Botan 3.8.1
Crypto and TLS for C&
Classes | Public Member Functions | Static Public Member Functions | List of all members
Botan::EC_Group Class Referencefinal

#include <ec_group.h>

Classes

class  Mul2Table
 Table for computing g*x + h*y. More...
 

Public Member Functions

const std::shared_ptr< EC_Group_Data > & _data () const
 
bool a_is_minus_3 () const
 
bool a_is_zero () const
 
BigInt cube_mod_order (const BigInt &x) const
 
std::vector< uint8_t > DER_encode () const
 
std::vector< uint8_t > DER_encode (EC_Group_Encoding form) const
 
 EC_Group ()
 
 EC_Group (const BigInt &p, const BigInt &a, const BigInt &b, const BigInt &base_x, const BigInt &base_y, const BigInt &order, const BigInt &cofactor, const OID &oid=OID())
 
 EC_Group (const EC_Group &)
 
 EC_Group (const OID &oid)
 
 EC_Group (const OID &oid, const BigInt &p, const BigInt &a, const BigInt &b, const BigInt &base_x, const BigInt &base_y, const BigInt &order)
 
 EC_Group (const uint8_t ber[], size_t ber_len)
 
 EC_Group (EC_Group &&)=default
 
 EC_Group (std::span< const uint8_t > ber)
 
 EC_Group (std::string_view pem_or_oid)
 
EC_Group_Engine engine () const
 
const BigIntget_a () const
 
const BigIntget_b () const
 
const BigIntget_cofactor () const
 
const OIDget_curve_oid () const
 
const BigIntget_g_x () const
 
const BigIntget_g_y () const
 
const BigIntget_order () const
 
size_t get_order_bits () const
 
size_t get_order_bytes () const
 
const BigIntget_p () const
 
size_t get_p_bits () const
 
size_t get_p_bytes () const
 
bool has_cofactor () const
 
bool initialized () const
 
BigInt inverse_mod_order (const BigInt &x) const
 
BigInt mod_order (const BigInt &x) const
 
BigInt multiply_mod_order (const BigInt &x, const BigInt &y) const
 
BigInt multiply_mod_order (const BigInt &x, const BigInt &y, const BigInt &z) const
 
EC_Groupoperator= (const EC_Group &)
 
EC_Groupoperator= (EC_Group &&)=default
 
bool operator== (const EC_Group &other) const
 
std::string PEM_encode (EC_Group_Encoding form=EC_Group_Encoding::Explicit) const
 
size_t point_size (EC_Point_Format format) const
 
EC_Group_Source source () const
 
BigInt square_mod_order (const BigInt &x) const
 
bool used_explicit_encoding () const
 
bool verify_group (RandomNumberGenerator &rng, bool strong=false) const
 
 ~EC_Group ()
 

Static Public Member Functions

static size_t clear_registered_curve_data ()
 
static EC_Group EC_Group_from_PEM (std::string_view pem)
 
static OID EC_group_identity_from_order (const BigInt &order)
 
static std::shared_ptr< EC_Group_DataEC_group_info (const OID &oid)
 
static EC_Group from_name (std::string_view name)
 
static EC_Group from_OID (const OID &oid)
 
static EC_Group from_PEM (std::string_view pem)
 
static const std::set< std::string > & known_named_groups ()
 
static bool supports_application_specific_group ()
 
static bool supports_named_group (std::string_view name)
 

Detailed Description

Class representing an elliptic curve

The internal representation is stored in a shared_ptr, so copying an EC_Group is inexpensive.

Definition at line 87 of file ec_group.h.

Constructor & Destructor Documentation

◆ EC_Group() [1/9]

Botan::EC_Group::EC_Group ( const BigInt & p,
const BigInt & a,
const BigInt & b,
const BigInt & base_x,
const BigInt & base_y,
const BigInt & order,
const BigInt & cofactor,
const OID & oid = OID() )

Construct elliptic curve from the specified parameters

This is used for example to create custom (application-specific) curves.

Some build configurations do not support application specific curves, in which case this constructor will throw an exception. You can check for this situation beforehand using the function EC_Group::supports_application_specific_group()

Parameters
pthe elliptic curve p
athe elliptic curve a param
bthe elliptic curve b param
base_xthe x coordinate of the base point
base_ythe y coordinate of the base point
orderthe order of the base point
cofactorthe cofactor
oidan optional OID used to identify this curve
Warning
This constructor is deprecated and will be removed in Botan 4
support for cofactors > 1 is deprecated and will be removed
support for prime fields > 521 bits is deprecated and will be removed.
Support for explicitly encoded curve parameters is deprecated. An OID must be assigned.

Definition at line 419 of file ec_group.cpp.

426 {
427 if(oid.has_value()) {
428 m_data = ec_group_data().lookup_or_create(
429 p, a, b, base_x, base_y, order, cofactor, oid, EC_Group_Source::ExternalSource);
430 } else {
431 m_data = ec_group_data().lookup_or_create_without_oid(
432 p, a, b, base_x, base_y, order, cofactor, EC_Group_Source::ExternalSource);
433 }
434}

References Botan::ExternalSource, and Botan::OID::has_value().

Referenced by EC_Group(), EC_Group(), EC_Group(), EC_Group(), EC_Group(), EC_Group_from_PEM(), from_name(), from_OID(), from_PEM(), operator=(), operator=(), operator==(), and ~EC_Group().

◆ EC_Group() [2/9]

Botan::EC_Group::EC_Group ( const OID & oid,
const BigInt & p,
const BigInt & a,
const BigInt & b,
const BigInt & base_x,
const BigInt & base_y,
const BigInt & order )

Construct elliptic curve from the specified parameters

This is used for example to create custom (application-specific) curves.

Some build configurations do not support application specific curves, in which case this constructor will throw an exception. You can check for this situation beforehand using the function EC_Group::supports_application_specific_group()

Unlike the deprecated constructor, this constructor imposes additional restrictions on the parameters, namely:

  • An object identifier must be provided
  • The prime must be at least 192 bits and at most 512 bits, and a multiple of 32 bits. Currently, as long as BOTAN_DISABLE_DEPRECATED_FEATURES is not set, this constructor accepts primes as small as 128 bits - this lower bound will be removed in the next major release.
  • As an extension of the above restriction, the prime can also be exactly the 521-bit Mersenne prime (2**521-1) or exactly the 239-bit prime used in X9.62 239 bit groups (2**239 - 2**143 - 2**95 + 2**47 - 1)
  • The prime must be congruent to 3 modulo 4
  • The group order must have the same bit length as the prime. It is allowed for the order to be larger than p, but they must have the same bit length.
  • Only prime order curves (with cofactor == 1) are allowed
Warning
use only elliptic curve parameters that you trust
Parameters
oidan object identifier used to identify this curve
pthe elliptic curve prime (at most 521 bits)
athe elliptic curve a param
bthe elliptic curve b param
base_xthe x coordinate of the group generator
base_ythe y coordinate of the group generator
orderthe order of the group

Definition at line 436 of file ec_group.cpp.

442 {
443 BOTAN_ARG_CHECK(oid.has_value(), "An OID is required for creating an EC_Group");
444
445 // TODO(Botan4) remove this and require 192 bits minimum
446#if defined(BOTAN_DISABLE_DEPRECATED_FEATURES)
447 constexpr size_t p_bits_lower_bound = 192;
448#else
449 constexpr size_t p_bits_lower_bound = 128;
450#endif
451
452 BOTAN_ARG_CHECK(p.bits() >= p_bits_lower_bound, "EC_Group p too small");
453 BOTAN_ARG_CHECK(p.bits() <= 521, "EC_Group p too large");
454
455 if(p.bits() == 521) {
456 const auto p521 = BigInt::power_of_2(521) - 1;
457 BOTAN_ARG_CHECK(p == p521, "EC_Group with p of 521 bits must be 2**521-1");
458 } else if(p.bits() == 239) {
459 const auto x962_p239 = []() {
460 BigInt p239;
461 for(size_t i = 0; i != 239; ++i) {
462 if(i < 47 || ((i >= 94) && (i != 143))) {
463 p239.set_bit(i);
464 }
465 }
466 return p239;
467 }();
468
469 BOTAN_ARG_CHECK(p == x962_p239, "EC_Group with p of 239 bits must be the X9.62 prime");
470 } else {
471 BOTAN_ARG_CHECK(p.bits() % 32 == 0, "EC_Group p must be a multiple of 32 bits");
472 }
473
474 BOTAN_ARG_CHECK(p % 4 == 3, "EC_Group p must be congruent to 3 modulo 4");
475
476 BOTAN_ARG_CHECK(a >= 0 && a < p, "EC_Group a is invalid");
477 BOTAN_ARG_CHECK(b > 0 && b < p, "EC_Group b is invalid");
478 BOTAN_ARG_CHECK(base_x >= 0 && base_x < p, "EC_Group base_x is invalid");
479 BOTAN_ARG_CHECK(base_y >= 0 && base_y < p, "EC_Group base_y is invalid");
480 BOTAN_ARG_CHECK(p.bits() == order.bits(), "EC_Group p and order must have the same number of bits");
481
482 auto mod_p = Barrett_Reduction::for_public_modulus(p);
483 BOTAN_ARG_CHECK(is_bailie_psw_probable_prime(p, mod_p), "EC_Group p is not prime");
484
485 auto mod_order = Barrett_Reduction::for_public_modulus(order);
486 BOTAN_ARG_CHECK(is_bailie_psw_probable_prime(order, mod_order), "EC_Group order is not prime");
487
488 // This catches someone "ignoring" a cofactor and just trying to
489 // provide the subgroup order
490 BOTAN_ARG_CHECK((p - order).abs().bits() <= (p.bits() / 2) + 1, "Hasse bound invalid");
491
492 // Check that 4*a^3 + 27*b^2 != 0
493 const auto discriminant = mod_p.reduce(mod_p.multiply(4, mod_p.cube(a)) + mod_p.multiply(27, mod_p.square(b)));
494 BOTAN_ARG_CHECK(discriminant != 0, "EC_Group discriminant is invalid");
495
496 // Check that the generator (base_x,base_y) is on the curve; y^2 = x^3 + a*x + b
497 auto y2 = mod_p.square(base_y);
498 auto x3_ax_b = mod_p.reduce(mod_p.cube(base_x) + mod_p.multiply(a, base_x) + b);
499 BOTAN_ARG_CHECK(y2 == x3_ax_b, "EC_Group generator is not on the curve");
500
501 BigInt cofactor(1);
502
503 m_data =
504 ec_group_data().lookup_or_create(p, a, b, base_x, base_y, order, cofactor, oid, EC_Group_Source::ExternalSource);
505}
BOTAN_ARG_CHECK
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:31
Botan::Barrett_Reduction::for_public_modulus
static Barrett_Reduction for_public_modulus(const BigInt &m)
Definition barrett.cpp:33
Botan::BigInt::power_of_2
static BigInt power_of_2(size_t n)
Definition bigint.h:820
Botan::EC_Group::mod_order
BigInt mod_order(const BigInt &x) const
Definition ec_group.h:650
Botan::abs
BigInt abs(const BigInt &n)
Definition numthry.h:24
Botan::is_bailie_psw_probable_prime
bool is_bailie_psw_probable_prime(const BigInt &n, const Barrett_Reduction &mod_n)
Definition primality.cpp:96

References Botan::abs(), Botan::BigInt::bits(), BOTAN_ARG_CHECK, Botan::ExternalSource, Botan::Barrett_Reduction::for_public_modulus(), Botan::OID::has_value(), Botan::is_bailie_psw_probable_prime(), mod_order(), Botan::BigInt::power_of_2(), and Botan::BigInt::set_bit().

◆ EC_Group() [3/9]

Botan::EC_Group::EC_Group ( std::span< const uint8_t > ber)
explicit

Decode a BER encoded ECC domain parameter set

Parameters
berthe bytes of the BER encoding

Definition at line 507 of file ec_group.cpp.

507 {
508 auto data = BER_decode_EC_group(ber, EC_Group_Source::ExternalSource);
509 m_data = data.first;
510 m_explicit_encoding = data.second;
511}

References Botan::ExternalSource.

◆ EC_Group() [4/9]

Botan::EC_Group::EC_Group ( const uint8_t ber[],
size_t ber_len )
inline

Definition at line 184 of file ec_group.h.

184: EC_Group(std::span{ber, ber_len}) {}
Botan::EC_Group::EC_Group
EC_Group()

References EC_Group().

◆ EC_Group() [5/9]

Botan::EC_Group::EC_Group ( const OID & oid)
inlineexplicit

Create an EC domain by OID (or throw if unknown)

Parameters
oidthe OID of the EC domain to create

Definition at line 190 of file ec_group.h.

190{ *this = EC_Group::from_OID(oid); }
Botan::EC_Group::from_OID
static EC_Group from_OID(const OID &oid)
Definition ec_group.cpp:360

References EC_Group(), and from_OID().

◆ EC_Group() [6/9]

Botan::EC_Group::EC_Group ( std::string_view pem_or_oid)
explicit

Create an EC domain from PEM encoding (as from PEM_encode()), or from an OID name (eg "secp256r1", or "1.2.840.10045.3.1.7")

Parameters
pem_or_oidPEM-encoded data, or an OID
Warning
Support for PEM in this function is deprecated. Use EC_Group::from_PEM or EC_Group::from_OID or EC_Group::from_name

Definition at line 385 of file ec_group.cpp.

385 {
386 if(str.empty()) {
387 return; // no initialization / uninitialized
388 }
389
390 try {
391 const OID oid = OID::from_string(str);
392 if(oid.has_value()) {
393 m_data = ec_group_data().lookup(oid);
394 }
395 } catch(...) {}
396
397 if(m_data == nullptr) {
398 if(str.size() > 30 && str.substr(0, 29) == "-----BEGIN EC PARAMETERS-----") {
399 // OK try it as PEM ...
400 const auto ber = PEM_Code::decode_check_label(str, "EC PARAMETERS");
401
402 auto data = BER_decode_EC_group(ber, EC_Group_Source::ExternalSource);
403 this->m_data = data.first;
404 this->m_explicit_encoding = data.second;
405 }
406 }
407
408 if(m_data == nullptr) {
409 throw Invalid_Argument(fmt("Unknown ECC group '{}'", str));
410 }
411}
Botan::OID::from_string
static OID from_string(std::string_view str)
Definition asn1_oid.cpp:86
Botan::PEM_Code::decode_check_label
secure_vector< uint8_t > decode_check_label(DataSource &source, std::string_view label_want)
Definition pem.cpp:49
Botan::fmt
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53

References Botan::PEM_Code::decode_check_label(), Botan::ExternalSource, Botan::fmt(), Botan::OID::from_string(), and Botan::OID::has_value().

◆ EC_Group() [7/9]

Botan::EC_Group::EC_Group ( )
default

Create an uninitialized EC_Group

References EC_Group().

Referenced by from_name(), from_OID(), and from_PEM().

◆ ~EC_Group()

Botan::EC_Group::~EC_Group ( )
default

References EC_Group().

◆ EC_Group() [8/9]

Botan::EC_Group::EC_Group ( const EC_Group & )
default

References EC_Group().

◆ EC_Group() [9/9]

Botan::EC_Group::EC_Group ( EC_Group && )
default

References EC_Group().

Member Function Documentation

◆ _data()

const std::shared_ptr< EC_Group_Data > & Botan::EC_Group::_data ( ) const
inline

Definition at line 451 of file ec_group.h.

451{ return m_data; }

Referenced by Botan::EC_AffinePoint::deserialize(), Botan::EC_Scalar::deserialize(), Botan::EC_AffinePoint::EC_AffinePoint(), Botan::EC_Scalar::EC_Scalar(), Botan::EC_Scalar::from_bigint(), Botan::EC_Scalar::from_bytes_mod_order(), Botan::EC_Scalar::from_bytes_with_trunc(), Botan::EC_AffinePoint::hash_to_curve_nu(), Botan::EC_AffinePoint::hash_to_curve_ro(), Botan::EC_Scalar::one(), and Botan::EC_Scalar::random().

◆ a_is_minus_3()

bool Botan::EC_Group::a_is_minus_3 ( ) const
inline

Return if a == -3 mod p

Definition at line 640 of file ec_group.h.

640{ return get_a() + 3 == get_p(); }
Botan::EC_Group::get_a
const BigInt & get_a() const
Definition ec_group.cpp:540
Botan::EC_Group::get_p
const BigInt & get_p() const
Definition ec_group.cpp:536

References a_is_minus_3(), get_a(), and get_p().

Referenced by a_is_minus_3().

◆ a_is_zero()

bool Botan::EC_Group::a_is_zero ( ) const
inline

Return if a == 0 mod p

Definition at line 645 of file ec_group.h.

645{ return get_a().is_zero(); }
Botan::BigInt::is_zero
bool is_zero() const
Definition bigint.h:457

References a_is_zero(), and get_a().

Referenced by a_is_zero().

◆ clear_registered_curve_data()

size_t Botan::EC_Group::clear_registered_curve_data ( )
static

Definition at line 187 of file ec_group.cpp.

187 {
188 return ec_group_data().clear();
189}

◆ cube_mod_order()

BigInt Botan::EC_Group::cube_mod_order ( const BigInt & x) const
inline

Definition at line 693 of file ec_group.h.

693 {
694 auto xs = EC_Scalar::from_bigint(*this, x);
695 return (xs * xs * xs).to_bigint();
696 }
Botan::EC_Scalar::from_bigint
static EC_Scalar from_bigint(const EC_Group &group, const BigInt &bn)
Definition ec_scalar.cpp:65

References cube_mod_order(), and Botan::EC_Scalar::from_bigint().

Referenced by cube_mod_order().

◆ DER_encode() [1/2]

std::vector< uint8_t > Botan::EC_Group::DER_encode ( ) const

Create the DER encoding of this domain, using namedCurve format

Returns
the group information encoded as DER

Definition at line 616 of file ec_group.cpp.

616 {
617 const auto& der_named_curve = data().der_named_curve();
618 // TODO(Botan4) this can be removed because an OID will always be defined
619 if(der_named_curve.empty()) {
620 throw Encoding_Error("Cannot encode EC_Group as OID because OID not set");
621 }
622
623 return der_named_curve;
624}

Referenced by DER_encode(), and PEM_encode().

◆ DER_encode() [2/2]

std::vector< uint8_t > Botan::EC_Group::DER_encode ( EC_Group_Encoding form) const

Create the DER encoding of this domain

Parameters
formof encoding to use
Returns
the group information encoded as DER

Definition at line 626 of file ec_group.cpp.

626 {
627 if(form == EC_Group_Encoding::Explicit) {
628 std::vector<uint8_t> output;
629 DER_Encoder der(output);
630 const size_t ecpVers1 = 1;
631 const OID curve_type("1.2.840.10045.1.1"); // prime field
632
633 const size_t p_bytes = get_p_bytes();
634
635 const auto generator = EC_AffinePoint::generator(*this).serialize_uncompressed();
636
637 der.start_sequence()
638 .encode(ecpVers1)
639 .start_sequence()
640 .encode(curve_type)
641 .encode(get_p())
642 .end_cons()
643 .start_sequence()
644 .encode(get_a().serialize(p_bytes), ASN1_Type::OctetString)
645 .encode(get_b().serialize(p_bytes), ASN1_Type::OctetString)
646 .end_cons()
647 .encode(generator, ASN1_Type::OctetString)
648 .encode(get_order())
649 .encode(get_cofactor())
650 .end_cons();
651 return output;
652 } else if(form == EC_Group_Encoding::NamedCurve) {
653 return this->DER_encode();
654 } else if(form == EC_Group_Encoding::ImplicitCA) {
655 return {0x00, 0x05};
656 } else {
657 throw Internal_Error("EC_Group::DER_encode: Unknown encoding");
658 }
659}
Botan::EC_AffinePoint::serialize_uncompressed
T serialize_uncompressed() const
Definition ec_apoint.h:187
Botan::EC_AffinePoint::generator
static EC_AffinePoint generator(const EC_Group &group)
Return the standard group generator.
Definition ec_apoint.cpp:83
Botan::EC_Group::get_b
const BigInt & get_b() const
Definition ec_group.cpp:544
Botan::EC_Group::get_cofactor
const BigInt & get_cofactor() const
Definition ec_group.cpp:596
Botan::EC_Group::get_order
const BigInt & get_order() const
Definition ec_group.cpp:584
Botan::EC_Group::DER_encode
std::vector< uint8_t > DER_encode() const
Definition ec_group.cpp:616
Botan::EC_Group::get_p_bytes
size_t get_p_bytes() const
Definition ec_group.cpp:524

References DER_encode(), Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::Explicit, Botan::EC_AffinePoint::generator(), get_a(), get_b(), get_cofactor(), get_order(), get_p(), get_p_bytes(), Botan::ImplicitCA, Botan::NamedCurve, Botan::OctetString, Botan::EC_AffinePoint::serialize_uncompressed(), and Botan::DER_Encoder::start_sequence().

Referenced by Botan::EC_PublicKey::DER_domain(), and Botan::TLS::Signature_Scheme::key_algorithm_identifier().

◆ EC_Group_from_PEM()

static EC_Group Botan::EC_Group::EC_Group_from_PEM ( std::string_view pem)
inlinestatic

Definition at line 217 of file ec_group.h.

217 {
218 return EC_Group::from_PEM(pem);
219 }
Botan::EC_Group::from_PEM
static EC_Group from_PEM(std::string_view pem)
Definition ec_group.cpp:414

References BOTAN_DEPRECATED, EC_Group(), EC_Group_from_PEM(), and from_PEM().

Referenced by EC_Group_from_PEM().

◆ EC_group_identity_from_order()

OID Botan::EC_Group::EC_group_identity_from_order ( const BigInt & order)
static

Definition at line 356 of file ec_named.cpp.

357 {
358 const uint32_t low_bits = static_cast<uint32_t>(order.word_at(0));
359
360 if(low_bits == 0xFC632551 && order == BigInt("0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551")) {
361 return OID{1, 2, 840, 10045, 3, 1, 7};
362 }
363
364 if(low_bits == 0xCCC52973 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) {
365 return OID{1, 3, 132, 0, 34};
366 }
367
368 if(low_bits == 0x91386409 && order == BigInt("0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409")) {
369 return OID{1, 3, 132, 0, 35};
370 }
371
372 if(low_bits == 0x9E60FC09 && order == BigInt("0xE95E4A5F737059DC60DF5991D45029409E60FC09")) {
373 return OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 1};
374 }
375
376 if(low_bits == 0x9AC4ACC1 && order == BigInt("0xC302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1")) {
377 return OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 3};
378 }
379
380 if(low_bits == 0xA5A7939F && order == BigInt("0xD7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F")) {
381 return OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 5};
382 }
383
384 if(low_bits == 0x974856A7 && order == BigInt("0xA9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7")) {
385 return OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 7};
386 }
387
388 if(low_bits == 0x44C59311 && order == BigInt("0xD35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311")) {
389 return OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 9};
390 }
391
392 if(low_bits == 0xE9046565 && order == BigInt("0x8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565")) {
393 return OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 11};
394 }
395
396 if(low_bits == 0x9CA90069 && order == BigInt("0xAADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069")) {
397 return OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 13};
398 }
399
400 if(low_bits == 0xC6D655E1 && order == BigInt("0xF1FD178C0B3AD58F10126DE8CE42435B53DC67E140D2BF941FFDD459C6D655E1")) {
401 return OID{1, 2, 250, 1, 223, 101, 256, 1};
402 }
403
404 if(low_bits == 0xB761B893 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6C611070995AD10045841B09B761B893")) {
405 return OID{1, 2, 643, 7, 1, 2, 1, 1, 1};
406 }
407
408 if(low_bits == 0x1F10B275 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF27E69532F48D89116FF22B8D4E0560609B4B38ABFAD2B85DCACDB1411F10B275")) {
409 return OID{1, 2, 643, 7, 1, 2, 1, 2, 1};
410 }
411
412 if(low_bits == 0xCA16B6B3 && order == BigInt("0x100000000000000000001B8FA16DFAB9ACA16B6B3")) {
413 return OID{1, 3, 132, 0, 9};
414 }
415
416 if(low_bits == 0xCA752257 && order == BigInt("0x100000000000000000001F4C8F927AED3CA752257")) {
417 return OID{1, 3, 132, 0, 8};
418 }
419
420 if(low_bits == 0xF3A1A16B && order == BigInt("0x100000000000000000000351EE786A818F3A1A16B")) {
421 return OID{1, 3, 132, 0, 30};
422 }
423
424 if(low_bits == 0x74DEFD8D && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D")) {
425 return OID{1, 3, 132, 0, 31};
426 }
427
428 if(low_bits == 0xB4D22831 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831")) {
429 return OID{1, 2, 840, 10045, 3, 1, 1};
430 }
431
432 if(low_bits == 0x769FB1F7 && order == BigInt("0x10000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7")) {
433 return OID{1, 3, 132, 0, 32};
434 }
435
436 if(low_bits == 0x5C5C2A3D && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D")) {
437 return OID{1, 3, 132, 0, 33};
438 }
439
440 if(low_bits == 0xD0364141 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141")) {
441 return OID{1, 3, 132, 0, 10};
442 }
443
444 if(low_bits == 0x39D54123 && order == BigInt("0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123")) {
445 return OID{1, 2, 156, 10197, 1, 301};
446 }
447
448 if(low_bits == 0x48D8DD31 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31")) {
449 return OID{1, 2, 840, 10045, 3, 1, 2};
450 }
451
452 if(low_bits == 0xF640EC13 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13")) {
453 return OID{1, 2, 840, 10045, 3, 1, 3};
454 }
455
456 if(low_bits == 0x88909D0B && order == BigInt("0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B")) {
457 return OID{1, 2, 840, 10045, 3, 1, 4};
458 }
459
460 if(low_bits == 0xBC582063 && order == BigInt("0x7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063")) {
461 return OID{1, 2, 840, 10045, 3, 1, 5};
462 }
463
464 if(low_bits == 0x46526551 && order == BigInt("0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551")) {
465 return OID{1, 2, 840, 10045, 3, 1, 6};
466 }
467
468 if(low_bits == 0x0433555D && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5B3CA4FB94E7831B4FC258ED97D0BDC63B568B36607CD243CE153F390433555D")) {
469 return OID{1, 3, 6, 1, 4, 1, 25258, 4, 3};
470 }
471
472 return OID();
473}

References Botan::BigInt::word_at().

◆ EC_group_info()

std::shared_ptr< EC_Group_Data > Botan::EC_Group::EC_group_info ( const OID & oid)
static

Definition at line 15 of file ec_named.cpp.

15 {
16 // secp256r1
17 if(oid == OID{1, 2, 840, 10045, 3, 1, 7}) {
18 return load_EC_group_info(
19 "0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
20 "0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
21 "0x5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
22 "0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",
23 "0x4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5",
24 "0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",
25 oid);
26 }
27
28 // secp384r1
29 if(oid == OID{1, 3, 132, 0, 34}) {
30 return load_EC_group_info(
31 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF",
32 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC",
33 "0xB3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF",
34 "0xAA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7",
35 "0x3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F",
36 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973",
37 oid);
38 }
39
40 // secp521r1
41 if(oid == OID{1, 3, 132, 0, 35}) {
42 return load_EC_group_info(
43 "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
44 "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",
45 "0x51953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",
46 "0xC6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",
47 "0x11839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650",
48 "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",
49 oid);
50 }
51
52 // brainpool160r1
53 if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 1}) {
54 return load_EC_group_info(
55 "0xE95E4A5F737059DC60DFC7AD95B3D8139515620F",
56 "0x340E7BE2A280EB74E2BE61BADA745D97E8F7C300",
57 "0x1E589A8595423412134FAA2DBDEC95C8D8675E58",
58 "0xBED5AF16EA3F6A4F62938C4631EB5AF7BDBCDBC3",
59 "0x1667CB477A1A8EC338F94741669C976316DA6321",
60 "0xE95E4A5F737059DC60DF5991D45029409E60FC09",
61 oid);
62 }
63
64 // brainpool192r1
65 if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 3}) {
66 return load_EC_group_info(
67 "0xC302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297",
68 "0x6A91174076B1E0E19C39C031FE8685C1CAE040E5C69A28EF",
69 "0x469A28EF7C28CCA3DC721D044F4496BCCA7EF4146FBF25C9",
70 "0xC0A0647EAAB6A48753B033C56CB0F0900A2F5C4853375FD6",
71 "0x14B690866ABD5BB88B5F4828C1490002E6773FA2FA299B8F",
72 "0xC302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1",
73 oid);
74 }
75
76 // brainpool224r1
77 if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 5}) {
78 return load_EC_group_info(
79 "0xD7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF",
80 "0x68A5E62CA9CE6C1C299803A6C1530B514E182AD8B0042A59CAD29F43",
81 "0x2580F63CCFE44138870713B1A92369E33E2135D266DBB372386C400B",
82 "0xD9029AD2C7E5CF4340823B2A87DC68C9E4CE3174C1E6EFDEE12C07D",
83 "0x58AA56F772C0726F24C6B89E4ECDAC24354B9E99CAA3F6D3761402CD",
84 "0xD7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F",
85 oid);
86 }
87
88 // brainpool256r1
89 if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 7}) {
90 return load_EC_group_info(
91 "0xA9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377",
92 "0x7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9",
93 "0x26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6",
94 "0x8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262",
95 "0x547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997",
96 "0xA9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7",
97 oid);
98 }
99
100 // brainpool320r1
101 if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 9}) {
102 return load_EC_group_info(
103 "0xD35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E27",
104 "0x3EE30B568FBAB0F883CCEBD46D3F3BB8A2A73513F5EB79DA66190EB085FFA9F492F375A97D860EB4",
105 "0x520883949DFDBC42D3AD198640688A6FE13F41349554B49ACC31DCCD884539816F5EB4AC8FB1F1A6",
106 "0x43BD7E9AFB53D8B85289BCC48EE5BFE6F20137D10A087EB6E7871E2A10A599C710AF8D0D39E20611",
107 "0x14FDD05545EC1CC8AB4093247F77275E0743FFED117182EAA9C77877AAAC6AC7D35245D1692E8EE1",
108 "0xD35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311",
109 oid);
110 }
111
112 // brainpool384r1
113 if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 11}) {
114 return load_EC_group_info(
115 "0x8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53",
116 "0x7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826",
117 "0x4A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11",
118 "0x1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E",
119 "0x8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315",
120 "0x8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565",
121 oid);
122 }
123
124 // brainpool512r1
125 if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 13}) {
126 return load_EC_group_info(
127 "0xAADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3",
128 "0x7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA",
129 "0x3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723",
130 "0x81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822",
131 "0x7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892",
132 "0xAADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069",
133 oid);
134 }
135
136 // frp256v1
137 if(oid == OID{1, 2, 250, 1, 223, 101, 256, 1}) {
138 return load_EC_group_info(
139 "0xF1FD178C0B3AD58F10126DE8CE42435B3961ADBCABC8CA6DE8FCF353D86E9C03",
140 "0xF1FD178C0B3AD58F10126DE8CE42435B3961ADBCABC8CA6DE8FCF353D86E9C00",
141 "0xEE353FCA5428A9300D4ABA754A44C00FDFEC0C9AE4B1A1803075ED967B7BB73F",
142 "0xB6B3D4C356C139EB31183D4749D423958C27D2DCAF98B70164C97A2DD98F5CFF",
143 "0x6142E0F7C8B204911F9271F0F3ECEF8C2701C307E8E4C9E183115A1554062CFB",
144 "0xF1FD178C0B3AD58F10126DE8CE42435B53DC67E140D2BF941FFDD459C6D655E1",
145 oid);
146 }
147
148 // gost_256A
149 if(oid == OID{1, 2, 643, 7, 1, 2, 1, 1, 1} || oid == OID{1, 2, 643, 2, 2, 35, 1} || oid == OID{1, 2, 643, 2, 2, 36, 0}) {
150 return load_EC_group_info(
151 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD97",
152 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD94",
153 "0xA6",
154 "0x1",
155 "0x8D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14",
156 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6C611070995AD10045841B09B761B893",
157 OID{1, 2, 643, 7, 1, 2, 1, 1, 1});
158 }
159
160 // gost_512A
161 if(oid == OID{1, 2, 643, 7, 1, 2, 1, 2, 1}) {
162 return load_EC_group_info(
163 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC7",
164 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC4",
165 "0xE8C2505DEDFC86DDC1BD0B2B6667F1DA34B82574761CB0E879BD081CFD0B6265EE3CB090F30D27614CB4574010DA90DD862EF9D4EBEE4761503190785A71C760",
166 "0x3",
167 "0x7503CFE87A836AE3A61B8816E25450E6CE5E1C93ACF1ABC1778064FDCBEFA921DF1626BE4FD036E93D75E6A50E3A41E98028FE5FC235F5B889A589CB5215F2A4",
168 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF27E69532F48D89116FF22B8D4E0560609B4B38ABFAD2B85DCACDB1411F10B275",
169 oid);
170 }
171
172 // secp160k1
173 if(oid == OID{1, 3, 132, 0, 9}) {
174 return load_EC_group_info(
175 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
176 "0x0",
177 "0x7",
178 "0x3B4C382CE37AA192A4019E763036F4F5DD4D7EBB",
179 "0x938CF935318FDCED6BC28286531733C3F03C4FEE",
180 "0x100000000000000000001B8FA16DFAB9ACA16B6B3",
181 oid);
182 }
183
184 // secp160r1
185 if(oid == OID{1, 3, 132, 0, 8}) {
186 return load_EC_group_info(
187 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF",
188 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC",
189 "0x1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45",
190 "0x4A96B5688EF573284664698968C38BB913CBFC82",
191 "0x23A628553168947D59DCC912042351377AC5FB32",
192 "0x100000000000000000001F4C8F927AED3CA752257",
193 oid);
194 }
195
196 // secp160r2
197 if(oid == OID{1, 3, 132, 0, 30}) {
198 return load_EC_group_info(
199 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
200 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70",
201 "0xB4E134D3FB59EB8BAB57274904664D5AF50388BA",
202 "0x52DCB034293A117E1F4FF11B30F7199D3144CE6D",
203 "0xFEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E",
204 "0x100000000000000000000351EE786A818F3A1A16B",
205 oid);
206 }
207
208 // secp192k1
209 if(oid == OID{1, 3, 132, 0, 31}) {
210 return load_EC_group_info(
211 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37",
212 "0x0",
213 "0x3",
214 "0xDB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D",
215 "0x9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D",
216 "0xFFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D",
217 oid);
218 }
219
220 // secp192r1
221 if(oid == OID{1, 2, 840, 10045, 3, 1, 1}) {
222 return load_EC_group_info(
223 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
224 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
225 "0x64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1",
226 "0x188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012",
227 "0x7192B95FFC8DA78631011ED6B24CDD573F977A11E794811",
228 "0xFFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",
229 oid);
230 }
231
232 // secp224k1
233 if(oid == OID{1, 3, 132, 0, 32}) {
234 return load_EC_group_info(
235 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D",
236 "0x0",
237 "0x5",
238 "0xA1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C",
239 "0x7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5",
240 "0x10000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7",
241 oid);
242 }
243
244 // secp224r1
245 if(oid == OID{1, 3, 132, 0, 33}) {
246 return load_EC_group_info(
247 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
248 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
249 "0xB4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
250 "0xB70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
251 "0xBD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34",
252 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",
253 oid);
254 }
255
256 // secp256k1
257 if(oid == OID{1, 3, 132, 0, 10}) {
258 return load_EC_group_info(
259 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F",
260 "0x0",
261 "0x7",
262 "0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798",
263 "0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8",
264 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",
265 oid);
266 }
267
268 // sm2p256v1
269 if(oid == OID{1, 2, 156, 10197, 1, 301}) {
270 return load_EC_group_info(
271 "0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF",
272 "0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFC",
273 "0x28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93",
274 "0x32C4AE2C1F1981195F9904466A39C9948FE30BBFF2660BE1715A4589334C74C7",
275 "0xBC3736A2F4F6779C59BDCEE36B692153D0A9877CC62A474002DF32E52139F0A0",
276 "0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123",
277 oid);
278 }
279
280 // x962_p192v2
281 if(oid == OID{1, 2, 840, 10045, 3, 1, 2}) {
282 return load_EC_group_info(
283 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
284 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
285 "0xCC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953",
286 "0xEEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A",
287 "0x6574D11D69B6EC7A672BB82A083DF2F2B0847DE970B2DE15",
288 "0xFFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31",
289 oid);
290 }
291
292 // x962_p192v3
293 if(oid == OID{1, 2, 840, 10045, 3, 1, 3}) {
294 return load_EC_group_info(
295 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
296 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
297 "0x22123DC2395A05CAA7423DAECCC94760A7D462256BD56916",
298 "0x7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896",
299 "0x38A90F22637337334B49DCB66A6DC8F9978ACA7648A943B0",
300 "0xFFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13",
301 oid);
302 }
303
304 // x962_p239v1
305 if(oid == OID{1, 2, 840, 10045, 3, 1, 4}) {
306 return load_EC_group_info(
307 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
308 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
309 "0x6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A",
310 "0xFFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF",
311 "0x7DEBE8E4E90A5DAE6E4054CA530BA04654B36818CE226B39FCCB7B02F1AE",
312 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B",
313 oid);
314 }
315
316 // x962_p239v2
317 if(oid == OID{1, 2, 840, 10045, 3, 1, 5}) {
318 return load_EC_group_info(
319 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
320 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
321 "0x617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C",
322 "0x38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7",
323 "0x5B0125E4DBEA0EC7206DA0FC01D9B081329FB555DE6EF460237DFF8BE4BA",
324 "0x7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063",
325 oid);
326 }
327
328 // x962_p239v3
329 if(oid == OID{1, 2, 840, 10045, 3, 1, 6}) {
330 return load_EC_group_info(
331 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
332 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
333 "0x255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E",
334 "0x6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A",
335 "0x1607E6898F390C06BC1D552BAD226F3B6FCFE48B6E818499AF18E3ED6CF3",
336 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551",
337 oid);
338 }
339
340 // numsp512d1
341 if(oid == OID{1, 3, 6, 1, 4, 1, 25258, 4, 3}) {
342 return load_EC_group_info(
343 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC7",
344 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC4",
345 "0x1D99B",
346 "0x2",
347 "0x1C282EB23327F9711952C250EA61AD53FCC13031CF6DD336E0B9328433AFBDD8CC5A1C1F0C716FDC724DDE537C2B0ADB00BB3D08DC83755B205CC30D7F83CF28",
348 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5B3CA4FB94E7831B4FC258ED97D0BDC63B568B36607CD243CE153F390433555D",
349 oid);
350 }
351
352 return std::shared_ptr<EC_Group_Data>();
353}

◆ engine()

EC_Group_Engine Botan::EC_Group::engine ( ) const

Return how this EC_Group is implemented under the hood

This is mostly useful for diagnostic or debugging purposes

Definition at line 612 of file ec_group.cpp.

612 {
613 return data().engine();
614}

◆ from_name()

EC_Group Botan::EC_Group::from_name ( std::string_view name)
static

Initialize an EC group from a group common name (eg "secp256r1")

Definition at line 371 of file ec_group.cpp.

371 {
372 std::shared_ptr<EC_Group_Data> data;
373
374 if(auto oid = OID::from_name(name)) {
375 data = ec_group_data().lookup(oid.value());
376 }
377
378 if(!data) {
379 throw Invalid_Argument(fmt("Unknown EC_Group '{}'", name));
380 }
381
382 return EC_Group(std::move(data));
383}
Botan::OID::from_name
static std::optional< OID > from_name(std::string_view name)
Definition asn1_oid.cpp:72

References EC_Group(), EC_Group(), Botan::fmt(), and Botan::OID::from_name().

Referenced by botan_ec_group_from_name(), Botan::create_private_key(), Botan::TLS::Signature_Scheme::key_algorithm_identifier(), Botan::TLS::Callbacks::tls_deserialize_peer_public_key(), and Botan::TLS::Callbacks::tls_generate_ephemeral_key().

◆ from_OID()

EC_Group Botan::EC_Group::from_OID ( const OID & oid)
static

Initialize an EC group from a group named by an object identifier

Definition at line 360 of file ec_group.cpp.

360 {
361 auto data = ec_group_data().lookup(oid);
362
363 if(!data) {
364 throw Invalid_Argument(fmt("No EC_Group associated with OID '{}'", oid.to_string()));
365 }
366
367 return EC_Group(std::move(data));
368}

References EC_Group(), EC_Group(), Botan::fmt(), and Botan::OID::to_string().

Referenced by botan_ec_group_from_oid(), EC_Group(), and Botan::GOST_3410_PublicKey::GOST_3410_PublicKey().

◆ from_PEM()

EC_Group Botan::EC_Group::from_PEM ( std::string_view pem)
static

Initialize an EC group from the PEM/ASN.1 encoding

Definition at line 414 of file ec_group.cpp.

414 {
415 const auto ber = PEM_Code::decode_check_label(pem, "EC PARAMETERS");
416 return EC_Group(ber);
417}

References Botan::PEM_Code::decode_check_label(), EC_Group(), and EC_Group().

Referenced by botan_ec_group_from_pem(), and EC_Group_from_PEM().

◆ get_a()

const BigInt & Botan::EC_Group::get_a ( ) const

Return the a parameter of the elliptic curve equation

Definition at line 540 of file ec_group.cpp.

540 {
541 return data().a();
542}

Referenced by a_is_minus_3(), a_is_zero(), DER_encode(), Botan::EC_PublicKey::get_int_field(), operator==(), Botan::sm2_compute_za(), and verify_group().

◆ get_b()

const BigInt & Botan::EC_Group::get_b ( ) const

Return the b parameter of the elliptic curve equation

Definition at line 544 of file ec_group.cpp.

544 {
545 return data().b();
546}

Referenced by DER_encode(), Botan::EC_PublicKey::get_int_field(), operator==(), Botan::sm2_compute_za(), and verify_group().

◆ get_cofactor()

const BigInt & Botan::EC_Group::get_cofactor ( ) const

Return the cofactor

Returns
the cofactor TODO(Botan4): Remove this

Definition at line 596 of file ec_group.cpp.

596 {
597 return data().cofactor();
598}

Referenced by DER_encode(), Botan::EC_PublicKey::get_int_field(), operator==(), and verify_group().

◆ get_curve_oid()

const OID & Botan::EC_Group::get_curve_oid ( ) const

Return the OID of these domain parameters

Returns
the OID

Definition at line 604 of file ec_group.cpp.

604 {
605 return data().oid();
606}

Referenced by Botan::GOST_3410_PublicKey::algorithm_identifier(), and Botan::TPM2::EC_PrivateKey::create_unrestricted_transient().

◆ get_g_x()

const BigInt & Botan::EC_Group::get_g_x ( ) const

Return the x coordinate of the base point

Definition at line 588 of file ec_group.cpp.

588 {
589 return data().g_x();
590}

Referenced by Botan::EC_AffinePoint::generator(), Botan::EC_PublicKey::get_int_field(), operator==(), and Botan::sm2_compute_za().

◆ get_g_y()

const BigInt & Botan::EC_Group::get_g_y ( ) const

Return the y coordinate of the base point

Definition at line 592 of file ec_group.cpp.

592 {
593 return data().g_y();
594}

Referenced by Botan::EC_AffinePoint::generator(), Botan::EC_PublicKey::get_int_field(), operator==(), and Botan::sm2_compute_za().

◆ get_order()

const BigInt & Botan::EC_Group::get_order ( ) const

Return the order of the base point

Returns
order of the base point

Definition at line 584 of file ec_group.cpp.

584 {
585 return data().order();
586}

Referenced by DER_encode(), Botan::EC_PublicKey::get_int_field(), operator==(), and verify_group().

◆ get_order_bits()

size_t Botan::EC_Group::get_order_bits ( ) const

Return the size of group order in bits (same as get_order().bits())

Definition at line 528 of file ec_group.cpp.

528 {
529 return data().order_bits();
530}

◆ get_order_bytes()

size_t Botan::EC_Group::get_order_bytes ( ) const

Return the size of the group order in bytes (same as get_order().bytes())

Definition at line 532 of file ec_group.cpp.

532 {
533 return data().order_bytes();
534}

Referenced by Botan::GOST_3410_PublicKey::_signature_element_size_for_DER_encoding().

◆ get_p()

const BigInt & Botan::EC_Group::get_p ( ) const

Return the prime modulus of the field

Definition at line 536 of file ec_group.cpp.

536 {
537 return data().p();
538}

Referenced by a_is_minus_3(), DER_encode(), Botan::EC_AffinePoint::from_bigint_xy(), Botan::EC_PublicKey::get_int_field(), operator==(), and verify_group().

◆ get_p_bits()

size_t Botan::EC_Group::get_p_bits ( ) const

Return the size of p in bits (same as get_p().bits())

Definition at line 520 of file ec_group.cpp.

520 {
521 return data().p_bits();
522}

Referenced by Botan::GOST_3410_PublicKey::algo_name(), and Botan::EC_PublicKey::key_length().

◆ get_p_bytes()

size_t Botan::EC_Group::get_p_bytes ( ) const

Return the size of p in bytes (same as get_p().bytes())

Definition at line 524 of file ec_group.cpp.

524 {
525 return data().p_bytes();
526}

Referenced by DER_encode(), Botan::EC_AffinePoint::from_bigint_xy(), point_size(), and Botan::sm2_compute_za().

◆ has_cofactor()

bool Botan::EC_Group::has_cofactor ( ) const

Return true if the cofactor is > 1 TODO(Botan4): Remove this

Definition at line 600 of file ec_group.cpp.

600 {
601 return data().has_cofactor();
602}

◆ initialized()

bool Botan::EC_Group::initialized ( ) const
inline

Definition at line 234 of file ec_group.h.

234{ return (m_data != nullptr); }

References initialized().

Referenced by initialized().

◆ inverse_mod_order()

BigInt Botan::EC_Group::inverse_mod_order ( const BigInt & x) const
inline

Definition at line 657 of file ec_group.h.

657 {
658 return EC_Scalar::from_bigint(*this, x).invert().to_bigint();
659 }
Botan::EC_Scalar::to_bigint
BigInt to_bigint() const
Definition ec_scalar.cpp:73
Botan::EC_Scalar::invert
EC_Scalar invert() const
Definition ec_scalar.cpp:133

References Botan::EC_Scalar::from_bigint(), and inverse_mod_order().

Referenced by inverse_mod_order().

◆ known_named_groups()

const std::set< std::string > & Botan::EC_Group::known_named_groups ( )
static

Return a set of known named EC groups

This returns the set of groups for which from_name should succeed Note that the set of included groups can vary based on the build configuration.

Definition at line 476 of file ec_named.cpp.

476 {
477 static const std::set<std::string> named_groups = {
478#if defined(BOTAN_HAS_PCURVES_BRAINPOOL256R1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
479 "brainpool256r1",
480#endif
481
482#if defined(BOTAN_HAS_PCURVES_BRAINPOOL384R1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
483 "brainpool384r1",
484#endif
485
486#if defined(BOTAN_HAS_PCURVES_BRAINPOOL512R1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
487 "brainpool512r1",
488#endif
489
490#if defined(BOTAN_HAS_PCURVES_FRP256V1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
491 "frp256v1",
492#endif
493
494#if defined(BOTAN_HAS_PCURVES_NUMSP512D1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
495 "numsp512d1",
496#endif
497
498#if defined(BOTAN_HAS_PCURVES_SECP192R1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
499 "secp192r1",
500#endif
501
502#if defined(BOTAN_HAS_PCURVES_SECP224R1) || defined(BOTAN_HAS_LEGACY_EC_POINT)
503 // Not supported by pcurves_generic
504 "secp224r1",
505#endif
506
507#if defined(BOTAN_HAS_PCURVES_SECP256K1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
508 "secp256k1",
509#endif
510
511#if defined(BOTAN_HAS_PCURVES_SECP256R1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
512 "secp256r1",
513#endif
514
515#if defined(BOTAN_HAS_PCURVES_SECP384R1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
516 "secp384r1",
517#endif
518
519#if defined(BOTAN_HAS_PCURVES_SECP521R1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
520 "secp521r1",
521#endif
522
523#if defined(BOTAN_HAS_PCURVES_SM2P256V1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
524 "sm2p256v1",
525#endif
526
527#if defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
528 "brainpool192r1",
529 "brainpool224r1",
530 "brainpool320r1",
531 "gost_256A",
532 "gost_512A",
533 "secp192k1",
534 "x962_p192v2",
535 "x962_p192v3",
536 "x962_p239v1",
537 "x962_p239v2",
538 "x962_p239v3",
539#endif
540
541#if defined(BOTAN_HAS_LEGACY_EC_POINT)
542 "brainpool160r1",
543 "secp160k1",
544 "secp160r1",
545 "secp160r2",
546 "secp224k1",
547#endif
548 };
549
550 return named_groups;
551}

Referenced by supports_named_group().

◆ mod_order()

BigInt Botan::EC_Group::mod_order ( const BigInt & x) const
inline

Definition at line 650 of file ec_group.h.

650 {
651 return EC_Scalar::from_bytes_mod_order(*this, x.serialize()).to_bigint();
652 }
Botan::EC_Scalar::from_bytes_mod_order
static EC_Scalar from_bytes_mod_order(const EC_Group &group, std::span< const uint8_t > bytes)
Definition ec_scalar.cpp:49

References Botan::EC_Scalar::from_bytes_mod_order(), and mod_order().

Referenced by EC_Group(), and mod_order().

◆ multiply_mod_order() [1/2]

BigInt Botan::EC_Group::multiply_mod_order ( const BigInt & x,
const BigInt & y ) const
inline

Definition at line 673 of file ec_group.h.

673 {
674 auto xs = EC_Scalar::from_bigint(*this, x);
675 auto ys = EC_Scalar::from_bigint(*this, y);
676 return (xs * ys).to_bigint();
677 }

References Botan::EC_Scalar::from_bigint(), and multiply_mod_order().

Referenced by multiply_mod_order(), and multiply_mod_order().

◆ multiply_mod_order() [2/2]

BigInt Botan::EC_Group::multiply_mod_order ( const BigInt & x,
const BigInt & y,
const BigInt & z ) const
inline

Definition at line 683 of file ec_group.h.

683 {
684 auto xs = EC_Scalar::from_bigint(*this, x);
685 auto ys = EC_Scalar::from_bigint(*this, y);
686 auto zs = EC_Scalar::from_bigint(*this, z);
687 return (xs * ys * zs).to_bigint();
688 }

References Botan::EC_Scalar::from_bigint(), and multiply_mod_order().

◆ operator=() [1/2]

EC_Group & Botan::EC_Group::operator= ( const EC_Group & )
default

References EC_Group().

◆ operator=() [2/2]

EC_Group & Botan::EC_Group::operator= ( EC_Group && )
default

References EC_Group().

◆ operator==()

bool Botan::EC_Group::operator== ( const EC_Group & other) const

Definition at line 666 of file ec_group.cpp.

666 {
667 if(m_data == other.m_data) {
668 return true; // same shared rep
669 }
670
671 return (get_p() == other.get_p() && get_a() == other.get_a() && get_b() == other.get_b() &&
672 get_g_x() == other.get_g_x() && get_g_y() == other.get_g_y() && get_order() == other.get_order() &&
673 get_cofactor() == other.get_cofactor());
674}
Botan::EC_Group::get_g_y
const BigInt & get_g_y() const
Definition ec_group.cpp:592
Botan::EC_Group::get_g_x
const BigInt & get_g_x() const
Definition ec_group.cpp:588

References EC_Group(), get_a(), get_b(), get_cofactor(), get_g_x(), get_g_y(), get_order(), and get_p().

◆ PEM_encode()

std::string Botan::EC_Group::PEM_encode ( EC_Group_Encoding form = EC_Group_Encoding::Explicit) const

Return the PEM encoding

Returns
string containing PEM data
Warning
In Botan4 the form parameter will be removed and only namedCurve will be supported

TODO(Botan4) remove the argument

Definition at line 661 of file ec_group.cpp.

661 {
662 const std::vector<uint8_t> der = DER_encode(form);
663 return PEM_Code::encode(der, "EC PARAMETERS");
664}
Botan::PEM_Code::encode
std::string encode(const uint8_t der[], size_t length, std::string_view label, size_t width)
Definition pem.cpp:39

References DER_encode(), and Botan::PEM_Code::encode().

◆ point_size()

size_t Botan::EC_Group::point_size ( EC_Point_Format format) const
inline

Definition at line 698 of file ec_group.h.

698 {
699 // Hybrid and standard format are (x,y), compressed is y, +1 format byte
700 if(format == EC_Point_Format::Compressed) {
701 return (1 + get_p_bytes());
702 } else {
703 return (1 + 2 * get_p_bytes());
704 }
705 }

References Botan::Compressed, get_p_bytes(), and point_size().

Referenced by point_size().

◆ source()

EC_Group_Source Botan::EC_Group::source ( ) const

Definition at line 608 of file ec_group.cpp.

608 {
609 return data().source();
610}

Referenced by verify_group().

◆ square_mod_order()

BigInt Botan::EC_Group::square_mod_order ( const BigInt & x) const
inline

Definition at line 664 of file ec_group.h.

664 {
665 auto xs = EC_Scalar::from_bigint(*this, x);
666 xs.square_self();
667 return xs.to_bigint();
668 }

References Botan::EC_Scalar::from_bigint(), and square_mod_order().

Referenced by square_mod_order().

◆ supports_application_specific_group()

bool Botan::EC_Group::supports_application_specific_group ( )
static

Return true if in this build configuration it is possible to register an application specific elliptic curve.

Definition at line 351 of file ec_group.cpp.

351 {
352#if defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
353 return true;
354#else
355 return false;
356#endif
357}

Referenced by botan_ec_group_supports_application_specific_group().

◆ supports_named_group()

bool Botan::EC_Group::supports_named_group ( std::string_view name)
static

Return true if in this build configuration EC_Group::from_name(name) will succeed

Definition at line 346 of file ec_group.cpp.

346 {
347 return EC_Group::known_named_groups().contains(std::string(name));
348}
Botan::EC_Group::known_named_groups
static const std::set< std::string > & known_named_groups()
Definition ec_named.cpp:476

References known_named_groups().

Referenced by botan_ec_group_supports_named_group(), and Botan::create_private_key().

◆ used_explicit_encoding()

bool Botan::EC_Group::used_explicit_encoding ( ) const
inline

Return true if this EC_Group was derived from an explicit encoding

Explicit encoding of groups is deprecated; when support for explicit curves is removed in a future major release, this function will also be removed.

Definition at line 263 of file ec_group.h.

263{ return m_explicit_encoding; }

Referenced by botan_pubkey_ecc_key_used_explicit_encoding().

◆ verify_group()

bool Botan::EC_Group::verify_group ( RandomNumberGenerator & rng,
bool strong = false ) const

Verify EC_Group domain

Returns
true if group is valid. false otherwise

Definition at line 676 of file ec_group.cpp.

676 {
677 const bool is_builtin = source() == EC_Group_Source::Builtin;
678
679 if(is_builtin && !strong) {
680 return true;
681 }
682
683 // TODO(Botan4) this can probably all be removed once the deprecated EC_Group
684 // constructor is removed, since at that point it no longer becomes possible
685 // to create an EC_Group which fails to satisfy these conditions
686
687 const BigInt& p = get_p();
688 const BigInt& a = get_a();
689 const BigInt& b = get_b();
690 const BigInt& order = get_order();
691
692 if(p <= 3 || order <= 0) {
693 return false;
694 }
695 if(a < 0 || a >= p) {
696 return false;
697 }
698 if(b <= 0 || b >= p) {
699 return false;
700 }
701
702 const size_t test_prob = 128;
703 const bool is_randomly_generated = is_builtin;
704
705 //check if field modulus is prime
706 if(!is_prime(p, rng, test_prob, is_randomly_generated)) {
707 return false;
708 }
709
710 //check if order is prime
711 if(!is_prime(order, rng, test_prob, is_randomly_generated)) {
712 return false;
713 }
714
715 //compute the discriminant: 4*a^3 + 27*b^2 which must be nonzero
716 auto mod_p = Barrett_Reduction::for_public_modulus(p);
717
718 const BigInt discriminant = mod_p.reduce(mod_p.multiply(4, mod_p.cube(a)) + mod_p.multiply(27, mod_p.square(b)));
719
720 if(discriminant == 0) {
721 return false;
722 }
723
724 //check for valid cofactor
725 if(get_cofactor() < 1) {
726 return false;
727 }
728
729#if defined(BOTAN_HAS_LEGACY_EC_POINT)
730 const EC_Point& base_point = get_base_point();
731 //check if the base point is on the curve
732 if(!base_point.on_the_curve()) {
733 return false;
734 }
735 if((base_point * get_cofactor()).is_zero()) {
736 return false;
737 }
738 //check if order of the base point is correct
739 if(!(base_point * order).is_zero()) {
740 return false;
741 }
742#endif
743
744 // check the Hasse bound (roughly)
745 if((p - get_cofactor() * order).abs().bits() > (p.bits() / 2) + 1) {
746 return false;
747 }
748
749 return true;
750}
Botan::EC_Group::source
EC_Group_Source source() const
Definition ec_group.cpp:608
Botan::is_prime
bool is_prime(const BigInt &n, RandomNumberGenerator &rng, size_t prob, bool is_random)
Definition numthry.cpp:355

References Botan::abs(), Botan::BigInt::bits(), Botan::Builtin, Botan::Barrett_Reduction::for_public_modulus(), get_a(), get_b(), get_cofactor(), get_order(), get_p(), Botan::is_prime(), Botan::EC_Point::on_the_curve(), and source().

Referenced by Botan::EC_PublicKey::check_key().

The documentation for this class was generated from the following files:
Generated by doxygen 1.13.2