mirror of
https://github.com/bitcoin/bitcoin.git
synced 2025-01-27 19:47:30 -03:00
Merge pull request #102
a099073
Enable warnings. (Gregory Maxwell)861f9a5
field_gmp's negate doesn't need to use the magnitude argument. (Gregory Maxwell)f0709ac
Avoid forward static decl of undefined functions, also fix a paren warning in the tests. (Gregory Maxwell)3276e7d
Signed/unsigned comparisons in tests. (Gregory Maxwell)850562e
Avoid unsigned comparison in scalar arith. (Gregory Maxwell)65a14ab
Fix varrious signed/unsigned comparisons. (Gregory Maxwell)e9e0e21
Avoid a shadowed variable. (Gregory Maxwell)e28a8b8
Remove a VERIFY_CHECK for >=0ness on an unsigned type. (Gregory Maxwell)2cad067
Correct function prototypes and avoid unused parameter warnings. (Gregory Maxwell)a4a43d7
Reorder static to comply with C99 and switch to the inline macro. (Gregory Maxwell)
This commit is contained in:
commit
027eb9c610
29 changed files with 369 additions and 337 deletions
|
@ -37,7 +37,8 @@ noinst_HEADERS += src/field_5x52_int128_impl.h
|
||||||
noinst_HEADERS += src/field_5x52_asm_impl.h
|
noinst_HEADERS += src/field_5x52_asm_impl.h
|
||||||
noinst_HEADERS += src/java/org_bitcoin_NativeSecp256k1.h
|
noinst_HEADERS += src/java/org_bitcoin_NativeSecp256k1.h
|
||||||
noinst_HEADERS += src/util.h
|
noinst_HEADERS += src/util.h
|
||||||
noinst_HEADERS += src/util_impl.h
|
noinst_HEADERS += src/testrand.h
|
||||||
|
noinst_HEADERS += src/testrand_impl.h
|
||||||
noinst_HEADERS += src/field_gmp.h
|
noinst_HEADERS += src/field_gmp.h
|
||||||
noinst_HEADERS += src/field_gmp_impl.h
|
noinst_HEADERS += src/field_gmp_impl.h
|
||||||
noinst_HEADERS += src/field.h
|
noinst_HEADERS += src/field.h
|
||||||
|
|
13
configure.ac
13
configure.ac
|
@ -39,6 +39,19 @@ case $host_os in
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
CFLAGS="$CFLAGS -W"
|
||||||
|
|
||||||
|
warn_CFLAGS="-Wall -Wextra -Wcast-align -Wnested-externs -Wshadow -Wstrict-prototypes -Wno-unused-function"
|
||||||
|
saved_CFLAGS="$CFLAGS"
|
||||||
|
CFLAGS="$CFLAGS $warn_CFLAGS"
|
||||||
|
AC_MSG_CHECKING([if ${CC} supports ${warn_CFLAGS}])
|
||||||
|
AC_COMPILE_IFELSE([AC_LANG_SOURCE([[char foo;]])],
|
||||||
|
[ AC_MSG_RESULT([yes]) ],
|
||||||
|
[ AC_MSG_RESULT([no])
|
||||||
|
CFLAGS="$saved_CFLAGS"
|
||||||
|
])
|
||||||
|
|
||||||
|
|
||||||
AC_ARG_ENABLE(benchmark,
|
AC_ARG_ENABLE(benchmark,
|
||||||
AS_HELP_STRING([--enable-benchmark],[compile benchmark (default is yes)]),
|
AS_HELP_STRING([--enable-benchmark],[compile benchmark (default is yes)]),
|
||||||
[use_benchmark=$enableval],
|
[use_benchmark=$enableval],
|
||||||
|
|
|
@ -4,13 +4,15 @@
|
||||||
|
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
|
|
||||||
|
#include "include/secp256k1.h"
|
||||||
|
|
||||||
#include "util.h"
|
#include "util.h"
|
||||||
#include "num_impl.h"
|
#include "num_impl.h"
|
||||||
#include "field_impl.h"
|
#include "field_impl.h"
|
||||||
#include "group_impl.h"
|
#include "group_impl.h"
|
||||||
#include "scalar_impl.h"
|
#include "scalar_impl.h"
|
||||||
|
|
||||||
int main() {
|
int main(void) {
|
||||||
static const unsigned char init[32] = {
|
static const unsigned char init[32] = {
|
||||||
0x02, 0x03, 0x05, 0x07, 0x0b, 0x0d, 0x11, 0x13,
|
0x02, 0x03, 0x05, 0x07, 0x0b, 0x0d, 0x11, 0x13,
|
||||||
0x17, 0x1d, 0x1f, 0x25, 0x29, 0x2b, 0x2f, 0x35,
|
0x17, 0x1d, 0x1f, 0x25, 0x29, 0x2b, 0x2f, 0x35,
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
#include "include/secp256k1.h"
|
#include "include/secp256k1.h"
|
||||||
#include "util.h"
|
#include "util.h"
|
||||||
|
|
||||||
int main() {
|
int main(void) {
|
||||||
secp256k1_start(SECP256K1_START_SIGN);
|
secp256k1_start(SECP256K1_START_SIGN);
|
||||||
|
|
||||||
unsigned char msg[32];
|
unsigned char msg[32];
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
#include "include/secp256k1.h"
|
#include "include/secp256k1.h"
|
||||||
#include "util.h"
|
#include "util.h"
|
||||||
|
|
||||||
int main() {
|
int main(void) {
|
||||||
secp256k1_start(SECP256K1_START_VERIFY);
|
secp256k1_start(SECP256K1_START_VERIFY);
|
||||||
|
|
||||||
unsigned char msg[32];
|
unsigned char msg[32];
|
||||||
|
|
12
src/ecdsa.h
12
src/ecdsa.h
|
@ -11,11 +11,11 @@ typedef struct {
|
||||||
secp256k1_num_t r, s;
|
secp256k1_num_t r, s;
|
||||||
} secp256k1_ecdsa_sig_t;
|
} secp256k1_ecdsa_sig_t;
|
||||||
|
|
||||||
int static secp256k1_ecdsa_sig_parse(secp256k1_ecdsa_sig_t *r, const unsigned char *sig, int size);
|
static int secp256k1_ecdsa_sig_parse(secp256k1_ecdsa_sig_t *r, const unsigned char *sig, int size);
|
||||||
int static secp256k1_ecdsa_sig_serialize(unsigned char *sig, int *size, const secp256k1_ecdsa_sig_t *a);
|
static int secp256k1_ecdsa_sig_serialize(unsigned char *sig, int *size, const secp256k1_ecdsa_sig_t *a);
|
||||||
int static secp256k1_ecdsa_sig_verify(const secp256k1_ecdsa_sig_t *sig, const secp256k1_ge_t *pubkey, const secp256k1_num_t *message);
|
static int secp256k1_ecdsa_sig_verify(const secp256k1_ecdsa_sig_t *sig, const secp256k1_ge_t *pubkey, const secp256k1_num_t *message);
|
||||||
int static secp256k1_ecdsa_sig_sign(secp256k1_ecdsa_sig_t *sig, const secp256k1_scalar_t *seckey, const secp256k1_scalar_t *message, const secp256k1_scalar_t *nonce, int *recid);
|
static int secp256k1_ecdsa_sig_sign(secp256k1_ecdsa_sig_t *sig, const secp256k1_scalar_t *seckey, const secp256k1_scalar_t *message, const secp256k1_scalar_t *nonce, int *recid);
|
||||||
int static secp256k1_ecdsa_sig_recover(const secp256k1_ecdsa_sig_t *sig, secp256k1_ge_t *pubkey, const secp256k1_num_t *message, int recid);
|
static int secp256k1_ecdsa_sig_recover(const secp256k1_ecdsa_sig_t *sig, secp256k1_ge_t *pubkey, const secp256k1_num_t *message, int recid);
|
||||||
void static secp256k1_ecdsa_sig_set_rs(secp256k1_ecdsa_sig_t *sig, const secp256k1_num_t *r, const secp256k1_num_t *s);
|
static void secp256k1_ecdsa_sig_set_rs(secp256k1_ecdsa_sig_t *sig, const secp256k1_num_t *r, const secp256k1_num_t *s);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -12,7 +12,7 @@
|
||||||
#include "ecmult_gen.h"
|
#include "ecmult_gen.h"
|
||||||
#include "ecdsa.h"
|
#include "ecdsa.h"
|
||||||
|
|
||||||
int static secp256k1_ecdsa_sig_parse(secp256k1_ecdsa_sig_t *r, const unsigned char *sig, int size) {
|
static int secp256k1_ecdsa_sig_parse(secp256k1_ecdsa_sig_t *r, const unsigned char *sig, int size) {
|
||||||
if (sig[0] != 0x30) return 0;
|
if (sig[0] != 0x30) return 0;
|
||||||
int lenr = sig[3];
|
int lenr = sig[3];
|
||||||
if (5+lenr >= size) return 0;
|
if (5+lenr >= size) return 0;
|
||||||
|
@ -28,7 +28,7 @@ int static secp256k1_ecdsa_sig_parse(secp256k1_ecdsa_sig_t *r, const unsigned ch
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_ecdsa_sig_serialize(unsigned char *sig, int *size, const secp256k1_ecdsa_sig_t *a) {
|
static int secp256k1_ecdsa_sig_serialize(unsigned char *sig, int *size, const secp256k1_ecdsa_sig_t *a) {
|
||||||
int lenR = (secp256k1_num_bits(&a->r) + 7)/8;
|
int lenR = (secp256k1_num_bits(&a->r) + 7)/8;
|
||||||
if (lenR == 0 || secp256k1_num_get_bit(&a->r, lenR*8-1))
|
if (lenR == 0 || secp256k1_num_get_bit(&a->r, lenR*8-1))
|
||||||
lenR++;
|
lenR++;
|
||||||
|
@ -49,7 +49,7 @@ int static secp256k1_ecdsa_sig_serialize(unsigned char *sig, int *size, const se
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_ecdsa_sig_recompute(secp256k1_num_t *r2, const secp256k1_ecdsa_sig_t *sig, const secp256k1_ge_t *pubkey, const secp256k1_num_t *message) {
|
static int secp256k1_ecdsa_sig_recompute(secp256k1_num_t *r2, const secp256k1_ecdsa_sig_t *sig, const secp256k1_ge_t *pubkey, const secp256k1_num_t *message) {
|
||||||
const secp256k1_ge_consts_t *c = secp256k1_ge_consts;
|
const secp256k1_ge_consts_t *c = secp256k1_ge_consts;
|
||||||
|
|
||||||
if (secp256k1_num_is_neg(&sig->r) || secp256k1_num_is_neg(&sig->s))
|
if (secp256k1_num_is_neg(&sig->r) || secp256k1_num_is_neg(&sig->s))
|
||||||
|
@ -83,7 +83,7 @@ int static secp256k1_ecdsa_sig_recompute(secp256k1_num_t *r2, const secp256k1_ec
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_ecdsa_sig_recover(const secp256k1_ecdsa_sig_t *sig, secp256k1_ge_t *pubkey, const secp256k1_num_t *message, int recid) {
|
static int secp256k1_ecdsa_sig_recover(const secp256k1_ecdsa_sig_t *sig, secp256k1_ge_t *pubkey, const secp256k1_num_t *message, int recid) {
|
||||||
const secp256k1_ge_consts_t *c = secp256k1_ge_consts;
|
const secp256k1_ge_consts_t *c = secp256k1_ge_consts;
|
||||||
|
|
||||||
if (secp256k1_num_is_neg(&sig->r) || secp256k1_num_is_neg(&sig->s))
|
if (secp256k1_num_is_neg(&sig->r) || secp256k1_num_is_neg(&sig->s))
|
||||||
|
@ -128,7 +128,7 @@ int static secp256k1_ecdsa_sig_recover(const secp256k1_ecdsa_sig_t *sig, secp256
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_ecdsa_sig_verify(const secp256k1_ecdsa_sig_t *sig, const secp256k1_ge_t *pubkey, const secp256k1_num_t *message) {
|
static int secp256k1_ecdsa_sig_verify(const secp256k1_ecdsa_sig_t *sig, const secp256k1_ge_t *pubkey, const secp256k1_num_t *message) {
|
||||||
secp256k1_num_t r2;
|
secp256k1_num_t r2;
|
||||||
secp256k1_num_init(&r2);
|
secp256k1_num_init(&r2);
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
@ -137,7 +137,7 @@ int static secp256k1_ecdsa_sig_verify(const secp256k1_ecdsa_sig_t *sig, const se
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_ecdsa_sig_sign(secp256k1_ecdsa_sig_t *sig, const secp256k1_scalar_t *seckey, const secp256k1_scalar_t *message, const secp256k1_scalar_t *nonce, int *recid) {
|
static int secp256k1_ecdsa_sig_sign(secp256k1_ecdsa_sig_t *sig, const secp256k1_scalar_t *seckey, const secp256k1_scalar_t *message, const secp256k1_scalar_t *nonce, int *recid) {
|
||||||
secp256k1_gej_t rp;
|
secp256k1_gej_t rp;
|
||||||
secp256k1_ecmult_gen(&rp, nonce);
|
secp256k1_ecmult_gen(&rp, nonce);
|
||||||
secp256k1_ge_t r;
|
secp256k1_ge_t r;
|
||||||
|
@ -172,7 +172,7 @@ int static secp256k1_ecdsa_sig_sign(secp256k1_ecdsa_sig_t *sig, const secp256k1_
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_ecdsa_sig_set_rs(secp256k1_ecdsa_sig_t *sig, const secp256k1_num_t *r, const secp256k1_num_t *s) {
|
static void secp256k1_ecdsa_sig_set_rs(secp256k1_ecdsa_sig_t *sig, const secp256k1_num_t *r, const secp256k1_num_t *s) {
|
||||||
secp256k1_num_copy(&sig->r, r);
|
secp256k1_num_copy(&sig->r, r);
|
||||||
secp256k1_num_copy(&sig->s, s);
|
secp256k1_num_copy(&sig->s, s);
|
||||||
}
|
}
|
||||||
|
|
16
src/eckey.h
16
src/eckey.h
|
@ -9,15 +9,15 @@
|
||||||
#include "scalar.h"
|
#include "scalar.h"
|
||||||
#include "num.h"
|
#include "num.h"
|
||||||
|
|
||||||
int static secp256k1_eckey_pubkey_parse(secp256k1_ge_t *elem, const unsigned char *pub, int size);
|
static int secp256k1_eckey_pubkey_parse(secp256k1_ge_t *elem, const unsigned char *pub, int size);
|
||||||
void static secp256k1_eckey_pubkey_serialize(secp256k1_ge_t *elem, unsigned char *pub, int *size, int compressed);
|
static void secp256k1_eckey_pubkey_serialize(secp256k1_ge_t *elem, unsigned char *pub, int *size, int compressed);
|
||||||
|
|
||||||
int static secp256k1_eckey_privkey_parse(secp256k1_scalar_t *key, const unsigned char *privkey, int privkeylen);
|
static int secp256k1_eckey_privkey_parse(secp256k1_scalar_t *key, const unsigned char *privkey, int privkeylen);
|
||||||
int static secp256k1_eckey_privkey_serialize(unsigned char *privkey, int *privkeylen, const secp256k1_scalar_t *key, int compressed);
|
static int secp256k1_eckey_privkey_serialize(unsigned char *privkey, int *privkeylen, const secp256k1_scalar_t *key, int compressed);
|
||||||
|
|
||||||
int static secp256k1_eckey_privkey_tweak_add(secp256k1_scalar_t *key, const secp256k1_scalar_t *tweak);
|
static int secp256k1_eckey_privkey_tweak_add(secp256k1_scalar_t *key, const secp256k1_scalar_t *tweak);
|
||||||
int static secp256k1_eckey_pubkey_tweak_add(secp256k1_ge_t *key, const secp256k1_num_t *tweak);
|
static int secp256k1_eckey_pubkey_tweak_add(secp256k1_ge_t *key, const secp256k1_num_t *tweak);
|
||||||
int static secp256k1_eckey_privkey_tweak_mul(secp256k1_scalar_t *key, const secp256k1_scalar_t *tweak);
|
static int secp256k1_eckey_privkey_tweak_mul(secp256k1_scalar_t *key, const secp256k1_scalar_t *tweak);
|
||||||
int static secp256k1_eckey_pubkey_tweak_mul(secp256k1_ge_t *key, const secp256k1_num_t *tweak);
|
static int secp256k1_eckey_pubkey_tweak_mul(secp256k1_ge_t *key, const secp256k1_num_t *tweak);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -12,7 +12,7 @@
|
||||||
#include "group.h"
|
#include "group.h"
|
||||||
#include "ecmult_gen.h"
|
#include "ecmult_gen.h"
|
||||||
|
|
||||||
int static secp256k1_eckey_pubkey_parse(secp256k1_ge_t *elem, const unsigned char *pub, int size) {
|
static int secp256k1_eckey_pubkey_parse(secp256k1_ge_t *elem, const unsigned char *pub, int size) {
|
||||||
if (size == 33 && (pub[0] == 0x02 || pub[0] == 0x03)) {
|
if (size == 33 && (pub[0] == 0x02 || pub[0] == 0x03)) {
|
||||||
secp256k1_fe_t x;
|
secp256k1_fe_t x;
|
||||||
secp256k1_fe_set_b32(&x, pub+1);
|
secp256k1_fe_set_b32(&x, pub+1);
|
||||||
|
@ -30,7 +30,7 @@ int static secp256k1_eckey_pubkey_parse(secp256k1_ge_t *elem, const unsigned cha
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_eckey_pubkey_serialize(secp256k1_ge_t *elem, unsigned char *pub, int *size, int compressed) {
|
static void secp256k1_eckey_pubkey_serialize(secp256k1_ge_t *elem, unsigned char *pub, int *size, int compressed) {
|
||||||
secp256k1_fe_normalize(&elem->x);
|
secp256k1_fe_normalize(&elem->x);
|
||||||
secp256k1_fe_normalize(&elem->y);
|
secp256k1_fe_normalize(&elem->y);
|
||||||
secp256k1_fe_get_b32(&pub[1], &elem->x);
|
secp256k1_fe_get_b32(&pub[1], &elem->x);
|
||||||
|
@ -44,7 +44,7 @@ void static secp256k1_eckey_pubkey_serialize(secp256k1_ge_t *elem, unsigned char
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_eckey_privkey_parse(secp256k1_scalar_t *key, const unsigned char *privkey, int privkeylen) {
|
static int secp256k1_eckey_privkey_parse(secp256k1_scalar_t *key, const unsigned char *privkey, int privkeylen) {
|
||||||
const unsigned char *end = privkey + privkeylen;
|
const unsigned char *end = privkey + privkeylen;
|
||||||
// sequence header
|
// sequence header
|
||||||
if (end < privkey+1 || *privkey != 0x30)
|
if (end < privkey+1 || *privkey != 0x30)
|
||||||
|
@ -80,7 +80,7 @@ int static secp256k1_eckey_privkey_parse(secp256k1_scalar_t *key, const unsigned
|
||||||
return !overflow;
|
return !overflow;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_eckey_privkey_serialize(unsigned char *privkey, int *privkeylen, const secp256k1_scalar_t *key, int compressed) {
|
static int secp256k1_eckey_privkey_serialize(unsigned char *privkey, int *privkeylen, const secp256k1_scalar_t *key, int compressed) {
|
||||||
secp256k1_gej_t rp;
|
secp256k1_gej_t rp;
|
||||||
secp256k1_ecmult_gen(&rp, key);
|
secp256k1_ecmult_gen(&rp, key);
|
||||||
secp256k1_ge_t r;
|
secp256k1_ge_t r;
|
||||||
|
@ -135,14 +135,14 @@ int static secp256k1_eckey_privkey_serialize(unsigned char *privkey, int *privke
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_eckey_privkey_tweak_add(secp256k1_scalar_t *key, const secp256k1_scalar_t *tweak) {
|
static int secp256k1_eckey_privkey_tweak_add(secp256k1_scalar_t *key, const secp256k1_scalar_t *tweak) {
|
||||||
secp256k1_scalar_add(key, key, tweak);
|
secp256k1_scalar_add(key, key, tweak);
|
||||||
if (secp256k1_scalar_is_zero(key))
|
if (secp256k1_scalar_is_zero(key))
|
||||||
return 0;
|
return 0;
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_eckey_pubkey_tweak_add(secp256k1_ge_t *key, const secp256k1_num_t *tweak) {
|
static int secp256k1_eckey_pubkey_tweak_add(secp256k1_ge_t *key, const secp256k1_num_t *tweak) {
|
||||||
if (secp256k1_num_cmp(tweak, &secp256k1_ge_consts->order) >= 0)
|
if (secp256k1_num_cmp(tweak, &secp256k1_ge_consts->order) >= 0)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
|
@ -160,7 +160,7 @@ int static secp256k1_eckey_pubkey_tweak_add(secp256k1_ge_t *key, const secp256k1
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_eckey_privkey_tweak_mul(secp256k1_scalar_t *key, const secp256k1_scalar_t *tweak) {
|
static int secp256k1_eckey_privkey_tweak_mul(secp256k1_scalar_t *key, const secp256k1_scalar_t *tweak) {
|
||||||
if (secp256k1_scalar_is_zero(tweak))
|
if (secp256k1_scalar_is_zero(tweak))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
|
@ -168,7 +168,7 @@ int static secp256k1_eckey_privkey_tweak_mul(secp256k1_scalar_t *key, const secp
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_eckey_pubkey_tweak_mul(secp256k1_ge_t *key, const secp256k1_num_t *tweak) {
|
static int secp256k1_eckey_pubkey_tweak_mul(secp256k1_ge_t *key, const secp256k1_num_t *tweak) {
|
||||||
if (secp256k1_num_is_zero(tweak))
|
if (secp256k1_num_is_zero(tweak))
|
||||||
return 0;
|
return 0;
|
||||||
if (secp256k1_num_cmp(tweak, &secp256k1_ge_consts->order) >= 0)
|
if (secp256k1_num_cmp(tweak, &secp256k1_ge_consts->order) >= 0)
|
||||||
|
|
|
@ -55,7 +55,6 @@ static void secp256k1_ecmult_gen_start(void) {
|
||||||
secp256k1_ge_t prec[1024];
|
secp256k1_ge_t prec[1024];
|
||||||
{
|
{
|
||||||
secp256k1_gej_t precj[1024]; // Jacobian versions of prec.
|
secp256k1_gej_t precj[1024]; // Jacobian versions of prec.
|
||||||
int j = 0;
|
|
||||||
secp256k1_gej_t gbase; gbase = gj; // 16^j * G
|
secp256k1_gej_t gbase; gbase = gj; // 16^j * G
|
||||||
secp256k1_gej_t numsbase; numsbase = nums_gej; // 2^j * nums.
|
secp256k1_gej_t numsbase; numsbase = nums_gej; // 2^j * nums.
|
||||||
for (int j=0; j<64; j++) {
|
for (int j=0; j<64; j++) {
|
||||||
|
@ -81,7 +80,7 @@ static void secp256k1_ecmult_gen_start(void) {
|
||||||
for (int j=0; j<64; j++) {
|
for (int j=0; j<64; j++) {
|
||||||
for (int i=0; i<16; i++) {
|
for (int i=0; i<16; i++) {
|
||||||
const unsigned char* raw = (const unsigned char*)(&prec[j*16 + i]);
|
const unsigned char* raw = (const unsigned char*)(&prec[j*16 + i]);
|
||||||
for (int k=0; k<sizeof(secp256k1_ge_t); k++)
|
for (size_t k=0; k<sizeof(secp256k1_ge_t); k++)
|
||||||
ret->prec[j][k][i] = raw[k];
|
ret->prec[j][k][i] = raw[k];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -99,14 +98,14 @@ static void secp256k1_ecmult_gen_stop(void) {
|
||||||
free(c);
|
free(c);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_ecmult_gen(secp256k1_gej_t *r, const secp256k1_scalar_t *gn) {
|
static void secp256k1_ecmult_gen(secp256k1_gej_t *r, const secp256k1_scalar_t *gn) {
|
||||||
const secp256k1_ecmult_gen_consts_t *c = secp256k1_ecmult_gen_consts;
|
const secp256k1_ecmult_gen_consts_t *c = secp256k1_ecmult_gen_consts;
|
||||||
secp256k1_gej_set_infinity(r);
|
secp256k1_gej_set_infinity(r);
|
||||||
secp256k1_ge_t add;
|
secp256k1_ge_t add;
|
||||||
int bits;
|
int bits;
|
||||||
for (int j=0; j<64; j++) {
|
for (int j=0; j<64; j++) {
|
||||||
bits = secp256k1_scalar_get_bits(gn, j * 4, 4);
|
bits = secp256k1_scalar_get_bits(gn, j * 4, 4);
|
||||||
for (int k=0; k<sizeof(secp256k1_ge_t); k++)
|
for (size_t k=0; k<sizeof(secp256k1_ge_t); k++)
|
||||||
((unsigned char*)(&add))[k] = c->prec[j][k][bits];
|
((unsigned char*)(&add))[k] = c->prec[j][k][bits];
|
||||||
secp256k1_gej_add_ge(r, r, &add);
|
secp256k1_gej_add_ge(r, r, &add);
|
||||||
}
|
}
|
||||||
|
|
|
@ -28,14 +28,14 @@
|
||||||
* To compute a*P + b*G, we use the jacobian version for P, and the affine version for G, as
|
* To compute a*P + b*G, we use the jacobian version for P, and the affine version for G, as
|
||||||
* G is constant, so it only needs to be done once in advance.
|
* G is constant, so it only needs to be done once in advance.
|
||||||
*/
|
*/
|
||||||
void static secp256k1_ecmult_table_precomp_gej_var(secp256k1_gej_t *pre, const secp256k1_gej_t *a, int w) {
|
static void secp256k1_ecmult_table_precomp_gej_var(secp256k1_gej_t *pre, const secp256k1_gej_t *a, int w) {
|
||||||
pre[0] = *a;
|
pre[0] = *a;
|
||||||
secp256k1_gej_t d; secp256k1_gej_double_var(&d, &pre[0]);
|
secp256k1_gej_t d; secp256k1_gej_double_var(&d, &pre[0]);
|
||||||
for (int i=1; i<(1 << (w-2)); i++)
|
for (int i=1; i<(1 << (w-2)); i++)
|
||||||
secp256k1_gej_add_var(&pre[i], &d, &pre[i-1]);
|
secp256k1_gej_add_var(&pre[i], &d, &pre[i-1]);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_ecmult_table_precomp_ge_var(secp256k1_ge_t *pre, const secp256k1_gej_t *a, int w) {
|
static void secp256k1_ecmult_table_precomp_ge_var(secp256k1_ge_t *pre, const secp256k1_gej_t *a, int w) {
|
||||||
const int table_size = 1 << (w-2);
|
const int table_size = 1 << (w-2);
|
||||||
secp256k1_gej_t prej[table_size];
|
secp256k1_gej_t prej[table_size];
|
||||||
prej[0] = *a;
|
prej[0] = *a;
|
||||||
|
@ -143,7 +143,7 @@ static int secp256k1_ecmult_wnaf(int *wnaf, const secp256k1_num_t *a, int w) {
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_ecmult(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_num_t *na, const secp256k1_num_t *ng) {
|
static void secp256k1_ecmult(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_num_t *na, const secp256k1_num_t *ng) {
|
||||||
const secp256k1_ecmult_consts_t *c = secp256k1_ecmult_consts;
|
const secp256k1_ecmult_consts_t *c = secp256k1_ecmult_consts;
|
||||||
|
|
||||||
#ifdef USE_ENDOMORPHISM
|
#ifdef USE_ENDOMORPHISM
|
||||||
|
|
42
src/field.h
42
src/field.h
|
@ -37,76 +37,76 @@ typedef struct {
|
||||||
static const secp256k1_fe_consts_t *secp256k1_fe_consts = NULL;
|
static const secp256k1_fe_consts_t *secp256k1_fe_consts = NULL;
|
||||||
|
|
||||||
/** Initialize field element precomputation data. */
|
/** Initialize field element precomputation data. */
|
||||||
void static secp256k1_fe_start(void);
|
static void secp256k1_fe_start(void);
|
||||||
|
|
||||||
/** Unload field element precomputation data. */
|
/** Unload field element precomputation data. */
|
||||||
void static secp256k1_fe_stop(void);
|
static void secp256k1_fe_stop(void);
|
||||||
|
|
||||||
/** Normalize a field element. */
|
/** Normalize a field element. */
|
||||||
void static secp256k1_fe_normalize(secp256k1_fe_t *r);
|
static void secp256k1_fe_normalize(secp256k1_fe_t *r);
|
||||||
|
|
||||||
/** Set a field element equal to a small integer. Resulting field element is normalized. */
|
/** Set a field element equal to a small integer. Resulting field element is normalized. */
|
||||||
void static secp256k1_fe_set_int(secp256k1_fe_t *r, int a);
|
static void secp256k1_fe_set_int(secp256k1_fe_t *r, int a);
|
||||||
|
|
||||||
/** Verify whether a field element is zero. Requires the input to be normalized. */
|
/** Verify whether a field element is zero. Requires the input to be normalized. */
|
||||||
int static secp256k1_fe_is_zero(const secp256k1_fe_t *a);
|
static int secp256k1_fe_is_zero(const secp256k1_fe_t *a);
|
||||||
|
|
||||||
/** Check the "oddness" of a field element. Requires the input to be normalized. */
|
/** Check the "oddness" of a field element. Requires the input to be normalized. */
|
||||||
int static secp256k1_fe_is_odd(const secp256k1_fe_t *a);
|
static int secp256k1_fe_is_odd(const secp256k1_fe_t *a);
|
||||||
|
|
||||||
/** Compare two field elements. Requires both inputs to be normalized */
|
/** Compare two field elements. Requires both inputs to be normalized */
|
||||||
int static secp256k1_fe_equal(const secp256k1_fe_t *a, const secp256k1_fe_t *b);
|
static int secp256k1_fe_equal(const secp256k1_fe_t *a, const secp256k1_fe_t *b);
|
||||||
|
|
||||||
/** Set a field element equal to 32-byte big endian value. Resulting field element is normalized. */
|
/** Set a field element equal to 32-byte big endian value. Resulting field element is normalized. */
|
||||||
void static secp256k1_fe_set_b32(secp256k1_fe_t *r, const unsigned char *a);
|
static void secp256k1_fe_set_b32(secp256k1_fe_t *r, const unsigned char *a);
|
||||||
|
|
||||||
/** Convert a field element to a 32-byte big endian value. Requires the input to be normalized */
|
/** Convert a field element to a 32-byte big endian value. Requires the input to be normalized */
|
||||||
void static secp256k1_fe_get_b32(unsigned char *r, const secp256k1_fe_t *a);
|
static void secp256k1_fe_get_b32(unsigned char *r, const secp256k1_fe_t *a);
|
||||||
|
|
||||||
/** Set a field element equal to the additive inverse of another. Takes a maximum magnitude of the input
|
/** Set a field element equal to the additive inverse of another. Takes a maximum magnitude of the input
|
||||||
* as an argument. The magnitude of the output is one higher. */
|
* as an argument. The magnitude of the output is one higher. */
|
||||||
void static secp256k1_fe_negate(secp256k1_fe_t *r, const secp256k1_fe_t *a, int m);
|
static void secp256k1_fe_negate(secp256k1_fe_t *r, const secp256k1_fe_t *a, int m);
|
||||||
|
|
||||||
/** Multiplies the passed field element with a small integer constant. Multiplies the magnitude by that
|
/** Multiplies the passed field element with a small integer constant. Multiplies the magnitude by that
|
||||||
* small integer. */
|
* small integer. */
|
||||||
void static secp256k1_fe_mul_int(secp256k1_fe_t *r, int a);
|
static void secp256k1_fe_mul_int(secp256k1_fe_t *r, int a);
|
||||||
|
|
||||||
/** Adds a field element to another. The result has the sum of the inputs' magnitudes as magnitude. */
|
/** Adds a field element to another. The result has the sum of the inputs' magnitudes as magnitude. */
|
||||||
void static secp256k1_fe_add(secp256k1_fe_t *r, const secp256k1_fe_t *a);
|
static void secp256k1_fe_add(secp256k1_fe_t *r, const secp256k1_fe_t *a);
|
||||||
|
|
||||||
/** Sets a field element to be the product of two others. Requires the inputs' magnitudes to be at most 8.
|
/** Sets a field element to be the product of two others. Requires the inputs' magnitudes to be at most 8.
|
||||||
* The output magnitude is 1 (but not guaranteed to be normalized). */
|
* The output magnitude is 1 (but not guaranteed to be normalized). */
|
||||||
void static secp256k1_fe_mul(secp256k1_fe_t *r, const secp256k1_fe_t *a, const secp256k1_fe_t *b);
|
static void secp256k1_fe_mul(secp256k1_fe_t *r, const secp256k1_fe_t *a, const secp256k1_fe_t *b);
|
||||||
|
|
||||||
/** Sets a field element to be the square of another. Requires the input's magnitude to be at most 8.
|
/** Sets a field element to be the square of another. Requires the input's magnitude to be at most 8.
|
||||||
* The output magnitude is 1 (but not guaranteed to be normalized). */
|
* The output magnitude is 1 (but not guaranteed to be normalized). */
|
||||||
void static secp256k1_fe_sqr(secp256k1_fe_t *r, const secp256k1_fe_t *a);
|
static void secp256k1_fe_sqr(secp256k1_fe_t *r, const secp256k1_fe_t *a);
|
||||||
|
|
||||||
/** Sets a field element to be the (modular) square root (if any exist) of another. Requires the
|
/** Sets a field element to be the (modular) square root (if any exist) of another. Requires the
|
||||||
* input's magnitude to be at most 8. The output magnitude is 1 (but not guaranteed to be
|
* input's magnitude to be at most 8. The output magnitude is 1 (but not guaranteed to be
|
||||||
* normalized). Return value indicates whether a square root was found. */
|
* normalized). Return value indicates whether a square root was found. */
|
||||||
int static secp256k1_fe_sqrt(secp256k1_fe_t *r, const secp256k1_fe_t *a);
|
static int secp256k1_fe_sqrt(secp256k1_fe_t *r, const secp256k1_fe_t *a);
|
||||||
|
|
||||||
/** Sets a field element to be the (modular) inverse of another. Requires the input's magnitude to be
|
/** Sets a field element to be the (modular) inverse of another. Requires the input's magnitude to be
|
||||||
* at most 8. The output magnitude is 1 (but not guaranteed to be normalized). */
|
* at most 8. The output magnitude is 1 (but not guaranteed to be normalized). */
|
||||||
void static secp256k1_fe_inv(secp256k1_fe_t *r, const secp256k1_fe_t *a);
|
static void secp256k1_fe_inv(secp256k1_fe_t *r, const secp256k1_fe_t *a);
|
||||||
|
|
||||||
/** Potentially faster version of secp256k1_fe_inv, without constant-time guarantee. */
|
/** Potentially faster version of secp256k1_fe_inv, without constant-time guarantee. */
|
||||||
void static secp256k1_fe_inv_var(secp256k1_fe_t *r, const secp256k1_fe_t *a);
|
static void secp256k1_fe_inv_var(secp256k1_fe_t *r, const secp256k1_fe_t *a);
|
||||||
|
|
||||||
/** Calculate the (modular) inverses of a batch of field elements. Requires the inputs' magnitudes to be
|
/** Calculate the (modular) inverses of a batch of field elements. Requires the inputs' magnitudes to be
|
||||||
* at most 8. The output magnitudes are 1 (but not guaranteed to be normalized). The inputs and
|
* at most 8. The output magnitudes are 1 (but not guaranteed to be normalized). The inputs and
|
||||||
* outputs must not overlap in memory. */
|
* outputs must not overlap in memory. */
|
||||||
void static secp256k1_fe_inv_all(size_t len, secp256k1_fe_t r[len], const secp256k1_fe_t a[len]);
|
static void secp256k1_fe_inv_all(size_t len, secp256k1_fe_t r[len], const secp256k1_fe_t a[len]);
|
||||||
|
|
||||||
/** Potentially faster version of secp256k1_fe_inv_all, without constant-time guarantee. */
|
/** Potentially faster version of secp256k1_fe_inv_all, without constant-time guarantee. */
|
||||||
void static secp256k1_fe_inv_all_var(size_t len, secp256k1_fe_t r[len], const secp256k1_fe_t a[len]);
|
static void secp256k1_fe_inv_all_var(size_t len, secp256k1_fe_t r[len], const secp256k1_fe_t a[len]);
|
||||||
|
|
||||||
|
|
||||||
/** Convert a field element to a hexadecimal string. */
|
/** Convert a field element to a hexadecimal string. */
|
||||||
void static secp256k1_fe_get_hex(char *r, int *rlen, const secp256k1_fe_t *a);
|
static void secp256k1_fe_get_hex(char *r, int *rlen, const secp256k1_fe_t *a);
|
||||||
|
|
||||||
/** Convert a hexadecimal string to a field element. */
|
/** Convert a hexadecimal string to a field element. */
|
||||||
void static secp256k1_fe_set_hex(secp256k1_fe_t *r, const char *a, int alen);
|
static void secp256k1_fe_set_hex(secp256k1_fe_t *r, const char *a, int alen);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -11,11 +11,11 @@
|
||||||
#include "num.h"
|
#include "num.h"
|
||||||
#include "field.h"
|
#include "field.h"
|
||||||
|
|
||||||
void static secp256k1_fe_inner_start(void) {}
|
static void secp256k1_fe_inner_start(void) {}
|
||||||
void static secp256k1_fe_inner_stop(void) {}
|
static void secp256k1_fe_inner_stop(void) {}
|
||||||
|
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
void static secp256k1_fe_verify(const secp256k1_fe_t *a) {
|
static void secp256k1_fe_verify(const secp256k1_fe_t *a) {
|
||||||
const uint32_t *d = a->n;
|
const uint32_t *d = a->n;
|
||||||
int m = a->normalized ? 1 : 2 * a->magnitude, r = 1;
|
int m = a->normalized ? 1 : 2 * a->magnitude, r = 1;
|
||||||
r &= (d[0] <= 0x3FFFFFFUL * m);
|
r &= (d[0] <= 0x3FFFFFFUL * m);
|
||||||
|
@ -41,10 +41,12 @@ void static secp256k1_fe_verify(const secp256k1_fe_t *a) {
|
||||||
VERIFY_CHECK(r == 1);
|
VERIFY_CHECK(r == 1);
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
void static secp256k1_fe_verify(const secp256k1_fe_t *a) {}
|
static void secp256k1_fe_verify(const secp256k1_fe_t *a) {
|
||||||
|
(void)a;
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
void static secp256k1_fe_normalize(secp256k1_fe_t *r) {
|
static void secp256k1_fe_normalize(secp256k1_fe_t *r) {
|
||||||
uint32_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4],
|
uint32_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4],
|
||||||
t5 = r->n[5], t6 = r->n[6], t7 = r->n[7], t8 = r->n[8], t9 = r->n[9];
|
t5 = r->n[5], t6 = r->n[6], t7 = r->n[7], t8 = r->n[8], t9 = r->n[9];
|
||||||
|
|
||||||
|
@ -99,7 +101,7 @@ void static secp256k1_fe_normalize(secp256k1_fe_t *r) {
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
void static inline secp256k1_fe_set_int(secp256k1_fe_t *r, int a) {
|
SECP256K1_INLINE static void secp256k1_fe_set_int(secp256k1_fe_t *r, int a) {
|
||||||
r->n[0] = a;
|
r->n[0] = a;
|
||||||
r->n[1] = r->n[2] = r->n[3] = r->n[4] = r->n[5] = r->n[6] = r->n[7] = r->n[8] = r->n[9] = 0;
|
r->n[1] = r->n[2] = r->n[3] = r->n[4] = r->n[5] = r->n[6] = r->n[7] = r->n[8] = r->n[9] = 0;
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
|
@ -109,7 +111,7 @@ void static inline secp256k1_fe_set_int(secp256k1_fe_t *r, int a) {
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
int static inline secp256k1_fe_is_zero(const secp256k1_fe_t *a) {
|
SECP256K1_INLINE static int secp256k1_fe_is_zero(const secp256k1_fe_t *a) {
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
VERIFY_CHECK(a->normalized);
|
VERIFY_CHECK(a->normalized);
|
||||||
secp256k1_fe_verify(a);
|
secp256k1_fe_verify(a);
|
||||||
|
@ -118,7 +120,7 @@ int static inline secp256k1_fe_is_zero(const secp256k1_fe_t *a) {
|
||||||
return (t[0] | t[1] | t[2] | t[3] | t[4] | t[5] | t[6] | t[7] | t[8] | t[9]) == 0;
|
return (t[0] | t[1] | t[2] | t[3] | t[4] | t[5] | t[6] | t[7] | t[8] | t[9]) == 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static inline secp256k1_fe_is_odd(const secp256k1_fe_t *a) {
|
SECP256K1_INLINE static int secp256k1_fe_is_odd(const secp256k1_fe_t *a) {
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
VERIFY_CHECK(a->normalized);
|
VERIFY_CHECK(a->normalized);
|
||||||
secp256k1_fe_verify(a);
|
secp256k1_fe_verify(a);
|
||||||
|
@ -126,7 +128,7 @@ int static inline secp256k1_fe_is_odd(const secp256k1_fe_t *a) {
|
||||||
return a->n[0] & 1;
|
return a->n[0] & 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static inline secp256k1_fe_clear(secp256k1_fe_t *a) {
|
SECP256K1_INLINE static void secp256k1_fe_clear(secp256k1_fe_t *a) {
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
a->magnitude = 0;
|
a->magnitude = 0;
|
||||||
a->normalized = 1;
|
a->normalized = 1;
|
||||||
|
@ -136,7 +138,7 @@ void static inline secp256k1_fe_clear(secp256k1_fe_t *a) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
int static inline secp256k1_fe_equal(const secp256k1_fe_t *a, const secp256k1_fe_t *b) {
|
SECP256K1_INLINE static int secp256k1_fe_equal(const secp256k1_fe_t *a, const secp256k1_fe_t *b) {
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
VERIFY_CHECK(a->normalized);
|
VERIFY_CHECK(a->normalized);
|
||||||
VERIFY_CHECK(b->normalized);
|
VERIFY_CHECK(b->normalized);
|
||||||
|
@ -148,7 +150,7 @@ int static inline secp256k1_fe_equal(const secp256k1_fe_t *a, const secp256k1_fe
|
||||||
| (t[5]^u[5]) | (t[6]^u[6]) | (t[7]^u[7]) | (t[8]^u[8]) | (t[9]^u[9])) == 0;
|
| (t[5]^u[5]) | (t[6]^u[6]) | (t[7]^u[7]) | (t[8]^u[8]) | (t[9]^u[9])) == 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_fe_set_b32(secp256k1_fe_t *r, const unsigned char *a) {
|
static void secp256k1_fe_set_b32(secp256k1_fe_t *r, const unsigned char *a) {
|
||||||
r->n[0] = r->n[1] = r->n[2] = r->n[3] = r->n[4] = 0;
|
r->n[0] = r->n[1] = r->n[2] = r->n[3] = r->n[4] = 0;
|
||||||
r->n[5] = r->n[6] = r->n[7] = r->n[8] = r->n[9] = 0;
|
r->n[5] = r->n[6] = r->n[7] = r->n[8] = r->n[9] = 0;
|
||||||
for (int i=0; i<32; i++) {
|
for (int i=0; i<32; i++) {
|
||||||
|
@ -166,7 +168,7 @@ void static secp256k1_fe_set_b32(secp256k1_fe_t *r, const unsigned char *a) {
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Convert a field element to a 32-byte big endian value. Requires the input to be normalized */
|
/** Convert a field element to a 32-byte big endian value. Requires the input to be normalized */
|
||||||
void static secp256k1_fe_get_b32(unsigned char *r, const secp256k1_fe_t *a) {
|
static void secp256k1_fe_get_b32(unsigned char *r, const secp256k1_fe_t *a) {
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
VERIFY_CHECK(a->normalized);
|
VERIFY_CHECK(a->normalized);
|
||||||
secp256k1_fe_verify(a);
|
secp256k1_fe_verify(a);
|
||||||
|
@ -182,7 +184,7 @@ void static secp256k1_fe_get_b32(unsigned char *r, const secp256k1_fe_t *a) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void static inline secp256k1_fe_negate(secp256k1_fe_t *r, const secp256k1_fe_t *a, int m) {
|
SECP256K1_INLINE static void secp256k1_fe_negate(secp256k1_fe_t *r, const secp256k1_fe_t *a, int m) {
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
VERIFY_CHECK(a->magnitude <= m);
|
VERIFY_CHECK(a->magnitude <= m);
|
||||||
secp256k1_fe_verify(a);
|
secp256k1_fe_verify(a);
|
||||||
|
@ -204,7 +206,7 @@ void static inline secp256k1_fe_negate(secp256k1_fe_t *r, const secp256k1_fe_t *
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
void static inline secp256k1_fe_mul_int(secp256k1_fe_t *r, int a) {
|
SECP256K1_INLINE static void secp256k1_fe_mul_int(secp256k1_fe_t *r, int a) {
|
||||||
r->n[0] *= a;
|
r->n[0] *= a;
|
||||||
r->n[1] *= a;
|
r->n[1] *= a;
|
||||||
r->n[2] *= a;
|
r->n[2] *= a;
|
||||||
|
@ -222,7 +224,7 @@ void static inline secp256k1_fe_mul_int(secp256k1_fe_t *r, int a) {
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
void static inline secp256k1_fe_add(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
SECP256K1_INLINE static void secp256k1_fe_add(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
secp256k1_fe_verify(a);
|
secp256k1_fe_verify(a);
|
||||||
#endif
|
#endif
|
||||||
|
@ -243,7 +245,7 @@ void static inline secp256k1_fe_add(secp256k1_fe_t *r, const secp256k1_fe_t *a)
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
void static inline secp256k1_fe_mul_inner(const uint32_t *a, const uint32_t *b, uint32_t *r) {
|
SECP256K1_INLINE static void secp256k1_fe_mul_inner(const uint32_t *a, const uint32_t *b, uint32_t *r) {
|
||||||
uint64_t c = (uint64_t)a[0] * b[0];
|
uint64_t c = (uint64_t)a[0] * b[0];
|
||||||
uint32_t t0 = c & 0x3FFFFFFUL; c = c >> 26;
|
uint32_t t0 = c & 0x3FFFFFFUL; c = c >> 26;
|
||||||
c = c + (uint64_t)a[0] * b[1] +
|
c = c + (uint64_t)a[0] * b[1] +
|
||||||
|
@ -392,7 +394,7 @@ void static inline secp256k1_fe_mul_inner(const uint32_t *a, const uint32_t *b,
|
||||||
r[2] = t2 + d;
|
r[2] = t2 + d;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static inline secp256k1_fe_sqr_inner(const uint32_t *a, uint32_t *r) {
|
SECP256K1_INLINE static void secp256k1_fe_sqr_inner(const uint32_t *a, uint32_t *r) {
|
||||||
uint64_t c = (uint64_t)a[0] * a[0];
|
uint64_t c = (uint64_t)a[0] * a[0];
|
||||||
uint32_t t0 = c & 0x3FFFFFFUL; c = c >> 26;
|
uint32_t t0 = c & 0x3FFFFFFUL; c = c >> 26;
|
||||||
c = c + (uint64_t)(a[0]*2) * a[1];
|
c = c + (uint64_t)(a[0]*2) * a[1];
|
||||||
|
@ -497,7 +499,7 @@ void static inline secp256k1_fe_sqr_inner(const uint32_t *a, uint32_t *r) {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void static secp256k1_fe_mul(secp256k1_fe_t *r, const secp256k1_fe_t *a, const secp256k1_fe_t *b) {
|
static void secp256k1_fe_mul(secp256k1_fe_t *r, const secp256k1_fe_t *a, const secp256k1_fe_t *b) {
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
VERIFY_CHECK(a->magnitude <= 8);
|
VERIFY_CHECK(a->magnitude <= 8);
|
||||||
VERIFY_CHECK(b->magnitude <= 8);
|
VERIFY_CHECK(b->magnitude <= 8);
|
||||||
|
@ -512,7 +514,7 @@ void static secp256k1_fe_mul(secp256k1_fe_t *r, const secp256k1_fe_t *a, const s
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_fe_sqr(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
static void secp256k1_fe_sqr(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
VERIFY_CHECK(a->magnitude <= 8);
|
VERIFY_CHECK(a->magnitude <= 8);
|
||||||
secp256k1_fe_verify(a);
|
secp256k1_fe_verify(a);
|
||||||
|
|
|
@ -30,11 +30,11 @@
|
||||||
* output.
|
* output.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
void static secp256k1_fe_inner_start(void) {}
|
static void secp256k1_fe_inner_start(void) {}
|
||||||
void static secp256k1_fe_inner_stop(void) {}
|
static void secp256k1_fe_inner_stop(void) {}
|
||||||
|
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
void static secp256k1_fe_verify(const secp256k1_fe_t *a) {
|
static void secp256k1_fe_verify(const secp256k1_fe_t *a) {
|
||||||
const uint64_t *d = a->n;
|
const uint64_t *d = a->n;
|
||||||
int m = a->normalized ? 1 : 2 * a->magnitude, r = 1;
|
int m = a->normalized ? 1 : 2 * a->magnitude, r = 1;
|
||||||
r &= (d[0] <= 0xFFFFFFFFFFFFFULL * m);
|
r &= (d[0] <= 0xFFFFFFFFFFFFFULL * m);
|
||||||
|
@ -52,10 +52,12 @@ void static secp256k1_fe_verify(const secp256k1_fe_t *a) {
|
||||||
VERIFY_CHECK(r == 1);
|
VERIFY_CHECK(r == 1);
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
void static secp256k1_fe_verify(const secp256k1_fe_t *a) {}
|
static void secp256k1_fe_verify(const secp256k1_fe_t *a) {
|
||||||
|
(void)a;
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
void static secp256k1_fe_normalize(secp256k1_fe_t *r) {
|
static void secp256k1_fe_normalize(secp256k1_fe_t *r) {
|
||||||
uint64_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4];
|
uint64_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4];
|
||||||
|
|
||||||
// Reduce t4 at the start so there will be at most a single carry from the first pass
|
// Reduce t4 at the start so there will be at most a single carry from the first pass
|
||||||
|
@ -98,7 +100,7 @@ void static secp256k1_fe_normalize(secp256k1_fe_t *r) {
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
void static inline secp256k1_fe_set_int(secp256k1_fe_t *r, int a) {
|
SECP256K1_INLINE static void secp256k1_fe_set_int(secp256k1_fe_t *r, int a) {
|
||||||
r->n[0] = a;
|
r->n[0] = a;
|
||||||
r->n[1] = r->n[2] = r->n[3] = r->n[4] = 0;
|
r->n[1] = r->n[2] = r->n[3] = r->n[4] = 0;
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
|
@ -108,7 +110,7 @@ void static inline secp256k1_fe_set_int(secp256k1_fe_t *r, int a) {
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
int static inline secp256k1_fe_is_zero(const secp256k1_fe_t *a) {
|
SECP256K1_INLINE static int secp256k1_fe_is_zero(const secp256k1_fe_t *a) {
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
VERIFY_CHECK(a->normalized);
|
VERIFY_CHECK(a->normalized);
|
||||||
secp256k1_fe_verify(a);
|
secp256k1_fe_verify(a);
|
||||||
|
@ -117,7 +119,7 @@ int static inline secp256k1_fe_is_zero(const secp256k1_fe_t *a) {
|
||||||
return (t[0] | t[1] | t[2] | t[3] | t[4]) == 0;
|
return (t[0] | t[1] | t[2] | t[3] | t[4]) == 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static inline secp256k1_fe_is_odd(const secp256k1_fe_t *a) {
|
SECP256K1_INLINE static int secp256k1_fe_is_odd(const secp256k1_fe_t *a) {
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
VERIFY_CHECK(a->normalized);
|
VERIFY_CHECK(a->normalized);
|
||||||
secp256k1_fe_verify(a);
|
secp256k1_fe_verify(a);
|
||||||
|
@ -125,7 +127,7 @@ int static inline secp256k1_fe_is_odd(const secp256k1_fe_t *a) {
|
||||||
return a->n[0] & 1;
|
return a->n[0] & 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static inline secp256k1_fe_clear(secp256k1_fe_t *a) {
|
SECP256K1_INLINE static void secp256k1_fe_clear(secp256k1_fe_t *a) {
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
a->magnitude = 0;
|
a->magnitude = 0;
|
||||||
a->normalized = 1;
|
a->normalized = 1;
|
||||||
|
@ -135,7 +137,7 @@ void static inline secp256k1_fe_clear(secp256k1_fe_t *a) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
int static inline secp256k1_fe_equal(const secp256k1_fe_t *a, const secp256k1_fe_t *b) {
|
SECP256K1_INLINE static int secp256k1_fe_equal(const secp256k1_fe_t *a, const secp256k1_fe_t *b) {
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
VERIFY_CHECK(a->normalized);
|
VERIFY_CHECK(a->normalized);
|
||||||
VERIFY_CHECK(b->normalized);
|
VERIFY_CHECK(b->normalized);
|
||||||
|
@ -146,7 +148,7 @@ int static inline secp256k1_fe_equal(const secp256k1_fe_t *a, const secp256k1_fe
|
||||||
return ((t[0]^u[0]) | (t[1]^u[1]) | (t[2]^u[2]) | (t[3]^u[3]) | (t[4]^u[4])) == 0;
|
return ((t[0]^u[0]) | (t[1]^u[1]) | (t[2]^u[2]) | (t[3]^u[3]) | (t[4]^u[4])) == 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_fe_set_b32(secp256k1_fe_t *r, const unsigned char *a) {
|
static void secp256k1_fe_set_b32(secp256k1_fe_t *r, const unsigned char *a) {
|
||||||
r->n[0] = r->n[1] = r->n[2] = r->n[3] = r->n[4] = 0;
|
r->n[0] = r->n[1] = r->n[2] = r->n[3] = r->n[4] = 0;
|
||||||
for (int i=0; i<32; i++) {
|
for (int i=0; i<32; i++) {
|
||||||
for (int j=0; j<2; j++) {
|
for (int j=0; j<2; j++) {
|
||||||
|
@ -163,7 +165,7 @@ void static secp256k1_fe_set_b32(secp256k1_fe_t *r, const unsigned char *a) {
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Convert a field element to a 32-byte big endian value. Requires the input to be normalized */
|
/** Convert a field element to a 32-byte big endian value. Requires the input to be normalized */
|
||||||
void static secp256k1_fe_get_b32(unsigned char *r, const secp256k1_fe_t *a) {
|
static void secp256k1_fe_get_b32(unsigned char *r, const secp256k1_fe_t *a) {
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
VERIFY_CHECK(a->normalized);
|
VERIFY_CHECK(a->normalized);
|
||||||
secp256k1_fe_verify(a);
|
secp256k1_fe_verify(a);
|
||||||
|
@ -179,7 +181,7 @@ void static secp256k1_fe_get_b32(unsigned char *r, const secp256k1_fe_t *a) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void static inline secp256k1_fe_negate(secp256k1_fe_t *r, const secp256k1_fe_t *a, int m) {
|
SECP256K1_INLINE static void secp256k1_fe_negate(secp256k1_fe_t *r, const secp256k1_fe_t *a, int m) {
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
VERIFY_CHECK(a->magnitude <= m);
|
VERIFY_CHECK(a->magnitude <= m);
|
||||||
secp256k1_fe_verify(a);
|
secp256k1_fe_verify(a);
|
||||||
|
@ -196,7 +198,7 @@ void static inline secp256k1_fe_negate(secp256k1_fe_t *r, const secp256k1_fe_t *
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
void static inline secp256k1_fe_mul_int(secp256k1_fe_t *r, int a) {
|
SECP256K1_INLINE static void secp256k1_fe_mul_int(secp256k1_fe_t *r, int a) {
|
||||||
r->n[0] *= a;
|
r->n[0] *= a;
|
||||||
r->n[1] *= a;
|
r->n[1] *= a;
|
||||||
r->n[2] *= a;
|
r->n[2] *= a;
|
||||||
|
@ -209,7 +211,7 @@ void static inline secp256k1_fe_mul_int(secp256k1_fe_t *r, int a) {
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
void static inline secp256k1_fe_add(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
SECP256K1_INLINE static void secp256k1_fe_add(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
secp256k1_fe_verify(a);
|
secp256k1_fe_verify(a);
|
||||||
#endif
|
#endif
|
||||||
|
@ -225,7 +227,7 @@ void static inline secp256k1_fe_add(secp256k1_fe_t *r, const secp256k1_fe_t *a)
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_fe_mul(secp256k1_fe_t *r, const secp256k1_fe_t *a, const secp256k1_fe_t *b) {
|
static void secp256k1_fe_mul(secp256k1_fe_t *r, const secp256k1_fe_t *a, const secp256k1_fe_t *b) {
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
VERIFY_CHECK(a->magnitude <= 8);
|
VERIFY_CHECK(a->magnitude <= 8);
|
||||||
VERIFY_CHECK(b->magnitude <= 8);
|
VERIFY_CHECK(b->magnitude <= 8);
|
||||||
|
@ -240,7 +242,7 @@ void static secp256k1_fe_mul(secp256k1_fe_t *r, const secp256k1_fe_t *a, const s
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_fe_sqr(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
static void secp256k1_fe_sqr(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
VERIFY_CHECK(a->magnitude <= 8);
|
VERIFY_CHECK(a->magnitude <= 8);
|
||||||
secp256k1_fe_verify(a);
|
secp256k1_fe_verify(a);
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
|
|
||||||
#include <stdint.h>
|
#include <stdint.h>
|
||||||
|
|
||||||
void static inline secp256k1_fe_mul_inner(const uint64_t *a, const uint64_t *b, uint64_t *r) {
|
SECP256K1_INLINE static void secp256k1_fe_mul_inner(const uint64_t *a, const uint64_t *b, uint64_t *r) {
|
||||||
__int128 c = (__int128)a[0] * b[0];
|
__int128 c = (__int128)a[0] * b[0];
|
||||||
uint64_t t0 = c & 0xFFFFFFFFFFFFFULL; c = c >> 52; // c max 0FFFFFFFFFFFFFE0
|
uint64_t t0 = c & 0xFFFFFFFFFFFFFULL; c = c >> 52; // c max 0FFFFFFFFFFFFFE0
|
||||||
c = c + (__int128)a[0] * b[1] +
|
c = c + (__int128)a[0] * b[1] +
|
||||||
|
@ -60,7 +60,7 @@ void static inline secp256k1_fe_mul_inner(const uint64_t *a, const uint64_t *b,
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void static inline secp256k1_fe_sqr_inner(const uint64_t *a, uint64_t *r) {
|
SECP256K1_INLINE static void secp256k1_fe_sqr_inner(const uint64_t *a, uint64_t *r) {
|
||||||
__int128 c = (__int128)a[0] * a[0];
|
__int128 c = (__int128)a[0] * a[0];
|
||||||
uint64_t t0 = c & 0xFFFFFFFFFFFFFULL; c = c >> 52; // c max 0FFFFFFFFFFFFFE0
|
uint64_t t0 = c & 0xFFFFFFFFFFFFFULL; c = c >> 52; // c max 0FFFFFFFFFFFFFE0
|
||||||
c = c + (__int128)(a[0]*2) * a[1];
|
c = c + (__int128)(a[0]*2) * a[1];
|
||||||
|
|
|
@ -13,7 +13,7 @@
|
||||||
static mp_limb_t secp256k1_field_p[FIELD_LIMBS];
|
static mp_limb_t secp256k1_field_p[FIELD_LIMBS];
|
||||||
static mp_limb_t secp256k1_field_pc[(33+GMP_NUMB_BITS-1)/GMP_NUMB_BITS];
|
static mp_limb_t secp256k1_field_pc[(33+GMP_NUMB_BITS-1)/GMP_NUMB_BITS];
|
||||||
|
|
||||||
void static secp256k1_fe_inner_start(void) {
|
static void secp256k1_fe_inner_start(void) {
|
||||||
for (int i=0; i<(33+GMP_NUMB_BITS-1)/GMP_NUMB_BITS; i++)
|
for (int i=0; i<(33+GMP_NUMB_BITS-1)/GMP_NUMB_BITS; i++)
|
||||||
secp256k1_field_pc[i] = 0;
|
secp256k1_field_pc[i] = 0;
|
||||||
secp256k1_field_pc[0] += 0x3D1UL;
|
secp256k1_field_pc[0] += 0x3D1UL;
|
||||||
|
@ -24,10 +24,10 @@ void static secp256k1_fe_inner_start(void) {
|
||||||
mpn_sub(secp256k1_field_p, secp256k1_field_p, FIELD_LIMBS, secp256k1_field_pc, (33+GMP_NUMB_BITS-1)/GMP_NUMB_BITS);
|
mpn_sub(secp256k1_field_p, secp256k1_field_p, FIELD_LIMBS, secp256k1_field_pc, (33+GMP_NUMB_BITS-1)/GMP_NUMB_BITS);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_fe_inner_stop(void) {
|
static void secp256k1_fe_inner_stop(void) {
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_fe_normalize(secp256k1_fe_t *r) {
|
static void secp256k1_fe_normalize(secp256k1_fe_t *r) {
|
||||||
if (r->n[FIELD_LIMBS] != 0) {
|
if (r->n[FIELD_LIMBS] != 0) {
|
||||||
#if (GMP_NUMB_BITS >= 40)
|
#if (GMP_NUMB_BITS >= 40)
|
||||||
mp_limb_t carry = mpn_add_1(r->n, r->n, FIELD_LIMBS, 0x1000003D1ULL * r->n[FIELD_LIMBS]);
|
mp_limb_t carry = mpn_add_1(r->n, r->n, FIELD_LIMBS, 0x1000003D1ULL * r->n[FIELD_LIMBS]);
|
||||||
|
@ -44,36 +44,36 @@ void static secp256k1_fe_normalize(secp256k1_fe_t *r) {
|
||||||
mpn_sub(r->n, r->n, FIELD_LIMBS, secp256k1_field_p, FIELD_LIMBS);
|
mpn_sub(r->n, r->n, FIELD_LIMBS, secp256k1_field_p, FIELD_LIMBS);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static inline secp256k1_fe_set_int(secp256k1_fe_t *r, int a) {
|
SECP256K1_INLINE static void secp256k1_fe_set_int(secp256k1_fe_t *r, int a) {
|
||||||
r->n[0] = a;
|
r->n[0] = a;
|
||||||
for (int i=1; i<FIELD_LIMBS+1; i++)
|
for (int i=1; i<FIELD_LIMBS+1; i++)
|
||||||
r->n[i] = 0;
|
r->n[i] = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static inline secp256k1_fe_clear(secp256k1_fe_t *r) {
|
SECP256K1_INLINE static void secp256k1_fe_clear(secp256k1_fe_t *r) {
|
||||||
for (int i=0; i<FIELD_LIMBS+1; i++)
|
for (int i=0; i<FIELD_LIMBS+1; i++)
|
||||||
r->n[i] = 0;
|
r->n[i] = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static inline secp256k1_fe_is_zero(const secp256k1_fe_t *a) {
|
SECP256K1_INLINE static int secp256k1_fe_is_zero(const secp256k1_fe_t *a) {
|
||||||
int ret = 1;
|
int ret = 1;
|
||||||
for (int i=0; i<FIELD_LIMBS+1; i++)
|
for (int i=0; i<FIELD_LIMBS+1; i++)
|
||||||
ret &= (a->n[i] == 0);
|
ret &= (a->n[i] == 0);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static inline secp256k1_fe_is_odd(const secp256k1_fe_t *a) {
|
SECP256K1_INLINE static int secp256k1_fe_is_odd(const secp256k1_fe_t *a) {
|
||||||
return a->n[0] & 1;
|
return a->n[0] & 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static inline secp256k1_fe_equal(const secp256k1_fe_t *a, const secp256k1_fe_t *b) {
|
SECP256K1_INLINE static int secp256k1_fe_equal(const secp256k1_fe_t *a, const secp256k1_fe_t *b) {
|
||||||
int ret = 1;
|
int ret = 1;
|
||||||
for (int i=0; i<FIELD_LIMBS+1; i++)
|
for (int i=0; i<FIELD_LIMBS+1; i++)
|
||||||
ret &= (a->n[i] == b->n[i]);
|
ret &= (a->n[i] == b->n[i]);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_fe_set_b32(secp256k1_fe_t *r, const unsigned char *a) {
|
static void secp256k1_fe_set_b32(secp256k1_fe_t *r, const unsigned char *a) {
|
||||||
for (int i=0; i<FIELD_LIMBS+1; i++)
|
for (int i=0; i<FIELD_LIMBS+1; i++)
|
||||||
r->n[i] = 0;
|
r->n[i] = 0;
|
||||||
for (int i=0; i<256; i++) {
|
for (int i=0; i<256; i++) {
|
||||||
|
@ -84,7 +84,7 @@ void static secp256k1_fe_set_b32(secp256k1_fe_t *r, const unsigned char *a) {
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Convert a field element to a 32-byte big endian value. Requires the input to be normalized */
|
/** Convert a field element to a 32-byte big endian value. Requires the input to be normalized */
|
||||||
void static secp256k1_fe_get_b32(unsigned char *r, const secp256k1_fe_t *a) {
|
static void secp256k1_fe_get_b32(unsigned char *r, const secp256k1_fe_t *a) {
|
||||||
for (int i=0; i<32; i++) {
|
for (int i=0; i<32; i++) {
|
||||||
int c = 0;
|
int c = 0;
|
||||||
for (int j=0; j<8; j++) {
|
for (int j=0; j<8; j++) {
|
||||||
|
@ -96,7 +96,8 @@ void static secp256k1_fe_get_b32(unsigned char *r, const secp256k1_fe_t *a) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void static inline secp256k1_fe_negate(secp256k1_fe_t *r, const secp256k1_fe_t *a, int m) {
|
SECP256K1_INLINE static void secp256k1_fe_negate(secp256k1_fe_t *r, const secp256k1_fe_t *a, int m) {
|
||||||
|
(void)m;
|
||||||
*r = *a;
|
*r = *a;
|
||||||
secp256k1_fe_normalize(r);
|
secp256k1_fe_normalize(r);
|
||||||
for (int i=0; i<FIELD_LIMBS; i++)
|
for (int i=0; i<FIELD_LIMBS; i++)
|
||||||
|
@ -109,15 +110,15 @@ void static inline secp256k1_fe_negate(secp256k1_fe_t *r, const secp256k1_fe_t *
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
void static inline secp256k1_fe_mul_int(secp256k1_fe_t *r, int a) {
|
SECP256K1_INLINE static void secp256k1_fe_mul_int(secp256k1_fe_t *r, int a) {
|
||||||
mpn_mul_1(r->n, r->n, FIELD_LIMBS+1, a);
|
mpn_mul_1(r->n, r->n, FIELD_LIMBS+1, a);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static inline secp256k1_fe_add(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
SECP256K1_INLINE static void secp256k1_fe_add(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
||||||
mpn_add(r->n, r->n, FIELD_LIMBS+1, a->n, FIELD_LIMBS+1);
|
mpn_add(r->n, r->n, FIELD_LIMBS+1, a->n, FIELD_LIMBS+1);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_fe_reduce(secp256k1_fe_t *r, mp_limb_t *tmp) {
|
static void secp256k1_fe_reduce(secp256k1_fe_t *r, mp_limb_t *tmp) {
|
||||||
// <A1 A2 A3 A4> <B1 B2 B3 B4>
|
// <A1 A2 A3 A4> <B1 B2 B3 B4>
|
||||||
// B1 B2 B3 B4
|
// B1 B2 B3 B4
|
||||||
// + C * A1 A2 A3 A4
|
// + C * A1 A2 A3 A4
|
||||||
|
@ -138,7 +139,7 @@ void static secp256k1_fe_reduce(secp256k1_fe_t *r, mp_limb_t *tmp) {
|
||||||
r->n[FIELD_LIMBS] = mpn_add(r->n, tmp, FIELD_LIMBS, q, 1+(33+GMP_NUMB_BITS-1)/GMP_NUMB_BITS);
|
r->n[FIELD_LIMBS] = mpn_add(r->n, tmp, FIELD_LIMBS, q, 1+(33+GMP_NUMB_BITS-1)/GMP_NUMB_BITS);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_fe_mul(secp256k1_fe_t *r, const secp256k1_fe_t *a, const secp256k1_fe_t *b) {
|
static void secp256k1_fe_mul(secp256k1_fe_t *r, const secp256k1_fe_t *a, const secp256k1_fe_t *b) {
|
||||||
secp256k1_fe_t ac = *a;
|
secp256k1_fe_t ac = *a;
|
||||||
secp256k1_fe_t bc = *b;
|
secp256k1_fe_t bc = *b;
|
||||||
secp256k1_fe_normalize(&ac);
|
secp256k1_fe_normalize(&ac);
|
||||||
|
@ -148,7 +149,7 @@ void static secp256k1_fe_mul(secp256k1_fe_t *r, const secp256k1_fe_t *a, const s
|
||||||
secp256k1_fe_reduce(r, tmp);
|
secp256k1_fe_reduce(r, tmp);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_fe_sqr(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
static void secp256k1_fe_sqr(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
||||||
secp256k1_fe_t ac = *a;
|
secp256k1_fe_t ac = *a;
|
||||||
secp256k1_fe_normalize(&ac);
|
secp256k1_fe_normalize(&ac);
|
||||||
mp_limb_t tmp[2*FIELD_LIMBS];
|
mp_limb_t tmp[2*FIELD_LIMBS];
|
||||||
|
|
|
@ -21,7 +21,7 @@
|
||||||
#error "Please select field implementation"
|
#error "Please select field implementation"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
void static secp256k1_fe_get_hex(char *r, int *rlen, const secp256k1_fe_t *a) {
|
static void secp256k1_fe_get_hex(char *r, int *rlen, const secp256k1_fe_t *a) {
|
||||||
if (*rlen < 65) {
|
if (*rlen < 65) {
|
||||||
*rlen = 65;
|
*rlen = 65;
|
||||||
return;
|
return;
|
||||||
|
@ -39,7 +39,7 @@ void static secp256k1_fe_get_hex(char *r, int *rlen, const secp256k1_fe_t *a) {
|
||||||
r[64] = 0x00;
|
r[64] = 0x00;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_fe_set_hex(secp256k1_fe_t *r, const char *a, int alen) {
|
static void secp256k1_fe_set_hex(secp256k1_fe_t *r, const char *a, int alen) {
|
||||||
unsigned char tmp[32] = {};
|
unsigned char tmp[32] = {};
|
||||||
static const int cvt[256] = {0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0,
|
static const int cvt[256] = {0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0,
|
||||||
0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0,
|
0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0,
|
||||||
|
@ -64,7 +64,7 @@ void static secp256k1_fe_set_hex(secp256k1_fe_t *r, const char *a, int alen) {
|
||||||
secp256k1_fe_set_b32(r, tmp);
|
secp256k1_fe_set_b32(r, tmp);
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_fe_sqrt(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
static int secp256k1_fe_sqrt(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
||||||
|
|
||||||
// The binary representation of (p + 1)/4 has 3 blocks of 1s, with lengths in
|
// The binary representation of (p + 1)/4 has 3 blocks of 1s, with lengths in
|
||||||
// { 2, 22, 223 }. Use an addition chain to calculate 2^n - 1 for each block:
|
// { 2, 22, 223 }. Use an addition chain to calculate 2^n - 1 for each block:
|
||||||
|
@ -133,7 +133,7 @@ int static secp256k1_fe_sqrt(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
||||||
return secp256k1_fe_is_zero(&t1);
|
return secp256k1_fe_is_zero(&t1);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_fe_inv(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
static void secp256k1_fe_inv(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
||||||
|
|
||||||
// The binary representation of (p - 2) has 5 blocks of 1s, with lengths in
|
// The binary representation of (p - 2) has 5 blocks of 1s, with lengths in
|
||||||
// { 1, 2, 22, 223 }. Use an addition chain to calculate 2^n - 1 for each block:
|
// { 1, 2, 22, 223 }. Use an addition chain to calculate 2^n - 1 for each block:
|
||||||
|
@ -196,7 +196,7 @@ void static secp256k1_fe_inv(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
||||||
secp256k1_fe_mul(r, &t1, a);
|
secp256k1_fe_mul(r, &t1, a);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_fe_inv_var(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
static void secp256k1_fe_inv_var(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
||||||
#if defined(USE_FIELD_INV_BUILTIN)
|
#if defined(USE_FIELD_INV_BUILTIN)
|
||||||
secp256k1_fe_inv(r, a);
|
secp256k1_fe_inv(r, a);
|
||||||
#elif defined(USE_FIELD_INV_NUM)
|
#elif defined(USE_FIELD_INV_NUM)
|
||||||
|
@ -214,7 +214,7 @@ void static secp256k1_fe_inv_var(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_fe_inv_all(size_t len, secp256k1_fe_t r[len], const secp256k1_fe_t a[len]) {
|
static void secp256k1_fe_inv_all(size_t len, secp256k1_fe_t r[len], const secp256k1_fe_t a[len]) {
|
||||||
if (len < 1)
|
if (len < 1)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
|
@ -222,7 +222,7 @@ void static secp256k1_fe_inv_all(size_t len, secp256k1_fe_t r[len], const secp25
|
||||||
|
|
||||||
r[0] = a[0];
|
r[0] = a[0];
|
||||||
|
|
||||||
int i = 0;
|
size_t i = 0;
|
||||||
while (++i < len) {
|
while (++i < len) {
|
||||||
secp256k1_fe_mul(&r[i], &r[i - 1], &a[i]);
|
secp256k1_fe_mul(&r[i], &r[i - 1], &a[i]);
|
||||||
}
|
}
|
||||||
|
@ -238,7 +238,7 @@ void static secp256k1_fe_inv_all(size_t len, secp256k1_fe_t r[len], const secp25
|
||||||
r[0] = u;
|
r[0] = u;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_fe_inv_all_var(size_t len, secp256k1_fe_t r[len], const secp256k1_fe_t a[len]) {
|
static void secp256k1_fe_inv_all_var(size_t len, secp256k1_fe_t r[len], const secp256k1_fe_t a[len]) {
|
||||||
if (len < 1)
|
if (len < 1)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
|
@ -246,7 +246,7 @@ void static secp256k1_fe_inv_all_var(size_t len, secp256k1_fe_t r[len], const se
|
||||||
|
|
||||||
r[0] = a[0];
|
r[0] = a[0];
|
||||||
|
|
||||||
int i = 0;
|
size_t i = 0;
|
||||||
while (++i < len) {
|
while (++i < len) {
|
||||||
secp256k1_fe_mul(&r[i], &r[i - 1], &a[i]);
|
secp256k1_fe_mul(&r[i], &r[i - 1], &a[i]);
|
||||||
}
|
}
|
||||||
|
@ -262,7 +262,7 @@ void static secp256k1_fe_inv_all_var(size_t len, secp256k1_fe_t r[len], const se
|
||||||
r[0] = u;
|
r[0] = u;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_fe_start(void) {
|
static void secp256k1_fe_start(void) {
|
||||||
static const unsigned char secp256k1_fe_consts_p[] = {
|
static const unsigned char secp256k1_fe_consts_p[] = {
|
||||||
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
|
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
|
||||||
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
|
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
|
||||||
|
@ -277,7 +277,7 @@ void static secp256k1_fe_start(void) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_fe_stop(void) {
|
static void secp256k1_fe_stop(void) {
|
||||||
if (secp256k1_fe_consts != NULL) {
|
if (secp256k1_fe_consts != NULL) {
|
||||||
secp256k1_fe_consts_t *c = (secp256k1_fe_consts_t*)secp256k1_fe_consts;
|
secp256k1_fe_consts_t *c = (secp256k1_fe_consts_t*)secp256k1_fe_consts;
|
||||||
free((void*)c);
|
free((void*)c);
|
||||||
|
|
52
src/group.h
52
src/group.h
|
@ -39,88 +39,88 @@ typedef struct {
|
||||||
static const secp256k1_ge_consts_t *secp256k1_ge_consts = NULL;
|
static const secp256k1_ge_consts_t *secp256k1_ge_consts = NULL;
|
||||||
|
|
||||||
/** Initialize the group module. */
|
/** Initialize the group module. */
|
||||||
void static secp256k1_ge_start(void);
|
static void secp256k1_ge_start(void);
|
||||||
|
|
||||||
/** De-initialize the group module. */
|
/** De-initialize the group module. */
|
||||||
void static secp256k1_ge_stop(void);
|
static void secp256k1_ge_stop(void);
|
||||||
|
|
||||||
/** Set a group element equal to the point at infinity */
|
/** Set a group element equal to the point at infinity */
|
||||||
void static secp256k1_ge_set_infinity(secp256k1_ge_t *r);
|
static void secp256k1_ge_set_infinity(secp256k1_ge_t *r);
|
||||||
|
|
||||||
/** Set a group element equal to the point with given X and Y coordinates */
|
/** Set a group element equal to the point with given X and Y coordinates */
|
||||||
void static secp256k1_ge_set_xy(secp256k1_ge_t *r, const secp256k1_fe_t *x, const secp256k1_fe_t *y);
|
static void secp256k1_ge_set_xy(secp256k1_ge_t *r, const secp256k1_fe_t *x, const secp256k1_fe_t *y);
|
||||||
|
|
||||||
/** Set a group element (affine) equal to the point with the given X coordinate, and given oddness
|
/** Set a group element (affine) equal to the point with the given X coordinate, and given oddness
|
||||||
* for Y. Return value indicates whether the result is valid. */
|
* for Y. Return value indicates whether the result is valid. */
|
||||||
int static secp256k1_ge_set_xo(secp256k1_ge_t *r, const secp256k1_fe_t *x, int odd);
|
static int secp256k1_ge_set_xo(secp256k1_ge_t *r, const secp256k1_fe_t *x, int odd);
|
||||||
|
|
||||||
/** Check whether a group element is the point at infinity. */
|
/** Check whether a group element is the point at infinity. */
|
||||||
int static secp256k1_ge_is_infinity(const secp256k1_ge_t *a);
|
static int secp256k1_ge_is_infinity(const secp256k1_ge_t *a);
|
||||||
|
|
||||||
/** Check whether a group element is valid (i.e., on the curve). */
|
/** Check whether a group element is valid (i.e., on the curve). */
|
||||||
int static secp256k1_ge_is_valid(const secp256k1_ge_t *a);
|
static int secp256k1_ge_is_valid(const secp256k1_ge_t *a);
|
||||||
|
|
||||||
void static secp256k1_ge_neg(secp256k1_ge_t *r, const secp256k1_ge_t *a);
|
static void secp256k1_ge_neg(secp256k1_ge_t *r, const secp256k1_ge_t *a);
|
||||||
|
|
||||||
/** Get a hex representation of a point. *rlen will be overwritten with the real length. */
|
/** Get a hex representation of a point. *rlen will be overwritten with the real length. */
|
||||||
void static secp256k1_ge_get_hex(char *r, int *rlen, const secp256k1_ge_t *a);
|
static void secp256k1_ge_get_hex(char *r, int *rlen, const secp256k1_ge_t *a);
|
||||||
|
|
||||||
/** Set a group element equal to another which is given in jacobian coordinates */
|
/** Set a group element equal to another which is given in jacobian coordinates */
|
||||||
void static secp256k1_ge_set_gej(secp256k1_ge_t *r, secp256k1_gej_t *a);
|
static void secp256k1_ge_set_gej(secp256k1_ge_t *r, secp256k1_gej_t *a);
|
||||||
|
|
||||||
/** Set a batch of group elements equal to the inputs given in jacobian coordinates */
|
/** Set a batch of group elements equal to the inputs given in jacobian coordinates */
|
||||||
void static secp256k1_ge_set_all_gej_var(size_t len, secp256k1_ge_t r[len], const secp256k1_gej_t a[len]);
|
static void secp256k1_ge_set_all_gej_var(size_t len, secp256k1_ge_t r[len], const secp256k1_gej_t a[len]);
|
||||||
|
|
||||||
|
|
||||||
/** Set a group element (jacobian) equal to the point at infinity. */
|
/** Set a group element (jacobian) equal to the point at infinity. */
|
||||||
void static secp256k1_gej_set_infinity(secp256k1_gej_t *r);
|
static void secp256k1_gej_set_infinity(secp256k1_gej_t *r);
|
||||||
|
|
||||||
/** Set a group element (jacobian) equal to the point with given X and Y coordinates. */
|
/** Set a group element (jacobian) equal to the point with given X and Y coordinates. */
|
||||||
void static secp256k1_gej_set_xy(secp256k1_gej_t *r, const secp256k1_fe_t *x, const secp256k1_fe_t *y);
|
static void secp256k1_gej_set_xy(secp256k1_gej_t *r, const secp256k1_fe_t *x, const secp256k1_fe_t *y);
|
||||||
|
|
||||||
/** Set a group element (jacobian) equal to another which is given in affine coordinates. */
|
/** Set a group element (jacobian) equal to another which is given in affine coordinates. */
|
||||||
void static secp256k1_gej_set_ge(secp256k1_gej_t *r, const secp256k1_ge_t *a);
|
static void secp256k1_gej_set_ge(secp256k1_gej_t *r, const secp256k1_ge_t *a);
|
||||||
|
|
||||||
/** Get the X coordinate of a group element (jacobian). */
|
/** Get the X coordinate of a group element (jacobian). */
|
||||||
void static secp256k1_gej_get_x_var(secp256k1_fe_t *r, const secp256k1_gej_t *a);
|
static void secp256k1_gej_get_x_var(secp256k1_fe_t *r, const secp256k1_gej_t *a);
|
||||||
|
|
||||||
/** Set r equal to the inverse of a (i.e., mirrored around the X axis) */
|
/** Set r equal to the inverse of a (i.e., mirrored around the X axis) */
|
||||||
void static secp256k1_gej_neg(secp256k1_gej_t *r, const secp256k1_gej_t *a);
|
static void secp256k1_gej_neg(secp256k1_gej_t *r, const secp256k1_gej_t *a);
|
||||||
|
|
||||||
/** Check whether a group element is the point at infinity. */
|
/** Check whether a group element is the point at infinity. */
|
||||||
int static secp256k1_gej_is_infinity(const secp256k1_gej_t *a);
|
static int secp256k1_gej_is_infinity(const secp256k1_gej_t *a);
|
||||||
|
|
||||||
/** Set r equal to the double of a. */
|
/** Set r equal to the double of a. */
|
||||||
void static secp256k1_gej_double_var(secp256k1_gej_t *r, const secp256k1_gej_t *a);
|
static void secp256k1_gej_double_var(secp256k1_gej_t *r, const secp256k1_gej_t *a);
|
||||||
|
|
||||||
/** Set r equal to the sum of a and b. */
|
/** Set r equal to the sum of a and b. */
|
||||||
void static secp256k1_gej_add_var(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_gej_t *b);
|
static void secp256k1_gej_add_var(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_gej_t *b);
|
||||||
|
|
||||||
/** Set r equal to the sum of a and b (with b given in affine coordinates, and not infinity). */
|
/** Set r equal to the sum of a and b (with b given in affine coordinates, and not infinity). */
|
||||||
void static secp256k1_gej_add_ge(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_ge_t *b);
|
static void secp256k1_gej_add_ge(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_ge_t *b);
|
||||||
|
|
||||||
/** Set r equal to the sum of a and b (with b given in affine coordinates). This is more efficient
|
/** Set r equal to the sum of a and b (with b given in affine coordinates). This is more efficient
|
||||||
than secp256k1_gej_add_var. It is identical to secp256k1_gej_add_ge but without constant-time
|
than secp256k1_gej_add_var. It is identical to secp256k1_gej_add_ge but without constant-time
|
||||||
guarantee, and b is allowed to be infinity. */
|
guarantee, and b is allowed to be infinity. */
|
||||||
void static secp256k1_gej_add_ge_var(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_ge_t *b);
|
static void secp256k1_gej_add_ge_var(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_ge_t *b);
|
||||||
|
|
||||||
/** Get a hex representation of a point. *rlen will be overwritten with the real length. */
|
/** Get a hex representation of a point. *rlen will be overwritten with the real length. */
|
||||||
void static secp256k1_gej_get_hex(char *r, int *rlen, const secp256k1_gej_t *a);
|
static void secp256k1_gej_get_hex(char *r, int *rlen, const secp256k1_gej_t *a);
|
||||||
|
|
||||||
#ifdef USE_ENDOMORPHISM
|
#ifdef USE_ENDOMORPHISM
|
||||||
/** Set r to be equal to lambda times a, where lambda is chosen in a way such that this is very fast. */
|
/** Set r to be equal to lambda times a, where lambda is chosen in a way such that this is very fast. */
|
||||||
void static secp256k1_gej_mul_lambda(secp256k1_gej_t *r, const secp256k1_gej_t *a);
|
static void secp256k1_gej_mul_lambda(secp256k1_gej_t *r, const secp256k1_gej_t *a);
|
||||||
|
|
||||||
/** Find r1 and r2 such that r1+r2*lambda = a, and r1 and r2 are maximum 128 bits long (given that a is
|
/** Find r1 and r2 such that r1+r2*lambda = a, and r1 and r2 are maximum 128 bits long (given that a is
|
||||||
not more than 256 bits). */
|
not more than 256 bits). */
|
||||||
void static secp256k1_gej_split_exp_var(secp256k1_num_t *r1, secp256k1_num_t *r2, const secp256k1_num_t *a);
|
static void secp256k1_gej_split_exp_var(secp256k1_num_t *r1, secp256k1_num_t *r2, const secp256k1_num_t *a);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/** Clear a secp256k1_gej_t to prevent leaking sensitive information. */
|
/** Clear a secp256k1_gej_t to prevent leaking sensitive information. */
|
||||||
void static secp256k1_gej_clear(secp256k1_gej_t *r);
|
static void secp256k1_gej_clear(secp256k1_gej_t *r);
|
||||||
|
|
||||||
/** Clear a secp256k1_ge_t to prevent leaking sensitive information. */
|
/** Clear a secp256k1_ge_t to prevent leaking sensitive information. */
|
||||||
void static secp256k1_ge_clear(secp256k1_ge_t *r);
|
static void secp256k1_ge_clear(secp256k1_ge_t *r);
|
||||||
|
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -11,21 +11,21 @@
|
||||||
#include "field.h"
|
#include "field.h"
|
||||||
#include "group.h"
|
#include "group.h"
|
||||||
|
|
||||||
void static secp256k1_ge_set_infinity(secp256k1_ge_t *r) {
|
static void secp256k1_ge_set_infinity(secp256k1_ge_t *r) {
|
||||||
r->infinity = 1;
|
r->infinity = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_ge_set_xy(secp256k1_ge_t *r, const secp256k1_fe_t *x, const secp256k1_fe_t *y) {
|
static void secp256k1_ge_set_xy(secp256k1_ge_t *r, const secp256k1_fe_t *x, const secp256k1_fe_t *y) {
|
||||||
r->infinity = 0;
|
r->infinity = 0;
|
||||||
r->x = *x;
|
r->x = *x;
|
||||||
r->y = *y;
|
r->y = *y;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_ge_is_infinity(const secp256k1_ge_t *a) {
|
static int secp256k1_ge_is_infinity(const secp256k1_ge_t *a) {
|
||||||
return a->infinity;
|
return a->infinity;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_ge_neg(secp256k1_ge_t *r, const secp256k1_ge_t *a) {
|
static void secp256k1_ge_neg(secp256k1_ge_t *r, const secp256k1_ge_t *a) {
|
||||||
r->infinity = a->infinity;
|
r->infinity = a->infinity;
|
||||||
r->x = a->x;
|
r->x = a->x;
|
||||||
r->y = a->y;
|
r->y = a->y;
|
||||||
|
@ -33,7 +33,7 @@ void static secp256k1_ge_neg(secp256k1_ge_t *r, const secp256k1_ge_t *a) {
|
||||||
secp256k1_fe_negate(&r->y, &r->y, 1);
|
secp256k1_fe_negate(&r->y, &r->y, 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_ge_get_hex(char *r, int *rlen, const secp256k1_ge_t *a) {
|
static void secp256k1_ge_get_hex(char *r, int *rlen, const secp256k1_ge_t *a) {
|
||||||
char cx[65]; int lx=65;
|
char cx[65]; int lx=65;
|
||||||
char cy[65]; int ly=65;
|
char cy[65]; int ly=65;
|
||||||
secp256k1_fe_get_hex(cx, &lx, &a->x);
|
secp256k1_fe_get_hex(cx, &lx, &a->x);
|
||||||
|
@ -54,7 +54,7 @@ void static secp256k1_ge_get_hex(char *r, int *rlen, const secp256k1_ge_t *a) {
|
||||||
r[3+lx+ly] = 0;
|
r[3+lx+ly] = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_ge_set_gej(secp256k1_ge_t *r, secp256k1_gej_t *a) {
|
static void secp256k1_ge_set_gej(secp256k1_ge_t *r, secp256k1_gej_t *a) {
|
||||||
r->infinity = a->infinity;
|
r->infinity = a->infinity;
|
||||||
secp256k1_fe_inv(&a->z, &a->z);
|
secp256k1_fe_inv(&a->z, &a->z);
|
||||||
secp256k1_fe_t z2; secp256k1_fe_sqr(&z2, &a->z);
|
secp256k1_fe_t z2; secp256k1_fe_sqr(&z2, &a->z);
|
||||||
|
@ -66,7 +66,7 @@ void static secp256k1_ge_set_gej(secp256k1_ge_t *r, secp256k1_gej_t *a) {
|
||||||
r->y = a->y;
|
r->y = a->y;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_ge_set_gej_var(secp256k1_ge_t *r, secp256k1_gej_t *a) {
|
static void secp256k1_ge_set_gej_var(secp256k1_ge_t *r, secp256k1_gej_t *a) {
|
||||||
r->infinity = a->infinity;
|
r->infinity = a->infinity;
|
||||||
if (a->infinity) {
|
if (a->infinity) {
|
||||||
return;
|
return;
|
||||||
|
@ -81,10 +81,10 @@ void static secp256k1_ge_set_gej_var(secp256k1_ge_t *r, secp256k1_gej_t *a) {
|
||||||
r->y = a->y;
|
r->y = a->y;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_ge_set_all_gej_var(size_t len, secp256k1_ge_t r[len], const secp256k1_gej_t a[len]) {
|
static void secp256k1_ge_set_all_gej_var(size_t len, secp256k1_ge_t r[len], const secp256k1_gej_t a[len]) {
|
||||||
int count = 0;
|
size_t count = 0;
|
||||||
secp256k1_fe_t az[len];
|
secp256k1_fe_t az[len];
|
||||||
for (int i=0; i<len; i++) {
|
for (size_t i=0; i<len; i++) {
|
||||||
if (!a[i].infinity) {
|
if (!a[i].infinity) {
|
||||||
az[count++] = a[i].z;
|
az[count++] = a[i].z;
|
||||||
}
|
}
|
||||||
|
@ -94,7 +94,7 @@ void static secp256k1_ge_set_all_gej_var(size_t len, secp256k1_ge_t r[len], cons
|
||||||
secp256k1_fe_inv_all_var(count, azi, az);
|
secp256k1_fe_inv_all_var(count, azi, az);
|
||||||
|
|
||||||
count = 0;
|
count = 0;
|
||||||
for (int i=0; i<len; i++) {
|
for (size_t i=0; i<len; i++) {
|
||||||
r[i].infinity = a[i].infinity;
|
r[i].infinity = a[i].infinity;
|
||||||
if (!a[i].infinity) {
|
if (!a[i].infinity) {
|
||||||
secp256k1_fe_t *zi = &azi[count++];
|
secp256k1_fe_t *zi = &azi[count++];
|
||||||
|
@ -106,34 +106,34 @@ void static secp256k1_ge_set_all_gej_var(size_t len, secp256k1_ge_t r[len], cons
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_gej_set_infinity(secp256k1_gej_t *r) {
|
static void secp256k1_gej_set_infinity(secp256k1_gej_t *r) {
|
||||||
r->infinity = 1;
|
r->infinity = 1;
|
||||||
secp256k1_fe_set_int(&r->x, 0);
|
secp256k1_fe_set_int(&r->x, 0);
|
||||||
secp256k1_fe_set_int(&r->y, 0);
|
secp256k1_fe_set_int(&r->y, 0);
|
||||||
secp256k1_fe_set_int(&r->z, 0);
|
secp256k1_fe_set_int(&r->z, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_gej_set_xy(secp256k1_gej_t *r, const secp256k1_fe_t *x, const secp256k1_fe_t *y) {
|
static void secp256k1_gej_set_xy(secp256k1_gej_t *r, const secp256k1_fe_t *x, const secp256k1_fe_t *y) {
|
||||||
r->infinity = 0;
|
r->infinity = 0;
|
||||||
r->x = *x;
|
r->x = *x;
|
||||||
r->y = *y;
|
r->y = *y;
|
||||||
secp256k1_fe_set_int(&r->z, 1);
|
secp256k1_fe_set_int(&r->z, 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_gej_clear(secp256k1_gej_t *r) {
|
static void secp256k1_gej_clear(secp256k1_gej_t *r) {
|
||||||
r->infinity = 0;
|
r->infinity = 0;
|
||||||
secp256k1_fe_clear(&r->x);
|
secp256k1_fe_clear(&r->x);
|
||||||
secp256k1_fe_clear(&r->y);
|
secp256k1_fe_clear(&r->y);
|
||||||
secp256k1_fe_clear(&r->z);
|
secp256k1_fe_clear(&r->z);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_ge_clear(secp256k1_ge_t *r) {
|
static void secp256k1_ge_clear(secp256k1_ge_t *r) {
|
||||||
r->infinity = 0;
|
r->infinity = 0;
|
||||||
secp256k1_fe_clear(&r->x);
|
secp256k1_fe_clear(&r->x);
|
||||||
secp256k1_fe_clear(&r->y);
|
secp256k1_fe_clear(&r->y);
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_ge_set_xo(secp256k1_ge_t *r, const secp256k1_fe_t *x, int odd) {
|
static int secp256k1_ge_set_xo(secp256k1_ge_t *r, const secp256k1_fe_t *x, int odd) {
|
||||||
r->x = *x;
|
r->x = *x;
|
||||||
secp256k1_fe_t x2; secp256k1_fe_sqr(&x2, x);
|
secp256k1_fe_t x2; secp256k1_fe_sqr(&x2, x);
|
||||||
secp256k1_fe_t x3; secp256k1_fe_mul(&x3, x, &x2);
|
secp256k1_fe_t x3; secp256k1_fe_mul(&x3, x, &x2);
|
||||||
|
@ -148,19 +148,19 @@ int static secp256k1_ge_set_xo(secp256k1_ge_t *r, const secp256k1_fe_t *x, int o
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_gej_set_ge(secp256k1_gej_t *r, const secp256k1_ge_t *a) {
|
static void secp256k1_gej_set_ge(secp256k1_gej_t *r, const secp256k1_ge_t *a) {
|
||||||
r->infinity = a->infinity;
|
r->infinity = a->infinity;
|
||||||
r->x = a->x;
|
r->x = a->x;
|
||||||
r->y = a->y;
|
r->y = a->y;
|
||||||
secp256k1_fe_set_int(&r->z, 1);
|
secp256k1_fe_set_int(&r->z, 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_gej_get_x_var(secp256k1_fe_t *r, const secp256k1_gej_t *a) {
|
static void secp256k1_gej_get_x_var(secp256k1_fe_t *r, const secp256k1_gej_t *a) {
|
||||||
secp256k1_fe_t zi2; secp256k1_fe_inv_var(&zi2, &a->z); secp256k1_fe_sqr(&zi2, &zi2);
|
secp256k1_fe_t zi2; secp256k1_fe_inv_var(&zi2, &a->z); secp256k1_fe_sqr(&zi2, &zi2);
|
||||||
secp256k1_fe_mul(r, &a->x, &zi2);
|
secp256k1_fe_mul(r, &a->x, &zi2);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_gej_neg(secp256k1_gej_t *r, const secp256k1_gej_t *a) {
|
static void secp256k1_gej_neg(secp256k1_gej_t *r, const secp256k1_gej_t *a) {
|
||||||
r->infinity = a->infinity;
|
r->infinity = a->infinity;
|
||||||
r->x = a->x;
|
r->x = a->x;
|
||||||
r->y = a->y;
|
r->y = a->y;
|
||||||
|
@ -169,11 +169,11 @@ void static secp256k1_gej_neg(secp256k1_gej_t *r, const secp256k1_gej_t *a) {
|
||||||
secp256k1_fe_negate(&r->y, &r->y, 1);
|
secp256k1_fe_negate(&r->y, &r->y, 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_gej_is_infinity(const secp256k1_gej_t *a) {
|
static int secp256k1_gej_is_infinity(const secp256k1_gej_t *a) {
|
||||||
return a->infinity;
|
return a->infinity;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_gej_is_valid(const secp256k1_gej_t *a) {
|
static int secp256k1_gej_is_valid(const secp256k1_gej_t *a) {
|
||||||
if (a->infinity)
|
if (a->infinity)
|
||||||
return 0;
|
return 0;
|
||||||
// y^2 = x^3 + 7
|
// y^2 = x^3 + 7
|
||||||
|
@ -191,7 +191,7 @@ int static secp256k1_gej_is_valid(const secp256k1_gej_t *a) {
|
||||||
return secp256k1_fe_equal(&y2, &x3);
|
return secp256k1_fe_equal(&y2, &x3);
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_ge_is_valid(const secp256k1_ge_t *a) {
|
static int secp256k1_ge_is_valid(const secp256k1_ge_t *a) {
|
||||||
if (a->infinity)
|
if (a->infinity)
|
||||||
return 0;
|
return 0;
|
||||||
// y^2 = x^3 + 7
|
// y^2 = x^3 + 7
|
||||||
|
@ -204,7 +204,7 @@ int static secp256k1_ge_is_valid(const secp256k1_ge_t *a) {
|
||||||
return secp256k1_fe_equal(&y2, &x3);
|
return secp256k1_fe_equal(&y2, &x3);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_gej_double_var(secp256k1_gej_t *r, const secp256k1_gej_t *a) {
|
static void secp256k1_gej_double_var(secp256k1_gej_t *r, const secp256k1_gej_t *a) {
|
||||||
if (a->infinity) {
|
if (a->infinity) {
|
||||||
r->infinity = 1;
|
r->infinity = 1;
|
||||||
return;
|
return;
|
||||||
|
@ -241,7 +241,7 @@ void static secp256k1_gej_double_var(secp256k1_gej_t *r, const secp256k1_gej_t *
|
||||||
r->infinity = 0;
|
r->infinity = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_gej_add_var(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_gej_t *b) {
|
static void secp256k1_gej_add_var(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_gej_t *b) {
|
||||||
if (a->infinity) {
|
if (a->infinity) {
|
||||||
*r = *b;
|
*r = *b;
|
||||||
return;
|
return;
|
||||||
|
@ -282,7 +282,7 @@ void static secp256k1_gej_add_var(secp256k1_gej_t *r, const secp256k1_gej_t *a,
|
||||||
secp256k1_fe_add(&r->y, &h3);
|
secp256k1_fe_add(&r->y, &h3);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_gej_add_ge_var(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_ge_t *b) {
|
static void secp256k1_gej_add_ge_var(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_ge_t *b) {
|
||||||
if (a->infinity) {
|
if (a->infinity) {
|
||||||
r->infinity = b->infinity;
|
r->infinity = b->infinity;
|
||||||
r->x = b->x;
|
r->x = b->x;
|
||||||
|
@ -325,7 +325,7 @@ void static secp256k1_gej_add_ge_var(secp256k1_gej_t *r, const secp256k1_gej_t *
|
||||||
secp256k1_fe_add(&r->y, &h3);
|
secp256k1_fe_add(&r->y, &h3);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_gej_add_ge(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_ge_t *b) {
|
static void secp256k1_gej_add_ge(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_ge_t *b) {
|
||||||
VERIFY_CHECK(!b->infinity);
|
VERIFY_CHECK(!b->infinity);
|
||||||
VERIFY_CHECK(a->infinity == 0 || a->infinity == 1);
|
VERIFY_CHECK(a->infinity == 0 || a->infinity == 1);
|
||||||
|
|
||||||
|
@ -397,20 +397,20 @@ void static secp256k1_gej_add_ge(secp256k1_gej_t *r, const secp256k1_gej_t *a, c
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
void static secp256k1_gej_get_hex(char *r, int *rlen, const secp256k1_gej_t *a) {
|
static void secp256k1_gej_get_hex(char *r, int *rlen, const secp256k1_gej_t *a) {
|
||||||
secp256k1_gej_t c = *a;
|
secp256k1_gej_t c = *a;
|
||||||
secp256k1_ge_t t; secp256k1_ge_set_gej(&t, &c);
|
secp256k1_ge_t t; secp256k1_ge_set_gej(&t, &c);
|
||||||
secp256k1_ge_get_hex(r, rlen, &t);
|
secp256k1_ge_get_hex(r, rlen, &t);
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef USE_ENDOMORPHISM
|
#ifdef USE_ENDOMORPHISM
|
||||||
void static secp256k1_gej_mul_lambda(secp256k1_gej_t *r, const secp256k1_gej_t *a) {
|
static void secp256k1_gej_mul_lambda(secp256k1_gej_t *r, const secp256k1_gej_t *a) {
|
||||||
const secp256k1_fe_t *beta = &secp256k1_ge_consts->beta;
|
const secp256k1_fe_t *beta = &secp256k1_ge_consts->beta;
|
||||||
*r = *a;
|
*r = *a;
|
||||||
secp256k1_fe_mul(&r->x, &r->x, beta);
|
secp256k1_fe_mul(&r->x, &r->x, beta);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_gej_split_exp_var(secp256k1_num_t *r1, secp256k1_num_t *r2, const secp256k1_num_t *a) {
|
static void secp256k1_gej_split_exp_var(secp256k1_num_t *r1, secp256k1_num_t *r2, const secp256k1_num_t *a) {
|
||||||
const secp256k1_ge_consts_t *c = secp256k1_ge_consts;
|
const secp256k1_ge_consts_t *c = secp256k1_ge_consts;
|
||||||
secp256k1_num_t bnc1, bnc2, bnt1, bnt2, bnn2;
|
secp256k1_num_t bnc1, bnc2, bnt1, bnt2, bnn2;
|
||||||
|
|
||||||
|
@ -436,7 +436,7 @@ void static secp256k1_gej_split_exp_var(secp256k1_num_t *r1, secp256k1_num_t *r2
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
void static secp256k1_ge_start(void) {
|
static void secp256k1_ge_start(void) {
|
||||||
static const unsigned char secp256k1_ge_consts_order[] = {
|
static const unsigned char secp256k1_ge_consts_order[] = {
|
||||||
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
|
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
|
||||||
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,
|
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,
|
||||||
|
@ -503,7 +503,7 @@ void static secp256k1_ge_start(void) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_ge_stop(void) {
|
static void secp256k1_ge_stop(void) {
|
||||||
if (secp256k1_ge_consts != NULL) {
|
if (secp256k1_ge_consts != NULL) {
|
||||||
secp256k1_ge_consts_t *c = (secp256k1_ge_consts_t*)secp256k1_ge_consts;
|
secp256k1_ge_consts_t *c = (secp256k1_ge_consts_t*)secp256k1_ge_consts;
|
||||||
free((void*)c);
|
free((void*)c);
|
||||||
|
|
52
src/num.h
52
src/num.h
|
@ -16,83 +16,83 @@
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/** Clear a number to prevent the leak of sensitive data. */
|
/** Clear a number to prevent the leak of sensitive data. */
|
||||||
void static secp256k1_num_clear(secp256k1_num_t *r);
|
static void secp256k1_num_clear(secp256k1_num_t *r);
|
||||||
|
|
||||||
/** Copy a number. */
|
/** Copy a number. */
|
||||||
void static secp256k1_num_copy(secp256k1_num_t *r, const secp256k1_num_t *a);
|
static void secp256k1_num_copy(secp256k1_num_t *r, const secp256k1_num_t *a);
|
||||||
|
|
||||||
/** Convert a number's absolute value to a binary big-endian string.
|
/** Convert a number's absolute value to a binary big-endian string.
|
||||||
* There must be enough place. */
|
* There must be enough place. */
|
||||||
void static secp256k1_num_get_bin(unsigned char *r, unsigned int rlen, const secp256k1_num_t *a);
|
static void secp256k1_num_get_bin(unsigned char *r, unsigned int rlen, const secp256k1_num_t *a);
|
||||||
|
|
||||||
/** Set a number to the value of a binary big-endian string. */
|
/** Set a number to the value of a binary big-endian string. */
|
||||||
void static secp256k1_num_set_bin(secp256k1_num_t *r, const unsigned char *a, unsigned int alen);
|
static void secp256k1_num_set_bin(secp256k1_num_t *r, const unsigned char *a, unsigned int alen);
|
||||||
|
|
||||||
/** Set a number equal to a (signed) integer. */
|
/** Set a number equal to a (signed) integer. */
|
||||||
void static secp256k1_num_set_int(secp256k1_num_t *r, int a);
|
static void secp256k1_num_set_int(secp256k1_num_t *r, int a);
|
||||||
|
|
||||||
/** Compute a modular inverse. The input must be less than the modulus. */
|
/** Compute a modular inverse. The input must be less than the modulus. */
|
||||||
void static secp256k1_num_mod_inverse(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *m);
|
static void secp256k1_num_mod_inverse(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *m);
|
||||||
|
|
||||||
/** Multiply two numbers modulo another. */
|
/** Multiply two numbers modulo another. */
|
||||||
void static secp256k1_num_mod_mul(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b, const secp256k1_num_t *m);
|
static void secp256k1_num_mod_mul(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b, const secp256k1_num_t *m);
|
||||||
|
|
||||||
/** Compare the absolute value of two numbers. */
|
/** Compare the absolute value of two numbers. */
|
||||||
int static secp256k1_num_cmp(const secp256k1_num_t *a, const secp256k1_num_t *b);
|
static int secp256k1_num_cmp(const secp256k1_num_t *a, const secp256k1_num_t *b);
|
||||||
|
|
||||||
/** Test whether two number are equal (including sign). */
|
/** Test whether two number are equal (including sign). */
|
||||||
int static secp256k1_num_eq(const secp256k1_num_t *a, const secp256k1_num_t *b);
|
static int secp256k1_num_eq(const secp256k1_num_t *a, const secp256k1_num_t *b);
|
||||||
|
|
||||||
/** Add two (signed) numbers. */
|
/** Add two (signed) numbers. */
|
||||||
void static secp256k1_num_add(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b);
|
static void secp256k1_num_add(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b);
|
||||||
|
|
||||||
/** Subtract two (signed) numbers. */
|
/** Subtract two (signed) numbers. */
|
||||||
void static secp256k1_num_sub(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b);
|
static void secp256k1_num_sub(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b);
|
||||||
|
|
||||||
/** Multiply two (signed) numbers. */
|
/** Multiply two (signed) numbers. */
|
||||||
void static secp256k1_num_mul(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b);
|
static void secp256k1_num_mul(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b);
|
||||||
|
|
||||||
/** Divide two (signed) numbers. */
|
/** Divide two (signed) numbers. */
|
||||||
void static secp256k1_num_div(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b);
|
static void secp256k1_num_div(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b);
|
||||||
|
|
||||||
/** Replace a number by its remainder modulo m. M's sign is ignored. The result is a number between 0 and m-1,
|
/** Replace a number by its remainder modulo m. M's sign is ignored. The result is a number between 0 and m-1,
|
||||||
even if r was negative. */
|
even if r was negative. */
|
||||||
void static secp256k1_num_mod(secp256k1_num_t *r, const secp256k1_num_t *m);
|
static void secp256k1_num_mod(secp256k1_num_t *r, const secp256k1_num_t *m);
|
||||||
|
|
||||||
/** Calculate the number of bits in (the absolute value of) a number. */
|
/** Calculate the number of bits in (the absolute value of) a number. */
|
||||||
int static secp256k1_num_bits(const secp256k1_num_t *a);
|
static int secp256k1_num_bits(const secp256k1_num_t *a);
|
||||||
|
|
||||||
/** Right-shift the passed number by bits bits, and return those bits. */
|
/** Right-shift the passed number by bits bits, and return those bits. */
|
||||||
int static secp256k1_num_shift(secp256k1_num_t *r, int bits);
|
static int secp256k1_num_shift(secp256k1_num_t *r, int bits);
|
||||||
|
|
||||||
/** Check whether a number is zero. */
|
/** Check whether a number is zero. */
|
||||||
int static secp256k1_num_is_zero(const secp256k1_num_t *a);
|
static int secp256k1_num_is_zero(const secp256k1_num_t *a);
|
||||||
|
|
||||||
/** Check whether a number is odd. */
|
/** Check whether a number is odd. */
|
||||||
int static secp256k1_num_is_odd(const secp256k1_num_t *a);
|
static int secp256k1_num_is_odd(const secp256k1_num_t *a);
|
||||||
|
|
||||||
/** Check whether a number is strictly negative. */
|
/** Check whether a number is strictly negative. */
|
||||||
int static secp256k1_num_is_neg(const secp256k1_num_t *a);
|
static int secp256k1_num_is_neg(const secp256k1_num_t *a);
|
||||||
|
|
||||||
/** Check whether a particular bit is set in a number. */
|
/** Check whether a particular bit is set in a number. */
|
||||||
int static secp256k1_num_get_bit(const secp256k1_num_t *a, int pos);
|
static int secp256k1_num_get_bit(const secp256k1_num_t *a, int pos);
|
||||||
|
|
||||||
/** Increase a number by 1. */
|
/** Increase a number by 1. */
|
||||||
void static secp256k1_num_inc(secp256k1_num_t *r);
|
static void secp256k1_num_inc(secp256k1_num_t *r);
|
||||||
|
|
||||||
/** Set a number equal to the value of a hex string (unsigned). */
|
/** Set a number equal to the value of a hex string (unsigned). */
|
||||||
void static secp256k1_num_set_hex(secp256k1_num_t *r, const char *a, int alen);
|
static void secp256k1_num_set_hex(secp256k1_num_t *r, const char *a, int alen);
|
||||||
|
|
||||||
/** Convert (the absolute value of) a number to a hexadecimal string. */
|
/** Convert (the absolute value of) a number to a hexadecimal string. */
|
||||||
void static secp256k1_num_get_hex(char *r, int rlen, const secp256k1_num_t *a);
|
static void secp256k1_num_get_hex(char *r, int rlen, const secp256k1_num_t *a);
|
||||||
|
|
||||||
/** Split a number into a low and high part. */
|
/** Split a number into a low and high part. */
|
||||||
void static secp256k1_num_split(secp256k1_num_t *rl, secp256k1_num_t *rh, const secp256k1_num_t *a, int bits);
|
static void secp256k1_num_split(secp256k1_num_t *rl, secp256k1_num_t *rh, const secp256k1_num_t *a, int bits);
|
||||||
|
|
||||||
/** Change a number's sign. */
|
/** Change a number's sign. */
|
||||||
void static secp256k1_num_negate(secp256k1_num_t *r);
|
static void secp256k1_num_negate(secp256k1_num_t *r);
|
||||||
|
|
||||||
/** Get a bunch of bits from a number. */
|
/** Get a bunch of bits from a number. */
|
||||||
int static secp256k1_num_get_bits(const secp256k1_num_t *a, int offset, int count);
|
static int secp256k1_num_get_bits(const secp256k1_num_t *a, int offset, int count);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -13,31 +13,32 @@
|
||||||
#include "num.h"
|
#include "num.h"
|
||||||
|
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
void static secp256k1_num_sanity(const secp256k1_num_t *a) {
|
static void secp256k1_num_sanity(const secp256k1_num_t *a) {
|
||||||
VERIFY_CHECK(a->limbs == 1 || (a->limbs > 1 && a->data[a->limbs-1] != 0));
|
VERIFY_CHECK(a->limbs == 1 || (a->limbs > 1 && a->data[a->limbs-1] != 0));
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
#define secp256k1_num_sanity(a) do { } while(0)
|
#define secp256k1_num_sanity(a) do { } while(0)
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
void static secp256k1_num_init(secp256k1_num_t *r) {
|
static void secp256k1_num_init(secp256k1_num_t *r) {
|
||||||
r->neg = 0;
|
r->neg = 0;
|
||||||
r->limbs = 1;
|
r->limbs = 1;
|
||||||
r->data[0] = 0;
|
r->data[0] = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_num_clear(secp256k1_num_t *r) {
|
static void secp256k1_num_clear(secp256k1_num_t *r) {
|
||||||
memset(r, 0, sizeof(*r));
|
memset(r, 0, sizeof(*r));
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_num_free(secp256k1_num_t *r) {
|
static void secp256k1_num_free(secp256k1_num_t *r) {
|
||||||
|
(void)r;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_num_copy(secp256k1_num_t *r, const secp256k1_num_t *a) {
|
static void secp256k1_num_copy(secp256k1_num_t *r, const secp256k1_num_t *a) {
|
||||||
*r = *a;
|
*r = *a;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_num_bits(const secp256k1_num_t *a) {
|
static int secp256k1_num_bits(const secp256k1_num_t *a) {
|
||||||
int ret=(a->limbs-1)*GMP_NUMB_BITS;
|
int ret=(a->limbs-1)*GMP_NUMB_BITS;
|
||||||
mp_limb_t x=a->data[a->limbs-1];
|
mp_limb_t x=a->data[a->limbs-1];
|
||||||
while (x) {
|
while (x) {
|
||||||
|
@ -48,7 +49,7 @@ int static secp256k1_num_bits(const secp256k1_num_t *a) {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void static secp256k1_num_get_bin(unsigned char *r, unsigned int rlen, const secp256k1_num_t *a) {
|
static void secp256k1_num_get_bin(unsigned char *r, unsigned int rlen, const secp256k1_num_t *a) {
|
||||||
unsigned char tmp[65];
|
unsigned char tmp[65];
|
||||||
int len = 0;
|
int len = 0;
|
||||||
if (a->limbs>1 || a->data[0] != 0) {
|
if (a->limbs>1 || a->data[0] != 0) {
|
||||||
|
@ -56,7 +57,7 @@ void static secp256k1_num_get_bin(unsigned char *r, unsigned int rlen, const sec
|
||||||
}
|
}
|
||||||
int shift = 0;
|
int shift = 0;
|
||||||
while (shift < len && tmp[shift] == 0) shift++;
|
while (shift < len && tmp[shift] == 0) shift++;
|
||||||
VERIFY_CHECK(len-shift <= rlen);
|
VERIFY_CHECK(len-shift <= (int)rlen);
|
||||||
memset(r, 0, rlen - len + shift);
|
memset(r, 0, rlen - len + shift);
|
||||||
if (len > shift) {
|
if (len > shift) {
|
||||||
memcpy(r + rlen - len + shift, tmp + shift, len - shift);
|
memcpy(r + rlen - len + shift, tmp + shift, len - shift);
|
||||||
|
@ -64,7 +65,7 @@ void static secp256k1_num_get_bin(unsigned char *r, unsigned int rlen, const sec
|
||||||
memset(tmp, 0, sizeof(tmp));
|
memset(tmp, 0, sizeof(tmp));
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_num_set_bin(secp256k1_num_t *r, const unsigned char *a, unsigned int alen) {
|
static void secp256k1_num_set_bin(secp256k1_num_t *r, const unsigned char *a, unsigned int alen) {
|
||||||
VERIFY_CHECK(alen > 0);
|
VERIFY_CHECK(alen > 0);
|
||||||
VERIFY_CHECK(alen <= 64);
|
VERIFY_CHECK(alen <= 64);
|
||||||
int len = mpn_set_str(r->data, a, alen, 256);
|
int len = mpn_set_str(r->data, a, alen, 256);
|
||||||
|
@ -74,13 +75,13 @@ void static secp256k1_num_set_bin(secp256k1_num_t *r, const unsigned char *a, un
|
||||||
while (r->limbs > 1 && r->data[r->limbs-1]==0) r->limbs--;
|
while (r->limbs > 1 && r->data[r->limbs-1]==0) r->limbs--;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_num_set_int(secp256k1_num_t *r, int a) {
|
static void secp256k1_num_set_int(secp256k1_num_t *r, int a) {
|
||||||
r->limbs = 1;
|
r->limbs = 1;
|
||||||
r->neg = (a < 0);
|
r->neg = (a < 0);
|
||||||
r->data[0] = (a < 0) ? -a : a;
|
r->data[0] = (a < 0) ? -a : a;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_num_add_abs(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
|
static void secp256k1_num_add_abs(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
|
||||||
mp_limb_t c = mpn_add(r->data, a->data, a->limbs, b->data, b->limbs);
|
mp_limb_t c = mpn_add(r->data, a->data, a->limbs, b->data, b->limbs);
|
||||||
r->limbs = a->limbs;
|
r->limbs = a->limbs;
|
||||||
if (c != 0) {
|
if (c != 0) {
|
||||||
|
@ -89,14 +90,14 @@ void static secp256k1_num_add_abs(secp256k1_num_t *r, const secp256k1_num_t *a,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_num_sub_abs(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
|
static void secp256k1_num_sub_abs(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
|
||||||
mp_limb_t c = mpn_sub(r->data, a->data, a->limbs, b->data, b->limbs);
|
mp_limb_t c = mpn_sub(r->data, a->data, a->limbs, b->data, b->limbs);
|
||||||
VERIFY_CHECK(c == 0);
|
VERIFY_CHECK(c == 0);
|
||||||
r->limbs = a->limbs;
|
r->limbs = a->limbs;
|
||||||
while (r->limbs > 1 && r->data[r->limbs-1]==0) r->limbs--;
|
while (r->limbs > 1 && r->data[r->limbs-1]==0) r->limbs--;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_num_mod(secp256k1_num_t *r, const secp256k1_num_t *m) {
|
static void secp256k1_num_mod(secp256k1_num_t *r, const secp256k1_num_t *m) {
|
||||||
secp256k1_num_sanity(r);
|
secp256k1_num_sanity(r);
|
||||||
secp256k1_num_sanity(m);
|
secp256k1_num_sanity(m);
|
||||||
|
|
||||||
|
@ -114,7 +115,7 @@ void static secp256k1_num_mod(secp256k1_num_t *r, const secp256k1_num_t *m) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_num_mod_inverse(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *m) {
|
static void secp256k1_num_mod_inverse(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *m) {
|
||||||
secp256k1_num_sanity(a);
|
secp256k1_num_sanity(a);
|
||||||
secp256k1_num_sanity(m);
|
secp256k1_num_sanity(m);
|
||||||
|
|
||||||
|
@ -153,32 +154,32 @@ void static secp256k1_num_mod_inverse(secp256k1_num_t *r, const secp256k1_num_t
|
||||||
memset(v, 0, sizeof(v));
|
memset(v, 0, sizeof(v));
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_num_is_zero(const secp256k1_num_t *a) {
|
static int secp256k1_num_is_zero(const secp256k1_num_t *a) {
|
||||||
return (a->limbs == 1 && a->data[0] == 0);
|
return (a->limbs == 1 && a->data[0] == 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_num_is_odd(const secp256k1_num_t *a) {
|
static int secp256k1_num_is_odd(const secp256k1_num_t *a) {
|
||||||
return a->data[0] & 1;
|
return a->data[0] & 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_num_is_neg(const secp256k1_num_t *a) {
|
static int secp256k1_num_is_neg(const secp256k1_num_t *a) {
|
||||||
return (a->limbs > 1 || a->data[0] != 0) && a->neg;
|
return (a->limbs > 1 || a->data[0] != 0) && a->neg;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_num_cmp(const secp256k1_num_t *a, const secp256k1_num_t *b) {
|
static int secp256k1_num_cmp(const secp256k1_num_t *a, const secp256k1_num_t *b) {
|
||||||
if (a->limbs > b->limbs) return 1;
|
if (a->limbs > b->limbs) return 1;
|
||||||
if (a->limbs < b->limbs) return -1;
|
if (a->limbs < b->limbs) return -1;
|
||||||
return mpn_cmp(a->data, b->data, a->limbs);
|
return mpn_cmp(a->data, b->data, a->limbs);
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_num_eq(const secp256k1_num_t *a, const secp256k1_num_t *b) {
|
static int secp256k1_num_eq(const secp256k1_num_t *a, const secp256k1_num_t *b) {
|
||||||
if (a->limbs > b->limbs) return 0;
|
if (a->limbs > b->limbs) return 0;
|
||||||
if (a->limbs < b->limbs) return 0;
|
if (a->limbs < b->limbs) return 0;
|
||||||
if ((a->neg && !secp256k1_num_is_zero(a)) != (b->neg && !secp256k1_num_is_zero(b))) return 0;
|
if ((a->neg && !secp256k1_num_is_zero(a)) != (b->neg && !secp256k1_num_is_zero(b))) return 0;
|
||||||
return mpn_cmp(a->data, b->data, a->limbs) == 0;
|
return mpn_cmp(a->data, b->data, a->limbs) == 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_num_subadd(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b, int bneg) {
|
static void secp256k1_num_subadd(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b, int bneg) {
|
||||||
if (!(b->neg ^ bneg ^ a->neg)) { // a and b have the same sign
|
if (!(b->neg ^ bneg ^ a->neg)) { // a and b have the same sign
|
||||||
r->neg = a->neg;
|
r->neg = a->neg;
|
||||||
if (a->limbs >= b->limbs) {
|
if (a->limbs >= b->limbs) {
|
||||||
|
@ -197,19 +198,19 @@ void static secp256k1_num_subadd(secp256k1_num_t *r, const secp256k1_num_t *a, c
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_num_add(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
|
static void secp256k1_num_add(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
|
||||||
secp256k1_num_sanity(a);
|
secp256k1_num_sanity(a);
|
||||||
secp256k1_num_sanity(b);
|
secp256k1_num_sanity(b);
|
||||||
secp256k1_num_subadd(r, a, b, 0);
|
secp256k1_num_subadd(r, a, b, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_num_sub(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
|
static void secp256k1_num_sub(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
|
||||||
secp256k1_num_sanity(a);
|
secp256k1_num_sanity(a);
|
||||||
secp256k1_num_sanity(b);
|
secp256k1_num_sanity(b);
|
||||||
secp256k1_num_subadd(r, a, b, 1);
|
secp256k1_num_subadd(r, a, b, 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_num_mul(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
|
static void secp256k1_num_mul(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
|
||||||
secp256k1_num_sanity(a);
|
secp256k1_num_sanity(a);
|
||||||
secp256k1_num_sanity(b);
|
secp256k1_num_sanity(b);
|
||||||
|
|
||||||
|
@ -233,7 +234,7 @@ void static secp256k1_num_mul(secp256k1_num_t *r, const secp256k1_num_t *a, cons
|
||||||
memset(tmp, 0, sizeof(tmp));
|
memset(tmp, 0, sizeof(tmp));
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_num_div(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
|
static void secp256k1_num_div(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
|
||||||
secp256k1_num_sanity(a);
|
secp256k1_num_sanity(a);
|
||||||
secp256k1_num_sanity(b);
|
secp256k1_num_sanity(b);
|
||||||
if (b->limbs > a->limbs) {
|
if (b->limbs > a->limbs) {
|
||||||
|
@ -252,13 +253,13 @@ void static secp256k1_num_div(secp256k1_num_t *r, const secp256k1_num_t *a, cons
|
||||||
r->neg = a->neg ^ b->neg;
|
r->neg = a->neg ^ b->neg;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_num_mod_mul(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b, const secp256k1_num_t *m) {
|
static void secp256k1_num_mod_mul(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b, const secp256k1_num_t *m) {
|
||||||
secp256k1_num_mul(r, a, b);
|
secp256k1_num_mul(r, a, b);
|
||||||
secp256k1_num_mod(r, m);
|
secp256k1_num_mod(r, m);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
int static secp256k1_num_shift(secp256k1_num_t *r, int bits) {
|
static int secp256k1_num_shift(secp256k1_num_t *r, int bits) {
|
||||||
VERIFY_CHECK(bits <= GMP_NUMB_BITS);
|
VERIFY_CHECK(bits <= GMP_NUMB_BITS);
|
||||||
mp_limb_t ret = mpn_rshift(r->data, r->data, r->limbs, bits);
|
mp_limb_t ret = mpn_rshift(r->data, r->data, r->limbs, bits);
|
||||||
if (r->limbs>1 && r->data[r->limbs-1]==0) r->limbs--;
|
if (r->limbs>1 && r->data[r->limbs-1]==0) r->limbs--;
|
||||||
|
@ -266,11 +267,11 @@ int static secp256k1_num_shift(secp256k1_num_t *r, int bits) {
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_num_get_bit(const secp256k1_num_t *a, int pos) {
|
static int secp256k1_num_get_bit(const secp256k1_num_t *a, int pos) {
|
||||||
return (a->limbs*GMP_NUMB_BITS > pos) && ((a->data[pos/GMP_NUMB_BITS] >> (pos % GMP_NUMB_BITS)) & 1);
|
return (a->limbs*GMP_NUMB_BITS > pos) && ((a->data[pos/GMP_NUMB_BITS] >> (pos % GMP_NUMB_BITS)) & 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_num_inc(secp256k1_num_t *r) {
|
static void secp256k1_num_inc(secp256k1_num_t *r) {
|
||||||
mp_limb_t ret = mpn_add_1(r->data, r->data, r->limbs, (mp_limb_t)1);
|
mp_limb_t ret = mpn_add_1(r->data, r->data, r->limbs, (mp_limb_t)1);
|
||||||
if (ret) {
|
if (ret) {
|
||||||
VERIFY_CHECK(r->limbs < 2*NUM_LIMBS);
|
VERIFY_CHECK(r->limbs < 2*NUM_LIMBS);
|
||||||
|
@ -278,7 +279,7 @@ void static secp256k1_num_inc(secp256k1_num_t *r) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_num_set_hex(secp256k1_num_t *r, const char *a, int alen) {
|
static void secp256k1_num_set_hex(secp256k1_num_t *r, const char *a, int alen) {
|
||||||
static const unsigned char cvt[256] = {
|
static const unsigned char cvt[256] = {
|
||||||
0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0,
|
0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0,
|
||||||
0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0,
|
0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0,
|
||||||
|
@ -306,7 +307,7 @@ void static secp256k1_num_set_hex(secp256k1_num_t *r, const char *a, int alen) {
|
||||||
while (r->limbs > 1 && r->data[r->limbs-1] == 0) r->limbs--;
|
while (r->limbs > 1 && r->data[r->limbs-1] == 0) r->limbs--;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_num_get_hex(char *r, int rlen, const secp256k1_num_t *a) {
|
static void secp256k1_num_get_hex(char *r, int rlen, const secp256k1_num_t *a) {
|
||||||
static const unsigned char cvt[16] = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
|
static const unsigned char cvt[16] = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
|
||||||
unsigned char *tmp = malloc(257);
|
unsigned char *tmp = malloc(257);
|
||||||
mp_size_t len = mpn_get_str(tmp, 16, (mp_limb_t*)a->data, a->limbs);
|
mp_size_t len = mpn_get_str(tmp, 16, (mp_limb_t*)a->data, a->limbs);
|
||||||
|
@ -314,7 +315,6 @@ void static secp256k1_num_get_hex(char *r, int rlen, const secp256k1_num_t *a) {
|
||||||
for (int i=0; i<len; i++) {
|
for (int i=0; i<len; i++) {
|
||||||
VERIFY_CHECK(rlen-len+i >= 0);
|
VERIFY_CHECK(rlen-len+i >= 0);
|
||||||
VERIFY_CHECK(rlen-len+i < rlen);
|
VERIFY_CHECK(rlen-len+i < rlen);
|
||||||
VERIFY_CHECK(tmp[i] >= 0);
|
|
||||||
VERIFY_CHECK(tmp[i] < 16);
|
VERIFY_CHECK(tmp[i] < 16);
|
||||||
r[rlen-len+i] = cvt[tmp[i]];
|
r[rlen-len+i] = cvt[tmp[i]];
|
||||||
}
|
}
|
||||||
|
@ -326,7 +326,7 @@ void static secp256k1_num_get_hex(char *r, int rlen, const secp256k1_num_t *a) {
|
||||||
free(tmp);
|
free(tmp);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_num_split(secp256k1_num_t *rl, secp256k1_num_t *rh, const secp256k1_num_t *a, int bits) {
|
static void secp256k1_num_split(secp256k1_num_t *rl, secp256k1_num_t *rh, const secp256k1_num_t *a, int bits) {
|
||||||
VERIFY_CHECK(bits > 0);
|
VERIFY_CHECK(bits > 0);
|
||||||
rh->neg = a->neg;
|
rh->neg = a->neg;
|
||||||
if (bits >= a->limbs * GMP_NUMB_BITS) {
|
if (bits >= a->limbs * GMP_NUMB_BITS) {
|
||||||
|
@ -358,11 +358,11 @@ void static secp256k1_num_split(secp256k1_num_t *rl, secp256k1_num_t *rh, const
|
||||||
while (rl->limbs>1 && rl->data[rl->limbs-1]==0) rl->limbs--;
|
while (rl->limbs>1 && rl->data[rl->limbs-1]==0) rl->limbs--;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_num_negate(secp256k1_num_t *r) {
|
static void secp256k1_num_negate(secp256k1_num_t *r) {
|
||||||
r->neg ^= 1;
|
r->neg ^= 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_num_get_bits(const secp256k1_num_t *a, int offset, int count) {
|
static int secp256k1_num_get_bits(const secp256k1_num_t *a, int offset, int count) {
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
for (int i = 0; i < count; i++) {
|
for (int i = 0; i < count; i++) {
|
||||||
ret |= ((a->data[(offset + i) / GMP_NUMB_BITS] >> ((offset + i) % GMP_NUMB_BITS)) & 1) << i;
|
ret |= ((a->data[(offset + i) / GMP_NUMB_BITS] >> ((offset + i) % GMP_NUMB_BITS)) & 1) << i;
|
||||||
|
|
26
src/scalar.h
26
src/scalar.h
|
@ -20,42 +20,42 @@
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/** Clear a scalar to prevent the leak of sensitive data. */
|
/** Clear a scalar to prevent the leak of sensitive data. */
|
||||||
void static secp256k1_scalar_clear(secp256k1_scalar_t *r);
|
static void secp256k1_scalar_clear(secp256k1_scalar_t *r);
|
||||||
|
|
||||||
/** Access bits from a scalar. */
|
/** Access bits from a scalar. */
|
||||||
int static secp256k1_scalar_get_bits(const secp256k1_scalar_t *a, int offset, int count);
|
static int secp256k1_scalar_get_bits(const secp256k1_scalar_t *a, int offset, int count);
|
||||||
|
|
||||||
/** Set a scalar from a big endian byte array. */
|
/** Set a scalar from a big endian byte array. */
|
||||||
void static secp256k1_scalar_set_b32(secp256k1_scalar_t *r, const unsigned char *bin, int *overflow);
|
static void secp256k1_scalar_set_b32(secp256k1_scalar_t *r, const unsigned char *bin, int *overflow);
|
||||||
|
|
||||||
/** Convert a scalar to a byte array. */
|
/** Convert a scalar to a byte array. */
|
||||||
void static secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar_t* a);
|
static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar_t* a);
|
||||||
|
|
||||||
/** Add two scalars together (modulo the group order). */
|
/** Add two scalars together (modulo the group order). */
|
||||||
void static secp256k1_scalar_add(secp256k1_scalar_t *r, const secp256k1_scalar_t *a, const secp256k1_scalar_t *b);
|
static void secp256k1_scalar_add(secp256k1_scalar_t *r, const secp256k1_scalar_t *a, const secp256k1_scalar_t *b);
|
||||||
|
|
||||||
/** Multiply two scalars (modulo the group order). */
|
/** Multiply two scalars (modulo the group order). */
|
||||||
void static secp256k1_scalar_mul(secp256k1_scalar_t *r, const secp256k1_scalar_t *a, const secp256k1_scalar_t *b);
|
static void secp256k1_scalar_mul(secp256k1_scalar_t *r, const secp256k1_scalar_t *a, const secp256k1_scalar_t *b);
|
||||||
|
|
||||||
/** Compute the square of a scalar (modulo the group order). */
|
/** Compute the square of a scalar (modulo the group order). */
|
||||||
void static secp256k1_scalar_sqr(secp256k1_scalar_t *r, const secp256k1_scalar_t *a);
|
static void secp256k1_scalar_sqr(secp256k1_scalar_t *r, const secp256k1_scalar_t *a);
|
||||||
|
|
||||||
/** Compute the inverse of a scalar (modulo the group order). */
|
/** Compute the inverse of a scalar (modulo the group order). */
|
||||||
void static secp256k1_scalar_inverse(secp256k1_scalar_t *r, const secp256k1_scalar_t *a);
|
static void secp256k1_scalar_inverse(secp256k1_scalar_t *r, const secp256k1_scalar_t *a);
|
||||||
|
|
||||||
/** Compute the complement of a scalar (modulo the group order). */
|
/** Compute the complement of a scalar (modulo the group order). */
|
||||||
void static secp256k1_scalar_negate(secp256k1_scalar_t *r, const secp256k1_scalar_t *a);
|
static void secp256k1_scalar_negate(secp256k1_scalar_t *r, const secp256k1_scalar_t *a);
|
||||||
|
|
||||||
/** Check whether a scalar equals zero. */
|
/** Check whether a scalar equals zero. */
|
||||||
int static secp256k1_scalar_is_zero(const secp256k1_scalar_t *a);
|
static int secp256k1_scalar_is_zero(const secp256k1_scalar_t *a);
|
||||||
|
|
||||||
/** Check whether a scalar equals one. */
|
/** Check whether a scalar equals one. */
|
||||||
int static secp256k1_scalar_is_one(const secp256k1_scalar_t *a);
|
static int secp256k1_scalar_is_one(const secp256k1_scalar_t *a);
|
||||||
|
|
||||||
/** Check whether a scalar is higher than the group order divided by 2. */
|
/** Check whether a scalar is higher than the group order divided by 2. */
|
||||||
int static secp256k1_scalar_is_high(const secp256k1_scalar_t *a);
|
static int secp256k1_scalar_is_high(const secp256k1_scalar_t *a);
|
||||||
|
|
||||||
/** Convert a scalar to a number. */
|
/** Convert a scalar to a number. */
|
||||||
void static secp256k1_scalar_get_num(secp256k1_num_t *r, const secp256k1_scalar_t *a);
|
static void secp256k1_scalar_get_num(secp256k1_num_t *r, const secp256k1_scalar_t *a);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -24,19 +24,19 @@ typedef unsigned __int128 uint128_t;
|
||||||
#define SECP256K1_N_H_2 ((uint64_t)0xFFFFFFFFFFFFFFFFULL)
|
#define SECP256K1_N_H_2 ((uint64_t)0xFFFFFFFFFFFFFFFFULL)
|
||||||
#define SECP256K1_N_H_3 ((uint64_t)0x7FFFFFFFFFFFFFFFULL)
|
#define SECP256K1_N_H_3 ((uint64_t)0x7FFFFFFFFFFFFFFFULL)
|
||||||
|
|
||||||
void static inline secp256k1_scalar_clear(secp256k1_scalar_t *r) {
|
SECP256K1_INLINE static void secp256k1_scalar_clear(secp256k1_scalar_t *r) {
|
||||||
r->d[0] = 0;
|
r->d[0] = 0;
|
||||||
r->d[1] = 0;
|
r->d[1] = 0;
|
||||||
r->d[2] = 0;
|
r->d[2] = 0;
|
||||||
r->d[3] = 0;
|
r->d[3] = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static inline secp256k1_scalar_get_bits(const secp256k1_scalar_t *a, int offset, int count) {
|
SECP256K1_INLINE static int secp256k1_scalar_get_bits(const secp256k1_scalar_t *a, int offset, int count) {
|
||||||
VERIFY_CHECK((offset + count - 1) / 64 == offset / 64);
|
VERIFY_CHECK((offset + count - 1) / 64 == offset / 64);
|
||||||
return (a->d[offset / 64] >> (offset % 64)) & ((((uint64_t)1) << count) - 1);
|
return (a->d[offset / 64] >> (offset % 64)) & ((((uint64_t)1) << count) - 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
int static inline secp256k1_scalar_check_overflow(const secp256k1_scalar_t *a) {
|
SECP256K1_INLINE static int secp256k1_scalar_check_overflow(const secp256k1_scalar_t *a) {
|
||||||
int yes = 0;
|
int yes = 0;
|
||||||
int no = 0;
|
int no = 0;
|
||||||
no |= (a->d[3] < SECP256K1_N_3); // No need for a > check.
|
no |= (a->d[3] < SECP256K1_N_3); // No need for a > check.
|
||||||
|
@ -48,7 +48,7 @@ int static inline secp256k1_scalar_check_overflow(const secp256k1_scalar_t *a) {
|
||||||
return yes;
|
return yes;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static inline secp256k1_scalar_reduce(secp256k1_scalar_t *r, unsigned int overflow) {
|
SECP256K1_INLINE static int secp256k1_scalar_reduce(secp256k1_scalar_t *r, unsigned int overflow) {
|
||||||
VERIFY_CHECK(overflow <= 1);
|
VERIFY_CHECK(overflow <= 1);
|
||||||
uint128_t t = (uint128_t)r->d[0] + overflow * SECP256K1_N_C_0;
|
uint128_t t = (uint128_t)r->d[0] + overflow * SECP256K1_N_C_0;
|
||||||
r->d[0] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64;
|
r->d[0] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64;
|
||||||
|
@ -61,7 +61,7 @@ int static inline secp256k1_scalar_reduce(secp256k1_scalar_t *r, unsigned int ov
|
||||||
return overflow;
|
return overflow;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_scalar_add(secp256k1_scalar_t *r, const secp256k1_scalar_t *a, const secp256k1_scalar_t *b) {
|
static void secp256k1_scalar_add(secp256k1_scalar_t *r, const secp256k1_scalar_t *a, const secp256k1_scalar_t *b) {
|
||||||
uint128_t t = (uint128_t)a->d[0] + b->d[0];
|
uint128_t t = (uint128_t)a->d[0] + b->d[0];
|
||||||
r->d[0] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64;
|
r->d[0] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64;
|
||||||
t += (uint128_t)a->d[1] + b->d[1];
|
t += (uint128_t)a->d[1] + b->d[1];
|
||||||
|
@ -73,7 +73,7 @@ void static secp256k1_scalar_add(secp256k1_scalar_t *r, const secp256k1_scalar_t
|
||||||
secp256k1_scalar_reduce(r, t + secp256k1_scalar_check_overflow(r));
|
secp256k1_scalar_reduce(r, t + secp256k1_scalar_check_overflow(r));
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_scalar_set_b32(secp256k1_scalar_t *r, const unsigned char *b32, int *overflow) {
|
static void secp256k1_scalar_set_b32(secp256k1_scalar_t *r, const unsigned char *b32, int *overflow) {
|
||||||
r->d[0] = (uint64_t)b32[31] | (uint64_t)b32[30] << 8 | (uint64_t)b32[29] << 16 | (uint64_t)b32[28] << 24 | (uint64_t)b32[27] << 32 | (uint64_t)b32[26] << 40 | (uint64_t)b32[25] << 48 | (uint64_t)b32[24] << 56;
|
r->d[0] = (uint64_t)b32[31] | (uint64_t)b32[30] << 8 | (uint64_t)b32[29] << 16 | (uint64_t)b32[28] << 24 | (uint64_t)b32[27] << 32 | (uint64_t)b32[26] << 40 | (uint64_t)b32[25] << 48 | (uint64_t)b32[24] << 56;
|
||||||
r->d[1] = (uint64_t)b32[23] | (uint64_t)b32[22] << 8 | (uint64_t)b32[21] << 16 | (uint64_t)b32[20] << 24 | (uint64_t)b32[19] << 32 | (uint64_t)b32[18] << 40 | (uint64_t)b32[17] << 48 | (uint64_t)b32[16] << 56;
|
r->d[1] = (uint64_t)b32[23] | (uint64_t)b32[22] << 8 | (uint64_t)b32[21] << 16 | (uint64_t)b32[20] << 24 | (uint64_t)b32[19] << 32 | (uint64_t)b32[18] << 40 | (uint64_t)b32[17] << 48 | (uint64_t)b32[16] << 56;
|
||||||
r->d[2] = (uint64_t)b32[15] | (uint64_t)b32[14] << 8 | (uint64_t)b32[13] << 16 | (uint64_t)b32[12] << 24 | (uint64_t)b32[11] << 32 | (uint64_t)b32[10] << 40 | (uint64_t)b32[9] << 48 | (uint64_t)b32[8] << 56;
|
r->d[2] = (uint64_t)b32[15] | (uint64_t)b32[14] << 8 | (uint64_t)b32[13] << 16 | (uint64_t)b32[12] << 24 | (uint64_t)b32[11] << 32 | (uint64_t)b32[10] << 40 | (uint64_t)b32[9] << 48 | (uint64_t)b32[8] << 56;
|
||||||
|
@ -84,18 +84,18 @@ void static secp256k1_scalar_set_b32(secp256k1_scalar_t *r, const unsigned char
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar_t* a) {
|
static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar_t* a) {
|
||||||
bin[0] = a->d[3] >> 56; bin[1] = a->d[3] >> 48; bin[2] = a->d[3] >> 40; bin[3] = a->d[3] >> 32; bin[4] = a->d[3] >> 24; bin[5] = a->d[3] >> 16; bin[6] = a->d[3] >> 8; bin[7] = a->d[3];
|
bin[0] = a->d[3] >> 56; bin[1] = a->d[3] >> 48; bin[2] = a->d[3] >> 40; bin[3] = a->d[3] >> 32; bin[4] = a->d[3] >> 24; bin[5] = a->d[3] >> 16; bin[6] = a->d[3] >> 8; bin[7] = a->d[3];
|
||||||
bin[8] = a->d[2] >> 56; bin[9] = a->d[2] >> 48; bin[10] = a->d[2] >> 40; bin[11] = a->d[2] >> 32; bin[12] = a->d[2] >> 24; bin[13] = a->d[2] >> 16; bin[14] = a->d[2] >> 8; bin[15] = a->d[2];
|
bin[8] = a->d[2] >> 56; bin[9] = a->d[2] >> 48; bin[10] = a->d[2] >> 40; bin[11] = a->d[2] >> 32; bin[12] = a->d[2] >> 24; bin[13] = a->d[2] >> 16; bin[14] = a->d[2] >> 8; bin[15] = a->d[2];
|
||||||
bin[16] = a->d[1] >> 56; bin[17] = a->d[1] >> 48; bin[18] = a->d[1] >> 40; bin[19] = a->d[1] >> 32; bin[20] = a->d[1] >> 24; bin[21] = a->d[1] >> 16; bin[22] = a->d[1] >> 8; bin[23] = a->d[1];
|
bin[16] = a->d[1] >> 56; bin[17] = a->d[1] >> 48; bin[18] = a->d[1] >> 40; bin[19] = a->d[1] >> 32; bin[20] = a->d[1] >> 24; bin[21] = a->d[1] >> 16; bin[22] = a->d[1] >> 8; bin[23] = a->d[1];
|
||||||
bin[24] = a->d[0] >> 56; bin[25] = a->d[0] >> 48; bin[26] = a->d[0] >> 40; bin[27] = a->d[0] >> 32; bin[28] = a->d[0] >> 24; bin[29] = a->d[0] >> 16; bin[30] = a->d[0] >> 8; bin[31] = a->d[0];
|
bin[24] = a->d[0] >> 56; bin[25] = a->d[0] >> 48; bin[26] = a->d[0] >> 40; bin[27] = a->d[0] >> 32; bin[28] = a->d[0] >> 24; bin[29] = a->d[0] >> 16; bin[30] = a->d[0] >> 8; bin[31] = a->d[0];
|
||||||
}
|
}
|
||||||
|
|
||||||
int static inline secp256k1_scalar_is_zero(const secp256k1_scalar_t *a) {
|
SECP256K1_INLINE static int secp256k1_scalar_is_zero(const secp256k1_scalar_t *a) {
|
||||||
return (a->d[0] | a->d[1] | a->d[2] | a->d[3]) == 0;
|
return (a->d[0] | a->d[1] | a->d[2] | a->d[3]) == 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_scalar_negate(secp256k1_scalar_t *r, const secp256k1_scalar_t *a) {
|
static void secp256k1_scalar_negate(secp256k1_scalar_t *r, const secp256k1_scalar_t *a) {
|
||||||
uint64_t nonzero = 0xFFFFFFFFFFFFFFFFULL * (secp256k1_scalar_is_zero(a) == 0);
|
uint64_t nonzero = 0xFFFFFFFFFFFFFFFFULL * (secp256k1_scalar_is_zero(a) == 0);
|
||||||
uint128_t t = (uint128_t)(~a->d[0]) + SECP256K1_N_0 + 1;
|
uint128_t t = (uint128_t)(~a->d[0]) + SECP256K1_N_0 + 1;
|
||||||
r->d[0] = t & nonzero; t >>= 64;
|
r->d[0] = t & nonzero; t >>= 64;
|
||||||
|
@ -107,11 +107,11 @@ void static secp256k1_scalar_negate(secp256k1_scalar_t *r, const secp256k1_scala
|
||||||
r->d[3] = t & nonzero;
|
r->d[3] = t & nonzero;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static inline secp256k1_scalar_is_one(const secp256k1_scalar_t *a) {
|
SECP256K1_INLINE static int secp256k1_scalar_is_one(const secp256k1_scalar_t *a) {
|
||||||
return ((a->d[0] ^ 1) | a->d[1] | a->d[2] | a->d[3]) == 0;
|
return ((a->d[0] ^ 1) | a->d[1] | a->d[2] | a->d[3]) == 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_scalar_is_high(const secp256k1_scalar_t *a) {
|
static int secp256k1_scalar_is_high(const secp256k1_scalar_t *a) {
|
||||||
int yes = 0;
|
int yes = 0;
|
||||||
int no = 0;
|
int no = 0;
|
||||||
no |= (a->d[3] < SECP256K1_N_H_3);
|
no |= (a->d[3] < SECP256K1_N_H_3);
|
||||||
|
@ -179,7 +179,7 @@ int static secp256k1_scalar_is_high(const secp256k1_scalar_t *a) {
|
||||||
/** Add a to the number defined by (c0,c1,c2). c2 must never overflow. */
|
/** Add a to the number defined by (c0,c1,c2). c2 must never overflow. */
|
||||||
#define sumadd(a) { \
|
#define sumadd(a) { \
|
||||||
c0 += (a); /* overflow is handled on the next line */ \
|
c0 += (a); /* overflow is handled on the next line */ \
|
||||||
int over = (c0 < (a)) ? 1 : 0; \
|
unsigned int over = (c0 < (a)) ? 1 : 0; \
|
||||||
c1 += over; /* overflow is handled on the next line */ \
|
c1 += over; /* overflow is handled on the next line */ \
|
||||||
c2 += (c1 < over) ? 1 : 0; /* never overflows by contract */ \
|
c2 += (c1 < over) ? 1 : 0; /* never overflows by contract */ \
|
||||||
}
|
}
|
||||||
|
@ -208,7 +208,7 @@ int static secp256k1_scalar_is_high(const secp256k1_scalar_t *a) {
|
||||||
VERIFY_CHECK(c2 == 0); \
|
VERIFY_CHECK(c2 == 0); \
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_scalar_reduce_512(secp256k1_scalar_t *r, const uint64_t *l) {
|
static void secp256k1_scalar_reduce_512(secp256k1_scalar_t *r, const uint64_t *l) {
|
||||||
uint64_t n0 = l[4], n1 = l[5], n2 = l[6], n3 = l[7];
|
uint64_t n0 = l[4], n1 = l[5], n2 = l[6], n3 = l[7];
|
||||||
|
|
||||||
// 160 bit accumulator.
|
// 160 bit accumulator.
|
||||||
|
@ -278,7 +278,7 @@ void static secp256k1_scalar_reduce_512(secp256k1_scalar_t *r, const uint64_t *l
|
||||||
secp256k1_scalar_reduce(r, c + secp256k1_scalar_check_overflow(r));
|
secp256k1_scalar_reduce(r, c + secp256k1_scalar_check_overflow(r));
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_scalar_mul(secp256k1_scalar_t *r, const secp256k1_scalar_t *a, const secp256k1_scalar_t *b) {
|
static void secp256k1_scalar_mul(secp256k1_scalar_t *r, const secp256k1_scalar_t *a, const secp256k1_scalar_t *b) {
|
||||||
// 160 bit accumulator.
|
// 160 bit accumulator.
|
||||||
uint64_t c0 = 0, c1 = 0;
|
uint64_t c0 = 0, c1 = 0;
|
||||||
uint32_t c2 = 0;
|
uint32_t c2 = 0;
|
||||||
|
@ -315,7 +315,7 @@ void static secp256k1_scalar_mul(secp256k1_scalar_t *r, const secp256k1_scalar_t
|
||||||
secp256k1_scalar_reduce_512(r, l);
|
secp256k1_scalar_reduce_512(r, l);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_scalar_sqr(secp256k1_scalar_t *r, const secp256k1_scalar_t *a) {
|
static void secp256k1_scalar_sqr(secp256k1_scalar_t *r, const secp256k1_scalar_t *a) {
|
||||||
// 160 bit accumulator.
|
// 160 bit accumulator.
|
||||||
uint64_t c0 = 0, c1 = 0;
|
uint64_t c0 = 0, c1 = 0;
|
||||||
uint32_t c2 = 0;
|
uint32_t c2 = 0;
|
||||||
|
|
|
@ -32,7 +32,7 @@
|
||||||
#define SECP256K1_N_H_6 ((uint32_t)0xFFFFFFFFUL)
|
#define SECP256K1_N_H_6 ((uint32_t)0xFFFFFFFFUL)
|
||||||
#define SECP256K1_N_H_7 ((uint32_t)0x7FFFFFFFUL)
|
#define SECP256K1_N_H_7 ((uint32_t)0x7FFFFFFFUL)
|
||||||
|
|
||||||
void static inline secp256k1_scalar_clear(secp256k1_scalar_t *r) {
|
SECP256K1_INLINE static void secp256k1_scalar_clear(secp256k1_scalar_t *r) {
|
||||||
r->d[0] = 0;
|
r->d[0] = 0;
|
||||||
r->d[1] = 0;
|
r->d[1] = 0;
|
||||||
r->d[2] = 0;
|
r->d[2] = 0;
|
||||||
|
@ -43,12 +43,12 @@ void static inline secp256k1_scalar_clear(secp256k1_scalar_t *r) {
|
||||||
r->d[7] = 0;
|
r->d[7] = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static inline secp256k1_scalar_get_bits(const secp256k1_scalar_t *a, int offset, int count) {
|
SECP256K1_INLINE static int secp256k1_scalar_get_bits(const secp256k1_scalar_t *a, int offset, int count) {
|
||||||
VERIFY_CHECK((offset + count - 1) / 32 == offset / 32);
|
VERIFY_CHECK((offset + count - 1) / 32 == offset / 32);
|
||||||
return (a->d[offset / 32] >> (offset % 32)) & ((1 << count) - 1);
|
return (a->d[offset / 32] >> (offset % 32)) & ((1 << count) - 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
int static inline secp256k1_scalar_check_overflow(const secp256k1_scalar_t *a) {
|
SECP256K1_INLINE static int secp256k1_scalar_check_overflow(const secp256k1_scalar_t *a) {
|
||||||
int yes = 0;
|
int yes = 0;
|
||||||
int no = 0;
|
int no = 0;
|
||||||
no |= (a->d[7] < SECP256K1_N_7); // No need for a > check.
|
no |= (a->d[7] < SECP256K1_N_7); // No need for a > check.
|
||||||
|
@ -66,7 +66,7 @@ int static inline secp256k1_scalar_check_overflow(const secp256k1_scalar_t *a) {
|
||||||
return yes;
|
return yes;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static inline secp256k1_scalar_reduce(secp256k1_scalar_t *r, uint32_t overflow) {
|
SECP256K1_INLINE static int secp256k1_scalar_reduce(secp256k1_scalar_t *r, uint32_t overflow) {
|
||||||
VERIFY_CHECK(overflow <= 1);
|
VERIFY_CHECK(overflow <= 1);
|
||||||
uint64_t t = (uint64_t)r->d[0] + overflow * SECP256K1_N_C_0;
|
uint64_t t = (uint64_t)r->d[0] + overflow * SECP256K1_N_C_0;
|
||||||
r->d[0] = t & 0xFFFFFFFFUL; t >>= 32;
|
r->d[0] = t & 0xFFFFFFFFUL; t >>= 32;
|
||||||
|
@ -87,7 +87,7 @@ int static inline secp256k1_scalar_reduce(secp256k1_scalar_t *r, uint32_t overfl
|
||||||
return overflow;
|
return overflow;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_scalar_add(secp256k1_scalar_t *r, const secp256k1_scalar_t *a, const secp256k1_scalar_t *b) {
|
static void secp256k1_scalar_add(secp256k1_scalar_t *r, const secp256k1_scalar_t *a, const secp256k1_scalar_t *b) {
|
||||||
uint64_t t = (uint64_t)a->d[0] + b->d[0];
|
uint64_t t = (uint64_t)a->d[0] + b->d[0];
|
||||||
r->d[0] = t & 0xFFFFFFFFULL; t >>= 32;
|
r->d[0] = t & 0xFFFFFFFFULL; t >>= 32;
|
||||||
t += (uint64_t)a->d[1] + b->d[1];
|
t += (uint64_t)a->d[1] + b->d[1];
|
||||||
|
@ -107,7 +107,7 @@ void static secp256k1_scalar_add(secp256k1_scalar_t *r, const secp256k1_scalar_t
|
||||||
secp256k1_scalar_reduce(r, t + secp256k1_scalar_check_overflow(r));
|
secp256k1_scalar_reduce(r, t + secp256k1_scalar_check_overflow(r));
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_scalar_set_b32(secp256k1_scalar_t *r, const unsigned char *b32, int *overflow) {
|
static void secp256k1_scalar_set_b32(secp256k1_scalar_t *r, const unsigned char *b32, int *overflow) {
|
||||||
r->d[0] = (uint32_t)b32[31] | (uint32_t)b32[30] << 8 | (uint32_t)b32[29] << 16 | (uint32_t)b32[28] << 24;
|
r->d[0] = (uint32_t)b32[31] | (uint32_t)b32[30] << 8 | (uint32_t)b32[29] << 16 | (uint32_t)b32[28] << 24;
|
||||||
r->d[1] = (uint32_t)b32[27] | (uint32_t)b32[26] << 8 | (uint32_t)b32[25] << 16 | (uint32_t)b32[24] << 24;
|
r->d[1] = (uint32_t)b32[27] | (uint32_t)b32[26] << 8 | (uint32_t)b32[25] << 16 | (uint32_t)b32[24] << 24;
|
||||||
r->d[2] = (uint32_t)b32[23] | (uint32_t)b32[22] << 8 | (uint32_t)b32[21] << 16 | (uint32_t)b32[20] << 24;
|
r->d[2] = (uint32_t)b32[23] | (uint32_t)b32[22] << 8 | (uint32_t)b32[21] << 16 | (uint32_t)b32[20] << 24;
|
||||||
|
@ -122,7 +122,7 @@ void static secp256k1_scalar_set_b32(secp256k1_scalar_t *r, const unsigned char
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar_t* a) {
|
static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar_t* a) {
|
||||||
bin[0] = a->d[7] >> 24; bin[1] = a->d[7] >> 16; bin[2] = a->d[7] >> 8; bin[3] = a->d[7];
|
bin[0] = a->d[7] >> 24; bin[1] = a->d[7] >> 16; bin[2] = a->d[7] >> 8; bin[3] = a->d[7];
|
||||||
bin[4] = a->d[6] >> 24; bin[5] = a->d[6] >> 16; bin[6] = a->d[6] >> 8; bin[7] = a->d[6];
|
bin[4] = a->d[6] >> 24; bin[5] = a->d[6] >> 16; bin[6] = a->d[6] >> 8; bin[7] = a->d[6];
|
||||||
bin[8] = a->d[5] >> 24; bin[9] = a->d[5] >> 16; bin[10] = a->d[5] >> 8; bin[11] = a->d[5];
|
bin[8] = a->d[5] >> 24; bin[9] = a->d[5] >> 16; bin[10] = a->d[5] >> 8; bin[11] = a->d[5];
|
||||||
|
@ -133,11 +133,11 @@ void static secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar_
|
||||||
bin[28] = a->d[0] >> 24; bin[29] = a->d[0] >> 16; bin[30] = a->d[0] >> 8; bin[31] = a->d[0];
|
bin[28] = a->d[0] >> 24; bin[29] = a->d[0] >> 16; bin[30] = a->d[0] >> 8; bin[31] = a->d[0];
|
||||||
}
|
}
|
||||||
|
|
||||||
int static inline secp256k1_scalar_is_zero(const secp256k1_scalar_t *a) {
|
SECP256K1_INLINE static int secp256k1_scalar_is_zero(const secp256k1_scalar_t *a) {
|
||||||
return (a->d[0] | a->d[1] | a->d[2] | a->d[3] | a->d[4] | a->d[5] | a->d[6] | a->d[7]) == 0;
|
return (a->d[0] | a->d[1] | a->d[2] | a->d[3] | a->d[4] | a->d[5] | a->d[6] | a->d[7]) == 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_scalar_negate(secp256k1_scalar_t *r, const secp256k1_scalar_t *a) {
|
static void secp256k1_scalar_negate(secp256k1_scalar_t *r, const secp256k1_scalar_t *a) {
|
||||||
uint32_t nonzero = 0xFFFFFFFFUL * (secp256k1_scalar_is_zero(a) == 0);
|
uint32_t nonzero = 0xFFFFFFFFUL * (secp256k1_scalar_is_zero(a) == 0);
|
||||||
uint64_t t = (uint64_t)(~a->d[0]) + SECP256K1_N_0 + 1;
|
uint64_t t = (uint64_t)(~a->d[0]) + SECP256K1_N_0 + 1;
|
||||||
r->d[0] = t & nonzero; t >>= 32;
|
r->d[0] = t & nonzero; t >>= 32;
|
||||||
|
@ -157,11 +157,11 @@ void static secp256k1_scalar_negate(secp256k1_scalar_t *r, const secp256k1_scala
|
||||||
r->d[7] = t & nonzero;
|
r->d[7] = t & nonzero;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static inline secp256k1_scalar_is_one(const secp256k1_scalar_t *a) {
|
SECP256K1_INLINE static int secp256k1_scalar_is_one(const secp256k1_scalar_t *a) {
|
||||||
return ((a->d[0] ^ 1) | a->d[1] | a->d[2] | a->d[3] | a->d[4] | a->d[5] | a->d[6] | a->d[7]) == 0;
|
return ((a->d[0] ^ 1) | a->d[1] | a->d[2] | a->d[3] | a->d[4] | a->d[5] | a->d[6] | a->d[7]) == 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_scalar_is_high(const secp256k1_scalar_t *a) {
|
static int secp256k1_scalar_is_high(const secp256k1_scalar_t *a) {
|
||||||
int yes = 0;
|
int yes = 0;
|
||||||
int no = 0;
|
int no = 0;
|
||||||
no |= (a->d[7] < SECP256K1_N_H_7);
|
no |= (a->d[7] < SECP256K1_N_H_7);
|
||||||
|
@ -235,7 +235,7 @@ int static secp256k1_scalar_is_high(const secp256k1_scalar_t *a) {
|
||||||
/** Add a to the number defined by (c0,c1,c2). c2 must never overflow. */
|
/** Add a to the number defined by (c0,c1,c2). c2 must never overflow. */
|
||||||
#define sumadd(a) { \
|
#define sumadd(a) { \
|
||||||
c0 += (a); /* overflow is handled on the next line */ \
|
c0 += (a); /* overflow is handled on the next line */ \
|
||||||
int over = (c0 < (a)) ? 1 : 0; \
|
unsigned int over = (c0 < (a)) ? 1 : 0; \
|
||||||
c1 += over; /* overflow is handled on the next line */ \
|
c1 += over; /* overflow is handled on the next line */ \
|
||||||
c2 += (c1 < over) ? 1 : 0; /* never overflows by contract */ \
|
c2 += (c1 < over) ? 1 : 0; /* never overflows by contract */ \
|
||||||
}
|
}
|
||||||
|
@ -264,7 +264,7 @@ int static secp256k1_scalar_is_high(const secp256k1_scalar_t *a) {
|
||||||
VERIFY_CHECK(c2 == 0); \
|
VERIFY_CHECK(c2 == 0); \
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_scalar_reduce_512(secp256k1_scalar_t *r, const uint32_t *l) {
|
static void secp256k1_scalar_reduce_512(secp256k1_scalar_t *r, const uint32_t *l) {
|
||||||
uint32_t n0 = l[8], n1 = l[9], n2 = l[10], n3 = l[11], n4 = l[12], n5 = l[13], n6 = l[14], n7 = l[15];
|
uint32_t n0 = l[8], n1 = l[9], n2 = l[10], n3 = l[11], n4 = l[12], n5 = l[13], n6 = l[14], n7 = l[15];
|
||||||
|
|
||||||
// 96 bit accumulator.
|
// 96 bit accumulator.
|
||||||
|
@ -403,7 +403,7 @@ void static secp256k1_scalar_reduce_512(secp256k1_scalar_t *r, const uint32_t *l
|
||||||
secp256k1_scalar_reduce(r, c + secp256k1_scalar_check_overflow(r));
|
secp256k1_scalar_reduce(r, c + secp256k1_scalar_check_overflow(r));
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_scalar_mul(secp256k1_scalar_t *r, const secp256k1_scalar_t *a, const secp256k1_scalar_t *b) {
|
static void secp256k1_scalar_mul(secp256k1_scalar_t *r, const secp256k1_scalar_t *a, const secp256k1_scalar_t *b) {
|
||||||
// 96 bit accumulator.
|
// 96 bit accumulator.
|
||||||
uint32_t c0 = 0, c1 = 0, c2 = 0;
|
uint32_t c0 = 0, c1 = 0, c2 = 0;
|
||||||
|
|
||||||
|
@ -495,7 +495,7 @@ void static secp256k1_scalar_mul(secp256k1_scalar_t *r, const secp256k1_scalar_t
|
||||||
secp256k1_scalar_reduce_512(r, l);
|
secp256k1_scalar_reduce_512(r, l);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_scalar_sqr(secp256k1_scalar_t *r, const secp256k1_scalar_t *a) {
|
static void secp256k1_scalar_sqr(secp256k1_scalar_t *r, const secp256k1_scalar_t *a) {
|
||||||
// 96 bit accumulator.
|
// 96 bit accumulator.
|
||||||
uint32_t c0 = 0, c1 = 0, c2 = 0;
|
uint32_t c0 = 0, c1 = 0, c2 = 0;
|
||||||
|
|
||||||
|
|
|
@ -21,14 +21,14 @@
|
||||||
#error "Please select scalar implementation"
|
#error "Please select scalar implementation"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
void static secp256k1_scalar_get_num(secp256k1_num_t *r, const secp256k1_scalar_t *a) {
|
static void secp256k1_scalar_get_num(secp256k1_num_t *r, const secp256k1_scalar_t *a) {
|
||||||
unsigned char c[32];
|
unsigned char c[32];
|
||||||
secp256k1_scalar_get_b32(c, a);
|
secp256k1_scalar_get_b32(c, a);
|
||||||
secp256k1_num_set_bin(r, c, 32);
|
secp256k1_num_set_bin(r, c, 32);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void static secp256k1_scalar_inverse(secp256k1_scalar_t *r, const secp256k1_scalar_t *x) {
|
static void secp256k1_scalar_inverse(secp256k1_scalar_t *r, const secp256k1_scalar_t *x) {
|
||||||
// First compute x ^ (2^N - 1) for some values of N.
|
// First compute x ^ (2^N - 1) for some values of N.
|
||||||
secp256k1_scalar_t x2, x3, x4, x6, x7, x8, x15, x30, x60, x120, x127;
|
secp256k1_scalar_t x2, x3, x4, x6, x7, x8, x15, x30, x60, x120, x127;
|
||||||
|
|
||||||
|
|
24
src/testrand.h
Normal file
24
src/testrand.h
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
// Copyright (c) 2013 Pieter Wuille
|
||||||
|
// Distributed under the MIT/X11 software license, see the accompanying
|
||||||
|
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
||||||
|
|
||||||
|
#ifndef _SECP256K1_TESTRAND_H_
|
||||||
|
#define _SECP256K1_TESTRAND_H_
|
||||||
|
|
||||||
|
#if defined HAVE_CONFIG_H
|
||||||
|
#include "libsecp256k1-config.h"
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/** Seed the pseudorandom number generator. */
|
||||||
|
SECP256K1_INLINE static void secp256k1_rand_seed(uint64_t v);
|
||||||
|
|
||||||
|
/** Generate a pseudorandom 32-bit number. */
|
||||||
|
static uint32_t secp256k1_rand32(void);
|
||||||
|
|
||||||
|
/** Generate a pseudorandom 32-byte array. */
|
||||||
|
static void secp256k1_rand256(unsigned char *b32);
|
||||||
|
|
||||||
|
/** Generate a pseudorandom 32-byte array with long sequences of zero and one bits. */
|
||||||
|
static void secp256k1_rand256_test(unsigned char *b32);
|
||||||
|
|
||||||
|
#endif
|
|
@ -2,17 +2,17 @@
|
||||||
// Distributed under the MIT/X11 software license, see the accompanying
|
// Distributed under the MIT/X11 software license, see the accompanying
|
||||||
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
||||||
|
|
||||||
#ifndef _SECP256K1_UTIL_IMPL_H_
|
#ifndef _SECP256K1_TESTRAND_IMPL_H_
|
||||||
#define _SECP256K1_UTIL_IMPL_H_
|
#define _SECP256K1_TESTRAND_IMPL_H_
|
||||||
|
|
||||||
#include <stdint.h>
|
#include <stdint.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
#include "util.h"
|
#include "testrand.h"
|
||||||
|
|
||||||
static uint32_t secp256k1_Rz = 11, secp256k1_Rw = 11;
|
static uint32_t secp256k1_Rz = 11, secp256k1_Rw = 11;
|
||||||
|
|
||||||
static inline void secp256k1_rand_seed(uint64_t v) {
|
SECP256K1_INLINE static void secp256k1_rand_seed(uint64_t v) {
|
||||||
secp256k1_Rz = v >> 32;
|
secp256k1_Rz = v >> 32;
|
||||||
secp256k1_Rw = v;
|
secp256k1_Rw = v;
|
||||||
|
|
||||||
|
@ -24,7 +24,7 @@ static inline void secp256k1_rand_seed(uint64_t v) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline uint32_t secp256k1_rand32(void) {
|
SECP256K1_INLINE static uint32_t secp256k1_rand32(void) {
|
||||||
secp256k1_Rz = 36969 * (secp256k1_Rz & 0xFFFF) + (secp256k1_Rz >> 16);
|
secp256k1_Rz = 36969 * (secp256k1_Rz & 0xFFFF) + (secp256k1_Rz >> 16);
|
||||||
secp256k1_Rw = 18000 * (secp256k1_Rw & 0xFFFF) + (secp256k1_Rw >> 16);
|
secp256k1_Rw = 18000 * (secp256k1_Rw & 0xFFFF) + (secp256k1_Rw >> 16);
|
||||||
return (secp256k1_Rw << 16) + (secp256k1_Rw >> 16) + secp256k1_Rz;
|
return (secp256k1_Rw << 16) + (secp256k1_Rw >> 16) + secp256k1_Rz;
|
64
src/tests.c
64
src/tests.c
|
@ -9,8 +9,8 @@
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
|
|
||||||
#include "util_impl.h"
|
|
||||||
#include "secp256k1.c"
|
#include "secp256k1.c"
|
||||||
|
#include "testrand_impl.h"
|
||||||
|
|
||||||
#ifdef ENABLE_OPENSSL_TESTS
|
#ifdef ENABLE_OPENSSL_TESTS
|
||||||
#include "openssl/bn.h"
|
#include "openssl/bn.h"
|
||||||
|
@ -111,7 +111,7 @@ void random_num_order(secp256k1_num_t *num) {
|
||||||
} while(1);
|
} while(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
void test_num_copy_inc_cmp() {
|
void test_num_copy_inc_cmp(void) {
|
||||||
secp256k1_num_t n1,n2;
|
secp256k1_num_t n1,n2;
|
||||||
random_num_order(&n1);
|
random_num_order(&n1);
|
||||||
secp256k1_num_copy(&n2, &n1);
|
secp256k1_num_copy(&n2, &n1);
|
||||||
|
@ -123,7 +123,7 @@ void test_num_copy_inc_cmp() {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void test_num_get_set_hex() {
|
void test_num_get_set_hex(void) {
|
||||||
secp256k1_num_t n1,n2;
|
secp256k1_num_t n1,n2;
|
||||||
random_num_order_test(&n1);
|
random_num_order_test(&n1);
|
||||||
char c[64];
|
char c[64];
|
||||||
|
@ -134,7 +134,7 @@ void test_num_get_set_hex() {
|
||||||
// check whether the lower 4 bits correspond to the last hex character
|
// check whether the lower 4 bits correspond to the last hex character
|
||||||
int low1 = secp256k1_num_shift(&n1, 4);
|
int low1 = secp256k1_num_shift(&n1, 4);
|
||||||
int lowh = c[63];
|
int lowh = c[63];
|
||||||
int low2 = (lowh>>6)*9+(lowh-'0')&15;
|
int low2 = ((lowh>>6)*9+(lowh-'0'))&15;
|
||||||
CHECK(low1 == low2);
|
CHECK(low1 == low2);
|
||||||
// shift bits off the hex representation, and compare
|
// shift bits off the hex representation, and compare
|
||||||
memmove(c+1, c, 63);
|
memmove(c+1, c, 63);
|
||||||
|
@ -144,7 +144,7 @@ void test_num_get_set_hex() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void test_num_get_set_bin() {
|
void test_num_get_set_bin(void) {
|
||||||
secp256k1_num_t n1,n2;
|
secp256k1_num_t n1,n2;
|
||||||
random_num_order_test(&n1);
|
random_num_order_test(&n1);
|
||||||
unsigned char c[32];
|
unsigned char c[32];
|
||||||
|
@ -164,7 +164,7 @@ void test_num_get_set_bin() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void run_num_int() {
|
void run_num_int(void) {
|
||||||
secp256k1_num_t n1;
|
secp256k1_num_t n1;
|
||||||
for (int i=-255; i<256; i++) {
|
for (int i=-255; i<256; i++) {
|
||||||
unsigned char c1[3] = {};
|
unsigned char c1[3] = {};
|
||||||
|
@ -176,7 +176,7 @@ void run_num_int() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void test_num_negate() {
|
void test_num_negate(void) {
|
||||||
secp256k1_num_t n1;
|
secp256k1_num_t n1;
|
||||||
secp256k1_num_t n2;
|
secp256k1_num_t n2;
|
||||||
random_num_order_test(&n1); // n1 = R
|
random_num_order_test(&n1); // n1 = R
|
||||||
|
@ -196,7 +196,7 @@ void test_num_negate() {
|
||||||
CHECK(secp256k1_num_eq(&n1, &n2));
|
CHECK(secp256k1_num_eq(&n1, &n2));
|
||||||
}
|
}
|
||||||
|
|
||||||
void test_num_add_sub() {
|
void test_num_add_sub(void) {
|
||||||
int r = secp256k1_rand32();
|
int r = secp256k1_rand32();
|
||||||
secp256k1_num_t n1;
|
secp256k1_num_t n1;
|
||||||
secp256k1_num_t n2;
|
secp256k1_num_t n2;
|
||||||
|
@ -225,7 +225,7 @@ void test_num_add_sub() {
|
||||||
CHECK(secp256k1_num_eq(&n2p1, &n1));
|
CHECK(secp256k1_num_eq(&n2p1, &n1));
|
||||||
}
|
}
|
||||||
|
|
||||||
void run_num_smalltests() {
|
void run_num_smalltests(void) {
|
||||||
for (int i=0; i<100*count; i++) {
|
for (int i=0; i<100*count; i++) {
|
||||||
test_num_copy_inc_cmp();
|
test_num_copy_inc_cmp();
|
||||||
test_num_get_set_hex();
|
test_num_get_set_hex();
|
||||||
|
@ -474,7 +474,7 @@ int check_fe_inverse(const secp256k1_fe_t *a, const secp256k1_fe_t *ai) {
|
||||||
return check_fe_equal(&x, &one);
|
return check_fe_equal(&x, &one);
|
||||||
}
|
}
|
||||||
|
|
||||||
void run_field_inv() {
|
void run_field_inv(void) {
|
||||||
secp256k1_fe_t x, xi, xii;
|
secp256k1_fe_t x, xi, xii;
|
||||||
for (int i=0; i<10*count; i++) {
|
for (int i=0; i<10*count; i++) {
|
||||||
random_fe_non_zero(&x);
|
random_fe_non_zero(&x);
|
||||||
|
@ -485,7 +485,7 @@ void run_field_inv() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void run_field_inv_var() {
|
void run_field_inv_var(void) {
|
||||||
secp256k1_fe_t x, xi, xii;
|
secp256k1_fe_t x, xi, xii;
|
||||||
for (int i=0; i<10*count; i++) {
|
for (int i=0; i<10*count; i++) {
|
||||||
random_fe_non_zero(&x);
|
random_fe_non_zero(&x);
|
||||||
|
@ -496,41 +496,41 @@ void run_field_inv_var() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void run_field_inv_all() {
|
void run_field_inv_all(void) {
|
||||||
secp256k1_fe_t x[16], xi[16], xii[16];
|
secp256k1_fe_t x[16], xi[16], xii[16];
|
||||||
// Check it's safe to call for 0 elements
|
// Check it's safe to call for 0 elements
|
||||||
secp256k1_fe_inv_all(0, xi, x);
|
secp256k1_fe_inv_all(0, xi, x);
|
||||||
for (int i=0; i<count; i++) {
|
for (int i=0; i<count; i++) {
|
||||||
size_t len = (secp256k1_rand32() & 15) + 1;
|
size_t len = (secp256k1_rand32() & 15) + 1;
|
||||||
for (int j=0; j<len; j++)
|
for (size_t j=0; j<len; j++)
|
||||||
random_fe_non_zero(&x[j]);
|
random_fe_non_zero(&x[j]);
|
||||||
secp256k1_fe_inv_all(len, xi, x);
|
secp256k1_fe_inv_all(len, xi, x);
|
||||||
for (int j=0; j<len; j++)
|
for (size_t j=0; j<len; j++)
|
||||||
CHECK(check_fe_inverse(&x[j], &xi[j]));
|
CHECK(check_fe_inverse(&x[j], &xi[j]));
|
||||||
secp256k1_fe_inv_all(len, xii, xi);
|
secp256k1_fe_inv_all(len, xii, xi);
|
||||||
for (int j=0; j<len; j++)
|
for (size_t j=0; j<len; j++)
|
||||||
CHECK(check_fe_equal(&x[j], &xii[j]));
|
CHECK(check_fe_equal(&x[j], &xii[j]));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void run_field_inv_all_var() {
|
void run_field_inv_all_var(void) {
|
||||||
secp256k1_fe_t x[16], xi[16], xii[16];
|
secp256k1_fe_t x[16], xi[16], xii[16];
|
||||||
// Check it's safe to call for 0 elements
|
// Check it's safe to call for 0 elements
|
||||||
secp256k1_fe_inv_all_var(0, xi, x);
|
secp256k1_fe_inv_all_var(0, xi, x);
|
||||||
for (int i=0; i<count; i++) {
|
for (int i=0; i<count; i++) {
|
||||||
size_t len = (secp256k1_rand32() & 15) + 1;
|
size_t len = (secp256k1_rand32() & 15) + 1;
|
||||||
for (int j=0; j<len; j++)
|
for (size_t j=0; j<len; j++)
|
||||||
random_fe_non_zero(&x[j]);
|
random_fe_non_zero(&x[j]);
|
||||||
secp256k1_fe_inv_all_var(len, xi, x);
|
secp256k1_fe_inv_all_var(len, xi, x);
|
||||||
for (int j=0; j<len; j++)
|
for (size_t j=0; j<len; j++)
|
||||||
CHECK(check_fe_inverse(&x[j], &xi[j]));
|
CHECK(check_fe_inverse(&x[j], &xi[j]));
|
||||||
secp256k1_fe_inv_all_var(len, xii, xi);
|
secp256k1_fe_inv_all_var(len, xii, xi);
|
||||||
for (int j=0; j<len; j++)
|
for (size_t j=0; j<len; j++)
|
||||||
CHECK(check_fe_equal(&x[j], &xii[j]));
|
CHECK(check_fe_equal(&x[j], &xii[j]));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void run_sqr() {
|
void run_sqr(void) {
|
||||||
secp256k1_fe_t x, s;
|
secp256k1_fe_t x, s;
|
||||||
|
|
||||||
{
|
{
|
||||||
|
@ -559,7 +559,7 @@ void test_sqrt(const secp256k1_fe_t *a, const secp256k1_fe_t *k) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void run_sqrt() {
|
void run_sqrt(void) {
|
||||||
secp256k1_fe_t ns, x, s, t;
|
secp256k1_fe_t ns, x, s, t;
|
||||||
|
|
||||||
// Check sqrt(0) is 0
|
// Check sqrt(0) is 0
|
||||||
|
@ -614,7 +614,7 @@ void gej_equals_gej(const secp256k1_gej_t *a, const secp256k1_gej_t *b) {
|
||||||
CHECK(ge_equals_ge(&aa, &bb));
|
CHECK(ge_equals_ge(&aa, &bb));
|
||||||
}
|
}
|
||||||
|
|
||||||
void test_ge() {
|
void test_ge(void) {
|
||||||
secp256k1_ge_t a, b, i, n;
|
secp256k1_ge_t a, b, i, n;
|
||||||
random_group_element_test(&a);
|
random_group_element_test(&a);
|
||||||
random_group_element_test(&b);
|
random_group_element_test(&b);
|
||||||
|
@ -685,7 +685,7 @@ void test_ge() {
|
||||||
ge_equals_gej(&a, &iac);
|
ge_equals_gej(&a, &iac);
|
||||||
}
|
}
|
||||||
|
|
||||||
void run_ge() {
|
void run_ge(void) {
|
||||||
for (int i = 0; i < 2000*count; i++) {
|
for (int i = 0; i < 2000*count; i++) {
|
||||||
test_ge();
|
test_ge();
|
||||||
}
|
}
|
||||||
|
@ -693,7 +693,7 @@ void run_ge() {
|
||||||
|
|
||||||
/***** ECMULT TESTS *****/
|
/***** ECMULT TESTS *****/
|
||||||
|
|
||||||
void run_ecmult_chain() {
|
void run_ecmult_chain(void) {
|
||||||
// random starting point A (on the curve)
|
// random starting point A (on the curve)
|
||||||
secp256k1_fe_t ax; secp256k1_fe_set_hex(&ax, "8b30bbe9ae2a990696b22f670709dff3727fd8bc04d3362c6c7bf458e2846004", 64);
|
secp256k1_fe_t ax; secp256k1_fe_set_hex(&ax, "8b30bbe9ae2a990696b22f670709dff3727fd8bc04d3362c6c7bf458e2846004", 64);
|
||||||
secp256k1_fe_t ay; secp256k1_fe_set_hex(&ay, "a357ae915c4a65281309edf20504740f0eb3343990216b4f81063cb65f2f7e0f", 64);
|
secp256k1_fe_t ay; secp256k1_fe_set_hex(&ay, "a357ae915c4a65281309edf20504740f0eb3343990216b4f81063cb65f2f7e0f", 64);
|
||||||
|
@ -756,7 +756,7 @@ void test_point_times_order(const secp256k1_gej_t *point) {
|
||||||
CHECK(secp256k1_gej_is_infinity(&res));
|
CHECK(secp256k1_gej_is_infinity(&res));
|
||||||
}
|
}
|
||||||
|
|
||||||
void run_point_times_order() {
|
void run_point_times_order(void) {
|
||||||
secp256k1_fe_t x; secp256k1_fe_set_hex(&x, "02", 2);
|
secp256k1_fe_t x; secp256k1_fe_set_hex(&x, "02", 2);
|
||||||
for (int i=0; i<500; i++) {
|
for (int i=0; i<500; i++) {
|
||||||
secp256k1_ge_t p;
|
secp256k1_ge_t p;
|
||||||
|
@ -800,7 +800,7 @@ void test_wnaf(const secp256k1_num_t *number, int w) {
|
||||||
CHECK(secp256k1_num_eq(&x, number)); // check that wnaf represents number
|
CHECK(secp256k1_num_eq(&x, number)); // check that wnaf represents number
|
||||||
}
|
}
|
||||||
|
|
||||||
void run_wnaf() {
|
void run_wnaf(void) {
|
||||||
secp256k1_num_t n;
|
secp256k1_num_t n;
|
||||||
for (int i=0; i<count; i++) {
|
for (int i=0; i<count; i++) {
|
||||||
random_num_order(&n);
|
random_num_order(&n);
|
||||||
|
@ -817,7 +817,7 @@ void random_sign(secp256k1_ecdsa_sig_t *sig, const secp256k1_scalar_t *key, cons
|
||||||
} while(!secp256k1_ecdsa_sig_sign(sig, key, msg, &nonce, recid));
|
} while(!secp256k1_ecdsa_sig_sign(sig, key, msg, &nonce, recid));
|
||||||
}
|
}
|
||||||
|
|
||||||
void test_ecdsa_sign_verify() {
|
void test_ecdsa_sign_verify(void) {
|
||||||
secp256k1_scalar_t msg, key;
|
secp256k1_scalar_t msg, key;
|
||||||
random_scalar_order_test(&msg);
|
random_scalar_order_test(&msg);
|
||||||
random_scalar_order_test(&key);
|
random_scalar_order_test(&key);
|
||||||
|
@ -832,13 +832,13 @@ void test_ecdsa_sign_verify() {
|
||||||
CHECK(!secp256k1_ecdsa_sig_verify(&sig, &pub, &msg_num));
|
CHECK(!secp256k1_ecdsa_sig_verify(&sig, &pub, &msg_num));
|
||||||
}
|
}
|
||||||
|
|
||||||
void run_ecdsa_sign_verify() {
|
void run_ecdsa_sign_verify(void) {
|
||||||
for (int i=0; i<10*count; i++) {
|
for (int i=0; i<10*count; i++) {
|
||||||
test_ecdsa_sign_verify();
|
test_ecdsa_sign_verify();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void test_ecdsa_end_to_end() {
|
void test_ecdsa_end_to_end(void) {
|
||||||
unsigned char privkey[32];
|
unsigned char privkey[32];
|
||||||
unsigned char message[32];
|
unsigned char message[32];
|
||||||
|
|
||||||
|
@ -927,7 +927,7 @@ void test_ecdsa_end_to_end() {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void run_ecdsa_end_to_end() {
|
void run_ecdsa_end_to_end(void) {
|
||||||
for (int i=0; i<64*count; i++) {
|
for (int i=0; i<64*count; i++) {
|
||||||
test_ecdsa_end_to_end();
|
test_ecdsa_end_to_end();
|
||||||
}
|
}
|
||||||
|
@ -947,7 +947,7 @@ EC_KEY *get_openssl_key(const secp256k1_scalar_t *key) {
|
||||||
return ec_key;
|
return ec_key;
|
||||||
}
|
}
|
||||||
|
|
||||||
void test_ecdsa_openssl() {
|
void test_ecdsa_openssl(void) {
|
||||||
secp256k1_scalar_t key, msg;
|
secp256k1_scalar_t key, msg;
|
||||||
unsigned char message[32];
|
unsigned char message[32];
|
||||||
secp256k1_rand256_test(message);
|
secp256k1_rand256_test(message);
|
||||||
|
@ -978,7 +978,7 @@ void test_ecdsa_openssl() {
|
||||||
EC_KEY_free(ec_key);
|
EC_KEY_free(ec_key);
|
||||||
}
|
}
|
||||||
|
|
||||||
void run_ecdsa_openssl() {
|
void run_ecdsa_openssl(void) {
|
||||||
for (int i=0; i<10*count; i++) {
|
for (int i=0; i<10*count; i++) {
|
||||||
test_ecdsa_openssl();
|
test_ecdsa_openssl();
|
||||||
}
|
}
|
||||||
|
|
12
src/util.h
12
src/util.h
|
@ -44,16 +44,4 @@
|
||||||
#define VERIFY_CHECK(cond) do { (void)(cond); } while(0)
|
#define VERIFY_CHECK(cond) do { (void)(cond); } while(0)
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/** Seed the pseudorandom number generator. */
|
|
||||||
static inline void secp256k1_rand_seed(uint64_t v);
|
|
||||||
|
|
||||||
/** Generate a pseudorandom 32-bit number. */
|
|
||||||
static uint32_t secp256k1_rand32(void);
|
|
||||||
|
|
||||||
/** Generate a pseudorandom 32-byte array. */
|
|
||||||
static void secp256k1_rand256(unsigned char *b32);
|
|
||||||
|
|
||||||
/** Generate a pseudorandom 32-byte array with long sequences of zero and one bits. */
|
|
||||||
static void secp256k1_rand256_test(unsigned char *b32);
|
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
Loading…
Add table
Reference in a new issue