From a16067ac64f6c758f2bc8870b6e6f3911d18fb8b Mon Sep 17 00:00:00 2001
From: sowle <crypto.sowle@gmail.com>
Date: Wed, 23 Dec 2020 01:25:38 +0300
Subject: [PATCH] crypto: sc_mul added (naive implementation, need to be
 rewritten)

---
 src/crypto/crypto-ops.c | 12 ++++++++++++
 src/crypto/crypto-ops.h |  1 +
 2 files changed, 13 insertions(+)

diff --git a/src/crypto/crypto-ops.c b/src/crypto/crypto-ops.c
index 8bc86a2f..e7a2ed85 100644
--- a/src/crypto/crypto-ops.c
+++ b/src/crypto/crypto-ops.c
@@ -3013,3 +3013,15 @@ void fe_frombytes(fe h, const unsigned char *s)
   h[8] = h8;
   h[9] = h9;
 }
+
+// Implemented using sc_mulsub
+// TODO: make more efficient implementation
+void sc_mul(unsigned char *s, const unsigned char *a, const unsigned char *b)
+{
+  unsigned char c[32];
+  unsigned char neg_a[32];
+  sc_0(c);
+  sc_sub(neg_a, c, a);
+  // s = c - ab
+  sc_mulsub(s, neg_a, b, c);
+}
diff --git a/src/crypto/crypto-ops.h b/src/crypto/crypto-ops.h
index 138db1d2..3a6f16fe 100644
--- a/src/crypto/crypto-ops.h
+++ b/src/crypto/crypto-ops.h
@@ -120,6 +120,7 @@ void sc_reduce32(unsigned char *);
 void sc_add(unsigned char *, const unsigned char *, const unsigned char *);
 void sc_sub(unsigned char *, const unsigned char *, const unsigned char *);
 void sc_mulsub(unsigned char *, const unsigned char *, const unsigned char *, const unsigned char *);
+void sc_mul(unsigned char *z, const unsigned char *x, const unsigned char *y);
 int sc_check(const unsigned char *);
 int sc_isnonzero(const unsigned char *); /* Doesn't normalize */