5#ifndef CRYPTOPP_IMPORTS
12#include "eprecomp.cpp"
14ANONYMOUS_NAMESPACE_BEGIN
18#if defined(HAVE_GCC_INIT_PRIORITY)
19 #define INIT_ATTRIBUTE __attribute__ ((init_priority (CRYPTOPP_INIT_PRIORITY + 51)))
21#elif defined(HAVE_MSC_INIT_PRIORITY)
22 #pragma warning(disable: 4075)
23 #pragma init_seg(".CRT$XCU")
25 #pragma warning(default: 4075)
26#elif defined(HAVE_XLC_INIT_PRIORITY)
31ANONYMOUS_NAMESPACE_END
33NAMESPACE_BEGIN(CryptoPP)
36 : m_field(BERDecodeGF2NP(bt))
39 m_field->BERDecodeElement(seq, m_a);
40 m_field->BERDecodeElement(seq, m_b);
46 BERDecodeBitString(seq, seed, unused);
53 m_field->DEREncode(bt);
55 m_field->DEREncodeElement(seq, m_a);
56 m_field->DEREncodeElement(seq, m_b);
69 if (encodedPointLen < 1 || !bt.
Get(type))
84 P.x.Decode(bt, m_field->MaxElementByteLength());
88 P.y = m_field->SquareRoot(m_b);
92 FieldElement z = m_field->Square(P.x);
93 CRYPTOPP_ASSERT(P.x == m_field->SquareRoot(z));
94 P.y = m_field->Divide(m_field->Add(m_field->Multiply(z, m_field->Add(P.x, m_a)), m_b), z);
95 CRYPTOPP_ASSERT(P.x == m_field->Subtract(m_field->Divide(m_field->Subtract(m_field->Multiply(P.y, z), m_b), z), m_a));
96 z = m_field->SolveQuadraticEquation(P.y);
97 CRYPTOPP_ASSERT(m_field->Add(m_field->Square(z), z) == P.y);
98 z.SetCoefficient(0, type & 1);
100 P.y = m_field->Multiply(z, P.x);
108 unsigned int len = m_field->MaxElementByteLength();
125 bt.
Put((
byte)(2U + (!P.x ? 0U : m_field->Divide(P.y, P.x).GetBit(0))));
126 P.x.Encode(bt, m_field->MaxElementByteLength());
130 unsigned int len = m_field->MaxElementByteLength();
147 BERDecodeOctetString(bt, str);
158 DEREncodeOctetString(bt, str);
163 CRYPTOPP_UNUSED(rng);
165 pass = pass && m_a.CoefficientCount() <= m_field->MaxElementBitLength();
166 pass = pass && m_b.CoefficientCount() <= m_field->MaxElementBitLength();
169 pass = pass && m_field->GetModulus().IsIrreducible();
176 const FieldElement &x = P.x, &y = P.y;
178 (x.CoefficientCount() <= m_field->MaxElementBitLength()
179 && y.CoefficientCount() <= m_field->MaxElementBitLength()
180 && !(((x+m_a)*x*x+m_b-(x+y)*y)%m_field->GetModulus()));
185 if (P.identity && Q.identity)
188 if (P.identity && !Q.identity)
191 if (!P.identity && Q.identity)
194 return (m_field->Equal(P.x,Q.x) && m_field->Equal(P.y,Q.y));
199#if defined(HAVE_GCC_INIT_PRIORITY) || defined(HAVE_MSC_INIT_PRIORITY) || defined(HAVE_XLC_INIT_PRIORITY)
201#elif defined(CRYPTOPP_CXX11_STATIC_INIT)
215 m_R.identity =
false;
216 m_R.y = m_field->Add(P.x, P.y);
224 if (P.identity)
return Q;
225 if (Q.identity)
return P;
226 if (
Equal(P, Q))
return Double(P);
227 if (m_field->Equal(P.x, Q.x) && m_field->Equal(P.y, m_field->Add(Q.x, Q.y)))
return Identity();
229 FieldElement t = m_field->Add(P.y, Q.y);
230 t = m_field->Divide(t, m_field->Add(P.x, Q.x));
231 FieldElement x = m_field->Square(t);
232 m_field->Accumulate(x, t);
233 m_field->Accumulate(x, Q.x);
234 m_field->Accumulate(x, m_a);
235 m_R.y = m_field->Add(P.y, m_field->Multiply(t, x));
236 m_field->Accumulate(x, P.x);
237 m_field->Accumulate(m_R.y, x);
240 m_R.identity =
false;
244const EC2N::Point& EC2N::Double(
const Point &P)
const
246 if (P.identity)
return P;
247 if (!m_field->IsUnit(P.x))
return Identity();
249 FieldElement t = m_field->Divide(P.y, P.x);
250 m_field->Accumulate(t, P.x);
251 m_R.y = m_field->Square(P.x);
252 m_R.x = m_field->Square(t);
253 m_field->Accumulate(m_R.x, t);
254 m_field->Accumulate(m_R.x, m_a);
255 m_field->Accumulate(m_R.y, m_field->Multiply(t, m_R.x));
256 m_field->Accumulate(m_R.y, m_R.x);
258 m_R.identity =
false;
269 m_ep.m_group = m_ec.get();
275 m_ec.reset(
new EC2N(ec));
276 m_ep.SetGroupAndBase(*m_ec, base);
281 m_ep.Precompute(maxExpBits, storage);
288 BERDecodeUnsigned<word32>(seq, version,
INTEGER, 1, 1);
289 m_ep.m_exponentBase.BERDecode(seq);
290 m_ep.m_windowSize = m_ep.m_exponentBase.BitCount() - 1;
291 m_ep.m_bases.clear();
292 while (!seq.EndReached())
293 m_ep.m_bases.push_back(m_ec->BERDecodePoint(seq));
300 DEREncodeUnsigned<word32>(seq, 1);
301 m_ep.m_exponentBase.DEREncode(seq);
302 for (
unsigned i=0; i<m_ep.m_bases.size(); i++)
303 m_ec->DEREncodePoint(seq, m_ep.m_bases[i]);
309 return m_ep.Exponentiate(exponent);
314 return m_ep.CascadeExponentiate(exponent,
static_cast<const EcPrecomputation<EC2N> &
>(pc2).m_ep, exponent2);
Classes and functions for working with ANS.1 objects.
void BERDecodeError()
Raises a BERDecodeErr.
Copy input to a memory buffer.
lword TotalPutLength()
Provides the number of bytes written to the Sink.
bool EndReached() const
Determine end of stream.
void MessageEnd()
Signals the end of messages to the object.
void MessageEnd()
Signals the end of messages to the object.
DL_FixedBasePrecomputation interface.
Elliptic Curve over GF(2^n)
const Point & Inverse(const Point &P) const
Inverts the element in the group.
bool VerifyPoint(const Point &P) const
Verifies points on elliptic curve.
Point BERDecodePoint(BufferedTransformation &bt) const
BER Decodes an elliptic curve point.
const Point & Identity() const
Provides the Identity element.
unsigned int EncodedPointSize(bool compressed=false) const
Determines encoded point size.
bool Equal(const Point &P, const Point &Q) const
Compare two elements for equality.
bool DecodePoint(Point &P, BufferedTransformation &bt, size_t len) const
Decodes an elliptic curve point.
const Point & Add(const Point &P, const Point &Q) const
Adds elements in the group.
void DEREncodePoint(BufferedTransformation &bt, const Point &P, bool compressed) const
DER Encodes an elliptic curve point.
void EncodePoint(byte *encodedPoint, const Point &P, bool compressed) const
Encodes an elliptic curve point.
void DEREncode(BufferedTransformation &bt) const
Encode the fields fieldID and curve of the sequence ECParameters.
Elliptic Curve precomputation.
Multiple precision integer with arithmetic operations.
Interface for random number generators.
size_type size() const
Provides the count of elements in the SecBlock.
Restricts the instantiation of a class to one static object without locks.
CRYPTOPP_NOINLINE const T & Ref(CRYPTOPP_NOINLINE_DOTDOTDOT) const
Return a reference to the inner Singleton object.
String-based implementation of Store interface.
unsigned int word32
32-bit unsigned datatype
Classes for Elliptic Curves over binary fields.
Implementation of BufferedTransformation's attachment interface.
Multiple precision integer with arithmetic operations.
Elliptical Curve Point over GF(2^n)