void
ecc_mul_a (const struct ecc_curve *ecc,
int initial, mp_limb_t *r,
const mp_limb_t *np, const mp_limb_t *p,
mp_limb_t *scratch)
{
#define tp scratch
#define pj (scratch + 3*ecc->size)
#define scratch_out (scratch + 6*ecc->size)
int is_zero;
unsigned i;
ecc_a_to_j (ecc, initial, pj, p);
mpn_zero (r, 3*ecc->size);
for (i = ecc->size, is_zero = 1; i-- > 0; )
{
mp_limb_t w = np[i];
mp_limb_t bit;
for (bit = (mp_limb_t) 1 << (GMP_NUMB_BITS - 1);
bit > 0;
bit >>= 1)
{
int digit;
ecc_dup_jj (ecc, r, r, scratch_out);
ecc_add_jja (ecc, tp, r, pj, scratch_out);
digit = (w & bit) > 0;
/* If is_zero is set, r is the zero point,
and ecc_add_jja produced garbage. */
cnd_copy (is_zero, tp, pj, 3*ecc->size);
is_zero &= ~digit;
/* If we had a one-bit, use the sum. */
cnd_copy (digit, r, tp, 3*ecc->size);
}
}
}
void
ecc_mul_a_eh (const struct ecc_curve *ecc,
mp_limb_t *r,
const mp_limb_t *np, const mp_limb_t *p,
mp_limb_t *scratch)
{
#define pe scratch
#define tp (scratch + 3*ecc->p.size)
#define scratch_out (scratch + 6*ecc->p.size)
unsigned i;
ecc_a_to_j (ecc, pe, p);
/* x = 0, y = 1, z = 1 */
mpn_zero (r, 3*ecc->p.size);
r[ecc->p.size] = r[2*ecc->p.size] = 1;
for (i = ecc->p.size; i-- > 0; )
{
mp_limb_t w = np[i];
mp_limb_t bit;
for (bit = (mp_limb_t) 1 << (GMP_NUMB_BITS - 1);
bit > 0;
bit >>= 1)
{
int digit;
ecc_dup_eh (ecc, r, r, scratch_out);
ecc_add_ehh (ecc, tp, r, pe, scratch_out);
digit = (w & bit) > 0;
/* If we had a one-bit, use the sum. */
cnd_copy (digit, r, tp, 3*ecc->p.size);
}
}
}
