libdecaf
point_448.hxx
Go to the documentation of this file.
1 
25 #ifndef __DECAF_POINT_448_HXX__
26 #define __DECAF_POINT_448_HXX__ 1
27 
29 #ifndef _XOPEN_SOURCE
30 #define _XOPEN_SOURCE 600
31 #endif
32 #include <stdlib.h>
33 #include <string.h> /* for memcpy */
34 
35 #include <decaf/point_448.h>
36 #include <decaf/ed448.h>
37 #include <decaf/secure_buffer.hxx>
38 #include <string>
39 #include <sys/types.h>
40 #include <limits.h>
41 
43 #if __cplusplus >= 201103L
44 #define DECAF_NOEXCEPT noexcept
45 #else
46 #define DECAF_NOEXCEPT throw()
47 #endif
50 namespace decaf {
51 
56 
58 static inline const char *name() { return "Ed448-Goldilocks"; }
59 
61 static inline int bits() { return 448; }
62 
64 static const int REMOVED_COFACTOR = 4;
65 
67 static const int FIELD_MODULUS_TYPE = 3;
68 
70 class Point;
71 class Precomputed;
78 class Scalar : public Serializable<Scalar> {
79 public:
82 
84  static const size_t SER_BYTES = DECAF_448_SCALAR_BYTES;
85 
88 
91  inline Scalar(const NOINIT &) DECAF_NOEXCEPT {}
95  inline Scalar(uint64_t w) DECAF_NOEXCEPT { *this = w; }
96 
98  inline Scalar(int64_t w) DECAF_NOEXCEPT { *this = w; }
99 
101  inline Scalar(unsigned int w) DECAF_NOEXCEPT { *this = w; }
102 
104  inline Scalar(int w) DECAF_NOEXCEPT { *this = w; }
105 
107  inline explicit Scalar(Rng &rng) DECAF_NOEXCEPT {
109  *this = sb;
110  }
111 
113  inline Scalar(const Wrapped &t = decaf_448_scalar_zero) DECAF_NOEXCEPT { decaf_448_scalar_copy(s,t); }
114 
116  inline Scalar(const Scalar &x) DECAF_NOEXCEPT { *this = x; }
117 
119  inline Scalar(const Block &buffer) DECAF_NOEXCEPT { *this = buffer; }
120 
122  inline size_t ser_size() const DECAF_NOEXCEPT { return SER_BYTES; }
123 
125  inline void serialize_into(unsigned char *buffer) const DECAF_NOEXCEPT {
126  decaf_448_scalar_encode(buffer, s);
127  }
128 
130  inline Scalar& operator=(const Scalar &x) DECAF_NOEXCEPT { decaf_448_scalar_copy(s,x.s); return *this; }
131 
133  inline Scalar& operator=(uint64_t w) DECAF_NOEXCEPT { decaf_448_scalar_set_unsigned(s,w); return *this; }
134 
135 
137  inline Scalar& operator=(int64_t w) DECAF_NOEXCEPT {
138 #ifdef _MSC_VER
139 #pragma warning ( push)
140 #pragma warning ( disable : 4146)
141 #endif
142  Scalar t(-(uint64_t)INT_MIN);
143 #ifdef _MSC_VER
144 #pragma warning ( pop)
145 #endif
146  decaf_448_scalar_set_unsigned(s,(uint64_t)w - (uint64_t)INT_MIN);
147  *this -= t;
148  return *this;
149  }
150 
152  inline Scalar& operator=(unsigned int w) DECAF_NOEXCEPT { return *this = (uint64_t)w; }
153 
155  inline Scalar& operator=(int w) DECAF_NOEXCEPT { return *this = (int64_t)w; }
156 
158  inline ~Scalar() DECAF_NOEXCEPT { decaf_448_scalar_destroy(s); }
159 
161  inline Scalar &operator=(const Block &bl) DECAF_NOEXCEPT {
162  decaf_448_scalar_decode_long(s,bl.data(),bl.size()); return *this;
163  }
164 
169  static inline decaf_error_t DECAF_WARN_UNUSED decode (
170  Scalar &sc, const FixedBlock<SER_BYTES> buffer
171  ) DECAF_NOEXCEPT {
172  return decaf_448_scalar_decode(sc.s,buffer.data());
173  }
174 
176  inline Scalar operator+ (const Scalar &q) const DECAF_NOEXCEPT { Scalar r((NOINIT())); decaf_448_scalar_add(r.s,s,q.s); return r; }
177 
179  inline Scalar &operator+=(const Scalar &q) DECAF_NOEXCEPT { decaf_448_scalar_add(s,s,q.s); return *this; }
180 
182  inline Scalar operator- (const Scalar &q) const DECAF_NOEXCEPT { Scalar r((NOINIT())); decaf_448_scalar_sub(r.s,s,q.s); return r; }
183 
185  inline Scalar &operator-=(const Scalar &q) DECAF_NOEXCEPT { decaf_448_scalar_sub(s,s,q.s); return *this; }
186 
188  inline Scalar operator* (const Scalar &q) const DECAF_NOEXCEPT { Scalar r((NOINIT())); decaf_448_scalar_mul(r.s,s,q.s); return r; }
189 
191  inline Scalar &operator*=(const Scalar &q) DECAF_NOEXCEPT { decaf_448_scalar_mul(s,s,q.s); return *this; }
192 
194  inline Scalar operator- () const DECAF_NOEXCEPT { Scalar r((NOINIT())); decaf_448_scalar_sub(r.s,decaf_448_scalar_zero,s); return r; }
195 
199  inline Scalar inverse() const /*throw(CryptoException)*/ {
200  Scalar r;
202  throw CryptoException();
203  }
204  return r;
205  }
206 
209  inline decaf_error_t DECAF_WARN_UNUSED
210  inverse_noexcept(Scalar &r) const DECAF_NOEXCEPT {
211  return decaf_448_scalar_invert(r.s,s);
212  }
213 
215  inline Scalar operator/ (const Scalar &q) const /*throw(CryptoException)*/ { return *this * q.inverse(); }
216 
218  inline Scalar &operator/=(const Scalar &q) /*throw(CryptoException)*/ { return *this *= q.inverse(); }
219 
221  inline Scalar half() const { Scalar out; decaf_448_scalar_halve(out.s,s); return out; }
222 
224  inline bool operator!=(const Scalar &q) const DECAF_NOEXCEPT { return !(*this == q); }
225 
227  inline bool operator==(const Scalar &q) const DECAF_NOEXCEPT { return !!decaf_448_scalar_eq(s,q.s); }
228 
230  inline Point operator* (const Point &q) const DECAF_NOEXCEPT { return q * (*this); }
231 
233  inline Point operator* (const Precomputed &q) const DECAF_NOEXCEPT { return q * (*this); }
234 
239  const FixedBlock<SER_BYTES> &in,
240  decaf_bool_t allow_identity=DECAF_FALSE,
241  decaf_bool_t short_circuit=DECAF_TRUE
242  ) const /*throw(CryptoException)*/;
243 
245  inline decaf_error_t DECAF_WARN_UNUSED direct_scalarmul_noexcept(
247  const FixedBlock<SER_BYTES> &in,
248  decaf_bool_t allow_identity=DECAF_FALSE,
249  decaf_bool_t short_circuit=DECAF_TRUE
250  ) const DECAF_NOEXCEPT;
251 };
252 
254 class Point : public Serializable<Point> {
255 public:
258 
260  static const size_t SER_BYTES = DECAF_448_SER_BYTES;
261 
263  static const size_t HASH_BYTES = DECAF_448_HASH_BYTES;
264 
267 
269  static const size_t LADDER_BYTES = DECAF_X448_PUBLIC_BYTES;
270 
273 
276 
279 
283  static const size_t STEG_BYTES = HASH_BYTES * 2;
284 
287 
290 
293  inline Point(const NOINIT &) DECAF_NOEXCEPT {}
297  inline Point(const Wrapped &q = decaf_448_point_identity) DECAF_NOEXCEPT { decaf_448_point_copy(p,q); }
298 
300  inline Point(const Point &q) DECAF_NOEXCEPT { *this = q; }
301 
303  inline Point& operator=(const Point &q) DECAF_NOEXCEPT { decaf_448_point_copy(p,q.p); return *this; }
304 
306  inline ~Point() DECAF_NOEXCEPT { decaf_448_point_destroy(p); }
307 
309  inline explicit Point(Rng &rng, bool uniform = true) DECAF_NOEXCEPT {
310  if (uniform) {
312  set_to_hash(b);
313  } else {
315  set_to_hash(b);
316  }
317  }
318 
326  inline explicit Point(const FixedBlock<SER_BYTES> &buffer, bool allow_identity=true)
327  /*throw(CryptoException)*/ {
328  if (DECAF_SUCCESS != decode(buffer,allow_identity)) {
329  throw CryptoException();
330  }
331  }
332 
341  inline decaf_error_t DECAF_WARN_UNUSED decode (
342  const FixedBlock<SER_BYTES> &buffer, bool allow_identity=true
343  ) DECAF_NOEXCEPT {
344  return decaf_448_point_decode(p,buffer.data(),allow_identity ? DECAF_TRUE : DECAF_FALSE);
345  }
346 
357  ) DECAF_NOEXCEPT {
359  }
360 
368  ) /*throw(CryptoException)*/ {
370  }
371 
376  return ret;
377  }
378 
382  ) const {
384  }
385 
390  return ret;
391  }
392 
396  }
397 
404  static inline Point from_hash ( const Block &s ) DECAF_NOEXCEPT {
405  Point p((NOINIT())); p.set_to_hash(s); return p;
406  }
407 
414  inline void set_to_hash( const Block &s ) DECAF_NOEXCEPT {
415  if (s.size() < HASH_BYTES) {
417  memcpy(b.data(), s.data(), s.size());
419  } else if (s.size() == HASH_BYTES) {
421  } else if (s.size() < 2*HASH_BYTES) {
423  memcpy(b.data(), s.data(), s.size());
425  } else {
427  }
428  }
429 
431  inline operator SecureBuffer() const {
432  SecureBuffer buffer(SER_BYTES);
433  decaf_448_point_encode(buffer.data(), p);
434  return buffer;
435  }
436 
438  inline size_t ser_size() const DECAF_NOEXCEPT { return SER_BYTES; }
439 
441  inline void serialize_into(unsigned char *buffer) const DECAF_NOEXCEPT {
442  decaf_448_point_encode(buffer, p);
443  }
444 
446  inline Point operator+ (const Point &q) const DECAF_NOEXCEPT { Point r((NOINIT())); decaf_448_point_add(r.p,p,q.p); return r; }
447 
449  inline Point &operator+=(const Point &q) DECAF_NOEXCEPT { decaf_448_point_add(p,p,q.p); return *this; }
450 
452  inline Point operator- (const Point &q) const DECAF_NOEXCEPT { Point r((NOINIT())); decaf_448_point_sub(r.p,p,q.p); return r; }
453 
455  inline Point &operator-=(const Point &q) DECAF_NOEXCEPT { decaf_448_point_sub(p,p,q.p); return *this; }
456 
458  inline Point operator- () const DECAF_NOEXCEPT { Point r((NOINIT())); decaf_448_point_negate(r.p,p); return r; }
459 
461  inline Point times_two () const DECAF_NOEXCEPT { Point r((NOINIT())); decaf_448_point_double(r.p,p); return r; }
462 
464  inline Point &double_in_place() DECAF_NOEXCEPT { decaf_448_point_double(p,p); return *this; }
465 
467  inline bool operator!=(const Point &q) const DECAF_NOEXCEPT { return ! decaf_448_point_eq(p,q.p); }
468 
470  inline bool operator==(const Point &q) const DECAF_NOEXCEPT { return !!decaf_448_point_eq(p,q.p); }
471 
473  inline Point operator* (const Scalar &s) const DECAF_NOEXCEPT { Point r((NOINIT())); decaf_448_point_scalarmul(r.p,p,s.s); return r; }
474 
476  inline Point &operator*=(const Scalar &s) DECAF_NOEXCEPT { decaf_448_point_scalarmul(p,p,s.s); return *this; }
477 
479  inline Point operator/ (const Scalar &s) const /*throw(CryptoException)*/ { return (*this) * s.inverse(); }
480 
482  inline Point &operator/=(const Scalar &s) /*throw(CryptoException)*/ { return (*this) *= s.inverse(); }
483 
485  inline bool validate() const DECAF_NOEXCEPT { return decaf_448_point_valid(p); }
486 
488  static inline Point double_scalarmul (
489  const Point &q, const Scalar &qs, const Point &r, const Scalar &rs
490  ) DECAF_NOEXCEPT {
491  Point p((NOINIT())); decaf_448_point_double_scalarmul(p.p,q.p,qs.s,r.p,rs.s); return p;
492  }
493 
495  inline void dual_scalarmul (
496  Point &q1, Point &q2, const Scalar &r1, const Scalar &r2
497  ) const DECAF_NOEXCEPT {
498  decaf_448_point_dual_scalarmul(q1.p,q2.p,p,r1.s,r2.s);
499  }
500 
505  static inline Point double_scalarmul (
506  const Scalar &qs, const Point &q, const Scalar &rs, const Point &r
507  ) DECAF_NOEXCEPT {
508  return double_scalarmul(q,qs,r,rs);
509  }
510 
516  inline Point non_secret_combo_with_base(const Scalar &s, const Scalar &s_base) DECAF_NOEXCEPT {
517  Point r((NOINIT())); decaf_448_base_double_scalarmul_non_secret(r.p,s_base.s,p,s.s); return r;
518  }
519 
521  inline Point debugging_torque() const DECAF_NOEXCEPT {
522  Point q;
524  return q;
525  }
526 
528  inline Point debugging_pscale(const FixedBlock<SER_BYTES> factor) const DECAF_NOEXCEPT {
529  Point q;
530  decaf_448_point_debugging_pscale(q.p,p,factor.data());
531  return q;
532  }
533 
535  inline Point debugging_pscale(Rng &r) const DECAF_NOEXCEPT {
537  return debugging_pscale(sb);
538  }
539 
545  Buffer buf, uint32_t hint
546  ) const DECAF_NOEXCEPT {
547  unsigned char buf2[2*HASH_BYTES];
548  memset(buf2,0,sizeof(buf2));
549  memcpy(buf2,buf.data(),(buf.size() > 2*HASH_BYTES) ? 2*HASH_BYTES : buf.size());
550  decaf_bool_t ret;
551  if (buf.size() > HASH_BYTES) {
552  ret = decaf_successful(decaf_448_invert_elligator_uniform(buf2, p, hint));
553  } else {
554  ret = decaf_successful(decaf_448_invert_elligator_nonuniform(buf2, p, hint));
555  }
556  if (buf.size() < HASH_BYTES) {
557  ret &= decaf_memeq(&buf2[buf.size()], &buf2[HASH_BYTES], HASH_BYTES - buf.size());
558  }
559  for (size_t i=0; i<buf.size() && i<HASH_BYTES; i++) {
560  buf[i] = (buf[i] & ~ret) | (buf2[i] &ret);
561  }
562  decaf_bzero(buf2,sizeof(buf2));
563  return decaf_succeed_if(ret);
564  }
565 
567  inline SecureBuffer steg_encode(Rng &rng) const /*throw(std::bad_alloc, LengthException)*/ {
569  decaf_error_t done;
570  do {
571  rng.read(Buffer(out).slice(HASH_BYTES-4,STEG_BYTES-HASH_BYTES+4));
572  uint32_t hint = 0;
573  for (int i=0; i<4; i++) { hint |= uint32_t(out[HASH_BYTES-4+i])<<(8*i); }
574  done = invert_elligator(out, hint);
575  } while (!decaf_successful(done));
576  return out;
577  }
578 
580  static inline const Point base() DECAF_NOEXCEPT { return Point(decaf_448_point_base); }
581 
583  static inline const Point identity() DECAF_NOEXCEPT { return Point(decaf_448_point_identity); }
584 };
585 
594 typedef decaf_448_precomputed_s Precomputed_U;
598  : protected OwnedOrUnowned<Precomputed,Precomputed_U>
600 {
601 public:
602 
604  inline ~Precomputed() DECAF_NOEXCEPT { clear(); }
605 
617  inline Precomputed (
618  const Precomputed_U &yours = *decaf_448_precomputed_base
619  ) DECAF_NOEXCEPT : OwnedOrUnowned<Precomputed,Precomputed_U>(yours) {}
620 
621 
622 #if __cplusplus >= 201103L
624  inline Precomputed &operator=(Precomputed &&it) DECAF_NOEXCEPT {
625  OwnedOrUnowned<Precomputed,Precomputed_U>::operator= (it);
626  return *this;
627  }
628 
630  inline Precomputed(Precomputed &&it) DECAF_NOEXCEPT : OwnedOrUnowned<Precomputed,Precomputed_U>() {
631  *this = it;
632  }
633 
635  inline Precomputed &operator=(const Precomputed &it) DECAF_NOEXCEPT {
636  OwnedOrUnowned<Precomputed,Precomputed_U>::operator= (it);
637  return *this;
638  }
639 #endif
640 
644  inline Precomputed &operator=(const Point &it) /*throw(std::bad_alloc)*/ {
645  alloc();
646  decaf_448_precompute(ours.mine,it.p);
647  return *this;
648  }
649 
653  inline Precomputed(const Precomputed &it) /*throw(std::bad_alloc)*/
654  : OwnedOrUnowned<Precomputed,Precomputed_U>() { *this = it; }
655 
659  inline explicit Precomputed(const Point &it) /*throw(std::bad_alloc)*/
660  : OwnedOrUnowned<Precomputed,Precomputed_U>() { *this = it; }
661 
663  inline Point operator* (const Scalar &s) const DECAF_NOEXCEPT { Point r; decaf_448_precomputed_scalarmul(r.p,get(),s.s); return r; }
664 
666  inline Point operator/ (const Scalar &s) const /*throw(CryptoException)*/ { return (*this) * s.inverse(); }
667 
669  static inline const Precomputed base() DECAF_NOEXCEPT { return Precomputed(); }
670 
671 public:
673  friend class OwnedOrUnowned<Precomputed,Precomputed_U>;
674  static inline size_t size() DECAF_NOEXCEPT { return decaf_448_sizeof_precomputed_s; }
675  static inline size_t alignment() DECAF_NOEXCEPT { return decaf_448_alignof_precomputed_s; }
676  static inline const Precomputed_U * default_value() DECAF_NOEXCEPT { return decaf_448_precomputed_base; }
678 };
679 
681 struct DhLadder {
682 public:
684  static const size_t PUBLIC_BYTES = DECAF_X448_PUBLIC_BYTES;
685 
688 
690  static const FixedBlock<PUBLIC_BYTES> base_point() DECAF_NOEXCEPT {
692  }
693 
696  const FixedBlock<PUBLIC_BYTES> &pk,
697  const FixedBlock<PRIVATE_BYTES> &scalar
698  ) /*throw(std::bad_alloc,CryptoException)*/ {
700  if (DECAF_SUCCESS != decaf_x448(out.data(), pk.data(), scalar.data())) {
701  throw CryptoException();
702  }
703  return out;
704  }
705 
707  static inline decaf_error_t DECAF_WARN_UNUSED
710  const FixedBlock<PUBLIC_BYTES> &pk,
711  const FixedBlock<PRIVATE_BYTES> &scalar
712  ) DECAF_NOEXCEPT {
713  return decaf_x448(out.data(), pk.data(), scalar.data());
714  }
715 
720  static inline SecureBuffer DECAF_DEPRECATED("Renamed to derive_public_key")
721  generate_key(
722  const FixedBlock<PRIVATE_BYTES> &scalar
723  ) /*throw(std::bad_alloc)*/ {
725  decaf_x448_derive_public_key(out.data(), scalar.data());
726  return out;
727  }
728 
733  const FixedBlock<PRIVATE_BYTES> &scalar
734  ) /*throw(std::bad_alloc)*/ {
736  decaf_x448_derive_public_key(out.data(), scalar.data());
737  return out;
738  }
739 
743  static inline void
746  const FixedBlock<PRIVATE_BYTES> &scalar
747  ) DECAF_NOEXCEPT {
748  decaf_x448_derive_public_key(out.data(), scalar.data());
749  }
750 
755  static inline void
756  DECAF_DEPRECATED("Renamed to derive_public_key_noexcept")
759  const FixedBlock<PRIVATE_BYTES> &scalar
760  ) DECAF_NOEXCEPT {
761  decaf_x448_derive_public_key(out.data(), scalar.data());
762  }
763 };
764 
765 }; /* struct Ed448Goldilocks */
766 
769  const FixedBlock<Ed448Goldilocks::Point::SER_BYTES> &in,
770  decaf_bool_t allow_identity,
771  decaf_bool_t short_circuit
772 ) const /*throw(CryptoException)*/ {
774  if (DECAF_SUCCESS !=
775  decaf_448_direct_scalarmul(out.data(), in.data(), s, allow_identity, short_circuit)
776  ) {
777  throw CryptoException();
778  }
779  return out;
780 }
781 
783  FixedBuffer<Ed448Goldilocks::Point::SER_BYTES> &out,
784  const FixedBlock<Ed448Goldilocks::Point::SER_BYTES> &in,
785  decaf_bool_t allow_identity,
786  decaf_bool_t short_circuit
787 ) const DECAF_NOEXCEPT {
788  return decaf_448_direct_scalarmul(out.data(), in.data(), s, allow_identity, short_circuit);
789 }
794 #undef DECAF_NOEXCEPT
795 } /* namespace decaf */
796 
797 #endif /* __DECAF_POINT_448_HXX__ */
A reference to a block of data, which (when accessed through this base class) is const.
Definition: secure_buffer.hxx:159
const unsigned char * data() const DECAF_NOEXCEPT
Get const data.
Definition: secure_buffer.hxx:199
A reference to a writable block of data.
Definition: secure_buffer.hxx:270
const unsigned char * data() const DECAF_NOEXCEPT
Get const data.
Definition: secure_buffer.hxx:282
An exception for when crypto (ie point decode) has failed.
Definition: secure_buffer.hxx:119
Element of prime-order elliptic curve group.
Definition: point_448.hxx:254
static const int LADDER_ENCODE_RATIO
Ratio due to ladder decoding.
Definition: point_448.hxx:278
static const size_t LADDER_BYTES
Bytes required for EdDSA encoding.
Definition: point_448.hxx:269
Point(const Wrapped &q=decaf_448_point_identity) DECAF_NOEXCEPT
Constructor sets to identity by default.
Definition: point_448.hxx:297
static const unsigned int INVERT_ELLIGATOR_WHICH_BITS
Number of bits in invert_elligator which are actually used.
Definition: point_448.hxx:286
Point & operator/=(const Scalar &s)
Multiply by s.inverse().
Definition: point_448.hxx:482
static Point double_scalarmul(const Point &q, const Scalar &qs, const Point &r, const Scalar &rs) DECAF_NOEXCEPT
Double-scalar multiply, equivalent to q*qs + r*rs but faster.
Definition: point_448.hxx:488
void mul_by_ratio_and_encode_like_ladder(FixedBuffer< LADDER_BYTES > &out) const
Multiply by LADDER_ENCODE_RATIO and encode like X25519/X448.
Definition: point_448.hxx:394
Point(const FixedBlock< SER_BYTES > &buffer, bool allow_identity=true)
Initialize from a fixed-length byte string.
Definition: point_448.hxx:326
decaf_448_point_t Wrapped
Wrapped C type.
Definition: point_448.hxx:257
Point & operator*=(const Scalar &s) DECAF_NOEXCEPT
Scalar multiply in place.
Definition: point_448.hxx:476
Point(Rng &rng, bool uniform=true) DECAF_NOEXCEPT
Construct from RNG.
Definition: point_448.hxx:309
Point & operator=(const Point &q) DECAF_NOEXCEPT
Assignment.
Definition: point_448.hxx:303
Point operator-() const DECAF_NOEXCEPT
Point negate.
Definition: point_448.hxx:458
void mul_by_ratio_and_encode_like_eddsa(FixedBuffer< DECAF_EDDSA_448_PUBLIC_BYTES > &out) const
Multiply by EDDSA_ENCODE_RATIO and encode like EdDSA.
Definition: point_448.hxx:380
static const Point identity() DECAF_NOEXCEPT
Return the identity point of the curve.
Definition: point_448.hxx:583
decaf_error_t DECAF_WARN_UNUSED decode_like_eddsa_and_mul_by_ratio_noexcept(const FixedBlock< DECAF_EDDSA_448_PUBLIC_BYTES > &buffer) DECAF_NOEXCEPT
Initialize from C++ fixed-length byte string, like EdDSA.
Definition: point_448.hxx:355
size_t ser_size() const DECAF_NOEXCEPT
Serializable instance.
Definition: point_448.hxx:438
Point & double_in_place() DECAF_NOEXCEPT
Double the point in place.
Definition: point_448.hxx:464
Point debugging_pscale(const FixedBlock< SER_BYTES > factor) const DECAF_NOEXCEPT
Return a point equal to *this, whose internal data has a modified representation.
Definition: point_448.hxx:528
Point & operator-=(const Point &q) DECAF_NOEXCEPT
Point subtract.
Definition: point_448.hxx:455
void decode_like_eddsa_and_mul_by_ratio(const FixedBlock< DECAF_EDDSA_448_PUBLIC_BYTES > &buffer)
Decode from EDDSA, multiply by EDDSA_DECODE_RATIO, and ignore any remaining cofactor information.
Definition: point_448.hxx:366
Point & operator+=(const Point &q) DECAF_NOEXCEPT
Point add.
Definition: point_448.hxx:449
SecureBuffer steg_encode(Rng &rng) const
Steganographically encode this.
Definition: point_448.hxx:567
Wrapped p
The c-level object.
Definition: point_448.hxx:289
Point debugging_torque() const DECAF_NOEXCEPT
Return a point equal to *this, whose internal data is rotated by a torsion element.
Definition: point_448.hxx:521
static Point double_scalarmul(const Scalar &qs, const Point &q, const Scalar &rs, const Point &r) DECAF_NOEXCEPT
Double-scalar multiply, equivalent to q*qs + r*rs but faster.
Definition: point_448.hxx:505
Point times_two() const DECAF_NOEXCEPT
Double the point out of place.
Definition: point_448.hxx:461
static const int EDDSA_ENCODE_RATIO
Ratio due to EdDSA encoding.
Definition: point_448.hxx:272
void serialize_into(unsigned char *buffer) const DECAF_NOEXCEPT
Serializable instance.
Definition: point_448.hxx:441
Point operator+(const Point &q) const DECAF_NOEXCEPT
Point add.
Definition: point_448.hxx:446
Point non_secret_combo_with_base(const Scalar &s, const Scalar &s_base) DECAF_NOEXCEPT
Double-scalar multiply: this point by the first scalar and base by the second scalar.
Definition: point_448.hxx:516
static const size_t SER_BYTES
Size of a serialized element.
Definition: point_448.hxx:260
SecureBuffer mul_by_ratio_and_encode_like_ladder() const
Multiply by LADDER_ENCODE_RATIO and encode like X25519/X448.
Definition: point_448.hxx:387
Point debugging_pscale(Rng &r) const DECAF_NOEXCEPT
Return a point equal to *this, whose internal data has a randomized representation.
Definition: point_448.hxx:535
void set_to_hash(const Block &s) DECAF_NOEXCEPT
Map to the curve from a hash buffer.
Definition: point_448.hxx:414
Point operator*(const Scalar &s) const DECAF_NOEXCEPT
Scalar multiply.
Definition: point_448.hxx:473
bool operator==(const Point &q) const DECAF_NOEXCEPT
Constant-time compare.
Definition: point_448.hxx:470
static const size_t EDDSA_BYTES
Bytes required for EdDSA encoding.
Definition: point_448.hxx:266
Point operator/(const Scalar &s) const
Multiply by s.inverse().
Definition: point_448.hxx:479
void dual_scalarmul(Point &q1, Point &q2, const Scalar &r1, const Scalar &r2) const DECAF_NOEXCEPT
Dual-scalar multiply, equivalent to this*r1, this*r2 but faster.
Definition: point_448.hxx:495
static const Point base() DECAF_NOEXCEPT
Return the base point of the curve.
Definition: point_448.hxx:580
Point(const Point &q) DECAF_NOEXCEPT
Copy constructor.
Definition: point_448.hxx:300
~Point() DECAF_NOEXCEPT
Destructor securely zeorizes the point.
Definition: point_448.hxx:306
decaf_error_t DECAF_WARN_UNUSED decode(const FixedBlock< SER_BYTES > &buffer, bool allow_identity=true) DECAF_NOEXCEPT
Initialize from C++ fixed-length byte string.
Definition: point_448.hxx:341
static const size_t STEG_BYTES
Size of a steganographically-encoded curve element.
Definition: point_448.hxx:283
static const int EDDSA_DECODE_RATIO
Ratio due to EdDSA decoding.
Definition: point_448.hxx:275
static Point from_hash(const Block &s) DECAF_NOEXCEPT
Map uniformly to the curve from a hash buffer.
Definition: point_448.hxx:404
SecureBuffer mul_by_ratio_and_encode_like_eddsa() const
Multiply by EDDSA_ENCODE_RATIO and encode like EdDSA.
Definition: point_448.hxx:373
bool operator!=(const Point &q) const DECAF_NOEXCEPT
Constant-time compare.
Definition: point_448.hxx:467
static const size_t HASH_BYTES
Bytes required for hash.
Definition: point_448.hxx:263
bool validate() const DECAF_NOEXCEPT
Validate / sanity check.
Definition: point_448.hxx:485
decaf_error_t invert_elligator(Buffer buf, uint32_t hint) const DECAF_NOEXCEPT
Modify buffer so that Point::from_hash(Buffer) == *this, and return DECAF_SUCCESS; or leave buf unmod...
Definition: point_448.hxx:544
Precomputed table of points.
Definition: point_448.hxx:600
static const Precomputed base() DECAF_NOEXCEPT
Return the table for the base point.
Definition: point_448.hxx:669
Precomputed(const Precomputed &it)
Copy constructor.
Definition: point_448.hxx:653
Point operator/(const Scalar &s) const
Multiply by s.inverse().
Definition: point_448.hxx:666
Precomputed(const Point &it)
Constructor which initializes from point.
Definition: point_448.hxx:659
Precomputed & operator=(const Point &it)
Initilaize from point.
Definition: point_448.hxx:644
~Precomputed() DECAF_NOEXCEPT
Destructor securely zeorizes the memory.
Definition: point_448.hxx:604
Precomputed(const Precomputed_U &yours= *decaf_448_precomputed_base) DECAF_NOEXCEPT
Initialize from underlying type, declared as a reference to prevent it from being called with 0,...
Definition: point_448.hxx:617
Point operator*(const Scalar &s) const DECAF_NOEXCEPT
Fixed base scalarmul.
Definition: point_448.hxx:663
A scalar modulo the curve order.
Definition: point_448.hxx:78
Scalar & operator+=(const Scalar &q) DECAF_NOEXCEPT
Add to this.
Definition: point_448.hxx:179
Scalar(const Block &buffer) DECAF_NOEXCEPT
Construct from arbitrary-length little-endian byte sequence.
Definition: point_448.hxx:119
Scalar(int64_t w) DECAF_NOEXCEPT
Set to a signed word.
Definition: point_448.hxx:98
size_t ser_size() const DECAF_NOEXCEPT
Serializable instance.
Definition: point_448.hxx:122
static const size_t SER_BYTES
Size of a serialized element.
Definition: point_448.hxx:84
Scalar half() const
Return half this scalar.
Definition: point_448.hxx:221
Scalar operator/(const Scalar &q) const
Return this/q.
Definition: point_448.hxx:215
decaf_error_t DECAF_WARN_UNUSED direct_scalarmul_noexcept(FixedBuffer< SER_BYTES > &out, const FixedBlock< SER_BYTES > &in, decaf_bool_t allow_identity=DECAF_FALSE, decaf_bool_t short_circuit=DECAF_TRUE) const DECAF_NOEXCEPT
Direct scalar multiplication.
~Scalar() DECAF_NOEXCEPT
Destructor securely zeorizes the scalar.
Definition: point_448.hxx:158
Scalar & operator=(uint64_t w) DECAF_NOEXCEPT
Assign from unsigned 64-bit integer.
Definition: point_448.hxx:133
SecureBuffer direct_scalarmul(const FixedBlock< SER_BYTES > &in, decaf_bool_t allow_identity=DECAF_FALSE, decaf_bool_t short_circuit=DECAF_TRUE) const
Direct scalar multiplication.
Scalar & operator=(int w) DECAF_NOEXCEPT
Assign from signed int.
Definition: point_448.hxx:155
Scalar inverse() const
Return 1/this.
Definition: point_448.hxx:199
Scalar(const Scalar &x) DECAF_NOEXCEPT
Copy constructor.
Definition: point_448.hxx:116
Scalar operator*(const Scalar &q) const DECAF_NOEXCEPT
Multiply.
Definition: point_448.hxx:188
decaf_error_t DECAF_WARN_UNUSED inverse_noexcept(Scalar &r) const DECAF_NOEXCEPT
Invert with Fermat's Little Theorem (slow!).
Definition: point_448.hxx:210
Scalar & operator/=(const Scalar &q)
Set this to this/q.
Definition: point_448.hxx:218
Scalar(Rng &rng) DECAF_NOEXCEPT
Construct from RNG.
Definition: point_448.hxx:107
bool operator==(const Scalar &q) const DECAF_NOEXCEPT
Compare in constant time.
Definition: point_448.hxx:227
Scalar & operator=(const Scalar &x) DECAF_NOEXCEPT
Assignment.
Definition: point_448.hxx:130
Scalar operator+(const Scalar &q) const DECAF_NOEXCEPT
Add.
Definition: point_448.hxx:176
Scalar(uint64_t w) DECAF_NOEXCEPT
Set to an unsigned word.
Definition: point_448.hxx:95
bool operator!=(const Scalar &q) const DECAF_NOEXCEPT
Compare in constant time.
Definition: point_448.hxx:224
Scalar & operator-=(const Scalar &q) DECAF_NOEXCEPT
Subtract from this.
Definition: point_448.hxx:185
Scalar & operator*=(const Scalar &q) DECAF_NOEXCEPT
Multiply into this.
Definition: point_448.hxx:191
Scalar & operator=(unsigned int w) DECAF_NOEXCEPT
Assign from unsigned int.
Definition: point_448.hxx:152
Scalar(unsigned int w) DECAF_NOEXCEPT
Set to an unsigned word.
Definition: point_448.hxx:101
Scalar operator-() const DECAF_NOEXCEPT
Negate.
Definition: point_448.hxx:194
static decaf_error_t DECAF_WARN_UNUSED decode(Scalar &sc, const FixedBlock< SER_BYTES > buffer) DECAF_NOEXCEPT
Decode from correct-length little-endian byte sequence.
Definition: point_448.hxx:169
Wrapped s
access to the underlying scalar object
Definition: point_448.hxx:87
decaf_448_scalar_t Wrapped
wrapped C type
Definition: point_448.hxx:81
Scalar(int w) DECAF_NOEXCEPT
Set to a signed word.
Definition: point_448.hxx:104
void serialize_into(unsigned char *buffer) const DECAF_NOEXCEPT
Serializable instance.
Definition: point_448.hxx:125
Scalar & operator=(int64_t w) DECAF_NOEXCEPT
Assign from signed int.
Definition: point_448.hxx:137
Scalar(const Wrapped &t=decaf_448_scalar_zero) DECAF_NOEXCEPT
Construct from decaf_scalar_t object.
Definition: point_448.hxx:113
Scalar & operator=(const Block &bl) DECAF_NOEXCEPT
Assign from arbitrary-length little-endian byte sequence in a Block.
Definition: point_448.hxx:161
A fixed-size stack-allocated buffer (for DECAF_NOEXCEPT semantics)
Definition: secure_buffer.hxx:337
A fixed-size block.
Definition: secure_buffer.hxx:253
A fixed-size block.
Definition: secure_buffer.hxx:310
Prototype of a random number generator.
Definition: secure_buffer.hxx:138
Base class of objects which support serialization.
Definition: secure_buffer.hxx:89
void DECAF_API_VIS decaf_bzero(void *data, size_t size) DECAF_NONNULL
Overwrite data with zeros.
decaf_bool_t DECAF_API_VIS decaf_memeq(const void *data1, const void *data2, size_t size) DECAF_NONNULL DECAF_WARN_UNUSED
Compare two buffers, returning DECAF_TRUE if they are equal.
uint32_t decaf_bool_t
"Boolean" type, will be set to all-zero or all-one (i.e.
Definition: common.h:89
decaf_error_t
Another boolean type used to indicate success or failure.
Definition: common.h:120
@ DECAF_SUCCESS
The operation succeeded.
Definition: common.h:121
A group of prime order p, based on Ed448-Goldilocks.
#define DECAF_448_EDDSA_ENCODE_RATIO
EdDSA encoding ratio.
Definition: ed448.h:57
#define DECAF_EDDSA_448_PUBLIC_BYTES
Number of bytes in an EdDSA public key.
Definition: ed448.h:27
decaf_error_t DECAF_API_VIS decaf_448_point_decode_like_eddsa_and_mul_by_ratio(decaf_448_point_t p, const uint8_t enc[DECAF_EDDSA_448_PUBLIC_BYTES]) DECAF_NONNULL DECAF_NOINLINE
EdDSA point decoding.
#define DECAF_448_EDDSA_DECODE_RATIO
EdDSA decoding ratio.
Definition: ed448.h:60
void DECAF_API_VIS decaf_448_point_mul_by_ratio_and_encode_like_eddsa(uint8_t enc[DECAF_EDDSA_448_PUBLIC_BYTES], const decaf_448_point_t p) DECAF_NONNULL DECAF_NOINLINE
EdDSA point encoding.
const uint8_t decaf_x448_base_point[DECAF_X448_PUBLIC_BYTES]
The base point for X448 Diffie-Hellman.
Definition: decaf.c:66
Namespace for all libdecaf C++ objects.
Definition: ed255.hxx:41
std::vector< unsigned char, SanitizingAllocator< unsigned char, 0 > > SecureBuffer
A variant of std::vector which securely zerozes its state when destructed.
Definition: secure_buffer.hxx:79
A group of prime order p, based on Ed448-Goldilocks.
void DECAF_API_VIS decaf_448_scalar_halve(decaf_448_scalar_t out, const decaf_448_scalar_t a) DECAF_NONNULL DECAF_NOINLINE
Halve a scalar.
#define DECAF_X448_PUBLIC_BYTES
Number of bytes in an x448 public key.
Definition: point_448.h:62
void DECAF_API_VIS decaf_448_point_negate(decaf_448_point_t nega, const decaf_448_point_t a) DECAF_NONNULL
Negate a point to produce another point.
void DECAF_API_VIS decaf_448_point_sub(decaf_448_point_t diff, const decaf_448_point_t a, const decaf_448_point_t b) DECAF_NONNULL
Subtract two points to produce a third point.
void DECAF_API_VIS decaf_448_point_mul_by_ratio_and_encode_like_x448(uint8_t out[DECAF_X448_PUBLIC_BYTES], const decaf_448_point_t p) DECAF_NONNULL
Multiply a point by DECAF_X448_ENCODE_RATIO, then encode it like RFC 7748.
void DECAF_API_VIS decaf_448_point_encode(uint8_t ser[DECAF_448_SER_BYTES], const decaf_448_point_t pt) DECAF_NONNULL DECAF_NOINLINE
Encode a point as a sequence of bytes.
void DECAF_API_VIS decaf_448_base_double_scalarmul_non_secret(decaf_448_point_t combo, const decaf_448_scalar_t scalar1, const decaf_448_point_t base2, const decaf_448_scalar_t scalar2) DECAF_NONNULL DECAF_NOINLINE
Multiply two base points by two scalars: scaled = scalar1*decaf_448_point_base + scalar2*base2.
decaf_error_t DECAF_API_VIS decaf_448_invert_elligator_nonuniform(unsigned char recovered_hash[DECAF_448_HASH_BYTES], const decaf_448_point_t pt, uint32_t which) DECAF_NONNULL DECAF_NOINLINE DECAF_WARN_UNUSED
Inverse of elligator-like hash to curve.
struct decaf_448_point_s decaf_448_point_t[1]
Representation of a point on the elliptic curve.
#define DECAF_448_INVERT_ELLIGATOR_WHICH_BITS
Number of bits in the "which" field of an elligator inverse.
Definition: point_448.h:53
decaf_bool_t DECAF_API_VIS decaf_448_scalar_eq(const decaf_448_scalar_t a, const decaf_448_scalar_t b) DECAF_WARN_UNUSED DECAF_NONNULL DECAF_NOINLINE
Compare two scalars.
decaf_bool_t DECAF_API_VIS decaf_448_point_valid(const decaf_448_point_t to_test) DECAF_WARN_UNUSED DECAF_NONNULL DECAF_NOINLINE
Test that a point is valid, for debugging purposes.
void DECAF_API_VIS decaf_448_point_destroy(decaf_448_point_t point) DECAF_NONNULL
Securely erase a point by overwriting it with zeros.
decaf_error_t DECAF_API_VIS decaf_x448(uint8_t shared[DECAF_X448_PUBLIC_BYTES], const uint8_t base[DECAF_X448_PUBLIC_BYTES], const uint8_t scalar[DECAF_X448_PRIVATE_BYTES]) DECAF_NONNULL DECAF_WARN_UNUSED DECAF_NOINLINE
RFC 7748 Diffie-Hellman scalarmul, used to compute shared secrets.
#define DECAF_X448_ENCODE_RATIO
X448 encoding ratio.
Definition: point_448.h:59
void DECAF_API_VIS decaf_448_point_from_hash_nonuniform(decaf_448_point_t pt, const unsigned char hashed_data[DECAF_448_HASH_BYTES]) DECAF_NONNULL DECAF_NOINLINE
Almost-Elligator-like hash to curve.
#define DECAF_448_SCALAR_BYTES
Number of bytes in a serialized scalar.
Definition: point_448.h:50
void DECAF_API_VIS decaf_448_scalar_decode_long(decaf_448_scalar_t out, const unsigned char *ser, size_t ser_len) DECAF_NONNULL DECAF_NOINLINE
Read a scalar from wire format or from bytes.
void DECAF_API_VIS decaf_448_point_debugging_torque(decaf_448_point_t q, const decaf_448_point_t p) DECAF_NONNULL DECAF_NOINLINE
Torque a point, for debugging purposes.
void DECAF_API_VIS decaf_448_point_double_scalarmul(decaf_448_point_t combo, const decaf_448_point_t base1, const decaf_448_scalar_t scalar1, const decaf_448_point_t base2, const decaf_448_scalar_t scalar2) DECAF_NONNULL DECAF_NOINLINE
Multiply two base points by two scalars: scaled = scalar1*base1 + scalar2*base2.
void DECAF_API_VIS decaf_448_point_add(decaf_448_point_t sum, const decaf_448_point_t a, const decaf_448_point_t b) DECAF_NONNULL
Add two points to produce a third point.
decaf_bool_t DECAF_API_VIS decaf_448_point_eq(const decaf_448_point_t a, const decaf_448_point_t b) DECAF_WARN_UNUSED DECAF_NONNULL DECAF_NOINLINE
Test whether two points are equal.
decaf_error_t DECAF_API_VIS decaf_448_direct_scalarmul(uint8_t scaled[DECAF_448_SER_BYTES], const uint8_t base[DECAF_448_SER_BYTES], const decaf_448_scalar_t scalar, decaf_bool_t allow_identity, decaf_bool_t short_circuit) DECAF_NONNULL DECAF_WARN_UNUSED DECAF_NOINLINE
Multiply a base point by a scalar: scaled = scalar*base.
void DECAF_API_VIS decaf_448_point_from_hash_uniform(decaf_448_point_t pt, const unsigned char hashed_data[2 *DECAF_448_HASH_BYTES]) DECAF_NONNULL DECAF_NOINLINE
Indifferentiable hash function encoding to curve.
void DECAF_API_VIS decaf_448_scalar_destroy(decaf_448_scalar_t scalar) DECAF_NONNULL
Securely erase a scalar.
decaf_error_t DECAF_API_VIS decaf_448_scalar_decode(decaf_448_scalar_t out, const unsigned char ser[DECAF_448_SCALAR_BYTES]) DECAF_WARN_UNUSED DECAF_NONNULL DECAF_NOINLINE
Read a scalar from wire format or from bytes.
void DECAF_API_VIS decaf_448_point_debugging_pscale(decaf_448_point_t q, const decaf_448_point_t p, const unsigned char factor[DECAF_448_SER_BYTES]) DECAF_NONNULL DECAF_NOINLINE
Projectively scale a point, for debugging purposes.
struct decaf_448_scalar_s decaf_448_scalar_t[1]
Representation of an element of the scalar field.
void DECAF_API_VIS decaf_448_scalar_set_unsigned(decaf_448_scalar_t out, uint64_t a) DECAF_NONNULL
Set a scalar to an unsigned 64-bit integer.
void DECAF_API_VIS decaf_448_point_dual_scalarmul(decaf_448_point_t a1, decaf_448_point_t a2, const decaf_448_point_t base1, const decaf_448_scalar_t scalar1, const decaf_448_scalar_t scalar2) DECAF_NONNULL DECAF_NOINLINE
Multiply one base point by two scalars:
void DECAF_API_VIS decaf_448_precompute(decaf_448_precomputed_s *a, const decaf_448_point_t b) DECAF_NONNULL DECAF_NOINLINE
Precompute a table for fast scalar multiplication.
void DECAF_API_VIS decaf_448_scalar_mul(decaf_448_scalar_t out, const decaf_448_scalar_t a, const decaf_448_scalar_t b) DECAF_NONNULL DECAF_NOINLINE
Multiply two scalars.
void DECAF_API_VIS decaf_448_scalar_sub(decaf_448_scalar_t out, const decaf_448_scalar_t a, const decaf_448_scalar_t b) DECAF_NONNULL DECAF_NOINLINE
Subtract two scalars.
void DECAF_API_VIS decaf_448_point_scalarmul(decaf_448_point_t scaled, const decaf_448_point_t base, const decaf_448_scalar_t scalar) DECAF_NONNULL DECAF_NOINLINE
Multiply a base point by a scalar: scaled = scalar*base.
void DECAF_API_VIS decaf_x448_derive_public_key(uint8_t out[DECAF_X448_PUBLIC_BYTES], const uint8_t scalar[DECAF_X448_PRIVATE_BYTES]) DECAF_NONNULL DECAF_NOINLINE
RFC 7748 Diffie-Hellman base point scalarmul.
void DECAF_API_VIS decaf_448_point_double(decaf_448_point_t two_a, const decaf_448_point_t a) DECAF_NONNULL
Double a point.
#define DECAF_448_SER_BYTES
Number of bytes in a serialized point.
Definition: point_448.h:42
DECAF_API_VIS const decaf_448_point_t decaf_448_point_identity
The identity (zero) point on the curve.
DECAF_API_VIS const decaf_448_point_t decaf_448_point_base
An arbitrarily-chosen base point on the curve.
void DECAF_API_VIS decaf_448_precomputed_scalarmul(decaf_448_point_t scaled, const decaf_448_precomputed_s *base, const decaf_448_scalar_t scalar) DECAF_NONNULL DECAF_NOINLINE
Multiply a precomputed base point by a scalar: scaled = scalar*base.
void DECAF_API_VIS decaf_448_scalar_add(decaf_448_scalar_t out, const decaf_448_scalar_t a, const decaf_448_scalar_t b) DECAF_NONNULL DECAF_NOINLINE
Add two scalars.
#define DECAF_448_HASH_BYTES
Number of bytes in an elligated point.
Definition: point_448.h:47
#define DECAF_X448_PRIVATE_BYTES
Number of bytes in an x448 private key.
Definition: point_448.h:65
DECAF_API_VIS const struct decaf_448_precomputed_s * decaf_448_precomputed_base
Precomputed table of multiples of the base point on the curve.
DECAF_API_VIS const decaf_448_scalar_t decaf_448_scalar_zero
The scalar 0.
decaf_error_t DECAF_API_VIS decaf_448_point_decode(decaf_448_point_t pt, const uint8_t ser[DECAF_448_SER_BYTES], decaf_bool_t allow_identity) DECAF_WARN_UNUSED DECAF_NONNULL DECAF_NOINLINE
Decode a point from a sequence of bytes.
decaf_error_t DECAF_API_VIS decaf_448_invert_elligator_uniform(unsigned char recovered_hash[2 *DECAF_448_HASH_BYTES], const decaf_448_point_t pt, uint32_t which) DECAF_NONNULL DECAF_NOINLINE DECAF_WARN_UNUSED
Inverse of elligator-like hash to curve.
void DECAF_API_VIS decaf_448_scalar_encode(unsigned char ser[DECAF_448_SCALAR_BYTES], const decaf_448_scalar_t s) DECAF_NONNULL DECAF_NOINLINE DECAF_NOINLINE
Serialize a scalar to wire format.
DECAF_API_VIS const size_t decaf_448_sizeof_precomputed_s
Size and alignment of precomputed point tables.
struct decaf_448_precomputed_s decaf_448_precomputed_s
Precomputed table based on a point.
Definition: point_448.h:78
decaf_error_t DECAF_API_VIS decaf_448_scalar_invert(decaf_448_scalar_t out, const decaf_448_scalar_t a) DECAF_WARN_UNUSED DECAF_NONNULL DECAF_NOINLINE
Invert a scalar.
C++ self-zeroizing buffer.
X-only Diffie-Hellman ladder functions.
Definition: point_448.hxx:681
static decaf_error_t DECAF_WARN_UNUSED shared_secret_noexcept(FixedBuffer< PUBLIC_BYTES > &out, const FixedBlock< PUBLIC_BYTES > &pk, const FixedBlock< PRIVATE_BYTES > &scalar) DECAF_NOEXCEPT
Calculate and write into out a shared secret with public key, noexcept version.
Definition: point_448.hxx:708
static SecureBuffer derive_public_key(const FixedBlock< PRIVATE_BYTES > &scalar)
Calculate and return a public key; equivalent to shared_secret(base_point(),scalar) but possibly fast...
Definition: point_448.hxx:732
static void derive_public_key_noexcept(FixedBuffer< PUBLIC_BYTES > &out, const FixedBlock< PRIVATE_BYTES > &scalar) DECAF_NOEXCEPT
Calculate and return a public key into a fixed buffer; equivalent to shared_secret(base_point(),...
Definition: point_448.hxx:744
static const size_t PRIVATE_BYTES
Bytes in an X448 private key.
Definition: point_448.hxx:687
static const size_t PUBLIC_BYTES
Bytes in an X448 public key.
Definition: point_448.hxx:684
static const FixedBlock< PUBLIC_BYTES > base_point() DECAF_NOEXCEPT
Base point for a scalar multiplication.
Definition: point_448.hxx:690
static SecureBuffer DECAF_DEPRECATED("Renamed to derive_public_key") generate_key(const FixedBlock< PRIVATE_BYTES > &scalar)
Calculate and return a public key; equivalent to shared_secret(base_point(),scalar) but possibly fast...
Definition: point_448.hxx:720
static void generate_key_noexcept(FixedBuffer< PUBLIC_BYTES > &out, const FixedBlock< PRIVATE_BYTES > &scalar) DECAF_NOEXCEPT
Calculate and return a public key into a fixed buffer; equivalent to shared_secret(base_point(),...
Definition: point_448.hxx:757
static SecureBuffer shared_secret(const FixedBlock< PUBLIC_BYTES > &pk, const FixedBlock< PRIVATE_BYTES > &scalar)
Calculate and return a shared secret with public key.
Definition: point_448.hxx:695
Ed448-Goldilocks/Decaf instantiation of group.
Definition: point_448.hxx:55
static const char * name()
The name of the curve.
Definition: point_448.hxx:58
static const int REMOVED_COFACTOR
The curve's cofactor (removed, but useful for testing)
Definition: point_448.hxx:64
static const int FIELD_MODULUS_TYPE
Residue class of field modulus: p == this mod 2*(this-1)
Definition: point_448.hxx:67
static int bits()
The name of the curve.
Definition: point_448.hxx:61
Passed to constructors to avoid (conservative) initialization.
Definition: secure_buffer.hxx:133