 |
Bitcoin Core 28.99.0
P2P Digital Currency
|
|
Bitcoin Core 28.99.0
P2P Digital Currency
|
Go to the source code of this file.
Functions | |
| static void | secp256k1_fe_normalize (secp256k1_fe *r) |
| Normalize a field element. More... | |
| static void | secp256k1_fe_normalize_weak (secp256k1_fe *r) |
| Give a field element magnitude 1. More... | |
| static void | secp256k1_fe_normalize_var (secp256k1_fe *r) |
| Normalize a field element, without constant-time guarantee. More... | |
| static int | secp256k1_fe_normalizes_to_zero (const secp256k1_fe *r) |
| Determine whether r represents field element 0. More... | |
| static int | secp256k1_fe_normalizes_to_zero_var (const secp256k1_fe *r) |
| Determine whether r represents field element 0, without constant-time guarantee. More... | |
| static void | secp256k1_fe_set_int (secp256k1_fe *r, int a) |
| Set a field element to an integer in range [0,0x7FFF]. More... | |
| static void | secp256k1_fe_clear (secp256k1_fe *a) |
| Clear a field element to prevent leaking sensitive information. More... | |
| static int | secp256k1_fe_is_zero (const secp256k1_fe *a) |
| Determine whether a represents field element 0. More... | |
| static int | secp256k1_fe_is_odd (const secp256k1_fe *a) |
| Determine whether a (mod p) is odd. More... | |
| static int | secp256k1_fe_equal (const secp256k1_fe *a, const secp256k1_fe *b) |
| Determine whether two field elements are equal. More... | |
| static int | secp256k1_fe_cmp_var (const secp256k1_fe *a, const secp256k1_fe *b) |
| Compare the values represented by 2 field elements, without constant-time guarantee. More... | |
| static void | secp256k1_fe_set_b32_mod (secp256k1_fe *r, const unsigned char *a) |
| Set a field element equal to the element represented by a provided 32-byte big endian value interpreted modulo p. More... | |
| static int | secp256k1_fe_set_b32_limit (secp256k1_fe *r, const unsigned char *a) |
| Set a field element equal to a provided 32-byte big endian value, checking for overflow. More... | |
| static void | secp256k1_fe_get_b32 (unsigned char *r, const secp256k1_fe *a) |
| Convert a field element to 32-byte big endian byte array. More... | |
| static void | secp256k1_fe_negate_unchecked (secp256k1_fe *r, const secp256k1_fe *a, int m) |
| Like secp256k1_fe_negate_unchecked but m is not checked to be an integer constant expression. More... | |
| static void | secp256k1_fe_add_int (secp256k1_fe *r, int a) |
| Add a small integer to a field element. More... | |
| static void | secp256k1_fe_mul_int_unchecked (secp256k1_fe *r, int a) |
| Like secp256k1_fe_mul_int but a is not checked to be an integer constant expression. More... | |
| static void | secp256k1_fe_add (secp256k1_fe *r, const secp256k1_fe *a) |
| Increment a field element by another. More... | |
| static void | secp256k1_fe_mul (secp256k1_fe *r, const secp256k1_fe *a, const secp256k1_fe *SECP256K1_RESTRICT b) |
| Multiply two field elements. More... | |
| static void | secp256k1_fe_sqr (secp256k1_fe *r, const secp256k1_fe *a) |
| Square a field element. More... | |
| static int | secp256k1_fe_sqrt (secp256k1_fe *SECP256K1_RESTRICT r, const secp256k1_fe *SECP256K1_RESTRICT a) |
| Compute a square root of a field element. More... | |
| static void | secp256k1_fe_inv (secp256k1_fe *r, const secp256k1_fe *a) |
| Compute the modular inverse of a field element. More... | |
| static void | secp256k1_fe_inv_var (secp256k1_fe *r, const secp256k1_fe *a) |
| Compute the modular inverse of a field element, without constant-time guarantee. More... | |
| static void | secp256k1_fe_to_storage (secp256k1_fe_storage *r, const secp256k1_fe *a) |
| Convert a field element to secp256k1_fe_storage. More... | |
| static void | secp256k1_fe_from_storage (secp256k1_fe *r, const secp256k1_fe_storage *a) |
| Convert a field element back from secp256k1_fe_storage. More... | |
| static void | secp256k1_fe_storage_cmov (secp256k1_fe_storage *r, const secp256k1_fe_storage *a, int flag) |
| If flag is true, set *r equal to *a; otherwise leave it. More... | |
| static void | secp256k1_fe_cmov (secp256k1_fe *r, const secp256k1_fe *a, int flag) |
| Conditionally move a field element in constant time. More... | |
| static void | secp256k1_fe_half (secp256k1_fe *r) |
| Halve the value of a field element modulo the field prime in constant-time. More... | |
| static void | secp256k1_fe_get_bounds (secp256k1_fe *r, int m) |
| Sets r to a field element with magnitude m, normalized if (and only if) m==0. More... | |
| static int | secp256k1_fe_is_square_var (const secp256k1_fe *a) |
| Determine whether a is a square (modulo p). More... | |
| static void | secp256k1_fe_verify (const secp256k1_fe *a) |
| Check invariants on a field element (no-op unless VERIFY is enabled). More... | |
| static void | secp256k1_fe_verify_magnitude (const secp256k1_fe *a, int m) |
| Check that magnitude of a is at most m (no-op unless VERIFY is enabled). More... | |
Variables | |
| static const secp256k1_fe | secp256k1_fe_one = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 1) |
| static const secp256k1_fe | secp256k1_const_beta |
| #define secp256k1_fe_add secp256k1_fe_impl_add |
| #define secp256k1_fe_add_int secp256k1_fe_impl_add_int |
| #define secp256k1_fe_cmov secp256k1_fe_impl_cmov |
| #define secp256k1_fe_cmp_var secp256k1_fe_impl_cmp_var |
| #define SECP256K1_FE_CONST | ( | d7, | |
| d6, | |||
| d5, | |||
| d4, | |||
| d3, | |||
| d2, | |||
| d1, | |||
| d0 | |||
| ) | {SECP256K1_FE_CONST_INNER((d7), (d6), (d5), (d4), (d3), (d2), (d1), (d0)) SECP256K1_FE_VERIFY_CONST((d7), (d6), (d5), (d4), (d3), (d2), (d1), (d0)) } |
This expands to an initializer for a secp256k1_fe valued sum((i*32) * d_i, i=0..7) mod p.
It has magnitude 1, unless d_i are all 0, in which case the magnitude is 0. It is normalized, unless sum(2^(i*32) * d_i, i=0..7) >= p.
SECP256K1_FE_CONST_INNER is provided by the implementation.
| #define secp256k1_fe_from_storage secp256k1_fe_impl_from_storage |
| #define secp256k1_fe_get_b32 secp256k1_fe_impl_get_b32 |
| #define secp256k1_fe_get_bounds secp256k1_fe_impl_get_bounds |
| #define secp256k1_fe_half secp256k1_fe_impl_half |
| #define secp256k1_fe_inv secp256k1_fe_impl_inv |
| #define secp256k1_fe_inv_var secp256k1_fe_impl_inv_var |
| #define secp256k1_fe_is_odd secp256k1_fe_impl_is_odd |
| #define secp256k1_fe_is_square_var secp256k1_fe_impl_is_square_var |
| #define secp256k1_fe_is_zero secp256k1_fe_impl_is_zero |
| #define secp256k1_fe_mul secp256k1_fe_impl_mul |
| #define secp256k1_fe_mul_int | ( | r, | |
| a | |||
| ) | ASSERT_INT_CONST_AND_DO(a, secp256k1_fe_mul_int_unchecked(r, a)) |
Multiply a field element with a small integer.
On input, r must be a valid field element. a must be an integer constant expression in [0,32]. The magnitude of r times a must not exceed 32. Performs {r *= a}. On output, r's magnitude is multiplied by a, and r will not be normalized.
| #define secp256k1_fe_mul_int_unchecked secp256k1_fe_impl_mul_int_unchecked |
| #define secp256k1_fe_negate | ( | r, | |
| a, | |||
| m | |||
| ) | ASSERT_INT_CONST_AND_DO(m, secp256k1_fe_negate_unchecked(r, a, m)) |
Negate a field element.
On input, r does not need to be initialized. a must be a valid field element with magnitude not exceeding m. m must be an integer constant expression in [0,31]. Performs {r = -a}. On output, r will not be normalized, and will have magnitude m+1.
| #define secp256k1_fe_negate_unchecked secp256k1_fe_impl_negate_unchecked |
| #define secp256k1_fe_normalize secp256k1_fe_impl_normalize |
| #define secp256k1_fe_normalize_var secp256k1_fe_impl_normalize_var |
| #define secp256k1_fe_normalize_weak secp256k1_fe_impl_normalize_weak |
| #define secp256k1_fe_normalizes_to_zero secp256k1_fe_impl_normalizes_to_zero |
| #define secp256k1_fe_normalizes_to_zero_var secp256k1_fe_impl_normalizes_to_zero_var |
| #define secp256k1_fe_set_b32_limit secp256k1_fe_impl_set_b32_limit |
| #define secp256k1_fe_set_b32_mod secp256k1_fe_impl_set_b32_mod |
| #define secp256k1_fe_set_int secp256k1_fe_impl_set_int |
| #define secp256k1_fe_sqr secp256k1_fe_impl_sqr |
| #define secp256k1_fe_to_storage secp256k1_fe_impl_to_storage |
| #define SECP256K1_FE_VERIFY | ( | a | ) | secp256k1_fe_verify(a) |
| #define SECP256K1_FE_VERIFY_CONST | ( | d7, | |
| d6, | |||
| d5, | |||
| d4, | |||
| d3, | |||
| d2, | |||
| d1, | |||
| d0 | |||
| ) |
| #define SECP256K1_FE_VERIFY_MAGNITUDE | ( | a, | |
| m | |||
| ) | secp256k1_fe_verify_magnitude(a, m) |
|
static |
Increment a field element by another.
On input, r and a must be valid field elements, not necessarily normalized. The sum of their magnitudes must not exceed 32. Performs {r += a}. On output, r will not be normalized, and will have magnitude incremented by a's.
|
static |
Add a small integer to a field element.
Performs {r += a}. The magnitude of r increases by 1, and normalized is cleared. a must be in range [0,0x7FFF].
|
static |
Clear a field element to prevent leaking sensitive information.
|
static |
Conditionally move a field element in constant time.
On input, both r and a must be valid field elements. Flag must be 0 or 1. Performs {r = flag ? a : r}.
On output, r's magnitude will be the maximum of both input magnitudes. It will be normalized if and only if both inputs were normalized.
|
static |
Compare the values represented by 2 field elements, without constant-time guarantee.
On input, a and b must be valid normalized field elements. Returns 1 if a > b, -1 if a < b, and 0 if a = b (comparisons are done as integers in range 0..p-1).
|
static |
Determine whether two field elements are equal.
On input, a and b must be valid field elements with magnitudes not exceeding 1 and 31, respectively. Returns a = b (mod p).
|
static |
Convert a field element back from secp256k1_fe_storage.
On input, r need not be initialized. Performs {r = a}. On output, r will be normalized and will have magnitude 1.
|
static |
Convert a field element to 32-byte big endian byte array.
On input, a must be a valid normalized field element, and r a pointer to a 32-byte array. On output, r = a (mod p).
|
static |
Sets r to a field element with magnitude m, normalized if (and only if) m==0.
The value is chosen so that it is likely to trigger edge cases related to internal overflows.
|
static |
Halve the value of a field element modulo the field prime in constant-time.
On input, r must be a valid field element. On output, r will be normalized and have magnitude floor(m/2) + 1 where m is the magnitude of r on input.
|
static |
Compute the modular inverse of a field element.
On input, a must be a valid field element; r need not be initialized. Performs {r = a**(p-2)} (which maps 0 to 0, and every other element to its inverse). On output, r will have magnitude (a.magnitude != 0) and be normalized.
|
static |
Compute the modular inverse of a field element, without constant-time guarantee.
Behaves identically to secp256k1_fe_inv, but is not constant-time in a.
|
static |
Determine whether a (mod p) is odd.
On input, a must be a valid normalized field element. Returns (int(a) mod p) & 1.
|
static |
Determine whether a is a square (modulo p).
On input, a must be a valid field element.
|
static |
Determine whether a represents field element 0.
On input, a must be a valid normalized field element. Returns whether a = 0 (mod p).
This behaves identical to secp256k1_normalizes_to_zero{,_var}, but requires normalized input (and is much faster).
|
static |
Multiply two field elements.
On input, a and b must be valid field elements; r does not need to be initialized. r and a may point to the same object, but neither may point to the object pointed to by b. The magnitudes of a and b must not exceed 8. Performs {r = a * b} On output, r will have magnitude 1, but won't be normalized.
|
static |
Like secp256k1_fe_mul_int but a is not checked to be an integer constant expression.
Should not be called directly outside of tests.
|
static |
Like secp256k1_fe_negate_unchecked but m is not checked to be an integer constant expression.
Should not be called directly outside of tests.
|
static |
Normalize a field element.
On input, r must be a valid field element. On output, r represents the same value but has normalized=1 and magnitude=1.
|
static |
Normalize a field element, without constant-time guarantee.
Identical in behavior to secp256k1_fe_normalize, but not constant time in r.
|
static |
Give a field element magnitude 1.
On input, r must be a valid field element. On output, r represents the same value but has magnitude=1. Normalized is unchanged.
|
static |
Determine whether r represents field element 0.
On input, r must be a valid field element. Returns whether r = 0 (mod p).
|
static |
Determine whether r represents field element 0, without constant-time guarantee.
Identical in behavior to secp256k1_normalizes_to_zero, but not constant time in r.
|
static |
Set a field element equal to a provided 32-byte big endian value, checking for overflow.
On input, r does not need to be initialized. a must be a pointer to an initialized 32-byte array. On output, r = a if (a < p), it will be normalized with magnitude 1, and 1 is returned. If a >= p, 0 is returned, and r will be made invalid (and must not be used without overwriting).
|
static |
Set a field element equal to the element represented by a provided 32-byte big endian value interpreted modulo p.
On input, r does not need to be initialized. a must be a pointer to an initialized 32-byte array. On output, r = a (mod p). It will have magnitude 1, and not be normalized.
|
static |
Set a field element to an integer in range [0,0x7FFF].
On input, r does not need to be initialized, a must be in [0,0x7FFF]. On output, r represents value a, is normalized and has magnitude (a!=0).
|
static |
Square a field element.
On input, a must be a valid field element; r does not need to be initialized. The magnitude of a must not exceed 8. Performs {r = a**2} On output, r will have magnitude 1, but won't be normalized.
|
static |
Compute a square root of a field element.
On input, a must be a valid field element with magnitude<=8; r need not be initialized. If sqrt(a) exists, performs {r = sqrt(a)} and returns 1. Otherwise, sqrt(-a) exists. The function performs {r = sqrt(-a)} and returns 0. The resulting value represented by r will be a square itself. Variables r and a must not point to the same object. On output, r will have magnitude 1 but will not be normalized.
|
static |
If flag is true, set *r equal to *a; otherwise leave it.
Constant-time. Both *r and *a must be initialized.
|
static |
Convert a field element to secp256k1_fe_storage.
On input, a must be a valid normalized field element. Performs {r = a}.
|
static |
Check invariants on a field element (no-op unless VERIFY is enabled).
|
static |
Check that magnitude of a is at most m (no-op unless VERIFY is enabled).
|
static |
|
static |
1.9.4