extra_asm.go

// Copyright 2023 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

//go:build !purego && (amd64 || arm64 || ppc64le || s390x)

package nistec

import "sources.truenas.cloud/code/nistec/internal/fiat"

// Negate sets p = -q and returns p.
func (p *P256Point) Negate(q *P256Point) *P256Point {
	// fiat.P256Element is a little-endian Montgomery domain fully-reduced
	// element, like p256Element, so they are actually interchangable.
	qy := new(fiat.P256Element)
	*qy.Bits() = q.y
	py := new(fiat.P256Element).Sub(new(fiat.P256Element), qy)

	p.x = q.x
	p.y = *py.Bits()
	p.z = q.z
	return p
}

// IsInfinity returns 1 if p is the point-at-infinity, 0 otherwise.
func (p *P256Point) IsInfinity() int {
	return p.isInfinity()
}

// Equal returns 1 if p and q represent the same point, 0 otherwise.
func (p *P256Point) Equal(q *P256Point) int {
	pinf := p256Equal(&p.z, &p256Zero)
	qinf := p256Equal(&q.z, &p256Zero)
	bothinf := pinf & qinf
	noneinf := (1 - pinf) & (1 - qinf)

	// xp = Xp / Zp²
	// yp = Yp / Zp³
	// xq = Xq / Zq²
	// yq = Yq / Zq³
	// If Zp != 0 and Zq != 0, then:
	//    xp == yp  <=>  Xp*Zq² == Xq*Zp²
	//    xq == yq  <=>  Yp*Zq³ == Yq*Zp³
	px := new(p256Element)
	qx := new(p256Element)
	py := new(p256Element)
	qy := new(p256Element)
	pz := new(p256Element)
	qz := new(p256Element)
	p256Sqr(pz, &p.z, 1)
	p256Sqr(qz, &q.z, 1)
	p256Mul(px, &p.x, qz)
	p256Mul(qx, &q.x, pz)
	samex := p256Equal(px, qx)
	p256Mul(pz, pz, &p.z)
	p256Mul(qz, qz, &q.z)
	p256Mul(py, &p.y, qz)
	p256Mul(qy, &q.y, pz)
	samey := p256Equal(py, qy)
	return bothinf | (noneinf & samex & samey)
}
Add initial nistec project files 2026-03-08 10:29:13 +00:00			`// Copyright 2023 The Go Authors. All rights reserved.`
			`// Use of this source code is governed by a BSD-style`
			`// license that can be found in the LICENSE file.`

			`//go:build !purego && (amd64 \|\| arm64 \|\| ppc64le \|\| s390x)`

			`package nistec`

			`import "sources.truenas.cloud/code/nistec/internal/fiat"`

			`// Negate sets p = -q and returns p.`
			`func (p P256Point) Negate(q P256Point) *P256Point {`
			`// fiat.P256Element is a little-endian Montgomery domain fully-reduced`
			`// element, like p256Element, so they are actually interchangable.`
			`qy := new(fiat.P256Element)`
			`*qy.Bits() = q.y`
			`py := new(fiat.P256Element).Sub(new(fiat.P256Element), qy)`

			`p.x = q.x`
			`p.y = *py.Bits()`
			`p.z = q.z`
			`return p`
			`}`

			`// IsInfinity returns 1 if p is the point-at-infinity, 0 otherwise.`
			`func (p *P256Point) IsInfinity() int {`
			`return p.isInfinity()`
			`}`

			`// Equal returns 1 if p and q represent the same point, 0 otherwise.`
			`func (p P256Point) Equal(q P256Point) int {`
			`pinf := p256Equal(&p.z, &p256Zero)`
			`qinf := p256Equal(&q.z, &p256Zero)`
			`bothinf := pinf & qinf`
			`noneinf := (1 - pinf) & (1 - qinf)`

			`// xp = Xp / Zp²`
			`// yp = Yp / Zp³`
			`// xq = Xq / Zq²`
			`// yq = Yq / Zq³`
			`// If Zp != 0 and Zq != 0, then:`
			`// xp == yp <=> XpZq² == XqZp²`
			`// xq == yq <=> YpZq³ == YqZp³`
			`px := new(p256Element)`
			`qx := new(p256Element)`
			`py := new(p256Element)`
			`qy := new(p256Element)`
			`pz := new(p256Element)`
			`qz := new(p256Element)`
			`p256Sqr(pz, &p.z, 1)`
			`p256Sqr(qz, &q.z, 1)`
			`p256Mul(px, &p.x, qz)`
			`p256Mul(qx, &q.x, pz)`
			`samex := p256Equal(px, qx)`
			`p256Mul(pz, pz, &p.z)`
			`p256Mul(qz, qz, &q.z)`
			`p256Mul(py, &p.y, qz)`
			`p256Mul(qy, &q.y, pz)`
			`samey := p256Equal(py, qy)`
			`return bothinf \| (noneinf & samex & samey)`
			`}`