7b49f22bdb
8225239 Merge #433: Make the libcrypto detection fail the newer API. 12de863 Make the libcrypto detection fail the newer API. 2928420 Merge #427: Remove Schnorr from travis as well 8eecc4a Remove Schnorr from travis as well a8abae7 Merge #310: Add exhaustive test for group functions on a low-order subgroup b4ceedf Add exhaustive test for verification 83836a9 Add exhaustive tests for group arithmetic, signing, and ecmult on a small group 20b8877 Add exhaustive test for group functions on a low-order subgroup 80773a6 Merge #425: Remove Schnorr experiment e06e878 Remove Schnorr experiment 04c8ef3 Merge #407: Modify parameter order of internal functions to match API parameter order 6e06696 Merge #411: Remove guarantees about memcmp-ability 40c8d7e Merge #421: Update scalar_4x64_impl.h a922365 Merge #422: Restructure nonce clearing 3769783 Restructure nonce clearing 0f9e69d Restructure nonce clearing 9d67afa Update scalar_4x64_impl.h 7d15cd7 Merge #413: fix auto-enabled static precompuatation 00c5d2e fix auto-enabled static precompuatation 91219a1 Remove guarantees about memcmp-ability 353c1bf Fix secp256k1_ge_set_table_gej_var parameter order 541b783 Fix secp256k1_ge_set_all_gej_var parameter order 7d893f4 Fix secp256k1_fe_inv_all_var parameter order git-subtree-dir: src/secp256k1 git-subtree-split: 8225239f490f79842a5a3b82ad6cc8aa11d5208e
115 lines
3.6 KiB
C
115 lines
3.6 KiB
C
/**********************************************************************
|
|
* Copyright (c) 2015 Andrew Poelstra *
|
|
* Distributed under the MIT software license, see the accompanying *
|
|
* file COPYING or http://www.opensource.org/licenses/mit-license.php.*
|
|
**********************************************************************/
|
|
|
|
#ifndef _SECP256K1_SCALAR_REPR_IMPL_H_
|
|
#define _SECP256K1_SCALAR_REPR_IMPL_H_
|
|
|
|
#include "scalar.h"
|
|
|
|
#include <string.h>
|
|
|
|
SECP256K1_INLINE static int secp256k1_scalar_is_even(const secp256k1_scalar *a) {
|
|
return !(*a & 1);
|
|
}
|
|
|
|
SECP256K1_INLINE static void secp256k1_scalar_clear(secp256k1_scalar *r) { *r = 0; }
|
|
SECP256K1_INLINE static void secp256k1_scalar_set_int(secp256k1_scalar *r, unsigned int v) { *r = v; }
|
|
|
|
SECP256K1_INLINE static unsigned int secp256k1_scalar_get_bits(const secp256k1_scalar *a, unsigned int offset, unsigned int count) {
|
|
if (offset < 32)
|
|
return ((*a >> offset) & ((((uint32_t)1) << count) - 1));
|
|
else
|
|
return 0;
|
|
}
|
|
|
|
SECP256K1_INLINE static unsigned int secp256k1_scalar_get_bits_var(const secp256k1_scalar *a, unsigned int offset, unsigned int count) {
|
|
return secp256k1_scalar_get_bits(a, offset, count);
|
|
}
|
|
|
|
SECP256K1_INLINE static int secp256k1_scalar_check_overflow(const secp256k1_scalar *a) { return *a >= EXHAUSTIVE_TEST_ORDER; }
|
|
|
|
static int secp256k1_scalar_add(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b) {
|
|
*r = (*a + *b) % EXHAUSTIVE_TEST_ORDER;
|
|
return *r < *b;
|
|
}
|
|
|
|
static void secp256k1_scalar_cadd_bit(secp256k1_scalar *r, unsigned int bit, int flag) {
|
|
if (flag && bit < 32)
|
|
*r += (1 << bit);
|
|
#ifdef VERIFY
|
|
VERIFY_CHECK(secp256k1_scalar_check_overflow(r) == 0);
|
|
#endif
|
|
}
|
|
|
|
static void secp256k1_scalar_set_b32(secp256k1_scalar *r, const unsigned char *b32, int *overflow) {
|
|
const int base = 0x100 % EXHAUSTIVE_TEST_ORDER;
|
|
int i;
|
|
*r = 0;
|
|
for (i = 0; i < 32; i++) {
|
|
*r = ((*r * base) + b32[i]) % EXHAUSTIVE_TEST_ORDER;
|
|
}
|
|
/* just deny overflow, it basically always happens */
|
|
if (overflow) *overflow = 0;
|
|
}
|
|
|
|
static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar* a) {
|
|
memset(bin, 0, 32);
|
|
bin[28] = *a >> 24; bin[29] = *a >> 16; bin[30] = *a >> 8; bin[31] = *a;
|
|
}
|
|
|
|
SECP256K1_INLINE static int secp256k1_scalar_is_zero(const secp256k1_scalar *a) {
|
|
return *a == 0;
|
|
}
|
|
|
|
static void secp256k1_scalar_negate(secp256k1_scalar *r, const secp256k1_scalar *a) {
|
|
if (*a == 0) {
|
|
*r = 0;
|
|
} else {
|
|
*r = EXHAUSTIVE_TEST_ORDER - *a;
|
|
}
|
|
}
|
|
|
|
SECP256K1_INLINE static int secp256k1_scalar_is_one(const secp256k1_scalar *a) {
|
|
return *a == 1;
|
|
}
|
|
|
|
static int secp256k1_scalar_is_high(const secp256k1_scalar *a) {
|
|
return *a > EXHAUSTIVE_TEST_ORDER / 2;
|
|
}
|
|
|
|
static int secp256k1_scalar_cond_negate(secp256k1_scalar *r, int flag) {
|
|
if (flag) secp256k1_scalar_negate(r, r);
|
|
return flag ? -1 : 1;
|
|
}
|
|
|
|
static void secp256k1_scalar_mul(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b) {
|
|
*r = (*a * *b) % EXHAUSTIVE_TEST_ORDER;
|
|
}
|
|
|
|
static int secp256k1_scalar_shr_int(secp256k1_scalar *r, int n) {
|
|
int ret;
|
|
VERIFY_CHECK(n > 0);
|
|
VERIFY_CHECK(n < 16);
|
|
ret = *r & ((1 << n) - 1);
|
|
*r >>= n;
|
|
return ret;
|
|
}
|
|
|
|
static void secp256k1_scalar_sqr(secp256k1_scalar *r, const secp256k1_scalar *a) {
|
|
*r = (*a * *a) % EXHAUSTIVE_TEST_ORDER;
|
|
}
|
|
|
|
static void secp256k1_scalar_split_128(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *a) {
|
|
*r1 = *a;
|
|
*r2 = 0;
|
|
}
|
|
|
|
SECP256K1_INLINE static int secp256k1_scalar_eq(const secp256k1_scalar *a, const secp256k1_scalar *b) {
|
|
return *a == *b;
|
|
}
|
|
|
|
#endif
|