-rw-r--r-- 1299 lib25519-20241004/crypto_nP/montgomery25519/amd64-51/mont25519.c raw
// 20240926 djb: using cryptoint
#include "randombytes.h"
#include "crypto_nP.h"
#include "fe25519.h"
#include "crypto_uint8.h"
#define work_cswap CRYPTO_SHARED_NAMESPACE(work_cswap)
#define ladderstep CRYPTO_SHARED_NAMESPACE(ladderstep)
extern void work_cswap(fe25519 *, unsigned long long);
extern void ladderstep(fe25519 *work);
static void mladder(fe25519 *xr, fe25519 *zr, const unsigned char s[32])
{
fe25519 work[5];
unsigned char bit, prevbit=0;
unsigned long long swap;
int j;
int i;
work[0] = *xr;
fe25519_setint(work+1,1);
fe25519_setint(work+2,0);
work[3] = *xr;
fe25519_setint(work+4,1);
j = 6;
for(i=31;i>=0;i--)
{
while(j >= 0)
{
bit = crypto_uint8_bitmod_01(s[i],j);
swap = bit ^ prevbit;
prevbit = bit;
work_cswap(work+1, swap);
ladderstep(work);
j -= 1;
}
j = 7;
}
*xr = work[1];
*zr = work[2];
}
void crypto_nP(unsigned char *nP,
const unsigned char *n,
const unsigned char *P)
{
unsigned char e[32];
int i;
for(i=0;i<32;i++) e[i] = n[i];
e[0] &= 248;
e[31] &= 127;
e[31] |= 64;
fe25519 t;
fe25519 z;
fe25519_unpack(&t, P);
mladder(&t, &z, e);
fe25519_invert(&z, &z);
fe25519_mul(&t, &t, &z);
fe25519_pack(nP, &t);
}