Avoid macros where we can

Turns out a simple test (which doesn't depend on a secret) was enough to
not need the macro at all.  And we still save that multiplication.

diff --git a/src/monocypher.c b/src/monocypher.c
index 75af683d2e4d70ebc8e51d7af09eed09bbe5270d..0c0694a5f654011d60000a7975146553718a83ab 100644 (file)
--- a/src/monocypher.c
+++ b/src/monocypher.c
@@ -1687,32 +1687,30 @@ static const fe comb_T2[16] = {
      -11927760, 24989997, -5464220, -26196392, -5839453},
 };
 
-#define LOOKUP_ADD(i)                                     \
-    fe_1(yp);                                             \
-    fe_1(ym);                                             \
-    fe_0(t2);                                             \
-    u8 nibble = scalar_bit(scalar, i)                     \
-        |      (scalar_bit(scalar, i +  64) << 1)         \
-        |      (scalar_bit(scalar, i + 128) << 2)         \
-        |      (scalar_bit(scalar, i + 192) << 3);        \
-    FOR (j, 1, 16) {                                      \
-        i32 select = (1 & (((j ^ nibble) - 1) >> 8)) - 1; \
-        fe_ccopy(yp, comb_Yp[j], select);                 \
-        fe_ccopy(ym, comb_Ym[j], select);                 \
-        fe_ccopy(t2, comb_T2[j], select);                 \
-    }                                                     \
-    ge_madd(p, p, yp, ym, t2, a, b)
-
 static void ge_scalarmult_base(ge *p, const u8 scalar[32])
 {
     // Double and add ladder
     fe yp, ym, t2, a, b; // temporaries for addition
     ge dbl;              // temporary for doublings
     ge_zero(p);
-    LOOKUP_ADD(63);
-    for (int i = 62; i >= 0; i--) {
-        ge_double(p, p, &dbl);
-        LOOKUP_ADD(i);
+    for (int i = 63; i >= 0; i--) {
+        if (i < 63) {
+            ge_double(p, p, &dbl);
+        }
+        fe_1(yp);
+        fe_1(ym);
+        fe_0(t2);
+        u8 nibble = scalar_bit(scalar, i)
+            |      (scalar_bit(scalar, i +  64) << 1)
+            |      (scalar_bit(scalar, i + 128) << 2)
+            |      (scalar_bit(scalar, i + 192) << 3);
+        FOR (j, 1, 16) {
+            i32 select = (1 & (((j ^ nibble) - 1) >> 8)) - 1;
+            fe_ccopy(yp, comb_Yp[j], select);
+            fe_ccopy(ym, comb_Ym[j], select);
+            fe_ccopy(t2, comb_T2[j], select);
+        }
+        ge_madd(p, p, yp, ym, t2, a, b);
     }
     WIPE_CTX(&dbl);
     WIPE_BUFFER(ym);  WIPE_BUFFER(yp);  WIPE_BUFFER(t2);