7 #ifndef SECP256K1_SCALAR_IMPL_H 8 #define SECP256K1_SCALAR_IMPL_H 17 #if defined(EXHAUSTIVE_TEST_ORDER) 19 #elif defined(SECP256K1_WIDEMUL_INT128) 21 #elif defined(SECP256K1_WIDEMUL_INT64) 24 #error "Please select wide multiplication implementation" 30 static int secp256k1_scalar_set_b32_seckey(
secp256k1_scalar *r,
const unsigned char *bin) {
32 secp256k1_scalar_set_b32(r, bin, &overflow);
33 return (!overflow) & (!secp256k1_scalar_is_zero(r));
36 #if defined(EXHAUSTIVE_TEST_ORDER) 38 # if EXHAUSTIVE_TEST_ORDER == 7 39 # define EXHAUSTIVE_TEST_LAMBDA 2 40 # elif EXHAUSTIVE_TEST_ORDER == 13 41 # define EXHAUSTIVE_TEST_LAMBDA 9 42 # elif EXHAUSTIVE_TEST_ORDER == 199 43 # define EXHAUSTIVE_TEST_LAMBDA 92 45 # error No known lambda for the specified exhaustive test group order. 56 *r2 = (*k + 5) % EXHAUSTIVE_TEST_ORDER;
57 *r1 = (*k + (EXHAUSTIVE_TEST_ORDER - *r2) * EXHAUSTIVE_TEST_LAMBDA) % EXHAUSTIVE_TEST_ORDER;
64 0x5363AD4CUL, 0xC05C30E0UL, 0xA5261C02UL, 0x8812645AUL,
65 0x122E22EAUL, 0x20816678UL, 0xDF02967CUL, 0x1B23BD72UL
125 0x00000000UL, 0x00000000UL, 0x00000000UL, 0x00000000UL,
126 0xE4437ED6UL, 0x010E8828UL, 0x6F547FA9UL, 0x0ABFE4C3UL
129 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFEUL,
130 0x8A280AC5UL, 0x0774346DUL, 0xD765CDA8UL, 0x3DB1562CUL
133 0x3086D221UL, 0xA7D46BCDUL, 0xE86C90E4UL, 0x9284EB15UL,
134 0x3DAA8A14UL, 0x71E8CA7FUL, 0xE893209AUL, 0x45DBB031UL
137 0xE4437ED6UL, 0x010E8828UL, 0x6F547FA9UL, 0x0ABFE4C4UL,
138 0x221208ACUL, 0x9DF506C6UL, 0x1571B4AEUL, 0x8AC47F71UL
143 secp256k1_scalar_mul_shift_var(&c1, k, &g1, 384);
144 secp256k1_scalar_mul_shift_var(&c2, k, &g2, 384);
145 secp256k1_scalar_mul(&c1, &c1, &minus_b1);
146 secp256k1_scalar_mul(&c2, &c2, &minus_b2);
147 secp256k1_scalar_add(r2, &c1, &c2);
148 secp256k1_scalar_mul(r1, r2, &secp256k1_const_lambda);
149 secp256k1_scalar_negate(r1, r1);
150 secp256k1_scalar_add(r1, r1, k);
153 secp256k1_scalar_split_lambda_verify(r1, r2, k);
264 unsigned char buf1[32];
265 unsigned char buf2[32];
268 static const unsigned char k1_bound[32] = {
269 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
270 0xa2, 0xa8, 0x91, 0x8c, 0xa8, 0x5b, 0xaf, 0xe2, 0x20, 0x16, 0xd0, 0xb9, 0x17, 0xe4, 0xdd, 0x77
274 static const unsigned char k2_bound[32] = {
275 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
276 0x8a, 0x65, 0x28, 0x7b, 0xd4, 0x71, 0x79, 0xfb, 0x2b, 0xe0, 0x88, 0x46, 0xce, 0xa2, 0x67, 0xed
279 secp256k1_scalar_mul(&s, &secp256k1_const_lambda, r2);
280 secp256k1_scalar_add(&s, &s, r1);
283 secp256k1_scalar_negate(&s, r1);
284 secp256k1_scalar_get_b32(buf1, r1);
285 secp256k1_scalar_get_b32(buf2, &s);
286 VERIFY_CHECK(secp256k1_memcmp_var(buf1, k1_bound, 32) < 0 || secp256k1_memcmp_var(buf2, k1_bound, 32) < 0);
288 secp256k1_scalar_negate(&s, r2);
289 secp256k1_scalar_get_b32(buf1, r2);
290 secp256k1_scalar_get_b32(buf2, &s);
291 VERIFY_CHECK(secp256k1_memcmp_var(buf1, k2_bound, 32) < 0 || secp256k1_memcmp_var(buf2, k2_bound, 32) < 0);
#define VERIFY_CHECK(cond)
#define SECP256K1_SCALAR_CONST(d7, d6, d5, d4, d3, d2, d1, d0)