4 files changed, 42 insertions, 10 deletions

diff --git a/src/cm/custom.c b/src/cm/custom.c
index da80329..10caff4 100644
--- a/src/cm/custom.c
+++ b/src/cm/custom.c
@@ -145,6 +145,7 @@ curve_t *custom_curve() {
 	}
 
 	GEN a = NULL;
+	GEN b = NULL;
 	GEN e = NULL;
 	GEN g = NULL;
 
@@ -170,11 +171,14 @@ curve_t *custom_curve() {
 		long rlen = glength(r);
 		for (long i = 1; i <= rlen; ++i) {
 			GEN root = gel(r, i);
-			a = Fp_div(
-			    Fp_mul(stoi(27), root, quadr.p),
-			    Fp_mul(stoi(4), Fp_sub(stoi(1728), root, quadr.p), quadr.p),
+			a = mkintmod(
+			    Fp_div(
+			        Fp_mul(stoi(27), root, quadr.p),
+			        Fp_mul(stoi(4), Fp_sub(stoi(1728), root, quadr.p), quadr.p),
+			        quadr.p),
 			    quadr.p);
-			e = ellinit(mkvec2(a, negi(a)), quadr.p, 0);
+			b = gneg(a);
+			e = ellinit(mkvec2(a, b), quadr.p, 0);
 			pari_CATCH(e_TYPE) { continue; }
 			pari_TRY { checkell(e); };
 			pari_ENDCATCH{};
@@ -196,7 +200,7 @@ curve_t *custom_curve() {
 	curve_t *result = curve_new();
 	result->field = quadr.p;
 	result->a = a;
-	result->b = negi(a);
+	result->b = b;
 	result->curve = e;
 	result->order = order;
 	result->generators = subgroups_new(1);
diff --git a/src/exhaustive/exhaustive.c b/src/exhaustive/exhaustive.c
index 5ecac24..0327c1e 100644
--- a/src/exhaustive/exhaustive.c
+++ b/src/exhaustive/exhaustive.c
@@ -158,6 +158,8 @@ static void exhaustive_ginit(gen_f *generators) {
 			generators[OFFSET_ORDER] = &order_gen_cofactor;
 		} else if (cfg->method == METHOD_ANOMALOUS) {
 			generators[OFFSET_ORDER] = &anomalous_gen_order;
+		} else if (cfg->method == METHOD_SUPERSINGULAR) {
+			generators[OFFSET_ORDER] = &supersingular_gen_order;
 		} else if (cfg->koblitz) {
 			generators[OFFSET_ORDER] = &order_gen_koblitz;
 		} else {
diff --git a/src/exhaustive/supersingular.c b/src/exhaustive/supersingular.c
index 87e6786..a3cebfc 100644
--- a/src/exhaustive/supersingular.c
+++ b/src/exhaustive/supersingular.c
@@ -14,8 +14,8 @@ GENERATOR(supersingular_gen_equation) {
 		return 1;
 	}
 	GEN q = stoi(3);
-	while (mod4(q) != 3 && kronecker(curve->field, q) != -1) {
-		q = nextprime(q);
+	while (!(mod4(q) == 3 && kronecker(curve->field, q) == -1)) {
+		q = nextprime(addis(q, 1));
 	}
 
 	if (equalis(q, 3)) {
@@ -26,12 +26,13 @@ GENERATOR(supersingular_gen_equation) {
 		GEN H = polclass(negi(q), 0, 0);
 		GEN r = FpX_roots(H, curve->field);
 		GEN root = gel(r, 1);
-		curve->a =
+		curve->a = mkintmod(
 		    Fp_div(Fp_mul(stoi(27), root, curve->field),
 		           Fp_mul(stoi(4), Fp_sub(stoi(1728), root, curve->field),
 		                  curve->field),
-		           curve->field);
-		curve->b = negi(curve->a);
+		           curve->field),
+		    curve->field);
+		curve->b = gneg(curve->a);
 		return 1;
 	}
 }
diff --git a/test/src/exhaustive/test_supersingular.c b/test/src/exhaustive/test_supersingular.c
new file mode 100644
index 0000000..c93944f
--- /dev/null
+++ b/test/src/exhaustive/test_supersingular.c
@@ -0,0 +1,25 @@
+/*
+ * ecgen, tool for generating Elliptic curve domain parameters
+ * Copyright (C) 2017-2018 J08nY
+ */
+
+#include <criterion/criterion.h>
+#include "exhaustive/supersingular.h"
+#include "test/default.h"
+
+TestSuite(supersingular, .init = default_setup, .fini = default_teardown);
+
+Test(supersingular, test_supersingular_gen_eq) {
+	GEN p = strtoi("0xebc040451686221f");
+	curve_t curve = {.field = p};
+
+	int ret = supersingular_gen_equation(&curve, NULL, OFFSET_B);
+	cr_assert_eq(ret, 1, );
+	cr_assert_not_null(curve.a, );
+	cr_assert_not_null(curve.b, );
+
+	GEN e = ellinit(mkvec2(curve.a, curve.b), p, -1);
+	cr_assert_neq(glength(e), 0, );
+	GEN c = ellcard(e, NULL);
+	cr_assert(equalii(addis(p, 1), c), );
+}