mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 02:15:40 +01:00
Improve comments on parity trick
This commit is contained in:
parent
95aedfea33
commit
fd87e354f6
@ -119,7 +119,7 @@ mbedtls_ecp_point;
|
||||
* 1. Short Weierstrass y^2 = x^3 + A x + B mod P (SEC1 + RFC 4492)
|
||||
* 2. Montgomery, y^2 = x^3 + A x^2 + x mod P (Curve25519 + draft)
|
||||
* In both cases, a generator G for a prime-order subgroup is fixed. In the
|
||||
* short weierstrass, this subgroup is actually the whole curve, and its
|
||||
* Short Weierstrass case, this subgroup is actually the whole curve, and its
|
||||
* cardinal is denoted by N.
|
||||
*
|
||||
* In the case of Short Weierstrass curves, our code requires that N is an odd
|
||||
|
@ -1751,6 +1751,9 @@ cleanup:
|
||||
* this wrapper ensures that by replacing m by N - m if necessary, and
|
||||
* informs the caller that the result of multiplication will be negated.
|
||||
*
|
||||
* This works because we only support large prime order for Short Weierstrass
|
||||
* curves, so N is always odd hence either m or N - m is.
|
||||
*
|
||||
* See ecp_comb_recode_core() for background.
|
||||
*/
|
||||
static int ecp_comb_recode_scalar( const mbedtls_ecp_group *grp,
|
||||
@ -1766,7 +1769,7 @@ static int ecp_comb_recode_scalar( const mbedtls_ecp_group *grp,
|
||||
mbedtls_mpi_init( &M );
|
||||
mbedtls_mpi_init( &mm );
|
||||
|
||||
/* N is odd with all real-world curves, just make extra sure */
|
||||
/* N is always odd (see above), just make extra sure */
|
||||
if( mbedtls_mpi_get_bit( &grp->N, 0 ) != 1 )
|
||||
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user