public static void ge_scalarmult_p3(out GroupElementP3 r3, byte[] a, ref GroupElementP3 A)
{
sbyte[] e = new sbyte[64];
int carry, carry2, i;
GroupElementCached[] Ai = new GroupElementCached[8]; /* 1 * A, 2 * A, ..., 8 * A */
GroupElementP1P1 t;
GroupElementP3 u;
GroupElementP2 r;
carry = 0; /* 0..1 */
for (i = 0; i < 31; i++)
{
carry += a[i]; /* 0..256 */
carry2 = (carry + 8) >> 4; /* 0..16 */
e[2 * i] = (sbyte)(carry - (carry2 << 4)); /* -8..7 */
carry = (carry2 + 8) >> 4; /* 0..1 */
e[2 * i + 1] = (sbyte)(carry2 - (carry << 4)); /* -8..7 */
}
carry += a[31]; /* 0..128 */
carry2 = (carry + 8) >> 4; /* 0..8 */
e[62] = (sbyte)(carry - (carry2 << 4)); /* -8..7 */
e[63] = (sbyte)carry2; /* 0..8 */
ge_p3_to_cached(out Ai[0], ref A);
for (i = 0; i < 7; i++)
{
ge_add(out t, ref A, ref Ai[i]);
ge_p1p1_to_p3(out u, ref t);
ge_p3_to_cached(out Ai[i + 1], ref u);
}
ge_p2_0(out r);
GroupElementP3 resP3;
ge_p3_0(out resP3);
for (i = 63; i >= 0; i--)
{
sbyte b = e[i];
byte bnegative = negative(b);
byte babs = (byte)(b - (((-bnegative) & b) << 1));
GroupElementCached cur, minuscur;
ge_p2_dbl(out t, ref r);
ge_p1p1_to_p2(out r, ref t);
ge_p2_dbl(out t, ref r);
ge_p1p1_to_p2(out r, ref t);
ge_p2_dbl(out t, ref r);
ge_p1p1_to_p2(out r, ref t);
ge_p2_dbl(out t, ref r);
ge_p1p1_to_p3(out u, ref t);
ge_cached_0(out cur);
ge_cached_cmov(ref cur, ref Ai[0], equal(babs, 1));
ge_cached_cmov(ref cur, ref Ai[1], equal(babs, 2));
ge_cached_cmov(ref cur, ref Ai[2], equal(babs, 3));
ge_cached_cmov(ref cur, ref Ai[3], equal(babs, 4));
ge_cached_cmov(ref cur, ref Ai[4], equal(babs, 5));
ge_cached_cmov(ref cur, ref Ai[5], equal(babs, 6));
ge_cached_cmov(ref cur, ref Ai[6], equal(babs, 7));
ge_cached_cmov(ref cur, ref Ai[7], equal(babs, 8));
FieldOperations.fe_copy(out minuscur.YplusX, ref cur.YminusX);
FieldOperations.fe_copy(out minuscur.YminusX, ref cur.YplusX);
FieldOperations.fe_copy(out minuscur.Z, ref cur.Z);
FieldOperations.fe_neg(out minuscur.T2d, ref cur.T2d);
ge_cached_cmov(ref cur, ref minuscur, bnegative);
ge_add(out t, ref u, ref cur);
if (i == 0)
{
ge_p1p1_to_p3(out resP3, ref t);
}
else
{
ge_p1p1_to_p2(out r, ref t);
}
}
r3 = resP3;
}
public static void ge_fromfe_frombytes_vartime(out GroupElementP2 r, byte[] s, int offset)
{
FieldElement u, v, w, x, y, z;
byte sign;
FieldOperations.fe_frombytes(out u, s, offset);
FieldOperations.fe_sq2(out v, ref u); /* 2 * u^2 */
FieldOperations.fe_1(out w);
FieldOperations.fe_add(out w, ref v, ref w); /* w = 2 * u^2 + 1 */
FieldOperations.fe_sq(out x, ref w); /* w^2 */
FieldOperations.fe_mul(out y, ref FieldOperations.fe_ma2, ref v); /* -2 * A^2 * u^2 */
FieldOperations.fe_add(out x, ref x, ref y); /* x = w^2 - 2 * A^2 * u^2 */
FieldOperations.fe_divpowm1(out r.X, ref w, ref x); /* (w / x)^(m + 1) */
FieldOperations.fe_sq(out y, ref r.X);
FieldOperations.fe_mul(out x, ref y, ref x);
FieldOperations.fe_sub(out y, ref w, ref x);
FieldOperations.fe_copy(out z, ref FieldOperations.fe_ma);
if (FieldOperations.fe_isnonzero(ref y) != 0)
{
FieldOperations.fe_add(out y, ref w, ref x);
if (FieldOperations.fe_isnonzero(ref y) != 0)
{
goto negative;
}
else
{
FieldOperations.fe_mul(out r.X, ref r.X, ref FieldOperations.fe_fffb1);
}
}
else
{
FieldOperations.fe_mul(out r.X, ref r.X, ref FieldOperations.fe_fffb2);
}
FieldOperations.fe_mul(out r.X, ref r.X, ref u); /* u * sqrt(2 * A * (A + 2) * w / x) */
FieldOperations.fe_mul(out z, ref z, ref v); /* -2 * A * u^2 */
sign = 0;
goto setsign;
negative:
FieldOperations.fe_mul(out x, ref x, ref FieldOperations.fe_sqrtm1);
FieldOperations.fe_sub(out y, ref w, ref x);
if (FieldOperations.fe_isnonzero(ref y) != 0)
{
//assert((fe_add(y, w, x), !fe_isnonzero(y)));
FieldOperations.fe_mul(out r.X, ref r.X, ref FieldOperations.fe_fffb3);
}
else
{
FieldOperations.fe_mul(out r.X, ref r.X, ref FieldOperations.fe_fffb4);
}
/* r->X = sqrt(A * (A + 2) * w / x) */
/* z = -A */
sign = 1;
setsign:
if (FieldOperations.fe_isnegative(ref r.X) != sign)
{
//assert(fe_isnonzero(r->X));
FieldOperations.fe_neg(out r.X, ref r.X);
}
FieldOperations.fe_add(out r.Z, ref z, ref w);
FieldOperations.fe_sub(out r.Y, ref z, ref w);
FieldOperations.fe_mul(out r.X, ref r.X, ref r.Z);
}
