Botan 3.6.1
Crypto and TLS for C&
Classes | Public Types | Public Member Functions | Static Public Member Functions | Static Public Attributes | List of all members
Botan::PCurve::PrimeOrderCurveImpl< C > Class Template Referencefinal

#include <pcurves_wrap.h>

Inheritance diagram for Botan::PCurve::PrimeOrderCurveImpl< C >:
Botan::PCurve::PrimeOrderCurve

Classes

class  PrecomputedMul2TableC
 

Public Types

typedef std::shared_ptr< const PrimeOrderCurveCurvePtr
 
typedef std::array< word, StorageWordsStorageUnit
 

Public Member Functions

bool affine_point_is_identity (const AffinePoint &pt) const override
 
Scalar base_point_mul_x_mod_order (const Scalar &scalar, RandomNumberGenerator &rng) const override
 
std::optional< AffinePointdeserialize_point (std::span< const uint8_t > bytes) const override
 
std::optional< Scalardeserialize_scalar (std::span< const uint8_t > bytes) const override
 
size_t field_element_bytes () const override
 
AffinePoint generator () const override
 Return the standard generator.
 
AffinePoint hash_to_curve_nu (std::string_view hash, std::span< const uint8_t > input, std::span< const uint8_t > domain_sep) const override
 
ProjectivePoint hash_to_curve_ro (std::string_view hash, std::span< const uint8_t > input, std::span< const uint8_t > domain_sep) const override
 
ProjectivePoint mul (const AffinePoint &pt, const Scalar &scalar, RandomNumberGenerator &rng) const override
 
std::unique_ptr< const PrecomputedMul2Tablemul2_setup (const AffinePoint &x, const AffinePoint &y) const override
 Setup a table for 2-ary multiplication.
 
std::optional< ProjectivePointmul2_vartime (const PrecomputedMul2Table &tableb, const Scalar &s1, const Scalar &s2) const override
 
bool mul2_vartime_x_mod_order_eq (const PrecomputedMul2Table &tableb, const Scalar &v, const Scalar &s1, const Scalar &s2) const override
 
ProjectivePoint mul_by_g (const Scalar &scalar, RandomNumberGenerator &rng) const override
 
size_t order_bits () const override
 Return the bit length of the group order.
 
ProjectivePoint point_add (const ProjectivePoint &a, const ProjectivePoint &b) const override
 
ProjectivePoint point_add_mixed (const ProjectivePoint &a, const AffinePoint &b) const override
 
ProjectivePoint point_double (const ProjectivePoint &pt) const override
 
ProjectivePoint point_negate (const ProjectivePoint &pt) const override
 
AffinePoint point_to_affine (const ProjectivePoint &pt) const override
 
ProjectivePoint point_to_projective (const AffinePoint &pt) const override
 
 PrimeOrderCurveImpl ()
 
Scalar random_scalar (RandomNumberGenerator &rng) const override
 
Scalar scalar_add (const Scalar &a, const Scalar &b) const override
 
size_t scalar_bytes () const override
 Return the byte length of the scalar element.
 
bool scalar_equal (const Scalar &a, const Scalar &b) const override
 
Scalar scalar_from_u32 (uint32_t x) const override
 
std::optional< Scalarscalar_from_wide_bytes (std::span< const uint8_t > bytes) const override
 
Scalar scalar_invert (const Scalar &ss) const override
 
bool scalar_is_zero (const Scalar &s) const override
 
Scalar scalar_mul (const Scalar &a, const Scalar &b) const override
 
Scalar scalar_negate (const Scalar &s) const override
 
Scalar scalar_one () const override
 
Scalar scalar_square (const Scalar &s) const override
 
Scalar scalar_sub (const Scalar &a, const Scalar &b) const override
 
Scalar scalar_zero () const override
 
void serialize_point (std::span< uint8_t > bytes, const AffinePoint &pt) const override
 
void serialize_point_compressed (std::span< uint8_t > bytes, const AffinePoint &pt) const override
 
void serialize_point_x (std::span< uint8_t > bytes, const AffinePoint &pt) const override
 
void serialize_scalar (std::span< uint8_t > bytes, const Scalar &scalar) const override
 

Static Public Member Functions

static std::shared_ptr< const PrimeOrderCurvefrom_id (PrimeOrderCurveId id)
 
static std::shared_ptr< const PrimeOrderCurvefrom_name (std::string_view name)
 
static std::shared_ptr< const PrimeOrderCurveinstance ()
 

Static Public Attributes

static const size_t MaximumBitLength = 521
 
static const size_t MaximumByteLength = (MaximumBitLength + 7) / 8
 
static const size_t StorageWords = (MaximumByteLength + sizeof(word) - 1) / sizeof(word)
 Number of words used to store MaximumByteLength.
 

Detailed Description

template<typename C>
class Botan::PCurve::PrimeOrderCurveImpl< C >

Definition at line 21 of file pcurves_wrap.h.

Member Typedef Documentation

◆ CurvePtr

std::shared_ptr<const PrimeOrderCurve> Botan::PCurve::PrimeOrderCurve::CurvePtr
inherited

Definition at line 55 of file pcurves.h.

◆ StorageUnit

std::array<word, StorageWords> Botan::PCurve::PrimeOrderCurve::StorageUnit
inherited

Definition at line 54 of file pcurves.h.

Constructor & Destructor Documentation

◆ PrimeOrderCurveImpl()

template<typename C >
Botan::PCurve::PrimeOrderCurveImpl< C >::PrimeOrderCurveImpl ( )
inline

Definition at line 291 of file pcurves_wrap.h.

291: m_mul_by_g(C::G) {}

Member Function Documentation

◆ affine_point_is_identity()

template<typename C >
bool Botan::PCurve::PrimeOrderCurveImpl< C >::affine_point_is_identity ( const AffinePoint & pt) const
inlineoverridevirtual

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 181 of file pcurves_wrap.h.

181 {
182 return from_stash(pt).is_identity().as_bool();
183 }

◆ base_point_mul_x_mod_order()

template<typename C >
Scalar Botan::PCurve::PrimeOrderCurveImpl< C >::base_point_mul_x_mod_order ( const Scalar & scalar,
RandomNumberGenerator & rng ) const
inlineoverridevirtual

Base point multiplication, returning only the x coordinate modulo the group order

Multiply by the standard generator point g, then extract the x coordinate as an integer, then reduce the x coordinate modulo the group order

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 152 of file pcurves_wrap.h.

152 {
153 auto pt = m_mul_by_g.mul(from_stash(scalar), rng);
154 std::array<uint8_t, C::FieldElement::BYTES> x_bytes;
155 to_affine_x<C>(pt).serialize_to(std::span{x_bytes});
156 return stash(C::Scalar::from_wide_bytes(std::span<const uint8_t, C::FieldElement::BYTES>{x_bytes}));
157 }

◆ deserialize_point()

template<typename C >
std::optional< AffinePoint > Botan::PCurve::PrimeOrderCurveImpl< C >::deserialize_point ( std::span< const uint8_t > bytes) const
inlineoverridevirtual

Deserialize a point

Both compressed and uncompressed encodings are accepted

Note that the deprecated "hybrid" encoding is not supported here

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 224 of file pcurves_wrap.h.

224 {
225 if(auto pt = C::AffinePoint::deserialize(bytes)) {
226 return stash(*pt);
227 } else {
228 return {};
229 }
230 }

◆ deserialize_scalar()

template<typename C >
std::optional< Scalar > Botan::PCurve::PrimeOrderCurveImpl< C >::deserialize_scalar ( std::span< const uint8_t > bytes) const
inlineoverridevirtual

Deserialize a scalar

This function requires the input length be exactly scalar_bytes long; it does not accept inputs that are shorter, or with excess leading zero padding bytes.

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 206 of file pcurves_wrap.h.

206 {
207 if(auto scalar = C::Scalar::deserialize(bytes)) {
208 if(!scalar->is_zero().as_bool()) {
209 return stash(*scalar);
210 }
211 }
212
213 return {};
214 }

◆ field_element_bytes()

template<typename C >
size_t Botan::PCurve::PrimeOrderCurveImpl< C >::field_element_bytes ( ) const
inlineoverridevirtual

Return the byte length of a field element

Each point consists of two field elements

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 43 of file pcurves_wrap.h.

43{ return C::FieldElement::BYTES; }

◆ from_id()

std::shared_ptr< const PrimeOrderCurve > Botan::PCurve::PrimeOrderCurve::from_id ( PrimeOrderCurveId id)
staticinherited

Definition at line 101 of file pcurves.cpp.

101 {
102 switch(id.code()) {
103 case PrimeOrderCurveId::secp192r1:
104 return PCurveInstance::secp192r1();
105 case PrimeOrderCurveId::secp224r1:
106 return PCurveInstance::secp224r1();
107 case PrimeOrderCurveId::secp256r1:
108 return PCurveInstance::secp256r1();
109 case PrimeOrderCurveId::secp384r1:
110 return PCurveInstance::secp384r1();
111 case PrimeOrderCurveId::secp521r1:
112 return PCurveInstance::secp521r1();
113 case PrimeOrderCurveId::secp256k1:
114 return PCurveInstance::secp256k1();
115 case PrimeOrderCurveId::brainpool256r1:
116 return PCurveInstance::brainpool256r1();
117 case PrimeOrderCurveId::brainpool384r1:
118 return PCurveInstance::brainpool384r1();
119 case PrimeOrderCurveId::brainpool512r1:
120 return PCurveInstance::brainpool512r1();
121 case PrimeOrderCurveId::frp256v1:
122 return PCurveInstance::frp256v1();
123 case PrimeOrderCurveId::sm2p256v1:
124 return PCurveInstance::sm2p256v1();
125 case PrimeOrderCurveId::numsp512d1:
126 return PCurveInstance::numsp512d1();
127 }
128 return {};
129}
Botan::PCurve::PCurveInstance::secp521r1
static std::shared_ptr< const PrimeOrderCurve > secp521r1()
Definition pcurves.cpp:47
Botan::PCurve::PCurveInstance::numsp512d1
static std::shared_ptr< const PrimeOrderCurve > numsp512d1()
Definition pcurves.cpp:96
Botan::PCurve::PCurveInstance::secp256k1
static std::shared_ptr< const PrimeOrderCurve > secp256k1()
Definition pcurves.cpp:54
Botan::PCurve::PCurveInstance::secp192r1
static std::shared_ptr< const PrimeOrderCurve > secp192r1()
Definition pcurves.cpp:19
Botan::PCurve::PCurveInstance::secp384r1
static std::shared_ptr< const PrimeOrderCurve > secp384r1()
Definition pcurves.cpp:40
Botan::PCurve::PCurveInstance::brainpool384r1
static std::shared_ptr< const PrimeOrderCurve > brainpool384r1()
Definition pcurves.cpp:68
Botan::PCurve::PCurveInstance::brainpool512r1
static std::shared_ptr< const PrimeOrderCurve > brainpool512r1()
Definition pcurves.cpp:75
Botan::PCurve::PCurveInstance::secp224r1
static std::shared_ptr< const PrimeOrderCurve > secp224r1()
Definition pcurves.cpp:26
Botan::PCurve::PCurveInstance::frp256v1
static std::shared_ptr< const PrimeOrderCurve > frp256v1()
Definition pcurves.cpp:82
Botan::PCurve::PCurveInstance::brainpool256r1
static std::shared_ptr< const PrimeOrderCurve > brainpool256r1()
Definition pcurves.cpp:61
Botan::PCurve::PCurveInstance::sm2p256v1
static std::shared_ptr< const PrimeOrderCurve > sm2p256v1()
Definition pcurves.cpp:89
Botan::PCurve::PCurveInstance::secp256r1
static std::shared_ptr< const PrimeOrderCurve > secp256r1()
Definition pcurves.cpp:33

References Botan::PCurve::PCurveInstance::brainpool256r1(), Botan::PCurve::PrimeOrderCurveId::brainpool256r1, Botan::PCurve::PCurveInstance::brainpool384r1(), Botan::PCurve::PrimeOrderCurveId::brainpool384r1, Botan::PCurve::PCurveInstance::brainpool512r1(), Botan::PCurve::PrimeOrderCurveId::brainpool512r1, Botan::PCurve::PCurveInstance::frp256v1(), Botan::PCurve::PrimeOrderCurveId::frp256v1, Botan::PCurve::PCurveInstance::numsp512d1(), Botan::PCurve::PrimeOrderCurveId::numsp512d1, Botan::PCurve::PCurveInstance::secp192r1(), Botan::PCurve::PrimeOrderCurveId::secp192r1, Botan::PCurve::PCurveInstance::secp224r1(), Botan::PCurve::PrimeOrderCurveId::secp224r1, Botan::PCurve::PCurveInstance::secp256k1(), Botan::PCurve::PrimeOrderCurveId::secp256k1, Botan::PCurve::PCurveInstance::secp256r1(), Botan::PCurve::PrimeOrderCurveId::secp256r1, Botan::PCurve::PCurveInstance::secp384r1(), Botan::PCurve::PrimeOrderCurveId::secp384r1, Botan::PCurve::PCurveInstance::secp521r1(), Botan::PCurve::PrimeOrderCurveId::secp521r1, Botan::PCurve::PCurveInstance::sm2p256v1(), and Botan::PCurve::PrimeOrderCurveId::sm2p256v1.

◆ from_name()

static std::shared_ptr< const PrimeOrderCurve > Botan::PCurve::PrimeOrderCurve::from_name ( std::string_view name)
inlinestaticinherited

Definition at line 44 of file pcurves.h.

44 {
45 if(auto id = PrimeOrderCurveId::from_string(name)) {
46 return PrimeOrderCurve::from_id(id.value());
47 } else {
48 return {};
49 }
50 }
Botan::PCurve::PrimeOrderCurveId::from_string
static std::optional< PrimeOrderCurveId > from_string(std::string_view name)
Map a string to a curve identifier.
Definition pcurves.cpp:180
Botan::PCurve::PrimeOrderCurve::from_id
static std::shared_ptr< const PrimeOrderCurve > from_id(PrimeOrderCurveId id)
Definition pcurves.cpp:101
name
std::string name
Definition commoncrypto_hash.cpp:24

References name.

◆ generator()

template<typename C >
AffinePoint Botan::PCurve::PrimeOrderCurveImpl< C >::generator ( ) const
inlineoverridevirtual

Return the standard generator.

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 159 of file pcurves_wrap.h.

159{ return stash(C::G); }

◆ hash_to_curve_nu()

template<typename C >
AffinePoint Botan::PCurve::PrimeOrderCurveImpl< C >::hash_to_curve_nu ( std::string_view hash,
std::span< const uint8_t > input,
std::span< const uint8_t > domain_sep ) const
inlineoverridevirtual

RFC 9380 hash to curve (NU variant)

This is currently only supported for a few specific curves

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 232 of file pcurves_wrap.h.

234 {
235 if constexpr(C::ValidForSswuHash) {
236 return stash(hash_to_curve_sswu<C, false>(hash, input, domain_sep));
237 } else {
238 throw Not_Implemented("Hash to curve is not implemented for this curve");
239 }
240 }

◆ hash_to_curve_ro()

template<typename C >
ProjectivePoint Botan::PCurve::PrimeOrderCurveImpl< C >::hash_to_curve_ro ( std::string_view hash,
std::span< const uint8_t > input,
std::span< const uint8_t > domain_sep ) const
inlineoverridevirtual

RFC 9380 hash to curve (RO variant)

This is currently only supported for a few specific curves

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 242 of file pcurves_wrap.h.

244 {
245 if constexpr(C::ValidForSswuHash) {
246 return stash(hash_to_curve_sswu<C, true>(hash, input, domain_sep));
247 } else {
248 throw Not_Implemented("Hash to curve is not implemented for this curve");
249 }
250 }

◆ instance()

template<typename C >
static std::shared_ptr< const PrimeOrderCurve > Botan::PCurve::PrimeOrderCurveImpl< C >::instance ( )
inlinestatic

Definition at line 293 of file pcurves_wrap.h.

293 {
294 static auto g_curve = std::make_shared<const PrimeOrderCurveImpl<C>>();
295 return g_curve;
296 }

◆ mul()

template<typename C >
ProjectivePoint Botan::PCurve::PrimeOrderCurveImpl< C >::mul ( const AffinePoint & pt,
const Scalar & scalar,
RandomNumberGenerator & rng ) const
inlineoverridevirtual

Generic point multiplication

Multiply an arbitrary point by a scalar

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 49 of file pcurves_wrap.h.

49 {
50 auto tbl = WindowedMulTable<C, 4>(from_stash(pt));
51 return stash(tbl.mul(from_stash(scalar), rng));
52 }

◆ mul2_setup()

template<typename C >
std::unique_ptr< const PrecomputedMul2Table > Botan::PCurve::PrimeOrderCurveImpl< C >::mul2_setup ( const AffinePoint & pt1,
const AffinePoint & pt2 ) const
inlineoverridevirtual

Setup a table for 2-ary multiplication.

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 54 of file pcurves_wrap.h.

55 {
56 return std::make_unique<PrecomputedMul2TableC>(from_stash(x), from_stash(y));
57 }

◆ mul2_vartime()

template<typename C >
std::optional< ProjectivePoint > Botan::PCurve::PrimeOrderCurveImpl< C >::mul2_vartime ( const PrecomputedMul2Table & table,
const Scalar & s1,
const Scalar & s2 ) const
inlineoverridevirtual

Perform 2-ary multiplication (variable time)

Compute s1*pt1 + s2*pt2 in variable time

Returns nullopt if the produced point is the point at infinity

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 59 of file pcurves_wrap.h.

61 {
62 try {
63 const auto& table = dynamic_cast<const PrecomputedMul2TableC&>(tableb);
64 auto pt = table.table().mul2_vartime(from_stash(s1), from_stash(s2));
65 if(pt.is_identity().as_bool()) {
66 return {};
67 } else {
68 return stash(pt);
69 }
70 } catch(std::bad_cast&) {
71 throw Invalid_Argument("Curve mismatch");
72 }
73 }

References Botan::PCurve::PrimeOrderCurveImpl< C >::PrecomputedMul2TableC::table().

◆ mul2_vartime_x_mod_order_eq()

template<typename C >
bool Botan::PCurve::PrimeOrderCurveImpl< C >::mul2_vartime_x_mod_order_eq ( const PrecomputedMul2Table & table,
const Scalar & v,
const Scalar & s1,
const Scalar & s2 ) const
inlineoverridevirtual

Perform 2-ary multiplication (variable time), reducing x modulo order

Compute s1*pt1 + s2*pt2 in variable time, then extract the x coordinate of the result, and reduce x modulo the group order. Compare that value with v. If equal, returns true. Otherwise returns false, including if the produced point is the point at infinity

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 75 of file pcurves_wrap.h.

78 {
79 try {
80 const auto& table = dynamic_cast<const PrecomputedMul2TableC&>(tableb);
81 const auto pt = table.table().mul2_vartime(from_stash(s1), from_stash(s2));
82 // Variable time here, so the early return is fine
83 if(pt.is_identity().as_bool()) {
84 return false;
85 }
86
87 /*
88 * Avoid the inversion by instead projecting v.
89 *
90 * Given (x*z2) and v we want to know if x % n == v
91 *
92 * Inverting z2 to extract x is expensive. Instead compute (v*z2) and
93 * compare it with (x*z2).
94 *
95 * With overwhelming probability, this conversion is correct. The
96 * only time it is not is in the extremely unlikely case where the
97 * signer actually reduced the x coordinate modulo the group order.
98 * That is handled seperately in a second step.
99 */
100 const auto z2 = pt.z().square();
101
102 std::array<uint8_t, C::Scalar::BYTES> v_bytes;
103 from_stash(v).serialize_to(v_bytes);
104
105 if(const auto fe_v = C::FieldElement::deserialize(v_bytes)) {
106 if((*fe_v * z2 == pt.x()).as_bool()) {
107 return true;
108 }
109
110 /*
111 * Possibly (if cryptographically unlikely) the signer
112 * reduced the value modulo the group order.
113 *
114 * If so we must check v + n similarly as before. However here
115 * we must be careful to not overflow since otherwise that
116 * would lead to us accepting an incorrect signature.
117 *
118 * If the order is > p then the reduction modulo p would not have
119 * had any effect and we don't need to consider the possibility
120 */
121 if constexpr(C::OrderIsLessThanField) {
122 /*
123 * We have to be careful to avoid overflow since this would
124 * lead to a forgery
125 *
126 * v < (p)-n => v + n < p
127 *
128 * The values n and neg_n could be precomputed but they are
129 * fast to compute and this codepath will ~never be taken
130 * unless when verifying an invalid signature. In any case
131 * it is many times cheaper than performing the modular inversion
132 * which this approach avoids.
133 */
134
135 // Create the group order as a field element, safe because n < p
136 const auto n = C::FieldElement::from_words(C::NW);
137 const auto neg_n = n.negate().to_words();
138
139 const auto vw = fe_v->to_words();
140 if(bigint_ct_is_lt(vw.data(), vw.size(), neg_n.data(), neg_n.size()).as_bool()) {
141 return (((*fe_v + n) * z2) == pt.x()).as_bool();
142 }
143 }
144 }
145
146 return false;
147 } catch(std::bad_cast&) {
148 throw Invalid_Argument("Curve mismatch");
149 }
150 }
Botan::bigint_ct_is_lt
constexpr auto bigint_ct_is_lt(const W x[], size_t x_size, const W y[], size_t y_size, bool lt_or_equal=false) -> CT::Mask< W >
Definition mp_core.h:639

References Botan::bigint_ct_is_lt(), and Botan::PCurve::PrimeOrderCurveImpl< C >::PrecomputedMul2TableC::table().

◆ mul_by_g()

template<typename C >
ProjectivePoint Botan::PCurve::PrimeOrderCurveImpl< C >::mul_by_g ( const Scalar & scalar,
RandomNumberGenerator & rng ) const
inlineoverridevirtual

Base point multiplication

Multiply by the standard generator point g

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 45 of file pcurves_wrap.h.

45 {
46 return stash(m_mul_by_g.mul(from_stash(scalar), rng));
47 }

◆ order_bits()

template<typename C >
size_t Botan::PCurve::PrimeOrderCurveImpl< C >::order_bits ( ) const
inlineoverridevirtual

Return the bit length of the group order.

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 39 of file pcurves_wrap.h.

39{ return C::OrderBits; }

◆ point_add()

template<typename C >
ProjectivePoint Botan::PCurve::PrimeOrderCurveImpl< C >::point_add ( const ProjectivePoint & a,
const ProjectivePoint & b ) const
inlineoverridevirtual

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 171 of file pcurves_wrap.h.

171 {
172 return stash(from_stash(a) + from_stash(b));
173 }
Botan::b
const SIMD_8x32 & b
Definition simd_avx2_gfni.h:63

References Botan::b.

◆ point_add_mixed()

template<typename C >
ProjectivePoint Botan::PCurve::PrimeOrderCurveImpl< C >::point_add_mixed ( const ProjectivePoint & a,
const AffinePoint & b ) const
inlineoverridevirtual

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 175 of file pcurves_wrap.h.

175 {
176 return stash(from_stash(a) + from_stash(b));
177 }

References Botan::b.

◆ point_double()

template<typename C >
ProjectivePoint Botan::PCurve::PrimeOrderCurveImpl< C >::point_double ( const ProjectivePoint & pt) const
inlineoverridevirtual

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 169 of file pcurves_wrap.h.

169{ return stash(from_stash(pt).dbl()); }

◆ point_negate()

template<typename C >
ProjectivePoint Botan::PCurve::PrimeOrderCurveImpl< C >::point_negate ( const ProjectivePoint & pt) const
inlineoverridevirtual

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 179 of file pcurves_wrap.h.

179{ return stash(from_stash(pt).negate()); }

◆ point_to_affine()

template<typename C >
AffinePoint Botan::PCurve::PrimeOrderCurveImpl< C >::point_to_affine ( const ProjectivePoint & pt) const
inlineoverridevirtual

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 161 of file pcurves_wrap.h.

161 {
162 return stash(to_affine<C>(from_stash(pt)));
163 }

◆ point_to_projective()

template<typename C >
ProjectivePoint Botan::PCurve::PrimeOrderCurveImpl< C >::point_to_projective ( const AffinePoint & pt) const
inlineoverridevirtual

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 165 of file pcurves_wrap.h.

165 {
166 return stash(C::ProjectivePoint::from_affine(from_stash(pt)));
167 }

◆ random_scalar()

template<typename C >
Scalar Botan::PCurve::PrimeOrderCurveImpl< C >::random_scalar ( RandomNumberGenerator & rng) const
inlineoverridevirtual

Return a new random scalar

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 289 of file pcurves_wrap.h.

289{ return stash(C::Scalar::random(rng)); }

◆ scalar_add()

template<typename C >
Scalar Botan::PCurve::PrimeOrderCurveImpl< C >::scalar_add ( const Scalar & a,
const Scalar & b ) const
inlineoverridevirtual

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 252 of file pcurves_wrap.h.

252 {
253 return stash(from_stash(a) + from_stash(b));
254 }

References Botan::b.

◆ scalar_bytes()

template<typename C >
size_t Botan::PCurve::PrimeOrderCurveImpl< C >::scalar_bytes ( ) const
inlineoverridevirtual

Return the byte length of the scalar element.

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 41 of file pcurves_wrap.h.

41{ return C::Scalar::BYTES; }

◆ scalar_equal()

template<typename C >
bool Botan::PCurve::PrimeOrderCurveImpl< C >::scalar_equal ( const Scalar & a,
const Scalar & b ) const
inlineoverridevirtual

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 279 of file pcurves_wrap.h.

279 {
280 return (from_stash(a) == from_stash(b)).as_bool();
281 }

References Botan::b.

◆ scalar_from_u32()

template<typename C >
Scalar Botan::PCurve::PrimeOrderCurveImpl< C >::scalar_from_u32 ( uint32_t x) const
inlineoverridevirtual

Return a small scalar

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 287 of file pcurves_wrap.h.

287{ return stash(C::Scalar::from_word(x)); }

◆ scalar_from_wide_bytes()

template<typename C >
std::optional< Scalar > Botan::PCurve::PrimeOrderCurveImpl< C >::scalar_from_wide_bytes ( std::span< const uint8_t > bytes) const
inlineoverridevirtual

Reduce an integer modulo the group order

The input can be at most twice the bit length of the order; if larger than this nullopt is returned

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 216 of file pcurves_wrap.h.

216 {
217 if(auto s = C::Scalar::from_wide_bytes_varlen(bytes)) {
218 return stash(*s);
219 } else {
220 return {};
221 }
222 }

◆ scalar_invert()

template<typename C >
Scalar Botan::PCurve::PrimeOrderCurveImpl< C >::scalar_invert ( const Scalar & ss) const
inlineoverridevirtual

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 266 of file pcurves_wrap.h.

266 {
267 auto s = from_stash(ss);
268 if constexpr(curve_supports_scalar_invert<C>) {
269 return stash(C::scalar_invert(s));
270 } else {
271 return stash(s.invert());
272 }
273 }

◆ scalar_is_zero()

template<typename C >
bool Botan::PCurve::PrimeOrderCurveImpl< C >::scalar_is_zero ( const Scalar & s) const
inlineoverridevirtual

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 277 of file pcurves_wrap.h.

277{ return from_stash(s).is_zero().as_bool(); }

◆ scalar_mul()

template<typename C >
Scalar Botan::PCurve::PrimeOrderCurveImpl< C >::scalar_mul ( const Scalar & a,
const Scalar & b ) const
inlineoverridevirtual

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 260 of file pcurves_wrap.h.

260 {
261 return stash(from_stash(a) * from_stash(b));
262 }

References Botan::b.

◆ scalar_negate()

template<typename C >
Scalar Botan::PCurve::PrimeOrderCurveImpl< C >::scalar_negate ( const Scalar & s) const
inlineoverridevirtual

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 275 of file pcurves_wrap.h.

275{ return stash(from_stash(s).negate()); }

◆ scalar_one()

template<typename C >
Scalar Botan::PCurve::PrimeOrderCurveImpl< C >::scalar_one ( ) const
inlineoverridevirtual

Return the scalar one

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 285 of file pcurves_wrap.h.

285{ return stash(C::Scalar::one()); }

◆ scalar_square()

template<typename C >
Scalar Botan::PCurve::PrimeOrderCurveImpl< C >::scalar_square ( const Scalar & s) const
inlineoverridevirtual

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 264 of file pcurves_wrap.h.

264{ return stash(from_stash(s).square()); }
Botan::square
BigInt square(const BigInt &x)
Definition numthry.cpp:157

References Botan::square().

◆ scalar_sub()

template<typename C >
Scalar Botan::PCurve::PrimeOrderCurveImpl< C >::scalar_sub ( const Scalar & a,
const Scalar & b ) const
inlineoverridevirtual

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 256 of file pcurves_wrap.h.

256 {
257 return stash(from_stash(a) - from_stash(b));
258 }

References Botan::b.

◆ scalar_zero()

template<typename C >
Scalar Botan::PCurve::PrimeOrderCurveImpl< C >::scalar_zero ( ) const
inlineoverridevirtual

Return the scalar zero

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 283 of file pcurves_wrap.h.

283{ return stash(C::Scalar::zero()); }

◆ serialize_point()

template<typename C >
void Botan::PCurve::PrimeOrderCurveImpl< C >::serialize_point ( std::span< uint8_t > bytes,
const AffinePoint & pt ) const
inlineoverridevirtual

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 185 of file pcurves_wrap.h.

185 {
186 BOTAN_ARG_CHECK(bytes.size() == C::AffinePoint::BYTES, "Invalid length for serialize_point");
187 from_stash(pt).serialize_to(bytes.subspan<0, C::AffinePoint::BYTES>());
188 }
BOTAN_ARG_CHECK
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:29

References BOTAN_ARG_CHECK.

◆ serialize_point_compressed()

template<typename C >
void Botan::PCurve::PrimeOrderCurveImpl< C >::serialize_point_compressed ( std::span< uint8_t > bytes,
const AffinePoint & pt ) const
inlineoverridevirtual

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 190 of file pcurves_wrap.h.

190 {
191 BOTAN_ARG_CHECK(bytes.size() == C::AffinePoint::COMPRESSED_BYTES,
192 "Invalid length for serialize_point_compressed");
193 from_stash(pt).serialize_compressed_to(bytes.subspan<0, C::AffinePoint::COMPRESSED_BYTES>());
194 }

References BOTAN_ARG_CHECK.

◆ serialize_point_x()

template<typename C >
void Botan::PCurve::PrimeOrderCurveImpl< C >::serialize_point_x ( std::span< uint8_t > bytes,
const AffinePoint & pt ) const
inlineoverridevirtual

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 196 of file pcurves_wrap.h.

196 {
197 BOTAN_ARG_CHECK(bytes.size() == C::FieldElement::BYTES, "Invalid length for serialize_point_x");
198 from_stash(pt).serialize_x_to(bytes.subspan<0, C::FieldElement::BYTES>());
199 }

References BOTAN_ARG_CHECK.

◆ serialize_scalar()

template<typename C >
void Botan::PCurve::PrimeOrderCurveImpl< C >::serialize_scalar ( std::span< uint8_t > bytes,
const Scalar & scalar ) const
inlineoverridevirtual

Implements Botan::PCurve::PrimeOrderCurve.

Definition at line 201 of file pcurves_wrap.h.

201 {
202 BOTAN_ARG_CHECK(bytes.size() == C::Scalar::BYTES, "Invalid length to serialize_scalar");
203 return from_stash(scalar).serialize_to(bytes.subspan<0, C::Scalar::BYTES>());
204 }

References BOTAN_ARG_CHECK.

Member Data Documentation

◆ MaximumBitLength

const size_t Botan::PCurve::PrimeOrderCurve::MaximumBitLength = 521
staticinherited

Somewhat arbitrary maximum size for a field or scalar

Sized to fit at least P-521

Definition at line 37 of file pcurves.h.

◆ MaximumByteLength

const size_t Botan::PCurve::PrimeOrderCurve::MaximumByteLength = (MaximumBitLength + 7) / 8
staticinherited

Definition at line 39 of file pcurves.h.

◆ StorageWords

const size_t Botan::PCurve::PrimeOrderCurve::StorageWords = (MaximumByteLength + sizeof(word) - 1) / sizeof(word)
staticinherited

Number of words used to store MaximumByteLength.

Definition at line 42 of file pcurves.h.

The documentation for this class was generated from the following file:
Generated by doxygen 1.12.0