Home Explore Help
Register Sign In
wartheking
/
WaterFlush
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 26b9e86ba4
Branches Tags
WaterFlush
/
Packages
/
com.tivadar.best.http
/
Runtime
/
3rdParty
/
BouncyCastle
/
math
/
ec
/
ECFieldElement.cs

ECFieldElement.cs 28 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945 
  1. #if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
    2. 

  2. #pragma warning disable
    3. 

  3. using System;
    4. 

  4. using System.Diagnostics;
    5. 

  5. 

  6. using Best.HTTP.SecureProtocol.Org.BouncyCastle.Utilities;
    7. 

  7. 

  8. namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Math.EC
    9. 

  9. {
    10. 

  10.     public abstract class ECFieldElement
    11. 

  11.     {
    12. 

  12.         public abstract BigInteger ToBigInteger();
    13. 

  13.         public abstract string FieldName { get; }
    14. 

  14.         public abstract int FieldSize { get; }
    15. 

  15.         public abstract ECFieldElement Add(ECFieldElement b);
    16. 

  16.         public abstract ECFieldElement AddOne();
    17. 

  17.         public abstract ECFieldElement Subtract(ECFieldElement b);
    18. 

  18.         public abstract ECFieldElement Multiply(ECFieldElement b);
    19. 

  19.         public abstract ECFieldElement Divide(ECFieldElement b);
    20. 

  20.         public abstract ECFieldElement Negate();
    21. 

  21.         public abstract ECFieldElement Square();
    22. 

  22.         public abstract ECFieldElement Invert();
    23. 

  23.         public abstract ECFieldElement Sqrt();
    24. 

  24. 

  25.         public virtual int BitLength
    26. 

  26.         {
    27. 

  27.             get { return ToBigInteger().BitLength; }
    28. 

  28.         }
    29. 

  29. 

  30.         public virtual bool IsOne
    31. 

  31.         {
    32. 

  32.             get { return BitLength == 1; }
    33. 

  33.         }
    34. 

  34. 

  35.         public virtual bool IsZero
    36. 

  36.         {
    37. 

  37.             get { return 0 == ToBigInteger().SignValue; }
    38. 

  38.         }
    39. 

  39. 

  40.         public virtual ECFieldElement MultiplyMinusProduct(ECFieldElement b, ECFieldElement x, ECFieldElement y)
    41. 

  41.         {
    42. 

  42.             return Multiply(b).Subtract(x.Multiply(y));
    43. 

  43.         }
    44. 

  44. 

  45.         public virtual ECFieldElement MultiplyPlusProduct(ECFieldElement b, ECFieldElement x, ECFieldElement y)
    46. 

  46.         {
    47. 

  47.             return Multiply(b).Add(x.Multiply(y));
    48. 

  48.         }
    49. 

  49. 

  50.         public virtual ECFieldElement SquareMinusProduct(ECFieldElement x, ECFieldElement y)
    51. 

  51.         {
    52. 

  52.             return Square().Subtract(x.Multiply(y));
    53. 

  53.         }
    54. 

  54. 

  55.         public virtual ECFieldElement SquarePlusProduct(ECFieldElement x, ECFieldElement y)
    56. 

  56.         {
    57. 

  57.             return Square().Add(x.Multiply(y));
    58. 

  58.         }
    59. 

  59. 

  60.         public virtual ECFieldElement SquarePow(int pow)
    61. 

  61.         {
    62. 

  62.             ECFieldElement r = this;
    63. 

  63.             for (int i = 0; i < pow; ++i)
    64. 

  64.             {
    65. 

  65.                 r = r.Square();
    66. 

  66.             }
    67. 

  67.             return r;
    68. 

  68.         }
    69. 

  69. 

  70.         public virtual bool TestBitZero()
    71. 

  71.         {
    72. 

  72.             return ToBigInteger().TestBit(0);
    73. 

  73.         }
    74. 

  74. 

  75.         public override bool Equals(object obj)
    76. 

  76.         {
    77. 

  77.             return Equals(obj as ECFieldElement);
    78. 

  78.         }
    79. 

  79. 

  80.         public virtual bool Equals(ECFieldElement other)
    81. 

  81.         {
    82. 

  82.             if (this == other)
    83. 

  83.                 return true;
    84. 

  84.             if (null == other)
    85. 

  85.                 return false;
    86. 

  86.             return ToBigInteger().Equals(other.ToBigInteger());
    87. 

  87.         }
    88. 

  88. 

  89.         public override int GetHashCode()
    90. 

  90.         {
    91. 

  91.             return ToBigInteger().GetHashCode();
    92. 

  92.         }
    93. 

  93. 

  94.         public override string ToString()
    95. 

  95.         {
    96. 

  96.             return this.ToBigInteger().ToString(16);
    97. 

  97.         }
    98. 

  98. 

  99.         public virtual byte[] GetEncoded()
    100. 

  100.         {
    101. 

  101.             return BigIntegers.AsUnsignedByteArray(GetEncodedLength(), ToBigInteger());
    102. 

  102.         }
    103. 

  103. 

  104.         public virtual int GetEncodedLength()
    105. 

  105.         {
    106. 

  106.             return (FieldSize + 7) / 8;
    107. 

  107.         }
    108. 

  108. 

  109.         public virtual void EncodeTo(byte[] buf, int off)
    110. 

  110.         {
    111. 

  111.             BigIntegers.AsUnsignedByteArray(ToBigInteger(), buf, off, GetEncodedLength());
    112. 

  112.         }
    113. 

  113. 

  114. #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER || UNITY_2021_2_OR_NEWER
    115. 

  115.         public virtual void EncodeTo(Span<byte> buf)
    116. 

  116.         {
    117. 

  117.             BigIntegers.AsUnsignedByteArray(ToBigInteger(), buf[..GetEncodedLength()]);
    118. 

  118.         }
    119. 

  119. #endif
    120. 

  120.     }
    121. 

  121. 

  122.     public abstract class AbstractFpFieldElement
    123. 

  123.         : ECFieldElement
    124. 

  124.     {
    125. 

  125.     }
    126. 

  126. 

  127.     public class FpFieldElement
    128. 

  128.         : AbstractFpFieldElement
    129. 

  129.     {
    130. 

  130.         private readonly BigInteger q, r, x;
    131. 

  131. 

  132.         internal static BigInteger CalculateResidue(BigInteger p)
    133. 

  133.         {
    134. 

  134.             int bitLength = p.BitLength;
    135. 

  135.             if (bitLength >= 96)
    136. 

  136.             {
    137. 

  137.                 BigInteger firstWord = p.ShiftRight(bitLength - 64);
    138. 

  138.                 if (firstWord.LongValue == -1L)
    139. 

  139.                 {
    140. 

  140.                     return BigInteger.One.ShiftLeft(bitLength).Subtract(p);
    141. 

  141.                 }
    142. 

  142.                 if ((bitLength & 7) == 0)
    143. 

  143.                 {
    144. 

  144.                     return BigInteger.One.ShiftLeft(bitLength << 1).Divide(p).Negate();
    145. 

  145.                 }
    146. 

  146.             }
    147. 

  147.             return null;
    148. 

  148.         }
    149. 

  149. 

  150.         internal FpFieldElement(BigInteger q, BigInteger r, BigInteger x)
    151. 

  151.         {
    152. 

  152.             this.q = q;
    153. 

  153.             this.r = r;
    154. 

  154.             this.x = x;
    155. 

  155.         }
    156. 

  156. 

  157.         public override BigInteger ToBigInteger()
    158. 

  158.         {
    159. 

  159.             return x;
    160. 

  160.         }
    161. 

  161. 

  162.         /**
    163. 

  163.          * return the field name for this field.
    164. 

  164.          *
    165. 

  165.          * @return the string "Fp".
    166. 

  166.          */
    167. 

  167.         public override string FieldName
    168. 

  168.         {
    169. 

  169.             get { return "Fp"; }
    170. 

  170.         }
    171. 

  171. 

  172.         public override int FieldSize
    173. 

  173.         {
    174. 

  174.             get { return q.BitLength; }
    175. 

  175.         }
    176. 

  176. 

  177.         public BigInteger Q
    178. 

  178.         {
    179. 

  179.             get { return q; }
    180. 

  180.         }
    181. 

  181. 

  182.         public override ECFieldElement Add(
    183. 

  183.             ECFieldElement b)
    184. 

  184.         {
    185. 

  185.             return new FpFieldElement(q, r, ModAdd(x, b.ToBigInteger()));
    186. 

  186.         }
    187. 

  187. 

  188.         public override ECFieldElement AddOne()
    189. 

  189.         {
    190. 

  190.             BigInteger x2 = x.Add(BigInteger.One);
    191. 

  191.             if (x2.CompareTo(q) == 0)
    192. 

  192.             {
    193. 

  193.                 x2 = BigInteger.Zero;
    194. 

  194.             }
    195. 

  195.             return new FpFieldElement(q, r, x2);
    196. 

  196.         }
    197. 

  197. 

  198.         public override ECFieldElement Subtract(
    199. 

  199.             ECFieldElement b)
    200. 

  200.         {
    201. 

  201.             return new FpFieldElement(q, r, ModSubtract(x, b.ToBigInteger()));
    202. 

  202.         }
    203. 

  203. 

  204.         public override ECFieldElement Multiply(
    205. 

  205.             ECFieldElement b)
    206. 

  206.         {
    207. 

  207.             return new FpFieldElement(q, r, ModMult(x, b.ToBigInteger()));
    208. 

  208.         }
    209. 

  209. 

  210.         public override ECFieldElement MultiplyMinusProduct(ECFieldElement b, ECFieldElement x, ECFieldElement y)
    211. 

  211.         {
    212. 

  212.             BigInteger ax = this.x, bx = b.ToBigInteger(), xx = x.ToBigInteger(), yx = y.ToBigInteger();
    213. 

  213.             BigInteger ab = ax.Multiply(bx);
    214. 

  214.             BigInteger xy = xx.Multiply(yx);
    215. 

  215.             return new FpFieldElement(q, r, ModReduce(ab.Subtract(xy)));
    216. 

  216.         }
    217. 

  217. 

  218.         public override ECFieldElement MultiplyPlusProduct(ECFieldElement b, ECFieldElement x, ECFieldElement y)
    219. 

  219.         {
    220. 

  220.             BigInteger ax = this.x, bx = b.ToBigInteger(), xx = x.ToBigInteger(), yx = y.ToBigInteger();
    221. 

  221.             BigInteger ab = ax.Multiply(bx);
    222. 

  222.             BigInteger xy = xx.Multiply(yx);
    223. 

  223.             BigInteger sum = ab.Add(xy);
    224. 

  224.             if (r != null && r.SignValue < 0 && sum.BitLength > (q.BitLength << 1))
    225. 

  225.             {
    226. 

  226.                 sum = sum.Subtract(q.ShiftLeft(q.BitLength));
    227. 

  227.             }
    228. 

  228.             return new FpFieldElement(q, r, ModReduce(sum));
    229. 

  229.         }
    230. 

  230. 

  231.         public override ECFieldElement Divide(
    232. 

  232.             ECFieldElement b)
    233. 

  233.         {
    234. 

  234.             return new FpFieldElement(q, r, ModMult(x, ModInverse(b.ToBigInteger())));
    235. 

  235.         }
    236. 

  236. 

  237.         public override ECFieldElement Negate()
    238. 

  238.         {
    239. 

  239.             return x.SignValue == 0 ? this : new FpFieldElement(q, r, q.Subtract(x));
    240. 

  240.         }
    241. 

  241. 

  242.         public override ECFieldElement Square()
    243. 

  243.         {
    244. 

  244.             return new FpFieldElement(q, r, ModMult(x, x));
    245. 

  245.         }
    246. 

  246. 

  247.         public override ECFieldElement SquareMinusProduct(ECFieldElement x, ECFieldElement y)
    248. 

  248.         {
    249. 

  249.             BigInteger ax = this.x, xx = x.ToBigInteger(), yx = y.ToBigInteger();
    250. 

  250.             BigInteger aa = ax.Multiply(ax);
    251. 

  251.             BigInteger xy = xx.Multiply(yx);
    252. 

  252.             return new FpFieldElement(q, r, ModReduce(aa.Subtract(xy)));
    253. 

  253.         }
    254. 

  254. 

  255.         public override ECFieldElement SquarePlusProduct(ECFieldElement x, ECFieldElement y)
    256. 

  256.         {
    257. 

  257.             BigInteger ax = this.x, xx = x.ToBigInteger(), yx = y.ToBigInteger();
    258. 

  258.             BigInteger aa = ax.Multiply(ax);
    259. 

  259.             BigInteger xy = xx.Multiply(yx);
    260. 

  260.             BigInteger sum = aa.Add(xy);
    261. 

  261.             if (r != null && r.SignValue < 0 && sum.BitLength > (q.BitLength << 1))
    262. 

  262.             {
    263. 

  263.                 sum = sum.Subtract(q.ShiftLeft(q.BitLength));
    264. 

  264.             }
    265. 

  265.             return new FpFieldElement(q, r, ModReduce(sum));
    266. 

  266.         }
    267. 

  267. 

  268.         public override ECFieldElement Invert()
    269. 

  269.         {
    270. 

  270.             // TODO Modular inversion can be faster for a (Generalized) Mersenne Prime.
    271. 

  271.             return new FpFieldElement(q, r, ModInverse(x));
    272. 

  272.         }
    273. 

  273. 

  274.         /**
    275. 

  275.          * return a sqrt root - the routine verifies that the calculation
    276. 

  276.          * returns the right value - if none exists it returns null.
    277. 

  277.          */
    278. 

  278.         public override ECFieldElement Sqrt()
    279. 

  279.         {
    280. 

  280.             if (IsZero || IsOne)
    281. 

  281.                 return this;
    282. 

  282. 

  283.             if (!q.TestBit(0))
    284. 

  284.                 throw new NotImplementedException("even value of q");
    285. 

  285. 

  286.             if (q.TestBit(1)) // q == 4m + 3
    287. 

  287.             {
    288. 

  288.                 BigInteger e = q.ShiftRight(2).Add(BigInteger.One);
    289. 

  289.                 return CheckSqrt(new FpFieldElement(q, r, x.ModPow(e, q)));
    290. 

  290.             }
    291. 

  291. 

  292.             if (q.TestBit(2)) // q == 8m + 5
    293. 

  293.             {
    294. 

  294.                 BigInteger t1 = x.ModPow(q.ShiftRight(3), q);
    295. 

  295.                 BigInteger t2 = ModMult(t1, x);
    296. 

  296.                 BigInteger t3 = ModMult(t2, t1);
    297. 

  297. 

  298.                 if (t3.Equals(BigInteger.One))
    299. 

  299.                 {
    300. 

  300.                     return CheckSqrt(new FpFieldElement(q, r, t2));
    301. 

  301.                 }
    302. 

  302. 

  303.                 // TODO This is constant and could be precomputed
    304. 

  304.                 BigInteger t4 = BigInteger.Two.ModPow(q.ShiftRight(2), q);
    305. 

  305. 

  306.                 BigInteger y = ModMult(t2, t4);
    307. 

  307. 

  308.                 return CheckSqrt(new FpFieldElement(q, r, y));
    309. 

  309.             }
    310. 

  310. 

  311.             // q == 8m + 1
    312. 

  312. 

  313.             BigInteger legendreExponent = q.ShiftRight(1);
    314. 

  314.             if (!(x.ModPow(legendreExponent, q).Equals(BigInteger.One)))
    315. 

  315.                 return null;
    316. 

  316. 

  317.             BigInteger X = this.x;
    318. 

  318.             BigInteger fourX = ModDouble(ModDouble(X)); ;
    319. 

  319. 

  320.             BigInteger k = legendreExponent.Add(BigInteger.One), qMinusOne = q.Subtract(BigInteger.One);
    321. 

  321. 

  322.             BigInteger U, V;
    323. 

  323.             do
    324. 

  324.             {
    325. 

  325.                 BigInteger P;
    326. 

  326.                 do
    327. 

  327.                 {
    328. 

  328.                     P = BigInteger.Arbitrary(q.BitLength);
    329. 

  329.                 }
    330. 

  330.                 while (P.CompareTo(q) >= 0
    331. 

  331.                     || !ModReduce(P.Multiply(P).Subtract(fourX)).ModPow(legendreExponent, q).Equals(qMinusOne));
    332. 

  332. 

  333.                 BigInteger[] result = LucasSequence(P, X, k);
    334. 

  334.                 U = result[0];
    335. 

  335.                 V = result[1];
    336. 

  336. 

  337.                 if (ModMult(V, V).Equals(fourX))
    338. 

  338.                 {
    339. 

  339.                     return new FpFieldElement(q, r, ModHalfAbs(V));
    340. 

  340.                 }
    341. 

  341.             }
    342. 

  342.             while (U.Equals(BigInteger.One) || U.Equals(qMinusOne));
    343. 

  343. 

  344.             return null;
    345. 

  345.         }
    346. 

  346. 

  347.         private ECFieldElement CheckSqrt(ECFieldElement z)
    348. 

  348.         {
    349. 

  349.             return z.Square().Equals(this) ? z : null;
    350. 

  350.         }
    351. 

  351. 

  352.         private BigInteger[] LucasSequence(
    353. 

  353.             BigInteger	P,
    354. 

  354.             BigInteger	Q,
    355. 

  355.             BigInteger	k)
    356. 

  356.         {
    357. 

  357.             // TODO Research and apply "common-multiplicand multiplication here"
    358. 

  358. 

  359.             int n = k.BitLength;
    360. 

  360.             int s = k.GetLowestSetBit();
    361. 

  361. 

  362.             Debug.Assert(k.TestBit(s));
    363. 

  363. 

  364.             BigInteger Uh = BigInteger.One;
    365. 

  365.             BigInteger Vl = BigInteger.Two;
    366. 

  366.             BigInteger Vh = P;
    367. 

  367.             BigInteger Ql = BigInteger.One;
    368. 

  368.             BigInteger Qh = BigInteger.One;
    369. 

  369. 

  370.             for (int j = n - 1; j >= s + 1; --j)
    371. 

  371.             {
    372. 

  372.                 Ql = ModMult(Ql, Qh);
    373. 

  373. 

  374.                 if (k.TestBit(j))
    375. 

  375.                 {
    376. 

  376.                     Qh = ModMult(Ql, Q);
    377. 

  377.                     Uh = ModMult(Uh, Vh);
    378. 

  378.                     Vl = ModReduce(Vh.Multiply(Vl).Subtract(P.Multiply(Ql)));
    379. 

  379.                     Vh = ModReduce(Vh.Multiply(Vh).Subtract(Qh.ShiftLeft(1)));
    380. 

  380.                 }
    381. 

  381.                 else
    382. 

  382.                 {
    383. 

  383.                     Qh = Ql;
    384. 

  384.                     Uh = ModReduce(Uh.Multiply(Vl).Subtract(Ql));
    385. 

  385.                     Vh = ModReduce(Vh.Multiply(Vl).Subtract(P.Multiply(Ql)));
    386. 

  386.                     Vl = ModReduce(Vl.Multiply(Vl).Subtract(Ql.ShiftLeft(1)));
    387. 

  387.                 }
    388. 

  388.             }
    389. 

  389. 

  390.             Ql = ModMult(Ql, Qh);
    391. 

  391.             Qh = ModMult(Ql, Q);
    392. 

  392.             Uh = ModReduce(Uh.Multiply(Vl).Subtract(Ql));
    393. 

  393.             Vl = ModReduce(Vh.Multiply(Vl).Subtract(P.Multiply(Ql)));
    394. 

  394.             Ql = ModMult(Ql, Qh);
    395. 

  395. 

  396.             for (int j = 1; j <= s; ++j)
    397. 

  397.             {
    398. 

  398.                 Uh = ModMult(Uh, Vl);
    399. 

  399.                 Vl = ModReduce(Vl.Multiply(Vl).Subtract(Ql.ShiftLeft(1)));
    400. 

  400.                 Ql = ModMult(Ql, Ql);
    401. 

  401.             }
    402. 

  402. 

  403.             return new BigInteger[] { Uh, Vl };
    404. 

  404.         }
    405. 

  405. 

  406.         protected virtual BigInteger ModAdd(BigInteger x1, BigInteger x2)
    407. 

  407.         {
    408. 

  408.             BigInteger x3 = x1.Add(x2);
    409. 

  409.             if (x3.CompareTo(q) >= 0)
    410. 

  410.             {
    411. 

  411.                 x3 = x3.Subtract(q);
    412. 

  412.             }
    413. 

  413.             return x3;
    414. 

  414.         }
    415. 

  415. 

  416.         protected virtual BigInteger ModDouble(BigInteger x)
    417. 

  417.         {
    418. 

  418.             BigInteger _2x = x.ShiftLeft(1);
    419. 

  419.             if (_2x.CompareTo(q) >= 0)
    420. 

  420.             {
    421. 

  421.                 _2x = _2x.Subtract(q);
    422. 

  422.             }
    423. 

  423.             return _2x;
    424. 

  424.         }
    425. 

  425. 

  426.         protected virtual BigInteger ModHalf(BigInteger x)
    427. 

  427.         {
    428. 

  428.             if (x.TestBit(0))
    429. 

  429.             {
    430. 

  430.                 x = q.Add(x);
    431. 

  431.             }
    432. 

  432.             return x.ShiftRight(1);
    433. 

  433.         }
    434. 

  434. 

  435.         protected virtual BigInteger ModHalfAbs(BigInteger x)
    436. 

  436.         {
    437. 

  437.             if (x.TestBit(0))
    438. 

  438.             {
    439. 

  439.                 x = q.Subtract(x);
    440. 

  440.             }
    441. 

  441.             return x.ShiftRight(1);
    442. 

  442.         }
    443. 

  443. 

  444.         protected virtual BigInteger ModInverse(BigInteger x)
    445. 

  445.         {
    446. 

  446.             return BigIntegers.ModOddInverse(q, x);
    447. 

  447.         }
    448. 

  448. 

  449.         protected virtual BigInteger ModMult(BigInteger x1, BigInteger x2)
    450. 

  450.         {
    451. 

  451.             return ModReduce(x1.Multiply(x2));
    452. 

  452.         }
    453. 

  453. 

  454.         protected virtual BigInteger ModReduce(BigInteger x)
    455. 

  455.         {
    456. 

  456.             if (r == null)
    457. 

  457.             {
    458. 

  458.                 x = x.Mod(q);
    459. 

  459.             }
    460. 

  460.             else
    461. 

  461.             {
    462. 

  462.                 bool negative = x.SignValue < 0;
    463. 

  463.                 if (negative)
    464. 

  464.                 {
    465. 

  465.                     x = x.Abs();
    466. 

  466.                 }
    467. 

  467.                 int qLen = q.BitLength;
    468. 

  468.                 if (r.SignValue > 0)
    469. 

  469.                 {
    470. 

  470.                     BigInteger qMod = BigInteger.One.ShiftLeft(qLen);
    471. 

  471.                     bool rIsOne = r.Equals(BigInteger.One);
    472. 

  472.                     while (x.BitLength > (qLen + 1))
    473. 

  473.                     {
    474. 

  474.                         BigInteger u = x.ShiftRight(qLen);
    475. 

  475.                         BigInteger v = x.Remainder(qMod);
    476. 

  476.                         if (!rIsOne)
    477. 

  477.                         {
    478. 

  478.                             u = u.Multiply(r);
    479. 

  479.                         }
    480. 

  480.                         x = u.Add(v);
    481. 

  481.                     }
    482. 

  482.                 }
    483. 

  483.                 else
    484. 

  484.                 {
    485. 

  485.                     int d = ((qLen - 1) & 31) + 1;
    486. 

  486.                     BigInteger mu = r.Negate();
    487. 

  487.                     BigInteger u = mu.Multiply(x.ShiftRight(qLen - d));
    488. 

  488.                     BigInteger quot = u.ShiftRight(qLen + d);
    489. 

  489.                     BigInteger v = quot.Multiply(q);
    490. 

  490.                     BigInteger bk1 = BigInteger.One.ShiftLeft(qLen + d);
    491. 

  491.                     v = v.Remainder(bk1);
    492. 

  492.                     x = x.Remainder(bk1);
    493. 

  493.                     x = x.Subtract(v);
    494. 

  494.                     if (x.SignValue < 0)
    495. 

  495.                     {
    496. 

  496.                         x = x.Add(bk1);
    497. 

  497.                     }
    498. 

  498.                 }
    499. 

  499.                 while (x.CompareTo(q) >= 0)
    500. 

  500.                 {
    501. 

  501.                     x = x.Subtract(q);
    502. 

  502.                 }
    503. 

  503.                 if (negative && x.SignValue != 0)
    504. 

  504.                 {
    505. 

  505.                     x = q.Subtract(x);
    506. 

  506.                 }
    507. 

  507.             }
    508. 

  508.             return x;
    509. 

  509.         }
    510. 

  510. 

  511.         protected virtual BigInteger ModSubtract(BigInteger x1, BigInteger x2)
    512. 

  512.         {
    513. 

  513.             BigInteger x3 = x1.Subtract(x2);
    514. 

  514.             if (x3.SignValue < 0)
    515. 

  515.             {
    516. 

  516.                 x3 = x3.Add(q);
    517. 

  517.             }
    518. 

  518.             return x3;
    519. 

  519.         }
    520. 

  520. 

  521.         public override bool Equals(
    522. 

  522.             object obj)
    523. 

  523.         {
    524. 

  524.             if (obj == this)
    525. 

  525.                 return true;
    526. 

  526. 

  527.             FpFieldElement other = obj as FpFieldElement;
    528. 

  528. 

  529.             if (other == null)
    530. 

  530.                 return false;
    531. 

  531. 

  532.             return Equals(other);
    533. 

  533.         }
    534. 

  534. 

  535.         public virtual bool Equals(
    536. 

  536.             FpFieldElement other)
    537. 

  537.         {
    538. 

  538.             return q.Equals(other.q) && base.Equals(other);
    539. 

  539.         }
    540. 

  540. 

  541.         public override int GetHashCode()
    542. 

  542.         {
    543. 

  543.             return q.GetHashCode() ^ base.GetHashCode();
    544. 

  544.         }
    545. 

  545.     }
    546. 

  546. 

  547.     public abstract class AbstractF2mFieldElement
    548. 

  548.         :   ECFieldElement
    549. 

  549.     {
    550. 

  550.         public virtual ECFieldElement HalfTrace()
    551. 

  551.         {
    552. 

  552.             int m = FieldSize;
    553. 

  553.             if ((m & 1) == 0)
    554. 

  554.                 throw new InvalidOperationException("Half-trace only defined for odd m");
    555. 

  555. 

  556.             //ECFieldElement ht = this;
    557. 

  557.             //for (int i = 1; i < m; i += 2)
    558. 

  558.             //{
    559. 

  559.             //    ht = ht.SquarePow(2).Add(this);
    560. 

  560.             //}
    561. 

  561. 

  562.             int n = (m + 1) >> 1;
    563. 

  563.             int k = 31 - Integers.NumberOfLeadingZeros(n);
    564. 

  564.             int nk = 1;
    565. 

  565. 

  566.             ECFieldElement ht = this;
    567. 

  567.             while (k > 0)
    568. 

  568.             {
    569. 

  569.                 ht = ht.SquarePow(nk << 1).Add(ht);
    570. 

  570.                 nk = n >> --k;
    571. 

  571.                 if (0 != (nk & 1))
    572. 

  572.                 {
    573. 

  573.                     ht = ht.SquarePow(2).Add(this);
    574. 

  574.                 }
    575. 

  575.             }
    576. 

  576. 

  577.             return ht;
    578. 

  578.         }
    579. 

  579. 

  580.         public virtual bool HasFastTrace
    581. 

  581.         {
    582. 

  582.             get { return false; }
    583. 

  583.         }
    584. 

  584. 

  585.         public virtual int Trace()
    586. 

  586.         {
    587. 

  587.             int m = FieldSize;
    588. 

  588. 

  589.             //ECFieldElement tr = this;
    590. 

  590.             //for (int i = 1; i < m; ++i)
    591. 

  591.             //{
    592. 

  592.             //    tr = tr.Square().Add(this);
    593. 

  593.             //}
    594. 

  594. 

  595.             int k = 31 - Integers.NumberOfLeadingZeros(m);
    596. 

  596.             int mk = 1;
    597. 

  597. 

  598.             ECFieldElement tr = this;
    599. 

  599.             while (k > 0)
    600. 

  600.             {
    601. 

  601.                 tr = tr.SquarePow(mk).Add(tr);
    602. 

  602.                 mk = m >> --k;
    603. 

  603.                 if (0 != (mk & 1))
    604. 

  604.                 {
    605. 

  605.                     tr = tr.Square().Add(this);
    606. 

  606.                 }
    607. 

  607.             }
    608. 

  608. 

  609.             if (tr.IsZero)
    610. 

  610.                 return 0;
    611. 

  611.             if (tr.IsOne)
    612. 

  612.                 return 1;
    613. 

  613.             throw new InvalidOperationException("Internal error in trace calculation");
    614. 

  614.         }
    615. 

  615.     }
    616. 

  616. 

  617.     /**
    618. 

  618.      * Class representing the Elements of the finite field
    619. 

  619.      * <code>F<sub>2<sup>m</sup></sub></code> in polynomial basis (PB)
    620. 

  620.      * representation. Both trinomial (Tpb) and pentanomial (Ppb) polynomial
    621. 

  621.      * basis representations are supported. Gaussian normal basis (GNB)
    622. 

  622.      * representation is not supported.
    623. 

  623.      */
    624. 

  624.     public class F2mFieldElement
    625. 

  625.         :   AbstractF2mFieldElement
    626. 

  626.     {
    627. 

  627.         /**
    628. 

  628.          * Indicates gaussian normal basis representation (GNB). Number chosen
    629. 

  629.          * according to X9.62. GNB is not implemented at present.
    630. 

  630.          */
    631. 

  631.         public const int Gnb = 1;
    632. 

  632. 

  633.         /**
    634. 

  634.          * Indicates trinomial basis representation (Tpb). Number chosen
    635. 

  635.          * according to X9.62.
    636. 

  636.          */
    637. 

  637.         public const int Tpb = 2;
    638. 

  638. 

  639.         /**
    640. 

  640.          * Indicates pentanomial basis representation (Ppb). Number chosen
    641. 

  641.          * according to X9.62.
    642. 

  642.          */
    643. 

  643.         public const int Ppb = 3;
    644. 

  644. 

  645.         /**
    646. 

  646.          * Tpb or Ppb.
    647. 

  647.          */
    648. 

  648.         private int representation;
    649. 

  649. 

  650.         /**
    651. 

  651.          * The exponent <code>m</code> of <code>F<sub>2<sup>m</sup></sub></code>.
    652. 

  652.          */
    653. 

  653.         private int m;
    654. 

  654. 

  655.         private int[] ks;
    656. 

  656. 

  657.         /**
    658. 

  658.          * The <code>LongArray</code> holding the bits.
    659. 

  659.          */
    660. 

  660.         internal LongArray x;
    661. 

  661. 

  662.         internal F2mFieldElement(int m, int[] ks, LongArray x)
    663. 

  663.         {
    664. 

  664.             this.m = m;
    665. 

  665.             this.representation = (ks.Length == 1) ? Tpb : Ppb;
    666. 

  666.             this.ks = ks;
    667. 

  667.             this.x = x;
    668. 

  668.         }
    669. 

  669. 

  670.         public override int BitLength
    671. 

  671.         {
    672. 

  672.             get { return x.Degree(); }
    673. 

  673.         }
    674. 

  674. 

  675.         public override bool IsOne
    676. 

  676.         {
    677. 

  677.             get { return x.IsOne(); }
    678. 

  678.         }
    679. 

  679. 

  680.         public override bool IsZero
    681. 

  681.         {
    682. 

  682.             get { return x.IsZero(); }
    683. 

  683.         }
    684. 

  684. 

  685.         public override bool TestBitZero()
    686. 

  686.         {
    687. 

  687.             return x.TestBitZero();
    688. 

  688.         }
    689. 

  689. 

  690.         public override BigInteger ToBigInteger()
    691. 

  691.         {
    692. 

  692.             return x.ToBigInteger();
    693. 

  693.         }
    694. 

  694. 

  695.         public override string FieldName
    696. 

  696.         {
    697. 

  697.             get { return "F2m"; }
    698. 

  698.         }
    699. 

  699. 

  700.         public override int FieldSize
    701. 

  701.         {
    702. 

  702.             get { return m; }
    703. 

  703.         }
    704. 

  704. 

  705.         /**
    706. 

  706.         * Checks, if the ECFieldElements <code>a</code> and <code>b</code>
    707. 

  707.         * are elements of the same field <code>F<sub>2<sup>m</sup></sub></code>
    708. 

  708.         * (having the same representation).
    709. 

  709.         * @param a field element.
    710. 

  710.         * @param b field element to be compared.
    711. 

  711.         * @throws ArgumentException if <code>a</code> and <code>b</code>
    712. 

  712.         * are not elements of the same field
    713. 

  713.         * <code>F<sub>2<sup>m</sup></sub></code> (having the same
    714. 

  714.         * representation).
    715. 

  715.         */
    716. 

  716.         public static void CheckFieldElements(
    717. 

  717.             ECFieldElement	a,
    718. 

  718.             ECFieldElement	b)
    719. 

  719.         {
    720. 

  720.             if (!(a is F2mFieldElement) || !(b is F2mFieldElement))
    721. 

  721.             {
    722. 

  722.                 throw new ArgumentException("Field elements are not "
    723. 

  723.                     + "both instances of F2mFieldElement");
    724. 

  724.             }
    725. 

  725. 

  726.             F2mFieldElement aF2m = (F2mFieldElement)a;
    727. 

  727.             F2mFieldElement bF2m = (F2mFieldElement)b;
    728. 

  728. 

  729.             if (aF2m.representation != bF2m.representation)
    730. 

  730.             {
    731. 

  731.                 // Should never occur
    732. 

  732.                 throw new ArgumentException("One of the F2m field elements has incorrect representation");
    733. 

  733.             }
    734. 

  734. 

  735.             if ((aF2m.m != bF2m.m) || !Arrays.AreEqual(aF2m.ks, bF2m.ks))
    736. 

  736.             {
    737. 

  737.                 throw new ArgumentException("Field elements are not elements of the same field F2m");
    738. 

  738.             }
    739. 

  739.         }
    740. 

  740. 

  741.         public override ECFieldElement Add(
    742. 

  742.             ECFieldElement b)
    743. 

  743.         {
    744. 

  744.             // No check performed here for performance reasons. Instead the
    745. 

  745.             // elements involved are checked in ECPoint.F2m
    746. 

  746.             // checkFieldElements(this, b);
    747. 

  747.             LongArray iarrClone = this.x.Copy();
    748. 

  748.             F2mFieldElement bF2m = (F2mFieldElement)b;
    749. 

  749.             iarrClone.AddShiftedByWords(bF2m.x, 0);
    750. 

  750.             return new F2mFieldElement(m, ks, iarrClone);
    751. 

  751.         }
    752. 

  752. 

  753.         public override ECFieldElement AddOne()
    754. 

  754.         {
    755. 

  755.             return new F2mFieldElement(m, ks, x.AddOne());
    756. 

  756.         }
    757. 

  757. 

  758.         public override ECFieldElement Subtract(
    759. 

  759.             ECFieldElement b)
    760. 

  760.         {
    761. 

  761.             // Addition and subtraction are the same in F2m
    762. 

  762.             return Add(b);
    763. 

  763.         }
    764. 

  764. 

  765.         public override ECFieldElement Multiply(
    766. 

  766.             ECFieldElement b)
    767. 

  767.         {
    768. 

  768.             // Right-to-left comb multiplication in the LongArray
    769. 

  769.             // Input: Binary polynomials a(z) and b(z) of degree at most m-1
    770. 

  770.             // Output: c(z) = a(z) * b(z) mod f(z)
    771. 

  771. 

  772.             // No check performed here for performance reasons. Instead the
    773. 

  773.             // elements involved are checked in ECPoint.F2m
    774. 

  774.             // checkFieldElements(this, b);
    775. 

  775.             return new F2mFieldElement(m, ks, x.ModMultiply(((F2mFieldElement)b).x, m, ks));
    776. 

  776.         }
    777. 

  777. 

  778.         public override ECFieldElement MultiplyMinusProduct(ECFieldElement b, ECFieldElement x, ECFieldElement y)
    779. 

  779.         {
    780. 

  780.             return MultiplyPlusProduct(b, x, y);
    781. 

  781.         }
    782. 

  782. 

  783.         public override ECFieldElement MultiplyPlusProduct(ECFieldElement b, ECFieldElement x, ECFieldElement y)
    784. 

  784.         {
    785. 

  785.             LongArray ax = this.x, bx = ((F2mFieldElement)b).x, xx = ((F2mFieldElement)x).x, yx = ((F2mFieldElement)y).x;
    786. 

  786. 

  787.             LongArray ab = ax.Multiply(bx, m, ks);
    788. 

  788.             LongArray xy = xx.Multiply(yx, m, ks);
    789. 

  789. 

  790.             if (LongArray.AreAliased(ref ab, ref ax) || LongArray.AreAliased(ref ab, ref bx))
    791. 

  791.             {
    792. 

  792.                 ab = ab.Copy();
    793. 

  793.             }
    794. 

  794. 

  795.             ab.AddShiftedByWords(xy, 0);
    796. 

  796.             ab.Reduce(m, ks);
    797. 

  797. 

  798.             return new F2mFieldElement(m, ks, ab);
    799. 

  799.         }
    800. 

  800. 

  801.         public override ECFieldElement Divide(
    802. 

  802.             ECFieldElement b)
    803. 

  803.         {
    804. 

  804.             // There may be more efficient implementations
    805. 

  805.             ECFieldElement bInv = b.Invert();
    806. 

  806.             return Multiply(bInv);
    807. 

  807.         }
    808. 

  808. 

  809.         public override ECFieldElement Negate()
    810. 

  810.         {
    811. 

  811.             // -x == x holds for all x in F2m
    812. 

  812.             return this;
    813. 

  813.         }
    814. 

  814. 

  815.         public override ECFieldElement Square()
    816. 

  816.         {
    817. 

  817.             return new F2mFieldElement(m, ks, x.ModSquare(m, ks));
    818. 

  818.         }
    819. 

  819. 

  820.         public override ECFieldElement SquareMinusProduct(ECFieldElement x, ECFieldElement y)
    821. 

  821.         {
    822. 

  822.             return SquarePlusProduct(x, y);
    823. 

  823.         }
    824. 

  824. 

  825.         public override ECFieldElement SquarePlusProduct(ECFieldElement x, ECFieldElement y)
    826. 

  826.         {
    827. 

  827.             LongArray ax = this.x, xx = ((F2mFieldElement)x).x, yx = ((F2mFieldElement)y).x;
    828. 

  828. 

  829.             LongArray aa = ax.Square(m, ks);
    830. 

  830.             LongArray xy = xx.Multiply(yx, m, ks);
    831. 

  831. 

  832.             if (LongArray.AreAliased(ref aa, ref ax))
    833. 

  833.             {
    834. 

  834.                 aa = aa.Copy();
    835. 

  835.             }
    836. 

  836. 

  837.             aa.AddShiftedByWords(xy, 0);
    838. 

  838.             aa.Reduce(m, ks);
    839. 

  839. 

  840.             return new F2mFieldElement(m, ks, aa);
    841. 

  841.         }
    842. 

  842. 

  843.         public override ECFieldElement SquarePow(int pow)
    844. 

  844.         {
    845. 

  845.             return pow < 1 ? this : new F2mFieldElement(m, ks, x.ModSquareN(pow, m, ks));
    846. 

  846.         }
    847. 

  847. 

  848.         public override ECFieldElement Invert()
    849. 

  849.         {
    850. 

  850.             return new F2mFieldElement(this.m, this.ks, this.x.ModInverse(m, ks));
    851. 

  851.         }
    852. 

  852. 

  853.         public override ECFieldElement Sqrt()
    854. 

  854.         {
    855. 

  855.             return (x.IsZero() || x.IsOne()) ? this : SquarePow(m - 1);
    856. 

  856.         }
    857. 

  857. 

  858.         /**
    859. 

  859.             * @return the representation of the field
    860. 

  860.             * <code>F<sub>2<sup>m</sup></sub></code>, either of
    861. 

  861.             * {@link F2mFieldElement.Tpb} (trinomial
    862. 

  862.             * basis representation) or
    863. 

  863.             * {@link F2mFieldElement.Ppb} (pentanomial
    864. 

  864.             * basis representation).
    865. 

  865.             */
    866. 

  866.         public int Representation
    867. 

  867.         {
    868. 

  868.             get { return this.representation; }
    869. 

  869.         }
    870. 

  870. 

  871.         /**
    872. 

  872.             * @return the degree <code>m</code> of the reduction polynomial
    873. 

  873.             * <code>f(z)</code>.
    874. 

  874.             */
    875. 

  875.         public int M
    876. 

  876.         {
    877. 

  877.             get { return this.m; }
    878. 

  878.         }
    879. 

  879. 

  880.         /**
    881. 

  881.             * @return Tpb: The integer <code>k</code> where <code>x<sup>m</sup> +
    882. 

  882.             * x<sup>k</sup> + 1</code> represents the reduction polynomial
    883. 

  883.             * <code>f(z)</code>.<br/>
    884. 

  884.             * Ppb: The integer <code>k1</code> where <code>x<sup>m</sup> +
    885. 

  885.             * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
    886. 

  886.             * represents the reduction polynomial <code>f(z)</code>.<br/>
    887. 

  887.             */
    888. 

  888.         public int K1
    889. 

  889.         {
    890. 

  890.             get { return this.ks[0]; }
    891. 

  891.         }
    892. 

  892. 

  893.         /**
    894. 

  894.             * @return Tpb: Always returns <code>0</code><br/>
    895. 

  895.             * Ppb: The integer <code>k2</code> where <code>x<sup>m</sup> +
    896. 

  896.             * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
    897. 

  897.             * represents the reduction polynomial <code>f(z)</code>.<br/>
    898. 

  898.             */
    899. 

  899.         public int K2
    900. 

  900.         {
    901. 

  901.             get { return this.ks.Length >= 2 ? this.ks[1] : 0; }
    902. 

  902.         }
    903. 

  903. 

  904.         /**
    905. 

  905.             * @return Tpb: Always set to <code>0</code><br/>
    906. 

  906.             * Ppb: The integer <code>k3</code> where <code>x<sup>m</sup> +
    907. 

  907.             * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
    908. 

  908.             * represents the reduction polynomial <code>f(z)</code>.<br/>
    909. 

  909.             */
    910. 

  910.         public int K3
    911. 

  911.         {
    912. 

  912.             get { return this.ks.Length >= 3 ? this.ks[2] : 0; }
    913. 

  913.         }
    914. 

  914. 

  915.         public override bool Equals(
    916. 

  916.             object obj)
    917. 

  917.         {
    918. 

  918.             if (obj == this)
    919. 

  919.                 return true;
    920. 

  920. 

  921.             F2mFieldElement other = obj as F2mFieldElement;
    922. 

  922. 

  923.             if (other == null)
    924. 

  924.                 return false;
    925. 

  925. 

  926.             return Equals(other);
    927. 

  927.         }
    928. 

  928. 

  929.         public virtual bool Equals(
    930. 

  930.             F2mFieldElement other)
    931. 

  931.         {
    932. 

  932.             return ((this.m == other.m)
    933. 

  933.                 && (this.representation == other.representation)
    934. 

  934.                 && Arrays.AreEqual(this.ks, other.ks)
    935. 

  935.                 && (this.x.Equals(other.x)));
    936. 

  936.         }
    937. 

  937. 

  938.         public override int GetHashCode()
    939. 

  939.         {
    940. 

  940.             return x.GetHashCode() ^ m ^ Arrays.GetHashCode(ks);
    941. 

  941.         }
    942. 

  942.     }
    943. 

  943. }
    944. 

  944. #pragma warning restore
    945. 

  945. #endif
    946.