git.gammaspectra.live/P2Pool/consensus/v3@v3.8.0/monero/crypto/edwards25519.go (about) 1 package crypto 2 3 // limit = 2^252 + 27742317777372353535851937790883648493. 4 // limit fits 15 times in 32 bytes (iow, 15 l is the highest multiple of l that fits in 32 bytes) 5 var limit = []byte{0xe3, 0x6a, 0x67, 0x72, 0x8b, 0xce, 0x13, 0x29, 0x8f, 0x30, 0x82, 0x8c, 0x0b, 0xa4, 0x10, 0x39, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xf0} 6 7 // less32 each input must be at least 32 bytes long 8 func less32(a, b []byte) bool { 9 _ = b[31] // bounds check hint to compiler; see golang.org/issue/14808 10 11 for n := 31; n >= 0; n-- { 12 if a[n] < b[n] { 13 return true 14 } else if a[n] > b[n] { 15 return false 16 } 17 } 18 19 return false 20 } 21 22 func load3(in []byte) (result int64) { 23 _ = in[2] // bounds check hint to compiler; see golang.org/issue/14808 24 result = int64(in[0]) | (int64(in[1]) << 8) | (int64(in[2]) << 16) 25 return 26 } 27 28 func load4(in []byte) (result int64) { 29 _ = in[3] // bounds check hint to compiler; see golang.org/issue/14808 30 result = int64(in[0]) | (int64(in[1]) << 8) | (int64(in[2]) << 16) | (int64(in[3]) << 24) 31 return 32 } 33 34 func scReduce32(s []byte) { 35 _ = s[31] // bounds check hint to compiler; see golang.org/issue/14808 36 37 s0 := 2097151 & load3(s[:]) 38 s1 := 2097151 & (load4(s[2:]) >> 5) 39 s2 := 2097151 & (load3(s[5:]) >> 2) 40 s3 := 2097151 & (load4(s[7:]) >> 7) 41 s4 := 2097151 & (load4(s[10:]) >> 4) 42 s5 := 2097151 & (load3(s[13:]) >> 1) 43 s6 := 2097151 & (load4(s[15:]) >> 6) 44 s7 := 2097151 & (load3(s[18:]) >> 3) 45 s8 := 2097151 & load3(s[21:]) 46 s9 := 2097151 & (load4(s[23:]) >> 5) 47 s10 := 2097151 & (load3(s[26:]) >> 2) 48 s11 := load4(s[28:]) >> 7 49 s12 := int64(0) 50 var carry [12]int64 51 carry[0] = (s0 + (1 << 20)) >> 21 52 s1 += carry[0] 53 s0 -= carry[0] << 21 54 carry[2] = (s2 + (1 << 20)) >> 21 55 s3 += carry[2] 56 s2 -= carry[2] << 21 57 carry[4] = (s4 + (1 << 20)) >> 21 58 s5 += carry[4] 59 s4 -= carry[4] << 21 60 carry[6] = (s6 + (1 << 20)) >> 21 61 s7 += carry[6] 62 s6 -= carry[6] << 21 63 carry[8] = (s8 + (1 << 20)) >> 21 64 s9 += carry[8] 65 s8 -= carry[8] << 21 66 carry[10] = (s10 + (1 << 20)) >> 21 67 s11 += carry[10] 68 s10 -= carry[10] << 21 69 carry[1] = (s1 + (1 << 20)) >> 21 70 s2 += carry[1] 71 s1 -= carry[1] << 21 72 carry[3] = (s3 + (1 << 20)) >> 21 73 s4 += carry[3] 74 s3 -= carry[3] << 21 75 carry[5] = (s5 + (1 << 20)) >> 21 76 s6 += carry[5] 77 s5 -= carry[5] << 21 78 carry[7] = (s7 + (1 << 20)) >> 21 79 s8 += carry[7] 80 s7 -= carry[7] << 21 81 carry[9] = (s9 + (1 << 20)) >> 21 82 s10 += carry[9] 83 s9 -= carry[9] << 21 84 carry[11] = (s11 + (1 << 20)) >> 21 85 s12 += carry[11] 86 s11 -= carry[11] << 21 87 88 s0 += s12 * 666643 89 s1 += s12 * 470296 90 s2 += s12 * 654183 91 s3 -= s12 * 997805 92 s4 += s12 * 136657 93 s5 -= s12 * 683901 94 s12 = 0 95 96 carry[0] = s0 >> 21 97 s1 += carry[0] 98 s0 -= carry[0] << 21 99 carry[1] = s1 >> 21 100 s2 += carry[1] 101 s1 -= carry[1] << 21 102 carry[2] = s2 >> 21 103 s3 += carry[2] 104 s2 -= carry[2] << 21 105 carry[3] = s3 >> 21 106 s4 += carry[3] 107 s3 -= carry[3] << 21 108 carry[4] = s4 >> 21 109 s5 += carry[4] 110 s4 -= carry[4] << 21 111 carry[5] = s5 >> 21 112 s6 += carry[5] 113 s5 -= carry[5] << 21 114 carry[6] = s6 >> 21 115 s7 += carry[6] 116 s6 -= carry[6] << 21 117 carry[7] = s7 >> 21 118 s8 += carry[7] 119 s7 -= carry[7] << 21 120 carry[8] = s8 >> 21 121 s9 += carry[8] 122 s8 -= carry[8] << 21 123 carry[9] = s9 >> 21 124 s10 += carry[9] 125 s9 -= carry[9] << 21 126 carry[10] = s10 >> 21 127 s11 += carry[10] 128 s10 -= carry[10] << 21 129 carry[11] = s11 >> 21 130 s12 += carry[11] 131 s11 -= carry[11] << 21 132 133 s0 += s12 * 666643 134 s1 += s12 * 470296 135 s2 += s12 * 654183 136 s3 -= s12 * 997805 137 s4 += s12 * 136657 138 s5 -= s12 * 683901 139 140 carry[0] = s0 >> 21 141 s1 += carry[0] 142 s0 -= carry[0] << 21 143 carry[1] = s1 >> 21 144 s2 += carry[1] 145 s1 -= carry[1] << 21 146 carry[2] = s2 >> 21 147 s3 += carry[2] 148 s2 -= carry[2] << 21 149 carry[3] = s3 >> 21 150 s4 += carry[3] 151 s3 -= carry[3] << 21 152 carry[4] = s4 >> 21 153 s5 += carry[4] 154 s4 -= carry[4] << 21 155 carry[5] = s5 >> 21 156 s6 += carry[5] 157 s5 -= carry[5] << 21 158 carry[6] = s6 >> 21 159 s7 += carry[6] 160 s6 -= carry[6] << 21 161 carry[7] = s7 >> 21 162 s8 += carry[7] 163 s7 -= carry[7] << 21 164 carry[8] = s8 >> 21 165 s9 += carry[8] 166 s8 -= carry[8] << 21 167 carry[9] = s9 >> 21 168 s10 += carry[9] 169 s9 -= carry[9] << 21 170 carry[10] = s10 >> 21 171 s11 += carry[10] 172 s10 -= carry[10] << 21 173 174 s[0] = byte(s0 >> 0) 175 s[1] = byte(s0 >> 8) 176 s[2] = byte((s0 >> 16) | (s1 << 5)) 177 s[3] = byte(s1 >> 3) 178 s[4] = byte(s1 >> 11) 179 s[5] = byte((s1 >> 19) | (s2 << 2)) 180 s[6] = byte(s2 >> 6) 181 s[7] = byte((s2 >> 14) | (s3 << 7)) 182 s[8] = byte(s3 >> 1) 183 s[9] = byte(s3 >> 9) 184 s[10] = byte((s3 >> 17) | (s4 << 4)) 185 s[11] = byte(s4 >> 4) 186 s[12] = byte(s4 >> 12) 187 s[13] = byte((s4 >> 20) | (s5 << 1)) 188 s[14] = byte(s5 >> 7) 189 s[15] = byte((s5 >> 15) | (s6 << 6)) 190 s[16] = byte(s6 >> 2) 191 s[17] = byte(s6 >> 10) 192 s[18] = byte((s6 >> 18) | (s7 << 3)) 193 s[19] = byte(s7 >> 5) 194 s[20] = byte(s7 >> 13) 195 s[21] = byte(s8 >> 0) 196 s[22] = byte(s8 >> 8) 197 s[23] = byte((s8 >> 16) | (s9 << 5)) 198 s[24] = byte(s9 >> 3) 199 s[25] = byte(s9 >> 11) 200 s[26] = byte((s9 >> 19) | (s10 << 2)) 201 s[27] = byte(s10 >> 6) 202 s[28] = byte((s10 >> 14) | (s11 << 7)) 203 s[29] = byte(s11 >> 1) 204 s[30] = byte(s11 >> 9) 205 s[31] = byte(s11 >> 17) 206 }