t[14] -= cc << 10;
t[7] -= cc << 5;
t[0] += cc;
+
+ /*
+ * If the carry is negative, then after carry propagation, we may
+ * end up with a value which is negative, and we don't want that.
+ * Thus, in that case, we add the modulus. Note that the subtraction
+ * result, when the carry is negative, is always smaller than the
+ * modulus, so the extra addition will not make the value exceed
+ * twice the modulus.
+ */
+ cc >>= 31;
+ t[0] -= cc;
+ t[7] += cc << 5;
+ t[14] += cc << 10;
+ t[17] -= cc << 3;
+ t[19] += cc << 9;
+
norm13(d, t, 20);
}
t[14] -= cc << 10;
t[7] -= cc << 5;
t[0] += cc;
+
+ /*
+ * If the carry is negative, then after carry propagation, we may
+ * end up with a value which is negative, and we don't want that.
+ * Thus, in that case, we add the modulus. Note that the subtraction
+ * result, when the carry is negative, is always smaller than the
+ * modulus, so the extra addition will not make the value exceed
+ * twice the modulus.
+ */
+ cc >>= 31;
+ t[0] -= cc;
+ t[7] += cc << 5;
+ t[14] += cc << 10;
+ t[17] -= cc << 3;
+ t[19] += cc << 9;
+
norm13(d, t, 20);
}
memcpy(P->y, ty, sizeof ty);
memset(P->z, 0, sizeof P->z);
P->z[0] = 1;
- return NEQ(bad, 0) ^ 1;
+ return EQ(bad, 0);
}
/*
p256_jacobian P;
(void)curve;
+ if (Glen != 65) {
+ return 0;
+ }
r = p256_decode(&P, G, Glen);
p256_mul(&P, x, xlen);
- if (Glen >= 65) {
- p256_to_affine(&P);
- p256_encode(G, &P);
- }
+ p256_to_affine(&P);
+ p256_encode(G, &P);
return r;
}
p256_to_affine(&P);
p256_encode(R, &P);
return 65;
-
- /*
- const unsigned char *G;
- size_t Glen;
-
- G = api_generator(curve, &Glen);
- memcpy(R, G, Glen);
- api_mul(R, Glen, x, xlen, curve);
- return Glen;
- */
}
static uint32_t
int i;
(void)curve;
+ if (len != 65) {
+ return 0;
+ }
r = p256_decode(&P, A, len);
p256_mul(&P, x, xlen);
if (B == NULL) {