Botan 3.8.1
Crypto and TLS for C&
Public Member Functions | Static Public Member Functions | List of all members
Botan::EC_Group_Data Class Referencefinal

#include <ec_inner_data.h>

Inheritance diagram for Botan::EC_Group_Data:

Public Member Functions

const BigInta () const
 
bool a_is_minus_3 () const
 
bool a_is_zero () const
 
std::unique_ptr< EC_AffinePoint_Dataaffine_add (const EC_AffinePoint_Data &p, const EC_AffinePoint_Data &q) const
 
std::unique_ptr< EC_AffinePoint_Dataaffine_neg (const EC_AffinePoint_Data &p) const
 
const BigIntb () const
 
const BigIntcofactor () const
 
const std::vector< uint8_t > & der_named_curve () const
 
 EC_Group_Data (const BigInt &p, const BigInt &a, const BigInt &b, const BigInt &g_x, const BigInt &g_y, const BigInt &order, const BigInt &cofactor, const OID &oid, EC_Group_Source source)
 
EC_Group_Engine engine () const
 
const BigIntg_x () const
 
const BigIntg_y () const
 
std::unique_ptr< EC_Scalar_Datagk_x_mod_order (const EC_Scalar_Data &scalar, RandomNumberGenerator &rng) const
 
bool has_cofactor () const
 
std::unique_ptr< EC_Mul2Table_Datamake_mul2_table (const EC_AffinePoint_Data &pt) const
 
std::unique_ptr< EC_AffinePoint_Datamul_px_qy (const EC_AffinePoint_Data &p, const EC_Scalar_Data &x, const EC_AffinePoint_Data &q, const EC_Scalar_Data &y, RandomNumberGenerator &rng) const
 
const OIDoid () const
 
const BigIntorder () const
 
size_t order_bits () const
 
size_t order_bytes () const
 
bool order_is_less_than_p () const
 
const BigIntp () const
 
size_t p_bits () const
 
size_t p_bytes () const
 
size_t p_words () const
 
bool params_match (const BigInt &p, const BigInt &a, const BigInt &b, const BigInt &g_x, const BigInt &g_y, const BigInt &order, const BigInt &cofactor) const
 
bool params_match (const EC_Group_Data &other) const
 
const PCurve::PrimeOrderCurvepcurve () const
 
std::unique_ptr< EC_AffinePoint_Datapoint_deserialize (std::span< const uint8_t > bytes) const
 
std::unique_ptr< EC_AffinePoint_Datapoint_g_mul (const EC_Scalar_Data &scalar, RandomNumberGenerator &rng) const
 
std::unique_ptr< EC_AffinePoint_Datapoint_hash_to_curve_nu (std::string_view hash_fn, std::span< const uint8_t > input, std::span< const uint8_t > domain_sep) const
 
std::unique_ptr< EC_AffinePoint_Datapoint_hash_to_curve_ro (std::string_view hash_fn, std::span< const uint8_t > input, std::span< const uint8_t > domain_sep) const
 
std::unique_ptr< EC_Scalar_Datascalar_deserialize (std::span< const uint8_t > bytes) const
 
std::unique_ptr< EC_Scalar_Datascalar_from_bigint (const BigInt &bn) const
 
std::unique_ptr< EC_Scalar_Datascalar_from_bytes_mod_order (std::span< const uint8_t > bytes) const
 
std::unique_ptr< EC_Scalar_Datascalar_from_bytes_with_trunc (std::span< const uint8_t > bytes) const
 
std::unique_ptr< EC_Scalar_Datascalar_one () const
 
std::unique_ptr< EC_Scalar_Datascalar_random (RandomNumberGenerator &rng) const
 
void set_oid (const OID &oid)
 
EC_Group_Source source () const
 
 ~EC_Group_Data ()
 

Static Public Member Functions

static std::shared_ptr< EC_Group_Datacreate (const BigInt &p, const BigInt &a, const BigInt &b, const BigInt &g_x, const BigInt &g_y, const BigInt &order, const BigInt &cofactor, const OID &oid, EC_Group_Source source)
 

Detailed Description

Definition at line 125 of file ec_inner_data.h.

Constructor & Destructor Documentation

◆ ~EC_Group_Data()

Botan::EC_Group_Data::~EC_Group_Data ( )
default

References a(), b(), cofactor(), EC_Group_Data(), g_x(), g_y(), oid(), order(), and p().

◆ EC_Group_Data()

Botan::EC_Group_Data::EC_Group_Data ( const BigInt & p,
const BigInt & a,
const BigInt & b,
const BigInt & g_x,
const BigInt & g_y,
const BigInt & order,
const BigInt & cofactor,
const OID & oid,
EC_Group_Source source )

Note this constructor should only be called by EC_Group_Data::create.

It is only public to allow use of std::make_shared

Definition at line 28 of file ec_inner_data.cpp.

36 :
37 m_p(p),
38 m_a(a),
39 m_b(b),
40 m_g_x(g_x),
41 m_g_y(g_y),
42 m_order(order),
43 m_cofactor(cofactor),
44#if defined(BOTAN_HAS_LEGACY_EC_POINT)
45 m_mod_field(Barrett_Reduction::for_public_modulus(p)),
46 m_mod_order(Barrett_Reduction::for_public_modulus(order)),
47 m_monty(m_p, m_mod_field),
48#endif
49 m_oid(oid),
50 m_p_words(p.sig_words()),
51 m_p_bits(p.bits()),
52 m_order_bits(order.bits()),
53 m_order_bytes((m_order_bits + 7) / 8),
54 m_a_is_minus_3(a == p - 3),
55 m_a_is_zero(a.is_zero()),
56 m_has_cofactor(m_cofactor != 1),
57 m_order_is_less_than_p(m_order < p),
58 m_source(source) {
59 // TODO(Botan4) we can assume/assert the OID is set
60 if(!m_oid.empty()) {
61 DER_Encoder der(m_der_named_curve);
62 der.encode(m_oid);
63
64 const std::string name = m_oid.human_name_or_empty();
65 if(!name.empty()) {
66 // returns nullptr if unknown or not supported
67 m_pcurve = PCurve::PrimeOrderCurve::for_named_curve(name);
68 }
69 if(m_pcurve) {
70 m_engine = EC_Group_Engine::Optimized;
71 }
72 }
73
74 // Try a generic pcurves instance
75 if(!m_pcurve && !m_has_cofactor) {
76 m_pcurve = PCurve::PrimeOrderCurve::from_params(p, a, b, g_x, g_y, order);
77 if(m_pcurve) {
78 m_engine = EC_Group_Engine::Generic;
79 }
80 // possibly still null here, if parameters unsuitable or if the
81 // pcurves_generic module wasn't included in the build
82 }
83
84#if defined(BOTAN_HAS_LEGACY_EC_POINT)
85 secure_vector<word> ws;
86 m_a_r = m_monty.mul(a, m_monty.R2(), ws);
87 m_b_r = m_monty.mul(b, m_monty.R2(), ws);
88 if(!m_pcurve) {
89 m_engine = EC_Group_Engine::Legacy;
90 }
91#else
92 if(!m_pcurve) {
93 if(m_oid.empty()) {
94 throw Not_Implemented("EC_Group this group is not supported in this build configuration");
95 } else {
96 throw Not_Implemented(
97 fmt("EC_Group the group {} is not supported in this build configuration", oid.to_string()));
98 }
99 }
100#endif
101}
Botan::Barrett_Reduction::for_public_modulus
static Barrett_Reduction for_public_modulus(const BigInt &m)
Definition barrett.cpp:33
Botan::EC_Group_Data::p
const BigInt & p() const
Definition ec_inner_data.h:155
Botan::EC_Group_Data::g_x
const BigInt & g_x() const
Definition ec_inner_data.h:183
Botan::EC_Group_Data::a
const BigInt & a() const
Definition ec_inner_data.h:157
Botan::EC_Group_Data::oid
const OID & oid() const
Definition ec_inner_data.h:151
Botan::EC_Group_Data::cofactor
const BigInt & cofactor() const
Definition ec_inner_data.h:163
Botan::EC_Group_Data::source
EC_Group_Source source() const
Definition ec_inner_data.h:201
Botan::EC_Group_Data::g_y
const BigInt & g_y() const
Definition ec_inner_data.h:185
Botan::EC_Group_Data::b
const BigInt & b() const
Definition ec_inner_data.h:159
Botan::EC_Group_Data::order
const BigInt & order() const
Definition ec_inner_data.h:161
Botan::PCurve::PrimeOrderCurve::from_params
static std::shared_ptr< const PrimeOrderCurve > from_params(const BigInt &p, const BigInt &a, const BigInt &b, const BigInt &base_x, const BigInt &base_y, const BigInt &order)
Definition pcurves.cpp:15
Botan::PCurve::PrimeOrderCurve::for_named_curve
static std::shared_ptr< const PrimeOrderCurve > for_named_curve(std::string_view name)
Definition pcurves.cpp:26
Botan::fmt
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53
Botan::EC_Group_Engine::Optimized
@ Optimized
Using per curve implementation; fastest available.
Definition ec_group.h:68
Botan::EC_Group_Engine::Generic
@ Generic
A generic implementation that handles many curves in one implementation.
Definition ec_group.h:70
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:65

References a(), b(), BOTAN_HAS_LEGACY_EC_POINT, cofactor(), g_x(), g_y(), oid(), order(), p(), and source().

Referenced by params_match(), and ~EC_Group_Data().

Member Function Documentation

◆ a()

const BigInt & Botan::EC_Group_Data::a ( ) const
inline

Definition at line 157 of file ec_inner_data.h.

157{ return m_a; }

Referenced by create(), EC_Group_Data(), params_match(), params_match(), and ~EC_Group_Data().

◆ a_is_minus_3()

bool Botan::EC_Group_Data::a_is_minus_3 ( ) const
inline

Definition at line 197 of file ec_inner_data.h.

197{ return m_a_is_minus_3; }

◆ a_is_zero()

bool Botan::EC_Group_Data::a_is_zero ( ) const
inline

Definition at line 199 of file ec_inner_data.h.

199{ return m_a_is_zero; }

◆ affine_add()

std::unique_ptr< EC_AffinePoint_Data > Botan::EC_Group_Data::affine_add ( const EC_AffinePoint_Data & p,
const EC_AffinePoint_Data & q ) const

Definition at line 437 of file ec_inner_data.cpp.

438 {
439 if(m_pcurve) {
440 auto pt = m_pcurve->point_add(EC_AffinePoint_Data_PC::checked_ref(p).value(),
441 EC_AffinePoint_Data_PC::checked_ref(q).value());
442
443 return std::make_unique<EC_AffinePoint_Data_PC>(shared_from_this(), m_pcurve->point_to_affine(pt));
444 } else {
445#if defined(BOTAN_HAS_LEGACY_EC_POINT)
446 auto pt = p.to_legacy_point() + q.to_legacy_point();
447 return std::make_unique<EC_AffinePoint_Data_BN>(shared_from_this(), std::move(pt));
448#else
449 throw Not_Implemented("Legacy EC interfaces disabled in this build configuration");
450#endif
451 }
452}
Botan::EC_AffinePoint_Data_PC::checked_ref
static const EC_AffinePoint_Data_PC & checked_ref(const EC_AffinePoint_Data &data)
Definition ec_inner_pc.cpp:92

References affine_add(), Botan::EC_AffinePoint_Data_PC::checked_ref(), and p().

Referenced by affine_add().

◆ affine_neg()

std::unique_ptr< EC_AffinePoint_Data > Botan::EC_Group_Data::affine_neg ( const EC_AffinePoint_Data & p) const

Definition at line 454 of file ec_inner_data.cpp.

454 {
455 if(m_pcurve) {
456 auto pt = m_pcurve->point_negate(EC_AffinePoint_Data_PC::checked_ref(p).value());
457 return std::make_unique<EC_AffinePoint_Data_PC>(shared_from_this(), pt);
458 } else {
459#if defined(BOTAN_HAS_LEGACY_EC_POINT)
460 auto pt = p.to_legacy_point();
461 pt.negate(); // negates in place
462 return std::make_unique<EC_AffinePoint_Data_BN>(shared_from_this(), std::move(pt));
463#else
464 throw Not_Implemented("Legacy EC interfaces disabled in this build configuration");
465#endif
466 }
467}

References affine_neg(), Botan::EC_AffinePoint_Data_PC::checked_ref(), and p().

Referenced by affine_neg().

◆ b()

const BigInt & Botan::EC_Group_Data::b ( ) const
inline

Definition at line 159 of file ec_inner_data.h.

159{ return m_b; }

Referenced by create(), EC_Group_Data(), params_match(), params_match(), and ~EC_Group_Data().

◆ cofactor()

const BigInt & Botan::EC_Group_Data::cofactor ( ) const
inline

Definition at line 163 of file ec_inner_data.h.

163{ return m_cofactor; }

Referenced by create(), EC_Group_Data(), params_match(), params_match(), and ~EC_Group_Data().

◆ create()

std::shared_ptr< EC_Group_Data > Botan::EC_Group_Data::create ( const BigInt & p,
const BigInt & a,
const BigInt & b,
const BigInt & g_x,
const BigInt & g_y,
const BigInt & order,
const BigInt & cofactor,
const OID & oid,
EC_Group_Source source )
static

Definition at line 103 of file ec_inner_data.cpp.

111 {
112 auto group = std::make_shared<EC_Group_Data>(p, a, b, g_x, g_y, order, cofactor, oid, source);
113
114#if defined(BOTAN_HAS_LEGACY_EC_POINT)
115 group->m_curve = CurveGFp(group.get());
116 group->m_base_point = EC_Point(group->m_curve, g_x, g_y);
117 if(!group->m_pcurve) {
118 group->m_base_mult = std::make_unique<EC_Point_Base_Point_Precompute>(group->m_base_point, group->m_mod_order);
119 }
120#endif
121
122 return group;
123}

References a(), b(), cofactor(), create(), g_x(), g_y(), oid(), order(), p(), and source().

Referenced by create().

◆ der_named_curve()

const std::vector< uint8_t > & Botan::EC_Group_Data::der_named_curve ( ) const
inline

Definition at line 153 of file ec_inner_data.h.

153{ return m_der_named_curve; }

◆ engine()

EC_Group_Engine Botan::EC_Group_Data::engine ( ) const
inline

Definition at line 203 of file ec_inner_data.h.

203{ return m_engine; }

◆ g_x()

const BigInt & Botan::EC_Group_Data::g_x ( ) const
inline

Definition at line 183 of file ec_inner_data.h.

183{ return m_g_x; }

Referenced by create(), EC_Group_Data(), params_match(), params_match(), and ~EC_Group_Data().

◆ g_y()

const BigInt & Botan::EC_Group_Data::g_y ( ) const
inline

Definition at line 185 of file ec_inner_data.h.

185{ return m_g_y; }

Referenced by create(), EC_Group_Data(), params_match(), params_match(), and ~EC_Group_Data().

◆ gk_x_mod_order()

std::unique_ptr< EC_Scalar_Data > Botan::EC_Group_Data::gk_x_mod_order ( const EC_Scalar_Data & scalar,
RandomNumberGenerator & rng ) const

Definition at line 240 of file ec_inner_data.cpp.

241 {
242 if(m_pcurve) {
243 const auto& k = EC_Scalar_Data_PC::checked_ref(scalar);
244 auto gk_x_mod_order = m_pcurve->base_point_mul_x_mod_order(k.value(), rng);
245 return std::make_unique<EC_Scalar_Data_PC>(shared_from_this(), gk_x_mod_order);
246 } else {
247#if defined(BOTAN_HAS_LEGACY_EC_POINT)
248 const auto& k = EC_Scalar_Data_BN::checked_ref(scalar);
249 BOTAN_STATE_CHECK(m_base_mult != nullptr);
250 std::vector<BigInt> ws;
251 const auto pt = m_base_mult->mul(k.value(), rng, m_order, ws);
252
253 if(pt.is_zero()) {
254 return std::make_unique<EC_Scalar_Data_BN>(shared_from_this(), BigInt::zero());
255 } else {
256 return std::make_unique<EC_Scalar_Data_BN>(shared_from_this(), m_mod_order.reduce(pt.get_affine_x()));
257 }
258#else
259 throw Not_Implemented("Legacy EC interfaces disabled in this build configuration");
260#endif
261 }
262}
BOTAN_STATE_CHECK
#define BOTAN_STATE_CHECK(expr)
Definition assert.h:43
Botan::BigInt::zero
static BigInt zero()
Definition bigint.h:49
Botan::EC_Group_Data::gk_x_mod_order
std::unique_ptr< EC_Scalar_Data > gk_x_mod_order(const EC_Scalar_Data &scalar, RandomNumberGenerator &rng) const
Definition ec_inner_data.cpp:240
Botan::EC_Scalar_Data_BN::checked_ref
static const EC_Scalar_Data_BN & checked_ref(const EC_Scalar_Data &data)
Definition ec_inner_bn.cpp:14
Botan::EC_Scalar_Data_PC::checked_ref
static const EC_Scalar_Data_PC & checked_ref(const EC_Scalar_Data &data)
Definition ec_inner_pc.cpp:13

References BOTAN_STATE_CHECK, Botan::EC_Scalar_Data_BN::checked_ref(), Botan::EC_Scalar_Data_PC::checked_ref(), gk_x_mod_order(), and Botan::BigInt::zero().

Referenced by gk_x_mod_order().

◆ has_cofactor()

bool Botan::EC_Group_Data::has_cofactor ( ) const
inline

Definition at line 181 of file ec_inner_data.h.

181{ return m_has_cofactor; }

◆ make_mul2_table()

std::unique_ptr< EC_Mul2Table_Data > Botan::EC_Group_Data::make_mul2_table ( const EC_AffinePoint_Data & pt) const

Definition at line 469 of file ec_inner_data.cpp.

469 {
470 if(m_pcurve) {
471 return std::make_unique<EC_Mul2Table_Data_PC>(h);
472 } else {
473#if defined(BOTAN_HAS_LEGACY_EC_POINT)
474 EC_AffinePoint_Data_BN g(shared_from_this(), this->base_point());
475 return std::make_unique<EC_Mul2Table_Data_BN>(g, h);
476#else
477 throw Not_Implemented("Legacy EC interfaces disabled in this build configuration");
478#endif
479 }
480}

References make_mul2_table().

Referenced by make_mul2_table().

◆ mul_px_qy()

std::unique_ptr< EC_AffinePoint_Data > Botan::EC_Group_Data::mul_px_qy ( const EC_AffinePoint_Data & p,
const EC_Scalar_Data & x,
const EC_AffinePoint_Data & q,
const EC_Scalar_Data & y,
RandomNumberGenerator & rng ) const

Definition at line 392 of file ec_inner_data.cpp.

396 {
397 if(m_pcurve) {
398 auto pt = m_pcurve->mul_px_qy(EC_AffinePoint_Data_PC::checked_ref(p).value(),
399 EC_Scalar_Data_PC::checked_ref(x).value(),
400 EC_AffinePoint_Data_PC::checked_ref(q).value(),
401 EC_Scalar_Data_PC::checked_ref(y).value(),
402 rng);
403
404 if(pt) {
405 return std::make_unique<EC_AffinePoint_Data_PC>(shared_from_this(), m_pcurve->point_to_affine(*pt));
406 } else {
407 return nullptr;
408 }
409 } else {
410#if defined(BOTAN_HAS_LEGACY_EC_POINT)
411 std::vector<BigInt> ws;
412 const auto& group = p.group();
413
414 // TODO this could be better!
415 EC_Point_Var_Point_Precompute p_mul(p.to_legacy_point(), rng, ws);
416 EC_Point_Var_Point_Precompute q_mul(q.to_legacy_point(), rng, ws);
417
418 const auto order = group->order() * group->cofactor(); // See #3800
419
420 auto px = p_mul.mul(EC_Scalar_Data_BN::checked_ref(x).value(), rng, order, ws);
421 auto qy = q_mul.mul(EC_Scalar_Data_BN::checked_ref(y).value(), rng, order, ws);
422
423 auto px_qy = px + qy;
424
425 if(!px_qy.is_zero()) {
426 px_qy.force_affine();
427 return std::make_unique<EC_AffinePoint_Data_BN>(shared_from_this(), std::move(px_qy));
428 } else {
429 return nullptr;
430 }
431#else
432 throw Not_Implemented("Legacy EC interfaces disabled in this build configuration");
433#endif
434 }
435}

References Botan::EC_AffinePoint_Data_PC::checked_ref(), Botan::EC_Scalar_Data_BN::checked_ref(), Botan::EC_Scalar_Data_PC::checked_ref(), Botan::EC_Point_Var_Point_Precompute::mul(), mul_px_qy(), order(), and p().

Referenced by mul_px_qy().

◆ oid()

const OID & Botan::EC_Group_Data::oid ( ) const
inline

Definition at line 151 of file ec_inner_data.h.

151{ return m_oid; }

Referenced by create(), EC_Group_Data(), set_oid(), and ~EC_Group_Data().

◆ order()

const BigInt & Botan::EC_Group_Data::order ( ) const
inline

Definition at line 161 of file ec_inner_data.h.

161{ return m_order; }

Referenced by create(), EC_Group_Data(), mul_px_qy(), params_match(), params_match(), and ~EC_Group_Data().

◆ order_bits()

size_t Botan::EC_Group_Data::order_bits ( ) const
inline

Definition at line 193 of file ec_inner_data.h.

193{ return m_order_bits; }

Referenced by scalar_from_bytes_with_trunc().

◆ order_bytes()

size_t Botan::EC_Group_Data::order_bytes ( ) const
inline

Definition at line 195 of file ec_inner_data.h.

195{ return m_order_bytes; }

Referenced by scalar_from_bytes_mod_order().

◆ order_is_less_than_p()

bool Botan::EC_Group_Data::order_is_less_than_p ( ) const
inline

Definition at line 179 of file ec_inner_data.h.

179{ return m_order_is_less_than_p; }

◆ p()

const BigInt & Botan::EC_Group_Data::p ( ) const
inline

Definition at line 155 of file ec_inner_data.h.

155{ return m_p; }

Referenced by affine_add(), affine_neg(), create(), EC_Group_Data(), mul_px_qy(), params_match(), params_match(), and ~EC_Group_Data().

◆ p_bits()

size_t Botan::EC_Group_Data::p_bits ( ) const
inline

Definition at line 189 of file ec_inner_data.h.

189{ return m_p_bits; }

◆ p_bytes()

size_t Botan::EC_Group_Data::p_bytes ( ) const
inline

Definition at line 191 of file ec_inner_data.h.

191{ return (m_p_bits + 7) / 8; }

◆ p_words()

size_t Botan::EC_Group_Data::p_words ( ) const
inline

Definition at line 187 of file ec_inner_data.h.

187{ return m_p_words; }

◆ params_match() [1/2]

bool Botan::EC_Group_Data::params_match ( const BigInt & p,
const BigInt & a,
const BigInt & b,
const BigInt & g_x,
const BigInt & g_y,
const BigInt & order,
const BigInt & cofactor ) const

Definition at line 125 of file ec_inner_data.cpp.

131 {
132 return (this->p() == p && this->a() == a && this->b() == b && this->order() == order &&
133 this->cofactor() == cofactor && this->g_x() == g_x && this->g_y() == g_y);
134}

References a(), b(), cofactor(), g_x(), g_y(), order(), p(), and params_match().

Referenced by params_match(), and params_match().

◆ params_match() [2/2]

bool Botan::EC_Group_Data::params_match ( const EC_Group_Data & other) const

Definition at line 136 of file ec_inner_data.cpp.

136 {
137 return params_match(other.p(), other.a(), other.b(), other.g_x(), other.g_y(), other.order(), other.cofactor());
138}
Botan::EC_Group_Data::params_match
bool params_match(const BigInt &p, const BigInt &a, const BigInt &b, const BigInt &g_x, const BigInt &g_y, const BigInt &order, const BigInt &cofactor) const
Definition ec_inner_data.cpp:125

References a(), b(), cofactor(), EC_Group_Data(), g_x(), g_y(), order(), p(), and params_match().

◆ pcurve()

const PCurve::PrimeOrderCurve & Botan::EC_Group_Data::pcurve ( ) const
inline

Definition at line 268 of file ec_inner_data.h.

268 {
269 BOTAN_ASSERT_NONNULL(m_pcurve);
270 return *m_pcurve;
271 }
BOTAN_ASSERT_NONNULL
#define BOTAN_ASSERT_NONNULL(ptr)
Definition assert.h:88

References BOTAN_ASSERT_NONNULL.

◆ point_deserialize()

std::unique_ptr< EC_AffinePoint_Data > Botan::EC_Group_Data::point_deserialize ( std::span< const uint8_t > bytes) const

Deserialize a point

Returns nullptr if the point encoding was invalid or not on the curve

Definition at line 290 of file ec_inner_data.cpp.

290 {
291 // The deprecated "hybrid" point format
292 // TODO(Botan4) remove this
293 if(bytes.size() >= 1 + 2 * 4 && (bytes[0] == 0x06 || bytes[0] == 0x07)) {
294 bool hdr_y_is_even = bytes[0] == 0x06;
295 bool y_is_even = (bytes.back() & 0x01) == 0;
296
297 if(hdr_y_is_even == y_is_even) {
298 std::vector<uint8_t> sec1(bytes.begin(), bytes.end());
299 sec1[0] = 0x04;
300 return this->point_deserialize(sec1);
301 }
302 }
303
304 try {
305 if(m_pcurve) {
306 if(auto pt = m_pcurve->deserialize_point(bytes)) {
307 return std::make_unique<EC_AffinePoint_Data_PC>(shared_from_this(), std::move(*pt));
308 } else {
309 return {};
310 }
311 } else {
312#if defined(BOTAN_HAS_LEGACY_EC_POINT)
313 auto pt = Botan::OS2ECP(bytes, m_curve);
314 return std::make_unique<EC_AffinePoint_Data_BN>(shared_from_this(), std::move(pt));
315#else
316 throw Not_Implemented("Legacy EC interfaces disabled in this build configuration");
317#endif
318 }
319 } catch(...) {
320 return {};
321 }
322}
Botan::EC_Group_Data::point_deserialize
std::unique_ptr< EC_AffinePoint_Data > point_deserialize(std::span< const uint8_t > bytes) const
Definition ec_inner_data.cpp:290
Botan::OS2ECP
EC_Point OS2ECP(std::span< const uint8_t > data, const CurveGFp &curve)
Definition ec_point.cpp:846

References Botan::OS2ECP(), and point_deserialize().

Referenced by point_deserialize().

◆ point_g_mul()

std::unique_ptr< EC_AffinePoint_Data > Botan::EC_Group_Data::point_g_mul ( const EC_Scalar_Data & scalar,
RandomNumberGenerator & rng ) const

Definition at line 371 of file ec_inner_data.cpp.

372 {
373 if(m_pcurve) {
374 const auto& k = EC_Scalar_Data_PC::checked_ref(scalar);
375 auto pt = m_pcurve->point_to_affine(m_pcurve->mul_by_g(k.value(), rng));
376 return std::make_unique<EC_AffinePoint_Data_PC>(shared_from_this(), std::move(pt));
377 } else {
378#if defined(BOTAN_HAS_LEGACY_EC_POINT)
379 const auto& group = scalar.group();
380 const auto& bn = EC_Scalar_Data_BN::checked_ref(scalar);
381
382 BOTAN_STATE_CHECK(group->m_base_mult != nullptr);
383 std::vector<BigInt> ws;
384 auto pt = group->m_base_mult->mul(bn.value(), rng, m_order, ws);
385 return std::make_unique<EC_AffinePoint_Data_BN>(shared_from_this(), std::move(pt));
386#else
387 throw Not_Implemented("Legacy EC interfaces disabled in this build configuration");
388#endif
389 }
390}

References BOTAN_STATE_CHECK, Botan::EC_Scalar_Data_BN::checked_ref(), Botan::EC_Scalar_Data_PC::checked_ref(), Botan::EC_Scalar_Data::group(), and point_g_mul().

Referenced by point_g_mul().

◆ point_hash_to_curve_nu()

std::unique_ptr< EC_AffinePoint_Data > Botan::EC_Group_Data::point_hash_to_curve_nu ( std::string_view hash_fn,
std::span< const uint8_t > input,
std::span< const uint8_t > domain_sep ) const

Definition at line 360 of file ec_inner_data.cpp.

362 {
363 if(m_pcurve) {
364 auto pt = m_pcurve->hash_to_curve_nu(h2c_expand_message(hash_fn, input, domain_sep));
365 return std::make_unique<EC_AffinePoint_Data_PC>(shared_from_this(), std::move(pt));
366 } else {
367 throw Not_Implemented("Hash to curve is not implemented for this curve");
368 }
369}

References point_hash_to_curve_nu().

Referenced by point_hash_to_curve_nu().

◆ point_hash_to_curve_ro()

std::unique_ptr< EC_AffinePoint_Data > Botan::EC_Group_Data::point_hash_to_curve_ro ( std::string_view hash_fn,
std::span< const uint8_t > input,
std::span< const uint8_t > domain_sep ) const

Definition at line 349 of file ec_inner_data.cpp.

351 {
352 if(m_pcurve) {
353 auto pt = m_pcurve->hash_to_curve_ro(h2c_expand_message(hash_fn, input, domain_sep));
354 return std::make_unique<EC_AffinePoint_Data_PC>(shared_from_this(), m_pcurve->point_to_affine(pt));
355 } else {
356 throw Not_Implemented("Hash to curve is not implemented for this curve");
357 }
358}

References point_hash_to_curve_ro().

Referenced by point_hash_to_curve_ro().

◆ scalar_deserialize()

std::unique_ptr< EC_Scalar_Data > Botan::EC_Group_Data::scalar_deserialize ( std::span< const uint8_t > bytes) const

Scalar from bytes

This returns a value only if the bytes represent (in big-endian encoding) an integer that is less than n, where n is the group order. It requires that the fixed length encoding (with zero prefix) be used. It also rejects inputs that encode zero. Thus the accepted range is [1,n)

If the input is rejected then nullptr is returned

Definition at line 264 of file ec_inner_data.cpp.

264 {
265 if(bytes.size() != m_order_bytes) {
266 return nullptr;
267 }
268
269 if(m_pcurve) {
270 if(auto s = m_pcurve->deserialize_scalar(bytes)) {
271 return std::make_unique<EC_Scalar_Data_PC>(shared_from_this(), *s);
272 } else {
273 return nullptr;
274 }
275 } else {
276#if defined(BOTAN_HAS_LEGACY_EC_POINT)
277 BigInt r(bytes);
278
279 if(r.is_zero() || r >= m_order) {
280 return nullptr;
281 }
282
283 return std::make_unique<EC_Scalar_Data_BN>(shared_from_this(), std::move(r));
284#else
285 throw Not_Implemented("Legacy EC interfaces disabled in this build configuration");
286#endif
287 }
288}

References Botan::BigInt::is_zero(), and scalar_deserialize().

Referenced by scalar_deserialize(), and scalar_from_bigint().

◆ scalar_from_bigint()

std::unique_ptr< EC_Scalar_Data > Botan::EC_Group_Data::scalar_from_bigint ( const BigInt & bn) const

Scalar from BigInt

This returns a value only if bn is in [1,n) where n is the group order. Otherwise it returns nullptr

Definition at line 224 of file ec_inner_data.cpp.

224 {
225 if(bn <= 0 || bn >= m_order) {
226 return {};
227 }
228
229 if(m_pcurve) {
230 return this->scalar_deserialize(bn.serialize(m_order_bytes));
231 } else {
232#if defined(BOTAN_HAS_LEGACY_EC_POINT)
233 return std::make_unique<EC_Scalar_Data_BN>(shared_from_this(), bn);
234#else
235 throw Not_Implemented("Legacy EC interfaces disabled in this build configuration");
236#endif
237 }
238}
Botan::EC_Group_Data::scalar_deserialize
std::unique_ptr< EC_Scalar_Data > scalar_deserialize(std::span< const uint8_t > bytes) const
Definition ec_inner_data.cpp:264

References scalar_deserialize(), scalar_from_bigint(), and Botan::BigInt::serialize().

Referenced by scalar_from_bigint().

◆ scalar_from_bytes_mod_order()

std::unique_ptr< EC_Scalar_Data > Botan::EC_Group_Data::scalar_from_bytes_mod_order ( std::span< const uint8_t > bytes) const

Scalar from bytes with modular reduction

This returns a value only if bytes represents (in big-endian encoding) an integer that is at most the square of the scalar group size. Otherwise it returns nullptr.

Definition at line 179 of file ec_inner_data.cpp.

179 {
180 if(bytes.size() > 2 * order_bytes()) {
181 return {};
182 }
183
184 if(m_pcurve) {
185 if(auto s = m_pcurve->scalar_from_wide_bytes(bytes)) {
186 return std::make_unique<EC_Scalar_Data_PC>(shared_from_this(), std::move(*s));
187 } else {
188 return {};
189 }
190 } else {
191#if defined(BOTAN_HAS_LEGACY_EC_POINT)
192 return std::make_unique<EC_Scalar_Data_BN>(shared_from_this(), m_mod_order.reduce(BigInt(bytes)));
193#else
194 throw Not_Implemented("Legacy EC interfaces disabled in this build configuration");
195#endif
196 }
197}
Botan::EC_Group_Data::order_bytes
size_t order_bytes() const
Definition ec_inner_data.h:195

References order_bytes(), and scalar_from_bytes_mod_order().

Referenced by scalar_from_bytes_mod_order(), and scalar_from_bytes_with_trunc().

◆ scalar_from_bytes_with_trunc()

std::unique_ptr< EC_Scalar_Data > Botan::EC_Group_Data::scalar_from_bytes_with_trunc ( std::span< const uint8_t > bytes) const

Scalar from bytes with ECDSA style trunction

This should always succeed

Definition at line 149 of file ec_inner_data.cpp.

149 {
150 const size_t bit_length = 8 * bytes.size();
151
152 if(bit_length < order_bits()) {
153 // No shifting required, but might still need to reduce by modulus
154 return this->scalar_from_bytes_mod_order(bytes);
155 } else {
156 const size_t shift = bit_length - order_bits();
157
158 const size_t new_length = bytes.size() - (shift / 8);
159 const size_t bit_shift = shift % 8;
160
161 if(bit_shift == 0) {
162 // Easy case just read different bytes
163 return this->scalar_from_bytes_mod_order(bytes.first(new_length));
164 } else {
165 std::vector<uint8_t> sbytes(new_length);
166
167 uint8_t carry = 0;
168 for(size_t i = 0; i != new_length; ++i) {
169 const uint8_t w = bytes[i];
170 sbytes[i] = (w >> bit_shift) | carry;
171 carry = w << (8 - bit_shift);
172 }
173
174 return this->scalar_from_bytes_mod_order(sbytes);
175 }
176 }
177}
Botan::EC_Group_Data::scalar_from_bytes_mod_order
std::unique_ptr< EC_Scalar_Data > scalar_from_bytes_mod_order(std::span< const uint8_t > bytes) const
Definition ec_inner_data.cpp:179
Botan::EC_Group_Data::order_bits
size_t order_bits() const
Definition ec_inner_data.h:193
Botan::carry
void carry(int64_t &h0, int64_t &h1)
Definition ed25519_internal.h:28

References Botan::carry(), order_bits(), scalar_from_bytes_mod_order(), and scalar_from_bytes_with_trunc().

Referenced by scalar_from_bytes_with_trunc().

◆ scalar_one()

std::unique_ptr< EC_Scalar_Data > Botan::EC_Group_Data::scalar_one ( ) const

Definition at line 212 of file ec_inner_data.cpp.

212 {
213 if(m_pcurve) {
214 return std::make_unique<EC_Scalar_Data_PC>(shared_from_this(), m_pcurve->scalar_one());
215 } else {
216#if defined(BOTAN_HAS_LEGACY_EC_POINT)
217 return std::make_unique<EC_Scalar_Data_BN>(shared_from_this(), BigInt::one());
218#else
219 throw Not_Implemented("Legacy EC interfaces disabled in this build configuration");
220#endif
221 }
222}
Botan::BigInt::one
static BigInt one()
Definition bigint.h:54

References Botan::BigInt::one(), and scalar_one().

Referenced by scalar_one().

◆ scalar_random()

std::unique_ptr< EC_Scalar_Data > Botan::EC_Group_Data::scalar_random ( RandomNumberGenerator & rng) const

Return a random scalar

This will be in the range [1,n) where n is the group order

Definition at line 199 of file ec_inner_data.cpp.

199 {
200 if(m_pcurve) {
201 return std::make_unique<EC_Scalar_Data_PC>(shared_from_this(), m_pcurve->random_scalar(rng));
202 } else {
203#if defined(BOTAN_HAS_LEGACY_EC_POINT)
204 return std::make_unique<EC_Scalar_Data_BN>(shared_from_this(),
205 BigInt::random_integer(rng, BigInt::one(), m_order));
206#else
207 throw Not_Implemented("Legacy EC interfaces disabled in this build configuration");
208#endif
209 }
210}
Botan::BigInt::random_integer
static BigInt random_integer(RandomNumberGenerator &rng, const BigInt &min, const BigInt &max)
Definition big_rand.cpp:43

References Botan::BigInt::one(), Botan::BigInt::random_integer(), and scalar_random().

Referenced by scalar_random().

◆ set_oid()

void Botan::EC_Group_Data::set_oid ( const OID & oid)

Definition at line 140 of file ec_inner_data.cpp.

140 {
141 BOTAN_ARG_CHECK(!oid.empty(), "OID should be set");
142 BOTAN_STATE_CHECK(m_oid.empty() && m_der_named_curve.empty());
143 m_oid = oid;
144
145 DER_Encoder der(m_der_named_curve);
146 der.encode(m_oid);
147}
BOTAN_ARG_CHECK
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:31

References BOTAN_ARG_CHECK, BOTAN_STATE_CHECK, Botan::DER_Encoder::encode(), oid(), and set_oid().

Referenced by set_oid().

◆ source()

EC_Group_Source Botan::EC_Group_Data::source ( ) const
inline

Definition at line 201 of file ec_inner_data.h.

201{ return m_source; }

Referenced by create(), and EC_Group_Data().

The documentation for this class was generated from the following files:
Generated by doxygen 1.13.2