docs/ref800/ec2n_8cpp_source.html

 // ec2n.cpp - originally written and placed in the public domain by Wei Dai

 #include "pch.h"

 #ifndef CRYPTOPP_IMPORTS

 #include "ec2n.h"
 #include "asn.h"
 #include "integer.h"
 #include "filters.h"
 #include "algebra.cpp"
 #include "eprecomp.cpp"

 ANONYMOUS_NAMESPACE_BEGIN

 using CryptoPP::EC2N;

 #if defined(HAVE_GCC_INIT_PRIORITY)
   const EC2N::Point g_identity __attribute__ ((init_priority (CRYPTOPP_INIT_PRIORITY + 50))) = EC2N::Point();
 #elif defined(HAVE_MSC_INIT_PRIORITY)
   #pragma warning(disable: 4075)
   #pragma init_seg(".CRT$XCU")
   const EC2N::Point g_identity;
   #pragma warning(default: 4075)
 #elif defined(HAVE_XLC_INIT_PRIORITY)
   #pragma priority(290)
   const EC2N::Point g_identity;
 #endif

 ANONYMOUS_NAMESPACE_END

 NAMESPACE_BEGIN(CryptoPP)

 EC2N::EC2N(BufferedTransformation &bt)
     : m_field(BERDecodeGF2NP(bt))
 {
     BERSequenceDecoder seq(bt);
     m_field->BERDecodeElement(seq, m_a);
     m_field->BERDecodeElement(seq, m_b);
     // skip optional seed
     if (!seq.EndReached())
     {
         SecByteBlock seed;
         unsigned int unused;
         BERDecodeBitString(seq, seed, unused);
     }
     seq.MessageEnd();
 }

 void EC2N::DEREncode(BufferedTransformation &bt) const
 {
     m_field->DEREncode(bt);
     DERSequenceEncoder seq(bt);
     m_field->DEREncodeElement(seq, m_a);
     m_field->DEREncodeElement(seq, m_b);
     seq.MessageEnd();
 }

 bool EC2N::DecodePoint(EC2N::Point &P, const byte *encodedPoint, size_t encodedPointLen) const
 {
     StringStore store(encodedPoint, encodedPointLen);
     return DecodePoint(P, store, encodedPointLen);
 }

 bool EC2N::DecodePoint(EC2N::Point &P, BufferedTransformation &bt, size_t encodedPointLen) const
 {
     byte type;
     if (encodedPointLen < 1 || !bt.Get(type))
         return false;

     switch (type)
     {
     case 0:
         P.identity = true;
         return true;
     case 2:
     case 3:
     {
         if (encodedPointLen != EncodedPointSize(true))
             return false;

         P.identity = false;
         P.x.Decode(bt, m_field->MaxElementByteLength());

         if (P.x.IsZero())
         {
             P.y = m_field->SquareRoot(m_b);
             return true;
         }

         FieldElement z = m_field->Square(P.x);
         CRYPTOPP_ASSERT(P.x == m_field->SquareRoot(z));
         P.y = m_field->Divide(m_field->Add(m_field->Multiply(z, m_field->Add(P.x, m_a)), m_b), z);
         CRYPTOPP_ASSERT(P.x == m_field->Subtract(m_field->Divide(m_field->Subtract(m_field->Multiply(P.y, z), m_b), z), m_a));
         z = m_field->SolveQuadraticEquation(P.y);
         CRYPTOPP_ASSERT(m_field->Add(m_field->Square(z), z) == P.y);
         z.SetCoefficient(0, type & 1);

         P.y = m_field->Multiply(z, P.x);
         return true;
     }
     case 4:
     {
         if (encodedPointLen != EncodedPointSize(false))
             return false;

         unsigned int len = m_field->MaxElementByteLength();
         P.identity = false;
         P.x.Decode(bt, len);
         P.y.Decode(bt, len);
         return true;
     }
     default:
         return false;
     }
 }

 void EC2N::EncodePoint(BufferedTransformation &bt, const Point &P, bool compressed) const
 {
     if (P.identity)
         NullStore().TransferTo(bt, EncodedPointSize(compressed));
     else if (compressed)
     {
         bt.Put((byte)(2U + (!P.x ? 0U : m_field->Divide(P.y, P.x).GetBit(0))));
         P.x.Encode(bt, m_field->MaxElementByteLength());
     }
     else
     {
         unsigned int len = m_field->MaxElementByteLength();
         bt.Put(4);  // uncompressed
         P.x.Encode(bt, len);
         P.y.Encode(bt, len);
     }
 }

 void EC2N::EncodePoint(byte *encodedPoint, const Point &P, bool compressed) const
 {
     ArraySink sink(encodedPoint, EncodedPointSize(compressed));
     EncodePoint(sink, P, compressed);
     CRYPTOPP_ASSERT(sink.TotalPutLength() == EncodedPointSize(compressed));
 }

 EC2N::Point EC2N::BERDecodePoint(BufferedTransformation &bt) const
 {
     SecByteBlock str;
     BERDecodeOctetString(bt, str);
     Point P;
     if (!DecodePoint(P, str, str.size()))
         BERDecodeError();
     return P;
 }

 void EC2N::DEREncodePoint(BufferedTransformation &bt, const Point &P, bool compressed) const
 {
     SecByteBlock str(EncodedPointSize(compressed));
     EncodePoint(str, P, compressed);
     DEREncodeOctetString(bt, str);
 }

 bool EC2N::ValidateParameters(RandomNumberGenerator &rng, unsigned int level) const
 {
     CRYPTOPP_UNUSED(rng);
     bool pass = !!m_b;
     pass = pass && m_a.CoefficientCount() <= m_field->MaxElementBitLength();
     pass = pass && m_b.CoefficientCount() <= m_field->MaxElementBitLength();

     if (level >= 1)
         pass = pass && m_field->GetModulus().IsIrreducible();

     return pass;
 }

 bool EC2N::VerifyPoint(const Point &P) const
 {
     const FieldElement &x = P.x, &y = P.y;
     return P.identity ||
         (x.CoefficientCount() <= m_field->MaxElementBitLength()
         && y.CoefficientCount() <= m_field->MaxElementBitLength()
         && !(((x+m_a)*x*x+m_b-(x+y)*y)%m_field->GetModulus()));
 }

 bool EC2N::Equal(const Point &P, const Point &Q) const
 {
     if (P.identity && Q.identity)
         return true;

     if (P.identity && !Q.identity)
         return false;

     if (!P.identity && Q.identity)
         return false;

     return (m_field->Equal(P.x,Q.x) && m_field->Equal(P.y,Q.y));
 }

 const EC2N::Point& EC2N::Identity() const
 {
 #if defined(HAVE_GCC_INIT_PRIORITY) || defined(HAVE_MSC_INIT_PRIORITY) || defined(HAVE_XLC_INIT_PRIORITY)
     return g_identity;
 #elif defined(CRYPTOPP_CXX11_DYNAMIC_INIT)
     static const EC2N::Point g_identity;
     return g_identity;
 #else
     return Singleton<Point>().Ref();
 #endif
 }

 const EC2N::Point& EC2N::Inverse(const Point &P) const
 {
     if (P.identity)
         return P;
     else
     {
         m_R.identity = false;
         m_R.y = m_field->Add(P.x, P.y);
         m_R.x = P.x;
         return m_R;
     }
 }

 const EC2N::Point& EC2N::Add(const Point &P, const Point &Q) const
 {
     if (P.identity) return Q;
     if (Q.identity) return P;
     if (Equal(P, Q)) return Double(P);
     if (m_field->Equal(P.x, Q.x) && m_field->Equal(P.y, m_field->Add(Q.x, Q.y))) return Identity();

     FieldElement t = m_field->Add(P.y, Q.y);
     t = m_field->Divide(t, m_field->Add(P.x, Q.x));
     FieldElement x = m_field->Square(t);
     m_field->Accumulate(x, t);
     m_field->Accumulate(x, Q.x);
     m_field->Accumulate(x, m_a);
     m_R.y = m_field->Add(P.y, m_field->Multiply(t, x));
     m_field->Accumulate(x, P.x);
     m_field->Accumulate(m_R.y, x);

     m_R.x.swap(x);
     m_R.identity = false;
     return m_R;
 }

 const EC2N::Point& EC2N::Double(const Point &P) const
 {
     if (P.identity) return P;
     if (!m_field->IsUnit(P.x)) return Identity();

     FieldElement t = m_field->Divide(P.y, P.x);
     m_field->Accumulate(t, P.x);
     m_R.y = m_field->Square(P.x);
     m_R.x = m_field->Square(t);
     m_field->Accumulate(m_R.x, t);
     m_field->Accumulate(m_R.x, m_a);
     m_field->Accumulate(m_R.y, m_field->Multiply(t, m_R.x));
     m_field->Accumulate(m_R.y, m_R.x);

     m_R.identity = false;
     return m_R;
 }

 // ********************************************************

 /*
 EcPrecomputation<EC2N>& EcPrecomputation<EC2N>::operator=(const EcPrecomputation<EC2N> &rhs)
 {
     m_ec = rhs.m_ec;
     m_ep = rhs.m_ep;
     m_ep.m_group = m_ec.get();
     return *this;
 }

 void EcPrecomputation<EC2N>::SetCurveAndBase(const EC2N &ec, const EC2N::Point &base)
 {
     m_ec.reset(new EC2N(ec));
     m_ep.SetGroupAndBase(*m_ec, base);
 }

 void EcPrecomputation<EC2N>::Precompute(unsigned int maxExpBits, unsigned int storage)
 {
     m_ep.Precompute(maxExpBits, storage);
 }

 void EcPrecomputation<EC2N>::Load(BufferedTransformation &bt)
 {
     BERSequenceDecoder seq(bt);
     word32 version;
     BERDecodeUnsigned<word32>(seq, version, INTEGER, 1, 1);
     m_ep.m_exponentBase.BERDecode(seq);
     m_ep.m_windowSize = m_ep.m_exponentBase.BitCount() - 1;
     m_ep.m_bases.clear();
     while (!seq.EndReached())
         m_ep.m_bases.push_back(m_ec->BERDecodePoint(seq));
     seq.MessageEnd();
 }

 void EcPrecomputation<EC2N>::Save(BufferedTransformation &bt) const
 {
     DERSequenceEncoder seq(bt);
     DEREncodeUnsigned<word32>(seq, 1);  // version
     m_ep.m_exponentBase.DEREncode(seq);
     for (unsigned i=0; i<m_ep.m_bases.size(); i++)
         m_ec->DEREncodePoint(seq, m_ep.m_bases[i]);
     seq.MessageEnd();
 }

 EC2N::Point EcPrecomputation<EC2N>::Exponentiate(const Integer &exponent) const
 {
     return m_ep.Exponentiate(exponent);
 }

 EC2N::Point EcPrecomputation<EC2N>::CascadeExponentiate(const Integer &exponent, const DL_FixedBasePrecomputation<Element> &pc2, const Integer &exponent2) const
 {
     return m_ep.CascadeExponentiate(exponent, static_cast<const EcPrecomputation<EC2N> &>(pc2).m_ep, exponent2);
 }
 */

 NAMESPACE_END

 #endif
EC2N::VerifyPoint
bool VerifyPoint(const Point &P) const
Verifies points on elliptic curve.
Definition: ec2n.cpp:173

Singleton
Restricts the instantiation of a class to one static object without locks.
Definition: misc.h:263

EC2N::EncodedPointSize
unsigned int EncodedPointSize(bool compressed=false) const
Determines encoded point size.
Definition: ec2n.h:70

EC2N::DEREncodePoint
void DEREncodePoint(BufferedTransformation &bt, const Point &P, bool compressed) const
DER Encodes an elliptic curve point.
Definition: ec2n.cpp:153

RandomNumberGenerator
Interface for random number generators.
Definition: cryptlib.h:1383

SecByteBlock
SecBlock<byte> typedef.
Definition: secblock.h:1058

EC2N::EncodePoint
void EncodePoint(byte *encodedPoint, const Point &P, bool compressed) const
Encodes an elliptic curve point.
Definition: ec2n.cpp:136

BERSequenceDecoder
BER Sequence Decoder.
Definition: asn.h:309

BufferedTransformation
Interface for buffered transformations.
Definition: cryptlib.h:1598

ec2n.h
Classes for Elliptic Curves over binary fields.

ArraySink
Copy input to a memory buffer.
Definition: filters.h:1136

NullStore
Empty store.
Definition: filters.h:1257

BufferedTransformation::TransferTo
lword TransferTo(BufferedTransformation &target, lword transferMax=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL)
move transferMax bytes of the buffered output to target as input
Definition: cryptlib.h:1901

BufferedTransformation::Put
size_t Put(byte inByte, bool blocking=true)
Input a byte for processing.
Definition: cryptlib.h:1620

BERDecodeOctetString
size_t BERDecodeOctetString(BufferedTransformation &bt, SecByteBlock &str)
BER decode octet string.
Definition: asn.cpp:117

EC2N::Inverse
const Point & Inverse(const Point &P) const
Inverts the element in the group.
Definition: ec2n.cpp:208

EC2N
Elliptic Curve over GF(2^n)
Definition: ec2n.h:27

pch.h
Precompiled header file.

EC2N::BERDecodePoint
Point BERDecodePoint(BufferedTransformation &bt) const
BER Decodes an elliptic curve point.
Definition: ec2n.cpp:143

EC2N::Identity
const Point & Identity() const
Provides the Identity element.
Definition: ec2n.cpp:196

StringStore
String-based implementation of Store interface.
Definition: filters.h:1195

CRYPTOPP_ASSERT
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.
Definition: trap.h:69

BERDecodeError
void BERDecodeError()
Raises a BERDecodeErr.
Definition: asn.h:69

asn.h
Classes and functions for working with ANS.1 objects.

filters.h
Implementation of BufferedTransformation&#39;s attachment interface.

DERSequenceEncoder
DER Sequence Encoder.
Definition: asn.h:319

EC2N::DecodePoint
bool DecodePoint(Point &P, BufferedTransformation &bt, size_t len) const
Decodes an elliptic curve point.
Definition: ec2n.cpp:65

DEREncodeOctetString
size_t DEREncodeOctetString(BufferedTransformation &bt, const byte *str, size_t strLen)
DER encode octet string.
Definition: asn.cpp:104

integer.h
Multiple precision integer with arithmetic operations.

EC2N::Equal
bool Equal(const Point &P, const Point &Q) const
Compare two elements for equality.
Definition: ec2n.cpp:182

BERDecodeBitString
size_t BERDecodeBitString(BufferedTransformation &bt, SecByteBlock &str, unsigned int &unusedBits)
DER decode bit string.
Definition: asn.cpp:191

EC2N::DEREncode
void DEREncode(BufferedTransformation &bt) const
Encode the fields fieldID and curve of the sequence ECParameters.
Definition: ec2n.cpp:50

BufferedTransformation::Get
virtual size_t Get(byte &outByte)
Retrieve a 8-bit byte.
Definition: cryptlib.cpp:527

CryptoPP
Crypto++ library namespace.

EC2NPoint
Elliptical Curve Point over GF(2^n)
Definition: ecpoint.h:53

EC2N::Add
const Point & Add(const Point &P, const Point &Q) const
Adds elements in the group.
Definition: ec2n.cpp:221

SecBlock::size
size_type size() const
Provides the count of elements in the SecBlock.
Definition: secblock.h:797

ArraySink::TotalPutLength
lword TotalPutLength()
Provides the number of bytes written to the Sink.
Definition: filters.h:1159

EC2N::Double
const Point & Double(const Point &P) const
Doubles an element in the group.
Definition: ec2n.cpp:243