README
¶
p256/impl
This package contains low-level P-256 field arithmetic and point operations.
Documentation
¶
Overview ¶
Package impl contains low-level P-256 field arithmetic and point operations.
See README.md for details.
Code generated by Fiat Cryptography. DO NOT EDIT.
Autogenerated: '/usr/local/bin/fiat-crypto' word-by-word-montgomery --lang Go --no-wide-int --relax-primitive-carry-to-bitwidth 32,64 --cmovznz-by-mul --internal-static --package-case flatcase --public-function-case camelCase --private-function-case camelCase --public-type-case camelCase --private-type-case camelCase --doc-newline-in-typedef-bounds --doc-prepend-header 'Code generated by Fiat Cryptography. DO NOT EDIT.' --doc-text-before-function-name ” --doc-text-before-type-name ” --package-name impl Fp 64 '2^256 - 2^224 + 2^192 + 2^96 - 1'
curve description: Fp
machine_wordsize = 64 (from "64")
requested operations: (all)
m = 0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff (from "2^256 - 2^224 + 2^192 + 2^96 - 1")
NOTE: In addition to the bounds specified above each function, all
functions synthesized for this Montgomery arithmetic require the input to be strictly less than the prime modulus (m), and also require the input to be in the unique saturated representation. All functions also ensure that these two properties are true of return values.
Computed values:
eval z = z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192)
bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248)
twos_complement_eval z = let x1 := z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) in
if x1 & (2^256-1) < 2^255 then x1 & (2^256-1) else (x1 & (2^256-1)) - 2^256
Code generated by Fiat Cryptography. DO NOT EDIT.
Autogenerated: '/usr/local/bin/fiat-crypto' word-by-word-montgomery --lang Go --no-wide-int --relax-primitive-carry-to-bitwidth 32,64 --cmovznz-by-mul --internal-static --package-case flatcase --public-function-case camelCase --private-function-case camelCase --public-type-case camelCase --private-type-case camelCase --doc-newline-in-typedef-bounds --doc-prepend-header 'Code generated by Fiat Cryptography. DO NOT EDIT.' --doc-text-before-function-name ” --doc-text-before-type-name ” --package-name impl Fq 64 '2^256 - 2^224 + 2^192 - 89188191075325690597107910205041859247'
curve description: Fq
machine_wordsize = 64 (from "64")
requested operations: (all)
m = 0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551 (from "2^256 - 2^224 + 2^192 - 89188191075325690597107910205041859247")
NOTE: In addition to the bounds specified above each function, all
functions synthesized for this Montgomery arithmetic require the input to be strictly less than the prime modulus (m), and also require the input to be in the unique saturated representation. All functions also ensure that these two properties are true of return values.
Computed values:
eval z = z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192)
bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248)
twos_complement_eval z = let x1 := z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) in
if x1 & (2^256-1) < 2^255 then x1 & (2^256-1) else (x1 & (2^256-1)) - 2^256
Index ¶
- Constants
- Variables
- type CurveHasherParams
- type Fp
- func (f *Fp) Add(lhs, rhs *Fp)
- func (f *Fp) Bytes() []byte
- func (f *Fp) ComponentsBytes() [][]byte
- func (f *Fp) Degree() uint64
- func (f *Fp) Div(lhs, rhs *Fp) (ok ct.Bool)
- func (f *Fp) Double(x *Fp)
- func (f *Fp) Equal(v *Fp) ct.Bool
- func (f *Fp) GoString() string
- func (f *Fp) Hex() string
- func (f *Fp) Inv(a *Fp) (ok ct.Bool)
- func (f *Fp) IsNonZero() ct.Bool
- func (f *Fp) IsOne() ct.Bool
- func (f *Fp) IsZero() ct.Bool
- func (f *Fp) Limbs() []uint64
- func (f *Fp) Mul(lhs, rhs *Fp)
- func (f *Fp) MustSetHex(v string)
- func (f *Fp) Neg(v *Fp)
- func (f *Fp) Select(choice ct.Choice, z, nz *Fp)
- func (f *Fp) Set(v *Fp)
- func (f *Fp) SetBytes(data []byte) (ok ct.Bool)
- func (f *Fp) SetBytesWide(data []byte) (ok ct.Bool)
- func (f *Fp) SetLimbs(data []uint64) (ok ct.Bool)
- func (f *Fp) SetOne()
- func (f *Fp) SetRandom(prng io.Reader) (ok ct.Bool)
- func (f *Fp) SetUint64(v uint64)
- func (f *Fp) SetUniformBytes(componentsData ...[]byte) (ok ct.Bool)
- func (f *Fp) SetZero()
- func (f *Fp) Sqrt(x *Fp) (ok ct.Bool)
- func (f *Fp) Square(v *Fp)
- func (f *Fp) String() string
- func (f *Fp) Sub(lhs, rhs *Fp)
- type Fq
- func (f *Fq) Add(lhs, rhs *Fq)
- func (f *Fq) Bytes() []byte
- func (f *Fq) ComponentsBytes() [][]byte
- func (f *Fq) Degree() uint64
- func (f *Fq) Div(lhs, rhs *Fq) (ok ct.Bool)
- func (f *Fq) Double(x *Fq)
- func (f *Fq) Equal(v *Fq) ct.Bool
- func (f *Fq) GoString() string
- func (f *Fq) Hex() string
- func (f *Fq) Inv(a *Fq) (ok ct.Bool)
- func (f *Fq) IsNonZero() ct.Bool
- func (f *Fq) IsOne() ct.Bool
- func (f *Fq) IsZero() ct.Bool
- func (f *Fq) Limbs() []uint64
- func (f *Fq) Mul(lhs, rhs *Fq)
- func (f *Fq) MustSetHex(v string)
- func (f *Fq) Neg(v *Fq)
- func (f *Fq) Select(choice ct.Choice, z, nz *Fq)
- func (f *Fq) Set(v *Fq)
- func (f *Fq) SetBytes(data []byte) (ok ct.Bool)
- func (f *Fq) SetBytesWide(data []byte) (ok ct.Bool)
- func (f *Fq) SetLimbs(data []uint64) (ok ct.Bool)
- func (f *Fq) SetOne()
- func (f *Fq) SetRandom(prng io.Reader) (ok ct.Bool)
- func (f *Fq) SetUint64(v uint64)
- func (f *Fq) SetUniformBytes(componentsData ...[]byte) (ok ct.Bool)
- func (f *Fq) SetZero()
- func (f *Fq) Sqrt(x *Fq) (ok ct.Bool)
- func (f *Fq) Square(v *Fq)
- func (f *Fq) String() string
- func (f *Fq) Sub(lhs, rhs *Fq)
- type Point
Constants ¶
const ( FpLimbs = 4 FpSatLimbs = FpLimbs + 1 FpBits = 256 FpBytes = 8 * (((FpBits - 1) / 64) + 1) FpWideBytes = 2 * FpBytes FpDivSteps = ((49 * FpBits) + 57) / 17 FpE = 1 )
const ( FqLimbs = 4 FqSatLimbs = FqLimbs + 1 FqBits = 256 FqBytes = 8 * (((FqBits - 1) / 64) + 1) FqWideBytes = 2 * FqBytes FqDivSteps = ((49 * FqBits) + 57) / 17 FqE = 4 )
Variables ¶
var ( FpProgenitorExp = [...]byte{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00, 0xc0, 0xff, 0xff, 0xff, 0x3f} FpModulus = [...]byte{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff} FpRootOfUnity Fp )
var ( FqProgenitorExp = [...]byte{0x2a, 0x19, 0xe3, 0x17, 0x56, 0xce, 0x9d, 0x27, 0xf4, 0xbc, 0x38, 0x6d, 0xd5, 0x37, 0xe7, 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x07, 0x00, 0x00, 0x00, 0xf8, 0xff, 0xff, 0xff, 0x07} FqModulus = [...]byte{0x51, 0x25, 0x63, 0xfc, 0xc2, 0xca, 0xb9, 0xf3, 0x84, 0x9e, 0x17, 0xa7, 0xad, 0xfa, 0xe6, 0xbc, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff} FqRootOfUnity Fq )
Functions ¶
This section is empty.
Types ¶
type CurveHasherParams ¶
type CurveHasherParams struct{}
CurveHasherParams defines hash-to-curve parameters.
func (CurveHasherParams) L ¶
func (CurveHasherParams) L() uint64
L returns the hash-to-field length in bytes.
func (CurveHasherParams) MessageExpander ¶
func (CurveHasherParams) MessageExpander() h2c.MessageExpander
MessageExpander returns the RFC 9380 message expander.
type Fp ¶
type Fp struct {
// contains filtered or unexported fields
}
func (*Fp) ComponentsBytes ¶
func (*Fp) MustSetHex ¶
type Fq ¶
type Fq struct {
// contains filtered or unexported fields
}
func (*Fq) ComponentsBytes ¶
func (*Fq) MustSetHex ¶
type Point ¶
type Point = pointsImpl.ShortWeierstrassPointImpl[*Fp, curveParams, CurveHasherParams, curveMapper, Fp]
Point represents a curve point.
Source Files