Struct p256::NistP256

source · 
pub struct NistP256;
Expand description

NIST P-256 elliptic curve.

This curve is also known as prime256v1 (ANSI X9.62) and secp256r1 (SECG) and is specified in FIPS 186-4: Digital Signature Standard (DSS):

https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf

It’s included in the US National Security Agency’s “Suite B” and is widely used in protocols like TLS and the associated X.509 PKI.

Its equation is y² = x³ - 3x + b over a ~256-bit prime field where b is the “verifiably random”† constant:

b = 41058363725152142129326129780047268409114441015993725554835256314039467401291

NOTE: the specific origins of this constant have never been fully disclosed (it is the SHA-1 digest of an inexplicable NSA-selected constant)

Trait Implementations§

Elliptic curve point in affine coordinates.
The OID associated with this type.
Returns a copy of the value. Read more
Performs copy-assignment from source. Read more

256-bit integer type used for internally representing field elements.

Order of NIST P-256’s elliptic curve group (i.e. scalar modulus).

n = FFFFFFFF 00000000 FFFFFFFF FFFFFFFF BCE6FAAD A7179E84 F3B9CAC2 FC632551
Calculating the order

One way to calculate the order is with GP/PARI:

p = (2^224) * (2^32 - 1) + 2^192 + 2^96 - 1
b = 41058363725152142129326129780047268409114441015993725554835256314039467401291
E = ellinit([Mod(-3, p), Mod(b, p)])
default(parisize, 120000000)
n = ellsea(E)
isprime(n)
Formats the value using the given formatter. Read more
Returns the “default value” for a type. Read more
Preferred digest to use when computing ECDSA signatures for this elliptic curve. This is typically a member of the SHA-2 family.
The field element representation for a group value with multiple elements
Computes the hash to curve routine. Read more
Computes the encode to curve routine. Read more
The crv parameter which identifies a particular elliptic curve as defined in RFC 7518 Section 6.2.1.1: https://tools.ietf.org/html/rfc7518#section-6.2.1.1 Read more
This method returns an Ordering between self and other. Read more
Compares and returns the maximum of two values. Read more
Compares and returns the minimum of two values. Read more
Restrict a value to a certain interval. Read more
This method tests for self and other values to be equal, and is used by ==.
This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
This method returns an ordering between self and other values if one exists. Read more
This method tests less than (for self and other) and is used by the < operator. Read more
This method tests less than or equal to (for self and other) and is used by the <= operator. Read more
This method tests greater than (for self and other) and is used by the > operator. Read more
This method tests greater than or equal to (for self and other) and is used by the >= operator. Read more

NIST P-256 points are typically uncompressed.

NIST P-256 points are typically uncompressed.

Prime order elliptic curve group.

a = -3

Base point of P-256.

Defined in FIPS 186-4 § D.1.2.3:

Gₓ = 6b17d1f2 e12c4247 f8bce6e5 63a440f2 77037d81 2deb33a0 f4a13945 d898c296
Gᵧ = 4fe342e2 fe1a7f9b 8ee7eb4a 7c0f9e16 2bce3357 6b315ece cbb64068 37bf51f5
Base field element type.
Zero element of the base field.
Multiplicative identity of the base field.
Coefficient b in the curve equation.
Elliptic curve point in projective coordinates. Read more
Scalar field type. Read more
Try to sign the prehashed message. Read more
Verify the prehashed message against the provided signature Read more
Available on crate feature digest only.
Verify message digest against the provided signature.

See https://www.ietf.org/archive/id/draft-irtf-cfrg-voprf-08.html#section-4.3-1.3.

See https://www.ietf.org/archive/id/draft-irtf-cfrg-voprf-08.html#section-4.3-1.2.

Auto Trait Implementations§

Blanket Implementations§

Gets the TypeId of self. Read more
Immutably borrows from an owned value. Read more
Mutably borrows from an owned value. Read more
Converts self into T using Into<T>. Read more
Get the OID associated with this value.
Causes self to use its Binary implementation when Debug-formatted.
Causes self to use its Display implementation when Debug-formatted.
Causes self to use its LowerExp implementation when Debug-formatted.
Causes self to use its LowerHex implementation when Debug-formatted.
Causes self to use its Octal implementation when Debug-formatted.
Causes self to use its Pointer implementation when Debug-formatted.
Causes self to use its UpperExp implementation when Debug-formatted.
Causes self to use its UpperHex implementation when Debug-formatted.
Formats each item in a sequence. Read more

Returns the argument unchanged.

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Pipes by value. This is generally the method you want to use. Read more
Borrows self and passes that borrow into the pipe function. Read more
Mutably borrows self and passes that borrow into the pipe function. Read more
Borrows self, then passes self.borrow() into the pipe function. Read more
Mutably borrows self, then passes self.borrow_mut() into the pipe function. Read more
Borrows self, then passes self.as_ref() into the pipe function.
Mutably borrows self, then passes self.as_mut() into the pipe function.
Borrows self, then passes self.deref() into the pipe function.
Mutably borrows self, then passes self.deref_mut() into the pipe function.
Should always be Self
Immutable access to a value. Read more
Mutable access to a value. Read more
Immutable access to the Borrow<B> of a value. Read more
Mutable access to the BorrowMut<B> of a value. Read more
Immutable access to the AsRef<R> view of a value. Read more
Mutable access to the AsMut<R> view of a value. Read more
Immutable access to the Deref::Target of a value. Read more
Mutable access to the Deref::Target of a value. Read more
Calls .tap() only in debug builds, and is erased in release builds.
Calls .tap_mut() only in debug builds, and is erased in release builds.
Calls .tap_borrow() only in debug builds, and is erased in release builds.
Calls .tap_borrow_mut() only in debug builds, and is erased in release builds.
Calls .tap_ref() only in debug builds, and is erased in release builds.
Calls .tap_ref_mut() only in debug builds, and is erased in release builds.
Calls .tap_deref() only in debug builds, and is erased in release builds.
Calls .tap_deref_mut() only in debug builds, and is erased in release builds.
The resulting type after obtaining ownership.
Creates owned data from borrowed data, usually by cloning. Read more
Uses borrowed data to replace owned data, usually by cloning. Read more
Attempts to convert self into T using TryInto<T>. Read more
The type returned in the event of a conversion error.
Performs the conversion.
The type returned in the event of a conversion error.
Performs the conversion.