p521.go

     1  // Copyright 2021 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  // Code generated by generate.go. DO NOT EDIT.
     6  
     7  package fiat
     8  
     9  import (
    10  	"crypto/internal/fips140/subtle"
    11  	"errors"
    12  )
    13  
    14  // P521Element is an integer modulo 2^521 - 1.
    15  //
    16  // The zero value is a valid zero element.
    17  type P521Element struct {
    18  	// Values are represented internally always in the Montgomery domain, and
    19  	// converted in Bytes and SetBytes.
    20  	x p521MontgomeryDomainFieldElement
    21  }
    22  
    23  const p521ElementLen = 66
    24  
    25  type p521UntypedFieldElement = [9]uint64
    26  
    27  // One sets e = 1, and returns e.
    28  func (e *P521Element) One() *P521Element {
    29  	p521SetOne(&e.x)
    30  	return e
    31  }
    32  
    33  // Equal returns 1 if e == t, and zero otherwise.
    34  func (e *P521Element) Equal(t *P521Element) int {
    35  	eBytes := e.Bytes()
    36  	tBytes := t.Bytes()
    37  	return subtle.ConstantTimeCompare(eBytes, tBytes)
    38  }
    39  
    40  // IsZero returns 1 if e == 0, and zero otherwise.
    41  func (e *P521Element) IsZero() int {
    42  	zero := make([]byte, p521ElementLen)
    43  	eBytes := e.Bytes()
    44  	return subtle.ConstantTimeCompare(eBytes, zero)
    45  }
    46  
    47  // Set sets e = t, and returns e.
    48  func (e *P521Element) Set(t *P521Element) *P521Element {
    49  	e.x = t.x
    50  	return e
    51  }
    52  
    53  // Bytes returns the 66-byte big-endian encoding of e.
    54  func (e *P521Element) Bytes() []byte {
    55  	// This function is outlined to make the allocations inline in the caller
    56  	// rather than happen on the heap.
    57  	var out [p521ElementLen]byte
    58  	return e.bytes(&out)
    59  }
    60  
    61  func (e *P521Element) bytes(out *[p521ElementLen]byte) []byte {
    62  	var tmp p521NonMontgomeryDomainFieldElement
    63  	p521FromMontgomery(&tmp, &e.x)
    64  	p521ToBytes(out, (*p521UntypedFieldElement)(&tmp))
    65  	p521InvertEndianness(out[:])
    66  	return out[:]
    67  }
    68  
    69  // SetBytes sets e = v, where v is a big-endian 66-byte encoding, and returns e.
    70  // If v is not 66 bytes or it encodes a value higher than 2^521 - 1,
    71  // SetBytes returns nil and an error, and e is unchanged.
    72  func (e *P521Element) SetBytes(v []byte) (*P521Element, error) {
    73  	if len(v) != p521ElementLen {
    74  		return nil, errors.New("invalid P521Element encoding")
    75  	}
    76  
    77  	// Check for non-canonical encodings (p + k, 2p + k, etc.) by comparing to
    78  	// the encoding of -1 mod p, so p - 1, the highest canonical encoding.
    79  	var minusOneEncoding = new(P521Element).Sub(
    80  		new(P521Element), new(P521Element).One()).Bytes()
    81  	if subtle.ConstantTimeLessOrEqBytes(v, minusOneEncoding) == 0 {
    82  		return nil, errors.New("invalid P521Element encoding")
    83  	}
    84  
    85  	var in [p521ElementLen]byte
    86  	copy(in[:], v)
    87  	p521InvertEndianness(in[:])
    88  	var tmp p521NonMontgomeryDomainFieldElement
    89  	p521FromBytes((*p521UntypedFieldElement)(&tmp), &in)
    90  	p521ToMontgomery(&e.x, &tmp)
    91  	return e, nil
    92  }
    93  
    94  // Add sets e = t1 + t2, and returns e.
    95  func (e *P521Element) Add(t1, t2 *P521Element) *P521Element {
    96  	p521Add(&e.x, &t1.x, &t2.x)
    97  	return e
    98  }
    99  
   100  // Sub sets e = t1 - t2, and returns e.
   101  func (e *P521Element) Sub(t1, t2 *P521Element) *P521Element {
   102  	p521Sub(&e.x, &t1.x, &t2.x)
   103  	return e
   104  }
   105  
   106  // Mul sets e = t1 * t2, and returns e.
   107  func (e *P521Element) Mul(t1, t2 *P521Element) *P521Element {
   108  	p521Mul(&e.x, &t1.x, &t2.x)
   109  	return e
   110  }
   111  
   112  // Square sets e = t * t, and returns e.
   113  func (e *P521Element) Square(t *P521Element) *P521Element {
   114  	p521Square(&e.x, &t.x)
   115  	return e
   116  }
   117  
   118  // Select sets v to a if cond == 1, and to b if cond == 0.
   119  func (v *P521Element) Select(a, b *P521Element, cond int) *P521Element {
   120  	p521Selectznz((*p521UntypedFieldElement)(&v.x), p521Uint1(cond),
   121  		(*p521UntypedFieldElement)(&b.x), (*p521UntypedFieldElement)(&a.x))
   122  	return v
   123  }
   124  
   125  func p521InvertEndianness(v []byte) {
   126  	for i := 0; i < len(v)/2; i++ {
   127  		v[i], v[len(v)-1-i] = v[len(v)-1-i], v[i]
   128  	}
   129  }
   130
View as plain text