fe25519_sub.c 769 B

12345678910111213141516171819202122232425262728293031323334
  1. #include "fe25519.h"
  2. void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y)
  3. {
  4. fe25519 yt = *y;
  5. /* Not required for reduced input */
  6. unsigned long long t;
  7. t = yt.v[0] >> 51;
  8. yt.v[0] &= 2251799813685247;
  9. yt.v[1] += t;
  10. t = yt.v[1] >> 51;
  11. yt.v[1] &= 2251799813685247;
  12. yt.v[2] += t;
  13. t = yt.v[2] >> 51;
  14. yt.v[2] &= 2251799813685247;
  15. yt.v[3] += t;
  16. t = yt.v[3] >> 51;
  17. yt.v[3] &= 2251799813685247;
  18. yt.v[4] += t;
  19. t = yt.v[4] >> 51;
  20. yt.v[4] &= 2251799813685247;
  21. yt.v[0] += 19*t;
  22. r->v[0] = x->v[0] + 0xFFFFFFFFFFFDA - yt.v[0];
  23. r->v[1] = x->v[1] + 0xFFFFFFFFFFFFE - yt.v[1];
  24. r->v[2] = x->v[2] + 0xFFFFFFFFFFFFE - yt.v[2];
  25. r->v[3] = x->v[3] + 0xFFFFFFFFFFFFE - yt.v[3];
  26. r->v[4] = x->v[4] + 0xFFFFFFFFFFFFE - yt.v[4];
  27. }