/* Reduce coefficients of x before calling barrett_reduce */ static void barrett_reduce(word32* r, word32 x[64]) { /* See HAC, Alg. 14.42 */ int i,j; word32 q2[66]; word32 *q3 = q2 + 33; word32 r1[33]; word32 r2[33]; word32 carry; word32 pb = 0; word32 b; for (i = 0;i < 66;++i) q2[i] = 0; for (i = 0;i < 33;++i) r2[i] = 0; for(i=0;i<33;i++) for(j=0;j<33;j++) if(i+j >= 31) q2[i+j] += mu[i]*x[j+31]; carry = q2[31] >> 8; q2[32] += carry; carry = q2[32] >> 8; q2[33] += carry; for(i=0;i<33;i++)r1[i] = x[i]; for(i=0;i<32;i++) for(j=0;j<33;j++) if(i+j < 33) r2[i+j] += m[i]*q3[j]; for(i=0;i<32;i++) { carry = r2[i] >> 8; r2[i+1] += carry; r2[i] &= 0xff; } for(i=0;i<32;i++) { pb += r2[i]; b = lt(r1[i],pb); r[i] = r1[i]-pb+(b<<8); pb = b; } /* XXX: Can it really happen that r<0?, See HAC, Alg 14.42, Step 3 * r is an unsigned type. * If so: Handle it here! */ reduce_add_sub(r); reduce_add_sub(r); }
/* Reduce coefficients of x before calling barrett_reduce */ static void barrett_reduce(sc25519 *r, const crypto_uint32 x[64]) { /* See HAC, Alg. 14.42 */ int i,j; crypto_uint32 q2[66] = {0}; crypto_uint32 *q3 = q2 + 33; crypto_uint32 r1[33]; crypto_uint32 r2[33] = {0}; crypto_uint32 carry; int b, pb=0; for(i=0; i<33; i++) for(j=0; j<33; j++) if(i+j >= 31) q2[i+j] += mu[i]*x[j+31]; carry = q2[31] >> 8; q2[32] += carry; carry = q2[32] >> 8; q2[33] += carry; for(i=0; i<33; i++)r1[i] = x[i]; for(i=0; i<32; i++) { for(j=0; j<33; j++) { if(i+j < 33) { /* coverity[overrun-local] */ r2[i+j] += m[i]*q3[j]; } } } for(i=0; i<32; i++) { carry = r2[i] >> 8; r2[i+1] += carry; r2[i] &= 0xff; } for(i=0; i<32; i++) { b = (r1[i]<pb+r2[i]); r->v[i] = r1[i]-pb-r2[i]+b*256; pb = b; } /* XXX: Can it really happen that r<0?, See HAC, Alg 14.42, Step 3 * If so: Handle it here! */ reduce_add_sub(r); reduce_add_sub(r); }
/* Reduce coefficients of x before calling barrett_reduce */ static void barrett_reduce(scp256 *r, const unsigned int x[64]) { /* See HAC, Alg. 14.42 */ int i,j; unsigned int q2[66] = {0}; unsigned int *q3 = q2 + 33; unsigned int r1[33]; unsigned int r2[33] = {0}; unsigned char t[33]; unsigned int carry; int b, pb=0; for(i=0;i<33;i++) for(j=max(31-i,0);j<33;j++) q2[i+j] += mu[i]*x[j+31]; carry = q2[31] >> 8; q2[32] += carry; carry = q2[32] >> 8; q2[33] += carry; for(i=0;i<33;i++)r1[i] = x[i]; for(i=0;i<32;i++) for(j=0;j<33-i;j++) r2[i+j] += m[i]*q3[j]; for(i=0;i<32;i++) { carry = r2[i] >> 8; r2[i+1] += carry; r2[i] &= 0xff; } //issue: 3*m overflows a 32 byte word //solution is to change reduce for(i=0;i<33;i++) { b = (r1[i]<pb+r2[i]); t[i] = r1[i]-pb-r2[i]+b*256; pb = b; } /*Why this? because t is 33 bytes, not 32.*/ for(i=0; i<32; i++){ r->v[i]=t[i]; } r->v[31]+=256*t[32]; reduce_add_sub(r); reduce_add_sub(r); }
void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y) { int i; crypto_uint32 t[32]; t[0] = x->v[0] + 0x1da; t[31] = x->v[31] + 0xfe; for(i=1;i<31;i++) t[i] = x->v[i] + 0x1fe; for(i=0;i<32;i++) r->v[i] = t[i] - y->v[i]; reduce_add_sub(r); }
void scp256_add(scp256 *r, scp256 *x, scp256 *y) { int i, carry; for(i=0;i<32;i++) r->v[i] = x->v[i] + y->v[i]; for(i=0;i<31;i++) { carry = r->v[i] >> 8; r->v[i+1] += carry; r->v[i] &= 0xff; } reduce_add_sub(r); }
void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y) { int i, carry; for(i=0; i<32; i++) r->v[i] = x->v[i] + y->v[i]; for(i=0; i<31; i++) { carry = r->v[i] >> 8; r->v[i+1] += carry; r->v[i] &= 0xff; } reduce_add_sub(r); }
void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y) { int i; for(i=0;i<32;i++) r->v[i] = x->v[i] + y->v[i]; reduce_add_sub(r); }