Skip to content

Commit

Permalink
internal/sm2ec: fix order asm inverse
Browse files Browse the repository at this point in the history
  • Loading branch information
@emmansun
emmansun authored Aug 19, 2024
1 parent dd5b54f commit 1f2a939
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions internal/sm2ec/p256_asm_ord.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ func P256OrdInverse(k []byte) ([]byte, error) {
}
x := new(p256OrdElement)
p256OrdBigToLittle(x, (*[32]byte)(k))
p256OrdMul(x, x, RR)
// Inversion is implemented as exponentiation with exponent p − 2.
// The sequence of 41 multiplications and 253 squarings is derived from the
// following addition chain generated with github.com/mmcloughlin/addchain v0.4.0.
Expand Down Expand Up @@ -65,7 +66,7 @@ func P256OrdInverse(k []byte) ([]byte, error) {
// i244 = ((i231 << 2 + _11) << 7 + _111111) << 2
// i262 = ((1 + i244) << 10 + _1001) << 5 + _111
// i277 = ((i262 << 5 + _111) << 4 + _101) << 4
// return ((_101 + i277) << 9 + _1001) << 5 + _11
// return ((_101 + i277) << 9 + _1001) << 5 + 1
//
var z = new(p256OrdElement)
var t0 = new(p256OrdElement)
Expand Down Expand Up @@ -155,7 +156,7 @@ func P256OrdInverse(k []byte) ([]byte, error) {
p256OrdSqr(t1, t1, 9)
p256OrdMul(t0, t0, t1)
p256OrdSqr(t0, t0, 5)
p256OrdMul(z, z, t0)
p256OrdMul(z, x, t0)
return p256OrderFromMont(z), nil
}

Expand Down

1 comment on commit 1f2a939

@emmansun
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#241

Please sign in to comment.