internal/radix51: make all APIs not consider the receiver an input

2019-01-26 20:29:57 -05:00 · 2019-01-26 20:29:57 -05:00 · 6c2fda803c
parent 930ef44224
commit 6c2fda803c
6 changed files with 16 additions and 23 deletions
--- a/ed25519.go
+++ b/ed25519.go
@ -74,7 +74,7 @@ func (curve ed25519Curve) IsOnCurve(x, y *big.Int) bool {
 	lh.Neg(&lh)              // -x^2
 	lh.Add(&lh, &y2)         // -x^2 + y^2
 	lh.Sub(&lh, &rh)         // -x^2 + y^2 - 1 - dx^2y^2
-	lh.Reduce()              // mod p
+	lh.Reduce(&lh)           // mod p

 	return lh.Equal(radix51.Zero) == 1
 }
--- a/internal/radix51/fe.go
+++ b/internal/radix51/fe.go
@ -54,7 +54,9 @@ func (v *FieldElement) SetInt(x uint64) {
 	v[4] = 0
 }

-func (v *FieldElement) Reduce() {
+func (v *FieldElement) Reduce(u *FieldElement) {
+	v.Set(u)
+
 	// Lev v = v[0] + v[1]*2^51 + v[2]*2^102 + v[3]*2^153 + v[4]*2^204
 	// Reduce each limb below 2^51, propagating carries.
 	v[1] += v[0] >> 51
@ -247,8 +249,8 @@ func (v *FieldElement) FromBytes(x *[32]byte) {
 }

 func (v *FieldElement) ToBytes(r *[32]byte) {
-	t := *v
-	t.Reduce()
+	var t FieldElement
+	t.Reduce(v)

 	r[0] = byte(t[0] & 0xff)
 	r[1] = byte((t[0] >> 8) & 0xff)
@ -357,17 +359,10 @@ func (v *FieldElement) Select(a, b *FieldElement, cond int) {
 	v[4] = (m & a[4]) | (^m & b[4])
 }

-// CondNeg sets v to -v if cond == 1, and to v if cond == 0.
-func (v *FieldElement) CondNeg(cond int) {
-	var t FieldElement
-	t.Neg(v)
-
-	b := uint64(cond) * 0xffffffffffffffff
-	v[0] ^= b & (v[0] ^ t[0])
-	v[1] ^= b & (v[1] ^ t[1])
-	v[2] ^= b & (v[2] ^ t[2])
-	v[3] ^= b & (v[3] ^ t[3])
-	v[4] ^= b & (v[4] ^ t[4])
+// CondNeg sets v to -u if cond == 1, and to u if cond == 0.
+func (v *FieldElement) CondNeg(u *FieldElement, cond int) {
+	v.Neg(u)
+	v.Select(v, u, cond)
 }

 // IsNegative returns 1 if v is negative, and 0 otherwise.
@ -379,7 +374,5 @@ func (v *FieldElement) IsNegative() int {

 // Abs sets v to |u|. v and u are allowed to overlap.
 func (v *FieldElement) Abs(u *FieldElement) {
-	var t FieldElement
-	t.Neg(u)
-	v.Select(&t, u, u.IsNegative())
+	v.CondNeg(u, u.IsNegative())
 }
--- a/internal/radix51/fe_mul.go
+++ b/internal/radix51/fe_mul.go
@ -6,7 +6,7 @@

 package radix51

-// Mul sets out = a * b.
+// Mul sets out = x * y.
 func (v *FieldElement) Mul(x, y *FieldElement) {
 	var x0, x1, x2, x3, x4 uint64
 	var y0, y1, y2, y3, y4 uint64
--- a/internal/radix51/fe_mul_amd64.go
+++ b/internal/radix51/fe_mul_amd64.go
@ -6,7 +6,7 @@

 package radix51

-// Mul sets out = a * b.
+// Mul sets out = x * y.
 func (v *FieldElement) Mul(x, y *FieldElement) {
 	feMul(v, x, y)
 }
--- a/internal/radix51/fe_square_amd64.go
+++ b/internal/radix51/fe_square_amd64.go
@ -6,7 +6,7 @@

 package radix51

-// Square sets v = x*x.
+// Square sets v = x * x.
 func (v *FieldElement) Square(x *FieldElement) {
 	feSquare(v, x)
 }
--- a/internal/radix51/fe_test.go
+++ b/internal/radix51/fe_test.go
@ -170,7 +170,7 @@ func TestFeInvert(t *testing.T) {

 	xinv.Invert(&x)
 	r.Mul(&x, &xinv)
-	r.Reduce()
+	r.Reduce(&r)

 	if !vartimeEqual(one, r) {
 		t.Errorf("inversion identity failed, got: %x", r)
@ -186,7 +186,7 @@ func TestFeInvert(t *testing.T) {

 	xinv.Invert(&x)
 	r.Mul(&x, &xinv)
-	r.Reduce()
+	r.Reduce(&r)

 	if !vartimeEqual(one, r) {
 		t.Errorf("random inversion identity failed, got: %x for field element %x", r, x)