Bitcoin Core  27.99.0
P2P Digital Currency
scalar_low_impl.h
Go to the documentation of this file.
1 /***********************************************************************
2  * Copyright (c) 2015 Andrew Poelstra *
3  * Distributed under the MIT software license, see the accompanying *
4  * file COPYING or https://www.opensource.org/licenses/mit-license.php.*
5  ***********************************************************************/
6 
7 #ifndef SECP256K1_SCALAR_REPR_IMPL_H
8 #define SECP256K1_SCALAR_REPR_IMPL_H
9 
10 #include "checkmem.h"
11 #include "scalar.h"
12 #include "util.h"
13 
14 #include <string.h>
15 
16 SECP256K1_INLINE static int secp256k1_scalar_is_even(const secp256k1_scalar *a) {
17  SECP256K1_SCALAR_VERIFY(a);
18 
19  return !(*a & 1);
20 }
21 
22 SECP256K1_INLINE static void secp256k1_scalar_clear(secp256k1_scalar *r) { *r = 0; }
23 
24 SECP256K1_INLINE static void secp256k1_scalar_set_int(secp256k1_scalar *r, unsigned int v) {
25  *r = v % EXHAUSTIVE_TEST_ORDER;
26 
27  SECP256K1_SCALAR_VERIFY(r);
28 }
29 
30 SECP256K1_INLINE static unsigned int secp256k1_scalar_get_bits(const secp256k1_scalar *a, unsigned int offset, unsigned int count) {
31  SECP256K1_SCALAR_VERIFY(a);
32 
33  if (offset < 32)
34  return ((*a >> offset) & ((((uint32_t)1) << count) - 1));
35  else
36  return 0;
37 }
38 
39 SECP256K1_INLINE static unsigned int secp256k1_scalar_get_bits_var(const secp256k1_scalar *a, unsigned int offset, unsigned int count) {
40  SECP256K1_SCALAR_VERIFY(a);
41 
42  return secp256k1_scalar_get_bits(a, offset, count);
43 }
44 
45 SECP256K1_INLINE static int secp256k1_scalar_check_overflow(const secp256k1_scalar *a) { return *a >= EXHAUSTIVE_TEST_ORDER; }
46 
47 static int secp256k1_scalar_add(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b) {
48  SECP256K1_SCALAR_VERIFY(a);
49  SECP256K1_SCALAR_VERIFY(b);
50 
51  *r = (*a + *b) % EXHAUSTIVE_TEST_ORDER;
52 
53  SECP256K1_SCALAR_VERIFY(r);
54  return *r < *b;
55 }
56 
57 static void secp256k1_scalar_cadd_bit(secp256k1_scalar *r, unsigned int bit, int flag) {
58  SECP256K1_SCALAR_VERIFY(r);
59 
60  if (flag && bit < 32)
61  *r += ((uint32_t)1 << bit);
62 
63  SECP256K1_SCALAR_VERIFY(r);
64  VERIFY_CHECK(bit < 32);
65  /* Verify that adding (1 << bit) will not overflow any in-range scalar *r by overflowing the underlying uint32_t. */
66  VERIFY_CHECK(((uint32_t)1 << bit) - 1 <= UINT32_MAX - EXHAUSTIVE_TEST_ORDER);
67 }
68 
69 static void secp256k1_scalar_set_b32(secp256k1_scalar *r, const unsigned char *b32, int *overflow) {
70  int i;
71  int over = 0;
72  *r = 0;
73  for (i = 0; i < 32; i++) {
74  *r = (*r * 0x100) + b32[i];
75  if (*r >= EXHAUSTIVE_TEST_ORDER) {
76  over = 1;
77  *r %= EXHAUSTIVE_TEST_ORDER;
78  }
79  }
80  if (overflow) *overflow = over;
81 
82  SECP256K1_SCALAR_VERIFY(r);
83 }
84 
85 static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar* a) {
86  SECP256K1_SCALAR_VERIFY(a);
87 
88  memset(bin, 0, 32);
89  bin[28] = *a >> 24; bin[29] = *a >> 16; bin[30] = *a >> 8; bin[31] = *a;
90 }
91 
92 SECP256K1_INLINE static int secp256k1_scalar_is_zero(const secp256k1_scalar *a) {
93  SECP256K1_SCALAR_VERIFY(a);
94 
95  return *a == 0;
96 }
97 
98 static void secp256k1_scalar_negate(secp256k1_scalar *r, const secp256k1_scalar *a) {
99  SECP256K1_SCALAR_VERIFY(a);
100 
101  if (*a == 0) {
102  *r = 0;
103  } else {
104  *r = EXHAUSTIVE_TEST_ORDER - *a;
105  }
106 
107  SECP256K1_SCALAR_VERIFY(r);
108 }
109 
110 SECP256K1_INLINE static int secp256k1_scalar_is_one(const secp256k1_scalar *a) {
111  SECP256K1_SCALAR_VERIFY(a);
112 
113  return *a == 1;
114 }
115 
116 static int secp256k1_scalar_is_high(const secp256k1_scalar *a) {
117  SECP256K1_SCALAR_VERIFY(a);
118 
119  return *a > EXHAUSTIVE_TEST_ORDER / 2;
120 }
121 
122 static int secp256k1_scalar_cond_negate(secp256k1_scalar *r, int flag) {
123  SECP256K1_SCALAR_VERIFY(r);
124 
125  if (flag) secp256k1_scalar_negate(r, r);
126 
127  SECP256K1_SCALAR_VERIFY(r);
128  return flag ? -1 : 1;
129 }
130 
131 static void secp256k1_scalar_mul(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b) {
132  SECP256K1_SCALAR_VERIFY(a);
133  SECP256K1_SCALAR_VERIFY(b);
134 
135  *r = (*a * *b) % EXHAUSTIVE_TEST_ORDER;
136 
137  SECP256K1_SCALAR_VERIFY(r);
138 }
139 
140 static void secp256k1_scalar_split_128(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *a) {
141  SECP256K1_SCALAR_VERIFY(a);
142 
143  *r1 = *a;
144  *r2 = 0;
145 
146  SECP256K1_SCALAR_VERIFY(r1);
147  SECP256K1_SCALAR_VERIFY(r2);
148 }
149 
150 SECP256K1_INLINE static int secp256k1_scalar_eq(const secp256k1_scalar *a, const secp256k1_scalar *b) {
151  SECP256K1_SCALAR_VERIFY(a);
152  SECP256K1_SCALAR_VERIFY(b);
153 
154  return *a == *b;
155 }
156 
157 static SECP256K1_INLINE void secp256k1_scalar_cmov(secp256k1_scalar *r, const secp256k1_scalar *a, int flag) {
158  uint32_t mask0, mask1;
159  volatile int vflag = flag;
160  SECP256K1_SCALAR_VERIFY(a);
161  SECP256K1_CHECKMEM_CHECK_VERIFY(r, sizeof(*r));
162 
163  mask0 = vflag + ~((uint32_t)0);
164  mask1 = ~mask0;
165  *r = (*r & mask0) | (*a & mask1);
166 
167  SECP256K1_SCALAR_VERIFY(r);
168 }
169 
170 static void secp256k1_scalar_inverse(secp256k1_scalar *r, const secp256k1_scalar *x) {
171  int i;
172  *r = 0;
173  SECP256K1_SCALAR_VERIFY(x);
174 
175  for (i = 0; i < EXHAUSTIVE_TEST_ORDER; i++)
176  if ((i * *x) % EXHAUSTIVE_TEST_ORDER == 1)
177  *r = i;
178 
179  SECP256K1_SCALAR_VERIFY(r);
180  /* If this VERIFY_CHECK triggers we were given a noninvertible scalar (and thus
181  * have a composite group order; fix it in exhaustive_tests.c). */
182  VERIFY_CHECK(*r != 0);
183 }
184 
185 static void secp256k1_scalar_inverse_var(secp256k1_scalar *r, const secp256k1_scalar *x) {
186  SECP256K1_SCALAR_VERIFY(x);
187 
188  secp256k1_scalar_inverse(r, x);
189 
190  SECP256K1_SCALAR_VERIFY(r);
191 }
192 
193 static void secp256k1_scalar_half(secp256k1_scalar *r, const secp256k1_scalar *a) {
194  SECP256K1_SCALAR_VERIFY(a);
195 
196  *r = (*a + ((-(uint32_t)(*a & 1)) & EXHAUSTIVE_TEST_ORDER)) >> 1;
197 
198  SECP256K1_SCALAR_VERIFY(r);
199 }
200 
201 #endif /* SECP256K1_SCALAR_REPR_IMPL_H */
SECP256K1_CHECKMEM_CHECK_VERIFY
#define SECP256K1_CHECKMEM_CHECK_VERIFY(p, len)
Definition: checkmem.h:99
SECP256K1_SCALAR_VERIFY
#define SECP256K1_SCALAR_VERIFY(r)
Definition: scalar.h:103
secp256k1_scalar_is_even
static SECP256K1_INLINE int secp256k1_scalar_is_even(const secp256k1_scalar *a)
Definition: scalar_low_impl.h:16
secp256k1_scalar_check_overflow
static SECP256K1_INLINE int secp256k1_scalar_check_overflow(const secp256k1_scalar *a)
Definition: scalar_low_impl.h:45
secp256k1_scalar_half
static void secp256k1_scalar_half(secp256k1_scalar *r, const secp256k1_scalar *a)
Definition: scalar_low_impl.h:193
secp256k1_scalar_get_bits_var
static SECP256K1_INLINE unsigned int secp256k1_scalar_get_bits_var(const secp256k1_scalar *a, unsigned int offset, unsigned int count)
Definition: scalar_low_impl.h:39
secp256k1_scalar_clear
static SECP256K1_INLINE void secp256k1_scalar_clear(secp256k1_scalar *r)
Definition: scalar_low_impl.h:22
secp256k1_scalar_set_b32
static void secp256k1_scalar_set_b32(secp256k1_scalar *r, const unsigned char *b32, int *overflow)
Definition: scalar_low_impl.h:69
secp256k1_scalar_inverse_var
static void secp256k1_scalar_inverse_var(secp256k1_scalar *r, const secp256k1_scalar *x)
Definition: scalar_low_impl.h:185
secp256k1_scalar_get_b32
static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar *a)
Definition: scalar_low_impl.h:85
secp256k1_scalar_set_int
static SECP256K1_INLINE void secp256k1_scalar_set_int(secp256k1_scalar *r, unsigned int v)
Definition: scalar_low_impl.h:24
secp256k1_scalar_inverse
static void secp256k1_scalar_inverse(secp256k1_scalar *r, const secp256k1_scalar *x)
Definition: scalar_low_impl.h:170
secp256k1_scalar_cmov
static SECP256K1_INLINE void secp256k1_scalar_cmov(secp256k1_scalar *r, const secp256k1_scalar *a, int flag)
Definition: scalar_low_impl.h:157
secp256k1_scalar_eq
static SECP256K1_INLINE int secp256k1_scalar_eq(const secp256k1_scalar *a, const secp256k1_scalar *b)
Definition: scalar_low_impl.h:150
secp256k1_scalar_add
static int secp256k1_scalar_add(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b)
Definition: scalar_low_impl.h:47
secp256k1_scalar_cond_negate
static int secp256k1_scalar_cond_negate(secp256k1_scalar *r, int flag)
Definition: scalar_low_impl.h:122
secp256k1_scalar_mul
static void secp256k1_scalar_mul(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b)
Definition: scalar_low_impl.h:131
secp256k1_scalar_negate
static void secp256k1_scalar_negate(secp256k1_scalar *r, const secp256k1_scalar *a)
Definition: scalar_low_impl.h:98
secp256k1_scalar_is_zero
static SECP256K1_INLINE int secp256k1_scalar_is_zero(const secp256k1_scalar *a)
Definition: scalar_low_impl.h:92
secp256k1_scalar_is_high
static int secp256k1_scalar_is_high(const secp256k1_scalar *a)
Definition: scalar_low_impl.h:116
secp256k1_scalar_get_bits
static SECP256K1_INLINE unsigned int secp256k1_scalar_get_bits(const secp256k1_scalar *a, unsigned int offset, unsigned int count)
Definition: scalar_low_impl.h:30
secp256k1_scalar_split_128
static void secp256k1_scalar_split_128(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *a)
Definition: scalar_low_impl.h:140
secp256k1_scalar_cadd_bit
static void secp256k1_scalar_cadd_bit(secp256k1_scalar *r, unsigned int bit, int flag)
Definition: scalar_low_impl.h:57
secp256k1_scalar_is_one
static SECP256K1_INLINE int secp256k1_scalar_is_one(const secp256k1_scalar *a)
Definition: scalar_low_impl.h:110
SECP256K1_INLINE
#define SECP256K1_INLINE
Definition: util.h:48
VERIFY_CHECK
#define VERIFY_CHECK(cond)
Definition: util.h:153
secp256k1_scalar
A scalar modulo the group order of the secp256k1 curve.
Definition: scalar_4x64.h:13
count
static int count
Definition: tests_exhaustive.c:34
EXHAUSTIVE_TEST_ORDER
#define EXHAUSTIVE_TEST_ORDER
Definition: tests_exhaustive.c:13
Generated on Fri Apr 19 2024 20:02:37 for Bitcoin Core by doxygen 1.9.1