/*
* r = p
*/
internal static void ge_p3_to_cached(out GroupElementCached r, ref GroupElementP3 p)
{
FieldOperations.fe_add(out r.YplusX, ref p.Y, ref p.X);
FieldOperations.fe_sub(out r.YminusX, ref p.Y, ref p.X);
r.Z = p.Z;
FieldOperations.fe_mul(out r.T2d, ref p.T, ref LookupTables.d2);
}
static void ge_cached_0(out GroupElementCached r)
{
FieldOperations.fe_1(out r.YplusX);
FieldOperations.fe_1(out r.YminusX);
FieldOperations.fe_1(out r.Z);
FieldOperations.fe_0(out r.T2d);
}
/*
* r = p
*/
public static void ge_p1p1_to_p3(out GroupElementP3 r, ref GroupElementP1P1 p)
{
FieldOperations.fe_mul(out r.X, ref p.X, ref p.T);
FieldOperations.fe_mul(out r.Y, ref p.Y, ref p.Z);
FieldOperations.fe_mul(out r.Z, ref p.Z, ref p.T);
FieldOperations.fe_mul(out r.T, ref p.X, ref p.Y);
}
internal static void scalarmult(
out FieldElement q,
byte[] n, int noffset,
ref FieldElement p)
{
byte[] e = new byte[32];//ToDo: remove allocation
UInt32 i;
FieldElement x1;
FieldElement x2;
FieldElement z2;
FieldElement x3;
FieldElement z3;
FieldElement tmp0;
FieldElement tmp1;
int pos;
UInt32 swap;
UInt32 b;
for (i = 0; i \\= 0; --pos)
{
b = (uint)(e[pos / 8] \>\\>\ (pos & 7));
b &= 1;
swap ^= b;
FieldOperations.fe_cswap(ref x2, ref x3, swap);
FieldOperations.fe_cswap(ref z2, ref z3, swap);
swap = b;
static void ge_cached_cmov(ref GroupElementCached t, ref GroupElementCached u, byte b)
{
FieldOperations.fe_cmov(ref t.YplusX, ref u.YplusX, b);
FieldOperations.fe_cmov(ref t.YminusX, ref u.YminusX, b);
FieldOperations.fe_cmov(ref t.Z, ref u.Z, b);
FieldOperations.fe_cmov(ref t.T2d, ref u.T2d, b);
}
internal static void ge_p3_0(out GroupElementP3 h)
{
FieldOperations.fe_0(out h.X);
FieldOperations.fe_1(out h.Y);
FieldOperations.fe_1(out h.Z);
FieldOperations.fe_0(out h.T);
}
/*
* r = p + q
*/
public static void ge_madd(out GroupElementP1P1 r, ref GroupElementP3 p, ref GroupElementPreComp q)
{
FieldElement t0;
/* qhasm: YpX1 = Y1+X1 */
/* asm 1: fe_add(>YpX1=fe#1,<Y1=fe#12,<X1=fe#11); */
/* asm 2: fe_add(>YpX1=r.X,<Y1=p.Y,<X1=p.X); */
FieldOperations.fe_add(out r.X, ref p.Y, ref p.X);
/* qhasm: YmX1 = Y1-X1 */
/* asm 1: fe_sub(>YmX1=fe#2,<Y1=fe#12,<X1=fe#11); */
/* asm 2: fe_sub(>YmX1=r.Y,<Y1=p.Y,<X1=p.X); */
FieldOperations.fe_sub(out r.Y, ref p.Y, ref p.X);
/* qhasm: A = YpX1*ypx2 */
/* asm 1: fe_mul(>A=fe#3,<YpX1=fe#1,<ypx2=fe#15); */
/* asm 2: fe_mul(>A=r.Z,<YpX1=r.X,<ypx2=q.yplusx); */
FieldOperations.fe_mul(out r.Z, ref r.X, ref q.yplusx);
/* qhasm: B = YmX1*ymx2 */
/* asm 1: fe_mul(>B=fe#2,<YmX1=fe#2,<ymx2=fe#16); */
/* asm 2: fe_mul(>B=r.Y,<YmX1=r.Y,<ymx2=q.yminusx); */
FieldOperations.fe_mul(out r.Y, ref r.Y, ref q.yminusx);
/* qhasm: C = xy2d2*T1 */
/* asm 1: fe_mul(>C=fe#4,<xy2d2=fe#17,<T1=fe#14); */
/* asm 2: fe_mul(>C=r.T,<xy2d2=q.xy2d,<T1=p.T); */
FieldOperations.fe_mul(out r.T, ref q.xy2d, ref p.T);
/* qhasm: D = 2*Z1 */
/* asm 1: fe_add(>D=fe#5,<Z1=fe#13,<Z1=fe#13); */
/* asm 2: fe_add(>D=t0,<Z1=p.Z,<Z1=p.Z); */
FieldOperations.fe_add(out t0, ref p.Z, ref p.Z);
/* qhasm: X3 = A-B */
/* asm 1: fe_sub(>X3=fe#1,<A=fe#3,<B=fe#2); */
/* asm 2: fe_sub(>X3=r.X,<A=r.Z,<B=r.Y); */
FieldOperations.fe_sub(out r.X, ref r.Z, ref r.Y);
/* qhasm: Y3 = A+B */
/* asm 1: fe_add(>Y3=fe#2,<A=fe#3,<B=fe#2); */
/* asm 2: fe_add(>Y3=r.Y,<A=r.Z,<B=r.Y); */
FieldOperations.fe_add(out r.Y, ref r.Z, ref r.Y);
/* qhasm: Z3 = D+C */
/* asm 1: fe_add(>Z3=fe#3,<D=fe#5,<C=fe#4); */
/* asm 2: fe_add(>Z3=r.Z,<D=t0,<C=r.T); */
FieldOperations.fe_add(out r.Z, ref t0, ref r.T);
/* qhasm: T3 = D-C */
/* asm 1: fe_sub(>T3=fe#4,<D=fe#5,<C=fe#4); */
/* asm 2: fe_sub(>T3=r.T,<D=t0,<C=r.T); */
FieldOperations.fe_sub(out r.T, ref t0, ref r.T);
/* qhasm: return */
}
public static void scalarmult(
byte[] q, int qoffset,
byte[] n, int noffset,
byte[] p, int poffset)
{
FieldElement p0;
FieldElement q0;
FieldOperations.fe_frombytes2(out p0, p, poffset);
scalarmult(out q0, n, noffset, ref p0);
FieldOperations.fe_tobytes(q, qoffset, ref q0);
}
public static void ge_p3_tobytes(byte[] s, int offset, ref GroupElementP3 h)
{
FieldElement recip;
FieldElement x;
FieldElement y;
FieldOperations.fe_invert(out recip, ref h.Z);
FieldOperations.fe_mul(out x, ref h.X, ref recip);
FieldOperations.fe_mul(out y, ref h.Y, ref recip);
FieldOperations.fe_tobytes(s, offset, ref y);
s[offset + 31] ^= (byte)(FieldOperations.fe_isnegative(ref x) \
/*
* r = 2 * p
*/
public static void ge_p2_dbl(out GroupElementP1P1 r, ref GroupElementP2 p)
{
FieldElement t0;
/* qhasm: XX=X1^2 */
/* asm 1: fe_sq(>XX=fe#1,<X1=fe#11); */
/* asm 2: fe_sq(>XX=r.X,<X1=p.X); */
FieldOperations.fe_sq(out r.X, ref p.X);
/* qhasm: YY=Y1^2 */
/* asm 1: fe_sq(>YY=fe#3,<Y1=fe#12); */
/* asm 2: fe_sq(>YY=r.Z,<Y1=p.Y); */
FieldOperations.fe_sq(out r.Z, ref p.Y);
/* qhasm: B=2*Z1^2 */
/* asm 1: fe_sq2(>B=fe#4,<Z1=fe#13); */
/* asm 2: fe_sq2(>B=r.T,<Z1=p.Z); */
FieldOperations.fe_sq2(out r.T, ref p.Z);
/* qhasm: A=X1+Y1 */
/* asm 1: fe_add(>A=fe#2,<X1=fe#11,<Y1=fe#12); */
/* asm 2: fe_add(>A=r.Y,<X1=p.X,<Y1=p.Y); */
FieldOperations.fe_add(out r.Y, ref p.X, ref p.Y);
/* qhasm: AA=A^2 */
/* asm 1: fe_sq(>AA=fe#5,<A=fe#2); */
/* asm 2: fe_sq(>AA=t0,<A=r.Y); */
FieldOperations.fe_sq(out t0, ref r.Y);
/* qhasm: Y3=YY+XX */
/* asm 1: fe_add(>Y3=fe#2,<YY=fe#3,<XX=fe#1); */
/* asm 2: fe_add(>Y3=r.Y,<YY=r.Z,<XX=r.X); */
FieldOperations.fe_add(out r.Y, ref r.Z, ref r.X);
/* qhasm: Z3=YY-XX */
/* asm 1: fe_sub(>Z3=fe#3,<YY=fe#3,<XX=fe#1); */
/* asm 2: fe_sub(>Z3=r.Z,<YY=r.Z,<XX=r.X); */
FieldOperations.fe_sub(out r.Z, ref r.Z, ref r.X);
/* qhasm: X3=AA-Y3 */
/* asm 1: fe_sub(>X3=fe#1,<AA=fe#5,<Y3=fe#2); */
/* asm 2: fe_sub(>X3=r.X,<AA=t0,<Y3=r.Y); */
FieldOperations.fe_sub(out r.X, ref t0, ref r.Y);
/* qhasm: T3=B-Z3 */
/* asm 1: fe_sub(>T3=fe#4,<B=fe#4,<Z3=fe#3); */
/* asm 2: fe_sub(>T3=r.T,<B=r.T,<Z3=r.Z); */
FieldOperations.fe_sub(out r.T, ref r.T, ref r.Z);
/* qhasm: return */
}
public static int ge_frombytes(out GroupElementP3 h, byte[] data, int offset)
{
FieldElement u;
FieldElement v;
FieldElement v3;
FieldElement vxx;
FieldElement check;
FieldOperations.fe_frombytes(out h.Y, data, offset);
FieldOperations.fe_1(out h.Z);
FieldOperations.fe_sq(out u, ref h.Y);
FieldOperations.fe_mul(out v, ref u, ref LookupTables.d);
FieldOperations.fe_sub(out u, ref u, ref h.Z); /* u = y^2-1 */
FieldOperations.fe_add(out v, ref v, ref h.Z); /* v = dy^2+1 */
FieldOperations.fe_sq(out v3, ref v);
FieldOperations.fe_mul(out v3, ref v3, ref v); /* v3 = v^3 */
FieldOperations.fe_sq(out h.X, ref v3);
FieldOperations.fe_mul(out h.X, ref h.X, ref v);
FieldOperations.fe_mul(out h.X, ref h.X, ref u); /* x = uv^7 */
FieldOperations.fe_pow22523(out h.X, ref h.X); /* x = (uv^7)^((q-5)/8) */
FieldOperations.fe_mul(out h.X, ref h.X, ref v3);
FieldOperations.fe_mul(out h.X, ref h.X, ref u); /* x = uv^3(uv^7)^((q-5)/8) */
FieldOperations.fe_sq(out vxx, ref h.X);
FieldOperations.fe_mul(out vxx, ref vxx, ref v);
FieldOperations.fe_sub(out check, ref vxx, ref u); /* vx^2-u */
if (FieldOperations.fe_isnonzero(ref check) != 0)
{
FieldOperations.fe_add(out check, ref vxx, ref u); /* vx^2+u */
if (FieldOperations.fe_isnonzero(ref check) != 0)
{
h = default(GroupElementP3);
return(-1);
}
FieldOperations.fe_mul(out h.X, ref h.X, ref LookupTables.sqrtm1);
FieldOperations.fe_reduce(out h.X, ref h.X);
}
if (FieldOperations.fe_isnegative(ref h.X) != (data[offset + 31] >> 7))
{
FieldOperations.fe_neg(out h.X, ref h.X);
}
FieldOperations.fe_mul(out h.T, ref h.X, ref h.Y);
return(0);
}
static void select(out GroupElementPreComp t, int pos, sbyte b)
{
GroupElementPreComp minust;
byte bnegative = negative(b);
byte babs = (byte)(b - (((-bnegative) & b) << 1));
ge_precomp_0(out t);
var table = LookupTables.Base[pos];
cmov(ref t, ref table[0], equal(babs, 1));
cmov(ref t, ref table[1], equal(babs, 2));
cmov(ref t, ref table[2], equal(babs, 3));
cmov(ref t, ref table[3], equal(babs, 4));
cmov(ref t, ref table[4], equal(babs, 5));
cmov(ref t, ref table[5], equal(babs, 6));
cmov(ref t, ref table[6], equal(babs, 7));
cmov(ref t, ref table[7], equal(babs, 8));
minust.yplusx = t.yminusx;
minust.yminusx = t.yplusx;
FieldOperations.fe_neg(out minust.xy2d, ref t.xy2d);
cmov(ref t, ref minust, bnegative);
}
public static void ge_fromfe_frombytes_vartime(out GroupElementP2 r, byte[] s, int offset)
{
FieldElement u, v, w, x, y, z;
byte sign;
FieldOperations.fe_frombytes(out u, s, offset);
FieldOperations.fe_sq2(out v, ref u); /* 2 * u^2 */
FieldOperations.fe_1(out w);
FieldOperations.fe_add(out w, ref v, ref w); /* w = 2 * u^2 + 1 */
FieldOperations.fe_sq(out x, ref w); /* w^2 */
FieldOperations.fe_mul(out y, ref FieldOperations.fe_ma2, ref v); /* -2 * A^2 * u^2 */
FieldOperations.fe_add(out x, ref x, ref y); /* x = w^2 - 2 * A^2 * u^2 */
FieldOperations.fe_divpowm1(out r.X, ref w, ref x); /* (w / x)^(m + 1) */
FieldOperations.fe_sq(out y, ref r.X);
FieldOperations.fe_mul(out x, ref y, ref x);
FieldOperations.fe_sub(out y, ref w, ref x);
FieldOperations.fe_copy(out z, ref FieldOperations.fe_ma);
if (FieldOperations.fe_isnonzero(ref y) != 0)
{
FieldOperations.fe_add(out y, ref w, ref x);
if (FieldOperations.fe_isnonzero(ref y) != 0)
{
goto negative;
}
else
{
FieldOperations.fe_mul(out r.X, ref r.X, ref FieldOperations.fe_fffb1);
}
}
else
{
FieldOperations.fe_mul(out r.X, ref r.X, ref FieldOperations.fe_fffb2);
}
FieldOperations.fe_mul(out r.X, ref r.X, ref u); /* u * sqrt(2 * A * (A + 2) * w / x) */
FieldOperations.fe_mul(out z, ref z, ref v); /* -2 * A * u^2 */
sign = 0;
goto setsign;
negative:
FieldOperations.fe_mul(out x, ref x, ref FieldOperations.fe_sqrtm1);
FieldOperations.fe_sub(out y, ref w, ref x);
if (FieldOperations.fe_isnonzero(ref y) != 0)
{
//assert((fe_add(y, w, x), !fe_isnonzero(y)));
FieldOperations.fe_mul(out r.X, ref r.X, ref FieldOperations.fe_fffb3);
}
else
{
FieldOperations.fe_mul(out r.X, ref r.X, ref FieldOperations.fe_fffb4);
}
/* r->X = sqrt(A * (A + 2) * w / x) */
/* z = -A */
sign = 1;
setsign:
if (FieldOperations.fe_isnegative(ref r.X) != sign)
{
//assert(fe_isnonzero(r->X));
FieldOperations.fe_neg(out r.X, ref r.X);
}
FieldOperations.fe_add(out r.Z, ref z, ref w);
FieldOperations.fe_sub(out r.Y, ref z, ref w);
FieldOperations.fe_mul(out r.X, ref r.X, ref r.Z);
}
internal static void scalarmult(
out FieldElement q,
byte[] n, int noffset,
ref FieldElement p)
{
byte[] e = new byte[32]; //ToDo: remove allocation
UInt32 i;
FieldElement x1;
FieldElement x2;
FieldElement z2;
FieldElement x3;
FieldElement z3;
FieldElement tmp0;
FieldElement tmp1;
int pos;
UInt32 swap;
UInt32 b;
for (i = 0; i < 32; ++i)
{
e[i] = n[noffset + i];
}
ScalarOperations.sc_clamp(e, 0);
x1 = p;
FieldOperations.fe_1(out x2);
FieldOperations.fe_0(out z2);
x3 = x1;
FieldOperations.fe_1(out z3);
swap = 0;
for (pos = 254; pos >= 0; --pos)
{
b = (uint)(e[pos / 8] >> (pos & 7));
b &= 1;
swap ^= b;
FieldOperations.fe_cswap(ref x2, ref x3, swap);
FieldOperations.fe_cswap(ref z2, ref z3, swap);
swap = b;
/* qhasm: fe X2 */
/* qhasm: fe Z2 */
/* qhasm: fe X3 */
/* qhasm: fe Z3 */
/* qhasm: fe X4 */
/* qhasm: fe Z4 */
/* qhasm: fe X5 */
/* qhasm: fe Z5 */
/* qhasm: fe A */
/* qhasm: fe B */
/* qhasm: fe C */
/* qhasm: fe D */
/* qhasm: fe E */
/* qhasm: fe AA */
/* qhasm: fe BB */
/* qhasm: fe DA */
/* qhasm: fe CB */
/* qhasm: fe t0 */
/* qhasm: fe t1 */
/* qhasm: fe t2 */
/* qhasm: fe t3 */
/* qhasm: fe t4 */
/* qhasm: enter ladder */
/* qhasm: D = X3-Z3 */
/* asm 1: fe_sub(>D=fe#5,<X3=fe#3,<Z3=fe#4); */
/* asm 2: fe_sub(>D=tmp0,<X3=x3,<Z3=z3); */
FieldOperations.fe_sub(out tmp0, ref x3, ref z3);
/* qhasm: B = X2-Z2 */
/* asm 1: fe_sub(>B=fe#6,<X2=fe#1,<Z2=fe#2); */
/* asm 2: fe_sub(>B=tmp1,<X2=x2,<Z2=z2); */
FieldOperations.fe_sub(out tmp1, ref x2, ref z2);
/* qhasm: A = X2+Z2 */
/* asm 1: fe_add(>A=fe#1,<X2=fe#1,<Z2=fe#2); */
/* asm 2: fe_add(>A=x2,<X2=x2,<Z2=z2); */
FieldOperations.fe_add(out x2, ref x2, ref z2);
/* qhasm: C = X3+Z3 */
/* asm 1: fe_add(>C=fe#2,<X3=fe#3,<Z3=fe#4); */
/* asm 2: fe_add(>C=z2,<X3=x3,<Z3=z3); */
FieldOperations.fe_add(out z2, ref x3, ref z3);
/* qhasm: DA = D*A */
/* asm 1: fe_mul(>DA=fe#4,<D=fe#5,<A=fe#1); */
/* asm 2: fe_mul(>DA=z3,<D=tmp0,<A=x2); */
FieldOperations.fe_mul(out z3, ref tmp0, ref x2);
/* qhasm: CB = C*B */
/* asm 1: fe_mul(>CB=fe#2,<C=fe#2,<B=fe#6); */
/* asm 2: fe_mul(>CB=z2,<C=z2,<B=tmp1); */
FieldOperations.fe_mul(out z2, ref z2, ref tmp1);
/* qhasm: BB = B^2 */
/* asm 1: fe_sq(>BB=fe#5,<B=fe#6); */
/* asm 2: fe_sq(>BB=tmp0,<B=tmp1); */
FieldOperations.fe_sq(out tmp0, ref tmp1);
/* qhasm: AA = A^2 */
/* asm 1: fe_sq(>AA=fe#6,<A=fe#1); */
/* asm 2: fe_sq(>AA=tmp1,<A=x2); */
FieldOperations.fe_sq(out tmp1, ref x2);
/* qhasm: t0 = DA+CB */
/* asm 1: fe_add(>t0=fe#3,<DA=fe#4,<CB=fe#2); */
/* asm 2: fe_add(>t0=x3,<DA=z3,<CB=z2); */
FieldOperations.fe_add(out x3, ref z3, ref z2);
/* qhasm: assign x3 to t0 */
/* qhasm: t1 = DA-CB */
/* asm 1: fe_sub(>t1=fe#2,<DA=fe#4,<CB=fe#2); */
/* asm 2: fe_sub(>t1=z2,<DA=z3,<CB=z2); */
FieldOperations.fe_sub(out z2, ref z3, ref z2);
/* qhasm: X4 = AA*BB */
/* asm 1: fe_mul(>X4=fe#1,<AA=fe#6,<BB=fe#5); */
/* asm 2: fe_mul(>X4=x2,<AA=tmp1,<BB=tmp0); */
FieldOperations.fe_mul(out x2, ref tmp1, ref tmp0);
/* qhasm: E = AA-BB */
/* asm 1: fe_sub(>E=fe#6,<AA=fe#6,<BB=fe#5); */
/* asm 2: fe_sub(>E=tmp1,<AA=tmp1,<BB=tmp0); */
FieldOperations.fe_sub(out tmp1, ref tmp1, ref tmp0);
/* qhasm: t2 = t1^2 */
/* asm 1: fe_sq(>t2=fe#2,<t1=fe#2); */
/* asm 2: fe_sq(>t2=z2,<t1=z2); */
FieldOperations.fe_sq(out z2, ref z2);
/* qhasm: t3 = a24*E */
/* asm 1: fe_mul121666(>t3=fe#4,<E=fe#6); */
/* asm 2: fe_mul121666(>t3=z3,<E=tmp1); */
FieldOperations.fe_mul121666(out z3, ref tmp1);
/* qhasm: X5 = t0^2 */
/* asm 1: fe_sq(>X5=fe#3,<t0=fe#3); */
/* asm 2: fe_sq(>X5=x3,<t0=x3); */
FieldOperations.fe_sq(out x3, ref x3);
/* qhasm: t4 = BB+t3 */
/* asm 1: fe_add(>t4=fe#5,<BB=fe#5,<t3=fe#4); */
/* asm 2: fe_add(>t4=tmp0,<BB=tmp0,<t3=z3); */
FieldOperations.fe_add(out tmp0, ref tmp0, ref z3);
/* qhasm: Z5 = X1*t2 */
/* asm 1: fe_mul(>Z5=fe#4,x1,<t2=fe#2); */
/* asm 2: fe_mul(>Z5=z3,x1,<t2=z2); */
FieldOperations.fe_mul(out z3, ref x1, ref z2);
/* qhasm: Z4 = E*t4 */
/* asm 1: fe_mul(>Z4=fe#2,<E=fe#6,<t4=fe#5); */
/* asm 2: fe_mul(>Z4=z2,<E=tmp1,<t4=tmp0); */
FieldOperations.fe_mul(out z2, ref tmp1, ref tmp0);
/* qhasm: return */
}
FieldOperations.fe_cswap(ref x2, ref x3, swap);
FieldOperations.fe_cswap(ref z2, ref z3, swap);
FieldOperations.fe_invert(out z2, ref z2);
FieldOperations.fe_mul(out x2, ref x2, ref z2);
q = x2;
CryptoBytes.Wipe(e);
}
public static void ge_precomp_0(out GroupElementPreComp h)
{
FieldOperations.fe_1(out h.yplusx);
FieldOperations.fe_1(out h.yminusx);
FieldOperations.fe_0(out h.xy2d);
}
public static void ge_scalarmult_p3(out GroupElementP3 r3, byte[] a, ref GroupElementP3 A)
{
sbyte[] e = new sbyte[64];
int carry, carry2, i;
GroupElementCached[] Ai = new GroupElementCached[8]; /* 1 * A, 2 * A, ..., 8 * A */
GroupElementP1P1 t;
GroupElementP3 u;
GroupElementP2 r;
carry = 0; /* 0..1 */
for (i = 0; i < 31; i++)
{
carry += a[i]; /* 0..256 */
carry2 = (carry + 8) >> 4; /* 0..16 */
e[2 * i] = (sbyte)(carry - (carry2 << 4)); /* -8..7 */
carry = (carry2 + 8) >> 4; /* 0..1 */
e[2 * i + 1] = (sbyte)(carry2 - (carry << 4)); /* -8..7 */
}
carry += a[31]; /* 0..128 */
carry2 = (carry + 8) >> 4; /* 0..8 */
e[62] = (sbyte)(carry - (carry2 << 4)); /* -8..7 */
e[63] = (sbyte)carry2; /* 0..8 */
ge_p3_to_cached(out Ai[0], ref A);
for (i = 0; i < 7; i++)
{
ge_add(out t, ref A, ref Ai[i]);
ge_p1p1_to_p3(out u, ref t);
ge_p3_to_cached(out Ai[i + 1], ref u);
}
ge_p2_0(out r);
GroupElementP3 resP3;
ge_p3_0(out resP3);
for (i = 63; i >= 0; i--)
{
sbyte b = e[i];
byte bnegative = negative(b);
byte babs = (byte)(b - (((-bnegative) & b) << 1));
GroupElementCached cur, minuscur;
ge_p2_dbl(out t, ref r);
ge_p1p1_to_p2(out r, ref t);
ge_p2_dbl(out t, ref r);
ge_p1p1_to_p2(out r, ref t);
ge_p2_dbl(out t, ref r);
ge_p1p1_to_p2(out r, ref t);
ge_p2_dbl(out t, ref r);
ge_p1p1_to_p3(out u, ref t);
ge_cached_0(out cur);
ge_cached_cmov(ref cur, ref Ai[0], equal(babs, 1));
ge_cached_cmov(ref cur, ref Ai[1], equal(babs, 2));
ge_cached_cmov(ref cur, ref Ai[2], equal(babs, 3));
ge_cached_cmov(ref cur, ref Ai[3], equal(babs, 4));
ge_cached_cmov(ref cur, ref Ai[4], equal(babs, 5));
ge_cached_cmov(ref cur, ref Ai[5], equal(babs, 6));
ge_cached_cmov(ref cur, ref Ai[6], equal(babs, 7));
ge_cached_cmov(ref cur, ref Ai[7], equal(babs, 8));
FieldOperations.fe_copy(out minuscur.YplusX, ref cur.YminusX);
FieldOperations.fe_copy(out minuscur.YminusX, ref cur.YplusX);
FieldOperations.fe_copy(out minuscur.Z, ref cur.Z);
FieldOperations.fe_neg(out minuscur.T2d, ref cur.T2d);
ge_cached_cmov(ref cur, ref minuscur, bnegative);
ge_add(out t, ref u, ref cur);
if (i == 0)
{
ge_p1p1_to_p3(out resP3, ref t);
}
else
{
ge_p1p1_to_p2(out r, ref t);
}
}
r3 = resP3;
}
/*
* r = p + q
*/
internal static void ge_add(out GroupElementP1P1 r, ref GroupElementP3 p, ref GroupElementCached q)
{
FieldElement t0;
/* qhasm: enter GroupElementadd */
/* qhasm: fe X1 */
/* qhasm: fe Y1 */
/* qhasm: fe Z1 */
/* qhasm: fe Z2 */
/* qhasm: fe T1 */
/* qhasm: fe ZZ */
/* qhasm: fe YpX2 */
/* qhasm: fe YmX2 */
/* qhasm: fe T2d2 */
/* qhasm: fe X3 */
/* qhasm: fe Y3 */
/* qhasm: fe Z3 */
/* qhasm: fe T3 */
/* qhasm: fe YpX1 */
/* qhasm: fe YmX1 */
/* qhasm: fe A */
/* qhasm: fe B */
/* qhasm: fe C */
/* qhasm: fe D */
/* qhasm: YpX1 = Y1+X1 */
/* asm 1: fe_add(>YpX1=fe#1,<Y1=fe#12,<X1=fe#11); */
/* asm 2: fe_add(>YpX1=r.X,<Y1=p.Y,<X1=p.X); */
FieldOperations.fe_add(out r.X, ref p.Y, ref p.X);
/* qhasm: YmX1 = Y1-X1 */
/* asm 1: fe_sub(>YmX1=fe#2,<Y1=fe#12,<X1=fe#11); */
/* asm 2: fe_sub(>YmX1=r.Y,<Y1=p.Y,<X1=p.X); */
FieldOperations.fe_sub(out r.Y, ref p.Y, ref p.X);
/* qhasm: A = YpX1*YpX2 */
/* asm 1: fe_mul(>A=fe#3,<YpX1=fe#1,<YpX2=fe#15); */
/* asm 2: fe_mul(>A=r.Z,<YpX1=r.X,<YpX2=q.YplusX); */
FieldOperations.fe_mul(out r.Z, ref r.X, ref q.YplusX);
/* qhasm: B = YmX1*YmX2 */
/* asm 1: fe_mul(>B=fe#2,<YmX1=fe#2,<YmX2=fe#16); */
/* asm 2: fe_mul(>B=r.Y,<YmX1=r.Y,<YmX2=q.YminusX); */
FieldOperations.fe_mul(out r.Y, ref r.Y, ref q.YminusX);
/* qhasm: C = T2d2*T1 */
/* asm 1: fe_mul(>C=fe#4,<T2d2=fe#18,<T1=fe#14); */
/* asm 2: fe_mul(>C=r.T,<T2d2=q.T2d,<T1=p.T); */
FieldOperations.fe_mul(out r.T, ref q.T2d, ref p.T);
/* qhasm: ZZ = Z1*Z2 */
/* asm 1: fe_mul(>ZZ=fe#1,<Z1=fe#13,<Z2=fe#17); */
/* asm 2: fe_mul(>ZZ=r.X,<Z1=p.Z,<Z2=q.Z); */
FieldOperations.fe_mul(out r.X, ref p.Z, ref q.Z);
/* qhasm: D = 2*ZZ */
/* asm 1: fe_add(>D=fe#5,<ZZ=fe#1,<ZZ=fe#1); */
/* asm 2: fe_add(>D=t0,<ZZ=r.X,<ZZ=r.X); */
FieldOperations.fe_add(out t0, ref r.X, ref r.X);
/* qhasm: X3 = A-B */
/* asm 1: fe_sub(>X3=fe#1,<A=fe#3,<B=fe#2); */
/* asm 2: fe_sub(>X3=r.X,<A=r.Z,<B=r.Y); */
FieldOperations.fe_sub(out r.X, ref r.Z, ref r.Y);
/* qhasm: Y3 = A+B */
/* asm 1: fe_add(>Y3=fe#2,<A=fe#3,<B=fe#2); */
/* asm 2: fe_add(>Y3=r.Y,<A=r.Z,<B=r.Y); */
FieldOperations.fe_add(out r.Y, ref r.Z, ref r.Y);
/* qhasm: Z3 = D+C */
/* asm 1: fe_add(>Z3=fe#3,<D=fe#5,<C=fe#4); */
/* asm 2: fe_add(>Z3=r.Z,<D=t0,<C=r.T); */
FieldOperations.fe_add(out r.Z, ref t0, ref r.T);
/* qhasm: T3 = D-C */
/* asm 1: fe_sub(>T3=fe#4,<D=fe#5,<C=fe#4); */
/* asm 2: fe_sub(>T3=r.T,<D=t0,<C=r.T); */
FieldOperations.fe_sub(out r.T, ref t0, ref r.T);
/* qhasm: return */
}
public static void ge_p2_0(out GroupElementP2 h)
{
FieldOperations.fe_0(out h.X);
FieldOperations.fe_1(out h.Y);
FieldOperations.fe_1(out h.Z);
}
static void cmov(ref GroupElementPreComp t, ref GroupElementPreComp u, byte b)
{
FieldOperations.fe_cmov(ref t.yplusx, ref u.yplusx, b);
FieldOperations.fe_cmov(ref t.yminusx, ref u.yminusx, b);
FieldOperations.fe_cmov(ref t.xy2d, ref u.xy2d, b);
}
/*
* r = p
*/
internal static void ge_p1p1_to_p2(out GroupElementP2 r, ref GroupElementP1P1 p)
{
FieldOperations.fe_mul(out r.X, ref p.X, ref p.T);
FieldOperations.fe_mul(out r.Y, ref p.Y, ref p.Z);
FieldOperations.fe_mul(out r.Z, ref p.Z, ref p.T);
}
