ecae2acb06
bccaf86 Merge pull request #150 2a53a47 Merge pull request #151 5f5a31f Merge pull request #149 3907277 Merge pull request #142 a3e0611 Enable tests in x86 travis builds 45da235 x86 builder 8bb0e93 Merge pull request #155 971fe81 build: fix openssl detection for cross builds f22d73e Explicitly access %0..%2 as 64-bit so we use the right registers for x32 ABI e66d4d6 Avoid the stack in assembly and use explicit registers cf7b2b4 Fix ECDSA message hashes to 32 bytes 056ad31 Really compile with -O3 by default 74ad63a Merge pull request #146 9000458 Merge pull request #145 1f46b00 build: fix __builtin_expect detection for clang aaba2e0 Merge pull request #136 8a0775c Merge pull request #144 ee1eaa7 Merge pull request #141 c88e2b8 Compile with -O3 by default 6558a26 Make the benchmarks print out stats 000bdf6 Rename bench_verify to bench_recovery 7c6fed2 Add a few more additional tests. 992e03b travis: add clang to the test matrix b43b79a Merge pull request #143 e06a924 Include time.h header for time(). 8d11164 Add some additional tests. 3545627 Merge pull request #118 6a9901e Merge pull request #137 376b28b Merge pull request #128 1728806 Merge pull request #138 a5759c5 Check return value of malloc 39bd94d Variable time normalize ad86bdf Merge pull request #140 54b768c Another redundant secp256k1_fe_normalize 69dcaab Merge pull request #139 1c29f2e Remove redundant secp256k1_fe_normalize from secp256k1_gej_add_ge_var. 2b9388b Remove unused secp256k1_fe_inv_all f461b76 Allocate precomputation arrays on the heap b2c9681 Make {mul,sqr}_inner use the same argument order as {mul,sqr} 6793505 Convert YASM code into inline assembly f048615 Rewrite field assembly to match the C version 3ce74b1 Tweak precomputed table size for G git-subtree-dir: src/secp256k1 git-subtree-split: bccaf86caa9c44166e5a66600b742c516e03c3f0
122 lines
5.2 KiB
C
122 lines
5.2 KiB
C
/**********************************************************************
|
|
* Copyright (c) 2013, 2014 Pieter Wuille *
|
|
* Distributed under the MIT software license, see the accompanying *
|
|
* file COPYING or http://www.opensource.org/licenses/mit-license.php.*
|
|
**********************************************************************/
|
|
|
|
#ifndef _SECP256K1_GROUP_
|
|
#define _SECP256K1_GROUP_
|
|
|
|
#include "num.h"
|
|
#include "field.h"
|
|
|
|
/** A group element of the secp256k1 curve, in affine coordinates. */
|
|
typedef struct {
|
|
secp256k1_fe_t x;
|
|
secp256k1_fe_t y;
|
|
int infinity; /* whether this represents the point at infinity */
|
|
} secp256k1_ge_t;
|
|
|
|
/** A group element of the secp256k1 curve, in jacobian coordinates. */
|
|
typedef struct {
|
|
secp256k1_fe_t x; /* actual X: x/z^2 */
|
|
secp256k1_fe_t y; /* actual Y: y/z^3 */
|
|
secp256k1_fe_t z;
|
|
int infinity; /* whether this represents the point at infinity */
|
|
} secp256k1_gej_t;
|
|
|
|
/** Global constants related to the group */
|
|
typedef struct {
|
|
secp256k1_ge_t g; /* the generator point */
|
|
|
|
#ifdef USE_ENDOMORPHISM
|
|
/* constants related to secp256k1's efficiently computable endomorphism */
|
|
secp256k1_fe_t beta;
|
|
#endif
|
|
} secp256k1_ge_consts_t;
|
|
|
|
static const secp256k1_ge_consts_t *secp256k1_ge_consts = NULL;
|
|
|
|
/** Initialize the group module. */
|
|
static void secp256k1_ge_start(void);
|
|
|
|
/** De-initialize the group module. */
|
|
static void secp256k1_ge_stop(void);
|
|
|
|
/** Set a group element equal to the point at infinity */
|
|
static void secp256k1_ge_set_infinity(secp256k1_ge_t *r);
|
|
|
|
/** Set a group element equal to the point with given X and Y coordinates */
|
|
static void secp256k1_ge_set_xy(secp256k1_ge_t *r, const secp256k1_fe_t *x, const secp256k1_fe_t *y);
|
|
|
|
/** Set a group element (affine) equal to the point with the given X coordinate, and given oddness
|
|
* for Y. Return value indicates whether the result is valid. */
|
|
static int secp256k1_ge_set_xo_var(secp256k1_ge_t *r, const secp256k1_fe_t *x, int odd);
|
|
|
|
/** Check whether a group element is the point at infinity. */
|
|
static int secp256k1_ge_is_infinity(const secp256k1_ge_t *a);
|
|
|
|
/** Check whether a group element is valid (i.e., on the curve). */
|
|
static int secp256k1_ge_is_valid_var(const secp256k1_ge_t *a);
|
|
|
|
static void secp256k1_ge_neg(secp256k1_ge_t *r, const secp256k1_ge_t *a);
|
|
static void secp256k1_ge_neg_var(secp256k1_ge_t *r, const secp256k1_ge_t *a);
|
|
|
|
/** Get a hex representation of a point. *rlen will be overwritten with the real length. */
|
|
static void secp256k1_ge_get_hex(char *r, int *rlen, const secp256k1_ge_t *a);
|
|
|
|
/** Set a group element equal to another which is given in jacobian coordinates */
|
|
static void secp256k1_ge_set_gej(secp256k1_ge_t *r, secp256k1_gej_t *a);
|
|
|
|
/** Set a batch of group elements equal to the inputs given in jacobian coordinates */
|
|
static void secp256k1_ge_set_all_gej_var(size_t len, secp256k1_ge_t r[len], const secp256k1_gej_t a[len]);
|
|
|
|
|
|
/** Set a group element (jacobian) equal to the point at infinity. */
|
|
static void secp256k1_gej_set_infinity(secp256k1_gej_t *r);
|
|
|
|
/** Set a group element (jacobian) equal to the point with given X and Y coordinates. */
|
|
static void secp256k1_gej_set_xy(secp256k1_gej_t *r, const secp256k1_fe_t *x, const secp256k1_fe_t *y);
|
|
|
|
/** Set a group element (jacobian) equal to another which is given in affine coordinates. */
|
|
static void secp256k1_gej_set_ge(secp256k1_gej_t *r, const secp256k1_ge_t *a);
|
|
|
|
/** Get the X coordinate of a group element (jacobian). */
|
|
static void secp256k1_gej_get_x_var(secp256k1_fe_t *r, const secp256k1_gej_t *a);
|
|
|
|
/** Set r equal to the inverse of a (i.e., mirrored around the X axis) */
|
|
static void secp256k1_gej_neg_var(secp256k1_gej_t *r, const secp256k1_gej_t *a);
|
|
|
|
/** Check whether a group element is the point at infinity. */
|
|
static int secp256k1_gej_is_infinity(const secp256k1_gej_t *a);
|
|
|
|
/** Set r equal to the double of a. */
|
|
static void secp256k1_gej_double_var(secp256k1_gej_t *r, const secp256k1_gej_t *a);
|
|
|
|
/** Set r equal to the sum of a and b. */
|
|
static void secp256k1_gej_add_var(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_gej_t *b);
|
|
|
|
/** Set r equal to the sum of a and b (with b given in affine coordinates, and not infinity). */
|
|
static void secp256k1_gej_add_ge(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_ge_t *b);
|
|
|
|
/** Set r equal to the sum of a and b (with b given in affine coordinates). This is more efficient
|
|
than secp256k1_gej_add_var. It is identical to secp256k1_gej_add_ge but without constant-time
|
|
guarantee, and b is allowed to be infinity. */
|
|
static void secp256k1_gej_add_ge_var(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_ge_t *b);
|
|
|
|
/** Get a hex representation of a point. *rlen will be overwritten with the real length. */
|
|
static void secp256k1_gej_get_hex(char *r, int *rlen, const secp256k1_gej_t *a);
|
|
|
|
#ifdef USE_ENDOMORPHISM
|
|
/** Set r to be equal to lambda times a, where lambda is chosen in a way such that this is very fast. */
|
|
static void secp256k1_gej_mul_lambda(secp256k1_gej_t *r, const secp256k1_gej_t *a);
|
|
#endif
|
|
|
|
/** Clear a secp256k1_gej_t to prevent leaking sensitive information. */
|
|
static void secp256k1_gej_clear(secp256k1_gej_t *r);
|
|
|
|
/** Clear a secp256k1_ge_t to prevent leaking sensitive information. */
|
|
static void secp256k1_ge_clear(secp256k1_ge_t *r);
|
|
|
|
#endif
|