public static int ge_frombytes_negate_vartime(out GroupElementP3 h, byte[] data, int offset) { FieldElement u, v, v3, vxx, check; FieldOperations.fe_frombytes(out h.Y, data, offset); FieldOperations.fe_1(out h.Z); FieldOperations.fe_sq(out u, ref h.Y); FieldOperations.fe_mul(out v, ref u, ref LookupTables.d); FieldOperations.fe_sub(out u, ref u, ref h.Z); /* u = y^2-1 */ FieldOperations.fe_add(out v, ref v, ref h.Z); /* v = dy^2+1 */ FieldOperations.fe_sq(out v3, ref v); FieldOperations.fe_mul(out v3, ref v3, ref v); /* v3 = v^3 */ FieldOperations.fe_sq(out h.X, ref v3); FieldOperations.fe_mul(out h.X, ref h.X, ref v); FieldOperations.fe_mul(out h.X, ref h.X, ref u); /* x = uv^7 */ FieldOperations.fe_pow22523(out h.X, ref h.X); /* x = (uv^7)^((q-5)/8) */ FieldOperations.fe_mul(out h.X, ref h.X, ref v3); FieldOperations.fe_mul(out h.X, ref h.X, ref u); /* x = uv^3(uv^7)^((q-5)/8) */ FieldOperations.fe_sq(out vxx, ref h.X); FieldOperations.fe_mul(out vxx, ref vxx, ref v); FieldOperations.fe_sub(out check, ref vxx, ref u); /* vx^2-u */ if (FieldOperations.fe_isnonzero(ref check) != 0) { FieldOperations.fe_add(out check, ref vxx, ref u); /* vx^2+u */ if (FieldOperations.fe_isnonzero(ref check) != 0) { h = default(GroupElementP3); return(-1); } FieldOperations.fe_mul(out h.X, ref h.X, ref LookupTables.sqrtm1); } if (FieldOperations.fe_isnegative(ref h.X) == (data[offset + 31] >> 7)) { FieldOperations.fe_neg(out h.X, ref h.X); } FieldOperations.fe_mul(out h.T, ref h.X, ref h.Y); return(0); }
static void select(out GroupElementPreComp t, int pos, sbyte b) { GroupElementPreComp minust; var bnegative = negative(b); var babs = (byte)(b - (((-bnegative) & b) << 1)); ge_precomp_0(out t); var table = LookupTables.Base[pos]; cmov(ref t, ref table[0], equal(babs, 1)); cmov(ref t, ref table[1], equal(babs, 2)); cmov(ref t, ref table[2], equal(babs, 3)); cmov(ref t, ref table[3], equal(babs, 4)); cmov(ref t, ref table[4], equal(babs, 5)); cmov(ref t, ref table[5], equal(babs, 6)); cmov(ref t, ref table[6], equal(babs, 7)); cmov(ref t, ref table[7], equal(babs, 8)); minust.yplusx = t.yminusx; minust.yminusx = t.yplusx; FieldOperations.fe_neg(out minust.xy2d, ref t.xy2d); cmov(ref t, ref minust, bnegative); }