doxygen/ed448__internal_8h_source.html

/*

 * Ed448 Internals

 * (C) 2024 Jack Lloyd

 *     2024 René Meusel, Fabian Albert - Rohde & Schwarz Cybersecurity

 *

 * Botan is released under the Simplified BSD License (see license.txt)

 */


#ifndef BOTAN_ED448_INTERNAL_H_

#define BOTAN_ED448_INTERNAL_H_


#include <botan/internal/ct_utils.h>

#include <botan/internal/curve448_gf.h>

#include <botan/internal/curve448_scalar.h>


namespace Botan {


constexpr size_t ED448_LEN = 57;


/**

 * @brief Representation of a point on the Ed448 curve.

 *

 * The point is represented in projective coordinates (X, Y, Z).

 * All operations are constant time.

 */


class BOTAN_TEST_API Ed448Point final {

   public:

      /// Decode a point from its 57-byte encoding (RFC 8032 5.2.3)

      static Ed448Point decode(std::span<const uint8_t, ED448_LEN> enc);


      /// Create the curve's base point ('B' in RFC 8032 5.2)

      static Ed448Point base_point();


      /// Create a point from its projective coordinates X, Y, Z

      Ed448Point(const Gf448Elem& x, const Gf448Elem& y, const Gf448Elem& z) : m_x(x), m_y(y), m_z(z) {}


      /// Create a point from its coordinates x, y

      Ed448Point(const Gf448Elem& x, const Gf448Elem& y) : m_x(x), m_y(y), m_z(1) {}


      /// Return the identity element

      static Ed448Point identity() { return Ed448Point(Gf448Elem::zero(), Gf448Elem::one()); }


      /// Encode the point to its 57-byte representation (RFC 8032 5.2.2)

      std::array<uint8_t, ED448_LEN> encode() const;


      /// Add two points (RFC 8032 5.2.4)

      Ed448Point operator+(const Ed448Point& other) const;


      /// Double a point (RFC 8032 5.2.4)

      Ed448Point double_point() const;


      /// Scalar multiplication

      Ed448Point scalar_mul(const Scalar448& scalar) const;


      /// Fixed base point scalar multiplication (precomputed table, no doublings)

      static Ed448Point base_point_mul(const Scalar448& scalar);


      /// Variable-time double scalar multiplication using Shamir's trick: [s1]P + [s2]Q

      static Ed448Point double_scalar_mul_vartime(const Scalar448& s1,

                                                  const Ed448Point& p1,

                                                  const Scalar448& s2,

                                                  const Ed448Point& p2);


      /// Negate the point

      Ed448Point negate() const { return Ed448Point(-m_x, m_y, m_z); }


      /// Getter for projective coordinate X

      Gf448Elem x_proj() const { return m_x; }


      /// Getter for projective coordinate Y

      Gf448Elem y_proj() const { return m_y; }


      /// Getter for projective coordinate Z

      Gf448Elem z_proj() const { return m_z; }


      /// Getter for point coordinate x

      Gf448Elem x() const { return m_x / m_z; }


      /// Getter for point coordinate y

      Gf448Elem y() const { return m_y / m_z; }


      /// Check if two points are equal (constant time)

      bool operator==(const Ed448Point& other) const;


      /// Assign other to this if @p mask is set (constant time)

      void ct_conditional_assign(CT::Mask<uint64_t> mask, const Ed448Point& other);


   private:

      Gf448Elem m_x;

      Gf448Elem m_y;

      Gf448Elem m_z;

};


/// Syntax sugar for scalar multiplication

Ed448Point operator*(const Scalar448& lhs, const Ed448Point& rhs);


/**

 * @brief Create a public key point from a secret key (RFC 8032 5.2.5)

 */

BOTAN_TEST_API std::array<uint8_t, ED448_LEN> create_pk_from_sk(std::span<const uint8_t, ED448_LEN> sk);


/**

 * @brief Sign a message using a keypair (RFC 8032 5.2.6)

 *

 * @param sk the secret key

 * @param pk the public key

 * @param f the prehash flag (true iff using Ed448ph)

 * @param context the context string

 * @param msg the message to sign

 * @return the signature

 */

std::array<uint8_t, 114> sign_message(std::span<const uint8_t, ED448_LEN> sk,

                                      std::span<const uint8_t, ED448_LEN> pk,

                                      bool f,

                                      std::span<const uint8_t> context,

                                      std::span<const uint8_t> msg);


/**

 * @brief Verify a signature(RFC 8032 5.2.7)

 *

 * @param pk the public key

 * @param phflag the prehash flag (true iff using Ed448ph)

 * @param context the context string

 * @param sig the signature

 * @param msg the message to verify

 *

 * @throw Decoding_Error if the public key or signature is malformed

 * @return true if the signature is valid

 */

bool verify_signature(std::span<const uint8_t, ED448_LEN> pk,

                      bool phflag,

                      std::span<const uint8_t> context,

                      std::span<const uint8_t> sig,

                      std::span<const uint8_t> msg);


}  // namespace Botan


#endif  // BOTAN_ED448_INTERNAL_H_

BOTAN_TEST_API
#define BOTAN_TEST_API
Definition api.h:41

Botan::CT::Mask
Definition ct_utils.h:360

Botan::Ed448Point
Representation of a point on the Ed448 curve.
Definition ed448_internal.h:26

Botan::Ed448Point::negate
Ed448Point negate() const
Negate the point.
Definition ed448_internal.h:65

Botan::Ed448Point::z_proj
Gf448Elem z_proj() const
Getter for projective coordinate Z.
Definition ed448_internal.h:74

Botan::Ed448Point::y
Gf448Elem y() const
Getter for point coordinate y.
Definition ed448_internal.h:80

Botan::Ed448Point::x_proj
Gf448Elem x_proj() const
Getter for projective coordinate X.
Definition ed448_internal.h:68

Botan::Ed448Point::Ed448Point
Ed448Point(const Gf448Elem &x, const Gf448Elem &y)
Create a point from its coordinates x, y.
Definition ed448_internal.h:38

Botan::Ed448Point::identity
static Ed448Point identity()
Return the identity element.
Definition ed448_internal.h:41

Botan::Ed448Point::Ed448Point
Ed448Point(const Gf448Elem &x, const Gf448Elem &y, const Gf448Elem &z)
Create a point from its projective coordinates X, Y, Z.
Definition ed448_internal.h:35

Botan::Ed448Point::y_proj
Gf448Elem y_proj() const
Getter for projective coordinate Y.
Definition ed448_internal.h:71

Botan::Ed448Point::decode
static Ed448Point decode(std::span< const uint8_t, ED448_LEN > enc)
Decode a point from its 57-byte encoding (RFC 8032 5.2.3).
Definition ed448_internal.cpp:73

Botan::Ed448Point::base_point
static Ed448Point base_point()
Create the curve's base point ('B' in RFC 8032 5.2).
Definition ed448_internal.cpp:122

Botan::Ed448Point::x
Gf448Elem x() const
Getter for point coordinate x.
Definition ed448_internal.h:77

Botan::Gf448Elem
Definition curve448_gf.h:36

Botan::Gf448Elem::zero
static Gf448Elem zero()
Definition curve448_gf.h:59

Botan::Gf448Elem::one
static Gf448Elem one()
Definition curve448_gf.h:64

Botan::Scalar448
Representation of a scalar for X448.
Definition curve448_scalar.h:34

Botan
Definition alg_id.cpp:13

Botan::operator*
BigInt operator*(const BigInt &x, const BigInt &y)
Definition big_ops3.cpp:57

Botan::create_pk_from_sk
std::array< uint8_t, ED448_LEN > create_pk_from_sk(std::span< const uint8_t, ED448_LEN > sk)
Create a public key point from a secret key (RFC 8032 5.2.5).
Definition ed448_internal.cpp:369

Botan::operator+
OctetString operator+(const OctetString &k1, const OctetString &k2)
Definition symkey.cpp:99

Botan::ED448_LEN
constexpr size_t ED448_LEN
Definition ed448_internal.h:18

Botan::operator==
bool operator==(const AlgorithmIdentifier &a1, const AlgorithmIdentifier &a2)
Definition alg_id.cpp:53

Botan::verify_signature
bool verify_signature(std::span< const uint8_t, ED448_LEN > pk, bool phflag, std::span< const uint8_t > context, std::span< const uint8_t > sig, std::span< const uint8_t > msg)
Verify a signature(RFC 8032 5.2.7).
Definition ed448_internal.cpp:428

Botan::sign_message
std::array< uint8_t, 2 *ED448_LEN > sign_message(std::span< const uint8_t, ED448_LEN > sk, std::span< const uint8_t, ED448_LEN > pk, bool pgflag, std::span< const uint8_t > context, std::span< const uint8_t > msg)
Sign a message using a keypair (RFC 8032 5.2.6).
Definition ed448_internal.cpp:382