X-Git-Url: https://pd.if.org/git/?a=blobdiff_plain;f=crypto%2Fref10%2Fscalarmult.c;fp=crypto%2Fref10%2Fscalarmult.c;h=a6bc632e03599a90d492b4fa678831a26b4b65b8;hb=66bc25938679f1d6a1d1200f329093d82a5e99b4;hp=0000000000000000000000000000000000000000;hpb=a52ee0733f420ca20224049260d6fc5cf7d8f621;p=zpackage

diff --git a/crypto/ref10/scalarmult.c b/crypto/ref10/scalarmult.c
new file mode 100644
index 0000000..a6bc632
--- /dev/null
+++ b/crypto/ref10/scalarmult.c
@@ -0,0 +1,65 @@
+#include <stdint.h>
+#include "fe.h"
+
+int x25519(unsigned char *q, const unsigned char *n, const unsigned
+		char *p) {
+	unsigned char e[32];
+	unsigned int i;
+	int32_t x1[10];
+	int32_t x2[10];
+	int32_t z2[10];
+	int32_t x3[10];
+	int32_t z3[10];
+	int32_t tmp0[10];
+	int32_t tmp1[10];
+	int pos;
+	unsigned int swap;
+	unsigned int b;
+
+	for (i = 0;i < 32;++i) e[i] = n[i];
+	e[0] &= 248;
+	e[31] &= 127;
+	e[31] |= 64;
+	fe_frombytes(x1,p);
+	fe_1(x2);
+	fe_0(z2);
+	fe_copy(x3,x1);
+	fe_1(z3);
+
+	swap = 0;
+	for (pos = 254;pos >= 0;--pos) {
+		b = e[pos / 8] >> (pos & 7);
+		b &= 1;
+		swap ^= b;
+		fe_cswap(x2,x3,swap);
+		fe_cswap(z2,z3,swap);
+		swap = b;
+
+		fe_sub(tmp0,x3,z3); /* qhasm: D = X3-Z3 */
+		fe_sub(tmp1,x2,z2); /* qhasm: B = X2-Z2 */
+		fe_add(x2,x2,z2); /* qhasm: A = X2+Z2 */
+		fe_add(z2,x3,z3); /* qhasm: C = X3+Z3 */
+		fe_mul(z3,tmp0,x2); /* qhasm: DA = D*A */
+		fe_mul(z2,z2,tmp1); /* qhasm: CB = C*B */
+		fe_sq(tmp0,tmp1); /* qhasm: BB = B^2 */
+		fe_sq(tmp1,x2); /* qhasm: AA = A^2 */
+		fe_add(x3,z3,z2); /* qhasm: t0 = DA+CB */
+		/* qhasm: assign x3 to t0 */
+		fe_sub(z2,z3,z2); /* qhasm: t1 = DA-CB */
+		fe_mul(x2,tmp1,tmp0); /* qhasm: X4 = AA*BB */
+		fe_sub(tmp1,tmp1,tmp0); /* qhasm: E = AA-BB */
+		fe_sq(z2,z2); /* qhasm: t2 = t1^2 */
+		fe_mul121666(z3,tmp1); /* qhasm: t3 = a24*E */
+		fe_sq(x3,x3); /* qhasm: X5 = t0^2 */
+		fe_add(tmp0,tmp0,z3); /* qhasm: t4 = BB+t3 */
+		fe_mul(z3,x1,z2); /* qhasm: Z5 = X1*t2 */
+		fe_mul(z2,tmp1,tmp0); /* qhasm: Z4 = E*t4 */
+	}
+	fe_cswap(x2,x3,swap);
+	fe_cswap(z2,z3,swap);
+
+	fe_invert(z2,z2);
+	fe_mul(x2,x2,z2);
+	fe_tobytes(q,x2);
+	return 0;
+}