public static void ge_montx_to_p2(Ge_p2 p, int[] u, byte ed_sign_bit)
{
int[] x = new int[10];
int[] y = new int[10];
int[] A = new int[10];
int[] v = new int[10];
int[] v2 = new int[10];
int[] iv = new int[10];
int[] nx = new int[10];
Fe_frombytes.fe_frombytes(A, A_bytes);
/* given u, recover edwards y */
/* given u, recover v */
/* given u and v, recover edwards x */
Fe_montx_to_edy.fe_montx_to_edy(y, u); /* y = (u - 1) / (u + 1) */
Fe_mont_rhs.fe_mont_rhs(v2, u); /* v^2 = u(u^2 + Au + 1) */
Fe_sqrt.fe_sqrt(v, v2); /* v = sqrt(v^2) */
Fe_mul.fe_mul(x, u, A); /* x = u * sqrt(-(A+2)) */
Fe_invert.fe_invert(iv, v); /* 1/v */
Fe_mul.fe_mul(x, x, iv); /* x = (u/v) * sqrt(-(A+2)) */
Fe_neg.fe_neg(nx, x); /* negate x to match sign bit */
Fe_cmov.fe_cmov(x, nx, Fe_isnegative.fe_isnegative(x) ^ ed_sign_bit);
Fe_copy.fe_copy(p.X, x);
Fe_copy.fe_copy(p.Y, y);
Fe_1.fe_1(p.Z);
/* POSTCONDITION: check that p->X and p->Y satisfy the Ed curve equation */
/* -x^2 + y^2 = 1 + dx^2y^2 */
//#ifndef NDEBUG
//{
//fe one, d, x2, y2, x2y2, dx2y2;
//
//unsigned char dbytes[32] = {
//0xa3, 0x78, 0x59, 0x13, 0xca, 0x4d, 0xeb, 0x75,
//0xab, 0xd8, 0x41, 0x41, 0x4d, 0x0a, 0x70, 0x00,
//0x98, 0xe8, 0x79, 0x77, 0x79, 0x40, 0xc7, 0x8c,
//0x73, 0xfe, 0x6f, 0x2b, 0xee, 0x6c, 0x03, 0x52
//};
//
//fe_frombytes(d, dbytes);
//fe_1(one);
//fe_sq(x2, p->X); /* x^2 */
//fe_sq(y2, p->Y); /* y^2 */
//
//fe_mul(dx2y2, x2, y2); /* x^2y^2 */
//fe_mul(dx2y2, dx2y2, d); /* dx^2y^2 */
//fe_add(dx2y2, dx2y2, one); /* dx^2y^2 + 1 */
//fe_neg(x2y2, x2); /* -x^2 */
//fe_add(x2y2, x2y2, y2); /* -x^2 + y^2 */
//
//assert(fe_isequal(x2y2, dx2y2));
//}
//#endif
}
//CONVERT #include "ge.h"
/*
* r = p
*/
public static void ge_p1p1_to_p3(Ge_p3 r, Ge_p1p1 p)
{
Fe_mul.fe_mul(r.X, p.X, p.T);
Fe_mul.fe_mul(r.Y, p.Y, p.Z);
Fe_mul.fe_mul(r.Z, p.Z, p.T);
Fe_mul.fe_mul(r.T, p.X, p.Y);
}
public static void ge_p3_to_cached(Ge_cached r, Ge_p3 p)
{
Fe_add.fe_add(r.YplusX, p.Y, p.X);
Fe_sub.fe_sub(r.YminusX, p.Y, p.X);
Fe_copy.fe_copy(r.Z, p.Z);
Fe_mul.fe_mul(r.T2d, p.T, d2);
}
//CONVERT #include "ge.h"
public static void ge_p3_tobytes(byte[] s, Ge_p3 h)
{
int[] recip = new int[10];
int[] x = new int[10];
int[] y = new int[10];
Fe_invert.fe_invert(recip, h.Z);
Fe_mul.fe_mul(x, h.X, recip);
Fe_mul.fe_mul(y, h.Y, recip);
Fe_tobytes.fe_tobytes(s, y);
s[31] ^= (byte)(Fe_isnegative.fe_isnegative(x) << 7);
}
public static int ge_frombytes_negate_vartime(Ge_p3 h, byte[] s)
{
int[] u = new int[10];
int[] v = new int[10];
int[] v3 = new int[10];
int[] vxx = new int[10];
int[] check = new int[10];
Fe_frombytes.fe_frombytes(h.Y, s);
Fe_1.fe_1(h.Z);
Fe_sq.fe_sq(u, h.Y);
Fe_mul.fe_mul(v, u, d);
Fe_sub.fe_sub(u, u, h.Z); /* u = y^2-1 */
Fe_add.fe_add(v, v, h.Z); /* v = dy^2+1 */
Fe_sq.fe_sq(v3, v);
Fe_mul.fe_mul(v3, v3, v); /* v3 = v^3 */
Fe_sq.fe_sq(h.X, v3);
Fe_mul.fe_mul(h.X, h.X, v);
Fe_mul.fe_mul(h.X, h.X, u); /* x = uv^7 */
Fe_pow22523.fe_pow22523(h.X, h.X); /* x = (uv^7)^((q-5)/8) */
Fe_mul.fe_mul(h.X, h.X, v3);
Fe_mul.fe_mul(h.X, h.X, u); /* x = uv^3(uv^7)^((q-5)/8) */
Fe_sq.fe_sq(vxx, h.X);
Fe_mul.fe_mul(vxx, vxx, v);
Fe_sub.fe_sub(check, vxx, u); /* vx^2-u */
if (Fe_isnonzero.fe_isnonzero(check) != 0)
{
Fe_add.fe_add(check, vxx, u); /* vx^2+u */
if (Fe_isnonzero.fe_isnonzero(check) != 0)
{
return(-1);
}
Fe_mul.fe_mul(h.X, h.X, sqrtm1);
}
if (Fe_isnegative.fe_isnegative(h.X) == ((((uint)s[31]) >> 7) & 0x01))
{
Fe_neg.fe_neg(h.X, h.X);
}
Fe_mul.fe_mul(h.T, h.X, h.Y);
return(0);
}
public static void fe_mont_rhs(int[] v2, int[] u)
{
int[] A = new int[10];
int[] one = new int[10];
int[] u2 = new int[10];
int[] Au = new int[10];
int[] inner = new int[10];
Fe_1.fe_1(one);
Fe_0.fe_0(A);
A[0] = 486662; /* A = 486662 */
Fe_sq.fe_sq(u2, u); /* u^2 */
Fe_mul.fe_mul(Au, A, u); /* Au */
Fe_add.fe_add(inner, u2, Au); /* u^2 + Au */
Fe_add.fe_add(inner, inner, one); /* u^2 + Au + 1 */
Fe_mul.fe_mul(v2, u, inner); /* u(u^2 + Au + 1) */
}
public static void fe_montx_to_edy(int[] y, int[] u)
{
/*
* y = (u - 1) / (u + 1)
*
* NOTE: u=-1 is converted to y=0 since fe_invert is mod-exp
*/
int[] one = new int[10];
int[] um1 = new int[10];
int[] up1 = new int[10];
Fe_1.fe_1(one);
Fe_sub.fe_sub(um1, u, one);
Fe_add.fe_add(up1, u, one);
Fe_invert.fe_invert(up1, up1);
Fe_mul.fe_mul(y, um1, up1);
}
public static void ge_p3_to_montx(int[] u, Ge_p3 ed)
{
/*
* u = (y + 1) / (1 - y)
* or
* u = (y + z) / (z - y)
*
* NOTE: y=1 is converted to u=0 since fe_invert is mod-exp
*/
int[] y_plus_one = new int[10];
int[] one_minus_y = new int[10];
int[] inv_one_minus_y = new int[10];
Fe_add.fe_add(y_plus_one, ed.Y, ed.Z);
Fe_sub.fe_sub(one_minus_y, ed.Z, ed.Y);
Fe_invert.fe_invert(inv_one_minus_y, one_minus_y);
Fe_mul.fe_mul(u, y_plus_one, inv_one_minus_y);
}
/* Preconditions: a is square or zero */
public static void fe_sqrt(int[] iOut, int[] a)
{
int[] exp = new int[10];
int[] b = new int[10];
int[] b2 = new int[10];
int[] bi = new int[10];
int[] i = new int[10];
Fe_frombytes.fe_frombytes(i, i_bytes);
Fe_pow22523.fe_pow22523(exp, a); /* b = a^(q-5)/8 */
/* PRECONDITION: legendre symbol == 1 (square) or 0 (a == zero) */
//#ifndef NDEBUG
//fe legendre, zero, one;
//fe_sq(legendre, exp); /* in^((q-5)/4) */
//fe_sq(legendre, legendre); /* in^((q-5)/2) */
//fe_mul(legendre, legendre, a); /* in^((q-3)/2) */
//fe_mul(legendre, legendre, a); /* in^((q-1)/2) */
//fe_0(zero);
//fe_1(one);
//assert(fe_isequal(legendre, zero) || fe_isequal(legendre, one));
//#endif
Fe_mul.fe_mul(b, a, exp); /* b = a * a^(q-5)/8 */
Fe_sq.fe_sq(b2, b); /* b^2 = a * a^(q-1)/4 */
/* note b^4 == a^2, so b^2 == a or -a
* if b^2 != a, multiply it by sqrt(-1) */
Fe_mul.fe_mul(bi, b, i);
Fe_cmov.fe_cmov(b, bi, 1 ^ Fe_isequal.fe_isequal(b2, a));
Fe_copy.fe_copy(iOut, b);
/* PRECONDITION: out^2 == a */
//#ifndef NDEBUG
//fe_sq(b2, out);
//assert(fe_isequal(a, b2));
//#endif
}
//CONVERT #include "ge.h"
/*
* r = p + q
*/
public static void ge_add(Ge_p1p1 r, Ge_p3 p, Ge_cached q)
{
int[] t0 = new int[10];
//CONVERT #include "ge_add.h"
/* qhasm: enter ge_add */
/* qhasm: fe X1 */
/* qhasm: fe Y1 */
/* qhasm: fe Z1 */
/* qhasm: fe Z2 */
/* qhasm: fe T1 */
/* qhasm: fe ZZ */
/* qhasm: fe YpX2 */
/* qhasm: fe YmX2 */
/* qhasm: fe T2d2 */
/* qhasm: fe X3 */
/* qhasm: fe Y3 */
/* qhasm: fe Z3 */
/* qhasm: fe T3 */
/* qhasm: fe YpX1 */
/* qhasm: fe YmX1 */
/* qhasm: fe A */
/* qhasm: fe B */
/* qhasm: fe C */
/* qhasm: fe D */
/* qhasm: YpX1 = Y1+X1 */
/* asm 1: Fe_add.fe_add(>YpX1=fe#1,<Y1=fe#12,<X1=fe#11); */
/* asm 2: Fe_add.fe_add(>YpX1=r.X,<Y1=p.Y,<X1=p.X); */
Fe_add.fe_add(r.X, p.Y, p.X);
/* qhasm: YmX1 = Y1-X1 */
/* asm 1: Fe_sub.fe_sub(>YmX1=fe#2,<Y1=fe#12,<X1=fe#11); */
/* asm 2: Fe_sub.fe_sub(>YmX1=r.Y,<Y1=p.Y,<X1=p.X); */
Fe_sub.fe_sub(r.Y, p.Y, p.X);
/* qhasm: A = YpX1*YpX2 */
/* asm 1: Fe_mul.fe_mul(>A=fe#3,<YpX1=fe#1,<YpX2=fe#15); */
/* asm 2: Fe_mul.fe_mul(>A=r.Z,<YpX1=r.X,<YpX2=q.YplusX); */
Fe_mul.fe_mul(r.Z, r.X, q.YplusX);
/* qhasm: B = YmX1*YmX2 */
/* asm 1: Fe_mul.fe_mul(>B=fe#2,<YmX1=fe#2,<YmX2=fe#16); */
/* asm 2: Fe_mul.fe_mul(>B=r.Y,<YmX1=r.Y,<YmX2=q.YminusX); */
Fe_mul.fe_mul(r.Y, r.Y, q.YminusX);
/* qhasm: C = T2d2*T1 */
/* asm 1: Fe_mul.fe_mul(>C=fe#4,<T2d2=fe#18,<T1=fe#14); */
/* asm 2: Fe_mul.fe_mul(>C=r.T,<T2d2=q.T2d,<T1=p.T); */
Fe_mul.fe_mul(r.T, q.T2d, p.T);
/* qhasm: ZZ = Z1*Z2 */
/* asm 1: Fe_mul.fe_mul(>ZZ=fe#1,<Z1=fe#13,<Z2=fe#17); */
/* asm 2: Fe_mul.fe_mul(>ZZ=r.X,<Z1=p.Z,<Z2=q.Z); */
Fe_mul.fe_mul(r.X, p.Z, q.Z);
/* qhasm: D = 2*ZZ */
/* asm 1: Fe_add.fe_add(>D=fe#5,<ZZ=fe#1,<ZZ=fe#1); */
/* asm 2: Fe_add.fe_add(>D=t0,<ZZ=r.X,<ZZ=r.X); */
Fe_add.fe_add(t0, r.X, r.X);
/* qhasm: X3 = A-B */
/* asm 1: Fe_sub.fe_sub(>X3=fe#1,<A=fe#3,<B=fe#2); */
/* asm 2: Fe_sub.fe_sub(>X3=r.X,<A=r.Z,<B=r.Y); */
Fe_sub.fe_sub(r.X, r.Z, r.Y);
/* qhasm: Y3 = A+B */
/* asm 1: Fe_add.fe_add(>Y3=fe#2,<A=fe#3,<B=fe#2); */
/* asm 2: Fe_add.fe_add(>Y3=r.Y,<A=r.Z,<B=r.Y); */
Fe_add.fe_add(r.Y, r.Z, r.Y);
/* qhasm: Z3 = D+C */
/* asm 1: Fe_add.fe_add(>Z3=fe#3,<D=fe#5,<C=fe#4); */
/* asm 2: Fe_add.fe_add(>Z3=r.Z,<D=t0,<C=r.T); */
Fe_add.fe_add(r.Z, t0, r.T);
/* qhasm: T3 = D-C */
/* asm 1: Fe_sub.fe_sub(>T3=fe#4,<D=fe#5,<C=fe#4); */
/* asm 2: Fe_sub.fe_sub(>T3=r.T,<D=t0,<C=r.T); */
Fe_sub.fe_sub(r.T, t0, r.T);
/* qhasm: return */
}
//CONVERT #include "ge.h"
/*
* r = p - q
*/
public static void ge_msub(Ge_p1p1 r, Ge_p3 p, Ge_precomp q)
{
int[] t0 = new int[10];
//CONVERT #include "ge_msub.h"
/* qhasm: enter ge_msub */
/* qhasm: fe X1 */
/* qhasm: fe Y1 */
/* qhasm: fe Z1 */
/* qhasm: fe T1 */
/* qhasm: fe ypx2 */
/* qhasm: fe ymx2 */
/* qhasm: fe xy2d2 */
/* qhasm: fe X3 */
/* qhasm: fe Y3 */
/* qhasm: fe Z3 */
/* qhasm: fe T3 */
/* qhasm: fe YpX1 */
/* qhasm: fe YmX1 */
/* qhasm: fe A */
/* qhasm: fe B */
/* qhasm: fe C */
/* qhasm: fe D */
/* qhasm: YpX1 = Y1+X1 */
/* asm 1: fe_add.fe_add(>YpX1=fe#1,<Y1=fe#12,<X1=fe#11); */
/* asm 2: fe_add.fe_add(>YpX1=r.X,<Y1=p.Y,<X1=p.X); */
Fe_add.fe_add(r.X, p.Y, p.X);
/* qhasm: YmX1 = Y1-X1 */
/* asm 1: fe_sub.fe_sub(>YmX1=fe#2,<Y1=fe#12,<X1=fe#11); */
/* asm 2: fe_sub.fe_sub(>YmX1=r.Y,<Y1=p.Y,<X1=p.X); */
Fe_sub.fe_sub(r.Y, p.Y, p.X);
/* qhasm: A = YpX1*ymx2 */
/* asm 1: fe_mul.fe_mul(>A=fe#3,<YpX1=fe#1,<ymx2=fe#16); */
/* asm 2: fe_mul.fe_mul(>A=r.Z,<YpX1=r.X,<ymx2=q.yminusx); */
Fe_mul.fe_mul(r.Z, r.X, q.yminusx);
/* qhasm: B = YmX1*ypx2 */
/* asm 1: fe_mul.fe_mul(>B=fe#2,<YmX1=fe#2,<ypx2=fe#15); */
/* asm 2: fe_mul.fe_mul(>B=r.Y,<YmX1=r.Y,<ypx2=q.yplusx); */
Fe_mul.fe_mul(r.Y, r.Y, q.yplusx);
/* qhasm: C = xy2d2*T1 */
/* asm 1: fe_mul.fe_mul(>C=fe#4,<xy2d2=fe#17,<T1=fe#14); */
/* asm 2: fe_mul.fe_mul(>C=r.T,<xy2d2=q.xy2d,<T1=p.T); */
Fe_mul.fe_mul(r.T, q.xy2d, p.T);
/* qhasm: D = 2*Z1 */
/* asm 1: fe_add.fe_add(>D=fe#5,<Z1=fe#13,<Z1=fe#13); */
/* asm 2: fe_add.fe_add(>D=t0,<Z1=p.Z,<Z1=p.Z); */
Fe_add.fe_add(t0, p.Z, p.Z);
/* qhasm: X3 = A-B */
/* asm 1: fe_sub.fe_sub(>X3=fe#1,<A=fe#3,<B=fe#2); */
/* asm 2: fe_sub.fe_sub(>X3=r.X,<A=r.Z,<B=r.Y); */
Fe_sub.fe_sub(r.X, r.Z, r.Y);
/* qhasm: Y3 = A+B */
/* asm 1: fe_add.fe_add(>Y3=fe#2,<A=fe#3,<B=fe#2); */
/* asm 2: fe_add.fe_add(>Y3=r.Y,<A=r.Z,<B=r.Y); */
Fe_add.fe_add(r.Y, r.Z, r.Y);
/* qhasm: Z3 = D-C */
/* asm 1: fe_sub.fe_sub(>Z3=fe#3,<D=fe#5,<C=fe#4); */
/* asm 2: fe_sub.fe_sub(>Z3=r.Z,<D=t0,<C=r.T); */
Fe_sub.fe_sub(r.Z, t0, r.T);
/* qhasm: T3 = D+C */
/* asm 1: fe_add.fe_add(>T3=fe#4,<D=fe#5,<C=fe#4); */
/* asm 2: fe_add.fe_add(>T3=r.T,<D=t0,<C=r.T); */
Fe_add.fe_add(r.T, t0, r.T);
/* qhasm: return */
}
//CONVERT #include "fe.h"
public static void fe_invert(int[] iOut, int[] z)
{
int[] t0 = new int[10];
int[] t1 = new int[10];
int[] t2 = new int[10];
int[] t3 = new int[10];
int i;
//CONVERT #include "pow225521.h"
/* qhasm: fe z1 */
/* qhasm: fe z2 */
/* qhasm: fe z8 */
/* qhasm: fe z9 */
/* qhasm: fe z11 */
/* qhasm: fe z22 */
/* qhasm: fe z_5_0 */
/* qhasm: fe z_10_5 */
/* qhasm: fe z_10_0 */
/* qhasm: fe z_20_10 */
/* qhasm: fe z_20_0 */
/* qhasm: fe z_40_20 */
/* qhasm: fe z_40_0 */
/* qhasm: fe z_50_10 */
/* qhasm: fe z_50_0 */
/* qhasm: fe z_100_50 */
/* qhasm: fe z_100_0 */
/* qhasm: fe z_200_100 */
/* qhasm: fe z_200_0 */
/* qhasm: fe z_250_50 */
/* qhasm: fe z_250_0 */
/* qhasm: fe z_255_5 */
/* qhasm: fe z_255_21 */
/* qhasm: enter pow225521 */
/* qhasm: z2 = z1^2^1 */
/* asm 1: Fe_sq.fe_sq(>z2=fe#1,<z1=fe#11); for (i = 1;i < 1;++i) Fe_sq.fe_sq(>z2=fe#1,>z2=fe#1); */
/* asm 2: Fe_sq.fe_sq(>z2=t0,<z1=z); for (i = 1;i < 1;++i) Fe_sq.fe_sq(>z2=t0,>z2=t0); */
Fe_sq.fe_sq(t0, z); for (i = 1; i < 1; ++i)
{
Fe_sq.fe_sq(t0, t0);
}
/* qhasm: z8 = z2^2^2 */
/* asm 1: Fe_sq.fe_sq(>z8=fe#2,<z2=fe#1); for (i = 1;i < 2;++i) Fe_sq.fe_sq(>z8=fe#2,>z8=fe#2); */
/* asm 2: Fe_sq.fe_sq(>z8=t1,<z2=t0); for (i = 1;i < 2;++i) Fe_sq.fe_sq(>z8=t1,>z8=t1); */
Fe_sq.fe_sq(t1, t0); for (i = 1; i < 2; ++i)
{
Fe_sq.fe_sq(t1, t1);
}
/* qhasm: z9 = z1*z8 */
/* asm 1: Fe_mul.fe_mul(>z9=fe#2,<z1=fe#11,<z8=fe#2); */
/* asm 2: Fe_mul.fe_mul(>z9=t1,<z1=z,<z8=t1); */
Fe_mul.fe_mul(t1, z, t1);
/* qhasm: z11 = z2*z9 */
/* asm 1: Fe_mul.fe_mul(>z11=fe#1,<z2=fe#1,<z9=fe#2); */
/* asm 2: Fe_mul.fe_mul(>z11=t0,<z2=t0,<z9=t1); */
Fe_mul.fe_mul(t0, t0, t1);
/* qhasm: z22 = z11^2^1 */
/* asm 1: Fe_sq.fe_sq(>z22=fe#3,<z11=fe#1); for (i = 1;i < 1;++i) Fe_sq.fe_sq(>z22=fe#3,>z22=fe#3); */
/* asm 2: Fe_sq.fe_sq(>z22=t2,<z11=t0); for (i = 1;i < 1;++i) Fe_sq.fe_sq(>z22=t2,>z22=t2); */
Fe_sq.fe_sq(t2, t0); for (i = 1; i < 1; ++i)
{
Fe_sq.fe_sq(t2, t2);
}
/* qhasm: z_5_0 = z9*z22 */
/* asm 1: Fe_mul.fe_mul(>z_5_0=fe#2,<z9=fe#2,<z22=fe#3); */
/* asm 2: Fe_mul.fe_mul(>z_5_0=t1,<z9=t1,<z22=t2); */
Fe_mul.fe_mul(t1, t1, t2);
/* qhasm: z_10_5 = z_5_0^2^5 */
/* asm 1: Fe_sq.fe_sq(>z_10_5=fe#3,<z_5_0=fe#2); for (i = 1;i < 5;++i) Fe_sq.fe_sq(>z_10_5=fe#3,>z_10_5=fe#3); */
/* asm 2: Fe_sq.fe_sq(>z_10_5=t2,<z_5_0=t1); for (i = 1;i < 5;++i) Fe_sq.fe_sq(>z_10_5=t2,>z_10_5=t2); */
Fe_sq.fe_sq(t2, t1); for (i = 1; i < 5; ++i)
{
Fe_sq.fe_sq(t2, t2);
}
/* qhasm: z_10_0 = z_10_5*z_5_0 */
/* asm 1: Fe_mul.fe_mul(>z_10_0=fe#2,<z_10_5=fe#3,<z_5_0=fe#2); */
/* asm 2: Fe_mul.fe_mul(>z_10_0=t1,<z_10_5=t2,<z_5_0=t1); */
Fe_mul.fe_mul(t1, t2, t1);
/* qhasm: z_20_10 = z_10_0^2^10 */
/* asm 1: Fe_sq.fe_sq(>z_20_10=fe#3,<z_10_0=fe#2); for (i = 1;i < 10;++i) Fe_sq.fe_sq(>z_20_10=fe#3,>z_20_10=fe#3); */
/* asm 2: Fe_sq.fe_sq(>z_20_10=t2,<z_10_0=t1); for (i = 1;i < 10;++i) Fe_sq.fe_sq(>z_20_10=t2,>z_20_10=t2); */
Fe_sq.fe_sq(t2, t1); for (i = 1; i < 10; ++i)
{
Fe_sq.fe_sq(t2, t2);
}
/* qhasm: z_20_0 = z_20_10*z_10_0 */
/* asm 1: Fe_mul.fe_mul(>z_20_0=fe#3,<z_20_10=fe#3,<z_10_0=fe#2); */
/* asm 2: Fe_mul.fe_mul(>z_20_0=t2,<z_20_10=t2,<z_10_0=t1); */
Fe_mul.fe_mul(t2, t2, t1);
/* qhasm: z_40_20 = z_20_0^2^20 */
/* asm 1: Fe_sq.fe_sq(>z_40_20=fe#4,<z_20_0=fe#3); for (i = 1;i < 20;++i) Fe_sq.fe_sq(>z_40_20=fe#4,>z_40_20=fe#4); */
/* asm 2: Fe_sq.fe_sq(>z_40_20=t3,<z_20_0=t2); for (i = 1;i < 20;++i) Fe_sq.fe_sq(>z_40_20=t3,>z_40_20=t3); */
Fe_sq.fe_sq(t3, t2); for (i = 1; i < 20; ++i)
{
Fe_sq.fe_sq(t3, t3);
}
/* qhasm: z_40_0 = z_40_20*z_20_0 */
/* asm 1: Fe_mul.fe_mul(>z_40_0=fe#3,<z_40_20=fe#4,<z_20_0=fe#3); */
/* asm 2: Fe_mul.fe_mul(>z_40_0=t2,<z_40_20=t3,<z_20_0=t2); */
Fe_mul.fe_mul(t2, t3, t2);
/* qhasm: z_50_10 = z_40_0^2^10 */
/* asm 1: Fe_sq.fe_sq(>z_50_10=fe#3,<z_40_0=fe#3); for (i = 1;i < 10;++i) Fe_sq.fe_sq(>z_50_10=fe#3,>z_50_10=fe#3); */
/* asm 2: Fe_sq.fe_sq(>z_50_10=t2,<z_40_0=t2); for (i = 1;i < 10;++i) Fe_sq.fe_sq(>z_50_10=t2,>z_50_10=t2); */
Fe_sq.fe_sq(t2, t2); for (i = 1; i < 10; ++i)
{
Fe_sq.fe_sq(t2, t2);
}
/* qhasm: z_50_0 = z_50_10*z_10_0 */
/* asm 1: Fe_mul.fe_mul(>z_50_0=fe#2,<z_50_10=fe#3,<z_10_0=fe#2); */
/* asm 2: Fe_mul.fe_mul(>z_50_0=t1,<z_50_10=t2,<z_10_0=t1); */
Fe_mul.fe_mul(t1, t2, t1);
/* qhasm: z_100_50 = z_50_0^2^50 */
/* asm 1: Fe_sq.fe_sq(>z_100_50=fe#3,<z_50_0=fe#2); for (i = 1;i < 50;++i) Fe_sq.fe_sq(>z_100_50=fe#3,>z_100_50=fe#3); */
/* asm 2: Fe_sq.fe_sq(>z_100_50=t2,<z_50_0=t1); for (i = 1;i < 50;++i) Fe_sq.fe_sq(>z_100_50=t2,>z_100_50=t2); */
Fe_sq.fe_sq(t2, t1); for (i = 1; i < 50; ++i)
{
Fe_sq.fe_sq(t2, t2);
}
/* qhasm: z_100_0 = z_100_50*z_50_0 */
/* asm 1: Fe_mul.fe_mul(>z_100_0=fe#3,<z_100_50=fe#3,<z_50_0=fe#2); */
/* asm 2: Fe_mul.fe_mul(>z_100_0=t2,<z_100_50=t2,<z_50_0=t1); */
Fe_mul.fe_mul(t2, t2, t1);
/* qhasm: z_200_100 = z_100_0^2^100 */
/* asm 1: Fe_sq.fe_sq(>z_200_100=fe#4,<z_100_0=fe#3); for (i = 1;i < 100;++i) Fe_sq.fe_sq(>z_200_100=fe#4,>z_200_100=fe#4); */
/* asm 2: Fe_sq.fe_sq(>z_200_100=t3,<z_100_0=t2); for (i = 1;i < 100;++i) Fe_sq.fe_sq(>z_200_100=t3,>z_200_100=t3); */
Fe_sq.fe_sq(t3, t2); for (i = 1; i < 100; ++i)
{
Fe_sq.fe_sq(t3, t3);
}
/* qhasm: z_200_0 = z_200_100*z_100_0 */
/* asm 1: Fe_mul.fe_mul(>z_200_0=fe#3,<z_200_100=fe#4,<z_100_0=fe#3); */
/* asm 2: Fe_mul.fe_mul(>z_200_0=t2,<z_200_100=t3,<z_100_0=t2); */
Fe_mul.fe_mul(t2, t3, t2);
/* qhasm: z_250_50 = z_200_0^2^50 */
/* asm 1: Fe_sq.fe_sq(>z_250_50=fe#3,<z_200_0=fe#3); for (i = 1;i < 50;++i) Fe_sq.fe_sq(>z_250_50=fe#3,>z_250_50=fe#3); */
/* asm 2: Fe_sq.fe_sq(>z_250_50=t2,<z_200_0=t2); for (i = 1;i < 50;++i) Fe_sq.fe_sq(>z_250_50=t2,>z_250_50=t2); */
Fe_sq.fe_sq(t2, t2); for (i = 1; i < 50; ++i)
{
Fe_sq.fe_sq(t2, t2);
}
/* qhasm: z_250_0 = z_250_50*z_50_0 */
/* asm 1: Fe_mul.fe_mul(>z_250_0=fe#2,<z_250_50=fe#3,<z_50_0=fe#2); */
/* asm 2: Fe_mul.fe_mul(>z_250_0=t1,<z_250_50=t2,<z_50_0=t1); */
Fe_mul.fe_mul(t1, t2, t1);
/* qhasm: z_255_5 = z_250_0^2^5 */
/* asm 1: Fe_sq.fe_sq(>z_255_5=fe#2,<z_250_0=fe#2); for (i = 1;i < 5;++i) Fe_sq.fe_sq(>z_255_5=fe#2,>z_255_5=fe#2); */
/* asm 2: Fe_sq.fe_sq(>z_255_5=t1,<z_250_0=t1); for (i = 1;i < 5;++i) Fe_sq.fe_sq(>z_255_5=t1,>z_255_5=t1); */
Fe_sq.fe_sq(t1, t1); for (i = 1; i < 5; ++i)
{
Fe_sq.fe_sq(t1, t1);
}
/* qhasm: z_255_21 = z_255_5*z11 */
/* asm 1: Fe_mul.fe_mul(>z_255_21=fe#12,<z_255_5=fe#2,<z11=fe#1); */
/* asm 2: Fe_mul.fe_mul(>z_255_21=out,<z_255_5=t1,<z11=t0); */
Fe_mul.fe_mul(iOut, t1, t0);
/* qhasm: return */
return;
}
//CONVERT #include "crypto_scalarmult.h"
//CONVERT #include "fe.h"
public static int crypto_scalarmult(byte[] q,
byte[] n,
byte[] p)
{
byte[] e = new byte[32];
int i;
int[] x1 = new int[10];
int[] x2 = new int[10];
int[] z2 = new int[10];
int[] x3 = new int[10];
int[] z3 = new int[10];
int[] tmp0 = new int[10];
int[] tmp1 = new int[10];
int pos;
int swap;
int b;
for (i = 0; i < 32; ++i)
{
e[i] = n[i];
}
// e[0] &= 248;
// e[31] &= 127;
// e[31] |= 64;
Fe_frombytes.fe_frombytes(x1, p);
Fe_1.fe_1(x2);
Fe_0.fe_0(z2);
Fe_copy.fe_copy(x3, x1);
Fe_1.fe_1(z3);
swap = 0;
for (pos = 254; pos >= 0; --pos)
{
b = (int)(((uint)e[pos / 8]) >> (pos & 7));
b &= 1;
swap ^= b;
Fe_cswap.fe_cswap(x2, x3, swap);
Fe_cswap.fe_cswap(z2, z3, swap);
swap = b;
//CONVERT #include "montgomery.h"
/* qhasm: fe X2 */
/* qhasm: fe Z2 */
/* qhasm: fe X3 */
/* qhasm: fe Z3 */
/* qhasm: fe X4 */
/* qhasm: fe Z4 */
/* qhasm: fe X5 */
/* qhasm: fe Z5 */
/* qhasm: fe A */
/* qhasm: fe B */
/* qhasm: fe C */
/* qhasm: fe D */
/* qhasm: fe E */
/* qhasm: fe AA */
/* qhasm: fe BB */
/* qhasm: fe DA */
/* qhasm: fe CB */
/* qhasm: fe t0 */
/* qhasm: fe t1 */
/* qhasm: fe t2 */
/* qhasm: fe t3 */
/* qhasm: fe t4 */
/* qhasm: enter ladder */
/* qhasm: D = X3-Z3 */
/* asm 1: fe_sub.fe_sub(>D=fe#5,<X3=fe#3,<Z3=fe#4); */
/* asm 2: fe_sub.fe_sub(>D=tmp0,<X3=x3,<Z3=z3); */
Fe_sub.fe_sub(tmp0, x3, z3);
/* qhasm: B = X2-Z2 */
/* asm 1: fe_sub.fe_sub(>B=fe#6,<X2=fe#1,<Z2=fe#2); */
/* asm 2: fe_sub.fe_sub(>B=tmp1,<X2=x2,<Z2=z2); */
Fe_sub.fe_sub(tmp1, x2, z2);
/* qhasm: A = X2+Z2 */
/* asm 1: fe_add.fe_add(>A=fe#1,<X2=fe#1,<Z2=fe#2); */
/* asm 2: fe_add.fe_add(>A=x2,<X2=x2,<Z2=z2); */
Fe_add.fe_add(x2, x2, z2);
/* qhasm: C = X3+Z3 */
/* asm 1: fe_add.fe_add(>C=fe#2,<X3=fe#3,<Z3=fe#4); */
/* asm 2: fe_add.fe_add(>C=z2,<X3=x3,<Z3=z3); */
Fe_add.fe_add(z2, x3, z3);
/* qhasm: DA = D*A */
/* asm 1: fe_mul.fe_mul(>DA=fe#4,<D=fe#5,<A=fe#1); */
/* asm 2: fe_mul.fe_mul(>DA=z3,<D=tmp0,<A=x2); */
Fe_mul.fe_mul(z3, tmp0, x2);
/* qhasm: CB = C*B */
/* asm 1: fe_mul.fe_mul(>CB=fe#2,<C=fe#2,<B=fe#6); */
/* asm 2: fe_mul.fe_mul(>CB=z2,<C=z2,<B=tmp1); */
Fe_mul.fe_mul(z2, z2, tmp1);
/* qhasm: BB = B^2 */
/* asm 1: fe_sq.fe_sq(>BB=fe#5,<B=fe#6); */
/* asm 2: fe_sq.fe_sq(>BB=tmp0,<B=tmp1); */
Fe_sq.fe_sq(tmp0, tmp1);
/* qhasm: AA = A^2 */
/* asm 1: fe_sq.fe_sq(>AA=fe#6,<A=fe#1); */
/* asm 2: fe_sq.fe_sq(>AA=tmp1,<A=x2); */
Fe_sq.fe_sq(tmp1, x2);
/* qhasm: t0 = DA+CB */
/* asm 1: fe_add.fe_add(>t0=fe#3,<DA=fe#4,<CB=fe#2); */
/* asm 2: fe_add.fe_add(>t0=x3,<DA=z3,<CB=z2); */
Fe_add.fe_add(x3, z3, z2);
/* qhasm: assign x3 to t0 */
/* qhasm: t1 = DA-CB */
/* asm 1: fe_sub.fe_sub(>t1=fe#2,<DA=fe#4,<CB=fe#2); */
/* asm 2: fe_sub.fe_sub(>t1=z2,<DA=z3,<CB=z2); */
Fe_sub.fe_sub(z2, z3, z2);
/* qhasm: X4 = AA*BB */
/* asm 1: fe_mul.fe_mul(>X4=fe#1,<AA=fe#6,<BB=fe#5); */
/* asm 2: fe_mul.fe_mul(>X4=x2,<AA=tmp1,<BB=tmp0); */
Fe_mul.fe_mul(x2, tmp1, tmp0);
/* qhasm: E = AA-BB */
/* asm 1: fe_sub.fe_sub(>E=fe#6,<AA=fe#6,<BB=fe#5); */
/* asm 2: fe_sub.fe_sub(>E=tmp1,<AA=tmp1,<BB=tmp0); */
Fe_sub.fe_sub(tmp1, tmp1, tmp0);
/* qhasm: t2 = t1^2 */
/* asm 1: fe_sq.fe_sq(>t2=fe#2,<t1=fe#2); */
/* asm 2: fe_sq.fe_sq(>t2=z2,<t1=z2); */
Fe_sq.fe_sq(z2, z2);
/* qhasm: t3 = a24*E */
/* asm 1: fe_mul121666(>t3=fe#4,<E=fe#6); */
/* asm 2: fe_mul121666(>t3=z3,<E=tmp1); */
Fe_mul121666.fe_mul121666(z3, tmp1);
/* qhasm: X5 = t0^2 */
/* asm 1: fe_sq.fe_sq(>X5=fe#3,<t0=fe#3); */
/* asm 2: fe_sq.fe_sq(>X5=x3,<t0=x3); */
Fe_sq.fe_sq(x3, x3);
/* qhasm: t4 = BB+t3 */
/* asm 1: fe_add.fe_add(>t4=fe#5,<BB=fe#5,<t3=fe#4); */
/* asm 2: fe_add.fe_add(>t4=tmp0,<BB=tmp0,<t3=z3); */
Fe_add.fe_add(tmp0, tmp0, z3);
/* qhasm: Z5 = X1*t2 */
/* asm 1: fe_mul.fe_mul(>Z5=fe#4,x1,<t2=fe#2); */
/* asm 2: fe_mul.fe_mul(>Z5=z3,x1,<t2=z2); */
Fe_mul.fe_mul(z3, x1, z2);
/* qhasm: Z4 = E*t4 */
/* asm 1: fe_mul.fe_mul(>Z4=fe#2,<E=fe#6,<t4=fe#5); */
/* asm 2: fe_mul.fe_mul(>Z4=z2,<E=tmp1,<t4=tmp0); */
Fe_mul.fe_mul(z2, tmp1, tmp0);
/* qhasm: return */
}
Fe_cswap.fe_cswap(x2, x3, swap);
Fe_cswap.fe_cswap(z2, z3, swap);
Fe_invert.fe_invert(z2, z2);
Fe_mul.fe_mul(x2, x2, z2);
Fe_tobytes.fe_tobytes(q, x2);
return(0);
}