public static void secp256k1_ge_set_all_gej_var(Ge[] r, GeJ[] a, int len, EventHandler <Callback> cb)
{
var a1 = new Fe[len];
var len1 = 0;
for (var index = 0; index < len; ++index)
{
if (!a[index].Infinity)
{
a1[len1++] = a[index].Z.Clone();
}
}
var r1 = new Fe[len1];
Field.InvAllVar(r1, a1, len1);
var num = 0;
for (var index = 0; index < len; ++index)
{
r[index].Infinity = a[index].Infinity;
if (!a[index].Infinity)
{
Group.secp256k1_ge_set_gej_zinv(r[index], a[index], r1[num++]);
}
}
}
public static void secp256k1_gej_rescale(GeJ r, Fe s)
{
var fe = new Fe();
Field.Sqr(fe, s);
Field.Mul(r.X, r.X, fe);
Field.Mul(r.Y, r.Y, fe);
Field.Mul(r.Y, r.Y, s);
Field.Mul(r.Z, r.Z, s);
}
private static bool LoadPubKey(Ge ge, PubKey pubkey)
{
var fe1 = new Fe();
Field.SetB32(fe1, pubkey.Data);
var fe2 = new Fe();
Field.SetB32(fe2, pubkey.Data, 32);
Group.SetXY(ge, fe1, fe2);
return(true);
}
public static void secp256k1_ge_set_gej_zinv(Ge r, GeJ a, Fe zi)
{
var fe1 = new Fe();
var fe2 = new Fe();
Field.Sqr(fe1, zi);
Field.Mul(fe2, fe1, zi);
Field.Mul(r.X, a.X, fe1);
Field.Mul(r.Y, a.Y, fe2);
r.Infinity = a.Infinity;
}
public static bool secp256k1_ge_set_xo_var(Ge r, Fe x, bool odd)
{
if (!Group.secp256k1_ge_set_xquad(r, x))
{
return(false);
}
Field.NormalizeVar(r.Y);
if (Field.IsOdd(r.Y) != odd)
{
Field.Negate(r.Y, r.Y, 1U);
}
return(true);
}
public static void SetGeJ(Ge r, GeJ a)
{
var fe1 = new Fe();
var fe2 = new Fe();
r.Infinity = a.Infinity;
Field.Inv(a.Z, a.Z);
Field.Sqr(fe1, a.Z);
Field.Mul(fe2, a.Z, fe1);
Field.Mul(a.X, a.X, fe1);
Field.Mul(a.Y, a.Y, fe2);
Field.SetInt(a.Z, 1U);
r.X = a.X.Clone();
r.Y = a.Y.Clone();
}
public static void Blind(EcmultGenContext ctx, byte[] seed32)
{
var scalar = new Scalar();
var fe = new Fe();
var rng = new Rfc6979HmacSha256T();
var numArray = new byte[64];
if (seed32 == null)
{
Group.secp256k1_gej_set_ge(ctx.Initial, Group.Secp256K1GeConstG);
Group.secp256k1_gej_neg(ctx.Initial, ctx.Initial);
ctx.Blind.SetInt(1U);
}
var b32 = Scalar.GetB32(ctx.Blind);
Util.Memcpy((Array)b32, 0, (Array)numArray, 0, 32);
if (seed32 != null)
{
Util.Memcpy((Array)seed32, 0, (Array)numArray, 32, 32);
}
Hash.Rfc6979HmacSha256Initialize(rng, numArray, seed32 != null ? 64U : 32U);
Util.MemSet(numArray, (byte)0, numArray.Length);
bool overflow;
do
{
Hash.Rfc6979HmacSha256Generate(rng, b32, 32);
overflow = !Field.SetB32(fe, b32) | Field.IsZero(fe);
}while (overflow);
Group.secp256k1_gej_rescale(ctx.Initial, fe);
Field.Clear(fe);
do
{
Hash.Rfc6979HmacSha256Generate(rng, b32, 32);
Scalar.SetB32(scalar, b32, ref overflow);
overflow |= Scalar.IsZero(scalar);
}while (overflow);
Hash.Rfc6979HmacSha256Finalize(rng);
Util.MemSet(b32, (byte)0, 32);
GeJ r;
EcMultGen.secp256k1_ecmult_gen(ctx, out r, scalar);
Scalar.Negate(scalar, scalar);
ctx.Blind = scalar.Clone();
ctx.Initial = r.Clone();
Scalar.Clear(scalar);
Group.secp256k1_gej_clear(r);
}
public static bool secp256k1_ge_set_xquad(Ge r, Fe x)
{
r.X = x.Clone();
var fe1 = new Fe();
Field.Sqr(fe1, x);
var fe2 = new Fe();
Field.Mul(fe2, x, fe1);
r.Infinity = false;
var fe3 = new Fe();
Field.SetInt(fe3, 7U);
Field.Add(fe3, fe2);
return(Field.Sqrt(r.Y, fe3));
}
public static void secp256k1_gej_double_var(GeJ r, GeJ a, Fe rzr)
{
r.Infinity = a.Infinity;
if (r.Infinity)
{
if (rzr == null)
{
return;
}
Field.SetInt(rzr, 1U);
}
else
{
if (rzr != null)
{
rzr = a.Y.Clone();
Field.NormalizeWeak(rzr);
Field.MulInt(rzr, 2U);
}
Field.Mul(r.Z, a.Z, a.Y);
Field.MulInt(r.Z, 2U);
var fe1 = new Fe();
Field.Sqr(fe1, a.X);
Field.MulInt(fe1, 3U);
var fe2 = new Fe();
Field.Sqr(fe2, fe1);
var fe3 = new Fe();
Field.Sqr(fe3, a.Y);
Field.MulInt(fe3, 2U);
var fe4 = new Fe();
Field.Sqr(fe4, fe3);
Field.MulInt(fe4, 2U);
Field.Mul(fe3, fe3, a.X);
r.X = fe3.Clone();
Field.MulInt(r.X, 4U);
Field.Negate(r.X, r.X, 4U);
Field.Add(r.X, fe2);
Field.Negate(fe2, fe2, 1U);
Field.MulInt(fe3, 6U);
Field.Add(fe3, fe2);
Field.Mul(r.Y, fe1, fe3);
Field.Negate(fe2, fe4, 2U);
Field.Add(r.Y, fe2);
}
}
public static void secp256k1_ge_set_table_gej_var(Ge[] r, GeJ[] a, Fe[] zr, int len)
{
var index = len - 1;
var fe = new Fe();
if (len <= 0)
{
return;
}
Field.Inv(fe, a[index].Z);
Group.secp256k1_ge_set_gej_zinv(r[index], a[index], fe);
while (index > 0)
{
Field.Mul(fe, fe, zr[index]);
--index;
Group.secp256k1_ge_set_gej_zinv(r[index], a[index], fe);
}
}
public static void secp256k1_ecmult_odd_multiples_table_storage_var(int n, GeStorage[] pre, GeJ a, EventHandler <Callback> cb)
{
var geJArray = new GeJ[n];
var r = new Ge[n];
var zr = new Fe[n];
for (var index = 0; index < n; ++index)
{
geJArray[index] = new GeJ();
r[index] = new Ge();
zr[index] = new Fe();
}
EcMult.secp256k1_ecmult_odd_multiples_table(n, geJArray, zr, a);
Group.secp256k1_ge_set_table_gej_var(r, geJArray, zr, n);
for (var index = 0; index < n; ++index)
{
Group.ToStorage(pre[index], r[index]);
}
}
public static void GeJAddGe(GeJ r, GeJ a, Ge b)
{
var arr = new uint[10];
arr[0] = 1U;
var a1 = new Fe(arr);
if (b.Infinity)
{
throw new ArithmeticException();
}
var fe1 = new Fe();
Field.Sqr(fe1, a.Z);
var fe2 = a.X.Clone();
Field.NormalizeWeak(fe2);
var fe3 = new Fe();
Field.Mul(fe3, b.X, fe1);
var r1 = a.Y.Clone();
Field.NormalizeWeak(r1);
var fe4 = new Fe();
Field.Mul(fe4, b.Y, fe1);
Field.Mul(fe4, fe4, a.Z);
var fe5 = fe2.Clone();
Field.Add(fe5, fe3);
var fe6 = r1.Clone();
Field.Add(fe6, fe4);
var fe7 = new Fe();
Field.Sqr(fe7, fe5);
var fe8 = new Fe();
Field.Negate(fe8, fe3, 1U);
var fe9 = new Fe();
Field.Mul(fe9, fe2, fe8);
Field.Add(fe7, fe9);
var flag1 = Field.NormalizesToZero(fe6) && Field.NormalizesToZero(fe7);
var fe10 = r1.Clone();
Field.MulInt(fe10, 2U);
Field.Add(fe8, fe2);
Field.Cmov(fe10, fe7, !flag1);
Field.Cmov(fe8, fe6, !flag1);
var fe11 = new Fe();
Field.Sqr(fe11, fe8);
var fe12 = new Fe();
Field.Mul(fe12, fe11, fe5);
Field.Sqr(fe11, fe11);
Field.Cmov(fe11, fe6, flag1);
Field.Sqr(fe5, fe10);
Field.Mul(r.Z, a.Z, fe8);
var flag2 = !a.Infinity && Field.NormalizesToZero(r.Z);
Field.MulInt(r.Z, 2U);
Field.Negate(fe12, fe12, 1U);
Field.Add(fe5, fe12);
Field.NormalizeWeak(fe5);
r.X = fe5.Clone();
Field.MulInt(fe5, 2U);
Field.Add(fe5, fe12);
Field.Mul(fe5, fe5, fe10);
Field.Add(fe5, fe11);
Field.Negate(r.Y, fe5, 3U);
Field.NormalizeWeak(r.Y);
Field.MulInt(r.X, 4U);
Field.MulInt(r.Y, 4U);
Field.Cmov(r.X, b.X, a.Infinity);
Field.Cmov(r.Y, b.Y, a.Infinity);
Field.Cmov(r.Z, a1, a.Infinity);
r.Infinity = flag2;
}
public static void secp256k1_gej_add_ge_var(GeJ r, GeJ a, Ge b, Fe rzr)
{
if (a.Infinity)
{
Group.secp256k1_gej_set_ge(r, b);
}
else if (b.Infinity)
{
if (rzr != null)
{
Field.SetInt(rzr, 1U);
}
r = a.Clone();
}
else
{
r.Infinity = false;
var fe1 = new Fe();
Field.Sqr(fe1, a.Z);
var fe2 = a.X.Clone();
Field.NormalizeWeak(fe2);
var fe3 = new Fe();
Field.Mul(fe3, b.X, fe1);
var fe4 = a.Y.Clone();
Field.NormalizeWeak(fe4);
var fe5 = new Fe();
Field.Mul(fe5, b.Y, fe1);
Field.Mul(fe5, fe5, a.Z);
var fe6 = new Fe();
Field.Negate(fe6, fe2, 1U);
Field.Add(fe6, fe3);
var fe7 = new Fe();
Field.Negate(fe7, fe4, 1U);
Field.Add(fe7, fe5);
if (Field.NormalizesToZeroVar(fe6))
{
if (Field.NormalizesToZeroVar(fe7))
{
Group.secp256k1_gej_double_var(r, a, rzr);
}
else
{
if (rzr != null)
{
Field.SetInt(rzr, 0U);
}
r.Infinity = true;
}
}
else
{
var fe8 = new Fe();
Field.Sqr(fe8, fe7);
var fe9 = new Fe();
Field.Sqr(fe9, fe6);
var fe10 = new Fe();
Field.Mul(fe10, fe6, fe9);
if (rzr != null)
{
rzr = fe6.Clone();
}
Field.Mul(r.Z, a.Z, fe6);
var fe11 = new Fe();
Field.Mul(fe11, fe2, fe9);
r.X = fe11.Clone();
Field.MulInt(r.X, 2U);
Field.Add(r.X, fe10);
Field.Negate(r.X, r.X, 3U);
Field.Add(r.X, fe8);
Field.Negate(r.Y, r.X, 5U);
Field.Add(r.Y, fe11);
Field.Mul(r.Y, r.Y, fe7);
Field.Mul(fe10, fe10, fe4);
Field.Negate(fe10, fe10, 1U);
Field.Add(r.Y, fe10);
}
}
}
public static void SetXY(Ge r, Fe x, Fe y)
{
r.Infinity = false;
r.X = x;
r.Y = y;
}
public Fe(Fe other)
{
this.N = new uint[other.N.Length];
Array.Copy((Array)other.N, (Array)this.N, other.N.Length);
}
public static void ContextBuild(EcmultGenContext ctx, EventHandler <Callback> cb)
{
var r1 = new Ge[1024];
var r2 = new GeJ();
var geJ1 = new GeJ();
if (ctx.Prec != null)
{
return;
}
ctx.PrecInit();
Group.secp256k1_gej_set_ge(r2, Group.Secp256K1GeConstG);
var bytes = Encoding.UTF8.GetBytes("The scalar for this x is unknown");
var fe = new Fe();
var ge = new Ge();
Field.SetB32(fe, bytes);
Group.secp256k1_ge_set_xo_var(ge, fe, false);
Group.secp256k1_gej_set_ge(geJ1, ge);
Group.secp256k1_gej_add_ge_var(geJ1, geJ1, Group.Secp256K1GeConstG, (Fe)null);
var a = new GeJ[1024];
for (var index = 0; index < a.Length; ++index)
{
a[index] = new GeJ();
}
var geJ2 = r2.Clone();
var geJ3 = geJ1.Clone();
for (var index1 = 0; index1 < 64; ++index1)
{
a[index1 * 16] = geJ3.Clone();
for (var index2 = 1; index2 < 16; ++index2)
{
Group.secp256k1_gej_add_var(a[index1 * 16 + index2], a[index1 * 16 + index2 - 1], geJ2, (Fe)null);
}
for (var index2 = 0; index2 < 4; ++index2)
{
Group.secp256k1_gej_double_var(geJ2, geJ2, (Fe)null);
}
Group.secp256k1_gej_double_var(geJ3, geJ3, (Fe)null);
if (index1 == 62)
{
Group.secp256k1_gej_neg(geJ3, geJ3);
Group.secp256k1_gej_add_var(geJ3, geJ3, geJ1, (Fe)null);
}
}
for (var index = 0; index < r1.Length; ++index)
{
r1[index] = new Ge();
}
Group.secp256k1_ge_set_all_gej_var(r1, a, 1024, cb);
for (var index1 = 0; index1 < 64; ++index1)
{
for (var index2 = 0; index2 < 16; ++index2)
{
Group.ToStorage(ctx.Prec[index1][index2], r1[index1 * 16 + index2]);
}
}
EcMultGen.Blind(ctx, (byte[])null);
}