bcgit
diff --git a/‎core/src/main/java/org/bouncycastle/crypto/params/Ed25519PrivateKeyParameters.java‎
Lines changed: 1 addition & 3 deletions b/‎core/src/main/java/org/bouncycastle/crypto/params/Ed25519PrivateKeyParameters.java‎
Lines changed: 1 addition & 3 deletions
diff --git a/‎core/src/main/java/org/bouncycastle/crypto/params/Ed25519PublicKeyParameters.java‎
Lines changed: 35 additions & 8 deletions b/‎core/src/main/java/org/bouncycastle/crypto/params/Ed25519PublicKeyParameters.java‎
Lines changed: 35 additions & 8 deletions
diff --git a/‎core/src/main/java/org/bouncycastle/crypto/params/Ed448PrivateKeyParameters.java‎
Lines changed: 1 addition & 3 deletions b/‎core/src/main/java/org/bouncycastle/crypto/params/Ed448PrivateKeyParameters.java‎
Lines changed: 1 addition & 3 deletions
diff --git a/‎core/src/main/java/org/bouncycastle/crypto/params/Ed448PublicKeyParameters.java‎
Lines changed: 34 additions & 7 deletions b/‎core/src/main/java/org/bouncycastle/crypto/params/Ed448PublicKeyParameters.java‎
Lines changed: 34 additions & 7 deletions
diff --git a/‎core/src/main/java/org/bouncycastle/math/ec/rfc7748/X25519Field.java‎
Lines changed: 26 additions & 0 deletions b/‎core/src/main/java/org/bouncycastle/math/ec/rfc7748/X25519Field.java‎
Lines changed: 26 additions & 0 deletions
diff --git a/‎core/src/main/java/org/bouncycastle/math/ec/rfc7748/X448Field.java‎
Lines changed: 49 additions & 1 deletion b/‎core/src/main/java/org/bouncycastle/math/ec/rfc7748/X448Field.java‎
Lines changed: 49 additions & 1 deletion
@@ -64,9 +64,7 @@ public Ed25519PublicKeyParameters generatePublicKey()
         {
             if (null == cachedPublicKey)
             {
-                byte[] publicKey = new byte[Ed25519.PUBLIC_KEY_SIZE];
-                Ed25519.generatePublicKey(data, 0, publicKey, 0);
-                cachedPublicKey = new Ed25519PublicKeyParameters(publicKey, 0);
+                cachedPublicKey = new Ed25519PublicKeyParameters(Ed25519.generatePublicKey(data, 0));
             }
 
             return cachedPublicKey;
 
@@ -5,15 +5,14 @@
 import java.io.InputStream;
 
 import org.bouncycastle.math.ec.rfc8032.Ed25519;
-import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.io.Streams;
 
 public final class Ed25519PublicKeyParameters
     extends AsymmetricKeyParameter
 {
     public static final int KEY_SIZE = Ed25519.PUBLIC_KEY_SIZE;
 
-    private final byte[] data = new byte[KEY_SIZE];
+    private final Ed25519.PublicPoint publicPoint;
 
     public Ed25519PublicKeyParameters(byte[] buf)
     {
@@ -24,27 +23,45 @@ public Ed25519PublicKeyParameters(byte[] buf, int off)
     {
         super(false);
 
-        System.arraycopy(buf, off, data, 0, KEY_SIZE);
+        this.publicPoint = parse(buf, off);
     }
 
     public Ed25519PublicKeyParameters(InputStream input) throws IOException
     {
         super(false);
 
+        byte[] data = new byte[KEY_SIZE];
+
         if (KEY_SIZE != Streams.readFully(input, data))
         {
             throw new EOFException("EOF encountered in middle of Ed25519 public key");
         }
+
+        this.publicPoint = parse(data, 0);
+    }
+
+    public Ed25519PublicKeyParameters(Ed25519.PublicPoint publicPoint)
+    {
+        super(false);
+
+        if (publicPoint == null)
+        {
+            throw new NullPointerException("'publicPoint' cannot be null");
+        }
+
+        this.publicPoint = publicPoint;
     }
 
     public void encode(byte[] buf, int off)
     {
-        System.arraycopy(data, 0, buf, off, KEY_SIZE);
+        Ed25519.encodePublicPoint(publicPoint, buf, off);
     }
 
     public byte[] getEncoded()
     {
-        return Arrays.clone(data);
+        byte[] data = new byte[KEY_SIZE];
+        encode(data, 0);
+        return data;
     }
 
     public boolean verify(int algorithm, byte[] ctx, byte[] msg, int msgOff, int msgLen, byte[] sig, int sigOff)
@@ -58,7 +75,7 @@ public boolean verify(int algorithm, byte[] ctx, byte[] msg, int msgOff, int msg
                 throw new IllegalArgumentException("ctx");
             }
 
-            return Ed25519.verify(sig, sigOff, data, 0, msg, msgOff, msgLen);
+            return Ed25519.verify(sig, sigOff, publicPoint, msg, msgOff, msgLen);
         }
         case Ed25519.Algorithm.Ed25519ctx:
         {
@@ -71,7 +88,7 @@ public boolean verify(int algorithm, byte[] ctx, byte[] msg, int msgOff, int msg
                 throw new IllegalArgumentException("ctx");
             }
 
-            return Ed25519.verify(sig, sigOff, data, 0, ctx, msg, msgOff, msgLen);
+            return Ed25519.verify(sig, sigOff, publicPoint, ctx, msg, msgOff, msgLen);
         }
         case Ed25519.Algorithm.Ed25519ph:
         {
@@ -88,7 +105,7 @@ public boolean verify(int algorithm, byte[] ctx, byte[] msg, int msgOff, int msg
                 throw new IllegalArgumentException("msgLen");
             }
 
-            return Ed25519.verifyPrehash(sig, sigOff, data, 0, ctx, msg, msgOff);
+            return Ed25519.verifyPrehash(sig, sigOff, publicPoint, ctx, msg, msgOff);
         }
         default:
         {
@@ -97,6 +114,16 @@ public boolean verify(int algorithm, byte[] ctx, byte[] msg, int msgOff, int msg
         }
     }
 
+    private static Ed25519.PublicPoint parse(byte[] buf, int off)
+    {
+        Ed25519.PublicPoint publicPoint = Ed25519.validatePublicKeyPartialExport(buf, off);
+        if (publicPoint == null)
+        {
+            throw new IllegalArgumentException("invalid public key");
+        }
+        return publicPoint;
+    }
+
     private static byte[] validate(byte[] buf)
     {
         if (buf.length != KEY_SIZE)
 
@@ -64,9 +64,7 @@ public Ed448PublicKeyParameters generatePublicKey()
         {
             if (null == cachedPublicKey)
             {
-                byte[] publicKey = new byte[Ed448.PUBLIC_KEY_SIZE];
-                Ed448.generatePublicKey(data, 0, publicKey, 0);
-                cachedPublicKey = new Ed448PublicKeyParameters(publicKey, 0);
+                cachedPublicKey = new Ed448PublicKeyParameters(Ed448.generatePublicKey(data, 0));
             }
 
             return cachedPublicKey;
 
@@ -5,15 +5,14 @@
 import java.io.InputStream;
 
 import org.bouncycastle.math.ec.rfc8032.Ed448;
-import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.io.Streams;
 
 public final class Ed448PublicKeyParameters
     extends AsymmetricKeyParameter
 {
     public static final int KEY_SIZE = Ed448.PUBLIC_KEY_SIZE;
 
-    private final byte[] data = new byte[KEY_SIZE];
+    private final Ed448.PublicPoint publicPoint;
 
     public Ed448PublicKeyParameters(byte[] buf)
     {
@@ -24,27 +23,45 @@ public Ed448PublicKeyParameters(byte[] buf, int off)
     {
         super(false);
 
-        System.arraycopy(buf, off, data, 0, KEY_SIZE);
+        this.publicPoint = parse(buf, off);
     }
 
     public Ed448PublicKeyParameters(InputStream input) throws IOException
     {
         super(false);
 
+        byte[] data = new byte[KEY_SIZE];
+
         if (KEY_SIZE != Streams.readFully(input, data))
         {
             throw new EOFException("EOF encountered in middle of Ed448 public key");
         }
+
+        this.publicPoint = parse(data, 0);
+    }
+
+    public Ed448PublicKeyParameters(Ed448.PublicPoint publicPoint)
+    {
+        super(false);
+
+        if (publicPoint == null)
+        {
+            throw new NullPointerException("'publicPoint' cannot be null");
+        }
+
+        this.publicPoint = publicPoint;
     }
 
     public void encode(byte[] buf, int off)
     {
-        System.arraycopy(data, 0, buf, off, KEY_SIZE);
+        Ed448.encodePublicPoint(publicPoint, buf, off);
     }
 
     public byte[] getEncoded()
     {
-        return Arrays.clone(data);
+        byte[] data = new byte[KEY_SIZE];
+        encode(data, 0);
+        return data;
     }
 
     public boolean verify(int algorithm, byte[] ctx, byte[] msg, int msgOff, int msgLen, byte[] sig, int sigOff)
@@ -62,7 +79,7 @@ public boolean verify(int algorithm, byte[] ctx, byte[] msg, int msgOff, int msg
                 throw new IllegalArgumentException("ctx");
             }
 
-            return Ed448.verify(sig, sigOff, data, 0, ctx, msg, msgOff, msgLen);
+            return Ed448.verify(sig, sigOff, publicPoint, ctx, msg, msgOff, msgLen);
         }
         case Ed448.Algorithm.Ed448ph:
         {
@@ -79,7 +96,7 @@ public boolean verify(int algorithm, byte[] ctx, byte[] msg, int msgOff, int msg
                 throw new IllegalArgumentException("msgLen");
             }
 
-            return Ed448.verifyPrehash(sig, sigOff, data, 0, ctx, msg, msgOff);
+            return Ed448.verifyPrehash(sig, sigOff, publicPoint, ctx, msg, msgOff);
         }
         default:
         {
@@ -88,6 +105,16 @@ public boolean verify(int algorithm, byte[] ctx, byte[] msg, int msgOff, int msg
         }
     }
 
+    private static Ed448.PublicPoint parse(byte[] buf, int off)
+    {
+        Ed448.PublicPoint publicPoint = Ed448.validatePublicKeyPartialExport(buf, off);
+        if (publicPoint == null)
+        {
+            throw new IllegalArgumentException("invalid public key");
+        }
+        return publicPoint;
+    }
+
     private static byte[] validate(byte[] buf)
     {
         if (buf.length != KEY_SIZE)
 
@@ -152,13 +152,27 @@ public static void decode(int[] x, int xOff, int[] z)
         z[9] &= M24;
     }
 
+    public static void decode(byte[] x, int[] z)
+    {
+        decode128(x, 0, z, 0);
+        decode128(x, 16, z, 5);
+        z[9] &= M24;
+    }
+
     public static void decode(byte[] x, int xOff, int[] z)
     {
         decode128(x, xOff, z, 0);
         decode128(x, xOff + 16, z, 5);
         z[9] &= M24;
     }
 
+    public static void decode(byte[] x, int xOff, int[] z, int zOff)
+    {
+        decode128(x, xOff, z, zOff);
+        decode128(x, xOff + 16, z, zOff + 5);
+        z[zOff + 9] &= M24;
+    }
+
     private static void decode128(int[] is, int off, int[] z, int zOff)
     {
         int t0 = is[off + 0], t1 = is[off + 1], t2 = is[off + 2], t3 = is[off + 3];
@@ -199,12 +213,24 @@ public static void encode(int[] x, int[] z, int zOff)
         encode128(x, 5, z, zOff + 4);
     }
 
+    public static void encode(int[] x, byte[] z)
+    {
+        encode128(x, 0, z, 0);
+        encode128(x, 5, z, 16);
+    }
+
     public static void encode(int[] x, byte[] z, int zOff)
     {
         encode128(x, 0, z, zOff);
         encode128(x, 5, z, zOff + 16);
     }
 
+    public static void encode(int[] x, int xOff, byte[] z, int zOff)
+    {
+        encode128(x, xOff, z, zOff);
+        encode128(x, xOff + 5, z, zOff + 16);
+    }
+
     private static void encode128(int[] x, int xOff, int[] is, int off)
     {
         int x0 = x[xOff + 0], x1 = x[xOff + 1], x2 = x[xOff + 2], x3 = x[xOff + 3], x4 = x[xOff + 4];
 
@@ -156,6 +156,18 @@ public static void decode(int[] x, int xOff, int[] z)
         decode224(x, xOff + 7, z, 8);
     }
 
+    public static void decode(byte[] x, int[] z)
+    {
+        decode56(x, 0, z, 0);
+        decode56(x, 7, z, 2);
+        decode56(x, 14, z, 4);
+        decode56(x, 21, z, 6);
+        decode56(x, 28, z, 8);
+        decode56(x, 35, z, 10);
+        decode56(x, 42, z, 12);
+        decode56(x, 49, z, 14);
+    }
+
     public static void decode(byte[] x, int xOff, int[] z)
     {
         decode56(x, xOff, z, 0);
@@ -168,6 +180,18 @@ public static void decode(byte[] x, int xOff, int[] z)
         decode56(x, xOff + 49, z, 14);
     }
 
+    public static void decode(byte[] x, int xOff, int[] z, int zOff)
+    {
+        decode56(x, xOff, z, zOff);
+        decode56(x, xOff + 7, z, zOff + 2);
+        decode56(x, xOff + 14, z, zOff + 4);
+        decode56(x, xOff + 21, z, zOff + 6);
+        decode56(x, xOff + 28, z, zOff + 8);
+        decode56(x, xOff + 35, z, zOff + 10);
+        decode56(x, xOff + 42, z, zOff + 12);
+        decode56(x, xOff + 49, z, zOff + 14);
+    }
+
     private static void decode224(int[] x, int xOff, int[] z, int zOff)
     {
         int x0 = x[xOff + 0], x1 = x[xOff + 1], x2 = x[xOff + 2], x3 = x[xOff + 3];
@@ -214,7 +238,19 @@ public static void encode(int[] x, int[] z, int zOff)
         encode224(x, 8, z, zOff + 7);
     }
 
-    public static void encode(int[] x,  byte[] z , int zOff)
+    public static void encode(int[] x, byte[] z)
+    {
+        encode56(x, 0, z, 0);
+        encode56(x, 2, z, 7);
+        encode56(x, 4, z, 14);
+        encode56(x, 6, z, 21);
+        encode56(x, 8, z, 28);
+        encode56(x, 10, z, 35);
+        encode56(x, 12, z, 42);
+        encode56(x, 14, z, 49);
+    }
+
+    public static void encode(int[] x, byte[] z, int zOff)
     {
         encode56(x, 0, z, zOff);
         encode56(x, 2, z, zOff + 7);
@@ -226,6 +262,18 @@ public static void encode(int[] x,  byte[] z , int zOff)
         encode56(x, 14, z, zOff + 49);
     }
 
+    public static void encode(int[] x, int xOff, byte[] z, int zOff)
+    {
+        encode56(x, xOff, z, zOff);
+        encode56(x, xOff + 2, z, zOff + 7);
+        encode56(x, xOff + 4, z, zOff + 14);
+        encode56(x, xOff + 6, z, zOff + 21);
+        encode56(x, xOff + 8, z, zOff + 28);
+        encode56(x, xOff + 10, z, zOff + 35);
+        encode56(x, xOff + 12, z, zOff + 42);
+        encode56(x, xOff + 14, z, zOff + 49);
+    }
+
     private static void encode224(int[] x, int xOff, int[] is, int off)
     {
         int x0 = x[xOff + 0], x1 = x[xOff + 1], x2 = x[xOff + 2], x3 = x[xOff + 3];
Original file line number	Diff line number	Diff line change
`@@ -64,9 +64,7 @@ public Ed25519PublicKeyParameters generatePublicKey()`
`64`	`64`	`{`
`65`	`65`	`if (null == cachedPublicKey)`
`66`	`66`	`{`
`67`		`- byte[] publicKey = new byte[Ed25519.PUBLIC_KEY_SIZE];`
`68`		`- Ed25519.generatePublicKey(data, 0, publicKey, 0);`
`69`		`- cachedPublicKey = new Ed25519PublicKeyParameters(publicKey, 0);`
	`67`	`+ cachedPublicKey = new Ed25519PublicKeyParameters(Ed25519.generatePublicKey(data, 0));`
`70`	`68`	`}`
`71`	`69`
`72`	`70`	`return cachedPublicKey;`
Original file line number	Diff line number	Diff line change
`@@ -5,15 +5,14 @@`
`5`	`5`	`import java.io.InputStream;`
`6`	`6`
`7`	`7`	`import org.bouncycastle.math.ec.rfc8032.Ed25519;`
`8`		`-import org.bouncycastle.util.Arrays;`
`9`	`8`	`import org.bouncycastle.util.io.Streams;`
`10`	`9`
`11`	`10`	`public final class Ed25519PublicKeyParameters`
`12`	`11`	`extends AsymmetricKeyParameter`
`13`	`12`	`{`
`14`	`13`	`public static final int KEY_SIZE = Ed25519.PUBLIC_KEY_SIZE;`
`15`	`14`
`16`		`- private final byte[] data = new byte[KEY_SIZE];`
	`15`	`+ private final Ed25519.PublicPoint publicPoint;`
`17`	`16`
`18`	`17`	`public Ed25519PublicKeyParameters(byte[] buf)`
`19`	`18`	`{`
`@@ -24,27 +23,45 @@ public Ed25519PublicKeyParameters(byte[] buf, int off)`
`24`	`23`	`{`
`25`	`24`	`super(false);`
`26`	`25`
`27`		`- System.arraycopy(buf, off, data, 0, KEY_SIZE);`
	`26`	`+ this.publicPoint = parse(buf, off);`
`28`	`27`	`}`
`29`	`28`
`30`	`29`	`public Ed25519PublicKeyParameters(InputStream input) throws IOException`
`31`	`30`	`{`
`32`	`31`	`super(false);`
`33`	`32`
	`33`	`+ byte[] data = new byte[KEY_SIZE];`
	`34`	`+`
`34`	`35`	`if (KEY_SIZE != Streams.readFully(input, data))`
`35`	`36`	`{`
`36`	`37`	`throw new EOFException("EOF encountered in middle of Ed25519 public key");`
`37`	`38`	`}`
	`39`	`+`
	`40`	`+ this.publicPoint = parse(data, 0);`
	`41`	`+ }`
	`42`	`+`
	`43`	`+ public Ed25519PublicKeyParameters(Ed25519.PublicPoint publicPoint)`
	`44`	`+ {`
	`45`	`+ super(false);`
	`46`	`+`
	`47`	`+ if (publicPoint == null)`
	`48`	`+ {`
	`49`	`+ throw new NullPointerException("'publicPoint' cannot be null");`
	`50`	`+ }`
	`51`	`+`
	`52`	`+ this.publicPoint = publicPoint;`
`38`	`53`	`}`
`39`	`54`
`40`	`55`	`public void encode(byte[] buf, int off)`
`41`	`56`	`{`
`42`		`- System.arraycopy(data, 0, buf, off, KEY_SIZE);`
	`57`	`+ Ed25519.encodePublicPoint(publicPoint, buf, off);`
`43`	`58`	`}`
`44`	`59`
`45`	`60`	`public byte[] getEncoded()`
`46`	`61`	`{`
`47`		`- return Arrays.clone(data);`
	`62`	`+ byte[] data = new byte[KEY_SIZE];`
	`63`	`+ encode(data, 0);`
	`64`	`+ return data;`
`48`	`65`	`}`
`49`	`66`
`50`	`67`	`public boolean verify(int algorithm, byte[] ctx, byte[] msg, int msgOff, int msgLen, byte[] sig, int sigOff)`
`@@ -58,7 +75,7 @@ public boolean verify(int algorithm, byte[] ctx, byte[] msg, int msgOff, int msg`
`58`	`75`	`throw new IllegalArgumentException("ctx");`
`59`	`76`	`}`
`60`	`77`
`61`		`- return Ed25519.verify(sig, sigOff, data, 0, msg, msgOff, msgLen);`
	`78`	`+ return Ed25519.verify(sig, sigOff, publicPoint, msg, msgOff, msgLen);`
`62`	`79`	`}`
`63`	`80`	`case Ed25519.Algorithm.Ed25519ctx:`
`64`	`81`	`{`
`@@ -71,7 +88,7 @@ public boolean verify(int algorithm, byte[] ctx, byte[] msg, int msgOff, int msg`
`71`	`88`	`throw new IllegalArgumentException("ctx");`
`72`	`89`	`}`
`73`	`90`
`74`		`- return Ed25519.verify(sig, sigOff, data, 0, ctx, msg, msgOff, msgLen);`
	`91`	`+ return Ed25519.verify(sig, sigOff, publicPoint, ctx, msg, msgOff, msgLen);`
`75`	`92`	`}`
`76`	`93`	`case Ed25519.Algorithm.Ed25519ph:`
`77`	`94`	`{`
`@@ -88,7 +105,7 @@ public boolean verify(int algorithm, byte[] ctx, byte[] msg, int msgOff, int msg`
`88`	`105`	`throw new IllegalArgumentException("msgLen");`
`89`	`106`	`}`
`90`	`107`
`91`		`- return Ed25519.verifyPrehash(sig, sigOff, data, 0, ctx, msg, msgOff);`
	`108`	`+ return Ed25519.verifyPrehash(sig, sigOff, publicPoint, ctx, msg, msgOff);`
`92`	`109`	`}`
`93`	`110`	`default:`
`94`	`111`	`{`
`@@ -97,6 +114,16 @@ public boolean verify(int algorithm, byte[] ctx, byte[] msg, int msgOff, int msg`
`97`	`114`	`}`
`98`	`115`	`}`
`99`	`116`
	`117`	`+ private static Ed25519.PublicPoint parse(byte[] buf, int off)`
	`118`	`+ {`
	`119`	`+ Ed25519.PublicPoint publicPoint = Ed25519.validatePublicKeyPartialExport(buf, off);`
	`120`	`+ if (publicPoint == null)`
	`121`	`+ {`
	`122`	`+ throw new IllegalArgumentException("invalid public key");`
	`123`	`+ }`
	`124`	`+ return publicPoint;`
	`125`	`+ }`
	`126`	`+`
`100`	`127`	`private static byte[] validate(byte[] buf)`
`101`	`128`	`{`
`102`	`129`	`if (buf.length != KEY_SIZE)`
Original file line number	Diff line number	Diff line change
`@@ -64,9 +64,7 @@ public Ed448PublicKeyParameters generatePublicKey()`
`64`	`64`	`{`
`65`	`65`	`if (null == cachedPublicKey)`
`66`	`66`	`{`
`67`		`- byte[] publicKey = new byte[Ed448.PUBLIC_KEY_SIZE];`
`68`		`- Ed448.generatePublicKey(data, 0, publicKey, 0);`
`69`		`- cachedPublicKey = new Ed448PublicKeyParameters(publicKey, 0);`
	`67`	`+ cachedPublicKey = new Ed448PublicKeyParameters(Ed448.generatePublicKey(data, 0));`
`70`	`68`	`}`
`71`	`69`
`72`	`70`	`return cachedPublicKey;`