Botan 3.11.0
Crypto and TLS for C&
ec_inner_pc.cpp
Go to the documentation of this file.
1/*
2* (C) 2024 Jack Lloyd
3*
4* Botan is released under the Simplified BSD License (see license.txt)
5*/
6
7#include <botan/internal/ec_inner_pc.h>
8
9#include <botan/mem_ops.h>
10#include <botan/internal/buffer_stuffer.h>
11
12namespace Botan {
13
14const EC_Scalar_Data_PC& EC_Scalar_Data_PC::checked_ref(const EC_Scalar_Data& data) {
15 const auto* p = dynamic_cast<const EC_Scalar_Data_PC*>(&data);
16 if(p == nullptr) {
17 throw Invalid_State("Failed conversion to EC_Scalar_Data_PC");
18 }
19 return *p;
20}
21
22const std::shared_ptr<const EC_Group_Data>& EC_Scalar_Data_PC::group() const {
23 return m_group;
24}
25
26size_t EC_Scalar_Data_PC::bytes() const {
27 return this->group()->order_bytes();
28}
29
30std::unique_ptr<EC_Scalar_Data> EC_Scalar_Data_PC::clone() const {
31 return std::make_unique<EC_Scalar_Data_PC>(this->group(), this->value());
32}
33
34bool EC_Scalar_Data_PC::is_zero() const {
35 const auto& pcurve = this->group()->pcurve();
36 return pcurve.scalar_is_zero(m_v);
37}
38
39bool EC_Scalar_Data_PC::is_eq(const EC_Scalar_Data& other) const {
40 const auto& pcurve = group()->pcurve();
41 return pcurve.scalar_equal(m_v, checked_ref(other).m_v);
42}
43
44void EC_Scalar_Data_PC::assign(const EC_Scalar_Data& other) {
45 m_v = checked_ref(other).value();
46}
47
48void EC_Scalar_Data_PC::zeroize() {
49 m_v._zeroize();
50}
51
52void EC_Scalar_Data_PC::square_self() {
53 // TODO square in place
54 m_v = m_group->pcurve().scalar_square(m_v);
55}
56
57std::unique_ptr<EC_Scalar_Data> EC_Scalar_Data_PC::negate() const {
58 return std::make_unique<EC_Scalar_Data_PC>(m_group, m_group->pcurve().scalar_negate(m_v));
59}
60
61std::unique_ptr<EC_Scalar_Data> EC_Scalar_Data_PC::invert() const {
62 return std::make_unique<EC_Scalar_Data_PC>(m_group, m_group->pcurve().scalar_invert(m_v));
63}
64
65std::unique_ptr<EC_Scalar_Data> EC_Scalar_Data_PC::invert_vartime() const {
66 return std::make_unique<EC_Scalar_Data_PC>(m_group, m_group->pcurve().scalar_invert_vartime(m_v));
67}
68
69std::unique_ptr<EC_Scalar_Data> EC_Scalar_Data_PC::add(const EC_Scalar_Data& other) const {
70 return std::make_unique<EC_Scalar_Data_PC>(m_group, group()->pcurve().scalar_add(m_v, checked_ref(other).m_v));
71}
72
73std::unique_ptr<EC_Scalar_Data> EC_Scalar_Data_PC::sub(const EC_Scalar_Data& other) const {
74 return std::make_unique<EC_Scalar_Data_PC>(m_group, group()->pcurve().scalar_sub(m_v, checked_ref(other).m_v));
75}
76
77std::unique_ptr<EC_Scalar_Data> EC_Scalar_Data_PC::mul(const EC_Scalar_Data& other) const {
78 return std::make_unique<EC_Scalar_Data_PC>(m_group, group()->pcurve().scalar_mul(m_v, checked_ref(other).m_v));
79}
80
81void EC_Scalar_Data_PC::serialize_to(std::span<uint8_t> bytes) const {
82 BOTAN_ARG_CHECK(bytes.size() == m_group->order_bytes(), "Invalid output length");
83 m_group->pcurve().serialize_scalar(bytes, m_v);
84}
85
86EC_AffinePoint_Data_PC::EC_AffinePoint_Data_PC(std::shared_ptr<const EC_Group_Data> group,
87 PCurve::PrimeOrderCurve::AffinePoint pt) :
88 m_group(std::move(group)), m_pt(std::move(pt)) {
89 const auto& pcurve = m_group->pcurve();
90
91 if(!pcurve.affine_point_is_identity(m_pt)) {
92 m_xy.resize(1 + 2 * field_element_bytes());
93 pcurve.serialize_point(m_xy, m_pt);
94 }
95}
96
97const EC_AffinePoint_Data_PC& EC_AffinePoint_Data_PC::checked_ref(const EC_AffinePoint_Data& data) {
98 const auto* p = dynamic_cast<const EC_AffinePoint_Data_PC*>(&data);
99 if(p == nullptr) {
100 throw Invalid_State("Failed conversion to EC_AffinePoint_Data_PC");
101 }
102 return *p;
103}
104
105std::unique_ptr<EC_AffinePoint_Data> EC_AffinePoint_Data_PC::clone() const {
106 return std::make_unique<EC_AffinePoint_Data_PC>(m_group, m_pt);
107}
108
109const std::shared_ptr<const EC_Group_Data>& EC_AffinePoint_Data_PC::group() const {
110 return m_group;
111}
112
113std::unique_ptr<EC_AffinePoint_Data> EC_AffinePoint_Data_PC::mul(const EC_Scalar_Data& scalar,
114 RandomNumberGenerator& rng) const {
115 BOTAN_ARG_CHECK(scalar.group() == m_group, "Curve mismatch");
116 const auto& k = EC_Scalar_Data_PC::checked_ref(scalar).value();
117 const auto& pcurve = m_group->pcurve();
118 auto pt = pcurve.point_to_affine(pcurve.mul(m_pt, k, rng));
119 return std::make_unique<EC_AffinePoint_Data_PC>(m_group, std::move(pt));
120}
121
122secure_vector<uint8_t> EC_AffinePoint_Data_PC::mul_x_only(const EC_Scalar_Data& scalar,
123 RandomNumberGenerator& rng) const {
124 BOTAN_ARG_CHECK(scalar.group() == m_group, "Curve mismatch");
125 const auto& k = EC_Scalar_Data_PC::checked_ref(scalar).value();
126 return m_group->pcurve().mul_x_only(m_pt, k, rng);
127}
128
129size_t EC_AffinePoint_Data_PC::field_element_bytes() const {
130 return m_group->pcurve().field_element_bytes();
131}
132
133bool EC_AffinePoint_Data_PC::is_identity() const {
134 return m_xy.empty();
135}
136
137void EC_AffinePoint_Data_PC::serialize_x_to(std::span<uint8_t> bytes) const {
138 BOTAN_STATE_CHECK(!this->is_identity());
139 const size_t fe_bytes = this->field_element_bytes();
140 BOTAN_ARG_CHECK(bytes.size() == fe_bytes, "Invalid output size");
141 copy_mem(bytes, std::span{m_xy}.subspan(1, fe_bytes));
142}
143
144void EC_AffinePoint_Data_PC::serialize_y_to(std::span<uint8_t> bytes) const {
145 BOTAN_STATE_CHECK(!this->is_identity());
146 const size_t fe_bytes = this->field_element_bytes();
147 BOTAN_ARG_CHECK(bytes.size() == fe_bytes, "Invalid output size");
148 copy_mem(bytes, std::span{m_xy}.subspan(1 + fe_bytes, fe_bytes));
149}
150
151void EC_AffinePoint_Data_PC::serialize_xy_to(std::span<uint8_t> bytes) const {
152 BOTAN_STATE_CHECK(!this->is_identity());
153 const size_t fe_bytes = this->field_element_bytes();
154 BOTAN_ARG_CHECK(bytes.size() == 2 * fe_bytes, "Invalid output size");
155 copy_mem(bytes, std::span{m_xy}.last(2 * fe_bytes));
156}
157
158void EC_AffinePoint_Data_PC::serialize_compressed_to(std::span<uint8_t> bytes) const {
159 BOTAN_STATE_CHECK(!this->is_identity());
160 const size_t fe_bytes = this->field_element_bytes();
161 BOTAN_ARG_CHECK(bytes.size() == 1 + fe_bytes, "Invalid output size");
162 const bool y_is_odd = (m_xy.back() & 0x01) == 0x01;
163
164 BufferStuffer stuffer(bytes);
165 stuffer.append(y_is_odd ? 0x03 : 0x02);
166 this->serialize_x_to(stuffer.next(fe_bytes));
167}
168
169void EC_AffinePoint_Data_PC::serialize_uncompressed_to(std::span<uint8_t> bytes) const {
170 BOTAN_STATE_CHECK(!this->is_identity());
171 const size_t fe_bytes = this->field_element_bytes();
172 BOTAN_ARG_CHECK(bytes.size() == 1 + 2 * fe_bytes, "Invalid output size");
173 copy_mem(bytes, m_xy);
174}
175
176#if defined(BOTAN_HAS_LEGACY_EC_POINT)
177EC_Point EC_AffinePoint_Data_PC::to_legacy_point() const {
178 if(this->is_identity()) {
179 return EC_Point(m_group->curve());
180 } else {
181 const size_t fe_bytes = this->field_element_bytes();
182 return EC_Point(m_group->curve(),
183 BigInt::from_bytes(std::span{m_xy}.subspan(1, fe_bytes)),
184 BigInt::from_bytes(std::span{m_xy}.last(fe_bytes)));
185 }
186}
187#endif
188
189EC_Mul2Table_Data_PC::EC_Mul2Table_Data_PC(const EC_AffinePoint_Data& q) : m_group(q.group()) {
190 BOTAN_ARG_CHECK(q.group() == m_group, "Curve mismatch");
191
192 const auto& pt_q = EC_AffinePoint_Data_PC::checked_ref(q);
193
194 m_tbl = m_group->pcurve().mul2_setup_g(pt_q.value());
195}
196
197std::unique_ptr<EC_AffinePoint_Data> EC_Mul2Table_Data_PC::mul2_vartime(const EC_Scalar_Data& xd,
198 const EC_Scalar_Data& yd) const {
199 BOTAN_ARG_CHECK(xd.group() == m_group && yd.group() == m_group, "Curve mismatch");
200
201 const auto& x = EC_Scalar_Data_PC::checked_ref(xd);
202 const auto& y = EC_Scalar_Data_PC::checked_ref(yd);
203
204 const auto& pcurve = m_group->pcurve();
205
206 if(auto pt = pcurve.mul2_vartime(*m_tbl, x.value(), y.value())) {
207 return std::make_unique<EC_AffinePoint_Data_PC>(m_group, pcurve.point_to_affine(*pt));
208 } else {
209 return nullptr;
210 }
211}
212
213bool EC_Mul2Table_Data_PC::mul2_vartime_x_mod_order_eq(const EC_Scalar_Data& vd,
214 const EC_Scalar_Data& xd,
215 const EC_Scalar_Data& yd) const {
216 BOTAN_ARG_CHECK(xd.group() == m_group && yd.group() == m_group, "Curve mismatch");
217
218 const auto& v = EC_Scalar_Data_PC::checked_ref(vd);
219 const auto& x = EC_Scalar_Data_PC::checked_ref(xd);
220 const auto& y = EC_Scalar_Data_PC::checked_ref(yd);
221
222 return m_group->pcurve().mul2_vartime_x_mod_order_eq(*m_tbl, v.value(), x.value(), y.value());
223}
224
225} // namespace Botan
BOTAN_STATE_CHECK
#define BOTAN_STATE_CHECK(expr)
Definition assert.h:49
BOTAN_ARG_CHECK
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:33
Botan::BigInt::from_bytes
static BigInt from_bytes(std::span< const uint8_t > bytes)
Definition bigint.cpp:83
Botan::BufferStuffer
Helper class to ease in-place marshalling of concatenated fixed-length values.
Definition buffer_stuffer.h:24
Botan::BufferStuffer::append
constexpr void append(std::span< const uint8_t > buffer)
Definition buffer_stuffer.h:59
Botan::BufferStuffer::next
constexpr std::span< uint8_t > next(size_t bytes)
Definition buffer_stuffer.h:32
Botan::EC_AffinePoint_Data_PC::mul
std::unique_ptr< EC_AffinePoint_Data > mul(const EC_Scalar_Data &scalar, RandomNumberGenerator &rng) const override
Definition ec_inner_pc.cpp:113
Botan::EC_AffinePoint_Data_PC::field_element_bytes
size_t field_element_bytes() const override
Definition ec_inner_pc.cpp:129
Botan::EC_AffinePoint_Data_PC::mul_x_only
secure_vector< uint8_t > mul_x_only(const EC_Scalar_Data &scalar, RandomNumberGenerator &rng) const override
Definition ec_inner_pc.cpp:122
Botan::EC_AffinePoint_Data_PC::serialize_uncompressed_to
void serialize_uncompressed_to(std::span< uint8_t > bytes) const override
Definition ec_inner_pc.cpp:169
Botan::EC_AffinePoint_Data_PC::serialize_xy_to
void serialize_xy_to(std::span< uint8_t > bytes) const override
Definition ec_inner_pc.cpp:151
Botan::EC_AffinePoint_Data_PC::clone
std::unique_ptr< EC_AffinePoint_Data > clone() const override
Definition ec_inner_pc.cpp:105
Botan::EC_AffinePoint_Data_PC::group
const std::shared_ptr< const EC_Group_Data > & group() const override
Definition ec_inner_pc.cpp:109
Botan::EC_AffinePoint_Data_PC::EC_AffinePoint_Data_PC
EC_AffinePoint_Data_PC(std::shared_ptr< const EC_Group_Data > group, PCurve::PrimeOrderCurve::AffinePoint pt)
Definition ec_inner_pc.cpp:86
Botan::EC_AffinePoint_Data_PC::is_identity
bool is_identity() const override
Definition ec_inner_pc.cpp:133
Botan::EC_AffinePoint_Data_PC::serialize_x_to
void serialize_x_to(std::span< uint8_t > bytes) const override
Definition ec_inner_pc.cpp:137
Botan::EC_AffinePoint_Data_PC::serialize_y_to
void serialize_y_to(std::span< uint8_t > bytes) const override
Definition ec_inner_pc.cpp:144
Botan::EC_AffinePoint_Data_PC::checked_ref
static const EC_AffinePoint_Data_PC & checked_ref(const EC_AffinePoint_Data &data)
Definition ec_inner_pc.cpp:97
Botan::EC_AffinePoint_Data_PC::serialize_compressed_to
void serialize_compressed_to(std::span< uint8_t > bytes) const override
Definition ec_inner_pc.cpp:158
Botan::EC_AffinePoint_Data
Definition ec_inner_data.h:71
Botan::EC_AffinePoint_Data::group
virtual const std::shared_ptr< const EC_Group_Data > & group() const =0
Botan::EC_Mul2Table_Data_PC::mul2_vartime_x_mod_order_eq
bool mul2_vartime_x_mod_order_eq(const EC_Scalar_Data &v, const EC_Scalar_Data &x, const EC_Scalar_Data &y) const override
Definition ec_inner_pc.cpp:213
Botan::EC_Mul2Table_Data_PC::EC_Mul2Table_Data_PC
EC_Mul2Table_Data_PC(const EC_AffinePoint_Data &q)
Definition ec_inner_pc.cpp:189
Botan::EC_Mul2Table_Data_PC::mul2_vartime
std::unique_ptr< EC_AffinePoint_Data > mul2_vartime(const EC_Scalar_Data &x, const EC_Scalar_Data &y) const override
Definition ec_inner_pc.cpp:197
Botan::EC_Point
Definition ec_point.h:32
Botan::EC_Scalar_Data_PC::serialize_to
void serialize_to(std::span< uint8_t > bytes) const override
Definition ec_inner_pc.cpp:81
Botan::EC_Scalar_Data_PC::invert
std::unique_ptr< EC_Scalar_Data > invert() const override
Definition ec_inner_pc.cpp:61
Botan::EC_Scalar_Data_PC::assign
void assign(const EC_Scalar_Data &y) override
Definition ec_inner_pc.cpp:44
Botan::EC_Scalar_Data_PC::bytes
size_t bytes() const override
Definition ec_inner_pc.cpp:26
Botan::EC_Scalar_Data_PC::checked_ref
static const EC_Scalar_Data_PC & checked_ref(const EC_Scalar_Data &data)
Definition ec_inner_pc.cpp:14
Botan::EC_Scalar_Data_PC::sub
std::unique_ptr< EC_Scalar_Data > sub(const EC_Scalar_Data &other) const override
Definition ec_inner_pc.cpp:73
Botan::EC_Scalar_Data_PC::is_eq
bool is_eq(const EC_Scalar_Data &y) const override
Definition ec_inner_pc.cpp:39
Botan::EC_Scalar_Data_PC::square_self
void square_self() override
Definition ec_inner_pc.cpp:52
Botan::EC_Scalar_Data_PC::clone
std::unique_ptr< EC_Scalar_Data > clone() const override
Definition ec_inner_pc.cpp:30
Botan::EC_Scalar_Data_PC::EC_Scalar_Data_PC
EC_Scalar_Data_PC(std::shared_ptr< const EC_Group_Data > group, PCurve::PrimeOrderCurve::Scalar v)
Definition ec_inner_pc.h:18
Botan::EC_Scalar_Data_PC::mul
std::unique_ptr< EC_Scalar_Data > mul(const EC_Scalar_Data &other) const override
Definition ec_inner_pc.cpp:77
Botan::EC_Scalar_Data_PC::group
const std::shared_ptr< const EC_Group_Data > & group() const override
Definition ec_inner_pc.cpp:22
Botan::EC_Scalar_Data_PC::negate
std::unique_ptr< EC_Scalar_Data > negate() const override
Definition ec_inner_pc.cpp:57
Botan::EC_Scalar_Data_PC::is_zero
bool is_zero() const override
Definition ec_inner_pc.cpp:34
Botan::EC_Scalar_Data_PC::zeroize
void zeroize() override
Definition ec_inner_pc.cpp:48
Botan::EC_Scalar_Data_PC::add
std::unique_ptr< EC_Scalar_Data > add(const EC_Scalar_Data &other) const override
Definition ec_inner_pc.cpp:69
Botan::EC_Scalar_Data_PC::invert_vartime
std::unique_ptr< EC_Scalar_Data > invert_vartime() const override
Definition ec_inner_pc.cpp:65
Botan::EC_Scalar_Data_PC::value
const auto & value() const
Definition ec_inner_pc.h:53
Botan::EC_Scalar_Data
Definition ec_inner_data.h:36
Botan::EC_Scalar_Data::group
virtual const std::shared_ptr< const EC_Group_Data > & group() const =0
Botan::Invalid_State
Definition exceptn.h:207
Botan::copy_mem
constexpr void copy_mem(T *out, const T *in, size_t n)
Definition mem_ops.h:144
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:68
Generated by doxygen 1.15.0