Mike Hamburg
10 years ago
3 changed files with 18 additions and 19 deletions
Split View
Diff Options
-
+13 -13src/ec_point.c
-
+3 -1src/include/field.h
-
+2 -5test/test_pointops.c
+ 13
- 13
src/ec_point.c
View File
| @@ -386,10 +386,10 @@ serialize_extensible ( | |||
| } | |||
| static void | |||
| decaf_make_even ( | |||
| decaf_abs ( | |||
| field_a_t a | |||
| ) { | |||
| field_cond_neg ( a, field_low_bit(a) ); | |||
| field_cond_neg ( a, field_high_bit(a) ); | |||
| field_strong_reduce ( a ); | |||
| } | |||
| @@ -428,7 +428,7 @@ decaf_serialize_montgomery ( | |||
| field_sqr(L2, den); | |||
| field_mul(L0, L1, L2); | |||
| field_addw(L0, 1); | |||
| succ = ~field_low_bit(a->s0) & ~field_is_zero(L0); | |||
| succ = ~field_high_bit(a->s0) & ~field_is_zero(L0); | |||
| /* Compute y/x */ | |||
| field_mul(L1, x0, a->xd); | |||
| @@ -442,7 +442,7 @@ decaf_serialize_montgomery ( | |||
| field_add(L0, L0, L2); | |||
| field_mul(L2, L1, den); /* L2 = y0 / x0 */ | |||
| field_mul(L1, L0, den); /* L1 = yO / xO */ | |||
| flip = field_low_bit(L1) ^ field_low_bit(L2) ^ za_zero; | |||
| flip = field_high_bit(L1) ^ field_high_bit(L2) ^ za_zero; | |||
| constant_time_select(L0, a->zd, a->xd, sizeof(L0), flip); /* L0 = "times" */ | |||
| /* OK, done with y-coordinates */ | |||
| @@ -464,7 +464,7 @@ decaf_serialize_montgomery ( | |||
| field_mul(out,L0,L2); | |||
| constant_time_mask(out,out,sizeof(field_a_t),~output_zero); | |||
| decaf_make_even(out); | |||
| decaf_abs(out); | |||
| return succ; | |||
| } | |||
| @@ -490,10 +490,10 @@ decaf_serialize_extensible ( | |||
| field_mul ( L0, L2, L3 ); | |||
| field_add ( L3, L1, L1 ); | |||
| field_mul ( L2, L3, a->z ); | |||
| field_cond_neg ( L1, ~field_low_bit(L2) ); | |||
| field_cond_neg ( L1, ~field_high_bit(L2) ); | |||
| field_mul ( L2, L1, a->y ); | |||
| field_add ( b, L0, L2 ); | |||
| decaf_make_even ( b ); | |||
| decaf_abs ( b ); | |||
| } | |||
| void | |||
| @@ -517,10 +517,10 @@ decaf_serialize_tw_extensible ( | |||
| field_mul ( L0, L2, L3 ); | |||
| field_add ( L3, L1, L1 ); | |||
| field_mul ( L2, L3, a->z ); | |||
| field_cond_neg ( L1, ~field_low_bit(L2) ); | |||
| field_cond_neg ( L1, ~field_high_bit(L2) ); | |||
| field_mul ( L2, L1, a->y ); | |||
| field_add ( b, L0, L2 ); | |||
| decaf_make_even ( b ); | |||
| decaf_abs ( b ); | |||
| } | |||
| mask_t | |||
| @@ -533,7 +533,7 @@ decaf_deserialize_affine ( | |||
| mask_t succ, zero; | |||
| zero = field_is_zero(s); | |||
| succ = allow_identity | ~zero; | |||
| succ &= ~field_low_bit(s); | |||
| succ &= ~field_high_bit(s); | |||
| field_sqr ( L0, s ); | |||
| field_copy ( L1, L0 ); | |||
| field_addw ( L1, 1 ); | |||
| @@ -550,7 +550,7 @@ decaf_deserialize_affine ( | |||
| succ &= ~field_is_zero( L0 ); | |||
| field_mul ( L2, L3, L1 ); | |||
| field_mul ( L3, L2, L4 ); | |||
| field_cond_neg ( L4, field_low_bit(L3) ); | |||
| field_cond_neg ( L4, field_high_bit(L3) ); | |||
| field_mul ( L3, L4, s ); | |||
| field_sqr ( L4, L3 ); | |||
| field_mul ( L0, L2, L4 ); | |||
| @@ -574,7 +574,7 @@ decaf_deserialize_tw_affine ( | |||
| mask_t succ, zero; | |||
| zero = field_is_zero(s); | |||
| succ = allow_identity | ~zero; | |||
| succ &= ~field_low_bit(s); | |||
| succ &= ~field_high_bit(s); | |||
| field_sqr ( L0, s ); | |||
| field_neg ( L1, L0 ); | |||
| field_addw ( L1, 1 ); | |||
| @@ -591,7 +591,7 @@ decaf_deserialize_tw_affine ( | |||
| succ &= ~field_is_zero( L0 ); | |||
| field_mul ( L2, L3, L1 ); | |||
| field_mul ( L3, L2, L4 ); | |||
| field_cond_neg ( L4, field_low_bit(L3) ); | |||
| field_cond_neg ( L4, field_high_bit(L3) ); | |||
| field_mul ( L3, L4, s ); | |||
| field_sqr ( L4, L3 ); | |||
| field_mul ( L0, L2, L4 ); | |||
+ 3
- 1
src/include/field.h
View File
| @@ -137,9 +137,11 @@ field_sqrn ( | |||
| static __inline__ mask_t | |||
| __attribute__((unused,always_inline)) | |||
| field_low_bit (const field_a_t f) { | |||
| field_high_bit (const field_a_t f) { | |||
| field_a_t red; | |||
| field_copy(red,f); | |||
| field_weak_reduce(red); | |||
| field_add_RAW(red,red,red); | |||
| field_strong_reduce(red); | |||
| return -(1&red->limb[0]); | |||
| } | |||
+ 2
- 5
test/test_pointops.c
View File
| @@ -304,7 +304,7 @@ int test_decaf_evil (void) { | |||
| care_should = -1; | |||
| should = (j==0) ? -1 : 0; | |||
| } else { | |||
| random_input[0] &= ~1; | |||
| random_input[55] &= 0x7F; | |||
| } | |||
| field_a_t base, out_m, out_e; | |||
| @@ -362,10 +362,7 @@ int test_decaf (void) { | |||
| mask_t succ = 0; | |||
| for (j=0; j<128 && !succ; j++) { | |||
| crandom_generate(&crand, ser, sizeof(ser)); | |||
| #if (FIELD_BITS % 8) | |||
| ser[FIELD_BYTES-1] &= (1<<(FIELD_BITS%8)) - 1; | |||
| #endif | |||
| ser[0] &= ~1; | |||
| ser[FIELD_BYTES-1] &= (1<<((FIELD_BITS-1)%8)) - 1; | |||
| succ = field_deserialize(serf, ser); | |||
| if (!succ) { | |||