Botan 3.6.0
Crypto and TLS for C&
ec_inner_pc.cpp
Go to the documentation of this file.
1/*
2* (C) 2024 Jack Lloyd
3*
4* Botan is released under the Simplified BSD License (see license.txt)
5*/
6
7#include <botan/internal/ec_inner_pc.h>
8
9namespace Botan {
10
11namespace {
12
13PCurve::PrimeOrderCurve::AffinePoint deserialize_pcurve_pt(const PCurve::PrimeOrderCurve& curve,
14 std::span<const uint8_t> bytes) {
15 if(auto pt = curve.deserialize_point(bytes)) {
16 return *pt;
17 } else {
18 throw Decoding_Error("Invalid elliptic curve point encoding");
19 }
20}
21
22} // namespace
23
24const EC_Scalar_Data_PC& EC_Scalar_Data_PC::checked_ref(const EC_Scalar_Data& data) {
25 const auto* p = dynamic_cast<const EC_Scalar_Data_PC*>(&data);
26 if(!p) {
27 throw Invalid_State("Failed conversion to EC_Scalar_Data_PC");
28 }
29 return *p;
30}
31
32const std::shared_ptr<const EC_Group_Data>& EC_Scalar_Data_PC::group() const {
33 return m_group;
34}
35
36size_t EC_Scalar_Data_PC::bytes() const {
37 return this->group()->order_bytes();
38}
39
40std::unique_ptr<EC_Scalar_Data> EC_Scalar_Data_PC::clone() const {
41 return std::make_unique<EC_Scalar_Data_PC>(this->group(), this->value());
42}
43
44bool EC_Scalar_Data_PC::is_zero() const {
45 return this->value().is_zero();
46}
47
48bool EC_Scalar_Data_PC::is_eq(const EC_Scalar_Data& other) const {
49 return (value() == checked_ref(other).value());
50}
51
52void EC_Scalar_Data_PC::assign(const EC_Scalar_Data& other) {
53 m_v = checked_ref(other).value();
54}
55
56void EC_Scalar_Data_PC::square_self() {
57 // TODO square in place
58 m_v = m_v.square();
59}
60
61std::unique_ptr<EC_Scalar_Data> EC_Scalar_Data_PC::negate() const {
62 return std::make_unique<EC_Scalar_Data_PC>(m_group, m_v.negate());
63}
64
65std::unique_ptr<EC_Scalar_Data> EC_Scalar_Data_PC::invert() const {
66 return std::make_unique<EC_Scalar_Data_PC>(m_group, m_v.invert());
67}
68
69std::unique_ptr<EC_Scalar_Data> EC_Scalar_Data_PC::add(const EC_Scalar_Data& other) const {
70 return std::make_unique<EC_Scalar_Data_PC>(m_group, m_v + checked_ref(other).value());
71}
72
73std::unique_ptr<EC_Scalar_Data> EC_Scalar_Data_PC::sub(const EC_Scalar_Data& other) const {
74 return std::make_unique<EC_Scalar_Data_PC>(m_group, m_v - checked_ref(other).value());
75}
76
77std::unique_ptr<EC_Scalar_Data> EC_Scalar_Data_PC::mul(const EC_Scalar_Data& other) const {
78 return std::make_unique<EC_Scalar_Data_PC>(m_group, m_v * checked_ref(other).value());
79}
80
81void EC_Scalar_Data_PC::serialize_to(std::span<uint8_t> bytes) const {
82 BOTAN_ARG_CHECK(bytes.size() == m_group->order_bytes(), "Invalid output length");
83 m_group->pcurve().serialize_scalar(bytes, m_v);
84}
85
86EC_AffinePoint_Data_PC::EC_AffinePoint_Data_PC(std::shared_ptr<const EC_Group_Data> group,
87 PCurve::PrimeOrderCurve::AffinePoint pt) :
88 m_group(std::move(group)), m_pt(std::move(pt)) {
89 if(!m_pt.is_identity()) {
90 m_xy = m_pt.serialize<secure_vector<uint8_t>>();
91 BOTAN_ASSERT_NOMSG(m_xy.size() == 1 + 2 * field_element_bytes());
92 }
93}
94
95EC_AffinePoint_Data_PC::EC_AffinePoint_Data_PC(std::shared_ptr<const EC_Group_Data> group,
96 std::span<const uint8_t> bytes) :
97 m_group(std::move(group)), m_pt(deserialize_pcurve_pt(m_group->pcurve(), bytes)) {
98 if(!m_pt.is_identity()) {
99 m_xy = m_pt.serialize<secure_vector<uint8_t>>();
100 BOTAN_ASSERT_NOMSG(m_xy.size() == 1 + 2 * field_element_bytes());
101 }
102}
103
104const EC_AffinePoint_Data_PC& EC_AffinePoint_Data_PC::checked_ref(const EC_AffinePoint_Data& data) {
105 const auto* p = dynamic_cast<const EC_AffinePoint_Data_PC*>(&data);
106 if(!p) {
107 throw Invalid_State("Failed conversion to EC_AffinePoint_Data_PC");
108 }
109 return *p;
110}
111
112std::unique_ptr<EC_AffinePoint_Data> EC_AffinePoint_Data_PC::clone() const {
113 return std::make_unique<EC_AffinePoint_Data_PC>(m_group, m_pt);
114}
115
116const std::shared_ptr<const EC_Group_Data>& EC_AffinePoint_Data_PC::group() const {
117 return m_group;
118}
119
120std::unique_ptr<EC_AffinePoint_Data> EC_AffinePoint_Data_PC::mul(const EC_Scalar_Data& scalar,
121 RandomNumberGenerator& rng,
122 std::vector<BigInt>& ws) const {
123 BOTAN_UNUSED(ws);
124
125 BOTAN_ARG_CHECK(scalar.group() == m_group, "Curve mismatch");
126 const auto& k = EC_Scalar_Data_PC::checked_ref(scalar).value();
127 auto pt = m_group->pcurve().mul(m_pt, k, rng).to_affine();
128 return std::make_unique<EC_AffinePoint_Data_PC>(m_group, std::move(pt));
129}
130
131size_t EC_AffinePoint_Data_PC::field_element_bytes() const {
132 return m_group->pcurve().field_element_bytes();
133}
134
135bool EC_AffinePoint_Data_PC::is_identity() const {
136 return m_xy.empty();
137}
138
139void EC_AffinePoint_Data_PC::serialize_x_to(std::span<uint8_t> bytes) const {
140 BOTAN_STATE_CHECK(!this->is_identity());
141 const size_t fe_bytes = this->field_element_bytes();
142 BOTAN_ARG_CHECK(bytes.size() == fe_bytes, "Invalid output size");
143 copy_mem(bytes, std::span{m_xy}.subspan(1, fe_bytes));
144}
145
146void EC_AffinePoint_Data_PC::serialize_y_to(std::span<uint8_t> bytes) const {
147 BOTAN_STATE_CHECK(!this->is_identity());
148 const size_t fe_bytes = this->field_element_bytes();
149 BOTAN_ARG_CHECK(bytes.size() == fe_bytes, "Invalid output size");
150 copy_mem(bytes, std::span{m_xy}.subspan(1 + fe_bytes, fe_bytes));
151}
152
153void EC_AffinePoint_Data_PC::serialize_xy_to(std::span<uint8_t> bytes) const {
154 BOTAN_STATE_CHECK(!this->is_identity());
155 const size_t fe_bytes = this->field_element_bytes();
156 BOTAN_ARG_CHECK(bytes.size() == 2 * fe_bytes, "Invalid output size");
157 copy_mem(bytes, std::span{m_xy}.last(2 * fe_bytes));
158}
159
160void EC_AffinePoint_Data_PC::serialize_compressed_to(std::span<uint8_t> bytes) const {
161 BOTAN_STATE_CHECK(!this->is_identity());
162 const size_t fe_bytes = this->field_element_bytes();
163 BOTAN_ARG_CHECK(bytes.size() == 1 + fe_bytes, "Invalid output size");
164 const bool y_is_odd = (m_xy.back() & 0x01) == 0x01;
165
166 BufferStuffer stuffer(bytes);
167 stuffer.append(y_is_odd ? 0x03 : 0x02);
168 this->serialize_x_to(stuffer.next(fe_bytes));
169}
170
171void EC_AffinePoint_Data_PC::serialize_uncompressed_to(std::span<uint8_t> bytes) const {
172 BOTAN_STATE_CHECK(!this->is_identity());
173 const size_t fe_bytes = this->field_element_bytes();
174 BOTAN_ARG_CHECK(bytes.size() == 1 + 2 * fe_bytes, "Invalid output size");
175 copy_mem(bytes, m_xy);
176}
177
178EC_Point EC_AffinePoint_Data_PC::to_legacy_point() const {
179 if(this->is_identity()) {
180 return EC_Point(m_group->curve());
181 } else {
182 const size_t fe_bytes = this->field_element_bytes();
183 return EC_Point(m_group->curve(),
184 BigInt::from_bytes(std::span{m_xy}.subspan(1, fe_bytes)),
185 BigInt::from_bytes(std::span{m_xy}.last(fe_bytes)));
186 }
187}
188
189EC_Mul2Table_Data_PC::EC_Mul2Table_Data_PC(const EC_AffinePoint_Data& g, const EC_AffinePoint_Data& h) :
190 m_group(g.group()) {
191 BOTAN_ARG_CHECK(h.group() == m_group, "Curve mismatch");
192
193 const auto& pt_g = EC_AffinePoint_Data_PC::checked_ref(g);
194 const auto& pt_h = EC_AffinePoint_Data_PC::checked_ref(h);
195
196 m_tbl = m_group->pcurve().mul2_setup(pt_g.value(), pt_h.value());
197}
198
199std::unique_ptr<EC_AffinePoint_Data> EC_Mul2Table_Data_PC::mul2_vartime(const EC_Scalar_Data& xd,
200 const EC_Scalar_Data& yd) const {
201 BOTAN_ARG_CHECK(xd.group() == m_group && yd.group() == m_group, "Curve mismatch");
202
203 const auto& x = EC_Scalar_Data_PC::checked_ref(xd);
204 const auto& y = EC_Scalar_Data_PC::checked_ref(yd);
205
206 if(auto pt = m_group->pcurve().mul2_vartime(*m_tbl, x.value(), y.value())) {
207 return std::make_unique<EC_AffinePoint_Data_PC>(m_group, pt->to_affine());
208 } else {
209 return nullptr;
210 }
211}
212
213bool EC_Mul2Table_Data_PC::mul2_vartime_x_mod_order_eq(const EC_Scalar_Data& vd,
214 const EC_Scalar_Data& xd,
215 const EC_Scalar_Data& yd) const {
216 BOTAN_ARG_CHECK(xd.group() == m_group && yd.group() == m_group, "Curve mismatch");
217
218 const auto& v = EC_Scalar_Data_PC::checked_ref(vd);
219 const auto& x = EC_Scalar_Data_PC::checked_ref(xd);
220 const auto& y = EC_Scalar_Data_PC::checked_ref(yd);
221
222 return m_group->pcurve().mul2_vartime_x_mod_order_eq(*m_tbl, v.value(), x.value(), y.value());
223}
224
225} // namespace Botan
BOTAN_UNUSED
#define BOTAN_UNUSED
Definition assert.h:118
BOTAN_STATE_CHECK
#define BOTAN_STATE_CHECK(expr)
Definition assert.h:41
BOTAN_ARG_CHECK
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:29
Botan::BigInt::from_bytes
static BigInt from_bytes(std::span< const uint8_t > bytes)
Definition bigint.cpp:95
Botan::BufferStuffer
Helper class to ease in-place marshalling of concatenated fixed-length values.
Definition stl_util.h:142
Botan::BufferStuffer::append
constexpr void append(std::span< const uint8_t > buffer)
Definition stl_util.h:177
Botan::BufferStuffer::next
constexpr std::span< uint8_t > next(size_t bytes)
Definition stl_util.h:150
Botan::EC_AffinePoint_Data_PC
Definition ec_inner_pc.h:56
Botan::EC_AffinePoint_Data_PC::field_element_bytes
size_t field_element_bytes() const override
Definition ec_inner_pc.cpp:131
Botan::EC_AffinePoint_Data_PC::serialize_uncompressed_to
void serialize_uncompressed_to(std::span< uint8_t > bytes) const override
Definition ec_inner_pc.cpp:171
Botan::EC_AffinePoint_Data_PC::serialize_xy_to
void serialize_xy_to(std::span< uint8_t > bytes) const override
Definition ec_inner_pc.cpp:153
Botan::EC_AffinePoint_Data_PC::mul
std::unique_ptr< EC_AffinePoint_Data > mul(const EC_Scalar_Data &scalar, RandomNumberGenerator &rng, std::vector< BigInt > &ws) const override
Definition ec_inner_pc.cpp:120
Botan::EC_AffinePoint_Data_PC::clone
std::unique_ptr< EC_AffinePoint_Data > clone() const override
Definition ec_inner_pc.cpp:112
Botan::EC_AffinePoint_Data_PC::group
const std::shared_ptr< const EC_Group_Data > & group() const override
Definition ec_inner_pc.cpp:116
Botan::EC_AffinePoint_Data_PC::EC_AffinePoint_Data_PC
EC_AffinePoint_Data_PC(std::shared_ptr< const EC_Group_Data > group, PCurve::PrimeOrderCurve::AffinePoint pt)
Definition ec_inner_pc.cpp:86
Botan::EC_AffinePoint_Data_PC::to_legacy_point
EC_Point to_legacy_point() const override
Definition ec_inner_pc.cpp:178
Botan::EC_AffinePoint_Data_PC::is_identity
bool is_identity() const override
Definition ec_inner_pc.cpp:135
Botan::EC_AffinePoint_Data_PC::serialize_x_to
void serialize_x_to(std::span< uint8_t > bytes) const override
Definition ec_inner_pc.cpp:139
Botan::EC_AffinePoint_Data_PC::serialize_y_to
void serialize_y_to(std::span< uint8_t > bytes) const override
Definition ec_inner_pc.cpp:146
Botan::EC_AffinePoint_Data_PC::checked_ref
static const EC_AffinePoint_Data_PC & checked_ref(const EC_AffinePoint_Data &data)
Definition ec_inner_pc.cpp:104
Botan::EC_AffinePoint_Data_PC::serialize_compressed_to
void serialize_compressed_to(std::span< uint8_t > bytes) const override
Definition ec_inner_pc.cpp:160
Botan::EC_AffinePoint_Data
Definition ec_inner_data.h:62
Botan::EC_AffinePoint_Data::group
virtual const std::shared_ptr< const EC_Group_Data > & group() const =0
Botan::EC_Mul2Table_Data_PC::mul2_vartime_x_mod_order_eq
bool mul2_vartime_x_mod_order_eq(const EC_Scalar_Data &v, const EC_Scalar_Data &x, const EC_Scalar_Data &y) const override
Definition ec_inner_pc.cpp:213
Botan::EC_Mul2Table_Data_PC::EC_Mul2Table_Data_PC
EC_Mul2Table_Data_PC(const EC_AffinePoint_Data &g, const EC_AffinePoint_Data &h)
Definition ec_inner_pc.cpp:189
Botan::EC_Mul2Table_Data_PC::mul2_vartime
std::unique_ptr< EC_AffinePoint_Data > mul2_vartime(const EC_Scalar_Data &x, const EC_Scalar_Data &y) const override
Definition ec_inner_pc.cpp:199
Botan::EC_Point
Definition ec_point.h:37
Botan::EC_Scalar_Data_PC
Definition ec_inner_pc.h:16
Botan::EC_Scalar_Data_PC::serialize_to
void serialize_to(std::span< uint8_t > bytes) const override
Definition ec_inner_pc.cpp:81
Botan::EC_Scalar_Data_PC::invert
std::unique_ptr< EC_Scalar_Data > invert() const override
Definition ec_inner_pc.cpp:65
Botan::EC_Scalar_Data_PC::assign
void assign(const EC_Scalar_Data &y) override
Definition ec_inner_pc.cpp:52
Botan::EC_Scalar_Data_PC::bytes
size_t bytes() const override
Definition ec_inner_pc.cpp:36
Botan::EC_Scalar_Data_PC::checked_ref
static const EC_Scalar_Data_PC & checked_ref(const EC_Scalar_Data &data)
Definition ec_inner_pc.cpp:24
Botan::EC_Scalar_Data_PC::sub
std::unique_ptr< EC_Scalar_Data > sub(const EC_Scalar_Data &other) const override
Definition ec_inner_pc.cpp:73
Botan::EC_Scalar_Data_PC::is_eq
bool is_eq(const EC_Scalar_Data &y) const override
Definition ec_inner_pc.cpp:48
Botan::EC_Scalar_Data_PC::square_self
void square_self() override
Definition ec_inner_pc.cpp:56
Botan::EC_Scalar_Data_PC::clone
std::unique_ptr< EC_Scalar_Data > clone() const override
Definition ec_inner_pc.cpp:40
Botan::EC_Scalar_Data_PC::mul
std::unique_ptr< EC_Scalar_Data > mul(const EC_Scalar_Data &other) const override
Definition ec_inner_pc.cpp:77
Botan::EC_Scalar_Data_PC::group
const std::shared_ptr< const EC_Group_Data > & group() const override
Definition ec_inner_pc.cpp:32
Botan::EC_Scalar_Data_PC::negate
std::unique_ptr< EC_Scalar_Data > negate() const override
Definition ec_inner_pc.cpp:61
Botan::EC_Scalar_Data_PC::is_zero
bool is_zero() const override
Definition ec_inner_pc.cpp:44
Botan::EC_Scalar_Data_PC::add
std::unique_ptr< EC_Scalar_Data > add(const EC_Scalar_Data &other) const override
Definition ec_inner_pc.cpp:69
Botan::EC_Scalar_Data_PC::value
const auto & value() const
Definition ec_inner_pc.h:49
Botan::EC_Scalar_Data
Definition ec_inner_data.h:31
Botan::EC_Scalar_Data::group
virtual const std::shared_ptr< const EC_Group_Data > & group() const =0
Botan::Invalid_State
Definition exceptn.h:206
Botan::copy_mem
constexpr void copy_mem(T *out, const T *in, size_t n)
Definition mem_ops.h:146
Generated by doxygen 1.12.0