Botan 3.9.0
Crypto and TLS for C&
Classes | Public Member Functions | Static Public Member Functions | List of all members
Botan::EC_Group Class Referencefinal

#include <ec_group.h>

Classes

class  Mul2Table
 Table for computing g*x + h*y. More...

Public Member Functions

const std::shared_ptr< EC_Group_Data > & _data () const
bool a_is_minus_3 () const
bool a_is_zero () const
BigInt cube_mod_order (const BigInt &x) const
std::vector< uint8_t > DER_encode () const
std::vector< uint8_t > DER_encode (EC_Group_Encoding form) const
 EC_Group ()
 EC_Group (const BigInt &p, const BigInt &a, const BigInt &b, const BigInt &base_x, const BigInt &base_y, const BigInt &order, const BigInt &cofactor, const OID &oid=OID())
 EC_Group (const EC_Group &)
 EC_Group (const OID &oid)
 EC_Group (const OID &oid, const BigInt &p, const BigInt &a, const BigInt &b, const BigInt &base_x, const BigInt &base_y, const BigInt &order)
 EC_Group (const uint8_t ber[], size_t ber_len)
 EC_Group (EC_Group &&)=default
 EC_Group (std::span< const uint8_t > ber)
 EC_Group (std::string_view pem_or_oid)
EC_Group_Engine engine () const
const BigIntget_a () const
const BigIntget_b () const
const BigIntget_cofactor () const
const OIDget_curve_oid () const
const BigIntget_g_x () const
const BigIntget_g_y () const
const BigIntget_order () const
size_t get_order_bits () const
size_t get_order_bytes () const
const BigIntget_p () const
size_t get_p_bits () const
size_t get_p_bytes () const
bool has_cofactor () const
bool initialized () const
BigInt inverse_mod_order (const BigInt &x) const
BigInt mod_order (const BigInt &x) const
BigInt multiply_mod_order (const BigInt &x, const BigInt &y) const
BigInt multiply_mod_order (const BigInt &x, const BigInt &y, const BigInt &z) const
EC_Groupoperator= (const EC_Group &)
EC_Groupoperator= (EC_Group &&)=default
bool operator== (const EC_Group &other) const
std::string PEM_encode (EC_Group_Encoding form=EC_Group_Encoding::Explicit) const
size_t point_size (EC_Point_Format format) const
EC_Group_Source source () const
BigInt square_mod_order (const BigInt &x) const
bool used_explicit_encoding () const
bool verify_group (RandomNumberGenerator &rng, bool strong=false) const
 ~EC_Group ()

Static Public Member Functions

static size_t clear_registered_curve_data ()
static EC_Group EC_Group_from_PEM (std::string_view pem)
static OID EC_group_identity_from_order (const BigInt &order)
static std::shared_ptr< EC_Group_DataEC_group_info (const OID &oid)
static EC_Group from_name (std::string_view name)
static EC_Group from_OID (const OID &oid)
static EC_Group from_PEM (std::string_view pem)
static const std::set< std::string > & known_named_groups ()
static bool supports_application_specific_group ()
static bool supports_application_specific_group_with_cofactor ()
static bool supports_named_group (std::string_view name)

Detailed Description

Class representing an elliptic curve

The internal representation is stored in a shared_ptr, so copying an EC_Group is inexpensive.

Definition at line 87 of file ec_group.h.

Constructor & Destructor Documentation

◆ EC_Group() [1/9]

Botan::EC_Group::EC_Group ( const BigInt & p,
const BigInt & a,
const BigInt & b,
const BigInt & base_x,
const BigInt & base_y,
const BigInt & order,
const BigInt & cofactor,
const OID & oid = OID() )

Construct elliptic curve from the specified parameters

This is used for example to create custom (application-specific) curves.

Some build configurations do not support application specific curves, in which case this constructor will throw an exception. You can check for this situation beforehand using the function EC_Group::supports_application_specific_group()

Parameters
pthe elliptic curve p
athe elliptic curve a param
bthe elliptic curve b param
base_xthe x coordinate of the base point
base_ythe y coordinate of the base point
orderthe order of the base point
cofactorthe cofactor
oidan optional OID used to identify this curve
Warning
This constructor is deprecated and will be removed in Botan 4
support for cofactors > 1 is deprecated and will be removed
support for prime fields > 521 bits is deprecated and will be removed.
Support for explicitly encoded curve parameters is deprecated. An OID must be assigned.

Definition at line 432 of file ec_group.cpp.

439 {
440 if(oid.has_value()) {
441 m_data = ec_group_data().lookup_or_create(
442 p, a, b, base_x, base_y, order, cofactor, oid, EC_Group_Source::ExternalSource);
443 } else {
444 m_data = ec_group_data().lookup_or_create_without_oid(
445 p, a, b, base_x, base_y, order, cofactor, EC_Group_Source::ExternalSource);
446 }
447}

References Botan::ExternalSource, and Botan::OID::has_value().

Referenced by EC_Group(), EC_Group(), EC_Group(), EC_Group(), EC_Group(), EC_Group_from_PEM(), from_name(), from_OID(), from_PEM(), operator=(), operator=(), operator==(), and ~EC_Group().

◆ EC_Group() [2/9]

Botan::EC_Group::EC_Group ( const OID & oid,
const BigInt & p,
const BigInt & a,
const BigInt & b,
const BigInt & base_x,
const BigInt & base_y,
const BigInt & order )

Construct elliptic curve from the specified parameters

This is used for example to create custom (application-specific) curves.

Some build configurations do not support application specific curves, in which case this constructor will throw an exception. You can check for this situation beforehand using the function EC_Group::supports_application_specific_group()

Unlike the deprecated constructor, this constructor imposes additional restrictions on the parameters, namely:

  • An object identifier must be provided
  • The prime must be at least 192 bits and at most 512 bits, and a multiple of 32 bits. Currently, as long as BOTAN_DISABLE_DEPRECATED_FEATURES is not set, this constructor accepts primes as small as 128 bits - this lower bound will be removed in the next major release.
  • As an extension of the above restriction, the prime can also be exactly the 521-bit Mersenne prime (2**521-1) or exactly the 239-bit prime used in X9.62 239 bit groups (2**239 - 2**143 - 2**95 + 2**47 - 1)
  • The prime must be congruent to 3 modulo 4
  • The group order must have the same bit length as the prime. It is allowed for the order to be larger than p, but they must have the same bit length.
  • Only prime order curves (with cofactor == 1) are allowed
Warning
use only elliptic curve parameters that you trust
Parameters
oidan object identifier used to identify this curve
pthe elliptic curve prime (at most 521 bits)
athe elliptic curve a param
bthe elliptic curve b param
base_xthe x coordinate of the group generator
base_ythe y coordinate of the group generator
orderthe order of the group

Definition at line 449 of file ec_group.cpp.

455 {
456 BOTAN_ARG_CHECK(oid.has_value(), "An OID is required for creating an EC_Group");
457
458 // TODO(Botan4) remove this and require 192 bits minimum
459#if defined(BOTAN_DISABLE_DEPRECATED_FEATURES)
460 constexpr size_t p_bits_lower_bound = 192;
461#else
462 constexpr size_t p_bits_lower_bound = 128;
463#endif
464
465 BOTAN_ARG_CHECK(p.bits() >= p_bits_lower_bound, "EC_Group p too small");
466 BOTAN_ARG_CHECK(p.bits() <= 521, "EC_Group p too large");
467
468 if(p.bits() == 521) {
469 const auto p521 = BigInt::power_of_2(521) - 1;
470 BOTAN_ARG_CHECK(p == p521, "EC_Group with p of 521 bits must be 2**521-1");
471 } else if(p.bits() == 239) {
472 const auto x962_p239 = []() {
473 BigInt p239;
474 for(size_t i = 0; i != 239; ++i) {
475 if(i < 47 || ((i >= 94) && (i != 143))) {
476 p239.set_bit(i);
477 }
478 }
479 return p239;
480 }();
481
482 BOTAN_ARG_CHECK(p == x962_p239, "EC_Group with p of 239 bits must be the X9.62 prime");
483 } else {
484 BOTAN_ARG_CHECK(p.bits() % 32 == 0, "EC_Group p must be a multiple of 32 bits");
485 }
486
487 BOTAN_ARG_CHECK(p % 4 == 3, "EC_Group p must be congruent to 3 modulo 4");
488
489 BOTAN_ARG_CHECK(a >= 0 && a < p, "EC_Group a is invalid");
490 BOTAN_ARG_CHECK(b > 0 && b < p, "EC_Group b is invalid");
491 BOTAN_ARG_CHECK(base_x >= 0 && base_x < p, "EC_Group base_x is invalid");
492 BOTAN_ARG_CHECK(base_y >= 0 && base_y < p, "EC_Group base_y is invalid");
493 BOTAN_ARG_CHECK(p.bits() == order.bits(), "EC_Group p and order must have the same number of bits");
494
495 auto mod_p = Barrett_Reduction::for_public_modulus(p);
496 BOTAN_ARG_CHECK(is_bailie_psw_probable_prime(p, mod_p), "EC_Group p is not prime");
497
498 auto mod_order = Barrett_Reduction::for_public_modulus(order);
499 BOTAN_ARG_CHECK(is_bailie_psw_probable_prime(order, mod_order), "EC_Group order is not prime");
500
501 // This catches someone "ignoring" a cofactor and just trying to
502 // provide the subgroup order
503 BOTAN_ARG_CHECK((p - order).abs().bits() <= (p.bits() / 2) + 1, "Hasse bound invalid");
504
505 // Check that 4*a^3 + 27*b^2 != 0
506 const auto discriminant = mod_p.reduce(mod_p.multiply(BigInt::from_s32(4), mod_p.cube(a)) +
507 mod_p.multiply(BigInt::from_s32(27), mod_p.square(b)));
508 BOTAN_ARG_CHECK(discriminant != 0, "EC_Group discriminant is invalid");
509
510 // Check that the generator (base_x,base_y) is on the curve; y^2 = x^3 + a*x + b
511 auto y2 = mod_p.square(base_y);
512 auto x3_ax_b = mod_p.reduce(mod_p.cube(base_x) + mod_p.multiply(a, base_x) + b);
513 BOTAN_ARG_CHECK(y2 == x3_ax_b, "EC_Group generator is not on the curve");
514
515 BigInt cofactor(1);
516
517 m_data =
518 ec_group_data().lookup_or_create(p, a, b, base_x, base_y, order, cofactor, oid, EC_Group_Source::ExternalSource);
519}
BOTAN_ARG_CHECK
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:33
Botan::Barrett_Reduction::for_public_modulus
static Barrett_Reduction for_public_modulus(const BigInt &m)
Definition barrett.cpp:33
Botan::BigInt::power_of_2
static BigInt power_of_2(size_t n)
Definition bigint.h:820
Botan::BigInt::from_s32
static BigInt from_s32(int32_t n)
Definition bigint.cpp:41
Botan::BigInt::square
BigInt & square(secure_vector< word > &ws)
Definition big_ops2.cpp:175
Botan::EC_Group::mod_order
BigInt mod_order(const BigInt &x) const
Definition ec_group.h:664
Botan::abs
BigInt abs(const BigInt &n)
Definition numthry.h:24
Botan::is_bailie_psw_probable_prime
bool is_bailie_psw_probable_prime(const BigInt &n, const Barrett_Reduction &mod_n)
Definition primality.cpp:98

References Botan::abs(), Botan::BigInt::bits(), BOTAN_ARG_CHECK, Botan::ExternalSource, Botan::Barrett_Reduction::for_public_modulus(), Botan::BigInt::from_s32(), Botan::OID::has_value(), Botan::is_bailie_psw_probable_prime(), mod_order(), Botan::BigInt::power_of_2(), and Botan::BigInt::set_bit().

◆ EC_Group() [3/9]

Botan::EC_Group::EC_Group ( std::span< const uint8_t > ber)
explicit

Decode a BER encoded ECC domain parameter set

Parameters
berthe bytes of the BER encoding

Definition at line 521 of file ec_group.cpp.

521 {
522 auto data = BER_decode_EC_group(ber, EC_Group_Source::ExternalSource);
523 m_data = data.first;
524 m_explicit_encoding = data.second;
525}

References Botan::ExternalSource.

◆ EC_Group() [4/9]

Botan::EC_Group::EC_Group ( const uint8_t ber[],
size_t ber_len )
inline

Definition at line 184 of file ec_group.h.

184: EC_Group(std::span{ber, ber_len}) {}
Botan::EC_Group::EC_Group
EC_Group()

References EC_Group().

◆ EC_Group() [5/9]

Botan::EC_Group::EC_Group ( const OID & oid)
inlineexplicit

Create an EC domain by OID (or throw if unknown)

Parameters
oidthe OID of the EC domain to create

Definition at line 190 of file ec_group.h.

190{ *this = EC_Group::from_OID(oid); }
Botan::EC_Group::from_OID
static EC_Group from_OID(const OID &oid)
Definition ec_group.cpp:373

References EC_Group(), and from_OID().

◆ EC_Group() [6/9]

Botan::EC_Group::EC_Group ( std::string_view pem_or_oid)
explicit

Create an EC domain from PEM encoding (as from PEM_encode()), or from an OID name (eg "secp256r1", or "1.2.840.10045.3.1.7")

Parameters
pem_or_oidPEM-encoded data, or an OID
Warning
Support for PEM in this function is deprecated. Use EC_Group::from_PEM or EC_Group::from_OID or EC_Group::from_name

Definition at line 398 of file ec_group.cpp.

398 {
399 if(str.empty()) {
400 return; // no initialization / uninitialized
401 }
402
403 try {
404 const OID oid = OID::from_string(str);
405 if(oid.has_value()) {
406 m_data = ec_group_data().lookup(oid);
407 }
408 } catch(...) {}
409
410 if(m_data == nullptr) {
411 if(str.size() > 30 && str.starts_with("-----BEGIN EC PARAMETERS-----")) {
412 // OK try it as PEM ...
413 const auto ber = PEM_Code::decode_check_label(str, "EC PARAMETERS");
414
415 auto data = BER_decode_EC_group(ber, EC_Group_Source::ExternalSource);
416 this->m_data = data.first;
417 this->m_explicit_encoding = data.second;
418 }
419 }
420
421 if(m_data == nullptr) {
422 throw Invalid_Argument(fmt("Unknown ECC group '{}'", str));
423 }
424}
Botan::OID::from_string
static OID from_string(std::string_view str)
Definition asn1_oid.cpp:86
Botan::PEM_Code::decode_check_label
secure_vector< uint8_t > decode_check_label(DataSource &source, std::string_view label_want)
Definition pem.cpp:49
Botan::fmt
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53

References Botan::PEM_Code::decode_check_label(), Botan::ExternalSource, Botan::fmt(), Botan::OID::from_string(), and Botan::OID::has_value().

◆ EC_Group() [7/9]

Botan::EC_Group::EC_Group ( )
default

Create an uninitialized EC_Group

References EC_Group().

Referenced by from_name(), from_OID(), and from_PEM().

◆ ~EC_Group()

Botan::EC_Group::~EC_Group ( )
default

References EC_Group().

◆ EC_Group() [8/9]

Botan::EC_Group::EC_Group ( const EC_Group & )
default

References EC_Group().

◆ EC_Group() [9/9]

Botan::EC_Group::EC_Group ( EC_Group && )
default

References EC_Group().

Member Function Documentation

◆ _data()

const std::shared_ptr< EC_Group_Data > & Botan::EC_Group::_data ( ) const
inline

Definition at line 462 of file ec_group.h.

462{ return m_data; }

Referenced by Botan::EC_AffinePoint::deserialize(), Botan::EC_Scalar::deserialize(), Botan::EC_AffinePoint::EC_AffinePoint(), Botan::EC_Scalar::EC_Scalar(), Botan::EC_Scalar::from_bigint(), Botan::EC_Scalar::from_bytes_mod_order(), Botan::EC_Scalar::from_bytes_with_trunc(), Botan::EC_AffinePoint::hash_to_curve_nu(), Botan::EC_AffinePoint::hash_to_curve_ro(), Botan::EC_Scalar::one(), and Botan::EC_Scalar::random().

◆ a_is_minus_3()

bool Botan::EC_Group::a_is_minus_3 ( ) const
inline

Return if a == -3 mod p

Definition at line 654 of file ec_group.h.

654{ return get_a() + 3 == get_p(); }
Botan::EC_Group::get_a
const BigInt & get_a() const
Definition ec_group.cpp:554
Botan::EC_Group::get_p
const BigInt & get_p() const
Definition ec_group.cpp:550

References a_is_minus_3(), get_a(), and get_p().

Referenced by a_is_minus_3().

◆ a_is_zero()

bool Botan::EC_Group::a_is_zero ( ) const
inline

Return if a == 0 mod p

Definition at line 659 of file ec_group.h.

659{ return get_a().is_zero(); }
Botan::BigInt::is_zero
bool is_zero() const
Definition bigint.h:457

References a_is_zero(), and get_a().

Referenced by a_is_zero().

◆ clear_registered_curve_data()

size_t Botan::EC_Group::clear_registered_curve_data ( )
static

Definition at line 187 of file ec_group.cpp.

187 {
188 return ec_group_data().clear();
189}

◆ cube_mod_order()

BigInt Botan::EC_Group::cube_mod_order ( const BigInt & x) const
inline

Definition at line 707 of file ec_group.h.

707 {
708 auto xs = EC_Scalar::from_bigint(*this, x);
709 return (xs * xs * xs).to_bigint();
710 }
Botan::EC_Scalar::from_bigint
static EC_Scalar from_bigint(const EC_Group &group, const BigInt &bn)
Definition ec_scalar.cpp:69

References cube_mod_order(), and Botan::EC_Scalar::from_bigint().

Referenced by cube_mod_order().

◆ DER_encode() [1/2]

std::vector< uint8_t > Botan::EC_Group::DER_encode ( ) const

Create the DER encoding of this domain, using namedCurve format

Returns
the group information encoded as DER

Definition at line 630 of file ec_group.cpp.

630 {
631 const auto& der_named_curve = data().der_named_curve();
632 // TODO(Botan4) this can be removed because an OID will always be defined
633 if(der_named_curve.empty()) {
634 throw Encoding_Error("Cannot encode EC_Group as OID because OID not set");
635 }
636
637 return der_named_curve;
638}

Referenced by DER_encode(), and PEM_encode().

◆ DER_encode() [2/2]

std::vector< uint8_t > Botan::EC_Group::DER_encode ( EC_Group_Encoding form) const

Create the DER encoding of this domain

Parameters
formof encoding to use
Returns
the group information encoded as DER

Definition at line 640 of file ec_group.cpp.

640 {
641 if(form == EC_Group_Encoding::Explicit) {
642 std::vector<uint8_t> output;
643 DER_Encoder der(output);
644 const size_t ecpVers1 = 1;
645 const OID curve_type("1.2.840.10045.1.1"); // prime field
646
647 const size_t p_bytes = get_p_bytes();
648
649 const auto generator = EC_AffinePoint::generator(*this).serialize_uncompressed();
650
651 der.start_sequence()
652 .encode(ecpVers1)
653 .start_sequence()
654 .encode(curve_type)
655 .encode(get_p())
656 .end_cons()
657 .start_sequence()
658 .encode(get_a().serialize(p_bytes), ASN1_Type::OctetString)
659 .encode(get_b().serialize(p_bytes), ASN1_Type::OctetString)
660 .end_cons()
661 .encode(generator, ASN1_Type::OctetString)
662 .encode(get_order())
663 .encode(get_cofactor())
664 .end_cons();
665 return output;
666 } else if(form == EC_Group_Encoding::NamedCurve) {
667 return this->DER_encode();
668 } else if(form == EC_Group_Encoding::ImplicitCA) {
669 return {0x00, 0x05};
670 } else {
671 throw Internal_Error("EC_Group::DER_encode: Unknown encoding");
672 }
673}
Botan::EC_AffinePoint::serialize_uncompressed
T serialize_uncompressed() const
Definition ec_apoint.h:203
Botan::EC_AffinePoint::generator
static EC_AffinePoint generator(const EC_Group &group)
Return the standard group generator.
Definition ec_apoint.cpp:84
Botan::EC_Group::get_b
const BigInt & get_b() const
Definition ec_group.cpp:558
Botan::EC_Group::get_cofactor
const BigInt & get_cofactor() const
Definition ec_group.cpp:610
Botan::EC_Group::get_order
const BigInt & get_order() const
Definition ec_group.cpp:598
Botan::EC_Group::DER_encode
std::vector< uint8_t > DER_encode() const
Definition ec_group.cpp:630
Botan::EC_Group::get_p_bytes
size_t get_p_bytes() const
Definition ec_group.cpp:538

References DER_encode(), Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::Explicit, Botan::EC_AffinePoint::generator(), get_a(), get_b(), get_cofactor(), get_order(), get_p(), get_p_bytes(), Botan::ImplicitCA, Botan::NamedCurve, Botan::OctetString, Botan::EC_AffinePoint::serialize_uncompressed(), and Botan::DER_Encoder::start_sequence().

Referenced by Botan::EC_PublicKey::DER_domain(), and Botan::TLS::Signature_Scheme::key_algorithm_identifier().

◆ EC_Group_from_PEM()

EC_Group Botan::EC_Group::EC_Group_from_PEM ( std::string_view pem)
inlinestatic

Definition at line 217 of file ec_group.h.

217 {
218 return EC_Group::from_PEM(pem);
219 }
Botan::EC_Group::from_PEM
static EC_Group from_PEM(std::string_view pem)
Definition ec_group.cpp:427

References BOTAN_DEPRECATED, EC_Group(), EC_Group_from_PEM(), and from_PEM().

Referenced by EC_Group_from_PEM().

◆ EC_group_identity_from_order()

OID Botan::EC_Group::EC_group_identity_from_order ( const BigInt & order)
static

Definition at line 356 of file ec_named.cpp.

357 {
358 const uint32_t low_bits = static_cast<uint32_t>(order.word_at(0));
359
360 if(low_bits == 0xFC632551 && order == BigInt("0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551")) {
361 return OID{1, 2, 840, 10045, 3, 1, 7};
362 }
363
364 if(low_bits == 0xCCC52973 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) {
365 return OID{1, 3, 132, 0, 34};
366 }
367
368 if(low_bits == 0x91386409 && order == BigInt("0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409")) {
369 return OID{1, 3, 132, 0, 35};
370 }
371
372 if(low_bits == 0x9E60FC09 && order == BigInt("0xE95E4A5F737059DC60DF5991D45029409E60FC09")) {
373 return OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 1};
374 }
375
376 if(low_bits == 0x9AC4ACC1 && order == BigInt("0xC302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1")) {
377 return OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 3};
378 }
379
380 if(low_bits == 0xA5A7939F && order == BigInt("0xD7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F")) {
381 return OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 5};
382 }
383
384 if(low_bits == 0x974856A7 && order == BigInt("0xA9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7")) {
385 return OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 7};
386 }
387
388 if(low_bits == 0x44C59311 && order == BigInt("0xD35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311")) {
389 return OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 9};
390 }
391
392 if(low_bits == 0xE9046565 && order == BigInt("0x8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565")) {
393 return OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 11};
394 }
395
396 if(low_bits == 0x9CA90069 && order == BigInt("0xAADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069")) {
397 return OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 13};
398 }
399
400 if(low_bits == 0xC6D655E1 && order == BigInt("0xF1FD178C0B3AD58F10126DE8CE42435B53DC67E140D2BF941FFDD459C6D655E1")) {
401 return OID{1, 2, 250, 1, 223, 101, 256, 1};
402 }
403
404 if(low_bits == 0xB761B893 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6C611070995AD10045841B09B761B893")) {
405 return OID{1, 2, 643, 7, 1, 2, 1, 1, 1};
406 }
407
408 if(low_bits == 0x1F10B275 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF27E69532F48D89116FF22B8D4E0560609B4B38ABFAD2B85DCACDB1411F10B275")) {
409 return OID{1, 2, 643, 7, 1, 2, 1, 2, 1};
410 }
411
412 if(low_bits == 0xCA16B6B3 && order == BigInt("0x100000000000000000001B8FA16DFAB9ACA16B6B3")) {
413 return OID{1, 3, 132, 0, 9};
414 }
415
416 if(low_bits == 0xCA752257 && order == BigInt("0x100000000000000000001F4C8F927AED3CA752257")) {
417 return OID{1, 3, 132, 0, 8};
418 }
419
420 if(low_bits == 0xF3A1A16B && order == BigInt("0x100000000000000000000351EE786A818F3A1A16B")) {
421 return OID{1, 3, 132, 0, 30};
422 }
423
424 if(low_bits == 0x74DEFD8D && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D")) {
425 return OID{1, 3, 132, 0, 31};
426 }
427
428 if(low_bits == 0xB4D22831 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831")) {
429 return OID{1, 2, 840, 10045, 3, 1, 1};
430 }
431
432 if(low_bits == 0x769FB1F7 && order == BigInt("0x10000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7")) {
433 return OID{1, 3, 132, 0, 32};
434 }
435
436 if(low_bits == 0x5C5C2A3D && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D")) {
437 return OID{1, 3, 132, 0, 33};
438 }
439
440 if(low_bits == 0xD0364141 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141")) {
441 return OID{1, 3, 132, 0, 10};
442 }
443
444 if(low_bits == 0x39D54123 && order == BigInt("0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123")) {
445 return OID{1, 2, 156, 10197, 1, 301};
446 }
447
448 if(low_bits == 0x48D8DD31 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31")) {
449 return OID{1, 2, 840, 10045, 3, 1, 2};
450 }
451
452 if(low_bits == 0xF640EC13 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13")) {
453 return OID{1, 2, 840, 10045, 3, 1, 3};
454 }
455
456 if(low_bits == 0x88909D0B && order == BigInt("0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B")) {
457 return OID{1, 2, 840, 10045, 3, 1, 4};
458 }
459
460 if(low_bits == 0xBC582063 && order == BigInt("0x7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063")) {
461 return OID{1, 2, 840, 10045, 3, 1, 5};
462 }
463
464 if(low_bits == 0x46526551 && order == BigInt("0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551")) {
465 return OID{1, 2, 840, 10045, 3, 1, 6};
466 }
467
468 if(low_bits == 0x0433555D && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5B3CA4FB94E7831B4FC258ED97D0BDC63B568B36607CD243CE153F390433555D")) {
469 return OID{1, 3, 6, 1, 4, 1, 25258, 4, 3};
470 }
471
472 return OID();
473}

References Botan::BigInt::word_at().

◆ EC_group_info()

std::shared_ptr< EC_Group_Data > Botan::EC_Group::EC_group_info ( const OID & oid)
static

Definition at line 15 of file ec_named.cpp.

15 {
16 // secp256r1
17 if(oid == OID{1, 2, 840, 10045, 3, 1, 7}) {
18 return load_EC_group_info(
19 "0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
20 "0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
21 "0x5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
22 "0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",
23 "0x4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5",
24 "0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",
25 oid);
26 }
27
28 // secp384r1
29 if(oid == OID{1, 3, 132, 0, 34}) {
30 return load_EC_group_info(
31 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF",
32 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC",
33 "0xB3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF",
34 "0xAA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7",
35 "0x3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F",
36 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973",
37 oid);
38 }
39
40 // secp521r1
41 if(oid == OID{1, 3, 132, 0, 35}) {
42 return load_EC_group_info(
43 "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
44 "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",
45 "0x51953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",
46 "0xC6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",
47 "0x11839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650",
48 "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",
49 oid);
50 }
51
52 // brainpool160r1
53 if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 1}) {
54 return load_EC_group_info(
55 "0xE95E4A5F737059DC60DFC7AD95B3D8139515620F",
56 "0x340E7BE2A280EB74E2BE61BADA745D97E8F7C300",
57 "0x1E589A8595423412134FAA2DBDEC95C8D8675E58",
58 "0xBED5AF16EA3F6A4F62938C4631EB5AF7BDBCDBC3",
59 "0x1667CB477A1A8EC338F94741669C976316DA6321",
60 "0xE95E4A5F737059DC60DF5991D45029409E60FC09",
61 oid);
62 }
63
64 // brainpool192r1
65 if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 3}) {
66 return load_EC_group_info(
67 "0xC302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297",
68 "0x6A91174076B1E0E19C39C031FE8685C1CAE040E5C69A28EF",
69 "0x469A28EF7C28CCA3DC721D044F4496BCCA7EF4146FBF25C9",
70 "0xC0A0647EAAB6A48753B033C56CB0F0900A2F5C4853375FD6",
71 "0x14B690866ABD5BB88B5F4828C1490002E6773FA2FA299B8F",
72 "0xC302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1",
73 oid);
74 }
75
76 // brainpool224r1
77 if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 5}) {
78 return load_EC_group_info(
79 "0xD7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF",
80 "0x68A5E62CA9CE6C1C299803A6C1530B514E182AD8B0042A59CAD29F43",
81 "0x2580F63CCFE44138870713B1A92369E33E2135D266DBB372386C400B",
82 "0xD9029AD2C7E5CF4340823B2A87DC68C9E4CE3174C1E6EFDEE12C07D",
83 "0x58AA56F772C0726F24C6B89E4ECDAC24354B9E99CAA3F6D3761402CD",
84 "0xD7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F",
85 oid);
86 }
87
88 // brainpool256r1
89 if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 7}) {
90 return load_EC_group_info(
91 "0xA9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377",
92 "0x7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9",
93 "0x26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6",
94 "0x8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262",
95 "0x547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997",
96 "0xA9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7",
97 oid);
98 }
99
100 // brainpool320r1
101 if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 9}) {
102 return load_EC_group_info(
103 "0xD35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E27",
104 "0x3EE30B568FBAB0F883CCEBD46D3F3BB8A2A73513F5EB79DA66190EB085FFA9F492F375A97D860EB4",
105 "0x520883949DFDBC42D3AD198640688A6FE13F41349554B49ACC31DCCD884539816F5EB4AC8FB1F1A6",
106 "0x43BD7E9AFB53D8B85289BCC48EE5BFE6F20137D10A087EB6E7871E2A10A599C710AF8D0D39E20611",
107 "0x14FDD05545EC1CC8AB4093247F77275E0743FFED117182EAA9C77877AAAC6AC7D35245D1692E8EE1",
108 "0xD35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311",
109 oid);
110 }
111
112 // brainpool384r1
113 if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 11}) {
114 return load_EC_group_info(
115 "0x8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53",
116 "0x7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826",
117 "0x4A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11",
118 "0x1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E",
119 "0x8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315",
120 "0x8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565",
121 oid);
122 }
123
124 // brainpool512r1
125 if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 13}) {
126 return load_EC_group_info(
127 "0xAADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3",
128 "0x7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA",
129 "0x3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723",
130 "0x81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822",
131 "0x7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892",
132 "0xAADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069",
133 oid);
134 }
135
136 // frp256v1
137 if(oid == OID{1, 2, 250, 1, 223, 101, 256, 1}) {
138 return load_EC_group_info(
139 "0xF1FD178C0B3AD58F10126DE8CE42435B3961ADBCABC8CA6DE8FCF353D86E9C03",
140 "0xF1FD178C0B3AD58F10126DE8CE42435B3961ADBCABC8CA6DE8FCF353D86E9C00",
141 "0xEE353FCA5428A9300D4ABA754A44C00FDFEC0C9AE4B1A1803075ED967B7BB73F",
142 "0xB6B3D4C356C139EB31183D4749D423958C27D2DCAF98B70164C97A2DD98F5CFF",
143 "0x6142E0F7C8B204911F9271F0F3ECEF8C2701C307E8E4C9E183115A1554062CFB",
144 "0xF1FD178C0B3AD58F10126DE8CE42435B53DC67E140D2BF941FFDD459C6D655E1",
145 oid);
146 }
147
148 // gost_256A
149 if(oid == OID{1, 2, 643, 7, 1, 2, 1, 1, 1} || oid == OID{1, 2, 643, 2, 2, 35, 1} || oid == OID{1, 2, 643, 2, 2, 36, 0}) {
150 return load_EC_group_info(
151 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD97",
152 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD94",
153 "0xA6",
154 "0x1",
155 "0x8D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14",
156 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6C611070995AD10045841B09B761B893",
157 OID{1, 2, 643, 7, 1, 2, 1, 1, 1});
158 }
159
160 // gost_512A
161 if(oid == OID{1, 2, 643, 7, 1, 2, 1, 2, 1}) {
162 return load_EC_group_info(
163 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC7",
164 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC4",
165 "0xE8C2505DEDFC86DDC1BD0B2B6667F1DA34B82574761CB0E879BD081CFD0B6265EE3CB090F30D27614CB4574010DA90DD862EF9D4EBEE4761503190785A71C760",
166 "0x3",
167 "0x7503CFE87A836AE3A61B8816E25450E6CE5E1C93ACF1ABC1778064FDCBEFA921DF1626BE4FD036E93D75E6A50E3A41E98028FE5FC235F5B889A589CB5215F2A4",
168 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF27E69532F48D89116FF22B8D4E0560609B4B38ABFAD2B85DCACDB1411F10B275",
169 oid);
170 }
171
172 // secp160k1
173 if(oid == OID{1, 3, 132, 0, 9}) {
174 return load_EC_group_info(
175 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
176 "0x0",
177 "0x7",
178 "0x3B4C382CE37AA192A4019E763036F4F5DD4D7EBB",
179 "0x938CF935318FDCED6BC28286531733C3F03C4FEE",
180 "0x100000000000000000001B8FA16DFAB9ACA16B6B3",
181 oid);
182 }
183
184 // secp160r1
185 if(oid == OID{1, 3, 132, 0, 8}) {
186 return load_EC_group_info(
187 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF",
188 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC",
189 "0x1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45",
190 "0x4A96B5688EF573284664698968C38BB913CBFC82",
191 "0x23A628553168947D59DCC912042351377AC5FB32",
192 "0x100000000000000000001F4C8F927AED3CA752257",
193 oid);
194 }
195
196 // secp160r2
197 if(oid == OID{1, 3, 132, 0, 30}) {
198 return load_EC_group_info(
199 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
200 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70",
201 "0xB4E134D3FB59EB8BAB57274904664D5AF50388BA",
202 "0x52DCB034293A117E1F4FF11B30F7199D3144CE6D",
203 "0xFEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E",
204 "0x100000000000000000000351EE786A818F3A1A16B",
205 oid);
206 }
207
208 // secp192k1
209 if(oid == OID{1, 3, 132, 0, 31}) {
210 return load_EC_group_info(
211 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37",
212 "0x0",
213 "0x3",
214 "0xDB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D",
215 "0x9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D",
216 "0xFFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D",
217 oid);
218 }
219
220 // secp192r1
221 if(oid == OID{1, 2, 840, 10045, 3, 1, 1}) {
222 return load_EC_group_info(
223 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
224 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
225 "0x64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1",
226 "0x188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012",
227 "0x7192B95FFC8DA78631011ED6B24CDD573F977A11E794811",
228 "0xFFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",
229 oid);
230 }
231
232 // secp224k1
233 if(oid == OID{1, 3, 132, 0, 32}) {
234 return load_EC_group_info(
235 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D",
236 "0x0",
237 "0x5",
238 "0xA1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C",
239 "0x7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5",
240 "0x10000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7",
241 oid);
242 }
243
244 // secp224r1
245 if(oid == OID{1, 3, 132, 0, 33}) {
246 return load_EC_group_info(
247 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
248 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
249 "0xB4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
250 "0xB70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
251 "0xBD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34",
252 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",
253 oid);
254 }
255
256 // secp256k1
257 if(oid == OID{1, 3, 132, 0, 10}) {
258 return load_EC_group_info(
259 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F",
260 "0x0",
261 "0x7",
262 "0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798",
263 "0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8",
264 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",
265 oid);
266 }
267
268 // sm2p256v1
269 if(oid == OID{1, 2, 156, 10197, 1, 301}) {
270 return load_EC_group_info(
271 "0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF",
272 "0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFC",
273 "0x28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93",
274 "0x32C4AE2C1F1981195F9904466A39C9948FE30BBFF2660BE1715A4589334C74C7",
275 "0xBC3736A2F4F6779C59BDCEE36B692153D0A9877CC62A474002DF32E52139F0A0",
276 "0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123",
277 oid);
278 }
279
280 // x962_p192v2
281 if(oid == OID{1, 2, 840, 10045, 3, 1, 2}) {
282 return load_EC_group_info(
283 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
284 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
285 "0xCC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953",
286 "0xEEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A",
287 "0x6574D11D69B6EC7A672BB82A083DF2F2B0847DE970B2DE15",
288 "0xFFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31",
289 oid);
290 }
291
292 // x962_p192v3
293 if(oid == OID{1, 2, 840, 10045, 3, 1, 3}) {
294 return load_EC_group_info(
295 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
296 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
297 "0x22123DC2395A05CAA7423DAECCC94760A7D462256BD56916",
298 "0x7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896",
299 "0x38A90F22637337334B49DCB66A6DC8F9978ACA7648A943B0",
300 "0xFFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13",
301 oid);
302 }
303
304 // x962_p239v1
305 if(oid == OID{1, 2, 840, 10045, 3, 1, 4}) {
306 return load_EC_group_info(
307 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
308 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
309 "0x6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A",
310 "0xFFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF",
311 "0x7DEBE8E4E90A5DAE6E4054CA530BA04654B36818CE226B39FCCB7B02F1AE",
312 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B",
313 oid);
314 }
315
316 // x962_p239v2
317 if(oid == OID{1, 2, 840, 10045, 3, 1, 5}) {
318 return load_EC_group_info(
319 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
320 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
321 "0x617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C",
322 "0x38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7",
323 "0x5B0125E4DBEA0EC7206DA0FC01D9B081329FB555DE6EF460237DFF8BE4BA",
324 "0x7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063",
325 oid);
326 }
327
328 // x962_p239v3
329 if(oid == OID{1, 2, 840, 10045, 3, 1, 6}) {
330 return load_EC_group_info(
331 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
332 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
333 "0x255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E",
334 "0x6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A",
335 "0x1607E6898F390C06BC1D552BAD226F3B6FCFE48B6E818499AF18E3ED6CF3",
336 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551",
337 oid);
338 }
339
340 // numsp512d1
341 if(oid == OID{1, 3, 6, 1, 4, 1, 25258, 4, 3}) {
342 return load_EC_group_info(
343 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC7",
344 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC4",
345 "0x1D99B",
346 "0x2",
347 "0x1C282EB23327F9711952C250EA61AD53FCC13031CF6DD336E0B9328433AFBDD8CC5A1C1F0C716FDC724DDE537C2B0ADB00BB3D08DC83755B205CC30D7F83CF28",
348 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5B3CA4FB94E7831B4FC258ED97D0BDC63B568B36607CD243CE153F390433555D",
349 oid);
350 }
351
352 return std::shared_ptr<EC_Group_Data>();
353}

◆ engine()

EC_Group_Engine Botan::EC_Group::engine ( ) const

Return how this EC_Group is implemented under the hood

This is mostly useful for diagnostic or debugging purposes

Definition at line 626 of file ec_group.cpp.

626 {
627 return data().engine();
628}

◆ from_name()

EC_Group Botan::EC_Group::from_name ( std::string_view name)
static

Initialize an EC group from a group common name (eg "secp256r1")

Definition at line 384 of file ec_group.cpp.

384 {
385 std::shared_ptr<EC_Group_Data> data;
386
387 if(auto oid = OID::from_name(name)) {
388 data = ec_group_data().lookup(oid.value());
389 }
390
391 if(!data) {
392 throw Invalid_Argument(fmt("Unknown EC_Group '{}'", name));
393 }
394
395 return EC_Group(std::move(data));
396}
Botan::OID::from_name
static std::optional< OID > from_name(std::string_view name)
Definition asn1_oid.cpp:72

References EC_Group(), EC_Group(), Botan::fmt(), and Botan::OID::from_name().

Referenced by botan_ec_group_from_name(), Botan::create_private_key(), Botan::TLS::Signature_Scheme::key_algorithm_identifier(), Botan::TLS::Callbacks::tls_deserialize_peer_public_key(), and Botan::TLS::Callbacks::tls_generate_ephemeral_key().

◆ from_OID()

EC_Group Botan::EC_Group::from_OID ( const OID & oid)
static

Initialize an EC group from a group named by an object identifier

Definition at line 373 of file ec_group.cpp.

373 {
374 auto data = ec_group_data().lookup(oid);
375
376 if(!data) {
377 throw Invalid_Argument(fmt("No EC_Group associated with OID '{}'", oid.to_string()));
378 }
379
380 return EC_Group(std::move(data));
381}

References EC_Group(), EC_Group(), Botan::fmt(), and Botan::OID::to_string().

Referenced by botan_ec_group_from_oid(), EC_Group(), and Botan::GOST_3410_PublicKey::GOST_3410_PublicKey().

◆ from_PEM()

EC_Group Botan::EC_Group::from_PEM ( std::string_view pem)
static

Initialize an EC group from the PEM/ASN.1 encoding

Definition at line 427 of file ec_group.cpp.

427 {
428 const auto ber = PEM_Code::decode_check_label(pem, "EC PARAMETERS");
429 return EC_Group(ber);
430}

References Botan::PEM_Code::decode_check_label(), EC_Group(), and EC_Group().

Referenced by botan_ec_group_from_pem(), and EC_Group_from_PEM().

◆ get_a()

const BigInt & Botan::EC_Group::get_a ( ) const

Return the a parameter of the elliptic curve equation

Definition at line 554 of file ec_group.cpp.

554 {
555 return data().a();
556}

Referenced by a_is_minus_3(), a_is_zero(), DER_encode(), Botan::EC_PublicKey::get_int_field(), operator==(), Botan::sm2_compute_za(), and verify_group().

◆ get_b()

const BigInt & Botan::EC_Group::get_b ( ) const

Return the b parameter of the elliptic curve equation

Definition at line 558 of file ec_group.cpp.

558 {
559 return data().b();
560}

Referenced by DER_encode(), Botan::EC_PublicKey::get_int_field(), operator==(), Botan::sm2_compute_za(), and verify_group().

◆ get_cofactor()

const BigInt & Botan::EC_Group::get_cofactor ( ) const

Return the cofactor

Returns
the cofactor TODO(Botan4): Remove this

Definition at line 610 of file ec_group.cpp.

610 {
611 return data().cofactor();
612}

Referenced by DER_encode(), Botan::EC_PublicKey::get_int_field(), operator==(), and verify_group().

◆ get_curve_oid()

const OID & Botan::EC_Group::get_curve_oid ( ) const

Return the OID of these domain parameters

Returns
the OID

Definition at line 618 of file ec_group.cpp.

618 {
619 return data().oid();
620}

Referenced by Botan::GOST_3410_PublicKey::algorithm_identifier(), and Botan::TPM2::EC_PrivateKey::create_unrestricted_transient().

◆ get_g_x()

const BigInt & Botan::EC_Group::get_g_x ( ) const

Return the x coordinate of the base point

Definition at line 602 of file ec_group.cpp.

602 {
603 return data().g_x();
604}

Referenced by Botan::EC_AffinePoint::generator(), Botan::EC_PublicKey::get_int_field(), operator==(), and Botan::sm2_compute_za().

◆ get_g_y()

const BigInt & Botan::EC_Group::get_g_y ( ) const

Return the y coordinate of the base point

Definition at line 606 of file ec_group.cpp.

606 {
607 return data().g_y();
608}

Referenced by Botan::EC_AffinePoint::generator(), Botan::EC_PublicKey::get_int_field(), operator==(), and Botan::sm2_compute_za().

◆ get_order()

const BigInt & Botan::EC_Group::get_order ( ) const

Return the order of the base point

Returns
order of the base point

Definition at line 598 of file ec_group.cpp.

598 {
599 return data().order();
600}

Referenced by DER_encode(), Botan::EC_PublicKey::get_int_field(), operator==(), and verify_group().

◆ get_order_bits()

size_t Botan::EC_Group::get_order_bits ( ) const

Return the size of group order in bits (same as get_order().bits())

Definition at line 542 of file ec_group.cpp.

542 {
543 return data().order_bits();
544}

Referenced by Botan::EC_Scalar::hash().

◆ get_order_bytes()

size_t Botan::EC_Group::get_order_bytes ( ) const

Return the size of the group order in bytes (same as get_order().bytes())

Definition at line 546 of file ec_group.cpp.

546 {
547 return data().order_bytes();
548}

Referenced by Botan::GOST_3410_PublicKey::_signature_element_size_for_DER_encoding().

◆ get_p()

const BigInt & Botan::EC_Group::get_p ( ) const

Return the prime modulus of the field

Definition at line 550 of file ec_group.cpp.

550 {
551 return data().p();
552}

Referenced by a_is_minus_3(), DER_encode(), Botan::EC_AffinePoint::from_bigint_xy(), Botan::EC_PublicKey::get_int_field(), operator==(), and verify_group().

◆ get_p_bits()

size_t Botan::EC_Group::get_p_bits ( ) const

Return the size of p in bits (same as get_p().bits())

Definition at line 534 of file ec_group.cpp.

534 {
535 return data().p_bits();
536}

Referenced by Botan::GOST_3410_PublicKey::algo_name(), and Botan::EC_PublicKey::key_length().

◆ get_p_bytes()

size_t Botan::EC_Group::get_p_bytes ( ) const

Return the size of p in bytes (same as get_p().bytes())

Definition at line 538 of file ec_group.cpp.

538 {
539 return data().p_bytes();
540}

Referenced by DER_encode(), Botan::EC_AffinePoint::from_bigint_xy(), point_size(), and Botan::sm2_compute_za().

◆ has_cofactor()

bool Botan::EC_Group::has_cofactor ( ) const

Return true if the cofactor is > 1 TODO(Botan4): Remove this

Definition at line 614 of file ec_group.cpp.

614 {
615 return data().has_cofactor();
616}

◆ initialized()

bool Botan::EC_Group::initialized ( ) const
inline

Definition at line 234 of file ec_group.h.

234{ return (m_data != nullptr); }

References initialized().

Referenced by initialized().

◆ inverse_mod_order()

BigInt Botan::EC_Group::inverse_mod_order ( const BigInt & x) const
inline

Definition at line 671 of file ec_group.h.

671 {
672 return EC_Scalar::from_bigint(*this, x).invert().to_bigint();
673 }
Botan::EC_Scalar::to_bigint
BigInt to_bigint() const
Definition ec_scalar.cpp:77
Botan::EC_Scalar::invert
EC_Scalar invert() const
Definition ec_scalar.cpp:137

References Botan::EC_Scalar::from_bigint(), and inverse_mod_order().

Referenced by inverse_mod_order().

◆ known_named_groups()

const std::set< std::string > & Botan::EC_Group::known_named_groups ( )
static

Return a set of known named EC groups

This returns the set of groups for which from_name should succeed Note that the set of included groups can vary based on the build configuration.

Definition at line 476 of file ec_named.cpp.

476 {
477 static const std::set<std::string> named_groups = {
478#if defined(BOTAN_HAS_PCURVES_BRAINPOOL256R1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
479 "brainpool256r1",
480#endif
481
482#if defined(BOTAN_HAS_PCURVES_BRAINPOOL384R1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
483 "brainpool384r1",
484#endif
485
486#if defined(BOTAN_HAS_PCURVES_BRAINPOOL512R1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
487 "brainpool512r1",
488#endif
489
490#if defined(BOTAN_HAS_PCURVES_FRP256V1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
491 "frp256v1",
492#endif
493
494#if defined(BOTAN_HAS_PCURVES_NUMSP512D1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
495 "numsp512d1",
496#endif
497
498#if defined(BOTAN_HAS_PCURVES_SECP192R1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
499 "secp192r1",
500#endif
501
502#if defined(BOTAN_HAS_PCURVES_SECP224R1) || defined(BOTAN_HAS_LEGACY_EC_POINT)
503 // Not supported by pcurves_generic
504 "secp224r1",
505#endif
506
507#if defined(BOTAN_HAS_PCURVES_SECP256K1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
508 "secp256k1",
509#endif
510
511#if defined(BOTAN_HAS_PCURVES_SECP256R1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
512 "secp256r1",
513#endif
514
515#if defined(BOTAN_HAS_PCURVES_SECP384R1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
516 "secp384r1",
517#endif
518
519#if defined(BOTAN_HAS_PCURVES_SECP521R1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
520 "secp521r1",
521#endif
522
523#if defined(BOTAN_HAS_PCURVES_SM2P256V1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
524 "sm2p256v1",
525#endif
526
527#if defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
528 "brainpool192r1",
529 "brainpool224r1",
530 "brainpool320r1",
531 "gost_256A",
532 "gost_512A",
533 "secp192k1",
534 "x962_p192v2",
535 "x962_p192v3",
536 "x962_p239v1",
537 "x962_p239v2",
538 "x962_p239v3",
539#endif
540
541#if defined(BOTAN_HAS_LEGACY_EC_POINT)
542 "brainpool160r1",
543 "secp160k1",
544 "secp160r1",
545 "secp160r2",
546 "secp224k1",
547#endif
548 };
549
550 return named_groups;
551}

Referenced by supports_named_group().

◆ mod_order()

BigInt Botan::EC_Group::mod_order ( const BigInt & x) const
inline

Definition at line 664 of file ec_group.h.

664 {
665 return EC_Scalar::from_bytes_mod_order(*this, x.serialize()).to_bigint();
666 }
Botan::EC_Scalar::from_bytes_mod_order
static EC_Scalar from_bytes_mod_order(const EC_Group &group, std::span< const uint8_t > bytes)
Definition ec_scalar.cpp:53

References Botan::EC_Scalar::from_bytes_mod_order(), and mod_order().

Referenced by EC_Group(), and mod_order().

◆ multiply_mod_order() [1/2]

BigInt Botan::EC_Group::multiply_mod_order ( const BigInt & x,
const BigInt & y ) const
inline

Definition at line 687 of file ec_group.h.

687 {
688 auto xs = EC_Scalar::from_bigint(*this, x);
689 auto ys = EC_Scalar::from_bigint(*this, y);
690 return (xs * ys).to_bigint();
691 }

References Botan::EC_Scalar::from_bigint(), and multiply_mod_order().

Referenced by multiply_mod_order(), and multiply_mod_order().

◆ multiply_mod_order() [2/2]

BigInt Botan::EC_Group::multiply_mod_order ( const BigInt & x,
const BigInt & y,
const BigInt & z ) const
inline

Definition at line 697 of file ec_group.h.

697 {
698 auto xs = EC_Scalar::from_bigint(*this, x);
699 auto ys = EC_Scalar::from_bigint(*this, y);
700 auto zs = EC_Scalar::from_bigint(*this, z);
701 return (xs * ys * zs).to_bigint();
702 }

References Botan::EC_Scalar::from_bigint(), and multiply_mod_order().

◆ operator=() [1/2]

EC_Group & Botan::EC_Group::operator= ( const EC_Group & )
default

References EC_Group().

◆ operator=() [2/2]

EC_Group & Botan::EC_Group::operator= ( EC_Group && )
default

References EC_Group().

◆ operator==()

bool Botan::EC_Group::operator== ( const EC_Group & other) const

Definition at line 680 of file ec_group.cpp.

680 {
681 if(m_data == other.m_data) {
682 return true; // same shared rep
683 }
684
685 return (get_p() == other.get_p() && get_a() == other.get_a() && get_b() == other.get_b() &&
686 get_g_x() == other.get_g_x() && get_g_y() == other.get_g_y() && get_order() == other.get_order() &&
687 get_cofactor() == other.get_cofactor());
688}
Botan::EC_Group::get_g_y
const BigInt & get_g_y() const
Definition ec_group.cpp:606
Botan::EC_Group::get_g_x
const BigInt & get_g_x() const
Definition ec_group.cpp:602

References EC_Group(), get_a(), get_b(), get_cofactor(), get_g_x(), get_g_y(), get_order(), and get_p().

◆ PEM_encode()

std::string Botan::EC_Group::PEM_encode ( EC_Group_Encoding form = EC_Group_Encoding::Explicit) const

Return the PEM encoding

Returns
string containing PEM data
Warning
In Botan4 the form parameter will be removed and only namedCurve will be supported

TODO(Botan4) remove the argument

Definition at line 675 of file ec_group.cpp.

675 {
676 const std::vector<uint8_t> der = DER_encode(form);
677 return PEM_Code::encode(der, "EC PARAMETERS");
678}
Botan::PEM_Code::encode
std::string encode(const uint8_t der[], size_t length, std::string_view label, size_t width)
Definition pem.cpp:39

References DER_encode(), and Botan::PEM_Code::encode().

◆ point_size()

size_t Botan::EC_Group::point_size ( EC_Point_Format format) const
inline

Definition at line 712 of file ec_group.h.

712 {
713 // Hybrid and standard format are (x,y), compressed is y, +1 format byte
714 if(format == EC_Point_Format::Compressed) {
715 return (1 + get_p_bytes());
716 } else {
717 return (1 + 2 * get_p_bytes());
718 }
719 }

References Botan::Compressed, get_p_bytes(), and point_size().

Referenced by point_size().

◆ source()

EC_Group_Source Botan::EC_Group::source ( ) const

Definition at line 622 of file ec_group.cpp.

622 {
623 return data().source();
624}

Referenced by verify_group().

◆ square_mod_order()

BigInt Botan::EC_Group::square_mod_order ( const BigInt & x) const
inline

Definition at line 678 of file ec_group.h.

678 {
679 auto xs = EC_Scalar::from_bigint(*this, x);
680 xs.square_self();
681 return xs.to_bigint();
682 }

References Botan::EC_Scalar::from_bigint(), and square_mod_order().

Referenced by square_mod_order().

◆ supports_application_specific_group()

bool Botan::EC_Group::supports_application_specific_group ( )
static

Return true if in this build configuration it is possible to register an application specific elliptic curve.

Definition at line 355 of file ec_group.cpp.

355 {
356#if defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
357 return true;
358#else
359 return false;
360#endif
361}

Referenced by botan_ec_group_supports_application_specific_group().

◆ supports_application_specific_group_with_cofactor()

bool Botan::EC_Group::supports_application_specific_group_with_cofactor ( )
static

Return true if in this build configuration it is possible to register an application specific elliptic curve with a cofactor larger than 1.

Definition at line 364 of file ec_group.cpp.

364 {
365#if defined(BOTAN_HAS_LEGACY_EC_POINT)
366 return true;
367#else
368 return false;
369#endif
370}

◆ supports_named_group()

bool Botan::EC_Group::supports_named_group ( std::string_view name)
static

Return true if in this build configuration EC_Group::from_name(name) will succeed

Definition at line 350 of file ec_group.cpp.

350 {
351 return EC_Group::known_named_groups().contains(std::string(name));
352}
Botan::EC_Group::known_named_groups
static const std::set< std::string > & known_named_groups()
Definition ec_named.cpp:476

References known_named_groups().

Referenced by botan_ec_group_supports_named_group(), and Botan::create_private_key().

◆ used_explicit_encoding()

bool Botan::EC_Group::used_explicit_encoding ( ) const
inline

Return true if this EC_Group was derived from an explicit encoding

Explicit encoding of groups is deprecated; when support for explicit curves is removed in a future major release, this function will also be removed.

Definition at line 270 of file ec_group.h.

270{ return m_explicit_encoding; }

Referenced by botan_pubkey_ecc_key_used_explicit_encoding().

◆ verify_group()

bool Botan::EC_Group::verify_group ( RandomNumberGenerator & rng,
bool strong = false ) const

Verify EC_Group domain

Returns
true if group is valid. false otherwise

Definition at line 690 of file ec_group.cpp.

690 {
691 const bool is_builtin = source() == EC_Group_Source::Builtin;
692
693 if(is_builtin && !strong) {
694 return true;
695 }
696
697 // TODO(Botan4) this can probably all be removed once the deprecated EC_Group
698 // constructor is removed, since at that point it no longer becomes possible
699 // to create an EC_Group which fails to satisfy these conditions
700
701 const BigInt& p = get_p();
702 const BigInt& a = get_a();
703 const BigInt& b = get_b();
704 const BigInt& order = get_order();
705
706 if(p <= 3 || order <= 0) {
707 return false;
708 }
709 if(a < 0 || a >= p) {
710 return false;
711 }
712 if(b <= 0 || b >= p) {
713 return false;
714 }
715
716 const size_t test_prob = 128;
717 const bool is_randomly_generated = is_builtin;
718
719 //check if field modulus is prime
720 if(!is_prime(p, rng, test_prob, is_randomly_generated)) {
721 return false;
722 }
723
724 //check if order is prime
725 if(!is_prime(order, rng, test_prob, is_randomly_generated)) {
726 return false;
727 }
728
729 //compute the discriminant: 4*a^3 + 27*b^2 which must be nonzero
730 auto mod_p = Barrett_Reduction::for_public_modulus(p);
731
732 const BigInt discriminant = mod_p.reduce(mod_p.multiply(BigInt::from_s32(4), mod_p.cube(a)) +
733 mod_p.multiply(BigInt::from_s32(27), mod_p.square(b)));
734
735 if(discriminant == 0) {
736 return false;
737 }
738
739 //check for valid cofactor
740 if(get_cofactor() < 1) {
741 return false;
742 }
743
744#if defined(BOTAN_HAS_LEGACY_EC_POINT)
745 const EC_Point& base_point = get_base_point();
746 //check if the base point is on the curve
747 if(!base_point.on_the_curve()) {
748 return false;
749 }
750 if((base_point * get_cofactor()).is_zero()) {
751 return false;
752 }
753 //check if order of the base point is correct
754 if(!(base_point * order).is_zero()) {
755 return false;
756 }
757#endif
758
759 // check the Hasse bound (roughly)
760 if((p - get_cofactor() * order).abs().bits() > (p.bits() / 2) + 1) {
761 return false;
762 }
763
764 return true;
765}
Botan::EC_Group::source
EC_Group_Source source() const
Definition ec_group.cpp:622
Botan::is_prime
bool is_prime(const BigInt &n, RandomNumberGenerator &rng, size_t prob, bool is_random)
Definition numthry.cpp:354

References Botan::abs(), Botan::BigInt::bits(), Botan::Builtin, Botan::Barrett_Reduction::for_public_modulus(), Botan::BigInt::from_s32(), get_a(), get_b(), get_cofactor(), get_order(), get_p(), Botan::is_prime(), Botan::EC_Point::on_the_curve(), and source().

Referenced by Botan::EC_PublicKey::check_key().

The documentation for this class was generated from the following files:
Generated by doxygen 1.14.0