void sccd_ec_add(sccd_ec_t result, const sccd_ec_t a, const sccd_ec_t b) {
#if defined(SCCD_BACKEND_C25519)
ed25519_add(result, a, b);
#elif defined(SCCD_BACKEND_RELIC)
ec_add(result, a, b);
#endif
}
void ed25519_smult(ge_p3 *r_out, const ge_p3 *p, const byte *e)
{
ge_p3 r;
int i;
XMEMCPY(&r, &ed25519_neutral, sizeof(r));
for (i = 255; i >= 0; i--) {
const byte bit = (e[i >> 3] >> (i & 7)) & 1;
ge_p3 s;
ed25519_double(&r, &r);
ed25519_add(&s, &r, p);
fe_select(r.X, r.X, s.X, bit);
fe_select(r.Y, r.Y, s.Y, bit);
fe_select(r.Z, r.Z, s.Z, bit);
fe_select(r.T, r.T, s.T, bit);
}
XMEMCPY(r_out, &r, sizeof(r));
}
int ge_double_scalarmult_vartime(ge_p2* R, const unsigned char *h,
const ge_p3 *inA,const unsigned char *sig)
{
ge_p3 p, A;
int ret = 0;
XMEMCPY(&A, inA, sizeof(ge_p3));
/* find SB */
ed25519_smult(&p, &ed25519_base, sig);
/* find H(R,A,M) * -A */
ed25519_smult(&A, &A, h);
/* SB + -H(R,A,M)A */
ed25519_add(&A, &p, &A);
fe_copy(R->X, A.X);
fe_copy(R->Y, A.Y);
fe_copy(R->Z, A.Z);
return ret;
}
