mirror of https://github.com/gtank/ristretto255
153 lines
4.0 KiB
Go
153 lines
4.0 KiB
Go
// Copyright 2019 The Go Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package ristretto255
|
|
|
|
import (
|
|
"encoding/base64"
|
|
"errors"
|
|
|
|
"filippo.io/edwards25519"
|
|
)
|
|
|
|
// A Scalar is an element of the ristretto255 scalar field, as specified in
|
|
// draft-hdevalence-cfrg-ristretto-01, Section 3.4. That is, an integer modulo
|
|
//
|
|
// l = 2^252 + 27742317777372353535851937790883648493
|
|
//
|
|
// The zero value is a valid zero element.
|
|
type Scalar struct {
|
|
s edwards25519.Scalar
|
|
}
|
|
|
|
// NewScalar returns a Scalar set to the value 0.
|
|
func NewScalar() *Scalar {
|
|
return &Scalar{}
|
|
}
|
|
|
|
// Set sets the value of s to x and returns s.
|
|
func (s *Scalar) Set(x *Scalar) *Scalar {
|
|
*s = *x
|
|
return s
|
|
}
|
|
|
|
// Add sets s = x + y mod l and returns s.
|
|
func (s *Scalar) Add(x, y *Scalar) *Scalar {
|
|
s.s.Add(&x.s, &y.s)
|
|
return s
|
|
}
|
|
|
|
// Subtract sets s = x - y mod l and returns s.
|
|
func (s *Scalar) Subtract(x, y *Scalar) *Scalar {
|
|
s.s.Subtract(&x.s, &y.s)
|
|
return s
|
|
}
|
|
|
|
// Negate sets s = -x mod l and returns s.
|
|
func (s *Scalar) Negate(x *Scalar) *Scalar {
|
|
s.s.Negate(&x.s)
|
|
return s
|
|
}
|
|
|
|
// Multiply sets s = x * y mod l and returns s.
|
|
func (s *Scalar) Multiply(x, y *Scalar) *Scalar {
|
|
s.s.Multiply(&x.s, &y.s)
|
|
return s
|
|
}
|
|
|
|
// Invert sets s = 1 / x such that s * x = 1 mod l and returns s.
|
|
//
|
|
// If x is 0, the result is undefined.
|
|
func (s *Scalar) Invert(x *Scalar) *Scalar {
|
|
s.s.Invert(&x.s)
|
|
return s
|
|
}
|
|
|
|
// FromUniformBytes sets s to an uniformly distributed value given 64 uniformly
|
|
// distributed random bytes.
|
|
//
|
|
// Deprecated: use SetUniformBytes. This API will be removed before v1.0.0.
|
|
func (s *Scalar) FromUniformBytes(x []byte) *Scalar {
|
|
if _, err := s.SetUniformBytes(x); err != nil {
|
|
panic(err.Error())
|
|
}
|
|
return s
|
|
}
|
|
|
|
// SetUniformBytes sets s to an uniformly distributed value given 64 uniformly
|
|
// distributed random bytes. If x is not of the right length, SetUniformBytes
|
|
// returns nil and an error, and the receiver is unchanged.
|
|
func (s *Scalar) SetUniformBytes(x []byte) (*Scalar, error) {
|
|
if _, err := s.s.SetUniformBytes(x); err != nil {
|
|
return nil, errors.New("ristretto255: SetUniformBytes input is not 64 bytes long")
|
|
}
|
|
return s, nil
|
|
}
|
|
|
|
// Decode sets s = x, where x is a 32 bytes little-endian encoding of s. If x is
|
|
// not a canonical encoding of s, Decode returns an error and the receiver is
|
|
// unchanged.
|
|
//
|
|
// Deprecated: use SetCanonicalBytes. This API will be removed before v1.0.0.
|
|
func (s *Scalar) Decode(x []byte) error {
|
|
_, err := s.SetCanonicalBytes(x)
|
|
return err
|
|
}
|
|
|
|
// SetCanonicalBytes sets s = x, where x is a 32 bytes little-endian encoding of
|
|
// s. If x is not a canonical encoding of s, SetCanonicalBytes returns nil and
|
|
// an error and the receiver is unchanged.
|
|
func (s *Scalar) SetCanonicalBytes(x []byte) (*Scalar, error) {
|
|
if _, err := s.s.SetCanonicalBytes(x); err != nil {
|
|
return nil, errors.New("ristretto255: " + err.Error())
|
|
}
|
|
return s, nil
|
|
}
|
|
|
|
// Encode appends a 32 bytes little-endian encoding of s to b.
|
|
//
|
|
// Deprecated: use Bytes. This API will be removed before v1.0.0.
|
|
func (s *Scalar) Encode(b []byte) []byte {
|
|
ret, out := sliceForAppend(b, 32)
|
|
copy(out, s.s.Bytes())
|
|
return ret
|
|
}
|
|
|
|
// Bytes returns the 32 bytes little-endian encoding of s.
|
|
func (s *Scalar) Bytes() []byte {
|
|
return s.s.Bytes()
|
|
}
|
|
|
|
// Equal returns 1 if v and u are equal, and 0 otherwise.
|
|
func (s *Scalar) Equal(u *Scalar) int {
|
|
return s.s.Equal(&u.s)
|
|
}
|
|
|
|
// Zero sets s = 0 and returns s.
|
|
func (s *Scalar) Zero() *Scalar {
|
|
s.s = edwards25519.Scalar{}
|
|
return s
|
|
}
|
|
|
|
// MarshalText implements encoding/TextMarshaler interface
|
|
func (s *Scalar) MarshalText() (text []byte, err error) {
|
|
b := s.Encode([]byte{})
|
|
return []byte(base64.StdEncoding.EncodeToString(b)), nil
|
|
}
|
|
|
|
// UnmarshalText implements encoding/TextMarshaler interface
|
|
func (s *Scalar) UnmarshalText(text []byte) error {
|
|
sb, err := base64.StdEncoding.DecodeString(string(text))
|
|
if err == nil {
|
|
return s.Decode(sb)
|
|
}
|
|
return err
|
|
}
|
|
|
|
// String implements the Stringer interface
|
|
func (s *Scalar) String() string {
|
|
result, _ := s.MarshalText()
|
|
return string(result)
|
|
}
|