field_impl.h (17220B)
1 /*********************************************************************** 2 * Copyright (c) 2013, 2014 Pieter Wuille * 3 * Distributed under the MIT software license, see the accompanying * 4 * file COPYING or https://www.opensource.org/licenses/mit-license.php.* 5 ***********************************************************************/ 6 7 #ifndef SECP256K1_FIELD_IMPL_H 8 #define SECP256K1_FIELD_IMPL_H 9 10 #include "field.h" 11 #include "util.h" 12 13 #if defined(SECP256K1_WIDEMUL_INT128) 14 #include "field_5x52_impl.h" 15 #elif defined(SECP256K1_WIDEMUL_INT64) 16 #include "field_10x26_impl.h" 17 #else 18 #error "Please select wide multiplication implementation" 19 #endif 20 21 SECP256K1_INLINE static int haskellsecp256k1_v0_1_0_fe_equal(const haskellsecp256k1_v0_1_0_fe *a, const haskellsecp256k1_v0_1_0_fe *b) { 22 haskellsecp256k1_v0_1_0_fe na; 23 SECP256K1_FE_VERIFY(a); 24 SECP256K1_FE_VERIFY(b); 25 SECP256K1_FE_VERIFY_MAGNITUDE(a, 1); 26 SECP256K1_FE_VERIFY_MAGNITUDE(b, 31); 27 28 haskellsecp256k1_v0_1_0_fe_negate(&na, a, 1); 29 haskellsecp256k1_v0_1_0_fe_add(&na, b); 30 return haskellsecp256k1_v0_1_0_fe_normalizes_to_zero(&na); 31 } 32 33 static int haskellsecp256k1_v0_1_0_fe_sqrt(haskellsecp256k1_v0_1_0_fe * SECP256K1_RESTRICT r, const haskellsecp256k1_v0_1_0_fe * SECP256K1_RESTRICT a) { 34 /** Given that p is congruent to 3 mod 4, we can compute the square root of 35 * a mod p as the (p+1)/4'th power of a. 36 * 37 * As (p+1)/4 is an even number, it will have the same result for a and for 38 * (-a). Only one of these two numbers actually has a square root however, 39 * so we test at the end by squaring and comparing to the input. 40 * Also because (p+1)/4 is an even number, the computed square root is 41 * itself always a square (a ** ((p+1)/4) is the square of a ** ((p+1)/8)). 42 */ 43 haskellsecp256k1_v0_1_0_fe x2, x3, x6, x9, x11, x22, x44, x88, x176, x220, x223, t1; 44 int j, ret; 45 46 VERIFY_CHECK(r != a); 47 SECP256K1_FE_VERIFY(a); 48 SECP256K1_FE_VERIFY_MAGNITUDE(a, 8); 49 50 /** The binary representation of (p + 1)/4 has 3 blocks of 1s, with lengths in 51 * { 2, 22, 223 }. Use an addition chain to calculate 2^n - 1 for each block: 52 * 1, [2], 3, 6, 9, 11, [22], 44, 88, 176, 220, [223] 53 */ 54 55 haskellsecp256k1_v0_1_0_fe_sqr(&x2, a); 56 haskellsecp256k1_v0_1_0_fe_mul(&x2, &x2, a); 57 58 haskellsecp256k1_v0_1_0_fe_sqr(&x3, &x2); 59 haskellsecp256k1_v0_1_0_fe_mul(&x3, &x3, a); 60 61 x6 = x3; 62 for (j=0; j<3; j++) { 63 haskellsecp256k1_v0_1_0_fe_sqr(&x6, &x6); 64 } 65 haskellsecp256k1_v0_1_0_fe_mul(&x6, &x6, &x3); 66 67 x9 = x6; 68 for (j=0; j<3; j++) { 69 haskellsecp256k1_v0_1_0_fe_sqr(&x9, &x9); 70 } 71 haskellsecp256k1_v0_1_0_fe_mul(&x9, &x9, &x3); 72 73 x11 = x9; 74 for (j=0; j<2; j++) { 75 haskellsecp256k1_v0_1_0_fe_sqr(&x11, &x11); 76 } 77 haskellsecp256k1_v0_1_0_fe_mul(&x11, &x11, &x2); 78 79 x22 = x11; 80 for (j=0; j<11; j++) { 81 haskellsecp256k1_v0_1_0_fe_sqr(&x22, &x22); 82 } 83 haskellsecp256k1_v0_1_0_fe_mul(&x22, &x22, &x11); 84 85 x44 = x22; 86 for (j=0; j<22; j++) { 87 haskellsecp256k1_v0_1_0_fe_sqr(&x44, &x44); 88 } 89 haskellsecp256k1_v0_1_0_fe_mul(&x44, &x44, &x22); 90 91 x88 = x44; 92 for (j=0; j<44; j++) { 93 haskellsecp256k1_v0_1_0_fe_sqr(&x88, &x88); 94 } 95 haskellsecp256k1_v0_1_0_fe_mul(&x88, &x88, &x44); 96 97 x176 = x88; 98 for (j=0; j<88; j++) { 99 haskellsecp256k1_v0_1_0_fe_sqr(&x176, &x176); 100 } 101 haskellsecp256k1_v0_1_0_fe_mul(&x176, &x176, &x88); 102 103 x220 = x176; 104 for (j=0; j<44; j++) { 105 haskellsecp256k1_v0_1_0_fe_sqr(&x220, &x220); 106 } 107 haskellsecp256k1_v0_1_0_fe_mul(&x220, &x220, &x44); 108 109 x223 = x220; 110 for (j=0; j<3; j++) { 111 haskellsecp256k1_v0_1_0_fe_sqr(&x223, &x223); 112 } 113 haskellsecp256k1_v0_1_0_fe_mul(&x223, &x223, &x3); 114 115 /* The final result is then assembled using a sliding window over the blocks. */ 116 117 t1 = x223; 118 for (j=0; j<23; j++) { 119 haskellsecp256k1_v0_1_0_fe_sqr(&t1, &t1); 120 } 121 haskellsecp256k1_v0_1_0_fe_mul(&t1, &t1, &x22); 122 for (j=0; j<6; j++) { 123 haskellsecp256k1_v0_1_0_fe_sqr(&t1, &t1); 124 } 125 haskellsecp256k1_v0_1_0_fe_mul(&t1, &t1, &x2); 126 haskellsecp256k1_v0_1_0_fe_sqr(&t1, &t1); 127 haskellsecp256k1_v0_1_0_fe_sqr(r, &t1); 128 129 /* Check that a square root was actually calculated */ 130 131 haskellsecp256k1_v0_1_0_fe_sqr(&t1, r); 132 ret = haskellsecp256k1_v0_1_0_fe_equal(&t1, a); 133 134 #ifdef VERIFY 135 if (!ret) { 136 haskellsecp256k1_v0_1_0_fe_negate(&t1, &t1, 1); 137 haskellsecp256k1_v0_1_0_fe_normalize_var(&t1); 138 VERIFY_CHECK(haskellsecp256k1_v0_1_0_fe_equal(&t1, a)); 139 } 140 #endif 141 return ret; 142 } 143 144 #ifndef VERIFY 145 static void haskellsecp256k1_v0_1_0_fe_verify(const haskellsecp256k1_v0_1_0_fe *a) { (void)a; } 146 static void haskellsecp256k1_v0_1_0_fe_verify_magnitude(const haskellsecp256k1_v0_1_0_fe *a, int m) { (void)a; (void)m; } 147 #else 148 static void haskellsecp256k1_v0_1_0_fe_impl_verify(const haskellsecp256k1_v0_1_0_fe *a); 149 static void haskellsecp256k1_v0_1_0_fe_verify(const haskellsecp256k1_v0_1_0_fe *a) { 150 /* Magnitude between 0 and 32. */ 151 SECP256K1_FE_VERIFY_MAGNITUDE(a, 32); 152 /* Normalized is 0 or 1. */ 153 VERIFY_CHECK((a->normalized == 0) || (a->normalized == 1)); 154 /* If normalized, magnitude must be 0 or 1. */ 155 if (a->normalized) SECP256K1_FE_VERIFY_MAGNITUDE(a, 1); 156 /* Invoke implementation-specific checks. */ 157 haskellsecp256k1_v0_1_0_fe_impl_verify(a); 158 } 159 160 static void haskellsecp256k1_v0_1_0_fe_verify_magnitude(const haskellsecp256k1_v0_1_0_fe *a, int m) { 161 VERIFY_CHECK(m >= 0); 162 VERIFY_CHECK(m <= 32); 163 VERIFY_CHECK(a->magnitude <= m); 164 } 165 166 static void haskellsecp256k1_v0_1_0_fe_impl_normalize(haskellsecp256k1_v0_1_0_fe *r); 167 SECP256K1_INLINE static void haskellsecp256k1_v0_1_0_fe_normalize(haskellsecp256k1_v0_1_0_fe *r) { 168 SECP256K1_FE_VERIFY(r); 169 170 haskellsecp256k1_v0_1_0_fe_impl_normalize(r); 171 r->magnitude = 1; 172 r->normalized = 1; 173 174 SECP256K1_FE_VERIFY(r); 175 } 176 177 static void haskellsecp256k1_v0_1_0_fe_impl_normalize_weak(haskellsecp256k1_v0_1_0_fe *r); 178 SECP256K1_INLINE static void haskellsecp256k1_v0_1_0_fe_normalize_weak(haskellsecp256k1_v0_1_0_fe *r) { 179 SECP256K1_FE_VERIFY(r); 180 181 haskellsecp256k1_v0_1_0_fe_impl_normalize_weak(r); 182 r->magnitude = 1; 183 184 SECP256K1_FE_VERIFY(r); 185 } 186 187 static void haskellsecp256k1_v0_1_0_fe_impl_normalize_var(haskellsecp256k1_v0_1_0_fe *r); 188 SECP256K1_INLINE static void haskellsecp256k1_v0_1_0_fe_normalize_var(haskellsecp256k1_v0_1_0_fe *r) { 189 SECP256K1_FE_VERIFY(r); 190 191 haskellsecp256k1_v0_1_0_fe_impl_normalize_var(r); 192 r->magnitude = 1; 193 r->normalized = 1; 194 195 SECP256K1_FE_VERIFY(r); 196 } 197 198 static int haskellsecp256k1_v0_1_0_fe_impl_normalizes_to_zero(const haskellsecp256k1_v0_1_0_fe *r); 199 SECP256K1_INLINE static int haskellsecp256k1_v0_1_0_fe_normalizes_to_zero(const haskellsecp256k1_v0_1_0_fe *r) { 200 SECP256K1_FE_VERIFY(r); 201 202 return haskellsecp256k1_v0_1_0_fe_impl_normalizes_to_zero(r); 203 } 204 205 static int haskellsecp256k1_v0_1_0_fe_impl_normalizes_to_zero_var(const haskellsecp256k1_v0_1_0_fe *r); 206 SECP256K1_INLINE static int haskellsecp256k1_v0_1_0_fe_normalizes_to_zero_var(const haskellsecp256k1_v0_1_0_fe *r) { 207 SECP256K1_FE_VERIFY(r); 208 209 return haskellsecp256k1_v0_1_0_fe_impl_normalizes_to_zero_var(r); 210 } 211 212 static void haskellsecp256k1_v0_1_0_fe_impl_set_int(haskellsecp256k1_v0_1_0_fe *r, int a); 213 SECP256K1_INLINE static void haskellsecp256k1_v0_1_0_fe_set_int(haskellsecp256k1_v0_1_0_fe *r, int a) { 214 VERIFY_CHECK(0 <= a && a <= 0x7FFF); 215 216 haskellsecp256k1_v0_1_0_fe_impl_set_int(r, a); 217 r->magnitude = (a != 0); 218 r->normalized = 1; 219 220 SECP256K1_FE_VERIFY(r); 221 } 222 223 static void haskellsecp256k1_v0_1_0_fe_impl_add_int(haskellsecp256k1_v0_1_0_fe *r, int a); 224 SECP256K1_INLINE static void haskellsecp256k1_v0_1_0_fe_add_int(haskellsecp256k1_v0_1_0_fe *r, int a) { 225 VERIFY_CHECK(0 <= a && a <= 0x7FFF); 226 SECP256K1_FE_VERIFY(r); 227 228 haskellsecp256k1_v0_1_0_fe_impl_add_int(r, a); 229 r->magnitude += 1; 230 r->normalized = 0; 231 232 SECP256K1_FE_VERIFY(r); 233 } 234 235 static void haskellsecp256k1_v0_1_0_fe_impl_clear(haskellsecp256k1_v0_1_0_fe *a); 236 SECP256K1_INLINE static void haskellsecp256k1_v0_1_0_fe_clear(haskellsecp256k1_v0_1_0_fe *a) { 237 a->magnitude = 0; 238 a->normalized = 1; 239 haskellsecp256k1_v0_1_0_fe_impl_clear(a); 240 241 SECP256K1_FE_VERIFY(a); 242 } 243 244 static int haskellsecp256k1_v0_1_0_fe_impl_is_zero(const haskellsecp256k1_v0_1_0_fe *a); 245 SECP256K1_INLINE static int haskellsecp256k1_v0_1_0_fe_is_zero(const haskellsecp256k1_v0_1_0_fe *a) { 246 SECP256K1_FE_VERIFY(a); 247 VERIFY_CHECK(a->normalized); 248 249 return haskellsecp256k1_v0_1_0_fe_impl_is_zero(a); 250 } 251 252 static int haskellsecp256k1_v0_1_0_fe_impl_is_odd(const haskellsecp256k1_v0_1_0_fe *a); 253 SECP256K1_INLINE static int haskellsecp256k1_v0_1_0_fe_is_odd(const haskellsecp256k1_v0_1_0_fe *a) { 254 SECP256K1_FE_VERIFY(a); 255 VERIFY_CHECK(a->normalized); 256 257 return haskellsecp256k1_v0_1_0_fe_impl_is_odd(a); 258 } 259 260 static int haskellsecp256k1_v0_1_0_fe_impl_cmp_var(const haskellsecp256k1_v0_1_0_fe *a, const haskellsecp256k1_v0_1_0_fe *b); 261 SECP256K1_INLINE static int haskellsecp256k1_v0_1_0_fe_cmp_var(const haskellsecp256k1_v0_1_0_fe *a, const haskellsecp256k1_v0_1_0_fe *b) { 262 SECP256K1_FE_VERIFY(a); 263 SECP256K1_FE_VERIFY(b); 264 VERIFY_CHECK(a->normalized); 265 VERIFY_CHECK(b->normalized); 266 267 return haskellsecp256k1_v0_1_0_fe_impl_cmp_var(a, b); 268 } 269 270 static void haskellsecp256k1_v0_1_0_fe_impl_set_b32_mod(haskellsecp256k1_v0_1_0_fe *r, const unsigned char *a); 271 SECP256K1_INLINE static void haskellsecp256k1_v0_1_0_fe_set_b32_mod(haskellsecp256k1_v0_1_0_fe *r, const unsigned char *a) { 272 haskellsecp256k1_v0_1_0_fe_impl_set_b32_mod(r, a); 273 r->magnitude = 1; 274 r->normalized = 0; 275 276 SECP256K1_FE_VERIFY(r); 277 } 278 279 static int haskellsecp256k1_v0_1_0_fe_impl_set_b32_limit(haskellsecp256k1_v0_1_0_fe *r, const unsigned char *a); 280 SECP256K1_INLINE static int haskellsecp256k1_v0_1_0_fe_set_b32_limit(haskellsecp256k1_v0_1_0_fe *r, const unsigned char *a) { 281 if (haskellsecp256k1_v0_1_0_fe_impl_set_b32_limit(r, a)) { 282 r->magnitude = 1; 283 r->normalized = 1; 284 SECP256K1_FE_VERIFY(r); 285 return 1; 286 } else { 287 /* Mark the output field element as invalid. */ 288 r->magnitude = -1; 289 return 0; 290 } 291 } 292 293 static void haskellsecp256k1_v0_1_0_fe_impl_get_b32(unsigned char *r, const haskellsecp256k1_v0_1_0_fe *a); 294 SECP256K1_INLINE static void haskellsecp256k1_v0_1_0_fe_get_b32(unsigned char *r, const haskellsecp256k1_v0_1_0_fe *a) { 295 SECP256K1_FE_VERIFY(a); 296 VERIFY_CHECK(a->normalized); 297 298 haskellsecp256k1_v0_1_0_fe_impl_get_b32(r, a); 299 } 300 301 static void haskellsecp256k1_v0_1_0_fe_impl_negate_unchecked(haskellsecp256k1_v0_1_0_fe *r, const haskellsecp256k1_v0_1_0_fe *a, int m); 302 SECP256K1_INLINE static void haskellsecp256k1_v0_1_0_fe_negate_unchecked(haskellsecp256k1_v0_1_0_fe *r, const haskellsecp256k1_v0_1_0_fe *a, int m) { 303 SECP256K1_FE_VERIFY(a); 304 VERIFY_CHECK(m >= 0 && m <= 31); 305 SECP256K1_FE_VERIFY_MAGNITUDE(a, m); 306 307 haskellsecp256k1_v0_1_0_fe_impl_negate_unchecked(r, a, m); 308 r->magnitude = m + 1; 309 r->normalized = 0; 310 311 SECP256K1_FE_VERIFY(r); 312 } 313 314 static void haskellsecp256k1_v0_1_0_fe_impl_mul_int_unchecked(haskellsecp256k1_v0_1_0_fe *r, int a); 315 SECP256K1_INLINE static void haskellsecp256k1_v0_1_0_fe_mul_int_unchecked(haskellsecp256k1_v0_1_0_fe *r, int a) { 316 SECP256K1_FE_VERIFY(r); 317 318 VERIFY_CHECK(a >= 0 && a <= 32); 319 VERIFY_CHECK(a*r->magnitude <= 32); 320 haskellsecp256k1_v0_1_0_fe_impl_mul_int_unchecked(r, a); 321 r->magnitude *= a; 322 r->normalized = 0; 323 324 SECP256K1_FE_VERIFY(r); 325 } 326 327 static void haskellsecp256k1_v0_1_0_fe_impl_add(haskellsecp256k1_v0_1_0_fe *r, const haskellsecp256k1_v0_1_0_fe *a); 328 SECP256K1_INLINE static void haskellsecp256k1_v0_1_0_fe_add(haskellsecp256k1_v0_1_0_fe *r, const haskellsecp256k1_v0_1_0_fe *a) { 329 SECP256K1_FE_VERIFY(r); 330 SECP256K1_FE_VERIFY(a); 331 VERIFY_CHECK(r->magnitude + a->magnitude <= 32); 332 333 haskellsecp256k1_v0_1_0_fe_impl_add(r, a); 334 r->magnitude += a->magnitude; 335 r->normalized = 0; 336 337 SECP256K1_FE_VERIFY(r); 338 } 339 340 static void haskellsecp256k1_v0_1_0_fe_impl_mul(haskellsecp256k1_v0_1_0_fe *r, const haskellsecp256k1_v0_1_0_fe *a, const haskellsecp256k1_v0_1_0_fe * SECP256K1_RESTRICT b); 341 SECP256K1_INLINE static void haskellsecp256k1_v0_1_0_fe_mul(haskellsecp256k1_v0_1_0_fe *r, const haskellsecp256k1_v0_1_0_fe *a, const haskellsecp256k1_v0_1_0_fe * SECP256K1_RESTRICT b) { 342 SECP256K1_FE_VERIFY(a); 343 SECP256K1_FE_VERIFY(b); 344 SECP256K1_FE_VERIFY_MAGNITUDE(a, 8); 345 SECP256K1_FE_VERIFY_MAGNITUDE(b, 8); 346 VERIFY_CHECK(r != b); 347 VERIFY_CHECK(a != b); 348 349 haskellsecp256k1_v0_1_0_fe_impl_mul(r, a, b); 350 r->magnitude = 1; 351 r->normalized = 0; 352 353 SECP256K1_FE_VERIFY(r); 354 } 355 356 static void haskellsecp256k1_v0_1_0_fe_impl_sqr(haskellsecp256k1_v0_1_0_fe *r, const haskellsecp256k1_v0_1_0_fe *a); 357 SECP256K1_INLINE static void haskellsecp256k1_v0_1_0_fe_sqr(haskellsecp256k1_v0_1_0_fe *r, const haskellsecp256k1_v0_1_0_fe *a) { 358 SECP256K1_FE_VERIFY(a); 359 SECP256K1_FE_VERIFY_MAGNITUDE(a, 8); 360 361 haskellsecp256k1_v0_1_0_fe_impl_sqr(r, a); 362 r->magnitude = 1; 363 r->normalized = 0; 364 365 SECP256K1_FE_VERIFY(r); 366 } 367 368 static void haskellsecp256k1_v0_1_0_fe_impl_cmov(haskellsecp256k1_v0_1_0_fe *r, const haskellsecp256k1_v0_1_0_fe *a, int flag); 369 SECP256K1_INLINE static void haskellsecp256k1_v0_1_0_fe_cmov(haskellsecp256k1_v0_1_0_fe *r, const haskellsecp256k1_v0_1_0_fe *a, int flag) { 370 VERIFY_CHECK(flag == 0 || flag == 1); 371 SECP256K1_FE_VERIFY(a); 372 SECP256K1_FE_VERIFY(r); 373 374 haskellsecp256k1_v0_1_0_fe_impl_cmov(r, a, flag); 375 if (a->magnitude > r->magnitude) r->magnitude = a->magnitude; 376 if (!a->normalized) r->normalized = 0; 377 378 SECP256K1_FE_VERIFY(r); 379 } 380 381 static void haskellsecp256k1_v0_1_0_fe_impl_to_storage(haskellsecp256k1_v0_1_0_fe_storage *r, const haskellsecp256k1_v0_1_0_fe *a); 382 SECP256K1_INLINE static void haskellsecp256k1_v0_1_0_fe_to_storage(haskellsecp256k1_v0_1_0_fe_storage *r, const haskellsecp256k1_v0_1_0_fe *a) { 383 SECP256K1_FE_VERIFY(a); 384 VERIFY_CHECK(a->normalized); 385 386 haskellsecp256k1_v0_1_0_fe_impl_to_storage(r, a); 387 } 388 389 static void haskellsecp256k1_v0_1_0_fe_impl_from_storage(haskellsecp256k1_v0_1_0_fe *r, const haskellsecp256k1_v0_1_0_fe_storage *a); 390 SECP256K1_INLINE static void haskellsecp256k1_v0_1_0_fe_from_storage(haskellsecp256k1_v0_1_0_fe *r, const haskellsecp256k1_v0_1_0_fe_storage *a) { 391 haskellsecp256k1_v0_1_0_fe_impl_from_storage(r, a); 392 r->magnitude = 1; 393 r->normalized = 1; 394 395 SECP256K1_FE_VERIFY(r); 396 } 397 398 static void haskellsecp256k1_v0_1_0_fe_impl_inv(haskellsecp256k1_v0_1_0_fe *r, const haskellsecp256k1_v0_1_0_fe *x); 399 SECP256K1_INLINE static void haskellsecp256k1_v0_1_0_fe_inv(haskellsecp256k1_v0_1_0_fe *r, const haskellsecp256k1_v0_1_0_fe *x) { 400 int input_is_zero = haskellsecp256k1_v0_1_0_fe_normalizes_to_zero(x); 401 SECP256K1_FE_VERIFY(x); 402 403 haskellsecp256k1_v0_1_0_fe_impl_inv(r, x); 404 r->magnitude = x->magnitude > 0; 405 r->normalized = 1; 406 407 VERIFY_CHECK(haskellsecp256k1_v0_1_0_fe_normalizes_to_zero(r) == input_is_zero); 408 SECP256K1_FE_VERIFY(r); 409 } 410 411 static void haskellsecp256k1_v0_1_0_fe_impl_inv_var(haskellsecp256k1_v0_1_0_fe *r, const haskellsecp256k1_v0_1_0_fe *x); 412 SECP256K1_INLINE static void haskellsecp256k1_v0_1_0_fe_inv_var(haskellsecp256k1_v0_1_0_fe *r, const haskellsecp256k1_v0_1_0_fe *x) { 413 int input_is_zero = haskellsecp256k1_v0_1_0_fe_normalizes_to_zero(x); 414 SECP256K1_FE_VERIFY(x); 415 416 haskellsecp256k1_v0_1_0_fe_impl_inv_var(r, x); 417 r->magnitude = x->magnitude > 0; 418 r->normalized = 1; 419 420 VERIFY_CHECK(haskellsecp256k1_v0_1_0_fe_normalizes_to_zero(r) == input_is_zero); 421 SECP256K1_FE_VERIFY(r); 422 } 423 424 static int haskellsecp256k1_v0_1_0_fe_impl_is_square_var(const haskellsecp256k1_v0_1_0_fe *x); 425 SECP256K1_INLINE static int haskellsecp256k1_v0_1_0_fe_is_square_var(const haskellsecp256k1_v0_1_0_fe *x) { 426 int ret; 427 haskellsecp256k1_v0_1_0_fe tmp = *x, sqrt; 428 SECP256K1_FE_VERIFY(x); 429 430 ret = haskellsecp256k1_v0_1_0_fe_impl_is_square_var(x); 431 haskellsecp256k1_v0_1_0_fe_normalize_weak(&tmp); 432 VERIFY_CHECK(ret == haskellsecp256k1_v0_1_0_fe_sqrt(&sqrt, &tmp)); 433 return ret; 434 } 435 436 static void haskellsecp256k1_v0_1_0_fe_impl_get_bounds(haskellsecp256k1_v0_1_0_fe* r, int m); 437 SECP256K1_INLINE static void haskellsecp256k1_v0_1_0_fe_get_bounds(haskellsecp256k1_v0_1_0_fe* r, int m) { 438 VERIFY_CHECK(m >= 0); 439 VERIFY_CHECK(m <= 32); 440 441 haskellsecp256k1_v0_1_0_fe_impl_get_bounds(r, m); 442 r->magnitude = m; 443 r->normalized = (m == 0); 444 445 SECP256K1_FE_VERIFY(r); 446 } 447 448 static void haskellsecp256k1_v0_1_0_fe_impl_half(haskellsecp256k1_v0_1_0_fe *r); 449 SECP256K1_INLINE static void haskellsecp256k1_v0_1_0_fe_half(haskellsecp256k1_v0_1_0_fe *r) { 450 SECP256K1_FE_VERIFY(r); 451 SECP256K1_FE_VERIFY_MAGNITUDE(r, 31); 452 453 haskellsecp256k1_v0_1_0_fe_impl_half(r); 454 r->magnitude = (r->magnitude >> 1) + 1; 455 r->normalized = 0; 456 457 SECP256K1_FE_VERIFY(r); 458 } 459 460 #endif /* defined(VERIFY) */ 461 462 #endif /* SECP256K1_FIELD_IMPL_H */