github.com/shogo82148/std@v1.22.1-0.20240327122250-4e474527810c/crypto/internal/edwards25519/field/fe.go (about) 1 // Copyright (c) 2017 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 // Package field implements fast arithmetic modulo 2^255-19. 6 package field 7 8 // Element represents an element of the field GF(2^255-19). Note that this 9 // is not a cryptographically secure group, and should only be used to interact 10 // with edwards25519.Point coordinates. 11 // 12 // This type works similarly to math/big.Int, and all arguments and receivers 13 // are allowed to alias. 14 // 15 // The zero value is a valid zero element. 16 type Element struct { 17 // An element t represents the integer 18 // t.l0 + t.l1*2^51 + t.l2*2^102 + t.l3*2^153 + t.l4*2^204 19 // 20 // Between operations, all limbs are expected to be lower than 2^52. 21 l0 uint64 22 l1 uint64 23 l2 uint64 24 l3 uint64 25 l4 uint64 26 } 27 28 // Zero sets v = 0, and returns v. 29 func (v *Element) Zero() *Element 30 31 // One sets v = 1, and returns v. 32 func (v *Element) One() *Element 33 34 // Add sets v = a + b, and returns v. 35 func (v *Element) Add(a, b *Element) *Element 36 37 // Subtract sets v = a - b, and returns v. 38 func (v *Element) Subtract(a, b *Element) *Element 39 40 // Negate sets v = -a, and returns v. 41 func (v *Element) Negate(a *Element) *Element 42 43 // Invert sets v = 1/z mod p, and returns v. 44 // 45 // If z == 0, Invert returns v = 0. 46 func (v *Element) Invert(z *Element) *Element 47 48 // Set sets v = a, and returns v. 49 func (v *Element) Set(a *Element) *Element 50 51 // SetBytes sets v to x, where x is a 32-byte little-endian encoding. If x is 52 // not of the right length, SetBytes returns nil and an error, and the 53 // receiver is unchanged. 54 // 55 // Consistent with RFC 7748, the most significant bit (the high bit of the 56 // last byte) is ignored, and non-canonical values (2^255-19 through 2^255-1) 57 // are accepted. Note that this is laxer than specified by RFC 8032, but 58 // consistent with most Ed25519 implementations. 59 func (v *Element) SetBytes(x []byte) (*Element, error) 60 61 // Bytes returns the canonical 32-byte little-endian encoding of v. 62 func (v *Element) Bytes() []byte 63 64 // Equal returns 1 if v and u are equal, and 0 otherwise. 65 func (v *Element) Equal(u *Element) int 66 67 // Select sets v to a if cond == 1, and to b if cond == 0. 68 func (v *Element) Select(a, b *Element, cond int) *Element 69 70 // Swap swaps v and u if cond == 1 or leaves them unchanged if cond == 0, and returns v. 71 func (v *Element) Swap(u *Element, cond int) 72 73 // IsNegative returns 1 if v is negative, and 0 otherwise. 74 func (v *Element) IsNegative() int 75 76 // Absolute sets v to |u|, and returns v. 77 func (v *Element) Absolute(u *Element) *Element 78 79 // Multiply sets v = x * y, and returns v. 80 func (v *Element) Multiply(x, y *Element) *Element 81 82 // Square sets v = x * x, and returns v. 83 func (v *Element) Square(x *Element) *Element 84 85 // Mult32 sets v = x * y, and returns v. 86 func (v *Element) Mult32(x *Element, y uint32) *Element 87 88 // Pow22523 set v = x^((p-5)/8), and returns v. (p-5)/8 is 2^252-3. 89 func (v *Element) Pow22523(x *Element) *Element 90 91 // SqrtRatio sets r to the non-negative square root of the ratio of u and v. 92 // 93 // If u/v is square, SqrtRatio returns r and 1. If u/v is not square, SqrtRatio 94 // sets r according to Section 4.3 of draft-irtf-cfrg-ristretto255-decaf448-00, 95 // and returns r and 0. 96 func (r *Element) SqrtRatio(u, v *Element) (R *Element, wasSquare int)