public static void ge_montx_to_p2(Ge_p2 p, int[] u, byte ed_sign_bit)
{
int[] x = new int[10];
int[] y = new int[10];
int[] A = new int[10];
int[] v = new int[10];
int[] v2 = new int[10];
int[] iv = new int[10];
int[] nx = new int[10];
Fe_frombytes.fe_frombytes(A, A_bytes);
/* given u, recover edwards y */
/* given u, recover v */
/* given u and v, recover edwards x */
Fe_montx_to_edy.fe_montx_to_edy(y, u); /* y = (u - 1) / (u + 1) */
Fe_mont_rhs.fe_mont_rhs(v2, u); /* v^2 = u(u^2 + Au + 1) */
Fe_sqrt.fe_sqrt(v, v2); /* v = sqrt(v^2) */
Fe_mul.fe_mul(x, u, A); /* x = u * sqrt(-(A+2)) */
Fe_invert.fe_invert(iv, v); /* 1/v */
Fe_mul.fe_mul(x, x, iv); /* x = (u/v) * sqrt(-(A+2)) */
Fe_neg.fe_neg(nx, x); /* negate x to match sign bit */
Fe_cmov.fe_cmov(x, nx, Fe_isnegative.fe_isnegative(x) ^ ed_sign_bit);
Fe_copy.fe_copy(p.X, x);
Fe_copy.fe_copy(p.Y, y);
Fe_1.fe_1(p.Z);
/* POSTCONDITION: check that p->X and p->Y satisfy the Ed curve equation */
/* -x^2 + y^2 = 1 + dx^2y^2 */
//#ifndef NDEBUG
//{
//fe one, d, x2, y2, x2y2, dx2y2;
//
//unsigned char dbytes[32] = {
//0xa3, 0x78, 0x59, 0x13, 0xca, 0x4d, 0xeb, 0x75,
//0xab, 0xd8, 0x41, 0x41, 0x4d, 0x0a, 0x70, 0x00,
//0x98, 0xe8, 0x79, 0x77, 0x79, 0x40, 0xc7, 0x8c,
//0x73, 0xfe, 0x6f, 0x2b, 0xee, 0x6c, 0x03, 0x52
//};
//
//fe_frombytes(d, dbytes);
//fe_1(one);
//fe_sq(x2, p->X); /* x^2 */
//fe_sq(y2, p->Y); /* y^2 */
//
//fe_mul(dx2y2, x2, y2); /* x^2y^2 */
//fe_mul(dx2y2, dx2y2, d); /* dx^2y^2 */
//fe_add(dx2y2, dx2y2, one); /* dx^2y^2 + 1 */
//fe_neg(x2y2, x2); /* -x^2 */
//fe_add(x2y2, x2y2, y2); /* -x^2 + y^2 */
//
//assert(fe_isequal(x2y2, dx2y2));
//}
//#endif
}
public static void cmov(Ge_cached t, Ge_cached u, int b)
{
Fe_cmov.fe_cmov(t.YplusX, u.YplusX, b);
Fe_cmov.fe_cmov(t.YminusX, u.YminusX, b);
Fe_cmov.fe_cmov(t.Z, u.Z, b);
Fe_cmov.fe_cmov(t.T2d, u.T2d, b);
}
/* Preconditions: a is square or zero */
public static void fe_sqrt(int[] iOut, int[] a)
{
int[] exp = new int[10];
int[] b = new int[10];
int[] b2 = new int[10];
int[] bi = new int[10];
int[] i = new int[10];
Fe_frombytes.fe_frombytes(i, i_bytes);
Fe_pow22523.fe_pow22523(exp, a); /* b = a^(q-5)/8 */
/* PRECONDITION: legendre symbol == 1 (square) or 0 (a == zero) */
//#ifndef NDEBUG
//fe legendre, zero, one;
//fe_sq(legendre, exp); /* in^((q-5)/4) */
//fe_sq(legendre, legendre); /* in^((q-5)/2) */
//fe_mul(legendre, legendre, a); /* in^((q-3)/2) */
//fe_mul(legendre, legendre, a); /* in^((q-1)/2) */
//fe_0(zero);
//fe_1(one);
//assert(fe_isequal(legendre, zero) || fe_isequal(legendre, one));
//#endif
Fe_mul.fe_mul(b, a, exp); /* b = a * a^(q-5)/8 */
Fe_sq.fe_sq(b2, b); /* b^2 = a * a^(q-1)/4 */
/* note b^4 == a^2, so b^2 == a or -a
* if b^2 != a, multiply it by sqrt(-1) */
Fe_mul.fe_mul(bi, b, i);
Fe_cmov.fe_cmov(b, bi, 1 ^ Fe_isequal.fe_isequal(b2, a));
Fe_copy.fe_copy(iOut, b);
/* PRECONDITION: out^2 == a */
//#ifndef NDEBUG
//fe_sq(b2, out);
//assert(fe_isequal(a, b2));
//#endif
}
static void cmov(Ge_precomp t, Ge_precomp u, int b)
{
Fe_cmov.fe_cmov(t.yplusx, u.yplusx, b);
Fe_cmov.fe_cmov(t.yminusx, u.yminusx, b);
Fe_cmov.fe_cmov(t.xy2d, u.xy2d, b);
}
