diff options
author | Niels Möller <nisse@lysator.liu.se> | 2014-08-28 11:50:37 +0200 |
---|---|---|
committer | Niels Möller <nisse@lysator.liu.se> | 2014-08-28 11:50:37 +0200 |
commit | d5ca2c640aed5084dc2dc49c8c281edab7e6c182 (patch) | |
tree | 1d0624df87586a81200d7cddb4351019610bfda7 /ecc-eh-to-a.c | |
parent | 91784d65b7cd71a4128ee6d74043178f3aa2d09f (diff) | |
download | nettle-d5ca2c640aed5084dc2dc49c8c281edab7e6c182.tar.gz |
ecc_eh_to_a interface change, optionally reduce x mod q.
Diffstat (limited to 'ecc-eh-to-a.c')
-rw-r--r-- | ecc-eh-to-a.c | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/ecc-eh-to-a.c b/ecc-eh-to-a.c index fd953bf3..80a450d9 100644 --- a/ecc-eh-to-a.c +++ b/ecc-eh-to-a.c @@ -33,6 +33,8 @@ # include "config.h" #endif +#include <assert.h> + #include "ecc.h" #include "ecc-internal.h" @@ -47,7 +49,7 @@ ecc_eh_to_a_itch (const struct ecc_curve *ecc) coordinates on the corresponding Montgomery curve. */ void ecc_eh_to_a (const struct ecc_curve *ecc, - int flags, + int op, mp_limb_t *r, const mp_limb_t *p, mp_limb_t *scratch) { @@ -88,10 +90,24 @@ ecc_eh_to_a (const struct ecc_curve *ecc, cy = mpn_sub_n (xp, tp, ecc->p, ecc->size); cnd_copy (cy, xp, tp, ecc->size); - if (flags & 2) - /* Skip y coordinate */ - return; - + if (op) + { + /* Skip y coordinate */ + if (op > 1) + { + /* Reduce modulo q. FIXME: Hardcoded for curve25519, + duplicates end of ecc_25519_modq. */ + mp_limb_t cy; + unsigned shift; + assert (ecc->bit_size == 255); + shift = 252 - GMP_NUMB_BITS * (ecc->size - 1); + cy = mpn_submul_1 (xp, ecc->q, ecc->size, + xp[ecc->size-1] >> shift); + assert (cy < 2); + cnd_add_n (cy, xp, ecc->q, ecc->size); + } + return; + } ecc_modp_add (ecc, sp, wp, vp); /* FIXME: Redundant. Also the (W + V) Z^-1 multiplication is redundant. */ |