field

Imports

Imports #

"math/bits"
_ "crypto/internal/fips140/check"
"crypto/internal/fips140/subtle"
"crypto/internal/fips140deps/byteorder"
"errors"
"math/bits"

Constants & Variables

feOne var #

var feOne = *ast.UnaryExpr

feZero var #

var feZero = *ast.UnaryExpr

maskLow51Bits const #

const maskLow51Bits uint64 = *ast.BinaryExpr

sqrtM1 var #

sqrtM1 is 2^((p-1)/4), which squared is equal to -1 by Euler's Criterion.

var sqrtM1 = *ast.UnaryExpr

Structs

Element struct #

Element represents an element of the field GF(2^255-19). Note that this is not a cryptographically secure group, and should only be used to interact with edwards25519.Point coordinates. This type works similarly to math/big.Int, and all arguments and receivers are allowed to alias. The zero value is a valid zero element.

type Element struct {
l0 uint64
l1 uint64
l2 uint64
l3 uint64
l4 uint64
}

uint128 struct #

uint128 holds a 128-bit number as two 64-bit limbs, for use with the bits.Mul64 and bits.Add64 intrinsics.

type uint128 struct {
lo uint64
hi uint64
}

Functions

Absolute method #

Absolute sets v to |u|, and returns v.

func (v *Element) Absolute(u *Element) *Element

Add method #

Add sets v = a + b, and returns v.

func (v *Element) Add(a *Element, b *Element) *Element

Bytes method #

Bytes returns the canonical 32-byte little-endian encoding of v.

func (v *Element) Bytes() []byte

Equal method #

Equal returns 1 if v and u are equal, and 0 otherwise.

func (v *Element) Equal(u *Element) int

Invert method #

Invert sets v = 1/z mod p, and returns v. If z == 0, Invert returns v = 0.

func (v *Element) Invert(z *Element) *Element

IsNegative method #

IsNegative returns 1 if v is negative, and 0 otherwise.

func (v *Element) IsNegative() int

Mult32 method #

Mult32 sets v = x * y, and returns v.

func (v *Element) Mult32(x *Element, y uint32) *Element

Multiply method #

Multiply sets v = x * y, and returns v.

func (v *Element) Multiply(x *Element, y *Element) *Element

Negate method #

Negate sets v = -a, and returns v.

func (v *Element) Negate(a *Element) *Element

One method #

One sets v = 1, and returns v.

func (v *Element) One() *Element

Pow22523 method #

Pow22523 set v = x^((p-5)/8), and returns v. (p-5)/8 is 2^252-3.

func (v *Element) Pow22523(x *Element) *Element

Select method #

Select sets v to a if cond == 1, and to b if cond == 0.

func (v *Element) Select(a *Element, b *Element, cond int) *Element

Set method #

Set sets v = a, and returns v.

func (v *Element) Set(a *Element) *Element

SetBytes method #

SetBytes sets v to x, where x is a 32-byte little-endian encoding. If x is not of the right length, SetBytes returns nil and an error, and the receiver is unchanged. Consistent with RFC 7748, the most significant bit (the high bit of the last byte) is ignored, and non-canonical values (2^255-19 through 2^255-1) are accepted. Note that this is laxer than specified by RFC 8032, but consistent with most Ed25519 implementations.

func (v *Element) SetBytes(x []byte) (*Element, error)

SqrtRatio method #

SqrtRatio sets r to the non-negative square root of the ratio of u and v. If u/v is square, SqrtRatio returns r and 1. If u/v is not square, SqrtRatio sets r according to Section 4.3 of draft-irtf-cfrg-ristretto255-decaf448-00, and returns r and 0.

func (r *Element) SqrtRatio(u *Element, v *Element) (R *Element, wasSquare int)

Square method #

Square sets v = x * x, and returns v.

func (v *Element) Square(x *Element) *Element

Subtract method #

Subtract sets v = a - b, and returns v.

func (v *Element) Subtract(a *Element, b *Element) *Element

Swap method #

Swap swaps v and u if cond == 1 or leaves them unchanged if cond == 0, and returns v.

func (v *Element) Swap(u *Element, cond int)

Zero method #

Zero sets v = 0, and returns v.

func (v *Element) Zero() *Element

addMul64 function #

addMul64 returns v + a * b.

func addMul64(v uint128, a uint64, b uint64) uint128

bytes method #

func (v *Element) bytes(out *[32]byte) []byte

carryPropagate method #

func (v *Element) carryPropagate() *Element

carryPropagate method #

func (v *Element) carryPropagate() *Element

carryPropagate function #

go:noescape

func carryPropagate(v *Element)

carryPropagateGeneric method #

carryPropagateGeneric brings the limbs below 52 bits by applying the reduction identity (a * 2²⁵⁵ + b = a * 19 + b) to the l4 carry.

func (v *Element) carryPropagateGeneric() *Element

feMul function #

func feMul(v *Element, x *Element, y *Element)

feMul function #

feMul sets out = a * b. It works like feMulGeneric. go:noescape

func feMul(out *Element, a *Element, b *Element)

feMulGeneric function #

func feMulGeneric(v *Element, a *Element, b *Element)

feSquare function #

func feSquare(v *Element, x *Element)

feSquare function #

feSquare sets out = a * a. It works like feSquareGeneric. go:noescape

func feSquare(out *Element, a *Element)

feSquareGeneric function #

func feSquareGeneric(v *Element, a *Element)

mask64Bits function #

mask64Bits returns 0xffffffff if cond is 1, and 0 otherwise.

func mask64Bits(cond int) uint64

mul51 function #

mul51 returns lo + hi * 2⁵¹ = a * b.

func mul51(a uint64, b uint32) (lo uint64, hi uint64)

mul64 function #

mul64 returns a * b.

func mul64(a uint64, b uint64) uint128

reduce method #

reduce reduces v modulo 2^255 - 19 and returns it.

func (v *Element) reduce() *Element

shiftRightBy51 function #

shiftRightBy51 returns a >> 51. a is assumed to be at most 115 bits.

func shiftRightBy51(a uint128) uint64

Generated with Arrow