Botan 3.8.1
Crypto and TLS for C&
ec_inner_pc.cpp
Go to the documentation of this file.
1/*
2* (C) 2024 Jack Lloyd
3*
4* Botan is released under the Simplified BSD License (see license.txt)
5*/
6
7#include <botan/internal/ec_inner_pc.h>
8
9#include <botan/mem_ops.h>
10
11namespace Botan {
12
13const EC_Scalar_Data_PC& EC_Scalar_Data_PC::checked_ref(const EC_Scalar_Data& data) {
14 const auto* p = dynamic_cast<const EC_Scalar_Data_PC*>(&data);
15 if(!p) {
16 throw Invalid_State("Failed conversion to EC_Scalar_Data_PC");
17 }
18 return *p;
19}
20
21const std::shared_ptr<const EC_Group_Data>& EC_Scalar_Data_PC::group() const {
22 return m_group;
23}
24
25size_t EC_Scalar_Data_PC::bytes() const {
26 return this->group()->order_bytes();
27}
28
29std::unique_ptr<EC_Scalar_Data> EC_Scalar_Data_PC::clone() const {
30 return std::make_unique<EC_Scalar_Data_PC>(this->group(), this->value());
31}
32
33bool EC_Scalar_Data_PC::is_zero() const {
34 auto& pcurve = this->group()->pcurve();
35 return pcurve.scalar_is_zero(m_v);
36}
37
38bool EC_Scalar_Data_PC::is_eq(const EC_Scalar_Data& other) const {
39 auto& pcurve = group()->pcurve();
40 return pcurve.scalar_equal(m_v, checked_ref(other).m_v);
41}
42
43void EC_Scalar_Data_PC::assign(const EC_Scalar_Data& other) {
44 m_v = checked_ref(other).value();
45}
46
47void EC_Scalar_Data_PC::square_self() {
48 // TODO square in place
49 m_v = m_group->pcurve().scalar_square(m_v);
50}
51
52std::unique_ptr<EC_Scalar_Data> EC_Scalar_Data_PC::negate() const {
53 return std::make_unique<EC_Scalar_Data_PC>(m_group, m_group->pcurve().scalar_negate(m_v));
54}
55
56std::unique_ptr<EC_Scalar_Data> EC_Scalar_Data_PC::invert() const {
57 return std::make_unique<EC_Scalar_Data_PC>(m_group, m_group->pcurve().scalar_invert(m_v));
58}
59
60std::unique_ptr<EC_Scalar_Data> EC_Scalar_Data_PC::invert_vartime() const {
61 return std::make_unique<EC_Scalar_Data_PC>(m_group, m_group->pcurve().scalar_invert_vartime(m_v));
62}
63
64std::unique_ptr<EC_Scalar_Data> EC_Scalar_Data_PC::add(const EC_Scalar_Data& other) const {
65 return std::make_unique<EC_Scalar_Data_PC>(m_group, group()->pcurve().scalar_add(m_v, checked_ref(other).m_v));
66}
67
68std::unique_ptr<EC_Scalar_Data> EC_Scalar_Data_PC::sub(const EC_Scalar_Data& other) const {
69 return std::make_unique<EC_Scalar_Data_PC>(m_group, group()->pcurve().scalar_sub(m_v, checked_ref(other).m_v));
70}
71
72std::unique_ptr<EC_Scalar_Data> EC_Scalar_Data_PC::mul(const EC_Scalar_Data& other) const {
73 return std::make_unique<EC_Scalar_Data_PC>(m_group, group()->pcurve().scalar_mul(m_v, checked_ref(other).m_v));
74}
75
76void EC_Scalar_Data_PC::serialize_to(std::span<uint8_t> bytes) const {
77 BOTAN_ARG_CHECK(bytes.size() == m_group->order_bytes(), "Invalid output length");
78 m_group->pcurve().serialize_scalar(bytes, m_v);
79}
80
81EC_AffinePoint_Data_PC::EC_AffinePoint_Data_PC(std::shared_ptr<const EC_Group_Data> group,
82 PCurve::PrimeOrderCurve::AffinePoint pt) :
83 m_group(std::move(group)), m_pt(std::move(pt)) {
84 auto& pcurve = m_group->pcurve();
85
86 if(!pcurve.affine_point_is_identity(m_pt)) {
87 m_xy.resize(1 + 2 * field_element_bytes());
88 pcurve.serialize_point(m_xy, m_pt);
89 }
90}
91
92const EC_AffinePoint_Data_PC& EC_AffinePoint_Data_PC::checked_ref(const EC_AffinePoint_Data& data) {
93 const auto* p = dynamic_cast<const EC_AffinePoint_Data_PC*>(&data);
94 if(!p) {
95 throw Invalid_State("Failed conversion to EC_AffinePoint_Data_PC");
96 }
97 return *p;
98}
99
100std::unique_ptr<EC_AffinePoint_Data> EC_AffinePoint_Data_PC::clone() const {
101 return std::make_unique<EC_AffinePoint_Data_PC>(m_group, m_pt);
102}
103
104const std::shared_ptr<const EC_Group_Data>& EC_AffinePoint_Data_PC::group() const {
105 return m_group;
106}
107
108std::unique_ptr<EC_AffinePoint_Data> EC_AffinePoint_Data_PC::mul(const EC_Scalar_Data& scalar,
109 RandomNumberGenerator& rng) const {
110 BOTAN_ARG_CHECK(scalar.group() == m_group, "Curve mismatch");
111 const auto& k = EC_Scalar_Data_PC::checked_ref(scalar).value();
112 auto& pcurve = m_group->pcurve();
113 auto pt = pcurve.point_to_affine(pcurve.mul(m_pt, k, rng));
114 return std::make_unique<EC_AffinePoint_Data_PC>(m_group, std::move(pt));
115}
116
117secure_vector<uint8_t> EC_AffinePoint_Data_PC::mul_x_only(const EC_Scalar_Data& scalar,
118 RandomNumberGenerator& rng) const {
119 BOTAN_ARG_CHECK(scalar.group() == m_group, "Curve mismatch");
120 const auto& k = EC_Scalar_Data_PC::checked_ref(scalar).value();
121 return m_group->pcurve().mul_x_only(m_pt, k, rng);
122}
123
124size_t EC_AffinePoint_Data_PC::field_element_bytes() const {
125 return m_group->pcurve().field_element_bytes();
126}
127
128bool EC_AffinePoint_Data_PC::is_identity() const {
129 return m_xy.empty();
130}
131
132void EC_AffinePoint_Data_PC::serialize_x_to(std::span<uint8_t> bytes) const {
133 BOTAN_STATE_CHECK(!this->is_identity());
134 const size_t fe_bytes = this->field_element_bytes();
135 BOTAN_ARG_CHECK(bytes.size() == fe_bytes, "Invalid output size");
136 copy_mem(bytes, std::span{m_xy}.subspan(1, fe_bytes));
137}
138
139void EC_AffinePoint_Data_PC::serialize_y_to(std::span<uint8_t> bytes) const {
140 BOTAN_STATE_CHECK(!this->is_identity());
141 const size_t fe_bytes = this->field_element_bytes();
142 BOTAN_ARG_CHECK(bytes.size() == fe_bytes, "Invalid output size");
143 copy_mem(bytes, std::span{m_xy}.subspan(1 + fe_bytes, fe_bytes));
144}
145
146void EC_AffinePoint_Data_PC::serialize_xy_to(std::span<uint8_t> bytes) const {
147 BOTAN_STATE_CHECK(!this->is_identity());
148 const size_t fe_bytes = this->field_element_bytes();
149 BOTAN_ARG_CHECK(bytes.size() == 2 * fe_bytes, "Invalid output size");
150 copy_mem(bytes, std::span{m_xy}.last(2 * fe_bytes));
151}
152
153void EC_AffinePoint_Data_PC::serialize_compressed_to(std::span<uint8_t> bytes) const {
154 BOTAN_STATE_CHECK(!this->is_identity());
155 const size_t fe_bytes = this->field_element_bytes();
156 BOTAN_ARG_CHECK(bytes.size() == 1 + fe_bytes, "Invalid output size");
157 const bool y_is_odd = (m_xy.back() & 0x01) == 0x01;
158
159 BufferStuffer stuffer(bytes);
160 stuffer.append(y_is_odd ? 0x03 : 0x02);
161 this->serialize_x_to(stuffer.next(fe_bytes));
162}
163
164void EC_AffinePoint_Data_PC::serialize_uncompressed_to(std::span<uint8_t> bytes) const {
165 BOTAN_STATE_CHECK(!this->is_identity());
166 const size_t fe_bytes = this->field_element_bytes();
167 BOTAN_ARG_CHECK(bytes.size() == 1 + 2 * fe_bytes, "Invalid output size");
168 copy_mem(bytes, m_xy);
169}
170
171#if defined(BOTAN_HAS_LEGACY_EC_POINT)
172EC_Point EC_AffinePoint_Data_PC::to_legacy_point() const {
173 if(this->is_identity()) {
174 return EC_Point(m_group->curve());
175 } else {
176 const size_t fe_bytes = this->field_element_bytes();
177 return EC_Point(m_group->curve(),
178 BigInt::from_bytes(std::span{m_xy}.subspan(1, fe_bytes)),
179 BigInt::from_bytes(std::span{m_xy}.last(fe_bytes)));
180 }
181}
182#endif
183
184EC_Mul2Table_Data_PC::EC_Mul2Table_Data_PC(const EC_AffinePoint_Data& q) : m_group(q.group()) {
185 BOTAN_ARG_CHECK(q.group() == m_group, "Curve mismatch");
186
187 const auto& pt_q = EC_AffinePoint_Data_PC::checked_ref(q);
188
189 m_tbl = m_group->pcurve().mul2_setup_g(pt_q.value());
190}
191
192std::unique_ptr<EC_AffinePoint_Data> EC_Mul2Table_Data_PC::mul2_vartime(const EC_Scalar_Data& xd,
193 const EC_Scalar_Data& yd) const {
194 BOTAN_ARG_CHECK(xd.group() == m_group && yd.group() == m_group, "Curve mismatch");
195
196 const auto& x = EC_Scalar_Data_PC::checked_ref(xd);
197 const auto& y = EC_Scalar_Data_PC::checked_ref(yd);
198
199 auto& pcurve = m_group->pcurve();
200
201 if(auto pt = pcurve.mul2_vartime(*m_tbl, x.value(), y.value())) {
202 return std::make_unique<EC_AffinePoint_Data_PC>(m_group, pcurve.point_to_affine(*pt));
203 } else {
204 return nullptr;
205 }
206}
207
208bool EC_Mul2Table_Data_PC::mul2_vartime_x_mod_order_eq(const EC_Scalar_Data& vd,
209 const EC_Scalar_Data& xd,
210 const EC_Scalar_Data& yd) const {
211 BOTAN_ARG_CHECK(xd.group() == m_group && yd.group() == m_group, "Curve mismatch");
212
213 const auto& v = EC_Scalar_Data_PC::checked_ref(vd);
214 const auto& x = EC_Scalar_Data_PC::checked_ref(xd);
215 const auto& y = EC_Scalar_Data_PC::checked_ref(yd);
216
217 return m_group->pcurve().mul2_vartime_x_mod_order_eq(*m_tbl, v.value(), x.value(), y.value());
218}
219
220} // namespace Botan
BOTAN_STATE_CHECK
#define BOTAN_STATE_CHECK(expr)
Definition assert.h:43
BOTAN_ARG_CHECK
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:31
Botan::BigInt::from_bytes
static BigInt from_bytes(std::span< const uint8_t > bytes)
Definition bigint.cpp:86
Botan::BufferStuffer
Helper class to ease in-place marshalling of concatenated fixed-length values.
Definition stl_util.h:143
Botan::BufferStuffer::append
constexpr void append(std::span< const uint8_t > buffer)
Definition stl_util.h:178
Botan::BufferStuffer::next
constexpr std::span< uint8_t > next(size_t bytes)
Definition stl_util.h:151
Botan::EC_AffinePoint_Data_PC::mul
std::unique_ptr< EC_AffinePoint_Data > mul(const EC_Scalar_Data &scalar, RandomNumberGenerator &rng) const override
Definition ec_inner_pc.cpp:108
Botan::EC_AffinePoint_Data_PC::field_element_bytes
size_t field_element_bytes() const override
Definition ec_inner_pc.cpp:124
Botan::EC_AffinePoint_Data_PC::mul_x_only
secure_vector< uint8_t > mul_x_only(const EC_Scalar_Data &scalar, RandomNumberGenerator &rng) const override
Definition ec_inner_pc.cpp:117
Botan::EC_AffinePoint_Data_PC::serialize_uncompressed_to
void serialize_uncompressed_to(std::span< uint8_t > bytes) const override
Definition ec_inner_pc.cpp:164
Botan::EC_AffinePoint_Data_PC::serialize_xy_to
void serialize_xy_to(std::span< uint8_t > bytes) const override
Definition ec_inner_pc.cpp:146
Botan::EC_AffinePoint_Data_PC::clone
std::unique_ptr< EC_AffinePoint_Data > clone() const override
Definition ec_inner_pc.cpp:100
Botan::EC_AffinePoint_Data_PC::group
const std::shared_ptr< const EC_Group_Data > & group() const override
Definition ec_inner_pc.cpp:104
Botan::EC_AffinePoint_Data_PC::EC_AffinePoint_Data_PC
EC_AffinePoint_Data_PC(std::shared_ptr< const EC_Group_Data > group, PCurve::PrimeOrderCurve::AffinePoint pt)
Definition ec_inner_pc.cpp:81
Botan::EC_AffinePoint_Data_PC::is_identity
bool is_identity() const override
Definition ec_inner_pc.cpp:128
Botan::EC_AffinePoint_Data_PC::serialize_x_to
void serialize_x_to(std::span< uint8_t > bytes) const override
Definition ec_inner_pc.cpp:132
Botan::EC_AffinePoint_Data_PC::serialize_y_to
void serialize_y_to(std::span< uint8_t > bytes) const override
Definition ec_inner_pc.cpp:139
Botan::EC_AffinePoint_Data_PC::checked_ref
static const EC_AffinePoint_Data_PC & checked_ref(const EC_AffinePoint_Data &data)
Definition ec_inner_pc.cpp:92
Botan::EC_AffinePoint_Data_PC::serialize_compressed_to
void serialize_compressed_to(std::span< uint8_t > bytes) const override
Definition ec_inner_pc.cpp:153
Botan::EC_AffinePoint_Data
Definition ec_inner_data.h:70
Botan::EC_AffinePoint_Data::group
virtual const std::shared_ptr< const EC_Group_Data > & group() const =0
Botan::EC_Mul2Table_Data_PC::mul2_vartime_x_mod_order_eq
bool mul2_vartime_x_mod_order_eq(const EC_Scalar_Data &v, const EC_Scalar_Data &x, const EC_Scalar_Data &y) const override
Definition ec_inner_pc.cpp:208
Botan::EC_Mul2Table_Data_PC::EC_Mul2Table_Data_PC
EC_Mul2Table_Data_PC(const EC_AffinePoint_Data &q)
Definition ec_inner_pc.cpp:184
Botan::EC_Mul2Table_Data_PC::mul2_vartime
std::unique_ptr< EC_AffinePoint_Data > mul2_vartime(const EC_Scalar_Data &x, const EC_Scalar_Data &y) const override
Definition ec_inner_pc.cpp:192
Botan::EC_Point
Definition ec_point.h:33
Botan::EC_Scalar_Data_PC::serialize_to
void serialize_to(std::span< uint8_t > bytes) const override
Definition ec_inner_pc.cpp:76
Botan::EC_Scalar_Data_PC::invert
std::unique_ptr< EC_Scalar_Data > invert() const override
Definition ec_inner_pc.cpp:56
Botan::EC_Scalar_Data_PC::assign
void assign(const EC_Scalar_Data &y) override
Definition ec_inner_pc.cpp:43
Botan::EC_Scalar_Data_PC::bytes
size_t bytes() const override
Definition ec_inner_pc.cpp:25
Botan::EC_Scalar_Data_PC::checked_ref
static const EC_Scalar_Data_PC & checked_ref(const EC_Scalar_Data &data)
Definition ec_inner_pc.cpp:13
Botan::EC_Scalar_Data_PC::sub
std::unique_ptr< EC_Scalar_Data > sub(const EC_Scalar_Data &other) const override
Definition ec_inner_pc.cpp:68
Botan::EC_Scalar_Data_PC::is_eq
bool is_eq(const EC_Scalar_Data &y) const override
Definition ec_inner_pc.cpp:38
Botan::EC_Scalar_Data_PC::square_self
void square_self() override
Definition ec_inner_pc.cpp:47
Botan::EC_Scalar_Data_PC::clone
std::unique_ptr< EC_Scalar_Data > clone() const override
Definition ec_inner_pc.cpp:29
Botan::EC_Scalar_Data_PC::EC_Scalar_Data_PC
EC_Scalar_Data_PC(std::shared_ptr< const EC_Group_Data > group, PCurve::PrimeOrderCurve::Scalar v)
Definition ec_inner_pc.h:18
Botan::EC_Scalar_Data_PC::mul
std::unique_ptr< EC_Scalar_Data > mul(const EC_Scalar_Data &other) const override
Definition ec_inner_pc.cpp:72
Botan::EC_Scalar_Data_PC::group
const std::shared_ptr< const EC_Group_Data > & group() const override
Definition ec_inner_pc.cpp:21
Botan::EC_Scalar_Data_PC::negate
std::unique_ptr< EC_Scalar_Data > negate() const override
Definition ec_inner_pc.cpp:52
Botan::EC_Scalar_Data_PC::is_zero
bool is_zero() const override
Definition ec_inner_pc.cpp:33
Botan::EC_Scalar_Data_PC::add
std::unique_ptr< EC_Scalar_Data > add(const EC_Scalar_Data &other) const override
Definition ec_inner_pc.cpp:64
Botan::EC_Scalar_Data_PC::invert_vartime
std::unique_ptr< EC_Scalar_Data > invert_vartime() const override
Definition ec_inner_pc.cpp:60
Botan::EC_Scalar_Data_PC::value
const auto & value() const
Definition ec_inner_pc.h:51
Botan::EC_Scalar_Data
Definition ec_inner_data.h:37
Botan::EC_Scalar_Data::group
virtual const std::shared_ptr< const EC_Group_Data > & group() const =0
Botan::Invalid_State
Definition exceptn.h:206
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:65
Botan::copy_mem
constexpr void copy_mem(T *out, const T *in, size_t n)
Definition mem_ops.h:149
Generated by doxygen 1.13.2