Commit 263c444738
Changed files (3)
lib
std
crypto
lib/std/crypto/25519/curve25519.zig
@@ -44,7 +44,7 @@ pub const Curve25519 = struct {
var z3 = Fe.one;
var swap: u8 = 0;
var pos: usize = bits - 1;
- while (true) {
+ while (true) : (pos -= 1) {
const b = (s[pos / 8] >> @intCast(u3, pos & 7)) & 1;
swap ^= b;
Fe.cSwap2(&x2, &x3, &z2, &z3, swap);
@@ -68,7 +68,6 @@ pub const Curve25519 = struct {
z3 = x1.mul(z2);
z2 = tmp1.mul(tmp0);
if (pos == 0) break;
- pos -= 1;
}
Fe.cSwap2(&x2, &x3, &z2, &z3, swap);
z2 = z2.invert();
lib/std/crypto/25519/edwards25519.zig
@@ -132,12 +132,11 @@ pub const Edwards25519 = struct {
fn pcMul(pc: [16]Edwards25519, s: [32]u8) !Edwards25519 {
var q = Edwards25519.identityElement();
var pos: usize = 252;
- while (true) {
+ while (true) : (pos -= 4) {
q = q.dbl().dbl().dbl().dbl();
const b = (s[pos / 8] >> @intCast(u3, pos & 7)) & 0xf;
q = q.add(pcSelect(pc, b));
if (pos == 0) break;
- pos -= 4;
}
try q.rejectIdentity();
return q;
lib/std/crypto/25519/scalar.zig
@@ -116,13 +116,12 @@ pub fn rejectNonCanonical(s: [32]u8) !void {
var c: u8 = 0;
var n: u8 = 1;
var i: usize = 31;
- while (true) {
+ while (true) : (i -= 1) {
const xs = @as(u16, s[i]);
const xfield_size = @as(u16, field_size[i]);
c |= @intCast(u8, ((xs -% xfield_size) >> 8) & n);
n &= @intCast(u8, ((xs ^ xfield_size) -% 1) >> 8);
if (i == 0) break;
- i -= 1;
}
if (c == 0) {
return error.NonCanonical;