Comment improvements for x86_64 ecc_secp256r1_redc

author: Niels Möller <nisse@lysator.liu.se> 2021-12-01 22:20:10 +0100
committer: Niels Möller <nisse@lysator.liu.se> 2021-12-01 22:20:10 +0100
commit: 0ea74c0238e3f8be2293a1d32aac2292381ef81f (patch)
tree: 10b2c04e1f72bc96f3df3b76a645c65a993dccb5 /x86_64
parent: d2e4e5311a84f2ca6144378aaa8d3b8a6d76dd5e (diff)
download: nettle-0ea74c0238e3f8be2293a1d32aac2292381ef81f.tar.gz
1 files changed, 5 insertions, 3 deletions
diff --git a/x86_64/ecc-secp256r1-redc.asm b/x86_64/ecc-secp256r1-redc.asm
index a03059ae..91f55225 100644
--- a/x86_64/ecc-secp256r1-redc.asm
+++ b/x86_64/ecc-secp256r1-redc.asm
@@ -47,7 +47,7 @@ define(`F1', `%r13')
 define(`F2', `%rbx')
 define(`F3', `%rbp')
 
-C FOLD(x), sets (F3,F2,F1,F0)  <-- (x << 224) - (x << 128) - (x<<32)
+C FOLD(x), sets (F3,F2,F1,F0)  <-- (x << 160) - (x << 128) - (x<<32)
 define(`FOLD', `
 	mov	$1, F2
 	mov	$1, F3
@@ -104,8 +104,10 @@ PROLOGUE(_nettle_ecc_secp256r1_redc)
 	adc	U6, U2
 	adc	56(XP), U3
 
-	C If carry, we need to add in
-	C 2^256 - p = <0xfffffffe, 0xff..ff, 0xffffffff00000000, 1>
+	C Sum, including carry, is < 2^{256} + p.
+	C If carry, we need to add in 2^{256} mod p = 2^{256} - p
+	C     = <0xfffffffe, 0xff..ff, 0xffffffff00000000, 1>
+	C and this addition can not overflow.
 	sbb	F2, F2
 	mov	F2, F0
 	mov	F2, F1
author	Niels Möller <nisse@lysator.liu.se>	2021-12-01 22:20:10 +0100
committer	Niels Möller <nisse@lysator.liu.se>	2021-12-01 22:20:10 +0100
commit	0ea74c0238e3f8be2293a1d32aac2292381ef81f (patch)
tree	10b2c04e1f72bc96f3df3b76a645c65a993dccb5 /x86_64
parent	d2e4e5311a84f2ca6144378aaa8d3b8a6d76dd5e (diff)
download	nettle-0ea74c0238e3f8be2293a1d32aac2292381ef81f.tar.gz