#include <ec_apoint.h>
Public Member Functions | |
| const std::shared_ptr< const EC_Group_Data > & | _group () const |
| const EC_AffinePoint_Data & | _inner () const |
| EC_AffinePoint | add (const EC_AffinePoint &q) const |
| EC_AffinePoint (const EC_AffinePoint &other) | |
| EC_AffinePoint (const EC_Group &group, std::span< const uint8_t > bytes) | |
| EC_AffinePoint (EC_AffinePoint &&other) noexcept | |
| size_t | field_element_bytes () const |
| bool | is_identity () const |
| Return true if this point is the identity element. | |
| EC_AffinePoint | mul (const EC_Scalar &scalar, RandomNumberGenerator &rng) const |
| Multiply a point by a scalar returning a complete point. | |
| EC_AffinePoint | mul (const EC_Scalar &scalar, RandomNumberGenerator &rng, std::vector< BigInt > &) const |
| secure_vector< uint8_t > | mul_x_only (const EC_Scalar &scalar, RandomNumberGenerator &rng) const |
| Multiply a point by a scalar, returning the byte encoding of the x coordinate only. | |
| secure_vector< uint8_t > | mul_x_only (const EC_Scalar &scalar, RandomNumberGenerator &rng, std::vector< BigInt > &) const |
| Multiply a point by a scalar, returning the byte encoding of the x coordinate only. | |
| EC_AffinePoint | negate () const |
| Point negation. | |
| bool | operator!= (const EC_AffinePoint &other) const |
| EC_AffinePoint & | operator= (const EC_AffinePoint &other) |
| EC_AffinePoint & | operator= (EC_AffinePoint &&other) noexcept |
| bool | operator== (const EC_AffinePoint &other) const |
| std::vector< uint8_t > | serialize (EC_Point_Format format) const |
| Return an encoding depending on the requested format. | |
| template<concepts::resizable_byte_buffer T = std::vector<uint8_t>> | |
| T | serialize_compressed () const |
| void | serialize_compressed_to (std::span< uint8_t > bytes) const |
| template<concepts::resizable_byte_buffer T = std::vector<uint8_t>> | |
| T | serialize_uncompressed () const |
| void | serialize_uncompressed_to (std::span< uint8_t > bytes) const |
| void | serialize_x_to (std::span< uint8_t > bytes) const |
| void | serialize_xy_to (std::span< uint8_t > bytes) const |
| void | serialize_y_to (std::span< uint8_t > bytes) const |
| template<concepts::resizable_byte_buffer T = secure_vector<uint8_t>> | |
| T | x_bytes () const |
| template<concepts::resizable_byte_buffer T = secure_vector<uint8_t>> | |
| T | xy_bytes () const |
| template<concepts::resizable_byte_buffer T = secure_vector<uint8_t>> | |
| T | y_bytes () const |
| ~EC_AffinePoint () | |
Static Public Member Functions | |
| static EC_AffinePoint | _from_inner (std::unique_ptr< EC_AffinePoint_Data > inner) |
| static std::optional< EC_AffinePoint > | deserialize (const EC_Group &group, std::span< const uint8_t > bytes) |
| static std::optional< EC_AffinePoint > | from_bigint_xy (const EC_Group &group, const BigInt &x, const BigInt &y) |
| static EC_AffinePoint | g_mul (const EC_Scalar &scalar, RandomNumberGenerator &rng) |
| Multiply by the group generator returning a complete point. | |
| static EC_AffinePoint | g_mul (const EC_Scalar &scalar, RandomNumberGenerator &rng, std::vector< BigInt > &) |
| static EC_AffinePoint | generator (const EC_Group &group) |
| Return the standard group generator. | |
| static EC_AffinePoint | hash_to_curve_nu (const EC_Group &group, std::string_view hash_fn, std::span< const uint8_t > input, std::span< const uint8_t > domain_sep) |
| static EC_AffinePoint | hash_to_curve_nu (const EC_Group &group, std::string_view hash_fn, std::span< const uint8_t > input, std::string_view domain_sep) |
| static EC_AffinePoint | hash_to_curve_ro (const EC_Group &group, std::string_view hash_fn, std::span< const uint8_t > input, std::span< const uint8_t > domain_sep) |
| static EC_AffinePoint | hash_to_curve_ro (const EC_Group &group, std::string_view hash_fn, std::span< const uint8_t > input, std::string_view domain_sep) |
| static EC_AffinePoint | identity (const EC_Group &group) |
| Return the identity element. | |
| static std::optional< EC_AffinePoint > | mul_px_qy (const EC_AffinePoint &p, const EC_Scalar &x, const EC_AffinePoint &q, const EC_Scalar &y, RandomNumberGenerator &rng) |
Friends | |
| class | EC_Mul2Table |
Detailed Description
Elliptic Curve Point in Affine Representation
Definition at line 36 of file ec_apoint.h.
Constructor & Destructor Documentation
◆ EC_AffinePoint() [1/3]
| Botan::EC_AffinePoint::EC_AffinePoint | ( | const EC_Group & | group, |
| std::span< const uint8_t > | bytes ) |
Point deserialization. Throws if wrong length or not a valid point
This accepts SEC1 compressed or uncompressed formats
Definition at line 36 of file ec_apoint.cpp.
References Botan::EC_Group::_data().
Referenced by _from_inner(), add(), deserialize(), EC_AffinePoint(), EC_AffinePoint(), EC_Mul2Table, g_mul(), g_mul(), generator(), hash_to_curve_nu(), hash_to_curve_nu(), hash_to_curve_ro(), hash_to_curve_ro(), identity(), mul(), mul(), mul_px_qy(), negate(), operator!=(), operator=(), operator=(), and operator==().
◆ EC_AffinePoint() [2/3]
| Botan::EC_AffinePoint::EC_AffinePoint | ( | const EC_AffinePoint & | other | ) |
Definition at line 20 of file ec_apoint.cpp.
References EC_AffinePoint().
◆ EC_AffinePoint() [3/3]
|
noexcept |
Definition at line 22 of file ec_apoint.cpp.
References EC_AffinePoint().
◆ ~EC_AffinePoint()
|
default |
Member Function Documentation
◆ _from_inner()
|
static |
Definition at line 234 of file ec_apoint.cpp.
References EC_AffinePoint().
Referenced by Botan::EC_Group::Mul2Table::mul2_vartime().
◆ _group()
| const std::shared_ptr< const EC_Group_Data > & Botan::EC_AffinePoint::_group | ( | ) | const |
Definition at line 238 of file ec_apoint.cpp.
Referenced by operator==().
◆ _inner()
|
inline |
Definition at line 263 of file ec_apoint.h.
Referenced by add(), mul_px_qy(), and negate().
◆ add()
| EC_AffinePoint Botan::EC_AffinePoint::add | ( | const EC_AffinePoint & | q | ) | const |
Point addition
Note that this is quite slow since it converts the resulting projective point immediately to affine coordinates, which requires a field inversion. This can be sufficient when implementing protocols that just need to perform a few additions.
In the future a cooresponding EC_ProjectivePoint type may be added which would avoid the expensive affine conversions
Definition at line 184 of file ec_apoint.cpp.
References _inner(), EC_AffinePoint(), and Botan::EC_AffinePoint_Data::group().
◆ deserialize()
|
static |
Point deserialization. Returns nullopt if wrong length or not a valid point
This accepts SEC1 compressed or uncompressed formats
Definition at line 150 of file ec_apoint.cpp.
References Botan::EC_Group::_data(), and EC_AffinePoint().
Referenced by from_bigint_xy().
◆ field_element_bytes()
| size_t Botan::EC_AffinePoint::field_element_bytes | ( | ) | const |
Return the number of bytes of a field element
A point consists of two field elements, plus possibly a header
Definition at line 110 of file ec_apoint.cpp.
◆ from_bigint_xy()
|
static |
Create a point from a pair (x,y) of integers
The integers must be within the field - in the range [0,p) and must satisfy the curve equation
Definition at line 93 of file ec_apoint.cpp.
References deserialize(), Botan::EC_Group::get_p(), Botan::EC_Group::get_p_bytes(), Botan::BigInt::is_negative(), and Botan::BigInt::serialize_to().
Referenced by generator().
◆ g_mul() [1/2]
|
static |
Multiply by the group generator returning a complete point.
Definition at line 158 of file ec_apoint.cpp.
References Botan::EC_Scalar::_inner(), EC_AffinePoint(), and Botan::EC_Scalar_Data::group().
Referenced by g_mul(), and Botan::EC_PrivateKey_Data::public_key().
◆ g_mul() [2/2]
|
inlinestatic |
Definition at line 245 of file ec_apoint.h.
References EC_AffinePoint(), and g_mul().
◆ generator()
|
static |
Return the standard group generator.
Definition at line 84 of file ec_apoint.cpp.
References EC_AffinePoint(), from_bigint_xy(), Botan::EC_Group::get_g_x(), and Botan::EC_Group::get_g_y().
Referenced by Botan::EC_Group::DER_encode().
◆ hash_to_curve_nu() [1/2]
|
static |
Hash to curve (RFC 9380), non uniform variant
Only supported for specific groups
Definition at line 133 of file ec_apoint.cpp.
References Botan::EC_Group::_data(), and EC_AffinePoint().
Referenced by hash_to_curve_nu().
◆ hash_to_curve_nu() [2/2]
|
static |
Hash to curve (RFC 9380), non uniform variant
Only supported for specific groups
Definition at line 141 of file ec_apoint.cpp.
References Botan::as_span_of_bytes(), EC_AffinePoint(), and hash_to_curve_nu().
◆ hash_to_curve_ro() [1/2]
|
static |
Hash to curve (RFC 9380), random oracle variant
Only supported for specific groups
Definition at line 118 of file ec_apoint.cpp.
References Botan::EC_Group::_data(), and EC_AffinePoint().
Referenced by hash_to_curve_ro().
◆ hash_to_curve_ro() [2/2]
|
static |
Hash to curve (RFC 9380), random oracle variant
Only supported for specific groups
Definition at line 126 of file ec_apoint.cpp.
References Botan::as_span_of_bytes(), EC_AffinePoint(), and hash_to_curve_ro().
◆ identity()
|
static |
Return the identity element.
Definition at line 79 of file ec_apoint.cpp.
References EC_AffinePoint().
◆ is_identity()
| bool Botan::EC_AffinePoint::is_identity | ( | ) | const |
Return true if this point is the identity element.
Definition at line 114 of file ec_apoint.cpp.
Referenced by Botan::EC_PublicKey::check_key(), Botan::ECIES_KA_Operation::derive_secret(), operator==(), serialize_compressed_to(), serialize_uncompressed_to(), serialize_x_to(), serialize_xy_to(), and serialize_y_to().
◆ mul() [1/2]
| EC_AffinePoint Botan::EC_AffinePoint::mul | ( | const EC_Scalar & | scalar, |
| RandomNumberGenerator & | rng ) const |
Multiply a point by a scalar returning a complete point.
Definition at line 163 of file ec_apoint.cpp.
References Botan::EC_Scalar::_inner(), EC_AffinePoint(), and mul().
◆ mul() [2/2]
|
inline |
Definition at line 250 of file ec_apoint.h.
References EC_AffinePoint(), and mul().
◆ mul_px_qy()
|
static |
Compute 2-ary multiscalar multiplication - p*x + q*y
This operation runs in constant time with respect to p, x, q, and y
- Returns
- p*x+q*y, or nullopt if the result was the point at infinity
Definition at line 171 of file ec_apoint.cpp.
References _inner(), Botan::EC_Scalar::_inner(), EC_AffinePoint(), and Botan::EC_AffinePoint_Data::group().
◆ mul_x_only() [1/2]
| secure_vector< uint8_t > Botan::EC_AffinePoint::mul_x_only | ( | const EC_Scalar & | scalar, |
| RandomNumberGenerator & | rng ) const |
Multiply a point by a scalar, returning the byte encoding of the x coordinate only.
Definition at line 167 of file ec_apoint.cpp.
References Botan::EC_Scalar::_inner().
◆ mul_x_only() [2/2]
|
inline |
Multiply a point by a scalar, returning the byte encoding of the x coordinate only.
Definition at line 255 of file ec_apoint.h.
◆ negate()
| EC_AffinePoint Botan::EC_AffinePoint::negate | ( | ) | const |
Point negation.
Definition at line 189 of file ec_apoint.cpp.
References _inner(), EC_AffinePoint(), and Botan::EC_AffinePoint_Data::group().
◆ operator!=()
|
inline |
Definition at line 221 of file ec_apoint.h.
References EC_AffinePoint().
◆ operator=() [1/2]
| EC_AffinePoint & Botan::EC_AffinePoint::operator= | ( | const EC_AffinePoint & | other | ) |
Definition at line 24 of file ec_apoint.cpp.
References Botan::EC_AffinePoint_Data::clone(), and EC_AffinePoint().
◆ operator=() [2/2]
|
noexcept |
Definition at line 31 of file ec_apoint.cpp.
References EC_AffinePoint().
◆ operator==()
| bool Botan::EC_AffinePoint::operator== | ( | const EC_AffinePoint & | other | ) | const |
Definition at line 54 of file ec_apoint.cpp.
References _group(), BOTAN_ASSERT_NOMSG, EC_AffinePoint(), Botan::CT::is_equal(), is_identity(), and serialize_uncompressed().
◆ serialize()
| std::vector< uint8_t > Botan::EC_AffinePoint::serialize | ( | EC_Point_Format | format | ) | const |
Return an encoding depending on the requested format.
Definition at line 194 of file ec_apoint.cpp.
References Botan::Compressed, serialize_compressed(), serialize_uncompressed(), and Botan::Uncompressed.
Referenced by Botan::ECDH_PublicKey::public_value(), and Botan::EC_PublicKey::raw_public_key_bits().
◆ serialize_compressed()
|
inline |
Return the bytes of the affine x and y coordinates in a container
This function will fail if this point is the identity element
Definition at line 213 of file ec_apoint.h.
Referenced by Botan::ECDSA_PublicKey::recovery_param(), and serialize().
◆ serialize_compressed_to()
| void Botan::EC_AffinePoint::serialize_compressed_to | ( | std::span< uint8_t > | bytes | ) | const |
Write the fixed length SEC1 compressed encoding
The output span must be exactly 1 + field_element_bytes long
This function will fail if this point is the identity element
Definition at line 224 of file ec_apoint.cpp.
References BOTAN_STATE_CHECK, and is_identity().
◆ serialize_uncompressed()
|
inline |
Return the bytes of the affine x and y coordinates in a container
This function will fail if this point is the identity element
Definition at line 203 of file ec_apoint.h.
Referenced by Botan::EC_Group::DER_encode(), operator==(), and serialize().
◆ serialize_uncompressed_to()
| void Botan::EC_AffinePoint::serialize_uncompressed_to | ( | std::span< uint8_t > | bytes | ) | const |
Return the fixed length encoding of SEC1 uncompressed encoding
The output span must be exactly 1 + 2*field_element_bytes long
This function will fail if this point is the identity element
Definition at line 229 of file ec_apoint.cpp.
References BOTAN_STATE_CHECK, and is_identity().
◆ serialize_x_to()
| void Botan::EC_AffinePoint::serialize_x_to | ( | std::span< uint8_t > | bytes | ) | const |
Write the fixed length encoding of affine x coordinate
The output span must be exactly field_element_bytes long
This function will fail if this point is the identity element
Definition at line 209 of file ec_apoint.cpp.
References BOTAN_STATE_CHECK, and is_identity().
◆ serialize_xy_to()
| void Botan::EC_AffinePoint::serialize_xy_to | ( | std::span< uint8_t > | bytes | ) | const |
Write the fixed length encoding of affine x and y coordinates
The output span must be exactly 2*field_element_bytes long
This function will fail if this point is the identity element
Definition at line 219 of file ec_apoint.cpp.
References BOTAN_STATE_CHECK, and is_identity().
◆ serialize_y_to()
| void Botan::EC_AffinePoint::serialize_y_to | ( | std::span< uint8_t > | bytes | ) | const |
Write the fixed length encoding of affine y coordinate
The output span must be exactly field_element_bytes long
This function will fail if this point is the identity element
Definition at line 214 of file ec_apoint.cpp.
References BOTAN_STATE_CHECK, and is_identity().
◆ x_bytes()
|
inline |
Return the bytes of the affine x coordinate in a container
This function will fail if this point is the identity element
Definition at line 173 of file ec_apoint.h.
◆ xy_bytes()
|
inline |
Return the bytes of the affine x and y coordinates in a container
This function will fail if this point is the identity element
Definition at line 193 of file ec_apoint.h.
Referenced by Botan::GOST_3410_PublicKey::public_key_bits(), and Botan::sm2_compute_za().
◆ y_bytes()
|
inline |
Return the bytes of the affine y coordinate in a container
This function will fail if this point is the identity element
Definition at line 183 of file ec_apoint.h.
Friends And Related Symbol Documentation
◆ EC_Mul2Table
|
friend |
Definition at line 270 of file ec_apoint.h.
References EC_AffinePoint(), and EC_Mul2Table.
Referenced by EC_Mul2Table.
The documentation for this class was generated from the following files:
- src/lib/pubkey/ec_group/ec_apoint.h
- src/lib/pubkey/ec_group/ec_apoint.cpp
Generated by
1.14.0