Botan::EC_Group_Data Class Reference

#include <ec_inner_data.h>

Inheritance diagram for Botan::EC_Group_Data:

Public Member Functions
const BigInt &	a () const
bool	a_is_minus_3 () const
bool	a_is_zero () const
const BigInt &	b () const
const EC_Point &	base_point () const
const BigInt &	cofactor () const
const CurveGFp &	curve () const
const std::vector< uint8_t > &	der_named_curve () const
	EC_Group_Data (const BigInt &p, const BigInt &a, const BigInt &b, const BigInt &g_x, const BigInt &g_y, const BigInt &order, const BigInt &cofactor, const OID &oid, EC_Group_Source source)
const BigInt &	g_x () const
const BigInt &	g_y () const
std::unique_ptr< EC_Scalar_Data >	gk_x_mod_order (const EC_Scalar_Data &scalar, RandomNumberGenerator &rng, std::vector< BigInt > &ws) const
bool	has_cofactor () const
BigInt	inverse_mod_order (const BigInt &x) const
std::unique_ptr< EC_Mul2Table_Data >	make_mul2_table (const EC_AffinePoint_Data &pt) const
BigInt	mod_order (const BigInt &x) const
BigInt	multiply_mod_order (const BigInt &x, const BigInt &y) const
BigInt	multiply_mod_order (const BigInt &x, const BigInt &y, const BigInt &z) const
const OID &	oid () const
const BigInt &	order () const
size_t	order_bits () const
size_t	order_bytes () const
bool	order_is_less_than_p () const
const BigInt &	p () const
size_t	p_bits () const
size_t	p_bytes () const
bool	params_match (const BigInt &p, const BigInt &a, const BigInt &b, const BigInt &g_x, const BigInt &g_y, const BigInt &order, const BigInt &cofactor) const
bool	params_match (const EC_Group_Data &other) const
const PCurve::PrimeOrderCurve &	pcurve () const
std::unique_ptr< EC_AffinePoint_Data >	point_deserialize (std::span< const uint8_t > bytes) const
std::unique_ptr< EC_AffinePoint_Data >	point_g_mul (const EC_Scalar_Data &scalar, RandomNumberGenerator &rng, std::vector< BigInt > &ws) const
std::unique_ptr< EC_AffinePoint_Data >	point_hash_to_curve_nu (std::string_view hash_fn, std::span< const uint8_t > input, std::span< const uint8_t > domain_sep) const
std::unique_ptr< EC_AffinePoint_Data >	point_hash_to_curve_ro (std::string_view hash_fn, std::span< const uint8_t > input, std::span< const uint8_t > domain_sep) const
std::unique_ptr< EC_Scalar_Data >	scalar_deserialize (std::span< const uint8_t > bytes) const
std::unique_ptr< EC_Scalar_Data >	scalar_from_bigint (const BigInt &bn) const
std::unique_ptr< EC_Scalar_Data >	scalar_from_bytes_mod_order (std::span< const uint8_t > bytes) const
std::unique_ptr< EC_Scalar_Data >	scalar_from_bytes_with_trunc (std::span< const uint8_t > bytes) const
std::unique_ptr< EC_Scalar_Data >	scalar_one () const
std::unique_ptr< EC_Scalar_Data >	scalar_random (RandomNumberGenerator &rng) const
std::unique_ptr< EC_Scalar_Data >	scalar_zero () const
void	set_oid (const OID &oid)
EC_Group_Source	source () const
BigInt	square_mod_order (const BigInt &x) const
	~EC_Group_Data ()

Detailed Description

Definition at line 114 of file ec_inner_data.h.

Constructor & Destructor Documentation

EC_Group_Data()

Botan::EC_Group_Data::EC_Group_Data	(	const BigInt &	p,
		const BigInt &	a,
		const BigInt &	b,
		const BigInt &	g_x,
		const BigInt &	g_y,
		const BigInt &	order,
		const BigInt &	cofactor,
		const OID &	oid,
		EC_Group_Source	source )

Definition at line 19 of file ec_inner_data.cpp.

                                                     :
      m_curve(p, a, b),
      m_base_point(m_curve, g_x, g_y),
      m_g_x(g_x),
      m_g_y(g_y),
      m_order(order),
      m_cofactor(cofactor),
      m_mod_order(order),
      m_oid(oid),
      m_p_bits(p.bits()),
      m_order_bits(order.bits()),
      m_order_bytes((m_order_bits + 7) / 8),
      m_a_is_minus_3(a == p - 3),
      m_a_is_zero(a.is_zero()),
      m_has_cofactor(m_cofactor != 1),
      m_order_is_less_than_p(m_order < p),
      m_source(source) {
   if(!m_oid.empty()) {
      DER_Encoder der(m_der_named_curve);
      der.encode(m_oid);
 
      if(const auto id = PCurve::PrimeOrderCurveId::from_oid(m_oid)) {
         m_pcurve = PCurve::PrimeOrderCurve::from_id(*id);
         // still possibly null, if the curve is supported in general but not
         // available in the build
      }
   }
 
   if(!m_pcurve) {
      m_base_mult = std::make_unique<EC_Point_Base_Point_Precompute>(m_base_point, m_mod_order);
   }
}

References Botan::OID::empty().

~EC_Group_Data()

Botan::EC_Group_Data::~EC_Group_Data ( )

default

Member Function Documentation

a()

const BigInt & Botan::EC_Group_Data::a ( ) const

inline

Definition at line 146 of file ec_inner_data.h.

{ return m_curve.get_a(); }

References Botan::CurveGFp::get_a().

Referenced by params_match().

a_is_minus_3()

bool Botan::EC_Group_Data::a_is_minus_3 ( ) const

inline

Definition at line 174 of file ec_inner_data.h.

{ return m_a_is_minus_3; }

a_is_zero()

bool Botan::EC_Group_Data::a_is_zero ( ) const

inline

Definition at line 176 of file ec_inner_data.h.

{ return m_a_is_zero; }

b()

const BigInt & Botan::EC_Group_Data::b ( ) const

inline

Definition at line 148 of file ec_inner_data.h.

{ return m_curve.get_b(); }

References Botan::CurveGFp::get_b().

Referenced by params_match().

base_point()

const EC_Point & Botan::EC_Group_Data::base_point ( ) const

inline

Definition at line 172 of file ec_inner_data.h.

{ return m_base_point; }

cofactor()

const BigInt & Botan::EC_Group_Data::cofactor ( ) const

inline

Definition at line 152 of file ec_inner_data.h.

{ return m_cofactor; }

Referenced by params_match().

curve()

const CurveGFp & Botan::EC_Group_Data::curve ( ) const

inline

Definition at line 170 of file ec_inner_data.h.

{ return m_curve; }

der_named_curve()

const std::vector< uint8_t > & Botan::EC_Group_Data::der_named_curve ( ) const

inline

Definition at line 142 of file ec_inner_data.h.

{ return m_der_named_curve; }

g_x()

const BigInt & Botan::EC_Group_Data::g_x ( ) const

inline

Definition at line 158 of file ec_inner_data.h.

{ return m_g_x; }

Referenced by params_match().

g_y()

const BigInt & Botan::EC_Group_Data::g_y ( ) const

inline

Definition at line 160 of file ec_inner_data.h.

{ return m_g_y; }

Referenced by params_match().

gk_x_mod_order()

std::unique_ptr< EC_Scalar_Data > Botan::EC_Group_Data::gk_x_mod_order	(	const EC_Scalar_Data &	scalar,
		RandomNumberGenerator &	rng,
		std::vector< BigInt > &	ws ) const

Definition at line 167 of file ec_inner_data.cpp.

                                                                                           {
   if(m_pcurve) {
      const auto& k = EC_Scalar_Data_PC::checked_ref(scalar);
      auto gk_x_mod_order = m_pcurve->base_point_mul_x_mod_order(k.value(), rng);
      return std::make_unique<EC_Scalar_Data_PC>(shared_from_this(), gk_x_mod_order);
   } else {
      const auto& k = EC_Scalar_Data_BN::checked_ref(scalar);
      BOTAN_STATE_CHECK(m_base_mult != nullptr);
      const auto pt = m_base_mult->mul(k.value(), rng, m_order, ws);
 
      if(pt.is_zero()) {
         return scalar_zero();
      } else {
         return std::make_unique<EC_Scalar_Data_BN>(shared_from_this(), mod_order(pt.get_affine_x()));
      }
   }
}

References BOTAN_STATE_CHECK.

has_cofactor()

bool Botan::EC_Group_Data::has_cofactor ( ) const

inline

Definition at line 156 of file ec_inner_data.h.

{ return m_has_cofactor; }

inverse_mod_order()

BigInt Botan::EC_Group_Data::inverse_mod_order ( const BigInt & x ) const

inline

Definition at line 188 of file ec_inner_data.h.

{ return inverse_mod(x, m_order); }

References Botan::inverse_mod().

make_mul2_table()

std::unique_ptr< EC_Mul2Table_Data > Botan::EC_Group_Data::make_mul2_table

(

const EC_AffinePoint_Data &

pt

)

const

Definition at line 265 of file ec_inner_data.cpp.

                                                                                                  {
   if(m_pcurve) {
      EC_AffinePoint_Data_PC g(shared_from_this(), m_pcurve->generator());
      return std::make_unique<EC_Mul2Table_Data_PC>(g, h);
   } else {
      EC_AffinePoint_Data_BN g(shared_from_this(), this->base_point());
      return std::make_unique<EC_Mul2Table_Data_BN>(g, h);
   }
}

mod_order()

BigInt Botan::EC_Group_Data::mod_order ( const BigInt & x ) const

inline

Definition at line 178 of file ec_inner_data.h.

{ return m_mod_order.reduce(x); }

References Botan::Modular_Reducer::reduce().

multiply_mod_order() [1/2]

BigInt Botan::EC_Group_Data::multiply_mod_order ( const BigInt & x, const BigInt & y ) const

inline

Definition at line 182 of file ec_inner_data.h.

{ return m_mod_order.multiply(x, y); }

References Botan::Modular_Reducer::multiply().

multiply_mod_order() [2/2]

BigInt Botan::EC_Group_Data::multiply_mod_order ( const BigInt & x, const BigInt & y, const BigInt & z ) const

inline

Definition at line 184 of file ec_inner_data.h.

                                                                                         {
         return m_mod_order.multiply(m_mod_order.multiply(x, y), z);
      }

References Botan::Modular_Reducer::multiply().

oid()

const OID & Botan::EC_Group_Data::oid ( ) const

inline

Definition at line 140 of file ec_inner_data.h.

{ return m_oid; }

order()

const BigInt & Botan::EC_Group_Data::order ( ) const

inline

Definition at line 150 of file ec_inner_data.h.

{ return m_order; }

Referenced by params_match().

order_bits()

size_t Botan::EC_Group_Data::order_bits ( ) const

inline

Definition at line 166 of file ec_inner_data.h.

{ return m_order_bits; }

order_bytes()

size_t Botan::EC_Group_Data::order_bytes ( ) const

inline

Definition at line 168 of file ec_inner_data.h.

{ return m_order_bytes; }

order_is_less_than_p()

bool Botan::EC_Group_Data::order_is_less_than_p ( ) const

inline

Definition at line 154 of file ec_inner_data.h.

{ return m_order_is_less_than_p; }

p()

const BigInt & Botan::EC_Group_Data::p ( ) const

inline

Definition at line 144 of file ec_inner_data.h.

{ return m_curve.get_p(); }

References Botan::CurveGFp::get_p().

Referenced by params_match().

p_bits()

size_t Botan::EC_Group_Data::p_bits ( ) const

inline

Definition at line 162 of file ec_inner_data.h.

{ return m_p_bits; }

p_bytes()

size_t Botan::EC_Group_Data::p_bytes ( ) const

inline

Definition at line 164 of file ec_inner_data.h.

{ return (m_p_bits + 7) / 8; }

params_match() [1/2]

bool Botan::EC_Group_Data::params_match	(	const BigInt &	p,
		const BigInt &	a,
		const BigInt &	b,
		const BigInt &	g_x,
		const BigInt &	g_y,
		const BigInt &	order,
		const BigInt &	cofactor ) const

Definition at line 60 of file ec_inner_data.cpp.

                                                               {
   return (this->p() == p && this->a() == a && this->b() == b && this->order() == order &&
           this->cofactor() == cofactor && this->g_x() == g_x && this->g_y() == g_y);
}

References Botan::b.

params_match() [2/2]

bool Botan::EC_Group_Data::params_match

(

const EC_Group_Data &

other

)

const

Definition at line 71 of file ec_inner_data.cpp.

                                                                 {
   return params_match(other.p(), other.a(), other.b(), other.g_x(), other.g_y(), other.order(), other.cofactor());
}

References a(), b(), cofactor(), g_x(), g_y(), order(), and p().

pcurve()

const PCurve::PrimeOrderCurve & Botan::EC_Group_Data::pcurve ( ) const

inline

Definition at line 251 of file ec_inner_data.h.

                                                  {
         BOTAN_ASSERT_NONNULL(m_pcurve);
         return *m_pcurve;
      }

References BOTAN_ASSERT_NONNULL.

point_deserialize()

std::unique_ptr< EC_AffinePoint_Data > Botan::EC_Group_Data::point_deserialize

(

std::span< const uint8_t >

bytes

)

const

Deserialize a point

Returns nullptr if the point encoding was invalid or not on the curve

Definition at line 209 of file ec_inner_data.cpp.

                                                                                                      {
   try {
      if(m_pcurve) {
         if(auto pt = m_pcurve->deserialize_point(bytes)) {
            return std::make_unique<EC_AffinePoint_Data_PC>(shared_from_this(), std::move(*pt));
         } else {
            return nullptr;
         }
      } else {
         auto pt = Botan::OS2ECP(bytes.data(), bytes.size(), curve());
         return std::make_unique<EC_AffinePoint_Data_BN>(shared_from_this(), std::move(pt));
      }
   } catch(...) {
      return nullptr;
   }
}

References Botan::OS2ECP().

point_g_mul()

std::unique_ptr< EC_AffinePoint_Data > Botan::EC_Group_Data::point_g_mul	(	const EC_Scalar_Data &	scalar,
		RandomNumberGenerator &	rng,
		std::vector< BigInt > &	ws ) const

Definition at line 248 of file ec_inner_data.cpp.

                                                                                             {
   if(m_pcurve) {
      const auto& k = EC_Scalar_Data_PC::checked_ref(scalar);
      auto pt = m_pcurve->mul_by_g(k.value(), rng).to_affine();
      return std::make_unique<EC_AffinePoint_Data_PC>(shared_from_this(), std::move(pt));
   } else {
      const auto& group = scalar.group();
      const auto& bn = EC_Scalar_Data_BN::checked_ref(scalar);
 
      BOTAN_STATE_CHECK(group->m_base_mult != nullptr);
      auto pt = group->m_base_mult->mul(bn.value(), rng, m_order, ws);
      return std::make_unique<EC_AffinePoint_Data_BN>(shared_from_this(), std::move(pt));
   }
}

References BOTAN_STATE_CHECK, and Botan::EC_Scalar_Data::group().

point_hash_to_curve_nu()

std::unique_ptr< EC_AffinePoint_Data > Botan::EC_Group_Data::point_hash_to_curve_nu	(	std::string_view	hash_fn,
		std::span< const uint8_t >	input,
		std::span< const uint8_t >	domain_sep ) const

Definition at line 237 of file ec_inner_data.cpp.

                                                                                                                    {
   if(m_pcurve) {
      auto pt = m_pcurve->hash_to_curve_nu(hash_fn, input, domain_sep);
      return std::make_unique<EC_AffinePoint_Data_PC>(shared_from_this(), std::move(pt));
   } else {
      throw Not_Implemented("Hash to curve is not implemented for this curve");
   }
}

point_hash_to_curve_ro()

std::unique_ptr< EC_AffinePoint_Data > Botan::EC_Group_Data::point_hash_to_curve_ro	(	std::string_view	hash_fn,
		std::span< const uint8_t >	input,
		std::span< const uint8_t >	domain_sep ) const

Definition at line 226 of file ec_inner_data.cpp.

                                                                                                                    {
   if(m_pcurve) {
      auto pt = m_pcurve->hash_to_curve_ro(hash_fn, input, domain_sep);
      return std::make_unique<EC_AffinePoint_Data_PC>(shared_from_this(), pt.to_affine());
   } else {
      throw Not_Implemented("Hash to curve is not implemented for this curve");
   }
}

scalar_deserialize()

std::unique_ptr< EC_Scalar_Data > Botan::EC_Group_Data::scalar_deserialize

(

std::span< const uint8_t >

bytes

)

const

Scalar from bytes

This returns a value only if the bytes represent (in big-endian encoding) an integer that is less than n, where n is the group order. It requires that the fixed length encoding (with zero prefix) be used. It also rejects inputs that encode zero. Thus the accepted range is [1,n)

If the input is rejected then nullptr is returned

Definition at line 187 of file ec_inner_data.cpp.

                                                                                                  {
   if(bytes.size() != m_order_bytes) {
      return nullptr;
   }
 
   if(m_pcurve) {
      if(auto s = m_pcurve->deserialize_scalar(bytes)) {
         return std::make_unique<EC_Scalar_Data_PC>(shared_from_this(), *s);
      } else {
         return nullptr;
      }
   } else {
      BigInt r(bytes);
 
      if(r.is_zero() || r >= m_order) {
         return nullptr;
      }
 
      return std::make_unique<EC_Scalar_Data_BN>(shared_from_this(), std::move(r));
   }
}

References Botan::BigInt::is_zero().

scalar_from_bigint()

std::unique_ptr< EC_Scalar_Data > Botan::EC_Group_Data::scalar_from_bigint

(

const BigInt &

bn

)

const

Scalar from BigInt

This returns a value only if bn is in [1,n) where n is the group order. Otherwise it returns nullptr

Definition at line 155 of file ec_inner_data.cpp.

                                                                                      {
   if(bn <= 0 || bn >= m_order) {
      return {};
   }
 
   if(m_pcurve) {
      return this->scalar_deserialize(bn.serialize(m_order_bytes));
   } else {
      return std::make_unique<EC_Scalar_Data_BN>(shared_from_this(), bn);
   }
}

References Botan::BigInt::serialize().

scalar_from_bytes_mod_order()

std::unique_ptr< EC_Scalar_Data > Botan::EC_Group_Data::scalar_from_bytes_mod_order

(

std::span< const uint8_t >

bytes

)

const

Scalar from bytes with modular reduction

This returns a value only if bytes represents (in big-endian encoding) an integer that is at most the square of the scalar group size. Otherwise it returns nullptr.

Definition at line 114 of file ec_inner_data.cpp.

                                                                                                           {
   if(bytes.size() >= 2 * order_bytes()) {
      return {};
   }
 
   if(m_pcurve) {
      if(auto s = m_pcurve->scalar_from_wide_bytes(bytes)) {
         return std::make_unique<EC_Scalar_Data_PC>(shared_from_this(), std::move(*s));
      } else {
         return {};
      }
   } else {
      return std::make_unique<EC_Scalar_Data_BN>(shared_from_this(), mod_order(BigInt(bytes)));
   }
}

scalar_from_bytes_with_trunc()

std::unique_ptr< EC_Scalar_Data > Botan::EC_Group_Data::scalar_from_bytes_with_trunc

(

std::span< const uint8_t >

bytes

)

const

Scalar from bytes with ECDSA style trunction

This should always succeed

Definition at line 84 of file ec_inner_data.cpp.

                                                                                                            {
   const size_t bit_length = 8 * bytes.size();
 
   if(bit_length < order_bits()) {
      // No shifting required, but might still need to reduce by modulus
      return this->scalar_from_bytes_mod_order(bytes);
   } else {
      const size_t shift = bit_length - order_bits();
 
      const size_t new_length = bytes.size() - (shift / 8);
      const size_t bit_shift = shift % 8;
 
      if(bit_shift == 0) {
         // Easy case just read different bytes
         return this->scalar_from_bytes_mod_order(bytes.first(new_length));
      } else {
         std::vector<uint8_t> sbytes(new_length);
 
         uint8_t carry = 0;
         for(size_t i = 0; i != new_length; ++i) {
            const uint8_t w = bytes[i];
            sbytes[i] = (w >> bit_shift) | carry;
            carry = w << (8 - bit_shift);
         }
 
         return this->scalar_from_bytes_mod_order(sbytes);
      }
   }
}

References Botan::carry().

scalar_one()

std::unique_ptr< EC_Scalar_Data > Botan::EC_Group_Data::scalar_one

(

)

const

Definition at line 147 of file ec_inner_data.cpp.

                                                              {
   if(m_pcurve) {
      return std::make_unique<EC_Scalar_Data_PC>(shared_from_this(), m_pcurve->scalar_one());
   } else {
      return std::make_unique<EC_Scalar_Data_BN>(shared_from_this(), BigInt::one());
   }
}

scalar_random()

std::unique_ptr< EC_Scalar_Data > Botan::EC_Group_Data::scalar_random

(

RandomNumberGenerator &

rng

)

const

Return a random scalar

This will be in the range [1,n) where n is the group order

Definition at line 130 of file ec_inner_data.cpp.

                                                                                           {
   if(m_pcurve) {
      return std::make_unique<EC_Scalar_Data_PC>(shared_from_this(), m_pcurve->random_scalar(rng));
   } else {
      return std::make_unique<EC_Scalar_Data_BN>(shared_from_this(),
                                                 BigInt::random_integer(rng, BigInt::one(), m_order));
   }
}

scalar_zero()

std::unique_ptr< EC_Scalar_Data > Botan::EC_Group_Data::scalar_zero

(

)

const

Definition at line 139 of file ec_inner_data.cpp.

                                                               {
   if(m_pcurve) {
      return std::make_unique<EC_Scalar_Data_PC>(shared_from_this(), m_pcurve->scalar_zero());
   } else {
      return std::make_unique<EC_Scalar_Data_BN>(shared_from_this(), BigInt::zero());
   }
}

set_oid()

void Botan::EC_Group_Data::set_oid

(

const OID &

oid

)

Definition at line 75 of file ec_inner_data.cpp.

                                          {
   BOTAN_ARG_CHECK(!oid.empty(), "OID should be set");
   BOTAN_STATE_CHECK(m_oid.empty() && m_der_named_curve.empty());
   m_oid = oid;
 
   DER_Encoder der(m_der_named_curve);
   der.encode(m_oid);
}

References BOTAN_ARG_CHECK, BOTAN_STATE_CHECK, Botan::OID::empty(), and Botan::DER_Encoder::encode().

source()

EC_Group_Source Botan::EC_Group_Data::source ( ) const

inline

Definition at line 190 of file ec_inner_data.h.

{ return m_source; }

square_mod_order()

BigInt Botan::EC_Group_Data::square_mod_order ( const BigInt & x ) const

inline

Definition at line 180 of file ec_inner_data.h.

{ return m_mod_order.square(x); }

References Botan::Modular_Reducer::square().

---

The documentation for this class was generated from the following files:

• src/lib/pubkey/ec_group/ec_inner_data.h
• src/lib/pubkey/ec_group/ec_inner_data.cpp