faster code can now use non-reduced field ops

src/decaf_fast.c

@@ -153,11 +153,11 @@ static inline void gf_sub_nr ( gf c, const gf a, const gf b ) {
     gf_bias(c, 2);
 }
 
-/** Subtract mod p. Bias by 3 but don't reduce.  */
-static inline void gf_sub_nr_nr ( gf c, const gf a, const gf b ) {
+/** Subtract mod p. Bias by amt but don't reduce.  */
+static inline void gf_sub_nr_x ( gf c, const gf a, const gf b, int amt ) {
     ANALYZE_THIS_ROUTINE_CAREFULLY; //TODO
     field_sub_nr((field_t *)c, (const field_t *)a, (const field_t *)b);
-    gf_bias(c, 3);
+    gf_bias(c, amt);
 }
 
 /** Add mod p.  Don't reduce. */
@@ -538,11 +538,11 @@ void decaf_448_point_double(decaf_448_point_t p, const decaf_448_point_t q) {
     gf_add_nr ( d, c, a );
     gf_add_nr ( p->t, q->y, q->x );
     gf_sqr ( b, p->t );
-    gf_sub_nr_nr ( b, b, d );
+    gf_sub_nr_x ( b, b, d, 4 );
     gf_sub_nr ( p->t, a, c );
     gf_sqr ( p->x, q->z );
     gf_add_nr ( p->z, p->x, p->x );
-    gf_sub_nr_nr ( a, p->z, p->t );
+    gf_sub_nr_x ( a, p->z, p->t, 4 );
     gf_mul ( p->x, a, b );
     gf_mul ( p->z, p->t, a );
     gf_mul ( p->y, p->t, d );