Struct NistP256 

pub struct NistP256;

NIST P-256 elliptic curve.

This curve is also known as prime256v1 (ANSI X9.62) and secp256r1 (SECG) and is specified in FIPS 186-4: Digital Signature Standard (DSS):

https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf

It’s included in the US National Security Agency’s “Suite B” and is widely used in protocols like TLS and the associated X.509 PKI.

Its equation is y² = x³ - 3x + b over a ~256-bit prime field where b is the “verifiably random”† constant:

b = 41058363725152142129326129780047268409114441015993725554835256314039467401291

† NOTE: the specific origins of this constant have never been fully disclosed (it is the SHA-1 digest of an inexplicable NSA-selected constant)

Trait Implementations

impl AffineArithmetic for NistP256

type AffinePoint = AffinePoint

Elliptic curve point in affine coordinates.

impl AffineXCoordinate<NistP256> for AffinePoint

fn x(&self) -> FieldBytes

Get the affine x-coordinate as a serialized field element.

impl AssociatedOid for NistP256

Available on crate feature pkcs8 only.

const OID: ObjectIdentifier

The OID associated with this type.

impl Clone for NistP256

fn clone(&self) -> NistP256

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Curve for NistP256

const ORDER: U256

Order of NIST P-256’s elliptic curve group (i.e. scalar modulus).

n = FFFFFFFF 00000000 FFFFFFFF FFFFFFFF BCE6FAAD A7179E84 F3B9CAC2 FC632551

Calculating the order

One way to calculate the order is with GP/PARI:

p = (2^224) * (2^32 - 1) + 2^192 + 2^96 - 1
b = 41058363725152142129326129780047268409114441015993725554835256314039467401291
E = ellinit([Mod(-3, p), Mod(b, p)])
default(parisize, 120000000)
n = ellsea(E)
isprime(n)

type UInt = UInt<crypto_bigint::::uint::U256::{constant#0}>

256-bit integer type used for internally representing field elements.

impl Debug for NistP256

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl DecompactPoint<NistP256> for AffinePoint

fn decompact(x_bytes: &FieldBytes) -> CtOption<Self>

Attempt to decompact an elliptic curve point

impl DecompressPoint<NistP256> for AffinePoint

fn decompress(x_bytes: &FieldBytes, y_is_odd: Choice) -> CtOption<Self>

Attempt to decompress an elliptic curve point.

impl Default for NistP256

fn default() -> NistP256

Returns the “default value” for a type.

impl DigestPrimitive for NistP256

Available on crate feature sha256 only.

type Digest = CoreWrapper<CtVariableCoreWrapper<Sha256VarCore, UInt<UInt<UInt<UInt<UInt<UInt<UTerm, B1>, B0>, B0>, B0>, B0>, B0>, OidSha256>>

Preferred digest to use when computing ECDSA signatures for this elliptic curve. This is typically a member of the SHA-2 family.

fn prehash_to_field_bytes( prehash: &[u8], ) -> Result<GenericArray<u8, <Self::UInt as ArrayEncoding>::ByteSize>, Error>

Compute field bytes for a prehash (message digest), either zero-padding or truncating if the prehash size does not match the field size.

impl FromEncodedPoint<NistP256> for AffinePoint

fn from_encoded_point(encoded_point: &EncodedPoint) -> CtOption<Self>

Attempts to parse the given EncodedPoint as an SEC1-encoded AffinePoint.

Returns

None value if encoded_point is not on the secp256r1 curve.

impl FromEncodedPoint<NistP256> for ProjectivePoint

fn from_encoded_point(p: &EncodedPoint) -> CtOption<Self>

Deserialize the type this trait is impl’d on from an EncodedPoint.

impl Ord for NistP256

fn cmp(&self, other: &NistP256) -> Ordering

This method returns an Ordering between self and other.

fn max(self, other: Self) -> Self

where Self: Sized,

Compares and returns the maximum of two values.

fn min(self, other: Self) -> Self

where Self: Sized,

Compares and returns the minimum of two values.

fn clamp(self, min: Self, max: Self) -> Self

where Self: Sized,

Restrict a value to a certain interval.

impl PartialEq for NistP256

fn eq(&self, other: &NistP256) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl PartialOrd for NistP256

fn partial_cmp(&self, other: &NistP256) -> Option<Ordering>

This method returns an ordering between self and other values if one exists.

fn lt(&self, other: &Rhs) -> bool

Tests less than (for self and other) and is used by the < operator.

fn le(&self, other: &Rhs) -> bool

Tests less than or equal to (for self and other) and is used by the <= operator.

fn gt(&self, other: &Rhs) -> bool

Tests greater than (for self and other) and is used by the > operator.

fn ge(&self, other: &Rhs) -> bool

Tests greater than or equal to (for self and other) and is used by the >= operator.

impl PointCompaction for NistP256

const COMPACT_POINTS: bool = false

NIST P-256 points are typically uncompressed.

impl PointCompression for NistP256

const COMPRESS_POINTS: bool = false

NIST P-256 points are typically uncompressed.

impl PrimeCurveArithmetic for NistP256

type CurveGroup = ProjectivePoint

Prime order elliptic curve group.

impl ProjectiveArithmetic for NistP256

type ProjectivePoint = ProjectivePoint

Elliptic curve point in projective coordinates.

impl ScalarArithmetic for NistP256

type Scalar = Scalar

Scalar field type.

impl SignPrimitive<NistP256> for Scalar

Available on crate feature ecdsa only.

fn try_sign_prehashed<K>( &self, k: K, z: GenericArray<u8, <<C as Curve>::UInt as ArrayEncoding>::ByteSize>, ) -> Result<(Signature<C>, Option<RecoveryId>), Error>

where K: Borrow<Self> + Invert<Output = CtOption<Self>>,

Try to sign the prehashed message.

fn try_sign_prehashed_rfc6979<D>( &self, z: GenericArray<u8, <<C as Curve>::UInt as ArrayEncoding>::ByteSize>, ad: &[u8], ) -> Result<(Signature<C>, Option<RecoveryId>), Error>

where Self: From<ScalarCore<C>>, <C as Curve>::UInt: for<'a> From<&'a Self>, D: Digest<OutputSize = <<C as Curve>::UInt as ArrayEncoding>::ByteSize> + BlockSizeUser + FixedOutput + FixedOutputReset,

Try to sign the given message digest deterministically using the method described in RFC6979 for computing ECDSA ephemeral scalar k.

fn try_sign_digest_rfc6979<D>( &self, msg_digest: D, ad: &[u8], ) -> Result<(Signature<C>, Option<RecoveryId>), Error>

where Self: From<ScalarCore<C>>, <C as Curve>::UInt: for<'a> From<&'a Self>, D: Digest<OutputSize = <<C as Curve>::UInt as ArrayEncoding>::ByteSize> + BlockSizeUser + FixedOutput + FixedOutputReset,

Try to sign the given digest instance using the method described in RFC6979.

impl ToCompactEncodedPoint<NistP256> for AffinePoint

fn to_compact_encoded_point(&self) -> CtOption<EncodedPoint>

Serialize this value as a SEC1 compact EncodedPoint

impl ToEncodedPoint<NistP256> for AffinePoint

fn to_encoded_point(&self, compress: bool) -> EncodedPoint

Serialize this value as a SEC1 EncodedPoint, optionally applying point compression.

impl ToEncodedPoint<NistP256> for ProjectivePoint

fn to_encoded_point(&self, compress: bool) -> EncodedPoint

Serialize this value as a SEC1 EncodedPoint, optionally applying point compression.

impl VerifyPrimitive<NistP256> for AffinePoint

Available on crate feature ecdsa only.

fn verify_prehashed( &self, z: GenericArray<u8, <<C as Curve>::UInt as ArrayEncoding>::ByteSize>, sig: &Signature<C>, ) -> Result<(), Error>

Verify the prehashed message against the provided signature

fn verify_digest<D>( &self, msg_digest: D, sig: &Signature<C>, ) -> Result<(), Error>

where D: FixedOutput<OutputSize = <<C as Curve>::UInt as ArrayEncoding>::ByteSize>,

Verify message digest against the provided signature.

impl Copy for NistP256

impl Eq for NistP256

impl PrimeCurve for NistP256

impl StructuralPartialEq for NistP256