From 102141db0a6594f27ff9bec745b200fb8697184c Mon Sep 17 00:00:00 2001
From: AnthonyLaw <yc-law1015@hotmail.com>
Date: Sat, 8 Jan 2022 04:44:03 +0800
Subject: [PATCH] fix: refactor unpack

---
 src/core/nem/external/nacl-fast.js | 55 ++++++------------------------
 1 file changed, 10 insertions(+), 45 deletions(-)

diff --git a/src/core/nem/external/nacl-fast.js b/src/core/nem/external/nacl-fast.js
index 286c26b..6265515 100644
--- a/src/core/nem/external/nacl-fast.js
+++ b/src/core/nem/external/nacl-fast.js
@@ -737,7 +737,7 @@
       var p = [gf(), gf(), gf(), gf()];
       var q = [gf(), gf(), gf(), gf()];
 
-      if (unpackneg(q, pk)) return false;
+      if (unpack(q, pk, true)) return false;
 
       hasher.reset();
       hasher.update(signature.subarray(0, 64/2));
@@ -789,60 +789,19 @@
       modL(r, x);
     }
 
-    function unpackneg(r, p) {
+    function unpack(r, p, negate = false) {
       var t = gf(), chk = gf(), num = gf(),
           den = gf(), den2 = gf(), den4 = gf(),
           den6 = gf();
 
       set25519(r[2], gf1);
       unpack25519(r[1], p);
-      S(num, r[1]);
-      M(den, num, D);
-      Z(num, num, r[2]);
-      A(den, r[2], den);
-
-      S(den2, den);
-      S(den4, den2);
-      M(den6, den4, den2);
-      M(t, den6, num);
-      M(t, t, den);
-
-      pow2523(t, t);
-      M(t, t, num);
-      M(t, t, den);
-      M(t, t, den);
-      M(r[0], t, den);
-
-      S(chk, r[0]);
-      M(chk, chk, den);
-      if (neq25519(chk, num)) M(r[0], r[0], I);
-
-      S(chk, r[0]);
-      M(chk, chk, den);
-      if (neq25519(chk, num)) return -1;
-
-      if (par25519(r[0]) === (p[31]>>7)) Z(r[0], gf0, r[0]);
-
-      M(r[3], r[0], r[1]);
-      return 0;
-    }
 
-    function unpack(r, p) {
-      var t = gf(), chk = gf(), num = gf(),
-          den = gf(), den2 = gf(), den4 = gf(),
-          den6 = gf();
-
-      set25519(r[2], gf1);
-      unpack25519(r[1], p);
-
-      // num = u = y^2 - 1
-      // den = v = d * y^2 + 1
       S(num, r[1]);
       M(den, num, D);
       Z(num, num, r[2]);
       A(den, r[2], den);
 
-      // r[0] = x = sqrt(u / v)
       S(den2, den);
       S(den4, den2);
       M(den6, den4, den2);
@@ -868,8 +827,14 @@
         return -1;
       }
 
-      if (par25519(r[0]) !== (p[31]>>7)) {
-        Z(r[0], gf0, r[0]);
+      if (negate) {
+          if (par25519(r[0]) === (p[31]>>7)) {
+              Z(r[0], gf0, r[0])
+          }
+      } else {
+          if (par25519(r[0]) !== (p[31]>>7)) {
+              Z(r[0], gf0, r[0]);
+          }
       }
 
       M(r[3], r[0], r[1]);