Botan 3.9.0
Crypto and TLS for C&
ec_inner_pc.cpp
Go to the documentation of this file.
1/*
2* (C) 2024 Jack Lloyd
3*
4* Botan is released under the Simplified BSD License (see license.txt)
5*/
6
7#include <botan/internal/ec_inner_pc.h>
8
9#include <botan/mem_ops.h>
10
11namespace Botan {
12
13const EC_Scalar_Data_PC& EC_Scalar_Data_PC::checked_ref(const EC_Scalar_Data& data) {
14 const auto* p = dynamic_cast<const EC_Scalar_Data_PC*>(&data);
15 if(p == nullptr) {
16 throw Invalid_State("Failed conversion to EC_Scalar_Data_PC");
17 }
18 return *p;
19}
20
21const std::shared_ptr<const EC_Group_Data>& EC_Scalar_Data_PC::group() const {
22 return m_group;
23}
24
25size_t EC_Scalar_Data_PC::bytes() const {
26 return this->group()->order_bytes();
27}
28
29std::unique_ptr<EC_Scalar_Data> EC_Scalar_Data_PC::clone() const {
30 return std::make_unique<EC_Scalar_Data_PC>(this->group(), this->value());
31}
32
33bool EC_Scalar_Data_PC::is_zero() const {
34 const auto& pcurve = this->group()->pcurve();
35 return pcurve.scalar_is_zero(m_v);
36}
37
38bool EC_Scalar_Data_PC::is_eq(const EC_Scalar_Data& other) const {
39 const auto& pcurve = group()->pcurve();
40 return pcurve.scalar_equal(m_v, checked_ref(other).m_v);
41}
42
43void EC_Scalar_Data_PC::assign(const EC_Scalar_Data& other) {
44 m_v = checked_ref(other).value();
45}
46
47void EC_Scalar_Data_PC::zeroize() {
48 m_v._zeroize();
49}
50
51void EC_Scalar_Data_PC::square_self() {
52 // TODO square in place
53 m_v = m_group->pcurve().scalar_square(m_v);
54}
55
56std::unique_ptr<EC_Scalar_Data> EC_Scalar_Data_PC::negate() const {
57 return std::make_unique<EC_Scalar_Data_PC>(m_group, m_group->pcurve().scalar_negate(m_v));
58}
59
60std::unique_ptr<EC_Scalar_Data> EC_Scalar_Data_PC::invert() const {
61 return std::make_unique<EC_Scalar_Data_PC>(m_group, m_group->pcurve().scalar_invert(m_v));
62}
63
64std::unique_ptr<EC_Scalar_Data> EC_Scalar_Data_PC::invert_vartime() const {
65 return std::make_unique<EC_Scalar_Data_PC>(m_group, m_group->pcurve().scalar_invert_vartime(m_v));
66}
67
68std::unique_ptr<EC_Scalar_Data> EC_Scalar_Data_PC::add(const EC_Scalar_Data& other) const {
69 return std::make_unique<EC_Scalar_Data_PC>(m_group, group()->pcurve().scalar_add(m_v, checked_ref(other).m_v));
70}
71
72std::unique_ptr<EC_Scalar_Data> EC_Scalar_Data_PC::sub(const EC_Scalar_Data& other) const {
73 return std::make_unique<EC_Scalar_Data_PC>(m_group, group()->pcurve().scalar_sub(m_v, checked_ref(other).m_v));
74}
75
76std::unique_ptr<EC_Scalar_Data> EC_Scalar_Data_PC::mul(const EC_Scalar_Data& other) const {
77 return std::make_unique<EC_Scalar_Data_PC>(m_group, group()->pcurve().scalar_mul(m_v, checked_ref(other).m_v));
78}
79
80void EC_Scalar_Data_PC::serialize_to(std::span<uint8_t> bytes) const {
81 BOTAN_ARG_CHECK(bytes.size() == m_group->order_bytes(), "Invalid output length");
82 m_group->pcurve().serialize_scalar(bytes, m_v);
83}
84
85EC_AffinePoint_Data_PC::EC_AffinePoint_Data_PC(std::shared_ptr<const EC_Group_Data> group,
86 PCurve::PrimeOrderCurve::AffinePoint pt) :
87 m_group(std::move(group)), m_pt(std::move(pt)) {
88 const auto& pcurve = m_group->pcurve();
89
90 if(!pcurve.affine_point_is_identity(m_pt)) {
91 m_xy.resize(1 + 2 * field_element_bytes());
92 pcurve.serialize_point(m_xy, m_pt);
93 }
94}
95
96const EC_AffinePoint_Data_PC& EC_AffinePoint_Data_PC::checked_ref(const EC_AffinePoint_Data& data) {
97 const auto* p = dynamic_cast<const EC_AffinePoint_Data_PC*>(&data);
98 if(p == nullptr) {
99 throw Invalid_State("Failed conversion to EC_AffinePoint_Data_PC");
100 }
101 return *p;
102}
103
104std::unique_ptr<EC_AffinePoint_Data> EC_AffinePoint_Data_PC::clone() const {
105 return std::make_unique<EC_AffinePoint_Data_PC>(m_group, m_pt);
106}
107
108const std::shared_ptr<const EC_Group_Data>& EC_AffinePoint_Data_PC::group() const {
109 return m_group;
110}
111
112std::unique_ptr<EC_AffinePoint_Data> EC_AffinePoint_Data_PC::mul(const EC_Scalar_Data& scalar,
113 RandomNumberGenerator& rng) const {
114 BOTAN_ARG_CHECK(scalar.group() == m_group, "Curve mismatch");
115 const auto& k = EC_Scalar_Data_PC::checked_ref(scalar).value();
116 const auto& pcurve = m_group->pcurve();
117 auto pt = pcurve.point_to_affine(pcurve.mul(m_pt, k, rng));
118 return std::make_unique<EC_AffinePoint_Data_PC>(m_group, std::move(pt));
119}
120
121secure_vector<uint8_t> EC_AffinePoint_Data_PC::mul_x_only(const EC_Scalar_Data& scalar,
122 RandomNumberGenerator& rng) const {
123 BOTAN_ARG_CHECK(scalar.group() == m_group, "Curve mismatch");
124 const auto& k = EC_Scalar_Data_PC::checked_ref(scalar).value();
125 return m_group->pcurve().mul_x_only(m_pt, k, rng);
126}
127
128size_t EC_AffinePoint_Data_PC::field_element_bytes() const {
129 return m_group->pcurve().field_element_bytes();
130}
131
132bool EC_AffinePoint_Data_PC::is_identity() const {
133 return m_xy.empty();
134}
135
136void EC_AffinePoint_Data_PC::serialize_x_to(std::span<uint8_t> bytes) const {
137 BOTAN_STATE_CHECK(!this->is_identity());
138 const size_t fe_bytes = this->field_element_bytes();
139 BOTAN_ARG_CHECK(bytes.size() == fe_bytes, "Invalid output size");
140 copy_mem(bytes, std::span{m_xy}.subspan(1, fe_bytes));
141}
142
143void EC_AffinePoint_Data_PC::serialize_y_to(std::span<uint8_t> bytes) const {
144 BOTAN_STATE_CHECK(!this->is_identity());
145 const size_t fe_bytes = this->field_element_bytes();
146 BOTAN_ARG_CHECK(bytes.size() == fe_bytes, "Invalid output size");
147 copy_mem(bytes, std::span{m_xy}.subspan(1 + fe_bytes, fe_bytes));
148}
149
150void EC_AffinePoint_Data_PC::serialize_xy_to(std::span<uint8_t> bytes) const {
151 BOTAN_STATE_CHECK(!this->is_identity());
152 const size_t fe_bytes = this->field_element_bytes();
153 BOTAN_ARG_CHECK(bytes.size() == 2 * fe_bytes, "Invalid output size");
154 copy_mem(bytes, std::span{m_xy}.last(2 * fe_bytes));
155}
156
157void EC_AffinePoint_Data_PC::serialize_compressed_to(std::span<uint8_t> bytes) const {
158 BOTAN_STATE_CHECK(!this->is_identity());
159 const size_t fe_bytes = this->field_element_bytes();
160 BOTAN_ARG_CHECK(bytes.size() == 1 + fe_bytes, "Invalid output size");
161 const bool y_is_odd = (m_xy.back() & 0x01) == 0x01;
162
163 BufferStuffer stuffer(bytes);
164 stuffer.append(y_is_odd ? 0x03 : 0x02);
165 this->serialize_x_to(stuffer.next(fe_bytes));
166}
167
168void EC_AffinePoint_Data_PC::serialize_uncompressed_to(std::span<uint8_t> bytes) const {
169 BOTAN_STATE_CHECK(!this->is_identity());
170 const size_t fe_bytes = this->field_element_bytes();
171 BOTAN_ARG_CHECK(bytes.size() == 1 + 2 * fe_bytes, "Invalid output size");
172 copy_mem(bytes, m_xy);
173}
174
175#if defined(BOTAN_HAS_LEGACY_EC_POINT)
176EC_Point EC_AffinePoint_Data_PC::to_legacy_point() const {
177 if(this->is_identity()) {
178 return EC_Point(m_group->curve());
179 } else {
180 const size_t fe_bytes = this->field_element_bytes();
181 return EC_Point(m_group->curve(),
182 BigInt::from_bytes(std::span{m_xy}.subspan(1, fe_bytes)),
183 BigInt::from_bytes(std::span{m_xy}.last(fe_bytes)));
184 }
185}
186#endif
187
188EC_Mul2Table_Data_PC::EC_Mul2Table_Data_PC(const EC_AffinePoint_Data& q) : m_group(q.group()) {
189 BOTAN_ARG_CHECK(q.group() == m_group, "Curve mismatch");
190
191 const auto& pt_q = EC_AffinePoint_Data_PC::checked_ref(q);
192
193 m_tbl = m_group->pcurve().mul2_setup_g(pt_q.value());
194}
195
196std::unique_ptr<EC_AffinePoint_Data> EC_Mul2Table_Data_PC::mul2_vartime(const EC_Scalar_Data& xd,
197 const EC_Scalar_Data& yd) const {
198 BOTAN_ARG_CHECK(xd.group() == m_group && yd.group() == m_group, "Curve mismatch");
199
200 const auto& x = EC_Scalar_Data_PC::checked_ref(xd);
201 const auto& y = EC_Scalar_Data_PC::checked_ref(yd);
202
203 const auto& pcurve = m_group->pcurve();
204
205 if(auto pt = pcurve.mul2_vartime(*m_tbl, x.value(), y.value())) {
206 return std::make_unique<EC_AffinePoint_Data_PC>(m_group, pcurve.point_to_affine(*pt));
207 } else {
208 return nullptr;
209 }
210}
211
212bool EC_Mul2Table_Data_PC::mul2_vartime_x_mod_order_eq(const EC_Scalar_Data& vd,
213 const EC_Scalar_Data& xd,
214 const EC_Scalar_Data& yd) const {
215 BOTAN_ARG_CHECK(xd.group() == m_group && yd.group() == m_group, "Curve mismatch");
216
217 const auto& v = EC_Scalar_Data_PC::checked_ref(vd);
218 const auto& x = EC_Scalar_Data_PC::checked_ref(xd);
219 const auto& y = EC_Scalar_Data_PC::checked_ref(yd);
220
221 return m_group->pcurve().mul2_vartime_x_mod_order_eq(*m_tbl, v.value(), x.value(), y.value());
222}
223
224} // namespace Botan
BOTAN_STATE_CHECK
#define BOTAN_STATE_CHECK(expr)
Definition assert.h:49
BOTAN_ARG_CHECK
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:33
Botan::BigInt::from_bytes
static BigInt from_bytes(std::span< const uint8_t > bytes)
Definition bigint.cpp:87
Botan::BufferStuffer
Helper class to ease in-place marshalling of concatenated fixed-length values.
Definition stl_util.h:134
Botan::BufferStuffer::append
constexpr void append(std::span< const uint8_t > buffer)
Definition stl_util.h:169
Botan::BufferStuffer::next
constexpr std::span< uint8_t > next(size_t bytes)
Definition stl_util.h:142
Botan::EC_AffinePoint_Data_PC::mul
std::unique_ptr< EC_AffinePoint_Data > mul(const EC_Scalar_Data &scalar, RandomNumberGenerator &rng) const override
Definition ec_inner_pc.cpp:112
Botan::EC_AffinePoint_Data_PC::field_element_bytes
size_t field_element_bytes() const override
Definition ec_inner_pc.cpp:128
Botan::EC_AffinePoint_Data_PC::mul_x_only
secure_vector< uint8_t > mul_x_only(const EC_Scalar_Data &scalar, RandomNumberGenerator &rng) const override
Definition ec_inner_pc.cpp:121
Botan::EC_AffinePoint_Data_PC::serialize_uncompressed_to
void serialize_uncompressed_to(std::span< uint8_t > bytes) const override
Definition ec_inner_pc.cpp:168
Botan::EC_AffinePoint_Data_PC::serialize_xy_to
void serialize_xy_to(std::span< uint8_t > bytes) const override
Definition ec_inner_pc.cpp:150
Botan::EC_AffinePoint_Data_PC::clone
std::unique_ptr< EC_AffinePoint_Data > clone() const override
Definition ec_inner_pc.cpp:104
Botan::EC_AffinePoint_Data_PC::group
const std::shared_ptr< const EC_Group_Data > & group() const override
Definition ec_inner_pc.cpp:108
Botan::EC_AffinePoint_Data_PC::EC_AffinePoint_Data_PC
EC_AffinePoint_Data_PC(std::shared_ptr< const EC_Group_Data > group, PCurve::PrimeOrderCurve::AffinePoint pt)
Definition ec_inner_pc.cpp:85
Botan::EC_AffinePoint_Data_PC::is_identity
bool is_identity() const override
Definition ec_inner_pc.cpp:132
Botan::EC_AffinePoint_Data_PC::serialize_x_to
void serialize_x_to(std::span< uint8_t > bytes) const override
Definition ec_inner_pc.cpp:136
Botan::EC_AffinePoint_Data_PC::serialize_y_to
void serialize_y_to(std::span< uint8_t > bytes) const override
Definition ec_inner_pc.cpp:143
Botan::EC_AffinePoint_Data_PC::checked_ref
static const EC_AffinePoint_Data_PC & checked_ref(const EC_AffinePoint_Data &data)
Definition ec_inner_pc.cpp:96
Botan::EC_AffinePoint_Data_PC::serialize_compressed_to
void serialize_compressed_to(std::span< uint8_t > bytes) const override
Definition ec_inner_pc.cpp:157
Botan::EC_AffinePoint_Data
Definition ec_inner_data.h:72
Botan::EC_AffinePoint_Data::group
virtual const std::shared_ptr< const EC_Group_Data > & group() const =0
Botan::EC_Mul2Table_Data_PC::mul2_vartime_x_mod_order_eq
bool mul2_vartime_x_mod_order_eq(const EC_Scalar_Data &v, const EC_Scalar_Data &x, const EC_Scalar_Data &y) const override
Definition ec_inner_pc.cpp:212
Botan::EC_Mul2Table_Data_PC::EC_Mul2Table_Data_PC
EC_Mul2Table_Data_PC(const EC_AffinePoint_Data &q)
Definition ec_inner_pc.cpp:188
Botan::EC_Mul2Table_Data_PC::mul2_vartime
std::unique_ptr< EC_AffinePoint_Data > mul2_vartime(const EC_Scalar_Data &x, const EC_Scalar_Data &y) const override
Definition ec_inner_pc.cpp:196
Botan::EC_Point
Definition ec_point.h:33
Botan::EC_Scalar_Data_PC::serialize_to
void serialize_to(std::span< uint8_t > bytes) const override
Definition ec_inner_pc.cpp:80
Botan::EC_Scalar_Data_PC::invert
std::unique_ptr< EC_Scalar_Data > invert() const override
Definition ec_inner_pc.cpp:60
Botan::EC_Scalar_Data_PC::assign
void assign(const EC_Scalar_Data &y) override
Definition ec_inner_pc.cpp:43
Botan::EC_Scalar_Data_PC::bytes
size_t bytes() const override
Definition ec_inner_pc.cpp:25
Botan::EC_Scalar_Data_PC::checked_ref
static const EC_Scalar_Data_PC & checked_ref(const EC_Scalar_Data &data)
Definition ec_inner_pc.cpp:13
Botan::EC_Scalar_Data_PC::sub
std::unique_ptr< EC_Scalar_Data > sub(const EC_Scalar_Data &other) const override
Definition ec_inner_pc.cpp:72
Botan::EC_Scalar_Data_PC::is_eq
bool is_eq(const EC_Scalar_Data &y) const override
Definition ec_inner_pc.cpp:38
Botan::EC_Scalar_Data_PC::square_self
void square_self() override
Definition ec_inner_pc.cpp:51
Botan::EC_Scalar_Data_PC::clone
std::unique_ptr< EC_Scalar_Data > clone() const override
Definition ec_inner_pc.cpp:29
Botan::EC_Scalar_Data_PC::EC_Scalar_Data_PC
EC_Scalar_Data_PC(std::shared_ptr< const EC_Group_Data > group, PCurve::PrimeOrderCurve::Scalar v)
Definition ec_inner_pc.h:18
Botan::EC_Scalar_Data_PC::mul
std::unique_ptr< EC_Scalar_Data > mul(const EC_Scalar_Data &other) const override
Definition ec_inner_pc.cpp:76
Botan::EC_Scalar_Data_PC::group
const std::shared_ptr< const EC_Group_Data > & group() const override
Definition ec_inner_pc.cpp:21
Botan::EC_Scalar_Data_PC::negate
std::unique_ptr< EC_Scalar_Data > negate() const override
Definition ec_inner_pc.cpp:56
Botan::EC_Scalar_Data_PC::is_zero
bool is_zero() const override
Definition ec_inner_pc.cpp:33
Botan::EC_Scalar_Data_PC::zeroize
void zeroize() override
Definition ec_inner_pc.cpp:47
Botan::EC_Scalar_Data_PC::add
std::unique_ptr< EC_Scalar_Data > add(const EC_Scalar_Data &other) const override
Definition ec_inner_pc.cpp:68
Botan::EC_Scalar_Data_PC::invert_vartime
std::unique_ptr< EC_Scalar_Data > invert_vartime() const override
Definition ec_inner_pc.cpp:64
Botan::EC_Scalar_Data_PC::value
const auto & value() const
Definition ec_inner_pc.h:53
Botan::EC_Scalar_Data
Definition ec_inner_data.h:37
Botan::EC_Scalar_Data::group
virtual const std::shared_ptr< const EC_Group_Data > & group() const =0
Botan::Invalid_State
Definition exceptn.h:206
Botan::copy_mem
constexpr void copy_mem(T *out, const T *in, size_t n)
Definition mem_ops.h:145
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:69
Generated by doxygen 1.14.0