#include <ec_group.h>

Public Member Functions
bool	a_is_minus_3 () const

bool	a_is_zero () const

PointGFp	blinded_base_point_multiply (const BigInt &k, RandomNumberGenerator &rng, std::vector< BigInt > &ws) const

BigInt	blinded_base_point_multiply_x (const BigInt &k, RandomNumberGenerator &rng, std::vector< BigInt > &ws) const

PointGFp	blinded_var_point_multiply (const PointGFp &point, const BigInt &k, RandomNumberGenerator &rng, std::vector< BigInt > &ws) const

std::vector< uint8_t >	DER_encode (EC_Group_Encoding form) const

	EC_Group (const CurveGFp &curve, const PointGFp &base_point, const BigInt &order, const BigInt &cofactor)

	EC_Group (const BigInt &p, const BigInt &a, const BigInt &b, const BigInt &base_x, const BigInt &base_y, const BigInt &order, const BigInt &cofactor, const OID &oid=OID())

	EC_Group (const std::vector< uint8_t > &ber_encoding)

	EC_Group (const OID &oid)

	EC_Group (const std::string &pem_or_oid)

	EC_Group ()

	EC_Group (const EC_Group &)=default

	EC_Group (EC_Group &&)=default

const BigInt &	get_a () const

const BigInt &	get_b () const

const PointGFp &	get_base_point () const

const BigInt &	get_cofactor () const

const CurveGFp &	get_curve () const

const OID &	get_curve_oid () const

const BigInt &	get_g_x () const

const BigInt &	get_g_y () const

std::string	get_oid () const

const BigInt &	get_order () const

size_t	get_order_bits () const

size_t	get_order_bytes () const

const BigInt &	get_p () const

size_t	get_p_bits () const

size_t	get_p_bytes () const

bool	initialized () const

BigInt	inverse_mod_order (const BigInt &x) const

BigInt	mod_order (const BigInt &x) const

BigInt	multiply_mod_order (const BigInt &x, const BigInt &y) const

BigInt	multiply_mod_order (const BigInt &x, const BigInt &y, const BigInt &z) const

EC_Group &	operator= (const EC_Group &)=default

EC_Group &	operator= (EC_Group &&)=default

bool	operator== (const EC_Group &other) const

PointGFp	OS2ECP (const uint8_t bits[], size_t len) const

template<typename Alloc >
PointGFp	OS2ECP (const std::vector< uint8_t, Alloc > &vec) const

std::string	PEM_encode () const

PointGFp	point (const BigInt &x, const BigInt &y) const

PointGFp	point_multiply (const BigInt &x, const PointGFp &pt, const BigInt &y) const

size_t	point_size (PointGFp::Compression_Type format) const

BigInt	random_scalar (RandomNumberGenerator &rng) const

BigInt	square_mod_order (const BigInt &x) const

bool	verify_group (RandomNumberGenerator &rng, bool strong=false) const

bool	verify_public_element (const PointGFp &y) const

PointGFp	zero_point () const

	~EC_Group ()

Static Public Member Functions
static size_t	clear_registered_curve_data ()

static std::shared_ptr< EC_Group_Data >	EC_group_info (const OID &oid)

static const std::set< std::string > &	known_named_groups ()

static std::string	PEM_for_named_group (const std::string &name)

Detailed Description

Class representing an elliptic curve

The internal representation is stored in a shared_ptr, so copying an EC_Group is inexpensive.

Definition at line 40 of file ec_group.h.

Constructor & Destructor Documentation

Botan::EC_Group::EC_Group	(	const CurveGFp &	curve,
		const PointGFp &	base_point,
		const BigInt &	order,
		const BigInt &	cofactor
	)

inline

Construct Domain paramers from specified parameters

Parameters

curve	elliptic curve
base_point	a base point
order	the order of the base point
cofactor	the cofactor

Definition at line 52 of file ec_group.h.

                                        :
          EC_Group(curve.get_p(),
                   curve.get_a(),
                   curve.get_b(),
                   base_point.get_affine_x(),
                   base_point.get_affine_y(),
                   order,
                   cofactor) {}

Botan::EC_Group::EC_Group	(	const BigInt &	p,
		const BigInt &	a,
		const BigInt &	b,
		const BigInt &	base_x,
		const BigInt &	base_y,
		const BigInt &	order,
		const BigInt &	cofactor,
		const OID &	oid = `OID()`
	)

Construct Domain paramers from specified parameters

Parameters

p	the elliptic curve p
a	the elliptic curve a param
b	the elliptic curve b param
base_x	the x coordinate of the base point
base_y	the y coordinate of the base point
order	the order of the base point
cofactor	the cofactor
oid	an optional OID used to identify this curve

Definition at line 399 of file ec_group.cpp.

    {
    m_data = ec_group_data().lookup_or_create(p, a, b, base_x, base_y, order, cofactor, oid);
    }

Botan::EC_Group::EC_Group ( const std::vector< uint8_t > & ber_encoding )

explicit

Decode a BER encoded ECC domain parameter set

Parameters

ber_encoding the bytes of the BER encoding

Definition at line 411 of file ec_group.cpp.

    {
    m_data = BER_decode_EC_group(ber.data(), ber.size());
    }

Botan::EC_Group::EC_Group ( const OID & oid )

explicit

Create an EC domain by OID (or throw if unknown)

Parameters

oid	the OID of the EC domain to create

Definition at line 349 of file ec_group.cpp.

References Botan::OID::to_string().

    {
    this->m_data = ec_group_data().lookup(domain_oid);
    if(!this->m_data)
       throw Invalid_Argument("Unknown EC_Group " + domain_oid.to_string());
    }

Botan::EC_Group::EC_Group ( const std::string & pem_or_oid )

explicit

Create an EC domain from PEM encoding (as from PEM_encode), or from an OID name (eg "secp256r1", or "1.2.840.10045.3.1.7")

Parameters

pem_or_oid PEM-encoded data, or an OID

Definition at line 356 of file ec_group.cpp.

References Botan::PEM_Code::decode_check_label(), Botan::OID::from_string(), and Botan::OID::has_value().

    {
    if(str == "")
       return; // no initialization / uninitialized
 
    try
       {
       const OID oid = OID::from_string(str);
       if(oid.has_value())
          m_data = ec_group_data().lookup(oid);
       }
    catch(...)
       {
       }
 
    if(m_data == nullptr)
       {
       if(str.size() > 30 && str.substr(0, 29) == "-----BEGIN EC PARAMETERS-----")
          {
          // OK try it as PEM ...
          secure_vector<uint8_t> ber = PEM_Code::decode_check_label(str, "EC PARAMETERS");
          this->m_data = BER_decode_EC_group(ber.data(), ber.size());
          }
       }
 
    if(m_data == nullptr)
       throw Invalid_Argument("Unknown ECC group '" + str + "'");
    }

Botan::EC_Group::EC_Group ( )

Create an uninitialized EC_Group

Definition at line 340 of file ec_group.cpp.

341 {

342 }

Botan::EC_Group::~EC_Group ( )

Definition at line 344 of file ec_group.cpp.

    {
    // shared_ptr possibly freed here
    }

Botan::EC_Group::EC_Group ( const EC_Group & )

default

Botan::EC_Group::EC_Group ( EC_Group && )

default

Member Function Documentation

bool Botan::EC_Group::a_is_minus_3 ( ) const

Return if a == -3 mod p

Definition at line 428 of file ec_group.cpp.

    {
    return data().a_is_minus_3();
    }

bool Botan::EC_Group::a_is_zero ( ) const

Return if a == 0 mod p

Definition at line 433 of file ec_group.cpp.

    {
    return data().a_is_zero();
    }

PointGFp Botan::EC_Group::blinded_base_point_multiply	(	const BigInt &	k,
		RandomNumberGenerator &	rng,
		std::vector< BigInt > &	ws
	)		const

Blinded point multiplication, attempts resistance to side channels

Parameters

k	the scalar
rng	a random number generator
ws	a temp workspace

Returns: base_point*k

Definition at line 554 of file ec_group.cpp.

Referenced by Botan::EC_PrivateKey::EC_PrivateKey().

    {
    return data().blinded_base_point_multiply(k, rng, ws);
    }

BigInt Botan::EC_Group::blinded_base_point_multiply_x	(	const BigInt &	k,
		RandomNumberGenerator &	rng,
		std::vector< BigInt > &	ws
	)		const

Blinded point multiplication, attempts resistance to side channels Returns just the x coordinate of the point

Parameters

k	the scalar
rng	a random number generator
ws	a temp workspace

Returns: x coordinate of base_point*k

Definition at line 561 of file ec_group.cpp.

References Botan::PointGFp::get_affine_x(), and Botan::PointGFp::is_zero().

    {
    const PointGFp pt = data().blinded_base_point_multiply(k, rng, ws);
 
    if(pt.is_zero())
       return 0;
    return pt.get_affine_x();
    }

PointGFp Botan::EC_Group::blinded_var_point_multiply	(	const PointGFp &	point,
		const BigInt &	k,
		RandomNumberGenerator &	rng,
		std::vector< BigInt > &	ws
	)		const

Blinded point multiplication, attempts resistance to side channels

Parameters

point	input point
k	the scalar
rng	a random number generator
ws	a temp workspace

Returns: point*k

Definition at line 577 of file ec_group.cpp.

References get_order(), and Botan::PointGFp_Var_Point_Precompute::mul().

    {
    PointGFp_Var_Point_Precompute mul(point, rng, ws);
    return mul.mul(k, rng, get_order(), ws);
    }

size_t Botan::EC_Group::clear_registered_curve_data ( )

static

Definition at line 248 of file ec_group.cpp.

    {
    return ec_group_data().clear();
    }

std::vector< uint8_t > Botan::EC_Group::DER_encode ( EC_Group_Encoding form ) const

Create the DER encoding of this domain

Parameters

form	of encoding to use

Returns: bytes encododed as DER

Definition at line 592 of file ec_group.cpp.

References Botan::EC_DOMPAR_ENC_EXPLICIT, Botan::EC_DOMPAR_ENC_IMPLICITCA, Botan::EC_DOMPAR_ENC_OID, Botan::OID::empty(), Botan::PEM_Code::encode(), Botan::DER_Encoder::encode(), Botan::BigInt::encode_1363(), Botan::DER_Encoder::encode_null(), Botan::DER_Encoder::end_cons(), get_a(), get_b(), get_base_point(), get_cofactor(), get_curve_oid(), get_order(), get_p(), get_p_bytes(), Botan::OCTET_STRING, Botan::SEQUENCE, Botan::DER_Encoder::start_cons(), and Botan::PointGFp::UNCOMPRESSED.

Referenced by PEM_encode().

    {
    std::vector<uint8_t> output;
 
    DER_Encoder der(output);
 
    if(form == EC_DOMPAR_ENC_EXPLICIT)
       {
       const size_t ecpVers1 = 1;
       const OID curve_type("1.2.840.10045.1.1"); // prime field
 
       const size_t p_bytes = get_p_bytes();
 
       der.start_cons(SEQUENCE)
             .encode(ecpVers1)
             .start_cons(SEQUENCE)
                .encode(curve_type)
                .encode(get_p())
             .end_cons()
             .start_cons(SEQUENCE)
                .encode(BigInt::encode_1363(get_a(), p_bytes),
                        OCTET_STRING)
                .encode(BigInt::encode_1363(get_b(), p_bytes),
                        OCTET_STRING)
             .end_cons()
               .encode(get_base_point().encode(PointGFp::UNCOMPRESSED), OCTET_STRING)
             .encode(get_order())
             .encode(get_cofactor())
          .end_cons();
       }
    else if(form == EC_DOMPAR_ENC_OID)
       {
       const OID oid = get_curve_oid();
       if(oid.empty())
          {
          throw Encoding_Error("Cannot encode EC_Group as OID because OID not set");
          }
       der.encode(oid);
       }
    else if(form == EC_DOMPAR_ENC_IMPLICITCA)
       {
       der.encode_null();
       }
    else
       {
       throw Internal_Error("EC_Group::DER_encode: Unknown encoding");
       }
 
    return output;
    }

std::shared_ptr< EC_Group_Data > Botan::EC_Group::EC_group_info ( const OID & oid )

static

Definition at line 13 of file ec_named.cpp.

    {
    // P-256
    if(oid == OID{1,2,840,10045,3,1,7})
       return load_EC_group_info("0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
                                 "0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
                                 "0x5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
                                 "0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",
                                 "0x4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5",
                                 "0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",
                                 oid);
 
    // P-384
    if(oid == OID{1,3,132,0,34})
       return load_EC_group_info("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF",
                                 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC",
                                 "0xB3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF",
                                 "0xAA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7",
                                 "0x3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F",
                                 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973",
                                 oid);
    // P-521
    if(oid == OID{1,3,132,0,35})
       return load_EC_group_info("0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
                                 "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",
                                 "0x51953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",
                                 "0xC6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",
                                 "0x11839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650",
                                 "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",
                                 oid);
 
    // brainpool160r1
    if(oid == OID{1,3,36,3,3,2,8,1,1,1})
       return load_EC_group_info("0xE95E4A5F737059DC60DFC7AD95B3D8139515620F",
                                 "0x340E7BE2A280EB74E2BE61BADA745D97E8F7C300",
                                 "0x1E589A8595423412134FAA2DBDEC95C8D8675E58",
                                 "0xBED5AF16EA3F6A4F62938C4631EB5AF7BDBCDBC3",
                                 "0x1667CB477A1A8EC338F94741669C976316DA6321",
                                 "0xE95E4A5F737059DC60DF5991D45029409E60FC09",
                                 oid);
    // brainpool192r1
    if(oid == OID{1,3,36,3,3,2,8,1,1,3})
       return load_EC_group_info("0xC302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297",
                                 "0x6A91174076B1E0E19C39C031FE8685C1CAE040E5C69A28EF",
                                 "0x469A28EF7C28CCA3DC721D044F4496BCCA7EF4146FBF25C9",
                                 "0xC0A0647EAAB6A48753B033C56CB0F0900A2F5C4853375FD6",
                                 "0x14B690866ABD5BB88B5F4828C1490002E6773FA2FA299B8F",
                                 "0xC302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1",
                                 oid);
    // brainpool224r1
    if(oid == OID{1,3,36,3,3,2,8,1,1,5})
       return load_EC_group_info("0xD7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF",
                                 "0x68A5E62CA9CE6C1C299803A6C1530B514E182AD8B0042A59CAD29F43",
                                 "0x2580F63CCFE44138870713B1A92369E33E2135D266DBB372386C400B",
                                 "0xD9029AD2C7E5CF4340823B2A87DC68C9E4CE3174C1E6EFDEE12C07D",
                                 "0x58AA56F772C0726F24C6B89E4ECDAC24354B9E99CAA3F6D3761402CD",
                                 "0xD7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F",
                                 oid);
    // brainpool256r1
    if(oid == OID{1,3,36,3,3,2,8,1,1,7})
       return load_EC_group_info("0xA9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377",
                                 "0x7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9",
                                 "0x26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6",
                                 "0x8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262",
                                 "0x547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997",
                                 "0xA9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7",
                                 oid);
    // brainpool320r1
    if(oid == OID{1,3,36,3,3,2,8,1,1,9})
       return load_EC_group_info("0xD35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E27",
                                 "0x3EE30B568FBAB0F883CCEBD46D3F3BB8A2A73513F5EB79DA66190EB085FFA9F492F375A97D860EB4",
                                 "0x520883949DFDBC42D3AD198640688A6FE13F41349554B49ACC31DCCD884539816F5EB4AC8FB1F1A6",
                                 "0x43BD7E9AFB53D8B85289BCC48EE5BFE6F20137D10A087EB6E7871E2A10A599C710AF8D0D39E20611",
                                 "0x14FDD05545EC1CC8AB4093247F77275E0743FFED117182EAA9C77877AAAC6AC7D35245D1692E8EE1",
                                 "0xD35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311",
                                 oid);
    // brainpool384r1
    if(oid == OID{1,3,36,3,3,2,8,1,1,11})
       return load_EC_group_info("0x8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53",
                                 "0x7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826",
                                 "0x4A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11",
                                 "0x1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E",
                                 "0x8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315",
                                 "0x8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565",
                                 oid);
    // brainpool512r1
    if(oid == OID{1,3,36,3,3,2,8,1,1,13})
       return load_EC_group_info("0xAADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3",
                                 "0x7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA",
                                 "0x3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723",
                                 "0x81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822",
                                 "0x7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892",
                                 "0xAADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069",
                                 oid);
    // frp256v1
    if(oid == OID{1,2,250,1,223,101,256,1})
       return load_EC_group_info("0xF1FD178C0B3AD58F10126DE8CE42435B3961ADBCABC8CA6DE8FCF353D86E9C03",
                                 "0xF1FD178C0B3AD58F10126DE8CE42435B3961ADBCABC8CA6DE8FCF353D86E9C00",
                                 "0xEE353FCA5428A9300D4ABA754A44C00FDFEC0C9AE4B1A1803075ED967B7BB73F",
                                 "0xB6B3D4C356C139EB31183D4749D423958C27D2DCAF98B70164C97A2DD98F5CFF",
                                 "0x6142E0F7C8B204911F9271F0F3ECEF8C2701C307E8E4C9E183115A1554062CFB",
                                 "0xF1FD178C0B3AD58F10126DE8CE42435B53DC67E140D2BF941FFDD459C6D655E1",
                                 oid);
    // gost_256A
    if(oid == OID{1,2,643,2,2,35,1} || oid == OID{1,2,643,2,2,36,0} || oid == OID{1,2,643,7,1,2,1,1,1})
       return load_EC_group_info("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD97",
                                 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD94",
                                 "0xA6",
                                 "0x1",
                                 "0x8D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14",
                                 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6C611070995AD10045841B09B761B893",
                                 OID{1,2,643,7,1,2,1,1,1});
 
    // gost_512A
    if(oid == OID{1,2,643,7,1,2,1,2,1})
       return load_EC_group_info("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC7",
                                 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC4",
                                 "0xE8C2505DEDFC86DDC1BD0B2B6667F1DA34B82574761CB0E879BD081CFD0B6265EE3CB090F30D27614CB4574010DA90DD862EF9D4EBEE4761503190785A71C760",
                                 "3",
                                 "0x7503CFE87A836AE3A61B8816E25450E6CE5E1C93ACF1ABC1778064FDCBEFA921DF1626BE4FD036E93D75E6A50E3A41E98028FE5FC235F5B889A589CB5215F2A4",
                                 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF27E69532F48D89116FF22B8D4E0560609B4B38ABFAD2B85DCACDB1411F10B275",
                                 oid);
 
    // secp160k1
    if(oid == OID{1,3,132,0,9})
       return load_EC_group_info("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
                                 "0x0",
                                 "0x7",
                                 "0x3B4C382CE37AA192A4019E763036F4F5DD4D7EBB",
                                 "0x938CF935318FDCED6BC28286531733C3F03C4FEE",
                                 "0x100000000000000000001B8FA16DFAB9ACA16B6B3",
                                 oid);
    // secp160r1
    if(oid == OID{1,3,132,0,8})
       return load_EC_group_info("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF",
                                 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC",
                                 "0x1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45",
                                 "0x4A96B5688EF573284664698968C38BB913CBFC82",
                                 "0x23A628553168947D59DCC912042351377AC5FB32",
                                 "0x100000000000000000001F4C8F927AED3CA752257",
                                 oid);
    // secp160r2
    if(oid == OID{1,3,132,0,30})
       return load_EC_group_info("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
                                 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70",
                                 "0xB4E134D3FB59EB8BAB57274904664D5AF50388BA",
                                 "0x52DCB034293A117E1F4FF11B30F7199D3144CE6D",
                                 "0xFEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E",
                                 "0x100000000000000000000351EE786A818F3A1A16B",
                                 oid);
    // secp192k1
    if(oid == OID{1,3,132,0,31})
       return load_EC_group_info("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37",
                                 "0x0",
                                 "0x3",
                                 "0xDB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D",
                                 "0x9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D",
                                 "0xFFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D",
                                 oid);
    // secp192r1
    if(oid == OID{1,2,840,10045,3,1,1})
       return load_EC_group_info("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
                                 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
                                 "0x64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1",
                                 "0x188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012",
                                 "0x7192B95FFC8DA78631011ED6B24CDD573F977A11E794811",
                                 "0xFFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",
                                 oid);
    // secp224k1
    if(oid == OID{1,3,132,0,32})
       return load_EC_group_info("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D",
                                 "0x0",
                                 "0x5",
                                 "0xA1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C",
                                 "0x7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5",
                                 "0x10000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7",
                                 oid);
    // secp224r1
    if(oid == OID{1,3,132,0,33})
       return load_EC_group_info("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
                                 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
                                 "0xB4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
                                 "0xB70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
                                 "0xBD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34",
                                 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",
                                 oid);
    // secp256k1
    if(oid == OID{1,3,132,0,10})
       return load_EC_group_info("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F",
                                 "0x0",
                                 "0x7",
                                 "0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798",
                                 "0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8",
                                 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",
                                 oid);
 
    // sm2p256v1
    if(oid == OID{1,2,156,10197,1,301})
       return load_EC_group_info("0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF",
                                 "0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFC",
                                 "0x28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93",
                                 "0x32C4AE2C1F1981195F9904466A39C9948FE30BBFF2660BE1715A4589334C74C7",
                                 "0xBC3736A2F4F6779C59BDCEE36B692153D0A9877CC62A474002DF32E52139F0A0",
                                 "0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123",
                                 oid);
    // x962_p192v2
    if(oid == OID{1,2,840,10045,3,1,2})
       return load_EC_group_info("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
                                 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
                                 "0xCC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953",
                                 "0xEEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A",
                                 "0x6574D11D69B6EC7A672BB82A083DF2F2B0847DE970B2DE15",
                                 "0xFFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31",
                                 oid);
    // x962_p192v3
    if(oid == OID{1,2,840,10045,3,1,3})
       return load_EC_group_info("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
                                 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
                                 "0x22123DC2395A05CAA7423DAECCC94760A7D462256BD56916",
                                 "0x7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896",
                                 "0x38A90F22637337334B49DCB66A6DC8F9978ACA7648A943B0",
                                 "0xFFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13",
                                 oid);
    // x962_p239v1
    if(oid == OID{1,2,840,10045,3,1,4})
       return load_EC_group_info("0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
                                 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
                                 "0x6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A",
                                 "0xFFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF",
                                 "0x7DEBE8E4E90A5DAE6E4054CA530BA04654B36818CE226B39FCCB7B02F1AE",
                                 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B",
                                 oid);
    // x962_p239v2
    if(oid == OID{1,2,840,10045,3,1,5})
       return load_EC_group_info("0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
                                 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
                                 "0x617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C",
                                 "0x38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7",
                                 "0x5B0125E4DBEA0EC7206DA0FC01D9B081329FB555DE6EF460237DFF8BE4BA",
                                 "0x7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063",
                                 oid);
    // x962_p239v3
    if(oid == OID{1,2,840,10045,3,1,6})
       return load_EC_group_info("0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
                                 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
                                 "0x255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E",
                                 "0x6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A",
                                 "0x1607E6898F390C06BC1D552BAD226F3B6FCFE48B6E818499AF18E3ED6CF3",
                                 "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551",
                                 oid);
 
    return std::shared_ptr<EC_Group_Data>();
    }

const BigInt & Botan::EC_Group::get_a ( ) const

Return the a parameter of the elliptic curve equation

Definition at line 463 of file ec_group.cpp.

Referenced by DER_encode(), operator==(), Botan::sm2_compute_za(), and verify_group().

    {
    return data().a();
    }

const BigInt & Botan::EC_Group::get_b ( ) const

Return the b parameter of the elliptic curve equation

Definition at line 468 of file ec_group.cpp.

Referenced by DER_encode(), operator==(), Botan::sm2_compute_za(), and verify_group().

    {
    return data().b();
    }

const PointGFp & Botan::EC_Group::get_base_point ( ) const

Return group base point

Returns: base point

Definition at line 473 of file ec_group.cpp.

Referenced by DER_encode(), Botan::EC_PrivateKey::EC_PrivateKey(), point_multiply(), and verify_group().

    {
    return data().base_point();
    }

const BigInt & Botan::EC_Group::get_cofactor ( ) const

Return the cofactor

Returns: the cofactor

Definition at line 493 of file ec_group.cpp.

Referenced by DER_encode(), Botan::ECIES_KA_Operation::derive_secret(), Botan::ECIES_Decryptor::ECIES_Decryptor(), verify_group(), and verify_public_element().

    {
    return data().cofactor();
    }

const CurveGFp & Botan::EC_Group::get_curve ( ) const

Return domain parameter curve

Returns: domain parameter curve

Definition at line 423 of file ec_group.cpp.

Referenced by Botan::EC_PublicKey::EC_PublicKey().

    {
    return data().curve();
    }

const OID & Botan::EC_Group::get_curve_oid ( ) const

Return the OID of these domain parameters

Returns: the OID

Definition at line 523 of file ec_group.cpp.

Referenced by DER_encode(), Botan::EC_PrivateKey::EC_PrivateKey(), Botan::EC_PublicKey::EC_PublicKey(), and Botan::EC_PublicKey::set_parameter_encoding().

    {
    return data().oid();
    }

const BigInt & Botan::EC_Group::get_g_x ( ) const

Return the x coordinate of the base point

Definition at line 483 of file ec_group.cpp.

Referenced by operator==(), and Botan::sm2_compute_za().

    {
    return data().g_x();
    }

const BigInt & Botan::EC_Group::get_g_y ( ) const

Return the y coordinate of the base point

Definition at line 488 of file ec_group.cpp.

Referenced by operator==(), and Botan::sm2_compute_za().

    {
    return data().g_y();
    }

std::string Botan::EC_Group::get_oid ( ) const

inline

Return the OID of these domain parameters

Returns: the OID as a string

Definition at line 245 of file ec_group.h.

245 { return get_curve_oid().to_string(); }

Botan::EC_Group::get_curve_oid

const OID & get_curve_oid() const

Definition: ec_group.cpp:523

Botan::OID::to_string

std::string to_string() const

Definition: asn1_oid.cpp:98

const BigInt & Botan::EC_Group::get_order ( ) const

Return the order of the base point

Returns: order of the base point

Definition at line 478 of file ec_group.cpp.

Referenced by blinded_var_point_multiply(), DER_encode(), Botan::ECIES_KA_Operation::derive_secret(), Botan::ECIES_Decryptor::ECIES_Decryptor(), random_scalar(), verify_group(), and verify_public_element().

    {
    return data().order();
    }

size_t Botan::EC_Group::get_order_bits ( ) const

Return the size of group order in bits (same as get_order().bits())

Definition at line 448 of file ec_group.cpp.

    {
    return data().order_bits();
    }

size_t Botan::EC_Group::get_order_bytes ( ) const

Return the size of p in bytes (same as get_order().bytes())

Definition at line 453 of file ec_group.cpp.

    {
    return data().order_bytes();
    }

const BigInt & Botan::EC_Group::get_p ( ) const

Return the prime modulus of the field

Definition at line 458 of file ec_group.cpp.

Referenced by DER_encode(), operator==(), and verify_group().

    {
    return data().p();
    }

size_t Botan::EC_Group::get_p_bits ( ) const

Return the size of p in bits (same as get_p().bits())

Definition at line 438 of file ec_group.cpp.

Referenced by Botan::GOST_3410_PublicKey::algo_name(), Botan::GOST_3410_PrivateKey::GOST_3410_PrivateKey(), Botan::GOST_3410_PublicKey::GOST_3410_PublicKey(), and Botan::EC_PublicKey::key_length().

    {
    return data().p_bits();
    }

size_t Botan::EC_Group::get_p_bytes ( ) const

Return the size of p in bits (same as get_p().bytes())

Definition at line 443 of file ec_group.cpp.

Referenced by DER_encode(), point_size(), and Botan::sm2_compute_za().

    {
    return data().p_bytes();
    }

bool Botan::EC_Group::initialized ( ) const

inline

Definition at line 321 of file ec_group.h.

321 { return (m_data != nullptr); }

BigInt Botan::EC_Group::inverse_mod_order ( const BigInt & x ) const

Definition at line 518 of file ec_group.cpp.

Referenced by Botan::EC_PrivateKey::EC_PrivateKey(), and Botan::SM2_PrivateKey::SM2_PrivateKey().

    {
    return data().inverse_mod_order(x);
    }

const std::set< std::string > & Botan::EC_Group::known_named_groups ( )

static

Return a set of known named EC groups

Definition at line 268 of file ec_named.cpp.

    {
    static const std::set<std::string> named_groups = {
       "secp160k1",
       "secp160r1",
       "secp160r2",
       "secp192k1",
       "secp192r1",
       "secp224k1",
       "secp224r1",
       "secp256k1",
       "secp256r1",
       "secp384r1",
       "secp521r1",
       "brainpool160r1",
       "brainpool192r1",
       "brainpool224r1",
       "brainpool256r1",
       "brainpool320r1",
       "brainpool384r1",
       "brainpool512r1",
       "x962_p192v2",
       "x962_p192v3",
       "x962_p239v1",
       "x962_p239v2",
       "x962_p239v3",
       "gost_256A",
       "gost_512A",
       "frp256v1",
       "sm2p256v1"
       };
    return named_groups;
    }

BigInt Botan::EC_Group::mod_order ( const BigInt & x ) const

Definition at line 498 of file ec_group.cpp.

    {
    return data().mod_order(k);
    }

BigInt Botan::EC_Group::multiply_mod_order	(	const BigInt &	x,
		const BigInt &	y
	)		const

Definition at line 508 of file ec_group.cpp.

    {
    return data().multiply_mod_order(x, y);
    }

BigInt Botan::EC_Group::multiply_mod_order	(	const BigInt &	x,
		const BigInt &	y,
		const BigInt &	z
	)		const

Definition at line 513 of file ec_group.cpp.

    {
    return data().multiply_mod_order(x, y, z);
    }

EC_Group& Botan::EC_Group::operator= ( const EC_Group & )

default

EC_Group& Botan::EC_Group::operator= ( EC_Group && )

default

bool Botan::EC_Group::operator== ( const EC_Group & other ) const

Definition at line 649 of file ec_group.cpp.

References get_a(), get_b(), get_g_x(), get_g_y(), and get_p().

    {
    if(m_data == other.m_data)
       return true; // same shared rep
 
    /*
    * No point comparing order/cofactor as they are uniquely determined
    * by the curve equation (p,a,b) and the base point.
    */
    return (get_p() == other.get_p() &&
            get_a() == other.get_a() &&
            get_b() == other.get_b() &&
            get_g_x() == other.get_g_x() &&
            get_g_y() == other.get_g_y());
    }

PointGFp Botan::EC_Group::OS2ECP	(	const uint8_t	bits[],
		size_t	len
	)		const

Definition at line 537 of file ec_group.cpp.

References Botan::OS2ECP().

Referenced by Botan::EC_PrivateKey::EC_PrivateKey(), Botan::EC_PublicKey::EC_PublicKey(), Botan::ECIES_Encryptor::ECIES_Encryptor(), and Botan::TLS::Callbacks::tls_ecdh_agree().

    {
    return Botan::OS2ECP(bits, len, data().curve());
    }

template<typename Alloc >

PointGFp Botan::EC_Group::OS2ECP ( const std::vector< uint8_t, Alloc > & vec ) const

inline

Definition at line 316 of file ec_group.h.

References Botan::OS2ECP().

          {
          return this->OS2ECP(vec.data(), vec.size());
          }

std::string Botan::EC_Group::PEM_encode ( ) const

Return the PEM encoding (always in explicit form)

Returns: string containing PEM data

Definition at line 643 of file ec_group.cpp.

References DER_encode(), Botan::EC_DOMPAR_ENC_EXPLICIT, and Botan::PEM_Code::encode().

Referenced by PEM_for_named_group().

    {
    const std::vector<uint8_t> der = DER_encode(EC_DOMPAR_ENC_EXPLICIT);
    return PEM_Code::encode(der, "EC PARAMETERS");
    }

std::string Botan::EC_Group::PEM_for_named_group ( const std::string & name )

static

Return PEM representation of named EC group Deprecated: Use EC_Group(name).PEM_encode() if this is needed

Definition at line 386 of file ec_group.cpp.

References PEM_encode().

    {
    try
       {
       EC_Group group(name);
       return group.PEM_encode();
       }
    catch(...)
       {
       return "";
       }
    }

PointGFp Botan::EC_Group::point	(	const BigInt &	x,
		const BigInt &	y
	)		const

Return a point on this curve with the affine values x, y

Definition at line 542 of file ec_group.cpp.

Referenced by Botan::GOST_3410_PublicKey::GOST_3410_PublicKey().

    {
    // TODO: randomize the representation?
    return PointGFp(data().curve(), x, y);
    }

PointGFp Botan::EC_Group::point_multiply	(	const BigInt &	x,
		const PointGFp &	pt,
		const BigInt &	y
	)		const

Multi exponentiate. Not constant time.

Returns: base_point*x + pt*y

Definition at line 548 of file ec_group.cpp.

References get_base_point(), and Botan::PointGFp_Multi_Point_Precompute::multi_exp().

    {
    PointGFp_Multi_Point_Precompute xy_mul(get_base_point(), pt);
    return xy_mul.multi_exp(x, y);
    }

size_t Botan::EC_Group::point_size ( PointGFp::Compression_Type format ) const

Definition at line 528 of file ec_group.cpp.

References Botan::PointGFp::COMPRESSED, and get_p_bytes().

    {
    // Hybrid and standard format are (x,y), compressed is y, +1 format byte
    if(format == PointGFp::COMPRESSED)
       return (1 + get_p_bytes());
    else
       return (1 + 2*get_p_bytes());
    }

BigInt Botan::EC_Group::random_scalar ( RandomNumberGenerator & rng ) const

Return a random scalar ie an integer in [1,order)

Definition at line 572 of file ec_group.cpp.

References get_order(), and Botan::BigInt::random_integer().

Referenced by Botan::EC_PrivateKey::EC_PrivateKey().

    {
    return BigInt::random_integer(rng, 1, get_order());
    }

BigInt Botan::EC_Group::square_mod_order ( const BigInt & x ) const

Definition at line 503 of file ec_group.cpp.

    {
    return data().square_mod_order(x);
    }

bool Botan::EC_Group::verify_group	(	RandomNumberGenerator &	rng,
		bool	strong = `false`
	)		const

Verify EC_Group domain

Returns: true if group is valid. false otherwise

Definition at line 688 of file ec_group.cpp.

References Botan::Modular_Reducer::cube(), get_a(), get_b(), get_base_point(), get_cofactor(), get_order(), get_p(), Botan::is_prime(), Botan::Modular_Reducer::multiply(), Botan::PointGFp::on_the_curve(), Botan::Modular_Reducer::reduce(), and Botan::Modular_Reducer::square().

Referenced by Botan::EC_PublicKey::check_key().

    {
    const BigInt& p = get_p();
    const BigInt& a = get_a();
    const BigInt& b = get_b();
    const BigInt& order = get_order();
    const PointGFp& base_point = get_base_point();
 
    if(a < 0 || a >= p)
       return false;
    if(b <= 0 || b >= p)
       return false;
    if(order <= 0)
       return false;
 
    //check if field modulus is prime
    if(!is_prime(p, rng, 128))
       {
       return false;
       }
 
    //check if order is prime
    if(!is_prime(order, rng, 128))
       {
       return false;
       }
 
    //compute the discriminant: 4*a^3 + 27*b^2 which must be nonzero
    const Modular_Reducer mod_p(p);
 
    const BigInt discriminant = mod_p.reduce(
       mod_p.multiply(4, mod_p.cube(a)) +
       mod_p.multiply(27, mod_p.square(b)));
 
    if(discriminant == 0)
       {
       return false;
       }
 
    //check for valid cofactor
    if(get_cofactor() < 1)
       {
       return false;
       }
 
    //check if the base point is on the curve
    if(!base_point.on_the_curve())
       {
       return false;
       }
    if((base_point * get_cofactor()).is_zero())
       {
       return false;
       }
    //check if order of the base point is correct
    if(!(base_point * order).is_zero())
       {
       return false;
       }
 
    return true;
    }

bool Botan::EC_Group::verify_public_element ( const PointGFp & y ) const

Check if y is a plausible point on the curve

In particular, checks that it is a point on the curve, not infinity, and that it has order matching the group.

Definition at line 665 of file ec_group.cpp.

References get_cofactor(), get_order(), Botan::PointGFp::is_zero(), and Botan::PointGFp::on_the_curve().

Referenced by Botan::EC_PublicKey::check_key().

    {
    //check that public point is not at infinity
    if(point.is_zero())
       return false;
 
    //check that public point is on the curve
    if(point.on_the_curve() == false)
       return false;
 
    //check that public point has order q
    if((point * get_order()).is_zero() == false)
       return false;
 
    if(get_cofactor() > 1)
       {
       if((point * get_cofactor()).is_zero())
          return false;
       }
 
    return true;
    }

PointGFp Botan::EC_Group::zero_point ( ) const

Return the zero (or infinite) point on this curve

Definition at line 586 of file ec_group.cpp.

    {
    return PointGFp(data().curve());
    }

The documentation for this class was generated from the following files:

src/lib/pubkey/ec_group/ec_group.h
src/lib/pubkey/ec_group/ec_group.cpp
src/lib/pubkey/ec_group/ec_named.cpp

Public Member Functions

Static Public Member Functions

Detailed Description

Constructor & Destructor Documentation

Member Function Documentation