Botan 3.9.0
Crypto and TLS for C&
Public Member Functions | Static Public Member Functions | List of all members
Botan::Gf448Elem Class Referencefinal

#include <curve448_gf.h>

Public Member Functions

void ct_cond_assign (bool b, const Gf448Elem &other)
 Set this to other if b is true. Constant time for any b.
void ct_cond_swap (bool b, Gf448Elem &other)
 Swap this and other if b == true. Constant time for any b.
 Gf448Elem (std::span< const uint64_t, WORDS_448 > data)
 Construct a GF element from a 448-bit integer gives as 7 uint64_t words x in little-endian order.
 Gf448Elem (std::span< const uint8_t, BYTES_448 > x)
 Construct a GF element from a 448-bit integer gives as 56 bytes x in little-endian order.
 Gf448Elem (uint64_t least_sig_word)
 Construct a GF element by passing the least significant 64 bits as a word. All other become zero.
bool is_odd () const
 Return true iff this element is odd. Constant time.
bool is_zero () const
 Return true iff this element is zero. Constant time.
bool operator!= (const Gf448Elem &other) const =default
Gf448Elem operator* (const Gf448Elem &other) const
Gf448Elem operator+ (const Gf448Elem &other) const
Gf448Elem operator- () const
Gf448Elem operator- (const Gf448Elem &other) const
Gf448Elem operator/ (const Gf448Elem &other) const
bool operator== (const Gf448Elem &other) const
std::array< uint8_t, BYTES_448to_bytes () const
 Return the canonical representation of the GF element as 56 bytes in little-endian order.
void to_bytes (std::span< uint8_t, BYTES_448 > out) const
 Store the canonical representation of the GF element as 56 bytes in little-endian order.
std::span< uint64_t, WORDS_448words ()
 Accessor to the internal words of the GF element.
std::span< const uint64_t, WORDS_448words () const
 Constant accessor to the internal words of the GF element.

Static Public Member Functions

static bool bytes_are_canonical_representation (std::span< const uint8_t, BYTES_448 > x)
 Given 56 bytes, checks that the (little endian) number from this bytes is a valid GF element, i.e. is smaller than the prime modulus.
static Gf448Elem one ()
static Gf448Elem zero ()

Detailed Description

This class represents a GF element in the field GF(2^448 - 2^224 - 1). Computations are performed using optimized operations as defined in the paper: "Reduction Modulo 2^448 - 2^224 - 1" by Kaushik Nath and Palash Sarkar (https://eprint.iacr.org/2019/1304).

The representation of the field element is a 448-bit uint, stored in little-endian order as 7*64bit words. Note that the internal representation is not necessarily canonical, i.e. the value might be larger than the prime modulus. When calling the to_bytes() method, the canonical representation is returned.

Definition at line 35 of file curve448_gf.h.

Constructor & Destructor Documentation

◆ Gf448Elem() [1/3]

Botan::Gf448Elem::Gf448Elem ( std::span< const uint8_t, BYTES_448 > x)
explicit

Construct a GF element from a 448-bit integer gives as 56 bytes x in little-endian order.

Definition at line 228 of file curve448_gf.cpp.

228 {
229 load_le(m_x, x);
230}
Botan::load_le
constexpr auto load_le(ParamTs &&... params)
Definition loadstor.h:495

References Botan::load_le().

Referenced by ct_cond_assign(), ct_cond_swap(), one(), operator!=(), operator*(), operator+(), operator-(), operator-(), operator/(), operator==(), and zero().

◆ Gf448Elem() [2/3]

Botan::Gf448Elem::Gf448Elem ( std::span< const uint64_t, WORDS_448 > data)
inlineexplicit

Construct a GF element from a 448-bit integer gives as 7 uint64_t words x in little-endian order.

Definition at line 47 of file curve448_gf.h.

47{ copy_mem(m_x, data); }
Botan::copy_mem
constexpr void copy_mem(T *out, const T *in, size_t n)
Definition mem_ops.h:145

References Botan::copy_mem().

◆ Gf448Elem() [3/3]

Botan::Gf448Elem::Gf448Elem ( uint64_t least_sig_word)
explicit

Construct a GF element by passing the least significant 64 bits as a word. All other become zero.

Definition at line 232 of file curve448_gf.cpp.

232 {
233 clear_mem(m_x);
234 m_x[0] = least_sig_word;
235}
Botan::clear_mem
constexpr void clear_mem(T *ptr, size_t n)
Definition mem_ops.h:119

References Botan::clear_mem().

Member Function Documentation

◆ bytes_are_canonical_representation()

bool Botan::Gf448Elem::bytes_are_canonical_representation ( std::span< const uint8_t, BYTES_448 > x)
static

Given 56 bytes, checks that the (little endian) number from this bytes is a valid GF element, i.e. is smaller than the prime modulus.

Definition at line 305 of file curve448_gf.cpp.

305 {
306 const auto x_words = load_le<std::array<uint64_t, WORDS_448>>(x);
307 const auto x_words_canonical = to_canonical(x_words);
308 return CT::is_equal(x_words.data(), x_words_canonical.data(), WORDS_448).as_bool();
309}
Botan::CT::is_equal
constexpr CT::Mask< T > is_equal(const T x[], const T y[], size_t len)
Definition ct_utils.h:826
Botan::WORDS_448
constexpr size_t WORDS_448
Definition curve448_gf.h:22

References Botan::CT::is_equal(), Botan::load_le(), and Botan::WORDS_448.

Referenced by Botan::Ed448Point::decode().

◆ ct_cond_assign()

void Botan::Gf448Elem::ct_cond_assign ( bool b,
const Gf448Elem & other )

Set this to other if b is true. Constant time for any b.

Definition at line 253 of file curve448_gf.cpp.

253 {
254 CT::conditional_assign_mem(static_cast<uint64_t>(b), m_x.data(), other.m_x.data(), WORDS_448);
255}
Botan::CT::conditional_assign_mem
constexpr Mask< T > conditional_assign_mem(T cnd, T *dest, const T *src, size_t elems)
Definition ct_utils.h:777

References Botan::CT::conditional_assign_mem(), Gf448Elem(), and Botan::WORDS_448.

◆ ct_cond_swap()

void Botan::Gf448Elem::ct_cond_swap ( bool b,
Gf448Elem & other )

Swap this and other if b == true. Constant time for any b.

Definition at line 247 of file curve448_gf.cpp.

247 {
248 for(size_t i = 0; i < WORDS_448; ++i) {
249 CT::conditional_swap(b, m_x[i], other.m_x[i]);
250 }
251}
Botan::CT::conditional_swap
constexpr void conditional_swap(bool cnd, T &x, T &y)
Definition ct_utils.h:796

References Botan::CT::conditional_swap(), Gf448Elem(), and Botan::WORDS_448.

Referenced by Botan::x448().

◆ is_odd()

bool Botan::Gf448Elem::is_odd ( ) const

Return true iff this element is odd. Constant time.

Definition at line 300 of file curve448_gf.cpp.

300 {
301 const auto canonical_form = to_canonical(m_x);
302 return (canonical_form[0] & 1) == 1;
303}

Referenced by Botan::Ed448Point::decode(), and Botan::Ed448Point::encode().

◆ is_zero()

bool Botan::Gf448Elem::is_zero ( ) const

Return true iff this element is zero. Constant time.

Definition at line 294 of file curve448_gf.cpp.

294 {
295 const auto canonical_form = to_canonical(m_x);
296
297 return CT::all_zeros(canonical_form.data(), WORDS_448).as_bool();
298}
Botan::CT::all_zeros
constexpr CT::Mask< T > all_zeros(const T elem[], size_t len)
Definition ct_utils.h:813

References Botan::CT::all_zeros(), and Botan::WORDS_448.

◆ one()

Gf448Elem Botan::Gf448Elem::one ( )
inlinestatic

Return the constant value one

Definition at line 63 of file curve448_gf.h.

63{ return Gf448Elem(1); }
Botan::Gf448Elem::Gf448Elem
Gf448Elem(std::span< const uint8_t, BYTES_448 > x)
Construct a GF element from a 448-bit integer gives as 56 bytes x in little-endian order.
Definition curve448_gf.cpp:228

References Gf448Elem().

Referenced by Botan::Ed448Point::decode(), Botan::Ed448Point::identity(), and Botan::x448().

◆ operator!=()

bool Botan::Gf448Elem::operator!= ( const Gf448Elem & other) const
default

References Gf448Elem().

◆ operator*()

Gf448Elem Botan::Gf448Elem::operator* ( const Gf448Elem & other) const

Definition at line 275 of file curve448_gf.cpp.

275 {
276 Gf448Elem res(0);
277 gf_mul(res.m_x, m_x, other.m_x);
278 return res;
279}

References Gf448Elem().

◆ operator+()

Gf448Elem Botan::Gf448Elem::operator+ ( const Gf448Elem & other) const

Definition at line 257 of file curve448_gf.cpp.

257 {
258 Gf448Elem res(0);
259 gf_add(res.m_x, m_x, other.m_x);
260 return res;
261}

References Gf448Elem().

◆ operator-() [1/2]

Gf448Elem Botan::Gf448Elem::operator- ( ) const

Definition at line 269 of file curve448_gf.cpp.

269 {
270 Gf448Elem res(0);
271 gf_sub(res.m_x, res.m_x, m_x);
272 return res;
273}

References Gf448Elem().

◆ operator-() [2/2]

Gf448Elem Botan::Gf448Elem::operator- ( const Gf448Elem & other) const

Definition at line 263 of file curve448_gf.cpp.

263 {
264 Gf448Elem res(0);
265 gf_sub(res.m_x, m_x, other.m_x);
266 return res;
267}

References Gf448Elem().

◆ operator/()

Gf448Elem Botan::Gf448Elem::operator/ ( const Gf448Elem & other) const

Definition at line 281 of file curve448_gf.cpp.

281 {
282 Gf448Elem res(0);
283 gf_inv(res.m_x, other.m_x);
284 gf_mul(res.m_x, m_x, res.m_x);
285 return res;
286}

References Gf448Elem().

◆ operator==()

bool Botan::Gf448Elem::operator== ( const Gf448Elem & other) const

Definition at line 288 of file curve448_gf.cpp.

288 {
289 const auto canonical_form_this = to_canonical(m_x);
290 const auto canonical_form_other = to_canonical(other.m_x);
291 return CT::is_equal(canonical_form_this.data(), canonical_form_other.data(), WORDS_448).as_bool();
292}

References Gf448Elem(), Botan::CT::is_equal(), and Botan::WORDS_448.

◆ to_bytes() [1/2]

std::array< uint8_t, BYTES_448 > Botan::Gf448Elem::to_bytes ( ) const

Return the canonical representation of the GF element as 56 bytes in little-endian order.

Definition at line 241 of file curve448_gf.cpp.

241 {
242 std::array<uint8_t, BYTES_448> bytes{};
243 to_bytes(bytes);
244 return bytes;
245}
Botan::Gf448Elem::to_bytes
std::array< uint8_t, BYTES_448 > to_bytes() const
Return the canonical representation of the GF element as 56 bytes in little-endian order.
Definition curve448_gf.cpp:241

References to_bytes().

Referenced by to_bytes().

◆ to_bytes() [2/2]

void Botan::Gf448Elem::to_bytes ( std::span< uint8_t, BYTES_448 > out) const

Store the canonical representation of the GF element as 56 bytes in little-endian order.

Parameters
outThe 56 byte output buffer.

Definition at line 237 of file curve448_gf.cpp.

237 {
238 store_le(out, to_canonical(m_x));
239}
Botan::store_le
constexpr auto store_le(ParamTs &&... params)
Definition loadstor.h:736

References Botan::store_le().

Referenced by Botan::Ed448Point::encode().

◆ words() [1/2]

std::span< uint64_t, WORDS_448 > Botan::Gf448Elem::words ( )
inline

Accessor to the internal words of the GF element.

Note that the internal representation is not necessarily canonical, i.e. the value might be larger than the prime modulus.

Definition at line 119 of file curve448_gf.h.

119{ return m_x; }

Referenced by Botan::root(), and Botan::square().

◆ words() [2/2]

std::span< const uint64_t, WORDS_448 > Botan::Gf448Elem::words ( ) const
inline

Constant accessor to the internal words of the GF element.

Note that the internal representation is not necessarily canonical, i.e. the value might be larger than the prime modulus.

Definition at line 127 of file curve448_gf.h.

127{ return m_x; }

◆ zero()

Gf448Elem Botan::Gf448Elem::zero ( )
inlinestatic

Return the constant value zero

Definition at line 58 of file curve448_gf.h.

58{ return Gf448Elem(0); }

References Gf448Elem().

Referenced by Botan::Ed448Point::identity(), and Botan::x448().

The documentation for this class was generated from the following files:
Generated by doxygen 1.14.0