doxygen/ec__scalar_8cpp_source.html

/*

* (C) 2024 Jack Lloyd

*

* Botan is released under the Simplified BSD License (see license.txt)

*/


#include <botan/ec_scalar.h>


#include <botan/ec_group.h>

#include <botan/internal/ec_inner_data.h>


#if defined(BOTAN_HAS_XMD)

   #include <botan/internal/xmd.h>

#endif


namespace Botan {


EC_Scalar EC_Scalar::_from_inner(std::unique_ptr<EC_Scalar_Data> inner) {

   return EC_Scalar(std::move(inner));

}


EC_Scalar::EC_Scalar(std::unique_ptr<EC_Scalar_Data> scalar) : m_scalar(std::move(scalar)) {

   BOTAN_ASSERT_NONNULL(m_scalar);

}


EC_Scalar::EC_Scalar(const EC_Scalar& other) : m_scalar(other.inner().clone()) {}


EC_Scalar::EC_Scalar(EC_Scalar&& other) noexcept : m_scalar(std::move(other.m_scalar)) {}


EC_Scalar& EC_Scalar::operator=(const EC_Scalar& other) {

   if(this != &other) {

      this->assign(other);

   }

   return (*this);

}


EC_Scalar& EC_Scalar::operator=(EC_Scalar&& other) noexcept {

   BOTAN_ARG_CHECK(_inner().group() == other._inner().group(), "Curve mismatch");

   std::swap(m_scalar, other.m_scalar);

   return (*this);

}


EC_Scalar::~EC_Scalar() = default;


size_t EC_Scalar::bytes() const {

   return m_scalar->bytes();

}


EC_Scalar EC_Scalar::from_bytes_with_trunc(const EC_Group& group, std::span<const uint8_t> bytes) {

   return EC_Scalar(group._data()->scalar_from_bytes_with_trunc(bytes));

}


EC_Scalar EC_Scalar::from_bytes_mod_order(const EC_Group& group, std::span<const uint8_t> bytes) {

   if(auto s = group._data()->scalar_from_bytes_mod_order(bytes)) {

      return EC_Scalar(std::move(s));

   } else {

      throw Decoding_Error("EC_Scalar::from_bytes_mod_order input invalid");

   }

}


EC_Scalar EC_Scalar::random(const EC_Group& group, RandomNumberGenerator& rng) {

   return EC_Scalar(group._data()->scalar_random(rng));

}


EC_Scalar EC_Scalar::one(const EC_Group& group) {

   return EC_Scalar(group._data()->scalar_one());

}


EC_Scalar EC_Scalar::from_bigint(const EC_Group& group, const BigInt& bn) {

   if(auto data = group._data()->scalar_from_bigint(bn)) {

      return EC_Scalar(std::move(data));

   } else {

      throw Invalid_Argument("EC_Scalar::from_bigint input out of range");

   }

}


BigInt EC_Scalar::to_bigint() const {

   secure_vector<uint8_t> bytes(m_scalar->bytes());

   m_scalar->serialize_to(bytes);

   return BigInt::from_bytes(bytes);

}


EC_Scalar EC_Scalar::gk_x_mod_order(const EC_Scalar& scalar, RandomNumberGenerator& rng) {

   const auto& group = scalar._inner().group();

   return EC_Scalar(group->gk_x_mod_order(scalar.inner(), rng));

}


void EC_Scalar::serialize_to(std::span<uint8_t> bytes) const {

   inner().serialize_to(bytes);

}


void EC_Scalar::serialize_pair_to(std::span<uint8_t> bytes, const EC_Scalar& r, const EC_Scalar& s) {

   BOTAN_ARG_CHECK(r._inner().group() == s._inner().group(), "Curve mismatch");

   const size_t scalar_bytes = r.bytes();

   BOTAN_ARG_CHECK(bytes.size() == 2 * scalar_bytes, "Invalid output length");

   r.serialize_to(bytes.first(scalar_bytes));

   s.serialize_to(bytes.last(scalar_bytes));

}


std::optional<std::pair<EC_Scalar, EC_Scalar>> EC_Scalar::deserialize_pair(const EC_Group& group,

                                                                           std::span<const uint8_t> bytes) {

   if(bytes.size() % 2 != 0) {

      return {};

   }


   const size_t half = bytes.size() / 2;


   auto r = EC_Scalar::deserialize(group, bytes.first(half));

   auto s = EC_Scalar::deserialize(group, bytes.last(half));


   if(r && s) {

      return std::make_pair(r.value(), s.value());

   } else {

      return {};

   }

}


std::optional<EC_Scalar> EC_Scalar::deserialize(const EC_Group& group, std::span<const uint8_t> bytes) {

   if(auto v = group._data()->scalar_deserialize(bytes)) {

      return EC_Scalar(std::move(v));

   } else {

      return {};

   }

}


EC_Scalar::EC_Scalar(const EC_Group& group, std::span<const uint8_t> bytes) {

   m_scalar = group._data()->scalar_deserialize(bytes);

   if(!m_scalar) {

      throw Decoding_Error("EC_Scalar::from_bytes is not a valid scalar value");

   }

}


bool EC_Scalar::is_zero() const {

   return inner().is_zero();

}


EC_Scalar EC_Scalar::invert() const {

   return EC_Scalar(inner().invert());

}


EC_Scalar EC_Scalar::invert_vartime() const {

   return EC_Scalar(inner().invert_vartime());

}


EC_Scalar EC_Scalar::negate() const {

   return EC_Scalar(inner().negate());

}


void EC_Scalar::square_self() {

   m_scalar->square_self();

}


EC_Scalar EC_Scalar::add(const EC_Scalar& x) const {

   return EC_Scalar(inner().add(x.inner()));

}


EC_Scalar EC_Scalar::sub(const EC_Scalar& x) const {

   return EC_Scalar(inner().sub(x.inner()));

}


EC_Scalar EC_Scalar::mul(const EC_Scalar& x) const {

   return EC_Scalar(inner().mul(x.inner()));

}


void EC_Scalar::assign(const EC_Scalar& x) {

   m_scalar->assign(x.inner());

}


void EC_Scalar::zeroize() {

   m_scalar->zeroize();

}


bool EC_Scalar::is_eq(const EC_Scalar& x) const {

   return inner().is_eq(x.inner());

}


//static


EC_Scalar EC_Scalar::hash(const EC_Group& group,

                          std::string_view hash_fn,

                          std::span<const uint8_t> input,

                          std::span<const uint8_t> domain_sep) {

#if defined(BOTAN_HAS_XMD)


   /*

   * This could be extended to support expand_message_xof or a MHF like Argon2

   */

   if(hash_fn.starts_with("SHAKE")) {

      throw Not_Implemented("Hash to scalar currently does not support expand_message_xof");

   }


   const size_t scalar_bits = group.get_order_bits();

   const size_t security_level = (scalar_bits + 1) / 2;

   secure_vector<uint8_t> uniform_bytes((scalar_bits + security_level + 7) / 8);

   expand_message_xmd(hash_fn, uniform_bytes, input, domain_sep);


   return EC_Scalar::from_bytes_mod_order(group, uniform_bytes);

#else

   BOTAN_UNUSED(group, hash_fn, input, domain_sep);

   throw Not_Implemented("EC_Scalar::hash not available due to missing XMD");

#endif

}


}  // namespace Botan

BOTAN_UNUSED
#define BOTAN_UNUSED
Definition assert.h:144

BOTAN_ASSERT_NONNULL
#define BOTAN_ASSERT_NONNULL(ptr)
Definition assert.h:114

BOTAN_ARG_CHECK
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:33

Botan::BigInt
Definition bigint.h:25

Botan::BigInt::from_bytes
static BigInt from_bytes(std::span< const uint8_t > bytes)
Definition bigint.cpp:87

Botan::Decoding_Error
Definition exceptn.h:191

Botan::EC_Group
Definition ec_group.h:87

Botan::EC_Group::_data
const std::shared_ptr< EC_Group_Data > & _data() const
Definition ec_group.h:462

Botan::EC_Group::get_order_bits
size_t get_order_bits() const
Definition ec_group.cpp:542

Botan::EC_Scalar_Data::group
virtual const std::shared_ptr< const EC_Group_Data > & group() const =0

Botan::EC_Scalar::one
static EC_Scalar one(const EC_Group &group)
Definition ec_scalar.cpp:65

Botan::EC_Scalar::to_bigint
BigInt to_bigint() const
Definition ec_scalar.cpp:77

Botan::EC_Scalar::_inner
const EC_Scalar_Data & _inner() const
Definition ec_scalar.h:244

Botan::EC_Scalar::hash
static EC_Scalar hash(const EC_Group &group, std::string_view hash_fn, std::span< const uint8_t > input, std::span< const uint8_t > domain_sep)
Definition ec_scalar.cpp:178

Botan::EC_Scalar::assign
void assign(const EC_Scalar &x)
Definition ec_scalar.cpp:165

Botan::EC_Scalar::is_eq
bool is_eq(const EC_Scalar &x) const
Definition ec_scalar.cpp:173

Botan::EC_Scalar::deserialize
static std::optional< EC_Scalar > deserialize(const EC_Group &group, std::span< const uint8_t > bytes)
Definition ec_scalar.cpp:118

Botan::EC_Scalar::mul
EC_Scalar mul(const EC_Scalar &x) const
Definition ec_scalar.cpp:161

Botan::EC_Scalar::add
EC_Scalar add(const EC_Scalar &x) const
Definition ec_scalar.cpp:153

Botan::EC_Scalar::gk_x_mod_order
static EC_Scalar gk_x_mod_order(const EC_Scalar &scalar, RandomNumberGenerator &rng)
Definition ec_scalar.cpp:83

Botan::EC_Scalar::serialize_to
void serialize_to(std::span< uint8_t > bytes) const
Definition ec_scalar.cpp:88

Botan::EC_Scalar::is_zero
bool is_zero() const
Definition ec_scalar.cpp:133

Botan::EC_Scalar::bytes
size_t bytes() const
Definition ec_scalar.cpp:45

Botan::EC_Scalar::from_bigint
static EC_Scalar from_bigint(const EC_Group &group, const BigInt &bn)
Definition ec_scalar.cpp:69

Botan::EC_Scalar::operator=
EC_Scalar & operator=(const EC_Scalar &other)
Definition ec_scalar.cpp:30

Botan::EC_Scalar::invert_vartime
EC_Scalar invert_vartime() const
Definition ec_scalar.cpp:141

Botan::EC_Scalar::invert
EC_Scalar invert() const
Definition ec_scalar.cpp:137

Botan::EC_Scalar::serialize_pair_to
static void serialize_pair_to(std::span< uint8_t > bytes, const EC_Scalar &r, const EC_Scalar &s)
Definition ec_scalar.cpp:92

Botan::EC_Scalar::EC_Scalar
EC_Scalar(const EC_Group &group, std::span< const uint8_t > bytes)
Definition ec_scalar.cpp:126

Botan::EC_Scalar::from_bytes_mod_order
static EC_Scalar from_bytes_mod_order(const EC_Group &group, std::span< const uint8_t > bytes)
Definition ec_scalar.cpp:53

Botan::EC_Scalar::~EC_Scalar
~EC_Scalar()

Botan::EC_Scalar::square_self
void square_self()
Definition ec_scalar.cpp:149

Botan::EC_Scalar::random
static EC_Scalar random(const EC_Group &group, RandomNumberGenerator &rng)
Definition ec_scalar.cpp:61

Botan::EC_Scalar::_from_inner
static EC_Scalar _from_inner(std::unique_ptr< EC_Scalar_Data > inner)
Definition ec_scalar.cpp:18

Botan::EC_Scalar::negate
EC_Scalar negate() const
Definition ec_scalar.cpp:145

Botan::EC_Scalar::sub
EC_Scalar sub(const EC_Scalar &x) const
Definition ec_scalar.cpp:157

Botan::EC_Scalar::deserialize_pair
static std::optional< std::pair< EC_Scalar, EC_Scalar > > deserialize_pair(const EC_Group &group, std::span< const uint8_t > bytes)
Definition ec_scalar.cpp:100

Botan::EC_Scalar::zeroize
void zeroize()
Definition ec_scalar.cpp:169

Botan::EC_Scalar::from_bytes_with_trunc
static EC_Scalar from_bytes_with_trunc(const EC_Group &group, std::span< const uint8_t > bytes)
Definition ec_scalar.cpp:49

Botan::Invalid_Argument
Definition exceptn.h:131

Botan::Not_Implemented
Definition exceptn.h:334

Botan::RandomNumberGenerator
Definition rng.h:30

Botan
Definition alg_id.cpp:13

Botan::expand_message_xmd
void expand_message_xmd(std::string_view hash_fn, std::span< uint8_t > output, std::span< const uint8_t > input, std::span< const uint8_t > domain_sep)
Definition xmd.cpp:17

Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:69