1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146

// #![no_std]
#![no_std]
#![cfg_attr(docsrs, feature(doc_auto_cfg))]
#![doc = include_str!("../README.md")]
#![doc(
    html_logo_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg",
    html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg"
)]
#![forbid(unsafe_code)]
#![warn(
    clippy::mod_module_files,
    clippy::cast_lossless,
    clippy::cast_possible_truncation,
    clippy::cast_possible_wrap,
    clippy::cast_precision_loss,
    clippy::cast_sign_loss,
    clippy::checked_conversions,
    clippy::implicit_saturating_sub,
    clippy::arithmetic_side_effects,
    clippy::panic,
    clippy::panic_in_result_fn,
    clippy::unwrap_used,
    missing_docs,
    rust_2018_idioms,
    unused_lifetimes,
    unused_qualifications
)]

#[cfg(feature = "alloc")]
#[allow(unused_extern_crates)]
extern crate alloc;

#[cfg(feature = "arithmetic")]
pub mod arithmetic;

#[cfg(any(feature = "test-vectors", test))]
pub mod test_vectors;

#[cfg(feature = "dsa")]
pub mod dsa;

pub use elliptic_curve::{self, bigint::U256};

#[cfg(feature = "arithmetic")]
pub use arithmetic::{scalar::Scalar, AffinePoint, ProjectivePoint};

#[cfg(feature = "pkcs8")]
pub use elliptic_curve::pkcs8;

use elliptic_curve::{
    bigint::ArrayEncoding,
    consts::{U32, U33},
    generic_array::GenericArray,
    FieldBytesEncoding,
};

#[cfg(feature = "dsa")]
type Hash = belt_hash::digest::Output<belt_hash::BeltHash>;

/// Order of BIGN P-256's elliptic curve group (i.e. scalar modulus) in hexadecimal.
const ORDER_HEX: &str = "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD95C8ED60DFB4DFC7E5ABF99263D6607";

/// BIGN P-256 elliptic curve.
///
/// This curve is also known as bign-curve256v1
/// and is specified in [STB 34.101.45-2013]:
/// Recommendations for Discrete Logarithm-based Cryptography:
/// Elliptic Curve Domain Parameters.
///
///
/// Its equation is `y² = x³ + ax + b` over a ~256-bit prime field.
///
/// ```text
/// a = 115792089237316195423570985008687907853269984665640564039457584007913129639744
/// b = 54189945433829174764701416670523239872420438478408031144987871676190519198705
/// ```
///
/// [STB 34.101.45-2013]: https://apmi.bsu.by/assets/files/std/bign-spec294.pdf
#[derive(Copy, Clone, Debug, Default, Eq, PartialEq, PartialOrd, Ord)]
pub struct BignP256;

impl elliptic_curve::Curve for BignP256 {
    /// 256-bit integer type used for internally representing field elements.
    type FieldBytesSize = U32;
    type Uint = U256;

    /// Order of BIGN P-256's elliptic curve group (i.e. scalar modulus).
    const ORDER: U256 = U256::from_be_hex(ORDER_HEX);
}

impl elliptic_curve::PrimeCurve for BignP256 {}

impl elliptic_curve::point::PointCompression for BignP256 {
    /// BIGN P-256 points are typically uncompressed.
    const COMPRESS_POINTS: bool = false;
}

impl elliptic_curve::point::PointCompaction for BignP256 {
    /// BIGN P-256 points are typically uncompressed.
    const COMPACT_POINTS: bool = false;
}

#[cfg(feature = "pkcs8")]
impl pkcs8::AssociatedOid for BignP256 {
    const OID: pkcs8::ObjectIdentifier =
        pkcs8::ObjectIdentifier::new_unwrap("1.2.112.0.2.0.34.101.45.1");
}

/// Compressed SEC1-encoded BIGN P256 curve point.
pub type CompressedPoint = GenericArray<u8, U33>;

/// BIGN P-256 field element serialized as bytes.
///
/// Byte array containing a serialized field element value (base field or scalar).
pub type FieldBytes = elliptic_curve::FieldBytes<BignP256>;

/// SEC1 encoded point.
pub type EncodedPoint = elliptic_curve::sec1::EncodedPoint<BignP256>;

impl FieldBytesEncoding<BignP256> for U256 {
    fn decode_field_bytes(field_bytes: &FieldBytes) -> Self {
        U256::from_be_byte_array(*field_bytes)
    }

    fn encode_field_bytes(&self) -> FieldBytes {
        self.to_be_byte_array()
    }
}

/// Non-zero scalar field element.
#[cfg(feature = "arithmetic")]
pub type NonZeroScalar = elliptic_curve::NonZeroScalar<BignP256>;

/// BIGN P-256 public key.
#[cfg(feature = "arithmetic")]
pub type PublicKey = elliptic_curve::PublicKey<BignP256>;

/// BIGN P-256 secret key.
pub type SecretKey = elliptic_curve::SecretKey<BignP256>;

#[cfg(not(feature = "arithmetic"))]
impl elliptic_curve::sec1::ValidatePublicKey for BignP256 {}

/// Bit representation of a BIGN P-256 scalar field element.
#[cfg(feature = "bits")]
pub type ScalarBits = elliptic_curve::ScalarBits<BignP256>;