std.crypto.pcurves fixes (#19245)

Fixes compilation errors in functions that are syntaxic sugar
to operate on serialized scalars.

Also make it explicit that square roots in fields whose size is
not congruent to 3 modulo 4 are not an error, they are just
not implemented yet.

Reported by @vitalonodo - Thanks!

Author: jedisct1

lib/std/crypto/pcurves/common.zig

@@ -277,7 +277,7 @@ pub fn Field(comptime params: FieldParams) type {
 
         // x=x2^((field_order+1)/4) w/ field order=3 (mod 4).
         fn uncheckedSqrt(x2: Fe) Fe {
-            comptime debug.assert(field_order % 4 == 3);
+            if (field_order % 4 != 3) @compileError("unimplemented");
             if (field_order == 115792089210356248762697446949407573530086143415290314195533631308867097853951) {
                 const t11 = x2.mul(x2.sq());
                 const t1111 = t11.mul(t11.sqn(2));

lib/std/crypto/pcurves/p256/scalar.zig

@@ -39,7 +39,7 @@ pub fn reduce48(s: [48]u8, endian: std.builtin.Endian) CompressedScalar {
 
 /// Reduce a 64-bytes scalar to the field size.
 pub fn reduce64(s: [64]u8, endian: std.builtin.Endian) CompressedScalar {
-    return ScalarDouble.fromBytes64(s, endian).toBytes(endian);
+    return Scalar.fromBytes64(s, endian).toBytes(endian);
 }
 
 /// Return a*b (mod L)
@@ -160,7 +160,7 @@ pub const Scalar = struct {
     }
 
     /// Return true if n is a quadratic residue mod L.
-    pub fn isSquare(n: Scalar) Scalar {
+    pub fn isSquare(n: Scalar) bool {
         return n.fe.isSquare();
     }
 

lib/std/crypto/pcurves/p384/scalar.zig

@@ -34,7 +34,7 @@ pub fn rejectNonCanonical(s: CompressedScalar, endian: std.builtin.Endian) NonCa
 
 /// Reduce a 64-bytes scalar to the field size.
 pub fn reduce64(s: [64]u8, endian: std.builtin.Endian) CompressedScalar {
-    return ScalarDouble.fromBytes64(s, endian).toBytes(endian);
+    return Scalar.fromBytes64(s, endian).toBytes(endian);
 }
 
 /// Return a*b (mod L)
@@ -149,7 +149,7 @@ pub const Scalar = struct {
     }
 
     /// Return true if n is a quadratic residue mod L.
-    pub fn isSquare(n: Scalar) Scalar {
+    pub fn isSquare(n: Scalar) bool {
         return n.fe.isSquare();
     }
 

lib/std/crypto/pcurves/secp256k1.zig

@@ -221,7 +221,7 @@ pub const Secp256k1 = struct {
         var t0 = p.x.mul(q.x);
         var t1 = p.y.mul(q.y);
         var t3 = q.x.add(q.y);
-        var t4 = p.x.add(p.y1);
+        var t4 = p.x.add(p.y);
         t3 = t3.mul(t4);
         t4 = t0.add(t1);
         t3 = t3.sub(t4);

lib/std/crypto/pcurves/secp256k1/scalar.zig

@@ -39,7 +39,7 @@ pub fn reduce48(s: [48]u8, endian: std.builtin.Endian) CompressedScalar {
 
 /// Reduce a 64-bytes scalar to the field size.
 pub fn reduce64(s: [64]u8, endian: std.builtin.Endian) CompressedScalar {
-    return ScalarDouble.fromBytes64(s, endian).toBytes(endian);
+    return Scalar.fromBytes64(s, endian).toBytes(endian);
 }
 
 /// Return a*b (mod L)
@@ -160,7 +160,7 @@ pub const Scalar = struct {
     }
 
     /// Return true if n is a quadratic residue mod L.
-    pub fn isSquare(n: Scalar) Scalar {
+    pub fn isSquare(n: Scalar) bool {
         return n.fe.isSquare();
     }