public static int ge_frombytes_negate_vartime(Ge_p3 h, byte[] s)
{
int[] u = new int[10];
int[] v = new int[10];
int[] v3 = new int[10];
int[] vxx = new int[10];
int[] check = new int[10];
Fe_frombytes.fe_frombytes(h.Y, s);
Fe_1.fe_1(h.Z);
Fe_sq.fe_sq(u, h.Y);
Fe_mul.fe_mul(v, u, d);
Fe_sub.fe_sub(u, u, h.Z); /* u = y^2-1 */
Fe_add.fe_add(v, v, h.Z); /* v = dy^2+1 */
Fe_sq.fe_sq(v3, v);
Fe_mul.fe_mul(v3, v3, v); /* v3 = v^3 */
Fe_sq.fe_sq(h.X, v3);
Fe_mul.fe_mul(h.X, h.X, v);
Fe_mul.fe_mul(h.X, h.X, u); /* x = uv^7 */
Fe_pow22523.fe_pow22523(h.X, h.X); /* x = (uv^7)^((q-5)/8) */
Fe_mul.fe_mul(h.X, h.X, v3);
Fe_mul.fe_mul(h.X, h.X, u); /* x = uv^3(uv^7)^((q-5)/8) */
Fe_sq.fe_sq(vxx, h.X);
Fe_mul.fe_mul(vxx, vxx, v);
Fe_sub.fe_sub(check, vxx, u); /* vx^2-u */
if (Fe_isnonzero.fe_isnonzero(check) != 0)
{
Fe_add.fe_add(check, vxx, u); /* vx^2+u */
if (Fe_isnonzero.fe_isnonzero(check) != 0)
{
return(-1);
}
Fe_mul.fe_mul(h.X, h.X, sqrtm1);
}
if (Fe_isnegative.fe_isnegative(h.X) == ((((uint)s[31]) >> 7) & 0x01))
{
Fe_neg.fe_neg(h.X, h.X);
}
Fe_mul.fe_mul(h.T, h.X, h.Y);
return(0);
}
public static void fe_mont_rhs(int[] v2, int[] u)
{
int[] A = new int[10];
int[] one = new int[10];
int[] u2 = new int[10];
int[] Au = new int[10];
int[] inner = new int[10];
Fe_1.fe_1(one);
Fe_0.fe_0(A);
A[0] = 486662; /* A = 486662 */
Fe_sq.fe_sq(u2, u); /* u^2 */
Fe_mul.fe_mul(Au, A, u); /* Au */
Fe_add.fe_add(inner, u2, Au); /* u^2 + Au */
Fe_add.fe_add(inner, inner, one); /* u^2 + Au + 1 */
Fe_mul.fe_mul(v2, u, inner); /* u(u^2 + Au + 1) */
}
/* Preconditions: a is square or zero */
public static void fe_sqrt(int[] iOut, int[] a)
{
int[] exp = new int[10];
int[] b = new int[10];
int[] b2 = new int[10];
int[] bi = new int[10];
int[] i = new int[10];
Fe_frombytes.fe_frombytes(i, i_bytes);
Fe_pow22523.fe_pow22523(exp, a); /* b = a^(q-5)/8 */
/* PRECONDITION: legendre symbol == 1 (square) or 0 (a == zero) */
//#ifndef NDEBUG
//fe legendre, zero, one;
//fe_sq(legendre, exp); /* in^((q-5)/4) */
//fe_sq(legendre, legendre); /* in^((q-5)/2) */
//fe_mul(legendre, legendre, a); /* in^((q-3)/2) */
//fe_mul(legendre, legendre, a); /* in^((q-1)/2) */
//fe_0(zero);
//fe_1(one);
//assert(fe_isequal(legendre, zero) || fe_isequal(legendre, one));
//#endif
Fe_mul.fe_mul(b, a, exp); /* b = a * a^(q-5)/8 */
Fe_sq.fe_sq(b2, b); /* b^2 = a * a^(q-1)/4 */
/* note b^4 == a^2, so b^2 == a or -a
* if b^2 != a, multiply it by sqrt(-1) */
Fe_mul.fe_mul(bi, b, i);
Fe_cmov.fe_cmov(b, bi, 1 ^ Fe_isequal.fe_isequal(b2, a));
Fe_copy.fe_copy(iOut, b);
/* PRECONDITION: out^2 == a */
//#ifndef NDEBUG
//fe_sq(b2, out);
//assert(fe_isequal(a, b2));
//#endif
}
//CONVERT #include "fe.h"
public static void fe_invert(int[] iOut, int[] z)
{
int[] t0 = new int[10];
int[] t1 = new int[10];
int[] t2 = new int[10];
int[] t3 = new int[10];
int i;
//CONVERT #include "pow225521.h"
/* qhasm: fe z1 */
/* qhasm: fe z2 */
/* qhasm: fe z8 */
/* qhasm: fe z9 */
/* qhasm: fe z11 */
/* qhasm: fe z22 */
/* qhasm: fe z_5_0 */
/* qhasm: fe z_10_5 */
/* qhasm: fe z_10_0 */
/* qhasm: fe z_20_10 */
/* qhasm: fe z_20_0 */
/* qhasm: fe z_40_20 */
/* qhasm: fe z_40_0 */
/* qhasm: fe z_50_10 */
/* qhasm: fe z_50_0 */
/* qhasm: fe z_100_50 */
/* qhasm: fe z_100_0 */
/* qhasm: fe z_200_100 */
/* qhasm: fe z_200_0 */
/* qhasm: fe z_250_50 */
/* qhasm: fe z_250_0 */
/* qhasm: fe z_255_5 */
/* qhasm: fe z_255_21 */
/* qhasm: enter pow225521 */
/* qhasm: z2 = z1^2^1 */
/* asm 1: Fe_sq.fe_sq(>z2=fe#1,<z1=fe#11); for (i = 1;i < 1;++i) Fe_sq.fe_sq(>z2=fe#1,>z2=fe#1); */
/* asm 2: Fe_sq.fe_sq(>z2=t0,<z1=z); for (i = 1;i < 1;++i) Fe_sq.fe_sq(>z2=t0,>z2=t0); */
Fe_sq.fe_sq(t0, z); for (i = 1; i < 1; ++i)
{
Fe_sq.fe_sq(t0, t0);
}
/* qhasm: z8 = z2^2^2 */
/* asm 1: Fe_sq.fe_sq(>z8=fe#2,<z2=fe#1); for (i = 1;i < 2;++i) Fe_sq.fe_sq(>z8=fe#2,>z8=fe#2); */
/* asm 2: Fe_sq.fe_sq(>z8=t1,<z2=t0); for (i = 1;i < 2;++i) Fe_sq.fe_sq(>z8=t1,>z8=t1); */
Fe_sq.fe_sq(t1, t0); for (i = 1; i < 2; ++i)
{
Fe_sq.fe_sq(t1, t1);
}
/* qhasm: z9 = z1*z8 */
/* asm 1: Fe_mul.fe_mul(>z9=fe#2,<z1=fe#11,<z8=fe#2); */
/* asm 2: Fe_mul.fe_mul(>z9=t1,<z1=z,<z8=t1); */
Fe_mul.fe_mul(t1, z, t1);
/* qhasm: z11 = z2*z9 */
/* asm 1: Fe_mul.fe_mul(>z11=fe#1,<z2=fe#1,<z9=fe#2); */
/* asm 2: Fe_mul.fe_mul(>z11=t0,<z2=t0,<z9=t1); */
Fe_mul.fe_mul(t0, t0, t1);
/* qhasm: z22 = z11^2^1 */
/* asm 1: Fe_sq.fe_sq(>z22=fe#3,<z11=fe#1); for (i = 1;i < 1;++i) Fe_sq.fe_sq(>z22=fe#3,>z22=fe#3); */
/* asm 2: Fe_sq.fe_sq(>z22=t2,<z11=t0); for (i = 1;i < 1;++i) Fe_sq.fe_sq(>z22=t2,>z22=t2); */
Fe_sq.fe_sq(t2, t0); for (i = 1; i < 1; ++i)
{
Fe_sq.fe_sq(t2, t2);
}
/* qhasm: z_5_0 = z9*z22 */
/* asm 1: Fe_mul.fe_mul(>z_5_0=fe#2,<z9=fe#2,<z22=fe#3); */
/* asm 2: Fe_mul.fe_mul(>z_5_0=t1,<z9=t1,<z22=t2); */
Fe_mul.fe_mul(t1, t1, t2);
/* qhasm: z_10_5 = z_5_0^2^5 */
/* asm 1: Fe_sq.fe_sq(>z_10_5=fe#3,<z_5_0=fe#2); for (i = 1;i < 5;++i) Fe_sq.fe_sq(>z_10_5=fe#3,>z_10_5=fe#3); */
/* asm 2: Fe_sq.fe_sq(>z_10_5=t2,<z_5_0=t1); for (i = 1;i < 5;++i) Fe_sq.fe_sq(>z_10_5=t2,>z_10_5=t2); */
Fe_sq.fe_sq(t2, t1); for (i = 1; i < 5; ++i)
{
Fe_sq.fe_sq(t2, t2);
}
/* qhasm: z_10_0 = z_10_5*z_5_0 */
/* asm 1: Fe_mul.fe_mul(>z_10_0=fe#2,<z_10_5=fe#3,<z_5_0=fe#2); */
/* asm 2: Fe_mul.fe_mul(>z_10_0=t1,<z_10_5=t2,<z_5_0=t1); */
Fe_mul.fe_mul(t1, t2, t1);
/* qhasm: z_20_10 = z_10_0^2^10 */
/* asm 1: Fe_sq.fe_sq(>z_20_10=fe#3,<z_10_0=fe#2); for (i = 1;i < 10;++i) Fe_sq.fe_sq(>z_20_10=fe#3,>z_20_10=fe#3); */
/* asm 2: Fe_sq.fe_sq(>z_20_10=t2,<z_10_0=t1); for (i = 1;i < 10;++i) Fe_sq.fe_sq(>z_20_10=t2,>z_20_10=t2); */
Fe_sq.fe_sq(t2, t1); for (i = 1; i < 10; ++i)
{
Fe_sq.fe_sq(t2, t2);
}
/* qhasm: z_20_0 = z_20_10*z_10_0 */
/* asm 1: Fe_mul.fe_mul(>z_20_0=fe#3,<z_20_10=fe#3,<z_10_0=fe#2); */
/* asm 2: Fe_mul.fe_mul(>z_20_0=t2,<z_20_10=t2,<z_10_0=t1); */
Fe_mul.fe_mul(t2, t2, t1);
/* qhasm: z_40_20 = z_20_0^2^20 */
/* asm 1: Fe_sq.fe_sq(>z_40_20=fe#4,<z_20_0=fe#3); for (i = 1;i < 20;++i) Fe_sq.fe_sq(>z_40_20=fe#4,>z_40_20=fe#4); */
/* asm 2: Fe_sq.fe_sq(>z_40_20=t3,<z_20_0=t2); for (i = 1;i < 20;++i) Fe_sq.fe_sq(>z_40_20=t3,>z_40_20=t3); */
Fe_sq.fe_sq(t3, t2); for (i = 1; i < 20; ++i)
{
Fe_sq.fe_sq(t3, t3);
}
/* qhasm: z_40_0 = z_40_20*z_20_0 */
/* asm 1: Fe_mul.fe_mul(>z_40_0=fe#3,<z_40_20=fe#4,<z_20_0=fe#3); */
/* asm 2: Fe_mul.fe_mul(>z_40_0=t2,<z_40_20=t3,<z_20_0=t2); */
Fe_mul.fe_mul(t2, t3, t2);
/* qhasm: z_50_10 = z_40_0^2^10 */
/* asm 1: Fe_sq.fe_sq(>z_50_10=fe#3,<z_40_0=fe#3); for (i = 1;i < 10;++i) Fe_sq.fe_sq(>z_50_10=fe#3,>z_50_10=fe#3); */
/* asm 2: Fe_sq.fe_sq(>z_50_10=t2,<z_40_0=t2); for (i = 1;i < 10;++i) Fe_sq.fe_sq(>z_50_10=t2,>z_50_10=t2); */
Fe_sq.fe_sq(t2, t2); for (i = 1; i < 10; ++i)
{
Fe_sq.fe_sq(t2, t2);
}
/* qhasm: z_50_0 = z_50_10*z_10_0 */
/* asm 1: Fe_mul.fe_mul(>z_50_0=fe#2,<z_50_10=fe#3,<z_10_0=fe#2); */
/* asm 2: Fe_mul.fe_mul(>z_50_0=t1,<z_50_10=t2,<z_10_0=t1); */
Fe_mul.fe_mul(t1, t2, t1);
/* qhasm: z_100_50 = z_50_0^2^50 */
/* asm 1: Fe_sq.fe_sq(>z_100_50=fe#3,<z_50_0=fe#2); for (i = 1;i < 50;++i) Fe_sq.fe_sq(>z_100_50=fe#3,>z_100_50=fe#3); */
/* asm 2: Fe_sq.fe_sq(>z_100_50=t2,<z_50_0=t1); for (i = 1;i < 50;++i) Fe_sq.fe_sq(>z_100_50=t2,>z_100_50=t2); */
Fe_sq.fe_sq(t2, t1); for (i = 1; i < 50; ++i)
{
Fe_sq.fe_sq(t2, t2);
}
/* qhasm: z_100_0 = z_100_50*z_50_0 */
/* asm 1: Fe_mul.fe_mul(>z_100_0=fe#3,<z_100_50=fe#3,<z_50_0=fe#2); */
/* asm 2: Fe_mul.fe_mul(>z_100_0=t2,<z_100_50=t2,<z_50_0=t1); */
Fe_mul.fe_mul(t2, t2, t1);
/* qhasm: z_200_100 = z_100_0^2^100 */
/* asm 1: Fe_sq.fe_sq(>z_200_100=fe#4,<z_100_0=fe#3); for (i = 1;i < 100;++i) Fe_sq.fe_sq(>z_200_100=fe#4,>z_200_100=fe#4); */
/* asm 2: Fe_sq.fe_sq(>z_200_100=t3,<z_100_0=t2); for (i = 1;i < 100;++i) Fe_sq.fe_sq(>z_200_100=t3,>z_200_100=t3); */
Fe_sq.fe_sq(t3, t2); for (i = 1; i < 100; ++i)
{
Fe_sq.fe_sq(t3, t3);
}
/* qhasm: z_200_0 = z_200_100*z_100_0 */
/* asm 1: Fe_mul.fe_mul(>z_200_0=fe#3,<z_200_100=fe#4,<z_100_0=fe#3); */
/* asm 2: Fe_mul.fe_mul(>z_200_0=t2,<z_200_100=t3,<z_100_0=t2); */
Fe_mul.fe_mul(t2, t3, t2);
/* qhasm: z_250_50 = z_200_0^2^50 */
/* asm 1: Fe_sq.fe_sq(>z_250_50=fe#3,<z_200_0=fe#3); for (i = 1;i < 50;++i) Fe_sq.fe_sq(>z_250_50=fe#3,>z_250_50=fe#3); */
/* asm 2: Fe_sq.fe_sq(>z_250_50=t2,<z_200_0=t2); for (i = 1;i < 50;++i) Fe_sq.fe_sq(>z_250_50=t2,>z_250_50=t2); */
Fe_sq.fe_sq(t2, t2); for (i = 1; i < 50; ++i)
{
Fe_sq.fe_sq(t2, t2);
}
/* qhasm: z_250_0 = z_250_50*z_50_0 */
/* asm 1: Fe_mul.fe_mul(>z_250_0=fe#2,<z_250_50=fe#3,<z_50_0=fe#2); */
/* asm 2: Fe_mul.fe_mul(>z_250_0=t1,<z_250_50=t2,<z_50_0=t1); */
Fe_mul.fe_mul(t1, t2, t1);
/* qhasm: z_255_5 = z_250_0^2^5 */
/* asm 1: Fe_sq.fe_sq(>z_255_5=fe#2,<z_250_0=fe#2); for (i = 1;i < 5;++i) Fe_sq.fe_sq(>z_255_5=fe#2,>z_255_5=fe#2); */
/* asm 2: Fe_sq.fe_sq(>z_255_5=t1,<z_250_0=t1); for (i = 1;i < 5;++i) Fe_sq.fe_sq(>z_255_5=t1,>z_255_5=t1); */
Fe_sq.fe_sq(t1, t1); for (i = 1; i < 5; ++i)
{
Fe_sq.fe_sq(t1, t1);
}
/* qhasm: z_255_21 = z_255_5*z11 */
/* asm 1: Fe_mul.fe_mul(>z_255_21=fe#12,<z_255_5=fe#2,<z11=fe#1); */
/* asm 2: Fe_mul.fe_mul(>z_255_21=out,<z_255_5=t1,<z11=t0); */
Fe_mul.fe_mul(iOut, t1, t0);
/* qhasm: return */
return;
}
//CONVERT #include "ge.h"
/*
* r = 2 * p
*/
public static void ge_p2_dbl(Ge_p1p1 r, Ge_p2 p)
{
int[] t0 = new int[10];
//CONVERT #include "ge_p2_dbl.h"
/* qhasm: enter ge_p2_dbl */
/* qhasm: fe X1 */
/* qhasm: fe Y1 */
/* qhasm: fe Z1 */
/* qhasm: fe A */
/* qhasm: fe AA */
/* qhasm: fe XX */
/* qhasm: fe YY */
/* qhasm: fe B */
/* qhasm: fe X3 */
/* qhasm: fe Y3 */
/* qhasm: fe Z3 */
/* qhasm: fe T3 */
/* qhasm: XX=X1^2 */
/* asm 1: fe_sq.fe_sq(>XX=fe#1,<X1=fe#11); */
/* asm 2: fe_sq.fe_sq(>XX=r.X,<X1=p.X); */
Fe_sq.fe_sq(r.X, p.X);
/* qhasm: YY=Y1^2 */
/* asm 1: fe_sq.fe_sq(>YY=fe#3,<Y1=fe#12); */
/* asm 2: fe_sq.fe_sq(>YY=r.Z,<Y1=p.Y); */
Fe_sq.fe_sq(r.Z, p.Y);
/* qhasm: B=2*Z1^2 */
/* asm 1: fe_sq2.fe_sq2(>B=fe#4,<Z1=fe#13); */
/* asm 2: fe_sq2.fe_sq2(>B=r.T,<Z1=p.Z); */
Fe_sq2.fe_sq2(r.T, p.Z);
/* qhasm: A=X1+Y1 */
/* asm 1: fe_add.fe_add(>A=fe#2,<X1=fe#11,<Y1=fe#12); */
/* asm 2: fe_add.fe_add(>A=r.Y,<X1=p.X,<Y1=p.Y); */
Fe_add.fe_add(r.Y, p.X, p.Y);
/* qhasm: AA=A^2 */
/* asm 1: fe_sq.fe_sq(>AA=fe#5,<A=fe#2); */
/* asm 2: fe_sq.fe_sq(>AA=t0,<A=r.Y); */
Fe_sq.fe_sq(t0, r.Y);
/* qhasm: Y3=YY+XX */
/* asm 1: fe_add.fe_add(>Y3=fe#2,<YY=fe#3,<XX=fe#1); */
/* asm 2: fe_add.fe_add(>Y3=r.Y,<YY=r.Z,<XX=r.X); */
Fe_add.fe_add(r.Y, r.Z, r.X);
/* qhasm: Z3=YY-XX */
/* asm 1: fe_sub.fe_sub(>Z3=fe#3,<YY=fe#3,<XX=fe#1); */
/* asm 2: fe_sub.fe_sub(>Z3=r.Z,<YY=r.Z,<XX=r.X); */
Fe_sub.fe_sub(r.Z, r.Z, r.X);
/* qhasm: X3=AA-Y3 */
/* asm 1: fe_sub.fe_sub(>X3=fe#1,<AA=fe#5,<Y3=fe#2); */
/* asm 2: fe_sub.fe_sub(>X3=r.X,<AA=t0,<Y3=r.Y); */
Fe_sub.fe_sub(r.X, t0, r.Y);
/* qhasm: T3=B-Z3 */
/* asm 1: fe_sub.fe_sub(>T3=fe#4,<B=fe#4,<Z3=fe#3); */
/* asm 2: fe_sub.fe_sub(>T3=r.T,<B=r.T,<Z3=r.Z); */
Fe_sub.fe_sub(r.T, r.T, r.Z);
/* qhasm: return */
}
//CONVERT #include "crypto_scalarmult.h"
//CONVERT #include "fe.h"
public static int crypto_scalarmult(byte[] q,
byte[] n,
byte[] p)
{
byte[] e = new byte[32];
int i;
int[] x1 = new int[10];
int[] x2 = new int[10];
int[] z2 = new int[10];
int[] x3 = new int[10];
int[] z3 = new int[10];
int[] tmp0 = new int[10];
int[] tmp1 = new int[10];
int pos;
int swap;
int b;
for (i = 0; i < 32; ++i)
{
e[i] = n[i];
}
// e[0] &= 248;
// e[31] &= 127;
// e[31] |= 64;
Fe_frombytes.fe_frombytes(x1, p);
Fe_1.fe_1(x2);
Fe_0.fe_0(z2);
Fe_copy.fe_copy(x3, x1);
Fe_1.fe_1(z3);
swap = 0;
for (pos = 254; pos >= 0; --pos)
{
b = (int)(((uint)e[pos / 8]) >> (pos & 7));
b &= 1;
swap ^= b;
Fe_cswap.fe_cswap(x2, x3, swap);
Fe_cswap.fe_cswap(z2, z3, swap);
swap = b;
//CONVERT #include "montgomery.h"
/* qhasm: fe X2 */
/* qhasm: fe Z2 */
/* qhasm: fe X3 */
/* qhasm: fe Z3 */
/* qhasm: fe X4 */
/* qhasm: fe Z4 */
/* qhasm: fe X5 */
/* qhasm: fe Z5 */
/* qhasm: fe A */
/* qhasm: fe B */
/* qhasm: fe C */
/* qhasm: fe D */
/* qhasm: fe E */
/* qhasm: fe AA */
/* qhasm: fe BB */
/* qhasm: fe DA */
/* qhasm: fe CB */
/* qhasm: fe t0 */
/* qhasm: fe t1 */
/* qhasm: fe t2 */
/* qhasm: fe t3 */
/* qhasm: fe t4 */
/* qhasm: enter ladder */
/* qhasm: D = X3-Z3 */
/* asm 1: fe_sub.fe_sub(>D=fe#5,<X3=fe#3,<Z3=fe#4); */
/* asm 2: fe_sub.fe_sub(>D=tmp0,<X3=x3,<Z3=z3); */
Fe_sub.fe_sub(tmp0, x3, z3);
/* qhasm: B = X2-Z2 */
/* asm 1: fe_sub.fe_sub(>B=fe#6,<X2=fe#1,<Z2=fe#2); */
/* asm 2: fe_sub.fe_sub(>B=tmp1,<X2=x2,<Z2=z2); */
Fe_sub.fe_sub(tmp1, x2, z2);
/* qhasm: A = X2+Z2 */
/* asm 1: fe_add.fe_add(>A=fe#1,<X2=fe#1,<Z2=fe#2); */
/* asm 2: fe_add.fe_add(>A=x2,<X2=x2,<Z2=z2); */
Fe_add.fe_add(x2, x2, z2);
/* qhasm: C = X3+Z3 */
/* asm 1: fe_add.fe_add(>C=fe#2,<X3=fe#3,<Z3=fe#4); */
/* asm 2: fe_add.fe_add(>C=z2,<X3=x3,<Z3=z3); */
Fe_add.fe_add(z2, x3, z3);
/* qhasm: DA = D*A */
/* asm 1: fe_mul.fe_mul(>DA=fe#4,<D=fe#5,<A=fe#1); */
/* asm 2: fe_mul.fe_mul(>DA=z3,<D=tmp0,<A=x2); */
Fe_mul.fe_mul(z3, tmp0, x2);
/* qhasm: CB = C*B */
/* asm 1: fe_mul.fe_mul(>CB=fe#2,<C=fe#2,<B=fe#6); */
/* asm 2: fe_mul.fe_mul(>CB=z2,<C=z2,<B=tmp1); */
Fe_mul.fe_mul(z2, z2, tmp1);
/* qhasm: BB = B^2 */
/* asm 1: fe_sq.fe_sq(>BB=fe#5,<B=fe#6); */
/* asm 2: fe_sq.fe_sq(>BB=tmp0,<B=tmp1); */
Fe_sq.fe_sq(tmp0, tmp1);
/* qhasm: AA = A^2 */
/* asm 1: fe_sq.fe_sq(>AA=fe#6,<A=fe#1); */
/* asm 2: fe_sq.fe_sq(>AA=tmp1,<A=x2); */
Fe_sq.fe_sq(tmp1, x2);
/* qhasm: t0 = DA+CB */
/* asm 1: fe_add.fe_add(>t0=fe#3,<DA=fe#4,<CB=fe#2); */
/* asm 2: fe_add.fe_add(>t0=x3,<DA=z3,<CB=z2); */
Fe_add.fe_add(x3, z3, z2);
/* qhasm: assign x3 to t0 */
/* qhasm: t1 = DA-CB */
/* asm 1: fe_sub.fe_sub(>t1=fe#2,<DA=fe#4,<CB=fe#2); */
/* asm 2: fe_sub.fe_sub(>t1=z2,<DA=z3,<CB=z2); */
Fe_sub.fe_sub(z2, z3, z2);
/* qhasm: X4 = AA*BB */
/* asm 1: fe_mul.fe_mul(>X4=fe#1,<AA=fe#6,<BB=fe#5); */
/* asm 2: fe_mul.fe_mul(>X4=x2,<AA=tmp1,<BB=tmp0); */
Fe_mul.fe_mul(x2, tmp1, tmp0);
/* qhasm: E = AA-BB */
/* asm 1: fe_sub.fe_sub(>E=fe#6,<AA=fe#6,<BB=fe#5); */
/* asm 2: fe_sub.fe_sub(>E=tmp1,<AA=tmp1,<BB=tmp0); */
Fe_sub.fe_sub(tmp1, tmp1, tmp0);
/* qhasm: t2 = t1^2 */
/* asm 1: fe_sq.fe_sq(>t2=fe#2,<t1=fe#2); */
/* asm 2: fe_sq.fe_sq(>t2=z2,<t1=z2); */
Fe_sq.fe_sq(z2, z2);
/* qhasm: t3 = a24*E */
/* asm 1: fe_mul121666(>t3=fe#4,<E=fe#6); */
/* asm 2: fe_mul121666(>t3=z3,<E=tmp1); */
Fe_mul121666.fe_mul121666(z3, tmp1);
/* qhasm: X5 = t0^2 */
/* asm 1: fe_sq.fe_sq(>X5=fe#3,<t0=fe#3); */
/* asm 2: fe_sq.fe_sq(>X5=x3,<t0=x3); */
Fe_sq.fe_sq(x3, x3);
/* qhasm: t4 = BB+t3 */
/* asm 1: fe_add.fe_add(>t4=fe#5,<BB=fe#5,<t3=fe#4); */
/* asm 2: fe_add.fe_add(>t4=tmp0,<BB=tmp0,<t3=z3); */
Fe_add.fe_add(tmp0, tmp0, z3);
/* qhasm: Z5 = X1*t2 */
/* asm 1: fe_mul.fe_mul(>Z5=fe#4,x1,<t2=fe#2); */
/* asm 2: fe_mul.fe_mul(>Z5=z3,x1,<t2=z2); */
Fe_mul.fe_mul(z3, x1, z2);
/* qhasm: Z4 = E*t4 */
/* asm 1: fe_mul.fe_mul(>Z4=fe#2,<E=fe#6,<t4=fe#5); */
/* asm 2: fe_mul.fe_mul(>Z4=z2,<E=tmp1,<t4=tmp0); */
Fe_mul.fe_mul(z2, tmp1, tmp0);
/* qhasm: return */
}
Fe_cswap.fe_cswap(x2, x3, swap);
Fe_cswap.fe_cswap(z2, z3, swap);
Fe_invert.fe_invert(z2, z2);
Fe_mul.fe_mul(x2, x2, z2);
Fe_tobytes.fe_tobytes(q, x2);
return(0);
}