Updated is my code constant time? (markdown)

is-my-code-constant-time?.md

@@ -13,3 +13,37 @@ SM2 Key Exchange要去除big.Int依赖，看起来比ECDH困难得多，主要
 
 ![image](https://user-images.githubusercontent.com/7235232/184781672-60fe4f00-8bab-42f0-960e-e47eb7d3d72f.png)
 
+
+来自[ipp-crypto](https://github.com/intel/ipp-crypto)的实现可供参考，待十月份取消golang 1.15后再考虑实现一个用于TLCP的不用big.Int的SM2 Key Exchange。
+
+```c
+/**
+ * @brief
+ * reduction for the SM2 Key Exchange standard
+ * x` = 2^w + (x & (2^w – 1))
+ * when
+ * w = log2(n)/2 - 1, n - number bytes order
+ * @param[out] r   reduction value x`
+ * @param[in]  a   value x
+ * @param[in]  pEC context Elliptic Curve
+ */
+__INLINE void cpSM2KE_reduction_x2w(BNU_CHUNK_T *r, const BNU_CHUNK_T *a, const IppsGFpECState *pEC)
+{
+   const gsModEngine *pME = GFP_PMA(ECP_GFP(pEC));
+
+   const int elemBits = GFP_FEBITLEN(pME); /* size Bits */
+   const int elemSize = GFP_FELEN(pME);    /* size BNU_CHUNK */
+   /* compute w = [log2(n)/2 - 1] */
+   const int w = ((elemBits + 1) / 2 - 1);
+
+   /* compute copy BNU_CHUNK */
+   const int num_copy_bc   = (w + (BNU_CHUNK_BITS - 1)) / BNU_CHUNK_BITS; // 2
+   const int num_bit_shift = (w - (num_copy_bc - 1) * BNU_CHUNK_BITS);  // 63
+   const BNU_CHUNK_T vadd  = (BNU_CHUNK_T)(1ULL << num_bit_shift); // 1<<63 = 0x8000000000000000
+   const BNU_CHUNK_T mask  = (BNU_CHUNK_T)(vadd - 1); // 0x7fffffffffffffff
+
+   ZEXPAND_COPY_BNU(r, elemSize, a, num_copy_bc);  // copy 2 64 bits of a to r
+   r[num_copy_bc - 1] = (r[num_copy_bc - 1] & mask) + vadd;
+   return;
+}
+```