сб, 11 мая 2019 г. в 21:55, Niels Möller nisse@lysator.liu.se:
Dmitry Eremin-Solenikov dbaryshkov@gmail.com writes:
If p is close to B^size / 2, then I think a reduction like
Yes, it is.
As an overflow happens in low level code, do you suggest duplicating ecc-dup-jj/ecc-add-jja/ecc-add-jjj for GOST curves?
I'd prefer not to duplicate the point functions. Could consider doing these operations (or part of them) using indirection via some new function pointer in struct ecc_modulo.
This patch makes things work for me. Does it stand a chance to be applied? I'll run GnuTLS tests against it later. For now I'm running ecc-mul-a-test and ecc-mul-g-test in a loop without any errors.
diff --git a/ecc-mod-arith.c b/ecc-mod-arith.c index f2e47f6747c1..a70ee1228c78 100644 --- a/ecc-mod-arith.c +++ b/ecc-mod-arith.c @@ -103,8 +103,10 @@ ecc_mod_submul_1 (const struct ecc_modulo *m, mp_limb_t *rp, assert (b <= 0xffffffff); hi = mpn_submul_1 (rp, ap, m->size, b); hi = mpn_submul_1 (rp, m->B, m->size, hi); + hi = mpn_submul_1 (rp, m->B, m->size, hi); assert (hi <= 1); hi = cnd_sub_n (hi, rp, m->B, m->size); + hi = cnd_sub_n (hi, rp, m->B, m->size); /* Sufficient roughly if b < B^size / p */ assert (hi == 0); }
Regards, /Niels
-- Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677. Internet email is subject to wholesale government surveillance.