# define F25519_IMPL 10
#endif
+#if F25519_IMPL == 26
+ typedef int32 f25519_piece;
+#endif
+#if F25519_IMPL == 10
+ typedef int16 f25519_piece;
+#endif
+
/*----- Functions provided ------------------------------------------------*/
/* --- @f25519_set@ --- *
* toleration of them is considered a performance feature.
*
* Some specifications, e.g., RFC7748, require the topmost bit
- * (i.e., bit 7 of @wv[31]@) to be ignored. Callers
+ * (i.e., bit 7 of @xv[31]@) to be ignored. Callers
* implementing such specifications should clear the bit
* explicitly. (It's much easier for a caller who wants the bit
* to be ignored to clear it than for a caller who wants the bit
extern void f25519_store(octet /*zv*/[32], const f25519 */*x*/);
+/* --- @f25519_pick2@ --- *
+ *
+ * Arguments: @f25519 *z@ = where to put the result (may alias @x@ or @y@)
+ * @const f25519 *x, *y@ = two operands
+ * @uint32 m@ = a mask
+ *
+ * Returns: ---
+ *
+ * Use: If @m@ is zero, set @z = y@; if @m@ is all-bits-set, then set
+ * @z = x@. If @m@ has some other value, then scramble @z@ in
+ * an unhelpful way.
+ */
+
+extern void f25519_pick2(f25519 */*z*/, const f25519 */*x*/,
+ const f25519 */*y*/, uint32 /*m*/);
+
+/* --- @f25519_pickn@ --- *
+ *
+ * Arguments: @f25519 *z@ = where to put the result
+ * @const f25519 *v@ = a table of entries
+ * @size_t n@ = the number of entries in @v@
+ * @size_t i@ = an index
+ *
+ * Returns: ---
+ *
+ * Use: If @0 <= i < n < 32@ then set @z = v[i]@. If @n >= 32@ then
+ * do something unhelpful; otherwise, if @i >= n@ then set @z@
+ * to zero.
+ */
+
+extern void f25519_pickn(f25519 */*z*/, const f25519 */*v*/, size_t /*n*/,
+ size_t /*i*/);
+
/* --- @f25519_condswap@ --- *
*
* Arguments: @f25519 *x, *y@ = two operands
extern void f25519_sub(f25519 */*z*/,
const f25519 */*x*/, const f25519 */*y*/);
+/* --- @f25519_neg@ --- *
+ *
+ * Arguments: @f25519 *z@ = where to put the result (may alias @x@)
+ * @const f25519 *x@ = an operand
+ *
+ * Returns: ---
+ *
+ * Use: Set @z = -x@.
+ */
+
+extern void f25519_neg(f25519 */*z*/, const f25519 */*x*/);
+
+/* --- @f25519_condneg@ --- *
+ *
+ * Arguments: @f25519 *z@ = where to put the result (may alias @x@)
+ * @const f25519 *x@ = an operand
+ * @uint32 m@ = a mask
+ *
+ * Returns: ---
+ *
+ * Use: If @m@ is zero, set @z = x@; if @m@ is all-bits-set, then set
+ * @z = -x@. If @m@ has some other value then scramble @z@ in
+ * an unhelpful way.
+ */
+
+extern void f25519_condneg(f25519 */*z*/, const f25519 */*x*/, uint32 /*m*/);
+
/* --- @f25519_mulconst@ --- *
*
* Arguments: @f25519 *z@ = where to put the result (may alias @x@)
extern void f25519_inv(f25519 */*z*/, const f25519 */*x*/);
+/* --- @f25519_quosqrt@ --- *
+ *
+ * Arguments: @f25519 *z@ = where to put the result (may alias @x@ or @y@)
+ * @const f25519 *x, *y@ = two operands
+ *
+ * Returns: Zero if successful, @-1@ if %$x/y$% is not a square.
+ *
+ * Use: Stores in @z@ the one of the square roots %$\pm\sqrt{x/y}$%.
+ * If %$x = y = 0% then the result is zero; if %$y = 0$% but %$x
+ * \ne 0$% then the operation fails. If you wanted a specific
+ * square root then you'll have to pick it yourself.
+ */
+
+extern int f25519_quosqrt(f25519 */*z*/,
+ const f25519 */*x*/, const f25519 */*y*/);
+
/*----- That's all, folks -------------------------------------------------*/
#ifdef __cplusplus
~mdw / catacomb / blobdiff