From 66ba485103d2ced12d33c4291fbccd3c8d20df90 Mon Sep 17 00:00:00 2001
From: David Nevado <david@davidnevado.xyz>
Date: Wed, 6 Mar 2024 19:18:27 +0100
Subject: [PATCH] fix: fip FLAG_BITS

---
 src/derive/curve.rs | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/derive/curve.rs b/src/derive/curve.rs
index 981df88e..e984bcc2 100644
--- a/src/derive/curve.rs
+++ b/src/derive/curve.rs
@@ -140,12 +140,12 @@ macro_rules! new_curve_impl {
                 #[allow(non_upper_case_globals)]
                 const [< $name _FLAG_BITS >]: u8 =
                 if $spare_bits == 1 {
-                    0b0111_1111
+                    0b1000_0000
                 } else if $spare_bits == 2 {
-                    0b0011_1111
+                    0b1100_0000
                 } else {
                     //$spare_bits == 0
-                    0b0000_0000
+                    0b1111_1111
                 };
 
                 impl group::GroupEncoding for $name_affine {
@@ -175,7 +175,7 @@ macro_rules! new_curve_impl {
                         };
 
                         // Clear flag bits
-                        tmp[[< $name _FLAG_BYTE_INDEX>]] &= [< $name _FLAG_BITS >];
+                        tmp[[< $name _FLAG_BYTE_INDEX>]] &= ![< $name _FLAG_BITS >];
 
                         // Get x-coordinate
                         let mut xbytes = [0u8; $base::size()];
@@ -329,7 +329,7 @@ macro_rules! new_curve_impl {
                                 let identity_flag = Choice::from( ( ( bytes[ flag_idx ] & IS_IDENTITY_MASK) >> IS_IDENTITY_SHIFT) );
 
                                 // Clear flags.
-                                bytes[flag_idx] &= [< $name _FLAG_BITS >];
+                                bytes[flag_idx] &= ![< $name _FLAG_BITS >];
                                 identity_flag
                             } else {
                                 // With 0 and 1 spare bit there is no identity flag, so we just rely