Botan 3.5.0
Crypto and TLS for C&
Classes | Public Types | Public Member Functions | Static Public Member Functions | Static Public Attributes | List of all members
Botan::PCurve::PrimeOrderCurve Class Referenceabstract

#include <pcurves.h>

Inheritance diagram for Botan::PCurve::PrimeOrderCurve:
Botan::PCurve::PrimeOrderCurveImpl< C >

Classes

class  AffinePoint
 
class  PrecomputedMul2Table
 
class  ProjectivePoint
 
class  Scalar
 

Public Types

typedef std::shared_ptr< const PrimeOrderCurveCurvePtr
 
typedef std::array< word, StorageWordsStorageUnit
 

Public Member Functions

virtual bool affine_point_is_identity (const AffinePoint &pt) const =0
 
virtual Scalar base_point_mul_x_mod_order (const Scalar &scalar, RandomNumberGenerator &rng) const =0
 
virtual std::optional< AffinePointdeserialize_point (std::span< const uint8_t > bytes) const =0
 
virtual std::optional< Scalardeserialize_scalar (std::span< const uint8_t > bytes) const =0
 
virtual size_t field_element_bytes () const =0
 
virtual AffinePoint generator () const =0
 Return the standard generator.
 
virtual ProjectivePoint hash_to_curve (std::string_view hash, std::span< const uint8_t > input, std::span< const uint8_t > domain_sep, bool random_oracle) const =0
 
virtual ProjectivePoint mul (const AffinePoint &pt, const Scalar &scalar, RandomNumberGenerator &rng) const =0
 
virtual std::unique_ptr< const PrecomputedMul2Tablemul2_setup (const AffinePoint &pt1, const AffinePoint &pt2) const =0
 Setup a table for 2-ary multiplication.
 
virtual std::optional< ProjectivePointmul2_vartime (const PrecomputedMul2Table &table, const Scalar &s1, const Scalar &s2) const =0
 
virtual std::optional< Scalarmul2_vartime_x_mod_order (const PrecomputedMul2Table &table, const Scalar &s1, const Scalar &s2) const =0
 
virtual ProjectivePoint mul_by_g (const Scalar &scalar, RandomNumberGenerator &rng) const =0
 
virtual size_t order_bits () const =0
 Return the bit length of the group order.
 
virtual ProjectivePoint point_add (const ProjectivePoint &a, const ProjectivePoint &b) const =0
 
virtual ProjectivePoint point_add_mixed (const ProjectivePoint &a, const AffinePoint &b) const =0
 
virtual ProjectivePoint point_double (const ProjectivePoint &pt) const =0
 
virtual ProjectivePoint point_negate (const ProjectivePoint &pt) const =0
 
virtual AffinePoint point_to_affine (const ProjectivePoint &pt) const =0
 
virtual ProjectivePoint point_to_projective (const AffinePoint &pt) const =0
 
virtual Scalar random_scalar (RandomNumberGenerator &rng) const =0
 
virtual Scalar scalar_add (const Scalar &a, const Scalar &b) const =0
 
virtual size_t scalar_bytes () const =0
 Return the byte length of the scalar element.
 
virtual bool scalar_equal (const Scalar &a, const Scalar &b) const =0
 
virtual Scalar scalar_from_bits_with_trunc (std::span< const uint8_t > bytes) const =0
 
virtual Scalar scalar_from_u32 (uint32_t x) const =0
 
virtual std::optional< Scalarscalar_from_wide_bytes (std::span< const uint8_t > bytes) const =0
 
virtual Scalar scalar_invert (const Scalar &s) const =0
 
virtual bool scalar_is_zero (const Scalar &s) const =0
 
virtual Scalar scalar_mul (const Scalar &a, const Scalar &b) const =0
 
virtual Scalar scalar_negate (const Scalar &s) const =0
 
virtual Scalar scalar_one () const =0
 
virtual Scalar scalar_square (const Scalar &s) const =0
 
virtual Scalar scalar_sub (const Scalar &a, const Scalar &b) const =0
 
virtual Scalar scalar_zero () const =0
 
virtual void serialize_point (std::span< uint8_t > bytes, const AffinePoint &pt) const =0
 
virtual void serialize_point_compressed (std::span< uint8_t > bytes, const AffinePoint &pt) const =0
 
virtual void serialize_point_x (std::span< uint8_t > bytes, const AffinePoint &pt) const =0
 
virtual void serialize_scalar (std::span< uint8_t > bytes, const Scalar &scalar) const =0
 
virtual ~PrimeOrderCurve ()=default
 

Static Public Member Functions

static std::shared_ptr< const PrimeOrderCurvefrom_id (PrimeOrderCurveId id)
 
static std::shared_ptr< const PrimeOrderCurvefrom_name (std::string_view name)
 

Static Public Attributes

static const size_t MaximumBitLength = 521
 
static const size_t MaximumByteLength = (MaximumBitLength + 7) / 8
 
static const size_t StorageWords = (MaximumByteLength + sizeof(word) - 1) / sizeof(word)
 Number of words used to store MaximumByteLength.
 

Detailed Description

An elliptic curve without cofactor in Weierstrass form

Definition at line 32 of file pcurves.h.

Member Typedef Documentation

◆ CurvePtr

typedef std::shared_ptr<const PrimeOrderCurve> Botan::PCurve::PrimeOrderCurve::CurvePtr

Definition at line 55 of file pcurves.h.

◆ StorageUnit

typedef std::array<word, StorageWords> Botan::PCurve::PrimeOrderCurve::StorageUnit

Definition at line 54 of file pcurves.h.

Constructor & Destructor Documentation

◆ ~PrimeOrderCurve()

virtual Botan::PCurve::PrimeOrderCurve::~PrimeOrderCurve ( )
virtualdefault

Member Function Documentation

◆ affine_point_is_identity()

virtual bool Botan::PCurve::PrimeOrderCurve::affine_point_is_identity ( const AffinePoint & pt) const
pure virtual

Implemented in Botan::PCurve::PrimeOrderCurveImpl< C >.

◆ base_point_mul_x_mod_order()

virtual Scalar Botan::PCurve::PrimeOrderCurve::base_point_mul_x_mod_order ( const Scalar & scalar,
RandomNumberGenerator & rng ) const
pure virtual

Base point multiplication, returning only the x coordinate modulo the group order

Multiply by the standard generator point g, then extract the x coordinate as an integer, then reduce the x coordinate modulo the group order

Implemented in Botan::PCurve::PrimeOrderCurveImpl< C >.

◆ deserialize_point()

virtual std::optional< AffinePoint > Botan::PCurve::PrimeOrderCurve::deserialize_point ( std::span< const uint8_t > bytes) const
pure virtual

Deserialize a point

Both compressed and uncompressed encodings are accepted

Note that the deprecated "hybrid" encoding is not supported here

Implemented in Botan::PCurve::PrimeOrderCurveImpl< C >.

◆ deserialize_scalar()

virtual std::optional< Scalar > Botan::PCurve::PrimeOrderCurve::deserialize_scalar ( std::span< const uint8_t > bytes) const
pure virtual

Deserialize a scalar

This function requires the input length be exactly scalar_bytes long; it does not accept inputs that are shorter, or with excess leading zero padding bytes.

Implemented in Botan::PCurve::PrimeOrderCurveImpl< C >.

◆ field_element_bytes()

virtual size_t Botan::PCurve::PrimeOrderCurve::field_element_bytes ( ) const
pure virtual

Return the byte length of a field element

Each point consists of two field elements

Implemented in Botan::PCurve::PrimeOrderCurveImpl< C >.

◆ from_id()

std::shared_ptr< const PrimeOrderCurve > Botan::PCurve::PrimeOrderCurve::from_id ( PrimeOrderCurveId id)
static

Definition at line 80 of file pcurves.cpp.

80 {
81 switch(id.code()) {
82 case PrimeOrderCurveId::secp256r1:
83 return PCurveInstance::secp256r1();
84 case PrimeOrderCurveId::secp384r1:
85 return PCurveInstance::secp384r1();
86 case PrimeOrderCurveId::secp521r1:
87 return PCurveInstance::secp521r1();
88 case PrimeOrderCurveId::secp256k1:
89 return PCurveInstance::secp256k1();
90 case PrimeOrderCurveId::brainpool256r1:
91 return PCurveInstance::brainpool256r1();
92 case PrimeOrderCurveId::brainpool384r1:
93 return PCurveInstance::brainpool384r1();
94 case PrimeOrderCurveId::brainpool512r1:
95 return PCurveInstance::brainpool512r1();
96 case PrimeOrderCurveId::frp256v1:
97 return PCurveInstance::frp256v1();
98 case PrimeOrderCurveId::sm2p256v1:
99 return PCurveInstance::sm2p256v1();
100 }
101 return {};
102}
Botan::PCurve::PCurveInstance::secp521r1
static std::shared_ptr< const PrimeOrderCurve > secp521r1()
Definition pcurves.cpp:33
Botan::PCurve::PCurveInstance::secp256k1
static std::shared_ptr< const PrimeOrderCurve > secp256k1()
Definition pcurves.cpp:40
Botan::PCurve::PCurveInstance::secp384r1
static std::shared_ptr< const PrimeOrderCurve > secp384r1()
Definition pcurves.cpp:26
Botan::PCurve::PCurveInstance::brainpool384r1
static std::shared_ptr< const PrimeOrderCurve > brainpool384r1()
Definition pcurves.cpp:54
Botan::PCurve::PCurveInstance::brainpool512r1
static std::shared_ptr< const PrimeOrderCurve > brainpool512r1()
Definition pcurves.cpp:61
Botan::PCurve::PCurveInstance::frp256v1
static std::shared_ptr< const PrimeOrderCurve > frp256v1()
Definition pcurves.cpp:68
Botan::PCurve::PCurveInstance::brainpool256r1
static std::shared_ptr< const PrimeOrderCurve > brainpool256r1()
Definition pcurves.cpp:47
Botan::PCurve::PCurveInstance::sm2p256v1
static std::shared_ptr< const PrimeOrderCurve > sm2p256v1()
Definition pcurves.cpp:75
Botan::PCurve::PCurveInstance::secp256r1
static std::shared_ptr< const PrimeOrderCurve > secp256r1()
Definition pcurves.cpp:19

References Botan::PCurve::PCurveInstance::brainpool256r1(), Botan::PCurve::PrimeOrderCurveId::brainpool256r1, Botan::PCurve::PCurveInstance::brainpool384r1(), Botan::PCurve::PrimeOrderCurveId::brainpool384r1, Botan::PCurve::PCurveInstance::brainpool512r1(), Botan::PCurve::PrimeOrderCurveId::brainpool512r1, Botan::PCurve::PCurveInstance::frp256v1(), Botan::PCurve::PrimeOrderCurveId::frp256v1, Botan::PCurve::PCurveInstance::secp256k1(), Botan::PCurve::PrimeOrderCurveId::secp256k1, Botan::PCurve::PCurveInstance::secp256r1(), Botan::PCurve::PrimeOrderCurveId::secp256r1, Botan::PCurve::PCurveInstance::secp384r1(), Botan::PCurve::PrimeOrderCurveId::secp384r1, Botan::PCurve::PCurveInstance::secp521r1(), Botan::PCurve::PrimeOrderCurveId::secp521r1, Botan::PCurve::PCurveInstance::sm2p256v1(), and Botan::PCurve::PrimeOrderCurveId::sm2p256v1.

Referenced by Botan::hash_to_curve_sswu().

◆ from_name()

static std::shared_ptr< const PrimeOrderCurve > Botan::PCurve::PrimeOrderCurve::from_name ( std::string_view name)
inlinestatic

Definition at line 44 of file pcurves.h.

44 {
45 if(auto id = PrimeOrderCurveId::from_string(name)) {
46 return PrimeOrderCurve::from_id(id.value());
47 } else {
48 return {};
49 }
50 }
Botan::PCurve::PrimeOrderCurveId::from_string
static std::optional< PrimeOrderCurveId > from_string(std::string_view name)
Map a string to a curve identifier.
Definition pcurves.cpp:144
Botan::PCurve::PrimeOrderCurve::from_id
static std::shared_ptr< const PrimeOrderCurve > from_id(PrimeOrderCurveId id)
Definition pcurves.cpp:80
name
std::string name
Definition commoncrypto_hash.cpp:24

References name.

◆ generator()

virtual AffinePoint Botan::PCurve::PrimeOrderCurve::generator ( ) const
pure virtual

Return the standard generator.

Implemented in Botan::PCurve::PrimeOrderCurveImpl< C >.

◆ hash_to_curve()

virtual ProjectivePoint Botan::PCurve::PrimeOrderCurve::hash_to_curve ( std::string_view hash,
std::span< const uint8_t > input,
std::span< const uint8_t > domain_sep,
bool random_oracle ) const
pure virtual

RFC 9380 hash to curve

This is currently only supported for a few specific curves

Implemented in Botan::PCurve::PrimeOrderCurveImpl< C >.

◆ mul()

virtual ProjectivePoint Botan::PCurve::PrimeOrderCurve::mul ( const AffinePoint & pt,
const Scalar & scalar,
RandomNumberGenerator & rng ) const
pure virtual

Generic point multiplication

Multiply an arbitrary point by a scalar

Implemented in Botan::PCurve::PrimeOrderCurveImpl< C >.

◆ mul2_setup()

virtual std::unique_ptr< const PrecomputedMul2Table > Botan::PCurve::PrimeOrderCurve::mul2_setup ( const AffinePoint & pt1,
const AffinePoint & pt2 ) const
pure virtual

Setup a table for 2-ary multiplication.

Implemented in Botan::PCurve::PrimeOrderCurveImpl< C >.

◆ mul2_vartime()

virtual std::optional< ProjectivePoint > Botan::PCurve::PrimeOrderCurve::mul2_vartime ( const PrecomputedMul2Table & table,
const Scalar & s1,
const Scalar & s2 ) const
pure virtual

Perform 2-ary multiplication (variable time)

Compute s1*pt1 + s2*pt2 in variable time

Returns nullopt if the produced point is the point at infinity

Implemented in Botan::PCurve::PrimeOrderCurveImpl< C >.

◆ mul2_vartime_x_mod_order()

virtual std::optional< Scalar > Botan::PCurve::PrimeOrderCurve::mul2_vartime_x_mod_order ( const PrecomputedMul2Table & table,
const Scalar & s1,
const Scalar & s2 ) const
pure virtual

Perform 2-ary multiplication (variable time), reducing x modulo order

Compute s1*pt1 + s2*pt2 in variable time, then extract the x coordinate of the result, and reduce x modulo the group order

Returns nullopt if the produced point is the point at infinity

Implemented in Botan::PCurve::PrimeOrderCurveImpl< C >.

◆ mul_by_g()

virtual ProjectivePoint Botan::PCurve::PrimeOrderCurve::mul_by_g ( const Scalar & scalar,
RandomNumberGenerator & rng ) const
pure virtual

Base point multiplication

Multiply by the standard generator point g

Implemented in Botan::PCurve::PrimeOrderCurveImpl< C >.

◆ order_bits()

virtual size_t Botan::PCurve::PrimeOrderCurve::order_bits ( ) const
pure virtual

Return the bit length of the group order.

Implemented in Botan::PCurve::PrimeOrderCurveImpl< C >.

◆ point_add()

virtual ProjectivePoint Botan::PCurve::PrimeOrderCurve::point_add ( const ProjectivePoint & a,
const ProjectivePoint & b ) const
pure virtual

Implemented in Botan::PCurve::PrimeOrderCurveImpl< C >.

◆ point_add_mixed()

virtual ProjectivePoint Botan::PCurve::PrimeOrderCurve::point_add_mixed ( const ProjectivePoint & a,
const AffinePoint & b ) const
pure virtual

Implemented in Botan::PCurve::PrimeOrderCurveImpl< C >.

◆ point_double()

virtual ProjectivePoint Botan::PCurve::PrimeOrderCurve::point_double ( const ProjectivePoint & pt) const
pure virtual

Implemented in Botan::PCurve::PrimeOrderCurveImpl< C >.

◆ point_negate()

virtual ProjectivePoint Botan::PCurve::PrimeOrderCurve::point_negate ( const ProjectivePoint & pt) const
pure virtual

Implemented in Botan::PCurve::PrimeOrderCurveImpl< C >.

◆ point_to_affine()

virtual AffinePoint Botan::PCurve::PrimeOrderCurve::point_to_affine ( const ProjectivePoint & pt) const
pure virtual

Implemented in Botan::PCurve::PrimeOrderCurveImpl< C >.

◆ point_to_projective()

virtual ProjectivePoint Botan::PCurve::PrimeOrderCurve::point_to_projective ( const AffinePoint & pt) const
pure virtual

Implemented in Botan::PCurve::PrimeOrderCurveImpl< C >.

◆ random_scalar()

virtual Scalar Botan::PCurve::PrimeOrderCurve::random_scalar ( RandomNumberGenerator & rng) const
pure virtual

Return a new random scalar

Implemented in Botan::PCurve::PrimeOrderCurveImpl< C >.

◆ scalar_add()

virtual Scalar Botan::PCurve::PrimeOrderCurve::scalar_add ( const Scalar & a,
const Scalar & b ) const
pure virtual

Implemented in Botan::PCurve::PrimeOrderCurveImpl< C >.

◆ scalar_bytes()

virtual size_t Botan::PCurve::PrimeOrderCurve::scalar_bytes ( ) const
pure virtual

Return the byte length of the scalar element.

Implemented in Botan::PCurve::PrimeOrderCurveImpl< C >.

◆ scalar_equal()

virtual bool Botan::PCurve::PrimeOrderCurve::scalar_equal ( const Scalar & a,
const Scalar & b ) const
pure virtual

Implemented in Botan::PCurve::PrimeOrderCurveImpl< C >.

◆ scalar_from_bits_with_trunc()

virtual Scalar Botan::PCurve::PrimeOrderCurve::scalar_from_bits_with_trunc ( std::span< const uint8_t > bytes) const
pure virtual

Deserialize a scalar using ECDSA truncation rules

ECDSA and other signature schemes use a specific rule for converting a hash output into a scalar.

Implemented in Botan::PCurve::PrimeOrderCurveImpl< C >.

◆ scalar_from_u32()

virtual Scalar Botan::PCurve::PrimeOrderCurve::scalar_from_u32 ( uint32_t x) const
pure virtual

Return a small scalar

Implemented in Botan::PCurve::PrimeOrderCurveImpl< C >.

◆ scalar_from_wide_bytes()

virtual std::optional< Scalar > Botan::PCurve::PrimeOrderCurve::scalar_from_wide_bytes ( std::span< const uint8_t > bytes) const
pure virtual

Reduce an integer modulo the group order

The input can be at most twice the bit length of the order; if larger than this nullopt is returned

Implemented in Botan::PCurve::PrimeOrderCurveImpl< C >.

◆ scalar_invert()

virtual Scalar Botan::PCurve::PrimeOrderCurve::scalar_invert ( const Scalar & s) const
pure virtual

Implemented in Botan::PCurve::PrimeOrderCurveImpl< C >.

◆ scalar_is_zero()

virtual bool Botan::PCurve::PrimeOrderCurve::scalar_is_zero ( const Scalar & s) const
pure virtual

Implemented in Botan::PCurve::PrimeOrderCurveImpl< C >.

◆ scalar_mul()

virtual Scalar Botan::PCurve::PrimeOrderCurve::scalar_mul ( const Scalar & a,
const Scalar & b ) const
pure virtual

Implemented in Botan::PCurve::PrimeOrderCurveImpl< C >.

◆ scalar_negate()

virtual Scalar Botan::PCurve::PrimeOrderCurve::scalar_negate ( const Scalar & s) const
pure virtual

Implemented in Botan::PCurve::PrimeOrderCurveImpl< C >.

◆ scalar_one()

virtual Scalar Botan::PCurve::PrimeOrderCurve::scalar_one ( ) const
pure virtual

Return the scalar one

Implemented in Botan::PCurve::PrimeOrderCurveImpl< C >.

◆ scalar_square()

virtual Scalar Botan::PCurve::PrimeOrderCurve::scalar_square ( const Scalar & s) const
pure virtual

Implemented in Botan::PCurve::PrimeOrderCurveImpl< C >.

◆ scalar_sub()

virtual Scalar Botan::PCurve::PrimeOrderCurve::scalar_sub ( const Scalar & a,
const Scalar & b ) const
pure virtual

Implemented in Botan::PCurve::PrimeOrderCurveImpl< C >.

◆ scalar_zero()

virtual Scalar Botan::PCurve::PrimeOrderCurve::scalar_zero ( ) const
pure virtual

Return the scalar zero

Implemented in Botan::PCurve::PrimeOrderCurveImpl< C >.

◆ serialize_point()

virtual void Botan::PCurve::PrimeOrderCurve::serialize_point ( std::span< uint8_t > bytes,
const AffinePoint & pt ) const
pure virtual

Implemented in Botan::PCurve::PrimeOrderCurveImpl< C >.

◆ serialize_point_compressed()

virtual void Botan::PCurve::PrimeOrderCurve::serialize_point_compressed ( std::span< uint8_t > bytes,
const AffinePoint & pt ) const
pure virtual

Implemented in Botan::PCurve::PrimeOrderCurveImpl< C >.

◆ serialize_point_x()

virtual void Botan::PCurve::PrimeOrderCurve::serialize_point_x ( std::span< uint8_t > bytes,
const AffinePoint & pt ) const
pure virtual

Implemented in Botan::PCurve::PrimeOrderCurveImpl< C >.

◆ serialize_scalar()

virtual void Botan::PCurve::PrimeOrderCurve::serialize_scalar ( std::span< uint8_t > bytes,
const Scalar & scalar ) const
pure virtual

Implemented in Botan::PCurve::PrimeOrderCurveImpl< C >.

Member Data Documentation

◆ MaximumBitLength

const size_t Botan::PCurve::PrimeOrderCurve::MaximumBitLength = 521
static

Somewhat arbitrary maximum size for a field or scalar

Sized to fit at least P-521

Definition at line 37 of file pcurves.h.

◆ MaximumByteLength

const size_t Botan::PCurve::PrimeOrderCurve::MaximumByteLength = (MaximumBitLength + 7) / 8
static

Definition at line 39 of file pcurves.h.

◆ StorageWords

const size_t Botan::PCurve::PrimeOrderCurve::StorageWords = (MaximumByteLength + sizeof(word) - 1) / sizeof(word)
static

Number of words used to store MaximumByteLength.

Definition at line 42 of file pcurves.h.

The documentation for this class was generated from the following files:
Generated by doxygen 1.11.0