Botan 3.6.1
Crypto and TLS for C&
ec_apoint.h
Go to the documentation of this file.
1/*
2* (C) 2024 Jack Lloyd
3*
4* Botan is released under the Simplified BSD License (see license.txt)
5*/
6
7#ifndef BOTAN_EC_APOINT_H_
8#define BOTAN_EC_APOINT_H_
9
10#include <botan/concepts.h>
11#include <botan/secmem.h>
12#include <botan/types.h>
13#include <optional>
14#include <span>
15#include <string_view>
16#include <vector>
17
18namespace Botan {
19
20class BigInt;
21class RandomNumberGenerator;
22class EC_Group;
23class EC_Scalar;
24class EC_Point;
25
26class EC_Group_Data;
27class EC_AffinePoint_Data;
28
29class BOTAN_UNSTABLE_API EC_AffinePoint final {
30 public:
31 /// Point deserialization. Throws if wrong length or not a valid point
32 ///
33 /// This accepts SEC1 compressed or uncompressed formats
34 EC_AffinePoint(const EC_Group& group, std::span<const uint8_t> bytes);
35
36 /// Point deserialization. Returns nullopt if wrong length or not a valid point
37 ///
38 /// This accepts SEC1 compressed or uncompressed formats
39 static std::optional<EC_AffinePoint> deserialize(const EC_Group& group, std::span<const uint8_t> bytes);
40
41 /// Create a point from a pair (x,y) of integers
42 ///
43 /// The integers must be within the field - in the range [0,p) and must
44 /// satisfy the curve equation
45 static std::optional<EC_AffinePoint> from_bigint_xy(const EC_Group& group, const BigInt& x, const BigInt& y);
46
47 /// Multiply by the group generator returning a complete point
48 ///
49 /// Workspace argument is transitional
50 static EC_AffinePoint g_mul(const EC_Scalar& scalar, RandomNumberGenerator& rng, std::vector<BigInt>& ws);
51
52 /// Return the identity element
53 static EC_AffinePoint identity(const EC_Group& group);
54
55 /// Return the standard group generator
56 static EC_AffinePoint generator(const EC_Group& group);
57
58 /// Hash to curve (RFC 9380), random oracle variant
59 ///
60 /// Only supported for specific groups
61 static EC_AffinePoint hash_to_curve_ro(const EC_Group& group,
62 std::string_view hash_fn,
63 std::span<const uint8_t> input,
64 std::span<const uint8_t> domain_sep);
65
66 /// Hash to curve (RFC 9380), non uniform variant
67 ///
68 /// Only supported for specific groups
69 static EC_AffinePoint hash_to_curve_nu(const EC_Group& group,
70 std::string_view hash_fn,
71 std::span<const uint8_t> input,
72 std::span<const uint8_t> domain_sep);
73
74 /// Multiply a point by a scalar returning a complete point
75 ///
76 /// Workspace argument is transitional
77 EC_AffinePoint mul(const EC_Scalar& scalar, RandomNumberGenerator& rng, std::vector<BigInt>& ws) const;
78
79 /// Return the number of bytes of a field element
80 ///
81 /// A point consists of two field elements, plus possibly a header
82 size_t field_element_bytes() const;
83
84 /// Return true if this point is the identity element
85 bool is_identity() const;
86
87 /// Write the fixed length encoding of affine x coordinate
88 ///
89 /// The output span must be exactly field_element_bytes long
90 ///
91 /// This function will fail if this point is the identity element
92 void serialize_x_to(std::span<uint8_t> bytes) const;
93
94 /// Write the fixed length encoding of affine y coordinate
95 ///
96 /// The output span must be exactly field_element_bytes long
97 ///
98 /// This function will fail if this point is the identity element
99 void serialize_y_to(std::span<uint8_t> bytes) const;
100
101 /// Write the fixed length encoding of affine x and y coordinates
102 ///
103 /// The output span must be exactly 2*field_element_bytes long
104 ///
105 /// This function will fail if this point is the identity element
106 void serialize_xy_to(std::span<uint8_t> bytes) const;
107
108 /// Write the fixed length SEC1 compressed encoding
109 ///
110 /// The output span must be exactly 1 + field_element_bytes long
111 ///
112 /// This function will fail if this point is the identity element
113 void serialize_compressed_to(std::span<uint8_t> bytes) const;
114
115 /// Return the fixed length encoding of SEC1 uncompressed encoding
116 ///
117 /// The output span must be exactly 1 + 2*field_element_bytes long
118 ///
119 /// This function will fail if this point is the identity element
120 void serialize_uncompressed_to(std::span<uint8_t> bytes) const;
121
122 /// Return the bytes of the affine x coordinate in a container
123 ///
124 /// This function will fail if this point is the identity element
125 template <concepts::resizable_byte_buffer T = secure_vector<uint8_t>>
126 T x_bytes() const {
127 T bytes(this->field_element_bytes());
128 this->serialize_x_to(bytes);
129 return bytes;
130 }
131
132 /// Return the bytes of the affine y coordinate in a container
133 ///
134 /// This function will fail if this point is the identity element
135 template <concepts::resizable_byte_buffer T = secure_vector<uint8_t>>
136 T y_bytes() const {
137 T bytes(this->field_element_bytes());
138 this->serialize_y_to(bytes);
139 return bytes;
140 }
141
142 /// Return the bytes of the affine x and y coordinates in a container
143 ///
144 /// This function will fail if this point is the identity element
145 template <concepts::resizable_byte_buffer T = secure_vector<uint8_t>>
146 T xy_bytes() const {
147 T bytes(2 * this->field_element_bytes());
148 this->serialize_xy_to(bytes);
149 return bytes;
150 }
151
152 /// Return the bytes of the affine x and y coordinates in a container
153 ///
154 /// This function will fail if this point is the identity element
155 template <concepts::resizable_byte_buffer T = std::vector<uint8_t>>
156 T serialize_uncompressed() const {
157 T bytes(1 + 2 * this->field_element_bytes());
158 this->serialize_uncompressed_to(bytes);
159 return bytes;
160 }
161
162 /// Return the bytes of the affine x and y coordinates in a container
163 ///
164 /// This function will fail if this point is the identity element
165 template <concepts::resizable_byte_buffer T = std::vector<uint8_t>>
166 T serialize_compressed() const {
167 T bytes(1 + this->field_element_bytes());
168 this->serialize_compressed_to(bytes);
169 return bytes;
170 }
171
172 EC_AffinePoint(const EC_AffinePoint& other);
173 EC_AffinePoint(EC_AffinePoint&& other) noexcept;
174
175 EC_AffinePoint& operator=(const EC_AffinePoint& other);
176 EC_AffinePoint& operator=(EC_AffinePoint&& other) noexcept;
177
178 /**
179 * Deprecated conversion
180 */
181 EC_AffinePoint(const EC_Group& group, const EC_Point& pt);
182
183 /**
184 * Deprecated conversion
185 */
186 EC_Point to_legacy_point() const;
187
188 ~EC_AffinePoint();
189
190 const EC_AffinePoint_Data& _inner() const { return inner(); }
191
192 static EC_AffinePoint _from_inner(std::unique_ptr<EC_AffinePoint_Data> inner);
193
194 const std::shared_ptr<const EC_Group_Data>& _group() const;
195
196 private:
197 friend class EC_Mul2Table;
198
199 EC_AffinePoint(std::unique_ptr<EC_AffinePoint_Data> point);
200
201 const EC_AffinePoint_Data& inner() const { return *m_point; }
202
203 std::unique_ptr<EC_AffinePoint_Data> m_point;
204};
205
206} // namespace Botan
207
208#endif
Botan::EC_AffinePoint_Data
Definition ec_inner_data.h:62
Botan::EC_AffinePoint
Definition ec_apoint.h:29
Botan::EC_AffinePoint::y_bytes
T y_bytes() const
Definition ec_apoint.h:136
Botan::EC_AffinePoint::xy_bytes
T xy_bytes() const
Definition ec_apoint.h:146
Botan::EC_AffinePoint::serialize_uncompressed
T serialize_uncompressed() const
Definition ec_apoint.h:156
Botan::EC_AffinePoint::x_bytes
T x_bytes() const
Definition ec_apoint.h:126
Botan::EC_AffinePoint::~EC_AffinePoint
~EC_AffinePoint()
Botan::EC_AffinePoint::serialize_compressed
T serialize_compressed() const
Definition ec_apoint.h:166
Botan::EC_AffinePoint::_inner
const EC_AffinePoint_Data & _inner() const
Definition ec_apoint.h:190
Botan::EC_Group
Definition ec_group.h:51
Botan::EC_Point
Definition ec_point.h:37
Botan::EC_Scalar
Definition ec_scalar.h:28
final
int(* final)(unsigned char *, CTX *)
Definition commoncrypto_hash.cpp:29
BOTAN_UNSTABLE_API
#define BOTAN_UNSTABLE_API
Definition compiler.h:44
T
FE_25519 T
Definition ge.cpp:34
Generated by doxygen 1.12.0