Crypto++ 8.2
Free C&
ec2n.cpp
1// ec2n.cpp - originally written and placed in the public domain by Wei Dai
2
3#include "pch.h"
4
5#ifndef CRYPTOPP_IMPORTS
6
7#include "ec2n.h"
8#include "asn.h"
9#include "integer.h"
10#include "filters.h"
11#include "algebra.cpp"
12#include "eprecomp.cpp"
13
14ANONYMOUS_NAMESPACE_BEGIN
15
16using CryptoPP::EC2N;
17
18#if defined(HAVE_GCC_INIT_PRIORITY)
19 const EC2N::Point g_identity __attribute__ ((init_priority (CRYPTOPP_INIT_PRIORITY + 50))) = EC2N::Point();
20#elif defined(HAVE_MSC_INIT_PRIORITY)
21 #pragma warning(disable: 4075)
22 #pragma init_seg(".CRT$XCU")
23 const EC2N::Point g_identity;
24 #pragma warning(default: 4075)
25#elif defined(HAVE_XLC_INIT_PRIORITY)
26 #pragma priority(290)
27 const EC2N::Point g_identity;
28#endif
29
30ANONYMOUS_NAMESPACE_END
31
32NAMESPACE_BEGIN(CryptoPP)
33
35 : m_field(BERDecodeGF2NP(bt))
36{
37 BERSequenceDecoder seq(bt);
38 m_field->BERDecodeElement(seq, m_a);
39 m_field->BERDecodeElement(seq, m_b);
40 // skip optional seed
41 if (!seq.EndReached())
42 {
43 SecByteBlock seed;
44 unsigned int unused;
45 BERDecodeBitString(seq, seed, unused);
46 }
47 seq.MessageEnd();
48}
49
51{
52 m_field->DEREncode(bt);
53 DERSequenceEncoder seq(bt);
54 m_field->DEREncodeElement(seq, m_a);
55 m_field->DEREncodeElement(seq, m_b);
56 seq.MessageEnd();
57}
58
59bool EC2N::DecodePoint(EC2N::Point &P, const byte *encodedPoint, size_t encodedPointLen) const
60{
61 StringStore store(encodedPoint, encodedPointLen);
62 return DecodePoint(P, store, encodedPointLen);
63}
64
65bool EC2N::DecodePoint(EC2N::Point &P, BufferedTransformation &bt, size_t encodedPointLen) const
66{
67 byte type;
68 if (encodedPointLen < 1 || !bt.Get(type))
69 return false;
70
71 switch (type)
72 {
73 case 0:
74 P.identity = true;
75 return true;
76 case 2:
77 case 3:
78 {
79 if (encodedPointLen != EncodedPointSize(true))
80 return false;
81
82 P.identity = false;
83 P.x.Decode(bt, m_field->MaxElementByteLength());
84
85 if (P.x.IsZero())
86 {
87 P.y = m_field->SquareRoot(m_b);
88 return true;
89 }
90
91 FieldElement z = m_field->Square(P.x);
92 CRYPTOPP_ASSERT(P.x == m_field->SquareRoot(z));
93 P.y = m_field->Divide(m_field->Add(m_field->Multiply(z, m_field->Add(P.x, m_a)), m_b), z);
94 CRYPTOPP_ASSERT(P.x == m_field->Subtract(m_field->Divide(m_field->Subtract(m_field->Multiply(P.y, z), m_b), z), m_a));
95 z = m_field->SolveQuadraticEquation(P.y);
96 CRYPTOPP_ASSERT(m_field->Add(m_field->Square(z), z) == P.y);
97 z.SetCoefficient(0, type & 1);
98
99 P.y = m_field->Multiply(z, P.x);
100 return true;
101 }
102 case 4:
103 {
104 if (encodedPointLen != EncodedPointSize(false))
105 return false;
106
107 unsigned int len = m_field->MaxElementByteLength();
108 P.identity = false;
109 P.x.Decode(bt, len);
110 P.y.Decode(bt, len);
111 return true;
112 }
113 default:
114 return false;
115 }
116}
117
118void EC2N::EncodePoint(BufferedTransformation &bt, const Point &P, bool compressed) const
119{
120 if (P.identity)
121 NullStore().TransferTo(bt, EncodedPointSize(compressed));
122 else if (compressed)
123 {
124 bt.Put((byte)(2U + (!P.x ? 0U : m_field->Divide(P.y, P.x).GetBit(0))));
125 P.x.Encode(bt, m_field->MaxElementByteLength());
126 }
127 else
128 {
129 unsigned int len = m_field->MaxElementByteLength();
130 bt.Put(4); // uncompressed
131 P.x.Encode(bt, len);
132 P.y.Encode(bt, len);
133 }
134}
135
136void EC2N::EncodePoint(byte *encodedPoint, const Point &P, bool compressed) const
137{
138 ArraySink sink(encodedPoint, EncodedPointSize(compressed));
139 EncodePoint(sink, P, compressed);
140 CRYPTOPP_ASSERT(sink.TotalPutLength() == EncodedPointSize(compressed));
141}
142
144{
145 SecByteBlock str;
146 BERDecodeOctetString(bt, str);
147 Point P;
148 if (!DecodePoint(P, str, str.size()))
150 return P;
151}
152
153void EC2N::DEREncodePoint(BufferedTransformation &bt, const Point &P, bool compressed) const
154{
155 SecByteBlock str(EncodedPointSize(compressed));
156 EncodePoint(str, P, compressed);
157 DEREncodeOctetString(bt, str);
158}
159
160bool EC2N::ValidateParameters(RandomNumberGenerator &rng, unsigned int level) const
161{
162 CRYPTOPP_UNUSED(rng);
163 bool pass = !!m_b;
164 pass = pass && m_a.CoefficientCount() <= m_field->MaxElementBitLength();
165 pass = pass && m_b.CoefficientCount() <= m_field->MaxElementBitLength();
166
167 if (level >= 1)
168 pass = pass && m_field->GetModulus().IsIrreducible();
169
170 return pass;
171}
172
173bool EC2N::VerifyPoint(const Point &P) const
174{
175 const FieldElement &x = P.x, &y = P.y;
176 return P.identity ||
177 (x.CoefficientCount() <= m_field->MaxElementBitLength()
178 && y.CoefficientCount() <= m_field->MaxElementBitLength()
179 && !(((x+m_a)*x*x+m_b-(x+y)*y)%m_field->GetModulus()));
180}
181
182bool EC2N::Equal(const Point &P, const Point &Q) const
183{
184 if (P.identity && Q.identity)
185 return true;
186
187 if (P.identity && !Q.identity)
188 return false;
189
190 if (!P.identity && Q.identity)
191 return false;
192
193 return (m_field->Equal(P.x,Q.x) && m_field->Equal(P.y,Q.y));
194}
195
197{
198#if defined(HAVE_GCC_INIT_PRIORITY) || defined(HAVE_MSC_INIT_PRIORITY) || defined(HAVE_XLC_INIT_PRIORITY)
199 return g_identity;
200#elif defined(CRYPTOPP_CXX11_DYNAMIC_INIT)
201 static const EC2N::Point g_identity;
202 return g_identity;
203#else
204 return Singleton<Point>().Ref();
205#endif
206}
207
208const EC2N::Point& EC2N::Inverse(const Point &P) const
209{
210 if (P.identity)
211 return P;
212 else
213 {
214 m_R.identity = false;
215 m_R.y = m_field->Add(P.x, P.y);
216 m_R.x = P.x;
217 return m_R;
218 }
219}
220
221const EC2N::Point& EC2N::Add(const Point &P, const Point &Q) const
222{
223 if (P.identity) return Q;
224 if (Q.identity) return P;
225 if (Equal(P, Q)) return Double(P);
226 if (m_field->Equal(P.x, Q.x) && m_field->Equal(P.y, m_field->Add(Q.x, Q.y))) return Identity();
227
228 FieldElement t = m_field->Add(P.y, Q.y);
229 t = m_field->Divide(t, m_field->Add(P.x, Q.x));
230 FieldElement x = m_field->Square(t);
231 m_field->Accumulate(x, t);
232 m_field->Accumulate(x, Q.x);
233 m_field->Accumulate(x, m_a);
234 m_R.y = m_field->Add(P.y, m_field->Multiply(t, x));
235 m_field->Accumulate(x, P.x);
236 m_field->Accumulate(m_R.y, x);
237
238 m_R.x.swap(x);
239 m_R.identity = false;
240 return m_R;
241}
242
243const EC2N::Point& EC2N::Double(const Point &P) const
244{
245 if (P.identity) return P;
246 if (!m_field->IsUnit(P.x)) return Identity();
247
248 FieldElement t = m_field->Divide(P.y, P.x);
249 m_field->Accumulate(t, P.x);
250 m_R.y = m_field->Square(P.x);
251 m_R.x = m_field->Square(t);
252 m_field->Accumulate(m_R.x, t);
253 m_field->Accumulate(m_R.x, m_a);
254 m_field->Accumulate(m_R.y, m_field->Multiply(t, m_R.x));
255 m_field->Accumulate(m_R.y, m_R.x);
256
257 m_R.identity = false;
258 return m_R;
259}
260
261// ********************************************************
262
263/*
264EcPrecomputation<EC2N>& EcPrecomputation<EC2N>::operator=(const EcPrecomputation<EC2N> &rhs)
265{
266 m_ec = rhs.m_ec;
267 m_ep = rhs.m_ep;
268 m_ep.m_group = m_ec.get();
269 return *this;
270}
271
272void EcPrecomputation<EC2N>::SetCurveAndBase(const EC2N &ec, const EC2N::Point &base)
273{
274 m_ec.reset(new EC2N(ec));
275 m_ep.SetGroupAndBase(*m_ec, base);
276}
277
278void EcPrecomputation<EC2N>::Precompute(unsigned int maxExpBits, unsigned int storage)
279{
280 m_ep.Precompute(maxExpBits, storage);
281}
282
283void EcPrecomputation<EC2N>::Load(BufferedTransformation &bt)
284{
285 BERSequenceDecoder seq(bt);
286 word32 version;
287 BERDecodeUnsigned<word32>(seq, version, INTEGER, 1, 1);
288 m_ep.m_exponentBase.BERDecode(seq);
289 m_ep.m_windowSize = m_ep.m_exponentBase.BitCount() - 1;
290 m_ep.m_bases.clear();
291 while (!seq.EndReached())
292 m_ep.m_bases.push_back(m_ec->BERDecodePoint(seq));
293 seq.MessageEnd();
294}
295
296void EcPrecomputation<EC2N>::Save(BufferedTransformation &bt) const
297{
298 DERSequenceEncoder seq(bt);
299 DEREncodeUnsigned<word32>(seq, 1); // version
300 m_ep.m_exponentBase.DEREncode(seq);
301 for (unsigned i=0; i<m_ep.m_bases.size(); i++)
302 m_ec->DEREncodePoint(seq, m_ep.m_bases[i]);
303 seq.MessageEnd();
304}
305
306EC2N::Point EcPrecomputation<EC2N>::Exponentiate(const Integer &exponent) const
307{
308 return m_ep.Exponentiate(exponent);
309}
310
311EC2N::Point EcPrecomputation<EC2N>::CascadeExponentiate(const Integer &exponent, const DL_FixedBasePrecomputation<Element> &pc2, const Integer &exponent2) const
312{
313 return m_ep.CascadeExponentiate(exponent, static_cast<const EcPrecomputation<EC2N> &>(pc2).m_ep, exponent2);
314}
315*/
316
317NAMESPACE_END
318
319#endif
Classes and functions for working with ANS.1 objects.
void BERDecodeError()
Raises a BERDecodeErr.
Definition: asn.h:69
Copy input to a memory buffer.
Definition: filters.h:1137
lword TotalPutLength()
Provides the number of bytes written to the Sink.
Definition: filters.h:1159
BER Sequence Decoder.
Definition: asn.h:310
Interface for buffered transformations.
Definition: cryptlib.h:1599
virtual size_t Get(byte &outByte)
Retrieve a 8-bit byte.
Definition: cryptlib.cpp:527
lword TransferTo(BufferedTransformation &target, lword transferMax=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL)
move transferMax bytes of the buffered output to target as input
Definition: cryptlib.h:1901
size_t Put(byte inByte, bool blocking=true)
Input a byte for processing.
Definition: cryptlib.h:1620
DER Sequence Encoder.
Definition: asn.h:320
Elliptic Curve over GF(2^n)
Definition: ec2n.h:28
const Point & Inverse(const Point &P) const
Inverts the element in the group.
Definition: ec2n.cpp:208
bool VerifyPoint(const Point &P) const
Verifies points on elliptic curve.
Definition: ec2n.cpp:173
Point BERDecodePoint(BufferedTransformation &bt) const
BER Decodes an elliptic curve point.
Definition: ec2n.cpp:143
const Point & Identity() const
Provides the Identity element.
Definition: ec2n.cpp:196
unsigned int EncodedPointSize(bool compressed=false) const
Determines encoded point size.
Definition: ec2n.h:70
bool Equal(const Point &P, const Point &Q) const
Compare two elements for equality.
Definition: ec2n.cpp:182
bool DecodePoint(Point &P, BufferedTransformation &bt, size_t len) const
Decodes an elliptic curve point.
Definition: ec2n.cpp:65
const Point & Add(const Point &P, const Point &Q) const
Adds elements in the group.
Definition: ec2n.cpp:221
void DEREncodePoint(BufferedTransformation &bt, const Point &P, bool compressed) const
DER Encodes an elliptic curve point.
Definition: ec2n.cpp:153
void EncodePoint(byte *encodedPoint, const Point &P, bool compressed) const
Encodes an elliptic curve point.
Definition: ec2n.cpp:136
void DEREncode(BufferedTransformation &bt) const
Encode the fields fieldID and curve of the sequence ECParameters.
Definition: ec2n.cpp:50
Empty store.
Definition: filters.h:1258
Interface for random number generators.
Definition: cryptlib.h:1384
size_type size() const
Provides the count of elements in the SecBlock.
Definition: secblock.h:797
SecBlock<byte> typedef.
Definition: secblock.h:1058
Restricts the instantiation of a class to one static object without locks.
Definition: misc.h:264
const T & Ref(...) const
Return a reference to the inner Singleton object.
Definition: misc.h:284
String-based implementation of Store interface.
Definition: filters.h:1196
Classes for Elliptic Curves over binary fields.
Implementation of BufferedTransformation's attachment interface.
Multiple precision integer with arithmetic operations.
Crypto++ library namespace.
Precompiled header file.
Elliptical Curve Point over GF(2^n)
Definition: ecpoint.h:54
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.
Definition: trap.h:69