mirror of
https://github.com/bitcoin/bitcoin.git
synced 2026-02-06 21:51:14 +00:00
ca3d945dc6
06bff6dec8 Merge bitcoin-core/secp256k1#1528: tests: call `secp256k1_ecmult_multi_var` with a non-`NULL` error callback 4155e62fcc Merge bitcoin-core/secp256k1#1526: cmake: Fix `check_arm32_assembly` when using as subproject 9554362b15 tests: call secp256k1_ecmult_multi_var with a non-NULL error callback 9f4c8cd730 cmake: Fix `check_arm32_assembly` when using as subproject 7712a53061 Merge bitcoin-core/secp256k1#1524: check-abi: explicitly provide public headers 7d0bc0870f Merge bitcoin-core/secp256k1#1525: changelog: Correct 0.5.0 release date d45d9b74bb changelog: Correct 0.5.0 release date d7f6613dbb Merge bitcoin-core/secp256k1#1523: release cleanup: bump version after 0.5.0 2f05e2da4b release cleanup: bump version after 0.5.0 e3a885d42a Merge bitcoin-core/secp256k1#1522: release: prepare for 0.5.0 dd695563e6 check-abi: explicitly provide public headers c0e4ec3fee release: prepare for 0.5.0 bb528cfb08 Merge bitcoin-core/secp256k1#1518: Add secp256k1_pubkey_sort 7d2591ce12 Add secp256k1_pubkey_sort da515074e3 Merge bitcoin-core/secp256k1#1058: Signed-digit multi-comb ecmult_gen algorithm 4c341f89ab Add changelog entry for SDMC a043940253 Permit COMB_BITS < 256 for exhaustive tests 39b2f2a321 Add test case for ecmult_gen recoded = {-1,0,1} 644e86de9a Reintroduce projective blinding 07810d9abb Reduce side channels from single-bit reads a0d32b597d Optimization: use Nx32 representation for recoded bits e03dcc44b5 Make secp256k1_scalar_get_bits support 32-bit reads 5005abee60 Rename scalar_get_bits -> scalar_get_bits_limb32; return uint32_t 6247f485b6 Optimization: avoid unnecessary doublings in precomputation 15d0cca2a6 Optimization: first table lookup needs no point addition 7a33db35cd Optimization: move (2^COMB_BITS-1)/2 term into ctx->scalar_offset ed2a056f3d Provide 3 configurations accessible through ./configure 5f7be9f6a5 Always generate tables for current (blocks,teeth) config fde1dfcd8d Signed-digit multi-comb ecmult_gen algorithm 486518b350 Make exhaustive tests's scalar_inverse(&x,&x) work ab45c3e089 Initial gej blinding -> final ge blinding aa00a6b892 Introduce CEIL_DIV macro and use it git-subtree-dir: src/secp256k1 git-subtree-split: 06bff6dec8d038f7b4112664a9b882293ebc5178
126 lines
4.7 KiB
C
126 lines
4.7 KiB
C
/***********************************************************************
|
|
* Copyright (c) 2021 Russell O'Connor, Jonas Nick *
|
|
* Distributed under the MIT software license, see the accompanying *
|
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
|
***********************************************************************/
|
|
|
|
#ifndef SECP256K1_HSORT_IMPL_H
|
|
#define SECP256K1_HSORT_IMPL_H
|
|
|
|
#include "hsort.h"
|
|
|
|
/* An array is a heap when, for all non-zero indexes i, the element at index i
|
|
* compares as less than or equal to the element at index parent(i) = (i-1)/2.
|
|
*/
|
|
|
|
static SECP256K1_INLINE size_t secp256k1_heap_child1(size_t i) {
|
|
VERIFY_CHECK(i <= (SIZE_MAX - 1)/2);
|
|
return 2*i + 1;
|
|
}
|
|
|
|
static SECP256K1_INLINE size_t secp256k1_heap_child2(size_t i) {
|
|
VERIFY_CHECK(i <= SIZE_MAX/2 - 1);
|
|
return secp256k1_heap_child1(i)+1;
|
|
}
|
|
|
|
static SECP256K1_INLINE void secp256k1_heap_swap64(unsigned char *a, unsigned char *b, size_t len) {
|
|
unsigned char tmp[64];
|
|
VERIFY_CHECK(len <= 64);
|
|
memcpy(tmp, a, len);
|
|
memmove(a, b, len);
|
|
memcpy(b, tmp, len);
|
|
}
|
|
|
|
static SECP256K1_INLINE void secp256k1_heap_swap(unsigned char *arr, size_t i, size_t j, size_t stride) {
|
|
unsigned char *a = arr + i*stride;
|
|
unsigned char *b = arr + j*stride;
|
|
size_t len = stride;
|
|
while (64 < len) {
|
|
secp256k1_heap_swap64(a + (len - 64), b + (len - 64), 64);
|
|
len -= 64;
|
|
}
|
|
secp256k1_heap_swap64(a, b, len);
|
|
}
|
|
|
|
/* This function accepts an array arr containing heap_size elements, each of
|
|
* size stride. The elements in the array at indices >i satisfy the max-heap
|
|
* property, i.e., for any element at index j (where j > i), all of its children
|
|
* are smaller than the element itself. The purpose of the function is to update
|
|
* the array so that all elements at indices >=i satisfy the max-heap
|
|
* property. */
|
|
static SECP256K1_INLINE void secp256k1_heap_down(unsigned char *arr, size_t i, size_t heap_size, size_t stride,
|
|
int (*cmp)(const void *, const void *, void *), void *cmp_data) {
|
|
while (i < heap_size/2) {
|
|
VERIFY_CHECK(i <= SIZE_MAX/2 - 1);
|
|
/* Proof:
|
|
* i < heap_size/2
|
|
* i + 1 <= heap_size/2
|
|
* 2*i + 2 <= heap_size <= SIZE_MAX
|
|
* 2*i <= SIZE_MAX - 2
|
|
*/
|
|
|
|
VERIFY_CHECK(secp256k1_heap_child1(i) < heap_size);
|
|
/* Proof:
|
|
* i < heap_size/2
|
|
* i + 1 <= heap_size/2
|
|
* 2*i + 2 <= heap_size
|
|
* 2*i + 1 < heap_size
|
|
* child1(i) < heap_size
|
|
*/
|
|
|
|
/* Let [x] be notation for the contents at arr[x*stride].
|
|
*
|
|
* If [child1(i)] > [i] and [child2(i)] > [i],
|
|
* swap [i] with the larger child to ensure the new parent is larger
|
|
* than both children. When [child1(i)] == [child2(i)], swap [i] with
|
|
* [child2(i)].
|
|
* Else if [child1(i)] > [i], swap [i] with [child1(i)].
|
|
* Else if [child2(i)] > [i], swap [i] with [child2(i)].
|
|
*/
|
|
if (secp256k1_heap_child2(i) < heap_size
|
|
&& 0 <= cmp(arr + secp256k1_heap_child2(i)*stride, arr + secp256k1_heap_child1(i)*stride, cmp_data)) {
|
|
if (0 < cmp(arr + secp256k1_heap_child2(i)*stride, arr + i*stride, cmp_data)) {
|
|
secp256k1_heap_swap(arr, i, secp256k1_heap_child2(i), stride);
|
|
i = secp256k1_heap_child2(i);
|
|
} else {
|
|
/* At this point we have [child2(i)] >= [child1(i)] and we have
|
|
* [child2(i)] <= [i], and thus [child1(i)] <= [i] which means
|
|
* that the next comparison can be skipped. */
|
|
return;
|
|
}
|
|
} else if (0 < cmp(arr + secp256k1_heap_child1(i)*stride, arr + i*stride, cmp_data)) {
|
|
secp256k1_heap_swap(arr, i, secp256k1_heap_child1(i), stride);
|
|
i = secp256k1_heap_child1(i);
|
|
} else {
|
|
return;
|
|
}
|
|
}
|
|
/* heap_size/2 <= i
|
|
* heap_size/2 < i + 1
|
|
* heap_size < 2*i + 2
|
|
* heap_size <= 2*i + 1
|
|
* heap_size <= child1(i)
|
|
* Thus child1(i) and child2(i) are now out of bounds and we are at a leaf.
|
|
*/
|
|
}
|
|
|
|
/* In-place heap sort. */
|
|
static void secp256k1_hsort(void *ptr, size_t count, size_t size,
|
|
int (*cmp)(const void *, const void *, void *),
|
|
void *cmp_data) {
|
|
size_t i;
|
|
|
|
for (i = count/2; 0 < i; --i) {
|
|
secp256k1_heap_down(ptr, i-1, count, size, cmp, cmp_data);
|
|
}
|
|
for (i = count; 1 < i; --i) {
|
|
/* Extract the largest value from the heap */
|
|
secp256k1_heap_swap(ptr, 0, i-1, size);
|
|
|
|
/* Repair the heap condition */
|
|
secp256k1_heap_down(ptr, 0, i-1, size, cmp, cmp_data);
|
|
}
|
|
}
|
|
|
|
#endif
|