Botan 3.12.0
Crypto and TLS for C&
Classes | Public Member Functions | Static Public Member Functions | List of all members
Botan::EC_Group Class Referencefinal

#include <ec_group.h>

Classes

class  Mul2Table
 Table for computing g*x + h*y. More...

Public Member Functions

const std::shared_ptr< EC_Group_Data > & _data () const
bool a_is_minus_3 () const
bool a_is_zero () const
BigInt cube_mod_order (const BigInt &x) const
std::vector< uint8_t > DER_encode () const
std::vector< uint8_t > DER_encode (EC_Group_Encoding form) const
 EC_Group ()
 EC_Group (const BigInt &p, const BigInt &a, const BigInt &b, const BigInt &base_x, const BigInt &base_y, const BigInt &order, const BigInt &cofactor, const OID &oid=OID())
 EC_Group (const EC_Group &)
 EC_Group (const OID &oid)
 EC_Group (const OID &oid, const BigInt &p, const BigInt &a, const BigInt &b, const BigInt &base_x, const BigInt &base_y, const BigInt &order)
 EC_Group (const uint8_t der[], size_t der_len)
 EC_Group (EC_Group &&)=default
 EC_Group (std::span< const uint8_t > der)
 EC_Group (std::string_view pem_or_oid)
EC_Group_Engine engine () const
const BigIntget_a () const
const BigIntget_b () const
const BigIntget_cofactor () const
const OIDget_curve_oid () const
const BigIntget_g_x () const
const BigIntget_g_y () const
const BigIntget_order () const
size_t get_order_bits () const
size_t get_order_bytes () const
const BigIntget_p () const
size_t get_p_bits () const
size_t get_p_bytes () const
bool has_cofactor () const
bool initialized () const
BigInt inverse_mod_order (const BigInt &x) const
BigInt mod_order (const BigInt &x) const
BigInt multiply_mod_order (const BigInt &x, const BigInt &y) const
BigInt multiply_mod_order (const BigInt &x, const BigInt &y, const BigInt &z) const
EC_Groupoperator= (const EC_Group &)
EC_Groupoperator= (EC_Group &&)=default
bool operator== (const EC_Group &other) const
std::string PEM_encode (EC_Group_Encoding form=EC_Group_Encoding::Explicit) const
size_t point_size (EC_Point_Format format) const
EC_Group_Source source () const
BigInt square_mod_order (const BigInt &x) const
bool used_explicit_encoding () const
bool verify_group (RandomNumberGenerator &rng, bool strong=false) const
 ~EC_Group ()

Static Public Member Functions

static size_t clear_registered_curve_data ()
static EC_Group EC_Group_from_PEM (std::string_view pem)
static OID EC_group_identity_from_order (const BigInt &order)
static std::shared_ptr< EC_Group_DataEC_group_info (const OID &oid)
static EC_Group from_name (std::string_view name)
static EC_Group from_OID (const OID &oid)
static EC_Group from_PEM (std::string_view pem)
static const std::set< std::string > & known_named_groups ()
static bool supports_application_specific_group ()
static bool supports_application_specific_group_with_cofactor ()
static bool supports_named_group (std::string_view name)
static bool unregister (const OID &oid)

Detailed Description

Class representing an elliptic curve

The internal representation is stored in a shared_ptr, so copying an EC_Group is inexpensive.

Definition at line 69 of file ec_group.h.

Constructor & Destructor Documentation

◆ EC_Group() [1/9]

Botan::EC_Group::EC_Group ( const BigInt & p,
const BigInt & a,
const BigInt & b,
const BigInt & base_x,
const BigInt & base_y,
const BigInt & order,
const BigInt & cofactor,
const OID & oid = OID() )

Construct elliptic curve from the specified parameters

This is used for example to create custom (application-specific) curves.

Some build configurations do not support application specific curves, in which case this constructor will throw an exception. You can check for this situation beforehand using the function EC_Group::supports_application_specific_group()

Parameters
pthe elliptic curve p
athe elliptic curve a param
bthe elliptic curve b param
base_xthe x coordinate of the base point
base_ythe y coordinate of the base point
orderthe order of the base point
cofactorthe cofactor
oidan optional OID used to identify this curve
Warning
This constructor is deprecated and will be removed in Botan 4
support for cofactors > 1 is deprecated and will be removed
support for prime fields > 521 bits is deprecated and will be removed.
Support for explicitly encoded curve parameters is deprecated. An OID must be assigned.

Definition at line 516 of file ec_group.cpp.

523 {
524 if(oid.has_value()) {
525 m_data = ec_group_data().lookup_or_create(
526 p, a, b, base_x, base_y, order, cofactor, oid, EC_Group_Source::ExternalSource);
527 } else {
528 m_data = ec_group_data().lookup_or_create_without_oid(
529 p, a, b, base_x, base_y, order, cofactor, EC_Group_Source::ExternalSource);
530 }
531}

References Botan::ExternalSource, and Botan::OID::has_value().

Referenced by EC_Group(), EC_Group(), EC_Group(), EC_Group(), EC_Group(), EC_Group_from_PEM(), from_name(), from_OID(), from_PEM(), operator=(), operator=(), operator==(), and ~EC_Group().

◆ EC_Group() [2/9]

Botan::EC_Group::EC_Group ( const OID & oid,
const BigInt & p,
const BigInt & a,
const BigInt & b,
const BigInt & base_x,
const BigInt & base_y,
const BigInt & order )

Construct elliptic curve from the specified parameters

This is used for example to create custom (application-specific) curves.

Some build configurations do not support application specific curves, in which case this constructor will throw an exception. You can check for this situation beforehand using the function EC_Group::supports_application_specific_group()

Unlike the deprecated constructor, this constructor imposes additional restrictions on the parameters, namely:

  • An object identifier must be provided
  • The prime must be at least 192 bits and at most 512 bits, and a multiple of 32 bits. Currently, as long as BOTAN_DISABLE_DEPRECATED_FEATURES is not set, this constructor accepts primes as small as 128 bits - this lower bound will be removed in the next major release.
  • As an extension of the above restriction, the prime can also be exactly the 521-bit Mersenne prime (2**521-1) or exactly the 239-bit prime used in X9.62 239 bit groups (2**239 - 2**143 - 2**95 + 2**47 - 1)
  • The prime must be congruent to 3 modulo 4
  • The group order must have the same bit length as the prime. It is allowed for the order to be larger than p, but they must have the same bit length.
  • Only prime order curves (with cofactor == 1) are allowed
Warning
use only elliptic curve parameters that you trust
Parameters
oidan object identifier used to identify this curve
pthe elliptic curve prime (at most 521 bits)
athe elliptic curve a param
bthe elliptic curve b param
base_xthe x coordinate of the group generator
base_ythe y coordinate of the group generator
orderthe order of the group

Definition at line 533 of file ec_group.cpp.

539 {
540 BOTAN_ARG_CHECK(oid.has_value(), "An OID is required for creating an EC_Group");
541
542 // TODO(Botan4) remove this and require 192 bits minimum
543#if defined(BOTAN_DISABLE_DEPRECATED_FEATURES)
544 constexpr size_t p_bits_lower_bound = 192;
545#else
546 constexpr size_t p_bits_lower_bound = 128;
547#endif
548
549 BOTAN_ARG_CHECK(p.bits() >= p_bits_lower_bound, "EC_Group p too small");
550 BOTAN_ARG_CHECK(p.bits() <= 521, "EC_Group p too large");
551
552 if(p.bits() == 521) {
553 const auto p521 = BigInt::power_of_2(521) - 1;
554 BOTAN_ARG_CHECK(p == p521, "EC_Group with p of 521 bits must be 2**521-1");
555 } else if(p.bits() == 239) {
556 const auto x962_p239 = []() {
557 BigInt p239;
558 for(size_t i = 0; i != 239; ++i) {
559 if(i < 47 || ((i >= 94) && (i != 143))) {
560 p239.set_bit(i);
561 }
562 }
563 return p239;
564 }();
565
566 BOTAN_ARG_CHECK(p == x962_p239, "EC_Group with p of 239 bits must be the X9.62 prime");
567 } else {
568 BOTAN_ARG_CHECK(p.bits() % 32 == 0, "EC_Group p must be a multiple of 32 bits");
569 }
570
571 BOTAN_ARG_CHECK(p % 4 == 3, "EC_Group p must be congruent to 3 modulo 4");
572
573 BOTAN_ARG_CHECK(a >= 0 && a < p, "EC_Group a is invalid");
574 BOTAN_ARG_CHECK(b > 0 && b < p, "EC_Group b is invalid");
575 BOTAN_ARG_CHECK(base_x >= 0 && base_x < p, "EC_Group base_x is invalid");
576 BOTAN_ARG_CHECK(base_y >= 0 && base_y < p, "EC_Group base_y is invalid");
577 BOTAN_ARG_CHECK(p.bits() == order.bits(), "EC_Group p and order must have the same number of bits");
578
579 auto mod_p = Barrett_Reduction::for_public_modulus(p);
580 BOTAN_ARG_CHECK(is_bailie_psw_probable_prime(p, mod_p), "EC_Group p is not prime");
581
582 auto mod_order = Barrett_Reduction::for_public_modulus(order);
583 BOTAN_ARG_CHECK(is_bailie_psw_probable_prime(order, mod_order), "EC_Group order is not prime");
584
585 // This catches someone "ignoring" a cofactor and just trying to
586 // provide the subgroup order
587 BOTAN_ARG_CHECK((p - order).abs().bits() <= (p.bits() / 2) + 1, "Hasse bound invalid");
588
589 // Check that 4*a^3 + 27*b^2 != 0
590 const auto discriminant = mod_p.reduce(mod_p.multiply(BigInt::from_s32(4), mod_p.cube(a)) +
591 mod_p.multiply(BigInt::from_s32(27), mod_p.square(b)));
592 BOTAN_ARG_CHECK(discriminant != 0, "EC_Group discriminant is invalid");
593
594 // Check that the generator (base_x,base_y) is on the curve; y^2 = x^3 + a*x + b
595 auto y2 = mod_p.square(base_y);
596 auto x3_ax_b = mod_p.reduce(mod_p.cube(base_x) + mod_p.multiply(a, base_x) + b);
597 BOTAN_ARG_CHECK(y2 == x3_ax_b, "EC_Group generator is not on the curve");
598
599 const BigInt cofactor(1);
600
601 m_data =
602 ec_group_data().lookup_or_create(p, a, b, base_x, base_y, order, cofactor, oid, EC_Group_Source::ExternalSource);
603}
BOTAN_ARG_CHECK
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:33
Botan::Barrett_Reduction::for_public_modulus
static Barrett_Reduction for_public_modulus(const BigInt &m)
Definition barrett.cpp:33
Botan::BigInt::power_of_2
static BigInt power_of_2(size_t n)
Definition bigint.h:853
Botan::BigInt::from_s32
static BigInt from_s32(int32_t n)
Definition bigint.cpp:42
Botan::BigInt::square
BigInt & square(secure_vector< word > &ws)
Definition big_ops2.cpp:175
Botan::EC_Group::mod_order
BigInt mod_order(const BigInt &x) const
Definition ec_group.h:660
Botan::abs
BigInt abs(const BigInt &n)
Definition numthry.h:22
Botan::is_bailie_psw_probable_prime
bool is_bailie_psw_probable_prime(const BigInt &n, const Barrett_Reduction &mod_n)
Definition primality.cpp:98

References Botan::abs(), Botan::BigInt::bits(), BOTAN_ARG_CHECK, Botan::ExternalSource, Botan::Barrett_Reduction::for_public_modulus(), Botan::BigInt::from_s32(), Botan::OID::has_value(), Botan::is_bailie_psw_probable_prime(), mod_order(), Botan::BigInt::power_of_2(), and Botan::BigInt::set_bit().

◆ EC_Group() [3/9]

Botan::EC_Group::EC_Group ( std::span< const uint8_t > der)
explicit

Decode a DER encoded ECC domain parameter set

Parameters
derthe bytes of the DER encoding

Definition at line 605 of file ec_group.cpp.

605 {
606 auto data = DER_decode_EC_group(der, EC_Group_Source::ExternalSource);
607 m_data = data.first;
608 m_explicit_encoding = data.second;
609}

References Botan::ExternalSource.

◆ EC_Group() [4/9]

Botan::EC_Group::EC_Group ( const uint8_t der[],
size_t der_len )
inline

Definition at line 166 of file ec_group.h.

166: EC_Group(std::span{der, der_len}) {}
Botan::EC_Group::EC_Group
EC_Group()

References EC_Group().

◆ EC_Group() [5/9]

Botan::EC_Group::EC_Group ( const OID & oid)
inlineexplicit

Create an EC domain by OID (or throw if unknown)

Parameters
oidthe OID of the EC domain to create

Definition at line 172 of file ec_group.h.

172{ *this = EC_Group::from_OID(oid); }
Botan::EC_Group::from_OID
static EC_Group from_OID(const OID &oid)
Definition ec_group.cpp:457

References EC_Group(), and from_OID().

◆ EC_Group() [6/9]

Botan::EC_Group::EC_Group ( std::string_view pem_or_oid)
explicit

Create an EC domain from PEM encoding (as from PEM_encode()), or from an OID name (eg "secp256r1", or "1.2.840.10045.3.1.7")

Parameters
pem_or_oidPEM-encoded data, or an OID
Warning
Support for PEM in this function is deprecated. Use EC_Group::from_PEM or EC_Group::from_OID or EC_Group::from_name

Definition at line 482 of file ec_group.cpp.

482 {
483 if(str.empty()) {
484 return; // no initialization / uninitialized
485 }
486
487 try {
488 const OID oid = OID::from_string(str);
489 if(oid.has_value()) {
490 m_data = ec_group_data().lookup(oid);
491 }
492 } catch(...) {}
493
494 if(m_data == nullptr) {
495 if(str.size() > 30 && str.starts_with("-----BEGIN EC PARAMETERS-----")) {
496 // OK try it as PEM ...
497 const auto der = PEM_Code::decode_check_label(str, "EC PARAMETERS");
498
499 auto data = DER_decode_EC_group(der, EC_Group_Source::ExternalSource);
500 this->m_data = data.first;
501 this->m_explicit_encoding = data.second;
502 }
503 }
504
505 if(m_data == nullptr) {
506 throw Invalid_Argument(fmt("Unknown ECC group '{}'", str));
507 }
508}
Botan::OID::from_string
static OID from_string(std::string_view str)
Definition asn1_oid.cpp:86
Botan::PEM_Code::decode_check_label
secure_vector< uint8_t > decode_check_label(DataSource &source, std::string_view label_want)
Definition pem.cpp:49
Botan::fmt
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53

References Botan::PEM_Code::decode_check_label(), Botan::ExternalSource, Botan::fmt(), Botan::OID::from_string(), and Botan::OID::has_value().

◆ EC_Group() [7/9]

Botan::EC_Group::EC_Group ( )
default

Create an uninitialized EC_Group

References EC_Group(), and unregister().

Referenced by from_name(), from_OID(), and from_PEM().

◆ ~EC_Group()

Botan::EC_Group::~EC_Group ( )
default

References EC_Group().

◆ EC_Group() [8/9]

Botan::EC_Group::EC_Group ( const EC_Group & )
default

References EC_Group().

◆ EC_Group() [9/9]

Botan::EC_Group::EC_Group ( EC_Group && )
default

References EC_Group().

Member Function Documentation

◆ _data()

const std::shared_ptr< EC_Group_Data > & Botan::EC_Group::_data ( ) const
inline

Definition at line 458 of file ec_group.h.

458{ return m_data; }

Referenced by Botan::EC_AffinePoint::deserialize(), Botan::EC_Scalar::deserialize(), Botan::EC_AffinePoint::EC_AffinePoint(), Botan::EC_Scalar::EC_Scalar(), Botan::EC_Scalar::from_bigint(), Botan::EC_Scalar::from_bytes_mod_order(), Botan::EC_Scalar::from_bytes_with_trunc(), Botan::EC_AffinePoint::hash_to_curve_nu(), Botan::EC_AffinePoint::hash_to_curve_ro(), Botan::EC_Scalar::one(), and Botan::EC_Scalar::random().

◆ a_is_minus_3()

bool Botan::EC_Group::a_is_minus_3 ( ) const
inline

Return if a == -3 mod p

Definition at line 650 of file ec_group.h.

650{ return get_a() + 3 == get_p(); }
Botan::EC_Group::get_a
const BigInt & get_a() const
Definition ec_group.cpp:643
Botan::EC_Group::get_p
const BigInt & get_p() const
Definition ec_group.cpp:639

References a_is_minus_3(), get_a(), and get_p().

Referenced by a_is_minus_3().

◆ a_is_zero()

bool Botan::EC_Group::a_is_zero ( ) const
inline

Return if a == 0 mod p

Definition at line 655 of file ec_group.h.

655{ return get_a().is_zero(); }
Botan::BigInt::is_zero
bool is_zero() const
Definition bigint.h:484

References a_is_zero(), and get_a().

Referenced by a_is_zero().

◆ clear_registered_curve_data()

size_t Botan::EC_Group::clear_registered_curve_data ( )
static

Definition at line 233 of file ec_group.cpp.

233 {
234 return ec_group_data().clear();
235}

◆ cube_mod_order()

BigInt Botan::EC_Group::cube_mod_order ( const BigInt & x) const
inline

Definition at line 703 of file ec_group.h.

703 {
704 auto xs = EC_Scalar::from_bigint(*this, x);
705 return (xs * xs * xs).to_bigint();
706 }
Botan::EC_Scalar::from_bigint
static EC_Scalar from_bigint(const EC_Group &group, const BigInt &bn)
Definition ec_scalar.cpp:69

References cube_mod_order(), and Botan::EC_Scalar::from_bigint().

Referenced by cube_mod_order().

◆ DER_encode() [1/2]

std::vector< uint8_t > Botan::EC_Group::DER_encode ( ) const

Create the DER encoding of this domain, using namedCurve format

Returns
the group information encoded as DER

Definition at line 719 of file ec_group.cpp.

719 {
720 const auto& der_named_curve = data().der_named_curve();
721 // TODO(Botan4) this can be removed because an OID will always be defined
722 if(der_named_curve.empty()) {
723 throw Encoding_Error("Cannot encode EC_Group as OID because OID not set");
724 }
725
726 return der_named_curve;
727}

Referenced by DER_encode(), and PEM_encode().

◆ DER_encode() [2/2]

std::vector< uint8_t > Botan::EC_Group::DER_encode ( EC_Group_Encoding form) const

Create the DER encoding of this domain

Parameters
formof encoding to use
Returns
the group information encoded as DER

Definition at line 729 of file ec_group.cpp.

729 {
730 if(form == EC_Group_Encoding::Explicit) {
731 std::vector<uint8_t> output;
732 DER_Encoder der(output);
733 const size_t ecpVers1 = 1;
734 const OID curve_type("1.2.840.10045.1.1"); // prime field
735
736 const size_t p_bytes = get_p_bytes();
737
738 const auto generator = EC_AffinePoint::generator(*this).serialize_uncompressed();
739
740 der.start_sequence()
741 .encode(ecpVers1)
742 .start_sequence()
743 .encode(curve_type)
744 .encode(get_p())
745 .end_cons()
746 .start_sequence()
747 .encode(get_a().serialize(p_bytes), ASN1_Type::OctetString)
748 .encode(get_b().serialize(p_bytes), ASN1_Type::OctetString)
749 .end_cons()
750 .encode(generator, ASN1_Type::OctetString)
751 .encode(get_order())
752 .encode(get_cofactor())
753 .end_cons();
754 return output;
755 } else if(form == EC_Group_Encoding::NamedCurve) {
756 return this->DER_encode();
757 } else if(form == EC_Group_Encoding::ImplicitCA) {
758 return {0x00, 0x05};
759 } else {
760 throw Internal_Error("EC_Group::DER_encode: Unknown encoding");
761 }
762}
Botan::EC_AffinePoint::serialize_uncompressed
T serialize_uncompressed() const
Definition ec_apoint.h:203
Botan::EC_AffinePoint::generator
static EC_AffinePoint generator(const EC_Group &group)
Return the standard group generator.
Definition ec_apoint.cpp:84
Botan::EC_Group::get_b
const BigInt & get_b() const
Definition ec_group.cpp:647
Botan::EC_Group::get_cofactor
const BigInt & get_cofactor() const
Definition ec_group.cpp:699
Botan::EC_Group::get_order
const BigInt & get_order() const
Definition ec_group.cpp:687
Botan::EC_Group::DER_encode
std::vector< uint8_t > DER_encode() const
Definition ec_group.cpp:719
Botan::EC_Group::get_p_bytes
size_t get_p_bytes() const
Definition ec_group.cpp:627

References DER_encode(), Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::Explicit, Botan::EC_AffinePoint::generator(), get_a(), get_b(), get_cofactor(), get_order(), get_p(), get_p_bytes(), Botan::ImplicitCA, Botan::NamedCurve, Botan::OctetString, Botan::EC_AffinePoint::serialize_uncompressed(), and Botan::DER_Encoder::start_sequence().

Referenced by Botan::EC_PublicKey::DER_domain().

◆ EC_Group_from_PEM()

EC_Group Botan::EC_Group::EC_Group_from_PEM ( std::string_view pem)
inlinestatic

Definition at line 199 of file ec_group.h.

199 {
200 return EC_Group::from_PEM(pem);
201 }
Botan::EC_Group::from_PEM
static EC_Group from_PEM(std::string_view pem)
Definition ec_group.cpp:511

References BOTAN_DEPRECATED, EC_Group(), EC_Group_from_PEM(), and from_PEM().

Referenced by EC_Group_from_PEM().

◆ EC_group_identity_from_order()

OID Botan::EC_Group::EC_group_identity_from_order ( const BigInt & order)
static

Definition at line 357 of file ec_named.cpp.

358 {
359 const uint32_t low_bits = static_cast<uint32_t>(order.word_at(0));
360
361 if(low_bits == 0xFC632551 && order == BigInt("0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551")) {
362 return OID{1, 2, 840, 10045, 3, 1, 7};
363 }
364
365 if(low_bits == 0xCCC52973 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) {
366 return OID{1, 3, 132, 0, 34};
367 }
368
369 if(low_bits == 0x91386409 && order == BigInt("0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409")) {
370 return OID{1, 3, 132, 0, 35};
371 }
372
373 if(low_bits == 0x9E60FC09 && order == BigInt("0xE95E4A5F737059DC60DF5991D45029409E60FC09")) {
374 return OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 1};
375 }
376
377 if(low_bits == 0x9AC4ACC1 && order == BigInt("0xC302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1")) {
378 return OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 3};
379 }
380
381 if(low_bits == 0xA5A7939F && order == BigInt("0xD7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F")) {
382 return OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 5};
383 }
384
385 if(low_bits == 0x974856A7 && order == BigInt("0xA9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7")) {
386 return OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 7};
387 }
388
389 if(low_bits == 0x44C59311 && order == BigInt("0xD35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311")) {
390 return OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 9};
391 }
392
393 if(low_bits == 0xE9046565 && order == BigInt("0x8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565")) {
394 return OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 11};
395 }
396
397 if(low_bits == 0x9CA90069 && order == BigInt("0xAADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069")) {
398 return OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 13};
399 }
400
401 if(low_bits == 0xC6D655E1 && order == BigInt("0xF1FD178C0B3AD58F10126DE8CE42435B53DC67E140D2BF941FFDD459C6D655E1")) {
402 return OID{1, 2, 250, 1, 223, 101, 256, 1};
403 }
404
405 if(low_bits == 0xB761B893 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6C611070995AD10045841B09B761B893")) {
406 return OID{1, 2, 643, 7, 1, 2, 1, 1, 1};
407 }
408
409 if(low_bits == 0x1F10B275 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF27E69532F48D89116FF22B8D4E0560609B4B38ABFAD2B85DCACDB1411F10B275")) {
410 return OID{1, 2, 643, 7, 1, 2, 1, 2, 1};
411 }
412
413 if(low_bits == 0xCA16B6B3 && order == BigInt("0x100000000000000000001B8FA16DFAB9ACA16B6B3")) {
414 return OID{1, 3, 132, 0, 9};
415 }
416
417 if(low_bits == 0xCA752257 && order == BigInt("0x100000000000000000001F4C8F927AED3CA752257")) {
418 return OID{1, 3, 132, 0, 8};
419 }
420
421 if(low_bits == 0xF3A1A16B && order == BigInt("0x100000000000000000000351EE786A818F3A1A16B")) {
422 return OID{1, 3, 132, 0, 30};
423 }
424
425 if(low_bits == 0x74DEFD8D && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D")) {
426 return OID{1, 3, 132, 0, 31};
427 }
428
429 if(low_bits == 0xB4D22831 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831")) {
430 return OID{1, 2, 840, 10045, 3, 1, 1};
431 }
432
433 if(low_bits == 0x769FB1F7 && order == BigInt("0x10000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7")) {
434 return OID{1, 3, 132, 0, 32};
435 }
436
437 if(low_bits == 0x5C5C2A3D && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D")) {
438 return OID{1, 3, 132, 0, 33};
439 }
440
441 if(low_bits == 0xD0364141 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141")) {
442 return OID{1, 3, 132, 0, 10};
443 }
444
445 if(low_bits == 0x39D54123 && order == BigInt("0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123")) {
446 return OID{1, 2, 156, 10197, 1, 301};
447 }
448
449 if(low_bits == 0x48D8DD31 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31")) {
450 return OID{1, 2, 840, 10045, 3, 1, 2};
451 }
452
453 if(low_bits == 0xF640EC13 && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13")) {
454 return OID{1, 2, 840, 10045, 3, 1, 3};
455 }
456
457 if(low_bits == 0x88909D0B && order == BigInt("0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B")) {
458 return OID{1, 2, 840, 10045, 3, 1, 4};
459 }
460
461 if(low_bits == 0xBC582063 && order == BigInt("0x7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063")) {
462 return OID{1, 2, 840, 10045, 3, 1, 5};
463 }
464
465 if(low_bits == 0x46526551 && order == BigInt("0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551")) {
466 return OID{1, 2, 840, 10045, 3, 1, 6};
467 }
468
469 if(low_bits == 0x0433555D && order == BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5B3CA4FB94E7831B4FC258ED97D0BDC63B568B36607CD243CE153F390433555D")) {
470 return OID{1, 3, 6, 1, 4, 1, 25258, 4, 3};
471 }
472
473 return OID();
474}

References Botan::BigInt::word_at().

◆ EC_group_info()

std::shared_ptr< EC_Group_Data > Botan::EC_Group::EC_group_info ( const OID & oid)
static

Definition at line 16 of file ec_named.cpp.

16 {
17 // secp256r1
18 if(oid == OID{1, 2, 840, 10045, 3, 1, 7}) {
19 return load_EC_group_info(
20 "0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
21 "0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
22 "0x5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
23 "0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",
24 "0x4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5",
25 "0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",
26 oid);
27 }
28
29 // secp384r1
30 if(oid == OID{1, 3, 132, 0, 34}) {
31 return load_EC_group_info(
32 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF",
33 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC",
34 "0xB3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF",
35 "0xAA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7",
36 "0x3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F",
37 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973",
38 oid);
39 }
40
41 // secp521r1
42 if(oid == OID{1, 3, 132, 0, 35}) {
43 return load_EC_group_info(
44 "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
45 "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",
46 "0x51953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",
47 "0xC6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",
48 "0x11839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650",
49 "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",
50 oid);
51 }
52
53 // brainpool160r1
54 if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 1}) {
55 return load_EC_group_info(
56 "0xE95E4A5F737059DC60DFC7AD95B3D8139515620F",
57 "0x340E7BE2A280EB74E2BE61BADA745D97E8F7C300",
58 "0x1E589A8595423412134FAA2DBDEC95C8D8675E58",
59 "0xBED5AF16EA3F6A4F62938C4631EB5AF7BDBCDBC3",
60 "0x1667CB477A1A8EC338F94741669C976316DA6321",
61 "0xE95E4A5F737059DC60DF5991D45029409E60FC09",
62 oid);
63 }
64
65 // brainpool192r1
66 if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 3}) {
67 return load_EC_group_info(
68 "0xC302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297",
69 "0x6A91174076B1E0E19C39C031FE8685C1CAE040E5C69A28EF",
70 "0x469A28EF7C28CCA3DC721D044F4496BCCA7EF4146FBF25C9",
71 "0xC0A0647EAAB6A48753B033C56CB0F0900A2F5C4853375FD6",
72 "0x14B690866ABD5BB88B5F4828C1490002E6773FA2FA299B8F",
73 "0xC302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1",
74 oid);
75 }
76
77 // brainpool224r1
78 if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 5}) {
79 return load_EC_group_info(
80 "0xD7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF",
81 "0x68A5E62CA9CE6C1C299803A6C1530B514E182AD8B0042A59CAD29F43",
82 "0x2580F63CCFE44138870713B1A92369E33E2135D266DBB372386C400B",
83 "0xD9029AD2C7E5CF4340823B2A87DC68C9E4CE3174C1E6EFDEE12C07D",
84 "0x58AA56F772C0726F24C6B89E4ECDAC24354B9E99CAA3F6D3761402CD",
85 "0xD7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F",
86 oid);
87 }
88
89 // brainpool256r1
90 if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 7}) {
91 return load_EC_group_info(
92 "0xA9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377",
93 "0x7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9",
94 "0x26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6",
95 "0x8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262",
96 "0x547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997",
97 "0xA9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7",
98 oid);
99 }
100
101 // brainpool320r1
102 if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 9}) {
103 return load_EC_group_info(
104 "0xD35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E27",
105 "0x3EE30B568FBAB0F883CCEBD46D3F3BB8A2A73513F5EB79DA66190EB085FFA9F492F375A97D860EB4",
106 "0x520883949DFDBC42D3AD198640688A6FE13F41349554B49ACC31DCCD884539816F5EB4AC8FB1F1A6",
107 "0x43BD7E9AFB53D8B85289BCC48EE5BFE6F20137D10A087EB6E7871E2A10A599C710AF8D0D39E20611",
108 "0x14FDD05545EC1CC8AB4093247F77275E0743FFED117182EAA9C77877AAAC6AC7D35245D1692E8EE1",
109 "0xD35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311",
110 oid);
111 }
112
113 // brainpool384r1
114 if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 11}) {
115 return load_EC_group_info(
116 "0x8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53",
117 "0x7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826",
118 "0x4A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11",
119 "0x1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E",
120 "0x8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315",
121 "0x8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565",
122 oid);
123 }
124
125 // brainpool512r1
126 if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 13}) {
127 return load_EC_group_info(
128 "0xAADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3",
129 "0x7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA",
130 "0x3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723",
131 "0x81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822",
132 "0x7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892",
133 "0xAADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069",
134 oid);
135 }
136
137 // frp256v1
138 if(oid == OID{1, 2, 250, 1, 223, 101, 256, 1}) {
139 return load_EC_group_info(
140 "0xF1FD178C0B3AD58F10126DE8CE42435B3961ADBCABC8CA6DE8FCF353D86E9C03",
141 "0xF1FD178C0B3AD58F10126DE8CE42435B3961ADBCABC8CA6DE8FCF353D86E9C00",
142 "0xEE353FCA5428A9300D4ABA754A44C00FDFEC0C9AE4B1A1803075ED967B7BB73F",
143 "0xB6B3D4C356C139EB31183D4749D423958C27D2DCAF98B70164C97A2DD98F5CFF",
144 "0x6142E0F7C8B204911F9271F0F3ECEF8C2701C307E8E4C9E183115A1554062CFB",
145 "0xF1FD178C0B3AD58F10126DE8CE42435B53DC67E140D2BF941FFDD459C6D655E1",
146 oid);
147 }
148
149 // gost_256A
150 if(oid == OID{1, 2, 643, 7, 1, 2, 1, 1, 1} || oid == OID{1, 2, 643, 2, 2, 35, 1} || oid == OID{1, 2, 643, 2, 2, 36, 0}) {
151 return load_EC_group_info(
152 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD97",
153 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD94",
154 "0xA6",
155 "0x1",
156 "0x8D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14",
157 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6C611070995AD10045841B09B761B893",
158 OID{1, 2, 643, 7, 1, 2, 1, 1, 1});
159 }
160
161 // gost_512A
162 if(oid == OID{1, 2, 643, 7, 1, 2, 1, 2, 1}) {
163 return load_EC_group_info(
164 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC7",
165 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC4",
166 "0xE8C2505DEDFC86DDC1BD0B2B6667F1DA34B82574761CB0E879BD081CFD0B6265EE3CB090F30D27614CB4574010DA90DD862EF9D4EBEE4761503190785A71C760",
167 "0x3",
168 "0x7503CFE87A836AE3A61B8816E25450E6CE5E1C93ACF1ABC1778064FDCBEFA921DF1626BE4FD036E93D75E6A50E3A41E98028FE5FC235F5B889A589CB5215F2A4",
169 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF27E69532F48D89116FF22B8D4E0560609B4B38ABFAD2B85DCACDB1411F10B275",
170 oid);
171 }
172
173 // secp160k1
174 if(oid == OID{1, 3, 132, 0, 9}) {
175 return load_EC_group_info(
176 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
177 "0x0",
178 "0x7",
179 "0x3B4C382CE37AA192A4019E763036F4F5DD4D7EBB",
180 "0x938CF935318FDCED6BC28286531733C3F03C4FEE",
181 "0x100000000000000000001B8FA16DFAB9ACA16B6B3",
182 oid);
183 }
184
185 // secp160r1
186 if(oid == OID{1, 3, 132, 0, 8}) {
187 return load_EC_group_info(
188 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF",
189 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC",
190 "0x1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45",
191 "0x4A96B5688EF573284664698968C38BB913CBFC82",
192 "0x23A628553168947D59DCC912042351377AC5FB32",
193 "0x100000000000000000001F4C8F927AED3CA752257",
194 oid);
195 }
196
197 // secp160r2
198 if(oid == OID{1, 3, 132, 0, 30}) {
199 return load_EC_group_info(
200 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
201 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70",
202 "0xB4E134D3FB59EB8BAB57274904664D5AF50388BA",
203 "0x52DCB034293A117E1F4FF11B30F7199D3144CE6D",
204 "0xFEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E",
205 "0x100000000000000000000351EE786A818F3A1A16B",
206 oid);
207 }
208
209 // secp192k1
210 if(oid == OID{1, 3, 132, 0, 31}) {
211 return load_EC_group_info(
212 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37",
213 "0x0",
214 "0x3",
215 "0xDB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D",
216 "0x9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D",
217 "0xFFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D",
218 oid);
219 }
220
221 // secp192r1
222 if(oid == OID{1, 2, 840, 10045, 3, 1, 1}) {
223 return load_EC_group_info(
224 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
225 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
226 "0x64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1",
227 "0x188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012",
228 "0x7192B95FFC8DA78631011ED6B24CDD573F977A11E794811",
229 "0xFFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",
230 oid);
231 }
232
233 // secp224k1
234 if(oid == OID{1, 3, 132, 0, 32}) {
235 return load_EC_group_info(
236 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D",
237 "0x0",
238 "0x5",
239 "0xA1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C",
240 "0x7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5",
241 "0x10000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7",
242 oid);
243 }
244
245 // secp224r1
246 if(oid == OID{1, 3, 132, 0, 33}) {
247 return load_EC_group_info(
248 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
249 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
250 "0xB4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
251 "0xB70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
252 "0xBD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34",
253 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",
254 oid);
255 }
256
257 // secp256k1
258 if(oid == OID{1, 3, 132, 0, 10}) {
259 return load_EC_group_info(
260 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F",
261 "0x0",
262 "0x7",
263 "0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798",
264 "0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8",
265 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",
266 oid);
267 }
268
269 // sm2p256v1
270 if(oid == OID{1, 2, 156, 10197, 1, 301}) {
271 return load_EC_group_info(
272 "0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF",
273 "0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFC",
274 "0x28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93",
275 "0x32C4AE2C1F1981195F9904466A39C9948FE30BBFF2660BE1715A4589334C74C7",
276 "0xBC3736A2F4F6779C59BDCEE36B692153D0A9877CC62A474002DF32E52139F0A0",
277 "0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123",
278 oid);
279 }
280
281 // x962_p192v2
282 if(oid == OID{1, 2, 840, 10045, 3, 1, 2}) {
283 return load_EC_group_info(
284 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
285 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
286 "0xCC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953",
287 "0xEEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A",
288 "0x6574D11D69B6EC7A672BB82A083DF2F2B0847DE970B2DE15",
289 "0xFFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31",
290 oid);
291 }
292
293 // x962_p192v3
294 if(oid == OID{1, 2, 840, 10045, 3, 1, 3}) {
295 return load_EC_group_info(
296 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
297 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
298 "0x22123DC2395A05CAA7423DAECCC94760A7D462256BD56916",
299 "0x7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896",
300 "0x38A90F22637337334B49DCB66A6DC8F9978ACA7648A943B0",
301 "0xFFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13",
302 oid);
303 }
304
305 // x962_p239v1
306 if(oid == OID{1, 2, 840, 10045, 3, 1, 4}) {
307 return load_EC_group_info(
308 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
309 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
310 "0x6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A",
311 "0xFFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF",
312 "0x7DEBE8E4E90A5DAE6E4054CA530BA04654B36818CE226B39FCCB7B02F1AE",
313 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B",
314 oid);
315 }
316
317 // x962_p239v2
318 if(oid == OID{1, 2, 840, 10045, 3, 1, 5}) {
319 return load_EC_group_info(
320 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
321 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
322 "0x617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C",
323 "0x38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7",
324 "0x5B0125E4DBEA0EC7206DA0FC01D9B081329FB555DE6EF460237DFF8BE4BA",
325 "0x7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063",
326 oid);
327 }
328
329 // x962_p239v3
330 if(oid == OID{1, 2, 840, 10045, 3, 1, 6}) {
331 return load_EC_group_info(
332 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
333 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
334 "0x255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E",
335 "0x6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A",
336 "0x1607E6898F390C06BC1D552BAD226F3B6FCFE48B6E818499AF18E3ED6CF3",
337 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551",
338 oid);
339 }
340
341 // numsp512d1
342 if(oid == OID{1, 3, 6, 1, 4, 1, 25258, 4, 3}) {
343 return load_EC_group_info(
344 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC7",
345 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC4",
346 "0x1D99B",
347 "0x2",
348 "0x1C282EB23327F9711952C250EA61AD53FCC13031CF6DD336E0B9328433AFBDD8CC5A1C1F0C716FDC724DDE537C2B0ADB00BB3D08DC83755B205CC30D7F83CF28",
349 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5B3CA4FB94E7831B4FC258ED97D0BDC63B568B36607CD243CE153F390433555D",
350 oid);
351 }
352
353 return std::shared_ptr<EC_Group_Data>();
354}

◆ engine()

EC_Group_Engine Botan::EC_Group::engine ( ) const

Return how this EC_Group is implemented under the hood

This is mostly useful for diagnostic or debugging purposes

Definition at line 715 of file ec_group.cpp.

715 {
716 return data().engine();
717}

◆ from_name()

EC_Group Botan::EC_Group::from_name ( std::string_view name)
static

Initialize an EC group from a group common name (eg "secp256r1")

Definition at line 468 of file ec_group.cpp.

468 {
469 std::shared_ptr<EC_Group_Data> data;
470
471 if(auto oid = OID::from_name(name)) {
472 data = ec_group_data().lookup(oid.value());
473 }
474
475 if(!data) {
476 throw Invalid_Argument(fmt("Unknown EC_Group '{}'", name));
477 }
478
479 return EC_Group(std::move(data));
480}
Botan::OID::from_name
static std::optional< OID > from_name(std::string_view name)
Definition asn1_oid.cpp:72

References EC_Group(), EC_Group(), Botan::fmt(), and Botan::OID::from_name().

Referenced by botan_ec_group_from_name(), Botan::create_private_key(), Botan::TLS::Callbacks::tls_deserialize_peer_public_key(), and Botan::TLS::Callbacks::tls_generate_ephemeral_key().

◆ from_OID()

EC_Group Botan::EC_Group::from_OID ( const OID & oid)
static

Initialize an EC group from a group named by an object identifier

Definition at line 457 of file ec_group.cpp.

457 {
458 auto data = ec_group_data().lookup(oid);
459
460 if(!data) {
461 throw Invalid_Argument(fmt("No EC_Group associated with OID '{}'", oid.to_string()));
462 }
463
464 return EC_Group(std::move(data));
465}

References EC_Group(), EC_Group(), Botan::fmt(), and Botan::OID::to_string().

Referenced by botan_ec_group_from_oid(), EC_Group(), and Botan::GOST_3410_PublicKey::GOST_3410_PublicKey().

◆ from_PEM()

EC_Group Botan::EC_Group::from_PEM ( std::string_view pem)
static

Initialize an EC group from the PEM/ASN.1 encoding

Definition at line 511 of file ec_group.cpp.

511 {
512 const auto der = PEM_Code::decode_check_label(pem, "EC PARAMETERS");
513 return EC_Group(der);
514}

References Botan::PEM_Code::decode_check_label(), EC_Group(), and EC_Group().

Referenced by botan_ec_group_from_pem(), and EC_Group_from_PEM().

◆ get_a()

const BigInt & Botan::EC_Group::get_a ( ) const

Return the a parameter of the elliptic curve equation

Definition at line 643 of file ec_group.cpp.

643 {
644 return data().a();
645}

Referenced by a_is_minus_3(), a_is_zero(), DER_encode(), Botan::EC_PublicKey::get_int_field(), operator==(), Botan::sm2_compute_za(), and verify_group().

◆ get_b()

const BigInt & Botan::EC_Group::get_b ( ) const

Return the b parameter of the elliptic curve equation

Definition at line 647 of file ec_group.cpp.

647 {
648 return data().b();
649}

Referenced by DER_encode(), Botan::EC_PublicKey::get_int_field(), operator==(), Botan::sm2_compute_za(), and verify_group().

◆ get_cofactor()

const BigInt & Botan::EC_Group::get_cofactor ( ) const

Return the cofactor

Returns
the cofactor TODO(Botan4): Remove this

Definition at line 699 of file ec_group.cpp.

699 {
700 return data().cofactor();
701}

Referenced by DER_encode(), Botan::EC_PublicKey::get_int_field(), operator==(), and verify_group().

◆ get_curve_oid()

const OID & Botan::EC_Group::get_curve_oid ( ) const

Return the OID of these domain parameters

Returns
the OID

Definition at line 707 of file ec_group.cpp.

707 {
708 return data().oid();
709}

Referenced by Botan::GOST_3410_PublicKey::algorithm_identifier(), and Botan::TPM2::EC_PrivateKey::create_unrestricted_transient().

◆ get_g_x()

const BigInt & Botan::EC_Group::get_g_x ( ) const

Return the x coordinate of the base point

Definition at line 691 of file ec_group.cpp.

691 {
692 return data().g_x();
693}

Referenced by Botan::EC_AffinePoint::generator(), Botan::EC_PublicKey::get_int_field(), operator==(), and Botan::sm2_compute_za().

◆ get_g_y()

const BigInt & Botan::EC_Group::get_g_y ( ) const

Return the y coordinate of the base point

Definition at line 695 of file ec_group.cpp.

695 {
696 return data().g_y();
697}

Referenced by Botan::EC_AffinePoint::generator(), Botan::EC_PublicKey::get_int_field(), operator==(), and Botan::sm2_compute_za().

◆ get_order()

const BigInt & Botan::EC_Group::get_order ( ) const

Return the order of the base point

Returns
order of the base point

Definition at line 687 of file ec_group.cpp.

687 {
688 return data().order();
689}

Referenced by DER_encode(), Botan::EC_PublicKey::get_int_field(), operator==(), and verify_group().

◆ get_order_bits()

size_t Botan::EC_Group::get_order_bits ( ) const

Return the size of group order in bits (same as get_order().bits())

Definition at line 631 of file ec_group.cpp.

631 {
632 return data().order_bits();
633}

Referenced by Botan::EC_Scalar::hash().

◆ get_order_bytes()

size_t Botan::EC_Group::get_order_bytes ( ) const

Return the size of the group order in bytes (same as get_order().bytes())

Definition at line 635 of file ec_group.cpp.

635 {
636 return data().order_bytes();
637}

Referenced by Botan::ECDSA_PublicKey::_signature_element_size_for_DER_encoding(), Botan::GOST_3410_PublicKey::_signature_element_size_for_DER_encoding(), and Botan::SM2_PublicKey::_signature_element_size_for_DER_encoding().

◆ get_p()

const BigInt & Botan::EC_Group::get_p ( ) const

Return the prime modulus of the field

Definition at line 639 of file ec_group.cpp.

639 {
640 return data().p();
641}

Referenced by a_is_minus_3(), DER_encode(), Botan::EC_AffinePoint::from_bigint_xy(), Botan::EC_PublicKey::get_int_field(), operator==(), and verify_group().

◆ get_p_bits()

size_t Botan::EC_Group::get_p_bits ( ) const

Return the size of p in bits (same as get_p().bits())

Definition at line 623 of file ec_group.cpp.

623 {
624 return data().p_bits();
625}

Referenced by Botan::GOST_3410_PublicKey::algo_name(), and Botan::EC_PublicKey::key_length().

◆ get_p_bytes()

size_t Botan::EC_Group::get_p_bytes ( ) const

Return the size of p in bytes (same as get_p().bytes())

Definition at line 627 of file ec_group.cpp.

627 {
628 return data().p_bytes();
629}

Referenced by DER_encode(), Botan::EC_AffinePoint::from_bigint_xy(), point_size(), and Botan::sm2_compute_za().

◆ has_cofactor()

bool Botan::EC_Group::has_cofactor ( ) const

Return true if the cofactor is > 1 TODO(Botan4): Remove this

Definition at line 703 of file ec_group.cpp.

703 {
704 return data().has_cofactor();
705}

◆ initialized()

bool Botan::EC_Group::initialized ( ) const
inline

Definition at line 226 of file ec_group.h.

226{ return (m_data != nullptr); }

References initialized().

Referenced by initialized().

◆ inverse_mod_order()

BigInt Botan::EC_Group::inverse_mod_order ( const BigInt & x) const
inline

Definition at line 667 of file ec_group.h.

667 {
668 return EC_Scalar::from_bigint(*this, x).invert().to_bigint();
669 }
Botan::EC_Scalar::to_bigint
BigInt to_bigint() const
Definition ec_scalar.cpp:77
Botan::EC_Scalar::invert
EC_Scalar invert() const
Definition ec_scalar.cpp:137

References Botan::EC_Scalar::from_bigint(), and inverse_mod_order().

Referenced by inverse_mod_order().

◆ known_named_groups()

const std::set< std::string > & Botan::EC_Group::known_named_groups ( )
static

Return a set of known named EC groups

This returns a set of groups for which from_name should succeed.

Note that the set of included groups can vary based on the build configuration, and that this list does not include any groups registered by the application at runtime.

Definition at line 477 of file ec_named.cpp.

477 {
478 static const std::set<std::string> named_groups = {
479#if defined(BOTAN_HAS_PCURVES_BRAINPOOL256R1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
480 "brainpool256r1",
481#endif
482
483#if defined(BOTAN_HAS_PCURVES_BRAINPOOL384R1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
484 "brainpool384r1",
485#endif
486
487#if defined(BOTAN_HAS_PCURVES_BRAINPOOL512R1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
488 "brainpool512r1",
489#endif
490
491#if defined(BOTAN_HAS_PCURVES_FRP256V1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
492 "frp256v1",
493#endif
494
495#if defined(BOTAN_HAS_PCURVES_NUMSP512D1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
496 "numsp512d1",
497#endif
498
499#if defined(BOTAN_HAS_PCURVES_SECP192R1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
500 "secp192r1",
501#endif
502
503#if defined(BOTAN_HAS_PCURVES_SECP224R1) || defined(BOTAN_HAS_LEGACY_EC_POINT)
504 // Not supported by pcurves_generic
505 "secp224r1",
506#endif
507
508#if defined(BOTAN_HAS_PCURVES_SECP256K1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
509 "secp256k1",
510#endif
511
512#if defined(BOTAN_HAS_PCURVES_SECP256R1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
513 "secp256r1",
514#endif
515
516#if defined(BOTAN_HAS_PCURVES_SECP384R1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
517 "secp384r1",
518#endif
519
520#if defined(BOTAN_HAS_PCURVES_SECP521R1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
521 "secp521r1",
522#endif
523
524#if defined(BOTAN_HAS_PCURVES_SM2P256V1) || defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
525 "sm2p256v1",
526#endif
527
528#if defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
529 "brainpool192r1",
530 "brainpool224r1",
531 "brainpool320r1",
532 "gost_256A",
533 "gost_512A",
534 "secp192k1",
535 "x962_p192v2",
536 "x962_p192v3",
537 "x962_p239v1",
538 "x962_p239v2",
539 "x962_p239v3",
540#endif
541
542#if defined(BOTAN_HAS_LEGACY_EC_POINT)
543 "brainpool160r1",
544 "secp160k1",
545 "secp160r1",
546 "secp160r2",
547 "secp224k1",
548#endif
549 };
550
551 return named_groups;
552}

Referenced by supports_named_group().

◆ mod_order()

BigInt Botan::EC_Group::mod_order ( const BigInt & x) const
inline

Definition at line 660 of file ec_group.h.

660 {
661 return EC_Scalar::from_bytes_mod_order(*this, x.serialize()).to_bigint();
662 }
Botan::EC_Scalar::from_bytes_mod_order
static EC_Scalar from_bytes_mod_order(const EC_Group &group, std::span< const uint8_t > bytes)
Definition ec_scalar.cpp:53

References Botan::EC_Scalar::from_bytes_mod_order(), and mod_order().

Referenced by EC_Group(), and mod_order().

◆ multiply_mod_order() [1/2]

BigInt Botan::EC_Group::multiply_mod_order ( const BigInt & x,
const BigInt & y ) const
inline

Definition at line 683 of file ec_group.h.

683 {
684 auto xs = EC_Scalar::from_bigint(*this, x);
685 auto ys = EC_Scalar::from_bigint(*this, y);
686 return (xs * ys).to_bigint();
687 }

References Botan::EC_Scalar::from_bigint(), and multiply_mod_order().

Referenced by multiply_mod_order(), and multiply_mod_order().

◆ multiply_mod_order() [2/2]

BigInt Botan::EC_Group::multiply_mod_order ( const BigInt & x,
const BigInt & y,
const BigInt & z ) const
inline

Definition at line 693 of file ec_group.h.

693 {
694 auto xs = EC_Scalar::from_bigint(*this, x);
695 auto ys = EC_Scalar::from_bigint(*this, y);
696 auto zs = EC_Scalar::from_bigint(*this, z);
697 return (xs * ys * zs).to_bigint();
698 }

References Botan::EC_Scalar::from_bigint(), and multiply_mod_order().

◆ operator=() [1/2]

EC_Group & Botan::EC_Group::operator= ( const EC_Group & )
default

References EC_Group().

◆ operator=() [2/2]

EC_Group & Botan::EC_Group::operator= ( EC_Group && )
default

References EC_Group().

◆ operator==()

bool Botan::EC_Group::operator== ( const EC_Group & other) const

Definition at line 769 of file ec_group.cpp.

769 {
770 if(m_data == other.m_data) {
771 return true; // same shared rep
772 }
773
774 return (get_p() == other.get_p() && get_a() == other.get_a() && get_b() == other.get_b() &&
775 get_g_x() == other.get_g_x() && get_g_y() == other.get_g_y() && get_order() == other.get_order() &&
776 get_cofactor() == other.get_cofactor());
777}
Botan::EC_Group::get_g_y
const BigInt & get_g_y() const
Definition ec_group.cpp:695
Botan::EC_Group::get_g_x
const BigInt & get_g_x() const
Definition ec_group.cpp:691

References EC_Group(), get_a(), get_b(), get_cofactor(), get_g_x(), get_g_y(), get_order(), and get_p().

◆ PEM_encode()

std::string Botan::EC_Group::PEM_encode ( EC_Group_Encoding form = EC_Group_Encoding::Explicit) const

Return the PEM encoding

Returns
string containing PEM data
Warning
In Botan4 the form parameter will be removed and only namedCurve will be supported

TODO(Botan4) remove the argument

Definition at line 764 of file ec_group.cpp.

764 {
765 const std::vector<uint8_t> der = DER_encode(form);
766 return PEM_Code::encode(der, "EC PARAMETERS");
767}
Botan::PEM_Code::encode
std::string encode(const uint8_t der[], size_t length, std::string_view label, size_t width)
Definition pem.cpp:39

References DER_encode(), and Botan::PEM_Code::encode().

◆ point_size()

size_t Botan::EC_Group::point_size ( EC_Point_Format format) const
inline

Definition at line 708 of file ec_group.h.

708 {
709 // Hybrid and standard format are (x,y), compressed is y, +1 format byte
710 if(format == EC_Point_Format::Compressed) {
711 return (1 + get_p_bytes());
712 } else {
713 return (1 + 2 * get_p_bytes());
714 }
715 }

References Botan::Compressed, get_p_bytes(), and point_size().

Referenced by point_size().

◆ source()

EC_Group_Source Botan::EC_Group::source ( ) const

Definition at line 711 of file ec_group.cpp.

711 {
712 return data().source();
713}

Referenced by verify_group().

◆ square_mod_order()

BigInt Botan::EC_Group::square_mod_order ( const BigInt & x) const
inline

Definition at line 674 of file ec_group.h.

674 {
675 auto xs = EC_Scalar::from_bigint(*this, x);
676 xs.square_self();
677 return xs.to_bigint();
678 }

References Botan::EC_Scalar::from_bigint(), and square_mod_order().

Referenced by square_mod_order().

◆ supports_application_specific_group()

bool Botan::EC_Group::supports_application_specific_group ( )
static

Return true if in this build configuration it is possible to register an application specific elliptic curve.

Definition at line 439 of file ec_group.cpp.

439 {
440#if defined(BOTAN_HAS_LEGACY_EC_POINT) || defined(BOTAN_HAS_PCURVES_GENERIC)
441 return true;
442#else
443 return false;
444#endif
445}

Referenced by botan_ec_group_supports_application_specific_group().

◆ supports_application_specific_group_with_cofactor()

bool Botan::EC_Group::supports_application_specific_group_with_cofactor ( )
static

Return true if in this build configuration it is possible to register an application specific elliptic curve with a cofactor larger than 1.

Definition at line 448 of file ec_group.cpp.

448 {
449#if defined(BOTAN_HAS_LEGACY_EC_POINT)
450 return true;
451#else
452 return false;
453#endif
454}

◆ supports_named_group()

bool Botan::EC_Group::supports_named_group ( std::string_view name)
static

Return true if EC_Group::from_name(name) should succeed for this name either because it is a group compiled into the library or it is a group which has already been registered by the application at runtime.

Definition at line 412 of file ec_group.cpp.

412 {
413 if(name.empty()) {
414 return false;
415 }
416
417 // Is it one of the groups compiled into the library?
418 if(EC_Group::known_named_groups().contains(std::string(name))) {
419 return true;
420 }
421
422 // Is it a custom group registered by the application?
423 if(auto oid = OID::from_name(name)) {
424 try {
425 if(ec_group_data().lookup(oid.value()) != nullptr) {
426 return true;
427 }
428 } catch(Not_Implemented&) {
429 // This would be thrown for example if the group is a known curve
430 // but the relevant module that enables it is not compiled in
431 }
432 }
433
434 // Not known
435 return false;
436}
Botan::EC_Group::known_named_groups
static const std::set< std::string > & known_named_groups()
Definition ec_named.cpp:477
Botan::OIDS::lookup
std::string lookup(const OID &oid)
Definition oids.h:61

References Botan::OID::from_name(), and known_named_groups().

Referenced by botan_ec_group_supports_named_group(), and Botan::create_private_key().

◆ unregister()

bool Botan::EC_Group::unregister ( const OID & oid)
static

Unregister a previously registered group.

Using this is discouraged for normal use. This is only useful or necessary if you are registering a very large number of distinct groups, and need to worry about memory constraints.

Returns true if the group was found and unregistered.

Definition at line 612 of file ec_group.cpp.

612 {
613 return ec_group_data().unregister(oid);
614}

Referenced by botan_ec_group_unregister(), and EC_Group().

◆ used_explicit_encoding()

bool Botan::EC_Group::used_explicit_encoding ( ) const
inline

Return true if this EC_Group was derived from an explicit encoding

Explicit encoding of groups is deprecated; when support for explicit curves is removed in a future major release, this function will also be removed.

Definition at line 264 of file ec_group.h.

264{ return m_explicit_encoding; }

Referenced by botan_pubkey_ecc_key_used_explicit_encoding().

◆ verify_group()

bool Botan::EC_Group::verify_group ( RandomNumberGenerator & rng,
bool strong = false ) const

Verify EC_Group domain

Returns
true if group is valid. false otherwise

Definition at line 779 of file ec_group.cpp.

779 {
780 const bool is_builtin = source() == EC_Group_Source::Builtin;
781
782 if(is_builtin && !strong) {
783 return true;
784 }
785
786 // TODO(Botan4) this can probably all be removed once the deprecated EC_Group
787 // constructor is removed, since at that point it no longer becomes possible
788 // to create an EC_Group which fails to satisfy these conditions
789
790 const BigInt& p = get_p();
791 const BigInt& a = get_a();
792 const BigInt& b = get_b();
793 const BigInt& order = get_order();
794
795 if(p <= 3 || order <= 0) {
796 return false;
797 }
798 if(a < 0 || a >= p) {
799 return false;
800 }
801 if(b <= 0 || b >= p) {
802 return false;
803 }
804
805 const size_t test_prob = 128;
806 const bool is_randomly_generated = is_builtin;
807
808 //check if field modulus is prime
809 if(!is_prime(p, rng, test_prob, is_randomly_generated)) {
810 return false;
811 }
812
813 //check if order is prime
814 if(!is_prime(order, rng, test_prob, is_randomly_generated)) {
815 return false;
816 }
817
818 //compute the discriminant: 4*a^3 + 27*b^2 which must be nonzero
819 auto mod_p = Barrett_Reduction::for_public_modulus(p);
820
821 const BigInt discriminant = mod_p.reduce(mod_p.multiply(BigInt::from_s32(4), mod_p.cube(a)) +
822 mod_p.multiply(BigInt::from_s32(27), mod_p.square(b)));
823
824 if(discriminant == 0) {
825 return false;
826 }
827
828 //check for valid cofactor
829 if(get_cofactor() < 1) {
830 return false;
831 }
832
833#if defined(BOTAN_HAS_LEGACY_EC_POINT)
834 const EC_Point& base_point = get_base_point();
835 //check if the base point is on the curve
836 if(!base_point.on_the_curve()) {
837 return false;
838 }
839 if((base_point * get_cofactor()).is_zero()) {
840 return false;
841 }
842 //check if order of the base point is correct
843 if(!(base_point * order).is_zero()) {
844 return false;
845 }
846#endif
847
848 // check the Hasse bound (roughly)
849 if((p - get_cofactor() * order).abs().bits() > (p.bits() / 2) + 1) {
850 return false;
851 }
852
853 return true;
854}
Botan::EC_Group::source
EC_Group_Source source() const
Definition ec_group.cpp:711
Botan::is_prime
bool is_prime(const BigInt &n, RandomNumberGenerator &rng, size_t prob, bool is_random)
Definition numthry.cpp:381

References Botan::abs(), Botan::BigInt::bits(), Botan::Builtin, Botan::Barrett_Reduction::for_public_modulus(), Botan::BigInt::from_s32(), get_a(), get_b(), get_cofactor(), get_order(), get_p(), Botan::is_prime(), Botan::EC_Point::on_the_curve(), and source().

Referenced by Botan::EC_PublicKey::check_key().

The documentation for this class was generated from the following files:
Generated by doxygen 1.16.1