Changeset View
Changeset View
Standalone View
Standalone View
src/secp256k1/src/scalar.h
/*********************************************************************** | /*********************************************************************** | ||||
* Copyright (c) 2014 Pieter Wuille * | * Copyright (c) 2014 Pieter Wuille * | ||||
* Distributed under the MIT software license, see the accompanying * | * Distributed under the MIT software license, see the accompanying * | ||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php.* | * file COPYING or https://www.opensource.org/licenses/mit-license.php.* | ||||
***********************************************************************/ | ***********************************************************************/ | ||||
#ifndef SECP256K1_SCALAR_H | #ifndef SECP256K1_SCALAR_H | ||||
#define SECP256K1_SCALAR_H | #define SECP256K1_SCALAR_H | ||||
#include "num.h" | |||||
#include "util.h" | #include "util.h" | ||||
#if defined HAVE_CONFIG_H | #if defined HAVE_CONFIG_H | ||||
#include "libsecp256k1-config.h" | #include "libsecp256k1-config.h" | ||||
#endif | #endif | ||||
#if defined(EXHAUSTIVE_TEST_ORDER) | #if defined(EXHAUSTIVE_TEST_ORDER) | ||||
#include "scalar_low.h" | #include "scalar_low.h" | ||||
▲ Show 20 Lines • Show All 64 Lines • ▼ Show 20 Lines | |||||
/** Check whether a scalar is higher than the group order divided by 2. */ | /** Check whether a scalar is higher than the group order divided by 2. */ | ||||
static int secp256k1_scalar_is_high(const secp256k1_scalar *a); | static int secp256k1_scalar_is_high(const secp256k1_scalar *a); | ||||
/** Conditionally negate a number, in constant time. | /** Conditionally negate a number, in constant time. | ||||
* Returns -1 if the number was negated, 1 otherwise */ | * Returns -1 if the number was negated, 1 otherwise */ | ||||
static int secp256k1_scalar_cond_negate(secp256k1_scalar *a, int flag); | static int secp256k1_scalar_cond_negate(secp256k1_scalar *a, int flag); | ||||
#ifndef USE_NUM_NONE | |||||
/** Convert a scalar to a number. */ | |||||
static void secp256k1_scalar_get_num(secp256k1_num *r, const secp256k1_scalar *a); | |||||
/** Get the order of the group as a number. */ | |||||
static void secp256k1_scalar_order_get_num(secp256k1_num *r); | |||||
#endif | |||||
/** Compare two scalars. */ | /** Compare two scalars. */ | ||||
static int secp256k1_scalar_eq(const secp256k1_scalar *a, const secp256k1_scalar *b); | static int secp256k1_scalar_eq(const secp256k1_scalar *a, const secp256k1_scalar *b); | ||||
/** Find r1 and r2 such that r1+r2*2^128 = k. */ | /** Find r1 and r2 such that r1+r2*2^128 = k. */ | ||||
static void secp256k1_scalar_split_128(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *k); | static void secp256k1_scalar_split_128(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *k); | ||||
/** Find r1 and r2 such that r1+r2*lambda = k, | /** Find r1 and r2 such that r1+r2*lambda = k, | ||||
* where r1 and r2 or their negations are maximum 128 bits long (see secp256k1_ge_mul_lambda). */ | * where r1 and r2 or their negations are maximum 128 bits long (see secp256k1_ge_mul_lambda). */ | ||||
static void secp256k1_scalar_split_lambda(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *k); | static void secp256k1_scalar_split_lambda(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *k); | ||||
/** Multiply a and b (without taking the modulus!), divide by 2**shift, and round to the nearest integer. Shift must be at least 256. */ | /** Multiply a and b (without taking the modulus!), divide by 2**shift, and round to the nearest integer. Shift must be at least 256. */ | ||||
static void secp256k1_scalar_mul_shift_var(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b, unsigned int shift); | static void secp256k1_scalar_mul_shift_var(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b, unsigned int shift); | ||||
/** If flag is true, set *r equal to *a; otherwise leave it. Constant-time. Both *r and *a must be initialized.*/ | /** If flag is true, set *r equal to *a; otherwise leave it. Constant-time. Both *r and *a must be initialized.*/ | ||||
static void secp256k1_scalar_cmov(secp256k1_scalar *r, const secp256k1_scalar *a, int flag); | static void secp256k1_scalar_cmov(secp256k1_scalar *r, const secp256k1_scalar *a, int flag); | ||||
#endif /* SECP256K1_SCALAR_H */ | #endif /* SECP256K1_SCALAR_H */ |