// assert n > 0; - - long[] tt = Nat128.createExt64(); - implSquare(x, tt); - reduce(tt, z); - - while (--n > 0) - { - implSquare(z, tt); - reduce(tt, z); - } - } - - public static int trace(long[] x) - { - // Non-zero-trace bits: 0 - return (int)(x[0]) & 1; - } - - protected static void implMultiply(long[] x, long[] y, long[] zz) - { - /* - * "Three-way recursion" as described in "Batch binary Edwards", Daniel J. Bernstein. - */ - - long f0 = x[0], f1 = x[1]; - f1 = ((f0 >>> 57) ^ (f1 << 7)) & M57; - f0 &= M57; - - long g0 = y[0], g1 = y[1]; - g1 = ((g0 >>> 57) ^ (g1 << 7)) & M57; - g0 &= M57; - - long[] H = new long[6]; - - implMulw(f0, g0, H, 0); // H(0) 57/56 bits - implMulw(f1, g1, H, 2); // H(INF) 57/54 bits - implMulw(f0 ^ f1, g0 ^ g1, H, 4); // H(1) 57/56 bits - - long r = H[1] ^ H[2]; - long z0 = H[0], - z3 = H[3], - z1 = H[4] ^ z0 ^ r, - z2 = H[5] ^ z3 ^ r; - - zz[0] = z0 ^ (z1 << 57); - zz[1] = (z1 >>> 7) ^ (z2 << 50); - zz[2] = (z2 >>> 14) ^ (z3 << 43); - zz[3] = (z3 >>> 21); - } - - protected static void implMulw(long x, long y, long[] z, int zOff) - { -// assert x >>> 57 == 0; -// assert y >>> 57 == 0; - - long[] u = new long[8]; -// u[0] = 0; - u[1] = y; - u[2] = u[1] << 1; - u[3] = u[2] ^ y; - u[4] = u[2] << 1; - u[5] = u[4] ^ y; - u[6] = u[3] << 1; - u[7] = u[6] ^ y; - - int j = (int)x; - long g, h = 0, l = u[j & 7]; - int k = 48; - do - { - j = (int)(x >>> k); - g = u[j & 7] - ^ u[(j >>> 3) & 7] << 3 - ^ u[(j >>> 6) & 7] << 6; - l ^= (g << k); - h ^= (g >>> -k); - } - while ((k -= 9) > 0); - - h ^= ((x & 0x0100804020100800L) & ((y << 7) >> 63)) >>> 8; - -// assert h >>> 49 == 0; - - z[zOff ] = l & M57; - z[zOff + 1] = (l >>> 57) ^ (h << 7); - } - - protected static void implSquare(long[] x, long[] zz) - { - Interleave.expand64To128(x[0], zz, 0); - Interleave.expand64To128(x[1], zz, 2); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT113FieldElement.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT113FieldElement.java deleted file mode 100644 index ef9eccef..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT113FieldElement.java +++ /dev/null @@ -1,226 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.raw.Nat128; -import org.bouncycastle.util.Arrays; - -public class SecT113FieldElement extends ECFieldElement.AbstractF2m -{ - protected long[] x; - - public SecT113FieldElement(BigInteger x) - { - if (x == null || x.signum() < 0 || x.bitLength() > 113) - { - throw new IllegalArgumentException("x value invalid for SecT113FieldElement"); - } - - this.x = SecT113Field.fromBigInteger(x); - } - - public SecT113FieldElement() - { - this.x = Nat128.create64(); - } - - protected SecT113FieldElement(long[] x) - { - this.x = x; - } - -// public int bitLength() -// { -// return x.degree(); -// } - - public boolean isOne() - { - return Nat128.isOne64(x); - } - - public boolean isZero() - { - return Nat128.isZero64(x); - } - - public boolean testBitZero() - { - return (x[0] & 1L) != 0L; - } - - public BigInteger toBigInteger() - { - return Nat128.toBigInteger64(x); - } - - public String getFieldName() - { - return "SecT113Field"; - } - - public int getFieldSize() - { - return 113; - } - - public ECFieldElement add(ECFieldElement b) - { - long[] z = Nat128.create64(); - SecT113Field.add(x, ((SecT113FieldElement)b).x, z); - return new SecT113FieldElement(z); - } - - public ECFieldElement addOne() - { - long[] z = Nat128.create64(); - SecT113Field.addOne(x, z); - return new SecT113FieldElement(z); - } - - public ECFieldElement subtract(ECFieldElement b) - { - // Addition and subtraction are the same in F2m - return add(b); - } - - public ECFieldElement multiply(ECFieldElement b) - { - long[] z = Nat128.create64(); - SecT113Field.multiply(x, ((SecT113FieldElement)b).x, z); - return new SecT113FieldElement(z); - } - - public ECFieldElement multiplyMinusProduct(ECFieldElement b, ECFieldElement x, ECFieldElement y) - { - return multiplyPlusProduct(b, x, y); - } - - public ECFieldElement multiplyPlusProduct(ECFieldElement b, ECFieldElement x, ECFieldElement y) - { - long[] ax = this.x, bx = ((SecT113FieldElement)b).x; - long[] xx = ((SecT113FieldElement)x).x, yx = ((SecT113FieldElement)y).x; - - long[] tt = Nat128.createExt64(); - SecT113Field.multiplyAddToExt(ax, bx, tt); - SecT113Field.multiplyAddToExt(xx, yx, tt); - - long[] z = Nat128.create64(); - SecT113Field.reduce(tt, z); - return new SecT113FieldElement(z); - } - - public ECFieldElement divide(ECFieldElement b) - { - return multiply(b.invert()); - } - - public ECFieldElement negate() - { - return this; - } - - public ECFieldElement square() - { - long[] z = Nat128.create64(); - SecT113Field.square(x, z); - return new SecT113FieldElement(z); - } - - public ECFieldElement squareMinusProduct(ECFieldElement x, ECFieldElement y) - { - return squarePlusProduct(x, y); - } - - public ECFieldElement squarePlusProduct(ECFieldElement x, ECFieldElement y) - { - long[] ax = this.x; - long[] xx = ((SecT113FieldElement)x).x, yx = ((SecT113FieldElement)y).x; - - long[] tt = Nat128.createExt64(); - SecT113Field.squareAddToExt(ax, tt); - SecT113Field.multiplyAddToExt(xx, yx, tt); - - long[] z = Nat128.create64(); - SecT113Field.reduce(tt, z); - return new SecT113FieldElement(z); - } - - public ECFieldElement squarePow(int pow) - { - if (pow < 1) - { - return this; - } - - long[] z = Nat128.create64(); - SecT113Field.squareN(x, pow, z); - return new SecT113FieldElement(z); - } - - public int trace() - { - return SecT113Field.trace(x); - } - - public ECFieldElement invert() - { - long[] z = Nat128.create64(); - SecT113Field.invert(x, z); - return new SecT113FieldElement(z); - } - - public ECFieldElement sqrt() - { - long[] z = Nat128.create64(); - SecT113Field.sqrt(x, z); - return new SecT113FieldElement(z); - } - - public int getRepresentation() - { - return ECFieldElement.F2m.TPB; - } - - public int getM() - { - return 113; - } - - public int getK1() - { - return 9; - } - - public int getK2() - { - return 0; - } - - public int getK3() - { - return 0; - } - - public boolean equals(Object other) - { - if (other == this) - { - return true; - } - - if (!(other instanceof SecT113FieldElement)) - { - return false; - } - - SecT113FieldElement o = (SecT113FieldElement)other; - return Nat128.eq64(x, o.x); - } - - public int hashCode() - { - return 113009 ^ Arrays.hashCode(x, 0, 2); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT113R1Curve.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT113R1Curve.java deleted file mode 100644 index b2a55f0e..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT113R1Curve.java +++ /dev/null @@ -1,148 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECCurve.AbstractF2m; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECLookupTable; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.raw.Nat128; -import org.bouncycastle.util.encoders.Hex; - -public class SecT113R1Curve extends AbstractF2m -{ - private static final int SecT113R1_DEFAULT_COORDS = COORD_LAMBDA_PROJECTIVE; - - protected SecT113R1Point infinity; - - public SecT113R1Curve() - { - super(113, 9, 0, 0); - - this.infinity = new SecT113R1Point(this, null, null); - - this.a = fromBigInteger(new BigInteger(1, Hex.decode("003088250CA6E7C7FE649CE85820F7"))); - this.b = fromBigInteger(new BigInteger(1, Hex.decode("00E8BEE4D3E2260744188BE0E9C723"))); - this.order = new BigInteger(1, Hex.decode("0100000000000000D9CCEC8A39E56F")); - this.cofactor = BigInteger.valueOf(2); - - this.coord = SecT113R1_DEFAULT_COORDS; - } - - protected ECCurve cloneCurve() - { - return new SecT113R1Curve(); - } - - public boolean supportsCoordinateSystem(int coord) - { - switch (coord) - { - case COORD_LAMBDA_PROJECTIVE: - return true; - default: - return false; - } - } - - public int getFieldSize() - { - return 113; - } - - public ECFieldElement fromBigInteger(BigInteger x) - { - return new SecT113FieldElement(x); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, boolean withCompression) - { - return new SecT113R1Point(this, x, y, withCompression); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - return new SecT113R1Point(this, x, y, zs, withCompression); - } - - public ECPoint getInfinity() - { - return infinity; - } - - public boolean isKoblitz() - { - return false; - } - - public int getM() - { - return 113; - } - - public boolean isTrinomial() - { - return true; - } - - public int getK1() - { - return 9; - } - - public int getK2() - { - return 0; - } - - public int getK3() - { - return 0; - } - - public ECLookupTable createCacheSafeLookupTable(ECPoint[] points, int off, final int len) - { - final int FE_LONGS = 2; - - final long[] table = new long[len * FE_LONGS * 2]; - { - int pos = 0; - for (int i = 0; i < len; ++i) - { - ECPoint p = points[off + i]; - Nat128.copy64(((SecT113FieldElement)p.getRawXCoord()).x, 0, table, pos); pos += FE_LONGS; - Nat128.copy64(((SecT113FieldElement)p.getRawYCoord()).x, 0, table, pos); pos += FE_LONGS; - } - } - - return new ECLookupTable() - { - public int getSize() - { - return len; - } - - public ECPoint lookup(int index) - { - long[] x = Nat128.create64(), y = Nat128.create64(); - int pos = 0; - - for (int i = 0; i < len; ++i) - { - long MASK = ((i ^ index) - 1) >> 31; - - for (int j = 0; j < FE_LONGS; ++j) - { - x[j] ^= table[pos + j] & MASK; - y[j] ^= table[pos + FE_LONGS + j] & MASK; - } - - pos += (FE_LONGS * 2); - } - - return createRawPoint(new SecT113FieldElement(x), new SecT113FieldElement(y), false); - } - }; - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT113R1Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT113R1Point.java deleted file mode 100644 index 28226c28..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT113R1Point.java +++ /dev/null @@ -1,308 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import org.bouncycastle.math.ec.ECConstants; -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.ec.ECPoint.AbstractF2m; - -public class SecT113R1Point extends AbstractF2m -{ - /** - * @deprecated Use ECCurve.createPoint to construct points - */ - public SecT113R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y) - { - this(curve, x, y, false); - } - - /** - * @deprecated per-point compression property will be removed, refer {@link #getEncoded(boolean)} - */ - public SecT113R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, boolean withCompression) - { - super(curve, x, y); - - if ((x == null) != (y == null)) - { - throw new IllegalArgumentException("Exactly one of the field elements is null"); - } - - this.withCompression = withCompression; - } - - SecT113R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - super(curve, x, y, zs); - - this.withCompression = withCompression; - } - - protected ECPoint detach() - { - return new SecT113R1Point(null, getAffineXCoord(), getAffineYCoord()); - } - - public ECFieldElement getYCoord() - { - ECFieldElement X = x, L = y; - - if (this.isInfinity() || X.isZero()) - { - return L; - } - - // Y is actually Lambda (X + Y/X) here; convert to affine value on the fly - ECFieldElement Y = L.add(X).multiply(X); - - ECFieldElement Z = zs[0]; - if (!Z.isOne()) - { - Y = Y.divide(Z); - } - - return Y; - } - - protected boolean getCompressionYTilde() - { - ECFieldElement X = this.getRawXCoord(); - if (X.isZero()) - { - return false; - } - - ECFieldElement Y = this.getRawYCoord(); - - // Y is actually Lambda (X + Y/X) here - return Y.testBitZero() != X.testBitZero(); - } - - public ECPoint add(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - ECFieldElement X2 = b.getRawXCoord(); - - if (X1.isZero()) - { - if (X2.isZero()) - { - return curve.getInfinity(); - } - - return b.add(this); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - ECFieldElement L2 = b.getRawYCoord(), Z2 = b.getZCoord(0); - - boolean Z1IsOne = Z1.isOne(); - ECFieldElement U2 = X2, S2 = L2; - if (!Z1IsOne) - { - U2 = U2.multiply(Z1); - S2 = S2.multiply(Z1); - } - - boolean Z2IsOne = Z2.isOne(); - ECFieldElement U1 = X1, S1 = L1; - if (!Z2IsOne) - { - U1 = U1.multiply(Z2); - S1 = S1.multiply(Z2); - } - - ECFieldElement A = S1.add(S2); - ECFieldElement B = U1.add(U2); - - if (B.isZero()) - { - if (A.isZero()) - { - return twice(); - } - - return curve.getInfinity(); - } - - ECFieldElement X3, L3, Z3; - if (X2.isZero()) - { - // TODO This can probably be optimized quite a bit - ECPoint p = this.normalize(); - X1 = p.getXCoord(); - ECFieldElement Y1 = p.getYCoord(); - - ECFieldElement Y2 = L2; - ECFieldElement L = Y1.add(Y2).divide(X1); - - X3 = L.square().add(L).add(X1).add(curve.getA()); - if (X3.isZero()) - { - return new SecT113R1Point(curve, X3, curve.getB().sqrt(), this.withCompression); - } - - ECFieldElement Y3 = L.multiply(X1.add(X3)).add(X3).add(Y1); - L3 = Y3.divide(X3).add(X3); - Z3 = curve.fromBigInteger(ECConstants.ONE); - } - else - { - B = B.square(); - - ECFieldElement AU1 = A.multiply(U1); - ECFieldElement AU2 = A.multiply(U2); - - X3 = AU1.multiply(AU2); - if (X3.isZero()) - { - return new SecT113R1Point(curve, X3, curve.getB().sqrt(), this.withCompression); - } - - ECFieldElement ABZ2 = A.multiply(B); - if (!Z2IsOne) - { - ABZ2 = ABZ2.multiply(Z2); - } - - L3 = AU2.add(B).squarePlusProduct(ABZ2, L1.add(Z1)); - - Z3 = ABZ2; - if (!Z1IsOne) - { - Z3 = Z3.multiply(Z1); - } - } - - return new SecT113R1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint twice() - { - if (this.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - if (X1.isZero()) - { - // A point with X == 0 is it's own additive inverse - return curve.getInfinity(); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - - boolean Z1IsOne = Z1.isOne(); - ECFieldElement L1Z1 = Z1IsOne ? L1 : L1.multiply(Z1); - ECFieldElement Z1Sq = Z1IsOne ? Z1 : Z1.square(); - ECFieldElement a = curve.getA(); - ECFieldElement aZ1Sq = Z1IsOne ? a : a.multiply(Z1Sq); - ECFieldElement T = L1.square().add(L1Z1).add(aZ1Sq); - if (T.isZero()) - { - return new SecT113R1Point(curve, T, curve.getB().sqrt(), withCompression); - } - - ECFieldElement X3 = T.square(); - ECFieldElement Z3 = Z1IsOne ? T : T.multiply(Z1Sq); - - ECFieldElement X1Z1 = Z1IsOne ? X1 : X1.multiply(Z1); - ECFieldElement L3 = X1Z1.squarePlusProduct(T, L1Z1).add(X3).add(Z3); - - return new SecT113R1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint twicePlus(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return twice(); - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - if (X1.isZero()) - { - // A point with X == 0 is it's own additive inverse - return b; - } - - ECFieldElement X2 = b.getRawXCoord(), Z2 = b.getZCoord(0); - if (X2.isZero() || !Z2.isOne()) - { - return twice().add(b); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - ECFieldElement L2 = b.getRawYCoord(); - - ECFieldElement X1Sq = X1.square(); - ECFieldElement L1Sq = L1.square(); - ECFieldElement Z1Sq = Z1.square(); - ECFieldElement L1Z1 = L1.multiply(Z1); - - ECFieldElement T = curve.getA().multiply(Z1Sq).add(L1Sq).add(L1Z1); - ECFieldElement L2plus1 = L2.addOne(); - ECFieldElement A = curve.getA().add(L2plus1).multiply(Z1Sq).add(L1Sq).multiplyPlusProduct(T, X1Sq, Z1Sq); - ECFieldElement X2Z1Sq = X2.multiply(Z1Sq); - ECFieldElement B = X2Z1Sq.add(T).square(); - - if (B.isZero()) - { - if (A.isZero()) - { - return b.twice(); - } - - return curve.getInfinity(); - } - - if (A.isZero()) - { - return new SecT113R1Point(curve, A, curve.getB().sqrt(), withCompression); - } - - ECFieldElement X3 = A.square().multiply(X2Z1Sq); - ECFieldElement Z3 = A.multiply(B).multiply(Z1Sq); - ECFieldElement L3 = A.add(B).square().multiplyPlusProduct(T, L2plus1, Z3); - - return new SecT113R1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint negate() - { - if (this.isInfinity()) - { - return this; - } - - ECFieldElement X = this.x; - if (X.isZero()) - { - return this; - } - - // L is actually Lambda (X + Y/X) here - ECFieldElement L = this.y, Z = this.zs[0]; - return new SecT113R1Point(curve, X, L.add(Z), new ECFieldElement[]{ Z }, this.withCompression); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT113R2Curve.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT113R2Curve.java deleted file mode 100644 index 92da2984..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT113R2Curve.java +++ /dev/null @@ -1,148 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECCurve.AbstractF2m; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECLookupTable; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.raw.Nat128; -import org.bouncycastle.util.encoders.Hex; - -public class SecT113R2Curve extends AbstractF2m -{ - private static final int SecT113R2_DEFAULT_COORDS = COORD_LAMBDA_PROJECTIVE; - - protected SecT113R2Point infinity; - - public SecT113R2Curve() - { - super(113, 9, 0, 0); - - this.infinity = new SecT113R2Point(this, null, null); - - this.a = fromBigInteger(new BigInteger(1, Hex.decode("00689918DBEC7E5A0DD6DFC0AA55C7"))); - this.b = fromBigInteger(new BigInteger(1, Hex.decode("0095E9A9EC9B297BD4BF36E059184F"))); - this.order = new BigInteger(1, Hex.decode("010000000000000108789B2496AF93")); - this.cofactor = BigInteger.valueOf(2); - - this.coord = SecT113R2_DEFAULT_COORDS; - } - - protected ECCurve cloneCurve() - { - return new SecT113R2Curve(); - } - - public boolean supportsCoordinateSystem(int coord) - { - switch (coord) - { - case COORD_LAMBDA_PROJECTIVE: - return true; - default: - return false; - } - } - - public int getFieldSize() - { - return 113; - } - - public ECFieldElement fromBigInteger(BigInteger x) - { - return new SecT113FieldElement(x); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, boolean withCompression) - { - return new SecT113R2Point(this, x, y, withCompression); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - return new SecT113R2Point(this, x, y, zs, withCompression); - } - - public ECPoint getInfinity() - { - return infinity; - } - - public boolean isKoblitz() - { - return false; - } - - public int getM() - { - return 113; - } - - public boolean isTrinomial() - { - return true; - } - - public int getK1() - { - return 9; - } - - public int getK2() - { - return 0; - } - - public int getK3() - { - return 0; - } - - public ECLookupTable createCacheSafeLookupTable(ECPoint[] points, int off, final int len) - { - final int FE_LONGS = 2; - - final long[] table = new long[len * FE_LONGS * 2]; - { - int pos = 0; - for (int i = 0; i < len; ++i) - { - ECPoint p = points[off + i]; - Nat128.copy64(((SecT113FieldElement)p.getRawXCoord()).x, 0, table, pos); pos += FE_LONGS; - Nat128.copy64(((SecT113FieldElement)p.getRawYCoord()).x, 0, table, pos); pos += FE_LONGS; - } - } - - return new ECLookupTable() - { - public int getSize() - { - return len; - } - - public ECPoint lookup(int index) - { - long[] x = Nat128.create64(), y = Nat128.create64(); - int pos = 0; - - for (int i = 0; i < len; ++i) - { - long MASK = ((i ^ index) - 1) >> 31; - - for (int j = 0; j < FE_LONGS; ++j) - { - x[j] ^= table[pos + j] & MASK; - y[j] ^= table[pos + FE_LONGS + j] & MASK; - } - - pos += (FE_LONGS * 2); - } - - return createRawPoint(new SecT113FieldElement(x), new SecT113FieldElement(y), false); - } - }; - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT113R2Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT113R2Point.java deleted file mode 100644 index 6b7a2de3..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT113R2Point.java +++ /dev/null @@ -1,308 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import org.bouncycastle.math.ec.ECConstants; -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.ec.ECPoint.AbstractF2m; - -public class SecT113R2Point extends AbstractF2m -{ - /** - * @deprecated Use ECCurve.createPoint to construct points - */ - public SecT113R2Point(ECCurve curve, ECFieldElement x, ECFieldElement y) - { - this(curve, x, y, false); - } - - /** - * @deprecated per-point compression property will be removed, refer {@link #getEncoded(boolean)} - */ - public SecT113R2Point(ECCurve curve, ECFieldElement x, ECFieldElement y, boolean withCompression) - { - super(curve, x, y); - - if ((x == null) != (y == null)) - { - throw new IllegalArgumentException("Exactly one of the field elements is null"); - } - - this.withCompression = withCompression; - } - - SecT113R2Point(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - super(curve, x, y, zs); - - this.withCompression = withCompression; - } - - protected ECPoint detach() - { - return new SecT113R2Point(null, getAffineXCoord(), getAffineYCoord()); - } - - public ECFieldElement getYCoord() - { - ECFieldElement X = x, L = y; - - if (this.isInfinity() || X.isZero()) - { - return L; - } - - // Y is actually Lambda (X + Y/X) here; convert to affine value on the fly - ECFieldElement Y = L.add(X).multiply(X); - - ECFieldElement Z = zs[0]; - if (!Z.isOne()) - { - Y = Y.divide(Z); - } - - return Y; - } - - protected boolean getCompressionYTilde() - { - ECFieldElement X = this.getRawXCoord(); - if (X.isZero()) - { - return false; - } - - ECFieldElement Y = this.getRawYCoord(); - - // Y is actually Lambda (X + Y/X) here - return Y.testBitZero() != X.testBitZero(); - } - - public ECPoint add(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - ECFieldElement X2 = b.getRawXCoord(); - - if (X1.isZero()) - { - if (X2.isZero()) - { - return curve.getInfinity(); - } - - return b.add(this); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - ECFieldElement L2 = b.getRawYCoord(), Z2 = b.getZCoord(0); - - boolean Z1IsOne = Z1.isOne(); - ECFieldElement U2 = X2, S2 = L2; - if (!Z1IsOne) - { - U2 = U2.multiply(Z1); - S2 = S2.multiply(Z1); - } - - boolean Z2IsOne = Z2.isOne(); - ECFieldElement U1 = X1, S1 = L1; - if (!Z2IsOne) - { - U1 = U1.multiply(Z2); - S1 = S1.multiply(Z2); - } - - ECFieldElement A = S1.add(S2); - ECFieldElement B = U1.add(U2); - - if (B.isZero()) - { - if (A.isZero()) - { - return twice(); - } - - return curve.getInfinity(); - } - - ECFieldElement X3, L3, Z3; - if (X2.isZero()) - { - // TODO This can probably be optimized quite a bit - ECPoint p = this.normalize(); - X1 = p.getXCoord(); - ECFieldElement Y1 = p.getYCoord(); - - ECFieldElement Y2 = L2; - ECFieldElement L = Y1.add(Y2).divide(X1); - - X3 = L.square().add(L).add(X1).add(curve.getA()); - if (X3.isZero()) - { - return new SecT113R2Point(curve, X3, curve.getB().sqrt(), this.withCompression); - } - - ECFieldElement Y3 = L.multiply(X1.add(X3)).add(X3).add(Y1); - L3 = Y3.divide(X3).add(X3); - Z3 = curve.fromBigInteger(ECConstants.ONE); - } - else - { - B = B.square(); - - ECFieldElement AU1 = A.multiply(U1); - ECFieldElement AU2 = A.multiply(U2); - - X3 = AU1.multiply(AU2); - if (X3.isZero()) - { - return new SecT113R2Point(curve, X3, curve.getB().sqrt(), this.withCompression); - } - - ECFieldElement ABZ2 = A.multiply(B); - if (!Z2IsOne) - { - ABZ2 = ABZ2.multiply(Z2); - } - - L3 = AU2.add(B).squarePlusProduct(ABZ2, L1.add(Z1)); - - Z3 = ABZ2; - if (!Z1IsOne) - { - Z3 = Z3.multiply(Z1); - } - } - - return new SecT113R2Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint twice() - { - if (this.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - if (X1.isZero()) - { - // A point with X == 0 is it's own additive inverse - return curve.getInfinity(); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - - boolean Z1IsOne = Z1.isOne(); - ECFieldElement L1Z1 = Z1IsOne ? L1 : L1.multiply(Z1); - ECFieldElement Z1Sq = Z1IsOne ? Z1 : Z1.square(); - ECFieldElement a = curve.getA(); - ECFieldElement aZ1Sq = Z1IsOne ? a : a.multiply(Z1Sq); - ECFieldElement T = L1.square().add(L1Z1).add(aZ1Sq); - if (T.isZero()) - { - return new SecT113R2Point(curve, T, curve.getB().sqrt(), withCompression); - } - - ECFieldElement X3 = T.square(); - ECFieldElement Z3 = Z1IsOne ? T : T.multiply(Z1Sq); - - ECFieldElement X1Z1 = Z1IsOne ? X1 : X1.multiply(Z1); - ECFieldElement L3 = X1Z1.squarePlusProduct(T, L1Z1).add(X3).add(Z3); - - return new SecT113R2Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint twicePlus(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return twice(); - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - if (X1.isZero()) - { - // A point with X == 0 is it's own additive inverse - return b; - } - - ECFieldElement X2 = b.getRawXCoord(), Z2 = b.getZCoord(0); - if (X2.isZero() || !Z2.isOne()) - { - return twice().add(b); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - ECFieldElement L2 = b.getRawYCoord(); - - ECFieldElement X1Sq = X1.square(); - ECFieldElement L1Sq = L1.square(); - ECFieldElement Z1Sq = Z1.square(); - ECFieldElement L1Z1 = L1.multiply(Z1); - - ECFieldElement T = curve.getA().multiply(Z1Sq).add(L1Sq).add(L1Z1); - ECFieldElement L2plus1 = L2.addOne(); - ECFieldElement A = curve.getA().add(L2plus1).multiply(Z1Sq).add(L1Sq).multiplyPlusProduct(T, X1Sq, Z1Sq); - ECFieldElement X2Z1Sq = X2.multiply(Z1Sq); - ECFieldElement B = X2Z1Sq.add(T).square(); - - if (B.isZero()) - { - if (A.isZero()) - { - return b.twice(); - } - - return curve.getInfinity(); - } - - if (A.isZero()) - { - return new SecT113R2Point(curve, A, curve.getB().sqrt(), withCompression); - } - - ECFieldElement X3 = A.square().multiply(X2Z1Sq); - ECFieldElement Z3 = A.multiply(B).multiply(Z1Sq); - ECFieldElement L3 = A.add(B).square().multiplyPlusProduct(T, L2plus1, Z3); - - return new SecT113R2Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint negate() - { - if (this.isInfinity()) - { - return this; - } - - ECFieldElement X = this.x; - if (X.isZero()) - { - return this; - } - - // L is actually Lambda (X + Y/X) here - ECFieldElement L = this.y, Z = this.zs[0]; - return new SecT113R2Point(curve, X, L.add(Z), new ECFieldElement[]{ Z }, this.withCompression); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT131Field.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT131Field.java deleted file mode 100644 index ab25c5df..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT131Field.java +++ /dev/null @@ -1,332 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.raw.Interleave; -import org.bouncycastle.math.raw.Nat; -import org.bouncycastle.math.raw.Nat192; - -public class SecT131Field -{ - private static final long M03 = -1L >>> 61; - private static final long M44 = -1L >>> 20; - - private static final long[] ROOT_Z = new long[]{ 0x26BC4D789AF13523L, 0x26BC4D789AF135E2L, 0x6L }; - - public static void add(long[] x, long[] y, long[] z) - { - z[0] = x[0] ^ y[0]; - z[1] = x[1] ^ y[1]; - z[2] = x[2] ^ y[2]; - } - - public static void addExt(long[] xx, long[] yy, long[] zz) - { - zz[0] = xx[0] ^ yy[0]; - zz[1] = xx[1] ^ yy[1]; - zz[2] = xx[2] ^ yy[2]; - zz[3] = xx[3] ^ yy[3]; - zz[4] = xx[4] ^ yy[4]; - } - - public static void addOne(long[] x, long[] z) - { - z[0] = x[0] ^ 1L; - z[1] = x[1]; - z[2] = x[2]; - } - - public static long[] fromBigInteger(BigInteger x) - { - long[] z = Nat192.fromBigInteger64(x); - reduce61(z, 0); - return z; - } - - public static void invert(long[] x, long[] z) - { - if (Nat192.isZero64(x)) - { - throw new IllegalStateException(); - } - - // Itoh-Tsujii inversion - - long[] t0 = Nat192.create64(); - long[] t1 = Nat192.create64(); - - square(x, t0); - multiply(t0, x, t0); - squareN(t0, 2, t1); - multiply(t1, t0, t1); - squareN(t1, 4, t0); - multiply(t0, t1, t0); - squareN(t0, 8, t1); - multiply(t1, t0, t1); - squareN(t1, 16, t0); - multiply(t0, t1, t0); - squareN(t0, 32, t1); - multiply(t1, t0, t1); - square(t1, t1); - multiply(t1, x, t1); - squareN(t1, 65, t0); - multiply(t0, t1, t0); - square(t0, z); - } - - public static void multiply(long[] x, long[] y, long[] z) - { - long[] tt = Nat192.createExt64(); - implMultiply(x, y, tt); - reduce(tt, z); - } - - public static void multiplyAddToExt(long[] x, long[] y, long[] zz) - { - long[] tt = Nat192.createExt64(); - implMultiply(x, y, tt); - addExt(zz, tt, zz); - } - - public static void reduce(long[] xx, long[] z) - { - long x0 = xx[0], x1 = xx[1], x2 = xx[2], x3 = xx[3], x4 = xx[4]; - - x1 ^= (x4 << 61) ^ (x4 << 63); - x2 ^= (x4 >>> 3) ^ (x4 >>> 1) ^ x4 ^ (x4 << 5); - x3 ^= (x4 >>> 59); - - x0 ^= (x3 << 61) ^ (x3 << 63); - x1 ^= (x3 >>> 3) ^ (x3 >>> 1) ^ x3 ^ (x3 << 5); - x2 ^= (x3 >>> 59); - - long t = x2 >>> 3; - z[0] = x0 ^ t ^ (t << 2) ^ (t << 3) ^ (t << 8); - z[1] = x1 ^ (t >>> 56); - z[2] = x2 & M03; - } - - public static void reduce61(long[] z, int zOff) - { - long z2 = z[zOff + 2], t = z2 >>> 3; - z[zOff ] ^= t ^ (t << 2) ^ (t << 3) ^ (t << 8); - z[zOff + 1] ^= (t >>> 56); - z[zOff + 2] = z2 & M03; - } - - public static void sqrt(long[] x, long[] z) - { - long[] odd = Nat192.create64(); - - long u0, u1; - u0 = Interleave.unshuffle(x[0]); u1 = Interleave.unshuffle(x[1]); - long e0 = (u0 & 0x00000000FFFFFFFFL) | (u1 << 32); - odd[0] = (u0 >>> 32) | (u1 & 0xFFFFFFFF00000000L); - - u0 = Interleave.unshuffle(x[2]); - long e1 = (u0 & 0x00000000FFFFFFFFL); - odd[1] = (u0 >>> 32); - - multiply(odd, ROOT_Z, z); - - z[0] ^= e0; - z[1] ^= e1; - } - - public static void square(long[] x, long[] z) - { - long[] tt = Nat.create64(5); - implSquare(x, tt); - reduce(tt, z); - } - - public static void squareAddToExt(long[] x, long[] zz) - { - long[] tt = Nat.create64(5); - implSquare(x, tt); - addExt(zz, tt, zz); - } - - public static void squareN(long[] x, int n, long[] z) - { -// assert n > 0; - - long[] tt = Nat.create64(5); - implSquare(x, tt); - reduce(tt, z); - - while (--n > 0) - { - implSquare(z, tt); - reduce(tt, z); - } - } - - public static int trace(long[] x) - { - // Non-zero-trace bits: 0, 123, 129 - return (int)(x[0] ^ (x[1] >>> 59) ^ (x[2] >>> 1)) & 1; - } - - protected static void implCompactExt(long[] zz) - { - long z0 = zz[0], z1 = zz[1], z2 = zz[2], z3 = zz[3], z4 = zz[4], z5 = zz[5]; - zz[0] = z0 ^ (z1 << 44); - zz[1] = (z1 >>> 20) ^ (z2 << 24); - zz[2] = (z2 >>> 40) ^ (z3 << 4) - ^ (z4 << 48); - zz[3] = (z3 >>> 60) ^ (z5 << 28) - ^ (z4 >>> 16); - zz[4] = (z5 >>> 36); - zz[5] = 0; - } - - protected static void implMultiply(long[] x, long[] y, long[] zz) - { - /* - * "Five-way recursion" as described in "Batch binary Edwards", Daniel J. Bernstein. - */ - - long f0 = x[0], f1 = x[1], f2 = x[2]; - f2 = ((f1 >>> 24) ^ (f2 << 40)) & M44; - f1 = ((f0 >>> 44) ^ (f1 << 20)) & M44; - f0 &= M44; - - long g0 = y[0], g1 = y[1], g2 = y[2]; - g2 = ((g1 >>> 24) ^ (g2 << 40)) & M44; - g1 = ((g0 >>> 44) ^ (g1 << 20)) & M44; - g0 &= M44; - - long[] H = new long[10]; - - implMulw(f0, g0, H, 0); // H(0) 44/43 bits - implMulw(f2, g2, H, 2); // H(INF) 44/41 bits - - long t0 = f0 ^ f1 ^ f2; - long t1 = g0 ^ g1 ^ g2; - - implMulw(t0, t1, H, 4); // H(1) 44/43 bits - - long t2 = (f1 << 1) ^ (f2 << 2); - long t3 = (g1 << 1) ^ (g2 << 2); - - implMulw(f0 ^ t2, g0 ^ t3, H, 6); // H(t) 44/45 bits - implMulw(t0 ^ t2, t1 ^ t3, H, 8); // H(t + 1) 44/45 bits - - long t4 = H[6] ^ H[8]; - long t5 = H[7] ^ H[9]; - - // assert t5 >>> 44 == 0; - - // Calculate V - long v0 = (t4 << 1) ^ H[6]; - long v1 = t4 ^ (t5 << 1) ^ H[7]; - long v2 = t5; - - // Calculate U - long u0 = H[0]; - long u1 = H[1] ^ H[0] ^ H[4]; - long u2 = H[1] ^ H[5]; - - // Calculate W - long w0 = u0 ^ v0 ^ (H[2] << 4) ^ (H[2] << 1); - long w1 = u1 ^ v1 ^ (H[3] << 4) ^ (H[3] << 1); - long w2 = u2 ^ v2; - - // Propagate carries - w1 ^= (w0 >>> 44); w0 &= M44; - w2 ^= (w1 >>> 44); w1 &= M44; - - // assert (w0 & 1L) == 0; - - // Divide W by t - - w0 = (w0 >>> 1) ^ ((w1 & 1L) << 43); - w1 = (w1 >>> 1) ^ ((w2 & 1L) << 43); - w2 = (w2 >>> 1); - - // Divide W by (t + 1) - - w0 ^= (w0 << 1); - w0 ^= (w0 << 2); - w0 ^= (w0 << 4); - w0 ^= (w0 << 8); - w0 ^= (w0 << 16); - w0 ^= (w0 << 32); - - w0 &= M44; w1 ^= (w0 >>> 43); - - w1 ^= (w1 << 1); - w1 ^= (w1 << 2); - w1 ^= (w1 << 4); - w1 ^= (w1 << 8); - w1 ^= (w1 << 16); - w1 ^= (w1 << 32); - - w1 &= M44; w2 ^= (w1 >>> 43); - - w2 ^= (w2 << 1); - w2 ^= (w2 << 2); - w2 ^= (w2 << 4); - w2 ^= (w2 << 8); - w2 ^= (w2 << 16); - w2 ^= (w2 << 32); - - // assert w2 >>> 42 == 0; - - zz[0] = u0; - zz[1] = u1 ^ w0 ^ H[2]; - zz[2] = u2 ^ w1 ^ w0 ^ H[3]; - zz[3] = w2 ^ w1; - zz[4] = w2 ^ H[2]; - zz[5] = H[3]; - - implCompactExt(zz); - } - - protected static void implMulw(long x, long y, long[] z, int zOff) - { -// assert x >>> 45 == 0; -// assert y >>> 45 == 0; - - long[] u = new long[8]; -// u[0] = 0; - u[1] = y; - u[2] = u[1] << 1; - u[3] = u[2] ^ y; - u[4] = u[2] << 1; - u[5] = u[4] ^ y; - u[6] = u[3] << 1; - u[7] = u[6] ^ y; - - int j = (int)x; - long g, h = 0, l = u[j & 7] - ^ u[(j >>> 3) & 7] << 3 - ^ u[(j >>> 6) & 7] << 6; - int k = 33; - do - { - j = (int)(x >>> k); - g = u[j & 7] - ^ u[(j >>> 3) & 7] << 3 - ^ u[(j >>> 6) & 7] << 6 - ^ u[(j >>> 9) & 7] << 9; - l ^= (g << k); - h ^= (g >>> -k); - } - while ((k -= 12) > 0); - -// assert h >>> 25 == 0; - - z[zOff ] = l & M44; - z[zOff + 1] = (l >>> 44) ^ (h << 20); - } - - protected static void implSquare(long[] x, long[] zz) - { - Interleave.expand64To128(x[0], zz, 0); - Interleave.expand64To128(x[1], zz, 2); - - zz[4] = Interleave.expand8to16((int)x[2]) & 0xFFFFFFFFL; - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT131FieldElement.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT131FieldElement.java deleted file mode 100644 index d0ac60c7..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT131FieldElement.java +++ /dev/null @@ -1,227 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.raw.Nat; -import org.bouncycastle.math.raw.Nat192; -import org.bouncycastle.util.Arrays; - -public class SecT131FieldElement extends ECFieldElement.AbstractF2m -{ - protected long[] x; - - public SecT131FieldElement(BigInteger x) - { - if (x == null || x.signum() < 0 || x.bitLength() > 131) - { - throw new IllegalArgumentException("x value invalid for SecT131FieldElement"); - } - - this.x = SecT131Field.fromBigInteger(x); - } - - public SecT131FieldElement() - { - this.x = Nat192.create64(); - } - - protected SecT131FieldElement(long[] x) - { - this.x = x; - } - -// public int bitLength() -// { -// return x.degree(); -// } - - public boolean isOne() - { - return Nat192.isOne64(x); - } - - public boolean isZero() - { - return Nat192.isZero64(x); - } - - public boolean testBitZero() - { - return (x[0] & 1L) != 0L; - } - - public BigInteger toBigInteger() - { - return Nat192.toBigInteger64(x); - } - - public String getFieldName() - { - return "SecT131Field"; - } - - public int getFieldSize() - { - return 131; - } - - public ECFieldElement add(ECFieldElement b) - { - long[] z = Nat192.create64(); - SecT131Field.add(x, ((SecT131FieldElement)b).x, z); - return new SecT131FieldElement(z); - } - - public ECFieldElement addOne() - { - long[] z = Nat192.create64(); - SecT131Field.addOne(x, z); - return new SecT131FieldElement(z); - } - - public ECFieldElement subtract(ECFieldElement b) - { - // Addition and subtraction are the same in F2m - return add(b); - } - - public ECFieldElement multiply(ECFieldElement b) - { - long[] z = Nat192.create64(); - SecT131Field.multiply(x, ((SecT131FieldElement)b).x, z); - return new SecT131FieldElement(z); - } - - public ECFieldElement multiplyMinusProduct(ECFieldElement b, ECFieldElement x, ECFieldElement y) - { - return multiplyPlusProduct(b, x, y); - } - - public ECFieldElement multiplyPlusProduct(ECFieldElement b, ECFieldElement x, ECFieldElement y) - { - long[] ax = this.x, bx = ((SecT131FieldElement)b).x; - long[] xx = ((SecT131FieldElement)x).x, yx = ((SecT131FieldElement)y).x; - - long[] tt = Nat.create64(5); - SecT131Field.multiplyAddToExt(ax, bx, tt); - SecT131Field.multiplyAddToExt(xx, yx, tt); - - long[] z = Nat192.create64(); - SecT131Field.reduce(tt, z); - return new SecT131FieldElement(z); - } - - public ECFieldElement divide(ECFieldElement b) - { - return multiply(b.invert()); - } - - public ECFieldElement negate() - { - return this; - } - - public ECFieldElement square() - { - long[] z = Nat192.create64(); - SecT131Field.square(x, z); - return new SecT131FieldElement(z); - } - - public ECFieldElement squareMinusProduct(ECFieldElement x, ECFieldElement y) - { - return squarePlusProduct(x, y); - } - - public ECFieldElement squarePlusProduct(ECFieldElement x, ECFieldElement y) - { - long[] ax = this.x; - long[] xx = ((SecT131FieldElement)x).x, yx = ((SecT131FieldElement)y).x; - - long[] tt = Nat.create64(5); - SecT131Field.squareAddToExt(ax, tt); - SecT131Field.multiplyAddToExt(xx, yx, tt); - - long[] z = Nat192.create64(); - SecT131Field.reduce(tt, z); - return new SecT131FieldElement(z); - } - - public ECFieldElement squarePow(int pow) - { - if (pow < 1) - { - return this; - } - - long[] z = Nat192.create64(); - SecT131Field.squareN(x, pow, z); - return new SecT131FieldElement(z); - } - - public int trace() - { - return SecT131Field.trace(x); - } - - public ECFieldElement invert() - { - long[] z = Nat192.create64(); - SecT131Field.invert(x, z); - return new SecT131FieldElement(z); - } - - public ECFieldElement sqrt() - { - long[] z = Nat192.create64(); - SecT131Field.sqrt(x, z); - return new SecT131FieldElement(z); - } - - public int getRepresentation() - { - return ECFieldElement.F2m.PPB; - } - - public int getM() - { - return 131; - } - - public int getK1() - { - return 2; - } - - public int getK2() - { - return 3; - } - - public int getK3() - { - return 8; - } - - public boolean equals(Object other) - { - if (other == this) - { - return true; - } - - if (!(other instanceof SecT131FieldElement)) - { - return false; - } - - SecT131FieldElement o = (SecT131FieldElement)other; - return Nat192.eq64(x, o.x); - } - - public int hashCode() - { - return 131832 ^ Arrays.hashCode(x, 0, 3); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT131R1Curve.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT131R1Curve.java deleted file mode 100644 index 6f45aeb8..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT131R1Curve.java +++ /dev/null @@ -1,148 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECCurve.AbstractF2m; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECLookupTable; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.raw.Nat192; -import org.bouncycastle.util.encoders.Hex; - -public class SecT131R1Curve extends AbstractF2m -{ - private static final int SecT131R1_DEFAULT_COORDS = COORD_LAMBDA_PROJECTIVE; - - protected SecT131R1Point infinity; - - public SecT131R1Curve() - { - super(131, 2, 3, 8); - - this.infinity = new SecT131R1Point(this, null, null); - - this.a = fromBigInteger(new BigInteger(1, Hex.decode("07A11B09A76B562144418FF3FF8C2570B8"))); - this.b = fromBigInteger(new BigInteger(1, Hex.decode("0217C05610884B63B9C6C7291678F9D341"))); - this.order = new BigInteger(1, Hex.decode("0400000000000000023123953A9464B54D")); - this.cofactor = BigInteger.valueOf(2); - - this.coord = SecT131R1_DEFAULT_COORDS; - } - - protected ECCurve cloneCurve() - { - return new SecT131R1Curve(); - } - - public boolean supportsCoordinateSystem(int coord) - { - switch (coord) - { - case COORD_LAMBDA_PROJECTIVE: - return true; - default: - return false; - } - } - - public int getFieldSize() - { - return 131; - } - - public ECFieldElement fromBigInteger(BigInteger x) - { - return new SecT131FieldElement(x); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, boolean withCompression) - { - return new SecT131R1Point(this, x, y, withCompression); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - return new SecT131R1Point(this, x, y, zs, withCompression); - } - - public ECPoint getInfinity() - { - return infinity; - } - - public boolean isKoblitz() - { - return false; - } - - public int getM() - { - return 131; - } - - public boolean isTrinomial() - { - return false; - } - - public int getK1() - { - return 2; - } - - public int getK2() - { - return 3; - } - - public int getK3() - { - return 8; - } - - public ECLookupTable createCacheSafeLookupTable(ECPoint[] points, int off, final int len) - { - final int FE_LONGS = 3; - - final long[] table = new long[len * FE_LONGS * 2]; - { - int pos = 0; - for (int i = 0; i < len; ++i) - { - ECPoint p = points[off + i]; - Nat192.copy64(((SecT131FieldElement)p.getRawXCoord()).x, 0, table, pos); pos += FE_LONGS; - Nat192.copy64(((SecT131FieldElement)p.getRawYCoord()).x, 0, table, pos); pos += FE_LONGS; - } - } - - return new ECLookupTable() - { - public int getSize() - { - return len; - } - - public ECPoint lookup(int index) - { - long[] x = Nat192.create64(), y = Nat192.create64(); - int pos = 0; - - for (int i = 0; i < len; ++i) - { - long MASK = ((i ^ index) - 1) >> 31; - - for (int j = 0; j < FE_LONGS; ++j) - { - x[j] ^= table[pos + j] & MASK; - y[j] ^= table[pos + FE_LONGS + j] & MASK; - } - - pos += (FE_LONGS * 2); - } - - return createRawPoint(new SecT131FieldElement(x), new SecT131FieldElement(y), false); - } - }; - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT131R1Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT131R1Point.java deleted file mode 100644 index 4a276dd5..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT131R1Point.java +++ /dev/null @@ -1,308 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import org.bouncycastle.math.ec.ECConstants; -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.ec.ECPoint.AbstractF2m; - -public class SecT131R1Point extends AbstractF2m -{ - /** - * @deprecated Use ECCurve.createPoint to construct points - */ - public SecT131R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y) - { - this(curve, x, y, false); - } - - /** - * @deprecated per-point compression property will be removed, refer {@link #getEncoded(boolean)} - */ - public SecT131R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, boolean withCompression) - { - super(curve, x, y); - - if ((x == null) != (y == null)) - { - throw new IllegalArgumentException("Exactly one of the field elements is null"); - } - - this.withCompression = withCompression; - } - - SecT131R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - super(curve, x, y, zs); - - this.withCompression = withCompression; - } - - protected ECPoint detach() - { - return new SecT131R1Point(null, getAffineXCoord(), getAffineYCoord()); - } - - public ECFieldElement getYCoord() - { - ECFieldElement X = x, L = y; - - if (this.isInfinity() || X.isZero()) - { - return L; - } - - // Y is actually Lambda (X + Y/X) here; convert to affine value on the fly - ECFieldElement Y = L.add(X).multiply(X); - - ECFieldElement Z = zs[0]; - if (!Z.isOne()) - { - Y = Y.divide(Z); - } - - return Y; - } - - protected boolean getCompressionYTilde() - { - ECFieldElement X = this.getRawXCoord(); - if (X.isZero()) - { - return false; - } - - ECFieldElement Y = this.getRawYCoord(); - - // Y is actually Lambda (X + Y/X) here - return Y.testBitZero() != X.testBitZero(); - } - - public ECPoint add(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - ECFieldElement X2 = b.getRawXCoord(); - - if (X1.isZero()) - { - if (X2.isZero()) - { - return curve.getInfinity(); - } - - return b.add(this); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - ECFieldElement L2 = b.getRawYCoord(), Z2 = b.getZCoord(0); - - boolean Z1IsOne = Z1.isOne(); - ECFieldElement U2 = X2, S2 = L2; - if (!Z1IsOne) - { - U2 = U2.multiply(Z1); - S2 = S2.multiply(Z1); - } - - boolean Z2IsOne = Z2.isOne(); - ECFieldElement U1 = X1, S1 = L1; - if (!Z2IsOne) - { - U1 = U1.multiply(Z2); - S1 = S1.multiply(Z2); - } - - ECFieldElement A = S1.add(S2); - ECFieldElement B = U1.add(U2); - - if (B.isZero()) - { - if (A.isZero()) - { - return twice(); - } - - return curve.getInfinity(); - } - - ECFieldElement X3, L3, Z3; - if (X2.isZero()) - { - // TODO This can probably be optimized quite a bit - ECPoint p = this.normalize(); - X1 = p.getXCoord(); - ECFieldElement Y1 = p.getYCoord(); - - ECFieldElement Y2 = L2; - ECFieldElement L = Y1.add(Y2).divide(X1); - - X3 = L.square().add(L).add(X1).add(curve.getA()); - if (X3.isZero()) - { - return new SecT131R1Point(curve, X3, curve.getB().sqrt(), this.withCompression); - } - - ECFieldElement Y3 = L.multiply(X1.add(X3)).add(X3).add(Y1); - L3 = Y3.divide(X3).add(X3); - Z3 = curve.fromBigInteger(ECConstants.ONE); - } - else - { - B = B.square(); - - ECFieldElement AU1 = A.multiply(U1); - ECFieldElement AU2 = A.multiply(U2); - - X3 = AU1.multiply(AU2); - if (X3.isZero()) - { - return new SecT131R1Point(curve, X3, curve.getB().sqrt(), this.withCompression); - } - - ECFieldElement ABZ2 = A.multiply(B); - if (!Z2IsOne) - { - ABZ2 = ABZ2.multiply(Z2); - } - - L3 = AU2.add(B).squarePlusProduct(ABZ2, L1.add(Z1)); - - Z3 = ABZ2; - if (!Z1IsOne) - { - Z3 = Z3.multiply(Z1); - } - } - - return new SecT131R1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint twice() - { - if (this.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - if (X1.isZero()) - { - // A point with X == 0 is it's own additive inverse - return curve.getInfinity(); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - - boolean Z1IsOne = Z1.isOne(); - ECFieldElement L1Z1 = Z1IsOne ? L1 : L1.multiply(Z1); - ECFieldElement Z1Sq = Z1IsOne ? Z1 : Z1.square(); - ECFieldElement a = curve.getA(); - ECFieldElement aZ1Sq = Z1IsOne ? a : a.multiply(Z1Sq); - ECFieldElement T = L1.square().add(L1Z1).add(aZ1Sq); - if (T.isZero()) - { - return new SecT131R1Point(curve, T, curve.getB().sqrt(), withCompression); - } - - ECFieldElement X3 = T.square(); - ECFieldElement Z3 = Z1IsOne ? T : T.multiply(Z1Sq); - - ECFieldElement X1Z1 = Z1IsOne ? X1 : X1.multiply(Z1); - ECFieldElement L3 = X1Z1.squarePlusProduct(T, L1Z1).add(X3).add(Z3); - - return new SecT131R1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint twicePlus(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return twice(); - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - if (X1.isZero()) - { - // A point with X == 0 is it's own additive inverse - return b; - } - - ECFieldElement X2 = b.getRawXCoord(), Z2 = b.getZCoord(0); - if (X2.isZero() || !Z2.isOne()) - { - return twice().add(b); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - ECFieldElement L2 = b.getRawYCoord(); - - ECFieldElement X1Sq = X1.square(); - ECFieldElement L1Sq = L1.square(); - ECFieldElement Z1Sq = Z1.square(); - ECFieldElement L1Z1 = L1.multiply(Z1); - - ECFieldElement T = curve.getA().multiply(Z1Sq).add(L1Sq).add(L1Z1); - ECFieldElement L2plus1 = L2.addOne(); - ECFieldElement A = curve.getA().add(L2plus1).multiply(Z1Sq).add(L1Sq).multiplyPlusProduct(T, X1Sq, Z1Sq); - ECFieldElement X2Z1Sq = X2.multiply(Z1Sq); - ECFieldElement B = X2Z1Sq.add(T).square(); - - if (B.isZero()) - { - if (A.isZero()) - { - return b.twice(); - } - - return curve.getInfinity(); - } - - if (A.isZero()) - { - return new SecT131R1Point(curve, A, curve.getB().sqrt(), withCompression); - } - - ECFieldElement X3 = A.square().multiply(X2Z1Sq); - ECFieldElement Z3 = A.multiply(B).multiply(Z1Sq); - ECFieldElement L3 = A.add(B).square().multiplyPlusProduct(T, L2plus1, Z3); - - return new SecT131R1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint negate() - { - if (this.isInfinity()) - { - return this; - } - - ECFieldElement X = this.x; - if (X.isZero()) - { - return this; - } - - // L is actually Lambda (X + Y/X) here - ECFieldElement L = this.y, Z = this.zs[0]; - return new SecT131R1Point(curve, X, L.add(Z), new ECFieldElement[]{ Z }, this.withCompression); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT131R2Curve.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT131R2Curve.java deleted file mode 100644 index 7a1c9855..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT131R2Curve.java +++ /dev/null @@ -1,148 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECCurve.AbstractF2m; -import org.bouncycastle.math.raw.Nat192; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECLookupTable; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.util.encoders.Hex; - -public class SecT131R2Curve extends AbstractF2m -{ - private static final int SecT131R2_DEFAULT_COORDS = COORD_LAMBDA_PROJECTIVE; - - protected SecT131R2Point infinity; - - public SecT131R2Curve() - { - super(131, 2, 3, 8); - - this.infinity = new SecT131R2Point(this, null, null); - - this.a = fromBigInteger(new BigInteger(1, Hex.decode("03E5A88919D7CAFCBF415F07C2176573B2"))); - this.b = fromBigInteger(new BigInteger(1, Hex.decode("04B8266A46C55657AC734CE38F018F2192"))); - this.order = new BigInteger(1, Hex.decode("0400000000000000016954A233049BA98F")); - this.cofactor = BigInteger.valueOf(2); - - this.coord = SecT131R2_DEFAULT_COORDS; - } - - protected ECCurve cloneCurve() - { - return new SecT131R2Curve(); - } - - public boolean supportsCoordinateSystem(int coord) - { - switch (coord) - { - case COORD_LAMBDA_PROJECTIVE: - return true; - default: - return false; - } - } - - public int getFieldSize() - { - return 131; - } - - public ECFieldElement fromBigInteger(BigInteger x) - { - return new SecT131FieldElement(x); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, boolean withCompression) - { - return new SecT131R2Point(this, x, y, withCompression); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - return new SecT131R2Point(this, x, y, zs, withCompression); - } - - public ECPoint getInfinity() - { - return infinity; - } - - public boolean isKoblitz() - { - return false; - } - - public int getM() - { - return 131; - } - - public boolean isTrinomial() - { - return false; - } - - public int getK1() - { - return 2; - } - - public int getK2() - { - return 3; - } - - public int getK3() - { - return 8; - } - - public ECLookupTable createCacheSafeLookupTable(ECPoint[] points, int off, final int len) - { - final int FE_LONGS = 3; - - final long[] table = new long[len * FE_LONGS * 2]; - { - int pos = 0; - for (int i = 0; i < len; ++i) - { - ECPoint p = points[off + i]; - Nat192.copy64(((SecT131FieldElement)p.getRawXCoord()).x, 0, table, pos); pos += FE_LONGS; - Nat192.copy64(((SecT131FieldElement)p.getRawYCoord()).x, 0, table, pos); pos += FE_LONGS; - } - } - - return new ECLookupTable() - { - public int getSize() - { - return len; - } - - public ECPoint lookup(int index) - { - long[] x = Nat192.create64(), y = Nat192.create64(); - int pos = 0; - - for (int i = 0; i < len; ++i) - { - long MASK = ((i ^ index) - 1) >> 31; - - for (int j = 0; j < FE_LONGS; ++j) - { - x[j] ^= table[pos + j] & MASK; - y[j] ^= table[pos + FE_LONGS + j] & MASK; - } - - pos += (FE_LONGS * 2); - } - - return createRawPoint(new SecT131FieldElement(x), new SecT131FieldElement(y), false); - } - }; - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT131R2Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT131R2Point.java deleted file mode 100644 index 7e85c63a..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT131R2Point.java +++ /dev/null @@ -1,308 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import org.bouncycastle.math.ec.ECConstants; -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.ec.ECPoint.AbstractF2m; - -public class SecT131R2Point extends AbstractF2m -{ - /** - * @deprecated Use ECCurve.createPoint to construct points - */ - public SecT131R2Point(ECCurve curve, ECFieldElement x, ECFieldElement y) - { - this(curve, x, y, false); - } - - /** - * @deprecated per-point compression property will be removed, refer {@link #getEncoded(boolean)} - */ - public SecT131R2Point(ECCurve curve, ECFieldElement x, ECFieldElement y, boolean withCompression) - { - super(curve, x, y); - - if ((x == null) != (y == null)) - { - throw new IllegalArgumentException("Exactly one of the field elements is null"); - } - - this.withCompression = withCompression; - } - - SecT131R2Point(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - super(curve, x, y, zs); - - this.withCompression = withCompression; - } - - protected ECPoint detach() - { - return new SecT131R2Point(null, getAffineXCoord(), getAffineYCoord()); - } - - public ECFieldElement getYCoord() - { - ECFieldElement X = x, L = y; - - if (this.isInfinity() || X.isZero()) - { - return L; - } - - // Y is actually Lambda (X + Y/X) here; convert to affine value on the fly - ECFieldElement Y = L.add(X).multiply(X); - - ECFieldElement Z = zs[0]; - if (!Z.isOne()) - { - Y = Y.divide(Z); - } - - return Y; - } - - protected boolean getCompressionYTilde() - { - ECFieldElement X = this.getRawXCoord(); - if (X.isZero()) - { - return false; - } - - ECFieldElement Y = this.getRawYCoord(); - - // Y is actually Lambda (X + Y/X) here - return Y.testBitZero() != X.testBitZero(); - } - - public ECPoint add(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - ECFieldElement X2 = b.getRawXCoord(); - - if (X1.isZero()) - { - if (X2.isZero()) - { - return curve.getInfinity(); - } - - return b.add(this); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - ECFieldElement L2 = b.getRawYCoord(), Z2 = b.getZCoord(0); - - boolean Z1IsOne = Z1.isOne(); - ECFieldElement U2 = X2, S2 = L2; - if (!Z1IsOne) - { - U2 = U2.multiply(Z1); - S2 = S2.multiply(Z1); - } - - boolean Z2IsOne = Z2.isOne(); - ECFieldElement U1 = X1, S1 = L1; - if (!Z2IsOne) - { - U1 = U1.multiply(Z2); - S1 = S1.multiply(Z2); - } - - ECFieldElement A = S1.add(S2); - ECFieldElement B = U1.add(U2); - - if (B.isZero()) - { - if (A.isZero()) - { - return twice(); - } - - return curve.getInfinity(); - } - - ECFieldElement X3, L3, Z3; - if (X2.isZero()) - { - // TODO This can probably be optimized quite a bit - ECPoint p = this.normalize(); - X1 = p.getXCoord(); - ECFieldElement Y1 = p.getYCoord(); - - ECFieldElement Y2 = L2; - ECFieldElement L = Y1.add(Y2).divide(X1); - - X3 = L.square().add(L).add(X1).add(curve.getA()); - if (X3.isZero()) - { - return new SecT131R2Point(curve, X3, curve.getB().sqrt(), this.withCompression); - } - - ECFieldElement Y3 = L.multiply(X1.add(X3)).add(X3).add(Y1); - L3 = Y3.divide(X3).add(X3); - Z3 = curve.fromBigInteger(ECConstants.ONE); - } - else - { - B = B.square(); - - ECFieldElement AU1 = A.multiply(U1); - ECFieldElement AU2 = A.multiply(U2); - - X3 = AU1.multiply(AU2); - if (X3.isZero()) - { - return new SecT131R2Point(curve, X3, curve.getB().sqrt(), this.withCompression); - } - - ECFieldElement ABZ2 = A.multiply(B); - if (!Z2IsOne) - { - ABZ2 = ABZ2.multiply(Z2); - } - - L3 = AU2.add(B).squarePlusProduct(ABZ2, L1.add(Z1)); - - Z3 = ABZ2; - if (!Z1IsOne) - { - Z3 = Z3.multiply(Z1); - } - } - - return new SecT131R2Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint twice() - { - if (this.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - if (X1.isZero()) - { - // A point with X == 0 is it's own additive inverse - return curve.getInfinity(); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - - boolean Z1IsOne = Z1.isOne(); - ECFieldElement L1Z1 = Z1IsOne ? L1 : L1.multiply(Z1); - ECFieldElement Z1Sq = Z1IsOne ? Z1 : Z1.square(); - ECFieldElement a = curve.getA(); - ECFieldElement aZ1Sq = Z1IsOne ? a : a.multiply(Z1Sq); - ECFieldElement T = L1.square().add(L1Z1).add(aZ1Sq); - if (T.isZero()) - { - return new SecT131R2Point(curve, T, curve.getB().sqrt(), withCompression); - } - - ECFieldElement X3 = T.square(); - ECFieldElement Z3 = Z1IsOne ? T : T.multiply(Z1Sq); - - ECFieldElement X1Z1 = Z1IsOne ? X1 : X1.multiply(Z1); - ECFieldElement L3 = X1Z1.squarePlusProduct(T, L1Z1).add(X3).add(Z3); - - return new SecT131R2Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint twicePlus(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return twice(); - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - if (X1.isZero()) - { - // A point with X == 0 is it's own additive inverse - return b; - } - - ECFieldElement X2 = b.getRawXCoord(), Z2 = b.getZCoord(0); - if (X2.isZero() || !Z2.isOne()) - { - return twice().add(b); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - ECFieldElement L2 = b.getRawYCoord(); - - ECFieldElement X1Sq = X1.square(); - ECFieldElement L1Sq = L1.square(); - ECFieldElement Z1Sq = Z1.square(); - ECFieldElement L1Z1 = L1.multiply(Z1); - - ECFieldElement T = curve.getA().multiply(Z1Sq).add(L1Sq).add(L1Z1); - ECFieldElement L2plus1 = L2.addOne(); - ECFieldElement A = curve.getA().add(L2plus1).multiply(Z1Sq).add(L1Sq).multiplyPlusProduct(T, X1Sq, Z1Sq); - ECFieldElement X2Z1Sq = X2.multiply(Z1Sq); - ECFieldElement B = X2Z1Sq.add(T).square(); - - if (B.isZero()) - { - if (A.isZero()) - { - return b.twice(); - } - - return curve.getInfinity(); - } - - if (A.isZero()) - { - return new SecT131R2Point(curve, A, curve.getB().sqrt(), withCompression); - } - - ECFieldElement X3 = A.square().multiply(X2Z1Sq); - ECFieldElement Z3 = A.multiply(B).multiply(Z1Sq); - ECFieldElement L3 = A.add(B).square().multiplyPlusProduct(T, L2plus1, Z3); - - return new SecT131R2Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint negate() - { - if (this.isInfinity()) - { - return this; - } - - ECFieldElement X = this.x; - if (X.isZero()) - { - return this; - } - - // L is actually Lambda (X + Y/X) here - ECFieldElement L = this.y, Z = this.zs[0]; - return new SecT131R2Point(curve, X, L.add(Z), new ECFieldElement[]{ Z }, this.withCompression); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT163Field.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT163Field.java deleted file mode 100644 index 12eca28d..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT163Field.java +++ /dev/null @@ -1,341 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.raw.Interleave; -import org.bouncycastle.math.raw.Nat192; - -public class SecT163Field -{ - private static final long M35 = -1L >>> 29; - private static final long M55 = -1L >>> 9; - - private static final long[] ROOT_Z = new long[]{ 0xB6DB6DB6DB6DB6B0L, 0x492492492492DB6DL, 0x492492492L }; - - public static void add(long[] x, long[] y, long[] z) - { - z[0] = x[0] ^ y[0]; - z[1] = x[1] ^ y[1]; - z[2] = x[2] ^ y[2]; - } - - public static void addExt(long[] xx, long[] yy, long[] zz) - { - zz[0] = xx[0] ^ yy[0]; - zz[1] = xx[1] ^ yy[1]; - zz[2] = xx[2] ^ yy[2]; - zz[3] = xx[3] ^ yy[3]; - zz[4] = xx[4] ^ yy[4]; - zz[5] = xx[5] ^ yy[5]; - } - - public static void addOne(long[] x, long[] z) - { - z[0] = x[0] ^ 1L; - z[1] = x[1]; - z[2] = x[2]; - } - - public static long[] fromBigInteger(BigInteger x) - { - long[] z = Nat192.fromBigInteger64(x); - reduce29(z, 0); - return z; - } - - public static void invert(long[] x, long[] z) - { - if (Nat192.isZero64(x)) - { - throw new IllegalStateException(); - } - - // Itoh-Tsujii inversion with bases { 2, 3 } - - long[] t0 = Nat192.create64(); - long[] t1 = Nat192.create64(); - - square(x, t0); - - // 3 | 162 - squareN(t0, 1, t1); - multiply(t0, t1, t0); - squareN(t1, 1, t1); - multiply(t0, t1, t0); - - // 3 | 54 - squareN(t0, 3, t1); - multiply(t0, t1, t0); - squareN(t1, 3, t1); - multiply(t0, t1, t0); - - // 3 | 18 - squareN(t0, 9, t1); - multiply(t0, t1, t0); - squareN(t1, 9, t1); - multiply(t0, t1, t0); - - // 3 | 6 - squareN(t0, 27, t1); - multiply(t0, t1, t0); - squareN(t1, 27, t1); - multiply(t0, t1, t0); - - // 2 | 2 - squareN(t0, 81, t1); - multiply(t0, t1, z); - } - - public static void multiply(long[] x, long[] y, long[] z) - { - long[] tt = Nat192.createExt64(); - implMultiply(x, y, tt); - reduce(tt, z); - } - - public static void multiplyAddToExt(long[] x, long[] y, long[] zz) - { - long[] tt = Nat192.createExt64(); - implMultiply(x, y, tt); - addExt(zz, tt, zz); - } - - public static void reduce(long[] xx, long[] z) - { - long x0 = xx[0], x1 = xx[1], x2 = xx[2], x3 = xx[3], x4 = xx[4], x5 = xx[5]; - - x2 ^= (x5 << 29) ^ (x5 << 32) ^ (x5 << 35) ^ (x5 << 36); - x3 ^= (x5 >>> 35) ^ (x5 >>> 32) ^ (x5 >>> 29) ^ (x5 >>> 28); - - x1 ^= (x4 << 29) ^ (x4 << 32) ^ (x4 << 35) ^ (x4 << 36); - x2 ^= (x4 >>> 35) ^ (x4 >>> 32) ^ (x4 >>> 29) ^ (x4 >>> 28); - - x0 ^= (x3 << 29) ^ (x3 << 32) ^ (x3 << 35) ^ (x3 << 36); - x1 ^= (x3 >>> 35) ^ (x3 >>> 32) ^ (x3 >>> 29) ^ (x3 >>> 28); - - long t = x2 >>> 35; - z[0] = x0 ^ t ^ (t << 3) ^ (t << 6) ^ (t << 7); - z[1] = x1; - z[2] = x2 & M35; - } - - public static void reduce29(long[] z, int zOff) - { - long z2 = z[zOff + 2], t = z2 >>> 35; - z[zOff ] ^= t ^ (t << 3) ^ (t << 6) ^ (t << 7); - z[zOff + 2] = z2 & M35; - } - - public static void sqrt(long[] x, long[] z) - { - long[] odd = Nat192.create64(); - - long u0, u1; - u0 = Interleave.unshuffle(x[0]); u1 = Interleave.unshuffle(x[1]); - long e0 = (u0 & 0x00000000FFFFFFFFL) | (u1 << 32); - odd[0] = (u0 >>> 32) | (u1 & 0xFFFFFFFF00000000L); - - u0 = Interleave.unshuffle(x[2]); - long e1 = (u0 & 0x00000000FFFFFFFFL); - odd[1] = (u0 >>> 32); - - multiply(odd, ROOT_Z, z); - - z[0] ^= e0; - z[1] ^= e1; - } - - public static void square(long[] x, long[] z) - { - long[] tt = Nat192.createExt64(); - implSquare(x, tt); - reduce(tt, z); - } - - public static void squareAddToExt(long[] x, long[] zz) - { - long[] tt = Nat192.createExt64(); - implSquare(x, tt); - addExt(zz, tt, zz); - } - - public static void squareN(long[] x, int n, long[] z) - { -// assert n > 0; - - long[] tt = Nat192.createExt64(); - implSquare(x, tt); - reduce(tt, z); - - while (--n > 0) - { - implSquare(z, tt); - reduce(tt, z); - } - } - - public static int trace(long[] x) - { - // Non-zero-trace bits: 0, 157 - return (int)(x[0] ^ (x[2] >>> 29)) & 1; - } - - protected static void implCompactExt(long[] zz) - { - long z0 = zz[0], z1 = zz[1], z2 = zz[2], z3 = zz[3], z4 = zz[4], z5 = zz[5]; - zz[0] = z0 ^ (z1 << 55); - zz[1] = (z1 >>> 9) ^ (z2 << 46); - zz[2] = (z2 >>> 18) ^ (z3 << 37); - zz[3] = (z3 >>> 27) ^ (z4 << 28); - zz[4] = (z4 >>> 36) ^ (z5 << 19); - zz[5] = (z5 >>> 45); - } - - protected static void implMultiply(long[] x, long[] y, long[] zz) - { - /* - * "Five-way recursion" as described in "Batch binary Edwards", Daniel J. Bernstein. - */ - - long f0 = x[0], f1 = x[1], f2 = x[2]; - f2 = ((f1 >>> 46) ^ (f2 << 18)); - f1 = ((f0 >>> 55) ^ (f1 << 9)) & M55; - f0 &= M55; - - long g0 = y[0], g1 = y[1], g2 = y[2]; - g2 = ((g1 >>> 46) ^ (g2 << 18)); - g1 = ((g0 >>> 55) ^ (g1 << 9)) & M55; - g0 &= M55; - - long[] H = new long[10]; - - implMulw(f0, g0, H, 0); // H(0) 55/54 bits - implMulw(f2, g2, H, 2); // H(INF) 55/50 bits - - long t0 = f0 ^ f1 ^ f2; - long t1 = g0 ^ g1 ^ g2; - - implMulw(t0, t1, H, 4); // H(1) 55/54 bits - - long t2 = (f1 << 1) ^ (f2 << 2); - long t3 = (g1 << 1) ^ (g2 << 2); - - implMulw(f0 ^ t2, g0 ^ t3, H, 6); // H(t) 55/56 bits - implMulw(t0 ^ t2, t1 ^ t3, H, 8); // H(t + 1) 55/56 bits - - long t4 = H[6] ^ H[8]; - long t5 = H[7] ^ H[9]; - -// assert t5 >>> 55 == 0; - - // Calculate V - long v0 = (t4 << 1) ^ H[6]; - long v1 = t4 ^ (t5 << 1) ^ H[7]; - long v2 = t5; - - // Calculate U - long u0 = H[0]; - long u1 = H[1] ^ H[0] ^ H[4]; - long u2 = H[1] ^ H[5]; - - // Calculate W - long w0 = u0 ^ v0 ^ (H[2] << 4) ^ (H[2] << 1); - long w1 = u1 ^ v1 ^ (H[3] << 4) ^ (H[3] << 1); - long w2 = u2 ^ v2; - - // Propagate carries - w1 ^= (w0 >>> 55); w0 &= M55; - w2 ^= (w1 >>> 55); w1 &= M55; - -// assert (w0 & 1L) == 0; - - // Divide W by t - - w0 = (w0 >>> 1) ^ ((w1 & 1L) << 54); - w1 = (w1 >>> 1) ^ ((w2 & 1L) << 54); - w2 = (w2 >>> 1); - - // Divide W by (t + 1) - - w0 ^= (w0 << 1); - w0 ^= (w0 << 2); - w0 ^= (w0 << 4); - w0 ^= (w0 << 8); - w0 ^= (w0 << 16); - w0 ^= (w0 << 32); - - w0 &= M55; w1 ^= (w0 >>> 54); - - w1 ^= (w1 << 1); - w1 ^= (w1 << 2); - w1 ^= (w1 << 4); - w1 ^= (w1 << 8); - w1 ^= (w1 << 16); - w1 ^= (w1 << 32); - - w1 &= M55; w2 ^= (w1 >>> 54); - - w2 ^= (w2 << 1); - w2 ^= (w2 << 2); - w2 ^= (w2 << 4); - w2 ^= (w2 << 8); - w2 ^= (w2 << 16); - w2 ^= (w2 << 32); - -// assert w2 >>> 52 == 0; - - zz[0] = u0; - zz[1] = u1 ^ w0 ^ H[2]; - zz[2] = u2 ^ w1 ^ w0 ^ H[3]; - zz[3] = w2 ^ w1; - zz[4] = w2 ^ H[2]; - zz[5] = H[3]; - - implCompactExt(zz); - } - - protected static void implMulw(long x, long y, long[] z, int zOff) - { -// assert x >>> 56 == 0; -// assert y >>> 56 == 0; - - long[] u = new long[8]; -// u[0] = 0; - u[1] = y; - u[2] = u[1] << 1; - u[3] = u[2] ^ y; - u[4] = u[2] << 1; - u[5] = u[4] ^ y; - u[6] = u[3] << 1; - u[7] = u[6] ^ y; - - int j = (int)x; - long g, h = 0, l = u[j & 3]; - int k = 47; - do - { - j = (int)(x >>> k); - g = u[j & 7] - ^ u[(j >>> 3) & 7] << 3 - ^ u[(j >>> 6) & 7] << 6; - l ^= (g << k); - h ^= (g >>> -k); - } - while ((k -= 9) > 0); - -// assert h >>> 47 == 0; - - z[zOff ] = l & M55; - z[zOff + 1] = (l >>> 55) ^ (h << 9); - } - - protected static void implSquare(long[] x, long[] zz) - { - Interleave.expand64To128(x[0], zz, 0); - Interleave.expand64To128(x[1], zz, 2); - - long x2 = x[2]; - zz[4] = Interleave.expand32to64((int)x2); - zz[5] = Interleave.expand8to16((int)(x2 >>> 32)) & 0xFFFFFFFFL; - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT163FieldElement.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT163FieldElement.java deleted file mode 100644 index 51a88bc4..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT163FieldElement.java +++ /dev/null @@ -1,226 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.raw.Nat192; -import org.bouncycastle.util.Arrays; - -public class SecT163FieldElement extends ECFieldElement.AbstractF2m -{ - protected long[] x; - - public SecT163FieldElement(BigInteger x) - { - if (x == null || x.signum() < 0 || x.bitLength() > 163) - { - throw new IllegalArgumentException("x value invalid for SecT163FieldElement"); - } - - this.x = SecT163Field.fromBigInteger(x); - } - - public SecT163FieldElement() - { - this.x = Nat192.create64(); - } - - protected SecT163FieldElement(long[] x) - { - this.x = x; - } - -// public int bitLength() -// { -// return x.degree(); -// } - - public boolean isOne() - { - return Nat192.isOne64(x); - } - - public boolean isZero() - { - return Nat192.isZero64(x); - } - - public boolean testBitZero() - { - return (x[0] & 1L) != 0L; - } - - public BigInteger toBigInteger() - { - return Nat192.toBigInteger64(x); - } - - public String getFieldName() - { - return "SecT163Field"; - } - - public int getFieldSize() - { - return 163; - } - - public ECFieldElement add(ECFieldElement b) - { - long[] z = Nat192.create64(); - SecT163Field.add(x, ((SecT163FieldElement)b).x, z); - return new SecT163FieldElement(z); - } - - public ECFieldElement addOne() - { - long[] z = Nat192.create64(); - SecT163Field.addOne(x, z); - return new SecT163FieldElement(z); - } - - public ECFieldElement subtract(ECFieldElement b) - { - // Addition and subtraction are the same in F2m - return add(b); - } - - public ECFieldElement multiply(ECFieldElement b) - { - long[] z = Nat192.create64(); - SecT163Field.multiply(x, ((SecT163FieldElement)b).x, z); - return new SecT163FieldElement(z); - } - - public ECFieldElement multiplyMinusProduct(ECFieldElement b, ECFieldElement x, ECFieldElement y) - { - return multiplyPlusProduct(b, x, y); - } - - public ECFieldElement multiplyPlusProduct(ECFieldElement b, ECFieldElement x, ECFieldElement y) - { - long[] ax = this.x, bx = ((SecT163FieldElement)b).x; - long[] xx = ((SecT163FieldElement)x).x, yx = ((SecT163FieldElement)y).x; - - long[] tt = Nat192.createExt64(); - SecT163Field.multiplyAddToExt(ax, bx, tt); - SecT163Field.multiplyAddToExt(xx, yx, tt); - - long[] z = Nat192.create64(); - SecT163Field.reduce(tt, z); - return new SecT163FieldElement(z); - } - - public ECFieldElement divide(ECFieldElement b) - { - return multiply(b.invert()); - } - - public ECFieldElement negate() - { - return this; - } - - public ECFieldElement square() - { - long[] z = Nat192.create64(); - SecT163Field.square(x, z); - return new SecT163FieldElement(z); - } - - public ECFieldElement squareMinusProduct(ECFieldElement x, ECFieldElement y) - { - return squarePlusProduct(x, y); - } - - public ECFieldElement squarePlusProduct(ECFieldElement x, ECFieldElement y) - { - long[] ax = this.x; - long[] xx = ((SecT163FieldElement)x).x, yx = ((SecT163FieldElement)y).x; - - long[] tt = Nat192.createExt64(); - SecT163Field.squareAddToExt(ax, tt); - SecT163Field.multiplyAddToExt(xx, yx, tt); - - long[] z = Nat192.create64(); - SecT163Field.reduce(tt, z); - return new SecT163FieldElement(z); - } - - public ECFieldElement squarePow(int pow) - { - if (pow < 1) - { - return this; - } - - long[] z = Nat192.create64(); - SecT163Field.squareN(x, pow, z); - return new SecT163FieldElement(z); - } - - public int trace() - { - return SecT163Field.trace(x); - } - - public ECFieldElement invert() - { - long[] z = Nat192.create64(); - SecT163Field.invert(x, z); - return new SecT163FieldElement(z); - } - - public ECFieldElement sqrt() - { - long[] z = Nat192.create64(); - SecT163Field.sqrt(x, z); - return new SecT163FieldElement(z); - } - - public int getRepresentation() - { - return ECFieldElement.F2m.PPB; - } - - public int getM() - { - return 163; - } - - public int getK1() - { - return 3; - } - - public int getK2() - { - return 6; - } - - public int getK3() - { - return 7; - } - - public boolean equals(Object other) - { - if (other == this) - { - return true; - } - - if (!(other instanceof SecT163FieldElement)) - { - return false; - } - - SecT163FieldElement o = (SecT163FieldElement)other; - return Nat192.eq64(x, o.x); - } - - public int hashCode() - { - return 163763 ^ Arrays.hashCode(x, 0, 3); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT163K1Curve.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT163K1Curve.java deleted file mode 100644 index f7dedab8..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT163K1Curve.java +++ /dev/null @@ -1,155 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECCurve.AbstractF2m; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECLookupTable; -import org.bouncycastle.math.ec.ECMultiplier; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.ec.WTauNafMultiplier; -import org.bouncycastle.math.raw.Nat192; -import org.bouncycastle.util.encoders.Hex; - -public class SecT163K1Curve extends AbstractF2m -{ - private static final int SecT163K1_DEFAULT_COORDS = COORD_LAMBDA_PROJECTIVE; - - protected SecT163K1Point infinity; - - public SecT163K1Curve() - { - super(163, 3, 6, 7); - - this.infinity = new SecT163K1Point(this, null, null); - - this.a = fromBigInteger(BigInteger.valueOf(1)); - this.b = this.a; - this.order = new BigInteger(1, Hex.decode("04000000000000000000020108A2E0CC0D99F8A5EF")); - this.cofactor = BigInteger.valueOf(2); - - this.coord = SecT163K1_DEFAULT_COORDS; - } - - protected ECCurve cloneCurve() - { - return new SecT163K1Curve(); - } - - public boolean supportsCoordinateSystem(int coord) - { - switch (coord) - { - case COORD_LAMBDA_PROJECTIVE: - return true; - default: - return false; - } - } - - protected ECMultiplier createDefaultMultiplier() - { - return new WTauNafMultiplier(); - } - - public int getFieldSize() - { - return 163; - } - - public ECFieldElement fromBigInteger(BigInteger x) - { - return new SecT163FieldElement(x); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, boolean withCompression) - { - return new SecT163K1Point(this, x, y, withCompression); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - return new SecT163K1Point(this, x, y, zs, withCompression); - } - - public ECPoint getInfinity() - { - return infinity; - } - - public boolean isKoblitz() - { - return true; - } - - public int getM() - { - return 163; - } - - public boolean isTrinomial() - { - return false; - } - - public int getK1() - { - return 3; - } - - public int getK2() - { - return 6; - } - - public int getK3() - { - return 7; - } - - public ECLookupTable createCacheSafeLookupTable(ECPoint[] points, int off, final int len) - { - final int FE_LONGS = 3; - - final long[] table = new long[len * FE_LONGS * 2]; - { - int pos = 0; - for (int i = 0; i < len; ++i) - { - ECPoint p = points[off + i]; - Nat192.copy64(((SecT163FieldElement)p.getRawXCoord()).x, 0, table, pos); pos += FE_LONGS; - Nat192.copy64(((SecT163FieldElement)p.getRawYCoord()).x, 0, table, pos); pos += FE_LONGS; - } - } - - return new ECLookupTable() - { - public int getSize() - { - return len; - } - - public ECPoint lookup(int index) - { - long[] x = Nat192.create64(), y = Nat192.create64(); - int pos = 0; - - for (int i = 0; i < len; ++i) - { - long MASK = ((i ^ index) - 1) >> 31; - - for (int j = 0; j < FE_LONGS; ++j) - { - x[j] ^= table[pos + j] & MASK; - y[j] ^= table[pos + FE_LONGS + j] & MASK; - } - - pos += (FE_LONGS * 2); - } - - return createRawPoint(new SecT163FieldElement(x), new SecT163FieldElement(y), false); - } - }; - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT163K1Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT163K1Point.java deleted file mode 100644 index 43dfd0a2..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT163K1Point.java +++ /dev/null @@ -1,306 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import org.bouncycastle.math.ec.ECConstants; -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.ec.ECPoint.AbstractF2m; - -public class SecT163K1Point extends AbstractF2m -{ - /** - * @deprecated Use ECCurve.createPoint to construct points - */ - public SecT163K1Point(ECCurve curve, ECFieldElement x, ECFieldElement y) - { - this(curve, x, y, false); - } - - /** - * @deprecated per-point compression property will be removed, refer {@link #getEncoded(boolean)} - */ - public SecT163K1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, boolean withCompression) - { - super(curve, x, y); - - if ((x == null) != (y == null)) - { - throw new IllegalArgumentException("Exactly one of the field elements is null"); - } - - this.withCompression = withCompression; - } - - SecT163K1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - super(curve, x, y, zs); - - this.withCompression = withCompression; - } - - protected ECPoint detach() - { - return new SecT163K1Point(null, this.getAffineXCoord(), this.getAffineYCoord()); - } - - public ECFieldElement getYCoord() - { - ECFieldElement X = x, L = y; - - if (this.isInfinity() || X.isZero()) - { - return L; - } - - // Y is actually Lambda (X + Y/X) here; convert to affine value on the fly - ECFieldElement Y = L.add(X).multiply(X); - - ECFieldElement Z = zs[0]; - if (!Z.isOne()) - { - Y = Y.divide(Z); - } - - return Y; - } - - protected boolean getCompressionYTilde() - { - ECFieldElement X = this.getRawXCoord(); - if (X.isZero()) - { - return false; - } - - ECFieldElement Y = this.getRawYCoord(); - - // Y is actually Lambda (X + Y/X) here - return Y.testBitZero() != X.testBitZero(); - } - - public ECPoint add(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - ECFieldElement X2 = b.getRawXCoord(); - - if (X1.isZero()) - { - if (X2.isZero()) - { - return curve.getInfinity(); - } - - return b.add(this); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - ECFieldElement L2 = b.getRawYCoord(), Z2 = b.getZCoord(0); - - boolean Z1IsOne = Z1.isOne(); - ECFieldElement U2 = X2, S2 = L2; - if (!Z1IsOne) - { - U2 = U2.multiply(Z1); - S2 = S2.multiply(Z1); - } - - boolean Z2IsOne = Z2.isOne(); - ECFieldElement U1 = X1, S1 = L1; - if (!Z2IsOne) - { - U1 = U1.multiply(Z2); - S1 = S1.multiply(Z2); - } - - ECFieldElement A = S1.add(S2); - ECFieldElement B = U1.add(U2); - - if (B.isZero()) - { - if (A.isZero()) - { - return twice(); - } - - return curve.getInfinity(); - } - - ECFieldElement X3, L3, Z3; - if (X2.isZero()) - { - // TODO This can probably be optimized quite a bit - ECPoint p = this.normalize(); - X1 = p.getXCoord(); - ECFieldElement Y1 = p.getYCoord(); - - ECFieldElement Y2 = L2; - ECFieldElement L = Y1.add(Y2).divide(X1); - - X3 = L.square().add(L).add(X1).addOne(); - if (X3.isZero()) - { - return new SecT163K1Point(curve, X3, curve.getB(), this.withCompression); - } - - ECFieldElement Y3 = L.multiply(X1.add(X3)).add(X3).add(Y1); - L3 = Y3.divide(X3).add(X3); - Z3 = curve.fromBigInteger(ECConstants.ONE); - } - else - { - B = B.square(); - - ECFieldElement AU1 = A.multiply(U1); - ECFieldElement AU2 = A.multiply(U2); - - X3 = AU1.multiply(AU2); - if (X3.isZero()) - { - return new SecT163K1Point(curve, X3, curve.getB(), this.withCompression); - } - - ECFieldElement ABZ2 = A.multiply(B); - if (!Z2IsOne) - { - ABZ2 = ABZ2.multiply(Z2); - } - - L3 = AU2.add(B).squarePlusProduct(ABZ2, L1.add(Z1)); - - Z3 = ABZ2; - if (!Z1IsOne) - { - Z3 = Z3.multiply(Z1); - } - } - - return new SecT163K1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint twice() - { - if (this.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - if (X1.isZero()) - { - // A point with X == 0 is it's own additive inverse - return curve.getInfinity(); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - - boolean Z1IsOne = Z1.isOne(); - ECFieldElement L1Z1 = Z1IsOne ? L1 : L1.multiply(Z1); - ECFieldElement Z1Sq = Z1IsOne ? Z1 : Z1.square(); - ECFieldElement T = L1.square().add(L1Z1).add(Z1Sq); - if (T.isZero()) - { - return new SecT163K1Point(curve, T, curve.getB(), withCompression); - } - - ECFieldElement X3 = T.square(); - ECFieldElement Z3 = Z1IsOne ? T : T.multiply(Z1Sq); - - ECFieldElement t1 = L1.add(X1).square(); - ECFieldElement L3 = t1.add(T).add(Z1Sq).multiply(t1).add(X3); - - return new SecT163K1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint twicePlus(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return twice(); - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - if (X1.isZero()) - { - // A point with X == 0 is it's own additive inverse - return b; - } - - // NOTE: twicePlus() only optimized for lambda-affine argument - ECFieldElement X2 = b.getRawXCoord(), Z2 = b.getZCoord(0); - if (X2.isZero() || !Z2.isOne()) - { - return twice().add(b); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - ECFieldElement L2 = b.getRawYCoord(); - - ECFieldElement X1Sq = X1.square(); - ECFieldElement L1Sq = L1.square(); - ECFieldElement Z1Sq = Z1.square(); - ECFieldElement L1Z1 = L1.multiply(Z1); - - ECFieldElement T = Z1Sq.add(L1Sq).add(L1Z1); - ECFieldElement A = L2.multiply(Z1Sq).add(L1Sq).multiplyPlusProduct(T, X1Sq, Z1Sq); - ECFieldElement X2Z1Sq = X2.multiply(Z1Sq); - ECFieldElement B = X2Z1Sq.add(T).square(); - - if (B.isZero()) - { - if (A.isZero()) - { - return b.twice(); - } - - return curve.getInfinity(); - } - - if (A.isZero()) - { - return new SecT163K1Point(curve, A, curve.getB(), withCompression); - } - - ECFieldElement X3 = A.square().multiply(X2Z1Sq); - ECFieldElement Z3 = A.multiply(B).multiply(Z1Sq); - ECFieldElement L3 = A.add(B).square().multiplyPlusProduct(T, L2.addOne(), Z3); - - return new SecT163K1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint negate() - { - if (this.isInfinity()) - { - return this; - } - - ECFieldElement X = this.x; - if (X.isZero()) - { - return this; - } - - // L is actually Lambda (X + Y/X) here - ECFieldElement L = this.y, Z = this.zs[0]; - return new SecT163K1Point(curve, X, L.add(Z), new ECFieldElement[]{ Z }, this.withCompression); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT163R1Curve.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT163R1Curve.java deleted file mode 100644 index bfc96344..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT163R1Curve.java +++ /dev/null @@ -1,148 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECCurve.AbstractF2m; -import org.bouncycastle.math.raw.Nat192; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECLookupTable; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.util.encoders.Hex; - -public class SecT163R1Curve extends AbstractF2m -{ - private static final int SecT163R1_DEFAULT_COORDS = COORD_LAMBDA_PROJECTIVE; - - protected SecT163R1Point infinity; - - public SecT163R1Curve() - { - super(163, 3, 6, 7); - - this.infinity = new SecT163R1Point(this, null, null); - - this.a = fromBigInteger(new BigInteger(1, Hex.decode("07B6882CAAEFA84F9554FF8428BD88E246D2782AE2"))); - this.b = fromBigInteger(new BigInteger(1, Hex.decode("0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9"))); - this.order = new BigInteger(1, Hex.decode("03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B")); - this.cofactor = BigInteger.valueOf(2); - - this.coord = SecT163R1_DEFAULT_COORDS; - } - - protected ECCurve cloneCurve() - { - return new SecT163R1Curve(); - } - - public boolean supportsCoordinateSystem(int coord) - { - switch (coord) - { - case COORD_LAMBDA_PROJECTIVE: - return true; - default: - return false; - } - } - - public int getFieldSize() - { - return 163; - } - - public ECFieldElement fromBigInteger(BigInteger x) - { - return new SecT163FieldElement(x); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, boolean withCompression) - { - return new SecT163R1Point(this, x, y, withCompression); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - return new SecT163R1Point(this, x, y, zs, withCompression); - } - - public ECPoint getInfinity() - { - return infinity; - } - - public boolean isKoblitz() - { - return false; - } - - public int getM() - { - return 163; - } - - public boolean isTrinomial() - { - return false; - } - - public int getK1() - { - return 3; - } - - public int getK2() - { - return 6; - } - - public int getK3() - { - return 7; - } - - public ECLookupTable createCacheSafeLookupTable(ECPoint[] points, int off, final int len) - { - final int FE_LONGS = 3; - - final long[] table = new long[len * FE_LONGS * 2]; - { - int pos = 0; - for (int i = 0; i < len; ++i) - { - ECPoint p = points[off + i]; - Nat192.copy64(((SecT163FieldElement)p.getRawXCoord()).x, 0, table, pos); pos += FE_LONGS; - Nat192.copy64(((SecT163FieldElement)p.getRawYCoord()).x, 0, table, pos); pos += FE_LONGS; - } - } - - return new ECLookupTable() - { - public int getSize() - { - return len; - } - - public ECPoint lookup(int index) - { - long[] x = Nat192.create64(), y = Nat192.create64(); - int pos = 0; - - for (int i = 0; i < len; ++i) - { - long MASK = ((i ^ index) - 1) >> 31; - - for (int j = 0; j < FE_LONGS; ++j) - { - x[j] ^= table[pos + j] & MASK; - y[j] ^= table[pos + FE_LONGS + j] & MASK; - } - - pos += (FE_LONGS * 2); - } - - return createRawPoint(new SecT163FieldElement(x), new SecT163FieldElement(y), false); - } - }; - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT163R1Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT163R1Point.java deleted file mode 100644 index 1c3355ee..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT163R1Point.java +++ /dev/null @@ -1,308 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import org.bouncycastle.math.ec.ECConstants; -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.ec.ECPoint.AbstractF2m; - -public class SecT163R1Point extends AbstractF2m -{ - /** - * @deprecated Use ECCurve.createPoint to construct points - */ - public SecT163R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y) - { - this(curve, x, y, false); - } - - /** - * @deprecated per-point compression property will be removed, refer {@link #getEncoded(boolean)} - */ - public SecT163R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, boolean withCompression) - { - super(curve, x, y); - - if ((x == null) != (y == null)) - { - throw new IllegalArgumentException("Exactly one of the field elements is null"); - } - - this.withCompression = withCompression; - } - - SecT163R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - super(curve, x, y, zs); - - this.withCompression = withCompression; - } - - protected ECPoint detach() - { - return new SecT163R1Point(null, getAffineXCoord(), getAffineYCoord()); - } - - public ECFieldElement getYCoord() - { - ECFieldElement X = x, L = y; - - if (this.isInfinity() || X.isZero()) - { - return L; - } - - // Y is actually Lambda (X + Y/X) here; convert to affine value on the fly - ECFieldElement Y = L.add(X).multiply(X); - - ECFieldElement Z = zs[0]; - if (!Z.isOne()) - { - Y = Y.divide(Z); - } - - return Y; - } - - protected boolean getCompressionYTilde() - { - ECFieldElement X = this.getRawXCoord(); - if (X.isZero()) - { - return false; - } - - ECFieldElement Y = this.getRawYCoord(); - - // Y is actually Lambda (X + Y/X) here - return Y.testBitZero() != X.testBitZero(); - } - - public ECPoint add(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - ECFieldElement X2 = b.getRawXCoord(); - - if (X1.isZero()) - { - if (X2.isZero()) - { - return curve.getInfinity(); - } - - return b.add(this); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - ECFieldElement L2 = b.getRawYCoord(), Z2 = b.getZCoord(0); - - boolean Z1IsOne = Z1.isOne(); - ECFieldElement U2 = X2, S2 = L2; - if (!Z1IsOne) - { - U2 = U2.multiply(Z1); - S2 = S2.multiply(Z1); - } - - boolean Z2IsOne = Z2.isOne(); - ECFieldElement U1 = X1, S1 = L1; - if (!Z2IsOne) - { - U1 = U1.multiply(Z2); - S1 = S1.multiply(Z2); - } - - ECFieldElement A = S1.add(S2); - ECFieldElement B = U1.add(U2); - - if (B.isZero()) - { - if (A.isZero()) - { - return twice(); - } - - return curve.getInfinity(); - } - - ECFieldElement X3, L3, Z3; - if (X2.isZero()) - { - // TODO This can probably be optimized quite a bit - ECPoint p = this.normalize(); - X1 = p.getXCoord(); - ECFieldElement Y1 = p.getYCoord(); - - ECFieldElement Y2 = L2; - ECFieldElement L = Y1.add(Y2).divide(X1); - - X3 = L.square().add(L).add(X1).add(curve.getA()); - if (X3.isZero()) - { - return new SecT163R1Point(curve, X3, curve.getB().sqrt(), this.withCompression); - } - - ECFieldElement Y3 = L.multiply(X1.add(X3)).add(X3).add(Y1); - L3 = Y3.divide(X3).add(X3); - Z3 = curve.fromBigInteger(ECConstants.ONE); - } - else - { - B = B.square(); - - ECFieldElement AU1 = A.multiply(U1); - ECFieldElement AU2 = A.multiply(U2); - - X3 = AU1.multiply(AU2); - if (X3.isZero()) - { - return new SecT163R1Point(curve, X3, curve.getB().sqrt(), this.withCompression); - } - - ECFieldElement ABZ2 = A.multiply(B); - if (!Z2IsOne) - { - ABZ2 = ABZ2.multiply(Z2); - } - - L3 = AU2.add(B).squarePlusProduct(ABZ2, L1.add(Z1)); - - Z3 = ABZ2; - if (!Z1IsOne) - { - Z3 = Z3.multiply(Z1); - } - } - - return new SecT163R1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint twice() - { - if (this.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - if (X1.isZero()) - { - // A point with X == 0 is it's own additive inverse - return curve.getInfinity(); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - - boolean Z1IsOne = Z1.isOne(); - ECFieldElement L1Z1 = Z1IsOne ? L1 : L1.multiply(Z1); - ECFieldElement Z1Sq = Z1IsOne ? Z1 : Z1.square(); - ECFieldElement a = curve.getA(); - ECFieldElement aZ1Sq = Z1IsOne ? a : a.multiply(Z1Sq); - ECFieldElement T = L1.square().add(L1Z1).add(aZ1Sq); - if (T.isZero()) - { - return new SecT163R1Point(curve, T, curve.getB().sqrt(), withCompression); - } - - ECFieldElement X3 = T.square(); - ECFieldElement Z3 = Z1IsOne ? T : T.multiply(Z1Sq); - - ECFieldElement X1Z1 = Z1IsOne ? X1 : X1.multiply(Z1); - ECFieldElement L3 = X1Z1.squarePlusProduct(T, L1Z1).add(X3).add(Z3); - - return new SecT163R1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint twicePlus(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return twice(); - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - if (X1.isZero()) - { - // A point with X == 0 is it's own additive inverse - return b; - } - - ECFieldElement X2 = b.getRawXCoord(), Z2 = b.getZCoord(0); - if (X2.isZero() || !Z2.isOne()) - { - return twice().add(b); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - ECFieldElement L2 = b.getRawYCoord(); - - ECFieldElement X1Sq = X1.square(); - ECFieldElement L1Sq = L1.square(); - ECFieldElement Z1Sq = Z1.square(); - ECFieldElement L1Z1 = L1.multiply(Z1); - - ECFieldElement T = curve.getA().multiply(Z1Sq).add(L1Sq).add(L1Z1); - ECFieldElement L2plus1 = L2.addOne(); - ECFieldElement A = curve.getA().add(L2plus1).multiply(Z1Sq).add(L1Sq).multiplyPlusProduct(T, X1Sq, Z1Sq); - ECFieldElement X2Z1Sq = X2.multiply(Z1Sq); - ECFieldElement B = X2Z1Sq.add(T).square(); - - if (B.isZero()) - { - if (A.isZero()) - { - return b.twice(); - } - - return curve.getInfinity(); - } - - if (A.isZero()) - { - return new SecT163R1Point(curve, A, curve.getB().sqrt(), withCompression); - } - - ECFieldElement X3 = A.square().multiply(X2Z1Sq); - ECFieldElement Z3 = A.multiply(B).multiply(Z1Sq); - ECFieldElement L3 = A.add(B).square().multiplyPlusProduct(T, L2plus1, Z3); - - return new SecT163R1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint negate() - { - if (this.isInfinity()) - { - return this; - } - - ECFieldElement X = this.x; - if (X.isZero()) - { - return this; - } - - // L is actually Lambda (X + Y/X) here - ECFieldElement L = this.y, Z = this.zs[0]; - return new SecT163R1Point(curve, X, L.add(Z), new ECFieldElement[]{ Z }, this.withCompression); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT163R2Curve.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT163R2Curve.java deleted file mode 100644 index 3b44d228..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT163R2Curve.java +++ /dev/null @@ -1,148 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECCurve.AbstractF2m; -import org.bouncycastle.math.raw.Nat192; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECLookupTable; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.util.encoders.Hex; - -public class SecT163R2Curve extends AbstractF2m -{ - private static final int SecT163R2_DEFAULT_COORDS = COORD_LAMBDA_PROJECTIVE; - - protected SecT163R2Point infinity; - - public SecT163R2Curve() - { - super(163, 3, 6, 7); - - this.infinity = new SecT163R2Point(this, null, null); - - this.a = fromBigInteger(BigInteger.valueOf(1)); - this.b = fromBigInteger(new BigInteger(1, Hex.decode("020A601907B8C953CA1481EB10512F78744A3205FD"))); - this.order = new BigInteger(1, Hex.decode("040000000000000000000292FE77E70C12A4234C33")); - this.cofactor = BigInteger.valueOf(2); - - this.coord = SecT163R2_DEFAULT_COORDS; - } - - protected ECCurve cloneCurve() - { - return new SecT163R2Curve(); - } - - public boolean supportsCoordinateSystem(int coord) - { - switch (coord) - { - case COORD_LAMBDA_PROJECTIVE: - return true; - default: - return false; - } - } - - public int getFieldSize() - { - return 163; - } - - public ECFieldElement fromBigInteger(BigInteger x) - { - return new SecT163FieldElement(x); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, boolean withCompression) - { - return new SecT163R2Point(this, x, y, withCompression); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - return new SecT163R2Point(this, x, y, zs, withCompression); - } - - public ECPoint getInfinity() - { - return infinity; - } - - public boolean isKoblitz() - { - return false; - } - - public int getM() - { - return 163; - } - - public boolean isTrinomial() - { - return false; - } - - public int getK1() - { - return 3; - } - - public int getK2() - { - return 6; - } - - public int getK3() - { - return 7; - } - - public ECLookupTable createCacheSafeLookupTable(ECPoint[] points, int off, final int len) - { - final int FE_LONGS = 3; - - final long[] table = new long[len * FE_LONGS * 2]; - { - int pos = 0; - for (int i = 0; i < len; ++i) - { - ECPoint p = points[off + i]; - Nat192.copy64(((SecT163FieldElement)p.getRawXCoord()).x, 0, table, pos); pos += FE_LONGS; - Nat192.copy64(((SecT163FieldElement)p.getRawYCoord()).x, 0, table, pos); pos += FE_LONGS; - } - } - - return new ECLookupTable() - { - public int getSize() - { - return len; - } - - public ECPoint lookup(int index) - { - long[] x = Nat192.create64(), y = Nat192.create64(); - int pos = 0; - - for (int i = 0; i < len; ++i) - { - long MASK = ((i ^ index) - 1) >> 31; - - for (int j = 0; j < FE_LONGS; ++j) - { - x[j] ^= table[pos + j] & MASK; - y[j] ^= table[pos + FE_LONGS + j] & MASK; - } - - pos += (FE_LONGS * 2); - } - - return createRawPoint(new SecT163FieldElement(x), new SecT163FieldElement(y), false); - } - }; - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT163R2Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT163R2Point.java deleted file mode 100644 index 00b6a2ca..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT163R2Point.java +++ /dev/null @@ -1,305 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import org.bouncycastle.math.ec.ECConstants; -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.ec.ECPoint.AbstractF2m; - -public class SecT163R2Point extends AbstractF2m -{ - /** - * @deprecated Use ECCurve.createPoint to construct points - */ - public SecT163R2Point(ECCurve curve, ECFieldElement x, ECFieldElement y) - { - this(curve, x, y, false); - } - - /** - * @deprecated per-point compression property will be removed, refer {@link #getEncoded(boolean)} - */ - public SecT163R2Point(ECCurve curve, ECFieldElement x, ECFieldElement y, boolean withCompression) - { - super(curve, x, y); - - if ((x == null) != (y == null)) - { - throw new IllegalArgumentException("Exactly one of the field elements is null"); - } - - this.withCompression = withCompression; - } - - SecT163R2Point(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - super(curve, x, y, zs); - - this.withCompression = withCompression; - } - - protected ECPoint detach() - { - return new SecT163R2Point(null, getAffineXCoord(), getAffineYCoord()); - } - - public ECFieldElement getYCoord() - { - ECFieldElement X = x, L = y; - - if (this.isInfinity() || X.isZero()) - { - return L; - } - - // Y is actually Lambda (X + Y/X) here; convert to affine value on the fly - ECFieldElement Y = L.add(X).multiply(X); - - ECFieldElement Z = zs[0]; - if (!Z.isOne()) - { - Y = Y.divide(Z); - } - - return Y; - } - - protected boolean getCompressionYTilde() - { - ECFieldElement X = this.getRawXCoord(); - if (X.isZero()) - { - return false; - } - - ECFieldElement Y = this.getRawYCoord(); - - // Y is actually Lambda (X + Y/X) here - return Y.testBitZero() != X.testBitZero(); - } - - public ECPoint add(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - ECFieldElement X2 = b.getRawXCoord(); - - if (X1.isZero()) - { - if (X2.isZero()) - { - return curve.getInfinity(); - } - - return b.add(this); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - ECFieldElement L2 = b.getRawYCoord(), Z2 = b.getZCoord(0); - - boolean Z1IsOne = Z1.isOne(); - ECFieldElement U2 = X2, S2 = L2; - if (!Z1IsOne) - { - U2 = U2.multiply(Z1); - S2 = S2.multiply(Z1); - } - - boolean Z2IsOne = Z2.isOne(); - ECFieldElement U1 = X1, S1 = L1; - if (!Z2IsOne) - { - U1 = U1.multiply(Z2); - S1 = S1.multiply(Z2); - } - - ECFieldElement A = S1.add(S2); - ECFieldElement B = U1.add(U2); - - if (B.isZero()) - { - if (A.isZero()) - { - return twice(); - } - - return curve.getInfinity(); - } - - ECFieldElement X3, L3, Z3; - if (X2.isZero()) - { - // TODO This can probably be optimized quite a bit - ECPoint p = this.normalize(); - X1 = p.getXCoord(); - ECFieldElement Y1 = p.getYCoord(); - - ECFieldElement Y2 = L2; - ECFieldElement L = Y1.add(Y2).divide(X1); - - X3 = L.square().add(L).add(X1).addOne(); - if (X3.isZero()) - { - return new SecT163R2Point(curve, X3, curve.getB().sqrt(), this.withCompression); - } - - ECFieldElement Y3 = L.multiply(X1.add(X3)).add(X3).add(Y1); - L3 = Y3.divide(X3).add(X3); - Z3 = curve.fromBigInteger(ECConstants.ONE); - } - else - { - B = B.square(); - - ECFieldElement AU1 = A.multiply(U1); - ECFieldElement AU2 = A.multiply(U2); - - X3 = AU1.multiply(AU2); - if (X3.isZero()) - { - return new SecT163R2Point(curve, X3, curve.getB().sqrt(), this.withCompression); - } - - ECFieldElement ABZ2 = A.multiply(B); - if (!Z2IsOne) - { - ABZ2 = ABZ2.multiply(Z2); - } - - L3 = AU2.add(B).squarePlusProduct(ABZ2, L1.add(Z1)); - - Z3 = ABZ2; - if (!Z1IsOne) - { - Z3 = Z3.multiply(Z1); - } - } - - return new SecT163R2Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint twice() - { - if (this.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - if (X1.isZero()) - { - // A point with X == 0 is it's own additive inverse - return curve.getInfinity(); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - - boolean Z1IsOne = Z1.isOne(); - ECFieldElement L1Z1 = Z1IsOne ? L1 : L1.multiply(Z1); - ECFieldElement Z1Sq = Z1IsOne ? Z1 : Z1.square(); - ECFieldElement T = L1.square().add(L1Z1).add(Z1Sq); - if (T.isZero()) - { - return new SecT163R2Point(curve, T, curve.getB().sqrt(), withCompression); - } - - ECFieldElement X3 = T.square(); - ECFieldElement Z3 = Z1IsOne ? T : T.multiply(Z1Sq); - - ECFieldElement X1Z1 = Z1IsOne ? X1 : X1.multiply(Z1); - ECFieldElement L3 = X1Z1.squarePlusProduct(T, L1Z1).add(X3).add(Z3); - - return new SecT163R2Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint twicePlus(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return twice(); - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - if (X1.isZero()) - { - // A point with X == 0 is it's own additive inverse - return b; - } - - ECFieldElement X2 = b.getRawXCoord(), Z2 = b.getZCoord(0); - if (X2.isZero() || !Z2.isOne()) - { - return twice().add(b); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - ECFieldElement L2 = b.getRawYCoord(); - - ECFieldElement X1Sq = X1.square(); - ECFieldElement L1Sq = L1.square(); - ECFieldElement Z1Sq = Z1.square(); - ECFieldElement L1Z1 = L1.multiply(Z1); - - ECFieldElement T = Z1Sq.add(L1Sq).add(L1Z1); - ECFieldElement A = L2.multiply(Z1Sq).add(L1Sq).multiplyPlusProduct(T, X1Sq, Z1Sq); - ECFieldElement X2Z1Sq = X2.multiply(Z1Sq); - ECFieldElement B = X2Z1Sq.add(T).square(); - - if (B.isZero()) - { - if (A.isZero()) - { - return b.twice(); - } - - return curve.getInfinity(); - } - - if (A.isZero()) - { - return new SecT163R2Point(curve, A, curve.getB().sqrt(), withCompression); - } - - ECFieldElement X3 = A.square().multiply(X2Z1Sq); - ECFieldElement Z3 = A.multiply(B).multiply(Z1Sq); - ECFieldElement L3 = A.add(B).square().multiplyPlusProduct(T, L2.addOne(), Z3); - - return new SecT163R2Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint negate() - { - if (this.isInfinity()) - { - return this; - } - - ECFieldElement X = this.x; - if (X.isZero()) - { - return this; - } - - // L is actually Lambda (X + Y/X) here - ECFieldElement L = this.y, Z = this.zs[0]; - return new SecT163R2Point(curve, X, L.add(Z), new ECFieldElement[]{ Z }, this.withCompression); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT193Field.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT193Field.java deleted file mode 100644 index 2e5e1866..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT193Field.java +++ /dev/null @@ -1,306 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.raw.Interleave; -import org.bouncycastle.math.raw.Nat256; - -public class SecT193Field -{ - private static final long M01 = 1L; - private static final long M49 = -1L >>> 15; - - public static void add(long[] x, long[] y, long[] z) - { - z[0] = x[0] ^ y[0]; - z[1] = x[1] ^ y[1]; - z[2] = x[2] ^ y[2]; - z[3] = x[3] ^ y[3]; - } - - public static void addExt(long[] xx, long[] yy, long[] zz) - { - zz[0] = xx[0] ^ yy[0]; - zz[1] = xx[1] ^ yy[1]; - zz[2] = xx[2] ^ yy[2]; - zz[3] = xx[3] ^ yy[3]; - zz[4] = xx[4] ^ yy[4]; - zz[5] = xx[5] ^ yy[5]; - zz[6] = xx[6] ^ yy[6]; - } - - public static void addOne(long[] x, long[] z) - { - z[0] = x[0] ^ 1L; - z[1] = x[1]; - z[2] = x[2]; - z[3] = x[3]; - } - - public static long[] fromBigInteger(BigInteger x) - { - long[] z = Nat256.fromBigInteger64(x); - reduce63(z, 0); - return z; - } - - public static void invert(long[] x, long[] z) - { - if (Nat256.isZero64(x)) - { - throw new IllegalStateException(); - } - - // Itoh-Tsujii inversion with bases { 2, 3 } - - long[] t0 = Nat256.create64(); - long[] t1 = Nat256.create64(); - - square(x, t0); - - // 3 | 192 - squareN(t0, 1, t1); - multiply(t0, t1, t0); - squareN(t1, 1, t1); - multiply(t0, t1, t0); - - // 2 | 64 - squareN(t0, 3, t1); - multiply(t0, t1, t0); - - // 2 | 32 - squareN(t0, 6, t1); - multiply(t0, t1, t0); - - // 2 | 16 - squareN(t0, 12, t1); - multiply(t0, t1, t0); - - // 2 | 8 - squareN(t0, 24, t1); - multiply(t0, t1, t0); - - // 2 | 4 - squareN(t0, 48, t1); - multiply(t0, t1, t0); - - // 2 | 2 - squareN(t0, 96, t1); - multiply(t0, t1, z); - } - - public static void multiply(long[] x, long[] y, long[] z) - { - long[] tt = Nat256.createExt64(); - implMultiply(x, y, tt); - reduce(tt, z); - } - - public static void multiplyAddToExt(long[] x, long[] y, long[] zz) - { - long[] tt = Nat256.createExt64(); - implMultiply(x, y, tt); - addExt(zz, tt, zz); - } - - public static void reduce(long[] xx, long[] z) - { - long x0 = xx[0], x1 = xx[1], x2 = xx[2], x3 = xx[3], x4 = xx[4], x5 = xx[5], x6 = xx[6]; - - x2 ^= (x6 << 63); - x3 ^= (x6 >>> 1) ^ (x6 << 14); - x4 ^= (x6 >>> 50); - - x1 ^= (x5 << 63); - x2 ^= (x5 >>> 1) ^ (x5 << 14); - x3 ^= (x5 >>> 50); - - x0 ^= (x4 << 63); - x1 ^= (x4 >>> 1) ^ (x4 << 14); - x2 ^= (x4 >>> 50); - - long t = x3 >>> 1; - z[0] = x0 ^ t ^ (t << 15); - z[1] = x1 ^ (t >>> 49); - z[2] = x2; - z[3] = x3 & M01; - } - - public static void reduce63(long[] z, int zOff) - { - long z3 = z[zOff + 3], t = z3 >>> 1; - z[zOff ] ^= t ^ (t << 15); - z[zOff + 1] ^= (t >>> 49); - z[zOff + 3] = z3 & M01; - } - - public static void sqrt(long[] x, long[] z) - { - long u0, u1; - u0 = Interleave.unshuffle(x[0]); u1 = Interleave.unshuffle(x[1]); - long e0 = (u0 & 0x00000000FFFFFFFFL) | (u1 << 32); - long c0 = (u0 >>> 32) | (u1 & 0xFFFFFFFF00000000L); - - u0 = Interleave.unshuffle(x[2]); - long e1 = (u0 & 0x00000000FFFFFFFFL) ^ (x[3] << 32); - long c1 = (u0 >>> 32); - - z[0] = e0 ^ (c0 << 8); - z[1] = e1 ^ (c1 << 8) ^ (c0 >>> 56) ^ (c0 << 33); - z[2] = (c1 >>> 56) ^ (c1 << 33) ^ (c0 >>> 31); - z[3] = (c1 >>> 31); - } - - public static void square(long[] x, long[] z) - { - long[] tt = Nat256.createExt64(); - implSquare(x, tt); - reduce(tt, z); - } - - public static void squareAddToExt(long[] x, long[] zz) - { - long[] tt = Nat256.createExt64(); - implSquare(x, tt); - addExt(zz, tt, zz); - } - - public static void squareN(long[] x, int n, long[] z) - { -// assert n > 0; - - long[] tt = Nat256.createExt64(); - implSquare(x, tt); - reduce(tt, z); - - while (--n > 0) - { - implSquare(z, tt); - reduce(tt, z); - } - } - - public static int trace(long[] x) - { - // Non-zero-trace bits: 0 - return (int)(x[0]) & 1; - } - - protected static void implCompactExt(long[] zz) - { - long z0 = zz[0], z1 = zz[1], z2 = zz[2], z3 = zz[3], z4 = zz[4], z5 = zz[5], z6 = zz[6], z7 = zz[7]; - zz[0] = z0 ^ (z1 << 49); - zz[1] = (z1 >>> 15) ^ (z2 << 34); - zz[2] = (z2 >>> 30) ^ (z3 << 19); - zz[3] = (z3 >>> 45) ^ (z4 << 4) - ^ (z5 << 53); - zz[4] = (z4 >>> 60) ^ (z6 << 38) - ^ (z5 >>> 11); - zz[5] = (z6 >>> 26) ^ (z7 << 23); - zz[6] = (z7 >>> 41); - zz[7] = 0; - } - - protected static void implExpand(long[] x, long[] z) - { - long x0 = x[0], x1 = x[1], x2 = x[2], x3 = x[3]; - z[0] = x0 & M49; - z[1] = ((x0 >>> 49) ^ (x1 << 15)) & M49; - z[2] = ((x1 >>> 34) ^ (x2 << 30)) & M49; - z[3] = ((x2 >>> 19) ^ (x3 << 45)); - } - - protected static void implMultiply(long[] x, long[] y, long[] zz) - { - /* - * "Two-level seven-way recursion" as described in "Batch binary Edwards", Daniel J. Bernstein. - */ - - long[] f = new long[4], g = new long[4]; - implExpand(x, f); - implExpand(y, g); - - implMulwAcc(f[0], g[0], zz, 0); - implMulwAcc(f[1], g[1], zz, 1); - implMulwAcc(f[2], g[2], zz, 2); - implMulwAcc(f[3], g[3], zz, 3); - - // U *= (1 - t^n) - for (int i = 5; i > 0; --i) - { - zz[i] ^= zz[i - 1]; - } - - implMulwAcc(f[0] ^ f[1], g[0] ^ g[1], zz, 1); - implMulwAcc(f[2] ^ f[3], g[2] ^ g[3], zz, 3); - - // V *= (1 - t^2n) - for (int i = 7; i > 1; --i) - { - zz[i] ^= zz[i - 2]; - } - - // Double-length recursion - { - long c0 = f[0] ^ f[2], c1 = f[1] ^ f[3]; - long d0 = g[0] ^ g[2], d1 = g[1] ^ g[3]; - implMulwAcc(c0 ^ c1, d0 ^ d1, zz, 3); - long[] t = new long[3]; - implMulwAcc(c0, d0, t, 0); - implMulwAcc(c1, d1, t, 1); - long t0 = t[0], t1 = t[1], t2 = t[2]; - zz[2] ^= t0; - zz[3] ^= t0 ^ t1; - zz[4] ^= t2 ^ t1; - zz[5] ^= t2; - } - - implCompactExt(zz); - } - - protected static void implMulwAcc(long x, long y, long[] z, int zOff) - { -// assert x >>> 49 == 0; -// assert y >>> 49 == 0; - - long[] u = new long[8]; -// u[0] = 0; - u[1] = y; - u[2] = u[1] << 1; - u[3] = u[2] ^ y; - u[4] = u[2] << 1; - u[5] = u[4] ^ y; - u[6] = u[3] << 1; - u[7] = u[6] ^ y; - - int j = (int)x; - long g, h = 0, l = u[j & 7] - ^ (u[(j >>> 3) & 7] << 3); - int k = 36; - do - { - j = (int)(x >>> k); - g = u[j & 7] - ^ u[(j >>> 3) & 7] << 3 - ^ u[(j >>> 6) & 7] << 6 - ^ u[(j >>> 9) & 7] << 9 - ^ u[(j >>> 12) & 7] << 12; - l ^= (g << k); - h ^= (g >>> -k); - } - while ((k -= 15) > 0); - -// assert h >>> 33 == 0; - - z[zOff ] ^= l & M49; - z[zOff + 1] ^= (l >>> 49) ^ (h << 15); - } - - protected static void implSquare(long[] x, long[] zz) - { - Interleave.expand64To128(x[0], zz, 0); - Interleave.expand64To128(x[1], zz, 2); - Interleave.expand64To128(x[2], zz, 4); - zz[6] = (x[3] & M01); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT193FieldElement.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT193FieldElement.java deleted file mode 100644 index 118e4d85..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT193FieldElement.java +++ /dev/null @@ -1,226 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.raw.Nat256; -import org.bouncycastle.util.Arrays; - -public class SecT193FieldElement extends ECFieldElement.AbstractF2m -{ - protected long[] x; - - public SecT193FieldElement(BigInteger x) - { - if (x == null || x.signum() < 0 || x.bitLength() > 193) - { - throw new IllegalArgumentException("x value invalid for SecT193FieldElement"); - } - - this.x = SecT193Field.fromBigInteger(x); - } - - public SecT193FieldElement() - { - this.x = Nat256.create64(); - } - - protected SecT193FieldElement(long[] x) - { - this.x = x; - } - -// public int bitLength() -// { -// return x.degree(); -// } - - public boolean isOne() - { - return Nat256.isOne64(x); - } - - public boolean isZero() - { - return Nat256.isZero64(x); - } - - public boolean testBitZero() - { - return (x[0] & 1L) != 0L; - } - - public BigInteger toBigInteger() - { - return Nat256.toBigInteger64(x); - } - - public String getFieldName() - { - return "SecT193Field"; - } - - public int getFieldSize() - { - return 193; - } - - public ECFieldElement add(ECFieldElement b) - { - long[] z = Nat256.create64(); - SecT193Field.add(x, ((SecT193FieldElement)b).x, z); - return new SecT193FieldElement(z); - } - - public ECFieldElement addOne() - { - long[] z = Nat256.create64(); - SecT193Field.addOne(x, z); - return new SecT193FieldElement(z); - } - - public ECFieldElement subtract(ECFieldElement b) - { - // Addition and subtraction are the same in F2m - return add(b); - } - - public ECFieldElement multiply(ECFieldElement b) - { - long[] z = Nat256.create64(); - SecT193Field.multiply(x, ((SecT193FieldElement)b).x, z); - return new SecT193FieldElement(z); - } - - public ECFieldElement multiplyMinusProduct(ECFieldElement b, ECFieldElement x, ECFieldElement y) - { - return multiplyPlusProduct(b, x, y); - } - - public ECFieldElement multiplyPlusProduct(ECFieldElement b, ECFieldElement x, ECFieldElement y) - { - long[] ax = this.x, bx = ((SecT193FieldElement)b).x; - long[] xx = ((SecT193FieldElement)x).x, yx = ((SecT193FieldElement)y).x; - - long[] tt = Nat256.createExt64(); - SecT193Field.multiplyAddToExt(ax, bx, tt); - SecT193Field.multiplyAddToExt(xx, yx, tt); - - long[] z = Nat256.create64(); - SecT193Field.reduce(tt, z); - return new SecT193FieldElement(z); - } - - public ECFieldElement divide(ECFieldElement b) - { - return multiply(b.invert()); - } - - public ECFieldElement negate() - { - return this; - } - - public ECFieldElement square() - { - long[] z = Nat256.create64(); - SecT193Field.square(x, z); - return new SecT193FieldElement(z); - } - - public ECFieldElement squareMinusProduct(ECFieldElement x, ECFieldElement y) - { - return squarePlusProduct(x, y); - } - - public ECFieldElement squarePlusProduct(ECFieldElement x, ECFieldElement y) - { - long[] ax = this.x; - long[] xx = ((SecT193FieldElement)x).x, yx = ((SecT193FieldElement)y).x; - - long[] tt = Nat256.createExt64(); - SecT193Field.squareAddToExt(ax, tt); - SecT193Field.multiplyAddToExt(xx, yx, tt); - - long[] z = Nat256.create64(); - SecT193Field.reduce(tt, z); - return new SecT193FieldElement(z); - } - - public ECFieldElement squarePow(int pow) - { - if (pow < 1) - { - return this; - } - - long[] z = Nat256.create64(); - SecT193Field.squareN(x, pow, z); - return new SecT193FieldElement(z); - } - - public int trace() - { - return SecT193Field.trace(x); - } - - public ECFieldElement invert() - { - long[] z = Nat256.create64(); - SecT193Field.invert(x, z); - return new SecT193FieldElement(z); - } - - public ECFieldElement sqrt() - { - long[] z = Nat256.create64(); - SecT193Field.sqrt(x, z); - return new SecT193FieldElement(z); - } - - public int getRepresentation() - { - return ECFieldElement.F2m.TPB; - } - - public int getM() - { - return 193; - } - - public int getK1() - { - return 15; - } - - public int getK2() - { - return 0; - } - - public int getK3() - { - return 0; - } - - public boolean equals(Object other) - { - if (other == this) - { - return true; - } - - if (!(other instanceof SecT193FieldElement)) - { - return false; - } - - SecT193FieldElement o = (SecT193FieldElement)other; - return Nat256.eq64(x, o.x); - } - - public int hashCode() - { - return 1930015 ^ Arrays.hashCode(x, 0, 4); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT193R1Curve.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT193R1Curve.java deleted file mode 100644 index e977061d..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT193R1Curve.java +++ /dev/null @@ -1,148 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECCurve.AbstractF2m; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECLookupTable; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.raw.Nat256; -import org.bouncycastle.util.encoders.Hex; - -public class SecT193R1Curve extends AbstractF2m -{ - private static final int SecT193R1_DEFAULT_COORDS = COORD_LAMBDA_PROJECTIVE; - - protected SecT193R1Point infinity; - - public SecT193R1Curve() - { - super(193, 15, 0, 0); - - this.infinity = new SecT193R1Point(this, null, null); - - this.a = fromBigInteger(new BigInteger(1, Hex.decode("0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01"))); - this.b = fromBigInteger(new BigInteger(1, Hex.decode("00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814"))); - this.order = new BigInteger(1, Hex.decode("01000000000000000000000000C7F34A778F443ACC920EBA49")); - this.cofactor = BigInteger.valueOf(2); - - this.coord = SecT193R1_DEFAULT_COORDS; - } - - protected ECCurve cloneCurve() - { - return new SecT193R1Curve(); - } - - public boolean supportsCoordinateSystem(int coord) - { - switch (coord) - { - case COORD_LAMBDA_PROJECTIVE: - return true; - default: - return false; - } - } - - public int getFieldSize() - { - return 193; - } - - public ECFieldElement fromBigInteger(BigInteger x) - { - return new SecT193FieldElement(x); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, boolean withCompression) - { - return new SecT193R1Point(this, x, y, withCompression); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - return new SecT193R1Point(this, x, y, zs, withCompression); - } - - public ECPoint getInfinity() - { - return infinity; - } - - public boolean isKoblitz() - { - return false; - } - - public int getM() - { - return 193; - } - - public boolean isTrinomial() - { - return true; - } - - public int getK1() - { - return 15; - } - - public int getK2() - { - return 0; - } - - public int getK3() - { - return 0; - } - - public ECLookupTable createCacheSafeLookupTable(ECPoint[] points, int off, final int len) - { - final int FE_LONGS = 4; - - final long[] table = new long[len * FE_LONGS * 2]; - { - int pos = 0; - for (int i = 0; i < len; ++i) - { - ECPoint p = points[off + i]; - Nat256.copy64(((SecT193FieldElement)p.getRawXCoord()).x, 0, table, pos); pos += FE_LONGS; - Nat256.copy64(((SecT193FieldElement)p.getRawYCoord()).x, 0, table, pos); pos += FE_LONGS; - } - } - - return new ECLookupTable() - { - public int getSize() - { - return len; - } - - public ECPoint lookup(int index) - { - long[] x = Nat256.create64(), y = Nat256.create64(); - int pos = 0; - - for (int i = 0; i < len; ++i) - { - long MASK = ((i ^ index) - 1) >> 31; - - for (int j = 0; j < FE_LONGS; ++j) - { - x[j] ^= table[pos + j] & MASK; - y[j] ^= table[pos + FE_LONGS + j] & MASK; - } - - pos += (FE_LONGS * 2); - } - - return createRawPoint(new SecT193FieldElement(x), new SecT193FieldElement(y), false); - } - }; - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT193R1Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT193R1Point.java deleted file mode 100644 index 9997b8e1..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT193R1Point.java +++ /dev/null @@ -1,308 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import org.bouncycastle.math.ec.ECConstants; -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.ec.ECPoint.AbstractF2m; - -public class SecT193R1Point extends AbstractF2m -{ - /** - * @deprecated Use ECCurve.createPoint to construct points - */ - public SecT193R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y) - { - this(curve, x, y, false); - } - - /** - * @deprecated per-point compression property will be removed, refer {@link #getEncoded(boolean)} - */ - public SecT193R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, boolean withCompression) - { - super(curve, x, y); - - if ((x == null) != (y == null)) - { - throw new IllegalArgumentException("Exactly one of the field elements is null"); - } - - this.withCompression = withCompression; - } - - SecT193R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - super(curve, x, y, zs); - - this.withCompression = withCompression; - } - - protected ECPoint detach() - { - return new SecT193R1Point(null, getAffineXCoord(), getAffineYCoord()); - } - - public ECFieldElement getYCoord() - { - ECFieldElement X = x, L = y; - - if (this.isInfinity() || X.isZero()) - { - return L; - } - - // Y is actually Lambda (X + Y/X) here; convert to affine value on the fly - ECFieldElement Y = L.add(X).multiply(X); - - ECFieldElement Z = zs[0]; - if (!Z.isOne()) - { - Y = Y.divide(Z); - } - - return Y; - } - - protected boolean getCompressionYTilde() - { - ECFieldElement X = this.getRawXCoord(); - if (X.isZero()) - { - return false; - } - - ECFieldElement Y = this.getRawYCoord(); - - // Y is actually Lambda (X + Y/X) here - return Y.testBitZero() != X.testBitZero(); - } - - public ECPoint add(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - ECFieldElement X2 = b.getRawXCoord(); - - if (X1.isZero()) - { - if (X2.isZero()) - { - return curve.getInfinity(); - } - - return b.add(this); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - ECFieldElement L2 = b.getRawYCoord(), Z2 = b.getZCoord(0); - - boolean Z1IsOne = Z1.isOne(); - ECFieldElement U2 = X2, S2 = L2; - if (!Z1IsOne) - { - U2 = U2.multiply(Z1); - S2 = S2.multiply(Z1); - } - - boolean Z2IsOne = Z2.isOne(); - ECFieldElement U1 = X1, S1 = L1; - if (!Z2IsOne) - { - U1 = U1.multiply(Z2); - S1 = S1.multiply(Z2); - } - - ECFieldElement A = S1.add(S2); - ECFieldElement B = U1.add(U2); - - if (B.isZero()) - { - if (A.isZero()) - { - return twice(); - } - - return curve.getInfinity(); - } - - ECFieldElement X3, L3, Z3; - if (X2.isZero()) - { - // TODO This can probably be optimized quite a bit - ECPoint p = this.normalize(); - X1 = p.getXCoord(); - ECFieldElement Y1 = p.getYCoord(); - - ECFieldElement Y2 = L2; - ECFieldElement L = Y1.add(Y2).divide(X1); - - X3 = L.square().add(L).add(X1).add(curve.getA()); - if (X3.isZero()) - { - return new SecT193R1Point(curve, X3, curve.getB().sqrt(), this.withCompression); - } - - ECFieldElement Y3 = L.multiply(X1.add(X3)).add(X3).add(Y1); - L3 = Y3.divide(X3).add(X3); - Z3 = curve.fromBigInteger(ECConstants.ONE); - } - else - { - B = B.square(); - - ECFieldElement AU1 = A.multiply(U1); - ECFieldElement AU2 = A.multiply(U2); - - X3 = AU1.multiply(AU2); - if (X3.isZero()) - { - return new SecT193R1Point(curve, X3, curve.getB().sqrt(), this.withCompression); - } - - ECFieldElement ABZ2 = A.multiply(B); - if (!Z2IsOne) - { - ABZ2 = ABZ2.multiply(Z2); - } - - L3 = AU2.add(B).squarePlusProduct(ABZ2, L1.add(Z1)); - - Z3 = ABZ2; - if (!Z1IsOne) - { - Z3 = Z3.multiply(Z1); - } - } - - return new SecT193R1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint twice() - { - if (this.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - if (X1.isZero()) - { - // A point with X == 0 is it's own additive inverse - return curve.getInfinity(); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - - boolean Z1IsOne = Z1.isOne(); - ECFieldElement L1Z1 = Z1IsOne ? L1 : L1.multiply(Z1); - ECFieldElement Z1Sq = Z1IsOne ? Z1 : Z1.square(); - ECFieldElement a = curve.getA(); - ECFieldElement aZ1Sq = Z1IsOne ? a : a.multiply(Z1Sq); - ECFieldElement T = L1.square().add(L1Z1).add(aZ1Sq); - if (T.isZero()) - { - return new SecT193R1Point(curve, T, curve.getB().sqrt(), withCompression); - } - - ECFieldElement X3 = T.square(); - ECFieldElement Z3 = Z1IsOne ? T : T.multiply(Z1Sq); - - ECFieldElement X1Z1 = Z1IsOne ? X1 : X1.multiply(Z1); - ECFieldElement L3 = X1Z1.squarePlusProduct(T, L1Z1).add(X3).add(Z3); - - return new SecT193R1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint twicePlus(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return twice(); - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - if (X1.isZero()) - { - // A point with X == 0 is it's own additive inverse - return b; - } - - ECFieldElement X2 = b.getRawXCoord(), Z2 = b.getZCoord(0); - if (X2.isZero() || !Z2.isOne()) - { - return twice().add(b); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - ECFieldElement L2 = b.getRawYCoord(); - - ECFieldElement X1Sq = X1.square(); - ECFieldElement L1Sq = L1.square(); - ECFieldElement Z1Sq = Z1.square(); - ECFieldElement L1Z1 = L1.multiply(Z1); - - ECFieldElement T = curve.getA().multiply(Z1Sq).add(L1Sq).add(L1Z1); - ECFieldElement L2plus1 = L2.addOne(); - ECFieldElement A = curve.getA().add(L2plus1).multiply(Z1Sq).add(L1Sq).multiplyPlusProduct(T, X1Sq, Z1Sq); - ECFieldElement X2Z1Sq = X2.multiply(Z1Sq); - ECFieldElement B = X2Z1Sq.add(T).square(); - - if (B.isZero()) - { - if (A.isZero()) - { - return b.twice(); - } - - return curve.getInfinity(); - } - - if (A.isZero()) - { - return new SecT193R1Point(curve, A, curve.getB().sqrt(), withCompression); - } - - ECFieldElement X3 = A.square().multiply(X2Z1Sq); - ECFieldElement Z3 = A.multiply(B).multiply(Z1Sq); - ECFieldElement L3 = A.add(B).square().multiplyPlusProduct(T, L2plus1, Z3); - - return new SecT193R1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint negate() - { - if (this.isInfinity()) - { - return this; - } - - ECFieldElement X = this.x; - if (X.isZero()) - { - return this; - } - - // L is actually Lambda (X + Y/X) here - ECFieldElement L = this.y, Z = this.zs[0]; - return new SecT193R1Point(curve, X, L.add(Z), new ECFieldElement[]{ Z }, this.withCompression); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT193R2Curve.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT193R2Curve.java deleted file mode 100644 index f08e7c0b..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT193R2Curve.java +++ /dev/null @@ -1,148 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECCurve.AbstractF2m; -import org.bouncycastle.math.raw.Nat256; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECLookupTable; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.util.encoders.Hex; - -public class SecT193R2Curve extends AbstractF2m -{ - private static final int SecT193R2_DEFAULT_COORDS = COORD_LAMBDA_PROJECTIVE; - - protected SecT193R2Point infinity; - - public SecT193R2Curve() - { - super(193, 15, 0, 0); - - this.infinity = new SecT193R2Point(this, null, null); - - this.a = fromBigInteger(new BigInteger(1, Hex.decode("0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B"))); - this.b = fromBigInteger(new BigInteger(1, Hex.decode("00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE"))); - this.order = new BigInteger(1, Hex.decode("010000000000000000000000015AAB561B005413CCD4EE99D5")); - this.cofactor = BigInteger.valueOf(2); - - this.coord = SecT193R2_DEFAULT_COORDS; - } - - protected ECCurve cloneCurve() - { - return new SecT193R2Curve(); - } - - public boolean supportsCoordinateSystem(int coord) - { - switch (coord) - { - case COORD_LAMBDA_PROJECTIVE: - return true; - default: - return false; - } - } - - public int getFieldSize() - { - return 193; - } - - public ECFieldElement fromBigInteger(BigInteger x) - { - return new SecT193FieldElement(x); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, boolean withCompression) - { - return new SecT193R2Point(this, x, y, withCompression); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - return new SecT193R2Point(this, x, y, zs, withCompression); - } - - public ECPoint getInfinity() - { - return infinity; - } - - public boolean isKoblitz() - { - return false; - } - - public int getM() - { - return 193; - } - - public boolean isTrinomial() - { - return true; - } - - public int getK1() - { - return 15; - } - - public int getK2() - { - return 0; - } - - public int getK3() - { - return 0; - } - - public ECLookupTable createCacheSafeLookupTable(ECPoint[] points, int off, final int len) - { - final int FE_LONGS = 4; - - final long[] table = new long[len * FE_LONGS * 2]; - { - int pos = 0; - for (int i = 0; i < len; ++i) - { - ECPoint p = points[off + i]; - Nat256.copy64(((SecT193FieldElement)p.getRawXCoord()).x, 0, table, pos); pos += FE_LONGS; - Nat256.copy64(((SecT193FieldElement)p.getRawYCoord()).x, 0, table, pos); pos += FE_LONGS; - } - } - - return new ECLookupTable() - { - public int getSize() - { - return len; - } - - public ECPoint lookup(int index) - { - long[] x = Nat256.create64(), y = Nat256.create64(); - int pos = 0; - - for (int i = 0; i < len; ++i) - { - long MASK = ((i ^ index) - 1) >> 31; - - for (int j = 0; j < FE_LONGS; ++j) - { - x[j] ^= table[pos + j] & MASK; - y[j] ^= table[pos + FE_LONGS + j] & MASK; - } - - pos += (FE_LONGS * 2); - } - - return createRawPoint(new SecT193FieldElement(x), new SecT193FieldElement(y), false); - } - }; - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT193R2Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT193R2Point.java deleted file mode 100644 index f3bbb706..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT193R2Point.java +++ /dev/null @@ -1,308 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import org.bouncycastle.math.ec.ECConstants; -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.ec.ECPoint.AbstractF2m; - -public class SecT193R2Point extends AbstractF2m -{ - /** - * @deprecated Use ECCurve.createPoint to construct points - */ - public SecT193R2Point(ECCurve curve, ECFieldElement x, ECFieldElement y) - { - this(curve, x, y, false); - } - - /** - * @deprecated per-point compression property will be removed, refer {@link #getEncoded(boolean)} - */ - public SecT193R2Point(ECCurve curve, ECFieldElement x, ECFieldElement y, boolean withCompression) - { - super(curve, x, y); - - if ((x == null) != (y == null)) - { - throw new IllegalArgumentException("Exactly one of the field elements is null"); - } - - this.withCompression = withCompression; - } - - SecT193R2Point(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - super(curve, x, y, zs); - - this.withCompression = withCompression; - } - - protected ECPoint detach() - { - return new SecT193R2Point(null, getAffineXCoord(), getAffineYCoord()); - } - - public ECFieldElement getYCoord() - { - ECFieldElement X = x, L = y; - - if (this.isInfinity() || X.isZero()) - { - return L; - } - - // Y is actually Lambda (X + Y/X) here; convert to affine value on the fly - ECFieldElement Y = L.add(X).multiply(X); - - ECFieldElement Z = zs[0]; - if (!Z.isOne()) - { - Y = Y.divide(Z); - } - - return Y; - } - - protected boolean getCompressionYTilde() - { - ECFieldElement X = this.getRawXCoord(); - if (X.isZero()) - { - return false; - } - - ECFieldElement Y = this.getRawYCoord(); - - // Y is actually Lambda (X + Y/X) here - return Y.testBitZero() != X.testBitZero(); - } - - public ECPoint add(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - ECFieldElement X2 = b.getRawXCoord(); - - if (X1.isZero()) - { - if (X2.isZero()) - { - return curve.getInfinity(); - } - - return b.add(this); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - ECFieldElement L2 = b.getRawYCoord(), Z2 = b.getZCoord(0); - - boolean Z1IsOne = Z1.isOne(); - ECFieldElement U2 = X2, S2 = L2; - if (!Z1IsOne) - { - U2 = U2.multiply(Z1); - S2 = S2.multiply(Z1); - } - - boolean Z2IsOne = Z2.isOne(); - ECFieldElement U1 = X1, S1 = L1; - if (!Z2IsOne) - { - U1 = U1.multiply(Z2); - S1 = S1.multiply(Z2); - } - - ECFieldElement A = S1.add(S2); - ECFieldElement B = U1.add(U2); - - if (B.isZero()) - { - if (A.isZero()) - { - return twice(); - } - - return curve.getInfinity(); - } - - ECFieldElement X3, L3, Z3; - if (X2.isZero()) - { - // TODO This can probably be optimized quite a bit - ECPoint p = this.normalize(); - X1 = p.getXCoord(); - ECFieldElement Y1 = p.getYCoord(); - - ECFieldElement Y2 = L2; - ECFieldElement L = Y1.add(Y2).divide(X1); - - X3 = L.square().add(L).add(X1).add(curve.getA()); - if (X3.isZero()) - { - return new SecT193R2Point(curve, X3, curve.getB().sqrt(), this.withCompression); - } - - ECFieldElement Y3 = L.multiply(X1.add(X3)).add(X3).add(Y1); - L3 = Y3.divide(X3).add(X3); - Z3 = curve.fromBigInteger(ECConstants.ONE); - } - else - { - B = B.square(); - - ECFieldElement AU1 = A.multiply(U1); - ECFieldElement AU2 = A.multiply(U2); - - X3 = AU1.multiply(AU2); - if (X3.isZero()) - { - return new SecT193R2Point(curve, X3, curve.getB().sqrt(), this.withCompression); - } - - ECFieldElement ABZ2 = A.multiply(B); - if (!Z2IsOne) - { - ABZ2 = ABZ2.multiply(Z2); - } - - L3 = AU2.add(B).squarePlusProduct(ABZ2, L1.add(Z1)); - - Z3 = ABZ2; - if (!Z1IsOne) - { - Z3 = Z3.multiply(Z1); - } - } - - return new SecT193R2Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint twice() - { - if (this.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - if (X1.isZero()) - { - // A point with X == 0 is it's own additive inverse - return curve.getInfinity(); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - - boolean Z1IsOne = Z1.isOne(); - ECFieldElement L1Z1 = Z1IsOne ? L1 : L1.multiply(Z1); - ECFieldElement Z1Sq = Z1IsOne ? Z1 : Z1.square(); - ECFieldElement a = curve.getA(); - ECFieldElement aZ1Sq = Z1IsOne ? a : a.multiply(Z1Sq); - ECFieldElement T = L1.square().add(L1Z1).add(aZ1Sq); - if (T.isZero()) - { - return new SecT193R2Point(curve, T, curve.getB().sqrt(), withCompression); - } - - ECFieldElement X3 = T.square(); - ECFieldElement Z3 = Z1IsOne ? T : T.multiply(Z1Sq); - - ECFieldElement X1Z1 = Z1IsOne ? X1 : X1.multiply(Z1); - ECFieldElement L3 = X1Z1.squarePlusProduct(T, L1Z1).add(X3).add(Z3); - - return new SecT193R2Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint twicePlus(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return twice(); - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - if (X1.isZero()) - { - // A point with X == 0 is it's own additive inverse - return b; - } - - ECFieldElement X2 = b.getRawXCoord(), Z2 = b.getZCoord(0); - if (X2.isZero() || !Z2.isOne()) - { - return twice().add(b); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - ECFieldElement L2 = b.getRawYCoord(); - - ECFieldElement X1Sq = X1.square(); - ECFieldElement L1Sq = L1.square(); - ECFieldElement Z1Sq = Z1.square(); - ECFieldElement L1Z1 = L1.multiply(Z1); - - ECFieldElement T = curve.getA().multiply(Z1Sq).add(L1Sq).add(L1Z1); - ECFieldElement L2plus1 = L2.addOne(); - ECFieldElement A = curve.getA().add(L2plus1).multiply(Z1Sq).add(L1Sq).multiplyPlusProduct(T, X1Sq, Z1Sq); - ECFieldElement X2Z1Sq = X2.multiply(Z1Sq); - ECFieldElement B = X2Z1Sq.add(T).square(); - - if (B.isZero()) - { - if (A.isZero()) - { - return b.twice(); - } - - return curve.getInfinity(); - } - - if (A.isZero()) - { - return new SecT193R2Point(curve, A, curve.getB().sqrt(), withCompression); - } - - ECFieldElement X3 = A.square().multiply(X2Z1Sq); - ECFieldElement Z3 = A.multiply(B).multiply(Z1Sq); - ECFieldElement L3 = A.add(B).square().multiplyPlusProduct(T, L2plus1, Z3); - - return new SecT193R2Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint negate() - { - if (this.isInfinity()) - { - return this; - } - - ECFieldElement X = this.x; - if (X.isZero()) - { - return this; - } - - // L is actually Lambda (X + Y/X) here - ECFieldElement L = this.y, Z = this.zs[0]; - return new SecT193R2Point(curve, X, L.add(Z), new ECFieldElement[]{ Z }, this.withCompression); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT233Field.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT233Field.java deleted file mode 100644 index f34081e7..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT233Field.java +++ /dev/null @@ -1,318 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.raw.Interleave; -import org.bouncycastle.math.raw.Nat256; - -public class SecT233Field -{ - private static final long M41 = -1L >>> 23; - private static final long M59 = -1L >>> 5; - - public static void add(long[] x, long[] y, long[] z) - { - z[0] = x[0] ^ y[0]; - z[1] = x[1] ^ y[1]; - z[2] = x[2] ^ y[2]; - z[3] = x[3] ^ y[3]; - } - - public static void addExt(long[] xx, long[] yy, long[] zz) - { - zz[0] = xx[0] ^ yy[0]; - zz[1] = xx[1] ^ yy[1]; - zz[2] = xx[2] ^ yy[2]; - zz[3] = xx[3] ^ yy[3]; - zz[4] = xx[4] ^ yy[4]; - zz[5] = xx[5] ^ yy[5]; - zz[6] = xx[6] ^ yy[6]; - zz[7] = xx[7] ^ yy[7]; - } - - public static void addOne(long[] x, long[] z) - { - z[0] = x[0] ^ 1L; - z[1] = x[1]; - z[2] = x[2]; - z[3] = x[3]; - } - - public static long[] fromBigInteger(BigInteger x) - { - long[] z = Nat256.fromBigInteger64(x); - reduce23(z, 0); - return z; - } - - public static void invert(long[] x, long[] z) - { - if (Nat256.isZero64(x)) - { - throw new IllegalStateException(); - } - - // Itoh-Tsujii inversion - - long[] t0 = Nat256.create64(); - long[] t1 = Nat256.create64(); - - square(x, t0); - multiply(t0, x, t0); - square(t0, t0); - multiply(t0, x, t0); - squareN(t0, 3, t1); - multiply(t1, t0, t1); - square(t1, t1); - multiply(t1, x, t1); - squareN(t1, 7, t0); - multiply(t0, t1, t0); - squareN(t0, 14, t1); - multiply(t1, t0, t1); - square(t1, t1); - multiply(t1, x, t1); - squareN(t1, 29, t0); - multiply(t0, t1, t0); - squareN(t0, 58, t1); - multiply(t1, t0, t1); - squareN(t1, 116, t0); - multiply(t0, t1, t0); - square(t0, z); - } - - public static void multiply(long[] x, long[] y, long[] z) - { - long[] tt = Nat256.createExt64(); - implMultiply(x, y, tt); - reduce(tt, z); - } - - public static void multiplyAddToExt(long[] x, long[] y, long[] zz) - { - long[] tt = Nat256.createExt64(); - implMultiply(x, y, tt); - addExt(zz, tt, zz); - } - - public static void reduce(long[] xx, long[] z) - { - long x0 = xx[0], x1 = xx[1], x2 = xx[2], x3 = xx[3]; - long x4 = xx[4], x5 = xx[5], x6 = xx[6], x7 = xx[7]; - - x3 ^= (x7 << 23); - x4 ^= (x7 >>> 41) ^ (x7 << 33); - x5 ^= (x7 >>> 31); - - x2 ^= (x6 << 23); - x3 ^= (x6 >>> 41) ^ (x6 << 33); - x4 ^= (x6 >>> 31); - - x1 ^= (x5 << 23); - x2 ^= (x5 >>> 41) ^ (x5 << 33); - x3 ^= (x5 >>> 31); - - x0 ^= (x4 << 23); - x1 ^= (x4 >>> 41) ^ (x4 << 33); - x2 ^= (x4 >>> 31); - - long t = x3 >>> 41; - z[0] = x0 ^ t; - z[1] = x1 ^ (t << 10); - z[2] = x2; - z[3] = x3 & M41; - } - - public static void reduce23(long[] z, int zOff) - { - long z3 = z[zOff + 3], t = z3 >>> 41; - z[zOff ] ^= t; - z[zOff + 1] ^= (t << 10); - z[zOff + 3] = z3 & M41; - } - - public static void sqrt(long[] x, long[] z) - { - long u0, u1; - u0 = Interleave.unshuffle(x[0]); u1 = Interleave.unshuffle(x[1]); - long e0 = (u0 & 0x00000000FFFFFFFFL) | (u1 << 32); - long c0 = (u0 >>> 32) | (u1 & 0xFFFFFFFF00000000L); - - u0 = Interleave.unshuffle(x[2]); u1 = Interleave.unshuffle(x[3]); - long e1 = (u0 & 0x00000000FFFFFFFFL) | (u1 << 32); - long c1 = (u0 >>> 32) | (u1 & 0xFFFFFFFF00000000L); - - long c2; - c2 = (c1 >>> 27); - c1 ^= (c0 >>> 27) | (c1 << 37); - c0 ^= (c0 << 37); - - long[] tt = Nat256.createExt64(); - - int[] shifts = { 32, 117, 191 }; - for (int i = 0; i < shifts.length; ++i) - { - int w = shifts[i] >>> 6, s = shifts[i] & 63; -// assert s != 0; - tt[w ] ^= (c0 << s); - tt[w + 1] ^= (c1 << s) | (c0 >>> -s); - tt[w + 2] ^= (c2 << s) | (c1 >>> -s); - tt[w + 3] ^= (c2 >>> -s); - } - - reduce(tt, z); - - z[0] ^= e0; - z[1] ^= e1; - } - - public static void square(long[] x, long[] z) - { - long[] tt = Nat256.createExt64(); - implSquare(x, tt); - reduce(tt, z); - } - - public static void squareAddToExt(long[] x, long[] zz) - { - long[] tt = Nat256.createExt64(); - implSquare(x, tt); - addExt(zz, tt, zz); - } - - public static void squareN(long[] x, int n, long[] z) - { -// assert n > 0; - - long[] tt = Nat256.createExt64(); - implSquare(x, tt); - reduce(tt, z); - - while (--n > 0) - { - implSquare(z, tt); - reduce(tt, z); - } - } - - public static int trace(long[] x) - { - // Non-zero-trace bits: 0, 159 - return (int)(x[0] ^ (x[2] >>> 31)) & 1; - } - - protected static void implCompactExt(long[] zz) - { - long z0 = zz[0], z1 = zz[1], z2 = zz[2], z3 = zz[3], z4 = zz[4], z5 = zz[5], z6 = zz[6], z7 = zz[7]; - zz[0] = z0 ^ (z1 << 59); - zz[1] = (z1 >>> 5) ^ (z2 << 54); - zz[2] = (z2 >>> 10) ^ (z3 << 49); - zz[3] = (z3 >>> 15) ^ (z4 << 44); - zz[4] = (z4 >>> 20) ^ (z5 << 39); - zz[5] = (z5 >>> 25) ^ (z6 << 34); - zz[6] = (z6 >>> 30) ^ (z7 << 29); - zz[7] = (z7 >>> 35); - } - - protected static void implExpand(long[] x, long[] z) - { - long x0 = x[0], x1 = x[1], x2 = x[2], x3 = x[3]; - z[0] = x0 & M59; - z[1] = ((x0 >>> 59) ^ (x1 << 5)) & M59; - z[2] = ((x1 >>> 54) ^ (x2 << 10)) & M59; - z[3] = ((x2 >>> 49) ^ (x3 << 15)); - } - - protected static void implMultiply(long[] x, long[] y, long[] zz) - { - /* - * "Two-level seven-way recursion" as described in "Batch binary Edwards", Daniel J. Bernstein. - */ - - long[] f = new long[4], g = new long[4]; - implExpand(x, f); - implExpand(y, g); - - implMulwAcc(f[0], g[0], zz, 0); - implMulwAcc(f[1], g[1], zz, 1); - implMulwAcc(f[2], g[2], zz, 2); - implMulwAcc(f[3], g[3], zz, 3); - - // U *= (1 - t^n) - for (int i = 5; i > 0; --i) - { - zz[i] ^= zz[i - 1]; - } - - implMulwAcc(f[0] ^ f[1], g[0] ^ g[1], zz, 1); - implMulwAcc(f[2] ^ f[3], g[2] ^ g[3], zz, 3); - - // V *= (1 - t^2n) - for (int i = 7; i > 1; --i) - { - zz[i] ^= zz[i - 2]; - } - - // Double-length recursion - { - long c0 = f[0] ^ f[2], c1 = f[1] ^ f[3]; - long d0 = g[0] ^ g[2], d1 = g[1] ^ g[3]; - implMulwAcc(c0 ^ c1, d0 ^ d1, zz, 3); - long[] t = new long[3]; - implMulwAcc(c0, d0, t, 0); - implMulwAcc(c1, d1, t, 1); - long t0 = t[0], t1 = t[1], t2 = t[2]; - zz[2] ^= t0; - zz[3] ^= t0 ^ t1; - zz[4] ^= t2 ^ t1; - zz[5] ^= t2; - } - - implCompactExt(zz); - } - - protected static void implMulwAcc(long x, long y, long[] z, int zOff) - { -// assert x >>> 59 == 0; -// assert y >>> 59 == 0; - - long[] u = new long[8]; -// u[0] = 0; - u[1] = y; - u[2] = u[1] << 1; - u[3] = u[2] ^ y; - u[4] = u[2] << 1; - u[5] = u[4] ^ y; - u[6] = u[3] << 1; - u[7] = u[6] ^ y; - - int j = (int)x; - long g, h = 0, l = u[j & 7] - ^ (u[(j >>> 3) & 7] << 3); - int k = 54; - do - { - j = (int)(x >>> k); - g = u[j & 7] - ^ u[(j >>> 3) & 7] << 3; - l ^= (g << k); - h ^= (g >>> -k); - } - while ((k -= 6) > 0); - -// assert h >>> 53 == 0; - - z[zOff ] ^= l & M59; - z[zOff + 1] ^= (l >>> 59) ^ (h << 5); - } - - protected static void implSquare(long[] x, long[] zz) - { - Interleave.expand64To128(x[0], zz, 0); - Interleave.expand64To128(x[1], zz, 2); - Interleave.expand64To128(x[2], zz, 4); - - long x3 = x[3]; - zz[6] = Interleave.expand32to64((int)x3); - zz[7] = Interleave.expand16to32((int)(x3 >>> 32)) & 0xFFFFFFFFL; - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT233FieldElement.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT233FieldElement.java deleted file mode 100644 index 6ec68d8b..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT233FieldElement.java +++ /dev/null @@ -1,226 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.raw.Nat256; -import org.bouncycastle.util.Arrays; - -public class SecT233FieldElement extends ECFieldElement.AbstractF2m -{ - protected long[] x; - - public SecT233FieldElement(BigInteger x) - { - if (x == null || x.signum() < 0 || x.bitLength() > 233) - { - throw new IllegalArgumentException("x value invalid for SecT233FieldElement"); - } - - this.x = SecT233Field.fromBigInteger(x); - } - - public SecT233FieldElement() - { - this.x = Nat256.create64(); - } - - protected SecT233FieldElement(long[] x) - { - this.x = x; - } - -// public int bitLength() -// { -// return x.degree(); -// } - - public boolean isOne() - { - return Nat256.isOne64(x); - } - - public boolean isZero() - { - return Nat256.isZero64(x); - } - - public boolean testBitZero() - { - return (x[0] & 1L) != 0L; - } - - public BigInteger toBigInteger() - { - return Nat256.toBigInteger64(x); - } - - public String getFieldName() - { - return "SecT233Field"; - } - - public int getFieldSize() - { - return 233; - } - - public ECFieldElement add(ECFieldElement b) - { - long[] z = Nat256.create64(); - SecT233Field.add(x, ((SecT233FieldElement)b).x, z); - return new SecT233FieldElement(z); - } - - public ECFieldElement addOne() - { - long[] z = Nat256.create64(); - SecT233Field.addOne(x, z); - return new SecT233FieldElement(z); - } - - public ECFieldElement subtract(ECFieldElement b) - { - // Addition and subtraction are the same in F2m - return add(b); - } - - public ECFieldElement multiply(ECFieldElement b) - { - long[] z = Nat256.create64(); - SecT233Field.multiply(x, ((SecT233FieldElement)b).x, z); - return new SecT233FieldElement(z); - } - - public ECFieldElement multiplyMinusProduct(ECFieldElement b, ECFieldElement x, ECFieldElement y) - { - return multiplyPlusProduct(b, x, y); - } - - public ECFieldElement multiplyPlusProduct(ECFieldElement b, ECFieldElement x, ECFieldElement y) - { - long[] ax = this.x, bx = ((SecT233FieldElement)b).x; - long[] xx = ((SecT233FieldElement)x).x, yx = ((SecT233FieldElement)y).x; - - long[] tt = Nat256.createExt64(); - SecT233Field.multiplyAddToExt(ax, bx, tt); - SecT233Field.multiplyAddToExt(xx, yx, tt); - - long[] z = Nat256.create64(); - SecT233Field.reduce(tt, z); - return new SecT233FieldElement(z); - } - - public ECFieldElement divide(ECFieldElement b) - { - return multiply(b.invert()); - } - - public ECFieldElement negate() - { - return this; - } - - public ECFieldElement square() - { - long[] z = Nat256.create64(); - SecT233Field.square(x, z); - return new SecT233FieldElement(z); - } - - public ECFieldElement squareMinusProduct(ECFieldElement x, ECFieldElement y) - { - return squarePlusProduct(x, y); - } - - public ECFieldElement squarePlusProduct(ECFieldElement x, ECFieldElement y) - { - long[] ax = this.x; - long[] xx = ((SecT233FieldElement)x).x, yx = ((SecT233FieldElement)y).x; - - long[] tt = Nat256.createExt64(); - SecT233Field.squareAddToExt(ax, tt); - SecT233Field.multiplyAddToExt(xx, yx, tt); - - long[] z = Nat256.create64(); - SecT233Field.reduce(tt, z); - return new SecT233FieldElement(z); - } - - public ECFieldElement squarePow(int pow) - { - if (pow < 1) - { - return this; - } - - long[] z = Nat256.create64(); - SecT233Field.squareN(x, pow, z); - return new SecT233FieldElement(z); - } - - public int trace() - { - return SecT233Field.trace(x); - } - - public ECFieldElement invert() - { - long[] z = Nat256.create64(); - SecT233Field.invert(x, z); - return new SecT233FieldElement(z); - } - - public ECFieldElement sqrt() - { - long[] z = Nat256.create64(); - SecT233Field.sqrt(x, z); - return new SecT233FieldElement(z); - } - - public int getRepresentation() - { - return ECFieldElement.F2m.TPB; - } - - public int getM() - { - return 233; - } - - public int getK1() - { - return 74; - } - - public int getK2() - { - return 0; - } - - public int getK3() - { - return 0; - } - - public boolean equals(Object other) - { - if (other == this) - { - return true; - } - - if (!(other instanceof SecT233FieldElement)) - { - return false; - } - - SecT233FieldElement o = (SecT233FieldElement)other; - return Nat256.eq64(x, o.x); - } - - public int hashCode() - { - return 2330074 ^ Arrays.hashCode(x, 0, 4); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT233K1Curve.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT233K1Curve.java deleted file mode 100644 index 724f9d66..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT233K1Curve.java +++ /dev/null @@ -1,155 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECCurve.AbstractF2m; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECLookupTable; -import org.bouncycastle.math.ec.ECMultiplier; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.ec.WTauNafMultiplier; -import org.bouncycastle.math.raw.Nat256; -import org.bouncycastle.util.encoders.Hex; - -public class SecT233K1Curve extends AbstractF2m -{ - private static final int SecT233K1_DEFAULT_COORDS = COORD_LAMBDA_PROJECTIVE; - - protected SecT233K1Point infinity; - - public SecT233K1Curve() - { - super(233, 74, 0, 0); - - this.infinity = new SecT233K1Point(this, null, null); - - this.a = fromBigInteger(BigInteger.valueOf(0)); - this.b = fromBigInteger(BigInteger.valueOf(1)); - this.order = new BigInteger(1, Hex.decode("8000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF")); - this.cofactor = BigInteger.valueOf(4); - - this.coord = SecT233K1_DEFAULT_COORDS; - } - - protected ECCurve cloneCurve() - { - return new SecT233K1Curve(); - } - - public boolean supportsCoordinateSystem(int coord) - { - switch (coord) - { - case COORD_LAMBDA_PROJECTIVE: - return true; - default: - return false; - } - } - - protected ECMultiplier createDefaultMultiplier() - { - return new WTauNafMultiplier(); - } - - public int getFieldSize() - { - return 233; - } - - public ECFieldElement fromBigInteger(BigInteger x) - { - return new SecT233FieldElement(x); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, boolean withCompression) - { - return new SecT233K1Point(this, x, y, withCompression); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - return new SecT233K1Point(this, x, y, zs, withCompression); - } - - public ECPoint getInfinity() - { - return infinity; - } - - public boolean isKoblitz() - { - return true; - } - - public int getM() - { - return 233; - } - - public boolean isTrinomial() - { - return true; - } - - public int getK1() - { - return 74; - } - - public int getK2() - { - return 0; - } - - public int getK3() - { - return 0; - } - - public ECLookupTable createCacheSafeLookupTable(ECPoint[] points, int off, final int len) - { - final int FE_LONGS = 4; - - final long[] table = new long[len * FE_LONGS * 2]; - { - int pos = 0; - for (int i = 0; i < len; ++i) - { - ECPoint p = points[off + i]; - Nat256.copy64(((SecT233FieldElement)p.getRawXCoord()).x, 0, table, pos); pos += FE_LONGS; - Nat256.copy64(((SecT233FieldElement)p.getRawYCoord()).x, 0, table, pos); pos += FE_LONGS; - } - } - - return new ECLookupTable() - { - public int getSize() - { - return len; - } - - public ECPoint lookup(int index) - { - long[] x = Nat256.create64(), y = Nat256.create64(); - int pos = 0; - - for (int i = 0; i < len; ++i) - { - long MASK = ((i ^ index) - 1) >> 31; - - for (int j = 0; j < FE_LONGS; ++j) - { - x[j] ^= table[pos + j] & MASK; - y[j] ^= table[pos + FE_LONGS + j] & MASK; - } - - pos += (FE_LONGS * 2); - } - - return createRawPoint(new SecT233FieldElement(x), new SecT233FieldElement(y), false); - } - }; - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT233K1Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT233K1Point.java deleted file mode 100644 index ac29aa39..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT233K1Point.java +++ /dev/null @@ -1,316 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import org.bouncycastle.math.ec.ECConstants; -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.ec.ECPoint.AbstractF2m; - -public class SecT233K1Point extends AbstractF2m -{ - /** - * @deprecated Use ECCurve.createPoint to construct points - */ - public SecT233K1Point(ECCurve curve, ECFieldElement x, ECFieldElement y) - { - this(curve, x, y, false); - } - - /** - * @deprecated per-point compression property will be removed, refer {@link #getEncoded(boolean)} - */ - public SecT233K1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, boolean withCompression) - { - super(curve, x, y); - - if ((x == null) != (y == null)) - { - throw new IllegalArgumentException("Exactly one of the field elements is null"); - } - - this.withCompression = withCompression; - } - - SecT233K1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - super(curve, x, y, zs); - - this.withCompression = withCompression; - } - - protected ECPoint detach() - { - return new SecT233K1Point(null, this.getAffineXCoord(), this.getAffineYCoord()); // earlier JDK - } - - public ECFieldElement getYCoord() - { - ECFieldElement X = x, L = y; - - if (this.isInfinity() || X.isZero()) - { - return L; - } - - // Y is actually Lambda (X + Y/X) here; convert to affine value on the fly - ECFieldElement Y = L.add(X).multiply(X); - - ECFieldElement Z = zs[0]; - if (!Z.isOne()) - { - Y = Y.divide(Z); - } - - return Y; - } - - protected boolean getCompressionYTilde() - { - ECFieldElement X = this.getRawXCoord(); - if (X.isZero()) - { - return false; - } - - ECFieldElement Y = this.getRawYCoord(); - - // Y is actually Lambda (X + Y/X) here - return Y.testBitZero() != X.testBitZero(); - } - - public ECPoint add(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - ECFieldElement X2 = b.getRawXCoord(); - - if (X1.isZero()) - { - if (X2.isZero()) - { - return curve.getInfinity(); - } - - return b.add(this); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - ECFieldElement L2 = b.getRawYCoord(), Z2 = b.getZCoord(0); - - boolean Z1IsOne = Z1.isOne(); - ECFieldElement U2 = X2, S2 = L2; - if (!Z1IsOne) - { - U2 = U2.multiply(Z1); - S2 = S2.multiply(Z1); - } - - boolean Z2IsOne = Z2.isOne(); - ECFieldElement U1 = X1, S1 = L1; - if (!Z2IsOne) - { - U1 = U1.multiply(Z2); - S1 = S1.multiply(Z2); - } - - ECFieldElement A = S1.add(S2); - ECFieldElement B = U1.add(U2); - - if (B.isZero()) - { - if (A.isZero()) - { - return twice(); - } - - return curve.getInfinity(); - } - - ECFieldElement X3, L3, Z3; - if (X2.isZero()) - { - // TODO This can probably be optimized quite a bit - ECPoint p = this.normalize(); - X1 = p.getXCoord(); - ECFieldElement Y1 = p.getYCoord(); - - ECFieldElement Y2 = L2; - ECFieldElement L = Y1.add(Y2).divide(X1); - - X3 = L.square().add(L).add(X1); - if (X3.isZero()) - { - return new SecT233K1Point(curve, X3, curve.getB(), this.withCompression); - } - - ECFieldElement Y3 = L.multiply(X1.add(X3)).add(X3).add(Y1); - L3 = Y3.divide(X3).add(X3); - Z3 = curve.fromBigInteger(ECConstants.ONE); - } - else - { - B = B.square(); - - ECFieldElement AU1 = A.multiply(U1); - ECFieldElement AU2 = A.multiply(U2); - - X3 = AU1.multiply(AU2); - if (X3.isZero()) - { - return new SecT233K1Point(curve, X3, curve.getB(), this.withCompression); - } - - ECFieldElement ABZ2 = A.multiply(B); - if (!Z2IsOne) - { - ABZ2 = ABZ2.multiply(Z2); - } - - L3 = AU2.add(B).squarePlusProduct(ABZ2, L1.add(Z1)); - - Z3 = ABZ2; - if (!Z1IsOne) - { - Z3 = Z3.multiply(Z1); - } - } - - return new SecT233K1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint twice() - { - if (this.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - if (X1.isZero()) - { - // A point with X == 0 is it's own additive inverse - return curve.getInfinity(); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - - boolean Z1IsOne = Z1.isOne(); - ECFieldElement Z1Sq = Z1IsOne ? Z1 : Z1.square(); - ECFieldElement T; - if (Z1IsOne) - { - T = L1.square().add(L1); - } - else - { - T = L1.add(Z1).multiply(L1); - } - - if (T.isZero()) - { - return new SecT233K1Point(curve, T, curve.getB(), withCompression); - } - - ECFieldElement X3 = T.square(); - ECFieldElement Z3 = Z1IsOne ? T : T.multiply(Z1Sq); - - ECFieldElement t1 = L1.add(X1).square(); - ECFieldElement t2 = Z1IsOne ? Z1 : Z1Sq.square(); - ECFieldElement L3 = t1.add(T).add(Z1Sq).multiply(t1).add(t2).add(X3).add(Z3); - - return new SecT233K1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint twicePlus(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return twice(); - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - if (X1.isZero()) - { - // A point with X == 0 is it's own additive inverse - return b; - } - - // NOTE: twicePlus() only optimized for lambda-affine argument - ECFieldElement X2 = b.getRawXCoord(), Z2 = b.getZCoord(0); - if (X2.isZero() || !Z2.isOne()) - { - return twice().add(b); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - ECFieldElement L2 = b.getRawYCoord(); - - ECFieldElement X1Sq = X1.square(); - ECFieldElement L1Sq = L1.square(); - ECFieldElement Z1Sq = Z1.square(); - ECFieldElement L1Z1 = L1.multiply(Z1); - - ECFieldElement T = L1Sq.add(L1Z1); - ECFieldElement L2plus1 = L2.addOne(); - ECFieldElement A = L2plus1.multiply(Z1Sq).add(L1Sq).multiplyPlusProduct(T, X1Sq, Z1Sq); - ECFieldElement X2Z1Sq = X2.multiply(Z1Sq); - ECFieldElement B = X2Z1Sq.add(T).square(); - - if (B.isZero()) - { - if (A.isZero()) - { - return b.twice(); - } - - return curve.getInfinity(); - } - - if (A.isZero()) - { - return new SecT233K1Point(curve, A, curve.getB(), withCompression); - } - - ECFieldElement X3 = A.square().multiply(X2Z1Sq); - ECFieldElement Z3 = A.multiply(B).multiply(Z1Sq); - ECFieldElement L3 = A.add(B).square().multiplyPlusProduct(T, L2plus1, Z3); - - return new SecT233K1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint negate() - { - if (this.isInfinity()) - { - return this; - } - - ECFieldElement X = this.x; - if (X.isZero()) - { - return this; - } - - // L is actually Lambda (X + Y/X) here - ECFieldElement L = this.y, Z = this.zs[0]; - return new SecT233K1Point(curve, X, L.add(Z), new ECFieldElement[]{ Z }, this.withCompression); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT233R1Curve.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT233R1Curve.java deleted file mode 100644 index 05b6fac2..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT233R1Curve.java +++ /dev/null @@ -1,148 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECCurve.AbstractF2m; -import org.bouncycastle.math.raw.Nat256; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECLookupTable; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.util.encoders.Hex; - -public class SecT233R1Curve extends AbstractF2m -{ - private static final int SecT233R1_DEFAULT_COORDS = COORD_LAMBDA_PROJECTIVE; - - protected SecT233R1Point infinity; - - public SecT233R1Curve() - { - super(233, 74, 0, 0); - - this.infinity = new SecT233R1Point(this, null, null); - - this.a = fromBigInteger(BigInteger.valueOf(1)); - this.b = fromBigInteger(new BigInteger(1, Hex.decode("0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD"))); - this.order = new BigInteger(1, Hex.decode("01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7")); - this.cofactor = BigInteger.valueOf(2); - - this.coord = SecT233R1_DEFAULT_COORDS; - } - - protected ECCurve cloneCurve() - { - return new SecT233R1Curve(); - } - - public boolean supportsCoordinateSystem(int coord) - { - switch (coord) - { - case COORD_LAMBDA_PROJECTIVE: - return true; - default: - return false; - } - } - - public int getFieldSize() - { - return 233; - } - - public ECFieldElement fromBigInteger(BigInteger x) - { - return new SecT233FieldElement(x); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, boolean withCompression) - { - return new SecT233R1Point(this, x, y, withCompression); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - return new SecT233R1Point(this, x, y, zs, withCompression); - } - - public ECPoint getInfinity() - { - return infinity; - } - - public boolean isKoblitz() - { - return false; - } - - public int getM() - { - return 233; - } - - public boolean isTrinomial() - { - return true; - } - - public int getK1() - { - return 74; - } - - public int getK2() - { - return 0; - } - - public int getK3() - { - return 0; - } - - public ECLookupTable createCacheSafeLookupTable(ECPoint[] points, int off, final int len) - { - final int FE_LONGS = 4; - - final long[] table = new long[len * FE_LONGS * 2]; - { - int pos = 0; - for (int i = 0; i < len; ++i) - { - ECPoint p = points[off + i]; - Nat256.copy64(((SecT233FieldElement)p.getRawXCoord()).x, 0, table, pos); pos += FE_LONGS; - Nat256.copy64(((SecT233FieldElement)p.getRawYCoord()).x, 0, table, pos); pos += FE_LONGS; - } - } - - return new ECLookupTable() - { - public int getSize() - { - return len; - } - - public ECPoint lookup(int index) - { - long[] x = Nat256.create64(), y = Nat256.create64(); - int pos = 0; - - for (int i = 0; i < len; ++i) - { - long MASK = ((i ^ index) - 1) >> 31; - - for (int j = 0; j < FE_LONGS; ++j) - { - x[j] ^= table[pos + j] & MASK; - y[j] ^= table[pos + FE_LONGS + j] & MASK; - } - - pos += (FE_LONGS * 2); - } - - return createRawPoint(new SecT233FieldElement(x), new SecT233FieldElement(y), false); - } - }; - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT233R1Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT233R1Point.java deleted file mode 100644 index 84930943..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT233R1Point.java +++ /dev/null @@ -1,305 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import org.bouncycastle.math.ec.ECConstants; -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.ec.ECPoint.AbstractF2m; - -public class SecT233R1Point extends AbstractF2m -{ - /** - * @deprecated Use ECCurve.createPoint to construct points - */ - public SecT233R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y) - { - this(curve, x, y, false); - } - - /** - * @deprecated per-point compression property will be removed, refer {@link #getEncoded(boolean)} - */ - public SecT233R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, boolean withCompression) - { - super(curve, x, y); - - if ((x == null) != (y == null)) - { - throw new IllegalArgumentException("Exactly one of the field elements is null"); - } - - this.withCompression = withCompression; - } - - SecT233R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - super(curve, x, y, zs); - - this.withCompression = withCompression; - } - - protected ECPoint detach() - { - return new SecT233R1Point(null, getAffineXCoord(), getAffineYCoord()); - } - - public ECFieldElement getYCoord() - { - ECFieldElement X = x, L = y; - - if (this.isInfinity() || X.isZero()) - { - return L; - } - - // Y is actually Lambda (X + Y/X) here; convert to affine value on the fly - ECFieldElement Y = L.add(X).multiply(X); - - ECFieldElement Z = zs[0]; - if (!Z.isOne()) - { - Y = Y.divide(Z); - } - - return Y; - } - - protected boolean getCompressionYTilde() - { - ECFieldElement X = this.getRawXCoord(); - if (X.isZero()) - { - return false; - } - - ECFieldElement Y = this.getRawYCoord(); - - // Y is actually Lambda (X + Y/X) here - return Y.testBitZero() != X.testBitZero(); - } - - public ECPoint add(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - ECFieldElement X2 = b.getRawXCoord(); - - if (X1.isZero()) - { - if (X2.isZero()) - { - return curve.getInfinity(); - } - - return b.add(this); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - ECFieldElement L2 = b.getRawYCoord(), Z2 = b.getZCoord(0); - - boolean Z1IsOne = Z1.isOne(); - ECFieldElement U2 = X2, S2 = L2; - if (!Z1IsOne) - { - U2 = U2.multiply(Z1); - S2 = S2.multiply(Z1); - } - - boolean Z2IsOne = Z2.isOne(); - ECFieldElement U1 = X1, S1 = L1; - if (!Z2IsOne) - { - U1 = U1.multiply(Z2); - S1 = S1.multiply(Z2); - } - - ECFieldElement A = S1.add(S2); - ECFieldElement B = U1.add(U2); - - if (B.isZero()) - { - if (A.isZero()) - { - return twice(); - } - - return curve.getInfinity(); - } - - ECFieldElement X3, L3, Z3; - if (X2.isZero()) - { - // TODO This can probably be optimized quite a bit - ECPoint p = this.normalize(); - X1 = p.getXCoord(); - ECFieldElement Y1 = p.getYCoord(); - - ECFieldElement Y2 = L2; - ECFieldElement L = Y1.add(Y2).divide(X1); - - X3 = L.square().add(L).add(X1).addOne(); - if (X3.isZero()) - { - return new SecT233R1Point(curve, X3, curve.getB().sqrt(), this.withCompression); - } - - ECFieldElement Y3 = L.multiply(X1.add(X3)).add(X3).add(Y1); - L3 = Y3.divide(X3).add(X3); - Z3 = curve.fromBigInteger(ECConstants.ONE); - } - else - { - B = B.square(); - - ECFieldElement AU1 = A.multiply(U1); - ECFieldElement AU2 = A.multiply(U2); - - X3 = AU1.multiply(AU2); - if (X3.isZero()) - { - return new SecT233R1Point(curve, X3, curve.getB().sqrt(), this.withCompression); - } - - ECFieldElement ABZ2 = A.multiply(B); - if (!Z2IsOne) - { - ABZ2 = ABZ2.multiply(Z2); - } - - L3 = AU2.add(B).squarePlusProduct(ABZ2, L1.add(Z1)); - - Z3 = ABZ2; - if (!Z1IsOne) - { - Z3 = Z3.multiply(Z1); - } - } - - return new SecT233R1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint twice() - { - if (this.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - if (X1.isZero()) - { - // A point with X == 0 is it's own additive inverse - return curve.getInfinity(); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - - boolean Z1IsOne = Z1.isOne(); - ECFieldElement L1Z1 = Z1IsOne ? L1 : L1.multiply(Z1); - ECFieldElement Z1Sq = Z1IsOne ? Z1 : Z1.square(); - ECFieldElement T = L1.square().add(L1Z1).add(Z1Sq); - if (T.isZero()) - { - return new SecT233R1Point(curve, T, curve.getB().sqrt(), withCompression); - } - - ECFieldElement X3 = T.square(); - ECFieldElement Z3 = Z1IsOne ? T : T.multiply(Z1Sq); - - ECFieldElement X1Z1 = Z1IsOne ? X1 : X1.multiply(Z1); - ECFieldElement L3 = X1Z1.squarePlusProduct(T, L1Z1).add(X3).add(Z3); - - return new SecT233R1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint twicePlus(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return twice(); - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - if (X1.isZero()) - { - // A point with X == 0 is it's own additive inverse - return b; - } - - ECFieldElement X2 = b.getRawXCoord(), Z2 = b.getZCoord(0); - if (X2.isZero() || !Z2.isOne()) - { - return twice().add(b); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - ECFieldElement L2 = b.getRawYCoord(); - - ECFieldElement X1Sq = X1.square(); - ECFieldElement L1Sq = L1.square(); - ECFieldElement Z1Sq = Z1.square(); - ECFieldElement L1Z1 = L1.multiply(Z1); - - ECFieldElement T = Z1Sq.add(L1Sq).add(L1Z1); - ECFieldElement A = L2.multiply(Z1Sq).add(L1Sq).multiplyPlusProduct(T, X1Sq, Z1Sq); - ECFieldElement X2Z1Sq = X2.multiply(Z1Sq); - ECFieldElement B = X2Z1Sq.add(T).square(); - - if (B.isZero()) - { - if (A.isZero()) - { - return b.twice(); - } - - return curve.getInfinity(); - } - - if (A.isZero()) - { - return new SecT233R1Point(curve, A, curve.getB().sqrt(), withCompression); - } - - ECFieldElement X3 = A.square().multiply(X2Z1Sq); - ECFieldElement Z3 = A.multiply(B).multiply(Z1Sq); - ECFieldElement L3 = A.add(B).square().multiplyPlusProduct(T, L2.addOne(), Z3); - - return new SecT233R1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint negate() - { - if (this.isInfinity()) - { - return this; - } - - ECFieldElement X = this.x; - if (X.isZero()) - { - return this; - } - - // L is actually Lambda (X + Y/X) here - ECFieldElement L = this.y, Z = this.zs[0]; - return new SecT233R1Point(curve, X, L.add(Z), new ECFieldElement[]{ Z }, this.withCompression); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT239Field.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT239Field.java deleted file mode 100644 index 5f5bf3fd..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT239Field.java +++ /dev/null @@ -1,329 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.raw.Interleave; -import org.bouncycastle.math.raw.Nat256; - -public class SecT239Field -{ - private static final long M47 = -1L >>> 17; - private static final long M60 = -1L >>> 4; - - public static void add(long[] x, long[] y, long[] z) - { - z[0] = x[0] ^ y[0]; - z[1] = x[1] ^ y[1]; - z[2] = x[2] ^ y[2]; - z[3] = x[3] ^ y[3]; - } - - public static void addExt(long[] xx, long[] yy, long[] zz) - { - zz[0] = xx[0] ^ yy[0]; - zz[1] = xx[1] ^ yy[1]; - zz[2] = xx[2] ^ yy[2]; - zz[3] = xx[3] ^ yy[3]; - zz[4] = xx[4] ^ yy[4]; - zz[5] = xx[5] ^ yy[5]; - zz[6] = xx[6] ^ yy[6]; - zz[7] = xx[7] ^ yy[7]; - } - - public static void addOne(long[] x, long[] z) - { - z[0] = x[0] ^ 1L; - z[1] = x[1]; - z[2] = x[2]; - z[3] = x[3]; - } - - public static long[] fromBigInteger(BigInteger x) - { - long[] z = Nat256.fromBigInteger64(x); - reduce17(z, 0); - return z; - } - - public static void invert(long[] x, long[] z) - { - if (Nat256.isZero64(x)) - { - throw new IllegalStateException(); - } - - // Itoh-Tsujii inversion - - long[] t0 = Nat256.create64(); - long[] t1 = Nat256.create64(); - - square(x, t0); - multiply(t0, x, t0); - square(t0, t0); - multiply(t0, x, t0); - squareN(t0, 3, t1); - multiply(t1, t0, t1); - square(t1, t1); - multiply(t1, x, t1); - squareN(t1, 7, t0); - multiply(t0, t1, t0); - squareN(t0, 14, t1); - multiply(t1, t0, t1); - square(t1, t1); - multiply(t1, x, t1); - squareN(t1, 29, t0); - multiply(t0, t1, t0); - square(t0, t0); - multiply(t0, x, t0); - squareN(t0, 59, t1); - multiply(t1, t0, t1); - square(t1, t1); - multiply(t1, x, t1); - squareN(t1, 119, t0); - multiply(t0, t1, t0); - square(t0, z); - } - - public static void multiply(long[] x, long[] y, long[] z) - { - long[] tt = Nat256.createExt64(); - implMultiply(x, y, tt); - reduce(tt, z); - } - - public static void multiplyAddToExt(long[] x, long[] y, long[] zz) - { - long[] tt = Nat256.createExt64(); - implMultiply(x, y, tt); - addExt(zz, tt, zz); - } - - public static void reduce(long[] xx, long[] z) - { - long x0 = xx[0], x1 = xx[1], x2 = xx[2], x3 = xx[3]; - long x4 = xx[4], x5 = xx[5], x6 = xx[6], x7 = xx[7]; - - x3 ^= (x7 << 17); - x4 ^= (x7 >>> 47); - x5 ^= (x7 << 47); - x6 ^= (x7 >>> 17); - - x2 ^= (x6 << 17); - x3 ^= (x6 >>> 47); - x4 ^= (x6 << 47); - x5 ^= (x6 >>> 17); - - x1 ^= (x5 << 17); - x2 ^= (x5 >>> 47); - x3 ^= (x5 << 47); - x4 ^= (x5 >>> 17); - - x0 ^= (x4 << 17); - x1 ^= (x4 >>> 47); - x2 ^= (x4 << 47); - x3 ^= (x4 >>> 17); - - long t = x3 >>> 47; - z[0] = x0 ^ t; - z[1] = x1; - z[2] = x2 ^ (t << 30); - z[3] = x3 & M47; - } - - public static void reduce17(long[] z, int zOff) - { - long z3 = z[zOff + 3], t = z3 >>> 47; - z[zOff ] ^= t; - z[zOff + 2] ^= (t << 30); - z[zOff + 3] = z3 & M47; - } - - public static void sqrt(long[] x, long[] z) - { - long u0, u1; - u0 = Interleave.unshuffle(x[0]); u1 = Interleave.unshuffle(x[1]); - long e0 = (u0 & 0x00000000FFFFFFFFL) | (u1 << 32); - long c0 = (u0 >>> 32) | (u1 & 0xFFFFFFFF00000000L); - - u0 = Interleave.unshuffle(x[2]); u1 = Interleave.unshuffle(x[3]); - long e1 = (u0 & 0x00000000FFFFFFFFL) | (u1 << 32); - long c1 = (u0 >>> 32) | (u1 & 0xFFFFFFFF00000000L); - - long c2, c3; - c3 = (c1 >>> 49); - c2 = (c0 >>> 49) | (c1 << 15); - c1 ^= (c0 << 15); - - long[] tt = Nat256.createExt64(); - - int[] shifts = { 39, 120 }; - for (int i = 0; i < shifts.length; ++i) - { - int w = shifts[i] >>> 6, s = shifts[i] & 63; -// assert s != 0; - tt[w ] ^= (c0 << s); - tt[w + 1] ^= (c1 << s) | (c0 >>> -s); - tt[w + 2] ^= (c2 << s) | (c1 >>> -s); - tt[w + 3] ^= (c3 << s) | (c2 >>> -s); - tt[w + 4] ^= (c3 >>> -s); - } - - reduce(tt, z); - - z[0] ^= e0; - z[1] ^= e1; - } - - public static void square(long[] x, long[] z) - { - long[] tt = Nat256.createExt64(); - implSquare(x, tt); - reduce(tt, z); - } - - public static void squareAddToExt(long[] x, long[] zz) - { - long[] tt = Nat256.createExt64(); - implSquare(x, tt); - addExt(zz, tt, zz); - } - - public static void squareN(long[] x, int n, long[] z) - { -// assert n > 0; - - long[] tt = Nat256.createExt64(); - implSquare(x, tt); - reduce(tt, z); - - while (--n > 0) - { - implSquare(z, tt); - reduce(tt, z); - } - } - - public static int trace(long[] x) - { - // Non-zero-trace bits: 0, 81, 162 - return (int)(x[0] ^ (x[1] >>> 17) ^ (x[2] >>> 34)) & 1; - } - - protected static void implCompactExt(long[] zz) - { - long z0 = zz[0], z1 = zz[1], z2 = zz[2], z3 = zz[3], z4 = zz[4], z5 = zz[5], z6 = zz[6], z7 = zz[7]; - zz[0] = z0 ^ (z1 << 60); - zz[1] = (z1 >>> 4) ^ (z2 << 56); - zz[2] = (z2 >>> 8) ^ (z3 << 52); - zz[3] = (z3 >>> 12) ^ (z4 << 48); - zz[4] = (z4 >>> 16) ^ (z5 << 44); - zz[5] = (z5 >>> 20) ^ (z6 << 40); - zz[6] = (z6 >>> 24) ^ (z7 << 36); - zz[7] = (z7 >>> 28); - } - - protected static void implExpand(long[] x, long[] z) - { - long x0 = x[0], x1 = x[1], x2 = x[2], x3 = x[3]; - z[0] = x0 & M60; - z[1] = ((x0 >>> 60) ^ (x1 << 4)) & M60; - z[2] = ((x1 >>> 56) ^ (x2 << 8)) & M60; - z[3] = ((x2 >>> 52) ^ (x3 << 12)); - } - - protected static void implMultiply(long[] x, long[] y, long[] zz) - { - /* - * "Two-level seven-way recursion" as described in "Batch binary Edwards", Daniel J. Bernstein. - */ - - long[] f = new long[4], g = new long[4]; - implExpand(x, f); - implExpand(y, g); - - implMulwAcc(f[0], g[0], zz, 0); - implMulwAcc(f[1], g[1], zz, 1); - implMulwAcc(f[2], g[2], zz, 2); - implMulwAcc(f[3], g[3], zz, 3); - - // U *= (1 - t^n) - for (int i = 5; i > 0; --i) - { - zz[i] ^= zz[i - 1]; - } - - implMulwAcc(f[0] ^ f[1], g[0] ^ g[1], zz, 1); - implMulwAcc(f[2] ^ f[3], g[2] ^ g[3], zz, 3); - - // V *= (1 - t^2n) - for (int i = 7; i > 1; --i) - { - zz[i] ^= zz[i - 2]; - } - - // Double-length recursion - { - long c0 = f[0] ^ f[2], c1 = f[1] ^ f[3]; - long d0 = g[0] ^ g[2], d1 = g[1] ^ g[3]; - implMulwAcc(c0 ^ c1, d0 ^ d1, zz, 3); - long[] t = new long[3]; - implMulwAcc(c0, d0, t, 0); - implMulwAcc(c1, d1, t, 1); - long t0 = t[0], t1 = t[1], t2 = t[2]; - zz[2] ^= t0; - zz[3] ^= t0 ^ t1; - zz[4] ^= t2 ^ t1; - zz[5] ^= t2; - } - - implCompactExt(zz); - } - - protected static void implMulwAcc(long x, long y, long[] z, int zOff) - { -// assert x >>> 60 == 0; -// assert y >>> 60 == 0; - - long[] u = new long[8]; -// u[0] = 0; - u[1] = y; - u[2] = u[1] << 1; - u[3] = u[2] ^ y; - u[4] = u[2] << 1; - u[5] = u[4] ^ y; - u[6] = u[3] << 1; - u[7] = u[6] ^ y; - - int j = (int)x; - long g, h = 0, l = u[j & 7] - ^ (u[(j >>> 3) & 7] << 3); - int k = 54; - do - { - j = (int)(x >>> k); - g = u[j & 7] - ^ u[(j >>> 3) & 7] << 3; - l ^= (g << k); - h ^= (g >>> -k); - } - while ((k -= 6) > 0); - - h ^= ((x & 0x0820820820820820L) & ((y << 4) >> 63)) >>> 5; - -// assert h >>> 55 == 0; - - z[zOff ] ^= l & M60; - z[zOff + 1] ^= (l >>> 60) ^ (h << 4); - } - - protected static void implSquare(long[] x, long[] zz) - { - Interleave.expand64To128(x[0], zz, 0); - Interleave.expand64To128(x[1], zz, 2); - Interleave.expand64To128(x[2], zz, 4); - - long x3 = x[3]; - zz[6] = Interleave.expand32to64((int)x3); - zz[7] = Interleave.expand16to32((int)(x3 >>> 32)) & 0xFFFFFFFFL; - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT239FieldElement.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT239FieldElement.java deleted file mode 100644 index e148b8a5..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT239FieldElement.java +++ /dev/null @@ -1,226 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.raw.Nat256; -import org.bouncycastle.util.Arrays; - -public class SecT239FieldElement extends ECFieldElement.AbstractF2m -{ - protected long[] x; - - public SecT239FieldElement(BigInteger x) - { - if (x == null || x.signum() < 0 || x.bitLength() > 239) - { - throw new IllegalArgumentException("x value invalid for SecT239FieldElement"); - } - - this.x = SecT239Field.fromBigInteger(x); - } - - public SecT239FieldElement() - { - this.x = Nat256.create64(); - } - - protected SecT239FieldElement(long[] x) - { - this.x = x; - } - -// public int bitLength() -// { -// return x.degree(); -// } - - public boolean isOne() - { - return Nat256.isOne64(x); - } - - public boolean isZero() - { - return Nat256.isZero64(x); - } - - public boolean testBitZero() - { - return (x[0] & 1L) != 0L; - } - - public BigInteger toBigInteger() - { - return Nat256.toBigInteger64(x); - } - - public String getFieldName() - { - return "SecT239Field"; - } - - public int getFieldSize() - { - return 239; - } - - public ECFieldElement add(ECFieldElement b) - { - long[] z = Nat256.create64(); - SecT239Field.add(x, ((SecT239FieldElement)b).x, z); - return new SecT239FieldElement(z); - } - - public ECFieldElement addOne() - { - long[] z = Nat256.create64(); - SecT239Field.addOne(x, z); - return new SecT239FieldElement(z); - } - - public ECFieldElement subtract(ECFieldElement b) - { - // Addition and subtraction are the same in F2m - return add(b); - } - - public ECFieldElement multiply(ECFieldElement b) - { - long[] z = Nat256.create64(); - SecT239Field.multiply(x, ((SecT239FieldElement)b).x, z); - return new SecT239FieldElement(z); - } - - public ECFieldElement multiplyMinusProduct(ECFieldElement b, ECFieldElement x, ECFieldElement y) - { - return multiplyPlusProduct(b, x, y); - } - - public ECFieldElement multiplyPlusProduct(ECFieldElement b, ECFieldElement x, ECFieldElement y) - { - long[] ax = this.x, bx = ((SecT239FieldElement)b).x; - long[] xx = ((SecT239FieldElement)x).x, yx = ((SecT239FieldElement)y).x; - - long[] tt = Nat256.createExt64(); - SecT239Field.multiplyAddToExt(ax, bx, tt); - SecT239Field.multiplyAddToExt(xx, yx, tt); - - long[] z = Nat256.create64(); - SecT239Field.reduce(tt, z); - return new SecT239FieldElement(z); - } - - public ECFieldElement divide(ECFieldElement b) - { - return multiply(b.invert()); - } - - public ECFieldElement negate() - { - return this; - } - - public ECFieldElement square() - { - long[] z = Nat256.create64(); - SecT239Field.square(x, z); - return new SecT239FieldElement(z); - } - - public ECFieldElement squareMinusProduct(ECFieldElement x, ECFieldElement y) - { - return squarePlusProduct(x, y); - } - - public ECFieldElement squarePlusProduct(ECFieldElement x, ECFieldElement y) - { - long[] ax = this.x; - long[] xx = ((SecT239FieldElement)x).x, yx = ((SecT239FieldElement)y).x; - - long[] tt = Nat256.createExt64(); - SecT239Field.squareAddToExt(ax, tt); - SecT239Field.multiplyAddToExt(xx, yx, tt); - - long[] z = Nat256.create64(); - SecT239Field.reduce(tt, z); - return new SecT239FieldElement(z); - } - - public ECFieldElement squarePow(int pow) - { - if (pow < 1) - { - return this; - } - - long[] z = Nat256.create64(); - SecT239Field.squareN(x, pow, z); - return new SecT239FieldElement(z); - } - - public int trace() - { - return SecT239Field.trace(x); - } - - public ECFieldElement invert() - { - long[] z = Nat256.create64(); - SecT239Field.invert(x, z); - return new SecT239FieldElement(z); - } - - public ECFieldElement sqrt() - { - long[] z = Nat256.create64(); - SecT239Field.sqrt(x, z); - return new SecT239FieldElement(z); - } - - public int getRepresentation() - { - return ECFieldElement.F2m.TPB; - } - - public int getM() - { - return 239; - } - - public int getK1() - { - return 158; - } - - public int getK2() - { - return 0; - } - - public int getK3() - { - return 0; - } - - public boolean equals(Object other) - { - if (other == this) - { - return true; - } - - if (!(other instanceof SecT239FieldElement)) - { - return false; - } - - SecT239FieldElement o = (SecT239FieldElement)other; - return Nat256.eq64(x, o.x); - } - - public int hashCode() - { - return 23900158 ^ Arrays.hashCode(x, 0, 4); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT239K1Curve.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT239K1Curve.java deleted file mode 100644 index 45b0a5ea..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT239K1Curve.java +++ /dev/null @@ -1,155 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECCurve.AbstractF2m; -import org.bouncycastle.math.raw.Nat256; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECLookupTable; -import org.bouncycastle.math.ec.ECMultiplier; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.ec.WTauNafMultiplier; -import org.bouncycastle.util.encoders.Hex; - -public class SecT239K1Curve extends AbstractF2m -{ - private static final int SecT239K1_DEFAULT_COORDS = COORD_LAMBDA_PROJECTIVE; - - protected SecT239K1Point infinity; - - public SecT239K1Curve() - { - super(239, 158, 0, 0); - - this.infinity = new SecT239K1Point(this, null, null); - - this.a = fromBigInteger(BigInteger.valueOf(0)); - this.b = fromBigInteger(BigInteger.valueOf(1)); - this.order = new BigInteger(1, Hex.decode("2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5")); - this.cofactor = BigInteger.valueOf(4); - - this.coord = SecT239K1_DEFAULT_COORDS; - } - - protected ECCurve cloneCurve() - { - return new SecT239K1Curve(); - } - - public boolean supportsCoordinateSystem(int coord) - { - switch (coord) - { - case COORD_LAMBDA_PROJECTIVE: - return true; - default: - return false; - } - } - - protected ECMultiplier createDefaultMultiplier() - { - return new WTauNafMultiplier(); - } - - public int getFieldSize() - { - return 239; - } - - public ECFieldElement fromBigInteger(BigInteger x) - { - return new SecT239FieldElement(x); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, boolean withCompression) - { - return new SecT239K1Point(this, x, y, withCompression); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - return new SecT239K1Point(this, x, y, zs, withCompression); - } - - public ECPoint getInfinity() - { - return infinity; - } - - public boolean isKoblitz() - { - return true; - } - - public int getM() - { - return 239; - } - - public boolean isTrinomial() - { - return true; - } - - public int getK1() - { - return 158; - } - - public int getK2() - { - return 0; - } - - public int getK3() - { - return 0; - } - - public ECLookupTable createCacheSafeLookupTable(ECPoint[] points, int off, final int len) - { - final int FE_LONGS = 4; - - final long[] table = new long[len * FE_LONGS * 2]; - { - int pos = 0; - for (int i = 0; i < len; ++i) - { - ECPoint p = points[off + i]; - Nat256.copy64(((SecT239FieldElement)p.getRawXCoord()).x, 0, table, pos); pos += FE_LONGS; - Nat256.copy64(((SecT239FieldElement)p.getRawYCoord()).x, 0, table, pos); pos += FE_LONGS; - } - } - - return new ECLookupTable() - { - public int getSize() - { - return len; - } - - public ECPoint lookup(int index) - { - long[] x = Nat256.create64(), y = Nat256.create64(); - int pos = 0; - - for (int i = 0; i < len; ++i) - { - long MASK = ((i ^ index) - 1) >> 31; - - for (int j = 0; j < FE_LONGS; ++j) - { - x[j] ^= table[pos + j] & MASK; - y[j] ^= table[pos + FE_LONGS + j] & MASK; - } - - pos += (FE_LONGS * 2); - } - - return createRawPoint(new SecT239FieldElement(x), new SecT239FieldElement(y), false); - } - }; - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT239K1Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT239K1Point.java deleted file mode 100644 index 1de2a290..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT239K1Point.java +++ /dev/null @@ -1,317 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import org.bouncycastle.math.ec.ECConstants; -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.ec.ECPoint.AbstractF2m; - -public class SecT239K1Point extends AbstractF2m -{ - /** - * @deprecated Use ECCurve.createPoint to construct points - */ - public SecT239K1Point(ECCurve curve, ECFieldElement x, ECFieldElement y) - { - this(curve, x, y, false); - } - - /** - * @deprecated per-point compression property will be removed, refer {@link #getEncoded(boolean)} - */ - public SecT239K1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, boolean withCompression) - { - super(curve, x, y); - - if ((x == null) != (y == null)) - { - throw new IllegalArgumentException("Exactly one of the field elements is null"); - } - - this.withCompression = withCompression; - } - - SecT239K1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - super(curve, x, y, zs); - - this.withCompression = withCompression; - } - - protected ECPoint detach() - { - return new SecT239K1Point(null, this.getAffineXCoord(), this.getAffineYCoord()); // earlier JDK - } - - public ECFieldElement getYCoord() - { - ECFieldElement X = x, L = y; - - if (this.isInfinity() || X.isZero()) - { - return L; - } - - // Y is actually Lambda (X + Y/X) here; convert to affine value on the fly - ECFieldElement Y = L.add(X).multiply(X); - - ECFieldElement Z = zs[0]; - if (!Z.isOne()) - { - Y = Y.divide(Z); - } - - return Y; - } - - protected boolean getCompressionYTilde() - { - ECFieldElement X = this.getRawXCoord(); - if (X.isZero()) - { - return false; - } - - ECFieldElement Y = this.getRawYCoord(); - - // Y is actually Lambda (X + Y/X) here - return Y.testBitZero() != X.testBitZero(); - } - - public ECPoint add(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - ECFieldElement X2 = b.getRawXCoord(); - - if (X1.isZero()) - { - if (X2.isZero()) - { - return curve.getInfinity(); - } - - return b.add(this); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - ECFieldElement L2 = b.getRawYCoord(), Z2 = b.getZCoord(0); - - boolean Z1IsOne = Z1.isOne(); - ECFieldElement U2 = X2, S2 = L2; - if (!Z1IsOne) - { - U2 = U2.multiply(Z1); - S2 = S2.multiply(Z1); - } - - boolean Z2IsOne = Z2.isOne(); - ECFieldElement U1 = X1, S1 = L1; - if (!Z2IsOne) - { - U1 = U1.multiply(Z2); - S1 = S1.multiply(Z2); - } - - ECFieldElement A = S1.add(S2); - ECFieldElement B = U1.add(U2); - - if (B.isZero()) - { - if (A.isZero()) - { - return twice(); - } - - return curve.getInfinity(); - } - - ECFieldElement X3, L3, Z3; - if (X2.isZero()) - { - // TODO This can probably be optimized quite a bit - ECPoint p = this.normalize(); - X1 = p.getXCoord(); - ECFieldElement Y1 = p.getYCoord(); - - ECFieldElement Y2 = L2; - ECFieldElement L = Y1.add(Y2).divide(X1); - - X3 = L.square().add(L).add(X1); - if (X3.isZero()) - { - return new SecT239K1Point(curve, X3, curve.getB(), this.withCompression); - } - - ECFieldElement Y3 = L.multiply(X1.add(X3)).add(X3).add(Y1); - L3 = Y3.divide(X3).add(X3); - Z3 = curve.fromBigInteger(ECConstants.ONE); - } - else - { - B = B.square(); - - ECFieldElement AU1 = A.multiply(U1); - ECFieldElement AU2 = A.multiply(U2); - - X3 = AU1.multiply(AU2); - if (X3.isZero()) - { - return new SecT239K1Point(curve, X3, curve.getB(), this.withCompression); - } - - ECFieldElement ABZ2 = A.multiply(B); - if (!Z2IsOne) - { - ABZ2 = ABZ2.multiply(Z2); - } - - L3 = AU2.add(B).squarePlusProduct(ABZ2, L1.add(Z1)); - - Z3 = ABZ2; - if (!Z1IsOne) - { - Z3 = Z3.multiply(Z1); - } - } - - return new SecT239K1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint twice() - { - if (this.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - if (X1.isZero()) - { - // A point with X == 0 is it's own additive inverse - return curve.getInfinity(); - } - - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - - boolean Z1IsOne = Z1.isOne(); - ECFieldElement Z1Sq = Z1IsOne ? Z1 : Z1.square(); - ECFieldElement T; - if (Z1IsOne) - { - T = L1.square().add(L1); - } - else - { - T = L1.add(Z1).multiply(L1); - } - - if (T.isZero()) - { - return new SecT239K1Point(curve, T, curve.getB(), withCompression); - } - - ECFieldElement X3 = T.square(); - ECFieldElement Z3 = Z1IsOne ? T : T.multiply(Z1Sq); - - ECFieldElement t1 = L1.add(X1).square(); - ECFieldElement t2 = Z1IsOne ? Z1 : Z1Sq.square(); - ECFieldElement L3 = t1.add(T).add(Z1Sq).multiply(t1).add(t2).add(X3).add(Z3); - - return new SecT239K1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint twicePlus(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return twice(); - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - if (X1.isZero()) - { - // A point with X == 0 is it's own additive inverse - return b; - } - - // NOTE: twicePlus() only optimized for lambda-affine argument - ECFieldElement X2 = b.getRawXCoord(), Z2 = b.getZCoord(0); - if (X2.isZero() || !Z2.isOne()) - { - return twice().add(b); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - ECFieldElement L2 = b.getRawYCoord(); - - ECFieldElement X1Sq = X1.square(); - ECFieldElement L1Sq = L1.square(); - ECFieldElement Z1Sq = Z1.square(); - ECFieldElement L1Z1 = L1.multiply(Z1); - - ECFieldElement T = L1Sq.add(L1Z1); - ECFieldElement L2plus1 = L2.addOne(); - ECFieldElement A = L2plus1.multiply(Z1Sq).add(L1Sq).multiplyPlusProduct(T, X1Sq, Z1Sq); - ECFieldElement X2Z1Sq = X2.multiply(Z1Sq); - ECFieldElement B = X2Z1Sq.add(T).square(); - - if (B.isZero()) - { - if (A.isZero()) - { - return b.twice(); - } - - return curve.getInfinity(); - } - - if (A.isZero()) - { - return new SecT239K1Point(curve, A, curve.getB(), withCompression); - } - - ECFieldElement X3 = A.square().multiply(X2Z1Sq); - ECFieldElement Z3 = A.multiply(B).multiply(Z1Sq); - ECFieldElement L3 = A.add(B).square().multiplyPlusProduct(T, L2plus1, Z3); - - return new SecT239K1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint negate() - { - if (this.isInfinity()) - { - return this; - } - - ECFieldElement X = this.x; - if (X.isZero()) - { - return this; - } - - // L is actually Lambda (X + Y/X) here - ECFieldElement L = this.y, Z = this.zs[0]; - return new SecT239K1Point(curve, X, L.add(Z), new ECFieldElement[]{ Z }, this.withCompression); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT283Field.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT283Field.java deleted file mode 100644 index 7b6679bd..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT283Field.java +++ /dev/null @@ -1,404 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.raw.Interleave; -import org.bouncycastle.math.raw.Nat; -import org.bouncycastle.math.raw.Nat320; - -public class SecT283Field -{ - private static final long M27 = -1L >>> 37; - private static final long M57 = -1L >>> 7; - - private static final long[] ROOT_Z = new long[]{ 0x0C30C30C30C30808L, 0x30C30C30C30C30C3L, 0x820820820820830CL, 0x0820820820820820L, 0x2082082L }; - - public static void add(long[] x, long[] y, long[] z) - { - z[0] = x[0] ^ y[0]; - z[1] = x[1] ^ y[1]; - z[2] = x[2] ^ y[2]; - z[3] = x[3] ^ y[3]; - z[4] = x[4] ^ y[4]; - } - - public static void addExt(long[] xx, long[] yy, long[] zz) - { - zz[0] = xx[0] ^ yy[0]; - zz[1] = xx[1] ^ yy[1]; - zz[2] = xx[2] ^ yy[2]; - zz[3] = xx[3] ^ yy[3]; - zz[4] = xx[4] ^ yy[4]; - zz[5] = xx[5] ^ yy[5]; - zz[6] = xx[6] ^ yy[6]; - zz[7] = xx[7] ^ yy[7]; - zz[8] = xx[8] ^ yy[8]; - } - - public static void addOne(long[] x, long[] z) - { - z[0] = x[0] ^ 1L; - z[1] = x[1]; - z[2] = x[2]; - z[3] = x[3]; - z[4] = x[4]; - } - - public static long[] fromBigInteger(BigInteger x) - { - long[] z = Nat320.fromBigInteger64(x); - reduce37(z, 0); - return z; - } - - public static void invert(long[] x, long[] z) - { - if (Nat320.isZero64(x)) - { - throw new IllegalStateException(); - } - - // Itoh-Tsujii inversion - - long[] t0 = Nat320.create64(); - long[] t1 = Nat320.create64(); - - square(x, t0); - multiply(t0, x, t0); - squareN(t0, 2, t1); - multiply(t1, t0, t1); - squareN(t1, 4, t0); - multiply(t0, t1, t0); - squareN(t0, 8, t1); - multiply(t1, t0, t1); - square(t1, t1); - multiply(t1, x, t1); - squareN(t1, 17, t0); - multiply(t0, t1, t0); - square(t0, t0); - multiply(t0, x, t0); - squareN(t0, 35, t1); - multiply(t1, t0, t1); - squareN(t1, 70, t0); - multiply(t0, t1, t0); - square(t0, t0); - multiply(t0, x, t0); - squareN(t0, 141, t1); - multiply(t1, t0, t1); - square(t1, z); - } - - public static void multiply(long[] x, long[] y, long[] z) - { - long[] tt = Nat320.createExt64(); - implMultiply(x, y, tt); - reduce(tt, z); - } - - public static void multiplyAddToExt(long[] x, long[] y, long[] zz) - { - long[] tt = Nat320.createExt64(); - implMultiply(x, y, tt); - addExt(zz, tt, zz); - } - - public static void reduce(long[] xx, long[] z) - { - long x0 = xx[0], x1 = xx[1], x2 = xx[2], x3 = xx[3], x4 = xx[4]; - long x5 = xx[5], x6 = xx[6], x7 = xx[7], x8 = xx[8]; - - x3 ^= (x8 << 37) ^ (x8 << 42) ^ (x8 << 44) ^ (x8 << 49); - x4 ^= (x8 >>> 27) ^ (x8 >>> 22) ^ (x8 >>> 20) ^ (x8 >>> 15); - - x2 ^= (x7 << 37) ^ (x7 << 42) ^ (x7 << 44) ^ (x7 << 49); - x3 ^= (x7 >>> 27) ^ (x7 >>> 22) ^ (x7 >>> 20) ^ (x7 >>> 15); - - x1 ^= (x6 << 37) ^ (x6 << 42) ^ (x6 << 44) ^ (x6 << 49); - x2 ^= (x6 >>> 27) ^ (x6 >>> 22) ^ (x6 >>> 20) ^ (x6 >>> 15); - - x0 ^= (x5 << 37) ^ (x5 << 42) ^ (x5 << 44) ^ (x5 << 49); - x1 ^= (x5 >>> 27) ^ (x5 >>> 22) ^ (x5 >>> 20) ^ (x5 >>> 15); - - long t = x4 >>> 27; - z[0] = x0 ^ t ^ (t << 5) ^ (t << 7) ^ (t << 12); - z[1] = x1; - z[2] = x2; - z[3] = x3; - z[4] = x4 & M27; - } - - public static void reduce37(long[] z, int zOff) - { - long z4 = z[zOff + 4], t = z4 >>> 27; - z[zOff ] ^= t ^ (t << 5) ^ (t << 7) ^ (t << 12); - z[zOff + 4] = z4 & M27; - } - - public static void sqrt(long[] x, long[] z) - { - long[] odd = Nat320.create64(); - - long u0, u1; - u0 = Interleave.unshuffle(x[0]); u1 = Interleave.unshuffle(x[1]); - long e0 = (u0 & 0x00000000FFFFFFFFL) | (u1 << 32); - odd[0] = (u0 >>> 32) | (u1 & 0xFFFFFFFF00000000L); - - u0 = Interleave.unshuffle(x[2]); u1 = Interleave.unshuffle(x[3]); - long e1 = (u0 & 0x00000000FFFFFFFFL) | (u1 << 32); - odd[1] = (u0 >>> 32) | (u1 & 0xFFFFFFFF00000000L); - - u0 = Interleave.unshuffle(x[4]); - long e2 = (u0 & 0x00000000FFFFFFFFL); - odd[2] = (u0 >>> 32); - - multiply(odd, ROOT_Z, z); - - z[0] ^= e0; - z[1] ^= e1; - z[2] ^= e2; - } - - public static void square(long[] x, long[] z) - { - long[] tt = Nat.create64(9); - implSquare(x, tt); - reduce(tt, z); - } - - public static void squareAddToExt(long[] x, long[] zz) - { - long[] tt = Nat.create64(9); - implSquare(x, tt); - addExt(zz, tt, zz); - } - - public static void squareN(long[] x, int n, long[] z) - { -// assert n > 0; - - long[] tt = Nat.create64(9); - implSquare(x, tt); - reduce(tt, z); - - while (--n > 0) - { - implSquare(z, tt); - reduce(tt, z); - } - } - - public static int trace(long[] x) - { - // Non-zero-trace bits: 0, 271 - return (int)(x[0] ^ (x[4] >>> 15)) & 1; - } - - protected static void implCompactExt(long[] zz) - { - long z0 = zz[0], z1 = zz[1], z2 = zz[2], z3 = zz[3], z4 = zz[4]; - long z5 = zz[5], z6 = zz[6], z7 = zz[7], z8 = zz[8], z9 = zz[9]; - zz[0] = z0 ^ (z1 << 57); - zz[1] = (z1 >>> 7) ^ (z2 << 50); - zz[2] = (z2 >>> 14) ^ (z3 << 43); - zz[3] = (z3 >>> 21) ^ (z4 << 36); - zz[4] = (z4 >>> 28) ^ (z5 << 29); - zz[5] = (z5 >>> 35) ^ (z6 << 22); - zz[6] = (z6 >>> 42) ^ (z7 << 15); - zz[7] = (z7 >>> 49) ^ (z8 << 8); - zz[8] = (z8 >>> 56) ^ (z9 << 1); - zz[9] = (z9 >>> 63); // Zero! - } - - protected static void implExpand(long[] x, long[] z) - { - long x0 = x[0], x1 = x[1], x2 = x[2], x3 = x[3], x4 = x[4]; - z[0] = x0 & M57; - z[1] = ((x0 >>> 57) ^ (x1 << 7)) & M57; - z[2] = ((x1 >>> 50) ^ (x2 << 14)) & M57; - z[3] = ((x2 >>> 43) ^ (x3 << 21)) & M57; - z[4] = ((x3 >>> 36) ^ (x4 << 28)); - } - -// protected static void addMs(long[] zz, int zOff, long[] p, int... ms) -// { -// long t0 = 0, t1 = 0; -// for (int m : ms) -// { -// int i = (m - 1) << 1; -// t0 ^= p[i ]; -// t1 ^= p[i + 1]; -// } -// zz[zOff ] ^= t0; -// zz[zOff + 1] ^= t1; -// } - - protected static void implMultiply(long[] x, long[] y, long[] zz) - { - /* - * Formula (17) from "Some New Results on Binary Polynomial Multiplication", - * Murat Cenk and M. Anwar Hasan. - * - * The formula as given contained an error in the term t25, as noted below - */ - long[] a = new long[5], b = new long[5]; - implExpand(x, a); - implExpand(y, b); - - long[] p = new long[26]; - - implMulw(a[0], b[0], p, 0); // m1 - implMulw(a[1], b[1], p, 2); // m2 - implMulw(a[2], b[2], p, 4); // m3 - implMulw(a[3], b[3], p, 6); // m4 - implMulw(a[4], b[4], p, 8); // m5 - - long u0 = a[0] ^ a[1], v0 = b[0] ^ b[1]; - long u1 = a[0] ^ a[2], v1 = b[0] ^ b[2]; - long u2 = a[2] ^ a[4], v2 = b[2] ^ b[4]; - long u3 = a[3] ^ a[4], v3 = b[3] ^ b[4]; - - implMulw(u1 ^ a[3], v1 ^ b[3], p, 18); // m10 - implMulw(u2 ^ a[1], v2 ^ b[1], p, 20); // m11 - - long A4 = u0 ^ u3 , B4 = v0 ^ v3; - long A5 = A4 ^ a[2], B5 = B4 ^ b[2]; - - implMulw(A4, B4, p, 22); // m12 - implMulw(A5, B5, p, 24); // m13 - - implMulw(u0, v0, p, 10); // m6 - implMulw(u1, v1, p, 12); // m7 - implMulw(u2, v2, p, 14); // m8 - implMulw(u3, v3, p, 16); // m9 - - - // Original method, corresponding to formula (16) -// addMs(zz, 0, p, 1); -// addMs(zz, 1, p, 1, 2, 6); -// addMs(zz, 2, p, 1, 2, 3, 7); -// addMs(zz, 3, p, 1, 3, 4, 5, 8, 10, 12, 13); -// addMs(zz, 4, p, 1, 2, 4, 5, 6, 9, 10, 11, 13); -// addMs(zz, 5, p, 1, 2, 3, 5, 7, 11, 12, 13); -// addMs(zz, 6, p, 3, 4, 5, 8); -// addMs(zz, 7, p, 4, 5, 9); -// addMs(zz, 8, p, 5); - - // Improved method factors out common single-word terms - // NOTE: p1,...,p26 in the paper maps to p[0],...,p[25] here - - zz[0] = p[ 0]; - zz[9] = p[ 9]; - - long t1 = p[ 0] ^ p[ 1]; - long t2 = t1 ^ p[ 2]; - long t3 = t2 ^ p[10]; - - zz[1] = t3; - - long t4 = p[ 3] ^ p[ 4]; - long t5 = p[11] ^ p[12]; - long t6 = t4 ^ t5; - long t7 = t2 ^ t6; - - zz[2] = t7; - - long t8 = t1 ^ t4; - long t9 = p[ 5] ^ p[ 6]; - long t10 = t8 ^ t9; - long t11 = t10 ^ p[ 8]; - long t12 = p[13] ^ p[14]; - long t13 = t11 ^ t12; - long t14 = p[18] ^ p[22]; - long t15 = t14 ^ p[24]; - long t16 = t13 ^ t15; - - zz[3] = t16; - - long t17 = p[ 7] ^ p[ 8]; - long t18 = t17 ^ p[ 9]; - long t19 = t18 ^ p[17]; - - zz[8] = t19; - - long t20 = t18 ^ t9; - long t21 = p[15] ^ p[16]; - long t22 = t20 ^ t21; - - zz[7] = t22; - - long t23 = t22 ^ t3; - long t24 = p[19] ^ p[20]; -// long t25 = p[23] ^ p[24]; - long t25 = p[25] ^ p[24]; // Fixes an error in the paper: p[23] -> p{25] - long t26 = p[18] ^ p[23]; - long t27 = t24 ^ t25; - long t28 = t27 ^ t26; - long t29 = t28 ^ t23; - - zz[4] = t29; - - long t30 = t7 ^ t19; - long t31 = t27 ^ t30; - long t32 = p[21] ^ p[22]; - long t33 = t31 ^ t32; - - zz[5] = t33; - - long t34 = t11 ^ p[0]; - long t35 = t34 ^ p[9]; - long t36 = t35 ^ t12; - long t37 = t36 ^ p[21]; - long t38 = t37 ^ p[23]; - long t39 = t38 ^ p[25]; - - zz[6] = t39; - - implCompactExt(zz); - } - - protected static void implMulw(long x, long y, long[] z, int zOff) - { -// assert x >>> 57 == 0; -// assert y >>> 57 == 0; - - long[] u = new long[8]; -// u[0] = 0; - u[1] = y; - u[2] = u[1] << 1; - u[3] = u[2] ^ y; - u[4] = u[2] << 1; - u[5] = u[4] ^ y; - u[6] = u[3] << 1; - u[7] = u[6] ^ y; - - int j = (int)x; - long g, h = 0, l = u[j & 7]; - int k = 48; - do - { - j = (int)(x >>> k); - g = u[j & 7] - ^ u[(j >>> 3) & 7] << 3 - ^ u[(j >>> 6) & 7] << 6; - l ^= (g << k); - h ^= (g >>> -k); - } - while ((k -= 9) > 0); - - h ^= ((x & 0x0100804020100800L) & ((y << 7) >> 63)) >>> 8; - -// assert h >>> 49 == 0; - - z[zOff ] = l & M57; - z[zOff + 1] = (l >>> 57) ^ (h << 7); - } - - protected static void implSquare(long[] x, long[] zz) - { - for (int i = 0; i < 4; ++i) - { - Interleave.expand64To128(x[i], zz, i << 1); - } - zz[8] = Interleave.expand32to64((int)x[4]); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT283FieldElement.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT283FieldElement.java deleted file mode 100644 index 91685fd6..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT283FieldElement.java +++ /dev/null @@ -1,227 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.raw.Nat; -import org.bouncycastle.math.raw.Nat320; -import org.bouncycastle.util.Arrays; - -public class SecT283FieldElement extends ECFieldElement.AbstractF2m -{ - protected long[] x; - - public SecT283FieldElement(BigInteger x) - { - if (x == null || x.signum() < 0 || x.bitLength() > 283) - { - throw new IllegalArgumentException("x value invalid for SecT283FieldElement"); - } - - this.x = SecT283Field.fromBigInteger(x); - } - - public SecT283FieldElement() - { - this.x = Nat320.create64(); - } - - protected SecT283FieldElement(long[] x) - { - this.x = x; - } - -// public int bitLength() -// { -// return x.degree(); -// } - - public boolean isOne() - { - return Nat320.isOne64(x); - } - - public boolean isZero() - { - return Nat320.isZero64(x); - } - - public boolean testBitZero() - { - return (x[0] & 1L) != 0L; - } - - public BigInteger toBigInteger() - { - return Nat320.toBigInteger64(x); - } - - public String getFieldName() - { - return "SecT283Field"; - } - - public int getFieldSize() - { - return 283; - } - - public ECFieldElement add(ECFieldElement b) - { - long[] z = Nat320.create64(); - SecT283Field.add(x, ((SecT283FieldElement)b).x, z); - return new SecT283FieldElement(z); - } - - public ECFieldElement addOne() - { - long[] z = Nat320.create64(); - SecT283Field.addOne(x, z); - return new SecT283FieldElement(z); - } - - public ECFieldElement subtract(ECFieldElement b) - { - // Addition and subtraction are the same in F2m - return add(b); - } - - public ECFieldElement multiply(ECFieldElement b) - { - long[] z = Nat320.create64(); - SecT283Field.multiply(x, ((SecT283FieldElement)b).x, z); - return new SecT283FieldElement(z); - } - - public ECFieldElement multiplyMinusProduct(ECFieldElement b, ECFieldElement x, ECFieldElement y) - { - return multiplyPlusProduct(b, x, y); - } - - public ECFieldElement multiplyPlusProduct(ECFieldElement b, ECFieldElement x, ECFieldElement y) - { - long[] ax = this.x, bx = ((SecT283FieldElement)b).x; - long[] xx = ((SecT283FieldElement)x).x, yx = ((SecT283FieldElement)y).x; - - long[] tt = Nat.create64(9); - SecT283Field.multiplyAddToExt(ax, bx, tt); - SecT283Field.multiplyAddToExt(xx, yx, tt); - - long[] z = Nat320.create64(); - SecT283Field.reduce(tt, z); - return new SecT283FieldElement(z); - } - - public ECFieldElement divide(ECFieldElement b) - { - return multiply(b.invert()); - } - - public ECFieldElement negate() - { - return this; - } - - public ECFieldElement square() - { - long[] z = Nat320.create64(); - SecT283Field.square(x, z); - return new SecT283FieldElement(z); - } - - public ECFieldElement squareMinusProduct(ECFieldElement x, ECFieldElement y) - { - return squarePlusProduct(x, y); - } - - public ECFieldElement squarePlusProduct(ECFieldElement x, ECFieldElement y) - { - long[] ax = this.x; - long[] xx = ((SecT283FieldElement)x).x, yx = ((SecT283FieldElement)y).x; - - long[] tt = Nat.create64(9); - SecT283Field.squareAddToExt(ax, tt); - SecT283Field.multiplyAddToExt(xx, yx, tt); - - long[] z = Nat320.create64(); - SecT283Field.reduce(tt, z); - return new SecT283FieldElement(z); - } - - public ECFieldElement squarePow(int pow) - { - if (pow < 1) - { - return this; - } - - long[] z = Nat320.create64(); - SecT283Field.squareN(x, pow, z); - return new SecT283FieldElement(z); - } - - public int trace() - { - return SecT283Field.trace(x); - } - - public ECFieldElement invert() - { - long[] z = Nat320.create64(); - SecT283Field.invert(x, z); - return new SecT283FieldElement(z); - } - - public ECFieldElement sqrt() - { - long[] z = Nat320.create64(); - SecT283Field.sqrt(x, z); - return new SecT283FieldElement(z); - } - - public int getRepresentation() - { - return ECFieldElement.F2m.PPB; - } - - public int getM() - { - return 283; - } - - public int getK1() - { - return 5; - } - - public int getK2() - { - return 7; - } - - public int getK3() - { - return 12; - } - - public boolean equals(Object other) - { - if (other == this) - { - return true; - } - - if (!(other instanceof SecT283FieldElement)) - { - return false; - } - - SecT283FieldElement o = (SecT283FieldElement)other; - return Nat320.eq64(x, o.x); - } - - public int hashCode() - { - return 2831275 ^ Arrays.hashCode(x, 0, 5); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT283K1Curve.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT283K1Curve.java deleted file mode 100644 index 84c38499..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT283K1Curve.java +++ /dev/null @@ -1,155 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECCurve.AbstractF2m; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECLookupTable; -import org.bouncycastle.math.ec.ECMultiplier; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.ec.WTauNafMultiplier; -import org.bouncycastle.math.raw.Nat320; -import org.bouncycastle.util.encoders.Hex; - -public class SecT283K1Curve extends AbstractF2m -{ - private static final int SecT283K1_DEFAULT_COORDS = COORD_LAMBDA_PROJECTIVE; - - protected SecT283K1Point infinity; - - public SecT283K1Curve() - { - super(283, 5, 7, 12); - - this.infinity = new SecT283K1Point(this, null, null); - - this.a = fromBigInteger(BigInteger.valueOf(0)); - this.b = fromBigInteger(BigInteger.valueOf(1)); - this.order = new BigInteger(1, Hex.decode("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61")); - this.cofactor = BigInteger.valueOf(4); - - this.coord = SecT283K1_DEFAULT_COORDS; - } - - protected ECCurve cloneCurve() - { - return new SecT283K1Curve(); - } - - public boolean supportsCoordinateSystem(int coord) - { - switch (coord) - { - case COORD_LAMBDA_PROJECTIVE: - return true; - default: - return false; - } - } - - protected ECMultiplier createDefaultMultiplier() - { - return new WTauNafMultiplier(); - } - - public int getFieldSize() - { - return 283; - } - - public ECFieldElement fromBigInteger(BigInteger x) - { - return new SecT283FieldElement(x); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, boolean withCompression) - { - return new SecT283K1Point(this, x, y, withCompression); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - return new SecT283K1Point(this, x, y, zs, withCompression); - } - - public ECPoint getInfinity() - { - return infinity; - } - - public boolean isKoblitz() - { - return true; - } - - public int getM() - { - return 283; - } - - public boolean isTrinomial() - { - return false; - } - - public int getK1() - { - return 5; - } - - public int getK2() - { - return 7; - } - - public int getK3() - { - return 12; - } - - public ECLookupTable createCacheSafeLookupTable(ECPoint[] points, int off, final int len) - { - final int FE_LONGS = 5; - - final long[] table = new long[len * FE_LONGS * 2]; - { - int pos = 0; - for (int i = 0; i < len; ++i) - { - ECPoint p = points[off + i]; - Nat320.copy64(((SecT283FieldElement)p.getRawXCoord()).x, 0, table, pos); pos += FE_LONGS; - Nat320.copy64(((SecT283FieldElement)p.getRawYCoord()).x, 0, table, pos); pos += FE_LONGS; - } - } - - return new ECLookupTable() - { - public int getSize() - { - return len; - } - - public ECPoint lookup(int index) - { - long[] x = Nat320.create64(), y = Nat320.create64(); - int pos = 0; - - for (int i = 0; i < len; ++i) - { - long MASK = ((i ^ index) - 1) >> 31; - - for (int j = 0; j < FE_LONGS; ++j) - { - x[j] ^= table[pos + j] & MASK; - y[j] ^= table[pos + FE_LONGS + j] & MASK; - } - - pos += (FE_LONGS * 2); - } - - return createRawPoint(new SecT283FieldElement(x), new SecT283FieldElement(y), false); - } - }; - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT283K1Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT283K1Point.java deleted file mode 100644 index a99936e6..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT283K1Point.java +++ /dev/null @@ -1,317 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import org.bouncycastle.math.ec.ECConstants; -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.ec.ECPoint.AbstractF2m; - -public class SecT283K1Point extends AbstractF2m -{ - /** - * @deprecated Use ECCurve.createPoint to construct points - */ - public SecT283K1Point(ECCurve curve, ECFieldElement x, ECFieldElement y) - { - this(curve, x, y, false); - } - - /** - * @deprecated per-point compression property will be removed, refer {@link #getEncoded(boolean)} - */ - public SecT283K1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, boolean withCompression) - { - super(curve, x, y); - - if ((x == null) != (y == null)) - { - throw new IllegalArgumentException("Exactly one of the field elements is null"); - } - - this.withCompression = withCompression; - } - - SecT283K1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - super(curve, x, y, zs); - - this.withCompression = withCompression; - } - - protected ECPoint detach() - { - return new SecT283K1Point(null, this.getAffineXCoord(), this.getAffineYCoord()); // earlier JDK - } - - public ECFieldElement getYCoord() - { - ECFieldElement X = x, L = y; - - if (this.isInfinity() || X.isZero()) - { - return L; - } - - // Y is actually Lambda (X + Y/X) here; convert to affine value on the fly - ECFieldElement Y = L.add(X).multiply(X); - - ECFieldElement Z = zs[0]; - if (!Z.isOne()) - { - Y = Y.divide(Z); - } - - return Y; - } - - protected boolean getCompressionYTilde() - { - ECFieldElement X = this.getRawXCoord(); - if (X.isZero()) - { - return false; - } - - ECFieldElement Y = this.getRawYCoord(); - - // Y is actually Lambda (X + Y/X) here - return Y.testBitZero() != X.testBitZero(); - } - - public ECPoint add(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - ECFieldElement X2 = b.getRawXCoord(); - - if (X1.isZero()) - { - if (X2.isZero()) - { - return curve.getInfinity(); - } - - return b.add(this); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - ECFieldElement L2 = b.getRawYCoord(), Z2 = b.getZCoord(0); - - boolean Z1IsOne = Z1.isOne(); - ECFieldElement U2 = X2, S2 = L2; - if (!Z1IsOne) - { - U2 = U2.multiply(Z1); - S2 = S2.multiply(Z1); - } - - boolean Z2IsOne = Z2.isOne(); - ECFieldElement U1 = X1, S1 = L1; - if (!Z2IsOne) - { - U1 = U1.multiply(Z2); - S1 = S1.multiply(Z2); - } - - ECFieldElement A = S1.add(S2); - ECFieldElement B = U1.add(U2); - - if (B.isZero()) - { - if (A.isZero()) - { - return twice(); - } - - return curve.getInfinity(); - } - - ECFieldElement X3, L3, Z3; - if (X2.isZero()) - { - // TODO This can probably be optimized quite a bit - ECPoint p = this.normalize(); - X1 = p.getXCoord(); - ECFieldElement Y1 = p.getYCoord(); - - ECFieldElement Y2 = L2; - ECFieldElement L = Y1.add(Y2).divide(X1); - - X3 = L.square().add(L).add(X1); - if (X3.isZero()) - { - return new SecT283K1Point(curve, X3, curve.getB(), this.withCompression); - } - - ECFieldElement Y3 = L.multiply(X1.add(X3)).add(X3).add(Y1); - L3 = Y3.divide(X3).add(X3); - Z3 = curve.fromBigInteger(ECConstants.ONE); - } - else - { - B = B.square(); - - ECFieldElement AU1 = A.multiply(U1); - ECFieldElement AU2 = A.multiply(U2); - - X3 = AU1.multiply(AU2); - if (X3.isZero()) - { - return new SecT283K1Point(curve, X3, curve.getB(), this.withCompression); - } - - ECFieldElement ABZ2 = A.multiply(B); - if (!Z2IsOne) - { - ABZ2 = ABZ2.multiply(Z2); - } - - L3 = AU2.add(B).squarePlusProduct(ABZ2, L1.add(Z1)); - - Z3 = ABZ2; - if (!Z1IsOne) - { - Z3 = Z3.multiply(Z1); - } - } - - return new SecT283K1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint twice() - { - if (this.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - if (X1.isZero()) - { - // A point with X == 0 is it's own additive inverse - return curve.getInfinity(); - } - - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - - boolean Z1IsOne = Z1.isOne(); - ECFieldElement Z1Sq = Z1IsOne ? Z1 : Z1.square(); - ECFieldElement T; - if (Z1IsOne) - { - T = L1.square().add(L1); - } - else - { - T = L1.add(Z1).multiply(L1); - } - - if (T.isZero()) - { - return new SecT283K1Point(curve, T, curve.getB(), withCompression); - } - - ECFieldElement X3 = T.square(); - ECFieldElement Z3 = Z1IsOne ? T : T.multiply(Z1Sq); - - ECFieldElement t1 = L1.add(X1).square(); - ECFieldElement t2 = Z1IsOne ? Z1 : Z1Sq.square(); - ECFieldElement L3 = t1.add(T).add(Z1Sq).multiply(t1).add(t2).add(X3).add(Z3); - - return new SecT283K1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint twicePlus(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return twice(); - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - if (X1.isZero()) - { - // A point with X == 0 is it's own additive inverse - return b; - } - - // NOTE: twicePlus() only optimized for lambda-affine argument - ECFieldElement X2 = b.getRawXCoord(), Z2 = b.getZCoord(0); - if (X2.isZero() || !Z2.isOne()) - { - return twice().add(b); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - ECFieldElement L2 = b.getRawYCoord(); - - ECFieldElement X1Sq = X1.square(); - ECFieldElement L1Sq = L1.square(); - ECFieldElement Z1Sq = Z1.square(); - ECFieldElement L1Z1 = L1.multiply(Z1); - - ECFieldElement T = L1Sq.add(L1Z1); - ECFieldElement L2plus1 = L2.addOne(); - ECFieldElement A = L2plus1.multiply(Z1Sq).add(L1Sq).multiplyPlusProduct(T, X1Sq, Z1Sq); - ECFieldElement X2Z1Sq = X2.multiply(Z1Sq); - ECFieldElement B = X2Z1Sq.add(T).square(); - - if (B.isZero()) - { - if (A.isZero()) - { - return b.twice(); - } - - return curve.getInfinity(); - } - - if (A.isZero()) - { - return new SecT283K1Point(curve, A, curve.getB(), withCompression); - } - - ECFieldElement X3 = A.square().multiply(X2Z1Sq); - ECFieldElement Z3 = A.multiply(B).multiply(Z1Sq); - ECFieldElement L3 = A.add(B).square().multiplyPlusProduct(T, L2plus1, Z3); - - return new SecT283K1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint negate() - { - if (this.isInfinity()) - { - return this; - } - - ECFieldElement X = this.x; - if (X.isZero()) - { - return this; - } - - // L is actually Lambda (X + Y/X) here - ECFieldElement L = this.y, Z = this.zs[0]; - return new SecT283K1Point(curve, X, L.add(Z), new ECFieldElement[]{ Z }, this.withCompression); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT283R1Curve.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT283R1Curve.java deleted file mode 100644 index 15626254..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT283R1Curve.java +++ /dev/null @@ -1,148 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECCurve.AbstractF2m; -import org.bouncycastle.math.raw.Nat320; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECLookupTable; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.util.encoders.Hex; - -public class SecT283R1Curve extends AbstractF2m -{ - private static final int SecT283R1_DEFAULT_COORDS = COORD_LAMBDA_PROJECTIVE; - - protected SecT283R1Point infinity; - - public SecT283R1Curve() - { - super(283, 5, 7, 12); - - this.infinity = new SecT283R1Point(this, null, null); - - this.a = fromBigInteger(BigInteger.valueOf(1)); - this.b = fromBigInteger(new BigInteger(1, Hex.decode("027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5"))); - this.order = new BigInteger(1, Hex.decode("03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307")); - this.cofactor = BigInteger.valueOf(2); - - this.coord = SecT283R1_DEFAULT_COORDS; - } - - protected ECCurve cloneCurve() - { - return new SecT283R1Curve(); - } - - public boolean supportsCoordinateSystem(int coord) - { - switch (coord) - { - case COORD_LAMBDA_PROJECTIVE: - return true; - default: - return false; - } - } - - public int getFieldSize() - { - return 283; - } - - public ECFieldElement fromBigInteger(BigInteger x) - { - return new SecT283FieldElement(x); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, boolean withCompression) - { - return new SecT283R1Point(this, x, y, withCompression); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - return new SecT283R1Point(this, x, y, zs, withCompression); - } - - public ECPoint getInfinity() - { - return infinity; - } - - public boolean isKoblitz() - { - return false; - } - - public int getM() - { - return 283; - } - - public boolean isTrinomial() - { - return false; - } - - public int getK1() - { - return 5; - } - - public int getK2() - { - return 7; - } - - public int getK3() - { - return 12; - } - - public ECLookupTable createCacheSafeLookupTable(ECPoint[] points, int off, final int len) - { - final int FE_LONGS = 5; - - final long[] table = new long[len * FE_LONGS * 2]; - { - int pos = 0; - for (int i = 0; i < len; ++i) - { - ECPoint p = points[off + i]; - Nat320.copy64(((SecT283FieldElement)p.getRawXCoord()).x, 0, table, pos); pos += FE_LONGS; - Nat320.copy64(((SecT283FieldElement)p.getRawYCoord()).x, 0, table, pos); pos += FE_LONGS; - } - } - - return new ECLookupTable() - { - public int getSize() - { - return len; - } - - public ECPoint lookup(int index) - { - long[] x = Nat320.create64(), y = Nat320.create64(); - int pos = 0; - - for (int i = 0; i < len; ++i) - { - long MASK = ((i ^ index) - 1) >> 31; - - for (int j = 0; j < FE_LONGS; ++j) - { - x[j] ^= table[pos + j] & MASK; - y[j] ^= table[pos + FE_LONGS + j] & MASK; - } - - pos += (FE_LONGS * 2); - } - - return createRawPoint(new SecT283FieldElement(x), new SecT283FieldElement(y), false); - } - }; - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT283R1Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT283R1Point.java deleted file mode 100644 index 0718239c..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT283R1Point.java +++ /dev/null @@ -1,305 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import org.bouncycastle.math.ec.ECConstants; -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.ec.ECPoint.AbstractF2m; - -public class SecT283R1Point extends AbstractF2m -{ - /** - * @deprecated Use ECCurve.createPoint to construct points - */ - public SecT283R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y) - { - this(curve, x, y, false); - } - - /** - * @deprecated per-point compression property will be removed, refer {@link #getEncoded(boolean)} - */ - public SecT283R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, boolean withCompression) - { - super(curve, x, y); - - if ((x == null) != (y == null)) - { - throw new IllegalArgumentException("Exactly one of the field elements is null"); - } - - this.withCompression = withCompression; - } - - SecT283R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - super(curve, x, y, zs); - - this.withCompression = withCompression; - } - - protected ECPoint detach() - { - return new SecT283R1Point(null, getAffineXCoord(), getAffineYCoord()); - } - - public ECFieldElement getYCoord() - { - ECFieldElement X = x, L = y; - - if (this.isInfinity() || X.isZero()) - { - return L; - } - - // Y is actually Lambda (X + Y/X) here; convert to affine value on the fly - ECFieldElement Y = L.add(X).multiply(X); - - ECFieldElement Z = zs[0]; - if (!Z.isOne()) - { - Y = Y.divide(Z); - } - - return Y; - } - - protected boolean getCompressionYTilde() - { - ECFieldElement X = this.getRawXCoord(); - if (X.isZero()) - { - return false; - } - - ECFieldElement Y = this.getRawYCoord(); - - // Y is actually Lambda (X + Y/X) here - return Y.testBitZero() != X.testBitZero(); - } - - public ECPoint add(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - ECFieldElement X2 = b.getRawXCoord(); - - if (X1.isZero()) - { - if (X2.isZero()) - { - return curve.getInfinity(); - } - - return b.add(this); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - ECFieldElement L2 = b.getRawYCoord(), Z2 = b.getZCoord(0); - - boolean Z1IsOne = Z1.isOne(); - ECFieldElement U2 = X2, S2 = L2; - if (!Z1IsOne) - { - U2 = U2.multiply(Z1); - S2 = S2.multiply(Z1); - } - - boolean Z2IsOne = Z2.isOne(); - ECFieldElement U1 = X1, S1 = L1; - if (!Z2IsOne) - { - U1 = U1.multiply(Z2); - S1 = S1.multiply(Z2); - } - - ECFieldElement A = S1.add(S2); - ECFieldElement B = U1.add(U2); - - if (B.isZero()) - { - if (A.isZero()) - { - return twice(); - } - - return curve.getInfinity(); - } - - ECFieldElement X3, L3, Z3; - if (X2.isZero()) - { - // TODO This can probably be optimized quite a bit - ECPoint p = this.normalize(); - X1 = p.getXCoord(); - ECFieldElement Y1 = p.getYCoord(); - - ECFieldElement Y2 = L2; - ECFieldElement L = Y1.add(Y2).divide(X1); - - X3 = L.square().add(L).add(X1).addOne(); - if (X3.isZero()) - { - return new SecT283R1Point(curve, X3, curve.getB().sqrt(), this.withCompression); - } - - ECFieldElement Y3 = L.multiply(X1.add(X3)).add(X3).add(Y1); - L3 = Y3.divide(X3).add(X3); - Z3 = curve.fromBigInteger(ECConstants.ONE); - } - else - { - B = B.square(); - - ECFieldElement AU1 = A.multiply(U1); - ECFieldElement AU2 = A.multiply(U2); - - X3 = AU1.multiply(AU2); - if (X3.isZero()) - { - return new SecT283R1Point(curve, X3, curve.getB().sqrt(), this.withCompression); - } - - ECFieldElement ABZ2 = A.multiply(B); - if (!Z2IsOne) - { - ABZ2 = ABZ2.multiply(Z2); - } - - L3 = AU2.add(B).squarePlusProduct(ABZ2, L1.add(Z1)); - - Z3 = ABZ2; - if (!Z1IsOne) - { - Z3 = Z3.multiply(Z1); - } - } - - return new SecT283R1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint twice() - { - if (this.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - if (X1.isZero()) - { - // A point with X == 0 is it's own additive inverse - return curve.getInfinity(); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - - boolean Z1IsOne = Z1.isOne(); - ECFieldElement L1Z1 = Z1IsOne ? L1 : L1.multiply(Z1); - ECFieldElement Z1Sq = Z1IsOne ? Z1 : Z1.square(); - ECFieldElement T = L1.square().add(L1Z1).add(Z1Sq); - if (T.isZero()) - { - return new SecT283R1Point(curve, T, curve.getB().sqrt(), withCompression); - } - - ECFieldElement X3 = T.square(); - ECFieldElement Z3 = Z1IsOne ? T : T.multiply(Z1Sq); - - ECFieldElement X1Z1 = Z1IsOne ? X1 : X1.multiply(Z1); - ECFieldElement L3 = X1Z1.squarePlusProduct(T, L1Z1).add(X3).add(Z3); - - return new SecT283R1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint twicePlus(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return twice(); - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - if (X1.isZero()) - { - // A point with X == 0 is it's own additive inverse - return b; - } - - ECFieldElement X2 = b.getRawXCoord(), Z2 = b.getZCoord(0); - if (X2.isZero() || !Z2.isOne()) - { - return twice().add(b); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - ECFieldElement L2 = b.getRawYCoord(); - - ECFieldElement X1Sq = X1.square(); - ECFieldElement L1Sq = L1.square(); - ECFieldElement Z1Sq = Z1.square(); - ECFieldElement L1Z1 = L1.multiply(Z1); - - ECFieldElement T = Z1Sq.add(L1Sq).add(L1Z1); - ECFieldElement A = L2.multiply(Z1Sq).add(L1Sq).multiplyPlusProduct(T, X1Sq, Z1Sq); - ECFieldElement X2Z1Sq = X2.multiply(Z1Sq); - ECFieldElement B = X2Z1Sq.add(T).square(); - - if (B.isZero()) - { - if (A.isZero()) - { - return b.twice(); - } - - return curve.getInfinity(); - } - - if (A.isZero()) - { - return new SecT283R1Point(curve, A, curve.getB().sqrt(), withCompression); - } - - ECFieldElement X3 = A.square().multiply(X2Z1Sq); - ECFieldElement Z3 = A.multiply(B).multiply(Z1Sq); - ECFieldElement L3 = A.add(B).square().multiplyPlusProduct(T, L2.addOne(), Z3); - - return new SecT283R1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint negate() - { - if (this.isInfinity()) - { - return this; - } - - ECFieldElement X = this.x; - if (X.isZero()) - { - return this; - } - - // L is actually Lambda (X + Y/X) here - ECFieldElement L = this.y, Z = this.zs[0]; - return new SecT283R1Point(curve, X, L.add(Z), new ECFieldElement[]{ Z }, this.withCompression); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT409Field.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT409Field.java deleted file mode 100644 index 9e58a2ba..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT409Field.java +++ /dev/null @@ -1,333 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.raw.Interleave; -import org.bouncycastle.math.raw.Nat; -import org.bouncycastle.math.raw.Nat448; - -public class SecT409Field -{ - private static final long M25 = -1L >>> 39; - private static final long M59 = -1L >>> 5; - - public static void add(long[] x, long[] y, long[] z) - { - z[0] = x[0] ^ y[0]; - z[1] = x[1] ^ y[1]; - z[2] = x[2] ^ y[2]; - z[3] = x[3] ^ y[3]; - z[4] = x[4] ^ y[4]; - z[5] = x[5] ^ y[5]; - z[6] = x[6] ^ y[6]; - } - - public static void addExt(long[] xx, long[] yy, long[] zz) - { - for (int i = 0; i < 13; ++i) - { - zz[i] = xx[i] ^ yy[i]; - } - } - - public static void addOne(long[] x, long[] z) - { - z[0] = x[0] ^ 1L; - z[1] = x[1]; - z[2] = x[2]; - z[3] = x[3]; - z[4] = x[4]; - z[5] = x[5]; - z[6] = x[6]; - } - - public static long[] fromBigInteger(BigInteger x) - { - long[] z = Nat448.fromBigInteger64(x); - reduce39(z, 0); - return z; - } - - public static void invert(long[] x, long[] z) - { - if (Nat448.isZero64(x)) - { - throw new IllegalStateException(); - } - - // Itoh-Tsujii inversion with bases { 2, 3 } - - long[] t0 = Nat448.create64(); - long[] t1 = Nat448.create64(); - long[] t2 = Nat448.create64(); - - square(x, t0); - - // 3 | 408 - squareN(t0, 1, t1); - multiply(t0, t1, t0); - squareN(t1, 1, t1); - multiply(t0, t1, t0); - - // 2 | 136 - squareN(t0, 3, t1); - multiply(t0, t1, t0); - - // 2 | 68 - squareN(t0, 6, t1); - multiply(t0, t1, t0); - - // 2 | 34 - squareN(t0, 12, t1); - multiply(t0, t1, t2); - - // ! {2,3} | 17 - squareN(t2, 24, t0); - squareN(t0, 24, t1); - multiply(t0, t1, t0); - - // 2 | 8 - squareN(t0, 48, t1); - multiply(t0, t1, t0); - - // 2 | 4 - squareN(t0, 96, t1); - multiply(t0, t1, t0); - - // 2 | 2 - squareN(t0, 192, t1); - multiply(t0, t1, t0); - - multiply(t0, t2, z); - } - - public static void multiply(long[] x, long[] y, long[] z) - { - long[] tt = Nat448.createExt64(); - implMultiply(x, y, tt); - reduce(tt, z); - } - - public static void multiplyAddToExt(long[] x, long[] y, long[] zz) - { - long[] tt = Nat448.createExt64(); - implMultiply(x, y, tt); - addExt(zz, tt, zz); - } - - public static void reduce(long[] xx, long[] z) - { - long x00 = xx[0], x01 = xx[1], x02 = xx[2], x03 = xx[3]; - long x04 = xx[4], x05 = xx[5], x06 = xx[6], x07 = xx[7]; - - long u = xx[12]; - x05 ^= (u << 39); - x06 ^= (u >>> 25) ^ (u << 62); - x07 ^= (u >>> 2); - - u = xx[11]; - x04 ^= (u << 39); - x05 ^= (u >>> 25) ^ (u << 62); - x06 ^= (u >>> 2); - - u = xx[10]; - x03 ^= (u << 39); - x04 ^= (u >>> 25) ^ (u << 62); - x05 ^= (u >>> 2); - - u = xx[9]; - x02 ^= (u << 39); - x03 ^= (u >>> 25) ^ (u << 62); - x04 ^= (u >>> 2); - - u = xx[8]; - x01 ^= (u << 39); - x02 ^= (u >>> 25) ^ (u << 62); - x03 ^= (u >>> 2); - - u = x07; - x00 ^= (u << 39); - x01 ^= (u >>> 25) ^ (u << 62); - x02 ^= (u >>> 2); - - long t = x06 >>> 25; - z[0] = x00 ^ t; - z[1] = x01 ^ (t << 23); - z[2] = x02; - z[3] = x03; - z[4] = x04; - z[5] = x05; - z[6] = x06 & M25; - } - - public static void reduce39(long[] z, int zOff) - { - long z6 = z[zOff + 6], t = z6 >>> 25; - z[zOff ] ^= t; - z[zOff + 1] ^= (t << 23); - z[zOff + 6] = z6 & M25; - } - - public static void sqrt(long[] x, long[] z) - { - long u0, u1; - u0 = Interleave.unshuffle(x[0]); u1 = Interleave.unshuffle(x[1]); - long e0 = (u0 & 0x00000000FFFFFFFFL) | (u1 << 32); - long c0 = (u0 >>> 32) | (u1 & 0xFFFFFFFF00000000L); - - u0 = Interleave.unshuffle(x[2]); u1 = Interleave.unshuffle(x[3]); - long e1 = (u0 & 0x00000000FFFFFFFFL) | (u1 << 32); - long c1 = (u0 >>> 32) | (u1 & 0xFFFFFFFF00000000L); - - u0 = Interleave.unshuffle(x[4]); u1 = Interleave.unshuffle(x[5]); - long e2 = (u0 & 0x00000000FFFFFFFFL) | (u1 << 32); - long c2 = (u0 >>> 32) | (u1 & 0xFFFFFFFF00000000L); - - u0 = Interleave.unshuffle(x[6]); - long e3 = (u0 & 0x00000000FFFFFFFFL); - long c3 = (u0 >>> 32); - - z[0] = e0 ^ (c0 << 44); - z[1] = e1 ^ (c1 << 44) ^ (c0 >>> 20); - z[2] = e2 ^ (c2 << 44) ^ (c1 >>> 20); - z[3] = e3 ^ (c3 << 44) ^ (c2 >>> 20) ^ (c0 << 13); - z[4] = (c3 >>> 20) ^ (c1 << 13) ^ (c0 >>> 51); - z[5] = (c2 << 13) ^ (c1 >>> 51); - z[6] = (c3 << 13) ^ (c2 >>> 51); - -// assert (c3 >>> 51) == 0; - } - - public static void square(long[] x, long[] z) - { - long[] tt = Nat.create64(13); - implSquare(x, tt); - reduce(tt, z); - } - - public static void squareAddToExt(long[] x, long[] zz) - { - long[] tt = Nat.create64(13); - implSquare(x, tt); - addExt(zz, tt, zz); - } - - public static void squareN(long[] x, int n, long[] z) - { -// assert n > 0; - - long[] tt = Nat.create64(13); - implSquare(x, tt); - reduce(tt, z); - - while (--n > 0) - { - implSquare(z, tt); - reduce(tt, z); - } - } - - public static int trace(long[] x) - { - // Non-zero-trace bits: 0 - return (int)(x[0]) & 1; - } - - protected static void implCompactExt(long[] zz) - { - long z00 = zz[ 0], z01 = zz[ 1], z02 = zz[ 2], z03 = zz[ 3], z04 = zz[ 4], z05 = zz[ 5], z06 = zz[ 6]; - long z07 = zz[ 7], z08 = zz[ 8], z09 = zz[ 9], z10 = zz[10], z11 = zz[11], z12 = zz[12], z13 = zz[13]; - zz[ 0] = z00 ^ (z01 << 59); - zz[ 1] = (z01 >>> 5) ^ (z02 << 54); - zz[ 2] = (z02 >>> 10) ^ (z03 << 49); - zz[ 3] = (z03 >>> 15) ^ (z04 << 44); - zz[ 4] = (z04 >>> 20) ^ (z05 << 39); - zz[ 5] = (z05 >>> 25) ^ (z06 << 34); - zz[ 6] = (z06 >>> 30) ^ (z07 << 29); - zz[ 7] = (z07 >>> 35) ^ (z08 << 24); - zz[ 8] = (z08 >>> 40) ^ (z09 << 19); - zz[ 9] = (z09 >>> 45) ^ (z10 << 14); - zz[10] = (z10 >>> 50) ^ (z11 << 9); - zz[11] = (z11 >>> 55) ^ (z12 << 4) - ^ (z13 << 63); - zz[12] = (z12 >>> 60) - ^ (z13 >>> 1); - zz[13] = 0; - } - - protected static void implExpand(long[] x, long[] z) - { - long x0 = x[0], x1 = x[1], x2 = x[2], x3 = x[3], x4 = x[4], x5 = x[5], x6 = x[6]; - z[0] = x0 & M59; - z[1] = ((x0 >>> 59) ^ (x1 << 5)) & M59; - z[2] = ((x1 >>> 54) ^ (x2 << 10)) & M59; - z[3] = ((x2 >>> 49) ^ (x3 << 15)) & M59; - z[4] = ((x3 >>> 44) ^ (x4 << 20)) & M59; - z[5] = ((x4 >>> 39) ^ (x5 << 25)) & M59; - z[6] = ((x5 >>> 34) ^ (x6 << 30)); - } - - protected static void implMultiply(long[] x, long[] y, long[] zz) - { - long[] a = new long[7], b = new long[7]; - implExpand(x, a); - implExpand(y, b); - - for (int i = 0; i < 7; ++i) - { - implMulwAcc(a, b[i], zz, i); - } - - implCompactExt(zz); - } - - protected static void implMulwAcc(long[] xs, long y, long[] z, int zOff) - { -// assert y >>> 59 == 0; - - long[] u = new long[8]; -// u[0] = 0; - u[1] = y; - u[2] = u[1] << 1; - u[3] = u[2] ^ y; - u[4] = u[2] << 1; - u[5] = u[4] ^ y; - u[6] = u[3] << 1; - u[7] = u[6] ^ y; - - for (int i = 0; i < 7; ++i) - { - long x = xs[i]; - -// assert x >>> 59 == 0; - - int j = (int)x; - long g, h = 0, l = u[j & 7] - ^ (u[(j >>> 3) & 7] << 3); - int k = 54; - do - { - j = (int)(x >>> k); - g = u[j & 7] - ^ u[(j >>> 3) & 7] << 3; - l ^= (g << k); - h ^= (g >>> -k); - } - while ((k -= 6) > 0); - -// assert h >>> 53 == 0; - - z[zOff + i ] ^= l & M59; - z[zOff + i + 1] ^= (l >>> 59) ^ (h << 5); - } - } - - protected static void implSquare(long[] x, long[] zz) - { - for (int i = 0; i < 6; ++i) - { - Interleave.expand64To128(x[i], zz, i << 1); - } - zz[12] = Interleave.expand32to64((int)x[6]); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT409FieldElement.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT409FieldElement.java deleted file mode 100644 index 6dee877c..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT409FieldElement.java +++ /dev/null @@ -1,227 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.raw.Nat; -import org.bouncycastle.math.raw.Nat448; -import org.bouncycastle.util.Arrays; - -public class SecT409FieldElement extends ECFieldElement.AbstractF2m -{ - protected long[] x; - - public SecT409FieldElement(BigInteger x) - { - if (x == null || x.signum() < 0 || x.bitLength() > 409) - { - throw new IllegalArgumentException("x value invalid for SecT409FieldElement"); - } - - this.x = SecT409Field.fromBigInteger(x); - } - - public SecT409FieldElement() - { - this.x = Nat448.create64(); - } - - protected SecT409FieldElement(long[] x) - { - this.x = x; - } - -// public int bitLength() -// { -// return x.degree(); -// } - - public boolean isOne() - { - return Nat448.isOne64(x); - } - - public boolean isZero() - { - return Nat448.isZero64(x); - } - - public boolean testBitZero() - { - return (x[0] & 1L) != 0L; - } - - public BigInteger toBigInteger() - { - return Nat448.toBigInteger64(x); - } - - public String getFieldName() - { - return "SecT409Field"; - } - - public int getFieldSize() - { - return 409; - } - - public ECFieldElement add(ECFieldElement b) - { - long[] z = Nat448.create64(); - SecT409Field.add(x, ((SecT409FieldElement)b).x, z); - return new SecT409FieldElement(z); - } - - public ECFieldElement addOne() - { - long[] z = Nat448.create64(); - SecT409Field.addOne(x, z); - return new SecT409FieldElement(z); - } - - public ECFieldElement subtract(ECFieldElement b) - { - // Addition and subtraction are the same in F2m - return add(b); - } - - public ECFieldElement multiply(ECFieldElement b) - { - long[] z = Nat448.create64(); - SecT409Field.multiply(x, ((SecT409FieldElement)b).x, z); - return new SecT409FieldElement(z); - } - - public ECFieldElement multiplyMinusProduct(ECFieldElement b, ECFieldElement x, ECFieldElement y) - { - return multiplyPlusProduct(b, x, y); - } - - public ECFieldElement multiplyPlusProduct(ECFieldElement b, ECFieldElement x, ECFieldElement y) - { - long[] ax = this.x, bx = ((SecT409FieldElement)b).x; - long[] xx = ((SecT409FieldElement)x).x, yx = ((SecT409FieldElement)y).x; - - long[] tt = Nat.create64(13); - SecT409Field.multiplyAddToExt(ax, bx, tt); - SecT409Field.multiplyAddToExt(xx, yx, tt); - - long[] z = Nat448.create64(); - SecT409Field.reduce(tt, z); - return new SecT409FieldElement(z); - } - - public ECFieldElement divide(ECFieldElement b) - { - return multiply(b.invert()); - } - - public ECFieldElement negate() - { - return this; - } - - public ECFieldElement square() - { - long[] z = Nat448.create64(); - SecT409Field.square(x, z); - return new SecT409FieldElement(z); - } - - public ECFieldElement squareMinusProduct(ECFieldElement x, ECFieldElement y) - { - return squarePlusProduct(x, y); - } - - public ECFieldElement squarePlusProduct(ECFieldElement x, ECFieldElement y) - { - long[] ax = this.x; - long[] xx = ((SecT409FieldElement)x).x, yx = ((SecT409FieldElement)y).x; - - long[] tt = Nat.create64(13); - SecT409Field.squareAddToExt(ax, tt); - SecT409Field.multiplyAddToExt(xx, yx, tt); - - long[] z = Nat448.create64(); - SecT409Field.reduce(tt, z); - return new SecT409FieldElement(z); - } - - public ECFieldElement squarePow(int pow) - { - if (pow < 1) - { - return this; - } - - long[] z = Nat448.create64(); - SecT409Field.squareN(x, pow, z); - return new SecT409FieldElement(z); - } - - public int trace() - { - return SecT409Field.trace(x); - } - - public ECFieldElement invert() - { - long[] z = Nat448.create64(); - SecT409Field.invert(x, z); - return new SecT409FieldElement(z); - } - - public ECFieldElement sqrt() - { - long[] z = Nat448.create64(); - SecT409Field.sqrt(x, z); - return new SecT409FieldElement(z); - } - - public int getRepresentation() - { - return ECFieldElement.F2m.TPB; - } - - public int getM() - { - return 409; - } - - public int getK1() - { - return 87; - } - - public int getK2() - { - return 0; - } - - public int getK3() - { - return 0; - } - - public boolean equals(Object other) - { - if (other == this) - { - return true; - } - - if (!(other instanceof SecT409FieldElement)) - { - return false; - } - - SecT409FieldElement o = (SecT409FieldElement)other; - return Nat448.eq64(x, o.x); - } - - public int hashCode() - { - return 4090087 ^ Arrays.hashCode(x, 0, 7); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT409K1Curve.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT409K1Curve.java deleted file mode 100644 index 7d304678..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT409K1Curve.java +++ /dev/null @@ -1,155 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECCurve.AbstractF2m; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECLookupTable; -import org.bouncycastle.math.ec.ECMultiplier; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.ec.WTauNafMultiplier; -import org.bouncycastle.math.raw.Nat448; -import org.bouncycastle.util.encoders.Hex; - -public class SecT409K1Curve extends AbstractF2m -{ - private static final int SecT409K1_DEFAULT_COORDS = COORD_LAMBDA_PROJECTIVE; - - protected SecT409K1Point infinity; - - public SecT409K1Curve() - { - super(409, 87, 0, 0); - - this.infinity = new SecT409K1Point(this, null, null); - - this.a = fromBigInteger(BigInteger.valueOf(0)); - this.b = fromBigInteger(BigInteger.valueOf(1)); - this.order = new BigInteger(1, Hex.decode("7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF")); - this.cofactor = BigInteger.valueOf(4); - - this.coord = SecT409K1_DEFAULT_COORDS; - } - - protected ECCurve cloneCurve() - { - return new SecT409K1Curve(); - } - - public boolean supportsCoordinateSystem(int coord) - { - switch (coord) - { - case COORD_LAMBDA_PROJECTIVE: - return true; - default: - return false; - } - } - - protected ECMultiplier createDefaultMultiplier() - { - return new WTauNafMultiplier(); - } - - public int getFieldSize() - { - return 409; - } - - public ECFieldElement fromBigInteger(BigInteger x) - { - return new SecT409FieldElement(x); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, boolean withCompression) - { - return new SecT409K1Point(this, x, y, withCompression); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - return new SecT409K1Point(this, x, y, zs, withCompression); - } - - public ECPoint getInfinity() - { - return infinity; - } - - public boolean isKoblitz() - { - return true; - } - - public int getM() - { - return 409; - } - - public boolean isTrinomial() - { - return true; - } - - public int getK1() - { - return 87; - } - - public int getK2() - { - return 0; - } - - public int getK3() - { - return 0; - } - - public ECLookupTable createCacheSafeLookupTable(ECPoint[] points, int off, final int len) - { - final int FE_LONGS = 7; - - final long[] table = new long[len * FE_LONGS * 2]; - { - int pos = 0; - for (int i = 0; i < len; ++i) - { - ECPoint p = points[off + i]; - Nat448.copy64(((SecT409FieldElement)p.getRawXCoord()).x, 0, table, pos); pos += FE_LONGS; - Nat448.copy64(((SecT409FieldElement)p.getRawYCoord()).x, 0, table, pos); pos += FE_LONGS; - } - } - - return new ECLookupTable() - { - public int getSize() - { - return len; - } - - public ECPoint lookup(int index) - { - long[] x = Nat448.create64(), y = Nat448.create64(); - int pos = 0; - - for (int i = 0; i < len; ++i) - { - long MASK = ((i ^ index) - 1) >> 31; - - for (int j = 0; j < FE_LONGS; ++j) - { - x[j] ^= table[pos + j] & MASK; - y[j] ^= table[pos + FE_LONGS + j] & MASK; - } - - pos += (FE_LONGS * 2); - } - - return createRawPoint(new SecT409FieldElement(x), new SecT409FieldElement(y), false); - } - }; - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT409K1Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT409K1Point.java deleted file mode 100644 index 41155f3f..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT409K1Point.java +++ /dev/null @@ -1,317 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import org.bouncycastle.math.ec.ECConstants; -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.ec.ECPoint.AbstractF2m; - -public class SecT409K1Point extends AbstractF2m -{ - /** - * @deprecated Use ECCurve.createPoint to construct points - */ - public SecT409K1Point(ECCurve curve, ECFieldElement x, ECFieldElement y) - { - this(curve, x, y, false); - } - - /** - * @deprecated per-point compression property will be removed, refer {@link #getEncoded(boolean)} - */ - public SecT409K1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, boolean withCompression) - { - super(curve, x, y); - - if ((x == null) != (y == null)) - { - throw new IllegalArgumentException("Exactly one of the field elements is null"); - } - - this.withCompression = withCompression; - } - - SecT409K1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - super(curve, x, y, zs); - - this.withCompression = withCompression; - } - - protected ECPoint detach() - { - return new SecT409K1Point(null, this.getAffineXCoord(), this.getAffineYCoord()); // earlier JDK - } - - public ECFieldElement getYCoord() - { - ECFieldElement X = x, L = y; - - if (this.isInfinity() || X.isZero()) - { - return L; - } - - // Y is actually Lambda (X + Y/X) here; convert to affine value on the fly - ECFieldElement Y = L.add(X).multiply(X); - - ECFieldElement Z = zs[0]; - if (!Z.isOne()) - { - Y = Y.divide(Z); - } - - return Y; - } - - protected boolean getCompressionYTilde() - { - ECFieldElement X = this.getRawXCoord(); - if (X.isZero()) - { - return false; - } - - ECFieldElement Y = this.getRawYCoord(); - - // Y is actually Lambda (X + Y/X) here - return Y.testBitZero() != X.testBitZero(); - } - - public ECPoint add(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - ECFieldElement X2 = b.getRawXCoord(); - - if (X1.isZero()) - { - if (X2.isZero()) - { - return curve.getInfinity(); - } - - return b.add(this); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - ECFieldElement L2 = b.getRawYCoord(), Z2 = b.getZCoord(0); - - boolean Z1IsOne = Z1.isOne(); - ECFieldElement U2 = X2, S2 = L2; - if (!Z1IsOne) - { - U2 = U2.multiply(Z1); - S2 = S2.multiply(Z1); - } - - boolean Z2IsOne = Z2.isOne(); - ECFieldElement U1 = X1, S1 = L1; - if (!Z2IsOne) - { - U1 = U1.multiply(Z2); - S1 = S1.multiply(Z2); - } - - ECFieldElement A = S1.add(S2); - ECFieldElement B = U1.add(U2); - - if (B.isZero()) - { - if (A.isZero()) - { - return twice(); - } - - return curve.getInfinity(); - } - - ECFieldElement X3, L3, Z3; - if (X2.isZero()) - { - // TODO This can probably be optimized quite a bit - ECPoint p = this.normalize(); - X1 = p.getXCoord(); - ECFieldElement Y1 = p.getYCoord(); - - ECFieldElement Y2 = L2; - ECFieldElement L = Y1.add(Y2).divide(X1); - - X3 = L.square().add(L).add(X1); - if (X3.isZero()) - { - return new SecT409K1Point(curve, X3, curve.getB(), this.withCompression); - } - - ECFieldElement Y3 = L.multiply(X1.add(X3)).add(X3).add(Y1); - L3 = Y3.divide(X3).add(X3); - Z3 = curve.fromBigInteger(ECConstants.ONE); - } - else - { - B = B.square(); - - ECFieldElement AU1 = A.multiply(U1); - ECFieldElement AU2 = A.multiply(U2); - - X3 = AU1.multiply(AU2); - if (X3.isZero()) - { - return new SecT409K1Point(curve, X3, curve.getB(), this.withCompression); - } - - ECFieldElement ABZ2 = A.multiply(B); - if (!Z2IsOne) - { - ABZ2 = ABZ2.multiply(Z2); - } - - L3 = AU2.add(B).squarePlusProduct(ABZ2, L1.add(Z1)); - - Z3 = ABZ2; - if (!Z1IsOne) - { - Z3 = Z3.multiply(Z1); - } - } - - return new SecT409K1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint twice() - { - if (this.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - if (X1.isZero()) - { - // A point with X == 0 is it's own additive inverse - return curve.getInfinity(); - } - - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - - boolean Z1IsOne = Z1.isOne(); - ECFieldElement Z1Sq = Z1IsOne ? Z1 : Z1.square(); - ECFieldElement T; - if (Z1IsOne) - { - T = L1.square().add(L1); - } - else - { - T = L1.add(Z1).multiply(L1); - } - - if (T.isZero()) - { - return new SecT409K1Point(curve, T, curve.getB(), withCompression); - } - - ECFieldElement X3 = T.square(); - ECFieldElement Z3 = Z1IsOne ? T : T.multiply(Z1Sq); - - ECFieldElement t1 = L1.add(X1).square(); - ECFieldElement t2 = Z1IsOne ? Z1 : Z1Sq.square(); - ECFieldElement L3 = t1.add(T).add(Z1Sq).multiply(t1).add(t2).add(X3).add(Z3); - - return new SecT409K1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint twicePlus(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return twice(); - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - if (X1.isZero()) - { - // A point with X == 0 is it's own additive inverse - return b; - } - - // NOTE: twicePlus() only optimized for lambda-affine argument - ECFieldElement X2 = b.getRawXCoord(), Z2 = b.getZCoord(0); - if (X2.isZero() || !Z2.isOne()) - { - return twice().add(b); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - ECFieldElement L2 = b.getRawYCoord(); - - ECFieldElement X1Sq = X1.square(); - ECFieldElement L1Sq = L1.square(); - ECFieldElement Z1Sq = Z1.square(); - ECFieldElement L1Z1 = L1.multiply(Z1); - - ECFieldElement T = L1Sq.add(L1Z1); - ECFieldElement L2plus1 = L2.addOne(); - ECFieldElement A = L2plus1.multiply(Z1Sq).add(L1Sq).multiplyPlusProduct(T, X1Sq, Z1Sq); - ECFieldElement X2Z1Sq = X2.multiply(Z1Sq); - ECFieldElement B = X2Z1Sq.add(T).square(); - - if (B.isZero()) - { - if (A.isZero()) - { - return b.twice(); - } - - return curve.getInfinity(); - } - - if (A.isZero()) - { - return new SecT409K1Point(curve, A, curve.getB(), withCompression); - } - - ECFieldElement X3 = A.square().multiply(X2Z1Sq); - ECFieldElement Z3 = A.multiply(B).multiply(Z1Sq); - ECFieldElement L3 = A.add(B).square().multiplyPlusProduct(T, L2plus1, Z3); - - return new SecT409K1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint negate() - { - if (this.isInfinity()) - { - return this; - } - - ECFieldElement X = this.x; - if (X.isZero()) - { - return this; - } - - // L is actually Lambda (X + Y/X) here - ECFieldElement L = this.y, Z = this.zs[0]; - return new SecT409K1Point(curve, X, L.add(Z), new ECFieldElement[]{ Z }, this.withCompression); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT409R1Curve.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT409R1Curve.java deleted file mode 100644 index f96c1795..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT409R1Curve.java +++ /dev/null @@ -1,148 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECCurve.AbstractF2m; -import org.bouncycastle.math.raw.Nat448; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECLookupTable; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.util.encoders.Hex; - -public class SecT409R1Curve extends AbstractF2m -{ - private static final int SecT409R1_DEFAULT_COORDS = COORD_LAMBDA_PROJECTIVE; - - protected SecT409R1Point infinity; - - public SecT409R1Curve() - { - super(409, 87, 0, 0); - - this.infinity = new SecT409R1Point(this, null, null); - - this.a = fromBigInteger(BigInteger.valueOf(1)); - this.b = fromBigInteger(new BigInteger(1, Hex.decode("0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F"))); - this.order = new BigInteger(1, Hex.decode("010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173")); - this.cofactor = BigInteger.valueOf(2); - - this.coord = SecT409R1_DEFAULT_COORDS; - } - - protected ECCurve cloneCurve() - { - return new SecT409R1Curve(); - } - - public boolean supportsCoordinateSystem(int coord) - { - switch (coord) - { - case COORD_LAMBDA_PROJECTIVE: - return true; - default: - return false; - } - } - - public int getFieldSize() - { - return 409; - } - - public ECFieldElement fromBigInteger(BigInteger x) - { - return new SecT409FieldElement(x); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, boolean withCompression) - { - return new SecT409R1Point(this, x, y, withCompression); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - return new SecT409R1Point(this, x, y, zs, withCompression); - } - - public ECPoint getInfinity() - { - return infinity; - } - - public boolean isKoblitz() - { - return false; - } - - public int getM() - { - return 409; - } - - public boolean isTrinomial() - { - return true; - } - - public int getK1() - { - return 87; - } - - public int getK2() - { - return 0; - } - - public int getK3() - { - return 0; - } - - public ECLookupTable createCacheSafeLookupTable(ECPoint[] points, int off, final int len) - { - final int FE_LONGS = 7; - - final long[] table = new long[len * FE_LONGS * 2]; - { - int pos = 0; - for (int i = 0; i < len; ++i) - { - ECPoint p = points[off + i]; - Nat448.copy64(((SecT409FieldElement)p.getRawXCoord()).x, 0, table, pos); pos += FE_LONGS; - Nat448.copy64(((SecT409FieldElement)p.getRawYCoord()).x, 0, table, pos); pos += FE_LONGS; - } - } - - return new ECLookupTable() - { - public int getSize() - { - return len; - } - - public ECPoint lookup(int index) - { - long[] x = Nat448.create64(), y = Nat448.create64(); - int pos = 0; - - for (int i = 0; i < len; ++i) - { - long MASK = ((i ^ index) - 1) >> 31; - - for (int j = 0; j < FE_LONGS; ++j) - { - x[j] ^= table[pos + j] & MASK; - y[j] ^= table[pos + FE_LONGS + j] & MASK; - } - - pos += (FE_LONGS * 2); - } - - return createRawPoint(new SecT409FieldElement(x), new SecT409FieldElement(y), false); - } - }; - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT409R1Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT409R1Point.java deleted file mode 100644 index 3d3566e2..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT409R1Point.java +++ /dev/null @@ -1,305 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import org.bouncycastle.math.ec.ECConstants; -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.ec.ECPoint.AbstractF2m; - -public class SecT409R1Point extends AbstractF2m -{ - /** - * @deprecated Use ECCurve.createPoint to construct points - */ - public SecT409R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y) - { - this(curve, x, y, false); - } - - /** - * @deprecated per-point compression property will be removed, refer {@link #getEncoded(boolean)} - */ - public SecT409R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, boolean withCompression) - { - super(curve, x, y); - - if ((x == null) != (y == null)) - { - throw new IllegalArgumentException("Exactly one of the field elements is null"); - } - - this.withCompression = withCompression; - } - - SecT409R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - super(curve, x, y, zs); - - this.withCompression = withCompression; - } - - protected ECPoint detach() - { - return new SecT409R1Point(null, getAffineXCoord(), getAffineYCoord()); - } - - public ECFieldElement getYCoord() - { - ECFieldElement X = x, L = y; - - if (this.isInfinity() || X.isZero()) - { - return L; - } - - // Y is actually Lambda (X + Y/X) here; convert to affine value on the fly - ECFieldElement Y = L.add(X).multiply(X); - - ECFieldElement Z = zs[0]; - if (!Z.isOne()) - { - Y = Y.divide(Z); - } - - return Y; - } - - protected boolean getCompressionYTilde() - { - ECFieldElement X = this.getRawXCoord(); - if (X.isZero()) - { - return false; - } - - ECFieldElement Y = this.getRawYCoord(); - - // Y is actually Lambda (X + Y/X) here - return Y.testBitZero() != X.testBitZero(); - } - - public ECPoint add(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - ECFieldElement X2 = b.getRawXCoord(); - - if (X1.isZero()) - { - if (X2.isZero()) - { - return curve.getInfinity(); - } - - return b.add(this); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - ECFieldElement L2 = b.getRawYCoord(), Z2 = b.getZCoord(0); - - boolean Z1IsOne = Z1.isOne(); - ECFieldElement U2 = X2, S2 = L2; - if (!Z1IsOne) - { - U2 = U2.multiply(Z1); - S2 = S2.multiply(Z1); - } - - boolean Z2IsOne = Z2.isOne(); - ECFieldElement U1 = X1, S1 = L1; - if (!Z2IsOne) - { - U1 = U1.multiply(Z2); - S1 = S1.multiply(Z2); - } - - ECFieldElement A = S1.add(S2); - ECFieldElement B = U1.add(U2); - - if (B.isZero()) - { - if (A.isZero()) - { - return twice(); - } - - return curve.getInfinity(); - } - - ECFieldElement X3, L3, Z3; - if (X2.isZero()) - { - // TODO This can probably be optimized quite a bit - ECPoint p = this.normalize(); - X1 = p.getXCoord(); - ECFieldElement Y1 = p.getYCoord(); - - ECFieldElement Y2 = L2; - ECFieldElement L = Y1.add(Y2).divide(X1); - - X3 = L.square().add(L).add(X1).addOne(); - if (X3.isZero()) - { - return new SecT409R1Point(curve, X3, curve.getB().sqrt(), this.withCompression); - } - - ECFieldElement Y3 = L.multiply(X1.add(X3)).add(X3).add(Y1); - L3 = Y3.divide(X3).add(X3); - Z3 = curve.fromBigInteger(ECConstants.ONE); - } - else - { - B = B.square(); - - ECFieldElement AU1 = A.multiply(U1); - ECFieldElement AU2 = A.multiply(U2); - - X3 = AU1.multiply(AU2); - if (X3.isZero()) - { - return new SecT409R1Point(curve, X3, curve.getB().sqrt(), this.withCompression); - } - - ECFieldElement ABZ2 = A.multiply(B); - if (!Z2IsOne) - { - ABZ2 = ABZ2.multiply(Z2); - } - - L3 = AU2.add(B).squarePlusProduct(ABZ2, L1.add(Z1)); - - Z3 = ABZ2; - if (!Z1IsOne) - { - Z3 = Z3.multiply(Z1); - } - } - - return new SecT409R1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint twice() - { - if (this.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - if (X1.isZero()) - { - // A point with X == 0 is it's own additive inverse - return curve.getInfinity(); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - - boolean Z1IsOne = Z1.isOne(); - ECFieldElement L1Z1 = Z1IsOne ? L1 : L1.multiply(Z1); - ECFieldElement Z1Sq = Z1IsOne ? Z1 : Z1.square(); - ECFieldElement T = L1.square().add(L1Z1).add(Z1Sq); - if (T.isZero()) - { - return new SecT409R1Point(curve, T, curve.getB().sqrt(), withCompression); - } - - ECFieldElement X3 = T.square(); - ECFieldElement Z3 = Z1IsOne ? T : T.multiply(Z1Sq); - - ECFieldElement X1Z1 = Z1IsOne ? X1 : X1.multiply(Z1); - ECFieldElement L3 = X1Z1.squarePlusProduct(T, L1Z1).add(X3).add(Z3); - - return new SecT409R1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint twicePlus(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return twice(); - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - if (X1.isZero()) - { - // A point with X == 0 is it's own additive inverse - return b; - } - - ECFieldElement X2 = b.getRawXCoord(), Z2 = b.getZCoord(0); - if (X2.isZero() || !Z2.isOne()) - { - return twice().add(b); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - ECFieldElement L2 = b.getRawYCoord(); - - ECFieldElement X1Sq = X1.square(); - ECFieldElement L1Sq = L1.square(); - ECFieldElement Z1Sq = Z1.square(); - ECFieldElement L1Z1 = L1.multiply(Z1); - - ECFieldElement T = Z1Sq.add(L1Sq).add(L1Z1); - ECFieldElement A = L2.multiply(Z1Sq).add(L1Sq).multiplyPlusProduct(T, X1Sq, Z1Sq); - ECFieldElement X2Z1Sq = X2.multiply(Z1Sq); - ECFieldElement B = X2Z1Sq.add(T).square(); - - if (B.isZero()) - { - if (A.isZero()) - { - return b.twice(); - } - - return curve.getInfinity(); - } - - if (A.isZero()) - { - return new SecT409R1Point(curve, A, curve.getB().sqrt(), withCompression); - } - - ECFieldElement X3 = A.square().multiply(X2Z1Sq); - ECFieldElement Z3 = A.multiply(B).multiply(Z1Sq); - ECFieldElement L3 = A.add(B).square().multiplyPlusProduct(T, L2.addOne(), Z3); - - return new SecT409R1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint negate() - { - if (this.isInfinity()) - { - return this; - } - - ECFieldElement X = this.x; - if (X.isZero()) - { - return this; - } - - // L is actually Lambda (X + Y/X) here - ECFieldElement L = this.y, Z = this.zs[0]; - return new SecT409R1Point(curve, X, L.add(Z), new ECFieldElement[]{ Z }, this.withCompression); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT571Field.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT571Field.java deleted file mode 100644 index 554304b5..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT571Field.java +++ /dev/null @@ -1,369 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.raw.Interleave; -import org.bouncycastle.math.raw.Nat; -import org.bouncycastle.math.raw.Nat576; - -public class SecT571Field -{ - private static final long M59 = -1L >>> 5; - - private static final long RM = 0xEF7BDEF7BDEF7BDEL; - - private static final long[] ROOT_Z = new long[]{ 0x2BE1195F08CAFB99L, 0x95F08CAF84657C23L, 0xCAF84657C232BE11L, 0x657C232BE1195F08L, - 0xF84657C2308CAF84L, 0x7C232BE1195F08CAL, 0xBE1195F08CAF8465L, 0x5F08CAF84657C232L, 0x784657C232BE119L }; - - public static void add(long[] x, long[] y, long[] z) - { - for (int i = 0; i < 9; ++i) - { - z[i] = x[i] ^ y[i]; - } - } - - private static void add(long[] x, int xOff, long[] y, int yOff, long[] z, int zOff) - { - for (int i = 0; i < 9; ++i) - { - z[zOff + i] = x[xOff + i] ^ y[yOff + i]; - } - } - - public static void addBothTo(long[] x, long[] y, long[] z) - { - for (int i = 0; i < 9; ++i) - { - z[i] ^= x[i] ^ y[i]; - } - } - - private static void addBothTo(long[] x, int xOff, long[] y, int yOff, long[] z, int zOff) - { - for (int i = 0; i < 9; ++i) - { - z[zOff + i] ^= x[xOff + i] ^ y[yOff + i]; - } - } - - public static void addExt(long[] xx, long[] yy, long[] zz) - { - for (int i = 0; i < 18; ++i) - { - zz[i] = xx[i] ^ yy[i]; - } - } - - public static void addOne(long[] x, long[] z) - { - z[0] = x[0] ^ 1L; - for (int i = 1; i < 9; ++i) - { - z[i] = x[i]; - } - } - - public static long[] fromBigInteger(BigInteger x) - { - long[] z = Nat576.fromBigInteger64(x); - reduce5(z, 0); - return z; - } - - public static void invert(long[] x, long[] z) - { - if (Nat576.isZero64(x)) - { - throw new IllegalStateException(); - } - - // Itoh-Tsujii inversion with bases { 2, 3, 5 } - - long[] t0 = Nat576.create64(); - long[] t1 = Nat576.create64(); - long[] t2 = Nat576.create64(); - - square(x, t2); - - // 5 | 570 - square(t2, t0); - square(t0, t1); - multiply(t0, t1, t0); - squareN(t0, 2, t1); - multiply(t0, t1, t0); - multiply(t0, t2, t0); - - // 3 | 114 - squareN(t0, 5, t1); - multiply(t0, t1, t0); - squareN(t1, 5, t1); - multiply(t0, t1, t0); - - // 2 | 38 - squareN(t0, 15, t1); - multiply(t0, t1, t2); - - // ! {2,3,5} | 19 - squareN(t2, 30, t0); - squareN(t0, 30, t1); - multiply(t0, t1, t0); - - // 3 | 9 - squareN(t0, 60, t1); - multiply(t0, t1, t0); - squareN(t1, 60, t1); - multiply(t0, t1, t0); - - // 3 | 3 - squareN(t0, 180, t1); - multiply(t0, t1, t0); - squareN(t1, 180, t1); - multiply(t0, t1, t0); - - multiply(t0, t2, z); - } - - public static void multiply(long[] x, long[] y, long[] z) - { - long[] tt = Nat576.createExt64(); - implMultiply(x, y, tt); - reduce(tt, z); - } - - public static void multiplyAddToExt(long[] x, long[] y, long[] zz) - { - long[] tt = Nat576.createExt64(); - implMultiply(x, y, tt); - addExt(zz, tt, zz); - } - - public static void multiplyPrecomp(long[] x, long[] precomp, long[] z) - { - long[] tt = Nat576.createExt64(); - implMultiplyPrecomp(x, precomp, tt); - reduce(tt, z); - } - - public static void multiplyPrecompAddToExt(long[] x, long[] precomp, long[] zz) - { - long[] tt = Nat576.createExt64(); - implMultiplyPrecomp(x, precomp, tt); - addExt(zz, tt, zz); - } - - public static long[] precompMultiplicand(long[] x) - { - /* - * Precompute table of all 4-bit products of x (first section) - */ - int len = 9 << 4; - long[] t = new long[len << 1]; - System.arraycopy(x, 0, t, 9, 9); -// reduce5(T0, 9); - int tOff = 0; - for (int i = 7; i > 0; --i) - { - tOff += 18; - Nat.shiftUpBit64(9, t, tOff >>> 1, 0L, t, tOff); - reduce5(t, tOff); - add(t, 9, t, tOff, t, tOff + 9); - } - - /* - * Second section with all 4-bit products of B shifted 4 bits - */ - Nat.shiftUpBits64(len, t, 0, 4, 0L, t, len); - - return t; - } - - public static void reduce(long[] xx, long[] z) - { - long xx09 = xx[9]; - long u = xx[17], v = xx09; - - xx09 = v ^ (u >>> 59) ^ (u >>> 57) ^ (u >>> 54) ^ (u >>> 49); - v = xx[8] ^ (u << 5) ^ (u << 7) ^ (u << 10) ^ (u << 15); - - for (int i = 16; i >= 10; --i) - { - u = xx[i]; - z[i - 8] = v ^ (u >>> 59) ^ (u >>> 57) ^ (u >>> 54) ^ (u >>> 49); - v = xx[i - 9] ^ (u << 5) ^ (u << 7) ^ (u << 10) ^ (u << 15); - } - - u = xx09; - z[1] = v ^ (u >>> 59) ^ (u >>> 57) ^ (u >>> 54) ^ (u >>> 49); - v = xx[0] ^ (u << 5) ^ (u << 7) ^ (u << 10) ^ (u << 15); - - long x08 = z[8]; - long t = x08 >>> 59; - z[0] = v ^ t ^ (t << 2) ^ (t << 5) ^ (t << 10); - z[8] = x08 & M59; - } - - public static void reduce5(long[] z, int zOff) - { - long z8 = z[zOff + 8], t = z8 >>> 59; - z[zOff ] ^= t ^ (t << 2) ^ (t << 5) ^ (t << 10); - z[zOff + 8] = z8 & M59; - } - - public static void sqrt(long[] x, long[] z) - { - long[] evn = Nat576.create64(), odd = Nat576.create64(); - - int pos = 0; - for (int i = 0; i < 4; ++i) - { - long u0 = Interleave.unshuffle(x[pos++]); - long u1 = Interleave.unshuffle(x[pos++]); - evn[i] = (u0 & 0x00000000FFFFFFFFL) | (u1 << 32); - odd[i] = (u0 >>> 32) | (u1 & 0xFFFFFFFF00000000L); - } - { - long u0 = Interleave.unshuffle(x[pos]); - evn[4] = (u0 & 0x00000000FFFFFFFFL); - odd[4] = (u0 >>> 32); - } - - multiply(odd, ROOT_Z, z); - add(z, evn, z); - } - - public static void square(long[] x, long[] z) - { - long[] tt = Nat576.createExt64(); - implSquare(x, tt); - reduce(tt, z); - } - - public static void squareAddToExt(long[] x, long[] zz) - { - long[] tt = Nat576.createExt64(); - implSquare(x, tt); - addExt(zz, tt, zz); - } - - public static void squareN(long[] x, int n, long[] z) - { -// assert n > 0; - - long[] tt = Nat576.createExt64(); - implSquare(x, tt); - reduce(tt, z); - - while (--n > 0) - { - implSquare(z, tt); - reduce(tt, z); - } - } - - public static int trace(long[] x) - { - // Non-zero-trace bits: 0, 561, 569 - return (int)(x[0] ^ (x[8] >>> 49) ^ (x[8] >>> 57)) & 1; - } - - protected static void implMultiply(long[] x, long[] y, long[] zz) - { -// for (int i = 0; i < 9; ++i) -// { -// implMulwAcc(x, y[i], zz, i); -// } - - long[] precomp = precompMultiplicand(y); - - implMultiplyPrecomp(x, precomp, zz); - } - - protected static void implMultiplyPrecomp(long[] x, long[] precomp, long[] zz) - { - int MASK = 0xF; - - /* - * Lopez-Dahab algorithm - */ - - for (int k = 56; k >= 0; k -= 8) - { - for (int j = 1; j < 9; j += 2) - { - int aVal = (int)(x[j] >>> k); - int u = aVal & MASK; - int v = (aVal >>> 4) & MASK; - addBothTo(precomp, 9 * u, precomp, 9 * (v + 16), zz, j - 1); - } - Nat.shiftUpBits64(16, zz, 0, 8, 0L); - } - - for (int k = 56; k >= 0; k -= 8) - { - for (int j = 0; j < 9; j += 2) - { - int aVal = (int)(x[j] >>> k); - int u = aVal & MASK; - int v = (aVal >>> 4) & MASK; - addBothTo(precomp, 9 * u, precomp, 9 * (v + 16), zz, j); - } - if (k > 0) - { - Nat.shiftUpBits64(18, zz, 0, 8, 0L); - } - } - } - - protected static void implMulwAcc(long[] xs, long y, long[] z, int zOff) - { - long[] u = new long[32]; -// u[0] = 0; - u[1] = y; - for (int i = 2; i < 32; i += 2) - { - u[i ] = u[i >>> 1] << 1; - u[i + 1] = u[i ] ^ y; - } - - long l = 0; - for (int i = 0; i < 9; ++i) - { - long x = xs[i]; - - int j = (int)x; - - l ^= u[j & 31]; - - long g, h = 0; - int k = 60; - do - { - j = (int)(x >>> k); - g = u[j & 31]; - l ^= (g << k); - h ^= (g >>> -k); - } - while ((k -= 5) > 0); - - for (int p = 0; p < 4; ++p) - { - x = (x & RM) >>> 1; - h ^= x & ((y << p) >> 63); - } - - z[zOff + i] ^= l; - - l = h; - } - z[zOff + 9] ^= l; - } - - protected static void implSquare(long[] x, long[] zz) - { - for (int i = 0; i < 9; ++i) - { - Interleave.expand64To128(x[i], zz, i << 1); - } - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT571FieldElement.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT571FieldElement.java deleted file mode 100644 index 484ad8c3..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT571FieldElement.java +++ /dev/null @@ -1,226 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.raw.Nat576; -import org.bouncycastle.util.Arrays; - -public class SecT571FieldElement extends ECFieldElement.AbstractF2m -{ - protected long[] x; - - public SecT571FieldElement(BigInteger x) - { - if (x == null || x.signum() < 0 || x.bitLength() > 571) - { - throw new IllegalArgumentException("x value invalid for SecT571FieldElement"); - } - - this.x = SecT571Field.fromBigInteger(x); - } - - public SecT571FieldElement() - { - this.x = Nat576.create64(); - } - - protected SecT571FieldElement(long[] x) - { - this.x = x; - } - -// public int bitLength() -// { -// return x.degree(); -// } - - public boolean isOne() - { - return Nat576.isOne64(x); - } - - public boolean isZero() - { - return Nat576.isZero64(x); - } - - public boolean testBitZero() - { - return (x[0] & 1L) != 0L; - } - - public BigInteger toBigInteger() - { - return Nat576.toBigInteger64(x); - } - - public String getFieldName() - { - return "SecT571Field"; - } - - public int getFieldSize() - { - return 571; - } - - public ECFieldElement add(ECFieldElement b) - { - long[] z = Nat576.create64(); - SecT571Field.add(x, ((SecT571FieldElement)b).x, z); - return new SecT571FieldElement(z); - } - - public ECFieldElement addOne() - { - long[] z = Nat576.create64(); - SecT571Field.addOne(x, z); - return new SecT571FieldElement(z); - } - - public ECFieldElement subtract(ECFieldElement b) - { - // Addition and subtraction are the same in F2m - return add(b); - } - - public ECFieldElement multiply(ECFieldElement b) - { - long[] z = Nat576.create64(); - SecT571Field.multiply(x, ((SecT571FieldElement)b).x, z); - return new SecT571FieldElement(z); - } - - public ECFieldElement multiplyMinusProduct(ECFieldElement b, ECFieldElement x, ECFieldElement y) - { - return multiplyPlusProduct(b, x, y); - } - - public ECFieldElement multiplyPlusProduct(ECFieldElement b, ECFieldElement x, ECFieldElement y) - { - long[] ax = this.x, bx = ((SecT571FieldElement)b).x; - long[] xx = ((SecT571FieldElement)x).x, yx = ((SecT571FieldElement)y).x; - - long[] tt = Nat576.createExt64(); - SecT571Field.multiplyAddToExt(ax, bx, tt); - SecT571Field.multiplyAddToExt(xx, yx, tt); - - long[] z = Nat576.create64(); - SecT571Field.reduce(tt, z); - return new SecT571FieldElement(z); - } - - public ECFieldElement divide(ECFieldElement b) - { - return multiply(b.invert()); - } - - public ECFieldElement negate() - { - return this; - } - - public ECFieldElement square() - { - long[] z = Nat576.create64(); - SecT571Field.square(x, z); - return new SecT571FieldElement(z); - } - - public ECFieldElement squareMinusProduct(ECFieldElement x, ECFieldElement y) - { - return squarePlusProduct(x, y); - } - - public ECFieldElement squarePlusProduct(ECFieldElement x, ECFieldElement y) - { - long[] ax = this.x; - long[] xx = ((SecT571FieldElement)x).x, yx = ((SecT571FieldElement)y).x; - - long[] tt = Nat576.createExt64(); - SecT571Field.squareAddToExt(ax, tt); - SecT571Field.multiplyAddToExt(xx, yx, tt); - - long[] z = Nat576.create64(); - SecT571Field.reduce(tt, z); - return new SecT571FieldElement(z); - } - - public ECFieldElement squarePow(int pow) - { - if (pow < 1) - { - return this; - } - - long[] z = Nat576.create64(); - SecT571Field.squareN(x, pow, z); - return new SecT571FieldElement(z); - } - - public int trace() - { - return SecT571Field.trace(x); - } - - public ECFieldElement invert() - { - long[] z = Nat576.create64(); - SecT571Field.invert(x, z); - return new SecT571FieldElement(z); - } - - public ECFieldElement sqrt() - { - long[] z = Nat576.create64(); - SecT571Field.sqrt(x, z); - return new SecT571FieldElement(z); - } - - public int getRepresentation() - { - return ECFieldElement.F2m.PPB; - } - - public int getM() - { - return 571; - } - - public int getK1() - { - return 2; - } - - public int getK2() - { - return 5; - } - - public int getK3() - { - return 10; - } - - public boolean equals(Object other) - { - if (other == this) - { - return true; - } - - if (!(other instanceof SecT571FieldElement)) - { - return false; - } - - SecT571FieldElement o = (SecT571FieldElement)other; - return Nat576.eq64(x, o.x); - } - - public int hashCode() - { - return 5711052 ^ Arrays.hashCode(x, 0, 9); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT571K1Curve.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT571K1Curve.java deleted file mode 100644 index 935fc39d..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT571K1Curve.java +++ /dev/null @@ -1,155 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECCurve.AbstractF2m; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECLookupTable; -import org.bouncycastle.math.ec.ECMultiplier; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.ec.WTauNafMultiplier; -import org.bouncycastle.math.raw.Nat576; -import org.bouncycastle.util.encoders.Hex; - -public class SecT571K1Curve extends AbstractF2m -{ - private static final int SecT571K1_DEFAULT_COORDS = COORD_LAMBDA_PROJECTIVE; - - protected SecT571K1Point infinity; - - public SecT571K1Curve() - { - super(571, 2, 5, 10); - - this.infinity = new SecT571K1Point(this, null, null); - - this.a = fromBigInteger(BigInteger.valueOf(0)); - this.b = fromBigInteger(BigInteger.valueOf(1)); - this.order = new BigInteger(1, Hex.decode("020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001")); - this.cofactor = BigInteger.valueOf(4); - - this.coord = SecT571K1_DEFAULT_COORDS; - } - - protected ECCurve cloneCurve() - { - return new SecT571K1Curve(); - } - - public boolean supportsCoordinateSystem(int coord) - { - switch (coord) - { - case COORD_LAMBDA_PROJECTIVE: - return true; - default: - return false; - } - } - - protected ECMultiplier createDefaultMultiplier() - { - return new WTauNafMultiplier(); - } - - public int getFieldSize() - { - return 571; - } - - public ECFieldElement fromBigInteger(BigInteger x) - { - return new SecT571FieldElement(x); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, boolean withCompression) - { - return new SecT571K1Point(this, x, y, withCompression); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - return new SecT571K1Point(this, x, y, zs, withCompression); - } - - public ECPoint getInfinity() - { - return infinity; - } - - public boolean isKoblitz() - { - return true; - } - - public int getM() - { - return 571; - } - - public boolean isTrinomial() - { - return false; - } - - public int getK1() - { - return 2; - } - - public int getK2() - { - return 5; - } - - public int getK3() - { - return 10; - } - - public ECLookupTable createCacheSafeLookupTable(ECPoint[] points, int off, final int len) - { - final int FE_LONGS = 9; - - final long[] table = new long[len * FE_LONGS * 2]; - { - int pos = 0; - for (int i = 0; i < len; ++i) - { - ECPoint p = points[off + i]; - Nat576.copy64(((SecT571FieldElement)p.getRawXCoord()).x, 0, table, pos); pos += FE_LONGS; - Nat576.copy64(((SecT571FieldElement)p.getRawYCoord()).x, 0, table, pos); pos += FE_LONGS; - } - } - - return new ECLookupTable() - { - public int getSize() - { - return len; - } - - public ECPoint lookup(int index) - { - long[] x = Nat576.create64(), y = Nat576.create64(); - int pos = 0; - - for (int i = 0; i < len; ++i) - { - long MASK = ((i ^ index) - 1) >> 31; - - for (int j = 0; j < FE_LONGS; ++j) - { - x[j] ^= table[pos + j] & MASK; - y[j] ^= table[pos + FE_LONGS + j] & MASK; - } - - pos += (FE_LONGS * 2); - } - - return createRawPoint(new SecT571FieldElement(x), new SecT571FieldElement(y), false); - } - }; - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT571K1Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT571K1Point.java deleted file mode 100644 index 8f1c4cae..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT571K1Point.java +++ /dev/null @@ -1,353 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import org.bouncycastle.math.ec.ECConstants; -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.ec.ECPoint.AbstractF2m; -import org.bouncycastle.math.raw.Nat576; - -public class SecT571K1Point extends AbstractF2m -{ - /** - * @deprecated Use ECCurve.createPoint to construct points - */ - public SecT571K1Point(ECCurve curve, ECFieldElement x, ECFieldElement y) - { - this(curve, x, y, false); - } - - /** - * @deprecated per-point compression property will be removed, refer {@link #getEncoded(boolean)} - */ - public SecT571K1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, boolean withCompression) - { - super(curve, x, y); - - if ((x == null) != (y == null)) - { - throw new IllegalArgumentException("Exactly one of the field elements is null"); - } - - this.withCompression = withCompression; - } - - SecT571K1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - super(curve, x, y, zs); - - this.withCompression = withCompression; - } - - protected ECPoint detach() - { - return new SecT571K1Point(null, this.getAffineXCoord(), this.getAffineYCoord()); // earlier JDK - } - - public ECFieldElement getYCoord() - { - ECFieldElement X = x, L = y; - - if (this.isInfinity() || X.isZero()) - { - return L; - } - - // Y is actually Lambda (X + Y/X) here; convert to affine value on the fly - ECFieldElement Y = L.add(X).multiply(X); - - ECFieldElement Z = zs[0]; - if (!Z.isOne()) - { - Y = Y.divide(Z); - } - - return Y; - } - - protected boolean getCompressionYTilde() - { - ECFieldElement X = this.getRawXCoord(); - if (X.isZero()) - { - return false; - } - - ECFieldElement Y = this.getRawYCoord(); - - // Y is actually Lambda (X + Y/X) here - return Y.testBitZero() != X.testBitZero(); - } - - public ECPoint add(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - SecT571FieldElement X1 = (SecT571FieldElement)this.x; - SecT571FieldElement X2 = (SecT571FieldElement)b.getRawXCoord(); - - if (X1.isZero()) - { - if (X2.isZero()) - { - return curve.getInfinity(); - } - - return b.add(this); - } - - SecT571FieldElement L1 = (SecT571FieldElement)this.y, Z1 = (SecT571FieldElement)this.zs[0]; - SecT571FieldElement L2 = (SecT571FieldElement)b.getRawYCoord(), Z2 = (SecT571FieldElement)b.getZCoord(0); - - long[] t1 = Nat576.create64(); - long[] t2 = Nat576.create64(); - long[] t3 = Nat576.create64(); - long[] t4 = Nat576.create64(); - - long[] Z1Precomp = Z1.isOne() ? null : SecT571Field.precompMultiplicand(Z1.x); - long[] U2, S2; - if (Z1Precomp == null) - { - U2 = X2.x; - S2 = L2.x; - } - else - { - SecT571Field.multiplyPrecomp(X2.x, Z1Precomp, U2 = t2); - SecT571Field.multiplyPrecomp(L2.x, Z1Precomp, S2 = t4); - } - - long[] Z2Precomp = Z2.isOne() ? null : SecT571Field.precompMultiplicand(Z2.x); - long[] U1, S1; - if (Z2Precomp == null) - { - U1 = X1.x; - S1 = L1.x; - } - else - { - SecT571Field.multiplyPrecomp(X1.x, Z2Precomp, U1 = t1); - SecT571Field.multiplyPrecomp(L1.x, Z2Precomp, S1 = t3); - } - - long[] A = t3; - SecT571Field.add(S1, S2, A); - - long[] B = t4; - SecT571Field.add(U1, U2, B); - - if (Nat576.isZero64(B)) - { - if (Nat576.isZero64(A)) - { - return twice(); - } - - return curve.getInfinity(); - } - - SecT571FieldElement X3, L3, Z3; - if (X2.isZero()) - { - // TODO This can probably be optimized quite a bit - ECPoint p = this.normalize(); - X1 = (SecT571FieldElement)p.getXCoord(); - ECFieldElement Y1 = p.getYCoord(); - - ECFieldElement Y2 = L2; - ECFieldElement L = Y1.add(Y2).divide(X1); - - X3 = (SecT571FieldElement)L.square().add(L).add(X1); - if (X3.isZero()) - { - return new SecT571K1Point(curve, X3, curve.getB(), this.withCompression); - } - - ECFieldElement Y3 = L.multiply(X1.add(X3)).add(X3).add(Y1); - L3 = (SecT571FieldElement)Y3.divide(X3).add(X3); - Z3 = (SecT571FieldElement)curve.fromBigInteger(ECConstants.ONE); - } - else - { - SecT571Field.square(B, B); - - long[] APrecomp = SecT571Field.precompMultiplicand(A); - - long[] AU1 = t1; - long[] AU2 = t2; - - SecT571Field.multiplyPrecomp(U1, APrecomp, AU1); - SecT571Field.multiplyPrecomp(U2, APrecomp, AU2); - - X3 = new SecT571FieldElement(t1); - SecT571Field.multiply(AU1, AU2, X3.x); - - if (X3.isZero()) - { - return new SecT571K1Point(curve, X3, curve.getB(), this.withCompression); - } - - Z3 = new SecT571FieldElement(t3); - SecT571Field.multiplyPrecomp(B, APrecomp, Z3.x); - - if (Z2Precomp != null) - { - SecT571Field.multiplyPrecomp(Z3.x, Z2Precomp, Z3.x); - } - - long[] tt = Nat576.createExt64(); - - SecT571Field.add(AU2, B, t4); - SecT571Field.squareAddToExt(t4, tt); - - SecT571Field.add(L1.x, Z1.x, t4); - SecT571Field.multiplyAddToExt(t4, Z3.x, tt); - - L3 = new SecT571FieldElement(t4); - SecT571Field.reduce(tt, L3.x); - - if (Z1Precomp != null) - { - SecT571Field.multiplyPrecomp(Z3.x, Z1Precomp, Z3.x); - } - } - - return new SecT571K1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint twice() - { - if (this.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - if (X1.isZero()) - { - // A point with X == 0 is it's own additive inverse - return curve.getInfinity(); - } - - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - - boolean Z1IsOne = Z1.isOne(); - ECFieldElement Z1Sq = Z1IsOne ? Z1 : Z1.square(); - ECFieldElement T; - if (Z1IsOne) - { - T = L1.square().add(L1); - } - else - { - T = L1.add(Z1).multiply(L1); - } - - if (T.isZero()) - { - return new SecT571K1Point(curve, T, curve.getB(), withCompression); - } - - ECFieldElement X3 = T.square(); - ECFieldElement Z3 = Z1IsOne ? T : T.multiply(Z1Sq); - - ECFieldElement t1 = L1.add(X1).square(); - ECFieldElement t2 = Z1IsOne ? Z1 : Z1Sq.square(); - ECFieldElement L3 = t1.add(T).add(Z1Sq).multiply(t1).add(t2).add(X3).add(Z3); - - return new SecT571K1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint twicePlus(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return twice(); - } - - ECCurve curve = this.getCurve(); - - ECFieldElement X1 = this.x; - if (X1.isZero()) - { - // A point with X == 0 is it's own additive inverse - return b; - } - - // NOTE: twicePlus() only optimized for lambda-affine argument - ECFieldElement X2 = b.getRawXCoord(), Z2 = b.getZCoord(0); - if (X2.isZero() || !Z2.isOne()) - { - return twice().add(b); - } - - ECFieldElement L1 = this.y, Z1 = this.zs[0]; - ECFieldElement L2 = b.getRawYCoord(); - - ECFieldElement X1Sq = X1.square(); - ECFieldElement L1Sq = L1.square(); - ECFieldElement Z1Sq = Z1.square(); - ECFieldElement L1Z1 = L1.multiply(Z1); - - ECFieldElement T = L1Sq.add(L1Z1); - ECFieldElement L2plus1 = L2.addOne(); - ECFieldElement A = L2plus1.multiply(Z1Sq).add(L1Sq).multiplyPlusProduct(T, X1Sq, Z1Sq); - ECFieldElement X2Z1Sq = X2.multiply(Z1Sq); - ECFieldElement B = X2Z1Sq.add(T).square(); - - if (B.isZero()) - { - if (A.isZero()) - { - return b.twice(); - } - - return curve.getInfinity(); - } - - if (A.isZero()) - { - return new SecT571K1Point(curve, A, curve.getB(), withCompression); - } - - ECFieldElement X3 = A.square().multiply(X2Z1Sq); - ECFieldElement Z3 = A.multiply(B).multiply(Z1Sq); - ECFieldElement L3 = A.add(B).square().multiplyPlusProduct(T, L2plus1, Z3); - - return new SecT571K1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint negate() - { - if (this.isInfinity()) - { - return this; - } - - ECFieldElement X = this.x; - if (X.isZero()) - { - return this; - } - - // L is actually Lambda (X + Y/X) here - ECFieldElement L = this.y, Z = this.zs[0]; - return new SecT571K1Point(curve, X, L.add(Z), new ECFieldElement[]{ Z }, this.withCompression); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT571R1Curve.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT571R1Curve.java deleted file mode 100644 index 00dd63bb..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT571R1Curve.java +++ /dev/null @@ -1,152 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import java.math.BigInteger; - -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECCurve.AbstractF2m; -import org.bouncycastle.math.raw.Nat576; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECLookupTable; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.util.encoders.Hex; - -public class SecT571R1Curve extends AbstractF2m -{ - private static final int SecT571R1_DEFAULT_COORDS = COORD_LAMBDA_PROJECTIVE; - - protected SecT571R1Point infinity; - - static final SecT571FieldElement SecT571R1_B = new SecT571FieldElement( - new BigInteger(1, Hex.decode("02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A"))); - static final SecT571FieldElement SecT571R1_B_SQRT = (SecT571FieldElement)SecT571R1_B.sqrt(); - - public SecT571R1Curve() - { - super(571, 2, 5, 10); - - this.infinity = new SecT571R1Point(this, null, null); - - this.a = fromBigInteger(BigInteger.valueOf(1)); - this.b = SecT571R1_B; - this.order = new BigInteger(1, Hex.decode("03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47")); - this.cofactor = BigInteger.valueOf(2); - - this.coord = SecT571R1_DEFAULT_COORDS; - } - - protected ECCurve cloneCurve() - { - return new SecT571R1Curve(); - } - - public boolean supportsCoordinateSystem(int coord) - { - switch (coord) - { - case COORD_LAMBDA_PROJECTIVE: - return true; - default: - return false; - } - } - - public int getFieldSize() - { - return 571; - } - - public ECFieldElement fromBigInteger(BigInteger x) - { - return new SecT571FieldElement(x); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, boolean withCompression) - { - return new SecT571R1Point(this, x, y, withCompression); - } - - protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - return new SecT571R1Point(this, x, y, zs, withCompression); - } - - public ECPoint getInfinity() - { - return infinity; - } - - public boolean isKoblitz() - { - return false; - } - - public int getM() - { - return 571; - } - - public boolean isTrinomial() - { - return false; - } - - public int getK1() - { - return 2; - } - - public int getK2() - { - return 5; - } - - public int getK3() - { - return 10; - } - - public ECLookupTable createCacheSafeLookupTable(ECPoint[] points, int off, final int len) - { - final int FE_LONGS = 9; - - final long[] table = new long[len * FE_LONGS * 2]; - { - int pos = 0; - for (int i = 0; i < len; ++i) - { - ECPoint p = points[off + i]; - Nat576.copy64(((SecT571FieldElement)p.getRawXCoord()).x, 0, table, pos); pos += FE_LONGS; - Nat576.copy64(((SecT571FieldElement)p.getRawYCoord()).x, 0, table, pos); pos += FE_LONGS; - } - } - - return new ECLookupTable() - { - public int getSize() - { - return len; - } - - public ECPoint lookup(int index) - { - long[] x = Nat576.create64(), y = Nat576.create64(); - int pos = 0; - - for (int i = 0; i < len; ++i) - { - long MASK = ((i ^ index) - 1) >> 31; - - for (int j = 0; j < FE_LONGS; ++j) - { - x[j] ^= table[pos + j] & MASK; - y[j] ^= table[pos + FE_LONGS + j] & MASK; - } - - pos += (FE_LONGS * 2); - } - - return createRawPoint(new SecT571FieldElement(x), new SecT571FieldElement(y), false); - } - }; - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT571R1Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT571R1Point.java deleted file mode 100644 index 71766d67..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecT571R1Point.java +++ /dev/null @@ -1,421 +0,0 @@ -package org.bouncycastle.math.ec.custom.sec; - -import org.bouncycastle.math.ec.ECConstants; -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.ec.ECPoint.AbstractF2m; -import org.bouncycastle.math.raw.Nat; -import org.bouncycastle.math.raw.Nat576; - -public class SecT571R1Point extends AbstractF2m -{ - /** - * @deprecated Use ECCurve.createPoint to construct points - */ - public SecT571R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y) - { - this(curve, x, y, false); - } - - /** - * @deprecated per-point compression property will be removed, refer {@link #getEncoded(boolean)} - */ - public SecT571R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, boolean withCompression) - { - super(curve, x, y); - - if ((x == null) != (y == null)) - { - throw new IllegalArgumentException("Exactly one of the field elements is null"); - } - - this.withCompression = withCompression; - } - - SecT571R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression) - { - super(curve, x, y, zs); - - this.withCompression = withCompression; - } - - protected ECPoint detach() - { - return new SecT571R1Point(null, getAffineXCoord(), getAffineYCoord()); - } - - public ECFieldElement getYCoord() - { - ECFieldElement X = x, L = y; - - if (this.isInfinity() || X.isZero()) - { - return L; - } - - // Y is actually Lambda (X + Y/X) here; convert to affine value on the fly - ECFieldElement Y = L.add(X).multiply(X); - - ECFieldElement Z = zs[0]; - if (!Z.isOne()) - { - Y = Y.divide(Z); - } - - return Y; - } - - protected boolean getCompressionYTilde() - { - ECFieldElement X = this.getRawXCoord(); - if (X.isZero()) - { - return false; - } - - ECFieldElement Y = this.getRawYCoord(); - - // Y is actually Lambda (X + Y/X) here - return Y.testBitZero() != X.testBitZero(); - } - - public ECPoint add(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - SecT571FieldElement X1 = (SecT571FieldElement)this.x; - SecT571FieldElement X2 = (SecT571FieldElement)b.getRawXCoord(); - - if (X1.isZero()) - { - if (X2.isZero()) - { - return curve.getInfinity(); - } - - return b.add(this); - } - - SecT571FieldElement L1 = (SecT571FieldElement)this.y, Z1 = (SecT571FieldElement)this.zs[0]; - SecT571FieldElement L2 = (SecT571FieldElement)b.getRawYCoord(), Z2 = (SecT571FieldElement)b.getZCoord(0); - - long[] t1 = Nat576.create64(); - long[] t2 = Nat576.create64(); - long[] t3 = Nat576.create64(); - long[] t4 = Nat576.create64(); - - long[] Z1Precomp = Z1.isOne() ? null : SecT571Field.precompMultiplicand(Z1.x); - long[] U2, S2; - if (Z1Precomp == null) - { - U2 = X2.x; - S2 = L2.x; - } - else - { - SecT571Field.multiplyPrecomp(X2.x, Z1Precomp, U2 = t2); - SecT571Field.multiplyPrecomp(L2.x, Z1Precomp, S2 = t4); - } - - long[] Z2Precomp = Z2.isOne() ? null : SecT571Field.precompMultiplicand(Z2.x); - long[] U1, S1; - if (Z2Precomp == null) - { - U1 = X1.x; - S1 = L1.x; - } - else - { - SecT571Field.multiplyPrecomp(X1.x, Z2Precomp, U1 = t1); - SecT571Field.multiplyPrecomp(L1.x, Z2Precomp, S1 = t3); - } - - long[] A = t3; - SecT571Field.add(S1, S2, A); - - long[] B = t4; - SecT571Field.add(U1, U2, B); - - if (Nat576.isZero64(B)) - { - if (Nat576.isZero64(A)) - { - return twice(); - } - - return curve.getInfinity(); - } - - SecT571FieldElement X3, L3, Z3; - if (X2.isZero()) - { - // TODO This can probably be optimized quite a bit - ECPoint p = this.normalize(); - X1 = (SecT571FieldElement)p.getXCoord(); - ECFieldElement Y1 = p.getYCoord(); - - ECFieldElement Y2 = L2; - ECFieldElement L = Y1.add(Y2).divide(X1); - - X3 = (SecT571FieldElement)L.square().add(L).add(X1).addOne(); - if (X3.isZero()) - { - return new SecT571R1Point(curve, X3, SecT571R1Curve.SecT571R1_B_SQRT, this.withCompression); - } - - ECFieldElement Y3 = L.multiply(X1.add(X3)).add(X3).add(Y1); - L3 = (SecT571FieldElement)Y3.divide(X3).add(X3); - Z3 = (SecT571FieldElement)curve.fromBigInteger(ECConstants.ONE); - } - else - { - SecT571Field.square(B, B); - - long[] APrecomp = SecT571Field.precompMultiplicand(A); - - long[] AU1 = t1; - long[] AU2 = t2; - - SecT571Field.multiplyPrecomp(U1, APrecomp, AU1); - SecT571Field.multiplyPrecomp(U2, APrecomp, AU2); - - X3 = new SecT571FieldElement(t1); - SecT571Field.multiply(AU1, AU2, X3.x); - - if (X3.isZero()) - { - return new SecT571R1Point(curve, X3, SecT571R1Curve.SecT571R1_B_SQRT, this.withCompression); - } - - Z3 = new SecT571FieldElement(t3); - SecT571Field.multiplyPrecomp(B, APrecomp, Z3.x); - - if (Z2Precomp != null) - { - SecT571Field.multiplyPrecomp(Z3.x, Z2Precomp, Z3.x); - } - - long[] tt = Nat576.createExt64(); - - SecT571Field.add(AU2, B, t4); - SecT571Field.squareAddToExt(t4, tt); - - SecT571Field.add(L1.x, Z1.x, t4); - SecT571Field.multiplyAddToExt(t4, Z3.x, tt); - - L3 = new SecT571FieldElement(t4); - SecT571Field.reduce(tt, L3.x); - - if (Z1Precomp != null) - { - SecT571Field.multiplyPrecomp(Z3.x, Z1Precomp, Z3.x); - } - } - - return new SecT571R1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint twice() - { - if (this.isInfinity()) - { - return this; - } - - ECCurve curve = this.getCurve(); - - SecT571FieldElement X1 = (SecT571FieldElement)this.x; - if (X1.isZero()) - { - // A point with X == 0 is it's own additive inverse - return curve.getInfinity(); - } - - SecT571FieldElement L1 = (SecT571FieldElement)this.y, Z1 = (SecT571FieldElement)this.zs[0]; - - long[] t1 = Nat576.create64(); - long[] t2 = Nat576.create64(); - - long[] Z1Precomp = Z1.isOne() ? null : SecT571Field.precompMultiplicand(Z1.x); - long[] L1Z1, Z1Sq; - if (Z1Precomp == null) - { - L1Z1 = L1.x; - Z1Sq = Z1.x; - } - else - { - SecT571Field.multiplyPrecomp(L1.x, Z1Precomp, L1Z1 = t1); - SecT571Field.square(Z1.x, Z1Sq = t2); - } - - long[] T = Nat576.create64(); - SecT571Field.square(L1.x, T); - SecT571Field.addBothTo(L1Z1, Z1Sq, T); - - if (Nat576.isZero64(T)) - { - return new SecT571R1Point(curve, new SecT571FieldElement(T), SecT571R1Curve.SecT571R1_B_SQRT, withCompression); - } - - long[] tt = Nat576.createExt64(); - SecT571Field.multiplyAddToExt(T, L1Z1, tt); - - SecT571FieldElement X3 = new SecT571FieldElement(t1); - SecT571Field.square(T, X3.x); - - SecT571FieldElement Z3 = new SecT571FieldElement(T); - if (Z1Precomp != null) - { - SecT571Field.multiply(Z3.x, Z1Sq, Z3.x); - } - - long[] X1Z1; - if (Z1Precomp == null) - { - X1Z1 = X1.x; - } - else - { - SecT571Field.multiplyPrecomp(X1.x, Z1Precomp, X1Z1 = t2); - } - - SecT571Field.squareAddToExt(X1Z1, tt); - SecT571Field.reduce(tt, t2); - SecT571Field.addBothTo(X3.x, Z3.x, t2); - SecT571FieldElement L3 = new SecT571FieldElement(t2); - - return new SecT571R1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint twicePlus(ECPoint b) - { - if (this.isInfinity()) - { - return b; - } - if (b.isInfinity()) - { - return twice(); - } - - ECCurve curve = this.getCurve(); - - SecT571FieldElement X1 = (SecT571FieldElement)this.x; - if (X1.isZero()) - { - // A point with X == 0 is it's own additive inverse - return b; - } - - SecT571FieldElement X2 = (SecT571FieldElement)b.getRawXCoord(), Z2 = (SecT571FieldElement)b.getZCoord(0); - if (X2.isZero() || !Z2.isOne()) - { - return twice().add(b); - } - - SecT571FieldElement L1 = (SecT571FieldElement)this.y, Z1 = (SecT571FieldElement)this.zs[0]; - SecT571FieldElement L2 = (SecT571FieldElement)b.getRawYCoord(); - - long[] t1 = Nat576.create64(); - long[] t2 = Nat576.create64(); - long[] t3 = Nat576.create64(); - long[] t4 = Nat576.create64(); - - long[] X1Sq = t1; - SecT571Field.square(X1.x, X1Sq); - - long[] L1Sq = t2; - SecT571Field.square(L1.x, L1Sq); - - long[] Z1Sq = t3; - SecT571Field.square(Z1.x, Z1Sq); - - long[] L1Z1 = t4; - SecT571Field.multiply(L1.x, Z1.x, L1Z1); - - long[] T = L1Z1; - SecT571Field.addBothTo(Z1Sq, L1Sq, T); - - long[] Z1SqPrecomp = SecT571Field.precompMultiplicand(Z1Sq); - - long[] A = t3; - SecT571Field.multiplyPrecomp(L2.x, Z1SqPrecomp, A); - SecT571Field.add(A, L1Sq, A); - - long[] tt = Nat576.createExt64(); - SecT571Field.multiplyAddToExt(A, T, tt); - SecT571Field.multiplyPrecompAddToExt(X1Sq, Z1SqPrecomp, tt); - SecT571Field.reduce(tt, A); - - long[] X2Z1Sq = t1; - SecT571Field.multiplyPrecomp(X2.x, Z1SqPrecomp, X2Z1Sq); - - long[] B = t2; - SecT571Field.add(X2Z1Sq, T, B); - SecT571Field.square(B, B); - - if (Nat576.isZero64(B)) - { - if (Nat576.isZero64(A)) - { - return b.twice(); - } - - return curve.getInfinity(); - } - - if (Nat576.isZero64(A)) - { - return new SecT571R1Point(curve, new SecT571FieldElement(A), SecT571R1Curve.SecT571R1_B_SQRT, withCompression); - } - - SecT571FieldElement X3 = new SecT571FieldElement(); - SecT571Field.square(A, X3.x); - SecT571Field.multiply(X3.x, X2Z1Sq, X3.x); - - SecT571FieldElement Z3 = new SecT571FieldElement(t1); - SecT571Field.multiply(A, B, Z3.x); - SecT571Field.multiplyPrecomp(Z3.x, Z1SqPrecomp, Z3.x); - - SecT571FieldElement L3 = new SecT571FieldElement(t2); - SecT571Field.add(A, B, L3.x); - SecT571Field.square(L3.x, L3.x); - - Nat.zero64(18, tt); - SecT571Field.multiplyAddToExt(L3.x, T, tt); - SecT571Field.addOne(L2.x, t4); - SecT571Field.multiplyAddToExt(t4, Z3.x, tt); - SecT571Field.reduce(tt, L3.x); - - return new SecT571R1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); - } - - public ECPoint negate() - { - if (this.isInfinity()) - { - return this; - } - - ECFieldElement X = this.x; - if (X.isZero()) - { - return this; - } - - // L is actually Lambda (X + Y/X) here - ECFieldElement L = this.y, Z = this.zs[0]; - return new SecT571R1Point(curve, X, L.add(Z), new ECFieldElement[]{ Z }, this.withCompression); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/package.html b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/package.html deleted file mode 100644 index bb2845c3..00000000 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/package.html +++ /dev/null @@ -1,6 +0,0 @@ -<html> -<body bgcolor="#ffffff"> -Custom implementations of (most of) the curves over Fp from the SEC specification. Uses the new "raw" math classes -in place of BigInteger, and includes customized modular reductions taking advantage of the special forms of the primes. -</body> -</html> |