Commit | Line | Data |
---|---|---|
b394396b PW |
1 | #ifndef _SECP256K1_GROUP_ |
2 | #define _SECP256K1_GROUP_ | |
3 | ||
607884fc | 4 | #include "num.h" |
b394396b PW |
5 | #include "field.h" |
6 | ||
7fef6619 | 7 | /** A group element of the secp256k1 curve, in affine coordinates. */ |
254327e4 PW |
8 | typedef struct { |
9 | secp256k1_fe_t x; | |
10 | secp256k1_fe_t y; | |
7fef6619 | 11 | int infinity; // whether this represents the point at infinity |
254327e4 PW |
12 | } secp256k1_ge_t; |
13 | ||
7fef6619 | 14 | /** A group element of the secp256k1 curve, in jacobian coordinates. */ |
254327e4 | 15 | typedef struct { |
7fef6619 PW |
16 | secp256k1_fe_t x; // actual X: x/z^2 |
17 | secp256k1_fe_t y; // actual Y: y/z^3 | |
254327e4 | 18 | secp256k1_fe_t z; |
7fef6619 | 19 | int infinity; // whether this represents the point at infinity |
254327e4 PW |
20 | } secp256k1_gej_t; |
21 | ||
7fef6619 | 22 | /** Global constants related to the group */ |
254327e4 | 23 | typedef struct { |
7fef6619 PW |
24 | secp256k1_num_t order; // the order of the curve (= order of its generator) |
25 | secp256k1_ge_t g; // the generator point | |
26 | ||
27 | // constants related to secp256k1's efficiently computable endomorphism | |
254327e4 PW |
28 | secp256k1_fe_t beta; |
29 | secp256k1_num_t lambda, a1b2, b1, a2; | |
30 | } secp256k1_ge_consts_t; | |
31 | ||
f491cd35 | 32 | static const secp256k1_ge_consts_t *secp256k1_ge_consts = NULL; |
254327e4 | 33 | |
7fef6619 | 34 | /** Initialize the group module. */ |
254327e4 | 35 | void static secp256k1_ge_start(void); |
7fef6619 PW |
36 | |
37 | /** De-initialize the group module. */ | |
254327e4 | 38 | void static secp256k1_ge_stop(void); |
7fef6619 PW |
39 | |
40 | /** Set a group element equal to the point at infinity */ | |
254327e4 | 41 | void static secp256k1_ge_set_infinity(secp256k1_ge_t *r); |
7fef6619 PW |
42 | |
43 | /** Set a group element equal to the point with given X and Y coordinates */ | |
254327e4 | 44 | void static secp256k1_ge_set_xy(secp256k1_ge_t *r, const secp256k1_fe_t *x, const secp256k1_fe_t *y); |
7fef6619 | 45 | |
764332d0 PW |
46 | /** Set a group element (jacobian) equal to the point with given X coordinate, and given oddness for Y. |
47 | The result is not guaranteed to be valid. */ | |
48 | void static secp256k1_ge_set_xo(secp256k1_ge_t *r, const secp256k1_fe_t *x, int odd); | |
49 | ||
7fef6619 | 50 | /** Check whether a group element is the point at infinity. */ |
254327e4 | 51 | int static secp256k1_ge_is_infinity(const secp256k1_ge_t *a); |
7fef6619 | 52 | |
764332d0 PW |
53 | /** Check whether a group element is valid (i.e., on the curve). */ |
54 | int static secp256k1_ge_is_valid(const secp256k1_ge_t *a); | |
55 | ||
254327e4 | 56 | void static secp256k1_ge_neg(secp256k1_ge_t *r, const secp256k1_ge_t *a); |
7fef6619 PW |
57 | |
58 | /** Get a hex representation of a point. *rlen will be overwritten with the real length. */ | |
254327e4 | 59 | void static secp256k1_ge_get_hex(char *r, int *rlen, const secp256k1_ge_t *a); |
7fef6619 PW |
60 | |
61 | /** Set a group element equal to another which is given in jacobian coordinates */ | |
f11ff5be | 62 | void static secp256k1_ge_set_gej(secp256k1_ge_t *r, secp256k1_gej_t *a); |
254327e4 | 63 | |
7fef6619 PW |
64 | |
65 | /** Set a group element (jacobian) equal to the point at infinity. */ | |
254327e4 | 66 | void static secp256k1_gej_set_infinity(secp256k1_gej_t *r); |
7fef6619 PW |
67 | |
68 | /** Set a group element (jacobian) equal to the point with given X and Y coordinates. */ | |
254327e4 | 69 | void static secp256k1_gej_set_xy(secp256k1_gej_t *r, const secp256k1_fe_t *x, const secp256k1_fe_t *y); |
7fef6619 | 70 | |
7fef6619 | 71 | /** Set a group element (jacobian) equal to another which is given in affine coordinates. */ |
254327e4 | 72 | void static secp256k1_gej_set_ge(secp256k1_gej_t *r, const secp256k1_ge_t *a); |
7fef6619 PW |
73 | |
74 | /** Get the X coordinate of a group element (jacobian). */ | |
254327e4 | 75 | void static secp256k1_gej_get_x(secp256k1_fe_t *r, const secp256k1_gej_t *a); |
7fef6619 PW |
76 | |
77 | /** Set r equal to the inverse of a (i.e., mirrored around the X axis) */ | |
254327e4 | 78 | void static secp256k1_gej_neg(secp256k1_gej_t *r, const secp256k1_gej_t *a); |
7fef6619 PW |
79 | |
80 | /** Check whether a group element is the point at infinity. */ | |
254327e4 | 81 | int static secp256k1_gej_is_infinity(const secp256k1_gej_t *a); |
7fef6619 | 82 | |
7fef6619 | 83 | /** Set r equal to the double of a. */ |
254327e4 | 84 | void static secp256k1_gej_double(secp256k1_gej_t *r, const secp256k1_gej_t *a); |
7fef6619 PW |
85 | |
86 | /** Set r equal to the sum of a and b. */ | |
254327e4 | 87 | void static secp256k1_gej_add(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_gej_t *b); |
7fef6619 PW |
88 | |
89 | /** Set r equal to the sum of a and b (with b given in jacobian coordinates). This is more efficient | |
90 | than secp256k1_gej_add. */ | |
254327e4 | 91 | void static secp256k1_gej_add_ge(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_ge_t *b); |
7fef6619 PW |
92 | |
93 | /** Get a hex representation of a point. *rlen will be overwritten with the real length. */ | |
254327e4 | 94 | void static secp256k1_gej_get_hex(char *r, int *rlen, const secp256k1_gej_t *a); |
7fef6619 PW |
95 | |
96 | /** Set r to be equal to lambda times a, where lambda is chosen in a way such that this is very fast. */ | |
254327e4 | 97 | void static secp256k1_gej_mul_lambda(secp256k1_gej_t *r, const secp256k1_gej_t *a); |
7fef6619 PW |
98 | |
99 | /** Find r1 and r2 such that r1+r2*lambda = a, and r1 and r2 are maximum 128 bits long (given that a is | |
100 | not more than 256 bits). */ | |
254327e4 PW |
101 | void static secp256k1_gej_split_exp(secp256k1_num_t *r1, secp256k1_num_t *r2, const secp256k1_num_t *a); |
102 | ||
b394396b | 103 | #endif |