#include <pcurves.h>
Classes | |
| class | AffinePoint |
| class | PrecomputedMul2Table |
| class | ProjectivePoint |
| class | Scalar |
Public Types | |
| typedef std::shared_ptr< const PrimeOrderCurve > | CurvePtr |
| typedef std::array< word, StorageWords > | StorageUnit |
Public Member Functions | |
| virtual bool | affine_point_is_identity (const AffinePoint &pt) const =0 |
| virtual Scalar | base_point_mul_x_mod_order (const Scalar &scalar, RandomNumberGenerator &rng) const =0 |
| virtual std::optional< AffinePoint > | deserialize_point (std::span< const uint8_t > bytes) const =0 |
| virtual std::optional< Scalar > | deserialize_scalar (std::span< const uint8_t > bytes) const =0 |
| virtual size_t | field_element_bytes () const =0 |
| virtual AffinePoint | generator () const =0 |
| Return the standard generator. | |
| virtual AffinePoint | hash_to_curve_nu (std::function< void(std::span< uint8_t >)> expand_message) const =0 |
| virtual ProjectivePoint | hash_to_curve_ro (std::function< void(std::span< uint8_t >)> expand_message) const =0 |
| virtual ProjectivePoint | mul (const AffinePoint &pt, const Scalar &scalar, RandomNumberGenerator &rng) const =0 |
| virtual std::unique_ptr< const PrecomputedMul2Table > | mul2_setup_g (const AffinePoint &q) const =0 |
| Setup a table for 2-ary multiplication where the first point is the generator. | |
| virtual std::optional< ProjectivePoint > | mul2_vartime (const PrecomputedMul2Table &table, const Scalar &x, const Scalar &y) const =0 |
| virtual bool | mul2_vartime_x_mod_order_eq (const PrecomputedMul2Table &table, const Scalar &v, const Scalar &x, const Scalar &y) const =0 |
| virtual ProjectivePoint | mul_by_g (const Scalar &scalar, RandomNumberGenerator &rng) const =0 |
| virtual std::optional< ProjectivePoint > | mul_px_qy (const AffinePoint &p, const Scalar &x, const AffinePoint &q, const Scalar &y, RandomNumberGenerator &rng) const =0 |
| virtual secure_vector< uint8_t > | mul_x_only (const AffinePoint &pt, const Scalar &scalar, RandomNumberGenerator &rng) const =0 |
| virtual size_t | order_bits () const =0 |
| Return the bit length of the group order. | |
| virtual ProjectivePoint | point_add (const AffinePoint &a, const AffinePoint &b) const =0 |
| virtual AffinePoint | point_negate (const AffinePoint &pt) const =0 |
| virtual AffinePoint | point_to_affine (const ProjectivePoint &pt) const =0 |
| virtual Scalar | random_scalar (RandomNumberGenerator &rng) const =0 |
| virtual Scalar | scalar_add (const Scalar &a, const Scalar &b) const =0 |
| Scalar addition. | |
| virtual size_t | scalar_bytes () const =0 |
| Return the byte length of the scalar element. | |
| virtual bool | scalar_equal (const Scalar &a, const Scalar &b) const =0 |
| Test if two scalars are equal. | |
| virtual std::optional< Scalar > | scalar_from_wide_bytes (std::span< const uint8_t > bytes) const =0 |
| virtual Scalar | scalar_invert (const Scalar &s) const =0 |
| Scalar inversion. | |
| virtual Scalar | scalar_invert_vartime (const Scalar &s) const =0 |
| Scalar inversion (variable time). | |
| virtual bool | scalar_is_zero (const Scalar &s) const =0 |
| Test if scalar is zero. | |
| virtual Scalar | scalar_mul (const Scalar &a, const Scalar &b) const =0 |
| Scalar multiplication. | |
| virtual Scalar | scalar_negate (const Scalar &s) const =0 |
| Scalar negation. | |
| virtual Scalar | scalar_one () const =0 |
| virtual Scalar | scalar_square (const Scalar &s) const =0 |
| Scalar squaring. | |
| virtual Scalar | scalar_sub (const Scalar &a, const Scalar &b) const =0 |
| Scalar subtraction. | |
| virtual void | serialize_point (std::span< uint8_t > bytes, const AffinePoint &pt) const =0 |
| virtual void | serialize_scalar (std::span< uint8_t > bytes, const Scalar &scalar) const =0 |
| virtual | ~PrimeOrderCurve ()=default |
Static Public Member Functions | |
| static std::shared_ptr< const PrimeOrderCurve > | for_named_curve (std::string_view name) |
| static std::shared_ptr< const PrimeOrderCurve > | from_params (const BigInt &p, const BigInt &a, const BigInt &b, const BigInt &base_x, const BigInt &base_y, const BigInt &order) |
Static Public Attributes | |
| static constexpr size_t | MaximumBitLength = 521 |
| static constexpr size_t | MaximumByteLength = (MaximumBitLength + 7) / 8 |
| static constexpr size_t | StorageWords = (MaximumByteLength + sizeof(word) - 1) / sizeof(word) |
| Number of words used to store MaximumByteLength. | |
Detailed Description
Member Typedef Documentation
◆ CurvePtr
| typedef std::shared_ptr<const PrimeOrderCurve> Botan::PCurve::PrimeOrderCurve::CurvePtr |
◆ StorageUnit
| typedef std::array<word, StorageWords> Botan::PCurve::PrimeOrderCurve::StorageUnit |
Constructor & Destructor Documentation
◆ ~PrimeOrderCurve()
|
virtualdefault |
Member Function Documentation
◆ affine_point_is_identity()
|
pure virtual |
Implemented in Botan::PCurve::GenericPrimeOrderCurve, and Botan::PCurve::PrimeOrderCurveImpl< C >.
◆ base_point_mul_x_mod_order()
|
pure virtual |
Base point multiplication, returning only the x coordinate modulo the group order
Multiply by the standard generator point g, then extract the x coordinate as an integer, then reduce the x coordinate modulo the group order
Implemented in Botan::PCurve::GenericPrimeOrderCurve, and Botan::PCurve::PrimeOrderCurveImpl< C >.
◆ deserialize_point()
|
pure virtual |
Deserialize a point
Both compressed and uncompressed encodings are accepted
Note that the deprecated "hybrid" encoding is not supported here
Implemented in Botan::PCurve::GenericPrimeOrderCurve, and Botan::PCurve::PrimeOrderCurveImpl< C >.
◆ deserialize_scalar()
|
pure virtual |
Deserialize a scalar in [1,p)
This function requires the input length be exactly scalar_bytes long; it does not accept inputs that are shorter, or with excess leading zero padding bytes.
This function also rejects zero as an input, since in normal usage scalars are integers in Z_p*
Implemented in Botan::PCurve::GenericPrimeOrderCurve, and Botan::PCurve::PrimeOrderCurveImpl< C >.
◆ field_element_bytes()
|
pure virtual |
Return the byte length of a field element
Each point consists of two field elements
Implemented in Botan::PCurve::GenericPrimeOrderCurve, and Botan::PCurve::PrimeOrderCurveImpl< C >.
◆ for_named_curve()
|
static |
- Returns
- nullptr if the curve specified is not available
Definition at line 31 of file pcurves.cpp.
References BOTAN_UNUSED.
◆ from_params()
|
static |
- Returns
- nullptr if the parameters seem unsuitable for pcurves for example if the prime is too large
This function should accept the same subset of curves as the EC_Group constructor that accepts BigInts.
Definition at line 20 of file pcurves.cpp.
References BOTAN_UNUSED.
◆ generator()
|
pure virtual |
Return the standard generator.
Implemented in Botan::PCurve::GenericPrimeOrderCurve, and Botan::PCurve::PrimeOrderCurveImpl< C >.
◆ hash_to_curve_nu()
|
pure virtual |
RFC 9380 hash to curve (NU variant)
This is currently only supported for a few specific curves
- Parameters
-
expand_message is a callback which must fill the provided output span with a sequence of uniform bytes, or if this is not possible due to length limitations or some other issue, throw an exception. It is invoked to produce the uniform_bytes value; see RFC 9380 section 5.2
Implemented in Botan::PCurve::GenericPrimeOrderCurve, and Botan::PCurve::PrimeOrderCurveImpl< C >.
◆ hash_to_curve_ro()
|
pure virtual |
RFC 9380 hash to curve (RO variant)
This is currently only supported for a few specific curves
- Parameters
-
expand_message is a callback which must fill the provided output span with a sequence of uniform bytes, or if this is not possible due to length limitations or some other issue, throw an exception. It is invoked to produce the uniform_bytes value; see RFC 9380 section 5.2
Implemented in Botan::PCurve::GenericPrimeOrderCurve, and Botan::PCurve::PrimeOrderCurveImpl< C >.
◆ mul()
|
pure virtual |
Generic point multiplication
Multiply an arbitrary point by a scalar
Implemented in Botan::PCurve::GenericPrimeOrderCurve, and Botan::PCurve::PrimeOrderCurveImpl< C >.
◆ mul2_setup_g()
|
pure virtual |
Setup a table for 2-ary multiplication where the first point is the generator.
Implemented in Botan::PCurve::GenericPrimeOrderCurve, and Botan::PCurve::PrimeOrderCurveImpl< C >.
◆ mul2_vartime()
|
pure virtual |
Perform 2-ary multiplication (variable time)
Compute p*x + q*y in variable time
Returns nullopt if the produced point is the point at infinity
Implemented in Botan::PCurve::GenericPrimeOrderCurve, and Botan::PCurve::PrimeOrderCurveImpl< C >.
◆ mul2_vartime_x_mod_order_eq()
|
pure virtual |
Perform 2-ary multiplication (variable time), reducing x modulo order
Compute p*x + q*y in variable time, then extract the x coordinate of the result, and reduce x modulo the group order. Compare that value with v. If equal, returns true. Otherwise returns false, including if the produced point is the point at infinity
Implemented in Botan::PCurve::GenericPrimeOrderCurve, and Botan::PCurve::PrimeOrderCurveImpl< C >.
◆ mul_by_g()
|
pure virtual |
Base point multiplication
Multiply by the standard generator point g
Implemented in Botan::PCurve::GenericPrimeOrderCurve, and Botan::PCurve::PrimeOrderCurveImpl< C >.
◆ mul_px_qy()
|
pure virtual |
Perform 2-ary multiplication (constant time)
Compute p*x + q*y
Returns nullopt if the produced point is the point at infinity
Implemented in Botan::PCurve::GenericPrimeOrderCurve, and Botan::PCurve::PrimeOrderCurveImpl< C >.
◆ mul_x_only()
|
pure virtual |
Generic x-only point multiplication
Multiply an arbitrary point by a scalar, returning only the x coordinate
Implemented in Botan::PCurve::GenericPrimeOrderCurve, and Botan::PCurve::PrimeOrderCurveImpl< C >.
◆ order_bits()
|
pure virtual |
Return the bit length of the group order.
Implemented in Botan::PCurve::GenericPrimeOrderCurve, and Botan::PCurve::PrimeOrderCurveImpl< C >.
◆ point_add()
|
pure virtual |
Implemented in Botan::PCurve::GenericPrimeOrderCurve, and Botan::PCurve::PrimeOrderCurveImpl< C >.
◆ point_negate()
|
pure virtual |
Implemented in Botan::PCurve::GenericPrimeOrderCurve, and Botan::PCurve::PrimeOrderCurveImpl< C >.
◆ point_to_affine()
|
pure virtual |
Implemented in Botan::PCurve::GenericPrimeOrderCurve, and Botan::PCurve::PrimeOrderCurveImpl< C >.
◆ random_scalar()
|
pure virtual |
Return a new random scalar
Implemented in Botan::PCurve::GenericPrimeOrderCurve, and Botan::PCurve::PrimeOrderCurveImpl< C >.
◆ scalar_add()
|
pure virtual |
Scalar addition.
Implemented in Botan::PCurve::GenericPrimeOrderCurve, and Botan::PCurve::PrimeOrderCurveImpl< C >.
◆ scalar_bytes()
|
pure virtual |
Return the byte length of the scalar element.
Implemented in Botan::PCurve::GenericPrimeOrderCurve, and Botan::PCurve::PrimeOrderCurveImpl< C >.
◆ scalar_equal()
|
pure virtual |
Test if two scalars are equal.
Implemented in Botan::PCurve::GenericPrimeOrderCurve, and Botan::PCurve::PrimeOrderCurveImpl< C >.
◆ scalar_from_wide_bytes()
|
pure virtual |
Reduce an integer modulo the group order
The input can be at most twice the bit length of the order; if larger than this nullopt is returned
Implemented in Botan::PCurve::GenericPrimeOrderCurve, and Botan::PCurve::PrimeOrderCurveImpl< C >.
◆ scalar_invert()
Scalar inversion.
Implemented in Botan::PCurve::GenericPrimeOrderCurve, and Botan::PCurve::PrimeOrderCurveImpl< C >.
◆ scalar_invert_vartime()
|
pure virtual |
Scalar inversion (variable time).
Implemented in Botan::PCurve::GenericPrimeOrderCurve, and Botan::PCurve::PrimeOrderCurveImpl< C >.
◆ scalar_is_zero()
|
pure virtual |
Test if scalar is zero.
Implemented in Botan::PCurve::GenericPrimeOrderCurve, and Botan::PCurve::PrimeOrderCurveImpl< C >.
◆ scalar_mul()
|
pure virtual |
Scalar multiplication.
Implemented in Botan::PCurve::GenericPrimeOrderCurve, and Botan::PCurve::PrimeOrderCurveImpl< C >.
◆ scalar_negate()
Scalar negation.
Implemented in Botan::PCurve::GenericPrimeOrderCurve, and Botan::PCurve::PrimeOrderCurveImpl< C >.
◆ scalar_one()
|
pure virtual |
Return the scalar one
Implemented in Botan::PCurve::GenericPrimeOrderCurve, and Botan::PCurve::PrimeOrderCurveImpl< C >.
◆ scalar_square()
Scalar squaring.
Implemented in Botan::PCurve::GenericPrimeOrderCurve, and Botan::PCurve::PrimeOrderCurveImpl< C >.
◆ scalar_sub()
|
pure virtual |
Scalar subtraction.
Implemented in Botan::PCurve::GenericPrimeOrderCurve, and Botan::PCurve::PrimeOrderCurveImpl< C >.
◆ serialize_point()
|
pure virtual |
Implemented in Botan::PCurve::GenericPrimeOrderCurve, and Botan::PCurve::PrimeOrderCurveImpl< C >.
◆ serialize_scalar()
|
pure virtual |
Implemented in Botan::PCurve::GenericPrimeOrderCurve, and Botan::PCurve::PrimeOrderCurveImpl< C >.
Member Data Documentation
◆ MaximumBitLength
|
staticconstexpr |
◆ MaximumByteLength
|
staticconstexpr |
◆ StorageWords
|
staticconstexpr |
The documentation for this class was generated from the following files:
- src/lib/math/pcurves/pcurves.h
- src/lib/math/pcurves/pcurves.cpp
Generated by
1.15.0