scalar.h - csecp256k1 - Haskell FFI bindings to bitcoin-core/secp256k1 (docs.ppad.tech/csecp256k1).

scalar.h (6282B)
      1 /***********************************************************************
      2  * Copyright (c) 2014 Pieter Wuille                                    *
      3  * Distributed under the MIT software license, see the accompanying    *
      4  * file COPYING or https://www.opensource.org/licenses/mit-license.php.*
      5  ***********************************************************************/
      6 
      7 #ifndef SECP256K1_SCALAR_H
      8 #define SECP256K1_SCALAR_H
      9 
     10 #include "util.h"
     11 
     12 #if defined(EXHAUSTIVE_TEST_ORDER)
     13 #include "scalar_low.h"
     14 #elif defined(SECP256K1_WIDEMUL_INT128)
     15 #include "scalar_4x64.h"
     16 #elif defined(SECP256K1_WIDEMUL_INT64)
     17 #include "scalar_8x32.h"
     18 #else
     19 #error "Please select wide multiplication implementation"
     20 #endif
     21 
     22 /** Clear a scalar to prevent the leak of sensitive data. */
     23 static void haskellsecp256k1_v0_1_0_scalar_clear(haskellsecp256k1_v0_1_0_scalar *r);
     24 
     25 /** Access bits from a scalar. All requested bits must belong to the same 32-bit limb. */
     26 static unsigned int haskellsecp256k1_v0_1_0_scalar_get_bits(const haskellsecp256k1_v0_1_0_scalar *a, unsigned int offset, unsigned int count);
     27 
     28 /** Access bits from a scalar. Not constant time in offset and count. */
     29 static unsigned int haskellsecp256k1_v0_1_0_scalar_get_bits_var(const haskellsecp256k1_v0_1_0_scalar *a, unsigned int offset, unsigned int count);
     30 
     31 /** Set a scalar from a big endian byte array. The scalar will be reduced modulo group order `n`.
     32  * In:      bin:        pointer to a 32-byte array.
     33  * Out:     r:          scalar to be set.
     34  *          overflow:   non-zero if the scalar was bigger or equal to `n` before reduction, zero otherwise (can be NULL).
     35  */
     36 static void haskellsecp256k1_v0_1_0_scalar_set_b32(haskellsecp256k1_v0_1_0_scalar *r, const unsigned char *bin, int *overflow);
     37 
     38 /** Set a scalar from a big endian byte array and returns 1 if it is a valid
     39  *  seckey and 0 otherwise. */
     40 static int haskellsecp256k1_v0_1_0_scalar_set_b32_seckey(haskellsecp256k1_v0_1_0_scalar *r, const unsigned char *bin);
     41 
     42 /** Set a scalar to an unsigned integer. */
     43 static void haskellsecp256k1_v0_1_0_scalar_set_int(haskellsecp256k1_v0_1_0_scalar *r, unsigned int v);
     44 
     45 /** Convert a scalar to a byte array. */
     46 static void haskellsecp256k1_v0_1_0_scalar_get_b32(unsigned char *bin, const haskellsecp256k1_v0_1_0_scalar* a);
     47 
     48 /** Add two scalars together (modulo the group order). Returns whether it overflowed. */
     49 static int haskellsecp256k1_v0_1_0_scalar_add(haskellsecp256k1_v0_1_0_scalar *r, const haskellsecp256k1_v0_1_0_scalar *a, const haskellsecp256k1_v0_1_0_scalar *b);
     50 
     51 /** Conditionally add a power of two to a scalar. The result is not allowed to overflow. */
     52 static void haskellsecp256k1_v0_1_0_scalar_cadd_bit(haskellsecp256k1_v0_1_0_scalar *r, unsigned int bit, int flag);
     53 
     54 /** Multiply two scalars (modulo the group order). */
     55 static void haskellsecp256k1_v0_1_0_scalar_mul(haskellsecp256k1_v0_1_0_scalar *r, const haskellsecp256k1_v0_1_0_scalar *a, const haskellsecp256k1_v0_1_0_scalar *b);
     56 
     57 /** Compute the inverse of a scalar (modulo the group order). */
     58 static void haskellsecp256k1_v0_1_0_scalar_inverse(haskellsecp256k1_v0_1_0_scalar *r, const haskellsecp256k1_v0_1_0_scalar *a);
     59 
     60 /** Compute the inverse of a scalar (modulo the group order), without constant-time guarantee. */
     61 static void haskellsecp256k1_v0_1_0_scalar_inverse_var(haskellsecp256k1_v0_1_0_scalar *r, const haskellsecp256k1_v0_1_0_scalar *a);
     62 
     63 /** Compute the complement of a scalar (modulo the group order). */
     64 static void haskellsecp256k1_v0_1_0_scalar_negate(haskellsecp256k1_v0_1_0_scalar *r, const haskellsecp256k1_v0_1_0_scalar *a);
     65 
     66 /** Multiply a scalar with the multiplicative inverse of 2. */
     67 static void haskellsecp256k1_v0_1_0_scalar_half(haskellsecp256k1_v0_1_0_scalar *r, const haskellsecp256k1_v0_1_0_scalar *a);
     68 
     69 /** Check whether a scalar equals zero. */
     70 static int haskellsecp256k1_v0_1_0_scalar_is_zero(const haskellsecp256k1_v0_1_0_scalar *a);
     71 
     72 /** Check whether a scalar equals one. */
     73 static int haskellsecp256k1_v0_1_0_scalar_is_one(const haskellsecp256k1_v0_1_0_scalar *a);
     74 
     75 /** Check whether a scalar, considered as an nonnegative integer, is even. */
     76 static int haskellsecp256k1_v0_1_0_scalar_is_even(const haskellsecp256k1_v0_1_0_scalar *a);
     77 
     78 /** Check whether a scalar is higher than the group order divided by 2. */
     79 static int haskellsecp256k1_v0_1_0_scalar_is_high(const haskellsecp256k1_v0_1_0_scalar *a);
     80 
     81 /** Conditionally negate a number, in constant time.
     82  * Returns -1 if the number was negated, 1 otherwise */
     83 static int haskellsecp256k1_v0_1_0_scalar_cond_negate(haskellsecp256k1_v0_1_0_scalar *a, int flag);
     84 
     85 /** Compare two scalars. */
     86 static int haskellsecp256k1_v0_1_0_scalar_eq(const haskellsecp256k1_v0_1_0_scalar *a, const haskellsecp256k1_v0_1_0_scalar *b);
     87 
     88 /** Find r1 and r2 such that r1+r2*2^128 = k. */
     89 static void haskellsecp256k1_v0_1_0_scalar_split_128(haskellsecp256k1_v0_1_0_scalar *r1, haskellsecp256k1_v0_1_0_scalar *r2, const haskellsecp256k1_v0_1_0_scalar *k);
     90 /** Find r1 and r2 such that r1+r2*lambda = k, where r1 and r2 or their
     91  *  negations are maximum 128 bits long (see haskellsecp256k1_v0_1_0_ge_mul_lambda). It is
     92  *  required that r1, r2, and k all point to different objects. */
     93 static void haskellsecp256k1_v0_1_0_scalar_split_lambda(haskellsecp256k1_v0_1_0_scalar * SECP256K1_RESTRICT r1, haskellsecp256k1_v0_1_0_scalar * SECP256K1_RESTRICT r2, const haskellsecp256k1_v0_1_0_scalar * SECP256K1_RESTRICT k);
     94 
     95 /** Multiply a and b (without taking the modulus!), divide by 2**shift, and round to the nearest integer. Shift must be at least 256. */
     96 static void haskellsecp256k1_v0_1_0_scalar_mul_shift_var(haskellsecp256k1_v0_1_0_scalar *r, const haskellsecp256k1_v0_1_0_scalar *a, const haskellsecp256k1_v0_1_0_scalar *b, unsigned int shift);
     97 
     98 /** If flag is true, set *r equal to *a; otherwise leave it. Constant-time.  Both *r and *a must be initialized.*/
     99 static void haskellsecp256k1_v0_1_0_scalar_cmov(haskellsecp256k1_v0_1_0_scalar *r, const haskellsecp256k1_v0_1_0_scalar *a, int flag);
    100 
    101 /** Check invariants on a scalar (no-op unless VERIFY is enabled). */
    102 static void haskellsecp256k1_v0_1_0_scalar_verify(const haskellsecp256k1_v0_1_0_scalar *r);
    103 #define SECP256K1_SCALAR_VERIFY(r) haskellsecp256k1_v0_1_0_scalar_verify(r)
    104 
    105 #endif /* SECP256K1_SCALAR_H */
	csecp256k1 Haskell FFI bindings to bitcoin-core/secp256k1 (docs.ppad.tech/csecp256k1).
	git clone git://git.ppad.tech/csecp256k1.git
	Log \| Files \| Refs \| README \| LICENSE