void eb_curve_set_ordin(const fb_t a, const fb_t b, const eb_t g, const bn_t r,
const bn_t h) {
ctx_t *ctx = core_get();
fb_copy(ctx->eb_a, a);
fb_copy(ctx->eb_b, b);
detect_opt(&(ctx->eb_opt_a), ctx->eb_a);
detect_opt(&(ctx->eb_opt_b), ctx->eb_b);
ctx->eb_is_super = 0;
if (fb_cmp_dig(ctx->eb_b, 1) == CMP_EQ) {
ctx->eb_is_kbltz = 1;
} else {
ctx->eb_is_kbltz = 0;
}
#if defined(EB_KBLTZ) && (EB_MUL == LWNAF || EB_FIX == LWNAF || EB_SIM == INTER || !defined(STRIP))
if (ctx->eb_is_kbltz) {
compute_kbltz();
}
#endif
eb_norm(&(ctx->eb_g), g);
bn_copy(&(ctx->eb_r), r);
bn_copy(&(ctx->eb_h), h);
#if defined(EB_PRECO)
eb_mul_pre((eb_t *)eb_curve_get_tab(), &(ctx->eb_g));
#endif
}
void eb_pck(eb_t r, const eb_t p) {
if (eb_curve_is_super()) {
/* z3 = y1/c. */
fb_inv(r->z, eb_curve_get_c());
fb_mul(r->z, r->z, p->y);
/* x3 = x1. */
fb_copy(r->x, p->x);
/* y3 = b(y1/c). */
fb_set_dig(r->y, fb_get_bit(r->z, 0));
/* z3 = 1. */
fb_set_dig(r->z, 1);
} else {
/* z3 = y1/x1. */
fb_inv(r->z, p->x);
fb_mul(r->z, r->z, p->y);
/* x3 = x1. */
fb_copy(r->x, p->x);
/* y3 = b(y1/x1). */
fb_set_dig(r->y, fb_get_bit(r->z, 0));
/* z3 = 1. */
fb_set_dig(r->z, 1);
}
r->norm = 1;
}
void eb_curve_set_ordin(fb_t a, fb_t b, eb_t g, bn_t r, bn_t h) {
fb_copy(curve_a, a);
fb_copy(curve_b, b);
detect_opt(&curve_opt_a, curve_a);
detect_opt(&curve_opt_b, curve_b);
curve_is_super = 0;
if (fb_cmp_dig(curve_b, 1) == CMP_EQ) {
curve_is_kbltz = 1;
} else {
curve_is_kbltz = 0;
}
#if defined(EB_KBLTZ) && (EB_MUL == LWNAF || EB_FIX == LWNAF || EB_SIM == INTER || !defined(STRIP))
if (curve_is_kbltz) {
compute_kbltz();
}
#endif
eb_norm(g, g);
eb_copy(&curve_g, g);
bn_copy(&curve_r, r);
bn_copy(&curve_h, h);
#if defined(EB_PRECO)
eb_mul_pre(eb_curve_get_tab(), &curve_g);
#endif
}
void fb_slv_basic(fb_t c, const fb_t a) {
int i;
fb_t t0;
fb_null(t0);
TRY {
fb_new(t0);
fb_copy(t0, a);
fb_copy(c, a);
for (i = 0; i < (FB_BITS - 1) / 2; i++) {
fb_sqr(c, c);
fb_sqr(c, c);
fb_add(c, c, t0);
}
fb_add_dig(c, c, fb_trc(c));
}
CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
fb_free(t0);
}
}
void eb_hlv(eb_t r, const eb_t p) {
fb_t l, t;
fb_null(l);
fb_null(t);
TRY {
fb_new(l);
fb_new(t);
/* Solve l^2 + l = u + a. */
switch (eb_curve_opt_a()) {
case RLC_ZERO:
fb_copy(t, p->x);
break;
case RLC_ONE:
fb_add_dig(t, p->x, (dig_t)1);
break;
case RLC_TINY:
fb_add_dig(t, p->x, eb_curve_get_a()[0]);
break;
default:
fb_add(t, p->x, eb_curve_get_a());
break;
}
fb_slv(l, t);
if (p->norm == 1) {
/* Compute t = v + u * lambda. */
fb_mul(t, l, p->x);
fb_add(t, t, p->y);
} else {
/* Compute t = u * (u + lambda_P + lambda). */
fb_add(t, l, p->y);
fb_add(t, t, p->x);
fb_mul(t, t, p->x);
}
/* If Tr(t) = 0 then lambda_P = lambda, u = sqrt(t + u). */
if (fb_trc(t) == 0) {
fb_copy(r->y, l);
fb_add(t, t, p->x);
fb_srt(r->x, t);
} else {
/* Else lambda_P = lambda + 1, u = sqrt(t). */
fb_add_dig(r->y, l, 1);
fb_srt(r->x, t);
}
fb_set_dig(r->z, 1);
r->norm = 2;
}
CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
fb_free(l);
fb_free(t);
}
}
void eb_norm_sim(eb_t *r, const eb_t *t, int n) {
int i;
fb_t a[n];
if (n == 1) {
eb_norm(r[0], t[0]);
return;
}
for (i = 0; i < n; i++) {
fb_null(a[i]);
}
TRY {
for (i = 0; i < n; i++) {
fb_new(a[i]);
if (!eb_is_infty(t[i])) {
fb_copy(a[i], t[i]->z);
} else {
fb_set_dig(a[i], 1);
}
}
fb_inv_sim(a, (const fb_t *)a, n);
for (i = 0; i < n; i++) {
fb_copy(r[i]->x, t[i]->x);
fb_copy(r[i]->y, t[i]->y);
if (!eb_is_infty(t[i])) {
fb_copy(r[i]->z, a[i]);
}
}
}
CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
for (i = 0; i < n; i++) {
fb_free(a[i]);
}
}
#if defined(EB_SUPER)
if (eb_curve_is_super()) {
for (i = 0; i < n; i++) {
eb_norm_super(r[i], r[i], 1);
}
}
#endif
#if defined(EB_ORDIN) || defined(EB_KBLTZ)
if (!eb_curve_is_super()) {
for (i = 0; i < n; i++) {
eb_norm_ordin(r[i], r[i], 1);
}
}
#endif
}
void eb_neg_basic(eb_t r, const eb_t p) {
if (eb_is_infty(p)) {
eb_set_infty(r);
return;
}
if (r != p) {
fb_copy(r->x, p->x);
fb_copy(r->z, p->z);
}
fb_add(r->y, p->x, p->y);
r->norm = 1;
}
void fb_poly_add(fb_t c, const fb_t a) {
ctx_t *ctx = core_get();
if (c != a) {
fb_copy(c, a);
}
if (ctx->fb_pa != 0) {
c[FB_DIGS - 1] ^= ctx->fb_poly[FB_DIGS - 1];
if (ctx->fb_na != FB_DIGS - 1) {
c[ctx->fb_na] ^= ctx->fb_poly[ctx->fb_na];
}
if (ctx->fb_pb != 0 && ctx->fb_pc != 0) {
if (ctx->fb_nb != ctx->fb_na) {
c[ctx->fb_nb] ^= ctx->fb_poly[ctx->fb_nb];
}
if (ctx->fb_nc != ctx->fb_na && ctx->fb_nc != ctx->fb_nb) {
c[ctx->fb_nc] ^= ctx->fb_poly[ctx->fb_nc];
}
}
if (ctx->fb_na != 0 && ctx->fb_nb != 0 && ctx->fb_nc != 0) {
c[0] ^= 1;
}
} else {
fb_add(c, a, ctx->fb_poly);
}
}
/**
* Precomputes half-traces for z^i with odd i.
*
* @throw ERR_NO_MEMORY if there is no available memory.
*/
static void find_solve() {
int i, j, k, l;
fb_t t0;
fb_null(t0);
TRY {
fb_new(t0);
l = 0;
for (i = 0; i < FB_BITS; i += 8, l++) {
for (j = 0; j < 16; j++) {
fb_zero(t0);
for (k = 0; k < 4; k++) {
if (j & (1 << k)) {
fb_set_bit(t0, i + 2 * k + 1, 1);
}
}
fb_copy(fb_half[l][j], t0);
for (k = 0; k < (FB_BITS - 1) / 2; k++) {
fb_sqr(fb_half[l][j], fb_half[l][j]);
fb_sqr(fb_half[l][j], fb_half[l][j]);
fb_add(fb_half[l][j], fb_half[l][j], t0);
}
}
fb_rsh(fb_half[l][j], fb_half[l][j], 1);
}
}
CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
fb_free(t0);
}
}
void fb_poly_add(fb_t c, fb_t a) {
if (c != a) {
fb_copy(c, a);
}
if (poly_a != 0) {
c[FB_DIGS - 1] ^= fb_poly[FB_DIGS - 1];
if (pos_a != FB_DIGS - 1) {
c[pos_a] ^= fb_poly[pos_a];
}
if (poly_b != 0 && poly_c != 0) {
if (pos_b != pos_a) {
c[pos_b] ^= fb_poly[pos_b];
}
if (pos_c != pos_a && pos_c != pos_b) {
c[pos_c] ^= fb_poly[pos_c];
}
}
if (pos_a != 0 && pos_b != 0 && pos_c != 0) {
c[0] ^= 1;
}
} else {
fb_add(c, a, fb_poly);
}
}
void fb4_inv(fb4_t c, fb4_t a) {
fb2_t a0, a1, m0, m1;
fb2_null(a0);
fb2_null(a1);
fb2_null(m0);
fb2_null(m1);
TRY {
fb2_new(a0);
fb2_new(a1);
fb2_new(m0);
fb2_new(m1);
fb2_add(a0, a, (a + 2));
fb2_mul(m1, a0, a);
fb2_sqr(m0, a + 2);
fb2_copy(a1, m0);
fb_add(m0[1], a1[0], a1[1]);
fb_copy(m0[0], a1[1]);
fb2_add(m1, m0, m1);
fb2_inv(m1, m1);
fb2_mul(c, a0, m1);
fb2_mul(c + 2, a + 2, m1);
} CATCH_ANY {
THROW(ERR_CAUGHT);
} FINALLY {
fb2_free(a0);
fb2_free(a1);
fb2_free(m0);
fb2_free(m1);
}
}
void fb_invn_low(dig_t *c, dig_t *a) {
int i, j, x, y, u[11];
fb_t table[11];
int len, *chain = fb_poly_get_chain(&len);
u[0] = 1;
u[1] = 2;
fb_copy(table[0], a);
fb_sqr(table[1], table[0]);
fb_mul(table[1], table[1], table[0]);
u[2] = u[1] + u[0];
fb_sqr(table[2], table[1]);
fb_mul(table[2], table[2], table[0]);
u[3] = u[2] + u[1];
fb_sqr(table[3], table[2]);
for (j = 1; j < u[1]; j++) {
fb_sqr(table[3], table[3]);
}
fb_mul(table[3], table[3], table[1]);
u[4] = 2 * u[3];
fb_sqr(table[4], table[3]);
for (j = 1; j < u[3]; j++) {
fb_sqr(table[4], table[4]);
}
fb_mul(table[4], table[4], table[3]);
u[5] = u[4] + u[3];
fb_sqr(table[5], table[4]);
for (j = 1; j < u[3]; j++) {
fb_sqr(table[5], table[5]);
}
fb_mul(table[5], table[5], table[3]);
u[6] = u[5] + u[4];
fb_itr(table[6], table[5], u[4], inv_tab[4]);
fb_mul(table[6], table[6], table[4]);
u[7] = 2 * u[6];
fb_itr(table[7], table[6], u[6], inv_tab[6]);
fb_mul(table[7], table[7], table[6]);
u[8] = u[7] + u[6];
fb_itr(table[8], table[7], u[6], inv_tab[6]);
fb_mul(table[8], table[8], table[6]);
u[9] = u[8] + u[7];
fb_itr(table[9], table[8], u[8], inv_tab[7]);
fb_mul(table[9], table[9], table[7]);
u[10] = 2 * u[9];
fb_itr(table[10], table[9], u[9], inv_tab[9]);
fb_mul(table[10], table[10], table[9]);
fb_sqr(c, table[10]);
}
int eb_upk(eb_t r, const eb_t p) {
fb_t t0, t1;
int res = 0;
fb_null(t0);
fb_null(t1);
TRY {
fb_new(t0);
fb_new(t1);
eb_rhs(t1, p);
if (eb_curve_is_super()) {
/* t0 = c^2. */
fb_sqr(t0, eb_curve_get_c());
/* t0 = 1/c^2. */
fb_inv(t0, t0);
/* t0 = t1/c^2. */
fb_mul(t0, t0, t1);
res = (fb_trc(t0) == 0);
/* Solve t1^2 + t1 = t0. */
fb_slv(t1, t0);
/* If this is not the correct solution, try the other. */
if (fb_get_bit(t1, 0) != fb_get_bit(p->y, 0)) {
fb_add_dig(t1, t1, 1);
}
/* x3 = x1, y3 = t1 * c, z3 = 1. */
fb_mul(r->y, t1, eb_curve_get_c());
} else {
fb_sqr(t0, p->x);
/* t0 = 1/x1^2. */
fb_inv(t0, t0);
/* t0 = t1/x1^2. */
fb_mul(t0, t0, t1);
res = (fb_trc(t0) == 0);
/* Solve t1^2 + t1 = t0. */
fb_slv(t1, t0);
/* If this is not the correct solution, try the other. */
if (fb_get_bit(t1, 0) != fb_get_bit(p->y, 0)) {
fb_add_dig(t1, t1, 1);
}
/* x3 = x1, y3 = t1 * x1, z3 = 1. */
fb_mul(r->y, t1, p->x);
}
fb_copy(r->x, p->x);
fb_set_dig(r->z, 1);
r->norm = 1;
}
CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
fb_free(t0);
fb_free(t1);
}
return res;
}
void fb2_mul_nor(fb2_t c, fb2_t a) {
fb_t t;
fb_null(t);
TRY {
fb_new(t);
fb_copy(t, a[1]);
fb_add(c[1], a[0], a[1]);
fb_copy(c[0], t);
} CATCH_ANY {
THROW(ERR_CAUGHT);
} FINALLY {
fb_free(t);
}
}
void
fb_scroll(void)
{
if (!fb.active)
return;
#if 0 /* 1-line scroll */
cons.y--;
fb_copy(0, ROM_FONT_HEIGHT, 0, 0,
FB_WIDTH, FB_HEIGHT * (CONS_HEIGHT - 1));
fb_clear(0, cons.y * ROM_FONT_HEIGHT, FB_WIDTH, ROM_FONT_HEIGHT,
CONS_BG);
#else /* jump scroll */
cons.y /= 2;
fb_copy(0, cons.y * ROM_FONT_HEIGHT, 0, 0, FB_WIDTH, FB_HEIGHT / 2);
fb_clear(0, cons.y *ROM_FONT_HEIGHT, FB_WIDTH, FB_HEIGHT / 2, CONS_BG);
#endif
}
void fb_srt_basic(fb_t c, const fb_t a) {
if (c != a) {
fb_copy(c, a);
}
for (int i = 1; i < FB_BITS; i++) {
fb_sqr(c, c);
}
}
void eb_rhs(fb_t rhs, const eb_t p) {
fb_t t0, t1;
fb_null(t0);
fb_null(t1);
TRY {
fb_new(t0);
fb_new(t1);
/* t0 = x1^2. */
fb_sqr(t0, p->x);
/* t1 = x1^3. */
fb_mul(t1, t0, p->x);
/* t1 = x1^3 + a * x1^2 + b. */
switch (eb_curve_opt_a()) {
case OPT_ZERO:
break;
case OPT_ONE:
fb_add(t1, t1, t0);
break;
case OPT_DIGIT:
fb_mul_dig(t0, t0, eb_curve_get_a()[0]);
fb_add(t1, t1, t0);
break;
default:
fb_mul(t0, t0, eb_curve_get_a());
fb_add(t1, t1, t0);
break;
}
switch (eb_curve_opt_b()) {
case OPT_ZERO:
break;
case OPT_ONE:
fb_add_dig(t1, t1, 1);
break;
case OPT_DIGIT:
fb_add_dig(t1, t1, eb_curve_get_b()[0]);
break;
default:
fb_add(t1, t1, eb_curve_get_b());
break;
}
fb_copy(rhs, t1);
}
CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
fb_free(t0);
fb_free(t1);
}
}
void fb_mul_basic(fb_t c, const fb_t a, const fb_t b) {
int i;
dv_t s;
fb_t t;
dv_null(s);
fb_null(t);
TRY {
/* We need a temporary variable so that c can be a or b. */
fb_new(t);
dv_new(s);
fb_zero(t);
dv_zero(s + FB_DIGS, FB_DIGS);
fb_copy(s, b);
if (a[0] & 1) {
fb_copy(t, b);
}
for (i = 1; i < FB_BITS; i++) {
/* We are already shifting a temporary value, so this is more efficient
* than calling fb_lsh(). */
s[FB_DIGS] = fb_lsh1_low(s, s);
fb_rdc(s, s);
if (fb_get_bit(a, i)) {
fb_add(t, t, s);
}
}
if (fb_bits(t) > FB_BITS) {
fb_poly_add(c, t);
} else {
fb_copy(c, t);
}
}
CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
fb_free(t);
fb_free(s);
}
}
void eb_curve_set_super(fb_t a, fb_t b, fb_t c, eb_t g, bn_t r, bn_t h) {
curve_is_kbltz = 0;
curve_is_super = 1;
fb_copy(curve_a, a);
fb_copy(curve_b, b);
fb_copy(curve_c, c);
detect_opt(&curve_opt_a, curve_a);
detect_opt(&curve_opt_b, curve_b);
detect_opt(&curve_opt_c, curve_c);
eb_norm(g, g);
eb_copy(&curve_g, g);
bn_copy(&curve_r, r);
bn_copy(&curve_h, h);
#if defined(EB_PRECO)
eb_mul_pre(eb_curve_get_tab(), &curve_g);
#endif
}
void fb_inv_sim(fb_t *c, fb_t *a, int n) {
int i;
fb_t u, t[n];
for (i = 0; i < n; i++) {
fb_null(t[i]);
}
fb_null(u);
TRY {
for (i = 0; i < n; i++) {
fb_new(t[i]);
}
fb_new(u);
fb_copy(c[0], a[0]);
fb_copy(t[0], a[0]);
for (i = 1; i < n; i++) {
fb_copy(t[i], a[i]);
fb_mul(c[i], c[i - 1], a[i]);
}
fb_inv(u, c[n - 1]);
for (i = n - 1; i > 0; i--) {
fb_mul(c[i], u, c[i - 1]);
fb_mul(u, u, t[i]);
}
fb_copy(c[0], u);
}
CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
for (i = 0; i < n; i++) {
fb_free(t[i]);
}
fb_free(u);
}
}
void eb_neg_projc(eb_t r, const eb_t p) {
fb_t t;
fb_null(t);
if (eb_is_infty(p)) {
eb_set_infty(r);
return;
}
if (p->norm) {
if (r != p) {
fb_copy(r->x, p->x);
fb_copy(r->z, p->z);
}
fb_add(r->y, p->x, p->y);
r->norm = 1;
return;
}
TRY {
fb_new(t);
fb_mul(t, p->x, p->z);
fb_add(r->y, p->y, t);
if (r != p) {
fb_copy(r->z, p->z);
fb_copy(r->x, p->x);
}
r->norm = 0;
}
CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
fb_free(t);
}
}
/**
* Find non-zero bits for fast trace computation.
*
* @throw ERR_NO_MEMORY if there is no available memory.
* @throw ERR_NO_VALID if the polynomial is invalid.
*/
static void find_trace() {
fb_t t0, t1;
int counter;
ctx_t *ctx = core_get();
fb_null(t0);
fb_null(t1);
ctx->fb_ta = ctx->fb_tb = ctx->fb_tc = -1;
TRY {
fb_new(t0);
fb_new(t1);
counter = 0;
for (int i = 0; i < FB_BITS; i++) {
fb_zero(t0);
fb_set_bit(t0, i, 1);
fb_copy(t1, t0);
for (int j = 1; j < FB_BITS; j++) {
fb_sqr(t1, t1);
fb_add(t0, t0, t1);
}
if (!fb_is_zero(t0)) {
switch (counter) {
case 0:
ctx->fb_ta = i;
ctx->fb_tb = ctx->fb_tc = -1;
break;
case 1:
ctx->fb_tb = i;
ctx->fb_tc = -1;
break;
case 2:
ctx->fb_tc = i;
break;
default:
THROW(ERR_NO_VALID);
break;
}
counter++;
}
}
}
CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
fb_free(t0);
fb_free(t1);
}
}
void eb_pck(eb_t r, const eb_t p) {
/* z3 = y1/x1. */
fb_inv(r->z, p->x);
fb_mul(r->z, r->z, p->y);
/* x3 = x1. */
fb_copy(r->x, p->x);
/* y3 = b(y1/x1). */
fb_set_dig(r->y, fb_get_bit(r->z, 0));
/* z3 = 1. */
fb_set_dig(r->z, 1);
r->norm = 1;
}
void eb_curve_set_super(const fb_t a, const fb_t b, const fb_t c, const eb_t g,
const bn_t r, const bn_t h) {
ctx_t *ctx = core_get();
ctx->eb_is_kbltz = 0;
ctx->eb_is_super = 1;
fb_copy(ctx->eb_a, a);
fb_copy(ctx->eb_b, b);
fb_copy(ctx->eb_c, c);
detect_opt(&(ctx->eb_opt_a), ctx->eb_a);
detect_opt(&(ctx->eb_opt_b), ctx->eb_b);
detect_opt(&(ctx->eb_opt_c), ctx->eb_c);
eb_norm(&(ctx->eb_g), g);
bn_copy(&(ctx->eb_r), r);
bn_copy(&(ctx->eb_h), h);
#if defined(EB_PRECO)
eb_mul_pre((eb_t *)eb_curve_get_tab(), &(ctx->eb_g));
#endif
}
/**
* Find non-zero bits for fast trace computation.
*
* @throw ERR_NO_MEMORY if there is no available memory.
* @throw ERR_INVALID if the polynomial is invalid.
*/
static void find_trace() {
fb_t t0, t1;
int i, j, counter;
fb_null(t0);
fb_null(t1);
trc_a = trc_b = trc_c = -1;
TRY {
fb_new(t0);
fb_new(t1);
counter = 0;
for (i = 0; i < FB_BITS; i++) {
fb_zero(t0);
fb_set_bit(t0, i, 1);
fb_copy(t1, t0);
for (j = 1; j < FB_BITS; j++) {
fb_sqr(t1, t1);
fb_add(t0, t0, t1);
}
if (!fb_is_zero(t0)) {
switch (counter) {
case 0:
trc_a = i;
trc_b = trc_c = -1;
break;
case 1:
trc_b = i;
trc_c = -1;
break;
case 2:
trc_c = i;
break;
default:
THROW(ERR_INVALID);
break;
}
counter++;
}
}
}
CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
fb_free(t0);
fb_free(t1);
}
}
/**
* Normalizes a point represented in projective coordinates.
*
* @param r - the result.
* @param p - the point to normalize.
*/
static void eb_norm_super(eb_t r, const eb_t p, int flag) {
if (!p->norm) {
if (flag) {
fb_copy(r->z, p->z);
} else {
fb_inv(r->z, p->z);
}
fb_mul(r->x, p->x, r->z);
fb_mul(r->y, p->y, r->z);
fb_set_dig(r->z, 1);
}
r->norm = 1;
}
/**
* Configures the irreducible polynomial of the binary field.
*
* @param[in] f - the new irreducible polynomial.
*/
static void fb_poly_set(const fb_t f) {
fb_copy(core_get()->fb_poly, f);
#if FB_TRC == QUICK || !defined(STRIP)
find_trace();
#endif
#if FB_SLV == QUICK || !defined(STRIP)
find_solve();
#endif
#if FB_SRT == QUICK || !defined(STRIP)
find_srz();
#endif
#if FB_INV == ITOHT || !defined(STRIP)
find_chain();
#endif
}
void eb_neg_basic(eb_t r, const eb_t p) {
if (eb_is_infty(p)) {
eb_set_infty(r);
return;
}
if (r != p) {
fb_copy(r->x, p->x);
fb_copy(r->z, p->z);
}
#if defined(EB_SUPER)
if (eb_curve_is_super()) {
switch (eb_curve_opt_c()) {
case OPT_ZERO:
fb_copy(r->y, p->y);
break;
case OPT_ONE:
fb_add_dig(r->y, p->y, (dig_t)1);
break;
case OPT_DIGIT:
fb_add_dig(r->y, p->y, eb_curve_get_c()[0]);
break;
default:
fb_add(r->y, p->y, eb_curve_get_c());
break;
}
r->norm = 1;
return;
}
#endif
fb_add(r->y, p->x, p->y);
r->norm = 1;
}
/**
* Normalizes a point represented in projective coordinates.
*
* @param[out] r - the result.
* @param[in] p - the point to normalize.
* @param[in] flag - if the Z coordinate is already inverted.
*/
static void eb_norm_ordin(eb_t r, eb_t p, int flag) {
if (!p->norm) {
if (flag) {
fb_copy(r->z, p->z);
} else {
fb_inv(r->z, p->z);
}
fb_mul(r->x, p->x, r->z);
fb_sqr(r->z, r->z);
fb_mul(r->y, p->y, r->z);
fb_set_dig(r->z, 1);
}
r->norm = 1;
}
void fb_rdc_basic(fb_t c, dv_t a) {
int j, k;
dig_t *tmpa;
dv_t r;
dv_null(r);
TRY {
dv_new(r);
tmpa = a + FB_DIGS;
/* First reduce the high part. */
for (int i = fb_bits(tmpa) - 1; i >= 0; i--) {
if (fb_get_bit(tmpa, i)) {
SPLIT(k, j, i - FB_BITS, FB_DIG_LOG);
if (k <= 0) {
fb_addd_low(tmpa + j, tmpa + j, fb_poly_get(), FB_DIGS);
} else {
r[FB_DIGS] = fb_lshb_low(r, fb_poly_get(), k);
fb_addd_low(tmpa + j, tmpa + j, r, FB_DIGS + 1);
}
}
}
for (int i = fb_bits(a) - 1; i >= FB_BITS; i--) {
if (fb_get_bit(a, i)) {
SPLIT(k, j, i - FB_BITS, FB_DIG_LOG);
if (k == 0) {
fb_addd_low(a + j, a + j, fb_poly_get(), FB_DIGS);
} else {
r[FB_DIGS] = fb_lshb_low(r, fb_poly_get(), k);
fb_addd_low(a + j, a + j, r, FB_DIGS + 1);
}
}
}
fb_copy(c, a);
}
CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
fb_free(r);
}
}
