github.com/shrimpyuk/bor@v0.2.15-0.20220224151350-fb4ec6020bae/crypto/secp256k1/libsecp256k1/src/scalar.h (about)

     1  /**********************************************************************
     2   * Copyright (c) 2014 Pieter Wuille                                   *
     3   * Distributed under the MIT software license, see the accompanying   *
     4   * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
     5   **********************************************************************/
     6  
     7  #ifndef _SECP256K1_SCALAR_
     8  #define _SECP256K1_SCALAR_
     9  
    10  #include "num.h"
    11  
    12  #if defined HAVE_CONFIG_H
    13  #include "libsecp256k1-config.h"
    14  #endif
    15  
    16  #if defined(EXHAUSTIVE_TEST_ORDER)
    17  #include "scalar_low.h"
    18  #elif defined(USE_SCALAR_4X64)
    19  #include "scalar_4x64.h"
    20  #elif defined(USE_SCALAR_8X32)
    21  #include "scalar_8x32.h"
    22  #else
    23  #error "Please select scalar implementation"
    24  #endif
    25  
    26  /** Clear a scalar to prevent the leak of sensitive data. */
    27  static void secp256k1_scalar_clear(secp256k1_scalar *r);
    28  
    29  /** Access bits from a scalar. All requested bits must belong to the same 32-bit limb. */
    30  static unsigned int secp256k1_scalar_get_bits(const secp256k1_scalar *a, unsigned int offset, unsigned int count);
    31  
    32  /** Access bits from a scalar. Not constant time. */
    33  static unsigned int secp256k1_scalar_get_bits_var(const secp256k1_scalar *a, unsigned int offset, unsigned int count);
    34  
    35  /** Set a scalar from a big endian byte array. */
    36  static void secp256k1_scalar_set_b32(secp256k1_scalar *r, const unsigned char *bin, int *overflow);
    37  
    38  /** Set a scalar to an unsigned integer. */
    39  static void secp256k1_scalar_set_int(secp256k1_scalar *r, unsigned int v);
    40  
    41  /** Convert a scalar to a byte array. */
    42  static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar* a);
    43  
    44  /** Add two scalars together (modulo the group order). Returns whether it overflowed. */
    45  static int secp256k1_scalar_add(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b);
    46  
    47  /** Conditionally add a power of two to a scalar. The result is not allowed to overflow. */
    48  static void secp256k1_scalar_cadd_bit(secp256k1_scalar *r, unsigned int bit, int flag);
    49  
    50  /** Multiply two scalars (modulo the group order). */
    51  static void secp256k1_scalar_mul(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b);
    52  
    53  /** Shift a scalar right by some amount strictly between 0 and 16, returning
    54   *  the low bits that were shifted off */
    55  static int secp256k1_scalar_shr_int(secp256k1_scalar *r, int n);
    56  
    57  /** Compute the square of a scalar (modulo the group order). */
    58  static void secp256k1_scalar_sqr(secp256k1_scalar *r, const secp256k1_scalar *a);
    59  
    60  /** Compute the inverse of a scalar (modulo the group order). */
    61  static void secp256k1_scalar_inverse(secp256k1_scalar *r, const secp256k1_scalar *a);
    62  
    63  /** Compute the inverse of a scalar (modulo the group order), without constant-time guarantee. */
    64  static void secp256k1_scalar_inverse_var(secp256k1_scalar *r, const secp256k1_scalar *a);
    65  
    66  /** Compute the complement of a scalar (modulo the group order). */
    67  static void secp256k1_scalar_negate(secp256k1_scalar *r, const secp256k1_scalar *a);
    68  
    69  /** Check whether a scalar equals zero. */
    70  static int secp256k1_scalar_is_zero(const secp256k1_scalar *a);
    71  
    72  /** Check whether a scalar equals one. */
    73  static int secp256k1_scalar_is_one(const secp256k1_scalar *a);
    74  
    75  /** Check whether a scalar, considered as an nonnegative integer, is even. */
    76  static int secp256k1_scalar_is_even(const secp256k1_scalar *a);
    77  
    78  /** Check whether a scalar is higher than the group order divided by 2. */
    79  static int secp256k1_scalar_is_high(const secp256k1_scalar *a);
    80  
    81  /** Conditionally negate a number, in constant time.
    82   * Returns -1 if the number was negated, 1 otherwise */
    83  static int secp256k1_scalar_cond_negate(secp256k1_scalar *a, int flag);
    84  
    85  #ifndef USE_NUM_NONE
    86  /** Convert a scalar to a number. */
    87  static void secp256k1_scalar_get_num(secp256k1_num *r, const secp256k1_scalar *a);
    88  
    89  /** Get the order of the group as a number. */
    90  static void secp256k1_scalar_order_get_num(secp256k1_num *r);
    91  #endif
    92  
    93  /** Compare two scalars. */
    94  static int secp256k1_scalar_eq(const secp256k1_scalar *a, const secp256k1_scalar *b);
    95  
    96  #ifdef USE_ENDOMORPHISM
    97  /** Find r1 and r2 such that r1+r2*2^128 = a. */
    98  static void secp256k1_scalar_split_128(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *a);
    99  /** Find r1 and r2 such that r1+r2*lambda = a, and r1 and r2 are maximum 128 bits long (see secp256k1_gej_mul_lambda). */
   100  static void secp256k1_scalar_split_lambda(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *a);
   101  #endif
   102  
   103  /** Multiply a and b (without taking the modulus!), divide by 2**shift, and round to the nearest integer. Shift must be at least 256. */
   104  static void secp256k1_scalar_mul_shift_var(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b, unsigned int shift);
   105  
   106  #endif