public static ECPoint DecodePoint(ECCurve curve, byte[] bytes)
{
/*byte[] bp_enc=new byte[bytes.length+1];
* if (0==(bytes[bytes.length-1]&0x1))
* bp_enc[0]=0x02;
* else
* bp_enc[0]=0x03;
* System.arraycopy(bytes, 0, bp_enc, 1, bytes.length);
* if (!trace(curve.fromBigInteger(new BigInteger(1, bytes))).equals(curve.getA().toBigInteger()))
* bp_enc[bp_enc.length-1]^=0x01;
*
* return curve.decodePoint(bp_enc);*/
ECFieldElement k = curve.FromBigInteger(BigInteger.ValueOf(bytes[bytes.Length - 1] & 0x1));
ECFieldElement xp = curve.FromBigInteger(new BigInteger(1, bytes));
if (!Trace(xp).Equals(curve.A))
{
xp = xp.AddOne();
}
ECFieldElement yp = null;
if (xp.IsZero)
{
yp = curve.B.Sqrt();
}
else
{
ECFieldElement beta = xp.Square().Invert().Multiply(curve.B).Add(curve.A).Add(xp);
ECFieldElement z = SolveQuadraticEquation(curve, beta);
if (z != null)
{
if (!Trace(z).Equals(k))
{
z = z.AddOne();
}
yp = xp.Multiply(z);
}
}
if (yp == null)
{
throw new ArgumentException("Invalid point compression");
}
return(curve.ValidatePoint(xp.ToBigInteger(), yp.ToBigInteger()));
}
public override ECFieldElement SquarePlusProduct(ECFieldElement x, ECFieldElement y)
{
BigInteger bigInteger = this.x;
BigInteger bigInteger2 = x.ToBigInteger();
BigInteger val = y.ToBigInteger();
BigInteger bigInteger3 = bigInteger.Multiply(bigInteger);
BigInteger value = bigInteger2.Multiply(val);
BigInteger bigInteger4 = bigInteger3.Add(value);
if (r != null && r.SignValue < 0 && bigInteger4.BitLength > q.BitLength << 1)
{
bigInteger4 = bigInteger4.Subtract(q.ShiftLeft(q.BitLength));
}
return(new FpFieldElement(q, r, ModReduce(bigInteger4)));
}
public void TestSquare()
{
int COUNT = 1000;
for (int i = 0; i < COUNT; ++i)
{
ECFieldElement x = GenerateMultiplyInput_Random();
BigInteger X = x.ToBigInteger();
BigInteger R = X.Multiply(X).Mod(Q);
ECFieldElement z = x.Square();
BigInteger Z = z.ToBigInteger();
Assert.AreEqual(R, Z);
}
}
public void TestMultiply_OpenSSLBug()
{
int COUNT = 100;
for (int i = 0; i < COUNT; ++i)
{
ECFieldElement x = GenerateMultiplyInputA_OpenSSLBug();
ECFieldElement y = GenerateMultiplyInputB_OpenSSLBug();
BigInteger X = x.ToBigInteger(), Y = y.ToBigInteger();
BigInteger R = X.Multiply(Y).Mod(Q);
ECFieldElement z = x.Multiply(y);
BigInteger Z = z.ToBigInteger();
Assert.AreEqual(R, Z);
}
}
private void ImplValidityTest(ECCurve c, ECPoint g)
{
Assert.IsTrue(g.IsValid());
if (ECAlgorithms.IsF2mCurve(c))
{
BigInteger h = c.Cofactor;
if (null != h)
{
if (!h.TestBit(0))
{
ECFieldElement sqrtB = c.B.Sqrt();
ECPoint order2 = c.CreatePoint(BigInteger.Zero, sqrtB.ToBigInteger());
Assert.IsTrue(order2.Twice().IsInfinity);
Assert.IsFalse(order2.IsValid());
ECPoint bad2 = g.Add(order2);
Assert.IsFalse(bad2.IsValid());
ECPoint good2 = bad2.Add(order2);
Assert.IsTrue(good2.IsValid());
if (!h.TestBit(1))
{
ECFieldElement L = SolveQuadraticEquation(c, c.A);
Assert.IsNotNull(L);
ECFieldElement T = sqrtB;
ECFieldElement x = T.Sqrt();
ECFieldElement y = T.Add(x.Multiply(L));
ECPoint order4 = c.CreatePoint(x.ToBigInteger(), y.ToBigInteger());
Assert.IsTrue(order4.Twice().Equals(order2));
Assert.IsFalse(order4.IsValid());
ECPoint bad4_1 = g.Add(order4);
Assert.IsFalse(bad4_1.IsValid());
ECPoint bad4_2 = bad4_1.Add(order4);
Assert.IsFalse(bad4_2.IsValid());
ECPoint bad4_3 = bad4_2.Add(order4);
Assert.IsFalse(bad4_3.IsValid());
ECPoint good4 = bad4_3.Add(order4);
Assert.IsTrue(good4.IsValid());
}
}
}
}
}
public override ECFieldElement Subtract(ECFieldElement b)
{
return(new FpFieldElement(q, r, ModSubtract(x, b.ToBigInteger())));
}
public override ECFieldElement Add(ECFieldElement b)
{
return(new FpFieldElement(q, r, ModAdd(x, b.ToBigInteger())));
}
public override ECFieldElement Divide(ECFieldElement b)
{
return(new FpFieldElement(q, r, ModMult(x, ModInverse(b.ToBigInteger()))));
}
public override ECFieldElement Subtract(ECFieldElement b)
{
return new FpFieldElement(q, x.Subtract(b.ToBigInteger()).Mod(q));
}
public override ECFieldElement Subtract(ECFieldElement b)
{
return(new FpFieldElement(q, x.Subtract(b.ToBigInteger()).Mod(q)));
}
public override ECFieldElement Add(ECFieldElement b)
{
return new FpFieldElement(q, x.Add(b.ToBigInteger()).Mod(q));
}
protected bool Equals(ECFieldElement other)
{
return(ToBigInteger().Equals(other.ToBigInteger()));
}
internal void PrintPointCoordinate(string varLabel, string varType, string varNamespace, ECFieldElement coordinate, string coordinateLabel)
{
writer.WriteLine(String.Format(CodeCSharpVariablePrefix, varLabel + coordinateLabel));
WriteSplitHexString(coordinate.ToBigInteger().ToString(16));
writer.WriteLine(CodeVariableSuffix);
}
private BigInteger FieldElement2Integer(BigInteger modulus, ECFieldElement fieldElement)
{
return(Truncate(fieldElement.ToBigInteger(), modulus.BitLength - 1));
}
public override ECFieldElement Divide(ECFieldElement b)
{
return(new FpFieldElement(q, x.Multiply(b.ToBigInteger().ModInverse(q)).Mod(q)));
}
public override ECFieldElement Multiply(ECFieldElement b)
{
return(new FpFieldElement(q, r, ModMult(x, b.ToBigInteger())));
}
// Returns G = k^(-1)Q. Here k^(-1) is the multiplicative inverse mod #E(F_q).
private static ECPoint CreateGenerator(ECPublicKeyParameters parameters, ECFieldElement privateKey)
{
var privateKeyInverse = privateKey.ToBigInteger().ModInverse(parameters.Parameters.Curve.Order);
return(parameters.Q.Multiply(privateKeyInverse).Normalize());
}
public override ECFieldElement Multiply(ECFieldElement b)
{
return new FpFieldElement(q, x.Multiply(b.ToBigInteger()).Mod(q));
}
protected bool Equals(ECFieldElement other)
{
return ToBigInteger().Equals(other.ToBigInteger());
}
public override ECFieldElement Add(ECFieldElement b)
{
return(new FpFieldElement(q, x.Add(b.ToBigInteger()).Mod(q)));
}
