public F2mCurve(int m, int k1, int k2, int k3, BigInteger a, BigInteger b, BigInteger order, BigInteger cofactor)
: base(m, k1, k2, k3)
{
//IL_004e: Unknown result type (might be due to invalid IL or missing references)
//IL_0060: Unknown result type (might be due to invalid IL or missing references)
//IL_006f: Unknown result type (might be due to invalid IL or missing references)
//IL_007f: Unknown result type (might be due to invalid IL or missing references)
this.m = m;
this.k1 = k1;
this.k2 = k2;
this.k3 = k3;
m_order = order;
m_cofactor = cofactor;
m_infinity = new F2mPoint(this, null, null);
if (k1 == 0)
{
throw new ArgumentException("k1 must be > 0");
}
if (k2 == 0)
{
if (k3 != 0)
{
throw new ArgumentException("k3 must be 0 if k2 == 0");
}
}
else
{
if (k2 <= k1)
{
throw new ArgumentException("k2 must be > k1");
}
if (k3 <= k2)
{
throw new ArgumentException("k3 must be > k2");
}
}
m_a = FromBigInteger(a);
m_b = FromBigInteger(b);
m_coord = 6;
}
/**
* Constructor for Pentanomial Polynomial Basis (PPB).
* @param m The exponent <code>m</code> of
* <code>F<sub>2<sup>m</sup></sub></code>.
* @param k1 The integer <code>k1</code> where <code>x<sup>m</sup> +
* x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
* represents the reduction polynomial <code>f(z)</code>.
* @param k2 The integer <code>k2</code> where <code>x<sup>m</sup> +
* x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
* represents the reduction polynomial <code>f(z)</code>.
* @param k3 The integer <code>k3</code> where <code>x<sup>m</sup> +
* x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
* represents the reduction polynomial <code>f(z)</code>.
* @param a The coefficient <code>a</code> in the Weierstrass equation
* for non-supersingular elliptic curves over
* <code>F<sub>2<sup>m</sup></sub></code>.
* @param b The coefficient <code>b</code> in the Weierstrass equation
* for non-supersingular elliptic curves over
* <code>F<sub>2<sup>m</sup></sub></code>.
* @param n The order of the main subgroup of the elliptic curve.
* @param h The cofactor of the elliptic curve, i.e.
* <code>#E<sub>a</sub>(F<sub>2<sup>m</sup></sub>) = h * n</code>.
*/
public F2mCurve(
int m,
int k1,
int k2,
int k3,
BigInteger a,
BigInteger b,
BigInteger n,
BigInteger h)
{
this.m = m;
this.k1 = k1;
this.k2 = k2;
this.k3 = k3;
this.n = n;
this.h = h;
this.infinity = new F2mPoint(this, null, null);
if (k1 == 0)
throw new ArgumentException("k1 must be > 0");
if (k2 == 0)
{
if (k3 != 0)
throw new ArgumentException("k3 must be 0 if k2 == 0");
}
else
{
if (k2 <= k1)
throw new ArgumentException("k2 must be > k1");
if (k3 <= k2)
throw new ArgumentException("k3 must be > k2");
}
this.a = FromBigInteger(a);
this.b = FromBigInteger(b);
}
internal F2mPoint AddSimple(F2mPoint b)
{
if (this.IsInfinity)
{
return(b);
}
if (b.IsInfinity)
{
return(this);
}
F2mFieldElement x2 = (F2mFieldElement)b.X;
F2mFieldElement y2 = (F2mFieldElement)b.Y;
if (this.x.Equals(x2))
{
if (this.y.Equals(y2))
{
return((F2mPoint)this.Twice());
}
return((F2mPoint)this.curve.Infinity);
}
ECFieldElement xSum = this.x.Add(x2);
F2mFieldElement lambda
= (F2mFieldElement)(this.y.Add(y2)).Divide(xSum);
F2mFieldElement x3
= (F2mFieldElement)lambda.Square().Add(lambda).Add(xSum).Add(this.curve.A);
F2mFieldElement y3
= (F2mFieldElement)lambda.Multiply(this.x.Add(x3)).Add(x3).Add(this.y);
return(new F2mPoint(curve, x3, y3, withCompression));
}
public F2mCurve(int m, int k1, int k2, int k3, BigInteger a, BigInteger b, BigInteger order, BigInteger cofactor)
: base(m, k1, k2, k3)
{
this.m = m;
this.k1 = k1;
this.k2 = k2;
this.k3 = k3;
m_order = order;
m_cofactor = cofactor;
m_infinity = new F2mPoint(this, null, null);
if (k1 == 0)
{
throw new ArgumentException("k1 must be > 0");
}
if (k2 == 0)
{
if (k3 != 0)
{
throw new ArgumentException("k3 must be 0 if k2 == 0");
}
}
else
{
if (k2 <= k1)
{
throw new ArgumentException("k2 must be > k1");
}
if (k3 <= k2)
{
throw new ArgumentException("k3 must be > k2");
}
}
m_a = FromBigInteger(a);
m_b = FromBigInteger(b);
m_coord = 6;
}
/**
* Constructor for Pentanomial Polynomial Basis (PPB).
* @param m The exponent <code>m</code> of
* <code>F<sub>2<sup>m</sup></sub></code>.
* @param k1 The integer <code>k1</code> where <code>x<sup>m</sup> +
* x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
* represents the reduction polynomial <code>f(z)</code>.
* @param k2 The integer <code>k2</code> where <code>x<sup>m</sup> +
* x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
* represents the reduction polynomial <code>f(z)</code>.
* @param k3 The integer <code>k3</code> where <code>x<sup>m</sup> +
* x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
* represents the reduction polynomial <code>f(z)</code>.
* @param a The coefficient <code>a</code> in the Weierstrass equation
* for non-supersingular elliptic curves over
* <code>F<sub>2<sup>m</sup></sub></code>.
* @param b The coefficient <code>b</code> in the Weierstrass equation
* for non-supersingular elliptic curves over
* <code>F<sub>2<sup>m</sup></sub></code>.
*/
public F2mCurve(
int m,
int k1,
int k2,
int k3,
BigInteger a,
BigInteger b)
{
this.m = m;
this.k1 = k1;
this.k2 = k2;
this.k3 = k3;
this.infinity = new F2mPoint(this, null, null);
if (k1 == 0)
throw new ArgumentException("k1 must be > 0");
if (k2 == 0)
{
if (k3 != 0)
throw new ArgumentException("k3 must be 0 if k2 == 0");
}
else
{
if (k2 <= k1)
throw new ArgumentException("k2 must be > k1");
if (k3 <= k2)
throw new ArgumentException("k3 must be > k2");
}
this.a = FromBigInteger(a);
this.b = FromBigInteger(b);
}
/* (non-Javadoc)
* @see Org.BouncyCastle.Math.EC.ECCurve#decodePoint(byte[])
*/
public override ECPoint DecodePoint(byte[] encoded)
{
ECPoint p = null;
switch (encoded[0])
{
// compressed
case 0x02:
case 0x03:
byte[] enc = new byte[encoded.Length - 1];
Array.Copy(encoded, 1, enc, 0, enc.Length);
if (encoded[0] == 0x02)
{
p = decompressPoint(enc, 0);
}
else
{
p = decompressPoint(enc, 1);
}
break;
case 0x04:
byte[] xEnc = new byte[(encoded.Length - 1) / 2];
byte[] yEnc = new byte[(encoded.Length - 1) / 2];
Array.Copy(encoded, 1, xEnc, 0, xEnc.Length);
Array.Copy(encoded, xEnc.Length + 1, yEnc, 0, yEnc.Length);
p = new F2mPoint(this,
new F2mFieldElement(this.m, this.k1, this.k2, this.k3,
new BigInteger(1, xEnc)),
new F2mFieldElement(this.m, this.k1, this.k2, this.k3,
new BigInteger(1, yEnc)), false);
break;
default:
throw new FormatException("Invalid point encoding " + encoded[0]);
}
return p;
}
public static AsymmetricKeyParameter CreateKey(
SubjectPublicKeyInfo keyInfo)
{
AlgorithmIdentifier algID = keyInfo.AlgorithmID;
if (algID.ObjectID.Equals(PkcsObjectIdentifiers.RsaEncryption)
|| algID.ObjectID.Equals(X509ObjectIdentifiers.IdEARsa))
{
RsaPublicKeyStructure pubKey = RsaPublicKeyStructure.GetInstance(keyInfo.GetPublicKey());
return new RsaKeyParameters(false, pubKey.Modulus, pubKey.PublicExponent);
}
else if (algID.ObjectID.Equals(PkcsObjectIdentifiers.DhKeyAgreement)
|| algID.ObjectID.Equals(X9ObjectIdentifiers.DHPublicNumber))
{
DHParameter para = new DHParameter((Asn1Sequence)keyInfo.AlgorithmID.Parameters);
DerInteger derY = (DerInteger)keyInfo.GetPublicKey();
return new DHPublicKeyParameters(derY.Value, new DHParameters(para.P, para.G));
}
else if (algID.ObjectID.Equals(OiwObjectIdentifiers.ElGamalAlgorithm))
{
ElGamalParameter para = new ElGamalParameter((Asn1Sequence)keyInfo.AlgorithmID.Parameters);
DerInteger derY = (DerInteger)keyInfo.GetPublicKey();
return new ElGamalPublicKeyParameters(derY.Value, new ElGamalParameters(para.P, para.G));
}
else if (algID.ObjectID.Equals(X9ObjectIdentifiers.IdDsa)
|| algID.ObjectID.Equals(OiwObjectIdentifiers.DsaWithSha1))
{
DsaParameter para = DsaParameter.GetInstance(keyInfo.AlgorithmID.Parameters);
DerInteger derY = (DerInteger)keyInfo.GetPublicKey();
return new DsaPublicKeyParameters(derY.Value, new DsaParameters(para.P, para.Q, para.G));
}
else if (algID.ObjectID.Equals(X9ObjectIdentifiers.IdECPublicKey))
{
X962Parameters para = new X962Parameters((Asn1Object)keyInfo.AlgorithmID.Parameters);
ECDomainParameters dParams = null;
if (para.IsNamedCurve)
{
DerObjectIdentifier oid = (DerObjectIdentifier)para.Parameters;
X9ECParameters ecP = X962NamedCurves.GetByOid(oid);
if (ecP == null)
{
ecP = SecNamedCurves.GetByOid(oid);
if (ecP == null)
{
ecP = NistNamedCurves.GetByOid(oid);
}
}
dParams = new ECDomainParameters(
ecP.Curve,
ecP.G,
ecP.N,
ecP.H,
ecP.GetSeed());
}
else
{
X9ECParameters ecP = new X9ECParameters((Asn1Sequence)para.Parameters.ToAsn1Object());
dParams = new ECDomainParameters(
ecP.Curve,
ecP.G,
ecP.N,
ecP.H,
ecP.GetSeed());
}
DerBitString bits = keyInfo.PublicKeyData;
byte[] data = bits.GetBytes();
Asn1OctetString key = new DerOctetString(data);
X9ECPoint derQ = new X9ECPoint(dParams.Curve, key);
return new ECPublicKeyParameters(derQ.Point, dParams);
}
else if (algID.ObjectID.Equals(CryptoProObjectIdentifiers.GostR3410x2001))
{
Gost3410PublicKeyAlgParameters gostParams = new Gost3410PublicKeyAlgParameters(
(Asn1Sequence) algID.Parameters);
Asn1OctetString key;
try
{
key = (Asn1OctetString) keyInfo.GetPublicKey();
}
catch (IOException)
{
throw new ArgumentException("invalid info structure in GOST3410 public key");
}
byte[] keyEnc = key.GetOctets();
byte[] x = new byte[32];
byte[] y = new byte[32];
for (int i = 0; i != y.Length; i++)
{
x[i] = keyEnc[32 - 1 - i];
}
for (int i = 0; i != x.Length; i++)
{
y[i] = keyEnc[64 - 1 - i];
}
ECDomainParameters ecP = ECGost3410NamedCurves.GetByOid(gostParams.PublicKeyParamSet);
if (ecP == null)
return null;
ECCurve curve = ecP.Curve;
ECPoint q;
if (curve is FpCurve)
{
FpCurve curveFp = (FpCurve) curve;
q = new FpPoint(
curveFp,
new FpFieldElement(curveFp.Q, new BigInteger(1, x)),
new FpFieldElement(curveFp.Q, new BigInteger(1, y)));
}
else
{
F2mCurve curveF2m = (F2mCurve) curve;
q = new F2mPoint(
curveF2m,
new F2mFieldElement(curveF2m.M, curveF2m.K1, curveF2m.K2, curveF2m.K3, new BigInteger(1, x)),
new F2mFieldElement(curveF2m.M, curveF2m.K1, curveF2m.K2, curveF2m.K3, new BigInteger(1, y)),
false);
}
return new ECPublicKeyParameters(q, gostParams.PublicKeyParamSet);
}
else if (algID.ObjectID.Equals(CryptoProObjectIdentifiers.GostR3410x94))
{
Gost3410PublicKeyAlgParameters algParams = new Gost3410PublicKeyAlgParameters(
(Asn1Sequence) algID.Parameters);
DerOctetString derY;
try
{
derY = (DerOctetString) keyInfo.GetPublicKey();
}
catch (IOException)
{
throw new ArgumentException("invalid info structure in GOST3410 public key");
}
byte[] keyEnc = derY.GetOctets();
byte[] keyBytes = new byte[keyEnc.Length];
for (int i = 0; i != keyEnc.Length; i++)
{
keyBytes[i] = keyEnc[keyEnc.Length - 1 - i]; // was little endian
}
BigInteger y = new BigInteger(1, keyBytes);
return new Gost3410PublicKeyParameters(y, algParams.PublicKeyParamSet);
}
else
{
throw new SecurityUtilityException("algorithm identifier in key not recognised: " + algID.ObjectID);
}
}
protected override X9ECParameters CreateParameters()
{
// a = 1
BigInteger sect163r2a = BigInteger.One;
// b = 20a601907b8c953ca1481eb10512f78744a3205fd
BigInteger sect163r2b = new BigInteger("20a601907b8c953ca1481eb10512f78744a3205fd", 16);
ECCurve sect163r2Curve = new F2mCurve(sect163r2m, sect163r2k1, sect163r2k2, sect163r2k3, sect163r2a, sect163r2b);
// x = 3f0eba16286a2d57ea0991168d4994637e8343e36
ECFieldElement sect163r2x = new F2mFieldElement(
sect163r2m, sect163r2k1, sect163r2k2, sect163r2k3,
new BigInteger("3f0eba16286a2d57ea0991168d4994637e8343e36", 16));
// y = 0d51fbc6c71a0094fa2cdd545b11c5c0c797324f1
ECFieldElement sect163r2y = new F2mFieldElement(
sect163r2m, sect163r2k1, sect163r2k2, sect163r2k3,
new BigInteger("0d51fbc6c71a0094fa2cdd545b11c5c0c797324f1", 16));
ECPoint sect163r2BasePoint = new F2mPoint(
sect163r2Curve, sect163r2x, sect163r2y, false);
BigInteger sect163r2n = new BigInteger("5846006549323611672814742442876390689256843201587");
BigInteger sect163r2h = BigInteger.Two;
byte[] sect163r2Seed = null;
return new X9ECParameters(
sect163r2Curve,
sect163r2BasePoint,
sect163r2n,
sect163r2h,
sect163r2Seed);
}
/**
* Test encoding with and without point compression.
*
* @param p
* The point to be encoded and decoded.
*/
private void implTestEncoding(ECPoint p)
{
// Not Point Compression
ECPoint unCompP;
// Point compression
ECPoint compP;
if (p is FpPoint)
{
unCompP = new FpPoint(p.Curve, p.X, p.Y, false);
compP = new FpPoint(p.Curve, p.X, p.Y, true);
}
else
{
unCompP = new F2mPoint(p.Curve, p.X, p.Y, false);
compP = new F2mPoint(p.Curve, p.X, p.Y, true);
}
byte[] unCompBarr = unCompP.GetEncoded();
ECPoint decUnComp = p.Curve.DecodePoint(unCompBarr);
Assert.AreEqual(p, decUnComp, "Error decoding uncompressed point");
byte[] compBarr = compP.GetEncoded();
ECPoint decComp = p.Curve.DecodePoint(compBarr);
Assert.AreEqual(p, decComp, "Error decoding compressed point");
}
/**
* Creates the points on the curve with literature values.
*/
internal static void createPoints()
{
for (int i = 0; i < pointSource.Length / 2; i++)
{
F2mFieldElement x = new F2mFieldElement(m, k1,
new BigInteger(pointSource[2 * i], 16));
F2mFieldElement y = new F2mFieldElement(m, k1,
new BigInteger(pointSource[2 * i + 1], 16));
p[i] = new F2mPoint(curve, x, y);
}
}
/**
* Adds another <code>ECPoints.F2m</code> to <code>this</code> without
* checking if both points are on the same curve. Used by multiplication
* algorithms, because there all points are a multiple of the same point
* and hence the checks can be omitted.
* @param b The other <code>ECPoints.F2m</code> to add to
* <code>this</code>.
* @return <code>this + b</code>
*/
internal F2mPoint AddSimple(F2mPoint b)
{
if (this.IsInfinity)
return b;
if (b.IsInfinity)
return this;
ECCurve curve = this.Curve;
int coord = curve.CoordinateSystem;
ECFieldElement X1 = this.RawXCoord;
ECFieldElement X2 = b.RawXCoord;
switch (coord)
{
case ECCurve.COORD_AFFINE:
{
ECFieldElement Y1 = this.RawYCoord;
ECFieldElement Y2 = b.RawYCoord;
ECFieldElement dx = X1.Add(X2), dy = Y1.Add(Y2);
if (dx.IsZero)
{
if (dy.IsZero)
{
return (F2mPoint)Twice();
}
return (F2mPoint)curve.Infinity;
}
ECFieldElement L = dy.Divide(dx);
ECFieldElement X3 = L.Square().Add(L).Add(dx).Add(curve.A);
ECFieldElement Y3 = L.Multiply(X1.Add(X3)).Add(X3).Add(Y1);
return new F2mPoint(curve, X3, Y3, IsCompressed);
}
case ECCurve.COORD_HOMOGENEOUS:
{
ECFieldElement Y1 = this.RawYCoord, Z1 = this.RawZCoords[0];
ECFieldElement Y2 = b.RawYCoord, Z2 = b.RawZCoords[0];
bool Z1IsOne = Z1.IsOne;
ECFieldElement U1 = Y2, V1 = X2;
if (!Z1IsOne)
{
U1 = U1.Multiply(Z1);
V1 = V1.Multiply(Z1);
}
bool Z2IsOne = Z2.IsOne;
ECFieldElement U2 = Y1, V2 = X1;
if (!Z2IsOne)
{
U2 = U2.Multiply(Z2);
V2 = V2.Multiply(Z2);
}
ECFieldElement U = U1.Add(U2);
ECFieldElement V = V1.Add(V2);
if (V.IsZero)
{
if (U.IsZero)
{
return (F2mPoint)Twice();
}
return (F2mPoint)curve.Infinity;
}
ECFieldElement VSq = V.Square();
ECFieldElement VCu = VSq.Multiply(V);
ECFieldElement W = Z1IsOne ? Z2 : Z2IsOne ? Z1 : Z1.Multiply(Z2);
ECFieldElement uv = U.Add(V);
ECFieldElement A = uv.MultiplyPlusProduct(U, VSq, curve.A).Multiply(W).Add(VCu);
ECFieldElement X3 = V.Multiply(A);
ECFieldElement VSqZ2 = Z2IsOne ? VSq : VSq.Multiply(Z2);
ECFieldElement Y3 = U.MultiplyPlusProduct(X1, V, Y1).MultiplyPlusProduct(VSqZ2, uv, A);
ECFieldElement Z3 = VCu.Multiply(W);
return new F2mPoint(curve, X3, Y3, new ECFieldElement[] { Z3 }, IsCompressed);
}
case ECCurve.COORD_LAMBDA_PROJECTIVE:
{
if (X1.IsZero)
{
if (X2.IsZero)
return (F2mPoint)curve.Infinity;
return b.AddSimple(this);
}
ECFieldElement L1 = this.RawYCoord, Z1 = this.RawZCoords[0];
ECFieldElement L2 = b.RawYCoord, Z2 = b.RawZCoords[0];
bool Z1IsOne = Z1.IsOne;
ECFieldElement U2 = X2, S2 = L2;
if (!Z1IsOne)
{
U2 = U2.Multiply(Z1);
S2 = S2.Multiply(Z1);
}
bool Z2IsOne = Z2.IsOne;
ECFieldElement U1 = X1, S1 = L1;
if (!Z2IsOne)
{
U1 = U1.Multiply(Z2);
S1 = S1.Multiply(Z2);
}
ECFieldElement A = S1.Add(S2);
ECFieldElement B = U1.Add(U2);
if (B.IsZero)
{
if (A.IsZero)
{
return (F2mPoint)Twice();
}
return (F2mPoint)curve.Infinity;
}
ECFieldElement X3, L3, Z3;
if (X2.IsZero)
{
// TODO This can probably be optimized quite a bit
ECPoint p = this.Normalize();
X1 = p.RawXCoord;
ECFieldElement Y1 = p.YCoord;
ECFieldElement Y2 = L2;
ECFieldElement L = Y1.Add(Y2).Divide(X1);
X3 = L.Square().Add(L).Add(X1).Add(curve.A);
if (X3.IsZero)
{
return new F2mPoint(curve, X3, curve.B.Sqrt(), IsCompressed);
}
ECFieldElement Y3 = L.Multiply(X1.Add(X3)).Add(X3).Add(Y1);
L3 = Y3.Divide(X3).Add(X3);
Z3 = curve.FromBigInteger(BigInteger.One);
}
else
{
B = B.Square();
ECFieldElement AU1 = A.Multiply(U1);
ECFieldElement AU2 = A.Multiply(U2);
X3 = AU1.Multiply(AU2);
if (X3.IsZero)
{
return new F2mPoint(curve, X3, curve.B.Sqrt(), IsCompressed);
}
ECFieldElement ABZ2 = A.Multiply(B);
if (!Z2IsOne)
{
ABZ2 = ABZ2.Multiply(Z2);
}
L3 = AU2.Add(B).SquarePlusProduct(ABZ2, L1.Add(Z1));
Z3 = ABZ2;
if (!Z1IsOne)
{
Z3 = Z3.Multiply(Z1);
}
}
return new F2mPoint(curve, X3, L3, new ECFieldElement[] { Z3 }, IsCompressed);
}
default:
{
throw new InvalidOperationException("unsupported coordinate system");
}
}
}
/**
* Adds another <code>ECPoints.F2m</code> to <code>this</code> without
* checking if both points are on the same curve. Used by multiplication
* algorithms, because there all points are a multiple of the same point
* and hence the checks can be omitted.
* @param b The other <code>ECPoints.F2m</code> to add to
* <code>this</code>.
* @return <code>this + b</code>
*/
internal F2mPoint AddSimple(F2mPoint b)
{
if (this.IsInfinity)
return b;
if (b.IsInfinity)
return this;
F2mFieldElement x2 = (F2mFieldElement) b.X;
F2mFieldElement y2 = (F2mFieldElement) b.Y;
// Check if b == this or b == -this
if (this.x.Equals(x2))
{
// this == b, i.e. this must be doubled
if (this.y.Equals(y2))
return (F2mPoint) this.Twice();
// this = -other, i.e. the result is the point at infinity
return (F2mPoint) this.curve.Infinity;
}
ECFieldElement xSum = this.x.Add(x2);
F2mFieldElement lambda
= (F2mFieldElement)(this.y.Add(y2)).Divide(xSum);
F2mFieldElement x3
= (F2mFieldElement)lambda.Square().Add(lambda).Add(xSum).Add(this.curve.A);
F2mFieldElement y3
= (F2mFieldElement)lambda.Multiply(this.x.Add(x3)).Add(x3).Add(this.y);
return new F2mPoint(curve, x3, y3, withCompression);
}
/**
* Constructor for Pentanomial Polynomial Basis (PPB).
* @param m The exponent <code>m</code> of
* <code>F<sub>2<sup>m</sup></sub></code>.
* @param k1 The integer <code>k1</code> where <code>x<sup>m</sup> +
* x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
* represents the reduction polynomial <code>f(z)</code>.
* @param k2 The integer <code>k2</code> where <code>x<sup>m</sup> +
* x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
* represents the reduction polynomial <code>f(z)</code>.
* @param k3 The integer <code>k3</code> where <code>x<sup>m</sup> +
* x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
* represents the reduction polynomial <code>f(z)</code>.
* @param a The coefficient <code>a</code> in the Weierstrass equation
* for non-supersingular elliptic curves over
* <code>F<sub>2<sup>m</sup></sub></code>.
* @param b The coefficient <code>b</code> in the Weierstrass equation
* for non-supersingular elliptic curves over
* <code>F<sub>2<sup>m</sup></sub></code>.
* @param order The order of the main subgroup of the elliptic curve.
* @param cofactor The cofactor of the elliptic curve, i.e.
* <code>#E<sub>a</sub>(F<sub>2<sup>m</sup></sub>) = h * n</code>.
*/
public F2mCurve(
int m,
int k1,
int k2,
int k3,
BigInteger a,
BigInteger b,
BigInteger order,
BigInteger cofactor)
: base(m, k1, k2, k3)
{
this.m = m;
this.k1 = k1;
this.k2 = k2;
this.k3 = k3;
this.m_order = order;
this.m_cofactor = cofactor;
this.m_infinity = new F2mPoint(this, null, null);
if (k1 == 0)
throw new ArgumentException("k1 must be > 0");
if (k2 == 0)
{
if (k3 != 0)
throw new ArgumentException("k3 must be 0 if k2 == 0");
}
else
{
if (k2 <= k1)
throw new ArgumentException("k2 must be > k1");
if (k3 <= k2)
throw new ArgumentException("k3 must be > k2");
}
this.m_a = FromBigInteger(a);
this.m_b = FromBigInteger(b);
this.m_coord = F2M_DEFAULT_COORDS;
}
protected override X9ECParameters CreateParameters()
{
// a = 1
BigInteger sect571r1a = BigInteger.One;
// b = 2f40e7e2221f295de297117b7f3d62f5c6a97ffcb8ceff1cd6ba8ce4a9a18ad84ffabbd8efa59332be7ad6756a66e294afd185a78ff12aa520e4de739baca0c7ffeff7f2955727a
BigInteger sect571r1b = new BigInteger("2f40e7e2221f295de297117b7f3d62f5c6a97ffcb8ceff1cd6ba8ce4a9a18ad84ffabbd8efa59332be7ad6756a66e294afd185a78ff12aa520e4de739baca0c7ffeff7f2955727a", 16);
ECCurve sect571r1Curve = new F2mCurve(sect571r1m, sect571r1k1, sect571r1k2, sect571r1k3, sect571r1a, sect571r1b);
// x = 303001d34b856296c16c0d40d3cd7750a93d1d2955fa80aa5f40fc8db7b2abdbde53950f4c0d293cdd711a35b67fb1499ae60038614f1394abfa3b4c850d927e1e7769c8eec2d19
ECFieldElement sect571r1x = new F2mFieldElement(
sect571r1m, sect571r1k1, sect571r1k2, sect571r1k3,
new BigInteger("303001d34b856296c16c0d40d3cd7750a93d1d2955fa80aa5f40fc8db7b2abdbde53950f4c0d293cdd711a35b67fb1499ae60038614f1394abfa3b4c850d927e1e7769c8eec2d19", 16));
// y = 37bf27342da639b6dccfffeb73d69d78c6c27a6009cbbca1980f8533921e8a684423e43bab08a576291af8f461bb2a8b3531d2f0485c19b16e2f1516e23dd3c1a4827af1b8ac15b
ECFieldElement sect571r1y = new F2mFieldElement(
sect571r1m, sect571r1k1, sect571r1k2, sect571r1k3,
new BigInteger("37bf27342da639b6dccfffeb73d69d78c6c27a6009cbbca1980f8533921e8a684423e43bab08a576291af8f461bb2a8b3531d2f0485c19b16e2f1516e23dd3c1a4827af1b8ac15b", 16));
ECPoint sect571r1BasePoint = new F2mPoint(
sect571r1Curve, sect571r1x, sect571r1y, false);
BigInteger sect571r1n = new BigInteger("3864537523017258344695351890931987344298927329706434998657235251451519142289560424536143999389415773083133881121926944486246872462816813070234528288303332411393191105285703");
BigInteger sect571r1h = BigInteger.Two;
byte[] sect571r1Seed = null;
return new X9ECParameters(
sect571r1Curve,
sect571r1BasePoint,
sect571r1n,
sect571r1h,
sect571r1Seed);
}
protected override X9ECParameters CreateParameters()
{
// a = 1
BigInteger sect409r1a = BigInteger.One;
// b = 21a5c2c8ee9feb5c4b9a753b7b476b7fd6422ef1f3dd674761fa99d6ac27c8a9a197b272822f6cd57a55aa4f50ae317b13545f
BigInteger sect409r1b = new BigInteger("21a5c2c8ee9feb5c4b9a753b7b476b7fd6422ef1f3dd674761fa99d6ac27c8a9a197b272822f6cd57a55aa4f50ae317b13545f", 16);
ECCurve sect409r1Curve = new F2mCurve(sect409r1m, sect409r1k1, sect409r1k2, sect409r1k3, sect409r1a, sect409r1b);
// x = 15d4860d088ddb3496b0c6064756260441cde4af1771d4db01ffe5b34e59703dc255a868a1180515603aeab60794e54bb7996a7
ECFieldElement sect409r1x = new F2mFieldElement(
sect409r1m, sect409r1k1, sect409r1k2, sect409r1k3,
new BigInteger("15d4860d088ddb3496b0c6064756260441cde4af1771d4db01ffe5b34e59703dc255a868a1180515603aeab60794e54bb7996a7", 16));
// y = 61b1cfab6be5f32bbfa78324ed106a7636b9c5a7bd198d0158aa4f5488d08f38514f1fdf4b4f40d2181b3681c364ba0273c706
ECFieldElement sect409r1y = new F2mFieldElement(
sect409r1m, sect409r1k1, sect409r1k2, sect409r1k3,
new BigInteger("61b1cfab6be5f32bbfa78324ed106a7636b9c5a7bd198d0158aa4f5488d08f38514f1fdf4b4f40d2181b3681c364ba0273c706", 16));
ECPoint sect409r1BasePoint = new F2mPoint(
sect409r1Curve, sect409r1x, sect409r1y, false);
BigInteger sect409r1n = new BigInteger("661055968790248598951915308032771039828404682964281219284648798304157774827374805208143723762179110965979867288366567526771");
BigInteger sect409r1h = BigInteger.Two;
byte[] sect409r1Seed = null;
return new X9ECParameters(
sect409r1Curve,
sect409r1BasePoint,
sect409r1n,
sect409r1h,
sect409r1Seed);
}
protected override X9ECParameters CreateParameters()
{
// a = 1
BigInteger sect283r1a = BigInteger.One;
// b = 27b680ac8b8596da5a4af8a19a0303fca97fd7645309fa2a581485af6263e313b79a2f5
BigInteger sect283r1b = new BigInteger("27b680ac8b8596da5a4af8a19a0303fca97fd7645309fa2a581485af6263e313b79a2f5", 16);
ECCurve sect283r1Curve = new F2mCurve(sect283r1m, sect283r1k1, sect283r1k2, sect283r1k3, sect283r1a, sect283r1b);
// x = 5f939258db7dd90e1934f8c70b0dfec2eed25b8557eac9c80e2e198f8cdbecd86b12053
ECFieldElement sect283r1x = new F2mFieldElement(
sect283r1m, sect283r1k1, sect283r1k2, sect283r1k3,
new BigInteger("5f939258db7dd90e1934f8c70b0dfec2eed25b8557eac9c80e2e198f8cdbecd86b12053", 16));
// y = 3676854fe24141cb98fe6d4b20d02b4516ff702350eddb0826779c813f0df45be8112f4
ECFieldElement sect283r1y = new F2mFieldElement(
sect283r1m, sect283r1k1, sect283r1k2, sect283r1k3,
new BigInteger("3676854fe24141cb98fe6d4b20d02b4516ff702350eddb0826779c813f0df45be8112f4", 16));
ECPoint sect283r1BasePoint = new F2mPoint(
sect283r1Curve, sect283r1x, sect283r1y, false);
BigInteger sect283r1n = new BigInteger("7770675568902916283677847627294075626569625924376904889109196526770044277787378692871");
BigInteger sect283r1h = BigInteger.Two;
byte[] sect283r1Seed = null;
return new X9ECParameters(
sect283r1Curve,
sect283r1BasePoint,
sect283r1n,
sect283r1h,
sect283r1Seed);
}
protected override X9ECParameters CreateParameters()
{
// a = 1
BigInteger sect233r1a = BigInteger.One;
// b = 066647ede6c332c7f8c0923bb58213b333b20e9ce4281fe115f7d8f90ad
BigInteger sect233r1b = new BigInteger("066647ede6c332c7f8c0923bb58213b333b20e9ce4281fe115f7d8f90ad", 16);
ECCurve sect233r1Curve = new F2mCurve(sect233r1m, sect233r1k1, sect233r1k2, sect233r1k3, sect233r1a, sect233r1b);
// x = 0fac9dfcbac8313bb2139f1bb755fef65bc391f8b36f8f8eb7371fd558b
ECFieldElement sect233r1x = new F2mFieldElement(
sect233r1m, sect233r1k1, sect233r1k2, sect233r1k3,
new BigInteger("0fac9dfcbac8313bb2139f1bb755fef65bc391f8b36f8f8eb7371fd558b", 16));
// y = 1006a08a41903350678e58528bebf8a0beff867a7ca36716f7e01f81052
ECFieldElement sect233r1y = new F2mFieldElement(
sect233r1m, sect233r1k1, sect233r1k2, sect233r1k3,
new BigInteger("1006a08a41903350678e58528bebf8a0beff867a7ca36716f7e01f81052", 16));
ECPoint sect233r1BasePoint = new F2mPoint(
sect233r1Curve, sect233r1x, sect233r1y, false);
BigInteger sect233r1n = new BigInteger("6901746346790563787434755862277025555839812737345013555379383634485463");
BigInteger sect233r1h = BigInteger.Two;
byte[] sect233r1Seed = null;
return new X9ECParameters(
sect233r1Curve,
sect233r1BasePoint,
sect233r1n,
sect233r1h,
sect233r1Seed);
}
protected F2mCurve(int m, int k1, int k2, int k3, ECFieldElement a, ECFieldElement b, BigInteger order, BigInteger cofactor)
: base(m, k1, k2, k3)
{
this.m = m;
this.k1 = k1;
this.k2 = k2;
this.k3 = k3;
this.m_order = order;
this.m_cofactor = cofactor;
this.m_infinity = new F2mPoint(this, null, null);
this.m_a = a;
this.m_b = b;
this.m_coord = F2M_DEFAULT_COORDS;
}
public void TestPointCreationConsistency()
{
try
{
FpPoint bad = new FpPoint(Fp.curve, new FpFieldElement(
Fp.q, new BigInteger("12")), null);
Assert.Fail();
}
catch (ArgumentException)
{
// Expected
}
try
{
FpPoint bad = new FpPoint(Fp.curve, null,
new FpFieldElement(Fp.q, new BigInteger("12")));
Assert.Fail();
}
catch (ArgumentException)
{
// Expected
}
try
{
F2mPoint bad = new F2mPoint(F2m.curve, new F2mFieldElement(
F2m.m, F2m.k1, new BigInteger("1011")), null);
Assert.Fail();
}
catch (ArgumentException)
{
// Expected
}
try
{
F2mPoint bad = new F2mPoint(F2m.curve, null,
new F2mFieldElement(F2m.m, F2m.k1,
new BigInteger("1011")));
Assert.Fail();
}
catch (ArgumentException)
{
// Expected
}
}
/**
* Subtracts another <code>ECPoints.F2m</code> from <code>this</code>
* without checking if both points are on the same curve. Used by
* multiplication algorithms, because there all points are a multiple
* of the same point and hence the checks can be omitted.
* @param b The other <code>ECPoints.F2m</code> to subtract from
* <code>this</code>.
* @return <code>this - b</code>
*/
internal F2mPoint SubtractSimple(
F2mPoint b)
{
if (b.IsInfinity)
return this;
// Add -b
return AddSimple((F2mPoint) b.Negate());
}
/* (non-Javadoc)
* @see Org.BouncyCastle.Math.EC.ECPoint#subtract(Org.BouncyCastle.Math.EC.ECPoint)
*/
public override ECPoint Subtract(
ECPoint b)
{
if (b.IsInfinity)
return this;
// Add -b
F2mPoint minusB = new F2mPoint(this.curve, b.x, b.x.Add(b.y), this.withCompression);
return Add(minusB);
}
