CryptX
view release on metacpan or search on metacpan
src/ltc/math/tfm_desc.c view on Meta::CPAN
if ((err = ltc_ecc_is_point_at_infinity(P, modulus, &inf)) != CRYPT_OK) return err;
if (inf) {
/* P is point at infinity >> Result = Q */
ltc_mp.copy(Q->x, R->x);
ltc_mp.copy(Q->y, R->y);
ltc_mp.copy(Q->z, R->z);
return CRYPT_OK;
}
if ((err = ltc_ecc_is_point_at_infinity(Q, modulus, &inf)) != CRYPT_OK) return err;
if (inf) {
/* Q is point at infinity >> Result = P */
ltc_mp.copy(P->x, R->x);
ltc_mp.copy(P->y, R->y);
ltc_mp.copy(P->z, R->z);
return CRYPT_OK;
}
/* should we dbl instead? */
fp_sub(TFM_UNCONST(void *)modulus, Q->y, &t1);
if ( (fp_cmp(P->x, Q->x) == FP_EQ) &&
(Q->z != NULL && fp_cmp(P->z, Q->z) == FP_EQ) &&
(fp_cmp(P->y, Q->y) == FP_EQ || fp_cmp(P->y, &t1) == FP_EQ)) {
dbl_point:
return tfm_ecc_projective_dbl_point(P, R, ma, modulus, Mp);
}
fp_copy(P->x, &x);
fp_copy(P->y, &y);
fp_copy(P->z, &z);
/* if Z is one then these are no-operations */
if (Q->z != NULL) {
/* T1 = Z' * Z' */
fp_sqr(Q->z, &t1);
fp_montgomery_reduce(&t1, TFM_UNCONST(void *)modulus, mp);
/* X = X * T1 */
fp_mul(&t1, &x, &x);
fp_montgomery_reduce(&x, TFM_UNCONST(void *)modulus, mp);
/* T1 = Z' * T1 */
fp_mul(Q->z, &t1, &t1);
fp_montgomery_reduce(&t1, TFM_UNCONST(void *)modulus, mp);
/* Y = Y * T1 */
fp_mul(&t1, &y, &y);
fp_montgomery_reduce(&y, TFM_UNCONST(void *)modulus, mp);
}
/* T1 = Z*Z */
fp_sqr(&z, &t1);
fp_montgomery_reduce(&t1, TFM_UNCONST(void *)modulus, mp);
/* T2 = X' * T1 */
fp_mul(Q->x, &t1, &t2);
fp_montgomery_reduce(&t2, TFM_UNCONST(void *)modulus, mp);
/* T1 = Z * T1 */
fp_mul(&z, &t1, &t1);
fp_montgomery_reduce(&t1, TFM_UNCONST(void *)modulus, mp);
/* T1 = Y' * T1 */
fp_mul(Q->y, &t1, &t1);
fp_montgomery_reduce(&t1, TFM_UNCONST(void *)modulus, mp);
/* Same-affine dispatch (mirror of ltc_ecc_projective_add_point): A==B means P,Q share affine x; dispatch to dbl or O before the formulas */
if (fp_cmp(&x, &t2) == FP_EQ) {
if (fp_cmp(&y, &t1) == FP_EQ) goto dbl_point;
ltc_mp.set_int(R->x, 1);
ltc_mp.set_int(R->y, 1);
ltc_mp.set_int(R->z, 0);
return CRYPT_OK;
}
/* Y = Y - T1 */
fp_sub(&y, &t1, &y);
if (fp_cmp_d(&y, 0) == FP_LT) {
fp_add(&y, TFM_UNCONST(void *)modulus, &y);
}
/* T1 = 2T1 */
fp_add(&t1, &t1, &t1);
if (fp_cmp(&t1, TFM_UNCONST(void *)modulus) != FP_LT) {
fp_sub(&t1, TFM_UNCONST(void *)modulus, &t1);
}
/* T1 = Y + T1 */
fp_add(&t1, &y, &t1);
if (fp_cmp(&t1, TFM_UNCONST(void *)modulus) != FP_LT) {
fp_sub(&t1, TFM_UNCONST(void *)modulus, &t1);
}
/* X = X - T2 */
fp_sub(&x, &t2, &x);
if (fp_cmp_d(&x, 0) == FP_LT) {
fp_add(&x, TFM_UNCONST(void *)modulus, &x);
}
/* T2 = 2T2 */
fp_add(&t2, &t2, &t2);
if (fp_cmp(&t2, TFM_UNCONST(void *)modulus) != FP_LT) {
fp_sub(&t2, TFM_UNCONST(void *)modulus, &t2);
}
/* T2 = X + T2 */
fp_add(&t2, &x, &t2);
if (fp_cmp(&t2, TFM_UNCONST(void *)modulus) != FP_LT) {
fp_sub(&t2, TFM_UNCONST(void *)modulus, &t2);
}
/* if Z' != 1 */
if (Q->z != NULL) {
/* Z = Z * Z' */
fp_mul(&z, Q->z, &z);
fp_montgomery_reduce(&z, TFM_UNCONST(void *)modulus, mp);
}
/* Z = Z * X */
fp_mul(&z, &x, &z);
fp_montgomery_reduce(&z, TFM_UNCONST(void *)modulus, mp);
/* T1 = T1 * X */
fp_mul(&t1, &x, &t1);
fp_montgomery_reduce(&t1, TFM_UNCONST(void *)modulus, mp);
/* X = X * X */
fp_sqr(&x, &x);
fp_montgomery_reduce(&x, TFM_UNCONST(void *)modulus, mp);
/* T2 = T2 * x */
fp_mul(&t2, &x, &t2);
fp_montgomery_reduce(&t2, TFM_UNCONST(void *)modulus, mp);
/* T1 = T1 * X */
( run in 1.512 second using v1.01-cache-2.11-cpan-5735350b133 )