Botan 3.11.0
Crypto and TLS for C&
Public Types | Public Member Functions | Static Public Member Functions | Static Public Attributes | List of all members
Botan::PCurve::GenericPrimeOrderCurve Class Referencefinal

#include <pcurves_generic.h>

Inheritance diagram for Botan::PCurve::GenericPrimeOrderCurve:
Botan::PCurve::PrimeOrderCurve

Public Types

typedef std::shared_ptr< const PrimeOrderCurveCurvePtr
typedef std::array< word, StorageWordsStorageUnit

Public Member Functions

const GenericCurveParams & _params () const
void _precompute_base_mul ()
bool affine_point_is_identity (const AffinePoint &pt) const override
Scalar base_point_mul_x_mod_order (const Scalar &scalar, RandomNumberGenerator &rng) const override
std::optional< AffinePointdeserialize_point (std::span< const uint8_t > bytes) const override
std::optional< Scalardeserialize_scalar (std::span< const uint8_t > bytes) const override
size_t field_element_bytes () const override
AffinePoint generator () const override
 Return the standard generator.
 GenericPrimeOrderCurve (const BigInt &p, const BigInt &a, const BigInt &b, const BigInt &base_x, const BigInt &base_y, const BigInt &order)
AffinePoint hash_to_curve_nu (std::function< void(std::span< uint8_t >)> expand_message) const override
ProjectivePoint hash_to_curve_ro (std::function< void(std::span< uint8_t >)> expand_message) const override
ProjectivePoint mul (const AffinePoint &pt, const Scalar &scalar, RandomNumberGenerator &rng) const override
std::unique_ptr< const PrecomputedMul2Tablemul2_setup_g (const AffinePoint &q) const override
 Setup a table for 2-ary multiplication where the first point is the generator.
std::optional< ProjectivePointmul2_vartime (const PrecomputedMul2Table &tableb, const Scalar &x, const Scalar &y) const override
bool mul2_vartime_x_mod_order_eq (const PrecomputedMul2Table &tableb, const Scalar &v, const Scalar &s1, const Scalar &s2) const override
ProjectivePoint mul_by_g (const Scalar &scalar, RandomNumberGenerator &rng) const override
std::optional< ProjectivePointmul_px_qy (const AffinePoint &p, const Scalar &x, const AffinePoint &q, const Scalar &y, RandomNumberGenerator &rng) const override
secure_vector< uint8_t > mul_x_only (const AffinePoint &pt, const Scalar &scalar, RandomNumberGenerator &rng) const override
size_t order_bits () const override
 Return the bit length of the group order.
ProjectivePoint point_add (const AffinePoint &a, const AffinePoint &b) const override
AffinePoint point_negate (const AffinePoint &pt) const override
AffinePoint point_to_affine (const ProjectivePoint &pt) const override
Scalar random_scalar (RandomNumberGenerator &rng) const override
Scalar scalar_add (const Scalar &a, const Scalar &b) const override
 Scalar addition.
size_t scalar_bytes () const override
 Return the byte length of the scalar element.
bool scalar_equal (const Scalar &a, const Scalar &b) const override
 Test if two scalars are equal.
std::optional< Scalarscalar_from_wide_bytes (std::span< const uint8_t > bytes) const override
Scalar scalar_invert (const Scalar &s) const override
 Scalar inversion.
Scalar scalar_invert_vartime (const Scalar &s) const override
 Scalar inversion (variable time).
bool scalar_is_zero (const Scalar &s) const override
 Test if scalar is zero.
Scalar scalar_mul (const Scalar &a, const Scalar &b) const override
 Scalar multiplication.
Scalar scalar_negate (const Scalar &s) const override
 Scalar negation.
Scalar scalar_one () const override
Scalar scalar_square (const Scalar &s) const override
 Scalar squaring.
Scalar scalar_sub (const Scalar &a, const Scalar &b) const override
 Scalar subtraction.
void serialize_point (std::span< uint8_t > bytes, const AffinePoint &pt) const override
void serialize_scalar (std::span< uint8_t > bytes, const Scalar &scalar) const override

Static Public Member Functions

static std::shared_ptr< const PrimeOrderCurvefor_named_curve (std::string_view name)
static std::shared_ptr< const PrimeOrderCurvefrom_params (const BigInt &p, const BigInt &a, const BigInt &b, const BigInt &base_x, const BigInt &base_y, const BigInt &order)

Static Public Attributes

static constexpr size_t MaximumBitLength = 521
static constexpr size_t MaximumByteLength = (MaximumBitLength + 7) / 8
static constexpr size_t StorageWords = (MaximumByteLength + sizeof(word) - 1) / sizeof(word)
 Number of words used to store MaximumByteLength.

Detailed Description

Definition at line 23 of file pcurves_generic.h.

Member Typedef Documentation

◆ CurvePtr

typedef std::shared_ptr<const PrimeOrderCurve> Botan::PCurve::PrimeOrderCurve::CurvePtr
inherited

Definition at line 60 of file pcurves.h.

◆ StorageUnit

typedef std::array<word, StorageWords> Botan::PCurve::PrimeOrderCurve::StorageUnit
inherited

Definition at line 59 of file pcurves.h.

Constructor & Destructor Documentation

◆ GenericPrimeOrderCurve()

Botan::PCurve::GenericPrimeOrderCurve::GenericPrimeOrderCurve ( const BigInt & p,
const BigInt & a,
const BigInt & b,
const BigInt & base_x,
const BigInt & base_y,
const BigInt & order )

Definition at line 1429 of file pcurves_generic.cpp.

1430 :
1431 m_params(std::make_unique<GenericCurveParams>(p, a, b, base_x, base_y, order)) {}

Member Function Documentation

◆ _params()

const GenericCurveParams & Botan::PCurve::GenericPrimeOrderCurve::_params ( ) const
inline

Definition at line 113 of file pcurves_generic.h.

113{ return *m_params; }

Referenced by field_element_bytes(), generator(), mul2_vartime_x_mod_order_eq(), order_bits(), scalar_bytes(), and serialize_scalar().

◆ _precompute_base_mul()

void Botan::PCurve::GenericPrimeOrderCurve::_precompute_base_mul ( )

Definition at line 1433 of file pcurves_generic.cpp.

1433 {
1434 BOTAN_STATE_CHECK(m_basemul == nullptr);
1435 m_basemul = std::make_unique<GenericBaseMulTable>(from_stash(generator()));
1436}
BOTAN_STATE_CHECK
#define BOTAN_STATE_CHECK(expr)
Definition assert.h:49
Botan::PCurve::GenericPrimeOrderCurve::generator
AffinePoint generator() const override
Return the standard generator.
Definition pcurves_generic.cpp:1543

References BOTAN_STATE_CHECK, and generator().

◆ affine_point_is_identity()

bool Botan::PCurve::GenericPrimeOrderCurve::affine_point_is_identity ( const AffinePoint & pt) const
overridevirtual

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1567 of file pcurves_generic.cpp.

1567 {
1568 return from_stash(pt).is_identity().as_bool();
1569}

◆ base_point_mul_x_mod_order()

PrimeOrderCurve::Scalar Botan::PCurve::GenericPrimeOrderCurve::base_point_mul_x_mod_order ( const Scalar & scalar,
RandomNumberGenerator & rng ) const
overridevirtual

Base point multiplication, returning only the x coordinate modulo the group order

Multiply by the standard generator point g, then extract the x coordinate as an integer, then reduce the x coordinate modulo the group order

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1456 of file pcurves_generic.cpp.

1457 {
1458 BOTAN_STATE_CHECK(m_basemul != nullptr);
1459 auto pt_s = m_basemul->mul(from_stash(scalar), rng);
1460 const auto x_bytes = to_affine_x<GenericCurve>(pt_s).serialize<secure_vector<uint8_t>>();
1461 if(auto s = GenericScalar::from_wide_bytes(this, x_bytes)) {
1462 return stash(*s);
1463 } else {
1464 throw Internal_Error("Failed to convert x coordinate to integer modulo scalar");
1465 }
1466}
Botan::to_affine_x
auto to_affine_x(const typename C::ProjectivePoint &pt)
Definition pcurves_algos.h:96
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:68

References BOTAN_STATE_CHECK, and Botan::to_affine_x().

◆ deserialize_point()

std::optional< PrimeOrderCurve::AffinePoint > Botan::PCurve::GenericPrimeOrderCurve::deserialize_point ( std::span< const uint8_t > bytes) const
overridevirtual

Deserialize a point

Both compressed and uncompressed encodings are accepted

Note that the deprecated "hybrid" encoding is not supported here

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1598 of file pcurves_generic.cpp.

1599 {
1600 if(auto pt = GenericAffinePoint::deserialize(this, bytes)) {
1601 return stash(pt.value());
1602 } else {
1603 return {};
1604 }
1605}

◆ deserialize_scalar()

std::optional< PrimeOrderCurve::Scalar > Botan::PCurve::GenericPrimeOrderCurve::deserialize_scalar ( std::span< const uint8_t > bytes) const
overridevirtual

Deserialize a scalar in [1,p)

This function requires the input length be exactly scalar_bytes long; it does not accept inputs that are shorter, or with excess leading zero padding bytes.

This function also rejects zero as an input, since in normal usage scalars are integers in Z_p*

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1580 of file pcurves_generic.cpp.

1581 {
1582 if(auto s = GenericScalar::deserialize(this, bytes)) {
1583 return stash(s.value());
1584 } else {
1585 return {};
1586 }
1587}

◆ field_element_bytes()

size_t Botan::PCurve::GenericPrimeOrderCurve::field_element_bytes ( ) const
overridevirtual

Return the byte length of a field element

Each point consists of two field elements

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1446 of file pcurves_generic.cpp.

1446 {
1447 return _params().field_bytes();
1448}
Botan::PCurve::GenericPrimeOrderCurve::_params
const GenericCurveParams & _params() const
Definition pcurves_generic.h:113

References _params().

◆ for_named_curve()

std::shared_ptr< const PrimeOrderCurve > Botan::PCurve::PrimeOrderCurve::for_named_curve ( std::string_view name)
staticinherited
Returns
nullptr if the curve specified is not available

Definition at line 31 of file pcurves.cpp.

31 {
32#if defined(BOTAN_HAS_PCURVES_SECP256R1)
33 if(name == "secp256r1") {
34 return PCurveInstance::secp256r1();
35 }
36#endif
37
38#if defined(BOTAN_HAS_PCURVES_SECP384R1)
39 if(name == "secp384r1") {
40 return PCurveInstance::secp384r1();
41 }
42#endif
43
44#if defined(BOTAN_HAS_PCURVES_SECP521R1)
45 if(name == "secp521r1") {
46 return PCurveInstance::secp521r1();
47 }
48#endif
49
50#if defined(BOTAN_HAS_PCURVES_BRAINPOOL256R1)
51 if(name == "brainpool256r1") {
52 return PCurveInstance::brainpool256r1();
53 }
54#endif
55
56#if defined(BOTAN_HAS_PCURVES_BRAINPOOL384R1)
57 if(name == "brainpool384r1") {
58 return PCurveInstance::brainpool384r1();
59 }
60#endif
61
62#if defined(BOTAN_HAS_PCURVES_BRAINPOOL512R1)
63 if(name == "brainpool512r1") {
64 return PCurveInstance::brainpool512r1();
65 }
66#endif
67
68#if defined(BOTAN_HAS_PCURVES_FRP256V1)
69 if(name == "frp256v1") {
70 return PCurveInstance::frp256v1();
71 }
72#endif
73
74#if defined(BOTAN_HAS_PCURVES_SECP192R1)
75 if(name == "secp192r1") {
76 return PCurveInstance::secp192r1();
77 }
78#endif
79
80#if defined(BOTAN_HAS_PCURVES_SECP224R1)
81 if(name == "secp224r1") {
82 return PCurveInstance::secp224r1();
83 }
84#endif
85
86#if defined(BOTAN_HAS_PCURVES_SECP256K1)
87 if(name == "secp256k1") {
88 return PCurveInstance::secp256k1();
89 }
90#endif
91
92#if defined(BOTAN_HAS_PCURVES_SM2P256V1)
93 if(name == "sm2p256v1") {
94 return PCurveInstance::sm2p256v1();
95 }
96#endif
97
98#if defined(BOTAN_HAS_PCURVES_NUMSP512D1)
99 if(name == "numsp512d1") {
100 return PCurveInstance::numsp512d1();
101 }
102#endif
103
104 BOTAN_UNUSED(name);
105 return {};
106}
BOTAN_UNUSED
#define BOTAN_UNUSED
Definition assert.h:144

References BOTAN_UNUSED.

◆ from_params()

std::shared_ptr< const PrimeOrderCurve > Botan::PCurve::PrimeOrderCurve::from_params ( const BigInt & p,
const BigInt & a,
const BigInt & b,
const BigInt & base_x,
const BigInt & base_y,
const BigInt & order )
staticinherited
Returns
nullptr if the parameters seem unsuitable for pcurves for example if the prime is too large

This function should accept the same subset of curves as the EC_Group constructor that accepts BigInts.

Definition at line 20 of file pcurves.cpp.

21 {
22#if defined(BOTAN_HAS_PCURVES_GENERIC)
23 return PCurveInstance::from_params(p, a, b, base_x, base_y, order);
24#endif
25
26 BOTAN_UNUSED(p, a, b, base_x, base_y, order);
27 return {};
28}

References BOTAN_UNUSED.

◆ generator()

PrimeOrderCurve::AffinePoint Botan::PCurve::GenericPrimeOrderCurve::generator ( ) const
overridevirtual

Return the standard generator.

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1543 of file pcurves_generic.cpp.

1543 {
1544 return PrimeOrderCurve::AffinePoint::_create(shared_from_this(), _params().base_x(), _params().base_y());
1545}
Botan::PCurve::PrimeOrderCurve::AffinePoint::_create
static AffinePoint _create(CurvePtr curve, StorageUnit x, StorageUnit y)
Definition pcurves.h:110

References Botan::PCurve::PrimeOrderCurve::AffinePoint::_create(), and _params().

Referenced by _precompute_base_mul(), and mul2_setup_g().

◆ hash_to_curve_nu()

PrimeOrderCurve::AffinePoint Botan::PCurve::GenericPrimeOrderCurve::hash_to_curve_nu ( std::function< void(std::span< uint8_t >)> expand_message) const
overridevirtual

RFC 9380 hash to curve (NU variant)

This is currently only supported for a few specific curves

Parameters
expand_messageis a callback which must fill the provided output span with a sequence of uniform bytes, or if this is not possible due to length limitations or some other issue, throw an exception. It is invoked to produce the uniform_bytes value; see RFC 9380 section 5.2

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1688 of file pcurves_generic.cpp.

1689 {
1690 BOTAN_UNUSED(expand_message);
1691 throw Not_Implemented("Hash to curve is not implemented for this curve");
1692}

References BOTAN_UNUSED.

◆ hash_to_curve_ro()

PrimeOrderCurve::ProjectivePoint Botan::PCurve::GenericPrimeOrderCurve::hash_to_curve_ro ( std::function< void(std::span< uint8_t >)> expand_message) const
overridevirtual

RFC 9380 hash to curve (RO variant)

This is currently only supported for a few specific curves

Parameters
expand_messageis a callback which must fill the provided output span with a sequence of uniform bytes, or if this is not possible due to length limitations or some other issue, throw an exception. It is invoked to produce the uniform_bytes value; see RFC 9380 section 5.2

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1694 of file pcurves_generic.cpp.

1695 {
1696 BOTAN_UNUSED(expand_message);
1697 throw Not_Implemented("Hash to curve is not implemented for this curve");
1698}

References BOTAN_UNUSED.

◆ mul()

PrimeOrderCurve::ProjectivePoint Botan::PCurve::GenericPrimeOrderCurve::mul ( const AffinePoint & pt,
const Scalar & scalar,
RandomNumberGenerator & rng ) const
overridevirtual

Generic point multiplication

Multiply an arbitrary point by a scalar

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1468 of file pcurves_generic.cpp.

1470 {
1471 GenericWindowedMul pt_table(from_stash(pt));
1472 return stash(pt_table.mul(from_stash(scalar), rng));
1473}

◆ mul2_setup_g()

std::unique_ptr< const PrimeOrderCurve::PrecomputedMul2Table > Botan::PCurve::GenericPrimeOrderCurve::mul2_setup_g ( const AffinePoint & q) const
overridevirtual

Setup a table for 2-ary multiplication where the first point is the generator.

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1483 of file pcurves_generic.cpp.

1484 {
1485 return std::make_unique<GenericVartimeWindowedMul2>(from_stash(generator()), from_stash(q));
1486}

References generator().

◆ mul2_vartime()

std::optional< PrimeOrderCurve::ProjectivePoint > Botan::PCurve::GenericPrimeOrderCurve::mul2_vartime ( const PrecomputedMul2Table & table,
const Scalar & x,
const Scalar & y ) const
overridevirtual

Perform 2-ary multiplication (variable time)

Compute p*x + q*y in variable time

Returns nullopt if the produced point is the point at infinity

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1488 of file pcurves_generic.cpp.

1490 {
1491 const auto& tbl = dynamic_cast<const GenericVartimeWindowedMul2&>(tableb);
1492 auto pt = tbl.mul2_vartime(from_stash(s1), from_stash(s2));
1493 if(pt.is_identity().as_bool()) {
1494 return {};
1495 } else {
1496 return stash(pt);
1497 }
1498}

◆ mul2_vartime_x_mod_order_eq()

bool Botan::PCurve::GenericPrimeOrderCurve::mul2_vartime_x_mod_order_eq ( const PrecomputedMul2Table & table,
const Scalar & v,
const Scalar & x,
const Scalar & y ) const
overridevirtual

Perform 2-ary multiplication (variable time), reducing x modulo order

Compute p*x + q*y in variable time, then extract the x coordinate of the result, and reduce x modulo the group order. Compare that value with v. If equal, returns true. Otherwise returns false, including if the produced point is the point at infinity

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1511 of file pcurves_generic.cpp.

1514 {
1515 const auto& tbl = dynamic_cast<const GenericVartimeWindowedMul2&>(tableb);
1516 auto pt = tbl.mul2_vartime(from_stash(s1), from_stash(s2));
1517
1518 if(!pt.is_identity().as_bool()) {
1519 const auto z2 = pt.z().square();
1520
1521 const auto v_bytes = from_stash(v).serialize<std::vector<uint8_t>>();
1522
1523 if(auto fe_v = GenericField::deserialize(this, v_bytes)) {
1524 if((*fe_v * z2 == pt.x()).as_bool()) {
1525 return true;
1526 }
1527
1528 if(_params().order_is_less_than_field()) {
1529 const auto n = GenericField::from_words(this, _params().order());
1530 const auto neg_n = n.negate().to_words();
1531
1532 const auto vw = fe_v->to_words();
1533 if(bigint_ct_is_lt(vw.data(), vw.size(), neg_n.data(), neg_n.size()).as_bool()) {
1534 return (((*fe_v + n) * z2) == pt.x()).as_bool();
1535 }
1536 }
1537 }
1538 }
1539
1540 return false;
1541}
Botan::bigint_ct_is_lt
constexpr auto bigint_ct_is_lt(const W x[], size_t x_size, const W y[], size_t y_size, bool lt_or_equal=false) -> CT::Mask< W >
Definition mp_core.h:473

References _params(), and Botan::bigint_ct_is_lt().

◆ mul_by_g()

PrimeOrderCurve::ProjectivePoint Botan::PCurve::GenericPrimeOrderCurve::mul_by_g ( const Scalar & scalar,
RandomNumberGenerator & rng ) const
overridevirtual

Base point multiplication

Multiply by the standard generator point g

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1450 of file pcurves_generic.cpp.

1451 {
1452 BOTAN_STATE_CHECK(m_basemul != nullptr);
1453 return stash(m_basemul->mul(from_stash(scalar), rng));
1454}

References BOTAN_STATE_CHECK.

◆ mul_px_qy()

std::optional< PrimeOrderCurve::ProjectivePoint > Botan::PCurve::GenericPrimeOrderCurve::mul_px_qy ( const AffinePoint & p,
const Scalar & x,
const AffinePoint & q,
const Scalar & y,
RandomNumberGenerator & rng ) const
overridevirtual

Perform 2-ary multiplication (constant time)

Compute p*x + q*y

Returns nullopt if the produced point is the point at infinity

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1500 of file pcurves_generic.cpp.

1501 {
1502 const GenericWindowedMul2 table(from_stash(p), from_stash(q));
1503 auto pt = table.mul2(from_stash(x), from_stash(y), rng);
1504 if(pt.is_identity().as_bool()) {
1505 return {};
1506 } else {
1507 return stash(pt);
1508 }
1509}

◆ mul_x_only()

secure_vector< uint8_t > Botan::PCurve::GenericPrimeOrderCurve::mul_x_only ( const AffinePoint & pt,
const Scalar & scalar,
RandomNumberGenerator & rng ) const
overridevirtual

Generic x-only point multiplication

Multiply an arbitrary point by a scalar, returning only the x coordinate

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1475 of file pcurves_generic.cpp.

1477 {
1478 GenericWindowedMul pt_table(from_stash(pt));
1479 auto pt_s = pt_table.mul(from_stash(scalar), rng);
1480 return to_affine_x<GenericCurve>(pt_s).serialize<secure_vector<uint8_t>>();
1481}

References Botan::to_affine_x().

◆ order_bits()

size_t Botan::PCurve::GenericPrimeOrderCurve::order_bits ( ) const
overridevirtual

Return the bit length of the group order.

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1438 of file pcurves_generic.cpp.

1438 {
1439 return _params().order_bits();
1440}

References _params().

◆ point_add()

PrimeOrderCurve::ProjectivePoint Botan::PCurve::GenericPrimeOrderCurve::point_add ( const AffinePoint & a,
const AffinePoint & b ) const
overridevirtual

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1559 of file pcurves_generic.cpp.

1559 {
1560 return stash(GenericProjectivePoint::from_affine(from_stash(a)) + from_stash(b));
1561}

◆ point_negate()

PrimeOrderCurve::AffinePoint Botan::PCurve::GenericPrimeOrderCurve::point_negate ( const AffinePoint & pt) const
overridevirtual

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1563 of file pcurves_generic.cpp.

1563 {
1564 return stash(from_stash(pt).negate());
1565}

◆ point_to_affine()

PrimeOrderCurve::AffinePoint Botan::PCurve::GenericPrimeOrderCurve::point_to_affine ( const ProjectivePoint & pt) const
overridevirtual

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1547 of file pcurves_generic.cpp.

1547 {
1548 auto affine = to_affine<GenericCurve>(from_stash(pt));
1549
1550 const auto y2 = affine.y().square();
1551 const auto x3_ax_b = GenericCurve::AffinePoint::x3_ax_b(affine.x());
1552 const auto valid_point = affine.is_identity() || (y2 == x3_ax_b);
1553
1554 BOTAN_ASSERT(valid_point.as_bool(), "Computed point is on the curve");
1555
1556 return stash(affine);
1557}
BOTAN_ASSERT
#define BOTAN_ASSERT(expr, assertion_made)
Definition assert.h:62
Botan::to_affine
constexpr auto to_affine(const typename C::ProjectivePoint &pt)
Definition pcurves_algos.h:76

References BOTAN_ASSERT, and Botan::to_affine().

◆ random_scalar()

PrimeOrderCurve::Scalar Botan::PCurve::GenericPrimeOrderCurve::random_scalar ( RandomNumberGenerator & rng) const
overridevirtual

Return a new random scalar

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1647 of file pcurves_generic.cpp.

1647 {
1648 return stash(GenericScalar::random(this, rng));
1649}

◆ scalar_add()

PrimeOrderCurve::Scalar Botan::PCurve::GenericPrimeOrderCurve::scalar_add ( const Scalar & a,
const Scalar & b ) const
overridevirtual

Scalar addition.

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1607 of file pcurves_generic.cpp.

1607 {
1608 return stash(from_stash(a) + from_stash(b));
1609}

◆ scalar_bytes()

size_t Botan::PCurve::GenericPrimeOrderCurve::scalar_bytes ( ) const
overridevirtual

Return the byte length of the scalar element.

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1442 of file pcurves_generic.cpp.

1442 {
1443 return _params().order_bytes();
1444}

References _params().

◆ scalar_equal()

bool Botan::PCurve::GenericPrimeOrderCurve::scalar_equal ( const Scalar & a,
const Scalar & b ) const
overridevirtual

Test if two scalars are equal.

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1639 of file pcurves_generic.cpp.

1639 {
1640 return (from_stash(a) == from_stash(b)).as_bool();
1641}

◆ scalar_from_wide_bytes()

std::optional< PrimeOrderCurve::Scalar > Botan::PCurve::GenericPrimeOrderCurve::scalar_from_wide_bytes ( std::span< const uint8_t > bytes) const
overridevirtual

Reduce an integer modulo the group order

The input can be at most twice the bit length of the order; if larger than this nullopt is returned

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1589 of file pcurves_generic.cpp.

1590 {
1591 if(auto s = GenericScalar::from_wide_bytes(this, bytes)) {
1592 return stash(s.value());
1593 } else {
1594 return {};
1595 }
1596}

◆ scalar_invert()

PrimeOrderCurve::Scalar Botan::PCurve::GenericPrimeOrderCurve::scalar_invert ( const Scalar & s) const
overridevirtual

Scalar inversion.

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1623 of file pcurves_generic.cpp.

1623 {
1624 return stash(from_stash(s).invert());
1625}

◆ scalar_invert_vartime()

PrimeOrderCurve::Scalar Botan::PCurve::GenericPrimeOrderCurve::scalar_invert_vartime ( const Scalar & s) const
overridevirtual

Scalar inversion (variable time).

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1627 of file pcurves_generic.cpp.

1627 {
1628 return stash(from_stash(s).invert_vartime());
1629}

◆ scalar_is_zero()

bool Botan::PCurve::GenericPrimeOrderCurve::scalar_is_zero ( const Scalar & s) const
overridevirtual

Test if scalar is zero.

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1635 of file pcurves_generic.cpp.

1635 {
1636 return from_stash(s).is_zero().as_bool();
1637}

◆ scalar_mul()

PrimeOrderCurve::Scalar Botan::PCurve::GenericPrimeOrderCurve::scalar_mul ( const Scalar & a,
const Scalar & b ) const
overridevirtual

Scalar multiplication.

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1615 of file pcurves_generic.cpp.

1615 {
1616 return stash(from_stash(a) * from_stash(b));
1617}

◆ scalar_negate()

PrimeOrderCurve::Scalar Botan::PCurve::GenericPrimeOrderCurve::scalar_negate ( const Scalar & s) const
overridevirtual

Scalar negation.

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1631 of file pcurves_generic.cpp.

1631 {
1632 return stash(from_stash(s).negate());
1633}

◆ scalar_one()

PrimeOrderCurve::Scalar Botan::PCurve::GenericPrimeOrderCurve::scalar_one ( ) const
overridevirtual

Return the scalar one

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1643 of file pcurves_generic.cpp.

1643 {
1644 return stash(GenericScalar::one(this));
1645}

◆ scalar_square()

PrimeOrderCurve::Scalar Botan::PCurve::GenericPrimeOrderCurve::scalar_square ( const Scalar & s) const
overridevirtual

Scalar squaring.

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1619 of file pcurves_generic.cpp.

1619 {
1620 return stash(from_stash(s).square());
1621}
Botan::square
BigInt square(const BigInt &x)
Definition numthry.cpp:184

References Botan::square().

◆ scalar_sub()

PrimeOrderCurve::Scalar Botan::PCurve::GenericPrimeOrderCurve::scalar_sub ( const Scalar & a,
const Scalar & b ) const
overridevirtual

Scalar subtraction.

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1611 of file pcurves_generic.cpp.

1611 {
1612 return stash(from_stash(a) - from_stash(b));
1613}

◆ serialize_point()

void Botan::PCurve::GenericPrimeOrderCurve::serialize_point ( std::span< uint8_t > bytes,
const AffinePoint & pt ) const
overridevirtual

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1571 of file pcurves_generic.cpp.

1571 {
1572 from_stash(pt).serialize_to(bytes);
1573}

◆ serialize_scalar()

void Botan::PCurve::GenericPrimeOrderCurve::serialize_scalar ( std::span< uint8_t > bytes,
const Scalar & scalar ) const
overridevirtual

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 1575 of file pcurves_generic.cpp.

1575 {
1576 BOTAN_ARG_CHECK(bytes.size() == _params().order_bytes(), "Invalid length to serialize_scalar");
1577 from_stash(scalar).serialize_to(bytes);
1578}
BOTAN_ARG_CHECK
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:33

References _params(), and BOTAN_ARG_CHECK.

Member Data Documentation

◆ MaximumBitLength

size_t Botan::PCurve::PrimeOrderCurve::MaximumBitLength = 521
staticconstexprinherited

Somewhat arbitrary maximum size for a field or scalar

Sized to fit at least P-521

Definition at line 37 of file pcurves.h.

◆ MaximumByteLength

size_t Botan::PCurve::PrimeOrderCurve::MaximumByteLength = (MaximumBitLength + 7) / 8
staticconstexprinherited

Definition at line 39 of file pcurves.h.

◆ StorageWords

size_t Botan::PCurve::PrimeOrderCurve::StorageWords = (MaximumByteLength + sizeof(word) - 1) / sizeof(word)
staticconstexprinherited

Number of words used to store MaximumByteLength.

Definition at line 42 of file pcurves.h.

The documentation for this class was generated from the following files:
Generated by doxygen 1.15.0