8285743: Ensure each IntegerPolynomial object is only created once
Reviewed-by: xuelei, ascarpino
This commit is contained in:
parent
29ccb8fbb8
commit
397d095f66
make/jdk/src/classes/build/tools/intpoly
src
java.base/share/classes
com/sun/crypto/provider
sun/security/util/math/intpoly
jdk.crypto.ec/share/classes/sun/security/ec
test/jdk/sun/security/util/math
@ -632,9 +632,12 @@ public class FieldGen {
|
||||
result.appendLine("private static final int LIMB_MASK = -1 "
|
||||
+ ">>> (64 - BITS_PER_LIMB);");
|
||||
}
|
||||
int termIndex = 0;
|
||||
|
||||
result.appendLine("public " + params.getClassName() + "() {");
|
||||
result.appendLine();
|
||||
result.appendLine("public static final " + params.getClassName() + " ONE = new "
|
||||
+ params.getClassName() + "();");
|
||||
result.appendLine();
|
||||
result.appendLine("private " + params.getClassName() + "() {");
|
||||
result.appendLine();
|
||||
result.appendLine(" super(BITS_PER_LIMB, NUM_LIMBS, MAX_ADDS, MODULUS);");
|
||||
result.appendLine();
|
||||
@ -822,6 +825,16 @@ public class FieldGen {
|
||||
result.decrIndent();
|
||||
result.appendLine("}");
|
||||
|
||||
// Use grade-school multiplication with a simple squaring optimization.
|
||||
// Multiply into primitives to avoid the temporary array allocation.
|
||||
// This is equivalent to the following code:
|
||||
// long[] c = new long[2 * NUM_LIMBS - 1];
|
||||
// for(int i = 0; i < NUM_LIMBS; i++) {
|
||||
// c[2 * i] = a[i] * a[i];
|
||||
// for(int j = i + 1; j < NUM_LIMBS; j++) {
|
||||
// c[i + j] += 2 * a[i] * a[j]
|
||||
// }
|
||||
// }
|
||||
result.appendLine("@Override");
|
||||
result.appendLine("protected void square(long[] a, long[] r) {");
|
||||
result.incrIndent();
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2018, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -48,8 +48,8 @@ final class Poly1305 {
|
||||
private static final int BLOCK_LENGTH = 16;
|
||||
private static final int TAG_LENGTH = 16;
|
||||
|
||||
private static final IntegerFieldModuloP ipl1305 =
|
||||
new IntegerPolynomial1305();
|
||||
private static final IntegerFieldModuloP ipl1305
|
||||
= IntegerPolynomial1305.ONE;
|
||||
|
||||
private byte[] keyBytes;
|
||||
private final byte[] block = new byte[BLOCK_LENGTH];
|
||||
|
@ -67,8 +67,8 @@ public abstract sealed class IntegerPolynomial implements IntegerFieldModuloP
|
||||
IntegerPolynomialP384, IntegerPolynomialP521,
|
||||
IntegerPolynomialModBinP, P256OrderField,
|
||||
P384OrderField, P521OrderField,
|
||||
sun.security.util.math.intpoly.Curve25519OrderField,
|
||||
sun.security.util.math.intpoly.Curve448OrderField {
|
||||
Curve25519OrderField,
|
||||
Curve448OrderField {
|
||||
|
||||
protected static final BigInteger TWO = BigInteger.valueOf(2);
|
||||
|
||||
|
@ -44,7 +44,9 @@ public final class IntegerPolynomial1305 extends IntegerPolynomial {
|
||||
private static final BigInteger MODULUS
|
||||
= TWO.pow(POWER).subtract(BigInteger.valueOf(SUBTRAHEND));
|
||||
|
||||
public IntegerPolynomial1305() {
|
||||
public static final IntegerPolynomial1305 ONE = new IntegerPolynomial1305();
|
||||
|
||||
private IntegerPolynomial1305() {
|
||||
super(BITS_PER_LIMB, NUM_LIMBS, 1, MODULUS);
|
||||
}
|
||||
|
||||
|
@ -1,210 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 2018, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License version 2 only, as
|
||||
* published by the Free Software Foundation. Oracle designates this
|
||||
* particular file as subject to the "Classpath" exception as provided
|
||||
* by Oracle in the LICENSE file that accompanied this code.
|
||||
*
|
||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* version 2 for more details (a copy is included in the LICENSE file that
|
||||
* accompanied this code).
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License version
|
||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||
* or visit www.oracle.com if you need additional information or have any
|
||||
* questions.
|
||||
*/
|
||||
|
||||
package sun.security.util.math.intpoly;
|
||||
|
||||
import java.math.BigInteger;
|
||||
|
||||
/**
|
||||
* An IntegerFieldModuloP designed for use with the Curve25519.
|
||||
* The representation uses 10 signed long values.
|
||||
*/
|
||||
|
||||
public final class IntegerPolynomial25519 extends IntegerPolynomial {
|
||||
|
||||
private static final int POWER = 255;
|
||||
private static final int SUBTRAHEND = 19;
|
||||
private static final int NUM_LIMBS = 10;
|
||||
private static final int BITS_PER_LIMB = 26;
|
||||
public static final BigInteger MODULUS
|
||||
= TWO.pow(POWER).subtract(BigInteger.valueOf(SUBTRAHEND));
|
||||
|
||||
// BITS_PER_LIMB does not divide POWER, so reduction is a bit complicated
|
||||
// The constants below help split up values during reduction
|
||||
private static final int BIT_OFFSET = NUM_LIMBS * BITS_PER_LIMB - POWER;
|
||||
private static final int LIMB_MASK = -1 >>> (64 - BITS_PER_LIMB);
|
||||
private static final int RIGHT_BIT_OFFSET = BITS_PER_LIMB - BIT_OFFSET;
|
||||
|
||||
public IntegerPolynomial25519() {
|
||||
super(BITS_PER_LIMB, NUM_LIMBS, 1, MODULUS);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void reduceIn(long[] limbs, long v, int i) {
|
||||
long t0 = 19 * v;
|
||||
limbs[i - 10] += (t0 << 5) & LIMB_MASK;
|
||||
limbs[i - 9] += t0 >> 21;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void finalCarryReduceLast(long[] limbs) {
|
||||
|
||||
long reducedValue = limbs[numLimbs - 1] >> RIGHT_BIT_OFFSET;
|
||||
limbs[numLimbs - 1] -= reducedValue << RIGHT_BIT_OFFSET;
|
||||
limbs[0] += reducedValue * SUBTRAHEND;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void reduce(long[] a) {
|
||||
|
||||
// carry(8, 2)
|
||||
long carry8 = carryValue(a[8]);
|
||||
a[8] -= (carry8 << BITS_PER_LIMB);
|
||||
a[9] += carry8;
|
||||
|
||||
long carry9 = carryValue(a[9]);
|
||||
a[9] -= (carry9 << BITS_PER_LIMB);
|
||||
|
||||
// reduce(0, 1)
|
||||
long reducedValue10 = (carry9 * SUBTRAHEND);
|
||||
a[0] += ((reducedValue10 << BIT_OFFSET) & LIMB_MASK);
|
||||
a[1] += reducedValue10 >> RIGHT_BIT_OFFSET;
|
||||
|
||||
// carry(0, 9)
|
||||
carry(a, 0, 9);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void mult(long[] a, long[] b, long[] r) {
|
||||
long c0 = (a[0] * b[0]);
|
||||
long c1 = (a[0] * b[1]) + (a[1] * b[0]);
|
||||
long c2 = (a[0] * b[2]) + (a[1] * b[1]) + (a[2] * b[0]);
|
||||
long c3 = (a[0] * b[3]) + (a[1] * b[2]) + (a[2] * b[1]) + (a[3] * b[0]);
|
||||
long c4 = (a[0] * b[4]) + (a[1] * b[3]) + (a[2] * b[2]) + (a[3] * b[1]) + (a[4] * b[0]);
|
||||
long c5 = (a[0] * b[5]) + (a[1] * b[4]) + (a[2] * b[3]) + (a[3] * b[2]) + (a[4] * b[1]) + (a[5] * b[0]);
|
||||
long c6 = (a[0] * b[6]) + (a[1] * b[5]) + (a[2] * b[4]) + (a[3] * b[3]) + (a[4] * b[2]) + (a[5] * b[1]) + (a[6] * b[0]);
|
||||
long c7 = (a[0] * b[7]) + (a[1] * b[6]) + (a[2] * b[5]) + (a[3] * b[4]) + (a[4] * b[3]) + (a[5] * b[2]) + (a[6] * b[1]) + (a[7] * b[0]);
|
||||
long c8 = (a[0] * b[8]) + (a[1] * b[7]) + (a[2] * b[6]) + (a[3] * b[5]) + (a[4] * b[4]) + (a[5] * b[3]) + (a[6] * b[2]) + (a[7] * b[1]) + (a[8] * b[0]);
|
||||
long c9 = (a[0] * b[9]) + (a[1] * b[8]) + (a[2] * b[7]) + (a[3] * b[6]) + (a[4] * b[5]) + (a[5] * b[4]) + (a[6] * b[3]) + (a[7] * b[2]) + (a[8] * b[1]) + (a[9] * b[0]);
|
||||
long c10 = (a[1] * b[9]) + (a[2] * b[8]) + (a[3] * b[7]) + (a[4] * b[6]) + (a[5] * b[5]) + (a[6] * b[4]) + (a[7] * b[3]) + (a[8] * b[2]) + (a[9] * b[1]);
|
||||
long c11 = (a[2] * b[9]) + (a[3] * b[8]) + (a[4] * b[7]) + (a[5] * b[6]) + (a[6] * b[5]) + (a[7] * b[4]) + (a[8] * b[3]) + (a[9] * b[2]);
|
||||
long c12 = (a[3] * b[9]) + (a[4] * b[8]) + (a[5] * b[7]) + (a[6] * b[6]) + (a[7] * b[5]) + (a[8] * b[4]) + (a[9] * b[3]);
|
||||
long c13 = (a[4] * b[9]) + (a[5] * b[8]) + (a[6] * b[7]) + (a[7] * b[6]) + (a[8] * b[5]) + (a[9] * b[4]);
|
||||
long c14 = (a[5] * b[9]) + (a[6] * b[8]) + (a[7] * b[7]) + (a[8] * b[6]) + (a[9] * b[5]);
|
||||
long c15 = (a[6] * b[9]) + (a[7] * b[8]) + (a[8] * b[7]) + (a[9] * b[6]);
|
||||
long c16 = (a[7] * b[9]) + (a[8] * b[8]) + (a[9] * b[7]);
|
||||
long c17 = (a[8] * b[9]) + (a[9] * b[8]);
|
||||
long c18 = a[9] * b[9];
|
||||
|
||||
carryReduce(r, c0, c1, c2, c3, c4, c5, c6, c7, c8,
|
||||
c9, c10, c11, c12, c13, c14, c15, c16, c17, c18);
|
||||
|
||||
}
|
||||
|
||||
private void carryReduce(long[] r, long c0, long c1, long c2,
|
||||
long c3, long c4, long c5, long c6,
|
||||
long c7, long c8, long c9, long c10,
|
||||
long c11, long c12, long c13, long c14,
|
||||
long c15, long c16, long c17, long c18) {
|
||||
// reduce(7,2)
|
||||
long reducedValue17 = (c17 * SUBTRAHEND);
|
||||
c7 += (reducedValue17 << BIT_OFFSET) & LIMB_MASK;
|
||||
c8 += reducedValue17 >> RIGHT_BIT_OFFSET;
|
||||
|
||||
long reducedValue18 = (c18 * SUBTRAHEND);
|
||||
c8 += (reducedValue18 << BIT_OFFSET) & LIMB_MASK;
|
||||
c9 += reducedValue18 >> RIGHT_BIT_OFFSET;
|
||||
|
||||
// carry(8,2)
|
||||
long carry8 = carryValue(c8);
|
||||
r[8] = c8 - (carry8 << BITS_PER_LIMB);
|
||||
c9 += carry8;
|
||||
|
||||
long carry9 = carryValue(c9);
|
||||
r[9] = c9 - (carry9 << BITS_PER_LIMB);
|
||||
c10 += carry9;
|
||||
|
||||
// reduce(0,7)
|
||||
long reducedValue10 = (c10 * SUBTRAHEND);
|
||||
r[0] = c0 + ((reducedValue10 << BIT_OFFSET) & LIMB_MASK);
|
||||
c1 += reducedValue10 >> RIGHT_BIT_OFFSET;
|
||||
|
||||
long reducedValue11 = (c11 * SUBTRAHEND);
|
||||
r[1] = c1 + ((reducedValue11 << BIT_OFFSET) & LIMB_MASK);
|
||||
c2 += reducedValue11 >> RIGHT_BIT_OFFSET;
|
||||
|
||||
long reducedValue12 = (c12 * SUBTRAHEND);
|
||||
r[2] = c2 + ((reducedValue12 << BIT_OFFSET) & LIMB_MASK);
|
||||
c3 += reducedValue12 >> RIGHT_BIT_OFFSET;
|
||||
|
||||
long reducedValue13 = (c13 * SUBTRAHEND);
|
||||
r[3] = c3 + ((reducedValue13 << BIT_OFFSET) & LIMB_MASK);
|
||||
c4 += reducedValue13 >> RIGHT_BIT_OFFSET;
|
||||
|
||||
long reducedValue14 = (c14 * SUBTRAHEND);
|
||||
r[4] = c4 + ((reducedValue14 << BIT_OFFSET) & LIMB_MASK);
|
||||
c5 += reducedValue14 >> RIGHT_BIT_OFFSET;
|
||||
|
||||
long reducedValue15 = (c15 * SUBTRAHEND);
|
||||
r[5] = c5 + ((reducedValue15 << BIT_OFFSET) & LIMB_MASK);
|
||||
c6 += reducedValue15 >> RIGHT_BIT_OFFSET;
|
||||
|
||||
long reducedValue16 = (c16 * SUBTRAHEND);
|
||||
r[6] = c6 + ((reducedValue16 << BIT_OFFSET) & LIMB_MASK);
|
||||
r[7] = c7 + (reducedValue16 >> RIGHT_BIT_OFFSET);
|
||||
|
||||
// carry(0,9)
|
||||
carry(r, 0, 9);
|
||||
}
|
||||
@Override
|
||||
protected void square(long[] a, long[] r) {
|
||||
|
||||
// Use grade-school multiplication with a simple squaring optimization.
|
||||
// Multiply into primitives to avoid the temporary array allocation.
|
||||
// This is equivalent to the following code:
|
||||
// long[] c = new long[2 * NUM_LIMBS - 1];
|
||||
// for(int i = 0; i < NUM_LIMBS; i++) {
|
||||
// c[2 * i] = a[i] * a[i];
|
||||
// for(int j = i + 1; j < NUM_LIMBS; j++) {
|
||||
// c[i + j] += 2 * a[i] * a[j]
|
||||
// }
|
||||
// }
|
||||
|
||||
long c0 = a[0] * a[0];
|
||||
long c1 = 2 * a[0] * a[1];
|
||||
long c2 = a[1] * a[1] + 2 * a[0] * a[2];
|
||||
long c3 = 2 * (a[0] * a[3] + a[1] * a[2]);
|
||||
long c4 = a[2] * a[2] + 2 * (a[0] * a[4] + a[1] * a[3]);
|
||||
long c5 = 2 * (a[0] * a[5] + a[1] * a[4] + a[2] * a[3]);
|
||||
long c6 = a[3] * a[3] + 2 * (a[0] * a[6] + a[1] * a[5] + a[2] * a[4]);
|
||||
long c7 = 2 * (a[0] * a[7] + a[1] * a[6] + a[2] * a[5] + a[3] * a[4]);
|
||||
long c8 = a[4] * a[4] + 2 * (a[0] * a[8] + a[1] * a[7] + a[2] * a[6] + a[3] * a[5]);
|
||||
long c9 = 2 * (a[0] * a[9] + a[1] * a[8] + a[2] * a[7] + a[3] * a[6] + a[4] * a[5]);
|
||||
long c10 = a[5] * a[5] + 2 * (a[1] * a[9] + a[2] * a[8] + a[3] * a[7] + a[4] * a[6]);
|
||||
long c11 = 2 * (a[2] * a[9] + a[3] * a[8] + a[4] * a[7] + a[5] * a[6]);
|
||||
long c12 = a[6] * a[6] + 2 * (a[3] * a[9] + a[4] * a[8] + a[5] * a[7]);
|
||||
long c13 = 2 * (a[4] * a[9] + a[5] * a[8] + a[6] * a[7]);
|
||||
long c14 = a[7] * a[7] + 2 * (a[5] * a[9] + a[6] * a[8]);
|
||||
long c15 = 2 * (a[6] * a[9] + a[7] * a[8]);
|
||||
long c16 = a[8] * a[8] + 2 * a[7] * a[9];
|
||||
long c17 = 2 * a[8] * a[9];
|
||||
long c18 = a[9] * a[9];
|
||||
|
||||
carryReduce(r, c0, c1, c2, c3, c4, c5, c6, c7, c8,
|
||||
c9, c10, c11, c12, c13, c14, c15, c16, c17, c18);
|
||||
}
|
||||
|
||||
|
||||
}
|
@ -1,252 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 2018, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License version 2 only, as
|
||||
* published by the Free Software Foundation. Oracle designates this
|
||||
* particular file as subject to the "Classpath" exception as provided
|
||||
* by Oracle in the LICENSE file that accompanied this code.
|
||||
*
|
||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* version 2 for more details (a copy is included in the LICENSE file that
|
||||
* accompanied this code).
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License version
|
||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||
* or visit www.oracle.com if you need additional information or have any
|
||||
* questions.
|
||||
*/
|
||||
|
||||
package sun.security.util.math.intpoly;
|
||||
|
||||
import java.math.BigInteger;
|
||||
|
||||
/**
|
||||
* An IntegerFieldModuloP designed for use with the Curve448.
|
||||
* The representation uses 16 signed long values.
|
||||
*/
|
||||
|
||||
public final class IntegerPolynomial448 extends IntegerPolynomial {
|
||||
|
||||
private static final int POWER = 448;
|
||||
private static final int NUM_LIMBS = 16;
|
||||
private static final int BITS_PER_LIMB = 28;
|
||||
public static final BigInteger MODULUS
|
||||
= TWO.pow(POWER).subtract(TWO.pow(POWER / 2))
|
||||
.subtract(BigInteger.valueOf(1));
|
||||
|
||||
public IntegerPolynomial448() {
|
||||
super(BITS_PER_LIMB, NUM_LIMBS, 1, MODULUS);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void reduceIn(long[] limbs, long v, int i) {
|
||||
limbs[i - 8] += v;
|
||||
limbs[i - 16] += v;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void finalCarryReduceLast(long[] limbs) {
|
||||
long carry = limbs[numLimbs - 1] >> bitsPerLimb;
|
||||
limbs[numLimbs - 1] -= carry << bitsPerLimb;
|
||||
reduceIn(limbs, carry, numLimbs);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void reduce(long[] a) {
|
||||
|
||||
// carry(14, 2)
|
||||
long carry14 = carryValue(a[14]);
|
||||
a[14] -= (carry14 << BITS_PER_LIMB);
|
||||
a[15] += carry14;
|
||||
|
||||
long carry15 = carryValue(a[15]);
|
||||
a[15] -= (carry15 << BITS_PER_LIMB);
|
||||
|
||||
// reduce(0, 1)
|
||||
a[0] += carry15;
|
||||
a[8] += carry15;
|
||||
|
||||
// carry(0, 15)
|
||||
carry(a, 0, 15);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void mult(long[] a, long[] b, long[] r) {
|
||||
|
||||
// Use grade-school multiplication into primitives to avoid the
|
||||
// temporary array allocation. This is equivalent to the following
|
||||
// code:
|
||||
// long[] c = new long[2 * NUM_LIMBS - 1];
|
||||
// for(int i = 0; i < NUM_LIMBS; i++) {
|
||||
// for(int j - 0; j < NUM_LIMBS; j++) {
|
||||
// c[i + j] += a[i] * b[j]
|
||||
// }
|
||||
// }
|
||||
|
||||
long c0 = (a[0] * b[0]);
|
||||
long c1 = (a[0] * b[1]) + (a[1] * b[0]);
|
||||
long c2 = (a[0] * b[2]) + (a[1] * b[1]) + (a[2] * b[0]);
|
||||
long c3 = (a[0] * b[3]) + (a[1] * b[2]) + (a[2] * b[1]) + (a[3] * b[0]);
|
||||
long c4 = (a[0] * b[4]) + (a[1] * b[3]) + (a[2] * b[2]) + (a[3] * b[1]) + (a[4] * b[0]);
|
||||
long c5 = (a[0] * b[5]) + (a[1] * b[4]) + (a[2] * b[3]) + (a[3] * b[2]) + (a[4] * b[1]) + (a[5] * b[0]);
|
||||
long c6 = (a[0] * b[6]) + (a[1] * b[5]) + (a[2] * b[4]) + (a[3] * b[3]) + (a[4] * b[2]) + (a[5] * b[1]) + (a[6] * b[0]);
|
||||
long c7 = (a[0] * b[7]) + (a[1] * b[6]) + (a[2] * b[5]) + (a[3] * b[4]) + (a[4] * b[3]) + (a[5] * b[2]) + (a[6] * b[1]) + (a[7] * b[0]);
|
||||
long c8 = (a[0] * b[8]) + (a[1] * b[7]) + (a[2] * b[6]) + (a[3] * b[5]) + (a[4] * b[4]) + (a[5] * b[3]) + (a[6] * b[2]) + (a[7] * b[1]) + (a[8] * b[0]);
|
||||
long c9 = (a[0] * b[9]) + (a[1] * b[8]) + (a[2] * b[7]) + (a[3] * b[6]) + (a[4] * b[5]) + (a[5] * b[4]) + (a[6] * b[3]) + (a[7] * b[2]) + (a[8] * b[1]) + (a[9] * b[0]);
|
||||
long c10 = (a[0] * b[10]) + (a[1] * b[9]) + (a[2] * b[8]) + (a[3] * b[7]) + (a[4] * b[6]) + (a[5] * b[5]) + (a[6] * b[4]) + (a[7] * b[3]) + (a[8] * b[2]) + (a[9] * b[1]) + (a[10] * b[0]);
|
||||
long c11 = (a[0] * b[11]) + (a[1] * b[10]) + (a[2] * b[9]) + (a[3] * b[8]) + (a[4] * b[7]) + (a[5] * b[6]) + (a[6] * b[5]) + (a[7] * b[4]) + (a[8] * b[3]) + (a[9] * b[2]) + (a[10] * b[1]) + (a[11] * b[0]);
|
||||
long c12 = (a[0] * b[12]) + (a[1] * b[11]) + (a[2] * b[10]) + (a[3] * b[9]) + (a[4] * b[8]) + (a[5] * b[7]) + (a[6] * b[6]) + (a[7] * b[5]) + (a[8] * b[4]) + (a[9] * b[3]) + (a[10] * b[2]) + (a[11] * b[1]) + (a[12] * b[0]);
|
||||
long c13 = (a[0] * b[13]) + (a[1] * b[12]) + (a[2] * b[11]) + (a[3] * b[10]) + (a[4] * b[9]) + (a[5] * b[8]) + (a[6] * b[7]) + (a[7] * b[6]) + (a[8] * b[5]) + (a[9] * b[4]) + (a[10] * b[3]) + (a[11] * b[2]) + (a[12] * b[1]) + (a[13] * b[0]);
|
||||
long c14 = (a[0] * b[14]) + (a[1] * b[13]) + (a[2] * b[12]) + (a[3] * b[11]) + (a[4] * b[10]) + (a[5] * b[9]) + (a[6] * b[8]) + (a[7] * b[7]) + (a[8] * b[6]) + (a[9] * b[5]) + (a[10] * b[4]) + (a[11] * b[3]) + (a[12] * b[2]) + (a[13] * b[1]) + (a[14] * b[0]);
|
||||
long c15 = (a[0] * b[15]) + (a[1] * b[14]) + (a[2] * b[13]) + (a[3] * b[12]) + (a[4] * b[11]) + (a[5] * b[10]) + (a[6] * b[9]) + (a[7] * b[8]) + (a[8] * b[7]) + (a[9] * b[6]) + (a[10] * b[5]) + (a[11] * b[4]) + (a[12] * b[3]) + (a[13] * b[2]) + (a[14] * b[1]) + (a[15] * b[0]);
|
||||
long c16 = (a[1] * b[15]) + (a[2] * b[14]) + (a[3] * b[13]) + (a[4] * b[12]) + (a[5] * b[11]) + (a[6] * b[10]) + (a[7] * b[9]) + (a[8] * b[8]) + (a[9] * b[7]) + (a[10] * b[6]) + (a[11] * b[5]) + (a[12] * b[4]) + (a[13] * b[3]) + (a[14] * b[2]) + (a[15] * b[1]);
|
||||
long c17 = (a[2] * b[15]) + (a[3] * b[14]) + (a[4] * b[13]) + (a[5] * b[12]) + (a[6] * b[11]) + (a[7] * b[10]) + (a[8] * b[9]) + (a[9] * b[8]) + (a[10] * b[7]) + (a[11] * b[6]) + (a[12] * b[5]) + (a[13] * b[4]) + (a[14] * b[3]) + (a[15] * b[2]);
|
||||
long c18 = (a[3] * b[15]) + (a[4] * b[14]) + (a[5] * b[13]) + (a[6] * b[12]) + (a[7] * b[11]) + (a[8] * b[10]) + (a[9] * b[9]) + (a[10] * b[8]) + (a[11] * b[7]) + (a[12] * b[6]) + (a[13] * b[5]) + (a[14] * b[4]) + (a[15] * b[3]);
|
||||
long c19 = (a[4] * b[15]) + (a[5] * b[14]) + (a[6] * b[13]) + (a[7] * b[12]) + (a[8] * b[11]) + (a[9] * b[10]) + (a[10] * b[9]) + (a[11] * b[8]) + (a[12] * b[7]) + (a[13] * b[6]) + (a[14] * b[5]) + (a[15] * b[4]);
|
||||
long c20 = (a[5] * b[15]) + (a[6] * b[14]) + (a[7] * b[13]) + (a[8] * b[12]) + (a[9] * b[11]) + (a[10] * b[10]) + (a[11] * b[9]) + (a[12] * b[8]) + (a[13] * b[7]) + (a[14] * b[6]) + (a[15] * b[5]);
|
||||
long c21 = (a[6] * b[15]) + (a[7] * b[14]) + (a[8] * b[13]) + (a[9] * b[12]) + (a[10] * b[11]) + (a[11] * b[10]) + (a[12] * b[9]) + (a[13] * b[8]) + (a[14] * b[7]) + (a[15] * b[6]);
|
||||
long c22 = (a[7] * b[15]) + (a[8] * b[14]) + (a[9] * b[13]) + (a[10] * b[12]) + (a[11] * b[11]) + (a[12] * b[10]) + (a[13] * b[9]) + (a[14] * b[8]) + (a[15] * b[7]);
|
||||
long c23 = (a[8] * b[15]) + (a[9] * b[14]) + (a[10] * b[13]) + (a[11] * b[12]) + (a[12] * b[11]) + (a[13] * b[10]) + (a[14] * b[9]) + (a[15] * b[8]);
|
||||
long c24 = (a[9] * b[15]) + (a[10] * b[14]) + (a[11] * b[13]) + (a[12] * b[12]) + (a[13] * b[11]) + (a[14] * b[10]) + (a[15] * b[9]);
|
||||
long c25 = (a[10] * b[15]) + (a[11] * b[14]) + (a[12] * b[13]) + (a[13] * b[12]) + (a[14] * b[11]) + (a[15] * b[10]);
|
||||
long c26 = (a[11] * b[15]) + (a[12] * b[14]) + (a[13] * b[13]) + (a[14] * b[12]) + (a[15] * b[11]);
|
||||
long c27 = (a[12] * b[15]) + (a[13] * b[14]) + (a[14] * b[13]) + (a[15] * b[12]);
|
||||
long c28 = (a[13] * b[15]) + (a[14] * b[14]) + (a[15] * b[13]);
|
||||
long c29 = (a[14] * b[15]) + (a[15] * b[14]);
|
||||
long c30 = (a[15] * b[15]);
|
||||
|
||||
carryReduce(r, c0, c1, c2, c3, c4, c5, c6, c7, c8, c9, c10, c11, c12,
|
||||
c13, c14, c15, c16, c17, c18, c19, c20, c21, c22, c23, c24, c25,
|
||||
c26, c27, c28, c29, c30);
|
||||
}
|
||||
|
||||
private void carryReduce(long[] r, long c0, long c1, long c2, long c3,
|
||||
long c4, long c5, long c6, long c7, long c8,
|
||||
long c9, long c10, long c11, long c12, long c13,
|
||||
long c14, long c15, long c16, long c17, long c18,
|
||||
long c19, long c20, long c21, long c22, long c23,
|
||||
long c24, long c25, long c26, long c27, long c28,
|
||||
long c29, long c30) {
|
||||
|
||||
// reduce(8, 7)
|
||||
c8 += c24;
|
||||
c16 += c24;
|
||||
|
||||
c9 += c25;
|
||||
c17 += c25;
|
||||
|
||||
c10 += c26;
|
||||
c18 += c26;
|
||||
|
||||
c11 += c27;
|
||||
c19 += c27;
|
||||
|
||||
c12 += c28;
|
||||
c20 += c28;
|
||||
|
||||
c13 += c29;
|
||||
c21 += c29;
|
||||
|
||||
c14 += c30;
|
||||
c22 += c30;
|
||||
|
||||
// reduce(4, 4)
|
||||
r[4] = c4 + c20;
|
||||
r[12] = c12 + c20;
|
||||
|
||||
r[5] = c5 + c21;
|
||||
r[13] = c13 + c21;
|
||||
|
||||
r[6] = c6 + c22;
|
||||
c14 += c22;
|
||||
|
||||
r[7] = c7 + c23;
|
||||
c15 += c23;
|
||||
|
||||
//carry(14, 2)
|
||||
long carry14 = carryValue(c14);
|
||||
r[14] = c14 - (carry14 << BITS_PER_LIMB);
|
||||
c15 += carry14;
|
||||
|
||||
long carry15 = carryValue(c15);
|
||||
r[15] = c15 - (carry15 << BITS_PER_LIMB);
|
||||
c16 += carry15;
|
||||
|
||||
// reduce(0, 4)
|
||||
r[0] = c0 + c16;
|
||||
r[8] = c8 + c16;
|
||||
|
||||
r[1] = c1 + c17;
|
||||
r[9] = c9 + c17;
|
||||
|
||||
r[2] = c2 + c18;
|
||||
r[10] = c10 + c18;
|
||||
|
||||
r[3] = c3 + c19;
|
||||
r[11] = c11 + c19;
|
||||
|
||||
// carry(0, 15)
|
||||
carry(r, 0, 15);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void square(long[] a, long[] r) {
|
||||
|
||||
// Use grade-school multiplication with a simple squaring optimization.
|
||||
// Multiply into primitives to avoid the temporary array allocation.
|
||||
// This is equivalent to the following code:
|
||||
// long[] c = new long[2 * NUM_LIMBS - 1];
|
||||
// for(int i = 0; i < NUM_LIMBS; i++) {
|
||||
// c[2 * i] = a[i] * a[i];
|
||||
// for(int j = i + 1; j < NUM_LIMBS; j++) {
|
||||
// c[i + j] += 2 * a[i] * a[j]
|
||||
// }
|
||||
// }
|
||||
|
||||
long c0 = a[0] * a[0];
|
||||
long c1 = 2 * a[0] * a[1];
|
||||
long c2 = a[1] * a[1] + 2 * a[0] * a[2];
|
||||
long c3 = 2 * (a[0] * a[3] + a[1] * a[2]);
|
||||
long c4 = a[2] * a[2] + 2 * (a[0] * a[4] + a[1] * a[3]);
|
||||
long c5 = 2 * (a[0] * a[5] + a[1] * a[4] + a[2] * a[3]);
|
||||
long c6 = a[3] * a[3] + 2 * (a[0] * a[6] + a[1] * a[5] + a[2] * a[4]);
|
||||
long c7 = 2 * (a[0] * a[7] + a[1] * a[6] + a[2] * a[5] + a[3] * a[4]);
|
||||
long c8 = a[4] * a[4] + 2 * (a[0] * a[8] + a[1] * a[7] + a[2] * a[6] + a[3] * a[5]);
|
||||
long c9 = 2 * (a[0] * a[9] + a[1] * a[8] + a[2] * a[7] + a[3] * a[6] + a[4] * a[5]);
|
||||
long c10 = a[5] * a[5] + 2 * (a[0] * a[10] + a[1] * a[9] + a[2] * a[8] + a[3] * a[7] + a[4] * a[6]);
|
||||
long c11 = 2 * (a[0] * a[11] + a[1] * a[10] + a[2] * a[9] + a[3] * a[8] + a[4] * a[7] + a[5] * a[6]);
|
||||
long c12 = a[6] * a[6] + 2 * (a[0] * a[12] + a[1] * a[11] + a[2] * a[10] + a[3] * a[9] + a[4] * a[8] + a[5] * a[7]);
|
||||
long c13 = 2 * (a[0] * a[13] + a[1] * a[12] + a[2] * a[11] + a[3] * a[10] + a[4] * a[9] + a[5] * a[8] + a[6] * a[7]);
|
||||
long c14 = a[7] * a[7] + 2 * (a[0] * a[14] + a[1] * a[13] + a[2] * a[12] + a[3] * a[11] + a[4] * a[10] + a[5] * a[9] + a[6] * a[8]);
|
||||
long c15 = 2 * (a[0] * a[15] + a[1] * a[14] + a[2] * a[13] + a[3] * a[12] + a[4] * a[11] + a[5] * a[10] + a[6] * a[9] + a[7] * a[8]);
|
||||
long c16 = a[8] * a[8] + 2 * (a[1] * a[15] + a[2] * a[14] + a[3] * a[13] + a[4] * a[12] + a[5] * a[11] + a[6] * a[10] + a[7] * a[9]);
|
||||
long c17 = 2 * (a[2] * a[15] + a[3] * a[14] + a[4] * a[13] + a[5] * a[12] + a[6] * a[11] + a[7] * a[10] + a[8] * a[9]);
|
||||
long c18 = a[9] * a[9] + 2 * (a[3] * a[15] + a[4] * a[14] + a[5] * a[13] + a[6] * a[12] + a[7] * a[11] + a[8] * a[10]);
|
||||
long c19 = 2 * (a[4] * a[15] + a[5] * a[14] + a[6] * a[13] + a[7] * a[12] + a[8] * a[11] + a[9] * a[10]);
|
||||
long c20 = a[10] * a[10] + 2 * (a[5] * a[15] + a[6] * a[14] + a[7] * a[13] + a[8] * a[12] + a[9] * a[11]);
|
||||
long c21 = 2 * (a[6] * a[15] + a[7] * a[14] + a[8] * a[13] + a[9] * a[12] + a[10] * a[11]);
|
||||
long c22 = a[11] * a[11] + 2 * (a[7] * a[15] + a[8] * a[14] + a[9] * a[13] + a[10] * a[12]);
|
||||
long c23 = 2 * (a[8] * a[15] + a[9] * a[14] + a[10] * a[13] + a[11] * a[12]);
|
||||
long c24 = a[12] * a[12] + 2 * (a[9] * a[15] + a[10] * a[14] + a[11] * a[13]);
|
||||
long c25 = 2 * (a[10] * a[15] + a[11] * a[14] + a[12] * a[13]);
|
||||
long c26 = a[13] * a[13] + 2 * (a[11] * a[15] + a[12] * a[14]);
|
||||
long c27 = 2 * (a[12] * a[15] + a[13] * a[14]);
|
||||
long c28 = a[14] * a[14] + 2 * a[13] * a[15];
|
||||
long c29 = 2 * a[14] * a[15];
|
||||
long c30 = a[15] * a[15];
|
||||
|
||||
carryReduce(r, c0, c1, c2, c3, c4, c5, c6, c7, c8, c9, c10, c11, c12,
|
||||
c13, c14, c15, c16, c17, c18, c19, c20, c21, c22, c23, c24, c25,
|
||||
c26, c27, c28, c29, c30);
|
||||
|
||||
}
|
||||
|
||||
|
||||
}
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2018, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -56,15 +56,15 @@ public class ECOperations {
|
||||
}
|
||||
|
||||
static final Map<BigInteger, IntegerFieldModuloP> fields = Map.of(
|
||||
IntegerPolynomialP256.MODULUS, new IntegerPolynomialP256(),
|
||||
IntegerPolynomialP384.MODULUS, new IntegerPolynomialP384(),
|
||||
IntegerPolynomialP521.MODULUS, new IntegerPolynomialP521()
|
||||
IntegerPolynomialP256.MODULUS, IntegerPolynomialP256.ONE,
|
||||
IntegerPolynomialP384.MODULUS, IntegerPolynomialP384.ONE,
|
||||
IntegerPolynomialP521.MODULUS, IntegerPolynomialP521.ONE
|
||||
);
|
||||
|
||||
static final Map<BigInteger, IntegerFieldModuloP> orderFields = Map.of(
|
||||
P256OrderField.MODULUS, new P256OrderField(),
|
||||
P384OrderField.MODULUS, new P384OrderField(),
|
||||
P521OrderField.MODULUS, new P521OrderField()
|
||||
P256OrderField.MODULUS, P256OrderField.ONE,
|
||||
P384OrderField.MODULUS, P384OrderField.ONE,
|
||||
P521OrderField.MODULUS, P521OrderField.ONE
|
||||
);
|
||||
|
||||
public static Optional<ECOperations> forParameters(ECParameterSpec params) {
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2018, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -186,10 +186,10 @@ public class XECOperations {
|
||||
private static IntegerFieldModuloP getIntegerFieldModulo(BigInteger p) {
|
||||
|
||||
if (p.equals(IntegerPolynomial25519.MODULUS)) {
|
||||
return new IntegerPolynomial25519();
|
||||
return IntegerPolynomial25519.ONE;
|
||||
}
|
||||
else if (p.equals(IntegerPolynomial448.MODULUS)) {
|
||||
return new IntegerPolynomial448();
|
||||
return IntegerPolynomial448.ONE;
|
||||
}
|
||||
|
||||
throw new ProviderException("Unsupported prime: " + p.toString());
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2020, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2020, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -259,8 +259,8 @@ public class EdDSAParameters {
|
||||
|
||||
static {
|
||||
// set up Ed25519
|
||||
IntegerFieldModuloP ed25519Field = new IntegerPolynomial25519();
|
||||
IntegerFieldModuloP ed25519OrderField = new Curve25519OrderField();
|
||||
IntegerFieldModuloP ed25519Field = IntegerPolynomial25519.ONE;
|
||||
IntegerFieldModuloP ed25519OrderField = Curve25519OrderField.ONE;
|
||||
BigInteger biD = new BigInteger("3709570593466943934313808350875" +
|
||||
"4565189542113879843219016388785533085940283555");
|
||||
ImmutableIntegerModuloP d = ed25519Field.getElement(biD);
|
||||
@ -280,8 +280,8 @@ public class EdDSAParameters {
|
||||
namedParams.put(name, oid, bits, params);
|
||||
|
||||
// set up Ed448
|
||||
IntegerFieldModuloP ed448Field = new IntegerPolynomial448();
|
||||
IntegerFieldModuloP ed448OrderField = new Curve448OrderField();
|
||||
IntegerFieldModuloP ed448Field = IntegerPolynomial448.ONE;
|
||||
IntegerFieldModuloP ed448OrderField = Curve448OrderField.ONE;
|
||||
biD = ed448Field.getSize().subtract(new BigInteger("39081"));
|
||||
d = ed448Field.getElement(biD);
|
||||
baseX = new BigInteger("224580040295924300187604334" +
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2018, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2018, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -122,12 +122,10 @@ public class TestIntegerModuloP {
|
||||
final int length = Integer.parseInt(args[1]);
|
||||
int seed = Integer.parseInt(args[2]);
|
||||
|
||||
Class<IntegerFieldModuloP> fieldBaseClass = IntegerFieldModuloP.class;
|
||||
try {
|
||||
Class<? extends IntegerFieldModuloP> clazz =
|
||||
Class.forName(className).asSubclass(fieldBaseClass);
|
||||
IntegerFieldModuloP field =
|
||||
clazz.getDeclaredConstructor().newInstance();
|
||||
Class<?> clazz = Class.forName(className);
|
||||
IntegerFieldModuloP field = (IntegerFieldModuloP)
|
||||
clazz.getDeclaredField("ONE").get(null);
|
||||
|
||||
setUpFunctions(field, length);
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user