Botan::Ed25519_FieldElement Class Reference

#include <ed25519_fe.h>

Public Member Functions
constexpr	Ed25519_FieldElement ()
constexpr	Ed25519_FieldElement (int64_t h0, int64_t h1, int64_t h2, int64_t h3, int64_t h4, int64_t h5, int64_t h6, int64_t h7, int64_t h8, int64_t h9)
constexpr	Ed25519_FieldElement (std::span< int32_t, 10 > fe)
Ed25519_FieldElement	invert () const
bool	is_negative () const
bool	is_zero () const
int32_t &	operator[] (size_t i)
int32_t	operator[] (size_t i) const
Ed25519_FieldElement	pow_22523 () const
void	serialize_to (std::span< uint8_t, 32 > b) const
Ed25519_FieldElement	sqr () const
Ed25519_FieldElement	sqr2 () const
Ed25519_FieldElement	sqr_iter (size_t iter) const

Static Public Member Functions
static Ed25519_FieldElement	add (const Ed25519_FieldElement &a, const Ed25519_FieldElement &b)
static Ed25519_FieldElement	deserialize (const uint8_t b[32])
static Ed25519_FieldElement	mul (const Ed25519_FieldElement &a, const Ed25519_FieldElement &b)
static Ed25519_FieldElement	negate (const Ed25519_FieldElement &a)
static constexpr Ed25519_FieldElement	one ()
static Ed25519_FieldElement	sub (const Ed25519_FieldElement &a, const Ed25519_FieldElement &b)
static constexpr Ed25519_FieldElement	zero ()

Detailed Description

An element of the field \Z/(2^255-19)

An element t, entries t[0]...t[9], represents the integer t[0]+2^26 t[1]+2^51 t[2]+2^77 t[3]+2^102 t[4]+...+2^230 t[9]. Bounds on each t[i] vary depending on context.

Definition at line 28 of file ed25519_fe.h.

Constructor & Destructor Documentation

Ed25519_FieldElement() [1/3]

Botan::Ed25519_FieldElement::Ed25519_FieldElement ( )

inlineconstexpr

Default zero initialization

Definition at line 33 of file ed25519_fe.h.

: m_fe{} {}

Referenced by add(), deserialize(), invert(), mul(), negate(), one(), pow_22523(), sqr(), sqr2(), sqr_iter(), sub(), and zero().

Ed25519_FieldElement() [2/3]

Botan::Ed25519_FieldElement::Ed25519_FieldElement ( std::span< int32_t, 10 > fe )

inlineexplicitconstexpr

Definition at line 44 of file ed25519_fe.h.

                                                                       {
         for(size_t i = 0; i != 10; ++i) {
            m_fe[i] = fe[i];
         }
      }

Ed25519_FieldElement() [3/3]

Botan::Ed25519_FieldElement::Ed25519_FieldElement ( int64_t h0, int64_t h1, int64_t h2, int64_t h3, int64_t h4, int64_t h5, int64_t h6, int64_t h7, int64_t h8, int64_t h9 )

inlineconstexpr

Definition at line 51 of file ed25519_fe.h.

                                                 {
         m_fe[0] = static_cast<int32_t>(h0);
         m_fe[1] = static_cast<int32_t>(h1);
         m_fe[2] = static_cast<int32_t>(h2);
         m_fe[3] = static_cast<int32_t>(h3);
         m_fe[4] = static_cast<int32_t>(h4);
         m_fe[5] = static_cast<int32_t>(h5);
         m_fe[6] = static_cast<int32_t>(h6);
         m_fe[7] = static_cast<int32_t>(h7);
         m_fe[8] = static_cast<int32_t>(h8);
         m_fe[9] = static_cast<int32_t>(h9);
      }

Member Function Documentation

add()

Ed25519_FieldElement Botan::Ed25519_FieldElement::add ( const Ed25519_FieldElement & a, const Ed25519_FieldElement & b )

inlinestatic

Definition at line 94 of file ed25519_fe.h.

                                                                                                    {
         Ed25519_FieldElement z;
         for(size_t i = 0; i != 10; ++i) {
            z.m_fe[i] = a.m_fe[i] + b.m_fe[i];
         }
         return z;
      }

References Ed25519_FieldElement().

Referenced by Botan::operator+().

deserialize()

Ed25519_FieldElement Botan::Ed25519_FieldElement::deserialize ( const uint8_t b[32] )

static

Definition at line 591 of file ed25519_fe.cpp.

                                                                          {
   int64_t h0 = load_4(s);
   int64_t h1 = load_3(s + 4) << 6;
   int64_t h2 = load_3(s + 7) << 5;
   int64_t h3 = load_3(s + 10) << 3;
   int64_t h4 = load_3(s + 13) << 2;
   int64_t h5 = load_4(s + 16);
   int64_t h6 = load_3(s + 20) << 7;
   int64_t h7 = load_3(s + 23) << 5;
   int64_t h8 = load_3(s + 26) << 4;
   int64_t h9 = (load_3(s + 29) & 0x7fffff) << 2;
 
   carry<25, 19>(h9, h0);
   carry<25>(h1, h2);
   carry<25>(h3, h4);
   carry<25>(h5, h6);
   carry<25>(h7, h8);
 
   carry<26>(h0, h1);
   carry<26>(h2, h3);
   carry<26>(h4, h5);
   carry<26>(h6, h7);
   carry<26>(h8, h9);
 
   return Ed25519_FieldElement(h0, h1, h2, h3, h4, h5, h6, h7, h8, h9);
}

References Botan::carry(), Ed25519_FieldElement(), Botan::load_3(), and Botan::load_4().

invert()

Ed25519_FieldElement Botan::Ed25519_FieldElement::invert

(

)

const

Definition at line 18 of file ed25519_fe.cpp.

                                                        {
   auto t0 = this->sqr();
   auto t1 = t0.sqr_iter(2);
   t1 = *this * t1;
   t0 = t0 * t1;
   auto t2 = t0.sqr();
   t1 = t1 * t2;
   t2 = t1.sqr_iter(5);
   t1 = t2 * t1;
   t2 = t1.sqr_iter(10);
   t2 = t2 * t1;
   auto t3 = t2.sqr_iter(20);
   t2 = t3 * t2;
   t2 = t2.sqr_iter(10);
   t1 = t2 * t1;
   t2 = t1.sqr_iter(50);
   t2 = t2 * t1;
   t3 = t2.sqr_iter(100);
   t2 = t3 * t2;
   t2 = t2.sqr_iter(50);
   t1 = t2 * t1;
   t1 = t1.sqr_iter(5);
 
   t0 = t1 * t0;
   return t0;
}

References Ed25519_FieldElement(), and sqr().

is_negative()

bool Botan::Ed25519_FieldElement::is_negative ( ) const

inline

Definition at line 87 of file ed25519_fe.h.

                               {
         // TODO could avoid most of the serialize computation here
         std::array<uint8_t, 32> s = {};
         this->serialize_to(s);
         return (s[0] & 0x01) == 0x01;
      }

References serialize_to().

is_zero()

bool Botan::Ed25519_FieldElement::is_zero ( ) const

inline

Definition at line 77 of file ed25519_fe.h.

                           {
         std::array<uint8_t, 32> value = {};
         this->serialize_to(value);
         return CT::all_zeros(value.data(), value.size()).as_bool();
      }

References Botan::CT::all_zeros(), and serialize_to().

mul()

Ed25519_FieldElement Botan::Ed25519_FieldElement::mul ( const Ed25519_FieldElement & a, const Ed25519_FieldElement & b )

static

Definition at line 105 of file ed25519_fe.cpp.

                                                                                                           {
   const int32_t f0 = f.m_fe[0];
   const int32_t f1 = f.m_fe[1];
   const int32_t f2 = f.m_fe[2];
   const int32_t f3 = f.m_fe[3];
   const int32_t f4 = f.m_fe[4];
   const int32_t f5 = f.m_fe[5];
   const int32_t f6 = f.m_fe[6];
   const int32_t f7 = f.m_fe[7];
   const int32_t f8 = f.m_fe[8];
   const int32_t f9 = f.m_fe[9];
 
   const int32_t g0 = g.m_fe[0];
   const int32_t g1 = g.m_fe[1];
   const int32_t g2 = g.m_fe[2];
   const int32_t g3 = g.m_fe[3];
   const int32_t g4 = g.m_fe[4];
   const int32_t g5 = g.m_fe[5];
   const int32_t g6 = g.m_fe[6];
   const int32_t g7 = g.m_fe[7];
   const int32_t g8 = g.m_fe[8];
   const int32_t g9 = g.m_fe[9];
 
   const int32_t g1_19 = 19 * g1; /* 1.959375*2^29 */
   const int32_t g2_19 = 19 * g2; /* 1.959375*2^30; still ok */
   const int32_t g3_19 = 19 * g3;
   const int32_t g4_19 = 19 * g4;
   const int32_t g5_19 = 19 * g5;
   const int32_t g6_19 = 19 * g6;
   const int32_t g7_19 = 19 * g7;
   const int32_t g8_19 = 19 * g8;
   const int32_t g9_19 = 19 * g9;
   const int32_t f1_2 = 2 * f1;
   const int32_t f3_2 = 2 * f3;
   const int32_t f5_2 = 2 * f5;
   const int32_t f7_2 = 2 * f7;
   const int32_t f9_2 = 2 * f9;
 
   const int64_t f0g0 = f0 * static_cast<int64_t>(g0);
   const int64_t f0g1 = f0 * static_cast<int64_t>(g1);
   const int64_t f0g2 = f0 * static_cast<int64_t>(g2);
   const int64_t f0g3 = f0 * static_cast<int64_t>(g3);
   const int64_t f0g4 = f0 * static_cast<int64_t>(g4);
   const int64_t f0g5 = f0 * static_cast<int64_t>(g5);
   const int64_t f0g6 = f0 * static_cast<int64_t>(g6);
   const int64_t f0g7 = f0 * static_cast<int64_t>(g7);
   const int64_t f0g8 = f0 * static_cast<int64_t>(g8);
   const int64_t f0g9 = f0 * static_cast<int64_t>(g9);
   const int64_t f1g0 = f1 * static_cast<int64_t>(g0);
   const int64_t f1g1_2 = f1_2 * static_cast<int64_t>(g1);
   const int64_t f1g2 = f1 * static_cast<int64_t>(g2);
   const int64_t f1g3_2 = f1_2 * static_cast<int64_t>(g3);
   const int64_t f1g4 = f1 * static_cast<int64_t>(g4);
   const int64_t f1g5_2 = f1_2 * static_cast<int64_t>(g5);
   const int64_t f1g6 = f1 * static_cast<int64_t>(g6);
   const int64_t f1g7_2 = f1_2 * static_cast<int64_t>(g7);
   const int64_t f1g8 = f1 * static_cast<int64_t>(g8);
   const int64_t f1g9_38 = f1_2 * static_cast<int64_t>(g9_19);
   const int64_t f2g0 = f2 * static_cast<int64_t>(g0);
   const int64_t f2g1 = f2 * static_cast<int64_t>(g1);
   const int64_t f2g2 = f2 * static_cast<int64_t>(g2);
   const int64_t f2g3 = f2 * static_cast<int64_t>(g3);
   const int64_t f2g4 = f2 * static_cast<int64_t>(g4);
   const int64_t f2g5 = f2 * static_cast<int64_t>(g5);
   const int64_t f2g6 = f2 * static_cast<int64_t>(g6);
   const int64_t f2g7 = f2 * static_cast<int64_t>(g7);
   const int64_t f2g8_19 = f2 * static_cast<int64_t>(g8_19);
   const int64_t f2g9_19 = f2 * static_cast<int64_t>(g9_19);
   const int64_t f3g0 = f3 * static_cast<int64_t>(g0);
   const int64_t f3g1_2 = f3_2 * static_cast<int64_t>(g1);
   const int64_t f3g2 = f3 * static_cast<int64_t>(g2);
   const int64_t f3g3_2 = f3_2 * static_cast<int64_t>(g3);
   const int64_t f3g4 = f3 * static_cast<int64_t>(g4);
   const int64_t f3g5_2 = f3_2 * static_cast<int64_t>(g5);
   const int64_t f3g6 = f3 * static_cast<int64_t>(g6);
   const int64_t f3g7_38 = f3_2 * static_cast<int64_t>(g7_19);
   const int64_t f3g8_19 = f3 * static_cast<int64_t>(g8_19);
   const int64_t f3g9_38 = f3_2 * static_cast<int64_t>(g9_19);
   const int64_t f4g0 = f4 * static_cast<int64_t>(g0);
   const int64_t f4g1 = f4 * static_cast<int64_t>(g1);
   const int64_t f4g2 = f4 * static_cast<int64_t>(g2);
   const int64_t f4g3 = f4 * static_cast<int64_t>(g3);
   const int64_t f4g4 = f4 * static_cast<int64_t>(g4);
   const int64_t f4g5 = f4 * static_cast<int64_t>(g5);
   const int64_t f4g6_19 = f4 * static_cast<int64_t>(g6_19);
   const int64_t f4g7_19 = f4 * static_cast<int64_t>(g7_19);
   const int64_t f4g8_19 = f4 * static_cast<int64_t>(g8_19);
   const int64_t f4g9_19 = f4 * static_cast<int64_t>(g9_19);
   const int64_t f5g0 = f5 * static_cast<int64_t>(g0);
   const int64_t f5g1_2 = f5_2 * static_cast<int64_t>(g1);
   const int64_t f5g2 = f5 * static_cast<int64_t>(g2);
   const int64_t f5g3_2 = f5_2 * static_cast<int64_t>(g3);
   const int64_t f5g4 = f5 * static_cast<int64_t>(g4);
   const int64_t f5g5_38 = f5_2 * static_cast<int64_t>(g5_19);
   const int64_t f5g6_19 = f5 * static_cast<int64_t>(g6_19);
   const int64_t f5g7_38 = f5_2 * static_cast<int64_t>(g7_19);
   const int64_t f5g8_19 = f5 * static_cast<int64_t>(g8_19);
   const int64_t f5g9_38 = f5_2 * static_cast<int64_t>(g9_19);
   const int64_t f6g0 = f6 * static_cast<int64_t>(g0);
   const int64_t f6g1 = f6 * static_cast<int64_t>(g1);
   const int64_t f6g2 = f6 * static_cast<int64_t>(g2);
   const int64_t f6g3 = f6 * static_cast<int64_t>(g3);
   const int64_t f6g4_19 = f6 * static_cast<int64_t>(g4_19);
   const int64_t f6g5_19 = f6 * static_cast<int64_t>(g5_19);
   const int64_t f6g6_19 = f6 * static_cast<int64_t>(g6_19);
   const int64_t f6g7_19 = f6 * static_cast<int64_t>(g7_19);
   const int64_t f6g8_19 = f6 * static_cast<int64_t>(g8_19);
   const int64_t f6g9_19 = f6 * static_cast<int64_t>(g9_19);
   const int64_t f7g0 = f7 * static_cast<int64_t>(g0);
   const int64_t f7g1_2 = f7_2 * static_cast<int64_t>(g1);
   const int64_t f7g2 = f7 * static_cast<int64_t>(g2);
   const int64_t f7g3_38 = f7_2 * static_cast<int64_t>(g3_19);
   const int64_t f7g4_19 = f7 * static_cast<int64_t>(g4_19);
   const int64_t f7g5_38 = f7_2 * static_cast<int64_t>(g5_19);
   const int64_t f7g6_19 = f7 * static_cast<int64_t>(g6_19);
   const int64_t f7g7_38 = f7_2 * static_cast<int64_t>(g7_19);
   const int64_t f7g8_19 = f7 * static_cast<int64_t>(g8_19);
   const int64_t f7g9_38 = f7_2 * static_cast<int64_t>(g9_19);
   const int64_t f8g0 = f8 * static_cast<int64_t>(g0);
   const int64_t f8g1 = f8 * static_cast<int64_t>(g1);
   const int64_t f8g2_19 = f8 * static_cast<int64_t>(g2_19);
   const int64_t f8g3_19 = f8 * static_cast<int64_t>(g3_19);
   const int64_t f8g4_19 = f8 * static_cast<int64_t>(g4_19);
   const int64_t f8g5_19 = f8 * static_cast<int64_t>(g5_19);
   const int64_t f8g6_19 = f8 * static_cast<int64_t>(g6_19);
   const int64_t f8g7_19 = f8 * static_cast<int64_t>(g7_19);
   const int64_t f8g8_19 = f8 * static_cast<int64_t>(g8_19);
   const int64_t f8g9_19 = f8 * static_cast<int64_t>(g9_19);
   const int64_t f9g0 = f9 * static_cast<int64_t>(g0);
   const int64_t f9g1_38 = f9_2 * static_cast<int64_t>(g1_19);
   const int64_t f9g2_19 = f9 * static_cast<int64_t>(g2_19);
   const int64_t f9g3_38 = f9_2 * static_cast<int64_t>(g3_19);
   const int64_t f9g4_19 = f9 * static_cast<int64_t>(g4_19);
   const int64_t f9g5_38 = f9_2 * static_cast<int64_t>(g5_19);
   const int64_t f9g6_19 = f9 * static_cast<int64_t>(g6_19);
   const int64_t f9g7_38 = f9_2 * static_cast<int64_t>(g7_19);
   const int64_t f9g8_19 = f9 * static_cast<int64_t>(g8_19);
   const int64_t f9g9_38 = f9_2 * static_cast<int64_t>(g9_19);
 
   int64_t h0 = f0g0 + f1g9_38 + f2g8_19 + f3g7_38 + f4g6_19 + f5g5_38 + f6g4_19 + f7g3_38 + f8g2_19 + f9g1_38;
   int64_t h1 = f0g1 + f1g0 + f2g9_19 + f3g8_19 + f4g7_19 + f5g6_19 + f6g5_19 + f7g4_19 + f8g3_19 + f9g2_19;
   int64_t h2 = f0g2 + f1g1_2 + f2g0 + f3g9_38 + f4g8_19 + f5g7_38 + f6g6_19 + f7g5_38 + f8g4_19 + f9g3_38;
   int64_t h3 = f0g3 + f1g2 + f2g1 + f3g0 + f4g9_19 + f5g8_19 + f6g7_19 + f7g6_19 + f8g5_19 + f9g4_19;
   int64_t h4 = f0g4 + f1g3_2 + f2g2 + f3g1_2 + f4g0 + f5g9_38 + f6g8_19 + f7g7_38 + f8g6_19 + f9g5_38;
   int64_t h5 = f0g5 + f1g4 + f2g3 + f3g2 + f4g1 + f5g0 + f6g9_19 + f7g8_19 + f8g7_19 + f9g6_19;
   int64_t h6 = f0g6 + f1g5_2 + f2g4 + f3g3_2 + f4g2 + f5g1_2 + f6g0 + f7g9_38 + f8g8_19 + f9g7_38;
   int64_t h7 = f0g7 + f1g6 + f2g5 + f3g4 + f4g3 + f5g2 + f6g1 + f7g0 + f8g9_19 + f9g8_19;
   int64_t h8 = f0g8 + f1g7_2 + f2g6 + f3g5_2 + f4g4 + f5g3_2 + f6g2 + f7g1_2 + f8g0 + f9g9_38;
   int64_t h9 = f0g9 + f1g8 + f2g7 + f3g6 + f4g5 + f5g4 + f6g3 + f7g2 + f8g1 + f9g0;
 
   /*
   |h0| <= (1.65*1.65*2^52*(1+19+19+19+19)+1.65*1.65*2^50*(38+38+38+38+38))
   i.e. |h0| <= 1.4*2^60; narrower ranges for h2, h4, h6, h8
   |h1| <= (1.65*1.65*2^51*(1+1+19+19+19+19+19+19+19+19))
   i.e. |h1| <= 1.7*2^59; narrower ranges for h3, h5, h7, h9
   */
   carry<26>(h0, h1);
   carry<26>(h4, h5);
 
   /* |h0| <= 2^25 */
   /* |h4| <= 2^25 */
   /* |h1| <= 1.71*2^59 */
   /* |h5| <= 1.71*2^59 */
 
   carry<25>(h1, h2);
   carry<25>(h5, h6);
 
   /* |h1| <= 2^24; from now on fits into int32 */
   /* |h5| <= 2^24; from now on fits into int32 */
   /* |h2| <= 1.41*2^60 */
   /* |h6| <= 1.41*2^60 */
 
   carry<26>(h2, h3);
   carry<26>(h6, h7);
   /* |h2| <= 2^25; from now on fits into int32 unchanged */
   /* |h6| <= 2^25; from now on fits into int32 unchanged */
   /* |h3| <= 1.71*2^59 */
   /* |h7| <= 1.71*2^59 */
 
   carry<25>(h3, h4);
   carry<25>(h7, h8);
   /* |h3| <= 2^24; from now on fits into int32 unchanged */
   /* |h7| <= 2^24; from now on fits into int32 unchanged */
   /* |h4| <= 1.72*2^34 */
   /* |h8| <= 1.41*2^60 */
 
   carry<26>(h4, h5);
   carry<26>(h8, h9);
   /* |h4| <= 2^25; from now on fits into int32 unchanged */
   /* |h8| <= 2^25; from now on fits into int32 unchanged */
   /* |h5| <= 1.01*2^24 */
   /* |h9| <= 1.71*2^59 */
 
   carry<25, 19>(h9, h0);
 
   /* |h9| <= 2^24; from now on fits into int32 unchanged */
   /* |h0| <= 1.1*2^39 */
 
   carry<26>(h0, h1);
   /* |h0| <= 2^25; from now on fits into int32 unchanged */
   /* |h1| <= 1.01*2^24 */
 
   return Ed25519_FieldElement(h0, h1, h2, h3, h4, h5, h6, h7, h8, h9);
}

References Botan::carry(), and Ed25519_FieldElement().

Referenced by Botan::operator*().

negate()

Ed25519_FieldElement Botan::Ed25519_FieldElement::negate ( const Ed25519_FieldElement & a )

inlinestatic

Definition at line 110 of file ed25519_fe.h.

                                                                        {
         Ed25519_FieldElement z;
         for(size_t i = 0; i != 10; ++i) {
            z.m_fe[i] = -a.m_fe[i];
         }
         return z;
      }

References Ed25519_FieldElement().

Referenced by Botan::operator-().

one()

constexpr Ed25519_FieldElement Botan::Ed25519_FieldElement::one ( )

inlinestaticconstexpr

Definition at line 37 of file ed25519_fe.h.

                                                  {
         auto o = Ed25519_FieldElement();
         o.m_fe[0] = 1;
         return o;
      }

References Ed25519_FieldElement().

operator[]() [1/2]

int32_t & Botan::Ed25519_FieldElement::operator[] ( size_t i )

inline

Definition at line 134 of file ed25519_fe.h.

{ return m_fe[i]; }

operator[]() [2/2]

int32_t Botan::Ed25519_FieldElement::operator[] ( size_t i ) const

inline

Definition at line 132 of file ed25519_fe.h.

{ return m_fe[i]; }

pow_22523()

Ed25519_FieldElement Botan::Ed25519_FieldElement::pow_22523

(

)

const

Definition at line 45 of file ed25519_fe.cpp.

                                                           {
   auto t0 = this->sqr();
   auto t1 = t0.sqr_iter(2);
   t1 = (*this) * t1;
   t0 = t0 * t1;
   t0 = t0.sqr();
   t0 = t1 * t0;
   t1 = t0.sqr_iter(5);
   t0 = t1 * t0;
   t1 = t0.sqr_iter(10);
   t1 = t1 * t0;
   auto t2 = t1.sqr_iter(20);
   t1 = t2 * t1;
   t1 = t1.sqr_iter(10);
   t0 = t1 * t0;
   t1 = t0.sqr_iter(50);
   t1 = t1 * t0;
   t2 = t1.sqr_iter(100);
   t1 = t2 * t1;
   t1 = t1.sqr_iter(50);
   t0 = t1 * t0;
   t0 = t0.sqr_iter(2);
 
   t0 = t0 * (*this);
   return t0;
}

References Ed25519_FieldElement(), and sqr().

serialize_to()

void Botan::Ed25519_FieldElement::serialize_to

(

std::span< uint8_t, 32 >

b

)

const

Definition at line 643 of file ed25519_fe.cpp.

                                                                    {
   const int32_t X25 = (1 << 25);
 
   int32_t h0 = m_fe[0];
   int32_t h1 = m_fe[1];
   int32_t h2 = m_fe[2];
   int32_t h3 = m_fe[3];
   int32_t h4 = m_fe[4];
   int32_t h5 = m_fe[5];
   int32_t h6 = m_fe[6];
   int32_t h7 = m_fe[7];
   int32_t h8 = m_fe[8];
   int32_t h9 = m_fe[9];
 
   int32_t q = (19 * h9 + ((static_cast<int32_t>(1) << 24))) >> 25;
   q = (h0 + q) >> 26;
   q = (h1 + q) >> 25;
   q = (h2 + q) >> 26;
   q = (h3 + q) >> 25;
   q = (h4 + q) >> 26;
   q = (h5 + q) >> 25;
   q = (h6 + q) >> 26;
   q = (h7 + q) >> 25;
   q = (h8 + q) >> 26;
   q = (h9 + q) >> 25;
 
   /* Goal: Output h-(2^255-19)q, which is between 0 and 2^255-20. */
   h0 += 19 * q;
   /* Goal: Output h-2^255 q, which is between 0 and 2^255-20. */
 
   carry0<26>(h0, h1);
   carry0<25>(h1, h2);
   carry0<26>(h2, h3);
   carry0<25>(h3, h4);
   carry0<26>(h4, h5);
   carry0<25>(h5, h6);
   carry0<26>(h6, h7);
   carry0<25>(h7, h8);
   carry0<26>(h8, h9);
 
   const int32_t carry9 = h9 >> 25;
   h9 -= carry9 * X25;
   /* h10 = carry9 */
 
   /*
   Goal: Output h0+...+2^255 h10-2^255 q, which is between 0 and 2^255-20.
   Have h0+...+2^230 h9 between 0 and 2^255-1;
   evidently 2^255 h10-2^255 q = 0.
   Goal: Output h0+...+2^230 h9.
   */
 
   s[0] = static_cast<uint8_t>(h0 >> 0);
   s[1] = static_cast<uint8_t>(h0 >> 8);
   s[2] = static_cast<uint8_t>(h0 >> 16);
   s[3] = static_cast<uint8_t>((h0 >> 24) | (h1 << 2));
   s[4] = static_cast<uint8_t>(h1 >> 6);
   s[5] = static_cast<uint8_t>(h1 >> 14);
   s[6] = static_cast<uint8_t>((h1 >> 22) | (h2 << 3));
   s[7] = static_cast<uint8_t>(h2 >> 5);
   s[8] = static_cast<uint8_t>(h2 >> 13);
   s[9] = static_cast<uint8_t>((h2 >> 21) | (h3 << 5));
   s[10] = static_cast<uint8_t>(h3 >> 3);
   s[11] = static_cast<uint8_t>(h3 >> 11);
   s[12] = static_cast<uint8_t>((h3 >> 19) | (h4 << 6));
   s[13] = static_cast<uint8_t>(h4 >> 2);
   s[14] = static_cast<uint8_t>(h4 >> 10);
   s[15] = static_cast<uint8_t>(h4 >> 18);
   s[16] = static_cast<uint8_t>(h5 >> 0);
   s[17] = static_cast<uint8_t>(h5 >> 8);
   s[18] = static_cast<uint8_t>(h5 >> 16);
   s[19] = static_cast<uint8_t>((h5 >> 24) | (h6 << 1));
   s[20] = static_cast<uint8_t>(h6 >> 7);
   s[21] = static_cast<uint8_t>(h6 >> 15);
   s[22] = static_cast<uint8_t>((h6 >> 23) | (h7 << 3));
   s[23] = static_cast<uint8_t>(h7 >> 5);
   s[24] = static_cast<uint8_t>(h7 >> 13);
   s[25] = static_cast<uint8_t>((h7 >> 21) | (h8 << 4));
   s[26] = static_cast<uint8_t>(h8 >> 4);
   s[27] = static_cast<uint8_t>(h8 >> 12);
   s[28] = static_cast<uint8_t>((h8 >> 20) | (h9 << 6));
   s[29] = static_cast<uint8_t>(h9 >> 2);
   s[30] = static_cast<uint8_t>(h9 >> 10);
   s[31] = static_cast<uint8_t>(h9 >> 18);
}

References Botan::carry0().

Referenced by is_negative(), and is_zero().

sqr()

Ed25519_FieldElement Botan::Ed25519_FieldElement::sqr ( ) const

inline

Definition at line 122 of file ed25519_fe.h.

{ return sqr_iter(1); }

References Ed25519_FieldElement(), and sqr_iter().

Referenced by invert(), and pow_22523().

sqr2()

Ed25519_FieldElement Botan::Ed25519_FieldElement::sqr2

(

)

const

Definition at line 466 of file ed25519_fe.cpp.

                                                      {
   const int32_t f0 = m_fe[0];
   const int32_t f1 = m_fe[1];
   const int32_t f2 = m_fe[2];
   const int32_t f3 = m_fe[3];
   const int32_t f4 = m_fe[4];
   const int32_t f5 = m_fe[5];
   const int32_t f6 = m_fe[6];
   const int32_t f7 = m_fe[7];
   const int32_t f8 = m_fe[8];
   const int32_t f9 = m_fe[9];
 
   const int32_t f0_2 = 2 * f0;
   const int32_t f1_2 = 2 * f1;
   const int32_t f2_2 = 2 * f2;
   const int32_t f3_2 = 2 * f3;
   const int32_t f4_2 = 2 * f4;
   const int32_t f5_2 = 2 * f5;
   const int32_t f6_2 = 2 * f6;
   const int32_t f7_2 = 2 * f7;
   const int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */
   const int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */
   const int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */
   const int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */
   const int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */
   const int64_t f0f0 = f0 * static_cast<int64_t>(f0);
   const int64_t f0f1_2 = f0_2 * static_cast<int64_t>(f1);
   const int64_t f0f2_2 = f0_2 * static_cast<int64_t>(f2);
   const int64_t f0f3_2 = f0_2 * static_cast<int64_t>(f3);
   const int64_t f0f4_2 = f0_2 * static_cast<int64_t>(f4);
   const int64_t f0f5_2 = f0_2 * static_cast<int64_t>(f5);
   const int64_t f0f6_2 = f0_2 * static_cast<int64_t>(f6);
   const int64_t f0f7_2 = f0_2 * static_cast<int64_t>(f7);
   const int64_t f0f8_2 = f0_2 * static_cast<int64_t>(f8);
   const int64_t f0f9_2 = f0_2 * static_cast<int64_t>(f9);
   const int64_t f1f1_2 = f1_2 * static_cast<int64_t>(f1);
   const int64_t f1f2_2 = f1_2 * static_cast<int64_t>(f2);
   const int64_t f1f3_4 = f1_2 * static_cast<int64_t>(f3_2);
   const int64_t f1f4_2 = f1_2 * static_cast<int64_t>(f4);
   const int64_t f1f5_4 = f1_2 * static_cast<int64_t>(f5_2);
   const int64_t f1f6_2 = f1_2 * static_cast<int64_t>(f6);
   const int64_t f1f7_4 = f1_2 * static_cast<int64_t>(f7_2);
   const int64_t f1f8_2 = f1_2 * static_cast<int64_t>(f8);
   const int64_t f1f9_76 = f1_2 * static_cast<int64_t>(f9_38);
   const int64_t f2f2 = f2 * static_cast<int64_t>(f2);
   const int64_t f2f3_2 = f2_2 * static_cast<int64_t>(f3);
   const int64_t f2f4_2 = f2_2 * static_cast<int64_t>(f4);
   const int64_t f2f5_2 = f2_2 * static_cast<int64_t>(f5);
   const int64_t f2f6_2 = f2_2 * static_cast<int64_t>(f6);
   const int64_t f2f7_2 = f2_2 * static_cast<int64_t>(f7);
   const int64_t f2f8_38 = f2_2 * static_cast<int64_t>(f8_19);
   const int64_t f2f9_38 = f2 * static_cast<int64_t>(f9_38);
   const int64_t f3f3_2 = f3_2 * static_cast<int64_t>(f3);
   const int64_t f3f4_2 = f3_2 * static_cast<int64_t>(f4);
   const int64_t f3f5_4 = f3_2 * static_cast<int64_t>(f5_2);
   const int64_t f3f6_2 = f3_2 * static_cast<int64_t>(f6);
   const int64_t f3f7_76 = f3_2 * static_cast<int64_t>(f7_38);
   const int64_t f3f8_38 = f3_2 * static_cast<int64_t>(f8_19);
   const int64_t f3f9_76 = f3_2 * static_cast<int64_t>(f9_38);
   const int64_t f4f4 = f4 * static_cast<int64_t>(f4);
   const int64_t f4f5_2 = f4_2 * static_cast<int64_t>(f5);
   const int64_t f4f6_38 = f4_2 * static_cast<int64_t>(f6_19);
   const int64_t f4f7_38 = f4 * static_cast<int64_t>(f7_38);
   const int64_t f4f8_38 = f4_2 * static_cast<int64_t>(f8_19);
   const int64_t f4f9_38 = f4 * static_cast<int64_t>(f9_38);
   const int64_t f5f5_38 = f5 * static_cast<int64_t>(f5_38);
   const int64_t f5f6_38 = f5_2 * static_cast<int64_t>(f6_19);
   const int64_t f5f7_76 = f5_2 * static_cast<int64_t>(f7_38);
   const int64_t f5f8_38 = f5_2 * static_cast<int64_t>(f8_19);
   const int64_t f5f9_76 = f5_2 * static_cast<int64_t>(f9_38);
   const int64_t f6f6_19 = f6 * static_cast<int64_t>(f6_19);
   const int64_t f6f7_38 = f6 * static_cast<int64_t>(f7_38);
   const int64_t f6f8_38 = f6_2 * static_cast<int64_t>(f8_19);
   const int64_t f6f9_38 = f6 * static_cast<int64_t>(f9_38);
   const int64_t f7f7_38 = f7 * static_cast<int64_t>(f7_38);
   const int64_t f7f8_38 = f7_2 * static_cast<int64_t>(f8_19);
   const int64_t f7f9_76 = f7_2 * static_cast<int64_t>(f9_38);
   const int64_t f8f8_19 = f8 * static_cast<int64_t>(f8_19);
   const int64_t f8f9_38 = f8 * static_cast<int64_t>(f9_38);
   const int64_t f9f9_38 = f9 * static_cast<int64_t>(f9_38);
 
   int64_t h0 = f0f0 + f1f9_76 + f2f8_38 + f3f7_76 + f4f6_38 + f5f5_38;
   int64_t h1 = f0f1_2 + f2f9_38 + f3f8_38 + f4f7_38 + f5f6_38;
   int64_t h2 = f0f2_2 + f1f1_2 + f3f9_76 + f4f8_38 + f5f7_76 + f6f6_19;
   int64_t h3 = f0f3_2 + f1f2_2 + f4f9_38 + f5f8_38 + f6f7_38;
   int64_t h4 = f0f4_2 + f1f3_4 + f2f2 + f5f9_76 + f6f8_38 + f7f7_38;
   int64_t h5 = f0f5_2 + f1f4_2 + f2f3_2 + f6f9_38 + f7f8_38;
   int64_t h6 = f0f6_2 + f1f5_4 + f2f4_2 + f3f3_2 + f7f9_76 + f8f8_19;
   int64_t h7 = f0f7_2 + f1f6_2 + f2f5_2 + f3f4_2 + f8f9_38;
   int64_t h8 = f0f8_2 + f1f7_4 + f2f6_2 + f3f5_4 + f4f4 + f9f9_38;
   int64_t h9 = f0f9_2 + f1f8_2 + f2f7_2 + f3f6_2 + f4f5_2;
 
   h0 += h0;
   h1 += h1;
   h2 += h2;
   h3 += h3;
   h4 += h4;
   h5 += h5;
   h6 += h6;
   h7 += h7;
   h8 += h8;
   h9 += h9;
 
   carry<26>(h0, h1);
   carry<26>(h4, h5);
 
   carry<25>(h1, h2);
   carry<25>(h5, h6);
 
   carry<26>(h2, h3);
   carry<26>(h6, h7);
 
   carry<25>(h3, h4);
   carry<25>(h7, h8);
   carry<26>(h4, h5);
   carry<26>(h8, h9);
   carry<25, 19>(h9, h0);
   carry<26>(h0, h1);
 
   return Ed25519_FieldElement(h0, h1, h2, h3, h4, h5, h6, h7, h8, h9);
}

References Botan::carry(), and Ed25519_FieldElement().

sqr_iter()

Ed25519_FieldElement Botan::Ed25519_FieldElement::sqr_iter

(

size_t

iter

)

const

Definition at line 326 of file ed25519_fe.cpp.

                                                                     {
   int32_t f0 = m_fe[0];
   int32_t f1 = m_fe[1];
   int32_t f2 = m_fe[2];
   int32_t f3 = m_fe[3];
   int32_t f4 = m_fe[4];
   int32_t f5 = m_fe[5];
   int32_t f6 = m_fe[6];
   int32_t f7 = m_fe[7];
   int32_t f8 = m_fe[8];
   int32_t f9 = m_fe[9];
 
   for(size_t i = 0; i != iter; ++i) {
      const int32_t f0_2 = 2 * f0;
      const int32_t f1_2 = 2 * f1;
      const int32_t f2_2 = 2 * f2;
      const int32_t f3_2 = 2 * f3;
      const int32_t f4_2 = 2 * f4;
      const int32_t f5_2 = 2 * f5;
      const int32_t f6_2 = 2 * f6;
      const int32_t f7_2 = 2 * f7;
      const int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */
      const int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */
      const int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */
      const int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */
      const int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */
 
      const int64_t f0f0 = f0 * static_cast<int64_t>(f0);
      const int64_t f0f1_2 = f0_2 * static_cast<int64_t>(f1);
      const int64_t f0f2_2 = f0_2 * static_cast<int64_t>(f2);
      const int64_t f0f3_2 = f0_2 * static_cast<int64_t>(f3);
      const int64_t f0f4_2 = f0_2 * static_cast<int64_t>(f4);
      const int64_t f0f5_2 = f0_2 * static_cast<int64_t>(f5);
      const int64_t f0f6_2 = f0_2 * static_cast<int64_t>(f6);
      const int64_t f0f7_2 = f0_2 * static_cast<int64_t>(f7);
      const int64_t f0f8_2 = f0_2 * static_cast<int64_t>(f8);
      const int64_t f0f9_2 = f0_2 * static_cast<int64_t>(f9);
      const int64_t f1f1_2 = f1_2 * static_cast<int64_t>(f1);
      const int64_t f1f2_2 = f1_2 * static_cast<int64_t>(f2);
      const int64_t f1f3_4 = f1_2 * static_cast<int64_t>(f3_2);
      const int64_t f1f4_2 = f1_2 * static_cast<int64_t>(f4);
      const int64_t f1f5_4 = f1_2 * static_cast<int64_t>(f5_2);
      const int64_t f1f6_2 = f1_2 * static_cast<int64_t>(f6);
      const int64_t f1f7_4 = f1_2 * static_cast<int64_t>(f7_2);
      const int64_t f1f8_2 = f1_2 * static_cast<int64_t>(f8);
      const int64_t f1f9_76 = f1_2 * static_cast<int64_t>(f9_38);
      const int64_t f2f2 = f2 * static_cast<int64_t>(f2);
      const int64_t f2f3_2 = f2_2 * static_cast<int64_t>(f3);
      const int64_t f2f4_2 = f2_2 * static_cast<int64_t>(f4);
      const int64_t f2f5_2 = f2_2 * static_cast<int64_t>(f5);
      const int64_t f2f6_2 = f2_2 * static_cast<int64_t>(f6);
      const int64_t f2f7_2 = f2_2 * static_cast<int64_t>(f7);
      const int64_t f2f8_38 = f2_2 * static_cast<int64_t>(f8_19);
      const int64_t f2f9_38 = f2 * static_cast<int64_t>(f9_38);
      const int64_t f3f3_2 = f3_2 * static_cast<int64_t>(f3);
      const int64_t f3f4_2 = f3_2 * static_cast<int64_t>(f4);
      const int64_t f3f5_4 = f3_2 * static_cast<int64_t>(f5_2);
      const int64_t f3f6_2 = f3_2 * static_cast<int64_t>(f6);
      const int64_t f3f7_76 = f3_2 * static_cast<int64_t>(f7_38);
      const int64_t f3f8_38 = f3_2 * static_cast<int64_t>(f8_19);
      const int64_t f3f9_76 = f3_2 * static_cast<int64_t>(f9_38);
      const int64_t f4f4 = f4 * static_cast<int64_t>(f4);
      const int64_t f4f5_2 = f4_2 * static_cast<int64_t>(f5);
      const int64_t f4f6_38 = f4_2 * static_cast<int64_t>(f6_19);
      const int64_t f4f7_38 = f4 * static_cast<int64_t>(f7_38);
      const int64_t f4f8_38 = f4_2 * static_cast<int64_t>(f8_19);
      const int64_t f4f9_38 = f4 * static_cast<int64_t>(f9_38);
      const int64_t f5f5_38 = f5 * static_cast<int64_t>(f5_38);
      const int64_t f5f6_38 = f5_2 * static_cast<int64_t>(f6_19);
      const int64_t f5f7_76 = f5_2 * static_cast<int64_t>(f7_38);
      const int64_t f5f8_38 = f5_2 * static_cast<int64_t>(f8_19);
      const int64_t f5f9_76 = f5_2 * static_cast<int64_t>(f9_38);
      const int64_t f6f6_19 = f6 * static_cast<int64_t>(f6_19);
      const int64_t f6f7_38 = f6 * static_cast<int64_t>(f7_38);
      const int64_t f6f8_38 = f6_2 * static_cast<int64_t>(f8_19);
      const int64_t f6f9_38 = f6 * static_cast<int64_t>(f9_38);
      const int64_t f7f7_38 = f7 * static_cast<int64_t>(f7_38);
      const int64_t f7f8_38 = f7_2 * static_cast<int64_t>(f8_19);
      const int64_t f7f9_76 = f7_2 * static_cast<int64_t>(f9_38);
      const int64_t f8f8_19 = f8 * static_cast<int64_t>(f8_19);
      const int64_t f8f9_38 = f8 * static_cast<int64_t>(f9_38);
      const int64_t f9f9_38 = f9 * static_cast<int64_t>(f9_38);
 
      int64_t h0 = f0f0 + f1f9_76 + f2f8_38 + f3f7_76 + f4f6_38 + f5f5_38;
      int64_t h1 = f0f1_2 + f2f9_38 + f3f8_38 + f4f7_38 + f5f6_38;
      int64_t h2 = f0f2_2 + f1f1_2 + f3f9_76 + f4f8_38 + f5f7_76 + f6f6_19;
      int64_t h3 = f0f3_2 + f1f2_2 + f4f9_38 + f5f8_38 + f6f7_38;
      int64_t h4 = f0f4_2 + f1f3_4 + f2f2 + f5f9_76 + f6f8_38 + f7f7_38;
      int64_t h5 = f0f5_2 + f1f4_2 + f2f3_2 + f6f9_38 + f7f8_38;
      int64_t h6 = f0f6_2 + f1f5_4 + f2f4_2 + f3f3_2 + f7f9_76 + f8f8_19;
      int64_t h7 = f0f7_2 + f1f6_2 + f2f5_2 + f3f4_2 + f8f9_38;
      int64_t h8 = f0f8_2 + f1f7_4 + f2f6_2 + f3f5_4 + f4f4 + f9f9_38;
      int64_t h9 = f0f9_2 + f1f8_2 + f2f7_2 + f3f6_2 + f4f5_2;
 
      carry<26>(h0, h1);
      carry<26>(h4, h5);
      carry<25>(h1, h2);
      carry<25>(h5, h6);
      carry<26>(h2, h3);
      carry<26>(h6, h7);
 
      carry<25>(h3, h4);
      carry<25>(h7, h8);
 
      carry<26>(h4, h5);
      carry<26>(h8, h9);
      carry<25, 19>(h9, h0);
      carry<26>(h0, h1);
 
      f0 = static_cast<int32_t>(h0);
      f1 = static_cast<int32_t>(h1);
      f2 = static_cast<int32_t>(h2);
      f3 = static_cast<int32_t>(h3);
      f4 = static_cast<int32_t>(h4);
      f5 = static_cast<int32_t>(h5);
      f6 = static_cast<int32_t>(h6);
      f7 = static_cast<int32_t>(h7);
      f8 = static_cast<int32_t>(h8);
      f9 = static_cast<int32_t>(h9);
   }
 
   return Ed25519_FieldElement(f0, f1, f2, f3, f4, f5, f6, f7, f8, f9);
}

References Botan::carry(), and Ed25519_FieldElement().

Referenced by sqr().

sub()

Ed25519_FieldElement Botan::Ed25519_FieldElement::sub ( const Ed25519_FieldElement & a, const Ed25519_FieldElement & b )

inlinestatic

Definition at line 102 of file ed25519_fe.h.

                                                                                                    {
         Ed25519_FieldElement z;
         for(size_t i = 0; i != 10; ++i) {
            z.m_fe[i] = a.m_fe[i] - b.m_fe[i];
         }
         return z;
      }

References Ed25519_FieldElement().

Referenced by Botan::operator-().

zero()

constexpr Ed25519_FieldElement Botan::Ed25519_FieldElement::zero ( )

inlinestaticconstexpr

Definition at line 35 of file ed25519_fe.h.

{ return Ed25519_FieldElement(); }

References Ed25519_FieldElement().

---

The documentation for this class was generated from the following files:

• src/lib/pubkey/ed25519/ed25519_fe.h
• src/lib/pubkey/ed25519/ed25519_fe.cpp