EdDSA cleanup (thx zzz)

str4d · str4d · commit 4cafe3aff8f8 · 2014-11-01T01:54:17.000Z
- Remove duplicate load3 and load4 methods
 - Change load3 return type to int
 - Comment out dead stores
 - Re-roll the add, subtract, and negate loops;
   there's no speed benefit or timing reason to unroll them
 - Check for field already set
 - Remove shifts by 0
diff --git a/src/net/i2p/crypto/eddsa/math/Encoding.java b/src/net/i2p/crypto/eddsa/math/Encoding.java
@@ -9,7 +9,9 @@
 public abstract class Encoding {
     protected Field f;
 
-    public void setField(Field f) {
+    public synchronized void setField(Field f) {
+        if (this.f != null)
+            throw new IllegalStateException("already set");
         this.f = f;
     }
 
diff --git a/src/net/i2p/crypto/eddsa/math/ed25519/Ed25519FieldElement.java b/src/net/i2p/crypto/eddsa/math/ed25519/Ed25519FieldElement.java
@@ -13,7 +13,7 @@ public class Ed25519FieldElement extends FieldElement {
     /**
      * Variable is package private for encoding.
      */
-    int[] t;
+    final int[] t;
 
     public Ed25519FieldElement(Field f, int[] t) {
         super(f);
@@ -22,11 +22,11 @@ public Ed25519FieldElement(Field f, int[] t) {
         this.t = t;
     }
 
-    private static final byte[] zero = new byte[32];
+    private static final byte[] ZERO = new byte[32];
 
     public boolean isNonZero() {
         byte[] s = toByteArray();
-        return Utils.equal(s, zero) == 1;
+        return Utils.equal(s, ZERO) == 1;
     }
 
     /**
@@ -42,47 +42,10 @@ public boolean isNonZero() {
      */
     public FieldElement add(FieldElement val) {
         int[] g = ((Ed25519FieldElement)val).t;
-        int f0 = t[0];
-        int f1 = t[1];
-        int f2 = t[2];
-        int f3 = t[3];
-        int f4 = t[4];
-        int f5 = t[5];
-        int f6 = t[6];
-        int f7 = t[7];
-        int f8 = t[8];
-        int f9 = t[9];
-        int g0 = g[0];
-        int g1 = g[1];
-        int g2 = g[2];
-        int g3 = g[3];
-        int g4 = g[4];
-        int g5 = g[5];
-        int g6 = g[6];
-        int g7 = g[7];
-        int g8 = g[8];
-        int g9 = g[9];
-        int h0 = f0 + g0;
-        int h1 = f1 + g1;
-        int h2 = f2 + g2;
-        int h3 = f3 + g3;
-        int h4 = f4 + g4;
-        int h5 = f5 + g5;
-        int h6 = f6 + g6;
-        int h7 = f7 + g7;
-        int h8 = f8 + g8;
-        int h9 = f9 + g9;
         int[] h = new int[10];
-        h[0] = h0;
-        h[1] = h1;
-        h[2] = h2;
-        h[3] = h3;
-        h[4] = h4;
-        h[5] = h5;
-        h[6] = h6;
-        h[7] = h7;
-        h[8] = h8;
-        h[9] = h9;
+        for (int i = 0; i < 10; i++) {
+            h[i] = t[i] + g[i];
+        }
         return new Ed25519FieldElement(f, h);
     }
 
@@ -99,47 +62,10 @@ public FieldElement add(FieldElement val) {
      **/
     public FieldElement subtract(FieldElement val) {
         int[] g = ((Ed25519FieldElement)val).t;
-        int f0 = t[0];
-        int f1 = t[1];
-        int f2 = t[2];
-        int f3 = t[3];
-        int f4 = t[4];
-        int f5 = t[5];
-        int f6 = t[6];
-        int f7 = t[7];
-        int f8 = t[8];
-        int f9 = t[9];
-        int g0 = g[0];
-        int g1 = g[1];
-        int g2 = g[2];
-        int g3 = g[3];
-        int g4 = g[4];
-        int g5 = g[5];
-        int g6 = g[6];
-        int g7 = g[7];
-        int g8 = g[8];
-        int g9 = g[9];
-        int h0 = f0 - g0;
-        int h1 = f1 - g1;
-        int h2 = f2 - g2;
-        int h3 = f3 - g3;
-        int h4 = f4 - g4;
-        int h5 = f5 - g5;
-        int h6 = f6 - g6;
-        int h7 = f7 - g7;
-        int h8 = f8 - g8;
-        int h9 = f9 - g9;
         int[] h = new int[10];
-        h[0] = h0;
-        h[1] = h1;
-        h[2] = h2;
-        h[3] = h3;
-        h[4] = h4;
-        h[5] = h5;
-        h[6] = h6;
-        h[7] = h7;
-        h[8] = h8;
-        h[9] = h9;
+        for (int i = 0; i < 10; i++) {
+            h[i] = t[i] - g[i];
+        }
         return new Ed25519FieldElement(f, h);
     }
 
@@ -153,37 +79,10 @@ public FieldElement subtract(FieldElement val) {
      *    |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
      */
     public FieldElement negate() {
-        int f0 = t[0];
-        int f1 = t[1];
-        int f2 = t[2];
-        int f3 = t[3];
-        int f4 = t[4];
-        int f5 = t[5];
-        int f6 = t[6];
-        int f7 = t[7];
-        int f8 = t[8];
-        int f9 = t[9];
-        int h0 = -f0;
-        int h1 = -f1;
-        int h2 = -f2;
-        int h3 = -f3;
-        int h4 = -f4;
-        int h5 = -f5;
-        int h6 = -f6;
-        int h7 = -f7;
-        int h8 = -f8;
-        int h9 = -f9;
         int[] h = new int[10];
-        h[0] = h0;
-        h[1] = h1;
-        h[2] = h2;
-        h[3] = h3;
-        h[4] = h4;
-        h[5] = h5;
-        h[6] = h6;
-        h[7] = h7;
-        h[8] = h8;
-        h[9] = h9;
+        for (int i = 0; i < 10; i++) {
+            h[i] = - t[i];
+        }
         return new Ed25519FieldElement(f, h);
     }
 
diff --git a/src/net/i2p/crypto/eddsa/math/ed25519/Ed25519LittleEndianEncoding.java b/src/net/i2p/crypto/eddsa/math/ed25519/Ed25519LittleEndianEncoding.java
@@ -88,7 +88,7 @@ public byte[] encode(FieldElement x) {
         */
 
         byte[] s = new byte[32];
-        s[0] = (byte) (h0 >> 0);
+        s[0] = (byte) h0;
         s[1] = (byte) (h0 >> 8);
         s[2] = (byte) (h0 >> 16);
         s[3] = (byte) ((h0 >> 24) | (h1 << 2));
@@ -104,7 +104,7 @@ public byte[] encode(FieldElement x) {
         s[13] = (byte) (h4 >> 2);
         s[14] = (byte) (h4 >> 10);
         s[15] = (byte) (h4 >> 18);
-        s[16] = (byte) (h5 >> 0);
+        s[16] = (byte) h5;
         s[17] = (byte) (h5 >> 8);
         s[18] = (byte) (h5 >> 16);
         s[19] = (byte) ((h5 >> 24) | (h6 << 1));
@@ -123,14 +123,14 @@ public byte[] encode(FieldElement x) {
         return s;
     }
 
-    private static long load_3(byte[] in, int offset) {
+    static int load_3(byte[] in, int offset) {
         int result = in[offset++] & 0xff;
         result |= (in[offset++] & 0xff) << 8;
         result |= (in[offset] & 0xff) << 16;
         return result;
     }
 
-    private static long load_4(byte[] in, int offset) {
+    static long load_4(byte[] in, int offset) {
         int result = in[offset++] & 0xff;
         result |= (in[offset++] & 0xff) << 8;
         result |= (in[offset++] & 0xff) << 16;
diff --git a/src/net/i2p/crypto/eddsa/math/ed25519/Ed25519ScalarOps.java b/src/net/i2p/crypto/eddsa/math/ed25519/Ed25519ScalarOps.java

Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,9 @@`
`9`	`9`	`public abstract class Encoding {`
`10`	`10`	`protected Field f;`
`11`	`11`
`12`		`- public void setField(Field f) {`
	`12`	`+ public synchronized void setField(Field f) {`
	`13`	`+ if (this.f != null)`
	`14`	`+ throw new IllegalStateException("already set");`
`13`	`15`	`this.f = f;`
`14`	`16`	`}`
`15`	`17`