Botan 3.11.0
Crypto and TLS for C&
Classes | Public Member Functions | Static Public Member Functions | List of all members
Botan::EC_Group Class Referencefinal

#include <ec_group.h>

Classes

class  Mul2Table
 Table for computing g*x + h*y. More...

Public Member Functions

const std::shared_ptr< EC_Group_Data > & _data () const
bool a_is_minus_3 () const
bool a_is_zero () const
BigInt cube_mod_order (const BigInt &x) const
std::vector< uint8_t > DER_encode () const
std::vector< uint8_t > DER_encode (EC_Group_Encoding form) const
 EC_Group ()
 EC_Group (const BigInt &p, const BigInt &a, const BigInt &b, const BigInt &base_x, const BigInt &base_y, const BigInt &order, const BigInt &cofactor, const OID &oid=OID())
 EC_Group (const EC_Group &)
 EC_Group (const OID &oid)
 EC_Group (const OID &oid, const BigInt &p, const BigInt &a, const BigInt &b, const BigInt &base_x, const BigInt &base_y, const BigInt &order)
 EC_Group (const uint8_t ber[], size_t ber_len)
 EC_Group (EC_Group &&)=default
 EC_Group (std::span< const uint8_t > ber)
 EC_Group (std::string_view pem_or_oid)
EC_Group_Engine engine () const
const BigIntget_a () const
const BigIntget_b () const
const BigIntget_cofactor () const
const OIDget_curve_oid () const
const BigIntget_g_x () const
const BigIntget_g_y () const
const BigIntget_order () const
size_t get_order_bits () const
size_t get_order_bytes () const
const BigIntget_p () const
size_t get_p_bits () const
size_t get_p_bytes () const
bool has_cofactor () const
bool initialized () const
BigInt inverse_mod_order (const BigInt &x) const
BigInt mod_order (const BigInt &x) const
BigInt multiply_mod_order (const BigInt &x, const BigInt &y) const
BigInt multiply_mod_order (const BigInt &x, const BigInt &y, const BigInt &z) const
EC_Groupoperator= (const EC_Group &)
EC_Groupoperator= (EC_Group &&)=default
bool operator== (const EC_Group &other) const
std::string PEM_encode (EC_Group_Encoding form=EC_Group_Encoding::Explicit) const
size_t point_size (EC_Point_Format format) const
EC_Group_Source source () const
BigInt square_mod_order (const BigInt &x) const
bool used_explicit_encoding () const
bool verify_group (RandomNumberGenerator &rng, bool strong=false) const
 ~EC_Group ()

Static Public Member Functions

static size_t clear_registered_curve_data ()
static EC_Group EC_Group_from_PEM (std::string_view pem)
static OID EC_group_identity_from_order (const BigInt &order)
static std::shared_ptr< EC_Group_DataEC_group_info (const OID &oid)
static EC_Group from_name (std::string_view name)
static EC_Group from_OID (const OID &oid)
static EC_Group from_PEM (std::string_view pem)
static const std::set< std::string > & known_named_groups ()
static bool supports_application_specific_group ()
static bool supports_application_specific_group_with_cofactor ()
static bool supports_named_group (std::string_view name)
static bool unregister (const OID &oid)

Detailed Description

Class representing an elliptic curve

The internal representation is stored in a shared_ptr, so copying an EC_Group is inexpensive.

Definition at line 69 of file ec_group.h.

Constructor & Destructor Documentation

◆ EC_Group() [1/9]

Botan::EC_Group::EC_Group ( const BigInt & p,
const BigInt & a,
const BigInt & b,
const BigInt & base_x,
const BigInt & base_y,
const BigInt & order,
const BigInt & cofactor,
const OID & oid = OID() )

Construct elliptic curve from the specified parameters

This is used for example to create custom (application-specific) curves.

Some build configurations do not support application specific curves, in which case this constructor will throw an exception. You can check for this situation beforehand using the function EC_Group::supports_application_specific_group()

Parameters
pthe elliptic curve p
athe elliptic curve a param
bthe elliptic curve b param
base_xthe x coordinate of the base point
base_ythe y coordinate of the base point
orderthe order of the base point
cofactorthe cofactor
oidan optional OID used to identify this curve
Warning
This constructor is deprecated and will be removed in Botan 4
support for cofactors > 1 is deprecated and will be removed
support for prime fields > 521 bits is deprecated and will be removed.
Support for explicitly encoded curve parameters is deprecated. An OID must be assigned.

Definition at line 486 of file ec_group.cpp.

493 {
494 if(oid.has_value()) {
495 m_data = ec_group_data().lookup_or_create(
496 p, a, b, base_x, base_y, order, cofactor, oid, EC_Group_Source::ExternalSource);
497 } else {
498 m_data = ec_group_data().lookup_or_create_without_oid(
499 p, a, b, base_x, base_y, order, cofactor, EC_Group_Source::ExternalSource);
500 }
501}

References Botan::ExternalSource, and Botan::OID::has_value().

Referenced by EC_Group(), EC_Group(), EC_Group(), EC_Group(), EC_Group(), EC_Group_from_PEM(), from_name(), from_OID(), from_PEM(), operator=(), operator=(), operator==(), and ~EC_Group().

◆ EC_Group() [2/9]

Botan::EC_Group::EC_Group ( const OID & oid,
const BigInt & p,
const BigInt & a,
const BigInt & b,
const BigInt & base_x,
const BigInt & base_y,
const BigInt & order )

Construct elliptic curve from the specified parameters

This is used for example to create custom (application-specific) curves.

Some build configurations do not support application specific curves, in which case this constructor will throw an exception. You can check for this situation beforehand using the function EC_Group::supports_application_specific_group()

Unlike the deprecated constructor, this constructor imposes additional restrictions on the parameters, namely:

  • An object identifier must be provided
  • The prime must be at least 192 bits and at most 512 bits, and a multiple of 32 bits. Currently, as long as BOTAN_DISABLE_DEPRECATED_FEATURES is not set, this constructor accepts primes as small as 128 bits - this lower bound will be removed in the next major release.
  • As an extension of the above restriction, the prime can also be exactly the 521-bit Mersenne prime (2**521-1) or exactly the 239-bit prime used in X9.62 239 bit groups (2**239 - 2**143 - 2**95 + 2**47 - 1)
  • The prime must be congruent to 3 modulo 4
  • The group order must have the same bit length as the prime. It is allowed for the order to be larger than p, but they must have the same bit length.
  • Only prime order curves (with cofactor == 1) are allowed
Warning
use only elliptic curve parameters that you trust
Parameters
oidan object identifier used to identify this curve
pthe elliptic curve prime (at most 521 bits)
athe elliptic curve a param
bthe elliptic curve b param
base_xthe x coordinate of the group generator
base_ythe y coordinate of the group generator
orderthe order of the group

Definition at line 503 of file ec_group.cpp.

509 {
510 BOTAN_ARG_CHECK(oid.has_value(), "An OID is required for creating an EC_Group");
511
512 // TODO(Botan4) remove this and require 192 bits minimum
513#if defined(BOTAN_DISABLE_DEPRECATED_FEATURES)
514 constexpr size_t p_bits_lower_bound = 192;
515#else
516 constexpr size_t p_bits_lower_bound = 128;
517#endif
518
519 BOTAN_ARG_CHECK(p.bits() >= p_bits_lower_bound, "EC_Group p too small");
520 BOTAN_ARG_CHECK(p.bits() <= 521, "EC_Group p too large");
521
522 if(p.bits() == 521) {
523 const auto p521 = BigInt::power_of_2(521) - 1;
524 BOTAN_ARG_CHECK(p == p521, "EC_Group with p of 521 bits must be 2**521-1");
525 } else if(p.bits() == 239) {
526 const auto x962_p239 = []() {
527 BigInt p239;
528 for(size_t i = 0; i != 239; ++i) {
529 if(i < 47 || ((i >= 94) && (i != 143))) {
530 p239.set_bit(i);
531 }
532 }
533 return p239;
534 }();
535
536 BOTAN_ARG_CHECK(p == x962_p239, "EC_Group with p of 239 bits must be the X9.62 prime");
537 } else {
538 BOTAN_ARG_CHECK(p.bits() % 32 == 0, "EC_Group p must be a multiple of 32 bits");
539 }
540
541 BOTAN_ARG_CHECK(p % 4 == 3, "EC_Group p must be congruent to 3 modulo 4");
542
543 BOTAN_ARG_CHECK(a >= 0 && a < p, "EC_Group a is invalid");
544 BOTAN_ARG_CHECK(b > 0 && b < p, "EC_Group b is invalid");
545 BOTAN_ARG_CHECK(base_x >= 0 && base_x < p, "EC_Group base_x is invalid");
546 BOTAN_ARG_CHECK(base_y >= 0 && base_y < p, "EC_Group base_y is invalid");
547 BOTAN_ARG_CHECK(p.bits() == order.bits(), "EC_Group p and order must have the same number of bits");
548
549 auto mod_p = Barrett_Reduction::for_public_modulus(p);
550 BOTAN_ARG_CHECK(is_bailie_psw_probable_prime(p, mod_p), "EC_Group p is not prime");
551
552 auto mod_order = Barrett_Reduction::for_public_modulus(order);
553 BOTAN_ARG_CHECK(is_bailie_psw_probable_prime(order, mod_order), "EC_Group order is not prime");
554
555 // This catches someone "ignoring" a cofactor and just trying to
556 // provide the subgroup order
557 BOTAN_ARG_CHECK((p - order).abs().bits() <= (p.bits() / 2) + 1, "Hasse bound invalid");
558
559 // Check that 4*a^3 + 27*b^2 != 0
560 const auto discriminant = mod_p.reduce(mod_p.multiply(BigInt::from_s32(4), mod_p.cube(a)) +
561 mod_p.multiply(BigInt::from_s32(27), mod_p.square(b)));
562 BOTAN_ARG_CHECK(discriminant != 0, "EC_Group discriminant is invalid");
563
564 // Check that the generator (base_x,base_y) is on the curve; y^2 = x^3 + a*x + b
565 auto y2 = mod_p.square(base_y);
566 auto x3_ax_b = mod_p.reduce(mod_p.cube(base_x) + mod_p.multiply(a, base_x) + b);
567 BOTAN_ARG_CHECK(y2 == x3_ax_b, "EC_Group generator is not on the curve");
568
569 const BigInt cofactor(1);
570
571 m_data =
572 ec_group_data().lookup_or_create(p, a, b, base_x, base_y, order, cofactor, oid, EC_Group_Source::ExternalSource);
573}
BOTAN_ARG_CHECK
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:33
Botan::Barrett_Reduction::for_public_modulus
static Barrett_Reduction for_public_modulus(const BigInt &m)
Definition barrett.cpp:34
Botan::BigInt::power_of_2
static BigInt power_of_2(size_t n)
Definition bigint.h:836
Botan::BigInt::from_s32
static BigInt from_s32(int32_t n)
Definition bigint.cpp:42
Botan::BigInt::square
BigInt & square(secure_vector< word > &ws)
Definition big_ops2.cpp:175
Botan::EC_Group::mod_order
BigInt mod_order(const BigInt &x) const
Definition ec_group.h:656
Botan::abs
BigInt abs(const BigInt &n)
Definition numthry.h:22
Botan::is_bailie_psw_probable_prime
bool is_bailie_psw_probable_prime(const BigInt &n, const Barrett_Reduction &mod_n)
Definition primality.cpp:98

References Botan::abs(), Botan::BigInt::bits(), BOTAN_ARG_CHECK, Botan::ExternalSource, Botan::Barrett_Reduction::for_public_modulus(), Botan::BigInt::from_s32(), Botan::OID::has_value(), Botan::is_bailie_psw_probable_prime(), mod_order(), Botan::BigInt::power_of_2(), and Botan::BigInt::set_bit().

◆ EC_Group() [3/9]

Botan::EC_Group::EC_Group ( std::span< const uint8_t > ber)
explicit

Decode a BER encoded ECC domain parameter set

Parameters
berthe bytes of the BER encoding

Definition at line 575 of file ec_group.cpp.

575 {
576 auto data = BER_decode_EC_group(ber, EC_Group_Source::ExternalSource);
577 m_data = data.first;
578 m_explicit_encoding = data.second;
579}

References Botan::ExternalSource.

◆ EC_Group() [4/9]

Botan::EC_Group::EC_Group ( const uint8_t ber[],
size_t ber_len )
inline

Definition at line 166 of file ec_group.h.

166: EC_Group(std::span{ber, ber_len}) {}
Botan::EC_Group::EC_Group
EC_Group()

References EC_Group().

◆ EC_Group() [5/9]

Botan::EC_Group::EC_Group ( const OID & oid)
inlineexplicit

Create an EC domain by OID (or throw if unknown)

Parameters
oidthe OID of the EC domain to create

Definition at line 172 of file ec_group.h.

172{ *this = EC_Group::from_OID(oid); }
Botan::EC_Group::from_OID
static EC_Group from_OID(const OID &oid)
Definition ec_group.cpp:427

References EC_Group(), and from_OID().

◆ EC_Group() [6/9]

Botan::EC_Group::EC_Group ( std::string_view pem_or_oid)
explicit

Create an EC domain from PEM encoding (as from PEM_encode()), or from an OID name (eg "secp256r1", or "1.2.840.10045.3.1.7")

Parameters
pem_or_oidPEM-encoded data, or an OID
Warning
Support for PEM in this function is deprecated. Use EC_Group::from_PEM or EC_Group::from_OID or EC_Group::from_name

Definition at line 452 of file ec_group.cpp.

452 {
453 if(str.empty()) {
454 return; // no initialization / uninitialized
455 }
456
457 try {
458 const OID oid = OID::from_string(str);
459 if(oid.has_value()) {
460 m_data = ec_group_data().lookup(oid);
461 }
462 } catch(...) {}
463
464 if(m_data == nullptr) {
465 if(str.size() > 30 && str.starts_with("-----BEGIN EC PARAMETERS-----")) {
466 // OK try it as PEM ...
467 const auto ber = PEM_Code::decode_check_label(str, "EC PARAMETERS");
468
469 auto data = BER_decode_EC_group(ber, EC_Group_Source::ExternalSource);
470 this->m_data = data.first;
471 this->m_explicit_encoding = data.second;
472 }
473 }
474
475 if(m_data == nullptr) {
476 throw Invalid_Argument(fmt("Unknown ECC group '{}'", str));
477 }
478}
Botan::OID::from_string
static OID from_string(std::string_view str)
Definition asn1_oid.cpp:86
Botan::PEM_Code::decode_check_label
secure_vector< uint8_t > decode_check_label(DataSource &source, std::string_view label_want)
Definition pem.cpp:49
Botan::fmt
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53

References Botan::PEM_Code::decode_check_label(), Botan::ExternalSource, Botan::fmt(), Botan::OID::from_string(), and Botan::OID::has_value().

◆ EC_Group() [7/9]

Botan::EC_Group::EC_Group ( )
default

Create an uninitialized EC_Group

References EC_Group(), and unregister().

Referenced by from_name(), from_OID(), and from_PEM().

◆ ~EC_Group()

Botan::EC_Group::~EC_Group ( )
default

References EC_Group().

◆ EC_Group() [8/9]

Botan::EC_Group::EC_Group ( const EC_Group & )
default

References EC_Group().

◆ EC_Group() [9/9]

Botan::EC_Group::EC_Group ( EC_Group && )
default

References EC_Group().

Member Function Documentation

◆ _data()

const std::shared_ptr< EC_Group_Data > & Botan::EC_Group::_data ( ) const
inline

Definition at line 454 of file ec_group.h.

454{ return m_data; }

Referenced by Botan::EC_AffinePoint::deserialize(), Botan::EC_Scalar::deserialize(), Botan::EC_AffinePoint::EC_AffinePoint(), Botan::EC_Scalar::EC_Scalar(), Botan::EC_Scalar::from_bigint(), Botan::EC_Scalar::from_bytes_mod_order(), Botan::EC_Scalar::from_bytes_with_trunc(), Botan::EC_AffinePoint::hash_to_curve_nu(), Botan::EC_AffinePoint::hash_to_curve_ro(), Botan::EC_Scalar::one(), and Botan::EC_Scalar::random().

◆ a_is_minus_3()

bool Botan::EC_Group::a_is_minus_3 ( ) const
inline

Return if a == -3 mod p

Definition at line 646 of file ec_group.h.

646{ return get_a() + 3 == get_p(); }
Botan::EC_Group::get_a
const BigInt & get_a() const
Definition ec_group.cpp:613
Botan::EC_Group::get_p
const BigInt & get_p() const
Definition ec_group.cpp:609

References a_is_minus_3(), get_a(), and get_p().

Referenced by a_is_minus_3().

◆ a_is_zero()

bool Botan::EC_Group::a_is_zero ( ) const
inline

Return if a == 0 mod p

Definition at line 651 of file ec_group.h.

651{ return get_a().is_zero(); }
Botan::BigInt::is_zero
bool is_zero() const
Definition bigint.h:473

References a_is_zero(), and get_a().

Referenced by a_is_zero().

◆ clear_registered_curve_data()

size_t Botan::EC_Group::clear_registered_curve_data ( )
static

Definition at line 233 of file ec_group.cpp.

233 {
234 return ec_group_data().clear();
235}

◆ cube_mod_order()

BigInt Botan::EC_Group::cube_mod_order ( const BigInt & x) const
inline

Definition at line 699 of file ec_group.h.

699 {
700 auto xs = EC_Scalar::from_bigint(*this, x);
701 return (xs * xs * xs).to_bigint();
702 }
Botan::EC_Scalar::from_bigint
static EC_Scalar from_bigint(const EC_Group &group, const BigInt &bn)
Definition ec_scalar.cpp:69

References cube_mod_order(), and Botan::EC_Scalar::from_bigint().

Referenced by cube_mod_order().

◆ DER_encode() [1/2]

std::vector< uint8_t > Botan::EC_Group::DER_encode ( ) const

Create the DER encoding of this domain, using namedCurve format

Returns
the group information encoded as DER

Definition at line 689 of file ec_group.cpp.

689 {
690 const auto& der_named_curve = data().der_named_curve();
691 // TODO(Botan4) this can be removed because an OID will always be defined
692 if(der_named_curve.empty()) {
693 throw Encoding_Error("Cannot encode EC_Group as OID because OID not set");
694 }
695
696 return der_named_curve;
697}

Referenced by DER_encode(), and PEM_encode().

◆ DER_encode() [2/2]

std::vector< uint8_t > Botan::EC_Group::DER_encode ( EC_Group_Encoding form) const

Create the DER encoding of this domain

Parameters
formof encoding to use
Returns
the group information encoded as DER

Definition at line 699 of file ec_group.cpp.

699 {
700 if(form == EC_Group_Encoding::Explicit) {
701 std::vector<uint8_t> output;
702 DER_Encoder der(output);
703 const size_t ecpVers1 = 1;
704 const OID curve_type("1.2.840.10045.1.1"); // prime field
705
706 const size_t p_bytes = get_p_bytes();
707
708 const auto generator = EC_AffinePoint::generator(*this).serialize_uncompressed();
709
710 der.start_sequence()
711 .encode(ecpVers1)
712 .start_sequence()
713 .encode(curve_type)
714 .encode(get_p())
715 .end_cons()
716 .start_sequence()
717 .encode(get_a().serialize(p_bytes), ASN1_Type::OctetString)
718 .encode(get_b().serialize(p_bytes), ASN1_Type::OctetString)
719 .end_cons()
720 .encode(generator, ASN1_Type::OctetString)
721 .encode(get_order())
722 .encode(get_cofactor())
723 .end_cons();
724 return output;
725 } else if(form == EC_Group_Encoding::NamedCurve) {
726 return this->DER_encode();
727 } else if(form == EC_Group_Encoding::ImplicitCA) {
728 return {0x00, 0x05};
729 } else {
730 throw Internal_Error("EC_Group::DER_encode: Unknown encoding");
731 }
732}
Botan::EC_AffinePoint::serialize_uncompressed
T serialize_uncompressed() const
Definition ec_apoint.h:203
Botan::EC_AffinePoint::generator
static EC_AffinePoint generator(const EC_Group &group)
Return the standard group generator.
Definition ec_apoint.cpp:84
Botan::EC_Group::get_b
const BigInt & get_b() const
Definition ec_group.cpp:617
Botan::EC_Group::get_cofactor
const BigInt & get_cofactor() const
Definition ec_group.cpp:669
Botan::EC_Group::get_order
const BigInt & get_order() const
Definition ec_group.cpp:657
Botan::EC_Group::DER_encode
std::vector< uint8_t > DER_encode() const
Definition ec_group.cpp:689
Botan::EC_Group::get_p_bytes
size_t get_p_bytes() const
Definition ec_group.cpp:597

References DER_encode(), Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::Explicit, Botan::EC_AffinePoint::generator(), get_a(), get_b(), get_cofactor(), get_order(), get_p(), get_p_bytes(), Botan::ImplicitCA, Botan::NamedCurve, Botan::OctetString, Botan::EC_AffinePoint::serialize_uncompressed(), and Botan::DER_Encoder::start_sequence().

Referenced by Botan::EC_PublicKey::DER_domain().

◆ EC_Group_from_PEM()

EC_Group Botan::EC_Group::EC_Group_from_PEM ( std::string_view pem)
inlinestatic

Definition at line 199 of file ec_group.h.

199 {
200 return EC_Group::from_PEM(pem);
201 }
Botan::EC_Group::from_PEM
static EC_Group from_PEM(std::string_view pem)
Definition ec_group.cpp:481

References BOTAN_DEPRECATED, EC_Group(), EC_Group_from_PEM(), and from_PEM().

Referenced by EC_Group_from_PEM().

◆ EC_group_identity_from_order()

OID Botan::EC_Group::EC_group_identity_from_order ( const BigInt & order)
static

Definition at line 356 of file ec_named.cpp.

357 {
358 const uint32_t low_bits = static_cast<uint32_t>(order.word_at(0));
359
360 if(low_bits == 0xFC632551 && order == BigInt("0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551")) {
361 return OID{1, 2, 840, 10045, 3, 1, 7};
362 }
363
364 if(low_bits == 0xCCC52973 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) {
365 return OID{1, 3, 132, 0, 34};
366 }
367
368 if(low_bits == 0x91386409 && order == BigInt("0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409")) {
369 return OID{1, 3, 132, 0, 35};
370 }
371
372 if(low_bits == 0x9E60FC09 && order == BigInt("0xE95E4A5F737059DC60DF5991D45029409E60FC09")) {
373 return OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 1};
374 }
375
376 if(low_bits == 0x9AC4ACC1 && order == BigInt("0xC302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1")) {
377 return OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 3};
378 }
379
380 if(low_bits == 0xA5A7939F && order == BigInt("0xD7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F")) {
381 return OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 5};
382 }
383
384 if(low_bits == 0x974856A7 && order == BigInt("0xA9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7")) {
385 return OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 7};
386 }
387
388 if(low_bits == 0x44C59311 && order == BigInt("0xD35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311")) {
389 return OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 9};
390 }
391
392 if(low_bits == 0xE9046565 && order == BigInt("0x8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565")) {
393 return OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 11};
394 }
395
396 if(low_bits == 0x9CA90069 && order == BigInt("0xAADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069")) {
397 return OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 13};
398 }
399
400 if(low_bits == 0xC6D655E1 && order == BigInt("0xF1FD178C0B3AD58F10126DE8CE42435B53DC67E140D2BF941FFDD459C6D655E1")) {
401 return OID{1, 2, 250, 1, 223, 101, 256, 1};
402 }
403
404 if(low_bits == 0xB761B893 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6C611070995AD10045841B09B761B893")) {
405 return OID{1, 2, 643, 7, 1, 2, 1, 1, 1};
406 }
407
408 if(low_bits == 0x1F10B275 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF27E69532F48D89116FF22B8D4E0560609B4B38ABFAD2B85DCACDB1411F10B275")) {
409 return OID{1, 2, 643, 7, 1, 2, 1, 2, 1};
410 }
411
412 if(low_bits == 0xCA16B6B3 && order == BigInt("0x100000000000000000001B8FA16DFAB9ACA16B6B3")) {
413 return OID{1, 3, 132, 0, 9};
414 }
415
416 if(low_bits == 0xCA752257 && order == BigInt("0x100000000000000000001F4C8F927AED3CA752257")) {
417 return OID{1, 3, 132, 0, 8};
418 }
419
420 if(low_bits == 0xF3A1A16B && order == BigInt("0x100000000000000000000351EE786A818F3A1A16B")) {
421 return OID{1, 3, 132, 0, 30};
422 }
423
424 if(low_bits == 0x74DEFD8D && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D")) {
425 return OID{1, 3, 132, 0, 31};
426 }
427
428 if(low_bits == 0xB4D22831 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831")) {
429 return OID{1, 2, 840, 10045, 3, 1, 1};
430 }
431
432 if(low_bits == 0x769FB1F7 && order == BigInt("0x10000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7")) {
433 return OID{1, 3, 132, 0, 32};
434 }
435
436 if(low_bits == 0x5C5C2A3D && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D")) {
437 return OID{1, 3, 132, 0, 33};
438 }
439
440 if(low_bits == 0xD0364141 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141")) {
441 return OID{1, 3, 132, 0, 10};
442 }
443
444 if(low_bits == 0x39D54123 && order == BigInt("0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123")) {
445 return OID{1, 2, 156, 10197, 1, 301};
446 }
447
448 if(low_bits == 0x48D8DD31 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31")) {
449 return OID{1, 2, 840, 10045, 3, 1, 2};
450 }
451
452 if(low_bits == 0xF640EC13 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13")) {
453 return OID{1, 2, 840, 10045, 3, 1, 3};
454 }
455
456 if(low_bits == 0x88909D0B && order == BigInt("0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B")) {
457 return OID{1, 2, 840, 10045, 3, 1, 4};
458 }
459
460 if(low_bits == 0xBC582063 && order == BigInt("0x7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063")) {
461 return OID{1, 2, 840, 10045, 3, 1, 5};
462 }
463
464 if(low_bits == 0x46526551 && order == BigInt("0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551")) {
465 return OID{1, 2, 840, 10045, 3, 1, 6};
466 }
467
468 if(low_bits == 0x0433555D && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5B3CA4FB94E7831B4FC258ED97D0BDC63B568B36607CD243CE153F390433555D")) {
469 return OID{1, 3, 6, 1, 4, 1, 25258, 4, 3};
470 }
471
472 return OID();
473}

References Botan::BigInt::word_at().

◆ EC_group_info()

std::shared_ptr< EC_Group_Data > Botan::EC_Group::EC_group_info ( const OID & oid)
static

Definition at line 15 of file ec_named.cpp.

15 {
16 // secp256r1
17 if(oid == OID{1, 2, 840, 10045, 3, 1, 7}) {
18 return load_EC_group_info(
19 "0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
20 "0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
21 "0x5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
22 "0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",
23 "0x4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5",
24 "0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",
25 oid);
26 }
27
28 // secp384r1
29 if(oid == OID{1, 3, 132, 0, 34}) {
30 return load_EC_group_info(
31 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF",
32 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC",
33 "0xB3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF",
34 "0xAA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7",
35 "0x3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F",
36 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973",
37 oid);
38 }
39
40 // secp521r1
41 if(oid == OID{1, 3, 132, 0, 35}) {
42 return load_EC_group_info(
43 "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
44 "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",
45 "0x51953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",
46 "0xC6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",
47 "0x11839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650",
48 "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",
49 oid);
50 }
51
52 // brainpool160r1
53 if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 1}) {
54 return load_EC_group_info(
55 "0xE95E4A5F737059DC60DFC7AD95B3D8139515620F",
56 "0x340E7BE2A280EB74E2BE61BADA745D97E8F7C300",
57 "0x1E589A8595423412134FAA2DBDEC95C8D8675E58",
58 "0xBED5AF16EA3F6A4F62938C4631EB5AF7BDBCDBC3",
59 "0x1667CB477A1A8EC338F94741669C976316DA6321",
60 "0xE95E4A5F737059DC60DF5991D45029409E60FC09",
61 oid);
62 }
63
64 // brainpool192r1
65 if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 3}) {
66 return load_EC_group_info(
67 "0xC302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297",
68 "0x6A91174076B1E0E19C39C031FE8685C1CAE040E5C69A28EF",
69 "0x469A28EF7C28CCA3DC721D044F4496BCCA7EF4146FBF25C9",
70 "0xC0A0647EAAB6A48753B033C56CB0F0900A2F5C4853375FD6",
71 "0x14B690866ABD5BB88B5F4828C1490002E6773FA2FA299B8F",
72 "0xC302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1",
73 oid);
74 }
75
76 // brainpool224r1
77 if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 5}) {
78 return load_EC_group_info(
79 "0xD7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF",
80 "0x68A5E62CA9CE6C1C299803A6C1530B514E182AD8B0042A59CAD29F43",
81 "0x2580F63CCFE44138870713B1A92369E33E2135D266DBB372386C400B",
82 "0xD9029AD2C7E5CF4340823B2A87DC68C9E4CE3174C1E6EFDEE12C07D",
83 "0x58AA56F772C0726F24C6B89E4ECDAC24354B9E99CAA3F6D3761402CD",
84 "0xD7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F",
85 oid);
86 }
87
88 // brainpool256r1
89 if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 7}) {
90 return load_EC_group_info(
91 "0xA9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377",
92 "0x7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9",
93 "0x26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6",
94 "0x8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262",
95 "0x547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997",
96 "0xA9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7",
97 oid);
98 }
99
100 // brainpool320r1
101 if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 9}) {
102 return load_EC_group_info(
103 "0xD35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E27",
104 "0x3EE30B568FBAB0F883CCEBD46D3F3BB8A2A73513F5EB79DA66190EB085FFA9F492F375A97D860EB4",
105 "0x520883949DFDBC42D3AD198640688A6FE13F41349554B49ACC31DCCD884539816F5EB4AC8FB1F1A6",
106 "0x43BD7E9AFB53D8B85289BCC48EE5BFE6F20137D10A087EB6E7871E2A10A599C710AF8D0D39E20611",
107 "0x14FDD05545EC1CC8AB4093247F77275E0743FFED117182EAA9C77877AAAC6AC7D35245D1692E8EE1",
108 "0xD35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311",
109 oid);
110 }
111
112 // brainpool384r1
113 if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 11}) {
114 return load_EC_group_info(
115 "0x8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53",
116 "0x7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826",
117 "0x4A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11",
118 "0x1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E",
119 "0x8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315",
120 "0x8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565",
121 oid);
122 }
123
124 // brainpool512r1
125 if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 13}) {
126 return load_EC_group_info(
127 "0xAADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3",
128 "0x7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA",
129 "0x3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723",
130 "0x81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822",
131 "0x7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892",
132 "0xAADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069",
133 oid);
134 }
135
136 // frp256v1
137 if(oid == OID{1, 2, 250, 1, 223, 101, 256, 1}) {
138 return load_EC_group_info(
139 "0xF1FD178C0B3AD58F10126DE8CE42435B3961ADBCABC8CA6DE8FCF353D86E9C03",
140 "0xF1FD178C0B3AD58F10126DE8CE42435B3961ADBCABC8CA6DE8FCF353D86E9C00",
141 "0xEE353FCA5428A9300D4ABA754A44C00FDFEC0C9AE4B1A1803075ED967B7BB73F",
142 "0xB6B3D4C356C139EB31183D4749D423958C27D2DCAF98B70164C97A2DD98F5CFF",
143 "0x6142E0F7C8B204911F9271F0F3ECEF8C2701C307E8E4C9E183115A1554062CFB",
144 "0xF1FD178C0B3AD58F10126DE8CE42435B53DC67E140D2BF941FFDD459C6D655E1",
145 oid);
146 }
147
148 // gost_256A
149 if(oid == OID{1, 2, 643, 7, 1, 2, 1, 1, 1} || oid == OID{1, 2, 643, 2, 2, 35, 1} || oid == OID{1, 2, 643, 2, 2, 36, 0}) {
150 return load_EC_group_info(
151 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD97",
152 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD94",
153 "0xA6",
154 "0x1",
155 "0x8D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14",
156 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6C611070995AD10045841B09B761B893",
157 OID{1, 2, 643, 7, 1, 2, 1, 1, 1});
158 }
159
160 // gost_512A
161 if(oid == OID{1, 2, 643, 7, 1, 2, 1, 2, 1}) {
162 return load_EC_group_info(
163 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC7",
164 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC4",
165 "0xE8C2505DEDFC86DDC1BD0B2B6667F1DA34B82574761CB0E879BD081CFD0B6265EE3CB090F30D27614CB4574010DA90DD862EF9D4EBEE4761503190785A71C760",
166 "0x3",
167 "0x7503CFE87A836AE3A61B8816E25450E6CE5E1C93ACF1ABC1778064FDCBEFA921DF1626BE4FD036E93D75E6A50E3A41E98028FE5FC235F5B889A589CB5215F2A4",
168 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF27E69532F48D89116FF22B8D4E0560609B4B38ABFAD2B85DCACDB1411F10B275",
169 oid);
170 }
171
172 // secp160k1
173 if(oid == OID{1, 3, 132, 0, 9}) {
174 return load_EC_group_info(
175 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
176 "0x0",
177 "0x7",
178 "0x3B4C382CE37AA192A4019E763036F4F5DD4D7EBB",
179 "0x938CF935318FDCED6BC28286531733C3F03C4FEE",
180 "0x100000000000000000001B8FA16DFAB9ACA16B6B3",
181 oid);
182 }
183
184 // secp160r1
185 if(oid == OID{1, 3, 132, 0, 8}) {
186 return load_EC_group_info(
187 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF",
188 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC",
189 "0x1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45",
190 "0x4A96B5688EF573284664698968C38BB913CBFC82",
191 "0x23A628553168947D59DCC912042351377AC5FB32",
192 "0x100000000000000000001F4C8F927AED3CA752257",
193 oid);
194 }
195
196 // secp160r2
197 if(oid == OID{1, 3, 132, 0, 30}) {
198 return load_EC_group_info(
199 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
200 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70",
201 "0xB4E134D3FB59EB8BAB57274904664D5AF50388BA",
202 "0x52DCB034293A117E1F4FF11B30F7199D3144CE6D",
203 "0xFEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E",
204 "0x100000000000000000000351EE786A818F3A1A16B",
205 oid);
206 }
207
208 // secp192k1
209 if(oid == OID{1, 3, 132, 0, 31}) {
210 return load_EC_group_info(
211 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37",
212 "0x0",
213 "0x3",
214 "0xDB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D",
215 "0x9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D",
216 "0xFFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D",
217 oid);
218 }
219
220 // secp192r1
221 if(oid == OID{1, 2, 840, 10045, 3, 1, 1}) {
222 return load_EC_group_info(
223 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
224 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
225 "0x64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1",
226 "0x188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012",
227 "0x7192B95FFC8DA78631011ED6B24CDD573F977A11E794811",
228 "0xFFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",
229 oid);
230 }
231
232 // secp224k1
233 if(oid == OID{1, 3, 132, 0, 32}) {
234 return load_EC_group_info(
235 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D",
236 "0x0",
237 "0x5",
238 "0xA1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C",
239 "0x7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5",
240 "0x10000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7",
241 oid);
242 }
243
244 // secp224r1
245 if(oid == OID{1, 3, 132, 0, 33}) {
246 return load_EC_group_info(
247 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
248 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
249 "0xB4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
250 "0xB70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
251 "0xBD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34",
252 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",
253 oid);
254 }
255
256 // secp256k1
257 if(oid == OID{1, 3, 132, 0, 10}) {
258 return load_EC_group_info(
259 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F",
260 "0x0",
261 "0x7",
262 "0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798",
263 "0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8",
264 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",
265 oid);
266 }
267
268 // sm2p256v1
269 if(oid == OID{1, 2, 156, 10197, 1, 301}) {
270 return load_EC_group_info(
271 "0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF",
272 "0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFC",
273 "0x28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93",
274 "0x32C4AE2C1F1981195F9904466A39C9948FE30BBFF2660BE1715A4589334C74C7",
275 "0xBC3736A2F4F6779C59BDCEE36B692153D0A9877CC62A474002DF32E52139F0A0",
276 "0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123",
277 oid);
278 }
279
280 // x962_p192v2
281 if(oid == OID{1, 2, 840, 10045, 3, 1, 2}) {
282 return load_EC_group_info(
283 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
284 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
285 "0xCC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953",
286 "0xEEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A",
287 "0x6574D11D69B6EC7A672BB82A083DF2F2B0847DE970B2DE15",
288 "0xFFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31",
289 oid);
290 }
291
292 // x962_p192v3
293 if(oid == OID{1, 2, 840, 10045, 3, 1, 3}) {
294 return load_EC_group_info(
295 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
296 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
297 "0x22123DC2395A05CAA7423DAECCC94760A7D462256BD56916",
298 "0x7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896",
299 "0x38A90F22637337334B49DCB66A6DC8F9978ACA7648A943B0",
300 "0xFFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13",
301 oid);
302 }
303
304 // x962_p239v1
305 if(oid == OID{1, 2, 840, 10045, 3, 1, 4}) {
306 return load_EC_group_info(
307 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
308 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
309 "0x6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A",
310 "0xFFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF",
311 "0x7DEBE8E4E90A5DAE6E4054CA530BA04654B36818CE226B39FCCB7B02F1AE",
312 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B",
313 oid);
314 }
315
316 // x962_p239v2
317 if(oid == OID{1, 2, 840, 10045, 3, 1, 5}) {
318 return load_EC_group_info(
319 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
320 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
321 "0x617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C",
322 "0x38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7",
323 "0x5B0125E4DBEA0EC7206DA0FC01D9B081329FB555DE6EF460237DFF8BE4BA",
324 "0x7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063",
325 oid);
326 }
327
328 // x962_p239v3
329 if(oid == OID{1, 2, 840, 10045, 3, 1, 6}) {
330 return load_EC_group_info(
331 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
332 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
333 "0x255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E",
334 "0x6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A",
335 "0x1607E6898F390C06BC1D552BAD226F3B6FCFE48B6E818499AF18E3ED6CF3",
336 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551",
337 oid);
338 }
339
340 // numsp512d1
341 if(oid == OID{1, 3, 6, 1, 4, 1, 25258, 4, 3}) {
342 return load_EC_group_info(
343 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC7",
344 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC4",
345 "0x1D99B",
346 "0x2",
347 "0x1C282EB23327F9711952C250EA61AD53FCC13031CF6DD336E0B9328433AFBDD8CC5A1C1F0C716FDC724DDE537C2B0ADB00BB3D08DC83755B205CC30D7F83CF28",
348 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5B3CA4FB94E7831B4FC258ED97D0BDC63B568B36607CD243CE153F390433555D",
349 oid);
350 }
351
352 return std::shared_ptr<EC_Group_Data>();
353}

◆ engine()

EC_Group_Engine Botan::EC_Group::engine ( ) const

Return how this EC_Group is implemented under the hood

This is mostly useful for diagnostic or debugging purposes

Definition at line 685 of file ec_group.cpp.

685 {
686 return data().engine();
687}

◆ from_name()

EC_Group Botan::EC_Group::from_name ( std::string_view name)
static

Initialize an EC group from a group common name (eg "secp256r1")

Definition at line 438 of file ec_group.cpp.

438 {
439 std::shared_ptr<EC_Group_Data> data;
440
441 if(auto oid = OID::from_name(name)) {
442 data = ec_group_data().lookup(oid.value());
443 }
444
445 if(!data) {
446 throw Invalid_Argument(fmt("Unknown EC_Group '{}'", name));
447 }
448
449 return EC_Group(std::move(data));
450}
Botan::OID::from_name
static std::optional< OID > from_name(std::string_view name)
Definition asn1_oid.cpp:72

References EC_Group(), EC_Group(), Botan::fmt(), and Botan::OID::from_name().

Referenced by botan_ec_group_from_name(), Botan::create_private_key(), Botan::TLS::Callbacks::tls_deserialize_peer_public_key(), and Botan::TLS::Callbacks::tls_generate_ephemeral_key().

◆ from_OID()

EC_Group Botan::EC_Group::from_OID ( const OID & oid)
static

Initialize an EC group from a group named by an object identifier

Definition at line 427 of file ec_group.cpp.

427 {
428 auto data = ec_group_data().lookup(oid);
429
430 if(!data) {
431 throw Invalid_Argument(fmt("No EC_Group associated with OID '{}'", oid.to_string()));
432 }
433
434 return EC_Group(std::move(data));
435}

References EC_Group(), EC_Group(), Botan::fmt(), and Botan::OID::to_string().

Referenced by botan_ec_group_from_oid(), EC_Group(), and Botan::GOST_3410_PublicKey::GOST_3410_PublicKey().

◆ from_PEM()

EC_Group Botan::EC_Group::from_PEM ( std::string_view pem)
static

Initialize an EC group from the PEM/ASN.1 encoding

Definition at line 481 of file ec_group.cpp.

481 {
482 const auto ber = PEM_Code::decode_check_label(pem, "EC PARAMETERS");
483 return EC_Group(ber);
484}

References Botan::PEM_Code::decode_check_label(), EC_Group(), and EC_Group().

Referenced by botan_ec_group_from_pem(), and EC_Group_from_PEM().

◆ get_a()

const BigInt & Botan::EC_Group::get_a ( ) const

Return the a parameter of the elliptic curve equation

Definition at line 613 of file ec_group.cpp.

613 {
614 return data().a();
615}

Referenced by a_is_minus_3(), a_is_zero(), DER_encode(), Botan::EC_PublicKey::get_int_field(), operator==(), Botan::sm2_compute_za(), and verify_group().

◆ get_b()

const BigInt & Botan::EC_Group::get_b ( ) const

Return the b parameter of the elliptic curve equation

Definition at line 617 of file ec_group.cpp.

617 {
618 return data().b();
619}

Referenced by DER_encode(), Botan::EC_PublicKey::get_int_field(), operator==(), Botan::sm2_compute_za(), and verify_group().

◆ get_cofactor()

const BigInt & Botan::EC_Group::get_cofactor ( ) const

Return the cofactor

Returns
the cofactor TODO(Botan4): Remove this

Definition at line 669 of file ec_group.cpp.

669 {
670 return data().cofactor();
671}

Referenced by DER_encode(), Botan::EC_PublicKey::get_int_field(), operator==(), and verify_group().

◆ get_curve_oid()

const OID & Botan::EC_Group::get_curve_oid ( ) const

Return the OID of these domain parameters

Returns
the OID

Definition at line 677 of file ec_group.cpp.

677 {
678 return data().oid();
679}

Referenced by Botan::GOST_3410_PublicKey::algorithm_identifier(), and Botan::TPM2::EC_PrivateKey::create_unrestricted_transient().

◆ get_g_x()

const BigInt & Botan::EC_Group::get_g_x ( ) const

Return the x coordinate of the base point

Definition at line 661 of file ec_group.cpp.

661 {
662 return data().g_x();
663}

Referenced by Botan::EC_AffinePoint::generator(), Botan::EC_PublicKey::get_int_field(), operator==(), and Botan::sm2_compute_za().

◆ get_g_y()

const BigInt & Botan::EC_Group::get_g_y ( ) const

Return the y coordinate of the base point

Definition at line 665 of file ec_group.cpp.

665 {
666 return data().g_y();
667}

Referenced by Botan::EC_AffinePoint::generator(), Botan::EC_PublicKey::get_int_field(), operator==(), and Botan::sm2_compute_za().

◆ get_order()

const BigInt & Botan::EC_Group::get_order ( ) const

Return the order of the base point

Returns
order of the base point

Definition at line 657 of file ec_group.cpp.

657 {
658 return data().order();
659}

Referenced by DER_encode(), Botan::EC_PublicKey::get_int_field(), operator==(), and verify_group().

◆ get_order_bits()

size_t Botan::EC_Group::get_order_bits ( ) const

Return the size of group order in bits (same as get_order().bits())

Definition at line 601 of file ec_group.cpp.

601 {
602 return data().order_bits();
603}

Referenced by Botan::EC_Scalar::hash().

◆ get_order_bytes()

size_t Botan::EC_Group::get_order_bytes ( ) const

Return the size of the group order in bytes (same as get_order().bytes())

Definition at line 605 of file ec_group.cpp.

605 {
606 return data().order_bytes();
607}

Referenced by Botan::ECDSA_PublicKey::_signature_element_size_for_DER_encoding(), Botan::GOST_3410_PublicKey::_signature_element_size_for_DER_encoding(), and Botan::SM2_PublicKey::_signature_element_size_for_DER_encoding().

◆ get_p()

const BigInt & Botan::EC_Group::get_p ( ) const

Return the prime modulus of the field

Definition at line 609 of file ec_group.cpp.

609 {
610 return data().p();
611}

Referenced by a_is_minus_3(), DER_encode(), Botan::EC_AffinePoint::from_bigint_xy(), Botan::EC_PublicKey::get_int_field(), operator==(), and verify_group().

◆ get_p_bits()

size_t Botan::EC_Group::get_p_bits ( ) const

Return the size of p in bits (same as get_p().bits())

Definition at line 593 of file ec_group.cpp.

593 {
594 return data().p_bits();
595}

Referenced by Botan::GOST_3410_PublicKey::algo_name(), and Botan::EC_PublicKey::key_length().

◆ get_p_bytes()

size_t Botan::EC_Group::get_p_bytes ( ) const

Return the size of p in bytes (same as get_p().bytes())

Definition at line 597 of file ec_group.cpp.

597 {
598 return data().p_bytes();
599}

Referenced by DER_encode(), Botan::EC_AffinePoint::from_bigint_xy(), point_size(), and Botan::sm2_compute_za().

◆ has_cofactor()

bool Botan::EC_Group::has_cofactor ( ) const

Return true if the cofactor is > 1 TODO(Botan4): Remove this

Definition at line 673 of file ec_group.cpp.

673 {
674 return data().has_cofactor();
675}

◆ initialized()

bool Botan::EC_Group::initialized ( ) const
inline

Definition at line 226 of file ec_group.h.

226{ return (m_data != nullptr); }

References initialized().

Referenced by initialized().

◆ inverse_mod_order()

BigInt Botan::EC_Group::inverse_mod_order ( const BigInt & x) const
inline

Definition at line 663 of file ec_group.h.

663 {
664 return EC_Scalar::from_bigint(*this, x).invert().to_bigint();
665 }
Botan::EC_Scalar::to_bigint
BigInt to_bigint() const
Definition ec_scalar.cpp:77
Botan::EC_Scalar::invert
EC_Scalar invert() const
Definition ec_scalar.cpp:137

References Botan::EC_Scalar::from_bigint(), and inverse_mod_order().

Referenced by inverse_mod_order().

◆ known_named_groups()

const std::set< std::string > & Botan::EC_Group::known_named_groups ( )
static

Return a set of known named EC groups

This returns the set of groups for which from_name should succeed Note that the set of included groups can vary based on the build configuration.

Definition at line 476 of file ec_named.cpp.

476 {
477 static const std::set<std::string> named_groups = {
478#if defined(BOTAN_HAS_PCURVES_BRAINPOOL256R1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
479 "brainpool256r1",
480#endif
481
482#if defined(BOTAN_HAS_PCURVES_BRAINPOOL384R1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
483 "brainpool384r1",
484#endif
485
486#if defined(BOTAN_HAS_PCURVES_BRAINPOOL512R1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
487 "brainpool512r1",
488#endif
489
490#if defined(BOTAN_HAS_PCURVES_FRP256V1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
491 "frp256v1",
492#endif
493
494#if defined(BOTAN_HAS_PCURVES_NUMSP512D1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
495 "numsp512d1",
496#endif
497
498#if defined(BOTAN_HAS_PCURVES_SECP192R1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
499 "secp192r1",
500#endif
501
502#if defined(BOTAN_HAS_PCURVES_SECP224R1) || defined(BOTAN_HAS_LEGACY_EC_POINT)
503 // Not supported by pcurves_generic
504 "secp224r1",
505#endif
506
507#if defined(BOTAN_HAS_PCURVES_SECP256K1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
508 "secp256k1",
509#endif
510
511#if defined(BOTAN_HAS_PCURVES_SECP256R1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
512 "secp256r1",
513#endif
514
515#if defined(BOTAN_HAS_PCURVES_SECP384R1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
516 "secp384r1",
517#endif
518
519#if defined(BOTAN_HAS_PCURVES_SECP521R1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
520 "secp521r1",
521#endif
522
523#if defined(BOTAN_HAS_PCURVES_SM2P256V1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
524 "sm2p256v1",
525#endif
526
527#if defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
528 "brainpool192r1",
529 "brainpool224r1",
530 "brainpool320r1",
531 "gost_256A",
532 "gost_512A",
533 "secp192k1",
534 "x962_p192v2",
535 "x962_p192v3",
536 "x962_p239v1",
537 "x962_p239v2",
538 "x962_p239v3",
539#endif
540
541#if defined(BOTAN_HAS_LEGACY_EC_POINT)
542 "brainpool160r1",
543 "secp160k1",
544 "secp160r1",
545 "secp160r2",
546 "secp224k1",
547#endif
548 };
549
550 return named_groups;
551}

Referenced by supports_named_group().

◆ mod_order()

BigInt Botan::EC_Group::mod_order ( const BigInt & x) const
inline

Definition at line 656 of file ec_group.h.

656 {
657 return EC_Scalar::from_bytes_mod_order(*this, x.serialize()).to_bigint();
658 }
Botan::EC_Scalar::from_bytes_mod_order
static EC_Scalar from_bytes_mod_order(const EC_Group &group, std::span< const uint8_t > bytes)
Definition ec_scalar.cpp:53

References Botan::EC_Scalar::from_bytes_mod_order(), and mod_order().

Referenced by EC_Group(), and mod_order().

◆ multiply_mod_order() [1/2]

BigInt Botan::EC_Group::multiply_mod_order ( const BigInt & x,
const BigInt & y ) const
inline

Definition at line 679 of file ec_group.h.

679 {
680 auto xs = EC_Scalar::from_bigint(*this, x);
681 auto ys = EC_Scalar::from_bigint(*this, y);
682 return (xs * ys).to_bigint();
683 }

References Botan::EC_Scalar::from_bigint(), and multiply_mod_order().

Referenced by multiply_mod_order(), and multiply_mod_order().

◆ multiply_mod_order() [2/2]

BigInt Botan::EC_Group::multiply_mod_order ( const BigInt & x,
const BigInt & y,
const BigInt & z ) const
inline

Definition at line 689 of file ec_group.h.

689 {
690 auto xs = EC_Scalar::from_bigint(*this, x);
691 auto ys = EC_Scalar::from_bigint(*this, y);
692 auto zs = EC_Scalar::from_bigint(*this, z);
693 return (xs * ys * zs).to_bigint();
694 }

References Botan::EC_Scalar::from_bigint(), and multiply_mod_order().

◆ operator=() [1/2]

EC_Group & Botan::EC_Group::operator= ( const EC_Group & )
default

References EC_Group().

◆ operator=() [2/2]

EC_Group & Botan::EC_Group::operator= ( EC_Group && )
default

References EC_Group().

◆ operator==()

bool Botan::EC_Group::operator== ( const EC_Group & other) const

Definition at line 739 of file ec_group.cpp.

739 {
740 if(m_data == other.m_data) {
741 return true; // same shared rep
742 }
743
744 return (get_p() == other.get_p() && get_a() == other.get_a() && get_b() == other.get_b() &&
745 get_g_x() == other.get_g_x() && get_g_y() == other.get_g_y() && get_order() == other.get_order() &&
746 get_cofactor() == other.get_cofactor());
747}
Botan::EC_Group::get_g_y
const BigInt & get_g_y() const
Definition ec_group.cpp:665
Botan::EC_Group::get_g_x
const BigInt & get_g_x() const
Definition ec_group.cpp:661

References EC_Group(), get_a(), get_b(), get_cofactor(), get_g_x(), get_g_y(), get_order(), and get_p().

◆ PEM_encode()

std::string Botan::EC_Group::PEM_encode ( EC_Group_Encoding form = EC_Group_Encoding::Explicit) const

Return the PEM encoding

Returns
string containing PEM data
Warning
In Botan4 the form parameter will be removed and only namedCurve will be supported

TODO(Botan4) remove the argument

Definition at line 734 of file ec_group.cpp.

734 {
735 const std::vector<uint8_t> der = DER_encode(form);
736 return PEM_Code::encode(der, "EC PARAMETERS");
737}
Botan::PEM_Code::encode
std::string encode(const uint8_t der[], size_t length, std::string_view label, size_t width)
Definition pem.cpp:39

References DER_encode(), and Botan::PEM_Code::encode().

◆ point_size()

size_t Botan::EC_Group::point_size ( EC_Point_Format format) const
inline

Definition at line 704 of file ec_group.h.

704 {
705 // Hybrid and standard format are (x,y), compressed is y, +1 format byte
706 if(format == EC_Point_Format::Compressed) {
707 return (1 + get_p_bytes());
708 } else {
709 return (1 + 2 * get_p_bytes());
710 }
711 }

References Botan::Compressed, get_p_bytes(), and point_size().

Referenced by point_size().

◆ source()

EC_Group_Source Botan::EC_Group::source ( ) const

Definition at line 681 of file ec_group.cpp.

681 {
682 return data().source();
683}

Referenced by verify_group().

◆ square_mod_order()

BigInt Botan::EC_Group::square_mod_order ( const BigInt & x) const
inline

Definition at line 670 of file ec_group.h.

670 {
671 auto xs = EC_Scalar::from_bigint(*this, x);
672 xs.square_self();
673 return xs.to_bigint();
674 }

References Botan::EC_Scalar::from_bigint(), and square_mod_order().

Referenced by square_mod_order().

◆ supports_application_specific_group()

bool Botan::EC_Group::supports_application_specific_group ( )
static

Return true if in this build configuration it is possible to register an application specific elliptic curve.

Definition at line 409 of file ec_group.cpp.

409 {
410#if defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
411 return true;
412#else
413 return false;
414#endif
415}

Referenced by botan_ec_group_supports_application_specific_group().

◆ supports_application_specific_group_with_cofactor()

bool Botan::EC_Group::supports_application_specific_group_with_cofactor ( )
static

Return true if in this build configuration it is possible to register an application specific elliptic curve with a cofactor larger than 1.

Definition at line 418 of file ec_group.cpp.

418 {
419#if defined(BOTAN_HAS_LEGACY_EC_POINT)
420 return true;
421#else
422 return false;
423#endif
424}

◆ supports_named_group()

bool Botan::EC_Group::supports_named_group ( std::string_view name)
static

Return true if in this build configuration EC_Group::from_name(name) will succeed

Definition at line 404 of file ec_group.cpp.

404 {
405 return EC_Group::known_named_groups().contains(std::string(name));
406}
Botan::EC_Group::known_named_groups
static const std::set< std::string > & known_named_groups()
Definition ec_named.cpp:476

References known_named_groups().

Referenced by botan_ec_group_supports_named_group(), and Botan::create_private_key().

◆ unregister()

bool Botan::EC_Group::unregister ( const OID & oid)
static

Unregister a previously registered group.

Using this is discouraged for normal use. This is only useful or necessary if you are registering a very large number of distinct groups, and need to worry about memory constraints.

Returns true if the group was found and unregistered.

Definition at line 582 of file ec_group.cpp.

582 {
583 return ec_group_data().unregister(oid);
584}

Referenced by botan_ec_group_unregister(), and EC_Group().

◆ used_explicit_encoding()

bool Botan::EC_Group::used_explicit_encoding ( ) const
inline

Return true if this EC_Group was derived from an explicit encoding

Explicit encoding of groups is deprecated; when support for explicit curves is removed in a future major release, this function will also be removed.

Definition at line 262 of file ec_group.h.

262{ return m_explicit_encoding; }

Referenced by botan_pubkey_ecc_key_used_explicit_encoding().

◆ verify_group()

bool Botan::EC_Group::verify_group ( RandomNumberGenerator & rng,
bool strong = false ) const

Verify EC_Group domain

Returns
true if group is valid. false otherwise

Definition at line 749 of file ec_group.cpp.

749 {
750 const bool is_builtin = source() == EC_Group_Source::Builtin;
751
752 if(is_builtin && !strong) {
753 return true;
754 }
755
756 // TODO(Botan4) this can probably all be removed once the deprecated EC_Group
757 // constructor is removed, since at that point it no longer becomes possible
758 // to create an EC_Group which fails to satisfy these conditions
759
760 const BigInt& p = get_p();
761 const BigInt& a = get_a();
762 const BigInt& b = get_b();
763 const BigInt& order = get_order();
764
765 if(p <= 3 || order <= 0) {
766 return false;
767 }
768 if(a < 0 || a >= p) {
769 return false;
770 }
771 if(b <= 0 || b >= p) {
772 return false;
773 }
774
775 const size_t test_prob = 128;
776 const bool is_randomly_generated = is_builtin;
777
778 //check if field modulus is prime
779 if(!is_prime(p, rng, test_prob, is_randomly_generated)) {
780 return false;
781 }
782
783 //check if order is prime
784 if(!is_prime(order, rng, test_prob, is_randomly_generated)) {
785 return false;
786 }
787
788 //compute the discriminant: 4*a^3 + 27*b^2 which must be nonzero
789 auto mod_p = Barrett_Reduction::for_public_modulus(p);
790
791 const BigInt discriminant = mod_p.reduce(mod_p.multiply(BigInt::from_s32(4), mod_p.cube(a)) +
792 mod_p.multiply(BigInt::from_s32(27), mod_p.square(b)));
793
794 if(discriminant == 0) {
795 return false;
796 }
797
798 //check for valid cofactor
799 if(get_cofactor() < 1) {
800 return false;
801 }
802
803#if defined(BOTAN_HAS_LEGACY_EC_POINT)
804 const EC_Point& base_point = get_base_point();
805 //check if the base point is on the curve
806 if(!base_point.on_the_curve()) {
807 return false;
808 }
809 if((base_point * get_cofactor()).is_zero()) {
810 return false;
811 }
812 //check if order of the base point is correct
813 if(!(base_point * order).is_zero()) {
814 return false;
815 }
816#endif
817
818 // check the Hasse bound (roughly)
819 if((p - get_cofactor() * order).abs().bits() > (p.bits() / 2) + 1) {
820 return false;
821 }
822
823 return true;
824}
Botan::EC_Group::source
EC_Group_Source source() const
Definition ec_group.cpp:681
Botan::is_prime
bool is_prime(const BigInt &n, RandomNumberGenerator &rng, size_t prob, bool is_random)
Definition numthry.cpp:381

References Botan::abs(), Botan::BigInt::bits(), Botan::Builtin, Botan::Barrett_Reduction::for_public_modulus(), Botan::BigInt::from_s32(), get_a(), get_b(), get_cofactor(), get_order(), get_p(), Botan::is_prime(), Botan::EC_Point::on_the_curve(), and source().

Referenced by Botan::EC_PublicKey::check_key().

The documentation for this class was generated from the following files:
Generated by doxygen 1.15.0