diff options
author | Matthias Schiffer <mschiffer@universe-factory.net> | 2012-03-15 08:48:18 +0100 |
---|---|---|
committer | Matthias Schiffer <mschiffer@universe-factory.net> | 2012-03-15 08:48:18 +0100 |
commit | a3743a365adc74d79cac500980f216d5ece3f187 (patch) | |
tree | d0ee8fbd30bf7166ce9c3140df9ac71a4664d9c5 | |
parent | 20529b77df678f63008ae4eb3d561943a9fe13f9 (diff) | |
download | libuecc-a3743a365adc74d79cac500980f216d5ece3f187.tar libuecc-a3743a365adc74d79cac500980f216d5ece3f187.zip |
Simplyfy secret add, subtract and reduce functions
-rw-r--r-- | src/ec25519_secret.c | 63 |
1 files changed, 21 insertions, 42 deletions
diff --git a/src/ec25519_secret.c b/src/ec25519_secret.c index fd703d6..5819a6c 100644 --- a/src/ec25519_secret.c +++ b/src/ec25519_secret.c @@ -34,6 +34,7 @@ #define IS_NEGATIVE(n) ((int)((((unsigned)n) >> (8*sizeof(n)-1))&1)) +#define ASR(n,s) (((n) >> s)|(IS_NEGATIVE(n)*((unsigned)-1) << (8*sizeof(n)-s))) static const unsigned char q[32] = { @@ -71,58 +72,36 @@ int ecc_25519_secret_is_zero(const ecc_secret_key_256 *in) { void ecc_25519_secret_add(ecc_secret_key_256 *out, const ecc_secret_key_256 *in1, const ecc_secret_key_256 *in2) { unsigned int j; - int u1, u2, u3; - unsigned char out1[32], out2[32], out3[32]; + unsigned int u; + int nq = 1 - (in1->s[31]>>4) - (in2->s[31]>>4); - u1 = u2 = u3 = 0; - for (j = 0; j < 31; ++j) { - u1 += in1->s[j] + in2->s[j]; - u2 += in1->s[j] + in2->s[j] - 8*q[j]; - u3 += in1->s[j] + in2->s[j] - 16*q[j]; - - out1[j] = u1; out2[j] = u2; out3[j] = u3; - u1 = (u1+IS_NEGATIVE(u1))/256 - IS_NEGATIVE(u1); - u2 = (u2+IS_NEGATIVE(u2))/256 - IS_NEGATIVE(u2); - u3 = (u3+IS_NEGATIVE(u3))/256 - IS_NEGATIVE(u3); - } - u1 += in1->s[31] + in2->s[31]; - u2 += in1->s[31] + in2->s[31] - 8*q[31]; - u3 += in1->s[31] + in2->s[31] - 16*q[31]; - out1[31] = u1; out2[31] = u2; out3[31] = u3; + u = 0; + for (j = 0; j < 32; ++j) { + u += in1->s[j] + in2->s[j] + nq*q[j]; - select(out->s, out1, out2, (u1 >> 8) & 1); - select(out->s, out->s, out3, ((u1 >> 8) & (u2 >> 8)) & 1); + out->s[j] = u; + u = ASR(u, 8); + } } void ecc_25519_secret_sub(ecc_secret_key_256 *out, const ecc_secret_key_256 *in1, const ecc_secret_key_256 *in2) { unsigned int j; - int u1, u2, u3; - unsigned char out1[32], out2[32], out3[32]; + unsigned int u; + int nq = 8 - (in1->s[31]>>4) + (in2->s[31]>>4); - u1 = u2 = u3 = 0; - for (j = 0; j < 31; ++j) { - u1 += in1->s[j] - in2->s[j] + 16*q[j]; - u2 += in1->s[j] - in2->s[j] + 8*q[j]; - u3 += in1->s[j] - in2->s[j]; - - out1[j] = u1; out2[j] = u2; out3[j] = u3; - u1 = (u1+IS_NEGATIVE(u1))/256 - IS_NEGATIVE(u1); - u2 = (u2+IS_NEGATIVE(u2))/256 - IS_NEGATIVE(u2); - u3 = (u3+IS_NEGATIVE(u3))/256 - IS_NEGATIVE(u3); - } - u1 += in1->s[31] - in2->s[31] + 16*q[31]; - u2 += in1->s[31] - in2->s[31] + 8*q[31]; - u3 += in1->s[31] - in2->s[31]; - out1[31] = u1; out2[31] = u2; out3[31] = u3; + u = 0; + for (j = 0; j < 32; ++j) { + u += in1->s[j] - in2->s[j] + nq*q[j]; - select(out->s, out1, out2, (u1 >> 8) & 1); - select(out->s, out->s, out3, ((u1 >> 8) & (u2 >> 8)) & 1); + out->s[j] = u; + u = ASR(u, 8); + } } static void reduce(unsigned char a[32]) { unsigned int j; - int nq = a[31] >> 4; - int u1, u2; + unsigned int nq = a[31] >> 4; + unsigned int u1, u2; unsigned char out1[32], out2[32]; u1 = u2 = 0; @@ -131,8 +110,8 @@ static void reduce(unsigned char a[32]) { u2 += a[j] - (nq-1)*q[j]; out1[j] = u1; out2[j] = u2; - u1 = (u1+IS_NEGATIVE(u1))/256 - IS_NEGATIVE(u1); - u2 = (u2+IS_NEGATIVE(u2))/256 - IS_NEGATIVE(u2); + u1 = ASR(u1, 8); + u2 = ASR(u2, 8); } u1 += a[31] - nq*q[31]; u2 += a[31] - (nq-1)*q[31]; |