Botan 3.0.0
Crypto and TLS for C&
Public Member Functions | Static Public Member Functions | List of all members
Botan::EC_Group Class Referencefinal

#include <ec_group.h>

Public Member Functions

bool a_is_minus_3 () const
 
bool a_is_zero () const
 
EC_Point blinded_base_point_multiply (const BigInt &k, RandomNumberGenerator &rng, std::vector< BigInt > &ws) const
 
BigInt blinded_base_point_multiply_x (const BigInt &k, RandomNumberGenerator &rng, std::vector< BigInt > &ws) const
 
EC_Point blinded_var_point_multiply (const EC_Point &point, const BigInt &k, RandomNumberGenerator &rng, std::vector< BigInt > &ws) const
 
BigInt cube_mod_order (const BigInt &x) const
 
std::vector< uint8_t > DER_encode (EC_Group_Encoding form) const
 
 EC_Group ()
 
 EC_Group (const BigInt &p, const BigInt &a, const BigInt &b, const BigInt &base_x, const BigInt &base_y, const BigInt &order, const BigInt &cofactor, const OID &oid=OID())
 
 EC_Group (const EC_Group &)=default
 
 EC_Group (const OID &oid)
 
template<typename Alloc >
 EC_Group (const std::vector< uint8_t, Alloc > &ber)
 
 EC_Group (const uint8_t ber[], size_t ber_len)
 
 EC_Group (EC_Group &&)=default
 
 EC_Group (std::string_view pem_or_oid)
 
const BigIntget_a () const
 
const BigIntget_b () const
 
const EC_Pointget_base_point () const
 
const BigIntget_cofactor () const
 
const OIDget_curve_oid () const
 
const BigIntget_g_x () const
 
const BigIntget_g_y () const
 
const BigIntget_order () const
 
size_t get_order_bits () const
 
size_t get_order_bytes () const
 
const BigIntget_p () const
 
size_t get_p_bits () const
 
size_t get_p_bytes () const
 
EC_Point hash_to_curve (std::string_view hash_fn, const uint8_t input[], size_t input_len, const uint8_t domain_sep[], size_t domain_sep_len, bool random_oracle=true) const
 
EC_Point hash_to_curve (std::string_view hash_fn, const uint8_t input[], size_t input_len, std::string_view domain_sep, bool random_oracle=true) const
 
bool initialized () const
 
BigInt inverse_mod_order (const BigInt &x) const
 
BigInt mod_order (const BigInt &x) const
 
BigInt multiply_mod_order (const BigInt &x, const BigInt &y) const
 
BigInt multiply_mod_order (const BigInt &x, const BigInt &y, const BigInt &z) const
 
EC_Groupoperator= (const EC_Group &)=default
 
EC_Groupoperator= (EC_Group &&)=default
 
bool operator== (const EC_Group &other) const
 
EC_Point OS2ECP (const uint8_t bits[], size_t len) const
 
EC_Point OS2ECP (std::span< const uint8_t > encoded_point) const
 
std::string PEM_encode () const
 
EC_Point point (const BigInt &x, const BigInt &y) const
 
EC_Point point_multiply (const BigInt &x, const EC_Point &pt, const BigInt &y) const
 
size_t point_size (EC_Point_Format format) const
 
BigInt random_scalar (RandomNumberGenerator &rng) const
 
EC_Group_Source source () const
 
BigInt square_mod_order (const BigInt &x) const
 
bool verify_group (RandomNumberGenerator &rng, bool strong=false) const
 
bool verify_public_element (const EC_Point &y) const
 
EC_Point zero_point () const
 
 ~EC_Group ()
 

Static Public Member Functions

static size_t clear_registered_curve_data ()
 
static EC_Group EC_Group_from_PEM (std::string_view pem)
 
static OID EC_group_identity_from_order (const BigInt &order)
 
static std::shared_ptr< EC_Group_Data > EC_group_info (const OID &oid)
 
static const std::set< std::string > & known_named_groups ()
 

Detailed Description

Class representing an elliptic curve

The internal representation is stored in a shared_ptr, so copying an EC_Group is inexpensive.

Definition at line 48 of file ec_group.h.

Constructor & Destructor Documentation

◆ EC_Group() [1/8]

Botan::EC_Group::EC_Group ( const BigInt p,
const BigInt a,
const BigInt b,
const BigInt base_x,
const BigInt base_y,
const BigInt order,
const BigInt cofactor,
const OID oid = OID() 
)

Construct Domain paramers from specified parameters

Parameters
pthe elliptic curve p
athe elliptic curve a param
bthe elliptic curve b param
base_xthe x coordinate of the base point
base_ythe y coordinate of the base point
orderthe order of the base point
cofactorthe cofactor
oidan optional OID used to identify this curve

Definition at line 470 of file ec_group.cpp.

478 {
479 m_data = ec_group_data().lookup_or_create(p, a, b, base_x, base_y, order, cofactor, oid,
480 EC_Group_Source::ExternalSource);
481 }

References Botan::ExternalSource.

◆ EC_Group() [2/8]

Botan::EC_Group::EC_Group ( const uint8_t  ber[],
size_t  ber_len 
)
explicit

Decode a BER encoded ECC domain parameter set

Parameters
berthe bytes of the BER encoding
ber_lenthe length of ber

Definition at line 483 of file ec_group.cpp.

484 {
485 m_data = BER_decode_EC_group(ber, ber_len, EC_Group_Source::ExternalSource);
486 }

References Botan::ExternalSource.

◆ EC_Group() [3/8]

template<typename Alloc >
Botan::EC_Group::EC_Group ( const std::vector< uint8_t, Alloc > &  ber)
inline

Definition at line 80 of file ec_group.h.

80 :
81 EC_Group(ber.data(), ber.size()) {}
Botan::EC_Group::EC_Group
EC_Group()

◆ EC_Group() [4/8]

Botan::EC_Group::EC_Group ( const OID oid)
explicit

Create an EC domain by OID (or throw if unknown)

Parameters
oidthe OID of the EC domain to create

Definition at line 427 of file ec_group.cpp.

428 {
429 this->m_data = ec_group_data().lookup(domain_oid);
430 if(!this->m_data)
431 throw Invalid_Argument("Unknown EC_Group " + domain_oid.to_string());
432 }

References Botan::OID::to_string().

◆ EC_Group() [5/8]

Botan::EC_Group::EC_Group ( std::string_view  pem_or_oid)
explicit

Create an EC domain from PEM encoding (as from PEM_encode), or from an OID name (eg "secp256r1", or "1.2.840.10045.3.1.7")

Parameters
pem_or_oidPEM-encoded data, or an OID
Warning
Support for PEM in this function is deprecated. Use EC_Group_from_PEM

Definition at line 434 of file ec_group.cpp.

435 {
436 if(str.empty())
437 return; // no initialization / uninitialized
438
439 try
440 {
441 const OID oid = OID::from_string(str);
442 if(oid.has_value())
443 m_data = ec_group_data().lookup(oid);
444 }
445 catch(...)
446 {
447 }
448
449 if(m_data == nullptr)
450 {
451 if(str.size() > 30 && str.substr(0, 29) == "-----BEGIN EC PARAMETERS-----")
452 {
453 // OK try it as PEM ...
454 secure_vector<uint8_t> ber = PEM_Code::decode_check_label(str, "EC PARAMETERS");
455 this->m_data = BER_decode_EC_group(ber.data(), ber.size(), EC_Group_Source::ExternalSource);
456 }
457 }
458
459 if(m_data == nullptr)
460 throw Invalid_Argument(fmt("Unknown ECC group '{}'", str));
461 }
Botan::OID::from_string
static OID from_string(std::string_view str)
Definition: asn1_oid.cpp:78
Botan::PEM_Code::decode_check_label
secure_vector< uint8_t > decode_check_label(DataSource &source, std::string_view label_want)
Definition: pem.cpp:53
Botan::fmt
std::string fmt(std::string_view format, const T &... args)
Definition: fmt.h:60

References Botan::PEM_Code::decode_check_label(), Botan::ExternalSource, Botan::fmt(), Botan::OID::from_string(), and Botan::OID::has_value().

◆ EC_Group() [6/8]

Botan::EC_Group::EC_Group ( )
default

Create an uninitialized EC_Group

Referenced by EC_Group_from_PEM().

◆ ~EC_Group()

Botan::EC_Group::~EC_Group ( )
default

◆ EC_Group() [7/8]

Botan::EC_Group::EC_Group ( const EC_Group )
default

◆ EC_Group() [8/8]

Botan::EC_Group::EC_Group ( EC_Group &&  )
default

Member Function Documentation

◆ a_is_minus_3()

bool Botan::EC_Group::a_is_minus_3 ( ) const

Return if a == -3 mod p

Definition at line 495 of file ec_group.cpp.

496 {
497 return data().a_is_minus_3();
498 }

◆ a_is_zero()

bool Botan::EC_Group::a_is_zero ( ) const

Return if a == 0 mod p

Definition at line 500 of file ec_group.cpp.

501 {
502 return data().a_is_zero();
503 }

◆ blinded_base_point_multiply()

EC_Point Botan::EC_Group::blinded_base_point_multiply ( const BigInt k,
RandomNumberGenerator rng,
std::vector< BigInt > &  ws 
) const

Blinded point multiplication, attempts resistance to side channels

Parameters
kthe scalar
rnga random number generator
wsa temp workspace
Returns
base_point*k

Definition at line 626 of file ec_group.cpp.

629 {
630 return data().blinded_base_point_multiply(k, rng, ws);
631 }

Referenced by Botan::EC_PrivateKey::EC_PrivateKey().

◆ blinded_base_point_multiply_x()

BigInt Botan::EC_Group::blinded_base_point_multiply_x ( const BigInt k,
RandomNumberGenerator rng,
std::vector< BigInt > &  ws 
) const

Blinded point multiplication, attempts resistance to side channels Returns just the x coordinate of the point

Parameters
kthe scalar
rnga random number generator
wsa temp workspace
Returns
x coordinate of base_point*k

Definition at line 633 of file ec_group.cpp.

636 {
637 const EC_Point pt = data().blinded_base_point_multiply(k, rng, ws);
638
639 if(pt.is_zero())
640 return BigInt::zero();
641 return pt.get_affine_x();
642 }
Botan::BigInt::zero
static BigInt zero()
Definition: bigint.h:45

References Botan::EC_Point::get_affine_x(), Botan::EC_Point::is_zero(), and Botan::BigInt::zero().

◆ blinded_var_point_multiply()

EC_Point Botan::EC_Group::blinded_var_point_multiply ( const EC_Point point,
const BigInt k,
RandomNumberGenerator rng,
std::vector< BigInt > &  ws 
) const

Blinded point multiplication, attempts resistance to side channels

Parameters
pointinput point
kthe scalar
rnga random number generator
wsa temp workspace
Returns
point*k

Definition at line 649 of file ec_group.cpp.

653 {
654 EC_Point_Var_Point_Precompute mul(point, rng, ws);
655 return mul.mul(k, rng, get_order(), ws);
656 }
Botan::EC_Group::get_order
const BigInt & get_order() const
Definition: ec_group.cpp:545
Botan::EC_Group::point
EC_Point point(const BigInt &x, const BigInt &y) const
Definition: ec_group.cpp:614

References get_order(), Botan::EC_Point_Var_Point_Precompute::mul(), and point().

◆ clear_registered_curve_data()

size_t Botan::EC_Group::clear_registered_curve_data ( )
static

Definition at line 329 of file ec_group.cpp.

330 {
331 return ec_group_data().clear();
332 }

◆ cube_mod_order()

BigInt Botan::EC_Group::cube_mod_order ( const BigInt x) const
inline

Definition at line 228 of file ec_group.h.

229 {
230 return multiply_mod_order(x, square_mod_order(x));
231 }
Botan::EC_Group::multiply_mod_order
BigInt multiply_mod_order(const BigInt &x, const BigInt &y) const
Definition: ec_group.cpp:575
Botan::EC_Group::square_mod_order
BigInt square_mod_order(const BigInt &x) const
Definition: ec_group.cpp:570

◆ DER_encode()

std::vector< uint8_t > Botan::EC_Group::DER_encode ( EC_Group_Encoding  form) const

Create the DER encoding of this domain

Parameters
formof encoding to use
Returns
bytes encododed as DER

Definition at line 704 of file ec_group.cpp.

705 {
706 std::vector<uint8_t> output;
707
708 DER_Encoder der(output);
709
710 if(form == EC_Group_Encoding::Explicit)
711 {
712 const size_t ecpVers1 = 1;
713 const OID curve_type("1.2.840.10045.1.1"); // prime field
714
715 const size_t p_bytes = get_p_bytes();
716
717 der.start_sequence()
718 .encode(ecpVers1)
719 .start_sequence()
720 .encode(curve_type)
721 .encode(get_p())
722 .end_cons()
723 .start_sequence()
724 .encode(BigInt::encode_1363(get_a(), p_bytes),
725 ASN1_Type::OctetString)
726 .encode(BigInt::encode_1363(get_b(), p_bytes),
727 ASN1_Type::OctetString)
728 .end_cons()
729 .encode(get_base_point().encode(EC_Point_Format::Uncompressed), ASN1_Type::OctetString)
730 .encode(get_order())
731 .encode(get_cofactor())
732 .end_cons();
733 }
734 else if(form == EC_Group_Encoding::NamedCurve)
735 {
736 const OID oid = get_curve_oid();
737 if(oid.empty())
738 {
739 throw Encoding_Error("Cannot encode EC_Group as OID because OID not set");
740 }
741 der.encode(oid);
742 }
743 else if(form == EC_Group_Encoding::ImplicitCA)
744 {
745 der.encode_null();
746 }
747 else
748 {
749 throw Internal_Error("EC_Group::DER_encode: Unknown encoding");
750 }
751
752 return output;
753 }
Botan::BigInt::encode_1363
static secure_vector< uint8_t > encode_1363(const BigInt &n, size_t bytes)
Definition: big_code.cpp:107
Botan::EC_Group::get_b
const BigInt & get_b() const
Definition: ec_group.cpp:535
Botan::EC_Group::get_a
const BigInt & get_a() const
Definition: ec_group.cpp:530
Botan::EC_Group::get_cofactor
const BigInt & get_cofactor() const
Definition: ec_group.cpp:560
Botan::EC_Group::get_p
const BigInt & get_p() const
Definition: ec_group.cpp:525
Botan::EC_Group::get_base_point
const EC_Point & get_base_point() const
Definition: ec_group.cpp:540
Botan::EC_Group::get_curve_oid
const OID & get_curve_oid() const
Definition: ec_group.cpp:590
Botan::EC_Group::get_p_bytes
size_t get_p_bytes() const
Definition: ec_group.cpp:510
Botan::PEM_Code::encode
std::string encode(const uint8_t der[], size_t length, std::string_view label, size_t width)
Definition: pem.cpp:42

References Botan::OID::empty(), Botan::DER_Encoder::encode(), Botan::BigInt::encode_1363(), Botan::DER_Encoder::encode_null(), Botan::DER_Encoder::end_cons(), Botan::Explicit, get_a(), get_b(), get_base_point(), get_cofactor(), get_curve_oid(), get_order(), get_p(), get_p_bytes(), Botan::ImplicitCA, Botan::NamedCurve, Botan::OctetString, Botan::DER_Encoder::start_sequence(), and Botan::Uncompressed.

Referenced by Botan::TLS::Signature_Scheme::key_algorithm_identifier(), and PEM_encode().

◆ EC_Group_from_PEM()

EC_Group Botan::EC_Group::EC_Group_from_PEM ( std::string_view  pem)
static

Definition at line 464 of file ec_group.cpp.

465 {
466 const auto ber = PEM_Code::decode_check_label(pem, "EC PARAMETERS");
467 return EC_Group(ber.data(), ber.size());
468 }

References Botan::PEM_Code::decode_check_label(), and EC_Group().

◆ EC_group_identity_from_order()

OID Botan::EC_Group::EC_group_identity_from_order ( const BigInt order)
static

Definition at line 289 of file ec_named.cpp.

290 {
291 const uint32_t low_bits = static_cast<uint32_t>(order.word_at(0));
292
293 if(low_bits == 0xFC632551 && order == BigInt("0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551"))
294 return OID{1,2,840,10045,3,1,7};
295
296 if(low_bits == 0xCCC52973 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973"))
297 return OID{1,3,132,0,34};
298
299 if(low_bits == 0x91386409 && order == BigInt("0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409"))
300 return OID{1,3,132,0,35};
301
302 if(low_bits == 0x9E60FC09 && order == BigInt("0xE95E4A5F737059DC60DF5991D45029409E60FC09"))
303 return OID{1,3,36,3,3,2,8,1,1,1};
304
305 if(low_bits == 0x9AC4ACC1 && order == BigInt("0xC302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1"))
306 return OID{1,3,36,3,3,2,8,1,1,3};
307
308 if(low_bits == 0xA5A7939F && order == BigInt("0xD7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F"))
309 return OID{1,3,36,3,3,2,8,1,1,5};
310
311 if(low_bits == 0x974856A7 && order == BigInt("0xA9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7"))
312 return OID{1,3,36,3,3,2,8,1,1,7};
313
314 if(low_bits == 0x44C59311 && order == BigInt("0xD35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311"))
315 return OID{1,3,36,3,3,2,8,1,1,9};
316
317 if(low_bits == 0xE9046565 && order == BigInt("0x8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565"))
318 return OID{1,3,36,3,3,2,8,1,1,11};
319
320 if(low_bits == 0x9CA90069 && order == BigInt("0xAADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069"))
321 return OID{1,3,36,3,3,2,8,1,1,13};
322
323 if(low_bits == 0xC6D655E1 && order == BigInt("0xF1FD178C0B3AD58F10126DE8CE42435B53DC67E140D2BF941FFDD459C6D655E1"))
324 return OID{1,2,250,1,223,101,256,1};
325
326 if(low_bits == 0xB761B893 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6C611070995AD10045841B09B761B893"))
327 return OID{1,2,643,7,1,2,1,1,1};
328
329 if(low_bits == 0x1F10B275 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF27E69532F48D89116FF22B8D4E0560609B4B38ABFAD2B85DCACDB1411F10B275"))
330 return OID{1,2,643,7,1,2,1,2,1};
331
332 if(low_bits == 0xCA16B6B3 && order == BigInt("0x100000000000000000001B8FA16DFAB9ACA16B6B3"))
333 return OID{1,3,132,0,9};
334
335 if(low_bits == 0xCA752257 && order == BigInt("0x100000000000000000001F4C8F927AED3CA752257"))
336 return OID{1,3,132,0,8};
337
338 if(low_bits == 0xF3A1A16B && order == BigInt("0x100000000000000000000351EE786A818F3A1A16B"))
339 return OID{1,3,132,0,30};
340
341 if(low_bits == 0x74DEFD8D && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D"))
342 return OID{1,3,132,0,31};
343
344 if(low_bits == 0xB4D22831 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831"))
345 return OID{1,2,840,10045,3,1,1};
346
347 if(low_bits == 0x769FB1F7 && order == BigInt("0x10000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7"))
348 return OID{1,3,132,0,32};
349
350 if(low_bits == 0x5C5C2A3D && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D"))
351 return OID{1,3,132,0,33};
352
353 if(low_bits == 0xD0364141 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141"))
354 return OID{1,3,132,0,10};
355
356 if(low_bits == 0x39D54123 && order == BigInt("0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123"))
357 return OID{1,2,156,10197,1,301};
358
359 if(low_bits == 0x48D8DD31 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31"))
360 return OID{1,2,840,10045,3,1,2};
361
362 if(low_bits == 0xF640EC13 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13"))
363 return OID{1,2,840,10045,3,1,3};
364
365 if(low_bits == 0x88909D0B && order == BigInt("0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B"))
366 return OID{1,2,840,10045,3,1,4};
367
368 if(low_bits == 0xBC582063 && order == BigInt("0x7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063"))
369 return OID{1,2,840,10045,3,1,5};
370
371 if(low_bits == 0x46526551 && order == BigInt("0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551"))
372 return OID{1,2,840,10045,3,1,6};
373
374 return OID();
375 }

References Botan::BigInt::word_at().

◆ EC_group_info()

std::shared_ptr< EC_Group_Data > Botan::EC_Group::EC_group_info ( const OID oid)
static

Definition at line 13 of file ec_named.cpp.

14 {
15 // secp256r1
16 if(oid == OID{1,2,840,10045,3,1,7})
17 return load_EC_group_info("0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
18 "0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
19 "0x5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
20 "0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",
21 "0x4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5",
22 "0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",
23 oid);
24
25 // secp384r1
26 if(oid == OID{1,3,132,0,34})
27 return load_EC_group_info("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF",
28 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC",
29 "0xB3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF",
30 "0xAA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7",
31 "0x3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F",
32 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973",
33 oid);
34
35 // secp521r1
36 if(oid == OID{1,3,132,0,35})
37 return load_EC_group_info("0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
38 "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",
39 "0x51953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",
40 "0xC6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",
41 "0x11839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650",
42 "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",
43 oid);
44
45 // brainpool160r1
46 if(oid == OID{1,3,36,3,3,2,8,1,1,1})
47 return load_EC_group_info("0xE95E4A5F737059DC60DFC7AD95B3D8139515620F",
48 "0x340E7BE2A280EB74E2BE61BADA745D97E8F7C300",
49 "0x1E589A8595423412134FAA2DBDEC95C8D8675E58",
50 "0xBED5AF16EA3F6A4F62938C4631EB5AF7BDBCDBC3",
51 "0x1667CB477A1A8EC338F94741669C976316DA6321",
52 "0xE95E4A5F737059DC60DF5991D45029409E60FC09",
53 oid);
54
55 // brainpool192r1
56 if(oid == OID{1,3,36,3,3,2,8,1,1,3})
57 return load_EC_group_info("0xC302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297",
58 "0x6A91174076B1E0E19C39C031FE8685C1CAE040E5C69A28EF",
59 "0x469A28EF7C28CCA3DC721D044F4496BCCA7EF4146FBF25C9",
60 "0xC0A0647EAAB6A48753B033C56CB0F0900A2F5C4853375FD6",
61 "0x14B690866ABD5BB88B5F4828C1490002E6773FA2FA299B8F",
62 "0xC302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1",
63 oid);
64
65 // brainpool224r1
66 if(oid == OID{1,3,36,3,3,2,8,1,1,5})
67 return load_EC_group_info("0xD7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF",
68 "0x68A5E62CA9CE6C1C299803A6C1530B514E182AD8B0042A59CAD29F43",
69 "0x2580F63CCFE44138870713B1A92369E33E2135D266DBB372386C400B",
70 "0xD9029AD2C7E5CF4340823B2A87DC68C9E4CE3174C1E6EFDEE12C07D",
71 "0x58AA56F772C0726F24C6B89E4ECDAC24354B9E99CAA3F6D3761402CD",
72 "0xD7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F",
73 oid);
74
75 // brainpool256r1
76 if(oid == OID{1,3,36,3,3,2,8,1,1,7})
77 return load_EC_group_info("0xA9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377",
78 "0x7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9",
79 "0x26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6",
80 "0x8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262",
81 "0x547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997",
82 "0xA9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7",
83 oid);
84
85 // brainpool320r1
86 if(oid == OID{1,3,36,3,3,2,8,1,1,9})
87 return load_EC_group_info("0xD35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E27",
88 "0x3EE30B568FBAB0F883CCEBD46D3F3BB8A2A73513F5EB79DA66190EB085FFA9F492F375A97D860EB4",
89 "0x520883949DFDBC42D3AD198640688A6FE13F41349554B49ACC31DCCD884539816F5EB4AC8FB1F1A6",
90 "0x43BD7E9AFB53D8B85289BCC48EE5BFE6F20137D10A087EB6E7871E2A10A599C710AF8D0D39E20611",
91 "0x14FDD05545EC1CC8AB4093247F77275E0743FFED117182EAA9C77877AAAC6AC7D35245D1692E8EE1",
92 "0xD35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311",
93 oid);
94
95 // brainpool384r1
96 if(oid == OID{1,3,36,3,3,2,8,1,1,11})
97 return load_EC_group_info("0x8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53",
98 "0x7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826",
99 "0x4A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11",
100 "0x1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E",
101 "0x8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315",
102 "0x8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565",
103 oid);
104
105 // brainpool512r1
106 if(oid == OID{1,3,36,3,3,2,8,1,1,13})
107 return load_EC_group_info("0xAADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3",
108 "0x7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA",
109 "0x3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723",
110 "0x81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822",
111 "0x7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892",
112 "0xAADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069",
113 oid);
114
115 // frp256v1
116 if(oid == OID{1,2,250,1,223,101,256,1})
117 return load_EC_group_info("0xF1FD178C0B3AD58F10126DE8CE42435B3961ADBCABC8CA6DE8FCF353D86E9C03",
118 "0xF1FD178C0B3AD58F10126DE8CE42435B3961ADBCABC8CA6DE8FCF353D86E9C00",
119 "0xEE353FCA5428A9300D4ABA754A44C00FDFEC0C9AE4B1A1803075ED967B7BB73F",
120 "0xB6B3D4C356C139EB31183D4749D423958C27D2DCAF98B70164C97A2DD98F5CFF",
121 "0x6142E0F7C8B204911F9271F0F3ECEF8C2701C307E8E4C9E183115A1554062CFB",
122 "0xF1FD178C0B3AD58F10126DE8CE42435B53DC67E140D2BF941FFDD459C6D655E1",
123 oid);
124
125 // gost_256A
126 if(oid == OID{1,2,643,7,1,2,1,1,1} || oid == OID{1,2,643,2,2,35,1} || oid == OID{1,2,643,2,2,36,0})
127 return load_EC_group_info("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD97",
128 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD94",
129 "0xA6",
130 "1",
131 "0x8D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14",
132 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6C611070995AD10045841B09B761B893",
133 OID{1,2,643,7,1,2,1,1,1});
134
135 // gost_512A
136 if(oid == OID{1,2,643,7,1,2,1,2,1})
137 return load_EC_group_info("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC7",
138 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC4",
139 "0xE8C2505DEDFC86DDC1BD0B2B6667F1DA34B82574761CB0E879BD081CFD0B6265EE3CB090F30D27614CB4574010DA90DD862EF9D4EBEE4761503190785A71C760",
140 "3",
141 "0x7503CFE87A836AE3A61B8816E25450E6CE5E1C93ACF1ABC1778064FDCBEFA921DF1626BE4FD036E93D75E6A50E3A41E98028FE5FC235F5B889A589CB5215F2A4",
142 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF27E69532F48D89116FF22B8D4E0560609B4B38ABFAD2B85DCACDB1411F10B275",
143 oid);
144
145 // secp160k1
146 if(oid == OID{1,3,132,0,9})
147 return load_EC_group_info("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
148 "0",
149 "7",
150 "0x3B4C382CE37AA192A4019E763036F4F5DD4D7EBB",
151 "0x938CF935318FDCED6BC28286531733C3F03C4FEE",
152 "0x100000000000000000001B8FA16DFAB9ACA16B6B3",
153 oid);
154
155 // secp160r1
156 if(oid == OID{1,3,132,0,8})
157 return load_EC_group_info("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF",
158 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC",
159 "0x1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45",
160 "0x4A96B5688EF573284664698968C38BB913CBFC82",
161 "0x23A628553168947D59DCC912042351377AC5FB32",
162 "0x100000000000000000001F4C8F927AED3CA752257",
163 oid);
164
165 // secp160r2
166 if(oid == OID{1,3,132,0,30})
167 return load_EC_group_info("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
168 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70",
169 "0xB4E134D3FB59EB8BAB57274904664D5AF50388BA",
170 "0x52DCB034293A117E1F4FF11B30F7199D3144CE6D",
171 "0xFEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E",
172 "0x100000000000000000000351EE786A818F3A1A16B",
173 oid);
174
175 // secp192k1
176 if(oid == OID{1,3,132,0,31})
177 return load_EC_group_info("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37",
178 "0",
179 "3",
180 "0xDB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D",
181 "0x9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D",
182 "0xFFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D",
183 oid);
184
185 // secp192r1
186 if(oid == OID{1,2,840,10045,3,1,1})
187 return load_EC_group_info("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
188 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
189 "0x64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1",
190 "0x188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012",
191 "0x7192B95FFC8DA78631011ED6B24CDD573F977A11E794811",
192 "0xFFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",
193 oid);
194
195 // secp224k1
196 if(oid == OID{1,3,132,0,32})
197 return load_EC_group_info("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D",
198 "0",
199 "5",
200 "0xA1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C",
201 "0x7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5",
202 "0x10000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7",
203 oid);
204
205 // secp224r1
206 if(oid == OID{1,3,132,0,33})
207 return load_EC_group_info("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
208 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
209 "0xB4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
210 "0xB70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
211 "0xBD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34",
212 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",
213 oid);
214
215 // secp256k1
216 if(oid == OID{1,3,132,0,10})
217 return load_EC_group_info("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F",
218 "0",
219 "7",
220 "0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798",
221 "0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8",
222 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",
223 oid);
224
225 // sm2p256v1
226 if(oid == OID{1,2,156,10197,1,301})
227 return load_EC_group_info("0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF",
228 "0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFC",
229 "0x28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93",
230 "0x32C4AE2C1F1981195F9904466A39C9948FE30BBFF2660BE1715A4589334C74C7",
231 "0xBC3736A2F4F6779C59BDCEE36B692153D0A9877CC62A474002DF32E52139F0A0",
232 "0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123",
233 oid);
234
235 // x962_p192v2
236 if(oid == OID{1,2,840,10045,3,1,2})
237 return load_EC_group_info("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
238 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
239 "0xCC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953",
240 "0xEEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A",
241 "0x6574D11D69B6EC7A672BB82A083DF2F2B0847DE970B2DE15",
242 "0xFFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31",
243 oid);
244
245 // x962_p192v3
246 if(oid == OID{1,2,840,10045,3,1,3})
247 return load_EC_group_info("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
248 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
249 "0x22123DC2395A05CAA7423DAECCC94760A7D462256BD56916",
250 "0x7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896",
251 "0x38A90F22637337334B49DCB66A6DC8F9978ACA7648A943B0",
252 "0xFFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13",
253 oid);
254
255 // x962_p239v1
256 if(oid == OID{1,2,840,10045,3,1,4})
257 return load_EC_group_info("0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
258 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
259 "0x6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A",
260 "0xFFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF",
261 "0x7DEBE8E4E90A5DAE6E4054CA530BA04654B36818CE226B39FCCB7B02F1AE",
262 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B",
263 oid);
264
265 // x962_p239v2
266 if(oid == OID{1,2,840,10045,3,1,5})
267 return load_EC_group_info("0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
268 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
269 "0x617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C",
270 "0x38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7",
271 "0x5B0125E4DBEA0EC7206DA0FC01D9B081329FB555DE6EF460237DFF8BE4BA",
272 "0x7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063",
273 oid);
274
275 // x962_p239v3
276 if(oid == OID{1,2,840,10045,3,1,6})
277 return load_EC_group_info("0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
278 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
279 "0x255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E",
280 "0x6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A",
281 "0x1607E6898F390C06BC1D552BAD226F3B6FCFE48B6E818499AF18E3ED6CF3",
282 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551",
283 oid);
284
285 return std::shared_ptr<EC_Group_Data>();
286 }

◆ get_a()

const BigInt & Botan::EC_Group::get_a ( ) const

Return the a parameter of the elliptic curve equation

Definition at line 530 of file ec_group.cpp.

531 {
532 return data().a();
533 }

Referenced by DER_encode(), Botan::EC_PublicKey::get_int_field(), hash_to_curve(), operator==(), Botan::sm2_compute_za(), and verify_group().

◆ get_b()

const BigInt & Botan::EC_Group::get_b ( ) const

Return the b parameter of the elliptic curve equation

Definition at line 535 of file ec_group.cpp.

536 {
537 return data().b();
538 }

Referenced by DER_encode(), Botan::EC_PublicKey::get_int_field(), hash_to_curve(), operator==(), Botan::sm2_compute_za(), and verify_group().

◆ get_base_point()

const EC_Point & Botan::EC_Group::get_base_point ( ) const

Return group base point

Returns
base point

Definition at line 540 of file ec_group.cpp.

541 {
542 return data().base_point();
543 }

Referenced by DER_encode(), Botan::EC_PrivateKey::EC_PrivateKey(), point_multiply(), and verify_group().

◆ get_cofactor()

const BigInt & Botan::EC_Group::get_cofactor ( ) const

Return the cofactor

Returns
the cofactor

Definition at line 560 of file ec_group.cpp.

561 {
562 return data().cofactor();
563 }

Referenced by DER_encode(), Botan::ECIES_KA_Operation::derive_secret(), Botan::ECIES_Decryptor::ECIES_Decryptor(), Botan::EC_PublicKey::get_int_field(), operator==(), verify_group(), and verify_public_element().

◆ get_curve_oid()

const OID & Botan::EC_Group::get_curve_oid ( ) const

Return the OID of these domain parameters

Returns
the OID

Definition at line 590 of file ec_group.cpp.

591 {
592 return data().oid();
593 }

Referenced by Botan::GOST_3410_PublicKey::algorithm_identifier(), DER_encode(), and Botan::EC_PublicKey::set_parameter_encoding().

◆ get_g_x()

const BigInt & Botan::EC_Group::get_g_x ( ) const

Return the x coordinate of the base point

Definition at line 550 of file ec_group.cpp.

551 {
552 return data().g_x();
553 }

Referenced by Botan::EC_PublicKey::get_int_field(), operator==(), and Botan::sm2_compute_za().

◆ get_g_y()

const BigInt & Botan::EC_Group::get_g_y ( ) const

Return the y coordinate of the base point

Definition at line 555 of file ec_group.cpp.

556 {
557 return data().g_y();
558 }

Referenced by Botan::EC_PublicKey::get_int_field(), operator==(), and Botan::sm2_compute_za().

◆ get_order()

const BigInt & Botan::EC_Group::get_order ( ) const

Return the order of the base point

Returns
order of the base point

Definition at line 545 of file ec_group.cpp.

546 {
547 return data().order();
548 }

Referenced by blinded_var_point_multiply(), DER_encode(), Botan::ECIES_KA_Operation::derive_secret(), Botan::ECIES_Decryptor::ECIES_Decryptor(), Botan::EC_PublicKey::get_int_field(), operator==(), random_scalar(), verify_group(), and verify_public_element().

◆ get_order_bits()

size_t Botan::EC_Group::get_order_bits ( ) const

Return the size of group order in bits (same as get_order().bits())

Definition at line 515 of file ec_group.cpp.

516 {
517 return data().order_bits();
518 }

◆ get_order_bytes()

size_t Botan::EC_Group::get_order_bytes ( ) const

Return the size of p in bytes (same as get_order().bytes())

Definition at line 520 of file ec_group.cpp.

521 {
522 return data().order_bytes();
523 }

◆ get_p()

const BigInt & Botan::EC_Group::get_p ( ) const

Return the prime modulus of the field

Definition at line 525 of file ec_group.cpp.

526 {
527 return data().p();
528 }

Referenced by DER_encode(), Botan::EC_PublicKey::get_int_field(), hash_to_curve(), Botan::hash_to_curve_sswu(), operator==(), and verify_group().

◆ get_p_bits()

size_t Botan::EC_Group::get_p_bits ( ) const

Return the size of p in bits (same as get_p().bits())

Definition at line 505 of file ec_group.cpp.

506 {
507 return data().p_bits();
508 }

Referenced by Botan::GOST_3410_PublicKey::algo_name(), Botan::GOST_3410_PrivateKey::GOST_3410_PrivateKey(), Botan::GOST_3410_PublicKey::GOST_3410_PublicKey(), and Botan::EC_PublicKey::key_length().

◆ get_p_bytes()

size_t Botan::EC_Group::get_p_bytes ( ) const

Return the size of p in bits (same as get_p().bytes())

Definition at line 510 of file ec_group.cpp.

511 {
512 return data().p_bytes();
513 }

Referenced by DER_encode(), point_size(), and Botan::sm2_compute_za().

◆ hash_to_curve() [1/2]

EC_Point Botan::EC_Group::hash_to_curve ( std::string_view  hash_fn,
const uint8_t  input[],
size_t  input_len,
const uint8_t  domain_sep[],
size_t  domain_sep_len,
bool  random_oracle = true 
) const

Hash onto the curve. For some curve types no mapping is currently available, in this case this function will throw an exception.

Parameters
hash_fnthe hash function to use (typically "SHA-256" or "SHA-512")
inputthe input to hash
input_lenlength of input in bytes
domain_sepa domain seperator
domain_sep_lenlength of domain_sep in bytes
random_oracleif the mapped point must be uniform (use "true" here unless you know what you are doing)

Definition at line 677 of file ec_group.cpp.

683 {
684#if defined(BOTAN_HAS_EC_HASH_TO_CURVE)
685
686 // Only have SSWU currently
687 if(get_a().is_zero() || get_b().is_zero() || get_p() % 4 == 1)
688 {
689 throw Not_Implemented("EC_Group::hash_to_curve not available for this curve type");
690 }
691
692 return hash_to_curve_sswu(*this, hash_fn,
693 input, input_len,
694 domain_sep, domain_sep_len,
695 random_oracle);
696
697#else
698 BOTAN_UNUSED(hash_fn, random_oracle, input, input_len, domain_sep, domain_sep_len);
699 throw Not_Implemented("EC_Group::hash_to_curve functionality not available in this configuration");
700#endif
701 }
BOTAN_UNUSED
#define BOTAN_UNUSED(...)
Definition: assert.h:141
Botan::hash_to_curve_sswu
EC_Point hash_to_curve_sswu(const EC_Group &group, std::string_view hash_fn, const uint8_t input[], size_t input_len, const uint8_t domain_sep[], size_t domain_sep_len, bool random_oracle)
Definition: ec_h2c.cpp:185

References BOTAN_UNUSED, get_a(), get_b(), get_p(), and Botan::hash_to_curve_sswu().

Referenced by hash_to_curve().

◆ hash_to_curve() [2/2]

EC_Point Botan::EC_Group::hash_to_curve ( std::string_view  hash_fn,
const uint8_t  input[],
size_t  input_len,
std::string_view  domain_sep,
bool  random_oracle = true 
) const

Hash onto the curve. For some curve types no mapping is currently available, in this case this function will throw an exception.

Parameters
hash_fnthe hash function to use (typically "SHA-256" or "SHA-512")
inputthe input to hash
input_lenlength of input in bytes
domain_sepa domain seperator
random_oracleif the mapped point must be uniform (use "true" here unless you know what you are doing)

Definition at line 663 of file ec_group.cpp.

668 {
669 return this->hash_to_curve(hash_fn,
670 input,
671 input_len,
672 reinterpret_cast<const uint8_t*>(domain.data()),
673 domain.size(),
674 random_oracle);
675 }
Botan::EC_Group::hash_to_curve
EC_Point hash_to_curve(std::string_view hash_fn, const uint8_t input[], size_t input_len, const uint8_t domain_sep[], size_t domain_sep_len, bool random_oracle=true) const
Definition: ec_group.cpp:677

References hash_to_curve().

◆ initialized()

bool Botan::EC_Group::initialized ( ) const
inline

Definition at line 352 of file ec_group.h.

352{ return (m_data != nullptr); }

◆ inverse_mod_order()

BigInt Botan::EC_Group::inverse_mod_order ( const BigInt x) const

Definition at line 585 of file ec_group.cpp.

586 {
587 return data().inverse_mod_order(x);
588 }

Referenced by Botan::EC_PrivateKey::EC_PrivateKey(), and Botan::SM2_PrivateKey::SM2_PrivateKey().

◆ known_named_groups()

const std::set< std::string > & Botan::EC_Group::known_named_groups ( )
static

Return a set of known named EC groups

Definition at line 378 of file ec_named.cpp.

379 {
380 static const std::set<std::string> named_groups = {
381 "brainpool160r1",
382 "brainpool192r1",
383 "brainpool224r1",
384 "brainpool256r1",
385 "brainpool320r1",
386 "brainpool384r1",
387 "brainpool512r1",
388 "frp256v1",
389 "gost_256A",
390 "gost_512A",
391 "secp160k1",
392 "secp160r1",
393 "secp160r2",
394 "secp192k1",
395 "secp192r1",
396 "secp224k1",
397 "secp224r1",
398 "secp256k1",
399 "secp256r1",
400 "secp384r1",
401 "secp521r1",
402 "sm2p256v1",
403 "x962_p192v2",
404 "x962_p192v3",
405 "x962_p239v1",
406 "x962_p239v2",
407 "x962_p239v3",
408 };
409 return named_groups;
410 }

◆ mod_order()

BigInt Botan::EC_Group::mod_order ( const BigInt x) const

Definition at line 565 of file ec_group.cpp.

566 {
567 return data().mod_order(k);
568 }

◆ multiply_mod_order() [1/2]

BigInt Botan::EC_Group::multiply_mod_order ( const BigInt x,
const BigInt y 
) const

Definition at line 575 of file ec_group.cpp.

576 {
577 return data().multiply_mod_order(x, y);
578 }
y
static SIMD_4x64 y
Definition: argon2_avx2.cpp:135

References y.

◆ multiply_mod_order() [2/2]

BigInt Botan::EC_Group::multiply_mod_order ( const BigInt x,
const BigInt y,
const BigInt z 
) const

Definition at line 580 of file ec_group.cpp.

581 {
582 return data().multiply_mod_order(x, y, z);
583 }

References y.

◆ operator=() [1/2]

EC_Group & Botan::EC_Group::operator= ( const EC_Group )
default

◆ operator=() [2/2]

EC_Group & Botan::EC_Group::operator= ( EC_Group &&  )
default

◆ operator==()

bool Botan::EC_Group::operator== ( const EC_Group other) const

Definition at line 761 of file ec_group.cpp.

762 {
763 if(m_data == other.m_data)
764 return true; // same shared rep
765
766 return (get_p() == other.get_p() &&
767 get_a() == other.get_a() &&
768 get_b() == other.get_b() &&
769 get_g_x() == other.get_g_x() &&
770 get_g_y() == other.get_g_y() &&
771 get_order() == other.get_order() &&
772 get_cofactor() == other.get_cofactor());
773 }
Botan::EC_Group::get_g_y
const BigInt & get_g_y() const
Definition: ec_group.cpp:555
Botan::EC_Group::get_g_x
const BigInt & get_g_x() const
Definition: ec_group.cpp:550

References get_a(), get_b(), get_cofactor(), get_g_x(), get_g_y(), get_order(), and get_p().

◆ OS2ECP() [1/2]

EC_Point Botan::EC_Group::OS2ECP ( const uint8_t  bits[],
size_t  len 
) const

Definition at line 609 of file ec_group.cpp.

610 {
611 return Botan::OS2ECP(bits, len, data().curve());
612 }
Botan::OS2ECP
EC_Point OS2ECP(const uint8_t data[], size_t data_len, const CurveGFp &curve)
Definition: ec_point.cpp:666

References Botan::OS2ECP().

Referenced by Botan::EC_PrivateKey::EC_PrivateKey(), Botan::ECIES_Encryptor::ECIES_Encryptor(), and Botan::TLS::Callbacks::tls_ephemeral_key_agreement().

◆ OS2ECP() [2/2]

EC_Point Botan::EC_Group::OS2ECP ( std::span< const uint8_t >  encoded_point) const
inline

Definition at line 347 of file ec_group.h.

348 {
349 return this->OS2ECP(encoded_point.data(), encoded_point.size());
350 }
Botan::EC_Group::OS2ECP
EC_Point OS2ECP(const uint8_t bits[], size_t len) const
Definition: ec_group.cpp:609

References Botan::OS2ECP().

◆ PEM_encode()

std::string Botan::EC_Group::PEM_encode ( ) const

Return the PEM encoding (always in explicit form)

Returns
string containing PEM data

Definition at line 755 of file ec_group.cpp.

756 {
757 const std::vector<uint8_t> der = DER_encode(EC_Group_Encoding::Explicit);
758 return PEM_Code::encode(der, "EC PARAMETERS");
759 }
Botan::EC_Group::DER_encode
std::vector< uint8_t > DER_encode(EC_Group_Encoding form) const
Definition: ec_group.cpp:704

References DER_encode(), Botan::PEM_Code::encode(), and Botan::Explicit.

◆ point()

EC_Point Botan::EC_Group::point ( const BigInt x,
const BigInt y 
) const

Return a point on this curve with the affine values x, y

Definition at line 614 of file ec_group.cpp.

615 {
616 // TODO: randomize the representation?
617 return EC_Point(data().curve(), x, y);
618 }

References y.

Referenced by blinded_var_point_multiply(), Botan::GOST_3410_PublicKey::GOST_3410_PublicKey(), and verify_public_element().

◆ point_multiply()

EC_Point Botan::EC_Group::point_multiply ( const BigInt x,
const EC_Point pt,
const BigInt y 
) const

Multi exponentiate. Not constant time.

Returns
base_point*x + pt*y

Definition at line 620 of file ec_group.cpp.

621 {
622 EC_Point_Multi_Point_Precompute xy_mul(get_base_point(), pt);
623 return xy_mul.multi_exp(x, y);
624 }

References get_base_point(), Botan::EC_Point_Multi_Point_Precompute::multi_exp(), and y.

◆ point_size()

size_t Botan::EC_Group::point_size ( EC_Point_Format  format) const

Definition at line 600 of file ec_group.cpp.

601 {
602 // Hybrid and standard format are (x,y), compressed is y, +1 format byte
603 if(format == EC_Point_Format::Compressed)
604 return (1 + get_p_bytes());
605 else
606 return (1 + 2*get_p_bytes());
607 }

References Botan::Compressed, and get_p_bytes().

◆ random_scalar()

BigInt Botan::EC_Group::random_scalar ( RandomNumberGenerator rng) const

Return a random scalar ie an integer in [1,order)

Definition at line 644 of file ec_group.cpp.

645 {
646 return BigInt::random_integer(rng, BigInt::one(), get_order());
647 }
Botan::BigInt::random_integer
static BigInt random_integer(RandomNumberGenerator &rng, const BigInt &min, const BigInt &max)
Definition: big_rand.cpp:45
Botan::BigInt::one
static BigInt one()
Definition: bigint.h:50

References get_order(), Botan::BigInt::one(), and Botan::BigInt::random_integer().

Referenced by Botan::EC_PrivateKey::EC_PrivateKey().

◆ source()

EC_Group_Source Botan::EC_Group::source ( ) const

Definition at line 595 of file ec_group.cpp.

596 {
597 return data().source();
598 }

Referenced by verify_group().

◆ square_mod_order()

BigInt Botan::EC_Group::square_mod_order ( const BigInt x) const

Definition at line 570 of file ec_group.cpp.

571 {
572 return data().square_mod_order(x);
573 }

◆ verify_group()

bool Botan::EC_Group::verify_group ( RandomNumberGenerator rng,
bool  strong = false 
) const

Verify EC_Group domain

Returns
true if group is valid. false otherwise

Definition at line 798 of file ec_group.cpp.

800 {
801 const bool is_builtin = source() == EC_Group_Source::Builtin;
802
803 if(is_builtin && !strong)
804 return true;
805
806 const BigInt& p = get_p();
807 const BigInt& a = get_a();
808 const BigInt& b = get_b();
809 const BigInt& order = get_order();
810 const EC_Point& base_point = get_base_point();
811
812 if(p <= 3 || order <= 0)
813 return false;
814 if(a < 0 || a >= p)
815 return false;
816 if(b <= 0 || b >= p)
817 return false;
818
819 const size_t test_prob = 128;
820 const bool is_randomly_generated = is_builtin;
821
822 //check if field modulus is prime
823 if(!is_prime(p, rng, test_prob, is_randomly_generated))
824 {
825 return false;
826 }
827
828 //check if order is prime
829 if(!is_prime(order, rng, test_prob, is_randomly_generated))
830 {
831 return false;
832 }
833
834 //compute the discriminant: 4*a^3 + 27*b^2 which must be nonzero
835 const Modular_Reducer mod_p(p);
836
837 const BigInt discriminant = mod_p.reduce(
838 mod_p.multiply(4, mod_p.cube(a)) +
839 mod_p.multiply(27, mod_p.square(b)));
840
841 if(discriminant == 0)
842 {
843 return false;
844 }
845
846 //check for valid cofactor
847 if(get_cofactor() < 1)
848 {
849 return false;
850 }
851
852 //check if the base point is on the curve
853 if(!base_point.on_the_curve())
854 {
855 return false;
856 }
857 if((base_point * get_cofactor()).is_zero())
858 {
859 return false;
860 }
861 //check if order of the base point is correct
862 if(!(base_point * order).is_zero())
863 {
864 return false;
865 }
866
867 return true;
868 }
Botan::EC_Group::source
EC_Group_Source source() const
Definition: ec_group.cpp:595
Botan::is_prime
bool is_prime(const BigInt &n, RandomNumberGenerator &rng, size_t prob, bool is_random)
Definition: numthry.cpp:370

References Botan::Builtin, Botan::Modular_Reducer::cube(), get_a(), get_b(), get_base_point(), get_cofactor(), get_order(), get_p(), Botan::is_prime(), Botan::Modular_Reducer::multiply(), Botan::EC_Point::on_the_curve(), Botan::Modular_Reducer::reduce(), source(), and Botan::Modular_Reducer::square().

Referenced by Botan::EC_PublicKey::check_key().

◆ verify_public_element()

bool Botan::EC_Group::verify_public_element ( const EC_Point y) const

Check if y is a plausible point on the curve

In particular, checks that it is a point on the curve, not infinity, and that it has order matching the group.

Definition at line 775 of file ec_group.cpp.

776 {
777 //check that public point is not at infinity
778 if(point.is_zero())
779 return false;
780
781 //check that public point is on the curve
782 if(point.on_the_curve() == false)
783 return false;
784
785 //check that public point has order q
786 if((point * get_order()).is_zero() == false)
787 return false;
788
789 if(get_cofactor() > 1)
790 {
791 if((point * get_cofactor()).is_zero())
792 return false;
793 }
794
795 return true;
796 }
Botan::EC_Point::is_zero
bool is_zero() const
Definition: ec_point.h:183
Botan::EC_Point::on_the_curve
bool on_the_curve() const
Definition: ec_point.cpp:543

References get_cofactor(), get_order(), Botan::EC_Point::is_zero(), Botan::EC_Point::on_the_curve(), and point().

Referenced by Botan::EC_PublicKey::check_key().

◆ zero_point()

EC_Point Botan::EC_Group::zero_point ( ) const

Return the zero (or infinite) point on this curve

Definition at line 658 of file ec_group.cpp.

659 {
660 return EC_Point(data().curve());
661 }
The documentation for this class was generated from the following files:
Generated by doxygen 1.9.6