libdecaf
point_448.hxx
Go to the documentation of this file.
1 
25 #ifndef __DECAF_POINT_448_HXX__
26 #define __DECAF_POINT_448_HXX__ 1
27 
29 #ifndef _XOPEN_SOURCE
30 #define _XOPEN_SOURCE 600
31 #endif
32 #include <stdlib.h>
33 #include <string.h> /* for memcpy */
34 
35 #include <decaf/point_448.h>
36 #include <decaf/ed448.h>
37 #include <decaf/secure_buffer.hxx>
38 #include <string>
39 #include <sys/types.h>
40 #include <limits.h>
41 
43 #if __cplusplus >= 201103L
44 #define DECAF_NOEXCEPT noexcept
45 #else
46 #define DECAF_NOEXCEPT throw()
47 #endif
50 namespace decaf {
51 
56 
58 static inline const char *name() { return "Ed448-Goldilocks"; }
59 
61 static inline int bits() { return 448; }
62 
64 static const int REMOVED_COFACTOR = 4;
65 
67 static const int FIELD_MODULUS_TYPE = 3;
68 
70 class Point;
71 class Precomputed;
78 class Scalar : public Serializable<Scalar> {
79 public:
82 
84  static const size_t SER_BYTES = DECAF_448_SCALAR_BYTES;
85 
88 
91  inline Scalar(const NOINIT &) DECAF_NOEXCEPT {}
95  inline Scalar(uint64_t w) DECAF_NOEXCEPT { *this = w; }
96 
98  inline Scalar(int64_t w) DECAF_NOEXCEPT { *this = w; }
99 
101  inline Scalar(unsigned int w) DECAF_NOEXCEPT { *this = w; }
102 
104  inline Scalar(int w) DECAF_NOEXCEPT { *this = w; }
105 
107  inline explicit Scalar(Rng &rng) DECAF_NOEXCEPT {
109  *this = sb;
110  }
111 
113  inline Scalar(const Wrapped &t = decaf_448_scalar_zero) DECAF_NOEXCEPT { decaf_448_scalar_copy(s,t); }
114 
116  inline Scalar(const Scalar &x) DECAF_NOEXCEPT { *this = x; }
117 
119  inline Scalar(const Block &buffer) DECAF_NOEXCEPT { *this = buffer; }
120 
122  inline size_t ser_size() const DECAF_NOEXCEPT { return SER_BYTES; }
123 
125  inline void serialize_into(unsigned char *buffer) const DECAF_NOEXCEPT {
126  decaf_448_scalar_encode(buffer, s);
127  }
128 
130  inline Scalar& operator=(const Scalar &x) DECAF_NOEXCEPT { decaf_448_scalar_copy(s,x.s); return *this; }
131 
133  inline Scalar& operator=(uint64_t w) DECAF_NOEXCEPT { decaf_448_scalar_set_unsigned(s,w); return *this; }
134 
135 
137  inline Scalar& operator=(int64_t w) DECAF_NOEXCEPT {
138  Scalar t(-(uint64_t)INT_MIN);
139  decaf_448_scalar_set_unsigned(s,(uint64_t)w - (uint64_t)INT_MIN);
140  *this -= t;
141  return *this;
142  }
143 
145  inline Scalar& operator=(unsigned int w) DECAF_NOEXCEPT { return *this = (uint64_t)w; }
146 
148  inline Scalar& operator=(int w) DECAF_NOEXCEPT { return *this = (int64_t)w; }
149 
151  inline ~Scalar() DECAF_NOEXCEPT { decaf_448_scalar_destroy(s); }
152 
154  inline Scalar &operator=(const Block &bl) DECAF_NOEXCEPT {
155  decaf_448_scalar_decode_long(s,bl.data(),bl.size()); return *this;
156  }
157 
162  static inline decaf_error_t DECAF_WARN_UNUSED decode (
163  Scalar &sc, const FixedBlock<SER_BYTES> buffer
164  ) DECAF_NOEXCEPT {
165  return decaf_448_scalar_decode(sc.s,buffer.data());
166  }
167 
169  inline Scalar operator+ (const Scalar &q) const DECAF_NOEXCEPT { Scalar r((NOINIT())); decaf_448_scalar_add(r.s,s,q.s); return r; }
170 
172  inline Scalar &operator+=(const Scalar &q) DECAF_NOEXCEPT { decaf_448_scalar_add(s,s,q.s); return *this; }
173 
175  inline Scalar operator- (const Scalar &q) const DECAF_NOEXCEPT { Scalar r((NOINIT())); decaf_448_scalar_sub(r.s,s,q.s); return r; }
176 
178  inline Scalar &operator-=(const Scalar &q) DECAF_NOEXCEPT { decaf_448_scalar_sub(s,s,q.s); return *this; }
179 
181  inline Scalar operator* (const Scalar &q) const DECAF_NOEXCEPT { Scalar r((NOINIT())); decaf_448_scalar_mul(r.s,s,q.s); return r; }
182 
184  inline Scalar &operator*=(const Scalar &q) DECAF_NOEXCEPT { decaf_448_scalar_mul(s,s,q.s); return *this; }
185 
187  inline Scalar operator- () const DECAF_NOEXCEPT { Scalar r((NOINIT())); decaf_448_scalar_sub(r.s,decaf_448_scalar_zero,s); return r; }
188 
192  inline Scalar inverse() const /*throw(CryptoException)*/ {
193  Scalar r;
195  throw CryptoException();
196  }
197  return r;
198  }
199 
202  inline decaf_error_t DECAF_WARN_UNUSED
203  inverse_noexcept(Scalar &r) const DECAF_NOEXCEPT {
204  return decaf_448_scalar_invert(r.s,s);
205  }
206 
208  inline Scalar operator/ (const Scalar &q) const /*throw(CryptoException)*/ { return *this * q.inverse(); }
209 
211  inline Scalar &operator/=(const Scalar &q) /*throw(CryptoException)*/ { return *this *= q.inverse(); }
212 
214  inline Scalar half() const { Scalar out; decaf_448_scalar_halve(out.s,s); return out; }
215 
217  inline bool operator!=(const Scalar &q) const DECAF_NOEXCEPT { return !(*this == q); }
218 
220  inline bool operator==(const Scalar &q) const DECAF_NOEXCEPT { return !!decaf_448_scalar_eq(s,q.s); }
221 
223  inline Point operator* (const Point &q) const DECAF_NOEXCEPT { return q * (*this); }
224 
226  inline Point operator* (const Precomputed &q) const DECAF_NOEXCEPT { return q * (*this); }
227 
232  const FixedBlock<SER_BYTES> &in,
233  decaf_bool_t allow_identity=DECAF_FALSE,
234  decaf_bool_t short_circuit=DECAF_TRUE
235  ) const /*throw(CryptoException)*/;
236 
238  inline decaf_error_t DECAF_WARN_UNUSED direct_scalarmul_noexcept(
240  const FixedBlock<SER_BYTES> &in,
241  decaf_bool_t allow_identity=DECAF_FALSE,
242  decaf_bool_t short_circuit=DECAF_TRUE
243  ) const DECAF_NOEXCEPT;
244 };
245 
247 class Point : public Serializable<Point> {
248 public:
251 
253  static const size_t SER_BYTES = DECAF_448_SER_BYTES;
254 
256  static const size_t HASH_BYTES = DECAF_448_HASH_BYTES;
257 
260 
262  static const size_t LADDER_BYTES = DECAF_X448_PUBLIC_BYTES;
263 
266 
269 
272 
276  static const size_t STEG_BYTES = HASH_BYTES * 2;
277 
280 
283 
286  inline Point(const NOINIT &) DECAF_NOEXCEPT {}
290  inline Point(const Wrapped &q = decaf_448_point_identity) DECAF_NOEXCEPT { decaf_448_point_copy(p,q); }
291 
293  inline Point(const Point &q) DECAF_NOEXCEPT { *this = q; }
294 
296  inline Point& operator=(const Point &q) DECAF_NOEXCEPT { decaf_448_point_copy(p,q.p); return *this; }
297 
299  inline ~Point() DECAF_NOEXCEPT { decaf_448_point_destroy(p); }
300 
302  inline explicit Point(Rng &rng, bool uniform = true) DECAF_NOEXCEPT {
303  if (uniform) {
305  set_to_hash(b);
306  } else {
308  set_to_hash(b);
309  }
310  }
311 
319  inline explicit Point(const FixedBlock<SER_BYTES> &buffer, bool allow_identity=true)
320  /*throw(CryptoException)*/ {
321  if (DECAF_SUCCESS != decode(buffer,allow_identity)) {
322  throw CryptoException();
323  }
324  }
325 
334  inline decaf_error_t DECAF_WARN_UNUSED decode (
335  const FixedBlock<SER_BYTES> &buffer, bool allow_identity=true
336  ) DECAF_NOEXCEPT {
337  return decaf_448_point_decode(p,buffer.data(),allow_identity ? DECAF_TRUE : DECAF_FALSE);
338  }
339 
350  ) DECAF_NOEXCEPT {
352  }
353 
361  ) /*throw(CryptoException)*/ {
363  }
364 
369  return ret;
370  }
371 
375  ) const {
377  }
378 
383  return ret;
384  }
385 
389  }
390 
397  static inline Point from_hash ( const Block &s ) DECAF_NOEXCEPT {
398  Point p((NOINIT())); p.set_to_hash(s); return p;
399  }
400 
407  inline void set_to_hash( const Block &s ) DECAF_NOEXCEPT {
408  if (s.size() < HASH_BYTES) {
410  memcpy(b.data(), s.data(), s.size());
412  } else if (s.size() == HASH_BYTES) {
414  } else if (s.size() < 2*HASH_BYTES) {
416  memcpy(b.data(), s.data(), s.size());
418  } else {
420  }
421  }
422 
424  inline operator SecureBuffer() const {
425  SecureBuffer buffer(SER_BYTES);
426  decaf_448_point_encode(buffer.data(), p);
427  return buffer;
428  }
429 
431  inline size_t ser_size() const DECAF_NOEXCEPT { return SER_BYTES; }
432 
434  inline void serialize_into(unsigned char *buffer) const DECAF_NOEXCEPT {
435  decaf_448_point_encode(buffer, p);
436  }
437 
439  inline Point operator+ (const Point &q) const DECAF_NOEXCEPT { Point r((NOINIT())); decaf_448_point_add(r.p,p,q.p); return r; }
440 
442  inline Point &operator+=(const Point &q) DECAF_NOEXCEPT { decaf_448_point_add(p,p,q.p); return *this; }
443 
445  inline Point operator- (const Point &q) const DECAF_NOEXCEPT { Point r((NOINIT())); decaf_448_point_sub(r.p,p,q.p); return r; }
446 
448  inline Point &operator-=(const Point &q) DECAF_NOEXCEPT { decaf_448_point_sub(p,p,q.p); return *this; }
449 
451  inline Point operator- () const DECAF_NOEXCEPT { Point r((NOINIT())); decaf_448_point_negate(r.p,p); return r; }
452 
454  inline Point times_two () const DECAF_NOEXCEPT { Point r((NOINIT())); decaf_448_point_double(r.p,p); return r; }
455 
457  inline Point &double_in_place() DECAF_NOEXCEPT { decaf_448_point_double(p,p); return *this; }
458 
460  inline bool operator!=(const Point &q) const DECAF_NOEXCEPT { return ! decaf_448_point_eq(p,q.p); }
461 
463  inline bool operator==(const Point &q) const DECAF_NOEXCEPT { return !!decaf_448_point_eq(p,q.p); }
464 
466  inline Point operator* (const Scalar &s) const DECAF_NOEXCEPT { Point r((NOINIT())); decaf_448_point_scalarmul(r.p,p,s.s); return r; }
467 
469  inline Point &operator*=(const Scalar &s) DECAF_NOEXCEPT { decaf_448_point_scalarmul(p,p,s.s); return *this; }
470 
472  inline Point operator/ (const Scalar &s) const /*throw(CryptoException)*/ { return (*this) * s.inverse(); }
473 
475  inline Point &operator/=(const Scalar &s) /*throw(CryptoException)*/ { return (*this) *= s.inverse(); }
476 
478  inline bool validate() const DECAF_NOEXCEPT { return decaf_448_point_valid(p); }
479 
481  static inline Point double_scalarmul (
482  const Point &q, const Scalar &qs, const Point &r, const Scalar &rs
483  ) DECAF_NOEXCEPT {
484  Point p((NOINIT())); decaf_448_point_double_scalarmul(p.p,q.p,qs.s,r.p,rs.s); return p;
485  }
486 
488  inline void dual_scalarmul (
489  Point &q1, Point &q2, const Scalar &r1, const Scalar &r2
490  ) const DECAF_NOEXCEPT {
491  decaf_448_point_dual_scalarmul(q1.p,q2.p,p,r1.s,r2.s);
492  }
493 
498  static inline Point double_scalarmul (
499  const Scalar &qs, const Point &q, const Scalar &rs, const Point &r
500  ) DECAF_NOEXCEPT {
501  return double_scalarmul(q,qs,r,rs);
502  }
503 
509  inline Point non_secret_combo_with_base(const Scalar &s, const Scalar &s_base) DECAF_NOEXCEPT {
510  Point r((NOINIT())); decaf_448_base_double_scalarmul_non_secret(r.p,s_base.s,p,s.s); return r;
511  }
512 
514  inline Point debugging_torque() const DECAF_NOEXCEPT {
515  Point q;
517  return q;
518  }
519 
521  inline Point debugging_pscale(const FixedBlock<SER_BYTES> factor) const DECAF_NOEXCEPT {
522  Point q;
523  decaf_448_point_debugging_pscale(q.p,p,factor.data());
524  return q;
525  }
526 
528  inline Point debugging_pscale(Rng &r) const DECAF_NOEXCEPT {
530  return debugging_pscale(sb);
531  }
532 
538  Buffer buf, uint32_t hint
539  ) const DECAF_NOEXCEPT {
540  unsigned char buf2[2*HASH_BYTES];
541  memset(buf2,0,sizeof(buf2));
542  memcpy(buf2,buf.data(),(buf.size() > 2*HASH_BYTES) ? 2*HASH_BYTES : buf.size());
543  decaf_bool_t ret;
544  if (buf.size() > HASH_BYTES) {
545  ret = decaf_successful(decaf_448_invert_elligator_uniform(buf2, p, hint));
546  } else {
547  ret = decaf_successful(decaf_448_invert_elligator_nonuniform(buf2, p, hint));
548  }
549  if (buf.size() < HASH_BYTES) {
550  ret &= decaf_memeq(&buf2[buf.size()], &buf2[HASH_BYTES], HASH_BYTES - buf.size());
551  }
552  for (size_t i=0; i<buf.size() && i<HASH_BYTES; i++) {
553  buf[i] = (buf[i] & ~ret) | (buf2[i] &ret);
554  }
555  decaf_bzero(buf2,sizeof(buf2));
556  return decaf_succeed_if(ret);
557  }
558 
560  inline SecureBuffer steg_encode(Rng &rng, size_t size=STEG_BYTES) const /*throw(std::bad_alloc, LengthException)*/ {
561  if (size <= HASH_BYTES + 4 || size > 2*HASH_BYTES) throw LengthException();
563  decaf_error_t done;
564  do {
565  rng.read(Buffer(out).slice(HASH_BYTES-4,STEG_BYTES-HASH_BYTES+1));
566  uint32_t hint = 0;
567  for (int i=0; i<4; i++) { hint |= uint32_t(out[HASH_BYTES-4+i])<<(8*i); }
568  done = invert_elligator(out, hint);
569  } while (!decaf_successful(done));
570  return out;
571  }
572 
574  static inline const Point base() DECAF_NOEXCEPT { return Point(decaf_448_point_base); }
575 
577  static inline const Point identity() DECAF_NOEXCEPT { return Point(decaf_448_point_identity); }
578 };
579 
588 typedef decaf_448_precomputed_s Precomputed_U;
592  : protected OwnedOrUnowned<Precomputed,Precomputed_U>
594 {
595 public:
596 
598  inline ~Precomputed() DECAF_NOEXCEPT { clear(); }
599 
611  inline Precomputed (
612  const Precomputed_U &yours = *decaf_448_precomputed_base
613  ) DECAF_NOEXCEPT : OwnedOrUnowned<Precomputed,Precomputed_U>(yours) {}
614 
615 
616 #if __cplusplus >= 201103L
618  inline Precomputed &operator=(Precomputed &&it) DECAF_NOEXCEPT {
619  OwnedOrUnowned<Precomputed,Precomputed_U>::operator= (it);
620  return *this;
621  }
622 
624  inline Precomputed(Precomputed &&it) DECAF_NOEXCEPT : OwnedOrUnowned<Precomputed,Precomputed_U>() {
625  *this = it;
626  }
627 
629  inline Precomputed &operator=(const Precomputed &it) DECAF_NOEXCEPT {
630  OwnedOrUnowned<Precomputed,Precomputed_U>::operator= (it);
631  return *this;
632  }
633 #endif
634 
638  inline Precomputed &operator=(const Point &it) /*throw(std::bad_alloc)*/ {
639  alloc();
640  decaf_448_precompute(ours.mine,it.p);
641  return *this;
642  }
643 
647  inline Precomputed(const Precomputed &it) /*throw(std::bad_alloc)*/
648  : OwnedOrUnowned<Precomputed,Precomputed_U>() { *this = it; }
649 
653  inline explicit Precomputed(const Point &it) /*throw(std::bad_alloc)*/
654  : OwnedOrUnowned<Precomputed,Precomputed_U>() { *this = it; }
655 
657  inline Point operator* (const Scalar &s) const DECAF_NOEXCEPT { Point r; decaf_448_precomputed_scalarmul(r.p,get(),s.s); return r; }
658 
660  inline Point operator/ (const Scalar &s) const /*throw(CryptoException)*/ { return (*this) * s.inverse(); }
661 
663  static inline const Precomputed base() DECAF_NOEXCEPT { return Precomputed(); }
664 
665 public:
667  friend class OwnedOrUnowned<Precomputed,Precomputed_U>;
668  static inline size_t size() DECAF_NOEXCEPT { return decaf_448_sizeof_precomputed_s; }
669  static inline size_t alignment() DECAF_NOEXCEPT { return decaf_448_alignof_precomputed_s; }
670  static inline const Precomputed_U * default_value() DECAF_NOEXCEPT { return decaf_448_precomputed_base; }
672 };
673 
675 struct DhLadder {
676 public:
678  static const size_t PUBLIC_BYTES = DECAF_X448_PUBLIC_BYTES;
679 
682 
684  static const FixedBlock<PUBLIC_BYTES> base_point() DECAF_NOEXCEPT {
686  }
687 
690  const FixedBlock<PUBLIC_BYTES> &pk,
691  const FixedBlock<PRIVATE_BYTES> &scalar
692  ) /*throw(std::bad_alloc,CryptoException)*/ {
694  if (DECAF_SUCCESS != decaf_x448(out.data(), pk.data(), scalar.data())) {
695  throw CryptoException();
696  }
697  return out;
698  }
699 
701  static inline decaf_error_t DECAF_WARN_UNUSED
704  const FixedBlock<PUBLIC_BYTES> &pk,
705  const FixedBlock<PRIVATE_BYTES> &scalar
706  ) DECAF_NOEXCEPT {
707  return decaf_x448(out.data(), pk.data(), scalar.data());
708  }
709 
714  static inline SecureBuffer DECAF_DEPRECATED("Renamed to derive_public_key")
715  generate_key(
716  const FixedBlock<PRIVATE_BYTES> &scalar
717  ) /*throw(std::bad_alloc)*/ {
719  decaf_x448_derive_public_key(out.data(), scalar.data());
720  return out;
721  }
722 
727  const FixedBlock<PRIVATE_BYTES> &scalar
728  ) /*throw(std::bad_alloc)*/ {
730  decaf_x448_derive_public_key(out.data(), scalar.data());
731  return out;
732  }
733 
737  static inline void
740  const FixedBlock<PRIVATE_BYTES> &scalar
741  ) DECAF_NOEXCEPT {
742  decaf_x448_derive_public_key(out.data(), scalar.data());
743  }
744 
749  static inline void
750  DECAF_DEPRECATED("Renamed to derive_public_key_noexcept")
753  const FixedBlock<PRIVATE_BYTES> &scalar
754  ) DECAF_NOEXCEPT {
755  decaf_x448_derive_public_key(out.data(), scalar.data());
756  }
757 };
758 
759 }; /* struct Ed448Goldilocks */
760 
763  const FixedBlock<Ed448Goldilocks::Point::SER_BYTES> &in,
764  decaf_bool_t allow_identity,
765  decaf_bool_t short_circuit
766 ) const /*throw(CryptoException)*/ {
768  if (DECAF_SUCCESS !=
769  decaf_448_direct_scalarmul(out.data(), in.data(), s, allow_identity, short_circuit)
770  ) {
771  throw CryptoException();
772  }
773  return out;
774 }
775 
777  FixedBuffer<Ed448Goldilocks::Point::SER_BYTES> &out,
778  const FixedBlock<Ed448Goldilocks::Point::SER_BYTES> &in,
779  decaf_bool_t allow_identity,
780  decaf_bool_t short_circuit
781 ) const DECAF_NOEXCEPT {
782  return decaf_448_direct_scalarmul(out.data(), in.data(), s, allow_identity, short_circuit);
783 }
788 #undef DECAF_NOEXCEPT
789 } /* namespace decaf */
790 
791 #endif /* __DECAF_POINT_448_HXX__ */
A reference to a block of data, which (when accessed through this base class) is const.
Definition: secure_buffer.hxx:159
const unsigned char * data() const DECAF_NOEXCEPT
Get const data.
Definition: secure_buffer.hxx:193
A reference to a writable block of data.
Definition: secure_buffer.hxx:264
const unsigned char * data() const DECAF_NOEXCEPT
Get const data.
Definition: secure_buffer.hxx:276
An exception for when crypto (ie point decode) has failed.
Definition: secure_buffer.hxx:119
Element of prime-order elliptic curve group.
Definition: point_448.hxx:247
static const int LADDER_ENCODE_RATIO
Ratio due to ladder decoding.
Definition: point_448.hxx:271
static const size_t LADDER_BYTES
Bytes required for EdDSA encoding.
Definition: point_448.hxx:262
Point(const Wrapped &q=decaf_448_point_identity) DECAF_NOEXCEPT
Constructor sets to identity by default.
Definition: point_448.hxx:290
static const unsigned int INVERT_ELLIGATOR_WHICH_BITS
Number of bits in invert_elligator which are actually used.
Definition: point_448.hxx:279
Point & operator/=(const Scalar &s)
Multiply by s.inverse().
Definition: point_448.hxx:475
static Point double_scalarmul(const Point &q, const Scalar &qs, const Point &r, const Scalar &rs) DECAF_NOEXCEPT
Double-scalar multiply, equivalent to q*qs + r*rs but faster.
Definition: point_448.hxx:481
void mul_by_ratio_and_encode_like_ladder(FixedBuffer< LADDER_BYTES > &out) const
Multiply by LADDER_ENCODE_RATIO and encode like X25519/X448.
Definition: point_448.hxx:387
SecureBuffer steg_encode(Rng &rng, size_t size=STEG_BYTES) const
Steganographically encode this.
Definition: point_448.hxx:560
Point(const FixedBlock< SER_BYTES > &buffer, bool allow_identity=true)
Initialize from a fixed-length byte string.
Definition: point_448.hxx:319
decaf_448_point_t Wrapped
Wrapped C type.
Definition: point_448.hxx:250
Point & operator*=(const Scalar &s) DECAF_NOEXCEPT
Scalar multiply in place.
Definition: point_448.hxx:469
Point(Rng &rng, bool uniform=true) DECAF_NOEXCEPT
Construct from RNG.
Definition: point_448.hxx:302
Point & operator=(const Point &q) DECAF_NOEXCEPT
Assignment.
Definition: point_448.hxx:296
Point operator-() const DECAF_NOEXCEPT
Point negate.
Definition: point_448.hxx:451
void mul_by_ratio_and_encode_like_eddsa(FixedBuffer< DECAF_EDDSA_448_PUBLIC_BYTES > &out) const
Multiply by EDDSA_ENCODE_RATIO and encode like EdDSA.
Definition: point_448.hxx:373
static const Point identity() DECAF_NOEXCEPT
Return the identity point of the curve.
Definition: point_448.hxx:577
decaf_error_t DECAF_WARN_UNUSED decode_like_eddsa_and_mul_by_ratio_noexcept(const FixedBlock< DECAF_EDDSA_448_PUBLIC_BYTES > &buffer) DECAF_NOEXCEPT
Initialize from C++ fixed-length byte string, like EdDSA.
Definition: point_448.hxx:348
size_t ser_size() const DECAF_NOEXCEPT
Serializable instance.
Definition: point_448.hxx:431
Point & double_in_place() DECAF_NOEXCEPT
Double the point in place.
Definition: point_448.hxx:457
Point debugging_pscale(const FixedBlock< SER_BYTES > factor) const DECAF_NOEXCEPT
Return a point equal to *this, whose internal data has a modified representation.
Definition: point_448.hxx:521
Point & operator-=(const Point &q) DECAF_NOEXCEPT
Point subtract.
Definition: point_448.hxx:448
void decode_like_eddsa_and_mul_by_ratio(const FixedBlock< DECAF_EDDSA_448_PUBLIC_BYTES > &buffer)
Decode from EDDSA, multiply by EDDSA_DECODE_RATIO, and ignore any remaining cofactor information.
Definition: point_448.hxx:359
Point & operator+=(const Point &q) DECAF_NOEXCEPT
Point add.
Definition: point_448.hxx:442
Wrapped p
The c-level object.
Definition: point_448.hxx:282
Point debugging_torque() const DECAF_NOEXCEPT
Return a point equal to *this, whose internal data is rotated by a torsion element.
Definition: point_448.hxx:514
static Point double_scalarmul(const Scalar &qs, const Point &q, const Scalar &rs, const Point &r) DECAF_NOEXCEPT
Double-scalar multiply, equivalent to q*qs + r*rs but faster.
Definition: point_448.hxx:498
Point times_two() const DECAF_NOEXCEPT
Double the point out of place.
Definition: point_448.hxx:454
static const int EDDSA_ENCODE_RATIO
Ratio due to EdDSA encoding.
Definition: point_448.hxx:265
void serialize_into(unsigned char *buffer) const DECAF_NOEXCEPT
Serializable instance.
Definition: point_448.hxx:434
Point operator+(const Point &q) const DECAF_NOEXCEPT
Point add.
Definition: point_448.hxx:439
Point non_secret_combo_with_base(const Scalar &s, const Scalar &s_base) DECAF_NOEXCEPT
Double-scalar multiply: this point by the first scalar and base by the second scalar.
Definition: point_448.hxx:509
static const size_t SER_BYTES
Size of a serialized element.
Definition: point_448.hxx:253
SecureBuffer mul_by_ratio_and_encode_like_ladder() const
Multiply by LADDER_ENCODE_RATIO and encode like X25519/X448.
Definition: point_448.hxx:380
Point debugging_pscale(Rng &r) const DECAF_NOEXCEPT
Return a point equal to *this, whose internal data has a randomized representation.
Definition: point_448.hxx:528
void set_to_hash(const Block &s) DECAF_NOEXCEPT
Map to the curve from a hash buffer.
Definition: point_448.hxx:407
Point operator*(const Scalar &s) const DECAF_NOEXCEPT
Scalar multiply.
Definition: point_448.hxx:466
bool operator==(const Point &q) const DECAF_NOEXCEPT
Constant-time compare.
Definition: point_448.hxx:463
static const size_t EDDSA_BYTES
Bytes required for EdDSA encoding.
Definition: point_448.hxx:259
Point operator/(const Scalar &s) const
Multiply by s.inverse().
Definition: point_448.hxx:472
void dual_scalarmul(Point &q1, Point &q2, const Scalar &r1, const Scalar &r2) const DECAF_NOEXCEPT
Dual-scalar multiply, equivalent to this*r1, this*r2 but faster.
Definition: point_448.hxx:488
static const Point base() DECAF_NOEXCEPT
Return the base point of the curve.
Definition: point_448.hxx:574
Point(const Point &q) DECAF_NOEXCEPT
Copy constructor.
Definition: point_448.hxx:293
~Point() DECAF_NOEXCEPT
Destructor securely zeorizes the point.
Definition: point_448.hxx:299
decaf_error_t DECAF_WARN_UNUSED decode(const FixedBlock< SER_BYTES > &buffer, bool allow_identity=true) DECAF_NOEXCEPT
Initialize from C++ fixed-length byte string.
Definition: point_448.hxx:334
static const size_t STEG_BYTES
Size of a steganographically-encoded curve element.
Definition: point_448.hxx:276
static const int EDDSA_DECODE_RATIO
Ratio due to EdDSA decoding.
Definition: point_448.hxx:268
static Point from_hash(const Block &s) DECAF_NOEXCEPT
Map uniformly to the curve from a hash buffer.
Definition: point_448.hxx:397
SecureBuffer mul_by_ratio_and_encode_like_eddsa() const
Multiply by EDDSA_ENCODE_RATIO and encode like EdDSA.
Definition: point_448.hxx:366
bool operator!=(const Point &q) const DECAF_NOEXCEPT
Constant-time compare.
Definition: point_448.hxx:460
static const size_t HASH_BYTES
Bytes required for hash.
Definition: point_448.hxx:256
bool validate() const DECAF_NOEXCEPT
Validate / sanity check.
Definition: point_448.hxx:478
decaf_error_t invert_elligator(Buffer buf, uint32_t hint) const DECAF_NOEXCEPT
Modify buffer so that Point::from_hash(Buffer) == *this, and return DECAF_SUCCESS; or leave buf unmod...
Definition: point_448.hxx:537
Precomputed table of points.
Definition: point_448.hxx:594
static const Precomputed base() DECAF_NOEXCEPT
Return the table for the base point.
Definition: point_448.hxx:663
Precomputed(const Precomputed &it)
Copy constructor.
Definition: point_448.hxx:647
Point operator/(const Scalar &s) const
Multiply by s.inverse().
Definition: point_448.hxx:660
Precomputed(const Point &it)
Constructor which initializes from point.
Definition: point_448.hxx:653
Precomputed & operator=(const Point &it)
Initilaize from point.
Definition: point_448.hxx:638
~Precomputed() DECAF_NOEXCEPT
Destructor securely zeorizes the memory.
Definition: point_448.hxx:598
Precomputed(const Precomputed_U &yours= *decaf_448_precomputed_base) DECAF_NOEXCEPT
Initialize from underlying type, declared as a reference to prevent it from being called with 0,...
Definition: point_448.hxx:611
Point operator*(const Scalar &s) const DECAF_NOEXCEPT
Fixed base scalarmul.
Definition: point_448.hxx:657
A scalar modulo the curve order.
Definition: point_448.hxx:78
Scalar & operator+=(const Scalar &q) DECAF_NOEXCEPT
Add to this.
Definition: point_448.hxx:172
Scalar(const Block &buffer) DECAF_NOEXCEPT
Construct from arbitrary-length little-endian byte sequence.
Definition: point_448.hxx:119
Scalar(int64_t w) DECAF_NOEXCEPT
Set to a signed word.
Definition: point_448.hxx:98
size_t ser_size() const DECAF_NOEXCEPT
Serializable instance.
Definition: point_448.hxx:122
static const size_t SER_BYTES
Size of a serialized element.
Definition: point_448.hxx:84
Scalar half() const
Return half this scalar.
Definition: point_448.hxx:214
Scalar operator/(const Scalar &q) const
Return this/q.
Definition: point_448.hxx:208
decaf_error_t DECAF_WARN_UNUSED direct_scalarmul_noexcept(FixedBuffer< SER_BYTES > &out, const FixedBlock< SER_BYTES > &in, decaf_bool_t allow_identity=DECAF_FALSE, decaf_bool_t short_circuit=DECAF_TRUE) const DECAF_NOEXCEPT
Direct scalar multiplication.
~Scalar() DECAF_NOEXCEPT
Destructor securely zeorizes the scalar.
Definition: point_448.hxx:151
Scalar & operator=(uint64_t w) DECAF_NOEXCEPT
Assign from unsigned 64-bit integer.
Definition: point_448.hxx:133
SecureBuffer direct_scalarmul(const FixedBlock< SER_BYTES > &in, decaf_bool_t allow_identity=DECAF_FALSE, decaf_bool_t short_circuit=DECAF_TRUE) const
Direct scalar multiplication.
Scalar & operator=(int w) DECAF_NOEXCEPT
Assign from signed int.
Definition: point_448.hxx:148
Scalar inverse() const
Return 1/this.
Definition: point_448.hxx:192
Scalar(const Scalar &x) DECAF_NOEXCEPT
Copy constructor.
Definition: point_448.hxx:116
Scalar operator*(const Scalar &q) const DECAF_NOEXCEPT
Multiply.
Definition: point_448.hxx:181
decaf_error_t DECAF_WARN_UNUSED inverse_noexcept(Scalar &r) const DECAF_NOEXCEPT
Invert with Fermat's Little Theorem (slow!).
Definition: point_448.hxx:203
Scalar & operator/=(const Scalar &q)
Set this to this/q.
Definition: point_448.hxx:211
Scalar(Rng &rng) DECAF_NOEXCEPT
Construct from RNG.
Definition: point_448.hxx:107
bool operator==(const Scalar &q) const DECAF_NOEXCEPT
Compare in constant time.
Definition: point_448.hxx:220
Scalar & operator=(const Scalar &x) DECAF_NOEXCEPT
Assignment.
Definition: point_448.hxx:130
Scalar operator+(const Scalar &q) const DECAF_NOEXCEPT
Add.
Definition: point_448.hxx:169
Scalar(uint64_t w) DECAF_NOEXCEPT
Set to an unsigned word.
Definition: point_448.hxx:95
bool operator!=(const Scalar &q) const DECAF_NOEXCEPT
Compare in constant time.
Definition: point_448.hxx:217
Scalar & operator-=(const Scalar &q) DECAF_NOEXCEPT
Subtract from this.
Definition: point_448.hxx:178
Scalar & operator*=(const Scalar &q) DECAF_NOEXCEPT
Multiply into this.
Definition: point_448.hxx:184
Scalar & operator=(unsigned int w) DECAF_NOEXCEPT
Assign from unsigned int.
Definition: point_448.hxx:145
Scalar(unsigned int w) DECAF_NOEXCEPT
Set to an unsigned word.
Definition: point_448.hxx:101
Scalar operator-() const DECAF_NOEXCEPT
Negate.
Definition: point_448.hxx:187
static decaf_error_t DECAF_WARN_UNUSED decode(Scalar &sc, const FixedBlock< SER_BYTES > buffer) DECAF_NOEXCEPT
Decode from correct-length little-endian byte sequence.
Definition: point_448.hxx:162
Wrapped s
access to the underlying scalar object
Definition: point_448.hxx:87
decaf_448_scalar_t Wrapped
wrapped C type
Definition: point_448.hxx:81
Scalar(int w) DECAF_NOEXCEPT
Set to a signed word.
Definition: point_448.hxx:104
void serialize_into(unsigned char *buffer) const DECAF_NOEXCEPT
Serializable instance.
Definition: point_448.hxx:125
Scalar & operator=(int64_t w) DECAF_NOEXCEPT
Assign from signed int.
Definition: point_448.hxx:137
Scalar(const Wrapped &t=decaf_448_scalar_zero) DECAF_NOEXCEPT
Construct from decaf_scalar_t object.
Definition: point_448.hxx:113
Scalar & operator=(const Block &bl) DECAF_NOEXCEPT
Assign from arbitrary-length little-endian byte sequence in a Block.
Definition: point_448.hxx:154
A fixed-size stack-allocated buffer (for DECAF_NOEXCEPT semantics)
Definition: secure_buffer.hxx:331
A fixed-size block.
Definition: secure_buffer.hxx:247
A fixed-size block.
Definition: secure_buffer.hxx:304
An exception for when crypto (ie point decode) has failed.
Definition: secure_buffer.hxx:126
Prototype of a random number generator.
Definition: secure_buffer.hxx:138
Base class of objects which support serialization.
Definition: secure_buffer.hxx:89
void DECAF_API_VIS decaf_bzero(void *data, size_t size) DECAF_NONNULL
Overwrite data with zeros.
decaf_bool_t DECAF_API_VIS decaf_memeq(const void *data1, const void *data2, size_t size) DECAF_NONNULL DECAF_WARN_UNUSED
Compare two buffers, returning DECAF_TRUE if they are equal.
uint32_t decaf_bool_t
"Boolean" type, will be set to all-zero or all-one (i.e.
Definition: common.h:89
decaf_error_t
Another boolean type used to indicate success or failure.
Definition: common.h:120
@ DECAF_SUCCESS
The operation succeeded.
Definition: common.h:121
A group of prime order p, based on Ed448-Goldilocks.
#define DECAF_448_EDDSA_ENCODE_RATIO
EdDSA encoding ratio.
Definition: ed448.h:57
#define DECAF_EDDSA_448_PUBLIC_BYTES
Number of bytes in an EdDSA public key.
Definition: ed448.h:27
decaf_error_t DECAF_API_VIS decaf_448_point_decode_like_eddsa_and_mul_by_ratio(decaf_448_point_t p, const uint8_t enc[DECAF_EDDSA_448_PUBLIC_BYTES]) DECAF_NONNULL DECAF_NOINLINE
EdDSA point decoding.
#define DECAF_448_EDDSA_DECODE_RATIO
EdDSA decoding ratio.
Definition: ed448.h:60
void DECAF_API_VIS decaf_448_point_mul_by_ratio_and_encode_like_eddsa(uint8_t enc[DECAF_EDDSA_448_PUBLIC_BYTES], const decaf_448_point_t p) DECAF_NONNULL DECAF_NOINLINE
EdDSA point encoding.
const uint8_t decaf_x448_base_point[DECAF_X448_PUBLIC_BYTES]
The base point for X448 Diffie-Hellman.
Definition: decaf.c:66
Namespace for all libdecaf C++ objects.
Definition: ed255.hxx:41
std::vector< unsigned char, SanitizingAllocator< unsigned char, 0 > > SecureBuffer
A variant of std::vector which securely zerozes its state when destructed.
Definition: secure_buffer.hxx:79
A group of prime order p, based on Ed448-Goldilocks.
void DECAF_API_VIS decaf_448_scalar_halve(decaf_448_scalar_t out, const decaf_448_scalar_t a) DECAF_NONNULL DECAF_NOINLINE
Halve a scalar.
#define DECAF_X448_PUBLIC_BYTES
Number of bytes in an x448 public key.
Definition: point_448.h:62
void DECAF_API_VIS decaf_448_point_negate(decaf_448_point_t nega, const decaf_448_point_t a) DECAF_NONNULL
Negate a point to produce another point.
void DECAF_API_VIS decaf_448_point_sub(decaf_448_point_t diff, const decaf_448_point_t a, const decaf_448_point_t b) DECAF_NONNULL
Subtract two points to produce a third point.
void DECAF_API_VIS decaf_448_point_mul_by_ratio_and_encode_like_x448(uint8_t out[DECAF_X448_PUBLIC_BYTES], const decaf_448_point_t p) DECAF_NONNULL
Multiply a point by DECAF_X448_ENCODE_RATIO, then encode it like RFC 7748.
void DECAF_API_VIS decaf_448_point_encode(uint8_t ser[DECAF_448_SER_BYTES], const decaf_448_point_t pt) DECAF_NONNULL DECAF_NOINLINE
Encode a point as a sequence of bytes.
void DECAF_API_VIS decaf_448_base_double_scalarmul_non_secret(decaf_448_point_t combo, const decaf_448_scalar_t scalar1, const decaf_448_point_t base2, const decaf_448_scalar_t scalar2) DECAF_NONNULL DECAF_NOINLINE
Multiply two base points by two scalars: scaled = scalar1*decaf_448_point_base + scalar2*base2.
decaf_error_t DECAF_API_VIS decaf_448_invert_elligator_nonuniform(unsigned char recovered_hash[DECAF_448_HASH_BYTES], const decaf_448_point_t pt, uint32_t which) DECAF_NONNULL DECAF_NOINLINE DECAF_WARN_UNUSED
Inverse of elligator-like hash to curve.
struct decaf_448_point_s decaf_448_point_t[1]
Representation of a point on the elliptic curve.
#define DECAF_448_INVERT_ELLIGATOR_WHICH_BITS
Number of bits in the "which" field of an elligator inverse.
Definition: point_448.h:53
decaf_bool_t DECAF_API_VIS decaf_448_scalar_eq(const decaf_448_scalar_t a, const decaf_448_scalar_t b) DECAF_WARN_UNUSED DECAF_NONNULL DECAF_NOINLINE
Compare two scalars.
decaf_bool_t DECAF_API_VIS decaf_448_point_valid(const decaf_448_point_t to_test) DECAF_WARN_UNUSED DECAF_NONNULL DECAF_NOINLINE
Test that a point is valid, for debugging purposes.
void DECAF_API_VIS decaf_448_point_destroy(decaf_448_point_t point) DECAF_NONNULL
Securely erase a point by overwriting it with zeros.
decaf_error_t DECAF_API_VIS decaf_x448(uint8_t shared[DECAF_X448_PUBLIC_BYTES], const uint8_t base[DECAF_X448_PUBLIC_BYTES], const uint8_t scalar[DECAF_X448_PRIVATE_BYTES]) DECAF_NONNULL DECAF_WARN_UNUSED DECAF_NOINLINE
RFC 7748 Diffie-Hellman scalarmul, used to compute shared secrets.
#define DECAF_X448_ENCODE_RATIO
X448 encoding ratio.
Definition: point_448.h:59
void DECAF_API_VIS decaf_448_point_from_hash_nonuniform(decaf_448_point_t pt, const unsigned char hashed_data[DECAF_448_HASH_BYTES]) DECAF_NONNULL DECAF_NOINLINE
Almost-Elligator-like hash to curve.
#define DECAF_448_SCALAR_BYTES
Number of bytes in a serialized scalar.
Definition: point_448.h:50
void DECAF_API_VIS decaf_448_scalar_decode_long(decaf_448_scalar_t out, const unsigned char *ser, size_t ser_len) DECAF_NONNULL DECAF_NOINLINE
Read a scalar from wire format or from bytes.
void DECAF_API_VIS decaf_448_point_debugging_torque(decaf_448_point_t q, const decaf_448_point_t p) DECAF_NONNULL DECAF_NOINLINE
Torque a point, for debugging purposes.
void DECAF_API_VIS decaf_448_point_double_scalarmul(decaf_448_point_t combo, const decaf_448_point_t base1, const decaf_448_scalar_t scalar1, const decaf_448_point_t base2, const decaf_448_scalar_t scalar2) DECAF_NONNULL DECAF_NOINLINE
Multiply two base points by two scalars: scaled = scalar1*base1 + scalar2*base2.
void DECAF_API_VIS decaf_448_point_add(decaf_448_point_t sum, const decaf_448_point_t a, const decaf_448_point_t b) DECAF_NONNULL
Add two points to produce a third point.
decaf_bool_t DECAF_API_VIS decaf_448_point_eq(const decaf_448_point_t a, const decaf_448_point_t b) DECAF_WARN_UNUSED DECAF_NONNULL DECAF_NOINLINE
Test whether two points are equal.
decaf_error_t DECAF_API_VIS decaf_448_direct_scalarmul(uint8_t scaled[DECAF_448_SER_BYTES], const uint8_t base[DECAF_448_SER_BYTES], const decaf_448_scalar_t scalar, decaf_bool_t allow_identity, decaf_bool_t short_circuit) DECAF_NONNULL DECAF_WARN_UNUSED DECAF_NOINLINE
Multiply a base point by a scalar: scaled = scalar*base.
void DECAF_API_VIS decaf_448_point_from_hash_uniform(decaf_448_point_t pt, const unsigned char hashed_data[2 *DECAF_448_HASH_BYTES]) DECAF_NONNULL DECAF_NOINLINE
Indifferentiable hash function encoding to curve.
void DECAF_API_VIS decaf_448_scalar_destroy(decaf_448_scalar_t scalar) DECAF_NONNULL
Securely erase a scalar.
decaf_error_t DECAF_API_VIS decaf_448_scalar_decode(decaf_448_scalar_t out, const unsigned char ser[DECAF_448_SCALAR_BYTES]) DECAF_WARN_UNUSED DECAF_NONNULL DECAF_NOINLINE
Read a scalar from wire format or from bytes.
void DECAF_API_VIS decaf_448_point_debugging_pscale(decaf_448_point_t q, const decaf_448_point_t p, const unsigned char factor[DECAF_448_SER_BYTES]) DECAF_NONNULL DECAF_NOINLINE
Projectively scale a point, for debugging purposes.
struct decaf_448_scalar_s decaf_448_scalar_t[1]
Representation of an element of the scalar field.
void DECAF_API_VIS decaf_448_scalar_set_unsigned(decaf_448_scalar_t out, uint64_t a) DECAF_NONNULL
Set a scalar to an unsigned 64-bit integer.
void DECAF_API_VIS decaf_448_point_dual_scalarmul(decaf_448_point_t a1, decaf_448_point_t a2, const decaf_448_point_t base1, const decaf_448_scalar_t scalar1, const decaf_448_scalar_t scalar2) DECAF_NONNULL DECAF_NOINLINE
Multiply one base point by two scalars:
void DECAF_API_VIS decaf_448_precompute(decaf_448_precomputed_s *a, const decaf_448_point_t b) DECAF_NONNULL DECAF_NOINLINE
Precompute a table for fast scalar multiplication.
void DECAF_API_VIS decaf_448_scalar_mul(decaf_448_scalar_t out, const decaf_448_scalar_t a, const decaf_448_scalar_t b) DECAF_NONNULL DECAF_NOINLINE
Multiply two scalars.
void DECAF_API_VIS decaf_448_scalar_sub(decaf_448_scalar_t out, const decaf_448_scalar_t a, const decaf_448_scalar_t b) DECAF_NONNULL DECAF_NOINLINE
Subtract two scalars.
void DECAF_API_VIS decaf_448_point_scalarmul(decaf_448_point_t scaled, const decaf_448_point_t base, const decaf_448_scalar_t scalar) DECAF_NONNULL DECAF_NOINLINE
Multiply a base point by a scalar: scaled = scalar*base.
void DECAF_API_VIS decaf_x448_derive_public_key(uint8_t out[DECAF_X448_PUBLIC_BYTES], const uint8_t scalar[DECAF_X448_PRIVATE_BYTES]) DECAF_NONNULL DECAF_NOINLINE
RFC 7748 Diffie-Hellman base point scalarmul.
void DECAF_API_VIS decaf_448_point_double(decaf_448_point_t two_a, const decaf_448_point_t a) DECAF_NONNULL
Double a point.
#define DECAF_448_SER_BYTES
Number of bytes in a serialized point.
Definition: point_448.h:42
DECAF_API_VIS const decaf_448_point_t decaf_448_point_identity
The identity (zero) point on the curve.
DECAF_API_VIS const decaf_448_point_t decaf_448_point_base
An arbitrarily-chosen base point on the curve.
void DECAF_API_VIS decaf_448_precomputed_scalarmul(decaf_448_point_t scaled, const decaf_448_precomputed_s *base, const decaf_448_scalar_t scalar) DECAF_NONNULL DECAF_NOINLINE
Multiply a precomputed base point by a scalar: scaled = scalar*base.
void DECAF_API_VIS decaf_448_scalar_add(decaf_448_scalar_t out, const decaf_448_scalar_t a, const decaf_448_scalar_t b) DECAF_NONNULL DECAF_NOINLINE
Add two scalars.
#define DECAF_448_HASH_BYTES
Number of bytes in an elligated point.
Definition: point_448.h:47
#define DECAF_X448_PRIVATE_BYTES
Number of bytes in an x448 private key.
Definition: point_448.h:65
DECAF_API_VIS const struct decaf_448_precomputed_s * decaf_448_precomputed_base
Precomputed table of multiples of the base point on the curve.
DECAF_API_VIS const decaf_448_scalar_t decaf_448_scalar_zero
The scalar 0.
decaf_error_t DECAF_API_VIS decaf_448_point_decode(decaf_448_point_t pt, const uint8_t ser[DECAF_448_SER_BYTES], decaf_bool_t allow_identity) DECAF_WARN_UNUSED DECAF_NONNULL DECAF_NOINLINE
Decode a point from a sequence of bytes.
decaf_error_t DECAF_API_VIS decaf_448_invert_elligator_uniform(unsigned char recovered_hash[2 *DECAF_448_HASH_BYTES], const decaf_448_point_t pt, uint32_t which) DECAF_NONNULL DECAF_NOINLINE DECAF_WARN_UNUSED
Inverse of elligator-like hash to curve.
void DECAF_API_VIS decaf_448_scalar_encode(unsigned char ser[DECAF_448_SCALAR_BYTES], const decaf_448_scalar_t s) DECAF_NONNULL DECAF_NOINLINE DECAF_NOINLINE
Serialize a scalar to wire format.
DECAF_API_VIS const size_t decaf_448_sizeof_precomputed_s
Size and alignment of precomputed point tables.
struct decaf_448_precomputed_s decaf_448_precomputed_s
Precomputed table based on a point.
Definition: point_448.h:78
decaf_error_t DECAF_API_VIS decaf_448_scalar_invert(decaf_448_scalar_t out, const decaf_448_scalar_t a) DECAF_WARN_UNUSED DECAF_NONNULL DECAF_NOINLINE
Invert a scalar.
C++ self-zeroizing buffer.
X-only Diffie-Hellman ladder functions.
Definition: point_448.hxx:675
static decaf_error_t DECAF_WARN_UNUSED shared_secret_noexcept(FixedBuffer< PUBLIC_BYTES > &out, const FixedBlock< PUBLIC_BYTES > &pk, const FixedBlock< PRIVATE_BYTES > &scalar) DECAF_NOEXCEPT
Calculate and write into out a shared secret with public key, noexcept version.
Definition: point_448.hxx:702
static SecureBuffer derive_public_key(const FixedBlock< PRIVATE_BYTES > &scalar)
Calculate and return a public key; equivalent to shared_secret(base_point(),scalar) but possibly fast...
Definition: point_448.hxx:726
static void derive_public_key_noexcept(FixedBuffer< PUBLIC_BYTES > &out, const FixedBlock< PRIVATE_BYTES > &scalar) DECAF_NOEXCEPT
Calculate and return a public key into a fixed buffer; equivalent to shared_secret(base_point(),...
Definition: point_448.hxx:738
static const size_t PRIVATE_BYTES
Bytes in an X448 private key.
Definition: point_448.hxx:681
static const size_t PUBLIC_BYTES
Bytes in an X448 public key.
Definition: point_448.hxx:678
static const FixedBlock< PUBLIC_BYTES > base_point() DECAF_NOEXCEPT
Base point for a scalar multiplication.
Definition: point_448.hxx:684
static SecureBuffer DECAF_DEPRECATED("Renamed to derive_public_key") generate_key(const FixedBlock< PRIVATE_BYTES > &scalar)
Calculate and return a public key; equivalent to shared_secret(base_point(),scalar) but possibly fast...
Definition: point_448.hxx:714
static void generate_key_noexcept(FixedBuffer< PUBLIC_BYTES > &out, const FixedBlock< PRIVATE_BYTES > &scalar) DECAF_NOEXCEPT
Calculate and return a public key into a fixed buffer; equivalent to shared_secret(base_point(),...
Definition: point_448.hxx:751
static SecureBuffer shared_secret(const FixedBlock< PUBLIC_BYTES > &pk, const FixedBlock< PRIVATE_BYTES > &scalar)
Calculate and return a shared secret with public key.
Definition: point_448.hxx:689
Ed448-Goldilocks/Decaf instantiation of group.
Definition: point_448.hxx:55
static const char * name()
The name of the curve.
Definition: point_448.hxx:58
static const int REMOVED_COFACTOR
The curve's cofactor (removed, but useful for testing)
Definition: point_448.hxx:64
static const int FIELD_MODULUS_TYPE
Residue class of field modulus: p == this mod 2*(this-1)
Definition: point_448.hxx:67
static int bits()
The name of the curve.
Definition: point_448.hxx:61
Passed to constructors to avoid (conservative) initialization.
Definition: secure_buffer.hxx:133