Skip to content

Commit

Permalink
Merge branch 'main' of gitlab.cryptoworkshop.com:root/bc-java
Browse files Browse the repository at this point in the history
  • Loading branch information
@dghgit
dghgit committed Mar 20, 2024
2 parents 73449df + eb98ec6 commit 100aa8d
Show file tree
Hide file tree
Showing 11 changed files with 95 additions and 52 deletions.
14 changes: 12 additions & 2 deletions core/src/main/java/org/bouncycastle/math/ec/rfc8032/Ed25519.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -566,7 +566,12 @@ private static boolean implVerify(byte[] sig, int sigOff, byte[] pk, int pkOff,

int[] v0 = new int[4];
int[] v1 = new int[4];
Scalar25519.reduceBasisVar(nA, v0, v1);

if (!Scalar25519.reduceBasisVar(nA, v0, v1))
{
throw new IllegalStateException();
}

Scalar25519.multiply128Var(nS, v1, nS);

PointAccum pZ = new PointAccum();
Expand Down Expand Up @@ -628,7 +633,12 @@ private static boolean implVerify(byte[] sig, int sigOff, PublicPoint publicPoin

int[] v0 = new int[4];
int[] v1 = new int[4];
Scalar25519.reduceBasisVar(nA, v0, v1);

if (!Scalar25519.reduceBasisVar(nA, v0, v1))
{
throw new IllegalStateException();
}

Scalar25519.multiply128Var(nS, v1, nS);

PointAccum pZ = new PointAccum();
Expand Down
14 changes: 12 additions & 2 deletions core/src/main/java/org/bouncycastle/math/ec/rfc8032/Ed448.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -510,7 +510,12 @@ private static boolean implVerify(byte[] sig, int sigOff, byte[] pk, int pkOff,

int[] v0 = new int[8];
int[] v1 = new int[8];
Scalar448.reduceBasisVar(nA, v0, v1);

if (!Scalar448.reduceBasisVar(nA, v0, v1))
{
throw new IllegalStateException();
}

Scalar448.multiply225Var(nS, v1, nS);

PointProjective pZ = new PointProjective();
Expand Down Expand Up @@ -569,7 +574,12 @@ private static boolean implVerify(byte[] sig, int sigOff, PublicPoint publicPoin

int[] v0 = new int[8];
int[] v1 = new int[8];
Scalar448.reduceBasisVar(nA, v0, v1);

if (!Scalar448.reduceBasisVar(nA, v0, v1))
{
throw new IllegalStateException();
}

Scalar448.multiply225Var(nS, v1, nS);

PointProjective pZ = new PointProjective();
Expand Down
10 changes: 9 additions & 1 deletion core/src/main/java/org/bouncycastle/math/ec/rfc8032/Scalar25519.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -295,7 +295,7 @@ static byte[] reduce512(byte[] n)
return r;
}

static void reduceBasisVar(int[] k, int[] z0, int[] z1)
static boolean reduceBasisVar(int[] k, int[] z0, int[] z1)
{
/*
* Split scalar k into two half-size scalars z0 and z1, such that z1 * k == z0 mod L.
Expand All @@ -312,11 +312,18 @@ static void reduceBasisVar(int[] k, int[] z0, int[] z1)
int[] v0 = new int[4]; System.arraycopy(k, 0, v0, 0, 4);
int[] v1 = new int[4]; v1[0] = 1;

// Conservative upper bound on the number of loop iterations needed
int iterations = TARGET_LENGTH * 4;
int last = 15;
int len_Nv = ScalarUtil.getBitLengthPositive(last, Nv);

while (len_Nv > TARGET_LENGTH)
{
if (--iterations < 0)
{
return false;
}

int len_p = ScalarUtil.getBitLength(last, p);
int s = len_p - len_Nv;
s &= ~(s >> 31);
Expand Down Expand Up @@ -346,6 +353,7 @@ static void reduceBasisVar(int[] k, int[] z0, int[] z1)
// v1 * k == v0 mod L
System.arraycopy(v0, 0, z0, 0, 4);
System.arraycopy(v1, 0, z1, 0, 4);
return true;
}

static void toSignedDigits(int bits, int[] z)
Expand Down
10 changes: 9 additions & 1 deletion core/src/main/java/org/bouncycastle/math/ec/rfc8032/Scalar448.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -560,7 +560,7 @@ static byte[] reduce912(byte[] n)
return r;
}

static void reduceBasisVar(int[] k, int[] z0, int[] z1)
static boolean reduceBasisVar(int[] k, int[] z0, int[] z1)
{
/*
* Split scalar k into two half-size scalars z0 and z1, such that z1 * k == z0 mod L.
Expand All @@ -577,11 +577,18 @@ static void reduceBasisVar(int[] k, int[] z0, int[] z1)
int[] v0 = new int[8]; System.arraycopy(k, 0, v0, 0, 8);
int[] v1 = new int[8]; v1[0] = 1;

// Conservative upper bound on the number of loop iterations needed
int iterations = TARGET_LENGTH * 4;
int last = 27;
int len_Nv = ScalarUtil.getBitLengthPositive(last, Nv);

while (len_Nv > TARGET_LENGTH)
{
if (--iterations < 0)
{
return false;
}

int len_p = ScalarUtil.getBitLength(last, p);
int s = len_p - len_Nv;
s &= ~(s >> 31);
Expand Down Expand Up @@ -614,6 +621,7 @@ static void reduceBasisVar(int[] k, int[] z0, int[] z1)
// v1 * k == v0 mod L
System.arraycopy(v0, 0, z0, 0, 8);
System.arraycopy(v1, 0, z1, 0, 8);
return true;
}

static void toSignedDigits(int bits, int[] x, int[] z)
Expand Down
28 changes: 14 additions & 14 deletions core/src/main/java/org/bouncycastle/math/ec/rfc8032/ScalarUtil.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,11 +22,11 @@ static void addShifted_NP(int last, int s, int[] Nu, int[] Nv, int[] p, int[] t)

cc_p += p_i & M;
cc_p += Nv[i] & M;
p_i = (int)cc_p; cc_p >>= 32;
p[i] = p_i;
p_i = (int)cc_p; cc_p >>>= 32;
p[i] = p_i;

cc_Nu += p_i & M;
Nu[i] = (int)cc_Nu; cc_Nu >>= 32;
Nu[i] = (int)cc_Nu; cc_Nu >>>= 32;
}
}
else if (s < 32)
Expand All @@ -50,20 +50,20 @@ else if (s < 32)

cc_p += p_i & M;
cc_p += v_s & M;
p_i = (int)cc_p; cc_p >>= 32;
p_i = (int)cc_p; cc_p >>>= 32;
p[i] = p_i;

int q_s = (p_i << s) | (prev_q >>> -s);
prev_q =p_i;
prev_q = p_i;

cc_Nu += q_s & M;
Nu[i] = (int)cc_Nu; cc_Nu >>= 32;
Nu[i] = (int)cc_Nu; cc_Nu >>>= 32;
}
}
else
{
// Keep the original value of p in t.
System.arraycopy(p, 0, t, 0, p.length);
// Copy the low limbs of the original p
System.arraycopy(p, 0, t, 0, last);

int sWords = s >>> 5; int sBits = s & 31;
if (sBits == 0)
Expand All @@ -75,10 +75,10 @@ else if (s < 32)

cc_p += p[i] & M;
cc_p += Nv[i - sWords] & M;
p[i] = (int)cc_p; cc_p >>= 32;
p[i] = (int)cc_p; cc_p >>>= 32;

cc_Nu += p[i - sWords] & M;
Nu[i] = (int)cc_Nu; cc_Nu >>= 32;
Nu[i] = (int)cc_Nu; cc_Nu >>>= 32;
}
}
else
Expand All @@ -102,14 +102,14 @@ else if (s < 32)

cc_p += p[i] & M;
cc_p += v_s & M;
p[i] = (int)cc_p; cc_p >>= 32;
p[i] = (int)cc_p; cc_p >>>= 32;

int next_q = p[i - sWords];
int q_s = (next_q << sBits) | (prev_q >>> -sBits);
prev_q = next_q;

cc_Nu += q_s & M;
Nu[i] = (int)cc_Nu; cc_Nu >>= 32;
Nu[i] = (int)cc_Nu; cc_Nu >>>= 32;
}
}
}
Expand Down Expand Up @@ -251,8 +251,8 @@ else if (s < 32)
}
else
{
// Keep the original value of p in t.
System.arraycopy(p, 0, t, 0, p.length);
// Copy the low limbs of the original p
System.arraycopy(p, 0, t, 0, last);

int sWords = s >>> 5; int sBits = s & 31;
if (sBits == 0)
Expand Down
1 change: 0 additions & 1 deletion core/src/test/java/org/bouncycastle/crypto/test/Ed25519Test.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -780,7 +780,6 @@ private void testRegressionInfiniteLoop() throws Exception
"pub=MCowBQYDK2VwAyEAHtYhM7lFrRHW9FqjuSEdDZ1tctjede+MoV0R1UMtVVg= priv=MC4CAQAwBQYDK2VwBCIEIJD6PKp3MulK/B/Np+Cdu+Cfo6x2EPkJJliRnj1G9xs/ msg=Q/p5WuG23JyPgshQbo5YGam23fQ5OVqjC0fCzYVXRw+C9vDQdLODe5D6PKp3MulK/B/Np+Cdu+Cfo6x2EPkJJg== sig=t4XSeew/w5x52oghg7VR7yDP6cP2JkP+1qCbuYJyUNW/lmNKD16Tk3SWktl4o3HzmpQewS3lxx1vR2pKhkPqAw== e=found last=15 s=34 in subShifted_NP",
"pub=MCowBQYDK2VwAyEAEI/536MsgF7aZ9O6hLaT2cGEwCIQRajWmvxE+iv+5Ig= priv=MC4CAQAwBQYDK2VwBCIEIE5+N8mBMqbcslWpsFiYUJLEbnKC1CZgwnql5scPhVqA msg=1CZgwnql5scPhVqAJy5QN89FfioiZlPgPcwVjCM2AgM5Frk3eACOherjcVcSUSth7u2NWh3IJGkOy+UgE6g3/w== sig=9iS9EP9mkQOoxQoGzcznIChrPQGdAA763KQjwnN5k4HmVBX/abYK5XIk6H+sfZ88Qq7VOFy8c1H1CwYb465AAg== e=found last=15 s=35 in subShifted_NP",
"pub=MCowBQYDK2VwAyEAvdP5ffItF2siN+QBywHeCpXDFhjxK7SZwT2MfjSoipU= priv=MC4CAQAwBQYDK2VwBCIEINx5YWaFb57Vnoqc93w5yK8TSWlY+7GEYVjpc2WkiPI/ msg=Ggwp5bmATPmRhoheAaYfJTYxkSrIXYcSTqxi3HlhZoVvntWeipz3fDnIrxNJaVj7sYRhWOlzZaSI8j9oTJ1ygA== sig=c5HoX+KDVG2wM7o0o4dKJUy/zczPaKDUcnWhsmP3d6evqfDbRNAQpLopFdO9dyfuEv1H1gn+qLQUVvZcuwLDDw== e=infinite loop regression",
"pub=MCowBQYDK2VwAyEAvdP5ffItF2siN+QBywHeCpXDFhjxK7SZwT2MfjSoipU= priv=MC4CAQAwBQYDK2VwBCIEINx5YWaFb57Vnoqc93w5yK8TSWlY+7GEYVjpc2WkiPI/ msg=Ggwp5bmATPmRhoheAaYfJTYxkSrIXYcSTqxi3HlhZoVvntWeipz3fDnIrxNJaVj7sYRhWOlzZaSI8j9oTJ1ygA== sig=c5HoX+KDVG2wM7o0o4dKJUy/zczPaKDUcnWhsmP3d6evqfDbRNAQpLopFdO9dyfuEv1H1gn+qLQUVvZcuwLDDw== e=infinite loop regression",
"pub=MCowBQYDK2VwAyEAhPw0vNPFREOs5U1MkD0yCWZ3WCOmwVSvN2jF1Oizqbk= priv=MC4CAQAwBQYDK2VwBCIEIP80+hG+p3eZq1Ez2fIwZVisdXlokktg+bLNtBeM/GQA msg=2I3ilxrJP/fye0bwPSNTluAceuuI6hS1a9t7J9YSlIX9WOwvrnoz2BUKVPkLpHmyEK7JHMDttj4l6BQiCOl//w== sig=kp9BeH0HbGR8wWV5vERw/tZtGHuYdpNvcUO7fyzEAp+avoeJFptyh7jzuvic/lcH8+W43kjvq2wn7t+Y4QOCAA== e=infinite loop regression",
"pub=MCowBQYDK2VwAyEA6yB65NH24xZ3gPJpAf2oZiobm/CDOsW2mTA5NYHiu9Q= priv=MC4CAQAwBQYDK2VwBCIEIA8QPr2HS5Ph1RitdsIwIn6rAvIhxGzrI0iMNTQXdaOK msg=xaumAcR/MN99ugA1y5nJ/KZ89v2ubNtaOKMr85InQXbcd6tQUDJKVgi1s5E00FUzZNayymWz0FIZmpuB+B3D6A== sig=2Hh82APLUonf07pjWJPbqNkIvH0FKaGuqR6uZy0SolDLBOQRUUo19t6txaNjafroKvKivxp4BJZK//UZANV/AQ== e=infinite loop regression",
"pub=MCowBQYDK2VwAyEAjzPeoBYWUh6lK8tL5zvJMe3quOc9DHDHqjaqmlQ9eCs= priv=MC4CAQAwBQYDK2VwBCIEIM/KKNbVtHGuvVjVRndMVx+uGHioSJfRTLV3mMT/qs0O msg=xoQTj8hSoCBUbsW5fls1TN4WIBm8+r9Q4dG8neWlAU5D0pb5V7PzbBUFJWeMN0nvqEZA2EOlmOckFJwvw4kbvg== sig=RvTiLTOBLVlUPXgblZ51/UkOE6Yen7x4M02mxNRnKQIQvRW6Xy3qME2Z0Am2zJnQUl5NzmX7bwYSxgxpmI88AQ== e=infinite loop regression",
Expand Down
11 changes: 6 additions & 5 deletions pg/src/main/java/org/bouncycastle/bcpg/sig/KeyExpirationTime.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,9 @@
public class KeyExpirationTime
extends SignatureSubpacket
{
/**
* @deprecated Will be removed
*/
protected static byte[] timeToBytes(
long t)
{
Expand All @@ -22,23 +25,21 @@ public KeyExpirationTime(
{
super(SignatureSubpacketTags.KEY_EXPIRE_TIME, critical, isLongLength, data);
}

public KeyExpirationTime(
boolean critical,
long seconds)
{
super(SignatureSubpacketTags.KEY_EXPIRE_TIME, critical, false, Utils.timeToBytes(seconds));
}

/**
* Return the number of seconds after creation time a key is valid for.
*
* @return second count for key validity.
*/
public long getTime()
{
long time = ((long)(data[0] & 0xff) << 24) | ((data[1] & 0xff) << 16) | ((data[2] & 0xff) << 8) | (data[3] & 0xff);

return time;
return Utils.timeFromBytes(data);
}
}
23 changes: 9 additions & 14 deletions pg/src/main/java/org/bouncycastle/bcpg/sig/SignatureCreationTime.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,39 +11,34 @@
public class SignatureCreationTime
extends SignatureSubpacket
{
/**
* @deprecated Will be removed
*/
protected static byte[] timeToBytes(
Date date)
{
byte[] data = new byte[4];
long t = date.getTime() / 1000;

data[0] = (byte)(t >> 24);
data[1] = (byte)(t >> 16);
data[2] = (byte)(t >> 8);
data[3] = (byte)t;

return data;
long t = date.getTime() / 1000;
return Utils.timeToBytes(t);
}

public SignatureCreationTime(
boolean critical,
boolean isLongLength,
byte[] data)
{
super(SignatureSubpacketTags.CREATION_TIME, critical, isLongLength, data);
}

public SignatureCreationTime(
boolean critical,
Date date)
{
super(SignatureSubpacketTags.CREATION_TIME, critical, false, timeToBytes(date));
}

public Date getTime()
{
long time = ((long)(data[0] & 0xff) << 24) | ((data[1] & 0xff) << 16) | ((data[2] & 0xff) << 8) | (data[3] & 0xff);

long time = Utils.timeFromBytes(data);
return new Date(time * 1000);
}
}
13 changes: 7 additions & 6 deletions pg/src/main/java/org/bouncycastle/bcpg/sig/SignatureExpirationTime.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,34 +9,35 @@
public class SignatureExpirationTime
extends SignatureSubpacket
{
/**
* @deprecated Will be removed
*/
protected static byte[] timeToBytes(
long t)
{
return Utils.timeToBytes(t);
}

public SignatureExpirationTime(
boolean critical,
boolean isLongLength,
byte[] data)
{
super(SignatureSubpacketTags.EXPIRE_TIME, critical, isLongLength, data);
}

public SignatureExpirationTime(
boolean critical,
long seconds)
{
super(SignatureSubpacketTags.EXPIRE_TIME, critical, false, Utils.timeToBytes(seconds));
}

/**
* return time in seconds before signature expires after creation time.
*/
public long getTime()
{
long time = ((long)(data[0] & 0xff) << 24) | ((data[1] & 0xff) << 16) | ((data[2] & 0xff) << 8) | (data[3] & 0xff);

return time;
return Utils.timeFromBytes(data);
}
}
18 changes: 14 additions & 4 deletions pg/src/main/java/org/bouncycastle/bcpg/sig/Utils.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,16 +48,26 @@ else if (bytes[0] == 1)
}
}

static byte[] timeToBytes(
long t)
static long timeFromBytes(byte[] bytes)
{
byte[] data = new byte[4];
if (bytes.length != 4)
{
throw new IllegalStateException("Byte array has unexpected length. Expected length 4, got " + bytes.length);
}

return ((long)(bytes[0] & 0xff) << 24)
| ((bytes[1] & 0xff) << 16)
| ((bytes[2] & 0xff) << 8)
| (bytes[3] & 0xff);
}

static byte[] timeToBytes(long t)
{
byte[] data = new byte[4];
data[0] = (byte)(t >> 24);
data[1] = (byte)(t >> 16);
data[2] = (byte)(t >> 8);
data[3] = (byte)t;

return data;
}
}
5 changes: 3 additions & 2 deletions pg/src/test/java/org/bouncycastle/openpgp/test/BytesBooleansTest.java
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
package org.bouncycastle.util.utiltest;
package org.bouncycastle.openpgp.test;

import junit.framework.TestCase;
import org.bouncycastle.bcpg.sig.PrimaryUserID;

import junit.framework.TestCase;

public class BytesBooleansTest
extends TestCase
{
Expand Down

0 comments on commit 100aa8d

Please sign in to comment.