From 437f8b385604bbfaa09af8f148b61f7c28a88686 Mon Sep 17 00:00:00 2001
From: Roman Zeyde <roman.zeyde@gmail.com>
Date: Mon, 31 Aug 2015 20:55:02 +0300
Subject: [PATCH] bignum: constant time implementation for bn_mod()

---
 bignum.c | 25 ++++---------------------
 1 file changed, 4 insertions(+), 21 deletions(-)

diff --git a/bignum.c b/bignum.c
index 2ba8afe5e..05a867ab5 100644
--- a/bignum.c
+++ b/bignum.c
@@ -229,27 +229,10 @@ void bn_mult_k(bignum256 *x, uint8_t k, const bignum256 *prime)
 // assumes x partly reduced, guarantees x fully reduced.
 void bn_mod(bignum256 *x, const bignum256 *prime)
 {
-	int i = 8;
-	uint32_t temp;
-	// compare numbers
-	while (i >= 0 && prime->val[i] == x->val[i]) i--;
-	// if equal
-	if (i == -1) {
-		// set x to zero
-		bn_zero(x);
-	} else {
-		// if x is greater
-		if (x->val[i] > prime->val[i]) {
-			// substract p from x
-			temp = 0x40000000u;
-			for (i = 0; i < 9; i++) {
-				temp += x->val[i] - prime->val[i];
-				x->val[i] = temp & 0x3FFFFFFF;
-				temp >>= 30;
-				temp += 0x3FFFFFFFu;
-			}
-		}
-	}
+	const int flag = bn_is_less(x, prime); // x < prime
+	bignum256 temp;
+	bn_subtract(x, prime, &temp); // temp = x - prime
+	bn_cmov(x, flag, x, &temp);
 }
 
 // auxiliary function for multiplication.