Index: lib/freebl/ecl/ecp_fpinc.c |
=================================================================== |
--- a/lib/freebl/ecl/ecp_fpinc.c |
+++ b/lib/freebl/ecl/ecp_fpinc.c |
@@ -1,821 +1,810 @@ |
/* This Source Code Form is subject to the terms of the Mozilla Public |
* License, v. 2.0. If a copy of the MPL was not distributed with this |
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
/* This source file is meant to be included by other source files |
* (ecp_fp###.c, where ### is one of 160, 192, 224) and should not |
* constitute an independent compilation unit. It requires the following |
* preprocessor definitions be made: ECFP_BSIZE - the number of bits in |
- * the field's prime |
+ * the field's prime |
* ECFP_NUMDOUBLES - the number of doubles to store one |
- * multi-precision integer in floating point |
+ * multi-precision integer in floating point |
/* Adds a prefix to a given token to give a unique token name. Prefixes |
* with "ecfp" + ECFP_BSIZE + "_". e.g. if ECFP_BSIZE = 160, then |
* PREFIX(hello) = ecfp160_hello This optimization allows static function |
* linking and compiler loop unrolling without code duplication. */ |
#ifndef PREFIX |
#define PREFIX(b) PREFIX1(ECFP_BSIZE, b) |
#define PREFIX1(bsize, b) PREFIX2(bsize, b) |
-#define PREFIX2(bsize, b) ecfp ## bsize ## _ ## b |
+#define PREFIX2(bsize, b) ecfp##bsize##_##b |
#endif |
/* Returns true iff every double in d is 0. (If d == 0 and it is tidied, |
* this will be true.) */ |
-mp_err PREFIX(isZero) (const double *d) { |
- int i; |
+mp_err PREFIX(isZero)(const double *d) { |
+ int i; |
- for (i = 0; i < ECFP_NUMDOUBLES; i++) { |
- if (d[i] != 0) |
- return MP_NO; |
- } |
- return MP_YES; |
+ for (i = 0; i < ECFP_NUMDOUBLES; i++) { |
+ if (d[i] != 0) return MP_NO; |
+ } |
+ return MP_YES; |
} |
/* Sets the multi-precision floating point number at t = 0 */ |
-void PREFIX(zero) (double *t) { |
- int i; |
+void PREFIX(zero)(double *t) { |
+ int i; |
- for (i = 0; i < ECFP_NUMDOUBLES; i++) { |
- t[i] = 0; |
- } |
+ for (i = 0; i < ECFP_NUMDOUBLES; i++) { |
+ t[i] = 0; |
+ } |
} |
/* Sets the multi-precision floating point number at t = 1 */ |
-void PREFIX(one) (double *t) { |
- int i; |
+void PREFIX(one)(double *t) { |
+ int i; |
- t[0] = 1; |
- for (i = 1; i < ECFP_NUMDOUBLES; i++) { |
- t[i] = 0; |
- } |
+ t[0] = 1; |
+ for (i = 1; i < ECFP_NUMDOUBLES; i++) { |
+ t[i] = 0; |
+ } |
} |
/* Checks if point P(x, y, z) is at infinity. Uses Jacobian coordinates. */ |
-mp_err PREFIX(pt_is_inf_jac) (const ecfp_jac_pt * p) { |
- return PREFIX(isZero) (p->z); |
+mp_err PREFIX(pt_is_inf_jac)(const ecfp_jac_pt *p) { |
+ return PREFIX(isZero)(p->z); |
} |
/* Sets the Jacobian point P to be at infinity. */ |
-void PREFIX(set_pt_inf_jac) (ecfp_jac_pt * p) { |
- PREFIX(zero) (p->z); |
-} |
+void PREFIX(set_pt_inf_jac)(ecfp_jac_pt *p) { PREFIX(zero)(p->z); } |
/* Checks if point P(x, y) is at infinity. Uses Affine coordinates. */ |
-mp_err PREFIX(pt_is_inf_aff) (const ecfp_aff_pt * p) { |
- if (PREFIX(isZero) (p->x) == MP_YES && PREFIX(isZero) (p->y) == MP_YES) |
- return MP_YES; |
- return MP_NO; |
+mp_err PREFIX(pt_is_inf_aff)(const ecfp_aff_pt *p) { |
+ if (PREFIX(isZero)(p->x) == MP_YES && PREFIX(isZero)(p->y) == MP_YES) |
+ return MP_YES; |
+ return MP_NO; |
} |
/* Sets the affine point P to be at infinity. */ |
-void PREFIX(set_pt_inf_aff) (ecfp_aff_pt * p) { |
- PREFIX(zero) (p->x); |
- PREFIX(zero) (p->y); |
+void PREFIX(set_pt_inf_aff)(ecfp_aff_pt *p) { |
+ PREFIX(zero)(p->x); |
+ PREFIX(zero)(p->y); |
} |
/* Checks if point P(x, y, z, a*z^4) is at infinity. Uses Modified |
* Jacobian coordinates. */ |
-mp_err PREFIX(pt_is_inf_jm) (const ecfp_jm_pt * p) { |
- return PREFIX(isZero) (p->z); |
+mp_err PREFIX(pt_is_inf_jm)(const ecfp_jm_pt *p) { |
+ return PREFIX(isZero)(p->z); |
} |
/* Sets the Modified Jacobian point P to be at infinity. */ |
-void PREFIX(set_pt_inf_jm) (ecfp_jm_pt * p) { |
- PREFIX(zero) (p->z); |
-} |
+void PREFIX(set_pt_inf_jm)(ecfp_jm_pt *p) { PREFIX(zero)(p->z); } |
/* Checks if point P(x, y, z, z^2, z^3) is at infinity. Uses Chudnovsky |
* Jacobian coordinates */ |
-mp_err PREFIX(pt_is_inf_chud) (const ecfp_chud_pt * p) { |
- return PREFIX(isZero) (p->z); |
+mp_err PREFIX(pt_is_inf_chud)(const ecfp_chud_pt *p) { |
+ return PREFIX(isZero)(p->z); |
} |
/* Sets the Chudnovsky Jacobian point P to be at infinity. */ |
-void PREFIX(set_pt_inf_chud) (ecfp_chud_pt * p) { |
- PREFIX(zero) (p->z); |
-} |
+void PREFIX(set_pt_inf_chud)(ecfp_chud_pt *p) { PREFIX(zero)(p->z); } |
/* Copies a multi-precision floating point number, Setting dest = src */ |
-void PREFIX(copy) (double *dest, const double *src) { |
- int i; |
+void PREFIX(copy)(double *dest, const double *src) { |
+ int i; |
- for (i = 0; i < ECFP_NUMDOUBLES; i++) { |
- dest[i] = src[i]; |
- } |
+ for (i = 0; i < ECFP_NUMDOUBLES; i++) { |
+ dest[i] = src[i]; |
+ } |
} |
/* Sets dest = -src */ |
-void PREFIX(negLong) (double *dest, const double *src) { |
- int i; |
+void PREFIX(negLong)(double *dest, const double *src) { |
+ int i; |
- for (i = 0; i < 2 * ECFP_NUMDOUBLES; i++) { |
- dest[i] = -src[i]; |
- } |
+ for (i = 0; i < 2 * ECFP_NUMDOUBLES; i++) { |
+ dest[i] = -src[i]; |
+ } |
} |
/* Sets r = -p p = (x, y, z, z2, z3) r = (x, -y, z, z2, z3) Uses |
* Chudnovsky Jacobian coordinates. */ |
/* TODO reverse order */ |
-void PREFIX(pt_neg_chud) (const ecfp_chud_pt * p, ecfp_chud_pt * r) { |
- int i; |
+void PREFIX(pt_neg_chud)(const ecfp_chud_pt *p, ecfp_chud_pt *r) { |
+ int i; |
- PREFIX(copy) (r->x, p->x); |
- PREFIX(copy) (r->z, p->z); |
- PREFIX(copy) (r->z2, p->z2); |
- PREFIX(copy) (r->z3, p->z3); |
- for (i = 0; i < ECFP_NUMDOUBLES; i++) { |
- r->y[i] = -p->y[i]; |
- } |
+ PREFIX(copy)(r->x, p->x); |
+ PREFIX(copy)(r->z, p->z); |
+ PREFIX(copy)(r->z2, p->z2); |
+ PREFIX(copy)(r->z3, p->z3); |
+ for (i = 0; i < ECFP_NUMDOUBLES; i++) { |
+ r->y[i] = -p->y[i]; |
+ } |
} |
/* Computes r = x + y. Does not tidy or reduce. Any combinations of r, x, |
* y can point to the same data. Componentwise adds first ECFP_NUMDOUBLES |
* doubles of x and y and stores the result in r. */ |
-void PREFIX(addShort) (double *r, const double *x, const double *y) { |
- int i; |
+void PREFIX(addShort)(double *r, const double *x, const double *y) { |
+ int i; |
- for (i = 0; i < ECFP_NUMDOUBLES; i++) { |
- *r++ = *x++ + *y++; |
- } |
+ for (i = 0; i < ECFP_NUMDOUBLES; i++) { |
+ *r++ = *x++ + *y++; |
+ } |
} |
/* Computes r = x + y. Does not tidy or reduce. Any combinations of r, x, |
* y can point to the same data. Componentwise adds first |
* 2*ECFP_NUMDOUBLES doubles of x and y and stores the result in r. */ |
-void PREFIX(addLong) (double *r, const double *x, const double *y) { |
- int i; |
+void PREFIX(addLong)(double *r, const double *x, const double *y) { |
+ int i; |
- for (i = 0; i < 2 * ECFP_NUMDOUBLES; i++) { |
- *r++ = *x++ + *y++; |
- } |
+ for (i = 0; i < 2 * ECFP_NUMDOUBLES; i++) { |
+ *r++ = *x++ + *y++; |
+ } |
} |
/* Computes r = x - y. Does not tidy or reduce. Any combinations of r, x, |
* y can point to the same data. Componentwise subtracts first |
* ECFP_NUMDOUBLES doubles of x and y and stores the result in r. */ |
-void PREFIX(subtractShort) (double *r, const double *x, const double *y) { |
- int i; |
+void PREFIX(subtractShort)(double *r, const double *x, const double *y) { |
+ int i; |
- for (i = 0; i < ECFP_NUMDOUBLES; i++) { |
- *r++ = *x++ - *y++; |
- } |
+ for (i = 0; i < ECFP_NUMDOUBLES; i++) { |
+ *r++ = *x++ - *y++; |
+ } |
} |
/* Computes r = x - y. Does not tidy or reduce. Any combinations of r, x, |
* y can point to the same data. Componentwise subtracts first |
* 2*ECFP_NUMDOUBLES doubles of x and y and stores the result in r. */ |
-void PREFIX(subtractLong) (double *r, const double *x, const double *y) { |
- int i; |
+void PREFIX(subtractLong)(double *r, const double *x, const double *y) { |
+ int i; |
- for (i = 0; i < 2 * ECFP_NUMDOUBLES; i++) { |
- *r++ = *x++ - *y++; |
- } |
+ for (i = 0; i < 2 * ECFP_NUMDOUBLES; i++) { |
+ *r++ = *x++ - *y++; |
+ } |
} |
/* Computes r = x*y. Both x and y should be tidied and reduced, |
* r must be different (point to different memory) than x and y. |
* Does not tidy or reduce. */ |
void PREFIX(multiply)(double *r, const double *x, const double *y) { |
- int i, j; |
+ int i, j; |
- for(j=0;j<ECFP_NUMDOUBLES-1;j++) { |
- r[j] = x[0] * y[j]; |
- r[j+(ECFP_NUMDOUBLES-1)] = x[ECFP_NUMDOUBLES-1] * y[j]; |
- } |
- r[ECFP_NUMDOUBLES-1] = x[0] * y[ECFP_NUMDOUBLES-1]; |
- r[ECFP_NUMDOUBLES-1] += x[ECFP_NUMDOUBLES-1] * y[0]; |
- r[2*ECFP_NUMDOUBLES-2] = x[ECFP_NUMDOUBLES-1] * y[ECFP_NUMDOUBLES-1]; |
- r[2*ECFP_NUMDOUBLES-1] = 0; |
- |
- for(i=1;i<ECFP_NUMDOUBLES-1;i++) { |
- for(j=0;j<ECFP_NUMDOUBLES;j++) { |
- r[i+j] += (x[i] * y[j]); |
- } |
- } |
+ for (j = 0; j < ECFP_NUMDOUBLES - 1; j++) { |
+ r[j] = x[0] * y[j]; |
+ r[j + (ECFP_NUMDOUBLES - 1)] = x[ECFP_NUMDOUBLES - 1] * y[j]; |
+ } |
+ r[ECFP_NUMDOUBLES - 1] = x[0] * y[ECFP_NUMDOUBLES - 1]; |
+ r[ECFP_NUMDOUBLES - 1] += x[ECFP_NUMDOUBLES - 1] * y[0]; |
+ r[2 * ECFP_NUMDOUBLES - 2] = x[ECFP_NUMDOUBLES - 1] * y[ECFP_NUMDOUBLES - 1]; |
+ r[2 * ECFP_NUMDOUBLES - 1] = 0; |
+ |
+ for (i = 1; i < ECFP_NUMDOUBLES - 1; i++) { |
+ for (j = 0; j < ECFP_NUMDOUBLES; j++) { |
+ r[i + j] += (x[i] * y[j]); |
+ } |
+ } |
} |
/* Computes the square of x and stores the result in r. x should be |
- * tidied & reduced, r will be neither tidied nor reduced. |
+ * tidied & reduced, r will be neither tidied nor reduced. |
* r should point to different memory than x */ |
-void PREFIX(square) (double *r, const double *x) { |
- PREFIX(multiply) (r, x, x); |
-} |
+void PREFIX(square)(double *r, const double *x) { PREFIX(multiply)(r, x, x); } |
/* Perform a point doubling in Jacobian coordinates. Input and output |
* should be multi-precision floating point integers. */ |
-void PREFIX(pt_dbl_jac) (const ecfp_jac_pt * dp, ecfp_jac_pt * dr, |
- const EC_group_fp * group) { |
- double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES], |
- M[2 * ECFP_NUMDOUBLES], S[2 * ECFP_NUMDOUBLES]; |
+void PREFIX(pt_dbl_jac)(const ecfp_jac_pt *dp, ecfp_jac_pt *dr, |
+ const EC_group_fp *group) { |
+ double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES], |
+ M[2 * ECFP_NUMDOUBLES], S[2 * ECFP_NUMDOUBLES]; |
- /* Check for point at infinity */ |
- if (PREFIX(pt_is_inf_jac) (dp) == MP_YES) { |
- /* Set r = pt at infinity */ |
- PREFIX(set_pt_inf_jac) (dr); |
- goto CLEANUP; |
- } |
+ /* Check for point at infinity */ |
+ if (PREFIX(pt_is_inf_jac)(dp) == MP_YES) { |
+ /* Set r = pt at infinity */ |
+ PREFIX(set_pt_inf_jac)(dr); |
+ goto CLEANUP; |
+ } |
- /* Perform typical point doubling operations */ |
+ /* Perform typical point doubling operations */ |
- /* TODO? is it worthwhile to do optimizations for when pz = 1? */ |
+ /* TODO? is it worthwhile to do optimizations for when pz = 1? */ |
- if (group->aIsM3) { |
- /* When a = -3, M = 3(px - pz^2)(px + pz^2) */ |
- PREFIX(square) (t1, dp->z); |
- group->ecfp_reduce(t1, t1, group); /* 2^23 since the negative |
- * rounding buys another bit */ |
- PREFIX(addShort) (t0, dp->x, t1); /* 2*2^23 */ |
- PREFIX(subtractShort) (t1, dp->x, t1); /* 2 * 2^23 */ |
- PREFIX(multiply) (M, t0, t1); /* 40 * 2^46 */ |
- PREFIX(addLong) (t0, M, M); /* 80 * 2^46 */ |
- PREFIX(addLong) (M, t0, M); /* 120 * 2^46 < 2^53 */ |
- group->ecfp_reduce(M, M, group); |
- } else { |
- /* Generic case */ |
- /* M = 3 (px^2) + a*(pz^4) */ |
- PREFIX(square) (t0, dp->x); |
- PREFIX(addLong) (M, t0, t0); |
- PREFIX(addLong) (t0, t0, M); /* t0 = 3(px^2) */ |
- PREFIX(square) (M, dp->z); |
- group->ecfp_reduce(M, M, group); |
- PREFIX(square) (t1, M); |
- group->ecfp_reduce(t1, t1, group); |
- PREFIX(multiply) (M, t1, group->curvea); /* M = a(pz^4) */ |
- PREFIX(addLong) (M, M, t0); |
- group->ecfp_reduce(M, M, group); |
- } |
+ if (group->aIsM3) { |
+ /* When a = -3, M = 3(px - pz^2)(px + pz^2) */ |
+ PREFIX(square)(t1, dp->z); |
+ group->ecfp_reduce( |
+ t1, t1, |
+ group); /* 2^23 since the negative |
+ * rounding buys another bit */ |
+ PREFIX(addShort)(t0, dp->x, t1); /* 2*2^23 */ |
+ PREFIX(subtractShort)(t1, dp->x, t1); /* 2 * 2^23 */ |
+ PREFIX(multiply)(M, t0, t1); /* 40 * 2^46 */ |
+ PREFIX(addLong)(t0, M, M); /* 80 * 2^46 */ |
+ PREFIX(addLong)(M, t0, M); /* 120 * 2^46 < 2^53 */ |
+ group->ecfp_reduce(M, M, group); |
+ } else { |
+ /* Generic case */ |
+ /* M = 3 (px^2) + a*(pz^4) */ |
+ PREFIX(square)(t0, dp->x); |
+ PREFIX(addLong)(M, t0, t0); |
+ PREFIX(addLong)(t0, t0, M); /* t0 = 3(px^2) */ |
+ PREFIX(square)(M, dp->z); |
+ group->ecfp_reduce(M, M, group); |
+ PREFIX(square)(t1, M); |
+ group->ecfp_reduce(t1, t1, group); |
+ PREFIX(multiply)(M, t1, group->curvea); /* M = a(pz^4) */ |
+ PREFIX(addLong)(M, M, t0); |
+ group->ecfp_reduce(M, M, group); |
+ } |
- /* rz = 2 * py * pz */ |
- PREFIX(multiply) (t1, dp->y, dp->z); |
- PREFIX(addLong) (t1, t1, t1); |
- group->ecfp_reduce(dr->z, t1, group); |
+ /* rz = 2 * py * pz */ |
+ PREFIX(multiply)(t1, dp->y, dp->z); |
+ PREFIX(addLong)(t1, t1, t1); |
+ group->ecfp_reduce(dr->z, t1, group); |
- /* t0 = 2y^2 */ |
- PREFIX(square) (t0, dp->y); |
- group->ecfp_reduce(t0, t0, group); |
- PREFIX(addShort) (t0, t0, t0); |
+ /* t0 = 2y^2 */ |
+ PREFIX(square)(t0, dp->y); |
+ group->ecfp_reduce(t0, t0, group); |
+ PREFIX(addShort)(t0, t0, t0); |
- /* S = 4 * px * py^2 = 2 * px * t0 */ |
- PREFIX(multiply) (S, dp->x, t0); |
- PREFIX(addLong) (S, S, S); |
- group->ecfp_reduce(S, S, group); |
+ /* S = 4 * px * py^2 = 2 * px * t0 */ |
+ PREFIX(multiply)(S, dp->x, t0); |
+ PREFIX(addLong)(S, S, S); |
+ group->ecfp_reduce(S, S, group); |
- /* rx = M^2 - 2 * S */ |
- PREFIX(square) (t1, M); |
- PREFIX(subtractShort) (t1, t1, S); |
- PREFIX(subtractShort) (t1, t1, S); |
- group->ecfp_reduce(dr->x, t1, group); |
+ /* rx = M^2 - 2 * S */ |
+ PREFIX(square)(t1, M); |
+ PREFIX(subtractShort)(t1, t1, S); |
+ PREFIX(subtractShort)(t1, t1, S); |
+ group->ecfp_reduce(dr->x, t1, group); |
- /* ry = M * (S - rx) - 8 * py^4 */ |
- PREFIX(square) (t1, t0); /* t1 = 4y^4 */ |
- PREFIX(subtractShort) (S, S, dr->x); |
- PREFIX(multiply) (t0, M, S); |
- PREFIX(subtractLong) (t0, t0, t1); |
- PREFIX(subtractLong) (t0, t0, t1); |
- group->ecfp_reduce(dr->y, t0, group); |
+ /* ry = M * (S - rx) - 8 * py^4 */ |
+ PREFIX(square)(t1, t0); /* t1 = 4y^4 */ |
+ PREFIX(subtractShort)(S, S, dr->x); |
+ PREFIX(multiply)(t0, M, S); |
+ PREFIX(subtractLong)(t0, t0, t1); |
+ PREFIX(subtractLong)(t0, t0, t1); |
+ group->ecfp_reduce(dr->y, t0, group); |
- CLEANUP: |
- return; |
+CLEANUP: |
+ return; |
} |
/* Perform a point addition using coordinate system Jacobian + Affine -> |
* Jacobian. Input and output should be multi-precision floating point |
* integers. */ |
-void PREFIX(pt_add_jac_aff) (const ecfp_jac_pt * p, const ecfp_aff_pt * q, |
- ecfp_jac_pt * r, const EC_group_fp * group) { |
- /* Temporary storage */ |
- double A[2 * ECFP_NUMDOUBLES], B[2 * ECFP_NUMDOUBLES], |
- C[2 * ECFP_NUMDOUBLES], C2[2 * ECFP_NUMDOUBLES], |
- D[2 * ECFP_NUMDOUBLES], C3[2 * ECFP_NUMDOUBLES]; |
+void PREFIX(pt_add_jac_aff)(const ecfp_jac_pt *p, const ecfp_aff_pt *q, |
+ ecfp_jac_pt *r, const EC_group_fp *group) { |
+ /* Temporary storage */ |
+ double A[2 * ECFP_NUMDOUBLES], B[2 * ECFP_NUMDOUBLES], C[2 * ECFP_NUMDOUBLES], |
+ C2[2 * ECFP_NUMDOUBLES], D[2 * ECFP_NUMDOUBLES], C3[2 * ECFP_NUMDOUBLES]; |
- /* Check for point at infinity for p or q */ |
- if (PREFIX(pt_is_inf_aff) (q) == MP_YES) { |
- PREFIX(copy) (r->x, p->x); |
- PREFIX(copy) (r->y, p->y); |
- PREFIX(copy) (r->z, p->z); |
- goto CLEANUP; |
- } else if (PREFIX(pt_is_inf_jac) (p) == MP_YES) { |
- PREFIX(copy) (r->x, q->x); |
- PREFIX(copy) (r->y, q->y); |
- /* Since the affine point is not infinity, we can set r->z = 1 */ |
- PREFIX(one) (r->z); |
- goto CLEANUP; |
- } |
+ /* Check for point at infinity for p or q */ |
+ if (PREFIX(pt_is_inf_aff)(q) == MP_YES) { |
+ PREFIX(copy)(r->x, p->x); |
+ PREFIX(copy)(r->y, p->y); |
+ PREFIX(copy)(r->z, p->z); |
+ goto CLEANUP; |
+ } else if (PREFIX(pt_is_inf_jac)(p) == MP_YES) { |
+ PREFIX(copy)(r->x, q->x); |
+ PREFIX(copy)(r->y, q->y); |
+ /* Since the affine point is not infinity, we can set r->z = 1 */ |
+ PREFIX(one)(r->z); |
+ goto CLEANUP; |
+ } |
- /* Calculates c = qx * pz^2 - px d = (qy * b - py) rx = d^2 - c^3 + 2 |
- * (px * c^2) ry = d * (c-rx) - py*c^3 rz = c * pz */ |
+ /* Calculates c = qx * pz^2 - px d = (qy * b - py) rx = d^2 - c^3 + 2 |
+ * (px * c^2) ry = d * (c-rx) - py*c^3 rz = c * pz */ |
- /* A = pz^2, B = pz^3 */ |
- PREFIX(square) (A, p->z); |
- group->ecfp_reduce(A, A, group); |
- PREFIX(multiply) (B, A, p->z); |
- group->ecfp_reduce(B, B, group); |
+ /* A = pz^2, B = pz^3 */ |
+ PREFIX(square)(A, p->z); |
+ group->ecfp_reduce(A, A, group); |
+ PREFIX(multiply)(B, A, p->z); |
+ group->ecfp_reduce(B, B, group); |
- /* C = qx * A - px */ |
- PREFIX(multiply) (C, q->x, A); |
- PREFIX(subtractShort) (C, C, p->x); |
- group->ecfp_reduce(C, C, group); |
+ /* C = qx * A - px */ |
+ PREFIX(multiply)(C, q->x, A); |
+ PREFIX(subtractShort)(C, C, p->x); |
+ group->ecfp_reduce(C, C, group); |
- /* D = qy * B - py */ |
- PREFIX(multiply) (D, q->y, B); |
- PREFIX(subtractShort) (D, D, p->y); |
- group->ecfp_reduce(D, D, group); |
+ /* D = qy * B - py */ |
+ PREFIX(multiply)(D, q->y, B); |
+ PREFIX(subtractShort)(D, D, p->y); |
+ group->ecfp_reduce(D, D, group); |
- /* C2 = C^2, C3 = C^3 */ |
- PREFIX(square) (C2, C); |
- group->ecfp_reduce(C2, C2, group); |
- PREFIX(multiply) (C3, C2, C); |
- group->ecfp_reduce(C3, C3, group); |
+ /* C2 = C^2, C3 = C^3 */ |
+ PREFIX(square)(C2, C); |
+ group->ecfp_reduce(C2, C2, group); |
+ PREFIX(multiply)(C3, C2, C); |
+ group->ecfp_reduce(C3, C3, group); |
- /* rz = A = pz * C */ |
- PREFIX(multiply) (A, p->z, C); |
- group->ecfp_reduce(r->z, A, group); |
+ /* rz = A = pz * C */ |
+ PREFIX(multiply)(A, p->z, C); |
+ group->ecfp_reduce(r->z, A, group); |
- /* C = px * C^2, untidied, unreduced */ |
- PREFIX(multiply) (C, p->x, C2); |
+ /* C = px * C^2, untidied, unreduced */ |
+ PREFIX(multiply)(C, p->x, C2); |
- /* A = D^2, untidied, unreduced */ |
- PREFIX(square) (A, D); |
+ /* A = D^2, untidied, unreduced */ |
+ PREFIX(square)(A, D); |
- /* rx = B = A - C3 - C - C = D^2 - (C^3 + 2 * (px * C^2) */ |
- PREFIX(subtractShort) (A, A, C3); |
- PREFIX(subtractLong) (A, A, C); |
- PREFIX(subtractLong) (A, A, C); |
- group->ecfp_reduce(r->x, A, group); |
+ /* rx = B = A - C3 - C - C = D^2 - (C^3 + 2 * (px * C^2) */ |
+ PREFIX(subtractShort)(A, A, C3); |
+ PREFIX(subtractLong)(A, A, C); |
+ PREFIX(subtractLong)(A, A, C); |
+ group->ecfp_reduce(r->x, A, group); |
- /* B = py * C3, untidied, unreduced */ |
- PREFIX(multiply) (B, p->y, C3); |
+ /* B = py * C3, untidied, unreduced */ |
+ PREFIX(multiply)(B, p->y, C3); |
- /* C = px * C^2 - rx */ |
- PREFIX(subtractShort) (C, C, r->x); |
- group->ecfp_reduce(C, C, group); |
+ /* C = px * C^2 - rx */ |
+ PREFIX(subtractShort)(C, C, r->x); |
+ group->ecfp_reduce(C, C, group); |
- /* ry = A = D * C - py * C^3 */ |
- PREFIX(multiply) (A, D, C); |
- PREFIX(subtractLong) (A, A, B); |
- group->ecfp_reduce(r->y, A, group); |
+ /* ry = A = D * C - py * C^3 */ |
+ PREFIX(multiply)(A, D, C); |
+ PREFIX(subtractLong)(A, A, B); |
+ group->ecfp_reduce(r->y, A, group); |
- CLEANUP: |
- return; |
+CLEANUP: |
+ return; |
} |
/* Perform a point addition using Jacobian coordinate system. Input and |
* output should be multi-precision floating point integers. */ |
-void PREFIX(pt_add_jac) (const ecfp_jac_pt * p, const ecfp_jac_pt * q, |
- ecfp_jac_pt * r, const EC_group_fp * group) { |
+void PREFIX(pt_add_jac)(const ecfp_jac_pt *p, const ecfp_jac_pt *q, |
+ ecfp_jac_pt *r, const EC_group_fp *group) { |
- /* Temporary Storage */ |
- double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES], |
- U[2 * ECFP_NUMDOUBLES], R[2 * ECFP_NUMDOUBLES], |
- S[2 * ECFP_NUMDOUBLES], H[2 * ECFP_NUMDOUBLES], |
- H3[2 * ECFP_NUMDOUBLES]; |
+ /* Temporary Storage */ |
+ double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES], |
+ U[2 * ECFP_NUMDOUBLES], R[2 * ECFP_NUMDOUBLES], S[2 * ECFP_NUMDOUBLES], |
+ H[2 * ECFP_NUMDOUBLES], H3[2 * ECFP_NUMDOUBLES]; |
- /* Check for point at infinity for p, if so set r = q */ |
- if (PREFIX(pt_is_inf_jac) (p) == MP_YES) { |
- PREFIX(copy) (r->x, q->x); |
- PREFIX(copy) (r->y, q->y); |
- PREFIX(copy) (r->z, q->z); |
- goto CLEANUP; |
- } |
+ /* Check for point at infinity for p, if so set r = q */ |
+ if (PREFIX(pt_is_inf_jac)(p) == MP_YES) { |
+ PREFIX(copy)(r->x, q->x); |
+ PREFIX(copy)(r->y, q->y); |
+ PREFIX(copy)(r->z, q->z); |
+ goto CLEANUP; |
+ } |
- /* Check for point at infinity for p, if so set r = q */ |
- if (PREFIX(pt_is_inf_jac) (q) == MP_YES) { |
- PREFIX(copy) (r->x, p->x); |
- PREFIX(copy) (r->y, p->y); |
- PREFIX(copy) (r->z, p->z); |
- goto CLEANUP; |
- } |
+ /* Check for point at infinity for p, if so set r = q */ |
+ if (PREFIX(pt_is_inf_jac)(q) == MP_YES) { |
+ PREFIX(copy)(r->x, p->x); |
+ PREFIX(copy)(r->y, p->y); |
+ PREFIX(copy)(r->z, p->z); |
+ goto CLEANUP; |
+ } |
- /* U = px * qz^2 , S = py * qz^3 */ |
- PREFIX(square) (t0, q->z); |
- group->ecfp_reduce(t0, t0, group); |
- PREFIX(multiply) (U, p->x, t0); |
- group->ecfp_reduce(U, U, group); |
- PREFIX(multiply) (t1, t0, q->z); |
- group->ecfp_reduce(t1, t1, group); |
- PREFIX(multiply) (t0, p->y, t1); |
- group->ecfp_reduce(S, t0, group); |
+ /* U = px * qz^2 , S = py * qz^3 */ |
+ PREFIX(square)(t0, q->z); |
+ group->ecfp_reduce(t0, t0, group); |
+ PREFIX(multiply)(U, p->x, t0); |
+ group->ecfp_reduce(U, U, group); |
+ PREFIX(multiply)(t1, t0, q->z); |
+ group->ecfp_reduce(t1, t1, group); |
+ PREFIX(multiply)(t0, p->y, t1); |
+ group->ecfp_reduce(S, t0, group); |
- /* H = qx*(pz)^2 - U , R = (qy * pz^3 - S) */ |
- PREFIX(square) (t0, p->z); |
- group->ecfp_reduce(t0, t0, group); |
- PREFIX(multiply) (H, q->x, t0); |
- PREFIX(subtractShort) (H, H, U); |
- group->ecfp_reduce(H, H, group); |
- PREFIX(multiply) (t1, t0, p->z); /* t1 = pz^3 */ |
- group->ecfp_reduce(t1, t1, group); |
- PREFIX(multiply) (t0, t1, q->y); /* t0 = qy * pz^3 */ |
- PREFIX(subtractShort) (t0, t0, S); |
- group->ecfp_reduce(R, t0, group); |
+ /* H = qx*(pz)^2 - U , R = (qy * pz^3 - S) */ |
+ PREFIX(square)(t0, p->z); |
+ group->ecfp_reduce(t0, t0, group); |
+ PREFIX(multiply)(H, q->x, t0); |
+ PREFIX(subtractShort)(H, H, U); |
+ group->ecfp_reduce(H, H, group); |
+ PREFIX(multiply)(t1, t0, p->z); /* t1 = pz^3 */ |
+ group->ecfp_reduce(t1, t1, group); |
+ PREFIX(multiply)(t0, t1, q->y); /* t0 = qy * pz^3 */ |
+ PREFIX(subtractShort)(t0, t0, S); |
+ group->ecfp_reduce(R, t0, group); |
- /* U = U*H^2, H3 = H^3 */ |
- PREFIX(square) (t0, H); |
- group->ecfp_reduce(t0, t0, group); |
- PREFIX(multiply) (t1, U, t0); |
- group->ecfp_reduce(U, t1, group); |
- PREFIX(multiply) (H3, t0, H); |
- group->ecfp_reduce(H3, H3, group); |
+ /* U = U*H^2, H3 = H^3 */ |
+ PREFIX(square)(t0, H); |
+ group->ecfp_reduce(t0, t0, group); |
+ PREFIX(multiply)(t1, U, t0); |
+ group->ecfp_reduce(U, t1, group); |
+ PREFIX(multiply)(H3, t0, H); |
+ group->ecfp_reduce(H3, H3, group); |
- /* rz = pz * qz * H */ |
- PREFIX(multiply) (t0, q->z, H); |
- group->ecfp_reduce(t0, t0, group); |
- PREFIX(multiply) (t1, t0, p->z); |
- group->ecfp_reduce(r->z, t1, group); |
+ /* rz = pz * qz * H */ |
+ PREFIX(multiply)(t0, q->z, H); |
+ group->ecfp_reduce(t0, t0, group); |
+ PREFIX(multiply)(t1, t0, p->z); |
+ group->ecfp_reduce(r->z, t1, group); |
- /* rx = R^2 - H^3 - 2 * U */ |
- PREFIX(square) (t0, R); |
- PREFIX(subtractShort) (t0, t0, H3); |
- PREFIX(subtractShort) (t0, t0, U); |
- PREFIX(subtractShort) (t0, t0, U); |
- group->ecfp_reduce(r->x, t0, group); |
+ /* rx = R^2 - H^3 - 2 * U */ |
+ PREFIX(square)(t0, R); |
+ PREFIX(subtractShort)(t0, t0, H3); |
+ PREFIX(subtractShort)(t0, t0, U); |
+ PREFIX(subtractShort)(t0, t0, U); |
+ group->ecfp_reduce(r->x, t0, group); |
- /* ry = R(U - rx) - S*H3 */ |
- PREFIX(subtractShort) (t1, U, r->x); |
- PREFIX(multiply) (t0, t1, R); |
- PREFIX(multiply) (t1, S, H3); |
- PREFIX(subtractLong) (t1, t0, t1); |
- group->ecfp_reduce(r->y, t1, group); |
+ /* ry = R(U - rx) - S*H3 */ |
+ PREFIX(subtractShort)(t1, U, r->x); |
+ PREFIX(multiply)(t0, t1, R); |
+ PREFIX(multiply)(t1, S, H3); |
+ PREFIX(subtractLong)(t1, t0, t1); |
+ group->ecfp_reduce(r->y, t1, group); |
- CLEANUP: |
- return; |
+CLEANUP: |
+ return; |
} |
/* Perform a point doubling in Modified Jacobian coordinates. Input and |
* output should be multi-precision floating point integers. */ |
-void PREFIX(pt_dbl_jm) (const ecfp_jm_pt * p, ecfp_jm_pt * r, |
- const EC_group_fp * group) { |
+void PREFIX(pt_dbl_jm)(const ecfp_jm_pt *p, ecfp_jm_pt *r, |
+ const EC_group_fp *group) { |
- /* Temporary storage */ |
- double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES], |
- M[2 * ECFP_NUMDOUBLES], S[2 * ECFP_NUMDOUBLES], |
- U[2 * ECFP_NUMDOUBLES], T[2 * ECFP_NUMDOUBLES]; |
+ /* Temporary storage */ |
+ double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES], |
+ M[2 * ECFP_NUMDOUBLES], S[2 * ECFP_NUMDOUBLES], U[2 * ECFP_NUMDOUBLES], |
+ T[2 * ECFP_NUMDOUBLES]; |
- /* Check for point at infinity */ |
- if (PREFIX(pt_is_inf_jm) (p) == MP_YES) { |
- /* Set r = pt at infinity by setting rz = 0 */ |
- PREFIX(set_pt_inf_jm) (r); |
- goto CLEANUP; |
- } |
+ /* Check for point at infinity */ |
+ if (PREFIX(pt_is_inf_jm)(p) == MP_YES) { |
+ /* Set r = pt at infinity by setting rz = 0 */ |
+ PREFIX(set_pt_inf_jm)(r); |
+ goto CLEANUP; |
+ } |
- /* M = 3 (px^2) + a*(pz^4) */ |
- PREFIX(square) (t0, p->x); |
- PREFIX(addLong) (M, t0, t0); |
- PREFIX(addLong) (t0, t0, M); /* t0 = 3(px^2) */ |
- PREFIX(addShort) (t0, t0, p->az4); |
- group->ecfp_reduce(M, t0, group); |
+ /* M = 3 (px^2) + a*(pz^4) */ |
+ PREFIX(square)(t0, p->x); |
+ PREFIX(addLong)(M, t0, t0); |
+ PREFIX(addLong)(t0, t0, M); /* t0 = 3(px^2) */ |
+ PREFIX(addShort)(t0, t0, p->az4); |
+ group->ecfp_reduce(M, t0, group); |
- /* rz = 2 * py * pz */ |
- PREFIX(multiply) (t1, p->y, p->z); |
- PREFIX(addLong) (t1, t1, t1); |
- group->ecfp_reduce(r->z, t1, group); |
+ /* rz = 2 * py * pz */ |
+ PREFIX(multiply)(t1, p->y, p->z); |
+ PREFIX(addLong)(t1, t1, t1); |
+ group->ecfp_reduce(r->z, t1, group); |
- /* t0 = 2y^2, U = 8y^4 */ |
- PREFIX(square) (t0, p->y); |
- group->ecfp_reduce(t0, t0, group); |
- PREFIX(addShort) (t0, t0, t0); |
- PREFIX(square) (U, t0); |
- group->ecfp_reduce(U, U, group); |
- PREFIX(addShort) (U, U, U); |
+ /* t0 = 2y^2, U = 8y^4 */ |
+ PREFIX(square)(t0, p->y); |
+ group->ecfp_reduce(t0, t0, group); |
+ PREFIX(addShort)(t0, t0, t0); |
+ PREFIX(square)(U, t0); |
+ group->ecfp_reduce(U, U, group); |
+ PREFIX(addShort)(U, U, U); |
- /* S = 4 * px * py^2 = 2 * px * t0 */ |
- PREFIX(multiply) (S, p->x, t0); |
- group->ecfp_reduce(S, S, group); |
- PREFIX(addShort) (S, S, S); |
+ /* S = 4 * px * py^2 = 2 * px * t0 */ |
+ PREFIX(multiply)(S, p->x, t0); |
+ group->ecfp_reduce(S, S, group); |
+ PREFIX(addShort)(S, S, S); |
- /* rx = M^2 - 2S */ |
- PREFIX(square) (T, M); |
- PREFIX(subtractShort) (T, T, S); |
- PREFIX(subtractShort) (T, T, S); |
- group->ecfp_reduce(r->x, T, group); |
+ /* rx = M^2 - 2S */ |
+ PREFIX(square)(T, M); |
+ PREFIX(subtractShort)(T, T, S); |
+ PREFIX(subtractShort)(T, T, S); |
+ group->ecfp_reduce(r->x, T, group); |
- /* ry = M * (S - rx) - U */ |
- PREFIX(subtractShort) (S, S, r->x); |
- PREFIX(multiply) (t0, M, S); |
- PREFIX(subtractShort) (t0, t0, U); |
- group->ecfp_reduce(r->y, t0, group); |
+ /* ry = M * (S - rx) - U */ |
+ PREFIX(subtractShort)(S, S, r->x); |
+ PREFIX(multiply)(t0, M, S); |
+ PREFIX(subtractShort)(t0, t0, U); |
+ group->ecfp_reduce(r->y, t0, group); |
- /* ra*z^4 = 2*U*(apz4) */ |
- PREFIX(multiply) (t1, U, p->az4); |
- PREFIX(addLong) (t1, t1, t1); |
- group->ecfp_reduce(r->az4, t1, group); |
+ /* ra*z^4 = 2*U*(apz4) */ |
+ PREFIX(multiply)(t1, U, p->az4); |
+ PREFIX(addLong)(t1, t1, t1); |
+ group->ecfp_reduce(r->az4, t1, group); |
- CLEANUP: |
- return; |
+CLEANUP: |
+ return; |
} |
/* Perform a point doubling using coordinates Affine -> Chudnovsky |
* Jacobian. Input and output should be multi-precision floating point |
* integers. */ |
-void PREFIX(pt_dbl_aff2chud) (const ecfp_aff_pt * p, ecfp_chud_pt * r, |
- const EC_group_fp * group) { |
- double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES], |
- M[2 * ECFP_NUMDOUBLES], twoY2[2 * ECFP_NUMDOUBLES], |
- S[2 * ECFP_NUMDOUBLES]; |
+void PREFIX(pt_dbl_aff2chud)(const ecfp_aff_pt *p, ecfp_chud_pt *r, |
+ const EC_group_fp *group) { |
+ double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES], |
+ M[2 * ECFP_NUMDOUBLES], twoY2[2 * ECFP_NUMDOUBLES], |
+ S[2 * ECFP_NUMDOUBLES]; |
- /* Check for point at infinity for p, if so set r = O */ |
- if (PREFIX(pt_is_inf_aff) (p) == MP_YES) { |
- PREFIX(set_pt_inf_chud) (r); |
- goto CLEANUP; |
- } |
+ /* Check for point at infinity for p, if so set r = O */ |
+ if (PREFIX(pt_is_inf_aff)(p) == MP_YES) { |
+ PREFIX(set_pt_inf_chud)(r); |
+ goto CLEANUP; |
+ } |
- /* M = 3(px)^2 + a */ |
- PREFIX(square) (t0, p->x); |
- PREFIX(addLong) (t1, t0, t0); |
- PREFIX(addLong) (t1, t1, t0); |
- PREFIX(addShort) (t1, t1, group->curvea); |
- group->ecfp_reduce(M, t1, group); |
+ /* M = 3(px)^2 + a */ |
+ PREFIX(square)(t0, p->x); |
+ PREFIX(addLong)(t1, t0, t0); |
+ PREFIX(addLong)(t1, t1, t0); |
+ PREFIX(addShort)(t1, t1, group->curvea); |
+ group->ecfp_reduce(M, t1, group); |
- /* twoY2 = 2*(py)^2, S = 4(px)(py)^2 */ |
- PREFIX(square) (twoY2, p->y); |
- PREFIX(addLong) (twoY2, twoY2, twoY2); |
- group->ecfp_reduce(twoY2, twoY2, group); |
- PREFIX(multiply) (S, p->x, twoY2); |
- PREFIX(addLong) (S, S, S); |
- group->ecfp_reduce(S, S, group); |
+ /* twoY2 = 2*(py)^2, S = 4(px)(py)^2 */ |
+ PREFIX(square)(twoY2, p->y); |
+ PREFIX(addLong)(twoY2, twoY2, twoY2); |
+ group->ecfp_reduce(twoY2, twoY2, group); |
+ PREFIX(multiply)(S, p->x, twoY2); |
+ PREFIX(addLong)(S, S, S); |
+ group->ecfp_reduce(S, S, group); |
- /* rx = M^2 - 2S */ |
- PREFIX(square) (t0, M); |
- PREFIX(subtractShort) (t0, t0, S); |
- PREFIX(subtractShort) (t0, t0, S); |
- group->ecfp_reduce(r->x, t0, group); |
+ /* rx = M^2 - 2S */ |
+ PREFIX(square)(t0, M); |
+ PREFIX(subtractShort)(t0, t0, S); |
+ PREFIX(subtractShort)(t0, t0, S); |
+ group->ecfp_reduce(r->x, t0, group); |
- /* ry = M(S-rx) - 8y^4 */ |
- PREFIX(subtractShort) (t0, S, r->x); |
- PREFIX(multiply) (t1, t0, M); |
- PREFIX(square) (t0, twoY2); |
- PREFIX(subtractLong) (t1, t1, t0); |
- PREFIX(subtractLong) (t1, t1, t0); |
- group->ecfp_reduce(r->y, t1, group); |
+ /* ry = M(S-rx) - 8y^4 */ |
+ PREFIX(subtractShort)(t0, S, r->x); |
+ PREFIX(multiply)(t1, t0, M); |
+ PREFIX(square)(t0, twoY2); |
+ PREFIX(subtractLong)(t1, t1, t0); |
+ PREFIX(subtractLong)(t1, t1, t0); |
+ group->ecfp_reduce(r->y, t1, group); |
- /* rz = 2py */ |
- PREFIX(addShort) (r->z, p->y, p->y); |
+ /* rz = 2py */ |
+ PREFIX(addShort)(r->z, p->y, p->y); |
- /* rz2 = rz^2 */ |
- PREFIX(square) (t0, r->z); |
- group->ecfp_reduce(r->z2, t0, group); |
+ /* rz2 = rz^2 */ |
+ PREFIX(square)(t0, r->z); |
+ group->ecfp_reduce(r->z2, t0, group); |
- /* rz3 = rz^3 */ |
- PREFIX(multiply) (t0, r->z, r->z2); |
- group->ecfp_reduce(r->z3, t0, group); |
+ /* rz3 = rz^3 */ |
+ PREFIX(multiply)(t0, r->z, r->z2); |
+ group->ecfp_reduce(r->z3, t0, group); |
- CLEANUP: |
- return; |
+CLEANUP: |
+ return; |
} |
/* Perform a point addition using coordinates: Modified Jacobian + |
* Chudnovsky Jacobian -> Modified Jacobian. Input and output should be |
* multi-precision floating point integers. */ |
-void PREFIX(pt_add_jm_chud) (ecfp_jm_pt * p, ecfp_chud_pt * q, |
- ecfp_jm_pt * r, const EC_group_fp * group) { |
+void PREFIX(pt_add_jm_chud)(ecfp_jm_pt *p, ecfp_chud_pt *q, ecfp_jm_pt *r, |
+ const EC_group_fp *group) { |
- double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES], |
- U[2 * ECFP_NUMDOUBLES], R[2 * ECFP_NUMDOUBLES], |
- S[2 * ECFP_NUMDOUBLES], H[2 * ECFP_NUMDOUBLES], |
- H3[2 * ECFP_NUMDOUBLES], pz2[2 * ECFP_NUMDOUBLES]; |
+ double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES], |
+ U[2 * ECFP_NUMDOUBLES], R[2 * ECFP_NUMDOUBLES], S[2 * ECFP_NUMDOUBLES], |
+ H[2 * ECFP_NUMDOUBLES], H3[2 * ECFP_NUMDOUBLES], pz2[2 * ECFP_NUMDOUBLES]; |
- /* Check for point at infinity for p, if so set r = q need to convert |
- * from Chudnovsky form to Modified Jacobian form */ |
- if (PREFIX(pt_is_inf_jm) (p) == MP_YES) { |
- PREFIX(copy) (r->x, q->x); |
- PREFIX(copy) (r->y, q->y); |
- PREFIX(copy) (r->z, q->z); |
- PREFIX(square) (t0, q->z2); |
- group->ecfp_reduce(t0, t0, group); |
- PREFIX(multiply) (t1, t0, group->curvea); |
- group->ecfp_reduce(r->az4, t1, group); |
- goto CLEANUP; |
- } |
- /* Check for point at infinity for q, if so set r = p */ |
- if (PREFIX(pt_is_inf_chud) (q) == MP_YES) { |
- PREFIX(copy) (r->x, p->x); |
- PREFIX(copy) (r->y, p->y); |
- PREFIX(copy) (r->z, p->z); |
- PREFIX(copy) (r->az4, p->az4); |
- goto CLEANUP; |
- } |
+ /* Check for point at infinity for p, if so set r = q need to convert |
+ * from Chudnovsky form to Modified Jacobian form */ |
+ if (PREFIX(pt_is_inf_jm)(p) == MP_YES) { |
+ PREFIX(copy)(r->x, q->x); |
+ PREFIX(copy)(r->y, q->y); |
+ PREFIX(copy)(r->z, q->z); |
+ PREFIX(square)(t0, q->z2); |
+ group->ecfp_reduce(t0, t0, group); |
+ PREFIX(multiply)(t1, t0, group->curvea); |
+ group->ecfp_reduce(r->az4, t1, group); |
+ goto CLEANUP; |
+ } |
+ /* Check for point at infinity for q, if so set r = p */ |
+ if (PREFIX(pt_is_inf_chud)(q) == MP_YES) { |
+ PREFIX(copy)(r->x, p->x); |
+ PREFIX(copy)(r->y, p->y); |
+ PREFIX(copy)(r->z, p->z); |
+ PREFIX(copy)(r->az4, p->az4); |
+ goto CLEANUP; |
+ } |
- /* U = px * qz^2 */ |
- PREFIX(multiply) (U, p->x, q->z2); |
- group->ecfp_reduce(U, U, group); |
+ /* U = px * qz^2 */ |
+ PREFIX(multiply)(U, p->x, q->z2); |
+ group->ecfp_reduce(U, U, group); |
- /* H = qx*(pz)^2 - U */ |
- PREFIX(square) (t0, p->z); |
- group->ecfp_reduce(pz2, t0, group); |
- PREFIX(multiply) (H, pz2, q->x); |
- group->ecfp_reduce(H, H, group); |
- PREFIX(subtractShort) (H, H, U); |
+ /* H = qx*(pz)^2 - U */ |
+ PREFIX(square)(t0, p->z); |
+ group->ecfp_reduce(pz2, t0, group); |
+ PREFIX(multiply)(H, pz2, q->x); |
+ group->ecfp_reduce(H, H, group); |
+ PREFIX(subtractShort)(H, H, U); |
- /* U = U*H^2, H3 = H^3 */ |
- PREFIX(square) (t0, H); |
- group->ecfp_reduce(t0, t0, group); |
- PREFIX(multiply) (t1, U, t0); |
- group->ecfp_reduce(U, t1, group); |
- PREFIX(multiply) (H3, t0, H); |
- group->ecfp_reduce(H3, H3, group); |
+ /* U = U*H^2, H3 = H^3 */ |
+ PREFIX(square)(t0, H); |
+ group->ecfp_reduce(t0, t0, group); |
+ PREFIX(multiply)(t1, U, t0); |
+ group->ecfp_reduce(U, t1, group); |
+ PREFIX(multiply)(H3, t0, H); |
+ group->ecfp_reduce(H3, H3, group); |
- /* S = py * qz^3 */ |
- PREFIX(multiply) (S, p->y, q->z3); |
- group->ecfp_reduce(S, S, group); |
+ /* S = py * qz^3 */ |
+ PREFIX(multiply)(S, p->y, q->z3); |
+ group->ecfp_reduce(S, S, group); |
- /* R = (qy * z1^3 - s) */ |
- PREFIX(multiply) (t0, pz2, p->z); |
- group->ecfp_reduce(t0, t0, group); |
- PREFIX(multiply) (R, t0, q->y); |
- PREFIX(subtractShort) (R, R, S); |
- group->ecfp_reduce(R, R, group); |
+ /* R = (qy * z1^3 - s) */ |
+ PREFIX(multiply)(t0, pz2, p->z); |
+ group->ecfp_reduce(t0, t0, group); |
+ PREFIX(multiply)(R, t0, q->y); |
+ PREFIX(subtractShort)(R, R, S); |
+ group->ecfp_reduce(R, R, group); |
- /* rz = pz * qz * H */ |
- PREFIX(multiply) (t1, q->z, H); |
- group->ecfp_reduce(t1, t1, group); |
- PREFIX(multiply) (t0, p->z, t1); |
- group->ecfp_reduce(r->z, t0, group); |
+ /* rz = pz * qz * H */ |
+ PREFIX(multiply)(t1, q->z, H); |
+ group->ecfp_reduce(t1, t1, group); |
+ PREFIX(multiply)(t0, p->z, t1); |
+ group->ecfp_reduce(r->z, t0, group); |
- /* rx = R^2 - H^3 - 2 * U */ |
- PREFIX(square) (t0, R); |
- PREFIX(subtractShort) (t0, t0, H3); |
- PREFIX(subtractShort) (t0, t0, U); |
- PREFIX(subtractShort) (t0, t0, U); |
- group->ecfp_reduce(r->x, t0, group); |
+ /* rx = R^2 - H^3 - 2 * U */ |
+ PREFIX(square)(t0, R); |
+ PREFIX(subtractShort)(t0, t0, H3); |
+ PREFIX(subtractShort)(t0, t0, U); |
+ PREFIX(subtractShort)(t0, t0, U); |
+ group->ecfp_reduce(r->x, t0, group); |
- /* ry = R(U - rx) - S*H3 */ |
- PREFIX(subtractShort) (t1, U, r->x); |
- PREFIX(multiply) (t0, t1, R); |
- PREFIX(multiply) (t1, S, H3); |
- PREFIX(subtractLong) (t1, t0, t1); |
- group->ecfp_reduce(r->y, t1, group); |
+ /* ry = R(U - rx) - S*H3 */ |
+ PREFIX(subtractShort)(t1, U, r->x); |
+ PREFIX(multiply)(t0, t1, R); |
+ PREFIX(multiply)(t1, S, H3); |
+ PREFIX(subtractLong)(t1, t0, t1); |
+ group->ecfp_reduce(r->y, t1, group); |
- if (group->aIsM3) { /* a == -3 */ |
- /* a(rz^4) = -3 * ((rz^2)^2) */ |
- PREFIX(square) (t0, r->z); |
- group->ecfp_reduce(t0, t0, group); |
- PREFIX(square) (t1, t0); |
- PREFIX(addLong) (t0, t1, t1); |
- PREFIX(addLong) (t0, t0, t1); |
- PREFIX(negLong) (t0, t0); |
- group->ecfp_reduce(r->az4, t0, group); |
- } else { /* Generic case */ |
- /* a(rz^4) = a * ((rz^2)^2) */ |
- PREFIX(square) (t0, r->z); |
- group->ecfp_reduce(t0, t0, group); |
- PREFIX(square) (t1, t0); |
- group->ecfp_reduce(t1, t1, group); |
- PREFIX(multiply) (t0, group->curvea, t1); |
- group->ecfp_reduce(r->az4, t0, group); |
- } |
- CLEANUP: |
- return; |
+ if (group->aIsM3) {/* a == -3 */ |
+ /* a(rz^4) = -3 * ((rz^2)^2) */ |
+ PREFIX(square)(t0, r->z); |
+ group->ecfp_reduce(t0, t0, group); |
+ PREFIX(square)(t1, t0); |
+ PREFIX(addLong)(t0, t1, t1); |
+ PREFIX(addLong)(t0, t0, t1); |
+ PREFIX(negLong)(t0, t0); |
+ group->ecfp_reduce(r->az4, t0, group); |
+ } else {/* Generic case */ |
+ /* a(rz^4) = a * ((rz^2)^2) */ |
+ PREFIX(square)(t0, r->z); |
+ group->ecfp_reduce(t0, t0, group); |
+ PREFIX(square)(t1, t0); |
+ group->ecfp_reduce(t1, t1, group); |
+ PREFIX(multiply)(t0, group->curvea, t1); |
+ group->ecfp_reduce(r->az4, t0, group); |
+ } |
+CLEANUP: |
+ return; |
} |
/* Perform a point addition using Chudnovsky Jacobian coordinates. Input |
* and output should be multi-precision floating point integers. */ |
-void PREFIX(pt_add_chud) (const ecfp_chud_pt * p, const ecfp_chud_pt * q, |
- ecfp_chud_pt * r, const EC_group_fp * group) { |
+void PREFIX(pt_add_chud)(const ecfp_chud_pt *p, const ecfp_chud_pt *q, |
+ ecfp_chud_pt *r, const EC_group_fp *group) { |
- /* Temporary Storage */ |
- double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES], |
- U[2 * ECFP_NUMDOUBLES], R[2 * ECFP_NUMDOUBLES], |
- S[2 * ECFP_NUMDOUBLES], H[2 * ECFP_NUMDOUBLES], |
- H3[2 * ECFP_NUMDOUBLES]; |
+ /* Temporary Storage */ |
+ double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES], |
+ U[2 * ECFP_NUMDOUBLES], R[2 * ECFP_NUMDOUBLES], S[2 * ECFP_NUMDOUBLES], |
+ H[2 * ECFP_NUMDOUBLES], H3[2 * ECFP_NUMDOUBLES]; |
- /* Check for point at infinity for p, if so set r = q */ |
- if (PREFIX(pt_is_inf_chud) (p) == MP_YES) { |
- PREFIX(copy) (r->x, q->x); |
- PREFIX(copy) (r->y, q->y); |
- PREFIX(copy) (r->z, q->z); |
- PREFIX(copy) (r->z2, q->z2); |
- PREFIX(copy) (r->z3, q->z3); |
- goto CLEANUP; |
- } |
+ /* Check for point at infinity for p, if so set r = q */ |
+ if (PREFIX(pt_is_inf_chud)(p) == MP_YES) { |
+ PREFIX(copy)(r->x, q->x); |
+ PREFIX(copy)(r->y, q->y); |
+ PREFIX(copy)(r->z, q->z); |
+ PREFIX(copy)(r->z2, q->z2); |
+ PREFIX(copy)(r->z3, q->z3); |
+ goto CLEANUP; |
+ } |
- /* Check for point at infinity for p, if so set r = q */ |
- if (PREFIX(pt_is_inf_chud) (q) == MP_YES) { |
- PREFIX(copy) (r->x, p->x); |
- PREFIX(copy) (r->y, p->y); |
- PREFIX(copy) (r->z, p->z); |
- PREFIX(copy) (r->z2, p->z2); |
- PREFIX(copy) (r->z3, p->z3); |
- goto CLEANUP; |
- } |
+ /* Check for point at infinity for p, if so set r = q */ |
+ if (PREFIX(pt_is_inf_chud)(q) == MP_YES) { |
+ PREFIX(copy)(r->x, p->x); |
+ PREFIX(copy)(r->y, p->y); |
+ PREFIX(copy)(r->z, p->z); |
+ PREFIX(copy)(r->z2, p->z2); |
+ PREFIX(copy)(r->z3, p->z3); |
+ goto CLEANUP; |
+ } |
- /* U = px * qz^2 */ |
- PREFIX(multiply) (U, p->x, q->z2); |
- group->ecfp_reduce(U, U, group); |
+ /* U = px * qz^2 */ |
+ PREFIX(multiply)(U, p->x, q->z2); |
+ group->ecfp_reduce(U, U, group); |
- /* H = qx*(pz)^2 - U */ |
- PREFIX(multiply) (H, q->x, p->z2); |
- PREFIX(subtractShort) (H, H, U); |
- group->ecfp_reduce(H, H, group); |
+ /* H = qx*(pz)^2 - U */ |
+ PREFIX(multiply)(H, q->x, p->z2); |
+ PREFIX(subtractShort)(H, H, U); |
+ group->ecfp_reduce(H, H, group); |
- /* U = U*H^2, H3 = H^3 */ |
- PREFIX(square) (t0, H); |
- group->ecfp_reduce(t0, t0, group); |
- PREFIX(multiply) (t1, U, t0); |
- group->ecfp_reduce(U, t1, group); |
- PREFIX(multiply) (H3, t0, H); |
- group->ecfp_reduce(H3, H3, group); |
+ /* U = U*H^2, H3 = H^3 */ |
+ PREFIX(square)(t0, H); |
+ group->ecfp_reduce(t0, t0, group); |
+ PREFIX(multiply)(t1, U, t0); |
+ group->ecfp_reduce(U, t1, group); |
+ PREFIX(multiply)(H3, t0, H); |
+ group->ecfp_reduce(H3, H3, group); |
- /* S = py * qz^3 */ |
- PREFIX(multiply) (S, p->y, q->z3); |
- group->ecfp_reduce(S, S, group); |
+ /* S = py * qz^3 */ |
+ PREFIX(multiply)(S, p->y, q->z3); |
+ group->ecfp_reduce(S, S, group); |
- /* rz = pz * qz * H */ |
- PREFIX(multiply) (t0, q->z, H); |
- group->ecfp_reduce(t0, t0, group); |
- PREFIX(multiply) (t1, t0, p->z); |
- group->ecfp_reduce(r->z, t1, group); |
+ /* rz = pz * qz * H */ |
+ PREFIX(multiply)(t0, q->z, H); |
+ group->ecfp_reduce(t0, t0, group); |
+ PREFIX(multiply)(t1, t0, p->z); |
+ group->ecfp_reduce(r->z, t1, group); |
- /* R = (qy * z1^3 - s) */ |
- PREFIX(multiply) (t0, q->y, p->z3); |
- PREFIX(subtractShort) (t0, t0, S); |
- group->ecfp_reduce(R, t0, group); |
+ /* R = (qy * z1^3 - s) */ |
+ PREFIX(multiply)(t0, q->y, p->z3); |
+ PREFIX(subtractShort)(t0, t0, S); |
+ group->ecfp_reduce(R, t0, group); |
- /* rx = R^2 - H^3 - 2 * U */ |
- PREFIX(square) (t0, R); |
- PREFIX(subtractShort) (t0, t0, H3); |
- PREFIX(subtractShort) (t0, t0, U); |
- PREFIX(subtractShort) (t0, t0, U); |
- group->ecfp_reduce(r->x, t0, group); |
+ /* rx = R^2 - H^3 - 2 * U */ |
+ PREFIX(square)(t0, R); |
+ PREFIX(subtractShort)(t0, t0, H3); |
+ PREFIX(subtractShort)(t0, t0, U); |
+ PREFIX(subtractShort)(t0, t0, U); |
+ group->ecfp_reduce(r->x, t0, group); |
- /* ry = R(U - rx) - S*H3 */ |
- PREFIX(subtractShort) (t1, U, r->x); |
- PREFIX(multiply) (t0, t1, R); |
- PREFIX(multiply) (t1, S, H3); |
- PREFIX(subtractLong) (t1, t0, t1); |
- group->ecfp_reduce(r->y, t1, group); |
+ /* ry = R(U - rx) - S*H3 */ |
+ PREFIX(subtractShort)(t1, U, r->x); |
+ PREFIX(multiply)(t0, t1, R); |
+ PREFIX(multiply)(t1, S, H3); |
+ PREFIX(subtractLong)(t1, t0, t1); |
+ group->ecfp_reduce(r->y, t1, group); |
- /* rz2 = rz^2 */ |
- PREFIX(square) (t0, r->z); |
- group->ecfp_reduce(r->z2, t0, group); |
+ /* rz2 = rz^2 */ |
+ PREFIX(square)(t0, r->z); |
+ group->ecfp_reduce(r->z2, t0, group); |
- /* rz3 = rz^3 */ |
- PREFIX(multiply) (t0, r->z, r->z2); |
- group->ecfp_reduce(r->z3, t0, group); |
+ /* rz3 = rz^3 */ |
+ PREFIX(multiply)(t0, r->z, r->z2); |
+ group->ecfp_reduce(r->z3, t0, group); |
- CLEANUP: |
- return; |
+CLEANUP: |
+ return; |
} |
/* Expects out to be an array of size 16 of Chudnovsky Jacobian points. |
* Fills in Chudnovsky Jacobian form (x, y, z, z^2, z^3), for -15P, -13P, |
* -11P, -9P, -7P, -5P, -3P, -P, P, 3P, 5P, 7P, 9P, 11P, 13P, 15P */ |
-void PREFIX(precompute_chud) (ecfp_chud_pt * out, const ecfp_aff_pt * p, |
- const EC_group_fp * group) { |
+void PREFIX(precompute_chud)(ecfp_chud_pt *out, const ecfp_aff_pt *p, |
+ const EC_group_fp *group) { |
- ecfp_chud_pt p2; |
+ ecfp_chud_pt p2; |
- /* Set out[8] = P */ |
- PREFIX(copy) (out[8].x, p->x); |
- PREFIX(copy) (out[8].y, p->y); |
- PREFIX(one) (out[8].z); |
- PREFIX(one) (out[8].z2); |
- PREFIX(one) (out[8].z3); |
+ /* Set out[8] = P */ |
+ PREFIX(copy)(out[8].x, p->x); |
+ PREFIX(copy)(out[8].y, p->y); |
+ PREFIX(one)(out[8].z); |
+ PREFIX(one)(out[8].z2); |
+ PREFIX(one)(out[8].z3); |
- /* Set p2 = 2P */ |
- PREFIX(pt_dbl_aff2chud) (p, &p2, group); |
+ /* Set p2 = 2P */ |
+ PREFIX(pt_dbl_aff2chud)(p, &p2, group); |
- /* Set 3P, 5P, ..., 15P */ |
- PREFIX(pt_add_chud) (&out[8], &p2, &out[9], group); |
- PREFIX(pt_add_chud) (&out[9], &p2, &out[10], group); |
- PREFIX(pt_add_chud) (&out[10], &p2, &out[11], group); |
- PREFIX(pt_add_chud) (&out[11], &p2, &out[12], group); |
- PREFIX(pt_add_chud) (&out[12], &p2, &out[13], group); |
- PREFIX(pt_add_chud) (&out[13], &p2, &out[14], group); |
- PREFIX(pt_add_chud) (&out[14], &p2, &out[15], group); |
+ /* Set 3P, 5P, ..., 15P */ |
+ PREFIX(pt_add_chud)(&out[8], &p2, &out[9], group); |
+ PREFIX(pt_add_chud)(&out[9], &p2, &out[10], group); |
+ PREFIX(pt_add_chud)(&out[10], &p2, &out[11], group); |
+ PREFIX(pt_add_chud)(&out[11], &p2, &out[12], group); |
+ PREFIX(pt_add_chud)(&out[12], &p2, &out[13], group); |
+ PREFIX(pt_add_chud)(&out[13], &p2, &out[14], group); |
+ PREFIX(pt_add_chud)(&out[14], &p2, &out[15], group); |
- /* Set -15P, -13P, ..., -P */ |
- PREFIX(pt_neg_chud) (&out[8], &out[7]); |
- PREFIX(pt_neg_chud) (&out[9], &out[6]); |
- PREFIX(pt_neg_chud) (&out[10], &out[5]); |
- PREFIX(pt_neg_chud) (&out[11], &out[4]); |
- PREFIX(pt_neg_chud) (&out[12], &out[3]); |
- PREFIX(pt_neg_chud) (&out[13], &out[2]); |
- PREFIX(pt_neg_chud) (&out[14], &out[1]); |
- PREFIX(pt_neg_chud) (&out[15], &out[0]); |
+ /* Set -15P, -13P, ..., -P */ |
+ PREFIX(pt_neg_chud)(&out[8], &out[7]); |
+ PREFIX(pt_neg_chud)(&out[9], &out[6]); |
+ PREFIX(pt_neg_chud)(&out[10], &out[5]); |
+ PREFIX(pt_neg_chud)(&out[11], &out[4]); |
+ PREFIX(pt_neg_chud)(&out[12], &out[3]); |
+ PREFIX(pt_neg_chud)(&out[13], &out[2]); |
+ PREFIX(pt_neg_chud)(&out[14], &out[1]); |
+ PREFIX(pt_neg_chud)(&out[15], &out[0]); |
} |
/* Expects out to be an array of size 16 of Jacobian points. Fills in |
* Jacobian form (x, y, z), for O, P, 2P, ... 15P */ |
-void PREFIX(precompute_jac) (ecfp_jac_pt * precomp, const ecfp_aff_pt * p, |
- const EC_group_fp * group) { |
- int i; |
+void PREFIX(precompute_jac)(ecfp_jac_pt *precomp, const ecfp_aff_pt *p, |
+ const EC_group_fp *group) { |
+ int i; |
- /* fill precomputation table */ |
- /* set precomp[0] */ |
- PREFIX(set_pt_inf_jac) (&precomp[0]); |
- /* set precomp[1] */ |
- PREFIX(copy) (precomp[1].x, p->x); |
- PREFIX(copy) (precomp[1].y, p->y); |
- if (PREFIX(pt_is_inf_aff) (p) == MP_YES) { |
- PREFIX(zero) (precomp[1].z); |
- } else { |
- PREFIX(one) (precomp[1].z); |
- } |
- /* set precomp[2] */ |
- group->pt_dbl_jac(&precomp[1], &precomp[2], group); |
+ /* fill precomputation table */ |
+ /* set precomp[0] */ |
+ PREFIX(set_pt_inf_jac)(&precomp[0]); |
+ /* set precomp[1] */ |
+ PREFIX(copy)(precomp[1].x, p->x); |
+ PREFIX(copy)(precomp[1].y, p->y); |
+ if (PREFIX(pt_is_inf_aff)(p) == MP_YES) { |
+ PREFIX(zero)(precomp[1].z); |
+ } else { |
+ PREFIX(one)(precomp[1].z); |
+ } |
+ /* set precomp[2] */ |
+ group->pt_dbl_jac(&precomp[1], &precomp[2], group); |
- /* set rest of precomp */ |
- for (i = 3; i < 16; i++) { |
- group->pt_add_jac_aff(&precomp[i - 1], p, &precomp[i], group); |
- } |
+ /* set rest of precomp */ |
+ for (i = 3; i < 16; i++) { |
+ group->pt_add_jac_aff(&precomp[i - 1], p, &precomp[i], group); |
+ } |
} |