Botan::EC_Group Class Referencefinal
#include <ec_group.h>
Classes | |
| class | Mul2Table |
| Table for computing g*x + h*y. More... | |
Public Member Functions | |
| const std::shared_ptr< EC_Group_Data > & | _data () const |
| bool | a_is_minus_3 () const |
| bool | a_is_zero () const |
| EC_Point | blinded_base_point_multiply (const BigInt &k_bn, RandomNumberGenerator &rng, std::vector< BigInt > &ws) const |
| BigInt | blinded_base_point_multiply_x (const BigInt &k_bn, RandomNumberGenerator &rng, std::vector< BigInt > &ws) const |
| EC_Point | blinded_var_point_multiply (const EC_Point &point, const BigInt &k_bn, RandomNumberGenerator &rng, std::vector< BigInt > &ws) const |
| BigInt | cube_mod_order (const BigInt &x) const |
| std::vector< uint8_t > | DER_encode () const |
| std::vector< uint8_t > | DER_encode (EC_Group_Encoding form) const |
| EC_Group () | |
| EC_Group (const BigInt &p, const BigInt &a, const BigInt &b, const BigInt &base_x, const BigInt &base_y, const BigInt &order, const BigInt &cofactor, const OID &oid=OID()) | |
| EC_Group (const EC_Group &) | |
| EC_Group (const OID &oid) | |
| EC_Group (const OID &oid, const BigInt &p, const BigInt &a, const BigInt &b, const BigInt &base_x, const BigInt &base_y, const BigInt &order) | |
| EC_Group (const uint8_t ber[], size_t ber_len) | |
| EC_Group (EC_Group &&)=default | |
| EC_Group (std::span< const uint8_t > ber) | |
| EC_Group (std::string_view pem_or_oid) | |
| const EC_Point & | generator () const |
| const BigInt & | get_a () const |
| const BigInt & | get_b () const |
| const EC_Point & | get_base_point () const |
| const BigInt & | get_cofactor () const |
| const OID & | get_curve_oid () const |
| const BigInt & | get_g_x () const |
| const BigInt & | get_g_y () const |
| const BigInt & | get_order () const |
| size_t | get_order_bits () const |
| size_t | get_order_bytes () const |
| const BigInt & | get_p () const |
| size_t | get_p_bits () const |
| size_t | get_p_bytes () const |
| bool | has_cofactor () const |
| EC_Point | hash_to_curve (std::string_view hash_fn, const uint8_t input[], size_t input_len, const uint8_t domain_sep[], size_t domain_sep_len, bool random_oracle=true) const |
| EC_Point | hash_to_curve (std::string_view hash_fn, const uint8_t input[], size_t input_len, std::string_view domain_sep, bool random_oracle=true) const |
| bool | initialized () const |
| BigInt | inverse_mod_order (const BigInt &x) const |
| BigInt | mod_order (const BigInt &x) const |
| BigInt | multiply_mod_order (const BigInt &x, const BigInt &y) const |
| BigInt | multiply_mod_order (const BigInt &x, const BigInt &y, const BigInt &z) const |
| EC_Group & | operator= (const EC_Group &) |
| EC_Group & | operator= (EC_Group &&)=default |
| bool | operator== (const EC_Group &other) const |
| EC_Point | OS2ECP (const uint8_t bits[], size_t len) const |
| EC_Point | OS2ECP (std::span< const uint8_t > encoded_point) const |
| std::string | PEM_encode () const |
| EC_Point | point (const BigInt &x, const BigInt &y) const |
| EC_Point | point_multiply (const BigInt &x_bn, const EC_Point &h_pt, const BigInt &y_bn) const |
| size_t | point_size (EC_Point_Format format) const |
| BigInt | random_scalar (RandomNumberGenerator &rng) const |
| EC_Group_Source | source () const |
| BigInt | square_mod_order (const BigInt &x) const |
| bool | used_explicit_encoding () const |
| bool | verify_group (RandomNumberGenerator &rng, bool strong=false) const |
| bool | verify_public_element (const EC_Point &y) const |
| EC_Point | zero_point () const |
| ~EC_Group () | |
Static Public Member Functions | |
| static size_t | clear_registered_curve_data () |
| static EC_Group | EC_Group_from_PEM (std::string_view pem) |
| static OID | EC_group_identity_from_order (const BigInt &order) |
| static std::shared_ptr< EC_Group_Data > | EC_group_info (const OID &oid) |
| static EC_Group | from_name (std::string_view name) |
| static EC_Group | from_OID (const OID &oid) |
| static EC_Group | from_PEM (std::string_view pem) |
| static const std::set< std::string > & | known_named_groups () |
Detailed Description
Class representing an elliptic curve
The internal representation is stored in a shared_ptr, so copying an EC_Group is inexpensive.
Definition at line 51 of file ec_group.h.
Constructor & Destructor Documentation
◆ EC_Group() [1/9]
| Botan::EC_Group::EC_Group | ( | const BigInt & | p, |
| const BigInt & | a, | ||
| const BigInt & | b, | ||
| const BigInt & | base_x, | ||
| const BigInt & | base_y, | ||
| const BigInt & | order, | ||
| const BigInt & | cofactor, | ||
| const OID & | oid = OID() ) |
Construct elliptic curve from the specified parameters
This is used for example to create custom (application-specific) curves.
- Parameters
-
p the elliptic curve p a the elliptic curve a param b the elliptic curve b param base_x the x coordinate of the base point base_y the y coordinate of the base point order the order of the base point cofactor the cofactor oid an optional OID used to identify this curve
- Warning
- This constructor is deprecated and will be removed in Botan 4
- support for cofactors > 1 is deprecated and will be removed
- support for prime fields > 521 bits is deprecated and will be removed.
- Support for explicitly encoded curve parameters is deprecated. An OID must be assigned.
Definition at line 355 of file ec_group.cpp.
362 {
363 m_data =
364 ec_group_data().lookup_or_create(p, a, b, base_x, base_y, order, cofactor, oid, EC_Group_Source::ExternalSource);
365}
@ ExternalSource
References Botan::b, and Botan::ExternalSource.
◆ EC_Group() [2/9]
| Botan::EC_Group::EC_Group | ( | const OID & | oid, |
| const BigInt & | p, | ||
| const BigInt & | a, | ||
| const BigInt & | b, | ||
| const BigInt & | base_x, | ||
| const BigInt & | base_y, | ||
| const BigInt & | order ) |
Construct elliptic curve from the specified parameters
This is used for example to create custom (application-specific) curves.
Unlike the deprecated constructor, this constructor imposes additional restrictions on the parameters, namely:
- The prime must be at least 128 bits and at most 512 bits, and a multiple of 32 bits.
- As an extension of the above restriction, the prime can also be exactly the 521-bit Mersenne prime (2**521-1)
- The prime must be congruent to 3 modulo 4
- The group order must have the same bit length as the prime (It is allowed for the order to be larger than p, but they must have the same bit length)
- An object identifier must be provided
- There must be no cofactor
- Warning
- use only elliptic curve parameters that you trust
- Parameters
-
oid an object identifier used to identify this curve p the elliptic curve prime (at most 521 bits) a the elliptic curve a param b the elliptic curve b param base_x the x coordinate of the group generator base_y the y coordinate of the group generator order the order of the group
Definition at line 367 of file ec_group.cpp.
373 {
377
378 if(p.bits() == 521) {
379 BOTAN_ARG_CHECK(p == BigInt::power_of_2(521) - 1, "EC_Group with p of 521 bits must be 2**521-1");
380 } else {
382 }
383
385
390 BOTAN_ARG_CHECK(p.bits() == order.bits(), "EC_Group p and order must have the same number of bits");
391
394
395 // This catches someone "ignoring" a cofactor and just trying to
396 // provide the subgroup order
398
399 BigInt cofactor(1);
400
401 m_data =
402 ec_group_data().lookup_or_create(p, a, b, base_x, base_y, order, cofactor, oid, EC_Group_Source::ExternalSource);
403}
bool is_bailie_psw_probable_prime(const BigInt &n, const Modular_Reducer &mod_n)
Definition primality.cpp:89
References Botan::abs(), Botan::b, Botan::BigInt::bits(), BOTAN_ARG_CHECK, Botan::ExternalSource, Botan::OID::has_value(), Botan::is_bailie_psw_probable_prime(), and Botan::BigInt::power_of_2().
◆ EC_Group() [3/9]
|
explicit |
Decode a BER encoded ECC domain parameter set
- Parameters
-
ber the bytes of the BER encoding
Definition at line 405 of file ec_group.cpp.
405 {
407 m_data = data.first;
408 m_explicit_encoding = data.second;
409}
References Botan::ExternalSource.
◆ EC_Group() [4/9]
|
inline |
Definition at line 131 of file ec_group.h.
131: EC_Group(std::span{ber, ber_len}) {}
EC_Group()
◆ EC_Group() [5/9]
|
inlineexplicit |
Create an EC domain by OID (or throw if unknown)
- Parameters
-
oid the OID of the EC domain to create
Definition at line 137 of file ec_group.h.
◆ EC_Group() [6/9]
|
explicit |
Create an EC domain from PEM encoding (as from PEM_encode()), or from an OID name (eg "secp256r1", or "1.2.840.10045.3.1.7")
- Parameters
-
pem_or_oid PEM-encoded data, or an OID
- Warning
- Support for PEM in this function is deprecated. Use EC_Group::from_PEM or EC_Group::from_OID or EC_Group::from_name
Definition at line 321 of file ec_group.cpp.
321 {
322 if(str.empty()) {
323 return; // no initialization / uninitialized
324 }
325
326 try {
328 if(oid.has_value()) {
329 m_data = ec_group_data().lookup(oid);
330 }
331 } catch(...) {}
332
333 if(m_data == nullptr) {
334 if(str.size() > 30 && str.substr(0, 29) == "-----BEGIN EC PARAMETERS-----") {
335 // OK try it as PEM ...
337
339 this->m_data = data.first;
340 this->m_explicit_encoding = data.second;
341 }
342 }
343
344 if(m_data == nullptr) {
346 }
347}
secure_vector< uint8_t > decode_check_label(DataSource &source, std::string_view label_want)
Definition pem.cpp:49
References Botan::PEM_Code::decode_check_label(), Botan::ExternalSource, Botan::fmt(), Botan::OID::from_string(), and Botan::OID::has_value().
◆ EC_Group() [7/9]
|
default |
Create an uninitialized EC_Group
Referenced by from_name(), from_OID(), and from_PEM().
◆ ~EC_Group()
|
default |
◆ EC_Group() [8/9]
|
default |
◆ EC_Group() [9/9]
|
default |
Member Function Documentation
◆ _data()
|
inline |
Definition at line 370 of file ec_group.h.
370{ return m_data; }
Referenced by Botan::EC_AffinePoint::deserialize(), Botan::EC_Scalar::deserialize(), Botan::EC_AffinePoint::EC_AffinePoint(), Botan::EC_Scalar::EC_Scalar(), Botan::EC_Scalar::from_bigint(), Botan::EC_Scalar::from_bytes_mod_order(), Botan::EC_Scalar::from_bytes_with_trunc(), Botan::EC_AffinePoint::hash_to_curve_nu(), Botan::EC_AffinePoint::hash_to_curve_ro(), Botan::EC_Scalar::one(), and Botan::EC_Scalar::random().
◆ a_is_minus_3()
|
inline |
◆ a_is_zero()
|
inline |
◆ blinded_base_point_multiply()
|
inline |
Blinded point multiplication, attempts resistance to side channels
- Parameters
-
k_bn the scalar rng a random number generator ws a temp workspace
- Returns
- base_point*k
Definition at line 427 of file ec_group.h.
427 {
430 return pt.to_legacy_point();
431 }
static EC_AffinePoint g_mul(const EC_Scalar &scalar, RandomNumberGenerator &rng, std::vector< BigInt > &ws)
Definition ec_apoint.cpp:105
static EC_Scalar from_bigint(const EC_Group &group, const BigInt &bn)
Definition ec_scalar.cpp:65
◆ blinded_base_point_multiply_x()
|
inline |
Blinded point multiplication, attempts resistance to side channels Returns just the x coordinate of the point
- Parameters
-
k_bn the scalar rng a random number generator ws a temp workspace
- Returns
- x coordinate of base_point*k
Definition at line 444 of file ec_group.h.
444 {
447 }
◆ blinded_var_point_multiply()
|
inline |
Blinded point multiplication, attempts resistance to side channels
- Parameters
-
point input point k_bn the scalar rng a random number generator ws a temp workspace
- Returns
- point*k
Definition at line 458 of file ec_group.h.
461 {
464 return pt.mul(k, rng, ws).to_legacy_point();
465 }
EC_Point point(const BigInt &x, const BigInt &y) const
Definition ec_group.h:594
◆ clear_registered_curve_data()
|
static |
Definition at line 182 of file ec_group.cpp.
182 {
183 return ec_group_data().clear();
184}
◆ cube_mod_order()
Definition at line 586 of file ec_group.h.
◆ DER_encode() [1/2]
| std::vector< uint8_t > Botan::EC_Group::DER_encode | ( | ) | const |
Create the DER encoding of this domain, using namedCurve format
- Returns
- the group information encoded as DER
Definition at line 486 of file ec_group.cpp.
486 {
488 // TODO(Botan4) this can be removed because an OID will always be defined
489 if(der_named_curve.empty()) {
490 throw Encoding_Error("Cannot encode EC_Group as OID because OID not set");
491 }
492
493 return der_named_curve;
494}
const std::vector< uint8_t > & der_named_curve() const
Definition ec_inner_data.h:142
Referenced by DER_encode(), and PEM_encode().
◆ DER_encode() [2/2]
| std::vector< uint8_t > Botan::EC_Group::DER_encode | ( | EC_Group_Encoding | form | ) | const |
Create the DER encoding of this domain
- Parameters
-
form of encoding to use
- Returns
- the group information encoded as DER
Definition at line 496 of file ec_group.cpp.
496 {
498 std::vector<uint8_t> output;
499 DER_Encoder der(output);
500 const size_t ecpVers1 = 1;
501 const OID curve_type("1.2.840.10045.1.1"); // prime field
502
504
505 der.start_sequence()
506 .encode(ecpVers1)
507 .start_sequence()
508 .encode(curve_type)
509 .encode(get_p())
510 .end_cons()
511 .start_sequence()
514 .end_cons()
516 .encode(get_order())
517 .encode(get_cofactor())
518 .end_cons();
519 return output;
523 return {0x00, 0x05};
524 } else {
526 }
527}
@ Internal_Error
std::string encode(const uint8_t der[], size_t length, std::string_view label, size_t width)
Definition pem.cpp:39
@ OctetString
@ Uncompressed
@ NamedCurve
@ ImplicitCA
@ Explicit
References DER_encode(), Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::Explicit, get_a(), get_b(), get_base_point(), get_cofactor(), get_order(), get_p(), get_p_bytes(), Botan::ImplicitCA, Botan::NamedCurve, Botan::OctetString, Botan::DER_Encoder::start_sequence(), and Botan::Uncompressed.
Referenced by Botan::EC_PublicKey::DER_domain(), and Botan::TLS::Signature_Scheme::key_algorithm_identifier().
◆ EC_Group_from_PEM()
|
inlinestatic |
Definition at line 164 of file ec_group.h.
164 {
166 }
◆ EC_group_identity_from_order()
Definition at line 356 of file ec_named.cpp.
357 {
358 const uint32_t low_bits = static_cast<uint32_t>(order.word_at(0));
359
360 if(low_bits == 0xFC632551 && order == BigInt("0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551")) {
361 return OID{1, 2, 840, 10045, 3, 1, 7};
362 }
363
364 if(low_bits == 0xCCC52973 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) {
365 return OID{1, 3, 132, 0, 34};
366 }
367
368 if(low_bits == 0x91386409 && order == BigInt("0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409")) {
369 return OID{1, 3, 132, 0, 35};
370 }
371
372 if(low_bits == 0x9E60FC09 && order == BigInt("0xE95E4A5F737059DC60DF5991D45029409E60FC09")) {
373 return OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 1};
374 }
375
376 if(low_bits == 0x9AC4ACC1 && order == BigInt("0xC302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1")) {
377 return OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 3};
378 }
379
380 if(low_bits == 0xA5A7939F && order == BigInt("0xD7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F")) {
381 return OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 5};
382 }
383
384 if(low_bits == 0x974856A7 && order == BigInt("0xA9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7")) {
385 return OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 7};
386 }
387
388 if(low_bits == 0x44C59311 && order == BigInt("0xD35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311")) {
389 return OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 9};
390 }
391
392 if(low_bits == 0xE9046565 && order == BigInt("0x8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565")) {
393 return OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 11};
394 }
395
396 if(low_bits == 0x9CA90069 && order == BigInt("0xAADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069")) {
397 return OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 13};
398 }
399
400 if(low_bits == 0xC6D655E1 && order == BigInt("0xF1FD178C0B3AD58F10126DE8CE42435B53DC67E140D2BF941FFDD459C6D655E1")) {
401 return OID{1, 2, 250, 1, 223, 101, 256, 1};
402 }
403
404 if(low_bits == 0xB761B893 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6C611070995AD10045841B09B761B893")) {
405 return OID{1, 2, 643, 7, 1, 2, 1, 1, 1};
406 }
407
408 if(low_bits == 0x1F10B275 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF27E69532F48D89116FF22B8D4E0560609B4B38ABFAD2B85DCACDB1411F10B275")) {
409 return OID{1, 2, 643, 7, 1, 2, 1, 2, 1};
410 }
411
412 if(low_bits == 0xCA16B6B3 && order == BigInt("0x100000000000000000001B8FA16DFAB9ACA16B6B3")) {
413 return OID{1, 3, 132, 0, 9};
414 }
415
416 if(low_bits == 0xCA752257 && order == BigInt("0x100000000000000000001F4C8F927AED3CA752257")) {
417 return OID{1, 3, 132, 0, 8};
418 }
419
420 if(low_bits == 0xF3A1A16B && order == BigInt("0x100000000000000000000351EE786A818F3A1A16B")) {
421 return OID{1, 3, 132, 0, 30};
422 }
423
424 if(low_bits == 0x74DEFD8D && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D")) {
425 return OID{1, 3, 132, 0, 31};
426 }
427
428 if(low_bits == 0xB4D22831 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831")) {
429 return OID{1, 2, 840, 10045, 3, 1, 1};
430 }
431
432 if(low_bits == 0x769FB1F7 && order == BigInt("0x10000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7")) {
433 return OID{1, 3, 132, 0, 32};
434 }
435
436 if(low_bits == 0x5C5C2A3D && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D")) {
437 return OID{1, 3, 132, 0, 33};
438 }
439
440 if(low_bits == 0xD0364141 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141")) {
441 return OID{1, 3, 132, 0, 10};
442 }
443
444 if(low_bits == 0x39D54123 && order == BigInt("0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123")) {
445 return OID{1, 2, 156, 10197, 1, 301};
446 }
447
448 if(low_bits == 0x48D8DD31 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31")) {
449 return OID{1, 2, 840, 10045, 3, 1, 2};
450 }
451
452 if(low_bits == 0xF640EC13 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13")) {
453 return OID{1, 2, 840, 10045, 3, 1, 3};
454 }
455
456 if(low_bits == 0x88909D0B && order == BigInt("0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B")) {
457 return OID{1, 2, 840, 10045, 3, 1, 4};
458 }
459
460 if(low_bits == 0xBC582063 && order == BigInt("0x7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063")) {
461 return OID{1, 2, 840, 10045, 3, 1, 5};
462 }
463
464 if(low_bits == 0x46526551 && order == BigInt("0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551")) {
465 return OID{1, 2, 840, 10045, 3, 1, 6};
466 }
467
468 if(low_bits == 0x0433555D && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5B3CA4FB94E7831B4FC258ED97D0BDC63B568B36607CD243CE153F390433555D")) {
469 return OID{1, 3, 6, 1, 4, 1, 25258, 4, 3};
470 }
471
472 return OID();
473}
References Botan::BigInt::word_at().
◆ EC_group_info()
|
static |
Definition at line 15 of file ec_named.cpp.
15 {
16 // secp256r1
17 if(oid == OID{1, 2, 840, 10045, 3, 1, 7}) {
18 return load_EC_group_info(
19 "0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
20 "0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
21 "0x5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
22 "0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",
23 "0x4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5",
24 "0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",
25 oid);
26 }
27
28 // secp384r1
29 if(oid == OID{1, 3, 132, 0, 34}) {
30 return load_EC_group_info(
31 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF",
32 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC",
33 "0xB3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF",
34 "0xAA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7",
35 "0x3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F",
36 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973",
37 oid);
38 }
39
40 // secp521r1
41 if(oid == OID{1, 3, 132, 0, 35}) {
42 return load_EC_group_info(
43 "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
44 "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",
45 "0x51953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",
46 "0xC6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",
47 "0x11839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650",
48 "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",
49 oid);
50 }
51
52 // brainpool160r1
53 if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 1}) {
54 return load_EC_group_info(
55 "0xE95E4A5F737059DC60DFC7AD95B3D8139515620F",
56 "0x340E7BE2A280EB74E2BE61BADA745D97E8F7C300",
57 "0x1E589A8595423412134FAA2DBDEC95C8D8675E58",
58 "0xBED5AF16EA3F6A4F62938C4631EB5AF7BDBCDBC3",
59 "0x1667CB477A1A8EC338F94741669C976316DA6321",
60 "0xE95E4A5F737059DC60DF5991D45029409E60FC09",
61 oid);
62 }
63
64 // brainpool192r1
65 if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 3}) {
66 return load_EC_group_info(
67 "0xC302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297",
68 "0x6A91174076B1E0E19C39C031FE8685C1CAE040E5C69A28EF",
69 "0x469A28EF7C28CCA3DC721D044F4496BCCA7EF4146FBF25C9",
70 "0xC0A0647EAAB6A48753B033C56CB0F0900A2F5C4853375FD6",
71 "0x14B690866ABD5BB88B5F4828C1490002E6773FA2FA299B8F",
72 "0xC302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1",
73 oid);
74 }
75
76 // brainpool224r1
77 if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 5}) {
78 return load_EC_group_info(
79 "0xD7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF",
80 "0x68A5E62CA9CE6C1C299803A6C1530B514E182AD8B0042A59CAD29F43",
81 "0x2580F63CCFE44138870713B1A92369E33E2135D266DBB372386C400B",
82 "0xD9029AD2C7E5CF4340823B2A87DC68C9E4CE3174C1E6EFDEE12C07D",
83 "0x58AA56F772C0726F24C6B89E4ECDAC24354B9E99CAA3F6D3761402CD",
84 "0xD7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F",
85 oid);
86 }
87
88 // brainpool256r1
89 if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 7}) {
90 return load_EC_group_info(
91 "0xA9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377",
92 "0x7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9",
93 "0x26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6",
94 "0x8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262",
95 "0x547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997",
96 "0xA9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7",
97 oid);
98 }
99
100 // brainpool320r1
101 if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 9}) {
102 return load_EC_group_info(
103 "0xD35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E27",
104 "0x3EE30B568FBAB0F883CCEBD46D3F3BB8A2A73513F5EB79DA66190EB085FFA9F492F375A97D860EB4",
105 "0x520883949DFDBC42D3AD198640688A6FE13F41349554B49ACC31DCCD884539816F5EB4AC8FB1F1A6",
106 "0x43BD7E9AFB53D8B85289BCC48EE5BFE6F20137D10A087EB6E7871E2A10A599C710AF8D0D39E20611",
107 "0x14FDD05545EC1CC8AB4093247F77275E0743FFED117182EAA9C77877AAAC6AC7D35245D1692E8EE1",
108 "0xD35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311",
109 oid);
110 }
111
112 // brainpool384r1
113 if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 11}) {
114 return load_EC_group_info(
115 "0x8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53",
116 "0x7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826",
117 "0x4A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11",
118 "0x1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E",
119 "0x8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315",
120 "0x8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565",
121 oid);
122 }
123
124 // brainpool512r1
125 if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 13}) {
126 return load_EC_group_info(
127 "0xAADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3",
128 "0x7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA",
129 "0x3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723",
130 "0x81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822",
131 "0x7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892",
132 "0xAADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069",
133 oid);
134 }
135
136 // frp256v1
137 if(oid == OID{1, 2, 250, 1, 223, 101, 256, 1}) {
138 return load_EC_group_info(
139 "0xF1FD178C0B3AD58F10126DE8CE42435B3961ADBCABC8CA6DE8FCF353D86E9C03",
140 "0xF1FD178C0B3AD58F10126DE8CE42435B3961ADBCABC8CA6DE8FCF353D86E9C00",
141 "0xEE353FCA5428A9300D4ABA754A44C00FDFEC0C9AE4B1A1803075ED967B7BB73F",
142 "0xB6B3D4C356C139EB31183D4749D423958C27D2DCAF98B70164C97A2DD98F5CFF",
143 "0x6142E0F7C8B204911F9271F0F3ECEF8C2701C307E8E4C9E183115A1554062CFB",
144 "0xF1FD178C0B3AD58F10126DE8CE42435B53DC67E140D2BF941FFDD459C6D655E1",
145 oid);
146 }
147
148 // gost_256A
149 if(oid == OID{1, 2, 643, 7, 1, 2, 1, 1, 1} || oid == OID{1, 2, 643, 2, 2, 35, 1} || oid == OID{1, 2, 643, 2, 2, 36, 0}) {
150 return load_EC_group_info(
151 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD97",
152 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD94",
153 "0xA6",
154 "1",
155 "0x8D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14",
156 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6C611070995AD10045841B09B761B893",
157 OID{1, 2, 643, 7, 1, 2, 1, 1, 1});
158 }
159
160 // gost_512A
161 if(oid == OID{1, 2, 643, 7, 1, 2, 1, 2, 1}) {
162 return load_EC_group_info(
163 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC7",
164 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC4",
165 "0xE8C2505DEDFC86DDC1BD0B2B6667F1DA34B82574761CB0E879BD081CFD0B6265EE3CB090F30D27614CB4574010DA90DD862EF9D4EBEE4761503190785A71C760",
166 "3",
167 "0x7503CFE87A836AE3A61B8816E25450E6CE5E1C93ACF1ABC1778064FDCBEFA921DF1626BE4FD036E93D75E6A50E3A41E98028FE5FC235F5B889A589CB5215F2A4",
168 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF27E69532F48D89116FF22B8D4E0560609B4B38ABFAD2B85DCACDB1411F10B275",
169 oid);
170 }
171
172 // secp160k1
173 if(oid == OID{1, 3, 132, 0, 9}) {
174 return load_EC_group_info(
175 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
176 "0",
177 "7",
178 "0x3B4C382CE37AA192A4019E763036F4F5DD4D7EBB",
179 "0x938CF935318FDCED6BC28286531733C3F03C4FEE",
180 "0x100000000000000000001B8FA16DFAB9ACA16B6B3",
181 oid);
182 }
183
184 // secp160r1
185 if(oid == OID{1, 3, 132, 0, 8}) {
186 return load_EC_group_info(
187 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF",
188 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC",
189 "0x1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45",
190 "0x4A96B5688EF573284664698968C38BB913CBFC82",
191 "0x23A628553168947D59DCC912042351377AC5FB32",
192 "0x100000000000000000001F4C8F927AED3CA752257",
193 oid);
194 }
195
196 // secp160r2
197 if(oid == OID{1, 3, 132, 0, 30}) {
198 return load_EC_group_info(
199 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
200 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70",
201 "0xB4E134D3FB59EB8BAB57274904664D5AF50388BA",
202 "0x52DCB034293A117E1F4FF11B30F7199D3144CE6D",
203 "0xFEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E",
204 "0x100000000000000000000351EE786A818F3A1A16B",
205 oid);
206 }
207
208 // secp192k1
209 if(oid == OID{1, 3, 132, 0, 31}) {
210 return load_EC_group_info(
211 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37",
212 "0",
213 "3",
214 "0xDB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D",
215 "0x9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D",
216 "0xFFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D",
217 oid);
218 }
219
220 // secp192r1
221 if(oid == OID{1, 2, 840, 10045, 3, 1, 1}) {
222 return load_EC_group_info(
223 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
224 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
225 "0x64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1",
226 "0x188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012",
227 "0x7192B95FFC8DA78631011ED6B24CDD573F977A11E794811",
228 "0xFFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",
229 oid);
230 }
231
232 // secp224k1
233 if(oid == OID{1, 3, 132, 0, 32}) {
234 return load_EC_group_info(
235 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D",
236 "0",
237 "5",
238 "0xA1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C",
239 "0x7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5",
240 "0x10000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7",
241 oid);
242 }
243
244 // secp224r1
245 if(oid == OID{1, 3, 132, 0, 33}) {
246 return load_EC_group_info(
247 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
248 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
249 "0xB4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
250 "0xB70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
251 "0xBD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34",
252 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",
253 oid);
254 }
255
256 // secp256k1
257 if(oid == OID{1, 3, 132, 0, 10}) {
258 return load_EC_group_info(
259 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F",
260 "0",
261 "7",
262 "0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798",
263 "0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8",
264 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",
265 oid);
266 }
267
268 // sm2p256v1
269 if(oid == OID{1, 2, 156, 10197, 1, 301}) {
270 return load_EC_group_info(
271 "0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF",
272 "0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFC",
273 "0x28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93",
274 "0x32C4AE2C1F1981195F9904466A39C9948FE30BBFF2660BE1715A4589334C74C7",
275 "0xBC3736A2F4F6779C59BDCEE36B692153D0A9877CC62A474002DF32E52139F0A0",
276 "0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123",
277 oid);
278 }
279
280 // x962_p192v2
281 if(oid == OID{1, 2, 840, 10045, 3, 1, 2}) {
282 return load_EC_group_info(
283 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
284 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
285 "0xCC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953",
286 "0xEEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A",
287 "0x6574D11D69B6EC7A672BB82A083DF2F2B0847DE970B2DE15",
288 "0xFFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31",
289 oid);
290 }
291
292 // x962_p192v3
293 if(oid == OID{1, 2, 840, 10045, 3, 1, 3}) {
294 return load_EC_group_info(
295 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
296 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
297 "0x22123DC2395A05CAA7423DAECCC94760A7D462256BD56916",
298 "0x7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896",
299 "0x38A90F22637337334B49DCB66A6DC8F9978ACA7648A943B0",
300 "0xFFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13",
301 oid);
302 }
303
304 // x962_p239v1
305 if(oid == OID{1, 2, 840, 10045, 3, 1, 4}) {
306 return load_EC_group_info(
307 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
308 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
309 "0x6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A",
310 "0xFFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF",
311 "0x7DEBE8E4E90A5DAE6E4054CA530BA04654B36818CE226B39FCCB7B02F1AE",
312 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B",
313 oid);
314 }
315
316 // x962_p239v2
317 if(oid == OID{1, 2, 840, 10045, 3, 1, 5}) {
318 return load_EC_group_info(
319 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
320 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
321 "0x617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C",
322 "0x38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7",
323 "0x5B0125E4DBEA0EC7206DA0FC01D9B081329FB555DE6EF460237DFF8BE4BA",
324 "0x7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063",
325 oid);
326 }
327
328 // x962_p239v3
329 if(oid == OID{1, 2, 840, 10045, 3, 1, 6}) {
330 return load_EC_group_info(
331 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
332 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
333 "0x255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E",
334 "0x6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A",
335 "0x1607E6898F390C06BC1D552BAD226F3B6FCFE48B6E818499AF18E3ED6CF3",
336 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551",
337 oid);
338 }
339
340 // numsp512d1
341 if(oid == OID{1, 3, 6, 1, 4, 1, 25258, 4, 3}) {
342 return load_EC_group_info(
343 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC7",
344 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC4",
345 "0x1D99B",
346 "0x2",
347 "0x1C282EB23327F9711952C250EA61AD53FCC13031CF6DD336E0B9328433AFBDD8CC5A1C1F0C716FDC724DDE537C2B0ADB00BB3D08DC83755B205CC30D7F83CF28",
348 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5B3CA4FB94E7831B4FC258ED97D0BDC63B568B36607CD243CE153F390433555D",
349 oid);
350 }
351
352 return std::shared_ptr<EC_Group_Data>();
353}
◆ from_name()
|
static |
Initialize an EC group from a group common name (eg "secp256r1")
Definition at line 307 of file ec_group.cpp.
307 {
308 std::shared_ptr<EC_Group_Data> data;
309
311 data = ec_group_data().lookup(oid.value());
312 }
313
314 if(!data) {
316 }
317
319}
static std::optional< OID > from_name(std::string_view name)
Definition asn1_oid.cpp:72
References EC_Group(), Botan::fmt(), Botan::OID::from_name(), and name.
Referenced by Botan::create_private_key(), Botan::TLS::Signature_Scheme::key_algorithm_identifier(), Botan::TLS::Callbacks::tls_deserialize_peer_public_key(), and Botan::TLS::Callbacks::tls_generate_ephemeral_key().
◆ from_OID()
Initialize an EC group from a group named by an object identifier
Definition at line 296 of file ec_group.cpp.
296 {
297 auto data = ec_group_data().lookup(oid);
298
299 if(!data) {
301 }
302
304}
References EC_Group(), Botan::fmt(), and Botan::OID::to_string().
Referenced by Botan::GOST_3410_PublicKey::GOST_3410_PublicKey().
◆ from_PEM()
|
static |
Initialize an EC group from the PEM/ASN.1 encoding
Definition at line 350 of file ec_group.cpp.
350 {
353}
References Botan::PEM_Code::decode_check_label(), and EC_Group().
◆ generator()
| const EC_Point & Botan::EC_Group::generator | ( | ) | const |
Return the canonical group generator
- Returns
- standard generator of the curve
Definition at line 450 of file ec_group.cpp.
450 {
452}
◆ get_a()
| const BigInt & Botan::EC_Group::get_a | ( | ) | const |
Return the a parameter of the elliptic curve equation
Definition at line 438 of file ec_group.cpp.
438 {
440}
Referenced by DER_encode(), Botan::EC_PublicKey::get_int_field(), operator==(), and verify_group().
◆ get_b()
| const BigInt & Botan::EC_Group::get_b | ( | ) | const |
Return the b parameter of the elliptic curve equation
Definition at line 442 of file ec_group.cpp.
442 {
444}
Referenced by DER_encode(), Botan::EC_PublicKey::get_int_field(), operator==(), and verify_group().
◆ get_base_point()
| const EC_Point & Botan::EC_Group::get_base_point | ( | ) | const |
Return group base point
- Returns
- base point
Definition at line 446 of file ec_group.cpp.
Referenced by DER_encode(), Botan::EC_AffinePoint::generator(), and verify_group().
◆ get_cofactor()
| const BigInt & Botan::EC_Group::get_cofactor | ( | ) | const |
Return the cofactor
- Returns
- the cofactor
Definition at line 466 of file ec_group.cpp.
466 {
468}
Referenced by DER_encode(), Botan::ECIES_KA_Operation::derive_secret(), Botan::EC_PublicKey::get_int_field(), operator==(), verify_group(), and verify_public_element().
◆ get_curve_oid()
| const OID & Botan::EC_Group::get_curve_oid | ( | ) | const |
Return the OID of these domain parameters
- Returns
- the OID
Definition at line 478 of file ec_group.cpp.
478 {
480}
Referenced by Botan::GOST_3410_PublicKey::algorithm_identifier(), and Botan::TPM2::EC_PrivateKey::create_unrestricted_transient().
◆ get_g_x()
| const BigInt & Botan::EC_Group::get_g_x | ( | ) | const |
Return the x coordinate of the base point
Definition at line 458 of file ec_group.cpp.
458 {
460}
Referenced by Botan::EC_PublicKey::get_int_field(), and operator==().
◆ get_g_y()
| const BigInt & Botan::EC_Group::get_g_y | ( | ) | const |
Return the y coordinate of the base point
Definition at line 462 of file ec_group.cpp.
462 {
464}
Referenced by Botan::EC_PublicKey::get_int_field(), and operator==().
◆ get_order()
| const BigInt & Botan::EC_Group::get_order | ( | ) | const |
Return the order of the base point
- Returns
- order of the base point
Definition at line 454 of file ec_group.cpp.
454 {
456}
Referenced by DER_encode(), Botan::EC_PublicKey::get_int_field(), operator==(), verify_group(), and verify_public_element().
◆ get_order_bits()
| size_t Botan::EC_Group::get_order_bits | ( | ) | const |
Return the size of group order in bits (same as get_order().bits())
Definition at line 426 of file ec_group.cpp.
426 {
428}
◆ get_order_bytes()
| size_t Botan::EC_Group::get_order_bytes | ( | ) | const |
Return the size of the group order in bytes (same as get_order().bytes())
Definition at line 430 of file ec_group.cpp.
430 {
432}
Referenced by Botan::ECIES_KA_Operation::derive_secret().
◆ get_p()
| const BigInt & Botan::EC_Group::get_p | ( | ) | const |
Return the prime modulus of the field
Definition at line 434 of file ec_group.cpp.
434 {
436}
Referenced by DER_encode(), Botan::EC_AffinePoint::from_bigint_xy(), Botan::EC_PublicKey::get_int_field(), operator==(), and verify_group().
◆ get_p_bits()
| size_t Botan::EC_Group::get_p_bits | ( | ) | const |
Return the size of p in bits (same as get_p().bits())
Definition at line 418 of file ec_group.cpp.
418 {
420}
Referenced by Botan::GOST_3410_PublicKey::algo_name(), Botan::GOST_3410_PrivateKey::GOST_3410_PrivateKey(), and Botan::EC_PublicKey::key_length().
◆ get_p_bytes()
| size_t Botan::EC_Group::get_p_bytes | ( | ) | const |
Return the size of p in bytes (same as get_p().bytes())
Definition at line 422 of file ec_group.cpp.
422 {
424}
Referenced by DER_encode(), and Botan::EC_AffinePoint::from_bigint_xy().
◆ has_cofactor()
| bool Botan::EC_Group::has_cofactor | ( | ) | const |
Return true if the cofactor is > 1
Definition at line 470 of file ec_group.cpp.
470 {
472}
Referenced by verify_public_element().
◆ hash_to_curve() [1/2]
|
inline |
Hash onto the curve. For some curve types no mapping is currently available, in this case this function will throw an exception.
- Parameters
-
hash_fn the hash function to use (typically "SHA-256" or "SHA-512") input the input to hash input_len length of input in bytes domain_sep a domain seperator domain_sep_len length of domain_sep in bytes random_oracle if the mapped point must be uniform (use "true" here unless you know what you are doing)
Definition at line 488 of file ec_group.h.
493 {
494 auto inp = std::span{input, input_len};
495 auto dst = std::span{domain_sep, domain_sep_len};
496
497 if(random_oracle) {
499 } else {
501 }
502 }
static EC_AffinePoint hash_to_curve_ro(const EC_Group &group, std::string_view hash_fn, std::span< const uint8_t > input, std::span< const uint8_t > domain_sep)
Definition ec_apoint.cpp:79
static EC_AffinePoint hash_to_curve_nu(const EC_Group &group, std::string_view hash_fn, std::span< const uint8_t > input, std::span< const uint8_t > domain_sep)
Definition ec_apoint.cpp:87
◆ hash_to_curve() [2/2]
|
inline |
Hash onto the curve. For some curve types no mapping is currently available, in this case this function will throw an exception.
- Parameters
-
hash_fn the hash function to use (typically "SHA-256" or "SHA-512") input the input to hash input_len length of input in bytes domain_sep a domain seperator random_oracle if the mapped point must be uniform (use "true" here unless you know what you are doing)
Definition at line 517 of file ec_group.h.
521 {
522 auto inp = std::span{input, input_len};
523 auto dst = std::span{reinterpret_cast<const uint8_t*>(domain_sep.data()), domain_sep.size()};
524
525 if(random_oracle) {
527 } else {
529 }
530 }
◆ initialized()
|
inline |
Definition at line 181 of file ec_group.h.
181{ return (m_data != nullptr); }
◆ inverse_mod_order()
Definition at line 550 of file ec_group.h.
550 {
552 }
◆ known_named_groups()
|
static |
Return a set of known named EC groups
Definition at line 476 of file ec_named.cpp.
476 {
477 static const std::set<std::string> named_groups = {
478 "brainpool160r1",
479 "brainpool192r1",
480 "brainpool224r1",
481 "brainpool256r1",
482 "brainpool320r1",
483 "brainpool384r1",
484 "brainpool512r1",
485 "frp256v1",
486 "gost_256A",
487 "gost_512A",
488 "numsp512d1",
489 "secp160k1",
490 "secp160r1",
491 "secp160r2",
492 "secp192k1",
493 "secp192r1",
494 "secp224k1",
495 "secp224r1",
496 "secp256k1",
497 "secp256r1",
498 "secp384r1",
499 "secp521r1",
500 "sm2p256v1",
501 "x962_p192v2",
502 "x962_p192v3",
503 "x962_p239v1",
504 "x962_p239v2",
505 "x962_p239v3",
506 };
507 return named_groups;
508}
◆ mod_order()
Definition at line 474 of file ec_group.cpp.
◆ multiply_mod_order() [1/2]
Definition at line 566 of file ec_group.h.
566 {
569 return (xs * ys).to_bigint();
570 }
◆ multiply_mod_order() [2/2]
|
inline |
Definition at line 576 of file ec_group.h.
576 {
580 return (xs * ys * zs).to_bigint();
581 }
◆ operator=() [1/2]
◆ operator=() [2/2]
◆ operator==()
| bool Botan::EC_Group::operator== | ( | const EC_Group & | other | ) | const |
Definition at line 534 of file ec_group.cpp.
534 {
535 if(m_data == other.m_data) {
536 return true; // same shared rep
537 }
538
540 get_g_x() == other.get_g_x() && get_g_y() == other.get_g_y() && get_order() == other.get_order() &&
541 get_cofactor() == other.get_cofactor());
542}
References get_a(), get_b(), get_cofactor(), get_g_x(), get_g_y(), get_order(), and get_p().
◆ OS2ECP() [1/2]
|
inline |
OS2ECP (Octet String To Elliptic Curve Point)
Deserialize an encoded point. Verifies that the point is on the curve.
Definition at line 377 of file ec_group.h.
377 {
378 return EC_AffinePoint(*this, std::span{bits, len}).to_legacy_point();
379 }
◆ OS2ECP() [2/2]
|
inline |
Definition at line 381 of file ec_group.h.
381 {
382 return EC_AffinePoint(*this, encoded_point).to_legacy_point();
383 }
References Botan::EC_AffinePoint::to_legacy_point().
◆ PEM_encode()
| std::string Botan::EC_Group::PEM_encode | ( | ) | const |
Return the PEM encoding (always in explicit form)
- Returns
- string containing PEM data
Definition at line 529 of file ec_group.cpp.
529 {
532}
References DER_encode(), Botan::PEM_Code::encode(), and Botan::Explicit.
◆ point()
Return a point on this curve with the affine values x, y
Definition at line 594 of file ec_group.h.
594 {
596 return pt->to_legacy_point();
597 } else {
598 throw Decoding_Error("Invalid x/y coordinates for elliptic curve point");
599 }
600 }
static std::optional< EC_AffinePoint > from_bigint_xy(const EC_Group &group, const BigInt &x, const BigInt &y)
Definition ec_apoint.cpp:54
Referenced by verify_public_element().
◆ point_multiply()
|
inline |
Multi exponentiate. Not constant time.
- Returns
- base_point*x + h*y
Definition at line 404 of file ec_group.h.
404 {
407 auto h = EC_AffinePoint(*this, h_pt);
408
409 Mul2Table gh_mul(h);
410
411 if(auto r = gh_mul.mul2_vartime(x, y)) {
412 return r->to_legacy_point();
413 } else {
415 }
416 }
static EC_AffinePoint identity(const EC_Group &group)
Return the identity element.
Definition ec_apoint.cpp:45
References Botan::EC_Group::Mul2Table::mul2_vartime().
◆ point_size()
|
inline |
Definition at line 609 of file ec_group.h.
609 {
610 // Hybrid and standard format are (x,y), compressed is y, +1 format byte
613 } else {
615 }
616 }
@ Compressed
◆ random_scalar()
|
inline |
Return a random scalar ie an integer in [1,order)
Definition at line 470 of file ec_group.h.
470 {
472 }
static EC_Scalar random(const EC_Group &group, RandomNumberGenerator &rng)
Definition ec_scalar.cpp:57
◆ source()
| EC_Group_Source Botan::EC_Group::source | ( | ) | const |
◆ square_mod_order()
Definition at line 557 of file ec_group.h.
557 {
559 xs.square_self();
560 return xs.to_bigint();
561 }
◆ used_explicit_encoding()
|
inline |
Return true if this EC_Group was derived from an explicit encoding
Explicit encoding of groups is deprecated; when support for explicit curves is removed in a future major release, this function will also be removed.
Definition at line 199 of file ec_group.h.
199{ return m_explicit_encoding; }
Referenced by botan_pubkey_ecc_key_used_explicit_encoding().
◆ verify_group()
| bool Botan::EC_Group::verify_group | ( | RandomNumberGenerator & | rng, |
| bool | strong = false ) const |
Verify EC_Group domain
- Returns
- true if group is valid. false otherwise
Definition at line 569 of file ec_group.cpp.
569 {
571
572 if(is_builtin && !strong) {
573 return true;
574 }
575
581
582 if(p <= 3 || order <= 0) {
583 return false;
584 }
585 if(a < 0 || a >= p) {
586 return false;
587 }
589 return false;
590 }
591
592 const size_t test_prob = 128;
593 const bool is_randomly_generated = is_builtin;
594
595 //check if field modulus is prime
597 return false;
598 }
599
600 //check if order is prime
602 return false;
603 }
604
605 //compute the discriminant: 4*a^3 + 27*b^2 which must be nonzero
606 const Modular_Reducer mod_p(p);
607
608 const BigInt discriminant = mod_p.reduce(mod_p.multiply(4, mod_p.cube(a)) + mod_p.multiply(27, mod_p.square(b)));
609
610 if(discriminant == 0) {
611 return false;
612 }
613
614 //check for valid cofactor
616 return false;
617 }
618
619 //check if the base point is on the curve
620 if(!base_point.on_the_curve()) {
621 return false;
622 }
624 return false;
625 }
626 //check if order of the base point is correct
627 if(!(base_point * order).is_zero()) {
628 return false;
629 }
630
631 // check the Hasse bound (roughly)
633 return false;
634 }
635
636 return true;
637}
@ Builtin
bool is_prime(const BigInt &n, RandomNumberGenerator &rng, size_t prob, bool is_random)
Definition numthry.cpp:355
References Botan::abs(), Botan::b, Botan::BigInt::bits(), Botan::Builtin, Botan::Modular_Reducer::cube(), get_a(), get_b(), get_base_point(), get_cofactor(), get_order(), get_p(), Botan::is_prime(), Botan::Modular_Reducer::multiply(), Botan::EC_Point::on_the_curve(), Botan::Modular_Reducer::reduce(), source(), and Botan::Modular_Reducer::square().
Referenced by Botan::EC_PublicKey::check_key().
◆ verify_public_element()
| bool Botan::EC_Group::verify_public_element | ( | const EC_Point & | y | ) | const |
Check if y is a plausible point on the curve
In particular, checks that it is a point on the curve, not infinity, and that it has order matching the group.
Definition at line 544 of file ec_group.cpp.
544 {
545 //check that public point is not at infinity
547 return false;
548 }
549
550 //check that public point is on the curve
552 return false;
553 }
554
555 //check that public point has order q
557 return false;
558 }
559
562 return false;
563 }
564 }
565
566 return true;
567}
References get_cofactor(), get_order(), has_cofactor(), Botan::EC_Point::is_zero(), Botan::EC_Point::on_the_curve(), and point().
Referenced by Botan::EC_PublicKey::check_key().
◆ zero_point()
|
inline |
Return the zero (or infinite) point on this curve
Definition at line 605 of file ec_group.h.
The documentation for this class was generated from the following files:
- src/lib/pubkey/ec_group/ec_group.h
- src/lib/pubkey/ec_group/ec_group.cpp
- src/lib/pubkey/ec_group/ec_named.cpp
Generated by
1.12.0