1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-22 15:38:11 +00:00

Fixed conditional_negate for larger numbers

Without the bn_mod the numbers get larger (but still < 2*prime), so
conditional_negate should handle this.
This commit is contained in:
Jochen Hoenicke 2015-07-23 16:04:14 -07:00
parent 6ba4d288b0
commit 60e36dac3b

View File

@ -177,13 +177,15 @@ void conditional_negate(uint32_t cond, bignum256 *a, const bignum256 *prime)
{
int j;
uint32_t tmp = 1;
assert(a->val[8] < 0x20000);
for (j = 0; j < 8; j++) {
tmp += 0x3fffffff + prime->val[j] - a->val[j];
tmp += 0x3fffffff + 2*prime->val[j] - a->val[j];
a->val[j] = ((tmp & 0x3fffffff) & cond) | (a->val[j] & ~cond);
tmp >>= 30;
}
tmp += 0x3fffffff + prime->val[j] - a->val[j];
tmp += 0x3fffffff + 2*prime->val[j] - a->val[j];
a->val[j] = ((tmp & 0x3fffffff) & cond) | (a->val[j] & ~cond);
assert(a->val[8] < 0x20000);
}
typedef struct jacobian_curve_point {