void zzn2_mul(_MIPD_ zzn2 *x,zzn2 *y,zzn2 *w)
{
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
if (mr_mip->ERNUM) return;
if (x==y) {zzn2_sqr(_MIPP_ x,w); return; }
MR_IN(162)
/* Uses w1, w2, and w5 */
if (zzn2_iszero(x) || zzn2_iszero(y)) zzn2_zero(w);
else
{
#ifdef MR_COUNT_OPS
fpmq++;
#endif
#ifndef MR_NO_LAZY_REDUCTION
if (x->a->len!=0 && x->b->len!=0 && y->a->len!=0 && y->b->len!=0)
nres_lazy(_MIPP_ x->a,x->b,y->a,y->b,w->a,w->b);
else
{
#endif
nres_modmult(_MIPP_ x->a,y->a,mr_mip->w1);
nres_modmult(_MIPP_ x->b,y->b,mr_mip->w2);
nres_modadd(_MIPP_ x->a,x->b,mr_mip->w5);
nres_modadd(_MIPP_ y->a,y->b,w->b);
nres_modmult(_MIPP_ w->b,mr_mip->w5,w->b);
nres_modsub(_MIPP_ w->b,mr_mip->w1,w->b);
nres_modsub(_MIPP_ w->b,mr_mip->w2,w->b);
nres_modsub(_MIPP_ mr_mip->w1,mr_mip->w2,w->a);
if (mr_mip->qnr==-2)
nres_modsub(_MIPP_ w->a,mr_mip->w2,w->a);
#ifndef MR_NO_LAZY_REDUCTION
}
#endif
}
MR_OUT
}
int crypto_dh(unsigned char *s,const unsigned char* pk,const unsigned char *sk)
{
int i,promptr;
ecn2 P;
big A,B,p,a[2];
zzn2 x,y,psi[2];
miracl instance; /* create miracl workspace on the stack */
/* Specify base 16 here so that HEX can be read in directly without a base-change */
miracl *mip=mirsys(&instance,WORDS*16,16); /* size of bigs is fixed */
char mem_big[MR_BIG_RESERVE(17)]; /* we need 17 bigs... */
memset(mem_big, 0, MR_BIG_RESERVE(17)); /* clear the memory */
A=mirvar_mem(mip, mem_big, 0); /* Initialise big numbers */
B=mirvar_mem(mip, mem_big, 1);
x.a=mirvar_mem(mip, mem_big, 2);
x.b=mirvar_mem(mip, mem_big, 3);
#ifndef COMPRESSED
y.a=mirvar_mem(mip, mem_big, 4);
y.b=mirvar_mem(mip, mem_big, 5);
#endif
a[0]=mirvar_mem(mip, mem_big, 6);
a[1]=mirvar_mem(mip, mem_big, 7);
p=mirvar_mem(mip, mem_big, 8);
P.x.a=mirvar_mem(mip, mem_big, 9);
P.x.b=mirvar_mem(mip, mem_big, 10);
P.y.a=mirvar_mem(mip, mem_big, 11);
P.y.b=mirvar_mem(mip, mem_big, 12);
P.z.a=mirvar_mem(mip, mem_big, 13);
P.z.b=mirvar_mem(mip, mem_big, 14);
P.marker=MR_EPOINT_INFINITY;
psi[0].a=mirvar_mem(mip, mem_big, 15);
psi[0].b=mirvar_mem(mip, mem_big, 16);
promptr=0;
init_big_from_rom(p,WORDS,rom,16,&promptr); /* Read in prime modulus p from ROM */
init_big_from_rom(B,WORDS,rom,16,&promptr); /* Read in curve parameter B from ROM */
init_big_from_rom(psi[0].a,WORDS,rom,16,&promptr);
init_big_from_rom(psi[0].b,WORDS,rom,16,&promptr);
init_big_from_rom(x.a,WORDS,rom,16,&promptr);
init_big_from_rom(x.b,WORDS,rom,16,&promptr);
#ifndef COMPRESSED
init_big_from_rom(y.a,WORDS,rom,16,&promptr);
init_big_from_rom(y.b,WORDS,rom,16,&promptr);
#endif
convert(mip,1,A); /* Fix A=1 */
/* offline calculations */
ecurve_init(mip,A,B,p,MR_PROJECTIVE);
mip->TWIST=TRUE;
/* Alice calculates secret key */
bytes_to_big(mip,16,pk,x.a);
bytes_to_big(mip,16,&pk[16],x.b);
bytes_to_big(mip,16,sk,a[0]);
bytes_to_big(mip,16,&sk[16],a[1]);
#ifndef COMPRESSED
bytes_to_big(mip,16,&pk[32],y.a);
bytes_to_big(mip,16,&pk[48],y.b);
if (!ecn2_set(mip,&x,&y,&P))
{
memset(mem_big, 0, MR_BIG_RESERVE(17));
mirexit(mip);
return -1;
}
#else
if (!ecn2_setx(mip,&x,&P))
{
memset(mem_big, 0, MR_BIG_RESERVE(17));
mirexit(mip);
return -1;
}
#endif
ecn2_mul2_gls(mip,a,&P,psi,&P);
ecn2_getx(&P,&x);
#ifdef COMPRESSED
zzn2_sqr(mip,&x,&x); /* I tossed y, so I might have wrong sign.. */
#endif
big_to_bytes(mip,16,x.a,s,TRUE);
big_to_bytes(mip,16,x.b,&s[16],TRUE);
memset(mem_big, 0, MR_BIG_RESERVE(17));
mirexit(mip);
return 0;
}