|
|
@ -177,13 +177,15 @@ void conditional_negate(uint32_t cond, bignum256 *a, const bignum256 *prime)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
int j;
|
|
|
|
int j;
|
|
|
|
uint32_t tmp = 1;
|
|
|
|
uint32_t tmp = 1;
|
|
|
|
|
|
|
|
assert(a->val[8] < 0x20000);
|
|
|
|
for (j = 0; j < 8; j++) {
|
|
|
|
for (j = 0; j < 8; j++) {
|
|
|
|
tmp += 0x3fffffff + prime->val[j] - a->val[j];
|
|
|
|
tmp += 0x3fffffff + 2*prime->val[j] - a->val[j];
|
|
|
|
a->val[j] = ((tmp & 0x3fffffff) & cond) | (a->val[j] & ~cond);
|
|
|
|
a->val[j] = ((tmp & 0x3fffffff) & cond) | (a->val[j] & ~cond);
|
|
|
|
tmp >>= 30;
|
|
|
|
tmp >>= 30;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
tmp += 0x3fffffff + prime->val[j] - a->val[j];
|
|
|
|
tmp += 0x3fffffff + 2*prime->val[j] - a->val[j];
|
|
|
|
a->val[j] = ((tmp & 0x3fffffff) & cond) | (a->val[j] & ~cond);
|
|
|
|
a->val[j] = ((tmp & 0x3fffffff) & cond) | (a->val[j] & ~cond);
|
|
|
|
|
|
|
|
assert(a->val[8] < 0x20000);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
typedef struct jacobian_curve_point {
|
|
|
|
typedef struct jacobian_curve_point {
|
|
|
|