From 67a4ba77cbf6eeebf46aedaf6f4a47267f034216 Mon Sep 17 00:00:00 2001
From: Christophe Diederichs <chris.d.itunes@gmail.com>
Date: Tue, 16 Jun 2020 15:53:27 +0200
Subject: [PATCH] scalarmult: import curve methods; be standard

---
 crypto_scalarmult.js | 105 ++++++++++++++++++++++---------------------
 1 file changed, 53 insertions(+), 52 deletions(-)

diff --git a/crypto_scalarmult.js b/crypto_scalarmult.js
index 16c43ed..7b4c46b 100644
--- a/crypto_scalarmult.js
+++ b/crypto_scalarmult.js
@@ -1,3 +1,5 @@
+const { _9, _121665, gf, inv25519, pack25519, unpack25519, sel25519, A, M, Z, S } = require('./ed25519.js')
+
 module.exports = {
   crypto_scalarmult,
   crypto_scalarmult_base,
@@ -5,60 +7,60 @@ module.exports = {
   crypto_scalarmult_SCALARBYTES
 }
 
-function crypto_scalarmult(q, n, p) {
+function crypto_scalarmult (q, n, p) {
   check(q, crypto_scalarmult_BYTES)
   check(n, crypto_scalarmult_SCALARBYTES)
   check(p, crypto_scalarmult_BYTES)
-  var z = new Uint8Array(32);
-  var x = new Float64Array(80), r, i;
+  var z = new Uint8Array(32)
+  var x = new Float64Array(80), r, i
   var a = gf(), b = gf(), c = gf(),
-      d = gf(), e = gf(), f = gf();
-  for (i = 0; i < 31; i++) z[i] = n[i];
-  z[31]=(n[31]&127)|64;
-  z[0]&=248;
-  unpack25519(x,p);
+      d = gf(), e = gf(), f = gf()
+  for (i = 0; i < 31; i++) z[i] = n[i]
+  z[31] = (n[31] & 127) | 64
+  z[0] &= 248
+  unpack25519(x, p)
   for (i = 0; i < 16; i++) {
-    b[i]=x[i];
-    d[i]=a[i]=c[i]=0;
+    b[i] = x[i]
+    d[i] = a[i] = c[i] = 0
   }
-  a[0]=d[0]=1;
-  for (i=254; i>=0; --i) {
-    r=(z[i>>>3]>>>(i&7))&1;
-    sel25519(a,b,r);
-    sel25519(c,d,r);
-    A(e,a,c);
-    Z(a,a,c);
-    A(c,b,d);
-    Z(b,b,d);
-    S(d,e);
-    S(f,a);
-    M(a,c,a);
-    M(c,b,e);
-    A(e,a,c);
-    Z(a,a,c);
-    S(b,a);
-    Z(c,d,f);
-    M(a,c,_121665);
-    A(a,a,d);
-    M(c,c,a);
-    M(a,d,f);
-    M(d,b,x);
-    S(b,e);
-    sel25519(a,b,r);
-    sel25519(c,d,r);
+  a[0] = d[0] = 1
+  for (i = 254; i >= 0; --i) {
+    r = (z[i >>> 3] >>> (i & 7)) & 1
+    sel25519(a, b, r)
+    sel25519(c, d, r)
+    A(e, a, c)
+    Z(a, a, c)
+    A(c, b, d)
+    Z(b, b, d)
+    S(d, e)
+    S(f, a)
+    M(a, c, a)
+    M(c, b, e)
+    A(e, a, c)
+    Z(a, a, c)
+    S(b, a)
+    Z(c, d, f)
+    M(a, c, _121665)
+    A(a, a, d)
+    M(c, c, a)
+    M(a, d, f)
+    M(d, b, x)
+    S(b, e)
+    sel25519(a, b, r)
+    sel25519(c, d, r)
   }
   for (i = 0; i < 16; i++) {
-    x[i+16]=a[i];
-    x[i+32]=c[i];
-    x[i+48]=b[i];
-    x[i+64]=d[i];
+    x[i + 16] = a[i]
+    x[i + 32] = c[i]
+    x[i + 48] = b[i]
+    x[i + 64] = d[i]
   }
-  var x32 = x.subarray(32);
-  var x16 = x.subarray(16);
-  inv25519(x32,x32);
-  M(x16,x16,x32);
-  pack25519(q,x16);
-  return 0;
+  var x32 = x.subarray(32)
+  var x16 = x.subarray(16)
+  inv25519(x32, x32)
+  M(x16, x16, x32)
+  pack25519(q, x16)
+  return 0
 }
 
 module.exports = {
@@ -68,15 +70,14 @@ module.exports = {
   crypto_scalarmult_SCALARBYTES
 }
 
-function crypto_scalarmult_base(q, n) {
-  return crypto_scalarmult(q, n, _9);
+function crypto_scalarmult_base (q, n) {
+  return crypto_scalarmult(q, n, _9)
 }
 
 function check (buf, len) {
   if (!buf || (len && buf.length < len)) throw new Error('Argument must be a buffer' + (len ? ' of length ' + len : ''))
 }
-
-var crypto_scalarmult_BYTES,
-    crypto_scalarmult_SCALARBYTES = 32,
-    crypto_scalarmult_BYTES,
-    crypto_scalarmult_SCALARBYTES = 32
+var crypto_scalarmult_BYTES = 32
+var crypto_scalarmult_SCALARBYTES = 32
+var crypto_scalarmult_BYTES = 32
+var crypto_scalarmult_SCALARBYTES = 32