#include <ec_scalar.h>
Public Member Functions | |
| const EC_Scalar_Data & | _inner () const |
| EC_Scalar | add (const EC_Scalar &x) const |
| void | assign (const EC_Scalar &x) |
| size_t | bytes () const |
| EC_Scalar (const EC_Group &group, std::span< const uint8_t > bytes) | |
| EC_Scalar (const EC_Scalar &other) | |
| EC_Scalar (EC_Scalar &&other) noexcept | |
| EC_Scalar | invert () const |
| EC_Scalar | invert_vartime () const |
| bool | is_eq (const EC_Scalar &x) const |
| bool | is_nonzero () const |
| bool | is_zero () const |
| EC_Scalar | mul (const EC_Scalar &x) const |
| EC_Scalar | negate () const |
| EC_Scalar & | operator= (const EC_Scalar &other) |
| EC_Scalar & | operator= (EC_Scalar &&other) noexcept |
| template<concepts::resizable_byte_buffer T = std::vector<uint8_t>> | |
| T | serialize () const |
| void | serialize_to (std::span< uint8_t > bytes) const |
| void | square_self () |
| EC_Scalar | sub (const EC_Scalar &x) const |
| BigInt | to_bigint () const |
| void | zeroize () |
| ~EC_Scalar () | |
Static Public Member Functions | |
| static EC_Scalar | _from_inner (std::unique_ptr< EC_Scalar_Data > inner) |
| static std::optional< EC_Scalar > | deserialize (const EC_Group &group, std::span< const uint8_t > bytes) |
| static std::optional< std::pair< EC_Scalar, EC_Scalar > > | deserialize_pair (const EC_Group &group, std::span< const uint8_t > bytes) |
| static EC_Scalar | from_bigint (const EC_Group &group, const BigInt &bn) |
| static EC_Scalar | from_bytes_mod_order (const EC_Group &group, std::span< const uint8_t > bytes) |
| static EC_Scalar | from_bytes_with_trunc (const EC_Group &group, std::span< const uint8_t > bytes) |
| static EC_Scalar | gk_x_mod_order (const EC_Scalar &scalar, RandomNumberGenerator &rng) |
| static EC_Scalar | gk_x_mod_order (const EC_Scalar &scalar, RandomNumberGenerator &rng, std::vector< BigInt > &) |
| static EC_Scalar | hash (const EC_Group &group, std::string_view hash_fn, std::span< const uint8_t > input, std::span< const uint8_t > domain_sep) |
| static EC_Scalar | one (const EC_Group &group) |
| static EC_Scalar | random (const EC_Group &group, RandomNumberGenerator &rng) |
| template<concepts::resizable_byte_buffer T = std::vector<uint8_t>> | |
| static T | serialize_pair (const EC_Scalar &r, const EC_Scalar &s) |
| static void | serialize_pair_to (std::span< uint8_t > bytes, const EC_Scalar &r, const EC_Scalar &s) |
Friends | |
| class | EC_AffinePoint |
| EC_Scalar | operator* (const EC_Scalar &x, const EC_Scalar &y) |
| EC_Scalar | operator+ (const EC_Scalar &x, const EC_Scalar &y) |
| EC_Scalar | operator- (const EC_Scalar &x, const EC_Scalar &y) |
| bool | operator== (const EC_Scalar &x, const EC_Scalar &y) |
Detailed Description
Represents an integer modulo the prime group order of an elliptic curve
Definition at line 28 of file ec_scalar.h.
Constructor & Destructor Documentation
◆ EC_Scalar() [1/3]
| Botan::EC_Scalar::EC_Scalar | ( | const EC_Group & | group, |
| std::span< const uint8_t > | bytes ) |
Convert a bytestring to an EC_Scalar
This is similar to deserialize but instead of returning nullopt if the input is invalid, it will throw an exception.
Definition at line 126 of file ec_scalar.cpp.
References Botan::EC_Group::_data(), and bytes().
Referenced by _from_inner(), add(), assign(), deserialize(), EC_AffinePoint, EC_Scalar(), EC_Scalar(), from_bigint(), from_bytes_mod_order(), from_bytes_with_trunc(), gk_x_mod_order(), gk_x_mod_order(), hash(), invert(), invert_vartime(), is_eq(), mul(), negate(), one(), operator*, operator+, operator-, operator=(), operator=(), operator==, random(), serialize_pair(), serialize_pair_to(), and sub().
◆ EC_Scalar() [2/3]
| Botan::EC_Scalar::EC_Scalar | ( | const EC_Scalar & | other | ) |
Definition at line 26 of file ec_scalar.cpp.
References EC_Scalar().
◆ EC_Scalar() [3/3]
|
noexcept |
Definition at line 28 of file ec_scalar.cpp.
References EC_Scalar().
◆ ~EC_Scalar()
|
default |
Member Function Documentation
◆ _from_inner()
|
static |
Definition at line 18 of file ec_scalar.cpp.
References EC_Scalar().
◆ _inner()
|
inline |
Definition at line 244 of file ec_scalar.h.
Referenced by Botan::EC_AffinePoint::g_mul(), gk_x_mod_order(), Botan::EC_AffinePoint::mul(), Botan::EC_Group::Mul2Table::mul2_vartime(), Botan::EC_Group::Mul2Table::mul2_vartime_x_mod_order_eq(), Botan::EC_AffinePoint::mul_px_qy(), Botan::EC_AffinePoint::mul_x_only(), operator=(), and serialize_pair_to().
◆ add()
Scalar addition (modulo group order)
Definition at line 153 of file ec_scalar.cpp.
References add(), and EC_Scalar().
◆ assign()
| void Botan::EC_Scalar::assign | ( | const EC_Scalar & | x | ) |
Assign a scalar
Definition at line 165 of file ec_scalar.cpp.
References EC_Scalar().
Referenced by operator=().
◆ bytes()
| size_t Botan::EC_Scalar::bytes | ( | ) | const |
Return the byte size of this scalar
Definition at line 45 of file ec_scalar.cpp.
References bytes().
Referenced by bytes(), deserialize(), deserialize_pair(), EC_Scalar(), from_bytes_mod_order(), from_bytes_with_trunc(), serialize_pair(), serialize_pair_to(), serialize_to(), and to_bigint().
◆ deserialize()
|
static |
Deserialize a scalar
The span must be exactly bytes() long; this function does not accept either short inputs (eg [1] to encode the integer 1) or inputs with excess leading zero bytes.
Returns nullopt if the length is incorrect or if the integer is not within the range [0,n) where n is the group order.
Definition at line 118 of file ec_scalar.cpp.
References Botan::EC_Group::_data(), bytes(), and EC_Scalar().
Referenced by deserialize_pair().
◆ deserialize_pair()
|
static |
Deserialize a pair of scalars
Returns nullopt if the length is not 2*bytes(), or if either scalar is out of range or zero
Definition at line 100 of file ec_scalar.cpp.
References bytes(), and deserialize().
◆ from_bigint()
Convert from the argument BigInt to a EC_Scalar
Throws an exception if the provided bn is negative or too large
Definition at line 69 of file ec_scalar.cpp.
References Botan::EC_Group::_data(), and EC_Scalar().
Referenced by Botan::EC_Group::cube_mod_order(), Botan::ECIES_KA_Operation::derive_secret(), Botan::EC_PrivateKey::EC_PrivateKey(), Botan::EC_Group::inverse_mod_order(), Botan::EC_Group::multiply_mod_order(), Botan::EC_Group::multiply_mod_order(), and Botan::EC_Group::square_mod_order().
◆ from_bytes_mod_order()
|
static |
Convert a bytestring to an EC_Scalar
This reduces the bytes modulo the group order. The input can be at most 2*bytes() long
Definition at line 53 of file ec_scalar.cpp.
References Botan::EC_Group::_data(), bytes(), and EC_Scalar().
Referenced by hash(), and Botan::EC_Group::mod_order().
◆ from_bytes_with_trunc()
|
static |
Convert a bytestring to an EC_Scalar
This uses the truncation rules from ECDSA
Definition at line 49 of file ec_scalar.cpp.
References Botan::EC_Group::_data(), bytes(), and EC_Scalar().
◆ gk_x_mod_order() [1/2]
|
static |
Compute the elliptic curve scalar multiplication (g*k) where g is the standard base point on the curve. Then extract the x coordinate of the resulting point, and reduce it modulo the group order.
Definition at line 83 of file ec_scalar.cpp.
References _inner(), EC_Scalar(), and Botan::EC_Scalar_Data::group().
Referenced by gk_x_mod_order().
◆ gk_x_mod_order() [2/2]
|
inlinestatic |
Definition at line 110 of file ec_scalar.h.
References EC_Scalar(), and gk_x_mod_order().
◆ hash()
|
static |
Hash to scalar following RFC 9380
This requires XMD. Unlike hash2curve, any group is supported
Definition at line 178 of file ec_scalar.cpp.
References BOTAN_UNUSED, EC_Scalar(), Botan::expand_message_xmd(), from_bytes_mod_order(), and Botan::EC_Group::get_order_bits().
◆ invert()
| EC_Scalar Botan::EC_Scalar::invert | ( | ) | const |
Constant time modular inversion
Return the modular inverse of this EC_Scalar
If *this is zero, then invert() returns zero
Definition at line 137 of file ec_scalar.cpp.
References EC_Scalar(), and invert().
Referenced by invert().
◆ invert_vartime()
| EC_Scalar Botan::EC_Scalar::invert_vartime | ( | ) | const |
Variable time modular inversion
Return the modular inverse of this EC_Scalar
If *this is zero, then invert_vartime() returns zero
Definition at line 141 of file ec_scalar.cpp.
References EC_Scalar(), and invert_vartime().
Referenced by invert_vartime().
◆ is_eq()
| bool Botan::EC_Scalar::is_eq | ( | const EC_Scalar & | x | ) | const |
Test for equality
Definition at line 173 of file ec_scalar.cpp.
References EC_Scalar().
Referenced by operator==.
◆ is_nonzero()
|
inline |
Return true if this EC_Scalar is not zero
Definition at line 161 of file ec_scalar.h.
References is_zero().
◆ is_zero()
| bool Botan::EC_Scalar::is_zero | ( | ) | const |
Return true if this EC_Scalar is zero
Definition at line 133 of file ec_scalar.cpp.
Referenced by is_nonzero().
◆ mul()
Scalar multiplication (modulo group order)
Definition at line 161 of file ec_scalar.cpp.
References EC_Scalar(), and mul().
◆ negate()
| EC_Scalar Botan::EC_Scalar::negate | ( | ) | const |
Return the additive inverse of *this
Definition at line 145 of file ec_scalar.cpp.
References EC_Scalar(), and negate().
Referenced by negate().
◆ one()
Return the scalar value 1
Definition at line 65 of file ec_scalar.cpp.
References Botan::EC_Group::_data(), and EC_Scalar().
◆ operator=() [1/2]
Definition at line 30 of file ec_scalar.cpp.
References assign(), and EC_Scalar().
◆ operator=() [2/2]
Definition at line 37 of file ec_scalar.cpp.
References _inner(), BOTAN_ARG_CHECK, and EC_Scalar().
◆ random()
|
static |
Return a new random scalar value
Definition at line 61 of file ec_scalar.cpp.
References Botan::EC_Group::_data(), and EC_Scalar().
Referenced by Botan::EC_PrivateKey::EC_PrivateKey(), and Botan::EC_PrivateKey::EC_PrivateKey().
◆ serialize()
|
inline |
Return the bytes of the encoded scalar in a container
Definition at line 130 of file ec_scalar.h.
References serialize_to().
◆ serialize_pair()
|
inlinestatic |
Return the bytes of the encoded scalar in a container
Definition at line 147 of file ec_scalar.h.
References bytes(), EC_Scalar(), and serialize_pair_to().
◆ serialize_pair_to()
|
static |
Write the fixed length serialization to bytes
The provided span must be exactly 2*bytes() long
Definition at line 92 of file ec_scalar.cpp.
References _inner(), BOTAN_ARG_CHECK, bytes(), EC_Scalar(), Botan::EC_Scalar_Data::group(), and serialize_to().
Referenced by serialize_pair().
◆ serialize_to()
| void Botan::EC_Scalar::serialize_to | ( | std::span< uint8_t > | bytes | ) | const |
Write the fixed length serialization to bytes
The provided span must be exactly bytes() long
Definition at line 88 of file ec_scalar.cpp.
References bytes().
Referenced by serialize(), and serialize_pair_to().
◆ square_self()
| void Botan::EC_Scalar::square_self | ( | ) |
Set *this to its own square modulo the group order
Definition at line 149 of file ec_scalar.cpp.
◆ sub()
Scalar subtraction (modulo group order)
Definition at line 157 of file ec_scalar.cpp.
References EC_Scalar(), and sub().
◆ to_bigint()
| BigInt Botan::EC_Scalar::to_bigint | ( | ) | const |
Convert *this to a BigInt
Definition at line 77 of file ec_scalar.cpp.
References bytes(), and Botan::BigInt::from_bytes().
◆ zeroize()
| void Botan::EC_Scalar::zeroize | ( | ) |
Equivalent to assigning a zero value, but also does so in a way that attempts to ensure the write always occurs even if a compiler can deduce the assignment is otherwise unnecessary.
Definition at line 169 of file ec_scalar.cpp.
Friends And Related Symbol Documentation
◆ EC_AffinePoint
|
friend |
Definition at line 249 of file ec_scalar.h.
References EC_AffinePoint, and EC_Scalar().
Referenced by EC_AffinePoint.
◆ operator*
Definition at line 232 of file ec_scalar.h.
References EC_Scalar(), and mul().
◆ operator+
Definition at line 228 of file ec_scalar.h.
References add(), and EC_Scalar().
◆ operator-
Definition at line 230 of file ec_scalar.h.
References EC_Scalar(), and sub().
◆ operator==
Definition at line 234 of file ec_scalar.h.
References EC_Scalar(), and is_eq().
The documentation for this class was generated from the following files:
- src/lib/pubkey/ec_group/ec_scalar.h
- src/lib/pubkey/ec_group/ec_scalar.cpp
Generated by
1.14.0