Package: crypto/ed25519/internal/edwards25519/field

package field Import Path crypto/ed25519/internal/edwards25519/field (on go.dev) Dependency Relation imports 3 packages, and imported by one package

Involved Source Files #d fe.go Package field implements fast arithmetic modulo 2^255-19. fe_amd64.go fe_arm64_noasm.go fe_generic.go fe_amd64.s

Package-Level Type Names (total 2, in which 1 are exported)

/* sort exporteds by: alphabet | popularity */

type Element (struct) Element represents an element of the field GF(2^255-19). Note that this is not a cryptographically secure group, and should only be used to interact with edwards25519.Point coordinates. This type works similarly to math/big.Int, and all arguments and receivers are allowed to alias. The zero value is a valid zero element. Fields (total 5, none are exported) /* 5 unexporteds ... *//* 5 unexporteds: */ l0 uint64 An element t represents the integer t.l0 + t.l1*2^51 + t.l2*2^102 + t.l3*2^153 + t.l4*2^204 Between operations, all limbs are expected to be lower than 2^52. l1 uint64 l2 uint64 l3 uint64 l4 uint64 Methods (total 23, in which 19 are exported) (*Element) Absolute(u *Element) *Element Absolute sets v to |u|, and returns v. (*Element) Add(a, b *Element) *Element Add sets v = a + b, and returns v. (*Element) Bytes() []byte Bytes returns the canonical 32-byte little-endian encoding of v. (*Element) Equal(u *Element) int Equal returns 1 if v and u are equal, and 0 otherwise. (*Element) Invert(z *Element) *Element Invert sets v = 1/z mod p, and returns v. If z == 0, Invert returns v = 0. (*Element) IsNegative() int IsNegative returns 1 if v is negative, and 0 otherwise. (*Element) Mult32(x *Element, y uint32) *Element Mult32 sets v = x * y, and returns v. (*Element) Multiply(x, y *Element) *Element Multiply sets v = x * y, and returns v. (*Element) Negate(a *Element) *Element Negate sets v = -a, and returns v. (*Element) One() *Element One sets v = 1, and returns v. (*Element) Pow22523(x *Element) *Element Pow22523 set v = x^((p-5)/8), and returns v. (p-5)/8 is 2^252-3. (*Element) Select(a, b *Element, cond int) *Element Select sets v to a if cond == 1, and to b if cond == 0. (*Element) Set(a *Element) *Element Set sets v = a, and returns v. (*Element) SetBytes(x []byte) *Element SetBytes sets v to x, which must be a 32-byte little-endian encoding. Consistent with RFC 7748, the most significant bit (the high bit of the last byte) is ignored, and non-canonical values (2^255-19 through 2^255-1) are accepted. Note that this is laxer than specified by RFC 8032. (*Element) SqrtRatio(u, v *Element) (rr *Element, wasSquare int) SqrtRatio sets r to the non-negative square root of the ratio of u and v. If u/v is square, SqrtRatio returns r and 1. If u/v is not square, SqrtRatio sets r according to Section 4.3 of draft-irtf-cfrg-ristretto255-decaf448-00, and returns r and 0. (*Element) Square(x *Element) *Element Square sets v = x * x, and returns v. (*Element) Subtract(a, b *Element) *Element Subtract sets v = a - b, and returns v. (*Element) Swap(u *Element, cond int) Swap swaps v and u if cond == 1 or leaves them unchanged if cond == 0, and returns v. (*Element) Zero() *Element Zero sets v = 0, and returns v. /* 4 unexporteds ... *//* 4 unexporteds: */ (*Element) bytes(out *[32]byte) []byte (*Element) carryPropagate() *Element (*Element) carryPropagateGeneric() *Element carryPropagate brings the limbs below 52 bits by applying the reduction identity (a * 2²⁵⁵ + b = a * 19 + b) to the l4 carry. (*Element) reduce() *Element reduce reduces v modulo 2^255 - 19 and returns it. As Outputs Of (at least 18, in which 15 are exported) func (*Element).Absolute(u *Element) *Element func (*Element).Add(a, b *Element) *Element func (*Element).Invert(z *Element) *Element func (*Element).Mult32(x *Element, y uint32) *Element func (*Element).Multiply(x, y *Element) *Element func (*Element).Negate(a *Element) *Element func (*Element).One() *Element func (*Element).Pow22523(x *Element) *Element func (*Element).Select(a, b *Element, cond int) *Element func (*Element).Set(a *Element) *Element func (*Element).SetBytes(x []byte) *Element func (*Element).SqrtRatio(u, v *Element) (rr *Element, wasSquare int) func (*Element).Square(x *Element) *Element func (*Element).Subtract(a, b *Element) *Element func (*Element).Zero() *Element /* 3+ unexporteds ... *//* 3+ unexporteds: */ func (*Element).carryPropagate() *Element func (*Element).carryPropagateGeneric() *Element func (*Element).reduce() *Element As Inputs Of (at least 22, in which 14 are exported) func (*Element).Absolute(u *Element) *Element func (*Element).Add(a, b *Element) *Element func (*Element).Equal(u *Element) int func (*Element).Invert(z *Element) *Element func (*Element).Mult32(x *Element, y uint32) *Element func (*Element).Multiply(x, y *Element) *Element func (*Element).Negate(a *Element) *Element func (*Element).Pow22523(x *Element) *Element func (*Element).Select(a, b *Element, cond int) *Element func (*Element).Set(a *Element) *Element func (*Element).SqrtRatio(u, v *Element) (rr *Element, wasSquare int) func (*Element).Square(x *Element) *Element func (*Element).Subtract(a, b *Element) *Element func (*Element).Swap(u *Element, cond int) /* 8+ unexporteds ... *//* 8+ unexporteds: */ func feMul(out *Element, a *Element, b *Element) func feMul(out *Element, a *Element, b *Element) func feMul(out *Element, a *Element, b *Element) func feMulGeneric(v, a, b *Element) func feSquare(out *Element, a *Element) func feSquare(out *Element, a *Element) func feSquareGeneric(v, a *Element) func crypto/ed25519/internal/edwards25519.copyFieldElement(buf *[32]byte, v *Element) []byte As Types Of (total 6, none are exported) /* 6 unexporteds ... *//* 6 unexporteds: */ var feOne *Element var feZero *Element var sqrtM1 *Element var crypto/ed25519/internal/edwards25519.d *Element var crypto/ed25519/internal/edwards25519.d2 *Element var crypto/ed25519/internal/edwards25519.feOne *Element

/* one unexported ... *//* one unexported: */

type uint128 (struct) uint128 holds a 128-bit number as two 64-bit limbs, for use with the bits.Mul64 and bits.Add64 intrinsics. Fields (total 2, neither is exported) /* 2 unexporteds ... *//* 2 unexporteds: */ hi uint64 lo uint64 As Outputs Of (at least 2, neither is exported) /* 2+ unexporteds ... *//* 2+ unexporteds: */ func addMul64(v uint128, a, b uint64) uint128 func mul64(a, b uint64) uint128 As Inputs Of (at least 2, neither is exported) /* 2+ unexporteds ... *//* 2+ unexporteds: */ func addMul64(v uint128, a, b uint64) uint128 func shiftRightBy51(a uint128) uint64

Package-Level Functions (total 9, none are exported) /* 9 unexporteds ... *//* 9 unexporteds: */

func addMul64(v uint128, a, b uint64) uint128 addMul64 returns v + a * b.

func feMul(out *Element, a *Element, b *Element) feMul sets out = a * b. It works like feMulGeneric.

func feMulGeneric(v, a, b *Element)

func feSquare(out *Element, a *Element) feSquare sets out = a * a. It works like feSquareGeneric.

func feSquareGeneric(v, a *Element)

func mask64Bits(cond int) uint64 mask64Bits returns 0xffffffff if cond is 1, and 0 otherwise.

func mul51(a uint64, b uint32) (lo uint64, hi uint64) mul51 returns lo + hi * 2⁵¹ = a * b.

func mul64(a, b uint64) uint128 mul64 returns a * b.

func shiftRightBy51(a uint128) uint64 shiftRightBy51 returns a >> 51. a is assumed to be at most 115 bits.

Package-Level Variables (total 3, none are exported) /* 3 unexporteds ... *//* 3 unexporteds: */

var feOne *Element

var feZero *Element

var sqrtM1 *Element sqrtM1 is 2^((p-1)/4), which squared is equal to -1 by Euler's Criterion.

Package-Level Constants (only one, which is unexported) /* one unexported ... *//* one unexported: */

const maskLow51Bits uint64 = 2251799813685247