Botan 3.9.0
Crypto and TLS for C&
Public Types | Public Member Functions | Static Public Member Functions | Static Public Attributes | List of all members
Botan::PCurve::GenericPrimeOrderCurve Class Referencefinal

#include <pcurves_generic.h>

Inheritance diagram for Botan::PCurve::GenericPrimeOrderCurve:
Botan::PCurve::PrimeOrderCurve

Public Types

typedef std::shared_ptr< const PrimeOrderCurveCurvePtr
typedef std::array< word, StorageWordsStorageUnit

Public Member Functions

const GenericCurveParams & _params () const
void _precompute_base_mul ()
bool affine_point_is_identity (const AffinePoint &pt) const override
Scalar base_point_mul_x_mod_order (const Scalar &scalar, RandomNumberGenerator &rng) const override
std::optional< AffinePointdeserialize_point (std::span< const uint8_t > bytes) const override
std::optional< Scalardeserialize_scalar (std::span< const uint8_t > bytes) const override
size_t field_element_bytes () const override
AffinePoint generator () const override
 Return the standard generator.
 GenericPrimeOrderCurve (const BigInt &p, const BigInt &a, const BigInt &b, const BigInt &base_x, const BigInt &base_y, const BigInt &order)
AffinePoint hash_to_curve_nu (std::function< void(std::span< uint8_t >)> expand_message) const override
ProjectivePoint hash_to_curve_ro (std::function< void(std::span< uint8_t >)> expand_message) const override
ProjectivePoint mul (const AffinePoint &pt, const Scalar &scalar, RandomNumberGenerator &rng) const override
std::unique_ptr< const PrecomputedMul2Tablemul2_setup_g (const AffinePoint &q) const override
 Setup a table for 2-ary multiplication where the first point is the generator.
std::optional< ProjectivePointmul2_vartime (const PrecomputedMul2Table &tableb, const Scalar &x, const Scalar &y) const override
bool mul2_vartime_x_mod_order_eq (const PrecomputedMul2Table &tableb, const Scalar &v, const Scalar &s1, const Scalar &s2) const override
ProjectivePoint mul_by_g (const Scalar &scalar, RandomNumberGenerator &rng) const override
std::optional< ProjectivePointmul_px_qy (const AffinePoint &p, const Scalar &x, const AffinePoint &q, const Scalar &y, RandomNumberGenerator &rng) const override
secure_vector< uint8_t > mul_x_only (const AffinePoint &pt, const Scalar &scalar, RandomNumberGenerator &rng) const override
size_t order_bits () const override
 Return the bit length of the group order.
ProjectivePoint point_add (const AffinePoint &a, const AffinePoint &b) const override
AffinePoint point_negate (const AffinePoint &pt) const override
AffinePoint point_to_affine (const ProjectivePoint &pt) const override
Scalar random_scalar (RandomNumberGenerator &rng) const override
Scalar scalar_add (const Scalar &a, const Scalar &b) const override
 Scalar addition.
size_t scalar_bytes () const override
 Return the byte length of the scalar element.
bool scalar_equal (const Scalar &a, const Scalar &b) const override
 Test if two scalars are equal.
std::optional< Scalarscalar_from_wide_bytes (std::span< const uint8_t > bytes) const override
Scalar scalar_invert (const Scalar &s) const override
 Scalar inversion.
Scalar scalar_invert_vartime (const Scalar &s) const override
 Scalar inversion (variable time)
bool scalar_is_zero (const Scalar &s) const override
 Test if scalar is zero.
Scalar scalar_mul (const Scalar &a, const Scalar &b) const override
 Scalar multiplication.
Scalar scalar_negate (const Scalar &s) const override
 Scalar negation.
Scalar scalar_one () const override
Scalar scalar_square (const Scalar &s) const override
 Scalar squaring.
Scalar scalar_sub (const Scalar &a, const Scalar &b) const override
 Scalar subtraction.
void serialize_point (std::span< uint8_t > bytes, const AffinePoint &pt) const override
void serialize_scalar (std::span< uint8_t > bytes, const Scalar &scalar) const override

Static Public Member Functions

static std::shared_ptr< const PrimeOrderCurvefor_named_curve (std::string_view name)
static std::shared_ptr< const PrimeOrderCurvefrom_params (const BigInt &p, const BigInt &a, const BigInt &b, const BigInt &base_x, const BigInt &base_y, const BigInt &order)

Static Public Attributes

static constexpr size_t MaximumBitLength = 521
static constexpr size_t MaximumByteLength = (MaximumBitLength + 7) / 8
static constexpr size_t StorageWords = (MaximumByteLength + sizeof(word) - 1) / sizeof(word)
 Number of words used to store MaximumByteLength.

Detailed Description

Definition at line 23 of file pcurves_generic.h.

Member Typedef Documentation

◆ CurvePtr

typedef std::shared_ptr<const PrimeOrderCurve> Botan::PCurve::PrimeOrderCurve::CurvePtr
inherited

Definition at line 61 of file pcurves.h.

◆ StorageUnit

typedef std::array<word, StorageWords> Botan::PCurve::PrimeOrderCurve::StorageUnit
inherited

Definition at line 60 of file pcurves.h.

Constructor & Destructor Documentation

◆ GenericPrimeOrderCurve()

Botan::PCurve::GenericPrimeOrderCurve::GenericPrimeOrderCurve ( const BigInt & p,
const BigInt & a,
const BigInt & b,
const BigInt & base_x,
const BigInt & base_y,
const BigInt & order )

Definition at line 1397 of file pcurves_generic.cpp.

1398 :
1399 m_params(std::make_unique<GenericCurveParams>(p, a, b, base_x, base_y, order)) {}

Member Function Documentation

◆ _params()

const GenericCurveParams & Botan::PCurve::GenericPrimeOrderCurve::_params ( ) const
inline

Definition at line 113 of file pcurves_generic.h.

113{ return *m_params; }

Referenced by field_element_bytes(), generator(), mul2_vartime_x_mod_order_eq(), order_bits(), scalar_bytes(), and serialize_scalar().

◆ _precompute_base_mul()

void Botan::PCurve::GenericPrimeOrderCurve::_precompute_base_mul ( )

Definition at line 1401 of file pcurves_generic.cpp.

1401 {
1402 BOTAN_STATE_CHECK(m_basemul == nullptr);
1403 m_basemul = std::make_unique<GenericBaseMulTable>(from_stash(generator()));
1404}
BOTAN_STATE_CHECK
#define BOTAN_STATE_CHECK(expr)
Definition assert.h:49
Botan::PCurve::GenericPrimeOrderCurve::generator
AffinePoint generator() const override
Return the standard generator.
Definition pcurves_generic.cpp:1511

References BOTAN_STATE_CHECK, and generator().

◆ affine_point_is_identity()

bool Botan::PCurve::GenericPrimeOrderCurve::affine_point_is_identity ( const AffinePoint & pt) const
overridevirtual

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1535 of file pcurves_generic.cpp.

1535 {
1536 return from_stash(pt).is_identity().as_bool();
1537}

◆ base_point_mul_x_mod_order()

PrimeOrderCurve::Scalar Botan::PCurve::GenericPrimeOrderCurve::base_point_mul_x_mod_order ( const Scalar & scalar,
RandomNumberGenerator & rng ) const
overridevirtual

Base point multiplication, returning only the x coordinate modulo the group order

Multiply by the standard generator point g, then extract the x coordinate as an integer, then reduce the x coordinate modulo the group order

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1424 of file pcurves_generic.cpp.

1425 {
1426 BOTAN_STATE_CHECK(m_basemul != nullptr);
1427 auto pt_s = m_basemul->mul(from_stash(scalar), rng);
1428 const auto x_bytes = to_affine_x<GenericCurve>(pt_s).serialize<secure_vector<uint8_t>>();
1429 if(auto s = GenericScalar::from_wide_bytes(this, x_bytes)) {
1430 return stash(*s);
1431 } else {
1432 throw Internal_Error("Failed to convert x coordinate to integer modulo scalar");
1433 }
1434}
Botan::to_affine_x
auto to_affine_x(const typename C::ProjectivePoint &pt)
Definition pcurves_algos.h:95
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:69

References BOTAN_STATE_CHECK, and Botan::to_affine_x().

◆ deserialize_point()

std::optional< PrimeOrderCurve::AffinePoint > Botan::PCurve::GenericPrimeOrderCurve::deserialize_point ( std::span< const uint8_t > bytes) const
overridevirtual

Deserialize a point

Both compressed and uncompressed encodings are accepted

Note that the deprecated "hybrid" encoding is not supported here

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1566 of file pcurves_generic.cpp.

1567 {
1568 if(auto pt = GenericAffinePoint::deserialize(this, bytes)) {
1569 return stash(pt.value());
1570 } else {
1571 return {};
1572 }
1573}

◆ deserialize_scalar()

std::optional< PrimeOrderCurve::Scalar > Botan::PCurve::GenericPrimeOrderCurve::deserialize_scalar ( std::span< const uint8_t > bytes) const
overridevirtual

Deserialize a scalar in [1,p)

This function requires the input length be exactly scalar_bytes long; it does not accept inputs that are shorter, or with excess leading zero padding bytes.

This function also rejects zero as an input, since in normal usage scalars are integers in Z_p*

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1548 of file pcurves_generic.cpp.

1549 {
1550 if(auto s = GenericScalar::deserialize(this, bytes)) {
1551 return stash(s.value());
1552 } else {
1553 return {};
1554 }
1555}

◆ field_element_bytes()

size_t Botan::PCurve::GenericPrimeOrderCurve::field_element_bytes ( ) const
overridevirtual

Return the byte length of a field element

Each point consists of two field elements

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1414 of file pcurves_generic.cpp.

1414 {
1415 return _params().field_bytes();
1416}
Botan::PCurve::GenericPrimeOrderCurve::_params
const GenericCurveParams & _params() const
Definition pcurves_generic.h:113

References _params().

◆ for_named_curve()

std::shared_ptr< const PrimeOrderCurve > Botan::PCurve::PrimeOrderCurve::for_named_curve ( std::string_view name)
staticinherited
Returns
nullptr if the curve specified is not available

Definition at line 26 of file pcurves.cpp.

26 {
27#if defined(BOTAN_HAS_PCURVES_SECP256R1)
28 if(name == "secp256r1") {
29 return PCurveInstance::secp256r1();
30 }
31#endif
32
33#if defined(BOTAN_HAS_PCURVES_SECP384R1)
34 if(name == "secp384r1") {
35 return PCurveInstance::secp384r1();
36 }
37#endif
38
39#if defined(BOTAN_HAS_PCURVES_SECP521R1)
40 if(name == "secp521r1") {
41 return PCurveInstance::secp521r1();
42 }
43#endif
44
45#if defined(BOTAN_HAS_PCURVES_BRAINPOOL256R1)
46 if(name == "brainpool256r1") {
47 return PCurveInstance::brainpool256r1();
48 }
49#endif
50
51#if defined(BOTAN_HAS_PCURVES_BRAINPOOL384R1)
52 if(name == "brainpool384r1") {
53 return PCurveInstance::brainpool384r1();
54 }
55#endif
56
57#if defined(BOTAN_HAS_PCURVES_BRAINPOOL512R1)
58 if(name == "brainpool512r1") {
59 return PCurveInstance::brainpool512r1();
60 }
61#endif
62
63#if defined(BOTAN_HAS_PCURVES_FRP256V1)
64 if(name == "frp256v1") {
65 return PCurveInstance::frp256v1();
66 }
67#endif
68
69#if defined(BOTAN_HAS_PCURVES_SECP192R1)
70 if(name == "secp192r1") {
71 return PCurveInstance::secp192r1();
72 }
73#endif
74
75#if defined(BOTAN_HAS_PCURVES_SECP224R1)
76 if(name == "secp224r1") {
77 return PCurveInstance::secp224r1();
78 }
79#endif
80
81#if defined(BOTAN_HAS_PCURVES_SECP256K1)
82 if(name == "secp256k1") {
83 return PCurveInstance::secp256k1();
84 }
85#endif
86
87#if defined(BOTAN_HAS_PCURVES_SM2P256V1)
88 if(name == "sm2p256v1") {
89 return PCurveInstance::sm2p256v1();
90 }
91#endif
92
93#if defined(BOTAN_HAS_PCURVES_NUMSP512D1)
94 if(name == "numsp512d1") {
95 return PCurveInstance::numsp512d1();
96 }
97#endif
98
99 BOTAN_UNUSED(name);
100 return {};
101}
BOTAN_UNUSED
#define BOTAN_UNUSED
Definition assert.h:144

References BOTAN_UNUSED.

◆ from_params()

std::shared_ptr< const PrimeOrderCurve > Botan::PCurve::PrimeOrderCurve::from_params ( const BigInt & p,
const BigInt & a,
const BigInt & b,
const BigInt & base_x,
const BigInt & base_y,
const BigInt & order )
staticinherited
Returns
nullptr if the parameters seem unsuitable for pcurves for example if the prime is too large

This function should accept the same subset of curves as the EC_Group constructor that accepts BigInts.

Definition at line 15 of file pcurves.cpp.

16 {
17#if defined(BOTAN_HAS_PCURVES_GENERIC)
18 return PCurveInstance::from_params(p, a, b, base_x, base_y, order);
19#endif
20
21 BOTAN_UNUSED(p, a, b, base_x, base_y, order);
22 return {};
23}

References BOTAN_UNUSED.

◆ generator()

PrimeOrderCurve::AffinePoint Botan::PCurve::GenericPrimeOrderCurve::generator ( ) const
overridevirtual

Return the standard generator.

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1511 of file pcurves_generic.cpp.

1511 {
1512 return PrimeOrderCurve::AffinePoint::_create(shared_from_this(), _params().base_x(), _params().base_y());
1513}
Botan::PCurve::PrimeOrderCurve::AffinePoint::_create
static AffinePoint _create(CurvePtr curve, StorageUnit x, StorageUnit y)
Definition pcurves.h:114

References Botan::PCurve::PrimeOrderCurve::AffinePoint::_create(), and _params().

Referenced by _precompute_base_mul(), and mul2_setup_g().

◆ hash_to_curve_nu()

PrimeOrderCurve::AffinePoint Botan::PCurve::GenericPrimeOrderCurve::hash_to_curve_nu ( std::function< void(std::span< uint8_t >)> expand_message) const
overridevirtual

RFC 9380 hash to curve (NU variant)

This is currently only supported for a few specific curves

Parameters
expand_messageis a callback which must fill the provided output span with a sequence of uniform bytes, or if this is not possible due to length limitations or some other issue, throw an exception. It is invoked to produce the uniform_bytes value; see RFC 9380 section 5.2

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1656 of file pcurves_generic.cpp.

1657 {
1658 BOTAN_UNUSED(expand_message);
1659 throw Not_Implemented("Hash to curve is not implemented for this curve");
1660}

References BOTAN_UNUSED.

◆ hash_to_curve_ro()

PrimeOrderCurve::ProjectivePoint Botan::PCurve::GenericPrimeOrderCurve::hash_to_curve_ro ( std::function< void(std::span< uint8_t >)> expand_message) const
overridevirtual

RFC 9380 hash to curve (RO variant)

This is currently only supported for a few specific curves

Parameters
expand_messageis a callback which must fill the provided output span with a sequence of uniform bytes, or if this is not possible due to length limitations or some other issue, throw an exception. It is invoked to produce the uniform_bytes value; see RFC 9380 section 5.2

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1662 of file pcurves_generic.cpp.

1663 {
1664 BOTAN_UNUSED(expand_message);
1665 throw Not_Implemented("Hash to curve is not implemented for this curve");
1666}

References BOTAN_UNUSED.

◆ mul()

PrimeOrderCurve::ProjectivePoint Botan::PCurve::GenericPrimeOrderCurve::mul ( const AffinePoint & pt,
const Scalar & scalar,
RandomNumberGenerator & rng ) const
overridevirtual

Generic point multiplication

Multiply an arbitrary point by a scalar

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1436 of file pcurves_generic.cpp.

1438 {
1439 GenericWindowedMul pt_table(from_stash(pt));
1440 return stash(pt_table.mul(from_stash(scalar), rng));
1441}

◆ mul2_setup_g()

std::unique_ptr< const PrimeOrderCurve::PrecomputedMul2Table > Botan::PCurve::GenericPrimeOrderCurve::mul2_setup_g ( const AffinePoint & q) const
overridevirtual

Setup a table for 2-ary multiplication where the first point is the generator.

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1451 of file pcurves_generic.cpp.

1452 {
1453 return std::make_unique<GenericVartimeWindowedMul2>(from_stash(generator()), from_stash(q));
1454}

References generator().

◆ mul2_vartime()

std::optional< PrimeOrderCurve::ProjectivePoint > Botan::PCurve::GenericPrimeOrderCurve::mul2_vartime ( const PrecomputedMul2Table & table,
const Scalar & x,
const Scalar & y ) const
overridevirtual

Perform 2-ary multiplication (variable time)

Compute p*x + q*y in variable time

Returns nullopt if the produced point is the point at infinity

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1456 of file pcurves_generic.cpp.

1458 {
1459 const auto& tbl = dynamic_cast<const GenericVartimeWindowedMul2&>(tableb);
1460 auto pt = tbl.mul2_vartime(from_stash(s1), from_stash(s2));
1461 if(pt.is_identity().as_bool()) {
1462 return {};
1463 } else {
1464 return stash(pt);
1465 }
1466}

◆ mul2_vartime_x_mod_order_eq()

bool Botan::PCurve::GenericPrimeOrderCurve::mul2_vartime_x_mod_order_eq ( const PrecomputedMul2Table & table,
const Scalar & v,
const Scalar & x,
const Scalar & y ) const
overridevirtual

Perform 2-ary multiplication (variable time), reducing x modulo order

Compute p*x + q*y in variable time, then extract the x coordinate of the result, and reduce x modulo the group order. Compare that value with v. If equal, returns true. Otherwise returns false, including if the produced point is the point at infinity

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1479 of file pcurves_generic.cpp.

1482 {
1483 const auto& tbl = dynamic_cast<const GenericVartimeWindowedMul2&>(tableb);
1484 auto pt = tbl.mul2_vartime(from_stash(s1), from_stash(s2));
1485
1486 if(!pt.is_identity().as_bool()) {
1487 const auto z2 = pt.z().square();
1488
1489 const auto v_bytes = from_stash(v).serialize<std::vector<uint8_t>>();
1490
1491 if(auto fe_v = GenericField::deserialize(this, v_bytes)) {
1492 if((*fe_v * z2 == pt.x()).as_bool()) {
1493 return true;
1494 }
1495
1496 if(_params().order_is_less_than_field()) {
1497 const auto n = GenericField::from_words(this, _params().order());
1498 const auto neg_n = n.negate().to_words();
1499
1500 const auto vw = fe_v->to_words();
1501 if(bigint_ct_is_lt(vw.data(), vw.size(), neg_n.data(), neg_n.size()).as_bool()) {
1502 return (((*fe_v + n) * z2) == pt.x()).as_bool();
1503 }
1504 }
1505 }
1506 }
1507
1508 return false;
1509}
Botan::bigint_ct_is_lt
constexpr auto bigint_ct_is_lt(const W x[], size_t x_size, const W y[], size_t y_size, bool lt_or_equal=false) -> CT::Mask< W >
Definition mp_core.h:475

References _params(), and Botan::bigint_ct_is_lt().

◆ mul_by_g()

PrimeOrderCurve::ProjectivePoint Botan::PCurve::GenericPrimeOrderCurve::mul_by_g ( const Scalar & scalar,
RandomNumberGenerator & rng ) const
overridevirtual

Base point multiplication

Multiply by the standard generator point g

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1418 of file pcurves_generic.cpp.

1419 {
1420 BOTAN_STATE_CHECK(m_basemul != nullptr);
1421 return stash(m_basemul->mul(from_stash(scalar), rng));
1422}

References BOTAN_STATE_CHECK.

◆ mul_px_qy()

std::optional< PrimeOrderCurve::ProjectivePoint > Botan::PCurve::GenericPrimeOrderCurve::mul_px_qy ( const AffinePoint & p,
const Scalar & x,
const AffinePoint & q,
const Scalar & y,
RandomNumberGenerator & rng ) const
overridevirtual

Perform 2-ary multiplication (constant time)

Compute p*x + q*y

Returns nullopt if the produced point is the point at infinity

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1468 of file pcurves_generic.cpp.

1469 {
1470 GenericWindowedMul2 table(from_stash(p), from_stash(q));
1471 auto pt = table.mul2(from_stash(x), from_stash(y), rng);
1472 if(pt.is_identity().as_bool()) {
1473 return {};
1474 } else {
1475 return stash(pt);
1476 }
1477}

◆ mul_x_only()

secure_vector< uint8_t > Botan::PCurve::GenericPrimeOrderCurve::mul_x_only ( const AffinePoint & pt,
const Scalar & scalar,
RandomNumberGenerator & rng ) const
overridevirtual

Generic x-only point multiplication

Multiply an arbitrary point by a scalar, returning only the x coordinate

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1443 of file pcurves_generic.cpp.

1445 {
1446 GenericWindowedMul pt_table(from_stash(pt));
1447 auto pt_s = pt_table.mul(from_stash(scalar), rng);
1448 return to_affine_x<GenericCurve>(pt_s).serialize<secure_vector<uint8_t>>();
1449}

References Botan::to_affine_x().

◆ order_bits()

size_t Botan::PCurve::GenericPrimeOrderCurve::order_bits ( ) const
overridevirtual

Return the bit length of the group order.

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1406 of file pcurves_generic.cpp.

1406 {
1407 return _params().order_bits();
1408}

References _params().

◆ point_add()

PrimeOrderCurve::ProjectivePoint Botan::PCurve::GenericPrimeOrderCurve::point_add ( const AffinePoint & a,
const AffinePoint & b ) const
overridevirtual

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1527 of file pcurves_generic.cpp.

1527 {
1528 return stash(GenericProjectivePoint::from_affine(from_stash(a)) + from_stash(b));
1529}

◆ point_negate()

PrimeOrderCurve::AffinePoint Botan::PCurve::GenericPrimeOrderCurve::point_negate ( const AffinePoint & pt) const
overridevirtual

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1531 of file pcurves_generic.cpp.

1531 {
1532 return stash(from_stash(pt).negate());
1533}

◆ point_to_affine()

PrimeOrderCurve::AffinePoint Botan::PCurve::GenericPrimeOrderCurve::point_to_affine ( const ProjectivePoint & pt) const
overridevirtual

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1515 of file pcurves_generic.cpp.

1515 {
1516 auto affine = to_affine<GenericCurve>(from_stash(pt));
1517
1518 const auto y2 = affine.y().square();
1519 const auto x3_ax_b = GenericCurve::AffinePoint::x3_ax_b(affine.x());
1520 const auto valid_point = affine.is_identity() || (y2 == x3_ax_b);
1521
1522 BOTAN_ASSERT(valid_point.as_bool(), "Computed point is on the curve");
1523
1524 return stash(affine);
1525}
BOTAN_ASSERT
#define BOTAN_ASSERT(expr, assertion_made)
Definition assert.h:62
Botan::to_affine
constexpr auto to_affine(const typename C::ProjectivePoint &pt)
Definition pcurves_algos.h:75

References BOTAN_ASSERT, and Botan::to_affine().

◆ random_scalar()

PrimeOrderCurve::Scalar Botan::PCurve::GenericPrimeOrderCurve::random_scalar ( RandomNumberGenerator & rng) const
overridevirtual

Return a new random scalar

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1615 of file pcurves_generic.cpp.

1615 {
1616 return stash(GenericScalar::random(this, rng));
1617}

◆ scalar_add()

PrimeOrderCurve::Scalar Botan::PCurve::GenericPrimeOrderCurve::scalar_add ( const Scalar & a,
const Scalar & b ) const
overridevirtual

Scalar addition.

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1575 of file pcurves_generic.cpp.

1575 {
1576 return stash(from_stash(a) + from_stash(b));
1577}

◆ scalar_bytes()

size_t Botan::PCurve::GenericPrimeOrderCurve::scalar_bytes ( ) const
overridevirtual

Return the byte length of the scalar element.

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1410 of file pcurves_generic.cpp.

1410 {
1411 return _params().order_bytes();
1412}

References _params().

◆ scalar_equal()

bool Botan::PCurve::GenericPrimeOrderCurve::scalar_equal ( const Scalar & a,
const Scalar & b ) const
overridevirtual

Test if two scalars are equal.

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1607 of file pcurves_generic.cpp.

1607 {
1608 return (from_stash(a) == from_stash(b)).as_bool();
1609}

◆ scalar_from_wide_bytes()

std::optional< PrimeOrderCurve::Scalar > Botan::PCurve::GenericPrimeOrderCurve::scalar_from_wide_bytes ( std::span< const uint8_t > bytes) const
overridevirtual

Reduce an integer modulo the group order

The input can be at most twice the bit length of the order; if larger than this nullopt is returned

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1557 of file pcurves_generic.cpp.

1558 {
1559 if(auto s = GenericScalar::from_wide_bytes(this, bytes)) {
1560 return stash(s.value());
1561 } else {
1562 return {};
1563 }
1564}

◆ scalar_invert()

PrimeOrderCurve::Scalar Botan::PCurve::GenericPrimeOrderCurve::scalar_invert ( const Scalar & s) const
overridevirtual

Scalar inversion.

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1591 of file pcurves_generic.cpp.

1591 {
1592 return stash(from_stash(s).invert());
1593}

◆ scalar_invert_vartime()

PrimeOrderCurve::Scalar Botan::PCurve::GenericPrimeOrderCurve::scalar_invert_vartime ( const Scalar & s) const
overridevirtual

Scalar inversion (variable time)

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1595 of file pcurves_generic.cpp.

1595 {
1596 return stash(from_stash(s).invert_vartime());
1597}

◆ scalar_is_zero()

bool Botan::PCurve::GenericPrimeOrderCurve::scalar_is_zero ( const Scalar & s) const
overridevirtual

Test if scalar is zero.

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1603 of file pcurves_generic.cpp.

1603 {
1604 return from_stash(s).is_zero().as_bool();
1605}

◆ scalar_mul()

PrimeOrderCurve::Scalar Botan::PCurve::GenericPrimeOrderCurve::scalar_mul ( const Scalar & a,
const Scalar & b ) const
overridevirtual

Scalar multiplication.

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1583 of file pcurves_generic.cpp.

1583 {
1584 return stash(from_stash(a) * from_stash(b));
1585}

◆ scalar_negate()

PrimeOrderCurve::Scalar Botan::PCurve::GenericPrimeOrderCurve::scalar_negate ( const Scalar & s) const
overridevirtual

Scalar negation.

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1599 of file pcurves_generic.cpp.

1599 {
1600 return stash(from_stash(s).negate());
1601}

◆ scalar_one()

PrimeOrderCurve::Scalar Botan::PCurve::GenericPrimeOrderCurve::scalar_one ( ) const
overridevirtual

Return the scalar one

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1611 of file pcurves_generic.cpp.

1611 {
1612 return stash(GenericScalar::one(this));
1613}

◆ scalar_square()

PrimeOrderCurve::Scalar Botan::PCurve::GenericPrimeOrderCurve::scalar_square ( const Scalar & s) const
overridevirtual

Scalar squaring.

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1587 of file pcurves_generic.cpp.

1587 {
1588 return stash(from_stash(s).square());
1589}
Botan::square
BigInt square(const BigInt &x)
Definition numthry.cpp:157

References Botan::square().

◆ scalar_sub()

PrimeOrderCurve::Scalar Botan::PCurve::GenericPrimeOrderCurve::scalar_sub ( const Scalar & a,
const Scalar & b ) const
overridevirtual

Scalar subtraction.

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1579 of file pcurves_generic.cpp.

1579 {
1580 return stash(from_stash(a) - from_stash(b));
1581}

◆ serialize_point()

void Botan::PCurve::GenericPrimeOrderCurve::serialize_point ( std::span< uint8_t > bytes,
const AffinePoint & pt ) const
overridevirtual

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1539 of file pcurves_generic.cpp.

1539 {
1540 from_stash(pt).serialize_to(bytes);
1541}

◆ serialize_scalar()

void Botan::PCurve::GenericPrimeOrderCurve::serialize_scalar ( std::span< uint8_t > bytes,
const Scalar & scalar ) const
overridevirtual

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1543 of file pcurves_generic.cpp.

1543 {
1544 BOTAN_ARG_CHECK(bytes.size() == _params().order_bytes(), "Invalid length to serialize_scalar");
1545 from_stash(scalar).serialize_to(bytes);
1546}
BOTAN_ARG_CHECK
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:33

References _params(), and BOTAN_ARG_CHECK.

Member Data Documentation

◆ MaximumBitLength

size_t Botan::PCurve::PrimeOrderCurve::MaximumBitLength = 521
staticconstexprinherited

Somewhat arbitrary maximum size for a field or scalar

Sized to fit at least P-521

Definition at line 38 of file pcurves.h.

◆ MaximumByteLength

size_t Botan::PCurve::PrimeOrderCurve::MaximumByteLength = (MaximumBitLength + 7) / 8
staticconstexprinherited

Definition at line 40 of file pcurves.h.

◆ StorageWords

size_t Botan::PCurve::PrimeOrderCurve::StorageWords = (MaximumByteLength + sizeof(word) - 1) / sizeof(word)
staticconstexprinherited

Number of words used to store MaximumByteLength.

Definition at line 43 of file pcurves.h.

The documentation for this class was generated from the following files:
Generated by doxygen 1.14.0