...

Source file src/crypto/internal/nistec/fiat/p256.go

Documentation: crypto/internal/nistec/fiat

     1  // Copyright 2021 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  // Code generated by generate.go. DO NOT EDIT.
     6  
     7  package fiat
     8  
     9  import (
    10  	"crypto/subtle"
    11  	"errors"
    12  )
    13  
    14  // P256Element is an integer modulo 2^256 - 2^224 + 2^192 + 2^96 - 1.
    15  //
    16  // The zero value is a valid zero element.
    17  type P256Element struct {
    18  	// Values are represented internally always in the Montgomery domain, and
    19  	// converted in Bytes and SetBytes.
    20  	x p256MontgomeryDomainFieldElement
    21  }
    22  
    23  const p256ElementLen = 32
    24  
    25  type p256UntypedFieldElement = [4]uint64
    26  
    27  // One sets e = 1, and returns e.
    28  func (e *P256Element) One() *P256Element {
    29  	p256SetOne(&e.x)
    30  	return e
    31  }
    32  
    33  // Equal returns 1 if e == t, and zero otherwise.
    34  func (e *P256Element) Equal(t *P256Element) int {
    35  	eBytes := e.Bytes()
    36  	tBytes := t.Bytes()
    37  	return subtle.ConstantTimeCompare(eBytes, tBytes)
    38  }
    39  
    40  // IsZero returns 1 if e == 0, and zero otherwise.
    41  func (e *P256Element) IsZero() int {
    42  	zero := make([]byte, p256ElementLen)
    43  	eBytes := e.Bytes()
    44  	return subtle.ConstantTimeCompare(eBytes, zero)
    45  }
    46  
    47  // Set sets e = t, and returns e.
    48  func (e *P256Element) Set(t *P256Element) *P256Element {
    49  	e.x = t.x
    50  	return e
    51  }
    52  
    53  // Bytes returns the 32-byte big-endian encoding of e.
    54  func (e *P256Element) Bytes() []byte {
    55  	// This function is outlined to make the allocations inline in the caller
    56  	// rather than happen on the heap.
    57  	var out [p256ElementLen]byte
    58  	return e.bytes(&out)
    59  }
    60  
    61  func (e *P256Element) bytes(out *[p256ElementLen]byte) []byte {
    62  	var tmp p256NonMontgomeryDomainFieldElement
    63  	p256FromMontgomery(&tmp, &e.x)
    64  	p256ToBytes(out, (*p256UntypedFieldElement)(&tmp))
    65  	p256InvertEndianness(out[:])
    66  	return out[:]
    67  }
    68  
    69  // SetBytes sets e = v, where v is a big-endian 32-byte encoding, and returns e.
    70  // If v is not 32 bytes or it encodes a value higher than 2^256 - 2^224 + 2^192 + 2^96 - 1,
    71  // SetBytes returns nil and an error, and e is unchanged.
    72  func (e *P256Element) SetBytes(v []byte) (*P256Element, error) {
    73  	if len(v) != p256ElementLen {
    74  		return nil, errors.New("invalid P256Element encoding")
    75  	}
    76  
    77  	// Check for non-canonical encodings (p + k, 2p + k, etc.) by comparing to
    78  	// the encoding of -1 mod p, so p - 1, the highest canonical encoding.
    79  	var minusOneEncoding = new(P256Element).Sub(
    80  		new(P256Element), new(P256Element).One()).Bytes()
    81  	for i := range v {
    82  		if v[i] < minusOneEncoding[i] {
    83  			break
    84  		}
    85  		if v[i] > minusOneEncoding[i] {
    86  			return nil, errors.New("invalid P256Element encoding")
    87  		}
    88  	}
    89  
    90  	var in [p256ElementLen]byte
    91  	copy(in[:], v)
    92  	p256InvertEndianness(in[:])
    93  	var tmp p256NonMontgomeryDomainFieldElement
    94  	p256FromBytes((*p256UntypedFieldElement)(&tmp), &in)
    95  	p256ToMontgomery(&e.x, &tmp)
    96  	return e, nil
    97  }
    98  
    99  // Add sets e = t1 + t2, and returns e.
   100  func (e *P256Element) Add(t1, t2 *P256Element) *P256Element {
   101  	p256Add(&e.x, &t1.x, &t2.x)
   102  	return e
   103  }
   104  
   105  // Sub sets e = t1 - t2, and returns e.
   106  func (e *P256Element) Sub(t1, t2 *P256Element) *P256Element {
   107  	p256Sub(&e.x, &t1.x, &t2.x)
   108  	return e
   109  }
   110  
   111  // Mul sets e = t1 * t2, and returns e.
   112  func (e *P256Element) Mul(t1, t2 *P256Element) *P256Element {
   113  	p256Mul(&e.x, &t1.x, &t2.x)
   114  	return e
   115  }
   116  
   117  // Square sets e = t * t, and returns e.
   118  func (e *P256Element) Square(t *P256Element) *P256Element {
   119  	p256Square(&e.x, &t.x)
   120  	return e
   121  }
   122  
   123  // Select sets v to a if cond == 1, and to b if cond == 0.
   124  func (v *P256Element) Select(a, b *P256Element, cond int) *P256Element {
   125  	p256Selectznz((*p256UntypedFieldElement)(&v.x), p256Uint1(cond),
   126  		(*p256UntypedFieldElement)(&b.x), (*p256UntypedFieldElement)(&a.x))
   127  	return v
   128  }
   129  
   130  func p256InvertEndianness(v []byte) {
   131  	for i := 0; i < len(v)/2; i++ {
   132  		v[i], v[len(v)-1-i] = v[len(v)-1-i], v[i]
   133  	}
   134  }
   135  

View as plain text