diff options
Diffstat (limited to 'src/secp256k1/src/group_impl.h')
-rw-r--r-- | src/secp256k1/src/group_impl.h | 48 |
1 files changed, 27 insertions, 21 deletions
diff --git a/src/secp256k1/src/group_impl.h b/src/secp256k1/src/group_impl.h index 47aea32be1..bce9fbdad5 100644 --- a/src/secp256k1/src/group_impl.h +++ b/src/secp256k1/src/group_impl.h @@ -10,6 +10,27 @@ #include "field.h" #include "group.h" +#define SECP256K1_G_ORDER_13 SECP256K1_GE_CONST(\ + 0xc3459c3d, 0x35326167, 0xcd86cce8, 0x07a2417f,\ + 0x5b8bd567, 0xde8538ee, 0x0d507b0c, 0xd128f5bb,\ + 0x8e467fec, 0xcd30000a, 0x6cc1184e, 0x25d382c2,\ + 0xa2f4494e, 0x2fbe9abc, 0x8b64abac, 0xd005fb24\ +) +#define SECP256K1_G_ORDER_199 SECP256K1_GE_CONST(\ + 0x226e653f, 0xc8df7744, 0x9bacbf12, 0x7d1dcbf9,\ + 0x87f05b2a, 0xe7edbd28, 0x1f564575, 0xc48dcf18,\ + 0xa13872c2, 0xe933bb17, 0x5d9ffd5b, 0xb5b6e10c,\ + 0x57fe3c00, 0xbaaaa15a, 0xe003ec3e, 0x9c269bae\ +) +/** Generator for secp256k1, value 'g' defined in + * "Standards for Efficient Cryptography" (SEC2) 2.7.1. + */ +#define SECP256K1_G SECP256K1_GE_CONST(\ + 0x79BE667EUL, 0xF9DCBBACUL, 0x55A06295UL, 0xCE870B07UL,\ + 0x029BFCDBUL, 0x2DCE28D9UL, 0x59F2815BUL, 0x16F81798UL,\ + 0x483ADA77UL, 0x26A3C465UL, 0x5DA4FBFCUL, 0x0E1108A8UL,\ + 0xFD17B448UL, 0xA6855419UL, 0x9C47D08FUL, 0xFB10D4B8UL\ +) /* These exhaustive group test orders and generators are chosen such that: * - The field size is equal to that of secp256k1, so field code is the same. * - The curve equation is of the form y^2=x^3+B for some constant B. @@ -21,23 +42,15 @@ */ #if defined(EXHAUSTIVE_TEST_ORDER) # if EXHAUSTIVE_TEST_ORDER == 13 -static const secp256k1_ge secp256k1_ge_const_g = SECP256K1_GE_CONST( - 0xc3459c3d, 0x35326167, 0xcd86cce8, 0x07a2417f, - 0x5b8bd567, 0xde8538ee, 0x0d507b0c, 0xd128f5bb, - 0x8e467fec, 0xcd30000a, 0x6cc1184e, 0x25d382c2, - 0xa2f4494e, 0x2fbe9abc, 0x8b64abac, 0xd005fb24 -); +static const secp256k1_ge secp256k1_ge_const_g = SECP256K1_G_ORDER_13; + static const secp256k1_fe secp256k1_fe_const_b = SECP256K1_FE_CONST( 0x3d3486b2, 0x159a9ca5, 0xc75638be, 0xb23a69bc, 0x946a45ab, 0x24801247, 0xb4ed2b8e, 0x26b6a417 ); # elif EXHAUSTIVE_TEST_ORDER == 199 -static const secp256k1_ge secp256k1_ge_const_g = SECP256K1_GE_CONST( - 0x226e653f, 0xc8df7744, 0x9bacbf12, 0x7d1dcbf9, - 0x87f05b2a, 0xe7edbd28, 0x1f564575, 0xc48dcf18, - 0xa13872c2, 0xe933bb17, 0x5d9ffd5b, 0xb5b6e10c, - 0x57fe3c00, 0xbaaaa15a, 0xe003ec3e, 0x9c269bae -); +static const secp256k1_ge secp256k1_ge_const_g = SECP256K1_G_ORDER_199; + static const secp256k1_fe secp256k1_fe_const_b = SECP256K1_FE_CONST( 0x2cca28fa, 0xfc614b80, 0x2a3db42b, 0x00ba00b1, 0xbea8d943, 0xdace9ab2, 0x9536daea, 0x0074defb @@ -46,15 +59,7 @@ static const secp256k1_fe secp256k1_fe_const_b = SECP256K1_FE_CONST( # error No known generator for the specified exhaustive test group order. # endif #else -/** Generator for secp256k1, value 'g' defined in - * "Standards for Efficient Cryptography" (SEC2) 2.7.1. - */ -static const secp256k1_ge secp256k1_ge_const_g = SECP256K1_GE_CONST( - 0x79BE667EUL, 0xF9DCBBACUL, 0x55A06295UL, 0xCE870B07UL, - 0x029BFCDBUL, 0x2DCE28D9UL, 0x59F2815BUL, 0x16F81798UL, - 0x483ADA77UL, 0x26A3C465UL, 0x5DA4FBFCUL, 0x0E1108A8UL, - 0xFD17B448UL, 0xA6855419UL, 0x9C47D08FUL, 0xFB10D4B8UL -); +static const secp256k1_ge secp256k1_ge_const_g = SECP256K1_G; static const secp256k1_fe secp256k1_fe_const_b = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 7); #endif @@ -62,6 +67,7 @@ static const secp256k1_fe secp256k1_fe_const_b = SECP256K1_FE_CONST(0, 0, 0, 0, static void secp256k1_ge_set_gej_zinv(secp256k1_ge *r, const secp256k1_gej *a, const secp256k1_fe *zi) { secp256k1_fe zi2; secp256k1_fe zi3; + VERIFY_CHECK(!a->infinity); secp256k1_fe_sqr(&zi2, zi); secp256k1_fe_mul(&zi3, &zi2, zi); secp256k1_fe_mul(&r->x, &a->x, &zi2); |