Botan 3.9.0
Crypto and TLS for C&
ed448_internal.h
Go to the documentation of this file.
1/*
2 * Ed448 Internals
3 * (C) 2024 Jack Lloyd
4 * 2024 René Meusel, Fabian Albert - Rohde & Schwarz Cybersecurity
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8
9#ifndef BOTAN_ED448_INTERNAL_H_
10#define BOTAN_ED448_INTERNAL_H_
11
12#include <botan/internal/curve448_gf.h>
13#include <botan/internal/curve448_scalar.h>
14
15namespace Botan {
16
17constexpr size_t ED448_LEN = 57;
18
19/**
20 * @brief Representation of a point on the Ed448 curve.
21 *
22 * The point is represented in projective coordinates (X, Y, Z).
23 * All operations are constant time.
24 */
26 public:
27 /// Decode a point from its 57-byte encoding (RFC 8032 5.2.3)
28 static Ed448Point decode(std::span<const uint8_t, ED448_LEN> enc);
29
30 /// Create the curve's base point ('B' in RFC 8032 5.2)
31 static Ed448Point base_point();
32
33 /// Create a point from its projective coordinates X, Y, Z
34 Ed448Point(const Gf448Elem& x, const Gf448Elem& y, const Gf448Elem& z) : m_x(x), m_y(y), m_z(z) {}
35
36 /// Create a point from its coordinates x, y
37 Ed448Point(const Gf448Elem& x, const Gf448Elem& y) : m_x(x), m_y(y), m_z(1) {}
38
39 /// Return the identity element
41
42 /// Encode the point to its 57-byte representation (RFC 8032 5.2.2)
43 std::array<uint8_t, ED448_LEN> encode() const;
44
45 /// Add two points (RFC 8032 5.2.4)
46 Ed448Point operator+(const Ed448Point& other) const;
47
48 /// Double a point (RFC 8032 5.2.4)
49 Ed448Point double_point() const;
50
51 /// Scalar multiplication
52 Ed448Point scalar_mul(const Scalar448& scalar) const;
53
54 /// Getter for projective coordinate X
55 Gf448Elem x_proj() const { return m_x; }
56
57 /// Getter for projective coordinate Y
58 Gf448Elem y_proj() const { return m_y; }
59
60 /// Getter for projective coordinate Z
61 Gf448Elem z_proj() const { return m_z; }
62
63 /// Getter for point coordinate x
64 Gf448Elem x() const { return m_x / m_z; }
65
66 /// Getter for point coordinate y
67 Gf448Elem y() const { return m_y / m_z; }
68
69 /// Check if two points are equal (constant time)
70 bool operator==(const Ed448Point& other) const;
71
72 /// Assign other to this if cond is true (constant time)
73 void ct_conditional_assign(bool cond, const Ed448Point& other);
74
75 private:
76 Gf448Elem m_x;
77 Gf448Elem m_y;
78 Gf448Elem m_z;
79};
80
81/// Syntax sugar for scalar multiplication
82Ed448Point operator*(const Scalar448& lhs, const Ed448Point& rhs);
83
84/**
85 * @brief Create a public key point from a secret key (RFC 8032 5.2.5)
86 */
87BOTAN_TEST_API std::array<uint8_t, ED448_LEN> create_pk_from_sk(std::span<const uint8_t, ED448_LEN> sk);
88
89/**
90 * @brief Sign a message using a keypair (RFC 8032 5.2.6)
91 *
92 * @param sk the secret key
93 * @param pk the public key
94 * @param f the prehash flag (true iff using Ed448ph)
95 * @param context the context string
96 * @param msg the message to sign
97 * @return the signature
98 */
99std::array<uint8_t, 114> sign_message(std::span<const uint8_t, ED448_LEN> sk,
100 std::span<const uint8_t, ED448_LEN> pk,
101 bool f,
102 std::span<const uint8_t> context,
103 std::span<const uint8_t> msg);
104
105/**
106 * @brief Verify a signature(RFC 8032 5.2.7)
107 *
108 * @param pk the public key
109 * @param phflag the prehash flag (true iff using Ed448ph)
110 * @param context the context string
111 * @param sig the signature
112 * @param msg the message to verify
113 *
114 * @throw Decoding_Error if the public key or signature is malformed
115 * @return true if the signature is valid
116 */
117bool verify_signature(std::span<const uint8_t, ED448_LEN> pk,
118 bool phflag,
119 std::span<const uint8_t> context,
120 std::span<const uint8_t> sig,
121 std::span<const uint8_t> msg);
122
123} // namespace Botan
124
125#endif // BOTAN_ED448_INTERNAL_H_
#define BOTAN_TEST_API
Definition api.h:41
Representation of a point on the Ed448 curve.
Gf448Elem z_proj() const
Getter for projective coordinate Z.
Gf448Elem y() const
Getter for point coordinate y.
Gf448Elem x_proj() const
Getter for projective coordinate X.
Ed448Point(const Gf448Elem &x, const Gf448Elem &y)
Create a point from its coordinates x, y.
static Ed448Point identity()
Return the identity element.
Ed448Point(const Gf448Elem &x, const Gf448Elem &y, const Gf448Elem &z)
Create a point from its projective coordinates X, Y, Z.
Gf448Elem y_proj() const
Getter for projective coordinate Y.
static Ed448Point decode(std::span< const uint8_t, ED448_LEN > enc)
Decode a point from its 57-byte encoding (RFC 8032 5.2.3)
static Ed448Point base_point()
Create the curve's base point ('B' in RFC 8032 5.2)
Gf448Elem x() const
Getter for point coordinate x.
static Gf448Elem zero()
Definition curve448_gf.h:58
static Gf448Elem one()
Definition curve448_gf.h:63
Representation of a scalar for X448.
BigInt operator*(const BigInt &x, const BigInt &y)
Definition big_ops3.cpp:56
std::array< uint8_t, ED448_LEN > create_pk_from_sk(std::span< const uint8_t, ED448_LEN > sk)
Create a public key point from a secret key (RFC 8032 5.2.5)
OctetString operator+(const OctetString &k1, const OctetString &k2)
Definition symkey.cpp:99
constexpr size_t ED448_LEN
bool operator==(const AlgorithmIdentifier &a1, const AlgorithmIdentifier &a2)
Definition alg_id.cpp:53
bool verify_signature(std::span< const uint8_t, ED448_LEN > pk, bool phflag, std::span< const uint8_t > context, std::span< const uint8_t > sig, std::span< const uint8_t > msg)
Verify a signature(RFC 8032 5.2.7)
std::array< uint8_t, 2 *ED448_LEN > sign_message(std::span< const uint8_t, ED448_LEN > sk, std::span< const uint8_t, ED448_LEN > pk, bool pgflag, std::span< const uint8_t > context, std::span< const uint8_t > msg)
Sign a message using a keypair (RFC 8032 5.2.6)