diff --git a/src/ec_point.c b/src/ec_point.c index bdf7581..7e2a61c 100644 --- a/src/ec_point.c +++ b/src/ec_point.c @@ -386,10 +386,10 @@ serialize_extensible ( } static void -decaf_make_even ( +decaf_abs ( field_a_t a ) { - field_cond_neg ( a, field_low_bit(a) ); + field_cond_neg ( a, field_high_bit(a) ); field_strong_reduce ( a ); } @@ -428,7 +428,7 @@ decaf_serialize_montgomery ( field_sqr(L2, den); field_mul(L0, L1, L2); field_addw(L0, 1); - succ = ~field_low_bit(a->s0) & ~field_is_zero(L0); + succ = ~field_high_bit(a->s0) & ~field_is_zero(L0); /* Compute y/x */ field_mul(L1, x0, a->xd); @@ -442,7 +442,7 @@ decaf_serialize_montgomery ( field_add(L0, L0, L2); field_mul(L2, L1, den); /* L2 = y0 / x0 */ field_mul(L1, L0, den); /* L1 = yO / xO */ - flip = field_low_bit(L1) ^ field_low_bit(L2) ^ za_zero; + flip = field_high_bit(L1) ^ field_high_bit(L2) ^ za_zero; constant_time_select(L0, a->zd, a->xd, sizeof(L0), flip); /* L0 = "times" */ /* OK, done with y-coordinates */ @@ -464,7 +464,7 @@ decaf_serialize_montgomery ( field_mul(out,L0,L2); constant_time_mask(out,out,sizeof(field_a_t),~output_zero); - decaf_make_even(out); + decaf_abs(out); return succ; } @@ -490,10 +490,10 @@ decaf_serialize_extensible ( field_mul ( L0, L2, L3 ); field_add ( L3, L1, L1 ); field_mul ( L2, L3, a->z ); - field_cond_neg ( L1, ~field_low_bit(L2) ); + field_cond_neg ( L1, ~field_high_bit(L2) ); field_mul ( L2, L1, a->y ); field_add ( b, L0, L2 ); - decaf_make_even ( b ); + decaf_abs ( b ); } void @@ -517,10 +517,10 @@ decaf_serialize_tw_extensible ( field_mul ( L0, L2, L3 ); field_add ( L3, L1, L1 ); field_mul ( L2, L3, a->z ); - field_cond_neg ( L1, ~field_low_bit(L2) ); + field_cond_neg ( L1, ~field_high_bit(L2) ); field_mul ( L2, L1, a->y ); field_add ( b, L0, L2 ); - decaf_make_even ( b ); + decaf_abs ( b ); } mask_t @@ -533,7 +533,7 @@ decaf_deserialize_affine ( mask_t succ, zero; zero = field_is_zero(s); succ = allow_identity | ~zero; - succ &= ~field_low_bit(s); + succ &= ~field_high_bit(s); field_sqr ( L0, s ); field_copy ( L1, L0 ); field_addw ( L1, 1 ); @@ -550,7 +550,7 @@ decaf_deserialize_affine ( succ &= ~field_is_zero( L0 ); field_mul ( L2, L3, L1 ); field_mul ( L3, L2, L4 ); - field_cond_neg ( L4, field_low_bit(L3) ); + field_cond_neg ( L4, field_high_bit(L3) ); field_mul ( L3, L4, s ); field_sqr ( L4, L3 ); field_mul ( L0, L2, L4 ); @@ -574,7 +574,7 @@ decaf_deserialize_tw_affine ( mask_t succ, zero; zero = field_is_zero(s); succ = allow_identity | ~zero; - succ &= ~field_low_bit(s); + succ &= ~field_high_bit(s); field_sqr ( L0, s ); field_neg ( L1, L0 ); field_addw ( L1, 1 ); @@ -591,7 +591,7 @@ decaf_deserialize_tw_affine ( succ &= ~field_is_zero( L0 ); field_mul ( L2, L3, L1 ); field_mul ( L3, L2, L4 ); - field_cond_neg ( L4, field_low_bit(L3) ); + field_cond_neg ( L4, field_high_bit(L3) ); field_mul ( L3, L4, s ); field_sqr ( L4, L3 ); field_mul ( L0, L2, L4 ); diff --git a/src/include/field.h b/src/include/field.h index 588a883..cb8cb59 100644 --- a/src/include/field.h +++ b/src/include/field.h @@ -137,9 +137,11 @@ field_sqrn ( static __inline__ mask_t __attribute__((unused,always_inline)) -field_low_bit (const field_a_t f) { +field_high_bit (const field_a_t f) { field_a_t red; field_copy(red,f); + field_weak_reduce(red); + field_add_RAW(red,red,red); field_strong_reduce(red); return -(1&red->limb[0]); } diff --git a/test/test_pointops.c b/test/test_pointops.c index fb6bc1e..33a9749 100644 --- a/test/test_pointops.c +++ b/test/test_pointops.c @@ -304,7 +304,7 @@ int test_decaf_evil (void) { care_should = -1; should = (j==0) ? -1 : 0; } else { - random_input[0] &= ~1; + random_input[55] &= 0x7F; } field_a_t base, out_m, out_e; @@ -362,10 +362,7 @@ int test_decaf (void) { mask_t succ = 0; for (j=0; j<128 && !succ; j++) { crandom_generate(&crand, ser, sizeof(ser)); - #if (FIELD_BITS % 8) - ser[FIELD_BYTES-1] &= (1<<(FIELD_BITS%8)) - 1; - #endif - ser[0] &= ~1; + ser[FIELD_BYTES-1] &= (1<<((FIELD_BITS-1)%8)) - 1; succ = field_deserialize(serf, ser); if (!succ) {