randombit/botan | Build 5079590438 | source/src/lib/pubkey/ec_group/ec_point.cpp | Coveralls

18

EC_Point::EC_Point(const CurveGFp& curve) : m_curve(curve), m_coord_x(0), m_coord_y(curve.get_1_rep()), m_coord_z(0) {

24,432✔

20

24,432✔

22

EC_Point::EC_Point(const CurveGFp& curve, const BigInt& x, const BigInt& y) :

20,545✔

23

      m_curve(curve), m_coord_x(x), m_coord_y(y), m_coord_z(m_curve.get_1_rep()) {

20,545✔

24

   if(x < 0 || x >= curve.get_p())

41,090✔

25

      throw Invalid_Argument("Invalid EC_Point affine x");

558✔

26

   if(y < 0 || y >= curve.get_p())

39,828✔

27

      throw Invalid_Argument("Invalid EC_Point affine y");

214✔

29

   secure_vector<word> monty_ws(m_curve.get_ws_size());

19,773✔

30

   m_curve.to_rep(m_coord_x, monty_ws);

19,773✔

31

   m_curve.to_rep(m_coord_y, monty_ws);

19,773✔

32

22,855✔

34

void EC_Point::randomize_repr(RandomNumberGenerator& rng) {

749✔

35

   secure_vector<word> ws(m_curve.get_ws_size());

749✔

36

   randomize_repr(rng, ws);

749✔

37

749✔

39

void EC_Point::randomize_repr(RandomNumberGenerator& rng, secure_vector<word>& ws) {

6,411✔

40

   const BigInt mask = BigInt::random_integer(rng, 2, m_curve.get_p());

6,411✔

49

   const BigInt mask2 = m_curve.sqr_to_tmp(mask, ws);

6,411✔

50

   const BigInt mask3 = m_curve.mul_to_tmp(mask2, mask, ws);

6,411✔

52

   m_coord_x = m_curve.mul_to_tmp(m_coord_x, mask2, ws);

6,411✔

53

   m_coord_y = m_curve.mul_to_tmp(m_coord_y, mask3, ws);

6,411✔

54

   m_coord_z = m_curve.mul_to_tmp(m_coord_z, mask, ws);

12,822✔

55

19,233✔

59

inline void resize_ws(std::vector<BigInt>& ws_bn, size_t cap_size) {

9,765,878✔

60

   BOTAN_ASSERT(ws_bn.size() >= EC_Point::WORKSPACE_SIZE, "Expected size for EC_Point workspace");

9,765,878✔

62

   for(auto& ws : ws_bn)

87,892,902✔

63

      if(ws.size() < cap_size)

78,127,024✔

64

         ws.get_word_vector().resize(cap_size);

1,488,967✔

65

9,765,878✔

69

void EC_Point::add_affine(

2,284,868✔

71

   if((CT::all_zeros(x_words, x_size) & CT::all_zeros(y_words, y_size)).is_set()) {

17,087,931✔

75

   if(is_zero()) {

4,459,182✔

76

      m_coord_x.set_words(x_words, x_size);

15,623✔

77

      m_coord_y.set_words(y_words, y_size);

15,623✔

78

      m_coord_z = m_curve.get_1_rep();

15,623✔

79

      return;

15,623✔

82

   resize_ws(ws_bn, m_curve.get_ws_size());

2,213,991✔

84

   secure_vector<word>& ws = ws_bn[0].get_word_vector();

2,213,991✔

85

   secure_vector<word>& sub_ws = ws_bn[1].get_word_vector();

2,213,991✔

87

   BigInt& T0 = ws_bn[2];

2,213,991✔

88

   BigInt& T1 = ws_bn[3];

2,213,991✔

89

   BigInt& T2 = ws_bn[4];

2,213,991✔

90

   BigInt& T3 = ws_bn[5];

2,213,991✔

91

   BigInt& T4 = ws_bn[6];

2,213,991✔

98

   const BigInt& p = m_curve.get_p();

2,213,991✔

100

   m_curve.sqr(T3, m_coord_z, ws);            // z1^2

2,213,991✔

101

   m_curve.mul(T4, x_words, x_size, T3, ws);  // x2*z1^2

2,213,991✔

103

   m_curve.mul(T2, m_coord_z, T3, ws);        // z1^3

2,213,991✔

104

   m_curve.mul(T0, y_words, y_size, T2, ws);  // y2*z1^3

2,213,991✔

106

   T4.mod_sub(m_coord_x, p, sub_ws);  // x2*z1^2 - x1*z2^2

2,213,991✔

108

   T0.mod_sub(m_coord_y, p, sub_ws);

2,213,991✔

110

   if(T4.is_zero()) {

4,427,982✔

111

      if(T0.is_zero()) {

316✔

112

         mult2(ws_bn);

19✔

113

         return;

19✔

117

      m_coord_x.clear();

139✔

118

      m_coord_y = m_curve.get_1_rep();

139✔

119

      m_coord_z.clear();

139✔

120

      return;

139✔

123

   m_curve.sqr(T2, T4, ws);

2,213,833✔

125

   m_curve.mul(T3, m_coord_x, T2, ws);

2,213,833✔

127

   m_curve.mul(T1, T2, T4, ws);

2,213,833✔

129

   m_curve.sqr(m_coord_x, T0, ws);

2,213,833✔

130

   m_coord_x.mod_sub(T1, p, sub_ws);

2,213,833✔

132

   m_coord_x.mod_sub(T3, p, sub_ws);

2,213,833✔

133

   m_coord_x.mod_sub(T3, p, sub_ws);

2,213,833✔

135

   T3.mod_sub(m_coord_x, p, sub_ws);

2,213,833✔

137

   m_curve.mul(T2, T0, T3, ws);

2,213,833✔

138

   m_curve.mul(T0, m_coord_y, T1, ws);

2,213,833✔

139

   T2.mod_sub(T0, p, sub_ws);

2,213,833✔

140

   m_coord_y.swap(T2);

2,213,833✔

142

   m_curve.mul(T0, m_coord_z, T4, ws);

2,213,833✔

143

   m_coord_z.swap(T0);

2,213,833✔

146

void EC_Point::add(const word x_words[],

1,476,041✔

153

   if((CT::all_zeros(x_words, x_size) & CT::all_zeros(z_words, z_size)).is_set())

10,998,942✔

156

   if(is_zero()) {

2,874,823✔

157

      m_coord_x.set_words(x_words, x_size);

5,817✔

158

      m_coord_y.set_words(y_words, y_size);

5,817✔

159

      m_coord_z.set_words(z_words, z_size);

5,817✔

160

      return;

5,817✔

163

   resize_ws(ws_bn, m_curve.get_ws_size());

1,446,688✔

165

   secure_vector<word>& ws = ws_bn[0].get_word_vector();

1,446,688✔

166

   secure_vector<word>& sub_ws = ws_bn[1].get_word_vector();

1,446,688✔

168

   BigInt& T0 = ws_bn[2];

1,446,688✔

169

   BigInt& T1 = ws_bn[3];

1,446,688✔

170

   BigInt& T2 = ws_bn[4];

1,446,688✔

171

   BigInt& T3 = ws_bn[5];

1,446,688✔

172

   BigInt& T4 = ws_bn[6];

1,446,688✔

173

   BigInt& T5 = ws_bn[7];

1,446,688✔

179

   const BigInt& p = m_curve.get_p();

1,446,688✔

181

   m_curve.sqr(T0, z_words, z_size, ws);      // z2^2

1,446,688✔

182

   m_curve.mul(T1, m_coord_x, T0, ws);        // x1*z2^2

1,446,688✔

183

   m_curve.mul(T3, z_words, z_size, T0, ws);  // z2^3

1,446,688✔

184

   m_curve.mul(T2, m_coord_y, T3, ws);        // y1*z2^3

1,446,688✔

186

   m_curve.sqr(T3, m_coord_z, ws);            // z1^2

1,446,688✔

187

   m_curve.mul(T4, x_words, x_size, T3, ws);  // x2*z1^2

1,446,688✔

189

   m_curve.mul(T5, m_coord_z, T3, ws);        // z1^3

1,446,688✔

190

   m_curve.mul(T0, y_words, y_size, T5, ws);  // y2*z1^3

1,446,688✔

192

   T4.mod_sub(T1, p, sub_ws);  // x2*z1^2 - x1*z2^2

1,446,688✔

194

   T0.mod_sub(T2, p, sub_ws);

1,446,688✔

196

   if(T4.is_zero()) {

2,893,376✔

197

      if(T0.is_zero()) {

974✔

198

         mult2(ws_bn);

151✔

199

         return;

151✔

203

      m_coord_x.clear();

336✔

204

      m_coord_y = m_curve.get_1_rep();

336✔

205

      m_coord_z.clear();

336✔

206

      return;

336✔

209

   m_curve.sqr(T5, T4, ws);

1,446,201✔

211

   m_curve.mul(T3, T1, T5, ws);

1,446,201✔

213

   m_curve.mul(T1, T5, T4, ws);

1,446,201✔

215

   m_curve.sqr(m_coord_x, T0, ws);

1,446,201✔

216

   m_coord_x.mod_sub(T1, p, sub_ws);

1,446,201✔

217

   m_coord_x.mod_sub(T3, p, sub_ws);

1,446,201✔

218

   m_coord_x.mod_sub(T3, p, sub_ws);

1,446,201✔

220

   T3.mod_sub(m_coord_x, p, sub_ws);

1,446,201✔

222

   m_curve.mul(m_coord_y, T0, T3, ws);

1,446,201✔

223

   m_curve.mul(T3, T2, T1, ws);

1,446,201✔

225

   m_coord_y.mod_sub(T3, p, sub_ws);

1,446,201✔

227

   m_curve.mul(T3, z_words, z_size, m_coord_z, ws);

1,446,201✔

228

   m_curve.mul(m_coord_z, T3, T4, ws);

1,446,201✔

231

void EC_Point::mult2i(size_t iterations, std::vector<BigInt>& ws_bn) {

2,279,011✔

232

   if(iterations == 0)

2,279,011✔

235

   if(m_coord_y.is_zero()) {

4,555,196✔

244

   for(size_t i = 0; i != iterations; ++i)

7,458,723✔

245

      mult2(ws_bn);

5,179,712✔

249

void EC_Point::mult2(std::vector<BigInt>& ws_bn) {

6,111,354✔

250

   if(is_zero())

12,189,464✔

253

   if(m_coord_y.is_zero()) {

9,934,242✔

258

   resize_ws(ws_bn, m_curve.get_ws_size());

6,105,199✔

260

   secure_vector<word>& ws = ws_bn[0].get_word_vector();

6,105,199✔

261

   secure_vector<word>& sub_ws = ws_bn[1].get_word_vector();

6,105,199✔

263

   BigInt& T0 = ws_bn[2];

6,105,199✔

264

   BigInt& T1 = ws_bn[3];

6,105,199✔

265

   BigInt& T2 = ws_bn[4];

6,105,199✔

266

   BigInt& T3 = ws_bn[5];

6,105,199✔

267

   BigInt& T4 = ws_bn[6];

6,105,199✔

272

   const BigInt& p = m_curve.get_p();

6,105,199✔

274

   m_curve.sqr(T0, m_coord_y, ws);

6,105,199✔

276

   m_curve.mul(T1, m_coord_x, T0, ws);

6,105,199✔

277

   T1.mod_mul(4, p, sub_ws);

6,105,199✔

279

   if(m_curve.a_is_zero()) {

6,105,199✔

281

      m_curve.sqr(T4, m_coord_x, ws);  // x^2

268,490✔

282

      T4.mod_mul(3, p, sub_ws);        // 3*x^2

268,490✔

283

   } else if(m_curve.a_is_minus_3()) {

5,836,709✔

288

      m_curve.sqr(T3, m_coord_z, ws);  // z^2

4,627,918✔

291

      T2 = m_coord_x;

4,627,918✔

292

      T2.mod_sub(T3, p, sub_ws);

4,627,918✔

295

      T3.mod_add(m_coord_x, p, sub_ws);

4,627,918✔

297

      m_curve.mul(T4, T2, T3, ws);  // (x-z^2)*(x+z^2)

4,627,918✔

299

      T4.mod_mul(3, p, sub_ws);  // 3*(x-z^2)*(x+z^2)

4,627,918✔

301

      m_curve.sqr(T3, m_coord_z, ws);                // z^2

1,208,791✔

302

      m_curve.sqr(T4, T3, ws);                       // z^4

1,208,791✔

303

      m_curve.mul(T3, m_curve.get_a_rep(), T4, ws);  // a*z^4

1,208,791✔

305

      m_curve.sqr(T4, m_coord_x, ws);  // x^2

1,208,791✔

306

      T4.mod_mul(3, p, sub_ws);

1,208,791✔

307

      T4.mod_add(T3, p, sub_ws);  // 3*x^2 + a*z^4

1,208,791✔

310

   m_curve.sqr(T2, T4, ws);

6,105,199✔

311

   T2.mod_sub(T1, p, sub_ws);

6,105,199✔

312

   T2.mod_sub(T1, p, sub_ws);

6,105,199✔

314

   m_curve.sqr(T3, T0, ws);

6,105,199✔

315

   T3.mod_mul(8, p, sub_ws);

6,105,199✔

317

   T1.mod_sub(T2, p, sub_ws);

6,105,199✔

319

   m_curve.mul(T0, T4, T1, ws);

6,105,199✔

320

   T0.mod_sub(T3, p, sub_ws);

6,105,199✔

322

   m_coord_x.swap(T2);

6,105,199✔

324

   m_curve.mul(T2, m_coord_y, m_coord_z, ws);

6,105,199✔

325

   T2.mod_mul(2, p, sub_ws);

6,105,199✔

327

   m_coord_y.swap(T0);

6,105,199✔

328

   m_coord_z.swap(T2);

6,111,354✔

332

EC_Point& EC_Point::operator+=(const EC_Point& rhs) {

2,376✔

333

   std::vector<BigInt> ws(EC_Point::WORKSPACE_SIZE);

2,376✔

334

   add(rhs, ws);

2,376✔

335

   return *this;

2,375✔

336

2,376✔

338

EC_Point& EC_Point::operator-=(const EC_Point& rhs) {

82✔

339

   EC_Point minus_rhs = EC_Point(rhs).negate();

82✔

341

   if(is_zero())

82✔

344

      *this += minus_rhs;

82✔

346

   return *this;

82✔

347

82✔

349

EC_Point& EC_Point::operator*=(const BigInt& scalar) {

67✔

350

   *this = scalar * *this;

67✔

351

   return *this;

67✔

354

EC_Point operator*(const BigInt& scalar, const EC_Point& point) {

2,956✔

355

   BOTAN_DEBUG_ASSERT(point.on_the_curve());

2,956✔

357

   const size_t scalar_bits = scalar.bits();

2,956✔

359

   std::vector<BigInt> ws(EC_Point::WORKSPACE_SIZE);

2,956✔

361

   EC_Point R[2] = {point.zero(), point};

8,868✔

363

   for(size_t i = scalar_bits; i > 0; i--) {

503,055✔

364

      const size_t b = scalar.get_bit(i - 1);

500,099✔

365

      R[b ^ 1].add(R[b], ws);

500,099✔

366

      R[b].mult2(ws);

500,099✔

369

   if(scalar.is_negative())

2,956✔

372

   BOTAN_DEBUG_ASSERT(R[0].on_the_curve());

2,956✔

374

   return R[0];

5,912✔

375

11,824✔

378

void EC_Point::force_all_affine(std::vector<EC_Point>& points, secure_vector<word>& ws) {

10,824✔

379

   if(points.size() <= 1) {

10,824✔

385

   for(auto& point : points) {

1,072,545✔

386

      if(point.is_zero())

1,973,838✔

399

   const CurveGFp& curve = points[0].m_curve;

10,824✔

400

   const BigInt& rep_1 = curve.get_1_rep();

10,824✔

402

   if(ws.size() < curve.get_ws_size())

10,824✔

405

   std::vector<BigInt> c(points.size());

10,824✔

406

   c[0] = points[0].m_coord_z;

10,824✔

408

   for(size_t i = 1; i != points.size(); ++i) {

1,061,721✔

409

      curve.mul(c[i], c[i - 1], points[i].m_coord_z, ws);

2,101,794✔

412

   BigInt s_inv = curve.invert_element(c[c.size() - 1], ws);

10,824✔

414

   BigInt z_inv, z2_inv, z3_inv;

10,824✔

416

   for(size_t i = points.size() - 1; i != 0; i--) {

1,061,721✔

417

      EC_Point& point = points[i];

1,050,897✔

419

      curve.mul(z_inv, s_inv, c[i - 1], ws);

1,050,897✔

421

      s_inv = curve.mul_to_tmp(s_inv, point.m_coord_z, ws);

1,050,897✔

423

      curve.sqr(z2_inv, z_inv, ws);

1,050,897✔

424

      curve.mul(z3_inv, z2_inv, z_inv, ws);

1,050,897✔

425

      point.m_coord_x = curve.mul_to_tmp(point.m_coord_x, z2_inv, ws);

2,101,794✔

426

      point.m_coord_y = curve.mul_to_tmp(point.m_coord_y, z3_inv, ws);

2,101,794✔

427

      point.m_coord_z = rep_1;

1,050,897✔

430

   curve.sqr(z2_inv, s_inv, ws);

10,824✔

431

   curve.mul(z3_inv, z2_inv, s_inv, ws);

10,824✔

432

   points[0].m_coord_x = curve.mul_to_tmp(points[0].m_coord_x, z2_inv, ws);

21,648✔

433

   points[0].m_coord_y = curve.mul_to_tmp(points[0].m_coord_y, z3_inv, ws);

21,648✔

434

   points[0].m_coord_z = rep_1;

10,824✔

435

43,296✔

437

void EC_Point::force_affine() {

1,377✔

438

   if(is_zero())

1,377✔

441

   secure_vector<word> ws;

1,377✔

443

   const BigInt z_inv = m_curve.invert_element(m_coord_z, ws);

1,377✔

444

   const BigInt z2_inv = m_curve.sqr_to_tmp(z_inv, ws);

1,377✔

445

   const BigInt z3_inv = m_curve.mul_to_tmp(z_inv, z2_inv, ws);

1,377✔

446

   m_coord_x = m_curve.mul_to_tmp(m_coord_x, z2_inv, ws);

1,377✔

447

   m_coord_y = m_curve.mul_to_tmp(m_coord_y, z3_inv, ws);

1,377✔

448

   m_coord_z = m_curve.get_1_rep();

1,377✔

449

5,508✔

451

bool EC_Point::is_affine() const { return m_curve.is_one(m_coord_z); }

40,935✔

453

BigInt EC_Point::get_affine_x() const {

27,436✔

454

   if(is_zero())

30,659✔

455

      throw Invalid_State("Cannot convert zero point to affine");

27✔

457

   secure_vector<word> monty_ws;

27,409✔

459

   if(is_affine())

27,409✔

460

      return m_curve.from_rep_to_tmp(m_coord_x, monty_ws);

2,365✔

462

   BigInt z2 = m_curve.sqr_to_tmp(m_coord_z, monty_ws);

25,044✔

463

   z2 = m_curve.invert_element(z2, monty_ws);

25,044✔

465

   BigInt r;

25,044✔

466

   m_curve.mul(r, m_coord_x, z2, monty_ws);

25,044✔

467

   m_curve.from_rep(r, monty_ws);

25,044✔

468

   return r;

25,044✔

469

79,022✔

471

BigInt EC_Point::get_affine_y() const {

13,553✔

472

   if(is_zero())

13,553✔

473

      throw Invalid_State("Cannot convert zero point to affine");

27✔

475

   secure_vector<word> monty_ws;

13,526✔

477

   if(is_affine())

13,526✔

478

      return m_curve.from_rep_to_tmp(m_coord_y, monty_ws);

2,358✔

480

   const BigInt z2 = m_curve.sqr_to_tmp(m_coord_z, monty_ws);

11,168✔

481

   const BigInt z3 = m_curve.mul_to_tmp(m_coord_z, z2, monty_ws);

11,168✔

482

   const BigInt z3_inv = m_curve.invert_element(z3, monty_ws);

11,168✔

484

   BigInt r;

11,168✔

485

   m_curve.mul(r, m_coord_y, z3_inv, monty_ws);

11,168✔

486

   m_curve.from_rep(r, monty_ws);

11,168✔

487

   return r;

11,168✔

488

59,718✔

490

bool EC_Point::on_the_curve() const {

29,549✔

497

   if(is_zero())

41,480✔

500

   secure_vector<word> monty_ws;

29,487✔

502

   const BigInt y2 = m_curve.from_rep_to_tmp(m_curve.sqr_to_tmp(m_coord_y, monty_ws), monty_ws);

29,487✔

503

   const BigInt x3 = m_curve.mul_to_tmp(m_coord_x, m_curve.sqr_to_tmp(m_coord_x, monty_ws), monty_ws);

29,487✔

504

   const BigInt ax = m_curve.mul_to_tmp(m_coord_x, m_curve.get_a_rep(), monty_ws);

29,487✔

505

   const BigInt z2 = m_curve.sqr_to_tmp(m_coord_z, monty_ws);

29,487✔

507

   if(m_coord_z == z2)  // Is z equal to 1 (in Montgomery form)?

29,487✔

509

      if(y2 != m_curve.from_rep_to_tmp(x3 + ax + m_curve.get_b_rep(), monty_ws))

132,380✔

513

   const BigInt z3 = m_curve.mul_to_tmp(m_coord_z, z2, monty_ws);

29,220✔

514

   const BigInt ax_z4 = m_curve.mul_to_tmp(ax, m_curve.sqr_to_tmp(z2, monty_ws), monty_ws);

29,220✔

515

   const BigInt b_z6 = m_curve.mul_to_tmp(m_curve.get_b_rep(), m_curve.sqr_to_tmp(z3, monty_ws), monty_ws);

29,220✔

517

   if(y2 != m_curve.from_rep_to_tmp(x3 + ax_z4 + b_z6, monty_ws))

146,100✔

518

      return false;

49✔

521

235,424✔

524

void EC_Point::swap(EC_Point& other) {

934,709✔

525

   m_curve.swap(other.m_curve);

934,709✔

526

   m_coord_x.swap(other.m_coord_x);

934,709✔

527

   m_coord_y.swap(other.m_coord_y);

934,709✔

528

   m_coord_z.swap(other.m_coord_z);

934,709✔

529

934,709✔

531

bool EC_Point::operator==(const EC_Point& other) const {

5,333✔

532

   if(m_curve != other.m_curve)

5,333✔

536

   if(is_zero())

8,121✔

537

      return other.is_zero();

202✔

539

   return (get_affine_x() == other.get_affine_x() && get_affine_y() == other.get_affine_y());

25,687✔

543

std::vector<uint8_t> EC_Point::encode(EC_Point_Format format) const {

1,856✔

544

   if(is_zero())

1,936✔

545

      return std::vector<uint8_t>(1);  // single 0 byte

162✔

547

   const size_t p_bytes = m_curve.get_p().bytes();

1,694✔

549

   const BigInt x = get_affine_x();

1,694✔

550

   const BigInt y = get_affine_y();

1,694✔

552

   std::vector<uint8_t> result;

1,694✔

554

   if(format == EC_Point_Format::Uncompressed) {

1,694✔

555

      result.resize(1 + 2 * p_bytes);

1,476✔

556

      result[0] = 0x04;

1,476✔

557

      BigInt::encode_1363(&result[1], p_bytes, x);

1,476✔

558

      BigInt::encode_1363(&result[1 + p_bytes], p_bytes, y);

1,476✔

559

   } else if(format == EC_Point_Format::Compressed) {

218✔

560

      result.resize(1 + p_bytes);

126✔

561

      result[0] = 0x02 | static_cast<uint8_t>(y.get_bit(0));

252✔

562

      BigInt::encode_1363(&result[1], p_bytes, x);

126✔

563

   } else if(format == EC_Point_Format::Hybrid) {

92✔

564

      result.resize(1 + 2 * p_bytes);

92✔

565

      result[0] = 0x06 | static_cast<uint8_t>(y.get_bit(0));

184✔

566

      BigInt::encode_1363(&result[1], p_bytes, x);

92✔

567

      BigInt::encode_1363(&result[1 + p_bytes], p_bytes, y);

92✔

571

   return result;

1,694✔

572

5,244✔

576

BigInt decompress_point(

6,231✔

578

   BigInt xpow3 = x * x * x;

6,231✔

580

   BigInt g = curve_a * x;

6,231✔

581

   g += xpow3;

6,231✔

582

   g += curve_b;

6,231✔

583

   g = g % curve_p;

6,231✔

585

   BigInt z = sqrt_modulo_prime(g, curve_p);

6,231✔

587

   if(z < 0)

6,231✔

588

      throw Decoding_Error("Error during EC point decompression");

2,376✔

590

   if(z.get_bit(0) != yMod2)

7,710✔

591

      z = curve_p - z;

3,956✔

593

   return z;

3,855✔

594

12,452✔

598

EC_Point OS2ECP(const uint8_t data[], size_t data_len, const CurveGFp& curve) {

9,813✔

600

   if(data_len <= 1)

9,813✔

601

      return EC_Point(curve);  // return zero

173✔

603

   std::pair<BigInt, BigInt> xy = OS2ECP(data, data_len, curve.get_p(), curve.get_a(), curve.get_b());

9,640✔

605

   EC_Point point(curve, xy.first, xy.second);

7,066✔

607

   if(!point.on_the_curve())

6,480✔

608

      throw Decoding_Error("OS2ECP: Decoded point was not on the curve");

200✔

610

   return point;

6,280✔

611

7,266✔

613

std::pair<BigInt, BigInt> OS2ECP(

9,672✔

615

   if(data_len <= 1)

9,672✔

618

   const uint8_t pc = data[0];

9,672✔

620

   BigInt x, y;

9,672✔

622

   if(pc == 2 || pc == 3) {

9,672✔

624

      x = BigInt::decode(&data[1], data_len - 1);

5,748✔

626

      const bool y_mod_2 = ((pc & 0x01) == 1);

5,748✔

627

      y = decompress_point(y_mod_2, x, curve_p, curve_a, curve_b);

5,748✔

628

   } else if(pc == 4) {

3,924✔

629

      const size_t l = (data_len - 1) / 2;

3,420✔

632

      x = BigInt::decode(&data[1], l);

3,420✔

633

      y = BigInt::decode(&data[l + 1], l);

3,420✔

634

   } else if(pc == 6 || pc == 7) {

504✔

635

      const size_t l = (data_len - 1) / 2;

483✔

638

      x = BigInt::decode(&data[1], l);

483✔

639

      y = BigInt::decode(&data[l + 1], l);

483✔

641

      const bool y_mod_2 = ((pc & 0x01) == 1);

483✔

643

      if(decompress_point(y_mod_2, x, curve_p, curve_a, curve_b) != y)

3,702✔

644

         throw Decoding_Error("OS2ECP: Decoding error in hybrid format");

177✔

646

      throw Invalid_Argument("OS2ECP: Unknown format type " + std::to_string(pc));

42✔

648

   return std::make_pair(x, y);

7,098✔

649

16,762✔

randombit / botan / 5079590438

Source File
Press 'n' to go to next uncovered line, 'b' for previous

randombit / botan / 5079590438

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous