p384.go

     1  // Copyright 2021 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  // Code generated by generate.go. DO NOT EDIT.
     6  
     7  package fiat
     8  
     9  import (
    10  	"crypto/subtle"
    11  	"errors"
    12  )
    13  
    14  // P384Element is an integer modulo 2^384 - 2^128 - 2^96 + 2^32 - 1.
    15  //
    16  // The zero value is a valid zero element.
    17  type P384Element struct {
    18  	// Values are represented internally always in the Montgomery domain, and
    19  	// converted in Bytes and SetBytes.
    20  	x p384MontgomeryDomainFieldElement
    21  }
    22  
    23  const p384ElementLen = 48
    24  
    25  type p384UntypedFieldElement = [6]uint64
    26  
    27  // One sets e = 1, and returns e.
    28  func (e *P384Element) One() *P384Element {
    29  	p384SetOne(&e.x)
    30  	return e
    31  }
    32  
    33  // Equal returns 1 if e == t, and zero otherwise.
    34  func (e *P384Element) Equal(t *P384Element) int {
    35  	eBytes := e.Bytes()
    36  	tBytes := t.Bytes()
    37  	return subtle.ConstantTimeCompare(eBytes, tBytes)
    38  }
    39  
    40  var p384ZeroEncoding = new(P384Element).Bytes()
    41  
    42  // IsZero returns 1 if e == 0, and zero otherwise.
    43  func (e *P384Element) IsZero() int {
    44  	eBytes := e.Bytes()
    45  	return subtle.ConstantTimeCompare(eBytes, p384ZeroEncoding)
    46  }
    47  
    48  // Set sets e = t, and returns e.
    49  func (e *P384Element) Set(t *P384Element) *P384Element {
    50  	e.x = t.x
    51  	return e
    52  }
    53  
    54  // Bytes returns the 48-byte big-endian encoding of e.
    55  func (e *P384Element) Bytes() []byte {
    56  	// This function is outlined to make the allocations inline in the caller
    57  	// rather than happen on the heap.
    58  	var out [p384ElementLen]byte
    59  	return e.bytes(&out)
    60  }
    61  
    62  func (e *P384Element) bytes(out *[p384ElementLen]byte) []byte {
    63  	var tmp p384NonMontgomeryDomainFieldElement
    64  	p384FromMontgomery(&tmp, &e.x)
    65  	p384ToBytes(out, (*p384UntypedFieldElement)(&tmp))
    66  	p384InvertEndianness(out[:])
    67  	return out[:]
    68  }
    69  
    70  // p384MinusOneEncoding is the encoding of -1 mod p, so p - 1, the
    71  // highest canonical encoding. It is used by SetBytes to check for non-canonical
    72  // encodings such as p + k, 2p + k, etc.
    73  var p384MinusOneEncoding = new(P384Element).Sub(
    74  	new(P384Element), new(P384Element).One()).Bytes()
    75  
    76  // SetBytes sets e = v, where v is a big-endian 48-byte encoding, and returns e.
    77  // If v is not 48 bytes or it encodes a value higher than 2^384 - 2^128 - 2^96 + 2^32 - 1,
    78  // SetBytes returns nil and an error, and e is unchanged.
    79  func (e *P384Element) SetBytes(v []byte) (*P384Element, error) {
    80  	if len(v) != p384ElementLen {
    81  		return nil, errors.New("invalid P384Element encoding")
    82  	}
    83  	for i := range v {
    84  		if v[i] < p384MinusOneEncoding[i] {
    85  			break
    86  		}
    87  		if v[i] > p384MinusOneEncoding[i] {
    88  			return nil, errors.New("invalid P384Element encoding")
    89  		}
    90  	}
    91  	var in [p384ElementLen]byte
    92  	copy(in[:], v)
    93  	p384InvertEndianness(in[:])
    94  	var tmp p384NonMontgomeryDomainFieldElement
    95  	p384FromBytes((*p384UntypedFieldElement)(&tmp), &in)
    96  	p384ToMontgomery(&e.x, &tmp)
    97  	return e, nil
    98  }
    99  
   100  // Add sets e = t1 + t2, and returns e.
   101  func (e *P384Element) Add(t1, t2 *P384Element) *P384Element {
   102  	p384Add(&e.x, &t1.x, &t2.x)
   103  	return e
   104  }
   105  
   106  // Sub sets e = t1 - t2, and returns e.
   107  func (e *P384Element) Sub(t1, t2 *P384Element) *P384Element {
   108  	p384Sub(&e.x, &t1.x, &t2.x)
   109  	return e
   110  }
   111  
   112  // Mul sets e = t1 * t2, and returns e.
   113  func (e *P384Element) Mul(t1, t2 *P384Element) *P384Element {
   114  	p384Mul(&e.x, &t1.x, &t2.x)
   115  	return e
   116  }
   117  
   118  // Square sets e = t * t, and returns e.
   119  func (e *P384Element) Square(t *P384Element) *P384Element {
   120  	p384Square(&e.x, &t.x)
   121  	return e
   122  }
   123  
   124  // Select sets v to a if cond == 1, and to b if cond == 0.
   125  func (v *P384Element) Select(a, b *P384Element, cond int) *P384Element {
   126  	p384Selectznz((*p384UntypedFieldElement)(&v.x), p384Uint1(cond),
   127  		(*p384UntypedFieldElement)(&b.x), (*p384UntypedFieldElement)(&a.x))
   128  	return v
   129  }
   130  
   131  func p384InvertEndianness(v []byte) {
   132  	for i := 0; i < len(v)/2; i++ {
   133  		v[i], v[len(v)-1-i] = v[len(v)-1-i], v[i]
   134  	}
   135  }
   136
View as plain text