#include <curve448_gf.h>

Public Member Functions
void	ct_cond_assign (CT::Mask< uint64_t > mask, const Gf448Elem &other)
	Set this to `other` if `mask` is true. Constant time.
void	ct_cond_swap (CT::Mask< uint64_t > mask, Gf448Elem &other)
	Swap this and `other` if `mask` is set. Constant time.
	Gf448Elem (std::span< const uint64_t, WORDS_448 > data)
	Construct a GF element from a 448-bit integer gives as 7 uint64_t words `x` in little-endian order.
	Gf448Elem (std::span< const uint8_t, BYTES_448 > x)
	Construct a GF element from a 448-bit integer gives as 56 bytes `x` in little-endian order.
	Gf448Elem (uint64_t least_sig_word)
	Construct a GF element by passing the least significant 64 bits as a word. All other become zero.
bool	is_odd () const
	Return true iff this element is odd. Constant time.
bool	is_zero () const
	Return true iff this element is zero. Constant time.
bool	operator!= (const Gf448Elem &other) const =default
Gf448Elem	operator* (const Gf448Elem &other) const
Gf448Elem	operator+ (const Gf448Elem &other) const
Gf448Elem	operator- () const
Gf448Elem	operator- (const Gf448Elem &other) const
Gf448Elem	operator/ (const Gf448Elem &other) const
bool	operator== (const Gf448Elem &other) const
std::array< uint8_t, BYTES_448 >	to_bytes () const
	Return the canonical representation of the GF element as 56 bytes in little-endian order.
void	to_bytes (std::span< uint8_t, BYTES_448 > out) const
	Store the canonical representation of the GF element as 56 bytes in little-endian order.
std::span< uint64_t, WORDS_448 >	words ()
	Accessor to the internal words of the GF element.
std::span< const uint64_t, WORDS_448 >	words () const
	Constant accessor to the internal words of the GF element.

Static Public Member Functions
static bool	bytes_are_canonical_representation (std::span< const uint8_t, BYTES_448 > x)
	Given 56 bytes, checks that the (little endian) number from this bytes is a valid GF element, i.e. is smaller than the prime modulus.
static Gf448Elem	one ()
static Gf448Elem	zero ()

Detailed Description

This class represents a GF element in the field GF(2^448 - 2^224 - 1). Computations are performed using optimized operations as defined in the paper: "Reduction Modulo 2^448 - 2^224 - 1" by Kaushik Nath and Palash Sarkar (https://eprint.iacr.org/2019/1304).

The representation of the field element is a 448-bit uint, stored in little-endian order as 7*64bit words. Note that the internal representation is not necessarily canonical, i.e. the value might be larger than the prime modulus. When calling the to_bytes() method, the canonical representation is returned.

Definition at line 36 of file curve448_gf.h.

Constructor & Destructor Documentation

◆ Gf448Elem() [1/3]

Botan::Gf448Elem::Gf448Elem ( std::span< const uint8_t, BYTES_448 > x )

explicit

Construct a GF element from a 448-bit integer gives as 56 bytes x in little-endian order.

Definition at line 356 of file curve448_gf.cpp.

                                                          {
   load_le(m_x, x);
}

References Botan::load_le().

Referenced by ct_cond_assign(), ct_cond_swap(), one(), operator!=(), operator*(), operator+(), operator-(), operator-(), operator/(), operator==(), and zero().

◆ Gf448Elem() [2/3]

Botan::Gf448Elem::Gf448Elem ( std::span< const uint64_t, WORDS_448 > data )

inlineexplicit

Construct a GF element from a 448-bit integer gives as 7 uint64_t words x in little-endian order.

Definition at line 48 of file curve448_gf.h.

48{ copy_mem(m_x, data); }

Botan::copy_mem

constexpr void copy_mem(T *out, const T *in, size_t n)

Definition mem_ops.h:144

References Botan::copy_mem().

◆ Gf448Elem() [3/3]

Botan::Gf448Elem::Gf448Elem ( uint64_t least_sig_word )

explicit

Construct a GF element by passing the least significant 64 bits as a word. All other become zero.

Definition at line 360 of file curve448_gf.cpp.

                                              {
   clear_mem(m_x);
   m_x[0] = least_sig_word;
}

References Botan::clear_mem().

Member Function Documentation

◆ bytes_are_canonical_representation()

bool Botan::Gf448Elem::bytes_are_canonical_representation ( std::span< const uint8_t, BYTES_448 > x )

static

Given 56 bytes, checks that the (little endian) number from this bytes is a valid GF element, i.e. is smaller than the prime modulus.

Definition at line 433 of file curve448_gf.cpp.

                                                                                      {
   const auto x_words = load_le<std::array<uint64_t, WORDS_448>>(x);
   const auto x_words_canonical = to_canonical(x_words);
   return CT::is_equal(x_words.data(), x_words_canonical.data(), WORDS_448).as_bool();
}

References Botan::CT::is_equal(), Botan::load_le(), and Botan::WORDS_448.

Referenced by Botan::Ed448Point::decode().

◆ ct_cond_assign()

void Botan::Gf448Elem::ct_cond_assign	(	CT::Mask< uint64_t >	mask,
		const Gf448Elem &	other )

Set this to other if mask is true. Constant time.

Definition at line 381 of file curve448_gf.cpp.

                                                                            {
   mask.select_n(m_x.data(), other.m_x.data(), m_x.data(), WORDS_448);
}

References Gf448Elem(), Botan::CT::Mask< T >::select_n(), and Botan::WORDS_448.

◆ ct_cond_swap()

void Botan::Gf448Elem::ct_cond_swap	(	CT::Mask< uint64_t >	mask,
		Gf448Elem &	other )

Swap this and other if mask is set. Constant time.

Definition at line 375 of file curve448_gf.cpp.

                                                                    {
   for(size_t i = 0; i < WORDS_448; ++i) {
      mask.conditional_swap(m_x[i], other.m_x[i]);
   }
}

References Botan::CT::Mask< T >::conditional_swap(), Gf448Elem(), and Botan::WORDS_448.

Referenced by Botan::x448().

◆ is_odd()

bool Botan::Gf448Elem::is_odd ( ) const

Return true iff this element is odd. Constant time.

Definition at line 428 of file curve448_gf.cpp.

                             {
   const auto canonical_form = to_canonical(m_x);
   return (canonical_form[0] & 1) == 1;
}

Referenced by Botan::Ed448Point::decode(), and Botan::Ed448Point::encode().

◆ is_zero()

bool Botan::Gf448Elem::is_zero ( ) const

Return true iff this element is zero. Constant time.

Definition at line 422 of file curve448_gf.cpp.

                              {
   const auto canonical_form = to_canonical(m_x);
 
   return CT::all_zeros(canonical_form.data(), WORDS_448).as_bool();
}

References Botan::CT::all_zeros(), and Botan::WORDS_448.

◆ one()

Gf448Elem Botan::Gf448Elem::one ( )

inlinestatic

Return the constant value one

Definition at line 64 of file curve448_gf.h.

64{ return Gf448Elem(1); }

Botan::Gf448Elem::Gf448Elem

Gf448Elem(std::span< const uint8_t, BYTES_448 > x)

Construct a GF element from a 448-bit integer gives as 56 bytes x in little-endian order.

Definition curve448_gf.cpp:356

References Gf448Elem().

Referenced by Botan::Ed448Point::decode(), Botan::Ed448Point::identity(), and Botan::x448().

◆ operator!=()

bool Botan::Gf448Elem::operator!= ( const Gf448Elem & other ) const

default

References Gf448Elem().

◆ operator*()

Gf448Elem Botan::Gf448Elem::operator* ( const Gf448Elem & other ) const

Definition at line 403 of file curve448_gf.cpp.

                                                           {
   Gf448Elem res(0);
   gf_mul(res.m_x, m_x, other.m_x);
   return res;
}

References Gf448Elem().

◆ operator+()

Gf448Elem Botan::Gf448Elem::operator+ ( const Gf448Elem & other ) const

Definition at line 385 of file curve448_gf.cpp.

                                                           {
   Gf448Elem res(0);
   gf_add(res.m_x, m_x, other.m_x);
   return res;
}

References Gf448Elem().

◆ operator-() [1/2]

Gf448Elem Botan::Gf448Elem::operator- ( ) const

Definition at line 397 of file curve448_gf.cpp.

                                     {
   Gf448Elem res(0);
   gf_sub(res.m_x, res.m_x, m_x);
   return res;
}

References Gf448Elem().

◆ operator-() [2/2]

Gf448Elem Botan::Gf448Elem::operator- ( const Gf448Elem & other ) const

Definition at line 391 of file curve448_gf.cpp.

                                                           {
   Gf448Elem res(0);
   gf_sub(res.m_x, m_x, other.m_x);
   return res;
}

References Gf448Elem().

◆ operator/()

Gf448Elem Botan::Gf448Elem::operator/ ( const Gf448Elem & other ) const

Definition at line 409 of file curve448_gf.cpp.

                                                           {
   Gf448Elem res(0);
   gf_inv(res.m_x, other.m_x);
   gf_mul(res.m_x, m_x, res.m_x);
   return res;
}

References Gf448Elem().

◆ operator==()

bool Botan::Gf448Elem::operator== ( const Gf448Elem & other ) const

Definition at line 416 of file curve448_gf.cpp.

                                                       {
   const auto canonical_form_this = to_canonical(m_x);
   const auto canonical_form_other = to_canonical(other.m_x);
   return CT::is_equal(canonical_form_this.data(), canonical_form_other.data(), WORDS_448).as_bool();
}

References Gf448Elem(), Botan::CT::is_equal(), and Botan::WORDS_448.

◆ to_bytes() [1/2]

std::array< uint8_t, BYTES_448 > Botan::Gf448Elem::to_bytes ( ) const

Return the canonical representation of the GF element as 56 bytes in little-endian order.

Definition at line 369 of file curve448_gf.cpp.

                                                       {
   std::array<uint8_t, BYTES_448> bytes{};
   to_bytes(bytes);
   return bytes;
}

References to_bytes().

Referenced by to_bytes().

◆ to_bytes() [2/2]

void Botan::Gf448Elem::to_bytes ( std::span< uint8_t, BYTES_448 > out ) const

Store the canonical representation of the GF element as 56 bytes in little-endian order.

Parameters

out	The 56 byte output buffer.

Definition at line 365 of file curve448_gf.cpp.

                                                              {
   store_le(out, to_canonical(m_x));
}

References Botan::store_le().

Referenced by Botan::Ed448Point::encode().

◆ words() [1/2]

std::span< uint64_t, WORDS_448 > Botan::Gf448Elem::words ( )

inline

Accessor to the internal words of the GF element.

Note that the internal representation is not necessarily canonical, i.e. the value might be larger than the prime modulus.

Definition at line 120 of file curve448_gf.h.

120{ return m_x; }

Referenced by Botan::mul_a24(), Botan::root(), and Botan::square().

◆ words() [2/2]

std::span< const uint64_t, WORDS_448 > Botan::Gf448Elem::words ( ) const

inline

Constant accessor to the internal words of the GF element.

Note that the internal representation is not necessarily canonical, i.e. the value might be larger than the prime modulus.

Definition at line 128 of file curve448_gf.h.

128{ return m_x; }

◆ zero()

Gf448Elem Botan::Gf448Elem::zero ( )

inlinestatic

Return the constant value zero

Definition at line 59 of file curve448_gf.h.

59{ return Gf448Elem(0); }

References Gf448Elem().

Referenced by Botan::Ed448Point::identity(), and Botan::x448().

The documentation for this class was generated from the following files:

src/lib/pubkey/curve448/curve448_gf.h
src/lib/pubkey/curve448/curve448_gf.cpp

Public Member Functions

Static Public Member Functions

Detailed Description

Constructor & Destructor Documentation

◆ Gf448Elem() [1/3]

◆ Gf448Elem() [2/3]

◆ Gf448Elem() [3/3]

Member Function Documentation

◆ bytes_are_canonical_representation()

◆ ct_cond_assign()

◆ ct_cond_swap()

◆ is_odd()

◆ is_zero()

◆ one()

◆ operator!=()

◆ operator*()

◆ operator+()

◆ operator-() [1/2]

◆ operator-() [2/2]

◆ operator/()

◆ operator==()

◆ to_bytes() [1/2]

◆ to_bytes() [2/2]

◆ words() [1/2]

◆ words() [2/2]

◆ zero()