mirror of
https://github.com/bitcoin/bitcoin.git
synced 2025-01-28 03:57:31 -03:00
Reorder static to comply with C99 and switch to the inline macro.
This commit is contained in:
parent
8563713a4f
commit
a4a43d7543
24 changed files with 278 additions and 276 deletions
|
@ -4,6 +4,8 @@
|
||||||
|
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
|
|
||||||
|
#include "include/secp256k1.h"
|
||||||
|
|
||||||
#include "util.h"
|
#include "util.h"
|
||||||
#include "num_impl.h"
|
#include "num_impl.h"
|
||||||
#include "field_impl.h"
|
#include "field_impl.h"
|
||||||
|
|
12
src/ecdsa.h
12
src/ecdsa.h
|
@ -11,11 +11,11 @@ typedef struct {
|
||||||
secp256k1_num_t r, s;
|
secp256k1_num_t r, s;
|
||||||
} secp256k1_ecdsa_sig_t;
|
} secp256k1_ecdsa_sig_t;
|
||||||
|
|
||||||
int static secp256k1_ecdsa_sig_parse(secp256k1_ecdsa_sig_t *r, const unsigned char *sig, int size);
|
static int secp256k1_ecdsa_sig_parse(secp256k1_ecdsa_sig_t *r, const unsigned char *sig, int size);
|
||||||
int static secp256k1_ecdsa_sig_serialize(unsigned char *sig, int *size, const secp256k1_ecdsa_sig_t *a);
|
static int secp256k1_ecdsa_sig_serialize(unsigned char *sig, int *size, const secp256k1_ecdsa_sig_t *a);
|
||||||
int static secp256k1_ecdsa_sig_verify(const secp256k1_ecdsa_sig_t *sig, const secp256k1_ge_t *pubkey, const secp256k1_num_t *message);
|
static int secp256k1_ecdsa_sig_verify(const secp256k1_ecdsa_sig_t *sig, const secp256k1_ge_t *pubkey, const secp256k1_num_t *message);
|
||||||
int static secp256k1_ecdsa_sig_sign(secp256k1_ecdsa_sig_t *sig, const secp256k1_scalar_t *seckey, const secp256k1_scalar_t *message, const secp256k1_scalar_t *nonce, int *recid);
|
static int secp256k1_ecdsa_sig_sign(secp256k1_ecdsa_sig_t *sig, const secp256k1_scalar_t *seckey, const secp256k1_scalar_t *message, const secp256k1_scalar_t *nonce, int *recid);
|
||||||
int static secp256k1_ecdsa_sig_recover(const secp256k1_ecdsa_sig_t *sig, secp256k1_ge_t *pubkey, const secp256k1_num_t *message, int recid);
|
static int secp256k1_ecdsa_sig_recover(const secp256k1_ecdsa_sig_t *sig, secp256k1_ge_t *pubkey, const secp256k1_num_t *message, int recid);
|
||||||
void static secp256k1_ecdsa_sig_set_rs(secp256k1_ecdsa_sig_t *sig, const secp256k1_num_t *r, const secp256k1_num_t *s);
|
static void secp256k1_ecdsa_sig_set_rs(secp256k1_ecdsa_sig_t *sig, const secp256k1_num_t *r, const secp256k1_num_t *s);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -12,7 +12,7 @@
|
||||||
#include "ecmult_gen.h"
|
#include "ecmult_gen.h"
|
||||||
#include "ecdsa.h"
|
#include "ecdsa.h"
|
||||||
|
|
||||||
int static secp256k1_ecdsa_sig_parse(secp256k1_ecdsa_sig_t *r, const unsigned char *sig, int size) {
|
static int secp256k1_ecdsa_sig_parse(secp256k1_ecdsa_sig_t *r, const unsigned char *sig, int size) {
|
||||||
if (sig[0] != 0x30) return 0;
|
if (sig[0] != 0x30) return 0;
|
||||||
int lenr = sig[3];
|
int lenr = sig[3];
|
||||||
if (5+lenr >= size) return 0;
|
if (5+lenr >= size) return 0;
|
||||||
|
@ -28,7 +28,7 @@ int static secp256k1_ecdsa_sig_parse(secp256k1_ecdsa_sig_t *r, const unsigned ch
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_ecdsa_sig_serialize(unsigned char *sig, int *size, const secp256k1_ecdsa_sig_t *a) {
|
static int secp256k1_ecdsa_sig_serialize(unsigned char *sig, int *size, const secp256k1_ecdsa_sig_t *a) {
|
||||||
int lenR = (secp256k1_num_bits(&a->r) + 7)/8;
|
int lenR = (secp256k1_num_bits(&a->r) + 7)/8;
|
||||||
if (lenR == 0 || secp256k1_num_get_bit(&a->r, lenR*8-1))
|
if (lenR == 0 || secp256k1_num_get_bit(&a->r, lenR*8-1))
|
||||||
lenR++;
|
lenR++;
|
||||||
|
@ -49,7 +49,7 @@ int static secp256k1_ecdsa_sig_serialize(unsigned char *sig, int *size, const se
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_ecdsa_sig_recompute(secp256k1_num_t *r2, const secp256k1_ecdsa_sig_t *sig, const secp256k1_ge_t *pubkey, const secp256k1_num_t *message) {
|
static int secp256k1_ecdsa_sig_recompute(secp256k1_num_t *r2, const secp256k1_ecdsa_sig_t *sig, const secp256k1_ge_t *pubkey, const secp256k1_num_t *message) {
|
||||||
const secp256k1_ge_consts_t *c = secp256k1_ge_consts;
|
const secp256k1_ge_consts_t *c = secp256k1_ge_consts;
|
||||||
|
|
||||||
if (secp256k1_num_is_neg(&sig->r) || secp256k1_num_is_neg(&sig->s))
|
if (secp256k1_num_is_neg(&sig->r) || secp256k1_num_is_neg(&sig->s))
|
||||||
|
@ -83,7 +83,7 @@ int static secp256k1_ecdsa_sig_recompute(secp256k1_num_t *r2, const secp256k1_ec
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_ecdsa_sig_recover(const secp256k1_ecdsa_sig_t *sig, secp256k1_ge_t *pubkey, const secp256k1_num_t *message, int recid) {
|
static int secp256k1_ecdsa_sig_recover(const secp256k1_ecdsa_sig_t *sig, secp256k1_ge_t *pubkey, const secp256k1_num_t *message, int recid) {
|
||||||
const secp256k1_ge_consts_t *c = secp256k1_ge_consts;
|
const secp256k1_ge_consts_t *c = secp256k1_ge_consts;
|
||||||
|
|
||||||
if (secp256k1_num_is_neg(&sig->r) || secp256k1_num_is_neg(&sig->s))
|
if (secp256k1_num_is_neg(&sig->r) || secp256k1_num_is_neg(&sig->s))
|
||||||
|
@ -128,7 +128,7 @@ int static secp256k1_ecdsa_sig_recover(const secp256k1_ecdsa_sig_t *sig, secp256
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_ecdsa_sig_verify(const secp256k1_ecdsa_sig_t *sig, const secp256k1_ge_t *pubkey, const secp256k1_num_t *message) {
|
static int secp256k1_ecdsa_sig_verify(const secp256k1_ecdsa_sig_t *sig, const secp256k1_ge_t *pubkey, const secp256k1_num_t *message) {
|
||||||
secp256k1_num_t r2;
|
secp256k1_num_t r2;
|
||||||
secp256k1_num_init(&r2);
|
secp256k1_num_init(&r2);
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
@ -137,7 +137,7 @@ int static secp256k1_ecdsa_sig_verify(const secp256k1_ecdsa_sig_t *sig, const se
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_ecdsa_sig_sign(secp256k1_ecdsa_sig_t *sig, const secp256k1_scalar_t *seckey, const secp256k1_scalar_t *message, const secp256k1_scalar_t *nonce, int *recid) {
|
static int secp256k1_ecdsa_sig_sign(secp256k1_ecdsa_sig_t *sig, const secp256k1_scalar_t *seckey, const secp256k1_scalar_t *message, const secp256k1_scalar_t *nonce, int *recid) {
|
||||||
secp256k1_gej_t rp;
|
secp256k1_gej_t rp;
|
||||||
secp256k1_ecmult_gen(&rp, nonce);
|
secp256k1_ecmult_gen(&rp, nonce);
|
||||||
secp256k1_ge_t r;
|
secp256k1_ge_t r;
|
||||||
|
@ -172,7 +172,7 @@ int static secp256k1_ecdsa_sig_sign(secp256k1_ecdsa_sig_t *sig, const secp256k1_
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_ecdsa_sig_set_rs(secp256k1_ecdsa_sig_t *sig, const secp256k1_num_t *r, const secp256k1_num_t *s) {
|
static void secp256k1_ecdsa_sig_set_rs(secp256k1_ecdsa_sig_t *sig, const secp256k1_num_t *r, const secp256k1_num_t *s) {
|
||||||
secp256k1_num_copy(&sig->r, r);
|
secp256k1_num_copy(&sig->r, r);
|
||||||
secp256k1_num_copy(&sig->s, s);
|
secp256k1_num_copy(&sig->s, s);
|
||||||
}
|
}
|
||||||
|
|
16
src/eckey.h
16
src/eckey.h
|
@ -9,15 +9,15 @@
|
||||||
#include "scalar.h"
|
#include "scalar.h"
|
||||||
#include "num.h"
|
#include "num.h"
|
||||||
|
|
||||||
int static secp256k1_eckey_pubkey_parse(secp256k1_ge_t *elem, const unsigned char *pub, int size);
|
static int secp256k1_eckey_pubkey_parse(secp256k1_ge_t *elem, const unsigned char *pub, int size);
|
||||||
void static secp256k1_eckey_pubkey_serialize(secp256k1_ge_t *elem, unsigned char *pub, int *size, int compressed);
|
static void secp256k1_eckey_pubkey_serialize(secp256k1_ge_t *elem, unsigned char *pub, int *size, int compressed);
|
||||||
|
|
||||||
int static secp256k1_eckey_privkey_parse(secp256k1_scalar_t *key, const unsigned char *privkey, int privkeylen);
|
static int secp256k1_eckey_privkey_parse(secp256k1_scalar_t *key, const unsigned char *privkey, int privkeylen);
|
||||||
int static secp256k1_eckey_privkey_serialize(unsigned char *privkey, int *privkeylen, const secp256k1_scalar_t *key, int compressed);
|
static int secp256k1_eckey_privkey_serialize(unsigned char *privkey, int *privkeylen, const secp256k1_scalar_t *key, int compressed);
|
||||||
|
|
||||||
int static secp256k1_eckey_privkey_tweak_add(secp256k1_scalar_t *key, const secp256k1_scalar_t *tweak);
|
static int secp256k1_eckey_privkey_tweak_add(secp256k1_scalar_t *key, const secp256k1_scalar_t *tweak);
|
||||||
int static secp256k1_eckey_pubkey_tweak_add(secp256k1_ge_t *key, const secp256k1_num_t *tweak);
|
static int secp256k1_eckey_pubkey_tweak_add(secp256k1_ge_t *key, const secp256k1_num_t *tweak);
|
||||||
int static secp256k1_eckey_privkey_tweak_mul(secp256k1_scalar_t *key, const secp256k1_scalar_t *tweak);
|
static int secp256k1_eckey_privkey_tweak_mul(secp256k1_scalar_t *key, const secp256k1_scalar_t *tweak);
|
||||||
int static secp256k1_eckey_pubkey_tweak_mul(secp256k1_ge_t *key, const secp256k1_num_t *tweak);
|
static int secp256k1_eckey_pubkey_tweak_mul(secp256k1_ge_t *key, const secp256k1_num_t *tweak);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -12,7 +12,7 @@
|
||||||
#include "group.h"
|
#include "group.h"
|
||||||
#include "ecmult_gen.h"
|
#include "ecmult_gen.h"
|
||||||
|
|
||||||
int static secp256k1_eckey_pubkey_parse(secp256k1_ge_t *elem, const unsigned char *pub, int size) {
|
static int secp256k1_eckey_pubkey_parse(secp256k1_ge_t *elem, const unsigned char *pub, int size) {
|
||||||
if (size == 33 && (pub[0] == 0x02 || pub[0] == 0x03)) {
|
if (size == 33 && (pub[0] == 0x02 || pub[0] == 0x03)) {
|
||||||
secp256k1_fe_t x;
|
secp256k1_fe_t x;
|
||||||
secp256k1_fe_set_b32(&x, pub+1);
|
secp256k1_fe_set_b32(&x, pub+1);
|
||||||
|
@ -30,7 +30,7 @@ int static secp256k1_eckey_pubkey_parse(secp256k1_ge_t *elem, const unsigned cha
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_eckey_pubkey_serialize(secp256k1_ge_t *elem, unsigned char *pub, int *size, int compressed) {
|
static void secp256k1_eckey_pubkey_serialize(secp256k1_ge_t *elem, unsigned char *pub, int *size, int compressed) {
|
||||||
secp256k1_fe_normalize(&elem->x);
|
secp256k1_fe_normalize(&elem->x);
|
||||||
secp256k1_fe_normalize(&elem->y);
|
secp256k1_fe_normalize(&elem->y);
|
||||||
secp256k1_fe_get_b32(&pub[1], &elem->x);
|
secp256k1_fe_get_b32(&pub[1], &elem->x);
|
||||||
|
@ -44,7 +44,7 @@ void static secp256k1_eckey_pubkey_serialize(secp256k1_ge_t *elem, unsigned char
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_eckey_privkey_parse(secp256k1_scalar_t *key, const unsigned char *privkey, int privkeylen) {
|
static int secp256k1_eckey_privkey_parse(secp256k1_scalar_t *key, const unsigned char *privkey, int privkeylen) {
|
||||||
const unsigned char *end = privkey + privkeylen;
|
const unsigned char *end = privkey + privkeylen;
|
||||||
// sequence header
|
// sequence header
|
||||||
if (end < privkey+1 || *privkey != 0x30)
|
if (end < privkey+1 || *privkey != 0x30)
|
||||||
|
@ -80,7 +80,7 @@ int static secp256k1_eckey_privkey_parse(secp256k1_scalar_t *key, const unsigned
|
||||||
return !overflow;
|
return !overflow;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_eckey_privkey_serialize(unsigned char *privkey, int *privkeylen, const secp256k1_scalar_t *key, int compressed) {
|
static int secp256k1_eckey_privkey_serialize(unsigned char *privkey, int *privkeylen, const secp256k1_scalar_t *key, int compressed) {
|
||||||
secp256k1_gej_t rp;
|
secp256k1_gej_t rp;
|
||||||
secp256k1_ecmult_gen(&rp, key);
|
secp256k1_ecmult_gen(&rp, key);
|
||||||
secp256k1_ge_t r;
|
secp256k1_ge_t r;
|
||||||
|
@ -135,14 +135,14 @@ int static secp256k1_eckey_privkey_serialize(unsigned char *privkey, int *privke
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_eckey_privkey_tweak_add(secp256k1_scalar_t *key, const secp256k1_scalar_t *tweak) {
|
static int secp256k1_eckey_privkey_tweak_add(secp256k1_scalar_t *key, const secp256k1_scalar_t *tweak) {
|
||||||
secp256k1_scalar_add(key, key, tweak);
|
secp256k1_scalar_add(key, key, tweak);
|
||||||
if (secp256k1_scalar_is_zero(key))
|
if (secp256k1_scalar_is_zero(key))
|
||||||
return 0;
|
return 0;
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_eckey_pubkey_tweak_add(secp256k1_ge_t *key, const secp256k1_num_t *tweak) {
|
static int secp256k1_eckey_pubkey_tweak_add(secp256k1_ge_t *key, const secp256k1_num_t *tweak) {
|
||||||
if (secp256k1_num_cmp(tweak, &secp256k1_ge_consts->order) >= 0)
|
if (secp256k1_num_cmp(tweak, &secp256k1_ge_consts->order) >= 0)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
|
@ -160,7 +160,7 @@ int static secp256k1_eckey_pubkey_tweak_add(secp256k1_ge_t *key, const secp256k1
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_eckey_privkey_tweak_mul(secp256k1_scalar_t *key, const secp256k1_scalar_t *tweak) {
|
static int secp256k1_eckey_privkey_tweak_mul(secp256k1_scalar_t *key, const secp256k1_scalar_t *tweak) {
|
||||||
if (secp256k1_scalar_is_zero(tweak))
|
if (secp256k1_scalar_is_zero(tweak))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
|
@ -168,7 +168,7 @@ int static secp256k1_eckey_privkey_tweak_mul(secp256k1_scalar_t *key, const secp
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_eckey_pubkey_tweak_mul(secp256k1_ge_t *key, const secp256k1_num_t *tweak) {
|
static int secp256k1_eckey_pubkey_tweak_mul(secp256k1_ge_t *key, const secp256k1_num_t *tweak) {
|
||||||
if (secp256k1_num_is_zero(tweak))
|
if (secp256k1_num_is_zero(tweak))
|
||||||
return 0;
|
return 0;
|
||||||
if (secp256k1_num_cmp(tweak, &secp256k1_ge_consts->order) >= 0)
|
if (secp256k1_num_cmp(tweak, &secp256k1_ge_consts->order) >= 0)
|
||||||
|
|
|
@ -99,7 +99,7 @@ static void secp256k1_ecmult_gen_stop(void) {
|
||||||
free(c);
|
free(c);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_ecmult_gen(secp256k1_gej_t *r, const secp256k1_scalar_t *gn) {
|
static void secp256k1_ecmult_gen(secp256k1_gej_t *r, const secp256k1_scalar_t *gn) {
|
||||||
const secp256k1_ecmult_gen_consts_t *c = secp256k1_ecmult_gen_consts;
|
const secp256k1_ecmult_gen_consts_t *c = secp256k1_ecmult_gen_consts;
|
||||||
secp256k1_gej_set_infinity(r);
|
secp256k1_gej_set_infinity(r);
|
||||||
secp256k1_ge_t add;
|
secp256k1_ge_t add;
|
||||||
|
|
|
@ -28,14 +28,14 @@
|
||||||
* To compute a*P + b*G, we use the jacobian version for P, and the affine version for G, as
|
* To compute a*P + b*G, we use the jacobian version for P, and the affine version for G, as
|
||||||
* G is constant, so it only needs to be done once in advance.
|
* G is constant, so it only needs to be done once in advance.
|
||||||
*/
|
*/
|
||||||
void static secp256k1_ecmult_table_precomp_gej_var(secp256k1_gej_t *pre, const secp256k1_gej_t *a, int w) {
|
static void secp256k1_ecmult_table_precomp_gej_var(secp256k1_gej_t *pre, const secp256k1_gej_t *a, int w) {
|
||||||
pre[0] = *a;
|
pre[0] = *a;
|
||||||
secp256k1_gej_t d; secp256k1_gej_double_var(&d, &pre[0]);
|
secp256k1_gej_t d; secp256k1_gej_double_var(&d, &pre[0]);
|
||||||
for (int i=1; i<(1 << (w-2)); i++)
|
for (int i=1; i<(1 << (w-2)); i++)
|
||||||
secp256k1_gej_add_var(&pre[i], &d, &pre[i-1]);
|
secp256k1_gej_add_var(&pre[i], &d, &pre[i-1]);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_ecmult_table_precomp_ge_var(secp256k1_ge_t *pre, const secp256k1_gej_t *a, int w) {
|
static void secp256k1_ecmult_table_precomp_ge_var(secp256k1_ge_t *pre, const secp256k1_gej_t *a, int w) {
|
||||||
const int table_size = 1 << (w-2);
|
const int table_size = 1 << (w-2);
|
||||||
secp256k1_gej_t prej[table_size];
|
secp256k1_gej_t prej[table_size];
|
||||||
prej[0] = *a;
|
prej[0] = *a;
|
||||||
|
@ -143,7 +143,7 @@ static int secp256k1_ecmult_wnaf(int *wnaf, const secp256k1_num_t *a, int w) {
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_ecmult(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_num_t *na, const secp256k1_num_t *ng) {
|
static void secp256k1_ecmult(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_num_t *na, const secp256k1_num_t *ng) {
|
||||||
const secp256k1_ecmult_consts_t *c = secp256k1_ecmult_consts;
|
const secp256k1_ecmult_consts_t *c = secp256k1_ecmult_consts;
|
||||||
|
|
||||||
#ifdef USE_ENDOMORPHISM
|
#ifdef USE_ENDOMORPHISM
|
||||||
|
|
42
src/field.h
42
src/field.h
|
@ -37,76 +37,76 @@ typedef struct {
|
||||||
static const secp256k1_fe_consts_t *secp256k1_fe_consts = NULL;
|
static const secp256k1_fe_consts_t *secp256k1_fe_consts = NULL;
|
||||||
|
|
||||||
/** Initialize field element precomputation data. */
|
/** Initialize field element precomputation data. */
|
||||||
void static secp256k1_fe_start(void);
|
static void secp256k1_fe_start(void);
|
||||||
|
|
||||||
/** Unload field element precomputation data. */
|
/** Unload field element precomputation data. */
|
||||||
void static secp256k1_fe_stop(void);
|
static void secp256k1_fe_stop(void);
|
||||||
|
|
||||||
/** Normalize a field element. */
|
/** Normalize a field element. */
|
||||||
void static secp256k1_fe_normalize(secp256k1_fe_t *r);
|
static void secp256k1_fe_normalize(secp256k1_fe_t *r);
|
||||||
|
|
||||||
/** Set a field element equal to a small integer. Resulting field element is normalized. */
|
/** Set a field element equal to a small integer. Resulting field element is normalized. */
|
||||||
void static secp256k1_fe_set_int(secp256k1_fe_t *r, int a);
|
static void secp256k1_fe_set_int(secp256k1_fe_t *r, int a);
|
||||||
|
|
||||||
/** Verify whether a field element is zero. Requires the input to be normalized. */
|
/** Verify whether a field element is zero. Requires the input to be normalized. */
|
||||||
int static secp256k1_fe_is_zero(const secp256k1_fe_t *a);
|
static int secp256k1_fe_is_zero(const secp256k1_fe_t *a);
|
||||||
|
|
||||||
/** Check the "oddness" of a field element. Requires the input to be normalized. */
|
/** Check the "oddness" of a field element. Requires the input to be normalized. */
|
||||||
int static secp256k1_fe_is_odd(const secp256k1_fe_t *a);
|
static int secp256k1_fe_is_odd(const secp256k1_fe_t *a);
|
||||||
|
|
||||||
/** Compare two field elements. Requires both inputs to be normalized */
|
/** Compare two field elements. Requires both inputs to be normalized */
|
||||||
int static secp256k1_fe_equal(const secp256k1_fe_t *a, const secp256k1_fe_t *b);
|
static int secp256k1_fe_equal(const secp256k1_fe_t *a, const secp256k1_fe_t *b);
|
||||||
|
|
||||||
/** Set a field element equal to 32-byte big endian value. Resulting field element is normalized. */
|
/** Set a field element equal to 32-byte big endian value. Resulting field element is normalized. */
|
||||||
void static secp256k1_fe_set_b32(secp256k1_fe_t *r, const unsigned char *a);
|
static void secp256k1_fe_set_b32(secp256k1_fe_t *r, const unsigned char *a);
|
||||||
|
|
||||||
/** Convert a field element to a 32-byte big endian value. Requires the input to be normalized */
|
/** Convert a field element to a 32-byte big endian value. Requires the input to be normalized */
|
||||||
void static secp256k1_fe_get_b32(unsigned char *r, const secp256k1_fe_t *a);
|
static void secp256k1_fe_get_b32(unsigned char *r, const secp256k1_fe_t *a);
|
||||||
|
|
||||||
/** Set a field element equal to the additive inverse of another. Takes a maximum magnitude of the input
|
/** Set a field element equal to the additive inverse of another. Takes a maximum magnitude of the input
|
||||||
* as an argument. The magnitude of the output is one higher. */
|
* as an argument. The magnitude of the output is one higher. */
|
||||||
void static secp256k1_fe_negate(secp256k1_fe_t *r, const secp256k1_fe_t *a, int m);
|
static void secp256k1_fe_negate(secp256k1_fe_t *r, const secp256k1_fe_t *a, int m);
|
||||||
|
|
||||||
/** Multiplies the passed field element with a small integer constant. Multiplies the magnitude by that
|
/** Multiplies the passed field element with a small integer constant. Multiplies the magnitude by that
|
||||||
* small integer. */
|
* small integer. */
|
||||||
void static secp256k1_fe_mul_int(secp256k1_fe_t *r, int a);
|
static void secp256k1_fe_mul_int(secp256k1_fe_t *r, int a);
|
||||||
|
|
||||||
/** Adds a field element to another. The result has the sum of the inputs' magnitudes as magnitude. */
|
/** Adds a field element to another. The result has the sum of the inputs' magnitudes as magnitude. */
|
||||||
void static secp256k1_fe_add(secp256k1_fe_t *r, const secp256k1_fe_t *a);
|
static void secp256k1_fe_add(secp256k1_fe_t *r, const secp256k1_fe_t *a);
|
||||||
|
|
||||||
/** Sets a field element to be the product of two others. Requires the inputs' magnitudes to be at most 8.
|
/** Sets a field element to be the product of two others. Requires the inputs' magnitudes to be at most 8.
|
||||||
* The output magnitude is 1 (but not guaranteed to be normalized). */
|
* The output magnitude is 1 (but not guaranteed to be normalized). */
|
||||||
void static secp256k1_fe_mul(secp256k1_fe_t *r, const secp256k1_fe_t *a, const secp256k1_fe_t *b);
|
static void secp256k1_fe_mul(secp256k1_fe_t *r, const secp256k1_fe_t *a, const secp256k1_fe_t *b);
|
||||||
|
|
||||||
/** Sets a field element to be the square of another. Requires the input's magnitude to be at most 8.
|
/** Sets a field element to be the square of another. Requires the input's magnitude to be at most 8.
|
||||||
* The output magnitude is 1 (but not guaranteed to be normalized). */
|
* The output magnitude is 1 (but not guaranteed to be normalized). */
|
||||||
void static secp256k1_fe_sqr(secp256k1_fe_t *r, const secp256k1_fe_t *a);
|
static void secp256k1_fe_sqr(secp256k1_fe_t *r, const secp256k1_fe_t *a);
|
||||||
|
|
||||||
/** Sets a field element to be the (modular) square root (if any exist) of another. Requires the
|
/** Sets a field element to be the (modular) square root (if any exist) of another. Requires the
|
||||||
* input's magnitude to be at most 8. The output magnitude is 1 (but not guaranteed to be
|
* input's magnitude to be at most 8. The output magnitude is 1 (but not guaranteed to be
|
||||||
* normalized). Return value indicates whether a square root was found. */
|
* normalized). Return value indicates whether a square root was found. */
|
||||||
int static secp256k1_fe_sqrt(secp256k1_fe_t *r, const secp256k1_fe_t *a);
|
static int secp256k1_fe_sqrt(secp256k1_fe_t *r, const secp256k1_fe_t *a);
|
||||||
|
|
||||||
/** Sets a field element to be the (modular) inverse of another. Requires the input's magnitude to be
|
/** Sets a field element to be the (modular) inverse of another. Requires the input's magnitude to be
|
||||||
* at most 8. The output magnitude is 1 (but not guaranteed to be normalized). */
|
* at most 8. The output magnitude is 1 (but not guaranteed to be normalized). */
|
||||||
void static secp256k1_fe_inv(secp256k1_fe_t *r, const secp256k1_fe_t *a);
|
static void secp256k1_fe_inv(secp256k1_fe_t *r, const secp256k1_fe_t *a);
|
||||||
|
|
||||||
/** Potentially faster version of secp256k1_fe_inv, without constant-time guarantee. */
|
/** Potentially faster version of secp256k1_fe_inv, without constant-time guarantee. */
|
||||||
void static secp256k1_fe_inv_var(secp256k1_fe_t *r, const secp256k1_fe_t *a);
|
static void secp256k1_fe_inv_var(secp256k1_fe_t *r, const secp256k1_fe_t *a);
|
||||||
|
|
||||||
/** Calculate the (modular) inverses of a batch of field elements. Requires the inputs' magnitudes to be
|
/** Calculate the (modular) inverses of a batch of field elements. Requires the inputs' magnitudes to be
|
||||||
* at most 8. The output magnitudes are 1 (but not guaranteed to be normalized). The inputs and
|
* at most 8. The output magnitudes are 1 (but not guaranteed to be normalized). The inputs and
|
||||||
* outputs must not overlap in memory. */
|
* outputs must not overlap in memory. */
|
||||||
void static secp256k1_fe_inv_all(size_t len, secp256k1_fe_t r[len], const secp256k1_fe_t a[len]);
|
static void secp256k1_fe_inv_all(size_t len, secp256k1_fe_t r[len], const secp256k1_fe_t a[len]);
|
||||||
|
|
||||||
/** Potentially faster version of secp256k1_fe_inv_all, without constant-time guarantee. */
|
/** Potentially faster version of secp256k1_fe_inv_all, without constant-time guarantee. */
|
||||||
void static secp256k1_fe_inv_all_var(size_t len, secp256k1_fe_t r[len], const secp256k1_fe_t a[len]);
|
static void secp256k1_fe_inv_all_var(size_t len, secp256k1_fe_t r[len], const secp256k1_fe_t a[len]);
|
||||||
|
|
||||||
|
|
||||||
/** Convert a field element to a hexadecimal string. */
|
/** Convert a field element to a hexadecimal string. */
|
||||||
void static secp256k1_fe_get_hex(char *r, int *rlen, const secp256k1_fe_t *a);
|
static void secp256k1_fe_get_hex(char *r, int *rlen, const secp256k1_fe_t *a);
|
||||||
|
|
||||||
/** Convert a hexadecimal string to a field element. */
|
/** Convert a hexadecimal string to a field element. */
|
||||||
void static secp256k1_fe_set_hex(secp256k1_fe_t *r, const char *a, int alen);
|
static void secp256k1_fe_set_hex(secp256k1_fe_t *r, const char *a, int alen);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -11,11 +11,11 @@
|
||||||
#include "num.h"
|
#include "num.h"
|
||||||
#include "field.h"
|
#include "field.h"
|
||||||
|
|
||||||
void static secp256k1_fe_inner_start(void) {}
|
static void secp256k1_fe_inner_start(void) {}
|
||||||
void static secp256k1_fe_inner_stop(void) {}
|
static void secp256k1_fe_inner_stop(void) {}
|
||||||
|
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
void static secp256k1_fe_verify(const secp256k1_fe_t *a) {
|
static void secp256k1_fe_verify(const secp256k1_fe_t *a) {
|
||||||
const uint32_t *d = a->n;
|
const uint32_t *d = a->n;
|
||||||
int m = a->normalized ? 1 : 2 * a->magnitude, r = 1;
|
int m = a->normalized ? 1 : 2 * a->magnitude, r = 1;
|
||||||
r &= (d[0] <= 0x3FFFFFFUL * m);
|
r &= (d[0] <= 0x3FFFFFFUL * m);
|
||||||
|
@ -41,10 +41,10 @@ void static secp256k1_fe_verify(const secp256k1_fe_t *a) {
|
||||||
VERIFY_CHECK(r == 1);
|
VERIFY_CHECK(r == 1);
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
void static secp256k1_fe_verify(const secp256k1_fe_t *a) {}
|
static void secp256k1_fe_verify(const secp256k1_fe_t *a) {}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
void static secp256k1_fe_normalize(secp256k1_fe_t *r) {
|
static void secp256k1_fe_normalize(secp256k1_fe_t *r) {
|
||||||
uint32_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4],
|
uint32_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4],
|
||||||
t5 = r->n[5], t6 = r->n[6], t7 = r->n[7], t8 = r->n[8], t9 = r->n[9];
|
t5 = r->n[5], t6 = r->n[6], t7 = r->n[7], t8 = r->n[8], t9 = r->n[9];
|
||||||
|
|
||||||
|
@ -99,7 +99,7 @@ void static secp256k1_fe_normalize(secp256k1_fe_t *r) {
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
void static inline secp256k1_fe_set_int(secp256k1_fe_t *r, int a) {
|
SECP256K1_INLINE static void secp256k1_fe_set_int(secp256k1_fe_t *r, int a) {
|
||||||
r->n[0] = a;
|
r->n[0] = a;
|
||||||
r->n[1] = r->n[2] = r->n[3] = r->n[4] = r->n[5] = r->n[6] = r->n[7] = r->n[8] = r->n[9] = 0;
|
r->n[1] = r->n[2] = r->n[3] = r->n[4] = r->n[5] = r->n[6] = r->n[7] = r->n[8] = r->n[9] = 0;
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
|
@ -109,7 +109,7 @@ void static inline secp256k1_fe_set_int(secp256k1_fe_t *r, int a) {
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
int static inline secp256k1_fe_is_zero(const secp256k1_fe_t *a) {
|
SECP256K1_INLINE static int secp256k1_fe_is_zero(const secp256k1_fe_t *a) {
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
VERIFY_CHECK(a->normalized);
|
VERIFY_CHECK(a->normalized);
|
||||||
secp256k1_fe_verify(a);
|
secp256k1_fe_verify(a);
|
||||||
|
@ -118,7 +118,7 @@ int static inline secp256k1_fe_is_zero(const secp256k1_fe_t *a) {
|
||||||
return (t[0] | t[1] | t[2] | t[3] | t[4] | t[5] | t[6] | t[7] | t[8] | t[9]) == 0;
|
return (t[0] | t[1] | t[2] | t[3] | t[4] | t[5] | t[6] | t[7] | t[8] | t[9]) == 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static inline secp256k1_fe_is_odd(const secp256k1_fe_t *a) {
|
SECP256K1_INLINE static int secp256k1_fe_is_odd(const secp256k1_fe_t *a) {
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
VERIFY_CHECK(a->normalized);
|
VERIFY_CHECK(a->normalized);
|
||||||
secp256k1_fe_verify(a);
|
secp256k1_fe_verify(a);
|
||||||
|
@ -126,7 +126,7 @@ int static inline secp256k1_fe_is_odd(const secp256k1_fe_t *a) {
|
||||||
return a->n[0] & 1;
|
return a->n[0] & 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static inline secp256k1_fe_clear(secp256k1_fe_t *a) {
|
SECP256K1_INLINE static void secp256k1_fe_clear(secp256k1_fe_t *a) {
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
a->magnitude = 0;
|
a->magnitude = 0;
|
||||||
a->normalized = 1;
|
a->normalized = 1;
|
||||||
|
@ -136,7 +136,7 @@ void static inline secp256k1_fe_clear(secp256k1_fe_t *a) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
int static inline secp256k1_fe_equal(const secp256k1_fe_t *a, const secp256k1_fe_t *b) {
|
SECP256K1_INLINE static int secp256k1_fe_equal(const secp256k1_fe_t *a, const secp256k1_fe_t *b) {
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
VERIFY_CHECK(a->normalized);
|
VERIFY_CHECK(a->normalized);
|
||||||
VERIFY_CHECK(b->normalized);
|
VERIFY_CHECK(b->normalized);
|
||||||
|
@ -148,7 +148,7 @@ int static inline secp256k1_fe_equal(const secp256k1_fe_t *a, const secp256k1_fe
|
||||||
| (t[5]^u[5]) | (t[6]^u[6]) | (t[7]^u[7]) | (t[8]^u[8]) | (t[9]^u[9])) == 0;
|
| (t[5]^u[5]) | (t[6]^u[6]) | (t[7]^u[7]) | (t[8]^u[8]) | (t[9]^u[9])) == 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_fe_set_b32(secp256k1_fe_t *r, const unsigned char *a) {
|
static void secp256k1_fe_set_b32(secp256k1_fe_t *r, const unsigned char *a) {
|
||||||
r->n[0] = r->n[1] = r->n[2] = r->n[3] = r->n[4] = 0;
|
r->n[0] = r->n[1] = r->n[2] = r->n[3] = r->n[4] = 0;
|
||||||
r->n[5] = r->n[6] = r->n[7] = r->n[8] = r->n[9] = 0;
|
r->n[5] = r->n[6] = r->n[7] = r->n[8] = r->n[9] = 0;
|
||||||
for (int i=0; i<32; i++) {
|
for (int i=0; i<32; i++) {
|
||||||
|
@ -166,7 +166,7 @@ void static secp256k1_fe_set_b32(secp256k1_fe_t *r, const unsigned char *a) {
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Convert a field element to a 32-byte big endian value. Requires the input to be normalized */
|
/** Convert a field element to a 32-byte big endian value. Requires the input to be normalized */
|
||||||
void static secp256k1_fe_get_b32(unsigned char *r, const secp256k1_fe_t *a) {
|
static void secp256k1_fe_get_b32(unsigned char *r, const secp256k1_fe_t *a) {
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
VERIFY_CHECK(a->normalized);
|
VERIFY_CHECK(a->normalized);
|
||||||
secp256k1_fe_verify(a);
|
secp256k1_fe_verify(a);
|
||||||
|
@ -182,7 +182,7 @@ void static secp256k1_fe_get_b32(unsigned char *r, const secp256k1_fe_t *a) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void static inline secp256k1_fe_negate(secp256k1_fe_t *r, const secp256k1_fe_t *a, int m) {
|
SECP256K1_INLINE static void secp256k1_fe_negate(secp256k1_fe_t *r, const secp256k1_fe_t *a, int m) {
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
VERIFY_CHECK(a->magnitude <= m);
|
VERIFY_CHECK(a->magnitude <= m);
|
||||||
secp256k1_fe_verify(a);
|
secp256k1_fe_verify(a);
|
||||||
|
@ -204,7 +204,7 @@ void static inline secp256k1_fe_negate(secp256k1_fe_t *r, const secp256k1_fe_t *
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
void static inline secp256k1_fe_mul_int(secp256k1_fe_t *r, int a) {
|
SECP256K1_INLINE static void secp256k1_fe_mul_int(secp256k1_fe_t *r, int a) {
|
||||||
r->n[0] *= a;
|
r->n[0] *= a;
|
||||||
r->n[1] *= a;
|
r->n[1] *= a;
|
||||||
r->n[2] *= a;
|
r->n[2] *= a;
|
||||||
|
@ -222,7 +222,7 @@ void static inline secp256k1_fe_mul_int(secp256k1_fe_t *r, int a) {
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
void static inline secp256k1_fe_add(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
SECP256K1_INLINE static void secp256k1_fe_add(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
secp256k1_fe_verify(a);
|
secp256k1_fe_verify(a);
|
||||||
#endif
|
#endif
|
||||||
|
@ -243,7 +243,7 @@ void static inline secp256k1_fe_add(secp256k1_fe_t *r, const secp256k1_fe_t *a)
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
void static inline secp256k1_fe_mul_inner(const uint32_t *a, const uint32_t *b, uint32_t *r) {
|
SECP256K1_INLINE static void secp256k1_fe_mul_inner(const uint32_t *a, const uint32_t *b, uint32_t *r) {
|
||||||
uint64_t c = (uint64_t)a[0] * b[0];
|
uint64_t c = (uint64_t)a[0] * b[0];
|
||||||
uint32_t t0 = c & 0x3FFFFFFUL; c = c >> 26;
|
uint32_t t0 = c & 0x3FFFFFFUL; c = c >> 26;
|
||||||
c = c + (uint64_t)a[0] * b[1] +
|
c = c + (uint64_t)a[0] * b[1] +
|
||||||
|
@ -392,7 +392,7 @@ void static inline secp256k1_fe_mul_inner(const uint32_t *a, const uint32_t *b,
|
||||||
r[2] = t2 + d;
|
r[2] = t2 + d;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static inline secp256k1_fe_sqr_inner(const uint32_t *a, uint32_t *r) {
|
SECP256K1_INLINE static void secp256k1_fe_sqr_inner(const uint32_t *a, uint32_t *r) {
|
||||||
uint64_t c = (uint64_t)a[0] * a[0];
|
uint64_t c = (uint64_t)a[0] * a[0];
|
||||||
uint32_t t0 = c & 0x3FFFFFFUL; c = c >> 26;
|
uint32_t t0 = c & 0x3FFFFFFUL; c = c >> 26;
|
||||||
c = c + (uint64_t)(a[0]*2) * a[1];
|
c = c + (uint64_t)(a[0]*2) * a[1];
|
||||||
|
@ -497,7 +497,7 @@ void static inline secp256k1_fe_sqr_inner(const uint32_t *a, uint32_t *r) {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void static secp256k1_fe_mul(secp256k1_fe_t *r, const secp256k1_fe_t *a, const secp256k1_fe_t *b) {
|
static void secp256k1_fe_mul(secp256k1_fe_t *r, const secp256k1_fe_t *a, const secp256k1_fe_t *b) {
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
VERIFY_CHECK(a->magnitude <= 8);
|
VERIFY_CHECK(a->magnitude <= 8);
|
||||||
VERIFY_CHECK(b->magnitude <= 8);
|
VERIFY_CHECK(b->magnitude <= 8);
|
||||||
|
@ -512,7 +512,7 @@ void static secp256k1_fe_mul(secp256k1_fe_t *r, const secp256k1_fe_t *a, const s
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_fe_sqr(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
static void secp256k1_fe_sqr(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
VERIFY_CHECK(a->magnitude <= 8);
|
VERIFY_CHECK(a->magnitude <= 8);
|
||||||
secp256k1_fe_verify(a);
|
secp256k1_fe_verify(a);
|
||||||
|
|
|
@ -30,11 +30,11 @@
|
||||||
* output.
|
* output.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
void static secp256k1_fe_inner_start(void) {}
|
static void secp256k1_fe_inner_start(void) {}
|
||||||
void static secp256k1_fe_inner_stop(void) {}
|
static void secp256k1_fe_inner_stop(void) {}
|
||||||
|
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
void static secp256k1_fe_verify(const secp256k1_fe_t *a) {
|
static void secp256k1_fe_verify(const secp256k1_fe_t *a) {
|
||||||
const uint64_t *d = a->n;
|
const uint64_t *d = a->n;
|
||||||
int m = a->normalized ? 1 : 2 * a->magnitude, r = 1;
|
int m = a->normalized ? 1 : 2 * a->magnitude, r = 1;
|
||||||
r &= (d[0] <= 0xFFFFFFFFFFFFFULL * m);
|
r &= (d[0] <= 0xFFFFFFFFFFFFFULL * m);
|
||||||
|
@ -52,10 +52,10 @@ void static secp256k1_fe_verify(const secp256k1_fe_t *a) {
|
||||||
VERIFY_CHECK(r == 1);
|
VERIFY_CHECK(r == 1);
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
void static secp256k1_fe_verify(const secp256k1_fe_t *a) {}
|
static void secp256k1_fe_verify(const secp256k1_fe_t *a) {}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
void static secp256k1_fe_normalize(secp256k1_fe_t *r) {
|
static void secp256k1_fe_normalize(secp256k1_fe_t *r) {
|
||||||
uint64_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4];
|
uint64_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4];
|
||||||
|
|
||||||
// Reduce t4 at the start so there will be at most a single carry from the first pass
|
// Reduce t4 at the start so there will be at most a single carry from the first pass
|
||||||
|
@ -98,7 +98,7 @@ void static secp256k1_fe_normalize(secp256k1_fe_t *r) {
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
void static inline secp256k1_fe_set_int(secp256k1_fe_t *r, int a) {
|
SECP256K1_INLINE static void secp256k1_fe_set_int(secp256k1_fe_t *r, int a) {
|
||||||
r->n[0] = a;
|
r->n[0] = a;
|
||||||
r->n[1] = r->n[2] = r->n[3] = r->n[4] = 0;
|
r->n[1] = r->n[2] = r->n[3] = r->n[4] = 0;
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
|
@ -108,7 +108,7 @@ void static inline secp256k1_fe_set_int(secp256k1_fe_t *r, int a) {
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
int static inline secp256k1_fe_is_zero(const secp256k1_fe_t *a) {
|
SECP256K1_INLINE static int secp256k1_fe_is_zero(const secp256k1_fe_t *a) {
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
VERIFY_CHECK(a->normalized);
|
VERIFY_CHECK(a->normalized);
|
||||||
secp256k1_fe_verify(a);
|
secp256k1_fe_verify(a);
|
||||||
|
@ -117,7 +117,7 @@ int static inline secp256k1_fe_is_zero(const secp256k1_fe_t *a) {
|
||||||
return (t[0] | t[1] | t[2] | t[3] | t[4]) == 0;
|
return (t[0] | t[1] | t[2] | t[3] | t[4]) == 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static inline secp256k1_fe_is_odd(const secp256k1_fe_t *a) {
|
SECP256K1_INLINE static int secp256k1_fe_is_odd(const secp256k1_fe_t *a) {
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
VERIFY_CHECK(a->normalized);
|
VERIFY_CHECK(a->normalized);
|
||||||
secp256k1_fe_verify(a);
|
secp256k1_fe_verify(a);
|
||||||
|
@ -125,7 +125,7 @@ int static inline secp256k1_fe_is_odd(const secp256k1_fe_t *a) {
|
||||||
return a->n[0] & 1;
|
return a->n[0] & 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static inline secp256k1_fe_clear(secp256k1_fe_t *a) {
|
SECP256K1_INLINE static void secp256k1_fe_clear(secp256k1_fe_t *a) {
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
a->magnitude = 0;
|
a->magnitude = 0;
|
||||||
a->normalized = 1;
|
a->normalized = 1;
|
||||||
|
@ -135,7 +135,7 @@ void static inline secp256k1_fe_clear(secp256k1_fe_t *a) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
int static inline secp256k1_fe_equal(const secp256k1_fe_t *a, const secp256k1_fe_t *b) {
|
SECP256K1_INLINE static int secp256k1_fe_equal(const secp256k1_fe_t *a, const secp256k1_fe_t *b) {
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
VERIFY_CHECK(a->normalized);
|
VERIFY_CHECK(a->normalized);
|
||||||
VERIFY_CHECK(b->normalized);
|
VERIFY_CHECK(b->normalized);
|
||||||
|
@ -146,7 +146,7 @@ int static inline secp256k1_fe_equal(const secp256k1_fe_t *a, const secp256k1_fe
|
||||||
return ((t[0]^u[0]) | (t[1]^u[1]) | (t[2]^u[2]) | (t[3]^u[3]) | (t[4]^u[4])) == 0;
|
return ((t[0]^u[0]) | (t[1]^u[1]) | (t[2]^u[2]) | (t[3]^u[3]) | (t[4]^u[4])) == 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_fe_set_b32(secp256k1_fe_t *r, const unsigned char *a) {
|
static void secp256k1_fe_set_b32(secp256k1_fe_t *r, const unsigned char *a) {
|
||||||
r->n[0] = r->n[1] = r->n[2] = r->n[3] = r->n[4] = 0;
|
r->n[0] = r->n[1] = r->n[2] = r->n[3] = r->n[4] = 0;
|
||||||
for (int i=0; i<32; i++) {
|
for (int i=0; i<32; i++) {
|
||||||
for (int j=0; j<2; j++) {
|
for (int j=0; j<2; j++) {
|
||||||
|
@ -163,7 +163,7 @@ void static secp256k1_fe_set_b32(secp256k1_fe_t *r, const unsigned char *a) {
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Convert a field element to a 32-byte big endian value. Requires the input to be normalized */
|
/** Convert a field element to a 32-byte big endian value. Requires the input to be normalized */
|
||||||
void static secp256k1_fe_get_b32(unsigned char *r, const secp256k1_fe_t *a) {
|
static void secp256k1_fe_get_b32(unsigned char *r, const secp256k1_fe_t *a) {
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
VERIFY_CHECK(a->normalized);
|
VERIFY_CHECK(a->normalized);
|
||||||
secp256k1_fe_verify(a);
|
secp256k1_fe_verify(a);
|
||||||
|
@ -179,7 +179,7 @@ void static secp256k1_fe_get_b32(unsigned char *r, const secp256k1_fe_t *a) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void static inline secp256k1_fe_negate(secp256k1_fe_t *r, const secp256k1_fe_t *a, int m) {
|
SECP256K1_INLINE static void secp256k1_fe_negate(secp256k1_fe_t *r, const secp256k1_fe_t *a, int m) {
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
VERIFY_CHECK(a->magnitude <= m);
|
VERIFY_CHECK(a->magnitude <= m);
|
||||||
secp256k1_fe_verify(a);
|
secp256k1_fe_verify(a);
|
||||||
|
@ -196,7 +196,7 @@ void static inline secp256k1_fe_negate(secp256k1_fe_t *r, const secp256k1_fe_t *
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
void static inline secp256k1_fe_mul_int(secp256k1_fe_t *r, int a) {
|
SECP256K1_INLINE static void secp256k1_fe_mul_int(secp256k1_fe_t *r, int a) {
|
||||||
r->n[0] *= a;
|
r->n[0] *= a;
|
||||||
r->n[1] *= a;
|
r->n[1] *= a;
|
||||||
r->n[2] *= a;
|
r->n[2] *= a;
|
||||||
|
@ -209,7 +209,7 @@ void static inline secp256k1_fe_mul_int(secp256k1_fe_t *r, int a) {
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
void static inline secp256k1_fe_add(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
SECP256K1_INLINE static void secp256k1_fe_add(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
secp256k1_fe_verify(a);
|
secp256k1_fe_verify(a);
|
||||||
#endif
|
#endif
|
||||||
|
@ -225,7 +225,7 @@ void static inline secp256k1_fe_add(secp256k1_fe_t *r, const secp256k1_fe_t *a)
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_fe_mul(secp256k1_fe_t *r, const secp256k1_fe_t *a, const secp256k1_fe_t *b) {
|
static void secp256k1_fe_mul(secp256k1_fe_t *r, const secp256k1_fe_t *a, const secp256k1_fe_t *b) {
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
VERIFY_CHECK(a->magnitude <= 8);
|
VERIFY_CHECK(a->magnitude <= 8);
|
||||||
VERIFY_CHECK(b->magnitude <= 8);
|
VERIFY_CHECK(b->magnitude <= 8);
|
||||||
|
@ -240,7 +240,7 @@ void static secp256k1_fe_mul(secp256k1_fe_t *r, const secp256k1_fe_t *a, const s
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_fe_sqr(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
static void secp256k1_fe_sqr(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
VERIFY_CHECK(a->magnitude <= 8);
|
VERIFY_CHECK(a->magnitude <= 8);
|
||||||
secp256k1_fe_verify(a);
|
secp256k1_fe_verify(a);
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
|
|
||||||
#include <stdint.h>
|
#include <stdint.h>
|
||||||
|
|
||||||
void static inline secp256k1_fe_mul_inner(const uint64_t *a, const uint64_t *b, uint64_t *r) {
|
SECP256K1_INLINE static void secp256k1_fe_mul_inner(const uint64_t *a, const uint64_t *b, uint64_t *r) {
|
||||||
__int128 c = (__int128)a[0] * b[0];
|
__int128 c = (__int128)a[0] * b[0];
|
||||||
uint64_t t0 = c & 0xFFFFFFFFFFFFFULL; c = c >> 52; // c max 0FFFFFFFFFFFFFE0
|
uint64_t t0 = c & 0xFFFFFFFFFFFFFULL; c = c >> 52; // c max 0FFFFFFFFFFFFFE0
|
||||||
c = c + (__int128)a[0] * b[1] +
|
c = c + (__int128)a[0] * b[1] +
|
||||||
|
@ -60,7 +60,7 @@ void static inline secp256k1_fe_mul_inner(const uint64_t *a, const uint64_t *b,
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void static inline secp256k1_fe_sqr_inner(const uint64_t *a, uint64_t *r) {
|
SECP256K1_INLINE static void secp256k1_fe_sqr_inner(const uint64_t *a, uint64_t *r) {
|
||||||
__int128 c = (__int128)a[0] * a[0];
|
__int128 c = (__int128)a[0] * a[0];
|
||||||
uint64_t t0 = c & 0xFFFFFFFFFFFFFULL; c = c >> 52; // c max 0FFFFFFFFFFFFFE0
|
uint64_t t0 = c & 0xFFFFFFFFFFFFFULL; c = c >> 52; // c max 0FFFFFFFFFFFFFE0
|
||||||
c = c + (__int128)(a[0]*2) * a[1];
|
c = c + (__int128)(a[0]*2) * a[1];
|
||||||
|
|
|
@ -13,7 +13,7 @@
|
||||||
static mp_limb_t secp256k1_field_p[FIELD_LIMBS];
|
static mp_limb_t secp256k1_field_p[FIELD_LIMBS];
|
||||||
static mp_limb_t secp256k1_field_pc[(33+GMP_NUMB_BITS-1)/GMP_NUMB_BITS];
|
static mp_limb_t secp256k1_field_pc[(33+GMP_NUMB_BITS-1)/GMP_NUMB_BITS];
|
||||||
|
|
||||||
void static secp256k1_fe_inner_start(void) {
|
static void secp256k1_fe_inner_start(void) {
|
||||||
for (int i=0; i<(33+GMP_NUMB_BITS-1)/GMP_NUMB_BITS; i++)
|
for (int i=0; i<(33+GMP_NUMB_BITS-1)/GMP_NUMB_BITS; i++)
|
||||||
secp256k1_field_pc[i] = 0;
|
secp256k1_field_pc[i] = 0;
|
||||||
secp256k1_field_pc[0] += 0x3D1UL;
|
secp256k1_field_pc[0] += 0x3D1UL;
|
||||||
|
@ -24,10 +24,10 @@ void static secp256k1_fe_inner_start(void) {
|
||||||
mpn_sub(secp256k1_field_p, secp256k1_field_p, FIELD_LIMBS, secp256k1_field_pc, (33+GMP_NUMB_BITS-1)/GMP_NUMB_BITS);
|
mpn_sub(secp256k1_field_p, secp256k1_field_p, FIELD_LIMBS, secp256k1_field_pc, (33+GMP_NUMB_BITS-1)/GMP_NUMB_BITS);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_fe_inner_stop(void) {
|
static void secp256k1_fe_inner_stop(void) {
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_fe_normalize(secp256k1_fe_t *r) {
|
static void secp256k1_fe_normalize(secp256k1_fe_t *r) {
|
||||||
if (r->n[FIELD_LIMBS] != 0) {
|
if (r->n[FIELD_LIMBS] != 0) {
|
||||||
#if (GMP_NUMB_BITS >= 40)
|
#if (GMP_NUMB_BITS >= 40)
|
||||||
mp_limb_t carry = mpn_add_1(r->n, r->n, FIELD_LIMBS, 0x1000003D1ULL * r->n[FIELD_LIMBS]);
|
mp_limb_t carry = mpn_add_1(r->n, r->n, FIELD_LIMBS, 0x1000003D1ULL * r->n[FIELD_LIMBS]);
|
||||||
|
@ -44,36 +44,36 @@ void static secp256k1_fe_normalize(secp256k1_fe_t *r) {
|
||||||
mpn_sub(r->n, r->n, FIELD_LIMBS, secp256k1_field_p, FIELD_LIMBS);
|
mpn_sub(r->n, r->n, FIELD_LIMBS, secp256k1_field_p, FIELD_LIMBS);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static inline secp256k1_fe_set_int(secp256k1_fe_t *r, int a) {
|
SECP256K1_INLINE static void secp256k1_fe_set_int(secp256k1_fe_t *r, int a) {
|
||||||
r->n[0] = a;
|
r->n[0] = a;
|
||||||
for (int i=1; i<FIELD_LIMBS+1; i++)
|
for (int i=1; i<FIELD_LIMBS+1; i++)
|
||||||
r->n[i] = 0;
|
r->n[i] = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static inline secp256k1_fe_clear(secp256k1_fe_t *r) {
|
SECP256K1_INLINE static void secp256k1_fe_clear(secp256k1_fe_t *r) {
|
||||||
for (int i=0; i<FIELD_LIMBS+1; i++)
|
for (int i=0; i<FIELD_LIMBS+1; i++)
|
||||||
r->n[i] = 0;
|
r->n[i] = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static inline secp256k1_fe_is_zero(const secp256k1_fe_t *a) {
|
SECP256K1_INLINE static int secp256k1_fe_is_zero(const secp256k1_fe_t *a) {
|
||||||
int ret = 1;
|
int ret = 1;
|
||||||
for (int i=0; i<FIELD_LIMBS+1; i++)
|
for (int i=0; i<FIELD_LIMBS+1; i++)
|
||||||
ret &= (a->n[i] == 0);
|
ret &= (a->n[i] == 0);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static inline secp256k1_fe_is_odd(const secp256k1_fe_t *a) {
|
SECP256K1_INLINE static int secp256k1_fe_is_odd(const secp256k1_fe_t *a) {
|
||||||
return a->n[0] & 1;
|
return a->n[0] & 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static inline secp256k1_fe_equal(const secp256k1_fe_t *a, const secp256k1_fe_t *b) {
|
SECP256K1_INLINE static int secp256k1_fe_equal(const secp256k1_fe_t *a, const secp256k1_fe_t *b) {
|
||||||
int ret = 1;
|
int ret = 1;
|
||||||
for (int i=0; i<FIELD_LIMBS+1; i++)
|
for (int i=0; i<FIELD_LIMBS+1; i++)
|
||||||
ret &= (a->n[i] == b->n[i]);
|
ret &= (a->n[i] == b->n[i]);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_fe_set_b32(secp256k1_fe_t *r, const unsigned char *a) {
|
static void secp256k1_fe_set_b32(secp256k1_fe_t *r, const unsigned char *a) {
|
||||||
for (int i=0; i<FIELD_LIMBS+1; i++)
|
for (int i=0; i<FIELD_LIMBS+1; i++)
|
||||||
r->n[i] = 0;
|
r->n[i] = 0;
|
||||||
for (int i=0; i<256; i++) {
|
for (int i=0; i<256; i++) {
|
||||||
|
@ -84,7 +84,7 @@ void static secp256k1_fe_set_b32(secp256k1_fe_t *r, const unsigned char *a) {
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Convert a field element to a 32-byte big endian value. Requires the input to be normalized */
|
/** Convert a field element to a 32-byte big endian value. Requires the input to be normalized */
|
||||||
void static secp256k1_fe_get_b32(unsigned char *r, const secp256k1_fe_t *a) {
|
static void secp256k1_fe_get_b32(unsigned char *r, const secp256k1_fe_t *a) {
|
||||||
for (int i=0; i<32; i++) {
|
for (int i=0; i<32; i++) {
|
||||||
int c = 0;
|
int c = 0;
|
||||||
for (int j=0; j<8; j++) {
|
for (int j=0; j<8; j++) {
|
||||||
|
@ -96,7 +96,7 @@ void static secp256k1_fe_get_b32(unsigned char *r, const secp256k1_fe_t *a) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void static inline secp256k1_fe_negate(secp256k1_fe_t *r, const secp256k1_fe_t *a, int m) {
|
SECP256K1_INLINE static void secp256k1_fe_negate(secp256k1_fe_t *r, const secp256k1_fe_t *a, int m) {
|
||||||
*r = *a;
|
*r = *a;
|
||||||
secp256k1_fe_normalize(r);
|
secp256k1_fe_normalize(r);
|
||||||
for (int i=0; i<FIELD_LIMBS; i++)
|
for (int i=0; i<FIELD_LIMBS; i++)
|
||||||
|
@ -109,15 +109,15 @@ void static inline secp256k1_fe_negate(secp256k1_fe_t *r, const secp256k1_fe_t *
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
void static inline secp256k1_fe_mul_int(secp256k1_fe_t *r, int a) {
|
SECP256K1_INLINE static void secp256k1_fe_mul_int(secp256k1_fe_t *r, int a) {
|
||||||
mpn_mul_1(r->n, r->n, FIELD_LIMBS+1, a);
|
mpn_mul_1(r->n, r->n, FIELD_LIMBS+1, a);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static inline secp256k1_fe_add(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
SECP256K1_INLINE static void secp256k1_fe_add(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
||||||
mpn_add(r->n, r->n, FIELD_LIMBS+1, a->n, FIELD_LIMBS+1);
|
mpn_add(r->n, r->n, FIELD_LIMBS+1, a->n, FIELD_LIMBS+1);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_fe_reduce(secp256k1_fe_t *r, mp_limb_t *tmp) {
|
static void secp256k1_fe_reduce(secp256k1_fe_t *r, mp_limb_t *tmp) {
|
||||||
// <A1 A2 A3 A4> <B1 B2 B3 B4>
|
// <A1 A2 A3 A4> <B1 B2 B3 B4>
|
||||||
// B1 B2 B3 B4
|
// B1 B2 B3 B4
|
||||||
// + C * A1 A2 A3 A4
|
// + C * A1 A2 A3 A4
|
||||||
|
@ -138,7 +138,7 @@ void static secp256k1_fe_reduce(secp256k1_fe_t *r, mp_limb_t *tmp) {
|
||||||
r->n[FIELD_LIMBS] = mpn_add(r->n, tmp, FIELD_LIMBS, q, 1+(33+GMP_NUMB_BITS-1)/GMP_NUMB_BITS);
|
r->n[FIELD_LIMBS] = mpn_add(r->n, tmp, FIELD_LIMBS, q, 1+(33+GMP_NUMB_BITS-1)/GMP_NUMB_BITS);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_fe_mul(secp256k1_fe_t *r, const secp256k1_fe_t *a, const secp256k1_fe_t *b) {
|
static void secp256k1_fe_mul(secp256k1_fe_t *r, const secp256k1_fe_t *a, const secp256k1_fe_t *b) {
|
||||||
secp256k1_fe_t ac = *a;
|
secp256k1_fe_t ac = *a;
|
||||||
secp256k1_fe_t bc = *b;
|
secp256k1_fe_t bc = *b;
|
||||||
secp256k1_fe_normalize(&ac);
|
secp256k1_fe_normalize(&ac);
|
||||||
|
@ -148,7 +148,7 @@ void static secp256k1_fe_mul(secp256k1_fe_t *r, const secp256k1_fe_t *a, const s
|
||||||
secp256k1_fe_reduce(r, tmp);
|
secp256k1_fe_reduce(r, tmp);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_fe_sqr(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
static void secp256k1_fe_sqr(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
||||||
secp256k1_fe_t ac = *a;
|
secp256k1_fe_t ac = *a;
|
||||||
secp256k1_fe_normalize(&ac);
|
secp256k1_fe_normalize(&ac);
|
||||||
mp_limb_t tmp[2*FIELD_LIMBS];
|
mp_limb_t tmp[2*FIELD_LIMBS];
|
||||||
|
|
|
@ -21,7 +21,7 @@
|
||||||
#error "Please select field implementation"
|
#error "Please select field implementation"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
void static secp256k1_fe_get_hex(char *r, int *rlen, const secp256k1_fe_t *a) {
|
static void secp256k1_fe_get_hex(char *r, int *rlen, const secp256k1_fe_t *a) {
|
||||||
if (*rlen < 65) {
|
if (*rlen < 65) {
|
||||||
*rlen = 65;
|
*rlen = 65;
|
||||||
return;
|
return;
|
||||||
|
@ -39,7 +39,7 @@ void static secp256k1_fe_get_hex(char *r, int *rlen, const secp256k1_fe_t *a) {
|
||||||
r[64] = 0x00;
|
r[64] = 0x00;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_fe_set_hex(secp256k1_fe_t *r, const char *a, int alen) {
|
static void secp256k1_fe_set_hex(secp256k1_fe_t *r, const char *a, int alen) {
|
||||||
unsigned char tmp[32] = {};
|
unsigned char tmp[32] = {};
|
||||||
static const int cvt[256] = {0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0,
|
static const int cvt[256] = {0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0,
|
||||||
0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0,
|
0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0,
|
||||||
|
@ -64,7 +64,7 @@ void static secp256k1_fe_set_hex(secp256k1_fe_t *r, const char *a, int alen) {
|
||||||
secp256k1_fe_set_b32(r, tmp);
|
secp256k1_fe_set_b32(r, tmp);
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_fe_sqrt(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
static int secp256k1_fe_sqrt(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
||||||
|
|
||||||
// The binary representation of (p + 1)/4 has 3 blocks of 1s, with lengths in
|
// The binary representation of (p + 1)/4 has 3 blocks of 1s, with lengths in
|
||||||
// { 2, 22, 223 }. Use an addition chain to calculate 2^n - 1 for each block:
|
// { 2, 22, 223 }. Use an addition chain to calculate 2^n - 1 for each block:
|
||||||
|
@ -133,7 +133,7 @@ int static secp256k1_fe_sqrt(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
||||||
return secp256k1_fe_is_zero(&t1);
|
return secp256k1_fe_is_zero(&t1);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_fe_inv(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
static void secp256k1_fe_inv(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
||||||
|
|
||||||
// The binary representation of (p - 2) has 5 blocks of 1s, with lengths in
|
// The binary representation of (p - 2) has 5 blocks of 1s, with lengths in
|
||||||
// { 1, 2, 22, 223 }. Use an addition chain to calculate 2^n - 1 for each block:
|
// { 1, 2, 22, 223 }. Use an addition chain to calculate 2^n - 1 for each block:
|
||||||
|
@ -196,7 +196,7 @@ void static secp256k1_fe_inv(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
||||||
secp256k1_fe_mul(r, &t1, a);
|
secp256k1_fe_mul(r, &t1, a);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_fe_inv_var(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
static void secp256k1_fe_inv_var(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
||||||
#if defined(USE_FIELD_INV_BUILTIN)
|
#if defined(USE_FIELD_INV_BUILTIN)
|
||||||
secp256k1_fe_inv(r, a);
|
secp256k1_fe_inv(r, a);
|
||||||
#elif defined(USE_FIELD_INV_NUM)
|
#elif defined(USE_FIELD_INV_NUM)
|
||||||
|
@ -214,7 +214,7 @@ void static secp256k1_fe_inv_var(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_fe_inv_all(size_t len, secp256k1_fe_t r[len], const secp256k1_fe_t a[len]) {
|
static void secp256k1_fe_inv_all(size_t len, secp256k1_fe_t r[len], const secp256k1_fe_t a[len]) {
|
||||||
if (len < 1)
|
if (len < 1)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
|
@ -238,7 +238,7 @@ void static secp256k1_fe_inv_all(size_t len, secp256k1_fe_t r[len], const secp25
|
||||||
r[0] = u;
|
r[0] = u;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_fe_inv_all_var(size_t len, secp256k1_fe_t r[len], const secp256k1_fe_t a[len]) {
|
static void secp256k1_fe_inv_all_var(size_t len, secp256k1_fe_t r[len], const secp256k1_fe_t a[len]) {
|
||||||
if (len < 1)
|
if (len < 1)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
|
@ -262,7 +262,7 @@ void static secp256k1_fe_inv_all_var(size_t len, secp256k1_fe_t r[len], const se
|
||||||
r[0] = u;
|
r[0] = u;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_fe_start(void) {
|
static void secp256k1_fe_start(void) {
|
||||||
static const unsigned char secp256k1_fe_consts_p[] = {
|
static const unsigned char secp256k1_fe_consts_p[] = {
|
||||||
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
|
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
|
||||||
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
|
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
|
||||||
|
@ -277,7 +277,7 @@ void static secp256k1_fe_start(void) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_fe_stop(void) {
|
static void secp256k1_fe_stop(void) {
|
||||||
if (secp256k1_fe_consts != NULL) {
|
if (secp256k1_fe_consts != NULL) {
|
||||||
secp256k1_fe_consts_t *c = (secp256k1_fe_consts_t*)secp256k1_fe_consts;
|
secp256k1_fe_consts_t *c = (secp256k1_fe_consts_t*)secp256k1_fe_consts;
|
||||||
free((void*)c);
|
free((void*)c);
|
||||||
|
|
52
src/group.h
52
src/group.h
|
@ -39,88 +39,88 @@ typedef struct {
|
||||||
static const secp256k1_ge_consts_t *secp256k1_ge_consts = NULL;
|
static const secp256k1_ge_consts_t *secp256k1_ge_consts = NULL;
|
||||||
|
|
||||||
/** Initialize the group module. */
|
/** Initialize the group module. */
|
||||||
void static secp256k1_ge_start(void);
|
static void secp256k1_ge_start(void);
|
||||||
|
|
||||||
/** De-initialize the group module. */
|
/** De-initialize the group module. */
|
||||||
void static secp256k1_ge_stop(void);
|
static void secp256k1_ge_stop(void);
|
||||||
|
|
||||||
/** Set a group element equal to the point at infinity */
|
/** Set a group element equal to the point at infinity */
|
||||||
void static secp256k1_ge_set_infinity(secp256k1_ge_t *r);
|
static void secp256k1_ge_set_infinity(secp256k1_ge_t *r);
|
||||||
|
|
||||||
/** Set a group element equal to the point with given X and Y coordinates */
|
/** Set a group element equal to the point with given X and Y coordinates */
|
||||||
void static secp256k1_ge_set_xy(secp256k1_ge_t *r, const secp256k1_fe_t *x, const secp256k1_fe_t *y);
|
static void secp256k1_ge_set_xy(secp256k1_ge_t *r, const secp256k1_fe_t *x, const secp256k1_fe_t *y);
|
||||||
|
|
||||||
/** Set a group element (affine) equal to the point with the given X coordinate, and given oddness
|
/** Set a group element (affine) equal to the point with the given X coordinate, and given oddness
|
||||||
* for Y. Return value indicates whether the result is valid. */
|
* for Y. Return value indicates whether the result is valid. */
|
||||||
int static secp256k1_ge_set_xo(secp256k1_ge_t *r, const secp256k1_fe_t *x, int odd);
|
static int secp256k1_ge_set_xo(secp256k1_ge_t *r, const secp256k1_fe_t *x, int odd);
|
||||||
|
|
||||||
/** Check whether a group element is the point at infinity. */
|
/** Check whether a group element is the point at infinity. */
|
||||||
int static secp256k1_ge_is_infinity(const secp256k1_ge_t *a);
|
static int secp256k1_ge_is_infinity(const secp256k1_ge_t *a);
|
||||||
|
|
||||||
/** Check whether a group element is valid (i.e., on the curve). */
|
/** Check whether a group element is valid (i.e., on the curve). */
|
||||||
int static secp256k1_ge_is_valid(const secp256k1_ge_t *a);
|
static int secp256k1_ge_is_valid(const secp256k1_ge_t *a);
|
||||||
|
|
||||||
void static secp256k1_ge_neg(secp256k1_ge_t *r, const secp256k1_ge_t *a);
|
static void secp256k1_ge_neg(secp256k1_ge_t *r, const secp256k1_ge_t *a);
|
||||||
|
|
||||||
/** Get a hex representation of a point. *rlen will be overwritten with the real length. */
|
/** Get a hex representation of a point. *rlen will be overwritten with the real length. */
|
||||||
void static secp256k1_ge_get_hex(char *r, int *rlen, const secp256k1_ge_t *a);
|
static void secp256k1_ge_get_hex(char *r, int *rlen, const secp256k1_ge_t *a);
|
||||||
|
|
||||||
/** Set a group element equal to another which is given in jacobian coordinates */
|
/** Set a group element equal to another which is given in jacobian coordinates */
|
||||||
void static secp256k1_ge_set_gej(secp256k1_ge_t *r, secp256k1_gej_t *a);
|
static void secp256k1_ge_set_gej(secp256k1_ge_t *r, secp256k1_gej_t *a);
|
||||||
|
|
||||||
/** Set a batch of group elements equal to the inputs given in jacobian coordinates */
|
/** Set a batch of group elements equal to the inputs given in jacobian coordinates */
|
||||||
void static secp256k1_ge_set_all_gej_var(size_t len, secp256k1_ge_t r[len], const secp256k1_gej_t a[len]);
|
static void secp256k1_ge_set_all_gej_var(size_t len, secp256k1_ge_t r[len], const secp256k1_gej_t a[len]);
|
||||||
|
|
||||||
|
|
||||||
/** Set a group element (jacobian) equal to the point at infinity. */
|
/** Set a group element (jacobian) equal to the point at infinity. */
|
||||||
void static secp256k1_gej_set_infinity(secp256k1_gej_t *r);
|
static void secp256k1_gej_set_infinity(secp256k1_gej_t *r);
|
||||||
|
|
||||||
/** Set a group element (jacobian) equal to the point with given X and Y coordinates. */
|
/** Set a group element (jacobian) equal to the point with given X and Y coordinates. */
|
||||||
void static secp256k1_gej_set_xy(secp256k1_gej_t *r, const secp256k1_fe_t *x, const secp256k1_fe_t *y);
|
static void secp256k1_gej_set_xy(secp256k1_gej_t *r, const secp256k1_fe_t *x, const secp256k1_fe_t *y);
|
||||||
|
|
||||||
/** Set a group element (jacobian) equal to another which is given in affine coordinates. */
|
/** Set a group element (jacobian) equal to another which is given in affine coordinates. */
|
||||||
void static secp256k1_gej_set_ge(secp256k1_gej_t *r, const secp256k1_ge_t *a);
|
static void secp256k1_gej_set_ge(secp256k1_gej_t *r, const secp256k1_ge_t *a);
|
||||||
|
|
||||||
/** Get the X coordinate of a group element (jacobian). */
|
/** Get the X coordinate of a group element (jacobian). */
|
||||||
void static secp256k1_gej_get_x_var(secp256k1_fe_t *r, const secp256k1_gej_t *a);
|
static void secp256k1_gej_get_x_var(secp256k1_fe_t *r, const secp256k1_gej_t *a);
|
||||||
|
|
||||||
/** Set r equal to the inverse of a (i.e., mirrored around the X axis) */
|
/** Set r equal to the inverse of a (i.e., mirrored around the X axis) */
|
||||||
void static secp256k1_gej_neg(secp256k1_gej_t *r, const secp256k1_gej_t *a);
|
static void secp256k1_gej_neg(secp256k1_gej_t *r, const secp256k1_gej_t *a);
|
||||||
|
|
||||||
/** Check whether a group element is the point at infinity. */
|
/** Check whether a group element is the point at infinity. */
|
||||||
int static secp256k1_gej_is_infinity(const secp256k1_gej_t *a);
|
static int secp256k1_gej_is_infinity(const secp256k1_gej_t *a);
|
||||||
|
|
||||||
/** Set r equal to the double of a. */
|
/** Set r equal to the double of a. */
|
||||||
void static secp256k1_gej_double_var(secp256k1_gej_t *r, const secp256k1_gej_t *a);
|
static void secp256k1_gej_double_var(secp256k1_gej_t *r, const secp256k1_gej_t *a);
|
||||||
|
|
||||||
/** Set r equal to the sum of a and b. */
|
/** Set r equal to the sum of a and b. */
|
||||||
void static secp256k1_gej_add_var(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_gej_t *b);
|
static void secp256k1_gej_add_var(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_gej_t *b);
|
||||||
|
|
||||||
/** Set r equal to the sum of a and b (with b given in affine coordinates, and not infinity). */
|
/** Set r equal to the sum of a and b (with b given in affine coordinates, and not infinity). */
|
||||||
void static secp256k1_gej_add_ge(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_ge_t *b);
|
static void secp256k1_gej_add_ge(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_ge_t *b);
|
||||||
|
|
||||||
/** Set r equal to the sum of a and b (with b given in affine coordinates). This is more efficient
|
/** Set r equal to the sum of a and b (with b given in affine coordinates). This is more efficient
|
||||||
than secp256k1_gej_add_var. It is identical to secp256k1_gej_add_ge but without constant-time
|
than secp256k1_gej_add_var. It is identical to secp256k1_gej_add_ge but without constant-time
|
||||||
guarantee, and b is allowed to be infinity. */
|
guarantee, and b is allowed to be infinity. */
|
||||||
void static secp256k1_gej_add_ge_var(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_ge_t *b);
|
static void secp256k1_gej_add_ge_var(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_ge_t *b);
|
||||||
|
|
||||||
/** Get a hex representation of a point. *rlen will be overwritten with the real length. */
|
/** Get a hex representation of a point. *rlen will be overwritten with the real length. */
|
||||||
void static secp256k1_gej_get_hex(char *r, int *rlen, const secp256k1_gej_t *a);
|
static void secp256k1_gej_get_hex(char *r, int *rlen, const secp256k1_gej_t *a);
|
||||||
|
|
||||||
#ifdef USE_ENDOMORPHISM
|
#ifdef USE_ENDOMORPHISM
|
||||||
/** Set r to be equal to lambda times a, where lambda is chosen in a way such that this is very fast. */
|
/** Set r to be equal to lambda times a, where lambda is chosen in a way such that this is very fast. */
|
||||||
void static secp256k1_gej_mul_lambda(secp256k1_gej_t *r, const secp256k1_gej_t *a);
|
static void secp256k1_gej_mul_lambda(secp256k1_gej_t *r, const secp256k1_gej_t *a);
|
||||||
|
|
||||||
/** Find r1 and r2 such that r1+r2*lambda = a, and r1 and r2 are maximum 128 bits long (given that a is
|
/** Find r1 and r2 such that r1+r2*lambda = a, and r1 and r2 are maximum 128 bits long (given that a is
|
||||||
not more than 256 bits). */
|
not more than 256 bits). */
|
||||||
void static secp256k1_gej_split_exp_var(secp256k1_num_t *r1, secp256k1_num_t *r2, const secp256k1_num_t *a);
|
static void secp256k1_gej_split_exp_var(secp256k1_num_t *r1, secp256k1_num_t *r2, const secp256k1_num_t *a);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/** Clear a secp256k1_gej_t to prevent leaking sensitive information. */
|
/** Clear a secp256k1_gej_t to prevent leaking sensitive information. */
|
||||||
void static secp256k1_gej_clear(secp256k1_gej_t *r);
|
static void secp256k1_gej_clear(secp256k1_gej_t *r);
|
||||||
|
|
||||||
/** Clear a secp256k1_ge_t to prevent leaking sensitive information. */
|
/** Clear a secp256k1_ge_t to prevent leaking sensitive information. */
|
||||||
void static secp256k1_ge_clear(secp256k1_ge_t *r);
|
static void secp256k1_ge_clear(secp256k1_ge_t *r);
|
||||||
|
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -11,21 +11,21 @@
|
||||||
#include "field.h"
|
#include "field.h"
|
||||||
#include "group.h"
|
#include "group.h"
|
||||||
|
|
||||||
void static secp256k1_ge_set_infinity(secp256k1_ge_t *r) {
|
static void secp256k1_ge_set_infinity(secp256k1_ge_t *r) {
|
||||||
r->infinity = 1;
|
r->infinity = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_ge_set_xy(secp256k1_ge_t *r, const secp256k1_fe_t *x, const secp256k1_fe_t *y) {
|
static void secp256k1_ge_set_xy(secp256k1_ge_t *r, const secp256k1_fe_t *x, const secp256k1_fe_t *y) {
|
||||||
r->infinity = 0;
|
r->infinity = 0;
|
||||||
r->x = *x;
|
r->x = *x;
|
||||||
r->y = *y;
|
r->y = *y;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_ge_is_infinity(const secp256k1_ge_t *a) {
|
static int secp256k1_ge_is_infinity(const secp256k1_ge_t *a) {
|
||||||
return a->infinity;
|
return a->infinity;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_ge_neg(secp256k1_ge_t *r, const secp256k1_ge_t *a) {
|
static void secp256k1_ge_neg(secp256k1_ge_t *r, const secp256k1_ge_t *a) {
|
||||||
r->infinity = a->infinity;
|
r->infinity = a->infinity;
|
||||||
r->x = a->x;
|
r->x = a->x;
|
||||||
r->y = a->y;
|
r->y = a->y;
|
||||||
|
@ -33,7 +33,7 @@ void static secp256k1_ge_neg(secp256k1_ge_t *r, const secp256k1_ge_t *a) {
|
||||||
secp256k1_fe_negate(&r->y, &r->y, 1);
|
secp256k1_fe_negate(&r->y, &r->y, 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_ge_get_hex(char *r, int *rlen, const secp256k1_ge_t *a) {
|
static void secp256k1_ge_get_hex(char *r, int *rlen, const secp256k1_ge_t *a) {
|
||||||
char cx[65]; int lx=65;
|
char cx[65]; int lx=65;
|
||||||
char cy[65]; int ly=65;
|
char cy[65]; int ly=65;
|
||||||
secp256k1_fe_get_hex(cx, &lx, &a->x);
|
secp256k1_fe_get_hex(cx, &lx, &a->x);
|
||||||
|
@ -54,7 +54,7 @@ void static secp256k1_ge_get_hex(char *r, int *rlen, const secp256k1_ge_t *a) {
|
||||||
r[3+lx+ly] = 0;
|
r[3+lx+ly] = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_ge_set_gej(secp256k1_ge_t *r, secp256k1_gej_t *a) {
|
static void secp256k1_ge_set_gej(secp256k1_ge_t *r, secp256k1_gej_t *a) {
|
||||||
r->infinity = a->infinity;
|
r->infinity = a->infinity;
|
||||||
secp256k1_fe_inv(&a->z, &a->z);
|
secp256k1_fe_inv(&a->z, &a->z);
|
||||||
secp256k1_fe_t z2; secp256k1_fe_sqr(&z2, &a->z);
|
secp256k1_fe_t z2; secp256k1_fe_sqr(&z2, &a->z);
|
||||||
|
@ -66,7 +66,7 @@ void static secp256k1_ge_set_gej(secp256k1_ge_t *r, secp256k1_gej_t *a) {
|
||||||
r->y = a->y;
|
r->y = a->y;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_ge_set_gej_var(secp256k1_ge_t *r, secp256k1_gej_t *a) {
|
static void secp256k1_ge_set_gej_var(secp256k1_ge_t *r, secp256k1_gej_t *a) {
|
||||||
r->infinity = a->infinity;
|
r->infinity = a->infinity;
|
||||||
if (a->infinity) {
|
if (a->infinity) {
|
||||||
return;
|
return;
|
||||||
|
@ -81,7 +81,7 @@ void static secp256k1_ge_set_gej_var(secp256k1_ge_t *r, secp256k1_gej_t *a) {
|
||||||
r->y = a->y;
|
r->y = a->y;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_ge_set_all_gej_var(size_t len, secp256k1_ge_t r[len], const secp256k1_gej_t a[len]) {
|
static void secp256k1_ge_set_all_gej_var(size_t len, secp256k1_ge_t r[len], const secp256k1_gej_t a[len]) {
|
||||||
int count = 0;
|
int count = 0;
|
||||||
secp256k1_fe_t az[len];
|
secp256k1_fe_t az[len];
|
||||||
for (int i=0; i<len; i++) {
|
for (int i=0; i<len; i++) {
|
||||||
|
@ -106,34 +106,34 @@ void static secp256k1_ge_set_all_gej_var(size_t len, secp256k1_ge_t r[len], cons
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_gej_set_infinity(secp256k1_gej_t *r) {
|
static void secp256k1_gej_set_infinity(secp256k1_gej_t *r) {
|
||||||
r->infinity = 1;
|
r->infinity = 1;
|
||||||
secp256k1_fe_set_int(&r->x, 0);
|
secp256k1_fe_set_int(&r->x, 0);
|
||||||
secp256k1_fe_set_int(&r->y, 0);
|
secp256k1_fe_set_int(&r->y, 0);
|
||||||
secp256k1_fe_set_int(&r->z, 0);
|
secp256k1_fe_set_int(&r->z, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_gej_set_xy(secp256k1_gej_t *r, const secp256k1_fe_t *x, const secp256k1_fe_t *y) {
|
static void secp256k1_gej_set_xy(secp256k1_gej_t *r, const secp256k1_fe_t *x, const secp256k1_fe_t *y) {
|
||||||
r->infinity = 0;
|
r->infinity = 0;
|
||||||
r->x = *x;
|
r->x = *x;
|
||||||
r->y = *y;
|
r->y = *y;
|
||||||
secp256k1_fe_set_int(&r->z, 1);
|
secp256k1_fe_set_int(&r->z, 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_gej_clear(secp256k1_gej_t *r) {
|
static void secp256k1_gej_clear(secp256k1_gej_t *r) {
|
||||||
r->infinity = 0;
|
r->infinity = 0;
|
||||||
secp256k1_fe_clear(&r->x);
|
secp256k1_fe_clear(&r->x);
|
||||||
secp256k1_fe_clear(&r->y);
|
secp256k1_fe_clear(&r->y);
|
||||||
secp256k1_fe_clear(&r->z);
|
secp256k1_fe_clear(&r->z);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_ge_clear(secp256k1_ge_t *r) {
|
static void secp256k1_ge_clear(secp256k1_ge_t *r) {
|
||||||
r->infinity = 0;
|
r->infinity = 0;
|
||||||
secp256k1_fe_clear(&r->x);
|
secp256k1_fe_clear(&r->x);
|
||||||
secp256k1_fe_clear(&r->y);
|
secp256k1_fe_clear(&r->y);
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_ge_set_xo(secp256k1_ge_t *r, const secp256k1_fe_t *x, int odd) {
|
static int secp256k1_ge_set_xo(secp256k1_ge_t *r, const secp256k1_fe_t *x, int odd) {
|
||||||
r->x = *x;
|
r->x = *x;
|
||||||
secp256k1_fe_t x2; secp256k1_fe_sqr(&x2, x);
|
secp256k1_fe_t x2; secp256k1_fe_sqr(&x2, x);
|
||||||
secp256k1_fe_t x3; secp256k1_fe_mul(&x3, x, &x2);
|
secp256k1_fe_t x3; secp256k1_fe_mul(&x3, x, &x2);
|
||||||
|
@ -148,19 +148,19 @@ int static secp256k1_ge_set_xo(secp256k1_ge_t *r, const secp256k1_fe_t *x, int o
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_gej_set_ge(secp256k1_gej_t *r, const secp256k1_ge_t *a) {
|
static void secp256k1_gej_set_ge(secp256k1_gej_t *r, const secp256k1_ge_t *a) {
|
||||||
r->infinity = a->infinity;
|
r->infinity = a->infinity;
|
||||||
r->x = a->x;
|
r->x = a->x;
|
||||||
r->y = a->y;
|
r->y = a->y;
|
||||||
secp256k1_fe_set_int(&r->z, 1);
|
secp256k1_fe_set_int(&r->z, 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_gej_get_x_var(secp256k1_fe_t *r, const secp256k1_gej_t *a) {
|
static void secp256k1_gej_get_x_var(secp256k1_fe_t *r, const secp256k1_gej_t *a) {
|
||||||
secp256k1_fe_t zi2; secp256k1_fe_inv_var(&zi2, &a->z); secp256k1_fe_sqr(&zi2, &zi2);
|
secp256k1_fe_t zi2; secp256k1_fe_inv_var(&zi2, &a->z); secp256k1_fe_sqr(&zi2, &zi2);
|
||||||
secp256k1_fe_mul(r, &a->x, &zi2);
|
secp256k1_fe_mul(r, &a->x, &zi2);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_gej_neg(secp256k1_gej_t *r, const secp256k1_gej_t *a) {
|
static void secp256k1_gej_neg(secp256k1_gej_t *r, const secp256k1_gej_t *a) {
|
||||||
r->infinity = a->infinity;
|
r->infinity = a->infinity;
|
||||||
r->x = a->x;
|
r->x = a->x;
|
||||||
r->y = a->y;
|
r->y = a->y;
|
||||||
|
@ -169,11 +169,11 @@ void static secp256k1_gej_neg(secp256k1_gej_t *r, const secp256k1_gej_t *a) {
|
||||||
secp256k1_fe_negate(&r->y, &r->y, 1);
|
secp256k1_fe_negate(&r->y, &r->y, 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_gej_is_infinity(const secp256k1_gej_t *a) {
|
static int secp256k1_gej_is_infinity(const secp256k1_gej_t *a) {
|
||||||
return a->infinity;
|
return a->infinity;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_gej_is_valid(const secp256k1_gej_t *a) {
|
static int secp256k1_gej_is_valid(const secp256k1_gej_t *a) {
|
||||||
if (a->infinity)
|
if (a->infinity)
|
||||||
return 0;
|
return 0;
|
||||||
// y^2 = x^3 + 7
|
// y^2 = x^3 + 7
|
||||||
|
@ -191,7 +191,7 @@ int static secp256k1_gej_is_valid(const secp256k1_gej_t *a) {
|
||||||
return secp256k1_fe_equal(&y2, &x3);
|
return secp256k1_fe_equal(&y2, &x3);
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_ge_is_valid(const secp256k1_ge_t *a) {
|
static int secp256k1_ge_is_valid(const secp256k1_ge_t *a) {
|
||||||
if (a->infinity)
|
if (a->infinity)
|
||||||
return 0;
|
return 0;
|
||||||
// y^2 = x^3 + 7
|
// y^2 = x^3 + 7
|
||||||
|
@ -204,7 +204,7 @@ int static secp256k1_ge_is_valid(const secp256k1_ge_t *a) {
|
||||||
return secp256k1_fe_equal(&y2, &x3);
|
return secp256k1_fe_equal(&y2, &x3);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_gej_double_var(secp256k1_gej_t *r, const secp256k1_gej_t *a) {
|
static void secp256k1_gej_double_var(secp256k1_gej_t *r, const secp256k1_gej_t *a) {
|
||||||
if (a->infinity) {
|
if (a->infinity) {
|
||||||
r->infinity = 1;
|
r->infinity = 1;
|
||||||
return;
|
return;
|
||||||
|
@ -241,7 +241,7 @@ void static secp256k1_gej_double_var(secp256k1_gej_t *r, const secp256k1_gej_t *
|
||||||
r->infinity = 0;
|
r->infinity = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_gej_add_var(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_gej_t *b) {
|
static void secp256k1_gej_add_var(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_gej_t *b) {
|
||||||
if (a->infinity) {
|
if (a->infinity) {
|
||||||
*r = *b;
|
*r = *b;
|
||||||
return;
|
return;
|
||||||
|
@ -282,7 +282,7 @@ void static secp256k1_gej_add_var(secp256k1_gej_t *r, const secp256k1_gej_t *a,
|
||||||
secp256k1_fe_add(&r->y, &h3);
|
secp256k1_fe_add(&r->y, &h3);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_gej_add_ge_var(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_ge_t *b) {
|
static void secp256k1_gej_add_ge_var(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_ge_t *b) {
|
||||||
if (a->infinity) {
|
if (a->infinity) {
|
||||||
r->infinity = b->infinity;
|
r->infinity = b->infinity;
|
||||||
r->x = b->x;
|
r->x = b->x;
|
||||||
|
@ -325,7 +325,7 @@ void static secp256k1_gej_add_ge_var(secp256k1_gej_t *r, const secp256k1_gej_t *
|
||||||
secp256k1_fe_add(&r->y, &h3);
|
secp256k1_fe_add(&r->y, &h3);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_gej_add_ge(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_ge_t *b) {
|
static void secp256k1_gej_add_ge(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_ge_t *b) {
|
||||||
VERIFY_CHECK(!b->infinity);
|
VERIFY_CHECK(!b->infinity);
|
||||||
VERIFY_CHECK(a->infinity == 0 || a->infinity == 1);
|
VERIFY_CHECK(a->infinity == 0 || a->infinity == 1);
|
||||||
|
|
||||||
|
@ -397,20 +397,20 @@ void static secp256k1_gej_add_ge(secp256k1_gej_t *r, const secp256k1_gej_t *a, c
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
void static secp256k1_gej_get_hex(char *r, int *rlen, const secp256k1_gej_t *a) {
|
static void secp256k1_gej_get_hex(char *r, int *rlen, const secp256k1_gej_t *a) {
|
||||||
secp256k1_gej_t c = *a;
|
secp256k1_gej_t c = *a;
|
||||||
secp256k1_ge_t t; secp256k1_ge_set_gej(&t, &c);
|
secp256k1_ge_t t; secp256k1_ge_set_gej(&t, &c);
|
||||||
secp256k1_ge_get_hex(r, rlen, &t);
|
secp256k1_ge_get_hex(r, rlen, &t);
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef USE_ENDOMORPHISM
|
#ifdef USE_ENDOMORPHISM
|
||||||
void static secp256k1_gej_mul_lambda(secp256k1_gej_t *r, const secp256k1_gej_t *a) {
|
static void secp256k1_gej_mul_lambda(secp256k1_gej_t *r, const secp256k1_gej_t *a) {
|
||||||
const secp256k1_fe_t *beta = &secp256k1_ge_consts->beta;
|
const secp256k1_fe_t *beta = &secp256k1_ge_consts->beta;
|
||||||
*r = *a;
|
*r = *a;
|
||||||
secp256k1_fe_mul(&r->x, &r->x, beta);
|
secp256k1_fe_mul(&r->x, &r->x, beta);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_gej_split_exp_var(secp256k1_num_t *r1, secp256k1_num_t *r2, const secp256k1_num_t *a) {
|
static void secp256k1_gej_split_exp_var(secp256k1_num_t *r1, secp256k1_num_t *r2, const secp256k1_num_t *a) {
|
||||||
const secp256k1_ge_consts_t *c = secp256k1_ge_consts;
|
const secp256k1_ge_consts_t *c = secp256k1_ge_consts;
|
||||||
secp256k1_num_t bnc1, bnc2, bnt1, bnt2, bnn2;
|
secp256k1_num_t bnc1, bnc2, bnt1, bnt2, bnn2;
|
||||||
|
|
||||||
|
@ -436,7 +436,7 @@ void static secp256k1_gej_split_exp_var(secp256k1_num_t *r1, secp256k1_num_t *r2
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
void static secp256k1_ge_start(void) {
|
static void secp256k1_ge_start(void) {
|
||||||
static const unsigned char secp256k1_ge_consts_order[] = {
|
static const unsigned char secp256k1_ge_consts_order[] = {
|
||||||
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
|
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
|
||||||
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,
|
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,
|
||||||
|
@ -503,7 +503,7 @@ void static secp256k1_ge_start(void) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_ge_stop(void) {
|
static void secp256k1_ge_stop(void) {
|
||||||
if (secp256k1_ge_consts != NULL) {
|
if (secp256k1_ge_consts != NULL) {
|
||||||
secp256k1_ge_consts_t *c = (secp256k1_ge_consts_t*)secp256k1_ge_consts;
|
secp256k1_ge_consts_t *c = (secp256k1_ge_consts_t*)secp256k1_ge_consts;
|
||||||
free((void*)c);
|
free((void*)c);
|
||||||
|
|
52
src/num.h
52
src/num.h
|
@ -16,83 +16,83 @@
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/** Clear a number to prevent the leak of sensitive data. */
|
/** Clear a number to prevent the leak of sensitive data. */
|
||||||
void static secp256k1_num_clear(secp256k1_num_t *r);
|
static void secp256k1_num_clear(secp256k1_num_t *r);
|
||||||
|
|
||||||
/** Copy a number. */
|
/** Copy a number. */
|
||||||
void static secp256k1_num_copy(secp256k1_num_t *r, const secp256k1_num_t *a);
|
static void secp256k1_num_copy(secp256k1_num_t *r, const secp256k1_num_t *a);
|
||||||
|
|
||||||
/** Convert a number's absolute value to a binary big-endian string.
|
/** Convert a number's absolute value to a binary big-endian string.
|
||||||
* There must be enough place. */
|
* There must be enough place. */
|
||||||
void static secp256k1_num_get_bin(unsigned char *r, unsigned int rlen, const secp256k1_num_t *a);
|
static void secp256k1_num_get_bin(unsigned char *r, unsigned int rlen, const secp256k1_num_t *a);
|
||||||
|
|
||||||
/** Set a number to the value of a binary big-endian string. */
|
/** Set a number to the value of a binary big-endian string. */
|
||||||
void static secp256k1_num_set_bin(secp256k1_num_t *r, const unsigned char *a, unsigned int alen);
|
static void secp256k1_num_set_bin(secp256k1_num_t *r, const unsigned char *a, unsigned int alen);
|
||||||
|
|
||||||
/** Set a number equal to a (signed) integer. */
|
/** Set a number equal to a (signed) integer. */
|
||||||
void static secp256k1_num_set_int(secp256k1_num_t *r, int a);
|
static void secp256k1_num_set_int(secp256k1_num_t *r, int a);
|
||||||
|
|
||||||
/** Compute a modular inverse. The input must be less than the modulus. */
|
/** Compute a modular inverse. The input must be less than the modulus. */
|
||||||
void static secp256k1_num_mod_inverse(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *m);
|
static void secp256k1_num_mod_inverse(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *m);
|
||||||
|
|
||||||
/** Multiply two numbers modulo another. */
|
/** Multiply two numbers modulo another. */
|
||||||
void static secp256k1_num_mod_mul(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b, const secp256k1_num_t *m);
|
static void secp256k1_num_mod_mul(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b, const secp256k1_num_t *m);
|
||||||
|
|
||||||
/** Compare the absolute value of two numbers. */
|
/** Compare the absolute value of two numbers. */
|
||||||
int static secp256k1_num_cmp(const secp256k1_num_t *a, const secp256k1_num_t *b);
|
static int secp256k1_num_cmp(const secp256k1_num_t *a, const secp256k1_num_t *b);
|
||||||
|
|
||||||
/** Test whether two number are equal (including sign). */
|
/** Test whether two number are equal (including sign). */
|
||||||
int static secp256k1_num_eq(const secp256k1_num_t *a, const secp256k1_num_t *b);
|
static int secp256k1_num_eq(const secp256k1_num_t *a, const secp256k1_num_t *b);
|
||||||
|
|
||||||
/** Add two (signed) numbers. */
|
/** Add two (signed) numbers. */
|
||||||
void static secp256k1_num_add(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b);
|
static void secp256k1_num_add(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b);
|
||||||
|
|
||||||
/** Subtract two (signed) numbers. */
|
/** Subtract two (signed) numbers. */
|
||||||
void static secp256k1_num_sub(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b);
|
static void secp256k1_num_sub(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b);
|
||||||
|
|
||||||
/** Multiply two (signed) numbers. */
|
/** Multiply two (signed) numbers. */
|
||||||
void static secp256k1_num_mul(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b);
|
static void secp256k1_num_mul(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b);
|
||||||
|
|
||||||
/** Divide two (signed) numbers. */
|
/** Divide two (signed) numbers. */
|
||||||
void static secp256k1_num_div(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b);
|
static void secp256k1_num_div(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b);
|
||||||
|
|
||||||
/** Replace a number by its remainder modulo m. M's sign is ignored. The result is a number between 0 and m-1,
|
/** Replace a number by its remainder modulo m. M's sign is ignored. The result is a number between 0 and m-1,
|
||||||
even if r was negative. */
|
even if r was negative. */
|
||||||
void static secp256k1_num_mod(secp256k1_num_t *r, const secp256k1_num_t *m);
|
static void secp256k1_num_mod(secp256k1_num_t *r, const secp256k1_num_t *m);
|
||||||
|
|
||||||
/** Calculate the number of bits in (the absolute value of) a number. */
|
/** Calculate the number of bits in (the absolute value of) a number. */
|
||||||
int static secp256k1_num_bits(const secp256k1_num_t *a);
|
static int secp256k1_num_bits(const secp256k1_num_t *a);
|
||||||
|
|
||||||
/** Right-shift the passed number by bits bits, and return those bits. */
|
/** Right-shift the passed number by bits bits, and return those bits. */
|
||||||
int static secp256k1_num_shift(secp256k1_num_t *r, int bits);
|
static int secp256k1_num_shift(secp256k1_num_t *r, int bits);
|
||||||
|
|
||||||
/** Check whether a number is zero. */
|
/** Check whether a number is zero. */
|
||||||
int static secp256k1_num_is_zero(const secp256k1_num_t *a);
|
static int secp256k1_num_is_zero(const secp256k1_num_t *a);
|
||||||
|
|
||||||
/** Check whether a number is odd. */
|
/** Check whether a number is odd. */
|
||||||
int static secp256k1_num_is_odd(const secp256k1_num_t *a);
|
static int secp256k1_num_is_odd(const secp256k1_num_t *a);
|
||||||
|
|
||||||
/** Check whether a number is strictly negative. */
|
/** Check whether a number is strictly negative. */
|
||||||
int static secp256k1_num_is_neg(const secp256k1_num_t *a);
|
static int secp256k1_num_is_neg(const secp256k1_num_t *a);
|
||||||
|
|
||||||
/** Check whether a particular bit is set in a number. */
|
/** Check whether a particular bit is set in a number. */
|
||||||
int static secp256k1_num_get_bit(const secp256k1_num_t *a, int pos);
|
static int secp256k1_num_get_bit(const secp256k1_num_t *a, int pos);
|
||||||
|
|
||||||
/** Increase a number by 1. */
|
/** Increase a number by 1. */
|
||||||
void static secp256k1_num_inc(secp256k1_num_t *r);
|
static void secp256k1_num_inc(secp256k1_num_t *r);
|
||||||
|
|
||||||
/** Set a number equal to the value of a hex string (unsigned). */
|
/** Set a number equal to the value of a hex string (unsigned). */
|
||||||
void static secp256k1_num_set_hex(secp256k1_num_t *r, const char *a, int alen);
|
static void secp256k1_num_set_hex(secp256k1_num_t *r, const char *a, int alen);
|
||||||
|
|
||||||
/** Convert (the absolute value of) a number to a hexadecimal string. */
|
/** Convert (the absolute value of) a number to a hexadecimal string. */
|
||||||
void static secp256k1_num_get_hex(char *r, int rlen, const secp256k1_num_t *a);
|
static void secp256k1_num_get_hex(char *r, int rlen, const secp256k1_num_t *a);
|
||||||
|
|
||||||
/** Split a number into a low and high part. */
|
/** Split a number into a low and high part. */
|
||||||
void static secp256k1_num_split(secp256k1_num_t *rl, secp256k1_num_t *rh, const secp256k1_num_t *a, int bits);
|
static void secp256k1_num_split(secp256k1_num_t *rl, secp256k1_num_t *rh, const secp256k1_num_t *a, int bits);
|
||||||
|
|
||||||
/** Change a number's sign. */
|
/** Change a number's sign. */
|
||||||
void static secp256k1_num_negate(secp256k1_num_t *r);
|
static void secp256k1_num_negate(secp256k1_num_t *r);
|
||||||
|
|
||||||
/** Get a bunch of bits from a number. */
|
/** Get a bunch of bits from a number. */
|
||||||
int static secp256k1_num_get_bits(const secp256k1_num_t *a, int offset, int count);
|
static int secp256k1_num_get_bits(const secp256k1_num_t *a, int offset, int count);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -13,31 +13,31 @@
|
||||||
#include "num.h"
|
#include "num.h"
|
||||||
|
|
||||||
#ifdef VERIFY
|
#ifdef VERIFY
|
||||||
void static secp256k1_num_sanity(const secp256k1_num_t *a) {
|
static void secp256k1_num_sanity(const secp256k1_num_t *a) {
|
||||||
VERIFY_CHECK(a->limbs == 1 || (a->limbs > 1 && a->data[a->limbs-1] != 0));
|
VERIFY_CHECK(a->limbs == 1 || (a->limbs > 1 && a->data[a->limbs-1] != 0));
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
#define secp256k1_num_sanity(a) do { } while(0)
|
#define secp256k1_num_sanity(a) do { } while(0)
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
void static secp256k1_num_init(secp256k1_num_t *r) {
|
static void secp256k1_num_init(secp256k1_num_t *r) {
|
||||||
r->neg = 0;
|
r->neg = 0;
|
||||||
r->limbs = 1;
|
r->limbs = 1;
|
||||||
r->data[0] = 0;
|
r->data[0] = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_num_clear(secp256k1_num_t *r) {
|
static void secp256k1_num_clear(secp256k1_num_t *r) {
|
||||||
memset(r, 0, sizeof(*r));
|
memset(r, 0, sizeof(*r));
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_num_free(secp256k1_num_t *r) {
|
static void secp256k1_num_free(secp256k1_num_t *r) {
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_num_copy(secp256k1_num_t *r, const secp256k1_num_t *a) {
|
static void secp256k1_num_copy(secp256k1_num_t *r, const secp256k1_num_t *a) {
|
||||||
*r = *a;
|
*r = *a;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_num_bits(const secp256k1_num_t *a) {
|
static int secp256k1_num_bits(const secp256k1_num_t *a) {
|
||||||
int ret=(a->limbs-1)*GMP_NUMB_BITS;
|
int ret=(a->limbs-1)*GMP_NUMB_BITS;
|
||||||
mp_limb_t x=a->data[a->limbs-1];
|
mp_limb_t x=a->data[a->limbs-1];
|
||||||
while (x) {
|
while (x) {
|
||||||
|
@ -48,7 +48,7 @@ int static secp256k1_num_bits(const secp256k1_num_t *a) {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void static secp256k1_num_get_bin(unsigned char *r, unsigned int rlen, const secp256k1_num_t *a) {
|
static void secp256k1_num_get_bin(unsigned char *r, unsigned int rlen, const secp256k1_num_t *a) {
|
||||||
unsigned char tmp[65];
|
unsigned char tmp[65];
|
||||||
int len = 0;
|
int len = 0;
|
||||||
if (a->limbs>1 || a->data[0] != 0) {
|
if (a->limbs>1 || a->data[0] != 0) {
|
||||||
|
@ -64,7 +64,7 @@ void static secp256k1_num_get_bin(unsigned char *r, unsigned int rlen, const sec
|
||||||
memset(tmp, 0, sizeof(tmp));
|
memset(tmp, 0, sizeof(tmp));
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_num_set_bin(secp256k1_num_t *r, const unsigned char *a, unsigned int alen) {
|
static void secp256k1_num_set_bin(secp256k1_num_t *r, const unsigned char *a, unsigned int alen) {
|
||||||
VERIFY_CHECK(alen > 0);
|
VERIFY_CHECK(alen > 0);
|
||||||
VERIFY_CHECK(alen <= 64);
|
VERIFY_CHECK(alen <= 64);
|
||||||
int len = mpn_set_str(r->data, a, alen, 256);
|
int len = mpn_set_str(r->data, a, alen, 256);
|
||||||
|
@ -74,13 +74,13 @@ void static secp256k1_num_set_bin(secp256k1_num_t *r, const unsigned char *a, un
|
||||||
while (r->limbs > 1 && r->data[r->limbs-1]==0) r->limbs--;
|
while (r->limbs > 1 && r->data[r->limbs-1]==0) r->limbs--;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_num_set_int(secp256k1_num_t *r, int a) {
|
static void secp256k1_num_set_int(secp256k1_num_t *r, int a) {
|
||||||
r->limbs = 1;
|
r->limbs = 1;
|
||||||
r->neg = (a < 0);
|
r->neg = (a < 0);
|
||||||
r->data[0] = (a < 0) ? -a : a;
|
r->data[0] = (a < 0) ? -a : a;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_num_add_abs(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
|
static void secp256k1_num_add_abs(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
|
||||||
mp_limb_t c = mpn_add(r->data, a->data, a->limbs, b->data, b->limbs);
|
mp_limb_t c = mpn_add(r->data, a->data, a->limbs, b->data, b->limbs);
|
||||||
r->limbs = a->limbs;
|
r->limbs = a->limbs;
|
||||||
if (c != 0) {
|
if (c != 0) {
|
||||||
|
@ -89,14 +89,14 @@ void static secp256k1_num_add_abs(secp256k1_num_t *r, const secp256k1_num_t *a,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_num_sub_abs(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
|
static void secp256k1_num_sub_abs(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
|
||||||
mp_limb_t c = mpn_sub(r->data, a->data, a->limbs, b->data, b->limbs);
|
mp_limb_t c = mpn_sub(r->data, a->data, a->limbs, b->data, b->limbs);
|
||||||
VERIFY_CHECK(c == 0);
|
VERIFY_CHECK(c == 0);
|
||||||
r->limbs = a->limbs;
|
r->limbs = a->limbs;
|
||||||
while (r->limbs > 1 && r->data[r->limbs-1]==0) r->limbs--;
|
while (r->limbs > 1 && r->data[r->limbs-1]==0) r->limbs--;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_num_mod(secp256k1_num_t *r, const secp256k1_num_t *m) {
|
static void secp256k1_num_mod(secp256k1_num_t *r, const secp256k1_num_t *m) {
|
||||||
secp256k1_num_sanity(r);
|
secp256k1_num_sanity(r);
|
||||||
secp256k1_num_sanity(m);
|
secp256k1_num_sanity(m);
|
||||||
|
|
||||||
|
@ -114,7 +114,7 @@ void static secp256k1_num_mod(secp256k1_num_t *r, const secp256k1_num_t *m) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_num_mod_inverse(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *m) {
|
static void secp256k1_num_mod_inverse(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *m) {
|
||||||
secp256k1_num_sanity(a);
|
secp256k1_num_sanity(a);
|
||||||
secp256k1_num_sanity(m);
|
secp256k1_num_sanity(m);
|
||||||
|
|
||||||
|
@ -153,32 +153,32 @@ void static secp256k1_num_mod_inverse(secp256k1_num_t *r, const secp256k1_num_t
|
||||||
memset(v, 0, sizeof(v));
|
memset(v, 0, sizeof(v));
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_num_is_zero(const secp256k1_num_t *a) {
|
static int secp256k1_num_is_zero(const secp256k1_num_t *a) {
|
||||||
return (a->limbs == 1 && a->data[0] == 0);
|
return (a->limbs == 1 && a->data[0] == 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_num_is_odd(const secp256k1_num_t *a) {
|
static int secp256k1_num_is_odd(const secp256k1_num_t *a) {
|
||||||
return a->data[0] & 1;
|
return a->data[0] & 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_num_is_neg(const secp256k1_num_t *a) {
|
static int secp256k1_num_is_neg(const secp256k1_num_t *a) {
|
||||||
return (a->limbs > 1 || a->data[0] != 0) && a->neg;
|
return (a->limbs > 1 || a->data[0] != 0) && a->neg;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_num_cmp(const secp256k1_num_t *a, const secp256k1_num_t *b) {
|
static int secp256k1_num_cmp(const secp256k1_num_t *a, const secp256k1_num_t *b) {
|
||||||
if (a->limbs > b->limbs) return 1;
|
if (a->limbs > b->limbs) return 1;
|
||||||
if (a->limbs < b->limbs) return -1;
|
if (a->limbs < b->limbs) return -1;
|
||||||
return mpn_cmp(a->data, b->data, a->limbs);
|
return mpn_cmp(a->data, b->data, a->limbs);
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_num_eq(const secp256k1_num_t *a, const secp256k1_num_t *b) {
|
static int secp256k1_num_eq(const secp256k1_num_t *a, const secp256k1_num_t *b) {
|
||||||
if (a->limbs > b->limbs) return 0;
|
if (a->limbs > b->limbs) return 0;
|
||||||
if (a->limbs < b->limbs) return 0;
|
if (a->limbs < b->limbs) return 0;
|
||||||
if ((a->neg && !secp256k1_num_is_zero(a)) != (b->neg && !secp256k1_num_is_zero(b))) return 0;
|
if ((a->neg && !secp256k1_num_is_zero(a)) != (b->neg && !secp256k1_num_is_zero(b))) return 0;
|
||||||
return mpn_cmp(a->data, b->data, a->limbs) == 0;
|
return mpn_cmp(a->data, b->data, a->limbs) == 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_num_subadd(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b, int bneg) {
|
static void secp256k1_num_subadd(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b, int bneg) {
|
||||||
if (!(b->neg ^ bneg ^ a->neg)) { // a and b have the same sign
|
if (!(b->neg ^ bneg ^ a->neg)) { // a and b have the same sign
|
||||||
r->neg = a->neg;
|
r->neg = a->neg;
|
||||||
if (a->limbs >= b->limbs) {
|
if (a->limbs >= b->limbs) {
|
||||||
|
@ -197,19 +197,19 @@ void static secp256k1_num_subadd(secp256k1_num_t *r, const secp256k1_num_t *a, c
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_num_add(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
|
static void secp256k1_num_add(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
|
||||||
secp256k1_num_sanity(a);
|
secp256k1_num_sanity(a);
|
||||||
secp256k1_num_sanity(b);
|
secp256k1_num_sanity(b);
|
||||||
secp256k1_num_subadd(r, a, b, 0);
|
secp256k1_num_subadd(r, a, b, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_num_sub(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
|
static void secp256k1_num_sub(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
|
||||||
secp256k1_num_sanity(a);
|
secp256k1_num_sanity(a);
|
||||||
secp256k1_num_sanity(b);
|
secp256k1_num_sanity(b);
|
||||||
secp256k1_num_subadd(r, a, b, 1);
|
secp256k1_num_subadd(r, a, b, 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_num_mul(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
|
static void secp256k1_num_mul(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
|
||||||
secp256k1_num_sanity(a);
|
secp256k1_num_sanity(a);
|
||||||
secp256k1_num_sanity(b);
|
secp256k1_num_sanity(b);
|
||||||
|
|
||||||
|
@ -233,7 +233,7 @@ void static secp256k1_num_mul(secp256k1_num_t *r, const secp256k1_num_t *a, cons
|
||||||
memset(tmp, 0, sizeof(tmp));
|
memset(tmp, 0, sizeof(tmp));
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_num_div(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
|
static void secp256k1_num_div(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
|
||||||
secp256k1_num_sanity(a);
|
secp256k1_num_sanity(a);
|
||||||
secp256k1_num_sanity(b);
|
secp256k1_num_sanity(b);
|
||||||
if (b->limbs > a->limbs) {
|
if (b->limbs > a->limbs) {
|
||||||
|
@ -252,13 +252,13 @@ void static secp256k1_num_div(secp256k1_num_t *r, const secp256k1_num_t *a, cons
|
||||||
r->neg = a->neg ^ b->neg;
|
r->neg = a->neg ^ b->neg;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_num_mod_mul(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b, const secp256k1_num_t *m) {
|
static void secp256k1_num_mod_mul(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b, const secp256k1_num_t *m) {
|
||||||
secp256k1_num_mul(r, a, b);
|
secp256k1_num_mul(r, a, b);
|
||||||
secp256k1_num_mod(r, m);
|
secp256k1_num_mod(r, m);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
int static secp256k1_num_shift(secp256k1_num_t *r, int bits) {
|
static int secp256k1_num_shift(secp256k1_num_t *r, int bits) {
|
||||||
VERIFY_CHECK(bits <= GMP_NUMB_BITS);
|
VERIFY_CHECK(bits <= GMP_NUMB_BITS);
|
||||||
mp_limb_t ret = mpn_rshift(r->data, r->data, r->limbs, bits);
|
mp_limb_t ret = mpn_rshift(r->data, r->data, r->limbs, bits);
|
||||||
if (r->limbs>1 && r->data[r->limbs-1]==0) r->limbs--;
|
if (r->limbs>1 && r->data[r->limbs-1]==0) r->limbs--;
|
||||||
|
@ -266,11 +266,11 @@ int static secp256k1_num_shift(secp256k1_num_t *r, int bits) {
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_num_get_bit(const secp256k1_num_t *a, int pos) {
|
static int secp256k1_num_get_bit(const secp256k1_num_t *a, int pos) {
|
||||||
return (a->limbs*GMP_NUMB_BITS > pos) && ((a->data[pos/GMP_NUMB_BITS] >> (pos % GMP_NUMB_BITS)) & 1);
|
return (a->limbs*GMP_NUMB_BITS > pos) && ((a->data[pos/GMP_NUMB_BITS] >> (pos % GMP_NUMB_BITS)) & 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_num_inc(secp256k1_num_t *r) {
|
static void secp256k1_num_inc(secp256k1_num_t *r) {
|
||||||
mp_limb_t ret = mpn_add_1(r->data, r->data, r->limbs, (mp_limb_t)1);
|
mp_limb_t ret = mpn_add_1(r->data, r->data, r->limbs, (mp_limb_t)1);
|
||||||
if (ret) {
|
if (ret) {
|
||||||
VERIFY_CHECK(r->limbs < 2*NUM_LIMBS);
|
VERIFY_CHECK(r->limbs < 2*NUM_LIMBS);
|
||||||
|
@ -278,7 +278,7 @@ void static secp256k1_num_inc(secp256k1_num_t *r) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_num_set_hex(secp256k1_num_t *r, const char *a, int alen) {
|
static void secp256k1_num_set_hex(secp256k1_num_t *r, const char *a, int alen) {
|
||||||
static const unsigned char cvt[256] = {
|
static const unsigned char cvt[256] = {
|
||||||
0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0,
|
0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0,
|
||||||
0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0,
|
0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0,
|
||||||
|
@ -306,7 +306,7 @@ void static secp256k1_num_set_hex(secp256k1_num_t *r, const char *a, int alen) {
|
||||||
while (r->limbs > 1 && r->data[r->limbs-1] == 0) r->limbs--;
|
while (r->limbs > 1 && r->data[r->limbs-1] == 0) r->limbs--;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_num_get_hex(char *r, int rlen, const secp256k1_num_t *a) {
|
static void secp256k1_num_get_hex(char *r, int rlen, const secp256k1_num_t *a) {
|
||||||
static const unsigned char cvt[16] = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
|
static const unsigned char cvt[16] = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
|
||||||
unsigned char *tmp = malloc(257);
|
unsigned char *tmp = malloc(257);
|
||||||
mp_size_t len = mpn_get_str(tmp, 16, (mp_limb_t*)a->data, a->limbs);
|
mp_size_t len = mpn_get_str(tmp, 16, (mp_limb_t*)a->data, a->limbs);
|
||||||
|
@ -326,7 +326,7 @@ void static secp256k1_num_get_hex(char *r, int rlen, const secp256k1_num_t *a) {
|
||||||
free(tmp);
|
free(tmp);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_num_split(secp256k1_num_t *rl, secp256k1_num_t *rh, const secp256k1_num_t *a, int bits) {
|
static void secp256k1_num_split(secp256k1_num_t *rl, secp256k1_num_t *rh, const secp256k1_num_t *a, int bits) {
|
||||||
VERIFY_CHECK(bits > 0);
|
VERIFY_CHECK(bits > 0);
|
||||||
rh->neg = a->neg;
|
rh->neg = a->neg;
|
||||||
if (bits >= a->limbs * GMP_NUMB_BITS) {
|
if (bits >= a->limbs * GMP_NUMB_BITS) {
|
||||||
|
@ -358,11 +358,11 @@ void static secp256k1_num_split(secp256k1_num_t *rl, secp256k1_num_t *rh, const
|
||||||
while (rl->limbs>1 && rl->data[rl->limbs-1]==0) rl->limbs--;
|
while (rl->limbs>1 && rl->data[rl->limbs-1]==0) rl->limbs--;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_num_negate(secp256k1_num_t *r) {
|
static void secp256k1_num_negate(secp256k1_num_t *r) {
|
||||||
r->neg ^= 1;
|
r->neg ^= 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_num_get_bits(const secp256k1_num_t *a, int offset, int count) {
|
static int secp256k1_num_get_bits(const secp256k1_num_t *a, int offset, int count) {
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
for (int i = 0; i < count; i++) {
|
for (int i = 0; i < count; i++) {
|
||||||
ret |= ((a->data[(offset + i) / GMP_NUMB_BITS] >> ((offset + i) % GMP_NUMB_BITS)) & 1) << i;
|
ret |= ((a->data[(offset + i) / GMP_NUMB_BITS] >> ((offset + i) % GMP_NUMB_BITS)) & 1) << i;
|
||||||
|
|
26
src/scalar.h
26
src/scalar.h
|
@ -20,42 +20,42 @@
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/** Clear a scalar to prevent the leak of sensitive data. */
|
/** Clear a scalar to prevent the leak of sensitive data. */
|
||||||
void static secp256k1_scalar_clear(secp256k1_scalar_t *r);
|
static void secp256k1_scalar_clear(secp256k1_scalar_t *r);
|
||||||
|
|
||||||
/** Access bits from a scalar. */
|
/** Access bits from a scalar. */
|
||||||
int static secp256k1_scalar_get_bits(const secp256k1_scalar_t *a, int offset, int count);
|
static int secp256k1_scalar_get_bits(const secp256k1_scalar_t *a, int offset, int count);
|
||||||
|
|
||||||
/** Set a scalar from a big endian byte array. */
|
/** Set a scalar from a big endian byte array. */
|
||||||
void static secp256k1_scalar_set_b32(secp256k1_scalar_t *r, const unsigned char *bin, int *overflow);
|
static void secp256k1_scalar_set_b32(secp256k1_scalar_t *r, const unsigned char *bin, int *overflow);
|
||||||
|
|
||||||
/** Convert a scalar to a byte array. */
|
/** Convert a scalar to a byte array. */
|
||||||
void static secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar_t* a);
|
static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar_t* a);
|
||||||
|
|
||||||
/** Add two scalars together (modulo the group order). */
|
/** Add two scalars together (modulo the group order). */
|
||||||
void static secp256k1_scalar_add(secp256k1_scalar_t *r, const secp256k1_scalar_t *a, const secp256k1_scalar_t *b);
|
static void secp256k1_scalar_add(secp256k1_scalar_t *r, const secp256k1_scalar_t *a, const secp256k1_scalar_t *b);
|
||||||
|
|
||||||
/** Multiply two scalars (modulo the group order). */
|
/** Multiply two scalars (modulo the group order). */
|
||||||
void static secp256k1_scalar_mul(secp256k1_scalar_t *r, const secp256k1_scalar_t *a, const secp256k1_scalar_t *b);
|
static void secp256k1_scalar_mul(secp256k1_scalar_t *r, const secp256k1_scalar_t *a, const secp256k1_scalar_t *b);
|
||||||
|
|
||||||
/** Compute the square of a scalar (modulo the group order). */
|
/** Compute the square of a scalar (modulo the group order). */
|
||||||
void static secp256k1_scalar_sqr(secp256k1_scalar_t *r, const secp256k1_scalar_t *a);
|
static void secp256k1_scalar_sqr(secp256k1_scalar_t *r, const secp256k1_scalar_t *a);
|
||||||
|
|
||||||
/** Compute the inverse of a scalar (modulo the group order). */
|
/** Compute the inverse of a scalar (modulo the group order). */
|
||||||
void static secp256k1_scalar_inverse(secp256k1_scalar_t *r, const secp256k1_scalar_t *a);
|
static void secp256k1_scalar_inverse(secp256k1_scalar_t *r, const secp256k1_scalar_t *a);
|
||||||
|
|
||||||
/** Compute the complement of a scalar (modulo the group order). */
|
/** Compute the complement of a scalar (modulo the group order). */
|
||||||
void static secp256k1_scalar_negate(secp256k1_scalar_t *r, const secp256k1_scalar_t *a);
|
static void secp256k1_scalar_negate(secp256k1_scalar_t *r, const secp256k1_scalar_t *a);
|
||||||
|
|
||||||
/** Check whether a scalar equals zero. */
|
/** Check whether a scalar equals zero. */
|
||||||
int static secp256k1_scalar_is_zero(const secp256k1_scalar_t *a);
|
static int secp256k1_scalar_is_zero(const secp256k1_scalar_t *a);
|
||||||
|
|
||||||
/** Check whether a scalar equals one. */
|
/** Check whether a scalar equals one. */
|
||||||
int static secp256k1_scalar_is_one(const secp256k1_scalar_t *a);
|
static int secp256k1_scalar_is_one(const secp256k1_scalar_t *a);
|
||||||
|
|
||||||
/** Check whether a scalar is higher than the group order divided by 2. */
|
/** Check whether a scalar is higher than the group order divided by 2. */
|
||||||
int static secp256k1_scalar_is_high(const secp256k1_scalar_t *a);
|
static int secp256k1_scalar_is_high(const secp256k1_scalar_t *a);
|
||||||
|
|
||||||
/** Convert a scalar to a number. */
|
/** Convert a scalar to a number. */
|
||||||
void static secp256k1_scalar_get_num(secp256k1_num_t *r, const secp256k1_scalar_t *a);
|
static void secp256k1_scalar_get_num(secp256k1_num_t *r, const secp256k1_scalar_t *a);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -24,19 +24,19 @@ typedef unsigned __int128 uint128_t;
|
||||||
#define SECP256K1_N_H_2 ((uint64_t)0xFFFFFFFFFFFFFFFFULL)
|
#define SECP256K1_N_H_2 ((uint64_t)0xFFFFFFFFFFFFFFFFULL)
|
||||||
#define SECP256K1_N_H_3 ((uint64_t)0x7FFFFFFFFFFFFFFFULL)
|
#define SECP256K1_N_H_3 ((uint64_t)0x7FFFFFFFFFFFFFFFULL)
|
||||||
|
|
||||||
void static inline secp256k1_scalar_clear(secp256k1_scalar_t *r) {
|
SECP256K1_INLINE static void secp256k1_scalar_clear(secp256k1_scalar_t *r) {
|
||||||
r->d[0] = 0;
|
r->d[0] = 0;
|
||||||
r->d[1] = 0;
|
r->d[1] = 0;
|
||||||
r->d[2] = 0;
|
r->d[2] = 0;
|
||||||
r->d[3] = 0;
|
r->d[3] = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static inline secp256k1_scalar_get_bits(const secp256k1_scalar_t *a, int offset, int count) {
|
SECP256K1_INLINE static int secp256k1_scalar_get_bits(const secp256k1_scalar_t *a, int offset, int count) {
|
||||||
VERIFY_CHECK((offset + count - 1) / 64 == offset / 64);
|
VERIFY_CHECK((offset + count - 1) / 64 == offset / 64);
|
||||||
return (a->d[offset / 64] >> (offset % 64)) & ((((uint64_t)1) << count) - 1);
|
return (a->d[offset / 64] >> (offset % 64)) & ((((uint64_t)1) << count) - 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
int static inline secp256k1_scalar_check_overflow(const secp256k1_scalar_t *a) {
|
SECP256K1_INLINE static int secp256k1_scalar_check_overflow(const secp256k1_scalar_t *a) {
|
||||||
int yes = 0;
|
int yes = 0;
|
||||||
int no = 0;
|
int no = 0;
|
||||||
no |= (a->d[3] < SECP256K1_N_3); // No need for a > check.
|
no |= (a->d[3] < SECP256K1_N_3); // No need for a > check.
|
||||||
|
@ -48,7 +48,7 @@ int static inline secp256k1_scalar_check_overflow(const secp256k1_scalar_t *a) {
|
||||||
return yes;
|
return yes;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static inline secp256k1_scalar_reduce(secp256k1_scalar_t *r, unsigned int overflow) {
|
SECP256K1_INLINE static int secp256k1_scalar_reduce(secp256k1_scalar_t *r, unsigned int overflow) {
|
||||||
VERIFY_CHECK(overflow <= 1);
|
VERIFY_CHECK(overflow <= 1);
|
||||||
uint128_t t = (uint128_t)r->d[0] + overflow * SECP256K1_N_C_0;
|
uint128_t t = (uint128_t)r->d[0] + overflow * SECP256K1_N_C_0;
|
||||||
r->d[0] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64;
|
r->d[0] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64;
|
||||||
|
@ -61,7 +61,7 @@ int static inline secp256k1_scalar_reduce(secp256k1_scalar_t *r, unsigned int ov
|
||||||
return overflow;
|
return overflow;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_scalar_add(secp256k1_scalar_t *r, const secp256k1_scalar_t *a, const secp256k1_scalar_t *b) {
|
static void secp256k1_scalar_add(secp256k1_scalar_t *r, const secp256k1_scalar_t *a, const secp256k1_scalar_t *b) {
|
||||||
uint128_t t = (uint128_t)a->d[0] + b->d[0];
|
uint128_t t = (uint128_t)a->d[0] + b->d[0];
|
||||||
r->d[0] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64;
|
r->d[0] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64;
|
||||||
t += (uint128_t)a->d[1] + b->d[1];
|
t += (uint128_t)a->d[1] + b->d[1];
|
||||||
|
@ -73,7 +73,7 @@ void static secp256k1_scalar_add(secp256k1_scalar_t *r, const secp256k1_scalar_t
|
||||||
secp256k1_scalar_reduce(r, t + secp256k1_scalar_check_overflow(r));
|
secp256k1_scalar_reduce(r, t + secp256k1_scalar_check_overflow(r));
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_scalar_set_b32(secp256k1_scalar_t *r, const unsigned char *b32, int *overflow) {
|
static void secp256k1_scalar_set_b32(secp256k1_scalar_t *r, const unsigned char *b32, int *overflow) {
|
||||||
r->d[0] = (uint64_t)b32[31] | (uint64_t)b32[30] << 8 | (uint64_t)b32[29] << 16 | (uint64_t)b32[28] << 24 | (uint64_t)b32[27] << 32 | (uint64_t)b32[26] << 40 | (uint64_t)b32[25] << 48 | (uint64_t)b32[24] << 56;
|
r->d[0] = (uint64_t)b32[31] | (uint64_t)b32[30] << 8 | (uint64_t)b32[29] << 16 | (uint64_t)b32[28] << 24 | (uint64_t)b32[27] << 32 | (uint64_t)b32[26] << 40 | (uint64_t)b32[25] << 48 | (uint64_t)b32[24] << 56;
|
||||||
r->d[1] = (uint64_t)b32[23] | (uint64_t)b32[22] << 8 | (uint64_t)b32[21] << 16 | (uint64_t)b32[20] << 24 | (uint64_t)b32[19] << 32 | (uint64_t)b32[18] << 40 | (uint64_t)b32[17] << 48 | (uint64_t)b32[16] << 56;
|
r->d[1] = (uint64_t)b32[23] | (uint64_t)b32[22] << 8 | (uint64_t)b32[21] << 16 | (uint64_t)b32[20] << 24 | (uint64_t)b32[19] << 32 | (uint64_t)b32[18] << 40 | (uint64_t)b32[17] << 48 | (uint64_t)b32[16] << 56;
|
||||||
r->d[2] = (uint64_t)b32[15] | (uint64_t)b32[14] << 8 | (uint64_t)b32[13] << 16 | (uint64_t)b32[12] << 24 | (uint64_t)b32[11] << 32 | (uint64_t)b32[10] << 40 | (uint64_t)b32[9] << 48 | (uint64_t)b32[8] << 56;
|
r->d[2] = (uint64_t)b32[15] | (uint64_t)b32[14] << 8 | (uint64_t)b32[13] << 16 | (uint64_t)b32[12] << 24 | (uint64_t)b32[11] << 32 | (uint64_t)b32[10] << 40 | (uint64_t)b32[9] << 48 | (uint64_t)b32[8] << 56;
|
||||||
|
@ -84,18 +84,18 @@ void static secp256k1_scalar_set_b32(secp256k1_scalar_t *r, const unsigned char
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar_t* a) {
|
static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar_t* a) {
|
||||||
bin[0] = a->d[3] >> 56; bin[1] = a->d[3] >> 48; bin[2] = a->d[3] >> 40; bin[3] = a->d[3] >> 32; bin[4] = a->d[3] >> 24; bin[5] = a->d[3] >> 16; bin[6] = a->d[3] >> 8; bin[7] = a->d[3];
|
bin[0] = a->d[3] >> 56; bin[1] = a->d[3] >> 48; bin[2] = a->d[3] >> 40; bin[3] = a->d[3] >> 32; bin[4] = a->d[3] >> 24; bin[5] = a->d[3] >> 16; bin[6] = a->d[3] >> 8; bin[7] = a->d[3];
|
||||||
bin[8] = a->d[2] >> 56; bin[9] = a->d[2] >> 48; bin[10] = a->d[2] >> 40; bin[11] = a->d[2] >> 32; bin[12] = a->d[2] >> 24; bin[13] = a->d[2] >> 16; bin[14] = a->d[2] >> 8; bin[15] = a->d[2];
|
bin[8] = a->d[2] >> 56; bin[9] = a->d[2] >> 48; bin[10] = a->d[2] >> 40; bin[11] = a->d[2] >> 32; bin[12] = a->d[2] >> 24; bin[13] = a->d[2] >> 16; bin[14] = a->d[2] >> 8; bin[15] = a->d[2];
|
||||||
bin[16] = a->d[1] >> 56; bin[17] = a->d[1] >> 48; bin[18] = a->d[1] >> 40; bin[19] = a->d[1] >> 32; bin[20] = a->d[1] >> 24; bin[21] = a->d[1] >> 16; bin[22] = a->d[1] >> 8; bin[23] = a->d[1];
|
bin[16] = a->d[1] >> 56; bin[17] = a->d[1] >> 48; bin[18] = a->d[1] >> 40; bin[19] = a->d[1] >> 32; bin[20] = a->d[1] >> 24; bin[21] = a->d[1] >> 16; bin[22] = a->d[1] >> 8; bin[23] = a->d[1];
|
||||||
bin[24] = a->d[0] >> 56; bin[25] = a->d[0] >> 48; bin[26] = a->d[0] >> 40; bin[27] = a->d[0] >> 32; bin[28] = a->d[0] >> 24; bin[29] = a->d[0] >> 16; bin[30] = a->d[0] >> 8; bin[31] = a->d[0];
|
bin[24] = a->d[0] >> 56; bin[25] = a->d[0] >> 48; bin[26] = a->d[0] >> 40; bin[27] = a->d[0] >> 32; bin[28] = a->d[0] >> 24; bin[29] = a->d[0] >> 16; bin[30] = a->d[0] >> 8; bin[31] = a->d[0];
|
||||||
}
|
}
|
||||||
|
|
||||||
int static inline secp256k1_scalar_is_zero(const secp256k1_scalar_t *a) {
|
SECP256K1_INLINE static int secp256k1_scalar_is_zero(const secp256k1_scalar_t *a) {
|
||||||
return (a->d[0] | a->d[1] | a->d[2] | a->d[3]) == 0;
|
return (a->d[0] | a->d[1] | a->d[2] | a->d[3]) == 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_scalar_negate(secp256k1_scalar_t *r, const secp256k1_scalar_t *a) {
|
static void secp256k1_scalar_negate(secp256k1_scalar_t *r, const secp256k1_scalar_t *a) {
|
||||||
uint64_t nonzero = 0xFFFFFFFFFFFFFFFFULL * (secp256k1_scalar_is_zero(a) == 0);
|
uint64_t nonzero = 0xFFFFFFFFFFFFFFFFULL * (secp256k1_scalar_is_zero(a) == 0);
|
||||||
uint128_t t = (uint128_t)(~a->d[0]) + SECP256K1_N_0 + 1;
|
uint128_t t = (uint128_t)(~a->d[0]) + SECP256K1_N_0 + 1;
|
||||||
r->d[0] = t & nonzero; t >>= 64;
|
r->d[0] = t & nonzero; t >>= 64;
|
||||||
|
@ -107,11 +107,11 @@ void static secp256k1_scalar_negate(secp256k1_scalar_t *r, const secp256k1_scala
|
||||||
r->d[3] = t & nonzero;
|
r->d[3] = t & nonzero;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static inline secp256k1_scalar_is_one(const secp256k1_scalar_t *a) {
|
SECP256K1_INLINE static int secp256k1_scalar_is_one(const secp256k1_scalar_t *a) {
|
||||||
return ((a->d[0] ^ 1) | a->d[1] | a->d[2] | a->d[3]) == 0;
|
return ((a->d[0] ^ 1) | a->d[1] | a->d[2] | a->d[3]) == 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_scalar_is_high(const secp256k1_scalar_t *a) {
|
static int secp256k1_scalar_is_high(const secp256k1_scalar_t *a) {
|
||||||
int yes = 0;
|
int yes = 0;
|
||||||
int no = 0;
|
int no = 0;
|
||||||
no |= (a->d[3] < SECP256K1_N_H_3);
|
no |= (a->d[3] < SECP256K1_N_H_3);
|
||||||
|
@ -208,7 +208,7 @@ int static secp256k1_scalar_is_high(const secp256k1_scalar_t *a) {
|
||||||
VERIFY_CHECK(c2 == 0); \
|
VERIFY_CHECK(c2 == 0); \
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_scalar_reduce_512(secp256k1_scalar_t *r, const uint64_t *l) {
|
static void secp256k1_scalar_reduce_512(secp256k1_scalar_t *r, const uint64_t *l) {
|
||||||
uint64_t n0 = l[4], n1 = l[5], n2 = l[6], n3 = l[7];
|
uint64_t n0 = l[4], n1 = l[5], n2 = l[6], n3 = l[7];
|
||||||
|
|
||||||
// 160 bit accumulator.
|
// 160 bit accumulator.
|
||||||
|
@ -278,7 +278,7 @@ void static secp256k1_scalar_reduce_512(secp256k1_scalar_t *r, const uint64_t *l
|
||||||
secp256k1_scalar_reduce(r, c + secp256k1_scalar_check_overflow(r));
|
secp256k1_scalar_reduce(r, c + secp256k1_scalar_check_overflow(r));
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_scalar_mul(secp256k1_scalar_t *r, const secp256k1_scalar_t *a, const secp256k1_scalar_t *b) {
|
static void secp256k1_scalar_mul(secp256k1_scalar_t *r, const secp256k1_scalar_t *a, const secp256k1_scalar_t *b) {
|
||||||
// 160 bit accumulator.
|
// 160 bit accumulator.
|
||||||
uint64_t c0 = 0, c1 = 0;
|
uint64_t c0 = 0, c1 = 0;
|
||||||
uint32_t c2 = 0;
|
uint32_t c2 = 0;
|
||||||
|
@ -315,7 +315,7 @@ void static secp256k1_scalar_mul(secp256k1_scalar_t *r, const secp256k1_scalar_t
|
||||||
secp256k1_scalar_reduce_512(r, l);
|
secp256k1_scalar_reduce_512(r, l);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_scalar_sqr(secp256k1_scalar_t *r, const secp256k1_scalar_t *a) {
|
static void secp256k1_scalar_sqr(secp256k1_scalar_t *r, const secp256k1_scalar_t *a) {
|
||||||
// 160 bit accumulator.
|
// 160 bit accumulator.
|
||||||
uint64_t c0 = 0, c1 = 0;
|
uint64_t c0 = 0, c1 = 0;
|
||||||
uint32_t c2 = 0;
|
uint32_t c2 = 0;
|
||||||
|
|
|
@ -32,7 +32,7 @@
|
||||||
#define SECP256K1_N_H_6 ((uint32_t)0xFFFFFFFFUL)
|
#define SECP256K1_N_H_6 ((uint32_t)0xFFFFFFFFUL)
|
||||||
#define SECP256K1_N_H_7 ((uint32_t)0x7FFFFFFFUL)
|
#define SECP256K1_N_H_7 ((uint32_t)0x7FFFFFFFUL)
|
||||||
|
|
||||||
void static inline secp256k1_scalar_clear(secp256k1_scalar_t *r) {
|
SECP256K1_INLINE static void secp256k1_scalar_clear(secp256k1_scalar_t *r) {
|
||||||
r->d[0] = 0;
|
r->d[0] = 0;
|
||||||
r->d[1] = 0;
|
r->d[1] = 0;
|
||||||
r->d[2] = 0;
|
r->d[2] = 0;
|
||||||
|
@ -43,12 +43,12 @@ void static inline secp256k1_scalar_clear(secp256k1_scalar_t *r) {
|
||||||
r->d[7] = 0;
|
r->d[7] = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static inline secp256k1_scalar_get_bits(const secp256k1_scalar_t *a, int offset, int count) {
|
SECP256K1_INLINE static int secp256k1_scalar_get_bits(const secp256k1_scalar_t *a, int offset, int count) {
|
||||||
VERIFY_CHECK((offset + count - 1) / 32 == offset / 32);
|
VERIFY_CHECK((offset + count - 1) / 32 == offset / 32);
|
||||||
return (a->d[offset / 32] >> (offset % 32)) & ((1 << count) - 1);
|
return (a->d[offset / 32] >> (offset % 32)) & ((1 << count) - 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
int static inline secp256k1_scalar_check_overflow(const secp256k1_scalar_t *a) {
|
SECP256K1_INLINE static int secp256k1_scalar_check_overflow(const secp256k1_scalar_t *a) {
|
||||||
int yes = 0;
|
int yes = 0;
|
||||||
int no = 0;
|
int no = 0;
|
||||||
no |= (a->d[7] < SECP256K1_N_7); // No need for a > check.
|
no |= (a->d[7] < SECP256K1_N_7); // No need for a > check.
|
||||||
|
@ -66,7 +66,7 @@ int static inline secp256k1_scalar_check_overflow(const secp256k1_scalar_t *a) {
|
||||||
return yes;
|
return yes;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static inline secp256k1_scalar_reduce(secp256k1_scalar_t *r, uint32_t overflow) {
|
SECP256K1_INLINE static int secp256k1_scalar_reduce(secp256k1_scalar_t *r, uint32_t overflow) {
|
||||||
VERIFY_CHECK(overflow <= 1);
|
VERIFY_CHECK(overflow <= 1);
|
||||||
uint64_t t = (uint64_t)r->d[0] + overflow * SECP256K1_N_C_0;
|
uint64_t t = (uint64_t)r->d[0] + overflow * SECP256K1_N_C_0;
|
||||||
r->d[0] = t & 0xFFFFFFFFUL; t >>= 32;
|
r->d[0] = t & 0xFFFFFFFFUL; t >>= 32;
|
||||||
|
@ -87,7 +87,7 @@ int static inline secp256k1_scalar_reduce(secp256k1_scalar_t *r, uint32_t overfl
|
||||||
return overflow;
|
return overflow;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_scalar_add(secp256k1_scalar_t *r, const secp256k1_scalar_t *a, const secp256k1_scalar_t *b) {
|
static void secp256k1_scalar_add(secp256k1_scalar_t *r, const secp256k1_scalar_t *a, const secp256k1_scalar_t *b) {
|
||||||
uint64_t t = (uint64_t)a->d[0] + b->d[0];
|
uint64_t t = (uint64_t)a->d[0] + b->d[0];
|
||||||
r->d[0] = t & 0xFFFFFFFFULL; t >>= 32;
|
r->d[0] = t & 0xFFFFFFFFULL; t >>= 32;
|
||||||
t += (uint64_t)a->d[1] + b->d[1];
|
t += (uint64_t)a->d[1] + b->d[1];
|
||||||
|
@ -107,7 +107,7 @@ void static secp256k1_scalar_add(secp256k1_scalar_t *r, const secp256k1_scalar_t
|
||||||
secp256k1_scalar_reduce(r, t + secp256k1_scalar_check_overflow(r));
|
secp256k1_scalar_reduce(r, t + secp256k1_scalar_check_overflow(r));
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_scalar_set_b32(secp256k1_scalar_t *r, const unsigned char *b32, int *overflow) {
|
static void secp256k1_scalar_set_b32(secp256k1_scalar_t *r, const unsigned char *b32, int *overflow) {
|
||||||
r->d[0] = (uint32_t)b32[31] | (uint32_t)b32[30] << 8 | (uint32_t)b32[29] << 16 | (uint32_t)b32[28] << 24;
|
r->d[0] = (uint32_t)b32[31] | (uint32_t)b32[30] << 8 | (uint32_t)b32[29] << 16 | (uint32_t)b32[28] << 24;
|
||||||
r->d[1] = (uint32_t)b32[27] | (uint32_t)b32[26] << 8 | (uint32_t)b32[25] << 16 | (uint32_t)b32[24] << 24;
|
r->d[1] = (uint32_t)b32[27] | (uint32_t)b32[26] << 8 | (uint32_t)b32[25] << 16 | (uint32_t)b32[24] << 24;
|
||||||
r->d[2] = (uint32_t)b32[23] | (uint32_t)b32[22] << 8 | (uint32_t)b32[21] << 16 | (uint32_t)b32[20] << 24;
|
r->d[2] = (uint32_t)b32[23] | (uint32_t)b32[22] << 8 | (uint32_t)b32[21] << 16 | (uint32_t)b32[20] << 24;
|
||||||
|
@ -122,7 +122,7 @@ void static secp256k1_scalar_set_b32(secp256k1_scalar_t *r, const unsigned char
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar_t* a) {
|
static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar_t* a) {
|
||||||
bin[0] = a->d[7] >> 24; bin[1] = a->d[7] >> 16; bin[2] = a->d[7] >> 8; bin[3] = a->d[7];
|
bin[0] = a->d[7] >> 24; bin[1] = a->d[7] >> 16; bin[2] = a->d[7] >> 8; bin[3] = a->d[7];
|
||||||
bin[4] = a->d[6] >> 24; bin[5] = a->d[6] >> 16; bin[6] = a->d[6] >> 8; bin[7] = a->d[6];
|
bin[4] = a->d[6] >> 24; bin[5] = a->d[6] >> 16; bin[6] = a->d[6] >> 8; bin[7] = a->d[6];
|
||||||
bin[8] = a->d[5] >> 24; bin[9] = a->d[5] >> 16; bin[10] = a->d[5] >> 8; bin[11] = a->d[5];
|
bin[8] = a->d[5] >> 24; bin[9] = a->d[5] >> 16; bin[10] = a->d[5] >> 8; bin[11] = a->d[5];
|
||||||
|
@ -133,11 +133,11 @@ void static secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar_
|
||||||
bin[28] = a->d[0] >> 24; bin[29] = a->d[0] >> 16; bin[30] = a->d[0] >> 8; bin[31] = a->d[0];
|
bin[28] = a->d[0] >> 24; bin[29] = a->d[0] >> 16; bin[30] = a->d[0] >> 8; bin[31] = a->d[0];
|
||||||
}
|
}
|
||||||
|
|
||||||
int static inline secp256k1_scalar_is_zero(const secp256k1_scalar_t *a) {
|
SECP256K1_INLINE static int secp256k1_scalar_is_zero(const secp256k1_scalar_t *a) {
|
||||||
return (a->d[0] | a->d[1] | a->d[2] | a->d[3] | a->d[4] | a->d[5] | a->d[6] | a->d[7]) == 0;
|
return (a->d[0] | a->d[1] | a->d[2] | a->d[3] | a->d[4] | a->d[5] | a->d[6] | a->d[7]) == 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_scalar_negate(secp256k1_scalar_t *r, const secp256k1_scalar_t *a) {
|
static void secp256k1_scalar_negate(secp256k1_scalar_t *r, const secp256k1_scalar_t *a) {
|
||||||
uint32_t nonzero = 0xFFFFFFFFUL * (secp256k1_scalar_is_zero(a) == 0);
|
uint32_t nonzero = 0xFFFFFFFFUL * (secp256k1_scalar_is_zero(a) == 0);
|
||||||
uint64_t t = (uint64_t)(~a->d[0]) + SECP256K1_N_0 + 1;
|
uint64_t t = (uint64_t)(~a->d[0]) + SECP256K1_N_0 + 1;
|
||||||
r->d[0] = t & nonzero; t >>= 32;
|
r->d[0] = t & nonzero; t >>= 32;
|
||||||
|
@ -157,11 +157,11 @@ void static secp256k1_scalar_negate(secp256k1_scalar_t *r, const secp256k1_scala
|
||||||
r->d[7] = t & nonzero;
|
r->d[7] = t & nonzero;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static inline secp256k1_scalar_is_one(const secp256k1_scalar_t *a) {
|
SECP256K1_INLINE static int secp256k1_scalar_is_one(const secp256k1_scalar_t *a) {
|
||||||
return ((a->d[0] ^ 1) | a->d[1] | a->d[2] | a->d[3] | a->d[4] | a->d[5] | a->d[6] | a->d[7]) == 0;
|
return ((a->d[0] ^ 1) | a->d[1] | a->d[2] | a->d[3] | a->d[4] | a->d[5] | a->d[6] | a->d[7]) == 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int static secp256k1_scalar_is_high(const secp256k1_scalar_t *a) {
|
static int secp256k1_scalar_is_high(const secp256k1_scalar_t *a) {
|
||||||
int yes = 0;
|
int yes = 0;
|
||||||
int no = 0;
|
int no = 0;
|
||||||
no |= (a->d[7] < SECP256K1_N_H_7);
|
no |= (a->d[7] < SECP256K1_N_H_7);
|
||||||
|
@ -264,7 +264,7 @@ int static secp256k1_scalar_is_high(const secp256k1_scalar_t *a) {
|
||||||
VERIFY_CHECK(c2 == 0); \
|
VERIFY_CHECK(c2 == 0); \
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_scalar_reduce_512(secp256k1_scalar_t *r, const uint32_t *l) {
|
static void secp256k1_scalar_reduce_512(secp256k1_scalar_t *r, const uint32_t *l) {
|
||||||
uint32_t n0 = l[8], n1 = l[9], n2 = l[10], n3 = l[11], n4 = l[12], n5 = l[13], n6 = l[14], n7 = l[15];
|
uint32_t n0 = l[8], n1 = l[9], n2 = l[10], n3 = l[11], n4 = l[12], n5 = l[13], n6 = l[14], n7 = l[15];
|
||||||
|
|
||||||
// 96 bit accumulator.
|
// 96 bit accumulator.
|
||||||
|
@ -403,7 +403,7 @@ void static secp256k1_scalar_reduce_512(secp256k1_scalar_t *r, const uint32_t *l
|
||||||
secp256k1_scalar_reduce(r, c + secp256k1_scalar_check_overflow(r));
|
secp256k1_scalar_reduce(r, c + secp256k1_scalar_check_overflow(r));
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_scalar_mul(secp256k1_scalar_t *r, const secp256k1_scalar_t *a, const secp256k1_scalar_t *b) {
|
static void secp256k1_scalar_mul(secp256k1_scalar_t *r, const secp256k1_scalar_t *a, const secp256k1_scalar_t *b) {
|
||||||
// 96 bit accumulator.
|
// 96 bit accumulator.
|
||||||
uint32_t c0 = 0, c1 = 0, c2 = 0;
|
uint32_t c0 = 0, c1 = 0, c2 = 0;
|
||||||
|
|
||||||
|
@ -495,7 +495,7 @@ void static secp256k1_scalar_mul(secp256k1_scalar_t *r, const secp256k1_scalar_t
|
||||||
secp256k1_scalar_reduce_512(r, l);
|
secp256k1_scalar_reduce_512(r, l);
|
||||||
}
|
}
|
||||||
|
|
||||||
void static secp256k1_scalar_sqr(secp256k1_scalar_t *r, const secp256k1_scalar_t *a) {
|
static void secp256k1_scalar_sqr(secp256k1_scalar_t *r, const secp256k1_scalar_t *a) {
|
||||||
// 96 bit accumulator.
|
// 96 bit accumulator.
|
||||||
uint32_t c0 = 0, c1 = 0, c2 = 0;
|
uint32_t c0 = 0, c1 = 0, c2 = 0;
|
||||||
|
|
||||||
|
|
|
@ -21,14 +21,14 @@
|
||||||
#error "Please select scalar implementation"
|
#error "Please select scalar implementation"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
void static secp256k1_scalar_get_num(secp256k1_num_t *r, const secp256k1_scalar_t *a) {
|
static void secp256k1_scalar_get_num(secp256k1_num_t *r, const secp256k1_scalar_t *a) {
|
||||||
unsigned char c[32];
|
unsigned char c[32];
|
||||||
secp256k1_scalar_get_b32(c, a);
|
secp256k1_scalar_get_b32(c, a);
|
||||||
secp256k1_num_set_bin(r, c, 32);
|
secp256k1_num_set_bin(r, c, 32);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void static secp256k1_scalar_inverse(secp256k1_scalar_t *r, const secp256k1_scalar_t *x) {
|
static void secp256k1_scalar_inverse(secp256k1_scalar_t *r, const secp256k1_scalar_t *x) {
|
||||||
// First compute x ^ (2^N - 1) for some values of N.
|
// First compute x ^ (2^N - 1) for some values of N.
|
||||||
secp256k1_scalar_t x2, x3, x4, x6, x7, x8, x15, x30, x60, x120, x127;
|
secp256k1_scalar_t x2, x3, x4, x6, x7, x8, x15, x30, x60, x120, x127;
|
||||||
|
|
||||||
|
|
|
@ -9,8 +9,8 @@
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
|
|
||||||
#include "util_impl.h"
|
|
||||||
#include "secp256k1.c"
|
#include "secp256k1.c"
|
||||||
|
#include "util_impl.h"
|
||||||
|
|
||||||
#ifdef ENABLE_OPENSSL_TESTS
|
#ifdef ENABLE_OPENSSL_TESTS
|
||||||
#include "openssl/bn.h"
|
#include "openssl/bn.h"
|
||||||
|
|
|
@ -45,7 +45,7 @@
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/** Seed the pseudorandom number generator. */
|
/** Seed the pseudorandom number generator. */
|
||||||
static inline void secp256k1_rand_seed(uint64_t v);
|
SECP256K1_INLINE static void secp256k1_rand_seed(uint64_t v);
|
||||||
|
|
||||||
/** Generate a pseudorandom 32-bit number. */
|
/** Generate a pseudorandom 32-bit number. */
|
||||||
static uint32_t secp256k1_rand32(void);
|
static uint32_t secp256k1_rand32(void);
|
||||||
|
|
|
@ -12,7 +12,7 @@
|
||||||
|
|
||||||
static uint32_t secp256k1_Rz = 11, secp256k1_Rw = 11;
|
static uint32_t secp256k1_Rz = 11, secp256k1_Rw = 11;
|
||||||
|
|
||||||
static inline void secp256k1_rand_seed(uint64_t v) {
|
SECP256K1_INLINE static void secp256k1_rand_seed(uint64_t v) {
|
||||||
secp256k1_Rz = v >> 32;
|
secp256k1_Rz = v >> 32;
|
||||||
secp256k1_Rw = v;
|
secp256k1_Rw = v;
|
||||||
|
|
||||||
|
@ -24,7 +24,7 @@ static inline void secp256k1_rand_seed(uint64_t v) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline uint32_t secp256k1_rand32(void) {
|
SECP256K1_INLINE static uint32_t secp256k1_rand32(void) {
|
||||||
secp256k1_Rz = 36969 * (secp256k1_Rz & 0xFFFF) + (secp256k1_Rz >> 16);
|
secp256k1_Rz = 36969 * (secp256k1_Rz & 0xFFFF) + (secp256k1_Rz >> 16);
|
||||||
secp256k1_Rw = 18000 * (secp256k1_Rw & 0xFFFF) + (secp256k1_Rw >> 16);
|
secp256k1_Rw = 18000 * (secp256k1_Rw & 0xFFFF) + (secp256k1_Rw >> 16);
|
||||||
return (secp256k1_Rw << 16) + (secp256k1_Rw >> 16) + secp256k1_Rz;
|
return (secp256k1_Rw << 16) + (secp256k1_Rw >> 16) + secp256k1_Rz;
|
||||||
|
|
Loading…
Add table
Reference in a new issue