From 57b9031bee05a87691bc693743a0292c16db6605 Mon Sep 17 00:00:00 2001 From: Loup Vaillant Date: Sat, 4 Aug 2018 22:48:20 +0200 Subject: [PATCH] Avoid macros where we can Turns out a simple test (which doesn't depend on a secret) was enough to not need the macro at all. And we still save that multiplication. --- src/monocypher.c | 38 ++++++++++++++++++-------------------- 1 file changed, 18 insertions(+), 20 deletions(-) diff --git a/src/monocypher.c b/src/monocypher.c index 75af683..0c0694a 100644 --- a/src/monocypher.c +++ b/src/monocypher.c @@ -1687,32 +1687,30 @@ static const fe comb_T2[16] = { -11927760, 24989997, -5464220, -26196392, -5839453}, }; -#define LOOKUP_ADD(i) \ - fe_1(yp); \ - fe_1(ym); \ - fe_0(t2); \ - u8 nibble = scalar_bit(scalar, i) \ - | (scalar_bit(scalar, i + 64) << 1) \ - | (scalar_bit(scalar, i + 128) << 2) \ - | (scalar_bit(scalar, i + 192) << 3); \ - FOR (j, 1, 16) { \ - i32 select = (1 & (((j ^ nibble) - 1) >> 8)) - 1; \ - fe_ccopy(yp, comb_Yp[j], select); \ - fe_ccopy(ym, comb_Ym[j], select); \ - fe_ccopy(t2, comb_T2[j], select); \ - } \ - ge_madd(p, p, yp, ym, t2, a, b) - static void ge_scalarmult_base(ge *p, const u8 scalar[32]) { // Double and add ladder fe yp, ym, t2, a, b; // temporaries for addition ge dbl; // temporary for doublings ge_zero(p); - LOOKUP_ADD(63); - for (int i = 62; i >= 0; i--) { - ge_double(p, p, &dbl); - LOOKUP_ADD(i); + for (int i = 63; i >= 0; i--) { + if (i < 63) { + ge_double(p, p, &dbl); + } + fe_1(yp); + fe_1(ym); + fe_0(t2); + u8 nibble = scalar_bit(scalar, i) + | (scalar_bit(scalar, i + 64) << 1) + | (scalar_bit(scalar, i + 128) << 2) + | (scalar_bit(scalar, i + 192) << 3); + FOR (j, 1, 16) { + i32 select = (1 & (((j ^ nibble) - 1) >> 8)) - 1; + fe_ccopy(yp, comb_Yp[j], select); + fe_ccopy(ym, comb_Ym[j], select); + fe_ccopy(t2, comb_T2[j], select); + } + ge_madd(p, p, yp, ym, t2, a, b); } WIPE_CTX(&dbl); WIPE_BUFFER(ym); WIPE_BUFFER(yp); WIPE_BUFFER(t2); -- 2.47.3