Commit 812163ff authored by Mike Hamburg's avatar Mike Hamburg

decaf uses high bit instead of low bit

parent 34a29317
......@@ -386,10 +386,10 @@ serialize_extensible (
}
static void
decaf_make_even (
decaf_abs (
field_a_t a
) {
field_cond_neg ( a, field_low_bit(a) );
field_cond_neg ( a, field_high_bit(a) );
field_strong_reduce ( a );
}
......@@ -428,7 +428,7 @@ decaf_serialize_montgomery (
field_sqr(L2, den);
field_mul(L0, L1, L2);
field_addw(L0, 1);
succ = ~field_low_bit(a->s0) & ~field_is_zero(L0);
succ = ~field_high_bit(a->s0) & ~field_is_zero(L0);
/* Compute y/x */
field_mul(L1, x0, a->xd);
......@@ -442,7 +442,7 @@ decaf_serialize_montgomery (
field_add(L0, L0, L2);
field_mul(L2, L1, den); /* L2 = y0 / x0 */
field_mul(L1, L0, den); /* L1 = yO / xO */
flip = field_low_bit(L1) ^ field_low_bit(L2) ^ za_zero;
flip = field_high_bit(L1) ^ field_high_bit(L2) ^ za_zero;
constant_time_select(L0, a->zd, a->xd, sizeof(L0), flip); /* L0 = "times" */
/* OK, done with y-coordinates */
......@@ -464,7 +464,7 @@ decaf_serialize_montgomery (
field_mul(out,L0,L2);
constant_time_mask(out,out,sizeof(field_a_t),~output_zero);
decaf_make_even(out);
decaf_abs(out);
return succ;
}
......@@ -490,10 +490,10 @@ decaf_serialize_extensible (
field_mul ( L0, L2, L3 );
field_add ( L3, L1, L1 );
field_mul ( L2, L3, a->z );
field_cond_neg ( L1, ~field_low_bit(L2) );
field_cond_neg ( L1, ~field_high_bit(L2) );
field_mul ( L2, L1, a->y );
field_add ( b, L0, L2 );
decaf_make_even ( b );
decaf_abs ( b );
}
void
......@@ -517,10 +517,10 @@ decaf_serialize_tw_extensible (
field_mul ( L0, L2, L3 );
field_add ( L3, L1, L1 );
field_mul ( L2, L3, a->z );
field_cond_neg ( L1, ~field_low_bit(L2) );
field_cond_neg ( L1, ~field_high_bit(L2) );
field_mul ( L2, L1, a->y );
field_add ( b, L0, L2 );
decaf_make_even ( b );
decaf_abs ( b );
}
mask_t
......@@ -533,7 +533,7 @@ decaf_deserialize_affine (
mask_t succ, zero;
zero = field_is_zero(s);
succ = allow_identity | ~zero;
succ &= ~field_low_bit(s);
succ &= ~field_high_bit(s);
field_sqr ( L0, s );
field_copy ( L1, L0 );
field_addw ( L1, 1 );
......@@ -550,7 +550,7 @@ decaf_deserialize_affine (
succ &= ~field_is_zero( L0 );
field_mul ( L2, L3, L1 );
field_mul ( L3, L2, L4 );
field_cond_neg ( L4, field_low_bit(L3) );
field_cond_neg ( L4, field_high_bit(L3) );
field_mul ( L3, L4, s );
field_sqr ( L4, L3 );
field_mul ( L0, L2, L4 );
......@@ -574,7 +574,7 @@ decaf_deserialize_tw_affine (
mask_t succ, zero;
zero = field_is_zero(s);
succ = allow_identity | ~zero;
succ &= ~field_low_bit(s);
succ &= ~field_high_bit(s);
field_sqr ( L0, s );
field_neg ( L1, L0 );
field_addw ( L1, 1 );
......@@ -591,7 +591,7 @@ decaf_deserialize_tw_affine (
succ &= ~field_is_zero( L0 );
field_mul ( L2, L3, L1 );
field_mul ( L3, L2, L4 );
field_cond_neg ( L4, field_low_bit(L3) );
field_cond_neg ( L4, field_high_bit(L3) );
field_mul ( L3, L4, s );
field_sqr ( L4, L3 );
field_mul ( L0, L2, L4 );
......
......@@ -137,9 +137,11 @@ field_sqrn (
static __inline__ mask_t
__attribute__((unused,always_inline))
field_low_bit (const field_a_t f) {
field_high_bit (const field_a_t f) {
field_a_t red;
field_copy(red,f);
field_weak_reduce(red);
field_add_RAW(red,red,red);
field_strong_reduce(red);
return -(1&red->limb[0]);
}
......
......@@ -304,7 +304,7 @@ int test_decaf_evil (void) {
care_should = -1;
should = (j==0) ? -1 : 0;
} else {
random_input[0] &= ~1;
random_input[55] &= 0x7F;
}
field_a_t base, out_m, out_e;
......@@ -362,10 +362,7 @@ int test_decaf (void) {
mask_t succ = 0;
for (j=0; j<128 && !succ; j++) {
crandom_generate(&crand, ser, sizeof(ser));
#if (FIELD_BITS % 8)
ser[FIELD_BYTES-1] &= (1<<(FIELD_BITS%8)) - 1;
#endif
ser[0] &= ~1;
ser[FIELD_BYTES-1] &= (1<<((FIELD_BITS-1)%8)) - 1;
succ = field_deserialize(serf, ser);
if (!succ) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment