Skip to content
This repository has been archived by the owner on May 18, 2022. It is now read-only.

Commit

Permalink
fix: refactor unpack
Browse files Browse the repository at this point in the history
  • Loading branch information
@AnthonyLaw
AnthonyLaw committed Jan 7, 2022
1 parent b63b6d1 commit 102141d
Showing 1 changed file with 10 additions and 45 deletions.
55 changes: 10 additions & 45 deletions src/core/nem/external/nacl-fast.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -737,7 +737,7 @@
var p = [gf(), gf(), gf(), gf()];
var q = [gf(), gf(), gf(), gf()];

if (unpackneg(q, pk)) return false;
if (unpack(q, pk, true)) return false;

hasher.reset();
hasher.update(signature.subarray(0, 64/2));
Expand Down Expand Up @@ -789,60 +789,19 @@
modL(r, x);
}

function unpackneg(r, p) {
function unpack(r, p, negate = false) {
var t = gf(), chk = gf(), num = gf(),
den = gf(), den2 = gf(), den4 = gf(),
den6 = gf();

set25519(r[2], gf1);
unpack25519(r[1], p);
S(num, r[1]);
M(den, num, D);
Z(num, num, r[2]);
A(den, r[2], den);

S(den2, den);
S(den4, den2);
M(den6, den4, den2);
M(t, den6, num);
M(t, t, den);

pow2523(t, t);
M(t, t, num);
M(t, t, den);
M(t, t, den);
M(r[0], t, den);

S(chk, r[0]);
M(chk, chk, den);
if (neq25519(chk, num)) M(r[0], r[0], I);

S(chk, r[0]);
M(chk, chk, den);
if (neq25519(chk, num)) return -1;

if (par25519(r[0]) === (p[31]>>7)) Z(r[0], gf0, r[0]);

M(r[3], r[0], r[1]);
return 0;
}

function unpack(r, p) {
var t = gf(), chk = gf(), num = gf(),
den = gf(), den2 = gf(), den4 = gf(),
den6 = gf();

set25519(r[2], gf1);
unpack25519(r[1], p);

// num = u = y^2 - 1
// den = v = d * y^2 + 1
S(num, r[1]);
M(den, num, D);
Z(num, num, r[2]);
A(den, r[2], den);

// r[0] = x = sqrt(u / v)
S(den2, den);
S(den4, den2);
M(den6, den4, den2);
Expand All @@ -868,8 +827,14 @@
return -1;
}

if (par25519(r[0]) !== (p[31]>>7)) {
Z(r[0], gf0, r[0]);
if (negate) {
if (par25519(r[0]) === (p[31]>>7)) {
Z(r[0], gf0, r[0])
}
} else {
if (par25519(r[0]) !== (p[31]>>7)) {
Z(r[0], gf0, r[0]);
}
}

M(r[3], r[0], r[1]);
Expand Down

0 comments on commit 102141d

Please sign in to comment.