#include #include "fe.h" int x25519(unsigned char *q, const unsigned char *n, const unsigned char *p) { unsigned char e[32]; unsigned int i; int32_t x1[10]; int32_t x2[10]; int32_t z2[10]; int32_t x3[10]; int32_t z3[10]; int32_t tmp0[10]; int32_t tmp1[10]; int pos; unsigned int swap; unsigned int b; for (i = 0;i < 32;++i) e[i] = n[i]; e[0] &= 248; e[31] &= 127; e[31] |= 64; fe_frombytes(x1,p); fe_1(x2); fe_0(z2); fe_copy(x3,x1); fe_1(z3); swap = 0; for (pos = 254;pos >= 0;--pos) { b = e[pos / 8] >> (pos & 7); b &= 1; swap ^= b; fe_cswap(x2,x3,swap); fe_cswap(z2,z3,swap); swap = b; fe_sub(tmp0,x3,z3); /* qhasm: D = X3-Z3 */ fe_sub(tmp1,x2,z2); /* qhasm: B = X2-Z2 */ fe_add(x2,x2,z2); /* qhasm: A = X2+Z2 */ fe_add(z2,x3,z3); /* qhasm: C = X3+Z3 */ fe_mul(z3,tmp0,x2); /* qhasm: DA = D*A */ fe_mul(z2,z2,tmp1); /* qhasm: CB = C*B */ fe_sq(tmp0,tmp1); /* qhasm: BB = B^2 */ fe_sq(tmp1,x2); /* qhasm: AA = A^2 */ fe_add(x3,z3,z2); /* qhasm: t0 = DA+CB */ /* qhasm: assign x3 to t0 */ fe_sub(z2,z3,z2); /* qhasm: t1 = DA-CB */ fe_mul(x2,tmp1,tmp0); /* qhasm: X4 = AA*BB */ fe_sub(tmp1,tmp1,tmp0); /* qhasm: E = AA-BB */ fe_sq(z2,z2); /* qhasm: t2 = t1^2 */ fe_mul121666(z3,tmp1); /* qhasm: t3 = a24*E */ fe_sq(x3,x3); /* qhasm: X5 = t0^2 */ fe_add(tmp0,tmp0,z3); /* qhasm: t4 = BB+t3 */ fe_mul(z3,x1,z2); /* qhasm: Z5 = X1*t2 */ fe_mul(z2,tmp1,tmp0); /* qhasm: Z4 = E*t4 */ } fe_cswap(x2,x3,swap); fe_cswap(z2,z3,swap); fe_invert(z2,z2); fe_mul(x2,x2,z2); fe_tobytes(q,x2); return 0; }