1129 static void ecc_point_double_jacobian(u64 *x1, u64 *y1, u64 *z1,
1141 	/* t4 = y1^2 */
1142 	vli_mod_square_fast(t4, y1, curve);
1143 	/* t5 = x1*y1^2 = A */
1145 	/* t4 = y1^4 */
1147 	/* t2 = y1*z1 = z3 */
1148 	vli_mod_mult_fast(y1, y1, z1, curve);
1185 	/* t4 = B * (A - x3) - y1^4 = y3 */
1189 	vli_set(z1, y1, ndigits);
1190 	vli_set(y1, t4, ndigits);
1193 /* Modify (x1, y1) => (x1 * z^2, y1 * z^3) */
1194 static void apply_z(u64 *x1, u64 *y1, u64 *z, const struct ecc_curve *curve)
1201 	vli_mod_mult_fast(y1, y1, t1, curve);	/* y1 * z^3 */
1204 /* P = (x1, y1) => 2P, (x2, y2) => P' */
1205 static void xycz_initial_double(u64 *x1, u64 *y1, u64 *x2, u64 *y2,
1212 	vli_set(y2, y1, ndigits);
1220 	apply_z(x1, y1, z, curve);
1222 	ecc_point_double_jacobian(x1, y1, z, curve);
1227 /* Input P = (x1, y1, Z), Q = (x2, y2, Z)
1228  * Output P' = (x1', y1', Z3), P + Q = (x3, y3, Z3)
1231 static void xycz_add(u64 *x1, u64 *y1, u64 *x2, u64 *y2,
1247 	/* t4 = y2 - y1 */
1248 	vli_mod_sub(y2, y2, y1, curve_prime, ndigits);
1249 	/* t5 = (y2 - y1)^2 = D */
1258 	/* t2 = y1*(C - B) */
1259 	vli_mod_mult_fast(y1, y1, x2, curve);
1262 	/* t4 = (y2 - y1)*(B - x3) */
1265 	vli_mod_sub(y2, y2, y1, curve_prime, ndigits);
1270 /* Input P = (x1, y1, Z), Q = (x2, y2, Z)
1274 static void xycz_add_c(u64 *x1, u64 *y1, u64 *x2, u64 *y2,
1292 	/* t4 = y2 + y1 */
1293 	vli_mod_add(t5, y2, y1, curve_prime, ndigits);
1294 	/* t4 = y2 - y1 */
1295 	vli_mod_sub(y2, y2, y1, curve_prime, ndigits);
1299 	/* t2 = y1 * (C - B) */
1300 	vli_mod_mult_fast(y1, y1, t6, curve);
1303 	/* t3 = (y2 - y1)^2 */
1310 	/* t4 = (y2 - y1)*(B - x3) */
1313 	vli_mod_sub(y2, y2, y1, curve_prime, ndigits);
1315 	/* t7 = (y2 + y1)^2 = F */
1321 	/* t6 = (y2 + y1)*(x3' - B) */
1324 	vli_mod_sub(y1, t6, y1, curve_prime, ndigits);

Indexes created Fri Jun 21 18:57:21 MDT 2024