diff --git a/core/java/src/net/i2p/crypto/eddsa/math/Encoding.java b/core/java/src/net/i2p/crypto/eddsa/math/Encoding.java
index 932165beefe51fbba8cb71958988b898a1d08895..ffc01f03036856d0a525df42272817dc62088172 100644
--- a/core/java/src/net/i2p/crypto/eddsa/math/Encoding.java
+++ b/core/java/src/net/i2p/crypto/eddsa/math/Encoding.java
@@ -11,7 +11,9 @@ package net.i2p.crypto.eddsa.math;
public abstract class Encoding {
protected Field f;
- public void setField(Field f) {
+ public synchronized void setField(Field f) {
+ if (this.f != null)
+ throw new IllegalStateException("already set");
this.f = f;
}
diff --git a/core/java/src/net/i2p/crypto/eddsa/math/ed25519/Ed25519FieldElement.java b/core/java/src/net/i2p/crypto/eddsa/math/ed25519/Ed25519FieldElement.java
index cbba7a3157d227875bd2262bd259c25fd5ad4f0e..cdcfabdeb0b6947c4b6e3153227c96e90b2937b0 100644
--- a/core/java/src/net/i2p/crypto/eddsa/math/ed25519/Ed25519FieldElement.java
+++ b/core/java/src/net/i2p/crypto/eddsa/math/ed25519/Ed25519FieldElement.java
@@ -13,7 +13,7 @@ public class Ed25519FieldElement extends FieldElement {
/**
* Variable is package private for encoding.
*/
- int[] t;
+ final int[] t;
public Ed25519FieldElement(Field f, int[] t) {
super(f);
@@ -22,11 +22,11 @@ public class Ed25519FieldElement extends FieldElement {
this.t = t;
}
- private static final byte[] zero = new byte[32];
+ private static final byte[] ZERO = new byte[32];
public boolean isNonZero() {
byte[] s = toByteArray();
- return Utils.equal(s, zero) == 1;
+ return Utils.equal(s, ZERO) == 1;
}
/**
@@ -42,47 +42,10 @@ public class Ed25519FieldElement extends FieldElement {
*/
public FieldElement add(FieldElement val) {
int[] g = ((Ed25519FieldElement)val).t;
- int f0 = t[0];
- int f1 = t[1];
- int f2 = t[2];
- int f3 = t[3];
- int f4 = t[4];
- int f5 = t[5];
- int f6 = t[6];
- int f7 = t[7];
- int f8 = t[8];
- int f9 = t[9];
- int g0 = g[0];
- int g1 = g[1];
- int g2 = g[2];
- int g3 = g[3];
- int g4 = g[4];
- int g5 = g[5];
- int g6 = g[6];
- int g7 = g[7];
- int g8 = g[8];
- int g9 = g[9];
- int h0 = f0 + g0;
- int h1 = f1 + g1;
- int h2 = f2 + g2;
- int h3 = f3 + g3;
- int h4 = f4 + g4;
- int h5 = f5 + g5;
- int h6 = f6 + g6;
- int h7 = f7 + g7;
- int h8 = f8 + g8;
- int h9 = f9 + g9;
int[] h = new int[10];
- h[0] = h0;
- h[1] = h1;
- h[2] = h2;
- h[3] = h3;
- h[4] = h4;
- h[5] = h5;
- h[6] = h6;
- h[7] = h7;
- h[8] = h8;
- h[9] = h9;
+ for (int i = 0; i < 10; i++) {
+ h[i] = t[i] + g[i];
+ }
return new Ed25519FieldElement(f, h);
}
@@ -99,47 +62,10 @@ public class Ed25519FieldElement extends FieldElement {
**/
public FieldElement subtract(FieldElement val) {
int[] g = ((Ed25519FieldElement)val).t;
- int f0 = t[0];
- int f1 = t[1];
- int f2 = t[2];
- int f3 = t[3];
- int f4 = t[4];
- int f5 = t[5];
- int f6 = t[6];
- int f7 = t[7];
- int f8 = t[8];
- int f9 = t[9];
- int g0 = g[0];
- int g1 = g[1];
- int g2 = g[2];
- int g3 = g[3];
- int g4 = g[4];
- int g5 = g[5];
- int g6 = g[6];
- int g7 = g[7];
- int g8 = g[8];
- int g9 = g[9];
- int h0 = f0 - g0;
- int h1 = f1 - g1;
- int h2 = f2 - g2;
- int h3 = f3 - g3;
- int h4 = f4 - g4;
- int h5 = f5 - g5;
- int h6 = f6 - g6;
- int h7 = f7 - g7;
- int h8 = f8 - g8;
- int h9 = f9 - g9;
int[] h = new int[10];
- h[0] = h0;
- h[1] = h1;
- h[2] = h2;
- h[3] = h3;
- h[4] = h4;
- h[5] = h5;
- h[6] = h6;
- h[7] = h7;
- h[8] = h8;
- h[9] = h9;
+ for (int i = 0; i < 10; i++) {
+ h[i] = t[i] - g[i];
+ }
return new Ed25519FieldElement(f, h);
}
@@ -153,37 +79,10 @@ public class Ed25519FieldElement extends FieldElement {
* |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
*/
public FieldElement negate() {
- int f0 = t[0];
- int f1 = t[1];
- int f2 = t[2];
- int f3 = t[3];
- int f4 = t[4];
- int f5 = t[5];
- int f6 = t[6];
- int f7 = t[7];
- int f8 = t[8];
- int f9 = t[9];
- int h0 = -f0;
- int h1 = -f1;
- int h2 = -f2;
- int h3 = -f3;
- int h4 = -f4;
- int h5 = -f5;
- int h6 = -f6;
- int h7 = -f7;
- int h8 = -f8;
- int h9 = -f9;
int[] h = new int[10];
- h[0] = h0;
- h[1] = h1;
- h[2] = h2;
- h[3] = h3;
- h[4] = h4;
- h[5] = h5;
- h[6] = h6;
- h[7] = h7;
- h[8] = h8;
- h[9] = h9;
+ for (int i = 0; i < 10; i++) {
+ h[i] = - t[i];
+ }
return new Ed25519FieldElement(f, h);
}
diff --git a/core/java/src/net/i2p/crypto/eddsa/math/ed25519/Ed25519LittleEndianEncoding.java b/core/java/src/net/i2p/crypto/eddsa/math/ed25519/Ed25519LittleEndianEncoding.java
index aedbd9bd5c3f4308d62427ee179cdc98f5f96cf6..3f3541c1c411acdbd65a45304444f6a5c67f380e 100644
--- a/core/java/src/net/i2p/crypto/eddsa/math/ed25519/Ed25519LittleEndianEncoding.java
+++ b/core/java/src/net/i2p/crypto/eddsa/math/ed25519/Ed25519LittleEndianEncoding.java
@@ -88,7 +88,7 @@ public class Ed25519LittleEndianEncoding extends Encoding {
*/
byte[] s = new byte[32];
- s[0] = (byte) (h0 >> 0);
+ s[0] = (byte) h0;
s[1] = (byte) (h0 >> 8);
s[2] = (byte) (h0 >> 16);
s[3] = (byte) ((h0 >> 24) | (h1 << 2));
@@ -104,7 +104,7 @@ public class Ed25519LittleEndianEncoding extends Encoding {
s[13] = (byte) (h4 >> 2);
s[14] = (byte) (h4 >> 10);
s[15] = (byte) (h4 >> 18);
- s[16] = (byte) (h5 >> 0);
+ s[16] = (byte) h5;
s[17] = (byte) (h5 >> 8);
s[18] = (byte) (h5 >> 16);
s[19] = (byte) ((h5 >> 24) | (h6 << 1));
@@ -123,14 +123,14 @@ public class Ed25519LittleEndianEncoding extends Encoding {
return s;
}
- private static long load_3(byte[] in, int offset) {
+ static int load_3(byte[] in, int offset) {
int result = in[offset++] & 0xff;
result |= (in[offset++] & 0xff) << 8;
result |= (in[offset] & 0xff) << 16;
return result;
}
- private static long load_4(byte[] in, int offset) {
+ static long load_4(byte[] in, int offset) {
int result = in[offset++] & 0xff;
result |= (in[offset++] & 0xff) << 8;
result |= (in[offset++] & 0xff) << 16;
diff --git a/core/java/src/net/i2p/crypto/eddsa/math/ed25519/Ed25519ScalarOps.java b/core/java/src/net/i2p/crypto/eddsa/math/ed25519/Ed25519ScalarOps.java
index 2e9ab9bd32382ed6fcede77d8473a38b27782810..b5485d7937f0700fb7a2917ad67c784bad858039 100644
--- a/core/java/src/net/i2p/crypto/eddsa/math/ed25519/Ed25519ScalarOps.java
+++ b/core/java/src/net/i2p/crypto/eddsa/math/ed25519/Ed25519ScalarOps.java
@@ -1,22 +1,10 @@
package net.i2p.crypto.eddsa.math.ed25519;
import net.i2p.crypto.eddsa.math.ScalarOps;
+import static net.i2p.crypto.eddsa.math.ed25519.Ed25519LittleEndianEncoding.load_3;
+import static net.i2p.crypto.eddsa.math.ed25519.Ed25519LittleEndianEncoding.load_4;
public class Ed25519ScalarOps implements ScalarOps {
- private static long load_3(byte[] in, int offset) {
- int result = in[offset++] & 0xff;
- result |= (in[offset++] & 0xff) << 8;
- result |= (in[offset] & 0xff) << 16;
- return result;
- }
-
- private static long load_4(byte[] in, int offset) {
- int result = in[offset++] & 0xff;
- result |= (in[offset++] & 0xff) << 8;
- result |= (in[offset++] & 0xff) << 16;
- result |= in[offset] << 24;
- return ((long)result) & 0xffffffffL;
- }
/**
* Input:<br>
@@ -75,7 +63,8 @@ public class Ed25519ScalarOps implements ScalarOps {
s14 -= s23 * 997805;
s15 += s23 * 136657;
s16 -= s23 * 683901;
- s23 = 0;
+ // not used again
+ //s23 = 0;
s10 += s22 * 666643;
s11 += s22 * 470296;
@@ -83,7 +72,8 @@ public class Ed25519ScalarOps implements ScalarOps {
s13 -= s22 * 997805;
s14 += s22 * 136657;
s15 -= s22 * 683901;
- s22 = 0;
+ // not used again
+ //s22 = 0;
s9 += s21 * 666643;
s10 += s21 * 470296;
@@ -91,7 +81,8 @@ public class Ed25519ScalarOps implements ScalarOps {
s12 -= s21 * 997805;
s13 += s21 * 136657;
s14 -= s21 * 683901;
- s21 = 0;
+ // not used again
+ //s21 = 0;
s8 += s20 * 666643;
s9 += s20 * 470296;
@@ -99,7 +90,8 @@ public class Ed25519ScalarOps implements ScalarOps {
s11 -= s20 * 997805;
s12 += s20 * 136657;
s13 -= s20 * 683901;
- s20 = 0;
+ // not used again
+ //s20 = 0;
s7 += s19 * 666643;
s8 += s19 * 470296;
@@ -107,7 +99,8 @@ public class Ed25519ScalarOps implements ScalarOps {
s10 -= s19 * 997805;
s11 += s19 * 136657;
s12 -= s19 * 683901;
- s19 = 0;
+ // not used again
+ //s19 = 0;
s6 += s18 * 666643;
s7 += s18 * 470296;
@@ -115,7 +108,8 @@ public class Ed25519ScalarOps implements ScalarOps {
s9 -= s18 * 997805;
s10 += s18 * 136657;
s11 -= s18 * 683901;
- s18 = 0;
+ // not used again
+ //s18 = 0;
carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
@@ -136,7 +130,8 @@ public class Ed25519ScalarOps implements ScalarOps {
s8 -= s17 * 997805;
s9 += s17 * 136657;
s10 -= s17 * 683901;
- s17 = 0;
+ // not used again
+ //s17 = 0;
s4 += s16 * 666643;
s5 += s16 * 470296;
@@ -144,7 +139,8 @@ public class Ed25519ScalarOps implements ScalarOps {
s7 -= s16 * 997805;
s8 += s16 * 136657;
s9 -= s16 * 683901;
- s16 = 0;
+ // not used again
+ //s16 = 0;
s3 += s15 * 666643;
s4 += s15 * 470296;
@@ -152,7 +148,8 @@ public class Ed25519ScalarOps implements ScalarOps {
s6 -= s15 * 997805;
s7 += s15 * 136657;
s8 -= s15 * 683901;
- s15 = 0;
+ // not used again
+ //s15 = 0;
s2 += s14 * 666643;
s3 += s14 * 470296;
@@ -160,7 +157,8 @@ public class Ed25519ScalarOps implements ScalarOps {
s5 -= s14 * 997805;
s6 += s14 * 136657;
s7 -= s14 * 683901;
- s14 = 0;
+ // not used again
+ //s14 = 0;
s1 += s13 * 666643;
s2 += s13 * 470296;
@@ -168,7 +166,8 @@ public class Ed25519ScalarOps implements ScalarOps {
s4 -= s13 * 997805;
s5 += s13 * 136657;
s6 -= s13 * 683901;
- s13 = 0;
+ // not used again
+ //s13 = 0;
s0 += s12 * 666643;
s1 += s12 * 470296;
@@ -176,7 +175,8 @@ public class Ed25519ScalarOps implements ScalarOps {
s3 -= s12 * 997805;
s4 += s12 * 136657;
s5 -= s12 * 683901;
- s12 = 0;
+ // set below
+ //s12 = 0;
carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
@@ -190,7 +190,8 @@ public class Ed25519ScalarOps implements ScalarOps {
carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
+ //carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
+ carry11 = (s11 + (1<<20)) >> 21; s12 = carry11; s11 -= carry11 << 21;
s0 += s12 * 666643;
s1 += s12 * 470296;
@@ -198,7 +199,8 @@ public class Ed25519ScalarOps implements ScalarOps {
s3 -= s12 * 997805;
s4 += s12 * 136657;
s5 -= s12 * 683901;
- s12 = 0;
+ // set below
+ //s12 = 0;
carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
@@ -211,7 +213,8 @@ public class Ed25519ScalarOps implements ScalarOps {
carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21;
+ //carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21;
+ carry11 = s11 >> 21; s12 = carry11; s11 -= carry11 << 21;
s0 += s12 * 666643;
s1 += s12 * 470296;
@@ -219,7 +222,8 @@ public class Ed25519ScalarOps implements ScalarOps {
s3 -= s12 * 997805;
s4 += s12 * 136657;
s5 -= s12 * 683901;
- s12 = 0;
+ // not used again
+ //s12 = 0;
carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
@@ -234,7 +238,7 @@ public class Ed25519ScalarOps implements ScalarOps {
carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
byte[] result = new byte[32];
- result[0] = (byte) (s0 >> 0);
+ result[0] = (byte) s0;
result[1] = (byte) (s0 >> 8);
result[2] = (byte) ((s0 >> 16) | (s1 << 5));
result[3] = (byte) (s1 >> 3);
@@ -255,7 +259,7 @@ public class Ed25519ScalarOps implements ScalarOps {
result[18] = (byte) ((s6 >> 18) | (s7 << 3));
result[19] = (byte) (s7 >> 5);
result[20] = (byte) (s7 >> 13);
- result[21] = (byte) (s8 >> 0);
+ result[21] = (byte) s8;
result[22] = (byte) (s8 >> 8);
result[23] = (byte) ((s8 >> 16) | (s9 << 5));
result[24] = (byte) (s9 >> 3);
@@ -388,7 +392,8 @@ public class Ed25519ScalarOps implements ScalarOps {
s20 = a9*b11 + a10*b10 + a11*b9;
s21 = a10*b11 + a11*b10;
s22 = a11*b11;
- s23 = 0;
+ // set below
+ //s23 = 0;
carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
@@ -401,7 +406,8 @@ public class Ed25519ScalarOps implements ScalarOps {
carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= carry16 << 21;
carry18 = (s18 + (1<<20)) >> 21; s19 += carry18; s18 -= carry18 << 21;
carry20 = (s20 + (1<<20)) >> 21; s21 += carry20; s20 -= carry20 << 21;
- carry22 = (s22 + (1<<20)) >> 21; s23 += carry22; s22 -= carry22 << 21;
+ //carry22 = (s22 + (1<<20)) >> 21; s23 += carry22; s22 -= carry22 << 21;
+ carry22 = (s22 + (1<<20)) >> 21; s23 = carry22; s22 -= carry22 << 21;
carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
@@ -421,7 +427,8 @@ public class Ed25519ScalarOps implements ScalarOps {
s14 -= s23 * 997805;
s15 += s23 * 136657;
s16 -= s23 * 683901;
- s23 = 0;
+ // not used again
+ //s23 = 0;
s10 += s22 * 666643;
s11 += s22 * 470296;
@@ -429,7 +436,8 @@ public class Ed25519ScalarOps implements ScalarOps {
s13 -= s22 * 997805;
s14 += s22 * 136657;
s15 -= s22 * 683901;
- s22 = 0;
+ // not used again
+ //s22 = 0;
s9 += s21 * 666643;
s10 += s21 * 470296;
@@ -437,7 +445,8 @@ public class Ed25519ScalarOps implements ScalarOps {
s12 -= s21 * 997805;
s13 += s21 * 136657;
s14 -= s21 * 683901;
- s21 = 0;
+ // not used again
+ //s21 = 0;
s8 += s20 * 666643;
s9 += s20 * 470296;
@@ -445,7 +454,8 @@ public class Ed25519ScalarOps implements ScalarOps {
s11 -= s20 * 997805;
s12 += s20 * 136657;
s13 -= s20 * 683901;
- s20 = 0;
+ // not used again
+ //s20 = 0;
s7 += s19 * 666643;
s8 += s19 * 470296;
@@ -453,7 +463,8 @@ public class Ed25519ScalarOps implements ScalarOps {
s10 -= s19 * 997805;
s11 += s19 * 136657;
s12 -= s19 * 683901;
- s19 = 0;
+ // not used again
+ //s19 = 0;
s6 += s18 * 666643;
s7 += s18 * 470296;
@@ -461,7 +472,8 @@ public class Ed25519ScalarOps implements ScalarOps {
s9 -= s18 * 997805;
s10 += s18 * 136657;
s11 -= s18 * 683901;
- s18 = 0;
+ // not used again
+ //s18 = 0;
carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
@@ -482,7 +494,8 @@ public class Ed25519ScalarOps implements ScalarOps {
s8 -= s17 * 997805;
s9 += s17 * 136657;
s10 -= s17 * 683901;
- s17 = 0;
+ // not used again
+ //s17 = 0;
s4 += s16 * 666643;
s5 += s16 * 470296;
@@ -490,7 +503,8 @@ public class Ed25519ScalarOps implements ScalarOps {
s7 -= s16 * 997805;
s8 += s16 * 136657;
s9 -= s16 * 683901;
- s16 = 0;
+ // not used again
+ //s16 = 0;
s3 += s15 * 666643;
s4 += s15 * 470296;
@@ -498,7 +512,8 @@ public class Ed25519ScalarOps implements ScalarOps {
s6 -= s15 * 997805;
s7 += s15 * 136657;
s8 -= s15 * 683901;
- s15 = 0;
+ // not used again
+ //s15 = 0;
s2 += s14 * 666643;
s3 += s14 * 470296;
@@ -506,7 +521,8 @@ public class Ed25519ScalarOps implements ScalarOps {
s5 -= s14 * 997805;
s6 += s14 * 136657;
s7 -= s14 * 683901;
- s14 = 0;
+ // not used again
+ //s14 = 0;
s1 += s13 * 666643;
s2 += s13 * 470296;
@@ -514,7 +530,8 @@ public class Ed25519ScalarOps implements ScalarOps {
s4 -= s13 * 997805;
s5 += s13 * 136657;
s6 -= s13 * 683901;
- s13 = 0;
+ // not used again
+ //s13 = 0;
s0 += s12 * 666643;
s1 += s12 * 470296;
@@ -522,7 +539,8 @@ public class Ed25519ScalarOps implements ScalarOps {
s3 -= s12 * 997805;
s4 += s12 * 136657;
s5 -= s12 * 683901;
- s12 = 0;
+ // set below
+ //s12 = 0;
carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
@@ -536,7 +554,8 @@ public class Ed25519ScalarOps implements ScalarOps {
carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
+ //carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
+ carry11 = (s11 + (1<<20)) >> 21; s12 = carry11; s11 -= carry11 << 21;
s0 += s12 * 666643;
s1 += s12 * 470296;
@@ -544,7 +563,8 @@ public class Ed25519ScalarOps implements ScalarOps {
s3 -= s12 * 997805;
s4 += s12 * 136657;
s5 -= s12 * 683901;
- s12 = 0;
+ // set below
+ //s12 = 0;
carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
@@ -557,7 +577,8 @@ public class Ed25519ScalarOps implements ScalarOps {
carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21;
+ //carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21;
+ carry11 = s11 >> 21; s12 = carry11; s11 -= carry11 << 21;
s0 += s12 * 666643;
s1 += s12 * 470296;
@@ -565,7 +586,8 @@ public class Ed25519ScalarOps implements ScalarOps {
s3 -= s12 * 997805;
s4 += s12 * 136657;
s5 -= s12 * 683901;
- s12 = 0;
+ // not used again
+ //s12 = 0;
carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
@@ -580,7 +602,7 @@ public class Ed25519ScalarOps implements ScalarOps {
carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
byte[] result = new byte[32];
- result[0] = (byte) (s0 >> 0);
+ result[0] = (byte) s0;
result[1] = (byte) (s0 >> 8);
result[2] = (byte) ((s0 >> 16) | (s1 << 5));
result[3] = (byte) (s1 >> 3);
@@ -601,7 +623,7 @@ public class Ed25519ScalarOps implements ScalarOps {
result[18] = (byte) ((s6 >> 18) | (s7 << 3));
result[19] = (byte) (s7 >> 5);
result[20] = (byte) (s7 >> 13);
- result[21] = (byte) (s8 >> 0);
+ result[21] = (byte) s8;
result[22] = (byte) (s8 >> 8);
result[23] = (byte) ((s8 >> 16) | (s9 << 5));
result[24] = (byte) (s9 >> 3);