Botan 3.11.0
Crypto and TLS for C&
Public Member Functions | Static Public Member Functions | List of all members
Botan::EC_Group_Data Class Referencefinal

#include <ec_inner_data.h>

Inheritance diagram for Botan::EC_Group_Data:

Public Member Functions

const BigInta () const
bool a_is_minus_3 () const
bool a_is_zero () const
std::unique_ptr< EC_AffinePoint_Dataaffine_add (const EC_AffinePoint_Data &p, const EC_AffinePoint_Data &q) const
std::unique_ptr< EC_AffinePoint_Dataaffine_neg (const EC_AffinePoint_Data &p) const
const BigIntb () const
const BigIntcofactor () const
const std::vector< uint8_t > & der_named_curve () const
 EC_Group_Data (const BigInt &p, const BigInt &a, const BigInt &b, const BigInt &g_x, const BigInt &g_y, const BigInt &order, const BigInt &cofactor, const OID &oid, EC_Group_Source source)
 EC_Group_Data (const EC_Group_Data &other)=delete
 EC_Group_Data (EC_Group_Data &&other)=delete
EC_Group_Engine engine () const
const BigIntg_x () const
const BigIntg_y () const
std::unique_ptr< EC_Scalar_Datagk_x_mod_order (const EC_Scalar_Data &scalar, RandomNumberGenerator &rng) const
bool has_cofactor () const
std::unique_ptr< EC_Mul2Table_Datamake_mul2_table (const EC_AffinePoint_Data &pt) const
std::unique_ptr< EC_AffinePoint_Datamul_px_qy (const EC_AffinePoint_Data &p, const EC_Scalar_Data &x, const EC_AffinePoint_Data &q, const EC_Scalar_Data &y, RandomNumberGenerator &rng) const
const OIDoid () const
EC_Group_Dataoperator= (const EC_Group_Data &other)=delete
EC_Group_Dataoperator= (EC_Group_Data &&other)=delete
const BigIntorder () const
size_t order_bits () const
size_t order_bytes () const
bool order_is_less_than_p () const
const BigIntp () const
size_t p_bits () const
size_t p_bytes () const
size_t p_words () const
bool params_match (const BigInt &p, const BigInt &a, const BigInt &b, const BigInt &g_x, const BigInt &g_y, const BigInt &order, const BigInt &cofactor) const
bool params_match (const BigInt &p, const BigInt &a, const BigInt &b, std::span< const uint8_t > base_pt, const BigInt &order, const BigInt &cofactor) const
bool params_match (const EC_Group_Data &other) const
const PCurve::PrimeOrderCurvepcurve () const
std::unique_ptr< EC_AffinePoint_Datapoint_deserialize (std::span< const uint8_t > bytes) const
std::unique_ptr< EC_AffinePoint_Datapoint_g_mul (const EC_Scalar_Data &scalar, RandomNumberGenerator &rng) const
std::unique_ptr< EC_AffinePoint_Datapoint_hash_to_curve_nu (std::string_view hash_fn, std::span< const uint8_t > input, std::span< const uint8_t > domain_sep) const
std::unique_ptr< EC_AffinePoint_Datapoint_hash_to_curve_ro (std::string_view hash_fn, std::span< const uint8_t > input, std::span< const uint8_t > domain_sep) const
std::unique_ptr< EC_Scalar_Datascalar_deserialize (std::span< const uint8_t > bytes) const
std::unique_ptr< EC_Scalar_Datascalar_from_bigint (const BigInt &bn) const
std::unique_ptr< EC_Scalar_Datascalar_from_bytes_mod_order (std::span< const uint8_t > bytes) const
std::unique_ptr< EC_Scalar_Datascalar_from_bytes_with_trunc (std::span< const uint8_t > bytes) const
std::unique_ptr< EC_Scalar_Datascalar_one () const
std::unique_ptr< EC_Scalar_Datascalar_random (RandomNumberGenerator &rng) const
void set_oid (const OID &oid)
EC_Group_Source source () const
 ~EC_Group_Data ()

Static Public Member Functions

static std::shared_ptr< EC_Group_Datacreate (const BigInt &p, const BigInt &a, const BigInt &b, const BigInt &g_x, const BigInt &g_y, const BigInt &order, const BigInt &cofactor, const OID &oid, EC_Group_Source source)

Detailed Description

Definition at line 126 of file ec_inner_data.h.

Constructor & Destructor Documentation

◆ ~EC_Group_Data()

Botan::EC_Group_Data::~EC_Group_Data ( )
default

◆ EC_Group_Data() [1/3]

Botan::EC_Group_Data::EC_Group_Data ( const EC_Group_Data & other)
delete

References EC_Group_Data().

Referenced by EC_Group_Data(), EC_Group_Data(), operator=(), operator=(), and params_match().

◆ EC_Group_Data() [2/3]

Botan::EC_Group_Data::EC_Group_Data ( EC_Group_Data && other)
delete

References EC_Group_Data().

◆ EC_Group_Data() [3/3]

Botan::EC_Group_Data::EC_Group_Data ( const BigInt & p,
const BigInt & a,
const BigInt & b,
const BigInt & g_x,
const BigInt & g_y,
const BigInt & order,
const BigInt & cofactor,
const OID & oid,
EC_Group_Source source )

Note this constructor should only be called by EC_Group_Data::create.

It is only public to allow use of std::make_shared

Definition at line 29 of file ec_inner_data.cpp.

37 :
38 m_p(p),
39 m_a(a),
40 m_b(b),
41 m_g_x(g_x),
42 m_g_y(g_y),
43 m_order(order),
44 m_cofactor(cofactor),
45#if defined(BOTAN_HAS_LEGACY_EC_POINT)
46 m_mod_field(Barrett_Reduction::for_public_modulus(p)),
47 m_mod_order(Barrett_Reduction::for_public_modulus(order)),
48 m_monty(m_p, m_mod_field),
49#endif
50 m_oid(oid),
51 m_p_words(p.sig_words()),
52 m_p_bits(p.bits()),
53 m_order_bits(order.bits()),
54 m_order_bytes((m_order_bits + 7) / 8),
55 m_a_is_minus_3(a == p - 3),
56 m_a_is_zero(a.is_zero()),
57 m_has_cofactor(m_cofactor != 1),
58 m_order_is_less_than_p(m_order < p),
59 m_source(source) {
60 // TODO(Botan4) we can assume/assert the OID is set
61 if(!m_oid.empty()) {
62 DER_Encoder der(m_der_named_curve);
63 der.encode(m_oid);
64
65 const std::string name = m_oid.human_name_or_empty();
66 if(!name.empty()) {
67 // returns nullptr if unknown or not supported
68 m_pcurve = PCurve::PrimeOrderCurve::for_named_curve(name);
69 }
70 if(m_pcurve) {
71 m_engine = EC_Group_Engine::Optimized;
72 }
73 }
74
75 // Try a generic pcurves instance
76 if(!m_pcurve && !m_has_cofactor) {
77 m_pcurve = PCurve::PrimeOrderCurve::from_params(p, a, b, g_x, g_y, order);
78 if(m_pcurve) {
79 m_engine = EC_Group_Engine::Generic;
80 }
81 // possibly still null here, if parameters unsuitable or if the
82 // pcurves_generic module wasn't included in the build
83 }
84
85#if defined(BOTAN_HAS_LEGACY_EC_POINT)
86 secure_vector<word> ws;
87 m_a_r = m_monty.mul(a, m_monty.R2(), ws);
88 m_b_r = m_monty.mul(b, m_monty.R2(), ws);
89 if(!m_pcurve) {
90 m_engine = EC_Group_Engine::Legacy;
91 }
92#else
93 if(!m_pcurve) {
94 if(m_oid.empty()) {
95 throw Not_Implemented("EC_Group this group is not supported in this build configuration");
96 } else {
97 throw Not_Implemented(
98 fmt("EC_Group the group {} is not supported in this build configuration", oid.to_string()));
99 }
100 }
101#endif
102}
Botan::Barrett_Reduction::for_public_modulus
static Barrett_Reduction for_public_modulus(const BigInt &m)
Definition barrett.cpp:34
Botan::EC_Group_Data::p
const BigInt & p() const
Definition ec_inner_data.h:169
Botan::EC_Group_Data::g_x
const BigInt & g_x() const
Definition ec_inner_data.h:197
Botan::EC_Group_Data::a
const BigInt & a() const
Definition ec_inner_data.h:171
Botan::EC_Group_Data::oid
const OID & oid() const
Definition ec_inner_data.h:165
Botan::EC_Group_Data::cofactor
const BigInt & cofactor() const
Definition ec_inner_data.h:177
Botan::EC_Group_Data::source
EC_Group_Source source() const
Definition ec_inner_data.h:215
Botan::EC_Group_Data::g_y
const BigInt & g_y() const
Definition ec_inner_data.h:199
Botan::EC_Group_Data::b
const BigInt & b() const
Definition ec_inner_data.h:173
Botan::EC_Group_Data::order
const BigInt & order() const
Definition ec_inner_data.h:175
Botan::PCurve::PrimeOrderCurve::from_params
static std::shared_ptr< const PrimeOrderCurve > from_params(const BigInt &p, const BigInt &a, const BigInt &b, const BigInt &base_x, const BigInt &base_y, const BigInt &order)
Definition pcurves.cpp:20
Botan::PCurve::PrimeOrderCurve::for_named_curve
static std::shared_ptr< const PrimeOrderCurve > for_named_curve(std::string_view name)
Definition pcurves.cpp:31
Botan::fmt
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53
Botan::EC_Group_Engine::Optimized
@ Optimized
Using per curve implementation; fastest available.
Definition ec_group.h:50
Botan::EC_Group_Engine::Generic
@ Generic
A generic implementation that handles many curves in one implementation.
Definition ec_group.h:52
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:68

References a(), b(), BOTAN_HAS_LEGACY_EC_POINT, cofactor(), g_x(), g_y(), oid(), order(), p(), and source().

Member Function Documentation

◆ a()

const BigInt & Botan::EC_Group_Data::a ( ) const
inline

Definition at line 171 of file ec_inner_data.h.

171{ return m_a; }

Referenced by create(), EC_Group_Data(), operator=(), params_match(), params_match(), and params_match().

◆ a_is_minus_3()

bool Botan::EC_Group_Data::a_is_minus_3 ( ) const
inline

Definition at line 211 of file ec_inner_data.h.

211{ return m_a_is_minus_3; }

◆ a_is_zero()

bool Botan::EC_Group_Data::a_is_zero ( ) const
inline

Definition at line 213 of file ec_inner_data.h.

213{ return m_a_is_zero; }

◆ affine_add()

std::unique_ptr< EC_AffinePoint_Data > Botan::EC_Group_Data::affine_add ( const EC_AffinePoint_Data & p,
const EC_AffinePoint_Data & q ) const

Definition at line 522 of file ec_inner_data.cpp.

523 {
524 if(m_pcurve) {
525 auto pt = m_pcurve->point_add(EC_AffinePoint_Data_PC::checked_ref(p).value(),
526 EC_AffinePoint_Data_PC::checked_ref(q).value());
527
528 return std::make_unique<EC_AffinePoint_Data_PC>(shared_from_this(), m_pcurve->point_to_affine(pt));
529 } else {
530#if defined(BOTAN_HAS_LEGACY_EC_POINT)
531 auto pt = p.to_legacy_point() + q.to_legacy_point();
532 return std::make_unique<EC_AffinePoint_Data_BN>(shared_from_this(), std::move(pt));
533#else
534 throw Not_Implemented("Legacy EC interfaces disabled in this build configuration");
535#endif
536 }
537}
Botan::EC_AffinePoint_Data_PC::checked_ref
static const EC_AffinePoint_Data_PC & checked_ref(const EC_AffinePoint_Data &data)
Definition ec_inner_pc.cpp:97

References affine_add(), Botan::EC_AffinePoint_Data_PC::checked_ref(), and p().

Referenced by affine_add().

◆ affine_neg()

std::unique_ptr< EC_AffinePoint_Data > Botan::EC_Group_Data::affine_neg ( const EC_AffinePoint_Data & p) const

Definition at line 539 of file ec_inner_data.cpp.

539 {
540 if(m_pcurve) {
541 auto pt = m_pcurve->point_negate(EC_AffinePoint_Data_PC::checked_ref(p).value());
542 return std::make_unique<EC_AffinePoint_Data_PC>(shared_from_this(), pt);
543 } else {
544#if defined(BOTAN_HAS_LEGACY_EC_POINT)
545 auto pt = p.to_legacy_point();
546 pt.negate(); // negates in place
547 return std::make_unique<EC_AffinePoint_Data_BN>(shared_from_this(), std::move(pt));
548#else
549 throw Not_Implemented("Legacy EC interfaces disabled in this build configuration");
550#endif
551 }
552}

References affine_neg(), Botan::EC_AffinePoint_Data_PC::checked_ref(), and p().

Referenced by affine_neg().

◆ b()

const BigInt & Botan::EC_Group_Data::b ( ) const
inline

Definition at line 173 of file ec_inner_data.h.

173{ return m_b; }

Referenced by create(), EC_Group_Data(), operator=(), params_match(), params_match(), and params_match().

◆ cofactor()

const BigInt & Botan::EC_Group_Data::cofactor ( ) const
inline

Definition at line 177 of file ec_inner_data.h.

177{ return m_cofactor; }

Referenced by create(), EC_Group_Data(), operator=(), params_match(), params_match(), and params_match().

◆ create()

std::shared_ptr< EC_Group_Data > Botan::EC_Group_Data::create ( const BigInt & p,
const BigInt & a,
const BigInt & b,
const BigInt & g_x,
const BigInt & g_y,
const BigInt & order,
const BigInt & cofactor,
const OID & oid,
EC_Group_Source source )
static

Definition at line 104 of file ec_inner_data.cpp.

112 {
113 auto group = std::make_shared<EC_Group_Data>(p, a, b, g_x, g_y, order, cofactor, oid, source);
114
115#if defined(BOTAN_HAS_LEGACY_EC_POINT)
116 group->m_curve = CurveGFp(group.get());
117 group->m_base_point = EC_Point(group->m_curve, g_x, g_y);
118 if(!group->m_pcurve) {
119 group->m_base_mult = std::make_unique<EC_Point_Base_Point_Precompute>(group->m_base_point, group->m_mod_order);
120 }
121#endif
122
123 return group;
124}

References a(), b(), cofactor(), create(), g_x(), g_y(), oid(), order(), p(), and source().

Referenced by create().

◆ der_named_curve()

const std::vector< uint8_t > & Botan::EC_Group_Data::der_named_curve ( ) const
inline

Definition at line 167 of file ec_inner_data.h.

167{ return m_der_named_curve; }

◆ engine()

EC_Group_Engine Botan::EC_Group_Data::engine ( ) const
inline

Definition at line 217 of file ec_inner_data.h.

217{ return m_engine; }

◆ g_x()

const BigInt & Botan::EC_Group_Data::g_x ( ) const
inline

Definition at line 197 of file ec_inner_data.h.

197{ return m_g_x; }

Referenced by create(), EC_Group_Data(), operator=(), params_match(), params_match(), and params_match().

◆ g_y()

const BigInt & Botan::EC_Group_Data::g_y ( ) const
inline

Definition at line 199 of file ec_inner_data.h.

199{ return m_g_y; }

Referenced by create(), EC_Group_Data(), operator=(), params_match(), params_match(), and params_match().

◆ gk_x_mod_order()

std::unique_ptr< EC_Scalar_Data > Botan::EC_Group_Data::gk_x_mod_order ( const EC_Scalar_Data & scalar,
RandomNumberGenerator & rng ) const

Definition at line 325 of file ec_inner_data.cpp.

326 {
327 if(m_pcurve) {
328 const auto& k = EC_Scalar_Data_PC::checked_ref(scalar);
329 auto gk_x_mod_order = m_pcurve->base_point_mul_x_mod_order(k.value(), rng);
330 return std::make_unique<EC_Scalar_Data_PC>(shared_from_this(), gk_x_mod_order);
331 } else {
332#if defined(BOTAN_HAS_LEGACY_EC_POINT)
333 const auto& k = EC_Scalar_Data_BN::checked_ref(scalar);
334 BOTAN_STATE_CHECK(m_base_mult != nullptr);
335 std::vector<BigInt> ws;
336 const auto pt = m_base_mult->mul(k.value(), rng, m_order, ws);
337
338 if(pt.is_zero()) {
339 return std::make_unique<EC_Scalar_Data_BN>(shared_from_this(), BigInt::zero());
340 } else {
341 return std::make_unique<EC_Scalar_Data_BN>(shared_from_this(), m_mod_order.reduce(pt.get_affine_x()));
342 }
343#else
344 throw Not_Implemented("Legacy EC interfaces disabled in this build configuration");
345#endif
346 }
347}
BOTAN_STATE_CHECK
#define BOTAN_STATE_CHECK(expr)
Definition assert.h:49
Botan::BigInt::zero
static BigInt zero()
Definition bigint.h:50
Botan::EC_Group_Data::gk_x_mod_order
std::unique_ptr< EC_Scalar_Data > gk_x_mod_order(const EC_Scalar_Data &scalar, RandomNumberGenerator &rng) const
Definition ec_inner_data.cpp:325
Botan::EC_Scalar_Data_BN::checked_ref
static const EC_Scalar_Data_BN & checked_ref(const EC_Scalar_Data &data)
Definition ec_inner_bn.cpp:15
Botan::EC_Scalar_Data_PC::checked_ref
static const EC_Scalar_Data_PC & checked_ref(const EC_Scalar_Data &data)
Definition ec_inner_pc.cpp:14

References BOTAN_STATE_CHECK, Botan::EC_Scalar_Data_BN::checked_ref(), Botan::EC_Scalar_Data_PC::checked_ref(), gk_x_mod_order(), and Botan::BigInt::zero().

Referenced by gk_x_mod_order().

◆ has_cofactor()

bool Botan::EC_Group_Data::has_cofactor ( ) const
inline

Definition at line 195 of file ec_inner_data.h.

195{ return m_has_cofactor; }

◆ make_mul2_table()

std::unique_ptr< EC_Mul2Table_Data > Botan::EC_Group_Data::make_mul2_table ( const EC_AffinePoint_Data & pt) const

Definition at line 554 of file ec_inner_data.cpp.

554 {
555 if(m_pcurve) {
556 return std::make_unique<EC_Mul2Table_Data_PC>(h);
557 } else {
558#if defined(BOTAN_HAS_LEGACY_EC_POINT)
559 const EC_AffinePoint_Data_BN g(shared_from_this(), this->base_point());
560 return std::make_unique<EC_Mul2Table_Data_BN>(g, h);
561#else
562 throw Not_Implemented("Legacy EC interfaces disabled in this build configuration");
563#endif
564 }
565}

References make_mul2_table().

Referenced by make_mul2_table().

◆ mul_px_qy()

std::unique_ptr< EC_AffinePoint_Data > Botan::EC_Group_Data::mul_px_qy ( const EC_AffinePoint_Data & p,
const EC_Scalar_Data & x,
const EC_AffinePoint_Data & q,
const EC_Scalar_Data & y,
RandomNumberGenerator & rng ) const

Definition at line 477 of file ec_inner_data.cpp.

481 {
482 if(m_pcurve) {
483 auto pt = m_pcurve->mul_px_qy(EC_AffinePoint_Data_PC::checked_ref(p).value(),
484 EC_Scalar_Data_PC::checked_ref(x).value(),
485 EC_AffinePoint_Data_PC::checked_ref(q).value(),
486 EC_Scalar_Data_PC::checked_ref(y).value(),
487 rng);
488
489 if(pt) {
490 return std::make_unique<EC_AffinePoint_Data_PC>(shared_from_this(), m_pcurve->point_to_affine(*pt));
491 } else {
492 return nullptr;
493 }
494 } else {
495#if defined(BOTAN_HAS_LEGACY_EC_POINT)
496 std::vector<BigInt> ws;
497 const auto& group = p.group();
498
499 // TODO this could be better!
500 const EC_Point_Var_Point_Precompute p_mul(p.to_legacy_point(), rng, ws);
501 const EC_Point_Var_Point_Precompute q_mul(q.to_legacy_point(), rng, ws);
502
503 const auto order = group->order() * group->cofactor(); // See #3800
504
505 auto px = p_mul.mul(EC_Scalar_Data_BN::checked_ref(x).value(), rng, order, ws);
506 auto qy = q_mul.mul(EC_Scalar_Data_BN::checked_ref(y).value(), rng, order, ws);
507
508 auto px_qy = px + qy;
509
510 if(!px_qy.is_zero()) {
511 px_qy.force_affine();
512 return std::make_unique<EC_AffinePoint_Data_BN>(shared_from_this(), std::move(px_qy));
513 } else {
514 return nullptr;
515 }
516#else
517 throw Not_Implemented("Legacy EC interfaces disabled in this build configuration");
518#endif
519 }
520}

References Botan::EC_AffinePoint_Data_PC::checked_ref(), Botan::EC_Scalar_Data_BN::checked_ref(), Botan::EC_Scalar_Data_PC::checked_ref(), Botan::EC_Point_Var_Point_Precompute::mul(), mul_px_qy(), order(), and p().

Referenced by mul_px_qy().

◆ oid()

const OID & Botan::EC_Group_Data::oid ( ) const
inline

Definition at line 165 of file ec_inner_data.h.

165{ return m_oid; }

Referenced by create(), EC_Group_Data(), operator=(), and set_oid().

◆ operator=() [1/2]

EC_Group_Data & Botan::EC_Group_Data::operator= ( const EC_Group_Data & other)
delete

References EC_Group_Data().

◆ operator=() [2/2]

EC_Group_Data & Botan::EC_Group_Data::operator= ( EC_Group_Data && other)
delete

References a(), b(), cofactor(), EC_Group_Data(), g_x(), g_y(), oid(), order(), and p().

◆ order()

const BigInt & Botan::EC_Group_Data::order ( ) const
inline

Definition at line 175 of file ec_inner_data.h.

175{ return m_order; }

Referenced by create(), EC_Group_Data(), mul_px_qy(), operator=(), params_match(), params_match(), and params_match().

◆ order_bits()

size_t Botan::EC_Group_Data::order_bits ( ) const
inline

Definition at line 207 of file ec_inner_data.h.

207{ return m_order_bits; }

Referenced by scalar_from_bytes_with_trunc().

◆ order_bytes()

size_t Botan::EC_Group_Data::order_bytes ( ) const
inline

Definition at line 209 of file ec_inner_data.h.

209{ return m_order_bytes; }

Referenced by scalar_from_bytes_mod_order().

◆ order_is_less_than_p()

bool Botan::EC_Group_Data::order_is_less_than_p ( ) const
inline

Definition at line 193 of file ec_inner_data.h.

193{ return m_order_is_less_than_p; }

◆ p()

const BigInt & Botan::EC_Group_Data::p ( ) const
inline

Definition at line 169 of file ec_inner_data.h.

169{ return m_p; }

Referenced by affine_add(), affine_neg(), create(), EC_Group_Data(), mul_px_qy(), operator=(), params_match(), params_match(), and params_match().

◆ p_bits()

size_t Botan::EC_Group_Data::p_bits ( ) const
inline

Definition at line 203 of file ec_inner_data.h.

203{ return m_p_bits; }

◆ p_bytes()

size_t Botan::EC_Group_Data::p_bytes ( ) const
inline

Definition at line 205 of file ec_inner_data.h.

205{ return (m_p_bits + 7) / 8; }

Referenced by params_match().

◆ p_words()

size_t Botan::EC_Group_Data::p_words ( ) const
inline

Definition at line 201 of file ec_inner_data.h.

201{ return m_p_words; }

◆ params_match() [1/3]

bool Botan::EC_Group_Data::params_match ( const BigInt & p,
const BigInt & a,
const BigInt & b,
const BigInt & g_x,
const BigInt & g_y,
const BigInt & order,
const BigInt & cofactor ) const

Definition at line 126 of file ec_inner_data.cpp.

132 {
133 if(p != this->p()) {
134 return false;
135 }
136 if(a != this->a()) {
137 return false;
138 }
139 if(b != this->b()) {
140 return false;
141 }
142 if(order != this->order()) {
143 return false;
144 }
145 if(cofactor != this->cofactor()) {
146 return false;
147 }
148 if(g_x != this->g_x()) {
149 return false;
150 }
151 if(g_y != this->g_y()) {
152 return false;
153 }
154
155 return true;
156}

References a(), b(), cofactor(), g_x(), g_y(), order(), p(), and params_match().

Referenced by params_match(), params_match(), and params_match().

◆ params_match() [2/3]

bool Botan::EC_Group_Data::params_match ( const BigInt & p,
const BigInt & a,
const BigInt & b,
std::span< const uint8_t > base_pt,
const BigInt & order,
const BigInt & cofactor ) const

Definition at line 158 of file ec_inner_data.cpp.

163 {
164 if(p != this->p()) {
165 return false;
166 }
167 if(a != this->a()) {
168 return false;
169 }
170 if(b != this->b()) {
171 return false;
172 }
173 if(order != this->order()) {
174 return false;
175 }
176 if(cofactor != this->cofactor()) {
177 return false;
178 }
179
180 const size_t field_len = this->p_bytes();
181
182 if(base_pt.size() == 1 + field_len && (base_pt[0] == 0x02 || base_pt[0] == 0x03)) {
183 // compressed
184
185 const auto g_x = m_g_x.serialize(field_len);
186 const auto g_y = m_g_y.is_odd();
187
188 const auto sec1_x = base_pt.subspan(1, field_len);
189 const bool sec1_y = (base_pt[0] == 0x03);
190
191 if(!std::ranges::equal(sec1_x, g_x)) {
192 return false;
193 }
194
195 if(sec1_y != g_y) {
196 return false;
197 }
198
199 return true;
200 } else if(base_pt.size() == 1 + 2 * field_len && base_pt[0] == 0x04) {
201 const auto g_x = m_g_x.serialize(field_len);
202 const auto g_y = m_g_y.serialize(field_len);
203
204 const auto sec1_x = base_pt.subspan(1, field_len);
205 const auto sec1_y = base_pt.subspan(1 + field_len, field_len);
206
207 if(!std::ranges::equal(sec1_x, g_x)) {
208 return false;
209 }
210
211 if(!std::ranges::equal(sec1_y, g_y)) {
212 return false;
213 }
214
215 return true;
216 } else {
217 throw Decoding_Error("Invalid base point encoding in explicit group");
218 }
219}
Botan::EC_Group_Data::p_bytes
size_t p_bytes() const
Definition ec_inner_data.h:205

References a(), b(), cofactor(), g_x(), g_y(), order(), p(), p_bytes(), and params_match().

◆ params_match() [3/3]

bool Botan::EC_Group_Data::params_match ( const EC_Group_Data & other) const

Definition at line 221 of file ec_inner_data.cpp.

221 {
222 return params_match(other.p(), other.a(), other.b(), other.g_x(), other.g_y(), other.order(), other.cofactor());
223}
Botan::EC_Group_Data::params_match
bool params_match(const BigInt &p, const BigInt &a, const BigInt &b, const BigInt &g_x, const BigInt &g_y, const BigInt &order, const BigInt &cofactor) const
Definition ec_inner_data.cpp:126

References a(), b(), cofactor(), EC_Group_Data(), g_x(), g_y(), order(), p(), and params_match().

◆ pcurve()

const PCurve::PrimeOrderCurve & Botan::EC_Group_Data::pcurve ( ) const
inline

Definition at line 282 of file ec_inner_data.h.

282 {
283 BOTAN_ASSERT_NONNULL(m_pcurve);
284 return *m_pcurve;
285 }
BOTAN_ASSERT_NONNULL
#define BOTAN_ASSERT_NONNULL(ptr)
Definition assert.h:114

References BOTAN_ASSERT_NONNULL.

◆ point_deserialize()

std::unique_ptr< EC_AffinePoint_Data > Botan::EC_Group_Data::point_deserialize ( std::span< const uint8_t > bytes) const

Deserialize a point

Returns nullptr if the point encoding was invalid or not on the curve

Definition at line 375 of file ec_inner_data.cpp.

375 {
376 // The deprecated "hybrid" point format
377 // TODO(Botan4) remove this
378 if(bytes.size() >= 1 + 2 * 4 && (bytes[0] == 0x06 || bytes[0] == 0x07)) {
379 const bool hdr_y_is_even = bytes[0] == 0x06;
380 const bool y_is_even = (bytes.back() & 0x01) == 0;
381
382 if(hdr_y_is_even == y_is_even) {
383 std::vector<uint8_t> sec1(bytes.begin(), bytes.end());
384 sec1[0] = 0x04;
385 return this->point_deserialize(sec1);
386 }
387 }
388
389 try {
390 if(m_pcurve) {
391 if(auto pt = m_pcurve->deserialize_point(bytes)) {
392 return std::make_unique<EC_AffinePoint_Data_PC>(shared_from_this(), std::move(*pt));
393 } else {
394 return {};
395 }
396 } else {
397#if defined(BOTAN_HAS_LEGACY_EC_POINT)
398 auto pt = Botan::OS2ECP(bytes, m_curve);
399 return std::make_unique<EC_AffinePoint_Data_BN>(shared_from_this(), std::move(pt));
400#else
401 throw Not_Implemented("Legacy EC interfaces disabled in this build configuration");
402#endif
403 }
404 } catch(...) {
405 return {};
406 }
407}
Botan::EC_Group_Data::point_deserialize
std::unique_ptr< EC_AffinePoint_Data > point_deserialize(std::span< const uint8_t > bytes) const
Definition ec_inner_data.cpp:375
Botan::OS2ECP
EC_Point OS2ECP(std::span< const uint8_t > data, const CurveGFp &curve)
Definition ec_point.cpp:866

References Botan::OS2ECP(), and point_deserialize().

Referenced by point_deserialize().

◆ point_g_mul()

std::unique_ptr< EC_AffinePoint_Data > Botan::EC_Group_Data::point_g_mul ( const EC_Scalar_Data & scalar,
RandomNumberGenerator & rng ) const

Definition at line 456 of file ec_inner_data.cpp.

457 {
458 if(m_pcurve) {
459 const auto& k = EC_Scalar_Data_PC::checked_ref(scalar);
460 auto pt = m_pcurve->point_to_affine(m_pcurve->mul_by_g(k.value(), rng));
461 return std::make_unique<EC_AffinePoint_Data_PC>(shared_from_this(), std::move(pt));
462 } else {
463#if defined(BOTAN_HAS_LEGACY_EC_POINT)
464 const auto& group = scalar.group();
465 const auto& bn = EC_Scalar_Data_BN::checked_ref(scalar);
466
467 BOTAN_STATE_CHECK(group->m_base_mult != nullptr);
468 std::vector<BigInt> ws;
469 auto pt = group->m_base_mult->mul(bn.value(), rng, m_order, ws);
470 return std::make_unique<EC_AffinePoint_Data_BN>(shared_from_this(), std::move(pt));
471#else
472 throw Not_Implemented("Legacy EC interfaces disabled in this build configuration");
473#endif
474 }
475}

References BOTAN_STATE_CHECK, Botan::EC_Scalar_Data_BN::checked_ref(), Botan::EC_Scalar_Data_PC::checked_ref(), Botan::EC_Scalar_Data::group(), and point_g_mul().

Referenced by point_g_mul().

◆ point_hash_to_curve_nu()

std::unique_ptr< EC_AffinePoint_Data > Botan::EC_Group_Data::point_hash_to_curve_nu ( std::string_view hash_fn,
std::span< const uint8_t > input,
std::span< const uint8_t > domain_sep ) const

Definition at line 445 of file ec_inner_data.cpp.

447 {
448 if(m_pcurve) {
449 auto pt = m_pcurve->hash_to_curve_nu(h2c_expand_message(hash_fn, input, domain_sep));
450 return std::make_unique<EC_AffinePoint_Data_PC>(shared_from_this(), std::move(pt));
451 } else {
452 throw Not_Implemented("Hash to curve is not implemented for this curve");
453 }
454}

References point_hash_to_curve_nu().

Referenced by point_hash_to_curve_nu().

◆ point_hash_to_curve_ro()

std::unique_ptr< EC_AffinePoint_Data > Botan::EC_Group_Data::point_hash_to_curve_ro ( std::string_view hash_fn,
std::span< const uint8_t > input,
std::span< const uint8_t > domain_sep ) const

Definition at line 434 of file ec_inner_data.cpp.

436 {
437 if(m_pcurve) {
438 auto pt = m_pcurve->hash_to_curve_ro(h2c_expand_message(hash_fn, input, domain_sep));
439 return std::make_unique<EC_AffinePoint_Data_PC>(shared_from_this(), m_pcurve->point_to_affine(pt));
440 } else {
441 throw Not_Implemented("Hash to curve is not implemented for this curve");
442 }
443}

References point_hash_to_curve_ro().

Referenced by point_hash_to_curve_ro().

◆ scalar_deserialize()

std::unique_ptr< EC_Scalar_Data > Botan::EC_Group_Data::scalar_deserialize ( std::span< const uint8_t > bytes) const

Scalar from bytes

This returns a value only if the bytes represent (in big-endian encoding) an integer that is less than n, where n is the group order. It requires that the fixed length encoding (with zero prefix) be used. It also rejects inputs that encode zero. Thus the accepted range is [1,n)

If the input is rejected then nullptr is returned

Definition at line 349 of file ec_inner_data.cpp.

349 {
350 if(bytes.size() != m_order_bytes) {
351 return nullptr;
352 }
353
354 if(m_pcurve) {
355 if(auto s = m_pcurve->deserialize_scalar(bytes)) {
356 return std::make_unique<EC_Scalar_Data_PC>(shared_from_this(), *s);
357 } else {
358 return nullptr;
359 }
360 } else {
361#if defined(BOTAN_HAS_LEGACY_EC_POINT)
362 BigInt r(bytes);
363
364 if(r.is_zero() || r >= m_order) {
365 return nullptr;
366 }
367
368 return std::make_unique<EC_Scalar_Data_BN>(shared_from_this(), std::move(r));
369#else
370 throw Not_Implemented("Legacy EC interfaces disabled in this build configuration");
371#endif
372 }
373}

References Botan::BigInt::is_zero(), and scalar_deserialize().

Referenced by scalar_deserialize(), and scalar_from_bigint().

◆ scalar_from_bigint()

std::unique_ptr< EC_Scalar_Data > Botan::EC_Group_Data::scalar_from_bigint ( const BigInt & bn) const

Scalar from BigInt

This returns a value only if bn is in [1,n) where n is the group order. Otherwise it returns nullptr

Definition at line 309 of file ec_inner_data.cpp.

309 {
310 if(bn <= 0 || bn >= m_order) {
311 return {};
312 }
313
314 if(m_pcurve) {
315 return this->scalar_deserialize(bn.serialize(m_order_bytes));
316 } else {
317#if defined(BOTAN_HAS_LEGACY_EC_POINT)
318 return std::make_unique<EC_Scalar_Data_BN>(shared_from_this(), bn);
319#else
320 throw Not_Implemented("Legacy EC interfaces disabled in this build configuration");
321#endif
322 }
323}
Botan::EC_Group_Data::scalar_deserialize
std::unique_ptr< EC_Scalar_Data > scalar_deserialize(std::span< const uint8_t > bytes) const
Definition ec_inner_data.cpp:349

References scalar_deserialize(), scalar_from_bigint(), and Botan::BigInt::serialize().

Referenced by scalar_from_bigint().

◆ scalar_from_bytes_mod_order()

std::unique_ptr< EC_Scalar_Data > Botan::EC_Group_Data::scalar_from_bytes_mod_order ( std::span< const uint8_t > bytes) const

Scalar from bytes with modular reduction

This returns a value only if bytes represents (in big-endian encoding) an integer that is at most the square of the scalar group size. Otherwise it returns nullptr.

Definition at line 264 of file ec_inner_data.cpp.

264 {
265 if(bytes.size() > 2 * order_bytes()) {
266 return {};
267 }
268
269 if(m_pcurve) {
270 if(auto s = m_pcurve->scalar_from_wide_bytes(bytes)) {
271 return std::make_unique<EC_Scalar_Data_PC>(shared_from_this(), std::move(*s));
272 } else {
273 return {};
274 }
275 } else {
276#if defined(BOTAN_HAS_LEGACY_EC_POINT)
277 return std::make_unique<EC_Scalar_Data_BN>(shared_from_this(), m_mod_order.reduce(BigInt(bytes)));
278#else
279 throw Not_Implemented("Legacy EC interfaces disabled in this build configuration");
280#endif
281 }
282}
Botan::EC_Group_Data::order_bytes
size_t order_bytes() const
Definition ec_inner_data.h:209

References order_bytes(), and scalar_from_bytes_mod_order().

Referenced by scalar_from_bytes_mod_order(), and scalar_from_bytes_with_trunc().

◆ scalar_from_bytes_with_trunc()

std::unique_ptr< EC_Scalar_Data > Botan::EC_Group_Data::scalar_from_bytes_with_trunc ( std::span< const uint8_t > bytes) const

Scalar from bytes with ECDSA style truncation

This should always succeed

Definition at line 234 of file ec_inner_data.cpp.

234 {
235 const size_t bit_length = 8 * bytes.size();
236
237 if(bit_length < order_bits()) {
238 // No shifting required, but might still need to reduce by modulus
239 return this->scalar_from_bytes_mod_order(bytes);
240 } else {
241 const size_t shift = bit_length - order_bits();
242
243 const size_t new_length = bytes.size() - (shift / 8);
244 const size_t bit_shift = shift % 8;
245
246 if(bit_shift == 0) {
247 // Easy case just read different bytes
248 return this->scalar_from_bytes_mod_order(bytes.first(new_length));
249 } else {
250 std::vector<uint8_t> sbytes(new_length);
251
252 uint8_t carry = 0;
253 for(size_t i = 0; i != new_length; ++i) {
254 const uint8_t w = bytes[i];
255 sbytes[i] = (w >> bit_shift) | carry;
256 carry = w << (8 - bit_shift);
257 }
258
259 return this->scalar_from_bytes_mod_order(sbytes);
260 }
261 }
262}
Botan::EC_Group_Data::scalar_from_bytes_mod_order
std::unique_ptr< EC_Scalar_Data > scalar_from_bytes_mod_order(std::span< const uint8_t > bytes) const
Definition ec_inner_data.cpp:264
Botan::EC_Group_Data::order_bits
size_t order_bits() const
Definition ec_inner_data.h:207
Botan::carry
void carry(int64_t &h0, int64_t &h1)
Definition ed25519_internal.h:27

References Botan::carry(), order_bits(), scalar_from_bytes_mod_order(), and scalar_from_bytes_with_trunc().

Referenced by scalar_from_bytes_with_trunc().

◆ scalar_one()

std::unique_ptr< EC_Scalar_Data > Botan::EC_Group_Data::scalar_one ( ) const

Definition at line 297 of file ec_inner_data.cpp.

297 {
298 if(m_pcurve) {
299 return std::make_unique<EC_Scalar_Data_PC>(shared_from_this(), m_pcurve->scalar_one());
300 } else {
301#if defined(BOTAN_HAS_LEGACY_EC_POINT)
302 return std::make_unique<EC_Scalar_Data_BN>(shared_from_this(), BigInt::one());
303#else
304 throw Not_Implemented("Legacy EC interfaces disabled in this build configuration");
305#endif
306 }
307}
Botan::BigInt::one
static BigInt one()
Definition bigint.h:55

References Botan::BigInt::one(), and scalar_one().

Referenced by scalar_one().

◆ scalar_random()

std::unique_ptr< EC_Scalar_Data > Botan::EC_Group_Data::scalar_random ( RandomNumberGenerator & rng) const

Return a random scalar

This will be in the range [1,n) where n is the group order

Definition at line 284 of file ec_inner_data.cpp.

284 {
285 if(m_pcurve) {
286 return std::make_unique<EC_Scalar_Data_PC>(shared_from_this(), m_pcurve->random_scalar(rng));
287 } else {
288#if defined(BOTAN_HAS_LEGACY_EC_POINT)
289 return std::make_unique<EC_Scalar_Data_BN>(shared_from_this(),
290 BigInt::random_integer(rng, BigInt::one(), m_order));
291#else
292 throw Not_Implemented("Legacy EC interfaces disabled in this build configuration");
293#endif
294 }
295}
Botan::BigInt::random_integer
static BigInt random_integer(RandomNumberGenerator &rng, const BigInt &min, const BigInt &max)
Definition big_rand.cpp:44

References Botan::BigInt::one(), Botan::BigInt::random_integer(), and scalar_random().

Referenced by scalar_random().

◆ set_oid()

void Botan::EC_Group_Data::set_oid ( const OID & oid)

Definition at line 225 of file ec_inner_data.cpp.

225 {
226 BOTAN_ARG_CHECK(!oid.empty(), "OID should be set");
227 BOTAN_STATE_CHECK(m_oid.empty() && m_der_named_curve.empty());
228 m_oid = oid;
229
230 DER_Encoder der(m_der_named_curve);
231 der.encode(m_oid);
232}
BOTAN_ARG_CHECK
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:33

References BOTAN_ARG_CHECK, BOTAN_STATE_CHECK, Botan::DER_Encoder::encode(), oid(), and set_oid().

Referenced by set_oid().

◆ source()

EC_Group_Source Botan::EC_Group_Data::source ( ) const
inline

Definition at line 215 of file ec_inner_data.h.

215{ return m_source; }

Referenced by create(), and EC_Group_Data().

The documentation for this class was generated from the following files:
Generated by doxygen 1.15.0